diff -crN phpbb2012/admin/admin_forums.php phpbb2017/admin/admin_forums.php *** phpbb2012/admin/admin_forums.php Mon Feb 21 20:30:20 2005 --- phpbb2017/admin/admin_forums.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_forums.php,v 1.40.2.11 2004/03/25 15:57:19 acydburn Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_forums.php,v 1.40.2.12 2005/05/07 22:18:10 acydburn Exp $ * ***************************************************************************/ *************** *** 233,238 **** --- 233,239 ---- if( $mode == "addforum" ) { list($cat_id) = each($HTTP_POST_VARS['addforum']); + $cat_id = intval($cat_id); // // stripslashes needs to be run on this because slashes are added when the forum name is posted // *************** *** 1024,1027 **** include('./page_footer_admin.'.$phpEx); ! ?> --- 1025,1028 ---- include('./page_footer_admin.'.$phpEx); ! ?> \ No newline at end of file diff -crN phpbb2012/admin/admin_smilies.php phpbb2017/admin/admin_smilies.php *** phpbb2012/admin/admin_smilies.php Mon Feb 21 20:30:20 2005 --- phpbb2017/admin/admin_smilies.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_smilies.php,v 1.22.2.13 2004/03/25 15:57:20 acydburn Exp $ * ****************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_smilies.php,v 1.22.2.14 2005/05/06 20:50:09 acydburn Exp $ * ****************************************************************************/ *************** *** 447,452 **** --- 447,455 ---- $smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? $HTTP_POST_VARS['smile_code'] : $HTTP_GET_VARS['smile_code']; $smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : $HTTP_GET_VARS['smile_url']; $smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? $HTTP_POST_VARS['smile_emotion'] : $HTTP_GET_VARS['smile_emotion']; + $smile_code = trim($smile_code); + $smile_url = trim($smile_url); + $smile_emotion = trim($smile_emotion); // If no code was entered complain ... if ($smile_code == '' || $smile_url == '') *************** *** 553,556 **** // include('./page_footer_admin.'.$phpEx); ! ?> --- 556,559 ---- // include('./page_footer_admin.'.$phpEx); ! ?> \ No newline at end of file diff -crN phpbb2012/admin/admin_styles.php phpbb2017/admin/admin_styles.php *** phpbb2012/admin/admin_styles.php Mon Feb 21 20:30:20 2005 --- phpbb2017/admin/admin_styles.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_styles.php,v 1.27.2.13 2004/07/15 17:57:50 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_styles.php,v 1.27.2.14 2005/03/17 17:33:30 acydburn Exp $ * * ***************************************************************************/ *************** *** 75,81 **** if( isset($install_to) ) { ! include($phpbb_root_path. "templates/" . $install_to . "/theme_info.cfg"); $template_name = $$install_to; $found = FALSE; --- 75,81 ---- if( isset($install_to) ) { ! include($phpbb_root_path. "templates/" . basename($install_to) . "/theme_info.cfg"); $template_name = $$install_to; $found = FALSE; *************** *** 739,745 **** @umask(0111); ! $fp = @fopen($phpbb_root_path . 'templates/' . $template_name . '/theme_info.cfg', 'w'); if( !$fp ) { --- 739,745 ---- @umask(0111); ! $fp = @fopen($phpbb_root_path . 'templates/' . basename($template_name) . '/theme_info.cfg', 'w'); if( !$fp ) { diff -crN phpbb2012/admin/admin_ug_auth.php phpbb2017/admin/admin_ug_auth.php *** phpbb2012/admin/admin_ug_auth.php Mon Feb 21 20:30:20 2005 --- phpbb2017/admin/admin_ug_auth.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_ug_auth.php,v 1.13.2.5 2004/03/25 15:57:20 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_ug_auth.php,v 1.13.2.9 2005/07/19 20:01:05 acydburn Exp $ * * ***************************************************************************/ *************** *** 414,419 **** --- 414,420 ---- FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . USERS_TABLE . " u WHERE ug.group_id = aa.group_id AND u.user_id = ug.user_id + AND ug.user_pending = 0 AND u.user_level NOT IN (" . MOD . ", " . ADMIN . ") GROUP BY u.user_id HAVING SUM(aa.auth_mod) > 0"; *************** *** 508,513 **** --- 509,556 ---- } } + $sql = 'SELECT user_id FROM ' . USER_GROUP_TABLE . " + WHERE group_id = $group_id"; + $result = $db->sql_query($sql); + + $group_user = array(); + while ($row = $db->sql_fetchrow($result)) + { + $group_user[$row['user_id']] = $row['user_id']; + } + $db->sql_freeresult($result); + + $sql = "SELECT ug.user_id, COUNT(auth_mod) AS is_auth_mod + FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug + WHERE ug.user_id IN (" . implode(', ', $group_user) . ") + AND aa.group_id = ug.group_id + AND aa.auth_mod = 1 + GROUP BY ug.user_id"; + if ( !($result = $db->sql_query($sql)) ) + { + message_die(GENERAL_ERROR, 'Could not obtain moderator status', '', __LINE__, __FILE__, $sql); + } + + while ($row = $db->sql_fetchrow($result)) + { + if ($row['is_auth_mod']) + { + unset($group_user[$row['user_id']]); + } + } + $db->sql_freeresult($result); + + if (sizeof($group_user)) + { + $sql = "UPDATE " . USERS_TABLE . " + SET user_level = " . USER . " + WHERE user_id IN (" . implode(', ', $group_user) . ") AND user_level = " . MOD; + if ( !($result = $db->sql_query($sql)) ) + { + message_die(GENERAL_ERROR, 'Could not update user level', '', __LINE__, __FILE__, $sql); + } + } + message_die(GENERAL_MESSAGE, $message); } } *************** *** 526,534 **** // // Front end // ! $sql = "SELECT * ! FROM " . FORUMS_TABLE . " f ! ORDER BY forum_order"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, "Couldn't obtain forum information", "", __LINE__, __FILE__, $sql); --- 569,578 ---- // // Front end // ! $sql = "SELECT f.* ! FROM " . FORUMS_TABLE . " f, " . CATEGORIES_TABLE . " c ! WHERE f.cat_id = c.cat_id ! ORDER BY c.cat_order, f.forum_order ASC"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, "Couldn't obtain forum information", "", __LINE__, __FILE__, $sql); *************** *** 561,567 **** } } ! $sql = "SELECT u.user_id, u.username, u.user_level, g.group_id, g.group_name, g.group_single_user FROM " . USERS_TABLE . " u, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug WHERE "; $sql .= ( $mode == 'user' ) ? "u.user_id = $user_id AND ug.user_id = u.user_id AND g.group_id = ug.group_id" : "g.group_id = $group_id AND ug.group_id = g.group_id AND u.user_id = ug.user_id"; if ( !($result = $db->sql_query($sql)) ) { --- 605,611 ---- } } ! $sql = "SELECT u.user_id, u.username, u.user_level, g.group_id, g.group_name, g.group_single_user, ug.user_pending FROM " . USERS_TABLE . " u, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug WHERE "; $sql .= ( $mode == 'user' ) ? "u.user_id = $user_id AND ug.user_id = u.user_id AND g.group_id = ug.group_id" : "g.group_id = $group_id AND ug.group_id = g.group_id AND u.user_id = ug.user_id"; if ( !($result = $db->sql_query($sql)) ) { *************** *** 764,770 **** $i++; } ! @reset($auth_user); if ( $mode == 'user' ) { --- 808,814 ---- $i++; } ! // @reset($auth_user); if ( $mode == 'user' ) { *************** *** 789,800 **** if( count($name) ) { ! $t_usergroup_list = ''; for($i = 0; $i < count($ug_info); $i++) { $ug = ( $mode == 'user' ) ? 'group&' . POST_GROUPS_URL : 'user&' . POST_USERS_URL; ! $t_usergroup_list .= ( ( $t_usergroup_list != '' ) ? ', ' : '' ) . '' . $name[$i] . ''; } } else --- 833,851 ---- if( count($name) ) { ! $t_usergroup_list = $t_pending_list = ''; for($i = 0; $i < count($ug_info); $i++) { $ug = ( $mode == 'user' ) ? 'group&' . POST_GROUPS_URL : 'user&' . POST_USERS_URL; ! if (!$ug_info[$i]['user_pending']) ! { ! $t_usergroup_list .= ( ( $t_usergroup_list != '' ) ? ', ' : '' ) . '' . $name[$i] . ''; ! } ! else ! { ! $t_pending_list .= ( ( $t_pending_list != '' ) ? ', ' : '' ) . '' . $name[$i] . ''; ! } } } else *************** *** 857,863 **** $template->assign_vars(array( 'USERNAME' => $t_groupname, ! 'GROUP_MEMBERSHIP' => $lang['Usergroup_members'] . ' : ' . $t_usergroup_list) ); } --- 908,914 ---- $template->assign_vars(array( 'USERNAME' => $t_groupname, ! 'GROUP_MEMBERSHIP' => $lang['Usergroup_members'] . ' : ' . $t_usergroup_list . '
' . $lang['Pending_members'] . ' : ' . $t_pending_list) ); } diff -crN phpbb2012/admin/admin_users.php phpbb2017/admin/admin_users.php *** phpbb2012/admin/admin_users.php Mon Feb 21 20:30:20 2005 --- phpbb2017/admin/admin_users.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_users.php,v 1.57.2.26 2004/03/25 15:57:20 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: admin_users.php,v 1.57.2.27 2005/07/19 20:01:07 acydburn Exp $ * * ***************************************************************************/ *************** *** 86,92 **** $row = $db->sql_fetchrow($result); $sql = "UPDATE " . POSTS_TABLE . " ! SET poster_id = " . DELETED . ", post_username = '$username' WHERE poster_id = $user_id"; if( !$db->sql_query($sql) ) { --- 86,92 ---- $row = $db->sql_fetchrow($result); $sql = "UPDATE " . POSTS_TABLE . " ! SET poster_id = " . DELETED . ", post_username = '" . str_replace("\\'", "''", addslashes($this_userdata['username'])) . "' WHERE poster_id = $user_id"; if( !$db->sql_query($sql) ) { diff -crN phpbb2012/admin/page_footer_admin.php phpbb2017/admin/page_footer_admin.php *** phpbb2012/admin/page_footer_admin.php Mon Feb 21 20:30:20 2005 --- phpbb2017/admin/page_footer_admin.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_footer_admin.php,v 1.9.2.2 2002/05/12 15:57:45 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_footer_admin.php,v 1.9.2.3 2005/04/15 20:15:47 acydburn Exp $ * * ***************************************************************************/ *************** *** 33,39 **** ); $template->assign_vars(array( ! 'PHPBB_VERSION' => '2' . $board_config['version'], 'TRANSLATION_INFO' => $lang['TRANSLATION_INFO']) ); --- 33,39 ---- ); $template->assign_vars(array( ! 'PHPBB_VERSION' => ($userdata['user_level'] == ADMIN && $userdata['user_id'] != ANONYMOUS) ? '2' . $board_config['version'] : '', 'TRANSLATION_INFO' => $lang['TRANSLATION_INFO']) ); diff -crN phpbb2012/admin/page_header_admin.php phpbb2017/admin/page_header_admin.php *** phpbb2012/admin/page_header_admin.php Mon Feb 21 20:30:20 2005 --- phpbb2017/admin/page_header_admin.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_header_admin.php,v 1.12.2.5 2003/06/10 20:48:18 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_header_admin.php,v 1.12.2.6 2005/03/26 14:15:59 acydburn Exp $ * * ***************************************************************************/ *************** *** 35,41 **** { $phpver = phpversion(); ! $useragent = (isset($_SERVER["HTTP_USER_AGENT"]) ) ? $_SERVER["HTTP_USER_AGENT"] : $HTTP_USER_AGENT; if ( $phpver >= '4.0.4pl1' && ( strstr($useragent,'compatible') || strstr($useragent,'Gecko') ) ) { --- 35,41 ---- { $phpver = phpversion(); ! $useragent = (isset($HTTP_SERVER_VARS['HTTP_USER_AGENT'])) ? $HTTP_SERVER_VARS['HTTP_USER_AGENT'] : getenv('HTTP_USER_AGENT'); if ( $phpver >= '4.0.4pl1' && ( strstr($useragent,'compatible') || strstr($useragent,'Gecko') ) ) { diff -crN phpbb2012/admin/pagestart.php phpbb2017/admin/pagestart.php *** phpbb2012/admin/pagestart.php Mon Feb 21 20:30:20 2005 --- phpbb2017/admin/pagestart.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: pagestart.php,v 1.1.2.7 2004/03/24 14:43:31 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: pagestart.php,v 1.1.2.9 2005/06/26 14:39:30 acydburn Exp $ * * ***************************************************************************/ *************** *** 40,46 **** if (!$userdata['session_logged_in']) { ! redirect(append_sid("login.$phpEx?redirect=admin/", true)); } else if ($userdata['user_level'] != ADMIN) { --- 40,46 ---- if (!$userdata['session_logged_in']) { ! redirect(append_sid("login.$phpEx?redirect=admin/index.$phpEx", true)); } else if ($userdata['user_level'] != ADMIN) { *************** *** 57,62 **** --- 57,67 ---- $url .= ((strpos($url, '?')) ? '&' : '?') . 'sid=' . $userdata['session_id']; redirect("index.$phpEx?sid=" . $userdata['session_id']); + } + + if (!$userdata['session_admin']) + { + redirect(append_sid("login.$phpEx?redirect=admin/index.$phpEx&admin=1", true)); } if (empty($no_page_header)) diff -crN phpbb2012/db/oracle.php phpbb2017/db/oracle.php *** phpbb2012/db/oracle.php Mon Feb 21 20:30:20 2005 --- phpbb2017/db/oracle.php Thu Jan 1 01:00:00 1970 *************** *** 1,472 **** - persistency = $persistency; - $this->user = $sqluser; - $this->password = $sqlpassword; - $this->server = $sqlserver; - $this->dbname = $database; - - if($this->persistency) - { - $this->db_connect_id = @OCIPLogon($this->user, $this->password, $this->server); - } - else - { - $this->db_connect_id = @OCINLogon($this->user, $this->password, $this->server); - } - if($this->db_connect_id) - { - return $this->db_connect_id; - } - else - { - return false; - } - } - - // - // Other base methods - // - function sql_close() - { - if($this->db_connect_id) - { - // Commit outstanding transactions - if($this->in_transaction) - { - OCICommit($this->db_connect_id); - } - - if($this->query_result) - { - @OCIFreeStatement($this->query_result); - } - $result = @OCILogoff($this->db_connect_id); - return $result; - } - else - { - return false; - } - } - - // - // Base query method - // - function sql_query($query = "", $transaction = FALSE) - { - // Remove any pre-existing queries - unset($this->query_result); - - // Put us in transaction mode because with Oracle as soon as you make a query you're in a transaction - $this->in_transaction = TRUE; - - if($query != "") - { - $this->last_query = $query; - $this->num_queries++; - - if(eregi("LIMIT", $query)) - { - preg_match("/^(.*)LIMIT ([0-9]+)[, ]*([0-9]+)*/s", $query, $limits); - - $query = $limits[1]; - if($limits[3]) - { - $row_offset = $limits[2]; - $num_rows = $limits[3]; - } - else - { - $row_offset = 0; - $num_rows = $limits[2]; - } - } - - if(eregi("^(INSERT|UPDATE) ", $query)) - { - $query = preg_replace("/\\\'/s", "''", $query); - } - - $this->query_result = @OCIParse($this->db_connect_id, $query); - $success = @OCIExecute($this->query_result, OCI_DEFAULT); - } - if($success) - { - if($transaction == END_TRANSACTION) - { - OCICommit($this->db_connect_id); - $this->in_transaction = FALSE; - } - - unset($this->row[$this->query_result]); - unset($this->rowset[$this->query_result]); - $this->last_query_text[$this->query_result] = $query; - - return $this->query_result; - } - else - { - if($this->in_transaction) - { - OCIRollback($this->db_connect_id); - } - return false; - } - } - - // - // Other query methods - // - function sql_numrows($query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - $result = @OCIFetchStatement($query_id, $this->rowset); - // OCIFetchStatment kills our query result so we have to execute the statment again - // if we ever want to use the query_id again. - @OCIExecute($query_id, OCI_DEFAULT); - return $result; - } - else - { - return false; - } - } - function sql_affectedrows($query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - $result = @OCIRowCount($query_id); - return $result; - } - else - { - return false; - } - } - function sql_numfields($query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - $result = @OCINumCols($query_id); - return $result; - } - else - { - return false; - } - } - function sql_fieldname($offset, $query_id = 0) - { - // OCIColumnName uses a 1 based array so we have to up the offset by 1 in here to maintain - // full abstraction compatibitly - $offset += 1; - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - $result = strtolower(@OCIColumnName($query_id, $offset)); - return $result; - } - else - { - return false; - } - } - function sql_fieldtype($offset, $query_id = 0) - { - // This situation is the same as fieldname - $offset += 1; - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - $result = @OCIColumnType($query_id, $offset); - return $result; - } - else - { - return false; - } - } - function sql_fetchrow($query_id = 0, $debug = FALSE) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - $result_row = ""; - $result = @OCIFetchInto($query_id, $result_row, OCI_ASSOC+OCI_RETURN_NULLS); - if($debug) - { - echo "Query was: ".$this->last_query . "
"; - echo "Result: $result
"; - echo "Query ID: $query_id
"; - echo "
";
- 				var_dump($result_row);
- 				echo "
"; - } - if($result_row == "") - { - return false; - } - - for($i = 0; $i < count($result_row); $i++) - { - list($key, $val) = each($result_row); - $return_arr[strtolower($key)] = $val; - } - $this->row[$query_id] = $return_arr; - - return $this->row[$query_id]; - } - else - { - return false; - } - } - // This function probably isn't as efficant is it could be but any other way I do it - // I end up losing 1 row... - function sql_fetchrowset($query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - $rows = @OCIFetchStatement($query_id, $results); - @OCIExecute($query_id, OCI_DEFAULT); - for($i = 0; $i < $rows; $i++) - { - @OCIFetchInto($query_id, $tmp_result, OCI_ASSOC+OCI_RETURN_NULLS); - - for($j = 0; $j < count($tmp_result); $j++) - { - list($key, $val) = each($tmp_result); - $return_arr[strtolower($key)] = $val; - } - $result[] = $return_arr; - } - return $result; - } - else - { - return false; - } - } - function sql_fetchfield($field, $rownum = -1, $query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - if($rownum > -1) - { - // Reset the internal rownum pointer. - @OCIExecute($query_id, OCI_DEFAULT); - for($i = 0; $i < $rownum; $i++) - { - // Move the interal pointer to the row we want - @OCIFetch($query_id); - } - // Get the field data. - $result = @OCIResult($query_id, strtoupper($field)); - } - else - { - // The internal pointer should be where we want it - // so we just grab the field out of the current row. - $result = @OCIResult($query_id, strtoupper($field)); - } - return $result; - } - else - { - return false; - } - } - function sql_rowseek($rownum, $query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - @OCIExecute($query_id, OCI_DEFAULT); - for($i = 0; $i < $rownum; $i++) - { - @OCIFetch($query_id); - } - $result = @OCIFetch($query_id); - return $result; - } - else - { - return false; - } - } - function sql_nextid($query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id && $this->last_query_text[$query_id] != "") - { - if( eregi("^(INSERT{1}|^INSERT INTO{1})[[:space:]][\"]?([a-zA-Z0-9\_\-]+)[\"]?", $this->last_query_text[$query_id], $tablename)) - { - $query = "SELECT ".$tablename[2]."_id_seq.currval FROM DUAL"; - $stmt = @OCIParse($this->db_connect_id, $query); - @OCIExecute($stmt,OCI_DEFAULT ); - $temp_result = @OCIFetchInto($stmt, $temp_result, OCI_ASSOC+OCI_RETURN_NULLS); - if($temp_result) - { - return $temp_result['CURRVAL']; - } - else - { - return false; - } - } - else - { - return false; - } - } - else - { - return false; - } - } - - function sql_nextid($query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id && $this->last_query_text[$query_id] != "") - { - if( eregi("^(INSERT{1}|^INSERT INTO{1})[[:space:]][\"]?([a-zA-Z0-9\_\-]+)[\"]?", $this->last_query_text[$query_id], $tablename)) - { - $query = "SELECT ".$tablename[2]."_id_seq.CURRVAL FROM DUAL"; - $temp_q_id = @OCIParse($this->db_connect_id, $query); - @OCIExecute($temp_q_id, OCI_DEFAULT); - @OCIFetchInto($temp_q_id, $temp_result, OCI_ASSOC+OCI_RETURN_NULLS); - - if($temp_result) - { - return $temp_result['CURRVAL']; - } - else - { - return false; - } - } - else - { - return false; - } - } - else - { - return false; - } - } - - - - function sql_freeresult($query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - if($query_id) - { - $result = @OCIFreeStatement($query_id); - return $result; - } - else - { - return false; - } - } - function sql_error($query_id = 0) - { - if(!$query_id) - { - $query_id = $this->query_result; - } - $result = @OCIError($query_id); - return $result; - } - - } // class sql_db - - } // if ... define - - ?> \ No newline at end of file --- 0 ---- diff -crN phpbb2012/db/postgres7.php phpbb2017/db/postgres7.php *** phpbb2012/db/postgres7.php Mon Feb 21 20:30:20 2005 --- phpbb2017/db/postgres7.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : supportphpbb.com * ! * $Id: postgres7.php,v 1.19 2002/03/05 02:19:38 psotfx Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : supportphpbb.com * ! * $Id: postgres7.php,v 1.19.2.3 2005/05/06 20:50:10 acydburn Exp $ * ***************************************************************************/ diff -crN phpbb2012/groupcp.php phpbb2017/groupcp.php *** phpbb2012/groupcp.php Mon Feb 21 20:30:21 2005 --- phpbb2017/groupcp.php Tue Jul 19 22:14:58 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: groupcp.php,v 1.58.2.22 2004/11/18 17:49:34 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: groupcp.php,v 1.58.2.23 2005/05/06 20:50:10 acydburn Exp $ * * ***************************************************************************/ *************** *** 337,343 **** message_die(GENERAL_ERROR, 'Could not obtain moderator status', '', __LINE__, __FILE__, $sql); } ! if ( !($row = $db->sql_fetchrow($result)) ) { $sql = "UPDATE " . USERS_TABLE . " SET user_level = " . USER . " --- 337,343 ---- message_die(GENERAL_ERROR, 'Could not obtain moderator status', '', __LINE__, __FILE__, $sql); } ! if ( !($row = $db->sql_fetchrow($result)) || $row['is_auth_mod'] == 0 ) { $sql = "UPDATE " . USERS_TABLE . " SET user_level = " . USER . " diff -crN phpbb2012/includes/bbcode.php phpbb2017/includes/bbcode.php *** phpbb2012/includes/bbcode.php Mon Feb 21 20:30:20 2005 --- phpbb2017/includes/bbcode.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: bbcode.php,v 1.36.2.32 2004/07/11 16:46:19 acydburn Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: bbcode.php,v 1.36.2.35 2005/07/19 20:01:10 acydburn Exp $ * ***************************************************************************/ *************** *** 124,129 **** --- 124,131 ---- { global $lang, $bbcode_tpl; + $text = preg_replace('#(script|about|applet|activex|chrome):#is', "\\1:", $text); + // pad it with a space so we can distinguish between FALSE and matching the 1st char (index 0). // This is important; bbencode_quote(), bbencode_list(), and bbencode_code() all depend on it. $text = " " . $text; *************** *** 194,216 **** // [img]image_url_here[/img] code.. // This one gets first-passed.. ! $patterns[] = "#\[img:$uid\](.*?)\[/img:$uid\]#si"; $replacements[] = $bbcode_tpl['img']; // matches a [url]xxxx://www.phpbb.com[/url] code.. ! $patterns[] = "#\[url\]([\w]+?://[^ \"\n\r\t<]*?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url1']; // [url]www.phpbb.com[/url] code.. (no xxxx:// prefix). ! $patterns[] = "#\[url\]((www|ftp)\.[^ \"\n\r\t<]*?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url2']; // [url=xxxx://www.phpbb.com]phpBB[/url] code.. ! $patterns[] = "#\[url=([\w]+?://[^ \"\n\r\t<]*?)\](.*?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url3']; // [url=www.phpbb.com]phpBB[/url] code.. (no xxxx:// prefix). ! $patterns[] = "#\[url=((www|ftp)\.[^ \"\n\r\t<]*?)\](.*?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url4']; // [email]user@domain.tld[/email] code.. --- 196,218 ---- // [img]image_url_here[/img] code.. // This one gets first-passed.. ! $patterns[] = "#\[img:$uid\]([^?].*?)\[/img:$uid\]#i"; $replacements[] = $bbcode_tpl['img']; // matches a [url]xxxx://www.phpbb.com[/url] code.. ! $patterns[] = "#\[url\]([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url1']; // [url]www.phpbb.com[/url] code.. (no xxxx:// prefix). ! $patterns[] = "#\[url\]((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url2']; // [url=xxxx://www.phpbb.com]phpBB[/url] code.. ! $patterns[] = "#\[url=([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*?)\]([^?\n\r\t].*?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url3']; // [url=www.phpbb.com]phpBB[/url] code.. (no xxxx:// prefix). ! $patterns[] = "#\[url=((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*?)\]([^?\n\r\t].*?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url4']; // [email]user@domain.tld[/email] code.. *************** *** 614,619 **** --- 616,622 ---- */ function make_clickable($text) { + $text = preg_replace('#(script|about|applet|activex|chrome):#is', "\\1:", $text); // pad it with a space so we can match things at the start of the 1st line. $ret = ' ' . $text; *************** *** 621,633 **** // matches an "xxxx://yyyy" URL at the start of a line, or after a space. // xxxx can only be alpha characters. // yyyy is anything up to the first space, newline, comma, double quote or < ! $ret = preg_replace("#(^|[\n ])([\w]+?://[^ \"\n\r\t<]*)#is", "\\1\\2", $ret); // matches a "www|ftp.xxxx.yyyy[/zzzz]" kinda lazy URL thing // Must contain at least 2 dots. xxxx contains either alphanum, or "-" // zzzz is optional.. will contain everything up to the first space, newline, // comma, double quote or <. ! $ret = preg_replace("#(^|[\n ])((www|ftp)\.[^ \"\t\n\r<]*)#is", "\\1\\2", $ret); // matches an email@domain type address at the start of a line, or after a space. // Note: Only the followed chars are valid; alphanums, "-", "_" and or ".". --- 624,636 ---- // matches an "xxxx://yyyy" URL at the start of a line, or after a space. // xxxx can only be alpha characters. // yyyy is anything up to the first space, newline, comma, double quote or < ! $ret = preg_replace("#(^|[\n ])([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*)#is", "\\1\\2", $ret); // matches a "www|ftp.xxxx.yyyy[/zzzz]" kinda lazy URL thing // Must contain at least 2 dots. xxxx contains either alphanum, or "-" // zzzz is optional.. will contain everything up to the first space, newline, // comma, double quote or <. ! $ret = preg_replace("#(^|[\n ])((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*)#is", "\\1\\2", $ret); // matches an email@domain type address at the start of a line, or after a space. // Note: Only the followed chars are valid; alphanums, "-", "_" and or ".". diff -crN phpbb2012/includes/functions.php phpbb2017/includes/functions.php *** phpbb2012/includes/functions.php Mon Feb 21 20:30:20 2005 --- phpbb2017/includes/functions.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions.php,v 1.133.2.34 2005/02/21 18:37:33 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions.php,v 1.133.2.35 2005/07/19 20:01:11 acydburn Exp $ * * ***************************************************************************/ *************** *** 117,123 **** { global $db; ! if (intval($user) == 0 || $force_str) { $user = phpbb_clean_username($user); } --- 117,123 ---- { global $db; ! if (!is_numeric($user) || $force_str) { $user = phpbb_clean_username($user); } *************** *** 578,584 **** die("message_die() was called multiple times. This isn't supposed to happen. Was message_die() used in page_tail.php?"); } ! define(HAS_DIED, 1); $sql_store = $sql; --- 578,584 ---- die("message_die() was called multiple times. This isn't supposed to happen. Was message_die() used in page_tail.php?"); } ! define('HAS_DIED', 1); $sql_store = $sql; diff -crN phpbb2012/includes/functions_selects.php phpbb2017/includes/functions_selects.php *** phpbb2012/includes/functions_selects.php Mon Feb 21 20:30:20 2005 --- phpbb2017/includes/functions_selects.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_selects.php,v 1.3.2.4 2002/12/22 12:20:35 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_selects.php,v 1.3.2.5 2005/05/06 20:50:11 acydburn Exp $ * * ***************************************************************************/ *************** *** 108,111 **** return $tz_select; } ! ?> --- 108,111 ---- return $tz_select; } ! ?> \ No newline at end of file diff -crN phpbb2012/includes/functions_validate.php phpbb2017/includes/functions_validate.php *** phpbb2012/includes/functions_validate.php Mon Feb 21 20:30:20 2005 --- phpbb2017/includes/functions_validate.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_validate.php,v 1.6.2.12 2003/06/09 19:13:05 psotfx Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: functions_validate.php,v 1.6.2.13 2005/07/19 20:01:15 acydburn Exp $ * * ***************************************************************************/ *************** *** 30,40 **** global $db, $lang, $userdata; // Remove doubled up spaces ! $username = preg_replace('#\s+#', ' ', $username); ! // Limit username length ! $username = substr(str_replace("\'", "'", $username), 0, 25); ! $username = str_replace("'", "''", $username); ! $sql = "SELECT username FROM " . USERS_TABLE . " WHERE LOWER(username) = '" . strtolower($username) . "'"; --- 30,38 ---- global $db, $lang, $userdata; // Remove doubled up spaces ! $username = preg_replace('#\s+#', ' ', trim($username)); ! $username = phpbb_clean_username($username); ! $sql = "SELECT username FROM " . USERS_TABLE . " WHERE LOWER(username) = '" . strtolower($username) . "'"; diff -crN phpbb2012/includes/page_header.php phpbb2017/includes/page_header.php *** phpbb2012/includes/page_header.php Mon Feb 21 20:30:20 2005 --- phpbb2017/includes/page_header.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_header.php,v 1.106.2.23 2004/07/11 16:46:19 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: page_header.php,v 1.106.2.24 2005/03/26 14:15:59 acydburn Exp $ * * ***************************************************************************/ *************** *** 35,41 **** { $phpver = phpversion(); ! $useragent = (isset($_SERVER["HTTP_USER_AGENT"]) ) ? $_SERVER["HTTP_USER_AGENT"] : $HTTP_USER_AGENT; if ( $phpver >= '4.0.4pl1' && ( strstr($useragent,'compatible') || strstr($useragent,'Gecko') ) ) { --- 35,41 ---- { $phpver = phpversion(); ! $useragent = (isset($HTTP_SERVER_VARS['HTTP_USER_AGENT'])) ? $HTTP_SERVER_VARS['HTTP_USER_AGENT'] : getenv('HTTP_USER_AGENT'); if ( $phpver >= '4.0.4pl1' && ( strstr($useragent,'compatible') || strstr($useragent,'Gecko') ) ) { *************** *** 466,472 **** // Work around for "current" Apache 2 + PHP module which seems to not // cope with private cache control setting ! if (!empty($_SERVER['SERVER_SOFTWARE']) && strstr($_SERVER['SERVER_SOFTWARE'], 'Apache/2')) { header ('Cache-Control: no-cache, pre-check=0, post-check=0'); } --- 466,472 ---- // Work around for "current" Apache 2 + PHP module which seems to not // cope with private cache control setting ! if (!empty($HTTP_SERVER_VARS['SERVER_SOFTWARE']) && strstr($HTTP_SERVER_VARS['SERVER_SOFTWARE'], 'Apache/2')) { header ('Cache-Control: no-cache, pre-check=0, post-check=0'); } diff -crN phpbb2012/includes/sessions.php phpbb2017/includes/sessions.php *** phpbb2012/includes/sessions.php Mon Feb 21 20:30:20 2005 --- phpbb2017/includes/sessions.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: sessions.php,v 1.58.2.11 2004/07/11 16:46:19 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: sessions.php,v 1.58.2.14 2005/05/06 20:50:11 acydburn Exp $ * * ***************************************************************************/ *************** *** 24,30 **** // Adds/updates a new session to the database for the given userid. // Returns the new session ID on success. // ! function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_autologin = 0) { global $db, $board_config; global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID; --- 24,30 ---- // Adds/updates a new session to the database for the given userid. // Returns the new session ID on success. // ! function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_autologin = 0, $admin = 0) { global $db, $board_config; global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $SID; *************** *** 53,58 **** --- 53,60 ---- $session_id = ''; } + $page_id = (int) $page_id; + $last_visit = 0; $current_time = time(); $expiry_time = $current_time - $board_config['session_length']; *************** *** 79,85 **** if ( isset($sessiondata['autologinid']) && $userdata['user_active'] ) { // We have to login automagically ! if( $sessiondata['autologinid'] == $auto_login_key ) { // autologinid matches password $login = 1; --- 81,87 ---- if ( isset($sessiondata['autologinid']) && $userdata['user_active'] ) { // We have to login automagically ! if( $sessiondata['autologinid'] === $auto_login_key ) { // autologinid matches password $login = 1; *************** *** 91,96 **** --- 93,103 ---- $login = 0; $enable_autologin = 0; $user_id = $userdata['user_id'] = ANONYMOUS; + + $sql = 'SELECT * FROM ' . USERS_TABLE . ' WHERE user_id = ' . ANONYMOUS; + $result = $db->sql_query($sql); + $userdata = $db->sql_fetchrow($result); + $db->sql_freeresult($result); } } else *************** *** 99,104 **** --- 106,116 ---- $login = 0; $enable_autologin = 0; $user_id = $userdata['user_id'] = ANONYMOUS; + + $sql = 'SELECT * FROM ' . USERS_TABLE . ' WHERE user_id = ' . ANONYMOUS; + $result = $db->sql_query($sql); + $userdata = $db->sql_fetchrow($result); + $db->sql_freeresult($result); } } else *************** *** 143,158 **** // Create or update the session // $sql = "UPDATE " . SESSIONS_TABLE . " ! SET session_user_id = $user_id, session_start = $current_time, session_time = $current_time, session_page = $page_id, session_logged_in = $login WHERE session_id = '" . $session_id . "' AND session_ip = '$user_ip'"; if ( !$db->sql_query($sql) || !$db->sql_affectedrows() ) { ! $session_id = md5(uniqid($user_ip)); $sql = "INSERT INTO " . SESSIONS_TABLE . " ! (session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in) ! VALUES ('$session_id', $user_id, $current_time, $current_time, '$user_ip', $page_id, $login)"; if ( !$db->sql_query($sql) ) { message_die(CRITICAL_ERROR, 'Error creating new session', '', __LINE__, __FILE__, $sql); --- 155,172 ---- // Create or update the session // $sql = "UPDATE " . SESSIONS_TABLE . " ! SET session_user_id = $user_id, session_start = $current_time, session_time = $current_time, session_page = $page_id, session_logged_in = $login, session_admin = $admin WHERE session_id = '" . $session_id . "' AND session_ip = '$user_ip'"; if ( !$db->sql_query($sql) || !$db->sql_affectedrows() ) { ! list($sec, $usec) = explode(' ', microtime()); ! mt_srand((float) $sec + ((float) $usec * 100000)); ! $session_id = md5(uniqid(mt_rand(), true)); $sql = "INSERT INTO " . SESSIONS_TABLE . " ! (session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in, session_admin) ! VALUES ('$session_id', $user_id, $current_time, $current_time, '$user_ip', $page_id, $login, $admin)"; if ( !$db->sql_query($sql) ) { message_die(CRITICAL_ERROR, 'Error creating new session', '', __LINE__, __FILE__, $sql); *************** *** 163,179 **** {// ( $userdata['user_session_time'] > $expiry_time && $auto_create ) ? $userdata['user_lastvisit'] : ( $last_visit = ( $userdata['user_session_time'] > 0 ) ? $userdata['user_session_time'] : $current_time; ! $sql = "UPDATE " . USERS_TABLE . " ! SET user_session_time = $current_time, user_session_page = $page_id, user_lastvisit = $last_visit ! WHERE user_id = $user_id"; ! if ( !$db->sql_query($sql) ) { ! message_die(CRITICAL_ERROR, 'Error updating last visit time', '', __LINE__, __FILE__, $sql); } $userdata['user_lastvisit'] = $last_visit; ! $sessiondata['autologinid'] = ( $enable_autologin && $sessionmethod == SESSION_METHOD_COOKIE ) ? $auto_login_key : ''; $sessiondata['userid'] = $user_id; } --- 177,196 ---- {// ( $userdata['user_session_time'] > $expiry_time && $auto_create ) ? $userdata['user_lastvisit'] : ( $last_visit = ( $userdata['user_session_time'] > 0 ) ? $userdata['user_session_time'] : $current_time; ! if (!$admin) { ! $sql = "UPDATE " . USERS_TABLE . " ! SET user_session_time = $current_time, user_session_page = $page_id, user_lastvisit = $last_visit ! WHERE user_id = $user_id"; ! if ( !$db->sql_query($sql) ) ! { ! message_die(CRITICAL_ERROR, 'Error updating last visit time', '', __LINE__, __FILE__, $sql); ! } } $userdata['user_lastvisit'] = $last_visit; ! $sessiondata['autologinid'] = (!$admin) ? (( $enable_autologin && $sessionmethod == SESSION_METHOD_COOKIE ) ? $auto_login_key : '') : $sessiondata['autologinid']; $sessiondata['userid'] = $user_id; } *************** *** 184,189 **** --- 201,207 ---- $userdata['session_page'] = $page_id; $userdata['session_start'] = $current_time; $userdata['session_time'] = $current_time; + $userdata['session_admin'] = $admin; setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure); setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure); *************** *** 229,234 **** --- 247,254 ---- $session_id = ''; } + $thispage_id = (int) $thispage_id; + // // Does a session exist? // *************** *** 271,278 **** // if ( $current_time - $userdata['session_time'] > 60 ) { $sql = "UPDATE " . SESSIONS_TABLE . " ! SET session_time = $current_time, session_page = $thispage_id WHERE session_id = '" . $userdata['session_id'] . "'"; if ( !$db->sql_query($sql) ) { --- 291,301 ---- // if ( $current_time - $userdata['session_time'] > 60 ) { + // A little trick to reset session_admin on session re-usage + $update_admin = (!defined('IN_ADMIN') && $current_time - $userdata['session_time'] > ($board_config['session_length']+60)) ? ', session_admin = 0' : ''; + $sql = "UPDATE " . SESSIONS_TABLE . " ! SET session_time = $current_time, session_page = $thispage_id$update_admin WHERE session_id = '" . $userdata['session_id'] . "'"; if ( !$db->sql_query($sql) ) { *************** *** 282,288 **** if ( $userdata['user_id'] != ANONYMOUS ) { $sql = "UPDATE " . USERS_TABLE . " ! SET user_session_time = $current_time, user_session_page = $thispage_id WHERE user_id = " . $userdata['user_id']; if ( !$db->sql_query($sql) ) { --- 305,311 ---- if ( $userdata['user_id'] != ANONYMOUS ) { $sql = "UPDATE " . USERS_TABLE . " ! SET user_session_time = $current_time, user_session_page = $thispage_id WHERE user_id = " . $userdata['user_id']; if ( !$db->sql_query($sql) ) { *************** *** 294,299 **** --- 317,323 ---- // Delete expired sessions // $expiry_time = $current_time - $board_config['session_length']; + $sql = "DELETE FROM " . SESSIONS_TABLE . " WHERE session_time < $expiry_time AND session_id <> '$session_id'"; diff -crN phpbb2012/includes/smtp.php phpbb2017/includes/smtp.php *** phpbb2012/includes/smtp.php Mon Feb 21 20:30:20 2005 --- phpbb2017/includes/smtp.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: smtp.php,v 1.16.2.9 2003/07/18 16:34:01 acydburn Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: smtp.php,v 1.16.2.10 2005/05/06 20:50:11 acydburn Exp $ * ***************************************************************************/ *************** *** 106,112 **** // Ok we have error checked as much as we can to this point let's get on // it already. ! if( !$socket = fsockopen($board_config['smtp_host'], 25, $errno, $errstr, 20) ) { message_die(GENERAL_ERROR, "Could not connect to smtp host : $errno : $errstr", "", __LINE__, __FILE__); } --- 106,112 ---- // Ok we have error checked as much as we can to this point let's get on // it already. ! if( !$socket = @fsockopen($board_config['smtp_host'], 25, $errno, $errstr, 20) ) { message_die(GENERAL_ERROR, "Could not connect to smtp host : $errno : $errstr", "", __LINE__, __FILE__); } diff -crN phpbb2012/includes/template.php phpbb2017/includes/template.php *** phpbb2012/includes/template.php Mon Feb 21 20:30:20 2005 --- phpbb2017/includes/template.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: template.php,v 1.10.2.4 2005/02/21 18:37:50 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: template.php,v 1.10.2.5 2005/05/06 20:50:11 acydburn Exp $ * * ***************************************************************************/ *************** *** 475,478 **** } ! ?> --- 475,478 ---- } ! ?> \ No newline at end of file diff -crN phpbb2012/includes/topic_review.php phpbb2017/includes/topic_review.php *** phpbb2012/includes/topic_review.php Mon Feb 21 20:30:20 2005 --- phpbb2017/includes/topic_review.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: topic_review.php,v 1.5.2.3 2004/11/18 17:49:45 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: topic_review.php,v 1.5.2.4 2005/05/06 20:50:12 acydburn Exp $ * * ***************************************************************************/ *************** *** 225,228 **** } } ! ?> --- 225,228 ---- } } ! ?> \ No newline at end of file diff -crN phpbb2012/includes/usercp_activate.php phpbb2017/includes/usercp_activate.php *** phpbb2012/includes/usercp_activate.php Mon Feb 21 20:30:20 2005 --- phpbb2017/includes/usercp_activate.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_activate.php,v 1.6.2.7 2003/05/03 23:24:02 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_activate.php,v 1.6.2.8 2005/07/19 20:01:16 acydburn Exp $ * * ***************************************************************************/ *************** *** 47,52 **** --- 47,57 ---- } else if ((trim($row['user_actkey']) == trim($HTTP_GET_VARS['act_key'])) && (trim($row['user_actkey']) != '')) { + if (intval($board_config['require_activation']) == USER_ACTIVATION_ADMIN && $userdata['user_level'] != ADMIN) + { + message_die(GENERAL_MESSAGE, $lang['Not_Authorised']); + } + $sql_update_pass = ( $row['user_newpasswd'] != '' ) ? ", user_password = '" . str_replace("\'", "''", $row['user_newpasswd']) . "', user_newpasswd = ''" : ''; $sql = "UPDATE " . USERS_TABLE . " diff -crN phpbb2012/includes/usercp_avatar.php phpbb2017/includes/usercp_avatar.php *** phpbb2012/includes/usercp_avatar.php Mon Feb 21 20:30:20 2005 --- phpbb2017/includes/usercp_avatar.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_avatar.php,v 1.8.2.19 2005/02/21 18:37:51 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_avatar.php,v 1.8.2.21 2005/07/19 20:01:16 acydburn Exp $ * * ***************************************************************************/ *************** *** 86,91 **** --- 86,93 ---- function user_avatar_url($mode, &$error, &$error_msg, $avatar_filename) { + global $lang; + if ( !preg_match('#^(http)|(ftp):\/\/#i', $avatar_filename) ) { $avatar_filename = 'http://' . $avatar_filename; *************** *** 199,205 **** return; } ! if ( $width <= $board_config['avatar_max_width'] && $height <= $board_config['avatar_max_height'] ) { $new_filename = uniqid(rand()) . $imgtype; --- 201,207 ---- return; } ! if ( $width > 0 && $height > 0 && $width <= $board_config['avatar_max_width'] && $height <= $board_config['avatar_max_height'] ) { $new_filename = uniqid(rand()) . $imgtype; diff -crN phpbb2012/includes/usercp_register.php phpbb2017/includes/usercp_register.php *** phpbb2012/includes/usercp_register.php Mon Feb 21 20:30:20 2005 --- phpbb2017/includes/usercp_register.php Tue Jul 19 22:14:56 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_register.php,v 1.20.2.59 2005/02/21 18:37:51 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_register.php,v 1.20.2.61 2005/06/26 12:03:44 acydburn Exp $ * * ***************************************************************************/ *************** *** 409,417 **** // Error is already triggered, since one field is empty. $error = TRUE; } ! else if ( $username != $userdata['username'] || $mode == 'register' ) { ! if (strtolower($username) != strtolower($userdata['username'])) { $result = validate_username($username); if ( $result['error'] ) --- 409,417 ---- // Error is already triggered, since one field is empty. $error = TRUE; } ! else if ( $username != $userdata['username'] || $mode == 'register') { ! if (strtolower($username) != strtolower($userdata['username']) || $mode == 'register') { $result = validate_username($username); if ( $result['error'] ) *************** *** 454,460 **** { $avatar_sql = user_avatar_delete($userdata['user_avatar_type'], $userdata['user_avatar']); } ! if ( ( !empty($user_avatar_upload) || !empty($user_avatar_name) ) && $board_config['allow_avatar_upload'] ) { if ( !empty($user_avatar_upload) ) --- 454,460 ---- { $avatar_sql = user_avatar_delete($userdata['user_avatar_type'], $userdata['user_avatar']); } ! else if ( ( !empty($user_avatar_upload) || !empty($user_avatar_name) ) && $board_config['allow_avatar_upload'] ) { if ( !empty($user_avatar_upload) ) diff -crN phpbb2012/includes/usercp_viewprofile.php phpbb2017/includes/usercp_viewprofile.php *** phpbb2012/includes/usercp_viewprofile.php Mon Feb 21 20:30:20 2005 --- phpbb2017/includes/usercp_viewprofile.php Tue Jul 19 22:14:57 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_viewprofile.php,v 1.5.2.3 2004/11/18 17:49:45 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: usercp_viewprofile.php,v 1.5.2.5 2005/07/19 20:01:16 acydburn Exp $ * * ***************************************************************************/ *************** *** 33,38 **** --- 33,43 ---- } $profiledata = get_userdata($HTTP_GET_VARS[POST_USERS_URL]); + if (!$profiledata) + { + message_die(GENERAL_MESSAGE, $lang['No_user_id_specified']); + } + $sql = "SELECT * FROM " . RANKS_TABLE . " ORDER BY rank_special, rank_min"; *************** *** 160,167 **** $yim = ( $profiledata['user_yim'] ) ? '' . $lang['YIM'] . '' : ''; $temp_url = append_sid("search.$phpEx?search_author=" . urlencode($profiledata['username']) . "&showresults=posts"); ! $search_img = '' . $lang['Search_user_posts'] . ''; ! $search = '' . $lang['Search_user_posts'] . ''; // // Generate page --- 165,172 ---- $yim = ( $profiledata['user_yim'] ) ? '' . $lang['YIM'] . '' : ''; $temp_url = append_sid("search.$phpEx?search_author=" . urlencode($profiledata['username']) . "&showresults=posts"); ! $search_img = '' . $lang['Search_user_posts'] . ''; ! $search = '' . sprintf($lang['Search_user_posts'], $profiledata['username']) . ''; // // Generate page diff -crN phpbb2012/language/lang_english/lang_main.php phpbb2017/language/lang_english/lang_main.php *** phpbb2012/language/lang_english/lang_main.php Mon Feb 21 20:30:21 2005 --- phpbb2017/language/lang_english/lang_main.php Tue Jul 19 22:14:57 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: lang_main.php,v 1.85.2.15 2003/06/10 00:31:19 psotfx Exp $ * ****************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: lang_main.php,v 1.85.2.16 2005/05/06 20:50:13 acydburn Exp $ * ****************************************************************************/ *************** *** 1017,1022 **** --- 1017,1024 ---- $lang['Critical_Error'] = 'Critical Error'; $lang['An_error_occured'] = 'An Error Occurred'; $lang['A_critical_error'] = 'A Critical Error Occurred'; + + $lang['Admin_reauthenticate'] = 'To administer the board you must re-authenticate yourself.'; // // That's all, Folks! diff -crN phpbb2012/login.php phpbb2017/login.php *** phpbb2012/login.php Mon Feb 21 20:30:21 2005 --- phpbb2017/login.php Tue Jul 19 22:14:58 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: login.php,v 1.47.2.17 2004/11/18 17:49:35 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: login.php,v 1.47.2.18 2005/05/06 20:50:10 acydburn Exp $ * * ***************************************************************************/ *************** *** 52,58 **** if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($HTTP_POST_VARS['logout']) || isset($HTTP_GET_VARS['logout']) ) { ! if( ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) ) && !$userdata['session_logged_in'] ) { $username = isset($HTTP_POST_VARS['username']) ? phpbb_clean_username($HTTP_POST_VARS['username']) : ''; $password = isset($HTTP_POST_VARS['password']) ? $HTTP_POST_VARS['password'] : ''; --- 52,58 ---- if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($HTTP_POST_VARS['logout']) || isset($HTTP_GET_VARS['logout']) ) { ! if( ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) ) && (!$userdata['session_logged_in'] || isset($HTTP_POST_VARS['admin'])) ) { $username = isset($HTTP_POST_VARS['username']) ? phpbb_clean_username($HTTP_POST_VARS['username']) : ''; $password = isset($HTTP_POST_VARS['password']) ? $HTTP_POST_VARS['password'] : ''; *************** *** 77,83 **** { $autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0; ! $session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin); if( $session_id ) { --- 77,84 ---- { $autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0; ! $admin = (isset($HTTP_POST_VARS['admin'])) ? 1 : 0; ! $session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin, $admin); if( $session_id ) { *************** *** 158,164 **** // Do a full login page dohickey if // user not already logged in // ! if( !$userdata['session_logged_in'] ) { $page_title = $lang['Login']; include($phpbb_root_path . 'includes/page_header.'.$phpEx); --- 159,165 ---- // Do a full login page dohickey if // user not already logged in // ! if( !$userdata['session_logged_in'] || (isset($HTTP_GET_VARS['admin']) && $userdata['session_logged_in'] && $userdata['user_level'] == ADMIN)) { $page_title = $lang['Login']; include($phpbb_root_path . 'includes/page_header.'.$phpEx); *************** *** 207,218 **** $username = ( $userdata['user_id'] != ANONYMOUS ) ? $userdata['username'] : ''; $s_hidden_fields = ''; make_jumpbox('viewforum.'.$phpEx, $forum_id); $template->assign_vars(array( 'USERNAME' => $username, ! 'L_ENTER_PASSWORD' => $lang['Enter_password'], 'L_SEND_PASSWORD' => $lang['Forgotten_password'], 'U_SEND_PASSWORD' => append_sid("profile.$phpEx?mode=sendpassword"), --- 208,220 ---- $username = ( $userdata['user_id'] != ANONYMOUS ) ? $userdata['username'] : ''; $s_hidden_fields = ''; + $s_hidden_fields .= (isset($HTTP_GET_VARS['admin'])) ? '' : ''; make_jumpbox('viewforum.'.$phpEx, $forum_id); $template->assign_vars(array( 'USERNAME' => $username, ! 'L_ENTER_PASSWORD' => (isset($HTTP_GET_VARS['admin'])) ? $lang['Admin_reauthenticate'] : $lang['Enter_password'], 'L_SEND_PASSWORD' => $lang['Forgotten_password'], 'U_SEND_PASSWORD' => append_sid("profile.$phpEx?mode=sendpassword"), diff -crN phpbb2012/modcp.php phpbb2017/modcp.php *** phpbb2012/modcp.php Mon Feb 21 20:30:21 2005 --- phpbb2017/modcp.php Tue Jul 19 22:14:58 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: modcp.php,v 1.71.2.24 2004/07/11 16:46:15 acydburn Exp $ * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: modcp.php,v 1.71.2.26 2005/06/26 12:03:46 acydburn Exp $ * ***************************************************************************/ *************** *** 131,136 **** --- 131,141 ---- } $topic_row = $db->sql_fetchrow($result); + if (!$topic_row) + { + message_die(GENERAL_MESSAGE, 'Topic_post_not_exist'); + } + $forum_topics = ( $topic_row['forum_topics'] == 0 ) ? 1 : $topic_row['forum_topics']; $forum_id = $topic_row['forum_id']; $forum_name = $topic_row['forum_name']; *************** *** 146,151 **** --- 151,161 ---- } $topic_row = $db->sql_fetchrow($result); + if (!$topic_row) + { + message_die(GENERAL_MESSAGE, 'Forum_not_exist'); + } + $forum_topics = ( $topic_row['forum_topics'] == 0 ) ? 1 : $topic_row['forum_topics']; $forum_name = $topic_row['forum_name']; } *************** *** 453,458 **** --- 463,482 ---- $new_forum_id = intval($HTTP_POST_VARS['new_forum']); $old_forum_id = $forum_id; + $sql = 'SELECT forum_id FROM ' . FORUMS_TABLE . ' + WHERE forum_id = ' . $new_forum_id; + if ( !($result = $db->sql_query($sql)) ) + { + message_die(GENERAL_ERROR, 'Could not select from forums table', '', __LINE__, __FILE__, $sql); + } + + if (!$db->sql_fetchrow($result)) + { + message_die(GENERAL_MESSAGE, 'New forum does not exist'); + } + + $db->sql_freeresult($result); + if ( $new_forum_id != $old_forum_id ) { $topics = ( isset($HTTP_POST_VARS['topic_id_list']) ) ? $HTTP_POST_VARS['topic_id_list'] : array($topic_id); *************** *** 746,751 **** --- 770,789 ---- $new_forum_id = intval($HTTP_POST_VARS['new_forum_id']); $topic_time = time(); + $sql = 'SELECT forum_id FROM ' . FORUMS_TABLE . ' + WHERE forum_id = ' . $new_forum_id; + if ( !($result = $db->sql_query($sql)) ) + { + message_die(GENERAL_ERROR, 'Could not select from forums table', '', __LINE__, __FILE__, $sql); + } + + if (!$db->sql_fetchrow($result)) + { + message_die(GENERAL_MESSAGE, 'New forum does not exist'); + } + + $db->sql_freeresult($result); + $sql = "INSERT INTO " . TOPICS_TABLE . " (topic_title, topic_poster, topic_time, forum_id, topic_status, topic_type) VALUES ('" . str_replace("\'", "''", $post_subject) . "', $first_poster, " . $topic_time . ", $new_forum_id, " . TOPIC_UNLOCKED . ", " . POST_NORMAL . ")"; if (!($db->sql_query($sql, BEGIN_TRANSACTION))) diff -crN phpbb2012/posting.php phpbb2017/posting.php *** phpbb2012/posting.php Mon Feb 21 20:30:21 2005 --- phpbb2017/posting.php Tue Jul 19 22:14:58 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: posting.php,v 1.159.2.22 2004/07/11 16:46:16 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: posting.php,v 1.159.2.23 2005/05/06 20:50:10 acydburn Exp $ * * ***************************************************************************/ *************** *** 1105,1108 **** include($phpbb_root_path . 'includes/page_tail.'.$phpEx); ! ?> --- 1105,1108 ---- include($phpbb_root_path . 'includes/page_tail.'.$phpEx); ! ?> \ No newline at end of file diff -crN phpbb2012/privmsg.php phpbb2017/privmsg.php *** phpbb2012/privmsg.php Mon Feb 21 20:30:21 2005 --- phpbb2017/privmsg.php Tue Jul 19 22:14:58 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: privmsg.php,v 1.96.2.37 2004/11/18 17:49:36 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: privmsg.php,v 1.96.2.40 2005/07/19 20:01:19 acydburn Exp $ * * ***************************************************************************/ *************** *** 563,571 **** // If the board has HTML off but the post has HTML // on then we process it, else leave it alone // ! if ( !$board_config['allow_html'] ) { ! if ( $user_sig != '' && $privmsg['privmsgs_enable_sig'] && $userdata['user_allowhtml'] ) { $user_sig = preg_replace('#(<)([\/]?.*?)(>)#is', "<\\2>", $user_sig); } --- 563,571 ---- // If the board has HTML off but the post has HTML // on then we process it, else leave it alone // ! if ( !$board_config['allow_html'] || !$userdata['user_allowhtml']) { ! if ( $user_sig != '') { $user_sig = preg_replace('#(<)([\/]?.*?)(>)#is', "<\\2>", $user_sig); } *************** *** 698,744 **** } else if ( $confirm ) { ! if ( $delete_all ) { ! switch($folder) { ! case 'inbox': ! $delete_type = "privmsgs_to_userid = " . $userdata['user_id'] . " AND ( ! privmsgs_type = " . PRIVMSGS_READ_MAIL . " OR privmsgs_type = " . PRIVMSGS_NEW_MAIL . " OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " )"; ! break; ! case 'outbox': ! $delete_type = "privmsgs_from_userid = " . $userdata['user_id'] . " AND ( privmsgs_type = " . PRIVMSGS_NEW_MAIL . " OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " )"; ! break; ! case 'sentbox': ! $delete_type = "privmsgs_from_userid = " . $userdata['user_id'] . " AND privmsgs_type = " . PRIVMSGS_SENT_MAIL; ! break; ! case 'savebox': ! $delete_type = "( ( privmsgs_from_userid = " . $userdata['user_id'] . " ! AND privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " ) ! OR ( privmsgs_to_userid = " . $userdata['user_id'] . " ! AND privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " ) )"; ! break; ! } ! $sql = "SELECT privmsgs_id ! FROM " . PRIVMSGS_TABLE . " ! WHERE $delete_type"; ! if ( !($result = $db->sql_query($sql)) ) ! { ! message_die(GENERAL_ERROR, 'Could not obtain id list to delete all messages', '', __LINE__, __FILE__, $sql); ! } ! while ( $row = $db->sql_fetchrow($result) ) ! { ! $mark_list[] = $row['privmsgs_id']; ! } ! unset($delete_type); } if ( count($mark_list) ) { $delete_sql_id = ''; --- 698,754 ---- } else if ( $confirm ) { ! $delete_sql_id = ''; ! ! if (!$delete_all) { ! for ($i = 0; $i < count($mark_list); $i++) { ! $delete_sql_id .= (($delete_sql_id != '') ? ', ' : '') . intval($mark_list[$i]); ! } ! $delete_sql_id = "AND privmsgs_id IN ($delete_sql_id)"; ! } ! switch($folder) ! { ! case 'inbox': ! $delete_type = "privmsgs_to_userid = " . $userdata['user_id'] . " AND ( ! privmsgs_type = " . PRIVMSGS_READ_MAIL . " OR privmsgs_type = " . PRIVMSGS_NEW_MAIL . " OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " )"; ! break; ! case 'outbox': ! $delete_type = "privmsgs_from_userid = " . $userdata['user_id'] . " AND ( privmsgs_type = " . PRIVMSGS_NEW_MAIL . " OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " )"; ! break; ! case 'sentbox': ! $delete_type = "privmsgs_from_userid = " . $userdata['user_id'] . " AND privmsgs_type = " . PRIVMSGS_SENT_MAIL; ! break; ! case 'savebox': ! $delete_type = "( ( privmsgs_from_userid = " . $userdata['user_id'] . " ! AND privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " ) ! OR ( privmsgs_to_userid = " . $userdata['user_id'] . " ! AND privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " ) )"; ! break; ! } ! $sql = "SELECT privmsgs_id ! FROM " . PRIVMSGS_TABLE . " ! WHERE $delete_type $delete_sql_id"; ! ! if ( !($result = $db->sql_query($sql)) ) ! { ! message_die(GENERAL_ERROR, 'Could not obtain id list to delete messages', '', __LINE__, __FILE__, $sql); ! } ! $mark_list = array(); ! while ( $row = $db->sql_fetchrow($result) ) ! { ! $mark_list[] = $row['privmsgs_id']; } + unset($delete_type); + if ( count($mark_list) ) { $delete_sql_id = ''; *************** *** 1494,1499 **** --- 1504,1513 ---- $mode = 'reply'; } } + else + { + $privmsg_subject = $privmsg_message = ''; + } } // *************** *** 1528,1536 **** // // Finalise processing as per viewtopic // ! if ( !$html_on ) { ! if ( $user_sig != '' || !$userdata['user_allowhtml'] ) { $user_sig = preg_replace('#(<)([\/]?.*?)(>)#is', "<\\2>", $user_sig); } --- 1542,1550 ---- // // Finalise processing as per viewtopic // ! if ( !$html_on || !$board_config['allow_html'] || !$userdata['user_allowhtml'] ) { ! if ( $user_sig != '' ) { $user_sig = preg_replace('#(<)([\/]?.*?)(>)#is', "<\\2>", $user_sig); } *************** *** 2020,2025 **** --- 2034,2043 ---- break; } } + else + { + $inbox_limit_img_length = $inbox_limit_pct = $l_box_size_status = ''; + } // // Dump vars to template *************** *** 2153,2156 **** include($phpbb_root_path . 'includes/page_tail.'.$phpEx); ! ?> --- 2171,2174 ---- include($phpbb_root_path . 'includes/page_tail.'.$phpEx); ! ?> \ No newline at end of file diff -crN phpbb2012/search.php phpbb2017/search.php *** phpbb2012/search.php Mon Feb 21 20:30:21 2005 --- phpbb2017/search.php Tue Jul 19 22:14:58 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: search.php,v 1.72.2.15 2004/11/18 17:49:39 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: search.php,v 1.72.2.16 2005/03/15 18:34:34 acydburn Exp $ * * ***************************************************************************/ *************** *** 197,202 **** --- 197,207 ---- } else { + if (preg_match('#^[\*%]+$#', trim($search_author)) || preg_match('#^[^\*]{1,2}$#', str_replace(array('*', '%'), '', trim($search_author)))) + { + $search_author = ''; + } + $search_author = str_replace('*', '%', trim($search_author)); $sql = "SELECT user_id *************** *** 264,269 **** --- 269,280 ---- for($i = 0; $i < count($split_search); $i++) { + if (preg_match('#^[\*%]+$#', trim($split_search[$i])) || preg_match('#^[^\*]{1,2}$#', str_replace(array('*', '%'), '', trim($split_search[$i])))) + { + $split_search[$i] = ''; + continue; + } + switch ( $split_search[$i] ) { case 'and': *************** *** 407,412 **** --- 418,428 ---- // if ( $search_author != '' ) { + if (preg_match('#^[\*%]+$#', trim($search_author)) || preg_match('#^[^\*]{1,2}$#', str_replace(array('*', '%'), '', trim($search_author)))) + { + $search_author = ''; + } + $search_author = str_replace('*', '%', trim(str_replace("\'", "''", $search_author))); } diff -crN phpbb2012/templates/subSilver/faq_body.tpl phpbb2017/templates/subSilver/faq_body.tpl *** phpbb2012/templates/subSilver/faq_body.tpl Mon Feb 21 20:30:21 2005 --- phpbb2017/templates/subSilver/faq_body.tpl Tue Jul 19 22:14:57 2005 *************** *** 34,40 **** ! {faq_block.faq_row.FAQ_QUESTION}
{faq_block.faq_row.FAQ_ANSWER}
{L_BACK_TO_TOP} --- 34,40 ---- ! {faq_block.faq_row.FAQ_QUESTION}
{faq_block.faq_row.FAQ_ANSWER}
{L_BACK_TO_TOP} diff -crN phpbb2012/templates/subSilver/login_body.tpl phpbb2017/templates/subSilver/login_body.tpl *** phpbb2012/templates/subSilver/login_body.tpl Mon Feb 21 20:30:21 2005 --- phpbb2017/templates/subSilver/login_body.tpl Tue Jul 19 22:14:57 2005 *************** *** 19,31 **** {L_USERNAME}: ! {L_PASSWORD}: ! --- 19,31 ---- {L_USERNAME}: ! {L_PASSWORD}: ! diff -crN phpbb2012/viewonline.php phpbb2017/viewonline.php *** phpbb2012/viewonline.php Mon Feb 21 20:30:21 2005 --- phpbb2017/viewonline.php Tue Jul 19 22:14:58 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: viewonline.php,v 1.54.2.3 2004/07/11 16:46:17 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: viewonline.php,v 1.54.2.4 2005/05/06 20:50:10 acydburn Exp $ * * ***************************************************************************/ *************** *** 286,289 **** include($phpbb_root_path . 'includes/page_tail.'.$phpEx); ! ?> --- 286,289 ---- include($phpbb_root_path . 'includes/page_tail.'.$phpEx); ! ?> \ No newline at end of file diff -crN phpbb2012/viewtopic.php phpbb2017/viewtopic.php *** phpbb2012/viewtopic.php Mon Feb 21 20:30:21 2005 --- phpbb2017/viewtopic.php Tue Jul 19 22:14:58 2005 *************** *** 6,12 **** * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: viewtopic.php,v 1.186.2.38 2005/02/21 18:37:06 acydburn Exp $ * * ***************************************************************************/ --- 6,12 ---- * copyright : (C) 2001 The phpBB Group * email : support@phpbb.com * ! * $Id: viewtopic.php,v 1.186.2.43 2005/07/19 20:01:21 acydburn Exp $ * * ***************************************************************************/ *************** *** 989,996 **** $quote = '' . $lang['Reply_with_quote'] . ''; $temp_url = append_sid("search.$phpEx?search_author=" . urlencode($postrow[$i]['username']) . "&showresults=posts"); ! $search_img = '' . $lang['Search_user_posts'] . ''; ! $search = '' . $lang['Search_user_posts'] . ''; if ( ( $userdata['user_id'] == $poster_id && $is_auth['auth_edit'] ) || $is_auth['auth_mod'] ) { --- 989,996 ---- $quote = '' . $lang['Reply_with_quote'] . ''; $temp_url = append_sid("search.$phpEx?search_author=" . urlencode($postrow[$i]['username']) . "&showresults=posts"); ! $search_img = '' . $lang['Search_user_posts'] . ''; ! $search = '' . sprintf($lang['Search_user_posts'], $postrow[$i]['username']) . ''; if ( ( $userdata['user_id'] == $poster_id && $is_auth['auth_edit'] ) || $is_auth['auth_mod'] ) { *************** *** 1049,1057 **** // If the board has HTML off but the post has HTML // on then we process it, else leave it alone // ! if ( !$board_config['allow_html'] ) { ! if ( $user_sig != '' && $userdata['user_allowhtml'] ) { $user_sig = preg_replace('#(<)([\/]?.*?)(>)#is', "<\\2>", $user_sig); } --- 1049,1057 ---- // If the board has HTML off but the post has HTML // on then we process it, else leave it alone // ! if ( !$board_config['allow_html'] || !$userdata['user_allowhtml']) { ! if ( $user_sig != '' ) { $user_sig = preg_replace('#(<)([\/]?.*?)(>)#is', "<\\2>", $user_sig); } *************** *** 1107,1113 **** { // This was shamelessly 'borrowed' from volker at multiartstudio dot de // via php.net's annotated manual ! $message = str_replace('\"', '"', substr(preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "preg_replace('#\b(" . $highlight_match . ")\b#i', '\\\\1', '\\0')", '>' . $message . '<'), 1, -1)); } // --- 1107,1113 ---- { // This was shamelessly 'borrowed' from volker at multiartstudio dot de // via php.net's annotated manual ! $message = str_replace('\"', '"', substr(@preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "@preg_replace('#\b(" . str_replace('\\', '\\\\', addslashes($highlight_match)) . ")\b#i', '\\\\1', '\\0')", '>' . $message . '<'), 1, -1)); } // *************** *** 1119,1128 **** if ($user_sig != '') { ! $user_sig = str_replace('\"', '"', substr(preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "preg_replace(\$orig_word, \$replacement_word, '\\0')", '>' . $user_sig . '<'), 1, -1)); } ! $message = str_replace('\"', '"', substr(preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "preg_replace(\$orig_word, \$replacement_word, '\\0')", '>' . $message . '<'), 1, -1)); } // --- 1119,1128 ---- if ($user_sig != '') { ! $user_sig = str_replace('\"', '"', substr(@preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "@preg_replace(\$orig_word, \$replacement_word, '\\0')", '>' . $user_sig . '<'), 1, -1)); } ! $message = str_replace('\"', '"', substr(@preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "@preg_replace(\$orig_word, \$replacement_word, '\\0')", '>' . $message . '<'), 1, -1)); } // *************** *** 1213,1216 **** include($phpbb_root_path . 'includes/page_tail.'.$phpEx); ! ?> --- 1213,1216 ---- include($phpbb_root_path . 'includes/page_tail.'.$phpEx); ! ?> \ No newline at end of file