As with previous releases three different packages are available:
- Full Package
Contains entire phpBB2 source and English language package - Changed Files Only
Contains only those files changed from previous versions of phpBB. Please note this archive contains changed files for each previous release - Patch Files
Contains patch compatible patches from the previous versions of phpBB.
Please ensure you read the INSTALL and README documents in docs/ before proceeding with installation or updates!.
Note to 2.0.3 users intending to use the patch file version
Users of 2.0.3 intending to use the patch version may (but not necessarily will) need to run fixfiles.sh (found in the contrib/ directory with the downloaded archive) before patching.
We recommend that all 2.0.3 users do a "dry run" patch first to see whether this you need to use this fix. To do this append --dry-run to the patch command, e.g. patch -cl -p1 --dry-run < phpBB-2.0.3_to_2.0.8.patch. This will prevent any permanent changes being made to your installation. If you experience numerous (literally dozens and dozens) of hunk failed messages this applies to you.
To correct this problem go to your phpBB root directory, copy the fixfiles.sh to this location, chmod u+x fixfiles.sh and type ./fixfiles.sh. This will strip windows style carriage returns present in the 2.0.3 source. A new fixfiles.sh script has been put into the contrib folder to be "fixed" too.
What has changed in this release?
A comprehensive changelog is included with all archives. This edition is centred on fixing a number of critical security issues.
As with 2.0.5, 2.0.6 and 2.0.7 the visual confirmation and the template caching Mods are included in the contrib directory.
We urge all users to update promptly to this new release.
If you are still having troubles on reading the documentation provided, please refer to the Support Forum and use the Support Request Template.
If you want to patch your 2.0.7(a) installation
If you are still using phpBB 2.0.7 or prior, please go to our Downloads Page, download the appropiate package and follow the update Instructions.
The following are the changes from 2.0.7a to 2.0.8 for manual upgrading.
A patch file for 2.0.7a to 2.0.8 is downloadeable from this location.
Manual Instructions for upgrading (Mod Format) are soon available here within the Mods Database.
- admin/admin_forumauth.php[/color][/size]
-
FIND - Line 105
REPLACE WITH
Code: Select all
$simple_ary = $simple_auth_ary[$HTTP_POST_VARS['simpleauth']]; for($i = 0; $i < count($simple_ary); $i++) { $sql .= ( ( $sql != '' ) ? ', ' : '' ) . $forum_auth_fields[$i] . ' = ' . $simple_ary[$i]; } $sql = "UPDATE " . FORUMS_TABLE . " SET $sql WHERE forum_id = $forum_id"; } else { for($i = 0; $i < count($forum_auth_fields); $i++) { $value = $HTTP_POST_VARS[$forum_auth_fields[$i]];
Code: Select all
$simple_ary = $simple_auth_ary[intval($HTTP_POST_VARS['simpleauth'])]; for($i = 0; $i < count($simple_ary); $i++) { $sql .= ( ( $sql != '' ) ? ', ' : '' ) . $forum_auth_fields[$i] . ' = ' . $simple_ary[$i]; } if (is_array($simple_ary)) { $sql = "UPDATE " . FORUMS_TABLE . " SET $sql WHERE forum_id = $forum_id"; } } else { for($i = 0; $i < count($forum_auth_fields); $i++) { $value = intval($HTTP_POST_VARS[$forum_auth_fields[$i]]);
- admin/admin_forums.php[/color][/size]
-
FIND - Line 60
AFTER, ADD
Code: Select all
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
Code: Select all
$mode = htmlspecialchars($mode);
- admin/admin_groups.php[/color][/size]
-
FIND - Line 55
AFTER, ADD
Code: Select all
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
Code: Select all
$mode = htmlspecialchars($mode);
- admin/admin_ranks.php[/color][/size]
-
FIND - Line 43
AFTER, ADD
Code: Select all
$mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
Code: Select all
$mode = htmlspecialchars($mode);
- admin/admin_smilies.php[/color][/size]
-
FIND - Line 62
AFTER, ADD
Code: Select all
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
Code: Select all
$mode = htmlspecialchars($mode);
-
FIND - Line 319
AFTER, ADD
Code: Select all
$smiley_id = ( !empty($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id'];
Code: Select all
$smiley_id = intval($smiley_id);
-
FIND - Line 340
AFTER, ADD
Code: Select all
$smiley_id = ( !empty($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id'];
Code: Select all
$smiley_id = intval($smiley_id);
- admin/admin_styles.php[/color][/size]
-
FIND - Line 61
AFTER, ADD
Code: Select all
$mode = ( isset($HTTP_GET_VARS['mode']) ) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
Code: Select all
$mode = htmlspecialchars($mode);
-
FIND - Line 492
REPLACE WITH
Code: Select all
$style_id = $HTTP_GET_VARS['style_id'];
Code: Select all
$style_id = intval($HTTP_GET_VARS['style_id']);
-
FIND - Line 707
REPLACE WITH
Code: Select all
WHERE template_name = '$template_name'";
Code: Select all
WHERE template_name = '" . str_replace("\'", "''", $template_name) . "'";
- admin/admin_ug_auth.php[/color][/size]
-
FIND - Line 60
AFTER, ADD
Code: Select all
$user_id = intval($user_id); $group_id = intval($group_id);
Code: Select all
$adv = intval($adv); $mode = htmlspecialchars($mode);
- admin/admin_user_ban.php[/color][/size]
-
FIND - Line 280
REPLACE WITH
Code: Select all
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . $user_list[$i];
Code: Select all
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . intval($user_list[$i]);
-
FIND - Line 293
REPLACE WITH
Code: Select all
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . $ip_list[$i];
Code: Select all
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . str_replace("\'", "''", $ip_list[$i]);
-
FIND - Line 306
REPLACE WITH
Code: Select all
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . $email_list[$i];
Code: Select all
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . str_replace("\'", "''", $email_list[$i]);
- admin/admin_users.php[/color][/size]
-
FIND - Line 52
AFTER, ADD
Code: Select all
$mode = ( isset( $HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
Code: Select all
$mode = htmlspecialchars($mode);
-
FIND - Line 842
REPLACE WITH
Code: Select all
$category = $HTTP_POST_VARS['avatarcategory'];
Code: Select all
$category = htmlspecialchars($HTTP_POST_VARS['avatarcategory']);
- admin/admin_words.php[/color][/size]
-
FIND - Line 44
AFTER, ADD
Code: Select all
$mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
Code: Select all
$mode = htmlspecialchars($mode);
-
FIND - Line 67
REPLACE WITH
Code: Select all
$word_id = ( isset($HTTP_GET_VARS['id']) ) ? $HTTP_GET_VARS['id'] : 0;
Code: Select all
$word_id = ( isset($HTTP_GET_VARS['id']) ) ? intval($HTTP_GET_VARS['id']) : 0;
-
FIND - Line 117
REPLACE WITH
Code: Select all
$word_id = ( isset($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : 0;
Code: Select all
$word_id = ( isset($HTTP_POST_VARS['id']) ) ? intval($HTTP_POST_VARS['id']) : 0;
-
FIND - Line 154
AFTER, ADD
Code: Select all
if( isset($HTTP_POST_VARS['id']) || isset($HTTP_GET_VARS['id']) ) { $word_id = ( isset($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id'];
Code: Select all
$word_id = intval($word_id);
- admin/pagestart.php[/color][/size]
-
FIND - Line 59
REPLACE WITH
Code: Select all
redirect($url);
Code: Select all
redirect("index.$phpEx?sid=" . $userdata['session_id']);
- includes/bbcode.php[/color][/size]
-
FIND - Line 284
REPLACE WITH
Code: Select all
$text = preg_replace("#\[img\]((ht|f)tp://)([^\r\n\t<\"]*?)\[/img\]#sie", "'[img:$uid]\\1' . str_replace(' ', '%20', '\\3') . '[/img:$uid]'", $text);
Code: Select all
$text = preg_replace("#\[img\]((ht|f)tp://)([^ \?&=\"\n\r\t<]*?(\.(jpg|jpeg|gif|png)))\[/img\]#sie", "'[img:$uid]\\1' . str_replace(' ', '%20', '\\3') . '[/img:$uid]'", $text);
- includes/functions_search.php[/color][/size]
-
FIND - Line 201
AFTER, ADD
Code: Select all
$value_sql .= ( ( $value_sql != '' ) ? ', ' : '' ) . '(\'' . $word[$i] . '\', 0)'; break; case 'mssql':
Code: Select all
case 'mssql-odbc':
-
FIND - Line 226
AFTER, ADD
Code: Select all
VALUES $value_sql"; break; case 'mssql':
Code: Select all
case 'mssql-odbc':
- includes/usercp_register.php[/color][/size]
-
FIND - Line 180
REPLACE WITH
Code: Select all
$user_avatar_local = ( isset($HTTP_POST_VARS['avatarselect']) && !empty($HTTP_POST_VARS['submitavatar']) && $board_config['allow_avatar_local'] ) ? $HTTP_POST_VARS['avatarselect'] : ( ( isset($HTTP_POST_VARS['avatarlocal']) ) ? htmlspecialchars($HTTP_POST_VARS['avatarlocal']) : '' );
Code: Select all
$user_avatar_local = ( isset($HTTP_POST_VARS['avatarselect']) && !empty($HTTP_POST_VARS['submitavatar']) && $board_config['allow_avatar_local'] ) ? htmlspecialchars($HTTP_POST_VARS['avatarselect']) : ( ( isset($HTTP_POST_VARS['avatarlocal']) ) ? htmlspecialchars($HTTP_POST_VARS['avatarlocal']) : '' );