• Navigation
• Main Page
• Recent changes

• General phpBB Development
• Getting Started
• Git
• Coding guidelines
• Sub-Project Contribution Guidelines
• Automated Tests
• Desired Behaviour
• GSoC

• phpBB 3.1 / Ascraeus
• Overview
• RFCs
• Extensions
• Events

• phpBB 3.0 / Olympus
• Olympus Concepts
• Tutorials
• Database
• Styles
• API
• Functions

• phpBB 4 / Rhea
• Overview
• Programming Principles
• Architecture
• RFCs

• Languages
• English (English)
• Deutsch (German)
• Italiano (Italian)
• Polski (Polish)
• 日本語 (Japanese)

• Misc
• Random page
• Help

• Search

• Tools
• What links here
• Related changes
• Special pages
• Printable version
• Permanent link

Release Highlights/3.1.1

From phpBB Development Wiki

Jump to: navigation , search

This page highlights important changes in phpBB 3.1.1

Security Fixes

• Cross Site Scripting via PATH_INFO in page_name variable - Fixed a cross site scripting vulnerability that allows injecting HTML into pages using the PATH_INFO via session's page_name variable.

Notable Changes

• Custom style from 3.0.x not available after migrating to 3.1.x - If the default style is missing after the upgrade to 3.1, attempt to handle this gracefully by resetting to an available style.
• Anonymous users can CC themselves on emails sent to admin via contact form - The option to send a copy to the sender has been removed from email forms displayed to guest users who are not registered.

Notable Bug Fixes

• Password issues for converted boards after upgrade - Fix auth provider errors for forums that migrated from other forum software.

Retrieved from "https://wiki.phpbb.com/index.php?title=Release_Highlights/3.1.1&oldid=9539"

Category:

• Release Highlights