Change Logs

From XMBdocs

XMB 1.9.12

Released on 20 October 2020.

This list only covers fixes and features new to 1.9.12 and does not include bugs fixed in patch versions of 1.9.11.

New Features

 1	Full Session Handling
 5	Redesigned the COPPA Option
 60	YouTube BBCode
 82	Auto-subscribe Setting
 559	Increased Required PHP Version to 7.0
 560	Droped Support for IIS 5.0
 566	Integrated Anti-Spam Features from Modifications
 568	Changed "Secure Login" Option to "Trust This Device"
 576	Tokenized the Lost Password System
 578	Refactored the Settings Table
 579	Added specific code style setting for news ticker
 580	CSS Cache System
 584	Added ICO to list of supported image types
 587	Added dump_query() Templates
 608	Added Admin Interface for Password Lockouts

Bugs from 1.9.11 fixed in 1.9.12

 391	$lang['textemailonu2u'] is stale
 533	Who's Online - Forum Name Not Always Decoded
 567	Logic error in function smilieinsert()
 575	Thread Display of Moderator Actions Should Be Optional
 585	Newthread Logic Still Deletes Polls?
 623	$quickbbcode Location is Invalid

Bugs from 1.9.10 fixed in 1.9.12

 599   Emoji Entity References Don't Work

Legacy bugs fixed in 1.9.12

 106	Double Post Checking
 279	Some text not in varible form
 392	BBCode Help Link Should Be More Specific
 530	Wrong Column Count in Multipage Template
 531	lastPid Variable Not Always Initialized in function forum()
 536	Using BBcode 'code' shows incorrect popup text message
 540	Upgrade Script Displays Nothing Until Finished
 544	Excessive Memory Use in fixlastposts with DEBUG Mode
 546	Template index_whosonline Should Use CSS
 549	Redundancy in Template misc_feature_notavailable
 550	Query Optimization in updateforumcount() for Big Boards
 551	member profile birthyear allows non numeric characters?
 555	PHP Notice: Trying to access array offset on value of type null in header.php
 556	Insufficient entropy on password generation
 557	Unused Password Index
 558	Username Index Should be Unique
 561	$lastmember is null for new installs
 562	Wrong Column Count in Template forumdisplay_nothreads
 564	"Last active" Time Calculated Wrong
 565	PHP Notice in Stats if Nobody Posted Today
 571	Last post date and time text for threads to be hyperlinks to the last post
 577	Don't Allow HTML in Member Posts
 586	Unused Columns in Vote Table
 589	Eliminate Use of eval() for Variables Nested in Translations
 590	Unban Does Not Work in Topicadmin
 594	Quick Reply Says "Logged in as" for Users Not Logged in
 610	Allowing Unencrypted Avatars Triggers "Not secure" Message in Chrome
 612	Typo in config.php Comments
 614	HTTP Status Not Set on Transient DB Connection Failures
 622	Invalid Markup for Nested Quotes
 628	Smilie Processing Inside of URLs
 636	Bad Output From Attachments Panel
 640	Code Blocks Don't Work in U2U Printable View
 641	Admin Panel 'Search' Output Tables Are Broken
 642	Insert Raw SQL Table Should be 1 Column

XMB 1.9.11

Released on 1 March 2009.

New Features

 * MySQL Version Requirement Raised to 4.1.7.
 * 0000276: Un-Backwards the Authentication Checks.
 *  - 0000040: Move More Code from header.php into elevateUser().
 *   - 0000023: Redesign the Language System.
 *    - 0000144: Language File Import Tool.
 * 0000257: Context Sensitive Quick Jump.
 * 0000240: Apply the same regex to avatar URLs as [img] URLs.
 * 0000224: memcp.php?action=subscriptions Needs to be Multi-Paged.
 * 0000258: Show Attachments and Thumbnails in Post Preview.
 * 0000170: Add upload limit description to attachment templates.
 * 0000074: Links for Each Post.
 * 0000003: Require Authentication Before Password Change.
 * 0000054: Rennovate the Search Feature.
 *  - 0000099: Censor Search Input From Non-Staff.
 *  - 0000147: Multi-Forum Search Selections.
 *  - 0000146: Subject-Only Search Option.
 *  - 0000145: Context-Sensitive Search Links.
 * 0000055: Make Admin Icons Part of the Theme System.
 * 0000056: [Meta] Search Engine Optimization.
 *  - 0000160: Change Footer Link Text.
 *  - 0000092: Add Sample robots.txt File to Distribution.
 *  - 0000235: Third Redirect in Viewthread Should Use Status 301.
 *  - 0000123: Implement Status 503 for bbstatus Option.
 *  - 0000268: Implement rel canonical.
 *  - 0000225: Redirect Guests to Login on Access Errors.
 *  - 0000175: Action=Printable Should Link Back to Thread.
 *  - 0000014: memcp, u2u links and prevent indexing of post and search.
 * 0000171: Function Parameter Efficiency Review.
 * 0000036: Members location sort.
 * 0000077: New Tool to Fix Orphaned Posts.
 * 0000017: Reorganize Member Management Tools.
 * 0000018: Add Reg Form Description of Disallowed Chars for Usernames.
 *  - 0000062: Add Reg Form Case Sensitivity Explanation for Captcha.
 * 0000244: MySQL Error Reporting Improvement.
 * 0000027: [Meta] Overhaul the Attachment System.
 *  - 0000019: Enable Attachment Persistence for Post Previews.
 *  - 0000031: Thumbnails for Attached Images.
 *  - 0000028: Image Attachment Limit.
 *  - 0000030: Inline Attachment Caching.
 *  - 0000029: Multiple Attachments.
 *  - 0000198: Simultaneous Upload.
 *  - 0000032: Disk Storage Option for Attachments.
 *  - 0000116: Check for Output Corruption for Attachments.
 *  - 0000128: Thumbnails for Hotlinked Images.
 *  - 0000135: "Pretty" URLs for Attachments.
 *  - 0000137: Add New Attachment Options to Admin Panel.
 * 0000158: Email Notices Should Always Include a Link.
 * 0000004: Redesign Moderator Log System.
 * 0000169: Members Before Guests in Whos Online.
 * 0000150: Check for Output Corruption for Captcha.
 * 0000069: New setting & default: IP banning Disabled.
 * 0000100: Allow HTML in Board Rules.
 * 0000129: Implement New $full_url Checking in Installer.
 * 0000006: U2U Popup Alert.
 * 0000151: Check for Output Corruption at End of header.php.
 * 0000068: Add DEBUG logic to check if the $full_url is correct.
 * 0000084: Implement Optional Logging for MySQL.
 * 0000095: Add a Preview Button for Quick Replies.
 * 0000098: All NUL Bytes Should Be Filtered From User Input.

Bugs from 1.9.10 fixed in 1.9.11

 * 0000008: Newsletter E-Mails Are Corrupted.
 * 0000215: Uninitialized Variable in Memcp.php.
 * 0000109: User Access List problems.
 * 0000132: SQL File Upload May Cause Unexpected Errors.
 * 0000157: Invalid Argument Warning in cp.php.
 * 0000239: MySQL version mismatch during installation, while this is not true..
 * 0000105: Existing User With Restricted Address Can't Edit Profile.
 * 0000112: Off-By-One in Merge Reply Addition.
 * 0000211: goto=search Still Generates &page=1.
 * 0000075: Post error includes double header.
 * 0000087: Icons for profile, website, find and u2u in viewthread_post template should have titles in them.
 * 0000127: vtmisc.php Raises "Efficiency Notice" in Debug Mode.

Bugs from 1.9.9 fixed in 1.9.11

 * 0000090: Uninitialized array $sqlsrch in misc.php.
 * 0000125: $fids Not Initialized In stats.php.
 * 0000152: Registered Global $permsNew in cp.php.
 * 0000168: Uninitialized Variables in Userlist Checking.
 * 0000049: Remove DEBUG_ALL.
 * 0000119: Super Administrator Permissions Not Always Applied.
 * 0000124: forum.moderator Index Missing in Several Calls.

Bugs from 1.9.8 SP3 fixed in 1.9.11

 * 0000122: Installer Adds HTML to Censors Table.
 * 0000177: Smilies Don't Work With BBCode Off.
 * 0000277: New Usernames Need to be Trimmed.
 * 0000042: Literal \r\n in A.P. Template Selector.
 * 0000045: Typeo In 404 Header.
 * 0000108: Typeo in isValidFilename() Regex Pattern.
 * 0000071: $THEME variable missing from function error().

Legacy bugs fixed in 1.9.11

 * 0000011: Unable to Login on IIS Due to Cookie Problems.
 * 0000107: Undisclosed vulnerability in
 * 0000009: socket_SMTP Injection Vulnerability.
 * 0000051: Forum Management Should Be Non-Destructive.
 * 0000096: Undisclosed vulnerability in BBCode.
 * 0000120: Function forum() is Incorrectly Parameterized..
 * 0000130: MIME Type Not DB-Safe in Attachment Inserts.
 * 0000212: Uninitialized Variable $firstpage in cp2.php.
 * 0000230: Unsanitized Input Paths in Who's Online.
 * 0000237: Uninitialized Variable $newtemplatename in cp2.php.
 * 0000254: Undisclosed vulnerability in header.php.
 * 0000010: Theme Import Broken by PHP Bug 45283.
 * 0000012: function Redirect() fails to halt script.
 * 0000013: SMTP Errors in Windows Caused by PHP Bug 45305.
 * 0000016: Add call to is_string() inside postedVar().
 * 0000024: Upgrade Utility Will Not Allow Valid TABLEPRE Config.
 * 0000025: Incomplete Validation of $tid in viewthread.php.
 * 0000052: Finish the i/o overhaul of cp.php?action=members.
 * 0000073: List BBCode insert deletes the message contents in Opera.
 * 0000076: Posts Orphaned by Incorrect WHERE Command in viewthread.
 * 0000094: Re-Write the Settings INSERT Query in cinst.php.
 * 0000118: Search Fails to Check Forums.Status Value.
 * 0000126: No Permissions Checking in memcp.php.
 * 0000141: Copy Thread Doesn't Increment Member Post Counts.
 * 0000142: Empty Thread Deletes all Attachments.
 * 0000149: I/O Failure in [size] BBCode.
 * 0000164: Email Address Validation Failure.
 * 0000194: Database tools.
 * 0000228: action=getip is supposed to be limited to admins.
 * 0000265: Moderator Permissions Escalation.
 * 0000007: Remove Extraneous GROUP BY From Queries.
 * 0000015: imghash not initialized in post.php.
 * 0000034: Long URLs Can Exceed Line Wrap Limit.
 * 0000035: $boardurl does nothing, should be removed.
 * 0000038: lastvisit not always recorded in members table.
 * 0000039: Banned Member Profile Inconsistencies.
 * 0000043: Fix Last Posts Uses Wrong Sort.
 * 0000046: U2U Subjects Have Many Spaces After Re:.
 * 0000050: viewthread should not rely on threads.replies.
 * 0000053: The URL "Double Slash Problem".
 * 0000057: Remove All page=1 Links.
 * 0000058: Malformed Location Headers.
 * 0000059: Filter out empty and dupe poll options.
 * 0000061: Cancelled BBCode Prints "null".
 * 0000067: action=printable URLs are not robot-exclusion compliant.
 * 0000072: forumdisplay should throw status 404 for bad links.
 * 0000089: Slashing is still broken in action=printable.
 * 0000093: Slashing Still Broken in Profile->Forum Most Active In.
 * 0000101: Vote Stuffing Check Isn't Working.
 * 0000114: Board Status Effect Should Be More Restrictive.
 * 0000131: Query Output is Not HTML-Safe in Debug Mode.
 * 0000138: Quick Jump Should Not Be Seen if Index Perms Denied.
 * 0000148: Orphaned Polls.
 * 0000154: Redirected tids Use Invalid URL.
 * 0000155: Report Post Doesn't Check Email Alert Settings.
 * 0000167: Captcha settings should be disabled in debug mode.
 * 0000179: action=online call to multi() is hosed.
 * 0000186: Member List Multi Page Broken.
 * 0000197: Group and Forum Views Should Include Name in Title.
 * 0000199: Annonymous Login is not sticky.
 * 0000210: Date Format Has No Default Value.
 * 0000220: Default Theme Isn't Used if User's Theme is Missing.
 * 0000226: Password Reset Should Not Be Allowed On Banned Accounts.
 * 0000242: Invalid Use of fetch_array() in member.php?action=profile.
 * 0000245: Unhandled Input: Prune all posts in topicadmin.php.
 * 0000250: Remove Destructive Theme Writes From Primary Upgrade Script.
 * 0000252: Links in reported post messages have wrong format..
 * 0000264: XMB Forum User Impersonation - 2006-04-15.
 * 0000270: ROOT Should Not Appear in forumJump().
 * 0000271: Typo with the Email BBCode button.
 * 0000282: Unable to Attach Files on IIS.
 * 0000070: Search method should be GET.
 * 0000115: Member List Uses Wrong Default Sort.
 * 0000162: E-mail Privacy Default.
 * 0000178: Align BBCode Breaks When Empty.
 * 0000191: Duplicate Who's Online Entries.
 * 0000203: Template Leading Whitespace is Inconsistent.
 * 0000227: Unused $online Array Indexes Should Be Unset in misc.php.
 * 0000232: Firefox BBcode Causes Linefeeds to Disappear.
 * 0000256: PHP Notice Thrown by Invalid Registration.
 * 0000274: Last Login Date Incorrect in Editprofile.
 * 0000280: fixUrl() eats leading '(' char.
 * 0000020: Users See Blank Notice When Board=Off.
 * 0000022: Missing Translation, $lang[addressupdate].
 * 0000079: editprofile doesn't display username.
 * 0000110: Forum Admin Link Displayed to Non-Admins.
 * 0000159: Hyperlink BBCode Nonsense.
 * 0000234: today.php lastpost column doesn't match other areas.
 * 0000033: message() calls nav() when header is false.
 * 0000047: Wrong bgcolor used for quick reply captcha.
 * 0000078: Remove "postsubject" from the post_edit template.
 * 0000080: O.O.O. in Avatar Checking.
 * 0000121: Unused globals in function postify().
 * 0000161: member.php comment grammar.
 * 0000251: Strange Params for postify() in topicadmin.php?action=split.

XMB 1.9.10

Released on 9 June 2008.

 * MySQL Version requirement raised to 4.0.16.
 * CVE-2004-1862 Closed.
 * New forum permissions system.
 * New flow of control in post.php mitigates lost input.
 * Added Avatars to U2U messages.
 * Added Client-side avatar dimension checking.
 * Added Config.php corruption checking.
 * Added Forum group name to navigation "Breadcrumbs".
 * Added More Smilies Pop-up Links.
 * Added PID links from Search to viewthread.
 * Added U2U links to the Address Book.
 * Better Forum management page.
 * Better Magic-quote handling.
 * Better Unicode support within message bodies.
 * Fixed Avatar dimension checking on servers with allow_url_fopen = false.
 * Changed the Merge Threads dialog.
 * Fixed All LIKE and REGEXP query encoding.
 * Fixed Avatar List option.
 * Fixed Banned Members Cannot Logout.
 * Fixed Broken links to profiles.
 * Fixed Captcha contrast with theme colors.
 * Fixed Delete Posts in the admin panel member search.
 * Fixed Feature - Fix Last Posts - Very Slow.
 * Fixed I/O problems in the settings page.
 * Fixed Many problems in topicadmin.php
 * Fixed Moods Not Parsed Correctly.
 * Fixed Octet limitation in IP Banning.
 * Fixed Prune feature in admin panel.
 * Fixed Syntax bugs in CP Search.
 * Fixed Theme Creation Bug.
 * Fixed U2U Folder bugs.
 * Fixed Upgrade failures caused by inadequate index logic.
 * Fixed Verify email address links.
 * Moved 'Report post' and 'vote' features from topicadmin to new vtmisc.php file.
 * Removed $threadSubject from header.php.
 * Removed Extra queries from updateforumcount().
 * Removed Usernames from javascript Popup() calls.
 * Restored U2U multi-recipient buddy list feature.
 * Spell Check now consumes apostrophes and rejects digits.
 * Updated and corrected the server version checks.

XMB 1.9.9

Released on 26 March 2008.
Recalled on 19 April 2008 after a staff change at XMB.

XMB 1.9.8 SP3

Released on 9 May 2008

PHP Requirement raised to 4.3.0
CVE-2005-2574 Closed.
CVE-2006-1748 Closed.
CVE-2007-0519 Closed.
Fixed Avatar URLs with "&" or "php" never saved.
Fixed BB Code parsing inside [code] tags.
Fixed Can't delete attachments using Control Panel.
Fixed Captchaimages database table grows out of control.
Fixed Censors don't work if the same word is typed repeatedly.
Fixed color captcha when no background image used.
Fixed Control Panel won't save apostrophes in website title.
Fixed Full text profile search doesn't work.
Fixed Login after password-reset.
Fixed Logout doesn't work on password-protected forums.
Fixed Passwords with leading or trailing whitespace don't always work.
Fixed Rename attachment doesn't work.
Fixed search for posts in a specific forum.
Fixed Spaces in attachment filenames change to underscores.
Fixed random password generator array subscript overflow.
Fixed Status code was 200 when transmitting "forum not found" errors.
Fixed Top/Untop causes SQL error if no threads are selected.
Fixed User profiles show character entities like "&"
Fixed Usernames containing "&" cause broken links and tools.

XMB 1.9.8 SP2

Released on 31 December 2007

Fixed Can't see more than 2 pages of search results.
Fixed Deleting all but one smilie in the smilies manager causes error.
Fixed Invalid EHLO command in SMTP mailer.
Fixed Page int parameter sometimes incorrect in viewthread.php.

XMB 1.9.8 SP1

Released on 16 December 2007

[Fix] Poll Options Bug
[Cosmetic] Template improvements
[Feature] Forum quick jump status control in settings
[Feature] Registration form optional fields status control in settings
[Feature] Quick reply status control in settings
[Feature] Index Stats bar status control in settings
[Feature] Hide accounts that have not yet logged in on index and member list
[Feature] Option to search for accounts that have not logged in yet via admin panel in members settings option
[Fix] Addressed insertion issues with IE6 browser - Thanks to whinpo
[Fix] Addressed sub forum privacy bug from shwoing in several areas of the software.
[Cosmetic/Feature] Added who's online today back on index and removed redundant one in misc.php

XMB 1.9.8

Released on 7 December 2007

New poll system
Sub-Forums on index
Forum quick jump
Optimized search facility
Validation routines
Mass moderation
CAPTCHA integration
MySQL 5 compatibility
Cosmetic Improvements
New administration tools

XMB 1.9.7

This version was not released.

XMB 1.9.6

This version was not released.

XMB 1.9.5

Released on 7 March 2006

Fixed several security vulnerabilities.
Improved URL-matching regular expression as per RFC's.
Fixed ongoing charset bug.
Fixed new birthday code selection drop downs.
Made hover (mouseover) for category links consistent for IE and Mozilla.
Instated 32 maximum character restriction for usernames.

XMB 1.9.4

Released on 1 March 2006

Added better security to the [size][/size] pattern
Added new birthday-date format (ISO 8601 compatible)
Added optional (easier) debugging
Added post_edit_attachment to the template-preload-queue
Added printsetting4() for textarea's and converted existing ones to use it
Added SMTP-logging when DEBUG=true
Added limit for usernames, making them have min. 3 chars
Check for a 250 response on QUIT using socket_SMTP, according to the RFC this is required, and if missed could lead to odd behaviour
Date format fixes
Fixed '.' characters in URLs breaking links
Fixed CSS template to be loaded in error()
Fixed default time format not used during registration
Fixed HTML not properly being escaped in custom-status field
Fixed Moderator can still delete posts via thread-prune when allowrankedit=On
Fixed newsletters showing weird chars
Fixed no categories (and forums belonging to them) are shown in search to members and guests
Fixed 'no subject'-error may be shown on delete-post.
Fixed Read folders turning back to unread folders after 10 min
Fixed slashes stripped from threadtitles too often
Fixed slashes stripped from message/subject on newthread
Fixed 2 typos in error()
Fixed 2 uninitialized vars
Fixed Anonymous poster inherits Rank avatar from previous poster
Fixed banned users are still recieving subscription-emails
Fixed edit attachment > replace with [new attachment] doesn't work
Fixed password-protected forums showing in forums-select-lists
Fixed bug where "xmb_" was used instead of $table_
Fixed bug where email-input (message and headers) was not normalized correctly
Fixed bug where thread-redirect (created using Move Thread > Leave Redirect) was not removed when original thread was deleted.
Fixed bug with tableheader showing at the top when there were no cat-less forums shown and 'show at top only' was not turned on.
Fixed checking for text/html mimetype in attachments to be case-insensitive
Fixed E_NOTICE on $attachfile
Fixed flash-avatars not displaying correctly
Fixed forum names containing quotes
Fixed IP banning
Fixed miscasting of array/string in altMail() with socket_SMTP
Fixed SQL errors when no fid's are restricted.
Fixed page totalling for subscriptions.
Fixed password-protected forums show in `Forum most active in`
Fixed possible tid injection
Fixed security issue with being able to delete your current account and top level super administrator
Fixed slashes in post-preview.
Fixed subject-in-title showing thread-subject on template-edit
Fixed U2U folder highlight
Fixed XSS injection exploit by unsanitized input.
Fixed date format validation during registration/profile-update
Fixed theme-default set to '' instead of 0
Fixed To header usually missing in the mail-headers
Fixed various HTML-validation errors
Fixed 'send u2u to email' showing raw HTML output
Altered theme code to produce a 20x speed increase
Access to password-protected forums is now automatically cleared at (explicit) logout
Better password-protected forum support in search
Better support for password-protected forums
Changed LEFT JOINs to STRAIGHT JOINs to improve query-speed
Changed login to use putCookie()
Cleaned up initialization of $indexBar/$indexBarTop vars
Cleaned up theme-download code
Decreased memory usage, thus increasing efficiency on hosts with little memory (set for mysql)
Fixed various E_NOTICE level errors
Enhanced Edit button
Got rid of xmb_forums JOINs in most stats-queries, thus improving loadingtimes
Improved viewthread validation procedures.
Lowered default maximum attachment size for smaller boards. (1MB -> 250 KB)
A lot of MySQL 5.0 compatibility fixes
Switched from delete3=3 style to delete[3]=true style in ipban
Updated stats to show as efficiently as possible for super admins
Updated $restrict to be more efficient
Updated censor() regexp to catch more words
Updated smilieinsert() to correctly create a table with smileys
Rewrote part of the socket_SMTP class to correctly talk with the SMTP server; thus fixing many previous issues with it
Removed $lang['copyright'] (same in all languages; always) and moved it to header.php
Removed duplicate (unused) code
Removed noaccess() function as it's no longer in use

XMB 1.9.3

Released on 6 November 2005

(re-)fixed class="tablerow" missing in faq_misc_rankrow template
Added a newline between the "no subject found" and the actual post-screen when an error is found
Added better $restrict regexp (which now also allows \n and \r as a separator)
Added error when given fid AND tid are incorrect (non-existent)
Added fix to censor thread subjects in the Who's Online.
Added footer_* templates to automatically preload (aswell)
Added non-preloaded templates to preload queue
Added temporary unicode-entities fix
Cleaned up subforums code and fixed code so that the table header for subforums only shows when neccessary (Thanks Stu! (tid=755422))
Encoded moderator usernames for RFC member profile URLS
Fixed 'no categories (and forums belonging to them) are shown in search to members and guests'
Fixed various E_NOTICE notices
Fixed `$self[dateformat] and $self[timecode] undefined` [tid=755518]
Fixed `delete on reply does not delete message`
Fixed `no quote is added when quoting`
Fixed `no slashes in preview`
Fixed `original U2Us being deleted despite "reply & delete" not being selected` [tid=755080]
Fixed bbcode for Safari Browsers
Fixed bbcode-security-hole
Fixed `board logo not showing in view printable` (threads and u2us).
Fixed bug where email sent had the subject as the message, and no actual message in it at all
Fixed bug where setting the default timezone didn't work correctly
Fixed bug with an E_WARNING being sent when using altMail() in safe_mode
Fixed bug with tableheader showing at the top when there were no cat-less forums shown and 'show at top only' was not turned on. [tid=755551]
Fixed bug with tableheader showing in categories [tid=755551]
Fixed division-by-zero in member > profile
Fixed email-bbcode button not working in normal mode
Fixed error when deleting U2U's from Trash folder
Fixed missing apostrophe which caused errors editing forums when debug was on.
Fixed page issues when ppp was less than 5 (Missing validatePpp())
Fixed security issue that showed subjects of threads you were not authorized to view in title bar. [tid=755557]
Fixed undefined variables when viewing printable U2U's by adding them to the globals line.
Fixed various XHTML 1.0 non-comformational bugs [tid=755581]
Fixed various minor issues
Fixed warning when viewing non-existent forum
changed file_exists checks to use the ROOT constant
got rid of notices
implemented shortenString()
made various regexps quicker
preloaded all templates that require it
removed ?> to prevent headers-already-sent-warnings due to whitespaces; according to this will still work.
updated $restrict switches to work generally better
updated versioning

XMB 1.9.2

Released on 20 September 2005

added checks for '.' and '..' in avatarlist options. This stops '.' and '..' from being chosen as valid avatars (they're not files!)
added "prune normal posts" to thread pruning
added "reply and delete" feature to u2u
added "reset usesig on sig-change"
added "show thread subject in title"
added "threads marked as read" code
added $footerads
added (missing) put_cookie constants
added automatic preloading of header,css,error and footer templates
added Czech lang file
added check for '.swf' extension in flash-avatars
added check for magic_quotes_runtime, so XMB won't break when it's turn On (in most cases)
added DEBUG-flag shows in page-title
added dropIfExists option to `Database Backup`s create_table() function (is automatically turned On in this feature)
added Serbian lang file
added XHTML valid flash (X)HMTL
added alternative SMTP-mail-handling
added browser-sniffing code
added browser-specific bbcode JS
added checks for htmlentities_decode() and htmlspecialchars_decode()
added default full_url based on system used to installer
added default icon for threads that have none
added default timezone
added e-coupons ads
added full_url checker to installer
added ignore max avatar size on flash movies
added indexBar
added missing templates to preload()
added (new) mozilla-specific bbcode
added protection to delete user and delete posts links with JS
added support for optional theme-specific theme.css file
added u2u flood protection
fixed "attachment isn't copied when using copy thread"
fixed "avatars are mistakenly interpreted as flash due to commas in the filename"
fixed "categories stacking in 'specific forum' select, in search"
fixed "database not found error is not fatal"
fixed "empty categories showing"
fixed "fixLastposts() doesn't update xmb_threads table"
fixed "installer never removes /install/ dir"
fixed "invalid size for [size] bbcode causes Parse Error"
fixed "language files not ordered (alphabeticaly)"
fixed "max avatar size is flawed with flash movies"-bug
fixed "most active forum also shows categories"
fixed "no ROOT (contant) support in language-selection"
fixed "poll options contain empty bar on the right"
fixed "quickreply bulging out"
fixed "regexp error in todays posts when usernames contain '*', '.' or '%'
fixed "rename user does not rename moderators in the moderator section"
fixed "threads can be moved to forums that are off"
fixed "view as printable - doesn't show proper time and date"
fixed "view as printable - dumps everything on one line"
fixed updatethreadcount() lastposts issue
fixed various `rename user`-bugs
fixed various XHTML validity issues
removed bbcodefns.js
updated wording of $lang['disclaimer'] to reflect the fact that it's NOT fixed (yet)
updated the way the disclaimer is shown (via JS popup)

XMB 1.9.1

Released in October 2004

XMB 1.8

Released in 2003
"PID" issue fixed
PHP 4.2.0, 4.2.1, 4.2.2 + Issues Corrected
Whos Online ,,,,, Issue Corrected
U2U Subject Slashes Fixed
Whos Online IP Improved
Whos Online Logging Improved
HTML in names vunerability corrected
HTML/Java within signatures fixed vunerability fixed
Todays Posts SQL Queries Cut From 120+ to 15
U2U Letter Icon on receipt of new message / later removed
"Search" option added into editprofile template
Several other account details added into members control panel
Language file updates, spelling/grammar corrected
Members sql table settings changed which caused registration errors for boards over 5,000 members or so.
New Post icon/link added into index.php for easy/fast access for forum staff, members and visitors.
Attachments Vunerability Fixed
Bump/Delete Thread icons added for administrators/super moderators in thread index
Top/Untop icons added for administrators/super moderators in thread index
Added Yahoo Support
Minor Stats-bug fixed
Better support for IM-services
Experimental Support for ms-sql added
Removed redundant text from u2u-messenger and CP
Added more text for errors in the CP
"Black" box/table fault corrected in search results template
URL Parsing Issue Fixed
Posting without typing anything in both the message AND the subject of posts is not possible anymore
Cut down on a total of 59 queries
Control Panel "Tools" now blend in with the overall board theme instead of a white page.
"Last 50 users online" added into index.php for large communities its set to list online 50
misc.php?action=onlinetoday will show *all* users who have been online within the past 24hr period.
Administrators can now clear all u2us from the system, this includes all members, admins, mods & super mods.
Administration Control Panel login gateway added, instead of "not authorized" member must login & have admin status.
Smilies added into "preview post"
Topic Admin/Admin Control - > Move "Move" is selected instead of "Leave redirect" to save forum "mess"
Bump Icons REMOVED from forumdisplay - not useful enough
"Hammer" added into forum display, links to admintools for that topic (forum display now has top/untop/delete/hammer)
"Register" button now added into index_welcome_guest - as users reported the the link was previously hard to find.
"Feature Not Available" alerts added when mem list/faq/search is turned off...
1 Query Per Post/Reply/Message removed from viewthread (100 posts = 100 queries less etc)
Minor updates made to cp, cp2 and tools, control panel slightly modified
Registration rules template has been corrected, spacing was off, and the rules now have a proper header/text
Coppa template modified, button and spacing corrected.
Icon added top left on forumdisplay - only visible to administrators - links directly into the cp edit forumsettings
Modification to the language files "Who Can Post?" Administrators/Moderators made bold to stand out
New template added for incorrect username/password login instead of white page "Password Incorrect"
U2Us can be sent to multiple users, to send use "Name1, Name2, Name3, Name4, Name5" etc
4/5 Version strings added so they can be used in footers/page titles - available in long, short, basic, build, company
Multiple U2Us -> Unknown User Error Corrected
"Version Check" and "Agreement" added into the installation process.
Super Administrators can now view users u2u inboxes. To use go into admin cp/members - after search
"View Inbox"
Administrators cannot send messages from users or use features such as ignore, this could lead to abuse/privacy issues.
Fix Forum Themes added into tools.php, some forum themes get set to "name" and cause problems.
This query will reset all forum themes named "name" to the default board them
Who's Online tables on index.php now reflect category backgrounds and not just colour.
Who's Online Key Text Added
Whos Online Super Moderators now italic and bold, there was not enough visible difference
Viewing Members Profile - Layout changed and headers now reflect category imags and not just colour
Who's Online displays the forum name/what they are doing instead of a URL for more information
Members List - Links/Button layout changed slightly at the bottom
Members List - Status/UserID column added for more information on members
Forumdisplay template modification, 2 blank tables appear when there are no posts in a forum
Super Administrators added, only super admins can read users u2u messages, will be used in future
Super Administrators are invisible from whos online
Members Profile, If yahoo name is listed links to yahoo profile
Members Profile, If msn name is listed links to msn members profile
Members Profile, If icq name is listed links to icq profile
News ticker added into the settings area of the control panel
News ticker can be turned on/off
News ticker delay added
Control Panel System Updated with design/layout/features
Member Registration, tables moved appart and category code added into table headers (so images in headers)
Search feature added into the control panel, board staff can search for IPs, posts with censored words etc
Whos online, view inbox icon added
Fixed 'impossibility to login to a protected forum by using last post' and directly via URL and not category
URL check added, invalid strings which are used to overload apache have been blocked
Password can only be requested once every 24hrs
Users can only register once every 24hrs
Registration off template added
When registration was off, members could still register, this has been corrected
Javascript in avatar url vunerability corrected
Post icon vunerability corrected
Javascript poll vunterability corrected
Logged in members cannot register a new name while logged in, you must be logged out
Admins/Mods/Super Mods can still register wile connected
Private forum vunerability corrected
Spoof usernames vunterability corrected
Registration is set to one per day per IP address
Navigation Symbol Format Corrected
Javascript URL vunerability corrected]
Clear cookies ability added
View poll results added - no longer have to be logged in or have voted to view
Admins cannot make themselves s'admins
Super admins completed, permissions etc.
Upgrade in the control panel is only available to super administrators
Last post feature updated
Removed double queries and checks from header.php
Templates updated
Stats error corrected - when no posts were present it would generate a serve error this has been replaced with our error alerting the user there are no posts to generate stats.
Feature Stats open brackets corrected in templates
Time format changed (back)
Header and footer is now displayed with every error
time is displayed correctly when script is terminated early.
JS-vulnerabilities fixed
memberlist can now be turned on/off (again)
bboff-reason will now be stored (again)
DateFormat can now be changed (again)
Cut a query in header.php
Cut a query in memcp.php
2 missing templates added
Processed time is now calculated using a special function.

XMB 1.6 v2c

"PID" issue fixed
PHP 4.2.0+ Issues Corrected
Whos Online Issue Corrected

XMB 1.6 v2b

Coppa Button replaced
HTML/Smilie Function Fixed
Forum password now saved
Extra Spaces in search fixed
Installation screen image changed
On release date which is used for traces etc is offline if the site does not come back you may wish to use another site such as or simply change the url in the templates.
Header/control panel security hole fixed

XMB 1.6

Index logs, log IP/xmbusername/hostname/referral/browser information added into control panel
Index log clears after 300KB of data or around 2500 logs.
Administrators can now choose to ban users from accessing the forum, sending U2Us, posting or all 3.
Administrators can now edit users profiles, view signup IP, current IP, user ID/number/posts etc
When a post is closed, if it has a poll, the poll is also closed.
Whos Online - IPs are displayed in the format of "WTAL"
  W = Perform Whois
  T = Perform Tracert
  A = Perform All Tasks (whois, tracert, dns lookup, ping)
  L = Lookup
  M = Map
Multi Page Todays Posts & Forum Stats Added
Language Files Updated
Viewthread, shows whether the author is offline or online
U2Us, you can now see which messages you have read/unread.
You can also see the status of your sent messages, to see if the person has read them.
""Header.php, FAQ.php, Today.php, Config.php security holes fixed.""
Javascript Alert bug fixed within bb img code fixed
Viewing private forums/edit hole fixed
Email Newsletter, emails are now received from "board name " instead of from email
Administrators can now send newsletters to members, admins, mods, supper mods or all team members.
U2U Newsletter Bug fixed
New installer and full documentation in Word format (.doc) and text format (.txt).
Whos online admin/mod/smod appearance changed.
Restriction Manager, admins can ban user names or email addresses.
Ability to choose whether users use a preset list of avatars or their own urls.
Drop down time zone instead of input box
Link on user profiles / only visible to admins
User Moods added, users can change their mood in their member control panel
Users mood from profile is added into viewthread under each post they make
Admins can see how many users are using a certain theme.
Turn stats, todays post off via control panel.
BBCode - Marquee, Strikethrough, Blink Added
MSN icon added in viewpost if the author has msn details in their profile

XMB 1.5

Released on 22 February 2002

All security bugs fixed
Removed several installation bugs
Added Icq/Aim/Yahoo support
Fixed u2u problems
All forum leaders are listed on member list page
Custom titles on/off through cp, member can set his title through the member cp
Cleaned out themes --> faster
Cleaned comments and useless lines out of the php files --> faster
Removed some HTML with Java (in Templates)
Working BBCode
Some updated lang files
Better read-me
Fixed problems with slashes
Fixed like 20 other things, i dont remember them anymore...

XMB 1.5 Beta 1

Fixed some minor and major bugs

XMB 1.5 RC5.1

Fixed a possible problem with zip file attachments.
Fixed some problems with polls.
Fixed signature bugs.
Fixed some tempalte bugs.
Made the codebuttons.js a tempalte, and added lang file support to it.
Fixed the Guest Time, problem. So it just says 'never'
Fixed sub forum ordering.
Fixed the calculations done for the percent of posts a member has.
Dot folders can not be turnd of properly.
BBCode now isnerts where your cursor last was in posts.(Smilies in final)
Merging threads now removes one thread from the forums count.
Removed [img=][/img] … Deemed useless/caused bug.
Fixed pruning.

XMB 1.50 RC5

Anonymous Posting Fixed (Thanks to Javaman for this fix)
Attachments (Thanks to Javaman for this fix)
Forum Multipaging (Thanks to BelleAngeli for this fix)
Limited Searches to last 30 results.
Fixed the install script a bit.
Fixed the CP problem with the templates.
CP problem some would have after installing Denis' link color hack.
Outbox now works properly.
Report post Column Count bug fixed.
Turned off auto selection of notify. (Not a bug persai, but fixed)
Took care of some other template bugs.
Favorites fixed in the User CP.
Fixed the Move w/Redirection Column count error.
Removed the 'go' button from moderator options.
Fxed the bug that let moderators 'auto-top' whether they were a mod in that forum or not.
Included several lang.php files.
Fixed BBCode problems when multiple XMB Forum Code's were used.
Added [img=][/img] to allow linked images properly.
Query reductions on viewthread.php(Thanks to Aharon)
Made the signature tempalte based (The division)
Last post fixed on viewthread.php(Thanks to SurfiChris)
Some redirection and other changes to u2u.php (teckel)

XMB 1.50 RC4

Theme importer/exporter
Ability to turn off edited by messages
Category Text colors
Show threads from the past 30 days by default
Better [url=] code
'dot' Folders
Better attachments system, including download count
Redirect to post after posting
Lastpost icons on index and forumdisplay
Option to view attached images inline
New Code Buttons

XMB 1.50 RC3

Added code and list buttons in automatic bb code inserter
Cleaned up FAQ, added some tags to the bb code section
Fixed small member editing bug (wj)
You can now add subjects for replies if you wish
Fixed some modcheck() errors (wj)
Fixed some small quote bugs
Fixed private forum bug on forumdisplay
Fixed bug where it let topics with just spaces as the whole subject be posted
Split/Merge Topics
Removed Forum Jump (boooo!)
Option to turn auto bb code inserter and auto smiley inserter on/off
XMB is now under the BSD license
Cleaned up the auto smiley inserter table
Valid e-mail address required
Whos online list now alphabetized
You can now make the background an image instead of a color
Option use drop down list of avatars (upload to /avatars)or Avatar URL
Fixed security issue with cp2.php (thanks kinyo!)
User CP (Thanks surfi!) Including Favorites and Subscriptions (email notification)
Option to not allow the same e-mail registered more than once
Small bug with deleting posts (kinyo!)
Plugin System
U2U is now completely secure (thanks again kinyo!)
File attachments
Database wrapper (no more mysql_query, its now $db->query)
Template Support (thanks surfi)
General Code Cleaning (surfi)
Image Directory and Smilie Directories per theme (surfi for smilie directory)
Moved: and Poll: prefixes applied to moved threads and threads that contain polls (surfi)
Option to chose how many smilies and columns you want for the smilie inserter (surfi)
Forum Passwords (surfi)
New readme and config.php instructions (thanks bc!)

XMB 1.11d

Added the [edited on "date" by "username"], that i forgot to add back in 1.11c.

XMB 1.11

Huge bug fixes for the unix time stamp 1billion bug
Bug fixes from 1.05 release

XMB 1.05

If announcements are off, they don't show up in forum jump
Fixed multiple bugs with navigation and turning sections off
Option to turn off stats on index in CP
You can edit your post icon now when editing a post
You can now send a newsletter via U2U.
Whos online displays IPs to Admins and is now sorted by time
Option to disable report post feature
Fixed bug that prevented modification of post icons in CP
Option to disable processing time below copyright in CP
Fixed the time/date formatting on post review (when replying)
Added some new things to stats
Option to top topic right from post form if you are Admin, Super Mod, or Mod
Fixed small bug with multiple pages on viewthread
Search now searches subject too instead of just messages on topics
New option in search to search topics, replies, or both
If categories only on index is on, category is displayed in navigation now
GMT time instead of server time
Fixed small display order bug
Fixed user access list bug
New Topic/Reply links are smaller now
Stats doesnt show topics from private forums that user doesnt have access to
Fixed a bug with No Reg Required option and blank usernames
Cleaned up forum jump, added sub forums and categories
Fixed minor bug regarding posting in non existant forums
Cleaned up the move topic drop down menu as well
Moving topics from sub forums to forums finally work

XMB 1.0

Automatic smilie inserter is back!
LOTS of small bug fixes that I was too lazy to document
Delete forum in More Options... page
Time/Date Format options in CP and profile
U2U icon isnt displayed when U2Us are off on viewthread.php
Did a lot of tidying up around the layout, more organized
make prune subtract from forum total posts/topics
Preview Post is now perfect
Search memberlist feature
Fixed links (some links only show when you're logged in, some when your logged out)
All members option in CP taken out, added Search by status
Improved multipage links (coder)
You can resize images via bb code
Fonts, images, and font sizes can be edited via themes section in CP now
Fixed up topicadmin messages
Avatars per rank
Changed all "blob" columns over to "text" (no binary data involved, no need for "blob")
Fixed themes per forum bug
Took out favorites list (to be re-written later)
Forums with new posts now show it on forumdisplay (completely fixed new post image thingies)
Sub forums are back baby!
Email Notification!
Many more small feature additions/bug fixes/code cleanings that I'm too lazy to document
Took out thread ratings
Unlimited moderators

XMB 1.0 Beta 3

Fixed bug with tpp and ppp for profile
Started using indexes in MySQL
Dropped category table, categories now uses forums table and is completely OPTIONAL
UsErNaMe CaSe bug is all fixed no
Search link below each users profile is now actually a link
Change password bug fixes
BB Code is now FLAWLESS thanks to mysticflash!
Better Netscape compatibility
Now takes out all spaces before and after a username
Increased U2U security
U2U outbox
Multi page fix on forumdisplay
Who's online record
No cache page headers
U2U not available to users not logged in
Avatars are toggleable in cp
Changed all times to 24 hour format
Fixed navigation on post.php and topicadmin.php
Report Post feature added
Fixed smileys in numerous places
Gzip Compression options
Scrapped prune option, it didn't work
New bb code options
Turn forum/forum group on and off
New bb code/smiley parsing technique
Many other small bugs fixed

XMB 1.0 Beta 2

Fixed bug with U2U on thread starters in viewthread
Count optimization on index and forumdisplay
Text mode
Fixed bug with slashes on print thread
Icons are centered in forumdisplay
Fixed slash bug on favorites
Fixed slash bug on rules and bboffreason
Fixed multiple bugs with quoting
Fixed member list
Cleaned up the HTML for the member list
Fixed favorite threads
Site Name and URL fields in settings, header has link back to site.
Fixed slashes bug on topic review when replyiing
Link to last post on index.php
Fixed bug with reply with quote on private forums when not authorized
Took out URL tags, board automatically tags URLs now
Re-designed sub-forums

XMB 1.0 Beta 1

Private sub forums
Color preview of what current color is in CP
Link to edit profile for member in CP
Folder icons for sub-forums
Made online page (link is the "Who's Online" in index.php)
Added the buddy list and U2U links to pages on misc.php
Move topics from forum to sub-forum and vice-versa
Re-formatted changelog again.
You can no longer enter a blank password
Fixed bug for making new themes
Fixed multiple bugs in U2U and Buddy List
Fixed bug with username CaSe
Turn U2U on or off
Prune posts (and delete all topics by username)
Fixed bug with location in profile
Username is linked in announcements
Table width in themes
You can now specify a list of users with access to a forum
Fixed a bug with censoring
Now traces IP on registration
Fixed a bug involving the member list and passwords
Cleaned up some HTML in header.html
Stripped slashes from subject title in viewthread.php
New Topic, Reply can no be either text or images.
When you delete a forum, all posts and topics are now deleted too.
You can toggle Search, FAQ, and Member List on and off
You can toggle the board logo now
Fixed a bug with "reply with quote" on closed topics
Favorite threads!
You can now turn post icons on or off in control panel
Fixed "Last active" bug on misc.php
Option to post out of sub forums
Greatly optimized viewthread.php
Fixed multipage bug in forumdisplay.php
Fixed private forum bug in viewthread.php
Fixed "The topic you have chosen..." bug
Fixed bug for replying with quote to messages with ' or "
Topics with multiple pages now have multi page thing in forumdisplay
Shows a summary of topic below the posting form when replying
Smileys now sort in rows when posting (thanks xarph)
Smileys in FAQ now in a neat little box (again, thanks xarph!)
Re-formatted changelog (it looks pretty now)
Fixed fairly big U2U bug (won't go into specifics)
Combined 5 queries into one in (should be blazing now on large sites)
Fixed bug when editing profiles (postify function bug)
Took out karma, you can ban people by username and its much more efficient (sorry bond).
You can't post in non existant forums/sub forums anymore, nor can you reply to non existant threads
Fixed forum jump so hidden private forums are now actually hidden.
Many bug fixes (didn't keep track, sorry)
Toggle sort options in forumdisplay.php
Topics/Posts per page in profile
Avatar URL
Show categories only in index.php option
Hide private forums from non-authorized users
Search members in CP
Cookie path no longer in effect
Dropped xmb_settings, its now in a text file
Newsletter option (email all members)
Dropped multiple queries throughout the script
Anonymous posting options
Banning by username