MyBB 1.6.7

Contents

MyBB 1.6.7 was released on April 1, 2012.

MyBB 1.6.7 is a security, maintenance and feature release fixing 5 low-risk vulnerabilities and over 70 reported issues. It introduces 5 new feature updates.

Low Risk

  • SQL injection vulnerability within the Admin Control Panel (ACP) in user search (reported by Nathan Malcolm, MyBB SQA Team)
  • SQL injection vulnerability within the ACP in Mail Log (reported by Nathan Malcolm, MyBB SQA Team)
  • SQL injection vulnerability within the ACP in User Inline Moderation (reported by Jammerx2, MyBB Developer)
  • XSS within the ACP where an orphaned attachment has a malformed filename (reported by Nathan Malcolm, MyBB SQA Team)
  • Full Path Disclosure if malformed forumread cookie is used

ACP vulnerabilities require Administrator permissions and so considered low-risk. With thanks to those who discovered these vulnerabilities.

Over 70 reported issues were fixed in 1.6.7

Fixed issues in 1.6.7
Unfixed issues

Feature updates can be small or large changes to the way MyBB features work. The following changes have been made in 1.6.7.

  • Displaying Forum Rules
Previously, you were able to display forum rules as a link or inline within the thread listing. A new option has been added to show forum rules inline with the thread listing and when a user is making a new thread/post. You can find this option within a forum's settings.
  • Custom Moderator Tools Permissions
Before 1.6.7, forum moderators were able to use custom moderator tools. An option has been added to the moderator options as to whether a moderator can use these tools or not. Upon upgrading to 1.6.7, if existing moderators can manage threads they are able to use custom moderator tools.
  • Ignore List Email Override
Previously, if a user was on an ignore list and attempted to send the user an email they would be denied permission to do so. A new usergroup option is available to override this scenario.
  • Editing a User's Birthday in ACP
In 1.6.7 you are now able to modify users' birthdays from within their profile in the ACP.
  • Login with Username or Email or Both
The largest new feature is the ability to choose how a user logs in to your forum. From the General Configuration settings in the ACP, a new Allowed Login Methods setting can determine whether a user can log in using their username only, registered email only or by using their username and email.

The following files have changed since MyBB 1.6.6.

  • admin
    • inc
      • class_form.php
      • class_page.php
      • functions.php
    • modules
      • config
        • calendars.php
        • profile_fields.php
        • smilies.php
      • forum
        • attachments.php
        • management.php
      • home
        • credits.php
      • tools
        • maillogs.php
        • modlog.php
      • user
        • group_promotions.php
        • groups.php
        • users.php
    • index.php
  • inc
    • datahandlers
      • event.php
      • pm.php
      • post.php
      • user.php
    • languages
      • english
        • admin
          • forum_management.lang.php
          • global.lang.php
          • user_group_promotions.lang.php
          • user_groups.lang.php
          • user_users.lang.php
        • datahandler_post.lang.php
        • global.lang.php
        • managegroup.lang.php
        • member.lang.php
        • messages.lang.php
        • modcp.lang.php
        • newreply.lang.php
        • newthread.lang.php
        • private.lang.php
        • reputation.lang.php
        • xmlhttp.lang.php
      • english.php
    • plugins
      • akismet.php
      • hello.php
    • class_core.php
    • class_datacache.php
    • class_moderation.php
    • class_parser.php
    • class_plugins.php
    • functions.php
    • functions_forumlist.php
    • functions_image.php
    • functions_indicators.php
    • functions_post.php
    • functions_upload.php
    • functions_user.php
    • init.php
  • install
    • resources
      • mybb_theme.xml
      • mysql_db_tables.php
      • pgsql_db_tables.php
      • settings.xml
      • sqlite_db_tables.php
      • upgrade22.php
      • upgrade23.php
      • upgrade5.php
      • usergroups.xml
  • jscripts
    • editor.js
  • announcements.php
  • calendar.php
  • editpost.php
  • forumdisplay.php
  • global.php
  • index.php
  • managegroup.php
  • member.php
  • misc.php
  • modcp.php
  • newreply.php
  • newthread.php
  • online.php
  • portal.php
  • private.php
  • ratethread.php
  • reputation.php
  • search.php
  • showthread.php
  • task.php
  • usercp.php

Red represents files that contain security updates
Green represents new files added in this release

There are changes to 16 language files. Changed languages files can be cross-referenced from the list above.

There are changes to 15 templates.

  • modcp_reports
  • forumdisplay_rules
  • forumdisplay_rules_link
  • header_welcomeblock_guest
  • managegroup_no_users
  • postbit_rep_button
  • portal_welcome_guesttext
  • modcp_reports_report
  • modcp_reports_noreports
  • index_loginform
  • member_resetpassword
  • moderation_split
  • error_nopermission
  • moderation_inline_splitposts
  • warnings_warn_type

MyBB Versions
2.0.x
In Planning/Early Development
1.8.x
In Development
1.6.x
1.4.x 1.4.16 - 1.4.15 - 1.4.14 - 1.4.13 - 1.4.12 - 1.4.11 - 1.4.10 - 1.4.9 - 1.4.8 - 1.4.7 - 1.4.6 - 1.4.5 - 1.4.4 - 1.4.3 - 1.4.2 - 1.4.1 - 1.4.0
1.2.x 1.2.14 - 1.2.13 - 1.2.12 - 1.2.11 - 1.2.10 - 1.2.9 - 1.2.8 - 1.2.7 - 1.2.6 - 1.2.5 - 1.2.4 - 1.2.3 - 1.2.2 - 1.2.1 - 1.2.0
1.1.x / 1.0x 1.1.8 - 1.1.7 - 1.1.6 - 1.1.5 - 1.1.4 - 1.1.3 - 1.1.2 - 1.1.1 - 1.1.0 - 1.04 - 1.03 - 1.02 - 1.01 - 1.00
Pre-1.0 PR2 - PR1 - RC4 - RC3 - RC2 - RC1 - Beta 4 - DevBB
Legend In Planning Development / Beta / Private Latest Public Release