Hello,

We are sorry to announce that a security issue was found in phpBB 3.0.7 and pleased to announce you the availability of the phpBB SEO Premod 3.0.7-PL1 package, Did seven was a curse edition (FYI PL stands for Patch List).

This release update the premod to phpBB3.0.7-PL1 but does not involve any changes in the phpBB SEO mods. Please refer to the phpBB SEO Premod 3.0.7 announcement thread to find out what was new in 3.0.7.

Demo : http://demo.phpbb-seo.net/

New in this version :

• Nothing for the phpBB SEO mods (since 3.0.7)

phpBB.com wrote:We promised working feeds for phpBB 3.0.7. Sadly, we were not able to deliver on that promise - a critical bug in the permission handling for feeds slipped past. To all people who already have updated to 3.0.7, it is of critical importance to update to 3.0.7-PL1. Otherwise, it is possible for users to bypass permission settings under the following circumstances:

• Feeds are enabled
• Any of the posts or topics feeds are enabled
• The unauthorised user - or one of the groups they are a member of - have forum permissions set on a private forum
• If you have excluded a forum from the list of forums that provide feeds, it is unaffected

Note: We recommend the use of a regular update routine over manually editing your files. If you manually edit your files your board will not recognise the update.
The fix for the issue is a single line change inside of feed.php, line 525 has changed from:

Code: Select all

    $forum_ids = array_keys($auth->acl_getf('f_read'));   

to:

Code: Select all

    $forum_ids = array_keys($auth->acl_getf('f_read', true));   

There were no other changes, in particular neither style nor language changes.

Minimum Requirements
phpBB3 has a few requirements which must be met before you are able to install and use it.

• A webserver or web hosting account running on any major Operating System with support for PHP
• A SQL database system, one of:
  
  • MySQL 3.23 or above (MySQLi supported)
  • PostgreSQL 7.3+
  • SQLite 2.8.2+
  • Firebird 2.1+
  • MS SQL Server 2000 or above (directly or via ODBC)
  • Oracle
• PHP 4.3.3+ (>=4.3.3, >4.4.x, >5.x.x, >6.0-dev (compatible)) with support for the database you intend to use.
• getimagesize() function need to be enabled
• These optional presence of the following modules within PHP will provide access to additional features, but they are not required.
  
  • zlib Compression support
  • Remote FTP support
  • XML support
  • Imagemagick support
  • GD Support

The presence of each of these optional modules will be checked during the installation process.
The mod_rewrite Apache module will be necessary to use url rewriting. It is though possible to adapt the rewriterules for isap_rewrite on IIS servers (windows).

Security
Security issues found should be reported to the phpBB.com security tracker in the usual way.

Available packages

If you experience problems with the automatic update (white screens, timeouts, etc.) we recommend using the "changed files only" method for updating.

With this release, there are four packages available.

• Full Package
  Contains entire phpBB SEO premod source English and French language files.
  
• Changed Files Only
  Contains only those files changed from previous versions of the phpBB3 SEO Premod.
  We also packaged a 3.0.6 to 3.0.7-PL1 Changed File package.
• Automatic Update Package
  Update package for the automatic updater, containing the changes from previous release to this release.
  We also packaged a 3.0.6 to 3.0.7-PL1 Automatic File package.
• Patch Files Package :
  Contains patch compatible patches from previous versions of phpBB3. Mainly intended for advanced users.
  This package contains a 3.0.6 to 3.0.7-PL1 patch
Select whichever package is most suitable for you.

Translations Update :

• Both French and English language pack are included by default in the auto update and changed file package.
• In case you are not using the french language pack at all, you can safely ignore updates of the French language files. Leaving it on your ftp and let the updater update it is of course not a problem.

Please ensure you read the INSTALL and README documents in docs/ before proceeding with installation, updates or conversions!.

Be sure to take a look at the official phpBB announcement thread to find out more about the phpBB3.0.7-PL1 new features and bug fixes included in the phpBB SEO Premod.

Please note for update :

• This update will not change any of your current URL settings, there is actually no phpBB SEO mod update in it
• GYM Sitemap & RSS
  
  • GYM update process is now included in the auto update package and will handle all the required code changes for the premod files, but you WILL have to run the gym_sitemaps/gym_install.php script in update mode after you updated phpBB. If you do not use GYM, it is still wise to keep the file up to date, if you have deleted them, just ignore the GYM file update.
  • IMPORTANT :
    GYM sitemaps and RSS is likely to be updated before the premod, it will be up to you to keep it up to date meanwhile, you can be notified about updates by subscribing to the release thread while logged in : GYM Sitemaps & RSS module 2.0.1

Note :

• The SEO Premod includes a fix in includes/utf/utf_tools.php for a bug that does not affect all installations but can be quite annoying.
  This bug was reported, but was not fixed in phpBB 3.0.7-PL1, and surprisingly, will not be fixed, since it was turned to "Will not fix" by the phpBB Group.
  For more details : http://www.phpbb.com/bugs/phpbb3/ticket ... t_id=52315

Download/Documentation

phpBB SEO Premod Downloads
phpBB SEO Premod Release thread
phpBB SEO Premod support forum
French speaking announcement thread

hi dcz,

in your bug tracker ticket (http://www.phpbb.com/bugs/phpbb3/ticket ... t_id=52315),
you said to add

Code: Select all

       @ini_set("mbstring.internal_encoding", 'UTF-8');

BEFORE

Code: Select all

       mb_internal_encoding('UTF-8');

but i see it AFTER when i look in includes/utf/utf_tools.php

thanks ^^

This does not make any difference, and the fixed utf_tools.php included in the premod does contain the full fix for when ini_set is not usable (eg explicitly specify encoding when calling mb functions).
In addition, the same ini_set call is performed in the phpbb_seo_class.php (still with an @) as an additional precaution (when used standalone, the code could not have a friendly utf_tools.php version).

The ini_set fix is the best when ini_set is usable, because it will fix the issue in the phpBB utf8 package mb function calls and will as well work if you or a mod you add does call a mb function directly.
The explicit encoding trick works even if ini_set can't be used, but it will only fix the matter for code using phpBB utf8 package, direct calls to mb functions will not be protected if they do not explicitly specify the encoding each time.
That's why we used both approaches, and additionally added the ini_set call in the phpbb_seo class.

I don't clearly understand why the phpBB Group did not fix this one, the fact that phpBB does not use parse_str just means nothing to me. It's not up to phpBB to decide if we can or not use a php function, especially when the function exist in all supported (by phpBB) versions of php, and more when the fix is just there and simple. And even if it odes only concern two php versions for people using mb_string.

About the effect, well, they could pretty much be of any severity since it result into corrupting the entire string manipulation process. And it's quite a hard one to debug since the effect can show up very far form where pars_str would have been used in the code, no need to mention the odd relation between the cause and effects.

Fortunately, php developers did think it was worth fixing, and it was fixed under php5.3-latest.

++

maybe they don't really understand its importance ^^

I still did not update it to version 3.0.7 so would it be recommended to make the update to 3.0.7-PL1??

Thank You.

mehboob wrote:I still did not update it to version 3.0.7 so would it be recommended to make the update to 3.0.7-PL1??

Thank You.

ofcourse.

Not to mention this update is very easy (only two files to update).

Alright,
I will update to the next version then. Thank you for the quick response.

Hello.

I auto-installed phpBB 3.0.7-PL1 on my forum.

I've made all categories, threads and started posting.
Now I want to have phpBB SEO on my forum.
My questions is:

Can someone link me or help me to a noob-step-to-step-guide on how I can upgrade to phpBB SEO premod 3.0.7-PL1.
I have never ever done this before, so please don't bash me for being a complete noob!
I do have FTP access and I do have a control panel I can use.

I want to update, but I don't want to lose what i've already done with my forum.
Already mentioned that I have added the categories etc. I've also added a new skin and I've hired a GFX artist already.

So - How can I upgrade to this version, without destroying what i've done so far.

Please, help me out. I'd really need this.

Kindest Regards,

The nab.

thenab wrote:Can someone link me or help me to a noob-step-to-step-guide on how I can upgrade to phpBB SEO premod 3.0.7-PL1.

[HOW TO] Install the phpBB SEO premod on phpBB.

phpBB SEO premod 3.0.7-PL1 released!

& its is gooooooooooooooooood

i'm looking phpbb-seo All mods professional installation to my phpbb forum ? if anyone have experience please contact me?

Thanks.

privilegeserver wrote:i'm looking phpbb-seo All mods professional installation to my phpbb forum ? if anyone have experience please contact me?

Thanks.

I sent you a PM.