phpBB 2.0.16 Semi-Critical Update

All updates to the site will be posted here.

Moderator: CricketMX Forum Moderators

Post Reply
User avatar
battye
Site Admin
Site Admin
Posts: 14391
Joined: Sun Jan 11, 2004 8:26 am
Location: Australia
Contact:

The phpBB Group has announced the release of phpBB 2.0.16, one of the updates marked as urgent. As always, CricketMX.com has been updated, and if you find any problems please report them to me.

We strongly suggest upgrading your board to 2.0.16 if you haven't already, to ensure maximum protection against exploits.

phpBB 2.0.15 to phpBB 2.0.16 Code Changes



These are the Changes from phpBB 2.0.15 to phpBB 2.0.16 summed up into a little Mod. This might be very helpful if you want to update your Board and have installed a bunch of Mods. Then it's normally easier to apply the Code Changes than to install all Mods again.

When you find a 'AFTER, ADD'-Statement, the Code have to be added after the last line quoted in the 'FIND'-Statement.
When you find a 'BEFORE, ADD'-Statement, the Code have to be added before the first line quoted in the 'FIND'-Statement.
When you find a 'REPLACE WITH'-Statement, the Code quoted in the 'FIND'-Statement have to be replaced completely with the quoted Code in the 'REPLACE WITH'-Statement.

After you have finished this tutorial, you have to upload the install/update_to_latest.php file, execute it and then delete it from your webspace.

  • admin/admin_ug_auth.php
  1. FIND - Line 809

    Code: Select all

    
    	@reset($auth_user);
    
    REPLACE WITH

    Code: Select all

    
    //	@reset($auth_user);
    
  • admin/pagestart.php
  1. FIND - Line 43

    Code: Select all

    
    	redirect(append_sid("login.$phpEx?redirect=admin/", true));
    
    REPLACE WITH

    Code: Select all

    
    	redirect(append_sid("login.$phpEx?redirect=admin/index.$phpEx", true));
    
  2. FIND - Line 64

    Code: Select all

    
    	redirect(append_sid("login.$phpEx?redirect=admin/&admin=1", true));
    
    REPLACE WITH

    Code: Select all

    
    	redirect(append_sid("login.$phpEx?redirect=admin/index.$phpEx&admin=1", true));
    
  • includes/bbcode.php
  1. FIND - Line 211

    Code: Select all

    
    	$patterns[] = "#\[url=([\w]+?://[^ \"\n\r\t<]*?)\]([^?].*?)\[/url\]#i";
    	$replacements[] = $bbcode_tpl['url3'];
      
    	// [url=www.phpbb.com]phpBB[/url] code.. (no xxxx:// prefix).
    	$patterns[] = "#\[url=((www|ftp)\.[^ \"\n\r\t<]*?)\]([^?].*?)\[/url\]#i";
    
    REPLACE WITH

    Code: Select all

    
    	$patterns[] = "#\[url=([\w]+?://[^ \"\n\r\t<]*?)\]([^?\n\r\t].*?)\[/url\]#is";
    	$replacements[] = $bbcode_tpl['url3'];
    
    	// [url=www.phpbb.com]phpBB[/url] code.. (no xxxx:// prefix).
    	$patterns[] = "#\[url=((www|ftp)\.[^ \"\n\r\t<]*?)\]([^?\n\r\t].*?)\[/url\]#is";
    
  • includes/usercp_avatar.php
  1. FIND - Line 202

    Code: Select all

    
    	if ( $width <= $board_config['avatar_max_width'] && $height <= $board_config['avatar_max_height'] )
    
    REPLACE WITH

    Code: Select all

    
    	if ( $width > 0 && $height > 0 && $width <= $board_config['avatar_max_width'] && $height <= $board_config['avatar_max_height'] )
    
  • includes/usercp_register.php
  1. FIND - Line 455

    Code: Select all

    
    		$avatar_sql = user_avatar_delete($userdata['user_avatar_type'], $userdata['user_avatar']);
    	}
    
    AFTER, ADD

    Code: Select all

    
    	else
    
  • modcp.php
  1. FIND - Line 466

    Code: Select all

    
    			$new_forum_id = intval($HTTP_POST_VARS['new_forum']);
    			$old_forum_id = $forum_id;
    
    
    AFTER, ADD

    Code: Select all

    
    			$sql = 'SELECT forum_id FROM ' . FORUMS_TABLE . '
    				WHERE forum_id = ' . $new_forum_id;
    			if ( !($result = $db->sql_query($sql)) )
    			{
    				message_die(GENERAL_ERROR, 'Could not select from forums table', '', __LINE__, __FILE__, $sql);
    			}
    			
    			if (!$db->sql_fetchrow($result))
    			{
    				message_die(GENERAL_MESSAGE, 'New forum does not exist');
    			}
    
    			$db->sql_freeresult($result);
    
    
  2. FIND - Line 773

    Code: Select all

    
    				$new_forum_id = intval($HTTP_POST_VARS['new_forum_id']);
    				$topic_time = time();
    				
    
    AFTER, ADD

    Code: Select all

    
    				$sql = 'SELECT forum_id FROM ' . FORUMS_TABLE . '
    					WHERE forum_id = ' . $new_forum_id;
    				if ( !($result = $db->sql_query($sql)) )
    				{
    					message_die(GENERAL_ERROR, 'Could not select from forums table', '', __LINE__, __FILE__, $sql);
    				}
    			
    				if (!$db->sql_fetchrow($result))
    				{
    					message_die(GENERAL_MESSAGE, 'New forum does not exist');
    				}
    
    				$db->sql_freeresult($result);
    
    
  • viewtopic.php
  1. FIND - Line 1110

    Code: Select all

    
    		$message = str_replace('\"', '"', substr(@preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "@preg_replace('#\b(" . str_replace('\\', '\\\\', $highlight_match) . ")\b#i', '<span style=\"color:#" . $theme['fontcolor3'] . "\"><b>\\\\1</b></span>', '\\0')", '>' . $message . '<'), 1, -1));
    
    REPLACE WITH

    Code: Select all

    
    		$message = str_replace('\"', '"', substr(@preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "@preg_replace('#\b(" . str_replace('\\', '\\\\', addslashes($highlight_match)) . ")\b#i', '<span style=\"color:#" . $theme['fontcolor3'] . "\"><b>\\\\1</b></span>', '\\0')", '>' . $message . '<'), 1, -1));
    
CricketMX.com in 2022: Still the home of bat's, rat's and other farmyard animals!

"OK, life [as you chose to define it] repeats until there are no more lessons to be learned." - nrnoble (June 12, 2005)
"the new forum looks awesome, it's getting bigger & better" - p2p-sharing-rules (11 Jan, 2008)
"Looks like CMX is not only getting bigger...but, also getting better!!" - moongirl (14 Dec, 2007)
Post Reply