by Admin » Wed Feb 02, 2011 10:07 am
This update fix a large number of bugs as well as improving on usability and performance. It also fixes the flash BBCode that can be used to execute javascript causing a cross site scripting vulnerability.
* Execute javascript in [flash=] BBCode
* compress_tar incorrectly determines type
* Honor minimum and maximum password length in generated passwords as much as possible.
* Connecting to PostgreSQL using 'localhost' doesn't try to use a TCP connection
* word censoring * does not handle space for two or more words
* Do not delete polls if one exists and editing user lacks permissions
* Style export to tar(.*) does not work
* Custom Profile dates display incorrectly
* Search keywords field does not initially get focus
* Query exceeds maximum value for user_login_attempts
* Data too long for column 'message_subject'
* Fix alternative image-description for unread posts.
* Send HTTP 404 if topic, forum or user do not exist
* Copied topics are not indexed
* Parse CSS Regex accepts invalid code
* Misleading error message in auth_ldap.php, function init_ldap()
* JavaScript error and visible quote button on topic review if BBCodes disallowed
* spelling in admin_welcome_inactive.txt
* MS SQL error on view all smilies after 3.0.6 upgrade
* able to set minimal avatar size larger than maximum
* Error on database update (must specify size of index on MySQL4)
* Retain original topic title in shadow topic when moving a topic and editing the title.
* Redirect() fails with directory traversal
* Active topics and reported posts
* Password reminder system generates confusable passwords
* Correctly sort database backup file list by date on database restore page
* Race condition in queue locking
* Grammatical Error under Load Settings
* Missing / bad default values of CPFs result in SQL errors on registration of new users
* Wrong IP checking for IPv4 addresses mapped into IPv6
* Hide "Copy permissions" message, when permissions were copied.
* Misleading setting text for CAPTCHA
* Missing comma in PASSWORD_EXPLAIN acp language strings
* Bad text placement for reCAPTCHA description
* Safari does not display box headers correctly in the ACP.
* Can't Set Parent Forum
* RSS feeds does not work on Postgres
* Most active forum post count does not respect m_approve permission
* Recent bug fix for smilies causing problems on older MySQL versions
* Wrong redirection after login
* Language selection is disregarded in automatic update
* Typo fix in a comment in functions.php
* Forum feed shows posts that are currently on the moderation queue
* ACP User Overview: Unmatched </form> tag when viewing own user
* Invalid redirection after login to forum not in web root
* Oracle CLOB support is broken, preventing storage of long strings
* Fix report-icon for moderators in PM folders.
* Check current board version in incremental update packages
* Fix open_basedir issues when accessing styles- and language-management
* Quick-Reply tabindex="6" set twice
* "Change topic type"-option "Normal" always selected.
* Correctly check for double inclusion in captcha garbage collection
* viewforum/viewtopic pages unnecessarily duplicated with start=0
* BBCode in poll options is broken, when posting without question.
* Remove shadow topics from remaining forums when deleting a forum including posts
* Unable to get image size in img bbcode when URL has multiple parameters.
* sql_config_count() artificially limits number scope to 4byte-integer on PostgreSQL and Firebird
* When setting the board's date format the board's timezone settings aren't taken into account
* Unnecessary overhead in avatar_process_user function
* Validate maximum number of allowed recipients per PM value
* Loginbox <input /> redirect breaks xHTML
* Javascript function dE does not correctly detect element visibility
* Allow gallery avatars with whitespaces in the filename
* phpBB Coding Guidelines state subversion as the version control system for phpBB
* Unable to copy permissions from and to forums you cannot see
* Fix dead link in MCP on reports for global announcements in prosilver.
* Correctly delete big datasets when deleting a forum including topics/posts on non-MySQL databases
* Postgres DBAL does not correctly create a new database connection when passing $new_link as true
* Replace remaining is_writable() calls with phpbb_is_writable().
* MSSQL error reporting returns String instead of an error
* IPv6 regular expression does not match addresses starting in ::
* User Preference to hide online status does not work for bots
* Quoting in a PM does not fall back to bbcode-less quotes using "> " when bbcodes are disabled
* Topic review does not display all selected posts
* subsilver2 missing fallback option on quoting when bbcodes are disabled
* BBCode-less fall back option for quotes is missing "Author wrote:" line when quoting from topic-review.
* Incorrect margins in RTL languages: signatures, permission ACP & updater
* 'Your first forum' should have 'Display active topics:' set to 'Yes'
* Moving all posts from one topic to another does not delete bookmarks
* Changing forum type applies FORUM_FLAG_ACTIVE_TOPICS to new forum type.
* Delete user quicktool drop down should have an empty or invalid selection as the default
* Messenger Queue Batch Size configuration option is overridden
* Newly registered users group ACP wording
* Missing MSSQL native driver case statements
* Prosilver overrides reCaptcha class.
* Test suite does not run on SQLite
* Missing documentation for running unit tests
* Windows workaround for checkdnsrr() returns wrong results
* Wrong class added to topiclist, when there's no announcement topic.
* When attaching a file whose name contains quotes, filename before last quote is cut off in display
* Strings not properly normalized - acp_prune.php
* Regular expressions from get_preg_expression() are untested.
* Add module function does not correctly insert a module after the specified one
* Newly registered users group color is not used in Our Newest Member
* Useless parameter $data['post_time'] in function submit_post.
* SET NAMES 'BINARY' error in convertor
* DB connection error when $dbhost is an IPv6 address
* submit_post shows support for options that cause a trigger_error in the call to user_notification
* Cant hide/outcomment @import in stylesheet.css
* It should not be possible to ban Anonymous
* xhtml errors in subsilver2 when using the bbcodes code and quote in signatures
* Selecting an unavailable captcha plugin looks like a successful action
* PHP Information in ACP always lists error_reporting as 0
* Optimize topic splitting
* Search interval applied inconsistently
* Another duplicate accesskey: t = top and list item
* Signature "0" cannot be previewed
* Subsilver2 is missing the bbcode-helpline for inline-attachments.
* Flash attachments are not displayed in subsilver2.
* "Notify User" checkbox appears in MCP Queue even if no notification methods are enabled
* Unable to create data backup using the mssqlnative DBAL
* Calling download/file.php with empty avatar parameter can throw an E_NOTICE message
* Bad Display of User Input - mcp_ban
* Installation of phpBB with SQLite fails
* Backlink broken when the select parent forum does not exist.
* Returning result of new by reference is deprecated in php 5.3
* "Ban until (date)" appears to be based on UTC time instead of local time
* Removing a user does not remove their private message folders or rules
* Coding guidelines typo
* Future dates display as "less than one minute ago"
* "Undefined variable: email" in email regular expression unit tests
* Fix email address regular expression or adjust email regular expression unit tests
* "New Topic" button title attribute mismatch in prosilver's viewforum
* Feed replaces ./ with board URL
* Fix background-position of top2-class in prosilver for RTL-languages.
* Mistyped word 'then' in FAQ. It should be 'than'.
* <br /> not being replaced in prepare_message
* fulltext_mysql.php overreacts on + and - characters in search words
* Misleading text when using Q&A CAPTCHA
* Template variable S_USER_POSTED always set to false in search.php
* Empty template variable HISTORY_TITLE in ucp_pm_history
* Fulltext native search, wildcard * does not get escaped leading to long execution time
* Quote nesting depth explanation is misleading
* build_url() doesn't ignore empty parameters
* Under some circumstances, email addresses are shown to undesired users
* gen_rand_string() not respecting $num_chars parameter anymore.
* Board disable radio in Board-Settings set on when server load high
* Undefined function send_status_line() in download/file.php when in avatar mode.
* Avatar tab displays when avatars are disabled
* Clicking on "Select All" of code tag on print page results in a javascript error when using prosilver
* [PHPBB3-9820] - Fix undefined indexes when trying to post a new topic
* Can not delete style-components from the file-system as per explanation.
* Recaptcha plugin result interpretation fault
* Login Confirm Explain Not Working
* Display view unread posts link for guests
* Change "Save" button to "Save draft"
* Language typo and written form (British/American)
* Auth API documentation is incomplete
* Tests don't run on PHPUnit 3.5
* captcha_qa.php spelling, punctuation and grammar errors
* CAPTCHA uses american english
* Massive email delays
* Default file extension groups not properly updated by database updater.
* Database updater does not run on PostgreSQL because of an error in _add_module()
* Update fails when Bing [Bot] was already added to the users table
* Updater drops language-selection after database-update
* phpBB Coding Guidelines state subversion as the version control system for phpBB
This update fix a large number of bugs as well as improving on usability and performance. It also fixes the flash BBCode that can be used to execute javascript causing a cross site scripting vulnerability.
* Execute javascript in [flash=] BBCode
* compress_tar incorrectly determines type
* Honor minimum and maximum password length in generated passwords as much as possible.
* Connecting to PostgreSQL using 'localhost' doesn't try to use a TCP connection
* word censoring * does not handle space for two or more words
* Do not delete polls if one exists and editing user lacks permissions
* Style export to tar(.*) does not work
* Custom Profile dates display incorrectly
* Search keywords field does not initially get focus
* Query exceeds maximum value for user_login_attempts
* Data too long for column 'message_subject'
* Fix alternative image-description for unread posts.
* Send HTTP 404 if topic, forum or user do not exist
* Copied topics are not indexed
* Parse CSS Regex accepts invalid code
* Misleading error message in auth_ldap.php, function init_ldap()
* JavaScript error and visible quote button on topic review if BBCodes disallowed
* spelling in admin_welcome_inactive.txt
* MS SQL error on view all smilies after 3.0.6 upgrade
* able to set minimal avatar size larger than maximum
* Error on database update (must specify size of index on MySQL4)
* Retain original topic title in shadow topic when moving a topic and editing the title.
* Redirect() fails with directory traversal
* Active topics and reported posts
* Password reminder system generates confusable passwords
* Correctly sort database backup file list by date on database restore page
* Race condition in queue locking
* Grammatical Error under Load Settings
* Missing / bad default values of CPFs result in SQL errors on registration of new users
* Wrong IP checking for IPv4 addresses mapped into IPv6
* Hide "Copy permissions" message, when permissions were copied.
* Misleading setting text for CAPTCHA
* Missing comma in PASSWORD_EXPLAIN acp language strings
* Bad text placement for reCAPTCHA description
* Safari does not display box headers correctly in the ACP.
* Can't Set Parent Forum
* RSS feeds does not work on Postgres
* Most active forum post count does not respect m_approve permission
* Recent bug fix for smilies causing problems on older MySQL versions
* Wrong redirection after login
* Language selection is disregarded in automatic update
* Typo fix in a comment in functions.php
* Forum feed shows posts that are currently on the moderation queue
* ACP User Overview: Unmatched </form> tag when viewing own user
* Invalid redirection after login to forum not in web root
* Oracle CLOB support is broken, preventing storage of long strings
* Fix report-icon for moderators in PM folders.
* Check current board version in incremental update packages
* Fix open_basedir issues when accessing styles- and language-management
* Quick-Reply tabindex="6" set twice
* "Change topic type"-option "Normal" always selected.
* Correctly check for double inclusion in captcha garbage collection
* viewforum/viewtopic pages unnecessarily duplicated with start=0
* BBCode in poll options is broken, when posting without question.
* Remove shadow topics from remaining forums when deleting a forum including posts
* Unable to get image size in img bbcode when URL has multiple parameters.
* sql_config_count() artificially limits number scope to 4byte-integer on PostgreSQL and Firebird
* When setting the board's date format the board's timezone settings aren't taken into account
* Unnecessary overhead in avatar_process_user function
* Validate maximum number of allowed recipients per PM value
* Loginbox <input /> redirect breaks xHTML
* Javascript function dE does not correctly detect element visibility
* Allow gallery avatars with whitespaces in the filename
* phpBB Coding Guidelines state subversion as the version control system for phpBB
* Unable to copy permissions from and to forums you cannot see
* Fix dead link in MCP on reports for global announcements in prosilver.
* Correctly delete big datasets when deleting a forum including topics/posts on non-MySQL databases
* Postgres DBAL does not correctly create a new database connection when passing $new_link as true
* Replace remaining is_writable() calls with phpbb_is_writable().
* MSSQL error reporting returns String instead of an error
* IPv6 regular expression does not match addresses starting in ::
* User Preference to hide online status does not work for bots
* Quoting in a PM does not fall back to bbcode-less quotes using "> " when bbcodes are disabled
* Topic review does not display all selected posts
* subsilver2 missing fallback option on quoting when bbcodes are disabled
* BBCode-less fall back option for quotes is missing "Author wrote:" line when quoting from topic-review.
* Incorrect margins in RTL languages: signatures, permission ACP & updater
* 'Your first forum' should have 'Display active topics:' set to 'Yes'
* Moving all posts from one topic to another does not delete bookmarks
* Changing forum type applies FORUM_FLAG_ACTIVE_TOPICS to new forum type.
* Delete user quicktool drop down should have an empty or invalid selection as the default
* Messenger Queue Batch Size configuration option is overridden
* Newly registered users group ACP wording
* Missing MSSQL native driver case statements
* Prosilver overrides reCaptcha class.
* Test suite does not run on SQLite
* Missing documentation for running unit tests
* Windows workaround for checkdnsrr() returns wrong results
* Wrong class added to topiclist, when there's no announcement topic.
* When attaching a file whose name contains quotes, filename before last quote is cut off in display
* Strings not properly normalized - acp_prune.php
* Regular expressions from get_preg_expression() are untested.
* Add module function does not correctly insert a module after the specified one
* Newly registered users group color is not used in Our Newest Member
* Useless parameter $data['post_time'] in function submit_post.
* SET NAMES 'BINARY' error in convertor
* DB connection error when $dbhost is an IPv6 address
* submit_post shows support for options that cause a trigger_error in the call to user_notification
* Cant hide/outcomment @import in stylesheet.css
* It should not be possible to ban Anonymous
* xhtml errors in subsilver2 when using the bbcodes code and quote in signatures
* Selecting an unavailable captcha plugin looks like a successful action
* PHP Information in ACP always lists error_reporting as 0
* Optimize topic splitting
* Search interval applied inconsistently
* Another duplicate accesskey: t = top and list item
* Signature "0" cannot be previewed
* Subsilver2 is missing the bbcode-helpline for inline-attachments.
* Flash attachments are not displayed in subsilver2.
* "Notify User" checkbox appears in MCP Queue even if no notification methods are enabled
* Unable to create data backup using the mssqlnative DBAL
* Calling download/file.php with empty avatar parameter can throw an E_NOTICE message
* Bad Display of User Input - mcp_ban
* Installation of phpBB with SQLite fails
* Backlink broken when the select parent forum does not exist.
* Returning result of new by reference is deprecated in php 5.3
* "Ban until (date)" appears to be based on UTC time instead of local time
* Removing a user does not remove their private message folders or rules
* Coding guidelines typo
* Future dates display as "less than one minute ago"
* "Undefined variable: email" in email regular expression unit tests
* Fix email address regular expression or adjust email regular expression unit tests
* "New Topic" button title attribute mismatch in prosilver's viewforum
* Feed replaces ./ with board URL
* Fix background-position of top2-class in prosilver for RTL-languages.
* Mistyped word 'then' in FAQ. It should be 'than'.
* <br /> not being replaced in prepare_message
* fulltext_mysql.php overreacts on + and - characters in search words
* Misleading text when using Q&A CAPTCHA
* Template variable S_USER_POSTED always set to false in search.php
* Empty template variable HISTORY_TITLE in ucp_pm_history
* Fulltext native search, wildcard * does not get escaped leading to long execution time
* Quote nesting depth explanation is misleading
* build_url() doesn't ignore empty parameters
* Under some circumstances, email addresses are shown to undesired users
* gen_rand_string() not respecting $num_chars parameter anymore.
* Board disable radio in Board-Settings set on when server load high
* Undefined function send_status_line() in download/file.php when in avatar mode.
* Avatar tab displays when avatars are disabled
* Clicking on "Select All" of code tag on print page results in a javascript error when using prosilver
* [PHPBB3-9820] - Fix undefined indexes when trying to post a new topic
* Can not delete style-components from the file-system as per explanation.
* Recaptcha plugin result interpretation fault
* Login Confirm Explain Not Working
* Display view unread posts link for guests
* Change "Save" button to "Save draft"
* Language typo and written form (British/American)
* Auth API documentation is incomplete
* Tests don't run on PHPUnit 3.5
* captcha_qa.php spelling, punctuation and grammar errors
* CAPTCHA uses american english
* Massive email delays
* Default file extension groups not properly updated by database updater.
* Database updater does not run on PostgreSQL because of an error in _add_module()
* Update fails when Bing [Bot] was already added to the users table
* Updater drops language-selection after database-update
* phpBB Coding Guidelines state subversion as the version control system for phpBB