Kacper Szurek helped miniBB to grow more and reported about possible SQL injection in its core. I've updated the
current version, containing the new script
bb_func_unsub.php, this is one you need to update on your forums.
Details of update: this code
if(isset($_GET['code']) and preg_match("#[a-zA-Z0-9]+#", $_GET['code'])){
should look like this:
if(isset($_GET['code']) and preg_match("#^[a-zA-Z0-9]+$#", $_GET['code'])){
i.e. the regular expression should have
^ and
$ inside regexp.
This issue might be critical, so I'd recommend to every miniBB admin to apply it ASAP.
Also, in the nearest time, hopefully, I'll post an updated 3.1.1 version, covering small bugs and issues of the 3.1 release.
Stay tuned!