I have used stangger5 fix but was getting the reported issue with stristr on a customer forum.
I did the below edit, code will do the same and is simpler.
In arcade.php search for the ibp_cleansql function, search for
PHP Code:
// remove any SQL-commands
Add below :
PHP Code:
$sqlcomm = array();
Then search for :
PHP Code:
$value = recursive_str_ireplace($sqlcomm, '', $value);
Comment it out :
PHP Code:
// $value = recursive_str_ireplace($sqlcomm, '', $value);
Add after :
PHP Code:
foreach ($sqlcomm AS $key => $needle)
{
$value = str_ireplace($needle, '', $value);
}
That does the same but is fairly simpler...
Though I must admit that Mrz fixed the 2.7.1 security issue rather uglily...
That bit of code could remove actual correct content ...