Small patch that I have made if you do want to secure your phpBB forum since 2.0.16 is vulnerable to a small XSS cookie leaking.
This will disable (Useful because phpBB allows only to disable BBcodes at all ..)

2.0.16.patch

#
#-----[ OPEN ]------------------------------------------
#

includes/bbcode.php

#
#-----[ FIND ]------------------------------------------
#

$replacements[] = $bbcode_tpl['email'];

$text = preg_replace($patterns, $replacements, $text);

#
#-----[ REPLACE WITH ]----------------------------------
#

$replacements[] = $bbcode_tpl['email'];

//$text = preg_replace($patterns, $replacements, $text);

#
#-----[ OPEN ]------------------------------------------
#

templates/subSilver/posting_body.tpl

#
#-----[ FIND ]------------------------------------------
#

<td><span class="genmed">
<input type="button" class="button" accesskey="w" name="addbbcode16" value="URL" style="text-decoration: underline; width: 40px" onClick="bbstyle(16)" onMouseOver="helpline('w')" />
</span></td>

#
#-----[ REPLACE WITH ]----------------------------------
#

<!-- <td><span class="genmed">
<input type="button" class="button" accesskey="w" name="addbbcode16" value="URL" style="text-decoration: underline; width: 40px" onClick="bbstyle(16)" onMouseOver="helpline('w')" />
</span></td> -->

#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM

yhanks for that patch m8 :)

nice patch :D

GREAT work agaan class101 :D much welcome patch.

remember well,that there are serveral new vulnerabilities for phpBB,that are not fixed with this patch.

Well, dear lenkerderschlachten if you didn't notice that patch is dated July




Posted: Fri Jul 15, 2005 11:29 am Post subject: phpBB 2.0.16 temporal patch


I bet there are new bugs nowadays....

Yog

lol , sorry about the confusion , had made this thread between the advisory were published and the patch released, but now all is fine of course , you dont have no more to apply this small fixe, phpBB is fixed.