The site has just undergone a security update. As a result, several core files were overwritten and some minor things may not be working properly. I think I fixed most of them. If another issue arises, please report it here. Thanks.
Security update solved the following:
Vulnerabilities dealt with:
Bugs dealt with:
Security update solved the following:
Vulnerabilities dealt with:
- High Risk: Authorization bypass vulnerability within the PM system
- Medium Risk: Accounts without login keys could be hijacked
- Low Risk: Weakness within the generate_post_check() function
- Low Risk: Anonymous statistics may not always be anonymous
- Low Risk: Database backups are exposed in logs
Bugs dealt with:
Show Content
SpoilerBug #956: Quote tags don't work if username contains a ]
Bug #1443: View thread notes - PgSQL
Bug #1483: Large attachments, greater than PHP memory limit, fail
Bug #1515: Attachement in first post lost after merging posts below
Bug #1611: '&' in RSS feed titles
Bug #1702: canonlyviewownthreads Permission Bug
Bug #1733: GeoIP encoding problem
Bug #1846: SMTP TLS
Bug #1847: memcache sockets
Bug #1871: Mod CP user search Post Count column alignment
Bug #1877: Forum Jump doesn't obey SEF urls setting
Bug #1879: Thread drafts don't remember prefixes
Bug #1927: User merge - Source account avatar left on server
Bug #2002: User merge warning logs error
Bug #2003: When replying to a subject that is at max character limit, you will get an error.
Bug #2008: Google-Mobile useragent not detected
Bug #2019: function affected_rows in db_pgsql.php calls pg_affected_rows with the wrong parameter
Bug #2023: Maximum Videos per Post setting not working
Bug #2059: Post Tools won't show up until a Thread Tool exists
Bug #2070: Pending group join requests are effectively numUsersInGroup * JoinRequests
Bug #2095: User(s) browsing this thread not appearing on quote link
Bug #2103: Mark forum read doesn't work with PostgreSQL
Bug #2110: Writing limit in a post triggers PostgreSQL replacement
Bug #2122: COPPA invalid date of birth
Bug #2124: Tracking Logic Wrong
Bug #2125: Admin CP Viewing Warning wrong link
Bug #2134: AdmincP Bug
Bug #2142: PM Advanced Search Sort Order
Bug #2151: Saving CSS changes in Simple Editor breaks @media queries
Bug #2156: Attachment count wrong when unapproving attachments
Bug #2157: Last user user-name for threads and forums is not updated upon modifying user-names or merging users.
Bug #2158: Users can give reputation for any post.
Bug #2162: Threadlist can contain a thread without name, id etc.
Bug #2163: Linking to non existent post does not show typical error page
Bug #2165: sendthread.php throws sql error with postgres
Bug #2166: calling newreply with no tid does not show the correct error page
Bug #2167: Calling polls.php with invalid pid shows sql error instead of correct error page
Bug #2168: Postgres errors in search.php and useless order by clause
Bug #2175: Displaying the latest new user does not always work
Bug #2177: update_pm_count() can throw sql error in Postgres
Bug #2179: Set value for MYBB_ROOT
Bug #2182: Apostrophe in DB password causes PHP error
Bug #2184: SID not checked in admin/modules/templates.php
Bug #2188: Reputation Sync Not Accounting For NULL Values
Bug #2192: Attachments still downloadable if thread unapproved
Bug #2193: Thread Subsciptions "not subscribed to any threads" with &page=
Bug #2204: Login Page - maxlength for username/email field too short
Bug #2205: enablereputation setting problem
Bug #2206: Strange/missing permission checks in editpost and newreply
Bug #2211: Splitting a thread at the same time can create threads without posts
Bug #2213: forumbit_depth1_forum doesn't exist
Bug #2215: Double defined $cache on upgrade
Bug #2216: "Templates Requiring Additional Calls" will always show
Bug #2227: editor.js error causing misalignment in Office 2007 editor theme.
Bug #2229: member.php Away Date Bug
Bug #2234: 'Language fallback to english' option fails when language 'area' is 'admin'
Bug #2235: PostgreSQL error on quick reply
Bug #2241: Replacing preg_replace e modifier PHP 5.5
Bug #2245: Language tweak in installer
Bug #2246: Logout link broken on "Access Denied" pages
Bug #2248: Installer: Update "Subscribe to Mailing List" link
Bug #2249: sessions unnecessarily being deleted and created on every request
Bug #2250: Admin Log errors
Bug #2254: Adding attachment to an existing draft creates a new draft
Bug #2270: Minor Typo / Consistency Issue in showthread.php
Feature #1853: Allow login via email and/or username with settings in the ACP
Bug #1443: View thread notes - PgSQL
Bug #1483: Large attachments, greater than PHP memory limit, fail
Bug #1515: Attachement in first post lost after merging posts below
Bug #1611: '&' in RSS feed titles
Bug #1702: canonlyviewownthreads Permission Bug
Bug #1733: GeoIP encoding problem
Bug #1846: SMTP TLS
Bug #1847: memcache sockets
Bug #1871: Mod CP user search Post Count column alignment
Bug #1877: Forum Jump doesn't obey SEF urls setting
Bug #1879: Thread drafts don't remember prefixes
Bug #1927: User merge - Source account avatar left on server
Bug #2002: User merge warning logs error
Bug #2003: When replying to a subject that is at max character limit, you will get an error.
Bug #2008: Google-Mobile useragent not detected
Bug #2019: function affected_rows in db_pgsql.php calls pg_affected_rows with the wrong parameter
Bug #2023: Maximum Videos per Post setting not working
Bug #2059: Post Tools won't show up until a Thread Tool exists
Bug #2070: Pending group join requests are effectively numUsersInGroup * JoinRequests
Bug #2095: User(s) browsing this thread not appearing on quote link
Bug #2103: Mark forum read doesn't work with PostgreSQL
Bug #2110: Writing limit in a post triggers PostgreSQL replacement
Bug #2122: COPPA invalid date of birth
Bug #2124: Tracking Logic Wrong
Bug #2125: Admin CP Viewing Warning wrong link
Bug #2134: AdmincP Bug
Bug #2142: PM Advanced Search Sort Order
Bug #2151: Saving CSS changes in Simple Editor breaks @media queries
Bug #2156: Attachment count wrong when unapproving attachments
Bug #2157: Last user user-name for threads and forums is not updated upon modifying user-names or merging users.
Bug #2158: Users can give reputation for any post.
Bug #2162: Threadlist can contain a thread without name, id etc.
Bug #2163: Linking to non existent post does not show typical error page
Bug #2165: sendthread.php throws sql error with postgres
Bug #2166: calling newreply with no tid does not show the correct error page
Bug #2167: Calling polls.php with invalid pid shows sql error instead of correct error page
Bug #2168: Postgres errors in search.php and useless order by clause
Bug #2175: Displaying the latest new user does not always work
Bug #2177: update_pm_count() can throw sql error in Postgres
Bug #2179: Set value for MYBB_ROOT
Bug #2182: Apostrophe in DB password causes PHP error
Bug #2184: SID not checked in admin/modules/templates.php
Bug #2188: Reputation Sync Not Accounting For NULL Values
Bug #2192: Attachments still downloadable if thread unapproved
Bug #2193: Thread Subsciptions "not subscribed to any threads" with &page=
Bug #2204: Login Page - maxlength for username/email field too short
Bug #2205: enablereputation setting problem
Bug #2206: Strange/missing permission checks in editpost and newreply
Bug #2211: Splitting a thread at the same time can create threads without posts
Bug #2213: forumbit_depth1_forum doesn't exist
Bug #2215: Double defined $cache on upgrade
Bug #2216: "Templates Requiring Additional Calls" will always show
Bug #2227: editor.js error causing misalignment in Office 2007 editor theme.
Bug #2229: member.php Away Date Bug
Bug #2234: 'Language fallback to english' option fails when language 'area' is 'admin'
Bug #2235: PostgreSQL error on quick reply
Bug #2241: Replacing preg_replace e modifier PHP 5.5
Bug #2245: Language tweak in installer
Bug #2246: Logout link broken on "Access Denied" pages
Bug #2248: Installer: Update "Subscribe to Mailing List" link
Bug #2249: sessions unnecessarily being deleted and created on every request
Bug #2250: Admin Log errors
Bug #2254: Adding attachment to an existing draft creates a new draft
Bug #2270: Minor Typo / Consistency Issue in showthread.php
Feature #1853: Allow login via email and/or username with settings in the ACP