phpBBHacks.com • phpBB 2.0.6 to 2.0.7 Code Changes : phpBB 2: Fixes and Code Changes

Get Photoshop help and share your work at PhotoshopForums.com

Skip to content

phpBB 2.0.6 to 2.0.7 Code Changes

13 posts • Page 1 of 2 • 1, 2

phpBB 2.0.6 to 2.0.7 Code Changes

by Thoul » March 14th 2004, 6:06 am

HTML Version.
Text Version.

These are the code changes introduced between phpBB 2.0.6 and phpBB 2.0.7. If you have installed many hacks on a forum, but wish to update it, these may help you. It is often easier to apply code changes such as these instead of replacing and rehacking your current files.

There were several security updates made to phpBB 2.0.6 after it's initial release. The last version of phpBB 2.0.6, called 2.0.6d, included all of those changes and was released shortly before 2.0.7. phpBB 2.0.7 includes all of these changes and a few new ones. Since these are the code changes from 2.0.6 to 2.0.7, all the changes are listed here. If you are interested in only the changes between 2.0.6d and 2.0.7, a separate tutorial is available for that.

These code changes use the following instruction labels:
FIND - This indicates lines of code you should locate. Changes will be made in reference to this code.
REPLACE WITH - This code should completely replace the code in the preceding FIND instruction.
AFTER, ADD - The code in this instruction should be added on a new line after last line of code in the preceding FIND instruction.
FIND AND DELETE - Locate the code in this instruction as with a FIND statement, and then delete the code.

Once you have completed the code changes, create an install/ directory in your forum's root directory, and upload the update_to_207.php file that comes in any phpBB 2.0.7 download to the install/ directory. Run update_to_207.php by opening it via your web browser, just as you would a normal forum page. Afterward, deleting the file and the install/ directory so that your forum is accessible again.

Now, onward to the file changes!

Thoul: Admin/Webmaster; Posts: 18127; Joined: July 30th 2002, 11:30 am; Location: USA

by Thoul » March 14th 2004, 6:07 am

includes/page_header.php
Although this file is included in the changed files package from phpBB.com, there are no significant changes in the file. Only the $Id line near the top has changed. You do not need to edit or replace this file.

groupcp.php
FIND

Code: Select all

	$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];

AFTER, ADD

Code: Select all

	$mode = htmlspecialchars($mode);

FIND

Code: Select all

						$sql_in .= ( ( $sql_in != '' ) ? ', ' : '' ) . $members[$i];

REPLACE WITH

Code: Select all

						$sql_in .= ( ( $sql_in != '' ) ? ', ' : '' ) . intval($members[$i]);

Thoul: Admin/Webmaster; Posts: 18127; Joined: July 30th 2002, 11:30 am; Location: USA

by Thoul » March 14th 2004, 6:09 am

index.php
FIND

Code: Select all

if( !($result = $db->sql_query($sql)) )
{
	message_die(GENERAL_ERROR, 'Could not query categories list', '', __LINE__, __FILE__, $sql);
}

while( $category_rows[] = $db->sql_fetchrow($result) );

AFTER, ADD

Code: Select all

$db->sql_freeresult($result);

FIND

Code: Select all

	while( $row = $db->sql_fetchrow($result) )
	{
		$forum_data[] = $row;
	}

AFTER, ADD

Code: Select all

	$db->sql_freeresult($result);

FIND

Code: Select all

		while( $topic_data = $db->sql_fetchrow($result) )
		{
			$new_topic_data[$topic_data['forum_id']][$topic_data['topic_id']] = $topic_data['post_time'];
		}

AFTER, ADD

Code: Select all

		$db->sql_freeresult($result);

FIND

Code: Select all

	while( $row = $db->sql_fetchrow($result) )
	{
		$forum_moderators[$row['forum_id']][] = '<a href="' . append_sid("profile.$phpEx?mode=viewprofile&amp;" . POST_USERS_URL . "=" . $row['user_id']) . '">' . $row['username'] . '</a>';
	}

AFTER, ADD

Code: Select all

	$db->sql_freeresult($result);

FIND

Code: Select all

	while( $row = $db->sql_fetchrow($result) )
	{
		$forum_moderators[$row['forum_id']][] = '<a href="' . append_sid("groupcp.$phpEx?" . POST_GROUPS_URL . "=" . $row['group_id']) . '">' . $row['group_name'] . '</a>';
	}

AFTER, ADD

Code: Select all

	$db->sql_freeresult($result);

Thoul: Admin/Webmaster; Posts: 18127; Joined: July 30th 2002, 11:30 am; Location: USA

by Thoul » March 14th 2004, 6:09 am

login.php
FIND

Code: Select all

					if( $session_id )
					{
						$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? $HTTP_POST_VARS['redirect'] : "index.$phpEx";
						redirect(append_sid($url, true));
					}

REPLACE WITH

Code: Select all

					if( $session_id )
					{
						$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : "index.$phpEx";
						redirect(append_sid($url, true));
					}

FIND

Code: Select all

				else
				{
					$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? $HTTP_POST_VARS['redirect'] : '';
					$redirect = str_replace('?', '&', $redirect);

					$template->assign_vars(array(

REPLACE WITH

Code: Select all

				else
				{
					$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : '';
					$redirect = str_replace('?', '&', $redirect);

					$template->assign_vars(array(

FIND

Code: Select all

		else
		{
			$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? $HTTP_POST_VARS['redirect'] : "";
			$redirect = str_replace("?", "&", $redirect);

			$template->assign_vars(array(

REPLACE WITH

Code: Select all

		else
		{
			$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : "";
			$redirect = str_replace("?", "&", $redirect);

			$template->assign_vars(array(

FIND

Code: Select all

		if (!empty($HTTP_POST_VARS['redirect']) || !empty($HTTP_GET_VARS['redirect']))
		{
			$url = (!empty($HTTP_POST_VARS['redirect'])) ? $HTTP_POST_VARS['redirect'] : $HTTP_GET_VARS['redirect'];
			redirect(append_sid($url, true));
		}
		else
		{
			redirect(append_sid("index.$phpEx", true));
		}
	}
	else
	{
		$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? $HTTP_POST_VARS['redirect'] : "index.$phpEx";
		redirect(append_sid($url, true));
	}

REPLACE WITH

Code: Select all

		if (!empty($HTTP_POST_VARS['redirect']) || !empty($HTTP_GET_VARS['redirect']))
		{
			$url = (!empty($HTTP_POST_VARS['redirect'])) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : htmlspecialchars($HTTP_GET_VARS['redirect']);
			redirect(append_sid($url, true));
		}
		else
		{
			redirect(append_sid("index.$phpEx", true));
		}
	}
	else
	{
		$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : "index.$phpEx";
		redirect(append_sid($url, true));
	}

Last edited by Thoul on March 25th 2004, 3:30 pm, edited 1 time in total.

Thoul: Admin/Webmaster; Posts: 18127; Joined: July 30th 2002, 11:30 am; Location: USA

by Thoul » March 14th 2004, 6:10 am

memberlist.php
FIND

Code: Select all

		$i++;
	}
	while ( $row = $db->sql_fetchrow($result) );

AFTER, ADD

Code: Select all

	$db->sql_freeresult($result);

FIND

Code: Select all

		$pagination = generate_pagination("memberlist.$phpEx?mode=$mode&amp;order=$sort_order", $total_members, $board_config['topics_per_page'], $start). '&nbsp;';
	}

AFTER, ADD

Code: Select all

	$db->sql_freeresult($result);

modcp.php
FIND

Code: Select all

	$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];

AFTER, ADD

Code: Select all

	$mode = htmlspecialchars($mode);

Thoul: Admin/Webmaster; Posts: 18127; Joined: July 30th 2002, 11:30 am; Location: USA

by Thoul » March 14th 2004, 6:11 am

posting.php
FIND

Code: Select all

		$$var = ( !empty($HTTP_POST_VARS[$param]) ) ? $HTTP_POST_VARS[$param] : $HTTP_GET_VARS[$param];

REPLACE WITH

Code: Select all

		$$var = ( !empty($HTTP_POST_VARS[$param]) ) ? htmlspecialchars($HTTP_POST_VARS[$param]) : htmlspecialchars($HTTP_GET_VARS[$param]);

FIND

Code: Select all

	$post_info = $db->sql_fetchrow($result);

AFTER, ADD

Code: Select all

	$db->sql_freeresult($result);

FIND

Code: Select all

					$poll_results_sum += $row['vote_result'];
				}
				while ( $row = $db->sql_fetchrow($result) );
			}

AFTER, ADD

Code: Select all

			$db->sql_freeresult($result);

FIND

Code: Select all

		$notify_user = ( $db->sql_fetchrow($result) ) ? TRUE : $userdata['user_notify'];

AFTER, ADD

Code: Select all

		$db->sql_freeresult($result);

FIND

Code: Select all

			if ( !($result = $db->sql_query($sql)) )
			{
				message_die(GENERAL_ERROR, 'Could not obtain user vote data for this topic', '', __LINE__, __FILE__, $sql);
			}

			if ( !($row = $db->sql_fetchrow($result)) )

REPLACE WITH

Code: Select all

			if ( !($result2 = $db->sql_query($sql)) )
			{
				message_die(GENERAL_ERROR, 'Could not obtain user vote data for this topic', '', __LINE__, __FILE__, $sql);
			}

			if ( !($row = $db->sql_fetchrow($result2)) )

FIND

Code: Select all

				$message = $lang['Already_voted'];
			}
		}
		else
		{
			$message = $lang['No_vote_option'];
		}

REPLACE WITH

Code: Select all

				$message = $lang['Already_voted'];
			}
			$db->sql_freeresult($result2);
		}
		else
		{
			$message = $lang['No_vote_option'];
		}
		$db->sql_freeresult($result);

Thoul: Admin/Webmaster; Posts: 18127; Joined: July 30th 2002, 11:30 am; Location: USA

by Thoul » March 14th 2004, 6:12 am

privmsg.php
FIND

Code: Select all

	$folder = ( isset($HTTP_POST_VARS['folder']) ) ? $HTTP_POST_VARS['folder'] : $HTTP_GET_VARS['folder'];

AFTER, ADD

Code: Select all

	$folder = htmlspecialchars($folder);

FIND AND DELETE

Code: Select all

// session id check
if (!empty($HTTP_POST_VARS['sid']) || !empty($HTTP_GET_VARS['sid']))
{
	$sid = (!empty($HTTP_POST_VARS['sid'])) ? $HTTP_POST_VARS['sid'] : $HTTP_GET_VARS['sid'];
}
else
{
	$sid = '';
}

FIND

Code: Select all

	$mode = ( !empty($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];

AFTER, ADD

Code: Select all

	$mode = htmlspecialchars($mode);

Thoul: Admin/Webmaster; Posts: 18127; Joined: July 30th 2002, 11:30 am; Location: USA

by Thoul » March 14th 2004, 6:13 am

search.php
FIND

Code: Select all

		if ( intval($search_id) )

REPLACE WITH

Code: Select all

		$search_id = intval($search_id);
		if ( $search_id )

viewforum.php
FIND

Code: Select all

	$topic_days = ( !empty($HTTP_POST_VARS['topicdays']) ) ? $HTTP_POST_VARS['topicdays'] : $HTTP_GET_VARS['topicdays'];

REPLACE WITH

Code: Select all

	$topic_days = ( !empty($HTTP_POST_VARS['topicdays']) ) ? intval($HTTP_POST_VARS['topicdays']) : intval($HTTP_GET_VARS['topicdays']);

Thoul: Admin/Webmaster; Posts: 18127; Joined: July 30th 2002, 11:30 am; Location: USA

by Thoul » March 14th 2004, 6:13 am

viewtopic.php
FIND

Code: Select all

	$post_days = ( !empty($HTTP_POST_VARS['postdays']) ) ? $HTTP_POST_VARS['postdays'] : $HTTP_GET_VARS['postdays'];

REPLACE WITH

Code: Select all

	$post_days = ( !empty($HTTP_POST_VARS['postdays']) ) ? intval($HTTP_POST_VARS['postdays']) : intval($HTTP_GET_VARS['postdays']);

FIND

Code: Select all

	$post_order = (!empty($HTTP_POST_VARS['postorder'])) ? $HTTP_POST_VARS['postorder'] : $HTTP_GET_VARS['postorder'];

REPLACE WITH

Code: Select all

	$post_order = (!empty($HTTP_POST_VARS['postorder'])) ? htmlspecialchars($HTTP_POST_VARS['postorder']) : htmlspecialchars($HTTP_GET_VARS['postorder']);

Thoul: Admin/Webmaster; Posts: 18127; Joined: July 30th 2002, 11:30 am; Location: USA

by Thoul » March 14th 2004, 6:14 am

includes/auth.php:
FIND

Code: Select all

					$u_access[$row['forum_id']][] = $row;
				}
			}
			while( $row = $db->sql_fetchrow($result) );
		}

AFTER, ADD

Code: Select all

		$db->sql_freeresult($result);

Thoul: Admin/Webmaster; Posts: 18127; Joined: July 30th 2002, 11:30 am; Location: USA

13 posts • Page 1 of 2 • 1, 2

Return to phpBB 2: Fixes and Code Changes

Jump to:

Who is online

Users browsing this forum: No registered users and 0 guests