Thought I'd take this discussion out of the "bug tracker" topic as the patching process is well under way.
MCCodes is releasing patches that contain security & other bug fixes for all 3 currently sold MCCodes versions - v1, v2 and Redux. This process is currently underway with the development of a patch for v2.
The current changelog for the v2 patch is below, to show progress & allow you to fix these bugs yourself manually if you so wish (excluding security-related fixes to stop people trying to exploit them before the patch comes out):
[critical bugfix] mysqli class was missing escape function
[bugfix] lots of texts were getting double escaped
[bugfix] register script fixed to not accept weird genders, etc
[bugfix] fix gender in installer
[bugfix] fix Crystals in Hall of Fame http://www.makewebgames.com/showthre...n-version-2-03
[bugfix] fix other weird hall of fame behaviour
[bugfix] fix gang record viewer http://www.makewebgames.com/showthre...er-v2-03-error
[bugfix] fix gang credit crystals http://www.makewebgames.com/showthre...er-v2-03-error
[bugfix] fix editing items losing their effects
[bugfix] fix a users staffnotes being wiped when you use "edit user"
[bugfix] fix stafflist
[bugfix] gang record now records in stafflog properly
[bugfix] some staff pages now close properly
[bugfix] ending polls now works
[bugfix] raw references to mysql_query,mysql_num_rows etc replaced with $db usage
[bugfix] prevent users doing invalid crimes
[oddity] generic references to "Mono Country", "Dabomstew" etc removed from game rules & help tutorial
[oddity] mysqli classwas missing affected rows, added back (but not critical bug as never used before)
[compat] validate_email uses filter_var in all circumstances now
[imprv] All uses of AJAX changed to use jQuery library
[imprv] PHP notices reduced
[imprv] Staff logs page cleaned up (e.g. message for "no attacks yet" etc)
[imprv] Some uses of "num_rows" changed to fetch_single on COUNT to improve execution times
I'll repeat: this changelog does not contain security fixes. There are security fixes, which will be disclosed in more detail when the fixes are actually released.
Nor is it finalised, we are still looking for more bugs by checking the code, forums & bug tracker. The v1 and Redux patches will be along similar lines.
As far as an ETA goes? Barring the discovery of really bad exploits and/or bugs in the engines, we're aiming to push through all three patches by early February at the latest.