+-----------------------------------------------+
| MyBB 1.2.x Vulnerability Fix                  |
|   Manual Patch Instructions                   |
|                                               |
| Please note:                                  |
|  This is a temporary patch for MyBB 1.2.x     |
|  boads to protect against a new security      |
|  vulnerability.                               |
|  MyBB 1.2.8                                   |
|                                               |
+-----------------------------------------------+

---------------------------
1. misc.php
---------------------------

Find:
--
	if(!$mybb->input['imtype'])
	{
		error($lang->error_invalidimtype);
	}
--

REPLACE with:
--
	if($mybb->input['imtype'] != "aim" && $mybb->input['imtype'] != "icq" && $mybb->input['imtype'] != "msn" && $mybb->input['imtype'] != "yahoo")
	{
		error($lang->error_invalidimtype);
	}
--

---------------------------
2. private.php
---------------------------


Find:
--
	$plugins->run_hooks("private_do_export_start");
--

ABOVE it add:
--
	if($mybb->input['exporttype'] != "csv" && $mybb->input['exporttype'] != "text" && $mybb->input['exporttype'] != "html")
	{
		exit;
	}
--

---------------------------
2. inc/class_core.php (Version number change)
---------------------------

Find:
--
	/**
	 * The friendly version number of MyBB we're running.
	 *
	 * @var string
	 */
	var $version = "1.2.8";
	
	/**
	 * The version code of MyBB we're running.
	 *
	 * @var integer
	 */
	var $version_code = 128;

--

REPLACE it with:
--
	/**
	 * The friendly version number of MyBB we're running.
	 *
	 * @var string
	 */
	var $version = "1.2.9";
	
	/**
	 * The version code of MyBB we're running.
	 *
	 * @var integer
	 */
	var $version_code = 129;

--