Snitz Forums 2000 Version 3.4.06 - Posted (35622 Views)
HuwR
Forum Admin
HuwR
Posts: 20611
20611
This release incorporates fixes to bugs that were found since v3.4.05 was released.
http://forum.snitz.com/download.asp

there is a link to just the changed files since v3.4.05 was released on this page:
http://forum.snitz.com/specs.asp

We encourage everyone to upgrade to this new version.
Details of the changes made are listed below.
Here is a list of the security bugs fixed in this version:
  • Fixed fake mail sending from pop_mail.asp. http://forum.snitz.com/forum/topic.asp?TOPIC_ID=62748
  • Fixed 'type' url variable cross-scripting bug. http://forum.snitz.com/forum/topic.asp?TOPIC_ID=60011
  • Fixed 'GROUP' variable not sanitized bug. http://forum.snitz.com/forum/topic.asp?TOPIC_ID=62049
  • Fixed 'PWKEY' variable handling in password.asp. http://forum.snitz.com/forum/topic.asp?TOPIC_ID=60371
Bug fixes made in this version:
  • Fixed MySQL DEFAULT value bug with auto_increment fields when upgrading from older forum versions.
  • Fixed numerous requests to badwords table. http://forum.snitz.com/forum/topic.asp?TOPIC_ID=58750
  • Fixed ChiliASP errors in 'IsObjInstalled' function in admin_config_email.asp. http://forum.snitz.com/forum/topic.asp?TOPIC_ID=59050
  • Fixed loop bug in admin_config_groupcats.asp. http://forum.snitz.com/forum/topic.asp?TOPIC_ID=59817
  • Fixed table tags in admin_forums.asp. http://forum.snitz.com/forum/topic.asp?TOPIC_ID=56955
  • Fixed default value bug with MySQL 4 and greater. http://forum.snitz.com/forum/topic.asp?TOPIC_ID=62496
  • Fixed javascript bug associated with the URL tag button on the editor. http://forum.snitz.com/forum/topic.asp?TOPIC_ID=59366
  • Fixed default value for auto_increment fields using MySQL database, during forum setup. http://forum.snitz.com/forum/topic.asp?ARCHIVE=true&TOPIC_ID=52219
  • Fixed badwords not fully masked bug. http://forum.snitz.com/forum/topic.asp?TOPIC_ID=58394
  • Fixed members using Norton Internet Security, that are unable to register. Policy.asp was moved to an included file called inc_policy.asp in register.asp. All links to policy.asp changed to register.asp.
  • Fixed user name with quotes bug. http://forum.snitz.com/forum/topic.asp?TOPIC_ID=53624
  • Fixed quotes in members search being doubled http://forum.snitz.com/forum/topic.asp?TOPIC_ID=62638
  • Fixed fake mail sending from pop_mail.asp. http://forum.snitz.com/forum/topic.asp?TOPIC_ID=62748
Other changes or features added to this version:
  • Improved loading time of post.asp and closed many recordset objects that were left open. http://forum.snitz.com/forum/topic.asp?TOPIC_ID=59903
  • Added code to speed up loading of member names in combo boxes. http://forum.snitz.com/forum/topic.asp?TOPIC_ID=59903
  • Added feature that brings you back to the topic or reply you just posted.
  • Changed the default option to NOT use the drop down box when searching for posts by a member.
  • Minimum characters allowed in admin user name is now set to 3.
  • Replaced current birthday picker with Shaggy's birthday picker mod.
  • Removed confirmation dialog when deleting a bad word.
  • When logged in, user name now shows correct case as when you signed up. http://forum.snitz.com/forum/topic.asp?TOPIC_ID=59054
  • Added code to get real ip address of users that are behind a proxy.
  • Added feature to allow subscription links to go to the last post in a topic without the REPLY_ID.
<
 Sort direction, for dates DESC means newest first  
 Page size 
Posted
Lac0niC
New Member
Lac0niC
Posts: 78
78
Sorry. I asked before read exactly. This one has new security related fixes.
New question. Most of these security realted fixes was announced for .05, right?<
FZK
Last edited by Lac0niC on 13 September 2006, 16:18
Posted
ruirib
Snitz Forums Admin
ruirib
Posts: 26364
26364
We always release security fixes for the current version. Each security fix may have an indication that it may apply to previous versions. Better read each one.<
Snitz 3.4 Readme | Like the support? Support Snitz too
Posted
nickw
Junior Member
nickw
Posts: 193
193
Someone just posted to a security group that there is a vulnerability... whats this about?
content removed for security reasons<
Nick
Last edited by nickw on 13 September 2006, 17:20
Posted
Davio
Development Team Member
Davio
Posts: 12217
12217
Nickw, don't post it on the forum. Please send me an email about this. Edit your post and remove the info.
Thanks.<
Support Snitz Forums
Posted
nickw
Junior Member
nickw
Posts: 193
193
Appologies.. Still want that info?<
Nick
Posted
Shaggy
Support Moderator
Shaggy
Posts: 6780
6780
See the Security Announcements forum, Nick; the fix has already been released.
<
Search is your friend “I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.”
Posted
nickw
Junior Member
nickw
Posts: 193
193
You are quick ;) Sorry for posting that, I should have known better.<
Nick
Posted
Shaggy
Support Moderator
Shaggy
Posts: 6780
6780
No worries smile
<
Search is your friend “I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.”
Posted
taropatch
Average Member
taropatch
Posts: 741
741
Thanks all for the new release! Appreciate all the time and hard work.<
Posted
minibeast198
Starting Member
minibeast198
Posts: 11
11
In the Members Details Configuration, the Age row has a big black box and this:

Microsoft VBScript runtime error '800a000d'

Type mismatch: 'cInt'

(forum address)/admin_config_members.asp, line 148

-------------

What does that mean?<
Last edited by minibeast198 on 20 September 2006, 20:48