PunBB 1.2.11 to 1.2.15 changes | Legend | |
---|---|---|
Lines removed | ||
Lines changed | ||
Lines added |
punbb-1.2.11/upload/admin_bans.php | punbb-1.2.15/upload/admin_bans.php |
---|---|
192: | 192: |
193: if ($ban_user == '' && $ban_ip == '' && $ban_email == '') | 193: if ($ban_user == '' && $ban_ip == '' && $ban_email == '') |
194: message('You must enter either a username, an IP address or an e-mail address (at least).'); | 194: message('You must enter either a username, an IP address or an e-mail address (at least).'); |
195: else if (strtolower($ban_user) == 'guest') | |
196: message('The guest user cannot be banned.'); | |
195: | 197: |
196: // Validate IP/IP range (it's overkill, I know) | 198: // Validate IP/IP range (it's overkill, I know) |
197: if ($ban_ip != '') | 199: if ($ban_ip != '') |
punbb-1.2.11/upload/admin_categories.php | punbb-1.2.15/upload/admin_categories.php |
---|---|
118: <fieldset> | 118: <fieldset> |
119: <legend>Confirm delete category</legend> | 119: <legend>Confirm delete category</legend> |
120: <div class="infldset"> | 120: <div class="infldset"> |
121: <p>Are you sure that you want to delete the category "<?php echo $cat_name ?>"?</p> | 121: <p>Are you sure that you want to delete the category "<?php echo pun_htmlspecialchars($cat_name) ?>"?</p> |
122: <p>WARNING! Deleting a category will delete all forums and posts (if any) in that category!</p> | 122: <p>WARNING! Deleting a category will delete all forums and posts (if any) in that category!</p> |
123: </div> | 123: </div> |
124: </fieldset> | 124: </fieldset> |
151: if ($cat_name[$i] == '') | 151: if ($cat_name[$i] == '') |
152: message('You must enter a category name.'); | 152: message('You must enter a category name.'); |
153: | 153: |
154: if (!preg_match('#^\d+$#', $cat_order[$i])) | 154: if (!@preg_match('#^\d+$#', $cat_order[$i])) |
155: message('Position must be an integer value.'); | 155: message('Position must be an integer value.'); |
156: | 156: |
157: list($cat_id, $position) = $db->fetch_row($result); | 157: list($cat_id, $position) = $db->fetch_row($result); |
punbb-1.2.11/upload/admin_forums.php | punbb-1.2.15/upload/admin_forums.php |
---|---|
137: | 137: |
138: while (list($forum_id, $disp_position) = @each($_POST['position'])) | 138: while (list($forum_id, $disp_position) = @each($_POST['position'])) |
139: { | 139: { |
140: if (!preg_match('#^\d+$#', $disp_position)) | 140: if (!@preg_match('#^\d+$#', $disp_position)) |
141: message('Position must be a positive integer value.'); | 141: message('Position must be a positive integer value.'); |
142: | 142: |
143: $db->query('UPDATE '.$db->prefix.'forums SET disp_position='.$disp_position.' WHERE id='.$forum_id) or error('Unable to update forum', __FILE__, __LINE__, $db->error()); | 143: $db->query('UPDATE '.$db->prefix.'forums SET disp_position='.$disp_position.' WHERE id='.intval($forum_id)) or error('Unable to update forum', __FILE__, __LINE__, $db->error()); |
144: } | 144: } |
145: | 145: |
146: // Regenerate the quickjump cache | 146: // Regenerate the quickjump cache |
186: $result = $db->query('SELECT g_id, g_read_board, g_post_replies, g_post_topics FROM '.$db->prefix.'groups WHERE g_id!='.PUN_ADMIN) or error('Unable to fetch user group list', __FILE__, __LINE__, $db->error()); | 186: $result = $db->query('SELECT g_id, g_read_board, g_post_replies, g_post_topics FROM '.$db->prefix.'groups WHERE g_id!='.PUN_ADMIN) or error('Unable to fetch user group list', __FILE__, __LINE__, $db->error()); |
187: while ($cur_group = $db->fetch_assoc($result)) | 187: while ($cur_group = $db->fetch_assoc($result)) |
188: { | 188: { |
189: $read_forum_new = ($cur_group['g_read_board'] == '1') ? isset($_POST['read_forum_new'][$cur_group['g_id']]) ? $_POST['read_forum_new'][$cur_group['g_id']] : '0' : $_POST['read_forum_old'][$cur_group['g_id']]; | 189: $read_forum_new = ($cur_group['g_read_board'] == '1') ? isset($_POST['read_forum_new'][$cur_group['g_id']]) ? '1' : '0' : intval($_POST['read_forum_old'][$cur_group['g_id']]); |
190: $post_replies_new = isset($_POST['post_replies_new'][$cur_group['g_id']]) ? $_POST['post_replies_new'][$cur_group['g_id']] : '0'; | 190: $post_replies_new = isset($_POST['post_replies_new'][$cur_group['g_id']]) ? '1' : '0'; |
191: $post_topics_new = isset($_POST['post_topics_new'][$cur_group['g_id']]) ? $_POST['post_topics_new'][$cur_group['g_id']] : '0'; | 191: $post_topics_new = isset($_POST['post_topics_new'][$cur_group['g_id']]) ? '1' : '0'; |
192: | 192: |
193: // Check if the new settings differ from the old | 193: // Check if the new settings differ from the old |
194: if ($read_forum_new != $_POST['read_forum_old'][$cur_group['g_id']] || $post_replies_new != $_POST['post_replies_old'][$cur_group['g_id']] || $post_topics_new != $_POST['post_topics_old'][$cur_group['g_id']]) | 194: if ($read_forum_new != $_POST['read_forum_old'][$cur_group['g_id']] || $post_replies_new != $_POST['post_replies_old'][$cur_group['g_id']] || $post_topics_new != $_POST['post_topics_old'][$cur_group['g_id']]) |
punbb-1.2.11/upload/admin_groups.php | punbb-1.2.15/upload/admin_groups.php |
---|---|
264: confirm_referrer('admin_groups.php'); | 264: confirm_referrer('admin_groups.php'); |
265: | 265: |
266: $group_id = intval($_POST['default_group']); | 266: $group_id = intval($_POST['default_group']); |
267: if ($group_id < 1) | 267: if ($group_id < 4) |
268: message($lang_common['Bad request']); | 268: message($lang_common['Bad request']); |
269: | 269: |
270: $db->query('UPDATE '.$db->prefix.'config SET conf_value='.$group_id.' WHERE conf_name=\'o_default_user_group\'') or error('Unable to update board config', __FILE__, __LINE__, $db->error()); | 270: $db->query('UPDATE '.$db->prefix.'config SET conf_value='.$group_id.' WHERE conf_name=\'o_default_user_group\'') or error('Unable to update board config', __FILE__, __LINE__, $db->error()); |
punbb-1.2.11/upload/admin_loader.php | punbb-1.2.15/upload/admin_loader.php |
---|---|
37: | 37: |
38: // The plugin to load should be supplied via GET | 38: // The plugin to load should be supplied via GET |
39: $plugin = isset($_GET['plugin']) ? $_GET['plugin'] : ''; | 39: $plugin = isset($_GET['plugin']) ? $_GET['plugin'] : ''; |
40: if (!preg_match('/^AM?P_(\w*?)\.php$/i', $plugin)) | 40: if (!@preg_match('/^AM?P_(\w*?)\.php$/i', $plugin)) |
41: message($lang_common['Bad request']); | 41: message($lang_common['Bad request']); |
42: | 42: |
43: // AP_ == Admins only, AMP_ == admins and moderators | 43: // AP_ == Admins only, AMP_ == admins and moderators |
punbb-1.2.11/upload/admin_maintenance.php | punbb-1.2.15/upload/admin_maintenance.php |
---|---|
52: // This is the only potentially "dangerous" thing we can do here, so we check the referer | 52: // This is the only potentially "dangerous" thing we can do here, so we check the referer |
53: confirm_referrer('admin_maintenance.php'); | 53: confirm_referrer('admin_maintenance.php'); |
54: | 54: |
55: $truncate_sql = ($db_type != 'sqlite') ? 'TRUNCATE TABLE ' : 'DELETE FROM '; | 55: $truncate_sql = ($db_type != 'sqlite' && $db_type != 'pgsql') ? 'TRUNCATE TABLE ' : 'DELETE FROM '; |
56: $db->query($truncate_sql.$db->prefix.'search_matches') or error('Unable to empty search index match table', __FILE__, __LINE__, $db->error()); | 56: $db->query($truncate_sql.$db->prefix.'search_matches') or error('Unable to empty search index match table', __FILE__, __LINE__, $db->error()); |
57: $db->query($truncate_sql.$db->prefix.'search_words') or error('Unable to empty search index words table', __FILE__, __LINE__, $db->error()); | 57: $db->query($truncate_sql.$db->prefix.'search_words') or error('Unable to empty search index words table', __FILE__, __LINE__, $db->error()); |
58: | 58: |
65: break; | 65: break; |
66: | 66: |
67: case 'pgsql'; | 67: case 'pgsql'; |
68: $result = $db->query('SELECT setval(\'search_words_id_seq\', 1, false)') or error('Unable to update sequence', __FILE__, __LINE__, $db->error()); | 68: $result = $db->query('SELECT setval(\''.$db->prefix.'search_words_id_seq\', 1, false)') or error('Unable to update sequence', __FILE__, __LINE__, $db->error()); |
69: } | 69: } |
70: } | 70: } |
71: | 71: |
punbb-1.2.11/upload/admin_options.php | punbb-1.2.15/upload/admin_options.php |
---|---|
37: | 37: |
38: if (isset($_POST['form_sent'])) | 38: if (isset($_POST['form_sent'])) |
39: { | 39: { |
40: // Lazy referer check (in case base_url isn't correct) | 40: // Custom referrer check (so we can output a custom error message) |
41: if (!isset($_SERVER['HTTP_REFERER']) || !preg_match('#/admin_options\.php#i', $_SERVER['HTTP_REFERER'])) | 41: if (!preg_match('#^'.preg_quote(str_replace('www.', '', $pun_config['o_base_url']).'/admin_options.php', '#').'#i', str_replace('www.', '', (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '')))) |
42: message($lang_common['Bad referrer']); | 42: message('Bad HTTP_REFERER. If you have moved these forums from one location to another or switched domains, you need to update the Base URL manually in the database (look for o_base_url in the config table) and then clear the cache by deleting all .php files in the /cache directory.'); |
43: | 43: |
44: $form = array_map('trim', $_POST['form']); | 44: $form = array_map('trim', $_POST['form']); |
45: | 45: |
46: if ($form['board_title'] == '') | 46: if ($form['board_title'] == '') |
47: message('You must enter a board title.'); | 47: message('You must enter a board title.'); |
48: | 48: |
49: // Clean default_lang | |
50: $form['default_lang'] = preg_replace('#[\.\\\/]#', '', $form['default_lang']); | |
51: | |
49: require PUN_ROOT.'include/email.php'; | 52: require PUN_ROOT.'include/email.php'; |
50: | 53: |
51: $form['admin_email'] = strtolower($form['admin_email']); | 54: $form['admin_email'] = strtolower($form['admin_email']); |
62: // Make sure base_url doesn't end with a slash | 65: // Make sure base_url doesn't end with a slash |
63: if (substr($form['base_url'], -1) == '/') | 66: if (substr($form['base_url'], -1) == '/') |
64: $form['base_url'] = substr($form['base_url'], 0, -1); | 67: $form['base_url'] = substr($form['base_url'], 0, -1); |
68: | |
69: // Clean avatars_dir | |
70: $form['avatars_dir'] = str_replace("\0", '', $form['avatars_dir']); | |
65: | 71: |
66: // Make sure avatars_dir doesn't end with a slash | 72: // Make sure avatars_dir doesn't end with a slash |
67: if (substr($form['avatars_dir'], -1) == '/') | 73: if (substr($form['avatars_dir'], -1) == '/') |
punbb-1.2.11/upload/admin_prune.php | punbb-1.2.15/upload/admin_prune.php |
---|---|
84: | 84: |
85: | 85: |
86: $prune_days = $_POST['req_prune_days']; | 86: $prune_days = $_POST['req_prune_days']; |
87: if (!preg_match('#^\d+$#', $prune_days)) | 87: if (!@preg_match('#^\d+$#', $prune_days)) |
88: message('Days to prune must be a positive integer.'); | 88: message('Days to prune must be a positive integer.'); |
89: | 89: |
90: $prune_date = time() - ($prune_days*86400); | 90: $prune_date = time() - ($prune_days*86400); |
punbb-1.2.11/upload/admin_ranks.php | punbb-1.2.15/upload/admin_ranks.php |
---|---|
46: if ($rank == '') | 46: if ($rank == '') |
47: message('You must enter a rank title.'); | 47: message('You must enter a rank title.'); |
48: | 48: |
49: if (!preg_match('#^\d+$#', $min_posts)) | 49: if (!@preg_match('#^\d+$#', $min_posts)) |
50: message('Minimum posts must be a positive integer value.'); | 50: message('Minimum posts must be a positive integer value.'); |
51: | 51: |
52: // Make sure there isn't already a rank with the same min_posts value | 52: // Make sure there isn't already a rank with the same min_posts value |
77: if ($rank == '') | 77: if ($rank == '') |
78: message('You must enter a rank title.'); | 78: message('You must enter a rank title.'); |
79: | 79: |
80: if (!preg_match('#^\d+$#', $min_posts)) | 80: if (!@preg_match('#^\d+$#', $min_posts)) |
81: message('Minimum posts must be a positive integer value.'); | 81: message('Minimum posts must be a positive integer value.'); |
82: | 82: |
83: // Make sure there isn't already a rank with the same min_posts value | 83: // Make sure there isn't already a rank with the same min_posts value |
84: $result = $db->query('SELECT 1 FROM '.$db->prefix.'ranks WHERE id!='.$id.' && min_posts='.$min_posts) or error('Unable to fetch rank info', __FILE__, __LINE__, $db->error()); | 84: $result = $db->query('SELECT 1 FROM '.$db->prefix.'ranks WHERE id!='.$id.' AND min_posts='.$min_posts) or error('Unable to fetch rank info', __FILE__, __LINE__, $db->error()); |
85: if ($db->num_rows($result)) | 85: if ($db->num_rows($result)) |
86: message('There is already a rank with a minimun posts value of '.$min_posts.'.'); | 86: message('There is already a rank with a minimun posts value of '.$min_posts.'.'); |
87: | 87: |
punbb-1.2.11/upload/admin_users.php | punbb-1.2.15/upload/admin_users.php |
---|---|
111: { | 111: { |
112: $ip = $_GET['show_users']; | 112: $ip = $_GET['show_users']; |
113: | 113: |
114: if (!preg_match('/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/', $ip)) | 114: if (!@preg_match('/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/', $ip)) |
115: message('The supplied IP address is not correctly formatted.'); | 115: message('The supplied IP address is not correctly formatted.'); |
116: | 116: |
117: | 117: |
257: $like_command = ($db_type == 'pgsql') ? 'ILIKE' : 'LIKE'; | 257: $like_command = ($db_type == 'pgsql') ? 'ILIKE' : 'LIKE'; |
258: while (list($key, $input) = @each($form)) | 258: while (list($key, $input) = @each($form)) |
259: { | 259: { |
260: if ($input != '') | 260: if ($input != '' && in_array($key, array('username', 'email', 'title', 'realname', 'url', 'jabber', 'icq', 'msn', 'aim', 'yahoo', 'location', 'signature', 'admin_note'))) |
261: $conditions[] = 'u.'.$db->escape($key).' '.$like_command.' \''.$db->escape(str_replace('*', '%', $input)).'\''; | 261: $conditions[] = 'u.'.$db->escape($key).' '.$like_command.' \''.$db->escape(str_replace('*', '%', $input)).'\''; |
262: } | 262: } |
263: | 263: |
267: $conditions[] = 'u.num_posts<'.$posts_less; | 267: $conditions[] = 'u.num_posts<'.$posts_less; |
268: | 268: |
269: if ($user_group != 'all') | 269: if ($user_group != 'all') |
270: $conditions[] = 'u.group_id='.$db->escape($user_group); | 270: $conditions[] = 'u.group_id='.intval($user_group); |
271: | 271: |
272: if (empty($conditions)) | 272: if (empty($conditions)) |
273: message('You didn\'t enter any search terms.'); | 273: message('You didn\'t enter any search terms.'); |
punbb-1.2.11/upload/extern.php | punbb-1.2.15/upload/extern.php |
---|---|
149: if (!isset($lang_common)) | 149: if (!isset($lang_common)) |
150: exit('There is no valid language pack \''.$pun_config['o_default_lang'].'\' installed. Please reinstall a language of that name.'); | 150: exit('There is no valid language pack \''.$pun_config['o_default_lang'].'\' installed. Please reinstall a language of that name.'); |
151: | 151: |
152: // Check if we are to display a maintenance message | |
153: if ($pun_config['o_maintenance'] && !defined('PUN_TURN_OFF_MAINT')) | |
154: maintenance_message(); | |
155: | |
152: if (!isset($_GET['action'])) | 156: if (!isset($_GET['action'])) |
153: exit('No parameters supplied. See extern.php for instructions.'); | 157: exit('No parameters supplied. See extern.php for instructions.'); |
154: | 158: |
punbb-1.2.11/upload/footer.php | punbb-1.2.15/upload/footer.php |
---|---|
139: // END SUBST - <pun_footer> | 139: // END SUBST - <pun_footer> |
140: | 140: |
141: | 141: |
142: // START SUBST - <pun_include "*"> | |
143: while (preg_match('#<pun_include "([^/\\\\]*?)">#', $tpl_main, $cur_include)) | |
144: { | |
145: if (!file_exists(PUN_ROOT.'include/user/'.$cur_include[1])) | |
146: error('Unable to process user include <pun_include "'.htmlspecialchars($cur_include[1]).'"> from template main.tpl. There is no such file in folder /include/user/'); | |
147: | |
148: ob_start(); | |
149: include PUN_ROOT.'include/user/'.$cur_include[1]; | |
150: $tpl_temp = ob_get_contents(); | |
151: $tpl_main = str_replace($cur_include[0], $tpl_temp, $tpl_main); | |
152: ob_end_clean(); | |
153: } | |
154: // END SUBST - <pun_include "*"> | |
155: | |
156: | |
157: // Close the db connection (and free up any result data) | 142: // Close the db connection (and free up any result data) |
158: $db->close(); | 143: $db->close(); |
159: | 144: |
punbb-1.2.11/upload/header.php | punbb-1.2.15/upload/header.php |
---|---|
43: $tpl_main = file_get_contents(PUN_ROOT.'include/template/main.tpl'); | 43: $tpl_main = file_get_contents(PUN_ROOT.'include/template/main.tpl'); |
44: | 44: |
45: | 45: |
46: // START SUBST - <pun_include "*"> | |
47: while (preg_match('#<pun_include "([^/\\\\]*?)\.(php[45]?|inc|html?|txt)">#', $tpl_main, $cur_include)) | |
48: { | |
49: if (!file_exists(PUN_ROOT.'include/user/'.$cur_include[1].'.'.$cur_include[2])) | |
50: error('Unable to process user include '.htmlspecialchars($cur_include[0]).' from template main.tpl. There is no such file in folder /include/user/'); | |
51: | |
52: ob_start(); | |
53: include PUN_ROOT.'include/user/'.$cur_include[1].'.'.$cur_include[2]; | |
54: $tpl_temp = ob_get_contents(); | |
55: $tpl_main = str_replace($cur_include[0], $tpl_temp, $tpl_main); | |
56: ob_end_clean(); | |
57: } | |
58: // END SUBST - <pun_include "*"> | |
59: | |
60: | |
46: // START SUBST - <pun_content_direction> | 61: // START SUBST - <pun_content_direction> |
47: $tpl_main = str_replace('<pun_content_direction>', $lang_common['lang_direction'], $tpl_main); | 62: $tpl_main = str_replace('<pun_content_direction>', $lang_common['lang_direction'], $tpl_main); |
48: // END SUBST - <pun_content_direction> | 63: // END SUBST - <pun_content_direction> |
punbb-1.2.11/upload/include/common.php | punbb-1.2.15/upload/include/common.php |
---|---|
37: require PUN_ROOT.'include/functions.php'; | 37: require PUN_ROOT.'include/functions.php'; |
38: | 38: |
39: // Reverse the effect of register_globals | 39: // Reverse the effect of register_globals |
40: if (@ini_get('register_globals')) | 40: unregister_globals(); |
41: unregister_globals(); | |
42: | 41: |
43: | 42: |
44: @include PUN_ROOT.'config.php'; | 43: @include PUN_ROOT.'config.php'; |
punbb-1.2.11/upload/include/dblayer/mysql.php | punbb-1.2.15/upload/include/dblayer/mysql.php |
---|---|
156: | 156: |
157: function escape($str) | 157: function escape($str) |
158: { | 158: { |
159: if (function_exists('mysql_real_escape_string')) | 159: if (is_array($str)) |
160: return ''; | |
161: else if (function_exists('mysql_real_escape_string')) | |
160: return mysql_real_escape_string($str, $this->link_id); | 162: return mysql_real_escape_string($str, $this->link_id); |
161: else | 163: else |
162: return mysql_escape_string($str); | 164: return mysql_escape_string($str); |
punbb-1.2.11/upload/include/dblayer/mysqli.php | punbb-1.2.15/upload/include/dblayer/mysqli.php |
---|---|
159: | 159: |
160: function escape($str) | 160: function escape($str) |
161: { | 161: { |
162: return mysqli_real_escape_string($this->link_id, $str); | 162: return is_array($str) ? '' : mysqli_real_escape_string($this->link_id, $str); |
163: } | 163: } |
164: | 164: |
165: | 165: |
punbb-1.2.11/upload/include/dblayer/pgsql.php | punbb-1.2.15/upload/include/dblayer/pgsql.php |
---|---|
217: | 217: |
218: function escape($str) | 218: function escape($str) |
219: { | 219: { |
220: return pg_escape_string($str); | 220: return is_array($str) ? '' : pg_escape_string($str); |
221: } | 221: } |
222: | 222: |
223: | 223: |
punbb-1.2.11/upload/include/dblayer/sqlite.php | punbb-1.2.15/upload/include/dblayer/sqlite.php |
---|---|
219: | 219: |
220: function escape($str) | 220: function escape($str) |
221: { | 221: { |
222: return sqlite_escape_string($str); | 222: return is_array($str) ? '' : sqlite_escape_string($str); |
223: } | 223: } |
224: | 224: |
225: | 225: |
punbb-1.2.11/upload/include/email.php | punbb-1.2.15/upload/include/email.php |
---|---|
77: | 77: |
78: $headers = 'From: '.$from."\r\n".'Date: '.date('r')."\r\n".'MIME-Version: 1.0'."\r\n".'Content-transfer-encoding: 8bit'."\r\n".'Content-type: text/plain; charset='.$lang_common['lang_encoding']."\r\n".'X-Mailer: PunBB Mailer'; | 78: $headers = 'From: '.$from."\r\n".'Date: '.date('r')."\r\n".'MIME-Version: 1.0'."\r\n".'Content-transfer-encoding: 8bit'."\r\n".'Content-type: text/plain; charset='.$lang_common['lang_encoding']."\r\n".'X-Mailer: PunBB Mailer'; |
79: | 79: |
80: // Make sure all linebreaks are CRLF in message | 80: // Make sure all linebreaks are CRLF in message (and strip out any NULL bytes) |
81: $message = str_replace("\n", "\r\n", pun_linebreaks($message)); | 81: $message = str_replace(array("\n", "\0"), array("\r\n", ''), pun_linebreaks($message)); |
82: | 82: |
83: if ($pun_config['o_smtp_host'] != '') | 83: if ($pun_config['o_smtp_host'] != '') |
84: smtp_mail($to, $subject, $message, $headers); | 84: smtp_mail($to, $subject, $message, $headers); |
punbb-1.2.11/upload/include/functions.php | punbb-1.2.15/upload/include/functions.php |
---|---|
27: // | 27: // |
28: function check_cookie(&$pun_user) | 28: function check_cookie(&$pun_user) |
29: { | 29: { |
30: global $db, $pun_config, $cookie_name, $cookie_seed; | 30: global $db, $db_type, $pun_config, $cookie_name, $cookie_seed; |
31: | 31: |
32: $now = time(); | 32: $now = time(); |
33: $expire = $now + 31536000; // The cookie expires after a year | 33: $expire = $now + 31536000; // The cookie expires after a year |
75: { | 75: { |
76: // Update the online list | 76: // Update the online list |
77: if (!$pun_user['logged']) | 77: if (!$pun_user['logged']) |
78: $db->query('INSERT INTO '.$db->prefix.'online (user_id, ident, logged) VALUES('.$pun_user['id'].', \''.$db->escape($pun_user['username']).'\', '.$now.')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error()); | 78: { |
79: $pun_user['logged'] = $now; | |
80: | |
81: // With MySQL/MySQLi, REPLACE INTO avoids a user having two rows in the online table | |
82: switch ($db_type) | |
83: { | |
84: case 'mysql': | |
85: case 'mysqli': | |
86: $db->query('REPLACE INTO '.$db->prefix.'online (user_id, ident, logged) VALUES('.$pun_user['id'].', \''.$db->escape($pun_user['username']).'\', '.$pun_user['logged'].')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error()); | |
87: break; | |
88: | |
89: default: | |
90: $db->query('INSERT INTO '.$db->prefix.'online (user_id, ident, logged) VALUES('.$pun_user['id'].', \''.$db->escape($pun_user['username']).'\', '.$pun_user['logged'].')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error()); | |
91: break; | |
92: } | |
93: } | |
79: else | 94: else |
80: { | 95: { |
81: // Special case: We've timed out, but no other user has browsed the forums since we timed out | 96: // Special case: We've timed out, but no other user has browsed the forums since we timed out |
102: // | 117: // |
103: function set_default_user() | 118: function set_default_user() |
104: { | 119: { |
105: global $db, $pun_user, $pun_config; | 120: global $db, $db_type, $pun_user, $pun_config; |
106: | 121: |
107: $remote_addr = get_remote_address(); | 122: $remote_addr = get_remote_address(); |
108: | 123: |
115: | 130: |
116: // Update online list | 131: // Update online list |
117: if (!$pun_user['logged']) | 132: if (!$pun_user['logged']) |
118: $db->query('INSERT INTO '.$db->prefix.'online (user_id, ident, logged) VALUES(1, \''.$db->escape($remote_addr).'\', '.time().')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error()); | 133: { |
134: $pun_user['logged'] = time(); | |
135: | |
136: // With MySQL/MySQLi, REPLACE INTO avoids a user having two rows in the online table | |
137: switch ($db_type) | |
138: { | |
139: case 'mysql': | |
140: case 'mysqli': | |
141: $db->query('REPLACE INTO '.$db->prefix.'online (user_id, ident, logged) VALUES(1, \''.$db->escape($remote_addr).'\', '.$pun_user['logged'].')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error()); | |
142: break; | |
143: | |
144: default: | |
145: $db->query('INSERT INTO '.$db->prefix.'online (user_id, ident, logged) VALUES(1, \''.$db->escape($remote_addr).'\', '.$pun_user['logged'].')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error()); | |
146: break; | |
147: } | |
148: } | |
119: else | 149: else |
120: $db->query('UPDATE '.$db->prefix.'online SET logged='.time().' WHERE ident=\''.$db->escape($remote_addr).'\'') or error('Unable to update online list', __FILE__, __LINE__, $db->error()); | 150: $db->query('UPDATE '.$db->prefix.'online SET logged='.time().' WHERE ident=\''.$db->escape($remote_addr).'\'') or error('Unable to update online list', __FILE__, __LINE__, $db->error()); |
121: | 151: |
138: // Enable sending of a P3P header by removing // from the following line (try this if login is failing in IE6) | 168: // Enable sending of a P3P header by removing // from the following line (try this if login is failing in IE6) |
139: // @header('P3P: CP="CUR ADM"'); | 169: // @header('P3P: CP="CUR ADM"'); |
140: | 170: |
141: setcookie($cookie_name, serialize(array($user_id, md5($cookie_seed.$password_hash))), $expire, $cookie_path, $cookie_domain, $cookie_secure); | 171: if (version_compare(PHP_VERSION, '5.2.0', '>=')) |
172: setcookie($cookie_name, serialize(array($user_id, md5($cookie_seed.$password_hash))), $expire, $cookie_path, $cookie_domain, $cookie_secure, true); | |
173: else | |
174: setcookie($cookie_name, serialize(array($user_id, md5($cookie_seed.$password_hash))), $expire, $cookie_path.'; HttpOnly', $cookie_domain, $cookie_secure); | |
142: } | 175: } |
143: | 176: |
144: | 177: |
749: $tpl_maint = trim(file_get_contents(PUN_ROOT.'include/template/maintenance.tpl')); | 782: $tpl_maint = trim(file_get_contents(PUN_ROOT.'include/template/maintenance.tpl')); |
750: | 783: |
751: | 784: |
785: // START SUBST - <pun_include "*"> | |
786: while (preg_match('#<pun_include "([^/\\\\]*?)\.(php[45]?|inc|html?|txt)">#', $tpl_maint, $cur_include)) | |
787: { | |
788: if (!file_exists(PUN_ROOT.'include/user/'.$cur_include[1].'.'.$cur_include[2])) | |
789: error('Unable to process user include '.htmlspecialchars($cur_include[0]).' from template maintenance.tpl. There is no such file in folder /include/user/'); | |
790: | |
791: ob_start(); | |
792: include PUN_ROOT.'include/user/'.$cur_include[1].'.'.$cur_include[2]; | |
793: $tpl_temp = ob_get_contents(); | |
794: $tpl_maint = str_replace($cur_include[0], $tpl_temp, $tpl_maint); | |
795: ob_end_clean(); | |
796: } | |
797: // END SUBST - <pun_include "*"> | |
798: | |
799: | |
752: // START SUBST - <pun_content_direction> | 800: // START SUBST - <pun_content_direction> |
753: $tpl_maint = str_replace('<pun_content_direction>', $lang_common['lang_direction'], $tpl_maint); | 801: $tpl_maint = str_replace('<pun_content_direction>', $lang_common['lang_direction'], $tpl_maint); |
754: // END SUBST - <pun_content_direction> | 802: // END SUBST - <pun_content_direction> |
787: $db->end_transaction(); | 835: $db->end_transaction(); |
788: | 836: |
789: | 837: |
790: // START SUBST - <pun_include "*"> | |
791: while (preg_match('#<pun_include "([^/\\\\]*?)">#', $tpl_maint, $cur_include)) | |
792: { | |
793: if (!file_exists(PUN_ROOT.'include/user/'.$cur_include[1])) | |
794: error('Unable to process user include <pun_include "'.htmlspecialchars($cur_include[1]).'"> from template maintenance.tpl. There is no such file in folder /include/user/'); | |
795: | |
796: ob_start(); | |
797: include PUN_ROOT.'include/user/'.$cur_include[1]; | |
798: $tpl_temp = ob_get_contents(); | |
799: $tpl_maint = str_replace($cur_include[0], $tpl_temp, $tpl_maint); | |
800: ob_end_clean(); | |
801: } | |
802: // END SUBST - <pun_include "*"> | |
803: | |
804: | |
805: // Close the db connection (and free up any result data) | 838: // Close the db connection (and free up any result data) |
806: $db->close(); | 839: $db->close(); |
807: | 840: |
828: $tpl_redir = trim(file_get_contents(PUN_ROOT.'include/template/redirect.tpl')); | 861: $tpl_redir = trim(file_get_contents(PUN_ROOT.'include/template/redirect.tpl')); |
829: | 862: |
830: | 863: |
864: // START SUBST - <pun_include "*"> | |
865: while (preg_match('#<pun_include "([^/\\\\]*?)\.(php[45]?|inc|html?|txt)">#', $tpl_redir, $cur_include)) | |
866: { | |
867: if (!file_exists(PUN_ROOT.'include/user/'.$cur_include[1].'.'.$cur_include[2])) | |
868: error('Unable to process user include '.htmlspecialchars($cur_include[0]).' from template redirect.tpl. There is no such file in folder /include/user/'); | |
869: | |
870: ob_start(); | |
871: include PUN_ROOT.'include/user/'.$cur_include[1].'.'.$cur_include[2]; | |
872: $tpl_temp = ob_get_contents(); | |
873: $tpl_redir = str_replace($cur_include[0], $tpl_temp, $tpl_redir); | |
874: ob_end_clean(); | |
875: } | |
876: // END SUBST - <pun_include "*"> | |
877: | |
878: | |
831: // START SUBST - <pun_content_direction> | 879: // START SUBST - <pun_content_direction> |
832: $tpl_redir = str_replace('<pun_content_direction>', $lang_common['lang_direction'], $tpl_redir); | 880: $tpl_redir = str_replace('<pun_content_direction>', $lang_common['lang_direction'], $tpl_redir); |
833: // END SUBST - <pun_content_direction> | 881: // END SUBST - <pun_content_direction> |
880: // END SUBST - <pun_footer> | 928: // END SUBST - <pun_footer> |
881: | 929: |
882: | 930: |
883: // START SUBST - <pun_include "*"> | |
884: while (preg_match('#<pun_include "([^/\\\\]*?)">#', $tpl_redir, $cur_include)) | |
885: { | |
886: if (!file_exists(PUN_ROOT.'include/user/'.$cur_include[1])) | |
887: error('Unable to process user include <pun_include "'.htmlspecialchars($cur_include[1]).'"> from template redirect.tpl. There is no such file in folder /include/user/'); | |
888: | |
889: ob_start(); | |
890: include PUN_ROOT.'include/user/'.$cur_include[1]; | |
891: $tpl_temp = ob_get_contents(); | |
892: $tpl_redir = str_replace($cur_include[0], $tpl_temp, $tpl_redir); | |
893: ob_end_clean(); | |
894: } | |
895: // END SUBST - <pun_include "*"> | |
896: | |
897: | |
898: // Close the db connection (and free up any result data) | 931: // Close the db connection (and free up any result data) |
899: $db->close(); | 932: $db->close(); |
900: | 933: |
922: | 955: |
923: ?> | 956: ?> |
924: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> | 957: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> |
925: <html dir="ltr"> | 958: <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr"> |
926: <head> | 959: <head> |
927: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> | 960: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> |
928: <title><?php echo pun_htmlspecialchars($pun_config['o_board_title']) ?> / Error</title> | 961: <title><?php echo pun_htmlspecialchars($pun_config['o_board_title']) ?> / Error</title> |
1031: // | 1064: // |
1032: // Unset any variables instantiated as a result of register_globals being enabled | 1065: // Unset any variables instantiated as a result of register_globals being enabled |
1033: // | 1066: // |
1034: function unregister_globals() | 1067: function unregister_globals() |
1035: { | 1068: { |
1036: // Prevent script.php?GLOBALS[foo]=bar | 1069: $register_globals = @ini_get('register_globals'); |
1037: if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) | 1070: if ($register_globals === "" || $register_globals === "0" || strtolower($register_globals === "off")) |
1038: exit('I\'ll have a steak sandwich and... a steak sandwich.'); | 1071: return; |
1039: | 1072: |
1040: // Variables that shouldn't be unset | 1073: // Prevent script.php?GLOBALS[foo]=bar |
1041: $no_unset = array('GLOBALS', '_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES'); | 1074: if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) |
1075: exit('I\'ll have a steak sandwich and... a steak sandwich.'); | |
1076: | |
1077: // Variables that shouldn't be unset | |
1078: $no_unset = array('GLOBALS', '_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES'); | |
1042: | 1079: |
1043: // Remove elements in $GLOBALS that are present in any of the superglobals | 1080: // Remove elements in $GLOBALS that are present in any of the superglobals |
1044: $input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array()); | 1081: $input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array()); |
1045: foreach ($input as $k => $v) | 1082: foreach ($input as $k => $v) |
1046: { | 1083: { |
1047: if (!in_array($k, $no_unset) && isset($GLOBALS[$k])) | 1084: if (!in_array($k, $no_unset) && isset($GLOBALS[$k])) |
1048: unset($GLOBALS[$k]); | 1085: { |
1049: } | 1086: unset($GLOBALS[$k]); |
1087: unset($GLOBALS[$k]); // Double unset to circumvent the zend_hash_del_key_or_index hole in PHP <4.4.3 and <5.1.4 | |
1088: } | |
1089: } | |
1050: } | 1090: } |
1051: | 1091: |
1052: | 1092: |
punbb-1.2.11/upload/include/parser.php | punbb-1.2.15/upload/include/parser.php |
---|---|
264: { | 264: { |
265: global $pun_user; | 265: global $pun_user; |
266: | 266: |
267: $full_url = str_replace(array(' ', '\'', '`'), array('%20', '', ''), $url); | 267: $full_url = str_replace(array(' ', '\'', '`', '"'), array('%20', '', '', ''), $url); |
268: if (strpos($url, 'www.') === 0) // If it starts with www, we add http:// | 268: if (strpos($url, 'www.') === 0) // If it starts with www, we add http:// |
269: $full_url = 'http://'.$full_url; | 269: $full_url = 'http://'.$full_url; |
270: else if (strpos($url, 'ftp.') === 0) // Else if it starts with ftp, we add ftp:// | 270: else if (strpos($url, 'ftp.') === 0) // Else if it starts with ftp, we add ftp:// |
punbb-1.2.11/upload/include/template/admin.tpl | punbb-1.2.15/upload/include/template/admin.tpl |
---|---|
1: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> | 1: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> |
2: | 2: |
3: <html dir="<pun_content_direction>"> | 3: <html xmlns="http://www.w3.org/1999/xhtml" dir="<pun_content_direction>"> |
4: <head> | 4: <head> |
5: <meta http-equiv="Content-Type" content="text/html; charset=<pun_char_encoding>" /> | 5: <meta http-equiv="Content-Type" content="text/html; charset=<pun_char_encoding>" /> |
6: <pun_head> | 6: <pun_head> |
punbb-1.2.11/upload/include/template/help.tpl | punbb-1.2.15/upload/include/template/help.tpl |
---|---|
1: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> | 1: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> |
2: | 2: |
3: <html dir="<pun_content_direction>"> | 3: <html xmlns="http://www.w3.org/1999/xhtml" dir="<pun_content_direction>"> |
4: <head> | 4: <head> |
5: <meta http-equiv="Content-Type" content="text/html; charset=<pun_char_encoding>" /> | 5: <meta http-equiv="Content-Type" content="text/html; charset=<pun_char_encoding>" /> |
6: <pun_head> | 6: <pun_head> |
punbb-1.2.11/upload/include/template/main.tpl | punbb-1.2.15/upload/include/template/main.tpl |
---|---|
1: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> | 1: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> |
2: | 2: |
3: <html dir="<pun_content_direction>"> | 3: <html xmlns="http://www.w3.org/1999/xhtml" dir="<pun_content_direction>"> |
4: <head> | 4: <head> |
5: <meta http-equiv="Content-Type" content="text/html; charset=<pun_char_encoding>" /> | 5: <meta http-equiv="Content-Type" content="text/html; charset=<pun_char_encoding>" /> |
6: <pun_head> | 6: <pun_head> |
punbb-1.2.11/upload/include/template/maintenance.tpl | punbb-1.2.15/upload/include/template/maintenance.tpl |
---|---|
1: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> | 1: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> |
2: | 2: |
3: <html dir="<pun_content_direction>"> | 3: <html xmlns="http://www.w3.org/1999/xhtml" dir="<pun_content_direction>"> |
4: <head> | 4: <head> |
5: <meta http-equiv="Content-Type" content="text/html; charset=<pun_char_encoding>" /> | 5: <meta http-equiv="Content-Type" content="text/html; charset=<pun_char_encoding>" /> |
6: <pun_head> | 6: <pun_head> |
punbb-1.2.11/upload/include/template/redirect.tpl | punbb-1.2.15/upload/include/template/redirect.tpl |
---|---|
1: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> | 1: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> |
2: | 2: |
3: <html dir="<pun_content_direction>"> | 3: <html xmlns="http://www.w3.org/1999/xhtml" dir="<pun_content_direction>"> |
4: <head> | 4: <head> |
5: <meta http-equiv="Content-Type" content="text/html; charset=<pun_char_encoding>" /> | 5: <meta http-equiv="Content-Type" content="text/html; charset=<pun_char_encoding>" /> |
6: <pun_head> | 6: <pun_head> |
punbb-1.2.11/upload/install.php | punbb-1.2.15/upload/install.php |
---|---|
24: | 24: |
25: | 25: |
26: // The PunBB version this script installs | 26: // The PunBB version this script installs |
27: $punbb_version = '1.2.11'; | 27: $punbb_version = '1.2.15'; |
28: | 28: |
29: | 29: |
30: define('PUN_ROOT', './'); | 30: define('PUN_ROOT', './'); |
757: poster_id INT(10) UNSIGNED NOT NULL DEFAULT 1, | 757: poster_id INT(10) UNSIGNED NOT NULL DEFAULT 1, |
758: poster_ip VARCHAR(15), | 758: poster_ip VARCHAR(15), |
759: poster_email VARCHAR(50), | 759: poster_email VARCHAR(50), |
760: message TEXT NOT NULL DEFAULT '', | 760: message TEXT, |
761: hide_smilies TINYINT(1) NOT NULL DEFAULT 0, | 761: hide_smilies TINYINT(1) NOT NULL DEFAULT 0, |
762: posted INT(10) UNSIGNED NOT NULL DEFAULT 0, | 762: posted INT(10) UNSIGNED NOT NULL DEFAULT 0, |
763: edited INT(10) UNSIGNED, | 763: edited INT(10) UNSIGNED, |
774: poster_id INT NOT NULL DEFAULT 1, | 774: poster_id INT NOT NULL DEFAULT 1, |
775: poster_ip VARCHAR(15), | 775: poster_ip VARCHAR(15), |
776: poster_email VARCHAR(50), | 776: poster_email VARCHAR(50), |
777: message TEXT NOT NULL DEFAULT '', | 777: message TEXT, |
778: hide_smilies SMALLINT NOT NULL DEFAULT 0, | 778: hide_smilies SMALLINT NOT NULL DEFAULT 0, |
779: posted INT NOT NULL DEFAULT 0, | 779: posted INT NOT NULL DEFAULT 0, |
780: edited INT, | 780: edited INT, |
791: poster_id INTEGER NOT NULL DEFAULT 1, | 791: poster_id INTEGER NOT NULL DEFAULT 1, |
792: poster_ip VARCHAR(15), | 792: poster_ip VARCHAR(15), |
793: poster_email VARCHAR(50), | 793: poster_email VARCHAR(50), |
794: message TEXT NOT NULL DEFAULT '', | 794: message TEXT, |
795: hide_smilies INTEGER NOT NULL DEFAULT 0, | 795: hide_smilies INTEGER NOT NULL DEFAULT 0, |
796: posted INTEGER NOT NULL DEFAULT 0, | 796: posted INTEGER NOT NULL DEFAULT 0, |
797: edited INTEGER, | 797: edited INTEGER, |
852: forum_id INT(10) UNSIGNED NOT NULL DEFAULT 0, | 852: forum_id INT(10) UNSIGNED NOT NULL DEFAULT 0, |
853: reported_by INT(10) UNSIGNED NOT NULL DEFAULT 0, | 853: reported_by INT(10) UNSIGNED NOT NULL DEFAULT 0, |
854: created INT(10) UNSIGNED NOT NULL DEFAULT 0, | 854: created INT(10) UNSIGNED NOT NULL DEFAULT 0, |
855: message TEXT NOT NULL DEFAULT '', | 855: message TEXT, |
856: zapped INT(10) UNSIGNED, | 856: zapped INT(10) UNSIGNED, |
857: zapped_by INT(10) UNSIGNED, | 857: zapped_by INT(10) UNSIGNED, |
858: PRIMARY KEY (id) | 858: PRIMARY KEY (id) |
867: forum_id INT NOT NULL DEFAULT 0, | 867: forum_id INT NOT NULL DEFAULT 0, |
868: reported_by INT NOT NULL DEFAULT 0, | 868: reported_by INT NOT NULL DEFAULT 0, |
869: created INT NOT NULL DEFAULT 0, | 869: created INT NOT NULL DEFAULT 0, |
870: message TEXT NOT NULL DEFAULT '', | 870: message TEXT, |
871: zapped INT, | 871: zapped INT, |
872: zapped_by INT, | 872: zapped_by INT, |
873: PRIMARY KEY (id) | 873: PRIMARY KEY (id) |
882: forum_id INTEGER NOT NULL DEFAULT 0, | 882: forum_id INTEGER NOT NULL DEFAULT 0, |
883: reported_by INTEGER NOT NULL DEFAULT 0, | 883: reported_by INTEGER NOT NULL DEFAULT 0, |
884: created INTEGER NOT NULL DEFAULT 0, | 884: created INTEGER NOT NULL DEFAULT 0, |
885: message TEXT NOT NULL DEFAULT '', | 885: message TEXT, |
886: zapped INTEGER, | 886: zapped INTEGER, |
887: zapped_by INTEGER, | 887: zapped_by INTEGER, |
888: PRIMARY KEY (id) | 888: PRIMARY KEY (id) |
901: $sql = 'CREATE TABLE '.$db_prefix."search_cache ( | 901: $sql = 'CREATE TABLE '.$db_prefix."search_cache ( |
902: id INT(10) UNSIGNED NOT NULL DEFAULT 0, | 902: id INT(10) UNSIGNED NOT NULL DEFAULT 0, |
903: ident VARCHAR(200) NOT NULL DEFAULT '', | 903: ident VARCHAR(200) NOT NULL DEFAULT '', |
904: search_data TEXT NOT NULL DEFAULT '', | 904: search_data TEXT, |
905: PRIMARY KEY (id) | 905: PRIMARY KEY (id) |
906: ) TYPE=MyISAM;"; | 906: ) TYPE=MyISAM;"; |
907: break; | 907: break; |
910: $sql = 'CREATE TABLE '.$db_prefix."search_cache ( | 910: $sql = 'CREATE TABLE '.$db_prefix."search_cache ( |
911: id INT NOT NULL DEFAULT 0, | 911: id INT NOT NULL DEFAULT 0, |
912: ident VARCHAR(200) NOT NULL DEFAULT '', | 912: ident VARCHAR(200) NOT NULL DEFAULT '', |
913: search_data TEXT NOT NULL DEFAULT '', | 913: search_data TEXT, |
914: PRIMARY KEY (id) | 914: PRIMARY KEY (id) |
915: )"; | 915: )"; |
916: break; | 916: break; |
919: $sql = 'CREATE TABLE '.$db_prefix."search_cache ( | 919: $sql = 'CREATE TABLE '.$db_prefix."search_cache ( |
920: id INTEGER NOT NULL DEFAULT 0, | 920: id INTEGER NOT NULL DEFAULT 0, |
921: ident VARCHAR(200) NOT NULL DEFAULT '', | 921: ident VARCHAR(200) NOT NULL DEFAULT '', |
922: search_data TEXT NOT NULL DEFAULT '', | 922: search_data TEXT, |
923: PRIMARY KEY (id) | 923: PRIMARY KEY (id) |
924: )"; | 924: )"; |
925: break; | 925: break; |
1234: case 'mysql': | 1234: case 'mysql': |
1235: case 'mysqli': | 1235: case 'mysqli': |
1236: // We use MySQL's ALTER TABLE ... ADD INDEX syntax instead of CREATE INDEX to avoid problems with users lacking the INDEX privilege | 1236: // We use MySQL's ALTER TABLE ... ADD INDEX syntax instead of CREATE INDEX to avoid problems with users lacking the INDEX privilege |
1237: $queries[] = 'ALTER TABLE '.$db_prefix.'online ADD UNIQUE INDEX '.$db_prefix.'online_user_id_ident_idx(user_id,ident)'; | |
1237: $queries[] = 'ALTER TABLE '.$db_prefix.'online ADD INDEX '.$db_prefix.'online_user_id_idx(user_id)'; | 1238: $queries[] = 'ALTER TABLE '.$db_prefix.'online ADD INDEX '.$db_prefix.'online_user_id_idx(user_id)'; |
1238: $queries[] = 'ALTER TABLE '.$db_prefix.'posts ADD INDEX '.$db_prefix.'posts_topic_id_idx(topic_id)'; | 1239: $queries[] = 'ALTER TABLE '.$db_prefix.'posts ADD INDEX '.$db_prefix.'posts_topic_id_idx(topic_id)'; |
1239: $queries[] = 'ALTER TABLE '.$db_prefix.'posts ADD INDEX '.$db_prefix.'posts_multi_idx(poster_id, topic_id)'; | 1240: $queries[] = 'ALTER TABLE '.$db_prefix.'posts ADD INDEX '.$db_prefix.'posts_multi_idx(poster_id, topic_id)'; |
punbb-1.2.11/upload/login.php | punbb-1.2.15/upload/login.php |
---|---|
78: $expire = ($save_pass == '1') ? time() + 31536000 : 0; | 78: $expire = ($save_pass == '1') ? time() + 31536000 : 0; |
79: pun_setcookie($user_id, $form_password_hash, $expire); | 79: pun_setcookie($user_id, $form_password_hash, $expire); |
80: | 80: |
81: redirect($_POST['redirect_url'], $lang_login['Login redirect']); | 81: redirect(htmlspecialchars($_POST['redirect_url']), $lang_login['Login redirect']); |
82: } | 82: } |
83: | 83: |
84: | 84: |
punbb-1.2.11/upload/misc.php | punbb-1.2.15/upload/misc.php |
---|---|
120: | 120: |
121: pun_mail($recipient_email, $mail_subject, $mail_message, '"'.str_replace('"', '', $pun_user['username']).'" <'.$pun_user['email'].'>'); | 121: pun_mail($recipient_email, $mail_subject, $mail_message, '"'.str_replace('"', '', $pun_user['username']).'" <'.$pun_user['email'].'>'); |
122: | 122: |
123: redirect($_POST['redirect_url'], $lang_misc['E-mail sent redirect']); | 123: redirect(htmlspecialchars($_POST['redirect_url']), $lang_misc['E-mail sent redirect']); |
124: } | 124: } |
125: | 125: |
126: | 126: |
127: // Try to determine if the data in HTTP_REFERER is valid (if not, we redirect to the users profile after the e-mail is sent) | 127: // Try to determine if the data in HTTP_REFERER is valid (if not, we redirect to the users profile after the e-mail is sent) |
128: $redirect_url = (isset($_SERVER['HTTP_REFERER']) && preg_match('#^'.preg_quote($pun_config['o_base_url']).'/(.*?)\.php#i', $_SERVER['HTTP_REFERER'])) ? $_SERVER['HTTP_REFERER'] : 'index.php'; | 128: $redirect_url = (isset($_SERVER['HTTP_REFERER']) && preg_match('#^'.preg_quote($pun_config['o_base_url']).'/(.*?)\.php#i', $_SERVER['HTTP_REFERER'])) ? htmlspecialchars($_SERVER['HTTP_REFERER']) : 'index.php'; |
129: | 129: |
130: $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_misc['Send e-mail to'].' '.pun_htmlspecialchars($recipient); | 130: $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_misc['Send e-mail to'].' '.pun_htmlspecialchars($recipient); |
131: $required_fields = array('req_subject' => $lang_misc['E-mail subject'], 'req_message' => $lang_misc['E-mail message']); | 131: $required_fields = array('req_subject' => $lang_misc['E-mail subject'], 'req_message' => $lang_misc['E-mail message']); |
punbb-1.2.11/upload/moderate.php | punbb-1.2.15/upload/moderate.php |
---|---|
35: message($lang_common['No permission']); | 35: message($lang_common['No permission']); |
36: | 36: |
37: // Is get_host an IP address or a post ID? | 37: // Is get_host an IP address or a post ID? |
38: if (preg_match('/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/', $_GET['get_host'])) | 38: if (@preg_match('/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/', $_GET['get_host'])) |
39: $ip = $_GET['get_host']; | 39: $ip = $_GET['get_host']; |
40: else | 40: else |
41: { | 41: { |
98: { | 98: { |
99: confirm_referrer('moderate.php'); | 99: confirm_referrer('moderate.php'); |
100: | 100: |
101: if (preg_match('/[^0-9,]/', $posts)) | 101: if (@preg_match('/[^0-9,]/', $posts)) |
102: message($lang_common['Bad request']); | |
103: | |
104: // Verify that the post IDs are valid | |
105: $result = $db->query('SELECT 1 FROM '.$db->prefix.'posts WHERE id IN('.$posts.') AND topic_id='.$tid) or error('Unable to check posts', __FILE__, __LINE__, $db->error()); | |
106: | |
107: if ($db->num_rows($result) != substr_count($posts, ',') + 1) | |
102: message($lang_common['Bad request']); | 108: message($lang_common['Bad request']); |
103: | 109: |
104: // Delete the posts | 110: // Delete the posts |
281: { | 287: { |
282: confirm_referrer('moderate.php'); | 288: confirm_referrer('moderate.php'); |
283: | 289: |
284: if (preg_match('/[^0-9,]/', $_POST['topics'])) | 290: if (@preg_match('/[^0-9,]/', $_POST['topics'])) |
285: message($lang_common['Bad request']); | 291: message($lang_common['Bad request']); |
286: | 292: |
287: $topics = explode(',', $_POST['topics']); | 293: $topics = explode(',', $_POST['topics']); |
289: if (empty($topics) || $move_to_forum < 1) | 295: if (empty($topics) || $move_to_forum < 1) |
290: message($lang_common['Bad request']); | 296: message($lang_common['Bad request']); |
291: | 297: |
298: // Verify that the topic IDs are valid | |
299: $result = $db->query('SELECT 1 FROM '.$db->prefix.'topics WHERE id IN('.implode(',',$topics).') AND forum_id='.$fid) or error('Unable to check topics', __FILE__, __LINE__, $db->error()); | |
300: | |
301: if ($db->num_rows($result) != count($topics)) | |
302: message($lang_common['Bad request']); | |
303: | |
292: // Delete any redirect topics if there are any (only if we moved/copied the topic back to where it where it was once moved from) | 304: // Delete any redirect topics if there are any (only if we moved/copied the topic back to where it where it was once moved from) |
293: $db->query('DELETE FROM '.$db->prefix.'topics WHERE forum_id='.$move_to_forum.' AND moved_to IN('.implode(',',$topics).')') or error('Unable to delete redirect topics', __FILE__, __LINE__, $db->error()); | 305: $db->query('DELETE FROM '.$db->prefix.'topics WHERE forum_id='.$move_to_forum.' AND moved_to IN('.implode(',',$topics).')') or error('Unable to delete redirect topics', __FILE__, __LINE__, $db->error()); |
294: | 306: |
400: { | 412: { |
401: confirm_referrer('moderate.php'); | 413: confirm_referrer('moderate.php'); |
402: | 414: |
403: if (preg_match('/[^0-9,]/', $topics)) | 415: if (@preg_match('/[^0-9,]/', $topics)) |
404: message($lang_common['Bad request']); | 416: message($lang_common['Bad request']); |
405: | 417: |
406: require PUN_ROOT.'include/search_idx.php'; | 418: require PUN_ROOT.'include/search_idx.php'; |
407: | 419: |
420: // Verify that the topic IDs are valid | |
421: $result = $db->query('SELECT 1 FROM '.$db->prefix.'topics WHERE id IN('.$topics.') AND forum_id='.$fid) or error('Unable to check topics', __FILE__, __LINE__, $db->error()); | |
422: | |
423: if ($db->num_rows($result) != substr_count($topics, ',') + 1) | |
424: message($lang_common['Bad request']); | |
425: | |
408: // Delete the topics and any redirect topics | 426: // Delete the topics and any redirect topics |
409: $db->query('DELETE FROM '.$db->prefix.'topics WHERE id IN('.$topics.') OR moved_to IN('.$topics.')') or error('Unable to delete topic', __FILE__, __LINE__, $db->error()); | 427: $db->query('DELETE FROM '.$db->prefix.'topics WHERE id IN('.$topics.') OR moved_to IN('.$topics.')') or error('Unable to delete topic', __FILE__, __LINE__, $db->error()); |
410: | 428: |
472: if (empty($topics)) | 490: if (empty($topics)) |
473: message($lang_misc['No topics selected']); | 491: message($lang_misc['No topics selected']); |
474: | 492: |
475: $db->query('UPDATE '.$db->prefix.'topics SET closed='.$action.' WHERE id IN('.implode(',', $topics).')') or error('Unable to close topics', __FILE__, __LINE__, $db->error()); | 493: $db->query('UPDATE '.$db->prefix.'topics SET closed='.$action.' WHERE id IN('.implode(',', $topics).') AND forum_id='.$fid) or error('Unable to close topics', __FILE__, __LINE__, $db->error()); |
476: | 494: |
477: $redirect_msg = ($action) ? $lang_misc['Close topics redirect'] : $lang_misc['Open topics redirect']; | 495: $redirect_msg = ($action) ? $lang_misc['Close topics redirect'] : $lang_misc['Open topics redirect']; |
478: redirect('moderate.php?fid='.$fid, $redirect_msg); | 496: redirect('moderate.php?fid='.$fid, $redirect_msg); |
486: if ($topic_id < 1) | 504: if ($topic_id < 1) |
487: message($lang_common['Bad request']); | 505: message($lang_common['Bad request']); |
488: | 506: |
489: $db->query('UPDATE '.$db->prefix.'topics SET closed='.$action.' WHERE id='.$topic_id) or error('Unable to close topic', __FILE__, __LINE__, $db->error()); | 507: $db->query('UPDATE '.$db->prefix.'topics SET closed='.$action.' WHERE id='.$topic_id.' AND forum_id='.$fid) or error('Unable to close topic', __FILE__, __LINE__, $db->error()); |
490: | 508: |
491: $redirect_msg = ($action) ? $lang_misc['Close topic redirect'] : $lang_misc['Open topic redirect']; | 509: $redirect_msg = ($action) ? $lang_misc['Close topic redirect'] : $lang_misc['Open topic redirect']; |
492: redirect('viewtopic.php?id='.$topic_id, $redirect_msg); | 510: redirect('viewtopic.php?id='.$topic_id, $redirect_msg); |
503: if ($stick < 1) | 521: if ($stick < 1) |
504: message($lang_common['Bad request']); | 522: message($lang_common['Bad request']); |
505: | 523: |
506: $db->query('UPDATE '.$db->prefix.'topics SET sticky=\'1\' WHERE id='.$stick) or error('Unable to stick topic', __FILE__, __LINE__, $db->error()); | 524: $db->query('UPDATE '.$db->prefix.'topics SET sticky=\'1\' WHERE id='.$stick.' AND forum_id='.$fid) or error('Unable to stick topic', __FILE__, __LINE__, $db->error()); |
507: | 525: |
508: redirect('viewtopic.php?id='.$stick, $lang_misc['Stick topic redirect']); | 526: redirect('viewtopic.php?id='.$stick, $lang_misc['Stick topic redirect']); |
509: } | 527: } |
518: if ($unstick < 1) | 536: if ($unstick < 1) |
519: message($lang_common['Bad request']); | 537: message($lang_common['Bad request']); |
520: | 538: |
521: $db->query('UPDATE '.$db->prefix.'topics SET sticky=\'0\' WHERE id='.$unstick) or error('Unable to unstick topic', __FILE__, __LINE__, $db->error()); | 539: $db->query('UPDATE '.$db->prefix.'topics SET sticky=\'0\' WHERE id='.$unstick.' AND forum_id='.$fid) or error('Unable to unstick topic', __FILE__, __LINE__, $db->error()); |
522: | 540: |
523: redirect('viewtopic.php?id='.$unstick, $lang_misc['Unstick topic redirect']); | 541: redirect('viewtopic.php?id='.$unstick, $lang_misc['Unstick topic redirect']); |
524: } | 542: } |
punbb-1.2.11/upload/post.php | punbb-1.2.15/upload/post.php |
---|---|
128: $errors[] = $lang_register['Username censor']; | 128: $errors[] = $lang_register['Username censor']; |
129: | 129: |
130: // Check that the username (or a too similar username) is not already registered | 130: // Check that the username (or a too similar username) is not already registered |
131: $result = $db->query('SELECT username FROM '.$db->prefix.'users WHERE username=\''.$db->escape($username).'\' OR username=\''.$db->escape(preg_replace('/[^\w]/', '', $username)).'\'') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); | 131: $result = $db->query('SELECT username FROM '.$db->prefix.'users WHERE (username=\''.$db->escape($username).'\' OR username=\''.$db->escape(preg_replace('/[^\w]/', '', $username)).'\') AND id>1') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); |
132: if ($db->num_rows($result)) | 132: if ($db->num_rows($result)) |
133: { | 133: { |
134: $busy = $db->result($result); | 134: $busy = $db->result($result); |
punbb-1.2.11/upload/profile.php | punbb-1.2.15/upload/profile.php |
---|---|
190: $result = $db->query('SELECT activate_string, activate_key FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch activation data', __FILE__, __LINE__, $db->error()); | 190: $result = $db->query('SELECT activate_string, activate_key FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch activation data', __FILE__, __LINE__, $db->error()); |
191: list($new_email, $new_email_key) = $db->fetch_row($result); | 191: list($new_email, $new_email_key) = $db->fetch_row($result); |
192: | 192: |
193: if ($key != $new_email_key) | 193: if ($key == '' || $key != $new_email_key) |
194: message($lang_profile['E-mail key bad'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.'); | 194: message($lang_profile['E-mail key bad'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.'); |
195: else | 195: else |
196: { | 196: { |
752: } | 752: } |
753: | 753: |
754: // Add http:// if the URL doesn't contain it already | 754: // Add http:// if the URL doesn't contain it already |
755: if ($form['url'] != '' && !stristr($form['url'], 'http://')) | 755: if ($form['url'] != '' && strpos(strtolower($form['url']), 'http://') !== 0) |
756: $form['url'] = 'http://'.$form['url']; | 756: $form['url'] = 'http://'.$form['url']; |
757: | 757: |
758: break; | 758: break; |
763: $form = extract_elements(array('jabber', 'icq', 'msn', 'aim', 'yahoo')); | 763: $form = extract_elements(array('jabber', 'icq', 'msn', 'aim', 'yahoo')); |
764: | 764: |
765: // If the ICQ UIN contains anything other than digits it's invalid | 765: // If the ICQ UIN contains anything other than digits it's invalid |
766: if ($form['icq'] != '' && preg_match('/[^0-9]/', $form['icq'])) | 766: if ($form['icq'] != '' && @preg_match('/[^0-9]/', $form['icq'])) |
767: message($lang_prof_reg['Bad ICQ']); | 767: message($lang_prof_reg['Bad ICQ']); |
768: | 768: |
769: break; | 769: break; |
punbb-1.2.11/upload/register.php | punbb-1.2.15/upload/register.php |
---|---|
173: $dupe_list[] = $cur_dupe['username']; | 173: $dupe_list[] = $cur_dupe['username']; |
174: } | 174: } |
175: | 175: |
176: $timezone = intval($_POST['timezone']); | 176: // Make sure we got a valid language string |
177: $language = isset($_POST['language']) ? $_POST['language'] : $pun_config['o_default_lang']; | 177: if (isset($_POST['language'])) |
178: { | |
179: $language = preg_replace('#[\.\\\/]#', '', $_POST['language']); | |
180: if (!file_exists(PUN_ROOT.'lang/'.$language.'/common.php')) | |
181: message($lang_common['Bad request']); | |
182: } | |
183: else | |
184: $language = $pun_config['o_default_lang']; | |
185: | |
186: $timezone = round($_POST['timezone'], 1); | |
178: $save_pass = (!isset($_POST['save_pass']) || $_POST['save_pass'] != '1') ? '0' : '1'; | 187: $save_pass = (!isset($_POST['save_pass']) || $_POST['save_pass'] != '1') ? '0' : '1'; |
179: | 188: |
180: $email_setting = intval($_POST['email_setting']); | 189: $email_setting = intval($_POST['email_setting']); |
punbb-1.2.11/upload/search.php | punbb-1.2.15/upload/search.php |
---|---|
122: $keyword_results = $author_results = array(); | 122: $keyword_results = $author_results = array(); |
123: | 123: |
124: // Search a specific forum? | 124: // Search a specific forum? |
125: $forum_sql = ($forum != -1) ? ' AND t.forum_id = '.$forum : ''; | 125: $forum_sql = ($forum != -1 || ($forum == -1 && $pun_config['o_search_all_forums'] == '0')) ? ' AND t.forum_id = '.$forum : ''; |
126: | 126: |
127: if (!empty($author) || !empty($keywords)) | 127: if (!empty($author) || !empty($keywords)) |
128: { | 128: { |
170: | 170: |
171: $word_count = 0; | 171: $word_count = 0; |
172: $match_type = 'and'; | 172: $match_type = 'and'; |
173: $result_list = array(); | |
173: @reset($keywords_array); | 174: @reset($keywords_array); |
174: while (list(, $cur_word) = @each($keywords_array)) | 175: while (list(, $cur_word) = @each($keywords_array)) |
175: { | 176: { |
325: if ($pun_user['is_guest']) | 326: if ($pun_user['is_guest']) |
326: message($lang_common['No permission']); | 327: message($lang_common['No permission']); |
327: | 328: |
328: $result = $db->query('SELECT t.id FROM '.$db->prefix.'topics AS t INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.last_post>'.$pun_user['last_visit']) or error('Unable to fetch topic list', __FILE__, __LINE__, $db->error()); | 329: $result = $db->query('SELECT t.id FROM '.$db->prefix.'topics AS t INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.last_post>'.$pun_user['last_visit'].' AND t.moved_to IS NULL') or error('Unable to fetch topic list', __FILE__, __LINE__, $db->error()); |
329: $num_hits = $db->num_rows($result); | 330: $num_hits = $db->num_rows($result); |
330: | 331: |
331: if (!$num_hits) | 332: if (!$num_hits) |
334: // If it's a search for todays posts | 335: // If it's a search for todays posts |
335: else if ($action == 'show_24h') | 336: else if ($action == 'show_24h') |
336: { | 337: { |
337: $result = $db->query('SELECT t.id FROM '.$db->prefix.'topics AS t INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.last_post>'.(time() - 86400)) or error('Unable to fetch topic list', __FILE__, __LINE__, $db->error()); | 338: $result = $db->query('SELECT t.id FROM '.$db->prefix.'topics AS t INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.last_post>'.(time() - 86400).' AND t.moved_to IS NULL') or error('Unable to fetch topic list', __FILE__, __LINE__, $db->error()); |
338: $num_hits = $db->num_rows($result); | 339: $num_hits = $db->num_rows($result); |
339: | 340: |
340: if (!$num_hits) | 341: if (!$num_hits) |
429: // Fetch results to display | 430: // Fetch results to display |
430: if ($search_results != '') | 431: if ($search_results != '') |
431: { | 432: { |
432: $group_by_sql = ''; | |
433: switch ($sort_by) | 433: switch ($sort_by) |
434: { | 434: { |
435: case 1: | 435: case 1: |
449: break; | 449: break; |
450: | 450: |
451: default: | 451: default: |
452: { | |
453: $sort_by_sql = ($show_as == 'topics') ? 't.posted' : 'p.posted'; | 452: $sort_by_sql = ($show_as == 'topics') ? 't.posted' : 'p.posted'; |
454: | |
455: if ($show_as == 'topics') | |
456: $group_by_sql = ', t.posted'; | |
457: | |
458: break; | 453: break; |
459: } | |
460: } | 454: } |
461: | 455: |
462: if ($show_as == 'posts') | 456: if ($show_as == 'posts') |
465: $sql = 'SELECT p.id AS pid, p.poster AS pposter, p.posted AS pposted, p.poster_id, '.$substr_sql.'(p.message, 1, 1000) AS message, t.id AS tid, t.poster, t.subject, t.last_post, t.last_post_id, t.last_poster, t.num_replies, t.forum_id FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'topics AS t ON t.id=p.topic_id WHERE p.id IN('.$search_results.') ORDER BY '.$sort_by_sql; | 459: $sql = 'SELECT p.id AS pid, p.poster AS pposter, p.posted AS pposted, p.poster_id, '.$substr_sql.'(p.message, 1, 1000) AS message, t.id AS tid, t.poster, t.subject, t.last_post, t.last_post_id, t.last_poster, t.num_replies, t.forum_id FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'topics AS t ON t.id=p.topic_id WHERE p.id IN('.$search_results.') ORDER BY '.$sort_by_sql; |
466: } | 460: } |
467: else | 461: else |
468: $sql = 'SELECT t.id AS tid, t.poster, t.subject, t.last_post, t.last_post_id, t.last_poster, t.num_replies, t.closed, t.forum_id FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'topics AS t ON t.id=p.topic_id WHERE t.id IN('.$search_results.') GROUP BY t.id, t.poster, t.subject, t.last_post, t.last_post_id, t.last_poster, t.num_replies, t.closed, t.forum_id'.$group_by_sql.' ORDER BY '.$sort_by_sql; | 462: $sql = 'SELECT t.id AS tid, t.poster, t.subject, t.last_post, t.last_post_id, t.last_poster, t.num_replies, t.closed, t.forum_id FROM '.$db->prefix.'topics AS t WHERE t.id IN('.$search_results.') ORDER BY '.$sort_by_sql; |
469: | 463: |
470: | 464: |
471: // Determine the topic or post offset (based on $_GET['p']) | 465: // Determine the topic or post offset (based on $_GET['p']) |
punbb-1.2.11/upload/style/imports/base.css | punbb-1.2.15/upload/style/imports/base.css |
---|---|
43: | 43: |
44: DIV>DIV>DIV.postfootleft, DIV>DIV>DIV.postfootright {PADDING-TOP: 1px; MARGIN-TOP: -1px} | 44: DIV>DIV>DIV.postfootleft, DIV>DIV>DIV.postfootright {PADDING-TOP: 1px; MARGIN-TOP: -1px} |
45: | 45: |
46: /* 3.2 This is only visible to IE Windows and cures various bugs. Do not alter comments */ | 46: /* 3.2 This is only visible to IE6 Windows and cures various bugs. Do not alter comments */ |
47: | 47: |
48: /* Begin IEWin Fix \*/ | 48: /* Begin IE6Win Fix \*/ |
49: * HTML .inbox, * HTML .inform, * HTML .pun, * HTML .intd, * HTML .tclcon {HEIGHT: 1px} | 49: * HTML .inbox, * HTML .inform, * HTML .pun, * HTML .intd, * HTML .tclcon {HEIGHT: 1px} |
50: * HTML .inbox DIV.postmsg {WIDTH: 98%} | 50: * HTML .inbox DIV.postmsg {WIDTH: 98%} |
51: /* End of IEWin Fix */ | 51: /* End of IE6Win Fix */ |
52: | |
53: /* 3.3 This is the equivelant of 3.2 but for IE7. It is visible to other browsers | |
54: but does no harm */ | |
55: | |
56: /*Begin IE7Win Fix */ | |
57: .pun, .pun .inbox, .pun .inform, .pun .intd, .pun .tclcon {min-height: 1px} | |
58: /* End of IE7Win Fix */ | |
52: | 59: |
53: /****************************************************************/ | 60: /****************************************************************/ |
54: /* 4. HIDDEN ELEMENTS */ | 61: /* 4. HIDDEN ELEMENTS */ |
168: DIV.postleft, DIV.postfootleft { | 175: DIV.postleft, DIV.postfootleft { |
169: FLOAT:left; | 176: FLOAT:left; |
170: WIDTH: 18em; | 177: WIDTH: 18em; |
171: OVERFLOW: hidden | 178: OVERFLOW: hidden; |
179: POSITION: relative; | |
172: } | 180: } |
173: | 181: |
174: DIV.postright, DIV.postfootright { | 182: DIV.postright, DIV.postfootright { |
punbb-1.2.11/upload/userlist.php | punbb-1.2.15/upload/userlist.php |
---|---|
41: // Determine if we are allowed to view post counts | 41: // Determine if we are allowed to view post counts |
42: $show_post_count = ($pun_config['o_show_post_count'] == '1' || $pun_user['g_id'] < PUN_GUEST) ? true : false; | 42: $show_post_count = ($pun_config['o_show_post_count'] == '1' || $pun_user['g_id'] < PUN_GUEST) ? true : false; |
43: | 43: |
44: $username = (isset($_GET['username']) && $pun_user['g_search_users'] == '1') ? $_GET['username'] : ''; | 44: $username = (isset($_GET['username']) && $pun_user['g_search_users'] == '1') ? pun_trim($_GET['username']) : ''; |
45: $show_group = (!isset($_GET['show_group']) || intval($_GET['show_group']) < -1 && intval($_GET['show_group']) > 2) ? -1 : intval($_GET['show_group']); | 45: $show_group = (!isset($_GET['show_group']) || intval($_GET['show_group']) < -1 && intval($_GET['show_group']) > 2) ? -1 : intval($_GET['show_group']); |
46: $sort_by = (!isset($_GET['sort_by']) || $_GET['sort_by'] != 'username' && $_GET['sort_by'] != 'registered' && ($_GET['sort_by'] != 'num_posts' || !$show_post_count)) ? 'username' : $_GET['sort_by']; | 46: $sort_by = (!isset($_GET['sort_by']) || $_GET['sort_by'] != 'username' && $_GET['sort_by'] != 'registered' && ($_GET['sort_by'] != 'num_posts' || !$show_post_count)) ? 'username' : $_GET['sort_by']; |
47: $sort_dir = (!isset($_GET['sort_dir']) || $_GET['sort_dir'] != 'ASC' && $_GET['sort_dir'] != 'DESC') ? 'ASC' : strtoupper($_GET['sort_dir']); | 47: $sort_dir = (!isset($_GET['sort_dir']) || $_GET['sort_dir'] != 'ASC' && $_GET['sort_dir'] != 'DESC') ? 'ASC' : strtoupper($_GET['sort_dir']); |
116: $where_sql[] = 'u.group_id='.$show_group; | 116: $where_sql[] = 'u.group_id='.$show_group; |
117: | 117: |
118: // Fetch user count | 118: // Fetch user count |
119: $result = $db->query('SELECT COUNT(id) FROM '.$db->prefix.'users AS u'.(!empty($where_sql) ? ' WHERE u.id>1 AND '.implode(' AND ', $where_sql) : '')) or error('Unable to fetch user list count', __FILE__, __LINE__, $db->error()); | 119: $result = $db->query('SELECT COUNT(id) FROM '.$db->prefix.'users AS u WHERE u.id>1'.(!empty($where_sql) ? ' AND '.implode(' AND ', $where_sql) : '')) or error('Unable to fetch user list count', __FILE__, __LINE__, $db->error()); |
120: $num_users = $db->result($result); | 120: $num_users = $db->result($result); |
121: | 121: |
122: | 122: |