Web Wiz Forums version 7.95 released

Thanks Wizmasta!

The changed files are listed in the version history file:-

Changes from version 7.92 to version 7.95
------------------------------------------
1. email_messenger.asp - fixed email address bug
2. functions_send_email.asp - changed to allow CDOSYS to use localhost mail server
3. login_user.asp - fixed un-active user bug
4. post_message.asp - fixed editing page bug
5. post_message.asp - fixed subject editing bug
6. register.asp - intergrated new improved CAPTCHA security image with Web Wiz CAPTCHA v1.0 - www.webwizcaptcha.com
7. login_user.asp - now shows CAPTCHA images by default
8. admin/default.asp - intergradted new CAPTCHA images for login
9. CAPTCHA/CAPTCHA_form_inc.asp - new file for CAPTCHA form
10. CAPTCHA/CAPTCHA_image.asp - new file for CAPTCHA images
11. CAPTCHACAPTCHA_setup.asp  - setup file for CAPTCHA images
12. common.asp - updated version number
13. admin/common.asp - updated version number and new login for CAPTCHA images
14. default.asp - updated HTML head content
15. updated the copyright on all files to read 2005
16. functions/functions_send_mail.asp - updated to support JMail4 and SMTP authentication
17. language_files/language_file_inc.asp - updated to reflect new CAPTCHA image text
18. includes/adds_inc.asp - new ads file
19. functions/functions_date_time_format.asp - updated for improved performance
20. functions/functions_common.asp - added new function to calculate an international date that should work across all servers
21. post_message.asp - now uses new international date function
22. common.asp - updated to use international date function and should fix the CDate error that effects some servers
23. include/active_users_inc.asp - now uses international date function
24. mark_posts_as_read.asp - same as above
25. functions/functions_format_post.asp - updated edit parser to display edit date from international date format
26. admin/functions/functions_format_post.asp - updated edit parser to display edit date from international date format
27. default.asp - updated to use new last date cookie
28. active_topics.asp - same as above
29. remove_coookies.asp - same as above
30. active_topics.asp - improved performance and fixed LCID bug that effects some servers
31. security_image.asp - removed file as it is no-longer used

Version 8 is still some way off as when I finsh re-writing all the files for the new permissions system I then need to add new fetaures and look at making it compatible with mySQL. There is still allot of work to be done.


Edited by -boRg- - 20 October 2005 at 5:56am

If you just want to patch your forum to prevent the reported hack vulnerability as JJL surgests, then just changing the following files should be OK:-

post_message.asp
functions/functions_common.asp
functions/functions_format_post.asp

I've not tested just replacing these files, but from the chnages that I have made the forum should run without problems by just replacing these files. (it will certainly patch the vulnerability)

dfrancis wrote: Thanks Wizmasta!   Now, for the inevitable question. If upgrading a customized forum, which files are necessary to change in order to implement the security fixes. I ask because I am really holding our for v8 before a total re-write of the site.   I have sql v7.92 installed and working fine and would prefer, on your counsel, wait for v8.   What say you wise wizmasta?    (I just don't want to go through this and then in a few months say, "Shucks, I coulda had a V-8."  )