Aqui esta el tema en cuestion creado por Acyd Burn
Se han fijado varios problemas:
- Fixed one vulnerability in admin_board.php - Xore
- Added checking for proper session id characters to sessions and viewtopic to prevent injections - Bartlomiej Korupczynski
- Fixed injection vulnerabilities possible with linked avatars
- Implemented unsetting globalised variables
- Limited confirm switch to POST variable in posting
- Changed IP code in common.php to prevent IP spoofing
- Updated visual confirmation mod [pre-edited files]
- Moved obtaining word censors in modcp out of topic generation loop [increased performance/lower query count] - spotted by R45
- Added the ability to link to https/ftps sites using the img bbcode tag
- Fixed user online information in admin/index.php
- Fixed getting group moderator in groupcp.php if running oracle backend - spotted by pakman
- Fixed use of non-existing result variable in modcp (poster_id instead of user_id)
- Fixed several vulnerabilities (XSS, SQL Injection and path disclosure) only possible with register_globals enabled - Matthew C. Kavanagh, Janek Vind
- Fixed problem with SID not delivered to next page in groupcp.php