DescentBB

[Lothar is right - edited this out within minutes - I panicked, and forgot about the PM function]

Maybe you should send this in a PM to Xciter, Sickone, and Topher rather than posting it in the open.

If its a big one, fix it, but otherwise theres not much point, this isnt even the latest version of phpbb so it lacks a number of security fixes that exist in 2.0.8a. Its too much of a pain to upgrade a BB with hacks installed anyway, you have to manually apply the updates one file at a time, or reinstall all the hacks everytime you upgrade.

Isn't that why we don't have hacks installed?

We do have hacks installed, however. The spoiler tag is one, and I'm sure a few others are around.

[spoiler]This is a phpBB hack[/spoiler]

Um... just so you know this security exploit -- which is present in 2.0.8 -- is not related to hacks in any way. It's a basic feature of phpBB and in order to be exploitable a generic PHP setting must be set a certain way.

Don't assume automatically that it has to do with the customizations in use on this BB. Technically, this entire layout is a "hack".

The hacks we're referring to are things that changed the default phpBB files. This template is a separate entity, though it may have been derived from subSilver. phpBB updates don't affect templates at all, but they do affect hacks installed.

It doesn't matter. "Hacks" like the spoiler tag are completely secure. This vulnerability exists in core phpBB files.

Heh, and where exactly do you think a hack is implimented?

The exploit is more a problem with incorrect PHP settings then the BB software.

I know damn well how the "hacks" are implemented. Core phpBB files = files as they come with phpBB.

The particular file affected by this exploit isn't modified by any of the customizations on this board, to the best of my knowledge. And the only reason that the code is susceptible to the vulnerability is because of an error on the part of the programmer who wrote the particular file. I'm assuming you know the details of the exploit, Krom.

Lothar wrote:Isn't that why we don't have hacks installed?

You realize that the only hacks that are installed are simple text edits....right? All thats required is to copy and paste the added lines (which are separated from everything else by comments) into notepad and re-add them after the upgrade. Its as simple as that.