diff -urN punbb-1.2.4/upload/admin_groups.php punbb-1.2.5/upload/admin_groups.php
--- punbb-1.2.4/upload/admin_groups.php Sun Mar 13 15:47:54 2005
+++ punbb-1.2.5/upload/admin_groups.php Tue Apr 5 01:06:00 2005
@@ -243,7 +243,7 @@
}
else
{
- $result = $db->query('SELECT 1 FROM '.$db->prefix.'groups WHERE g_title=\''.$db->escape($title).'\' && g_id!='.$_POST['group_id']) or error('Unable to check group title collision', __FILE__, __LINE__, $db->error());
+ $result = $db->query('SELECT 1 FROM '.$db->prefix.'groups WHERE g_title=\''.$db->escape($title).'\' AND g_id!='.$_POST['group_id']) or error('Unable to check group title collision', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result))
message('There is already a group with the title \''.pun_htmlspecialchars($title).'\'.');
diff -urN punbb-1.2.4/upload/admin_index.php punbb-1.2.5/upload/admin_index.php
--- punbb-1.2.4/upload/admin_index.php Sun Mar 13 00:34:06 2005
+++ punbb-1.2.5/upload/admin_index.php Sun Mar 20 20:13:24 2005
@@ -93,7 +93,7 @@
// Get number of current visitors
-$result = $db->query('SELECT COUNT(user_id) FROM '.$db->prefix.'online') or error('Unable to fetch online count', __FILE__, __LINE__, $db->error());
+$result = $db->query('SELECT COUNT(user_id) FROM '.$db->prefix.'online WHERE idle=0') or error('Unable to fetch online count', __FILE__, __LINE__, $db->error());
$num_online = $db->result($result);
diff -urN punbb-1.2.4/upload/admin_prune.php punbb-1.2.5/upload/admin_prune.php
--- punbb-1.2.4/upload/admin_prune.php Tue Jan 11 20:41:14 2005
+++ punbb-1.2.5/upload/admin_prune.php Sun Apr 3 20:48:30 2005
@@ -135,7 +135,7 @@
-
()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/', $email);
+ if (strlen($email) > 50)
+ return false;
+
+ return preg_match('/^(([^<>()[\]\\.,;:\s@"\']+(\.[^<>()[\]\\.,;:\s@"\']+)*)|("[^"\']+"))@((\[\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\])|(([a-zA-Z\d\-]+\.)+[a-zA-Z]{2,}))$/', $email);
}
@@ -65,7 +68,7 @@
// Default sender/return address
if (!$from)
- $from = '"'.$pun_config['o_board_title'].' '.$lang_common['Mailer'].'" <'.$pun_config['o_webmaster_email'].'>';
+ $from = '"'.str_replace('"', '', $pun_config['o_board_title'].' '.$lang_common['Mailer']).'" <'.$pun_config['o_webmaster_email'].'>';
// Do a little spring cleaning
$to = trim(preg_replace('#[\n\r]+#s', '', $to));
diff -urN punbb-1.2.4/upload/include/parser.php punbb-1.2.5/upload/include/parser.php
--- punbb-1.2.4/upload/include/parser.php Fri Mar 18 23:08:32 2005
+++ punbb-1.2.5/upload/include/parser.php Tue Apr 5 23:17:14 2005
@@ -45,24 +45,24 @@
$b = array('[b]', '[i]', '[u]', '[/b]', '[/i]', '[/u]');
$text = str_replace($a, $b, $text);
- // Do the more complex BBCodes (and strip excessive whitespace)
- $a = array( '#\[url=(.*?)\]\s*#i',
+ // Do the more complex BBCodes (also strip excessive whitespace and useless quotes)
+ $a = array( '#\[url=("|\'|)(.*?)\\1\]\s*#i',
'#\[url\]\s*#i',
'#\s*\[/url\]#i',
- '#\[email=(.*?)\]\s*#i',
+ '#\[email=("|\'|)(.*?)\\1\]\s*#i',
'#\[email\]\s*#i',
'#\s*\[/email\]#i',
'#\[img\]\s*(.*?)\s*\[/img\]#is',
- '#\[colou?r=(.*?)\](.*?)\[/colou?r\]#is');
+ '#\[colou?r=("|\'|)(.*?)\\1\](.*?)\[/colou?r\]#is');
- $b = array( '[url=$1]',
+ $b = array( '[url=$2]',
'[url]',
'[/url]',
- '[email=$1]',
+ '[email=$2]',
'[email]',
'[/email]',
'[img]$1[/img]',
- '[color=$1]$2[/color]');
+ '[color=$2]$3[/color]');
if (!$is_signature)
{
@@ -182,8 +182,10 @@
// We found a [code]
else if ($c_start < min($c_end, $q_start, $q_end))
{
+ // Make sure there's a [/code] and that any new [code] doesn't occur before the end tag
$tmp = strpos($text, '[/code]');
- if ($tmp === false)
+ $tmp2 = strpos(substr($text, 6), '[code]');
+ if ($tmp === false || ($tmp2 !== false && $tmp2 < $tmp))
{
$error = $lang_common['BBCode error'].' '.$lang_common['BBCode error 2'];
return;
diff -urN punbb-1.2.4/upload/install.php punbb-1.2.5/upload/install.php
--- punbb-1.2.4/upload/install.php Fri Mar 18 23:12:42 2005
+++ punbb-1.2.5/upload/install.php Thu Apr 7 23:26:36 2005
@@ -24,7 +24,7 @@
// The PunBB version this script installs
-$punbb_version = '1.2.4';
+$punbb_version = '1.2.5';
define('PUN_ROOT', './');
diff -urN punbb-1.2.4/upload/login.php punbb-1.2.5/upload/login.php
--- punbb-1.2.4/upload/login.php Mon Feb 21 23:33:52 2005
+++ punbb-1.2.5/upload/login.php Fri Apr 1 20:08:04 2005
@@ -40,7 +40,9 @@
$form_username = trim($_POST['req_username']);
$form_password = trim($_POST['req_password']);
- $result = $db->query('SELECT id, group_id, password, save_pass FROM '.$db->prefix.'users WHERE username=\''.$db->escape($form_username).'\'') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
+ $username_sql = ($db_type == 'mysql' || $db_type == 'mysqli') ? 'username=\''.$db->escape($form_username).'\'' : 'LOWER(username)=LOWER(\''.$db->escape($form_username).'\')';
+
+ $result = $db->query('SELECT id, group_id, password, save_pass FROM '.$db->prefix.'users WHERE '.$username_sql) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
list($user_id, $group_id, $db_password_hash, $save_pass) = $db->fetch_row($result);
$authorized = false;
diff -urN punbb-1.2.4/upload/misc.php punbb-1.2.5/upload/misc.php
--- punbb-1.2.4/upload/misc.php Mon Feb 28 02:02:16 2005
+++ punbb-1.2.5/upload/misc.php Fri Apr 1 20:38:52 2005
@@ -118,7 +118,7 @@
require_once PUN_ROOT.'include/email.php';
- pun_mail($recipient_email, $mail_subject, $mail_message, $pun_user['username'].' <'.$pun_user['email'].'>');
+ pun_mail($recipient_email, $mail_subject, $mail_message, '"'.str_replace('"', '', $pun_user['username']).'" <'.$pun_user['email'].'>');
redirect($_POST['redirect_url'], $lang_misc['E-mail sent redirect']);
}
diff -urN punbb-1.2.4/upload/moderate.php punbb-1.2.5/upload/moderate.php
--- punbb-1.2.4/upload/moderate.php Fri Mar 18 22:28:34 2005
+++ punbb-1.2.5/upload/moderate.php Sun Mar 20 17:16:04 2005
@@ -472,7 +472,7 @@
if (empty($topics))
message($lang_misc['No topics selected']);
- $db->query('UPDATE '.$db->prefix.'topics SET closed='.$action.' WHERE id IN('.implode(',', array_keys($topics)).')') or error('Unable to close topics', __FILE__, __LINE__, $db->error());
+ $db->query('UPDATE '.$db->prefix.'topics SET closed='.$action.' WHERE id IN('.implode(',', $topics).')') or error('Unable to close topics', __FILE__, __LINE__, $db->error());
$redirect_msg = ($action) ? $lang_misc['Close topics redirect'] : $lang_misc['Open topics redirect'];
redirect('moderate.php?fid='.$fid, $redirect_msg);
diff -urN punbb-1.2.4/upload/profile.php punbb-1.2.5/upload/profile.php
--- punbb-1.2.4/upload/profile.php Fri Mar 18 23:03:38 2005
+++ punbb-1.2.5/upload/profile.php Thu Apr 7 21:49:28 2005
@@ -194,7 +194,7 @@
message($lang_profile['E-mail key bad'].' '.$pun_config['o_admin_email'].'.');
else
{
- $db->query('UPDATE '.$db->prefix.'users SET email=\''.$new_email.'\', activate_string=NULL, activate_key=NULL WHERE id='.$id) or error('Unable to update e-mail address', __FILE__, __LINE__, $db->error());
+ $db->query('UPDATE '.$db->prefix.'users SET email=activate_string, activate_string=NULL, activate_key=NULL WHERE id='.$id) or error('Unable to update e-mail address', __FILE__, __LINE__, $db->error());
message($lang_profile['E-mail updated'], true);
}
@@ -303,6 +303,9 @@
if (isset($_POST['form_sent']))
{
+ if (!isset($_FILES['req_file']))
+ message($lang_profile['No file']);
+
$uploaded_file = $_FILES['req_file'];
// Make sure the upload went smooth
@@ -360,7 +363,7 @@
// Now check the width/height
list($width, $height, ,) = getimagesize($pun_config['o_avatars_dir'].'/'.$id.'.tmp');
- if ($width > $pun_config['o_avatars_width'] || $height > $pun_config['o_avatars_height'])
+ if (empty($width) || empty($height) || $width > $pun_config['o_avatars_width'] || $height > $pun_config['o_avatars_height'])
{
@unlink($pun_config['o_avatars_dir'].'/'.$id.'.tmp');
message($lang_profile['Too wide or high'].' '.$pun_config['o_avatars_width'].'x'.$pun_config['o_avatars_height'].' '.$lang_profile['pixels'].'.');
@@ -1232,7 +1235,7 @@
-
+
diff -urN punbb-1.2.4/upload/viewtopic.php punbb-1.2.5/upload/viewtopic.php
--- punbb-1.2.4/upload/viewtopic.php Tue Feb 1 16:16:46 2005
+++ punbb-1.2.5/upload/viewtopic.php Thu Apr 7 22:52:56 2005
@@ -183,7 +183,7 @@
$post_count = 0; // Keep track of post numbers
// Retrieve the posts (and their respective poster/online status)
-$result = $db->query('SELECT DISTINCT u.email, u.title, u.url, u.location, u.use_avatar, u.signature, u.email_setting, u.num_posts, u.registered, u.admin_note, p.id, p.poster AS username, p.poster_id, p.poster_ip, p.poster_email, p.message, p.hide_smilies, p.posted, p.edited, p.edited_by, g.g_id, g.g_user_title, o.user_id AS is_online FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'users AS u ON u.id=p.poster_id INNER JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id LEFT JOIN '.$db->prefix.'online AS o ON (o.user_id=u.id AND o.idle=0) WHERE p.topic_id='.$id.' ORDER BY p.id LIMIT '.$start_from.','.$pun_user['disp_posts'], true) or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
+$result = $db->query('SELECT u.email, u.title, u.url, u.location, u.use_avatar, u.signature, u.email_setting, u.num_posts, u.registered, u.admin_note, p.id, p.poster AS username, p.poster_id, p.poster_ip, p.poster_email, p.message, p.hide_smilies, p.posted, p.edited, p.edited_by, g.g_id, g.g_user_title, o.user_id AS is_online FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'users AS u ON u.id=p.poster_id INNER JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id LEFT JOIN '.$db->prefix.'online AS o ON (o.user_id=u.id AND o.idle=0) WHERE p.topic_id='.$id.' ORDER BY p.id LIMIT '.$start_from.','.$pun_user['disp_posts'], true) or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
while ($cur_post = $db->fetch_assoc($result))
{
$post_count++;