-
-
-
-
- |
- phpBB 2.0.15 CHANGELOG |
-
-
-
-
-
-- Changelog
-
- - Changes since 2.0.14
- - Changes since 2.0.13
- - Changes since 2.0.12
- - Changes since 2.0.11
- - Changes since 2.0.10
- - Changes since 2.0.9
- - Changes since 2.0.8
- - Changes since 2.0.7
- - Changes since 2.0.6
- - Changes since 2.0.5
- - Changes since 2.0.4
- - Changes since 2.0.3
- - Changes since 2.0.2
- - Changes since 2.0.1
- - Changes since 2.0.0
- - Changes since RC-4
- - Changes since RC-3
- - Changes since RC-2
- - Changes since RC-1
- - Changes since RC-1 (pre)
-
-- Disclaimer
-
-
-1. Changelog
-
-This is a non-exhaustive (but still near complete) changelog for phpBB 2.0.x including beta and release candidate versions. Our thanks to all those people who've contributed bug reports and code fixes.
-
-l.i. Changes since 2.0.14
-
-
-- Fixed moderator status removal in groupcp.php
-- Removed newlines after ?> on some files - Thoul
-- Added admin re-authentication (admin needs to login seperatly to access the ACP) - backported from Olympus
-- Fixed vulnerability in url/bbcode handling functions - PapaDos and Paul/Zhen-Xjell from CastleCops
-- Fixed issue in admin/admin_forums.php
-- Suppressed warning message for fsockopen in /includes/smtp.php - Thoul
-- Fixed bug in admin/admin_smilies.php (admin is able to add empty smilies) - Exy
-- Adjusted documents to reflect the urgent need to update the files too (not only running the database update script)
-- Updated the readme file
-- Added one new language variable
-- Added general error if accessing profile for a non-existent user
-- Changed session id generation to be more unique - Henno Joosep
-- Fixed bug in highlight code to escape characters correctly
-- Reversed the 2.0.14 fix for postgresql because it produced more problems than it solves.
-- Added reference to article written by R45 about case-sensitivity in postgreSQL to the readme file
-- Fixed bypassing of validate_username on registration - Yen
-- Empty url/img bbcodes no longer get parsed
-
-
-l.ii. Changes since 2.0.13
-
-
-- Hardened author and keyword search a bit to not allow very server intensive searches
-- Fixed full path disclosure in bad word parsing
-- Resetting complete userdata array in session code if authentication fails
-- Fixed bug in moderator control panel where certain parameters could lead to an "error creating new session" sql error
-- Fixed bug in session code where empty page ids could lead to an "error creating new session" sql error
-- Fixed html handling in signatures if html is turned off globally
-- Fixed install.php problem with PHP5 register_long_arrays option turned off
-- Fixed potential issues with styling system
-- Added correct class to login_body template file
-- Removed file db/oracle.php from package
-- Removed version number from message body page in /admin (if user is not an admin) - mikelbeck
-- Fixed case-sensitivity issues in postgres7.php - R45
-
-
-l.iii. Changes since 2.0.12
-
-
-- Ommitted preg_replace warning in viewtopic due to improper working of preg_quote in PHP - originally reported by matrix_killer, fix submitted by another party
-- Fixed high severity issue in session handling allowing everyone gaining administrator rights. Please update as soon as possible.
-- Minimum requirements raised to PHP 4.0.3 or above due to fixing vulnerability issues breaking PHP3 compatibility.
-
-
-l.iv. Changes since 2.0.11
-
-
-- Added confirm table to admin_db_utilities.php
-- Prevented full path display on critical messages
-- Fixed full path disclosure in username handling caused by a PHP 4.3.10 bug - AnthraX101
-- Added exclude list to unsetting globals (if register_globals is on) - SpoofedExistence
-- Fixed arbitrary file disclosure vulnerability in avatar handling functions - AnthraX101
-- Fixed arbitrary file unlink vulnerability in avatar handling functions - AnthraX101
-- Removed version number from powered by line
-- Merged database update files to update_to_latest.php file
-- Fixed path disclosure bug in search.php caused by a PHP 4.3.10 bug (related to AnthraX101's discovery)
-- Fixed path disclosure bug in viewtopic.php caused by a PHP 4.3.10 bug - matrix_killer
-
-
-l.v. Changes since 2.0.10
-
-
-- Fixed vulnerability in highlighting code (very high severity, please update your installation as soon as possible)
-- Fixed unsetting global vars - Matt Kavanagh
-- Fixed XSS vulnerability in username handling - AnthraX101
-- Fixed not confirmed sql injection in username handling - warmth
-- Added check for empty topic id in topic_review function
-- Added visual confirmation mod to code base
-
-
-l.vi. Changes since 2.0.9
-
-
-- Fixed deleting of styles in admin_styles.php
-- Fixed wrong unsetting of variables introduced in phpBB 2.0.9, making the board non-functional for users with specific php.ini settings
-- Added code to let phpBB work with PHP5 for those having register_long_arrays set to off (default settings) - running phpBB 2.0.x with PHP5 is not supported at http://www.phpbb.com.
-- Fixed bug in admin_board.php for board settings having single quotes in it
-- Fixed "search by author" in search.php. Now it is possible to search for users with special chars in their name too
-- Fixed forum jumpbox propagating session id in moderator control pages
-- Added check for newlines at redirecting pages, to prevent http response splitting attacks - Ory Segal and Amit Klein
-- Fixed visual confirmation code. The image was not created due to a wrong regular expression.
-
-
-l.vii. Changes since 2.0.8
-
-
-- Fixed one vulnerability in admin_board.php - Xore
-- Added checking for proper session id characters to sessions and viewtopic to prevent injections - Bartlomiej Korupczynski
-- Fixed injection vulnerabilities possible with linked avatars
-- Implemented unsetting globalised variables
-- Limited confirm switch to POST variable in posting
-- Changed IP code in common.php to prevent IP spoofing, which might introduce some problems with private IP Ranges showing up. - Wang Products
-- Updated visual confirmation mod [pre-edited files]
-- Moved obtaining word censors in modcp out of topic generation loop [increased performance/lower query count] - spotted by R45
-- Added the ability to link to https/ftps sites using the img bbcode tag
-- Fixed user online information in admin/index.php
-- Fixed getting group moderator in groupcp.php if running oracle backend - spotted by pakman
-- Fixed use of non-existing result variable in modcp (poster_id instead of user_id)
-- Fixed several vulnerabilities (XSS, SQL Injection and path disclosure) only possible with register_globals enabled - Matthew C. Kavanagh, Janek Vind
-- Fixed problem with SID not delivered to next page in groupcp.php
-
-
-l.viii. Changes since 2.0.7
-
-
-- Fixed several vulnerabilities in admin pages
-- Fixed sid checking code in admin/pagestart.php
-- Fixed injection vulnerabilities possible with the img bbcode tag
-- Limited allowed images in img bbcode tag to jpg, jpeg, gif and png
-- Fixed redirect problems - 2.0.7a
-- Fixed sql injection vulnerability in search - 2.0.7a
-- Fixed sql injection vulnerability in privmsg - 2.0.8a
-
-
-1.ix. Changes since 2.0.6
-
-
-- Fixed several vulnerabilities in modcp - Robert Lavierck
-- Changed whois lookup address within admin index
-- Fixed potential vulnerability in viewtopic postorder - 2.0.6d
-- Updates to cope with Zend Optimizer 2.5 problems - 2.0.6d - jetset
-- Force specialcharing of redirect variable in login - Pit
-- Fixed potential vulnerability in viewtopic postdays - GulfTech Security Research
-- Fixed potential vulnerability in viewforum topicdays - GulfTech Security Research
-- Fixed potential vulnerability in modcp
-- Fixed potential vulnerability in avatar gallery
-
-
-1.x. Changes since 2.0.5
-
-
-- Fixed various email issues
-- Fixed registration email bug with Administrator Confirmation used
-- Fixed mass emailer
-- Fixed long post time issue
-- Fixed bug with usernames containing single quotes
-- Fixed word list bug - Word boundaries were not considered
-- Fixed vulnerability in style admin
-- Fixed sql injection vulnerability in viewtopic
-- Fixed vulnerability allowing server side variable access in search - tendor
-- Fixed potential vulnerability in 2.0.5 login username entry - throw away/eomer
-- Fixed sql injection with reset date format field in profile - tendor
-
-
-1.xi. Changes since 2.0.4
-
-
-- Removed user facing session_id checks
-- Fixed user self-activation after deactivation
-- Fixed incorrect functioning of phpbb_realpath
-- Fixed wrong path to database schema files within the upgrade script
-- Fixed double quote problem with username validation
-- Allow & within email addresses
-- Fixed email validation for banned email addresses
-- Removed underline from email domain validation
-- Fixed redirection for sentbox folder, installation and email
-- Fixed poll deletion
-- Fixed Mozilla navigation bar
-- Fixed URL bbcode parsing
-- Fixed database timeouts while searching the forums
-- Fixed wrong email return path in admin mass mailing - netclectic
-- Fixed MS-SQL failures within the update script
-- Fixed memberlist sort order
-- Fixed not showing leading spaces within Code BBCode
-- Fixed problem with adding double quotes to subject titles
-- Remove username input field from profile when user cannot change name
-- Fixed pagination error with highlighting
-- Fixed errors if no smilies are installed
-- Fixed CSS issues with IE 5.2 on MacOS X
-- Fixed missing sid propagation problem within the Moderator Control Panel
-- Fixed language variables within Authentication error output
-- Removed doubled CSS class definitions within input fields
-- Fixed username change within the Administration Panel
-- Added missing <tr> tags to index_body.tpl
-- Added missing username language variable to admin index page
-- Fixed moderator status update if a usergroup got deleted
-- Fixed poll handling upon post edit
-- Fixed remove common words from search table if post get pruned - Nuttzy99
-- Fixed behaviour on splitting topics if no checkbox is selected
-- Anonymous is no longer displayed within Username dropdown boxes
-- Fixed viewprofile redirection if an invalid mode was specified
-- Fixed fraction settings within determining common words - Novan
-- Prevent admin change usernames to his own within the ACP
-- Activation email is sent to all admins
-- Fixed conversion of & to & in appropriate cases
-- Fixed display of "greater than topics per page" announcements preventing display of normal posts
-- Added variable checks to database backup and restore screen
-- Prevented pm popup window from resetting after visiting avatar gallery
-- Fixed special character handling with word censor
-- Added SID to jumpbox
-- Fixed problems with usernames using html special chars
-- Added GMT + 13 to English lang_main, all translators are encouraged to do likewise
-- Deleted doubled 'U_MEMBERLIST' assignment from page_header.php
-- Fixed wrong display of Signature Checkbox while editing Private Message
-- Fixed disappearing post text if emoticon was inserted directly after pressing a BBCode button
-- Display correct alt-tag for smilies within postings
-- Prevented the ability to apply BBCode to website contents
-- Fixed maxlength issue with password field in login_body.tpl
-- Fixed possible username duplication issue with validation and username length
-- Fixed split words function to handle additional foreign characters
-- Changed empty email To Field to use a non-disclosure delimiter
-- Fixed wrong language var in install.php - FTP Config screen
-- Fixed alt tag for locked topic images in viewforum_body.tpl
-- Fixed typo in groupcp.php - $lang['Unsub_success'] instead of $lang['Usub_success']
-- Fixed timezone display
-- Fixed wrong display of author quote tag within profile - Cl1mh4224rd
-- Added deletion of sessions of users whose account is deactivated
-- Added mail header X-MimeOLE to the emailer class
-- Prevent registration if user is logged in or user trying to register again
-- Prevent usage of char(255) in usernames
-- Added check for additional FORWARDED_FOR IP's - cosmos
-- Fixed handling of non-selection of option when voting
-- Fixed potential xss issue with memberslist mode
-- Default English support for visual confirmation - translators are encouraged to support this
-
-
-1.xii. Changes since 2.0.3
-
-
-- Fixed cross-browser scripting issue with highlight param
-- Back-ported highlighting code from phpBB 2.2
-- Add session id validation to posting, profile, email, voting - Edwin van Vliet
-- Added {S_HIDDEN_FIELDS} template var to profile_send_email.tpl
-- Added "intval" fix for flood check, may resolve some issues
-- Added missing index to post_id for search_wordmatch
-- Fixed spelling error in search add words preventing use of stopword list
-- Fixed issue with search common words not being run
-- Introduce viewtopic resync patch by Ashe
-- Replace a for n in templating code
-- Fixed ordering in memberslist
-- Fixed group_id sequence issues with pgsql and msaccess
-- Fixed assumption of word censors in user notification
-- Fixed incorrect display of quotes in user management fields
-- Fixed entry of special chars in all profile fields - note this may cause temporary issues
-- Fixed incorrect display of quotes when using avatar gallery
-- Fixed missing username in email sent to users when admin activated
-- Added check for non-empty smiley code and url in smiley admin
-- Prevent display of -- sig seperator in emails when no board sig exists
-- Fixed URL propagated sid issues with jumpbox
-- Fixed wrong mode name check (polldelete) in functions_post
-- Added missing root path to l10n image path check
-- Remove validation of fields when deleting a user
-- Fixed sort mode select box in memberslist to default to current mode
-- Deny inline topic review listing to users without auth_read permissions
-- Prevent display of topic notification checkbox if user cannot read forum
-- Remove incorrect pre-pending of IP to uploaded avatars
-- Fixed deletion of uploaded avatars when changing to remote/gallery
-- Added check for non-blank line during install schema/basic sql ops
-- Added sort ordering to Top Ten poster listing by request
-- Fixed incorrect error report when altering case of username
-- Added jumpbox output to modcp {JUMPBOX} will now work
-- Fixed non-updating of users with MOD levels when deleting a forum
-- Remove email to group moderator when approving new members
-- Fixed non-handling of HTML in poll options
-- Fixed non-deletion of polls when deleting forum and its posts
-- Fixed moved shadow topic from being bumped upon reply
-- Changed field size of timezone to decimal(5,2) where applicable
-- Fixed missing sid append to URL when redirecting to newest reply
-- Fixed missing slashes in private IP preg check
-- Fixed session not setting userdata['user_id'] to ANON as appropriate
-- Added check for non-empty name in disallow admin
-- Fixed validation of SSL website addresses in profile
-- Fixed inability of admins to upload avatars via user admin panel
-- Fixed non-deletion of private message text upon full box overwrite
-- Fixed incorrect error message in smiley admin
-- Fixed incorrect alt-text for "Stop Watching Topic" image
-- Temporary fix for missing lang strings in forum admin - translators should update their packages if not done already
-- Use selected localisation during later stages of installation
-- Fixed non-check of permissions when deleting a topic via Moderator Control Panel
-- Fixed non-update of banlist upon user deletion
-- Check approved users boxes by default in usergroup approve form
-- Fixed non-appending of sid to backup meta refresh
-- Fixed non-notification of no support for certain databases in backup/restore
-- Added $images var to message die global declaration
-- Fixed wrong string, Private_message in Private Messaging
-- Add mail send result to error output
-- Fixed non-appending of sid to Mozilla nav bar menu items
-- Fixed incorrect profile linking from MSNM url in private messaging
-- Grammatical errors in English lang_main fixed - Cluster
-- Allow deletion of avatar and simultaneous upload/linking/gallery selection
-- Fixed non-updating of user rank when changing from special to normal rank in rank admin
-- Changed user topic notification default in schemas to 0 (off)
-- Fixed non-XHTML compliant img tags in privmsg.php
-- Fixed non-deletion of announcements and polls when removing forum contents in forum admin
-- Fixed non-pruning of watched topics table when pruning related topics
-- Enable GET redirect on logout
-- Added check for IE6.x to viewtopic ICQ indicator javascript
-- Fixed empty username quoting with MS-SQL
-- Fixed BBCode url, magic url and img tags to allow most chars beyond domain names
-- Prevent parsing of -ve size values in BBCode size tag
-- Back ported HTML handler from 2.2, this may impact some boards which allow complex HTML - existing parser remains but commented out
-- Fixed parsing of word censors to not censor words within < and > tag delimiters
-- Fixed database utilities failing to backup data with MySQL
-- Fixed signature parsing in User Admin
-- Fixed missing class="post" tags in subSilver Admin templates
-- Fixes for paths under Apache2
-- Added wrap text with tag support for posting in Mozilla 1.1+
-- Fixed use of missing CSS classes in modcp_split, group_info_body, error_body and agreement
-- Fixed ability of users to edit polls even after they have received votes
-- Fixed header Location to be absolute URL as per HTTP 1.1 spec - noted by PhilippK
-- Added additional session_id checks to MCP, topic subscription, PM and similar items
-- Fixed colour select box in posting_body to reset to Default colour after selection
-- Altered PM icon to show new image until messages have been read
-- Fixed incomplete deletion of PMs when removing the associated user
-- Fixed unread and new PM user counters to decrement appropriately in all situations
-- Fixed possible cross-site scripting issue with username search
-- Fixed some problems with gzip in combination with newer PHP versions and Mozilla
-- Fixed wrong maxlength in modcp_split.tpl subject field
-- Fixed inability to edit username of guest poster - vHiker
-- Fixed ability for guests to post with certain registered usernames
-- Fixed various HTML issues to improve XHTML compliance - Daz
-- Fixed missing template var {L_PM} for memberslist - Daz
-- Fixed wrong key name for $images['Topic_un_watch'] - Daz
-- Fixed missing template var {S_WATCH_TOPIC_IMG} for viewtopic - Daz
-- Fixed missing default constraints for post table under MSSQL
-- Fixed incorrect field size for forum pruning - preventing days > 256
-- Fixed continuing redirect issues for broken web servers, e.g. IIS+CGI PHP
-- Fixed inability to use ftp as a protocol for the [img] tag
-- Fixed incorrect handling of [img] tags containing %20 encoded spaces
-- Added check for . within cookie_name, change to _ if present
-- Added SHOW_ONLINE constant to limit "users online" code operation to index and viewforum
-- Added "temporary" workaround for Apache2 + PHP module ignoring "private" cache header
-- Added workaround for modcp IP lookup and links to Anonymous user profile
-- Fixed broken bbcode parsing of quotes containing bbcode in the "username"
-- Fixed excess slashes in [quote=""] first pass encoding
-- Fixed rendering issue with quote button under Mozilla - Daz
-- Grammatical errors in remaining core lang files fixed - Cluster
-- Fixed bbcode quote breaking when username contained ] before [
-- Fixed duplicate group_id error during upgrade of users from phpBB 1.x
-- Fixed stripslashes() problem with the conversion of the config table from phpBB 1.x
-- Rejiggled validation code, may eliminate "Username disallowed" issues
-- Fixed differing initial "public" setting of forum permissions between different files
-- Added check for invalid (non-compliant) email addresses to upgrade script
-- Further redirect workarounds for broken servers, please direct further issues to the vendors
-- Added GMT + 13 to English lang_main, all translators are encouraged to do likewise
-- Added switch to default_lang email template if user lang template no longer exists
-- Fixed javascript error when selecting smiley containing a single quote
-- Update users watched topic if a post they made is split into a new topic
-- Fixed situations where email templates contain incorrect or missing subject lines
-- Fixed error when searching for posts and no forums exist
-- Fixed potential SQL vulnerability with marking of private messages - Ulf Harnhammar
-
-
-1.xiii. Changes since 2.0.2
-
-
-- Fixed potential cross-site scripting vulnerability with avatars - Showscout
-- Fixed potential SQL rewrite issue in page header - missing contrib
-- Fixed potential CSS/HTML rewrite on viewing in login - Marc Rees
-- Fixed (hopefully) issue with MS Access and multiple pages
-
-
-1.xiv. Changes since 2.0.1
-
-
-- Fixed missing "username" lang variable in user admin template
-- Session work around for users behind rotating IPs - vHiker
-- Fixed potential session user_id re-write - Ashe
-- Fixed potential cross-browser scripting issue with BBCode URLs
-- Fixed potential gallery avatar exploit - Ashe
-- Fix sorting of smileys on each function call - Ashe/psoTFX
-- Clear topic_mod text output in viewtopic - Lars
-- Fix regex for avatar remote urls
-- Fix non-updating of user post counts when deleting whole topics
-- Increase time limit when sending topic reply notifications
-- Set default forum when splitting topics
-- Fix non-deletion of uploaded avatars when switching to gallery
-- Removed various closing newlines from included files
-- Add MAX_ROWS to HEAP table alter in install/upgrade - Ashe
-- Update username maxlength for subSilver templates
-- Allow ( and ) in BBCode [url] tags
-- Fix non-quoting of # in username validation regexs
-- Fix overlooked global var in private messaging
-- Possible fix for \r\n email templates issues
-- Fix missing str_replace for category title forum admin SQL
-- Fix trailing , when sending emails via smtp
-- Fix avatar issues in user admin
-- Fix improper checking of email address ban in sessions
-- Fix use of hard coded language strings in forum admin
-- Fix missing closing ) in smilies admin
-- Fix missing Username label in user admin
-- Fix upgrade.php bug where conversion would not complete (and updated other scripts to match the changes)
-- Fix problem with redirect and login.php
-- Fix typo that could cause problems with sorting in the memberlist
-- Fix emailer to allow sending emails with language-specific character sets
-
-
-1.xv. Changes since 2.0.0
-
-
-- Fixed delete image bug for normal users
-- Fixed group control panel image links
-- Fixed missing L_POST variable in group control panel
-- Fixed missing user id when redirecting to email form after login
-- Fixed (a)ppend_sid function name error in group control panel
-- Fixed reset of post type when previewing a post
-- Fixed mass emailer include path error
-- Fixed potential SQL exploit
-- Fixed several minor subSilver issues
-- Fixed [quote] breaking HTML problem
-- Fixed problem with unclosed nested quotes
-- Fixed bad handling of automagic links at end of quotes
-- Fixed potential BBCode and avatar remote exploit
-- Altered email validation check to allow + in username as per RFC
-- Fixed incorrect behaviour with wildcards in disallowed usernames
-- Added missing append_sid for search view results as posts
-- Fixed incorrect clearing of current sessions for logged in users
-- Fixed user_timezone (cannot update user profile) problem
-- Added correct setting of moderator status for users during upgrade
-- Fixed handling of uploaded avatars if gallery avatar currently used
-- Fixed use of existing username for uploaded avatars
-- Fixed updating of topic reply stats when post is deleted
-- Fixed irrelevant error message when activating already active account
-- Fixed gzip compression problems with Netscape and some PHP versions
-- Fixed MS Access layer errors when using latest PHP versions
-- Fixed styles admin editing problems with MSSQL Server
-- Fixed logout issue when cancelling certain actions
-- Fixed missing text in certain admin links
-- Fixed opening of frame within frame when logging into admin
-- Fixed incorrect ordering of search results by time
-- Fixed fulltext searching failure with MS Access
-- Hopefully fixed fulltext search with non-latin single byte charsets
-- Enabled work-around support for some multi-byte charsets - OOHOO
-- Re-enabled search indexing of all-numeric character sequences
-- Updated email banning to properly implement wildcards
-- Fixed missing extension in links from groupcp
-- Fixed lack of re-validation when changing email address
-- Added additional IP check when using HTTP_X_FORWARDED_FOR
-- Fixed non-display of delete icon when on second or greater topic page
-- Fixed problems with users/groups assigned multiple permissions
-- Fixed problem with - and + in search words - Matthijs
-- Fixed improper handling for deletion of words from search table
-- Fixed support for , in automagic URLs as per RFC
-- Fixed circular reference SQL errors when deleting posts under MS Access
-- Fixed nested [code] problems
-- Added charset encoding headers for emails - romutis
-- Fixed "Copy to self" emails to use correct language
-- Fixed pagination error when limiting previous days for viewforum
-- Decreased minimum search word size to 3 chars
-- Fixed deletion of one or more options from all polls when editing just one
-- Fixed checking of group memberships when promoting/demoting group moderators
-- Added database closure to admin frameset page
-
-
-1.xvi. Changes since RC-4
-
-
-- Fixed improper report of general error when posting messages containing errors
-- Fixed post text being doubled up if it contained one or more < without closing >
-- Fixed pruning errors due to search function name change
-- Hopefully fixed various issues which led to incorrect reply and excess page counts
-- Fixed groupcp not displaying all email buttons to group moderator or admin
-- Fixed failure to display error notice when uploading oversized avatars
-- Hopefully corrected problem with viewonline displaying too few/many users online
-- Partially addressed issue with activation URLs >76 chars
-- Fixed additional search facilities failing to work or working incorrectly
-- Fixed search syntax highlighting
-- Addressed various webservers handling of page redirects
-- Fixed word censor not replacing first or last words
-- Fixed avatar height and width check for locally uploaded images
-- Hopefully fixed cache control header
-- Added check for PM box size limit of 0 to prevent div0 error
-- Fixed failure to fully delete PMs in outbox
-- Fixed display problem with polls
-- Fixed problem with guest username not being displayed for topic results in search
-- Fixed problem with quotes in various profile fields
-- Fixed schema problem with user_timezone
-- Fixed page display issue with MS Access
-- Fixed user level issue when altering user from user to admin and vice versa
-- Fixed incorrect parseing of some email templates
-- Reduced size of MS Access primer
-- Fixed various remaining usergroup display issues
-
-
-1.xvii. Changes since RC-3
-
-
-- Addressed serious security issue with included files
-- Fixed non-use of database table prefix name during upgrade
-- Split functions and profile into separate modules
-- Fixed (hopefully) remaining issues with colourisation of moderator usernames
-- Updated install to include entry of additional, required, information
-- Fixed (hopefully) AOL incompatibilities
-- Fixed non-display of moderators in index/viewforum
-- Fixed group control panel 'no groups exist' problems
-- Fix HTTP_X_FORWARDED_FOR spoofing possibility
-- Fix ignoring of private range IP's in HTTP_X_FORWARDED_FOR
-- Enable multiple wildcard email banning, eg. *name*@somewhere.tld
-- Fix problems with posts being truncated if containing < and > characters
-- Prevent URL, BBCode and most smiley parseing in [code][/code]
-- Fix problems with use of certain reserved chars in word censor list
-- Fix default search useage to be as described (was doing AND by default)
-- Fix various avatar issues with profile, gallery and viewtopic
-- Enable safe mode support for uploading avatars
-- Fix broken modcp IP view issue
-- Fix potential session_id re-write vulnerability
-- Finish localisation of days and months (AM/PM are not and will not be localised in 2.0)
-- Remove link to external subSilver stylesheet from default subSilver templates
-- Handle TRANSACTIONS correctly in MySQL 3.x (by returning correct responses)
-- Fix checkbox resetting problem while previewing posts
-- Fix a login redirect issue
-- Remove some additional unused fields during upgrade
-- Fix (hopefully) remaining ICQ overlay issue with view profile in subSilver
-
-
-1.xviii. Changes since RC-2
-
-
-- Fixed infamous install parse error
-- Major update of posting and related search functions (fixing various issues and increasing speed)
-- Fixed display of author and last poster names when both are different guest users
-- Fixed upgrade stall issues (hopefully!) and improved output
-- Fixed highlighting code for viewtopic and search
-- Reduced size of several files and functions
-- Moved localised images to sub-directories
-- Improved user feedback of disallowed usernames
-- Fixed various MSSQL bugs
-- Fixed installation of MSSQL/MSSQL-ODBC
-- Fixed security issue with upgrade.php
-- Finished implemention of various additional features
-- Fixed various user, group and forum permissions problems
-- Fixed issues with BBCode [ and ] (hopefully!)
-- Fixed autologin problems with MS IIS
-- Hopefully fixed problems with URIs in emails on some server configs
-- Fixed 'blank' profile and DB utilities problems on submit
-- Fixed incorrect language being used in email subjects
-- Fixed issues with incorrect private message new/unread counts
-- Fixed various PostgreSQL related errors
-- Automatically forward users to login screen in more situations
-- AEnabled (coloured) online indication of moderators and admins
-- Enabled maximum online user count
-- Altered online user count to ignore duplicate IPs (will now underestimate rather than overestimate)
-- Enabled viewing of users browsing each forum
-- Fixed (hopefully) display of overlayed ICQ icon in Netscape using subSilver
-- Fixed display of guest usernames for last post and author
-- Hidden usergroups are now completely hidden from view
-
-
-1.xix. Changes since RC-1
-
-
-- Fixed numerous PostgreSQL related issues
-- Significant updates and additions to the upgrade script
-- Various (missed) hard coded language strings fixed
-- Fixed viewforum error when no forum id specified
-- Fixed old constant name useage in search system
-- Fixed display of moved posts when viewing unanswered posts
-- Fixed failure of search for user and keyword when displaying as posts
-- Fixed PM popup notification
-- Fixed view more emoticon session page problem
-- Fixed view profile email links
-- Fixed display of websites in profile
-- Fixed backup database failure
-- Fixed MS Access schema error when posting topics
-- Fixed problem with hypenated/dotted DB names in MySQL 3.23.6+
-- Various other fixes and updates
-
-
-1.xx. Changes since RC-1 (pre)
-
-
-- Upgrade script completed for initial fully functional release
-- Sessions code updated
-- Mark read code updated and hopefully fixed
-- Significant changes to properly deal with \' for non-MySQL boards
-- mssql, msaccess and mssql-odbc DB classes re-written
-- Avatar issues addressed and fixed
-- Search (INSERT) bug using MySQL fixed
-- Search highlighting issues addressed
-- Search own/other users posts fixed
-- BBCode fixes for magic URIs and other issues
-- Template updates for subSilver
-- User and group permissions problems fixed
-- Forum management problems (deletion of forum causing category not to display) fixed
-- Pagination problem with groupcp fixed
-- Backslash issues with posting and profile fixed
-- Backslash issues with emails fixed
-- preg_quote problems fixed
-- User management updated with full avatar control and missing fields
-- Private messaging box limits fixed
-- Private messaging ?folder= strangeness fixed
-- Forum pruning code updated to cope with search system
-- Emoticon system in posting updated
-- BBCode FAQ link added to posting form
-- Language file updates to address concerns of translators
-- Various other bug fixes and updates
-
-
-Note that a full list of fixed bugs can be found at the bug tracker (see section on bug reporting here)
-
-2. Copyright and disclaimer
-
-This application is opensource software released under the GPL. Please see source code and the Docs directory for more details. This package and its contents are Copyright © 2002 phpBB Group, All Rights Reserved.
-
-
- |
-
-