XMB 1.9.10 Karl Documentation

What's New

XMB 1.9.10
Released on 9 June 2008.
MySQL Version requirement raised to 4.0.16.
CVE-2004-1862 Closed.
New forum permissions system.
New flow of control in post.php mitigates lost input.
Added Avatars to U2U messages.
Added Client-side avatar dimension checking.
Added Config.php corruption checking.
Added Forum group name to navigation "Breadcrumbs".
Added More Smilies Pop-up Links.
Added PID links from Search to viewthread.
Added U2U links to the Address Book.
Better Forum management page.
Better Magic-quote handling.
Better Unicode support within message bodies.
Fixed Avatar dimension checking on servers with allow_url_fopen = false.
Changed the Merge Threads dialog.
Fixed All LIKE and REGEXP query encoding.
Fixed Avatar List option.
Fixed Banned Members Cannot Logout.
Fixed Broken links to profiles.
Fixed Captcha contrast with theme colors.
Fixed Delete Posts in the admin panel member search.
Fixed Feature - Fix Last Posts - Very Slow.
Fixed I/O problems in the settings page.
Fixed Many problems in topicadmin.php
Fixed Moods Not Parsed Correctly.
Fixed Octet limitation in IP Banning.
Fixed Prune feature in admin panel.
Fixed Syntax bugs in CP Search.
Fixed Theme Creation Bug.
Fixed U2U Folder bugs.
Fixed Upgrade failures caused by inadequate index logic.
Fixed Verify email address links.
Moved 'Report post' and 'vote' features from topicadmin to new vtmisc.php file.
Removed $threadSubject from header.php.
Removed Extra queries from updateforumcount().
Removed Usernames from javascript Popup() calls.
Restored U2U multi-recipient buddy list feature.
Spell Check now consumes apostrophes and rejects digits.
Updated and corrected the server version checks.

XMB 1.9.9
Released on 26 March 2008.
Recalled on 19 April 2008 after a staff change at XMB.

XMB 1.9.8 SP3
Released on 9 May 2008
PHP Requirement raised to 4.3.0
CVE-2005-2574 Closed.
CVE-2006-1748 Closed.
CVE-2007-0519 Closed.
Fixed Avatar URLs with "&" or "php" never saved.
Fixed BB Code parsing inside [code] tags.
Fixed Can't delete attachments using Control Panel.
Fixed Captchaimages database table grows out of control.
Fixed Censors don't work if the same word is typed repeatedly.
Fixed color captcha when no background image used.
Fixed Control Panel won't save apostrophes in website title.
Fixed Full text profile search doesn't work.
Fixed Login after password-reset.
Fixed Logout doesn't work on password-protected forums.
Fixed Passwords with leading or trailing whitespace don't always work.
Fixed Rename attachment doesn't work.
Fixed search for posts in a specific forum.
Fixed Spaces in attachment filenames change to underscores.
Fixed random password generator array subscript overflow.
Fixed Status code was 200 when transmitting "forum not found" errors.
Fixed Top/Untop causes SQL error if no threads are selected.
Fixed User profiles show character entities like "&"
Fixed Usernames containing "&" cause broken links and tools.

XMB 1.9.8 SP2
Released on 31 December 2007
Fixed Can't see more than 2 pages of search results.
Fixed Deleting all but one smilie in the smilies manager causes error.
Fixed Invalid EHLO command in SMTP mailer.
Fixed Page int parameter sometimes incorrect in viewthread.php.

XMB 1.9.8 SP1
Released on 16 December 2007
[Fix] Poll Options Bug
[Cosmetic] Template improvements
[Feature] Forum quick jump status control in settings
[Feature] Registration form optional fields status control in settings
[Feature] Quick reply status control in settings
[Feature] Index Stats bar status control in settings
[Feature] Hide accounts that have not yet logged in on index and member list
[Feature] Option to search for accounts that have not logged in yet via admin panel in members settings option
[Fix] Addressed insertion issues with IE6 browser - Thanks to whinpo
[Fix] Addressed sub forum privacy bug from shwoing in several areas of the software.
[Cosmetic/Feature] Added who's online today back on index and removed redundant one in misc.php

XMB 1.9.8
Released on 7 December 2007
New poll system
Sub-Forums on index
Forum quick jump
Optimized search facility
Validation routines
Mass moderation
CAPTCHA integration
MySQL 5 compatibility
Cosmetic Improvements
New administration tools

XMB 1.9.7
This version was not released.

XMB 1.9.6
This version was not released.

XMB 1.9.5
Released on 7 March 2006
Fixed several security vulnerabilities.
Improved URL-matching regular expression as per RFC's.
Fixed ongoing charset bug.
Fixed new birthday code selection drop downs.
Made hover (mouseover) for category links consistent for IE and Mozilla.
Instated 32 maximum character restriction for usernames.
XMB 1.9.4
Released on 1 March 2006
Added better security to the [size][/size] pattern
Added new birthday-date format (ISO 8601 compatible)
Added optional (easier) debugging
Added post_edit_attachment to the template-preload-queue
Added printsetting4() for textarea's and converted existing ones to use it
Added SMTP-logging when DEBUG=true
Added limit for usernames, making them have min. 3 chars
Check for a 250 response on QUIT using socket_SMTP, according to the RFC this is required, and if missed could lead to odd behaviour
Date format fixes
Fixed '.' characters in URLs breaking links
Fixed CSS template to be loaded in error()
Fixed default time format not used during registration
Fixed HTML not properly being escaped in custom-status field
Fixed Moderator can still delete posts via thread-prune when allowrankedit=On
Fixed newsletters showing weird chars
Fixed no categories (and forums belonging to them) are shown in search to members and guests
Fixed 'no subject'-error may be shown on delete-post.
Fixed Read folders turning back to unread folders after 10 min
Fixed slashes stripped from threadtitles too often
Fixed slashes stripped from message/subject on newthread
Fixed 2 typos in error()
Fixed 2 uninitialized vars
Fixed Anonymous poster inherits Rank avatar from previous poster
Fixed banned users are still recieving subscription-emails
Fixed edit attachment > replace with [new attachment] doesn't work
Fixed password-protected forums showing in forums-select-lists
Fixed bug where "xmb_" was used instead of $table_
Fixed bug where email-input (message and headers) was not normalized correctly
Fixed bug where thread-redirect (created using Move Thread > Leave Redirect) was not removed when original thread was deleted.
Fixed bug with tableheader showing at the top when there were no cat-less forums shown and 'show at top only' was not turned on.
Fixed checking for text/html mimetype in attachments to be case-insensitive
Fixed E_NOTICE on $attachfile
Fixed flash-avatars not displaying correctly
Fixed forum names containing quotes
Fixed IP banning
Fixed miscasting of array/string in altMail() with socket_SMTP
Fixed SQL errors when no fid's are restricted.
Fixed page totalling for subscriptions.
Fixed password-protected forums show in `Forum most active in`
Fixed possible tid injection
Fixed security issue with being able to delete your current account and top level super administrator
Fixed slashes in post-preview.
Fixed subject-in-title showing thread-subject on template-edit
Fixed U2U folder highlight
Fixed XSS injection exploit by unsanitized input.
Fixed date format validation during registration/profile-update
Fixed theme-default set to '' instead of 0
Fixed To header usually missing in the mail-headers
Fixed various HTML-validation errors
Fixed 'send u2u to email' showing raw HTML output
Altered theme code to produce a 20x speed increase
Access to password-protected forums is now automatically cleared at (explicit) logout
Better password-protected forum support in search
Better support for password-protected forums
Changed LEFT JOINs to STRAIGHT JOINs to improve query-speed
Changed login to use putCookie()
Cleaned up initialization of $indexBar/$indexBarTop vars
Cleaned up theme-download code
Decreased memory usage, thus increasing efficiency on hosts with little memory (set for mysql)
Fixed various E_NOTICE level errors
Enhanced Edit button
Got rid of xmb_forums JOINs in most stats-queries, thus improving loadingtimes
Improved viewthread validation procedures.
Lowered default maximum attachment size for smaller boards. (1MB -> 250 KB)
A lot of MySQL 5.0 compatibility fixes
Switched from delete3=3 style to delete[3]=true style in ipban
Updated stats to show as efficiently as possible for super admins
Updated $restrict to be more efficient
Updated censor() regexp to catch more words
Updated smilieinsert() to correctly create a table with smileys
Rewrote part of the socket_SMTP class to correctly talk with the SMTP server; thus fixing many previous issues with it
Removed $lang['copyright'] (same in all languages; always) and moved it to header.php
Removed duplicate (unused) code
Removed noaccess() function as it's no longer in use
XMB 1.9.3
Released on 6 November 2005
(re-)fixed class="tablerow" missing in faq_misc_rankrow template
Added a newline between the "no subject found" and the actual post-screen when an error is found
Added better $restrict regexp (which now also allows \n and \r as a separator)
Added error when given fid AND tid are incorrect (non-existent)
Added fix to censor thread subjects in the Who's Online.
Added footer_* templates to automatically preload (aswell)
Added non-preloaded templates to preload queue
Added temporary unicode-entities fix
Cleaned up subforums code and fixed code so that the table header for subforums only shows when neccessary (Thanks Stu! (tid=755422))
Encoded moderator usernames for RFC member profile URLS
Fixed 'no categories (and forums belonging to them) are shown in search to members and guests'
Fixed various E_NOTICE notices
Fixed `$self[dateformat] and $self[timecode] undefined` [tid=755518]
Fixed `delete on reply does not delete message`
Fixed `no quote is added when quoting`
Fixed `no slashes in preview`
Fixed `original U2Us being deleted despite "reply & delete" not being selected` [tid=755080]
Fixed bbcode for Safari Browsers
Fixed bbcode-security-hole
Fixed `board logo not showing in view printable` (threads and u2us).
Fixed bug where email sent had the subject as the message, and no actual message in it at all
Fixed bug where setting the default timezone didn't work correctly
Fixed bug with an E_WARNING being sent when using altMail() in safe_mode
Fixed bug with tableheader showing at the top when there were no cat-less forums shown and 'show at top only' was not turned on. [tid=755551]
Fixed bug with tableheader showing in categories [tid=755551]
Fixed division-by-zero in member > profile
Fixed email-bbcode button not working in normal mode
Fixed error when deleting U2U's from Trash folder
Fixed missing apostrophe which caused errors editing forums when debug was on.
Fixed page issues when ppp was less than 5 (Missing validatePpp())
Fixed security issue that showed subjects of threads you were not authorized to view in title bar. [tid=755557]
Fixed undefined variables when viewing printable U2U's by adding them to the globals line.
Fixed various XHTML 1.0 non-comformational bugs [tid=755581]
Fixed various minor issues
Fixed warning when viewing non-existent forum
changed file_exists checks to use the ROOT constant
got rid of notices
implemented shortenString()
made various regexps quicker
preloaded all templates that require it
removed ?> to prevent headers-already-sent-warnings due to whitespaces; according to php.net this will still work.
updated $restrict switches to work generally better
updated versioning
XMB 1.9.2
Released on 20 September 2005
added checks for '.' and '..' in avatarlist options. This stops '.' and '..' from being chosen as valid avatars (they're not files!)
added "prune normal posts" to thread pruning
added "reply and delete" feature to u2u
added "reset usesig on sig-change"
added "show thread subject in title"
added "threads marked as read" code
added $footerads
added (missing) put_cookie constants
added automatic preloading of header,css,error and footer templates
added Czech lang file
added check for '.swf' extension in flash-avatars
added check for magic_quotes_runtime, so XMB won't break when it's turn On (in most cases)
added DEBUG-flag shows in page-title
added dropIfExists option to `Database Backup`s create_table() function (is automatically turned On in this feature)
added Serbian lang file
added XHTML valid flash (X)HMTL
added alternative SMTP-mail-handling
added browser-sniffing code
added browser-specific bbcode JS
added checks for htmlentities_decode() and htmlspecialchars_decode()
added default full_url based on system used to installer
added default icon for threads that have none
added default timezone
added e-coupons ads
added full_url checker to installer
added ignore max avatar size on flash movies
added indexBar
added missing templates to preload()
added (new) mozilla-specific bbcode
added protection to delete user and delete posts links with JS
added support for optional theme-specific theme.css file
added u2u flood protection
fixed "attachment isn't copied when using copy thread"
fixed "avatars are mistakenly interpreted as flash due to commas in the filename"
fixed "categories stacking in 'specific forum' select, in search"
fixed "database not found error is not fatal"
fixed "empty categories showing"
fixed "fixLastposts() doesn't update xmb_threads table"
fixed "installer never removes /install/ dir"
fixed "invalid size for [size] bbcode causes Parse Error"
fixed "language files not ordered (alphabeticaly)"
fixed "max avatar size is flawed with flash movies"-bug
fixed "most active forum also shows categories"
fixed "no ROOT (contant) support in language-selection"
fixed "poll options contain empty bar on the right"
fixed "quickreply bulging out"
fixed "regexp error in todays posts when usernames contain '*', '.' or '%'
fixed "rename user does not rename moderators in the moderator section"
fixed "threads can be moved to forums that are off"
fixed "view as printable - doesn't show proper time and date"
fixed "view as printable - dumps everything on one line"
fixed updatethreadcount() lastposts issue
fixed various `rename user`-bugs
fixed various XHTML validity issues
removed bbcodefns.js
updated wording of $lang['disclaimer'] to reflect the fact that it's NOT fixed (yet)
updated the way the disclaimer is shown (via JS popup)