PunBB 1.2.9 to 1.2.12 changes

PunBB 1.2.9 to 1.2.12 changes	Legend
	Lines removed
	Lines changed
		Lines added

punbb-1.2.9/upload/header.php	punbb-1.2.12/upload/header.php
131:	131:
132:	132:
133: // START SUBST - <pun_page>	133: // START SUBST - <pun_page>
134: $tpl_main = str_replace('<pun_page>', basename($_SERVER['PHP_SELF'], '.php'), $tpl_main);	134: $tpl_main = str_replace('<pun_page>', htmlspecialchars(basename($_SERVER['PHP_SELF'], '.php')), $tpl_main);
135: // END SUBST - <pun_title>	135: // END SUBST - <pun_title>
136:	136:
137:	137:

punbb-1.2.9/upload/include/common.php	punbb-1.2.12/upload/include/common.php
32: if (!defined('PUN_ROOT'))	32: if (!defined('PUN_ROOT'))
33: exit('The constant PUN_ROOT must be defined and point to a valid PunBB installation root directory.');	33: exit('The constant PUN_ROOT must be defined and point to a valid PunBB installation root directory.');
34:	34:
	35:
	36: // Load the functions script
	37: require PUN_ROOT.'include/functions.php';
	38:
	39: // Reverse the effect of register_globals
	40: if (@ini_get('register_globals'))
	41: unregister_globals();
	42:
	43:
35: @include PUN_ROOT.'config.php';	44: @include PUN_ROOT.'config.php';
36:	45:
37: // If PUN isn't defined, config.php is missing or corrupt	46: // If PUN isn't defined, config.php is missing or corrupt
75: define('PUN_MOD', 2);	84: define('PUN_MOD', 2);
76: define('PUN_GUEST', 3);	85: define('PUN_GUEST', 3);
77: define('PUN_MEMBER', 4);	86: define('PUN_MEMBER', 4);
78:
79:
80: // Load the functions script
81: require PUN_ROOT.'include/functions.php';
82:
83: // Reverse the effect of register_globals
84: if (@ini_get('register_globals'))
85: unregister_globals();
86:	87:
87:	88:
88: // Load DB abstraction layer and connect	89: // Load DB abstraction layer and connect

punbb-1.2.9/upload/include/functions.php	punbb-1.2.12/upload/include/functions.php
681: //	681: //
682: function get_remote_address()	682: function get_remote_address()
683: {	683: {
684: $remote_address = $_SERVER['REMOTE_ADDR'];	684: return $_SERVER['REMOTE_ADDR'];
685:
686: // If HTTP_X_FORWARDED_FOR is set, we try to grab the first non-LAN IP
687: if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
688: {
689: if (preg_match_all('/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/', $_SERVER['HTTP_X_FORWARDED_FOR'], $address_list))
690: {
691: $lan_ips = array('/^0\./', '/^127\.0\.0\.1/', '/^192\.168\../', '/^172\.((1[6-9])\|(2[0-9])\|(3[0-1]))\../', '/^10\../', '/^224\../', '/^240\..*/');
692: $address_list = preg_replace($lan_ips, null, $address_list[0]);
693:
694: while (list(, $cur_address) = each($address_list))
695: {
696: if ($cur_address)
697: {
698: $remote_address = $cur_address;
699: break;
700: }
701: }
702: }
703: }
704:
705: return $remote_address;
706: }	685: }
707:	686:
708:	687:

punbb-1.2.9/upload/include/parser.php	punbb-1.2.12/upload/include/parser.php
264: {	264: {
265: global $pun_user;	265: global $pun_user;
266:	266:
267: $full_url = str_replace(array(' ', '\'', '`'), array('%20', '', ''), $url);	267: $full_url = str_replace(array(' ', '\'', '`', '"'), array('%20', '', '', ''), $url);
268: if (strpos($url, 'www.') === 0) // If it starts with www, we add http://	268: if (strpos($url, 'www.') === 0) // If it starts with www, we add http://
269: $full_url = 'http://'.$full_url;	269: $full_url = 'http://'.$full_url;
270: else if (strpos($url, 'ftp.') === 0) // Else if it starts with ftp, we add ftp://	270: else if (strpos($url, 'ftp.') === 0) // Else if it starts with ftp, we add ftp://

punbb-1.2.9/upload/include/search_idx.php	punbb-1.2.12/upload/include/search_idx.php
69: {	69: {
70: while (list($i, $word) = @each($words))	70: while (list($i, $word) = @each($words))
71: {	71: {
	72: $words[$i] = trim($word, '.');
72: $num_chars = pun_strlen($word);	73: $num_chars = pun_strlen($word);
73:
74: if (strrpos($word, '.') == ($num_chars-1))
75: $words[$i] = substr($word, 0, -1);
76:	74:
77: if ($num_chars < 3 \|\| $num_chars > 20 \|\| in_array($word, $stopwords))	75: if ($num_chars < 3 \|\| $num_chars > 20 \|\| in_array($word, $stopwords))
78: unset($words[$i]);	76: unset($words[$i]);

punbb-1.2.9/upload/install.php	punbb-1.2.12/upload/install.php
24:	24:
25:	25:
26: // The PunBB version this script installs	26: // The PunBB version this script installs
27: $punbb_version = '1.2.9';	27: $punbb_version = '1.2.12';
28:	28:
29:	29:
30: define('PUN_ROOT', './');	30: define('PUN_ROOT', './');

punbb-1.2.9/upload/login.php	punbb-1.2.12/upload/login.php
78: $expire = ($save_pass == '1') ? time() + 31536000 : 0;	78: $expire = ($save_pass == '1') ? time() + 31536000 : 0;
79: pun_setcookie($user_id, $form_password_hash, $expire);	79: pun_setcookie($user_id, $form_password_hash, $expire);
80:	80:
81: redirect($_POST['redirect_url'], $lang_login['Login redirect']);	81: redirect(htmlspecialchars($_POST['redirect_url']), $lang_login['Login redirect']);
82: }	82: }
83:	83:
84:	84:

punbb-1.2.9/upload/misc.php	punbb-1.2.12/upload/misc.php
120:	120:
121: pun_mail($recipient_email, $mail_subject, $mail_message, '"'.str_replace('"', '', $pun_user['username']).'" <'.$pun_user['email'].'>');	121: pun_mail($recipient_email, $mail_subject, $mail_message, '"'.str_replace('"', '', $pun_user['username']).'" <'.$pun_user['email'].'>');
122:	122:
123: redirect($_POST['redirect_url'], $lang_misc['E-mail sent redirect']);	123: redirect(htmlspecialchars($_POST['redirect_url']), $lang_misc['E-mail sent redirect']);
124: }	124: }
125:	125:
126:	126:

punbb-1.2.9/upload/post.php	punbb-1.2.12/upload/post.php
338: if ($qid < 1)	338: if ($qid < 1)
339: message($lang_common['Bad request']);	339: message($lang_common['Bad request']);
340:	340:
341: $result = $db->query('SELECT poster, message FROM '.$db->prefix.'posts WHERE id='.$qid) or error('Unable to fetch quote info', __FILE__, __LINE__, $db->error());	341: $result = $db->query('SELECT poster, message FROM '.$db->prefix.'posts WHERE id='.$qid.' AND topic_id='.$tid) or error('Unable to fetch quote info', __FILE__, __LINE__, $db->error());
342: if (!$db->num_rows($result))	342: if (!$db->num_rows($result))
343: message($lang_common['Bad request']);	343: message($lang_common['Bad request']);
344:	344:

punbb-1.2.9/upload/profile.php	punbb-1.2.12/upload/profile.php
201: }	201: }
202: else if (isset($_POST['form_sent']))	202: else if (isset($_POST['form_sent']))
203: {	203: {
	204: if (pun_hash($_POST['req_password']) !== $pun_user['password'])
	205: message($lang_profile['Wrong pass']);
	206:
204: require PUN_ROOT.'include/email.php';	207: require PUN_ROOT.'include/email.php';
205:	208:
206: // Validate the email-address	209: // Validate the email-address
264: }	267: }
265:	268:
266: $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Profile'];	269: $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Profile'];
267: $required_fields = array('req_new_email' => $lang_profile['New e-mail']);	270: $required_fields = array('req_new_email' => $lang_profile['New e-mail'], 'req_password' => $lang_common['Password']);
268: $focus_element = array('change_email', 'req_new_email');	271: $focus_element = array('change_email', 'req_new_email');
269: require PUN_ROOT.'header.php';	272: require PUN_ROOT.'header.php';
270:	273:
279: <div class="infldset">	282: <div class="infldset">
280: <input type="hidden" name="form_sent" value="1" />	283: <input type="hidden" name="form_sent" value="1" />
281: <label><strong><?php echo $lang_profile['New e-mail'] ?></strong><br /><input type="text" name="req_new_email" size="50" maxlength="50" /><br /></label>	284: <label><strong><?php echo $lang_profile['New e-mail'] ?></strong><br /><input type="text" name="req_new_email" size="50" maxlength="50" /><br /></label>
	285: <label><strong><?php echo $lang_common['Password'] ?></strong><br /><input type="password" name="req_password" size="16" maxlength="16" /><br /></label>
282: <p><?php echo $lang_profile['E-mail instructions'] ?></p>	286: <p><?php echo $lang_profile['E-mail instructions'] ?></p>
283: </div>	287: </div>
284: </fieldset>	288: </fieldset>
362: message($lang_profile['Move failed'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.');	366: message($lang_profile['Move failed'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.');
363:	367:
364: // Now check the width/height	368: // Now check the width/height
365: list($width, $height, ,) = getimagesize($pun_config['o_avatars_dir'].'/'.$id.'.tmp');	369: list($width, $height, $type,) = getimagesize($pun_config['o_avatars_dir'].'/'.$id.'.tmp');
366: if (empty($width) \|\| empty($height) \|\| $width > $pun_config['o_avatars_width'] \|\| $height > $pun_config['o_avatars_height'])	370: if (empty($width) \|\| empty($height) \|\| $width > $pun_config['o_avatars_width'] \|\| $height > $pun_config['o_avatars_height'])
367: {	371: {
368: @unlink($pun_config['o_avatars_dir'].'/'.$id.'.tmp');	372: @unlink($pun_config['o_avatars_dir'].'/'.$id.'.tmp');
369: message($lang_profile['Too wide or high'].' '.$pun_config['o_avatars_width'].'x'.$pun_config['o_avatars_height'].' '.$lang_profile['pixels'].'.');	373: message($lang_profile['Too wide or high'].' '.$pun_config['o_avatars_width'].'x'.$pun_config['o_avatars_height'].' '.$lang_profile['pixels'].'.');
370: }	374: }
	375: else if ($type == 1 && $uploaded_file['type'] != 'image/gif') // Prevent dodgy uploads
	376: {
	377: @unlink($pun_config['o_avatars_dir'].'/'.$id.'.tmp');
	378: message($lang_profile['Bad type']);
	379: }
371:	380:
372: // Delete any old avatars and put the new one in place	381: // Delete any old avatars and put the new one in place
373: @unlink($pun_config['o_avatars_dir'].'/'.$id.$extensions[0]);	382: @unlink($pun_config['o_avatars_dir'].'/'.$id.$extensions[0]);

punbb-1.2.9/upload/register.php	punbb-1.2.12/upload/register.php
79:	79:
80: else if (isset($_POST['form_sent']))	80: else if (isset($_POST['form_sent']))
81: {	81: {
	82: // Check that someone from this IP didn't register a user within the last hour (DoS prevention)
	83: $result = $db->query('SELECT 1 FROM '.$db->prefix.'users WHERE registration_ip=\''.get_remote_address().'\' AND registered>'.(time() - 3600)) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
	84:
	85: if ($db->num_rows($result))
	86: message('A new user was registered with the same IP address as you within the last hour. To prevent registration flooding, at least an hour has to pass between registrations from the same IP. Sorry for the inconvenience.');
	87:
	88:
82: $username = pun_trim($_POST['req_username']);	89: $username = pun_trim($_POST['req_username']);
83: $email1 = strtolower(trim($_POST['req_email1']));	90: $email1 = strtolower(trim($_POST['req_email1']));
84:	91:

punbb-1.2.9/upload/userlist.php	punbb-1.2.12/upload/userlist.php
116: $where_sql[] = 'u.group_id='.$show_group;	116: $where_sql[] = 'u.group_id='.$show_group;
117:	117:
118: // Fetch user count	118: // Fetch user count
119: $result = $db->query('SELECT COUNT(id) FROM '.$db->prefix.'users AS u'.(!empty($where_sql) ? ' WHERE u.id>1 AND '.implode(' AND ', $where_sql) : '')) or error('Unable to fetch user list count', __FILE__, __LINE__, $db->error());	119: $result = $db->query('SELECT COUNT(id) FROM '.$db->prefix.'users AS u WHERE u.id>1'.(!empty($where_sql) ? ' AND '.implode(' AND ', $where_sql) : '')) or error('Unable to fetch user list count', __FILE__, __LINE__, $db->error());
120: $num_users = $db->result($result);	120: $num_users = $db->result($result);
121:	121:
122:	122:

hdiff - version: 2.1.0 (modified)