Dolphin 7.3.1 Security Update Manual Instructions

If you need to apply 7.3.1 patch to older version, please use the following manual instructions.

Please note, that line numbers are for Dolphin 7.3.0, other versions could have different line numbers.

1. Changes in flash/modules/chat/inc/actions.inc.php file

a) Change the following (near ~121 line):

case 'RzSetBlocked':
    $sUser = isset($_REQUEST['user']) ? $_REQUEST['user'] : "";

to the following:

case 'RzSetBlocked':
    $sUser = isset($_REQUEST['user']) ? process_db_input($_REQUEST['user']) : "";

b) Change the following (near ~137 line):

case 'RayzSetMembershipSetting':
    $sKey = isset($_REQUEST['key']) ? $_REQUEST['key'] : "";
    $sValue = isset($_REQUEST['value']) ? $_REQUEST['value'] : "";

to the following:

case 'RayzSetMembershipSetting':
    $sKey = isset($_REQUEST['key']) ? process_db_input($_REQUEST['key']) : "";
    $sValue = isset($_REQUEST['value']) ? process_db_input($_REQUEST['value']) : "";

c) Change the following (near ~166 line):

$iCurrentTime = time();
$sSex = isset($_REQUEST['sex']) ? $_REQUEST['sex'] : "M";
$sAge = isset($_REQUEST['age']) ? $_REQUEST['age'] : "25";

to the following:

$iCurrentTime = time();
$sSex = isset($_REQUEST['sex']) ? process_db_input($_REQUEST['sex']) : "M";
$sAge = isset($_REQUEST['age']) ? process_db_input($_REQUEST['age']) : "25";

2. Changes in modules/boonex/ads/classes/BxAdsModule.php file

Change the following (near ~2366 line):

'sKeywordsStr'     => $sKeywordsStr,

to the following:

'sKeywordsStr'     => bx_html_attribute($sKeywordsStr),

3. Changes in modules/boonex/wall/classes/BxWallModule.php file

Change the following (near ~365 line):

function actionRss($sUsername)
{
    $aOwner = $this->_oDb->getUser($sUsername, 'username');

to the following:

function actionRss($sUsername)
{
    $aOwner = $this->_oDb->getUser(process_db_input($sUsername), 'username');

Does the changes in BxAdsModule.php and BxWallModule.php files also affect Dolphin version 7.0.9?

Yes.
modules/boonex/ads/classes/BxAdsModule.php ~2186 line
modules/boonex/wall/classes/BxWallModule.php ~232 line

Hi Alex. Is there a change log published for 7.3.1 or do we just visit github?

 Thank you Alex!

you can go to this link to update DolphinPro 7.3.0 to 7.3.1

https://www.boonex.com/n/dolphin-7-3-1-security-update

I don't get it!

You've released a 'security patch' but didn't add the blog category bug fix.

Why not?

This would have been an ideal time to get everything working properly!

~~~~~~~~~~~~~~~~~~~~~~
Michel ✈ Meta-Travel.com
~~~~~~~~~~~~~~~~~~~~~~

(Not speaking as a BoonEx member.) This only contains security fixes (and some serious ones at that) - the blogs bug, while annoying, is not a security issue. It's better to keep it limited to only the security fixes to make upgrading as quick and easy as possible.

This release wasn't planned - it was released quickly to address these recently-discovered vulnerabilities, and that's it. 7.3.2 should be a normal release with plenty of fixes and improvements.

If it's just security fixes, then congrats. One of the most painful things on upgrading is re-testing each third party module on the newer release. In this case we're dealing only with security fixes so thank you Boonex for releasing something quickly and keeping sites safe.

Done... Just note that #2 is more by line 2366 (not 2501) in 7.3.0

So I did the manual update, cleared caches etc. Yet in my admin panel I still have the message:

Dolphin version = 7.3.0 - WARNING (your Dolphin version is outdated please upgrade to the latest 7.3.1 version)

Does it mean I missed something? If not, how do I "tell" Dolphin that, now that the security patch has been applied manually, it's really version 7.3.1, not 7.3.0...? (as my understanding is that the only difference between v 7.3.0 and 7.3.1 is the updating of these 7 lines of PHP code, correct?)

Did you apply the actual upgrade patch, or the manual file edits? The patch includes the new version.inc.php and any other version changes. But as long as the manual edits were made, you're covered.

@TravelNotes Nathan's answer is absolutely correct.

@ElAmargo Thank you, it was corrected.

case 'RzSetBlocked':
    $sUser = isset($_REQUEST['user']) ? $_REQUEST['user'] : "";

case 'RzSetBlocked':
    $sUser = isset($_REQUEST['user']) ? process_db_input($_REQUEST['user']) : "";

case 'RayzSetMembershipSetting':
    $sKey = isset($_REQUEST['key']) ? $_REQUEST['key'] : "";
    $sValue = isset($_REQUEST['value']) ? $_REQUEST['value'] : "";

case 'RayzSetMembershipSetting':
    $sKey = isset($_REQUEST['key']) ? process_db_input($_REQUEST['key']) : "";
    $sValue = isset($_REQUEST['value']) ? process_db_input($_REQUEST['value']) : "";

$iCurrentTime = time();
$sSex = isset($_REQUEST['sex']) ? $_REQUEST['sex'] : "M";
$sAge = isset($_REQUEST['age']) ? $_REQUEST['age'] : "25";

$iCurrentTime = time();
$sSex = isset($_REQUEST['sex']) ? process_db_input($_REQUEST['sex']) : "M";
$sAge = isset($_REQUEST['age']) ? process_db_input($_REQUEST['age']) : "25";

'sKeywordsStr'     => $sKeywordsStr,

'sKeywordsStr'     => bx_html_attribute($sKeywordsStr),

function actionRss($sUsername)
{
    $aOwner = $this->_oDb->getUser($sUsername, 'username');

function actionRss($sUsername)
{
    $aOwner = $this->_oDb->getUser(process_db_input($sUsername), 'username');

 Спасибо болшое!

modules/boonex/ads/ 

Я вообще удалил мне это не нужо.

Thank you,  Alex

I can not make automatic update but got to make available to manual update

does it apply on 7.3.2 version

If you're on 7.3.2, you already have it.