diff --git a/phpBB/admin/admin_users.php b/phpBB/admin/admin_users.php
index 799abf440f..4c66e2e48d 100644
--- a/phpBB/admin/admin_users.php
+++ b/phpBB/admin/admin_users.php
@@ -316,7 +316,7 @@ if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username'])
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $result['error_msg'];
}
- else if ( strtolower(str_replace("\'", "''", $username)) == strtolower($userdata['username']) )
+ else if ( strtolower(str_replace("\\'", "''", $username)) == strtolower($userdata['username']) )
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '
' : '' ) . $lang['Username_taken'];
@@ -325,7 +325,7 @@ if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username'])
if (!$error)
{
- $username_sql = "username = '" . str_replace("\'", "''", $username) . "', ";
+ $username_sql = "username = '" . str_replace("\\'", "''", $username) . "', ";
$rename_user = $username; // Used for renaming usergroup
}
}
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 1042b741b3..af3860a3c4 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -84,7 +84,8 @@ function get_userdata($user, $force_str = false)
if (intval($user) == 0 || $force_str)
{
$user = trim(htmlspecialchars($user));
- $user = substr(str_replace("\'", "'", $user), 0, 25);
+ $user = substr(str_replace("\\'", "'", $user), 0, 25);
+ $user = str_replace("'", "\\'", $user);
}
else
{
diff --git a/phpBB/includes/functions_search.php b/phpBB/includes/functions_search.php
index bec099761e..80ea0554c8 100644
--- a/phpBB/includes/functions_search.php
+++ b/phpBB/includes/functions_search.php
@@ -131,6 +131,8 @@ function add_search_words($mode, $post_id, $post_text, $post_title = '')
$search_raw_words['text'] = split_words(clean_words('post', $post_text, $stopword_array, $synonym_array));
$search_raw_words['title'] = split_words(clean_words('post', $post_title, $stopword_array, $synonym_array));
+ @set_time_limit(0);
+
$word = array();
$word_insert_sql = array();
while ( list($word_in, $search_matches) = @each($search_raw_words) )
@@ -256,7 +258,7 @@ function add_search_words($mode, $post_id, $post_text, $post_title = '')
if ( $match_sql != '' )
{
- $sql = "INSERT INTO " . SEARCH_MATCH_TABLE . " (post_id, word_id, title_match)
+ $sql = "INSERT IGNORE INTO " . SEARCH_MATCH_TABLE . " (post_id, word_id, title_match)
SELECT $post_id, word_id, $title_match
FROM " . SEARCH_WORD_TABLE . "
WHERE word_text IN ($match_sql)";
diff --git a/phpBB/includes/usercp_register.php b/phpBB/includes/usercp_register.php
index 09894ff602..2e6d1f8708 100644
--- a/phpBB/includes/usercp_register.php
+++ b/phpBB/includes/usercp_register.php
@@ -627,7 +627,6 @@ if ( isset($HTTP_POST_VARS['submit']) )
}
$emailer->use_template("admin_activate", $board_config['default_lang']);
- $emailer->email_address($lang['New_account_subject'] . ':;');
$emailer->set_subject($lang['New_account_subject']);
$emailer->assign_vars(array(
diff --git a/phpBB/install/schemas/mssql_schema.sql b/phpBB/install/schemas/mssql_schema.sql
index d18a48c248..059db6b1f7 100644
--- a/phpBB/install/schemas/mssql_schema.sql
+++ b/phpBB/install/schemas/mssql_schema.sql
@@ -412,7 +412,7 @@ GO
ALTER TABLE [phpbb_confirm] WITH NOCHECK ADD
CONSTRAINT [PK_phpbb_confirm] PRIMARY KEY CLUSTERED
(
- [session_id,confirm_id]
+ [session_id, confirm_id]
) ON [PRIMARY]
GO
diff --git a/phpBB/install/update_to_205.php b/phpBB/install/update_to_205.php
index 8facfb378e..d7e90878f8 100644
--- a/phpBB/install/update_to_205.php
+++ b/phpBB/install/update_to_205.php
@@ -499,7 +499,7 @@ switch ($row['config_value'])
case 'mssql':
case 'mssql-odbc':
$sql[] = 'CREATE TABLE [' . $table_prefix . 'confirm] ([confirm_id] [char] (32) NOT NULL , [session_id] [char] (32) NOT NULL , [code] [char] (6) NOT NULL ) ON [PRIMARY]';
- $sql[] = 'ALTER TABLE [' . $table_prefix . 'confirm] WITH NOCHECK ADD CONSTRAINT [PK_' . $table_prefix . 'confirm] PRIMARY KEY CLUSTERED ( [session_id,confirm_id]) ON [PRIMARY]';
+ $sql[] = 'ALTER TABLE [' . $table_prefix . 'confirm] WITH NOCHECK ADD CONSTRAINT [PK_' . $table_prefix . 'confirm] PRIMARY KEY CLUSTERED ( [session_id, confirm_id]) ON [PRIMARY]';
$sql[] = 'ALTER TABLE [' . $table_prefix . 'confirm] WITH NOCHECK ADD CONSTRAINT [DF_' . $table_prefix . 'confirm_confirm_id] DEFAULT (\'\') FOR [confirm_id], CONSTRAINT [DF_' . $table_prefix . 'confirm_session_id] DEFAULT (\'\') FOR [session_id], CONSTRAINT [DF_' . $table_prefix . 'confirm_code] DEFAULT (\'\') FOR [code]';
break;
diff --git a/phpBB/login.php b/phpBB/login.php
index 7bf6941909..218025d9d1 100644
--- a/phpBB/login.php
+++ b/phpBB/login.php
@@ -55,12 +55,13 @@ if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($
if( ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) ) && !$userdata['session_logged_in'] )
{
$username = isset($HTTP_POST_VARS['username']) ? trim(htmlspecialchars($HTTP_POST_VARS['username'])) : '';
- $username = substr(str_replace("\'", "'", $username), 0, 25);
+ $username = substr(str_replace("\\'", "'", $username), 0, 25);
+ $username = str_replace("'", "\\'", $username);
$password = isset($HTTP_POST_VARS['password']) ? $HTTP_POST_VARS['password'] : '';
$sql = "SELECT user_id, username, user_password, user_active, user_level
FROM " . USERS_TABLE . "
- WHERE username = '" . str_replace("\'", "''", $username) . "'";
+ WHERE username = '" . str_replace("\\'", "''", $username) . "'";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql);
diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php
index 3aba35e79e..1af14786ef 100644
--- a/phpBB/viewtopic.php
+++ b/phpBB/viewtopic.php
@@ -37,11 +37,19 @@ else if ( isset($HTTP_GET_VARS['topic']) )
{
$topic_id = intval($HTTP_GET_VARS['topic']);
}
+else
+{
+ $topic_id = 0;
+}
if ( isset($HTTP_GET_VARS[POST_POST_URL]))
{
$post_id = intval($HTTP_GET_VARS[POST_POST_URL]);
}
+else
+{
+ $post_id = 0;
+}
$start = ( isset($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0;