################################################################################
##
## Hack Title: phpBB 2.0.9 - 2.0.10 Code Changes
## Hack Version: 1.0.0
## Hack Author: Complied by Thoul, code by phpBB Group
## Hack Description: All changes in phpBB made between 2.0.9 and 2.0.10.
##
## Compatibility: 2.0.9
## Installation Level: Easy
## Installation Time: 15 minutes
##
## Files To Edit: 6
## admin/admin_board.php
## admin/admin_styles.php
## common.php
## login.php
## search.php
## includes/functions.php
##
## Support: http://www.phpbbhacks.com/forums
##
################################################################################
##
## You downloaded this hack from phpBBHacks.com,
## the #1 source for phpBB related downloads.
##
## Please visit http://www.phpbbhacks.com/forums for support.
##
################################################################################
##
## This hack is released under the GPL License.
##
################################################################################
##
## BEFORE ADDING THIS HACK TO YOUR FORUM, please be sure to backup ALL
## affected files.
##
################################################################################
##
##----------[ PLEASE NOTE ]------------------------------
##
## Once you have completed the code changes, create an install/ directory in
## your forum's root directory, and upload the update_to_210.php file that
## comes in any phpBB 2.0.10 download to the install/ directory. Run
## update_to_210.php by opening it via your web browser, just as you would a
## normal forum page. Afterward, delete the file and the install/ directory so
## that your forum is accessible again.
##
##----------[ OPEN ]-------------------------------------
##
admin/admin_board.php
##
##----------[ FIND ]-------------------------------------
##
$default_config[$config_name] = str_replace("'", "\'", $config_value);
##
##----------[ REPLACE WITH ]-----------------------------
##
$default_config[$config_name] = isset($HTTP_POST_VARS['submit']) ? str_replace("'", "\'", $config_value) : $config_value;
##
##----------[ OPEN ]-------------------------------------
##
admin/admin_styles.php
##
##----------[ FIND ]-------------------------------------
##
$no_page_header = (!empty($HTTP_POST_VARS['send_file']) || $cancel) ? TRUE : FALSE;
require('./pagestart.' . $phpEx);
##
##----------[ AFTER, ADD ]-------------------------------
##
$confirm = ( isset($HTTP_POST_VARS['confirm']) ) ? TRUE : FALSE;
$cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? TRUE : FALSE;
##
##----------[ OPEN ]-------------------------------------
##
common.php
##
##----------[ FIND ]-------------------------------------
##
unset_vars(${$var_prefix . $var . $var_suffix});
##
##----------[ AFTER, ADD ]-------------------------------
##
@reset(${$var_prefix . $var . $var_suffix});
##
##----------[ FIND ]-------------------------------------
##
unset_vars(${$var});
##
##----------[ AFTER, ADD ]-------------------------------
##
@reset(${$var});
##
##----------[ FIND ]-------------------------------------
##
unset_vars(${'_FILES'});
##
##----------[ AFTER, ADD ]-------------------------------
##
@reset(${'_FILES'});
##
##----------[ FIND ]-------------------------------------
##
unset_vars(${'HTTP_POST_FILES'});
##
##----------[ AFTER, ADD ]-------------------------------
##
@reset(${'HTTP_POST_FILES'});
##
##----------[ FIND ]-------------------------------------
##
//
// addslashes to vars if magic_quotes_gpc is off
// this is a security precaution to prevent someone
// trying to break out of a SQL statement.
//
##
##----------[ BEFORE, ADD ]------------------------------
##
// PHP5 with register_long_arrays off?
if (!isset($HTTP_POST_VARS) && isset($_POST))
{
$HTTP_POST_VARS = $_POST;
$HTTP_GET_VARS = $_GET;
$HTTP_SERVER_VARS = $_SERVER;
$HTTP_COOKIE_VARS = $_COOKIE;
$HTTP_ENV_VARS = $_ENV;
$HTTP_POST_FILES = $_FILES;
}
##
##----------[ OPEN ]-------------------------------------
##
login.php
##
##----------[ FIND ]-------------------------------------
##
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : '';
$redirect = str_replace('?', '&', $redirect);
##
##----------[ AFTER, ADD ]-------------------------------
##
if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r"))
{
message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
}
##
##----------[ FIND ]-------------------------------------
##
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "";
$redirect = str_replace("?", "&", $redirect);
##
##----------[ AFTER, ADD ]-------------------------------
##
if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r"))
{
message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
}
##
##----------[ OPEN ]-------------------------------------
##
search.php
##
##----------[ FIND ]-------------------------------------
##
$search_author = ( isset($HTTP_POST_VARS['search_author']) ) ? $HTTP_POST_VARS['search_author'] : $HTTP_GET_VARS['search_author'];
##
##----------[ AFTER, ADD ]-------------------------------
##
$search_author = htmlspecialchars($search_author);
##
##----------[ OPEN ]-------------------------------------
##
includes/functions.php
##
##----------[ FIND ]-------------------------------------
##
if ( !empty($SID) )
{
$boxstring .= '';
}
##
##----------[ REPLACE WITH ]-----------------------------
##
// Let the jumpbox work again in sites having additional session id checks.
// if ( !empty($SID) )
// {
$boxstring .= '';
// }
##
##----------[ FIND ]-------------------------------------
##
if (!empty($db))
{
$db->sql_close();
}
##
##----------[ AFTER, ADD ]-------------------------------
##
if (strstr(urldecode($url), "\n") || strstr(urldecode($url), "\r"))
{
message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
}
##
##----------[ SAVE AND CLOSE ALL FILES ]-----------------
##
## End
##