http://www.phpbb.com/community/viewtopi ... 4&t=576156
[安全相關] Added alternative tokens to custom BBCodes which are safe for CSS/Javascript and changed TEXT token to entitise opening and closing parantheses.
[功能] New constant PHPBB_EMBEDDED can be used to let phpBB not call exit; if wrapped/embedded (We may re-check this constant on other code locations later too)
[功能] append_sid() having a check for the function append_sid_phpbb_hook(). This function is called in favour of append_sid() with the exact same parameters if present.
[功能] Add "DECIMAL:", "PDECIMAL", and "PDECIMAL:" to the schema creation code (Bug #13999) - patch provided by poyntesm
[功能] Display message history in compose PM screen
[改變] Made group avatar/rank changes more intuitive
[改變] Do not force login on visiting topic/forum from notification emails (Bug #13818)
[改變] For new posts or editing the first post topic titles have a maxlength of 60 characters. For any subsequent posts the length is extended to 64 to make room for the Re: part, but cutting at 60 characters. The maxlength need to be 64, else users using opera are unable to post (opera does not allow pre-filling a field with more characters than specified within the maxlength attribute)
[改變] Added a filter for user objects to LDAP configuration and improved explanations (Bug #12627)
[修正] Properly display ban reason if selecting banned entries within the ACP (Bug #13896)
[修正] Properly parse SQL expressions for Oracle (Bug #13916)
[修正] Display locked icon in viewforum/prosilver if forum locked (Bug #14009)
[修正] Fixed cron_lock value for cron execution. This bug led to users having problems with the email queue and other cron related issues.
[修正] Prevent white pages on php notices with gzip compression enabled (Bug #14096)
[修正] Let the theme immediately expire if changed from ACP for at least 30 minutes after change
[修正] If sending PM's to groups only include activated member (Bug #14040)
[修正] Correctly wrap words in emails containing utf8 characters (Bug #14109)
[修正] Disable gzip compression for cached stylesheet for Internet Explorer 6 or empty browser (IE6 is not able to properly display the compressed stylesheet) (Bug #14054)
[修正] Header icons fixed in FF for RTL languages (Bug #14084)
[修正] Allow line breaks in custom BBCodes (Bug #10758)
[修正] Convert 2.0 moderator posting permissions (Bug #14105)
[修正] odbc_autocommit causing existing result sets to be dropped (Bug #14182)
下載:http://www.phpbb.com/downloads/
~Mac
[新聞] phpBB3 RC 釋出 (Update RC5)
版主: 版主管理群
[新聞] phpBB3 RC 釋出 (Update RC5)
最後由 Mac 於 2007-10-14 20:32 編輯,總共編輯了 1 次。
目前狀態
GoKo Music進度: 10%
問個問題不要緊,可是沒有發文格式、問題不夠詳細情況,難道要用猜嗎?
新手必讀
[教學] 基本認識、學習、隨我架設phpBB的新手通 -更新至2.0.22
問問題的技巧
http://www.phpbb-tw.net/phpbb/viewtopic.php?t=44340
MOD安裝教學及轉碼
http://www.phpbb-tw.net/phpbb/viewtopic.php?t=22832
GoKo Music進度: 10%
問個問題不要緊,可是沒有發文格式、問題不夠詳細情況,難道要用猜嗎?
新手必讀
[教學] 基本認識、學習、隨我架設phpBB的新手通 -更新至2.0.22
問問題的技巧
http://www.phpbb-tw.net/phpbb/viewtopic.php?t=44340
MOD安裝教學及轉碼
http://www.phpbb-tw.net/phpbb/viewtopic.php?t=22832
RC6釋出了~
Hello,
We are very pleased to announce the availability of the phpBB3 RC6 package. This is the sixth (and hopefully last) release candidate which is meant to become the Gold release if no more critical problems arise.
This release is mostly the outcome of an external security audit performed by SektionEins. All items tagged as [Sec] were found by the company doing the audit and revealed some fundamental problems we were able to fix. We are proud that the audit revealed no sql injection vulnerability or critical command execution vulnerabilities.
For release candidates full support is given, allowing language packs as well as modifications and styles. We only give support to those having a clean RC installation or updates from previous release candidates. Previous conversions or updates from betas will not be supported here. We encourage only those running the release candidates wanting to test out the new version, it is still recommended to wait for the full release; after all this is a release candidate.
Please also note that we urge you to update - we only support the latest version. Bug reports submitted for previous releases will be closed as well as only the latest version being supported here.
RC6 has seen some improvements as well as fixing some security issues. Some important fixes are:
[Fix] Further fixing user profile view (please do not forget to update/refresh your template and style) (Bug #14230)
[Fix] Adjust google adsense bot information (Bug #14296)
[Fix] Fix horizontal scrollbar problem in IE6 (Bug #14228) - fix provided by Danny-dev
[Fix] Correctly set user style for guest user (able to be changed within user management)
[Change] Moved note about dns_get_record function for using GTalk (Jabber) from Jabber log to Jabber ACP panel
[Fix] Do not use register_shutdown_function within cron.php if handling the queue and the mail function being used (Bug #14321)
[Fix] Fixing private message on-hold code if moving messages into folder based on rules (Bug #14309)
[Fix] Allow the merge selection screen to work (Bug #14363)
[Change] Require additional permissions for copying permission when editing forums
[Fix] Local magic URLs no longer get an additional trailing slash (Bug #14362)
[Fix] Do not let the cron script stale for one hour if register_shutdown_function is not able to be called (Bug #14436)
[Feature] Added /includes/db/db_tools.php file, which includes tools for handling cross-db actions such as altering columns, etc.
[Fix] Fixed token handling in jabber class for extremely spec-compilant XMPP server (Bug #14445)
[Change] Listing the board url within the email text instead of appending it to the subject (Bug #14378)
[Fix] Always display the quote button as the most accessible one - edit is always before quote (Bug #14403)
[Fix] Use correct dimension (width x height) in ACP (Bug #14452)
[Feature] Added completely new hook system to allow better application/mod integration - see docs/hook_system.html
[Fix] Fixing google cache display problems with Firefox (Bug #14472) - patch provided by Raimon
[Change] Allow years in future be selected for date custom profile field (Bug #14519)
[Feature] Added an option to enforce that users spend a configurable amount of time on the terms page during registration
[Sec] Fixing possible XSS through compromised WHOIS server (#i63, #i64)
[Sec] Missing access control on whois in viewonline.php (#i51)
[Sec] Encoding some variables within user::page array correctly (to cope with browser not doing it correctly) to prevent XSS through functions re-using them (#i61)
[Sec] Fixed XSS through memberlist search feature (#i62)
[Sec] Fixed XSS through colour swatch (#i65)
[Sec] Fixed insecure attachment deletion (#i53)
[Sec] Only allow whitelisted protocols in meta_redirect/redirect (#i66)
[Sec] Check file names to be written in language management panel (#i52)
[Sec] Deregister globals if ini_get has been disabled (#i112)
[Sec] Added form tokens to most forms to enforce a lighter variant of CSRF protection (#i91 - #i96)
[Sec] Use new password hash method for forum passwords (#i43)
[Sec] Changed download file location to prevent flash crossdomain policies taking effect (#i8)
[Sec] Do not allow autocompletion for password on admin re-authentication (#i41)
[Sec] Made sure users are not completely locked out if they have a GLOBALS cookie (#i101)
[Sec] Use the secure hash to generate BBCODE_UIDs (#i71)
[Sec] Increase the length of BBCODE_UIDs (#i72)
[Sec] New password hashing mechanism for storing passwords (#i42)
We are very pleased to announce the availability of the phpBB3 RC6 package. This is the sixth (and hopefully last) release candidate which is meant to become the Gold release if no more critical problems arise.
This release is mostly the outcome of an external security audit performed by SektionEins. All items tagged as [Sec] were found by the company doing the audit and revealed some fundamental problems we were able to fix. We are proud that the audit revealed no sql injection vulnerability or critical command execution vulnerabilities.
For release candidates full support is given, allowing language packs as well as modifications and styles. We only give support to those having a clean RC installation or updates from previous release candidates. Previous conversions or updates from betas will not be supported here. We encourage only those running the release candidates wanting to test out the new version, it is still recommended to wait for the full release; after all this is a release candidate.
Please also note that we urge you to update - we only support the latest version. Bug reports submitted for previous releases will be closed as well as only the latest version being supported here.
RC6 has seen some improvements as well as fixing some security issues. Some important fixes are:
[Fix] Further fixing user profile view (please do not forget to update/refresh your template and style) (Bug #14230)
[Fix] Adjust google adsense bot information (Bug #14296)
[Fix] Fix horizontal scrollbar problem in IE6 (Bug #14228) - fix provided by Danny-dev
[Fix] Correctly set user style for guest user (able to be changed within user management)
[Change] Moved note about dns_get_record function for using GTalk (Jabber) from Jabber log to Jabber ACP panel
[Fix] Do not use register_shutdown_function within cron.php if handling the queue and the mail function being used (Bug #14321)
[Fix] Fixing private message on-hold code if moving messages into folder based on rules (Bug #14309)
[Fix] Allow the merge selection screen to work (Bug #14363)
[Change] Require additional permissions for copying permission when editing forums
[Fix] Local magic URLs no longer get an additional trailing slash (Bug #14362)
[Fix] Do not let the cron script stale for one hour if register_shutdown_function is not able to be called (Bug #14436)
[Feature] Added /includes/db/db_tools.php file, which includes tools for handling cross-db actions such as altering columns, etc.
[Fix] Fixed token handling in jabber class for extremely spec-compilant XMPP server (Bug #14445)
[Change] Listing the board url within the email text instead of appending it to the subject (Bug #14378)
[Fix] Always display the quote button as the most accessible one - edit is always before quote (Bug #14403)
[Fix] Use correct dimension (width x height) in ACP (Bug #14452)
[Feature] Added completely new hook system to allow better application/mod integration - see docs/hook_system.html
[Fix] Fixing google cache display problems with Firefox (Bug #14472) - patch provided by Raimon
[Change] Allow years in future be selected for date custom profile field (Bug #14519)
[Feature] Added an option to enforce that users spend a configurable amount of time on the terms page during registration
[Sec] Fixing possible XSS through compromised WHOIS server (#i63, #i64)
[Sec] Missing access control on whois in viewonline.php (#i51)
[Sec] Encoding some variables within user::page array correctly (to cope with browser not doing it correctly) to prevent XSS through functions re-using them (#i61)
[Sec] Fixed XSS through memberlist search feature (#i62)
[Sec] Fixed XSS through colour swatch (#i65)
[Sec] Fixed insecure attachment deletion (#i53)
[Sec] Only allow whitelisted protocols in meta_redirect/redirect (#i66)
[Sec] Check file names to be written in language management panel (#i52)
[Sec] Deregister globals if ini_get has been disabled (#i112)
[Sec] Added form tokens to most forms to enforce a lighter variant of CSRF protection (#i91 - #i96)
[Sec] Use new password hash method for forum passwords (#i43)
[Sec] Changed download file location to prevent flash crossdomain policies taking effect (#i8)
[Sec] Do not allow autocompletion for password on admin re-authentication (#i41)
[Sec] Made sure users are not completely locked out if they have a GLOBALS cookie (#i101)
[Sec] Use the secure hash to generate BBCODE_UIDs (#i71)
[Sec] Increase the length of BBCODE_UIDs (#i72)
[Sec] New password hashing mechanism for storing passwords (#i42)