Patching the application of the other versions:
Open the file: includes/functions.class.php
Search for:
CODE
/**
* Check if delicious cookie is here or another eat it mmmm
*/
function IsCookie($cookie_name)
{
global $PowerBB;
return empty($PowerBB->_COOKIE[$cookie_name]) ? false : true;
}
Replace with:
CODE
/**
* Check if delicious cookie is here or another eat it mmmm
*/
function IsCookie($cookie_name)
{
global $PowerBB;
// I hate SQL injections
$PowerBB->_COOKIE[$cookie_name] = $PowerBB->functions->CleanVariable($PowerBB->_COOKIE[$cookie_name],'sql');
// I hate XSS
$PowerBB->_COOKIE[$cookie_name] = $PowerBB->functions->CleanVariable($PowerBB->_COOKIE[$cookie_name],'html');
return empty($PowerBB->_COOKIE[$cookie_name]) ? false : true;
}
Open the file: modules/admin/common.module.php
Search for:
CODE
$username = $PowerBB->_COOKIE[$PowerBB->_CONF['admin_username_cookie']];
Replace with:
CODE
if ($PowerBB->functions->IsCookie($PowerBB->_CONF['admin_username_cookie'])
and $PowerBB->functions->IsCookie($PowerBB->_CONF['admin_password_cookie']))
{
$username = $PowerBB->_COOKIE[$PowerBB->_CONF['admin_username_cookie']];
Search for:
CODE
}
function _CommonCode()
Replace with:
CODE
}
}
function _CommonCode()
Open the file: engine/systems/member.class.php
Search for:
CODE
setcookie($this->Engine->_CONF['username_cookie'],$param['username'],$param['expire']);
setcookie($this->Engine->_CONF['password_cookie'],$param['password'],$param['expire']);
Replace with:
CODE
setcookie($this->Engine->_CONF['username_cookie'],$param['username'],$param['expire'], NULL ,NULL, NULL, TRUE);
setcookie($this->Engine->_CONF['password_cookie'],$param['password'],$param['expire'], NULL ,NULL, NULL, TRUE);
Ended ..