SMF 2.0.14 Released!

Skhilled · May 16, 2017, 06:29:44 AM

There have been posts over there talking about mods and themes may need to be upgraded and some users can't even login after upgrading. I suggest you read the topics at smf.org first!

https://www.simplemachines.org/community/index.php?topic=553855.0

One thing I have noticed here is that Simple Portal's Member Information block has session issues and will not let you logout! Please use the login at the header until there is a fix.

Skhilled · May 22, 2017, 08:40:10 AM

Found a fix for the Simple Portal Login block.

In this file: /Sources/PortalBlocks.php

Should be line 145:

FIND:

Code Select

<input type="hidden" name="hash_passwrd" value="" />

REPLACE WITH:

Code Select

<input type="hidden" name="hash_passwrd" value="" /><input type="hidden" name="', $context['session_var'], '" value="', $context['session_id'], '" />

This fix was from a SP member and not the SP devs. They may find another way to do it and will probably post another update.

ErfanR · May 22, 2017, 02:27:23 PM

Is it really necessary to update the SMF? so many incompatibilities with mods as it's just released.

Skhilled · May 22, 2017, 08:15:58 PM

This version is not a security release so it is not necessary. It does address some bug fixes and adds HTTPS compatibility. However, it also seems to have added a few bugs as well. LOL

Chen Zhen · May 22, 2017, 08:31:12 PM

Quote
! Check session while logging in
! Sanitize some fields to help guard against XSS

I believe there were some security updates as noted above.

Also from what I've experienced thus far something may have been changed in the $smcFunc database function as it no longer accepts instances of ie. {custom_clause} for where clauses within db queries. These are from the $user_info array and all mods using that method must have their files edited. This was not stated clearly in the release notes for SMF 2.0.14 but the behavior clearly shows a change.

Chen Zhen · May 22, 2017, 09:29:55 PM

I found the edit which causes the issue I mentioned, posted a fix for it concerning SMF 2.1 and suggested it be applied to the SMF 2.0.15 release.
ref. https://github.com/SimpleMachines/SMF2.1/pull/4065

They used an edit that was applied to SMF 2.1 a month ago for the SMF 2.0.14 release.
I have seen mods that use the same predefined references from the $user_info array that are not applied with their change.
My changes (or something similar) should allow that issue to be avoided.

Skhilled · May 23, 2017, 08:22:26 AM

Thanks for the correction!

Chen Zhen · May 23, 2017, 11:31:10 PM

Quote
! Check session while logging in

That may be related to the error you reported on your arcade test site.

Skhilled · May 24, 2017, 07:42:49 AM

Yes, possibly. I assumed it was due to the smf upgrade and/or switching to php 7.