diff -urN punbb-1.2.4/upload/admin_bans.php punbb-1.2.17/upload/admin_bans.php --- punbb-1.2.4/upload/admin_bans.php 2005-03-18 23:15:14.000000000 +0100 +++ punbb-1.2.17/upload/admin_bans.php 2006-10-14 18:40:28.000000000 +0200 @@ -44,7 +44,7 @@ if (isset($_GET['add_ban'])) { $add_ban = intval($_GET['add_ban']); - if ($add_ban < 1) + if ($add_ban < 2) message($lang_common['Bad request']); $user_id = $add_ban; @@ -61,7 +61,7 @@ if ($ban_user != '') { - $result = $db->query('SELECT id, group_id, username, email FROM '.$db->prefix.'users WHERE username=\''.$db->escape($ban_user).'\'') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); + $result = $db->query('SELECT id, group_id, username, email FROM '.$db->prefix.'users WHERE username=\''.$db->escape($ban_user).'\' AND id>1') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); if ($db->num_rows($result)) list($user_id, $group_id, $ban_user, $ban_email) = $db->fetch_row($result); else @@ -192,6 +192,8 @@ if ($ban_user == '' && $ban_ip == '' && $ban_email == '') message('You must enter either a username, an IP address or an e-mail address (at least).'); + else if (strtolower($ban_user) == 'guest') + message('The guest user cannot be banned.'); // Validate IP/IP range (it's overkill, I know) if ($ban_ip != '') @@ -244,7 +246,7 @@ if ($_POST['mode'] == 'add') $db->query('INSERT INTO '.$db->prefix.'bans (username, ip, email, message, expire) VALUES('.$ban_user.', '.$ban_ip.', '.$ban_email.', '.$ban_message.', '.$ban_expire.')') or error('Unable to add ban', __FILE__, __LINE__, $db->error()); else - $db->query('UPDATE '.$db->prefix.'bans SET username='.$ban_user.', ip='.$ban_ip.', email='.$ban_email.', message='.$ban_message.', expire='.$ban_expire.' WHERE id='.$_POST['ban_id']) or error('Unable to update ban', __FILE__, __LINE__, $db->error()); + $db->query('UPDATE '.$db->prefix.'bans SET username='.$ban_user.', ip='.$ban_ip.', email='.$ban_email.', message='.$ban_message.', expire='.$ban_expire.' WHERE id='.intval($_POST['ban_id'])) or error('Unable to update ban', __FILE__, __LINE__, $db->error()); // Regenerate the bans cache require_once PUN_ROOT.'include/cache.php'; diff -urN punbb-1.2.4/upload/admin_categories.php punbb-1.2.17/upload/admin_categories.php --- punbb-1.2.4/upload/admin_categories.php 2005-03-18 23:15:15.000000000 +0100 +++ punbb-1.2.17/upload/admin_categories.php 2007-04-10 23:37:34.000000000 +0200 @@ -118,12 +118,12 @@
- + @@ -151,7 +151,7 @@ if ($cat_name[$i] == '') message('You must enter a category name.'); - if (!preg_match('#^\d+$#', $cat_order[$i])) + if (!@preg_match('#^\d+$#', $cat_order[$i])) message('Position must be an integer value.'); list($cat_id, $position) = $db->fetch_row($result); diff -urN punbb-1.2.4/upload/admin_censoring.php punbb-1.2.17/upload/admin_censoring.php --- punbb-1.2.4/upload/admin_censoring.php 2005-03-18 23:15:15.000000000 +0100 +++ punbb-1.2.17/upload/admin_censoring.php 2005-04-07 21:38:23.000000000 +0200 @@ -57,7 +57,7 @@ { confirm_referrer('admin_censoring.php'); - $id = key($_POST['update']); + $id = intval(key($_POST['update'])); $search_for = trim($_POST['search_for'][$id]); $replace_with = trim($_POST['replace_with'][$id]); diff -urN punbb-1.2.4/upload/admin_forums.php punbb-1.2.17/upload/admin_forums.php --- punbb-1.2.4/upload/admin_forums.php 2005-03-18 23:15:14.000000000 +0100 +++ punbb-1.2.17/upload/admin_forums.php 2008-01-15 00:23:25.000000000 +0100 @@ -117,7 +117,7 @@ - + @@ -137,10 +137,10 @@ while (list($forum_id, $disp_position) = @each($_POST['position'])) { - if (!preg_match('#^\d+$#', $disp_position)) + if (!@preg_match('#^\d+$#', $disp_position)) message('Position must be a positive integer value.'); - $db->query('UPDATE '.$db->prefix.'forums SET disp_position='.$disp_position.' WHERE id='.$forum_id) or error('Unable to update forum', __FILE__, __LINE__, $db->error()); + $db->query('UPDATE '.$db->prefix.'forums SET disp_position='.$disp_position.' WHERE id='.intval($forum_id)) or error('Unable to update forum', __FILE__, __LINE__, $db->error()); } // Regenerate the quickjump cache @@ -186,9 +186,9 @@ $result = $db->query('SELECT g_id, g_read_board, g_post_replies, g_post_topics FROM '.$db->prefix.'groups WHERE g_id!='.PUN_ADMIN) or error('Unable to fetch user group list', __FILE__, __LINE__, $db->error()); while ($cur_group = $db->fetch_assoc($result)) { - $read_forum_new = ($cur_group['g_read_board'] == '1') ? isset($_POST['read_forum_new'][$cur_group['g_id']]) ? $_POST['read_forum_new'][$cur_group['g_id']] : '0' : $_POST['read_forum_old'][$cur_group['g_id']]; - $post_replies_new = isset($_POST['post_replies_new'][$cur_group['g_id']]) ? $_POST['post_replies_new'][$cur_group['g_id']] : '0'; - $post_topics_new = isset($_POST['post_topics_new'][$cur_group['g_id']]) ? $_POST['post_topics_new'][$cur_group['g_id']] : '0'; + $read_forum_new = ($cur_group['g_read_board'] == '1') ? isset($_POST['read_forum_new'][$cur_group['g_id']]) ? '1' : '0' : intval($_POST['read_forum_old'][$cur_group['g_id']]); + $post_replies_new = isset($_POST['post_replies_new'][$cur_group['g_id']]) ? '1' : '0'; + $post_topics_new = isset($_POST['post_topics_new'][$cur_group['g_id']]) ? '1' : '0'; // Check if the new settings differ from the old if ($read_forum_new != $_POST['read_forum_old'][$cur_group['g_id']] || $post_replies_new != $_POST['post_replies_old'][$cur_group['g_id']] || $post_topics_new != $_POST['post_topics_old'][$cur_group['g_id']]) @@ -385,8 +385,13 @@ query('SELECT id, cat_name FROM '.$db->prefix.'categories ORDER BY disp_position') or error('Unable to fetch category list', __FILE__, __LINE__, $db->error()); - while ($cur_cat = $db->fetch_assoc($result)) - echo "\t\t\t\t\t\t\t\t\t".''."\n"; + if ($db->num_rows($result) > 0) + { + while ($cur_cat = $db->fetch_assoc($result)) + echo "\t\t\t\t\t\t\t\t\t".''."\n"; + } + else + echo "\t\t\t\t\t\t\t\t\t".''."\n"; ?> @@ -399,7 +404,15 @@ +query('SELECT c.id AS cid, c.cat_name, f.id AS fid, f.forum_name, f.disp_position FROM '.$db->prefix.'categories AS c INNER JOIN '.$db->prefix.'forums AS f ON c.id=f.cat_id ORDER BY c.disp_position, c.id, f.disp_position') or error('Unable to fetch category/forum list', __FILE__, __LINE__, $db->error()); + +if ($db->num_rows($result) > 0) +{ +?>