miniBB 2.2a released - security fix + some minor improvements

As it was recently reported by girex, earlier miniBB releases contain a security fix only available if register_globals = On in your php.ini. As you may notice, within the past years all miniBB security problems may appear only if you have such configuration of PHP. Again, please re-check your server settings regarding this configuration and change it to register_globals = Off, or ask your provider to do that. Nowadays all major scripts support working without globals, it is a question not only of miniBB security, but also your own.

To fix your version of miniBB, just add 'xtr' value to the top array $unset of index.php. For example:

$unset=array('logged_admin', 'isMod', 'user_id', 'langu', 'includeHeader', 'includeFooter', ... 'csrfchk', 'emailCharset', 'adminUser', 'cook', 'forumClone', 'xtr');

Other improvements of the updated version 2.2 contain experimental search form and function, when by default searching will process only in topic titles, which is basically the right solution, because topic's title always should contain all major keywords which will be useful also for search engines. This should force forums administration to take massive care about topic titles. On another hand, searching by topic titles completes much more faster else when searching in messages (because in database there is a search in 255 chars against 64 K).

Other improvements can't be called critical, since they are only providing some additional possibilities for possible extensions.

Download new miniBB now and follow Updating history guide to update your files.

	miniBB Support Forums / News /
	miniBB 2.2a released - security fix + some minor improvements

	Paul Lead Developer	#1 \| Posted: 22 Apr 2008 05:31
		As it was recently reported by girex, earlier miniBB releases contain a security fix only available if register_globals = On in your php.ini. As you may notice, within the past years all miniBB security problems may appear only if you have such configuration of PHP. Again, please re-check your server settings regarding this configuration and change it to register_globals = Off, or ask your provider to do that. Nowadays all major scripts support working without globals, it is a question not only of miniBB security, but also your own. To fix your version of miniBB, just add 'xtr' value to the top array $unset of index.php. For example: $unset=array('logged_admin', 'isMod', 'user_id', 'langu', 'includeHeader', 'includeFooter', ... 'csrfchk', 'emailCharset', 'adminUser', 'cook', 'forumClone', 'xtr'); Other improvements of the updated version 2.2 contain experimental search form and function, when by default searching will process only in topic titles, which is basically the right solution, because topic's title always should contain all major keywords which will be useful also for search engines. This should force forums administration to take massive care about topic titles. On another hand, searching by topic titles completes much more faster else when searching in messages (because in database there is a search in 255 chars against 64 K). Other improvements can't be called critical, since they are only providing some additional possibilities for possible extensions. Download new miniBB now and follow Updating history guide to update your files.


	Home Features Requirements Demo Download Showcase Gallery of Arts Compiler Premium Extensions Premium Support License Contact Us