PunBB 1.2.6 to 1.2.13 changes

PunBB 1.2.6 to 1.2.13 changes	Legend
	Lines removed
	Lines changed
		Lines added

punbb-1.2.6/upload/admin_groups.php	punbb-1.2.13/upload/admin_groups.php
243: }	243: }
244: else	244: else
245: {	245: {
246: $result = $db->query('SELECT 1 FROM '.$db->prefix.'groups WHERE g_title=\''.$db->escape($title).'\' AND g_id!='.$_POST['group_id']) or error('Unable to check group title collision', __FILE__, __LINE__, $db->error());	246: $result = $db->query('SELECT 1 FROM '.$db->prefix.'groups WHERE g_title=\''.$db->escape($title).'\' AND g_id!='.intval($_POST['group_id'])) or error('Unable to check group title collision', __FILE__, __LINE__, $db->error());
247: if ($db->num_rows($result))	247: if ($db->num_rows($result))
248: message('There is already a group with the title \''.pun_htmlspecialchars($title).'\'.');	248: message('There is already a group with the title \''.pun_htmlspecialchars($title).'\'.');
249:	249:
250: $db->query('UPDATE '.$db->prefix.'groups SET g_title=\''.$db->escape($title).'\', g_user_title='.$user_title.', g_read_board='.$read_board.', g_post_replies='.$post_replies.', g_post_topics='.$post_topics.', g_edit_posts='.$edit_posts.', g_delete_posts='.$delete_posts.', g_delete_topics='.$delete_topics.', g_set_title='.$set_title.', g_search='.$search.', g_search_users='.$search_users.', g_edit_subjects_interval='.$edit_subjects_interval.', g_post_flood='.$post_flood.', g_search_flood='.$search_flood.' WHERE g_id='.$_POST['group_id']) or error('Unable to update group', __FILE__, __LINE__, $db->error());	250: $db->query('UPDATE '.$db->prefix.'groups SET g_title=\''.$db->escape($title).'\', g_user_title='.$user_title.', g_read_board='.$read_board.', g_post_replies='.$post_replies.', g_post_topics='.$post_topics.', g_edit_posts='.$edit_posts.', g_delete_posts='.$delete_posts.', g_delete_topics='.$delete_topics.', g_set_title='.$set_title.', g_search='.$search.', g_search_users='.$search_users.', g_edit_subjects_interval='.$edit_subjects_interval.', g_post_flood='.$post_flood.', g_search_flood='.$search_flood.' WHERE g_id='.intval($_POST['group_id'])) or error('Unable to update group', __FILE__, __LINE__, $db->error());
251: }	251: }
252:	252:
253: // Regenerate the quickjump cache	253: // Regenerate the quickjump cache

punbb-1.2.6/upload/admin_index.php	punbb-1.2.13/upload/admin_index.php
86: $load_averages = @explode(' ', $load_averages);	86: $load_averages = @explode(' ', $load_averages);
87: $server_load = isset($load_averages[2]) ? $load_averages[0].' '.$load_averages[1].' '.$load_averages[2] : 'Not available';	87: $server_load = isset($load_averages[2]) ? $load_averages[0].' '.$load_averages[1].' '.$load_averages[2] : 'Not available';
88: }	88: }
89: else if (preg_match('/averages?: ([0-9\.]+),[\s]+([0-9\.]+),[\s]+([0-9\.]+)/i', @exec('uptime'), $load_averages))	89: else if (!in_array(PHP_OS, array('WINNT', 'WIN32')) && preg_match('/averages?: ([0-9\.]+),[\s]+([0-9\.]+),[\s]+([0-9\.]+)/i', @exec('uptime'), $load_averages))
90: $server_load = $load_averages[1].' '.$load_averages[2].' '.$load_averages[3];	90: $server_load = $load_averages[1].' '.$load_averages[2].' '.$load_averages[3];
91: else	91: else
92: $server_load = 'Not available';	92: $server_load = 'Not available';

punbb-1.2.6/upload/admin_options.php	punbb-1.2.13/upload/admin_options.php
63: if (substr($form['base_url'], -1) == '/')	63: if (substr($form['base_url'], -1) == '/')
64: $form['base_url'] = substr($form['base_url'], 0, -1);	64: $form['base_url'] = substr($form['base_url'], 0, -1);
65:	65:
	66: // Clean avatars_dir
	67: $form['avatars_dir'] = str_replace("\0", '', $form['avatars_dir']);
	68:
66: // Make sure avatars_dir doesn't end with a slash	69: // Make sure avatars_dir doesn't end with a slash
67: if (substr($form['avatars_dir'], -1) == '/')	70: if (substr($form['avatars_dir'], -1) == '/')
68: $form['avatars_dir'] = substr($form['avatars_dir'], 0, -1);	71: $form['avatars_dir'] = substr($form['avatars_dir'], 0, -1);
117: while (list($key, $input) = @each($form))	120: while (list($key, $input) = @each($form))
118: {	121: {
119: // Only update values that have changed	122: // Only update values that have changed
120: if (isset($pun_config['o_'.$key]) && $pun_config['o_'.$key] != $input)	123: if (array_key_exists('o_'.$key, $pun_config) && $pun_config['o_'.$key] != $input)
121: {	124: {
122: if ($input != '' \|\| is_int($input))	125: if ($input != '' \|\| is_int($input))
123: $value = '\''.$db->escape($input).'\'';	126: $value = '\''.$db->escape($input).'\'';

punbb-1.2.6/upload/admin_permissions.php	punbb-1.2.13/upload/admin_permissions.php
39: {	39: {
40: confirm_referrer('admin_permissions.php');	40: confirm_referrer('admin_permissions.php');
41:	41:
42: $form = array_map('trim', $_POST['form']);	42: $form = array_map('intval', $_POST['form']);
43:
44: $form['sig_length'] = intval($form['sig_length']);
45: $form['sig_lines'] = intval($form['sig_lines']);
46:	43:
47: while (list($key, $input) = @each($form))	44: while (list($key, $input) = @each($form))
48: {	45: {
49: // Only update values that have changed	46: // Only update values that have changed
50: if (isset($pun_config['p_'.$key]) && $pun_config['p_'.$key] != $input)	47: if (array_key_exists('p_'.$key, $pun_config) && $pun_config['p_'.$key] != $input)
51: {	48: $db->query('UPDATE '.$db->prefix.'config SET conf_value='.$input.' WHERE conf_name=\'p_'.$db->escape($key).'\'') or error('Unable to update board config', __FILE__, __LINE__, $db->error());
52: if ($input != '' \|\| is_int($input))
53: $value = '\''.$db->escape($input).'\'';
54: else
55: $value = 'NULL';
56:
57: $db->query('UPDATE '.$db->prefix.'config SET conf_value='.$value.' WHERE conf_name=\'p_'.$key.'\'') or error('Unable to update board config', __FILE__, __LINE__, $db->error());
58: }
59: }	49: }
60:	50:
61: // Regenerate the config cache	51: // Regenerate the config cache

punbb-1.2.6/upload/admin_users.php	punbb-1.2.13/upload/admin_users.php
217:	217:
218: // trim() all elements in $form	218: // trim() all elements in $form
219: $form = array_map('trim', $form);	219: $form = array_map('trim', $form);
	220: $conditions = array();
220:	221:
221: $posts_greater = trim($_POST['posts_greater']);	222: $posts_greater = trim($_POST['posts_greater']);
222: $posts_less = trim($_POST['posts_less']);	223: $posts_less = trim($_POST['posts_less']);
268: if ($user_group != 'all')	269: if ($user_group != 'all')
269: $conditions[] = 'u.group_id='.$db->escape($user_group);	270: $conditions[] = 'u.group_id='.$db->escape($user_group);
270:	271:
271: if (!isset($conditions))	272: if (empty($conditions))
272: message('You didn\'t enter any search terms.');	273: message('You didn\'t enter any search terms.');
273:	274:
274:	275:

punbb-1.2.6/upload/edit.php	punbb-1.2.13/upload/edit.php
175: else if (isset($_POST['preview']))	175: else if (isset($_POST['preview']))
176: {	176: {
177: require_once PUN_ROOT.'include/parser.php';	177: require_once PUN_ROOT.'include/parser.php';
178: $message = parse_message(trim($_POST['req_message']), $hide_smilies);	178: $preview_message = parse_message($message, $hide_smilies);
179:	179:
180: ?>	180: ?>
181: <div id="postpreview" class="blockpost">	181: <div id="postpreview" class="blockpost">
184: <div class="inbox">	184: <div class="inbox">
185: <div class="postright">	185: <div class="postright">
186: <div class="postmsg">	186: <div class="postmsg">
187: <?php echo $message."\n" ?>	187: <?php echo $preview_message."\n" ?>
188: </div>	188: </div>
189: </div>	189: </div>
190: </div>	190: </div>
208: <?php if ($can_edit_subject): ?> <label><?php echo $lang_common['Subject'] ?><br />	208: <?php if ($can_edit_subject): ?> <label><?php echo $lang_common['Subject'] ?><br />
209: <input class="longinput" type="text" name="req_subject" size="80" maxlength="70" tabindex="<?php echo $cur_index++ ?>" value="<?php echo pun_htmlspecialchars(isset($_POST['req_subject']) ? $_POST['req_subject'] : $cur_post['subject']) ?>" /><br /></label>	209: <input class="longinput" type="text" name="req_subject" size="80" maxlength="70" tabindex="<?php echo $cur_index++ ?>" value="<?php echo pun_htmlspecialchars(isset($_POST['req_subject']) ? $_POST['req_subject'] : $cur_post['subject']) ?>" /><br /></label>
210: <?php endif; ?> <label><?php echo $lang_common['Message'] ?><br />	210: <?php endif; ?> <label><?php echo $lang_common['Message'] ?><br />
211: <textarea name="req_message" rows="20" cols="95" tabindex="<?php echo $cur_index++ ?>"><?php echo pun_htmlspecialchars(isset($_POST['req_message']) ? $_POST['req_message'] : $cur_post['message']) ?></textarea><br /></label>	211: <textarea name="req_message" rows="20" cols="95" tabindex="<?php echo $cur_index++ ?>"><?php echo pun_htmlspecialchars(isset($_POST['req_message']) ? $message : $cur_post['message']) ?></textarea><br /></label>
212: <ul class="bblinks">	212: <ul class="bblinks">
213: <li><a href="help.php#bbcode" onclick="window.open(this.href); return false;"><?php echo $lang_common['BBCode'] ?></a>: <?php echo ($pun_config['p_message_bbcode'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></li>	213: <li><a href="help.php#bbcode" onclick="window.open(this.href); return false;"><?php echo $lang_common['BBCode'] ?></a>: <?php echo ($pun_config['p_message_bbcode'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></li>
214: <li><a href="help.php#img" onclick="window.open(this.href); return false;"><?php echo $lang_common['img tag'] ?></a>: <?php echo ($pun_config['p_message_img_tag'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></li>	214: <li><a href="help.php#img" onclick="window.open(this.href); return false;"><?php echo $lang_common['img tag'] ?></a>: <?php echo ($pun_config['p_message_img_tag'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></li>

punbb-1.2.6/upload/extern.php	punbb-1.2.13/upload/extern.php
116: exit('The file \'config.php\' doesn\'t exist or is corrupt. Please run install.php to install PunBB first.');	116: exit('The file \'config.php\' doesn\'t exist or is corrupt. Please run install.php to install PunBB first.');
117:	117:
118:	118:
119: // Disable error reporting for uninitialized variables	119: // Make sure PHP reports all errors except E_NOTICE
120: error_reporting(E_ALL);	120: error_reporting(E_ALL ^ E_NOTICE);
121:	121:
122: // Turn off magic_quotes_runtime	122: // Turn off magic_quotes_runtime
123: set_magic_quotes_runtime(0);	123: set_magic_quotes_runtime(0);

punbb-1.2.6/upload/header.php	punbb-1.2.13/upload/header.php
131:	131:
132:	132:
133: // START SUBST - <pun_page>	133: // START SUBST - <pun_page>
134: $tpl_main = str_replace('<pun_page>', basename($_SERVER['PHP_SELF'], '.php'), $tpl_main);	134: $tpl_main = str_replace('<pun_page>', htmlspecialchars(basename($_SERVER['PHP_SELF'], '.php')), $tpl_main);
135: // END SUBST - <pun_title>	135: // END SUBST - <pun_title>
136:	136:
137:	137:

punbb-1.2.6/upload/include/common.php	punbb-1.2.13/upload/include/common.php
32: if (!defined('PUN_ROOT'))	32: if (!defined('PUN_ROOT'))
33: exit('The constant PUN_ROOT must be defined and point to a valid PunBB installation root directory.');	33: exit('The constant PUN_ROOT must be defined and point to a valid PunBB installation root directory.');
34:	34:
	35:
	36: // Load the functions script
	37: require PUN_ROOT.'include/functions.php';
	38:
	39: // Reverse the effect of register_globals
	40: if (@ini_get('register_globals'))
	41: unregister_globals();
	42:
	43:
35: @include PUN_ROOT.'config.php';	44: @include PUN_ROOT.'config.php';
36:	45:
37: // If PUN isn't defined, config.php is missing or corrupt	46: // If PUN isn't defined, config.php is missing or corrupt
76: define('PUN_GUEST', 3);	85: define('PUN_GUEST', 3);
77: define('PUN_MEMBER', 4);	86: define('PUN_MEMBER', 4);
78:	87:
79:
80: // Load the functions script
81: require PUN_ROOT.'include/functions.php';
82:	88:
83: // Load DB abstraction layer and connect	89: // Load DB abstraction layer and connect
84: require PUN_ROOT.'include/dblayer/common_db.php';	90: require PUN_ROOT.'include/dblayer/common_db.php';

punbb-1.2.6/upload/include/email.php	punbb-1.2.13/upload/include/email.php
75: $subject = trim(preg_replace('#[\n\r]+#s', '', $subject));	75: $subject = trim(preg_replace('#[\n\r]+#s', '', $subject));
76: $from = trim(preg_replace('#[\n\r:]+#s', '', $from));	76: $from = trim(preg_replace('#[\n\r:]+#s', '', $from));
77:	77:
78: // Detect what linebreak we should use for the headers	78: $headers = 'From: '.$from."\r\n".'Date: '.date('r')."\r\n".'MIME-Version: 1.0'."\r\n".'Content-transfer-encoding: 8bit'."\r\n".'Content-type: text/plain; charset='.$lang_common['lang_encoding']."\r\n".'X-Mailer: PunBB Mailer';
79: if (strtoupper(substr(PHP_OS, 0, 3) == 'WIN'))
80: $eol = "\r\n";
81: else if (strtoupper(substr(PHP_OS, 0, 3) == 'MAC'))
82: $eol = "\r";
83: else
84: $eol = "\n";
85:
86: $headers = 'From: '.$from.$eol.'Date: '.date('r').$eol.'MIME-Version: 1.0'.$eol.'Content-transfer-encoding: 8bit'.$eol.'Content-type: text/plain; charset='.$lang_common['lang_encoding'].$eol.'X-Mailer: PunBB Mailer';
87:	79:
88: // Make sure all linebreaks are CRLF in message	80: // Make sure all linebreaks are CRLF in message
89: $message = str_replace("\n", "\r\n", pun_linebreaks($message));	81: $message = str_replace("\n", "\r\n", pun_linebreaks($message));
91: if ($pun_config['o_smtp_host'] != '')	83: if ($pun_config['o_smtp_host'] != '')
92: smtp_mail($to, $subject, $message, $headers);	84: smtp_mail($to, $subject, $message, $headers);
93: else	85: else
	86: {
	87: // Change the linebreaks used in the headers according to OS
	88: if (strtoupper(substr(PHP_OS, 0, 3)) == 'MAC')
	89: $headers = str_replace("\r\n", "\r", $headers);
	90: else if (strtoupper(substr(PHP_OS, 0, 3)) != 'WIN')
	91: $headers = str_replace("\r\n", "\n", $headers);
	92:
94: mail($to, $subject, $message, $headers);	93: mail($to, $subject, $message, $headers);
	94: }
95: }	95: }
96:	96:
97:	97:

punbb-1.2.6/upload/include/functions.php	punbb-1.2.13/upload/include/functions.php
138: // Enable sending of a P3P header by removing // from the following line (try this if login is failing in IE6)	138: // Enable sending of a P3P header by removing // from the following line (try this if login is failing in IE6)
139: // @header('P3P: CP="CUR ADM"');	139: // @header('P3P: CP="CUR ADM"');
140:	140:
141: setcookie($cookie_name, serialize(array($user_id, md5($cookie_seed.$password_hash))), $expire, $cookie_path, $cookie_domain, $cookie_secure);	141: if (version_compare(PHP_VERSION, '5.2.0', '>='))
	142: setcookie($cookie_name, serialize(array($user_id, md5($cookie_seed.$password_hash))), $expire, $cookie_path, $cookie_domain, $cookie_secure, true);
	143: else
	144: setcookie($cookie_name, serialize(array($user_id, md5($cookie_seed.$password_hash))), $expire, $cookie_path.'; HttpOnly', $cookie_domain, $cookie_secure);
142: }	145: }
143:	146:
144:	147:
168: }	171: }
169:	172:
170: if ($cur_ban['username'] != '' && !strcasecmp($pun_user['username'], $cur_ban['username']))	173: if ($cur_ban['username'] != '' && !strcasecmp($pun_user['username'], $cur_ban['username']))
	174: {
	175: $db->query('DELETE FROM '.$db->prefix.'online WHERE ident=\''.$db->escape($pun_user['username']).'\'') or error('Unable to delete from online list', __FILE__, __LINE__, $db->error());
171: message($lang_common['Ban message'].' '.(($cur_ban['expire'] != '') ? $lang_common['Ban message 2'].' '.strtolower(format_time($cur_ban['expire'], true)).'. ' : '').(($cur_ban['message'] != '') ? $lang_common['Ban message 3'].'<br /><br /><strong>'.pun_htmlspecialchars($cur_ban['message']).'</strong><br /><br />' : '<br /><br />').$lang_common['Ban message 4'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.', true);	176: message($lang_common['Ban message'].' '.(($cur_ban['expire'] != '') ? $lang_common['Ban message 2'].' '.strtolower(format_time($cur_ban['expire'], true)).'. ' : '').(($cur_ban['message'] != '') ? $lang_common['Ban message 3'].'<br /><br /><strong>'.pun_htmlspecialchars($cur_ban['message']).'</strong><br /><br />' : '<br /><br />').$lang_common['Ban message 4'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.', true);
	177: }
172:	178:
173: if ($cur_ban['ip'] != '')	179: if ($cur_ban['ip'] != '')
174: {	180: {
179: $cur_ban_ips[$i] = $cur_ban_ips[$i].'.';	185: $cur_ban_ips[$i] = $cur_ban_ips[$i].'.';
180:	186:
181: if (substr($user_ip, 0, strlen($cur_ban_ips[$i])) == $cur_ban_ips[$i])	187: if (substr($user_ip, 0, strlen($cur_ban_ips[$i])) == $cur_ban_ips[$i])
	188: {
	189: $db->query('DELETE FROM '.$db->prefix.'online WHERE ident=\''.$db->escape($pun_user['username']).'\'') or error('Unable to delete from online list', __FILE__, __LINE__, $db->error());
182: message($lang_common['Ban message'].' '.(($cur_ban['expire'] != '') ? $lang_common['Ban message 2'].' '.strtolower(format_time($cur_ban['expire'], true)).'. ' : '').(($cur_ban['message'] != '') ? $lang_common['Ban message 3'].'<br /><br /><strong>'.pun_htmlspecialchars($cur_ban['message']).'</strong><br /><br />' : '<br /><br />').$lang_common['Ban message 4'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.', true);	190: message($lang_common['Ban message'].' '.(($cur_ban['expire'] != '') ? $lang_common['Ban message 2'].' '.strtolower(format_time($cur_ban['expire'], true)).'. ' : '').(($cur_ban['message'] != '') ? $lang_common['Ban message 3'].'<br /><br /><strong>'.pun_htmlspecialchars($cur_ban['message']).'</strong><br /><br />' : '<br /><br />').$lang_common['Ban message 4'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.', true);
	191: }
183: }	192: }
184: }	193: }
185: }	194: }
203: $now = time();	212: $now = time();
204:	213:
205: // Fetch all online list entries that are older than "o_timeout_online"	214: // Fetch all online list entries that are older than "o_timeout_online"
206: $result = $db->query('SELECT * FROM '.$db->prefix.'online WHERE logged<'.($now-$pun_config['o_timeout_online'])) or error('Unable to delete from online list', __FILE__, __LINE__, $db->error());	215: $result = $db->query('SELECT * FROM '.$db->prefix.'online WHERE logged<'.($now-$pun_config['o_timeout_online'])) or error('Unable to fetch old entries from online list', __FILE__, __LINE__, $db->error());
207: while ($cur_user = $db->fetch_assoc($result))	216: while ($cur_user = $db->fetch_assoc($result))
208: {	217: {
209: // If the entry is a guest, delete it	218: // If the entry is a guest, delete it
675: //	684: //
676: function get_remote_address()	685: function get_remote_address()
677: {	686: {
678: $remote_address = $_SERVER['REMOTE_ADDR'];	687: return $_SERVER['REMOTE_ADDR'];
679:
680: // If HTTP_X_FORWARDED_FOR is set, we try to grab the first non-LAN IP
681: if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
682: {
683: if (preg_match_all('/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/', $_SERVER['HTTP_X_FORWARDED_FOR'], $address_list))
684: {
685: $lan_ips = array('/^0\./', '/^127\.0\.0\.1/', '/^192\.168\../', '/^172\.((1[6-9])\|(2[0-9])\|(3[0-1]))\../', '/^10\../', '/^224\../', '/^240\..*/');
686: $address_list = preg_replace($lan_ips, null, $address_list[0]);
687:
688: while (list(, $cur_address) = each($address_list))
689: {
690: if ($cur_address)
691: {
692: $remote_address = $cur_address;
693: break;
694: }
695: }
696: }
697: }
698:
699: return $remote_address;
700: }	688: }
701:	689:
702:	690:
1040: </div>	1028: </div>
1041: <?php	1029: <?php
1042:	1030:
	1031: }
	1032:
	1033:
	1034: //
	1035: // Unset any variables instantiated as a result of register_globals being enabled
	1036: //
	1037: function unregister_globals()
	1038: {
	1039: // Prevent script.php?GLOBALS[foo]=bar
	1040: if (isset($_REQUEST['GLOBALS']) \|\| isset($_FILES['GLOBALS']))
	1041: exit('I\'ll have a steak sandwich and... a steak sandwich.');
	1042:
	1043: // Variables that shouldn't be unset
	1044: $no_unset = array('GLOBALS', '_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES');
	1045:
	1046: // Remove elements in $GLOBALS that are present in any of the superglobals
	1047: $input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array());
	1048: foreach ($input as $k => $v)
	1049: {
	1050: if (!in_array($k, $no_unset) && isset($GLOBALS[$k]))
	1051: unset($GLOBALS[$k]);
	1052: }
1043: }	1053: }
1044:	1054:
1045:	1055:

punbb-1.2.6/upload/include/parser.php	punbb-1.2.13/upload/include/parser.php
264: {	264: {
265: global $pun_user;	265: global $pun_user;
266:	266:
267: $full_url = str_replace(' ', '%20', $url);	267: $full_url = str_replace(array(' ', '\'', '`', '"'), array('%20', '', '', ''), $url);
268: if (strpos($url, 'www.') === 0) // If it starts with www, we add http://	268: if (strpos($url, 'www.') === 0) // If it starts with www, we add http://
269: $full_url = 'http://'.$full_url;	269: $full_url = 'http://'.$full_url;
270: else if (strpos($url, 'ftp.') === 0) // Else if it starts with ftp, we add ftp://	270: else if (strpos($url, 'ftp.') === 0) // Else if it starts with ftp, we add ftp://
314: $pattern = array('#\[b\](.*?)\[/b\]#s',	314: $pattern = array('#\[b\](.*?)\[/b\]#s',
315: '#\[i\](.*?)\[/i\]#s',	315: '#\[i\](.*?)\[/i\]#s',
316: '#\[u\](.*?)\[/u\]#s',	316: '#\[u\](.*?)\[/u\]#s',
317: '#\[url\](.*?)\[/url\]#e',	317: '#\[url\]([^\[]*?)\[/url\]#e',
318: '#\[url=(.?)\](.?)\[/url\]#e',	318: '#\[url=([^\[]?)\](.?)\[/url\]#e',
319: '#\[email\](.*?)\[/email\]#',	319: '#\[email\]([^\[]*?)\[/email\]#',
320: '#\[email=(.?)\](.?)\[/email\]#',	320: '#\[email=([^\[]?)\](.?)\[/email\]#',
321: '#\[color=([a-zA-Z]\|\#?[0-9a-fA-F]{6})](.?)\[/color\]#s');	321: '#\[color=([a-zA-Z]\|\#?[0-9a-fA-F]{6})](.?)\[/color\]#s');
322:	322:
323: $replace = array('<strong>$1</strong>',	323: $replace = array('<strong>$1</strong>',

punbb-1.2.6/upload/include/search_idx.php	punbb-1.2.13/upload/include/search_idx.php
69: {	69: {
70: while (list($i, $word) = @each($words))	70: while (list($i, $word) = @each($words))
71: {	71: {
	72: $words[$i] = trim($word, '.');
72: $num_chars = pun_strlen($word);	73: $num_chars = pun_strlen($word);
73:
74: if (strrpos($word, '.') == ($num_chars-1))
75: $words[$i] = substr($word, 0, -1);
76:	74:
77: if ($num_chars < 3 \|\| $num_chars > 20 \|\| in_array($word, $stopwords))	75: if ($num_chars < 3 \|\| $num_chars > 20 \|\| in_array($word, $stopwords))
78: unset($words[$i]);	76: unset($words[$i]);

punbb-1.2.6/upload/install.php	punbb-1.2.13/upload/install.php
24:	24:
25:	25:
26: // The PunBB version this script installs	26: // The PunBB version this script installs
27: $punbb_version = '1.2.6';	27: $punbb_version = '1.2.13';
28:	28:
29:	29:
30: define('PUN_ROOT', './');	30: define('PUN_ROOT', './');
528: break;	528: break;
529: }	529: }
530:	530:
531: $db->query($sql) or error('Unable to create table '.$db_prefix.'online. Please check your settings and try again.', __FILE__, __LINE__, $db->error());	531: $db->query($sql) or error('Unable to create table '.$db_prefix.'config. Please check your settings and try again.', __FILE__, __LINE__, $db->error());
532:	532:
533:	533:
534:	534:

punbb-1.2.6/upload/login.php	punbb-1.2.13/upload/login.php
78: $expire = ($save_pass == '1') ? time() + 31536000 : 0;	78: $expire = ($save_pass == '1') ? time() + 31536000 : 0;
79: pun_setcookie($user_id, $form_password_hash, $expire);	79: pun_setcookie($user_id, $form_password_hash, $expire);
80:	80:
81: redirect($_POST['redirect_url'], $lang_login['Login redirect']);	81: redirect(htmlspecialchars($_POST['redirect_url']), $lang_login['Login redirect']);
82: }	82: }
83:	83:
84:	84:
153: message($lang_login['Forget mail'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.');	153: message($lang_login['Forget mail'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.');
154: }	154: }
155: else	155: else
156: message($lang_login['No e-mail match'].' '.$email.'.');	156: message($lang_login['No e-mail match'].' '.htmlspecialchars($email).'.');
157: }	157: }
158:	158:
159:	159:

punbb-1.2.6/upload/misc.php	punbb-1.2.13/upload/misc.php
120:	120:
121: pun_mail($recipient_email, $mail_subject, $mail_message, '"'.str_replace('"', '', $pun_user['username']).'" <'.$pun_user['email'].'>');	121: pun_mail($recipient_email, $mail_subject, $mail_message, '"'.str_replace('"', '', $pun_user['username']).'" <'.$pun_user['email'].'>');
122:	122:
123: redirect($_POST['redirect_url'], $lang_misc['E-mail sent redirect']);	123: redirect(htmlspecialchars($_POST['redirect_url']), $lang_misc['E-mail sent redirect']);
124: }	124: }
125:	125:
126:	126:

punbb-1.2.6/upload/post.php	punbb-1.2.13/upload/post.php
338: if ($qid < 1)	338: if ($qid < 1)
339: message($lang_common['Bad request']);	339: message($lang_common['Bad request']);
340:	340:
341: $result = $db->query('SELECT poster, message FROM '.$db->prefix.'posts WHERE id='.$qid) or error('Unable to fetch quote info', __FILE__, __LINE__, $db->error());	341: $result = $db->query('SELECT poster, message FROM '.$db->prefix.'posts WHERE id='.$qid.' AND topic_id='.$tid) or error('Unable to fetch quote info', __FILE__, __LINE__, $db->error());
342: if (!$db->num_rows($result))	342: if (!$db->num_rows($result))
343: message($lang_common['Bad request']);	343: message($lang_common['Bad request']);
344:	344:
440: else if (isset($_POST['preview']))	440: else if (isset($_POST['preview']))
441: {	441: {
442: require_once PUN_ROOT.'include/parser.php';	442: require_once PUN_ROOT.'include/parser.php';
443: $message = parse_message($message, $hide_smilies);	443: $preview_message = parse_message($message, $hide_smilies);
444:	444:
445: ?>	445: ?>
446: <div id="postpreview" class="blockpost">	446: <div id="postpreview" class="blockpost">
449: <div class="inbox">	449: <div class="inbox">
450: <div class="postright">	450: <div class="postright">
451: <div class="postmsg">	451: <div class="postmsg">
452: <?php echo $message."\n" ?>	452: <?php echo $preview_message."\n" ?>
453: </div>	453: </div>
454: </div>	454: </div>
455: </div>	455: </div>
491: if ($fid): ?>	491: if ($fid): ?>
492: <label><strong><?php echo $lang_common['Subject'] ?></strong><br /><input class="longinput" type="text" name="req_subject" value="<?php if (isset($_POST['req_subject'])) echo pun_htmlspecialchars($subject); ?>" size="80" maxlength="70" tabindex="<?php echo $cur_index++ ?>" /><br /></label>	492: <label><strong><?php echo $lang_common['Subject'] ?></strong><br /><input class="longinput" type="text" name="req_subject" value="<?php if (isset($_POST['req_subject'])) echo pun_htmlspecialchars($subject); ?>" size="80" maxlength="70" tabindex="<?php echo $cur_index++ ?>" /><br /></label>
493: <?php endif; ?> <label><strong><?php echo $lang_common['Message'] ?></strong><br />	493: <?php endif; ?> <label><strong><?php echo $lang_common['Message'] ?></strong><br />
494: <textarea name="req_message" rows="20" cols="95" tabindex="<?php echo $cur_index++ ?>"><?php echo isset($_POST['req_message']) ? pun_htmlspecialchars(trim($_POST['req_message'])) : (isset($quote) ? $quote : ''); ?></textarea><br /></label>	494: <textarea name="req_message" rows="20" cols="95" tabindex="<?php echo $cur_index++ ?>"><?php echo isset($_POST['req_message']) ? pun_htmlspecialchars($message) : (isset($quote) ? $quote : ''); ?></textarea><br /></label>
495: <ul class="bblinks">	495: <ul class="bblinks">
496: <li><a href="help.php#bbcode" onclick="window.open(this.href); return false;"><?php echo $lang_common['BBCode'] ?></a>: <?php echo ($pun_config['p_message_bbcode'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></li>	496: <li><a href="help.php#bbcode" onclick="window.open(this.href); return false;"><?php echo $lang_common['BBCode'] ?></a>: <?php echo ($pun_config['p_message_bbcode'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></li>
497: <li><a href="help.php#img" onclick="window.open(this.href); return false;"><?php echo $lang_common['img tag'] ?></a>: <?php echo ($pun_config['p_message_img_tag'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></li>	497: <li><a href="help.php#img" onclick="window.open(this.href); return false;"><?php echo $lang_common['img tag'] ?></a>: <?php echo ($pun_config['p_message_img_tag'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></li>

punbb-1.2.6/upload/profile.php	punbb-1.2.13/upload/profile.php
201: }	201: }
202: else if (isset($_POST['form_sent']))	202: else if (isset($_POST['form_sent']))
203: {	203: {
	204: if (pun_hash($_POST['req_password']) !== $pun_user['password'])
	205: message($lang_profile['Wrong pass']);
	206:
204: require PUN_ROOT.'include/email.php';	207: require PUN_ROOT.'include/email.php';
205:	208:
206: // Validate the email-address	209: // Validate the email-address
264: }	267: }
265:	268:
266: $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Profile'];	269: $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Profile'];
267: $required_fields = array('req_new_email' => $lang_profile['New e-mail']);	270: $required_fields = array('req_new_email' => $lang_profile['New e-mail'], 'req_password' => $lang_common['Password']);
268: $focus_element = array('change_email', 'req_new_email');	271: $focus_element = array('change_email', 'req_new_email');
269: require PUN_ROOT.'header.php';	272: require PUN_ROOT.'header.php';
270:	273:
279: <div class="infldset">	282: <div class="infldset">
280: <input type="hidden" name="form_sent" value="1" />	283: <input type="hidden" name="form_sent" value="1" />
281: <label><strong><?php echo $lang_profile['New e-mail'] ?></strong><br /><input type="text" name="req_new_email" size="50" maxlength="50" /><br /></label>	284: <label><strong><?php echo $lang_profile['New e-mail'] ?></strong><br /><input type="text" name="req_new_email" size="50" maxlength="50" /><br /></label>
	285: <label><strong><?php echo $lang_common['Password'] ?></strong><br /><input type="password" name="req_password" size="16" maxlength="16" /><br /></label>
282: <p><?php echo $lang_profile['E-mail instructions'] ?></p>	286: <p><?php echo $lang_profile['E-mail instructions'] ?></p>
283: </div>	287: </div>
284: </fieldset>	288: </fieldset>
362: message($lang_profile['Move failed'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.');	366: message($lang_profile['Move failed'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.');
363:	367:
364: // Now check the width/height	368: // Now check the width/height
365: list($width, $height, ,) = getimagesize($pun_config['o_avatars_dir'].'/'.$id.'.tmp');	369: list($width, $height, $type,) = getimagesize($pun_config['o_avatars_dir'].'/'.$id.'.tmp');
366: if (empty($width) \|\| empty($height) \|\| $width > $pun_config['o_avatars_width'] \|\| $height > $pun_config['o_avatars_height'])	370: if (empty($width) \|\| empty($height) \|\| $width > $pun_config['o_avatars_width'] \|\| $height > $pun_config['o_avatars_height'])
367: {	371: {
368: @unlink($pun_config['o_avatars_dir'].'/'.$id.'.tmp');	372: @unlink($pun_config['o_avatars_dir'].'/'.$id.'.tmp');
369: message($lang_profile['Too wide or high'].' '.$pun_config['o_avatars_width'].'x'.$pun_config['o_avatars_height'].' '.$lang_profile['pixels'].'.');	373: message($lang_profile['Too wide or high'].' '.$pun_config['o_avatars_width'].'x'.$pun_config['o_avatars_height'].' '.$lang_profile['pixels'].'.');
370: }	374: }
	375: else if ($type == 1 && $uploaded_file['type'] != 'image/gif') // Prevent dodgy uploads
	376: {
	377: @unlink($pun_config['o_avatars_dir'].'/'.$id.'.tmp');
	378: message($lang_profile['Bad type']);
	379: }
371:	380:
372: // Delete any old avatars and put the new one in place	381: // Delete any old avatars and put the new one in place
373: @unlink($pun_config['o_avatars_dir'].'/'.$id.$extensions[0]);	382: @unlink($pun_config['o_avatars_dir'].'/'.$id.$extensions[0]);
708: $form['email'] = strtolower(trim($_POST['req_email']));	717: $form['email'] = strtolower(trim($_POST['req_email']));
709: if (!is_valid_email($form['email']))	718: if (!is_valid_email($form['email']))
710: message($lang_common['Invalid e-mail']);	719: message($lang_common['Invalid e-mail']);
	720: }
	721:
	722: // Make sure we got a valid language string
	723: if (isset($form['language']))
	724: {
	725: $form['language'] = preg_replace('#[\.\\\/]#', '', $form['language']);
	726: if (!file_exists(PUN_ROOT.'lang/'.$form['language'].'/common.php'))
	727: message($lang_common['Bad request']);
711: }	728: }
712:	729:
713: break;	730: break;

punbb-1.2.6/upload/register.php	punbb-1.2.13/upload/register.php
79:	79:
80: else if (isset($_POST['form_sent']))	80: else if (isset($_POST['form_sent']))
81: {	81: {
	82: // Check that someone from this IP didn't register a user within the last hour (DoS prevention)
	83: $result = $db->query('SELECT 1 FROM '.$db->prefix.'users WHERE registration_ip=\''.get_remote_address().'\' AND registered>'.(time() - 3600)) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
	84:
	85: if ($db->num_rows($result))
	86: message('A new user was registered with the same IP address as you within the last hour. To prevent registration flooding, at least an hour has to pass between registrations from the same IP. Sorry for the inconvenience.');
	87:
	88:
82: $username = pun_trim($_POST['req_username']);	89: $username = pun_trim($_POST['req_username']);
83: $email1 = strtolower(trim($_POST['req_email1']));	90: $email1 = strtolower(trim($_POST['req_email1']));
84:	91:
171: $save_pass = (!isset($_POST['save_pass']) \|\| $_POST['save_pass'] != '1') ? '0' : '1';	178: $save_pass = (!isset($_POST['save_pass']) \|\| $_POST['save_pass'] != '1') ? '0' : '1';
172:	179:
173: $email_setting = intval($_POST['email_setting']);	180: $email_setting = intval($_POST['email_setting']);
174: if ($email_setting < 0 && $email_setting > 2) $email_setting = 1;	181: if ($email_setting < 0 \|\| $email_setting > 2) $email_setting = 1;
175:	182:
176: // Insert the new user into the database. We do this now to get the last inserted id for later use.	183: // Insert the new user into the database. We do this now to get the last inserted id for later use.
177: $now = time();	184: $now = time();

punbb-1.2.6/upload/search.php	punbb-1.2.13/upload/search.php
51: $action = (isset($_GET['action'])) ? $_GET['action'] : null;	51: $action = (isset($_GET['action'])) ? $_GET['action'] : null;
52: $forum = (isset($_GET['forum'])) ? intval($_GET['forum']) : -1;	52: $forum = (isset($_GET['forum'])) ? intval($_GET['forum']) : -1;
53: $sort_dir = (isset($_GET['sort_dir'])) ? (($_GET['sort_dir'] == 'DESC') ? 'DESC' : 'ASC') : 'DESC';	53: $sort_dir = (isset($_GET['sort_dir'])) ? (($_GET['sort_dir'] == 'DESC') ? 'DESC' : 'ASC') : 'DESC';
	54: if (isset($search_id)) unset($search_id);
54:	55:
55: // If a search_id was supplied	56: // If a search_id was supplied
56: if (isset($_GET['search_id']))	57: if (isset($_GET['search_id']))
386:	387:
387:	388:
388: // Prune "old" search results	389: // Prune "old" search results
	390: $old_searches = array();
389: $result = $db->query('SELECT ident FROM '.$db->prefix.'online') or error('Unable to fetch online list', __FILE__, __LINE__, $db->error());	391: $result = $db->query('SELECT ident FROM '.$db->prefix.'online') or error('Unable to fetch online list', __FILE__, __LINE__, $db->error());
390:	392:
391: if ($db->num_rows($result))	393: if ($db->num_rows($result))

punbb-1.2.6/upload/userlist.php	punbb-1.2.13/upload/userlist.php
116: $where_sql[] = 'u.group_id='.$show_group;	116: $where_sql[] = 'u.group_id='.$show_group;
117:	117:
118: // Fetch user count	118: // Fetch user count
119: $result = $db->query('SELECT COUNT(id) FROM '.$db->prefix.'users AS u'.(!empty($where_sql) ? ' WHERE u.id>1 AND '.implode(' AND ', $where_sql) : '')) or error('Unable to fetch user list count', __FILE__, __LINE__, $db->error());	119: $result = $db->query('SELECT COUNT(id) FROM '.$db->prefix.'users AS u WHERE u.id>1'.(!empty($where_sql) ? ' AND '.implode(' AND ', $where_sql) : '')) or error('Unable to fetch user list count', __FILE__, __LINE__, $db->error());
120: $num_users = $db->result($result);	120: $num_users = $db->result($result);
121:	121:
122:	122:

punbb-1.2.6/upload/viewforum.php	punbb-1.2.13/upload/viewforum.php
242:	242:
243: <div class="linksb">	243: <div class="linksb">
244: <div class="inbox">	244: <div class="inbox">
245: <p class="pagelink conl"><?php echo $lang_common['Pages'].': '.paginate($num_pages, $p, 'viewforum.php?id='.$id) ?></p>	245: <p class="pagelink conl"><?php echo $paging_links ?></p>
246: <?php echo $post_link ?>	246: <?php echo $post_link ?>
247: <ul><li><a href="index.php"><?php echo $lang_common['Index'] ?></a> </li><li>» <?php echo pun_htmlspecialchars($cur_forum['forum_name']) ?></li></ul>	247: <ul><li><a href="index.php"><?php echo $lang_common['Index'] ?></a> </li><li>» <?php echo pun_htmlspecialchars($cur_forum['forum_name']) ?></li></ul>
248: <div class="clearer"></div>	248: <div class="clearer"></div>

hdiff - version: 2.1.0 (modified)