Managing Online Forums, a manual for the community admin

Bookmark and Share

phpBB 2.0.20 to 2.0.21 Code Changes

phpBB 2.0.20 to 2.0.21 Code Changes

Postby Thoul » June 16th 2006, 3:31 pm

HTML Version.
TXT Version.

These are the code changes introduced between phpBB 2.0.20 and phpBB 2.0.21. If you have installed many hacks on a forum, but wish to update it, these may help you. It is often easier to apply code changes such as these instead of replacing and rehacking your current files.

These code changes use the following instruction labels:
filename - The name of a file to be edited. Equivalent to an OPEN action in a hack or modification.
FIND - This indicates lines of code you should locate. Changes will be made in reference to this code.
REPLACE WITH - This code should completely replace the code in the preceding FIND instruction.
AFTER, ADD - The code in this instruction should be added on a new line after the last line of code in the preceding FIND instruction.
BEFORE, ADD - The code in this instruction should be added on a new line before the first line of code in the preceding FIND instruction.
FIND AND DELETE - Locate the code in this instruction as with a FIND statement, and then delete the code.
INLINE - This will always precede one of the other labels. An example would be INLINE FIND. INLINE labels work in the same way as the normal labels, with the exception that they operate on a smaller portion of a specific line referenced in the previous FIND instruction. Any new code added in an INLINE instruction should be placed on the same line, instead of on a new line.

Once you have completed the code changes, create an install/ directory in your forum's root directory, and upload the update_to_latest.php file that comes in any phpBB 2.0.21 download to the install/ directory. Run update_to_latest.php by opening it via your web browser, just as you would a normal forum page. Afterward, delete the file and the install/ directory so that your forum is accessible again.

Now, onward to the file changes!

admin/admin_ranks.php

FIND
Code: Select all
require($phpbb_root_path . 'extension.inc');


AFTER, ADD
Code: Select all
$cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? true : false;
$no_page_header = $cancel;


FIND
Code: Select all
require('./pagestart.' . $phpEx);


AFTER, ADD
Code: Select all
if ($cancel)
{
	redirect('admin/' . append_sid("admin_ranks.$phpEx", true));
}



admin/admin_smilies.php

FIND
Code: Select all
require($phpbb_root_path . 'extension.inc');


AFTER, ADD
Code: Select all
$cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? true : false;
$no_page_header = $cancel;


FIND
Code: Select all
require('./pagestart.' . $phpEx);


AFTER, ADD
Code: Select all
if ($cancel)
{
	redirect('admin/' . append_sid("admin_smilies.$phpEx", true));
}



admin/admin_styles.php

FIND
Code: Select all
				"confirm" => "confirm_body.tpl")


REPLACE WITH
Code: Select all
				"confirm" => "admin/confirm_body.tpl")




admin/admin_words.php

FIND
Code: Select all
require($phpbb_root_path . 'extension.inc');


AFTER, ADD
Code: Select all
$cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? true : false;
$no_page_header = $cancel;


FIND
Code: Select all
require('./pagestart.' . $phpEx);


AFTER, ADD
Code: Select all
if ($cancel)
{
	redirect('admin/' . append_sid("admin_words.$phpEx", true));
}



common.php

FIND
Code: Select all
		if (!in_array($var, $not_unset))
		{
			unset($$var);
		}


REPLACE WITH
Code: Select all
		if (in_array($var, $not_unset))
		{
			die('Hacking attempt!');
		}
		unset($$var);




login.php

FIND
Code: Select all
					
					$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : '';
					$redirect = str_replace('?', '&', $redirect);

					if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r"))
					{
						message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
					}

					$template->assign_vars(array(
						'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">")
					);

					$message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . '<br /><br />' .  sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');

					message_die(GENERAL_MESSAGE, $message);
				}


REPLACE WITH
Code: Select all
				}

				$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&amp;', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : '';
				$redirect = str_replace('?', '&', $redirect);

				if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r"))
				{
					message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
				}

				$template->assign_vars(array(
					'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">")
				);

				$message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . '<br /><br />' .  sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');

				message_die(GENERAL_MESSAGE, $message);




privmsg.php

FIND
Code: Select all
			obtain_word_list($orig_word, $replace_word);


REPLACE WITH
Code: Select all
			obtain_word_list($orig_word, $replacement_word);




profile.php

FIND
Code: Select all
	return ( $hash ) ? md5($rand_str) : substr($rand_str, 8);


REPLACE WITH
Code: Select all
	return ( $hash ) ? md5($rand_str) : substr($rand_str, 0, 8);




search.php

FIND
Code: Select all
				if( ( strpos($search_author, '%') !== false ) && ( strlen(str_replace('%', '', $search_author)) < 3 ) )


REPLACE WITH
Code: Select all
				if( ( strpos($search_author, '%') !== false ) && ( strlen(str_replace('%', '', $search_author)) < $board_config['search_min_chars'] ) )


FIND
Code: Select all
				if (preg_match('#^[\*%]+$#', trim($split_search[$i])) || preg_match('#^[^\*]{1,2}$#', str_replace(array('*', '%'), '', trim($split_search[$i]))))



REPLACE WITH
Code: Select all
				if ( strlen(str_replace(array('*', '%'), '', trim($split_search[$i]))) < $board_config['search_min_chars'] )



FIND
Code: Select all
			if( ( strpos($search_author, '%') !== false ) && ( strlen(str_replace('%', '', $search_author)) < 3 ) )


REPLACE WITH
Code: Select all
			if( ( strpos($search_author, '%') !== false ) && ( strlen(str_replace('%', '', $search_author)) < $board_config['search_min_chars'] ) )



viewtopic.php

FIND
Code: Select all
		// This was shamelessly 'borrowed' from volker at multiartstudio dot de
		// via php.net's annotated manual
		$message = str_replace('\"', '"', substr(@preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "@preg_replace('#\b(" . str_replace('\\', '\\\\', addslashes($highlight_match)) . ")\b#i', '<span style=\"color:#" . $theme['fontcolor3'] . "\"><b>\\\\1</b></span>', '\\0')", '>' . $message . '<'), 1, -1));



REPLACE WITH
Code: Select all
		// This has been back-ported from 3.0 CVS
		$message = preg_replace('#(?!<.*)(?<!\w)(' . $highlight_match . ')(?!\w|[^<>]*>)#i', '<b style="color:#'.$theme['fontcolor3'].'">\1</b>', $message);




includes/functions.php

FIND
Code: Select all
	return substr($val, 16);


REPLACE WITH
Code: Select all
	return substr($val, 4, 16);



FIND
Code: Select all
	global $template, $lang, $phpEx, $phpbb_root_path;


REPLACE WITH
Code: Select all
	global $template, $lang, $phpEx, $phpbb_root_path, $db;



FIND
Code: Select all
			$board_config['default_lang'] = $userdata['user_lang'];


REPLACE WITH
Code: Select all
			$default_lang = phpbb_ltrim(basename(phpbb_rtrim($userdata['user_lang'])), "'");


FIND
Code: Select all
			$board_config['board_timezone'] = $userdata['user_timezone'];
		}
	}


AFTER, ADD
Code: Select all
	else
	{
		$default_lang = phpbb_ltrim(basename(phpbb_rtrim($board_config['default_lang'])), "'");
	}


FIND
Code: Select all
	if ( !file_exists(@phpbb_realpath($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_main.'.$phpEx)) )
	{
		$board_config['default_lang'] = 'english';


REPLACE WITH
Code: Select all
	if ( !file_exists(@phpbb_realpath($phpbb_root_path . 'language/lang_' . $default_lang . '/lang_main.'.$phpEx)) )
	{
		if ( $userdata['user_id'] != ANONYMOUS )
		{
			// For logged in users, try the board default language next
			$default_lang = phpbb_ltrim(basename(phpbb_rtrim($board_config['default_lang'])), "'");
		}
		else
		{
			// For guests it means the default language is not present, try english
			// This is a long shot since it means serious errors in the setup to reach here,
			// but english is part of a new install so it's worth us trying
			$default_lang = 'english';
		}

		if ( !file_exists(@phpbb_realpath($phpbb_root_path . 'language/lang_' . $default_lang . '/lang_main.'.$phpEx)) )
		{
			message_die(CRITICAL_ERROR, 'Could not locate valid language pack');
		}
	}

	// If we've had to change the value in any way then let's write it back to the database
	// before we go any further since it means there is something wrong with it
	if ( $userdata['user_id'] != ANONYMOUS && $userdata['user_lang'] !== $default_lang )
	{
		$sql = 'UPDATE ' . USERS_TABLE . "
			SET user_lang = '" . $default_lang . "'
			WHERE user_lang = '" . $userdata['user_lang'] . "'";

		if ( !($result = $db->sql_query($sql)) )
		{
			message_die(CRITICAL_ERROR, 'Could not update user language info');
		}

		$userdata['user_lang'] = $default_lang;
	}
	elseif ( $userdata['user_id'] === ANONYMOUS && $board_config['default_lang'] !== $default_lang )
	{
		$sql = 'UPDATE ' . CONFIG_TABLE . "
			SET config_value = '" . $default_lang . "'
			WHERE config_name = 'default_lang'";

		if ( !($result = $db->sql_query($sql)) )
		{
			message_die(CRITICAL_ERROR, 'Could not update user language info');
	}

	$board_config['default_lang'] = $default_lang;


FIND
Code: Select all
	$sql = "SELECT *
		FROM " . THEMES_TABLE . "
		WHERE themes_id = $style";


REPLACE WITH
Code: Select all
	$sql = 'SELECT *
		FROM ' . THEMES_TABLE . '
		WHERE themes_id = ' . (int) $style;



FIND
Code: Select all
				WHERE themes_id = ' . $board_config['default_style'];


REPLACE WITH
Code: Select all
				WHERE themes_id = ' . (int) $board_config['default_style'];


FIND
Code: Select all
					SET user_style = ' . $board_config['default_style'] . "


REPLACE WITH
Code: Select all
					SET user_style = ' . (int) $board_config['default_style'] . "




includes/functions_post.php

FIND
Code: Select all
			$message .= htmlspecialchars($part) . clean_html($tag);


REPLACE WITH
Code: Select all
			$message .= preg_replace($html_entities_match, $html_entities_replace, $part) . clean_html($tag);


FIND
Code: Select all
		$message = addslashes($message);


AFTER, ADD
Code: Select all
		$message = str_replace('&quot;', '\&quot;', $message);


FIND
Code: Select all
	$sql = "UPDATE " . FORUMS_TABLE . " SET 
		$forum_update_sql 
		WHERE forum_id = $forum_id";
	if (!$db->sql_query($sql))
	{
		message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);


REPLACE WITH
Code: Select all
	if ($mode != 'poll_delete')
	{
		$sql = "UPDATE " . FORUMS_TABLE . " SET 
			$forum_update_sql 
			WHERE forum_id = $forum_id";
		if (!$db->sql_query($sql))
		{
			message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
		}



includes/sessions.php

FIND
Code: Select all
					session_clean($userdata['session_id']);

					setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
					setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure);
				}


AFTER, ADD
Code: Select all
				// Add the session_key to the userdata array if it is set
				if ( isset($sessiondata['autologinid']) && $sessiondata['autologinid'] != '' )
				{
					$userdata['session_key'] = $sessiondata['autologinid'];
				}


FIND
Code: Select all
	global $db, $userdata;


REPLACE WITH
Code: Select all
	global $db, $userdata, $board_config;


FIND
Code: Select all
		$sessiondata['autologinid'] = $autologin_id;


REPLACE WITH
Code: Select all
		$sessiondata['autologinid'] = $auto_login_key;



includes/usercp_avatar.php

FIND
Code: Select all
	if ( $avatar_mode == 'remote' && preg_match('/^(http:\/\/)?([\w\-\.]+)\:?([0-9]*)\/(.*)$/', $avatar_filename, $url_ary) )


REPLACE WITH
Code: Select all
	if ( $avatar_mode == 'remote' && preg_match('/^(http:\/\/)?([\w\-\.]+)\:?([0-9]*)\/([^ \?&=\#\"\n\r\t<]*?(\.(jpg|jpeg|gif|png)))$/', $avatar_filename, $url_ary) )




includes/usercp_confirm.php

FIND
Code: Select all
// If we can we will generate a single filtered png else we will have to simply
// output six seperate original pngs ... first way is preferable!
if (@extension_loaded('zlib'))
{
	$_png = define_filtered_pngs();

	$total_width = 320;
	$total_height = 50;
	$img_height = 40;
	$img_width = 0;
	$l = 0;

	list($usec, $sec) = explode(' ', microtime()); 
	mt_srand($sec * $usec); 

	$char_widths = array();
	for ($i = 0; $i < strlen($code); $i++)
	{
		$char = $code{$i};

		$width = mt_rand(0, 4);
		$char_widths[] = $width;
		$img_width += $_png[$char]['width'] - $width;
	}

	$offset_x = mt_rand(0, $total_width - $img_width);
	$offset_y = mt_rand(0, $total_height - $img_height);

	$image = '';
	$hold_chars = array();
	for ($i = 0; $i < $total_height; $i++)
	{
		$image .= chr(0);

		if ($i > $offset_y && $i < $offset_y + $img_height)
		{
			$j = 0;

			for ($k = 0; $k < $offset_x; $k++)
			{
				$image .= chr(mt_rand(140, 255));
			}

			for ($k = 0; $k < strlen($code); $k++)
			{
				$char = $code{$k};

				if (empty($hold_chars[$char]))
				{
					$hold_chars[$char] = explode("\n", chunk_split(base64_decode($_png[$char]['data']), $_png[$char]['width'] + 1, "\n"));
				}
				$image .= randomise(substr($hold_chars[$char][$l], 1), $char_widths[$j]);
				$j++;
			}

			for ($k = $offset_x + $img_width; $k < $total_width; $k++)
			{
				$image .= chr(mt_rand(140, 255));
			}

			$l++;
		}
		else
		{
			for ($k = 0; $k < $total_width; $k++)
			{
				$image .= chr(mt_rand(140, 255));
			}
		}

	}
	unset($hold);

	$image = create_png(gzcompress($image), $total_width, $total_height);

	// Output image
	header('Content-Type: image/png');
	header('Cache-control: no-cache, no-store');
	echo $image;

	unset($image);
	unset($_png);
	exit;

}
else
{
	$_png = define_raw_pngs();

	$c = intval($HTTP_GET_VARS['c']);
	$char = substr($code, $c - 1, 1);
	
	header('Content-Type: image/png');
	header('Cache-control: no-cache, no-store');
	echo base64_decode($_png[$char]);

	unset($_png);
	exit;
}


REPLACE WITH
Code: Select all
// We can we will generate a single filtered png 
// Thanks to DavidMJ for emulating zlib within the code :)
$_png = define_filtered_pngs();

$total_width = 320;
$total_height = 50;
$img_height = 40;
$img_width = 0;
$l = 0;

list($usec, $sec) = explode(' ', microtime()); 
mt_srand($sec * $usec); 

$char_widths = array();
for ($i = 0; $i < strlen($code); $i++)
{
	$char = $code{$i};

	$width = mt_rand(0, 4);
	$char_widths[] = $width;
	$img_width += $_png[$char]['width'] - $width;
}

$offset_x = mt_rand(0, $total_width - $img_width);
$offset_y = mt_rand(0, $total_height - $img_height);

$image = '';
$hold_chars = array();
for ($i = 0; $i < $total_height; $i++)
{
	$image .= chr(0);

	if ($i > $offset_y && $i < $offset_y + $img_height)
	{
		$j = 0;

		for ($k = 0; $k < $offset_x; $k++)
		{
			$image .= chr(mt_rand(140, 255));
		}

		for ($k = 0; $k < strlen($code); $k++)
		{
			$char = $code{$k};

			if (empty($hold_chars[$char]))
			{
				$hold_chars[$char] = explode("\n", chunk_split(base64_decode($_png[$char]['data']), $_png[$char]['width'] + 1, "\n"));
			}
			$image .= randomise(substr($hold_chars[$char][$l], 1), $char_widths[$j]);
			$j++;
		}

		for ($k = $offset_x + $img_width; $k < $total_width; $k++)
		{
			$image .= chr(mt_rand(140, 255));
		}

		$l++;
	}
	else
	{
		for ($k = 0; $k < $total_width; $k++)
		{
			$image .= chr(mt_rand(140, 255));
		}
	}

}
unset($hold);

$image = create_png($image, $total_width, $total_height);

// Output image
header('Content-Type: image/png');
header('Cache-control: no-cache, no-store');
echo $image;

unset($image);
unset($_png);
exit;


FIND
Code: Select all
function create_png($gzimage, $width, $height)


REPLACE WITH
Code: Select all
function create_png($raw_image, $width, $height)


FIND
Code: Select all
	// IDAT
	$image .= png_chunk(strlen($gzimage), 'IDAT', $gzimage);


REPLACE WITH
Code: Select all
	if (@extension_loaded('zlib'))
	{
		$raw_image = gzcompress($raw_image);
		$length = strlen($raw_image);
	}
	else
	{
		// The total length of this image, uncompressed, is just a calculation of pixels
		$length = ($width + 1) * $height;

		// Adler-32 hash generation
		// Optimized Adler-32 loop ported from the GNU Classpath project
		$temp_length = $length;
		$s1 = 1;
		$s2 = $index = 0;

		while ($temp_length > 0)
		{
			// We can defer the modulo operation:
			// s1 maximally grows from 65521 to 65521 + 255 * 3800
			// s2 maximally grows by 3800 * median(s1) = 2090079800 < 2^31
			$substract_value = ($temp_length < 3800) ? $temp_length : 3800;
			$temp_length -= $substract_value;

			while (--$substract_value >= 0)
			{
				$s1 += ord($raw_image[$index]);
				$s2 += $s1;

				$index++;
			}

			$s1 %= 65521;
			$s2 %= 65521;
		}
		$adler_hash = pack('N', ($s2 << 16) | $s1);

		// This is the same thing as gzcompress($raw_image, 0) but does not need zlib
		$raw_image = pack('C3v2', 0x78, 0x01, 0x01, $length, ~$length) . $raw_image . $adler_hash;

		// The Zlib header + Adler hash make us add on 11
		$length += 11;
	}

	// IDAT
	$image .= png_chunk($length, 'IDAT', $raw_image);



includes/usercp_register.php

FIND
Code: Select all
		$code = strtoupper(str_replace('0', 'o', substr($code, 6)));


REPLACE WITH
Code: Select all
		$code = substr(str_replace('0', 'Z', strtoupper(base_convert($code, 16, 35))), 2, 6);


FIND
Code: Select all
		$confirm_image = (@extension_loaded('zlib')) ? '<img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id") . '" alt="" title="" />' : '<img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id&amp;c=1") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id&amp;c=2") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id&amp;c=3") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id&amp;c=4") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id&amp;c=5") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id&amp;c=6") . '" alt="" title="" />';


REPLACE WITH
Code: Select all
		$confirm_image = '<img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id") . '" alt="" title="" />';
User avatar
Thoul
Admin/Webmaster
 
Posts: 18551
Joined: July 30th 2002, 11:30 am
Location: USA

Return to phpBB 2: Fixes and Code Changes

Who is online

Users browsing this forum: No registered users and 6 guests