Text only | Text with Images

Docskillz

The Good Stuff => SMF Forum Help => Topic started by: Skhilled on May 16, 2017, 06:29:44 AM

Title: SMF 2.0.14 Released!
Post by: Skhilled on May 16, 2017, 06:29:44 AM
There have been posts over there talking about mods and themes may need to be upgraded and some users can't even login after upgrading. I suggest you  read the topics at smf.org first!


https://www.simplemachines.org/community/index.php?topic=553855.0


One thing I have noticed here is that Simple Portal's Member Information block has session issues and will not let you logout! Please use the login at the header until there is a fix.
Title: Re: SMF 2.0.14 Released!
Post by: Skhilled on May 22, 2017, 08:40:10 AM
Found a fix for the Simple Portal Login block.

In this file:  /Sources/PortalBlocks.php

Should be line 145:

FIND:
Code Select
<input type="hidden" name="hash_passwrd" value="" />

REPLACE WITH:
Code Select
<input type="hidden" name="hash_passwrd" value="" /><input type="hidden" name="', $context['session_var'], '" value="', $context['session_id'], '" />

This fix was from a SP member and not the SP devs. They may find another way to do it and will probably post another update.
Title: Re: SMF 2.0.14 Released!
Post by: ErfanR on May 22, 2017, 02:27:23 PM
Is it really necessary to update the SMF? so many incompatibilities with mods as it's just released.
Title: Re: SMF 2.0.14 Released!
Post by: Skhilled on May 22, 2017, 08:15:58 PM
This version is not a security release so it is not necessary. It does address some bug fixes and adds HTTPS compatibility. However, it also seems to have added a few bugs as well. LOL
Title: Re: SMF 2.0.14 Released!
Post by: Chen Zhen on May 22, 2017, 08:31:12 PM
Quote
! Check session while logging in
! Sanitize some fields to help guard against XSS

I believe there were some security updates as noted above.

Also from what I've experienced thus far something may have been changed in the $smcFunc database function as it no longer accepts instances of ie. {custom_clause} for where clauses within db queries. These are from the $user_info array and all mods using that method must have their files edited. This was not stated clearly in the release notes for SMF 2.0.14 but the behavior clearly shows a change.


Title: Re: SMF 2.0.14 Released!
Post by: Chen Zhen on May 22, 2017, 09:29:55 PM
I found the edit which causes the issue I mentioned, posted a fix for it concerning SMF 2.1 and suggested it be applied to the SMF 2.0.15 release.
ref. https://github.com/SimpleMachines/SMF2.1/pull/4065

They used an edit that was applied to SMF 2.1 a month ago for the SMF 2.0.14 release.
I have seen mods that use the same predefined references from the $user_info array that are not applied with their change.
My changes (or something similar) should allow that issue to be avoided.

Title: Re: SMF 2.0.14 Released!
Post by: Skhilled on May 23, 2017, 08:22:26 AM
Thanks for the correction! :)
Title: Re: SMF 2.0.14 Released!
Post by: Chen Zhen on May 23, 2017, 11:31:10 PM
Quote
! Check session while logging in

That may be related to the error you reported on your arcade test site.
Title: Re: SMF 2.0.14 Released!
Post by: Skhilled on May 24, 2017, 07:42:49 AM
Yes, possibly. I assumed it was due to the smf upgrade and/or switching to php 7.
Text only | Text with Images