xbtit v.2.1
-----------
fixed all known bugs and security problems
xbtit v.2
---------
There is really a lot of changes, all files are different, it's not possible to upgrade a modified Btit 1.4.x without doing standard database upgrade (using upgrade.php) and then applying hacks again on your new installed clean xbtit. Please note that you'll have an easy way to install hacks, but all existing hacks need to be packaging (at the moment not one is done).
Now let's go with major changes list (new features only):
- real template system, 99% of the html code is out for the php files using bTemplate (http://www.massassi.com/bTemplate/)
- rewritten (a little optimized) announce.php (for internal tracker)
- support for xbtt (http://xbtt.sourceforge.net/tracker/) backend by Olaf Van der Spek
- support for external mail server using phpmailer (http://sourceforge.net/projects/phpmailer)
- rewritten internal forum from scratch with subforum support
- support for smf forum (http://www.simplemachines.org/) instead of internal (big thanks to petr1fied)
- "one click hack installer", an easy way to install hacks into your tracker (a working example is provided)
- modules support
- new online procedure
- new AJAX shoutbox (big thanks to miskotes)
- Xss/SQL injection protection with log insertion (thank you cobracrk)
- new AJAX polls system (thank you to Ripper)
- new design (4 styles provided by TreepTopClimber)
- Rss reader (only class, with example in admincp for btiteam.org latest news)
- basic cache system
- new language system (array is used instead of constant)
- smf_import script to import standard internal forum and users to smf (thank you again to petr1fied)
Don't remember other "major" changes, you should know that xBtit asked a lot of work and test, thank you to all
- developers
- testers
- forum admins
- users
===============================================================================================
Btit Tracker v.1.4.7
--------------------
FIXES:
------
- fixed wrong formatted peers and banned IP(announce.php)
- XSS fix (upload.php)
- PM send to guest or "myself" (usercp.php)
LIST OF CHANGED FILES:
----------------------
- include/functions.php
- language/english.php
- language/polish.php
- announce.php
- upload.php
- usercp.php
Btit Tracker v.1.4.6
--------------------
FIXES:
------
- cosmetic changes (blocks/lasttorrents_block.php, blocks/toptorrents_block.php, edit.php)
- Guest can shout (using external html code) (blocks/shoutbox_block.php)
- Added latest crk_protection.php (thanks to cobracrk) (include/crk_protection.php)
- fixed peers issue (details.php) (http://sourceforge.net/tracker/index.php?func=detail&aid=1828098&group_id=146822&atid=766508)
- default language in recover (recover.php)
- Possible SQL injection (torrents.php)
LIST OF CHANGED FILES:
----------------------
- blocks/lasttorrents_block.php
- blocks/shoutbox_block.php
- blocks/toptorrents_block.php
- include/crk_protection.php
- include/functions.php
- details.php
- edit.php
- recover.php
- torrents.php
Btit Tracker v.1.4.5
--------------------
FIXES:
------
- extend error messages on signup and XSS fix(account.php)
- guest can view torrent's details using full url and guest edit/delete guest's torrents (details.php) (https://sourceforge.net/tracker/index.php?func=detail&aid=1748243&group_id=146822&atid=766508)
- XSS fix (moresmiles.php)
- XSS fix (recover.php)
- external progress % (torrents.php)
- XSS fix (usercp.php) (https://sourceforge.net/tracker/index.php?func=detail&aid=1753797&group_id=146822&atid=766508)
- guest can shout (blocks/shoutbox_block.php) (https://sourceforge.net/tracker/index.php?func=detail&aid=1764809&group_id=146822&atid=766508)
- SQL Injection fix (include/functions.php)
LIST OF CHANGED FILES:
----------------------
account.php
details.php
moresmiles.php
recover.php
torrents.php
usercp.php
blocks/shoutbox_block.php
include/functions.php
Btit Tracker v.1.4.4
--------------------
FIXES:
------
- all externals torrents should update correctly now (functions.php).
- secured user's data change (email, etc.) in usercp.php
- upload/download bug (announce.php) (https://sourceforge.net/tracker/index.php?func=detail&aid=1729127&group_id=146822&atid=766508)
- syntax error (details.php)
- category fix (edit.php) (http://www.btiteam.org/smf/index.php?topic=8009.0)
- syntax error (login.php)
- correct error when image code is enabled (recover.php)(http://sourceforge.net/tracker/index.php?func=detail&aid=1733872&group_id=146822&atid=766508)
- correct problem with extras smilies (shoutbox_block.php)
- disabled the check "allow tracker to retrieve informations from torrent", so it'll always do it and fix category dropdown menu. (upload.php)
- pm outbox problem (usercp.php)(http://sourceforge.net/tracker/index.php?func=detail&aid=1723482&group_id=146822&atid=766508)
- syntax errors (userdetails.php) (http://sourceforge.net/tracker/index.php?func=detail&aid=1739546&group_id=146822&atid=766508)
LIST OF CHANGED FILES:
----------------------
announce.php
edit.php
login.php
recover.php
shoutbox_block.php
torrents.php
upload.php
usercp.php
userdetails.php
include/functions.php
Btit Tracker v.1.4.3
--------------------
FIXES:
------
- customized groups assignement (account.php) (https://sourceforge.net/tracker/index.php?func=detail&aid=1723234&group_id=146822&atid=766508)
- editing torrent with apostrophes names (https://sourceforge.net/tracker/index.php?func=detail&aid=1720513&group_id=146822&atid=766508)
- changed all max() functions with intval() function which is more secure.
LIST OF CHANGED FILES:
----------------------
account_change.php
account.php
comment.php
edit.php
forum.php
news.php
torrents.php
recover.php
admincp.php
announce.php
details.php
peers.php
torrent_history.php
usercp.php
userdetails.php
include/functions.php
Btit Tracker v.1.4.2
--------------------
FIXES:
------
- functions.php, alway turn off register global and simulate if not set.
- sanitized forum.php.
- download.php, fixed PID with multitracker's torrents.
LIST OF CHANGED FILES:
----------------------
download.php
forum.php
include/functions.php
Btit Tracker v.1.4.1
--------------------
if you update from previous version, DON'T upload install folder and
run the query upgrade/v14_to_v141.sql for upgrading your database.
NEW:
----
- Installation script (thanks JBoy).
FIXES:
------
- Admincp access by all authorized users and classes.
- Mysql stats (admincp) use tracker style.
- Delete comments from torrent's details.
- possible XSS injections in forum, usercp, users.
- problem in announce if php not compiled with bcmath support.
- Image code in recover
- changed password cookie.
- All problems found on 1.4 by users.
- Email verification when user change own email (usercp), hack by Petr1fied.
NEW LANGUAGES CONSTANTS (ALREADY DONE IN INCLUDED ENGLISH.PHP):
---------------------------------------------------------------
define("REVERIFY_MSG", "If you attempt to change your email address you will be sent a verification link to the email address you wish to change it to.
The email address on your record will not update until you verify the new address by clicking the link.");
define("EMAIL_VERIFY", "email account update at $SITENAME");
define("EMAIL_VERIFY_BLOCK", "Verification email sent");
define("EMAIL_VERIFY_MSG", "Hello,\n\nThis email has been sent because you have requested a change to the email address currently held on your record, please click the link below to complete the change.\n\nBest regards from the staff.");
define("EMAIL_VERIFY_SENT1","
A verification email has been sent to:
");
define("EMAIL_VERIFY_SENT2", "
You will need to click on the link contained within the email in order
to update your email address. The email should arrive within 10 minutes
(usually instantly) although some email providers may mark it as SPAM
so be sure to check your SPAM folder if you can't find it.
");
define("REVERIFY_CONGRATS1", "
Congratulations, your email has been verified and successfully changed
From: ");
define("REVERIFY_CONGRATS2", "
To: ");
define("REVERIFY_CONGRATS3", "
");
define("REVERIFY_FAILURE", "
Sorry but this url is not valid
A new random number is generated each time you attempt to change your email so
if you're seeing this message then you've most likely tried to change your email
more than once and you are using an old url.
Please wait until you're absolutely sure you haven't received the new
verification email before attempting to change your email again.
");
define("NOT_MAIL_IN_URL", "This is not the email address that was in this url");
define("ERR_AVATAR_EXT","Sorry only gif,jpg,bmp or png allowed");
LIST OF CHANGED FILES (Probably all):
------------------------------------
account.php
admincp.php
announce.php
comment.php
forum.php
index.php
install.me *** NEW ***
login.php
readme.txt
recover.php
scrape.php
usercp.php
userdetails.php
upload.php
language/english.php
include/common.php
include/mysql_stats.php
include/searchdiff.php
include/functions.php
install/* *** NEW ***
sql/database.sql
upgrade/v14_to_v141.sql *** NEW ***
Thanks to all developers.
Btit Tracker v.1.4 (BIG thanks to gAnDo, miskotes, cobracrk)
------------------------------------------------------------
NEW:
- User's name clickable with prefix/suffix in shoutbox.
- Private mail's preview.
- Comment's preview.
- Timezone selection (Petr1fied).
- New flag images.
- Added link for do sanity on request in admincp (main page).
- Username can be edited by mod/admin using the edit option in users' list.
- Dbutils hack in admincp.
- Mysql stats (courtesy of CoLdFuSiOn from Tbdev.net) in admincp.
- Other smalls things which don't remember. :)
CHANGES:
- Announce and scrape completly rewrited (should be more faster and resourceless)
- Fixed all known security holes
- More countries
- Invalid characters in username not allowed (caused some problems in tracker administration)
- Changed default