diff -urN punbb-1.2.5/upload/admin_bans.php punbb-1.2.15/upload/admin_bans.php --- punbb-1.2.5/upload/admin_bans.php Tue Feb 1 17:16:46 2005 +++ punbb-1.2.15/upload/admin_bans.php Sat Oct 14 18:40:30 2006 @@ -44,7 +44,7 @@ if (isset($_GET['add_ban'])) { $add_ban = intval($_GET['add_ban']); - if ($add_ban < 1) + if ($add_ban < 2) message($lang_common['Bad request']); $user_id = $add_ban; @@ -61,7 +61,7 @@ if ($ban_user != '') { - $result = $db->query('SELECT id, group_id, username, email FROM '.$db->prefix.'users WHERE username=\''.$db->escape($ban_user).'\'') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); + $result = $db->query('SELECT id, group_id, username, email FROM '.$db->prefix.'users WHERE username=\''.$db->escape($ban_user).'\' AND id>1') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); if ($db->num_rows($result)) list($user_id, $group_id, $ban_user, $ban_email) = $db->fetch_row($result); else @@ -192,6 +192,8 @@ if ($ban_user == '' && $ban_ip == '' && $ban_email == '') message('You must enter either a username, an IP address or an e-mail address (at least).'); + else if (strtolower($ban_user) == 'guest') + message('The guest user cannot be banned.'); // Validate IP/IP range (it's overkill, I know) if ($ban_ip != '') @@ -244,7 +246,7 @@ if ($_POST['mode'] == 'add') $db->query('INSERT INTO '.$db->prefix.'bans (username, ip, email, message, expire) VALUES('.$ban_user.', '.$ban_ip.', '.$ban_email.', '.$ban_message.', '.$ban_expire.')') or error('Unable to add ban', __FILE__, __LINE__, $db->error()); else - $db->query('UPDATE '.$db->prefix.'bans SET username='.$ban_user.', ip='.$ban_ip.', email='.$ban_email.', message='.$ban_message.', expire='.$ban_expire.' WHERE id='.$_POST['ban_id']) or error('Unable to update ban', __FILE__, __LINE__, $db->error()); + $db->query('UPDATE '.$db->prefix.'bans SET username='.$ban_user.', ip='.$ban_ip.', email='.$ban_email.', message='.$ban_message.', expire='.$ban_expire.' WHERE id='.intval($_POST['ban_id'])) or error('Unable to update ban', __FILE__, __LINE__, $db->error()); // Regenerate the bans cache require_once PUN_ROOT.'include/cache.php'; diff -urN punbb-1.2.5/upload/admin_categories.php punbb-1.2.15/upload/admin_categories.php --- punbb-1.2.5/upload/admin_categories.php Sun Apr 3 20:48:30 2005 +++ punbb-1.2.15/upload/admin_categories.php Tue Apr 10 23:37:36 2007 @@ -118,7 +118,7 @@
@@ -151,7 +151,7 @@ if ($cat_name[$i] == '') message('You must enter a category name.'); - if (!preg_match('#^\d+$#', $cat_order[$i])) + if (!@preg_match('#^\d+$#', $cat_order[$i])) message('Position must be an integer value.'); list($cat_id, $position) = $db->fetch_row($result); diff -urN punbb-1.2.5/upload/admin_forums.php punbb-1.2.15/upload/admin_forums.php --- punbb-1.2.5/upload/admin_forums.php Sun Apr 3 20:48:30 2005 +++ punbb-1.2.15/upload/admin_forums.php Tue Apr 10 23:37:36 2007 @@ -137,10 +137,10 @@ while (list($forum_id, $disp_position) = @each($_POST['position'])) { - if (!preg_match('#^\d+$#', $disp_position)) + if (!@preg_match('#^\d+$#', $disp_position)) message('Position must be a positive integer value.'); - $db->query('UPDATE '.$db->prefix.'forums SET disp_position='.$disp_position.' WHERE id='.$forum_id) or error('Unable to update forum', __FILE__, __LINE__, $db->error()); + $db->query('UPDATE '.$db->prefix.'forums SET disp_position='.$disp_position.' WHERE id='.intval($forum_id)) or error('Unable to update forum', __FILE__, __LINE__, $db->error()); } // Regenerate the quickjump cache @@ -186,9 +186,9 @@ $result = $db->query('SELECT g_id, g_read_board, g_post_replies, g_post_topics FROM '.$db->prefix.'groups WHERE g_id!='.PUN_ADMIN) or error('Unable to fetch user group list', __FILE__, __LINE__, $db->error()); while ($cur_group = $db->fetch_assoc($result)) { - $read_forum_new = ($cur_group['g_read_board'] == '1') ? isset($_POST['read_forum_new'][$cur_group['g_id']]) ? $_POST['read_forum_new'][$cur_group['g_id']] : '0' : $_POST['read_forum_old'][$cur_group['g_id']]; - $post_replies_new = isset($_POST['post_replies_new'][$cur_group['g_id']]) ? $_POST['post_replies_new'][$cur_group['g_id']] : '0'; - $post_topics_new = isset($_POST['post_topics_new'][$cur_group['g_id']]) ? $_POST['post_topics_new'][$cur_group['g_id']] : '0'; + $read_forum_new = ($cur_group['g_read_board'] == '1') ? isset($_POST['read_forum_new'][$cur_group['g_id']]) ? '1' : '0' : intval($_POST['read_forum_old'][$cur_group['g_id']]); + $post_replies_new = isset($_POST['post_replies_new'][$cur_group['g_id']]) ? '1' : '0'; + $post_topics_new = isset($_POST['post_topics_new'][$cur_group['g_id']]) ? '1' : '0'; // Check if the new settings differ from the old if ($read_forum_new != $_POST['read_forum_old'][$cur_group['g_id']] || $post_replies_new != $_POST['post_replies_old'][$cur_group['g_id']] || $post_topics_new != $_POST['post_topics_old'][$cur_group['g_id']]) diff -urN punbb-1.2.5/upload/admin_groups.php punbb-1.2.15/upload/admin_groups.php --- punbb-1.2.5/upload/admin_groups.php Tue Apr 5 01:06:00 2005 +++ punbb-1.2.15/upload/admin_groups.php Sat Oct 14 18:41:54 2006 @@ -209,15 +209,15 @@ $title = trim($_POST['req_title']); $user_title = trim($_POST['user_title']); - $read_board = isset($_POST['read_board']) ? $_POST['read_board'] : '1'; - $post_replies = isset($_POST['post_replies']) ? $_POST['post_replies'] : '1'; - $post_topics = isset($_POST['post_topics']) ? $_POST['post_topics'] : '1'; - $edit_posts = isset($_POST['edit_posts']) ? $_POST['edit_posts'] : ($is_admin_group) ? '1' : '0'; - $delete_posts = isset($_POST['delete_posts']) ? $_POST['delete_posts'] : ($is_admin_group) ? '1' : '0'; - $delete_topics = isset($_POST['delete_topics']) ? $_POST['delete_topics'] : ($is_admin_group) ? '1' : '0'; - $set_title = isset($_POST['set_title']) ? $_POST['set_title'] : ($is_admin_group) ? '1' : '0'; - $search = isset($_POST['search']) ? $_POST['search'] : '1'; - $search_users = isset($_POST['search_users']) ? $_POST['search_users'] : '1'; + $read_board = isset($_POST['read_board']) ? intval($_POST['read_board']) : '1'; + $post_replies = isset($_POST['post_replies']) ? intval($_POST['post_replies']) : '1'; + $post_topics = isset($_POST['post_topics']) ? intval($_POST['post_topics']) : '1'; + $edit_posts = isset($_POST['edit_posts']) ? intval($_POST['edit_posts']) : ($is_admin_group) ? '1' : '0'; + $delete_posts = isset($_POST['delete_posts']) ? intval($_POST['delete_posts']) : ($is_admin_group) ? '1' : '0'; + $delete_topics = isset($_POST['delete_topics']) ? intval($_POST['delete_topics']) : ($is_admin_group) ? '1' : '0'; + $set_title = isset($_POST['set_title']) ? intval($_POST['set_title']) : ($is_admin_group) ? '1' : '0'; + $search = isset($_POST['search']) ? intval($_POST['search']) : '1'; + $search_users = isset($_POST['search_users']) ? intval($_POST['search_users']) : '1'; $edit_subjects_interval = isset($_POST['edit_subjects_interval']) ? intval($_POST['edit_subjects_interval']) : '0'; $post_flood = isset($_POST['post_flood']) ? intval($_POST['post_flood']) : '0'; $search_flood = isset($_POST['search_flood']) ? intval($_POST['search_flood']) : '0'; @@ -243,11 +243,11 @@ } else { - $result = $db->query('SELECT 1 FROM '.$db->prefix.'groups WHERE g_title=\''.$db->escape($title).'\' AND g_id!='.$_POST['group_id']) or error('Unable to check group title collision', __FILE__, __LINE__, $db->error()); + $result = $db->query('SELECT 1 FROM '.$db->prefix.'groups WHERE g_title=\''.$db->escape($title).'\' AND g_id!='.intval($_POST['group_id'])) or error('Unable to check group title collision', __FILE__, __LINE__, $db->error()); if ($db->num_rows($result)) message('There is already a group with the title \''.pun_htmlspecialchars($title).'\'.'); - $db->query('UPDATE '.$db->prefix.'groups SET g_title=\''.$db->escape($title).'\', g_user_title='.$user_title.', g_read_board='.$read_board.', g_post_replies='.$post_replies.', g_post_topics='.$post_topics.', g_edit_posts='.$edit_posts.', g_delete_posts='.$delete_posts.', g_delete_topics='.$delete_topics.', g_set_title='.$set_title.', g_search='.$search.', g_search_users='.$search_users.', g_edit_subjects_interval='.$edit_subjects_interval.', g_post_flood='.$post_flood.', g_search_flood='.$search_flood.' WHERE g_id='.$_POST['group_id']) or error('Unable to update group', __FILE__, __LINE__, $db->error()); + $db->query('UPDATE '.$db->prefix.'groups SET g_title=\''.$db->escape($title).'\', g_user_title='.$user_title.', g_read_board='.$read_board.', g_post_replies='.$post_replies.', g_post_topics='.$post_topics.', g_edit_posts='.$edit_posts.', g_delete_posts='.$delete_posts.', g_delete_topics='.$delete_topics.', g_set_title='.$set_title.', g_search='.$search.', g_search_users='.$search_users.', g_edit_subjects_interval='.$edit_subjects_interval.', g_post_flood='.$post_flood.', g_search_flood='.$search_flood.' WHERE g_id='.intval($_POST['group_id'])) or error('Unable to update group', __FILE__, __LINE__, $db->error()); } // Regenerate the quickjump cache @@ -264,7 +264,7 @@ confirm_referrer('admin_groups.php'); $group_id = intval($_POST['default_group']); - if ($group_id < 1) + if ($group_id < 4) message($lang_common['Bad request']); $db->query('UPDATE '.$db->prefix.'config SET conf_value='.$group_id.' WHERE conf_name=\'o_default_user_group\'') or error('Unable to update board config', __FILE__, __LINE__, $db->error()); diff -urN punbb-1.2.5/upload/admin_index.php punbb-1.2.15/upload/admin_index.php --- punbb-1.2.5/upload/admin_index.php Sun Mar 20 20:13:24 2005 +++ punbb-1.2.15/upload/admin_index.php Fri Sep 2 16:03:20 2005 @@ -86,7 +86,7 @@ $load_averages = @explode(' ', $load_averages); $server_load = isset($load_averages[2]) ? $load_averages[0].' '.$load_averages[1].' '.$load_averages[2] : 'Not available'; } -else if (preg_match('/averages?: ([0-9\.]+),[\s]+([0-9\.]+),[\s]+([0-9\.]+)/i', @exec('uptime'), $load_averages)) +else if (!in_array(PHP_OS, array('WINNT', 'WIN32')) && preg_match('/averages?: ([0-9\.]+),[\s]+([0-9\.]+),[\s]+([0-9\.]+)/i', @exec('uptime'), $load_averages)) $server_load = $load_averages[1].' '.$load_averages[2].' '.$load_averages[3]; else $server_load = 'Not available'; diff -urN punbb-1.2.5/upload/admin_loader.php punbb-1.2.15/upload/admin_loader.php --- punbb-1.2.5/upload/admin_loader.php Thu Feb 24 23:15:54 2005 +++ punbb-1.2.15/upload/admin_loader.php Tue Apr 10 23:37:36 2007 @@ -37,7 +37,7 @@ // The plugin to load should be supplied via GET $plugin = isset($_GET['plugin']) ? $_GET['plugin'] : ''; -if (!preg_match('/^AM?P_(\w*?)\.php$/i', $plugin)) +if (!@preg_match('/^AM?P_(\w*?)\.php$/i', $plugin)) message($lang_common['Bad request']); // AP_ == Admins only, AMP_ == admins and moderators diff -urN punbb-1.2.5/upload/admin_maintenance.php punbb-1.2.15/upload/admin_maintenance.php --- punbb-1.2.5/upload/admin_maintenance.php Sun Jan 30 13:58:04 2005 +++ punbb-1.2.15/upload/admin_maintenance.php Wed Jan 31 00:31:44 2007 @@ -52,7 +52,7 @@ // This is the only potentially "dangerous" thing we can do here, so we check the referer confirm_referrer('admin_maintenance.php'); - $truncate_sql = ($db_type != 'sqlite') ? 'TRUNCATE TABLE ' : 'DELETE FROM '; + $truncate_sql = ($db_type != 'sqlite' && $db_type != 'pgsql') ? 'TRUNCATE TABLE ' : 'DELETE FROM '; $db->query($truncate_sql.$db->prefix.'search_matches') or error('Unable to empty search index match table', __FILE__, __LINE__, $db->error()); $db->query($truncate_sql.$db->prefix.'search_words') or error('Unable to empty search index words table', __FILE__, __LINE__, $db->error()); @@ -65,7 +65,7 @@ break; case 'pgsql'; - $result = $db->query('SELECT setval(\'search_words_id_seq\', 1, false)') or error('Unable to update sequence', __FILE__, __LINE__, $db->error()); + $result = $db->query('SELECT setval(\''.$db->prefix.'search_words_id_seq\', 1, false)') or error('Unable to update sequence', __FILE__, __LINE__, $db->error()); } } diff -urN punbb-1.2.5/upload/admin_options.php punbb-1.2.15/upload/admin_options.php --- punbb-1.2.5/upload/admin_options.php Mon Feb 28 02:52:52 2005 +++ punbb-1.2.15/upload/admin_options.php Wed Apr 11 13:35:46 2007 @@ -37,15 +37,18 @@ if (isset($_POST['form_sent'])) { - // Lazy referer check (in case base_url isn't correct) - if (!isset($_SERVER['HTTP_REFERER']) || !preg_match('#/admin_options\.php#i', $_SERVER['HTTP_REFERER'])) - message($lang_common['Bad referrer']); + // Custom referrer check (so we can output a custom error message) + if (!preg_match('#^'.preg_quote(str_replace('www.', '', $pun_config['o_base_url']).'/admin_options.php', '#').'#i', str_replace('www.', '', (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '')))) + message('Bad HTTP_REFERER. If you have moved these forums from one location to another or switched domains, you need to update the Base URL manually in the database (look for o_base_url in the config table) and then clear the cache by deleting all .php files in the /cache directory.'); $form = array_map('trim', $_POST['form']); if ($form['board_title'] == '') message('You must enter a board title.'); + // Clean default_lang + $form['default_lang'] = preg_replace('#[\.\\\/]#', '', $form['default_lang']); + require PUN_ROOT.'include/email.php'; $form['admin_email'] = strtolower($form['admin_email']); @@ -63,6 +66,9 @@ if (substr($form['base_url'], -1) == '/') $form['base_url'] = substr($form['base_url'], 0, -1); + // Clean avatars_dir + $form['avatars_dir'] = str_replace("\0", '', $form['avatars_dir']); + // Make sure avatars_dir doesn't end with a slash if (substr($form['avatars_dir'], -1) == '/') $form['avatars_dir'] = substr($form['avatars_dir'], 0, -1); @@ -117,14 +123,14 @@ while (list($key, $input) = @each($form)) { // Only update values that have changed - if ($pun_config['o_'.$key] != $input) + if (array_key_exists('o_'.$key, $pun_config) && $pun_config['o_'.$key] != $input) { if ($input != '' || is_int($input)) $value = '\''.$db->escape($input).'\''; else $value = 'NULL'; - $db->query('UPDATE '.$db->prefix.'config SET conf_value='.$value.' WHERE conf_name=\'o_'.$key.'\'') or error('Unable to update board config', __FILE__, __LINE__, $db->error()); + $db->query('UPDATE '.$db->prefix.'config SET conf_value='.$value.' WHERE conf_name=\'o_'.$db->escape($key).'\'') or error('Unable to update board config', __FILE__, __LINE__, $db->error()); } } @@ -229,11 +235,13 @@ $d = dir(PUN_ROOT.'lang'); while (($entry = $d->read()) !== false) { - if ($entry != '.' && $entry != '..' && is_dir(PUN_ROOT.'lang/'.$entry)) + if ($entry != '.' && $entry != '..' && is_dir(PUN_ROOT.'lang/'.$entry) && file_exists(PUN_ROOT.'lang/'.$entry.'/common.php')) $languages[] = $entry; } $d->close(); + @natsort($languages); + while (list(, $temp) = @each($languages)) { if ($pun_config['o_default_lang'] == $temp) @@ -261,6 +269,8 @@ $styles[] = substr($entry, 0, strlen($entry)-4); } $d->close(); + + @natsort($styles); while (list(, $temp) = @each($styles)) { diff -urN punbb-1.2.5/upload/admin_permissions.php punbb-1.2.15/upload/admin_permissions.php --- punbb-1.2.5/upload/admin_permissions.php Tue Jan 11 21:41:14 2005 +++ punbb-1.2.15/upload/admin_permissions.php Fri Sep 2 01:36:12 2005 @@ -39,23 +39,13 @@ { confirm_referrer('admin_permissions.php'); - $form = array_map('trim', $_POST['form']); - - $form['sig_length'] = intval($form['sig_length']); - $form['sig_lines'] = intval($form['sig_lines']); + $form = array_map('intval', $_POST['form']); while (list($key, $input) = @each($form)) { // Only update values that have changed - if ($pun_config['p_'.$key] != $input) - { - if ($input != '' || is_int($input)) - $value = '\''.$db->escape($input).'\''; - else - $value = 'NULL'; - - $db->query('UPDATE '.$db->prefix.'config SET conf_value='.$value.' WHERE conf_name=\'p_'.$key.'\'') or error('Unable to update board config', __FILE__, __LINE__, $db->error()); - } + if (array_key_exists('p_'.$key, $pun_config) && $pun_config['p_'.$key] != $input) + $db->query('UPDATE '.$db->prefix.'config SET conf_value='.$input.' WHERE conf_name=\'p_'.$db->escape($key).'\'') or error('Unable to update board config', __FILE__, __LINE__, $db->error()); } // Regenerate the config cache diff -urN punbb-1.2.5/upload/admin_prune.php punbb-1.2.15/upload/admin_prune.php --- punbb-1.2.5/upload/admin_prune.php Sun Apr 3 20:48:30 2005 +++ punbb-1.2.15/upload/admin_prune.php Tue Apr 10 23:37:36 2007 @@ -62,6 +62,7 @@ } else { + $prune_from = intval($prune_from); prune($prune_from, $_POST['prune_sticky'], $prune_date); update_forum($prune_from); } @@ -83,7 +84,7 @@ $prune_days = $_POST['req_prune_days']; - if (!preg_match('#^\d+$#', $prune_days)) + if (!@preg_match('#^\d+$#', $prune_days)) message('Days to prune must be a positive integer.'); $prune_date = time() - ($prune_days*86400); @@ -97,6 +98,7 @@ if ($prune_from != 'all') { + $prune_from = intval($prune_from); $sql .= ' AND forum_id='.$prune_from; // Fetch the forum name (just for cosmetic reasons) diff -urN punbb-1.2.5/upload/admin_ranks.php punbb-1.2.15/upload/admin_ranks.php --- punbb-1.2.5/upload/admin_ranks.php Fri Mar 11 20:17:26 2005 +++ punbb-1.2.15/upload/admin_ranks.php Tue Apr 10 23:37:36 2007 @@ -46,7 +46,7 @@ if ($rank == '') message('You must enter a rank title.'); - if (!preg_match('#^\d+$#', $min_posts)) + if (!@preg_match('#^\d+$#', $min_posts)) message('Minimum posts must be a positive integer value.'); // Make sure there isn't already a rank with the same min_posts value @@ -77,11 +77,11 @@ if ($rank == '') message('You must enter a rank title.'); - if (!preg_match('#^\d+$#', $min_posts)) + if (!@preg_match('#^\d+$#', $min_posts)) message('Minimum posts must be a positive integer value.'); // Make sure there isn't already a rank with the same min_posts value - $result = $db->query('SELECT 1 FROM '.$db->prefix.'ranks WHERE id!='.$id.' && min_posts='.$min_posts) or error('Unable to fetch rank info', __FILE__, __LINE__, $db->error()); + $result = $db->query('SELECT 1 FROM '.$db->prefix.'ranks WHERE id!='.$id.' AND min_posts='.$min_posts) or error('Unable to fetch rank info', __FILE__, __LINE__, $db->error()); if ($db->num_rows($result)) message('There is already a rank with a minimun posts value of '.$min_posts.'.'); diff -urN punbb-1.2.5/upload/admin_users.php punbb-1.2.15/upload/admin_users.php --- punbb-1.2.5/upload/admin_users.php Sun Apr 3 20:48:30 2005 +++ punbb-1.2.15/upload/admin_users.php Tue Apr 10 23:37:36 2007 @@ -111,7 +111,7 @@ { $ip = $_GET['show_users']; - if (!preg_match('/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/', $ip)) + if (!@preg_match('/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/', $ip)) message('The supplied IP address is not correctly formatted.'); @@ -217,6 +217,7 @@ // trim() all elements in $form $form = array_map('trim', $form); + $conditions = array(); $posts_greater = trim($_POST['posts_greater']); $posts_less = trim($_POST['posts_less']); @@ -256,8 +257,8 @@ $like_command = ($db_type == 'pgsql') ? 'ILIKE' : 'LIKE'; while (list($key, $input) = @each($form)) { - if ($input != '') - $conditions[] = 'u.'.$key.' '.$like_command.' \''.str_replace('*', '%', $input).'\''; + if ($input != '' && in_array($key, array('username', 'email', 'title', 'realname', 'url', 'jabber', 'icq', 'msn', 'aim', 'yahoo', 'location', 'signature', 'admin_note'))) + $conditions[] = 'u.'.$db->escape($key).' '.$like_command.' \''.$db->escape(str_replace('*', '%', $input)).'\''; } if ($posts_greater != '') @@ -266,9 +267,9 @@ $conditions[] = 'u.num_posts<'.$posts_less; if ($user_group != 'all') - $conditions[] = 'u.group_id='.$db->escape($user_group); + $conditions[] = 'u.group_id='.intval($user_group); - if (!isset($conditions)) + if (empty($conditions)) message('You didn\'t enter any search terms.'); diff -urN punbb-1.2.5/upload/edit.php punbb-1.2.15/upload/edit.php --- punbb-1.2.5/upload/edit.php Tue Jan 11 21:41:14 2005 +++ punbb-1.2.15/upload/edit.php Fri Sep 2 16:05:32 2005 @@ -175,7 +175,7 @@ else if (isset($_POST['preview'])) { require_once PUN_ROOT.'include/parser.php'; - $message = parse_message(trim($_POST['req_message']), $hide_smilies); + $preview_message = parse_message($message, $hide_smilies); ?>