Everybody should upgrade their board, replacing latest version of index.php file.

Thank you to "from_kavkaz" user who reported this error.

Does it concern v. 2.0.3 only or all previous versions too?

It probably affects also all previous versions.

It's not a serious vulnerability bug, however, it preferrably should be fixed anywhere.

The line in index.php which says

elseif($user_id==0 and isset($_GET['setlang']) and $setlang=str_replace(array('.','/','\\'),'',$_GET['setlang']) and file_exists($pathToFiles."lang/{$_GET['setlang']}.php")) {$lang=$setlang; $indexphp.='setlang='.$setlang.'&';}

should contain the following:

elseif($user_id==0 and isset($_GET['setlang']) and $setlang=str_replace(array('.','/','\\'),'',$_GET['setlang']) and file_exists($pathToFiles."lang/{$setlang}.php")) {$lang=$setlang; $indexphp.='setlang='.$setlang.'&';}

I downloaded newest minibb version from server, but I can't see any difference in file index.php of 2.0..3a compared to 2.0.3


I used program "winmerge" to compare both files.

Ooops... thanks a lot for noticing, occassionally old version package has been updated. Now should be ok.

I downloaded my package 2.0.3.a I think less than a week ago. To be sure I had the newest files I downloaded again now.
I found changes in

eng.php
main_post_form
user_dataform
bb_func_usernfo
bb_functions
index.php

index.php. The only change is that the copyright in the new says 2004-2006 ! where my 'old says 2004-2007. So I keep my 'old' :-)

eng.php has a newer date (jan-17 instead of Dec-06) and 'profile' instead of 'preference'. So I keep the new.

bb_func_usernfo have a new date Jan-19 where my 'old' says Jan-12. So I keep the new.

bb_functions. The date and version says 2006-Dec-06 and 2.0.3 where my old one says 2007-Jan-15 and2.0.3a. So I keep my 'old' :-)

But because of these little no important things mentioned above I am getting a little bit nerveous about if I shall keep 'old' or new main_post_form and user_dataform.

My one week old' main_post_form have 2 lines more than the new one and my one week old user_dataformt has differences
Shall I use my new or my 'old'main_post_form and user_dataform?

The only change is that the copyright in the new says 2004-2006 ! where my 'old says 2004-2007. So I keep my 'old' :-)

Ok, you got me :-) Welcome to get the newest package, I've changed the copyright. The saga with index.php file is just because I worked remotely not on my usual working place... so when I was back it seemed I forgot to update my own local version of forums which I develop the main core on. Will try to not do this again :-)

That's also true about eng.php and there is a very little fix in bb_func_usernfo.php (which is actually the fix of the fix I've issued earlier in this thread). These changes actually are not critical at all and they do not affect the overall performance.

bb_functions.php contained only version change and I also forgot to update it locally. So it looks ok now.

New version of main_post_form template contains the removing of "Disable BB codes" checkbox. We don't remember for what this "option" was implemented or maybe just taken from somewhere, but it seemed to us completely unuseful these times.

In user_dataform.html template we have removed the links to the manual (which where on the options "Display email publicly?" and "Sort topics by". It seems so many users are not developing any own manual at all, and the links going to the common miniBB manual look confusing. In general, these options are meaningful by their titles.

So it all looked like waxing of what we've issued early, but it should we useful we mentioned it here. Thank you, otto!

By a closer look at the files I asked about I saw what you had removed was what I had deactivated in my 'old's (had also made my own link to my own manual).
Thank you for the changes and the explanation.

removing of "Disable BB codes
I had done this too, but..

We don't remember for what this "option" was implemented..

You don't need to.
Just read your manual :-)

.. 'if you need to post something using not BB-code, but actual info containing BB-code, it is useful'..

Thanks again :-)

'if you need to post something using not BB-code, but actual info containing BB-code, it is useful'

Well of course was is the purpose of the checkbox, but nobody from us can't really remember by what purpose it may be used on other boards. Explanation of BB codes? Even if it's posted in the message itself, it won't be made often... usually the things like this should appear in the manual for the board. So it's removed.

Oh well I will need to work on the manual and fix many things! It looks a bit old.

Thanks again.