phpBBHacks.com - phpBB 2.0.2 to 2.0.3 Code Changes
Talk martial arts at KarateForums.com
StatsForums Home   RegisterRegister   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in
FAQFAQ   SearchSearch   MemberlistMemberlist   TutorialsTutorials   ContactContact Us
Username:    Password:
Remember Me?        I Lost My Password!
Bookmark and Share
Post new topic   Reply to topic    phpBBHacks.com Support Forums Forum Index -> phpBB 2: Fixes and Code Changes
 See a User Guidelines violation? Please contact us.
Author Message

Acyd Burn
Consultant

Joined: 19 Apr 2002
Posts: 650
Location: Germany (Oldb)
PostPosted: December 7th 2002, 6:41 am    Post subject: phpBB 2.0.2 to 2.0.3 Code Changes Reply with quote
These are the code changes made from phpBB 2.0.2 to phpBB 2.0.3. This might be very helpful if you want to update your board and have installed a bunch of hacks. It is normally easier to do this as opposed to reinstalling all of your hacks.

When you find a 'AFTER, ADD'-Statement, the code has to be added after the last line quoted in the 'FIND'-Statement.
When you find a 'REPLACE WITH'-Statement, the code quoted in the 'FIND'-Statement has to be replaced completely with the quoted code in the 'REPLACE WITH'-Statement.
When you find a 'DELETE'-Statement, the code has to be deleted.

After you have finish this tutorial, you have to upload the file update_to_203.php, execute it and then delete it from your webspace.

Ok, lets start:

  • update_to_203.php

This file was added since phpBB 2.0.2, so no changes here, just a new file.
And you have to run it after (or before) changing the relevant phpBB 2 Files.



  • login.php

One security fix in login.php.



  1. A security fix for redirecting to URL's, some unwanted characters are filtered out now.

    FIND - Line 178
    Code:

             if( preg_match("/^redirect=(.*)$/si", $forward_to, $forward_matches) )


    REPLACE WITH
    Code:

             if( preg_match("/^redirect=([a-z0-9\.#\/\?&=\+\-_]+)/si", $forward_to, $forward_matches) )



  • db/msaccess.php

The changes within this file are only relevant if you use a MS Access database with phpBB 2.
The phpBB Group hopes that these changes will fix some issues with MS Access databases.



  1. Changed the outer row offset / Added it to the odbc_fetch_row function.

    FIND - Line 140
    Code:

                   while( odbc_fetch_row($this->result) && $row_outer < $row_outer_max )


    REPLACE WITH
    Code:

                   while( odbc_fetch_row($this->result, $row_outer) && $row_outer < $row_outer_max )



  • includes/page_header.php

Fixed potential SQL rewrite issue.



  1. Int-valed Forum Id, Fixed potential SQL rewrite issue.

    FIND - Line 88
    Code:

    $user_forum_sql = ( !empty($forum_id) ) ? "AND s.session_page = $forum_id" : '';


    REPLACE WITH
    Code:

    $user_forum_sql = ( !empty($forum_id) ) ? "AND s.session_page = " . intval($forum_id) : '';



  • includes/usercp_register.php

Fixed potential cross-site scripting vulnerability with avatars.



  1. Remove HTML commands out of the Local Avatar Assignment.

    FIND - Line 166
    Code:

       $user_avatar_local = ( isset($HTTP_POST_VARS['avatarselect']) && !empty($HTTP_POST_VARS['submitavatar']) && $board_config['allow_avatar_local'] ) ? $HTTP_POST_VARS['avatarselect'] : ( ( isset($HTTP_POST_VARS['avatarlocal'])  ) ? $HTTP_POST_VARS['avatarlocal'] : '' );


    REPLACE WITH
    Code:

       $user_avatar_local = ( isset($HTTP_POST_VARS['avatarselect']) && !empty($HTTP_POST_VARS['submitavatar']) && $board_config['allow_avatar_local'] ) ? $HTTP_POST_VARS['avatarselect'] : ( ( isset($HTTP_POST_VARS['avatarlocal'])  ) ? htmlspecialchars($HTTP_POST_VARS['avatarlocal']) : '' );



  2. The same with the Remote Avatar Assignment.

    FIND - Line 168
    Code:

       $user_avatar_remoteurl = ( !empty($HTTP_POST_VARS['avatarremoteurl']) ) ? trim($HTTP_POST_VARS['avatarremoteurl']) : '';


    REPLACE WITH
    Code:

       $user_avatar_remoteurl = ( !empty($HTTP_POST_VARS['avatarremoteurl']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['avatarremoteurl'])) : '';




Have fun with your updated phpBB.
_________________
How to Report Bugs Effectively | How To Ask Questions The Smart Way
Attachment Mod User Guide
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    phpBBHacks.com Support Forums Forum Index -> phpBB 2: Fixes and Code Changes All times are GMT - 6 Hours
Page 1 of 1
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Links: Big Message Boards - Free JavaScript - phpBB2 - phpbb styles - Suporte phpBB - phpBB Česky - phpBB Turkiye - phpBBArabia.com - phpBB-fr.com - Romanian phpBB online community - phpBB-TW.net - phpBBservice.nl - phpBB Brasil - phpBB Portugal - phpBBpersian.com

Network: iFroggy Hosting - PhotoshopForums.com - Managing Online Forums - ManagingCommunities.com - CommunityAdmins.com - KarateForums.com - Bad Boy Blog - SodaRatings.com - Patrick O'Keefe

< Advertising - Contact Us - Disclosure Policy - Staff - User Guidelines >

Copyright © 2001-2012. iFroggy Network, phpBBHacks.com. All Rights Reserved. Privacy Policy. We Support phpBBHacks.com (of course!).
Powered by phpBB © phpBB Group. phpBB SEO. We are in no way affiliated with the phpBB Group. phpBB is copyright to the phpBB Group.