From dbb942a03f600adf6927a54a8808d8c2aefe6b22 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Sun, 4 May 2008 10:51:13 +0000 Subject: [PATCH] #2591 git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@8538 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/docs/CHANGELOG.html | 63 ++++++++++++++++------------- phpBB/includes/functions_search.php | 3 +- 2 files changed, 37 insertions(+), 29 deletions(-) diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index fd0718f6cb..06717e6385 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -32,6 +32,7 @@ p,ul,td {font-size:10pt;}
  1. Changelog
      2. +
    1. Changes since 2.0.23
    2. Changes since 2.0.22
    3. Changes since 2.0.21
    4. Changes since 2.0.20
      5. @@ -68,7 +69,13 @@ p,ul,td {font-size:10pt;}

      This is a non-exhaustive (but still near complete) changelog for phpBB 2.0.x including beta and release candidate versions. Our thanks to all those people who've contributed bug reports and code fixes.

      -

      l.i. Changes since 2.0.22

      +

      l.i. Changes since 2.0.23

      + +
        +
      • [Fix] Only insert words into search match table not being tagged as common (Bug #2591) - patch provided by tigertech
        • +
      + +

      l.ii. Changes since 2.0.22

      • [Fix] Correctly re-assign group moderator on user deletion (Bug #280)
        • @@ -87,7 +94,7 @@ p,ul,td {font-size:10pt;}
      • [Fix] Fixing some problems with PHP5 and register_long_arrays off
      -

      l.ii. Changes since 2.0.21

      +

      l.iii. Changes since 2.0.21

      • [Fix] Check for user's existence prior to showing email form
        • @@ -103,7 +110,7 @@ p,ul,td {font-size:10pt;}
      • [Sec] Added session checks to various forms - kellanved
      -

      l.iii. Changes since 2.0.20

      +

      l.iv. Changes since 2.0.20

      • [Fix] Changes to random number generator code to explicitly truncate the length of the string
        • @@ -120,7 +127,7 @@ p,ul,td {font-size:10pt;}
      -

      l.iv. Changes since 2.0.19

      +

      l.v. Changes since 2.0.19

      • [Fix] Prevent login attempts from incrementing for inactive users
        • @@ -153,7 +160,7 @@ p,ul,td {font-size:10pt;}
      -

      l.v. Changes since 2.0.18

      +

      l.vi. Changes since 2.0.18

      • [Fix] corrected index on session keys table under MS SQL
        • @@ -172,7 +179,7 @@ p,ul,td {font-size:10pt;}
      -

      l.vi. Changes since 2.0.17

      +

      l.vii. Changes since 2.0.17

      • [Fix] incorrect handling of password resets if admin activation is enabled (Bug #88)
        • @@ -220,7 +227,7 @@ p,ul,td {font-size:10pt;}
      • [Sec] compare imagetype on avatar uploading to match the file extension from uploaded file
      -

      l.vii. Changes since 2.0.16

      +

      l.viii. Changes since 2.0.16

      • Added extra checks to the deletion code in privmsg.php - reported by party_fan
        • @@ -236,7 +243,7 @@ p,ul,td {font-size:10pt;}
      • Correctly set username on posts when deleting a user from the admin panel
      -

      l.viii. Changes since 2.0.15

      +

      l.ix. Changes since 2.0.15

      • Fixed critical issue with highlighting - Discovered and fix provided by Ron van Daal
        • @@ -248,7 +255,7 @@ p,ul,td {font-size:10pt;}
      • Fixed bug in admin re-authentication redirect for servers not having index.php as one of their default files set
      -

      l.ix. Changes since 2.0.14

      +

      l.x. Changes since 2.0.14

      • Fixed moderator status removal in groupcp.php
        • @@ -270,7 +277,7 @@ p,ul,td {font-size:10pt;}
      • Empty url/img bbcodes no longer get parsed
      -

      l.x. Changes since 2.0.13

      +

      l.xi. Changes since 2.0.13

      • Hardened author and keyword search a bit to not allow very server intensive searches
        • @@ -287,7 +294,7 @@ p,ul,td {font-size:10pt;}
      • Fixed case-sensitivity issues in postgres7.php - R45
      -

      l.xi. Changes since 2.0.12

      +

      l.xii. Changes since 2.0.12

      • Ommitted preg_replace warning in viewtopic due to improper working of preg_quote in PHP - originally reported by matrix_killer, fix submitted by another party
        • @@ -295,7 +302,7 @@ p,ul,td {font-size:10pt;}
      • Minimum requirements raised to PHP 4.0.3 or above due to fixing vulnerability issues breaking PHP3 compatibility.
      -

      l.xii. Changes since 2.0.11

      +

      l.xiii. Changes since 2.0.11

      • Added confirm table to admin_db_utilities.php
        • @@ -310,7 +317,7 @@ p,ul,td {font-size:10pt;}
      • Fixed path disclosure bug in viewtopic.php caused by a PHP 4.3.10 bug - matrix_killer
      -

      l.xiii. Changes since 2.0.10

      +

      l.xiv. Changes since 2.0.10

      • Fixed vulnerability in highlighting code (very high severity, please update your installation as soon as possible)
        • @@ -321,7 +328,7 @@ p,ul,td {font-size:10pt;}
      • Added visual confirmation mod to code base
      -

      l.xiv. Changes since 2.0.9

      +

      l.xv. Changes since 2.0.9

      • Fixed deleting of styles in admin_styles.php
        • @@ -334,7 +341,7 @@ p,ul,td {font-size:10pt;}
      • Fixed visual confirmation code. The image was not created due to a wrong regular expression.
      -

      l.xv. Changes since 2.0.8

      +

      l.xvi. Changes since 2.0.8

      • Fixed one vulnerability in admin_board.php - Xore
        • @@ -353,7 +360,7 @@ p,ul,td {font-size:10pt;}
      • Fixed problem with SID not delivered to next page in groupcp.php
      -

      l.xvi. Changes since 2.0.7

      +

      l.xvii. Changes since 2.0.7

      • Fixed several vulnerabilities in admin pages
        • @@ -365,7 +372,7 @@ p,ul,td {font-size:10pt;}
      • Fixed sql injection vulnerability in privmsg - 2.0.8a
      -

      1.xvii. Changes since 2.0.6

      +

      1.xviii. Changes since 2.0.6

      • Fixed several vulnerabilities in modcp - Robert Lavierck
        • @@ -379,7 +386,7 @@ p,ul,td {font-size:10pt;}
      • Fixed potential vulnerability in avatar gallery
      -

      1.xviii. Changes since 2.0.5

      +

      1.xix. Changes since 2.0.5

      • Fixed various email issues
        • @@ -395,7 +402,7 @@ p,ul,td {font-size:10pt;}
      • Fixed sql injection with reset date format field in profile - tendor
      -

      1.xix. Changes since 2.0.4

      +

      1.xx. Changes since 2.0.4

      • Removed user facing session_id checks
        • @@ -467,7 +474,7 @@ p,ul,td {font-size:10pt;}
      • Default English support for visual confirmation - translators are encouraged to support this
      -

      1.xx. Changes since 2.0.3

      +

      1.xxi. Changes since 2.0.3

      • Fixed cross-browser scripting issue with highlight param
        • @@ -594,7 +601,7 @@ p,ul,td {font-size:10pt;}
      • Fixed potential SQL vulnerability with marking of private messages - Ulf Harnhammar
      -

      1.xxi. Changes since 2.0.2

      +

      1.xxii. Changes since 2.0.2

      • Fixed potential cross-site scripting vulnerability with avatars - Showscout
        • @@ -603,7 +610,7 @@ p,ul,td {font-size:10pt;}
      • Fixed (hopefully) issue with MS Access and multiple pages
      -

      1.xxii. Changes since 2.0.1

      +

      1.xxiii. Changes since 2.0.1

      • Fixed missing "username" lang variable in user admin template
        • @@ -638,7 +645,7 @@ p,ul,td {font-size:10pt;}
      • Fix emailer to allow sending emails with language-specific character sets
      -

      1.xxiii. Changes since 2.0.0

      +

      1.xxiv. Changes since 2.0.0

      • Fixed delete image bug for normal users
        • @@ -695,7 +702,7 @@ p,ul,td {font-size:10pt;}
      • Added database closure to admin frameset page
      -

      1.xxiv. Changes since RC-4

      +

      1.xxv. Changes since RC-4

      • Fixed improper report of general error when posting messages containing errors
        • @@ -725,7 +732,7 @@ p,ul,td {font-size:10pt;}
      • Fixed various remaining usergroup display issues
      -

      1.xxv. Changes since RC-3

      +

      1.xxvi. Changes since RC-3

      • Addressed serious security issue with included files
        • @@ -756,7 +763,7 @@ p,ul,td {font-size:10pt;}
      • Fix (hopefully) remaining ICQ overlay issue with view profile in subSilver
      -

      1.xxvi. Changes since RC-2

      +

      1.xxvii. Changes since RC-2

      • Fixed infamous install parse error
        • @@ -789,7 +796,7 @@ p,ul,td {font-size:10pt;}
      • Hidden usergroups are now completely hidden from view
      -

      1.xxvii. Changes since RC-1

      +

      1.xxviii. Changes since RC-1

      • Fixed numerous PostgreSQL related issues
        • @@ -809,7 +816,7 @@ p,ul,td {font-size:10pt;}
      • Various other fixes and updates
      -

      1.xxviii. Changes since RC-1 (pre)

      +

      1.xxix. Changes since RC-1 (pre)

      • Upgrade script completed for initial fully functional release
        • diff --git a/phpBB/includes/functions_search.php b/phpBB/includes/functions_search.php index 277a8563de..6b90aba264 100644 --- a/phpBB/includes/functions_search.php +++ b/phpBB/includes/functions_search.php @@ -245,7 +245,8 @@ function add_search_words($mode, $post_id, $post_text, $post_title = '') $sql = "INSERT INTO " . SEARCH_MATCH_TABLE . " (post_id, word_id, title_match) SELECT $post_id, word_id, $title_match FROM " . SEARCH_WORD_TABLE . " - WHERE word_text IN ($match_sql)"; + WHERE word_text IN ($match_sql) + AND word_common <> 1"; if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not insert new word matches', '', __LINE__, __FILE__, $sql);