Nueva version 2.06d que corrije un fallo potencial cuando se usa Zend Optimizer 2.5 (esta versi���������������³n en especial segun psoTFX) y que afecta al login en phpBB.

Anuncio oficial por Debe estar registrado para ver este enlace.

La solucion, abrir [b:c898fc507e]viewtopic.php[/b:c898fc507e] y buscar:
[code:1:c898fc507e]
//
// Decide how to order the post display
//
if ( !empty($HTTP_POST_VARS['postorder']) || !empty($HTTP_GET_VARS['postorder']) )
{
$post_order = (!empty($HTTP_POST_VARS['postorder'])) ? $HTTP_POST_VARS['postorder'] : $HTTP_GET_VARS['postorder'];
$post_time_order = ($post_order == "asc") ? "ASC" : "DESC";
}
else
{
$post_order = 'asc';
$post_time_order = 'ASC';
}
[/code:1:c898fc507e]
Reemplazar por:
[code:1:c898fc507e]
//
// Decide how to order the post display
//
if ( !empty($HTTP_POST_VARS['postorder']) || !empty($HTTP_GET_VARS['postorder']) )
{
$post_order = (!empty($HTTP_POST_VARS['postorder'])) ? htmlspecialchars($HTTP_POST_VARS['postorder']) : htmlspecialchars($HTTP_GET_VARS['postorder']);
$post_time_order = ($post_order == "asc") ? "ASC" : "DESC";
}
else
{
$post_order = 'asc';
$post_time_order = 'ASC';
}
[/code:1:c898fc507e]

Anuncio oficial de Debe estar registrado para ver este enlace. en phpbb.com
Se trata de dos errores de seguridad en [b:b49a9969df]privmsg.php[/b:b49a9969df] y [b:b49a9969df]groupcp.html[/b:b49a9969df] asi que tendreis que realizar estos cambios en dichos archivos.

Los paquetes completos ya han sido actualizados en phpbb.com

[color=red:b49a9969df][b:b49a9969df]Antes de nada, hacer copias de seguridad de esos archivos[/b:b49a9969df][/color:b49a9969df]

Abrir el archivo [b:b49a9969df]privmsg.php[/b:b49a9969df] y Buscar esto...
[code:1:b49a9969df]if ( isset($HTTP_POST_VARS['folder']) || isset($HTTP_GET_VARS['folder']) )
{
$folder = ( isset($HTTP_POST_VARS['folder']) ) ? $HTTP_POST_VARS['folder'] : $HTTP_GET_VARS['folder'];

if ( $folder != 'inbox' && $folder != 'outbox' && $folder != 'sentbox' && $folder != 'savebox' )
{
$folder = 'inbox';
}
}
else
{
$folder = 'inbox';
}[/code:1:b49a9969df]
Reemplazar por esto...
[code:1:b49a9969df]if ( isset($HTTP_POST_VARS['folder']) || isset($HTTP_GET_VARS['folder']) )
{
$folder = ( isset($HTTP_POST_VARS['folder']) ) ? $HTTP_POST_VARS['folder'] : $HTTP_GET_VARS['folder'];
$folder = htmlspecialchars($folder);

if ( $folder != 'inbox' && $folder != 'outbox' && $folder != 'sentbox' && $folder != 'savebox' )
{
$folder = 'inbox';
}
}
else
{
$folder = 'inbox';
}[/code:1:b49a9969df]
Buscar esto...
[code:1:b49a9969df]if ( !empty($HTTP_POST_VARS['mode']) || !empty($HTTP_GET_VARS['mode']) )
{
$mode = ( !empty($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
}
else
{
$mode = '';
}[/code:1:b49a9969df]
Reemplazar esto...
[code:1:b49a9969df]if ( !empty($HTTP_POST_VARS['mode']) || !empty($HTTP_GET_VARS['mode']) )
{
$mode = ( !empty($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
$mode = htmlspecialchars($mode);
}
else
{
$mode = '';
}[/code:1:b49a9969df]
Guardar el archivo.

Abrir el archivo [b:b49a9969df]groupcp.html[/b:b49a9969df] y buscar esto...
[code:1:b49a9969df]if ( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) )
{
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
}
else
{
$mode = '';
}[/code:1:b49a9969df]
Reemplazar esto...
[code:1:b49a9969df]if ( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) )
{
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
$mode = htmlspecialchars($mode);
}
else
{
$mode = '';
}[/code:1:b49a9969df]
Buscar esto...
[code:1:b49a9969df]if ( ( ( isset($HTTP_POST_VARS['approve']) || isset($HTTP_POST_VARS['deny']) ) && isset($HTTP_POST_VARS['pending_members']) ) || ( isset($HTTP_POST_VARS['remove']) && isset($HTTP_POST_VARS['members']) ) )
{

$members = ( isset($HTTP_POST_VARS['approve']) || isset($HTTP_POST_VARS['deny']) ) ? $HTTP_POST_VARS['pending_members'] : $HTTP_POST_VARS['members'];

$sql_in = '';
for($i = 0; $i < count($members); $i++)
{
$sql_in .= ( ( $sql_in != '' ) ? ', ' : '' ) . $members[$i];
}[/code:1:b49a9969df]
Reemplazar esto...
[code:1:b49a9969df]if ( ( ( isset($HTTP_POST_VARS['approve']) || isset($HTTP_POST_VARS['deny']) ) && isset($HTTP_POST_VARS['pending_members']) ) || ( isset($HTTP_POST_VARS['remove']) && isset($HTTP_POST_VARS['members']) ) )
{

$members = ( isset($HTTP_POST_VARS['approve']) || isset($HTTP_POST_VARS['deny']) ) ? $HTTP_POST_VARS['pending_members'] : $HTTP_POST_VARS['members'];

$sql_in = '';
for($i = 0; $i < count($members); $i++)
{
$sql_in .= ( ( $sql_in != '' ) ? ', ' : '' ) . intval($members[$i]);
}[/code:1:b49a9969df]
Guardar el archivo y subir los dos archivos a vuestro sitio.