Topic: Arghhhhh ... I have modified something in viewtopic.php ... and BUG !
http://www.sortons.net/forum/viewtopic. … 0802#40802
As you can see ... crash 
<?php
/***********************************************************************Copyright (C) 2002, 2003, 2004 Rickard Andersson (rickard@punbb.org)
This file is part of PunBB.
PunBB is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published
by the Free Software Foundation; either version 2 of the License,
or (at your option) any later version.PunBB is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston,
MA 02111-1307 USA************************************************************************/
$pun_root = './';
require $pun_root.'include/common.php';if ($cookie['is_guest'] && $pun_config['p_guests_read'] == '0')
message($lang_common['Login required']);if (!$cookie['is_guest'])
$disp_posts = $cur_user['disp_posts'];
else
$disp_posts = $pun_config['o_disp_posts_default'];$id = intval($_GET['id']);
$pid = intval($_GET['pid']);
if ((empty($id) || $id < 0) && (empty($pid) || $pid < 0))
message($lang_common['Bad request']);// Load the viewtopic.php language file
require $pun_root.'lang/'.$language.'/'.$language.'_topic.php';// If a post ID is specified we determine topic ID and page number so we can redirect to the correct message
if (isset($_GET['pid']))
{
$result = $db->query('SELECT topic_id FROM '.$db->prefix.'posts WHERE id='.$pid) or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
message($lang_common['Bad request']);$id = $db->result($result, 0);
// Determine on what page the post is located (depending on $disp_posts)
$result = $db->query('SELECT id FROM '.$db->prefix.'posts WHERE topic_id='.$id.' ORDER BY posted') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
$num_posts = $db->num_rows($result);for ($i = 0; $i < $num_posts; ++$i)
{
$cur_id = $db->result($result, $i);
if ($cur_id == $pid)
break;
}
++$i; // we started at 0$_GET['p'] = ceil($i / $disp_posts);
}// If action=new, we redirect to the first new post (if any)
else if (isset($_GET['action']) && $_GET['action'] == 'new' && !$cookie['is_guest'])
{
$result = $db->query('SELECT MIN(id) FROM '.$db->prefix.'posts WHERE topic_id='.$id.' AND posted>'.$cur_user['last_visit']) or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
$first_new_post_id = $db->result($result, 0);if ($first_new_post_id)
header('Location: viewtopic.php?pid='.$first_new_post_id.'#'.$first_new_post_id);
else // If there is no new post, we go to the last post
header('Location: viewtopic.php?id='.$id.'&action=last');exit;
}// If action=last, we redirect to the last post
else if (isset($_GET['action']) && $_GET['action'] == 'last')
{
$result = $db->query('SELECT MAX(id) FROM '.$db->prefix.'posts WHERE topic_id='.$id) or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
$last_post_id = $db->result($result, 0);if ($last_post_id)
{
header('Location: viewtopic.php?pid='.$last_post_id.'#'.$last_post_id);
exit;
}
}if (!$cookie['is_guest'])
$result = $db->query('SELECT t.subject, t.closed, t.sticky, t.num_replies, f.id, f.forum_name, f.moderators, f.closed AS forum_closed, f.admmod_only, s.user_id AS is_subscribed FROM '.$db->prefix.'topics AS t INNER JOIN '.$db->prefix.'forums AS f ON t.forum_id=f.id LEFT JOIN '.$db->prefix.'subscriptions AS s ON (s.topic_id=t.id AND s.user_id='.$cur_user['id'].') WHERE t.id='.$id.' AND t.moved_to IS NULL') or error('Unable to fetch topic info', __FILE__, __LINE__, $db->error());
else
$result = $db->query('SELECT t.subject, t.closed, t.sticky, t.num_replies, f.id, f.forum_name, f.moderators, f.closed AS forum_closed, f.admmod_only, 0 FROM '.$db->prefix.'topics AS t INNER JOIN '.$db->prefix.'forums AS f ON t.forum_id=f.id WHERE t.id='.$id.' AND t.moved_to IS NULL') or error('Unable to fetch topic info', __FILE__, __LINE__, $db->error());if (!$db->num_rows($result))
message($lang_common['Bad request']);list($subject, $closed, $sticky, $num_replies, $forum_id, $forum_name, $moderators, $forum_closed, $admmod_only, $is_subscribed) = $db->fetch_row($result);
$mods_array = array();
if ($moderators != '')
{
$mods_array = unserialize($moderators);while (list($mod_username, $mod_id) = @each($mods_array))
$temp_array[] = '<a href="profile.php?id='.$mod_id.'">'.pun_htmlspecialchars($mod_username).'</a>';$mods_string = implode(', ', $temp_array);
}if ($cur_user['status'] == PUN_ADMIN || ($cur_user['status'] == PUN_MOD && array_key_exists($cur_user['username'], $mods_array)))
$is_admmod = true;
else
$is_admmod = false;if ($admmod_only == '1' && $cur_user['status'] < PUN_MOD)
message($lang_common['Bad request']);if ($closed == '0' && $forum_closed == '0')
{
if (($pun_config['p_guests_post'] == '0' && $cookie['is_guest']) || ($pun_config['p_users_post'] == '0' && $cur_user['status'] < PUN_MOD))
$post_link = ' ';
else
$post_link = '<a href="post.php?tid='.$id.'">'.$lang_topic['Post reply'].'</a>';
}
else
{
$post_link = $lang_topic['Topic closed'];if ($is_admmod)
$post_link .= ' / <a href="post.php?tid='.$id.'">'.$lang_topic['Post reply'].'</a>';
}// Determine the post offset (based on $_GET['p'])
$num_pages = ceil(($num_replies + 1) / $disp_posts);$p = (!isset($_GET['p']) || $_GET['p'] <= 1 || $_GET['p'] > $num_pages) ? 1 : $_GET['p'];
$start_from = $disp_posts * ($p - 1);$pages = paginate($num_pages, $p, 'viewtopic.php?id='.$id);
if ($pun_config['o_censoring'] == '1')
$subject = censor_words($subject);$page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$subject;
if ($pun_config['o_quickpost'] == '1' &&
((!$cookie['is_guest'] &&
$pun_config['p_users_post'] == '1' &&
$closed == '0' &&
$forum_closed == '0') ||
$is_admmod))
{
$validate_form = true;
$element_names = array('req_message' => $lang_common['Message']);
}
require $pun_root.'header.php';?>
<table class="punspacer" cellspacing="1" cellpadding="4">
<tr>
<td style="width: 53%"><b><a href="index.php"><?php echo pun_htmlspecialchars($pun_config['o_board_title']) ?></a> / <a href="viewforum.php?id=<?php echo $forum_id ?>"><?php echo pun_htmlspecialchars($forum_name) ?></a> / <?php echo pun_htmlspecialchars($subject) ?></b></td>
<td class="punright" style="width: 28%"><?php echo (!empty($mods_array)) ? $lang_topic['Moderated by'].' '.$mods_string : ' ' ?></td>
<td class="punright" style="width: 19%; white-space: nowrap"><b><?php echo $post_link ?></b></td>
</tr>
</table><table class="punmain" cellspacing="1" cellpadding="4">
<tr class="punhead">
<td class="punhead" style="width: 185px; white-space: nowrap"><?php echo $lang_common['Author'] ?></td>
<td style="white-space: nowrap">
<table class="punplain" cellspacing="0" cellpadding="0">
<tr>
<td class="punhead" style="width: 20%"><?php echo $lang_common['Message'] ?></td>
<td><?php echo $lang_common['Pages'].': '.$pages ?></td>
</tr>
</table>
</td>
</tr>
</table><?php
// Build an array of user_id's online
$result = $db->query('SELECT user_id FROM '.$db->prefix.'online WHERE user_id>0') or error('Unable to fetch online list', __FILE__, __LINE__, $db->error());
$num_online = $db->num_rows($result);for ($i = 0; $i < $num_online; ++$i)
$online_list[] = $db->result($result, $i);require $pun_root.'include/parser.php';
// Used for switching background color in posts
$bg_switch = true;// Retrieve the posts (and their respective poster)
$result = $db->query('SELECT u.email, u.title, u.url, u.location, u.realname, u.use_avatar, u.signature, u.email_setting, u.num_posts, u.status, u.registered, u.admin_note, p.id, p.poster, p.poster_id, p.poster_ip, p.poster_email, p.message, p.smilies, p.posted, p.edited, p.edited_by FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'users AS u ON u.id=p.poster_id WHERE p.topic_id='.$id.' ORDER BY p.id LIMIT '.$start_from.','.$disp_posts) or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());while ($cur_post = $db->fetch_assoc($result))
{
// If the poster is a registered user.
if ($cur_post['poster_id'] > 1)
{
$registered = date($pun_config['o_date_format'], $cur_post['registered']);if (isset($online_list) && in_array($cur_post['poster_id'], $online_list))
$info = '<span class="punheadline"><a href="profile.php?id='.$cur_post['poster_id'].'"><u>'.pun_htmlspecialchars($cur_post['poster']).'</u></a></span>';
else
$info = '<span class="punheadline">'.pun_htmlspecialchars($cur_post['poster']).'</span>';// get_title() requires that an element 'username' be present in the array
$cur_post['username'] = $cur_post['poster'];
$user_title = get_title($cur_post);if ($pun_config['o_censoring'] == '1')
$user_title = censor_words($user_title);$info .= '<br>'."\n\t\t\t\t\t\t\t".$user_title.'<br>';
if ($pun_config['o_avatars'] == '1' && $cur_post['use_avatar'] == '1' && $cur_user['show_avatars'] != '0')
{
if ($img_size = @getimagesize($pun_config['o_avatars_dir'].'/'.$cur_post['poster_id'].'.gif'))
$info .= "\n\t\t\t\t\t\t\t".'<img class="punavatar" src="'.$pun_config['o_avatars_dir'].'/'.$cur_post['poster_id'].'.gif" '.$img_size[3].' alt=""><br>';
else if ($img_size = @getimagesize($pun_config['o_avatars_dir'].'/'.$cur_post['poster_id'].'.jpg'))
$info .= "\n\t\t\t\t\t\t\t".'<img class="punavatar" src="'.$pun_config['o_avatars_dir'].'/'.$cur_post['poster_id'].'.jpg" '.$img_size[3].' alt=""><br>';
else if ($img_size = @getimagesize($pun_config['o_avatars_dir'].'/'.$cur_post['poster_id'].'.png'))
$info .= "\n\t\t\t\t\t\t\t".'<img class="punavatar" src="'.$pun_config['o_avatars_dir'].'/'.$cur_post['poster_id'].'.png" '.$img_size[3].' alt=""><br>';
else
$info .= '<br>'."\n\t\t\t\t\t\t\t";
}
else
$info .= '<br>'."\n\t\t\t\t\t\t\t";if ($cur_post['location'] != '')
{
if ($pun_config['o_censoring'] == '1')
$cur_post['location'] = censor_words($cur_post['location']);$info .= $lang_topic['From'].': '.pun_htmlspecialchars($cur_post['location']).'<br>'."\n\t\t\t\t\t\t\t";
}$info .= $lang_common['Registered'].': '.$registered.'<br>';
if ($cur_user['status'] > PUN_USER)
{
$info .= "\n\t\t\t\t\t\t\t".$lang_common['Posts'].': '.$cur_post['num_posts'].'<br>'."\n\t\t\t\t\t\t\t".'IP: <a href="moderate.php?get_host='.$cur_post['id'].'">'.$cur_post['poster_ip'].'</a> <br /><br /><b> '.$cur_post['realname'].'</b>';if ($cur_post['admin_note'] != '')
$info .= '<br><br>'."\n\t\t\t\t\t\t\t".$lang_topic['Note'].': <b>'.$cur_post['admin_note'].'</b>';
}
else if ($pun_config['o_show_post_count'] == '1')
$info .= "\n\t\t\t\t\t\t\t".$lang_common['Posts'].': '.$cur_post['num_posts'];// Generate an array of links that appear at the bottom of every message.
$links = array();
// Private Message 1.0.8
require($pun_root.'include/pms/viewtopic_PM-link.php');if ($cur_post['email_setting'] == '1' && !$cookie['is_guest'])
$links[] = '<a href="misc.php?email='.$cur_post['poster_id'].'">'.$lang_common['E-mail'].'</a>';if ($cur_post['url'] != '')
{
if ($cur_user['link_to_new_win'] == '0')
$links[] = '<a href="'.pun_htmlspecialchars($cur_post['url']).'">'.$lang_topic['Website'].'</a>';
else
$links[] = '<a href="'.pun_htmlspecialchars($cur_post['url']).'" target="_blank">'.$lang_topic['Website'].'</a>';
}}
// If the poster is a guest (or a user that has been deleted)
else
{
$info = '<span class="punheadline">'.pun_htmlspecialchars($cur_post['poster']).'</span><br>'."\n\t\t\t\t\t\t\t".$lang_topic['Guest'];if ($cur_user['status'] > PUN_USER)
$info .= '<br><br>'."\n\t\t\t\t\t\t\t".'IP: <a href="moderate.php?get_host='.$cur_post['id'].'">'.$cur_post['poster_ip'].'</a><br><br>';
else
$info .= '<br><br><br><br>';if ($cur_post['poster_email'] != '')
$links = array('<a href="mailto:'.$cur_post['poster_email'].'">'.$lang_common['E-mail'].'</a>');
else
$links = array();
}$actions = array();
if (!$is_admmod)
{
if (!$cookie['is_guest'])
{
$actions[] = '<a class="punclosed" href="misc.php?report='.$cur_post['id'].'">'.$lang_topic['Report'].'</a>';if ($closed == '0' && $forum_closed == '0')
{
if ($pun_config['p_users_edit_post'] == '1' && $cur_post['poster_id'] == $cur_user['id'])
{
if ($pun_config['p_users_del_post'] == '1')
$actions[] = '<a href="delete.php?id='.$cur_post['id'].'">'.$lang_topic['Delete'].'</a>';$actions[] = '<a href="edit.php?id='.$cur_post['id'].'">'.$lang_topic['Edit'].'</a>';
}$actions[] = '<a href="post.php?tid='.$id.'&qid='.$cur_post['id'].'">'.$lang_topic['Quote'].'</a>';
}
}
else
{
if ($pun_config['p_guests_post'] == '1' && $closed == '0' && $forum_closed == '0')
$actions[] = '<a href="post.php?tid='.$id.'&qid='.$cur_post['id'].'">'.$lang_topic['Quote'].'</a>';
}
}
else
$actions[] = '<a class="punclosed" href="misc.php?report='.$cur_post['id'].'">'.$lang_topic['Report'].'</a> | <a href="delete.php?id='.$cur_post['id'].'">'.$lang_topic['Delete'].'</a> | <a href="edit.php?id='.$cur_post['id'].'">'.$lang_topic['Edit'].'</a> | <a href="post.php?tid='.$id.'&qid='.$cur_post['id'].'">'.$lang_topic['Quote'].'</a>';// Switch the background color for every message.
$bg_switch = ($bg_switch) ? $bg_switch = false : $bg_switch = true;// Perform the main parsing of the message (BBCode, smilies, censor words etc)
$cur_post['message'] = parse_message($cur_post['message'], $cur_post['smilies']);// Add "Edited by..." if the message was edited
if ($cur_post['edited'])
$cur_post['message'] .= '<br><br><span class="punedited">'.$lang_topic['Last edit'].' '.pun_htmlspecialchars($cur_post['edited_by']).' ('.format_time($cur_post['edited']).')</span>';// Do signature parsing/caching
$signature = '';
if ($cur_post['signature'] != '' && $cur_user['show_sig'] != '0')
{
if (isset($signature_cache[$cur_post['poster_id']]))
$signature = $signature_cache[$cur_post['poster_id']];
else
{
$signature = parse_signature($cur_post['signature']);
$signature_cache[$cur_post['poster_id']] = $signature;
}$signature = '<br><br>_______________________________________<br>'.$signature.'<br><br>';
}?>
<?
//Attachment Mod Block
$post_attach_html = "";
//First check if there is an attachment in this post
$result_two = $db->query('SELECT id,filename,extention,size,downloads FROM '.$db->prefix.'attach_files WHERE postid='.$cur_post['id']) or error($lang_attachments['Error fetch'], __FILE__, __LINE__, $db->error());
if ($db->num_rows($result_two)==1) //an attachment found!
{
//get the info into a variable.
list($post_attach_id, $post_attach_filename, $post_attach_extention, $post_attach_size, $post_attach_downloads) = $db->fetch_row($result_two);
// time to check if current user may download
$result_two = $db->query('SELECT rules FROM '.$db->prefix.'attach_rules WHERE affected='.$forum_id) or error($lang_attachments['Error rules'], __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result_two))
message($lang_attachments['Error rules']);
list($forum_attach_rules) = $db->fetch_row($result_two);
if($cur_user['status'] < 1) // Normal users
$attach_allowed = attach_rule_check($forum_attach_rules,2);
elseif ($cur_user['status'] == 1) // Moderators
$attach_allowed = attach_rule_check($forum_attach_rules,4);
elseif ($cur_user['status'] > 1) // Admin
$attach_allowed = true; // always allowed to see...
elseif ($cookie['is_guest']) // guess this will be right to 'sense' guests ... documentations would be handy :oP
$attach_allowed = attach_rule_check($forum_attach_rules,1);
else
$attach_allowed = false;
// if the user is allowed to download, show this.
if ($cur_user['show_img'] != '0') // if he wnt to see pictures ... show him the attachment icon
{
$attach_icon = attach_icon($post_attach_extention);
}else $attach_icon = '';
if($attach_allowed){
$post_attach_html = '<br><br><span class="pun_text"> Attachment: '. $attach_icon .'<a href="attachment.php?item=' . $post_attach_id . '" target="_blank">' . pun_htmlspecialchars(unescape($post_attach_filename)) . '</a> <font size="1">Size: ' . number_format($post_attach_size,0) . ' bytes Downloads: ' . $post_attach_downloads . '</font></span>';
}
}
//Attachment Mod End block
?><div><a name="<?php echo $cur_post['id'] ?>"></a></div>
<table class="punmain" cellspacing="1" cellpadding="4">
<tr class="<?php echo ($bg_switch) ? 'puncon1' : 'puncon2'; ?>">
<td class="puntop" style="width: 185px">
<table class="punplain" cellspacing="0" cellpadding="0">
<tr>
<td>
<div style="width: 185px">
<?php echo $info."\n" ?>
</div>
</td>
</tr>
</table>
</td>
<td class="puntop">
<table class="punplain" cellspacing="0" cellpadding="0">
<tr>
<td>
<span class="puntext"><?php echo $cur_post['message'] ?></span><?php echo ($signature != '') ? '<span class="punsignature">'.$signature.'</span>'."\n" : '<br><br>'."\n"; ?>
</td>
</tr>
</table>
</td>
</tr>
<tr class="<?php echo ($bg_switch) ? 'puncon1' : 'puncon2'; ?>">
<td style="width: 185px; white-space: nowrap"><?php echo format_time($cur_post['posted']) ?></td>
<td>
<table class="punplain" cellspacing="0" cellpadding="0">
<tr>
<td style="width: 40%"><?php echo (count($links) > 0) ? implode(' | ', $links) : ' '; ?></td>
<td class="punright" style="width: 60%"><?php echo (count($actions) > 0) ? implode(' | ', $actions) : ' '; ?></td>
</tr>
</table>
</td>
</tr>
</table><?php
}
if (!$cookie['is_guest'] && $pun_config['o_subscriptions'] == '1')
{
if ($is_subscribed)
// I apologize for the variable naming here. It's a mix of subscription and action I guess :-)
$subscraction = $lang_topic['Is subscribed'].' - <a href="misc.php?unsubscribe='.$id.'">'.$lang_topic['Unsubscribe'].'</a>';
else
$subscraction = '<a href="misc.php?subscribe='.$id.'">'.$lang_topic['Subscribe'].'</a>';
}
else
$subscraction = ' ';?>
<table class="punspacer" cellspacing="1" cellpadding="4">
<tr>
<td style="width: 46%"><?php echo $lang_common['Pages'].': '.$pages ?></td>
<td class="punright" style="width: 35%"><?php echo $subscraction ?></td>
<td class="punright" style="width: 19%"><b><?php echo $post_link ?></b></td>
</tr>
</table>
<?php// Display quick post if enabled
if ($pun_config['o_quickpost'] == '1' &&
((!$cookie['is_guest'] &&
$pun_config['p_users_post'] == '1' &&
$closed == '0' &&
$forum_closed == '0') ||
$is_admmod))
{?>
<form method="post" action="post.php?tid=<?php echo $id ?>" onsubmit="return process_form(this)">
<input type="hidden" name="form_sent" value="1">
<input type="hidden" name="form_user" value="<?php echo (!$cookie['is_guest']) ? pun_htmlspecialchars($cur_user['username']) : 'Guest'; ?>">
<input type="hidden" name="smilies" value="<?php echo $cur_user['smilies'] ?>">
<input type="hidden" name="subscribe" value="0">
<table class="punmain" cellspacing="1" cellpadding="4">
<tr class="punhead">
<td class="punhead" colspan="2"><?php echo $lang_topic['Quick post'] ?></td>
</tr>
<tr>
<td class="puncon1right" style="width: 140px; white-space: nowrap">
<b><?php echo $lang_common['Message'] ?></b> <br><br>
<a href="help.php#bbcode" target="_blank"><?php echo $lang_common['BBCode'] ?></a>: <?php echo ($pun_config['p_message_bbcode'] == '1') ? $lang_common['on'] : $lang_common['off']; ?> <br>
<a href="help.php#img" target="_blank"><?php echo $lang_common['img tag'] ?></a>: <?php echo ($pun_config['p_message_img_tag'] == '1') ? $lang_common['on'] : $lang_common['off']; ?> <br>
<a href="help.php#smilies" target="_blank"><?php echo $lang_common['Smilies'] ?></a>: <?php echo ($pun_config['o_smilies'] == '1') ? $lang_common['on'] : $lang_common['off']; ?>
</td>
<td class="puncon2"> <textarea name="req_message" rows="7" cols="80"></textarea></td>
</tr>
<tr>
<td class="puncon1right" style="width: 140px; white-space: nowrap"><?php echo $lang_common['Actions'] ?> </td>
<td class="puncon2"><br> <input type="submit" name="submit" value="<?php echo $lang_common['Submit'] ?>" accesskey="s"><br><br></td>
</tr>
</table>
</form><table class="punspacer" cellspacing="1" cellpadding="4"><tr><td> </td></tr></table>
<?php}
// Increment "num_views" for topic
$low_prio = ($db_type == 'mysql') ? 'LOW_PRIORITY ' : '';
$db->query('UPDATE '.$low_prio.$db->prefix.'topics SET num_views=num_views+1 WHERE id='.$id) or error('Unable to update topic', __FILE__, __LINE__, $db->error());$footer_style = 'topic';
require $pun_root.'footer.php';
I don't see in the modified / added code, what's wrong to do this ...
