mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-21 18:44:37 +02:00
Code Issues Releases Wiki Activity

checkin latest changes

Browse Source 
git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@5145 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen
2005-05-07 22:18:10 +00:00
parent 31727e70e7
commit 9abeaa1177
3 changed files with 52 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
phpBB/admin/admin_forums.php
View File

@ -233,6 +233,7 @@ if( isset($HTTP_POST_VARS['addforum']) || isset($HTTP_POST_VARS['addcategory'])
if( $mode == "addforum" )
{
list($cat_id) = each($HTTP_POST_VARS['addforum']);
$cat_id = intval($cat_id);
//
// stripslashes needs to be run on this because slashes are added when the forum name is posted
//
@ -1024,4 +1025,4 @@ $template->pparse("body");
include('./page_footer_admin.'.$phpEx);
?>
?>

65
phpBB/docs/CHANGELOG.html
View File

@ -3,7 +3,7 @@
<head>
<meta http-equiv="Content-Type" content="text/html">
<meta http-equiv="Content-Style-Type" content="text/css">
<title>phpBB 2.0.14 :: Changelog</title>
<title>phpBB 2.0.15 :: Changelog</title>
<link rel="stylesheet" href="../templates/subSilver/subSilver.css" type="text/css" />
<style type="text/css">
<!--
@ -24,7 +24,7 @@ p,ul,td {font-size:10pt;}
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td><img src="../templates/subSilver/images/logo_phpBB.gif" border="0" alt="phpBB 2 : Creating Communities" vspace="1" /></a></td>
<td align="center" width="100%" valign="middle"><span class="maintitle">phpBB 2.0.14 CHANGELOG</span></td>
<td align="center" width="100%" valign="middle"><span class="maintitle">phpBB 2.0.15 CHANGELOG</span></td>
</tr>
</table>
@ -32,6 +32,7 @@ p,ul,td {font-size:10pt;}
<ol>
<li><a href="#changelog">Changelog</a></li>
<ol type="i">
<li><a href="#2014">Changes since 2.0.14</a></li>
<li><a href="#2013">Changes since 2.0.13</a></li>
<li><a href="#2012">Changes since 2.0.12</a></li>
<li><a href="#2011">Changes since 2.0.11</a></li>
@ -59,7 +60,29 @@ p,ul,td {font-size:10pt;}
<p>This is a non-exhaustive (but still near complete) changelog for phpBB 2.0.x including beta and release candidate versions. Our thanks to all those people who've contributed bug reports and code fixes.</p>
<a name="2013"></a><h3 class="h3">l.i. Changes since 2.0.13</h3>
<a name="2014"></a><h3 class="h3">l.i. Changes since 2.0.14</h3>
<ul>
<li>Fixed moderator status removal in groupcp.php</li>
<li>Removed newlines after ?&gt; on some files - <b>Thoul</b></li>
<li>Added admin re-authentication (admin needs to login seperatly to access the ACP) - backported from Olympus</li>
<li>Fixed vulnerability in url/bbcode handling functions - <b>PapaDos and Paul/Zhen-Xjell from CastleCops</b></li>
<li>Fixed issue in admin/admin_forums.php</li>
<li>Suppressed warning message for fsockopen in /includes/smtp.php - <b>Thoul</b></li>
<li>Fixed bug in admin/admin_smilies.php (admin is able to add empty smilies) - <b>Exy</b></li>
<li>Adjusted documents to reflect the urgent need to update the files too (not only running the database update script)</li>
<li>Updated the readme file</li>
<li>Added one new language variable</li>
<li>Added general error if accessing profile for a non-existent user</li>
<li>Changed session id generation to be more unique - <b>Henno Joosep</b></li>
<li>Fixed bug in highlight code to escape characters correctly</li>
<li>Reversed the 2.0.14 fix for postgresql because it produced more problems than it solves.</li>
<li>Added reference to article written by R45 about case-sensitivity in postgreSQL to the readme file</li>
<li>Fixed bypassing of validate_username on registration - Yen</li>
<li>Empty url/img bbcodes no longer get parsed</li>
</ul>
<a name="2013"></a><h3 class="h3">l.ii. Changes since 2.0.13</h3>
<ul>
<li>Hardened author and keyword search a bit to not allow very server intensive searches</li>
@ -76,7 +99,7 @@ p,ul,td {font-size:10pt;}
<li>Fixed case-sensitivity issues in postgres7.php - <b>R45</b></li>
</ul>
<a name="2012"></a><h3 class="h3">l.ii. Changes since 2.0.12</h3>
<a name="2012"></a><h3 class="h3">l.iii. Changes since 2.0.12</h3>
<ul>
<li>Ommitted preg_replace warning in viewtopic due to improper working of preg_quote in PHP - originally reported by matrix_killer, fix submitted by another party</li>
@ -84,7 +107,7 @@ p,ul,td {font-size:10pt;}
<li>Minimum requirements raised to PHP 4.0.3 or above due to fixing vulnerability issues breaking PHP3 compatibility.</li>
</ul>
<a name="2011"></a><h3 class="h3">l.iii. Changes since 2.0.11</h3>
<a name="2011"></a><h3 class="h3">l.iv. Changes since 2.0.11</h3>
<ul>
<li>Added confirm table to admin_db_utilities.php</li>
@ -99,7 +122,7 @@ p,ul,td {font-size:10pt;}
<li>Fixed path disclosure bug in viewtopic.php caused by a PHP 4.3.10 bug - <b>matrix_killer</b></li>
</ul>
<a name="2010"></a><h3 class="h3">l.iv. Changes since 2.0.10</h3>
<a name="2010"></a><h3 class="h3">l.v. Changes since 2.0.10</h3>
<ul>
<li>Fixed vulnerability in highlighting code (<b>very high severity, please update your installation as soon as possible</b>)</li>
@ -110,7 +133,7 @@ p,ul,td {font-size:10pt;}
<li>Added visual confirmation mod to code base</li>
</ul>
<a name="209"></a><h3 class="h3">l.v. Changes since 2.0.9</h3>
<a name="209"></a><h3 class="h3">l.vi. Changes since 2.0.9</h3>
<ul>
<li>Fixed deleting of styles in admin_styles.php</li>
@ -123,7 +146,7 @@ p,ul,td {font-size:10pt;}
<li>Fixed visual confirmation code. The image was not created due to a wrong regular expression.</li>
</ul>
<a name="208"></a><h3 class="h3">l.vi. Changes since 2.0.8</h3>
<a name="208"></a><h3 class="h3">l.vii. Changes since 2.0.8</h3>
<ul>
<li>Fixed one vulnerability in admin_board.php - <b>Xore</b></li>
@ -142,7 +165,7 @@ p,ul,td {font-size:10pt;}
<li>Fixed problem with SID not delivered to next page in groupcp.php</li>
</ul>
<a name="207"></a><h3 class="h3">l.vii. Changes since 2.0.7</h3>
<a name="207"></a><h3 class="h3">l.viii. Changes since 2.0.7</h3>
<ul>
<li>Fixed several vulnerabilities in admin pages</li>
@ -154,7 +177,7 @@ p,ul,td {font-size:10pt;}
<li>Fixed sql injection vulnerability in privmsg - 2.0.8a</li>
</ul>
<a name="206"></a><h3 class="h3">1.viii. Changes since 2.0.6</h3>
<a name="206"></a><h3 class="h3">1.ix. Changes since 2.0.6</h3>
<ul>
<li>Fixed several vulnerabilities in modcp - <b>Robert Lavierck</b></li>
@ -168,7 +191,7 @@ p,ul,td {font-size:10pt;}
<li>Fixed potential vulnerability in avatar gallery</li>
</ul>
<a name="205"></a><h3 class="h3">1.ix. Changes since 2.0.5</h3>
<a name="205"></a><h3 class="h3">1.x. Changes since 2.0.5</h3>
<ul>
<li>Fixed various email issues</li>
@ -184,7 +207,7 @@ p,ul,td {font-size:10pt;}
<li>Fixed sql injection with reset date format field in profile - <b>tendor</b></li>
</ul>
<a name="204"></a><h3 class="h3">1.x. Changes since 2.0.4</h3>
<a name="204"></a><h3 class="h3">1.xi. Changes since 2.0.4</h3>
<ul>
<li>Removed user facing session_id checks</li>
@ -256,7 +279,7 @@ p,ul,td {font-size:10pt;}
<li>Default English support for visual confirmation - translators are encouraged to support this</li>
</ul>
<a name="203"></a><h3 class="h3">1.xi. Changes since 2.0.3</h3>
<a name="203"></a><h3 class="h3">1.xii. Changes since 2.0.3</h3>
<ul>
<li>Fixed cross-browser scripting issue with highlight param</li>
@ -383,7 +406,7 @@ p,ul,td {font-size:10pt;}
<li>Fixed potential SQL vulnerability with marking of private messages - <b>Ulf Harnhammar</b></li>
</ul>
<a name="202"></a><h3 class="h3">1.xii. Changes since 2.0.2</h3>
<a name="202"></a><h3 class="h3">1.xiii. Changes since 2.0.2</h3>
<ul>
<li>Fixed potential cross-site scripting vulnerability with avatars - <b>Showscout</b></li>
@ -392,7 +415,7 @@ p,ul,td {font-size:10pt;}
<li>Fixed (hopefully) issue with MS Access and multiple pages</li>
</ul>
<a name="201"></a><h3 class="h3">1.xiii. Changes since 2.0.1</h3>
<a name="201"></a><h3 class="h3">1.xiv. Changes since 2.0.1</h3>
<ul>
<li>Fixed missing "username" lang variable in user admin template</li>
@ -427,7 +450,7 @@ p,ul,td {font-size:10pt;}
<li>Fix emailer to allow sending emails with language-specific character sets</li>
</ul>
<a name="200"></a><h3 class="h3">1.xiv. Changes since 2.0.0</h3>
<a name="200"></a><h3 class="h3">1.xv. Changes since 2.0.0</h3>
<ul>
<li>Fixed delete image bug for normal users</li>
@ -484,7 +507,7 @@ p,ul,td {font-size:10pt;}
<li>Added database closure to admin frameset page</li>
</ul>
<a name="final"></a><h3 class="h3">1.xv. Changes since RC-4</h3>
<a name="final"></a><h3 class="h3">1.xvi. Changes since RC-4</h3>
<ul>
<li>Fixed improper report of general error when posting messages containing errors</li>
@ -514,7 +537,7 @@ p,ul,td {font-size:10pt;}
<li>Fixed various remaining usergroup display issues</li>
</ul>
<a name="rc4"></a><h3 class="h3">1.xvi. Changes since RC-3</h3>
<a name="rc4"></a><h3 class="h3">1.xvii. Changes since RC-3</h3>
<ul>
<li>Addressed serious security issue with included files</li>
@ -545,7 +568,7 @@ p,ul,td {font-size:10pt;}
<li>Fix (hopefully) remaining ICQ overlay issue with view profile in subSilver</li>
</ul>
<a name="rc3"></a><h3 class="h3">1.xvii. Changes since RC-2</h3>
<a name="rc3"></a><h3 class="h3">1.xviii. Changes since RC-2</h3>
<ul>
<li>Fixed infamous install parse error</li>
@ -578,7 +601,7 @@ p,ul,td {font-size:10pt;}
<li>Hidden usergroups are now completely hidden from view</li>
</ul>
<a name="rc2"></a><h3 class="h3">1.xviii. Changes since RC-1</h3>
<a name="rc2"></a><h3 class="h3">1.xix. Changes since RC-1</h3>
<ul>
<li>Fixed numerous PostgreSQL related issues</li>
@ -598,7 +621,7 @@ p,ul,td {font-size:10pt;}
<li>Various other fixes and updates</li>
</ul>
<a name="rc1"></a><h3 class="h3">1.xix. Changes since RC-1 (pre)</h3>
<a name="rc1"></a><h3 class="h3">1.xx. Changes since RC-1 (pre)</h3>
<ul>
<li>Upgrade script completed for initial fully functional release</li>

9
phpBB/includes/bbcode.php
View File

@ -124,6 +124,8 @@ function bbencode_second_pass($text, $uid)
{
global $lang, $bbcode_tpl;
$text = preg_replace('#(script|about|applet|activex|chrome):#is', "\\1&#058;", $text);
// pad it with a space so we can distinguish between FALSE and matching the 1st char (index 0).
// This is important; bbencode_quote(), bbencode_list(), and bbencode_code() all depend on it.
$text = " " . $text;
@ -194,7 +196,7 @@ function bbencode_second_pass($text, $uid)
// [img]image_url_here[/img] code..
// This one gets first-passed..
$patterns[] = "#\[img:$uid\](.*?)\[/img:$uid\]#si";
$patterns[] = "#\[img:$uid\]([^?].*?)\[/img:$uid\]#i";
$replacements[] = $bbcode_tpl['img'];
// matches a [url]xxxx://www.phpbb.com[/url] code..
@ -206,11 +208,11 @@ function bbencode_second_pass($text, $uid)
$replacements[] = $bbcode_tpl['url2'];
// [url=xxxx://www.phpbb.com]phpBB[/url] code..
$patterns[] = "#\[url=([\w]+?://[^ \"\n\r\t<]*?)\](.*?)\[/url\]#is";
$patterns[] = "#\[url=([\w]+?://[^ \"\n\r\t<]*?)\]([^?].*?)\[/url\]#i";
$replacements[] = $bbcode_tpl['url3'];
// [url=www.phpbb.com]phpBB[/url] code.. (no xxxx:// prefix).
$patterns[] = "#\[url=((www|ftp)\.[^ \"\n\r\t<]*?)\](.*?)\[/url\]#is";
$patterns[] = "#\[url=((www|ftp)\.[^ \"\n\r\t<]*?)\]([^?].*?)\[/url\]#i";
$replacements[] = $bbcode_tpl['url4'];
// [email]user@domain.tld[/email] code..
@ -614,6 +616,7 @@ function bbencode_second_pass_code($text, $uid, $bbcode_tpl)
*/
function make_clickable($text)
{
$text = preg_replace('#(script|about|applet|activex|chrome):#is', "\\1&#058;", $text);
// pad it with a space so we can match things at the start of the 1st line.
$ret = ' ' . $text;