We strongly suggest upgrading your board to 2.0.16 if you haven't already, to ensure maximum protection against exploits.
phpBB 2.0.15 to phpBB 2.0.16 Code Changes
These are the Changes from phpBB 2.0.15 to phpBB 2.0.16 summed up into a little Mod. This might be very helpful if you want to update your Board and have installed a bunch of Mods. Then it's normally easier to apply the Code Changes than to install all Mods again.
When you find a 'AFTER, ADD'-Statement, the Code have to be added after the last line quoted in the 'FIND'-Statement.
When you find a 'BEFORE, ADD'-Statement, the Code have to be added before the first line quoted in the 'FIND'-Statement.
When you find a 'REPLACE WITH'-Statement, the Code quoted in the 'FIND'-Statement have to be replaced completely with the quoted Code in the 'REPLACE WITH'-Statement.
After you have finished this tutorial, you have to upload the install/update_to_latest.php file, execute it and then delete it from your webspace.
- admin/admin_ug_auth.php
-
FIND - Line 809
REPLACE WITH
Code: Select all
@reset($auth_user);
Code: Select all
// @reset($auth_user);
- admin/pagestart.php
-
FIND - Line 43
REPLACE WITH
Code: Select all
redirect(append_sid("login.$phpEx?redirect=admin/", true));
Code: Select all
redirect(append_sid("login.$phpEx?redirect=admin/index.$phpEx", true));
-
FIND - Line 64
REPLACE WITH
Code: Select all
redirect(append_sid("login.$phpEx?redirect=admin/&admin=1", true));
Code: Select all
redirect(append_sid("login.$phpEx?redirect=admin/index.$phpEx&admin=1", true));
- includes/bbcode.php
-
FIND - Line 211
REPLACE WITH
Code: Select all
$patterns[] = "#\[url=([\w]+?://[^ \"\n\r\t<]*?)\]([^?].*?)\[/url\]#i"; $replacements[] = $bbcode_tpl['url3']; // [url=www.phpbb.com]phpBB[/url] code.. (no xxxx:// prefix). $patterns[] = "#\[url=((www|ftp)\.[^ \"\n\r\t<]*?)\]([^?].*?)\[/url\]#i";
Code: Select all
$patterns[] = "#\[url=([\w]+?://[^ \"\n\r\t<]*?)\]([^?\n\r\t].*?)\[/url\]#is"; $replacements[] = $bbcode_tpl['url3']; // [url=www.phpbb.com]phpBB[/url] code.. (no xxxx:// prefix). $patterns[] = "#\[url=((www|ftp)\.[^ \"\n\r\t<]*?)\]([^?\n\r\t].*?)\[/url\]#is";
- includes/usercp_avatar.php
-
FIND - Line 202
REPLACE WITH
Code: Select all
if ( $width <= $board_config['avatar_max_width'] && $height <= $board_config['avatar_max_height'] )
Code: Select all
if ( $width > 0 && $height > 0 && $width <= $board_config['avatar_max_width'] && $height <= $board_config['avatar_max_height'] )
- includes/usercp_register.php
-
FIND - Line 455
AFTER, ADD
Code: Select all
$avatar_sql = user_avatar_delete($userdata['user_avatar_type'], $userdata['user_avatar']); }
Code: Select all
else
- modcp.php
-
FIND - Line 466
AFTER, ADD
Code: Select all
$new_forum_id = intval($HTTP_POST_VARS['new_forum']); $old_forum_id = $forum_id;
Code: Select all
$sql = 'SELECT forum_id FROM ' . FORUMS_TABLE . ' WHERE forum_id = ' . $new_forum_id; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not select from forums table', '', __LINE__, __FILE__, $sql); } if (!$db->sql_fetchrow($result)) { message_die(GENERAL_MESSAGE, 'New forum does not exist'); } $db->sql_freeresult($result);
-
FIND - Line 773
AFTER, ADD
Code: Select all
$new_forum_id = intval($HTTP_POST_VARS['new_forum_id']); $topic_time = time();
Code: Select all
$sql = 'SELECT forum_id FROM ' . FORUMS_TABLE . ' WHERE forum_id = ' . $new_forum_id; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not select from forums table', '', __LINE__, __FILE__, $sql); } if (!$db->sql_fetchrow($result)) { message_die(GENERAL_MESSAGE, 'New forum does not exist'); } $db->sql_freeresult($result);
- viewtopic.php
-
FIND - Line 1110
REPLACE WITH
Code: Select all
$message = str_replace('\"', '"', substr(@preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "@preg_replace('#\b(" . str_replace('\\', '\\\\', $highlight_match) . ")\b#i', '<span style=\"color:#" . $theme['fontcolor3'] . "\"><b>\\\\1</b></span>', '\\0')", '>' . $message . '<'), 1, -1));
Code: Select all
$message = str_replace('\"', '"', substr(@preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "@preg_replace('#\b(" . str_replace('\\', '\\\\', addslashes($highlight_match)) . ")\b#i', '<span style=\"color:#" . $theme['fontcolor3'] . "\"><b>\\\\1</b></span>', '\\0')", '>' . $message . '<'), 1, -1));