diff -crN phpbb2021/admin/admin_board.php phpbb2022/admin/admin_board.php
*** phpbb2021/admin/admin_board.php Fri Jun 9 16:29:41 2006
--- phpbb2022/admin/admin_board.php Tue Dec 19 18:29:14 2006
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_board.php,v 1.51.2.15 2006/02/10 22:19:01 grahamje Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_board.php,v 1.51.2.16 2006/12/16 13:11:24 acydburn Exp $
*
*
***************************************************************************/
***************
*** 59,64 ****
--- 59,74 ----
$new['server_name'] = str_replace('http://', '', $new['server_name']);
}
+ // Attempt to prevent a mistake with this value.
+ if ($config_name == 'avatar_path')
+ {
+ $new['avatar_path'] = trim($new['avatar_path']);
+ if (strstr($new['avatar_path'], "\0") || !is_dir($phpbb_root_path . $new['avatar_path']) || !is_writable($phpbb_root_path . $new['avatar_path']))
+ {
+ $new['avatar_path'] = $default_config['avatar_path'];
+ }
+ }
+
if( isset($HTTP_POST_VARS['submit']) )
{
$sql = "UPDATE " . CONFIG_TABLE . " SET
diff -crN phpbb2021/groupcp.php phpbb2022/groupcp.php
*** phpbb2021/groupcp.php Fri Jun 9 16:29:42 2006
--- phpbb2022/groupcp.php Tue Dec 19 18:29:16 2006
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: groupcp.php,v 1.58.2.25 2005/09/17 18:36:48 grahamje Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: groupcp.php,v 1.58.2.27 2006/12/16 13:11:24 acydburn Exp $
*
*
***************************************************************************/
***************
*** 148,153 ****
--- 148,154 ----
$cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? TRUE : 0;
$start = ( isset($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0;
+ $start = ($start < 0) ? 0 : $start;
//
// Default var values
***************
*** 418,438 ****
FROM " . AUTH_ACCESS_TABLE . " aa
WHERE aa.group_id = g.group_id
)
! )";
break;
case 'oracle':
$sql = "SELECT g.group_moderator, g.group_type, aa.auth_mod
FROM " . GROUPS_TABLE . " g, " . AUTH_ACCESS_TABLE . " aa
WHERE g.group_id = $group_id
! AND aa.group_id (+) = g.group_id";
break;
default:
$sql = "SELECT g.group_moderator, g.group_type, aa.auth_mod
FROM ( " . GROUPS_TABLE . " g
LEFT JOIN " . AUTH_ACCESS_TABLE . " aa ON aa.group_id = g.group_id )
! WHERE g.group_id = $group_id";
break;
}
if ( !($result = $db->sql_query($sql)) )
--- 419,442 ----
FROM " . AUTH_ACCESS_TABLE . " aa
WHERE aa.group_id = g.group_id
)
! )
! ORDER BY aa.auth_mod DESC";
break;
case 'oracle':
$sql = "SELECT g.group_moderator, g.group_type, aa.auth_mod
FROM " . GROUPS_TABLE . " g, " . AUTH_ACCESS_TABLE . " aa
WHERE g.group_id = $group_id
! AND aa.group_id (+) = g.group_id
! ORDER BY aa.auth_mod DESC";
break;
default:
$sql = "SELECT g.group_moderator, g.group_type, aa.auth_mod
FROM ( " . GROUPS_TABLE . " g
LEFT JOIN " . AUTH_ACCESS_TABLE . " aa ON aa.group_id = g.group_id )
! WHERE g.group_id = $group_id
! ORDER BY aa.auth_mod DESC";
break;
}
if ( !($result = $db->sql_query($sql)) )
diff -crN phpbb2021/includes/functions.php phpbb2022/includes/functions.php
*** phpbb2021/includes/functions.php Fri Jun 9 16:29:41 2006
--- phpbb2022/includes/functions.php Tue Dec 19 18:29:15 2006
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: functions.php,v 1.133.2.47 2006/06/08 21:11:04 grahamje Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: functions.php,v 1.133.2.48 2006/12/16 13:11:26 acydburn Exp $
*
*
***************************************************************************/
***************
*** 917,923 ****
$db->sql_close();
}
! if (strstr(urldecode($url), "\n") || strstr(urldecode($url), "\r"))
{
message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
}
--- 917,923 ----
$db->sql_close();
}
! if (strstr(urldecode($url), "\n") || strstr(urldecode($url), "\r") || strstr(urldecode($url), ';url'))
{
message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
}
diff -crN phpbb2021/includes/usercp_email.php phpbb2022/includes/usercp_email.php
*** phpbb2021/includes/usercp_email.php Fri Jun 9 16:29:41 2006
--- phpbb2022/includes/usercp_email.php Tue Dec 19 18:29:15 2006
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: usercp_email.php,v 1.7.2.13 2003/06/06 18:02:15 acydburn Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: usercp_email.php,v 1.7.2.14 2006/12/16 13:11:26 acydburn Exp $
*
*
***************************************************************************/
***************
*** 52,135 ****
WHERE user_id = $user_id";
if ( $result = $db->sql_query($sql) )
{
! $row = $db->sql_fetchrow($result);
!
! $username = $row['username'];
! $user_email = $row['user_email'];
! $user_lang = $row['user_lang'];
!
! if ( $row['user_viewemail'] || $userdata['user_level'] == ADMIN )
{
- if ( time() - $userdata['user_emailtime'] < $board_config['flood_interval'] )
- {
- message_die(GENERAL_MESSAGE, $lang['Flood_email_limit']);
- }
! if ( isset($HTTP_POST_VARS['submit']) )
{
! $error = FALSE;
!
! if ( !empty($HTTP_POST_VARS['subject']) )
! {
! $subject = trim(stripslashes($HTTP_POST_VARS['subject']));
! }
! else
{
! $error = TRUE;
! $error_msg = ( !empty($error_msg) ) ? $error_msg . '
' . $lang['Empty_subject_email'] : $lang['Empty_subject_email'];
}
!
! if ( !empty($HTTP_POST_VARS['message']) )
! {
! $message = trim(stripslashes($HTTP_POST_VARS['message']));
! }
! else
! {
! $error = TRUE;
! $error_msg = ( !empty($error_msg) ) ? $error_msg . '
' . $lang['Empty_message_email'] : $lang['Empty_message_email'];
! }
!
! if ( !$error )
{
! $sql = "UPDATE " . USERS_TABLE . "
! SET user_emailtime = " . time() . "
! WHERE user_id = " . $userdata['user_id'];
! if ( $result = $db->sql_query($sql) )
{
! include($phpbb_root_path . 'includes/emailer.'.$phpEx);
! $emailer = new emailer($board_config['smtp_delivery']);
!
! $emailer->from($userdata['user_email']);
! $emailer->replyto($userdata['user_email']);
!
! $email_headers = 'X-AntiAbuse: Board servername - ' . $server_name . "\n";
! $email_headers .= 'X-AntiAbuse: User_id - ' . $userdata['user_id'] . "\n";
! $email_headers .= 'X-AntiAbuse: Username - ' . $userdata['username'] . "\n";
! $email_headers .= 'X-AntiAbuse: User IP - ' . decode_ip($user_ip) . "\n";
!
! $emailer->use_template('profile_send_email', $user_lang);
! $emailer->email_address($user_email);
! $emailer->set_subject($subject);
! $emailer->extra_headers($email_headers);
!
! $emailer->assign_vars(array(
! 'SITENAME' => $board_config['sitename'],
! 'BOARD_EMAIL' => $board_config['board_email'],
! 'FROM_USERNAME' => $userdata['username'],
! 'TO_USERNAME' => $username,
! 'MESSAGE' => $message)
! );
! $emailer->send();
! $emailer->reset();
!
! if ( !empty($HTTP_POST_VARS['cc_email']) )
{
$emailer->from($userdata['user_email']);
$emailer->replyto($userdata['user_email']);
! $emailer->use_template('profile_send_email');
! $emailer->email_address($userdata['user_email']);
$emailer->set_subject($subject);
!
$emailer->assign_vars(array(
'SITENAME' => $board_config['sitename'],
'BOARD_EMAIL' => $board_config['board_email'],
--- 52,118 ----
WHERE user_id = $user_id";
if ( $result = $db->sql_query($sql) )
{
! if ( $row = $db->sql_fetchrow($result) )
{
! $username = $row['username'];
! $user_email = $row['user_email'];
! $user_lang = $row['user_lang'];
!
! if ( $row['user_viewemail'] || $userdata['user_level'] == ADMIN )
{
! if ( time() - $userdata['user_emailtime'] < $board_config['flood_interval'] )
{
! message_die(GENERAL_MESSAGE, $lang['Flood_email_limit']);
}
!
! if ( isset($HTTP_POST_VARS['submit']) )
{
! $error = FALSE;
!
! if ( !empty($HTTP_POST_VARS['subject']) )
{
! $subject = trim(stripslashes($HTTP_POST_VARS['subject']));
! }
! else
! {
! $error = TRUE;
! $error_msg = ( !empty($error_msg) ) ? $error_msg . '
' . $lang['Empty_subject_email'] : $lang['Empty_subject_email'];
! }
!
! if ( !empty($HTTP_POST_VARS['message']) )
! {
! $message = trim(stripslashes($HTTP_POST_VARS['message']));
! }
! else
! {
! $error = TRUE;
! $error_msg = ( !empty($error_msg) ) ? $error_msg . '
' . $lang['Empty_message_email'] : $lang['Empty_message_email'];
! }
!
! if ( !$error )
! {
! $sql = "UPDATE " . USERS_TABLE . "
! SET user_emailtime = " . time() . "
! WHERE user_id = " . $userdata['user_id'];
! if ( $result = $db->sql_query($sql) )
{
+ include($phpbb_root_path . 'includes/emailer.'.$phpEx);
+ $emailer = new emailer($board_config['smtp_delivery']);
+
$emailer->from($userdata['user_email']);
$emailer->replyto($userdata['user_email']);
!
! $email_headers = 'X-AntiAbuse: Board servername - ' . $server_name . "\n";
! $email_headers .= 'X-AntiAbuse: User_id - ' . $userdata['user_id'] . "\n";
! $email_headers .= 'X-AntiAbuse: Username - ' . $userdata['username'] . "\n";
! $email_headers .= 'X-AntiAbuse: User IP - ' . decode_ip($user_ip) . "\n";
!
! $emailer->use_template('profile_send_email', $user_lang);
! $emailer->email_address($user_email);
$emailer->set_subject($subject);
! $emailer->extra_headers($email_headers);
!
$emailer->assign_vars(array(
'SITENAME' => $board_config['sitename'],
'BOARD_EMAIL' => $board_config['board_email'],
***************
*** 139,210 ****
);
$emailer->send();
$emailer->reset();
}
-
- $template->assign_vars(array(
- 'META' => '')
- );
-
- $message = $lang['Email_sent'] . '
' . sprintf($lang['Click_return_index'], '', '');
-
- message_die(GENERAL_MESSAGE, $message);
- }
- else
- {
- message_die(GENERAL_ERROR, 'Could not update last email time', '', __LINE__, __FILE__, $sql);
}
}
! }
!
! include($phpbb_root_path . 'includes/page_header.'.$phpEx);
!
! $template->set_filenames(array(
! 'body' => 'profile_send_email.tpl')
! );
! make_jumpbox('viewforum.'.$phpEx);
!
! if ( $error )
! {
$template->set_filenames(array(
! 'reg_header' => 'error_body.tpl')
);
$template->assign_vars(array(
! 'ERROR_MESSAGE' => $error_msg)
);
! $template->assign_var_from_handle('ERROR_BOX', 'reg_header');
}
-
- $template->assign_vars(array(
- 'USERNAME' => $username,
-
- 'S_HIDDEN_FIELDS' => '',
- 'S_POST_ACTION' => append_sid("profile.$phpEx?mode=email&" . POST_USERS_URL . "=$user_id"),
-
- 'L_SEND_EMAIL_MSG' => $lang['Send_email_msg'],
- 'L_RECIPIENT' => $lang['Recipient'],
- 'L_SUBJECT' => $lang['Subject'],
- 'L_MESSAGE_BODY' => $lang['Message_body'],
- 'L_MESSAGE_BODY_DESC' => $lang['Email_message_desc'],
- 'L_EMPTY_SUBJECT_EMAIL' => $lang['Empty_subject_email'],
- 'L_EMPTY_MESSAGE_EMAIL' => $lang['Empty_message_email'],
- 'L_OPTIONS' => $lang['Options'],
- 'L_CC_EMAIL' => $lang['CC_email'],
- 'L_SPELLCHECK' => $lang['Spellcheck'],
- 'L_SEND_EMAIL' => $lang['Send_email'])
- );
-
- $template->pparse('body');
-
- include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
}
else
{
! message_die(GENERAL_MESSAGE, $lang['User_prevent_email']);
}
}
else
{
! message_die(GENERAL_MESSAGE, $lang['User_not_exist']);
}
?>
\ No newline at end of file
--- 122,216 ----
);
$emailer->send();
$emailer->reset();
+
+ if ( !empty($HTTP_POST_VARS['cc_email']) )
+ {
+ $emailer->from($userdata['user_email']);
+ $emailer->replyto($userdata['user_email']);
+ $emailer->use_template('profile_send_email');
+ $emailer->email_address($userdata['user_email']);
+ $emailer->set_subject($subject);
+
+ $emailer->assign_vars(array(
+ 'SITENAME' => $board_config['sitename'],
+ 'BOARD_EMAIL' => $board_config['board_email'],
+ 'FROM_USERNAME' => $userdata['username'],
+ 'TO_USERNAME' => $username,
+ 'MESSAGE' => $message)
+ );
+ $emailer->send();
+ $emailer->reset();
+ }
+
+ $template->assign_vars(array(
+ 'META' => '')
+ );
+
+ $message = $lang['Email_sent'] . '
' . sprintf($lang['Click_return_index'], '', '');
+
+ message_die(GENERAL_MESSAGE, $message);
+ }
+ else
+ {
+ message_die(GENERAL_ERROR, 'Could not update last email time', '', __LINE__, __FILE__, $sql);
}
}
}
!
! include($phpbb_root_path . 'includes/page_header.'.$phpEx);
!
$template->set_filenames(array(
! 'body' => 'profile_send_email.tpl')
);
+ make_jumpbox('viewforum.'.$phpEx);
+
+ if ( $error )
+ {
+ $template->set_filenames(array(
+ 'reg_header' => 'error_body.tpl')
+ );
+ $template->assign_vars(array(
+ 'ERROR_MESSAGE' => $error_msg)
+ );
+ $template->assign_var_from_handle('ERROR_BOX', 'reg_header');
+ }
+
$template->assign_vars(array(
! 'USERNAME' => $username,
!
! 'S_HIDDEN_FIELDS' => '',
! 'S_POST_ACTION' => append_sid("profile.$phpEx?mode=email&" . POST_USERS_URL . "=$user_id"),
!
! 'L_SEND_EMAIL_MSG' => $lang['Send_email_msg'],
! 'L_RECIPIENT' => $lang['Recipient'],
! 'L_SUBJECT' => $lang['Subject'],
! 'L_MESSAGE_BODY' => $lang['Message_body'],
! 'L_MESSAGE_BODY_DESC' => $lang['Email_message_desc'],
! 'L_EMPTY_SUBJECT_EMAIL' => $lang['Empty_subject_email'],
! 'L_EMPTY_MESSAGE_EMAIL' => $lang['Empty_message_email'],
! 'L_OPTIONS' => $lang['Options'],
! 'L_CC_EMAIL' => $lang['CC_email'],
! 'L_SPELLCHECK' => $lang['Spellcheck'],
! 'L_SEND_EMAIL' => $lang['Send_email'])
);
!
! $template->pparse('body');
!
! include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
! }
! else
! {
! message_die(GENERAL_MESSAGE, $lang['User_prevent_email']);
}
}
else
{
! message_die(GENERAL_MESSAGE, $lang['User_not_exist']);
}
}
else
{
! message_die(GENERAL_ERROR, 'Could not select user data', '', __LINE__, __FILE__, $sql);
}
?>
\ No newline at end of file
diff -crN phpbb2021/includes/usercp_register.php phpbb2022/includes/usercp_register.php
*** phpbb2021/includes/usercp_register.php Fri Jun 9 16:29:41 2006
--- phpbb2022/includes/usercp_register.php Tue Dec 19 18:29:15 2006
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: usercp_register.php,v 1.20.2.76 2006/05/30 19:29:43 grahamje Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: usercp_register.php,v 1.20.2.78 2006/12/17 10:51:27 acydburn Exp $
*
*
***************************************************************************/
***************
*** 144,149 ****
--- 144,150 ----
$notifyreply = ( isset($HTTP_POST_VARS['notifyreply']) ) ? ( ($HTTP_POST_VARS['notifyreply']) ? TRUE : 0 ) : 0;
$notifypm = ( isset($HTTP_POST_VARS['notifypm']) ) ? ( ($HTTP_POST_VARS['notifypm']) ? TRUE : 0 ) : TRUE;
$popup_pm = ( isset($HTTP_POST_VARS['popup_pm']) ) ? ( ($HTTP_POST_VARS['popup_pm']) ? TRUE : 0 ) : TRUE;
+ $sid = (isset($HTTP_POST_VARS['sid'])) ? $HTTP_POST_VARS['sid'] : 0;
if ( $mode == 'register' )
{
***************
*** 253,258 ****
--- 254,266 ----
{
include($phpbb_root_path . 'includes/usercp_avatar.'.$phpEx);
+ // session id check
+ if ($sid == '' || $sid != $userdata['session_id'])
+ {
+ $error = true;
+ $error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Session_invalid'];
+ }
+
$passwd_sql = '';
if ( $mode == 'editprofile' )
{
***************
*** 292,298 ****
AND session_id = '" . $userdata['session_id'] . "'";
if (!($result = $db->sql_query($sql)))
{
! message_die(GENERAL_ERROR, 'Could not obtain confirmation code', __LINE__, __FILE__, $sql);
}
if ($row = $db->sql_fetchrow($result))
--- 300,306 ----
AND session_id = '" . $userdata['session_id'] . "'";
if (!($result = $db->sql_query($sql)))
{
! message_die(GENERAL_ERROR, 'Could not obtain confirmation code', '', __LINE__, __FILE__, $sql);
}
if ($row = $db->sql_fetchrow($result))
***************
*** 309,315 ****
AND session_id = '" . $userdata['session_id'] . "'";
if (!$db->sql_query($sql))
{
! message_die(GENERAL_ERROR, 'Could not delete confirmation code', __LINE__, __FILE__, $sql);
}
}
}
--- 317,323 ----
AND session_id = '" . $userdata['session_id'] . "'";
if (!$db->sql_query($sql))
{
! message_die(GENERAL_ERROR, 'Could not delete confirmation code', '', __LINE__, __FILE__, $sql);
}
}
}
***************
*** 893,898 ****
--- 901,907 ----
}
$s_hidden_fields = '';
+ $s_hidden_fields .= '';
if( $mode == 'editprofile' )
{
$s_hidden_fields .= '';
diff -crN phpbb2021/language/lang_english/lang_main.php phpbb2022/language/lang_english/lang_main.php
*** phpbb2021/language/lang_english/lang_main.php Fri Jun 9 16:29:42 2006
--- phpbb2022/language/lang_english/lang_main.php Tue Dec 19 18:29:15 2006
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: lang_main.php,v 1.85.2.21 2006/02/05 15:59:48 grahamje Exp $
*
****************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: lang_main.php,v 1.85.2.22 2006/12/16 13:11:28 acydburn Exp $
*
****************************************************************************/
***************
*** 1018,1023 ****
--- 1018,1025 ----
$lang['Login_attempts_exceeded'] = 'The maximum number of %s login attempts has been exceeded. You are not allowed to login for the next %s minutes.';
$lang['Please_remove_install_contrib'] = 'Please ensure both the install/ and contrib/ directories are deleted';
+ $lang['Session_invalid'] = 'Invalid Session. Please resubmit the form.';
+
//
// That's all, Folks!
// -------------------------------------------------
diff -crN phpbb2021/login.php phpbb2022/login.php
*** phpbb2021/login.php Fri Jun 9 16:29:42 2006
--- phpbb2022/login.php Tue Dec 19 18:29:16 2006
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: login.php,v 1.47.2.24 2006/04/22 20:28:42 grahamje Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: login.php,v 1.47.2.25 2006/12/16 13:11:24 acydburn Exp $
*
*
***************************************************************************/
***************
*** 123,129 ****
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : '';
$redirect = str_replace('?', '&', $redirect);
! if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r"))
{
message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
}
--- 123,129 ----
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : '';
$redirect = str_replace('?', '&', $redirect);
! if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r") || strstr(urldecode($redirect), ';url'))
{
message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
}
***************
*** 142,148 ****
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "";
$redirect = str_replace("?", "&", $redirect);
! if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r"))
{
message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
}
--- 142,148 ----
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "";
$redirect = str_replace("?", "&", $redirect);
! if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r") || strstr(urldecode($redirect), ';url'))
{
message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
}
diff -crN phpbb2021/memberlist.php phpbb2022/memberlist.php
*** phpbb2021/memberlist.php Fri Jun 9 16:29:43 2006
--- phpbb2022/memberlist.php Tue Dec 19 18:29:16 2006
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: memberlist.php,v 1.36.2.12 2006/02/07 20:42:51 grahamje Exp $
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: memberlist.php,v 1.36.2.13 2006/12/16 13:11:24 acydburn Exp $
*
***************************************************************************/
***************
*** 34,39 ****
--- 34,40 ----
//
$start = ( isset($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0;
+ $start = ($start < 0) ? 0 : $start;
if ( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
{
diff -crN phpbb2021/modcp.php phpbb2022/modcp.php
*** phpbb2021/modcp.php Fri Jun 9 16:29:43 2006
--- phpbb2022/modcp.php Tue Dec 19 18:29:16 2006
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: modcp.php,v 1.71.2.28 2006/01/20 19:50:27 grahamje Exp $
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: modcp.php,v 1.71.2.29 2006/12/16 13:11:24 acydburn Exp $
*
***************************************************************************/
***************
*** 71,76 ****
--- 71,77 ----
// Continue var definitions
//
$start = ( isset($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0;
+ $start = ($start < 0) ? 0 : $start;
$delete = ( isset($HTTP_POST_VARS['delete']) ) ? TRUE : FALSE;
$move = ( isset($HTTP_POST_VARS['move']) ) ? TRUE : FALSE;
diff -crN phpbb2021/posting.php phpbb2022/posting.php
*** phpbb2021/posting.php Fri Jun 9 16:29:43 2006
--- phpbb2022/posting.php Tue Dec 19 18:29:16 2006
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: posting.php,v 1.159.2.28 2006/01/28 14:56:51 grahamje Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: posting.php,v 1.159.2.30 2006/12/16 13:11:24 acydburn Exp $
*
*
***************************************************************************/
***************
*** 44,49 ****
--- 44,50 ----
}
$confirm = isset($HTTP_POST_VARS['confirm']) ? true : false;
+ $sid = (isset($HTTP_POST_VARS['sid'])) ? $HTTP_POST_VARS['sid'] : 0;
$params = array('forum_id' => POST_FORUM_URL, 'topic_id' => POST_TOPIC_URL, 'post_id' => POST_POST_URL);
while( list($var, $param) = @each($params) )
***************
*** 222,230 ****
message_die(GENERAL_MESSAGE, $lang['No_valid_mode']);
}
! if ( $result = $db->sql_query($sql) )
{
- $post_info = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$forum_id = $post_info['forum_id'];
--- 223,230 ----
message_die(GENERAL_MESSAGE, $lang['No_valid_mode']);
}
! if ( ($result = $db->sql_query($sql)) && ($post_info = $db->sql_fetchrow($result)) )
{
$db->sql_freeresult($result);
$forum_id = $post_info['forum_id'];
***************
*** 431,436 ****
--- 431,437 ----
//
$s_hidden_fields = '';
$s_hidden_fields .= ( $delete || $mode == "delete" ) ? '' : '';
+ $s_hidden_fields .= '';
$l_confirm = ( $delete || $mode == 'delete' ) ? $lang['Confirm_delete'] : $lang['Confirm_delete_poll'];
***************
*** 542,547 ****
--- 543,554 ----
$return_message = '';
$return_meta = '';
+ // session id check
+ if ($sid == '' || $sid != $userdata['session_id'])
+ {
+ $error_msg .= (!empty($error_msg)) ? '
' . $lang['Session_invalid'] : $lang['Session_invalid'];
+ }
+
switch ( $mode )
{
case 'editpost':
***************
*** 567,572 ****
--- 574,584 ----
case 'delete':
case 'poll_delete':
+ if ($error_msg != '')
+ {
+ message_die(GENERAL_MESSAGE, $error_msg);
+ }
+
delete_post($mode, $post_data, $return_message, $return_meta, $forum_id, $topic_id, $post_id, $poll_id);
break;
}
***************
*** 929,934 ****
--- 941,947 ----
}
$hidden_form_fields = '';
+ $hidden_form_fields .= '';
switch( $mode )
{
diff -crN phpbb2021/privmsg.php phpbb2022/privmsg.php
*** phpbb2021/privmsg.php Fri Jun 9 16:29:43 2006
--- phpbb2022/privmsg.php Tue Dec 19 18:29:16 2006
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: privmsg.php,v 1.96.2.49 2006/04/10 21:08:15 grahamje Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: privmsg.php,v 1.96.2.50 2006/12/16 13:11:25 acydburn Exp $
*
*
***************************************************************************/
***************
*** 50,55 ****
--- 50,56 ----
$delete = ( isset($HTTP_POST_VARS['delete']) ) ? TRUE : 0;
$delete_all = ( isset($HTTP_POST_VARS['deleteall']) ) ? TRUE : 0;
$save = ( isset($HTTP_POST_VARS['save']) ) ? TRUE : 0;
+ $sid = (isset($HTTP_POST_VARS['sid'])) ? $HTTP_POST_VARS['sid'] : 0;
$refresh = $preview || $submit_search;
***************
*** 101,106 ****
--- 102,108 ----
}
$start = ( !empty($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0;
+ $start = ($start < 0) ? 0 : $start;
if ( isset($HTTP_POST_VARS[POST_POST_URL]) || isset($HTTP_GET_VARS[POST_POST_URL]) )
{
***************
*** 1161,1166 ****
--- 1163,1175 ----
if ( $submit )
{
+ // session id check
+ if ($sid == '' || $sid != $userdata['session_id'])
+ {
+ $error = true;
+ $error_msg .= ( ( !empty($error_msg) ) ? '
' : '' ) . $lang['Session_invalid'];
+ }
+
if ( !empty($HTTP_POST_VARS['username']) )
{
$to_username = phpbb_clean_username($HTTP_POST_VARS['username']);
***************
*** 1376,1382 ****
$privmsg_subject = ( isset($HTTP_POST_VARS['subject']) ) ? trim(htmlspecialchars(stripslashes($HTTP_POST_VARS['subject']))) : '';
$privmsg_message = ( isset($HTTP_POST_VARS['message']) ) ? trim($HTTP_POST_VARS['message']) : '';
! $privmsg_message = preg_replace('##si', '</textarea>', $privmsg_message);
$user_sig = ( $board_config['allow_sig'] ) ? (($privmsg['privmsgs_type'] == PRIVMSGS_NEW_MAIL) ? $user_sig : $privmsg['user_sig']) : '';
--- 1489,1495 ----
}
$privmsg_message = str_replace('
', "\n", $privmsg_message);
! // $privmsg_message = preg_replace('##si', '</textarea>', $privmsg_message);
$user_sig = ( $board_config['allow_sig'] ) ? (($privmsg['privmsgs_type'] == PRIVMSGS_NEW_MAIL) ? $user_sig : $privmsg['user_sig']) : '';
***************
*** 1523,1529 ****
$privmsg_message = preg_replace("/\:(([a-z0-9]:)?)$privmsg_bbcode_uid/si", '', $privmsg_message);
$privmsg_message = str_replace('
', "\n", $privmsg_message);
! $privmsg_message = preg_replace('##si', '</textarea>', $privmsg_message);
$privmsg_message = preg_replace($orig_word, $replacement_word, $privmsg_message);
$msg_date = create_date($board_config['default_dateformat'], $privmsg['privmsgs_date'], $board_config['board_timezone']);
--- 1532,1538 ----
$privmsg_message = preg_replace("/\:(([a-z0-9]:)?)$privmsg_bbcode_uid/si", '', $privmsg_message);
$privmsg_message = str_replace('
', "\n", $privmsg_message);
! // $privmsg_message = preg_replace('##si', '</textarea>', $privmsg_message);
$privmsg_message = preg_replace($orig_word, $replacement_word, $privmsg_message);
$msg_date = create_date($board_config['default_dateformat'], $privmsg['privmsgs_date'], $board_config['board_timezone']);
***************
*** 1650,1655 ****
--- 1659,1665 ----
//
if ($error)
{
+ $privmsg_message = htmlspecialchars($privmsg_message);
$template->set_filenames(array(
'reg_header' => 'error_body.tpl')
);
***************
*** 1736,1741 ****
--- 1746,1752 ----
$s_hidden_fields = '';
$s_hidden_fields .= '';
+ $s_hidden_fields .= '';
if ( $mode == 'edit' )
{
$s_hidden_fields .= '';
diff -crN phpbb2021/search.php phpbb2022/search.php
*** phpbb2021/search.php Fri Jun 9 16:29:43 2006
--- phpbb2022/search.php Tue Dec 19 18:29:16 2006
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: search.php,v 1.72.2.20 2006/05/20 14:01:48 grahamje Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: search.php,v 1.72.2.21 2006/12/16 13:11:25 acydburn Exp $
*
*
***************************************************************************/
***************
*** 118,123 ****
--- 118,124 ----
}
$start = ( isset($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0;
+ $start = ($start < 0) ? 0 : $start;
$sort_by_types = array($lang['Sort_Time'], $lang['Sort_Post_Subject'], $lang['Sort_Topic_Title'], $lang['Sort_Author'], $lang['Sort_Forum']);
diff -crN phpbb2021/templates/subSilver/posting_body.tpl phpbb2022/templates/subSilver/posting_body.tpl
*** phpbb2021/templates/subSilver/posting_body.tpl Fri Jun 9 16:29:42 2006
--- phpbb2022/templates/subSilver/posting_body.tpl Tue Dec 19 18:29:16 2006
***************
*** 372,378 ****
! {L_FONT_SIZE}: {L_FONT_SIZE}: