[2.0.13] phpBB 2.0.13 to 2.0.14 Code Changes

[BlueRook]

Oh my...

Guys, thanks a lot! I have still a problem though: the code changes start from phpBB 2.0.5. Where do I get the changes from 2.0.3 to 2.0.5?

If you go to the dowloads page you will see a listing for the 'changed files only'. Download that package and in it there will be a 2.0.3 to 2.0.14 package. You will need that along with the install directory that is in the the root of the overall package.

Then read the instructions in install.html in the docs directory.

If you have a lot of MODs then you will need to apply any changes you have made to any of the changed files again.

Alternatively, you can download the whole package (not the changed files), save a copy of your config.php file and replace everything (if you are using a different theme don't delete it though -- or be sure to upload it again). Then replace your config.php file. Of course, if you have any MODs then they will need to be completely redone.

Be sure to backup your database first in case you run into any problems.

[krige]

Thanks a lot BlueRook A lot of work is waiting for me...

[KI]

Question:

Are there any changes in the database structure from phpBB 2.0.11 to 2.0.14?

Your KI

[mattbugz]

Question:

Are there any changes in the database structure from phpBB 2.0.11 to 2.0.14?

Your KI

No, there's not.

[Seijin_Dinger]

hit a small error

Template->loadfile(): File (removed for security)/templates/SpacePilot3K/overall_header.tpl for handle overall_header is empty

*edit*
Could you please delete this post? I realised I had an older database restored to the test server to pull info from it, once I restored it to the proper database it worked proerly

[L.e.V.a.T.o.S.]

Здесь кто нибудь русский знает ?

[L.e.V.a.T.o.S.]

Думаю следует сделать лог админ панели

[KI]

Question:

Are there any changes in the database structure from phpBB 2.0.11 to 2.0.14?

Your KI

No, there's not.

Thanks

[SnakeStu]

This is sort of off-topic, but since the 2.0.15 release is now the primary topic of upgrade discussion, I figured I'd answer this now.

You must have had a very bad experience somewhere along the line...

Well, over the past 25 years I've had much more grief from failing hardware and sloppily-coded products than from any security-related issues. Despite being actively involved in activities that (misguided) "conventional wisdom" indicated were high-risk, such as downloading files from BBS's, I've only had one virus on my own hardware in that time, and that was a boot sector virus on a floppy I got from a friend, which I accidentally left in the drive when I was rebooting my machine.

However, evidence of the usage of default paths and filenames in attacks is no further away than your Web server logs. For example, on my BSD/Apache-based sites, most of the 404 errors are for vulnerabilities in specific files at specific paths on Windows-based Web servers.

I have never changed the naming on any of the Windows machines that I have ever built and I don't know of anyone that has had a problem. I think with a good firewall, anti-virus and anti-spyware, and with an educated clientelle, there is very little risk from hackers even if the Windows patches and updates aren't ever applied. Perhaps if I was hacked and lost some important information that somehow never was backed up, my attitude would be different.

Well, I see some problems in this line of thought...

First, it implies that trusting third parties is sufficient instead of proactively tackling security yourself. If everyone thought that way, then nothing would ever be done to defend against attacks. And even though not everyone thinks that way, and people make active defenses (such as building strong products to begin with, or building defensive systems), people are flawed, and therefore systems built by people are flawed. Your trust in your firewall, anti-virus, anti-spyware, and "educated" clientele is all trust of third parties, yet each one of those parties (or their products) may have significant flaws. (And trust me, even the most "educated" computer user can still make judgement errors.) You have a perimeter defense, but if that perimeter is breached, you've done nothing to protect yourself within. A simple change in a path or table name proactively increases your defenses within that perimeter, so you have something else to trust other than third parties. It's not a guarantee, but again it's all about altering the odds in your favor.

Second, waiting to have your system compromised once before taking proactive measures of your own design to defend against attacks is allowing for one too many successful attacks. That might have been just a personal risk for most personal systems in the 80s, but in today's connected world, you're risking potentially thousands or millions of other systems the very first time your system is compromised. It's not just about what a cracker can do to your system, it's also what the cracker can do from your system to attack other systems.

Anyway, just wanted to share a few security-related thoughts for a Saturday afternoon.

[khiladi]

Code: Select all

Warning: main(./../extension.inc): failed to open stream: No such file or directory in /home/www/khiladi.coolinc.info/Forum/update_to_latest.php on line 46

Warning: main(): Failed opening './../extension.inc' for inclusion (include_path='.:/usr/local/lib/php') in /home/www/khiladi.coolinc.info/Forum/update_to_latest.php on line 46

Warning: main(./../config.): failed to open stream: No such file or directory in /home/www/khiladi.coolinc.info/Forum/update_to_latest.php on line 47

Warning: main(): Failed opening './../config.' for inclusion (include_path='.:/usr/local/lib/php') in /home/www/khiladi.coolinc.info/Forum/update_to_latest.php on line 47
Please read: INSTALL.html before attempting to update.

i updated everything, then uploaded the update_to_latest.php to home folder where there is the index.php etc and executed it but i got the above error :S

[NightriderXP]

The update_to_latest.php needs to be in the installs folder for it to work. It appears that you placed update_to_latest.php in the phpBB root. Move it to an installs folder and then run it again. Your install path should look something like this:

http://yoursite.com/phpBB2/installs/upd ... latest.php

[khiladi]

ahh thanks!
my bad.. i knw the files was in install/update_to_latest.php but was confused to where to upload it, and it didnt specigy to upload to install/update_to_latest.php on the server too.
got it.. it worked

[khiladi]

well i actually updated to 2.0.15 too.

i have this problem: "The topic or post you requested does not exist" when i click on IP check of the users' post!! where is the problem :S

i also installed the IP_REG mod provided on this forum, which adds the IP of the person registering to the database.

[khiladi]

Also, the link on the IP button is: http://sexology101.coolinc.info/modcp.p ... ce72cb84d6 if that helps

[khiladi]

Nevermind, i managed to solve it myself after more than 1 hour fight.. pheww

i did a mistake while editing the modcp.php
i did this:

Code: Select all

if ( !($result = $db->sql_query($sql)) )
	{
		message_die(GENERAL_MESSAGE, 'Topic_post_not_exist');
	}

	if (!$topic_row)
	{
		message_die(GENERAL_MESSAGE, 'Topic_post_not_exist');
	}
	$topic_row = $db->sql_fetchrow($result);   <----**

instead of doing this:

Code: Select all

if ( !($result = $db->sql_query($sql)) )
	{
		message_die(GENERAL_MESSAGE, 'Topic_post_not_exist');
	}
	$topic_row = $db->sql_fetchrow($result);
	if (!$topic_row)
	{
		message_die(GENERAL_MESSAGE, 'Topic_post_not_exist');
	}

my bad..
else, it rocks