PunBB 1.2.16 to 1.2.17 changes

PunBB 1.2.16 to 1.2.17 changes	Legend
	Lines removed
	Lines changed
		Lines added

punbb-1.2.16/upload/admin_forums.php	punbb-1.2.17/upload/admin_forums.php
385: <?php	385: <?php
386:	386:
387: $result = $db->query('SELECT id, cat_name FROM '.$db->prefix.'categories ORDER BY disp_position') or error('Unable to fetch category list', __FILE__, __LINE__, $db->error());	387: $result = $db->query('SELECT id, cat_name FROM '.$db->prefix.'categories ORDER BY disp_position') or error('Unable to fetch category list', __FILE__, __LINE__, $db->error());
388: while ($cur_cat = $db->fetch_assoc($result))	388: if ($db->num_rows($result) > 0)
389: echo "\t\t\t\t\t\t\t\t\t".'<option value="'.$cur_cat['id'].'">'.pun_htmlspecialchars($cur_cat['cat_name']).'</option>'."\n";	389: {
	390: while ($cur_cat = $db->fetch_assoc($result))
	391: echo "\t\t\t\t\t\t\t\t\t".'<option value="'.$cur_cat['id'].'">'.pun_htmlspecialchars($cur_cat['cat_name']).'</option>'."\n";
	392: }
	393: else
	394: echo "\t\t\t\t\t\t\t\t\t".'<option value="0" disabled="disabled">No categories exist</option>'."\n";
390:	395:
391: ?>	396: ?>
392: </select>	397: </select>
399: </div>	404: </div>
400: </form>	405: </form>
401: </div>	406: </div>
	407: <?php
402:	408:
	409: // Display all the categories and forums
	410: $result = $db->query('SELECT c.id AS cid, c.cat_name, f.id AS fid, f.forum_name, f.disp_position FROM '.$db->prefix.'categories AS c INNER JOIN '.$db->prefix.'forums AS f ON c.id=f.cat_id ORDER BY c.disp_position, c.id, f.disp_position') or error('Unable to fetch category/forum list', __FILE__, __LINE__, $db->error());
	411:
	412: if ($db->num_rows($result) > 0)
	413: {
	414:
	415: ?>
403: <h2 class="block2"><span>Edit forums</span></h2>	416: <h2 class="block2"><span>Edit forums</span></h2>
404: <div class="box">	417: <div class="box">
405: <form id="edforum" method="post" action="admin_forums.php?action=edit">	418: <form id="edforum" method="post" action="admin_forums.php?action=edit">
408:	421:
409: $tabindex_count = 4;	422: $tabindex_count = 4;
410:	423:
411: // Display all the categories and forums
412: $result = $db->query('SELECT c.id AS cid, c.cat_name, f.id AS fid, f.forum_name, f.disp_position FROM '.$db->prefix.'categories AS c INNER JOIN '.$db->prefix.'forums AS f ON c.id=f.cat_id ORDER BY c.disp_position, c.id, f.disp_position') or error('Unable to fetch category/forum list', __FILE__, __LINE__, $db->error());
413:
414: $cur_category = 0;	424: $cur_category = 0;
415: while ($cur_forum = $db->fetch_assoc($result))	425: while ($cur_forum = $db->fetch_assoc($result))
416: {	426: {
449: <p class="submitend"><input type="submit" name="update_positions" value="Update positions" tabindex="<?php echo $tabindex_count ?>" /></p>	459: <p class="submitend"><input type="submit" name="update_positions" value="Update positions" tabindex="<?php echo $tabindex_count ?>" /></p>
450: </form>	460: </form>
451: </div>	461: </div>
	462: <?php
	463:
	464: }
	465:
	466: ?>
452: </div>	467: </div>
453: <div class="clearer"></div>	468: <div class="clearer"></div>
454: </div>	469: </div>

punbb-1.2.16/upload/admin_maintenance.php	punbb-1.2.17/upload/admin_maintenance.php
69: }	69: }
70: }	70: }
71:	71:
72: $end_at = $start_at + $per_page;
73:
74: ?>	72: ?>
75: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">	73: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
76:	74:
95: require PUN_ROOT.'include/search_idx.php';	93: require PUN_ROOT.'include/search_idx.php';
96:	94:
97: // Fetch posts to process	95: // Fetch posts to process
98: $result = $db->query('SELECT DISTINCT t.id, p.id, p.message FROM '.$db->prefix.'topics AS t INNER JOIN '.$db->prefix.'posts AS p ON t.id=p.topic_id WHERE t.id>='.$start_at.' AND t.id<'.$end_at.' ORDER BY t.id') or error('Unable to fetch topic/post info', __FILE__, __LINE__, $db->error());	96: $result = $db->query('SELECT DISTINCT t.id, p.id, p.message FROM '.$db->prefix.'topics AS t INNER JOIN '.$db->prefix.'posts AS p ON t.id=p.topic_id WHERE t.id>='.$start_at.' ORDER BY t.id LIMIT '.$per_page) or error('Unable to fetch topic/post info', __FILE__, __LINE__, $db->error());
99:	97:
100: $cur_topic = 0;	98: $cur_topic = 0;
101: while ($cur_post = $db->fetch_row($result))	99: while ($cur_post = $db->fetch_row($result))
118: }	116: }
119:	117:
120: // Check if there is more work to do	118: // Check if there is more work to do
121: $result = $db->query('SELECT id FROM '.$db->prefix.'topics WHERE id>'.$end_at) or error('Unable to fetch topic info', __FILE__, __LINE__, $db->error());	119: $result = $db->query('SELECT id FROM '.$db->prefix.'topics WHERE id>'.$cur_topic.' ORDER BY id ASC LIMIT 1') or error('Unable to fetch topic info', __FILE__, __LINE__, $db->error());
122:	120:
123: $query_str = ($db->num_rows($result)) ? '?i_per_page='.$per_page.'&i_start_at='.$end_at : '';	121: $query_str = ($db->num_rows($result)) ? '?i_per_page='.$per_page.'&i_start_at='.$db->result($result) : '';
124:	122:
125: $db->end_transaction();	123: $db->end_transaction();
126: $db->close();	124: $db->close();

punbb-1.2.16/upload/edit.php	punbb-1.2.17/upload/edit.php
197:	197:
198: ?>	198: ?>
199: <div class="blockform">	199: <div class="blockform">
200: <h2><?php echo $lang_post['Edit post'] ?></h2>	200: <h2><span><?php echo $lang_post['Edit post'] ?></span></h2>
201: <div class="box">	201: <div class="box">
202: <form id="edit" method="post" action="edit.php?id=<?php echo $id ?>&action=edit" onsubmit="return process_form(this)">	202: <form id="edit" method="post" action="edit.php?id=<?php echo $id ?>&action=edit" onsubmit="return process_form(this)">
203: <div class="inform">	203: <div class="inform">

punbb-1.2.16/upload/header.php	punbb-1.2.17/upload/header.php
147:	147:
148: // START SUBST - <pun_page>	148: // START SUBST - <pun_page>
149: $tpl_main = str_replace('<pun_page>', htmlspecialchars(basename($_SERVER['PHP_SELF'], '.php')), $tpl_main);	149: $tpl_main = str_replace('<pun_page>', htmlspecialchars(basename($_SERVER['PHP_SELF'], '.php')), $tpl_main);
150: // END SUBST - <pun_title>	150: // END SUBST - <pun_page>
151:	151:
152:	152:
153: // START SUBST - <pun_title>	153: // START SUBST - <pun_title>

punbb-1.2.16/upload/include/common.php	punbb-1.2.17/upload/include/common.php
70: $_COOKIE = stripslashes_array($_COOKIE);	70: $_COOKIE = stripslashes_array($_COOKIE);
71: }	71: }
72:	72:
73: // Seed the random number generator	73: // Seed the random number generator (PHP <4.2.0 only)
74: mt_srand((double)microtime()*1000000);	74: if (version_compare(PHP_VERSION, '4.2.0', '<'))
	75: mt_srand((double)microtime()*1000000);
75:	76:
76: // If a cookie name is not specified in config.php, we use the default (punbb_cookie)	77: // If a cookie name is not specified in config.php, we use the default (punbb_cookie)
77: if (empty($cookie_name))	78: if (empty($cookie_name))

punbb-1.2.16/upload/include/functions.php	punbb-1.2.17/upload/include/functions.php
48: // If user authorisation failed	48: // If user authorisation failed
49: if (!isset($pun_user['id']) \|\| md5($cookie_seed.$pun_user['password']) !== $cookie['password_hash'])	49: if (!isset($pun_user['id']) \|\| md5($cookie_seed.$pun_user['password']) !== $cookie['password_hash'])
50: {	50: {
51: pun_setcookie(0, random_pass(8), $expire);	51: pun_setcookie(1, md5(uniqid(rand(), true)), $expire);
52: set_default_user();	52: set_default_user();
53:	53:
54: return;	54: return;
295: $links[] = '<li id="navsearch"><a href="search.php">'.$lang_common['Search'].'</a>';	295: $links[] = '<li id="navsearch"><a href="search.php">'.$lang_common['Search'].'</a>';
296:	296:
297: $links[] = '<li id="navprofile"><a href="profile.php?id='.$pun_user['id'].'">'.$lang_common['Profile'].'</a>';	297: $links[] = '<li id="navprofile"><a href="profile.php?id='.$pun_user['id'].'">'.$lang_common['Profile'].'</a>';
298: $links[] = '<li id="navlogout"><a href="login.php?action=out&id='.$pun_user['id'].'">'.$lang_common['Logout'].'</a>';	298: $links[] = '<li id="navlogout"><a href="login.php?action=out&id='.$pun_user['id'].'&csrf_token='.sha1($pun_user['id'].sha1(get_remote_address())).'">'.$lang_common['Logout'].'</a>';
299: }	299: }
300: else	300: else
301: {	301: {
302: $links[] = '<li id="navsearch"><a href="search.php">'.$lang_common['Search'].'</a>';	302: $links[] = '<li id="navsearch"><a href="search.php">'.$lang_common['Search'].'</a>';
303: $links[] = '<li id="navprofile"><a href="profile.php?id='.$pun_user['id'].'">'.$lang_common['Profile'].'</a>';	303: $links[] = '<li id="navprofile"><a href="profile.php?id='.$pun_user['id'].'">'.$lang_common['Profile'].'</a>';
304: $links[] = '<li id="navadmin"><a href="admin_index.php">'.$lang_common['Admin'].'</a>';	304: $links[] = '<li id="navadmin"><a href="admin_index.php">'.$lang_common['Admin'].'</a>';
305: $links[] = '<li id="navlogout"><a href="login.php?action=out&id='.$pun_user['id'].'">'.$lang_common['Logout'].'</a>';	305: $links[] = '<li id="navlogout"><a href="login.php?action=out&id='.$pun_user['id'].'&csrf_token='.sha1($pun_user['id'].sha1(get_remote_address())).'">'.$lang_common['Logout'].'</a>';
306: }	306: }
307: }	307: }
308:	308:
849: {	849: {
850: global $db, $pun_config, $lang_common, $pun_user;	850: global $db, $pun_config, $lang_common, $pun_user;
851:	851:
852: // Prefix with o_base_url (unless it's there already)	852: // Prefix with o_base_url (unless there's already a valid URI)
853: if (strpos($destination_url, $pun_config['o_base_url']) !== 0)	853: if (strpos($destination_url, 'http://') !== 0 && strpos($destination_url, 'https://') !== 0 && strpos($destination_url, '/') !== 0)
854: $destination_url = $pun_config['o_base_url'].'/'.$destination_url;	854: $destination_url = $pun_config['o_base_url'].'/'.$destination_url;
855:	855:
856: // Do a little spring cleaning	856: // Do a little spring cleaning

punbb-1.2.16/upload/install.php	punbb-1.2.17/upload/install.php
24:	24:
25:	25:
26: // The PunBB version this script installs	26: // The PunBB version this script installs
27: $punbb_version = '1.2.16';	27: $punbb_version = '1.2.17';
28:	28:
29:	29:
30: define('PUN_ROOT', './');	30: define('PUN_ROOT', './');
1401:	1401:
1402:	1402:
1403: /// Display config.php and give further instructions	1403: /// Display config.php and give further instructions
1404: $config = '<?php'."\n\n".'$db_type = \''.$db_type."';\n".'$db_host = \''.$db_host."';\n".'$db_name = \''.$db_name."';\n".'$db_username = \''.$db_username."';\n".'$db_password = \''.$db_password."';\n".'$db_prefix = \''.$db_prefix."';\n".'$p_connect = false;'."\n\n".'$cookie_name = '."'punbb_cookie';\n".'$cookie_domain = '."'';\n".'$cookie_path = '."'/';\n".'$cookie_secure = 0;'."\n".'$cookie_seed = \''.substr(md5(time()), -8)."';\n\ndefine('PUN', 1);";	1404: $config = '<?php'."\n\n".'$db_type = \''.$db_type."';\n".'$db_host = \''.$db_host."';\n".'$db_name = \''.$db_name."';\n".'$db_username = \''.$db_username."';\n".'$db_password = \''.$db_password."';\n".'$db_prefix = \''.$db_prefix."';\n".'$p_connect = false;'."\n\n".'$cookie_name = '."'punbb_cookie';\n".'$cookie_domain = '."'';\n".'$cookie_path = '."'/';\n".'$cookie_secure = 0;'."\n".'$cookie_seed = \''.substr(sha1(uniqid(rand(), true)), 0, 16)."';\n\ndefine('PUN', 1);";
1405:	1405:
1406:	1406:
1407: ?>	1407: ?>

punbb-1.2.16/upload/login.php	punbb-1.2.17/upload/login.php
84:	84:
85: else if ($action == 'out')	85: else if ($action == 'out')
86: {	86: {
87: if ($pun_user['is_guest'] \|\| !isset($_GET['id']) \|\| $_GET['id'] != $pun_user['id'])	87: if ($pun_user['is_guest'] \|\| !isset($_GET['id']) \|\| $_GET['id'] != $pun_user['id'] \|\| !isset($_GET['csrf_token']) \|\| $_GET['csrf_token'] != sha1($pun_user['id'].sha1(get_remote_address())))
88: {	88: {
89: header('Location: index.php');	89: header('Location: index.php');
90: exit;	90: exit;
97: if (isset($pun_user['logged']))	97: if (isset($pun_user['logged']))
98: $db->query('UPDATE '.$db->prefix.'users SET last_visit='.$pun_user['logged'].' WHERE id='.$pun_user['id']) or error('Unable to update user visit data', __FILE__, __LINE__, $db->error());	98: $db->query('UPDATE '.$db->prefix.'users SET last_visit='.$pun_user['logged'].' WHERE id='.$pun_user['id']) or error('Unable to update user visit data', __FILE__, __LINE__, $db->error());
99:	99:
100: pun_setcookie(1, random_pass(8), time() + 31536000);	100: pun_setcookie(1, md5(uniqid(rand(), true)), time() + 31536000);
101:	101:
102: redirect('index.php', $lang_login['Logout redirect']);	102: redirect('index.php', $lang_login['Logout redirect']);
103: }	103: }

punbb-1.2.16/upload/misc.php	punbb-1.2.17/upload/misc.php
252: if ($topic_id < 1)	252: if ($topic_id < 1)
253: message($lang_common['Bad request']);	253: message($lang_common['Bad request']);
254:	254:
	255: // Make sure the user can view the topic
	256: $result = $db->query('SELECT 1 FROM '.$db->prefix.'topics AS t LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=t.forum_id AND fp.group_id=1) WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.id='.$topic_id.' AND t.moved_to IS NULL') or error('Unable to fetch topic info', __FILE__, __LINE__, $db->error());
	257: if (!$db->num_rows($result))
	258: message($lang_common['Bad request']);
	259:
255: $result = $db->query('SELECT 1 FROM '.$db->prefix.'subscriptions WHERE user_id='.$pun_user['id'].' AND topic_id='.$topic_id) or error('Unable to fetch subscription info', __FILE__, __LINE__, $db->error());	260: $result = $db->query('SELECT 1 FROM '.$db->prefix.'subscriptions WHERE user_id='.$pun_user['id'].' AND topic_id='.$topic_id) or error('Unable to fetch subscription info', __FILE__, __LINE__, $db->error());
256: if ($db->num_rows($result))	261: if ($db->num_rows($result))
257: message($lang_misc['Already subscribed']);	262: message($lang_misc['Already subscribed']);

punbb-1.2.16/upload/search.php	punbb-1.2.17/upload/search.php
122: $keyword_results = $author_results = array();	122: $keyword_results = $author_results = array();
123:	123:
124: // Search a specific forum?	124: // Search a specific forum?
125: $forum_sql = ($forum != -1 \|\| ($forum == -1 && $pun_config['o_search_all_forums'] == '0')) ? ' AND t.forum_id = '.$forum : '';	125: $forum_sql = ($forum != -1 \|\| ($forum == -1 && $pun_config['o_search_all_forums'] == '0' && $pun_user['g_id'] >= PUN_GUEST)) ? ' AND t.forum_id = '.$forum : '';
126:	126:
127: if (!empty($author) \|\| !empty($keywords))	127: if (!empty($author) \|\| !empty($keywords))
128: {	128: {
160: {	160: {
161: $num_chars = pun_strlen($word);	161: $num_chars = pun_strlen($word);
162:	162:
163: if ($num_chars < 3 \|\| $num_chars > 20 \|\| in_array($word, $stopwords))	163: if ($word !== 'or' && ($num_chars < 3 \|\| $num_chars > 20 \|\| in_array($word, $stopwords)))
164: unset($keywords_array[$i]);	164: unset($keywords_array[$i]);
165: }	165: }
166:	166:
199: }	199: }
200: else	200: else
201: {	201: {
202: $cur_word = str_replace('*', '%', $cur_word);	202: $cur_word = $db->escape(str_replace('*', '%', $cur_word));
203: $sql = 'SELECT m.post_id FROM '.$db->prefix.'search_words AS w INNER JOIN '.$db->prefix.'search_matches AS m ON m.word_id = w.id WHERE w.word LIKE \''.$cur_word.'\''.$search_in_cond;	203: $sql = 'SELECT m.post_id FROM '.$db->prefix.'search_words AS w INNER JOIN '.$db->prefix.'search_matches AS m ON m.word_id = w.id WHERE w.word LIKE \''.$cur_word.'\''.$search_in_cond;
204: }	204: }
205:	205:

hdiff - version: 2.1.0 (modified)

punbb-1.2.16/upload/moderate.php	punbb-1.2.17/upload/moderate.php
35: message($lang_common['No permission']);	35: message($lang_common['No permission']);
36:	36:
37: // Is get_host an IP address or a post ID?	37: // Is get_host an IP address or a post ID?
38: if (@preg_match('/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/', $_GET['get_host']))	38: if (@preg_match('/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/', $_GET['get_host']))
39: $ip = $_GET['get_host'];	39: $ip = $_GET['get_host'];
40: else	40: else
41: {	41: {
295: if (empty($topics) \|\| $move_to_forum < 1)	295: if (empty($topics) \|\| $move_to_forum < 1)
296: message($lang_common['Bad request']);	296: message($lang_common['Bad request']);
297:	297:
298: // Verify that the topic IDs are valid	298: // Verify that the topic IDs are valid
299: $result = $db->query('SELECT 1 FROM '.$db->prefix.'topics WHERE id IN('.implode(',',$topics).') AND forum_id='.$fid) or error('Unable to check topics', __FILE__, __LINE__, $db->error());	299: $result = $db->query('SELECT 1 FROM '.$db->prefix.'topics WHERE id IN('.implode(',',$topics).') AND forum_id='.$fid) or error('Unable to check topics', __FILE__, __LINE__, $db->error());
300:	300:
301: if ($db->num_rows($result) != count($topics))	301: if ($db->num_rows($result) != count($topics))
302: message($lang_common['Bad request']);	302: message($lang_common['Bad request']);
303:	303:
304: // Delete any redirect topics if there are any (only if we moved/copied the topic back to where it where it was once moved from)	304: // Delete any redirect topics if there are any (only if we moved/copied the topic back to where it where it was once moved from)
417:	417:
418: require PUN_ROOT.'include/search_idx.php';	418: require PUN_ROOT.'include/search_idx.php';
419:	419:
420: // Verify that the topic IDs are valid	420: // Verify that the topic IDs are valid
421: $result = $db->query('SELECT 1 FROM '.$db->prefix.'topics WHERE id IN('.$topics.') AND forum_id='.$fid) or error('Unable to check topics', __FILE__, __LINE__, $db->error());	421: $result = $db->query('SELECT 1 FROM '.$db->prefix.'topics WHERE id IN('.$topics.') AND forum_id='.$fid) or error('Unable to check topics', __FILE__, __LINE__, $db->error());
422:	422:
423: if ($db->num_rows($result) != substr_count($topics, ',') + 1)	423: if ($db->num_rows($result) != substr_count($topics, ',') + 1)
424: message($lang_common['Bad request']);	424: message($lang_common['Bad request']);
425:	425:
426: // Delete the topics and any redirect topics	426: // Delete the topics and any redirect topics