2.0.12 Update

All updates to the site will be posted here.

Moderator: CricketMX Forum Moderators

2.0.12 Update

Postby battye » Tue Feb 22, 2005 10:31 am

Bugs and potential security vulnerabilities have been fixed in phpBB 2.0.12. As usual, if you find any errors when using the forum, report them in this topic.

If you own a forum, and use 2.0.11 or below, follow the instructions below to update to 2.0.12. Remember you will need to download the upgrade package for the update_to_latest.php file. You upload this to your forum root / install directory (eg forums.com/install) and run. Make sure you apply the code changes too, as this script only updates the database.

phpBB 2.0.11 to phpBB 2.0.12 Code Changes



These are the Changes from phpBB 2.0.11 to phpBB 2.0.12 summed up into a little Mod. This might be very helpful if you want to update your Board and have installed a bunch of Mods. Then it's normally easier to apply the Code Changes than to install all Mods again.

When you find a 'AFTER, ADD'-Statement, the Code have to be added after the last line quoted in the 'FIND'-Statement.
When you find a 'BEFORE, ADD'-Statement, the Code have to be added before the first line quoted in the 'FIND'-Statement.
When you find a 'REPLACE WITH'-Statement, the Code quoted in the 'FIND'-Statement have to be replaced completely with the quoted Code in the 'REPLACE WITH'-Statement.
When you find a 'DELETE'-Statement, the Code have to be deleted.

After you have finished this tutorial, you have to upload the update_to_latest.php file, execute it and then delete it from your webspace.

Ok, lets start:


  • admin/admin_db_utilities.php
  1. FIND - Line 696
    Code: Select all

             $tables = array('auth_access', 'banlist', 'categories', 'config', 'disallow', 'forums', 'forum_prune', 'groups', 'posts', 'posts_text', 'privmsgs', 'privmsgs_text', 'ranks', 'search_results', 'search_wordlist', 'search_wordmatch', 'sessions', 'smilies', 'themes', 'themes_name', 'topics', 'topics_watch', 'user_group', 'users', 'vote_desc', 'vote_results', 'vote_voters', 'words');


    REPLACE WITH
    Code: Select all

             $tables = array('auth_access', 'banlist', 'categories', 'config', 'disallow', 'forums', 'forum_prune', 'groups', 'posts', 'posts_text', 'privmsgs', 'privmsgs_text', 'ranks', 'search_results', 'search_wordlist', 'search_wordmatch', 'sessions', 'smilies', 'themes', 'themes_name', 'topics', 'topics_watch', 'user_group', 'users', 'vote_desc', 'vote_results', 'vote_voters', 'words', 'confirm');

  • admin/index.php
  1. FIND - Line 562
    Code: Select all

             "L_NO_GUESTS_BROWSING" => $lang['No_users_browsing'])
          );
       }


    AFTER, ADD
    Code: Select all


       // Check for new version
       $current_version = explode('.', '2' . $board_config['version']);
       $minor_revision = (int) $current_version[2];

       $errno = 0;
       $errstr = $version_info = '';

       if ($fsock = @fsockopen('www.phpbb.com', 80, $errno, $errstr))
       {
          @fputs($fsock, "GET /updatecheck/20x.txt HTTP/1.1\r\n");
          @fputs($fsock, "HOST: www.phpbb.com\r\n");
          @fputs($fsock, "Connection: close\r\n\r\n");

          $get_info = false;
          while (!@feof($fsock))
          {
             if ($get_info)
             {
                $version_info .= @fread($fsock, 1024);
             }
             else
             {
                if (@fgets($fsock, 1024) == "\r\n")
                {
                   $get_info = true;
                }
             }
          }
          @fclose($fsock);

          $version_info = explode("\n", $version_info);
          $latest_head_revision = (int) $version_info[0];
          $latest_minor_revision = (int) $version_info[2];
          $latest_version = (int) $version_info[0] . '.' . (int) $version_info[1] . '.' . (int) $version_info[2];

          if ($latest_head_revision == 2 && $minor_revision == $latest_minor_revision)
          {
             $version_info = '<p style="color:green">' . $lang['Version_up_to_date'] . '</p>';
          }
          else
          {
             $version_info = '<p style="color:red">' . $lang['Version_not_up_to_date'];
             $version_info .= '<br />' . sprintf($lang['Latest_version_info'], $latest_version) . sprintf($lang['Current_version_info'], '2' . $board_config['version']) . '</p>';
          }
       }
       else
       {
          if ($errstr)
          {
             $version_info = '<p style="color:red">' . sprintf($lang['Connect_socket_error'], $errstr) . '</p>';
          }
          else
          {
             $version_info = '<p>' . $lang['Socket_functions_disabled'] . '</p>';
          }
       }
       
       $version_info .= '<p>' . $lang['Mailing_list_subscribe_reminder'] . '</p>';
       

       $template->assign_vars(array(
          'VERSION_INFO'   => $version_info,
          'L_VERSION_INFORMATION'   => $lang['Version_information'])
       );

  • common.php
  1. FIND - Line 56
    Code: Select all

       $test = array('HTTP_GET_VARS' => NULL, 'HTTP_POST_VARS' => NULL, 'HTTP_COOKIE_VARS' => NULL, 'HTTP_SERVER_VARS' => NULL, 'HTTP_ENV_VARS' => NULL, 'HTTP_POST_FILES' => NULL);


    REPLACE WITH
    Code: Select all

       $test = array('HTTP_GET_VARS' => NULL, 'HTTP_POST_VARS' => NULL, 'HTTP_COOKIE_VARS' => NULL, 'HTTP_SERVER_VARS' => NULL, 'HTTP_ENV_VARS' => NULL, 'HTTP_POST_FILES' => NULL, 'phpEx' => NULL, 'phpbb_root_path' => NULL);

  2. FIND - Line 75
    Code: Select all

    else if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on')
    {
       // PHP4+ path


    AFTER, ADD
    Code: Select all

       $not_unset = array('HTTP_GET_VARS', 'HTTP_POST_VARS', 'HTTP_COOKIE_VARS', 'HTTP_SERVER_VARS', 'HTTP_SESSION_VARS', 'HTTP_ENV_VARS', 'HTTP_POST_FILES', 'phpEx', 'phpbb_root_path');

  3. FIND - Line 92
    Code: Select all

       unset($input['input']);
       
       while (list($var,) = @each($input))
       {
          unset($$var);
       }


    REPLACE WITH
    Code: Select all

       unset($input['input']);
       unset($input['not_unset']);

       while (list($var,) = @each($input))
       {
          if (!in_array($var, $not_unset))
          {
             unset($$var);
          }
       }

  4. FIND - Line 207
    Code: Select all

    $client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR );


    REPLACE WITH
    Code: Select all

    $client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : getenv('REMOTE_ADDR') );

  • includes/functions.php
  1. FIND - Line 80
    Code: Select all

       $username = htmlspecialchars(rtrim(trim($username), "\\"));
       $username = substr(str_replace("\\'", "'", $username), 0, 25);
       $username = str_replace("'", "\\'", $username);


    REPLACE WITH
    Code: Select all

       $username = substr(htmlspecialchars(str_replace("\'", "'", trim($username))), 0, 25);
       $username = phpbb_rtrim($username, "\\");   
       $username = str_replace("'", "\'", $username);

  2. FIND - Line 83
    Code: Select all


       return $username;
    }


    AFTER, ADD
    Code: Select all


    // added at phpBB 2.0.12 to fix a bug in PHP 4.3.10 (only supporting charlist in php >= 4.1.0)
    function phpbb_rtrim($str, $charlist = false)
    {
       if ($charlist === false)
       {
          return rtrim($str);
       }
       
       $php_version = explode('.', PHP_VERSION);

       // php version < 4.1.0
       if ((int) $php_version[0] < 4 || ((int) $php_version[0] == 4 && (int) $php_version[1] < 1))
       {
          while ($str{strlen($str)-1} == $charlist)
          {
             $str = substr($str, 0, strlen($str)-1);
          }
       }
       else
       {
          $str = rtrim($str, $charlist);
       }

       return $str;
    }


  3. FIND - Line 608
    Code: Select all

             $debug_text .= '</br /><br />Line : ' . $err_line . '<br />File : ' . $err_file;


    REPLACE WITH
    Code: Select all

             $debug_text .= '</br /><br />Line : ' . $err_line . '<br />File : ' . basename($err_file);

  • includes/page_tail.php
  1. FIND - Line 38
    Code: Select all

       'PHPBB_VERSION' => '2' . $board_config['version'],


    REPLACE WITH
    Code: Select all

    //   'PHPBB_VERSION' => '2' . $board_config['version'],

  • includes/template.php
  1. FIND - Line 233
    Code: Select all

                 $filename = phpbb_realpath($this->root . '/' . $filename);


    REPLACE WITH
    Code: Select all

                 $filename = ($rp_filename = phpbb_realpath($this->root . '/' . $filename)) ? $rp_filename : $filename;

  • includes/usercp_avatar.php
  1. FIND - Line 54
    Code: Select all

    {
       global $board_config, $userdata;



    AFTER, ADD
    Code: Select all

       $avatar_file = basename($avatar_file);

  2. FIND - Line 69
    Code: Select all

    function user_avatar_gallery($mode, &$error, &$error_msg, $avatar_filename)
    {
       global $board_config;


    AFTER, ADD
    Code: Select all


       $avatar_filename = str_replace(array('../', '..\\', './', '.\\'), '', $avatar_filename);
       if ($avatar_filename{0} == '/' || $avatar_filename{0} == "\\")
       {
          return '';
       }


  3. FIND - Line 235
    Code: Select all

                $move_file = 'copy';
             }



    AFTER, ADD
    Code: Select all

             if (!is_uploaded_file($avatar_filename))
             {
                message_die(GENERAL_ERROR, 'Unable to upload file', '', __LINE__, __FILE__);
             }

  • includes/usercp_register.php
  1. FIND - Line 462
    Code: Select all

             $avatar_mode = ( !empty($user_avatar_name) ) ? 'local' : 'remote';


    REPLACE WITH
    Code: Select all

             $avatar_mode = (empty($user_avatar_name)) ? 'remote' : 'local';

  • language/lang_english/lang_admin.php
  1. FIND
    Code: Select all

    //
    // That's all Folks!
    // -------------------------------------------------


    BEFORE, ADD
    Code: Select all

    //
    // Version Check
    //
    $lang['Version_up_to_date'] = 'Your installation is up to date, no updates are available for your version of phpBB.';
    $lang['Version_not_up_to_date'] = 'Your installation does <b>not</b> seem to be up to date. Updates are available for your version of phpBB, please visit <a href="http://www.phpbb.com/downloads.php" target="_new">http://www.phpbb.com/downloads.php</a> to obtain the latest version.';
    $lang['Latest_version_info'] = 'The latest available version is <b>phpBB %s</b>.';
    $lang['Current_version_info'] = 'You are running <b>phpBB %s</b>.';
    $lang['Connect_socket_error'] = 'Unable to open connection to phpBB Server, reported error is:<br />%s';
    $lang['Socket_functions_disabled'] = 'Unable to use socket functions.';
    $lang['Mailing_list_subscribe_reminder'] = 'For the latest information on updates to phpBB, why not <a href="http://www.phpbb.com/support/" target="_new">subscribe to our mailing list</a>.';
    $lang['Version_information'] = 'Version Information';

  • templates/subSilver/admin/index_body.tpl
  1. FIND - Line 80
    Code: Select all

    </table>

    <br />


    AFTER, ADD
    Code: Select all


    <h1>{L_VERSION_INFORMATION}</h1>

    {VERSION_INFO}

    <br />

  • templates/subSilver/overall_footer.tpl
  1. FIND - Line 8
    Code: Select all

       Powered by phpBB {PHPBB_VERSION} line, with phpBB linked to www.phpbb.com. If you refuse
       to include even this then support on our forums may be affected.

       The phpBB Group : 2002
    // -->
    Powered by <a href="http://www.phpbb.com/" target="_phpbb" class="copyright">phpBB</a> {PHPBB_VERSION} &copy; 2001, 2002 phpBB Group<br />{TRANSLATION_INFO}</span></div>


    REPLACE WITH
    Code: Select all

       Powered by phpBB line, with phpBB linked to www.phpbb.com. If you refuse
       to include even this then support on our forums may be affected.

       The phpBB Group : 2002
    // -->
    Powered by <a href="http://www.phpbb.com/" target="_phpbb" class="copyright">phpBB</a> &copy; 2001, 2005 phpBB Group<br />{TRANSLATION_INFO}</span></div>

  • templates/subSilver/simple_footer.tpl
  1. FIND - Line 8
    Code: Select all

       Powered by phpBB {PHPBB_VERSION} line, with phpBB linked to www.phpbb.com. If you refuse
       to include even this then support on our forums may be affected.

       The phpBB Group : 2002
    // -->
    Powered by <a href="http://www.phpbb.com/" target="_phpbb" class="copyright">phpBB</a> {PHPBB_VERSION} &copy; 2001,2002 phpBB Group</span></div>


    REPLACE WITH
    Code: Select all

       Powered by phpBB line, with phpBB linked to www.phpbb.com. If you refuse
       to include even this then support on our forums may be affected.

       The phpBB Group : 2002
    // -->
    Powered by <a href="http://www.phpbb.com/" target="_phpbb" class="copyright">phpBB</a> &copy; 2001, 2005 phpBB Group</span></div>

  • viewtopic.php
  1. FIND - Line 498
    Code: Select all

       unset($words);

       $highlight = urlencode($HTTP_GET_VARS['highlight']);


    AFTER, ADD
    Code: Select all

       $highlight_match = phpbb_rtrim($highlight_match, "\\");



Thanks
CricketMX.com.. home of bat's, rat's and other farmyard animals...
My articles: view all articles by battye

"OK, life [as you chose to define it] repeats until there are no more lessons to be learned." - nrnoble (June 12, 2005)
"the new forum looks awesome, it's getting bigger & better" - p2p-sharing-rules (11 Jan, 2008)
"Looks like CMX is not only getting bigger...but, also getting better!!" - moongirl (14 Dec, 2007)
User avatar
battye
Site Admin
Site Admin
 
Posts: 14272
Joined: Sun Jan 11, 2004 8:26 am
Location: Victoria Falls, Zimbabwe

Postby Rat » Tue Feb 22, 2005 11:10 am

Oh man, I hate upgrading. I'll get to this later I think.
User avatar
Rat
Drain Brain
Drain Brain
 
Posts: 4398
Joined: Mon Jun 14, 2004 9:38 am
Location: in the dark


Return to Updates

Who is online

Users browsing this forum: No registered users and 0 guests

cron