diff -urN punbb-1.2.2/upload/admin_censoring.php punbb-1.2.3/upload/admin_censoring.php --- punbb-1.2.2/upload/admin_censoring.php Tue Jan 11 20:41:14 2005 +++ punbb-1.2.3/upload/admin_censoring.php Fri Mar 11 19:17:26 2005 @@ -76,7 +76,7 @@ { confirm_referrer('admin_censoring.php'); - $id = key($_POST['remove']); + $id = intval(key($_POST['remove'])); $db->query('DELETE FROM '.$db->prefix.'censoring WHERE id='.$id) or error('Unable to delete censor word', __FILE__, __LINE__, $db->error()); diff -urN punbb-1.2.2/upload/admin_options.php punbb-1.2.3/upload/admin_options.php --- punbb-1.2.2/upload/admin_options.php Sun Jan 23 20:08:54 2005 +++ punbb-1.2.3/upload/admin_options.php Mon Feb 28 01:52:52 2005 @@ -38,7 +38,7 @@ if (isset($_POST['form_sent'])) { // Lazy referer check (in case base_url isn't correct) - if (!preg_match('#/admin_options\.php#i', $_SERVER['HTTP_REFERER'])) + if (!isset($_SERVER['HTTP_REFERER']) || !preg_match('#/admin_options\.php#i', $_SERVER['HTTP_REFERER'])) message($lang_common['Bad referrer']); $form = array_map('trim', $_POST['form']); diff -urN punbb-1.2.2/upload/admin_ranks.php punbb-1.2.3/upload/admin_ranks.php --- punbb-1.2.2/upload/admin_ranks.php Tue Jan 11 20:41:14 2005 +++ punbb-1.2.3/upload/admin_ranks.php Fri Mar 11 19:17:26 2005 @@ -69,7 +69,7 @@ { confirm_referrer('admin_ranks.php'); - $id = key($_POST['update']); + $id = intval(key($_POST['update'])); $rank = trim($_POST['rank'][$id]); $min_posts = trim($_POST['min_posts'][$id]); @@ -100,7 +100,7 @@ { confirm_referrer('admin_ranks.php'); - $id = key($_POST['remove']); + $id = intval(key($_POST['remove'])); $db->query('DELETE FROM '.$db->prefix.'ranks WHERE id='.$id) or error('Unable to delete rank', __FILE__, __LINE__, $db->error()); diff -urN punbb-1.2.2/upload/admin_reports.php punbb-1.2.3/upload/admin_reports.php --- punbb-1.2.2/upload/admin_reports.php Tue Jan 11 20:41:14 2005 +++ punbb-1.2.3/upload/admin_reports.php Fri Mar 11 19:17:26 2005 @@ -40,7 +40,7 @@ { confirm_referrer('admin_reports.php'); - $zap_id = key($_POST['zap_id']); + $zap_id = intval(key($_POST['zap_id'])); $result = $db->query('SELECT zapped FROM '.$db->prefix.'reports WHERE id='.$zap_id) or error('Unable to fetch report info', __FILE__, __LINE__, $db->error()); $zapped = $db->result($result); diff -urN punbb-1.2.2/upload/admin_users.php punbb-1.2.3/upload/admin_users.php --- punbb-1.2.2/upload/admin_users.php Tue Feb 1 16:16:46 2005 +++ punbb-1.2.3/upload/admin_users.php Fri Mar 11 19:17:26 2005 @@ -266,7 +266,7 @@ $conditions[] = 'u.num_posts<'.$posts_less; if ($user_group != 'all') - $conditions[] = 'u.group_id='.$user_group; + $conditions[] = 'u.group_id='.$db->escape($user_group); if (!isset($conditions)) message('You didn\'t enter any search terms.'); @@ -300,7 +300,7 @@ query('SELECT u.id, u.username, u.email, u.title, u.num_posts, u.admin_note, g.g_id, g.g_user_title FROM '.$db->prefix.'users AS u LEFT JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id WHERE u.id>1 AND '.implode(' AND ', $conditions).' ORDER BY '.$order_by.' '.$direction) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); + $result = $db->query('SELECT u.id, u.username, u.email, u.title, u.num_posts, u.admin_note, g.g_id, g.g_user_title FROM '.$db->prefix.'users AS u LEFT JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id WHERE u.id>1 AND '.implode(' AND ', $conditions).' ORDER BY '.$db->escape($order_by).' '.$db->escape($direction)) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); if ($db->num_rows($result)) { while ($user_data = $db->fetch_assoc($result)) diff -urN punbb-1.2.2/upload/header.php punbb-1.2.3/upload/header.php --- punbb-1.2.2/upload/header.php Tue Feb 1 16:16:46 2005 +++ punbb-1.2.3/upload/header.php Wed Mar 9 22:04:02 2005 @@ -15,7 +15,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - You should have received a copy of the GNU G>eneral Public License + You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA @@ -171,10 +171,8 @@ $tpl_temp .= "\n\t\t\t\t".'
  • Maintenance mode is enabled!
    • '; } - if (basename($_SERVER['PHP_SELF']) == 'index.php') + if (in_array(basename($_SERVER['PHP_SELF']), array('index.php', 'search.php'))) $tpl_temp .= "\n\t\t\t".''."\n\t\t\t".''."\n\t\t\t".'
    '."\n\t\t".''; - else if (isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING'] == 'action=show_new') - $tpl_temp .= "\n\t\t\t".''."\n\t\t\t".'

    '.$lang_common['Mark all as read'].'

    '."\n\t\t\t".'
    '."\n\t\t".''; else $tpl_temp .= "\n\t\t\t".''."\n\t\t\t".'
    '."\n\t\t".''; } diff -urN punbb-1.2.2/upload/include/email.php punbb-1.2.3/upload/include/email.php --- punbb-1.2.2/upload/include/email.php Fri Feb 18 22:05:02 2005 +++ punbb-1.2.3/upload/include/email.php Fri Mar 11 19:15:58 2005 @@ -67,8 +67,10 @@ if (!$from) $from = '"'.$pun_config['o_board_title'].' '.$lang_common['Mailer'].'" <'.$pun_config['o_webmaster_email'].'>'; - // Make sure the from line doesn't contain a colon (the character, that is :D) - $from = str_replace(':', ' ', $from); + // Do a little spring cleaning + $to = trim(preg_replace('#[\n\r]+#s', '', $to)); + $subject = trim(preg_replace('#[\n\r]+#s', '', $subject)); + $from = trim(preg_replace('#[\n\r:]+#s', '', $from)); // Detect what linebreak we should use for the headers if (strtoupper(substr(PHP_OS, 0, 3) == 'WIN')) diff -urN punbb-1.2.2/upload/include/functions.php punbb-1.2.3/upload/include/functions.php --- punbb-1.2.2/upload/include/functions.php Mon Feb 21 21:00:14 2005 +++ punbb-1.2.3/upload/include/functions.php Fri Mar 11 18:57:06 2005 @@ -46,7 +46,7 @@ $pun_user = $db->fetch_assoc($result); // If user authorisation failed - if (!isset($pun_user['id']) || md5($cookie_seed.$pun_user['password']) != $cookie['password_hash']) + if (!isset($pun_user['id']) || md5($cookie_seed.$pun_user['password']) !== $cookie['password_hash']) { pun_setcookie(0, random_pass(8), $expire); set_default_user(); diff -urN punbb-1.2.2/upload/install.php punbb-1.2.3/upload/install.php --- punbb-1.2.2/upload/install.php Thu Feb 24 22:30:58 2005 +++ punbb-1.2.3/upload/install.php Fri Mar 11 18:55:20 2005 @@ -24,7 +24,7 @@ // The PunBB version this script installs -$punbb_version = '1.2.2'; +$punbb_version = '1.2.3'; define('PUN_ROOT', './'); diff -urN punbb-1.2.2/upload/misc.php punbb-1.2.3/upload/misc.php --- punbb-1.2.2/upload/misc.php Tue Jan 11 20:41:14 2005 +++ punbb-1.2.3/upload/misc.php Mon Feb 28 02:02:16 2005 @@ -245,7 +245,7 @@ else if (isset($_GET['subscribe'])) { - if ($pun_user['is_guest']) + if ($pun_user['is_guest'] || $pun_config['o_subscriptions'] != '1') message($lang_common['No permission']); $topic_id = intval($_GET['subscribe']); @@ -264,7 +264,7 @@ else if (isset($_GET['unsubscribe'])) { - if ($pun_user['is_guest']) + if ($pun_user['is_guest'] || $pun_config['o_subscriptions'] != '1') message($lang_common['No permission']); $topic_id = intval($_GET['unsubscribe']); diff -urN punbb-1.2.2/upload/post.php punbb-1.2.3/upload/post.php --- punbb-1.2.2/upload/post.php Sat Jan 22 01:32:28 2005 +++ punbb-1.2.3/upload/post.php Mon Feb 28 02:02:16 2005 @@ -207,73 +207,76 @@ update_forum($cur_posting['id']); - - // Get the post time for the previous post in this topic - $result = $db->query('SELECT posted FROM '.$db->prefix.'posts WHERE topic_id='.$tid.' ORDER BY id DESC LIMIT 1, 1') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error()); - $previous_post_time = $db->result($result); - - // Get any subscribed users that should be notified (banned users are excluded) - $result = $db->query('SELECT u.id, u.email, u.notify_with_post, u.language FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'subscriptions AS s ON u.id=s.user_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id='.$cur_posting['id'].' AND fp.group_id=u.group_id) LEFT JOIN '.$db->prefix.'online AS o ON u.id=o.user_id LEFT JOIN '.$db->prefix.'bans AS b ON u.username=b.username WHERE b.username IS NULL AND COALESCE(o.logged, u.last_visit)>'.$previous_post_time.' AND (fp.read_forum IS NULL OR fp.read_forum=1) AND s.topic_id='.$tid.' AND u.id!='.intval($pun_user['id'])) or error('Unable to fetch subscription info', __FILE__, __LINE__, $db->error()); - if ($db->num_rows($result)) + // Should we send out notifications? + if ($pun_config['o_subscriptions'] == '1') { - require_once PUN_ROOT.'include/email.php'; + // Get the post time for the previous post in this topic + $result = $db->query('SELECT posted FROM '.$db->prefix.'posts WHERE topic_id='.$tid.' ORDER BY id DESC LIMIT 1, 1') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error()); + $previous_post_time = $db->result($result); + + // Get any subscribed users that should be notified (banned users are excluded) + $result = $db->query('SELECT u.id, u.email, u.notify_with_post, u.language FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'subscriptions AS s ON u.id=s.user_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id='.$cur_posting['id'].' AND fp.group_id=u.group_id) LEFT JOIN '.$db->prefix.'online AS o ON u.id=o.user_id LEFT JOIN '.$db->prefix.'bans AS b ON u.username=b.username WHERE b.username IS NULL AND COALESCE(o.logged, u.last_visit)>'.$previous_post_time.' AND (fp.read_forum IS NULL OR fp.read_forum=1) AND s.topic_id='.$tid.' AND u.id!='.intval($pun_user['id'])) or error('Unable to fetch subscription info', __FILE__, __LINE__, $db->error()); + if ($db->num_rows($result)) + { + require_once PUN_ROOT.'include/email.php'; - $notification_emails = array(); + $notification_emails = array(); - // Loop through subscribed users and send e-mails - while ($cur_subscriber = $db->fetch_assoc($result)) - { - // Is the subscription e-mail for $cur_subscriber['language'] cached or not? - if (!isset($notification_emails[$cur_subscriber['language']])) + // Loop through subscribed users and send e-mails + while ($cur_subscriber = $db->fetch_assoc($result)) { - if (file_exists(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply.tpl')) + // Is the subscription e-mail for $cur_subscriber['language'] cached or not? + if (!isset($notification_emails[$cur_subscriber['language']])) { - // Load the "new reply" template - $mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply.tpl')); - - // Load the "new reply full" template (with post included) - $mail_tpl_full = trim(file_get_contents(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply_full.tpl')); + if (file_exists(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply.tpl')) + { + // Load the "new reply" template + $mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply.tpl')); + + // Load the "new reply full" template (with post included) + $mail_tpl_full = trim(file_get_contents(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply_full.tpl')); + + // The first row contains the subject (it also starts with "Subject:") + $first_crlf = strpos($mail_tpl, "\n"); + $mail_subject = trim(substr($mail_tpl, 8, $first_crlf-8)); + $mail_message = trim(substr($mail_tpl, $first_crlf)); + + $first_crlf = strpos($mail_tpl_full, "\n"); + $mail_subject_full = trim(substr($mail_tpl_full, 8, $first_crlf-8)); + $mail_message_full = trim(substr($mail_tpl_full, $first_crlf)); + + $mail_subject = str_replace('', '\''.$cur_posting['subject'].'\'', $mail_subject); + $mail_message = str_replace('', '\''.$cur_posting['subject'].'\'', $mail_message); + $mail_message = str_replace('', $username, $mail_message); + $mail_message = str_replace('', $pun_config['o_base_url'].'/viewtopic.php?pid='.$new_pid.'#p'.$new_pid, $mail_message); + $mail_message = str_replace('', $pun_config['o_base_url'].'/misc.php?unsubscribe='.$tid, $mail_message); + $mail_message = str_replace('', $pun_config['o_board_title'].' '.$lang_common['Mailer'], $mail_message); + + $mail_subject_full = str_replace('', '\''.$cur_posting['subject'].'\'', $mail_subject_full); + $mail_message_full = str_replace('', '\''.$cur_posting['subject'].'\'', $mail_message_full); + $mail_message_full = str_replace('', $username, $mail_message_full); + $mail_message_full = str_replace('', $message, $mail_message_full); + $mail_message_full = str_replace('', $pun_config['o_base_url'].'/viewtopic.php?pid='.$new_pid.'#p'.$new_pid, $mail_message_full); + $mail_message_full = str_replace('', $pun_config['o_base_url'].'/misc.php?unsubscribe='.$tid, $mail_message_full); + $mail_message_full = str_replace('', $pun_config['o_board_title'].' '.$lang_common['Mailer'], $mail_message_full); + + $notification_emails[$cur_subscriber['language']][0] = $mail_subject; + $notification_emails[$cur_subscriber['language']][1] = $mail_message; + $notification_emails[$cur_subscriber['language']][2] = $mail_subject_full; + $notification_emails[$cur_subscriber['language']][3] = $mail_message_full; - // The first row contains the subject (it also starts with "Subject:") - $first_crlf = strpos($mail_tpl, "\n"); - $mail_subject = trim(substr($mail_tpl, 8, $first_crlf-8)); - $mail_message = trim(substr($mail_tpl, $first_crlf)); - - $first_crlf = strpos($mail_tpl_full, "\n"); - $mail_subject_full = trim(substr($mail_tpl_full, 8, $first_crlf-8)); - $mail_message_full = trim(substr($mail_tpl_full, $first_crlf)); - - $mail_subject = str_replace('', '\''.$cur_posting['subject'].'\'', $mail_subject); - $mail_message = str_replace('', '\''.$cur_posting['subject'].'\'', $mail_message); - $mail_message = str_replace('', $username, $mail_message); - $mail_message = str_replace('', $pun_config['o_base_url'].'/viewtopic.php?pid='.$new_pid.'#p'.$new_pid, $mail_message); - $mail_message = str_replace('', $pun_config['o_base_url'].'/misc.php?unsubscribe='.$tid, $mail_message); - $mail_message = str_replace('', $pun_config['o_board_title'].' '.$lang_common['Mailer'], $mail_message); - - $mail_subject_full = str_replace('', '\''.$cur_posting['subject'].'\'', $mail_subject_full); - $mail_message_full = str_replace('', '\''.$cur_posting['subject'].'\'', $mail_message_full); - $mail_message_full = str_replace('', $username, $mail_message_full); - $mail_message_full = str_replace('', $message, $mail_message_full); - $mail_message_full = str_replace('', $pun_config['o_base_url'].'/viewtopic.php?pid='.$new_pid.'#p'.$new_pid, $mail_message_full); - $mail_message_full = str_replace('', $pun_config['o_base_url'].'/misc.php?unsubscribe='.$tid, $mail_message_full); - $mail_message_full = str_replace('', $pun_config['o_board_title'].' '.$lang_common['Mailer'], $mail_message_full); - - $notification_emails[$cur_subscriber['language']][0] = $mail_subject; - $notification_emails[$cur_subscriber['language']][1] = $mail_message; - $notification_emails[$cur_subscriber['language']][2] = $mail_subject_full; - $notification_emails[$cur_subscriber['language']][3] = $mail_message_full; - - $mail_subject = $mail_message = $mail_subject_full = $mail_message_full = null; + $mail_subject = $mail_message = $mail_subject_full = $mail_message_full = null; + } } - } - // We have to double check here because the templates could be missing - if (isset($notification_emails[$cur_subscriber['language']])) - { - if ($cur_subscriber['notify_with_post'] == '0') - pun_mail($cur_subscriber['email'], $notification_emails[$cur_subscriber['language']][0], $notification_emails[$cur_subscriber['language']][1]); - else - pun_mail($cur_subscriber['email'], $notification_emails[$cur_subscriber['language']][2], $notification_emails[$cur_subscriber['language']][3]); + // We have to double check here because the templates could be missing + if (isset($notification_emails[$cur_subscriber['language']])) + { + if ($cur_subscriber['notify_with_post'] == '0') + pun_mail($cur_subscriber['email'], $notification_emails[$cur_subscriber['language']][0], $notification_emails[$cur_subscriber['language']][1]); + else + pun_mail($cur_subscriber['email'], $notification_emails[$cur_subscriber['language']][2], $notification_emails[$cur_subscriber['language']][3]); + } } } } diff -urN punbb-1.2.2/upload/userlist.php punbb-1.2.3/upload/userlist.php --- punbb-1.2.2/upload/userlist.php Mon Jan 17 21:35:36 2005 +++ punbb-1.2.3/upload/userlist.php Thu Mar 3 01:08:18 2005 @@ -116,7 +116,7 @@ $where_sql[] = 'u.group_id='.$show_group; // Fetch user count -$result = $db->query('SELECT COUNT(id)-1 FROM '.$db->prefix.'users AS u'.(!empty($where_sql) ? ' WHERE '.implode(' AND ', $where_sql) : '')) or error('Unable to fetch user list count', __FILE__, __LINE__, $db->error()); +$result = $db->query('SELECT COUNT(id) FROM '.$db->prefix.'users AS u'.(!empty($where_sql) ? ' WHERE u.id>1 AND '.implode(' AND ', $where_sql) : '')) or error('Unable to fetch user list count', __FILE__, __LINE__, $db->error()); $num_users = $db->result($result); @@ -154,7 +154,7 @@ query('SELECT u.id, u.username, u.title, u.num_posts, u.registered, g.g_id, g.g_user_title FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id WHERE u.id>1'.(!empty($where_sql) ? ' AND '.implode(' AND ', $where_sql) : '').' ORDER BY '.$sort_by.' '.$sort_dir.' LIMIT '.$start_from.', 50') or error('Unable to fetch user list', __FILE__, __LINE__, $db->error()); +$result = $db->query('SELECT u.id, u.username, u.title, u.num_posts, u.registered, g.g_id, g.g_user_title FROM '.$db->prefix.'users AS u LEFT JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id WHERE u.id>1'.(!empty($where_sql) ? ' AND '.implode(' AND ', $where_sql) : '').' ORDER BY '.$sort_by.' '.$sort_dir.' LIMIT '.$start_from.', 50') or error('Unable to fetch user list', __FILE__, __LINE__, $db->error()); if ($db->num_rows($result)) { while ($user_data = $db->fetch_assoc($result))