Managing Online Forums, a manual for the community admin

Bookmark and Share

phpBB 2.0.19 to 2.0.20 Code Changes

phpBB 2.0.19 to 2.0.20 Code Changes

Postby Thoul » April 10th 2006, 3:40 pm

TXT Version.
HTML Version.

These are the code changes introduced between phpBB 2.0.19 and phpBB 2.0.20. If you have installed many hacks on a forum, but wish to update it, these may help you. It is often easier to apply code changes such as these instead of replacing and rehacking your current files.

These code changes use the following instruction labels:
filename - The name of a file to be edited. Equivalent to an OPEN action in a hack or modification.
FIND - This indicates lines of code you should locate. Changes will be made in reference to this code.
REPLACE WITH - This code should completely replace the code in the preceding FIND instruction.
AFTER, ADD - The code in this instruction should be added on a new line after the last line of code in the preceding FIND instruction.
BEFORE, ADD - The code in this instruction should be added on a new line before the first line of code in the preceding FIND instruction.
FIND AND DELETE - Locate the code in this instruction as with a FIND statement, and then delete the code.
INLINE - This will always precede one of the other labels. An example would be INLINE FIND. INLINE labels work in the same way as the normal labels, with the exception that they operate on a smaller portion of a specific line referenced in the previous FIND instruction. Any new code added in an INLINE instruction should be placed on the same line, instead of on a new line.

Once you have completed the code changes, create an install/ directory in your forum's root directory, and upload the update_to_latest.php file that comes in any phpBB 2.0.20 download to the install/ directory. Run update_to_latest.php by opening it via your web browser, just as you would a normal forum page. Afterward, delete the file and the install/ directory so that your forum is accessible again.

Now, onward to the file changes!
Last edited by Thoul on April 19th 2006, 6:31 pm, edited 1 time in total.
User avatar
Thoul
Admin/Webmaster
 
Posts: 18551
Joined: July 30th 2002, 11:30 am
Location: USA

Postby Thoul » April 10th 2006, 3:42 pm

admin/admin_board.php

FIND
Code: Select all
			$cookie_name = str_replace('.', '_', $new['cookie_name']);


REPLACE WITH
Code: Select all
			$new['cookie_name'] = str_replace('.', '_', $new['cookie_name']);
		}

		// Attempt to prevent a common mistake with this value,
		// http:// is the protocol and not part of the server name
		if ($config_name == 'server_name')
		{
			$new['server_name'] = str_replace('http://', '', $new['server_name']);


FIND
Code: Select all
	"L_FLOOD_INTERVAL_EXPLAIN" => $lang['Flood_Interval_explain'], 


AFTER, ADD
Code: Select all
	"L_SEARCH_FLOOD_INTERVAL" => $lang['Search_Flood_Interval'],
	"L_SEARCH_FLOOD_INTERVAL_EXPLAIN" => $lang['Search_Flood_Interval_explain'], 


FIND
Code: Select all
	"FLOOD_INTERVAL" => $new['flood_interval'],


AFTER, ADD
Code: Select all
	"SEARCH_FLOOD_INTERVAL" => $new['search_flood_interval'],



admin/admin_db_utilities.php

FIND
Code: Select all
		unset($schema_vals);
		unset($schema_fields);
		unset($schema_insert);


REPLACE WITH
Code: Select all
		$schema_vals = '';
		$schema_fields = '';
		$schema_insert = '';


FIND
Code: Select all
				if ($empty($strVal))


REPLACE WITH
Code: Select all
				if (empty($strVal))



admin/admin_forums.php

FIND
Code: Select all
	"auth_post" => AUTH_ALL, 
	"auth_reply" => AUTH_ALL, 


REPLACE WITH
Code: Select all
	"auth_post" => AUTH_REG, 
	"auth_reply" => AUTH_REG, 



admin/admin_groups.php

FIND
Code: Select all
	$sql = "SELECT user_id, username
		FROM " . USERS_TABLE . "
		WHERE user_id <> " . ANONYMOUS . "
		ORDER BY username";
	if ( !($result = $db->sql_query($sql)) )
	{
		message_die(GENERAL_ERROR, 'Could not obtain user info for moderator list', '', __LINE__, __FILE__, $sql);
	}

	while ( $row = $db->sql_fetchrow($result) )
	{
		if ( $row['user_id'] == $group_info['group_moderator'] ) 
		{
			$group_moderator = $row['username'];
		}
	}


REPLACE WITH
Code: Select all
	if ($group_info['group_moderator'] != '')
	{
		$sql = "SELECT user_id, username
			FROM " . USERS_TABLE . "
			WHERE user_id = " . $group_info['group_moderator'];
		if ( !($result = $db->sql_query($sql)) )
		{
			message_die(GENERAL_ERROR, 'Could not obtain user info for moderator list', '', __LINE__, __FILE__, $sql);
		}

		if ( !($row = $db->sql_fetchrow($result)) )
		{
			message_die(GENERAL_ERROR, 'Could not obtain user info for moderator list', '', __LINE__, __FILE__, $sql);
		}

		$group_moderator = $row['username'];
	}
	else
	{
		$group_moderator = '';
	}


FIND
Code: Select all
		$group_name = isset($HTTP_POST_VARS['group_name']) ? trim($HTTP_POST_VARS['group_name']) : '';


REPLACE WITH
Code: Select all
		$group_name = isset($HTTP_POST_VARS['group_name']) ? htmlspecialchars(trim($HTTP_POST_VARS['group_name'])) : '';



admin/admin_ranks.php

FIND AND DELETE
Code: Select all
define('IN_PHPBB', 1);


FIND
Code: Select all
//
// Let's set the root dir for phpBB
//


BEFORE, ADD
Code: Select all
define('IN_PHPBB', 1);


FIND
Code: Select all
	$mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];


REPLACE WITH
Code: Select all
	$mode = (isset($HTTP_GET_VARS['mode'])) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];


FIND
Code: Select all
if( $mode != "" )


BEFORE, ADD
Code: Select all
// Restrict mode input to valid options
$mode = ( in_array($mode, array('add', 'edit', 'save', 'delete')) ) ? $mode : '';


FIND
Code: Select all
		if( $rank_id )


REPLACE WITH
Code: Select all
		$confirm = isset($HTTP_POST_VARS['confirm']);
		
		if( $rank_id && $confirm )


FIND
Code: Select all
		else
		{
			message_die(GENERAL_MESSAGE, $lang['Must_select_rank']);
		}
	}
	else
	{
		//
		// They didn't feel like giving us any information. Oh, too bad, we'll just display the
		// list then...
		//
		$template->set_filenames(array(
			"body" => "admin/ranks_list_body.tpl")
		);
		
		$sql = "SELECT * FROM " . RANKS_TABLE . "
			ORDER BY rank_min, rank_title";
		if( !$result = $db->sql_query($sql) )
		{
			message_die(GENERAL_ERROR, "Couldn't obtain ranks data", "", __LINE__, __FILE__, $sql);
		}
		
		$rank_rows = $db->sql_fetchrowset($result);
		$rank_count = count($rank_rows);
		
		$template->assign_vars(array(
			"L_RANKS_TITLE" => $lang['Ranks_title'],
			"L_RANKS_TEXT" => $lang['Ranks_explain'],
			"L_RANK" => $lang['Rank_title'],
			"L_RANK_MINIMUM" => $lang['Rank_minimum'],
			"L_SPECIAL_RANK" => $lang['Special_rank'],
			"L_EDIT" => $lang['Edit'],
			"L_DELETE" => $lang['Delete'],
			"L_ADD_RANK" => $lang['Add_new_rank'],
			"L_ACTION" => $lang['Action'],
			
			"S_RANKS_ACTION" => append_sid("admin_ranks.$phpEx"))
		);
		
		for( $i = 0; $i < $rank_count; $i++)
		{
			$rank = $rank_rows[$i]['rank_title'];
			$special_rank = $rank_rows[$i]['rank_special'];
			$rank_id = $rank_rows[$i]['rank_id'];
			$rank_min = $rank_rows[$i]['rank_min'];

			if($special_rank)
			{
				$rank_min = $rank_max = "-";
			}
			
			$row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
			$row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];
	
			$template->assign_block_vars("ranks", array(
				"ROW_COLOR" => "#" . $row_color,
				"ROW_CLASS" => $row_class,
				"RANK" => $rank,
				"RANK_MIN" => $rank_min,

				"SPECIAL_RANK" => ( $special_rank == 1 ) ? $lang['Yes'] : $lang['No'],

				"U_RANK_EDIT" => append_sid("admin_ranks.$phpEx?mode=edit&amp;id=$rank_id"),
				"U_RANK_DELETE" => append_sid("admin_ranks.$phpEx?mode=delete&amp;id=$rank_id"))
			);
		}
	}
}
else
{
	//
	// Show the default page
	//
	$template->set_filenames(array(
		"body" => "admin/ranks_list_body.tpl")
	);
	
	$sql = "SELECT * FROM " . RANKS_TABLE . "
		ORDER BY rank_min ASC, rank_special ASC";
	if( !$result = $db->sql_query($sql) )
	{
		message_die(GENERAL_ERROR, "Couldn't obtain ranks data", "", __LINE__, __FILE__, $sql);
	}
	$rank_count = $db->sql_numrows($result);

	$rank_rows = $db->sql_fetchrowset($result);
	
	$template->assign_vars(array(
		"L_RANKS_TITLE" => $lang['Ranks_title'],
		"L_RANKS_TEXT" => $lang['Ranks_explain'],
		"L_RANK" => $lang['Rank_title'],
		"L_RANK_MINIMUM" => $lang['Rank_minimum'],
		"L_SPECIAL_RANK" => $lang['Rank_special'],
		"L_EDIT" => $lang['Edit'],
		"L_DELETE" => $lang['Delete'],
		"L_ADD_RANK" => $lang['Add_new_rank'],
		"L_ACTION" => $lang['Action'],
		
		"S_RANKS_ACTION" => append_sid("admin_ranks.$phpEx"))
	);
	
	for($i = 0; $i < $rank_count; $i++)
	{
		$rank = $rank_rows[$i]['rank_title'];
		$special_rank = $rank_rows[$i]['rank_special'];
		$rank_id = $rank_rows[$i]['rank_id'];
		$rank_min = $rank_rows[$i]['rank_min'];
		
		if( $special_rank == 1 )
		{
			$rank_min = $rank_max = "-";
		}

		$row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
		$row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];

		$rank_is_special = ( $special_rank ) ? $lang['Yes'] : $lang['No'];
		
		$template->assign_block_vars("ranks", array(
			"ROW_COLOR" => "#" . $row_color,
			"ROW_CLASS" => $row_class,
			"RANK" => $rank,
			"SPECIAL_RANK" => $rank_is_special,
			"RANK_MIN" => $rank_min,

			"U_RANK_EDIT" => append_sid("admin_ranks.$phpEx?mode=edit&amp;id=$rank_id"),
			"U_RANK_DELETE" => append_sid("admin_ranks.$phpEx?mode=delete&amp;id=$rank_id"))
		);
	}


REPLACE WITH
Code: Select all
		elseif( $rank_id && !$confirm)
		{
			// Present the confirmation screen to the user
			$template->set_filenames(array(
				'body' => 'admin/confirm_body.tpl')
			);

			$hidden_fields = '<input type="hidden" name="mode" value="delete" /><input type="hidden" name="id" value="' . $rank_id . '" />';

			$template->assign_vars(array(
				'MESSAGE_TITLE' => $lang['Confirm'],
				'MESSAGE_TEXT' => $lang['Confirm_delete_rank'],

				'L_YES' => $lang['Yes'],
				'L_NO' => $lang['No'],

				'S_CONFIRM_ACTION' => append_sid("admin_ranks.$phpEx"),
				'S_HIDDEN_FIELDS' => $hidden_fields)
			);
		}
		else
		{
			message_die(GENERAL_MESSAGE, $lang['Must_select_rank']);
		}
	}

	$template->pparse("body");

	include('./page_footer_admin.'.$phpEx);
}

//
// Show the default page
//
$template->set_filenames(array(
	"body" => "admin/ranks_list_body.tpl")
);

$sql = "SELECT * FROM " . RANKS_TABLE . "
	ORDER BY rank_min ASC, rank_special ASC";
if( !$result = $db->sql_query($sql) )
{
	message_die(GENERAL_ERROR, "Couldn't obtain ranks data", "", __LINE__, __FILE__, $sql);
}
$rank_count = $db->sql_numrows($result);

$rank_rows = $db->sql_fetchrowset($result);

$template->assign_vars(array(
	"L_RANKS_TITLE" => $lang['Ranks_title'],
	"L_RANKS_TEXT" => $lang['Ranks_explain'],
	"L_RANK" => $lang['Rank_title'],
	"L_RANK_MINIMUM" => $lang['Rank_minimum'],
	"L_SPECIAL_RANK" => $lang['Rank_special'],
	"L_EDIT" => $lang['Edit'],
	"L_DELETE" => $lang['Delete'],
	"L_ADD_RANK" => $lang['Add_new_rank'],
	"L_ACTION" => $lang['Action'],
	
	"S_RANKS_ACTION" => append_sid("admin_ranks.$phpEx"))
);

for($i = 0; $i < $rank_count; $i++)
{
	$rank = $rank_rows[$i]['rank_title'];
	$special_rank = $rank_rows[$i]['rank_special'];
	$rank_id = $rank_rows[$i]['rank_id'];
	$rank_min = $rank_rows[$i]['rank_min'];
	
	if( $special_rank == 1 )
	{
		$rank_min = $rank_max = "-";
	}

	$row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
	$row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];

	$rank_is_special = ( $special_rank ) ? $lang['Yes'] : $lang['No'];
	
	$template->assign_block_vars("ranks", array(
		"ROW_COLOR" => "#" . $row_color,
		"ROW_CLASS" => $row_class,
		"RANK" => $rank,
		"SPECIAL_RANK" => $rank_is_special,
		"RANK_MIN" => $rank_min,

		"U_RANK_EDIT" => append_sid("admin_ranks.$phpEx?mode=edit&amp;id=$rank_id"),
		"U_RANK_DELETE" => append_sid("admin_ranks.$phpEx?mode=delete&amp;id=$rank_id"))
	);



admin/admin_smilies.php

FIND
Code: Select all
			$sql = "DELETE FROM " . SMILIES_TABLE . "
				WHERE smilies_id = " . $smiley_id;
			$result = $db->sql_query($sql);
			if( !$result )
			{
				message_die(GENERAL_ERROR, "Couldn't delete smiley", "", __LINE__, __FILE__, $sql);
			}

			$message = $lang['smiley_del_success'] . "<br /><br />" . sprintf($lang['Click_return_smileadmin'], "<a href=\"" . append_sid("admin_smilies.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");

			message_die(GENERAL_MESSAGE, $message);


REPLACE WITH
Code: Select all
			$confirm = isset($HTTP_POST_VARS['confirm']);

			if( $confirm )
			{
				$sql = "DELETE FROM " . SMILIES_TABLE . "
					WHERE smilies_id = " . $smiley_id;
				$result = $db->sql_query($sql);
				if( !$result )
				{
					message_die(GENERAL_ERROR, "Couldn't delete smiley", "", __LINE__, __FILE__, $sql);
				}

				$message = $lang['smiley_del_success'] . "<br /><br />" . sprintf($lang['Click_return_smileadmin'], "<a href=\"" . append_sid("admin_smilies.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");

				message_die(GENERAL_MESSAGE, $message);
			}
			else
			{
				// Present the confirmation screen to the user
				$template->set_filenames(array(
					'body' => 'admin/confirm_body.tpl')
				);

				$hidden_fields = '<input type="hidden" name="mode" value="delete" /><input type="hidden" name="id" value="' . $smiley_id . '" />';

				$template->assign_vars(array(
					'MESSAGE_TITLE' => $lang['Confirm'],
					'MESSAGE_TEXT' => $lang['Confirm_delete_smiley'],

					'L_YES' => $lang['Yes'],
					'L_NO' => $lang['No'],

					'S_CONFIRM_ACTION' => append_sid("admin_smilies.$phpEx"),
					'S_HIDDEN_FIELDS' => $hidden_fields)
				);
				$template->pparse('body');
			}


FIND
Code: Select all
			$smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? trim($HTTP_POST_VARS['smile_code']) : trim($HTTP_GET_VARS['smile_code']);
			$smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? trim($HTTP_POST_VARS['smile_url']) : trim($HTTP_GET_VARS['smile_url']);
			$smile_url = phpbb_ltrim(basename($smile_url), "'");
			$smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? trim($HTTP_POST_VARS['smile_emotion']) : trim($HTTP_GET_VARS['smile_emotion']);
			$smile_id = ( isset($HTTP_POST_VARS['smile_id']) ) ? intval($HTTP_POST_VARS['smile_id']) : intval($HTTP_GET_VARS['smile_id']);


REPLACE WITH
Code: Select all
			$smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? trim($HTTP_POST_VARS['smile_code']) : '';
			$smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? trim($HTTP_POST_VARS['smile_url']) : '';
			$smile_url = phpbb_ltrim(basename($smile_url), "'");
			$smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? htmlspecialchars(trim($HTTP_POST_VARS['smile_emotion'])) : '';
			$smile_id = ( isset($HTTP_POST_VARS['smile_id']) ) ? intval($HTTP_POST_VARS['smile_id']) : 0;
			$smile_code = trim($smile_code);
			$smile_url = trim($smile_url);


FIND
Code: Select all
			$smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? $HTTP_POST_VARS['smile_code'] : $HTTP_GET_VARS['smile_code'];
			$smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : $HTTP_GET_VARS['smile_url'];
			$smile_url = phpbb_ltrim(basename($smile_url), "'");
			$smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? $HTTP_POST_VARS['smile_emotion'] : $HTTP_GET_VARS['smile_emotion'];
			$smile_code = trim($smile_code);
			$smile_url = trim($smile_url);
			$smile_emotion = trim($smile_emotion);


REPLACE WITH
Code: Select all
			$smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? $HTTP_POST_VARS['smile_code'] : '';
			$smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : '';
			$smile_url = phpbb_ltrim(basename($smile_url), "'");
			$smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? htmlspecialchars(trim($HTTP_POST_VARS['smile_emotion'])) : '';
			$smile_code = trim($smile_code);
			$smile_url = trim($smile_url);



admin/admin_users.php

FIND
Code: Select all
		$user_style = ( $HTTP_POST_VARS['style'] ) ? intval( $HTTP_POST_VARS['style'] ) : $board_config['default_style'];


REPLACE WITH
Code: Select all
		$user_style = ( isset( $HTTP_POST_VARS['style'] ) ) ? intval( $HTTP_POST_VARS['style'] ) : $board_config['default_style'];


FIND AND DELETE
Code: Select all
		$user_template = ( $HTTP_POST_VARS['template'] ) ? $HTTP_POST_VARS['template'] : $board_config['board_template'];


FIND
Code: Select all
				$message .= $lang['Admin_user_updated'];


BEFORE, ADD
Code: Select all
				// We remove all stored login keys since the password has been updated
				// and change the current one (if applicable)
				if ( !empty($passwd_sql) )
				{
					session_reset_keys($user_id, $user_ip);
				}


FIND
Code: Select all
				$error = TRUE;
				$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Admin_user_fail'];


REPLACE WITH
Code: Select all
				message_die(GENERAL_ERROR, 'Admin_user_fail', '', __LINE__, __FILE__, $sql);



admin/admin_words.php

FIND AND DELETE
Code: Select all
define('IN_PHPBB', 1);


FIND
Code: Select all
//
// Load default header
//


BEFORE, ADD
Code: Select all
define('IN_PHPBB', 1);


FIND
Code: Select all
	$mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];


REPLACE WITH
Code: Select all
	$mode = (isset($HTTP_GET_VARS['mode'])) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];


FIND
Code: Select all
if( $mode != "" )
{
	if( $mode == "edit" || $mode == "add" )


BEFORE, ADD
Code: Select all
// Restrict mode input to valid options
$mode = ( in_array($mode, array('add', 'edit', 'save', 'delete')) ) ? $mode : '';


FIND
Code: Select all
		$s_hidden_fields = '';


BEFORE, ADD
Code: Select all
		$word_info = array('word' => '', 'replacement' => '');


FIND
Code: Select all
		if( $word_id )
		{
			$sql = "DELETE FROM " . WORDS_TABLE . " 
				WHERE word_id = $word_id";


REPLACE WITH
Code: Select all
		$confirm = isset($HTTP_POST_VARS['confirm']);

		if( $word_id && $confirm )
		{
			$sql = "DELETE FROM " . WORDS_TABLE . " 
				WHERE word_id = $word_id";


FIND
Code: Select all
		else
		{
			message_die(GENERAL_MESSAGE, $lang['No_word_selected']);


BEFORE, ADD
Code: Select all
		elseif( $word_id && !$confirm)
		{
			// Present the confirmation screen to the user
			$template->set_filenames(array(
				'body' => 'admin/confirm_body.tpl')
			);

			$hidden_fields = '<input type="hidden" name="mode" value="delete" /><input type="hidden" name="id" value="' . $word_id . '" />';

			$template->assign_vars(array(
				'MESSAGE_TITLE' => $lang['Confirm'],
				'MESSAGE_TEXT' => $lang['Confirm_delete_word'],

				'L_YES' => $lang['Yes'],
				'L_NO' => $lang['No'],

				'S_CONFIRM_ACTION' => append_sid("admin_words.$phpEx"),
				'S_HIDDEN_FIELDS' => $hidden_fields)
			);
		}


FIND
Code: Select all
	$word_rows = $db->sql_fetchrowset($result);


AFTER, ADD
Code: Select all
	$db->sql_freeresult($result);



admin/page_header_admin.php

FIND
Code: Select all
$template->pparse('header');


BEFORE, ADD
Code: Select all
// Work around for "current" Apache 2 + PHP module which seems to not
// cope with private cache control setting
if (!empty($HTTP_SERVER_VARS['SERVER_SOFTWARE']) && strstr($HTTP_SERVER_VARS['SERVER_SOFTWARE'], 'Apache/2'))
{
	header ('Cache-Control: no-cache, pre-check=0, post-check=0');
}
else
{
	header ('Cache-Control: private, pre-check=0, post-check=0, max-age=0');
}
header ('Expires: 0');
header ('Pragma: no-cache');



admin/pagestart.php

FIND AND DELETE
Code: Select all
	$url = str_replace(preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['server_name'])), '', $HTTP_SERVER_VARS['REQUEST_URI']);
	$url = str_replace(preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['script_path'])), '', $url);
	$url = str_replace('//', '/', $url);
	$url = preg_replace('/sid=([^&]*)(&?)/i', '', $url);
	$url = preg_replace('/\?$/', '', $url);
	$url .= ((strpos($url, '?')) ? '&' : '?') . 'sid=' . $userdata['session_id'];
User avatar
Thoul
Admin/Webmaster
 
Posts: 18551
Joined: July 30th 2002, 11:30 am
Location: USA

Postby Thoul » April 10th 2006, 3:44 pm

common.php

FIND
Code: Select all
$nav_links = array();


AFTER, ADD
Code: Select all
$dss_seeded = false;



db/mssql.php
You can skip the changes for this file if you do not use a Microsoft SQL database.

FIND
Code: Select all
				$row[$key] = stripslashes($value);


REPLACE WITH
Code: Select all
				$row[$key] = ($value === ' ') ? '' : stripslashes($value);


FIND
Code: Select all
					$rowset[$i][$key] = stripslashes($value);


REPLACE WITH
Code: Select all
					$rowset[$i][$key] = ($value === ' ') ? '' : stripslashes($value);


FIND
Code: Select all
					$result = stripslashes($this->row[$query_id][$field]);


REPLACE WITH
Code: Select all
					$result = ($this->row[$query_id][$field] === ' ') ? '' : stripslashes($this->row[$query_id][$field]);



includes/auth.php

FIND
Code: Select all
				$f_forum_id = $f_access[$k]['forum_id'];


AFTER, ADD
Code: Select all
				$u_access[$f_forum_id] = isset($u_access[$f_forum_id]) ? $u_access[$f_forum_id] : array();


FIND
Code: Select all
			$f_forum_id = $f_access[$k]['forum_id'];


AFTER, ADD
Code: Select all
			$u_access[$f_forum_id] = isset($u_access[$f_forum_id]) ? $u_access[$f_forum_id] : array();



includes/bbcode.php

FIND
Code: Select all
	// This one gets first-passed..
	$patterns[] = "#\[img:$uid\]([^?].*?)\[/img:$uid\]#i";
	$replacements[] = $bbcode_tpl['img'];

	// matches a [url]xxxx://www.phpbb.com[/url] code..
	$patterns[] = "#\[url\]([\w]+?://([\w\#$%&~/.\-;:=,?@\]+]|\[(?!url=))*?)\[/url\]#is";
	$replacements[] = $bbcode_tpl['url1'];

	// [url]www.phpbb.com[/url] code.. (no xxxx:// prefix).
	$patterns[] = "#\[url\]((www|ftp)\.([\w\#$%&~/.\-;:=,?@\]+]|\[(?!url=))*?)\[/url\]#is";


REPLACE WITH
Code: Select all
	// This one gets first-passed..
	$patterns[] = "#\[img:$uid\]([^?](?:[^\[]+|\[(?!url))*?)\[/img:$uid\]#i";
	$replacements[] = $bbcode_tpl['img'];

	// matches a [url]xxxx://www.phpbb.com[/url] code..
	$patterns[] = "#\[url\]([\w]+?://([\w\#$%&~/.\-;:=,?@\]+]+|\[(?!url=))*?)\[/url\]#is";
	$replacements[] = $bbcode_tpl['url1'];

	// [url]www.phpbb.com[/url] code.. (no xxxx:// prefix).
	$patterns[] = "#\[url\]((www|ftp)\.([\w\#$%&~/.\-;:=,?@\]+]+|\[(?!url=))*?)\[/url\]#is";


FIND
Code: Select all
	$uid = md5(mt_rand());


REPLACE WITH
Code: Select all
	$uid = dss_rand();



includes/functions.php

FIND
Code: Select all
//
// Get Userdata, $user can be username or user_id. If force_str is true, the username will be forced.
//


BEFORE, ADD
Code: Select all
/**
* Our own generator of random values
* This uses a constantly changing value as the base for generating the values
* The board wide setting is updated once per page if this code is called
* With thanks to Anthrax101 for the inspiration on this one
* Added in phpBB 2.0.20
*/
function dss_rand()
{
	global $db, $board_config, $dss_seeded;

	$val = $board_config['rand_seed'] . microtime();
	$val = md5($val);
	$board_config['rand_seed'] = md5($board_config['rand_seed'] . $val . 'a');
   
	if($dss_seeded !== true)
	{
		$sql = "UPDATE " . CONFIG_TABLE . " SET
			config_value = '" . $board_config['rand_seed'] . "'
			WHERE config_name = 'rand_seed'";
		
		if( !$db->sql_query($sql) )
		{
			message_die(GENERAL_ERROR, "Unable to reseed PRNG", "", __LINE__, __FILE__, $sql);
		}

		$dss_seeded = true;
	}

	return substr($val, 16);
}


FIND
Code: Select all
		message_die(CRITICAL_ERROR, "Could not get theme data for themes_id [$style]");


REPLACE WITH
Code: Select all
		// We are trying to setup a style which does not exist in the database
		// Try to fallback to the board default (if the user had a custom style)
		// and then any users using this style to the default if it succeeds
		if ( $style != $board_config['default_style'])
		{
			$sql = 'SELECT *
				FROM ' . THEMES_TABLE . '
				WHERE themes_id = ' . $board_config['default_style'];
			if ( !($result = $db->sql_query($sql)) )
			{
				message_die(CRITICAL_ERROR, 'Could not query database for theme info');
			}

			if ( $row = $db->sql_fetchrow($result) )
			{
				$db->sql_freeresult($result);

				$sql = 'UPDATE ' . USERS_TABLE . '
					SET user_style = ' . $board_config['default_style'] . "
					WHERE user_style = $style";
				if ( !($result = $db->sql_query($sql)) )
				{
					message_die(CRITICAL_ERROR, 'Could not update user theme info');
				}
			}
			else
			{
				message_die(CRITICAL_ERROR, "Could not get theme data for themes_id [$style]");
			}
		}
		else
		{
			message_die(CRITICAL_ERROR, "Could not get theme data for themes_id [$style]");
		}


FIND
Code: Select all
			$debug_text .= '</br /><br />Line : ' . $err_line . '<br />File : ' . basename($err_file);


REPLACE WITH
Code: Select all
			$debug_text .= '<br /><br />Line : ' . $err_line . '<br />File : ' . basename($err_file);


FIND
Code: Select all
		if ( empty($template) )
		{
			$template = new Template($phpbb_root_path . 'templates/' . $board_config['board_template']);
		}
		if ( empty($theme) )


REPLACE WITH
Code: Select all
		if ( empty($template) || empty($theme) )



includes/functions_post.php

FIND
Code: Select all
		$allowed_html_tags = split(',', $board_config['allow_html_tags']);

		$end_html = 0;
		$start_html = 1;
		$tmp_message = '';
		$message = ' ' . $message . ' ';

		while ($start_html = strpos($message, '<', $start_html))
		{
			$tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1, ($start_html - $end_html - 1)));

			if ($end_html = strpos($message, '>', $start_html))
			{
				$length = $end_html - $start_html + 1;
				$hold_string = substr($message, $start_html, $length);

				if (($unclosed_open = strrpos(' ' . $hold_string, '<')) != 1)
				{
					$tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($hold_string, 0, $unclosed_open - 1));
					$hold_string = substr($hold_string, $unclosed_open - 1);
				}

				$tagallowed = false;
				for ($i = 0; $i < sizeof($allowed_html_tags); $i++)
				{
					$match_tag = trim($allowed_html_tags[$i]);
					if (preg_match('#^<\/?' . $match_tag . '[> ]#i', $hold_string))
					{
						$tagallowed = (preg_match('#^<\/?' . $match_tag . ' .*?(style[\t ]*?=|on[\w]+[\t ]*?=)#i', $hold_string)) ? false : true;
					}
				}

				$tmp_message .= ($length && !$tagallowed) ? preg_replace($html_entities_match, $html_entities_replace, $hold_string) : $hold_string;

				$start_html += $length;
			}
			else
			{
				$tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $start_html, strlen($message)));

				$start_html = strlen($message);
				$end_html = $start_html;
			}
		}

		if (!$end_html || ($end_html != strlen($message) && $tmp_message != ''))
		{
			$tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1));
		}

		$message = ($tmp_message != '') ? trim($tmp_message) : trim($message);


REPLACE WITH
Code: Select all
		// If HTML is on, we try to make it safe
		// This approach is quite agressive and anything that does not look like a valid tag
		// is going to get converted to HTML entities
		$message = stripslashes($message);
		$html_match = '#<[^\w<]*(\w+)((?:"[^"]*"|\'[^\']*\'|[^<>\'"])+)?>#';
		$matches = array();

		$message_split = preg_split($html_match, $message);
		preg_match_all($html_match, $message, $matches);

		$message = '';

		foreach ($message_split as $part)
		{
			$tag = array(array_shift($matches[0]), array_shift($matches[1]), array_shift($matches[2]));
			$message .= htmlspecialchars($part) . clean_html($tag);
		}

		$message = addslashes($message);


FIND
Code: Select all
					$temp_option_text[$option_id] = htmlspecialchars($option_text);


REPLACE WITH
Code: Select all
					$temp_option_text[intval($option_id)] = htmlspecialchars($option_text);


FIND
Code: Select all
?>


BEFORE, ADD
Code: Select all
/**
* Called from within prepare_message to clean included HTML tags if HTML is
* turned on for that post
* @param array $tag Matching text from the message to parse
*/
function clean_html($tag)
{
	global $board_config;

	if (empty($tag[0]))
	{
		return '';
	}

	$allowed_html_tags = preg_split('/, */', strtolower($board_config['allow_html_tags']));
	$disallowed_attributes = '/^(?:style|on)/i';

	// Check if this is an end tag
	preg_match('/<[^\w\/]*\/[\W]*(\w+)/', $tag[0], $matches);
	if (sizeof($matches))
	{
		if (in_array(strtolower($matches[1]), $allowed_html_tags))
		{
			return  '</' . $matches[1] . '>';
		}
		else
		{
			return  htmlspecialchars('</' . $matches[1] . '>');
		}
	}

	// Check if this is an allowed tag
	if (in_array(strtolower($tag[1]), $allowed_html_tags))
	{
		$attributes = '';
		if (!empty($tag[2]))
		{
			preg_match_all('/[\W]*?(\w+)[\W]*?=[\W]*?(["\'])((?:(?!\2).)*)\2/', $tag[2], $test);
			for ($i = 0; $i < sizeof($test[0]); $i++)
			{
				if (preg_match($disallowed_attributes, $test[1][$i]))
				{
					continue;
				}
				$attributes .= ' ' . $test[1][$i] . '=' . $test[2][$i] . str_replace(array('[', ']'), array('[', ']'), htmlspecialchars($test[3][$i])) . $test[2][$i];
			}
		}
		if (in_array(strtolower($tag[1]), $allowed_html_tags))
		{
			return '<' . $tag[1] . $attributes . '>';
		}
		else
		{
			return htmlspecialchars('<' . $tag[1] . $attributes . '>');
		}
	}
	// Finally, this is not an allowed tag so strip all the attibutes and escape it
	else
	{
		return htmlspecialchars('<' .   $tag[1] . '>');
	}
}



includes/prune.php

FIND
Code: Select all
	$prune_all = ($prune_all) ? '' : 'AND t.topic_vote = 0 AND t.topic_type <> ' . POST_ANNOUNCE;


BEFORE, ADD
Code: Select all
	// Before pruning, lets try to clean up the invalid topic entries
	$sql = 'SELECT topic_id FROM ' . TOPICS_TABLE . '
		WHERE topic_last_post_id = 0';
	if ( !($result = $db->sql_query($sql)) )
	{
		message_die(GENERAL_ERROR, 'Could not obtain lists of topics to sync', '', __LINE__, __FILE__, $sql);
	}

	while( $row = $db->sql_fetchrow($result) )
	{
		sync('topic', $row['topic_id']);
	}

	$db->sql_freeresult($result);


FIND
Code: Select all
			AND ( p.post_id = t.topic_last_post_id 
				OR t.topic_last_post_id = 0 )";


REPLACE WITH
Code: Select all
			AND p.post_id = t.topic_last_post_id";
User avatar
Thoul
Admin/Webmaster
 
Posts: 18551
Joined: July 30th 2002, 11:30 am
Location: USA

Postby Thoul » April 10th 2006, 3:46 pm

includes/sessions.php

FIND
Code: Select all
		list($sec, $usec) = explode(' ', microtime());
		mt_srand((float) $sec + ((float) $usec * 100000));
		$session_id = md5(uniqid(mt_rand(), true));


REPLACE WITH
Code: Select all
		$session_id = md5(dss_rand());


FIND
Code: Select all
			list($sec, $usec) = explode(' ', microtime());
			mt_srand(hexdec(substr($session_id, 0, 8)) + (float) $sec + ((float) $usec * 1000000));
			$auto_login_key = uniqid(mt_rand(), true);


REPLACE WITH
Code: Select all
			$auto_login_key = dss_rand() . dss_rand();


FIND
Code: Select all
//
// Append $SID to a url. Borrowed from phplib and modified. This is an
// extra routine utilised by the session code above and acts as a wrapper


BEFORE, ADD
Code: Select all
/**
* Reset all login keys for the specified user
* Called on password changes
*/
function session_reset_keys($user_id, $user_ip)
{
	global $db, $userdata;

	$key_sql = ($user_id == $userdata['user_id'] && !empty($userdata['session_key'])) ? "AND key_id != '" . md5($userdata['session_key']) . "'" : '';

	$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . '
		WHERE user_id = ' . (int) $user_id . "
			$key_sql";

	if ( !$db->sql_query($sql) )
	{
		message_die(CRITICAL_ERROR, 'Error removing auto-login keys', '', __LINE__, __FILE__, $sql);
	}

	$where_sql = 'session_user_id = ' . (int) $user_id;
	$where_sql .= ($user_id == $userdata['user_id']) ? " AND session_id <> '" . $userdata['session_id'] . "'" : '';
	$sql = 'DELETE FROM ' . SESSIONS_TABLE . "
		WHERE $where_sql";
	if ( !$db->sql_query($sql) )
	{
		message_die(CRITICAL_ERROR, 'Error removing user session(s)', '', __LINE__, __FILE__, $sql);
	}

	if ( !empty($key_sql) )
	{
		$auto_login_key = dss_rand() . dss_rand();

		$current_time = time();
		
		$sql = 'UPDATE ' . SESSIONS_KEYS_TABLE . "
			SET last_ip = '$user_ip', key_id = '" . md5($auto_login_key) . "', last_login = $current_time
			WHERE key_id = '" . md5($userdata['session_key']) . "'";
		
		if ( !$db->sql_query($sql) )
		{
			message_die(CRITICAL_ERROR, 'Error updating session key', '', __LINE__, __FILE__, $sql);
		}

		// And now rebuild the cookie
		$sessiondata['userid'] = $user_id;
		$sessiondata['autologinid'] = $autologin_id;
		$cookiename = $board_config['cookie_name'];
		$cookiepath = $board_config['cookie_path'];
		$cookiedomain = $board_config['cookie_domain'];
		$cookiesecure = $board_config['cookie_secure'];

		setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
		
		$userdata['session_key'] = $auto_login_key;
		unset($sessiondata);
		unset($auto_login_key);
	}
}



includes/usercp_avatar.php

FIND
Code: Select all
	if ( !preg_match("#^((ht|f)tp://)([^ \?&=\#\"\n\r\t<]*?(\.(jpg|jpeg|gif|png))$)#is", $avatar_filename) )


BEFORE, ADD
Code: Select all
	$avatar_filename = substr($avatar_filename, 0, 100);



includes/usercp_confirm.php

FIND
Code: Select all
	$char = substr($code, -1);


BEFORE, ADD
Code: Select all
	$c = intval($HTTP_GET_VARS['c']);
	$char = substr($code, $c - 1, 1);



includes/usercp_register.php

FIND
Code: Select all
	$signature = str_replace('<br />', "\n", $signature);


REPLACE WITH
Code: Select all
	$signature = (isset($signature)) ? str_replace('<br />', "\n", $signature) : '';
	$signature_bbcode_uid = '';


FIND AND DELETE
Code: Select all
				// Only compare one char if the zlib-extension is not loaded
				if (!@extension_loaded('zlib'))
				{
					$row['code'] = substr($row['code'], -1);
				}


FIND
Code: Select all
				message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql);
			}


AFTER, ADD
Code: Select all
			// We remove all stored login keys since the password has been updated
			// and change the current one (if applicable)
			if ( !empty($passwd_sql) )
			{
				session_reset_keys($user_id, $user_ip);
			}


FIND
Code: Select all
	$email = stripslashes($email);


AFTER, ADD
Code: Select all
	$cur_password = '';


FIND
Code: Select all
	$email = $userdata['user_email'];


AFTER, ADD
Code: Select all
	$cur_password = '';


FIND
Code: Select all
		$confirm_chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J',  'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T',  'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9');

		list($usec, $sec) = explode(' ', microtime()); 
		mt_srand($sec * $usec); 

		$max_chars = count($confirm_chars) - 1;
		$code = '';
		for ($i = 0; $i < 6; $i++)
		{
			$code .= $confirm_chars[mt_rand(0, $max_chars)];
		}


REPLACE WITH
Code: Select all
		// Generate the required confirmation code
		// NB 0 (zero) could get confused with O (the letter) so we make change it
		$code = dss_rand();
		$code = strtoupper(str_replace('0', 'o', substr($code, 6)));


FIND
Code: Select all
		'USERNAME' => $username,
		'CUR_PASSWORD' => $cur_password,
		'NEW_PASSWORD' => $new_password,
		'PASSWORD_CONFIRM' => $password_confirm,
		'EMAIL' => $email,


REPLACE WITH
Code: Select all
		'USERNAME' => isset($username) ? $username : '',
		'CUR_PASSWORD' => isset($cur_password) ? $cur_password : '',
		'NEW_PASSWORD' => isset($new_password) ? $new_password : '',
		'PASSWORD_CONFIRM' => isset($password_confirm) ? $password_confirm : '',
		'EMAIL' => isset($email) ? $email : '',



index.php

FIND
Code: Select all
while( $category_rows[] = $db->sql_fetchrow($result) );


REPLACE WITH
Code: Select all
while ($row = $db->sql_fetchrow($result))
{
	$category_rows[] = $row;
}


FIND
Code: Select all
	//
	// Okay, let's build the index
	//


BEFORE, ADD
Code: Select all
	//
	// Let's decide which categories we should display
	//
	$display_categories = array();

	for ($i = 0; $i < $total_forums; $i++ )
	{
		if ($is_auth_ary[$forum_data[$i]['forum_id']]['auth_view'])
		{
			$display_categories[$forum_data[$i]['cat_id']] = true;
		}
	}


FIND AND DELETE
Code: Select all
		// Should we display this category/forum set?
		//
		$display_forums = false;
		for($j = 0; $j < $total_forums; $j++)
		{
			if ( $is_auth_ary[$forum_data[$j]['forum_id']]['auth_view'] && $forum_data[$j]['cat_id'] == $cat_id )
			{
				$display_forums = true;
			}
		}

		//


FIND
Code: Select all
		if ( $display_forums )


REPLACE WITH
Code: Select all
		if (isset($display_categories[$cat_id]) && $display_categories[$cat_id])



language/lang_english/email/group_request.tpl

FIND
Code: Select all
A user has requested to join a group you moderator on {SITENAME}.


REPLACE WITH
Code: Select all
A user has requested to join a group you moderate on {SITENAME}.



language/lang_english/email/user_activate_passwd.tpl

FIND
Code: Select all
If sucessful you will be able to login using the following password:


REPLACE WITH
Code: Select all
If successful you will be able to login using the following password:



language/lang_english/lang_admin.php

FIND
Code: Select all
$lang['Autologin_time_explain'] = 'How long a autologin key is valid for in days if the user does not visit the board. Set to zero to disable expiry.';


AFTER, ADD
Code: Select all
// Search Flood Control - added 2.0.20
$lang['Search_Flood_Interval'] = 'Search Flood Interval';
$lang['Search_Flood_Interval_explain'] = 'Number of seconds a user must wait between search requests'; 


FIND
Code: Select all
$lang['Click_return_smileadmin'] = 'Click %sHere%s to return to Smiley Administration';


AFTER, ADD
Code: Select all
$lang['Confirm_delete_smiley'] = 'Are you sure you want to delete this Smiley?';


FIND
Code: Select all
$lang['Click_return_wordadmin'] = 'Click %sHere%s to return to Word Censor Administration';


AFTER, ADD
Code: Select all
$lang['Confirm_delete_word'] = 'Are you sure you want to delete this word censor?';



language/lang_english/lang_main.php

FIND
Code: Select all
$lang['Found_search_matches'] = 'Search found %d matches'; // eg. Search found 24 matches


AFTER, ADD
Code: Select all
$lang['Search_Flood_Error'] = 'You cannot make another search so soon after your last; please try again in a short while.';



login.php

FIND
Code: Select all
				if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $board_config['max_login_attempts'] && 
					$row['user_last_login_try'] >= (time() - ($board_config['login_reset_time'] * 60)) && $row['user_login_tries'] >= $board_config['max_login_attempts'])


REPLACE WITH
Code: Select all
				if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $board_config['max_login_attempts'] && 
					$row['user_last_login_try'] >= (time() - ($board_config['login_reset_time'] * 60)) && $row['user_login_tries'] >= $board_config['max_login_attempts'] && $userdata['user_level'] != ADMIN)


FIND
Code: Select all
				else
				{
					// Save login tries and last login


REPLACE WITH
Code: Select all
				// Only store a failed login attempt for an active user - inactive users can't login even with a correct password
				elseif( $row['user_active'] )
				{
					// Save login tries and last login



memberlist.php

FIND
Code: Select all
		$search_img = '<a href="' . $temp_url . '"><img src="' . $images['icon_search'] . '" alt="' . $lang['Search_user_posts'] . '" title="' . $lang['Search_user_posts'] . '" border="0" /></a>';
		$search = '<a href="' . $temp_url . '">' . $lang['Search_user_posts'] . '</a>';


REPLACE WITH
Code: Select all
		$search_img = '<a href="' . $temp_url . '"><img src="' . $images['icon_search'] . '" alt="' . sprintf($lang['Search_user_posts'], $username) . '" title="' . sprintf($lang['Search_user_posts'], $username) . '" border="0" /></a>';
		$search = '<a href="' . $temp_url . '">' . sprintf($lang['Search_user_posts'], $username) . '</a>';



modcp.php

FIND
Code: Select all
			include($phpbb_root_path . 'includes/functions_search.'.$phpEx);


BEFORE, ADD
Code: Select all
  			if ( empty($HTTP_POST_VARS['topic_id_list']) && empty($topic_id) )
			{
				message_die(GENERAL_MESSAGE, $lang['None_selected']);
			}



FIND
Code: Select all
			$sql = "SELECT poster_id, COUNT(post_id) AS posts 
				FROM " . POSTS_TABLE . " 
				WHERE topic_id IN ($topic_id_sql) 


BEFORE, ADD
Code: Select all
			if ( $topic_id_sql == '')
			{
				message_die(GENERAL_MESSAGE, $lang['None_selected']);
			}


FIND
Code: Select all
			$sql = "SELECT post_id, poster_id, topic_id, post_time
				FROM " . POSTS_TABLE . "
				WHERE post_id IN ($post_id_sql) 


BEFORE, ADD
Code: Select all
			if ($post_id_sql == '')
			{
				message_die(GENERAL_MESSAGE, $lang['None_selected']);
			}


FIND
Code: Select all
		$ip_this_post = ( $rdns_ip_num == $ip_this_post ) ? gethostbyaddr($ip_this_post) : $ip_this_post;


REPLACE WITH
Code: Select all
		$ip_this_post = ( $rdns_ip_num == $ip_this_post ) ? htmlspecialchars(gethostbyaddr($ip_this_post)) : $ip_this_post;


FIND
Code: Select all
				$ip = ( $rdns_ip_num == $row['poster_ip'] || $rdns_ip_num == 'all') ? gethostbyaddr($ip) : $ip;


REPLACE WITH
Code: Select all
				$ip = ( $rdns_ip_num == $row['poster_ip'] || $rdns_ip_num == 'all') ? htmlspecialchars(gethostbyaddr($ip)) : $ip;



posting.php

FIND
Code: Select all
				$poll_options[$option_id] = htmlspecialchars(trim(stripslashes($option_text)));


REPLACE WITH
Code: Select all
				$poll_options[intval($option_id)] = htmlspecialchars(trim(stripslashes($option_text)));



privmsg.php

FIND
Code: Select all
		$privmsg_subject = trim(strip_tags($HTTP_POST_VARS['subject']));


REPLACE WITH
Code: Select all
		$privmsg_subject = trim(htmlspecialchars($HTTP_POST_VARS['subject']));


FIND
Code: Select all
			message_die(GENERAL_ERROR, "Could not insert/update private message sent text.", "", __LINE__, __FILE__, $sql_info);


REPLACE WITH
Code: Select all
			message_die(GENERAL_ERROR, "Could not insert/update private message sent text.", "", __LINE__, __FILE__, $sql);


FIND
Code: Select all
		$privmsg_subject = ( isset($HTTP_POST_VARS['subject']) ) ? trim(strip_tags(stripslashes($HTTP_POST_VARS['subject']))) : '';


REPLACE WITH
Code: Select all
		$privmsg_subject = ( isset($HTTP_POST_VARS['subject']) ) ? trim(htmlspecialchars(stripslashes($HTTP_POST_VARS['subject']))) : '';


FIND
Code: Select all
			$privmsg_subject = ( ( !preg_match('/^Re:/', $privmsg['privmsgs_subject']) ) ? 'Re: ' : '' ) . $privmsg['privmsgs_subject'];


BEFORE, ADD
Code: Select all
			$orig_word = $replacement_word = array();
			obtain_word_list($orig_word, $replace_word);


FIND
Code: Select all
			$to_username = $privmsg['username'];
			$to_userid = $privmsg['user_id'];


BEFORE, ADD
Code: Select all
			$privmsg_subject = preg_replace($orig_word, $replacement_word, $privmsg_subject);


FIND
Code: Select all
				$privmsg_message = preg_replace('#</textarea>#si', '&lt;/textarea&gt;', $privmsg_message);


AFTER, ADD
Code: Select all
				$privmsg_message = preg_replace($orig_word, $replacement_word, $privmsg_message);


FIND AND DELETE
Code: Select all
	$privmsg_subject = preg_replace($html_entities_match, $html_entities_replace, $privmsg_subject);
	$privmsg_subject = str_replace('"', '&quot;', $privmsg_subject);



profile.php

FIND
Code: Select all
	$chars = array( 'a', 'A', 'b', 'B', 'c', 'C', 'd', 'D', 'e', 'E', 'f', 'F', 'g', 'G', 'h', 'H', 'i', 'I', 'j', 'J',  'k', 'K', 'l', 'L', 'm', 'M', 'n', 'N', 'o', 'O', 'p', 'P', 'q', 'Q', 'r', 'R', 's', 'S', 't', 'T',  'u', 'U', 'v', 'V', 'w', 'W', 'x', 'X', 'y', 'Y', 'z', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0');
	
	$max_chars = count($chars) - 1;
	srand( (double) microtime()*1000000);
	
	$rand_str = '';
	for($i = 0; $i < 8; $i++)
	{
		$rand_str = ( $i == 0 ) ? $chars[rand(0, $max_chars)] : $rand_str . $chars[rand(0, $max_chars)];
	}

	return ( $hash ) ? md5($rand_str) : $rand_str;


REPLACE WITH
Code: Select all
	$rand_str = dss_rand();

	return ( $hash ) ? md5($rand_str) : substr($rand_str, 8);



search.php

FIND
Code: Select all
	$limiter = 5000;


AFTER, ADD
Code: Select all
	$current_time = time();


FIND
Code: Select all
	if ( $search_id == 'newposts' || $search_id == 'egosearch' || $search_id == 'unanswered' || $search_keywords != '' || $search_author != '' )
	{


AFTER, ADD
Code: Select all
		//
		// Flood control
		//
		$where_sql = ($userdata['user_id'] == ANONYMOUS) ? "se.session_ip = '$user_ip'" : 'se.session_user_id = ' . $userdata['user_id'];
		$sql = 'SELECT MAX(sr.search_time) AS last_search_time
			FROM ' . SEARCH_TABLE . ' sr, ' . SESSIONS_TABLE . " se
			WHERE sr.session_id = se.session_id
				AND $where_sql";
		if ($result = $db->sql_query($sql))
		{
			if ($row = $db->sql_fetchrow($result))
			{
				if (intval($row['last_search_time']) > 0 && ($current_time - intval($row['last_search_time'])) < intval($board_config['search_flood_interval']))
				{
					message_die(GENERAL_MESSAGE, $lang['Search_Flood_Error']);
				}
			}
		}


FIND
Code: Select all
				if (preg_match('#^[\*%]+$#', trim($search_author)) || preg_match('#^[^\*]{1,2}$#', str_replace(array('*', '%'), '', trim($search_author))))


REPLACE WITH
Code: Select all
				$search_author = str_replace('*', '%', trim($search_author));

				if( ( strpos($search_author, '%') !== false ) && ( strlen(str_replace('%', '', $search_author)) < 3 ) )


FIND AND DELETE
Code: Select all
				$search_author = str_replace('*', '%', trim($search_author));


FIND
Code: Select all
			if (preg_match('#^[\*%]+$#', trim($search_author)) || preg_match('#^[^\*]{1,2}$#', str_replace(array('*', '%'), '', trim($search_author))))


REPLACE WITH
Code: Select all
			$search_author = str_replace('*', '%', trim($search_author));

			if( ( strpos($search_author, '%') !== false ) && ( strlen(str_replace('%', '', $search_author)) < 3 ) )


FIND AND DELETE
Code: Select all
			$search_author = str_replace('*', '%', trim(str_replace("\'", "''", $search_author)));


FIND
Code: Select all
		// Finish building query (for all combinations)
		// and run it ...
		//
		$sql = "SELECT session_id 
			FROM " . SESSIONS_TABLE;
		if ( $result = $db->sql_query($sql) )
		{
			$delete_search_ids = array();
			while( $row = $db->sql_fetchrow($result) )
			{
				$delete_search_ids[] = "'" . $row['session_id'] . "'";
			}

			if ( count($delete_search_ids) )
			{
				$sql = "DELETE FROM " . SEARCH_TABLE . " 
					WHERE session_id NOT IN (" . implode(", ", $delete_search_ids) . ")";
				if ( !$result = $db->sql_query($sql) )
				{
					message_die(GENERAL_ERROR, 'Could not delete old search id sessions', '', __LINE__, __FILE__, $sql);
				}
			}


REPLACE WITH
Code: Select all
		// Delete old data from the search result table
		//
		$sql = 'DELETE FROM ' . SEARCH_TABLE . '
			WHERE search_time < ' . ($current_time - (int) $board_config['session_length']);
		if ( !$result = $db->sql_query($sql) )
		{
			message_die(GENERAL_ERROR, 'Could not delete old search id sessions', '', __LINE__, __FILE__, $sql);


FIND
Code: Select all
			SET search_id = $search_id, search_array = '" . str_replace("\'", "''", $result_array) . "'
			WHERE session_id = '" . $userdata['session_id'] . "'";
		if ( !($result = $db->sql_query($sql)) || !$db->sql_affectedrows() )
		{
			$sql = "INSERT INTO " . SEARCH_TABLE . " (search_id, session_id, search_array) 
				VALUES($search_id, '" . $userdata['session_id'] . "', '" . str_replace("\'", "''", $result_array) . "')";


REPLACE WITH
Code: Select all
			SET search_id = $search_id, search_time = $current_time, search_array = '" . str_replace("\'", "''", $result_array) . "'
			WHERE session_id = '" . $userdata['session_id'] . "'";
		if ( !($result = $db->sql_query($sql)) || !$db->sql_affectedrows() )
		{
			$sql = "INSERT INTO " . SEARCH_TABLE . " (search_id, session_id, search_time, search_array) 
				VALUES($search_id, '" . $userdata['session_id'] . "', $current_time, '" . str_replace("\'", "''", $result_array) . "')";



templates/subSilver/admin/board_config_body.tpl

FIND
Code: Select all
		<td class="row2"><input class="post" type="text" size="3" maxlength="4" name="flood_interval" value="{FLOOD_INTERVAL}" /></td>
	</tr>


AFTER, ADD
Code: Select all
	<tr>
		<td class="row1">{L_SEARCH_FLOOD_INTERVAL} <br /><span class="gensmall">{L_SEARCH_FLOOD_INTERVAL_EXPLAIN}</span></td>
		<td class="row2"><input class="post" type="text" size="3" maxlength="4" name="search_flood_interval" value="{SEARCH_FLOOD_INTERVAL}" /></td>
	</tr>



templates/subSilver/confirm_body.tpl

FIND
Code: Select all
		<th class="thHead" height="25" valign="middle"><span class="tableTitle">{MESSAGE_TITLE}</span></th>


REPLACE WITH
Code: Select all
		<th class="thHead" height="25" valign="middle">{MESSAGE_TITLE}</th>
User avatar
Thoul
Admin/Webmaster
 
Posts: 18551
Joined: July 30th 2002, 11:30 am
Location: USA

Postby Thoul » April 10th 2006, 3:50 pm

templates/subSilver/admin/confirm_body.tpl
phpBB 2.0.20 adds deletion confirmation for smilies, ranks and word censors. As part of this, a new template file is created and is called templates/subSilver/admin/confirm_body.tpl. This file is a duplicate of templates/subSilver/confirm_body.tpl. After completing the steps above, copy your forum's templates/subSilver/confirm_body.tpl file to templates/subSilver/admin/confirm_body.tpl. Take care that you do not delete templates/subSilver/confirm_body.tpl, just make a copy of it.
User avatar
Thoul
Admin/Webmaster
 
Posts: 18551
Joined: July 30th 2002, 11:30 am
Location: USA


Return to phpBB 2: Fixes and Code Changes

Who is online

Users browsing this forum: No registered users and 0 guests