phpBB 2.0.20

Posted on Saturday, April 08 2006 @ 18:16 CEST by LSDsmurf

Fixed:

Prevent login attempts from incrementing for inactive users
Do not check maximum login attempts on re-authentication to the admin panel - tomknight
Regenerate session keys on password change
retrieving category rows in index.php (Bug #90)
improved index performance by determining the permissions before iterating through all forums (Bug #91)
Better handling of short usernames within the search (bug #105)
Send a no-cache header on admin pages as well as normal board pages (Bug #149)
Apply word censors to the message when quoting it (Bug #405)
Improved performance of query in admin_groups (Bug #753)
Workaround for an issue in either PHP or MSSQL resulting in a space being returned instead of an empty string (bug #830)
Correct use of default_style config value (Bug #861)
Replace unneeded unset calls in admin_db_utilities.php - vanderaj
Improved error handling in modcp.php
Improved handling of forums to which the user does not have any explicit permissions - vanderaj
Assorted fixes and cleanup of admin_ranks.php, now requires confirmation of deletions
Assorted fixes and cleanup of admin_words.php, now requires confirmation of deletions
Addition and editing of smilies can no longer be performed via GET, now requires confirmation of deletions
Escape group names in admin_groups.php

Security:

Replace strip_tags with htmlspecialchars in private message subject
Some changes to HTML handling if enabled
Escape any special characters in reverse dns - Anthrax101
Typecast poll id values - Anthrax101
Added configurable search flood control to reduce the effect of DoS style attacks
Changed the way we create "random" values for use as keys - chinchilla/Anthrax101
Enabled Visual Confirmation by default

Changed:

Changed handling of the case where a selected style doesn't exist in the database
Changed handling of topic pruning to improve performance
Changed default forum permissions to only allow registered users to post in new forums