################################################################################ ## ## Hack Title: phpBB 2.0.6 - 2.0.7 Code Changes ## Hack Version: 1.0.0 ## Hack Author: Thoul, code by phpBB Group ## Hack Description: All changes in phpBB made between phpBB 2.0.6 and 2.0.7. ## ## Compatibility: 2.0.6 ## Installation Level: Easy ## Installation Time: 15 minutes ## ## Files To Edit: 17 ## groupcp.php ## index.php ## login.php ## memberlist.php ## modcp.php ## posting.php ## privmsg.php ## search.php ## viewforum.php ## viewtopic.php ## includes/auth.php ## includes/bbcode.php ## includes/functions_post.php ## includes/functions_search.php ## includes/topic_review.php ## includes/usercp_register.php ## templates/subSilver/index_body.tpl ## ## Support: http://www.phpbbhacks.com/forums ## ################################################################################ ## ## You downloaded this hack from phpBBHacks.com, ## the #1 source for phpBB related downloads. ## ## Please visit http://www.phpbbhacks.com/forums for support. ## ################################################################################ ## ## This hack is released under the GPL License. ## ################################################################################ ## ## BEFORE ADDING THIS HACK TO YOUR FORUM, please be sure to backup ALL ## affected files. ## ################################################################################ ## ##----------[ PLEASE NOTE ]------------------------------ ## ## Once you have completed the code changes, create an install/ directory in your ## forum's root directory, and upload the update_to_207.php file that comes in any ## phpBB 2.0.7 download to the install/ directory. Run update_to_207.php by opening ## it via your web browser, just as you would a normal forum page. Afterward, ## deleting the file and the install/ directory so that your forum is accessible ## again. ## ##----------[ OPEN ]------------------------------------- ## groupcp.php ## ##----------[ FIND ]------------------------------------- ## $mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode']; ## ##----------[ AFTER, ADD ]------------------------------- ## $mode = htmlspecialchars($mode); ## ##----------[ FIND ]------------------------------------- ## $sql_in .= ( ( $sql_in != '' ) ? ', ' : '' ) . $members[$i]; ## ##----------[ REPLACE WITH ]------------------------------- ## $sql_in .= ( ( $sql_in != '' ) ? ', ' : '' ) . intval($members[$i]); ## ##----------[ OPEN ]------------------------------------- ## index.php ## ##----------[ FIND ]------------------------------------- ## if( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not query categories list', '', __LINE__, __FILE__, $sql); } while( $category_rows[] = $db->sql_fetchrow($result) ); ## ##----------[ AFTER, ADD ]------------------------------- ## $db->sql_freeresult($result); ## ##----------[ FIND ]------------------------------------- ## while( $row = $db->sql_fetchrow($result) ) { $forum_data[] = $row; } ## ##----------[ AFTER, ADD ]------------------------------- ## $db->sql_freeresult($result); ## ##----------[ FIND ]------------------------------------- ## while( $topic_data = $db->sql_fetchrow($result) ) { $new_topic_data[$topic_data['forum_id']][$topic_data['topic_id']] = $topic_data['post_time']; } ## ##----------[ AFTER, ADD ]------------------------------- ## $db->sql_freeresult($result); ## ##----------[ FIND ]------------------------------------- ## while( $row = $db->sql_fetchrow($result) ) { $forum_moderators[$row['forum_id']][] = '' . $row['username'] . ''; } ## ##----------[ AFTER, ADD ]------------------------------- ## $db->sql_freeresult($result); ## ##----------[ FIND ]------------------------------------- ## while( $row = $db->sql_fetchrow($result) ) { $forum_moderators[$row['forum_id']][] = '' . $row['group_name'] . ''; } ## ##----------[ AFTER, ADD ]------------------------------- ## $db->sql_freeresult($result); ## ##----------[ OPEN ]------------------------------------- ## login.php ## ##----------[ FIND ]------------------------------------- ## if( $session_id ) { $url = ( !empty($HTTP_POST_VARS['redirect']) ) ? $HTTP_POST_VARS['redirect'] : "index.$phpEx"; redirect(append_sid($url, true)); } ## ##----------[ REPLACE WITH ]------------------------------- ## if( $session_id ) { $url = ( !empty($HTTP_POST_VARS['redirect']) ) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : "index.$phpEx"; redirect(append_sid($url, true)); } ## ##----------[ FIND ]------------------------------------- ## else { $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? $HTTP_POST_VARS['redirect'] : ''; $redirect = str_replace('?', '&', $redirect); $template->assign_vars(array( ## ##----------[ REPLACE WITH ]------------------------------- ## else { $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : ''; $redirect = str_replace('?', '&', $redirect); $template->assign_vars(array( ## ##----------[ FIND ]------------------------------------- ## else { $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? $HTTP_POST_VARS['redirect'] : ""; $redirect = str_replace("?", "&", $redirect); $template->assign_vars(array( ## ##----------[ REPLACE WITH ]------------------------------- ## else { $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : ""; $redirect = str_replace("?", "&", $redirect); $template->assign_vars(array( ## ##----------[ FIND ]------------------------------------- ## if (!empty($HTTP_POST_VARS['redirect']) || !empty($HTTP_GET_VARS['redirect'])) { $url = (!empty($HTTP_POST_VARS['redirect'])) ? $HTTP_POST_VARS['redirect'] : $HTTP_GET_VARS['redirect']; redirect(append_sid($url, true)); } else { redirect(append_sid("index.$phpEx", true)); } } else { $url = ( !empty($HTTP_POST_VARS['redirect']) ) ? $HTTP_POST_VARS['redirect'] : "index.$phpEx"; redirect(append_sid($url, true)); } ## ##----------[ REPLACE WITH ]------------------------------- ## if (!empty($HTTP_POST_VARS['redirect']) || !empty($HTTP_GET_VARS['redirect'])) { $url = (!empty($HTTP_POST_VARS['redirect'])) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : htmlspecialchars($HTTP_GET_VARS['redirect']); redirect(append_sid($url, true)); } else { redirect(append_sid("index.$phpEx", true)); } } else { $url = ( !empty($HTTP_POST_VARS['redirect']) ) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : "index.$phpEx"; redirect(append_sid($url, true)); } ## ##----------[ OPEN ]------------------------------------- ## memberlist.php ## ##----------[ FIND ]------------------------------------- ## $i++; } while ( $row = $db->sql_fetchrow($result) ); ## ##----------[ AFTER, ADD ]------------------------------- ## $db->sql_freeresult($result); ## ##----------[ FIND ]------------------------------------- ## $pagination = generate_pagination("memberlist.$phpEx?mode=$mode&order=$sort_order", $total_members, $board_config['topics_per_page'], $start). ' '; } ## ##----------[ AFTER, ADD ]------------------------------- ## $db->sql_freeresult($result); ## ##----------[ OPEN ]------------------------------------- ## modcp.php ## ##----------[ FIND ]------------------------------------- ## $mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode']; ## ##----------[ AFTER, ADD ]------------------------------- ## $mode = htmlspecialchars($mode); ## ##----------[ OPEN ]------------------------------------- ## posting.php ## ##----------[ FIND ]------------------------------------- ## $$var = ( !empty($HTTP_POST_VARS[$param]) ) ? $HTTP_POST_VARS[$param] : $HTTP_GET_VARS[$param]; ## ##----------[ REPLACE WITH ]------------------------------- ## $$var = ( !empty($HTTP_POST_VARS[$param]) ) ? htmlspecialchars($HTTP_POST_VARS[$param]) : htmlspecialchars($HTTP_GET_VARS[$param]); ## ##----------[ FIND ]------------------------------------- ## $post_info = $db->sql_fetchrow($result); ## ##----------[ AFTER, ADD ]------------------------------- ## $db->sql_freeresult($result); ## ##----------[ FIND ]------------------------------------- ## $poll_results_sum += $row['vote_result']; } while ( $row = $db->sql_fetchrow($result) ); } ## ##----------[ AFTER, ADD ]------------------------------- ## $db->sql_freeresult($result); ## ##----------[ FIND ]------------------------------------- ## $notify_user = ( $db->sql_fetchrow($result) ) ? TRUE : $userdata['user_notify']; ## ##----------[ AFTER, ADD ]------------------------------- ## $db->sql_freeresult($result); ## ##----------[ FIND ]------------------------------------- ## if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not obtain user vote data for this topic', '', __LINE__, __FILE__, $sql); } if ( !($row = $db->sql_fetchrow($result)) ) ## ##----------[ REPLACE WITH ]------------------------------- ## if ( !($result2 = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not obtain user vote data for this topic', '', __LINE__, __FILE__, $sql); } if ( !($row = $db->sql_fetchrow($result2)) ) ## ##----------[ FIND ]------------------------------------- ## $message = $lang['Already_voted']; } } else { $message = $lang['No_vote_option']; } ## ##----------[ REPLACE WITH ]------------------------------- ## $message = $lang['Already_voted']; } $db->sql_freeresult($result2); } else { $message = $lang['No_vote_option']; } $db->sql_freeresult($result); ## ##----------[ OPEN ]------------------------------------- ## privmsg.php ## ##----------[ FIND ]------------------------------------- ## $folder = ( isset($HTTP_POST_VARS['folder']) ) ? $HTTP_POST_VARS['folder'] : $HTTP_GET_VARS['folder']; ## ##----------[ AFTER, ADD ]------------------------------- ## $folder = htmlspecialchars($folder); ## ##----------[ FIND ]------------------------------------- ## // session id check if (!empty($HTTP_POST_VARS['sid']) || !empty($HTTP_GET_VARS['sid'])) { $sid = (!empty($HTTP_POST_VARS['sid'])) ? $HTTP_POST_VARS['sid'] : $HTTP_GET_VARS['sid']; } else { $sid = ''; } ## ##----------[ REPLACE WITH ]----------------------------- ## Yes, there's supposed to be nothing here - you want to delete the above code. ## ##----------[ FIND ]------------------------------------- ## $mode = ( !empty($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode']; ## ##----------[ AFTER, ADD ]------------------------------- ## $mode = htmlspecialchars($mode); ## ##----------[ OPEN ]------------------------------------- ## search.php ## ##----------[ FIND ]------------------------------------- ## if ( intval($search_id) ) ## ##----------[ REPLACE WITH ]------------------------------- ## $search_id = intval($search_id); if ( $search_id ) ## ##----------[ OPEN ]------------------------------------- ## viewforum.php ## ##----------[ FIND ]------------------------------------- ## $topic_days = ( !empty($HTTP_POST_VARS['topicdays']) ) ? $HTTP_POST_VARS['topicdays'] : $HTTP_GET_VARS['topicdays']; ## ##----------[ REPLACE WITH ]------------------------------- ## $topic_days = ( !empty($HTTP_POST_VARS['topicdays']) ) ? intval($HTTP_POST_VARS['topicdays']) : intval($HTTP_GET_VARS['topicdays']); ## ##----------[ OPEN ]------------------------------------- ## viewtopic.php ## ##----------[ FIND ]------------------------------------- ## $post_days = ( !empty($HTTP_POST_VARS['postdays']) ) ? $HTTP_POST_VARS['postdays'] : $HTTP_GET_VARS['postdays']; ## ##----------[ REPLACE WITH ]------------------------------- ## $post_days = ( !empty($HTTP_POST_VARS['postdays']) ) ? intval($HTTP_POST_VARS['postdays']) : intval($HTTP_GET_VARS['postdays']); ## ##----------[ FIND ]------------------------------------- ## $post_order = (!empty($HTTP_POST_VARS['postorder'])) ? $HTTP_POST_VARS['postorder'] : $HTTP_GET_VARS['postorder']; ## ##----------[ REPLACE WITH ]------------------------------- ## $post_order = (!empty($HTTP_POST_VARS['postorder'])) ? htmlspecialchars($HTTP_POST_VARS['postorder']) : htmlspecialchars($HTTP_GET_VARS['postorder']); ## ##----------[ OPEN ]------------------------------------- ## includes/auth.php ## ##----------[ FIND ]------------------------------------- ## $u_access[$row['forum_id']][] = $row; } } while( $row = $db->sql_fetchrow($result) ); } ## ##----------[ AFTER, ADD ]------------------------------- ## $db->sql_freeresult($result); ## ##----------[ OPEN ]------------------------------------- ## includes/bbcode.php ## ##----------[ FIND ]------------------------------------- ## $bbcode_tpl['url4'] = str_replace('{DESCRIPTION}', '\\5', $bbcode_tpl['url4']); ## ##----------[ REPLACE WITH ]------------------------------- ## $bbcode_tpl['url4'] = str_replace('{DESCRIPTION}', '\\3', $bbcode_tpl['url4']); ## ##----------[ FIND ]------------------------------------- ## $replacements[] = $bbcode_tpl['img']; // matches a [url]xxxx://www.phpbb.com[/url] code.. $patterns[] = "#\[url\]([\w]+?://.*?[^ \"\n\r\t<]*?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url1']; // [url]www.phpbb.com[/url] code.. (no xxxx:// prefix). $patterns[] = "#\[url\]((www|ftp)\.([\w\-]+\.)*?[\w\-]+\.[a-z]{2,4}(:?[0-9]*?/[^ \"\n\r\t<]*)?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url2']; // [url=xxxx://www.phpbb.com]phpBB[/url] code.. $patterns[] = "#\[url=([\w]+?://.*?[^ \"\n\r\t<]*?)\](.*?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url3']; // [url=www.phpbb.com]phpBB[/url] code.. (no xxxx:// prefix). $patterns[] = "#\[url=((www|ftp)\.([\w\-]+\.)*?[\w\-]+\.[a-z]{2,4}(:?[0-9]*?/[^ \"\n\r\t<]*)?)\](.*?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url4']; ## ##----------[ REPLACE WITH ]------------------------------- ## $replacements[] = $bbcode_tpl['img']; // matches a [url]xxxx://www.phpbb.com[/url] code.. $patterns[] = "#\[url\]([\w]+?://[^ \"\n\r\t<]*?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url1']; // [url]www.phpbb.com[/url] code.. (no xxxx:// prefix). $patterns[] = "#\[url\]((www|ftp)\.[^ \"\n\r\t<]*?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url2']; // [url=xxxx://www.phpbb.com]phpBB[/url] code.. $patterns[] = "#\[url=([\w]+?://[^ \"\n\r\t<]*?)\](.*?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url3']; // [url=www.phpbb.com]phpBB[/url] code.. (no xxxx:// prefix). $patterns[] = "#\[url=((www|ftp)\.[^ \"\n\r\t<]*?)\](.*?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url4']; ## ##----------[ FIND ]------------------------------------- ## // matches an "xxxx://yyyy" URL at the start of a line, or after a space. // xxxx can only be alpha characters. // yyyy is anything up to the first space, newline, comma, double quote or < $ret = preg_replace("#(^|[\n ])([\w]+?://.*?[^ \"\n\r\t<]*)#is", "\\1\\2", $ret); // matches a "www|ftp.xxxx.yyyy[/zzzz]" kinda lazy URL thing // Must contain at least 2 dots. xxxx contains either alphanum, or "-" // zzzz is optional.. will contain everything up to the first space, newline, // comma, double quote or <. $ret = preg_replace("#(^|[\n ])((www|ftp)\.[\w\-]+\.[\w\-.\~]+(?:/[^ \"\t\n\r<]*)?)#is", "\\1\\2", $ret); ## ##----------[ REPLACE WITH ]------------------------------- ## // matches an "xxxx://yyyy" URL at the start of a line, or after a space. // xxxx can only be alpha characters. // yyyy is anything up to the first space, newline, comma, double quote or < $ret = preg_replace("#(^|[\n ])([\w]+?://[^ \"\n\r\t<]*)#is", "\\1\\2", $ret); // matches a "www|ftp.xxxx.yyyy[/zzzz]" kinda lazy URL thing // Must contain at least 2 dots. xxxx contains either alphanum, or "-" // zzzz is optional.. will contain everything up to the first space, newline, // comma, double quote or <. $ret = preg_replace("#(^|[\n ])((www|ftp)\.[^ \"\t\n\r<]*)#is", "\\1\\2", $ret); ## ##----------[ OPEN ]------------------------------------- ## includes/functions_post.php ## ##----------[ FIND ]------------------------------------- ## $tagallowed = (preg_match('#^<\/?' . $match_tag . ' .*?(style[\t ]*?=|on[\w]+[\t ]*?=)#i', $hold_string)) ? false : true; ## ##----------[ REPLACE WITH ]------------------------------- ## $tagallowed = (preg_match('#^<\/?' . $match_tag . ' .*?(style[ ]*?=|on[\w]+[ ]*?=)#i', $hold_string)) ? false : true; ## ##----------[ FIND ]------------------------------------- ## if (!$end_html || ($end_html != strlen($message) && $tmp_message != '')) ## ##----------[ REPLACE WITH ]------------------------------- ## if ($end_html != strlen($message) && $tmp_message != '') ## ##----------[ OPEN ]------------------------------------- ## includes/functions_search.php ## ##----------[ FIND ]------------------------------------- ## if ( $match_sql != '' ) { $sql = "INSERT IGNORE INTO " . SEARCH_MATCH_TABLE . " (post_id, word_id, title_match) SELECT $post_id, word_id, $title_match FROM " . SEARCH_WORD_TABLE . " WHERE word_text IN ($match_sql)"; ## ##----------[ REPLACE WITH ]------------------------------- ## if ( $match_sql != '' ) { $sql = "INSERT INTO " . SEARCH_MATCH_TABLE . " (post_id, word_id, title_match) SELECT $post_id, word_id, $title_match FROM " . SEARCH_WORD_TABLE . " WHERE word_text IN ($match_sql)"; ## ##----------[ OPEN ]------------------------------------- ## includes/topic_review.php ## ##----------[ FIND ]------------------------------------- ## if ( !($forum_row = $db->sql_fetchrow($result)) ) { message_die(GENERAL_MESSAGE, 'Topic_post_not_exist'); } ## ##----------[ AFTER, ADD ]------------------------------- ## $db->sql_freeresult($result); ## ##----------[ FIND ]------------------------------------- ## else { message_die(GENERAL_MESSAGE, 'Topic_post_not_exist', '', __LINE__, __FILE__, $sql); } ## ##----------[ AFTER, ADD ]------------------------------- ## $db->sql_freeresult($result); ## ##----------[ OPEN ]------------------------------------- ## includes/usercp_register.php ## ##----------[ FIND ]------------------------------------- ## $avatar_category = ( !empty($HTTP_POST_VARS['avatarcategory']) ) ? $HTTP_POST_VARS['avatarcategory'] : ''; ## ##----------[ REPLACE WITH ]------------------------------- ## $avatar_category = ( !empty($HTTP_POST_VARS['avatarcategory']) ) ? htmlspecialchars($HTTP_POST_VARS['avatarcategory']) : ''; ## ##----------[ OPEN ]------------------------------------- ## templates/subSilver/index_body.tpl ## ##----------[ FIND ]------------------------------------- ##
{L_NEW_POSTS} {L_NEW_POSTS}    {L_NO_NEW_POSTS} {L_NO_NEW_POSTS}    {L_FORUM_LOCKED} {L_FORUM_LOCKED}
## ##----------[ REPLACE WITH ]------------------------------- ##
{L_NEW_POSTS} {L_NEW_POSTS}    {L_NO_NEW_POSTS} {L_NO_NEW_POSTS}    {L_FORUM_LOCKED} {L_FORUM_LOCKED}
## ##----------[ SAVE AND CLOSE ALL FILES ]----------------- ## ## End ##