From 692030f51fd4e47463804d8d0fa2a6590c076a6e Mon Sep 17 00:00:00 2001
From: Meik Sievertsen <acydburn@phpbb.com>
Date: Fri, 20 Jun 2003 07:40:27 +0000
Subject: [PATCH] some bugfixes... cvs does not work very well at the moment.
 hope the change within the mssql schema do the job, i will test this tonight
 (i have to be at work in a few minutes).

git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@4157 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/admin/admin_users.php            | 4 ++--
 phpBB/includes/functions.php           | 3 ++-
 phpBB/includes/functions_search.php    | 4 +++-
 phpBB/includes/usercp_register.php     | 1 -
 phpBB/install/schemas/mssql_schema.sql | 2 +-
 phpBB/install/update_to_205.php        | 2 +-
 phpBB/login.php                        | 5 +++--
 phpBB/viewtopic.php                    | 8 ++++++++
 8 files changed, 20 insertions(+), 9 deletions(-)

diff --git a/phpBB/admin/admin_users.php b/phpBB/admin/admin_users.php
index 799abf440f..4c66e2e48d 100644
--- a/phpBB/admin/admin_users.php
+++ b/phpBB/admin/admin_users.php
@@ -316,7 +316,7 @@ if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username'])
 					$error = TRUE;
 					$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $result['error_msg'];
 				}
-				else if ( strtolower(str_replace("\'", "''", $username)) == strtolower($userdata['username']) )
+				else if ( strtolower(str_replace("\\'", "''", $username)) == strtolower($userdata['username']) )
 				{
 					$error = TRUE;
 					$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Username_taken'];
@@ -325,7 +325,7 @@ if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username'])
 
 			if (!$error)
 			{
-				$username_sql = "username = '" . str_replace("\'", "''", $username) . "', ";
+				$username_sql = "username = '" . str_replace("\\'", "''", $username) . "', ";
 				$rename_user = $username; // Used for renaming usergroup
 			}
 		}
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 1042b741b3..af3860a3c4 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -84,7 +84,8 @@ function get_userdata($user, $force_str = false)
 	if (intval($user) == 0 || $force_str)
 	{
 		$user = trim(htmlspecialchars($user));
-		$user = substr(str_replace("\'", "'", $user), 0, 25);
+		$user = substr(str_replace("\\'", "'", $user), 0, 25);
+		$user = str_replace("'", "\\'", $user);
 	}
 	else
 	{
diff --git a/phpBB/includes/functions_search.php b/phpBB/includes/functions_search.php
index bec099761e..80ea0554c8 100644
--- a/phpBB/includes/functions_search.php
+++ b/phpBB/includes/functions_search.php
@@ -131,6 +131,8 @@ function add_search_words($mode, $post_id, $post_text, $post_title = '')
 	$search_raw_words['text'] = split_words(clean_words('post', $post_text, $stopword_array, $synonym_array));
 	$search_raw_words['title'] = split_words(clean_words('post', $post_title, $stopword_array, $synonym_array));
 
+	@set_time_limit(0);
+
 	$word = array();
 	$word_insert_sql = array();
 	while ( list($word_in, $search_matches) = @each($search_raw_words) )
@@ -256,7 +258,7 @@ function add_search_words($mode, $post_id, $post_text, $post_title = '')
 
 		if ( $match_sql != '' )
 		{
-			$sql = "INSERT INTO " . SEARCH_MATCH_TABLE . " (post_id, word_id, title_match) 
+			$sql = "INSERT IGNORE INTO " . SEARCH_MATCH_TABLE . " (post_id, word_id, title_match) 
 				SELECT $post_id, word_id, $title_match  
 					FROM " . SEARCH_WORD_TABLE . " 
 					WHERE word_text IN ($match_sql)"; 
diff --git a/phpBB/includes/usercp_register.php b/phpBB/includes/usercp_register.php
index 09894ff602..2e6d1f8708 100644
--- a/phpBB/includes/usercp_register.php
+++ b/phpBB/includes/usercp_register.php
@@ -627,7 +627,6 @@ if ( isset($HTTP_POST_VARS['submit']) )
 				}
 
 				$emailer->use_template("admin_activate", $board_config['default_lang']);
-				$emailer->email_address($lang['New_account_subject'] . ':;');
 				$emailer->set_subject($lang['New_account_subject']);
 
 				$emailer->assign_vars(array(
diff --git a/phpBB/install/schemas/mssql_schema.sql b/phpBB/install/schemas/mssql_schema.sql
index d18a48c248..059db6b1f7 100644
--- a/phpBB/install/schemas/mssql_schema.sql
+++ b/phpBB/install/schemas/mssql_schema.sql
@@ -412,7 +412,7 @@ GO
 ALTER TABLE [phpbb_confirm] WITH NOCHECK ADD
 	CONSTRAINT [PK_phpbb_confirm] PRIMARY KEY  CLUSTERED
 	(
-		[session_id,confirm_id]
+		[session_id, confirm_id]
 	)  ON [PRIMARY]
 GO
 
diff --git a/phpBB/install/update_to_205.php b/phpBB/install/update_to_205.php
index 8facfb378e..d7e90878f8 100644
--- a/phpBB/install/update_to_205.php
+++ b/phpBB/install/update_to_205.php
@@ -499,7 +499,7 @@ switch ($row['config_value'])
 			case 'mssql':
 			case 'mssql-odbc':
 				$sql[] = 'CREATE TABLE [' . $table_prefix . 'confirm] ([confirm_id] [char] (32) NOT NULL , [session_id] [char] (32) NOT NULL , [code] [char] (6) NOT NULL ) ON [PRIMARY]';
-				$sql[] = 'ALTER TABLE [' . $table_prefix . 'confirm] WITH NOCHECK ADD CONSTRAINT [PK_' . $table_prefix . 'confirm] PRIMARY KEY  CLUSTERED ( [session_id,confirm_id])  ON [PRIMARY]';
+				$sql[] = 'ALTER TABLE [' . $table_prefix . 'confirm] WITH NOCHECK ADD CONSTRAINT [PK_' . $table_prefix . 'confirm] PRIMARY KEY  CLUSTERED ( [session_id, confirm_id])  ON [PRIMARY]';
 				$sql[] = 'ALTER TABLE [' . $table_prefix . 'confirm] WITH NOCHECK ADD CONSTRAINT [DF_' . $table_prefix . 'confirm_confirm_id] DEFAULT (\'\') FOR [confirm_id], CONSTRAINT [DF_' . $table_prefix . 'confirm_session_id] DEFAULT (\'\') FOR [session_id], CONSTRAINT [DF_' . $table_prefix . 'confirm_code] DEFAULT (\'\') FOR [code]';
 				break;
 
diff --git a/phpBB/login.php b/phpBB/login.php
index 7bf6941909..218025d9d1 100644
--- a/phpBB/login.php
+++ b/phpBB/login.php
@@ -55,12 +55,13 @@ if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($
 	if( ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) ) && !$userdata['session_logged_in'] )
 	{
 		$username = isset($HTTP_POST_VARS['username']) ? trim(htmlspecialchars($HTTP_POST_VARS['username'])) : '';
-		$username = substr(str_replace("\'", "'", $username), 0, 25);
+		$username = substr(str_replace("\\'", "'", $username), 0, 25);
+		$username = str_replace("'", "\\'", $username);
 		$password = isset($HTTP_POST_VARS['password']) ? $HTTP_POST_VARS['password'] : '';
 
 		$sql = "SELECT user_id, username, user_password, user_active, user_level
 			FROM " . USERS_TABLE . "
-			WHERE username = '" . str_replace("\'", "''", $username) . "'";
+			WHERE username = '" . str_replace("\\'", "''", $username) . "'";
 		if ( !($result = $db->sql_query($sql)) )
 		{
 			message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql);
diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php
index 3aba35e79e..1af14786ef 100644
--- a/phpBB/viewtopic.php
+++ b/phpBB/viewtopic.php
@@ -37,11 +37,19 @@ else if ( isset($HTTP_GET_VARS['topic']) )
 {
 	$topic_id = intval($HTTP_GET_VARS['topic']);
 }
+else
+{
+	$topic_id = 0;
+}
 
 if ( isset($HTTP_GET_VARS[POST_POST_URL]))
 {
 	$post_id = intval($HTTP_GET_VARS[POST_POST_URL]);
 }
+else
+{
+	$post_id = 0;
+}
 
 $start = ( isset($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0;