Talk martial arts at KarateForums.com

Bookmark and Share

phpBB 2.0.8a to 2.0.9 Code Changes

phpBB 2.0.8a to 2.0.9 Code Changes

Postby Thoul » November 5th 2004, 8:17 am

HTML Version.
Text Version.

These are the code changes introduced between phpBB 2.0.8a and phpBB 2.0.9. If you have installed many hacks on a forum, but wish to update it, these may help you. It is often easier to apply code changes such as these instead of replacing and rehacking your current files.

These code changes use the following instruction labels:
FIND - This indicates lines of code you should locate. Changes will be made in reference to this code.
REPLACE WITH - This code should completely replace the code in the preceding FIND instruction.
AFTER, ADD - The code in this instruction should be added on a new line after last line of code in the preceding FIND instruction.
FIND AND DELETE - Locate the code in this instruction as with a FIND statement, and then delete the code.

Once you have completed the code changes, create an install/ directory in your forum's root directory, and upload the update_to_209.php file that comes in any phpBB 2.0.9 download to the install/ directory. Run update_to_209.php by opening it via your web browser, just as you would a normal forum page. Afterward, delete the file and the install/ directory so that your forum is accessible again.

Now, onward to the file changes!
User avatar
Thoul
Admin/Webmaster
 
Posts: 18551
Joined: July 30th 2002, 11:30 am
Location: USA

Admin file changes

Postby Thoul » November 5th 2004, 8:19 am

admin/admin_board.php
FIND
Code: Select all
		$default_config[$config_name] = $config_value;


REPLACE WITH
Code: Select all
		$default_config[$config_name] = str_replace("'", "\'", $config_value);



admin/index.php
FIND
Code: Select all
			AND u.user_session_time >= " . ( time() - 300 ) . " 


REPLACE WITH
Code: Select all
			AND s.session_time >= " . ( time() - 300 ) . " 
User avatar
Thoul
Admin/Webmaster
 
Posts: 18551
Joined: July 30th 2002, 11:30 am
Location: USA

common.php File Changes

Postby Thoul » November 5th 2004, 8:22 am

common.php
Please Note: The changes to this file disable automatic registering of global variables. This does cause some hacks to stop working.

FIND
Code: Select all
	die("Hacking attempt");
}


AFTER, ADD
Code: Select all
//
function unset_vars(&$var)
{
	while (list($var_name, $null) = @each($var))
	{
		unset($GLOBALS[$var_name]);
	}
	return;
}

//


FIND
Code: Select all
set_magic_quotes_runtime(0); // Disable magic_quotes_runtime


AFTER, ADD
Code: Select all
$ini_val = (@phpversion() >= '4.0.0') ? 'ini_get' : 'get_cfg_var';

// Unset globally registered vars - PHP5 ... hhmmm
if (@$ini_val('register_globals') == '1' || strtolower(@$ini_val('register_globals')) == 'on')
{
	$var_prefix = 'HTTP';
	$var_suffix = '_VARS';
	
	$test = array('_GET', '_POST', '_SERVER', '_COOKIE', '_ENV');

	foreach ($test as $var)
	{
		if (is_array(${$var_prefix . $var . $var_suffix}))
		{
			unset_vars(${$var_prefix . $var . $var_suffix});
		}

		if (is_array(${$var}))
		{
			unset_vars(${$var});
		}
	}

	if (is_array(${'_FILES'}))
	{
		unset_vars(${'_FILES'});
	}

	if (is_array(${'HTTP_POST_FILES'}))
	{
		unset_vars(${'HTTP_POST_FILES'});
	}
}


FIND
Code: Select all
$images = array();
$lang = array();


AFTER, ADD
Code: Select all
$nav_links = array();


FIND
Code: Select all
if( getenv('HTTP_X_FORWARDED_FOR') != '' )
{
	$client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR );

	$entries = explode(',', getenv('HTTP_X_FORWARDED_FOR'));
	reset($entries);
	while (list(, $entry) = each($entries)) 
	{
		$entry = trim($entry);
		if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", $entry, $ip_list) )
		{
			$private_ip = array('/^0\./', '/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.((1[6-9])|(2[0-9])|(3[0-1]))\..*/', '/^10\..*/', '/^224\..*/', '/^240\..*/');
			$found_ip = preg_replace($private_ip, $client_ip, $ip_list[1]);

			if ($client_ip != $found_ip)
			{
				$client_ip = $found_ip;
				break;
			}
		}
	}
}
else
{
	$client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR );
}


REPLACE WITH
Code: Select all
// I'm removing HTTP_X_FORWARDED_FOR ... this may well cause other problems such as
// private range IP's appearing instead of the guilty routable IP, tough, don't
// even bother complaining ... go scream and shout at the idiots out there who feel
// "clever" is doing harm rather than good ... karma is a great thing ... :)
//
$client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR );
User avatar
Thoul
Admin/Webmaster
 
Posts: 18551
Joined: July 30th 2002, 11:30 am
Location: USA

Misc. root level file changes

Postby Thoul » November 5th 2004, 8:24 am

faq.php
FIND
Code: Select all
// End session management
//


AFTER, ADD
Code: Select all
// Set vars to prevent naughtiness
$faq = array();


FIND
Code: Select all
make_jumpbox('viewforum.'.$phpEx, $forum_id);


REPLACE WITH
Code: Select all
make_jumpbox('viewforum.'.$phpEx);



groupcp.php
FIND
Code: Select all
					AND aa.group_id = g.group_id(+)";


REPLACE WITH
Code: Select all
					AND aa.group_id (+) = g.group_id";


FIND
Code: Select all
	// Select all group that the user is a member of or where the user has
	// a pending membership.
	//


AFTER, ADD
Code: Select all
	$in_group = array();


FIND
Code: Select all
		$s_hidden_fields = '';

		$template->assign_vars(array(


REPLACE WITH
Code: Select all
		$s_hidden_fields = '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />';

		$template->assign_vars(array(



index.php
FIND
Code: Select all
	message_die(GENERAL_ERROR, 'Could not query categories list', '', __LINE__, __FILE__, $sql);
}


AFTER, ADD
Code: Select all
$category_rows = array();



memberlist.php
FIND
Code: Select all
			'ROW_NUMBER' => $i + ( $HTTP_GET_VARS['start'] + 1 ),


REPLACE WITH
Code: Select all
			'ROW_NUMBER' => $i + ( $start + 1 ),



modcp.php
FIND
Code: Select all
					'S_FORUM_SELECT' => make_forum_select("new_forum_id", false, $forum_id))
				);

				for($i = 0; $i < $total_posts; $i++)
				{
					$post_id = $postrow[$i]['post_id'];
					$poster_id = $postrow[$i]['user_id'];


REPLACE WITH
Code: Select all
					'S_FORUM_SELECT' => make_forum_select("new_forum_id", false, $forum_id))
				);

				//
				// Define censored word matches
				//
				$orig_word = array();
				$replacement_word = array();
				obtain_word_list($orig_word, $replacement_word);

				for($i = 0; $i < $total_posts; $i++)
				{
					$post_id = $postrow[$i]['post_id'];
					$poster_id = $postrow[$i]['poster_id'];


FIND AND DELETE
Code: Select all
					//
					// Define censored word matches
					//
					$orig_word = array();
					$replacement_word = array();
					obtain_word_list($orig_word, $replacement_word);



posting.php
FIND
Code: Select all
$params = array('submit' => 'post', 'confirm' => 'confirm', 'preview' => 'preview', 'delete' => 'delete', 'poll_delete' => 'poll_delete', 'poll_add' => 'add_poll_option', 'poll_edit' => 'edit_poll_option', 'mode' => 'mode');


REPLACE WITH
Code: Select all
$params = array('submit' => 'post', 'preview' => 'preview', 'delete' => 'delete', 'poll_delete' => 'poll_delete', 'poll_add' => 'add_poll_option', 'poll_edit' => 'edit_poll_option', 'mode' => 'mode');


FIND
Code: Select all
		$$var = '';
	}
}

$params = array('forum_id' => POST_FORUM_URL, 'topic_id' => POST_TOPIC_URL, 'post_id' => POST_POST_URL);


REPLACE WITH
Code: Select all
		$$var = '';
	}
}

$confirm = isset($HTTP_POST_VARS['confirm']) ? true : false;

$params = array('forum_id' => POST_FORUM_URL, 'topic_id' => POST_TOPIC_URL, 'post_id' => POST_POST_URL);
User avatar
Thoul
Admin/Webmaster
 
Posts: 18551
Joined: July 30th 2002, 11:30 am
Location: USA

More misc. root level file changes

Postby Thoul » November 5th 2004, 8:30 am

privmsg.php
FIND
Code: Select all
			$pm_sql_user .= "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . "


REPLACE WITH
Code: Select all
			$pm_sql_user = "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . "


FIND
Code: Select all
	$temp_url = append_sid("privmsg.$phpEx?mode=post&amp;" . POST_USERS_URL . "=$poster_id");


REPLACE WITH
Code: Select all
	$temp_url = append_sid("privmsg.$phpEx?mode=post&amp;" . POST_USERS_URL . "=$user_id_from");


FIND
Code: Select all
							OR privmsgs_type = " . PRIVMSGS_UNERAD_MAIL . " ) ";


REPLACE WITH
Code: Select all
							OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " ) ";


FIND
Code: Select all
$post_new_mesg_url = '<a href="' . append_sid("privmsg.$phpEx?mode=post") . '"><img src="' . $images['post_new'] . '" alt="' . $lang['Post_new_message'] . '" border="0" /></a>';


REPLACE WITH
Code: Select all
$post_new_mesg_url = '<a href="' . append_sid("privmsg.$phpEx?mode=post") . '"><img src="' . $images['post_new'] . '" alt="' . $lang['Send_a_new_message'] . '" border="0" /></a>';


FIND
Code: Select all
	$limit_msg_time = '';
	$post_days = 0;


REPLACE WITH
Code: Select all
	$limit_msg_time = $limit_msg_time_total = '';
	$msg_days = 0;


FIND
Code: Select all
	'U_POST_NEW_TOPIC' => $post_new_topic_url)


REPLACE WITH
Code: Select all
	'U_POST_NEW_TOPIC' => append_sid("privmsg.$phpEx?mode=post"))



profile.php
FIND
Code: Select all
	$mode = ( isset($HTTP_GET_VARS['mode']) ) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];


AFTER, ADD
Code: Select all
	$mode = htmlspecialchars($mode);



search.php
FIND
Code: Select all
	$search_time = time() - ( ( ( !empty($HTTP_POST_VARS['search_time']) ) ? intval($HTTP_POST_VARS['search_time']) : intval($HTTP_GET_VARS['search_time']) ) * 86400 );


AFTER, ADD
Code: Select all
	$topic_days = (!empty($HTTP_POST_VARS['search_time'])) ? intval($HTTP_POST_VARS['search_time']) : intval($HTTP_GET_VARS['search_time']);


FIND
Code: Select all
	$search_time = 0;


AFTER, ADD
Code: Select all
	$topic_days = 0;



viewonline.php
FIND
Code: Select all
	'L_WHOSONLINE' => $lang['Who_is_online'],


REPLACE WITH
Code: Select all
	'L_WHOSONLINE' => $lang['Who_is_Online'],



viewtopic.php
FIND
Code: Select all
			$session_id = isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid']) ? $HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid'] : $HTTP_GET_VARS['sid'];


AFTER, ADD
Code: Select all
			if (!preg_match('/^[A-Za-z0-9]*$/', $session_id)) 
			{
				$session_id = '';
			}
Last edited by Thoul on November 5th 2004, 10:25 am, edited 1 time in total.
User avatar
Thoul
Admin/Webmaster
 
Posts: 18551
Joined: July 30th 2002, 11:30 am
Location: USA

Includes level file changes

Postby Thoul » November 5th 2004, 8:32 am

includes/bbcode.php
FIND
Code: Select all
	$text = preg_replace("#\[img\]((ht|f)tp://)([^ \?&=\"\n\r\t<]*?(\.(jpg|jpeg|gif|png)))\[/img\]#sie", "'[img:$uid]\\1' . str_replace(' ', '%20', '\\3') . '[/img:$uid]'", $text);


REPLACE WITH
Code: Select all
	$text = preg_replace("#\[img\]((http|ftp|https|ftps)://)([^ \?&=\#\"\n\r\t<]*?(\.(jpg|jpeg|gif|png)))\[/img\]#sie", "'[img:$uid]\\1' . str_replace(' ', '%20', '\\3') . '[/img:$uid]'", $text);



includes/functions_post.php
FIND
Code: Select all
		$page_title = $lang['Review_topic'] . " - $topic_title";


REPLACE WITH
Code: Select all
		$page_title = $lang['Emoticons'] . " - $topic_title";



includes/page_header.php
FIND
Code: Select all
$online_userlist = '';


AFTER, ADD
Code: Select all
$l_online_users = '';


FIND
Code: Select all
	$prev_user_ip = '';


REPLACE WITH
Code: Select all
	$prev_user_ip = $prev_session_ip = '';



includes/sessions.php
FIND
Code: Select all
		$sessionmethod = SESSION_METHOD_GET;
	}

	$last_visit = 0;


REPLACE WITH
Code: Select all
		$sessionmethod = SESSION_METHOD_GET;
	}

	//
	if (!preg_match('/^[A-Za-z0-9]*$/', $session_id)) 
	{
		$session_id = '';
	}

	$last_visit = 0;


FIND
Code: Select all
		$sessionmethod = SESSION_METHOD_GET;
	}

	//
	// Does a session exist?
	//
	if ( !empty($session_id) )


REPLACE WITH
Code: Select all
		$sessionmethod = SESSION_METHOD_GET;
	}

	//
	if (!preg_match('/^[A-Za-z0-9]*$/', $session_id))
	{
		$session_id = '';
	}

	//
	// Does a session exist?
	//
	if ( !empty($session_id) )


FIND
Code: Select all
		$sessionmethod = SESSION_METHOD_GET;
	}

	//
	// Delete existing session
	//


REPLACE WITH
Code: Select all
		$sessionmethod = SESSION_METHOD_GET;
	}

	if (!preg_match('/^[A-Za-z0-9]*$/', $session_id))
	{
		return;
	}

	//
	// Delete existing session
	//



includes/usercp_avatar.php
FIND
Code: Select all
	if ( !preg_match('#^((http)|(ftp):\/\/[\w\-]+?\.([\w\-]+\.)+[\w]+(:[0-9]+)*\/.*?\.(gif|jpg|jpeg|png)$)#is', $avatar_filename) )


REPLACE WITH
Code: Select all
	if ( !preg_match("#^((ht|f)tp://)([^ \?&=\#\"\n\r\t<]*?(\.(jpg|jpeg|gif|png))$)#is", $avatar_filename) )



includes/usercp_viewprofile.php
FIND
Code: Select all
	message_die(GENERAL_ERROR, 'Could not obtain ranks information', '', __LINE__, __FILE__, $sql);
}


AFTER, ADD
Code: Select all
$ranksrow = array();
User avatar
Thoul
Admin/Webmaster
 
Posts: 18551
Joined: July 30th 2002, 11:30 am
Location: USA


Return to phpBB 2: Fixes and Code Changes

Who is online

Users browsing this forum: No registered users and 0 guests