รายละเอียดการอัพเดท ระบบ SMF 1.1.16 to 1.1.17 เพื่อความปลอดภัย
<edit file>
$boarddir/index.php
</edit file>
<search for>
* =============================================================================== *
* Software Version: SMF 1.1.16 *
</search for>
<replace>
* =============================================================================== *
* Software Version: SMF 1.1.17 *
</replace>
<search for>
$forum_version = 'SMF 1.1.16';
</search for>
<replace>
$forum_version = 'SMF 1.1.17';
</replace>
<edit file>
$boarddir/SSI.php
</edit file>
<search for>
* =============================================================================== *
* Software Version: SMF 1.1.13 *
</search for>
<replace>
* =============================================================================== *
* Software Version: SMF 1.1.17 *
</replace>
<search for>
function ssi_boardNews($board = null, $limit = null, $start = null, $length = null, $output_method = 'echo')
{
global $scripturl, $db_prefix, $txt, $settings, $modSettings, $context;
</search for>
<replace>
function ssi_boardNews($board = null, $limit = null, $start = null, $length = null, $output_method = 'echo')
{
global $scripturl, $db_prefix, $txt, $settings, $modSettings, $context, $user_info;
</replace>
<search for>
SELECT ID_FIRST_MSG
FROM {$db_prefix}topics
WHERE ID_BOARD = $board
ORDER BY ID_FIRST_MSG DESC
</search for>
<replace>
SELECT t.ID_FIRST_MSG
FROM {$db_prefix}topics as t
LEFT JOIN {$db_prefix}boards as b ON (b.ID_BOARD = t.ID_BOARD)
WHERE t.ID_BOARD = $board
AND $user_info[query_see_board]
ORDER BY t.ID_FIRST_MSG DESC
</replace>
<edit file>
$sourcedir/Security.php
</edit file>
<search for>
* =============================================================================== *
* Software Version: SMF 1.1.9 *
</search for>
<replace>
* =============================================================================== *
* Software Version: SMF 1.1.17 *
</replace>
<search for>
if ($good_password || $_POST['admin_hash_pass'] == sha1($user_info['passwd'] . $sc))
{
$_SESSION['admin_time'] = time();
return;
}
</search for>
<replace>
if ($good_password || $_POST['admin_hash_pass'] == sha1($user_info['passwd'] . $sc))
{
$_SESSION['admin_time'] = time();
unset($_SESSION['request_referer']);
return;
}
</replace>
<search for>
if ($good_password || sha1(strtolower($user_info['username']) . $_POST['admin_pass']) == $user_info['passwd'])
{
$_SESSION['admin_time'] = time();
return;
}
}
</search for>
<replace>
if ($good_password || sha1(strtolower($user_info['username']) . $_POST['admin_pass']) == $user_info['passwd'])
{
$_SESSION['admin_time'] = time();
unset($_SESSION['request_referer']);
return;
}
}
// Better be sure to remember the real referer
if (empty($_SESSION['request_referer']))
$_SESSION['request_referer'] = isset($_SERVER['HTTP_REFERER']) ? @parse_url($_SERVER['HTTP_REFERER']) : array();
elseif (empty($_POST))
unset($_SESSION['request_referer']);
</replace>
<search for>
$referrer = isset($_SERVER['HTTP_REFERER']) ? @parse_url($_SERVER['HTTP_REFERER']) : array();
</search for>
<replace>
if (isset($_SESSION['request_referer']))
$referrer = $_SESSION['request_referer'];
else
$referrer = isset($_SERVER['HTTP_REFERER']) ? @parse_url($_SERVER['HTTP_REFERER']) : array();
</replace>
ตามประกาศจาก SMF ให้ดำเนินการ อัพเดท ระบบ เพื่อความปลอดภัย
SMF 2.0.3, 1.1.17 and 1.0.23 security patches released
« on: December 16, 2012, 05:05:30 PM »
Dear users,
Simple Machines Forum has released a security patch with version numbers: SMF 1.0.23, SMF 1.1.17 and SMF 2.0.3.
A security issue has been identified in all versions and is fixed with this patch, therefore it is recommended to make sure you update your forums immediately to ensure your community is safe.
In addition to the security patch, a few bug fixes to SMF 2.0.2 are also included within the patch for 2.0.x.
The most relevant bug fix is an issue that will arise in few months with PayPal: starting on February 1, 2013 PayPal will only accept headers which comply with the HTTP 1.1 specification.
If you are running 2.0.2, you can update your forum to 2.0.3 using the package manager. You should see the upgrade notification in the Admin panel and in the package manager, allowing you to download and install seamlessly. If you don't have a notification about the update, please run the scheduled task "Fetch Simple Machines files".
You can also download the patch for 2.0.2 from the customize site: smf_patch_2.0.3.tar.gz patch, and install it using the package manager.
If you are running 1.1.16, you can update to 1.1.17 with the smf_patch_1.0.23_1.1.17.tar.gz patch, also using the package manager.
If you are running SMF 1.0.22, take into consideration that this will most likely be the last patch for this version of SMF, which is reaching its "end of life". You can update to 1.0.23 with the smf_patch_1.0.23_1.1.17.tar.gz patch, also using the package manager.
If you use older versions of SMF, you can upgrade with the full upgrade packages from the downloads page.
Please find the changelog for the latest release, as usual, on the downloads page as well:
http://download.simplemachines.org/
If you are having problems downloading the patch from the admin panel, you can download the package from the upgrades page here:
http://custom.simplemachines.org/upgrades/
and install it like a mod.
Please refer also to the Online Manual for more details about:
* upgrading http://wiki.simplemachines.org/smf/Upgrading
* updating http://wiki.simplemachines.org/smf/Updating
* patching http://wiki.simplemachines.org/smf/Patching
Please do not use this topic for support requests. You will get a much quicker and better response by posting in the relevant support board!
Regards,
Simple Machines Forum