The phpBB Group has released a new version of their open-source bulletin board package.
A large number of bugs and several potential vulnerabilities have been addressed in this release.
Changes since 2.0.1
Fixed missing "username" lang variable in user admin template
Session work around for users behind rotating IPs - vHiker
Fixed potential session user_id re-write - Ashe
Fixed potential cross-browser scripting issue with BBCode URLs
Fixed potential gallery avatar exploit - Ashe
Fix sorting of smileys on each function call - Ashe/psoTFX
Clear topic_mod text output in viewtopic - Lars
Fix regex for avatar remote urls
Fix non-updating of user post counts when deleting whole topics
Increase time limit when sending topic reply notifications
Set default forum when splitting topics
Fix non-deletion of uploaded avatars when switching to gallery
Removed various closing newlines from included files
Add MAX_ROWS to HEAP table alter in install/upgrade - Ashe
Update username maxlength for subSilver templates
Allow ( and ) in BBCode [url] tags
Fix non-quoting of # in username validation regexs
Fix overlooked global var in private messaging
Possible fix for
email templates issues
Fix missing str_replace for category title forum admin SQL
Fix trailing , when sending emails via smtp
Fix avatar issues in user admin
Fix improper checking of email address ban in sessions
Fix use of hard coded language strings in forum admin
Fix missing closing ) in smilies admin
Fix missing Username label in user admin
Fix upgrade.php bug where conversion would not complete (and updated other scripts to match the changes)
Fix problem with redirect and login.php
Fix typo that could cause problems with sorting in the memberlist
Fix emailer to allow sending emails with language-specific character sets
Download
A large number of bugs and several potential vulnerabilities have been addressed in this release.
Changes since 2.0.1
Fixed missing "username" lang variable in user admin template
Session work around for users behind rotating IPs - vHiker
Fixed potential session user_id re-write - Ashe
Fixed potential cross-browser scripting issue with BBCode URLs
Fixed potential gallery avatar exploit - Ashe
Fix sorting of smileys on each function call - Ashe/psoTFX
Clear topic_mod text output in viewtopic - Lars
Fix regex for avatar remote urls
Fix non-updating of user post counts when deleting whole topics
Increase time limit when sending topic reply notifications
Set default forum when splitting topics
Fix non-deletion of uploaded avatars when switching to gallery
Removed various closing newlines from included files
Add MAX_ROWS to HEAP table alter in install/upgrade - Ashe
Update username maxlength for subSilver templates
Allow ( and ) in BBCode [url] tags
Fix non-quoting of # in username validation regexs
Fix overlooked global var in private messaging
Possible fix for
email templates issues
Fix missing str_replace for category title forum admin SQL
Fix trailing , when sending emails via smtp
Fix avatar issues in user admin
Fix improper checking of email address ban in sessions
Fix use of hard coded language strings in forum admin
Fix missing closing ) in smilies admin
Fix missing Username label in user admin
Fix upgrade.php bug where conversion would not complete (and updated other scripts to match the changes)
Fix problem with redirect and login.php
Fix typo that could cause problems with sorting in the memberlist
Fix emailer to allow sending emails with language-specific character sets
Download