diff -urbB punbb-1.1.3/upload/admin_bans.php punbb-1.1.5/upload/admin_bans.php --- punbb-1.1.3/upload/admin_bans.php 2004-03-21 16:29:24.000000000 +0100 +++ punbb-1.1.5/upload/admin_bans.php 2004-04-25 22:34:47.000000000 +0200 @@ -122,7 +122,7 @@
Username The username to ban. |
- + | |
IP-adresses The IP or IP-ranges you wish to ban (e.g. 150.11.110.1 or 150.11.110). Separate addresses with spaces. If an IP is entered already it is the last known IP of this user in the database.here to see IP statistics for this user.' ?> |
diff -urbB punbb-1.1.3/upload/header.php punbb-1.1.5/upload/header.php
--- punbb-1.1.3/upload/header.php 2004-03-21 16:29:24.000000000 +0100
+++ punbb-1.1.5/upload/header.php 2004-07-15 21:50:55.434862572 +0200
@@ -23,8 +23,12 @@
************************************************************************/
+// Make sure no one attempts to run this script "directly"
+if (!defined('PUN'))
+ exit;
+
// Send no-cache headers
-header('Cache-Control: no-store, no-cache, must-revalidate');
+//header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', false);
header('Last-Modified: '.gmdate('D, d M Y H:i:s').' GMT');
header('Expires: Thu, 21 Jul 1977 07:30:00 GMT'); // When yours truly first set eyes on this world! :)
diff -urbB punbb-1.1.3/upload/include/common.php punbb-1.1.5/upload/include/common.php
--- punbb-1.1.3/upload/include/common.php 2004-03-21 16:29:24.000000000 +0100
+++ punbb-1.1.5/upload/include/common.php 2004-07-15 23:39:37.370677888 +0200
@@ -31,7 +31,7 @@
//define('PUN_SHOW_QUERIES', 1);
-@include $pun_root.'config.php';
+if (is_dir($pun_root)) @include $pun_root.'config.php';
// If PUN isn't defined, config.php is missing or corrupt
if (!defined('PUN'))
diff -urbB punbb-1.1.3/upload/include/functions.php punbb-1.1.5/upload/include/functions.php
--- punbb-1.1.3/upload/include/functions.php 2004-03-21 16:29:24.000000000 +0100
+++ punbb-1.1.5/upload/include/functions.php 2004-07-15 21:52:40.864313810 +0200
@@ -607,7 +607,7 @@
{
global $pun_config, $lang_common;
- if (!preg_match('#^'.preg_quote($pun_config['o_base_url'].'/'.$script, '#').'#i', $_SERVER['HTTP_REFERER']))
+ if (!preg_match('#^'.preg_quote(str_replace('www.', '', $pun_config['o_base_url']).'/'.$script, '#').'#i', str_replace('www.', '', $_SERVER['HTTP_REFERER'])))
message($lang_common['Bad referer']);
}
diff -urbB punbb-1.1.3/upload/include/parser.php punbb-1.1.5/upload/include/parser.php
--- punbb-1.1.3/upload/include/parser.php 2004-03-21 16:29:24.000000000 +0100
+++ punbb-1.1.5/upload/include/parser.php 2004-07-15 23:04:54.560916991 +0200
@@ -173,12 +173,12 @@
{
global $cur_user;
- $full_url = $url;
+ $full_url = str_replace(' ', '%20', $url);
if (strpos($url, 'www.') === 0)
$full_url = 'http://'.$full_url;
else if (strpos($url, 'ftp.') === 0)
$full_url = 'ftp://'.$full_url;
- else if (strpos($url, 'http://') !== 0)
+ else if (!preg_match('#^([a-z]{3,5})://#', $url))
$full_url = 'http://'.$full_url;
// Ok, not very pretty :-)
diff -urbB punbb-1.1.3/upload/install.php punbb-1.1.5/upload/install.php
--- punbb-1.1.3/upload/install.php 2004-03-29 20:55:21.000000000 +0200
+++ punbb-1.1.5/upload/install.php 2004-04-30 01:29:10.000000000 +0200
@@ -24,7 +24,7 @@
// The PunBB version this script installs
-$punbb_version = '1.1.3';
+$punbb_version = '1.1.5';
$pun_root = './';
diff -urbB punbb-1.1.3/upload/post.php punbb-1.1.5/upload/post.php
--- punbb-1.1.3/upload/post.php 2004-03-21 16:29:24.000000000 +0100
+++ punbb-1.1.5/upload/post.php 2004-04-25 22:14:22.000000000 +0200
@@ -40,7 +40,7 @@
message($lang_post['Flood start'].' '.$pun_config['o_flood_interval'].' '.$lang_post['flood end']);
// Make sure form_user is correct
- if (($cookie['is_guest'] && $_POST['form_user'] != 'Guest') || (!$cookie['is_guest'] && $_POST['form_user'] != $cur_user['username']))
+ if (($cookie['is_guest'] && $_POST['form_user'] != 'Guest') || (!$cookie['is_guest'] && unescape($_POST['form_user']) != $cur_user['username']))
message($lang_common['Bad request']);
$smilies = $_POST['smilies'];
@@ -110,7 +110,7 @@
else
{
$username = trim(unescape($_POST['req_username']));
- $email = trim($_POST['req_email']);
+ $email = strtolower(trim($_POST['req_email']));
// Load the register.php/profile.php language files
require $pun_root.'lang/'.$language.'/'.$language.'_prof_reg.php';
diff -urbB punbb-1.1.3/upload/profile.php punbb-1.1.5/upload/profile.php
--- punbb-1.1.3/upload/profile.php 2004-03-21 16:29:24.000000000 +0100
+++ punbb-1.1.5/upload/profile.php 2004-04-25 14:52:37.000000000 +0200
@@ -603,7 +603,15 @@
if ($cur_user['id'] != $id && $cur_user['status'] < PUN_MOD)
message($lang_common['No permission']);
- $form = $_POST['form'];
+ // Extract elements from $_POST['form']
+ $wanted_elements = array('realname', 'url', 'icq', 'msn', 'aim', 'yahoo', 'location', 'use_avatar', 'disp_topics', 'disp_posts', 'timezone', 'email_setting', 'save_pass', 'notify_with_post', 'smilies', 'show_img', 'show_avatars', 'show_sig', 'link_to_new_win', 'style');
+ $form = array();
+
+ while (list($key, $value) = @each($_POST['form']))
+ {
+ if (in_array($key, $wanted_elements))
+ $form[$key] = $value;
+ }
if ($cur_user['status'] > PUN_USER)
@@ -615,6 +623,8 @@
if (strlen($username) < 2)
message($lang_prof_reg['Username too short']);
+ else if (pun_strlen($username) > 25) // This usually doesn't happen since the form element only accepts 25 characters
+ message($lang_common['Bad request']);
else if (!strcasecmp($username, 'Guest') || !strcasecmp($username, $lang_common['Guest']))
message($lang_prof_reg['Username guest']);
else if (preg_match('/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/', $username))
@@ -672,7 +682,7 @@
$form['url'] = 'http://'.$form['url'];
// If the ICQ UIN contains anything other than digits it's invalid
- if ($form['icq'] != '' && preg_match('/[^0-9]/', $form[icq]))
+ if ($form['icq'] != '' && preg_match('/[^0-9]/', $form['icq']))
message($lang_prof_reg['Bad ICQ']);
diff -urbB punbb-1.1.3/upload/register.php punbb-1.1.5/upload/register.php
--- punbb-1.1.3/upload/register.php 2004-03-21 16:29:24.000000000 +0100
+++ punbb-1.1.5/upload/register.php 2004-04-25 14:14:31.000000000 +0200
@@ -102,6 +102,8 @@
// Validate username and passwords
if (strlen($username) < 2)
message($lang_prof_reg['Username too short']);
+ else if (pun_strlen($username) > 25) // This usually doesn't happen since the form element only accepts 25 characters
+ message($lang_common['Bad request']);
else if (strlen($password1) < 4)
message($lang_prof_reg['Pass too short']);
else if ($password1 != $password2)
diff -urbB punbb-1.1.3/upload/search.php punbb-1.1.5/upload/search.php
--- punbb-1.1.3/upload/search.php 2004-03-21 16:29:24.000000000 +0100
+++ punbb-1.1.5/upload/search.php 2004-06-03 02:19:33.000000000 +0200
@@ -694,7 +694,7 @@
$extra_sql = ($cur_user['status'] < PUN_MOD) ? ' WHERE f.admmod_only=\'0\'' : '';
-$result = $db->query('SELECT c.id AS cid, c.cat_name, f.id AS fid, f.forum_name FROM '.$db->prefix.'categories AS c INNER JOIN '.$db->prefix.'forums AS f ON c.id=f.cat_id'.$extra.' ORDER BY c.disp_position, c.id, f.disp_position') or error('Unable to fetch category/forum list', __FILE__, __LINE__, $db->error());
+$result = $db->query('SELECT c.id AS cid, c.cat_name, f.id AS fid, f.forum_name FROM '.$db->prefix.'categories AS c INNER JOIN '.$db->prefix.'forums AS f ON c.id=f.cat_id'.$extra_sql.' ORDER BY c.disp_position, c.id, f.disp_position') or error('Unable to fetch category/forum list', __FILE__, __LINE__, $db->error());
$num_forums = $db->num_rows($result);
while ($num_forums--)