PunBB 1.2.4 to 1.2.14 changes

PunBB 1.2.4 to 1.2.14 changes	Legend
	Lines removed
	Lines changed
		Lines added

punbb-1.2.4/upload/admin_bans.php	punbb-1.2.14/upload/admin_bans.php
44: if (isset($_GET['add_ban']))	44: if (isset($_GET['add_ban']))
45: {	45: {
46: $add_ban = intval($_GET['add_ban']);	46: $add_ban = intval($_GET['add_ban']);
47: if ($add_ban < 1)	47: if ($add_ban < 2)
48: message($lang_common['Bad request']);	48: message($lang_common['Bad request']);
49:	49:
50: $user_id = $add_ban;	50: $user_id = $add_ban;
61:	61:
62: if ($ban_user != '')	62: if ($ban_user != '')
63: {	63: {
64: $result = $db->query('SELECT id, group_id, username, email FROM '.$db->prefix.'users WHERE username=\''.$db->escape($ban_user).'\'') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());	64: $result = $db->query('SELECT id, group_id, username, email FROM '.$db->prefix.'users WHERE username=\''.$db->escape($ban_user).'\' AND id>1') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
65: if ($db->num_rows($result))	65: if ($db->num_rows($result))
66: list($user_id, $group_id, $ban_user, $ban_email) = $db->fetch_row($result);	66: list($user_id, $group_id, $ban_user, $ban_email) = $db->fetch_row($result);
67: else	67: else
192:	192:
193: if ($ban_user == '' && $ban_ip == '' && $ban_email == '')	193: if ($ban_user == '' && $ban_ip == '' && $ban_email == '')
194: message('You must enter either a username, an IP address or an e-mail address (at least).');	194: message('You must enter either a username, an IP address or an e-mail address (at least).');
	195: else if (strtolower($ban_user) == 'guest')
	196: message('The guest user cannot be banned.');
195:	197:
196: // Validate IP/IP range (it's overkill, I know)	198: // Validate IP/IP range (it's overkill, I know)
197: if ($ban_ip != '')	199: if ($ban_ip != '')
244: if ($_POST['mode'] == 'add')	246: if ($_POST['mode'] == 'add')
245: $db->query('INSERT INTO '.$db->prefix.'bans (username, ip, email, message, expire) VALUES('.$ban_user.', '.$ban_ip.', '.$ban_email.', '.$ban_message.', '.$ban_expire.')') or error('Unable to add ban', __FILE__, __LINE__, $db->error());	247: $db->query('INSERT INTO '.$db->prefix.'bans (username, ip, email, message, expire) VALUES('.$ban_user.', '.$ban_ip.', '.$ban_email.', '.$ban_message.', '.$ban_expire.')') or error('Unable to add ban', __FILE__, __LINE__, $db->error());
246: else	248: else
247: $db->query('UPDATE '.$db->prefix.'bans SET username='.$ban_user.', ip='.$ban_ip.', email='.$ban_email.', message='.$ban_message.', expire='.$ban_expire.' WHERE id='.$_POST['ban_id']) or error('Unable to update ban', __FILE__, __LINE__, $db->error());	249: $db->query('UPDATE '.$db->prefix.'bans SET username='.$ban_user.', ip='.$ban_ip.', email='.$ban_email.', message='.$ban_message.', expire='.$ban_expire.' WHERE id='.intval($_POST['ban_id'])) or error('Unable to update ban', __FILE__, __LINE__, $db->error());
248:	250:
249: // Regenerate the bans cache	251: // Regenerate the bans cache
250: require_once PUN_ROOT.'include/cache.php';	252: require_once PUN_ROOT.'include/cache.php';

punbb-1.2.4/upload/admin_categories.php	punbb-1.2.14/upload/admin_categories.php
123: </div>	123: </div>
124: </fieldset>	124: </fieldset>
125: </div>	125: </div>
126: <p><input type="submit" name="del_cat_comply" value="Delete" />   <a href="javascript:history.go(-1)" />Go back</a></p>	126: <p><input type="submit" name="del_cat_comply" value="Delete" /><a href="javascript:history.go(-1)">Go back</a></p>
127: </form>	127: </form>
128: </div>	128: </div>
129: </div>	129: </div>

punbb-1.2.4/upload/admin_censoring.php	punbb-1.2.14/upload/admin_censoring.php
57: {	57: {
58: confirm_referrer('admin_censoring.php');	58: confirm_referrer('admin_censoring.php');
59:	59:
60: $id = key($_POST['update']);	60: $id = intval(key($_POST['update']));
61:	61:
62: $search_for = trim($_POST['search_for'][$id]);	62: $search_for = trim($_POST['search_for'][$id]);
63: $replace_with = trim($_POST['replace_with'][$id]);	63: $replace_with = trim($_POST['replace_with'][$id]);

punbb-1.2.4/upload/admin_index.php	punbb-1.2.14/upload/admin_index.php
86: $load_averages = @explode(' ', $load_averages);	86: $load_averages = @explode(' ', $load_averages);
87: $server_load = isset($load_averages[2]) ? $load_averages[0].' '.$load_averages[1].' '.$load_averages[2] : 'Not available';	87: $server_load = isset($load_averages[2]) ? $load_averages[0].' '.$load_averages[1].' '.$load_averages[2] : 'Not available';
88: }	88: }
89: else if (preg_match('/averages?: ([0-9\.]+),[\s]+([0-9\.]+),[\s]+([0-9\.]+)/i', @exec('uptime'), $load_averages))	89: else if (!in_array(PHP_OS, array('WINNT', 'WIN32')) && preg_match('/averages?: ([0-9\.]+),[\s]+([0-9\.]+),[\s]+([0-9\.]+)/i', @exec('uptime'), $load_averages))
90: $server_load = $load_averages[1].' '.$load_averages[2].' '.$load_averages[3];	90: $server_load = $load_averages[1].' '.$load_averages[2].' '.$load_averages[3];
91: else	91: else
92: $server_load = 'Not available';	92: $server_load = 'Not available';
93:	93:
94:	94:
95: // Get number of current visitors	95: // Get number of current visitors
96: $result = $db->query('SELECT COUNT(user_id) FROM '.$db->prefix.'online') or error('Unable to fetch online count', __FILE__, __LINE__, $db->error());	96: $result = $db->query('SELECT COUNT(user_id) FROM '.$db->prefix.'online WHERE idle=0') or error('Unable to fetch online count', __FILE__, __LINE__, $db->error());
97: $num_online = $db->result($result);	97: $num_online = $db->result($result);
98:	98:
99:	99:

punbb-1.2.4/upload/admin_options.php	punbb-1.2.14/upload/admin_options.php
46: if ($form['board_title'] == '')	46: if ($form['board_title'] == '')
47: message('You must enter a board title.');	47: message('You must enter a board title.');
48:	48:
	49: // Clean default_lang
	50: $form['default_lang'] = preg_replace('#[\.\\\/]#', '', $form['default_lang']);
	51:
49: require PUN_ROOT.'include/email.php';	52: require PUN_ROOT.'include/email.php';
50:	53:
51: $form['admin_email'] = strtolower($form['admin_email']);	54: $form['admin_email'] = strtolower($form['admin_email']);
63: if (substr($form['base_url'], -1) == '/')	66: if (substr($form['base_url'], -1) == '/')
64: $form['base_url'] = substr($form['base_url'], 0, -1);	67: $form['base_url'] = substr($form['base_url'], 0, -1);
65:	68:
	69: // Clean avatars_dir
	70: $form['avatars_dir'] = str_replace("\0", '', $form['avatars_dir']);
	71:
66: // Make sure avatars_dir doesn't end with a slash	72: // Make sure avatars_dir doesn't end with a slash
67: if (substr($form['avatars_dir'], -1) == '/')	73: if (substr($form['avatars_dir'], -1) == '/')
68: $form['avatars_dir'] = substr($form['avatars_dir'], 0, -1);	74: $form['avatars_dir'] = substr($form['avatars_dir'], 0, -1);
117: while (list($key, $input) = @each($form))	123: while (list($key, $input) = @each($form))
118: {	124: {
119: // Only update values that have changed	125: // Only update values that have changed
120: if ($pun_config['o_'.$key] != $input)	126: if (array_key_exists('o_'.$key, $pun_config) && $pun_config['o_'.$key] != $input)
121: {	127: {
122: if ($input != '' \|\| is_int($input))	128: if ($input != '' \|\| is_int($input))
123: $value = '\''.$db->escape($input).'\'';	129: $value = '\''.$db->escape($input).'\'';
124: else	130: else
125: $value = 'NULL';	131: $value = 'NULL';
126:	132:
127: $db->query('UPDATE '.$db->prefix.'config SET conf_value='.$value.' WHERE conf_name=\'o_'.$key.'\'') or error('Unable to update board config', __FILE__, __LINE__, $db->error());	133: $db->query('UPDATE '.$db->prefix.'config SET conf_value='.$value.' WHERE conf_name=\'o_'.$db->escape($key).'\'') or error('Unable to update board config', __FILE__, __LINE__, $db->error());
128: }	134: }
129: }	135: }
130:	136:
229: $d = dir(PUN_ROOT.'lang');	235: $d = dir(PUN_ROOT.'lang');
230: while (($entry = $d->read()) !== false)	236: while (($entry = $d->read()) !== false)
231: {	237: {
232: if ($entry != '.' && $entry != '..' && is_dir(PUN_ROOT.'lang/'.$entry))	238: if ($entry != '.' && $entry != '..' && is_dir(PUN_ROOT.'lang/'.$entry) && file_exists(PUN_ROOT.'lang/'.$entry.'/common.php'))
233: $languages[] = $entry;	239: $languages[] = $entry;
234: }	240: }
235: $d->close();	241: $d->close();
236:	242:
	243: @natsort($languages);
	244:
237: while (list(, $temp) = @each($languages))	245: while (list(, $temp) = @each($languages))
238: {	246: {
239: if ($pun_config['o_default_lang'] == $temp)	247: if ($pun_config['o_default_lang'] == $temp)
261: $styles[] = substr($entry, 0, strlen($entry)-4);	269: $styles[] = substr($entry, 0, strlen($entry)-4);
262: }	270: }
263: $d->close();	271: $d->close();
	272:
	273: @natsort($styles);
264:	274:
265: while (list(, $temp) = @each($styles))	275: while (list(, $temp) = @each($styles))
266: {	276: {

punbb-1.2.4/upload/admin_permissions.php	punbb-1.2.14/upload/admin_permissions.php
39: {	39: {
40: confirm_referrer('admin_permissions.php');	40: confirm_referrer('admin_permissions.php');
41:	41:
42: $form = array_map('trim', $_POST['form']);	42: $form = array_map('intval', $_POST['form']);
43:
44: $form['sig_length'] = intval($form['sig_length']);
45: $form['sig_lines'] = intval($form['sig_lines']);
46:	43:
47: while (list($key, $input) = @each($form))	44: while (list($key, $input) = @each($form))
48: {	45: {
49: // Only update values that have changed	46: // Only update values that have changed
50: if ($pun_config['p_'.$key] != $input)	47: if (array_key_exists('p_'.$key, $pun_config) && $pun_config['p_'.$key] != $input)
51: {	48: $db->query('UPDATE '.$db->prefix.'config SET conf_value='.$input.' WHERE conf_name=\'p_'.$db->escape($key).'\'') or error('Unable to update board config', __FILE__, __LINE__, $db->error());
52: if ($input != '' \|\| is_int($input))
53: $value = '\''.$db->escape($input).'\'';
54: else
55: $value = 'NULL';
56:
57: $db->query('UPDATE '.$db->prefix.'config SET conf_value='.$value.' WHERE conf_name=\'p_'.$key.'\'') or error('Unable to update board config', __FILE__, __LINE__, $db->error());
58: }
59: }	49: }
60:	50:
61: // Regenerate the config cache	51: // Regenerate the config cache

punbb-1.2.4/upload/admin_prune.php	punbb-1.2.14/upload/admin_prune.php
62: }	62: }
63: else	63: else
64: {	64: {
	65: $prune_from = intval($prune_from);
65: prune($prune_from, $_POST['prune_sticky'], $prune_date);	66: prune($prune_from, $_POST['prune_sticky'], $prune_date);
66: update_forum($prune_from);	67: update_forum($prune_from);
67: }	68: }
97:	98:
98: if ($prune_from != 'all')	99: if ($prune_from != 'all')
99: {	100: {
	101: $prune_from = intval($prune_from);
100: $sql .= ' AND forum_id='.$prune_from;	102: $sql .= ' AND forum_id='.$prune_from;
101:	103:
102: // Fetch the forum name (just for cosmetic reasons)	104: // Fetch the forum name (just for cosmetic reasons)
135: </div>	137: </div>
136: </fieldset>	138: </fieldset>
137: </div>	139: </div>
138: <p><input type="submit" name="prune_comply" value="Prune" />   <a href="javascript:history.go(-1)" />Go back</a></p>	140: <p><input type="submit" name="prune_comply" value="Prune" /><a href="javascript:history.go(-1)">Go back</a></p>
139: </form>	141: </form>
140: </div>	142: </div>
141: </div>	143: </div>

punbb-1.2.4/upload/admin_users.php	punbb-1.2.14/upload/admin_users.php
49: ?>	49: ?>
50: <div class="linkst">	50: <div class="linkst">
51: <div class="inbox">	51: <div class="inbox">
52: <div><a href="javascript:history.go(-1)" />Go back</a></div>	52: <div><a href="javascript:history.go(-1)">Go back</a></div>
53: </div>	53: </div>
54: </div>	54: </div>
55:	55:
98:	98:
99: <div class="linksb">	99: <div class="linksb">
100: <div class="inbox">	100: <div class="inbox">
101: <div><a href="javascript:history.go(-1)" />Go back</a></div>	101: <div><a href="javascript:history.go(-1)">Go back</a></div>
102: </div>	102: </div>
103: </div>	103: </div>
104: <?php	104: <?php
121: ?>	121: ?>
122: <div class="linkst">	122: <div class="linkst">
123: <div class="inbox">	123: <div class="inbox">
124: <div><a href="javascript:history.go(-1)" />Go back</a></div>	124: <div><a href="javascript:history.go(-1)">Go back</a></div>
125: </div>	125: </div>
126: </div>	126: </div>
127:	127:
202:	202:
203: <div class="linksb">	203: <div class="linksb">
204: <div class="inbox">	204: <div class="inbox">
205: <div><a href="javascript:history.go(-1)" />Go back</a></div>	205: <div><a href="javascript:history.go(-1)">Go back</a></div>
206: </div>	206: </div>
207: </div>	207: </div>
208: <?php	208: <?php
217:	217:
218: // trim() all elements in $form	218: // trim() all elements in $form
219: $form = array_map('trim', $form);	219: $form = array_map('trim', $form);
	220: $conditions = array();
220:	221:
221: $posts_greater = trim($_POST['posts_greater']);	222: $posts_greater = trim($_POST['posts_greater']);
222: $posts_less = trim($_POST['posts_less']);	223: $posts_less = trim($_POST['posts_less']);
256: $like_command = ($db_type == 'pgsql') ? 'ILIKE' : 'LIKE';	257: $like_command = ($db_type == 'pgsql') ? 'ILIKE' : 'LIKE';
257: while (list($key, $input) = @each($form))	258: while (list($key, $input) = @each($form))
258: {	259: {
259: if ($input != '')	260: if ($input != '' && in_array($key, array('username', 'email', 'title', 'realname', 'url', 'jabber', 'icq', 'msn', 'aim', 'yahoo', 'location', 'signature', 'admin_note')))
260: $conditions[] = 'u.'.$key.' '.$like_command.' \''.str_replace('*', '%', $input).'\'';	261: $conditions[] = 'u.'.$db->escape($key).' '.$like_command.' \''.$db->escape(str_replace('*', '%', $input)).'\'';
261: }	262: }
262:	263:
263: if ($posts_greater != '')	264: if ($posts_greater != '')
266: $conditions[] = 'u.num_posts<'.$posts_less;	267: $conditions[] = 'u.num_posts<'.$posts_less;
267:	268:
268: if ($user_group != 'all')	269: if ($user_group != 'all')
269: $conditions[] = 'u.group_id='.$db->escape($user_group);	270: $conditions[] = 'u.group_id='.intval($user_group);
270:	271:
271: if (!isset($conditions))	272: if (empty($conditions))
272: message('You didn\'t enter any search terms.');	273: message('You didn\'t enter any search terms.');
273:	274:
274:	275:
278: ?>	279: ?>
279: <div class="linkst">	280: <div class="linkst">
280: <div class="inbox">	281: <div class="inbox">
281: <div><a href="javascript:history.go(-1)" />Go back</a></div>	282: <div><a href="javascript:history.go(-1)">Go back</a></div>
282: </div>	283: </div>
283: </div>	284: </div>
284:	285:
338:	339:
339: <div class="linksb">	340: <div class="linksb">
340: <div class="inbox">	341: <div class="inbox">
341: <div><a href="javascript:history.go(-1)" />Go back</a></div>	342: <div><a href="javascript:history.go(-1)">Go back</a></div>
342: </div>	343: </div>
343: </div>	344: </div>
344: <?php	345: <?php

punbb-1.2.4/upload/edit.php	punbb-1.2.14/upload/edit.php
175: else if (isset($_POST['preview']))	175: else if (isset($_POST['preview']))
176: {	176: {
177: require_once PUN_ROOT.'include/parser.php';	177: require_once PUN_ROOT.'include/parser.php';
178: $message = parse_message(trim($_POST['req_message']), $hide_smilies);	178: $preview_message = parse_message($message, $hide_smilies);
179:	179:
180: ?>	180: ?>
181: <div id="postpreview" class="blockpost">	181: <div id="postpreview" class="blockpost">
184: <div class="inbox">	184: <div class="inbox">
185: <div class="postright">	185: <div class="postright">
186: <div class="postmsg">	186: <div class="postmsg">
187: <?php echo $message."\n" ?>	187: <?php echo $preview_message."\n" ?>
188: </div>	188: </div>
189: </div>	189: </div>
190: </div>	190: </div>
208: <?php if ($can_edit_subject): ?> <label><?php echo $lang_common['Subject'] ?><br />	208: <?php if ($can_edit_subject): ?> <label><?php echo $lang_common['Subject'] ?><br />
209: <input class="longinput" type="text" name="req_subject" size="80" maxlength="70" tabindex="<?php echo $cur_index++ ?>" value="<?php echo pun_htmlspecialchars(isset($_POST['req_subject']) ? $_POST['req_subject'] : $cur_post['subject']) ?>" /><br /></label>	209: <input class="longinput" type="text" name="req_subject" size="80" maxlength="70" tabindex="<?php echo $cur_index++ ?>" value="<?php echo pun_htmlspecialchars(isset($_POST['req_subject']) ? $_POST['req_subject'] : $cur_post['subject']) ?>" /><br /></label>
210: <?php endif; ?> <label><?php echo $lang_common['Message'] ?><br />	210: <?php endif; ?> <label><?php echo $lang_common['Message'] ?><br />
211: <textarea name="req_message" rows="20" cols="95" tabindex="<?php echo $cur_index++ ?>"><?php echo pun_htmlspecialchars(isset($_POST['req_message']) ? $_POST['req_message'] : $cur_post['message']) ?></textarea><br /></label>	211: <textarea name="req_message" rows="20" cols="95" tabindex="<?php echo $cur_index++ ?>"><?php echo pun_htmlspecialchars(isset($_POST['req_message']) ? $message : $cur_post['message']) ?></textarea><br /></label>
212: <ul class="bblinks">	212: <ul class="bblinks">
213: <li><a href="help.php#bbcode" onclick="window.open(this.href); return false;"><?php echo $lang_common['BBCode'] ?></a>: <?php echo ($pun_config['p_message_bbcode'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></li>	213: <li><a href="help.php#bbcode" onclick="window.open(this.href); return false;"><?php echo $lang_common['BBCode'] ?></a>: <?php echo ($pun_config['p_message_bbcode'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></li>
214: <li><a href="help.php#img" onclick="window.open(this.href); return false;"><?php echo $lang_common['img tag'] ?></a>: <?php echo ($pun_config['p_message_img_tag'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></li>	214: <li><a href="help.php#img" onclick="window.open(this.href); return false;"><?php echo $lang_common['img tag'] ?></a>: <?php echo ($pun_config['p_message_img_tag'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></li>

punbb-1.2.4/upload/extern.php	punbb-1.2.14/upload/extern.php
116: exit('The file \'config.php\' doesn\'t exist or is corrupt. Please run install.php to install PunBB first.');	116: exit('The file \'config.php\' doesn\'t exist or is corrupt. Please run install.php to install PunBB first.');
117:	117:
118:	118:
119: // Disable error reporting for uninitialized variables	119: // Make sure PHP reports all errors except E_NOTICE
120: error_reporting(E_ALL);	120: error_reporting(E_ALL ^ E_NOTICE);
121:	121:
122: // Turn off magic_quotes_runtime	122: // Turn off magic_quotes_runtime
123: set_magic_quotes_runtime(0);	123: set_magic_quotes_runtime(0);
129: // Load DB abstraction layer and try to connect	129: // Load DB abstraction layer and try to connect
130: require PUN_ROOT.'include/dblayer/common_db.php';	130: require PUN_ROOT.'include/dblayer/common_db.php';
131:	131:
132: // Get the forum config	132: // Load cached config
133: $result = $db->query('SELECT * FROM '.$db->prefix.'config') or error('Unable to fetch forum config', __FILE__, __LINE__, $db->error());	133: @include PUN_ROOT.'cache/cache_config.php';
134: while ($cur_config_item = $db->fetch_row($result))	134: if (!defined('PUN_CONFIG_LOADED'))
135: $pun_config[$cur_config_item[0]] = $cur_config_item[1];	135: {
	136: require PUN_ROOT.'include/cache.php';
	137: generate_config_cache();
	138: require PUN_ROOT.'cache/cache_config.php';
	139: }
136:	140:
137: // Make sure we (guests) have permission to read the forums	141: // Make sure we (guests) have permission to read the forums
138: $result = $db->query('SELECT g_read_board FROM '.$db->prefix.'groups WHERE g_id=3') or error('Unable to fetch group info', __FILE__, __LINE__, $db->error());	142: $result = $db->query('SELECT g_read_board FROM '.$db->prefix.'groups WHERE g_id=3') or error('Unable to fetch group info', __FILE__, __LINE__, $db->error());

punbb-1.2.4/upload/footer.php	punbb-1.2.14/upload/footer.php
140:	140:
141:	141:
142: // START SUBST - <pun_include "*">	142: // START SUBST - <pun_include "*">
143: while (preg_match('/<pun_include "(.*?)">/', $tpl_main, $cur_include))	143: while (preg_match('#<pun_include "([^/\\\\]*?)">#', $tpl_main, $cur_include))
144: {	144: {
	145: if (!file_exists(PUN_ROOT.'include/user/'.$cur_include[1]))
	146: error('Unable to process user include <pun_include "'.htmlspecialchars($cur_include[1]).'"> from template main.tpl. There is no such file in folder /include/user/');
	147:
145: ob_start();	148: ob_start();
146: include PUN_ROOT.$cur_include[1];	149: include PUN_ROOT.'include/user/'.$cur_include[1];
147: $tpl_temp = ob_get_contents();	150: $tpl_temp = ob_get_contents();
148: $tpl_main = str_replace($cur_include[0], $tpl_temp, $tpl_main);	151: $tpl_main = str_replace($cur_include[0], $tpl_temp, $tpl_main);
149: ob_end_clean();	152: ob_end_clean();

punbb-1.2.4/upload/header.php	punbb-1.2.14/upload/header.php
68: if (defined('PUN_ADMIN_CONSOLE'))	68: if (defined('PUN_ADMIN_CONSOLE'))
69: echo '<link rel="stylesheet" type="text/css" href="style/imports/base_admin.css" />'."\n";	69: echo '<link rel="stylesheet" type="text/css" href="style/imports/base_admin.css" />'."\n";
70:	70:
71: if (isset($destination_url))	71: if (isset($required_fields))
72: echo '<meta http-equiv="refresh" content="'.$delay.';URL='.$destination.'" />'."\n";
73:
74: else if (isset($required_fields))
75: {	72: {
76: // Output JavaScript to validate form (make sure required fields are filled out)	73: // Output JavaScript to validate form (make sure required fields are filled out)
77:	74:
134:	131:
135:	132:
136: // START SUBST - <pun_page>	133: // START SUBST - <pun_page>
137: $tpl_main = str_replace('<pun_page>', basename($_SERVER['PHP_SELF'], '.php'), $tpl_main);	134: $tpl_main = str_replace('<pun_page>', htmlspecialchars(basename($_SERVER['PHP_SELF'], '.php')), $tpl_main);
138: // END SUBST - <pun_title>	135: // END SUBST - <pun_title>
139:	136:
140:	137:

punbb-1.2.4/upload/include/cache.php	punbb-1.2.14/upload/include/cache.php
129: global $db;	129: global $db;
130:	130:
131: // Get the rank list from the DB	131: // Get the rank list from the DB
132: $result = $db->query('SELECT * FROM '.$db->prefix.'ranks', true) or error('Unable to fetch rank list', __FILE__, __LINE__, $db->error());	132: $result = $db->query('SELECT * FROM '.$db->prefix.'ranks ORDER BY min_posts', true) or error('Unable to fetch rank list', __FILE__, __LINE__, $db->error());
133:	133:
134: $output = array();	134: $output = array();
135: while ($cur_rank = $db->fetch_assoc($result))	135: while ($cur_rank = $db->fetch_assoc($result))
174: if (!$fh)	174: if (!$fh)
175: error('Unable to write quickjump cache file to cache directory. Please make sure PHP has write access to the directory \'cache\'', __FILE__, __LINE__);	175: error('Unable to write quickjump cache file to cache directory. Please make sure PHP has write access to the directory \'cache\'', __FILE__, __LINE__);
176:	176:
177: $output = '<?php'."\n\n".'define(\'PUN_QJ_LOADED\', 1);'."\n\n".'?>';	177: $output = '<?php'."\n\n".'if (!defined(\'PUN\')) exit;'."\n".'define(\'PUN_QJ_LOADED\', 1);'."\n\n".'?>';
178: $output .= "\t\t\t\t".'<form id="qjump" method="get" action="viewforum.php">'."\n\t\t\t\t\t".'<div><label><?php echo $lang_common[\'Jump to\'] ?>'."\n\n\t\t\t\t\t".'<br /><select name="id" onchange="window.location=(\'viewforum.php?id=\'+this.options[this.selectedIndex].value)">'."\n";	178: $output .= "\t\t\t\t".'<form id="qjump" method="get" action="viewforum.php">'."\n\t\t\t\t\t".'<div><label><?php echo $lang_common[\'Jump to\'] ?>'."\n\n\t\t\t\t\t".'<br /><select name="id" onchange="window.location=(\'viewforum.php?id=\'+this.options[this.selectedIndex].value)">'."\n";
179:	179:
180:	180:

punbb-1.2.4/upload/include/common.php	punbb-1.2.14/upload/include/common.php
32: if (!defined('PUN_ROOT'))	32: if (!defined('PUN_ROOT'))
33: exit('The constant PUN_ROOT must be defined and point to a valid PunBB installation root directory.');	33: exit('The constant PUN_ROOT must be defined and point to a valid PunBB installation root directory.');
34:	34:
	35:
	36: // Load the functions script
	37: require PUN_ROOT.'include/functions.php';
	38:
	39: // Reverse the effect of register_globals
	40: if (@ini_get('register_globals'))
	41: unregister_globals();
	42:
	43:
35: @include PUN_ROOT.'config.php';	44: @include PUN_ROOT.'config.php';
36:	45:
37: // If PUN isn't defined, config.php is missing or corrupt	46: // If PUN isn't defined, config.php is missing or corrupt
43: list($usec, $sec) = explode(' ', microtime());	52: list($usec, $sec) = explode(' ', microtime());
44: $pun_start = ((float)$usec + (float)$sec);	53: $pun_start = ((float)$usec + (float)$sec);
45:	54:
46: // Enable full error, warning and notice reporting	55: // Make sure PHP reports all errors except E_NOTICE. PunBB supports E_ALL, but a lot of scripts it may interact with, do not.
47: error_reporting(E_ALL);	56: error_reporting(E_ALL ^ E_NOTICE);
48:	57:
49: // Turn off magic_quotes_runtime	58: // Turn off magic_quotes_runtime
50: set_magic_quotes_runtime(0);	59: set_magic_quotes_runtime(0);
77: define('PUN_MEMBER', 4);	86: define('PUN_MEMBER', 4);
78:	87:
79:	88:
80: // Load the functions script
81: require PUN_ROOT.'include/functions.php';
82:
83: // Load DB abstraction layer and connect	89: // Load DB abstraction layer and connect
84: require PUN_ROOT.'include/dblayer/common_db.php';	90: require PUN_ROOT.'include/dblayer/common_db.php';
85:	91:
117: // Attempt to load the common language file	123: // Attempt to load the common language file
118: @include PUN_ROOT.'lang/'.$pun_user['language'].'/common.php';	124: @include PUN_ROOT.'lang/'.$pun_user['language'].'/common.php';
119: if (!isset($lang_common))	125: if (!isset($lang_common))
120: exit('There is no valid language pack \''.$pun_user['language'].'\' installed. Please reinstall a language of that name.');	126: exit('There is no valid language pack \''.pun_htmlspecialchars($pun_user['language']).'\' installed. Please reinstall a language of that name.');
121:	127:
122: // Check if we are to display a maintenance message	128: // Check if we are to display a maintenance message
123: if ($pun_config['o_maintenance'] && $pun_user['g_id'] > PUN_ADMIN && !defined('PUN_TURN_OFF_MAINT'))	129: if ($pun_config['o_maintenance'] && $pun_user['g_id'] > PUN_ADMIN && !defined('PUN_TURN_OFF_MAINT'))

punbb-1.2.4/upload/include/email.php	punbb-1.2.14/upload/include/email.php
33: //	33: //
34: function is_valid_email($email)	34: function is_valid_email($email)
35: {	35: {
36: return preg_match('/^(([^<>()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)\|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])\|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/', $email);	36: if (strlen($email) > 50)
	37: return false;
	38:
	39: return preg_match('/^(([^<>()[\]\\.,;:\s@"\']+(\.[^<>()[\]\\.,;:\s@"\']+)*)\|("[^"\']+"))@((\[\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\])\|(([a-zA-Z\d\-]+\.)+[a-zA-Z]{2,}))$/', $email);
37: }	40: }
38:	41:
39:	42:
65:	68:
66: // Default sender/return address	69: // Default sender/return address
67: if (!$from)	70: if (!$from)
68: $from = '"'.$pun_config['o_board_title'].' '.$lang_common['Mailer'].'" <'.$pun_config['o_webmaster_email'].'>';	71: $from = '"'.str_replace('"', '', $pun_config['o_board_title'].' '.$lang_common['Mailer']).'" <'.$pun_config['o_webmaster_email'].'>';
69:	72:
70: // Do a little spring cleaning	73: // Do a little spring cleaning
71: $to = trim(preg_replace('#[\n\r]+#s', '', $to));	74: $to = trim(preg_replace('#[\n\r]+#s', '', $to));
72: $subject = trim(preg_replace('#[\n\r]+#s', '', $subject));	75: $subject = trim(preg_replace('#[\n\r]+#s', '', $subject));
73: $from = trim(preg_replace('#[\n\r:]+#s', '', $from));	76: $from = trim(preg_replace('#[\n\r:]+#s', '', $from));
74:	77:
75: // Detect what linebreak we should use for the headers	78: $headers = 'From: '.$from."\r\n".'Date: '.date('r')."\r\n".'MIME-Version: 1.0'."\r\n".'Content-transfer-encoding: 8bit'."\r\n".'Content-type: text/plain; charset='.$lang_common['lang_encoding']."\r\n".'X-Mailer: PunBB Mailer';
76: if (strtoupper(substr(PHP_OS, 0, 3) == 'WIN'))
77: $eol = "\r\n";
78: else if (strtoupper(substr(PHP_OS, 0, 3) == 'MAC'))
79: $eol = "\r";
80: else
81: $eol = "\n";
82:
83: $headers = 'From: '.$from.$eol.'Date: '.date('r').$eol.'MIME-Version: 1.0'.$eol.'Content-transfer-encoding: 8bit'.$eol.'Content-type: text/plain; charset='.$lang_common['lang_encoding'].$eol.'X-Mailer: PunBB Mailer';
84:	79:
85: // Make sure all linebreaks are CRLF in message	80: // Make sure all linebreaks are CRLF in message
86: $message = str_replace("\n", "\r\n", pun_linebreaks($message));	81: $message = str_replace("\n", "\r\n", pun_linebreaks($message));
88: if ($pun_config['o_smtp_host'] != '')	83: if ($pun_config['o_smtp_host'] != '')
89: smtp_mail($to, $subject, $message, $headers);	84: smtp_mail($to, $subject, $message, $headers);
90: else	85: else
	86: {
	87: // Change the linebreaks used in the headers according to OS
	88: if (strtoupper(substr(PHP_OS, 0, 3)) == 'MAC')
	89: $headers = str_replace("\r\n", "\r", $headers);
	90: else if (strtoupper(substr(PHP_OS, 0, 3)) != 'WIN')
	91: $headers = str_replace("\r\n", "\n", $headers);
	92:
91: mail($to, $subject, $message, $headers);	93: mail($to, $subject, $message, $headers);
	94: }
92: }	95: }
93:	96:
94:	97:

punbb-1.2.4/upload/include/functions.php	punbb-1.2.14/upload/include/functions.php
138: // Enable sending of a P3P header by removing // from the following line (try this if login is failing in IE6)	138: // Enable sending of a P3P header by removing // from the following line (try this if login is failing in IE6)
139: // @header('P3P: CP="CUR ADM"');	139: // @header('P3P: CP="CUR ADM"');
140:	140:
141: setcookie($cookie_name, serialize(array($user_id, md5($cookie_seed.$password_hash))), $expire, $cookie_path, $cookie_domain, $cookie_secure);	141: if (version_compare(PHP_VERSION, '5.2.0', '>='))
	142: setcookie($cookie_name, serialize(array($user_id, md5($cookie_seed.$password_hash))), $expire, $cookie_path, $cookie_domain, $cookie_secure, true);
	143: else
	144: setcookie($cookie_name, serialize(array($user_id, md5($cookie_seed.$password_hash))), $expire, $cookie_path.'; HttpOnly', $cookie_domain, $cookie_secure);
142: }	145: }
143:	146:
144:	147:
168: }	171: }
169:	172:
170: if ($cur_ban['username'] != '' && !strcasecmp($pun_user['username'], $cur_ban['username']))	173: if ($cur_ban['username'] != '' && !strcasecmp($pun_user['username'], $cur_ban['username']))
	174: {
	175: $db->query('DELETE FROM '.$db->prefix.'online WHERE ident=\''.$db->escape($pun_user['username']).'\'') or error('Unable to delete from online list', __FILE__, __LINE__, $db->error());
171: message($lang_common['Ban message'].' '.(($cur_ban['expire'] != '') ? $lang_common['Ban message 2'].' '.strtolower(format_time($cur_ban['expire'], true)).'. ' : '').(($cur_ban['message'] != '') ? $lang_common['Ban message 3'].'<br /><br /><strong>'.pun_htmlspecialchars($cur_ban['message']).'</strong><br /><br />' : '<br /><br />').$lang_common['Ban message 4'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.', true);	176: message($lang_common['Ban message'].' '.(($cur_ban['expire'] != '') ? $lang_common['Ban message 2'].' '.strtolower(format_time($cur_ban['expire'], true)).'. ' : '').(($cur_ban['message'] != '') ? $lang_common['Ban message 3'].'<br /><br /><strong>'.pun_htmlspecialchars($cur_ban['message']).'</strong><br /><br />' : '<br /><br />').$lang_common['Ban message 4'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.', true);
	177: }
172:	178:
173: if ($cur_ban['ip'] != '')	179: if ($cur_ban['ip'] != '')
174: {	180: {
179: $cur_ban_ips[$i] = $cur_ban_ips[$i].'.';	185: $cur_ban_ips[$i] = $cur_ban_ips[$i].'.';
180:	186:
181: if (substr($user_ip, 0, strlen($cur_ban_ips[$i])) == $cur_ban_ips[$i])	187: if (substr($user_ip, 0, strlen($cur_ban_ips[$i])) == $cur_ban_ips[$i])
	188: {
	189: $db->query('DELETE FROM '.$db->prefix.'online WHERE ident=\''.$db->escape($pun_user['username']).'\'') or error('Unable to delete from online list', __FILE__, __LINE__, $db->error());
182: message($lang_common['Ban message'].' '.(($cur_ban['expire'] != '') ? $lang_common['Ban message 2'].' '.strtolower(format_time($cur_ban['expire'], true)).'. ' : '').(($cur_ban['message'] != '') ? $lang_common['Ban message 3'].'<br /><br /><strong>'.pun_htmlspecialchars($cur_ban['message']).'</strong><br /><br />' : '<br /><br />').$lang_common['Ban message 4'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.', true);	190: message($lang_common['Ban message'].' '.(($cur_ban['expire'] != '') ? $lang_common['Ban message 2'].' '.strtolower(format_time($cur_ban['expire'], true)).'. ' : '').(($cur_ban['message'] != '') ? $lang_common['Ban message 3'].'<br /><br /><strong>'.pun_htmlspecialchars($cur_ban['message']).'</strong><br /><br />' : '<br /><br />').$lang_common['Ban message 4'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.', true);
	191: }
183: }	192: }
184: }	193: }
185: }	194: }
203: $now = time();	212: $now = time();
204:	213:
205: // Fetch all online list entries that are older than "o_timeout_online"	214: // Fetch all online list entries that are older than "o_timeout_online"
206: $result = $db->query('SELECT * FROM '.$db->prefix.'online WHERE logged<'.($now-$pun_config['o_timeout_online'])) or error('Unable to delete from online list', __FILE__, __LINE__, $db->error());	215: $result = $db->query('SELECT * FROM '.$db->prefix.'online WHERE logged<'.($now-$pun_config['o_timeout_online'])) or error('Unable to fetch old entries from online list', __FILE__, __LINE__, $db->error());
207: while ($cur_user = $db->fetch_assoc($result))	216: while ($cur_user = $db->fetch_assoc($result))
208: {	217: {
209: // If the entry is a guest, delete it	218: // If the entry is a guest, delete it
675: //	684: //
676: function get_remote_address()	685: function get_remote_address()
677: {	686: {
678: $remote_address = $_SERVER['REMOTE_ADDR'];	687: return $_SERVER['REMOTE_ADDR'];
679:
680: // If HTTP_X_FORWARDED_FOR is set, we try to grab the first non-LAN IP
681: if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
682: {
683: if (preg_match_all('/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/', $_SERVER['HTTP_X_FORWARDED_FOR'], $address_list))
684: {
685: $lan_ips = array('/^0\./', '/^127\.0\.0\.1/', '/^192\.168\../', '/^172\.((1[6-9])\|(2[0-9])\|(3[0-1]))\../', '/^10\../', '/^224\../', '/^240\..*/');
686: $address_list = preg_replace($lan_ips, null, $address_list[0]);
687:
688: while (list(, $cur_address) = each($address_list))
689: {
690: if ($cur_address)
691: {
692: $remote_address = $cur_address;
693: break;
694: }
695: }
696: }
697: }
698:
699: return $remote_address;
700: }	688: }
701:	689:
702:	690:
803:	791:
804:	792:
805: // START SUBST - <pun_include "*">	793: // START SUBST - <pun_include "*">
806: while (preg_match('<pun_include "(.*?)">', $tpl_maint, $cur_include))	794: while (preg_match('#<pun_include "([^/\\\\]*?)">#', $tpl_maint, $cur_include))
807: {	795: {
	796: if (!file_exists(PUN_ROOT.'include/user/'.$cur_include[1]))
	797: error('Unable to process user include <pun_include "'.htmlspecialchars($cur_include[1]).'"> from template maintenance.tpl. There is no such file in folder /include/user/');
	798:
808: ob_start();	799: ob_start();
809: include PUN_ROOT.$cur_include[1];	800: include PUN_ROOT.'include/user/'.$cur_include[1];
810: $tpl_temp = ob_get_contents();	801: $tpl_temp = ob_get_contents();
811: $tpl_maint = str_replace('<'.$cur_include[0].'>', $tpl_temp, $tpl_maint);	802: $tpl_maint = str_replace($cur_include[0], $tpl_temp, $tpl_maint);
812: ob_end_clean();	803: ob_end_clean();
813: }	804: }
814: // END SUBST - <pun_include "*">	805: // END SUBST - <pun_include "*">
854: ob_start();	845: ob_start();
855:	846:
856: ?>	847: ?>
857: <meta http-equiv="refresh" content="<?php echo $pun_config['o_redirect_delay'] ?>;URL=<?php echo $destination_url ?>" />	848: <meta http-equiv="refresh" content="<?php echo $pun_config['o_redirect_delay'] ?>;URL=<?php echo str_replace(array('<', '>', '"'), array('<', '>', '"'), $destination_url) ?>" />
858: <title><?php echo pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Redirecting'] ?></title>	849: <title><?php echo pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Redirecting'] ?></title>
859: <link rel="stylesheet" type="text/css" href="style/<?php echo $pun_user['style'].'.css' ?>" />	850: <link rel="stylesheet" type="text/css" href="style/<?php echo $pun_user['style'].'.css' ?>" />
860: <?php	851: <?php
893:	884:
894:	885:
895: // START SUBST - <pun_include "*">	886: // START SUBST - <pun_include "*">
896: while (preg_match('<pun_include "(.*?)">', $tpl_redir, $cur_include))	887: while (preg_match('#<pun_include "([^/\\\\]*?)">#', $tpl_redir, $cur_include))
897: {	888: {
	889: if (!file_exists(PUN_ROOT.'include/user/'.$cur_include[1]))
	890: error('Unable to process user include <pun_include "'.htmlspecialchars($cur_include[1]).'"> from template redirect.tpl. There is no such file in folder /include/user/');
	891:
898: ob_start();	892: ob_start();
899: include PUN_ROOT.$cur_include[1];	893: include PUN_ROOT.'include/user/'.$cur_include[1];
900: $tpl_temp = ob_get_contents();	894: $tpl_temp = ob_get_contents();
901: $tpl_redir = str_replace('<'.$cur_include[0].'>', $tpl_temp, $tpl_redir);	895: $tpl_redir = str_replace($cur_include[0], $tpl_temp, $tpl_redir);
902: ob_end_clean();	896: ob_end_clean();
903: }	897: }
904: // END SUBST - <pun_include "*">	898: // END SUBST - <pun_include "*">
1034: </div>	1028: </div>
1035: <?php	1029: <?php
1036:	1030:
	1031: }
	1032:
	1033:
	1034: //
	1035: // Unset any variables instantiated as a result of register_globals being enabled
	1036: //
	1037: function unregister_globals()
	1038: {
	1039: // Prevent script.php?GLOBALS[foo]=bar
	1040: if (isset($_REQUEST['GLOBALS']) \|\| isset($_FILES['GLOBALS']))
	1041: &nbs

punbb-1.2.4/upload/admin_forums.php	punbb-1.2.14/upload/admin_forums.php
117: </div>	117: </div>
118: </fieldset>	118: </fieldset>
119: </div>	119: </div>
120: <p><input type="submit" name="del_forum_comply" value="Delete" />   <a href="javascript:history.go(-1)" />Go back</a></p>	120: <p><input type="submit" name="del_forum_comply" value="Delete" /><a href="javascript:history.go(-1)">Go back</a></p>
121: </form>	121: </form>
122: </div>	122: </div>
123: </div>	123: </div>
140: if (!preg_match('#^\d+$#', $disp_position))	140: if (!preg_match('#^\d+$#', $disp_position))
141: message('Position must be a positive integer value.');	141: message('Position must be a positive integer value.');
142:	142:
143: $db->query('UPDATE '.$db->prefix.'forums SET disp_position='.$disp_position.' WHERE id='.$forum_id) or error('Unable to update forum', __FILE__, __LINE__, $db->error());	143: $db->query('UPDATE '.$db->prefix.'forums SET disp_position='.$disp_position.' WHERE id='.intval($forum_id)) or error('Unable to update forum', __FILE__, __LINE__, $db->error());
144: }	144: }
145:	145:
146: // Regenerate the quickjump cache	146: // Regenerate the quickjump cache
186: $result = $db->query('SELECT g_id, g_read_board, g_post_replies, g_post_topics FROM '.$db->prefix.'groups WHERE g_id!='.PUN_ADMIN) or error('Unable to fetch user group list', __FILE__, __LINE__, $db->error());	186: $result = $db->query('SELECT g_id, g_read_board, g_post_replies, g_post_topics FROM '.$db->prefix.'groups WHERE g_id!='.PUN_ADMIN) or error('Unable to fetch user group list', __FILE__, __LINE__, $db->error());
187: while ($cur_group = $db->fetch_assoc($result))	187: while ($cur_group = $db->fetch_assoc($result))
188: {	188: {
189: $read_forum_new = ($cur_group['g_read_board'] == '1') ? isset($_POST['read_forum_new'][$cur_group['g_id']]) ? $_POST['read_forum_new'][$cur_group['g_id']] : '0' : $_POST['read_forum_old'][$cur_group['g_id']];	189: $read_forum_new = ($cur_group['g_read_board'] == '1') ? isset($_POST['read_forum_new'][$cur_group['g_id']]) ? '1' : '0' : intval($_POST['read_forum_old'][$cur_group['g_id']]);
190: $post_replies_new = isset($_POST['post_replies_new'][$cur_group['g_id']]) ? $_POST['post_replies_new'][$cur_group['g_id']] : '0';	190: $post_replies_new = isset($_POST['post_replies_new'][$cur_group['g_id']]) ? '1' : '0';
191: $post_topics_new = isset($_POST['post_topics_new'][$cur_group['g_id']]) ? $_POST['post_topics_new'][$cur_group['g_id']] : '0';	191: $post_topics_new = isset($_POST['post_topics_new'][$cur_group['g_id']]) ? '1' : '0';
192:	192:
193: // Check if the new settings differ from the old	193: // Check if the new settings differ from the old
194: if ($read_forum_new != $_POST['read_forum_old'][$cur_group['g_id']] \|\| $post_replies_new != $_POST['post_replies_old'][$cur_group['g_id']] \|\| $post_topics_new != $_POST['post_topics_old'][$cur_group['g_id']])	194: if ($read_forum_new != $_POST['read_forum_old'][$cur_group['g_id']] \|\| $post_replies_new != $_POST['post_replies_old'][$cur_group['g_id']] \|\| $post_topics_new != $_POST['post_topics_old'][$cur_group['g_id']])

punbb-1.2.4/upload/admin_groups.php	punbb-1.2.14/upload/admin_groups.php
209:	209:
210: $title = trim($_POST['req_title']);	210: $title = trim($_POST['req_title']);
211: $user_title = trim($_POST['user_title']);	211: $user_title = trim($_POST['user_title']);
212: $read_board = isset($_POST['read_board']) ? $_POST['read_board'] : '1';	212: $read_board = isset($_POST['read_board']) ? intval($_POST['read_board']) : '1';
213: $post_replies = isset($_POST['post_replies']) ? $_POST['post_replies'] : '1';	213: $post_replies = isset($_POST['post_replies']) ? intval($_POST['post_replies']) : '1';
214: $post_topics = isset($_POST['post_topics']) ? $_POST['post_topics'] : '1';	214: $post_topics = isset($_POST['post_topics']) ? intval($_POST['post_topics']) : '1';
215: $edit_posts = isset($_POST['edit_posts']) ? $_POST['edit_posts'] : ($is_admin_group) ? '1' : '0';	215: $edit_posts = isset($_POST['edit_posts']) ? intval($_POST['edit_posts']) : ($is_admin_group) ? '1' : '0';
216: $delete_posts = isset($_POST['delete_posts']) ? $_POST['delete_posts'] : ($is_admin_group) ? '1' : '0';	216: $delete_posts = isset($_POST['delete_posts']) ? intval($_POST['delete_posts']) : ($is_admin_group) ? '1' : '0';
217: $delete_topics = isset($_POST['delete_topics']) ? $_POST['delete_topics'] : ($is_admin_group) ? '1' : '0';	217: $delete_topics = isset($_POST['delete_topics']) ? intval($_POST['delete_topics']) : ($is_admin_group) ? '1' : '0';
218: $set_title = isset($_POST['set_title']) ? $_POST['set_title'] : ($is_admin_group) ? '1' : '0';	218: $set_title = isset($_POST['set_title']) ? intval($_POST['set_title']) : ($is_admin_group) ? '1' : '0';
219: $search = isset($_POST['search']) ? $_POST['search'] : '1';	219: $search = isset($_POST['search']) ? intval($_POST['search']) : '1';
220: $search_users = isset($_POST['search_users']) ? $_POST['search_users'] : '1';	220: $search_users = isset($_POST['search_users']) ? intval($_POST['search_users']) : '1';
221: $edit_subjects_interval = isset($_POST['edit_subjects_interval']) ? intval($_POST['edit_subjects_interval']) : '0';	221: $edit_subjects_interval = isset($_POST['edit_subjects_interval']) ? intval($_POST['edit_subjects_interval']) : '0';
222: $post_flood = isset($_POST['post_flood']) ? intval($_POST['post_flood']) : '0';	222: $post_flood = isset($_POST['post_flood']) ? intval($_POST['post_flood']) : '0';
223: $search_flood = isset($_POST['search_flood']) ? intval($_POST['search_flood']) : '0';	223: $search_flood = isset($_POST['search_flood']) ? intval($_POST['search_flood']) : '0';
243: }	243: }
244: else	244: else
245: {	245: {
246: $result = $db->query('SELECT 1 FROM '.$db->prefix.'groups WHERE g_title=\''.$db->escape($title).'\' && g_id!='.$_POST['group_id']) or error('Unable to check group title collision', __FILE__, __LINE__, $db->error());	246: $result = $db->query('SELECT 1 FROM '.$db->prefix.'groups WHERE g_title=\''.$db->escape($title).'\' AND g_id!='.intval($_POST['group_id'])) or error('Unable to check group title collision', __FILE__, __LINE__, $db->error());
247: if ($db->num_rows($result))	247: if ($db->num_rows($result))
248: message('There is already a group with the title \''.pun_htmlspecialchars($title).'\'.');	248: message('There is already a group with the title \''.pun_htmlspecialchars($title).'\'.');
249:	249:
250: $db->query('UPDATE '.$db->prefix.'groups SET g_title=\''.$db->escape($title).'\', g_user_title='.$user_title.', g_read_board='.$read_board.', g_post_replies='.$post_replies.', g_post_topics='.$post_topics.', g_edit_posts='.$edit_posts.', g_delete_posts='.$delete_posts.', g_delete_topics='.$delete_topics.', g_set_title='.$set_title.', g_search='.$search.', g_search_users='.$search_users.', g_edit_subjects_interval='.$edit_subjects_interval.', g_post_flood='.$post_flood.', g_search_flood='.$search_flood.' WHERE g_id='.$_POST['group_id']) or error('Unable to update group', __FILE__, __LINE__, $db->error());	250: $db->query('UPDATE '.$db->prefix.'groups SET g_title=\''.$db->escape($title).'\', g_user_title='.$user_title.', g_read_board='.$read_board.', g_post_replies='.$post_replies.', g_post_topics='.$post_topics.', g_edit_posts='.$edit_posts.', g_delete_posts='.$delete_posts.', g_delete_topics='.$delete_topics.', g_set_title='.$set_title.', g_search='.$search.', g_search_users='.$search_users.', g_edit_subjects_interval='.$edit_subjects_interval.', g_post_flood='.$post_flood.', g_search_flood='.$search_flood.' WHERE g_id='.intval($_POST['group_id'])) or error('Unable to update group', __FILE__, __LINE__, $db->error());
251: }	251: }
252:	252:
253: // Regenerate the quickjump cache	253: // Regenerate the quickjump cache
264: confirm_referrer('admin_groups.php');	264: confirm_referrer('admin_groups.php');
265:	265:
266: $group_id = intval($_POST['default_group']);	266: $group_id = intval($_POST['default_group']);
267: if ($group_id < 1)	267: if ($group_id < 4)
268: message($lang_common['Bad request']);	268: message($lang_common['Bad request']);
269:	269:
270: $db->query('UPDATE '.$db->prefix.'config SET conf_value='.$group_id.' WHERE conf_name=\'o_default_user_group\'') or error('Unable to update board config', __FILE__, __LINE__, $db->error());	270: $db->query('UPDATE '.$db->prefix.'config SET conf_value='.$group_id.' WHERE conf_name=\'o_default_user_group\'') or error('Unable to update board config', __FILE__, __LINE__, $db->error());