This fixes a bug that could potentially expose the administrators password if a hacker sends malicious code via the referrer.

If Click Logging is disabled, your forum is safe, if not you should patch.

Code <author="Justin"> <modname="XSS Fix 2"> <version="1"> <boardversion="P9"> <site="http://www.eblah.com"> <desc="Fixes a small bug."> <openfile="Code/Routines.pl" writes="1"> <mod search="1"> $ref = $ENV{'HTTP_REFERER'} =~ /$rurl/ ? '' : $ENV{'HTTP_REFERER'}; </mod end> <mod write="1" action="1"> $ref = Format($ref); </mod end>

Paste that code in your Modification Center, and then install the mod once you've "uploaded" it via the Mod Center.

Thanks!
Justin

Credit: http://www.evuln.com/vulns/83/ (http://www.eblah.com/forum/v-memberpanel/a-view/u-xela/)

Oh, and this was patched within 10 minutes of notice.  ;)

Install Report
The following actions have been preformed with this modification. If you were testing this mod or there were errors (and you did not override them) durring the attempted installation of this mod, then no files have been modified; otherwise the files have been modified.
Modify File: ./Code/Routines.pl  (1 actions)
Source Code:
     $ref = $ENV{'HTTP_REFERER'} =~ /$rurl/ ? '' : $ENV{'HTTP_REFERER'};

After:
     $ref = Format($ref);

--» Code not found in source ...


This mod will not (un)install successfully. If you wish to install this mod anyway, click here.


should i continue it ?  :-/

If you are running 9.71a, 971b or 9.75 then this mod is not needed, it's part of the code already.