Btit Tracker v.1.4.8 -------------------- FIXES: ------ - possibile SQL Injection (scrape.php) LIST OF CHANGED FILES: ---------------------- - include/crk_protection.php - include/functions.php - install/index.php - scrape.php Btit Tracker v.1.4.7 -------------------- FIXES: ------ LIST OF CHANGED FILES: ---------------------- Btit Tracker v.1.4.6 -------------------- FIXES: ------ - cosmetic changes (blocks/lasttorrents_block.php, blocks/toptorrents_block.php, edit.php) - Guest can shout (using external html code) (blocks/shoutbox_block.php) - Added latest crk_protection.php (thanks to cobracrk) (include/crk_protection.php) - fixed peers issue (details.php) (http://sourceforge.net/tracker/index.php?func=detail&aid=1828098&group_id=146822&atid=766508) - default language in recover (recover.php) - Possible SQL injection (torrents.php) LIST OF CHANGED FILES: ---------------------- - blocks/lasttorrents_block.php - blocks/shoutbox_block.php - blocks/toptorrents_block.php - include/crk_protection.php - include/functions.php - details.php - edit.php - recover.php - torrents.php Btit Tracker v.1.4.5 -------------------- FIXES: ------ - extend error messages on signup and XSS fix(account.php) - guest can view torrent's details using full url and guest edit/delete guest's torrents (details.php) (https://sourceforge.net/tracker/index.php?func=detail&aid=1748243&group_id=146822&atid=766508) - XSS fix (moresmiles.php) - XSS fix (recover.php) - external progress % (torrents.php) - XSS fix (usercp.php) (https://sourceforge.net/tracker/index.php?func=detail&aid=1753797&group_id=146822&atid=766508) - guest can shout (blocks/shoutbox_block.php) (https://sourceforge.net/tracker/index.php?func=detail&aid=1764809&group_id=146822&atid=766508) - SQL Injection fix (include/functions.php) LIST OF CHANGED FILES: ---------------------- account.php details.php moresmiles.php recover.php torrents.php usercp.php blocks/shoutbox_block.php include/functions.php Btit Tracker v.1.4.4 -------------------- FIXES: ------ - all externals torrents should update correctly now (functions.php). - secured user's data change (email, etc.) in usercp.php - upload/download bug (announce.php) (https://sourceforge.net/tracker/index.php?func=detail&aid=1729127&group_id=146822&atid=766508) - syntax error (details.php) - category fix (edit.php) (http://www.btiteam.org/smf/index.php?topic=8009.0) - syntax error (login.php) - correct error when image code is enabled (recover.php)(http://sourceforge.net/tracker/index.php?func=detail&aid=1733872&group_id=146822&atid=766508) - correct problem with extras smilies (shoutbox_block.php) - disabled the check "allow tracker to retrieve informations from torrent", so it'll always do it and fix category dropdown menu. (upload.php) - pm outbox problem (usercp.php)(http://sourceforge.net/tracker/index.php?func=detail&aid=1723482&group_id=146822&atid=766508) - syntax errors (userdetails.php) (http://sourceforge.net/tracker/index.php?func=detail&aid=1739546&group_id=146822&atid=766508) LIST OF CHANGED FILES: ---------------------- announce.php edit.php login.php recover.php shoutbox_block.php torrents.php upload.php usercp.php userdetails.php include/functions.php Btit Tracker v.1.4.3 -------------------- FIXES: ------ - customized groups assignement (account.php) (https://sourceforge.net/tracker/index.php?func=detail&aid=1723234&group_id=146822&atid=766508) - editing torrent with apostrophes names (https://sourceforge.net/tracker/index.php?func=detail&aid=1720513&group_id=146822&atid=766508) - changed all max() functions with intval() function which is more secure. LIST OF CHANGED FILES: ---------------------- account_change.php account.php comment.php edit.php forum.php news.php torrents.php recover.php admincp.php announce.php details.php peers.php torrent_history.php usercp.php userdetails.php include/functions.php Btit Tracker v.1.4.2 -------------------- FIXES: ------ - functions.php, alway turn off register global and simulate if not set. - sanitized forum.php. - download.php, fixed PID with multitracker's torrents. LIST OF CHANGED FILES: ---------------------- download.php forum.php include/functions.php Btit Tracker v.1.4.1 -------------------- if you update from previous version, DON'T upload install folder and run the query upgrade/v14_to_v141.sql for upgrading your database. NEW: ---- - Installation script (thanks JBoy). FIXES: ------ - Admincp access by all authorized users and classes. - Mysql stats (admincp) use tracker style. - Delete comments from torrent's details. - possible XSS injections in forum, usercp, users. - problem in announce if php not compiled with bcmath support. - Image code in recover - changed password cookie. - All problems found on 1.4 by users. - Email verification when user change own email (usercp), hack by Petr1fied. NEW LANGUAGES CONSTANTS (ALREADY DONE IN INCLUDED ENGLISH.PHP): --------------------------------------------------------------- define("REVERIFY_MSG", "If you attempt to change your email address you will be sent a verification link to the email address you wish to change it to.

The email address on your record will not update until you verify the new address by clicking the link."); define("EMAIL_VERIFY", "email account update at $SITENAME"); define("EMAIL_VERIFY_BLOCK", "Verification email sent"); define("EMAIL_VERIFY_MSG", "Hello,\n\nThis email has been sent because you have requested a change to the email address currently held on your record, please click the link below to complete the change.\n\nBest regards from the staff."); define("EMAIL_VERIFY_SENT1","
A verification email has been sent to:

"); define("EMAIL_VERIFY_SENT2", "

You will need to click on the link contained within the email in order
to update your email address. The email should arrive within 10 minutes
(usually instantly) although some email providers may mark it as SPAM
so be sure to check your SPAM folder if you can't find it.

"); define("REVERIFY_CONGRATS1", "

Congratulations, your email has been verified and successfully changed

From: "); define("REVERIFY_CONGRATS2", "
To: "); define("REVERIFY_CONGRATS3", "

"); define("REVERIFY_FAILURE", "

Sorry but this url is not valid

A new random number is generated each time you attempt to change your email so
if you're seeing this message then you've most likely tried to change your email
more than once and you are using an old url.

Please wait until you're absolutely sure you haven't received the new
verification email before attempting to change your email again.


"); define("NOT_MAIL_IN_URL", "This is not the email address that was in this url"); define("ERR_AVATAR_EXT","Sorry only gif,jpg,bmp or png allowed"); LIST OF CHANGED FILES (Probably all): ------------------------------------ account.php admincp.php announce.php comment.php forum.php index.php install.me *** NEW *** login.php readme.txt recover.php scrape.php usercp.php userdetails.php upload.php language/english.php include/common.php include/mysql_stats.php include/searchdiff.php include/functions.php install/* *** NEW *** sql/database.sql upgrade/v14_to_v141.sql *** NEW *** Thanks to all developers. Btit Tracker v.1.4 (BIG thanks to gAnDo, miskotes, cobracrk) ------------------------------------------------------------ NEW: - User's name clickable with prefix/suffix in shoutbox. - Private mail's preview. - Comment's preview. - Timezone selection (Petr1fied). - New flag images. - Added link for do sanity on request in admincp (main page). - Username can be edited by mod/admin using the edit option in users' list. - Dbutils hack in admincp. - Mysql stats (courtesy of CoLdFuSiOn from Tbdev.net) in admincp. - Other smalls things which don't remember. :) CHANGES: - Announce and scrape completly rewrited (should be more faster and resourceless) - Fixed all known security holes - More countries - Invalid characters in username not allowed (caused some problems in tracker administration) - Changed default