Jump to content

Welcome to DevFuse Forums

Sign In  Log in with Facebook

Create Account
Welcome to DevFuse Forums, like most online communities you must register to view or post in our community, but don't worry this is a simple free process that requires minimal information for you to signup. Be apart of DevFuse Forums by signing in or creating an account.
  • Start new topics and reply to others
  • Subscribe to topics and forums to get email updates
  • Get your own profile page and make new friends
  • Send personal messages to other members.
Guest Message by DevFuse

(View All Products)Featured Products

  • Donations

    Help fund your forum with donations, setup goals and track member donations. Offer rewards for members donating.
  • Timeslips

    Have your members submit their race times and share with others.
  • Videos

    Allows your members to submit their own videos for community viewing. Support is included for all the major video sites.
  • Forms

    Build your own forms for your members without coding experience. Support included for pm, email and topics.
  • Collections

    Build a community database of items for your members. Full features custom fields included.


IP.Board 2.3.4 Security Enhancements and DST Bug Fix

  • Please log in to reply
No replies to this topic

#1 Michael



  • Management
  • 3,562 posts
  • Gender:Male
  • IP.Board Version:IPB 3.4.x

Posted 13 March 2008 - 09:32 AM

IP.Board 2.3.4 Security Enhancements and DST Bug Fix

We are releasing a minor security update to address issues recently reported regarding areas of IP.Board 2.3.4. These security issues are rather low priority and the impact is minimal due to other security features in the software. We would like to thank the users and administrators of criticalsecurity.net for their help in identifying the issues and testing the patches.


Nesting custom bbcode in an improper fashion can result in the final HTML result of the bbcode being broken, and subsequently unwanted HTML injected into the tag. If used in specific fashions, a person could inject javascript event handlers into the final result. Additionally, we have added an "allowscriptaccess" parameter to flash movies parsed in IPB to prevent flash movies and avatars from having javascript access. These issues are mitigated due to the use of httpOnly cookies in IP.Board which limits the direct impact.

Additionally, we have patched a recent bug with the automated DST checking in IPB that has surfaced since the recent DST changeover.

Patching Your IP.Board

The IP.Board 2.3.4 download in the client area has already been updated with the required changes. If you download IP.Board after the date of this announcement your installation will be up to date.

Changed Files

Download the zip file below which includes only the changed files for this update. Simply upload and overwrite the old files.


Source: Click Here

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users