XMB Forum
Not logged in [Login - Register]
Search the forums Search   Frequently Asked Questions FAQ   View member list Member List   Today's Posts Today's Posts   Forum Stats Stats   Board Rules Board Rules  Download Download   SVN SVN   PHPXref PHPXref   Bug Tracker Bug Tracker   Manuals Manuals  Back to: XMB Forum Home Page
XMB Forum » XMB Forum » Fixes / Patches » XMB 1.9.8 » 1.9.10 diff and Patch Information for SP3 Go To Bottom

Printable Version  
Author: Subject: 1.9.10 diff and Patch Information for SP3
miqrogroove
XMB 1.9.11 Lead Developer
*********

Avatar


Posts: 3380
Registered: 10-1-2002
Location: Michigan
Member Is Offline

Mood: $allowurlcode = ( $ismood != 'yes' );

[*] posted on 6-10-2008 at 02:29 AM
1.9.10 diff and Patch Information for SP3

For XMB 1.9.8 SP3 - Advanced Webmasters Only

requirements: MySQL 4.0.16 or higher.

diff: Attached

lang: (diff) English, (replace) Dutch, Portuguese, and Spanish (see International Support forums as we are working to restore community translation efforts)

templates: Included as templates.xmb in diff

sql: The version-specific upgrade script is attached later in this thread.
Quote:
forums.postperm type changed from char(3) to varchar(11) and format changed from "int|int" to "int,int,int,int" with redefined integer enumerations.

'private' index dropped from the forums table.

The following six columns were dropped form the forums table:
private
pollstatus
guestposting
mt_status
mt_open
mt_close

The following 20 columns were dropped from the settings stable:
files_status
files_foldername
files_screenshot
files_shotsize
files_guests
files_cpp
files_mouseover
files_fpp
files_report
files_jumpbox
files_search
files_spp
files_searchcolor
files_stats
files_notify
files_content_types
files_comment_report
files_navigation
files_faq
files_paypal_account


Files with no substantial change:
faq.php
include/global.inc.php
include/smtp.inc.php
js/bbcodefns-ie.js
js/bbcodefns-opera.js
js/buddy.js
js/buddylistedit.js
js/popup.js
js/ticker.js

Files that should be replaced, if possible:
header.php
misc.php
post.php
topicadmin.php
db/mysql.php
include/admin.inc.php
include/captcha.inc.php
include/u2u.inc.php
include/validate.inc.php
js/header.js

Files added in this version:
vtmisc.php
lang/Dutch.lang.php
lang/Portuguese.lang.php
lang/Spanish.lang.php

The expected impact on existing hacks and mods is medium-high. This version focussed on internal problems that required major changes to flow-of-control.

Modders and hackers should be aware of the following changes:

Deleted Code: The checkOutput() function in functions.inc.php, as well as the formVar() function in validate.inc.php were removed due to their connection with multiple critical security exposures.

privfcheck(), pwverify(), and postperm() in functions.inc.php were replaced with checkForumPermissions() and handlePasswordDialog() as part of the new forum permissions system.

cleanHtml() was deleted from validate.inc.php because it was unused.

Deprecated Code: function checkInput() in functions.inc.php, and formArray() in validate.inc.php are deprecated and must not be used in any new code, including new hacks and mods.

Style Changes: Every file that calls require('header.php'); must first define a new global constant named X_SCRIPT. This is a self-identifying string that is used for client permissions checking instead of the URL.

All SQL LIKE statements must be sanitized using $db->like_escape().

All SQL REGEXP statements must be sanitized using $db->regexp_escape().

New functions elevateUser() and loginUser() are responsible for all account password authentications. They guarantee the $xmbuser value is db-safe and the $xmbpw and $self['password'] values are set to null strings. All related code has been removed from header.php and post.php.

functions rawHTMLmessage() and rawHTMLsubject() are now used to wrap every instance of message output to improve consistency with the use of censor() and encoding security. postify() should be used instead of rawHTMLmessage() whenever appropriate. Double-slashing issues are still handled outside these functions.

function fnameOut() is now used to wrap every instance of forum name output to ensure HTML is always allowed and stripslashes is always called.

I hope this is thorough and useful. :yes:

Attachment: XMB-1.9.8-SP3-to-1.9.10.diff.txt (486kB)
This file has been downloaded 487 times

View user's profile Visit user's homepage View All Posts By User
miqrogroove
XMB 1.9.11 Lead Developer
*********

Avatar


Posts: 3380
Registered: 10-1-2002
Location: Michigan
Member Is Offline

Mood: $allowurlcode = ( $ismood != 'yes' );

[*] posted on 6-10-2008 at 02:31 AM
Version-Specific Upgrade Script

The attached file can be used to upgrade any XMB 1.9.8 SP2 or 1.9.8 SP3 database to the XMB 1.9.9/1.9.10 database schema.

To use it, you must upload both upgrade.php and templates.xmb into the main folder where header.php and index.php are located. Then hit the upgrade URL and follow the instructions.

Attachment: upgrade.php (14kB)
This file has been downloaded 397 times

View user's profile Visit user's homepage View All Posts By User
Daniel Gouveia
XMB International Support
 Thread Split
10-21-2009 at 07:44 PM
Pedja
XMB International Support
 Thread Split
12-21-2009 at 10:11 PM
14620561
Banned




Posts: 2
Registered: 6-3-2010
Member Is Offline


[*] posted on 6-3-2010 at 02:50 AM


very nice post.
i ahve accepted you post informations.
View user's profile View All Posts By User

 XMB Forum » XMB Forum » Fixes / Patches » XMB 1.9.8 » 1.9.10 diff and Patch Information for SP3   Go To Top

Powered by XMB 1.9.11
XMB Forum Software © 2001-2010 The XMB Group
[Queries: 17] [PHP: 62.5% - SQL: 37.5%]