phpBB1 was released in 2000. phpBB2 was released in 2002. phpBB3 will be released in 2007.
It wasn't until a couple years ago that they raised the minimum version from PHP 3 to PHP 4 for phpBB2. phpBB is old. You can't say they could predict every exploit that was going to happen when they first released phpBB2 in 2002. phpBB2 does have methods to sanitized user input but it's better and easier to use in phpBB3. > -------Original Message------- > From: Joshua Simpson <[EMAIL PROTECTED]> > Subject: Re: [UPHPU] phpBB3 Release Date Announced > Sent: Dec 12 '07 23:37 > > On Dec 12, 2007 3:28 PM, <[LINK: mailto:[EMAIL PROTECTED] > [EMAIL PROTECTED]> wrote: > Yes. We had a paid security audit done by SektionEins ([LINK: > http://www.sektioneins.de] http://www.sektioneins.de). SQL queries and > getting user data has been standardized so that they are cleaned before use > making it very unlikely for SQL injection and other attacks to happen. > > > It took them 3 major versions and several years to get input sanitization > standardized? > > I'm just surprised that phpBB is still around. _______________________________________________ UPHPU mailing list [email protected] http://uphpu.org/mailman/listinfo/uphpu IRC: #uphpu on irc.freenode.net
