İlerde problem yaşamamak için konuyu sonuna kadar okuyunuz.SMF 2.0.3 ve SMF 1.1.17 kullanıcılarının tespit edilen güvenlik açığı nedeniyle 2.0.3 kullanıcıları forumlarını 2.0.4 sürüme, 1.1.17 kullanıcıları ise forumlarını 1.1.18 sürüme güncellemeleri gerekmektedir.
2.0.3 sürümden 2.0.4 sürüme güncelleme yapmak için
buraya tıklayıp güncelleme paketini indirin ve paket yöneticisinden paket yükler gibi kurunuz. Paket yöneticisinden kurmayı bilmeyenler aşağıdaki manuel amlatımı uygulayarak yapabilirler.
2.0.3 sürümden 2.0.4 sürüme manuel güncelleme talimatı:./Sources/Register.php
Bul:
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0
Değiştir:
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.4
Bul:
if (isset($_POST['new_email'], $_REQUEST['passwd']) && sha1(strtolower($row['member_name']) . $_REQUEST['passwd']) == $row['passwd'])
Değiştir:
if (isset($_POST['new_email'], $_REQUEST['passwd']) && sha1(strtolower($row['member_name']) . $_REQUEST['passwd']) == $row['passwd'] && ($row['is_activated'] == 0 || $row['is_activated'] == 2))
./Sources/ManageErrors.php
Bul:
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0
Değiştir:
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.4
Bul:
global $context, $txt, $boarddir, $sourcedir;
// Check for the administrative permission to do this.
isAllowedTo('admin_forum');
// decode the file and get the line
$file = base64_decode($_REQUEST['file']);
$line = isset($_REQUEST['line']) ? (int) $_REQUEST['line'] : 0;
// Make sure the file we are looking for is one they are allowed to look at
if (!is_readable($file) || (strpos($file, '../') !== false && ( strpos($file, $boarddir) === false || strpos($file, $sourcedir) === false)))
Değiştir
global $context, $txt, $boarddir, $sourcedir, $cachedir;
// Check for the administrative permission to do this.
isAllowedTo('admin_forum');
// Decode the file and get the line
$file = realpath(base64_decode($_REQUEST['file']));
$real_board = realpath($boarddir);
$real_source = realpath($sourcedir);
$real_cache = realpath($cachedir);
$basename = strtolower(basename($file));
$ext = strrchr($basename, '.');
$line = isset($_REQUEST['line']) ? (int) $_REQUEST['line'] : 0;
// Make sure the file we are looking for is one they are allowed to look at
if ($ext != '.php' || (strpos($file, $real_board) === false && strpos($file, $real_source) === false) || ($basename == 'settings.php' || $basename == 'settings_bak.php') || strpos($file, $real_cache) !== false || !is_readable($file))
./Sources/Themes.php
Bul:
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0
Değiştir:
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.4
Bul:
list ($theme_dir, $context['theme_id']) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
Değiştir:
list ($theme_dir, $context['theme_id']) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
if (!file_exists($theme_dir . '/index.template.php') && !file_exists($theme_dir . '/css/index.css'))
fatal_lang_error('theme_edit_missing', false);
./Sources/ManageServer.php
Bul:
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0
Değiştir:
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.4
Bul:
if ($_POST['def_language'] != $language)
Değiştir:
getLanguages(true, false);
$lang_exists = false;
foreach ($context['languages'] as $lang)
{
if ($_POST['def_language'] == $lang['filename'])
{
$lang_exists = true;
break;
}
}
if ($_POST['def_language'] != $language && $lang_exists)
./SSI.php
Bul:
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.3
Değiştir:
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.4
Bul:
function ssi_fetchPosts($post_ids, $override_permissions = false, $output_method = 'echo')
{
global $user_info, $modSettings;
Değişir:
function ssi_fetchPosts($post_ids = array(), $override_permissions = false, $output_method = 'echo')
{
global $user_info, $modSettings;
if (empty($post_ids))
return;
Bul:
function ssi_fetchMember($member_ids, $output_method = 'echo')
{
Değiştir:
function ssi_fetchMember($member_ids = array(), $output_method = 'echo')
{
if (empty($member_ids))
return;
Bul:
function ssi_fetchGroupMembers($group_id, $output_method = 'echo')
{
Değiştir:
function ssi_fetchGroupMembers($group_id = null, $output_method = 'echo')
{
if ($group_id === null)
return;
Bul:
function ssi_queryMembers($query_where, $query_where_params = array(), $query_limit = '', $query_order = 'id_member DESC', $output_method = 'echo')
{
global $context, $settings, $scripturl, $txt, $db_prefix, $user_info;
global $modSettings, $smcFunc, $memberContext;
Değiştir:
function ssi_queryMembers($query_where = null, $query_where_params = array(), $query_limit = '', $query_order = 'id_member DESC', $output_method = 'echo')
{
global $context, $settings, $scripturl, $txt, $db_prefix, $user_info;
global $modSettings, $smcFunc, $memberContext;
if ($query_where === null)
return;
Bul:
global $scripturl, $modSettings, $user_info;
Değiştir:
global $scripturl, $modSettings, $user_info;
if (empty($modSettings['cal_enabled']) || !allowedTo('calendar_view') || !allowedTo('profile_view_any'))
return;
Bul:
$eventOptions = array(
'include_holidays' => true,
Değiştir:
if (empty($modSettings['cal_enabled']) || !allowedTo('calendar_view'))
return;
$eventOptions = array(
'include_holidays' => true,
Bul:
$eventOptions = array(
'include_events' => true,
Değiştir:
if (empty($modSettings['cal_enabled']) || !allowedTo('calendar_view'))
return;
$eventOptions = array(
'include_events' => true,
Bul:
global $modSettings, $txt, $scripturl, $user_info;
$eventOptions = array(
'include_birthdays' => true,
Değiştir:
global $modSettings, $txt, $scripturl, $user_info;
$eventOptions = array(
'include_birthdays' => allowedTo('profile_view_any'),
Bul:
global $db_prefix, $user_info, $scripturl, $modSettings, $txt, $context, $smcFunc;
Değiştir:
global $db_prefix, $user_info, $scripturl, $modSettings, $txt, $context, $smcFunc;
if (empty($modSettings['cal_enabled']) || !allowedTo('calendar_view'))
return;
./Themes/default/languages/index.turkish.php
(Paket kuranlar bu değişikliği manuel uygulasın)Bul:
// Version: 2.0; index
Değiştir:
// Version: 2.0.4; index
Bul:
<a href="http://www.simplemachines.org/about/smf/license.php" title="License" target="_blank" class="new_win">SMF © 2011</a>, <a href="http://www.simplemachines.org" title="Simple Machines" target="_blank" class="new_win">Simple Machines</a>';
Değiştir:
<a href="http://www.simplemachines.org/about/smf/license.php" title="License" target="_blank" class="new_win">SMF © 2013</a>, <a href="http://www.simplemachines.org" title="Simple Machines" target="_blank" class="new_win">Simple Machines</a>';
./Themes/default/languages/index.english.php
Bul:
// Version: 2.0; index
Değiştir:
// Version: 2.0.4; index
Bul:
<a href="http://www.simplemachines.org/about/smf/license.php" title="License" target="_blank" class="new_win">SMF © 2011</a>, <a href="http://www.simplemachines.org" title="Simple Machines" target="_blank" class="new_win">Simple Machines</a>';
Değiştir:
<a href="http://www.simplemachines.org/about/smf/license.php" title="License" target="_blank" class="new_win">SMF © 2013</a>, <a href="http://www.simplemachines.org" title="Simple Machines" target="_blank" class="new_win">Simple Machines</a>';
./index.php
Bul:
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.3
Değiştir:
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.4
Bul:
$forum_version = 'SMF 2.0.3';
Değiştir:
$forum_version = 'SMF 2.0.4';
./Sources/LogInOut.php
Bul:
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0
Değiştir:
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.4
Bul:
// Timestamp invalid or non-existent?
if (empty($number_tries) || $time_stamp < (time() - 10))
{
// If it wasn't *that* long ago, don't give them another five goes.
$number_tries = !empty($number_tries) && $time_stamp < (time() - 20) ? 2 : 0;
$time_stamp = time();
}
Değiştir:
// Timestamp or number of tries invalid?
if (empty($number_tries) || empty($time_stamp))
{
$number_tries = 0;
$time_stamp = time();
}
// They've failed logging in already
if (!empty($number_tries))
{
// Give them less chances if they failed before
$number_tries = $time_stamp < time() - 20 ? 2 : $number_tries;
// They are trying too fast, make them wait longer
if ($time_stamp < time() - 10)
$time_stamp = time();
}
./Sources/Errors.php
Bul:
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0
Değiştir:
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.4
Bul:
function show_db_error($loadavg = false)
{
global $sourcedir, $mbname, $maintenance, $mtitle, $mmessage, $modSettings;
global $db_connection, $webmaster_email, $db_last_error, $db_error_send, $smcFunc;
sonrasına ekle
// Just check we're not in any buffers, just in case.
for ($i = ob_get_level(); $i > 0; $i--)
@ob_end_clean();
./Sources/Subs-Db-mysql.php
Bul:
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0
Değiştir:
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.4
Bul:
list ($values, $connection) = $db_callback;
sonrasına ekle
if (!is_resource($connection))
db_fatal_error();
./Sources/Subs-Db-postgresql.php
Bul:
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0
Değiştir:
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.4
Bul:
list ($values, $connection) = $db_callback;
sonrasına ekle
if (!is_resource($connection))
db_fatal_error();
./Sources/Reminder.php
Bul:
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0
Değiştir:
* @copyright 2011 Simple Machines
* @license http://www.simplemachines.org/about/smf/license.php BSD
*
* @version 2.0.4
Bul:
if (empty($_POST['code']) || substr($realCode, 0, 10) != substr(md5($_POST['code']), 0, 10))
Değiştir:
if (empty($_POST['code']) || substr($realCode, 0, 10) !== substr(md5($_POST['code']), 0, 10))
Güncelleme işlemi bittikten sonra veritabanı hatası alınmaması için veri tabanının da güncellenmesi gerekmekte. Bunun için aşağıdaki uygulamayı yapınız.Buraya tıklayıp upgrade dosyalarını indirin. Sonra içinden şu dosyaları çıkarıp forum dizinine atın.
upgrade.php
upgrade_1-0.sql
upgrade_1-1.sql
upgrade_2-0_mysql.sql
upgrade_2-0_postgresql.sql
upgrade_2-0_sqlite.sql
Admin panelden forum bakımı yapın. İstatistikleri yeniden saydırın, hataları bul düzelt deyin, tabloları düzelt tıklayın.
Sonra da upgrade.php çalıştırıp işlemi tamamlayın.
Güvenliğiniz için aşağıdaki dosyaları da silin:
upgrade.php
upgrade_1-0.sql
upgrade_1-1.sql
upgrade_2-0_mysql.sql
upgrade_2-0_postgresql.sql
upgrade_2-0_sqlite.sql