Acyd Burn
Consultant
Joined: 19 Apr 2002
Posts: 650
Location: Germany (Oldb)
|
 Posted: December 7th 2002, 6:36 am Post subject: phpBB 2.0.1 to 2.0.2 Code Changes |
 |
|
These are the code changes from phpBB 2.0.1 to phpBB 2.0.2. This might be very helpful if you want to update your forum and have installed a bunch of hacks. In cases like this, it is normally easier to apply the code changes directly to the scripts rather than installing all of the hacks again.
Here are some tips relating to statements to help you through this tutorial:
When you find an 'AFTER, ADD' statement, the code has to be added after the last line quoted in the 'FIND' statement.
When you find a 'REPLACE WITH' statement, the code quoted in the 'FIND' statement has to be replaced completely with the quoted code in the 'REPLACE WITH' statement.
When you find a 'DELETE' statement, the code has to be deleted.
Ok, lets start:
These changes are only relevant to you if you don't want to delete this file, which you should after installation. However, we will list it here for the sake of completeness.
-
The security fix we have waited for... change phpbb_root_dir to phpbb_root_path.
FIND
| Code:
|
include($phpbb_root_dir . 'includes/functions_selects.'.$phpEx);
|
REPLACE WITH
| Code:
|
include($phpbb_root_path . 'includes/functions_selects.'.$phpEx);
|
This change is for the Sessions Table generated:
FIND - Line 879
REPLACE WITH
| Code:
|
TYPE=HEAP MAX_ROWS=500";
|
A change to have the config data in single quotes.
FIND - Line 909-914
| Code:
|
$config_data .= '$dbms = "' . $dbms . '";' . "\n\n";
$config_data .= '$dbhost = "' . $dbhost . '";' . "\n";
$config_data .= '$dbname = "' . $dbname . '";' . "\n";
$config_data .= '$dbuser = "' . $dbuser . '";' . "\n";
$config_data .= '$dbpasswd = "' . $dbpasswd . '";' . "\n\n";
$config_data .= '$table_prefix = "' . $table_prefix . '";' . "\n\n";
|
REPLACE WITH
| Code:
|
$config_data .= '$dbms = \'' . $dbms . '\';' . "\n\n";
$config_data .= '$dbhost = \'' . $dbhost . '\';' . "\n";
$config_data .= '$dbname = \'' . $dbname . '\';' . "\n";
$config_data .= '$dbuser = \'' . $dbuser . '\';' . "\n";
$config_data .= '$dbpasswd = \'' . $dbpasswd . '\';' . "\n\n";
$config_data .= '$table_prefix = \'' . $table_prefix . '\';' . "\n\n";
|
The changes made to login.php are mainly intended for fixing some redirection errors.
-
First redirect fix
FIND - Line 100
| Code:
|
message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__);
}
}
else
{
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? $HTTP_POST_VARS['redirect'] : '';
|
AFTER, ADD
| Code:
|
$redirect = str_replace("?", "&", $redirect);
|
Second redirect fix
FIND - Line 114
| Code:
|
message_die(GENERAL_MESSAGE, $message);
}
}
}
else
{
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? $HTTP_POST_VARS['redirect'] : "";
|
AFTER, ADD
| Code:
|
$redirect = str_replace("?", "&", $redirect);
|
The change made to the memberlist is a fix for a little typo.
-
This is a bugfix where the Memberlist could not sorted by Joined Date.
FIND - Line 113
REPLACE WITH
Changes to this file are bugfixes.
-
This is for reducing the users post count when deleting topics.
FIND - Line 211
| Code:
|
$topic_id_sql .= ( ( $topic_id_sql != '' ) ? ', ' : '' ) . $topics[$i];
}
|
AFTER, ADD
| Code:
|
$sql = "SELECT poster_id, COUNT(post_id) AS posts
FROM " . POSTS_TABLE . "
WHERE topic_id IN ($topic_id_sql)
GROUP BY poster_id";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not get poster id information', '', __LINE__, __FILE__, $sql);
}
$count_sql = array();
while ( $row = $db->sql_fetchrow($result) )
{
$count_sql[] = "UPDATE " . USERS_TABLE . "
SET user_posts = user_posts - " . $row['posts'] . "
WHERE user_id = " . $row['poster_id'];
}
$db->sql_freeresult($result);
if ( sizeof($count_sql) )
{
for($i = 0; $i < sizeof($count_sql); $i++)
{
if ( !$db->sql_query($count_sql[$i]) )
{
message_die(GENERAL_ERROR, 'Could not update user post count information', '', __LINE__, __FILE__, $sql);
}
}
}
|
Generate a default value for the Forum Select Box.
FIND - Line 769
| Code:
|
'S_FORUM_SELECT' => make_forum_select("new_forum_id"))
|
REPLACE WITH
| Code:
|
'S_FORUM_SELECT' => make_forum_select("new_forum_id", false, $forum_id))
|
Changes to this file are bugfixes.
-
Missing variable definition was added.
FIND - Line 51
| Code:
|
$delete_all = ( isset($HTTP_POST_VARS['deleteall']) ) ? TRUE : 0;
|
AFTER, ADD
| Code:
|
$save = ( isset($HTTP_POST_VARS['save']) ) ? TRUE : 0;
|
Here missing word replacements were added.
FIND - Line 572
| Code:
|
$private_message .= '<br /><br />_________________<br />' . make_clickable($user_sig);
}
|
AFTER, ADD
| Code:
|
$orig_word = array();
$replacement_word = array();
obtain_word_list($orig_word, $replacement_word);
|
More missing word replacements.
FIND - Line 1689
| Code:
|
make_jumpbox('viewforum.'.$phpEx);
|
AFTER, ADD
| Code:
|
$orig_word = array();
$replacement_word = array();
obtain_word_list($orig_word, $replacement_word);
|
This file was added after phpBB 2.0.1, so no changes here, just a new file. And you have to run it after (or before) changing all phpBB 2 Files. Again, this is listed just for completeness.
This file was changed, but since no hacks change this file it is safe to overwrite it with the new version.
Only one little change in this file, a language variable issue.
-
No new posts instead of new posts.
FIND - Line 569
| Code:
|
$folder_alt = ( $topic_rowset[$i]['topic_status'] == TOPIC_LOCKED ) ? $lang['Topic_locked'] : $lang['No_new_posts'];
|
REPLACE WITH
| Code:
|
$folder_alt = ( $topic_rowset[$i]['topic_status'] == TOPIC_LOCKED ) ? $lang['Topic_locked'] : $lang['New_posts'];
|
Also only one change, topic_mod has been made empty by default.
-
Set the variable topic_mod. This is a little security fix.
FIND - Line 556
| Code:
|
$s_auth_can .= ( ( $is_auth['auth_vote'] ) ? $lang['Rules_vote_can'] : $lang['Rules_vote_cannot'] ) . '<br />';
|
AFTER, ADD
Instead of assigning the variable new, append the string. Changed '=' into '.='.
FIND - Line 564
| Code:
|
$topic_mod = '<a href="' . append_sid("modcp.$phpEx?" . POST_TOPIC_URL . "=$topic_id&mode=delete") . '"><img src="' . $images['topic_mod_delete'] . '" alt="' . $lang['Delete_topic'] . '" title="' . $lang['Delete_topic'] . '" border="0" /></a> ';
|
REPLACE WITH
| Code:
|
$topic_mod .= '<a href="' . append_sid("modcp.$phpEx?" . POST_TOPIC_URL . "=$topic_id&mode=delete") . '"><img src="' . $images['topic_mod_delete'] . '" alt="' . $lang['Delete_topic'] . '" title="' . $lang['Delete_topic'] . '" border="0" /></a> ';
|
This file is very important, fixes for BBcodes URL, IMG and of course the new smilies_pass function which results in a dramatic speed increase on long topics.
-
This is the fix for the url-bbcode tag.
FIND - Line 200
| Code:
|
// [url]xxxx://www.phpbb.com[/url] code..
$patterns[1] = "#\[url\]([a-z]+?://){1}([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+]+)\[/url\]#si";
$replacements[1] = $bbcode_tpl['url1'];
// [url]www.phpbb.com[/url] code.. (no xxxx:// prefix).
$patterns[2] = "#\[url\]([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+]+)\[/url\]#si";
$replacements[2] = $bbcode_tpl['url2'];
// [url=xxxx://www.phpbb.com]phpBB[/url] code..
$patterns[3] = "#\[url=([a-z]+?://){1}([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+]+)\](.*?)\[/url\]#si";
$replacements[3] = $bbcode_tpl['url3'];
// [url=www.phpbb.com]phpBB[/url] code.. (no xxxx:// prefix).
$patterns[4] = "#\[url=([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+]+)\](.*?)\[/url\]#si";
$replacements[4] = $bbcode_tpl['url4'];
|
REPLACE WITH
| Code:
|
// [url]xxxx://www.phpbb.com[/url] code..
$patterns[1] = "#\[url\]([a-z]+?://){1}([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+\(\)]+)\[/url\]#si";
$replacements[1] = $bbcode_tpl['url1'];
// [url]www.phpbb.com[/url] code.. (no xxxx:// prefix).
$patterns[2] = "#\[url\]([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+\(\)]+)\[/url\]#si";
$replacements[2] = $bbcode_tpl['url2'];
// [url=xxxx://www.phpbb.com]phpBB[/url] code..
$patterns[3] = "#\[url=([a-z]+?://){1}([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+\(\)]+)\](.*?)\[/url\]#si";
$replacements[3] = $bbcode_tpl['url3'];
// [url=www.phpbb.com]phpBB[/url] code.. (no xxxx:// prefix).
$patterns[4] = "#\[url=([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+\(\)]+)\](.*?)\[/url\]#si";
$replacements[4] = $bbcode_tpl['url4'];
|
This is a fix for the img-bbcode tag.
FIND - Line 285
| Code:
|
$text = preg_replace("#\[img\](([a-z]+?)://([^ \"\n\r]+?))\[/img\]#si", "[img:$uid]\\1[/img:$uid]", $text);
|
REPLACE WITH
| Code:
|
$text = preg_replace("#\[img\](http(s)?://)([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+]+)\[/img\]#si", "[img:$uid]\\1\\3[/img:$uid]", $text);
|
This is a fix for the make_clickable function that makes posted URLs clickable.
FIND - Line 623
| Code:
|
$ret = preg_replace("#([\n ])([a-z]+?)://([^\t <\n\r]+)#i", "\\1<a href=\"\\2://\\3\" target=\"_blank\">\\2://\\3</a>", $ret);
|
REPLACE WITH
| Code:
|
$ret = preg_replace("#([\n ])([a-z]+?)://([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+]+)#i", "\\1<a href=\"\\2://\\3\" target=\"_blank\">\\2://\\3</a>", $ret);
|
This is a fix for the make_clickable function for macking posted URLs clickable.
FIND - Line 631
| Code:
|
$ret = preg_replace("#([\n ])www\.([a-z0-9\-]+)\.([a-z0-9\-.\~]+)((?:/[^\t <\n\r]*)?)#i", "\\1<a href=\"http://www.\\2.\\3\\4\" target=\"_blank\">www.\\2.\\3\\4</a>", $ret);
|
REPLACE WITH
| Code:
|
$ret = preg_replace("#([\n ])www\.([a-z0-9\-]+)\.([a-z0-9\-.\~]+)((?:/[a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+]*)?)#i", "\\1<a href=\"http://www.\\2.\\3\\4\" target=\"_blank\">www.\\2.\\3\\4</a>", $ret);
|
This is a replacement for the smilies_pass function, resulting in a great speed improvement on viewing topics.
FIND - Line 739
| Code:
|
function smilies_pass($message)
{
global $db, $board_config;
static $smilies;
if( empty($smilies) )
{
$sql = "SELECT code, smile_url
FROM " . SMILIES_TABLE;
if( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't obtain smilies data", "", __LINE__, __FILE__, $sql);
}
if( !$db->sql_numrows($result) )
{
return $message;
}
$smilies = $db->sql_fetchrowset($result);
}
usort($smilies, 'smiley_sort');
for($i = 0; $i < count($smilies); $i++)
{
$orig[] = "/(?<=.\\W|\\W.|^\\W)" . phpbb_preg_quote($smilies[$i]['code'], "/") . "(?=.\\W|\\W.|\\W$)/";
$repl[] = '<img src="'. $board_config['smilies_path'] . '/' . $smilies[$i]['smile_url'] . '" alt="' . $smilies[$i]['smile_url'] . '" border="0" />';
}
if( $i > 0 )
{
$message = preg_replace($orig, $repl, ' ' . $message . ' ');
$message = substr($message, 1, -1);
}
return $message;
}
|
REPLACE WITH
| Code:
|
function smilies_pass($message)
{
static $orig, $repl;
if (!isset($orig))
{
global $db, $board_config;
$orig = $repl = array();
$sql = 'SELECT code, smile_url FROM ' . SMILIES_TABLE;
if( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't obtain smilies data", "", __LINE__, __FILE__, $sql);
}
$smilies = $db->sql_fetchrowset($result);
usort($smilies, 'smiley_sort');
for($i = 0; $i < count($smilies); $i++)
{
$orig[] = "/(?<=.\W|\W.|^\W)" . phpbb_preg_quote($smilies[$i]['code'], "/") . "(?=.\W|\W.|\W$)/";
$repl[] = '<img src="'. $board_config['smilies_path'] . '/' . $smilies[$i]['smile_url'] . '" alt="' . $smilies[$i]['smile_url'] . '" border="0" />';
}
}
if (count($orig))
{
$message = preg_replace($orig, $repl, ' ' . $message . ' ');
$message = substr($message, 1, -1);
}
return $message;
}
|
These are all fixes to replace the iso-line with the correct one from the language files. Therefore, no explanation for every change is given.
-
FIND - Line 131
| Code:
|
function parse_email()
{
|
AFTER, ADD
FIND - Line 155
| Code:
|
$this->encoding = ( trim($match[4]) != '' ) ? trim($match[4]) : 'iso-8859-1';
|
REPLACE WITH
| Code:
|
$this->encoding = ( trim($match[4]) != '' ) ? trim($match[4]) : $lang['ENCODING'];
|
FIND - Line 209
| Code:
|
function attachFile($filename, $mimetype = "application/octet-stream", $szFromAddress, $szFilenameToDisplay)
{
|
AFTER, ADD
FIND - Line 214
| Code:
|
$this->mailMsg = '--' . $mime_boundary . "\nContent-Type: text/plain;\n\tcharset=\"iso-8859-1\"\n\n" . $this->mailMsg;
|
REPLACE WITH
| Code:
|
$this->mailMsg = '--' . $mime_boundary . "\nContent-Type: text/plain;\n\tcharset=\"" . $lang['ENCODING'] . "\"\n\n" . $this->mailMsg;
|
There was a change in functions.php through development, but was reverted, because it produces one more query.
- includes/functions_admin.php
The changes to this file allow the forum select field to have a default value.
-
Rewrite the function call to allow an extra parameter (the default selected value).
FIND - Line 27
| Code:
|
function make_forum_select($box_name, $ignore_forum = false)
|
REPLACE WITH
| Code:
|
function make_forum_select($box_name, $ignore_forum = false, $select_forum = '')
|
The code for default selecting a value.
FIND - Line 46
| Code:
|
$forum_list .= '<option value="' . $row['forum_id'] . '">' . $row['forum_name'] . '</option>';
|
REPLACE WITH
| Code:
|
$selected = ( $select_forum == $row['forum_id'] ) ? ' selected="selected"' : '';
$forum_list .= '<option value="' . $row['forum_id'] . '"' . $selected .'>' . $row['forum_name'] . '</option>';
|
- includes/functions_post.php
One security fix (I think) and an attempt to increase the time limit on sending notifications.
-
The security fix, rewrite of html-tags.
FIND - Line 78
| Code:
|
if ( preg_match('/^<\/?' . $match_tag . '\b/i', $hold_string) )
|
REPLACE WITH
| Code:
|
if ( preg_match('/^<\/?' . $match_tag . '(?!(\s*)style(\s*)\\=)/i', $hold_string) )
|
Try to increase time limit, will not work on some php-installations.
FIND - Line 635
| Code:
|
$update_watched_sql = '';
if ( $row = $db->sql_fetchrow($result) )
{
|
AFTER, ADD
| Code:
|
@set_time_limit(120);
|
- includes/functions_validate.php
These two changes are quote number corrections (in the regular expression) for validating usernames, use phpbb_preg_quote
instead of preg_quote.
-
First one: forbidden usernames.
FIND - Line 66
| Code:
|
if ( preg_match("#\b(" . str_replace("\*", ".*?", preg_quote($row['disallow_username'])) . ")\b#i", $username) )
|
REPLACE WITH
| Code:
|
if ( preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['disallow_username'], '#')) . ")\b#i", $username) )
|
Second one: forbidden words.
FIND - Line 79
| Code:
|
if ( preg_match("#\b(" . str_replace("\*", ".*?", preg_quote($row['word'])) . ")\b#i", $username) )
|
REPLACE WITH
| Code:
|
if ( preg_match("#\b(" . str_replace("\*", ".*?", phpbb_preg_quote($row['word'], '#')) . ")\b#i", $username) )
|
Not really a change to this file, but please check if you have no newlines after ?>
sitting around, this can cause header problems. The best is to press the delete
key after ?> so that no lines are displayed after the ?> anymore.
In this file there are many changes, changes you should not miss, because of a security fix and some adjustments to the sessions code.
-
Bugfix for banned email addresses.
FIND - Line 120
| Code:
|
$sql .= " OR ban_email LIKE '" . str_replace("\'", "''", $row['user_email']) . "'
OR ban_email LIKE '" . substr(str_replace("\'", "''", $row['user_email']), strpos(str_replace("\'", "''", $row['user_email']), "@")) . "'";
|
REPLACE WITH
| Code:
|
$sql .= " OR ban_email LIKE '" . str_replace("\'", "''", $userdata['user_email']) . "'
OR ban_email LIKE '" . substr(str_replace("\'", "''", $userdata['user_email']), strpos(str_replace("\'", "''", $userdata['user_email']), "@")) . "'";
|
Fix for wrong spelled sessiondata variable.
FIND - Line 215
| Code:
|
$session_data = '';
|
REPLACE WITH
A workaround for rotating IP's.
FIND - Line 232
| Code:
|
AND u.user_id = s.session_user_id
AND s.session_ip = '$user_ip'";
|
REPLACE WITH
| Code:
|
AND u.user_id = s.session_user_id";
|
A workaround for rotating IP's.
FIND - Line 245-289
| Code:
|
$SID = ( $sessionmethod == SESSION_METHOD_GET ) ? 'sid=' . $session_id : '';
//
// Only update session DB a minute or so after last update
//
if ( $current_time - $userdata['session_time'] > 60 )
{
// || $userdata['user_session_page'] != $thispage_id
$sql = "UPDATE " . SESSIONS_TABLE . "
SET session_time = $current_time, session_page = $thispage_id
WHERE session_id = '" . $userdata['session_id'] . "'
AND session_ip = '$user_ip'";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error updating sessions table', '', __LINE__, __FILE__, $sql);
}
if ( $userdata['user_id'] != ANONYMOUS )
{
$sql = "UPDATE " . USERS_TABLE . "
SET user_session_time = $current_time, user_session_page = $thispage_id
WHERE user_id = " . $userdata['user_id'];
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error updating sessions table', '', __LINE__, __FILE__, $sql);
}
}
//
// Delete expired sessions
//
$expiry_time = $current_time - $board_config['session_length'];
$sql = "DELETE FROM " . SESSIONS_TABLE . "
WHERE session_time < $expiry_time
AND session_id <> '$session_id'";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error clearing sessions table', '', __LINE__, __FILE__, $sql);
}
setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure);
}
return $userdata;
|
REPLACE WITH
| Code:
|
//
// Do not check IP assuming equivalence, if IPv4 we'll check only first 24
// bits ... I've been told (by vHiker) this should alleviate problems with
// load balanced et al proxies while retaining some reliance on IP security.
//
$ip_check_s = substr($userdata['session_ip'], 0, 6);
$ip_check_u = substr($user_ip, 0, 6);
if ( $ip_check_s == $ip_check_u )
{
$SID = ( $sessionmethod == SESSION_METHOD_GET ) ? 'sid=' . $session_id : '';
//
// Only update session DB a minute or so after last update
//
if ( $current_time - $userdata['session_time'] > 60 )
{
$sql = "UPDATE " . SESSIONS_TABLE . "
SET session_time = $current_time, session_page = $thispage_id
WHERE session_id = '" . $userdata['session_id'] . "'";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error updating sessions table', '', __LINE__, __FILE__, $sql);
}
if ( $userdata['user_id'] != ANONYMOUS )
{
$sql = "UPDATE " . USERS_TABLE . "
SET user_session_time = $current_time, user_session_page = $thispage_id
WHERE user_id = " . $userdata['user_id'];
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error updating sessions table', '', __LINE__, __FILE__, $sql);
}
}
//
// Delete expired sessions
//
$expiry_time = $current_time - $board_config['session_length'];
$sql = "DELETE FROM " . SESSIONS_TABLE . "
WHERE session_time < $expiry_time
AND session_id <> '$session_id'";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error clearing sessions table', '', __LINE__, __FILE__, $sql);
}
setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure);
}
return $userdata;
}
|
intval the user id (security fix).
FIND - Line 306
| Code:
|
$user_id = ( isset($sessiondata['userid']) ) ? $sessiondata['userid'] : ANONYMOUS;
|
REPLACE WITH
| Code:
|
$user_id = ( isset($sessiondata['userid']) ) ? intval($sessiondata['userid']) : ANONYMOUS;
|
Only a fix for trailing, on email addresses.
-
FIND - Line 173
| Code:
|
$to_header .= "<$mail_to_address>, ";
|
REPLACE WITH
| Code:
|
$to_header .= ( ( $mail_to_address != '' ) ? ', ' : '' ) . "<$mail_to_address>";
|
- includes/usercp_avatar.php
rawurlencode removed (have broken things before) and bugfix for avatar gallery.
-
FIND - Line 65
| Code:
|
function user_avatar_gallery($mode, &$error, &$error_msg, $avatar_filename)
{
return ( $mode == 'editprofile' ) ? ", user_avatar = '" . str_replace("\'", "''", $avatar_filename) . "', user_avatar_type = " . USER_AVATAR_GALLERY : '';
}
function user_avatar_url($mode, &$error, &$error_msg, $avatar_filename)
{
if ( !preg_match('#^http:\/\/#i', $avatar_filename) )
{
$avatar_filename = 'http://' . $avatar_filename;
}
if ( !preg_match('#^(http:\/\/[a-z0-9\-]+?\.([a-z0-9\-]+\.)*[a-z]+(:[0-9]+)*\/[^\"]*?\.(gif|jpg|jpeg|png)$)#is', $avatar_filename) )
{
$error = true;
$error_msg = ( !empty($error_msg) ) ? $error_msg . '<br />' . $lang['Wrong_remote_avatar_format'] : $lang['Wrong_remote_avatar_format'];
return;
}
return ( $mode == 'editprofile' ) ? ", user_avatar = '" . str_replace("\'", "''", $avatar_filename) . "', user_avatar_type = " . USER_AVATAR_REMOTE : '';
}
|
REPLACE WITH
| Code:
|
function user_avatar_gallery($mode, &$error, &$error_msg, $avatar_filename)
{
global $board_config;
if ( file_exists($board_config['avatar_gallery_path'] . '/' . $avatar_filename) && ($mode == 'editprofile') )
{
$return = ", user_avatar = '" . str_replace("\'", "''", $avatar_filename) . "', user_avatar_type = " . USER_AVATAR_GALLERY;
}
else
{
$return = '';
}
return $return;
}
function user_avatar_url($mode, &$error, &$error_msg, $avatar_filename)
{
if ( !preg_match('#^(http)|(ftp):\/\/#i', $avatar_filename) )
{
$avatar_filename = 'http://' . $avatar_filename;
}
if ( !preg_match('#^((http)|(ftp):\/\/[a-z0-9\-]+?\.([a-z0-9\-]+\.)+[a-z]+(:[0-9]+)*\/.*?\.(gif|jpg|jpeg|png)$)#is', $avatar_filename) )
{
$error = true;
$error_msg = ( !empty($error_msg) ) ? $error_msg . '<br />' . $lang['Wrong_remote_avatar_format'] : $lang['Wrong_remote_avatar_format'];
return;
}
return ( $mode == 'editprofile' ) ? ", user_avatar = '" . str_replace("\'", "''", $avatar_filename) . "', user_avatar_type = " . USER_AVATAR_REMOTE : '';
}
|
- includes/usercp_email.php
Another security fix.
-
Intval the HTTP-Headers user id.
FIND - Line 32
| Code:
|
$user_id = ( !empty($HTTP_GET_VARS[POST_USERS_URL]) ) ? $HTTP_GET_VARS[POST_USERS_URL] : $HTTP_POST_VARS[POST_USERS_URL];
|
REPLACE WITH
| Code:
|
$user_id = ( !empty($HTTP_GET_VARS[POST_USERS_URL]) ) ? intval($HTTP_GET_VARS[POST_USERS_URL]) : intval($HTTP_POST_VARS[POST_USERS_URL]);
|
- includes/usercp_register.php
Fixes for the new group_id schema in the database, added check for logged in users and avatar (security fix included) and signature fixes.
-
Security fix for avatar gallerys.
FIND - Line 177
| Code:
|
if ( isset($HTTP_POST_VARS['avatargallery']) || isset($HTTP_POST_VARS['submitavatar']) || isset($HTTP_POST_VARS['cancelavatar']) )
|
REPLACE WITH
| Code:
|
if ( (isset($HTTP_POST_VARS['avatargallery']) || isset($HTTP_POST_VARS['submitavatar']) || isset($HTTP_POST_VARS['cancelavatar'])) && (!isset($HTTP_POST_VARS['submit'])) )
|
Delete avatar if gallery avatar is chosen and a check is added to prevent users logged in while registration.
FIND - Line 199
| Code:
|
if ( !isset($HTTP_POST_VARS['cancelavatar']))
{
$user_avatar = $user_avatar_local;
$user_avatar_type = USER_AVATAR_GALLERY;
}
}
}
|
REPLACE WITH
| Code:
|
if ( !isset($HTTP_POST_VARS['cancelavatar']))
{
$user_avatar = $user_avatar_local;
$user_avatar_type = USER_AVATAR_GALLERY;
if ( $userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && @file_exists('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar']) )
{
@unlink('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar']);
}
}
}
}
//
// Let's make sure the user isn't logged in while registering,
// and ensure that they were trying to register a second time
// (Prevents double registrations)
//
if ( $userdata['session_logged_in'] && $mode =="register" && $username == $userdata['username'])
{
message_die(GENERAL_MESSAGE, $lang['Username_taken'], '', __LINE__, __FILE__);
}
|
Rawurlencode the entered website.
FIND - Line 367
| Code:
|
$signature = prepare_message($signature, $allowhtml, $allowbbcode, $allowsmilies, $signature_bbcode_uid);
}
|
AFTER, ADD
| Code:
|
if ( $website != '' )
{
rawurlencode($website);
}
|
Fix for avatar handling.
FIND - Line 400
| Code:
|
$avatar_sql = user_avatar_gallery($mode, $error, $error_msg, $user_avatar_local);
}
|
AFTER, ADD
| Code:
|
else
{
$avatar_sql = '';
}
|
Delete the group id block, since the group_id is now auto incremented.
DELETE - Line 400-510
| Code:
|
$sql = "SELECT MAX(group_id) AS total
FROM " . GROUPS_TABLE;
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain next user_id information', '', __LINE__, __FILE__, $sql);
}
if ( !($row = $db->sql_fetchrow($result)) )
{
message_die(GENERAL_ERROR, 'Could not obtain next user_id information', '', __LINE__, __FILE__, $sql);
}
$group_id = $row['total'] + 1;
|
Changed the SQL-Statement for adding the user to the groups table.
FIND - Line 520
| Code:
|
$sql = "INSERT INTO " . GROUPS_TABLE . " (group_id, group_name, group_description, group_single_user, group_moderator)
VALUES ($group_id, '', 'Personal User', 1, 0)";
|
REPLACE WITH
| Code:
|
$sql = "INSERT INTO " . GROUPS_TABLE . " (group_name, group_description, group_single_user, group_moderator)
VALUES ('', 'Personal User', 1, 0)";
|
This is for determining the previously generated group id.
FIND - Line 524
| Code:
|
message_die(GENERAL_ERROR, 'Could not insert data into groups table', '', __LINE__, __FILE__, $sql);
}
|
AFTER, ADD
| Code:
|
$group_id = $db->sql_nextid();
|
Fix for sending admin activation mail to admin in board configs default lang, instead of the users language.
FIND - Line 607
| Code:
|
$emailer->use_template("admin_activate", stripslashes($user_lang));
|
REPLACE WITH
| Code:
|
//$emailer->use_template("admin_activate", stripslashes($user_lang));
$emailer->use_template("admin_activate", $board_config['default_lang']);
|
Fix for entered signature, parse it through bbcode.
FIND - Line 646
| Code:
|
$website = htmlspecialchars(stripslashes($website));
$location = htmlspecialchars(stripslashes($location));
$occupation = htmlspecialchars(stripslashes($occupation));
$interests = htmlspecialchars(stripslashes($interests));
$signature = stripslashes($signature);
|
AFTER, ADD
| Code:
|
$signature = ( $signature_bbcode_uid != '' ) ? preg_replace("/:(([a-z0-9]+:)?)$signature_bbcode_uid\]/si", ']', $signature) : $signature;
|
_________________
How to Report Bugs Effectively | How To Ask Questions The Smart Way
Attachment Mod User Guide
|
|
Acyd Burn
Consultant
Joined: 19 Apr 2002
Posts: 650
Location: Germany (Oldb)
|
| Posted: December 7th 2002, 9:54 am Post subject: |
|
|
- admin/admin_db_utilities.php
Only bugfixes assigned to this file.
-
A fix for a missing error-check. instead of result.
FIND - Line 380
REPLACE WITH
This is the array-definition for tables that will be backed up. The fix is to not back up the table search_results twice.
FIND - Line 715
| Code:
|
$tables = array('auth_access', 'banlist', 'categories', 'config', 'disallow', 'forums', 'forum_prune', 'groups', 'posts', 'posts_text', 'privmsgs', 'privmsgs_text', 'ranks', 'search_results', 'search_results', 'search_wordlist', 'search_wordmatch', 'sessions', 'smilies', 'themes', 'themes_name', 'topics', 'topics_watch', 'user_group', 'users', 'vote_desc', 'vote_results', 'vote_voters', 'words');
|
REPLACE WITH
| Code:
|
$tables = array('auth_access', 'banlist', 'categories', 'config', 'disallow', 'forums', 'forum_prune', 'groups', 'posts', 'posts_text', 'privmsgs', 'privmsgs_text', 'ranks', 'search_results', 'search_wordlist', 'search_wordmatch', 'sessions', 'smilies', 'themes', 'themes_name', 'topics', 'topics_watch', 'user_group', 'users', 'vote_desc', 'vote_results', 'vote_voters', 'words');
|
Bugfixes for a staticly placed language variable and the category name.
-
Assign a language variable instead of writing it directly.
FIND - Line 305
| Code:
|
$statuslist = "<option value=\"" . FORUM_UNLOCKED . "\" $forumunlocked>Unlocked</option>\n";
$statuslist .= "<option value=\"" . FORUM_LOCKED . "\" $forumlocked>Locked</option>\n";
|
REPLACE WITH
| Code:
|
$statuslist = "<option value=\"" . FORUM_UNLOCKED . "\" $forumunlocked>" . $lang['Status_unlocked'] . "</option>\n";
$statuslist .= "<option value=\"" . FORUM_LOCKED . "\" $forumlocked>" . $lang['Status_locked'] . "</option>\n";
|
Bugfix for single quotes in category names.
FIND - Line 498
| Code:
|
VALUES ('" . $HTTP_POST_VARS['categoryname'] . "', $next_order)";
|
REPLACE WITH
| Code:
|
VALUES ('" . str_replace("\'", "''", $HTTP_POST_VARS['categoryname']) . "', $next_order)";
|
Because the group id is now auto incremental, this file changed too to reflect this.
-
Change the handling of group_id.
FIND - Line 287
| Code:
|
$sql = "SELECT MAX(group_id) AS new_group_id
FROM " . GROUPS_TABLE;
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not insert new group', '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
$new_group_id = $row['new_group_id'] + 1;
$sql = "INSERT INTO " . GROUPS_TABLE . " (group_id, group_type, group_name, group_description, group_moderator, group_single_user)
VALUES ($new_group_id, $group_type, '" . str_replace("\'", "''", $group_name) . "', '" . str_replace("\'", "''", $group_description) . "', $group_moderator, '0')";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not insert new group', '', __LINE__, __FILE__, $sql);
}
|
REPLACE WITH
| Code:
|
$sql = "INSERT INTO " . GROUPS_TABLE . " (group_type, group_name, group_description, group_moderator, group_single_user)
VALUES ($group_type, '" . str_replace("\'", "''", $group_name) . "', '" . str_replace("\'", "''", $group_description) . "', $group_moderator, '0')";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not insert new group', '', __LINE__, __FILE__, $sql);
}
$new_group_id = $db->sql_nextid();
|
Only one change to allow adding of smilies through added URL Parameters too.
-
Add HTTP_GET_VARS.
FIND - Line 268
| Code:
|
else if( isset($HTTP_POST_VARS['add']) )
|
REPLACE WITH
| Code:
|
else if( isset($HTTP_POST_VARS['add']) || isset($HTTP_GET_VARS['add']) )
|
Bugfixes for deleting private messages and votes if a user gets deleted. Additional bugfixes to avatars and user editing.
-
Do not delete the data from the sessions table.
DELETE - Line 204-214
| Code:
|
if( $user_status == 0 )
{
// User is (made) inactive. Delete all their sessions.
$sql = "DELETE FROM " . SESSIONS_TABLE . "
WHERE session_user_id = $user_id";
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete this users sessions', '', __LINE__, __FILE__, $sql);
}
}
|
Delete doubled sig length check.
DELETE - Line 211
| Code:
|
$sig_length_check = preg_replace('/(\[.*?)(=.*?)\]/is', '\\1]', stripslashes($signature));
|
Set poster id to DELETED instead of ANONYMOUS.
FIND - Line 513
| Code:
|
SET poster_id = " . ANONYMOUS . ", post_username = '$username'
|
REPLACE WITH
| Code:
|
SET poster_id = " . DELETED . ", post_username = '$username'
|
Set topic poster to DELETED instead of ANONYMOUS.
FIND - Line 521
| Code:
|
SET topic_poster = " . ANONYMOUS . "
|
REPLACE WITH
| Code:
|
SET topic_poster = " . DELETED . "
|
Update vote and group informations to reflect the delete.
FIND - Line 525
| Code:
|
message_die(GENERAL_ERROR, 'Could not update topics for this user', '', __LINE__, __FILE__, $sql);
}
|
AFTER, ADD
| Code:
|
$sql = "UPDATE " . VOTE_USERS_TABLE . "
SET vote_user_id = " . DELETED . "
WHERE vote_user_id = $user_id";
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update votes for this user', '', __LINE__, __FILE__, $sql);
}
$sql = "SELECT group_id
FROM " . GROUPS_TABLE . "
WHERE group_moderator = $user_id";
if( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not select groups where user was moderator', '', __LINE__, __FILE__, $sql);
}
while ( $row_group = $db->sql_fetchrow($result) )
{
$group_moderator[] = $row_group['group_id'];
}
if ( count($group_moderator) )
{
$update_moderator_id = implode(', ', $group_moderator);
$sql = "UPDATE " . GROUPS_TABLE . "
SET group_moderator = " . $userdata['user_id'] . "
WHERE group_moderator IN ($update_moderator_id)";
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update group moderators', '', __LINE__, __FILE__, $sql);
}
}
|
Update the private message informations to reflect the deletion.
FIND - Line 594
| Code:
|
message_die(GENERAL_ERROR, 'Could not delete user from topic watch table', '', __LINE__, __FILE__, $sql);
}
|
AFTER, ADD
| Code:
|
$sql = "SELECT privmsgs_id
FROM " . PRIVMSGS_TABLE . "
WHERE ( ( privmsgs_from_userid = $user_id
AND privmsgs_type = " . PRIVMSGS_NEW_MAIL . " )
OR ( privmsgs_from_userid = $user_id
AND privmsgs_type = " . PRIVMSGS_SENT_MAIL . " )
OR ( privmsgs_to_userid = $user_id
AND privmsgs_type = " . PRIVMSGS_READ_MAIL . " )
OR ( privmsgs_to_userid = $user_id
AND privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " )
OR ( privmsgs_from_userid = $user_id
AND privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " ) )";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not select all user\'s private messages', '', __LINE__, __FILE__, $sql);
}
//
// This little bit of code directly from the private messaging section.
// Thanks Paul!
//
while ( $row_privmsgs = $db->sql_fetchrow($result) )
{
$mark_list[] = $row_privmsgs['privmsgs_id'];
}
if ( count($mark_list) )
{
$delete_sql_id = implode(', ', $mark_list);
//
// We shouldn't need to worry about updating conters here...
// They are already gone!
//
$delete_text_sql = "DELETE FROM " . PRIVMSGS_TEXT_TABLE . "
WHERE privmsgs_text_id IN ($delete_sql_id)";
$delete_sql = "DELETE FROM " . PRIVMSGS_TABLE . "
WHERE privmsgs_id IN ($delete_sql_id)";
//
// Shouldn't need the switch statement here, either, as we just want
// to take out all of the private messages. This will not affect
// the other messages we want to keep; the ids are unique.
//
if ( !$db->sql_query($delete_sql) )
{
message_die(GENERAL_ERROR, 'Could not delete private message info', '', __LINE__, __FILE__, $delete_sql);
}
if ( !$db->sql_query($delete_text_sql) )
{
message_die(GENERAL_ERROR, 'Could not delete private message text', '', __LINE__, __FILE__, $delete_text_sql);
}
}
$sql = "UPDATE " . PRIVMSGS_TABLE . "
SET privmsgs_to_userid = " . DELETED . "
WHERE privmsgs_to_userid = $user_id";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update private messages saved to the user', '', __LINE__, __FILE__, $sql);
}
$sql = "UPDATE " . PRIVMSGS_TABLE . "
SET privmsgs_from_userid = " . DELETED . "
WHERE privmsgs_from_userid = $user_id";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not update private messages saved from the user', '', __LINE__, __FILE__, $sql);
}
|
Fix for not displayed username.
FIND - Line 1037
| Code:
|
'RANK_SELECT_BOX' => $rank_select_box,
|
AFTER, ADD
| Code:
|
'L_USERNAME' => $lang['Username'],
|
Fix for not displayed location.
FIND - Line 1053
| Code:
|
'L_LOCATION' => $lang['From'],
|
REPLACE WITH
| Code:
|
'L_LOCATION' => $lang['Location'],
|
Bugfix for avatars.
FIND - Line 1111
| Code:
|
if( file_exists('./../' . $board_config['avatar_path'] ) )
{
if ( $form_enctype != '' )
{
$template->assign_block_vars('avatar_local_upload', array() );
}
$template->assign_block_vars('avatar_remote_upload', array() );
}
if( file_exists('./../' . $board_config['avatar_gallery_path'] ) )
{
$template->assign_block_vars('avatar_local_gallery', array() );
}
}
$template->pparse('body');
|
REPLACE WITH
| Code:
|
if( file_exists('./../' . $board_config['avatar_path'] ) && ($board_config['allow_avatar_upload'] == TRUE) )
{
if ( $form_enctype != '' )
{
$template->assign_block_vars('avatar_local_upload', array() );
}
$template->assign_block_vars('avatar_remote_upload', array() );
}
if( file_exists('./../' . $board_config['avatar_gallery_path'] ) && ($board_config['allow_avatar_local'] == TRUE) )
{
$template->assign_block_vars('avatar_local_gallery', array() );
}
if( $board_config['allow_avatar_remote'] == TRUE )
{
$template->assign_block_vars('avatar_remote_link', array() );
}
}
$template->pparse('body');
|
- language/lang_english/lang_admin.php
Some language issues, you should update your other language files, too. I am not sure if all language packs available for phpBB 2 are up-to-date with phpBB 2.0.2.
-
Changed the explanation of the smilies path.
FIND - Line 278
| Code:
|
$lang['Smilies_path_explain'] = 'Path under your phpBB root dir, e.g. images/smilies';
|
REPLACE WITH
| Code:
|
$lang['Smilies_path_explain'] = 'Path under your phpBB root dir, e.g. images/smiles';
|
Added the Locked/Unlocked language variables.
FIND - Line 352
| Code:
|
$lang['Forum_delete_explain'] = 'The form below will allow you to delete a forum (or category) and decide where you want to put all topics (or forums) it contained.';
|
AFTER, ADD
| Code:
|
$lang['Status_locked'] = 'Locked';
$lang['Status_unlocked'] = 'Unlocked';
|
- language/lang_english/lang_faq.php
Some language issues, you should update your other language files, too. I am not sure if all language packs available for phpBB 2 are up-to-date with phpBB 2.0.2.
-
Only changed 'rouge' to 'rogue'.
FIND - Line 42
| Code:
|
$faq[] = array("I registered but cannot login!", "Firstly check your are entering the correct username and password. If they are okay then one of two things may have happened. If COPPA support is enabled and you clicked the <u>I am under 13 years old</u> link while registering then you will have to follow the instructions you received. If this is not the case then does your account need activating? Some boards will require all new registrations be activated, either by yourself or by the administrator before you can logon. When you registered it would have told you whether activation was required. If you were sent an email then follow the instructions, if you did not receive the email then are you sure your email address is valid? One reason activation is used is to reduce the possibility of <i>rouge</i> users abusing the board anonymously. If you are sure the email address you used is valid then try contacting the board administrator.");
|
REPLACE WITH
| Code:
|
$faq[] = array("I registered but cannot login!", "Firstly check your are entering the correct username and password. If they are okay then one of two things may have happened. If COPPA support is enabled and you clicked the <u>I am under 13 years old</u> link while registering then you will have to follow the instructions you received. If this is not the case then does your account need activating? Some boards will require all new registrations be activated, either by yourself or by the administrator before you can logon. When you registered it would have told you whether activation was required. If you were sent an email then follow the instructions, if you did not receive the email then are you sure your email address is valid? One reason activation is used is to reduce the possibility of <i>rogue</i> users abusing the board anonymously. If you are sure the email address you used is valid then try contacting the board administrator.");
|
Closed the italic html tag.
FIND - Line 57
| Code:
|
$faq[] = array("How do I post a topic in a forum?", "Easy, click the relevant button on either the forum or topic screens. You may need to register before you can post a message, the facilities available to you are listed at the bottom of the forum and topic screens (the <i>You can post new topics, You can vote in polls, etc.<i> list)");
|
REPLACE WITH
| Code:
|
$faq[] = array("How do I post a topic in a forum?", "Easy, click the relevant button on either the forum or topic screens. You may need to register before you can post a message, the facilities available to you are listed at the bottom of the forum and topic screens (the <i>You can post new topics, You can vote in polls, etc.</i> list)");
|
As the one above, closed the italic html tag.
FIND - Line 78
| Code:
|
$faq[] = array("What are Moderators?", "Moderators are individuals (or groups of individuals) whose job it is to look after the running of the forums from day to day. They have the power to edit or delete posts and lock, unlock, move, delete and split topics in the forum they moderate. Generally moderators are there to prevent people going <i>off-topic<i> or posting abusive or offensive material.");
|
REPLACE WITH
| Code:
|
$faq[] = array("What are Moderators?", "Moderators are individuals (or groups of individuals) whose job it is to look after the running of the forums from day to day. They have the power to edit or delete posts and lock, unlock, move, delete and split topics in the forum they moderate. Generally moderators are there to prevent people going <i>off-topic</i> or posting abusive or offensive material.");
|
- language/lang_english/lang_main.php
Some language issues, you should update your other language files, too. I am not sure if all language packs available for phpBB 2 are up-to-date with phpBB 2.0.2.
-
Changed the text to describe it more precisely.
FIND - Line 633
| Code:
|
$lang['Agree_over_13'] = 'I Agree to these terms and am <b>over</b> 13 years of age';
|
REPLACE WITH
| Code:
|
$lang['Agree_over_13'] = 'I Agree to these terms and am <b>over</b> or <b>exactly</b> 13 years of age';
|
Now run the update_to_202.php file and enjoy your upgraded forum. 
_________________
How to Report Bugs Effectively | How To Ask Questions The Smart Way
Attachment Mod User Guide
|
|
Forums
Home
Register
Profile
Log in to check your private messages
Log in
FAQ
Search
Contact
Us 
