No announcement yet.

vBulletin 2.2.8 Released

  • Filter
  • Time
  • Show
Clear All
new posts

  • vBulletin 2.2.8 Released

    vBulletin 2.2.8

    vBulletin 2.2.8 includes several bug-fixes, and also a few small security fixes for (hard to exploit) XSS and SQL injection issues. We recommend you upgrade as soon as possible.

    This code is now stable.

    Backing up forums

    Please be sure to check your backups, that they are complete before continuing with an upgrade. We had reports that PHP was causing time out errors when creating the back up SQL, and this was causing for incomplete or corrupted backups. The safest way to do a backup is to use the mysqldump utility through telnet, as it will not suffer from any such problems.

    Installation / Upgrade Instructions

    These are available in the Members Area.

    Templates changed: (from 2.2.7)
    • error_emailflood - new template for people flooding email
    • privmsg - message title not showing and deleting a message doesnt take you back to the correct folder

    Bug Fixes
    • Main Directory:
    • forumdisplay.php; marking forum read doesnt mark the threads read
    • forumdisplay.php; forumdisplay_newthreadlink included twice in $templatesused
    • global.php; users running php as a cgi weren't able to login if guests couldn't view the board.
    • index.php; a check to insert a birthday template if the row was deleted
    • member.php; possible XSS issue
    • member.php; stop email flooding
    • memberlist.php; prevent users from specifiying a high perpage value
    • memberlist.php allow searching for users with <>& in their username
    • newreply.php; allow quoting of a username with html characters within it
    • newreply.php; remove a foreach as its php4 specific
    • newthread.php; remove a foreach as its php4 specific
    • postings.php; guest usernames weren't displayed when splitting a thread or deleting posts
    • private.php; possible security issue
    • private2.php; possible security issue
    • register.php; stop email flooding
    • showthread.php; first unread post going to the first since you last posted and not since you last read
    • Admin Directory:
    • adminfunctions.php; if user enters a dollar symbol in any settings it will prevent the board from working
    • forum.php; setting a private forum still leaves attachment downloads set to yes
    • functions.php; Allow ! in image urls
    • functions.php; Prevent emails from being sent to users who can't view the board or are awating confirmation
    • sessions.php; changed tabulation
    • template.php; searching now includes custom templates
    • user.php; some references to do instead of action
    • Mod Directory:
    • global.php; possible security issue
    • thread.php; now updates forum post counts and removed references to misc.php
    • user.php; possible security issue

    Files changed: (from 2.2.7)
    • Main Directory: forumdisplay.php, global.php, index.php, member.php, memberlist.php, newreply.php, newthread.php, postings.php, private.php, private2.php, register.php, showthread.php
    • Admin Directory: admin/adminfunctions.php, admin/forum.php, admin/functions.php, admin/global.php, admin/sessions .php, admin/template.php, admin/user.php
    • Mod Directory: mod/global.php, mod/thread.php, mod/user.php
    • And the usuals (all for just the version number): admin/global.php, admin/install.php, admin/upgrade1.php, admin/upgrade21.php

    DB Schema Changes
    • Indexes changed on adminutil table

    In conclusion...
    Go and upgrade! This release includes important fixes for everyone, and we would recommend that you upgrade as soon as possible. vBulletin 3 is on its way, so keep your eyes peeled on this forum. However, you will only be able to upgrade to vB 3.0 from the latest version of vB 2.2.x so we would recommend that you upgrade to this version for the time being.
    Last edited by John; Fri 27 Sep '02, 4:19am.
    John Percival

    Artificial intelligence usually beats real stupidity ;)

  • #2
    Changes since the RC release:
    • Main Directory:
    • newreply.php; stop users replying to moved thread redirects
    • showthread.php; stop users replying to moved thread redirects
    • memberslist.php; sort bug with advanced search lower post limit
    • Admin Directory:
    • adminfunctions.php; better handling of characters which will corrupt the settings
    • functions.php; move security fix from global.php to here
    • global.php; remove security fix
    • user.php; checks on post limits when doing a search
    • Mod Directory:
    • global.php; remove security fix
    John Percival

    Artificial intelligence usually beats real stupidity ;)


    widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.