phpBB 3.0.7-PL1

Posted by Phil Smith on 6 March, 2010

No comments yet

This item was filled under [ Releases, Zend/PHP ]

phpBB 3.0.7-PL1 has been released to address a security issue which was introduced in 3.0.7, unfortunately

the issue wasn’t noticed during testing and has only surfaced a week after the release of 3.0.7.

Working feeds were promised for phpBB 3.0.7, however a critical bug in the permission handling for feeds slipped past. To all people who already have updated to 3.0.7, it is of critical importance to update to 3.0.7-PL1. Otherwise, it is possible for users to bypass permission settings under the following circumstances:

- Feeds are enabled

- Any of the posts or topics feeds are enabled

- The unauthorised user – or one of the groups they are a member of – has forum permissions set on a private forum

- If you have excluded a forum from the list of forums that provide feeds, it is unaffected

The fix for the issue is a single line change inside of feed.php, line 525 has changed from:

$forum_ids = array_keys($auth->acl_getf('f_read'));

to:

$forum_ids = array_keys($auth->acl_getf('f_read', true));

There were no other changes, in particular neither style nor language changes.

Tagged with: [ phpBB ]

You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

« Apache HTTP Server (httpd) 2.2.15

MySQL Connector/Net 6.3.1 »

Blog Subscription

Subscribe via RSS Feed stay updated with blog articles

Recent Posts

Tags

.uk Advisory Apache Apache 2.2 Apache 2.3 CCleaner ClamAV Cloud Testing DNS Error logs Firebug Firefox Firefox 3.5 Firefox 3.6 Firefox 4.0 IE9 MySQL MySQL 5.1 MySQL 5.5 MySql 5.6 MySQL Community Server MySQL Connector MySql Connector/Net MySQL Connector/ODBC MySQL Workbench Net-SNMP Nominet OpenSSH OpenSSL OpenSSL 0.9.8 OpenSSL 1.0 PHP Release Releases Security Sendmail Thunderbird VirtualBox Webserver logs Wireshark Wireshark 1.2 Wireshark 1.4 Wordpress Zend Zend Framework
Archives
March 2010

M T W T F S S

« Feb Apr »

1 2 3 4 5 6 7

8 9 10 11 12 13 14

15 16 17 18 19 20 21

22 23 24 25 26 27 28

29 30 31
Categories
- Apache (16)
- DNS (5)
- Firefox (6)
- Misc (2)
- MySQL (60)
- OpenSSL (14)
- Releases (137)
- Tools (16)
- Wireshark (9)
- Zend/PHP (14)
Links

UserReplay - Real Customer Insight
Cloud Testing
Website Archiving Service
Website History Service
The Browser Guru
UK Forces Discounts
Nursery Fresh Postal Flowers
Nursery Fresh Wholesale Flowers
Website-Archiving Blog
- What is eDiscovery? August 15, 2011
  eDiscovery (also known as e-discovery or electronic discovery) is a process where electronic data is sought, located, secured, and searched to be used as evidence in a civil or criminal legal case. All types of data and computer files can be used – text, images, databases, spreadsheets, audio files, video files and websites. To secure […]
- PHP / Web Developer July 28, 2011
  Role: PHP Developer Salary: To £30K depending on experience Based: Guildford, Surrey We are looking for an experienced PHP developer to join our expanding team in Guildford developing a new User eXperience (UX) product. Key skills include PHP 5, MySQL, CSS, JavaScript, jQuery Experience of web analytics and / or website performance monitoring would be […]
- C / Linux Developer July 28, 2011
  Role: C / Linux Developer Salary: To £30K depending on experience Based: Guildford, Surrey We are looking for an experienced C / Linux developer to join our expanding team in Guildford developing a new User eXperience (UX) product. Key skills include C, MySQL, Linux, TCP/IP, Networking Experience of web analytics and / or website performance […]
- We’re now hiring…. July 11, 2011
  As part of our continued expansion, we’re hiring – see our new careers for all our latest vacancies. http://www.cloudtesting.com/careers.php […]
- Regulatory Compliance and eDiscovery July 1, 2011
  We provide our customers with a fast set-up and easy to use solution for the need to comply with Information Governance regulations around web-content. FINRA (US) – Financial Industry Regulatory Authority – www.finra-compliance.com SEC (US) – Securities and Exchange Commission – www.sec-compliance.net NASD (US) – National Association Of Securities Dealers – […]
- Website eDiscovery June 28, 2011
  We’ve launched a new site dedicated to website eDiscovery and archiving for compliance: http://www.website-ediscovery.com/ […]
- Updated eDiscovery website June 28, 2011
  We’re pleased to announce the release of our updated website at: http://www.website-archive.com/ It includes updated details on our Website Archiving and eDiscovery services. […]
- Archive your website in Firefox 4.0 or Internet Explorer 9 May 27, 2011
  We are pleased to announce that you can now capture daily or weekly screenshots of your website in Firefox 4.0 and Internet Explorer 9. This is in addition to the existing full range of browser versions we already support: Firefox (3.0, 3.5, 3.6) Internet Explorer (6, 7, Safari 3.2, 4.0, 5.0) Opera Google Chrome. […]
- Need FSA (Financial Services Authority) compliance? April 15, 2011
  Need FSA (Financial Services Authority) compliance? http://www.fsa-compliance.com/ […]
- Need Freedom of Information Act website compliance? April 14, 2011
  Need Freedom of Information Act website compliance? http://www.foi-compliance.com/ […]
The Browser Guru
- Website Archiving in Japan January 27, 2011
  Following a successful year running its Functional and Cross Browser Website Testing services in Japan, Cloud Testing (www.cloudtesting.com) has announced it is now launching its Website Archiving service in Japan. More details will be available at the specific website: http://www.website-archive.jp/ […]
- FSA Website Archiving Regulation January 27, 2011
  The UK’s Financial Services Authority (FSA) lists its regulations and guidance regarding website archiving in its ‘Conducting Of Business Sourcebook’ (COBS). COBS 4 covers ‘Communicating with clients, including financial promotions’ and COBS 5 covers ‘Distance communications’, both of which have state the information that need to be stored. More information […]
- Useful links for Cloud Testing and Archiving August 21, 2010
  Links: www.cloudtesting.com www.cloud-testing.com www.cloudtesting.co.uk www.cloudtesting.us www.cloudtesting.eu www.cloudloadtesting.com www.cloudloadtesting.co.uk www.cloudloadtest.com www.cloudloadtest.co.uk www.cloudwebtest.com www.themonitoringcloud.com www.themonitoringcloud.co.uk www.monitoringcloud.com www.loadtestingcloud.com www.cloudtesting.jp www […]
- 97% of Chrome users running the latest version August 7, 2010
  According to “Why Silent Updates Boost Security” (download PDF), 97% of Chrome users were running the latest version of the browser within 21 days of the last update’s release. By comparison, 85% of Firefox users were up-to-date in the same span, while only 53% Safari users could say the same. […]
- Firefox 3.6.8 released July 23, 2010
  Security Advisories Fixed in Firefox 3.6.8: MFSA 2010-48 Dangling pointer crash regression from plugin parameter array fix From http://www.mozilla.org/security/known-vulnerabilities/firefox36.html […]
- FINRA Compliance July 11, 2010
  FINRA (Financial Industry Regulatory Authority) was created in July 2007 with the consolidation of the regulation enforcement and arbitration functions of the New York Stock Exchange with the National Association Of Securities Dealers (NASD). FINRA in conjunction with the Securities and Exchange Commission (SEC) are regulatory agencies for the financial serv […]
- Firefox 3.6.6 June 27, 2010
  Firefox 3.6.6 modifies the crash protection feature to increase the amount of time that plugins are allowed to be non-responsive before being terminated. […]
- Firefox gets crash protection with release of version 3.6.4 June 23, 2010
  Firefox 3.6.4 has been released with crash protection for Adobe’s Flash Player, Apple ‘s QuickTime and Microsoft ‘s Silverlight plug-ins, and is available only in Firefox for Windows and Linux . Mozilla is still working on the “out of process plug-ins,” or OOPP feature, for the Mac version. The version also patches nine vulnerabilities, six […]
- Firefox 3.5.10 June 23, 2010
  Firefox 3.5.10 has been released – it patches nine vulnerabilities, six of them critical. […]
- Safari 5.0 June 10, 2010
  This update contains new features including: Safari Reader: Click on the new Reader icon to view articles on the web in a single, clutter-free page. Improved Performance: Safari 5 executes JavaScript up to 25% faster than Safari 4. Better page caching and DNS prefetching speed up browsing. Bing Search Option: New Bing search option for […]

March 2010
M	T	W	T	F	S	S
« Feb		Apr »
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31

Marketgrid on Twitter
- Marketgrid: RT @UserReplay: Waitrose online sales up 49% over Xmas. #UserReplay January 9, 2012
- Marketgrid: MySQL Connector/Net 6.5.0 beta http://t.co/TB4lNSl6 January 9, 2012
- Marketgrid: MySQL Workbench 5.2.37 http://t.co/lthxUfdw January 9, 2012
- Marketgrid: OpenSSL version 1.0.1 Beta 1 http://t.co/vnmFCAys January 9, 2012
- Marketgrid: RT @UserReplay: Boxing Day 2011 biggest ever day for online retail http://t.co/NIwAdR3P #UserReplay January 9, 2012
- Marketgrid: RT @UserReplay: Internet Retailing Expo 2012 - UserReplay Stand F11 #UserReplay http://t.co/O7aVMukD January 9, 2012
- Marketgrid: RT @CloudTesting: New Vacancy – Linux / Networking / Installation Engineer - http://t.co/XbENom2R December 22, 2011
- Marketgrid: RT @I_KMP: We're hiring - Linux / Networking / Installation Engineer. Based in Guildford, Surrey with UK and European travel #UserReplay December 22, 2011
- Marketgrid: RT @I_KMP: Linux / Networking / Installation Engineer http://t.co/Qli6ETvh December 22, 2011
- Marketgrid: RT @UserReplay: Website customer experience: http://t.co/S1u0alQy #UserReplay December 22, 2011
Cloud Testing Blog
- Business Development Manager – Up to £80K OTE (open ended) August 23, 2011
  Role: Business Development Manager Salary: £35K-£40K Base. Up to £80K OTE (open ended) Based: Guildford i-KMP is a young and fast growing company. We offer technology solutions that focus on Website Audit, Performance and User Experience. We are on the look out for a number of New Business supremos to join our sales team selling […]
- C / Linux Developer July 28, 2011
  Role: C / Linux Developer Salary: To £30K depending on experience Based: Guildford, Surrey We are looking for an experienced C / Linux developer to join our expanding team in Guildford developing a new User eXperience (UX) product. Key skills include C, MySQL, Linux, TCP/IP, Networking Experience of web analytics and / or website performance […]
- PHP / Web Developer July 28, 2011
  Role: PHP Developer Salary: To £30K depending on experience Based: Guildford, Surrey We are looking for an experienced PHP developer to join our expanding team in Guildford developing a new User eXperience (UX) product. Key skills include PHP 5, MySQL, CSS, JavaScript, jQuery Experience of web analytics and / or website performance monitoring would be […]
- We’re hiring… July 11, 2011
  As part of our continued expansion, we’re hiring – see our new careers for all our latest vacancies. http://www.cloudtesting.com/careers.php […]
- Support for Firefox 5.0 July 9, 2011
  We’re currently working on an update for our service to support Firefox 5.0 – watch this space. […]
- Archive your website in Firefox 4.0 and Internet Explorer 9 May 27, 2011
  We are pleased to announce that you can now capture daily or weekly screenshots of your website in Firefox 4.0 and Internet Explorer 9. This is in addition to the existing full range of browser versions we already support: Firefox (3.0, 3.5, 3.6) Internet Explorer (6, 7, Safari 3.2, 4.0, 5.0) Opera Google Chrome. […]
- Firefox 4.0 and Internet Explorer 9 added to Cloud Testing May 27, 2011
  We are pleased to announce that you can now functionally and cross browser test your website in Firefox 4.0 and Internet Explorer 9. This is in addition to the existing full range of browser versions we already support: Firefox ( 3.0, 3.5, 3.6 ) Internet Explorer ( 6, 7, 8 ) Safari ( 3.2, […]
- New Websites March 31, 2011
  We’ve just launched our new corporate and product websites Corporate Site http://www.cloudtesting.com/ Functional and Cross Browser Testing Service http://www.cloudtesting.com/functional-testing/ Website Archiving Service http://www.website-archive.com/website-archiving/ […]
- CMS Version Control – White Paper March 4, 2011
  We’re pleased to announce the release the second in our series of White Papers, which covers CMS (Content Management System) Version Control. “Regulatory bodies from Government to Advertising Standards and Industry watchdogs have been increasingly focusing their attention on the digital communications displayed across corporate websites…” It can be downloade […]
- UK Websites must now be legal, decent, honest and truthful! February 8, 2011
  The ASA (Advertising Standards Authority) is the UK’s independent watchdog which maintains standards in advertising for the benefit of consumers, advertisers and society at large. The Committee of Advertising Practice (CAP) regulates non-broadcast advertising. It was set up in 1961 to regulate all print advertising and prevent the need for government legisla […]

Marketgrid Consulting Blog

Recent Posts

OpenSSL version 1.0.1 Beta 1

MySQL Workbench 5.2.37

MySQL Connector/Net 6.5.0 beta

MySQL Connector/Net 6.3.8 GA

Browse by Tags

phpBB 3.0.7-PL1

Blog Subscription

Recent Posts

Archives

Categories

Links

Website-Archiving Blog

The Browser Guru

Marketgrid on Twitter

Cloud Testing Blog