[AideInfo]

phpBB 2.0.9 to phpBB 2.0.10 Code Changes



These are the Changes from phpBB 2.0.9 to phpBB 2.0.10 summed up into a little Mod. This might be very helpful if you want to update your Board and have installed a bunch of Mods. Then it's normally easier to apply the Code Changes than to install all Mods again.

When you find a 'AFTER, ADD'-Statement, the Code have to be added after the last line quoted in the 'FIND'-Statement.
When you find a 'BEFORE, ADD'-Statement, the Code have to be added before the first line quoted in the 'FIND'-Statement.
When you find a 'REPLACE WITH'-Statement, the Code quoted in the 'FIND'-Statement have to be replaced completely with the quoted Code in the 'REPLACE WITH'-Statement.
When you find a 'DELETE'-Statement, the Code have to be deleted.

After you have finished this tutorial, you have to upload the update_to_210.php file, execute it and then delete it from your webspace.

Ok, lets start:

• admin/admin_board.php

1. 
   FIND - Line 46
   

   Code:

   $default_config[$config_name] = str_replace("'", "\'", $config_value);

   
   
   REPLACE WITH
   

   Code:

   $default_config[$config_name] = isset($HTTP_POST_VARS['submit']) ? str_replace("'", "\'", $config_value) : $config_value;

   
   
   

• admin/admin_styles.php

1. 
   FIND - Line 49
   

   Code:

   require('./pagestart.' . $phpEx);

   
   
   AFTER, ADD
   

   Code:

   $confirm = ( isset($HTTP_POST_VARS['confirm']) ) ? TRUE : FALSE; $cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? TRUE : FALSE;

   
   
   

• common.php

1. 
   FIND - Line 43
   

   Code:

   // Unset globally registered vars - PHP5 ... hhmmm if (@$ini_val('register_globals') == '1' || strtolower(@$ini_val('register_globals')) == 'on') {    $var_prefix = 'HTTP';    $var_suffix = '_VARS';        $test = array('_GET', '_POST', '_SERVER', '_COOKIE', '_ENV');    foreach ($test as $var)    {       if (is_array(${$var_prefix . $var . $var_suffix}))       {          unset_vars(${$var_prefix . $var . $var_suffix});       }       if (is_array(${$var}))       {          unset_vars(${$var});       }    }    if (is_array(${'_FILES'}))    {       unset_vars(${'_FILES'});    }    if (is_array(${'HTTP_POST_FILES'}))    {       unset_vars(${'HTTP_POST_FILES'});    } }

   
   
   REPLACE WITH
   

   Code:

   // Unset globally registered vars - PHP5 ... hhmmm if (@$ini_val('register_globals') == '1' || strtolower(@$ini_val('register_globals')) == 'on') {    $var_prefix = 'HTTP';    $var_suffix = '_VARS';        $test = array('_GET', '_POST', '_SERVER', '_COOKIE', '_ENV');    foreach ($test as $var)    {       if (is_array(${$var_prefix . $var . $var_suffix}))       {          unset_vars(${$var_prefix . $var . $var_suffix});          @reset(${$var_prefix . $var . $var_suffix});       }       if (is_array(${$var}))       {          unset_vars(${$var});          @reset(${$var});       }    }    if (is_array(${'_FILES'}))    {       unset_vars(${'_FILES'});       @reset(${'_FILES'});    }    if (is_array(${'HTTP_POST_FILES'}))    {       unset_vars(${'HTTP_POST_FILES'});       @reset(${'HTTP_POST_FILES'});    } } // PHP5 with register_long_arrays off? if (!isset($HTTP_POST_VARS) && isset($_POST)) {    $HTTP_POST_VARS = $_POST;    $HTTP_GET_VARS = $_GET;    $HTTP_SERVER_VARS = $_SERVER;    $HTTP_COOKIE_VARS = $_COOKIE;    $HTTP_ENV_VARS = $_ENV;    $HTTP_POST_FILES = $_FILES; }

   
   
   

• includes/functions.php

1. 
   FIND - Line 190
   

   Code:

   if ( !empty($SID) )    {       $boxstring .= '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />';    }

   
   
   REPLACE WITH
   

   Code:

   // Let the jumpbox work again in sites having additional session id checks. //   if ( !empty($SID) ) //   {       $boxstring .= '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />'; //   }

   
   
   
2. 
   FIND - Line 743
   

   Code:

   if (!empty($db))    {       $db->sql_close();    }

   
   
   AFTER, ADD
   

   Code:

   if (strstr(urldecode($url), "\n") || strstr(urldecode($url), "\r"))    {       message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');    }

   
   
   

• login.php

1. 
   FIND - Line 96
   

   Code:

   $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : '';                $redirect = str_replace('?', '&', $redirect);

   
   
   AFTER, ADD
   

   Code:

   if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r"))                {                   message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');                }

   
   
   
2. 
   FIND - Line 116
   

   Code:

   $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "";          $redirect = str_replace("?", "&", $redirect);

   
   
   AFTER, ADD
   

   Code:

   if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r"))                {                   message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');                }

   
   
   

• search.php

1. 
   FIND - Line 62
   

   Code:

   $search_author = ( isset($HTTP_POST_VARS['search_author']) ) ? $HTTP_POST_VARS['search_author'] : $HTTP_GET_VARS['search_author'];

   
   
   AFTER, ADD
   

   Code:

   $search_author = htmlspecialchars($search_author);

   
   
   

_________________
Services gratuits

phpBB-Tutoriaux, tous les tutoriaux pour débuter et utiliser phpBB