diff -urN punbb-1.2.1/upload/admin_bans.php punbb-1.2.8/upload/admin_bans.php --- punbb-1.2.1/upload/admin_bans.php Tue Feb 1 16:16:46 2005 +++ punbb-1.2.8/upload/admin_bans.php Thu Jul 7 19:31:54 2005 @@ -44,7 +44,7 @@ if (isset($_GET['add_ban'])) { $add_ban = intval($_GET['add_ban']); - if ($add_ban < 1) + if ($add_ban < 2) message($lang_common['Bad request']); $user_id = $add_ban; @@ -61,7 +61,7 @@ if ($ban_user != '') { - $result = $db->query('SELECT id, group_id, username, email FROM '.$db->prefix.'users WHERE username=\''.$db->escape($ban_user).'\'') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); + $result = $db->query('SELECT id, group_id, username, email FROM '.$db->prefix.'users WHERE username=\''.$db->escape($ban_user).'\' AND id>1') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); if ($db->num_rows($result)) list($user_id, $group_id, $ban_user, $ban_email) = $db->fetch_row($result); else @@ -244,7 +244,7 @@ if ($_POST['mode'] == 'add') $db->query('INSERT INTO '.$db->prefix.'bans (username, ip, email, message, expire) VALUES('.$ban_user.', '.$ban_ip.', '.$ban_email.', '.$ban_message.', '.$ban_expire.')') or error('Unable to add ban', __FILE__, __LINE__, $db->error()); else - $db->query('UPDATE '.$db->prefix.'bans SET username='.$ban_user.', ip='.$ban_ip.', email='.$ban_email.', message='.$ban_message.', expire='.$ban_expire.' WHERE id='.$_POST['ban_id']) or error('Unable to update ban', __FILE__, __LINE__, $db->error()); + $db->query('UPDATE '.$db->prefix.'bans SET username='.$ban_user.', ip='.$ban_ip.', email='.$ban_email.', message='.$ban_message.', expire='.$ban_expire.' WHERE id='.intval($_POST['ban_id'])) or error('Unable to update ban', __FILE__, __LINE__, $db->error()); // Regenerate the bans cache require_once PUN_ROOT.'include/cache.php'; diff -urN punbb-1.2.1/upload/admin_categories.php punbb-1.2.8/upload/admin_categories.php --- punbb-1.2.1/upload/admin_categories.php Tue Jan 11 20:41:14 2005 +++ punbb-1.2.8/upload/admin_categories.php Sun Apr 3 20:48:30 2005 @@ -123,7 +123,7 @@ -
+ diff -urN punbb-1.2.1/upload/admin_censoring.php punbb-1.2.8/upload/admin_censoring.php --- punbb-1.2.1/upload/admin_censoring.php Tue Jan 11 20:41:14 2005 +++ punbb-1.2.8/upload/admin_censoring.php Thu Apr 7 21:38:22 2005 @@ -57,7 +57,7 @@ { confirm_referrer('admin_censoring.php'); - $id = key($_POST['update']); + $id = intval(key($_POST['update'])); $search_for = trim($_POST['search_for'][$id]); $replace_with = trim($_POST['replace_with'][$id]); @@ -76,7 +76,7 @@ { confirm_referrer('admin_censoring.php'); - $id = key($_POST['remove']); + $id = intval(key($_POST['remove'])); $db->query('DELETE FROM '.$db->prefix.'censoring WHERE id='.$id) or error('Unable to delete censor word', __FILE__, __LINE__, $db->error()); diff -urN punbb-1.2.1/upload/admin_forums.php punbb-1.2.8/upload/admin_forums.php --- punbb-1.2.1/upload/admin_forums.php Tue Jan 11 20:41:14 2005 +++ punbb-1.2.8/upload/admin_forums.php Sun Apr 3 20:48:30 2005 @@ -117,7 +117,7 @@ - + @@ -229,6 +229,9 @@ // Fetch forum info $result = $db->query('SELECT id, forum_name, forum_desc, redirect_url, num_topics, sort_by, cat_id FROM '.$db->prefix.'forums WHERE id='.$forum_id) or error('Unable to fetch forum info', __FILE__, __LINE__, $db->error()); + if (!$db->num_rows($result)) + message($lang_common['Bad request']); + $cur_forum = $db->fetch_assoc($result); diff -urN punbb-1.2.1/upload/admin_groups.php punbb-1.2.8/upload/admin_groups.php --- punbb-1.2.1/upload/admin_groups.php Tue Feb 1 16:16:46 2005 +++ punbb-1.2.8/upload/admin_groups.php Fri Sep 2 16:04:40 2005 @@ -54,6 +54,9 @@ message($lang_common['Bad request']); $result = $db->query('SELECT * FROM '.$db->prefix.'groups WHERE g_id='.$group_id) or error('Unable to fetch user group info', __FILE__, __LINE__, $db->error()); + if (!$db->num_rows($result)) + message($lang_common['Bad request']); + $group = $db->fetch_assoc($result); $mode = 'edit'; @@ -206,15 +209,15 @@ $title = trim($_POST['req_title']); $user_title = trim($_POST['user_title']); - $read_board = isset($_POST['read_board']) ? $_POST['read_board'] : '1'; - $post_replies = isset($_POST['post_replies']) ? $_POST['post_replies'] : '1'; - $post_topics = isset($_POST['post_topics']) ? $_POST['post_topics'] : '1'; - $edit_posts = isset($_POST['edit_posts']) ? $_POST['edit_posts'] : ($is_admin_group) ? '1' : '0'; - $delete_posts = isset($_POST['delete_posts']) ? $_POST['delete_posts'] : ($is_admin_group) ? '1' : '0'; - $delete_topics = isset($_POST['delete_topics']) ? $_POST['delete_topics'] : ($is_admin_group) ? '1' : '0'; - $set_title = isset($_POST['set_title']) ? $_POST['set_title'] : ($is_admin_group) ? '1' : '0'; - $search = isset($_POST['search']) ? $_POST['search'] : '1'; - $search_users = isset($_POST['search_users']) ? $_POST['search_users'] : '1'; + $read_board = isset($_POST['read_board']) ? intval($_POST['read_board']) : '1'; + $post_replies = isset($_POST['post_replies']) ? intval($_POST['post_replies']) : '1'; + $post_topics = isset($_POST['post_topics']) ? intval($_POST['post_topics']) : '1'; + $edit_posts = isset($_POST['edit_posts']) ? intval($_POST['edit_posts']) : ($is_admin_group) ? '1' : '0'; + $delete_posts = isset($_POST['delete_posts']) ? intval($_POST['delete_posts']) : ($is_admin_group) ? '1' : '0'; + $delete_topics = isset($_POST['delete_topics']) ? intval($_POST['delete_topics']) : ($is_admin_group) ? '1' : '0'; + $set_title = isset($_POST['set_title']) ? intval($_POST['set_title']) : ($is_admin_group) ? '1' : '0'; + $search = isset($_POST['search']) ? intval($_POST['search']) : '1'; + $search_users = isset($_POST['search_users']) ? intval($_POST['search_users']) : '1'; $edit_subjects_interval = isset($_POST['edit_subjects_interval']) ? intval($_POST['edit_subjects_interval']) : '0'; $post_flood = isset($_POST['post_flood']) ? intval($_POST['post_flood']) : '0'; $search_flood = isset($_POST['search_flood']) ? intval($_POST['search_flood']) : '0'; @@ -226,8 +229,8 @@ if ($_POST['mode'] == 'add') { - $db->query('SELECT 1 FROM '.$db->prefix.'groups WHERE g_title=\''.$db->escape($title).'\'') or error('Unable to check group title collision', __FILE__, __LINE__, $db->error()); - if ($db->num_rows()) + $result = $db->query('SELECT 1 FROM '.$db->prefix.'groups WHERE g_title=\''.$db->escape($title).'\'') or error('Unable to check group title collision', __FILE__, __LINE__, $db->error()); + if ($db->num_rows($result)) message('There is already a group with the title \''.pun_htmlspecialchars($title).'\'.'); $db->query('INSERT INTO '.$db->prefix.'groups (g_title, g_user_title, g_read_board, g_post_replies, g_post_topics, g_edit_posts, g_delete_posts, g_delete_topics, g_set_title, g_search, g_search_users, g_edit_subjects_interval, g_post_flood, g_search_flood) VALUES(\''.$db->escape($title).'\', '.$user_title.', '.$read_board.', '.$post_replies.', '.$post_topics.', '.$edit_posts.', '.$delete_posts.', '.$delete_topics.', '.$set_title.', '.$search.', '.$search_users.', '.$edit_subjects_interval.', '.$post_flood.', '.$search_flood.')') or error('Unable to add group', __FILE__, __LINE__, $db->error()); @@ -239,7 +242,13 @@ $db->query('INSERT INTO '.$db->prefix.'forum_perms (group_id, forum_id, read_forum, post_replies, post_topics) VALUES('.$new_group_id.', '.$cur_forum_perm['forum_id'].', '.$cur_forum_perm['read_forum'].', '.$cur_forum_perm['post_replies'].', '.$cur_forum_perm['post_topics'].')') or error('Unable to insert group forum permissions', __FILE__, __LINE__, $db->error()); } else - $db->query('UPDATE '.$db->prefix.'groups SET g_title=\''.$db->escape($title).'\', g_user_title='.$user_title.', g_read_board='.$read_board.', g_post_replies='.$post_replies.', g_post_topics='.$post_topics.', g_edit_posts='.$edit_posts.', g_delete_posts='.$delete_posts.', g_delete_topics='.$delete_topics.', g_set_title='.$set_title.', g_search='.$search.', g_search_users='.$search_users.', g_edit_subjects_interval='.$edit_subjects_interval.', g_post_flood='.$post_flood.', g_search_flood='.$search_flood.' WHERE g_id='.$_POST['group_id']) or error('Unable to update group', __FILE__, __LINE__, $db->error()); + { + $result = $db->query('SELECT 1 FROM '.$db->prefix.'groups WHERE g_title=\''.$db->escape($title).'\' AND g_id!='.intval($_POST['group_id'])) or error('Unable to check group title collision', __FILE__, __LINE__, $db->error()); + if ($db->num_rows($result)) + message('There is already a group with the title \''.pun_htmlspecialchars($title).'\'.'); + + $db->query('UPDATE '.$db->prefix.'groups SET g_title=\''.$db->escape($title).'\', g_user_title='.$user_title.', g_read_board='.$read_board.', g_post_replies='.$post_replies.', g_post_topics='.$post_topics.', g_edit_posts='.$edit_posts.', g_delete_posts='.$delete_posts.', g_delete_topics='.$delete_topics.', g_set_title='.$set_title.', g_search='.$search.', g_search_users='.$search_users.', g_edit_subjects_interval='.$edit_subjects_interval.', g_post_flood='.$post_flood.', g_search_flood='.$search_flood.' WHERE g_id='.intval($_POST['group_id'])) or error('Unable to update group', __FILE__, __LINE__, $db->error()); + } // Regenerate the quickjump cache require_once PUN_ROOT.'include/cache.php'; diff -urN punbb-1.2.1/upload/admin_index.php punbb-1.2.8/upload/admin_index.php --- punbb-1.2.1/upload/admin_index.php Sun Jan 23 18:36:42 2005 +++ punbb-1.2.8/upload/admin_index.php Fri Sep 2 16:03:18 2005 @@ -64,7 +64,7 @@ // Show phpinfo() output -else if ($action == 'phpinfo') +else if ($action == 'phpinfo' && $pun_user['g_id'] == PUN_ADMIN) { // Is phpinfo() a disabled function? if (strpos(strtolower((string)@ini_get('disable_functions')), 'phpinfo') !== false) @@ -86,14 +86,14 @@ $load_averages = @explode(' ', $load_averages); $server_load = isset($load_averages[2]) ? $load_averages[0].' '.$load_averages[1].' '.$load_averages[2] : 'Not available'; } -else if (preg_match('/averages?: ([0-9\.]+),[\s]+([0-9\.]+),[\s]+([0-9\.]+)/i', @exec('uptime'), $load_averages)) +else if (!in_array(PHP_OS, array('WINNT', 'WIN32')) && preg_match('/averages?: ([0-9\.]+),[\s]+([0-9\.]+),[\s]+([0-9\.]+)/i', @exec('uptime'), $load_averages)) $server_load = $load_averages[1].' '.$load_averages[2].' '.$load_averages[3]; else $server_load = 'Not available'; // Get number of current visitors -$result = $db->query('SELECT COUNT(user_id) FROM '.$db->prefix.'online') or error('Unable to fetch online count', __FILE__, __LINE__, $db->error()); +$result = $db->query('SELECT COUNT(user_id) FROM '.$db->prefix.'online WHERE idle=0') or error('Unable to fetch online count', __FILE__, __LINE__, $db->error()); $num_online = $db->result($result); diff -urN punbb-1.2.1/upload/admin_loader.php punbb-1.2.8/upload/admin_loader.php --- punbb-1.2.1/upload/admin_loader.php Tue Jan 11 20:41:14 2005 +++ punbb-1.2.8/upload/admin_loader.php Thu Feb 24 23:15:54 2005 @@ -36,8 +36,8 @@ // The plugin to load should be supplied via GET -$plugin = isset($_GET['plugin']) ? $_GET['plugin'] : null; -if (!$plugin) +$plugin = isset($_GET['plugin']) ? $_GET['plugin'] : ''; +if (!preg_match('/^AM?P_(\w*?)\.php$/i', $plugin)) message($lang_common['Bad request']); // AP_ == Admins only, AMP_ == admins and moderators @@ -49,6 +49,9 @@ if (!file_exists(PUN_ROOT.'plugins/'.$plugin)) message('There is no plugin called \''.$plugin.'\' in the plugin directory.'); +// Construct REQUEST_URI if it isn't set +if (!isset($_SERVER['REQUEST_URI'])) + $_SERVER['REQUEST_URI'] = (isset($_SERVER['PHP_SELF']) ? $_SERVER['PHP_SELF'] : '').'?'.(isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : ''); $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / Admin / '.$plugin; require PUN_ROOT.'header.php'; diff -urN punbb-1.2.1/upload/admin_options.php punbb-1.2.8/upload/admin_options.php --- punbb-1.2.1/upload/admin_options.php Sun Jan 23 20:08:54 2005 +++ punbb-1.2.8/upload/admin_options.php Wed Jul 27 23:24:24 2005 @@ -38,7 +38,7 @@ if (isset($_POST['form_sent'])) { // Lazy referer check (in case base_url isn't correct) - if (!preg_match('#/admin_options\.php#i', $_SERVER['HTTP_REFERER'])) + if (!isset($_SERVER['HTTP_REFERER']) || !preg_match('#/admin_options\.php#i', $_SERVER['HTTP_REFERER'])) message($lang_common['Bad referrer']); $form = array_map('trim', $_POST['form']); @@ -117,14 +117,14 @@ while (list($key, $input) = @each($form)) { // Only update values that have changed - if ($pun_config['o_'.$key] != $input) + if (array_key_exists('o_'.$key, $pun_config) && $pun_config['o_'.$key] != $input) { if ($input != '' || is_int($input)) $value = '\''.$db->escape($input).'\''; else $value = 'NULL'; - $db->query('UPDATE '.$db->prefix.'config SET conf_value='.$value.' WHERE conf_name=\'o_'.$key.'\'') or error('Unable to update board config', __FILE__, __LINE__, $db->error()); + $db->query('UPDATE '.$db->prefix.'config SET conf_value='.$value.' WHERE conf_name=\'o_'.$db->escape($key).'\'') or error('Unable to update board config', __FILE__, __LINE__, $db->error()); } } @@ -229,11 +229,13 @@ $d = dir(PUN_ROOT.'lang'); while (($entry = $d->read()) !== false) { - if ($entry != '.' && $entry != '..' && is_dir(PUN_ROOT.'lang/'.$entry)) + if ($entry != '.' && $entry != '..' && is_dir(PUN_ROOT.'lang/'.$entry) && file_exists(PUN_ROOT.'lang/'.$entry.'/common.php')) $languages[] = $entry; } $d->close(); + @natsort($languages); + while (list(, $temp) = @each($languages)) { if ($pun_config['o_default_lang'] == $temp) @@ -261,6 +263,8 @@ $styles[] = substr($entry, 0, strlen($entry)-4); } $d->close(); + + @natsort($styles); while (list(, $temp) = @each($styles)) { diff -urN punbb-1.2.1/upload/admin_permissions.php punbb-1.2.8/upload/admin_permissions.php --- punbb-1.2.1/upload/admin_permissions.php Tue Jan 11 20:41:14 2005 +++ punbb-1.2.8/upload/admin_permissions.php Fri Sep 2 01:36:10 2005 @@ -39,23 +39,13 @@ { confirm_referrer('admin_permissions.php'); - $form = array_map('trim', $_POST['form']); - - $form['sig_length'] = intval($form['sig_length']); - $form['sig_lines'] = intval($form['sig_lines']); + $form = array_map('intval', $_POST['form']); while (list($key, $input) = @each($form)) { // Only update values that have changed - if ($pun_config['p_'.$key] != $input) - { - if ($input != '' || is_int($input)) - $value = '\''.$db->escape($input).'\''; - else - $value = 'NULL'; - - $db->query('UPDATE '.$db->prefix.'config SET conf_value='.$value.' WHERE conf_name=\'p_'.$key.'\'') or error('Unable to update board config', __FILE__, __LINE__, $db->error()); - } + if (array_key_exists('p_'.$key, $pun_config) && $pun_config['p_'.$key] != $input) + $db->query('UPDATE '.$db->prefix.'config SET conf_value='.$input.' WHERE conf_name=\'p_'.$db->escape($key).'\'') or error('Unable to update board config', __FILE__, __LINE__, $db->error()); } // Regenerate the config cache diff -urN punbb-1.2.1/upload/admin_prune.php punbb-1.2.8/upload/admin_prune.php --- punbb-1.2.1/upload/admin_prune.php Tue Jan 11 20:41:14 2005 +++ punbb-1.2.8/upload/admin_prune.php Thu Jul 7 19:31:54 2005 @@ -62,6 +62,7 @@ } else { + $prune_from = intval($prune_from); prune($prune_from, $_POST['prune_sticky'], $prune_date); update_forum($prune_from); } @@ -97,6 +98,7 @@ if ($prune_from != 'all') { + $prune_from = intval($prune_from); $sql .= ' AND forum_id='.$prune_from; // Fetch the forum name (just for cosmetic reasons) @@ -135,7 +137,7 @@ - + diff -urN punbb-1.2.1/upload/admin_ranks.php punbb-1.2.8/upload/admin_ranks.php --- punbb-1.2.1/upload/admin_ranks.php Tue Jan 11 20:41:14 2005 +++ punbb-1.2.8/upload/admin_ranks.php Fri Mar 11 20:17:26 2005 @@ -69,7 +69,7 @@ { confirm_referrer('admin_ranks.php'); - $id = key($_POST['update']); + $id = intval(key($_POST['update'])); $rank = trim($_POST['rank'][$id]); $min_posts = trim($_POST['min_posts'][$id]); @@ -100,7 +100,7 @@ { confirm_referrer('admin_ranks.php'); - $id = key($_POST['remove']); + $id = intval(key($_POST['remove'])); $db->query('DELETE FROM '.$db->prefix.'ranks WHERE id='.$id) or error('Unable to delete rank', __FILE__, __LINE__, $db->error()); diff -urN punbb-1.2.1/upload/admin_reports.php punbb-1.2.8/upload/admin_reports.php --- punbb-1.2.1/upload/admin_reports.php Tue Jan 11 20:41:14 2005 +++ punbb-1.2.8/upload/admin_reports.php Fri Mar 11 20:17:26 2005 @@ -40,7 +40,7 @@ { confirm_referrer('admin_reports.php'); - $zap_id = key($_POST['zap_id']); + $zap_id = intval(key($_POST['zap_id'])); $result = $db->query('SELECT zapped FROM '.$db->prefix.'reports WHERE id='.$zap_id) or error('Unable to fetch report info', __FILE__, __LINE__, $db->error()); $zapped = $db->result($result); diff -urN punbb-1.2.1/upload/admin_users.php punbb-1.2.8/upload/admin_users.php --- punbb-1.2.1/upload/admin_users.php Tue Feb 1 16:16:46 2005 +++ punbb-1.2.8/upload/admin_users.php Fri Sep 2 16:04:40 2005 @@ -49,7 +49,7 @@ ?>'.$lang_common['Mark all as read'].'
'."\n\t\t\t".''."\n\t\t".''; else $tpl_temp .= "\n\t\t\t".''."\n\t\t\t".''."\n\t\t".''; } diff -urN punbb-1.2.1/upload/help.php punbb-1.2.8/upload/help.php --- punbb-1.2.1/upload/help.php Wed Jan 12 21:17:34 2005 +++ punbb-1.2.8/upload/help.php Fri Mar 18 23:20:44 2005 @@ -86,7 +86,7 @@ [quote][/quote]+