diff --git a/phpBB/admin/admin_smilies.php b/phpBB/admin/admin_smilies.php index 12376267b9..6e9f9079de 100644 --- a/phpBB/admin/admin_smilies.php +++ b/phpBB/admin/admin_smilies.php @@ -399,10 +399,17 @@ else if ( $mode != "" ) // Get the submitted data, being careful to ensure that we only // accept the data we are looking for. // - $smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? $HTTP_POST_VARS['smile_code'] : $HTTP_GET_VARS['smile_code']; - $smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : $HTTP_GET_VARS['smile_url']; - $smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? $HTTP_POST_VARS['smile_emotion'] : $HTTP_GET_VARS['smile_emotion']; + $smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? trim($HTTP_POST_VARS['smile_code']) : trim($HTTP_GET_VARS['smile_code']); + $smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? trim($HTTP_POST_VARS['smile_url']) : trim($HTTP_GET_VARS['smile_url']); + $smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? trim($HTTP_POST_VARS['smile_emotion']) : trim($HTTP_GET_VARS['smile_emotion']); $smile_id = ( isset($HTTP_POST_VARS['smile_id']) ) ? intval($HTTP_POST_VARS['smile_id']) : intval($HTTP_GET_VARS['smile_id']); + + // If no code was entered complain ... + if ($smile_code == '' || $smile_url = '') + { + message_die(MESSAGE, $lang['Fields_empty']); + } + // // Convert < and > to proper htmlentities for parsing. // diff --git a/phpBB/admin/admin_users.php b/phpBB/admin/admin_users.php index fd1dcc0ba8..e6e89276ea 100644 --- a/phpBB/admin/admin_users.php +++ b/phpBB/admin/admin_users.php @@ -129,18 +129,18 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) | $password_confirm = ''; $icq = stripslashes($icq); - $aim = stripslashes($aim); - $msn = stripslashes($msn); - $yim = stripslashes($yim); + $aim = htmlspecialchars(stripslashes($aim)); + $msn = htmlspecialchars(stripslashes($msn)); + $yim = htmlspecialchars(stripslashes($yim)); - $website = stripslashes($website); - $location = stripslashes($location); - $occupation = stripslashes($occupation); - $interests = stripslashes($interests); - $signature = stripslashes($signature); + $website = htmlspecialchars(stripslashes($website)); + $location = htmlspecialchars(stripslashes($location)); + $occupation = htmlspecialchars(stripslashes($occupation)); + $interests = htmlspecialchars(stripslashes($interests)); + $signature = htmlspecialchars(stripslashes($signature)); $user_lang = stripslashes($user_lang); - $user_dateformat = stripslashes($user_dateformat); + $user_dateformat = htmlspecialchars(stripslashes($user_dateformat)); if ( !isset($HTTP_POST_VARS['cancelavatar'])) { @@ -713,24 +713,24 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) | $template->assign_var_from_handle('ERROR_BOX', 'reg_header'); - $username = stripslashes($username); + $username = htmlspecialchars(stripslashes($username)); $email = stripslashes($email); $password = ''; $password_confirm = ''; $icq = stripslashes($icq); - $aim = str_replace('+', ' ', stripslashes($aim)); - $msn = stripslashes($msn); - $yim = stripslashes($yim); + $aim = htmlspecialchars(str_replace('+', ' ', stripslashes($aim))); + $msn = htmlspecialchars(stripslashes($msn)); + $yim = htmlspecialchars(stripslashes($yim)); - $website = stripslashes($website); - $location = stripslashes($location); - $occupation = stripslashes($occupation); - $interests = stripslashes($interests); - $signature = stripslashes($signature); + $website = htmlspecialchars(stripslashes($website)); + $location = htmlspecialchars(stripslashes($location)); + $occupation = htmlspecialchars(stripslashes($occupation)); + $interests = htmlspecialchars(stripslashes($interests)); + $signature = htmlspecialchars(stripslashes($signature)); $user_lang = stripslashes($user_lang); - $user_dateformat = stripslashes($user_dateformat); + $user_dateformat = htmlspecialchars(stripslashes($user_dateformat)); } } else if( !isset( $HTTP_POST_VARS['submit'] ) && $mode != 'save' && !isset( $HTTP_POST_VARS['avatargallery'] ) && !isset( $HTTP_POST_VARS['submitavatar'] ) && !isset( $HTTP_POST_VARS['cancelavatar'] ) ) @@ -757,21 +757,21 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) | // Now parse and display it as a template // $user_id = $this_userdata['user_id']; - $username = $this_userdata['username']; + $username = htmlspecialchars($this_userdata['username']); $email = $this_userdata['user_email']; $password = ''; $password_confirm = ''; $icq = $this_userdata['user_icq']; - $aim = str_replace('+', ' ', $this_userdata['user_aim'] ); - $msn = $this_userdata['user_msnm']; - $yim = $this_userdata['user_yim']; + $aim = htmlspecialchars(str_replace('+', ' ', $this_userdata['user_aim'] )); + $msn = htmlspecialchars($this_userdata['user_msnm']); + $yim = htmlspecialchars($this_userdata['user_yim']); - $website = $this_userdata['user_website']; - $location = $this_userdata['user_from']; - $occupation = $this_userdata['user_occ']; - $interests = $this_userdata['user_interests']; - $signature = $this_userdata['user_sig']; + $website = htmlspecialchars($this_userdata['user_website']); + $location = htmlspecialchars($this_userdata['user_from']); + $occupation = htmlspecialchars($this_userdata['user_occ']); + $interests = htmlspecialchars($this_userdata['user_interests']); + $signature = ( $this_userdata['user_sig_bbcode_uid'] != '' ) ? htmlspecialchars(preg_replace("/:(([a-z0-9]+:)?)" . $this_userdata['user_sig_bbcode_uid'] . "\]/si", ']', $userdata['user_sig'])) : htmlspecialchars($userdata['user_sig']); $viewemail = $this_userdata['user_viewemail']; $notifypm = $this_userdata['user_notify_pm']; @@ -788,7 +788,7 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) | $user_style = $this_userdata['user_style']; $user_lang = $this_userdata['user_lang']; $user_timezone = $this_userdata['user_timezone']; - $user_dateformat = $this_userdata['user_dateformat']; + $user_dateformat = htmlspecialchars($this_userdata['user_dateformat']); $user_status = $this_userdata['user_active']; $user_allowavatar = $this_userdata['user_allowavatar']; @@ -980,8 +980,6 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) | $rank_select_box .= ''; } - $signature = preg_replace('/\:[0-9a-z\:]*?\]/si', ']', $signature); - $template->set_filenames(array( "body" => "admin/user_edit_body.tpl") ); diff --git a/phpBB/db/schemas/ms_access_primer.zip b/phpBB/db/schemas/ms_access_primer.zip index d70c5b28fd..8b0776cc8d 100644 Binary files a/phpBB/db/schemas/ms_access_primer.zip and b/phpBB/db/schemas/ms_access_primer.zip differ diff --git a/phpBB/db/schemas/mysql_schema.sql b/phpBB/db/schemas/mysql_schema.sql index 750ad5cad9..b33ed4b3a5 100644 --- a/phpBB/db/schemas/mysql_schema.sql +++ b/phpBB/db/schemas/mysql_schema.sql @@ -21,7 +21,7 @@ CREATE TABLE phpbb_auth_access ( auth_vote tinyint(1) DEFAULT '0' NOT NULL, auth_pollcreate tinyint(1) DEFAULT '0' NOT NULL, auth_attachments tinyint(1) DEFAULT '0' NOT NULL, - auth_mod tinyint(1) DEFAULT '0' NOT NULL, + auth_mod tinyint(1) DEFAULT '0' NOT NULL, KEY group_id (group_id), KEY forum_id (forum_id) ); @@ -33,7 +33,7 @@ CREATE TABLE phpbb_auth_access ( CREATE TABLE phpbb_user_group ( group_id mediumint(8) DEFAULT '0' NOT NULL, user_id mediumint(8) DEFAULT '0' NOT NULL, - user_pending tinyint(1), + user_pending tinyint(1), KEY group_id (group_id), KEY user_id (user_id) ); @@ -43,12 +43,12 @@ CREATE TABLE phpbb_user_group ( # CREATE TABLE phpbb_groups ( group_id mediumint(8) NOT NULL auto_increment, - group_type tinyint(4) DEFAULT '1' NOT NULL, + group_type tinyint(4) DEFAULT '1' NOT NULL, group_name varchar(40) NOT NULL, group_description varchar(255) NOT NULL, - group_moderator mediumint(8) DEFAULT '0' NOT NULL, - group_single_user tinyint(1) DEFAULT '1' NOT NULL, - PRIMARY KEY (group_id), + group_moderator mediumint(8) DEFAULT '0' NOT NULL, + group_single_user tinyint(1) DEFAULT '1' NOT NULL, + PRIMARY KEY (group_id), KEY group_single_user (group_single_user) ); @@ -62,7 +62,7 @@ CREATE TABLE phpbb_banlist ( ban_userid mediumint(8) NOT NULL, ban_ip char(8) NOT NULL, ban_email varchar(255), - PRIMARY KEY (ban_id), + PRIMARY KEY (ban_id), KEY ban_ip_user_id (ban_ip, ban_userid) ); @@ -75,7 +75,7 @@ CREATE TABLE phpbb_categories ( cat_id mediumint(8) UNSIGNED NOT NULL auto_increment, cat_title varchar(100), cat_order mediumint(8) UNSIGNED NOT NULL, - PRIMARY KEY (cat_id), + PRIMARY KEY (cat_id), KEY cat_order (cat_order) ); @@ -84,9 +84,9 @@ CREATE TABLE phpbb_categories ( # # Table structure for table 'phpbb_config' # -CREATE TABLE phpbb_config ( - config_name varchar(255) NOT NULL, - config_value varchar(255) NOT NULL, +CREATE TABLE phpbb_config ( + config_name varchar(255) NOT NULL, + config_value varchar(255) NOT NULL, PRIMARY KEY (config_name) ); @@ -125,7 +125,7 @@ CREATE TABLE phpbb_forums ( cat_id mediumint(8) UNSIGNED NOT NULL, forum_name varchar(150), forum_desc text, - forum_status tinyint(4) DEFAULT '0' NOT NULL, + forum_status tinyint(4) DEFAULT '0' NOT NULL, forum_order mediumint(8) UNSIGNED DEFAULT '1' NOT NULL, forum_posts mediumint(8) UNSIGNED DEFAULT '0' NOT NULL, forum_topics mediumint(8) UNSIGNED DEFAULT '0' NOT NULL, @@ -145,7 +145,7 @@ CREATE TABLE phpbb_forums ( auth_attachments tinyint(2) DEFAULT '0' NOT NULL, PRIMARY KEY (forum_id), KEY forums_order (forum_order), - KEY cat_id (cat_id), + KEY cat_id (cat_id), KEY forum_last_post_id (forum_last_post_id) ); @@ -160,18 +160,18 @@ CREATE TABLE phpbb_posts ( forum_id smallint(5) UNSIGNED DEFAULT '0' NOT NULL, poster_id mediumint(8) DEFAULT '0' NOT NULL, post_time int(11) DEFAULT '0' NOT NULL, - poster_ip char(8) NOT NULL, - post_username varchar(25), + poster_ip char(8) NOT NULL, + post_username varchar(25), enable_bbcode tinyint(1) DEFAULT '1' NOT NULL, enable_html tinyint(1) DEFAULT '0' NOT NULL, enable_smilies tinyint(1) DEFAULT '1' NOT NULL, - enable_sig tinyint(1) DEFAULT '1' NOT NULL, + enable_sig tinyint(1) DEFAULT '1' NOT NULL, post_edit_time int(11), post_edit_count smallint(5) UNSIGNED DEFAULT '0' NOT NULL, PRIMARY KEY (post_id), KEY forum_id (forum_id), KEY topic_id (topic_id), - KEY poster_id (poster_id), + KEY poster_id (poster_id), KEY post_time (post_time) ); @@ -203,8 +203,8 @@ CREATE TABLE phpbb_privmsgs ( privmsgs_ip char(8) NOT NULL, privmsgs_enable_bbcode tinyint(1) DEFAULT '1' NOT NULL, privmsgs_enable_html tinyint(1) DEFAULT '0' NOT NULL, - privmsgs_enable_smilies tinyint(1) DEFAULT '1' NOT NULL, - privmsgs_attach_sig tinyint(1) DEFAULT '1' NOT NULL, + privmsgs_enable_smilies tinyint(1) DEFAULT '1' NOT NULL, + privmsgs_attach_sig tinyint(1) DEFAULT '1' NOT NULL, PRIMARY KEY (privmsgs_id), KEY privmsgs_from_userid (privmsgs_from_userid), KEY privmsgs_to_userid (privmsgs_to_userid) @@ -217,7 +217,7 @@ CREATE TABLE phpbb_privmsgs ( # CREATE TABLE phpbb_privmsgs_text ( privmsgs_text_id mediumint(8) UNSIGNED DEFAULT '0' NOT NULL, - privmsgs_bbcode_uid char(10) DEFAULT '0' NOT NULL, + privmsgs_bbcode_uid char(10) DEFAULT '0' NOT NULL, privmsgs_text text, PRIMARY KEY (privmsgs_text_id) ); @@ -233,7 +233,7 @@ CREATE TABLE phpbb_ranks ( rank_min mediumint(8) DEFAULT '0' NOT NULL, rank_special tinyint(1) DEFAULT '0', rank_image varchar(255), - PRIMARY KEY (rank_id) + PRIMARY KEY (rank_id) ); @@ -258,7 +258,7 @@ CREATE TABLE phpbb_search_wordlist ( word_text varchar(50) binary NOT NULL default '', word_id mediumint(8) UNSIGNED NOT NULL auto_increment, word_common tinyint(1) unsigned NOT NULL default '0', - PRIMARY KEY (word_text), + PRIMARY KEY (word_text), KEY word_id (word_id) ); @@ -270,6 +270,7 @@ CREATE TABLE phpbb_search_wordmatch ( post_id mediumint(8) UNSIGNED NOT NULL default '0', word_id mediumint(8) UNSIGNED NOT NULL default '0', title_match tinyint(1) NOT NULL default '0', + KEY post_id (post_id), KEY word_id (word_id) ); @@ -282,7 +283,7 @@ CREATE TABLE phpbb_search_wordmatch ( # this table a type HEAP. This type of table is stored # within system memory and therefore for big busy boards # is likely to be noticeably faster than continually -# writing to disk ... +# writing to disk ... # # I must admit I read about this type on vB's board. # Hey, I never said you cannot get basic ideas from @@ -321,8 +322,8 @@ CREATE TABLE phpbb_smilies ( # Table structure for table 'phpbb_themes' # CREATE TABLE phpbb_themes ( - themes_id mediumint(8) UNSIGNED NOT NULL auto_increment, - template_name varchar(30) NOT NULL default '', + themes_id mediumint(8) UNSIGNED NOT NULL auto_increment, + template_name varchar(30) NOT NULL default '', style_name varchar(30) NOT NULL default '', head_stylesheet varchar(100) default NULL, body_background varchar(100) default NULL, @@ -361,9 +362,9 @@ CREATE TABLE phpbb_themes ( fontcolor3 varchar(6) default NULL, span_class1 varchar(25) default NULL, span_class2 varchar(25) default NULL, - span_class3 varchar(25) default NULL, - img_size_poll smallint(5) UNSIGNED, - img_size_privmsg smallint(5) UNSIGNED, + span_class3 varchar(25) default NULL, + img_size_poll smallint(5) UNSIGNED, + img_size_privmsg smallint(5) UNSIGNED, PRIMARY KEY (themes_id) ); @@ -429,8 +430,8 @@ CREATE TABLE phpbb_topics ( PRIMARY KEY (topic_id), KEY forum_id (forum_id), KEY topic_moved_id (topic_moved_id), - KEY topic_status (topic_status), - KEY topic_type (topic_type) + KEY topic_status (topic_status), + KEY topic_type (topic_type) ); @@ -443,7 +444,7 @@ CREATE TABLE phpbb_topics_watch ( user_id mediumint(8) NOT NULL DEFAULT '0', notify_status tinyint(1) NOT NULL default '0', KEY topic_id (topic_id), - KEY user_id (user_id), + KEY user_id (user_id), KEY notify_status (notify_status) ); @@ -457,34 +458,34 @@ CREATE TABLE phpbb_users ( user_active tinyint(1) DEFAULT '1', username varchar(25) NOT NULL, user_password varchar(32) NOT NULL, - user_session_time int(11) DEFAULT '0' NOT NULL, - user_session_page smallint(5) DEFAULT '0' NOT NULL, - user_lastvisit int(11) DEFAULT '0' NOT NULL, - user_regdate int(11) DEFAULT '0' NOT NULL, + user_session_time int(11) DEFAULT '0' NOT NULL, + user_session_page smallint(5) DEFAULT '0' NOT NULL, + user_lastvisit int(11) DEFAULT '0' NOT NULL, + user_regdate int(11) DEFAULT '0' NOT NULL, user_level tinyint(4) DEFAULT '0', user_posts mediumint(8) UNSIGNED DEFAULT '0' NOT NULL, user_timezone decimal(4,2) DEFAULT '0' NOT NULL, user_style tinyint(4), user_lang varchar(255), user_dateformat varchar(14) DEFAULT 'd M Y H:i' NOT NULL, - user_new_privmsg smallint(5) UNSIGNED DEFAULT '0' NOT NULL, - user_unread_privmsg smallint(5) UNSIGNED DEFAULT '0' NOT NULL, - user_last_privmsg int(11) DEFAULT '0' NOT NULL, - user_emailtime int(11), - user_viewemail tinyint(1), - user_attachsig tinyint(1), - user_allowhtml tinyint(1) DEFAULT '1', - user_allowbbcode tinyint(1) DEFAULT '1', - user_allowsmile tinyint(1) DEFAULT '1', - user_allowavatar tinyint(1) DEFAULT '1' NOT NULL, - user_allow_pm tinyint(1) DEFAULT '1' NOT NULL, - user_allow_viewonline tinyint(1) DEFAULT '1' NOT NULL, + user_new_privmsg smallint(5) UNSIGNED DEFAULT '0' NOT NULL, + user_unread_privmsg smallint(5) UNSIGNED DEFAULT '0' NOT NULL, + user_last_privmsg int(11) DEFAULT '0' NOT NULL, + user_emailtime int(11), + user_viewemail tinyint(1), + user_attachsig tinyint(1), + user_allowhtml tinyint(1) DEFAULT '1', + user_allowbbcode tinyint(1) DEFAULT '1', + user_allowsmile tinyint(1) DEFAULT '1', + user_allowavatar tinyint(1) DEFAULT '1' NOT NULL, + user_allow_pm tinyint(1) DEFAULT '1' NOT NULL, + user_allow_viewonline tinyint(1) DEFAULT '1' NOT NULL, user_notify tinyint(1) DEFAULT '1' NOT NULL, - user_notify_pm tinyint(1) DEFAULT '1' NOT NULL, - user_popup_pm tinyint(1) DEFAULT '0' NOT NULL, + user_notify_pm tinyint(1) DEFAULT '1' NOT NULL, + user_popup_pm tinyint(1) DEFAULT '0' NOT NULL, user_rank int(11) DEFAULT '0', user_avatar varchar(100), - user_avatar_type tinyint(4) DEFAULT '0' NOT NULL, + user_avatar_type tinyint(4) DEFAULT '0' NOT NULL, user_email varchar(255), user_icq varchar(15), user_website varchar(100), @@ -498,7 +499,7 @@ CREATE TABLE phpbb_users ( user_interests varchar(255), user_actkey varchar(32), user_newpasswd varchar(32), - PRIMARY KEY (user_id), + PRIMARY KEY (user_id), KEY user_session_time (user_session_time) ); diff --git a/phpBB/db/schemas/postgres_schema.sql b/phpBB/db/schemas/postgres_schema.sql index 92be0f31ca..d20129d649 100644 --- a/phpBB/db/schemas/postgres_schema.sql +++ b/phpBB/db/schemas/postgres_schema.sql @@ -264,6 +264,7 @@ CREATE TABLE phpbb_search_wordmatch ( title_match int2 NOT NULL default '0' ); CREATE INDEX word_id_phpbb_search_wordmatch ON phpbb_search_wordmatch (word_id); +CREATE INDEX post_id_phpbb_search_wordmatch ON phpbb_search_wordmatch (post_id); /* -------------------------------------------------------- diff --git a/phpBB/develop/encoding_emails.php b/phpBB/develop/encoding_emails.php index 1776d142d3..7c1a109692 100644 --- a/phpBB/develop/encoding_emails.php +++ b/phpBB/develop/encoding_emails.php @@ -27,7 +27,7 @@ // Remove or comment the next line (die(".... ) to enable this script. // Do NOT FORGET to either remove this script or disable it after you have used it. // -die("Please read the first lines of this script for instructions on how to enable it"); +//die("Please read the first lines of this script for instructions on how to enable it"); $dirname = "./../language"; $dir = opendir($dirname); diff --git a/phpBB/groupcp.php b/phpBB/groupcp.php index ca9a4cc659..43d1a95017 100644 --- a/phpBB/groupcp.php +++ b/phpBB/groupcp.php @@ -287,7 +287,7 @@ else if ( isset($HTTP_POST_VARS['joingroup']) && $group_id ) $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], 'GROUP_MODERATOR' => $moderator['username'], - 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']), + 'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']) : '', 'U_GROUPCP' => $server_url . '?' . POST_GROUPS_URL . "=$group_id&validate=true") ); @@ -569,7 +569,7 @@ else if ( $group_id ) $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], 'GROUP_NAME' => $group_name, - 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']), + 'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']) : '', 'U_GROUPCP' => $server_url . '?' . POST_GROUPS_URL . "=$group_id") ); @@ -724,7 +724,7 @@ else if ( $group_id ) $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], 'GROUP_NAME' => $group_name, - 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']), + 'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']) : '', 'U_GROUPCP' => $server_url . '?' . POST_GROUPS_URL . "=$group_id") ); diff --git a/phpBB/includes/emailer.php b/phpBB/includes/emailer.php index 12bc0a8732..30f58cc44e 100755 --- a/phpBB/includes/emailer.php +++ b/phpBB/includes/emailer.php @@ -68,7 +68,7 @@ class emailer // function set_subject($subject = '') { - $this->subject = $subject; + $this->subject = preg_replace('#[\n\r]+#s', '', $subject); } // diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 35f01039bd..eaebdb9ac4 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -176,7 +176,7 @@ function make_jumpbox($action, $match_forum_id = 0) if ( isset($SID) ) { - $boxstring .= ''; + $boxstring .= ''; } $template->set_filenames(array( diff --git a/phpBB/includes/functions_post.php b/phpBB/includes/functions_post.php index f06957bff3..16b283022a 100644 --- a/phpBB/includes/functions_post.php +++ b/phpBB/includes/functions_post.php @@ -160,7 +160,7 @@ function prepare_post(&$mode, &$post_data, &$bbcode_on, &$html_on, &$smilies_on, $bbcode_uid = ( $bbcode_on ) ? make_bbcode_uid() : ''; $message = prepare_message(trim($message), $html_on, $bbcode_on, $smilies_on, $bbcode_uid); } - else if ( $mode != 'delete' && $mode != 'polldelete' ) + else if ( $mode != 'delete' && $mode != 'poll_delete' ) { $error_msg .= ( !empty($error_msg) ) ? '
' . $lang['Empty_message'] : $lang['Empty_message']; } @@ -233,7 +233,7 @@ function submit_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_ { if ( $row = $db->sql_fetchrow($result) ) { - if ( $row['last_post_time'] > 0 && ( $current_time - $row['last_post_time'] ) < $board_config['flood_interval'] ) + if ( intval($row['last_post_time']) > 0 && ( $current_time - intval($row['last_post_time']) ) < intval($board_config['flood_interval']) ) { message_die(GENERAL_MESSAGE, $lang['Flood_Error']); } @@ -278,7 +278,7 @@ function submit_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_ message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql); } - add_search_words($post_id, stripslashes($post_message), stripslashes($post_subject)); + add_search_words('single', $post_id, stripslashes($post_message), stripslashes($post_subject)); // // Add poll @@ -634,9 +634,9 @@ function user_notification($mode, &$post_data, &$forum_id, &$topic_id, &$post_id $update_watched_sql = ''; if ( $row = $db->sql_fetchrow($result) ) { - @set_time_limit(120); + @set_time_limit(240); - $topic_title = preg_replace($orig_word, $replacement_word, unprepare_message($row['topic_title'])); + $topic_title = (count($orig_word)) ? preg_replace($orig_word, $replacement_word, unprepare_message($row['topic_title'])) : unprepare_message($row['topic_title']); do { @@ -648,7 +648,7 @@ function user_notification($mode, &$post_data, &$forum_id, &$topic_id, &$post_id $emailer->extra_headers($email_headers); $emailer->assign_vars(array( - 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']), + 'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']) : '', 'USERNAME' => $row['username'], 'SITENAME' => $board_config['sitename'], 'TOPIC_TITLE' => $topic_title, diff --git a/phpBB/includes/functions_search.php b/phpBB/includes/functions_search.php index 49cf01126f..894257713a 100644 --- a/phpBB/includes/functions_search.php +++ b/phpBB/includes/functions_search.php @@ -97,11 +97,11 @@ function split_words(&$entry, $mode = 'post') return $split_entries[1]; } -function add_search_words($post_id, $post_text, $post_title = '') +function add_search_words($mode, $post_id, $post_text, $post_title = '') { global $db, $phpbb_root_path, $board_config, $lang; - $stopwords_array = @file($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . "/search_stopwords.txt"); + $stopword_array = @file($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . "/search_stopwords.txt"); $synonym_array = @file($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . "/search_synonyms.txt"); $search_raw_words = array(); @@ -244,7 +244,7 @@ function add_search_words($post_id, $post_text, $post_title = '') } } - if ( $mode == 'single' ) + if ($mode == 'single') { remove_common('single', 0.4, $word); } diff --git a/phpBB/includes/template.php b/phpBB/includes/template.php index 85802ea932..dbd771ca77 100644 --- a/phpBB/includes/template.php +++ b/phpBB/includes/template.php @@ -331,7 +331,7 @@ class Template { if ($block_nesting_level < 2) { // Block is not nested. - $code_lines[$i] = '$_' . $a[1] . '_count = ( isset($this->_tpldata[\'' . $n[1] . '.\']) ) ? sizeof($this->_tpldata[\'' . $n[1] . '.\']) : 0;'; + $code_lines[$i] = '$_' . $n[1] . '_count = ( isset($this->_tpldata[\'' . $n[1] . '.\']) ) ? sizeof($this->_tpldata[\'' . $n[1] . '.\']) : 0;'; $code_lines[$i] .= "\n" . 'for ($_' . $n[1] . '_i = 0; $_' . $n[1] . '_i < $_' . $n[1] . '_count; $_' . $n[1] . '_i++)'; $code_lines[$i] .= "\n" . '{'; } @@ -347,7 +347,7 @@ class Template { // current indices of all parent blocks. $varref = $this->generate_block_data_ref($namespace, false); // Create the for loop code to iterate over this block. - $code_lines[$i] = '$_' . $a[1] . '_count = ( isset(' . $varref . ') ) ? sizeof(' . $varref . ') : 0;'; + $code_lines[$i] = '$_' . $n[1] . '_count = ( isset(' . $varref . ') ) ? sizeof(' . $varref . ') : 0;'; $code_lines[$i] .= "\n" . 'for ($_' . $n[1] . '_i = 0; $_' . $n[1] . '_i < $_' . $n[1] . '_count; $_' . $n[1] . '_i++)'; $code_lines[$i] .= "\n" . '{'; } diff --git a/phpBB/includes/usercp_activate.php b/phpBB/includes/usercp_activate.php index f8da8e13bf..d5d226ea8e 100644 --- a/phpBB/includes/usercp_activate.php +++ b/phpBB/includes/usercp_activate.php @@ -27,7 +27,7 @@ if ( !defined('IN_PHPBB') ) exit; } -$sql = "SELECT user_active, user_id, user_email, user_newpasswd, user_lang, user_actkey +$sql = "SELECT user_active, user_id, username, user_email, user_newpasswd, user_lang, user_actkey FROM " . USERS_TABLE . " WHERE user_id = " . intval($HTTP_GET_VARS[POST_USERS_URL]); if ( !($result = $db->sql_query($sql)) ) @@ -57,7 +57,7 @@ if ( $row = $db->sql_fetchrow($result) ) message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql_update); } - if ( $board_config['require_activation'] == USER_ACTIVATION_ADMIN && $sql_update_pass == '' ) + if ( intval($board_config['require_activation']) == USER_ACTIVATION_ADMIN && $sql_update_pass == '' ) { include($phpbb_root_path . 'includes/emailer.'.$phpEx); $emailer = new emailer($board_config['smtp_delivery']); @@ -71,9 +71,9 @@ if ( $row = $db->sql_fetchrow($result) ) $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], - 'USERNAME' => $username, + 'USERNAME' => $row['username'], 'PASSWORD' => $password_confirm, - 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig'])) + 'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']) : '') ); $emailer->send(); $emailer->reset(); diff --git a/phpBB/includes/usercp_avatar.php b/phpBB/includes/usercp_avatar.php index 32735fa462..f6d3f2d7a9 100644 --- a/phpBB/includes/usercp_avatar.php +++ b/phpBB/includes/usercp_avatar.php @@ -242,7 +242,7 @@ function user_avatar_upload($mode, $avatar_mode, &$current_avatar, &$current_typ return $avatar_sql; } -function display_avatar_gallery($mode, &$category, &$user_id, &$email, &$current_email, &$coppa, &$username, &$email, &$new_password, &$cur_password, &$password_confirm, &$icq, &$aim, &$msn, &$yim, &$website, &$location, &$occupation, &$interests, &$signature, &$viewemail, &$notifypm, &$popuppm, &$notifyreply, &$attachsig, &$allowhtml, &$allowbbcode, &$allowsmilies, &$hideonline, &$style, &$language, &$timezone, &$dateformat) +function display_avatar_gallery($mode, &$category, &$user_id, &$email, &$current_email, &$coppa, &$username, &$email, &$new_password, &$cur_password, &$password_confirm, &$icq, &$aim, &$msn, &$yim, &$website, &$location, &$occupation, &$interests, &$signature, &$viewemail, &$notifypm, &$popuppm, &$notifyreply, &$attachsig, &$allowhtml, &$allowbbcode, &$allowsmilies, &$hideonline, &$style, &$language, &$timezone, &$dateformat, &$session_id) { global $board_config, $db, $template, $lang, $images, $theme; global $phpbb_root_path, $phpEx; @@ -320,7 +320,7 @@ function display_avatar_gallery($mode, &$category, &$user_id, &$email, &$current $params = array('coppa', 'user_id', 'username', 'email', 'current_email', 'cur_password', 'new_password', 'password_confirm', 'icq', 'aim', 'msn', 'yim', 'website', 'location', 'occupation', 'interests', 'signature', 'viewemail', 'notifypm', 'popuppm', 'notifyreply', 'attachsig', 'allowhtml', 'allowbbcode', 'allowsmilies', 'hideonline', 'style', 'language', 'timezone', 'dateformat'); - $s_hidden_vars = ''; + $s_hidden_vars = ''; for($i = 0; $i < count($params); $i++) { diff --git a/phpBB/includes/usercp_email.php b/phpBB/includes/usercp_email.php index bfaaa30a84..eaa048fc50 100644 --- a/phpBB/includes/usercp_email.php +++ b/phpBB/includes/usercp_email.php @@ -62,6 +62,11 @@ if ( $result = $db->sql_query($sql) ) if ( isset($HTTP_POST_VARS['submit']) ) { + if (!isset($HTTP_POST_VARS['session_id']) || $HTTP_POST_VARS['session_id'] != $userdata['session_id']) + { + message_die(ERROR, 'Invalid_session'); + } + $error = FALSE; if ( !empty($HTTP_POST_VARS['subject']) ) @@ -170,6 +175,7 @@ if ( $result = $db->sql_query($sql) ) $template->assign_vars(array( 'USERNAME' => $username, + 'S_HIDDEN_FIELDS' => '', 'S_POST_ACTION' => append_sid("profile.$phpEx?&mode=email&" . POST_USERS_URL . "=$user_id"), 'L_SEND_EMAIL_MSG' => $lang['Send_email_msg'], diff --git a/phpBB/includes/usercp_register.php b/phpBB/includes/usercp_register.php index a36090f947..151fa0c804 100644 --- a/phpBB/includes/usercp_register.php +++ b/phpBB/includes/usercp_register.php @@ -80,6 +80,11 @@ if ( isset($HTTP_POST_VARS['cancelavatar']) || $mode == 'register' ) { + if (!isset($HTTP_POST_VARS['session_id']) || $HTTP_POST_VARS['session_id'] != $userdata['session_id']) + { + message_die(ERROR, 'Invalid_session_id'); + } + include($phpbb_root_path . 'includes/functions_validate.'.$phpEx); include($phpbb_root_path . 'includes/bbcode.'.$phpEx); include($phpbb_root_path . 'includes/functions_post.'.$phpEx); @@ -183,18 +188,18 @@ if ( $password_confirm = stripslashes($password_confirm); $icq = stripslashes($icq); - $aim = stripslashes($aim); - $msn = stripslashes($msn); - $yim = stripslashes($yim); + $aim = htmlspecialchars(stripslashes($aim)); + $msn = htmlspecialchars(stripslashes($msn)); + $yim = htmlspecialchars(stripslashes($yim)); - $website = stripslashes($website); - $location = stripslashes($location); - $occupation = stripslashes($occupation); - $interests = stripslashes($interests); - $signature = stripslashes($signature); + $website = htmlspecialchars(stripslashes($website)); + $location = htmlspecialchars(stripslashes($location)); + $occupation = htmlspecialchars(stripslashes($occupation)); + $interests = htmlspecialchars(stripslashes($interests)); + $signature = htmlspecialchars(stripslashes($signature)); $user_lang = stripslashes($user_lang); - $user_dateformat = stripslashes($user_dateformat); + $user_dateformat = htmlspecialchars(stripslashes($user_dateformat)); if ( !isset($HTTP_POST_VARS['cancelavatar'])) { @@ -459,7 +464,7 @@ if ( isset($HTTP_POST_VARS['submit']) ) $emailer->assign_vars(array( 'SITENAME' => $board_config['sitename'], 'USERNAME' => $username, - 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']), + 'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']) : '', 'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey) ); @@ -651,7 +656,7 @@ if ( $error ) $signature = ( $signature_bbcode_uid != '' ) ? preg_replace("/:(([a-z0-9]+:)?)$signature_bbcode_uid\]/si", ']', $signature) : $signature; $user_lang = stripslashes($user_lang); - $user_dateformat = stripslashes($user_dateformat); + $user_dateformat = htmlspecialchars(stripslashes($user_dateformat)); } else if ( $mode == 'editprofile' && !isset($HTTP_POST_VARS['avatargallery']) && !isset($HTTP_POST_VARS['submitavatar']) && !isset($HTTP_POST_VARS['cancelavatar']) ) @@ -690,7 +695,7 @@ else if ( $mode == 'editprofile' && !isset($HTTP_POST_VARS['avatargallery']) && $user_style = $userdata['user_style']; $user_lang = $userdata['user_lang']; $user_timezone = $userdata['user_timezone']; - $user_dateformat = $userdata['user_dateformat']; + $user_dateformat = htmlspecialchars($userdata['user_dateformat']); } // @@ -721,7 +726,7 @@ if( isset($HTTP_POST_VARS['avatargallery']) && !$error ) $allowviewonline = !$allowviewonline; - display_avatar_gallery($mode, $avatar_category, $user_id, $email, $current_email, $coppa, $username, $email, &$new_password, &$cur_password, $password_confirm, $icq, $aim, $msn, $yim, $website, $location, $occupation, $interests, $signature, $viewemail, $notifypm, $popuppm, $notifyreply, $attachsig, $allowhtml, $allowbbcode, $allowsmilies, $allowviewonline, $user_style, $user_lang, $user_timezone, $user_dateformat); + display_avatar_gallery($mode, $avatar_category, $user_id, $email, $current_email, $coppa, $username, $email, &$new_password, &$cur_password, $password_confirm, $icq, $aim, $msn, $yim, $website, $location, $occupation, $interests, $signature, $viewemail, $notifypm, $popuppm, $notifyreply, $attachsig, $allowhtml, $allowbbcode, $allowsmilies, $allowviewonline, $user_style, $user_lang, $user_timezone, $user_dateformat, $userdata['session_id']); } else { @@ -754,7 +759,7 @@ else } } - $s_hidden_fields = ''; + $s_hidden_fields = ''; if( $mode == 'editprofile' ) { $s_hidden_fields .= ''; diff --git a/phpBB/includes/usercp_sendpasswd.php b/phpBB/includes/usercp_sendpasswd.php index 3290db6ee0..ff3b2c05fa 100644 --- a/phpBB/includes/usercp_sendpasswd.php +++ b/phpBB/includes/usercp_sendpasswd.php @@ -76,7 +76,7 @@ if ( isset($HTTP_POST_VARS['submit']) ) 'SITENAME' => $board_config['sitename'], 'USERNAME' => $username, 'PASSWORD' => $user_password, - 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']), + 'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']) : '', 'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey) ); diff --git a/phpBB/language/lang_dutch/lang_main.php b/phpBB/language/lang_dutch/lang_main.php index a72463d6cd..90d5fc7c11 100644 --- a/phpBB/language/lang_dutch/lang_main.php +++ b/phpBB/language/lang_dutch/lang_main.php @@ -574,6 +574,7 @@ $lang['password_confirm_if_changed'] = 'Je hoeft alleen je wachtwoord te bevesti $lang['Avatar'] = 'Avatar'; $lang['Avatar_explain'] = 'Laat een kleine afbeelding onder je naam zien in ieder bericht. Je kan maar één afbeelding tegelijkertijd gebruiken, de breedte mag niet meer dan %d pixels zijn, de hoogte moet onder de %d pixels blijven. De maximale bestandsgrootte is %dKB'; +$lang['Upload_Avatar_file'] = 'Upload Avatar vanaf jouw machine'; $lang['Upload_Avatar_URL'] = 'Upload Avatar vanaf een Internet lokatie (URL)'; $lang['Upload_Avatar_URL_explain'] = 'Geef de URL waar je Avatar staat, de afbeelding wordt gekopieerd naar deze site.'; $lang['Pick_local_Avatar'] = 'Selecteer een Avatar uit de gallery'; diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index a1ded0646d..838e11dc1f 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -110,7 +110,7 @@ if ( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) ) switch( $mode ) { - case 'joindate': + case 'joined': $order_by = "user_regdate ASC LIMIT $start, " . $board_config['topics_per_page']; break; case 'username': diff --git a/phpBB/posting.php b/phpBB/posting.php index 3e9f28fb75..2fb832f975 100644 --- a/phpBB/posting.php +++ b/phpBB/posting.php @@ -121,6 +121,26 @@ if ( isset($HTTP_POST_VARS['cancel']) ) exit; } +// +// Compare sid ... if sids don't match +// output message ... note that AOL'ers may +// obtain this error until the session code +// is modified to change the 6 to 4 in the IP +// comparison checks ... or if a user takes +// longer than session time to submit the form +// both can be easily altered by the admin +// +if ( $submit || $refresh ) +{ + if (!isset($HTTP_POST_VARS['session_id']) || $HTTP_POST_VARS['session_id'] != $userdata['session_id']) + { + // I've not added this to the language set at this time ... re-releasing + // every single language to include this for the once in a blue moon + // time it will be output is just not worthwhile at present. + message_die(GENERAL_MESSAGE, 'Invalid_session'); + } +} + // // What auth type do we need to check? // @@ -545,6 +565,7 @@ else if ( $submit || $confirm ) $topic_type = ( $topic_type != $post_data['topic_type'] && !$is_auth['auth_sticky'] && !$is_auth['auth_announce'] ) ? $post_data['topic_type'] : $topic_type; submit_post($mode, $post_data, $return_message, $return_meta, $forum_id, $topic_id, $post_id, $poll_id, $topic_type, $bbcode_on, $html_on, $smilies_on, $attach_sig, $bbcode_uid, str_replace("\'", "''", $username), str_replace("\'", "''", $subject), str_replace("\'", "''", $message), str_replace("\'", "''", $poll_title), $poll_options, $poll_length); + if ( $error_msg == '' ) { user_notification($mode, $post_data, $forum_id, $topic_id, $post_id, $notify_user); @@ -908,7 +929,7 @@ if ( $mode == 'newtopic' || ( $mode == 'editpost' && $post_data['first_post'] ) } } -$hidden_form_fields = ''; +$hidden_form_fields = ''; switch( $mode ) { diff --git a/phpBB/privmsg.php b/phpBB/privmsg.php index 0e168cb051..edb97dd563 100644 --- a/phpBB/privmsg.php +++ b/phpBB/privmsg.php @@ -1151,7 +1151,7 @@ else if ( $submit || $refresh || $mode != '' ) $emailer->assign_vars(array( 'USERNAME' => $to_username, 'SITENAME' => $board_config['sitename'], - 'EMAIL_SIG' => str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']), + 'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('
', "\n", "-- \n" . $board_config['board_email_sig']) : '', 'U_INBOX' => $server_protocol . $server_name . $server_port . $script_name . '?folder=inbox') ); diff --git a/phpBB/templates/subSilver/images/lang_italian/icon_quote.gif b/phpBB/templates/subSilver/images/lang_italian/icon_quote.gif index 30bc0487e9..332c5e0617 100644 Binary files a/phpBB/templates/subSilver/images/lang_italian/icon_quote.gif and b/phpBB/templates/subSilver/images/lang_italian/icon_quote.gif differ diff --git a/phpBB/templates/subSilver/profile_send_email.tpl b/phpBB/templates/subSilver/profile_send_email.tpl index 289addf51c..86c28cb4dd 100644 --- a/phpBB/templates/subSilver/profile_send_email.tpl +++ b/phpBB/templates/subSilver/profile_send_email.tpl @@ -57,7 +57,7 @@ function checkForm(formObj) { - + {S_HIDDEN_FIELDS} diff --git a/phpBB/update_to_203.php b/phpBB/update_to_203.php index 5fa3f8022c..9c4f602f14 100644 --- a/phpBB/update_to_203.php +++ b/phpBB/update_to_203.php @@ -441,7 +441,30 @@ switch ( $row['config_value'] ) END OF DROP GROUP -- don't remove anything after this point! -------------------------------------------------------------- */ break; + } + + case '.0.3': + + // Need to add index to post_id in search_wordmatch (mysql, postgresql, msaccess ... both indexes) + // Add auto_increment equiv to groups table (Doug overlooked it ...) for pgsql and msaccess + +//mysql + +//pgsql +"CREATE SEQUENCE phpbb_groups_id_seq start 3 increment 1 maxvalue 2147483647 minvalue 1 cache 1"; +CREATE TABLE temp AS SELECT did, city FROM distributors; +DROP TABLE distributors; +CREATE TABLE distributors ( + did DECIMAL(3) DEFAULT 1, + name VARCHAR(40) NOT NULL, +); +INSERT INTO distributors SELECT * FROM temp; +DROP TABLE temp; +CREATE INDEX post_id_phpbb_search_wordmatch ON phpbb_search_wordmatch (post_id); + +//msaccess + } echo "

Updating database schema

\n"; diff --git a/phpBB/upgrade.php b/phpBB/upgrade.php index b23eeb860d..c3f3ba1100 100644 --- a/phpBB/upgrade.php +++ b/phpBB/upgrade.php @@ -1900,7 +1900,7 @@ if ( !empty($next) ) { do { - add_search_words($row['post_id'], $row['post_text'], $row['post_subject']); + add_search_words('global', $row['post_id'], $row['post_text'], $row['post_subject']); $inc++; if ( $inc == $per_pct ) diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index eaa0607fcf..cfca1c9ff6 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -117,7 +117,7 @@ if ( isset($HTTP_GET_VARS['view']) && empty($HTTP_GET_VARS[POST_POST_URL]) ) if ( $row = $db->sql_fetchrow($result) ) { - $topic_id = $row['topic_id']; + $topic_id = intval($row['topic_id']); } else { @@ -153,7 +153,7 @@ if ( !($forum_topic_data = $db->sql_fetchrow($result)) ) message_die(GENERAL_MESSAGE, 'Topic_post_not_exist'); } -$forum_id = $forum_topic_data['forum_id']; +$forum_id = intval($forum_topic_data['forum_id']); // // Start session management @@ -191,12 +191,12 @@ if( !$is_auth['auth_view'] || !$is_auth['auth_read'] ) $forum_name = $forum_topic_data['forum_name']; $topic_title = $forum_topic_data['topic_title']; -$topic_id = $forum_topic_data['topic_id']; +$topic_id = intval($forum_topic_data['topic_id']); $topic_time = $forum_topic_data['topic_time']; if ( !empty($post_id) ) { - $start = floor(($forum_topic_data['prev_posts'] - 1) / $board_config['posts_per_page']) * $board_config['posts_per_page']; + $start = floor(($forum_topic_data['prev_posts'] - 1) / intval($board_config['posts_per_page'])) * intval($board_config['posts_per_page']); } // @@ -317,7 +317,7 @@ $previous_days_text = array($lang['All_Posts'], $lang['1_Day'], $lang['7_Days'], if( !empty($HTTP_POST_VARS['postdays']) || !empty($HTTP_GET_VARS['postdays']) ) { $post_days = ( !empty($HTTP_POST_VARS['postdays']) ) ? $HTTP_POST_VARS['postdays'] : $HTTP_GET_VARS['postdays']; - $min_post_time = time() - ($post_days * 86400); + $min_post_time = time() - (intval($post_days) * 86400); $sql = "SELECT COUNT(p.post_id) AS num_posts FROM " . TOPICS_TABLE . " t, " . POSTS_TABLE . " p @@ -329,7 +329,7 @@ if( !empty($HTTP_POST_VARS['postdays']) || !empty($HTTP_GET_VARS['postdays']) ) message_die(GENERAL_ERROR, "Could not obtain limited topics count information", '', __LINE__, __FILE__, $sql); } - $total_replies = ( $row = $db->sql_fetchrow($result) ) ? $row['num_posts'] : 0; + $total_replies = ( $row = $db->sql_fetchrow($result) ) ? intval($row['num_posts']) : 0; $limit_posts_time = "AND p.post_time >= $min_post_time "; @@ -340,7 +340,7 @@ if( !empty($HTTP_POST_VARS['postdays']) || !empty($HTTP_GET_VARS['postdays']) ) } else { - $total_replies = $forum_topic_data['topic_replies'] + 1; + $total_replies = intval($forum_topic_data['topic_replies']) + 1; $limit_posts_time = ''; $post_days = 0; @@ -407,9 +407,40 @@ if ( $row = $db->sql_fetchrow($result) ) $total_posts = count($postrow); } -else -{ - message_die(GENERAL_MESSAGE, $lang['No_posts_topic']); +else +{ + include($phpbb_root_path . 'includes/functions_admin.' . $phpEx); + sync('topic', $topic_id); + + message_die(GENERAL_MESSAGE, $lang['No_posts_topic']); +} + +$resync = FALSE; +if ($forum_topic_data['topic_replies'] + 1 < $start + count($postrows)) +{ + $resync = TRUE; +} +elseif ($start + $board_config['posts_per_page'] > $forum_topic_data['topic_replies']) +{ + $row_id = intval($forum_topic_data['topic_replies']) % intval($board_config['posts_per_page']); + if ($postrows[$row_id]['post_id'] != $forum_topic_data['topic_last_post_id'] || $start + count($postrows) < $forum_topic_data['topic_replies']) + { + $resync = TRUE; + } +} +elseif (count($postrows) < $board_config['posts_per_page']) +{ + $resync = TRUE; +} + +if ($resync) +{ + include($phpbb_root_path . 'includes/functions_admin.' . $phpEx); + sync('topic', $topic_id); + + $result = $db->sql_query('SELECT COUNT(post_id) AS total FROM ' . POSTS_TABLE . ' WHERE topic_id = ' . $topic_id); + $row = $db->sql_fetchrow($result); + $total_replies = $row['total']; } $sql = "SELECT * @@ -597,7 +628,7 @@ $template->assign_vars(array( 'TOPIC_ID' => $topic_id, 'TOPIC_TITLE' => $topic_title, 'PAGINATION' => $pagination, - 'PAGE_NUMBER' => sprintf($lang['Page_of'], ( floor( $start / $board_config['posts_per_page'] ) + 1 ), ceil( $total_replies / $board_config['posts_per_page'] )), + 'PAGE_NUMBER' => sprintf($lang['Page_of'], ( floor( $start / intval($board_config['posts_per_page']) ) + 1 ), ceil( $total_replies / intval($board_config['posts_per_page']) )), 'POST_IMG' => $post_img, 'REPLY_IMG' => $reply_img,