diff -urbB punbb-1.1/upload/admin_bans.php punbb-1.1.5/upload/admin_bans.php
--- punbb-1.1/upload/admin_bans.php 2004-03-21 16:29:25.000000000 +0100
+++ punbb-1.1.5/upload/admin_bans.php 2004-04-25 22:34:47.000000000 +0200
@@ -54,7 +54,7 @@
}
else // Otherwise the username is in POST
{
- $ban_user = trim(strtolower($_POST['new_ban_user']));
+ $ban_user = trim($_POST['new_ban_user']);
if ($ban_user != '')
{
@@ -121,8 +121,8 @@
-
Username The username to ban (case insensitive).
-
+
Username The username to ban.
+
IP-adresses The IP or IP-ranges you wish to ban (e.g. 150.11.110.1 or 150.11.110). Separate addresses with spaces. If an IP is entered already it is the last known IP of this user in the database.here to see IP statistics for this user.' ?>
diff -urbB punbb-1.1/upload/admin_index.php punbb-1.1.5/upload/admin_index.php
--- punbb-1.1/upload/admin_index.php 2004-03-21 16:29:25.000000000 +0100
+++ punbb-1.1.5/upload/admin_index.php 2004-03-21 16:29:24.000000000 +0100
@@ -67,7 +67,7 @@
// Get the server load averages (if possible)
-if (file_exists('/proc/loadavg'))
+if (@file_exists('/proc/loadavg'))
{
// We use @ just in case
$fh = @fopen('/proc/loadavg', 'r');
diff -urbB punbb-1.1/upload/admin_maintenance.php punbb-1.1.5/upload/admin_maintenance.php
--- punbb-1.1/upload/admin_maintenance.php 2004-03-21 16:29:25.000000000 +0100
+++ punbb-1.1.5/upload/admin_maintenance.php 2004-03-21 16:29:24.000000000 +0100
@@ -42,6 +42,8 @@
if (empty($per_page) || empty($start_at))
message($lang_common['Bad request']);
+ @set_time_limit(0);
+
// If this is the first cycle of posts we empty the search index before we proceed
if (isset($_GET['empty_index']))
{
@@ -115,7 +117,7 @@
else
{
// Get the first post ID from the db
- $result = $db->query('SELECT id FROM '.$db->prefix.'topics ORDER BY id LIMIT 1') or error('Unable to create category', __FILE__, __LINE__, $db->error());
+ $result = $db->query('SELECT id FROM '.$db->prefix.'topics ORDER BY id LIMIT 1') or error('Unable to fetch topic info', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result))
$first_id = $db->result($result, 0);
diff -urbB punbb-1.1/upload/admin_options.php punbb-1.1.5/upload/admin_options.php
--- punbb-1.1/upload/admin_options.php 2004-03-21 16:29:25.000000000 +0100
+++ punbb-1.1.5/upload/admin_options.php 2004-03-21 16:29:24.000000000 +0100
@@ -94,13 +94,24 @@
$form['maintenance'] = '0';
}
+ $form['timeout_visit'] = intval($form['timeout_visit']);
+ $form['timeout_online'] = intval($form['timeout_online']);
+ $form['redirect_delay'] = intval($form['redirect_delay']);
+ $form['flood_interval'] = intval($form['flood_interval']);
+ $form['topic_review'] = intval($form['topic_review']);
+ $form['disp_topics_default'] = intval($form['disp_topics_default']);
+ $form['disp_posts_default'] = intval($form['disp_posts_default']);
+ $form['indent_num_spaces'] = intval($form['indent_num_spaces']);
+ $form['avatars_width'] = intval($form['avatars_width']);
+ $form['avatars_height'] = intval($form['avatars_height']);
+ $form['avatars_size'] = intval($form['avatars_size']);
while (list($key, $input) = @each($form))
{
// Only update values that have changed
if ($pun_config['o_'.$key] != $input)
{
- if ($input != '')
+ if ($input != '' || is_int($input))
$value = '\''.escape($input).'\'';
else
$value = 'NULL';
@@ -392,11 +403,11 @@
SMTP username Username for SMTP server. Only enter a username if it is required by the SMTP server (most servers don't require authentication).
-
+
SMTP password Password for SMTP server. Only enter a password if it is required by the SMTP server (most servers don't require authentication).
-
+
diff -urbB punbb-1.1/upload/admin_permissions.php punbb-1.1.5/upload/admin_permissions.php
--- punbb-1.1/upload/admin_permissions.php 2004-03-21 16:29:25.000000000 +0100
+++ punbb-1.1.5/upload/admin_permissions.php 2004-03-21 16:29:24.000000000 +0100
@@ -38,12 +38,15 @@
$form = array_map('trim', $_POST['form']);
+ $form['sig_length'] = intval($form['sig_length']);
+ $form['sig_lines'] = intval($form['sig_lines']);
+
while (list($key, $input) = @each($form))
{
// Only update values that have changed
if ($pun_config['p_'.$key] != $input)
{
- if ($input != '')
+ if ($input != '' || is_int($input))
$value = '\''.escape($input).'\'';
else
$value = 'NULL';
diff -urbB punbb-1.1/upload/admin_prune.php punbb-1.1.5/upload/admin_prune.php
--- punbb-1.1/upload/admin_prune.php 2004-03-21 16:29:25.000000000 +0100
+++ punbb-1.1.5/upload/admin_prune.php 2004-03-21 16:29:24.000000000 +0100
@@ -87,7 +87,7 @@
$prune_from = $_POST['prune_from'];
// Concatenate together the query for counting number or topics to prune
- $sql = 'SELECT COUNT(id) FROM '.$db->prefix.'topics WHERE last_post<'.$prune_date;
+ $sql = 'SELECT COUNT(id) FROM '.$db->prefix.'topics WHERE last_post<'.$prune_date.' AND moved_to IS NULL';
if ($_POST['prune_sticky'] == '0')
$sql .= ' AND sticky=\'0\'';
@@ -98,7 +98,7 @@
// Fetch the forum name (just for cosmetic reasons)
$result = $db->query('SELECT forum_name FROM '.$db->prefix.'forums WHERE id='.$prune_from) or error('Unable to fetch forum name', __FILE__, __LINE__, $db->error());
- $forum = '"'.$db->result($result, 0).'"';
+ $forum = '"'.pun_htmlspecialchars($db->result($result, 0)).'"';
}
else
$forum = 'all forums';
diff -urbB punbb-1.1/upload/admin_users.php punbb-1.1.5/upload/admin_users.php
--- punbb-1.1/upload/admin_users.php 2004-03-21 16:29:25.000000000 +0100
+++ punbb-1.1.5/upload/admin_users.php 2004-03-21 16:29:24.000000000 +0100
@@ -362,7 +362,7 @@