# Forum Update Bugs, problems, and other issues thread



## Bob Hubbard (Oct 6, 2002)

Please post any problems you find over the next few days here.  This will help us track em down and kill em faster.

Thanks!

:asian:


----------



## Bob Hubbard (Oct 6, 2002)

BugFixes:


2.28 Bug Fixes
*Main Directory:*

*forumdisplay.php; marking forum read doesnt mark the threads read
*forumdisplay.php; forumdisplay_newthreadlink included twice in $templatesused
*global.php; users running php as a cgi weren't able to login if guests couldn't view the board.
*index.php; a check to insert a birthday template if the row was deleted
*member.php; possible XSS issue
*member.php; stop email flooding
*memberlist.php; prevent users from specifiying a high perpage value
*memberlist.php allow searching for users with <>& in their username
*newreply.php; allow quoting of a username with html characters within it
*newreply.php; remove a foreach as its php4 specific
*newthread.php; remove a foreach as its php4 specific
*postings.php; guest usernames weren't displayed when splitting a thread or deleting posts
*private.php; possible security issue
*private2.php; possible security issue
*register.php; stop email flooding
*showthread.php; first unread post going to the first since you last posted and not since you last read

2.27 Bug Fixes
*Main Directory*

*Announcement.php; corrected call to get no permission template
*Avatar.php; fix issue with error reporting set to E_ALL
*Member.php; fixed issue where a guest logging out would remove all other guest sessions
*Newreply.php; fixed issue with the thread title not being unhtmlspecialchars()'d for emails
*Newreply.php; fixed issue with logging in while posting
*Newreply.php; fixed issue with unregistered users being able to use usernames they shouldn't be able to use
*Newthread.php; fixed issue with logging in while posting
*Newthread.php; fixed issue with unregistered users being able to use usernames they shouldn't be able to use
*Online.php; action=usub event now caught
*Online.php; private calendar events are no longer displayed (it will simply say "Viewing Calendar")
*Poll.php; fixed issue with a permission check
*Poll.php; fixed issue with sessions expiring. See template changes.
*Postings.php; fixed issue with sessions expiring. See template changes.
*Postings.php; fixed bug where redirection when making a thread invisible or deleting all posts
*Postings.php; fixed issue where thread subscriptions are not maintained when merging
*Private.php; fixed issue with PM receipt checking being over zealously applied when forwarding a message
*Register.php; fixed issue with setting the user title while validating your account
*Search.php; fixed issue where hot threads could not be turned off
*Search.php; fixed issue where a bit of post under moderation could be viewed through a search
*Search.php; fixed issue where a bit of post/thread title in a private forum could be viewed through a search
*Showthread.php; fixed issue where $perpage could be set to a large number

*Wide Changes:*
*Global.php, newreply.php, newthread.php, admin/db_mysql.php, admin/functions.php, admin/global.php, mod/global.php; fix getenv() issue with ISAPI
*Forumdisplay.php, index.php member2.php, poll.php, search.php, showthread.php, threadrate.php, usercp.php, admin/functions.php; changed array cookie storage format to fix issues with staying logged in



2.26 Bug Fixes

*Changes to allow vB to work when register_globals is disabled
*Fixed a few PHP 4.2+ specific issues
*Report.php now takes into account whether the email functions are enabled
*Fixed more smilies link in vbcode.js
*Buddies will no longer show as being online when they've just logged out
*Fixed a potential escaping error in poll.php
*Added sessionhash to missing link in forumdisplay.php
*Fixed templates used in private.php
*Ensure $perpage is > 1 if specified in showthread.php
*Global.php no longer loads the forum jump when the server is too busy
*Fixed Apache 2/PHP 4.2.0 bug related to getenv()
*Fixed Apache 2/PHP 4.2.0 bug related to setcookie() -- to use the workaround add:
define('USE_COOKIE_WORKAROUND', 1);
to your config.php!
*Fixed typo in variable initialization in newthread.php
*Fixed bug where a different username could be specified on top of your own when posting a new thread
*Email notifications are now only sent out when a post is actually inserted into the database
*Additional validity checking on the homepage field
*Fixed bug that allowed bypassing of custom title maximum length
*Htmlspecialchars()/censor attachment filenames before displaying
*Fixed bug preventing mods from making global announcements
*Explain/showqueries are now disabled unless you are running in debug mode (not recommended)
*Fixed bug where last poster data could be incorrect
*Fixed bug where guests could possibly be ignored
*ASCII 173/160 are no longer allowed in messages (replaced with _)
*Improved thread deletion performance when there are no attachments
*Fixed bug in homemade is_uploaded_file() function where upload directory wouldn't be determined correctly


2.25 Bug Fixes

*Potential XSS/HTML-injection issues.
*Potential database error when updating user info in the control panel.
*Users of php4 less than version 4.0.3 may not have been able to upload attachments and custom avatars.


2.24 Bug Fixes

*Fixed security issue with guest posting (files: newreply.php, newthread.php)
*Improved checks for file_upload status to help people struggling with the recent PHP file upload vulnerability (files: editpost.php, member.php, newreply.php, newthread.php)
*Added a little error checking to the view ip address feature. (file: postings.php)



2.23 Bug Fixes

*Problem with being able to post custom avatars even when they should be disabled.
*Fixed a few typos
*Fixed problem with using { with Disable smilies
*Fixed problem with mass-pruning users
*Fixed performance issue with forumdisplay
*Fixed issue causing postings not to work when file uploads were off
*Fixed a couple of security issues, including one XSS vulnerability. We recommend that you upgrade, especially your functions.php and global.php files
*Fixed issue with template cache


2.22 Bug Fixes

*Problem with Forum Jump on 'standarderror' template
*Activation Codes not working
*Birthday problem when adding users through Admin CP
*Highlighting of terms does not carry from page to page
*Link to 'forgot your password?' is wrong from Admin CP
*Error in User CP regarding private messages
*Attachment moderation link in Mod CP is incorrect
*Database backup via Admin CP ignores 'isnull' instruction
*showgroups.php missing a column for moderators
*.png files are ignored when mass-adding smilies
*showgroups.php has no 's' after group name
*Netscape problem with avatar upload
*Guests can view other guests' threads despite "can view others' threads" being set to no
*Lost password problems
*Syntax error in Netscape 4.x
*Deleting/pruning threads exceeds max execution time
*Quoting problem
*Attachment moderation override
*"Find User" finds 0 users but does not say so
*Admin CP spelling errors
*Stange 'next page' with sticky threads
*Merging a thread with itself deletes it
* in url breaks auto-parsing
*Problem using [ and ] in custom vB Code
*Mass-email problem
*DB error in private2.php


----------

