diff -urN punbb-1.2.2/upload/admin_censoring.php punbb-1.2.4/upload/admin_censoring.php
--- punbb-1.2.2/upload/admin_censoring.php Tue Jan 11 20:41:14 2005
+++ punbb-1.2.4/upload/admin_censoring.php Fri Mar 11 19:17:26 2005
@@ -76,7 +76,7 @@
{
confirm_referrer('admin_censoring.php');
- $id = key($_POST['remove']);
+ $id = intval(key($_POST['remove']));
$db->query('DELETE FROM '.$db->prefix.'censoring WHERE id='.$id) or error('Unable to delete censor word', __FILE__, __LINE__, $db->error());
diff -urN punbb-1.2.2/upload/admin_groups.php punbb-1.2.4/upload/admin_groups.php
--- punbb-1.2.2/upload/admin_groups.php Fri Feb 18 22:05:02 2005
+++ punbb-1.2.4/upload/admin_groups.php Sun Mar 13 15:47:54 2005
@@ -229,8 +229,8 @@
if ($_POST['mode'] == 'add')
{
- $db->query('SELECT 1 FROM '.$db->prefix.'groups WHERE g_title=\''.$db->escape($title).'\'') or error('Unable to check group title collision', __FILE__, __LINE__, $db->error());
- if ($db->num_rows())
+ $result = $db->query('SELECT 1 FROM '.$db->prefix.'groups WHERE g_title=\''.$db->escape($title).'\'') or error('Unable to check group title collision', __FILE__, __LINE__, $db->error());
+ if ($db->num_rows($result))
message('There is already a group with the title \''.pun_htmlspecialchars($title).'\'.');
$db->query('INSERT INTO '.$db->prefix.'groups (g_title, g_user_title, g_read_board, g_post_replies, g_post_topics, g_edit_posts, g_delete_posts, g_delete_topics, g_set_title, g_search, g_search_users, g_edit_subjects_interval, g_post_flood, g_search_flood) VALUES(\''.$db->escape($title).'\', '.$user_title.', '.$read_board.', '.$post_replies.', '.$post_topics.', '.$edit_posts.', '.$delete_posts.', '.$delete_topics.', '.$set_title.', '.$search.', '.$search_users.', '.$edit_subjects_interval.', '.$post_flood.', '.$search_flood.')') or error('Unable to add group', __FILE__, __LINE__, $db->error());
@@ -242,7 +242,13 @@
$db->query('INSERT INTO '.$db->prefix.'forum_perms (group_id, forum_id, read_forum, post_replies, post_topics) VALUES('.$new_group_id.', '.$cur_forum_perm['forum_id'].', '.$cur_forum_perm['read_forum'].', '.$cur_forum_perm['post_replies'].', '.$cur_forum_perm['post_topics'].')') or error('Unable to insert group forum permissions', __FILE__, __LINE__, $db->error());
}
else
+ {
+ $result = $db->query('SELECT 1 FROM '.$db->prefix.'groups WHERE g_title=\''.$db->escape($title).'\' && g_id!='.$_POST['group_id']) or error('Unable to check group title collision', __FILE__, __LINE__, $db->error());
+ if ($db->num_rows($result))
+ message('There is already a group with the title \''.pun_htmlspecialchars($title).'\'.');
+
$db->query('UPDATE '.$db->prefix.'groups SET g_title=\''.$db->escape($title).'\', g_user_title='.$user_title.', g_read_board='.$read_board.', g_post_replies='.$post_replies.', g_post_topics='.$post_topics.', g_edit_posts='.$edit_posts.', g_delete_posts='.$delete_posts.', g_delete_topics='.$delete_topics.', g_set_title='.$set_title.', g_search='.$search.', g_search_users='.$search_users.', g_edit_subjects_interval='.$edit_subjects_interval.', g_post_flood='.$post_flood.', g_search_flood='.$search_flood.' WHERE g_id='.$_POST['group_id']) or error('Unable to update group', __FILE__, __LINE__, $db->error());
+ }
// Regenerate the quickjump cache
require_once PUN_ROOT.'include/cache.php';
diff -urN punbb-1.2.2/upload/admin_index.php punbb-1.2.4/upload/admin_index.php
--- punbb-1.2.2/upload/admin_index.php Sun Jan 23 18:36:42 2005
+++ punbb-1.2.4/upload/admin_index.php Sun Mar 13 00:34:06 2005
@@ -64,7 +64,7 @@
// Show phpinfo() output
-else if ($action == 'phpinfo')
+else if ($action == 'phpinfo' && $pun_user['g_id'] == PUN_ADMIN)
{
// Is phpinfo() a disabled function?
if (strpos(strtolower((string)@ini_get('disable_functions')), 'phpinfo') !== false)
diff -urN punbb-1.2.2/upload/admin_options.php punbb-1.2.4/upload/admin_options.php
--- punbb-1.2.2/upload/admin_options.php Sun Jan 23 20:08:54 2005
+++ punbb-1.2.4/upload/admin_options.php Mon Feb 28 01:52:52 2005
@@ -38,7 +38,7 @@
if (isset($_POST['form_sent']))
{
// Lazy referer check (in case base_url isn't correct)
- if (!preg_match('#/admin_options\.php#i', $_SERVER['HTTP_REFERER']))
+ if (!isset($_SERVER['HTTP_REFERER']) || !preg_match('#/admin_options\.php#i', $_SERVER['HTTP_REFERER']))
message($lang_common['Bad referrer']);
$form = array_map('trim', $_POST['form']);
diff -urN punbb-1.2.2/upload/admin_ranks.php punbb-1.2.4/upload/admin_ranks.php
--- punbb-1.2.2/upload/admin_ranks.php Tue Jan 11 20:41:14 2005
+++ punbb-1.2.4/upload/admin_ranks.php Fri Mar 11 19:17:26 2005
@@ -69,7 +69,7 @@
{
confirm_referrer('admin_ranks.php');
- $id = key($_POST['update']);
+ $id = intval(key($_POST['update']));
$rank = trim($_POST['rank'][$id]);
$min_posts = trim($_POST['min_posts'][$id]);
@@ -100,7 +100,7 @@
{
confirm_referrer('admin_ranks.php');
- $id = key($_POST['remove']);
+ $id = intval(key($_POST['remove']));
$db->query('DELETE FROM '.$db->prefix.'ranks WHERE id='.$id) or error('Unable to delete rank', __FILE__, __LINE__, $db->error());
diff -urN punbb-1.2.2/upload/admin_reports.php punbb-1.2.4/upload/admin_reports.php
--- punbb-1.2.2/upload/admin_reports.php Tue Jan 11 20:41:14 2005
+++ punbb-1.2.4/upload/admin_reports.php Fri Mar 11 19:17:26 2005
@@ -40,7 +40,7 @@
{
confirm_referrer('admin_reports.php');
- $zap_id = key($_POST['zap_id']);
+ $zap_id = intval(key($_POST['zap_id']));
$result = $db->query('SELECT zapped FROM '.$db->prefix.'reports WHERE id='.$zap_id) or error('Unable to fetch report info', __FILE__, __LINE__, $db->error());
$zapped = $db->result($result);
diff -urN punbb-1.2.2/upload/admin_users.php punbb-1.2.4/upload/admin_users.php
--- punbb-1.2.2/upload/admin_users.php Tue Feb 1 16:16:46 2005
+++ punbb-1.2.4/upload/admin_users.php Fri Mar 11 19:17:26 2005
@@ -266,7 +266,7 @@
$conditions[] = 'u.num_posts<'.$posts_less;
if ($user_group != 'all')
- $conditions[] = 'u.group_id='.$user_group;
+ $conditions[] = 'u.group_id='.$db->escape($user_group);
if (!isset($conditions))
message('You didn\'t enter any search terms.');
@@ -300,7 +300,7 @@
query('SELECT u.id, u.username, u.email, u.title, u.num_posts, u.admin_note, g.g_id, g.g_user_title FROM '.$db->prefix.'users AS u LEFT JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id WHERE u.id>1 AND '.implode(' AND ', $conditions).' ORDER BY '.$order_by.' '.$direction) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
+ $result = $db->query('SELECT u.id, u.username, u.email, u.title, u.num_posts, u.admin_note, g.g_id, g.g_user_title FROM '.$db->prefix.'users AS u LEFT JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id WHERE u.id>1 AND '.implode(' AND ', $conditions).' ORDER BY '.$db->escape($order_by).' '.$db->escape($direction)) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result))
{
while ($user_data = $db->fetch_assoc($result))
diff -urN punbb-1.2.2/upload/header.php punbb-1.2.4/upload/header.php
--- punbb-1.2.2/upload/header.php Tue Feb 1 16:16:46 2005
+++ punbb-1.2.4/upload/header.php Wed Mar 9 22:04:02 2005
@@ -15,7 +15,7 @@
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
- You should have received a copy of the GNU G>eneral Public License
+ You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston,
MA 02111-1307 USA
@@ -171,10 +171,8 @@
$tpl_temp .= "\n\t\t\t\t".'