phpBB 2.0.19 to phpBB 2.0.20 Code Changes
These are the code changes introduced between phpBB 2.0.19 and phpBB 2.0.20. If you have installed many hacks on a forum, but wish to update it, these may help you. It is often easier to apply code changes such as these instead of replacing and rehacking your current files.
These code changes use the following instruction labels:
filename - The name of a file to be edited. Equivalent to an OPEN action in a hack or modification.
FIND - This indicates lines of code you should locate. Changes will be made in reference to this code.
REPLACE WITH - This code should completely replace the code in the preceding FIND instruction.
AFTER, ADD - The code in this instruction should be added on a new line after the last line of code in the preceding FIND instruction.
BEFORE, ADD - The code in this instruction should be added on a new line before the first line of code in the preceding FIND instruction.
FIND AND DELETE - Locate the code in this instruction as with a FIND statement, and then delete the code.
INLINE - This will always precede one of the other labels. An example would be INLINE FIND. INLINE labels work in the same way as the normal labels, with the exception that they operate on a smaller portion of a specific line referenced in the previous FIND instruction. Any new code added in an INLINE instruction should be placed on the same line, instead of on a new line.
Once you have completed the code changes, create an install/ directory in your forum's root directory, and upload the update_to_latest.php file that comes in any phpBB 2.0.20 download to the install/ directory. Run update_to_latest.php by opening it via your web browser, just as you would a normal forum page. Afterward, delete the file and the install/ directory so that your forum is accessible again.
Now, onward to the file changes!
admin/admin_board.php
FIND
FIND
Code:
REPLACE WITH $cookie_name = str_replace('.', '_', $new['cookie_name']);
Code:
FIND $new['cookie_name'] = str_replace('.', '_', $new['cookie_name']);
}
// Attempt to prevent a common mistake with this value,
// http:// is the protocol and not part of the server name
if ($config_name == 'server_name')
{
$new['server_name'] = str_replace('http://', '', $new['server_name']);
}
// Attempt to prevent a common mistake with this value,
// http:// is the protocol and not part of the server name
if ($config_name == 'server_name')
{
$new['server_name'] = str_replace('http://', '', $new['server_name']);
Code:
AFTER, ADD
"L_FLOOD_INTERVAL_EXPLAIN" => $lang['Flood_Interval_explain'],
Code:
FIND "L_SEARCH_FLOOD_INTERVAL" => $lang['Search_Flood_Interval'],
"L_SEARCH_FLOOD_INTERVAL_EXPLAIN" => $lang['Search_Flood_Interval_explain'],
"L_SEARCH_FLOOD_INTERVAL_EXPLAIN" => $lang['Search_Flood_Interval_explain'],
Code:
AFTER, ADD "FLOOD_INTERVAL" => $new['flood_interval'],
Code:
"SEARCH_FLOOD_INTERVAL" => $new['search_flood_interval'],
admin/admin_db_utilities.php
FIND
FIND
Code:
REPLACE WITH unset($schema_vals);
unset($schema_fields);
unset($schema_insert);
unset($schema_fields);
unset($schema_insert);
Code:
FIND $schema_vals = '';
$schema_fields = '';
$schema_insert = '';
$schema_fields = '';
$schema_insert = '';
Code:
REPLACE WITH if ($empty($strVal))
Code:
if (empty($strVal))
admin/admin_forums.php
FIND
FIND
Code:
REPLACE WITH "auth_post" => AUTH_ALL,
"auth_reply" => AUTH_ALL,
"auth_reply" => AUTH_ALL,
Code:
"auth_post" => AUTH_REG,
"auth_reply" => AUTH_REG,
"auth_reply" => AUTH_REG,
admin/admin_groups.php
FIND
FIND
Code:
REPLACE WITH $sql = "SELECT user_id, username
FROM " . USERS_TABLE . "
WHERE user_id <> " . ANONYMOUS . "
ORDER BY username";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain user info for moderator list', '', __LINE__, __FILE__, $sql);
}
while ( $row = $db->sql_fetchrow($result) )
{
if ( $row['user_id'] == $group_info['group_moderator'] )
{
$group_moderator = $row['username'];
}
}
FROM " . USERS_TABLE . "
WHERE user_id <> " . ANONYMOUS . "
ORDER BY username";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain user info for moderator list', '', __LINE__, __FILE__, $sql);
}
while ( $row = $db->sql_fetchrow($result) )
{
if ( $row['user_id'] == $group_info['group_moderator'] )
{
$group_moderator = $row['username'];
}
}
Code:
FIND if ($group_info['group_moderator'] != '')
{
$sql = "SELECT user_id, username
FROM " . USERS_TABLE . "
WHERE user_id = " . $group_info['group_moderator'];
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain user info for moderator list', '', __LINE__, __FILE__, $sql);
}
if ( !($row = $db->sql_fetchrow($result)) )
{
message_die(GENERAL_ERROR, 'Could not obtain user info for moderator list', '', __LINE__, __FILE__, $sql);
}
$group_moderator = $row['username'];
}
else
{
$group_moderator = '';
}
{
$sql = "SELECT user_id, username
FROM " . USERS_TABLE . "
WHERE user_id = " . $group_info['group_moderator'];
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain user info for moderator list', '', __LINE__, __FILE__, $sql);
}
if ( !($row = $db->sql_fetchrow($result)) )
{
message_die(GENERAL_ERROR, 'Could not obtain user info for moderator list', '', __LINE__, __FILE__, $sql);
}
$group_moderator = $row['username'];
}
else
{
$group_moderator = '';
}
Code:
REPLACE WITH $group_name = isset($HTTP_POST_VARS['group_name']) ? trim($HTTP_POST_VARS['group_name']) : '';
Code:
$group_name = isset($HTTP_POST_VARS['group_name']) ? htmlspecialchars(trim($HTTP_POST_VARS['group_name'])) : '';
admin/admin_ranks.php
FIND AND DELETE
FIND AND DELETE
Code:
FINDdefine('IN_PHPBB', 1);
Code:
BEFORE, ADD//
// Let's set the root dir for phpBB
//
// Let's set the root dir for phpBB
//
Code:
FINDdefine('IN_PHPBB', 1);
Code:
REPLACE WITH $mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
Code:
FIND $mode = (isset($HTTP_GET_VARS['mode'])) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
Code:
BEFORE, ADDif( $mode != "" )
Code:
FIND// Restrict mode input to valid options
$mode = ( in_array($mode, array('add', 'edit', 'save', 'delete')) ) ? $mode : '';
$mode = ( in_array($mode, array('add', 'edit', 'save', 'delete')) ) ? $mode : '';
Code:
REPLACE WITH if( $rank_id )
Code:
FIND $confirm = isset($HTTP_POST_VARS['confirm']);
if( $rank_id && $confirm )
if( $rank_id && $confirm )
Code:
REPLACE WITH else
{
message_die(GENERAL_MESSAGE, $lang['Must_select_rank']);
}
}
else
{
//
// They didn't feel like giving us any information. Oh, too bad, we'll just display the
// list then...
//
$template->set_filenames(array(
"body" => "admin/ranks_list_body.tpl")
);
$sql = "SELECT * FROM " . RANKS_TABLE . "
ORDER BY rank_min, rank_title";
if( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't obtain ranks data", "", __LINE__, __FILE__, $sql);
}
$rank_rows = $db->sql_fetchrowset($result);
$rank_count = count($rank_rows);
$template->assign_vars(array(
"L_RANKS_TITLE" => $lang['Ranks_title'],
"L_RANKS_TEXT" => $lang['Ranks_explain'],
"L_RANK" => $lang['Rank_title'],
"L_RANK_MINIMUM" => $lang['Rank_minimum'],
"L_SPECIAL_RANK" => $lang['Special_rank'],
"L_EDIT" => $lang['Edit'],
"L_DELETE" => $lang['Delete'],
"L_ADD_RANK" => $lang['Add_new_rank'],
"L_ACTION" => $lang['Action'],
"S_RANKS_ACTION" => append_sid("admin_ranks.$phpEx"))
);
for( $i = 0; $i < $rank_count; $i++)
{
$rank = $rank_rows[$i]['rank_title'];
$special_rank = $rank_rows[$i]['rank_special'];
$rank_id = $rank_rows[$i]['rank_id'];
$rank_min = $rank_rows[$i]['rank_min'];
if($special_rank)
{
$rank_min = $rank_max = "-";
}
$row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
$row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];
$template->assign_block_vars("ranks", array(
"ROW_COLOR" => "#" . $row_color,
"ROW_CLASS" => $row_class,
"RANK" => $rank,
"RANK_MIN" => $rank_min,
"SPECIAL_RANK" => ( $special_rank == 1 ) ? $lang['Yes'] : $lang['No'],
"U_RANK_EDIT" => append_sid("admin_ranks.$phpEx?mode=edit&id=$rank_id"),
"U_RANK_DELETE" => append_sid("admin_ranks.$phpEx?mode=delete&id=$rank_id"))
);
}
}
}
else
{
//
// Show the default page
//
$template->set_filenames(array(
"body" => "admin/ranks_list_body.tpl")
);
$sql = "SELECT * FROM " . RANKS_TABLE . "
ORDER BY rank_min ASC, rank_special ASC";
if( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't obtain ranks data", "", __LINE__, __FILE__, $sql);
}
$rank_count = $db->sql_numrows($result);
$rank_rows = $db->sql_fetchrowset($result);
$template->assign_vars(array(
"L_RANKS_TITLE" => $lang['Ranks_title'],
"L_RANKS_TEXT" => $lang['Ranks_explain'],
"L_RANK" => $lang['Rank_title'],
"L_RANK_MINIMUM" => $lang['Rank_minimum'],
"L_SPECIAL_RANK" => $lang['Rank_special'],
"L_EDIT" => $lang['Edit'],
"L_DELETE" => $lang['Delete'],
"L_ADD_RANK" => $lang['Add_new_rank'],
"L_ACTION" => $lang['Action'],
"S_RANKS_ACTION" => append_sid("admin_ranks.$phpEx"))
);
for($i = 0; $i < $rank_count; $i++)
{
$rank = $rank_rows[$i]['rank_title'];
$special_rank = $rank_rows[$i]['rank_special'];
$rank_id = $rank_rows[$i]['rank_id'];
$rank_min = $rank_rows[$i]['rank_min'];
if( $special_rank == 1 )
{
$rank_min = $rank_max = "-";
}
$row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
$row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];
$rank_is_special = ( $special_rank ) ? $lang['Yes'] : $lang['No'];
$template->assign_block_vars("ranks", array(
"ROW_COLOR" => "#" . $row_color,
"ROW_CLASS" => $row_class,
"RANK" => $rank,
"SPECIAL_RANK" => $rank_is_special,
"RANK_MIN" => $rank_min,
"U_RANK_EDIT" => append_sid("admin_ranks.$phpEx?mode=edit&id=$rank_id"),
"U_RANK_DELETE" => append_sid("admin_ranks.$phpEx?mode=delete&id=$rank_id"))
);
}
{
message_die(GENERAL_MESSAGE, $lang['Must_select_rank']);
}
}
else
{
//
// They didn't feel like giving us any information. Oh, too bad, we'll just display the
// list then...
//
$template->set_filenames(array(
"body" => "admin/ranks_list_body.tpl")
);
$sql = "SELECT * FROM " . RANKS_TABLE . "
ORDER BY rank_min, rank_title";
if( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't obtain ranks data", "", __LINE__, __FILE__, $sql);
}
$rank_rows = $db->sql_fetchrowset($result);
$rank_count = count($rank_rows);
$template->assign_vars(array(
"L_RANKS_TITLE" => $lang['Ranks_title'],
"L_RANKS_TEXT" => $lang['Ranks_explain'],
"L_RANK" => $lang['Rank_title'],
"L_RANK_MINIMUM" => $lang['Rank_minimum'],
"L_SPECIAL_RANK" => $lang['Special_rank'],
"L_EDIT" => $lang['Edit'],
"L_DELETE" => $lang['Delete'],
"L_ADD_RANK" => $lang['Add_new_rank'],
"L_ACTION" => $lang['Action'],
"S_RANKS_ACTION" => append_sid("admin_ranks.$phpEx"))
);
for( $i = 0; $i < $rank_count; $i++)
{
$rank = $rank_rows[$i]['rank_title'];
$special_rank = $rank_rows[$i]['rank_special'];
$rank_id = $rank_rows[$i]['rank_id'];
$rank_min = $rank_rows[$i]['rank_min'];
if($special_rank)
{
$rank_min = $rank_max = "-";
}
$row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
$row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];
$template->assign_block_vars("ranks", array(
"ROW_COLOR" => "#" . $row_color,
"ROW_CLASS" => $row_class,
"RANK" => $rank,
"RANK_MIN" => $rank_min,
"SPECIAL_RANK" => ( $special_rank == 1 ) ? $lang['Yes'] : $lang['No'],
"U_RANK_EDIT" => append_sid("admin_ranks.$phpEx?mode=edit&id=$rank_id"),
"U_RANK_DELETE" => append_sid("admin_ranks.$phpEx?mode=delete&id=$rank_id"))
);
}
}
}
else
{
//
// Show the default page
//
$template->set_filenames(array(
"body" => "admin/ranks_list_body.tpl")
);
$sql = "SELECT * FROM " . RANKS_TABLE . "
ORDER BY rank_min ASC, rank_special ASC";
if( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't obtain ranks data", "", __LINE__, __FILE__, $sql);
}
$rank_count = $db->sql_numrows($result);
$rank_rows = $db->sql_fetchrowset($result);
$template->assign_vars(array(
"L_RANKS_TITLE" => $lang['Ranks_title'],
"L_RANKS_TEXT" => $lang['Ranks_explain'],
"L_RANK" => $lang['Rank_title'],
"L_RANK_MINIMUM" => $lang['Rank_minimum'],
"L_SPECIAL_RANK" => $lang['Rank_special'],
"L_EDIT" => $lang['Edit'],
"L_DELETE" => $lang['Delete'],
"L_ADD_RANK" => $lang['Add_new_rank'],
"L_ACTION" => $lang['Action'],
"S_RANKS_ACTION" => append_sid("admin_ranks.$phpEx"))
);
for($i = 0; $i < $rank_count; $i++)
{
$rank = $rank_rows[$i]['rank_title'];
$special_rank = $rank_rows[$i]['rank_special'];
$rank_id = $rank_rows[$i]['rank_id'];
$rank_min = $rank_rows[$i]['rank_min'];
if( $special_rank == 1 )
{
$rank_min = $rank_max = "-";
}
$row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
$row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];
$rank_is_special = ( $special_rank ) ? $lang['Yes'] : $lang['No'];
$template->assign_block_vars("ranks", array(
"ROW_COLOR" => "#" . $row_color,
"ROW_CLASS" => $row_class,
"RANK" => $rank,
"SPECIAL_RANK" => $rank_is_special,
"RANK_MIN" => $rank_min,
"U_RANK_EDIT" => append_sid("admin_ranks.$phpEx?mode=edit&id=$rank_id"),
"U_RANK_DELETE" => append_sid("admin_ranks.$phpEx?mode=delete&id=$rank_id"))
);
}
Code:
elseif( $rank_id && !$confirm)
{
// Present the confirmation screen to the user
$template->set_filenames(array(
'body' => 'admin/confirm_body.tpl')
);
$hidden_fields = '<input type="hidden" name="mode" value="delete" /><input type="hidden" name="id" value="' . $rank_id . '" />';
$template->assign_vars(array(
'MESSAGE_TITLE' => $lang['Confirm'],
'MESSAGE_TEXT' => $lang['Confirm_delete_rank'],
'L_YES' => $lang['Yes'],
'L_NO' => $lang['No'],
'S_CONFIRM_ACTION' => append_sid("admin_ranks.$phpEx"),
'S_HIDDEN_FIELDS' => $hidden_fields)
);
}
else
{
message_die(GENERAL_MESSAGE, $lang['Must_select_rank']);
}
}
$template->pparse("body");
include('./page_footer_admin.'.$phpEx);
}
//
// Show the default page
//
$template->set_filenames(array(
"body" => "admin/ranks_list_body.tpl")
);
$sql = "SELECT * FROM " . RANKS_TABLE . "
ORDER BY rank_min ASC, rank_special ASC";
if( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't obtain ranks data", "", __LINE__, __FILE__, $sql);
}
$rank_count = $db->sql_numrows($result);
$rank_rows = $db->sql_fetchrowset($result);
$template->assign_vars(array(
"L_RANKS_TITLE" => $lang['Ranks_title'],
"L_RANKS_TEXT" => $lang['Ranks_explain'],
"L_RANK" => $lang['Rank_title'],
"L_RANK_MINIMUM" => $lang['Rank_minimum'],
"L_SPECIAL_RANK" => $lang['Rank_special'],
"L_EDIT" => $lang['Edit'],
"L_DELETE" => $lang['Delete'],
"L_ADD_RANK" => $lang['Add_new_rank'],
"L_ACTION" => $lang['Action'],
"S_RANKS_ACTION" => append_sid("admin_ranks.$phpEx"))
);
for($i = 0; $i < $rank_count; $i++)
{
$rank = $rank_rows[$i]['rank_title'];
$special_rank = $rank_rows[$i]['rank_special'];
$rank_id = $rank_rows[$i]['rank_id'];
$rank_min = $rank_rows[$i]['rank_min'];
if( $special_rank == 1 )
{
$rank_min = $rank_max = "-";
}
$row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
$row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];
$rank_is_special = ( $special_rank ) ? $lang['Yes'] : $lang['No'];
$template->assign_block_vars("ranks", array(
"ROW_COLOR" => "#" . $row_color,
"ROW_CLASS" => $row_class,
"RANK" => $rank,
"SPECIAL_RANK" => $rank_is_special,
"RANK_MIN" => $rank_min,
"U_RANK_EDIT" => append_sid("admin_ranks.$phpEx?mode=edit&id=$rank_id"),
"U_RANK_DELETE" => append_sid("admin_ranks.$phpEx?mode=delete&id=$rank_id"))
);
{
// Present the confirmation screen to the user
$template->set_filenames(array(
'body' => 'admin/confirm_body.tpl')
);
$hidden_fields = '<input type="hidden" name="mode" value="delete" /><input type="hidden" name="id" value="' . $rank_id . '" />';
$template->assign_vars(array(
'MESSAGE_TITLE' => $lang['Confirm'],
'MESSAGE_TEXT' => $lang['Confirm_delete_rank'],
'L_YES' => $lang['Yes'],
'L_NO' => $lang['No'],
'S_CONFIRM_ACTION' => append_sid("admin_ranks.$phpEx"),
'S_HIDDEN_FIELDS' => $hidden_fields)
);
}
else
{
message_die(GENERAL_MESSAGE, $lang['Must_select_rank']);
}
}
$template->pparse("body");
include('./page_footer_admin.'.$phpEx);
}
//
// Show the default page
//
$template->set_filenames(array(
"body" => "admin/ranks_list_body.tpl")
);
$sql = "SELECT * FROM " . RANKS_TABLE . "
ORDER BY rank_min ASC, rank_special ASC";
if( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't obtain ranks data", "", __LINE__, __FILE__, $sql);
}
$rank_count = $db->sql_numrows($result);
$rank_rows = $db->sql_fetchrowset($result);
$template->assign_vars(array(
"L_RANKS_TITLE" => $lang['Ranks_title'],
"L_RANKS_TEXT" => $lang['Ranks_explain'],
"L_RANK" => $lang['Rank_title'],
"L_RANK_MINIMUM" => $lang['Rank_minimum'],
"L_SPECIAL_RANK" => $lang['Rank_special'],
"L_EDIT" => $lang['Edit'],
"L_DELETE" => $lang['Delete'],
"L_ADD_RANK" => $lang['Add_new_rank'],
"L_ACTION" => $lang['Action'],
"S_RANKS_ACTION" => append_sid("admin_ranks.$phpEx"))
);
for($i = 0; $i < $rank_count; $i++)
{
$rank = $rank_rows[$i]['rank_title'];
$special_rank = $rank_rows[$i]['rank_special'];
$rank_id = $rank_rows[$i]['rank_id'];
$rank_min = $rank_rows[$i]['rank_min'];
if( $special_rank == 1 )
{
$rank_min = $rank_max = "-";
}
$row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
$row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];
$rank_is_special = ( $special_rank ) ? $lang['Yes'] : $lang['No'];
$template->assign_block_vars("ranks", array(
"ROW_COLOR" => "#" . $row_color,
"ROW_CLASS" => $row_class,
"RANK" => $rank,
"SPECIAL_RANK" => $rank_is_special,
"RANK_MIN" => $rank_min,
"U_RANK_EDIT" => append_sid("admin_ranks.$phpEx?mode=edit&id=$rank_id"),
"U_RANK_DELETE" => append_sid("admin_ranks.$phpEx?mode=delete&id=$rank_id"))
);
admin/admin_smilies.php
FIND
FIND
Code:
REPLACE WITH $sql = "DELETE FROM " . SMILIES_TABLE . "
WHERE smilies_id = " . $smiley_id;
$result = $db->sql_query($sql);
if( !$result )
{
message_die(GENERAL_ERROR, "Couldn't delete smiley", "", __LINE__, __FILE__, $sql);
}
$message = $lang['smiley_del_success'] . "<br /><br />" . sprintf($lang['Click_return_smileadmin'], "<a href=\"" . append_sid("admin_smilies.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");
message_die(GENERAL_MESSAGE, $message);
WHERE smilies_id = " . $smiley_id;
$result = $db->sql_query($sql);
if( !$result )
{
message_die(GENERAL_ERROR, "Couldn't delete smiley", "", __LINE__, __FILE__, $sql);
}
$message = $lang['smiley_del_success'] . "<br /><br />" . sprintf($lang['Click_return_smileadmin'], "<a href=\"" . append_sid("admin_smilies.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");
message_die(GENERAL_MESSAGE, $message);
Code:
FIND $confirm = isset($HTTP_POST_VARS['confirm']);
if( $confirm )
{
$sql = "DELETE FROM " . SMILIES_TABLE . "
WHERE smilies_id = " . $smiley_id;
$result = $db->sql_query($sql);
if( !$result )
{
message_die(GENERAL_ERROR, "Couldn't delete smiley", "", __LINE__, __FILE__, $sql);
}
$message = $lang['smiley_del_success'] . "<br /><br />" . sprintf($lang['Click_return_smileadmin'], "<a href=\"" . append_sid("admin_smilies.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");
message_die(GENERAL_MESSAGE, $message);
}
else
{
// Present the confirmation screen to the user
$template->set_filenames(array(
'body' => 'admin/confirm_body.tpl')
);
$hidden_fields = '<input type="hidden" name="mode" value="delete" /><input type="hidden" name="id" value="' . $smiley_id . '" />';
$template->assign_vars(array(
'MESSAGE_TITLE' => $lang['Confirm'],
'MESSAGE_TEXT' => $lang['Confirm_delete_smiley'],
'L_YES' => $lang['Yes'],
'L_NO' => $lang['No'],
'S_CONFIRM_ACTION' => append_sid("admin_smilies.$phpEx"),
'S_HIDDEN_FIELDS' => $hidden_fields)
);
$template->pparse('body');
}
if( $confirm )
{
$sql = "DELETE FROM " . SMILIES_TABLE . "
WHERE smilies_id = " . $smiley_id;
$result = $db->sql_query($sql);
if( !$result )
{
message_die(GENERAL_ERROR, "Couldn't delete smiley", "", __LINE__, __FILE__, $sql);
}
$message = $lang['smiley_del_success'] . "<br /><br />" . sprintf($lang['Click_return_smileadmin'], "<a href=\"" . append_sid("admin_smilies.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");
message_die(GENERAL_MESSAGE, $message);
}
else
{
// Present the confirmation screen to the user
$template->set_filenames(array(
'body' => 'admin/confirm_body.tpl')
);
$hidden_fields = '<input type="hidden" name="mode" value="delete" /><input type="hidden" name="id" value="' . $smiley_id . '" />';
$template->assign_vars(array(
'MESSAGE_TITLE' => $lang['Confirm'],
'MESSAGE_TEXT' => $lang['Confirm_delete_smiley'],
'L_YES' => $lang['Yes'],
'L_NO' => $lang['No'],
'S_CONFIRM_ACTION' => append_sid("admin_smilies.$phpEx"),
'S_HIDDEN_FIELDS' => $hidden_fields)
);
$template->pparse('body');
}
Code:
REPLACE WITH $smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? trim($HTTP_POST_VARS['smile_code']) : trim($HTTP_GET_VARS['smile_code']);
$smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? trim($HTTP_POST_VARS['smile_url']) : trim($HTTP_GET_VARS['smile_url']);
$smile_url = phpbb_ltrim(basename($smile_url), "'");
$smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? trim($HTTP_POST_VARS['smile_emotion']) : trim($HTTP_GET_VARS['smile_emotion']);
$smile_id = ( isset($HTTP_POST_VARS['smile_id']) ) ? intval($HTTP_POST_VARS['smile_id']) : intval($HTTP_GET_VARS['smile_id']);
$smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? trim($HTTP_POST_VARS['smile_url']) : trim($HTTP_GET_VARS['smile_url']);
$smile_url = phpbb_ltrim(basename($smile_url), "'");
$smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? trim($HTTP_POST_VARS['smile_emotion']) : trim($HTTP_GET_VARS['smile_emotion']);
$smile_id = ( isset($HTTP_POST_VARS['smile_id']) ) ? intval($HTTP_POST_VARS['smile_id']) : intval($HTTP_GET_VARS['smile_id']);
Code:
FIND $smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? trim($HTTP_POST_VARS['smile_code']) : '';
$smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? trim($HTTP_POST_VARS['smile_url']) : '';
$smile_url = phpbb_ltrim(basename($smile_url), "'");
$smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? htmlspecialchars(trim($HTTP_POST_VARS['smile_emotion'])) : '';
$smile_id = ( isset($HTTP_POST_VARS['smile_id']) ) ? intval($HTTP_POST_VARS['smile_id']) : 0;
$smile_code = trim($smile_code);
$smile_url = trim($smile_url);
$smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? trim($HTTP_POST_VARS['smile_url']) : '';
$smile_url = phpbb_ltrim(basename($smile_url), "'");
$smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? htmlspecialchars(trim($HTTP_POST_VARS['smile_emotion'])) : '';
$smile_id = ( isset($HTTP_POST_VARS['smile_id']) ) ? intval($HTTP_POST_VARS['smile_id']) : 0;
$smile_code = trim($smile_code);
$smile_url = trim($smile_url);
Code:
REPLACE WITH $smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? $HTTP_POST_VARS['smile_code'] : $HTTP_GET_VARS['smile_code'];
$smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : $HTTP_GET_VARS['smile_url'];
$smile_url = phpbb_ltrim(basename($smile_url), "'");
$smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? $HTTP_POST_VARS['smile_emotion'] : $HTTP_GET_VARS['smile_emotion'];
$smile_code = trim($smile_code);
$smile_url = trim($smile_url);
$smile_emotion = trim($smile_emotion);
$smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : $HTTP_GET_VARS['smile_url'];
$smile_url = phpbb_ltrim(basename($smile_url), "'");
$smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? $HTTP_POST_VARS['smile_emotion'] : $HTTP_GET_VARS['smile_emotion'];
$smile_code = trim($smile_code);
$smile_url = trim($smile_url);
$smile_emotion = trim($smile_emotion);
Code:
$smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? $HTTP_POST_VARS['smile_code'] : '';
$smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : '';
$smile_url = phpbb_ltrim(basename($smile_url), "'");
$smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? htmlspecialchars(trim($HTTP_POST_VARS['smile_emotion'])) : '';
$smile_code = trim($smile_code);
$smile_url = trim($smile_url);
$smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : '';
$smile_url = phpbb_ltrim(basename($smile_url), "'");
$smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? htmlspecialchars(trim($HTTP_POST_VARS['smile_emotion'])) : '';
$smile_code = trim($smile_code);
$smile_url = trim($smile_url);
admin/admin_users.php
FIND
FIND
Code:
REPLACE WITH $user_style = ( $HTTP_POST_VARS['style'] ) ? intval( $HTTP_POST_VARS['style'] ) : $board_config['default_style'];
Code:
FIND AND DELETE $user_style = ( isset( $HTTP_POST_VARS['style'] ) ) ? intval( $HTTP_POST_VARS['style'] ) : $board_config['default_style'];
Code:
FIND $user_template = ( $HTTP_POST_VARS['template'] ) ? $HTTP_POST_VARS['template'] : $board_config['board_template'];
Code:
BEFORE, ADD $message .= $lang['Admin_user_updated'];
Code:
FIND // We remove all stored login keys since the password has been updated
// and change the current one (if applicable)
if ( !empty($passwd_sql) )
{
session_reset_keys($user_id, $user_ip);
}
// and change the current one (if applicable)
if ( !empty($passwd_sql) )
{
session_reset_keys($user_id, $user_ip);
}
Code:
REPLACE WITH $error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Admin_user_fail'];
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Admin_user_fail'];
Code:
message_die(GENERAL_ERROR, 'Admin_user_fail', '', __LINE__, __FILE__, $sql);
admin/admin_words.php
FIND AND DELETE
FIND AND DELETE
Code:
FINDdefine('IN_PHPBB', 1);
Code:
BEFORE, ADD//
// Load default header
//
// Load default header
//
Code:
FINDdefine('IN_PHPBB', 1);
Code:
REPLACE WITH $mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
Code:
FIND $mode = (isset($HTTP_GET_VARS['mode'])) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
Code:
BEFORE, ADDif( $mode != "" )
{
if( $mode == "edit" || $mode == "add" )
{
if( $mode == "edit" || $mode == "add" )
Code:
FIND// Restrict mode input to valid options
$mode = ( in_array($mode, array('add', 'edit', 'save', 'delete')) ) ? $mode : '';
$mode = ( in_array($mode, array('add', 'edit', 'save', 'delete')) ) ? $mode : '';
Code:
BEFORE, ADD $s_hidden_fields = '';
Code:
FIND $word_info = array('word' => '', 'replacement' => '');
Code:
REPLACE WITH if( $word_id )
{
$sql = "DELETE FROM " . WORDS_TABLE . "
WHERE word_id = $word_id";
{
$sql = "DELETE FROM " . WORDS_TABLE . "
WHERE word_id = $word_id";
Code:
FIND $confirm = isset($HTTP_POST_VARS['confirm']);
if( $word_id && $confirm )
{
$sql = "DELETE FROM " . WORDS_TABLE . "
WHERE word_id = $word_id";
if( $word_id && $confirm )
{
$sql = "DELETE FROM " . WORDS_TABLE . "
WHERE word_id = $word_id";
Code:
BEFORE, ADD else
{
message_die(GENERAL_MESSAGE, $lang['No_word_selected']);
{
message_die(GENERAL_MESSAGE, $lang['No_word_selected']);
Code:
FIND elseif( $word_id && !$confirm)
{
// Present the confirmation screen to the user
$template->set_filenames(array(
'body' => 'admin/confirm_body.tpl')
);
$hidden_fields = '<input type="hidden" name="mode" value="delete" /><input type="hidden" name="id" value="' . $word_id . '" />';
$template->assign_vars(array(
'MESSAGE_TITLE' => $lang['Confirm'],
'MESSAGE_TEXT' => $lang['Confirm_delete_word'],
'L_YES' => $lang['Yes'],
'L_NO' => $lang['No'],
'S_CONFIRM_ACTION' => append_sid("admin_words.$phpEx"),
'S_HIDDEN_FIELDS' => $hidden_fields)
);
}
{
// Present the confirmation screen to the user
$template->set_filenames(array(
'body' => 'admin/confirm_body.tpl')
);
$hidden_fields = '<input type="hidden" name="mode" value="delete" /><input type="hidden" name="id" value="' . $word_id . '" />';
$template->assign_vars(array(
'MESSAGE_TITLE' => $lang['Confirm'],
'MESSAGE_TEXT' => $lang['Confirm_delete_word'],
'L_YES' => $lang['Yes'],
'L_NO' => $lang['No'],
'S_CONFIRM_ACTION' => append_sid("admin_words.$phpEx"),
'S_HIDDEN_FIELDS' => $hidden_fields)
);
}
Code:
AFTER, ADD $word_rows = $db->sql_fetchrowset($result);
Code:
$db->sql_freeresult($result);
admin/page_header_admin.php
FIND
FIND
Code:
BEFORE, ADD$template->pparse('header');
Code:
// Work around for "current" Apache 2 + PHP module which seems to not
// cope with private cache control setting
if (!empty($HTTP_SERVER_VARS['SERVER_SOFTWARE']) && strstr($HTTP_SERVER_VARS['SERVER_SOFTWARE'], 'Apache/2'))
{
header ('Cache-Control: no-cache, pre-check=0, post-check=0');
}
else
{
header ('Cache-Control: private, pre-check=0, post-check=0, max-age=0');
}
header ('Expires: 0');
header ('Pragma: no-cache');
// cope with private cache control setting
if (!empty($HTTP_SERVER_VARS['SERVER_SOFTWARE']) && strstr($HTTP_SERVER_VARS['SERVER_SOFTWARE'], 'Apache/2'))
{
header ('Cache-Control: no-cache, pre-check=0, post-check=0');
}
else
{
header ('Cache-Control: private, pre-check=0, post-check=0, max-age=0');
}
header ('Expires: 0');
header ('Pragma: no-cache');
admin/pagestart.php
FIND AND DELETE
FIND AND DELETE
Code:
$url = str_replace(preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['server_name'])), '', $HTTP_SERVER_VARS['REQUEST_URI']);
$url = str_replace(preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['script_path'])), '', $url);
$url = str_replace('//', '/', $url);
$url = preg_replace('/sid=([^&]*)(&?)/i', '', $url);
$url = preg_replace('/\?$/', '', $url);
$url .= ((strpos($url, '?')) ? '&' : '?') . 'sid=' . $userdata['session_id'];
$url = str_replace(preg_replace('#^\/?(.*?)\/?$#', '\1', trim($board_config['script_path'])), '', $url);
$url = str_replace('//', '/', $url);
$url = preg_replace('/sid=([^&]*)(&?)/i', '', $url);
$url = preg_replace('/\?$/', '', $url);
$url .= ((strpos($url, '?')) ? '&' : '?') . 'sid=' . $userdata['session_id'];
common.php
FIND
FIND
Code:
AFTER, ADD$nav_links = array();
Code:
$dss_seeded = false;
db/mssql.php
FIND
FIND
Code:
REPLACE WITH $row[$key] = stripslashes($value);
Code:
FIND $row[$key] = ($value === ' ') ? '' : stripslashes($value);
Code:
REPLACE WITH $rowset[$i][$key] = stripslashes($value);
Code:
FIND $rowset[$i][$key] = ($value === ' ') ? '' : stripslashes($value);
Code:
REPLACE WITH $result = stripslashes($this->row[$query_id][$field]);
Code:
$result = ($this->row[$query_id][$field] === ' ') ? '' : stripslashes($this->row[$query_id][$field]);
includes/auth.php
FIND
FIND
Code:
AFTER, ADD $f_forum_id = $f_access[$k]['forum_id'];
Code:
FIND $u_access[$f_forum_id] = isset($u_access[$f_forum_id]) ? $u_access[$f_forum_id] : array();
Code:
AFTER, ADD $f_forum_id = $f_access[$k]['forum_id'];
Code:
$u_access[$f_forum_id] = isset($u_access[$f_forum_id]) ? $u_access[$f_forum_id] : array();
includes/bbcode.php
FIND
FIND
Code:
REPLACE WITH // This one gets first-passed..
$patterns[] = "#\[img:$uid\]([^?].*?)\[/img:$uid\]#i";
$replacements[] = $bbcode_tpl['img'];
// matches a [url]xxxx://www.phpbb.com[/url] code..
$patterns[] = "#\[url\]([\w]+?://([\w\#$%&~/.\-;:=,?@\]+]|\[(?!url=))*?)\[/url\]#is";
$replacements[] = $bbcode_tpl['url1'];
// [url]www.phpbb.com[/url] code.. (no xxxx:// prefix).
$patterns[] = "#\[url\]((www|ftp)\.([\w\#$%&~/.\-;:=,?@\]+]|\[(?!url=))*?)\[/url\]#is";
$patterns[] = "#\[img:$uid\]([^?].*?)\[/img:$uid\]#i";
$replacements[] = $bbcode_tpl['img'];
// matches a [url]xxxx://www.phpbb.com[/url] code..
$patterns[] = "#\[url\]([\w]+?://([\w\#$%&~/.\-;:=,?@\]+]|\[(?!url=))*?)\[/url\]#is";
$replacements[] = $bbcode_tpl['url1'];
// [url]www.phpbb.com[/url] code.. (no xxxx:// prefix).
$patterns[] = "#\[url\]((www|ftp)\.([\w\#$%&~/.\-;:=,?@\]+]|\[(?!url=))*?)\[/url\]#is";
Code:
FIND // This one gets first-passed..
$patterns[] = "#\[img:$uid\]([^?](?:[^\[]+|\[(?!url))*?)\[/img:$uid\]#i";
$replacements[] = $bbcode_tpl['img'];
// matches a [url]xxxx://www.phpbb.com[/url] code..
$patterns[] = "#\[url\]([\w]+?://([\w\#$%&~/.\-;:=,?@\]+]+|\[(?!url=))*?)\[/url\]#is";
$replacements[] = $bbcode_tpl['url1'];
// [url]www.phpbb.com[/url] code.. (no xxxx:// prefix).
$patterns[] = "#\[url\]((www|ftp)\.([\w\#$%&~/.\-;:=,?@\]+]+|\[(?!url=))*?)\[/url\]#is";
$patterns[] = "#\[img:$uid\]([^?](?:[^\[]+|\[(?!url))*?)\[/img:$uid\]#i";
$replacements[] = $bbcode_tpl['img'];
// matches a [url]xxxx://www.phpbb.com[/url] code..
$patterns[] = "#\[url\]([\w]+?://([\w\#$%&~/.\-;:=,?@\]+]+|\[(?!url=))*?)\[/url\]#is";
$replacements[] = $bbcode_tpl['url1'];
// [url]www.phpbb.com[/url] code.. (no xxxx:// prefix).
$patterns[] = "#\[url\]((www|ftp)\.([\w\#$%&~/.\-;:=,?@\]+]+|\[(?!url=))*?)\[/url\]#is";
Code:
REPLACE WITH $uid = md5(mt_rand());
Code:
$uid = dss_rand();
includes/functions.php
FIND
FIND
Code:
BEFORE, ADD//
// Get Userdata, $user can be username or user_id. If force_str is true, the username will be forced.
//
// Get Userdata, $user can be username or user_id. If force_str is true, the username will be forced.
//
Code:
FIND/**
* Our own generator of random values
* This uses a constantly changing value as the base for generating the values
* The board wide setting is updated once per page if this code is called
* With thanks to Anthrax101 for the inspiration on this one
* Added in phpBB 2.0.20
*/
function dss_rand()
{
global $db, $board_config, $dss_seeded;
$val = $board_config['rand_seed'] . microtime();
$val = md5($val);
$board_config['rand_seed'] = md5($board_config['rand_seed'] . $val . 'a');
if($dss_seeded !== true)
{
$sql = "UPDATE " . CONFIG_TABLE . " SET
config_value = '" . $board_config['rand_seed'] . "'
WHERE config_name = 'rand_seed'";
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Unable to reseed PRNG", "", __LINE__, __FILE__, $sql);
}
$dss_seeded = true;
}
return substr($val, 16);
}
* Our own generator of random values
* This uses a constantly changing value as the base for generating the values
* The board wide setting is updated once per page if this code is called
* With thanks to Anthrax101 for the inspiration on this one
* Added in phpBB 2.0.20
*/
function dss_rand()
{
global $db, $board_config, $dss_seeded;
$val = $board_config['rand_seed'] . microtime();
$val = md5($val);
$board_config['rand_seed'] = md5($board_config['rand_seed'] . $val . 'a');
if($dss_seeded !== true)
{
$sql = "UPDATE " . CONFIG_TABLE . " SET
config_value = '" . $board_config['rand_seed'] . "'
WHERE config_name = 'rand_seed'";
if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Unable to reseed PRNG", "", __LINE__, __FILE__, $sql);
}
$dss_seeded = true;
}
return substr($val, 16);
}
Code:
REPLACE WITH message_die(CRITICAL_ERROR, "Could not get theme data for themes_id [$style]");
Code:
FIND // We are trying to setup a style which does not exist in the database
// Try to fallback to the board default (if the user had a custom style)
// and then any users using this style to the default if it succeeds
if ( $style != $board_config['default_style'])
{
$sql = 'SELECT *
FROM ' . THEMES_TABLE . '
WHERE themes_id = ' . $board_config['default_style'];
if ( !($result = $db->sql_query($sql)) )
{
message_die(CRITICAL_ERROR, 'Could not query database for theme info');
}
if ( $row = $db->sql_fetchrow($result) )
{
$db->sql_freeresult($result);
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_style = ' . $board_config['default_style'] . "
WHERE user_style = $style";
if ( !($result = $db->sql_query($sql)) )
{
message_die(CRITICAL_ERROR, 'Could not update user theme info');
}
}
else
{
message_die(CRITICAL_ERROR, "Could not get theme data for themes_id [$style]");
}
}
else
{
message_die(CRITICAL_ERROR, "Could not get theme data for themes_id [$style]");
}
// Try to fallback to the board default (if the user had a custom style)
// and then any users using this style to the default if it succeeds
if ( $style != $board_config['default_style'])
{
$sql = 'SELECT *
FROM ' . THEMES_TABLE . '
WHERE themes_id = ' . $board_config['default_style'];
if ( !($result = $db->sql_query($sql)) )
{
message_die(CRITICAL_ERROR, 'Could not query database for theme info');
}
if ( $row = $db->sql_fetchrow($result) )
{
$db->sql_freeresult($result);
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_style = ' . $board_config['default_style'] . "
WHERE user_style = $style";
if ( !($result = $db->sql_query($sql)) )
{
message_die(CRITICAL_ERROR, 'Could not update user theme info');
}
}
else
{
message_die(CRITICAL_ERROR, "Could not get theme data for themes_id [$style]");
}
}
else
{
message_die(CRITICAL_ERROR, "Could not get theme data for themes_id [$style]");
}
Code:
REPLACE WITH $debug_text .= '</br /><br />Line : ' . $err_line . '<br />File : ' . basename($err_file);
Code:
FIND $debug_text .= '<br /><br />Line : ' . $err_line . '<br />File : ' . basename($err_file);
Code:
REPLACE WITH if ( empty($template) )
{
$template = new Template($phpbb_root_path . 'templates/' . $board_config['board_template']);
}
if ( empty($theme) )
{
$template = new Template($phpbb_root_path . 'templates/' . $board_config['board_template']);
}
if ( empty($theme) )
Code:
if ( empty($template) || empty($theme) )
includes/functions_post.php
FIND
FIND
Code:
REPLACE WITH $allowed_html_tags = split(',', $board_config['allow_html_tags']);
$end_html = 0;
$start_html = 1;
$tmp_message = '';
$message = ' ' . $message . ' ';
while ($start_html = strpos($message, '<', $start_html))
{
$tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1, ($start_html - $end_html - 1)));
if ($end_html = strpos($message, '>', $start_html))
{
$length = $end_html - $start_html + 1;
$hold_string = substr($message, $start_html, $length);
if (($unclosed_open = strrpos(' ' . $hold_string, '<')) != 1)
{
$tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($hold_string, 0, $unclosed_open - 1));
$hold_string = substr($hold_string, $unclosed_open - 1);
}
$tagallowed = false;
for ($i = 0; $i < sizeof($allowed_html_tags); $i++)
{
$match_tag = trim($allowed_html_tags[$i]);
if (preg_match('#^<\/?' . $match_tag . '[> ]#i', $hold_string))
{
$tagallowed = (preg_match('#^<\/?' . $match_tag . ' .*?(style[\t ]*?=|on[\w]+[\t ]*?=)#i', $hold_string)) ? false : true;
}
}
$tmp_message .= ($length && !$tagallowed) ? preg_replace($html_entities_match, $html_entities_replace, $hold_string) : $hold_string;
$start_html += $length;
}
else
{
$tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $start_html, strlen($message)));
$start_html = strlen($message);
$end_html = $start_html;
}
}
if (!$end_html || ($end_html != strlen($message) && $tmp_message != ''))
{
$tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1));
}
$message = ($tmp_message != '') ? trim($tmp_message) : trim($message);
$end_html = 0;
$start_html = 1;
$tmp_message = '';
$message = ' ' . $message . ' ';
while ($start_html = strpos($message, '<', $start_html))
{
$tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1, ($start_html - $end_html - 1)));
if ($end_html = strpos($message, '>', $start_html))
{
$length = $end_html - $start_html + 1;
$hold_string = substr($message, $start_html, $length);
if (($unclosed_open = strrpos(' ' . $hold_string, '<')) != 1)
{
$tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($hold_string, 0, $unclosed_open - 1));
$hold_string = substr($hold_string, $unclosed_open - 1);
}
$tagallowed = false;
for ($i = 0; $i < sizeof($allowed_html_tags); $i++)
{
$match_tag = trim($allowed_html_tags[$i]);
if (preg_match('#^<\/?' . $match_tag . '[> ]#i', $hold_string))
{
$tagallowed = (preg_match('#^<\/?' . $match_tag . ' .*?(style[\t ]*?=|on[\w]+[\t ]*?=)#i', $hold_string)) ? false : true;
}
}
$tmp_message .= ($length && !$tagallowed) ? preg_replace($html_entities_match, $html_entities_replace, $hold_string) : $hold_string;
$start_html += $length;
}
else
{
$tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $start_html, strlen($message)));
$start_html = strlen($message);
$end_html = $start_html;
}
}
if (!$end_html || ($end_html != strlen($message) && $tmp_message != ''))
{
$tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1));
}
$message = ($tmp_message != '') ? trim($tmp_message) : trim($message);
Code:
FIND // If HTML is on, we try to make it safe
// This approach is quite agressive and anything that does not look like a valid tag
// is going to get converted to HTML entities
$message = stripslashes($message);
$html_match = '#<[^\w<]*(\w+)((?:"[^"]*"|\'[^\']*\'|[^<>\'"])+)?>#';
$matches = array();
$message_split = preg_split($html_match, $message);
preg_match_all($html_match, $message, $matches);
$message = '';
foreach ($message_split as $part)
{
$tag = array(array_shift($matches[0]), array_shift($matches[1]), array_shift($matches[2]));
$message .= htmlspecialchars($part) . clean_html($tag);
}
$message = addslashes($message);
// This approach is quite agressive and anything that does not look like a valid tag
// is going to get converted to HTML entities
$message = stripslashes($message);
$html_match = '#<[^\w<]*(\w+)((?:"[^"]*"|\'[^\']*\'|[^<>\'"])+)?>#';
$matches = array();
$message_split = preg_split($html_match, $message);
preg_match_all($html_match, $message, $matches);
$message = '';
foreach ($message_split as $part)
{
$tag = array(array_shift($matches[0]), array_shift($matches[1]), array_shift($matches[2]));
$message .= htmlspecialchars($part) . clean_html($tag);
}
$message = addslashes($message);
Code:
REPLACE WITH $temp_option_text[$option_id] = htmlspecialchars($option_text);
Code:
FIND $temp_option_text[intval($option_id)] = htmlspecialchars($option_text);
Code:
BEFORE, ADD?>
Code:
/**
* Called from within prepare_message to clean included HTML tags if HTML is
* turned on for that post
* @param array $tag Matching text from the message to parse
*/
function clean_html($tag)
{
global $board_config;
if (empty($tag[0]))
{
return '';
}
$allowed_html_tags = preg_split('/, */', strtolower($board_config['allow_html_tags']));
$disallowed_attributes = '/^(?:style|on)/i';
// Check if this is an end tag
preg_match('/<[^\w\/]*\/[\W]*(\w+)/', $tag[0], $matches);
if (sizeof($matches))
{
if (in_array(strtolower($matches[1]), $allowed_html_tags))
{
return '</' . $matches[1] . '>';
}
else
{
return htmlspecialchars('</' . $matches[1] . '>');
}
}
// Check if this is an allowed tag
if (in_array(strtolower($tag[1]), $allowed_html_tags))
{
$attributes = '';
if (!empty($tag[2]))
{
preg_match_all('/[\W]*?(\w+)[\W]*?=[\W]*?(["\'])((?:(?!\2).)*)\2/', $tag[2], $test);
for ($i = 0; $i < sizeof($test[0]); $i++)
{
if (preg_match($disallowed_attributes, $test[1][$i]))
{
continue;
}
$attributes .= ' ' . $test[1][$i] . '=' . $test[2][$i] . str_replace(array('[', ']'), array('[', ']'), htmlspecialchars($test[3][$i])) . $test[2][$i];
}
}
if (in_array(strtolower($tag[1]), $allowed_html_tags))
{
return '<' . $tag[1] . $attributes . '>';
}
else
{
return htmlspecialchars('<' . $tag[1] . $attributes . '>');
}
}
// Finally, this is not an allowed tag so strip all the attibutes and escape it
else
{
return htmlspecialchars('<' . $tag[1] . '>');
}
}
* Called from within prepare_message to clean included HTML tags if HTML is
* turned on for that post
* @param array $tag Matching text from the message to parse
*/
function clean_html($tag)
{
global $board_config;
if (empty($tag[0]))
{
return '';
}
$allowed_html_tags = preg_split('/, */', strtolower($board_config['allow_html_tags']));
$disallowed_attributes = '/^(?:style|on)/i';
// Check if this is an end tag
preg_match('/<[^\w\/]*\/[\W]*(\w+)/', $tag[0], $matches);
if (sizeof($matches))
{
if (in_array(strtolower($matches[1]), $allowed_html_tags))
{
return '</' . $matches[1] . '>';
}
else
{
return htmlspecialchars('</' . $matches[1] . '>');
}
}
// Check if this is an allowed tag
if (in_array(strtolower($tag[1]), $allowed_html_tags))
{
$attributes = '';
if (!empty($tag[2]))
{
preg_match_all('/[\W]*?(\w+)[\W]*?=[\W]*?(["\'])((?:(?!\2).)*)\2/', $tag[2], $test);
for ($i = 0; $i < sizeof($test[0]); $i++)
{
if (preg_match($disallowed_attributes, $test[1][$i]))
{
continue;
}
$attributes .= ' ' . $test[1][$i] . '=' . $test[2][$i] . str_replace(array('[', ']'), array('[', ']'), htmlspecialchars($test[3][$i])) . $test[2][$i];
}
}
if (in_array(strtolower($tag[1]), $allowed_html_tags))
{
return '<' . $tag[1] . $attributes . '>';
}
else
{
return htmlspecialchars('<' . $tag[1] . $attributes . '>');
}
}
// Finally, this is not an allowed tag so strip all the attibutes and escape it
else
{
return htmlspecialchars('<' . $tag[1] . '>');
}
}
includes/prune.php
FIND
FIND
Code:
BEFORE, ADD $prune_all = ($prune_all) ? '' : 'AND t.topic_vote = 0 AND t.topic_type <> ' . POST_ANNOUNCE;
Code:
FIND // Before pruning, lets try to clean up the invalid topic entries
$sql = 'SELECT topic_id FROM ' . TOPICS_TABLE . '
WHERE topic_last_post_id = 0';
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain lists of topics to sync', '', __LINE__, __FILE__, $sql);
}
while( $row = $db->sql_fetchrow($result) )
{
sync('topic', $row['topic_id']);
}
$db->sql_freeresult($result);
$sql = 'SELECT topic_id FROM ' . TOPICS_TABLE . '
WHERE topic_last_post_id = 0';
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain lists of topics to sync', '', __LINE__, __FILE__, $sql);
}
while( $row = $db->sql_fetchrow($result) )
{
sync('topic', $row['topic_id']);
}
$db->sql_freeresult($result);
Code:
REPLACE WITH AND ( p.post_id = t.topic_last_post_id
OR t.topic_last_post_id = 0 )";
OR t.topic_last_post_id = 0 )";
Code:
AND p.post_id = t.topic_last_post_id";
includes/sessions.php
FIND
FIND
Code:
REPLACE WITH list($sec, $usec) = explode(' ', microtime());
mt_srand((float) $sec + ((float) $usec * 100000));
$session_id = md5(uniqid(mt_rand(), true));
mt_srand((float) $sec + ((float) $usec * 100000));
$session_id = md5(uniqid(mt_rand(), true));
Code:
FIND $session_id = md5(dss_rand());
Code:
REPLACE WITH list($sec, $usec) = explode(' ', microtime());
mt_srand(hexdec(substr($session_id, 0, 8)) + (float) $sec + ((float) $usec * 1000000));
$auto_login_key = uniqid(mt_rand(), true);
mt_srand(hexdec(substr($session_id, 0, 8)) + (float) $sec + ((float) $usec * 1000000));
$auto_login_key = uniqid(mt_rand(), true);
Code:
FIND $auto_login_key = dss_rand() . dss_rand();
Code:
BEFORE, ADD//
// Append $SID to a url. Borrowed from phplib and modified. This is an
// extra routine utilised by the session code above and acts as a wrapper
// Append $SID to a url. Borrowed from phplib and modified. This is an
// extra routine utilised by the session code above and acts as a wrapper
Code:
/**
* Reset all login keys for the specified user
* Called on password changes
*/
function session_reset_keys($user_id, $user_ip)
{
global $db, $userdata;
$key_sql = ($user_id == $userdata['user_id'] && !empty($userdata['session_key'])) ? "AND key_id != '" . md5($userdata['session_key']) . "'" : '';
$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . '
WHERE user_id = ' . (int) $user_id . "
$key_sql";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error removing auto-login keys', '', __LINE__, __FILE__, $sql);
}
$where_sql = 'session_user_id = ' . (int) $user_id;
$where_sql .= ($user_id == $userdata['user_id']) ? " AND session_id <> '" . $userdata['session_id'] . "'" : '';
$sql = 'DELETE FROM ' . SESSIONS_TABLE . "
WHERE $where_sql";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error removing user session(s)', '', __LINE__, __FILE__, $sql);
}
if ( !empty($key_sql) )
{
$auto_login_key = dss_rand() . dss_rand();
$current_time = time();
$sql = 'UPDATE ' . SESSIONS_KEYS_TABLE . "
SET last_ip = '$user_ip', key_id = '" . md5($auto_login_key) . "', last_login = $current_time
WHERE key_id = '" . md5($userdata['session_key']) . "'";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error updating session key', '', __LINE__, __FILE__, $sql);
}
// And now rebuild the cookie
$sessiondata['userid'] = $user_id;
$sessiondata['autologinid'] = $autologin_id;
$cookiename = $board_config['cookie_name'];
$cookiepath = $board_config['cookie_path'];
$cookiedomain = $board_config['cookie_domain'];
$cookiesecure = $board_config['cookie_secure'];
setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
$userdata['session_key'] = $auto_login_key;
unset($sessiondata);
unset($auto_login_key);
}
}
* Reset all login keys for the specified user
* Called on password changes
*/
function session_reset_keys($user_id, $user_ip)
{
global $db, $userdata;
$key_sql = ($user_id == $userdata['user_id'] && !empty($userdata['session_key'])) ? "AND key_id != '" . md5($userdata['session_key']) . "'" : '';
$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . '
WHERE user_id = ' . (int) $user_id . "
$key_sql";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error removing auto-login keys', '', __LINE__, __FILE__, $sql);
}
$where_sql = 'session_user_id = ' . (int) $user_id;
$where_sql .= ($user_id == $userdata['user_id']) ? " AND session_id <> '" . $userdata['session_id'] . "'" : '';
$sql = 'DELETE FROM ' . SESSIONS_TABLE . "
WHERE $where_sql";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error removing user session(s)', '', __LINE__, __FILE__, $sql);
}
if ( !empty($key_sql) )
{
$auto_login_key = dss_rand() . dss_rand();
$current_time = time();
$sql = 'UPDATE ' . SESSIONS_KEYS_TABLE . "
SET last_ip = '$user_ip', key_id = '" . md5($auto_login_key) . "', last_login = $current_time
WHERE key_id = '" . md5($userdata['session_key']) . "'";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error updating session key', '', __LINE__, __FILE__, $sql);
}
// And now rebuild the cookie
$sessiondata['userid'] = $user_id;
$sessiondata['autologinid'] = $autologin_id;
$cookiename = $board_config['cookie_name'];
$cookiepath = $board_config['cookie_path'];
$cookiedomain = $board_config['cookie_domain'];
$cookiesecure = $board_config['cookie_secure'];
setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
$userdata['session_key'] = $auto_login_key;
unset($sessiondata);
unset($auto_login_key);
}
}
includes/usercp_avatar.php
FIND
FIND
Code:
BEFORE, ADD if ( !preg_match("#^((ht|f)tp://)([^ \?&=\#\"\n\r\t<]*?(\.(jpg|jpeg|gif|png))$)#is", $avatar_filename) )
Code:
$avatar_filename = substr($avatar_filename, 0, 100);
includes/usercp_confirm.php
FIND
FIND
Code:
BEFORE, ADD $char = substr($code, -1);
Code:
$c = intval($HTTP_GET_VARS['c']);
$char = substr($code, $c - 1, 1);
$char = substr($code, $c - 1, 1);
includes/usercp_register.php
FIND
FIND
Code:
REPLACE WITH $signature = str_replace('<br />', "\n", $signature);
Code:
FIND AND DELETE $signature = (isset($signature)) ? str_replace('<br />', "\n", $signature) : '';
$signature_bbcode_uid = '';
$signature_bbcode_uid = '';
Code:
FIND // Only compare one char if the zlib-extension is not loaded
if (!@extension_loaded('zlib'))
{
$row['code'] = substr($row['code'], -1);
}
if (!@extension_loaded('zlib'))
{
$row['code'] = substr($row['code'], -1);
}
Code:
AFTER, ADD message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql);
}
}
Code:
// We remove all stored login keys since the password has been updated
// and change the current one (if applicable)
if ( !empty($passwd_sql) )
{
session_reset_keys($user_id, $user_ip);
}
FIND// We remove all stored login keys since the password has been updated
// and change the current one (if applicable)
if ( !empty($passwd_sql) )
{
session_reset_keys($user_id, $user_ip);
}
Code:
AFTER, ADD $email = stripslashes($email);
Code:
FIND $cur_password = '';
Code:
AFTER, ADD $email = $userdata['user_email'];
Code:
FIND $cur_password = '';
Code:
REPLACE WITH $confirm_chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9');
list($usec, $sec) = explode(' ', microtime());
mt_srand($sec * $usec);
$max_chars = count($confirm_chars) - 1;
$code = '';
for ($i = 0; $i < 6; $i++)
{
$code .= $confirm_chars[mt_rand(0, $max_chars)];
}
list($usec, $sec) = explode(' ', microtime());
mt_srand($sec * $usec);
$max_chars = count($confirm_chars) - 1;
$code = '';
for ($i = 0; $i < 6; $i++)
{
$code .= $confirm_chars[mt_rand(0, $max_chars)];
}
Code:
FIND // Generate the required confirmation code
// NB 0 (zero) could get confused with O (the letter) so we make change it
$code = dss_rand();
$code = strtoupper(str_replace('0', 'o', substr($code, 6)));
// NB 0 (zero) could get confused with O (the letter) so we make change it
$code = dss_rand();
$code = strtoupper(str_replace('0', 'o', substr($code, 6)));
Code:
REPLACE WITH 'USERNAME' => $username,
'CUR_PASSWORD' => $cur_password,
'NEW_PASSWORD' => $new_password,
'PASSWORD_CONFIRM' => $password_confirm,
'EMAIL' => $email,
'CUR_PASSWORD' => $cur_password,
'NEW_PASSWORD' => $new_password,
'PASSWORD_CONFIRM' => $password_confirm,
'EMAIL' => $email,
Code:
'USERNAME' => isset($username) ? $username : '',
'CUR_PASSWORD' => isset($cur_password) ? $cur_password : '',
'NEW_PASSWORD' => isset($new_password) ? $new_password : '',
'PASSWORD_CONFIRM' => isset($password_confirm) ? $password_confirm : '',
'EMAIL' => isset($email) ? $email : '',
'CUR_PASSWORD' => isset($cur_password) ? $cur_password : '',
'NEW_PASSWORD' => isset($new_password) ? $new_password : '',
'PASSWORD_CONFIRM' => isset($password_confirm) ? $password_confirm : '',
'EMAIL' => isset($email) ? $email : '',
index.php
FIND
FIND
Code:
REPLACE WITHwhile( $category_rows[] = $db->sql_fetchrow($result) );
Code:
FINDwhile ($row = $db->sql_fetchrow($result))
{
$category_rows[] = $row;
}
{
$category_rows[] = $row;
}
Code:
BEFORE, ADD //
// Okay, let's build the index
//
// Okay, let's build the index
//
Code:
FIND AND DELETE //
// Let's decide which categories we should display
//
$display_categories = array();
for ($i = 0; $i < $total_forums; $i++ )
{
if ($is_auth_ary[$forum_data[$i]['forum_id']]['auth_view'])
{
$display_categories[$forum_data[$i]['cat_id']] = true;
}
}
// Let's decide which categories we should display
//
$display_categories = array();
for ($i = 0; $i < $total_forums; $i++ )
{
if ($is_auth_ary[$forum_data[$i]['forum_id']]['auth_view'])
{
$display_categories[$forum_data[$i]['cat_id']] = true;
}
}
Code:
FIND // Should we display this category/forum set?
//
$display_forums = false;
for($j = 0; $j < $total_forums; $j++)
{
if ( $is_auth_ary[$forum_data[$j]['forum_id']]['auth_view'] && $forum_data[$j]['cat_id'] == $cat_id )
{
$display_forums = true;
}
}
//
//
$display_forums = false;
for($j = 0; $j < $total_forums; $j++)
{
if ( $is_auth_ary[$forum_data[$j]['forum_id']]['auth_view'] && $forum_data[$j]['cat_id'] == $cat_id )
{
$display_forums = true;
}
}
//
Code:
REPLACE WITH if ( $display_forums )
Code:
if (isset($display_categories[$cat_id]) && $display_categories[$cat_id])
language/lang_english/email/group_request.tpl
FIND
FIND
Code:
REPLACE WITHA user has requested to join a group you moderator on {SITENAME}.
Code:
A user has requested to join a group you moderate on {SITENAME}.
language/lang_english/email/user_activate_passwd.tpl
FIND
FIND
Code:
REPLACE WITHIf sucessful you will be able to login using the following password:
Code:
If successful you will be able to login using the following password:
language/lang_english/lang_admin.php
FIND
FIND
Code:
AFTER, ADD$lang['Autologin_time_explain'] = 'How long a autologin key is valid for in days if the user does not visit the board. Set to zero to disable expiry.';
Code:
FIND// Search Flood Control - added 2.0.20
$lang['Search_Flood_Interval'] = 'Search Flood Interval';
$lang['Search_Flood_Interval_explain'] = 'Number of seconds a user must wait between search requests';
$lang['Search_Flood_Interval'] = 'Search Flood Interval';
$lang['Search_Flood_Interval_explain'] = 'Number of seconds a user must wait between search requests';
Code:
AFTER, ADD$lang['Click_return_smileadmin'] = 'Click %sHere%s to return to Smiley Administration';
Code:
FIND$lang['Confirm_delete_smiley'] = 'Are you sure you want to delete this Smiley?';
Code:
AFTER, ADD$lang['Click_return_wordadmin'] = 'Click %sHere%s to return to Word Censor Administration';
Code:
$lang['Confirm_delete_word'] = 'Are you sure you want to delete this word censor?';
language/lang_english/lang_main.php
FIND
FIND
Code:
AFTER, ADD$lang['Found_search_matches'] = 'Search found %d matches'; // eg. Search found 24 matches
Code:
$lang['Search_Flood_Error'] = 'You cannot make another search so soon after your last; please try again in a short while.';
login.php
FIND
FIND
Code:
REPLACE WITH if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $board_config['max_login_attempts'] &&
$row['user_last_login_try'] >= (time() - ($board_config['login_reset_time'] * 60)) && $row['user_login_tries'] >= $board_config['max_login_attempts'])
$row['user_last_login_try'] >= (time() - ($board_config['login_reset_time'] * 60)) && $row['user_login_tries'] >= $board_config['max_login_attempts'])
Code:
FIND if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $board_config['max_login_attempts'] &&
$row['user_last_login_try'] >= (time() - ($board_config['login_reset_time'] * 60)) && $row['user_login_tries'] >= $board_config['max_login_attempts'] && $userdata['user_level'] != ADMIN)
$row['user_last_login_try'] >= (time() - ($board_config['login_reset_time'] * 60)) && $row['user_login_tries'] >= $board_config['max_login_attempts'] && $userdata['user_level'] != ADMIN)
Code:
REPLACE WITH else
{
// Save login tries and last login
{
// Save login tries and last login
Code:
// Only store a failed login attempt for an active user - inactive users can't login even with a correct password
elseif( $row['user_active'] )
{
// Save login tries and last login
elseif( $row['user_active'] )
{
// Save login tries and last login
memberlist.ph
FIND
FIND
Code:
REPLACE WITH $search_img = '<a href="' . $temp_url . '"><img src="' . $images['icon_search'] . '" alt="' . $lang['Search_user_posts'] . '" title="' . $lang['Search_user_posts'] . '" border="0" /></a>';
$search = '<a href="' . $temp_url . '">' . $lang['Search_user_posts'] . '</a>';
$search = '<a href="' . $temp_url . '">' . $lang['Search_user_posts'] . '</a>';
Code:
$search_img = '<a href="' . $temp_url . '"><img src="' . $images['icon_search'] . '" alt="' . sprintf($lang['Search_user_posts'], $username) . '" title="' . sprintf($lang['Search_user_posts'], $username) . '" border="0" /></a>';
$search = '<a href="' . $temp_url . '">' . sprintf($lang['Search_user_posts'], $username) . '</a>';
$search = '<a href="' . $temp_url . '">' . sprintf($lang['Search_user_posts'], $username) . '</a>';
modcp.php
FIND
FIND
Code:
BEFORE, ADD include($phpbb_root_path . 'includes/functions_search.'.$phpEx);
Code:
FIND if ( empty($HTTP_POST_VARS['topic_id_list']) && empty($topic_id) )
{
message_die(GENERAL_MESSAGE, $lang['None_selected']);
}
{
message_die(GENERAL_MESSAGE, $lang['None_selected']);
}
Code:
BEFORE, ADD $sql = "SELECT poster_id, COUNT(post_id) AS posts
FROM " . POSTS_TABLE . "
WHERE topic_id IN ($topic_id_sql)
FROM " . POSTS_TABLE . "
WHERE topic_id IN ($topic_id_sql)
Code:
FIND if ( $topic_id_sql == '')
{
message_die(GENERAL_MESSAGE, $lang['None_selected']);
}
{
message_die(GENERAL_MESSAGE, $lang['None_selected']);
}
Code:
BEFORE, ADD $sql = "SELECT post_id, poster_id, topic_id, post_time
FROM " . POSTS_TABLE . "
WHERE post_id IN ($post_id_sql)
FROM " . POSTS_TABLE . "
WHERE post_id IN ($post_id_sql)
Code:
FIND if ($post_id_sql == '')
{
message_die(GENERAL_MESSAGE, $lang['None_selected']);
}
{
message_die(GENERAL_MESSAGE, $lang['None_selected']);
}
Code:
REPLACE WITH $ip_this_post = ( $rdns_ip_num == $ip_this_post ) ? gethostbyaddr($ip_this_post) : $ip_this_post;
Code:
FIND $ip_this_post = ( $rdns_ip_num == $ip_this_post ) ? htmlspecialchars(gethostbyaddr($ip_this_post)) : $ip_this_post;
Code:
REPLACE WITH $ip = ( $rdns_ip_num == $row['poster_ip'] || $rdns_ip_num == 'all') ? gethostbyaddr($ip) : $ip;
Code:
$ip = ( $rdns_ip_num == $row['poster_ip'] || $rdns_ip_num == 'all') ? htmlspecialchars(gethostbyaddr($ip)) : $ip;
posting.php
FIND
FIND
Code:
REPLACE WITH $poll_options[$option_id] = htmlspecialchars(trim(stripslashes($option_text)));
Code:
$poll_options[intval($option_id)] = htmlspecialchars(trim(stripslashes($option_text)));
privmsg.php
FIND
FIND
Code:
REPLACE WITH $privmsg_subject = trim(strip_tags($HTTP_POST_VARS['subject']));
Code:
FIND $privmsg_subject = trim(htmlspecialchars($HTTP_POST_VARS['subject']));
Code:
REPLACE WITH message_die(GENERAL_ERROR, "Could not insert/update private message sent text.", "", __LINE__, __FILE__, $sql_info);
Code:
FIND message_die(GENERAL_ERROR, "Could not insert/update private message sent text.", "", __LINE__, __FILE__, $sql);
Code:
REPLACE WITH $privmsg_subject = ( isset($HTTP_POST_VARS['subject']) ) ? trim(strip_tags(stripslashes($HTTP_POST_VARS['subject']))) : '';
Code:
FIND $privmsg_subject = ( isset($HTTP_POST_VARS['subject']) ) ? trim(htmlspecialchars(stripslashes($HTTP_POST_VARS['subject']))) : '';
Code:
BEFORE, ADD $privmsg_subject = ( ( !preg_match('/^Re:/', $privmsg['privmsgs_subject']) ) ? 'Re: ' : '' ) . $privmsg['privmsgs_subject'];
Code:
FIND $orig_word = $replacement_word = array();
obtain_word_list($orig_word, $replace_word);
obtain_word_list($orig_word, $replace_word);
Code:
BEFORE, ADD $to_username = $privmsg['username'];
$to_userid = $privmsg['user_id'];
$to_userid = $privmsg['user_id'];
Code:
FIND $privmsg_subject = preg_replace($orig_word, $replacement_word, $privmsg_subject);
Code:
AFTER, ADD $privmsg_message = preg_replace('#</textarea>#si', '</textarea>', $privmsg_message);
Code:
FIND AND DELETE $privmsg_message = preg_replace($orig_word, $replacement_word, $privmsg_message);
Code:
$privmsg_subject = preg_replace($html_entities_match, $html_entities_replace, $privmsg_subject);
$privmsg_subject = str_replace('"', '"', $privmsg_subject);
$privmsg_subject = str_replace('"', '"', $privmsg_subject);
profile.php
FIND
FIND
Code:
REPLACE WITH $chars = array( 'a', 'A', 'b', 'B', 'c', 'C', 'd', 'D', 'e', 'E', 'f', 'F', 'g', 'G', 'h', 'H', 'i', 'I', 'j', 'J', 'k', 'K', 'l', 'L', 'm', 'M', 'n', 'N', 'o', 'O', 'p', 'P', 'q', 'Q', 'r', 'R', 's', 'S', 't', 'T', 'u', 'U', 'v', 'V', 'w', 'W', 'x', 'X', 'y', 'Y', 'z', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0');
$max_chars = count($chars) - 1;
srand( (double) microtime()*1000000);
$rand_str = '';
for($i = 0; $i < 8; $i++)
{
$rand_str = ( $i == 0 ) ? $chars[rand(0, $max_chars)] : $rand_str . $chars[rand(0, $max_chars)];
}
return ( $hash ) ? md5($rand_str) : $rand_str;
$max_chars = count($chars) - 1;
srand( (double) microtime()*1000000);
$rand_str = '';
for($i = 0; $i < 8; $i++)
{
$rand_str = ( $i == 0 ) ? $chars[rand(0, $max_chars)] : $rand_str . $chars[rand(0, $max_chars)];
}
return ( $hash ) ? md5($rand_str) : $rand_str;
Code:
$rand_str = dss_rand();
return ( $hash ) ? md5($rand_str) : substr($rand_str, 8);
return ( $hash ) ? md5($rand_str) : substr($rand_str, 8);
search.php
FIND
FIND
Code:
AFTER, ADD $limiter = 5000;
Code:
FIND $current_time = time();
Code:
AFTER, ADD if ( $search_id == 'newposts' || $search_id == 'egosearch' || $search_id == 'unanswered' || $search_keywords != '' || $search_author != '' )
{
{
Code:
FIND //
// Flood control
//
$where_sql = ($userdata['user_id'] == ANONYMOUS) ? "se.session_ip = '$user_ip'" : 'se.session_user_id = ' . $userdata['user_id'];
$sql = 'SELECT MAX(sr.search_time) AS last_search_time
FROM ' . SEARCH_TABLE . ' sr, ' . SESSIONS_TABLE . " se
WHERE sr.session_id = se.session_id
AND $where_sql";
if ($result = $db->sql_query($sql))
{
if ($row = $db->sql_fetchrow($result))
{
if (intval($row['last_search_time']) > 0 && ($current_time - intval($row['last_search_time'])) < intval($board_config['search_flood_interval']))
{
message_die(GENERAL_MESSAGE, $lang['Search_Flood_Error']);
}
}
}
// Flood control
//
$where_sql = ($userdata['user_id'] == ANONYMOUS) ? "se.session_ip = '$user_ip'" : 'se.session_user_id = ' . $userdata['user_id'];
$sql = 'SELECT MAX(sr.search_time) AS last_search_time
FROM ' . SEARCH_TABLE . ' sr, ' . SESSIONS_TABLE . " se
WHERE sr.session_id = se.session_id
AND $where_sql";
if ($result = $db->sql_query($sql))
{
if ($row = $db->sql_fetchrow($result))
{
if (intval($row['last_search_time']) > 0 && ($current_time - intval($row['last_search_time'])) < intval($board_config['search_flood_interval']))
{
message_die(GENERAL_MESSAGE, $lang['Search_Flood_Error']);
}
}
}
Code:
REPLACE WITH if (preg_match('#^[\*%]+$#', trim($search_author)) || preg_match('#^[^\*]{1,2}$#', str_replace(array('*', '%'), '', trim($search_author))))
Code:
FIND AND DELETE $search_author = str_replace('*', '%', trim($search_author));
if( ( strpos($search_author, '%') !== false ) && ( strlen(str_replace('%', '', $search_author)) < 3 ) )
if( ( strpos($search_author, '%') !== false ) && ( strlen(str_replace('%', '', $search_author)) < 3 ) )
Code:
FIND $search_author = str_replace('*', '%', trim($search_author));
Code:
REPLACE WITH if (preg_match('#^[\*%]+$#', trim($search_author)) || preg_match('#^[^\*]{1,2}$#', str_replace(array('*', '%'), '', trim($search_author))))
Code:
FIND AND DELETE $search_author = str_replace('*', '%', trim($search_author));
if( ( strpos($search_author, '%') !== false ) && ( strlen(str_replace('%', '', $search_author)) < 3 ) )
if( ( strpos($search_author, '%') !== false ) && ( strlen(str_replace('%', '', $search_author)) < 3 ) )
Code:
FIND $search_author = str_replace('*', '%', trim(str_replace("\'", "''", $search_author)));
Code:
REPLACE WITH // Finish building query (for all combinations)
// and run it ...
//
$sql = "SELECT session_id
FROM " . SESSIONS_TABLE;
if ( $result = $db->sql_query($sql) )
{
$delete_search_ids = array();
while( $row = $db->sql_fetchrow($result) )
{
$delete_search_ids[] = "'" . $row['session_id'] . "'";
}
if ( count($delete_search_ids) )
{
$sql = "DELETE FROM " . SEARCH_TABLE . "
WHERE session_id NOT IN (" . implode(", ", $delete_search_ids) . ")";
if ( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete old search id sessions', '', __LINE__, __FILE__, $sql);
}
}
// and run it ...
//
$sql = "SELECT session_id
FROM " . SESSIONS_TABLE;
if ( $result = $db->sql_query($sql) )
{
$delete_search_ids = array();
while( $row = $db->sql_fetchrow($result) )
{
$delete_search_ids[] = "'" . $row['session_id'] . "'";
}
if ( count($delete_search_ids) )
{
$sql = "DELETE FROM " . SEARCH_TABLE . "
WHERE session_id NOT IN (" . implode(", ", $delete_search_ids) . ")";
if ( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete old search id sessions', '', __LINE__, __FILE__, $sql);
}
}
Code:
FIND // Delete old data from the search result table
//
$sql = 'DELETE FROM ' . SEARCH_TABLE . '
WHERE search_time < ' . ($current_time - (int) $board_config['session_length']);
if ( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete old search id sessions', '', __LINE__, __FILE__, $sql);
//
$sql = 'DELETE FROM ' . SEARCH_TABLE . '
WHERE search_time < ' . ($current_time - (int) $board_config['session_length']);
if ( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete old search id sessions', '', __LINE__, __FILE__, $sql);
Code:
REPLACE WITH SET search_id = $search_id, search_array = '" . str_replace("\'", "''", $result_array) . "'
WHERE session_id = '" . $userdata['session_id'] . "'";
if ( !($result = $db->sql_query($sql)) || !$db->sql_affectedrows() )
{
$sql = "INSERT INTO " . SEARCH_TABLE . " (search_id, session_id, search_array)
VALUES($search_id, '" . $userdata['session_id'] . "', '" . str_replace("\'", "''", $result_array) . "')";
WHERE session_id = '" . $userdata['session_id'] . "'";
if ( !($result = $db->sql_query($sql)) || !$db->sql_affectedrows() )
{
$sql = "INSERT INTO " . SEARCH_TABLE . " (search_id, session_id, search_array)
VALUES($search_id, '" . $userdata['session_id'] . "', '" . str_replace("\'", "''", $result_array) . "')";
Code:
SET search_id = $search_id, search_time = $current_time, search_array = '" . str_replace("\'", "''", $result_array) . "'
WHERE session_id = '" . $userdata['session_id'] . "'";
if ( !($result = $db->sql_query($sql)) || !$db->sql_affectedrows() )
{
$sql = "INSERT INTO " . SEARCH_TABLE . " (search_id, session_id, search_time, search_array)
VALUES($search_id, '" . $userdata['session_id'] . "', $current_time, '" . str_replace("\'", "''", $result_array) . "')";
WHERE session_id = '" . $userdata['session_id'] . "'";
if ( !($result = $db->sql_query($sql)) || !$db->sql_affectedrows() )
{
$sql = "INSERT INTO " . SEARCH_TABLE . " (search_id, session_id, search_time, search_array)
VALUES($search_id, '" . $userdata['session_id'] . "', $current_time, '" . str_replace("\'", "''", $result_array) . "')";
templates/subSilver/admin/board_config_body.tpl
FIND
FIND
Code:
AFTER, ADD <td class="row2"><input class="post" type="text" size="3" maxlength="4" name="flood_interval" value="{FLOOD_INTERVAL}" /></td>
</tr>
</tr>
Code:
<tr>
<td class="row1">{L_SEARCH_FLOOD_INTERVAL} <br /><span class="gensmall">{L_SEARCH_FLOOD_INTERVAL_EXPLAIN}</span></td>
<td class="row2"><input class="post" type="text" size="3" maxlength="4" name="search_flood_interval" value="{SEARCH_FLOOD_INTERVAL}" /></td>
</tr>
<td class="row1">{L_SEARCH_FLOOD_INTERVAL} <br /><span class="gensmall">{L_SEARCH_FLOOD_INTERVAL_EXPLAIN}</span></td>
<td class="row2"><input class="post" type="text" size="3" maxlength="4" name="search_flood_interval" value="{SEARCH_FLOOD_INTERVAL}" /></td>
</tr>
templates/subSilver/confirm_body.tpl
FIND
FIND
Code:
REPLACE WITH <th class="thHead" height="25" valign="middle"><span class="tableTitle">{MESSAGE_TITLE}</span></th>
Code:
<th class="thHead" height="25" valign="middle">{MESSAGE_TITLE}</th>
templates/subSilver/admin/confirm_body.tpl
phpBB 2.0.20 adds deletion confirmation for smilies, ranks and word censors. As part of this, a new template file is created and is called templates/subSilver/admin/confirm_body.tpl. This file is a duplicate of templates/subSilver/confirm_body.tpl. After completing the steps above, copy your forum's templates/subSilver/confirm_body.tpl file to templates/subSilver/admin/confirm_body.tpl. Take care that you do not delete templates/subSilver/confirm_body.tpl, just make a copy of it.
phpBB 2.0.20 adds deletion confirmation for smilies, ranks and word censors. As part of this, a new template file is created and is called templates/subSilver/admin/confirm_body.tpl. This file is a duplicate of templates/subSilver/confirm_body.tpl. After completing the steps above, copy your forum's templates/subSilver/confirm_body.tpl file to templates/subSilver/admin/confirm_body.tpl. Take care that you do not delete templates/subSilver/confirm_body.tpl, just make a copy of it.
Code from phpBB 2.0.19 and 2.0.20 is copyright by the phpBB Group. Find these and other code changes at phpBBHacks.com and phpBB Smith.
Compiled by your friendly neighborhood Thoul from the phpBB 2.0.19 - 2.0.20 files.
Compiled by your friendly neighborhood Thoul from the phpBB 2.0.19 - 2.0.20 files.