phpBB 2.0.3 to 2.0.4 Code Changes

Acyd Burn · Consultant

includes/functions.php

FIND - Line 95

Code:

global $template, $lang, $db, $SID, $nav_links, $phpEx;

REPLACE WITH

Code:

global $template, $userdata, $lang, $db, $nav_links, $phpEx;

FIND - Line 125

Code:

$boxstring = '<select name="' . POST_FORUM_URL . '" onChange="if(this.options[this.selectedIndex].value != -1){ forms[\'jumpbox\'].submit() }"><option value="-1">' . $lang['Select_forum'] . '</option>';

REPLACE WITH

Code:

$boxstring = '<select name="' . POST_FORUM_URL . '" onchange="if(this.options[this.selectedIndex].value != -1){ forms[\'jumpbox\'].submit() }"><option value="-1">' . $lang['Select_forum'] . '</option>';

FIND - Line 174

Code:

$boxstring .= '<select name="' . POST_FORUM_URL . '" onChange="if(this.options[this.selectedIndex].value != -1){ forms[\'jumpbox\'].submit() }"></select>';
}

if ( isset($SID) )
{
$boxstring .= '<input type="hidden" name="sid" value="' . $SID . '" />';

REPLACE WITH

Code:

$boxstring .= '<select name="' . POST_FORUM_URL . '" onchange="if(this.options[this.selectedIndex].value != -1){ forms[\'jumpbox\'].submit() }"></select>';
}

if ( !empty($SID) )
{
$boxstring .= '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />';

FIND - Line 223

Code:

if ( !file_exists($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_main.'.$phpEx) )

REPLACE WITH

Code:

if ( !file_exists(@phpbb_realpath($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_main.'.$phpEx)) )

FIND - Line 232

Code:

if( !file_exists($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_admin.'.$phpEx) )

REPLACE WITH

Code:

if( !file_exists(@phpbb_realpath($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_admin.'.$phpEx)) )

FIND - Line 291

Code:

$img_lang = ( file_exists($current_template_path . '/images/lang_' . $board_config['default_lang']) ) ? $board_config['default_lang'] : 'english';

REPLACE WITH

Code:

$img_lang = ( file_exists(@phpbb_realpath($phpbb_root_path . $current_template_path . '/images/lang_' . $board_config['default_lang'])) ) ? $board_config['default_lang'] : 'english';

FIND - Line 499

Code:

global $db, $template, $board_config, $theme, $lang, $phpEx, $phpbb_root_path, $nav_links, $gen_simple_header;
global $userdata, $user_ip, $session_length;
global $starttime;

REPLACE WITH

Code:

global $db, $template, $board_config, $theme, $lang, $phpEx, $phpbb_root_path, $nav_links, $gen_simple_header, $images;
global $userdata, $user_ip, $session_length;
global $starttime;

if(defined('HAS_DIED'))
{
die("message_die() was called multiple times. This isn't supposed to happen. Was message_die() used in page_tail.php?");
}

define(HAS_DIED, 1);

FIND - Line 686

Code:

exit;
}

AFTER, ADD

Code:

//
// This function is for compatibility with PHP 4.x's realpath()
// function. In later versions of PHP, it needs to be called
// to do checks with some functions. Older versions of PHP don't
// seem to need this, so we'll just return the original value.
// dougk_ff7 <October 5, 2002>
function phpbb_realpath($path)
{
return (!@function_exists('realpath') || !@realpath($phpbb_root_path . 'includes/functions.'.$phpEx)) ? $path : @realpath($path);
}

function redirect($url)
{
global $db, $board_config;

if (!empty($db))
{
   $db->sql_close();
}

$server_protocol = ($board_config['cookie_secure']) ? 'https://' : 'http://';
$server_name = preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['server_name']));
$server_port = ($board_config['server_port'] <> 80) ? ':' . trim($board_config['server_port']) : '';
$script_name = preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['script_path']));
$script_name = ($script_name == '') ? $script_name : '/' . $script_name;
$url = preg_replace('#^\/?(.*?)\/?$#', '/\1', trim($url));

// Redirect via an HTML form for PITA webservers
if (@preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')))
{
   header('Refresh: 0; URL=' . $server_protocol . $server_name . $server_port . $script_name . $url);
   echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><meta http-equiv="refresh" content="0; url=' . $server_protocol . $server_name . $server_port . $script_name . $url . '"><title>Redirect</title></head><body><div align="center">If your browser does not support meta redirection please click <a href="' . $server_protocol . $server_name . $server_port . $script_name . $url . '">HERE</a> to be redirected</div></body></html>';
   exit;
}

// Behave as per HTTP/1.1 spec for others
header('Location: ' . $server_protocol . $server_name . $server_port . $script_name . $url);
exit;
}

Acyd Burn · Consultant

includes/functions_post.php

FIND - Line 23

Code:

if ( !defined('IN_PHPBB') )
{
die('Hacking attempt');
}

$html_entities_match = array('#&#', '#<#', '#>#');

REPLACE WITH

Code:

if (!defined('IN_PHPBB'))
{
die('Hacking attempt');
}

$html_entities_match = array('#&[a-z]+?;#', '#<#', '#>#');

FIND - Line 40

Code:

global $board_config;
global $html_entities_match, $html_entities_replace;
global $code_entities_match, $code_entities_replace;

//
// Clean up the message

REPLACE WITH

Code:

global $board_config, $html_entities_match, $html_entities_replace;

//
// Clean up the message

FIND - Line 56

Code:

   while ( $start_html = strpos($message, '<', $start_html) )
   {
      $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1, ( $start_html - $end_html - 1 )));

      if ( $end_html = strpos($message, '>', $start_html) )
      {
         $length = $end_html - $start_html + 1;
         $hold_string = substr($message, $start_html, $length);

         if ( ( $unclosed_open = strrpos(' ' . $hold_string, '<') ) != 1 )
         {
            $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($hold_string, 0, $unclosed_open - 1));
            $hold_string = substr($hold_string, $unclosed_open - 1);
         }

         $tagallowed = false;
         for($i = 0; $i < sizeof($allowed_html_tags); $i++)
         {
            $match_tag = trim($allowed_html_tags[$i]);
            if ( preg_match('/^<\/?' . $match_tag . '(?!(\s*)style(\s*)\\=)/i', $hold_string) )
            {
               $tagallowed = true;
            }
         }

         $tmp_message .= ( $length && !$tagallowed ) ? preg_replace($html_entities_match, $html_entities_replace, $hold_string) : $hold_string;

REPLACE WITH

Code:

   while ($start_html = strpos($message, '<', $start_html))
   {
      $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1, ($start_html - $end_html - 1)));

      if ($end_html = strpos($message, '>', $start_html))
      {
         $length = $end_html - $start_html + 1;
         $hold_string = substr($message, $start_html, $length);

         if (($unclosed_open = strrpos(' ' . $hold_string, '<')) != 1)
         {
            $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($hold_string, 0, $unclosed_open - 1));
            $hold_string = substr($hold_string, $unclosed_open - 1);
         }

         $tagallowed = false;
         for ($i = 0; $i < sizeof($allowed_html_tags); $i++)
         {
            $match_tag = trim($allowed_html_tags[$i]);
            if (preg_match('#^<\/?' . $match_tag . '(?!(.*?)((style)|( on[\w]+?[\s]?=))[\s]*?)#i', $hold_string))
            {
               $tagallowed = true;
            }
         }

         $tmp_message .= ($length && !$tagallowed) ? preg_replace($html_entities_match, $html_entities_replace, $hold_string) : $hold_string;

FIND - Line 94

Code:

   if ( $end_html != strlen($message) && $tmp_message != '' )
   {
      $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1));
   }

   $message = ( $tmp_message != '' ) ? trim($tmp_message) : trim($message);
}
else
{
   $message = preg_replace($html_entities_match, $html_entities_replace, $message);
}

if( $bbcode_on && $bbcode_uid != '' )

REPLACE WITH

Code:

   if ($end_html != strlen($message) && $tmp_message != '')
   {
      $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1));
   }

   $message = ($tmp_message != '') ? trim($tmp_message) : trim($message);
}
else
{
   $message = preg_replace($html_entities_match, $html_entities_replace, $message);
}

if($bbcode_on && $bbcode_uid != '')

FIND - Line 129

Code:

if ( !empty($username) )
{
   $username = htmlspecialchars(trim(strip_tags($username)));

   if ( !$userdata['session_logged_in'] || ( $userdata['session_logged_in'] && $username != $userdata['username'] ) )
   {
      include($phpbb_root_path . 'includes/functions_validate.'.$phpEx);

      $result = validate_username($username);
      if ( $result['error'] )
      {
         $error_msg .= ( !empty($error_msg) ) ? '<br />' . $result['error_msg'] : $result['error_msg'];
      }
   }
}

// Check subject
if ( !empty($subject) )
{
   $subject = htmlspecialchars(trim($subject));
}
else if ( $mode == 'newtopic' || ( $mode == 'editpost' && $post_data['first_post'] ) )
{
   $error_msg .= ( !empty($error_msg) ) ? '<br />' . $lang['Empty_subject'] : $lang['Empty_subject'];
}

// Check message
if ( !empty($message) )
{
   $bbcode_uid = ( $bbcode_on ) ? make_bbcode_uid() : '';
   $message = prepare_message(trim($message), $html_on, $bbcode_on, $smilies_on, $bbcode_uid);
}
else if ( $mode != 'delete' && $mode != 'polldelete' )
{
   $error_msg .= ( !empty($error_msg) ) ? '<br />' . $lang['Empty_message'] : $lang['Empty_message'];
}

//
// Handle poll stuff
//
if ( $mode == 'newtopic' || ( $mode == 'editpost' && $post_data['first_post'] ) )
{
   $poll_length = ( isset($poll_length) ) ? max(0, intval($poll_length)) : 0;

   if ( !empty($poll_title) )
   {
      $poll_title = htmlspecialchars(trim($poll_title));
   }

   if( !empty($poll_options) )
   {
      $temp_option_text = array();
      while( list($option_id, $option_text) = @each($poll_options) )
      {
         $option_text = trim($option_text);
         if ( !empty($option_text) )
         {
            $temp_option_text[$option_id] = htmlspecialchars($option_text);
         }
      }
      $option_text = $temp_option_text;

      if ( count($poll_options) < 2 )
      {
         $error_msg .= ( !empty($error_msg) ) ? '<br />' . $lang['To_few_poll_options'] : $lang['To_few_poll_options'];
      }
      else if ( count($poll_options) > $board_config['max_poll_options'] )
      {
         $error_msg .= ( !empty($error_msg) ) ? '<br />' . $lang['To_many_poll_options'] : $lang['To_many_poll_options'];
      }
      else if ( $poll_title == '' )
      {
         $error_msg .= ( !empty($error_msg) ) ? '<br />' . $lang['Empty_poll_title'] : $lang['Empty_poll_title'];

REPLACE WITH

Code:

if (!empty($username))
{
   $username = trim(strip_tags($username));

   if (!$userdata['session_logged_in'] || ($userdata['session_logged_in'] && $username != $userdata['username']))
   {
      include($phpbb_root_path . 'includes/functions_validate.'.$phpEx);

      $result = validate_username($username);
      if ($result['error'])
      {
         $error_msg .= (!empty($error_msg)) ? '<br />' . $result['error_msg'] : $result['error_msg'];
      }
   }
   else
   {
      $username = '';
   }
}

// Check subject
if (!empty($subject))
{
   $subject = htmlspecialchars(trim($subject));
}
else if ($mode == 'newtopic' || ($mode == 'editpost' && $post_data['first_post']))
{
   $error_msg .= (!empty($error_msg)) ? '<br />' . $lang['Empty_subject'] : $lang['Empty_subject'];
}

// Check message
if (!empty($message))
{
   $bbcode_uid = ($bbcode_on) ? make_bbcode_uid() : '';
   $message = prepare_message(trim($message), $html_on, $bbcode_on, $smilies_on, $bbcode_uid);
}
else if ($mode != 'delete' && $mode != 'poll_delete')
{
   $error_msg .= (!empty($error_msg)) ? '<br />' . $lang['Empty_message'] : $lang['Empty_message'];
}

//
// Handle poll stuff
//
if ($mode == 'newtopic' || ($mode == 'editpost' && $post_data['first_post']))
{
   $poll_length = (isset($poll_length)) ? max(0, intval($poll_length)) : 0;

   if (!empty($poll_title))
   {
      $poll_title = htmlspecialchars(trim($poll_title));
   }

   if(!empty($poll_options))
   {
      $temp_option_text = array();
      while(list($option_id, $option_text) = @each($poll_options))
      {
         $option_text = trim($option_text);
         if (!empty($option_text))
         {
            $temp_option_text[$option_id] = htmlspecialchars($option_text);
         }
      }
      $option_text = $temp_option_text;

      if (count($poll_options) < 2)
      {
         $error_msg .= (!empty($error_msg)) ? '<br />' . $lang['To_few_poll_options'] : $lang['To_few_poll_options'];
      }
      else if (count($poll_options) > $board_config['max_poll_options'])
      {
         $error_msg .= (!empty($error_msg)) ? '<br />' . $lang['To_many_poll_options'] : $lang['To_many_poll_options'];
      }
      else if ($poll_title == '')
      {
         $error_msg .= (!empty($error_msg)) ? '<br />' . $lang['Empty_poll_title'] : $lang['Empty_poll_title'];

FIND - Line 225

Code:

if ( $mode == 'newtopic' || $mode == 'reply' )
{
   //
   // Flood control
   //
   $where_sql = ( $userdata['user_id'] == ANONYMOUS ) ? "poster_ip = '$user_ip'" : 'poster_id = ' . $userdata['user_id'];
   $sql = "SELECT MAX(post_time) AS last_post_time
      FROM " . POSTS_TABLE . "
      WHERE $where_sql";
   if ( $result = $db->sql_query($sql) )
   {
      if ( $row = $db->sql_fetchrow($result) )
      {
         if ( $row['last_post_time'] > 0 && ( $current_time - $row['last_post_time'] ) < $board_config['flood_interval'] )
         {
            message_die(GENERAL_MESSAGE, $lang['Flood_Error']);
         }
      }
   }
}
else if ( $mode == 'editpost' )
{
   remove_search_post($post_id);
}

if ( $mode == 'newtopic' || ( $mode == 'editpost' && $post_data['first_post'] ) )
{
   $topic_vote = ( !empty($poll_title) && count($poll_options) >= 2 ) ? 1 : 0;
   $sql = ( $mode != "editpost" ) ? "INSERT INTO " . TOPICS_TABLE . " (topic_title, topic_poster, topic_time, forum_id, topic_status, topic_type, topic_vote) VALUES ('$post_subject', " . $userdata['user_id'] . ", $current_time, $forum_id, " . TOPIC_UNLOCKED . ", $topic_type, $topic_vote)" : "UPDATE " . TOPICS_TABLE . " SET topic_title = '$post_subject', topic_type = $topic_type, topic_vote = $topic_vote WHERE topic_id = $topic_id";
   if ( !$db->sql_query($sql) )
   {
      message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
   }

   if ( $mode == 'newtopic' )
   {
      $topic_id = $db->sql_nextid();
   }
}

$edited_sql = ( $mode == 'editpost' && !$post_data['last_post'] && $post_data['poster_post'] ) ? ", post_edit_time = $current_time, post_edit_count = post_edit_count + 1 " : "";
$sql = ( $mode != "editpost" ) ? "INSERT INTO " . POSTS_TABLE . " (topic_id, forum_id, poster_id, post_username, post_time, poster_ip, enable_bbcode, enable_html, enable_smilies, enable_sig) VALUES ($topic_id, $forum_id, " . $userdata['user_id'] . ", '$post_username', $current_time, '$user_ip', $bbcode_on, $html_on, $smilies_on, $attach_sig)" : "UPDATE " . POSTS_TABLE . " SET enable_bbcode = $bbcode_on, enable_html = $html_on, enable_smilies = $smilies_on, enable_sig = $attach_sig" . $edited_sql . " WHERE post_id = $post_id";
if ( !$db->sql_query($sql, BEGIN_TRANSACTION) )
{
   message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
}

if ( $mode != 'editpost' )
{
   $post_id = $db->sql_nextid();
}

$sql = ( $mode != 'editpost' ) ? "INSERT INTO " . POSTS_TEXT_TABLE . " (post_id, post_subject, bbcode_uid, post_text) VALUES ($post_id, '$post_subject', '$bbcode_uid', '$post_message')" : "UPDATE " . POSTS_TEXT_TABLE . " SET post_text = '$post_message', bbcode_uid = '$bbcode_uid', post_subject = '$post_subject' WHERE post_id = $post_id";
if ( !$db->sql_query($sql) )
{
   message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
}

add_search_words($post_id, stripslashes($post_message), stripslashes($post_subject));

//
// Add poll
//
if ( ( $mode == 'newtopic' || $mode == 'editpost' ) && !empty($poll_title) && count($poll_options) >= 2 )
{
   $sql = ( !$post_data['has_poll'] ) ? "INSERT INTO " . VOTE_DESC_TABLE . " (topic_id, vote_text, vote_start, vote_length) VALUES ($topic_id, '$poll_title', $current_time, " . ( $poll_length * 86400 ) . ")" : "UPDATE " . VOTE_DESC_TABLE . " SET vote_text = '$poll_title', vote_length = " . ( $poll_length * 86400 ) . " WHERE topic_id = $topic_id";
   if ( !$db->sql_query($sql) )
   {
      message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
   }

   $delete_option_sql = '';
   $old_poll_result = array();
   if ( $mode == 'editpost' && $post_data['has_poll'] )
   {
      $sql = "SELECT vote_option_id, vote_result
         FROM " . VOTE_RESULTS_TABLE . "
         WHERE vote_id = $poll_id
         ORDER BY vote_option_id ASC";
      if ( !($result = $db->sql_query($sql)) )
      {
         message_die(GENERAL_ERROR, 'Could not obtain vote data results for this topic', '', __LINE__, __FILE__, $sql);
      }

      while ( $row = $db->sql_fetchrow($result) )
      {
         $old_poll_result[$row['vote_option_id']] = $row['vote_result'];

         if ( !isset($poll_options[$row['vote_option_id']]) )
         {
            $delete_option_sql .= ( $delete_option_sql != '' ) ? ', ' . $row['vote_option_id'] : $row['vote_option_id'];

REPLACE WITH

Code:

if ($mode == 'newtopic' || $mode == 'reply')
{
   //
   // Flood control
   //
   $where_sql = ($userdata['user_id'] == ANONYMOUS) ? "poster_ip = '$user_ip'" : 'poster_id = ' . $userdata['user_id'];
   $sql = "SELECT MAX(post_time) AS last_post_time
      FROM " . POSTS_TABLE . "
      WHERE $where_sql";
   if ($result = $db->sql_query($sql))
   {
      if ($row = $db->sql_fetchrow($result))
      {
         if (intval($row['last_post_time']) > 0 && ($current_time - intval($row['last_post_time'])) < intval($board_config['flood_interval']))
         {
            message_die(GENERAL_MESSAGE, $lang['Flood_Error']);
         }
      }
   }
}
else if ($mode == 'editpost')
{
   remove_search_post($post_id);
}

if ($mode == 'newtopic' || ($mode == 'editpost' && $post_data['first_post']))
{
   $topic_vote = (!empty($poll_title) && count($poll_options) >= 2) ? 1 : 0;
   $sql = ($mode != "editpost") ? "INSERT INTO " . TOPICS_TABLE . " (topic_title, topic_poster, topic_time, forum_id, topic_status, topic_type, topic_vote) VALUES ('$post_subject', " . $userdata['user_id'] . ", $current_time, $forum_id, " . TOPIC_UNLOCKED . ", $topic_type, $topic_vote)" : "UPDATE " . TOPICS_TABLE . " SET topic_title = '$post_subject', topic_type = $topic_type, topic_vote = $topic_vote WHERE topic_id = $topic_id";
   if (!$db->sql_query($sql))
   {
      message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
   }

   if ($mode == 'newtopic')
   {
      $topic_id = $db->sql_nextid();
   }
}

$edited_sql = ($mode == 'editpost' && !$post_data['last_post'] && $post_data['poster_post']) ? ", post_edit_time = $current_time, post_edit_count = post_edit_count + 1 " : "";
$sql = ($mode != "editpost") ? "INSERT INTO " . POSTS_TABLE . " (topic_id, forum_id, poster_id, post_username, post_time, poster_ip, enable_bbcode, enable_html, enable_smilies, enable_sig) VALUES ($topic_id, $forum_id, " . $userdata['user_id'] . ", '$post_username', $current_time, '$user_ip', $bbcode_on, $html_on, $smilies_on, $attach_sig)" : "UPDATE " . POSTS_TABLE . " SET post_username = '$post_username', enable_bbcode = $bbcode_on, enable_html = $html_on, enable_smilies = $smilies_on, enable_sig = $attach_sig" . $edited_sql . " WHERE post_id = $post_id";
if (!$db->sql_query($sql, BEGIN_TRANSACTION))
{
   message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
}

if ($mode != 'editpost')
{
   $post_id = $db->sql_nextid();
}

$sql = ($mode != 'editpost') ? "INSERT INTO " . POSTS_TEXT_TABLE . " (post_id, post_subject, bbcode_uid, post_text) VALUES ($post_id, '$post_subject', '$bbcode_uid', '$post_message')" : "UPDATE " . POSTS_TEXT_TABLE . " SET post_text = '$post_message', bbcode_uid = '$bbcode_uid', post_subject = '$post_subject' WHERE post_id = $post_id";
if (!$db->sql_query($sql))
{
   message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
}

add_search_words('single', $post_id, stripslashes($post_message), stripslashes($post_subject));

//
// Add poll
//
if (($mode == 'newtopic' || ($mode == 'editpost' && $post_data['edit_poll'])) && !empty($poll_title) && count($poll_options) >= 2)
{
   $sql = (!$post_data['has_poll']) ? "INSERT INTO " . VOTE_DESC_TABLE . " (topic_id, vote_text, vote_start, vote_length) VALUES ($topic_id, '$poll_title', $current_time, " . ($poll_length * 86400) . ")" : "UPDATE " . VOTE_DESC_TABLE . " SET vote_text = '$poll_title', vote_length = " . ($poll_length * 86400) . " WHERE topic_id = $topic_id";
   if (!$db->sql_query($sql))
   {
      message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
   }

   $delete_option_sql = '';
   $old_poll_result = array();
   if ($mode == 'editpost' && $post_data['has_poll'])
   {
      $sql = "SELECT vote_option_id, vote_result
         FROM " . VOTE_RESULTS_TABLE . "
         WHERE vote_id = $poll_id
         ORDER BY vote_option_id ASC";
      if (!($result = $db->sql_query($sql)))
      {
         message_die(GENERAL_ERROR, 'Could not obtain vote data results for this topic', '', __LINE__, __FILE__, $sql);
      }

      while ($row = $db->sql_fetchrow($result))
      {
         $old_poll_result[$row['vote_option_id']] = $row['vote_result'];

         if (!isset($poll_options[$row['vote_option_id']]))
         {
            $delete_option_sql .= ($delete_option_sql != '') ? ', ' . $row['vote_option_id'] : $row['vote_option_id'];

FIND - Line 327

Code:

   while ( list($option_id, $option_text) = each($poll_options) )
   {
      if ( !empty($option_text) )
      {
         $option_text = str_replace("\'", "''", $option_text);
         $poll_result = ( $mode == "editpost" && isset($old_poll_result[$option_id]) ) ? $old_poll_result[$option_id] : 0;

         $sql = ( $mode != "editpost" || !isset($old_poll_result[$option_id]) ) ? "INSERT INTO " . VOTE_RESULTS_TABLE . " (vote_id, vote_option_id, vote_option_text, vote_result) VALUES ($poll_id, $poll_option_id, '$option_text', $poll_result)" : "UPDATE " . VOTE_RESULTS_TABLE . " SET vote_option_text = '$option_text', vote_result = $poll_result WHERE vote_option_id = $option_id AND vote_id = $poll_id";
         if ( !$db->sql_query($sql) )

REPLACE WITH

Code:

   while (list($option_id, $option_text) = each($poll_options))
   {
      if (!empty($option_text))
      {
         $option_text = str_replace("\'", "''", htmlspecialchars($option_text));
         $poll_result = ($mode == "editpost" && isset($old_poll_result[$option_id])) ? $old_poll_result[$option_id] : 0;

         $sql = ($mode != "editpost" || !isset($old_poll_result[$option_id])) ? "INSERT INTO " . VOTE_RESULTS_TABLE . " (vote_id, vote_option_id, vote_option_text, vote_result) VALUES ($poll_id, $poll_option_id, '$option_text', $poll_result)" : "UPDATE " . VOTE_RESULTS_TABLE . " SET vote_option_text = '$option_text', vote_result = $poll_result WHERE vote_option_id = $option_id AND vote_id = $poll_id";
         if (!$db->sql_query($sql))

FIND - Line 388

Code:

         if ( !($result = $db->sql_query($sql)) )
         {
            message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
         }

         if ( $row = $db->sql_fetchrow($result) )
         {
            $topic_update_sql .= ', topic_last_post_id = ' . $row['last_post_id'];
         }
      }

      if ( $post_data['last_topic'] )
      {
         $sql = "SELECT MAX(post_id) AS last_post_id
            FROM " . POSTS_TABLE . "
            WHERE forum_id = $forum_id";
         if ( !($result = $db->sql_query($sql)) )
         {
            message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
         }

         if ( $row = $db->sql_fetchrow($result) )
         {
            $forum_update_sql .= ( $row['last_post_id'] ) ? ', forum_last_post_id = ' . $row['last_post_id'] : ', forum_last_post_id = 0';
         }
      }
   }
   else if ( $post_data['first_post'] )
   {
      $sql = "SELECT MIN(post_id) AS first_post_id
         FROM " . POSTS_TABLE . "
         WHERE topic_id = $topic_id";
      if ( !($result = $db->sql_query($sql)) )
      {
         message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
      }

      if ( $row = $db->sql_fetchrow($result) )

REPLACE WITH

Code:

         if (!($result = $db->sql_query($sql)))
         {
            message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
         }

         if ($row = $db->sql_fetchrow($result))
         {
            $topic_update_sql .= ', topic_last_post_id = ' . $row['last_post_id'];
         }
      }

      if ($post_data['last_topic'])
      {
         $sql = "SELECT MAX(post_id) AS last_post_id
            FROM " . POSTS_TABLE . "
            WHERE forum_id = $forum_id";
         if (!($result = $db->sql_query($sql)))
         {
            message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
         }

         if ($row = $db->sql_fetchrow($result))
         {
            $forum_update_sql .= ($row['last_post_id']) ? ', forum_last_post_id = ' . $row['last_post_id'] : ', forum_last_post_id = 0';
         }
      }
   }
   else if ($post_data['first_post'])
   {
      $sql = "SELECT MIN(post_id) AS first_post_id
         FROM " . POSTS_TABLE . "
         WHERE topic_id = $topic_id";
      if (!($result = $db->sql_query($sql)))
      {
         message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
      }

      if ($row = $db->sql_fetchrow($result))

FIND - Line 435

Code:

else if ( $mode != 'poll_delete' )
{
$forum_update_sql .= ", forum_last_post_id = $post_id" . ( ( $mode == 'newtopic' ) ? ", forum_topics = forum_topics $sign" : "" );
$topic_update_sql = "topic_last_post_id = $post_id" . ( ( $mode == 'reply' ) ? ", topic_replies = topic_replies $sign" : ", topic_first_post_id = $post_id" );

REPLACE WITH

Code:

else if ($mode != 'poll_delete')
{
$forum_update_sql .= ", forum_last_post_id = $post_id" . (($mode == 'newtopic') ? ", forum_topics = forum_topics $sign" : "");
$topic_update_sql = "topic_last_post_id = $post_id" . (($mode == 'reply') ? ", topic_replies = topic_replies $sign" : ", topic_first_post_id = $post_id");

FIND - Line 448

Code:

if ( !$db->sql_query($sql) )
{
   message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
}

if ( $topic_update_sql != '' )
{
   $sql = "UPDATE " . TOPICS_TABLE . " SET
      $topic_update_sql
      WHERE topic_id = $topic_id
         OR topic_moved_id = $topic_id";
   if ( !$db->sql_query($sql) )
   {
      message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
   }
}

if ( $mode != 'poll_delete' )
{
   $sql = "UPDATE " . USERS_TABLE . "
      SET user_posts = user_posts $sign
      WHERE user_id = $user_id";
   if ( !$db->sql_query($sql, END_TRANSACTION) )

REPLACE WITH

Code:

if (!$db->sql_query($sql))
{
   message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
}

if ($topic_update_sql != '')
{
   $sql = "UPDATE " . TOPICS_TABLE . " SET
      $topic_update_sql
      WHERE topic_id = $topic_id";
   if (!$db->sql_query($sql))
   {
      message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
   }
}

if ($mode != 'poll_delete')
{
   $sql = "UPDATE " . USERS_TABLE . "
      SET user_posts = user_posts $sign
      WHERE user_id = $user_id";
   if (!$db->sql_query($sql, END_TRANSACTION))

FIND - Line 486

Code:

include($phpbb_root_path . 'includes/functions_search.'.$phpEx);

if ( $mode != 'poll_delete' )
{
   $sql = "DELETE FROM " . POSTS_TABLE . "
      WHERE post_id = $post_id";
   if ( !$db->sql_query($sql) )
   {
      message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
   }

   $sql = "DELETE FROM " . POSTS_TEXT_TABLE . "
      WHERE post_id = $post_id";
   if ( !$db->sql_query($sql) )
   {
      message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
   }

   if ( $post_data['last_post'] )
   {
      if ( $post_data['first_post'] )
      {
         $forum_update_sql .= ', forum_topics = forum_topics - 1';
         $sql = "DELETE FROM " . TOPICS_TABLE . "
            WHERE topic_id = $topic_id
               OR topic_moved_id = $topic_id";
         if ( !$db->sql_query($sql) )
         {
            message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
         }

         $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . "
            WHERE topic_id = $topic_id";
         if ( !$db->sql_query($sql) )

REPLACE WITH

Code:

if ($mode != 'poll_delete')
{
   include($phpbb_root_path . 'includes/functions_search.'.$phpEx);

   $sql = "DELETE FROM " . POSTS_TABLE . "
      WHERE post_id = $post_id";
   if (!$db->sql_query($sql))
   {
      message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
   }

   $sql = "DELETE FROM " . POSTS_TEXT_TABLE . "
      WHERE post_id = $post_id";
   if (!$db->sql_query($sql))
   {
      message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
   }

   if ($post_data['last_post'])
   {
      if ($post_data['first_post'])
      {
         $forum_update_sql .= ', forum_topics = forum_topics - 1';
         $sql = "DELETE FROM " . TOPICS_TABLE . "
            WHERE topic_id = $topic_id
               OR topic_moved_id = $topic_id";
         if (!$db->sql_query($sql))
         {
            message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
         }

         $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . "
            WHERE topic_id = $topic_id";
         if (!$db->sql_query($sql))

FIND - Line 529

Code:

if ( $mode == 'poll_delete' || ( $mode == 'delete' && $post_data['first_post'] && $post_data['last_post'] ) && $post_data['has_poll'] && $post_data['edit_poll'] )
{
   $sql = "DELETE FROM " . VOTE_DESC_TABLE . "
      WHERE topic_id = $topic_id";
   if ( !$db->sql_query($sql) )
   {
      message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql);
   }

   $sql = "DELETE FROM " . VOTE_RESULTS_TABLE . "
      WHERE vote_id = $poll_id";
   if ( !$db->sql_query($sql) )
   {
      message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql);
   }

   $sql = "DELETE FROM " . VOTE_USERS_TABLE . "
      WHERE vote_id = $poll_id";
   if ( !$db->sql_query($sql) )
   {
      message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql);
   }
}

if ( $mode == 'delete' && $post_data['first_post'] && $post_data['last_post'] )

REPLACE WITH

Code:

if ($mode == 'poll_delete' || ($mode == 'delete' && $post_data['first_post'] && $post_data['last_post']) && $post_data['has_poll'] && $post_data['edit_poll'])
{
   $sql = "DELETE FROM " . VOTE_DESC_TABLE . "
      WHERE topic_id = $topic_id";
   if (!$db->sql_query($sql))
   {
      message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql);
   }

   $sql = "DELETE FROM " . VOTE_RESULTS_TABLE . "
      WHERE vote_id = $poll_id";
   if (!$db->sql_query($sql))
   {
      message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql);
   }

   $sql = "DELETE FROM " . VOTE_USERS_TABLE . "
      WHERE vote_id = $poll_id";
   if (!$db->sql_query($sql))
   {
      message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql);
   }
}

if ($mode == 'delete' && $post_data['first_post'] && $post_data['last_post'])

FIND - Line 561

Code:

$message = ( ( $mode == 'poll_delete' ) ? $lang['Poll_delete'] : $lang['Deleted'] ) . '<br /><br />' . sprintf($lang['Click_return_topic'], '<a href="' . append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id") . '">', '</a>');

REPLACE WITH

Code:

$message = (($mode == 'poll_delete') ? $lang['Poll_delete'] : $lang['Deleted']) . '<br /><br />' . sprintf($lang['Click_return_topic'], '<a href="' . append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id") . '">', '</a>');

FIND - Line 572

Code:

Forums Home Register Profile Log in to check your private messages Log in
FAQ Search Memberlist Tutorials Contact Us