XMB Forum Software

XMB Patch #15

miqrogroove - 12-29-2017 at 01:20 AM

XMB1 - 1.9.11.15
================

Official 1.9.11 patch build #15 released to fix compatibility with PHP 7.0+ and PHP 5.4+ and MySQL 5.6 and HTTPS.

- 0000380: error html output errors in cp files
- 0000488: Admin Panel Table Cells Missing
- 0000490: files.php Robots Header Should Be nofollow, noimageindex
- 0000491: Undefined offset in files.php
- 0000492: Forums Panel Needs to Check if File Uploading is Disabled
- 0000493: Empty Forum Groups Not Handled Correctly
- 0000494: Installer Should Not Allow Reserved Usernames
- 0000495: Buddy List Width Incorrect
- 0000496: Google Ignoring pid URL Parameter
- 0000497: HTTP Header Elements Should Be Comma Separated
- 0000499: Update Copyright Dates and File Headers
- 0000500: Current Version Display Not Working in Installer
- 0000501: Default Value of Full URL Does Not Detect HTTPS
- 0000503: Charset Compatibility Broken in PHP 5.6
- 0000504: XMB Incompatible with PHP 7 Database Extensions
- 0000505: XMB Installer Throws Deprecated Database Extension
- 0000506: magic_quotes_runtime Error in PHP 5.4+
- 0000507: 'dot' functionality missing in today.php
- 0000508: php 7.1 - polls
- 0000509: HTTPS links don't work on avatar URL input
- 0000510: Spelling mistake in English.php
- 0000515: "Checking URL" Message Never Clears if Avatar is 404
- 0000517: XMB Forces HTTP Scheme on All User Homepage Links
- 0000518: misc.php links to network-tools.com trivial issue
- 0000519: Chrome Throws ERR_BLOCKED_BY_XSS_AUDITOR in Template Editor
- 0000520: MySQL 5.6 Throws lastpost Comparison Warnings in DEBUG Mode
- 0000521: Avatars Should Not Link to about :blank
- 0000522: PHP Incompatible With Some Character Encodings
- 0000524: Email Header Return-Path is Not Set
- 0000525: dbstuff::panic() Param Should Not Be Passed by Reference
- 0000526: "Red" Thread Icons Don't Clear After Reading Thread
- 0000527: Some Cookies Have No HTTPS Restrictions
- 0000528: maxattachsize Setting Should Be Checked Against PHP Limit
- 0000529: Unnecessary HAVING Clause in member.php Query

Bug Source: Various

Symptoms: XMB fails to install on PHP 7.0+. Various errors emitted in PHP 5.4+ and MySQL 5.6. Wrong character encoding name inserted by PHP. HTTPS links may be broken, malformed, or missing within several features. The Chrome web browser may throw bogus XSS errors in various administration pages. E-Mail headers are incomplete and might cause problems with anti-spam protocols.

Security Impact: Minor - Primarily improving compatibility with HTTPS addressing and newer versions of PHP. Additional hardening through bug-related patches means XMB should be patched as a matter of routine maintenance.

Fixed By: XMB-1.9.11.15.zip and later are not affected.

Patch: Attachment: XMB-1.9.11-r2670-r2753.diff (117kB)
This file has been downloaded 97 times