fix postgresql case-sensitivity issue

git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@5120 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-06-27 21:58:52 +00:00 · 2005-04-15 20:50:02 +00:00 · 2005-04-15 20:50:02 +00:00 · 4cc92e89b3
commit 4cc92e89b3
parent 8950f298ff
4 changed files with 51 additions and 32 deletions
--- a/phpBB/db/postgres7.php
+++ b/phpBB/db/postgres7.php
@ -123,6 +123,7 @@ class sql_db
 			$this->num_queries++;

 			$query = preg_replace("/LIMIT ([0-9]+),([ 0-9]+)/", "LIMIT \\2 OFFSET \\1", $query);
+			$query = preg_replace('#(.*SELECT.*)(username|user_email|ban_email) = \'(.*)\'#ise', "\"\\1LOWER(\\2) = '\" . strtolower('\\3') . \"'\"", $query);

 			if( $transaction == BEGIN_TRANSACTION && !$this->in_transaction )
 			{
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@ -3,7 +3,7 @@
 <head>
 <meta http-equiv="Content-Type" content="text/html">
 <meta http-equiv="Content-Style-Type" content="text/css">
-<title>phpBB 2.0.13 :: Changelog</title>
+<title>phpBB 2.0.14 :: Changelog</title>
 <link rel="stylesheet" href="../templates/subSilver/subSilver.css" type="text/css" />
 <style type="text/css">
 <!--
@ -24,7 +24,7 @@ p,ul,td {font-size:10pt;}
 <table width="100%" border="0" cellspacing="0" cellpadding="0">
 	<tr>
 		<td><img src="../templates/subSilver/images/logo_phpBB.gif" border="0" alt="phpBB 2 : Creating Communities" vspace="1" /></a></td>
-		<td align="center" width="100%" valign="middle"><span class="maintitle">phpBB 2.0.13 CHANGELOG</span></td>
+		<td align="center" width="100%" valign="middle"><span class="maintitle">phpBB 2.0.14 CHANGELOG</span></td>
 	</tr>
 </table>

@ -32,6 +32,7 @@ p,ul,td {font-size:10pt;}
 <ol>
 <li><a href="#changelog">Changelog</a></li>
 <ol type="i">
+	<li><a href="#2013">Changes since 2.0.13</a></li>
 	<li><a href="#2012">Changes since 2.0.12</a></li>
 	<li><a href="#2011">Changes since 2.0.11</a></li>
 	<li><a href="#2010">Changes since 2.0.10</a></li>
@ -58,7 +59,24 @@ p,ul,td {font-size:10pt;}

 <p>This is a non-exhaustive (but still near complete) changelog for phpBB 2.0.x including beta and release candidate versions. Our thanks to all those people who've contributed bug reports and code fixes.</p>

-<a name="2012"></a><h3 class="h3">l.i. Changes since 2.0.12</h3>
+<a name="2013"></a><h3 class="h3">l.i. Changes since 2.0.13</h3>
+
+<ul>
+<li>Hardened author and keyword search a bit to not allow very server intensive searches</li>
+<li>Fixed full path disclosure in bad word parsing</li>
+<li>Resetting complete userdata array in session code if authentication fails</li>
+<li>Fixed bug in moderator control panel where certain parameters could lead to an "error creating new session" sql error</li>
+<li>Fixed bug in session code where empty page ids could lead to an "error creating new session" sql error</li>
+<li>Fixed html handling in signatures if html is turned off globally</li>
+<li>Fixed install.php problem with PHP5 register_long_arrays option turned off</li>
+<li>Fixed potential issues with styling system</li>
+<li>Added correct class to login_body template file</li>
+<li>Removed file db/oracle.php from package</li>
+<li>Removed version number from message body page in /admin (if user is not an admin) - <b>mikelbeck</b></li>
+<li>Fixed case-sensitivity issues in postgres7.php - <b>R45</b></li>
+</ul>
+
+<a name="2012"></a><h3 class="h3">l.ii. Changes since 2.0.12</h3>

 <ul>
 <li>Ommitted preg_replace warning in viewtopic due to improper working of preg_quote in PHP - originally reported by matrix_killer, fix submitted by another party</li>
@ -66,7 +84,7 @@ p,ul,td {font-size:10pt;}
 <li>Minimum requirements raised to PHP 4.0.3 or above due to fixing vulnerability issues breaking PHP3 compatibility.</li>
 </ul>

-<a name="2011"></a><h3 class="h3">l.ii. Changes since 2.0.11</h3>
+<a name="2011"></a><h3 class="h3">l.iii. Changes since 2.0.11</h3>

 <ul>
 <li>Added confirm table to admin_db_utilities.php</li>
@ -81,7 +99,7 @@ p,ul,td {font-size:10pt;}
 <li>Fixed path disclosure bug in viewtopic.php caused by a PHP 4.3.10 bug - <b>matrix_killer</b></li>
 </ul>

-<a name="2010"></a><h3 class="h3">l.iii. Changes since 2.0.10</h3>
+<a name="2010"></a><h3 class="h3">l.iv. Changes since 2.0.10</h3>

 <ul>
 <li>Fixed vulnerability in highlighting code (<b>very high severity, please update your installation as soon as possible</b>)</li>
@ -92,7 +110,7 @@ p,ul,td {font-size:10pt;}
 <li>Added visual confirmation mod to code base</li>
 </ul>

-<a name="209"></a><h3 class="h3">l.iv. Changes since 2.0.9</h3>
+<a name="209"></a><h3 class="h3">l.v. Changes since 2.0.9</h3>

 <ul>
 <li>Fixed deleting of styles in admin_styles.php</li>
@ -105,7 +123,7 @@ p,ul,td {font-size:10pt;}
 <li>Fixed visual confirmation code. The image was not created due to a wrong regular expression.</li>
 </ul>

-<a name="208"></a><h3 class="h3">l.v. Changes since 2.0.8</h3>
+<a name="208"></a><h3 class="h3">l.vi. Changes since 2.0.8</h3>

 <ul>
 <li>Fixed one vulnerability in admin_board.php - <b>Xore</b></li>
@ -124,7 +142,7 @@ p,ul,td {font-size:10pt;}
 <li>Fixed problem with SID not delivered to next page in groupcp.php</li>
 </ul>

-<a name="207"></a><h3 class="h3">l.vi. Changes since 2.0.7</h3>
+<a name="207"></a><h3 class="h3">l.vii. Changes since 2.0.7</h3>

 <ul>
 <li>Fixed several vulnerabilities in admin pages</li>
@ -136,7 +154,7 @@ p,ul,td {font-size:10pt;}
 <li>Fixed sql injection vulnerability in privmsg - 2.0.8a</li>
 </ul>

-<a name="206"></a><h3 class="h3">1.vii. Changes since 2.0.6</h3>
+<a name="206"></a><h3 class="h3">1.viii. Changes since 2.0.6</h3>

 <ul>
 <li>Fixed several vulnerabilities in modcp - <b>Robert Lavierck</b></li>
@ -150,7 +168,7 @@ p,ul,td {font-size:10pt;}
 <li>Fixed potential vulnerability in avatar gallery</li>
 </ul>

-<a name="205"></a><h3 class="h3">1.viii. Changes since 2.0.5</h3>
+<a name="205"></a><h3 class="h3">1.ix. Changes since 2.0.5</h3>

 <ul>
 <li>Fixed various email issues</li>
@ -166,7 +184,7 @@ p,ul,td {font-size:10pt;}
 <li>Fixed sql injection with reset date format field in profile - <b>tendor</b></li>
 </ul>

-<a name="204"></a><h3 class="h3">1.ix. Changes since 2.0.4</h3>
+<a name="204"></a><h3 class="h3">1.x. Changes since 2.0.4</h3>

 <ul>
 <li>Removed user facing session_id checks</li>
@ -238,7 +256,7 @@ p,ul,td {font-size:10pt;}
 <li>Default English support for visual confirmation - translators are encouraged to support this</li>
 </ul>

-<a name="203"></a><h3 class="h3">1.x. Changes since 2.0.3</h3>
+<a name="203"></a><h3 class="h3">1.xi. Changes since 2.0.3</h3>

 <ul>
 <li>Fixed cross-browser scripting issue with highlight param</li>
@ -365,7 +383,7 @@ p,ul,td {font-size:10pt;}
 <li>Fixed potential SQL vulnerability with marking of private messages - <b>Ulf Harnhammar</b></li>
 </ul>

-<a name="202"></a><h3 class="h3">1.xi. Changes since 2.0.2</h3>
+<a name="202"></a><h3 class="h3">1.xii. Changes since 2.0.2</h3>

 <ul>
 <li>Fixed potential cross-site scripting vulnerability with avatars - <b>Showscout</b></li>
@ -374,7 +392,7 @@ p,ul,td {font-size:10pt;}
 <li>Fixed (hopefully) issue with MS Access and multiple pages</li>
 </ul>

-<a name="201"></a><h3 class="h3">1.xii. Changes since 2.0.1</h3>
+<a name="201"></a><h3 class="h3">1.xiii. Changes since 2.0.1</h3>

 <ul>
 <li>Fixed missing "username" lang variable in user admin template</li>
@ -409,7 +427,7 @@ p,ul,td {font-size:10pt;}
 <li>Fix emailer to allow sending emails with language-specific character sets</li>
 </ul>

-<a name="200"></a><h3 class="h3">1.xiii. Changes since 2.0.0</h3>
+<a name="200"></a><h3 class="h3">1.xiv. Changes since 2.0.0</h3>

 <ul>
 <li>Fixed delete image bug for normal users</li>
@ -466,7 +484,7 @@ p,ul,td {font-size:10pt;}
 <li>Added database closure to admin frameset page</li>
 </ul>

-<a name="final"></a><h3 class="h3">1.xiv. Changes since RC-4</h3>
+<a name="final"></a><h3 class="h3">1.xv. Changes since RC-4</h3>

 <ul>
 <li>Fixed improper report of general error when posting messages containing errors</li>
@ -496,7 +514,7 @@ p,ul,td {font-size:10pt;}
 <li>Fixed various remaining usergroup display issues</li>
 </ul>

-<a name="rc4"></a><h3 class="h3">1.xv. Changes since RC-3</h3>
+<a name="rc4"></a><h3 class="h3">1.xvi. Changes since RC-3</h3>

 <ul>
 <li>Addressed serious security issue with included files</li>
@ -527,7 +545,7 @@ p,ul,td {font-size:10pt;}
 <li>Fix (hopefully) remaining ICQ overlay issue with view profile in subSilver</li>
 </ul>

-<a name="rc3"></a><h3 class="h3">1.xvi. Changes since RC-2</h3>
+<a name="rc3"></a><h3 class="h3">1.xvii. Changes since RC-2</h3>

 <ul>
 <li>Fixed infamous install parse error</li>
@ -560,7 +578,7 @@ p,ul,td {font-size:10pt;}
 <li>Hidden usergroups are now completely hidden from view</li>
 </ul>

-<a name="rc2"></a><h3 class="h3">1.xvii. Changes since RC-1</h3>
+<a name="rc2"></a><h3 class="h3">1.xviii. Changes since RC-1</h3>

 <ul>
 <li>Fixed numerous PostgreSQL related issues</li>
@ -580,7 +598,7 @@ p,ul,td {font-size:10pt;}
 <li>Various other fixes and updates</li>
 </ul>

-<a name="rc1"></a><h3 class="h3">1.xviii. Changes since RC-1 (pre)</h3>
+<a name="rc1"></a><h3 class="h3">1.xix. Changes since RC-1 (pre)</h3>

 <ul>
 <li>Upgrade script completed for initial fully functional release</li>
--- a/phpBB/docs/INSTALL.html
+++ b/phpBB/docs/INSTALL.html
@ -3,7 +3,7 @@
 <head>
 <meta http-equiv="Content-Type" content="text/html">
 <meta http-equiv="Content-Style-Type" content="text/css">
-<title>phpBB 2.0.13 :: Install</title>
+<title>phpBB 2.0.14 :: Install</title>
 <link rel="stylesheet" href="../templates/subSilver/subSilver.css" type="text/css">
 <style type="text/css">
 <!--
@ -24,7 +24,7 @@ p,ul,td {font-size:10pt;}
 <table width="100%" border="0" cellspacing="0" cellpadding="0">
 	<tr>
 		<td><img src="../templates/subSilver/images/logo_phpBB.gif" border="0" alt="phpBB 2 : Creating Communities" vspace="1" /></a></td>
-		<td align="center" width="100%" valign="middle"><span class="maintitle">phpBB 2.0.13 INSTALL</span></td>
+		<td align="center" width="100%" valign="middle"><span class="maintitle">phpBB 2.0.14 INSTALL</span></td>
 	</tr>
 </table>

@ -33,7 +33,7 @@ p,ul,td {font-size:10pt;}

 <p>Please note these instructions are not fully comprehensive, a more thorough userguide will be available on the phpBB website in the near future. However, this document will walk you through the basics on installing the forum software.</p>

-<p>A basic overview of running phpBB 2.0.13 can be found in the accompanying <a href="README.html">README</a> documentation. Please ensure you read that document in addition to this! For more detailed information on using phpBB 2 you should read <a href="http://www.phpbb.com/support/guide/" target="_new">Userguide</a> now available online.</p>
+<p>A basic overview of running phpBB 2.0.14 can be found in the accompanying <a href="README.html">README</a> documentation. Please ensure you read that document in addition to this! For more detailed information on using phpBB 2 you should read <a href="http://www.phpbb.com/support/guide/" target="_new">Userguide</a> now available online.</p>

 <ol>
 <li><a href="#quickinstall">Quick Install</a></li>
@ -88,7 +88,7 @@ p,ul,td {font-size:10pt;}

 <a name="require"></a><h2 class="h2"><u>2. Requirements</u></h2>

-<p>Installation of phpBB 2.0.13 requires the following:</p>
+<p>Installation of phpBB 2.0.14 requires the following:</p>
 <ul>
 <li>A webserver or web hosting account running on any major Operating System</li>
 <li>A SQL database system, <b>one of</b>:
@ -192,17 +192,17 @@ p,ul,td {font-size:10pt;}

 <a name="#upgradeSTABLE_files"></a><h3 class="h3">7.ii. Changed files only</h3>

-<p>This package contains a number of archives, each contains the files changed from a given release to 2.0.13. You should select the appropriate archive for your current version, e.g. if you currently have 2.0.11 you should select the phpBB-2.0.11_to_2.0.13.zip/tar.gz file.</p>
+<p>This package contains a number of archives, each contains the files changed from a given release to the latest version. You should select the appropriate archive for your current version, e.g. if you currently have 2.0.13 you should select the phpBB-2.0.13_to_2.0.14.zip/tar.gz file.</p>

 <p>The directory structure has been preserved enabling you (if you wish) to simply upload the contents of the archive to the appropriate location on your server, i.e. simply overwrite the existing files with the new versions. Do not forget that if you have installed any Mods these files will overwrite the originals possibly destroying them in the process. You will need to re-add Mods to any affected file before uploading.</p>

-<p>As for the other upgrade procedures you should run <b>install/update_to_latest.php</b> after you have finished updating the files. This will update your database schema and data (if appropriate) and increment the version number.</p>
+<p>As for the other upgrade procedures you should run <b>install/update_to_latest.php</b> after you have finished updating the files. This will update your database schema and increment the version number.</p>

 <a name="#upgradeSTABLE_patch"></a><h3 class="h3">7.iii. Patch file</h3>

 <p>The patch file is probably the best solution for those with many Mods or other changes who do not want to re-add them back to all the changed files. To use this you will need command line access to a standard UNIX type <b>patch</b> application.</p>

-<p>A number of patch files are provided to allow you to upgrade from previous stable releases. Select the correct patch, e.g. if your current version is 2.0.11 you need the phpBB-2.0.11_to_2.0.13.patch. Place the correct patch in the parent directory containing the phpBB 2 core files (i.e. index.php, viewforum.php, etc.). With this done you should run the following command: <b>patch -cl -d [PHPBB DIRECTORY] -p1 &lt; [PATCH NAME]</b> (where PHPBB DIRECTORY is the directory name your phpBB Installation resides in, for example phpBB2, and where PATCH NAME is the relevant filename of the selected patch file). This should complete quickly, hopefully without any HUNK FAILED comments.</p>
+<p>A number of patch files are provided to allow you to upgrade from previous stable releases. Select the correct patch, e.g. if your current version is 2.0.13 you need the phpBB-2.0.13_to_2.0.14.patch. Place the correct patch in the parent directory containing the phpBB 2 core files (i.e. index.php, viewforum.php, etc.). With this done you should run the following command: <b>patch -cl -d [PHPBB DIRECTORY] -p1 &lt; [PATCH NAME]</b> (where PHPBB DIRECTORY is the directory name your phpBB Installation resides in, for example phpBB2, and where PATCH NAME is the relevant filename of the selected patch file). This should complete quickly, hopefully without any HUNK FAILED comments.</p>

 <p>If you do get failures you should look at using the <a href="#upgradeSTABLE_files">Changed files only</a> package to replace the files which failed to patch, please note that you will need to manually re-add any Mods to these particular files. Alternatively if you know how you can examine the .rej files to determine what failed where and make manual adjustments to the relevant source.</p>

@ -214,7 +214,7 @@ p,ul,td {font-size:10pt;}

 <a name="postinstall"></a><h2 class="h2"><u>8. Important (security related) post-Install tasks for all installation methods</u></h2>

-<p>Once you have succssfully installed phpBB 2.0.13 you <b>MUST</b> ensure you remove the entire install/ and contrib/ directories. Leaving these in place is a <u>very serious potential security issue</u> which may lead to deletion or alteration of files, etc. Please note that until these directories are remove phpBB2 will not operate and a warning message will be displayed. Beyond these <b>essential</b> deletions you may also wish to delete the docs/ directories if you wish.</p>
+<p>Once you have succssfully installed phpBB 2.0.x you <b>MUST</b> ensure you remove the entire install/ and contrib/ directories. Leaving these in place is a <u>very serious potential security issue</u> which may lead to deletion or alteration of files, etc. Please note that until these directories are remove phpBB2 will not operate and a warning message will be displayed. Beyond these <b>essential</b> deletions you may also wish to delete the docs/ directories if you wish.</p>

 <p>With these directories deleted you should proceed to the administration panel. Depending on how the installation completed you may have been directed there automatically. If not, login as the administrator you specified during install/upgrade and click the "<b>Administration Panel</b>" link at the bottom of any page. Ensure that details specified in General -> Configuration are correct!</p>

@ -232,7 +232,7 @@ p,ul,td {font-size:10pt;}

 <a name="safemode"></a><h3 class="h3">8.ii. Safe Mode</h3>

-<p>phpBB 2.0.13 includes support for using uploadable avatars on systems running PHP in safe mode. If this applies to your hosting service you will need to create a sub-directory called <u>tmp</u> in the directory you specified for storage of uploaded avatars (by default this is images/avatars as explained above). Give it the same access rights as for uploadable avatars above.</p>
+<p>phpBB 2.0.x includes support for using uploadable avatars on systems running PHP in safe mode. If this applies to your hosting service you will need to create a sub-directory called <u>tmp</u> in the directory you specified for storage of uploaded avatars (by default this is images/avatars as explained above). Give it the same access rights as for uploadable avatars above.</p>

 <p>This safe mode support includes compatibility with various directory restrictions your host may impose (assuming they are not too restrictive and that the PHP installed is version 4.0.3 or later). There is generally no need for any manual setup for safe mode support it is typically handled transparantly.</p>

--- a/phpBB/docs/README.html
+++ b/phpBB/docs/README.html
@ -3,7 +3,7 @@
 <head>
 <meta http-equiv="Content-Type" content="text/html">
 <meta http-equiv="Content-Style-Type" content="text/css">
-<title>phpBB 2.0.13 :: Readme</title>
+<title>phpBB 2.0.14 :: Readme</title>
 <link rel="stylesheet" href="../templates/subSilver/subSilver.css" type="text/css" />
 <style type="text/css">
 <!--
@ -24,7 +24,7 @@ p,ul,td {font-size:10pt;}
 <table width="100%" border="0" cellspacing="0" cellpadding="0">
 	<tr>
 		<td><img src="../templates/subSilver/images/logo_phpBB.gif" border="0" alt="phpBB 2 : Creating Communities" vspace="1" /></a></td>
-		<td align="center" width="100%" valign="middle"><span class="maintitle">phpBB 2.0.13 README</span></td>
+		<td align="center" width="100%" valign="middle"><span class="maintitle">phpBB 2.0.14 README</span></td>
 	</tr>
 </table>

@ -84,7 +84,7 @@ p,ul,td {font-size:10pt;}

 <p>If your language is not available please visit our forums where you will find a topic listing translations currently available or in preparation. This topic also gives you information should you wish to volunteer to translate a language not currently listed</p>

-<p><b>Please note</b> that users who have upgraded to 2.0.13 from versions prior to RC-3 should will <b>need</b> to download new versions of the language/subSilver image packs. Any package downloaded prior to the availability of RC-3 will <b>not</b> function correctly with this version of phpBB 2.</p>
+<p><b>Please note</b> that users who have upgraded to the latest version from versions prior to RC-3 should will <b>need</b> to download new versions of the language/subSilver image packs. Any package downloaded prior to the availability of RC-3 will <b>not</b> function correctly with this version of phpBB 2.</p>

 <p>If you have upgraded from 2.0.0 and make use of non-English language packs you will benefit from downloading updated versions which will become available shortly. These introduce a number of strings which went missing from the first version plus a few updates and additions.</p>