diff -urN punbb-1.2.1/upload/admin_ranks.php punbb-1.2.17/upload/admin_ranks.php
--- punbb-1.2.1/upload/admin_ranks.php 2005-01-11 21:41:14.000000000 +0100
+++ punbb-1.2.17/upload/admin_ranks.php 2007-04-10 23:37:34.000000000 +0200
@@ -46,7 +46,7 @@
if ($rank == '')
message('You must enter a rank title.');
- if (!preg_match('#^\d+$#', $min_posts))
+ if (!@preg_match('#^\d+$#', $min_posts))
message('Minimum posts must be a positive integer value.');
// Make sure there isn't already a rank with the same min_posts value
@@ -69,7 +69,7 @@
{
confirm_referrer('admin_ranks.php');
- $id = key($_POST['update']);
+ $id = intval(key($_POST['update']));
$rank = trim($_POST['rank'][$id]);
$min_posts = trim($_POST['min_posts'][$id]);
@@ -77,11 +77,11 @@
if ($rank == '')
message('You must enter a rank title.');
- if (!preg_match('#^\d+$#', $min_posts))
+ if (!@preg_match('#^\d+$#', $min_posts))
message('Minimum posts must be a positive integer value.');
// Make sure there isn't already a rank with the same min_posts value
- $result = $db->query('SELECT 1 FROM '.$db->prefix.'ranks WHERE id!='.$id.' && min_posts='.$min_posts) or error('Unable to fetch rank info', __FILE__, __LINE__, $db->error());
+ $result = $db->query('SELECT 1 FROM '.$db->prefix.'ranks WHERE id!='.$id.' AND min_posts='.$min_posts) or error('Unable to fetch rank info', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result))
message('There is already a rank with a minimun posts value of '.$min_posts.'.');
@@ -100,7 +100,7 @@
{
confirm_referrer('admin_ranks.php');
- $id = key($_POST['remove']);
+ $id = intval(key($_POST['remove']));
$db->query('DELETE FROM '.$db->prefix.'ranks WHERE id='.$id) or error('Unable to delete rank', __FILE__, __LINE__, $db->error());
diff -urN punbb-1.2.1/upload/admin_reports.php punbb-1.2.17/upload/admin_reports.php
--- punbb-1.2.1/upload/admin_reports.php 2005-01-11 21:41:14.000000000 +0100
+++ punbb-1.2.17/upload/admin_reports.php 2005-03-11 19:17:27.000000000 +0100
@@ -40,7 +40,7 @@
{
confirm_referrer('admin_reports.php');
- $zap_id = key($_POST['zap_id']);
+ $zap_id = intval(key($_POST['zap_id']));
$result = $db->query('SELECT zapped FROM '.$db->prefix.'reports WHERE id='.$zap_id) or error('Unable to fetch report info', __FILE__, __LINE__, $db->error());
$zapped = $db->result($result);
diff -urN punbb-1.2.1/upload/admin_users.php punbb-1.2.17/upload/admin_users.php
--- punbb-1.2.1/upload/admin_users.php 2005-02-01 17:16:46.000000000 +0100
+++ punbb-1.2.17/upload/admin_users.php 2007-04-10 23:37:34.000000000 +0200
@@ -49,7 +49,7 @@
?>
@@ -300,7 +301,7 @@
query('SELECT u.id, u.username, u.email, u.title, u.num_posts, u.admin_note, g.g_id, g.g_user_title FROM '.$db->prefix.'users AS u LEFT JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id WHERE u.id>1 AND '.implode(' AND ', $conditions).' ORDER BY '.$order_by.' '.$direction) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
+ $result = $db->query('SELECT u.id, u.username, u.email, u.title, u.num_posts, u.admin_note, g.g_id, g.g_user_title FROM '.$db->prefix.'users AS u LEFT JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id WHERE u.id>1 AND '.implode(' AND ', $conditions).' ORDER BY '.$db->escape($order_by).' '.$db->escape($direction)) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result))
{
while ($user_data = $db->fetch_assoc($result))
@@ -338,7 +339,7 @@
diff -urN punbb-1.2.1/upload/include/cache.php punbb-1.2.17/upload/include/cache.php
--- punbb-1.2.1/upload/include/cache.php 2005-01-30 19:40:38.000000000 +0100
+++ punbb-1.2.17/upload/include/cache.php 2005-07-07 19:00:08.000000000 +0200
@@ -129,7 +129,7 @@
global $db;
// Get the rank list from the DB
- $result = $db->query('SELECT * FROM '.$db->prefix.'ranks', true) or error('Unable to fetch rank list', __FILE__, __LINE__, $db->error());
+ $result = $db->query('SELECT * FROM '.$db->prefix.'ranks ORDER BY min_posts', true) or error('Unable to fetch rank list', __FILE__, __LINE__, $db->error());
$output = array();
while ($cur_rank = $db->fetch_assoc($result))
@@ -174,7 +174,7 @@
if (!$fh)
error('Unable to write quickjump cache file to cache directory. Please make sure PHP has write access to the directory \'cache\'', __FILE__, __LINE__);
- $output = '';
+ $output = '';
$output .= "\t\t\t\t".'