################################################################################
##
##   Hack Title:		phpBB 2.0.7 - 2.0.8a Code Changes
##   Hack Version:		1.0.0 
##   Hack Author:		Complied by Thoul, code by phpBB Group
##   Hack Description:	All changes in phpBB made between phpBB 2.0.7 and 2.0.8a.
##
##   Compatibility:		2.0.7
##   Installation Level:	Easy
##   Installation Time:	15 minutes 
##
##   Files To Edit:		17
##						admin/admin_forumauth.php
##						admin/admin_forums.php
##						admin/admin_groups.php
##						admin/admin_ranks.php
##						admin/admin_smilies.php
##						admin/admin_styles.php
##						admin/admin_ug_auth.php
##						admin/admin_user_ban.php
##						admin/admin_users.php
##						admin/admin_words.php
##						admin/pagestart.php
##						includes/bbcode.php
##						includes/functions_search.php
##						includes/usercp_register.php
##						privmsg.php
##						login.php
##						search.php
##
##   Support:				http://www.phpbbhacks.com/forums 
##
################################################################################
##
##  You downloaded this hack from phpBBHacks.com,
##  the #1 source for phpBB related downloads.
##
##  Please visit http://www.phpbbhacks.com/forums for support.
##
################################################################################
##
##  This hack is released under the GPL License. 
##
################################################################################
##
##  BEFORE ADDING THIS HACK TO YOUR FORUM, please be sure to backup ALL
##  affected files.
##
################################################################################
##
##----------[ PLEASE NOTE ]------------------------------
##
## Once you have completed the code changes, create an install/ directory in your
## forum's root directory, and upload the update_to_208.php file that comes in any
## phpBB 2.0.8 download to the install/ directory. Run update_to_208.php by opening
## it via your web browser, just as you would a normal forum page. Afterward,
## delete the file and the install/ directory so that your forum is accessible
## again.

##
##----------[ PLEASE NOTE ]------------------------------
##
## This file includes changes introduced in the releases of phpBB 2.0.7a, 2.0.8, and
## 2.0.8a. The last three files to be edited, as will be noted again later, are
## those changes in the 2.0.7a and 2.0.8a releases. If you are upgrading from the
## original 2.0.7 release, apply all changes in this file. If you are upgrading
## from 2.0.7a, apply all changes except those noted later in the file. If upgrading
## from 2.0.8, apply only the one change to privmsg.php noted in the instructions
## for that file.

##
##----------[ OPEN ]-------------------------------------
##

admin/admin_forumauth.php

##
##----------[ FIND ]-------------------------------------
##

			$simple_ary = $simple_auth_ary[$HTTP_POST_VARS['simpleauth']];

##
##----------[ REPLACE WITH ]-----------------------------
##

			$simple_ary = $simple_auth_ary[intval($HTTP_POST_VARS['simpleauth'])];

##
##----------[ FIND ]-------------------------------------
##

			$sql = "UPDATE " . FORUMS_TABLE . " SET $sql WHERE forum_id = $forum_id";

##
##----------[ REPLACE WITH ]-----------------------------
##

			if (is_array($simple_ary))
			{
				$sql = "UPDATE " . FORUMS_TABLE . " SET $sql WHERE forum_id = $forum_id";
			}

##
##----------[ FIND ]-------------------------------------
##

				$value = $HTTP_POST_VARS[$forum_auth_fields[$i]];
##
##----------[ REPLACE WITH ]-----------------------------
##

				$value = intval($HTTP_POST_VARS[$forum_auth_fields[$i]]);


##
##----------[ OPEN ]-------------------------------------
##

admin/admin_forums.php

##
##----------[ FIND ]-------------------------------------
##

	$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];

##
##----------[ AFTER, ADD ]-------------------------------
##

	$mode = htmlspecialchars($mode);


##
##----------[ OPEN ]-------------------------------------
##

admin/admin_groups.php

##
##----------[ FIND ]-------------------------------------
##

	$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];

##
##----------[ AFTER, ADD ]-------------------------------
##

	$mode = htmlspecialchars($mode);


##
##----------[ OPEN ]-------------------------------------
##

admin/admin_ranks.php

##
##----------[ FIND ]-------------------------------------
##

	$mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];

##
##----------[ AFTER, ADD ]-------------------------------
##

	$mode = htmlspecialchars($mode);


##
##----------[ OPEN ]-------------------------------------
##

admin/admin_smilies.php

##
##----------[ FIND ]-------------------------------------
##

	$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];

##
##----------[ AFTER, ADD ]-------------------------------
##

	$mode = htmlspecialchars($mode);

##
##----------[ PLEASE NOTE ]------------------------------
##
## The following instructions are not a mistake. The same change must be made at
## two places in the file.

##
##----------[ FIND ]-------------------------------------
##

			$smiley_id = ( !empty($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id'];

##
##----------[ AFTER, ADD ]-------------------------------
##

			$smiley_id = intval($smiley_id);

##
##----------[ FIND ]-------------------------------------
##

			$smiley_id = ( !empty($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id'];

##
##----------[ AFTER, ADD ]-------------------------------
##
			$smiley_id = intval($smiley_id);


##
##----------[ OPEN ]-------------------------------------
##

admin/admin_styles.php

##
##----------[ FIND ]-------------------------------------
##

	$mode = ( isset($HTTP_GET_VARS['mode']) ) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];

##
##----------[ AFTER, ADD ]-------------------------------
##

	$mode = htmlspecialchars($mode);

##
##----------[ FIND ]-------------------------------------
##

				$style_id = $HTTP_GET_VARS['style_id'];

##
##----------[ REPLACE WITH ]-----------------------------
##

				$style_id = intval($HTTP_GET_VARS['style_id']);

##
##----------[ FIND ]-------------------------------------
##

				WHERE template_name = '$template_name'";

##
##----------[ REPLACE WITH ]-----------------------------
##

				WHERE template_name = '" . str_replace("\'", "''", $template_name) . "'";


##
##----------[ OPEN ]-------------------------------------
##

admin/admin_ug_auth.php

##
##----------[ FIND ]-------------------------------------
##

$group_id = intval($group_id);

##
##----------[ AFTER, ADD ]-------------------------------
##

$adv = intval($adv);
$mode = htmlspecialchars($mode);


##
##----------[ OPEN ]-------------------------------------
##

admin/admin_user_ban.php

##
##----------[ FIND ]-------------------------------------
##

				$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . $user_list[$i];

##
##----------[ REPLACE WITH ]-----------------------------
##

				$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . intval($user_list[$i]);

##
##----------[ FIND ]-------------------------------------
##

				$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . $ip_list[$i];

##
##----------[ REPLACE WITH ]-----------------------------
##

				$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . str_replace("\'", "''", $ip_list[$i]);

##
##----------[ FIND ]-------------------------------------
##

				$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . $email_list[$i];

##
##----------[ REPLACE WITH ]-----------------------------
##

				$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . str_replace("\'", "''", $email_list[$i]);


##
##----------[ OPEN ]-------------------------------------
##

admin/admin_users.php

##
##----------[ FIND ]-------------------------------------
##

	$mode = ( isset( $HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];

##
##----------[ AFTER, ADD ]-------------------------------
##

	$mode = htmlspecialchars($mode);

##
##----------[ FIND ]-------------------------------------
##

				$category = $HTTP_POST_VARS['avatarcategory'];

##
##----------[ REPLACE WITH ]-----------------------------
##

				$category = htmlspecialchars($HTTP_POST_VARS['avatarcategory']);


##
##----------[ OPEN ]-------------------------------------
##

admin/admin_words.php

##
##----------[ FIND ]-------------------------------------
##

	$mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];

##
##----------[ AFTER, ADD ]-------------------------------
##

	$mode = htmlspecialchars($mode);

##
##----------[ FIND ]-------------------------------------
##

		$word_id = ( isset($HTTP_GET_VARS['id']) ) ? $HTTP_GET_VARS['id'] : 0;

##
##----------[ REPLACE WITH ]-----------------------------
##

		$word_id = ( isset($HTTP_GET_VARS['id']) ) ? intval($HTTP_GET_VARS['id']) : 0;

##
##----------[ FIND ]-------------------------------------
##

		$word_id = ( isset($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : 0;

##
##----------[ REPLACE WITH ]-----------------------------
##

		$word_id = ( isset($HTTP_POST_VARS['id']) ) ? intval($HTTP_POST_VARS['id']) : 0;

##
##----------[ FIND ]-------------------------------------
##

			$word_id = ( isset($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id'];

##
##----------[ AFTER, ADD ]-------------------------------
##

			$word_id = intval($word_id);


##
##----------[ OPEN ]-------------------------------------
##

admin/pagestart.php

##
##----------[ FIND ]-------------------------------------
##

	redirect($url);

##
##----------[ REPLACE WITH ]-----------------------------
##

	redirect("index.$phpEx?sid=" . $userdata['session_id']);


##
##----------[ OPEN ]-------------------------------------
##

includes/bbcode.php

##
##----------[ FIND ]-------------------------------------
##

	$text = preg_replace("#\[img\]((ht|f)tp://)([^\r\n\t<\"]*?)\[/img\]#sie", "'[img:$uid]\\1' . str_replace(' ', '%20', '\\3') . '[/img:$uid]'", $text);

##
##----------[ REPLACE WITH ]-----------------------------
##

	$text = preg_replace("#\[img\]((ht|f)tp://)([^ \?&=\"\n\r\t<]*?(\.(jpg|jpeg|gif|png)))\[/img\]#sie", "'[img:$uid]\\1' . str_replace(' ', '%20', '\\3') . '[/img:$uid]'", $text);


##
##----------[ OPEN ]-------------------------------------
##

includes/functions_search.php

##
##----------[ FIND ]-------------------------------------
##

					case 'mssql':

##
##----------[ AFTER, ADD ]-------------------------------
##

					case 'mssql-odbc':

##
##----------[ FIND ]-------------------------------------
##

				case 'mssql':

##
##----------[ AFTER, ADD ]-------------------------------
##

				case 'mssql-odbc':


##
##----------[ OPEN ]-------------------------------------
##

includes/usercp_register.php

##
##----------[ FIND ]-------------------------------------
##

	$user_avatar_local = ( isset($HTTP_POST_VARS['avatarselect']) && !empty($HTTP_POST_VARS['submitavatar']) && $board_config['allow_avatar_local'] ) ? $HTTP_POST_VARS['avatarselect'] : ( ( isset($HTTP_POST_VARS['avatarlocal'])  ) ? htmlspecialchars($HTTP_POST_VARS['avatarlocal']) : '' );

##
##----------[ REPLACE WITH ]-----------------------------
##

	$user_avatar_local = ( isset($HTTP_POST_VARS['avatarselect']) && !empty($HTTP_POST_VARS['submitavatar']) && $board_config['allow_avatar_local'] ) ? htmlspecialchars($HTTP_POST_VARS['avatarselect']) : ( ( isset($HTTP_POST_VARS['avatarlocal'])  ) ? htmlspecialchars($HTTP_POST_VARS['avatarlocal']) : '' );


##
##----------[ PLEASE NOTE ]------------------------------
##
## All of the following changes, with one exception that will be noted, are changes
## introduced in phpBB 2.0.7a. If you have applied the 2.0.7a security patch or
## downloaded phpBB 2.0.7 after March 21, 2004, these changes will already be
## present in your phpBB. You may skip all of them except the one exception in
## privmsg.php.

##
##----------[ OPEN ]-------------------------------------
##

privmsg.php

##
##----------[ PLEASE NOTE ]------------------------------
##
## As mentioned above, the first change to this file was not part of the 2.0.7a
## security patch.  This change is the only change in the 2.0.8a security patch. If
## you are installing these changes on phpBB 2.0.7a, make sure you make this change.
## You can skip the rest.

##
##----------[ FIND ]-------------------------------------
##

			$pm_sql_user .= "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . "

##
##----------[ REPLACE WITH ]-----------------------------
##

			$pm_sql_user = "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . "

##
##----------[ FIND ]-------------------------------------
##

if ( $row = $db->sql_fetchrow($result) )
{
	do
	{
		$privmsg_id = $row['privmsgs_id'];

##
##----------[ REPLACE WITH ]-----------------------------
##

if ( $row = $db->sql_fetchrow($result) )
{
	$i = 0;
	do
	{
		$privmsg_id = $row['privmsgs_id'];

##
##----------[ FIND ]-------------------------------------
##

		$row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];

##
##----------[ AFTER, ADD ]-------------------------------
##

		$i++;


##
##----------[ OPEN ]-------------------------------------
##

login.php

##
##----------[ FIND ]-------------------------------------
##

						$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : "index.$phpEx";

##
##----------[ REPLACE WITH ]-----------------------------
##

						$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&amp;', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "index.$phpEx";

##
##----------[ FIND ]-------------------------------------
##

					$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : '';

##
##----------[ REPLACE WITH ]-----------------------------
##

					$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&amp;', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : '';

##
##----------[ FIND ]-------------------------------------
##

			$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : "";

##
##----------[ REPLACE WITH ]-----------------------------
##

			$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&amp;', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "";

##
##----------[ FIND ]-------------------------------------
##

			$url = (!empty($HTTP_POST_VARS['redirect'])) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : htmlspecialchars($HTTP_GET_VARS['redirect']);

##
##----------[ AFTER, ADD ]-------------------------------
##

			$url = str_replace('&amp;', '&', $url);

##
##----------[ FIND ]-------------------------------------
##

		$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : "index.$phpEx";

##
##----------[ REPLACE WITH ]-----------------------------
##

		$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&amp;', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "index.$phpEx";


##
##----------[ OPEN ]-------------------------------------
##

search.php

##
##----------[ FIND ]-------------------------------------
##

$show_results = ( isset($HTTP_POST_VARS['show_results']) ) ? $HTTP_POST_VARS['show_results'] : 'posts';

##
##----------[ AFTER, ADD ]-------------------------------
##

$show_results = ($show_results == 'topics') ? 'topics' : 'posts';

##
##----------[ FIND ]-------------------------------------
##

	$store_vars = array('search_results', 'total_match_count', 'split_search', 'sort_by', 'sort_dir', 'show_results', 'return_chars');

##
##----------[ AFTER, ADD ]-------------------------------
##

	$search_results = '';

##
##----------[ SAVE AND CLOSE ALL FILES ]-----------------
##
##     End
##