SMF 2.0.14 Released!

Started by Skhilled, May 16, 2017, 06:29:44 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Skhilled

There have been posts over there talking about mods and themes may need to be upgraded and some users can't even login after upgrading. I suggest you  read the topics at smf.org first!


https://www.simplemachines.org/community/index.php?topic=553855.0


One thing I have noticed here is that Simple Portal's Member Information block has session issues and will not let you logout! Please use the login at the header until there is a fix.

Skhilled

Found a fix for the Simple Portal Login block.

In this file:  /Sources/PortalBlocks.php

Should be line 145:

FIND:
<input type="hidden" name="hash_passwrd" value="" />

REPLACE WITH:
<input type="hidden" name="hash_passwrd" value="" /><input type="hidden" name="', $context['session_var'], '" value="', $context['session_id'], '" />

This fix was from a SP member and not the SP devs. They may find another way to do it and will probably post another update.

ErfanR

Is it really necessary to update the SMF? so many incompatibilities with mods as it's just released.

Skhilled

This version is not a security release so it is not necessary. It does address some bug fixes and adds HTTPS compatibility. However, it also seems to have added a few bugs as well. LOL

Chen Zhen

Quote
! Check session while logging in
! Sanitize some fields to help guard against XSS

I believe there were some security updates as noted above.

Also from what I've experienced thus far something may have been changed in the $smcFunc database function as it no longer accepts instances of ie. {custom_clause} for where clauses within db queries. These are from the $user_info array and all mods using that method must have their files edited. This was not stated clearly in the release notes for SMF 2.0.14 but the behavior clearly shows a change.



Chen Zhen

I found the edit which causes the issue I mentioned, posted a fix for it concerning SMF 2.1 and suggested it be applied to the SMF 2.0.15 release.
ref. https://github.com/SimpleMachines/SMF2.1/pull/4065

They used an edit that was applied to SMF 2.1 a month ago for the SMF 2.0.14 release.
I have seen mods that use the same predefined references from the $user_info array that are not applied with their change.
My changes (or something similar) should allow that issue to be avoided.


Skhilled

Thanks for the correction! :)

Chen Zhen

Quote
! Check session while logging in

That may be related to the error you reported on your arcade test site.

Skhilled

Yes, possibly. I assumed it was due to the smf upgrade and/or switching to php 7.