PunBB 1.2.10 to 1.2.13 changes

PunBB 1.2.10 to 1.2.13 changes	Legend
	Lines removed
	Lines changed
		Lines added

punbb-1.2.10/upload/admin_options.php	punbb-1.2.13/upload/admin_options.php
63: if (substr($form['base_url'], -1) == '/')	63: if (substr($form['base_url'], -1) == '/')
64: $form['base_url'] = substr($form['base_url'], 0, -1);	64: $form['base_url'] = substr($form['base_url'], 0, -1);
65:	65:
	66: // Clean avatars_dir
	67: $form['avatars_dir'] = str_replace("\0", '', $form['avatars_dir']);
	68:
66: // Make sure avatars_dir doesn't end with a slash	69: // Make sure avatars_dir doesn't end with a slash
67: if (substr($form['avatars_dir'], -1) == '/')	70: if (substr($form['avatars_dir'], -1) == '/')
68: $form['avatars_dir'] = substr($form['avatars_dir'], 0, -1);	71: $form['avatars_dir'] = substr($form['avatars_dir'], 0, -1);

punbb-1.2.10/upload/header.php	punbb-1.2.13/upload/header.php
131:	131:
132:	132:
133: // START SUBST - <pun_page>	133: // START SUBST - <pun_page>
134: $tpl_main = str_replace('<pun_page>', basename($_SERVER['PHP_SELF'], '.php'), $tpl_main);	134: $tpl_main = str_replace('<pun_page>', htmlspecialchars(basename($_SERVER['PHP_SELF'], '.php')), $tpl_main);
135: // END SUBST - <pun_title>	135: // END SUBST - <pun_title>
136:	136:
137:	137:

punbb-1.2.10/upload/include/functions.php	punbb-1.2.13/upload/include/functions.php
138: // Enable sending of a P3P header by removing // from the following line (try this if login is failing in IE6)	138: // Enable sending of a P3P header by removing // from the following line (try this if login is failing in IE6)
139: // @header('P3P: CP="CUR ADM"');	139: // @header('P3P: CP="CUR ADM"');
140:	140:
141: setcookie($cookie_name, serialize(array($user_id, md5($cookie_seed.$password_hash))), $expire, $cookie_path, $cookie_domain, $cookie_secure);	141: if (version_compare(PHP_VERSION, '5.2.0', '>='))
	142: setcookie($cookie_name, serialize(array($user_id, md5($cookie_seed.$password_hash))), $expire, $cookie_path, $cookie_domain, $cookie_secure, true);
	143: else
	144: setcookie($cookie_name, serialize(array($user_id, md5($cookie_seed.$password_hash))), $expire, $cookie_path.'; HttpOnly', $cookie_domain, $cookie_secure);
142: }	145: }
143:	146:
144:	147:
1031: //	1034: //
1032: // Unset any variables instantiated as a result of register_globals being enabled	1035: // Unset any variables instantiated as a result of register_globals being enabled
1033: //	1036: //
1034: function unregister_globals()	1037: function unregister_globals()
1035: {	1038: {
1036: // Prevent script.php?GLOBALS[foo]=bar	1039: // Prevent script.php?GLOBALS[foo]=bar
1037: if (isset($_REQUEST['GLOBALS']) \|\| isset($_FILES['GLOBALS']))	1040: if (isset($_REQUEST['GLOBALS']) \|\| isset($_FILES['GLOBALS']))
1038: exit('I\'ll have a steak sandwich and... a steak sandwich.');	1041: exit('I\'ll have a steak sandwich and... a steak sandwich.');
1039:	1042:
1040: // Variables that shouldn't be unset	1043: // Variables that shouldn't be unset
1041: $no_unset = array('GLOBALS', '_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES');	1044: $no_unset = array('GLOBALS', '_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES');
1042:	1045:
1043: // Remove elements in $GLOBALS that are present in any of the superglobals	1046: // Remove elements in $GLOBALS that are present in any of the superglobals
1044: $input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array());	1047: $input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array());
1045: foreach ($input as $k => $v)	1048: foreach ($input as $k => $v)
1046: {	1049: {
1047: if (!in_array($k, $no_unset) && isset($GLOBALS[$k]))	1050: if (!in_array($k, $no_unset) && isset($GLOBALS[$k]))
1048: unset($GLOBALS[$k]);	1051: unset($GLOBALS[$k]);
1049: }	1052: }
1050: }	1053: }
1051:	1054:
1052:	1055:

punbb-1.2.10/upload/include/parser.php	punbb-1.2.13/upload/include/parser.php
264: {	264: {
265: global $pun_user;	265: global $pun_user;
266:	266:
267: $full_url = str_replace(array(' ', '\'', '`'), array('%20', '', ''), $url);	267: $full_url = str_replace(array(' ', '\'', '`', '"'), array('%20', '', '', ''), $url);
268: if (strpos($url, 'www.') === 0) // If it starts with www, we add http://	268: if (strpos($url, 'www.') === 0) // If it starts with www, we add http://
269: $full_url = 'http://'.$full_url;	269: $full_url = 'http://'.$full_url;
270: else if (strpos($url, 'ftp.') === 0) // Else if it starts with ftp, we add ftp://	270: else if (strpos($url, 'ftp.') === 0) // Else if it starts with ftp, we add ftp://

punbb-1.2.10/upload/install.php	punbb-1.2.13/upload/install.php
24:	24:
25:	25:
26: // The PunBB version this script installs	26: // The PunBB version this script installs
27: $punbb_version = '1.2.10';	27: $punbb_version = '1.2.13';
28:	28:
29:	29:
30: define('PUN_ROOT', './');	30: define('PUN_ROOT', './');

punbb-1.2.10/upload/login.php	punbb-1.2.13/upload/login.php
78: $expire = ($save_pass == '1') ? time() + 31536000 : 0;	78: $expire = ($save_pass == '1') ? time() + 31536000 : 0;
79: pun_setcookie($user_id, $form_password_hash, $expire);	79: pun_setcookie($user_id, $form_password_hash, $expire);
80:	80:
81: redirect($_POST['redirect_url'], $lang_login['Login redirect']);	81: redirect(htmlspecialchars($_POST['redirect_url']), $lang_login['Login redirect']);
82: }	82: }
83:	83:
84:	84:

punbb-1.2.10/upload/misc.php	punbb-1.2.13/upload/misc.php
120:	120:
121: pun_mail($recipient_email, $mail_subject, $mail_message, '"'.str_replace('"', '', $pun_user['username']).'" <'.$pun_user['email'].'>');	121: pun_mail($recipient_email, $mail_subject, $mail_message, '"'.str_replace('"', '', $pun_user['username']).'" <'.$pun_user['email'].'>');
122:	122:
123: redirect($_POST['redirect_url'], $lang_misc['E-mail sent redirect']);	123: redirect(htmlspecialchars($_POST['redirect_url']), $lang_misc['E-mail sent redirect']);
124: }	124: }
125:	125:
126:	126:

punbb-1.2.10/upload/register.php	punbb-1.2.13/upload/register.php
79:	79:
80: else if (isset($_POST['form_sent']))	80: else if (isset($_POST['form_sent']))
81: {	81: {
	82: // Check that someone from this IP didn't register a user within the last hour (DoS prevention)
	83: $result = $db->query('SELECT 1 FROM '.$db->prefix.'users WHERE registration_ip=\''.get_remote_address().'\' AND registered>'.(time() - 3600)) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
	84:
	85: if ($db->num_rows($result))
	86: message('A new user was registered with the same IP address as you within the last hour. To prevent registration flooding, at least an hour has to pass between registrations from the same IP. Sorry for the inconvenience.');
	87:
	88:
82: $username = pun_trim($_POST['req_username']);	89: $username = pun_trim($_POST['req_username']);
83: $email1 = strtolower(trim($_POST['req_email1']));	90: $email1 = strtolower(trim($_POST['req_email1']));
84:	91:

punbb-1.2.10/upload/userlist.php	punbb-1.2.13/upload/userlist.php
116: $where_sql[] = 'u.group_id='.$show_group;	116: $where_sql[] = 'u.group_id='.$show_group;
117:	117:
118: // Fetch user count	118: // Fetch user count
119: $result = $db->query('SELECT COUNT(id) FROM '.$db->prefix.'users AS u'.(!empty($where_sql) ? ' WHERE u.id>1 AND '.implode(' AND ', $where_sql) : '')) or error('Unable to fetch user list count', __FILE__, __LINE__, $db->error());	119: $result = $db->query('SELECT COUNT(id) FROM '.$db->prefix.'users AS u WHERE u.id>1'.(!empty($where_sql) ? ' AND '.implode(' AND ', $where_sql) : '')) or error('Unable to fetch user list count', __FILE__, __LINE__, $db->error());
120: $num_users = $db->result($result);	120: $num_users = $db->result($result);
121:	121:
122:	122:

hdiff - version: 2.1.0 (modified)