[問題] 有沒有改變ip的外掛?【巳解決】
版主: 版主管理群
[問題] 有沒有改變ip的外掛?【巳解決】
各位朋友,
我是使用phpBB2 2.0.5的版本,採用BMan1Blue為預設風格,Linux為操作系統,租用外國的主機空間。
我的論壇有部份是談論有關大陸政治的版面,由於偶有敏感的題目,很怕大陸政府或黑客入侵數據庫來查看留言時的ip!請問有沒有方法:
1) 改變數據庫內所有的ip為0.0.0.0
2) 不記錄用戶留言時的ip或記錄為0.0.0.0
China2000
我是使用phpBB2 2.0.5的版本,採用BMan1Blue為預設風格,Linux為操作系統,租用外國的主機空間。
我的論壇有部份是談論有關大陸政治的版面,由於偶有敏感的題目,很怕大陸政府或黑客入侵數據庫來查看留言時的ip!請問有沒有方法:
1) 改變數據庫內所有的ip為0.0.0.0
2) 不記錄用戶留言時的ip或記錄為0.0.0.0
China2000
最後由 china2000 於 2005-02-20 19:01 編輯,總共編輯了 1 次。
發生這現象的好像不只有我
http://phpbb-tw.net/phpbb/viewtopic.php ... ht=0.0.0.0
不影響正常功能 ~
升級的步驟都是用手動去改 ,
非使用 update 程式 ~
手動升級到 2.0.8 還可以看到 ip
升級到 2.0.10 就變成 0.0.0.0 了
http://phpbb-tw.net/phpbb/viewtopic.php ... ht=0.0.0.0
不影響正常功能 ~
升級的步驟都是用手動去改 ,
非使用 update 程式 ~
手動升級到 2.0.8 還可以看到 ip
升級到 2.0.10 就變成 0.0.0.0 了
剛剛找了一下 :
下面就是全部的修改過程 ~
phpBB 2.0.8 to phpBB 2.0.10 Code Changes
These are the Changes from phpBB 2.0.8 to phpBB 2.0.10 summed up into a little Mod. This might be very helpful if you want to update your Board and have installed a bunch of Mods. Then it's normally easier to apply the Code Changes than to install all Mods again.
When you find a 'AFTER, ADD'-Statement, the Code have to be added after the last line quoted in the 'FIND'-Statement.
When you find a 'BEFORE, ADD'-Statement, the Code have to be added before the first line quoted in the 'FIND'-Statement.
When you find a 'REPLACE WITH'-Statement, the Code quoted in the 'FIND'-Statement have to be replaced completely with the quoted Code in the 'REPLACE WITH'-Statement.
When you find a 'DELETE'-Statement, the Code have to be deleted.
After you have finished this tutorial, you have to upload the update_to_210.php file, execute it and then delete it from your webspace.
Ok, lets start:
admin/admin_board.php
FIND - Line 46
2.0.8 Code:
$default_config[$config_name] = $config_value;
REPLACE WITH
2.0.10 Code:
$default_config[$config_name] = isset($HTTP_POST_VARS['submit']) ? str_replace("'", "\'", $config_value) : $config_value;
admin/admin_styles.php
FIND - Line 49
2.0.8 Code:
require('./pagestart.' . $phpEx);
AFTER, ADD
2.0.10 Code:
$confirm = ( isset($HTTP_POST_VARS['confirm']) ) ? TRUE : FALSE;
$cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? TRUE : FALSE;
admin/index.php
FIND - Line 335
2.0.8 Code:
AND u.user_session_time >= " . ( time() - 300 ) . "
REPLACE WITH
2.0.10 Code:
AND s.session_time >= " . ( time() - 300 ) . "
common.php
FIND - Line 27
2.0.8 Code:
die("Hacking attempt");
}
AFTER, ADD
2.0.10 Code:
//
function unset_vars(&$var)
{
while (list($var_name, $null) = @each($var))
{
unset($GLOBALS[$var_name]);
}
return;
}
//
FIND - Line 41
2.0.8 Code:
error_reporting (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables
set_magic_quotes_runtime(0); // Disable magic_quotes_runtime
AFTER, ADD
2.0.10 Code:
$ini_val = (@phpversion() >= '4.0.0') ? 'ini_get' : 'get_cfg_var';
// Unset globally registered vars - PHP5 ... hhmmm
if (@$ini_val('register_globals') == '1' || strtolower(@$ini_val('register_globals')) == 'on')
{
$var_prefix = 'HTTP';
$var_suffix = '_VARS';
$test = array('_GET', '_POST', '_SERVER', '_COOKIE', '_ENV');
foreach ($test as $var)
{
if (is_array(${$var_prefix . $var . $var_suffix}))
{
unset_vars(${$var_prefix . $var . $var_suffix});
@reset(${$var_prefix . $var . $var_suffix});
}
if (is_array(${$var}))
{
unset_vars(${$var});
@reset(${$var});
}
}
if (is_array(${'_FILES'}))
{
unset_vars(${'_FILES'});
@reset(${'_FILES'});
}
if (is_array(${'HTTP_POST_FILES'}))
{
unset_vars(${'HTTP_POST_FILES'});
@reset(${'HTTP_POST_FILES'});
}
}
// PHP5 with register_long_arrays off?
if (!isset($HTTP_POST_VARS) && isset($_POST))
{
$HTTP_POST_VARS = $_POST;
$HTTP_GET_VARS = $_GET;
$HTTP_SERVER_VARS = $_SERVER;
$HTTP_COOKIE_VARS = $_COOKIE;
$HTTP_ENV_VARS = $_ENV;
$HTTP_POST_FILES = $_FILES;
}
FIND - Line 153
2.0.8 Code:
$theme = array();
$images = array();
$lang = array();
AFTER, ADD
2.0.10 Code:
$nav_links = array();
FIND - Line 174
2.0.8 Code:
if( getenv('HTTP_X_FORWARDED_FOR') != '' )
{
$client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR );
$entries = explode(',', getenv('HTTP_X_FORWARDED_FOR'));
reset($entries);
while (list(, $entry) = each($entries))
{
$entry = trim($entry);
if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", $entry, $ip_list) )
{
$private_ip = array('/^0\./', '/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.((1[6-9])|(2[0-9])|(3[0-1]))\..*/', '/^10\..*/', '/^224\..*/', '/^240\..*/');
$found_ip = preg_replace($private_ip, $client_ip, $ip_list[1]);
if ($client_ip != $found_ip)
{
$client_ip = $found_ip;
break;
}
}
}
}
else
{
$client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR );
}
REPLACE WITH
2.0.10 Code:
// I'm removing HTTP_X_FORWARDED_FOR ... this may well cause other problems such as
// private range IP's appearing instead of the guilty routable IP, tough, don't
// even bother complaining ... go scream and shout at the idiots out there who feel
// "clever" is doing harm rather than good ... karma is a great thing ...
//
$client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR );
faq.php
FIND - Line 37
2.0.8 Code:
// End session management
//
AFTER, ADD \r
2.0.10 Code:
// Set vars to prevent naughtiness
$faq = array();
FIND - Line 103
2.0.8 Code:
make_jumpbox('viewforum.'.$phpEx, $forum_id);
REPLACE WITH
2.0.10 Code:
make_jumpbox('viewforum.'.$phpEx);
groupcp.php
FIND - Line 428
2.0.8 Code:
AND aa.group_id = g.group_id(+)";
REPLACE WITH
2.0.10 Code:
AND aa.group_id (+) = g.group_id";
FIND - Line 1152
2.0.8 Code:
// Select all group that the user is a member of or where the user has
// a pending membership.
//
AFTER, ADD
2.0.10 Code:
$in_group = array();
FIND - Line 1248
2.0.8 Code:
$s_hidden_fields = '';
REPLACE WITH
2.0.10 Code:
$s_hidden_fields = '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />';
includes/bbcode.php
FIND - Line 284
2.0.8 Code:
$text = preg_replace("#\[img\]((ht|f)tp://)([^ \?&=\"
\t<]*?(\.(jpg|jpeg|gif|png)))\[/img\]#sie", "'[img:$uid]\\\1' . str_replace(' ', '%20', '\\\3') . '[/img:$uid]'", $text);
REPLACE WITH
2.0.10 Code:
$text = preg_replace("#\[img\]((http|ftp|https|ftps)://)([^ \?&=\#\"
\t<]*?(\.(jpg|jpeg|gif|png)))\[/img\]#sie", "'[img:$uid]\\\1' . str_replace(' ', '%20', '\\\3') . '[/img:$uid]'", $text);
includes/functions.php
FIND - Line 190
2.0.8 Code:
if ( !empty($SID) )
{
$boxstring .= '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />';
}
REPLACE WITH
2.0.10 Code:
// Let the jumpbox work again in sites having additional session id checks.
// if ( !empty($SID) )
// {
$boxstring .= '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />';
// }
FIND - Line 743
2.0.8 Code:
if (!empty($db))
{
$db->sql_close();
}
AFTER, ADD
2.0.10 Code:
if (strstr(urldecode($url), "
") || strstr(urldecode($url), "
"))
{
message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
}
includes/functions_post.php
FIND - Line 772
2.0.8 Code:
$page_title = $lang['Review_topic'] . " - $topic_title";
REPLACE WITH
2.0.10 Code:
$page_title = $lang['Emoticons'] . " - $topic_title";
includes/page_header.php
\r
FIND - Line 94
2.0.8 Code:
$logged_hidden_online = 0;
$guests_online = 0;
$online_userlist = '';
AFTER, ADD
2.0.10 Code:
$l_online_users = '';
FIND - Line 115
2.0.8 Code:
$prev_user_ip = '';
REPLACE WITH
2.0.10 Code:
$prev_user_ip = $prev_session_ip = '';
includes/sessions.php
FIND - Line 48
2.0.8 Code:
$sessiondata = array();
$session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : '';
$sessionmethod = SESSION_METHOD_GET;
}
AFTER, ADD
2.0.10 Code:
//
if (!preg_match('/^[A-Za-z0-9]*$/', $session_id))
{
$session_id = '';
}
FIND - Line 224
2.0.8 Code:
$sessiondata = array();
$session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : '';
$sessionmethod = SESSION_METHOD_GET;
}
AFTER, ADD
2.0.10 Code:
if (!preg_match('/^[A-Za-z0-9]*$/', $session_id))
{
$session_id = '';
}
FIND - Line 360
2.0.8 Code:
$sessionmethod = SESSION_METHOD_GET;
}
AFTER, ADD
2.0.10 Code:
if (!preg_match('/^[A-Za-z0-9]*$/', $session_id))
{
return;
}
includes/usercp_avatar.php
FIND - Line 86
2.0.8 Code:
if ( !preg_match('#^((http)|(ftp):\/\/[\w\-]+?\.([\w\-]+\.)+[\w]+(:[0-9]+)*\/.*?\.(gif|jpg|jpeg|png)$)#is', $avatar_filename) )
REPLACE WITH
2.0.10 Code:
if ( !preg_match("#^((ht|f)tp://)([^ \?&=\#\"
\t<]*?(\.(jpg|jpeg|gif|png))$)#is", $avatar_filename) )
includes/usercp_viewprofile.php
FIND - Line 44
2.0.8 Code:
message_die(GENERAL_ERROR, 'Could not obtain ranks information', '', __LINE__, __FILE__, $sql);
}
AFTER, ADD
2.0.10 Code:
$ranksrow = array();
index.php
FIND - Line 121
2.0.8 Code:
message_die(GENERAL_ERROR, 'Could not query categories list', '', __LINE__, __FILE__, $sql);
}
AFTER, ADD
2.0.10 Code:
$category_rows = array();
login.php
FIND - Line 96
2.0.8 Code:
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : '';
$redirect = str_replace('?', '&', $redirect);
AFTER, ADD
2.0.10 Code:
if (strstr(urldecode($redirect), "
") || strstr(urldecode($redirect), "
"))
{
message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
}
FIND - Line 116
2.0.8 Code:
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "";
$redirect = str_replace("?", "&", $redirect);
AFTER, ADD
2.0.10 Code:
if (strstr(urldecode($redirect), "
") || strstr(urldecode($redirect), "
"))
{
message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
}
memberlist.php
FIND - Line 238
2.0.8 Code:
'ROW_NUMBER' => $i + ( $HTTP_GET_VARS['start'] + 1 ),
REPLACE WITH
2.0.10 Code:
'ROW_NUMBER' => $i + ( $start + 1 ),
modcp.php
FIND - Line 841
2.0.8 Code:
'S_FORUM_SELECT' => make_forum_select("new_forum_id", false, $forum_id))
);
AFTER, ADD
2.0.10 Code:
//
// Define censored word matches
//
$orig_word = array();
$replacement_word = array();
obtain_word_list($orig_word, $replacement_word);
FIND - Line 847
2.0.8 Code:
$poster_id = $postrow[$i]['user_id'];
REPLACE WITH
2.0.10 Code:
$poster_id = $postrow[$i]['poster_id'];
DELETE - Line 879
2.0.8 Code:
//
// Define censored word matches
//
$orig_word = array();
$replacement_word = array();
obtain_word_list($orig_word, $replacement_word);
posting.php
FIND - Line 33
2.0.8 Code:
$params = array('submit' => 'post', 'confirm' => 'confirm', 'preview' => 'preview', 'delete' => 'delete', 'poll_delete' => 'poll_delete', 'poll_add' => 'add_poll_option', 'poll_edit' => 'edit_poll_option', 'mode' => 'mode');
REPLACE WITH
2.0.10 Code:
$params = array('submit' => 'post', 'preview' => 'preview', 'delete' => 'delete', 'poll_delete' => 'poll_delete', 'poll_add' => 'add_poll_option', 'poll_edit' => 'edit_poll_option', 'mode' => 'mode');
FIND - Line 45
2.0.8 Code:
$$var = '';
}
}
AFTER, ADD
2.0.10 Code:
$confirm = isset($HTTP_POST_VARS['confirm']) ? true : false;
privmsg.php
FIND - Line 215
2.0.8 Code:
$pm_sql_user .= "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . "
REPLACE WITH
2.0.10 Code:
$pm_sql_user = "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . "
FIND - Line 496
2.0.8 Code:
$temp_url = append_sid("privmsg.$phpEx?mode=post&" . POST_USERS_URL . "=$poster_id");
REPLACE WITH
2.0.10 Code:
$temp_url = append_sid("privmsg.$phpEx?mode=post&" . POST_USERS_URL . "=$user_id_from");
FIND - Line 1045
2.0.8 Code:
OR privmsgs_type = " . PRIVMSGS_UNERAD_MAIL . " ) ";
REPLACE WITH
2.0.10 Code:
OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " ) ";
FIND - Line 1855
2.0.8 Code:
$post_new_mesg_url = '<a href="' . append_sid("privmsg.$phpEx?mode=post") . '"><img src="' . $images['post_new'] . '" alt="' . $lang['Post_new_message'] . '" border="0" /></a>';
REPLACE WITH
2.0.10 Code:
$post_new_mesg_url = '<a href="' . append_sid("privmsg.$phpEx?mode=post") . '"><img src="' . $images['post_new'] . '" alt="' . $lang['Send_a_new_message'] . '" border="0" /></a>';
FIND - Line 1935
2.0.8 Code:
$limit_msg_time = '';
$post_days = 0;
REPLACE WITH
2.0.10 Code:
$limit_msg_time = $limit_msg_time_total = '';
$msg_days = 0;
FIND - Line 2066
2.0.8 Code:
'U_POST_NEW_TOPIC' => $post_new_topic_url)
REPLACE WITH
2.0.10 Code:
'U_POST_NEW_TOPIC' => append_sid("privmsg.$phpEx?mode=post"))
profile.php
FIND - Line 86
2.0.8 Code:
if ( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
{
$mode = ( isset($HTTP_GET_VARS['mode']) ) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
AFTER, ADD
2.0.10 Code:
$mode = htmlspecialchars($mode);
search.php
FIND - Line 62
2.0.8 Code:
$search_author = ( isset($HTTP_POST_VARS['search_author']) ) ? $HTTP_POST_VARS['search_author'] : $HTTP_GET_VARS['search_author'];
AFTER, ADD
2.0.10 Code:
$search_author = htmlspecialchars($search_author);
FIND - Line 113
2.0.8 Code:
$search_time = time() - ( ( ( !empty($HTTP_POST_VARS['search_time']) ) ? intval($HTTP_POST_VARS['search_time']) : intval($HTTP_GET_VARS['search_time']) ) * 86400 );
}
else
{
$search_time = 0;
}
REPLACE WITH
2.0.10 Code:
$search_time = time() - ( ( ( !empty($HTTP_POST_VARS['search_time']) ) ? intval($HTTP_POST_VARS['search_time']) : intval($HTTP_GET_VARS['search_time']) ) * 86400 );
$topic_days = (!empty($HTTP_POST_VARS['search_time'])) ? intval($HTTP_POST_VARS['search_time']) : intval($HTTP_GET_VARS['search_time']);
}
else
{
$search_time = 0;
$topic_days = 0;
}
viewonline.php
FIND - Line 49
2.0.8 Code:
'L_WHOSONLINE' => $lang['Who_is_online'],
REPLACE WITH
2.0.10 Code:
'L_WHOSONLINE' => $lang['Who_is_Online'],
viewtopic.php
FIND - Line 66
2.0.8 Code:
if ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid']) || isset($HTTP_GET_VARS['sid']) )
{
$session_id = isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid']) ? $HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid'] : $HTTP_GET_VARS['sid'];
AFTER, ADD
2.0.10 Code:
if (!preg_match('/^[A-Za-z0-9]*$/', $session_id))
{
$session_id = '';
}
下面就是全部的修改過程 ~
phpBB 2.0.8 to phpBB 2.0.10 Code Changes
These are the Changes from phpBB 2.0.8 to phpBB 2.0.10 summed up into a little Mod. This might be very helpful if you want to update your Board and have installed a bunch of Mods. Then it's normally easier to apply the Code Changes than to install all Mods again.
When you find a 'AFTER, ADD'-Statement, the Code have to be added after the last line quoted in the 'FIND'-Statement.
When you find a 'BEFORE, ADD'-Statement, the Code have to be added before the first line quoted in the 'FIND'-Statement.
When you find a 'REPLACE WITH'-Statement, the Code quoted in the 'FIND'-Statement have to be replaced completely with the quoted Code in the 'REPLACE WITH'-Statement.
When you find a 'DELETE'-Statement, the Code have to be deleted.
After you have finished this tutorial, you have to upload the update_to_210.php file, execute it and then delete it from your webspace.
Ok, lets start:
admin/admin_board.php
FIND - Line 46
2.0.8 Code:
$default_config[$config_name] = $config_value;
REPLACE WITH
2.0.10 Code:
$default_config[$config_name] = isset($HTTP_POST_VARS['submit']) ? str_replace("'", "\'", $config_value) : $config_value;
admin/admin_styles.php
FIND - Line 49
2.0.8 Code:
require('./pagestart.' . $phpEx);
AFTER, ADD
2.0.10 Code:
$confirm = ( isset($HTTP_POST_VARS['confirm']) ) ? TRUE : FALSE;
$cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? TRUE : FALSE;
admin/index.php
FIND - Line 335
2.0.8 Code:
AND u.user_session_time >= " . ( time() - 300 ) . "
REPLACE WITH
2.0.10 Code:
AND s.session_time >= " . ( time() - 300 ) . "
common.php
FIND - Line 27
2.0.8 Code:
die("Hacking attempt");
}
AFTER, ADD
2.0.10 Code:
//
function unset_vars(&$var)
{
while (list($var_name, $null) = @each($var))
{
unset($GLOBALS[$var_name]);
}
return;
}
//
FIND - Line 41
2.0.8 Code:
error_reporting (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables
set_magic_quotes_runtime(0); // Disable magic_quotes_runtime
AFTER, ADD
2.0.10 Code:
$ini_val = (@phpversion() >= '4.0.0') ? 'ini_get' : 'get_cfg_var';
// Unset globally registered vars - PHP5 ... hhmmm
if (@$ini_val('register_globals') == '1' || strtolower(@$ini_val('register_globals')) == 'on')
{
$var_prefix = 'HTTP';
$var_suffix = '_VARS';
$test = array('_GET', '_POST', '_SERVER', '_COOKIE', '_ENV');
foreach ($test as $var)
{
if (is_array(${$var_prefix . $var . $var_suffix}))
{
unset_vars(${$var_prefix . $var . $var_suffix});
@reset(${$var_prefix . $var . $var_suffix});
}
if (is_array(${$var}))
{
unset_vars(${$var});
@reset(${$var});
}
}
if (is_array(${'_FILES'}))
{
unset_vars(${'_FILES'});
@reset(${'_FILES'});
}
if (is_array(${'HTTP_POST_FILES'}))
{
unset_vars(${'HTTP_POST_FILES'});
@reset(${'HTTP_POST_FILES'});
}
}
// PHP5 with register_long_arrays off?
if (!isset($HTTP_POST_VARS) && isset($_POST))
{
$HTTP_POST_VARS = $_POST;
$HTTP_GET_VARS = $_GET;
$HTTP_SERVER_VARS = $_SERVER;
$HTTP_COOKIE_VARS = $_COOKIE;
$HTTP_ENV_VARS = $_ENV;
$HTTP_POST_FILES = $_FILES;
}
FIND - Line 153
2.0.8 Code:
$theme = array();
$images = array();
$lang = array();
AFTER, ADD
2.0.10 Code:
$nav_links = array();
FIND - Line 174
2.0.8 Code:
if( getenv('HTTP_X_FORWARDED_FOR') != '' )
{
$client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR );
$entries = explode(',', getenv('HTTP_X_FORWARDED_FOR'));
reset($entries);
while (list(, $entry) = each($entries))
{
$entry = trim($entry);
if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", $entry, $ip_list) )
{
$private_ip = array('/^0\./', '/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.((1[6-9])|(2[0-9])|(3[0-1]))\..*/', '/^10\..*/', '/^224\..*/', '/^240\..*/');
$found_ip = preg_replace($private_ip, $client_ip, $ip_list[1]);
if ($client_ip != $found_ip)
{
$client_ip = $found_ip;
break;
}
}
}
}
else
{
$client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR );
}
REPLACE WITH
2.0.10 Code:
// I'm removing HTTP_X_FORWARDED_FOR ... this may well cause other problems such as
// private range IP's appearing instead of the guilty routable IP, tough, don't
// even bother complaining ... go scream and shout at the idiots out there who feel
// "clever" is doing harm rather than good ... karma is a great thing ...
//
$client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR );
faq.php
FIND - Line 37
2.0.8 Code:
// End session management
//
AFTER, ADD \r
2.0.10 Code:
// Set vars to prevent naughtiness
$faq = array();
FIND - Line 103
2.0.8 Code:
make_jumpbox('viewforum.'.$phpEx, $forum_id);
REPLACE WITH
2.0.10 Code:
make_jumpbox('viewforum.'.$phpEx);
groupcp.php
FIND - Line 428
2.0.8 Code:
AND aa.group_id = g.group_id(+)";
REPLACE WITH
2.0.10 Code:
AND aa.group_id (+) = g.group_id";
FIND - Line 1152
2.0.8 Code:
// Select all group that the user is a member of or where the user has
// a pending membership.
//
AFTER, ADD
2.0.10 Code:
$in_group = array();
FIND - Line 1248
2.0.8 Code:
$s_hidden_fields = '';
REPLACE WITH
2.0.10 Code:
$s_hidden_fields = '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />';
includes/bbcode.php
FIND - Line 284
2.0.8 Code:
$text = preg_replace("#\[img\]((ht|f)tp://)([^ \?&=\"
\t<]*?(\.(jpg|jpeg|gif|png)))\[/img\]#sie", "'[img:$uid]\\\1' . str_replace(' ', '%20', '\\\3') . '[/img:$uid]'", $text);
REPLACE WITH
2.0.10 Code:
$text = preg_replace("#\[img\]((http|ftp|https|ftps)://)([^ \?&=\#\"
\t<]*?(\.(jpg|jpeg|gif|png)))\[/img\]#sie", "'[img:$uid]\\\1' . str_replace(' ', '%20', '\\\3') . '[/img:$uid]'", $text);
includes/functions.php
FIND - Line 190
2.0.8 Code:
if ( !empty($SID) )
{
$boxstring .= '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />';
}
REPLACE WITH
2.0.10 Code:
// Let the jumpbox work again in sites having additional session id checks.
// if ( !empty($SID) )
// {
$boxstring .= '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />';
// }
FIND - Line 743
2.0.8 Code:
if (!empty($db))
{
$db->sql_close();
}
AFTER, ADD
2.0.10 Code:
if (strstr(urldecode($url), "
") || strstr(urldecode($url), "
"))
{
message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
}
includes/functions_post.php
FIND - Line 772
2.0.8 Code:
$page_title = $lang['Review_topic'] . " - $topic_title";
REPLACE WITH
2.0.10 Code:
$page_title = $lang['Emoticons'] . " - $topic_title";
includes/page_header.php
\r
FIND - Line 94
2.0.8 Code:
$logged_hidden_online = 0;
$guests_online = 0;
$online_userlist = '';
AFTER, ADD
2.0.10 Code:
$l_online_users = '';
FIND - Line 115
2.0.8 Code:
$prev_user_ip = '';
REPLACE WITH
2.0.10 Code:
$prev_user_ip = $prev_session_ip = '';
includes/sessions.php
FIND - Line 48
2.0.8 Code:
$sessiondata = array();
$session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : '';
$sessionmethod = SESSION_METHOD_GET;
}
AFTER, ADD
2.0.10 Code:
//
if (!preg_match('/^[A-Za-z0-9]*$/', $session_id))
{
$session_id = '';
}
FIND - Line 224
2.0.8 Code:
$sessiondata = array();
$session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : '';
$sessionmethod = SESSION_METHOD_GET;
}
AFTER, ADD
2.0.10 Code:
if (!preg_match('/^[A-Za-z0-9]*$/', $session_id))
{
$session_id = '';
}
FIND - Line 360
2.0.8 Code:
$sessionmethod = SESSION_METHOD_GET;
}
AFTER, ADD
2.0.10 Code:
if (!preg_match('/^[A-Za-z0-9]*$/', $session_id))
{
return;
}
includes/usercp_avatar.php
FIND - Line 86
2.0.8 Code:
if ( !preg_match('#^((http)|(ftp):\/\/[\w\-]+?\.([\w\-]+\.)+[\w]+(:[0-9]+)*\/.*?\.(gif|jpg|jpeg|png)$)#is', $avatar_filename) )
REPLACE WITH
2.0.10 Code:
if ( !preg_match("#^((ht|f)tp://)([^ \?&=\#\"
\t<]*?(\.(jpg|jpeg|gif|png))$)#is", $avatar_filename) )
includes/usercp_viewprofile.php
FIND - Line 44
2.0.8 Code:
message_die(GENERAL_ERROR, 'Could not obtain ranks information', '', __LINE__, __FILE__, $sql);
}
AFTER, ADD
2.0.10 Code:
$ranksrow = array();
index.php
FIND - Line 121
2.0.8 Code:
message_die(GENERAL_ERROR, 'Could not query categories list', '', __LINE__, __FILE__, $sql);
}
AFTER, ADD
2.0.10 Code:
$category_rows = array();
login.php
FIND - Line 96
2.0.8 Code:
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : '';
$redirect = str_replace('?', '&', $redirect);
AFTER, ADD
2.0.10 Code:
if (strstr(urldecode($redirect), "
") || strstr(urldecode($redirect), "
"))
{
message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
}
FIND - Line 116
2.0.8 Code:
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "";
$redirect = str_replace("?", "&", $redirect);
AFTER, ADD
2.0.10 Code:
if (strstr(urldecode($redirect), "
") || strstr(urldecode($redirect), "
"))
{
message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
}
memberlist.php
FIND - Line 238
2.0.8 Code:
'ROW_NUMBER' => $i + ( $HTTP_GET_VARS['start'] + 1 ),
REPLACE WITH
2.0.10 Code:
'ROW_NUMBER' => $i + ( $start + 1 ),
modcp.php
FIND - Line 841
2.0.8 Code:
'S_FORUM_SELECT' => make_forum_select("new_forum_id", false, $forum_id))
);
AFTER, ADD
2.0.10 Code:
//
// Define censored word matches
//
$orig_word = array();
$replacement_word = array();
obtain_word_list($orig_word, $replacement_word);
FIND - Line 847
2.0.8 Code:
$poster_id = $postrow[$i]['user_id'];
REPLACE WITH
2.0.10 Code:
$poster_id = $postrow[$i]['poster_id'];
DELETE - Line 879
2.0.8 Code:
//
// Define censored word matches
//
$orig_word = array();
$replacement_word = array();
obtain_word_list($orig_word, $replacement_word);
posting.php
FIND - Line 33
2.0.8 Code:
$params = array('submit' => 'post', 'confirm' => 'confirm', 'preview' => 'preview', 'delete' => 'delete', 'poll_delete' => 'poll_delete', 'poll_add' => 'add_poll_option', 'poll_edit' => 'edit_poll_option', 'mode' => 'mode');
REPLACE WITH
2.0.10 Code:
$params = array('submit' => 'post', 'preview' => 'preview', 'delete' => 'delete', 'poll_delete' => 'poll_delete', 'poll_add' => 'add_poll_option', 'poll_edit' => 'edit_poll_option', 'mode' => 'mode');
FIND - Line 45
2.0.8 Code:
$$var = '';
}
}
AFTER, ADD
2.0.10 Code:
$confirm = isset($HTTP_POST_VARS['confirm']) ? true : false;
privmsg.php
FIND - Line 215
2.0.8 Code:
$pm_sql_user .= "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . "
REPLACE WITH
2.0.10 Code:
$pm_sql_user = "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . "
FIND - Line 496
2.0.8 Code:
$temp_url = append_sid("privmsg.$phpEx?mode=post&" . POST_USERS_URL . "=$poster_id");
REPLACE WITH
2.0.10 Code:
$temp_url = append_sid("privmsg.$phpEx?mode=post&" . POST_USERS_URL . "=$user_id_from");
FIND - Line 1045
2.0.8 Code:
OR privmsgs_type = " . PRIVMSGS_UNERAD_MAIL . " ) ";
REPLACE WITH
2.0.10 Code:
OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " ) ";
FIND - Line 1855
2.0.8 Code:
$post_new_mesg_url = '<a href="' . append_sid("privmsg.$phpEx?mode=post") . '"><img src="' . $images['post_new'] . '" alt="' . $lang['Post_new_message'] . '" border="0" /></a>';
REPLACE WITH
2.0.10 Code:
$post_new_mesg_url = '<a href="' . append_sid("privmsg.$phpEx?mode=post") . '"><img src="' . $images['post_new'] . '" alt="' . $lang['Send_a_new_message'] . '" border="0" /></a>';
FIND - Line 1935
2.0.8 Code:
$limit_msg_time = '';
$post_days = 0;
REPLACE WITH
2.0.10 Code:
$limit_msg_time = $limit_msg_time_total = '';
$msg_days = 0;
FIND - Line 2066
2.0.8 Code:
'U_POST_NEW_TOPIC' => $post_new_topic_url)
REPLACE WITH
2.0.10 Code:
'U_POST_NEW_TOPIC' => append_sid("privmsg.$phpEx?mode=post"))
profile.php
FIND - Line 86
2.0.8 Code:
if ( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
{
$mode = ( isset($HTTP_GET_VARS['mode']) ) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
AFTER, ADD
2.0.10 Code:
$mode = htmlspecialchars($mode);
search.php
FIND - Line 62
2.0.8 Code:
$search_author = ( isset($HTTP_POST_VARS['search_author']) ) ? $HTTP_POST_VARS['search_author'] : $HTTP_GET_VARS['search_author'];
AFTER, ADD
2.0.10 Code:
$search_author = htmlspecialchars($search_author);
FIND - Line 113
2.0.8 Code:
$search_time = time() - ( ( ( !empty($HTTP_POST_VARS['search_time']) ) ? intval($HTTP_POST_VARS['search_time']) : intval($HTTP_GET_VARS['search_time']) ) * 86400 );
}
else
{
$search_time = 0;
}
REPLACE WITH
2.0.10 Code:
$search_time = time() - ( ( ( !empty($HTTP_POST_VARS['search_time']) ) ? intval($HTTP_POST_VARS['search_time']) : intval($HTTP_GET_VARS['search_time']) ) * 86400 );
$topic_days = (!empty($HTTP_POST_VARS['search_time'])) ? intval($HTTP_POST_VARS['search_time']) : intval($HTTP_GET_VARS['search_time']);
}
else
{
$search_time = 0;
$topic_days = 0;
}
viewonline.php
FIND - Line 49
2.0.8 Code:
'L_WHOSONLINE' => $lang['Who_is_online'],
REPLACE WITH
2.0.10 Code:
'L_WHOSONLINE' => $lang['Who_is_Online'],
viewtopic.php
FIND - Line 66
2.0.8 Code:
if ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid']) || isset($HTTP_GET_VARS['sid']) )
{
$session_id = isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid']) ? $HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid'] : $HTTP_GET_VARS['sid'];
AFTER, ADD
2.0.10 Code:
if (!preg_match('/^[A-Za-z0-9]*$/', $session_id))
{
$session_id = '';
}
這個是 我從 2.0.6 -> 2.0.7 的紀錄
phpBB 2.0.6 to phpBB 2.0.7 Code Changes
These are the Changes from phpBB 2.0.6 to phpBB 2.0.7 summed up into a little Mod. This might be very helpful if you want to update your Board and have installed a bunch of Mods. Then it's normally easier to apply the Code Changes than to install all Mods again.
When you find a 'AFTER, ADD'-Statement, the Code have to be added after the last line quoted in the 'FIND'-Statement.
When you find a 'BEFORE, ADD'-Statement, the Code have to be added before the first line quoted in the 'FIND'-Statement.
When you find a 'REPLACE WITH'-Statement, the Code quoted in the 'FIND'-Statement have to be replaced completely with the quoted Code in the 'REPLACE WITH'-Statement.
When you find a 'DELETE'-Statement, the Code have to be deleted.
After you have finished this tutorial, you have to upload the update_to_207.php file, execute it and then delete it from your webspace.
Ok, lets start:
groupcp.php
FIND - Line 140
2.0.6 Code:
if ( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) )
{
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
AFTER, ADD
2.0.7 Code:
$mode = htmlspecialchars($mode);
FIND - Line 594
2.0.6 Code:
$sql_in .= ( ( $sql_in != '' ) ? ', ' : '' ) . $members[$i];
REPLACE WITH
2.0.7 Code:
$sql_in .= ( ( $sql_in != '' ) ? ', ' : '' ) . intval($members[$i]);
includes/auth.php
FIND - Line 174
2.0.6 Code:
}
while( $row = $db->sql_fetchrow($result) );
}
AFTER, ADD
2.0.7 Code:
$db->sql_freeresult($result);
includes/bbcode.php
FIND - Line 108
2.0.6 Code:
$bbcode_tpl['url4'] = str_replace('{DESCRIPTION}', '\\\5', $bbcode_tpl['url4']);
REPLACE WITH
2.0.7 Code:
$bbcode_tpl['url4'] = str_replace('{DESCRIPTION}', '\\\3', $bbcode_tpl['url4']);
FIND - Line 201
2.0.6 Code:
$patterns[] = "#\[url\]([\w]+?://.*?[^ \"
\t<]*?)\[/url\]#is";
$replacements[] = $bbcode_tpl['url1'];
// http://www.phpbb.com code.. (no xxxx:// prefix).
$patterns[] = "#\[url\]((www|ftp)\.([\w\-]+\.)*?[\w\-]+\.[a-z]{2,4}(:?[0-9]*?/[^ \"
\t<]*)?)\[/url\]#is";
$replacements[] = $bbcode_tpl['url2'];
// [url=xxxx://www.phpbb.com]phpBB[/url] code..
$patterns[] = "#\+?://.*?[^ \"
\t<]*?)\](.*?)\[/url\]#is";
$replacements[] = $bbcode_tpl['url3'];
// [url=http://www.phpbb.com]phpBB code.. (no xxxx:// prefix).
$patterns[] = "#\+\.)*?[\w\-]+\.[a-z]{2,4}(:?[0-9]*?/[^ \"
\t<]*)?)\](.*?)\[/url\]#is";
REPLACE WITH
2.0.7 Code:
$patterns[] = "#\[url\]([\w]+?://[^ \"
\t<]*?)\[/url\]#is";
$replacements[] = $bbcode_tpl['url1'];
// [url]http://www.phpbb.com code.. (no xxxx:// prefix).
$patterns[] = "#\[url\]((www|ftp)\.[^ \"\
\t<]*?)\[/url\]#is";
$replacements[] = $bbcode_tpl['url2'];
// [url=xxxx://www.phpbb.com]phpBB[/url] code..
$patterns[] = "#\+?://[^ \"
\t<]*?)\](.*?)\[/url\]#is";
$replacements[] = $bbcode_tpl['url3'];
// [url=http://www.phpbb.com]phpBB code.. (no xxxx:// prefix).
$patterns[] = "#\[url=((www|ftp)\.[^ \"
\t<]*?)\](.*?)\[/url\]#is";
FIND - Line 624
2.0.6 Code:
$ret = preg_replace("#(^|[
])([\w]+?://.*?[^ \"
\t<]*)#is", "\\\1<a href=\"\\\2\" target=\"_blank\">\\\2</a>", $ret);
// matches a "www|ftp.xxxx.yyyy[/zzzz]" kinda lazy URL thing
// Must contain at least 2 dots. xxxx contains either alphanum, or "-"
// zzzz is optional.. will contain everything up to the first space, newline,
// comma, double quote or <.
$ret = preg_replace("#(^|[
])((www|ftp)\.[\w\-]+\.[\w\-.\~]+(?:/[^ \"\t
<]*)?)#is", "\\\1<a href=\"http://\\\2\" target=\"_blank\">\\\2</a>", $ret);
REPLACE WITH
2.0.7 Code:
$ret = preg_replace("#(^|[
])([\w]+?://[^ \"
\t<]*)#is", "\\\1<a href=\"\\\2\" target=\"_blank\">\\\2</a>", $ret);
// matches a "www|ftp.xxxx.yyyy[/zzzz]" kinda lazy URL thing
// Must contain at least 2 dots. xxxx contains either alphanum, or "-"
// zzzz is optional.. will contain everything up to the first space, newline,
// comma, double quote or <.
$ret = preg_replace("#(^|[
])((www|ftp)\.[^ \"\t
<]*)#is", "\\\1<a href=\"http://\\\2\" target=\"_blank\">\\\2</a>", $ret);
includes/functions_search.php
FIND - Line 243
2.0.6 Code:
$sql = "INSERT IGNORE INTO " . SEARCH_MATCH_TABLE . " (post_id, word_id, title_match)
REPLACE WITH
2.0.7 Code:
\r
$sql = "INSERT INTO " . SEARCH_MATCH_TABLE . " (post_id, word_id, title_match)
includes/topic_review.php
FIND - Line 54
2.0.6 Code:
{
message_die(GENERAL_MESSAGE, 'Topic_post_not_exist');
}
AFTER, ADD
2.0.7 Code:
$db->sql_freeresult($result);
FIND - Line 211
2.0.6 Code:
{
message_die(GENERAL_MESSAGE, 'Topic_post_not_exist', '', __LINE__, __FILE__, $sql);
}
AFTER, ADD
2.0.7 Code:
$db->sql_freeresult($result);
includes/usercp_register.php
FIND - Line 748
2.0.6 Code:
$avatar_category = ( !empty($HTTP_POST_VARS['avatarcategory']) ) ? $HTTP_POST_VARS['avatarcategory'] : '';
REPLACE WITH
2.0.7 Code:
$avatar_category = ( !empty($HTTP_POST_VARS['avatarcategory']) ) ? htmlspecialchars($HTTP_POST_VARS['avatarcategory']) : '';
index.php
FIND - Line 122
2.0.6 Code:
}
while( $category_rows[] = $db->sql_fetchrow($result) );
AFTER, ADD
2.0.7 Code:
$db->sql_freeresult($result);
FIND - Line 174
2.0.6 Code:
{
$forum_data[] = $row;
}
AFTER, ADD
2.0.7 Code:
$db->sql_freeresult($result);
FIND - Line 202
2.0.6 Code:
{
$new_topic_data[$topic_data['forum_id']][$topic_data['topic_id']] = $topic_data['post_time'];
}
AFTER, ADD
2.0.7 Code:
$db->sql_freeresult($result);
FIND - Line 228
2.0.6 Code:
{
$forum_moderators[$row['forum_id']][] = '<a href="' . append_sid("profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=" . $row['user_id']) . '">' . $row['username'] . '</a>';
}
AFTER, ADD
2.0.7 Code:
$db->sql_freeresult($result);
FIND - Line 248
2.0.6 Code:
{
$forum_moderators[$row['forum_id']][] = '<a href="' . append_sid("groupcp.$phpEx?" . POST_GROUPS_URL . "=" . $row['group_id']) . '">' . $row['group_name'] . '</a>';
}
AFTER, ADD
2.0.7 Code:
$db->sql_freeresult($result);
login.php
FIND - Line 86
2.0.6 Code:
$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? $HTTP_POST_VARS['redirect'] : "index.$phpEx";
REPLACE WITH
2.0.7 Code:
$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : "index.$phpEx";
FIND - Line 96
2.0.6 Code:
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? $HTTP_POST_VARS['redirect'] : '';
REPLACE WITH
2.0.7 Code:
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : '';
FIND - Line 111
2.0.6 Code:
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? $HTTP_POST_VARS['redirect'] : "";
REPLACE WITH
2.0.7 Code:
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : "";
FIND - Line 132
2.0.6 Code:
$url = (!empty($HTTP_POST_VARS['redirect'])) ? $HTTP_POST_VARS['redirect'] : $HTTP_GET_VARS['redirect'];
REPLACE WITH
2.0.7 Code:
$url = (!empty($HTTP_POST_VARS['redirect'])) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : htmlspecialchars($HTTP_GET_VARS['redirect']);
FIND - Line 142
2.0.6 Code:
$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? $HTTP_POST_VARS['redirect'] : "index.$phpEx";
REPLACE WITH
2.0.7 Code:
$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : "index.$phpEx";
memberlist.php
FIND - Line 272
2.0.6 Code:
$i++;
}
while ( $row = $db->sql_fetchrow($result) );
AFTER, ADD
2.0.7 Code:
$db->sql_freeresult($result);
FIND - Line 292
2.0.6 Code:
$pagination = generate_pagination("memberlist.$phpEx?mode=$mode&order=$sort_order", $total_members, $board_config['topics_per_page'], $start). ' ';
}
AFTER, ADD
2.0.7 Code:
$db->sql_freeresult($result);
modcp.php
FIND - Line 83
2.0.6 Code:
if ( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) )
{
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
AFTER, ADD
2.0.7 Code:
$mode = htmlspecialchars($mode);
posting.php
FIND - Line 38
2.0.6 Code:
$$var = ( !empty($HTTP_POST_VARS[$param]) ) ? $HTTP_POST_VARS[$param] : $HTTP_GET_VARS[$param];
REPLACE WITH
2.0.7 Code:
$$var = ( !empty($HTTP_POST_VARS[$param]) ) ? htmlspecialchars($HTTP_POST_VARS[$param]) : htmlspecialchars($HTTP_GET_VARS[$param]);
FIND - Line 224
2.0.6 Code:
if ( $result = $db->sql_query($sql) )
{
$post_info = $db->sql_fetchrow($result);
AFTER, ADD
2.0.7 Code:
$db->sql_freeresult($result);
FIND - Line 279
2.0.6 Code:
}
while ( $row = $db->sql_fetchrow($result) );
}
AFTER, ADD
2.0.7 Code:
$db->sql_freeresult($result);
FIND - Line 402
2.0.6 Code:
}
$notify_user = ( $db->sql_fetchrow($result) ) ? TRUE : $userdata['user_notify'];
AFTER, ADD
2.0.7 Code:
$db->sql_freeresult($result);
FIND - Line 477
2.0.6 Code:
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain user vote data for this topic', '', __LINE__, __FILE__, $sql);
}
if ( !($row = $db->sql_fetchrow($result)) )
REPLACE WITH
2.0.7 Code:
if ( !($result2 = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain user vote data for this topic', '', __LINE__, __FILE__, $sql);
}
if ( !($row = $db->sql_fetchrow($result2)) )
FIND - Line 506
2.0.6 Code:
{
$message = $lang['Already_voted'];
}
AFTER, ADD
2.0.7 Code:
$db->sql_freeresult($result2);
FIND - Line 508
2.0.6 Code:
else
{
$message = $lang['No_vote_option'];
}
AFTER, ADD
2.0.7 Code:
$db->sql_freeresult($result);
privmsg.php
FIND - Line 61
2.0.6 Code:
if ( isset($HTTP_POST_VARS['folder']) || isset($HTTP_GET_VARS['folder']) )
{
$folder = ( isset($HTTP_POST_VARS['folder']) ) ? $HTTP_POST_VARS['folder'] : $HTTP_GET_VARS['folder'];
AFTER, ADD
2.0.7 Code:
$folder = htmlspecialchars($folder);
DELETE - Line 73
2.0.6 Code:
// session id check
if (!empty($HTTP_POST_VARS['sid']) || !empty($HTTP_GET_VARS['sid']))
{
$sid = (!empty($HTTP_POST_VARS['sid'])) ? $HTTP_POST_VARS['sid'] : $HTTP_GET_VARS['sid'];
}
else
{
$sid = '';
}
FIND - Line 96
2.0.6 Code:
if ( !empty($HTTP_POST_VARS['mode']) || !empty($HTTP_GET_VARS['mode']) )
{
$mode = ( !empty($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
AFTER, ADD
2.0.7 Code:
$mode = htmlspecialchars($mode);
search.php
FIND - Line 685
2.0.6 Code:
if ( intval($search_id) )
REPLACE WITH
2.0.7 Code:
$search_id = intval($search_id);
if ( $search_id )
templates/subSilver/index_body.tpl
FIND - Line 94
2.0.6 Code:
<td width="20" align="center"><img src="templates/subSilver/images/folder_new.gif" alt="{L_NEW_POSTS}"/></td>
<td><span class="gensmall">{L_NEW_POSTS}</span></td>
<td> </td>
<td width="20" align="center"><img src="templates/subSilver/images/folder.gif" alt="{L_NO_NEW_POSTS}" /></td>
<td><span class="gensmall">{L_NO_NEW_POSTS}</span></td>
<td> </td>
<td width="20" align="center"><img src="templates/subSilver/images/folder_lock.gif" alt="{L_FORUM_LOCKED}" /></td>
REPLACE WITH
2.0.7 Code:
<td width="20" align="center"><img src="templates/subSilver/images/folder_new_big.gif" alt="{L_NEW_POSTS}"/></td>
<td><span class="gensmall">{L_NEW_POSTS}</span></td>
<td> </td>
<td width="20" align="center"><img src="templates/subSilver/images/folder_big.gif" alt="{L_NO_NEW_POSTS}" /></td>
<td><span class="gensmall">{L_NO_NEW_POSTS}</span></td>
<td> </td>
<td width="20" align="center"><img src="templates/subSilver/images/folder_locked_big.gif" alt="{L_FORUM_LOCKED}" /></td>
viewforum.php
FIND - Line 243
2.0.6 Code:
$topic_days = ( !empty($HTTP_POST_VARS['topicdays']) ) ? $HTTP_POST_VARS['topicdays'] : $HTTP_GET_VARS['topicdays'];
REPLACE WITH
2.0.7 Code:
$topic_days = ( !empty($HTTP_POST_VARS['topicdays']) ) ? intval($HTTP_POST_VARS['topicdays']) : intval($HTTP_GET_VARS['topicdays']);
viewtopic.php
\n
FIND - Line 317
2.0.6 Code:
$post_days = ( !empty($HTTP_POST_VARS['postdays']) ) ? $HTTP_POST_VARS['postdays'] : $HTTP_GET_VARS['postdays'];
REPLACE WITH
2.0.7 Code:
$post_days = ( !empty($HTTP_POST_VARS['postdays']) ) ? intval($HTTP_POST_VARS['postdays']) : intval($HTTP_GET_VARS['postdays']);
FIND - Line 360
2.0.6 Code:
$post_order = (!empty($HTTP_POST_VARS['postorder'])) ? $HTTP_POST_VARS['postorder'] : $HTTP_GET_VARS['postorder'];
REPLACE WITH
2.0.7 Code:
$post_order = (!empty($HTTP_POST_VARS['postorder'])) ? htmlspecialchars($HTTP_POST_VARS['postorder']) : htmlspecialchars($HTTP_GET_VARS['postorder']);
phpBB 2.0.6 to phpBB 2.0.7 Code Changes
These are the Changes from phpBB 2.0.6 to phpBB 2.0.7 summed up into a little Mod. This might be very helpful if you want to update your Board and have installed a bunch of Mods. Then it's normally easier to apply the Code Changes than to install all Mods again.
When you find a 'AFTER, ADD'-Statement, the Code have to be added after the last line quoted in the 'FIND'-Statement.
When you find a 'BEFORE, ADD'-Statement, the Code have to be added before the first line quoted in the 'FIND'-Statement.
When you find a 'REPLACE WITH'-Statement, the Code quoted in the 'FIND'-Statement have to be replaced completely with the quoted Code in the 'REPLACE WITH'-Statement.
When you find a 'DELETE'-Statement, the Code have to be deleted.
After you have finished this tutorial, you have to upload the update_to_207.php file, execute it and then delete it from your webspace.
Ok, lets start:
groupcp.php
FIND - Line 140
2.0.6 Code:
if ( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) )
{
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
AFTER, ADD
2.0.7 Code:
$mode = htmlspecialchars($mode);
FIND - Line 594
2.0.6 Code:
$sql_in .= ( ( $sql_in != '' ) ? ', ' : '' ) . $members[$i];
REPLACE WITH
2.0.7 Code:
$sql_in .= ( ( $sql_in != '' ) ? ', ' : '' ) . intval($members[$i]);
includes/auth.php
FIND - Line 174
2.0.6 Code:
}
while( $row = $db->sql_fetchrow($result) );
}
AFTER, ADD
2.0.7 Code:
$db->sql_freeresult($result);
includes/bbcode.php
FIND - Line 108
2.0.6 Code:
$bbcode_tpl['url4'] = str_replace('{DESCRIPTION}', '\\\5', $bbcode_tpl['url4']);
REPLACE WITH
2.0.7 Code:
$bbcode_tpl['url4'] = str_replace('{DESCRIPTION}', '\\\3', $bbcode_tpl['url4']);
FIND - Line 201
2.0.6 Code:
$patterns[] = "#\[url\]([\w]+?://.*?[^ \"
\t<]*?)\[/url\]#is";
$replacements[] = $bbcode_tpl['url1'];
// http://www.phpbb.com code.. (no xxxx:// prefix).
$patterns[] = "#\[url\]((www|ftp)\.([\w\-]+\.)*?[\w\-]+\.[a-z]{2,4}(:?[0-9]*?/[^ \"
\t<]*)?)\[/url\]#is";
$replacements[] = $bbcode_tpl['url2'];
// [url=xxxx://www.phpbb.com]phpBB[/url] code..
$patterns[] = "#\+?://.*?[^ \"
\t<]*?)\](.*?)\[/url\]#is";
$replacements[] = $bbcode_tpl['url3'];
// [url=http://www.phpbb.com]phpBB code.. (no xxxx:// prefix).
$patterns[] = "#\+\.)*?[\w\-]+\.[a-z]{2,4}(:?[0-9]*?/[^ \"
\t<]*)?)\](.*?)\[/url\]#is";
REPLACE WITH
2.0.7 Code:
$patterns[] = "#\[url\]([\w]+?://[^ \"
\t<]*?)\[/url\]#is";
$replacements[] = $bbcode_tpl['url1'];
// [url]http://www.phpbb.com code.. (no xxxx:// prefix).
$patterns[] = "#\[url\]((www|ftp)\.[^ \"\
\t<]*?)\[/url\]#is";
$replacements[] = $bbcode_tpl['url2'];
// [url=xxxx://www.phpbb.com]phpBB[/url] code..
$patterns[] = "#\+?://[^ \"
\t<]*?)\](.*?)\[/url\]#is";
$replacements[] = $bbcode_tpl['url3'];
// [url=http://www.phpbb.com]phpBB code.. (no xxxx:// prefix).
$patterns[] = "#\[url=((www|ftp)\.[^ \"
\t<]*?)\](.*?)\[/url\]#is";
FIND - Line 624
2.0.6 Code:
$ret = preg_replace("#(^|[
])([\w]+?://.*?[^ \"
\t<]*)#is", "\\\1<a href=\"\\\2\" target=\"_blank\">\\\2</a>", $ret);
// matches a "www|ftp.xxxx.yyyy[/zzzz]" kinda lazy URL thing
// Must contain at least 2 dots. xxxx contains either alphanum, or "-"
// zzzz is optional.. will contain everything up to the first space, newline,
// comma, double quote or <.
$ret = preg_replace("#(^|[
])((www|ftp)\.[\w\-]+\.[\w\-.\~]+(?:/[^ \"\t
<]*)?)#is", "\\\1<a href=\"http://\\\2\" target=\"_blank\">\\\2</a>", $ret);
REPLACE WITH
2.0.7 Code:
$ret = preg_replace("#(^|[
])([\w]+?://[^ \"
\t<]*)#is", "\\\1<a href=\"\\\2\" target=\"_blank\">\\\2</a>", $ret);
// matches a "www|ftp.xxxx.yyyy[/zzzz]" kinda lazy URL thing
// Must contain at least 2 dots. xxxx contains either alphanum, or "-"
// zzzz is optional.. will contain everything up to the first space, newline,
// comma, double quote or <.
$ret = preg_replace("#(^|[
])((www|ftp)\.[^ \"\t
<]*)#is", "\\\1<a href=\"http://\\\2\" target=\"_blank\">\\\2</a>", $ret);
includes/functions_search.php
FIND - Line 243
2.0.6 Code:
$sql = "INSERT IGNORE INTO " . SEARCH_MATCH_TABLE . " (post_id, word_id, title_match)
REPLACE WITH
2.0.7 Code:
\r
$sql = "INSERT INTO " . SEARCH_MATCH_TABLE . " (post_id, word_id, title_match)
includes/topic_review.php
FIND - Line 54
2.0.6 Code:
{
message_die(GENERAL_MESSAGE, 'Topic_post_not_exist');
}
AFTER, ADD
2.0.7 Code:
$db->sql_freeresult($result);
FIND - Line 211
2.0.6 Code:
{
message_die(GENERAL_MESSAGE, 'Topic_post_not_exist', '', __LINE__, __FILE__, $sql);
}
AFTER, ADD
2.0.7 Code:
$db->sql_freeresult($result);
includes/usercp_register.php
FIND - Line 748
2.0.6 Code:
$avatar_category = ( !empty($HTTP_POST_VARS['avatarcategory']) ) ? $HTTP_POST_VARS['avatarcategory'] : '';
REPLACE WITH
2.0.7 Code:
$avatar_category = ( !empty($HTTP_POST_VARS['avatarcategory']) ) ? htmlspecialchars($HTTP_POST_VARS['avatarcategory']) : '';
index.php
FIND - Line 122
2.0.6 Code:
}
while( $category_rows[] = $db->sql_fetchrow($result) );
AFTER, ADD
2.0.7 Code:
$db->sql_freeresult($result);
FIND - Line 174
2.0.6 Code:
{
$forum_data[] = $row;
}
AFTER, ADD
2.0.7 Code:
$db->sql_freeresult($result);
FIND - Line 202
2.0.6 Code:
{
$new_topic_data[$topic_data['forum_id']][$topic_data['topic_id']] = $topic_data['post_time'];
}
AFTER, ADD
2.0.7 Code:
$db->sql_freeresult($result);
FIND - Line 228
2.0.6 Code:
{
$forum_moderators[$row['forum_id']][] = '<a href="' . append_sid("profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=" . $row['user_id']) . '">' . $row['username'] . '</a>';
}
AFTER, ADD
2.0.7 Code:
$db->sql_freeresult($result);
FIND - Line 248
2.0.6 Code:
{
$forum_moderators[$row['forum_id']][] = '<a href="' . append_sid("groupcp.$phpEx?" . POST_GROUPS_URL . "=" . $row['group_id']) . '">' . $row['group_name'] . '</a>';
}
AFTER, ADD
2.0.7 Code:
$db->sql_freeresult($result);
login.php
FIND - Line 86
2.0.6 Code:
$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? $HTTP_POST_VARS['redirect'] : "index.$phpEx";
REPLACE WITH
2.0.7 Code:
$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : "index.$phpEx";
FIND - Line 96
2.0.6 Code:
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? $HTTP_POST_VARS['redirect'] : '';
REPLACE WITH
2.0.7 Code:
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : '';
FIND - Line 111
2.0.6 Code:
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? $HTTP_POST_VARS['redirect'] : "";
REPLACE WITH
2.0.7 Code:
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : "";
FIND - Line 132
2.0.6 Code:
$url = (!empty($HTTP_POST_VARS['redirect'])) ? $HTTP_POST_VARS['redirect'] : $HTTP_GET_VARS['redirect'];
REPLACE WITH
2.0.7 Code:
$url = (!empty($HTTP_POST_VARS['redirect'])) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : htmlspecialchars($HTTP_GET_VARS['redirect']);
FIND - Line 142
2.0.6 Code:
$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? $HTTP_POST_VARS['redirect'] : "index.$phpEx";
REPLACE WITH
2.0.7 Code:
$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : "index.$phpEx";
memberlist.php
FIND - Line 272
2.0.6 Code:
$i++;
}
while ( $row = $db->sql_fetchrow($result) );
AFTER, ADD
2.0.7 Code:
$db->sql_freeresult($result);
FIND - Line 292
2.0.6 Code:
$pagination = generate_pagination("memberlist.$phpEx?mode=$mode&order=$sort_order", $total_members, $board_config['topics_per_page'], $start). ' ';
}
AFTER, ADD
2.0.7 Code:
$db->sql_freeresult($result);
modcp.php
FIND - Line 83
2.0.6 Code:
if ( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) )
{
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
AFTER, ADD
2.0.7 Code:
$mode = htmlspecialchars($mode);
posting.php
FIND - Line 38
2.0.6 Code:
$$var = ( !empty($HTTP_POST_VARS[$param]) ) ? $HTTP_POST_VARS[$param] : $HTTP_GET_VARS[$param];
REPLACE WITH
2.0.7 Code:
$$var = ( !empty($HTTP_POST_VARS[$param]) ) ? htmlspecialchars($HTTP_POST_VARS[$param]) : htmlspecialchars($HTTP_GET_VARS[$param]);
FIND - Line 224
2.0.6 Code:
if ( $result = $db->sql_query($sql) )
{
$post_info = $db->sql_fetchrow($result);
AFTER, ADD
2.0.7 Code:
$db->sql_freeresult($result);
FIND - Line 279
2.0.6 Code:
}
while ( $row = $db->sql_fetchrow($result) );
}
AFTER, ADD
2.0.7 Code:
$db->sql_freeresult($result);
FIND - Line 402
2.0.6 Code:
}
$notify_user = ( $db->sql_fetchrow($result) ) ? TRUE : $userdata['user_notify'];
AFTER, ADD
2.0.7 Code:
$db->sql_freeresult($result);
FIND - Line 477
2.0.6 Code:
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain user vote data for this topic', '', __LINE__, __FILE__, $sql);
}
if ( !($row = $db->sql_fetchrow($result)) )
REPLACE WITH
2.0.7 Code:
if ( !($result2 = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain user vote data for this topic', '', __LINE__, __FILE__, $sql);
}
if ( !($row = $db->sql_fetchrow($result2)) )
FIND - Line 506
2.0.6 Code:
{
$message = $lang['Already_voted'];
}
AFTER, ADD
2.0.7 Code:
$db->sql_freeresult($result2);
FIND - Line 508
2.0.6 Code:
else
{
$message = $lang['No_vote_option'];
}
AFTER, ADD
2.0.7 Code:
$db->sql_freeresult($result);
privmsg.php
FIND - Line 61
2.0.6 Code:
if ( isset($HTTP_POST_VARS['folder']) || isset($HTTP_GET_VARS['folder']) )
{
$folder = ( isset($HTTP_POST_VARS['folder']) ) ? $HTTP_POST_VARS['folder'] : $HTTP_GET_VARS['folder'];
AFTER, ADD
2.0.7 Code:
$folder = htmlspecialchars($folder);
DELETE - Line 73
2.0.6 Code:
// session id check
if (!empty($HTTP_POST_VARS['sid']) || !empty($HTTP_GET_VARS['sid']))
{
$sid = (!empty($HTTP_POST_VARS['sid'])) ? $HTTP_POST_VARS['sid'] : $HTTP_GET_VARS['sid'];
}
else
{
$sid = '';
}
FIND - Line 96
2.0.6 Code:
if ( !empty($HTTP_POST_VARS['mode']) || !empty($HTTP_GET_VARS['mode']) )
{
$mode = ( !empty($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
AFTER, ADD
2.0.7 Code:
$mode = htmlspecialchars($mode);
search.php
FIND - Line 685
2.0.6 Code:
if ( intval($search_id) )
REPLACE WITH
2.0.7 Code:
$search_id = intval($search_id);
if ( $search_id )
templates/subSilver/index_body.tpl
FIND - Line 94
2.0.6 Code:
<td width="20" align="center"><img src="templates/subSilver/images/folder_new.gif" alt="{L_NEW_POSTS}"/></td>
<td><span class="gensmall">{L_NEW_POSTS}</span></td>
<td> </td>
<td width="20" align="center"><img src="templates/subSilver/images/folder.gif" alt="{L_NO_NEW_POSTS}" /></td>
<td><span class="gensmall">{L_NO_NEW_POSTS}</span></td>
<td> </td>
<td width="20" align="center"><img src="templates/subSilver/images/folder_lock.gif" alt="{L_FORUM_LOCKED}" /></td>
REPLACE WITH
2.0.7 Code:
<td width="20" align="center"><img src="templates/subSilver/images/folder_new_big.gif" alt="{L_NEW_POSTS}"/></td>
<td><span class="gensmall">{L_NEW_POSTS}</span></td>
<td> </td>
<td width="20" align="center"><img src="templates/subSilver/images/folder_big.gif" alt="{L_NO_NEW_POSTS}" /></td>
<td><span class="gensmall">{L_NO_NEW_POSTS}</span></td>
<td> </td>
<td width="20" align="center"><img src="templates/subSilver/images/folder_locked_big.gif" alt="{L_FORUM_LOCKED}" /></td>
viewforum.php
FIND - Line 243
2.0.6 Code:
$topic_days = ( !empty($HTTP_POST_VARS['topicdays']) ) ? $HTTP_POST_VARS['topicdays'] : $HTTP_GET_VARS['topicdays'];
REPLACE WITH
2.0.7 Code:
$topic_days = ( !empty($HTTP_POST_VARS['topicdays']) ) ? intval($HTTP_POST_VARS['topicdays']) : intval($HTTP_GET_VARS['topicdays']);
viewtopic.php
\n
FIND - Line 317
2.0.6 Code:
$post_days = ( !empty($HTTP_POST_VARS['postdays']) ) ? $HTTP_POST_VARS['postdays'] : $HTTP_GET_VARS['postdays'];
REPLACE WITH
2.0.7 Code:
$post_days = ( !empty($HTTP_POST_VARS['postdays']) ) ? intval($HTTP_POST_VARS['postdays']) : intval($HTTP_GET_VARS['postdays']);
FIND - Line 360
2.0.6 Code:
$post_order = (!empty($HTTP_POST_VARS['postorder'])) ? $HTTP_POST_VARS['postorder'] : $HTTP_GET_VARS['postorder'];
REPLACE WITH
2.0.7 Code:
$post_order = (!empty($HTTP_POST_VARS['postorder'])) ? htmlspecialchars($HTTP_POST_VARS['postorder']) : htmlspecialchars($HTTP_GET_VARS['postorder']);
這個是 我從 2.0.7 -> 2.0.8 的紀錄
phpBB 2.0.7 to phpBB 2.0.8 Code Changes
These are the Changes from phpBB 2.0.7 to phpBB 2.0.8 summed up into a little Mod. This might be very helpful if you want to update your Board and have installed a bunch of Mods. Then it's normally easier to apply the Code Changes than to install all Mods again.
When you find a 'AFTER, ADD'-Statement, the Code have to be added after the last line quoted in the 'FIND'-Statement.
When you find a 'BEFORE, ADD'-Statement, the Code have to be added before the first line quoted in the 'FIND'-Statement.
When you find a 'REPLACE WITH'-Statement, the Code quoted in the 'FIND'-Statement have to be replaced completely with the quoted Code in the 'REPLACE WITH'-Statement.
When you find a 'DELETE'-Statement, the Code have to be deleted.
After you have finished this tutorial, you have to upload the update_to_208.php file (found within every phpBB Package), execute it and then delete it from your webspace.
From phpBB 2.0.7 to 2.0.8 there were no database changes, except the version number increment.
Ok, lets start:
admin/admin_forumauth.php
FIND - Line 105
2.0.7 Code:
$simple_ary = $simple_auth_ary[$HTTP_POST_VARS['simpleauth']];
for($i = 0; $i < count($simple_ary); $i++)
{
$sql .= ( ( $sql != '' ) ? ', ' : '' ) . $forum_auth_fields[$i] . ' = ' . $simple_ary[$i];
}
$sql = "UPDATE " . FORUMS_TABLE . " SET $sql WHERE forum_id = $forum_id";
}
else
{
for($i = 0; $i < count($forum_auth_fields); $i++)
{
$value = $HTTP_POST_VARS[$forum_auth_fields[$i]];
REPLACE WITH
2.0.8 Code:
$simple_ary = $simple_auth_ary[intval($HTTP_POST_VARS['simpleauth'])];
for($i = 0; $i < count($simple_ary); $i++)
{
$sql .= ( ( $sql != '' ) ? ', ' : '' ) . $forum_auth_fields[$i] . ' = ' . $simple_ary[$i];
}
if (is_array($simple_ary))
{
$sql = "UPDATE " . FORUMS_TABLE . " SET $sql WHERE forum_id = $forum_id";
}
}
else
{
for($i = 0; $i < count($forum_auth_fields); $i++)
{
$value = intval($HTTP_POST_VARS[$forum_auth_fields[$i]]);
admin/admin_forums.php
FIND - Line 60
2.0.7 Code:
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
AFTER, ADD
2.0.8 Code:
$mode = htmlspecialchars($mode);
admin/admin_groups.php
FIND - Line 54
2.0.7 Code:
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
AFTER, ADD
2.0.8 Code:
$mode = htmlspecialchars($mode);
admin/admin_ranks.php
FIND - Line 43
2.0.7 Code:
$mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
AFTER, ADD
2.0.8 Code:
$mode = htmlspecialchars($mode);
admin/admin_smilies.php
FIND - Line 62
2.0.7 Code:
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
AFTER, ADD
2.0.8 Code:
$mode = htmlspecialchars($mode);
FIND - Line 319
2.0.7 Code:
$smiley_id = ( !empty($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id'];
AFTER, ADD
2.0.8 Code:
$smiley_id = intval($smiley_id);
FIND - Line 340
2.0.7 Code:
$smiley_id = ( !empty($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id'];
AFTER, ADD
2.0.8 Code:
$smiley_id = intval($smiley_id);
admin/admin_styles.php
FIND - Line 61
2.0.7 Code:
$mode = ( isset($HTTP_GET_VARS['mode']) ) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
AFTER, ADD
2.0.8 Code:
$mode = htmlspecialchars($mode);
FIND - Line 492
2.0.7 Code:
$style_id = $HTTP_GET_VARS['style_id'];
REPLACE WITH
2.0.8 Code:
$style_id = intval($HTTP_GET_VARS['style_id']);
FIND - Line 707
2.0.7 Code:
WHERE template_name = '$template_name'";
REPLACE WITH
2.0.8 Code:
WHERE template_name = '" . str_replace("\'", "''", $template_name) . "'";
admin/admin_ug_auth.php
FIND - Line 60
2.0.7 Code:
$user_id = intval($user_id);
$group_id = intval($group_id);
AFTER, ADD
2.0.8 Code:
$adv = intval($adv);
$mode = htmlspecialchars($mode);
admin/admin_user_ban.php
FIND - Line 280
2.0.7 Code:
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . $user_list[$i];
REPLACE WITH
2.0.8 Code:
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . intval($user_list[$i]);
FIND - Line 293
2.0.7 Code:
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . $ip_list[$i];
REPLACE WITH
2.0.8 Code:
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . str_replace("\'", "''", $ip_list[$i]);
FIND - Line 306
2.0.7 Code:
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . $email_list[$i];
REPLACE WITH
2.0.8 Code:
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . str_replace("\'", "''", $email_list[$i]);
admin/admin_users.php
FIND - Line 52
2.0.7 Code:
$mode = ( isset( $HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
AFTER, ADD
2.0.8 Code:
$mode = htmlspecialchars($mode);
FIND - Line 842
2.0.7 Code:
$category = $HTTP_POST_VARS['avatarcategory'];
REPLACE WITH
2.0.8 Code:
$category = htmlspecialchars($HTTP_POST_VARS['avatarcategory']);
admin/admin_words.php
FIND - Line 44
2.0.7 Code:
$mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
AFTER, ADD
2.0.8 Code:
$mode = htmlspecialchars($mode);
FIND - Line 67
2.0.7 Code:
$word_id = ( isset($HTTP_GET_VARS['id']) ) ? $HTTP_GET_VARS['id'] : 0;
REPLACE WITH
2.0.8 Code:
$word_id = ( isset($HTTP_GET_VARS['id']) ) ? intval($HTTP_GET_VARS['id']) : 0;
FIND - Line 117
2.0.7 Code:
$word_id = ( isset($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : 0;
REPLACE WITH
2.0.8 Code:
$word_id = ( isset($HTTP_POST_VARS['id']) ) ? intval($HTTP_POST_VARS['id']) : 0;
FIND - Line 154
2.0.7 Code:
if( isset($HTTP_POST_VARS['id']) || isset($HTTP_GET_VARS['id']) )
{
$word_id = ( isset($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id'];
AFTER, ADD
2.0.8 Code:
$word_id = intval($word_id);
admin/pagestart.php
FIND - Line 59
2.0.7 Code:
redirect($url);
REPLACE WITH
2.0.8 Code:
redirect("index.$phpEx?sid=" . $userdata['session_id']);
includes/bbcode.php
FIND - Line 284
2.0.7 Code:
$text = preg_replace("#\[img\]((ht|f)tp://)([^
\t<\"]*?)\[/img\]#sie", "'[img:$uid]\\\1' . str_replace(' ', '%20', '\\\3') . '[/img:$uid]'", $text);
REPLACE WITH
2.0.8 Code:
$text = preg_replace("#\[img\]((ht|f)tp://)([^ \?&=\"
\t<]*?(\.(jpg|jpeg|gif|png)))\[/img\]#sie", "'[img:$uid]\\\1' . str_replace(' ', '%20', '\\\3') . '[/img:$uid]'", $text);
includes/functions_search.php
FIND - Line 201
2.0.7 Code:
$value_sql .= ( ( $value_sql != '' ) ? ', ' : '' ) . '(\'' . $word[$i] . '\', 0)';
break;
case 'mssql':
AFTER, ADD
2.0.8 Code:
case 'mssql-odbc':
FIND - Line 226
2.0.7 Code:
VALUES $value_sql";
break;
case 'mssql':
AFTER, ADD
2.0.8 Code:
case 'mssql-odbc':
includes/usercp_register.php
FIND - Line 180
2.0.7 Code:
$user_avatar_local = ( isset($HTTP_POST_VARS['avatarselect']) && !empty($HTTP_POST_VARS['submitavatar']) && $board_config['allow_avatar_local'] ) ? $HTTP_POST_VARS['avatarselect'] : ( ( isset($HTTP_POST_VARS['avatarlocal']) ) ? htmlspecialchars($HTTP_POST_VARS['avatarlocal']) : '' );
REPLACE WITH
2.0.8 Code:
$user_avatar_local = ( isset($HTTP_POST_VARS['avatarselect']) && !empty($HTTP_POST_VARS['submitavatar']) && $board_config['allow_avatar_local'] ) ? htmlspecialchars($HTTP_POST_VARS['avatarselect']) : ( ( isset($HTTP_POST_VARS['avatarlocal']) ) ? htmlspecialchars($HTTP_POST_VARS['avatarlocal']) : '' );
login.php
FIND - Line 86
2.0.7 Code:
$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : "index.$phpEx";
REPLACE WITH
2.0.8 Code:
$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "index.$phpEx";
FIND - Line 96
2.0.7 Code:
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : '';
REPLACE WITH
2.0.8 Code:
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : '';
FIND - Line 111
2.0.7 Code:
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : "";
REPLACE WITH
2.0.8 Code:
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "";
FIND - Line 133
2.0.7 Code:
if (!empty($HTTP_POST_VARS['redirect']) || !empty($HTTP_GET_VARS['redirect']))
{
$url = (!empty($HTTP_POST_VARS['redirect'])) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : htmlspecialchars($HTTP_GET_VARS['redirect']);
AFTER, ADD
2.0.8 Code:
$url = str_replace('&', '&', $url);
FIND - Line 143
2.0.7 Code:
$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : "index.$phpEx";
REPLACE WITH
2.0.8 Code:
$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "index.$phpEx";
privmsg.php
FIND - Line 2079
2.0.7 Code:
if ( $row = $db->sql_fetchrow($result) )
{
AFTER, ADD
2.0.8 Code:
$i = 0;
FIND - Line 2114
2.0.7 Code:
$row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
$row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];
AFTER, ADD
2.0.8 Code:
$i++;
search.php
\n
FIND - Line 72
2.0.7 Code:
$search_id = ( isset($HTTP_GET_VARS['search_id']) ) ? $HTTP_GET_VARS['search_id'] : '';
$show_results = ( isset($HTTP_POST_VARS['show_results']) ) ? $HTTP_POST_VARS['show_results'] : 'posts';
AFTER, ADD
2.0.8 Code:
$show_results = ($show_results == 'topics') ? 'topics' : 'posts';
FIND - Line 148
2.0.7 Code:
else if ( $search_keywords != '' || $search_author != '' || $search_id )
{
$store_vars = array('search_results', 'total_match_count', 'split_search', 'sort_by', 'sort_dir', 'show_results', 'return_chars');
AFTER, ADD
2.0.8 Code:
$search_results = '';
phpBB 2.0.7 to phpBB 2.0.8 Code Changes
These are the Changes from phpBB 2.0.7 to phpBB 2.0.8 summed up into a little Mod. This might be very helpful if you want to update your Board and have installed a bunch of Mods. Then it's normally easier to apply the Code Changes than to install all Mods again.
When you find a 'AFTER, ADD'-Statement, the Code have to be added after the last line quoted in the 'FIND'-Statement.
When you find a 'BEFORE, ADD'-Statement, the Code have to be added before the first line quoted in the 'FIND'-Statement.
When you find a 'REPLACE WITH'-Statement, the Code quoted in the 'FIND'-Statement have to be replaced completely with the quoted Code in the 'REPLACE WITH'-Statement.
When you find a 'DELETE'-Statement, the Code have to be deleted.
After you have finished this tutorial, you have to upload the update_to_208.php file (found within every phpBB Package), execute it and then delete it from your webspace.
From phpBB 2.0.7 to 2.0.8 there were no database changes, except the version number increment.
Ok, lets start:
admin/admin_forumauth.php
FIND - Line 105
2.0.7 Code:
$simple_ary = $simple_auth_ary[$HTTP_POST_VARS['simpleauth']];
for($i = 0; $i < count($simple_ary); $i++)
{
$sql .= ( ( $sql != '' ) ? ', ' : '' ) . $forum_auth_fields[$i] . ' = ' . $simple_ary[$i];
}
$sql = "UPDATE " . FORUMS_TABLE . " SET $sql WHERE forum_id = $forum_id";
}
else
{
for($i = 0; $i < count($forum_auth_fields); $i++)
{
$value = $HTTP_POST_VARS[$forum_auth_fields[$i]];
REPLACE WITH
2.0.8 Code:
$simple_ary = $simple_auth_ary[intval($HTTP_POST_VARS['simpleauth'])];
for($i = 0; $i < count($simple_ary); $i++)
{
$sql .= ( ( $sql != '' ) ? ', ' : '' ) . $forum_auth_fields[$i] . ' = ' . $simple_ary[$i];
}
if (is_array($simple_ary))
{
$sql = "UPDATE " . FORUMS_TABLE . " SET $sql WHERE forum_id = $forum_id";
}
}
else
{
for($i = 0; $i < count($forum_auth_fields); $i++)
{
$value = intval($HTTP_POST_VARS[$forum_auth_fields[$i]]);
admin/admin_forums.php
FIND - Line 60
2.0.7 Code:
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
AFTER, ADD
2.0.8 Code:
$mode = htmlspecialchars($mode);
admin/admin_groups.php
FIND - Line 54
2.0.7 Code:
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
AFTER, ADD
2.0.8 Code:
$mode = htmlspecialchars($mode);
admin/admin_ranks.php
FIND - Line 43
2.0.7 Code:
$mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
AFTER, ADD
2.0.8 Code:
$mode = htmlspecialchars($mode);
admin/admin_smilies.php
FIND - Line 62
2.0.7 Code:
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
AFTER, ADD
2.0.8 Code:
$mode = htmlspecialchars($mode);
FIND - Line 319
2.0.7 Code:
$smiley_id = ( !empty($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id'];
AFTER, ADD
2.0.8 Code:
$smiley_id = intval($smiley_id);
FIND - Line 340
2.0.7 Code:
$smiley_id = ( !empty($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id'];
AFTER, ADD
2.0.8 Code:
$smiley_id = intval($smiley_id);
admin/admin_styles.php
FIND - Line 61
2.0.7 Code:
$mode = ( isset($HTTP_GET_VARS['mode']) ) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
AFTER, ADD
2.0.8 Code:
$mode = htmlspecialchars($mode);
FIND - Line 492
2.0.7 Code:
$style_id = $HTTP_GET_VARS['style_id'];
REPLACE WITH
2.0.8 Code:
$style_id = intval($HTTP_GET_VARS['style_id']);
FIND - Line 707
2.0.7 Code:
WHERE template_name = '$template_name'";
REPLACE WITH
2.0.8 Code:
WHERE template_name = '" . str_replace("\'", "''", $template_name) . "'";
admin/admin_ug_auth.php
FIND - Line 60
2.0.7 Code:
$user_id = intval($user_id);
$group_id = intval($group_id);
AFTER, ADD
2.0.8 Code:
$adv = intval($adv);
$mode = htmlspecialchars($mode);
admin/admin_user_ban.php
FIND - Line 280
2.0.7 Code:
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . $user_list[$i];
REPLACE WITH
2.0.8 Code:
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . intval($user_list[$i]);
FIND - Line 293
2.0.7 Code:
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . $ip_list[$i];
REPLACE WITH
2.0.8 Code:
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . str_replace("\'", "''", $ip_list[$i]);
FIND - Line 306
2.0.7 Code:
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . $email_list[$i];
REPLACE WITH
2.0.8 Code:
$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . str_replace("\'", "''", $email_list[$i]);
admin/admin_users.php
FIND - Line 52
2.0.7 Code:
$mode = ( isset( $HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
AFTER, ADD
2.0.8 Code:
$mode = htmlspecialchars($mode);
FIND - Line 842
2.0.7 Code:
$category = $HTTP_POST_VARS['avatarcategory'];
REPLACE WITH
2.0.8 Code:
$category = htmlspecialchars($HTTP_POST_VARS['avatarcategory']);
admin/admin_words.php
FIND - Line 44
2.0.7 Code:
$mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
AFTER, ADD
2.0.8 Code:
$mode = htmlspecialchars($mode);
FIND - Line 67
2.0.7 Code:
$word_id = ( isset($HTTP_GET_VARS['id']) ) ? $HTTP_GET_VARS['id'] : 0;
REPLACE WITH
2.0.8 Code:
$word_id = ( isset($HTTP_GET_VARS['id']) ) ? intval($HTTP_GET_VARS['id']) : 0;
FIND - Line 117
2.0.7 Code:
$word_id = ( isset($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : 0;
REPLACE WITH
2.0.8 Code:
$word_id = ( isset($HTTP_POST_VARS['id']) ) ? intval($HTTP_POST_VARS['id']) : 0;
FIND - Line 154
2.0.7 Code:
if( isset($HTTP_POST_VARS['id']) || isset($HTTP_GET_VARS['id']) )
{
$word_id = ( isset($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id'];
AFTER, ADD
2.0.8 Code:
$word_id = intval($word_id);
admin/pagestart.php
FIND - Line 59
2.0.7 Code:
redirect($url);
REPLACE WITH
2.0.8 Code:
redirect("index.$phpEx?sid=" . $userdata['session_id']);
includes/bbcode.php
FIND - Line 284
2.0.7 Code:
$text = preg_replace("#\[img\]((ht|f)tp://)([^
\t<\"]*?)\[/img\]#sie", "'[img:$uid]\\\1' . str_replace(' ', '%20', '\\\3') . '[/img:$uid]'", $text);
REPLACE WITH
2.0.8 Code:
$text = preg_replace("#\[img\]((ht|f)tp://)([^ \?&=\"
\t<]*?(\.(jpg|jpeg|gif|png)))\[/img\]#sie", "'[img:$uid]\\\1' . str_replace(' ', '%20', '\\\3') . '[/img:$uid]'", $text);
includes/functions_search.php
FIND - Line 201
2.0.7 Code:
$value_sql .= ( ( $value_sql != '' ) ? ', ' : '' ) . '(\'' . $word[$i] . '\', 0)';
break;
case 'mssql':
AFTER, ADD
2.0.8 Code:
case 'mssql-odbc':
FIND - Line 226
2.0.7 Code:
VALUES $value_sql";
break;
case 'mssql':
AFTER, ADD
2.0.8 Code:
case 'mssql-odbc':
includes/usercp_register.php
FIND - Line 180
2.0.7 Code:
$user_avatar_local = ( isset($HTTP_POST_VARS['avatarselect']) && !empty($HTTP_POST_VARS['submitavatar']) && $board_config['allow_avatar_local'] ) ? $HTTP_POST_VARS['avatarselect'] : ( ( isset($HTTP_POST_VARS['avatarlocal']) ) ? htmlspecialchars($HTTP_POST_VARS['avatarlocal']) : '' );
REPLACE WITH
2.0.8 Code:
$user_avatar_local = ( isset($HTTP_POST_VARS['avatarselect']) && !empty($HTTP_POST_VARS['submitavatar']) && $board_config['allow_avatar_local'] ) ? htmlspecialchars($HTTP_POST_VARS['avatarselect']) : ( ( isset($HTTP_POST_VARS['avatarlocal']) ) ? htmlspecialchars($HTTP_POST_VARS['avatarlocal']) : '' );
login.php
FIND - Line 86
2.0.7 Code:
$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : "index.$phpEx";
REPLACE WITH
2.0.8 Code:
$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "index.$phpEx";
FIND - Line 96
2.0.7 Code:
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : '';
REPLACE WITH
2.0.8 Code:
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : '';
FIND - Line 111
2.0.7 Code:
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : "";
REPLACE WITH
2.0.8 Code:
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "";
FIND - Line 133
2.0.7 Code:
if (!empty($HTTP_POST_VARS['redirect']) || !empty($HTTP_GET_VARS['redirect']))
{
$url = (!empty($HTTP_POST_VARS['redirect'])) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : htmlspecialchars($HTTP_GET_VARS['redirect']);
AFTER, ADD
2.0.8 Code:
$url = str_replace('&', '&', $url);
FIND - Line 143
2.0.7 Code:
$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : "index.$phpEx";
REPLACE WITH
2.0.8 Code:
$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "index.$phpEx";
privmsg.php
FIND - Line 2079
2.0.7 Code:
if ( $row = $db->sql_fetchrow($result) )
{
AFTER, ADD
2.0.8 Code:
$i = 0;
FIND - Line 2114
2.0.7 Code:
$row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
$row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];
AFTER, ADD
2.0.8 Code:
$i++;
search.php
\n
FIND - Line 72
2.0.7 Code:
$search_id = ( isset($HTTP_GET_VARS['search_id']) ) ? $HTTP_GET_VARS['search_id'] : '';
$show_results = ( isset($HTTP_POST_VARS['show_results']) ) ? $HTTP_POST_VARS['show_results'] : 'posts';
AFTER, ADD
2.0.8 Code:
$show_results = ($show_results == 'topics') ? 'topics' : 'posts';
FIND - Line 148
2.0.7 Code:
else if ( $search_keywords != '' || $search_author != '' || $search_id )
{
$store_vars = array('search_results', 'total_match_count', 'split_search', 'sort_by', 'sort_dir', 'show_results', 'return_chars');
AFTER, ADD
2.0.8 Code:
$search_results = '';
只初步的看看, 可能還有別的地方要改,
下面的只會改發表文章之後的 IP, 可能還有其它地方要改 IP (pm...)
在 includes\functions_post.php 裡面找下面這行:
改為\r
即可.
然後用 IE (或其它)開啟這個網頁即可更改全部紀錄的 IP.
(例: 開啟http://www.aha.com/phpbb/cleanIP.php)
下面的只會改發表文章之後的 IP, 可能還有其它地方要改 IP (pm...)
在 includes\functions_post.php 裡面找下面這行:
代碼: 選擇全部
$sql = ($mode != "editpost") ? "INSERT INTO " . POSTS_TABLE . " (topic_id, forum_id, poster_id, post_username, post_time, poster_ip, enable_bbcode, enable_html, enable_smilies, enable_sig) VALUES ($topic_id, $forum_id, " . $userdata['user_id'] . ", '$post_username', $current_time, '[color=red][b]$user_ip[/b][/color]', $bbcode_on, $html_on, $smilies_on, $attach_sig)" : "UPDATE " . POSTS_TABLE . " SET post_username = '$post_username', enable_bbcode = $bbcode_on, enable_html = $html_on, enable_smilies = $smilies_on, enable_sig = $attach_sig" . $edited_sql . " WHERE post_id = $post_id";
代碼: 選擇全部
$sql = ($mode != "editpost") ? "INSERT INTO " . POSTS_TABLE . " (topic_id, forum_id, poster_id, post_username, post_time, poster_ip, enable_bbcode, enable_html, enable_smilies, enable_sig) VALUES ($topic_id, $forum_id, " . $userdata['user_id'] . ", '$post_username', $current_time, '[color=red][b]0[/b][/color]', $bbcode_on, $html_on, $smilies_on, $attach_sig)" : "UPDATE " . POSTS_TABLE . " SET post_username = '$post_username', enable_bbcode = $bbcode_on, enable_html = $html_on, enable_smilies = $smilies_on, enable_sig = $attach_sig" . $edited_sql . " WHERE post_id = $post_id";
把下面的程式存成一個 php 檔(例: cleanIP.php), 放在你的 phpbb 論壇目錄底下(例: http://www.aha.com/phpbb/),china2000 寫:外掛或是用SQL的語法來改動舊有ip記錄為0.0.0.0?
然後用 IE (或其它)開啟這個網頁即可更改全部紀錄的 IP.
(例: 開啟http://www.aha.com/phpbb/cleanIP.php)
代碼: 選擇全部
<?php
define('IN_PHPBB', true);
$phpbb_root_path = './';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);
$sql = "update " . POSTS_TABLE . " set poster_ip = '0'";
if (!($result = $db->sql_query($sql))) echo "failed";
else echo "OK";
?>

