phpBB 2 : Creating Communities phpBB 2.0.5 CHANGELOG
  1. Changelog
    1. Changes since 2.0.5
    2. Changes since 2.0.4
    3. Changes since 2.0.3
    4. Changes since 2.0.2
    5. Changes since 2.0.1
    6. Changes since 2.0.0
    7. Changes since RC-4
    8. Changes since RC-3
    9. Changes since RC-2
    10. Changes since RC-1
    11. Changes since RC-1 (pre)
  2. Disclaimer

1. Changelog

This is a non-exhaustive (but still near complete) changelog for phpBB 2.0.x including beta and release candidate versions. Our thanks to all those people who've contributed bug reports and code fixes.

1.i. Changes since 2.0.5

  • Fixed sql injection vulnerability in groupcp.php
  • Fixed xss vulnerability in privmsg.php
  • Fixed sql injection vulnerability in search.php
  • Fixed various email issues
  • Fixed registration email bug with Administrator Confirmation used
  • Fixed mass emailer
  • Fixed long post time issue
  • Fixed bug with usernames containing single quotes
  • Fixed word list bug - Word boundaries were not considered
  • Fixed vulnerability in style admin
  • Fixed sql injection vulnerability in viewtopic
  • Fixed vulnerability allowing server side variable access in search - tendor
  • Fixed potential vulnerability in 2.0.5 login username entry - throw away/eomer
  • Fixed sql injection with reset date format field in profile - tendor
  • Fixed several vulnerabilities in modcp - Robert Lavierck
  • Changed whois lookup address within admin index

1.ii. Changes since 2.0.4

  • Removed user facing session_id checks
  • Fixed user self-activation after deactivation
  • Fixed incorrect functioning of phpbb_realpath
  • Fixed wrong path to database schema files within the upgrade script
  • Fixed double quote problem with username validation
  • Allow & within email addresses
  • Fixed email validation for banned email addresses
  • Removed underline from email domain validation
  • Fixed redirection for sentbox folder, installation and email
  • Fixed poll deletion
  • Fixed Mozilla navigation bar
  • Fixed URL bbcode parsing
  • Fixed database timeouts while searching the forums
  • Fixed wrong email return path in admin mass mailing - netclectic
  • Fixed MS-SQL failures within the update script
  • Fixed memberlist sort order
  • Fixed not showing leading spaces within Code BBCode
  • Fixed problem with adding double quotes to subject titles
  • Remove username input field from profile when user cannot change name
  • Fixed pagination error with highlighting
  • Fixed errors if no smilies are installed
  • Fixed CSS issues with IE 5.2 on MacOS X
  • Fixed missing sid propagation problem within the Moderator Control Panel
  • Fixed language variables within Authentication error output
  • Removed doubled CSS class definitions within input fields
  • Fixed username change within the Administration Panel
  • Added missing <tr> tags to index_body.tpl
  • Added missing username language variable to admin index page
  • Fixed moderator status update if a usergroup got deleted
  • Fixed poll handling upon post edit
  • Fixed remove common words from search table if post get pruned - Nuttzy99
  • Fixed behaviour on splitting topics if no checkbox is selected
  • Anonymous is no longer displayed within Username dropdown boxes
  • Fixed viewprofile redirection if an invalid mode was specified
  • Fixed fraction settings within determining common words - Novan
  • Prevent admin change usernames to his own within the ACP
  • Activation email is sent to all admins
  • Fixed conversion of & to &amp; in appropriate cases
  • Fixed display of "greater than topics per page" announcements preventing display of normal posts
  • Added variable checks to database backup and restore screen
  • Prevented pm popup window from resetting after visiting avatar gallery
  • Fixed special character handling with word censor
  • Added SID to jumpbox
  • Fixed problems with usernames using html special chars
  • Added GMT + 13 to English lang_main, all translators are encouraged to do likewise
  • Deleted doubled 'U_MEMBERLIST' assignment from page_header.php
  • Fixed wrong display of Signature Checkbox while editing Private Message
  • Fixed disappearing post text if emoticon was inserted directly after pressing a BBCode button
  • Display correct alt-tag for smilies within postings
  • Prevented the ability to apply BBCode to website contents
  • Fixed maxlength issue with password field in login_body.tpl
  • Fixed possible username duplication issue with validation and username length
  • Fixed split words function to handle additional foreign characters
  • Changed empty email To Field to use a non-disclosure delimiter
  • Fixed wrong language var in install.php - FTP Config screen
  • Fixed alt tag for locked topic images in viewforum_body.tpl
  • Fixed typo in groupcp.php - $lang['Unsub_success'] instead of $lang['Usub_success']
  • Fixed timezone display
  • Fixed wrong display of author quote tag within profile - Cl1mh4224rd
  • Added deletion of sessions of users whose account is deactivated
  • Added mail header X-MimeOLE to the emailer class
  • Prevent registration if user is logged in or user trying to register again
  • Prevent usage of char(255) in usernames
  • Added check for additional FORWARDED_FOR IP's - cosmos
  • Fixed handling of non-selection of option when voting
  • Fixed potential xss issue with memberslist mode
  • Default English support for visual confirmation - translators are encouraged to support this

1.iii. Changes since 2.0.3

  • Fixed cross-browser scripting issue with highlight param
  • Back-ported highlighting code from phpBB 2.2
  • Add session id validation to posting, profile, email, voting - Edwin van Vliet
  • Added {S_HIDDEN_FIELDS} template var to profile_send_email.tpl
  • Added "intval" fix for flood check, may resolve some issues
  • Added missing index to post_id for search_wordmatch
  • Fixed spelling error in search add words preventing use of stopword list
  • Fixed issue with search common words not being run
  • Introduce viewtopic resync patch by Ashe
  • Replace a for n in templating code
  • Fixed ordering in memberslist
  • Fixed group_id sequence issues with pgsql and msaccess
  • Fixed assumption of word censors in user notification
  • Fixed incorrect display of quotes in user management fields
  • Fixed entry of special chars in all profile fields - note this may cause temporary issues
  • Fixed incorrect display of quotes when using avatar gallery
  • Fixed missing username in email sent to users when admin activated
  • Added check for non-empty smiley code and url in smiley admin
  • Prevent display of -- sig seperator in emails when no board sig exists
  • Fixed URL propagated sid issues with jumpbox
  • Fixed wrong mode name check (polldelete) in functions_post
  • Added missing root path to l10n image path check
  • Remove validation of fields when deleting a user
  • Fixed sort mode select box in memberslist to default to current mode
  • Deny inline topic review listing to users without auth_read permissions
  • Prevent display of topic notification checkbox if user cannot read forum
  • Remove incorrect pre-pending of IP to uploaded avatars
  • Fixed deletion of uploaded avatars when changing to remote/gallery
  • Added check for non-blank line during install schema/basic sql ops
  • Added sort ordering to Top Ten poster listing by request
  • Fixed incorrect error report when altering case of username
  • Added jumpbox output to modcp {JUMPBOX} will now work
  • Fixed non-updating of users with MOD levels when deleting a forum
  • Remove email to group moderator when approving new members
  • Fixed non-handling of HTML in poll options
  • Fixed non-deletion of polls when deleting forum and its posts
  • Fixed moved shadow topic from being bumped upon reply
  • Changed field size of timezone to decimal(5,2) where applicable
  • Fixed missing sid append to URL when redirecting to newest reply
  • Fixed missing slashes in private IP preg check
  • Fixed session not setting userdata['user_id'] to ANON as appropriate
  • Added check for non-empty name in disallow admin
  • Fixed validation of SSL website addresses in profile
  • Fixed inability of admins to upload avatars via user admin panel
  • Fixed non-deletion of private message text upon full box overwrite
  • Fixed incorrect error message in smiley admin
  • Fixed incorrect alt-text for "Stop Watching Topic" image
  • Temporary fix for missing lang strings in forum admin - translators should update their packages if not done already
  • Use selected localisation during later stages of installation
  • Fixed non-check of permissions when deleting a topic via Moderator Control Panel
  • Fixed non-update of banlist upon user deletion
  • Check approved users boxes by default in usergroup approve form
  • Fixed non-appending of sid to backup meta refresh
  • Fixed non-notification of no support for certain databases in backup/restore
  • Added $images var to message die global declaration
  • Fixed wrong string, Private_message in Private Messaging
  • Add mail send result to error output
  • Fixed non-appending of sid to Mozilla nav bar menu items
  • Fixed incorrect profile linking from MSNM url in private messaging
  • Grammatical errors in English lang_main fixed - Cluster
  • Allow deletion of avatar and simultaneous upload/linking/gallery selection
  • Fixed non-updating of user rank when changing from special to normal rank in rank admin
  • Changed user topic notification default in schemas to 0 (off)
  • Fixed non-XHTML compliant img tags in privmsg.php
  • Fixed non-deletion of announcements and polls when removing forum contents in forum admin
  • Fixed non-pruning of watched topics table when pruning related topics
  • Enable GET redirect on logout
  • Added check for IE6.x to viewtopic ICQ indicator javascript
  • Fixed empty username quoting with MS-SQL
  • Fixed BBCode url, magic url and img tags to allow most chars beyond domain names
  • Prevent parsing of -ve size values in BBCode size tag
  • Back ported HTML handler from 2.2, this may impact some boards which allow complex HTML - existing parser remains but commented out
  • Fixed parsing of word censors to not censor words within < and > tag delimiters
  • Fixed database utilities failing to backup data with MySQL
  • Fixed signature parsing in User Admin
  • Fixed missing class="post" tags in subSilver Admin templates
  • Fixes for paths under Apache2
  • Added wrap text with tag support for posting in Mozilla 1.1+
  • Fixed use of missing CSS classes in modcp_split, group_info_body, error_body and agreement
  • Fixed ability of users to edit polls even after they have received votes
  • Fixed header Location to be absolute URL as per HTTP 1.1 spec - noted by PhilippK
  • Added additional session_id checks to MCP, topic subscription, PM and similar items
  • Fixed colour select box in posting_body to reset to Default colour after selection
  • Altered PM icon to show new image until messages have been read
  • Fixed incomplete deletion of PMs when removing the associated user
  • Fixed unread and new PM user counters to decrement appropriately in all situations
  • Fixed possible cross-site scripting issue with username search
  • Fixed some problems with gzip in combination with newer PHP versions and Mozilla
  • Fixed wrong maxlength in modcp_split.tpl subject field
  • Fixed inability to edit username of guest poster - vHiker
  • Fixed ability for guests to post with certain registered usernames
  • Fixed various HTML issues to improve XHTML compliance - Daz
  • Fixed missing template var {L_PM} for memberslist - Daz
  • Fixed wrong key name for $images['Topic_un_watch'] - Daz
  • Fixed missing template var {S_WATCH_TOPIC_IMG} for viewtopic - Daz
  • Fixed missing default constraints for post table under MSSQL
  • Fixed incorrect field size for forum pruning - preventing days > 256
  • Fixed continuing redirect issues for broken web servers, e.g. IIS+CGI PHP
  • Fixed inability to use ftp as a protocol for the [img] tag
  • Fixed incorrect handling of [img] tags containing %20 encoded spaces
  • Added check for . within cookie_name, change to _ if present
  • Added SHOW_ONLINE constant to limit "users online" code operation to index and viewforum
  • Added "temporary" workaround for Apache2 + PHP module ignoring "private" cache header
  • Added workaround for modcp IP lookup and links to Anonymous user profile
  • Fixed broken bbcode parsing of quotes containing bbcode in the "username"
  • Fixed excess slashes in [quote=""] first pass encoding
  • Fixed rendering issue with quote button under Mozilla - Daz
  • Grammatical errors in remaining core lang files fixed - Cluster
  • Fixed bbcode quote breaking when username contained ] before [
  • Fixed duplicate group_id error during upgrade of users from phpBB 1.x
  • Fixed stripslashes() problem with the conversion of the config table from phpBB 1.x
  • Rejiggled validation code, may eliminate "Username disallowed" issues
  • Fixed differing initial "public" setting of forum permissions between different files
  • Added check for invalid (non-compliant) email addresses to upgrade script
  • Further redirect workarounds for broken servers, please direct further issues to the vendors
  • Added GMT + 13 to English lang_main, all translators are encouraged to do likewise
  • Added switch to default_lang email template if user lang template no longer exists
  • Fixed javascript error when selecting smiley containing a single quote
  • Update users watched topic if a post they made is split into a new topic
  • Fixed situations where email templates contain incorrect or missing subject lines
  • Fixed error when searching for posts and no forums exist
  • Fixed potential SQL vulnerability with marking of private messages - Ulf Harnhammar

1.iv. Changes since 2.0.2

  • Fixed potential cross-site scripting vulnerability with avatars - Showscout
  • Fixed potential SQL rewrite issue in page header - missing contrib
  • Fixed potential CSS/HTML rewrite on viewing in login - Marc Rees
  • Fixed (hopefully) issue with MS Access and multiple pages

1.v. Changes since 2.0.1

  • Fixed missing "username" lang variable in user admin template
  • Session work around for users behind rotating IPs - vHiker
  • Fixed potential session user_id re-write - Ashe
  • Fixed potential cross-browser scripting issue with BBCode URLs
  • Fixed potential gallery avatar exploit - Ashe
  • Fix sorting of smileys on each function call - Ashe/psoTFX
  • Clear topic_mod text output in viewtopic - Lars
  • Fix regex for avatar remote urls
  • Fix non-updating of user post counts when deleting whole topics
  • Increase time limit when sending topic reply notifications
  • Set default forum when splitting topics
  • Fix non-deletion of uploaded avatars when switching to gallery
  • Removed various closing newlines from included files
  • Add MAX_ROWS to HEAP table alter in install/upgrade - Ashe
  • Update username maxlength for subSilver templates
  • Allow ( and ) in BBCode [url] tags
  • Fix non-quoting of # in username validation regexs
  • Fix overlooked global var in private messaging
  • Possible fix for \r\n email templates issues
  • Fix missing str_replace for category title forum admin SQL
  • Fix trailing , when sending emails via smtp
  • Fix avatar issues in user admin
  • Fix improper checking of email address ban in sessions
  • Fix use of hard coded language strings in forum admin
  • Fix missing closing ) in smilies admin
  • Fix missing Username label in user admin
  • Fix upgrade.php bug where conversion would not complete (and updated other scripts to match the changes)
  • Fix problem with redirect and login.php
  • Fix typo that could cause problems with sorting in the memberlist
  • Fix emailer to allow sending emails with language-specific character sets

1.vi. Changes since 2.0.0

  • Fixed delete image bug for normal users
  • Fixed group control panel image links
  • Fixed missing L_POST variable in group control panel
  • Fixed missing user id when redirecting to email form after login
  • Fixed (a)ppend_sid function name error in group control panel
  • Fixed reset of post type when previewing a post
  • Fixed mass emailer include path error
  • Fixed potential SQL exploit
  • Fixed several minor subSilver issues
  • Fixed [quote] breaking HTML problem
  • Fixed problem with unclosed nested quotes
  • Fixed bad handling of automagic links at end of quotes
  • Fixed potential BBCode and avatar remote exploit
  • Altered email validation check to allow + in username as per RFC
  • Fixed incorrect behaviour with wildcards in disallowed usernames
  • Added missing append_sid for search view results as posts
  • Fixed incorrect clearing of current sessions for logged in users
  • Fixed user_timezone (cannot update user profile) problem
  • Added correct setting of moderator status for users during upgrade
  • Fixed handling of uploaded avatars if gallery avatar currently used
  • Fixed use of existing username for uploaded avatars
  • Fixed updating of topic reply stats when post is deleted
  • Fixed irrelevant error message when activating already active account
  • Fixed gzip compression problems with Netscape and some PHP versions
  • Fixed MS Access layer errors when using latest PHP versions
  • Fixed styles admin editing problems with MSSQL Server
  • Fixed logout issue when cancelling certain actions
  • Fixed missing text in certain admin links
  • Fixed opening of frame within frame when logging into admin
  • Fixed incorrect ordering of search results by time
  • Fixed fulltext searching failure with MS Access
  • Hopefully fixed fulltext search with non-latin single byte charsets
  • Enabled work-around support for some multi-byte charsets - OOHOO
  • Re-enabled search indexing of all-numeric character sequences
  • Updated email banning to properly implement wildcards
  • Fixed missing extension in links from groupcp
  • Fixed lack of re-validation when changing email address
  • Added additional IP check when using HTTP_X_FORWARDED_FOR
  • Fixed non-display of delete icon when on second or greater topic page
  • Fixed problems with users/groups assigned multiple permissions
  • Fixed problem with - and + in search words - Matthijs
  • Fixed improper handling for deletion of words from search table
  • Fixed support for , in automagic URLs as per RFC
  • Fixed circular reference SQL errors when deleting posts under MS Access
  • Fixed nested [code] problems
  • Added charset encoding headers for emails - romutis
  • Fixed "Copy to self" emails to use correct language
  • Fixed pagination error when limiting previous days for viewforum
  • Decreased minimum search word size to 3 chars
  • Fixed deletion of one or more options from all polls when editing just one
  • Fixed checking of group memberships when promoting/demoting group moderators
  • Added database closure to admin frameset page

1.vii. Changes since RC-4

  • Fixed improper report of general error when posting messages containing errors
  • Fixed post text being doubled up if it contained one or more < without closing >
  • Fixed pruning errors due to search function name change
  • Hopefully fixed various issues which led to incorrect reply and excess page counts
  • Fixed groupcp not displaying all email buttons to group moderator or admin
  • Fixed failure to display error notice when uploading oversized avatars
  • Hopefully corrected problem with viewonline displaying too few/many users online
  • Partially addressed issue with activation URLs >76 chars
  • Fixed additional search facilities failing to work or working incorrectly
  • Fixed search syntax highlighting
  • Addressed various webservers handling of page redirects
  • Fixed word censor not replacing first or last words
  • Fixed avatar height and width check for locally uploaded images
  • Hopefully fixed cache control header
  • Added check for PM box size limit of 0 to prevent div0 error
  • Fixed failure to fully delete PMs in outbox
  • Fixed display problem with polls
  • Fixed problem with guest username not being displayed for topic results in search
  • Fixed problem with quotes in various profile fields
  • Fixed schema problem with user_timezone
  • Fixed page display issue with MS Access
  • Fixed user level issue when altering user from user to admin and vice versa
  • Fixed incorrect parseing of some email templates
  • Reduced size of MS Access primer
  • Fixed various remaining usergroup display issues

1.viii. Changes since RC-3

  • Addressed serious security issue with included files
  • Fixed non-use of database table prefix name during upgrade
  • Split functions and profile into separate modules
  • Fixed (hopefully) remaining issues with colourisation of moderator usernames
  • Updated install to include entry of additional, required, information
  • Fixed (hopefully) AOL incompatibilities
  • Fixed non-display of moderators in index/viewforum
  • Fixed group control panel 'no groups exist' problems
  • Fix HTTP_X_FORWARDED_FOR spoofing possibility
  • Fix ignoring of private range IP's in HTTP_X_FORWARDED_FOR
  • Enable multiple wildcard email banning, eg. *name*@somewhere.tld
  • Fix problems with posts being truncated if containing < and > characters
  • Prevent URL, BBCode and most smiley parseing in [code][/code]
  • Fix problems with use of certain reserved chars in word censor list
  • Fix default search useage to be as described (was doing AND by default)
  • Fix various avatar issues with profile, gallery and viewtopic
  • Enable safe mode support for uploading avatars
  • Fix broken modcp IP view issue
  • Fix potential session_id re-write vulnerability
  • Finish localisation of days and months (AM/PM are not and will not be localised in 2.0)
  • Remove link to external subSilver stylesheet from default subSilver templates
  • Handle TRANSACTIONS correctly in MySQL 3.x (by returning correct responses)
  • Fix checkbox resetting problem while previewing posts
  • Fix a login redirect issue
  • Remove some additional unused fields during upgrade
  • Fix (hopefully) remaining ICQ overlay issue with view profile in subSilver

1.ix. Changes since RC-2

  • Fixed infamous install parse error
  • Major update of posting and related search functions (fixing various issues and increasing speed)
  • Fixed display of author and last poster names when both are different guest users
  • Fixed upgrade stall issues (hopefully!) and improved output
  • Fixed highlighting code for viewtopic and search
  • Reduced size of several files and functions
  • Moved localised images to sub-directories
  • Improved user feedback of disallowed usernames
  • Fixed various MSSQL bugs
  • Fixed installation of MSSQL/MSSQL-ODBC
  • Fixed security issue with upgrade.php
  • Finished implemention of various additional features
  • Fixed various user, group and forum permissions problems
  • Fixed issues with BBCode [ and ] (hopefully!)
  • Fixed autologin problems with MS IIS
  • Hopefully fixed problems with URIs in emails on some server configs
  • Fixed 'blank' profile and DB utilities problems on submit
  • Fixed incorrect language being used in email subjects
  • Fixed issues with incorrect private message new/unread counts
  • Fixed various PostgreSQL related errors
  • Automatically forward users to login screen in more situations
  • AEnabled (coloured) online indication of moderators and admins
  • Enabled maximum online user count
  • Altered online user count to ignore duplicate IPs (will now underestimate rather than overestimate)
  • Enabled viewing of users browsing each forum
  • Fixed (hopefully) display of overlayed ICQ icon in Netscape using subSilver
  • Fixed display of guest usernames for last post and author
  • Hidden usergroups are now completely hidden from view

1.x. Changes since RC-1

  • Fixed numerous PostgreSQL related issues
  • Significant updates and additions to the upgrade script
  • Various (missed) hard coded language strings fixed
  • Fixed viewforum error when no forum id specified
  • Fixed old constant name useage in search system
  • Fixed display of moved posts when viewing unanswered posts
  • Fixed failure of search for user and keyword when displaying as posts
  • Fixed PM popup notification
  • Fixed view more emoticon session page problem
  • Fixed view profile email links
  • Fixed display of websites in profile
  • Fixed backup database failure
  • Fixed MS Access schema error when posting topics
  • Fixed problem with hypenated/dotted DB names in MySQL 3.23.6+
  • Various other fixes and updates

1.xi. Changes since RC-1 (pre)

  • Upgrade script completed for initial fully functional release
  • Sessions code updated
  • Mark read code updated and hopefully fixed
  • Significant changes to properly deal with \' for non-MySQL boards
  • mssql, msaccess and mssql-odbc DB classes re-written
  • Avatar issues addressed and fixed
  • Search (INSERT) bug using MySQL fixed
  • Search highlighting issues addressed
  • Search own/other users posts fixed
  • BBCode fixes for magic URIs and other issues
  • Template updates for subSilver
  • User and group permissions problems fixed
  • Forum management problems (deletion of forum causing category not to display) fixed
  • Pagination problem with groupcp fixed
  • Backslash issues with posting and profile fixed
  • Backslash issues with emails fixed
  • preg_quote problems fixed
  • User management updated with full avatar control and missing fields
  • Private messaging box limits fixed
  • Private messaging ?folder= strangeness fixed
  • Forum pruning code updated to cope with search system
  • Emoticon system in posting updated
  • BBCode FAQ link added to posting form
  • Language file updates to address concerns of translators
  • Various other bug fixes and updates

Note that a full list of fixed bugs can be found at the bug tracker (see section on bug reporting here)

2. Copyright and disclaimer

This application is opensource software released under the GPL. Please see source code and the Docs directory for more details. This package and its contents are Copyright 2002 phpBB Group, All Rights Reserved.