diff -urN punbb-1.2.2/upload/admin_censoring.php punbb-1.2.3/upload/admin_censoring.php --- punbb-1.2.2/upload/admin_censoring.php Tue Jan 11 20:41:14 2005 +++ punbb-1.2.3/upload/admin_censoring.php Fri Mar 11 19:17:26 2005 @@ -76,7 +76,7 @@ { confirm_referrer('admin_censoring.php'); - $id = key($_POST['remove']); + $id = intval(key($_POST['remove'])); $db->query('DELETE FROM '.$db->prefix.'censoring WHERE id='.$id) or error('Unable to delete censor word', __FILE__, __LINE__, $db->error()); diff -urN punbb-1.2.2/upload/admin_options.php punbb-1.2.3/upload/admin_options.php --- punbb-1.2.2/upload/admin_options.php Sun Jan 23 20:08:54 2005 +++ punbb-1.2.3/upload/admin_options.php Mon Feb 28 01:52:52 2005 @@ -38,7 +38,7 @@ if (isset($_POST['form_sent'])) { // Lazy referer check (in case base_url isn't correct) - if (!preg_match('#/admin_options\.php#i', $_SERVER['HTTP_REFERER'])) + if (!isset($_SERVER['HTTP_REFERER']) || !preg_match('#/admin_options\.php#i', $_SERVER['HTTP_REFERER'])) message($lang_common['Bad referrer']); $form = array_map('trim', $_POST['form']); diff -urN punbb-1.2.2/upload/admin_ranks.php punbb-1.2.3/upload/admin_ranks.php --- punbb-1.2.2/upload/admin_ranks.php Tue Jan 11 20:41:14 2005 +++ punbb-1.2.3/upload/admin_ranks.php Fri Mar 11 19:17:26 2005 @@ -69,7 +69,7 @@ { confirm_referrer('admin_ranks.php'); - $id = key($_POST['update']); + $id = intval(key($_POST['update'])); $rank = trim($_POST['rank'][$id]); $min_posts = trim($_POST['min_posts'][$id]); @@ -100,7 +100,7 @@ { confirm_referrer('admin_ranks.php'); - $id = key($_POST['remove']); + $id = intval(key($_POST['remove'])); $db->query('DELETE FROM '.$db->prefix.'ranks WHERE id='.$id) or error('Unable to delete rank', __FILE__, __LINE__, $db->error()); diff -urN punbb-1.2.2/upload/admin_reports.php punbb-1.2.3/upload/admin_reports.php --- punbb-1.2.2/upload/admin_reports.php Tue Jan 11 20:41:14 2005 +++ punbb-1.2.3/upload/admin_reports.php Fri Mar 11 19:17:26 2005 @@ -40,7 +40,7 @@ { confirm_referrer('admin_reports.php'); - $zap_id = key($_POST['zap_id']); + $zap_id = intval(key($_POST['zap_id'])); $result = $db->query('SELECT zapped FROM '.$db->prefix.'reports WHERE id='.$zap_id) or error('Unable to fetch report info', __FILE__, __LINE__, $db->error()); $zapped = $db->result($result); diff -urN punbb-1.2.2/upload/admin_users.php punbb-1.2.3/upload/admin_users.php --- punbb-1.2.2/upload/admin_users.php Tue Feb 1 16:16:46 2005 +++ punbb-1.2.3/upload/admin_users.php Fri Mar 11 19:17:26 2005 @@ -266,7 +266,7 @@ $conditions[] = 'u.num_posts<'.$posts_less; if ($user_group != 'all') - $conditions[] = 'u.group_id='.$user_group; + $conditions[] = 'u.group_id='.$db->escape($user_group); if (!isset($conditions)) message('You didn\'t enter any search terms.'); @@ -300,7 +300,7 @@
query('SELECT u.id, u.username, u.email, u.title, u.num_posts, u.admin_note, g.g_id, g.g_user_title FROM '.$db->prefix.'users AS u LEFT JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id WHERE u.id>1 AND '.implode(' AND ', $conditions).' ORDER BY '.$order_by.' '.$direction) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); + $result = $db->query('SELECT u.id, u.username, u.email, u.title, u.num_posts, u.admin_note, g.g_id, g.g_user_title FROM '.$db->prefix.'users AS u LEFT JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id WHERE u.id>1 AND '.implode(' AND ', $conditions).' ORDER BY '.$db->escape($order_by).' '.$db->escape($direction)) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); if ($db->num_rows($result)) { while ($user_data = $db->fetch_assoc($result)) diff -urN punbb-1.2.2/upload/header.php punbb-1.2.3/upload/header.php --- punbb-1.2.2/upload/header.php Tue Feb 1 16:16:46 2005 +++ punbb-1.2.3/upload/header.php Wed Mar 9 22:04:02 2005 @@ -15,7 +15,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - You should have received a copy of the GNU G>eneral Public License + You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA @@ -171,10 +171,8 @@ $tpl_temp .= "\n\t\t\t\t".''.$lang_common['Mark all as read'].'
'."\n\t\t\t".''."\n\t\t".''; else $tpl_temp .= "\n\t\t\t".''."\n\t\t\t".''."\n\t\t".''; } diff -urN punbb-1.2.2/upload/include/email.php punbb-1.2.3/upload/include/email.php --- punbb-1.2.2/upload/include/email.php Fri Feb 18 22:05:02 2005 +++ punbb-1.2.3/upload/include/email.php Fri Mar 11 19:15:58 2005 @@ -67,8 +67,10 @@ if (!$from) $from = '"'.$pun_config['o_board_title'].' '.$lang_common['Mailer'].'" <'.$pun_config['o_webmaster_email'].'>'; - // Make sure the from line doesn't contain a colon (the character, that is :D) - $from = str_replace(':', ' ', $from); + // Do a little spring cleaning + $to = trim(preg_replace('#[\n\r]+#s', '', $to)); + $subject = trim(preg_replace('#[\n\r]+#s', '', $subject)); + $from = trim(preg_replace('#[\n\r:]+#s', '', $from)); // Detect what linebreak we should use for the headers if (strtoupper(substr(PHP_OS, 0, 3) == 'WIN')) diff -urN punbb-1.2.2/upload/include/functions.php punbb-1.2.3/upload/include/functions.php --- punbb-1.2.2/upload/include/functions.php Mon Feb 21 21:00:14 2005 +++ punbb-1.2.3/upload/include/functions.php Fri Mar 11 18:57:06 2005 @@ -46,7 +46,7 @@ $pun_user = $db->fetch_assoc($result); // If user authorisation failed - if (!isset($pun_user['id']) || md5($cookie_seed.$pun_user['password']) != $cookie['password_hash']) + if (!isset($pun_user['id']) || md5($cookie_seed.$pun_user['password']) !== $cookie['password_hash']) { pun_setcookie(0, random_pass(8), $expire); set_default_user(); diff -urN punbb-1.2.2/upload/install.php punbb-1.2.3/upload/install.php --- punbb-1.2.2/upload/install.php Thu Feb 24 22:30:58 2005 +++ punbb-1.2.3/upload/install.php Fri Mar 11 18:55:20 2005 @@ -24,7 +24,7 @@ // The PunBB version this script installs -$punbb_version = '1.2.2'; +$punbb_version = '1.2.3'; define('PUN_ROOT', './'); diff -urN punbb-1.2.2/upload/misc.php punbb-1.2.3/upload/misc.php --- punbb-1.2.2/upload/misc.php Tue Jan 11 20:41:14 2005 +++ punbb-1.2.3/upload/misc.php Mon Feb 28 02:02:16 2005 @@ -245,7 +245,7 @@ else if (isset($_GET['subscribe'])) { - if ($pun_user['is_guest']) + if ($pun_user['is_guest'] || $pun_config['o_subscriptions'] != '1') message($lang_common['No permission']); $topic_id = intval($_GET['subscribe']); @@ -264,7 +264,7 @@ else if (isset($_GET['unsubscribe'])) { - if ($pun_user['is_guest']) + if ($pun_user['is_guest'] || $pun_config['o_subscriptions'] != '1') message($lang_common['No permission']); $topic_id = intval($_GET['unsubscribe']); diff -urN punbb-1.2.2/upload/post.php punbb-1.2.3/upload/post.php --- punbb-1.2.2/upload/post.php Sat Jan 22 01:32:28 2005 +++ punbb-1.2.3/upload/post.php Mon Feb 28 02:02:16 2005 @@ -207,73 +207,76 @@ update_forum($cur_posting['id']); - - // Get the post time for the previous post in this topic - $result = $db->query('SELECT posted FROM '.$db->prefix.'posts WHERE topic_id='.$tid.' ORDER BY id DESC LIMIT 1, 1') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error()); - $previous_post_time = $db->result($result); - - // Get any subscribed users that should be notified (banned users are excluded) - $result = $db->query('SELECT u.id, u.email, u.notify_with_post, u.language FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'subscriptions AS s ON u.id=s.user_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id='.$cur_posting['id'].' AND fp.group_id=u.group_id) LEFT JOIN '.$db->prefix.'online AS o ON u.id=o.user_id LEFT JOIN '.$db->prefix.'bans AS b ON u.username=b.username WHERE b.username IS NULL AND COALESCE(o.logged, u.last_visit)>'.$previous_post_time.' AND (fp.read_forum IS NULL OR fp.read_forum=1) AND s.topic_id='.$tid.' AND u.id!='.intval($pun_user['id'])) or error('Unable to fetch subscription info', __FILE__, __LINE__, $db->error()); - if ($db->num_rows($result)) + // Should we send out notifications? + if ($pun_config['o_subscriptions'] == '1') { - require_once PUN_ROOT.'include/email.php'; + // Get the post time for the previous post in this topic + $result = $db->query('SELECT posted FROM '.$db->prefix.'posts WHERE topic_id='.$tid.' ORDER BY id DESC LIMIT 1, 1') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error()); + $previous_post_time = $db->result($result); + + // Get any subscribed users that should be notified (banned users are excluded) + $result = $db->query('SELECT u.id, u.email, u.notify_with_post, u.language FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'subscriptions AS s ON u.id=s.user_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id='.$cur_posting['id'].' AND fp.group_id=u.group_id) LEFT JOIN '.$db->prefix.'online AS o ON u.id=o.user_id LEFT JOIN '.$db->prefix.'bans AS b ON u.username=b.username WHERE b.username IS NULL AND COALESCE(o.logged, u.last_visit)>'.$previous_post_time.' AND (fp.read_forum IS NULL OR fp.read_forum=1) AND s.topic_id='.$tid.' AND u.id!='.intval($pun_user['id'])) or error('Unable to fetch subscription info', __FILE__, __LINE__, $db->error()); + if ($db->num_rows($result)) + { + require_once PUN_ROOT.'include/email.php'; - $notification_emails = array(); + $notification_emails = array(); - // Loop through subscribed users and send e-mails - while ($cur_subscriber = $db->fetch_assoc($result)) - { - // Is the subscription e-mail for $cur_subscriber['language'] cached or not? - if (!isset($notification_emails[$cur_subscriber['language']])) + // Loop through subscribed users and send e-mails + while ($cur_subscriber = $db->fetch_assoc($result)) { - if (file_exists(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply.tpl')) + // Is the subscription e-mail for $cur_subscriber['language'] cached or not? + if (!isset($notification_emails[$cur_subscriber['language']])) { - // Load the "new reply" template - $mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply.tpl')); - - // Load the "new reply full" template (with post included) - $mail_tpl_full = trim(file_get_contents(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply_full.tpl')); + if (file_exists(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply.tpl')) + { + // Load the "new reply" template + $mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply.tpl')); + + // Load the "new reply full" template (with post included) + $mail_tpl_full = trim(file_get_contents(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply_full.tpl')); + + // The first row contains the subject (it also starts with "Subject:") + $first_crlf = strpos($mail_tpl, "\n"); + $mail_subject = trim(substr($mail_tpl, 8, $first_crlf-8)); + $mail_message = trim(substr($mail_tpl, $first_crlf)); + + $first_crlf = strpos($mail_tpl_full, "\n"); + $mail_subject_full = trim(substr($mail_tpl_full, 8, $first_crlf-8)); + $mail_message_full = trim(substr($mail_tpl_full, $first_crlf)); + + $mail_subject = str_replace('