phpBB 2.0.16 Semi-Critical Update

All updates to the site will be posted here.

Moderator: CricketMX Forum Moderators

phpBB 2.0.16 Semi-Critical Update

Postby battye » Tue Jun 28, 2005 8:39 am

The phpBB Group has announced the release of phpBB 2.0.16, one of the updates marked as urgent. As always, CricketMX.com has been updated, and if you find any problems please report them to me.

We strongly suggest upgrading your board to 2.0.16 if you haven't already, to ensure maximum protection against exploits.

phpBB 2.0.15 to phpBB 2.0.16 Code Changes



These are the Changes from phpBB 2.0.15 to phpBB 2.0.16 summed up into a little Mod. This might be very helpful if you want to update your Board and have installed a bunch of Mods. Then it's normally easier to apply the Code Changes than to install all Mods again.

When you find a 'AFTER, ADD'-Statement, the Code have to be added after the last line quoted in the 'FIND'-Statement.
When you find a 'BEFORE, ADD'-Statement, the Code have to be added before the first line quoted in the 'FIND'-Statement.
When you find a 'REPLACE WITH'-Statement, the Code quoted in the 'FIND'-Statement have to be replaced completely with the quoted Code in the 'REPLACE WITH'-Statement.

After you have finished this tutorial, you have to upload the install/update_to_latest.php file, execute it and then delete it from your webspace.

  • admin/admin_ug_auth.php
  1. FIND - Line 809
    Code: Select all

       @reset($auth_user);


    REPLACE WITH
    Code: Select all

    //   @reset($auth_user);

  • admin/pagestart.php
  1. FIND - Line 43
    Code: Select all

       redirect(append_sid("login.$phpEx?redirect=admin/", true));


    REPLACE WITH
    Code: Select all

       redirect(append_sid("login.$phpEx?redirect=admin/index.$phpEx", true));

  2. FIND - Line 64
    Code: Select all

       redirect(append_sid("login.$phpEx?redirect=admin/&admin=1", true));


    REPLACE WITH
    Code: Select all

       redirect(append_sid("login.$phpEx?redirect=admin/index.$phpEx&admin=1", true));

  • includes/bbcode.php
  1. FIND - Line 211
    Code: Select all

       $patterns[] = "#\[url=([\w]+?://[^ \"\n\r\t<]*?)\]([^?].*?)\[/url\]#i";
       $replacements[] = $bbcode_tpl['url3'];
     
       // [url=www.phpbb.com]phpBB[/url] code.. (no xxxx:// prefix).
       $patterns[] = "#\[url=((www|ftp)\.[^ \"\n\r\t<]*?)\]([^?].*?)\[/url\]#i";


    REPLACE WITH
    Code: Select all

       $patterns[] = "#\[url=([\w]+?://[^ \"\n\r\t<]*?)\]([^?\n\r\t].*?)\[/url\]#is";
       $replacements[] = $bbcode_tpl['url3'];

       // [url=www.phpbb.com]phpBB[/url] code.. (no xxxx:// prefix).
       $patterns[] = "#\[url=((www|ftp)\.[^ \"\n\r\t<]*?)\]([^?\n\r\t].*?)\[/url\]#is";

  • includes/usercp_avatar.php
  1. FIND - Line 202
    Code: Select all

       if ( $width <= $board_config['avatar_max_width'] && $height <= $board_config['avatar_max_height'] )


    REPLACE WITH
    Code: Select all

       if ( $width > 0 && $height > 0 && $width <= $board_config['avatar_max_width'] && $height <= $board_config['avatar_max_height'] )

  • includes/usercp_register.php
  1. FIND - Line 455
    Code: Select all

          $avatar_sql = user_avatar_delete($userdata['user_avatar_type'], $userdata['user_avatar']);
       }


    AFTER, ADD
    Code: Select all

       else

  • modcp.php
  1. FIND - Line 466
    Code: Select all

             $new_forum_id = intval($HTTP_POST_VARS['new_forum']);
             $old_forum_id = $forum_id;



    AFTER, ADD
    Code: Select all

             $sql = 'SELECT forum_id FROM ' . FORUMS_TABLE . '
                WHERE forum_id = ' . $new_forum_id;
             if ( !($result = $db->sql_query($sql)) )
             {
                message_die(GENERAL_ERROR, 'Could not select from forums table', '', __LINE__, __FILE__, $sql);
             }
             
             if (!$db->sql_fetchrow($result))
             {
                message_die(GENERAL_MESSAGE, 'New forum does not exist');
             }

             $db->sql_freeresult($result);


  2. FIND - Line 773
    Code: Select all

                $new_forum_id = intval($HTTP_POST_VARS['new_forum_id']);
                $topic_time = time();
                


    AFTER, ADD
    Code: Select all

                $sql = 'SELECT forum_id FROM ' . FORUMS_TABLE . '
                   WHERE forum_id = ' . $new_forum_id;
                if ( !($result = $db->sql_query($sql)) )
                {
                   message_die(GENERAL_ERROR, 'Could not select from forums table', '', __LINE__, __FILE__, $sql);
                }
             
                if (!$db->sql_fetchrow($result))
                {
                   message_die(GENERAL_MESSAGE, 'New forum does not exist');
                }

                $db->sql_freeresult($result);


  • viewtopic.php
  1. FIND - Line 1110
    Code: Select all

          $message = str_replace('\"', '"', substr(@preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "@preg_replace('#\b(" . str_replace('\\', '\\\\', $highlight_match) . ")\b#i', '<span style=\"color:#" . $theme['fontcolor3'] . "\"><b>\\\\1</b></span>', '\\0')", '>' . $message . '<'), 1, -1));


    REPLACE WITH
    Code: Select all

          $message = str_replace('\"', '"', substr(@preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "@preg_replace('#\b(" . str_replace('\\', '\\\\', addslashes($highlight_match)) . ")\b#i', '<span style=\"color:#" . $theme['fontcolor3'] . "\"><b>\\\\1</b></span>', '\\0')", '>' . $message . '<'), 1, -1));

CricketMX.com.. home of bat's, rat's and other farmyard animals...
My articles: view all articles by battye

"OK, life [as you chose to define it] repeats until there are no more lessons to be learned." - nrnoble (June 12, 2005)
"the new forum looks awesome, it's getting bigger & better" - p2p-sharing-rules (11 Jan, 2008)
"Looks like CMX is not only getting bigger...but, also getting better!!" - moongirl (14 Dec, 2007)
User avatar
battye
Site Admin
Site Admin
 
Posts: 14270
Joined: Sun Jan 11, 2004 8:26 am
Location: Victoria Falls, Zimbabwe

Return to Updates

Who is online

Users browsing this forum: No registered users and 1 guest

cron