|
|
| Author |
Message |
Thoul
VIP
Joined: 30 Jul 2002
Posts: 18040
Location: USA
|
 Posted: April 10th 2006, 2:40 pm Post subject: phpBB 2.0.19 to 2.0.20 Code Changes |
 |
|
TXT Version.
HTML Version.
These are the code changes introduced between phpBB 2.0.19 and phpBB 2.0.20. If you have installed many hacks on a forum, but wish to update it, these may help you. It is often easier to apply code changes such as these instead of replacing and rehacking your current files.
These code changes use the following instruction labels:
filename - The name of a file to be edited. Equivalent to an OPEN action in a hack or modification.
FIND - This indicates lines of code you should locate. Changes will be made in reference to this code.
REPLACE WITH - This code should completely replace the code in the preceding FIND instruction.
AFTER, ADD - The code in this instruction should be added on a new line after the last line of code in the preceding FIND instruction.
BEFORE, ADD - The code in this instruction should be added on a new line before the first line of code in the preceding FIND instruction.
FIND AND DELETE - Locate the code in this instruction as with a FIND statement, and then delete the code.
INLINE - This will always precede one of the other labels. An example would be INLINE FIND. INLINE labels work in the same way as the normal labels, with the exception that they operate on a smaller portion of a specific line referenced in the previous FIND instruction. Any new code added in an INLINE instruction should be placed on the same line, instead of on a new line.
Once you have completed the code changes, create an install/ directory in your forum's root directory, and upload the update_to_latest.php file that comes in any phpBB 2.0.20 download to the install/ directory. Run update_to_latest.php by opening it via your web browser, just as you would a normal forum page. Afterward, delete the file and the install/ directory so that your forum is accessible again.
Now, onward to the file changes!
Last edited by Thoul on April 19th 2006, 5:31 pm; edited 1 time in total |
|
| Back to top |
|
 |
Thoul
VIP
Joined: 30 Jul 2002
Posts: 18040
Location: USA
|
| Posted: April 10th 2006, 2:42 pm Post subject: |
|
|
admin/admin_board.php
FIND
| Code:
|
|
$cookie_name = str_replace('.', '_', $new['cookie_name']);
|
REPLACE WITH
| Code:
|
$new['cookie_name'] = str_replace('.', '_', $new['cookie_name']);
}
// Attempt to prevent a common mistake with this value,
// http:// is the protocol and not part of the server name
if ($config_name == 'server_name')
{
$new['server_name'] = str_replace('http://', '', $new['server_name']);
|
FIND
| Code:
|
|
"L_FLOOD_INTERVAL_EXPLAIN" => $lang['Flood_Interval_explain'],
|
AFTER, ADD
| Code:
|
"L_SEARCH_FLOOD_INTERVAL" => $lang['Search_Flood_Interval'],
"L_SEARCH_FLOOD_INTERVAL_EXPLAIN" => $lang['Search_Flood_Interval_explain'],
|
FIND
| Code:
|
|
"FLOOD_INTERVAL" => $new['flood_interval'],
|
AFTER, ADD
| Code:
|
|
"SEARCH_FLOOD_INTERVAL" => $new['search_flood_interval'],
|
admin/admin_db_utilities.php
FIND
| Code:
|
unset($schema_vals);
unset($schema_fields);
unset($schema_insert);
|
REPLACE WITH
| Code:
|
$schema_vals = '';
$schema_fields = '';
$schema_insert = '';
|
FIND
| Code:
|
|
if ($empty($strVal))
|
REPLACE WITH
| Code:
|
|
if (empty($strVal))
|
admin/admin_forums.php
FIND
| Code:
|
"auth_post" => AUTH_ALL,
"auth_reply" => AUTH_ALL,
|
REPLACE WITH
| Code:
|
"auth_post" => AUTH_REG,
"auth_reply" => AUTH_REG,
|
admin/admin_groups.php
FIND
| Code:
|
$sql = "SELECT user_id, username
FROM " . USERS_TABLE . "
WHERE user_id <> " . ANONYMOUS . "
ORDER BY username";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain user info for moderator list', '', __LINE__, __FILE__, $sql);
}
while ( $row = $db->sql_fetchrow($result) )
{
if ( $row['user_id'] == $group_info['group_moderator'] )
{
$group_moderator = $row['username'];
}
}
|
REPLACE WITH
| Code:
|
if ($group_info['group_moderator'] != '')
{
$sql = "SELECT user_id, username
FROM " . USERS_TABLE . "
WHERE user_id = " . $group_info['group_moderator'];
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain user info for moderator list', '', __LINE__, __FILE__, $sql);
}
if ( !($row = $db->sql_fetchrow($result)) )
{
message_die(GENERAL_ERROR, 'Could not obtain user info for moderator list', '', __LINE__, __FILE__, $sql);
}
$group_moderator = $row['username'];
}
else
{
$group_moderator = '';
}
|
FIND
| Code:
|
|
$group_name = isset($HTTP_POST_VARS['group_name']) ? trim($HTTP_POST_VARS['group_name']) : '';
|
REPLACE WITH
| Code:
|
|
$group_name = isset($HTTP_POST_VARS['group_name']) ? htmlspecialchars(trim($HTTP_POST_VARS['group_name'])) : '';
|
admin/admin_ranks.php
FIND AND DELETE
| Code:
|
|
define('IN_PHPBB', 1);
|
FIND
| Code:
|
//
// Let's set the root dir for phpBB
//
|
BEFORE, ADD
| Code:
|
|
define('IN_PHPBB', 1);
|
FIND
| Code:
|
|
$mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
|
REPLACE WITH
| Code:
|
|
$mode = (isset($HTTP_GET_VARS['mode'])) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
|
FIND
BEFORE, ADD
| Code:
|
// Restrict mode input to valid options
$mode = ( in_array($mode, array('add', 'edit', 'save', 'delete')) ) ? $mode : '';
|
FIND
REPLACE WITH
| Code:
|
$confirm = isset($HTTP_POST_VARS['confirm']);
if( $rank_id && $confirm )
|
FIND
| Code:
|
else
{
message_die(GENERAL_MESSAGE, $lang['Must_select_rank']);
}
}
else
{
//
// They didn't feel like giving us any information. Oh, too bad, we'll just display the
// list then...
//
$template->set_filenames(array(
"body" => "admin/ranks_list_body.tpl")
);
$sql = "SELECT * FROM " . RANKS_TABLE . "
ORDER BY rank_min, rank_title";
if( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't obtain ranks data", "", __LINE__, __FILE__, $sql);
}
$rank_rows = $db->sql_fetchrowset($result);
$rank_count = count($rank_rows);
$template->assign_vars(array(
"L_RANKS_TITLE" => $lang['Ranks_title'],
"L_RANKS_TEXT" => $lang['Ranks_explain'],
"L_RANK" => $lang['Rank_title'],
"L_RANK_MINIMUM" => $lang['Rank_minimum'],
"L_SPECIAL_RANK" => $lang['Special_rank'],
"L_EDIT" => $lang['Edit'],
"L_DELETE" => $lang['Delete'],
"L_ADD_RANK" => $lang['Add_new_rank'],
"L_ACTION" => $lang['Action'],
"S_RANKS_ACTION" => append_sid("admin_ranks.$phpEx"))
);
for( $i = 0; $i < $rank_count; $i++)
{
$rank = $rank_rows[$i]['rank_title'];
$special_rank = $rank_rows[$i]['rank_special'];
$rank_id = $rank_rows[$i]['rank_id'];
$rank_min = $rank_rows[$i]['rank_min'];
if($special_rank)
{
$rank_min = $rank_max = "-";
}
$row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
$row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];
$template->assign_block_vars("ranks", array(
"ROW_COLOR" => "#" . $row_color,
"ROW_CLASS" => $row_class,
"RANK" => $rank,
"RANK_MIN" => $rank_min,
"SPECIAL_RANK" => ( $special_rank == 1 ) ? $lang['Yes'] : $lang['No'],
"U_RANK_EDIT" => append_sid("admin_ranks.$phpEx?mode=edit&id=$rank_id"),
"U_RANK_DELETE" => append_sid("admin_ranks.$phpEx?mode=delete&id=$rank_id"))
);
}
}
}
else
{
//
// Show the default page
//
$template->set_filenames(array(
"body" => "admin/ranks_list_body.tpl")
);
$sql = "SELECT * FROM " . RANKS_TABLE . "
ORDER BY rank_min ASC, rank_special ASC";
if( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't obtain ranks data", "", __LINE__, __FILE__, $sql);
}
$rank_count = $db->sql_numrows($result);
$rank_rows = $db->sql_fetchrowset($result);
$template->assign_vars(array(
"L_RANKS_TITLE" => $lang['Ranks_title'],
"L_RANKS_TEXT" => $lang['Ranks_explain'],
"L_RANK" => $lang['Rank_title'],
"L_RANK_MINIMUM" => $lang['Rank_minimum'],
"L_SPECIAL_RANK" => $lang['Rank_special'],
"L_EDIT" => $lang['Edit'],
"L_DELETE" => $lang['Delete'],
"L_ADD_RANK" => $lang['Add_new_rank'],
"L_ACTION" => $lang['Action'],
"S_RANKS_ACTION" => append_sid("admin_ranks.$phpEx"))
);
for($i = 0; $i < $rank_count; $i++)
{
$rank = $rank_rows[$i]['rank_title'];
$special_rank = $rank_rows[$i]['rank_special'];
$rank_id = $rank_rows[$i]['rank_id'];
$rank_min = $rank_rows[$i]['rank_min'];
if( $special_rank == 1 )
{
$rank_min = $rank_max = "-";
}
$row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
$row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];
$rank_is_special = ( $special_rank ) ? $lang['Yes'] : $lang['No'];
$template->assign_block_vars("ranks", array(
"ROW_COLOR" => "#" . $row_color,
"ROW_CLASS" => $row_class,
"RANK" => $rank,
"SPECIAL_RANK" => $rank_is_special,
"RANK_MIN" => $rank_min,
"U_RANK_EDIT" => append_sid("admin_ranks.$phpEx?mode=edit&id=$rank_id"),
"U_RANK_DELETE" => append_sid("admin_ranks.$phpEx?mode=delete&id=$rank_id"))
);
}
|
REPLACE WITH
| Code:
|
elseif( $rank_id && !$confirm)
{
// Present the confirmation screen to the user
$template->set_filenames(array(
'body' => 'admin/confirm_body.tpl')
);
$hidden_fields = '<input type="hidden" name="mode" value="delete" /><input type="hidden" name="id" value="' . $rank_id . '" />';
$template->assign_vars(array(
'MESSAGE_TITLE' => $lang['Confirm'],
'MESSAGE_TEXT' => $lang['Confirm_delete_rank'],
'L_YES' => $lang['Yes'],
'L_NO' => $lang['No'],
'S_CONFIRM_ACTION' => append_sid("admin_ranks.$phpEx"),
'S_HIDDEN_FIELDS' => $hidden_fields)
);
}
else
{
message_die(GENERAL_MESSAGE, $lang['Must_select_rank']);
}
}
$template->pparse("body");
include('./page_footer_admin.'.$phpEx);
}
//
// Show the default page
//
$template->set_filenames(array(
"body" => "admin/ranks_list_body.tpl")
);
$sql = "SELECT * FROM " . RANKS_TABLE . "
ORDER BY rank_min ASC, rank_special ASC";
if( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't obtain ranks data", "", __LINE__, __FILE__, $sql);
}
$rank_count = $db->sql_numrows($result);
$rank_rows = $db->sql_fetchrowset($result);
$template->assign_vars(array(
"L_RANKS_TITLE" => $lang['Ranks_title'],
"L_RANKS_TEXT" => $lang['Ranks_explain'],
"L_RANK" => $lang['Rank_title'],
"L_RANK_MINIMUM" => $lang['Rank_minimum'],
"L_SPECIAL_RANK" => $lang['Rank_special'],
"L_EDIT" => $lang['Edit'],
"L_DELETE" => $lang['Delete'],
"L_ADD_RANK" => $lang['Add_new_rank'],
"L_ACTION" => $lang['Action'],
"S_RANKS_ACTION" => append_sid("admin_ranks.$phpEx"))
);
for($i = 0; $i < $rank_count; $i++)
{
$rank = $rank_rows[$i]['rank_title'];
$special_rank = $rank_rows[$i]['rank_special'];
$rank_id = $rank_rows[$i]['rank_id'];
$rank_min = $rank_rows[$i]['rank_min'];
if( $special_rank == 1 )
{
$rank_min = $rank_max = "-";
}
$row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
$row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];
$rank_is_special = ( $special_rank ) ? $lang['Yes'] : $lang['No'];
$template->assign_block_vars("ranks", array(
"ROW_COLOR" => "#" . $row_color,
"ROW_CLASS" => $row_class,
"RANK" => $rank,
"SPECIAL_RANK" => $rank_is_special,
"RANK_MIN" => $rank_min,
"U_RANK_EDIT" => append_sid("admin_ranks.$phpEx?mode=edit&id=$rank_id"),
"U_RANK_DELETE" => append_sid("admin_ranks.$phpEx?mode=delete&id=$rank_id"))
);
|
admin/admin_smilies.php
FIND
| Code:
|
$sql = "DELETE FROM " . SMILIES_TABLE . "
WHERE smilies_id = " . $smiley_id;
$result = $db->sql_query($sql);
if( !$result )
{
message_die(GENERAL_ERROR, "Couldn't delete smiley", "", __LINE__, __FILE__, $sql);
}
$message = $lang['smiley_del_success'] . "<br /><br />" . sprintf($lang['Click_return_smileadmin'], "<a href=\"" . append_sid("admin_smilies.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");
message_die(GENERAL_MESSAGE, $message);
|
REPLACE WITH
| Code:
|
$confirm = isset($HTTP_POST_VARS['confirm']);
if( $confirm )
{
$sql = "DELETE FROM " . SMILIES_TABLE . "
WHERE smilies_id = " . $smiley_id;
$result = $db->sql_query($sql);
if( !$result )
{
message_die(GENERAL_ERROR, "Couldn't delete smiley", "", __LINE__, __FILE__, $sql);
}
$message = $lang['smiley_del_success'] . "<br /><br />" . sprintf($lang['Click_return_smileadmin'], "<a href=\"" . append_sid("admin_smilies.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");
message_die(GENERAL_MESSAGE, $message);
}
else
{
// Present the confirmation screen to the user
$template->set_filenames(array(
'body' => 'admin/confirm_body.tpl')
);
$hidden_fields = '<input type="hidden" name="mode" value="delete" /><input type="hidden" name="id" value="' . $smiley_id . '" />';
$template->assign_vars(array(
'MESSAGE_TITLE' => $lang['Confirm'],
'MESSAGE_TEXT' => $lang['Confirm_delete_smiley'],
'L_YES' => $lang['Yes'],
'L_NO' => $lang['No'],
'S_CONFIRM_ACTION' => append_sid("admin_smilies.$phpEx"),
'S_HIDDEN_FIELDS' => $hidden_fields)
);
$template->pparse('body');
}
|
FIND
| Code:
|
$smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? trim($HTTP_POST_VARS['smile_code']) : trim($HTTP_GET_VARS['smile_code']);
$smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? trim($HTTP_POST_VARS['smile_url']) : trim($HTTP_GET_VARS['smile_url']);
$smile_url = phpbb_ltrim(basename($smile_url), "'");
$smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? trim($HTTP_POST_VARS['smile_emotion']) : trim($HTTP_GET_VARS['smile_emotion']);
$smile_id = ( isset($HTTP_POST_VARS['smile_id']) ) ? intval($HTTP_POST_VARS['smile_id']) : intval($HTTP_GET_VARS['smile_id']);
|
REPLACE WITH
| Code:
|
$smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? trim($HTTP_POST_VARS['smile_code']) : '';
$smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? trim($HTTP_POST_VARS['smile_url']) : '';
$smile_url = phpbb_ltrim(basename($smile_url), "'");
$smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? htmlspecialchars(trim($HTTP_POST_VARS['smile_emotion'])) : '';
$smile_id = ( isset($HTTP_POST_VARS['smile_id']) ) ? intval($HTTP_POST_VARS['smile_id']) : 0;
$smile_code = trim($smile_code);
$smile_url = trim($smile_url);
|
FIND
| Code:
|
$smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? $HTTP_POST_VARS['smile_code'] : $HTTP_GET_VARS['smile_code'];
$smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : $HTTP_GET_VARS['smile_url'];
$smile_url = phpbb_ltrim(basename($smile_url), "'");
$smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? $HTTP_POST_VARS['smile_emotion'] : $HTTP_GET_VARS['smile_emotion'];
$smile_code = trim($smile_code);
$smile_url = trim($smile_url);
$smile_emotion = trim($smile_emotion);
|
REPLACE WITH
| Code:
|
$smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? $HTTP_POST_VARS['smile_code'] : '';
$smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : '';
$smile_url = phpbb_ltrim(basename($smile_url), "'");
$smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? htmlspecialchars(trim($HTTP_POST_VARS['smile_emotion'])) : '';
$smile_code = trim($smile_code);
$smile_url = trim($smile_url);
|
admin/admin_users.php
FIND
| Code:
|
|
$user_style = ( $HTTP_POST_VARS['style'] ) ? intval( $HTTP_POST_VARS['style'] ) : $board_config['default_style'];
|
REPLACE WITH
| Code:
|
|
$user_style = ( isset( $HTTP_POST_VARS['style'] ) ) ? intval( $HTTP_POST_VARS['style'] ) : $board_config['default_style'];
|
FIND AND DELETE
| Code:
|
|
$user_template = ( $HTTP_POST_VARS['template'] ) ? $HTTP_POST_VARS['template'] : $board_config['board_template'];
|
FIND
| Code:
|
|
$message .= $lang['Admin_user_updated'];
|
BEFORE, ADD
| Code:
|
// We remove all stored login keys since the password has been updated
// and change the current one (if applicable)
if ( !empty($passwd_sql) )
{
session_reset_keys($user_id, $user_ip);
}
|
FIND
| Code:
|
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Admin_user_fail'];
|
REPLACE WITH
| Code:
|
|
message_die(GENERAL_ERROR, 'Admin_user_fail', '', __LINE__, __FILE__, $sql);
|
admin/admin_words.php
FIND AND DELETE
| Code:
|
|
define('IN_PHPBB', 1);
|
FIND
| Code:
|
//
// Load default header
//
|
BEFORE, ADD
| Code:
|
|
define('IN_PHPBB', 1);
|
FIND
| Code:
|
|
$mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
|
REPLACE WITH
| Code:
|
|
$mode = (isset($HTTP_GET_VARS['mode'])) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
|
FIND
| Code:
|
if( $mode != "" )
{
if( $mode == "edit" || $mode == "add" )
|
BEFORE, ADD
| Code:
|
// Restrict mode input to valid options
$mode = ( in_array($mode, array('add', 'edit', 'save', 'delete')) ) ? $mode : '';
|
FIND
| Code:
|
|
$s_hidden_fields = '';
|
BEFORE, ADD
| Code:
|
|
$word_info = array('word' => '', 'replacement' => '');
|
FIND
| Code:
|
if( $word_id )
{
$sql = "DELETE FROM " . WORDS_TABLE . "
WHERE word_id = $word_id";
|
REPLACE WITH
| Code:
|
$confirm = isset($HTTP_POST_VARS['confirm']);
if( $word_id && $confirm )
{
$sql = "DELETE FROM " . WORDS_TABLE . "
WHERE word_id = $word_id";
|
FIND
| Code:
|
else
{
message_die(GENERAL_MESSAGE, $lang['No_word_selected']);
|
BEFORE, ADD
| Code:
|
elseif( $word_id && !$confirm)
{
// Present the confirmation screen to the user
$template->set_filenames(array(
'body' => 'admin/confirm_body.tpl')
);
$hidden_fields = '<input type="hidden" name="mode" value="delete" /><input type="hidden" name="id" value="' . $word_id . '" />';
$template->assign_vars(array(
'MESSAGE_TITLE' => $lang['Confirm'],
'MESSAGE_TEXT' => $lang['Confirm_delete_word'],
'L_YES' => $lang['Yes'],
'L_NO' => $lang['No'],
'S_CONFIRM_ACTION' => append_sid("admin_words.$phpEx"),
'S_HIDDEN_FIELDS' => $hidden_fields)
);
}
|
FIND
| Code:
|
|
$word_rows = $db->sql_fetchrowset($result);
|
AFTER, ADD
| Code:
|
|
$db->sql_freeresult($result);
|
admin/page_header_admin.php
FIND
| Code:
|
|
$template->pparse('header');
|
BEFORE, ADD
| Code:
|
// Work around for "current" Apache 2 + PHP module which seems to not
// cope with private cache control setting
if (!empty($HTTP_SERVER_VARS['SERVER_SOFTWARE']) && strstr($HTTP_SERVER_VARS['SERVER_SOFTWARE'], 'Apache/2'))
{
header ('Cache-Control: no-cache, pre-check=0, post-check=0');
}
else
{
header ('Cache-Control: private, pre-check=0, post-check=0, max-age=0');
}
header ('Expires: 0');
header ('Pragma: no-cache');
|
admin/pagestart.php
FIND AND DELETE
| Code:
|
$url = str_replace(preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['server_name'])), '', $HTTP_SERVER_VARS['REQUEST_URI']);
$url = str_replace(preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['script_path'])), '', $url);
$url = str_replace('//', '/', $url);
$url = preg_replace('/sid=([^&]*)(&?)/i', '', $url);
$url = preg_replace('/\?$/', '', $url);
$url .= ((strpos($url, '?')) ? '&' : '?') . 'sid=' . $userdata['session_id'];
|
|
|
| Back to top |
|
|
Thoul
VIP
Joined: 30 Jul 2002
Posts: 18040
Location: USA
|
| Posted: April 10th 2006, 2:44 pm Post subject: |
|
|
common.php
FIND
| Code:
|
|
$nav_links = array();
|
AFTER, ADD
| Code:
|
|
$dss_seeded = false;
|
db/mssql.php
You can skip the changes for this file if you do not use a Microsoft SQL database.
FIND
| Code:
|
|
$row[$key] = stripslashes($value);
|
REPLACE WITH
| Code:
|
|
$row[$key] = ($value === ' ') ? '' : stripslashes($value);
|
FIND
| Code:
|
|
$rowset[$i][$key] = stripslashes($value);
|
REPLACE WITH
| Code:
|
|
$rowset[$i][$key] = ($value === ' ') ? '' : stripslashes($value);
|
FIND
| Code:
|
|
$result = stripslashes($this->row[$query_id][$field]);
|
REPLACE WITH
| Code:
|
|
$result = ($this->row[$query_id][$field] === ' ') ? '' : stripslashes($this->row[$query_id][$field]);
|
includes/auth.php
FIND
| Code:
|
|
$f_forum_id = $f_access[$k]['forum_id'];
|
AFTER, ADD
| Code:
|
|
$u_access[$f_forum_id] = isset($u_access[$f_forum_id]) ? $u_access[$f_forum_id] : array();
|
FIND
| Code:
|
|
$f_forum_id = $f_access[$k]['forum_id'];
|
AFTER, ADD
| Code:
|
|
$u_access[$f_forum_id] = isset($u_access[$f_forum_id]) ? $u_access[$f_forum_id] : array();
|
includes/bbcode.php
FIND
| Code:
|
// This one gets first-passed..
$patterns[] = "#\[img:$uid\]([^?].*?)\[/img:$uid\]#i";
$replacements[] = $bbcode_tpl['img'];
// matches a [url]xxxx://www.phpbb.com[/url] code..
$patterns[] = "#\[url\]([\w]+?://([\w\#$%&~/.\-;:=,?@\]+]|\[(?!url=))*?)\[/url\]#is";
$replacements[] = $bbcode_tpl['url1'];
// [url]www.phpbb.com[/url] code.. (no xxxx:// prefix).
$patterns[] = "#\[url\]((www|ftp)\.([\w\#$%&~/.\-;:=,?@\]+]|\[(?!url=))*?)\[/url\]#is";
|
REPLACE WITH
| Code:
|
// This one gets first-passed..
$patterns[] = "#\[img:$uid\]([^?](?:[^\[]+|\[(?!url))*?)\[/img:$uid\]#i";
$replacements[] = $bbcode_tpl['img'];
// matches a [url]xxxx://www.phpbb.com[/url] code..
$patterns[] = "#\[url\]([\w]+?://([\w\#$%&~/.\-;:=,?@\]+]+|\[(?!url=))*?)\[/url\]#is";
$replacements[] = $bbcode_tpl['url1'];
// [url]www.phpbb.com[/url] code.. (no xxxx:// prefix).
$patterns[] = "#\[url\]((www|ftp)\.([\w\#$%&~/.\-;:=,?@\]+]+|\[(?!url=))*?)\[/url\]#is";
|
FIND
| Code:
|
|
$uid = md5(mt_rand());
|
REPLACE WITH
includes/functions.php
FIND
| Code:
|
//
// Get Userdata, $user can be username or user_id. If force_str is true, the username will be forced.
//
|
BEFORE, ADD
| Code:
|
/**
* Our own generator of random values
* This uses a constantly changing value as the base for generating the values
* The board wide setting is updated once per page if this code is called
* With thanks to Anthrax101 for the inspiration on this one
* Added in phpBB 2.0.20
*/
function dss_rand()
{
global $db, $board_config, $dss_seeded;
$val = $board_config['rand_seed'] . microtime();
$val = md5($val);
$board_config['rand_seed'] = md5($board_config['rand_seed'] . $val . 'a');
if($dss_seeded !== true)
{
$sql = "UPDATE " . CONFIG_TABLE . " SET
config_value = '" . $board_config['rand_seed'] . "'
WHERE config_name = 'rand_seed'";
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Unable to reseed PRNG", "", __LINE__, __FILE__, $sql);
}
$dss_seeded = true;
}
return substr($val, 16);
}
|
FIND
| Code:
|
|
message_die(CRITICAL_ERROR, "Could not get theme data for themes_id [$style]");
|
REPLACE WITH
| Code:
|
// We are trying to setup a style which does not exist in the database
// Try to fallback to the board default (if the user had a custom style)
// and then any users using this style to the default if it succeeds
if ( $style != $board_config['default_style'])
{
$sql = 'SELECT *
FROM ' . THEMES_TABLE . '
WHERE themes_id = ' . $board_config['default_style'];
if ( !($result = $db->sql_query($sql)) )
{
message_die(CRITICAL_ERROR, 'Could not query database for theme info');
}
if ( $row = $db->sql_fetchrow($result) )
{
$db->sql_freeresult($result);
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_style = ' . $board_config['default_style'] . "
WHERE user_style = $style";
if ( !($result = $db->sql_query($sql)) )
{
message_die(CRITICAL_ERROR, 'Could not update user theme info');
}
}
else
{
message_die(CRITICAL_ERROR, "Could not get theme data for themes_id [$style]");
}
}
else
{
message_die(CRITICAL_ERROR, "Could not get theme data for themes_id [$style]");
}
|
FIND
| Code:
|
|
$debug_text .= '</br /><br />Line : ' . $err_line . '<br />File : ' . basename($err_file);
|
REPLACE WITH
| Code:
|
|
$debug_text .= '<br /><br />Line : ' . $err_line . '<br />File : ' . basename($err_file);
|
FIND
| Code:
|
if ( empty($template) )
{
$template = new Template($phpbb_root_path . 'templates/' . $board_config['board_template']);
}
if ( empty($theme) )
|
REPLACE WITH
| Code:
|
|
if ( empty($template) || empty($theme) )
|
includes/functions_post.php
FIND
| Code:
|
$allowed_html_tags = split(',', $board_config['allow_html_tags']);
$end_html = 0;
$start_html = 1;
$tmp_message = '';
$message = ' ' . $message . ' ';
while ($start_html = strpos($message, '<', $start_html))
{
$tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1, ($start_html - $end_html - 1)));
if ($end_html = strpos($message, '>', $start_html))
{
$length = $end_html - $start_html + 1;
$hold_string = substr($message, $start_html, $length);
if (($unclosed_open = strrpos(' ' . $hold_string, '<')) != 1)
{
$tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($hold_string, 0, $unclosed_open - 1));
$hold_string = substr($hold_string, $unclosed_open - 1);
}
$tagallowed = false;
for ($i = 0; $i < sizeof($allowed_html_tags); $i++)
{
$match_tag = trim($allowed_html_tags[$i]);
if (preg_match('#^<\/?' . $match_tag . '[> ]#i', $hold_string))
{
$tagallowed = (preg_match('#^<\/?' . $match_tag . ' .*?(style[\t ]*?=|on[\w]+[\t ]*?=)#i', $hold_string)) ? false : true;
}
}
$tmp_message .= ($length && !$tagallowed) ? preg_replace($html_entities_match, $html_entities_replace, $hold_string) : $hold_string;
$start_html += $length;
}
else
{
$tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $start_html, strlen($message)));
$start_html = strlen($message);
$end_html = $start_html;
}
}
if (!$end_html || ($end_html != strlen($message) && $tmp_message != ''))
{
$tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1));
}
$message = ($tmp_message != '') ? trim($tmp_message) : trim($message);
|
REPLACE WITH
| Code:
|
// If HTML is on, we try to make it safe
// This approach is quite agressive and anything that does not look like a valid tag
// is going to get converted to HTML entities
$message = stripslashes($message);
$html_match = '#<[^\w<]*(\w+)((?:"[^"]*"|\'[^\']*\'|[^<>\'"])+)?>#';
$matches = array();
$message_split = preg_split($html_match, $message);
preg_match_all($html_match, $message, $matches);
$message = '';
foreach ($message_split as $part)
{
$tag = array(array_shift($matches[0]), array_shift($matches[1]), array_shift($matches[2]));
$message .= htmlspecialchars($part) . clean_html($tag);
}
$message = addslashes($message);
|
FIND
| Code:
|
|
$temp_option_text[$option_id] = htmlspecialchars($option_text);
|
REPLACE WITH
| Code:
|
|
$temp_option_text[intval($option_id)] = htmlspecialchars($option_text);
|
FIND
BEFORE, ADD
| Code:
|
/**
* Called from within prepare_message to clean included HTML tags if HTML is
* turned on for that post
* @param array $tag Matching text from the message to parse
*/
function clean_html($tag)
{
global $board_config;
if (empty($tag[0]))
{
return '';
}
$allowed_html_tags = preg_split('/, */', strtolower($board_config['allow_html_tags']));
$disallowed_attributes = '/^(?:style|on)/i';
// Check if this is an end tag
preg_match('/<[^\w\/]*\/[\W]*(\w+)/', $tag[0], $matches);
if (sizeof($matches))
{
if (in_array(strtolower($matches[1]), $allowed_html_tags))
{
return '</' . $matches[1] . '>';
}
else
{
return htmlspecialchars('</' . $matches[1] . '>');
}
}
// Check if this is an allowed tag
if (in_array(strtolower($tag[1]), $allowed_html_tags))
{
$attributes = '';
if (!empty($tag[2]))
{
preg_match_all('/[\W]*?(\w+)[\W]*?=[\W]*?(["\'])((?:(?!\2).)*)\2/', $tag[2], $test);
for ($i = 0; $i < sizeof($test[0]); $i++)
{
if (preg_match($disallowed_attributes, $test[1][$i]))
{
continue;
}
$attributes .= ' ' . $test[1][$i] . '=' . $test[2][$i] . str_replace(array('[', ']'), array('[', ']'), htmlspecialchars($test[3][$i])) . $test[2][$i];
}
}
if (in_array(strtolower($tag[1]), $allowed_html_tags))
{
return '<' . $tag[1] . $attributes . '>';
}
else
{
return htmlspecialchars('<' . $tag[1] . $attributes . '>');
}
}
// Finally, this is not an allowed tag so strip all the attibutes and escape it
else
{
return htmlspecialchars('<' . $tag[1] . '>');
}
}
|
includes/prune.php
FIND
| Code:
|
|
$prune_all = ($prune_all) ? '' : 'AND t.topic_vote = 0 AND t.topic_type <> ' . POST_ANNOUNCE;
|
BEFORE, ADD
| Code:
|
// Before pruning, lets try to clean up the invalid topic entries
$sql = 'SELECT topic_id FROM ' . TOPICS_TABLE . '
WHERE topic_last_post_id = 0';
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain lists of topics to sync', '', __LINE__, __FILE__, $sql);
}
while( $row = $db->sql_fetchrow($result) )
{
sync('topic', $row['topic_id']);
}
$db->sql_freeresult($result);
|
FIND
| Code:
|
AND ( p.post_id = t.topic_last_post_id
OR t.topic_last_post_id = 0 )";
|
REPLACE WITH
| Code:
|
|
AND p.post_id = t.topic_last_post_id";
|
|
|
| Back to top |
|
|
Thoul
VIP
Joined: 30 Jul 2002
Posts: 18040
Location: USA
|
| Posted: April 10th 2006, 2:46 pm Post subject: |
|
|
includes/sessions.php
FIND
| Code:
|
list($sec, $usec) = explode(' ', microtime());
mt_srand((float) $sec + ((float) $usec * 100000));
$session_id = md5(uniqid(mt_rand(), true));
|
REPLACE WITH
| Code:
|
|
$session_id = md5(dss_rand());
|
FIND
| Code:
|
list($sec, $usec) = explode(' ', microtime());
mt_srand(hexdec(substr($session_id, 0, 8)) + (float) $sec + ((float) $usec * 1000000));
$auto_login_key = uniqid(mt_rand(), true);
|
REPLACE WITH
| Code:
|
|
$auto_login_key = dss_rand() . dss_rand();
|
FIND
| Code:
|
//
// Append $SID to a url. Borrowed from phplib and modified. This is an
// extra routine utilised by the session code above and acts as a wrapper
|
BEFORE, ADD
| Code:
|
/**
* Reset all login keys for the specified user
* Called on password changes
*/
function session_reset_keys($user_id, $user_ip)
{
global $db, $userdata;
$key_sql = ($user_id == $userdata['user_id'] && !empty($userdata['session_key'])) ? "AND key_id != '" . md5($userdata['session_key']) . "'" : '';
$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . '
WHERE user_id = ' . (int) $user_id . "
$key_sql";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error removing auto-login keys', '', __LINE__, __FILE__, $sql);
}
$where_sql = 'session_user_id = ' . (int) $user_id;
$where_sql .= ($user_id == $userdata['user_id']) ? " AND session_id <> '" . $userdata['session_id'] . "'" : '';
$sql = 'DELETE FROM ' . SESSIONS_TABLE . "
WHERE $where_sql";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error removing user session(s)', '', __LINE__, __FILE__, $sql);
}
if ( !empty($key_sql) )
{
$auto_login_key = dss_rand() . dss_rand();
$current_time = time();
$sql = 'UPDATE ' . SESSIONS_KEYS_TABLE . "
SET last_ip = '$user_ip', key_id = '" . md5($auto_login_key) . "', last_login = $current_time
WHERE key_id = '" . md5($userdata['session_key']) . "'";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error updating session key', '', __LINE__, __FILE__, $sql);
}
// And now rebuild the cookie
$sessiondata['userid'] = $user_id;
$sessiondata['autologinid'] = $autologin_id;
$cookiename = $board_config['cookie_name'];
$cookiepath = $board_config['cookie_path'];
$cookiedomain = $board_config['cookie_domain'];
$cookiesecure = $board_config['cookie_secure'];
setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
$userdata['session_key'] = $auto_login_key;
unset($sessiondata);
unset($auto_login_key);
}
}
|
includes/usercp_avatar.php
FIND
| Code:
|
|
if ( !preg_match("#^((ht|f)tp://)([^ \?&=\#\"\n\r\t<]*?(\.(jpg|jpeg|gif|png))$)#is", $avatar_filename) )
|
BEFORE, ADD
| Code:
|
$avatar_filename = substr($avatar_filename, 0, 100);
|
includes/usercp_confirm.php
FIND
| Code:
|
|
$char = substr($code, -1);
|
BEFORE, ADD
| Code:
|
$c = intval($HTTP_GET_VARS['c']);
$char = substr($code, $c - 1, 1);
|
includes/usercp_register.php
FIND
| Code:
|
|
$signature = str_replace('<br />', "\n", $signature);
|
REPLACE WITH
| Code:
|
$signature = (isset($signature)) ? str_replace('<br />', "\n", $signature) : '';
$signature_bbcode_uid = '';
|
FIND AND DELETE
| Code:
|
// Only compare one char if the zlib-extension is not loaded
if (!@extension_loaded('zlib'))
{
$row['code'] = substr($row['code'], -1);
}
|
FIND
| Code:
|
message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql);
}
|
AFTER, ADD
| Code:
|
// We remove all stored login keys since the password has been updated
// and change the current one (if applicable)
if ( !empty($passwd_sql) )
{
session_reset_keys($user_id, $user_ip);
}
|
FIND
| Code:
|
|
$email = stripslashes($email);
|
AFTER, ADD
| Code:
|
|
$cur_password = '';
|
FIND
| Code:
|
|
$email = $userdata['user_email'];
|
AFTER, ADD
| Code:
|
|
$cur_password = '';
|
FIND
| Code:
|
$confirm_chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9');
list($usec, $sec) = explode(' ', microtime());
mt_srand($sec * $usec);
$max_chars = count($confirm_chars) - 1;
$code = '';
for ($i = 0; $i < 6; $i++)
{
$code .= $confirm_chars[mt_rand(0, $max_chars)];
}
|
REPLACE WITH
| Code:
|
// Generate the required confirmation code
// NB 0 (zero) could get confused with O (the letter) so we make change it
$code = dss_rand();
$code = strtoupper(str_replace('0', 'o', substr($code, 6)));
|
FIND
| Code:
|
'USERNAME' => $username,
'CUR_PASSWORD' => $cur_password,
'NEW_PASSWORD' => $new_password,
'PASSWORD_CONFIRM' => $password_confirm,
'EMAIL' => $email,
|
REPLACE WITH
| Code:
|
'USERNAME' => isset($username) ? $username : '',
'CUR_PASSWORD' => isset($cur_password) ? $cur_password : '',
'NEW_PASSWORD' => isset($new_password) ? $new_password : '',
'PASSWORD_CONFIRM' => isset($password_confirm) ? $password_confirm : '',
'EMAIL' => isset($email) ? $email : '',
|
index.php
FIND
| Code:
|
|
while( $category_rows[] = $db->sql_fetchrow($result) );
|
REPLACE WITH
| Code:
|
while ($row = $db->sql_fetchrow($result))
{
$category_rows[] = $row;
}
|
FIND
| Code:
|
//
// Okay, let's build the index
//
|
BEFORE, ADD
| Code:
|
//
// Let's decide which categories we should display
//
$display_categories = array();
for ($i = 0; $i < $total_forums; $i++ )
{
if ($is_auth_ary[$forum_data[$i]['forum_id']]['auth_view'])
{
$display_categories[$forum_data[$i]['cat_id']] = true;
}
}
|
FIND AND DELETE
| Code:
|
// Should we display this category/forum set?
//
$display_forums = false;
for($j = 0; $j < $total_forums; $j++)
{
if ( $is_auth_ary[$forum_data[$j]['forum_id']]['auth_view'] && $forum_data[$j]['cat_id'] == $cat_id )
{
$display_forums = true;
}
}
//
|
FIND
| Code:
|
|
if ( $display_forums )
|
REPLACE WITH
| Code:
|
|
if (isset($display_categories[$cat_id]) && $display_categories[$cat_id])
|
language/lang_english/email/group_request.tpl
FIND
| Code:
|
|
A user has requested to join a group you moderator on {SITENAME}.
|
REPLACE WITH
| Code:
|
|
A user has requested to join a group you moderate on {SITENAME}.
|
language/lang_english/email/user_activate_passwd.tpl
FIND
| Code:
|
|
If sucessful you will be able to login using the following password:
|
REPLACE WITH
| Code:
|
|
If successful you will be able to login using the following password:
|
language/lang_english/lang_admin.php
FIND
| Code:
|
|
$lang['Autologin_time_explain'] = 'How long a autologin key is valid for in days if the user does not visit the board. Set to zero to disable expiry.';
|
AFTER, ADD
| Code:
|
// Search Flood Control - added 2.0.20
$lang['Search_Flood_Interval'] = 'Search Flood Interval';
$lang['Search_Flood_Interval_explain'] = 'Number of seconds a user must wait between search requests';
|
FIND
| Code:
|
$lang['Click_return_smileadmin'] = 'Click %sHere%s to return to Smiley Administration';
|
AFTER, ADD
| Code:
|
|
$lang['Confirm_delete_smiley'] = 'Are you sure you want to delete this Smiley?';
|
FIND
| Code:
|
$lang['Click_return_wordadmin'] = 'Click %sHere%s to return to Word Censor Administration';
|
AFTER, ADD
| Code:
|
|
$lang['Confirm_delete_word'] = 'Are you sure you want to delete this word censor?';
|
language/lang_english/lang_main.php
FIND
| Code:
|
|
$lang['Found_search_matches'] = 'Search found %d matches'; // eg. Search found 24 matches
|
AFTER, ADD
| Code:
|
|
$lang['Search_Flood_Error'] = 'You cannot make another search so soon after your last; please try again in a short while.';
|
login.php
FIND
| Code:
|
if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $board_config['max_login_attempts'] &&
$row['user_last_login_try'] >= (time() - ($board_config['login_reset_time'] * 60)) && $row['user_login_tries'] >= $board_config['max_login_attempts'])
|
REPLACE WITH
| Code:
|
if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $board_config['max_login_attempts'] &&
$row['user_last_login_try'] >= (time() - ($board_config['login_reset_time'] * 60)) && $row['user_login_tries'] >= $board_config['max_login_attempts'] && $userdata['user_level'] != ADMIN)
|
FIND
| Code:
|
else
{
// Save login tries and last login
|
REPLACE WITH
| Code:
|
// Only store a failed login attempt for an active user - inactive users can't login even with a correct password
elseif( $row['user_active'] )
{
// Save login tries and last login
|
memberlist.php
FIND
| Code:
|
$search_img = '<a href="' . $temp_url . '"><img src="' . $images['icon_search'] . '" alt="' . $lang['Search_user_posts'] . '" title="' . $lang['Search_user_posts'] . '" border="0" /></a>';
$search = '<a href="' . $temp_url . '">' . $lang['Search_user_posts'] . '</a>';
|
REPLACE WITH
| Code:
|
$search_img = '<a href="' . $temp_url . '"><img src="' . $images['icon_search'] . '" alt="' . sprintf($lang['Search_user_posts'], $username) . '" title="' . sprintf($lang['Search_user_posts'], $username) . '" border="0" /></a>';
$search = '<a href="' . $temp_url . '">' . sprintf($lang['Search_user_posts'], $username) . '</a>';
|
modcp.php
FIND
| Code:
|
|
include($phpbb_root_path . 'includes/functions_search.'.$phpEx);
|
BEFORE, ADD
| Code:
|
if ( empty($HTTP_POST_VARS['topic_id_list']) && empty($topic_id) )
{
message_die(GENERAL_MESSAGE, $lang['None_selected']);
}
|
FIND
| Code:
|
$sql = "SELECT poster_id, COUNT(post_id) AS posts
FROM " . POSTS_TABLE . "
WHERE topic_id IN ($topic_id_sql)
|
BEFORE, ADD
| Code:
|
if ( $topic_id_sql == '')
{
message_die(GENERAL_MESSAGE, $lang['None_selected']);
}
|
FIND
| Code:
|
$sql = "SELECT post_id, poster_id, topic_id, post_time
FROM " . POSTS_TABLE . "
WHERE post_id IN ($post_id_sql)
|
BEFORE, ADD
| Code:
|
if ($post_id_sql == '')
{
message_die(GENERAL_MESSAGE, $lang['None_selected']);
}
|
FIND
| Code:
|
|
$ip_this_post = ( $rdns_ip_num == $ip_this_post ) ? gethostbyaddr($ip_this_post) : $ip_this_post;
|
REPLACE WITH
| Code:
|
|
$ip_this_post = ( $rdns_ip_num == $ip_this_post ) ? htmlspecialchars(gethostbyaddr($ip_this_post)) : $ip_this_post;
|
FIND
| Code:
|
|
$ip = ( $rdns_ip_num == $row['poster_ip'] || $rdns_ip_num == 'all') ? gethostbyaddr($ip) : $ip;
|
REPLACE WITH
| Code:
|
|
$ip = ( $rdns_ip_num == $row['poster_ip'] || $rdns_ip_num == 'all') ? htmlspecialchars(gethostbyaddr($ip)) : $ip;
|
posting.php
FIND
| Code:
|
|
$poll_options[$option_id] = htmlspecialchars(trim(stripslashes($option_text)));
|
REPLACE WITH
| Code:
|
|
$poll_options[intval($option_id)] = htmlspecialchars(trim(stripslashes($option_text)));
|
privmsg.php
FIND
| Code:
|
|
$privmsg_subject = trim(strip_tags($HTTP_POST_VARS['subject']));
|
REPLACE WITH
| Code:
|
|
$privmsg_subject = trim(htmlspecialchars($HTTP_POST_VARS['subject']));
|
FIND
| Code:
|
|
message_die(GENERAL_ERROR, "Could not insert/update private message sent text.", "", __LINE__, __FILE__, $sql_info);
|
REPLACE WITH
| Code:
|
|
message_die(GENERAL_ERROR, "Could not insert/update private message sent text.", "", __LINE__, __FILE__, $sql);
|
FIND
| Code:
|
|
$privmsg_subject = ( isset($HTTP_POST_VARS['subject']) ) ? trim(strip_tags(stripslashes($HTTP_POST_VARS['subject']))) : '';
|
REPLACE WITH
| Code:
|
|
$privmsg_subject = ( isset($HTTP_POST_VARS['subject']) ) ? trim(htmlspecialchars(stripslashes($HTTP_POST_VARS['subject']))) : '';
|
FIND
| Code:
|
|
$privmsg_subject = ( ( !preg_match('/^Re:/', $privmsg['privmsgs_subject']) ) ? 'Re: ' : '' ) . $privmsg['privmsgs_subject'];
|
BEFORE, ADD
| Code:
|
$orig_word = $replacement_word = array();
obtain_word_list($orig_word, $replace_word);
|
FIND
| Code:
|
$to_username = $privmsg['username'];
$to_userid = $privmsg['user_id'];
|
BEFORE, ADD
| Code:
|
|
$privmsg_subject = preg_replace($orig_word, $replacement_word, $privmsg_subject);
|
FIND
| Code:
|
|
$privmsg_message = preg_replace('#</textarea>#si', '</textarea>', $privmsg_message);
|
AFTER, ADD
| Code:
|
|
$privmsg_message = preg_replace($orig_word, $replacement_word, $privmsg_message);
|
FIND AND DELETE
| Code:
|
$privmsg_subject = preg_replace($html_entities_match, $html_entities_replace, $privmsg_subject);
$privmsg_subject = str_replace('"', '"', $privmsg_subject);
|
profile.php
FIND
| Code:
|
$chars = array( 'a', 'A', 'b', 'B', 'c', 'C', 'd', 'D', 'e', 'E', 'f', 'F', 'g', 'G', 'h', 'H', 'i', 'I', 'j', 'J', 'k', 'K', 'l', 'L', 'm', 'M', 'n', 'N', 'o', 'O', 'p', 'P', 'q', 'Q', 'r', 'R', 's', 'S', 't', 'T', 'u', 'U', 'v', 'V', 'w', 'W', 'x', 'X', 'y', 'Y', 'z', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0');
$max_chars = count($chars) - 1;
srand( (double) microtime()*1000000);
$rand_str = '';
for($i = 0; $i < 8; $i++)
{
$rand_str = ( $i == 0 ) ? $chars[rand(0, $max_chars)] : $rand_str . $chars[rand(0, $max_chars)];
}
return ( $hash ) ? md5($rand_str) : $rand_str;
|
REPLACE WITH
| Code:
|
$rand_str = dss_rand();
return ( $hash ) ? md5($rand_str) : substr($rand_str, 8);
|
search.php
FIND
AFTER, ADD
| Code:
|
|
$current_time = time();
|
FIND
| Code:
|
if ( $search_id == 'newposts' || $search_id == 'egosearch' || $search_id == 'unanswered' || $search_keywords != '' || $search_author != '' )
{
|
AFTER, ADD
| Code:
|
//
// Flood control
//
$where_sql = ($userdata['user_id'] == ANONYMOUS) ? "se.session_ip = '$user_ip'" : 'se.session_user_id = ' . $userdata['user_id'];
$sql = 'SELECT MAX(sr.search_time) AS last_search_time
FROM ' . SEARCH_TABLE . ' sr, ' . SESSIONS_TABLE . " se
WHERE sr.session_id = se.session_id
AND $where_sql";
if ($result = $db->sql_query($sql))
{
if ($row = $db->sql_fetchrow($result))
{
if (intval($row['last_search_time']) > 0 && ($current_time - intval($row['last_search_time'])) < intval($board_config['search_flood_interval']))
{
message_die(GENERAL_MESSAGE, $lang['Search_Flood_Error']);
}
}
}
|
FIND
| Code:
|
|
if (preg_match('#^[\*%]+$#', trim($search_author)) || preg_match('#^[^\*]{1,2}$#', str_replace(array('*', '%'), '', trim($search_author))))
|
REPLACE WITH
| Code:
|
$search_author = str_replace('*', '%', trim($search_author));
if( ( strpos($search_author, '%') !== false ) && ( strlen(str_replace('%', '', $search_author)) < 3 ) )
|
FIND AND DELETE
| Code:
|
$search_author = str_replace('*', '%', trim($search_author));
|
FIND
| Code:
|
|
if (preg_match('#^[\*%]+$#', trim($search_author)) || preg_match('#^[^\*]{1,2}$#', str_replace(array('*', '%'), '', trim($search_author))))
|
REPLACE WITH
| Code:
|
$search_author = str_replace('*', '%', trim($search_author));
if( ( strpos($search_author, '%') !== false ) && ( strlen(str_replace('%', '', $search_author)) < 3 ) )
|
FIND AND DELETE
| Code:
|
$search_author = str_replace('*', '%', trim(str_replace("\'", "''", $search_author)));
|
FIND
| Code:
|
// Finish building query (for all combinations)
// and run it ...
//
$sql = "SELECT session_id
FROM " . SESSIONS_TABLE;
if ( $result = $db->sql_query($sql) )
{
$delete_search_ids = array();
while( $row = $db->sql_fetchrow($result) )
{
$delete_search_ids[] = "'" . $row['session_id'] . "'";
}
if ( count($delete_search_ids) )
{
$sql = "DELETE FROM " . SEARCH_TABLE . "
WHERE session_id NOT IN (" . implode(", ", $delete_search_ids) . ")";
if ( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete old search id sessions', '', __LINE__, __FILE__, $sql);
}
}
|
REPLACE WITH
| Code:
|
// Delete old data from the search result table
//
$sql = 'DELETE FROM ' . SEARCH_TABLE . '
WHERE search_time < ' . ($current_time - (int) $board_config['session_length']);
if ( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete old search id sessions', '', __LINE__, __FILE__, $sql);
|
FIND
| Code:
|
SET search_id = $search_id, search_array = '" . str_replace("\'", "''", $result_array) . "'
WHERE session_id = '" . $userdata['session_id'] . "'";
if ( !($result = $db->sql_query($sql)) || !$db->sql_affectedrows() )
{
$sql = "INSERT INTO " . SEARCH_TABLE . " (search_id, session_id, search_array)
VALUES($search_id, '" . $userdata['session_id'] . "', '" . str_replace("\'", "''", $result_array) . "')";
|
REPLACE WITH
| Code:
|
SET search_id = $search_id, search_time = $current_time, search_array = '" . str_replace("\'", "''", $result_array) . "'
WHERE session_id = '" . $userdata['session_id'] . "'";
if ( !($result = $db->sql_query($sql)) || !$db->sql_affectedrows() )
{
$sql = "INSERT INTO " . SEARCH_TABLE . " (search_id, session_id, search_time, search_array)
VALUES($search_id, '" . $userdata['session_id'] . "', $current_time, '" . str_replace("\'", "''", $result_array) . "')";
|
templates/subSilver/admin/board_config_body.tpl
FIND
| Code:
|
<td class="row2"><input class="post" type="text" size="3" maxlength="4" name="flood_interval" value="{FLOOD_INTERVAL}" /></td>
</tr>
|
AFTER, ADD
| Code:
|
<tr>
<td class="row1">{L_SEARCH_FLOOD_INTERVAL} <br /><span class="gensmall">{L_SEARCH_FLOOD_INTERVAL_EXPLAIN}</span></td>
<td class="row2"><input class="post" type="text" size="3" maxlength="4" name="search_flood_interval" value="{SEARCH_FLOOD_INTERVAL}" /></td>
</tr>
|
templates/subSilver/confirm_body.tpl
FIND
| Code:
|
|
<th class="thHead" height="25" valign="middle"><span class="tableTitle">{MESSAGE_TITLE}</span></th>
|
REPLACE WITH
| Code:
|
|
<th class="thHead" height="25" valign="middle">{MESSAGE_TITLE}</th>
|
|
|
| Back to top |
|
|
Thoul
VIP
Joined: 30 Jul 2002
Posts: 18040
Location: USA
|
| Posted: April 10th 2006, 2:50 pm Post subject: |
|
|
templates/subSilver/admin/confirm_body.tpl
phpBB 2.0.20 adds deletion confirmation for smilies, ranks and word censors. As part of this, a new template file is created and is called templates/subSilver/admin/confirm_body.tpl. This file is a duplicate of templates/subSilver/confirm_body.tpl. After completing the steps above, copy your forum's templates/subSilver/confirm_body.tpl file to templates/subSilver/admin/confirm_body.tpl. Take care that you do not delete templates/subSilver/confirm_body.tpl, just make a copy of it.
_________________
Fringes of Algo - Phantasy Star Community
TV Blitz Forums - Television Discussion Community
phpBB Smith: Modifications
70+ Listings @ phpBBHacks.com |
|
| Back to top |
|
|
|
Forums
Home
Register
Profile
Log in to check your private messages
Log in
FAQ
Search
Contact
Us 
