(64 replies, posted in News)

Recovered post (someone deleted it earlier)

21. Fixes for SQLite(3)
https://github.com/MioVisman/punbb/comm … fafb816a8c
https://github.com/MioVisman/punbb/comm … 8a344cb80e
https://github.com/MioVisman/punbb/comm … 3097618a2b
https://github.com/MioVisman/punbb/comm … c30abb582b

22. Change set_names() for mysqli
https://github.com/MioVisman/punbb/comm … 3e18819be6

23. Fix URL schemes for get host + ipv6
https://github.com/MioVisman/punbb/comm … a671dbcc2c

24. Fix decreasing transaction counter
https://github.com/MioVisman/punbb/comm … 7f5b0bfd09

25. Fix error() in mysqli_innodb
https://github.com/MioVisman/punbb/comm … 5b85067fdd

26. Fixes for MySQL 8
https://github.com/MioVisman/punbb/comm … cbaf30dc54
https://github.com/MioVisman/punbb/comm … 8eb789b47b


    $fontsize = array(


    $del_bbc = array(

New bb code can be added via extension.

There is confusion in the commit: "Strikethrough text" uses the <s> tag, but why is the bb-code written as [ del ]?

There is a <del> tag, which is deleted text, and for strikethrough text it is better to use [s] bb-code.

I don't know who published punbb 1.4.5 on the main site.

PunBB 1.4.5 has been released

Version 1.4.5 offers: support for php 7+

Dowloads: get PunBB 1.4.5 on Downloads page.

Posted on 2020-01-31    <==== O_o 

I don't know any official punbb developer at the moment.

On github, the last commit from 2017 https://github.com/punbb/punbb/commits/master


(115 replies, posted in Supported extensions)

php 7.4.0 + my variant punbb 1.4.4 + Fancy Stop SPAM + sqlite 3= works without errors
With mysql, I think it should work too.


(6 replies, posted in PunBB 1.4 additions)

Try to contact the author by email.

P.S. Author's current site: https://wolfgeen.ru/


(115 replies, posted in Supported extensions)

  Changed post message.
  Reports using StopForumSpam data will be opened even if there is no connection to the SFS server.
  A query to the DB for clearing old logs is now made at most once a day.
  Close access to logs for a group of moderators.
  Add new features: check messages from guests using StopForumSpam.


Repository https://github.com/MioVisman/punbb_exte … _stop_spam

P.S. Language files change too.


(115 replies, posted in Supported extensions)

  Changed activate account.
  Minor fixes.

  The log remembers the user agent of the intruder.

P.S. SQLite3: If the update fails, use the latest DB driver ->
https://github.com/MioVisman/punbb/blob … qlite3.php


(115 replies, posted in Supported extensions)

There is no file uploader on this forum sad

P.S. Language files change too. The package contains only English and Russian.

P.P.S. v Changed the method of counting links in the post. Internal do not count.


(13 replies, posted in PunBB 1.4 bug reports)

Please test http://punbb.informer.com/forums/post/158414/#p158414


(115 replies, posted in Supported extensions)

Version for PunBB 1.4.4

(Modified by Visman)

1. Support SQLite, PostgreSQL and IPv6
2. Modified registration protection

Need test tongue

Repository https://github.com/MioVisman/punbb_exte … _stop_spam
Download (for all extensions) _https://github.com/MioVisman/punbb_extensions/archive/master.zip

Your current version of PunBB?

I fixed the latest version of PunBB 1.4.4 to support the latest php http://punbb.informer.com/forums/post/158390/#p158390
Problems can only be with extensions.

P.S. Before any modification of your forum, first make a backup of the database and forum directory.


+ Hide name of db for SQLite(3) in errors
https://github.com/MioVisman/punbb/comm … fafb816a8c


(64 replies, posted in News)

1. Fix warning for continue in PHP 7.3
https://github.com/MioVisman/punbb/comm … 581558d457

2. Fix for PHP 7.4
https://github.com/MioVisman/punbb/comm … cf3787e550
https://github.com/MioVisman/punbb/comm … eef9c82738
https://github.com/MioVisman/punbb/comm … 7a565a2caa
https://github.com/MioVisman/punbb/comm … e43f6b5f03

3. Variable name - typo fix
https://github.com/MioVisman/punbb/comm … 3fd2744622

4. Delete create_function() for PHP 7.2
https://github.com/MioVisman/punbb/comm … 3d45e17483
https://github.com/MioVisman/punbb/comm … 6f88725093
https://github.com/MioVisman/punbb/comm … 1831e82112 (fix)

5. Fix blocking 5 or more character TLDs in domain
https://github.com/MioVisman/punbb/comm … cf3af30ffb

6. Prevent redeclaring of $ban_list when empty
https://github.com/MioVisman/punbb/comm … 303c3fa690

7. Add 2 new constants to control SQLite3
https://github.com/MioVisman/punbb/comm … 81116cabb8

8. The constructor returns a void (for db drivers)
https://github.com/MioVisman/punbb/comm … f8c99691c3

9. fix for Oxygen
https://github.com/MioVisman/punbb/comm … fedfbb57d2

10. Fix use $_SERVER[ 'HTTPS']
https://github.com/MioVisman/punbb/comm … f26e7ee596

11. Banned title takes precedence
https://github.com/MioVisman/punbb/comm … db9c8693cb

12. Change check InnoDB support in DB
https://github.com/MioVisman/punbb/comm … 9c7f2dbae7

13. Fix "Notice: Undefined index..." in admin/groups.php
https://github.com/MioVisman/punbb/comm … f4094eeea2

14. Fix Warning for Page Not found (Error 404)
https://github.com/MioVisman/punbb/comm … d4696907d5

15. Fix start time
https://github.com/MioVisman/punbb/comm … 89cf201cc1

16. microtime(true) works since PHP 5.0
https://github.com/MioVisman/punbb/comm … bb0312cb22

17. Hide the full path to the file with the error
https://github.com/MioVisman/punbb/comm … a2a6245452

18. Fix notices for 'Forum subscriptions' in search
https://github.com/MioVisman/punbb/comm … 127e46dfe0

19. Fix argument for EHLO/HELO command
https://github.com/MioVisman/punbb/comm … 66c146c81d

20. Change field_exists() method for SQLite3
https://github.com/MioVisman/punbb/comm … b8ba4e3a9b (fix for http://punbb.informer.com/forums/topic/ … trations/)


(13 replies, posted in PunBB 1.4 bug reports)

>What should I do now ?
If you still have changes from this http://punbb.informer.com/forums/post/158388/#p158388 post, you need to roll them back.
Next, use the new function from this http://punbb.informer.com/forums/post/158396/#p158396 post.

>Do you have an explanation?
The old field_exists() function used a too simple regular expression to find the field name in the query text.
As a result, she did not find anything and gave the result "this field is not in the table".

P.S. The new function uses the database command to get the full table structure.

Two solutions:

1. Move the database file outside the web directory
    After transferring the file, set the $db_name variable in the config.php file.
    For example there was

$db_name = 'database';

    Moved the file to the directory up, it became

$db_name = '../database';

2. Or block access to the database file using the web server settings


(13 replies, posted in PunBB 1.4 bug reports)

Replace field_exists() function in include/dblayer/sqlite3.php to

    function field_exists($table_name, $field_name, $no_prefix = false)
#        $result = $this->query('SELECT sql FROM sqlite_master WHERE name = \''.($no_prefix ? '' : $this->prefix).$this->escape($table_name).'\' AND type=\'table\'');
#        $sql = $this->result($result);
#        if (is_null($sql) || $sql === false)
#            return false;
#        return (preg_match('/[\r\n]'.preg_quote($field_name).' /', $sql) === 1);

        $result = $this->query('PRAGMA table_info(\'' . ($no_prefix ? '' : $this->prefix) . $this->escape($table_name) . '\');');
        while ($row = $this->fetch_assoc($result))
            if ($row['name'] == $field_name)
                return true;
        return false;

Minor security issue in punbb with SQLite

Georgi Guninski security advisory #76, 2019

Running punbb-master from h t t p s://github.com/punbb/punbb from Thu 07 Nov 2019 11:23:33 AM UTC

Installing on h t t p://host/forum In install.php set:

database type: SQLite3
database name: database1

Accessing h t t p://host/forum/database1 returns the full raw database, including hashes and email addresses.

If attacker guesses the name "database1" or brute force from common database names, this gives her read access of the raw database.

If you consider this a bug, as workaround set database to something hard to guess.

Other forum software explicitly want the SQLite database to be non-accessible from the web.

https://j.ludost.net/blog/archives/2019 … index.html

https://github.com/MioVisman/punbb/comm … f4094eeea2


(64 replies, posted in News)

PunBB 1.4.4 with support PHP 5.3-7.4+ and additional fixes

Repository https://github.com/MioVisman/punbb
For issues https://github.com/MioVisman/punbb/issues

Nota Bene
New bb codes in the parser are added in two ways
1. simple code

$pattern[] = '#\[sup\](.*?)\[/sup\]#ms';
$replace[] = '<sup id="one">$1</sup>';

2. code with calculations (for example, the same one is taken)

$pattern_callback[] = '#\[sup\](.*?)\[/sup\]#ms';
$replace_callback[] = function ($matches) { return '<sup id="one">' . $matches[1] . '</sup>'; }; 


(2 replies, posted in PunBB 1.4 additions)

v 0.9.2
Add .webp support.


(13 replies, posted in PunBB 1.4 bug reports)

I can’t understand where the duplication comes from.

1. Administration → Settings → Setup → Redirect wait = 60 → Save changes
2. open /include/dblayer/sqlite3.php

        return (preg_match('/[\r\n]'.preg_quote($field_name).' /', $sql) === 1);


echo "<pre>";
var_dump($field_name, $sql);
echo "</pre>";


    function add_field($table_name, $field_name, $field_type, $allow_null, $default_value = null, $after_field = 0, $no_prefix = false)
        if ($this->field_exists($table_name, $field_name, $no_prefix))

        $table = $this->get_table_info($table_name, $no_prefix);


echo "<pre>";
echo "</pre>";



        $old_columns = array_keys($table['columns']);
        array_insert($table['columns'], $after_field, $query.',', $field_name);


echo "<pre>";
var_dump($after_field, $query.',', $field_name, $table['columns']);
echo "</pre>";


(below, only for add_field() function)

        $this->query($new_table) or error(__FILE__, __LINE__);


        $this->query($new_table) or exit;

save file

3. Run the installation of the extension again and copy the text here from the browser that the var_dump () commands will output.


(13 replies, posted in PunBB 1.4 bug reports)

You still have the wrong file.
Look at line 423 https://github.com/punbb/punbb/blob/mas … 3.php#L423

1. Download archive https://github.com/punbb/punbb/archive/master.zip
2. Take one file from it: include/dblayer/sqlite3.php
3. Copy it to your server with a replacement file.
4. Show the error again if it appears.


(13 replies, posted in PunBB 1.4 bug reports)

1. in config.php

// Enable DEBUG mode by removing // from the following line
//define('FORUM_DEBUG', 1);

// Enable show DB Queries mode by removing // from the following line
//define('FORUM_SHOW_QUERIES', 1);

replace to

// Enable DEBUG mode by removing // from the following line
define('FORUM_DEBUG', 1);

// Enable show DB Queries mode by removing // from the following line
define('FORUM_SHOW_QUERIES', 1);

2. use standart sqlite3.php file https://github.com/punbb/punbb/blob/mas … qlite3.php

3. Show the full text of the error that will be displayed in the message.

P.S. You can also look in the errors log of your server.