PreguntasLinux

Acaba de salir la versión 2.0.17 de los foros phpBB. Aunque no soluciona ningún problema de seguridad crítico, sí soluciona otros problemas de seguridad menores además de algunos errores como en XSS que sólo afecta al IE.

Podéis encontrar los archivos aquí:http://www.phpbb.com/downloads.php

Lista de cambios:

* Added extra checks to the deletion code in privmsg.php - reported by party_fan
* Fixed XSS issue in IE using the url BBCode
* Fixed admin activation so that you must have administrator rights to activate accounts in this mode - reported by ieure
* Fixed get_username returning wrong row for usernames beginning with numerics - reported by Ptirhiik
* Pass username through phpbb_clean_username within validate_username function - AnthraX101
* Fixed PHP error in message_die function
* Fixed incorrect generation of {postrow.SEARCH_IMG} tag in viewtopic.php - reported by Double_J
* Also fixed above issue in usercp_viewprofile.php
* Fixed incorrect setting of user_level on pending members if a group is granted moderator rights - reported by halochat
* Fixed ordering of forums on admin_ug_auth.php to be consistant with other pages
* Correctly set username on posts when deleting a user from the admin panel

fuente: http://www.fentlinux.com/modules.php?op=...=0&thold=0