diff options
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/docs/CHANGELOG.html | 12 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_bbcodes.php | 6 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_extensions.php | 2 | ||||
| -rw-r--r-- | phpBB/phpbb/db/migration/data/v31x/v317pl1.php | 31 |
4 files changed, 49 insertions, 2 deletions
diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index 4311ebfe63..b77af13d08 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -51,6 +51,7 @@ <ul> <li><a href="#v320a1">Changes since 3.2.0-a1</a></li> <li><a href="#v31x">Changes since 3.1.x</a></li> + <li><a href="#v317">Changes since 3.1.7</a></li> <li><a href="#v316">Changes since 3.1.6</a></li> <li><a href="#v315">Changes since 3.1.5</a></li> <li><a href="#v314">Changes since 3.1.4</a></li> @@ -388,6 +389,17 @@ <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14265">PHPBB3-14265</a>] - Make all tables available in the container</li> </ul> + <a name="v317"></a><h3>Changes since 3.1.7</h3> + + <h4>Security Issue</h4> + <ul> + <li>[SECURITY-188] - Check form key in acp_bbcodes</li> + </ul> + <h4>Bug</h4> + <ul> + <li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-14343">PHPBB3-14343</a>] - Undefined variable $phpbb_dispatcher when (un-)locking a topic or post</li> + </ul> + <a name="v316"></a><h3>Changes since 3.1.6</h3> <h4>Bug</h4> diff --git a/phpBB/includes/acp/acp_bbcodes.php b/phpBB/includes/acp/acp_bbcodes.php index 114cba37f6..dab18289c7 100644 --- a/phpBB/includes/acp/acp_bbcodes.php +++ b/phpBB/includes/acp/acp_bbcodes.php @@ -33,6 +33,7 @@ class acp_bbcodes // Set up general vars $action = $request->variable('action', ''); $bbcode_id = $request->variable('bbcode', 0); + $submit = $request->is_set_post('submit'); $this->tpl_name = 'acp_bbcodes'; $this->page_title = 'ACP_BBCODES'; @@ -40,6 +41,11 @@ class acp_bbcodes add_form_key($form_key); + if ($submit && !check_form_key($form_key)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + // Set up mode-specific vars switch ($action) { diff --git a/phpBB/includes/acp/acp_extensions.php b/phpBB/includes/acp/acp_extensions.php index 31fbbde2a7..e3eb0058bf 100644 --- a/phpBB/includes/acp/acp_extensions.php +++ b/phpBB/includes/acp/acp_extensions.php @@ -122,8 +122,6 @@ class acp_extensions 'U_ACTION' => $this->u_action, )); - add_form_key('version_check_settings'); - $this->tpl_name = 'acp_ext_list'; break; diff --git a/phpBB/phpbb/db/migration/data/v31x/v317pl1.php b/phpBB/phpbb/db/migration/data/v31x/v317pl1.php new file mode 100644 index 0000000000..2e1b0e9b9d --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v31x/v317pl1.php @@ -0,0 +1,31 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v31x; + +class v317pl1 extends \phpbb\db\migration\migration +{ + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v31x\v317', + ); + } + + public function update_data() + { + return array( + array('config.update', array('version', '3.1.7-pl1')), + ); + } +} |