Dolphin 7.3.1 Security Update Manual Instructions

If you need to apply 7.3.1 patch to older version, please use the following manual instructions.

Please note, that line numbers are for Dolphin 7.3.0, other versions could have different line numbers.

1. Changes in flash/modules/chat/inc/actions.inc.php file

 

a) Change the following (near ~121 line):

 

case 'RzSetBlocked':
    $sUser = isset($_REQUEST['user']) ? $_REQUEST['user'] : "";

to the following:

case 'RzSetBlocked':
    $sUser = isset($_REQUEST['user']) ? process_db_input($_REQUEST['user']) : "";

 

b) Change the following (near ~137 line):

 

case 'RayzSetMembershipSetting':
    $sKey = isset($_REQUEST['key']) ? $_REQUEST['key'] : "";
    $sValue = isset($_REQUEST['value']) ? $_REQUEST['value'] : "";

to the following:

case 'RayzSetMembershipSetting':
    $sKey = isset($_REQUEST['key']) ? process_db_input($_REQUEST['key']) : "";
    $sValue = isset($_REQUEST['value']) ? process_db_input($_REQUEST['value']) : "";

 

c) Change the following (near ~166 line):

 

$iCurrentTime = time();
$sSex = isset($_REQUEST['sex']) ? $_REQUEST['sex'] : "M";
$sAge = isset($_REQUEST['age']) ? $_REQUEST['age'] : "25";

to the following:

$iCurrentTime = time();
$sSex = isset($_REQUEST['sex']) ? process_db_input($_REQUEST['sex']) : "M";
$sAge = isset($_REQUEST['age']) ? process_db_input($_REQUEST['age']) : "25";

 

2. Changes in modules/boonex/ads/classes/BxAdsModule.php file

 

Change the following (near ~2366 line):

 

'sKeywordsStr'     => $sKeywordsStr,

to the following:

'sKeywordsStr'     => bx_html_attribute($sKeywordsStr),

 

3. Changes in modules/boonex/wall/classes/BxWallModule.php file

 

Change the following (near ~365 line):

 

function actionRss($sUsername)
{
    $aOwner = $this->_oDb->getUser($sUsername, 'username');

to the following:

function actionRss($sUsername)
{
    $aOwner = $this->_oDb->getUser(process_db_input($sUsername), 'username');
Rules → http://www.boonex.com/terms
Quote · 21 Jun 2016

Does the changes in BxAdsModule.php and BxWallModule.php files also affect Dolphin version 7.0.9?

Quote · 21 Jun 2016

 

Does the changes in BxAdsModule.php and BxWallModule.php files also affect Dolphin version 7.0.9 ?

Yes.
modules/boonex/ads/classes/BxAdsModule.php ~2186 line
modules/boonex/wall/classes/BxWallModule.php ~232 line

Rules → http://www.boonex.com/terms
Quote · 21 Jun 2016

Hi Alex. Is there a change log published for 7.3.1 or do we just visit github?

Quote · 21 Jun 2016

 Thank you Alex!

 

Does the changes in BxAdsModule.php and BxWallModule.php files also affect Dolphin version 7.0.9 ?

Yes.
modules/boonex/ads/classes/BxAdsModule.php ~2186 line
modules/boonex/wall/classes/BxWallModule.php ~232 line

 

Quote · 21 Jun 2016

you can go to this link to update DolphinPro 7.3.0 to 7.3.1

 

https://www.boonex.com/n/dolphin-7-3-1-security-update

Quote · 21 Jun 2016

I don't get it!

You've released a 'security patch' but didn't add the blog category bug fix.

Why not?

This would have been an ideal time to get everything working properly!

Surprised

~~~~~~~~~~~~~~~~~~~~~~
MichelMeta-Travel.com
~~~~~~~~~~~~~~~~~~~~~~

TravelNotes.org - The Online Guide to Travel
Quote · 22 Jun 2016

 

I don't get it!

You've released a 'security patch' but didn't add the blog category bug fix.

Why not?

This would have been an ideal time to get everything working properly!

Surprised

~~~~~~~~~~~~~~~~~~~~~~
MichelMeta-Travel.com
~~~~~~~~~~~~~~~~~~~~~~

(Not speaking as a BoonEx member.) This only contains security fixes (and some serious ones at that) - the blogs bug, while annoying, is not a security issue. It's better to keep it limited to only the security fixes to make upgrading as quick and easy as possible.

 

This release wasn't planned - it was released quickly to address these recently-discovered vulnerabilities, and that's it. 7.3.2 should be a normal release with plenty of fixes and improvements.

BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin
Quote · 22 Jun 2016

If it's just security fixes, then congrats. One of the most painful things on upgrading is re-testing each third party module on the newer release. In this case we're dealing only with security fixes so thank you Boonex for releasing something quickly and keeping sites safe.

Quote · 22 Jun 2016

Done... Just note that #2 is more by line 2366 (not 2501) in 7.3.0

Quote · 22 Jun 2016

So I did the manual update, cleared caches etc. Yet in my admin panel I still have the message:

Dolphin version = 7.3.0 - WARNING (your Dolphin version is outdated please upgrade to the latest 7.3.1 version)

 

Does it mean I missed something? If not, how do I "tell" Dolphin that, now that the security patch has been applied manually, it's really version 7.3.1, not 7.3.0...? (as my understanding is that the only difference between v 7.3.0 and 7.3.1 is the updating of these 7 lines of PHP code, correct?)

Quote · 22 Jun 2016

 

So I did the manual update, cleared caches etc. Yet in my admin panel I still have the message:

Dolphin version = 7.3.0 - WARNING (your Dolphin version is outdated please upgrade to the latest 7.3.1 version)

 

Does it mean I missed something? If not, how do I "tell" Dolphin that, now that the security patch has been applied manually, it's really version 7.3.1, not 7.3.0...? (as my understanding is that the only difference between v 7.3.0 and 7.3.1 is the updating of these 7 lines of PHP code, correct?)

Did you apply the actual upgrade patch, or the manual file edits? The patch includes the new version.inc.php and any other version changes. But as long as the manual edits were made, you're covered.

BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin
Quote · 22 Jun 2016

@TravelNotes Nathan's answer is absolutely correct.

@ElAmargo Thank you, it was corrected.

Rules → http://www.boonex.com/terms
Quote · 23 Jun 2016

 

If you need to apply 7.3.1 patch to older version, please use the following manual instructions.

Please note, that line numbers are for Dolphin 7.3.0, other versions could have different line numbers.

1. Changes in flash/modules/chat/inc/actions.inc.php file

 

a) Change the following (near ~121 line):

 

case 'RzSetBlocked':
    $sUser = isset($_REQUEST['user']) ? $_REQUEST['user'] : "";

to the following:

case 'RzSetBlocked':
    $sUser = isset($_REQUEST['user']) ? process_db_input($_REQUEST['user']) : "";

 

b) Change the following (near ~137 line):

 

case 'RayzSetMembershipSetting':
    $sKey = isset($_REQUEST['key']) ? $_REQUEST['key'] : "";
    $sValue = isset($_REQUEST['value']) ? $_REQUEST['value'] : "";

to the following:

case 'RayzSetMembershipSetting':
    $sKey = isset($_REQUEST['key']) ? process_db_input($_REQUEST['key']) : "";
    $sValue = isset($_REQUEST['value']) ? process_db_input($_REQUEST['value']) : "";

 

c) Change the following (near ~166 line):

 

$iCurrentTime = time();
$sSex = isset($_REQUEST['sex']) ? $_REQUEST['sex'] : "M";
$sAge = isset($_REQUEST['age']) ? $_REQUEST['age'] : "25";

to the following:

$iCurrentTime = time();
$sSex = isset($_REQUEST['sex']) ? process_db_input($_REQUEST['sex']) : "M";
$sAge = isset($_REQUEST['age']) ? process_db_input($_REQUEST['age']) : "25";

 

2. Changes in modules/boonex/ads/classes/BxAdsModule.php file

 

Change the following (near ~2366 line):

 

'sKeywordsStr'     => $sKeywordsStr,

to the following:

'sKeywordsStr'     => bx_html_attribute($sKeywordsStr),

 

3. Changes in modules/boonex/wall/classes/BxWallModule.php file

 

Change the following (near ~365 line):

 

function actionRss($sUsername)
{
    $aOwner = $this->_oDb->getUser($sUsername, 'username');

to the following:

function actionRss($sUsername)
{
    $aOwner = $this->_oDb->getUser(process_db_input($sUsername), 'username');

 Спасибо болшое!

Quote · 26 Jun 2016

modules/boonex/ads/ 

Я вообще удалил мне это не нужо.

Quote · 26 Jun 2016

Thank you,  Alex

I can not make automatic update but got to make available to manual update

Quote · 15 Aug 2016

does it apply on 7.3.2 version

Quote · 2 Sep 2016

 

does it apply on 7.3.2 version

If you're on 7.3.2, you already have it.

BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin
Quote · 2 Sep 2016