Another Forum Update

[Handruin]

As you may or may not have noticed, StorageForum was updated tonight to the latest Release Candidate. During this past week a few major security issues were made public knowledge. The phpBB2 development team had issued a temporary fix that was implemented here, until a new Release Candidate could be made available.

We are currently running RC 4.0 of phpBB2. If you discover any new problems, please let me know so that I can address the issue ASAP.

Thanks for your patients,

Doug

Here is the list of changes:

• Changes since RC-3
• Addressed serious security issue with included files
• Fixed non-use of database table prefix name during upgrade
• Split functions and profile into separate modules
• Fixed (hopefully) remaining issues with colourisation of moderator usernames
• Updated install to include entry of additional, required, information
• Fixed (hopefully) AOL incompatibilities
• Fixed non-display of moderators in index/viewforum
• Fixed group control panel 'no groups exist' problems
• Fix HTTP_X_FORWARDED_FOR spoofing possibility
• Fix ignoring of private range IP's in HTTP_X_FORWARDED_FOR
• Enable multiple wildcard email banning, eg. *name*@somewhere.tld
• Fix problems with posts being truncated if containing < and > characters
• Prevent URL, BBCode and most smiley parseing in {code}{/code}
• Fix problems with use of certain reserved chars in word censor list
• Fix default search useage to be as described (was doing AND by default)
• Fix various avatar issues with profile, gallery and viewtopic
• Enable safe mode support for uploading avatars
• Fix broken modcp IP view issue
• Fix potential session_id re-write vulnerability
• Finish localisation of days and months (AM/PM are not and will not be localised in 2.0)
• Remove link to external subSilver stylesheet from default subSilver templates
• Handle TRANSACTIONS correctly in MySQL 3.x (by returning correct responses)
• Fix checkbox resetting problem while previewing posts
• Fix a login redirect issue
• Remove some additional unused fields during upgrade
• Fix (hopefully) remaining ICQ overlay issue with view profile in subSilver

 

[Tannin]

Cool! I was about to report another outage, but only to the BBS, not to the front page, but now I see that there was a reason for it.

 

[Handruin]

Cool! I was about to report another outage, but only to the BBS, not to the front page, but now I see that there was a reason for it.

I had put up a message explaining the process, did it not display for you? Whenever I do updates, I wait until no one is logged in, and then implement a temporary page that sits in the phpBB2 directory. (I was actually waiting for you to finish)

Oh well...I tried to make it so that everyone noticed it was intentional and not another server crash.

 

[Tannin]

Woops! Sorry, I was half way through a post. So what I got was a "the posting page doesn't exist" error message. And ... er ... wait till I'm not logged on? Do you ever sleep?

 

[Handruin]

Woops! Sorry, I was half way through a post. So what I got was a "the posting page doesn't exist" error message. And ... er ... wait till I'm not logged on? Do you ever sleep?

Ah crap...I kept refreshing the page and your name was gone off the login screen, I thought you had finished. (Sorry about that)

Its the weekend so I'm playing catch-up with all the maintenance for the site. I knew it would take a few hours to install RC4.0, test it for a while, and then apply the SF theme to the new files, and then test it some more.

I was able to manage that tonight, it took about 4-5 hours. The upgrade wasn't too bad since I made the changes ahead of time. It took me a while because I made a database change that was not part of the upgrade. I added a prefix to the tables so that our database would be up to speed with the current generation of phpBB2. (not that you care, but I feel like chatting anyway) There is some legacy crap left over from the initial phpBB 1.4.4 setup we began with. I've pretty much weeded it out so that it doesn't bite us in the arse later.

Do I ever sleep...sometimes. I have a bunch of ideas for another web site that I want to work on, but I'm really tired now. It’s 4:16 AM and I have to get up at 8:00.

Oh well...sorry about killing your post, I tried to wait until it was later in the night, but for you Australian folks, it's more like day time.

 

[Tannin]

Hey, you're talking to a man who lost 4800 posts here. You think I didn't have a copy on my hard disc? And with the houirs I keep .... well ... let's just say that girlfriends have trrouble understanding.