MyBB

MyBB

MyBB est une application open source de forum. MyBB est dérivé de XMB Forum depuis 2002.

Installation en 1 clic MyBB

Installation en 1 clic

Mise à jour facile MyBB

Mise à jour facile

Sauvegarde et restauration MyBB

Sauvegarde et restauration

Information

Application
forum
Catégorie
Logiciel de communauté
Version courante
1.8.8
Dernière mise à jour
17 October 2016
Langues
English

Configuration requise

Taille de l'installation
15 Mo
Base de données
mysql
License
open source
Vue d'ensemble
Quoi de neuf

1.8.8


17 Octobre - 15MBThis release fixes 7 security vulnerabilities and 58 reported issues causing incorrect functionality of MyBB.

Security
  • Medium risk: Style import CSS overwrite on Windows servers – reported by patryk
  • Medium risk: SQL Injection in the users data handler – reported by afinepl
  • Medium risk: SSRF attack in fetch_remote_file() – reported by dawid_golunski
  • Medium risk: Possible short name access to ACP backups on Windows servers – reported by kevinoclam
  • Low risk: Stored XSS in the ACP – reported by patryk
  • Low risk: Loose comparison false positives – reported by Devilshakerz
  • Low risk: Possible XSS injection in ACP users module – reported by afinepl

Bugs fixed
  • #2473 Bug: No cache handler used on upgrade
  • #2466 gender neutral pronoun
  • #2462 Bug: SQL error in Attachment Statistics with ONLY_FULL_GROUP_BY enabled
  • #2456 Bug: Hash instead of the password at the "forgot my password"
  • #2455 Enhancement: Essential HTTPS URL changes for *.mybb.com resources
  • #2447 Bug: SQL error on post split with ONLY_FULL_GROUP_BY enabled
  • #2446 Bug: Mark All Reports bug
  • #2443 Bug: MyBB not respecting https:// URLs of certain resources
  • #2436 Bug: Attachment counter wrong after merging posts
  • #2434 Bug: missing_username error when editing a deleted user's post
  • #2431 Bug: Default avatar broken on ACP when using a full URL
  • #2427 Bug: Admin interface issues on IPv6
  • #2424 Bug: Fixes #2422 Installation fails on aggressive opcache settings
  • #2422 Bug: Installation fails on aggressive opcache settings
  • #2421 Enhancement: Send users who click "chmod" somewhere helpful
  • #2417 Bug: Upgrade Bug
  • #2414 Bug: Swapped MCP banning breadcrumbs
  • #2410 Enhancement: Optimise images with a better algorithm than last time
  • #2408 Bug: Unclosed cursors leave tables locked on SQLite
  • #2405 Bug: Using [img align=X] overlaps with postbit_signature
  • #2402 Bug: ACP path not being removed correctly when sending mail
  • #2394 Bug: captcha.php using slow CSPRNG
  • #2389 Bug: Pictures with custom dimensions higher than 999 not shown
  • #2385 Bug: ACP language and button function error
  • #2383 Enhancement: Update timezone
  • #2378 Bug: Report spam possible with PM/E-mail report medium
  • #2377 Bug: Disabled referral system leads to wrong colspan in memberlist
  • #2370 Bug: Report notifications ignore moderator groups
  • #2363 Enhancement: Per theme default avatar
  • #2357 Bug: BMP images don't work for avatars
  • #2348 Bug: Useless subscription guest checks in UCP
  • #2305 Bug: ACP - statistics page - Stats limit not working
  • #2298 Bug: Weird signature validation conditionals
  • #2282 Bug: Unlisted "maxreputationsperuser" setting
  • #2256 Bug: No smilies/post icons
  • #2251 Bug: Bad words not parsed in breadcrumbs etc.
  • #2236 Bug: Buddy popup problem when user doesn't have any permissions
  • #2228 Bug: SCEditor - Duplicate tags after re-election.
  • #2211 Enhancement: .htaccess set wrong, no gzip for js
  • #2167 Bug: Unread indication doesn't work for guests
  • #2107 Bug: contact form not stripping html code in emails
  • #2057 Bug: PM folder language problem
  • #2050 Enhancement: Remove HTML in parser
  • #2039 Bug: Message after registration English although different language pack is used
  • #2022 Bug: Close Thread doesn't work via reply
  • #1988 Bug: Redirect problem with IDN after login
  • #1810 Enhancement: jGrowl alert types style
  • #1796 Bug: Delayed moderation - time bug
  • #1760 Enhancement: Deprecate update_password
  • #1729 Bug: Outdated CHMOD wiki link (and more docs.mybb.com links)
  • #1672 Enhancement: Attachment System Enhacements
  • #1647 Bug: Remove Attachment not working without refresh
  • #1631 Bug: username's should be htmlspecialchars_uni()'d
  • #1589 Bug: More proper URL validation
  • #1223 Enhancement: Report reasons enhancements
  • #1150 Enhancement: Remove hardcoded HTML v2
  • #1056 Bug: ACP: Replace hardcoded placeholder language string with an actual language variable
  • #298 Bug: Login per E-Mail
  • #259 Bug: User who is member of group that moderates certain (not all) furums is not recog...

Lire la suite: http://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/

1.8.7

(version de sécurité)
12 Mars - 15MBThis release fixes 13 security vulnerabilities and 83 reported issues causing incorrect functionality of MyBB.

Security
  • Medium risk: Possible SQL Injection in moderation tool – reported by jamslater
  • Low risk: Missing permission check in newreply.php – reported by StefanT
  • Low risk: Possible XSS Injection on login – reported by Devilshakerz
  • Low risk: Possible XSS Injection in member validation – reported by Tim Coen
  • Low risk: Possible XSS Injection in User CP – reported by Tim Coen
  • Low risk: Possible XSS Injection in Mod CP logs – reported by Starpaul20
  • Low risk: Possible XSS Injection when editing users in Mod CP – reported by Tim Coen
  • Low risk: Possible XSS Injection when pruning logs in ACP – reported by Devilshakerz
  • Low risk: Possibility of retrieving database details through templates – reported by Tim Coen
  • Low risk: Disclosure of ACP path when sending mails from ACP – reported by sarisisop
  • Low risk: Low adminsid & sid entropy – reported by Devilshakerz
  • Low risk: Clickjacking in ACP – reported by DingjieYang
  • Low risk: Missing directory listing protection in upload directories – reported by Tim Coen

Bugs fixed
  • #2351 Remove "Are You a Human" captcha
  • #2340 usercp_editlists_user - wrong lang string in title
  • #2330 Port is not stripped from the generated cookie domain
  • #2327 Calendar.php displaying wrong user title
  • #2319 Enable CURLOPT_FOLLOWLOCATION for fetch_remote_file()
  • #2314 Wrong PM update array code
  • #2313 Not a good way to update counters
  • #2312 Registration confirmation emails not being sent
  • #2310 SQL error when posting new post with custom moderation tool
  • #2306 SQL error in UserCP's Group Memberships when sql_mode=only_full_group_by
  • #2301 $theme['disporder'] may be not an array
  • #2292 Float number passed to mt_srand() on 32-bit systems
  • #2291 Typo in Email change message
  • #2288 Missing closing in template report_error_nomodal
  • #2287 Prefix - Staff Only = Uneditable
  • #2285 Ambiguous indirect variable access breaks PHP 7 compatibility
  • #2283 Missing closing in template report
  • #2278 PgSQL error when upgrading from User Permissions

Lire la suite: http://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/

1.8.6

(version de sécurité)
9 Septembre 2015 - 15MBThis release fixes 5 security vulnerabilities and 51 reported issues causing incorrect functionality of MyBB.

Security
  • Medium Risk: Forum password bypass in xmlhttp.php
  • Low Risk: SQL Injection in Grouppromotions module (ACP)
  • Low Risk: Possible XSS Injection in the error handler
  • Low Risk: Possible XSS issues in old upgrade files
  • Low Risk: Possible Full Path Disclosure in publicly accessible error log files

Bugs fixed
  • #2184 Quick edit not working when thread prefix is required
  • #2178 Question: What are "contants"?
  • #2171 Find Users should use `escape_string_like()`
  • #2168 Invalid RE: regex
  • #2164 output_row() $options['id']
  • #2163 Post subjects don't work correctly
  • #2149 Show latin1 as latin 1 and not as cp1252
  • #2145 Add A Group Leader Doesn't Put Leader In Usergroup
  • #2143 Parser removes spacing between list elements
  • #2141 ban_date2timestamp uses supports using timestamp but doesn't use it in date calls
  • #2129 Editing announcement is broken when global variable "$announcement"
  • #2126 reCaptcha not work if use SSL (HTTPS)
  • #2122 Quick reply wrong $postcounter
  • #2116 mysql
  • #2115 Inconsistent checks in db classes
  • #2106 Report Center Bug
  • #2105 System Email Log Filters
  • #2093 Sending message to myself with BCC will cause an error
  • #2091 Custom Profile Field descriptions should be properly escaped
  • #2084 UserDataHandler::delete_posts report content deletion is redundant.
  • #2077 Mssing using_remote_avatar language string.
  • #2076 usercp_avatar HTML syntax error.
  • #2054 Confusing admin and return mail
  • #2048 $settings undefined
  • #2037 Fetching MyBB credits fails -> endless redirection
  • #2026 Wrong Doc Blocks
  • #2018 Use queried id instead of input
  • #2016 Strange behaviour of "find_replace_templatesets"
  • #2009 Poll options values not saved in editpost.php
  • #2007 Preview table showing upon error
  • #2003 Deleting an event in 'editevent' without checking checkbox throws errors
  • #2001 Calendar does not show errors when adding events
  • #1999 Adding user in Admin-CP results in wrong timezone
  • #1978 Send PM: Duplicate check not working for multiple recipients
  • #1965 Calendar - problem with mini calendar
  • #1964 Using ||~|~|| in polls breaks poll
  • #1963 Editing problem in IE11
  • #1961 require a thread prefix for all threads doesnt work in edit post
  • #1955 Wrong SCEditor smilie check
  • #1913 Database export should ignore views
  • #1912 PM download umlaut problems
  • #1911 Unnecessary code in functions_post.php
  • #1906 Wrong information in profile/reputation report PMs
  • #1838 Birthday bug
  • #1820 Userhandler still doesn't delete some stuff
  • #1816 Very inefficient managegroups.php code...
  • #1793 Random generated password can throw error
  • #1752 Bypassing Theme Permissions
  • #1440 Soft delete doesn't show up in mod tools when searching threads
  • #907 Subject Max. Char. error on preview
  • #303 Function insert_id() not working in db_pgsql.php

Lire la suite: http://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/

1.8.5

(version de sécurité)
27 Mai 2015 - 15MBThis release fixes 6 security vulnerabilities and 58 reported issues causing incorrect functionality of MyBB.

Security
  • Medium Risk: Reset password code check could be circumvented in member.php – reported by solati.sadegh
  • Medium Risk: Sender email could be spoofed when sending an email to a user in member.php – reported by onlinedevelopers
  • Medium Risk: Permissions not checked for post search with old sid in search.php – reported by pedder55655
  • Medium Risk: XSS in quick edit function of xmlhttp.php – reported by TiberiusG
  • Low Risk: CSRF in ACP mass mail cancellation – reported by Destroy666
  • Low Risk: Use of the U+200E Unicode character to create "duplicate" username – reported by mahdy2021

Bugs fixed
  • #1997 Single forum/group select settings
  • #1995 URLs never shortened
  • #1986 HTML bug in modcp template
  • #1979 Send PM: Duplicate check inconsistent
  • #1977 password hash checks should use === and !== instead of == and !=
  • #1975 JavaScript Error with Multiline Smilies (Disables Editor)
  • #1957 Grammatical mistake
  • #1956 Division by zero FPD
  • #1953 ACP Smilies Mass Editor break all smilies on save.
  • #1951 grammatical error in admin cp
  • #1946 Template groups are case sensitive
  • #1945 Administrator permissions Tools -> Can manage spam logs
  • #1941 Duplicating a theme doesn't duplicate the templates
  • #1939 format_avatar caching issue
  • #1934 Wrong awaitingactivation check
  • #1933 is_numeric check in Mysql update_query
  • #1931 Reputation page shows incorrect user title
  • #1930 Bug in checkbox validation
  • #1928 Warnings for multiselect/checkbox profile fields
  • #1926 Upgrades from input - #754
  • Admin CP language - #690
  • Disable Default MyCodes - #686
  • More recount tools - #494
  • Option to disable contact details - #900
  • Log all ‘locked out' failures in ACP - #859
  • Add reported posts stats to ACP - #858
  • Delayed moderation improvements - #440
  • New Promotion rules - #429

Front-end: New Theme - #571
  • CSS buttons, PNG images, Sprite images, Fugue icons - #571
  • Attachable base colors for themes - #580
  • Relative Time - #558
  • Prototype to jQuery Conversion (yay!) - #251
  • Attachment Types Name - #442
  • CSS Minification - #564

Front-end: Other
  • Add ltrim() to search users input - #590
  • Change trim() in templates to rtrim() - #584
  • A tool to rebuild reputation - #591
  • Contact Page - #592 #715
  • Ability to delete default help topics - #589
  • If user is invisible & permissions disallow, hide all public data - #593
  • Post reputation should include thread subject - #594
  • Remove Gallery; Integrate Gravatar - #582 #586
  • Delete post on full edit should not show if no permission to delete - #595
  • Add option to stick/unstick to custom tools - #435
  • PM thread author in custom tools for threads - #581
  • Users cannot rate their own posts - #570
  • format_avatar() function - #569
  • Whitelist of avatar upload extensions - #568
  • Preview announcements - #567
  • Minimum post length to exclude MyCode - #566
  • IPv6 features - #565
  • APC cache handler - #574
  • $cache->delete method - #575
  • is_member() function - #576
  • delete_user() function - #408
  • IP addresses in PMs - #563
  • Don't ask for validation if validation is disabled - #577
  • Slow reply posting in long threads - #578
  • Soft Delete - #560
  • Login Datahandler - #572
  • Add theme selector to footer - #496
  • Forum redirect icon - #453
  • Permission to reply to own threads - #409
  • ModCP banned users list descending by default - #138
  • Quick Reply PM - #437
  • Poll Updates (Add poll link to thread page; limit of time before a thraed author can no longer add a poll) - #456
  • Update contact fields - #455
  • Are You a Human CAPTCHA - #443
  • Report Center - #556
  • Ability to sort Private Messages in inbox and other folders - #70
  • Recount Warning Points - #85
  • Warning points as a Group Promotion criteria - #88
  • Registration date and last active time as mass mail criteria - #100
  • Display profile fields on posts - #133
  • Add "Display posts in classic mode" option when editing user in Admin CP - #107
  • Move Edit Time Limit and Max Post Per Day to group settings - #114
  • Recount Private Messages - #132
  • Hide members from the Member List - #142
  • Force redirect page - #550
  • Searching plugins will highlight vulnerable ones (requires new Mods site) - Commit Link
  • Update $groupzerogreater array - #809
  • CDN Compatbility - #776
  • Goodbye Spammer - #775
  • Add Time Zones - #764
  • Thread Count - #761
  • Buddy System Enhancements - #757
  • Remove Hardcoded HTML - #756
  • Database optimization - #738
  • Overqualified Selectors - #976 #700
  • Subscription PM notification option - #689
  • Expand Forum Moderator permissions - #688
  • Add profile fields on registration - #687
  • Admin and Email activation option - #685
  • Publicly shown poll end date - #587
  • CAPTCHA Improvements - #557
  • Search Help Files - #497
  • Invite-only joinable groups - #493
  • Maximum Nested Quote Tags for PMs - #492
  • Hide stuff users don't have permission to use - #454
  • Edit Reason - #451
  • Add to mycode - #450
  • User option to disable images/videos - #449
  • Moderation Tools Improvements - #435
  • Forum Statistics Improvements - #434 #824
  • Profile Fields Enhancements - #433
  • Using update_query with BIT(1) fields - #360
  • inline_moderation.js friendly to table-less themes - #915
  • Memberlist sorting - #914
  • Force Login - #906
  • Add class to smilies - #905
  • AJAX for security questions - #894
  • Add get_user_by_username() helper function - #893
  • find_replace_templates() accepts SID - #889
  • $this->options in class_parser.php - #880
  • Add class to announcements - #879
  • Make forum friendly to outside pages - #878
  • Change showthread.php icons to sprite - #877
  • Add rebuild settings to cache tools - #875
  • Add email description editing to editor - #869
  • Add video sites to editor - #862
  • Check new members against StopForumSpam - #860
  • Jump to Page in pagination - #857
  • send_pm() should consider users' language - #834
  • Image re-scaling and long words/text wrapping CSS/HTML changes - #816
  • Moderate Groups - #439
  • Portal Improvements - #436
  • Moderation Notifications - #430
  • Thread Prefix system improvements - #427
  • Ability to Stop tracking all messages - #364
  • Settings description on installation - #197
  • Add Template::render method - #1344

Lire la suite: http://blog.mybb.com/2014/09/01/mybb-1-8-released/

Nos hébergements Web compatibles avec
MyBB

Web

Uniquement l'hébergement Web

Hébergement Web 100% SSD
100 Go et +
Gestion multisites
Certificats SSL gratuits
Protection Anti-DDoS
10 Go de VOD


En savoir plus

à partir de 5.75 € / mois

Classic

L'offre complète Web+Mail

Hébergement Web 100% SSD
100 Go et +
Gestion multisites
Certificats SSL gratuits
Protection Anti-DDoS
10 Go de VOD


Messagerie professionnelle
25 adresses email avec stockage illimité


WorkSpace
Messagerie en ligne
Messagerie instantanée
Synchronisation des contacts et agendas


En savoir plus

à partir de 7.42 € / mois

Serveur Cloud

Managé

Hébergement Web 100% SSD
100 Go et +
Multi-hebergements et multisites
Certificats SSL gratuits
Protection Anti-DDoS
10 Go de VOD


Puissance
2 CPU et +
6 Go de RAM et +
100% SSD
Ressources 100% dédiées


Gestion
Infomaniak gère votre serveur


En savoir plus

à partir de 29 € / mois

Prix en EUR TTC