punbb-1.2.10/upload/admin_options.php |
punbb-1.2.13/upload/admin_options.php |
63: if (substr($form['base_url'], -1) == '/') | 63: if (substr($form['base_url'], -1) == '/') |
64: $form['base_url'] = substr($form['base_url'], 0, -1); | 64: $form['base_url'] = substr($form['base_url'], 0, -1); |
65: | 65: |
| 66: // Clean avatars_dir |
| 67: $form['avatars_dir'] = str_replace("\0", '', $form['avatars_dir']); |
| 68: |
66: // Make sure avatars_dir doesn't end with a slash | 69: // Make sure avatars_dir doesn't end with a slash |
67: if (substr($form['avatars_dir'], -1) == '/') | 70: if (substr($form['avatars_dir'], -1) == '/') |
68: $form['avatars_dir'] = substr($form['avatars_dir'], 0, -1); | 71: $form['avatars_dir'] = substr($form['avatars_dir'], 0, -1); |
punbb-1.2.10/upload/include/functions.php |
punbb-1.2.13/upload/include/functions.php |
138: // Enable sending of a P3P header by removing // from the following line (try this if login is failing in IE6) | 138: // Enable sending of a P3P header by removing // from the following line (try this if login is failing in IE6) |
139: // @header('P3P: CP="CUR ADM"'); | 139: // @header('P3P: CP="CUR ADM"'); |
140: | 140: |
141: setcookie($cookie_name, serialize(array($user_id, md5($cookie_seed.$password_hash))), $expire, $cookie_path, $cookie_domain, $cookie_secure); | 141: if (version_compare(PHP_VERSION, '5.2.0', '>=')) |
| 142: setcookie($cookie_name, serialize(array($user_id, md5($cookie_seed.$password_hash))), $expire, $cookie_path, $cookie_domain, $cookie_secure, true); |
| 143: else |
| 144: setcookie($cookie_name, serialize(array($user_id, md5($cookie_seed.$password_hash))), $expire, $cookie_path.'; HttpOnly', $cookie_domain, $cookie_secure); |
142: } | 145: } |
143: | 146: |
144: | 147: |
1031: // | 1034: // |
1032: // Unset any variables instantiated as a result of register_globals being enabled | 1035: // Unset any variables instantiated as a result of register_globals being enabled |
1033: // | 1036: // |
1034: function unregister_globals() | 1037: function unregister_globals() |
1035: { | 1038: { |
1036: // Prevent script.php?GLOBALS[foo]=bar | 1039: // Prevent script.php?GLOBALS[foo]=bar |
1037: if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) | 1040: if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) |
1038: exit('I\'ll have a steak sandwich and... a steak sandwich.'); | 1041: exit('I\'ll have a steak sandwich and... a steak sandwich.'); |
1039: | 1042: |
1040: // Variables that shouldn't be unset | 1043: // Variables that shouldn't be unset |
1041: $no_unset = array('GLOBALS', '_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES'); | 1044: $no_unset = array('GLOBALS', '_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES'); |
1042: | 1045: |
1043: // Remove elements in $GLOBALS that are present in any of the superglobals | 1046: // Remove elements in $GLOBALS that are present in any of the superglobals |
1044: $input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array()); | 1047: $input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array()); |
1045: foreach ($input as $k => $v) | 1048: foreach ($input as $k => $v) |
1046: { | 1049: { |
1047: if (!in_array($k, $no_unset) && isset($GLOBALS[$k])) | 1050: if (!in_array($k, $no_unset) && isset($GLOBALS[$k])) |
1048: unset($GLOBALS[$k]); | 1051: unset($GLOBALS[$k]); |
1049: } | 1052: } |
1050: } | 1053: } |
1051: | 1054: |
1052: | 1055: |
punbb-1.2.10/upload/include/parser.php |
punbb-1.2.13/upload/include/parser.php |
264: { | 264: { |
265: global $pun_user; | 265: global $pun_user; |
266: | 266: |
267: $full_url = str_replace(array(' ', '\'', '`'), array('%20', '', ''), $url); | 267: $full_url = str_replace(array(' ', '\'', '`', '"'), array('%20', '', '', ''), $url); |
268: if (strpos($url, 'www.') === 0) // If it starts with www, we add http:// | 268: if (strpos($url, 'www.') === 0) // If it starts with www, we add http:// |
269: $full_url = 'http://'.$full_url; | 269: $full_url = 'http://'.$full_url; |
270: else if (strpos($url, 'ftp.') === 0) // Else if it starts with ftp, we add ftp:// | 270: else if (strpos($url, 'ftp.') === 0) // Else if it starts with ftp, we add ftp:// |
punbb-1.2.10/upload/register.php |
punbb-1.2.13/upload/register.php |
79: | 79: |
80: else if (isset($_POST['form_sent'])) | 80: else if (isset($_POST['form_sent'])) |
81: { | 81: { |
| 82: // Check that someone from this IP didn't register a user within the last hour (DoS prevention) |
| 83: $result = $db->query('SELECT 1 FROM '.$db->prefix.'users WHERE registration_ip=\''.get_remote_address().'\' AND registered>'.(time() - 3600)) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); |
| 84: |
| 85: if ($db->num_rows($result)) |
| 86: message('A new user was registered with the same IP address as you within the last hour. To prevent registration flooding, at least an hour has to pass between registrations from the same IP. Sorry for the inconvenience.'); |
| 87: |
| 88: |
82: $username = pun_trim($_POST['req_username']); | 89: $username = pun_trim($_POST['req_username']); |
83: $email1 = strtolower(trim($_POST['req_email1'])); | 90: $email1 = strtolower(trim($_POST['req_email1'])); |
84: | 91: |