diff -urN punbb-1.2.12/upload/admin_options.php punbb-1.2.13/upload/admin_options.php --- punbb-1.2.12/upload/admin_options.php Wed Jul 27 23:24:24 2005 +++ punbb-1.2.13/upload/admin_options.php Wed Sep 27 00:48:56 2006 @@ -63,6 +63,9 @@ if (substr($form['base_url'], -1) == '/') $form['base_url'] = substr($form['base_url'], 0, -1); + // Clean avatars_dir + $form['avatars_dir'] = str_replace("\0", '', $form['avatars_dir']); + // Make sure avatars_dir doesn't end with a slash if (substr($form['avatars_dir'], -1) == '/') $form['avatars_dir'] = substr($form['avatars_dir'], 0, -1); diff -urN punbb-1.2.12/upload/include/functions.php punbb-1.2.13/upload/include/functions.php --- punbb-1.2.12/upload/include/functions.php Tue Nov 1 01:10:48 2005 +++ punbb-1.2.13/upload/include/functions.php Wed Sep 27 00:46:26 2006 @@ -138,7 +138,10 @@ // Enable sending of a P3P header by removing // from the following line (try this if login is failing in IE6) // @header('P3P: CP="CUR ADM"'); - setcookie($cookie_name, serialize(array($user_id, md5($cookie_seed.$password_hash))), $expire, $cookie_path, $cookie_domain, $cookie_secure); + if (version_compare(PHP_VERSION, '5.2.0', '>=')) + setcookie($cookie_name, serialize(array($user_id, md5($cookie_seed.$password_hash))), $expire, $cookie_path, $cookie_domain, $cookie_secure, true); + else + setcookie($cookie_name, serialize(array($user_id, md5($cookie_seed.$password_hash))), $expire, $cookie_path.'; HttpOnly', $cookie_domain, $cookie_secure); } @@ -1031,22 +1034,22 @@ // // Unset any variables instantiated as a result of register_globals being enabled // -function unregister_globals() +function unregister_globals() { - // Prevent script.php?GLOBALS[foo]=bar - if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) - exit('I\'ll have a steak sandwich and... a steak sandwich.'); - - // Variables that shouldn't be unset - $no_unset = array('GLOBALS', '_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES'); + // Prevent script.php?GLOBALS[foo]=bar + if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) + exit('I\'ll have a steak sandwich and... a steak sandwich.'); + + // Variables that shouldn't be unset + $no_unset = array('GLOBALS', '_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES'); // Remove elements in $GLOBALS that are present in any of the superglobals - $input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array()); + $input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array()); foreach ($input as $k => $v) - { - if (!in_array($k, $no_unset) && isset($GLOBALS[$k])) - unset($GLOBALS[$k]); - } + { + if (!in_array($k, $no_unset) && isset($GLOBALS[$k])) + unset($GLOBALS[$k]); + } } diff -urN punbb-1.2.12/upload/install.php punbb-1.2.13/upload/install.php --- punbb-1.2.12/upload/install.php Sat May 20 17:57:04 2006 +++ punbb-1.2.13/upload/install.php Wed Sep 27 01:23:02 2006 @@ -24,7 +24,7 @@ // The PunBB version this script installs -$punbb_version = '1.2.12'; +$punbb_version = '1.2.13'; define('PUN_ROOT', './');