VIP
19-01-2005, 10:07 AM
السلام عليكم ورحمة الله ..
تم الان ... صدور النسخه الجديده من الشركه ( www.vbulletin.com/forum )
النسخه الجديدة : vBulletin Version 3.0.6
وقد حلت مشاكل كثيره وجدت في النسخه التي قبلها ..
ونزلت ايضاً نسخه جديده للجيل الثاني vBulletin Version 2.3.6
سوف يتم الاعلان عنها في قسم الجيل الثاني ...
vBulletin 3.0.6 and 2.3.6 are security and bug fix releases. They fix a recently discovered XSS issue regarding BB code parsing.
All versions of vBulletin are vulnerable. The only workaround is to disable BB code parsing in signatures and all forums where untrusted users can post.
We strongly urge all customers to upgrade or patch their installations ASAP. At the end of this post, you will find a patch for the security issue for includes/functions_bbcodeparse.php (vBulletin 3) and admin/functions.php (vBulletin 2); overwrite the version on your server with the file in the appropriate zip.
I would again like to reiterate that security is of our utmost concern. Recently, there have been several reports of security issues in vBulletin that have prompted the recent releases. We realize that these releases can be a burden on you. For that, we are sorry, but once we have become aware of a security issue, it is our duty to provide a fix to that issue. We are also performing internal security audits and looking into changes to our core systems to prevent issues such as these from occuring in the future.
Performance Hit Since PHP 4.3.10 / 5.0.3
Many people have noticed that vBulletin (any a lot of other PHP applications) suddenly started to run significantly slowed than normal after installing PHP 4.3.10 or 5.0.3 in order to patch the security flaw in previous versions of PHP.
This cause of this slow-down has been identified as a problem with the unserialize() function in PHP. For more details, see bugs.php.net.
Template Changes
التمبلت المتغيره
From 3.0.5 to 3.0.6
1
editor_toolbar_standard
editor_toolbar_wysiwyg
Added the "Increase Size / Decrease Size" controls that are in use on vbulletin.com
Requires Revert: Yes if you want this functionality
pollresults_table
Added a conditional that displays "Multiple Choice Poll" for such polls.
Requires Revert: Yes if you want this functionality.
im_send_msn
Added javascript error suppression to hide the error that occurs if you try to use MSN when you are not logged in.
Requires revert? No
headinclude
Change:
var SESSIONURL = "$session[sessionurl]";
to
var SESSIONURL = "$session[sessionurl_js]";
Requires Revert? Yes to have the proper session hash for javascript links.
Files Changed
From 3.0.5 to 3.0.6
/
attachment.php
calendar.php
cron.php
forumdisplay.php
global.php
image.php
login.php
memberlist.php
poll.php
private.php
profile.php
search.php
showthread.php
subscription.php
usercp.php
/admincp/
attachment.php
cronadmin.php
forum.php
forumpermission.php
image.php
index.php
phrase.php
subscriptions.php
template.php
thread.php
user.php
usertools.php
/archive/
index.php
/clientscript/
vbulletin_editor.js
vbulletin_stdedit.js
vbulletin_templatemgr.js
/includes/
adminfunctions_backup.php
adminfunctions_language.php
adminfunctions_template.php
adminfunctions_user.php
functions.php
functions_bbcodeparse.php
functions_cron.php
functions_editor.php
functions_newpost.php
functions_subscriptions.php
functions_wysiwyg.php
functions_xml.php
init.php
modfunctions.php
sessions.php
/modcp/
index.php
Bugs Fixed
المشاكل التي تم اصلاحها
From 3.0.5 to 3.0.6
3586 - Firefox Standard Editor - Increase and Decrease window size does not work
3618 - Wrong "Format For Date" Examples
3612 - "Forum Home Page" Link (Purely Cosmetic)
3478 - SQL Backup produces invalid files
3346 - Mozilla WYSIWYG Editor Adds Extra Spaces
3605 - Typo in private.php
3608 - "Display Age" cannot be translated
3609 - “Birthday Date Format Override” lost when exporting/importing language
3615 - Search by last visit in admincp returns incorrect data
3639 - Multiple choice poll percentages calculated incorrectly
3644 - PM_MESSAGELISTBIT_USER uncached
3647 - Datastore not rebuilt after delete custom phrase
3648 - Scheduled task names double escaped
3630 - Missing phrase activating_registration
3652 - language_files_text phrase missing content
3624 - SQL error when searching FAQ (MySQL 4.1.x)
3654 - Double slashes in URL path break login redirection
3653 - Searching for exact User causes mySQL-Error
3623 - Invalid XHTML (& not & )
3663 - Add smilies help misdocumented
3620 - POST referrer check broken
3665 - Redirect forums browsable in archive
3667 - Grammar error on user moderation page
3662 - Logging on forum list in archive fails
3660 - Orphaned polls cause JS error on "Who Voted"
3618 - Date format example incorrectly
3612 - Forum home page link in mod CP missing </a>
3640 - Paid Subscription DB error
3366 - Invalid characters not stripped on XML export
3482 - strip_bbcode()/strip_quotes() slow in specific case
3666 - password history only works on the 2nd try
3650 - Uncached templates in forumdisplay.php
3643 - strip_bbcode should remove URL's when checking signature length
3568 - Old versions of Camino show WYSIWYG
3642 - Start Date has no effect in Paid Subscriptions
3421 - Merging users ignores paid subscriptions
3527 - # not added to hex colors in signature
3459 - Alignment tags display in PHP tags
3669 - Holiday system cannot handle Leap Day
3617 - Moderated Posts showing up in admin panel home
Possible XSS issue in private.php (fixed previously)
Possible XSS with BB code parsing and invalid nesting
للإطلاع والفائدة :
http://www.vbulletin.com/forum/showthread.php?p=800224
http://www.ebda3yat.com/vb/showthre...p=1207#post1207
تم الان ... صدور النسخه الجديده من الشركه ( www.vbulletin.com/forum )
النسخه الجديدة : vBulletin Version 3.0.6
وقد حلت مشاكل كثيره وجدت في النسخه التي قبلها ..
ونزلت ايضاً نسخه جديده للجيل الثاني vBulletin Version 2.3.6
سوف يتم الاعلان عنها في قسم الجيل الثاني ...
vBulletin 3.0.6 and 2.3.6 are security and bug fix releases. They fix a recently discovered XSS issue regarding BB code parsing.
All versions of vBulletin are vulnerable. The only workaround is to disable BB code parsing in signatures and all forums where untrusted users can post.
We strongly urge all customers to upgrade or patch their installations ASAP. At the end of this post, you will find a patch for the security issue for includes/functions_bbcodeparse.php (vBulletin 3) and admin/functions.php (vBulletin 2); overwrite the version on your server with the file in the appropriate zip.
I would again like to reiterate that security is of our utmost concern. Recently, there have been several reports of security issues in vBulletin that have prompted the recent releases. We realize that these releases can be a burden on you. For that, we are sorry, but once we have become aware of a security issue, it is our duty to provide a fix to that issue. We are also performing internal security audits and looking into changes to our core systems to prevent issues such as these from occuring in the future.
Performance Hit Since PHP 4.3.10 / 5.0.3
Many people have noticed that vBulletin (any a lot of other PHP applications) suddenly started to run significantly slowed than normal after installing PHP 4.3.10 or 5.0.3 in order to patch the security flaw in previous versions of PHP.
This cause of this slow-down has been identified as a problem with the unserialize() function in PHP. For more details, see bugs.php.net.
Template Changes
التمبلت المتغيره
From 3.0.5 to 3.0.6
1
editor_toolbar_standard
editor_toolbar_wysiwyg
Added the "Increase Size / Decrease Size" controls that are in use on vbulletin.com
Requires Revert: Yes if you want this functionality
pollresults_table
Added a conditional that displays "Multiple Choice Poll" for such polls.
Requires Revert: Yes if you want this functionality.
im_send_msn
Added javascript error suppression to hide the error that occurs if you try to use MSN when you are not logged in.
Requires revert? No
headinclude
Change:
var SESSIONURL = "$session[sessionurl]";
to
var SESSIONURL = "$session[sessionurl_js]";
Requires Revert? Yes to have the proper session hash for javascript links.
Files Changed
From 3.0.5 to 3.0.6
/
attachment.php
calendar.php
cron.php
forumdisplay.php
global.php
image.php
login.php
memberlist.php
poll.php
private.php
profile.php
search.php
showthread.php
subscription.php
usercp.php
/admincp/
attachment.php
cronadmin.php
forum.php
forumpermission.php
image.php
index.php
phrase.php
subscriptions.php
template.php
thread.php
user.php
usertools.php
/archive/
index.php
/clientscript/
vbulletin_editor.js
vbulletin_stdedit.js
vbulletin_templatemgr.js
/includes/
adminfunctions_backup.php
adminfunctions_language.php
adminfunctions_template.php
adminfunctions_user.php
functions.php
functions_bbcodeparse.php
functions_cron.php
functions_editor.php
functions_newpost.php
functions_subscriptions.php
functions_wysiwyg.php
functions_xml.php
init.php
modfunctions.php
sessions.php
/modcp/
index.php
Bugs Fixed
المشاكل التي تم اصلاحها
From 3.0.5 to 3.0.6
3586 - Firefox Standard Editor - Increase and Decrease window size does not work
3618 - Wrong "Format For Date" Examples
3612 - "Forum Home Page" Link (Purely Cosmetic)
3478 - SQL Backup produces invalid files
3346 - Mozilla WYSIWYG Editor Adds Extra Spaces
3605 - Typo in private.php
3608 - "Display Age" cannot be translated
3609 - “Birthday Date Format Override” lost when exporting/importing language
3615 - Search by last visit in admincp returns incorrect data
3639 - Multiple choice poll percentages calculated incorrectly
3644 - PM_MESSAGELISTBIT_USER uncached
3647 - Datastore not rebuilt after delete custom phrase
3648 - Scheduled task names double escaped
3630 - Missing phrase activating_registration
3652 - language_files_text phrase missing content
3624 - SQL error when searching FAQ (MySQL 4.1.x)
3654 - Double slashes in URL path break login redirection
3653 - Searching for exact User causes mySQL-Error
3623 - Invalid XHTML (& not & )
3663 - Add smilies help misdocumented
3620 - POST referrer check broken
3665 - Redirect forums browsable in archive
3667 - Grammar error on user moderation page
3662 - Logging on forum list in archive fails
3660 - Orphaned polls cause JS error on "Who Voted"
3618 - Date format example incorrectly
3612 - Forum home page link in mod CP missing </a>
3640 - Paid Subscription DB error
3366 - Invalid characters not stripped on XML export
3482 - strip_bbcode()/strip_quotes() slow in specific case
3666 - password history only works on the 2nd try
3650 - Uncached templates in forumdisplay.php
3643 - strip_bbcode should remove URL's when checking signature length
3568 - Old versions of Camino show WYSIWYG
3642 - Start Date has no effect in Paid Subscriptions
3421 - Merging users ignores paid subscriptions
3527 - # not added to hex colors in signature
3459 - Alignment tags display in PHP tags
3669 - Holiday system cannot handle Leap Day
3617 - Moderated Posts showing up in admin panel home
Possible XSS issue in private.php (fixed previously)
Possible XSS with BB code parsing and invalid nesting
للإطلاع والفائدة :
http://www.vbulletin.com/forum/showthread.php?p=800224
http://www.ebda3yat.com/vb/showthre...p=1207#post1207