phpBB 3.0.7 released

Post here doubts, ideas, suggestions and support requests about the website and the forums.
Forum rules
READ NOW: L2j Forums Rules of Conduct
Locked
User avatar
MELERIX
L2j Veteran
L2j Veteran
Posts: 6667
Joined: Sat Sep 23, 2006 11:31 pm
Location: Chile
Contact:

phpBB 3.0.7 released

Post by MELERIX »

User avatar
denser
Posts: 1392
Joined: Wed May 30, 2007 9:13 pm
Location: Russia
Contact:

Re: phpBB 3.0.7 released

Post by denser »

current styles are compatible with new vrsion?
Tiger, once tasted human flesh, will want to taste it again
L2J - the place where glad to see you any time!
User avatar
kocinski
Posts: 141
Joined: Wed May 06, 2009 3:12 pm
Location: España
Contact:

Re: phpBB 3.0.7 released

Post by kocinski »

phpBB 3.0.7-PL1 released: http://www.phpbb.com/community/viewtopi ... &t=2014195
naderman wrote:We are sorry to announce the immediate release of phpBB 3.0.7-PL1 to address a security issue which was introduced in 3.0.7, unfortunately the issue wasn't noticed during testing and has only surfaced a week after the release of 3.0.7.

We promised working feeds for phpBB 3.0.7. Sadly, we were not able to deliver on that promise - a critical bug in the permission handling for feeds slipped past. To all people who already have updated to 3.0.7, it is of critical importance to update to 3.0.7-PL1. Otherwise, it is possible for users to bypass permission settings under the following circumstances:

* Feeds are enabled
* Any of the posts or topics feeds are enabled
* The unauthorised user - or one of the groups they are a member of - have forum permissions set on a private forum
* If you have excluded a forum from the list of forums that provide feeds, it is unaffected

Note: We recommend the use of a regular update routine over manually editing your files. If you manually edit your files your board will not recognise the update.
The fix for the issue is a single line change inside of feed.php, line 525 has changed from:
[php]$forum_ids = array_keys($auth->acl_getf('f_read')); [/php]to:
[php]$forum_ids = array_keys($auth->acl_getf('f_read', true)); [/php]
About Styles, i'm using a 3.0.4 version Style without any problems.
User avatar
MELERIX
L2j Veteran
L2j Veteran
Posts: 6667
Joined: Sat Sep 23, 2006 11:31 pm
Location: Chile
Contact:

Re: phpBB 3.0.7 released

Post by MELERIX »

Locked