Changelog:SMF 1.1.9
================================================================================
May 2009
--------------------------------------------------------------------------------
! un_preparsecode didn't put spaces back as they were (Subs-Post.php) [Bug 3109, 2202]
! Activate message may result error due to missing/extra math (Profile.php) [Bug 1430]
! Improve attachment sanitation for avatars. (Profile.php, Subs-Members.php)
! Improve attachment handling (Many files)
! Added more protection against IE's image XSS vulnerability - reported by Jacques Copeau (Display.php)
! Add a theme check to prevent usaage of invalid themes (Load.php)
! Remove uneeded html from package servers, only allowing BBC. (PackageGet.php)
! Token confirmation was flawed. (Security.php)
! Don't allow flash attachments to be shown as images - reported by Alejandro Rusell. (Display.php)
! Strings passed to install.php weren't properly sanitized - reported by Alejandro Rusell. (install.php)
April 2009
--------------------------------------------------------------------------------
! .xml action should respect guest setting (index.php)
! Copyright year should be 2009 (various) [Bug 3355]
* Remove post link on recent template was wrong (Recent.template.php) [Bug 2153]
! Visual verification should use imagecreatetruecolor where available. (Subs-Graphics.php) [Bug 1247]
! Subs-Post.php fix messes up Finnish Move topic (Subs-Post.php) [Bug 1125]
! Some internal ip ranges were missed (QueryString.php) [Backporting fix from Bug 1563]
SMF 1.1.8 4 February 2009
================================================================================
February 2008
--------------------------------------------------------------------------------
! Added a confirmation message between requesting a remote package and showing it. (PackageGet.php, Packages template, Packages language files, Security.php)
! Fixed a session check that was set too strict, causing the session to be lost in case of changing permissions through FTP. (Packages.php) [Bug 2734]
! Some URL's created with BBC were not properly sanitized. (Subs-Post.php)
SMF 1.1.7 7 November 2008
================================================================================
November 2008
--------------------------------------------------------------------------------
! Session check was not implemented for certain package management actions. (PackageGet.php, Packages.php, Packages template)
! Added a check to prevent null byte insertion. (QueryString.php)
! Added an additional check on theme data insertion. (Themes.php)
! Prevent certain ascii data to appear in avatars. (Subs-Graphics.php)
! Added an .htaccess for the packages directory. (Packages/.htaccess)
! Fixed a few undefined index notices. (SSI.php, help.php)