Announcement

Collapse
No announcement yet.

vBulletin 3.0.8 Released

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • vBulletin 3.0.8 Released

    vBulletin 3.0.8

    While most development time is currently focussed on preparing vBulletin 3.5 for stable release, various problems and bugs have been reported in the vBulletin 3.0 series.

    The release of vBulletin 3.0.8 includes fixes for various issues and some minor security problems in earlier versions. We would therefore recommend that all customers currently running a version of vBulletin 3.0.x upgrade to this version.

    Customers already running one of the pre-release versions of vBulletin 3.5 do not need to take any action related to vBulletin 3.0.8 - the fixes in this version are already included in the 3.5 code.

    Changes for MySQL 4.1 Support

    As many people have discovered, MySQL 4.1 disagrees with the method used by vBulletin 3.0.x to store attachments, avatars, profile pictures and any other binary data stored in the database, resulting in what appears to be corrupt data.

    The 3.0.8 upgrade script runs several queries to resolve this problem, meaning that attachments and avatars etc. will function properly with MySQL 4.1.

    Once again, these changes are already included in vBulletin 3.5.

    The queries we run are as follows:
    1. ALTER TABLE attachment CHANGE filedata filedata MEDIUMBLOB NOT NULL, CHANGE thumbnail thumbnail MEDIUMBLOB NOT NULL;
    2. ALTER TABLE customavatar CHANGE avatardata avatardata MEDIUMBLOB NOT NULL;
    3. ALTER TABLE customprofilepic CHANGE profilepicdata profilepicdata MEDIUMBLOB NOT NULL;
    XSS Flaws in faq.php, private.php, and several templates

    Minor cross-site-scripting flaws exist in faq.php and private.php in previous versions of vBulletin 3.0.x; fixed versions of these files have been attached to this post. Simply overwrite these files in your main vBulletin directory with those in the zip file.

    A similar issue has been found in several templates; the changes necessary to fix this are detailed at the beginning of the third post of this thread.

    vBulletin 3.0.8 corrects these problems.

    Backing Up Your Forums

    Please be sure to check that your backups are complete before continuing with an upgrade. We had reports that PHP was causing time out errors when creating the back up SQL, and this was causing for incomplete or corrupted backups. The safest way to do a backup is to use the mysqldump utility through SSH/Telnet, as it will not suffer from any such problems. Full instructions for backing up your database are available in the vBulletin 3 Manual.


    Installing or Upgrading vBulletin

    Please see the appropriate manual sections: Installing vBulletin and Upgrading vBulletin.
    Attached Files

  • #2
    Files Changed Since 3.0.7
    • attachment.php
    • calendar.php
    • editpost.php
    • external.php
    • faq.php
    • forumdisplay.php
    • global.php
    • index.php
    • newreply.php
    • poll.php
    • postings.php
    • printthread.php
    • private.php
    • profile.php
    • register.php
    • search.php
    • showthread.php
    • subscription.php
    • threadrate.php
    • usercp.php
    • usernote.php
    • admincp/accessmask.php
    • admincp/admincalendar.php
    • admincp/adminlog.php
    • admincp/adminreputation.php
    • admincp/backup.php
    • admincp/forumpermission.php
    • admincp/global.php
    • admincp/index.php
    • admincp/misc.php
    • admincp/moderator.php
    • admincp/options.php
    • admincp/profilefield.php
    • admincp/subscriptions.php
    • admincp/template.php
    • admincp/thread.php
    • admincp/user.php
    • admincp/usertools.php
    • archive/global.php
    • clientscript/vbulletin_global.js
    • clientscript/vbulletin_stdedit.js
    • includes/adminfunctions.php
    • includes/adminfunctions_template.php
    • includes/functions.php
    • includes/functions_bbcodeparse.php
    • includes/functions_calendar.php
    • includes/functions_cron.php
    • includes/functions_databuild.php
    • includes/functions_digest.php
    • includes/functions_file.php
    • includes/functions_forumdisplay.php
    • includes/functions_forumlist.php
    • includes/functions_newpost.php
    • includes/functions_online.php
    • includes/functions_search.php
    • includes/functions_showthread.php
    • includes/functions_subscriptions.php
    • includes/functions_upload.php
    • includes/functions_user.php
    • includes/sessions.php
    • modcp/banning.php
    • modcp/index.php
    • modcp/moderate.php
    • modcp/thread.php
    • modcp/user.php
    • subscriptions/authorize.php
    • subscriptions/nochex.php
    • subscriptions/paypal.php
    • subscriptions/worldpay.php

    Comment


    • #3
      Template Changes Since 3.0.7

      All Templates Containing <title>

      In order to work around an XSS bug in Internet Explorer, wherever a page contains <title> tags, the <title> has been moved below the $headinclude section.

      For example:
      HTML Code:
      <head>
      	<title>$vboptions[bbtitle]</title>
      	$headinclude
      </head>
      becomes
      HTML Code:
      <head>
      	$headinclude
      	<title>$vboptions[bbtitle]</title>
      </head>
      Requires revert? Technically yes, but I suggest you just make the changes manually to any affected templates.


      postbit_ignore_global

      Remove the link to remove this user from your ignore list.

      Requires revert? No.



      STANDARD_ERROR_LITE
      username_loggedout

      Added </td> for this bug report and this bug report.

      Requires revert? No



      modifyusergroups

      Added <form> tags around the join group table and the leave group table, along with hidden fields for $session[sessionhash] and $_POST[do].

      Also added submit buttons.

      Requires revert? Yes

      modifyusergroups_memberbit

      Replaced
      HTML Code:
      <a href="profile.php?$session[sessionurl]do=leavegroup&usergroupid=$usergroup[usergroupid]">$vbphrase[leave_group]</a>
      with
      HTML Code:
      <label for="rb_leave_$usergroup[usergroupid]"><input type="radio" name="usergroupid" id="rb_leave_$usergroup[usergroupid]" value="$usergroup[usergroupid]" />$vbphrase[leave_group]</label>
      modifyusergroups_nonmemberbit

      Replaced
      HTML Code:
      <a href="profile.php?$session[sessionurl]do=joingroup&usergroupid=$usergroup[usergroupid]">$vbphrase[join_group]</a>
      with
      HTML Code:
      <a href="profile.php?$session[sessionurl]do=joingroup&usergroupid=$usergroup[usergroupid]">$vbphrase[join_group]</a>
      Requires revert? Yes

      Comment


      • #4
        You can discuss this release here.

        Comment


        • #5
          This is just a bump

          Comment


          • #6
            At the time of this posting, the 3.0.8 package was updated to include a fix for this bug. The only file updated was includes/functions.php.

            If you have already upgraded to 3.0.8 and not run into the issue discussed in that thread, you will probably not need to obtain the new version of functions.php (most customers should not be affected by the issue). If you are affected by the issue, simply redownload 3.0.8 from the members' area and overwrite your version of functions.php with the version just downloaded.

            Comment

            widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
            Working...
            X