تنويه للجميع :
السلام عليكم ..
تم التعديل على ملف الــprivate.php وتمت اضافة سطر مهم
الرجاء ممن نزل اي نسخه ان يعدل على هذا الملف او يقوم بتبديل هذا الملف بالمرفق
ويوجد مشكله في ملف init.php وحلها في الاخير
[LEFT]An XSS issue has been discovered in 3.0.X in private.php; it affects all versions of vBulletin 3. While this issue is not nearly as serious as the issue that prompted the 3.0.5 release, we strongly recommend you patch your installation(s).
At the end of this post, you'll find a patched file and what to change if you wish to manually update your file.
As of this update, the download in the members' area has been patched. If you have downloaded 3.0.5 before this time, please redownload or use the provided private.php.
I just want to reiterate that it is not our intention to force you to have to update constantly. Once a security issue is reported--no matter the severity--we strive to release quick fixes; the same day the issue is discovered, regardless of whether it's a holiday or just any other day of the year, if possible. It just happened that there were several reports in the past week. We aim to have impeccable security, but sometimes things are missed by internal audits.
Thank you for understanding.
Do you have the patch already?
Technically, the members' area was patched before this post. If you don't want to use the provided private.php or see if you need to add the line provided below, search for:
CVS: $RCSfile: private.php,v $ - $Revision: 1.262.2.3 $
In your copy of private.php. If you find it, you have the patch already.
--------------------------------------------------------------------------------
Manual Patch Instructions
In private.php, find the following:
كود PHP:
construct_checkboxes($pm);
ABOVE it, add the following:
كود PHP:
$pm['recipients'] = htmlspecialchars_uni($pm['recipients']);
If you have 3.0.4 or 3.0.5 with a working referrer checker (see note below), the affects of this issue are severely lessened. We still recommend you use the patch for users which block referrers (some internet security software).
Note: the referrer checker was broken in 3.0.5 until 11:28 PM (EST) on Jan 8th. If you downloaded 3.0.5 before then, see this bug for a fix.
اي شخص نزل النسخه قبل التاريخ بعاليه عليه ان يرجع وينزلها مره اخرى
------------------------------------------------------------------------------------------
To fix, in includes/init.php find:
كود PHP:
$thishost = preg_quote($http_host . !empty($referrer_parts['port']) ? ":$referrer_parts[port]" : '', '#');
And replace with:
كود PHP:
$http_port = intval($referrer_parts['port']);
$refhost = $referrer_parts['host'] . (!empty($http_port) ? ":$http_port" : '');
if (!preg_match('#' . preg_quote($http_host, '#') . '$#siU', $refhost))
هذي هي مشكلة ال init.php
وحلها تم اصلاحه في هذه النسخه 3.0.5
Several minutes before this bug was submitted, the downloadable version of 3.0.5 was updated with this bug fix.