diff -crN phpbb200/admin/admin_board.php phpbb2023/admin/admin_board.php
*** phpbb200/admin/admin_board.php Sat Jul 10 20:16:13 2004
--- phpbb2023/admin/admin_board.php Sun Feb 10 18:19:53 2008
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_board.php,v 1.51 2002/03/22 17:00:32 psotfx Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_board.php 6772 2006-12-16 13:11:28Z acydburn $
*
*
***************************************************************************/
***************
*** 16,31 ****
if( !empty($setmodules) )
{
$file = basename(__FILE__);
! $module['General']['Configuration'] = "$file?mode=config";
return;
}
//
// Let's set the root dir for phpBB
//
! $phpbb_root_path = "../";
require($phpbb_root_path . 'extension.inc');
! require('pagestart.' . $phpEx);
include($phpbb_root_path . 'includes/functions_selects.'.$phpEx);
//
--- 16,31 ----
if( !empty($setmodules) )
{
$file = basename(__FILE__);
! $module['General']['Configuration'] = $file;
return;
}
//
// Let's set the root dir for phpBB
//
! $phpbb_root_path = "./../";
require($phpbb_root_path . 'extension.inc');
! require('./pagestart.' . $phpEx);
include($phpbb_root_path . 'includes/functions_selects.'.$phpEx);
//
***************
*** 43,52 ****
{
$config_name = $row['config_name'];
$config_value = $row['config_value'];
! $default_config[$config_name] = $config_value;
$new[$config_name] = ( isset($HTTP_POST_VARS[$config_name]) ) ? $HTTP_POST_VARS[$config_name] : $default_config[$config_name];
if( isset($HTTP_POST_VARS['submit']) )
{
$sql = "UPDATE " . CONFIG_TABLE . " SET
--- 43,74 ----
{
$config_name = $row['config_name'];
$config_value = $row['config_value'];
! $default_config[$config_name] = isset($HTTP_POST_VARS['submit']) ? str_replace("'", "\'", $config_value) : $config_value;
$new[$config_name] = ( isset($HTTP_POST_VARS[$config_name]) ) ? $HTTP_POST_VARS[$config_name] : $default_config[$config_name];
+ if ($config_name == 'cookie_name')
+ {
+ $new['cookie_name'] = str_replace('.', '_', $new['cookie_name']);
+ }
+
+ // Attempt to prevent a common mistake with this value,
+ // http:// is the protocol and not part of the server name
+ if ($config_name == 'server_name')
+ {
+ $new['server_name'] = str_replace('http://', '', $new['server_name']);
+ }
+
+ // Attempt to prevent a mistake with this value.
+ if ($config_name == 'avatar_path')
+ {
+ $new['avatar_path'] = trim($new['avatar_path']);
+ if (strstr($new['avatar_path'], "\0") || !is_dir($phpbb_root_path . $new['avatar_path']) || !is_writable($phpbb_root_path . $new['avatar_path']))
+ {
+ $new['avatar_path'] = $default_config['avatar_path'];
+ }
+ }
+
if( isset($HTTP_POST_VARS['submit']) )
{
$sql = "UPDATE " . CONFIG_TABLE . " SET
***************
*** 68,74 ****
}
$style_select = style_select($new['default_style'], 'default_style', "../templates");
! $lang_select = language_select($new['default_lang'], 'default_lang', "../language");
$timezone_select = tz_select($new['board_timezone'], 'board_timezone');
$disable_board_yes = ( $new['board_disable'] ) ? "checked=\"checked\"" : "";
--- 90,96 ----
}
$style_select = style_select($new['default_style'], 'default_style', "../templates");
! $lang_select = language_select($new['default_lang'], 'default_lang', "language");
$timezone_select = tz_select($new['board_timezone'], 'board_timezone');
$disable_board_yes = ( $new['board_disable'] ) ? "checked=\"checked\"" : "";
***************
*** 92,97 ****
--- 114,125 ----
$activation_user = ( $new['require_activation'] == USER_ACTIVATION_SELF ) ? "checked=\"checked\"" : "";
$activation_admin = ( $new['require_activation'] == USER_ACTIVATION_ADMIN ) ? "checked=\"checked\"" : "";
+ $confirm_yes = ($new['enable_confirm']) ? 'checked="checked"' : '';
+ $confirm_no = (!$new['enable_confirm']) ? 'checked="checked"' : '';
+
+ $allow_autologin_yes = ($new['allow_autologin']) ? 'checked="checked"' : '';
+ $allow_autologin_no = (!$new['allow_autologin']) ? 'checked="checked"' : '';
+
$board_email_form_yes = ( $new['board_email_form'] ) ? "checked=\"checked\"" : "";
$board_email_form_no = ( !$new['board_email_form'] ) ? "checked=\"checked\"" : "";
***************
*** 155,160 ****
--- 183,194 ----
"L_NONE" => $lang['Acc_None'],
"L_USER" => $lang['Acc_User'],
"L_ADMIN" => $lang['Acc_Admin'],
+ "L_VISUAL_CONFIRM" => $lang['Visual_confirm'],
+ "L_VISUAL_CONFIRM_EXPLAIN" => $lang['Visual_confirm_explain'],
+ "L_ALLOW_AUTOLOGIN" => $lang['Allow_autologin'],
+ "L_ALLOW_AUTOLOGIN_EXPLAIN" => $lang['Allow_autologin_explain'],
+ "L_AUTOLOGIN_TIME" => $lang['Autologin_time'],
+ "L_AUTOLOGIN_TIME_EXPLAIN" => $lang['Autologin_time_explain'],
"L_COOKIE_SETTINGS" => $lang['Cookie_settings'],
"L_COOKIE_SETTINGS_EXPLAIN" => $lang['Cookie_settings_explain'],
"L_COOKIE_DOMAIN" => $lang['Cookie_domain'],
***************
*** 174,179 ****
--- 208,223 ----
"L_MAX_POLL_OPTIONS" => $lang['Max_poll_options'],
"L_FLOOD_INTERVAL" => $lang['Flood_Interval'],
"L_FLOOD_INTERVAL_EXPLAIN" => $lang['Flood_Interval_explain'],
+ "L_SEARCH_FLOOD_INTERVAL" => $lang['Search_Flood_Interval'],
+ "L_SEARCH_FLOOD_INTERVAL_EXPLAIN" => $lang['Search_Flood_Interval_explain'],
+
+ 'L_MAX_LOGIN_ATTEMPTS' => $lang['Max_login_attempts'],
+ 'L_MAX_LOGIN_ATTEMPTS_EXPLAIN' => $lang['Max_login_attempts_explain'],
+ 'L_LOGIN_RESET_TIME' => $lang['Login_reset_time'],
+ 'L_LOGIN_RESET_TIME_EXPLAIN' => $lang['Login_reset_time_explain'],
+ 'MAX_LOGIN_ATTEMPTS' => $new['max_login_attempts'],
+ 'LOGIN_RESET_TIME' => $new['login_reset_time'],
+
"L_BOARD_EMAIL_FORM" => $lang['Board_email_form'],
"L_BOARD_EMAIL_FORM_EXPLAIN" => $lang['Board_email_form_explain'],
"L_TOPICS_PER_PAGE" => $lang['Topics_per_page'],
***************
*** 242,251 ****
--- 286,301 ----
"ACTIVATION_USER_CHECKED" => $activation_user,
"ACTIVATION_ADMIN" => USER_ACTIVATION_ADMIN,
"ACTIVATION_ADMIN_CHECKED" => $activation_admin,
+ "CONFIRM_ENABLE" => $confirm_yes,
+ "CONFIRM_DISABLE" => $confirm_no,
+ 'ALLOW_AUTOLOGIN_YES' => $allow_autologin_yes,
+ 'ALLOW_AUTOLOGIN_NO' => $allow_autologin_no,
+ 'AUTOLOGIN_TIME' => (int) $new['max_autologin_time'],
"BOARD_EMAIL_FORM_ENABLE" => $board_email_form_yes,
"BOARD_EMAIL_FORM_DISABLE" => $board_email_form_no,
"MAX_POLL_OPTIONS" => $new['max_poll_options'],
"FLOOD_INTERVAL" => $new['flood_interval'],
+ "SEARCH_FLOOD_INTERVAL" => $new['search_flood_interval'],
"TOPICS_PER_PAGE" => $new['topics_per_page'],
"POSTS_PER_PAGE" => $new['posts_per_page'],
"HOT_TOPIC" => $new['hot_threshold'],
***************
*** 311,316 ****
$template->pparse("body");
! include('page_footer_admin.'.$phpEx);
?>
--- 361,366 ----
$template->pparse("body");
! include('./page_footer_admin.'.$phpEx);
?>
diff -crN phpbb200/admin/admin_db_utilities.php phpbb2023/admin/admin_db_utilities.php
*** phpbb200/admin/admin_db_utilities.php Sat Jul 10 20:16:13 2004
--- phpbb2023/admin/admin_db_utilities.php Sun Feb 10 18:19:53 2008
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_db_utilities.php,v 1.42 2002/04/03 20:14:46 the_systech Exp $
*
****************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_db_utilities.php 5539 2006-02-10 20:35:40Z grahamje $
*
****************************************************************************/
***************
*** 34,48 ****
{
$filename = basename(__FILE__);
$module['General']['Backup_DB'] = $filename . "?perform=backup";
! if(@phpversion() >= '4.0.0')
! {
! $file_uploads = @ini_get('file_uploads');
! }
! else
! {
! $file_uploads = @get_cfg_var('file_uploads');
! }
! if( ($file_uploads != 0 || empty($file_uploads)) && (strtolower($file_uploads) != 'off') && (@phpversion() != '4.0.4pl1') )
{
$module['General']['Restore_DB'] = $filename . "?perform=restore";
}
--- 34,43 ----
{
$filename = basename(__FILE__);
$module['General']['Backup_DB'] = $filename . "?perform=backup";
!
! $file_uploads = (@phpversion() >= '4.0.0') ? @ini_get('file_uploads') : @get_cfg_var('file_uploads');
!
! if( (empty($file_uploads) || $file_uploads != 0) && (strtolower($file_uploads) != 'off') && (@phpversion() != '4.0.4pl1') )
{
$module['General']['Restore_DB'] = $filename . "?perform=restore";
}
***************
*** 54,62 ****
// Load default header
//
$no_page_header = TRUE;
! $phpbb_root_path = "../";
require($phpbb_root_path . 'extension.inc');
! require('pagestart.' . $phpEx);
include($phpbb_root_path . 'includes/sql_parse.'.$phpEx);
//
--- 49,57 ----
// Load default header
//
$no_page_header = TRUE;
! $phpbb_root_path = "./../";
require($phpbb_root_path . 'extension.inc');
! require('./pagestart.' . $phpEx);
include($phpbb_root_path . 'includes/sql_parse.'.$phpEx);
//
***************
*** 375,381 ****
// Ok lets grab the fields...
//
$result = $db->sql_query($field_query);
! if(!result)
{
message_die(GENERAL_ERROR, "Failed in get_table_def (show fields)", "", __LINE__, __FILE__, $field_query);
}
--- 370,376 ----
// Ok lets grab the fields...
//
$result = $db->sql_query($field_query);
! if(!$result)
{
message_die(GENERAL_ERROR, "Failed in get_table_def (show fields)", "", __LINE__, __FILE__, $field_query);
}
***************
*** 504,512 ****
while($row = $db->sql_fetchrow($result))
{
! unset($schema_vals);
! unset($schema_fields);
! unset($schema_insert);
//
// Build the SQL statement to recreate the data.
//
--- 499,507 ----
while($row = $db->sql_fetchrow($result))
{
! $schema_vals = '';
! $schema_fields = '';
! $schema_insert = '';
//
// Build the SQL statement to recreate the data.
//
***************
*** 521,527 ****
}
elseif (eregi("date|timestamp", $aryType[$i]))
{
! if ($empty($strVal))
{
$strQuote = "";
}
--- 516,522 ----
}
elseif (eregi("date|timestamp", $aryType[$i]))
{
! if (empty($strVal))
{
$strQuote = "";
}
***************
*** 571,656 ****
function get_table_content_mysql($table, $handler)
{
global $db;
- //
- // Grab the data from the table.
- //
- $result = $db->sql_query("SELECT * FROM $table");
! if (!$result)
{
message_die(GENERAL_ERROR, "Failed in get_table_content (select *)", "", __LINE__, __FILE__, "SELECT * FROM $table");
}
- if($db->sql_numrows($result) > 0)
- {
- $schema_insert = "\n#\n# Table Data for $table\n#\n";
- }
- else
- {
- $schema_insert = "";
- }
-
- $handler($schema_insert);
-
- //
// Loop through the resulting rows and build the sql statement.
! //
!
! while ($row = $db->sql_fetchrow($result))
{
! $table_list = '(';
! $num_fields = $db->sql_numfields($result);
! //
// Grab the list of field names.
! //
for ($j = 0; $j < $num_fields; $j++)
{
! $table_list .= $db->sql_fieldname($j, $result) . ', ';
}
- //
- // Get rid of the last comma
- //
- $table_list = ereg_replace(', $', '', $table_list);
$table_list .= ')';
! //
! // Start building the SQL statement.
! //
! $schema_insert = "INSERT INTO $table $table_list VALUES(";
! //
! // Loop through the rows and fill in data for each column
! //
! for ($j = 0; $j < $num_fields; $j++)
{
! if(!isset($row[$j]))
! {
! //
! // If there is no data for the column set it to null.
! // There was a problem here with an extra space causing the
! // sql file not to reimport if the last column was null in
! // any table. Should be fixed now :) JLH
! //
! $schema_insert .= ' NULL,';
! }
! elseif ($row[$j] != '')
! {
! $schema_insert .= ' \'' . addslashes($row[$j]) . '\',';
! }
! else
{
! $schema_insert .= '\'\',';
}
- }
- //
- // Get rid of the the last comma.
- //
- $schema_insert = ereg_replace(',$', '', $schema_insert);
- $schema_insert .= ');';
- //
- // Go ahead and send the insert statement to the handler function.
- //
- $handler(trim($schema_insert));
}
return(true);
}
--- 566,634 ----
function get_table_content_mysql($table, $handler)
{
global $db;
! // Grab the data from the table.
! if (!($result = $db->sql_query("SELECT * FROM $table")))
{
message_die(GENERAL_ERROR, "Failed in get_table_content (select *)", "", __LINE__, __FILE__, "SELECT * FROM $table");
}
// Loop through the resulting rows and build the sql statement.
! if ($row = $db->sql_fetchrow($result))
{
! $handler("\n#\n# Table Data for $table\n#\n");
! $field_names = array();
!
// Grab the list of field names.
! $num_fields = $db->sql_numfields($result);
! $table_list = '(';
for ($j = 0; $j < $num_fields; $j++)
{
! $field_names[$j] = $db->sql_fieldname($j, $result);
! $table_list .= (($j > 0) ? ', ' : '') . $field_names[$j];
!
}
$table_list .= ')';
!
! do
{
! // Start building the SQL statement.
! $schema_insert = "INSERT INTO $table $table_list VALUES(";
!
! // Loop through the rows and fill in data for each column
! for ($j = 0; $j < $num_fields; $j++)
{
! $schema_insert .= ($j > 0) ? ', ' : '';
!
! if(!isset($row[$field_names[$j]]))
! {
! //
! // If there is no data for the column set it to null.
! // There was a problem here with an extra space causing the
! // sql file not to reimport if the last column was null in
! // any table. Should be fixed now :) JLH
! //
! $schema_insert .= 'NULL';
! }
! elseif ($row[$field_names[$j]] != '')
! {
! $schema_insert .= '\'' . addslashes($row[$field_names[$j]]) . '\'';
! }
! else
! {
! $schema_insert .= '\'\'';
! }
}
+ $schema_insert .= ');';
+
+ // Go ahead and send the insert statement to the handler function.
+ $handler(trim($schema_insert));
+
+ }
+ while ($row = $db->sql_fetchrow($result));
}
+
return(true);
}
***************
*** 671,677 ****
//
// Begin program proper
//
-
if( isset($HTTP_GET_VARS['perform']) || isset($HTTP_POST_VARS['perform']) )
{
$perform = (isset($HTTP_POST_VARS['perform'])) ? $HTTP_POST_VARS['perform'] : $HTTP_GET_VARS['perform'];
--- 649,654 ----
***************
*** 680,701 ****
{
case 'backup':
! if( SQL_LAYER == 'oracle' || SQL_LAYER == 'odbc' || SQL_LAYER == 'mssql' )
{
! switch(SQL_LAYER)
! {
! case 'oracle':
! $db_type = "Oracle";
! break;
! case 'odbc':
! $db_type = "ODBC";
! break;
! case 'mssql':
! $db_type = "MSSQL";
! break;
! }
! include('page_header_admin.'.$phpEx);
$template->set_filenames(array(
"body" => "admin/admin_message_body.tpl")
--- 657,683 ----
{
case 'backup':
! $error = false;
! switch(SQL_LAYER)
{
! case 'oracle':
! $error = true;
! break;
! case 'db2':
! $error = true;
! break;
! case 'msaccess':
! $error = true;
! break;
! case 'mssql':
! case 'mssql-odbc':
! $error = true;
! break;
! }
! if ($error)
! {
! include('./page_header_admin.'.$phpEx);
$template->set_filenames(array(
"body" => "admin/admin_message_body.tpl")
***************
*** 708,718 ****
$template->pparse("body");
! break;
}
! $tables = array('auth_access', 'banlist', 'categories', 'config', 'disallow', 'forums', 'forum_prune', 'groups', 'posts', 'posts_text', 'privmsgs', 'privmsgs_text', 'ranks', 'search_results', 'search_results', 'search_wordlist', 'search_wordmatch', 'sessions', 'smilies', 'themes', 'themes_name', 'topics', 'topics_watch', 'user_group', 'users', 'vote_desc', 'vote_results', 'vote_voters', 'words');
!
$additional_tables = (isset($HTTP_POST_VARS['additional_tables'])) ? $HTTP_POST_VARS['additional_tables'] : ( (isset($HTTP_GET_VARS['additional_tables'])) ? $HTTP_GET_VARS['additional_tables'] : "" );
--- 690,699 ----
$template->pparse("body");
! include('./page_footer_admin.'.$phpEx);
}
! $tables = array('auth_access', 'banlist', 'categories', 'config', 'disallow', 'forums', 'forum_prune', 'groups', 'posts', 'posts_text', 'privmsgs', 'privmsgs_text', 'ranks', 'search_results', 'search_wordlist', 'search_wordmatch', 'sessions', 'smilies', 'themes', 'themes_name', 'topics', 'topics_watch', 'user_group', 'users', 'vote_desc', 'vote_results', 'vote_voters', 'words', 'confirm', 'sessions_keys');
$additional_tables = (isset($HTTP_POST_VARS['additional_tables'])) ? $HTTP_POST_VARS['additional_tables'] : ( (isset($HTTP_GET_VARS['additional_tables'])) ? $HTTP_GET_VARS['additional_tables'] : "" );
***************
*** 720,725 ****
--- 701,708 ----
$gzipcompress = (!empty($HTTP_POST_VARS['gzipcompress'])) ? $HTTP_POST_VARS['gzipcompress'] : ( (!empty($HTTP_GET_VARS['gzipcompress'])) ? $HTTP_GET_VARS['gzipcompress'] : 0 );
+ $drop = (!empty($HTTP_POST_VARS['drop'])) ? intval($HTTP_POST_VARS['drop']) : ( (!empty($HTTP_GET_VARS['drop'])) ? intval($HTTP_GET_VARS['drop']) : 0 );
+
if(!empty($additional_tables))
{
if(ereg(",", $additional_tables))
***************
*** 740,751 ****
if( !isset($HTTP_POST_VARS['backupstart']) && !isset($HTTP_GET_VARS['backupstart']))
{
! include('page_header_admin.'.$phpEx);
$template->set_filenames(array(
"body" => "admin/db_utils_backup_body.tpl")
! );
!
$s_hidden_fields = "";
$template->assign_vars(array(
--- 723,733 ----
if( !isset($HTTP_POST_VARS['backupstart']) && !isset($HTTP_GET_VARS['backupstart']))
{
! include('./page_header_admin.'.$phpEx);
$template->set_filenames(array(
"body" => "admin/db_utils_backup_body.tpl")
! );
$s_hidden_fields = "";
$template->assign_vars(array(
***************
*** 771,792 ****
}
else if( !isset($HTTP_POST_VARS['startdownload']) && !isset($HTTP_GET_VARS['startdownload']) )
{
$template->set_filenames(array(
"body" => "admin/admin_message_body.tpl")
);
$template->assign_vars(array(
! "META" => "",
"MESSAGE_TITLE" => $lang['Database_Utilities'] . " : " . $lang['Backup'],
"MESSAGE_TEXT" => $lang['Backup_download'])
);
! include('page_header_admin.php');
$template->pparse("body");
! include('page_footer_admin.'.$phpEx);
}
header("Pragma: no-cache");
--- 753,778 ----
}
else if( !isset($HTTP_POST_VARS['startdownload']) && !isset($HTTP_GET_VARS['startdownload']) )
{
+ if(is_array($additional_tables))
+ {
+ $additional_tables = implode(',', $additional_tables);
+ }
$template->set_filenames(array(
"body" => "admin/admin_message_body.tpl")
);
$template->assign_vars(array(
! "META" => '',
"MESSAGE_TITLE" => $lang['Database_Utilities'] . " : " . $lang['Backup'],
"MESSAGE_TEXT" => $lang['Backup_download'])
);
! include('./page_header_admin.'.$phpEx);
$template->pparse("body");
! include('./page_footer_admin.'.$phpEx);
}
header("Pragma: no-cache");
***************
*** 807,813 ****
{
@ob_start();
@ob_implicit_flush(0);
! header("Content-Type: text/x-delimtext; name=\"phpbb_db_backup.sql.gz\"");
header("Content-disposition: attachment; filename=phpbb_db_backup.sql.gz");
}
else
--- 793,799 ----
{
@ob_start();
@ob_implicit_flush(0);
! header("Content-Type: application/x-gzip; name=\"phpbb_db_backup.sql.gz\"");
header("Content-disposition: attachment; filename=phpbb_db_backup.sql.gz");
}
else
***************
*** 832,846 ****
for($i = 0; $i < count($tables); $i++)
{
$table_name = $tables[$i];
! if(SQL_LAYER != 'mysql4')
! {
! $table_def_function = "get_table_def_" . SQL_LAYER;
! $table_content_function = "get_table_content_" . SQL_LAYER;
! }
! else
{
! $table_def_function = "get_table_def_mysql";
! $table_content_function = "get_table_content_mysql";
}
if($backup_type != 'data')
--- 818,836 ----
for($i = 0; $i < count($tables); $i++)
{
$table_name = $tables[$i];
!
! switch (SQL_LAYER)
{
! case 'postgresql':
! $table_def_function = "get_table_def_postgresql";
! $table_content_function = "get_table_content_postgresql";
! break;
!
! case 'mysql':
! case 'mysql4':
! $table_def_function = "get_table_def_mysql";
! $table_content_function = "get_table_content_mysql";
! break;
}
if($backup_type != 'data')
***************
*** 868,879 ****
break;
case 'restore':
! if(!isset($restore_start))
{
//
// Define Template files...
//
! include('page_header_admin.'.$phpEx);
$template->set_filenames(array(
"body" => "admin/db_utils_restore_body.tpl")
--- 858,869 ----
break;
case 'restore':
! if(!isset($HTTP_POST_VARS['restore_start']))
{
//
// Define Template files...
//
! include('./page_header_admin.'.$phpEx);
$template->set_filenames(array(
"body" => "admin/db_utils_restore_body.tpl")
***************
*** 907,913 ****
if($backup_file_tmpname == "" || $backup_file_name == "")
{
- include('page_header_admin.'.$phpEx);
message_die(GENERAL_MESSAGE, $lang['Restore_Error_no_file']);
}
//
--- 897,902 ----
***************
*** 916,922 ****
// a hackers attempt at getting us to process a local system
// file.
//
! if( file_exists($backup_file_tmpname) )
{
if( preg_match("/^(text\/[a-zA-Z]+)|(application\/(x\-)?gzip(\-compressed)?)|(application\/octet-stream)$/is", $backup_file_type) )
{
--- 905,911 ----
// a hackers attempt at getting us to process a local system
// file.
//
! if( file_exists(phpbb_realpath($backup_file_tmpname)) )
{
if( preg_match("/^(text\/[a-zA-Z]+)|(application\/(x\-)?gzip(\-compressed)?)|(application\/octet-stream)$/is", $backup_file_type) )
{
***************
*** 943,949 ****
}
else
{
- include('page_header_admin.'.$phpEx);
message_die(GENERAL_ERROR, $lang['Restore_Error_decompress']);
}
}
--- 932,937 ----
***************
*** 958,970 ****
}
else
{
- include('page_header_admin.'.$phpEx);
message_die(GENERAL_ERROR, $lang['Restore_Error_filename'] ." $backup_file_type $backup_file_name");
}
}
else
{
- include('page_header_admin.'.$phpEx);
message_die(GENERAL_ERROR, $lang['Restore_Error_uploading']);
}
--- 946,956 ----
***************
*** 991,1005 ****
if(!$result && ( !(SQL_LAYER == 'postgresql' && eregi("drop table", $sql) ) ) )
{
- //include('page_header_admin.'.$phpEx);
- // echo "~~$sql~~";
message_die(GENERAL_ERROR, "Error importing backup file", "", __LINE__, __FILE__, $sql);
}
}
}
}
! include('page_header_admin.'.$phpEx);
$template->set_filenames(array(
"body" => "admin/admin_message_body.tpl")
--- 977,989 ----
if(!$result && ( !(SQL_LAYER == 'postgresql' && eregi("drop table", $sql) ) ) )
{
message_die(GENERAL_ERROR, "Error importing backup file", "", __LINE__, __FILE__, $sql);
}
}
}
}
! include('./page_header_admin.'.$phpEx);
$template->set_filenames(array(
"body" => "admin/admin_message_body.tpl")
***************
*** 1019,1024 ****
}
}
! include('page_footer_admin.'.$phpEx);
?>
--- 1003,1008 ----
}
}
! include('./page_footer_admin.'.$phpEx);
?>
diff -crN phpbb200/admin/admin_disallow.php phpbb2023/admin/admin_disallow.php
*** phpbb200/admin/admin_disallow.php Sat Jul 10 20:16:13 2004
--- phpbb2023/admin/admin_disallow.php Sun Feb 10 18:19:53 2008
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_disallow.php,v 1.9 2002/03/22 17:00:32 psotfx Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_disallow.php 5352 2005-12-18 13:57:51Z grahamje $
*
*
***************************************************************************/
***************
*** 25,31 ****
if( !empty($setmodules) )
{
$filename = basename(__FILE__);
! $module['Users']['Disallow'] = append_sid($filename);
return;
}
--- 25,31 ----
if( !empty($setmodules) )
{
$filename = basename(__FILE__);
! $module['Users']['Disallow'] = $filename;
return;
}
***************
*** 33,49 ****
//
// Include required files, get $phpEx and check permissions
//
! $phpbb_root_path = "../";
require($phpbb_root_path . 'extension.inc');
! require('pagestart.' . $phpEx);
if( isset($HTTP_POST_VARS['add_name']) )
{
include($phpbb_root_path . 'includes/functions_validate.'.$phpEx);
! $disallowed_user = ( isset($HTTP_POST_VARS['disallowed_user']) ) ? $HTTP_POST_VARS['disallowed_user'] : $HTTP_GET_VARS['disallowed_user'];
! $disallowed_user = preg_replace( '/\*/', '%', $disallowed_user );
if( !validate_username($disallowed_user) )
{
$message = $lang['Disallowed_already'];
--- 33,52 ----
//
// Include required files, get $phpEx and check permissions
//
! $phpbb_root_path = "./../";
require($phpbb_root_path . 'extension.inc');
! require('./pagestart.' . $phpEx);
if( isset($HTTP_POST_VARS['add_name']) )
{
include($phpbb_root_path . 'includes/functions_validate.'.$phpEx);
! $disallowed_user = ( isset($HTTP_POST_VARS['disallowed_user']) ) ? trim($HTTP_POST_VARS['disallowed_user']) : trim($HTTP_GET_VARS['disallowed_user']);
+ if ($disallowed_user == '')
+ {
+ message_die(GENERAL_MESSAGE, $lang['Fields_empty']);
+ }
if( !validate_username($disallowed_user) )
{
$message = $lang['Disallowed_already'];
***************
*** 110,117 ****
$user = array();
for( $i = 0; $i < count($disallowed); $i++ )
{
- $disallowed[$i]['disallow_username'] = preg_replace('/%/', '*', $disallowed[$i]['disallow_username']);
-
$disallow_select .= '';
}
}
--- 113,118 ----
***************
*** 140,143 ****
--- 141,146 ----
$template->pparse("body");
+ include('./page_footer_admin.'.$phpEx);
+
?>
\ No newline at end of file
diff -crN phpbb200/admin/admin_forum_prune.php phpbb2023/admin/admin_forum_prune.php
*** phpbb200/admin/admin_forum_prune.php Sat Jul 10 20:16:13 2004
--- phpbb2023/admin/admin_forum_prune.php Sun Feb 10 18:19:53 2008
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_forum_prune.php,v 1.22 2002/04/02 14:53:44 psotfx Exp $
*
****************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_forum_prune.php 3207 2002-12-18 14:14:11Z psotfx $
*
****************************************************************************/
***************
*** 32,40 ****
//
// Load default header
//
! $phpbb_root_path = '../';
require($phpbb_root_path . 'extension.inc');
! require('pagestart.' . $phpEx);
require($phpbb_root_path . 'includes/prune.'.$phpEx);
require($phpbb_root_path . 'includes/functions_admin.'.$phpEx);
--- 32,40 ----
//
// Load default header
//
! $phpbb_root_path = "./../";
require($phpbb_root_path . 'extension.inc');
! require('./pagestart.' . $phpEx);
require($phpbb_root_path . 'includes/prune.'.$phpEx);
require($phpbb_root_path . 'includes/functions_admin.'.$phpEx);
***************
*** 168,176 ****
$forum_name = ( $forum_id == -1 ) ? $lang['All_Forums'] : $forum_rows[0]['forum_name'];
$prune_data = $lang['Prune_topics_not_posted'] . " ";
! $prune_data .= ' ' . $lang['Days'];
! $hidden_input = '';
//
// Assign the template variables.
--- 168,176 ----
$forum_name = ( $forum_id == -1 ) ? $lang['All_Forums'] : $forum_rows[0]['forum_name'];
$prune_data = $lang['Prune_topics_not_posted'] . " ";
! $prune_data .= ' ' . $lang['Days'];
! $hidden_input = '';
//
// Assign the template variables.
***************
*** 178,183 ****
--- 178,184 ----
$template->assign_vars(array(
'FORUM_NAME' => $forum_name,
+ 'L_FORUM' => $lang['Forum'],
'L_FORUM_PRUNE' => $lang['Forum_Prune'],
'L_FORUM_PRUNE_EXPLAIN' => $lang['Forum_Prune_explain'],
'L_DO_PRUNE' => $lang['Do_Prune'],
***************
*** 193,198 ****
//
$template->pparse('body');
! include('page_footer_admin.'.$phpEx);
?>
\ No newline at end of file
--- 194,199 ----
//
$template->pparse('body');
! include('./page_footer_admin.'.$phpEx);
?>
\ No newline at end of file
diff -crN phpbb200/admin/admin_forumauth.php phpbb2023/admin/admin_forumauth.php
*** phpbb200/admin/admin_forumauth.php Sat Jul 10 20:16:13 2004
--- phpbb2023/admin/admin_forumauth.php Sun Feb 10 18:19:53 2008
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_forumauth.php,v 1.23 2002/03/22 17:00:32 psotfx Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_forumauth.php 4876 2004-03-25 15:57:20Z acydburn $
*
*
***************************************************************************/
***************
*** 34,42 ****
// Load default header
//
$no_page_header = TRUE;
! $phpbb_root_path = "../";
require($phpbb_root_path . 'extension.inc');
! require('pagestart.' . $phpEx);
//
// Start program - define vars
--- 34,42 ----
// Load default header
//
$no_page_header = TRUE;
! $phpbb_root_path = './../';
require($phpbb_root_path . 'extension.inc');
! require('./pagestart.' . $phpEx);
//
// Start program - define vars
***************
*** 52,74 ****
6 => array(AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD),
);
! $simple_auth_types = array($lang['Public'], $lang['Registered'], $lang['Registered'] . " [" . $lang['Hidden'] . "]", $lang['Private'], $lang['Private'] . " [" . $lang['Hidden'] . "]", $lang['Moderators'], $lang['Moderators'] . " [" . $lang['Hidden'] . "]");
! $forum_auth_fields = array("auth_view", "auth_read", "auth_post", "auth_reply", "auth_edit", "auth_delete", "auth_sticky", "auth_announce", "auth_vote", "auth_pollcreate");
$field_names = array(
! "auth_view" => $lang['View'],
! "auth_read" => $lang['Read'],
! "auth_post" => $lang['Post'],
! "auth_reply" => $lang['Reply'],
! "auth_edit" => $lang['Edit'],
! "auth_delete" => $lang['Delete'],
! "auth_sticky" => $lang['Sticky'],
! "auth_announce" => $lang['Announce'],
! "auth_vote" => $lang['Vote'],
! "auth_pollcreate" => $lang['Pollcreate']);
! $forum_auth_levels = array("ALL", "REG", "PRIVATE", "MOD", "ADMIN");
$forum_auth_const = array(AUTH_ALL, AUTH_REG, AUTH_ACL, AUTH_MOD, AUTH_ADMIN);
if(isset($HTTP_GET_VARS[POST_FORUM_URL]) || isset($HTTP_POST_VARS[POST_FORUM_URL]))
--- 52,74 ----
6 => array(AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD, AUTH_MOD),
);
! $simple_auth_types = array($lang['Public'], $lang['Registered'], $lang['Registered'] . ' [' . $lang['Hidden'] . ']', $lang['Private'], $lang['Private'] . ' [' . $lang['Hidden'] . ']', $lang['Moderators'], $lang['Moderators'] . ' [' . $lang['Hidden'] . ']');
! $forum_auth_fields = array('auth_view', 'auth_read', 'auth_post', 'auth_reply', 'auth_edit', 'auth_delete', 'auth_sticky', 'auth_announce', 'auth_vote', 'auth_pollcreate');
$field_names = array(
! 'auth_view' => $lang['View'],
! 'auth_read' => $lang['Read'],
! 'auth_post' => $lang['Post'],
! 'auth_reply' => $lang['Reply'],
! 'auth_edit' => $lang['Edit'],
! 'auth_delete' => $lang['Delete'],
! 'auth_sticky' => $lang['Sticky'],
! 'auth_announce' => $lang['Announce'],
! 'auth_vote' => $lang['Vote'],
! 'auth_pollcreate' => $lang['Pollcreate']);
! $forum_auth_levels = array('ALL', 'REG', 'PRIVATE', 'MOD', 'ADMIN');
$forum_auth_const = array(AUTH_ALL, AUTH_REG, AUTH_ACL, AUTH_MOD, AUTH_ADMIN);
if(isset($HTTP_GET_VARS[POST_FORUM_URL]) || isset($HTTP_POST_VARS[POST_FORUM_URL]))
***************
*** 79,85 ****
else
{
unset($forum_id);
! $forum_sql = "";
}
if( isset($HTTP_GET_VARS['adv']) )
--- 79,85 ----
else
{
unset($forum_id);
! $forum_sql = '';
}
if( isset($HTTP_GET_VARS['adv']) )
***************
*** 96,161 ****
//
if( isset($HTTP_POST_VARS['submit']) )
{
! $sql = "";
if(!empty($forum_id))
{
- $sql = "UPDATE " . FORUMS_TABLE . " SET ";
-
if(isset($HTTP_POST_VARS['simpleauth']))
{
! $simple_ary = $simple_auth_ary[$HTTP_POST_VARS['simpleauth']];
for($i = 0; $i < count($simple_ary); $i++)
{
! $sql .= $forum_auth_fields[$i] . " = " . $simple_ary[$i];
! if($i < count($simple_ary) - 1)
! {
! $sql .= ", ";
! }
}
! $sql .= " WHERE forum_id = $forum_id";
}
else
{
for($i = 0; $i < count($forum_auth_fields); $i++)
{
! $value = $HTTP_POST_VARS[$forum_auth_fields[$i]];
! if($forum_auth_fields[$i] == 'auth_vote')
{
! if( $HTTP_POST_VARS['auth_vote'] == AUTH_ALL )
{
$value = AUTH_REG;
}
}
! $sql .= $forum_auth_fields[$i] . " = " . $value;
! if($i < count($forum_auth_fields) - 1)
! {
! $sql .= ", ";
! }
}
! $sql .= " WHERE forum_id = $forum_id";
!
}
! if($sql != "")
{
! if(!$db->sql_query($sql))
{
! message_die(GENERAL_ERROR, "Couldn't update auth table!", "", __LINE__, __FILE__, $sql);
}
}
! $forum_sql = "";
$adv = 0;
}
$template->assign_vars(array(
! "META" => '')
);
$message = $lang['Forum_auth_updated'] . '
' . sprintf($lang['Click_return_forumauth'], '', "");
message_die(GENERAL_MESSAGE, $message);
--- 96,153 ----
//
if( isset($HTTP_POST_VARS['submit']) )
{
! $sql = '';
if(!empty($forum_id))
{
if(isset($HTTP_POST_VARS['simpleauth']))
{
! $simple_ary = $simple_auth_ary[intval($HTTP_POST_VARS['simpleauth'])];
for($i = 0; $i < count($simple_ary); $i++)
{
! $sql .= ( ( $sql != '' ) ? ', ' : '' ) . $forum_auth_fields[$i] . ' = ' . $simple_ary[$i];
}
! if (is_array($simple_ary))
! {
! $sql = "UPDATE " . FORUMS_TABLE . " SET $sql WHERE forum_id = $forum_id";
! }
}
else
{
for($i = 0; $i < count($forum_auth_fields); $i++)
{
! $value = intval($HTTP_POST_VARS[$forum_auth_fields[$i]]);
! if ( $forum_auth_fields[$i] == 'auth_vote' )
{
! if ( $HTTP_POST_VARS['auth_vote'] == AUTH_ALL )
{
$value = AUTH_REG;
}
}
! $sql .= ( ( $sql != '' ) ? ', ' : '' ) .$forum_auth_fields[$i] . ' = ' . $value;
}
! $sql = "UPDATE " . FORUMS_TABLE . " SET $sql WHERE forum_id = $forum_id";
}
! if ( $sql != '' )
{
! if ( !$db->sql_query($sql) )
{
! message_die(GENERAL_ERROR, 'Could not update auth table', '', __LINE__, __FILE__, $sql);
}
}
! $forum_sql = '';
$adv = 0;
}
$template->assign_vars(array(
! 'META' => '')
);
$message = $lang['Forum_auth_updated'] . '
' . sprintf($lang['Click_return_forumauth'], '', "");
message_die(GENERAL_MESSAGE, $message);
***************
*** 187,193 ****
// specified
//
$template->set_filenames(array(
! "body" => "admin/auth_select_body.tpl")
);
$select_list = '';
$template->assign_vars(array(
! 'L_AUTH_TITLE' => $lang['Auth_Control_Forum'],
! 'L_AUTH_EXPLAIN' => $lang['Forum_auth_explain'],
! 'L_AUTH_SELECT' => $lang['Select_a_Forum'],
! 'L_LOOK_UP' => $lang['Look_up_Forum'],
! 'S_AUTH_ACTION' => append_sid("admin_forumauth.$phpEx"),
! 'S_AUTH_SELECT' => $select_list)
);
}
***************
*** 215,221 ****
// specified
//
$template->set_filenames(array(
! "body" => "admin/auth_forum_body.tpl")
);
$forum_name = $forum_rows[0]['forum_name'];
--- 207,213 ----
// specified
//
$template->set_filenames(array(
! 'body' => 'admin/auth_forum_body.tpl')
);
$forum_name = $forum_rows[0]['forum_name'];
***************
*** 244,281 ****
// If we didn't get a match above then we
// automatically switch into 'advanced' mode
//
! if(!isset($adv) && !$matched)
{
$adv = 1;
}
$s_column_span == 0;
! if( empty($adv) )
{
! $simple_auth = "";
! $template->assign_block_vars("forum_auth_titles", array(
! "CELL_TITLE" => $lang['Simple_mode'])
);
! $template->assign_block_vars("forum_auth_data", array(
! "S_AUTH_LEVELS_SELECT" => $simple_auth)
);
$s_column_span++;
--- 236,265 ----
// If we didn't get a match above then we
// automatically switch into 'advanced' mode
//
! if ( !isset($adv) && !$matched )
{
$adv = 1;
}
$s_column_span == 0;
! if ( empty($adv) )
{
! $simple_auth = '';
! $template->assign_block_vars('forum_auth_titles', array(
! 'CELL_TITLE' => $lang['Simple_mode'])
);
! $template->assign_block_vars('forum_auth_data', array(
! 'S_AUTH_LEVELS_SELECT' => $simple_auth)
);
$s_column_span++;
***************
*** 288,324 ****
//
for($j = 0; $j < count($forum_auth_fields); $j++)
{
! $custom_auth[$j] = " ";
$cell_title = $field_names[$forum_auth_fields[$j]];
! $template->assign_block_vars("forum_auth_titles", array(
! "CELL_TITLE" => $cell_title)
);
! $template->assign_block_vars("forum_auth_data", array(
! "S_AUTH_LEVELS_SELECT" => $custom_auth[$j])
);
$s_column_span++;
}
}
! $adv_mode = (empty($adv)) ? "1" : "0";
$switch_mode = append_sid("admin_forumauth.$phpEx?" . POST_FORUM_URL . "=" . $forum_id . "&adv=". $adv_mode);
$switch_mode_text = ( empty($adv) ) ? $lang['Advanced_mode'] : $lang['Simple_mode'];
$u_switch_mode = '' . $switch_mode_text . '';
--- 272,300 ----
//
for($j = 0; $j < count($forum_auth_fields); $j++)
{
! $custom_auth[$j] = ' ';
$cell_title = $field_names[$forum_auth_fields[$j]];
! $template->assign_block_vars('forum_auth_titles', array(
! 'CELL_TITLE' => $cell_title)
);
! $template->assign_block_vars('forum_auth_data', array(
! 'S_AUTH_LEVELS_SELECT' => $custom_auth[$j])
);
$s_column_span++;
}
}
! $adv_mode = ( empty($adv) ) ? '1' : '0';
$switch_mode = append_sid("admin_forumauth.$phpEx?" . POST_FORUM_URL . "=" . $forum_id . "&adv=". $adv_mode);
$switch_mode_text = ( empty($adv) ) ? $lang['Advanced_mode'] : $lang['Simple_mode'];
$u_switch_mode = '' . $switch_mode_text . '';
***************
*** 326,351 ****
$s_hidden_fields = '';
$template->assign_vars(array(
! "FORUM_NAME" => $forum_name,
! "L_AUTH_TITLE" => $lang['Auth_Control_Forum'],
! "L_AUTH_EXPLAIN" => $lang['Forum_auth_explain'],
! "L_SUBMIT" => $lang['Submit'],
! "L_RESET" => $lang['Reset'],
!
! "U_SWITCH_MODE" => $u_switch_mode,
!
! "S_FORUMAUTH_ACTION" => append_sid("admin_forumauth.$phpEx"),
! "S_COLUMN_SPAN" => $s_column_span,
! "S_HIDDEN_FIELDS" => $s_hidden_fields)
);
}
! include('page_header_admin.'.$phpEx);
! $template->pparse("body");
! include('page_footer_admin.'.$phpEx);
?>
\ No newline at end of file
--- 302,328 ----
$s_hidden_fields = '';
$template->assign_vars(array(
! 'FORUM_NAME' => $forum_name,
! 'L_FORUM' => $lang['Forum'],
! 'L_AUTH_TITLE' => $lang['Auth_Control_Forum'],
! 'L_AUTH_EXPLAIN' => $lang['Forum_auth_explain'],
! 'L_SUBMIT' => $lang['Submit'],
! 'L_RESET' => $lang['Reset'],
!
! 'U_SWITCH_MODE' => $u_switch_mode,
!
! 'S_FORUMAUTH_ACTION' => append_sid("admin_forumauth.$phpEx"),
! 'S_COLUMN_SPAN' => $s_column_span,
! 'S_HIDDEN_FIELDS' => $s_hidden_fields)
);
}
! include('./page_header_admin.'.$phpEx);
! $template->pparse('body');
! include('./page_footer_admin.'.$phpEx);
?>
\ No newline at end of file
diff -crN phpbb200/admin/admin_forums.php phpbb2023/admin/admin_forums.php
*** phpbb200/admin/admin_forums.php Sat Jul 10 20:16:13 2004
--- phpbb2023/admin/admin_forums.php Sun Feb 10 18:19:53 2008
***************
*** 1,13 ****
AUTH_ALL,
"auth_read" => AUTH_ALL,
! "auth_post" => AUTH_ALL,
! "auth_reply" => AUTH_ALL,
"auth_edit" => AUTH_REG,
"auth_delete" => AUTH_REG,
! "auth_sticky" => AUTH_REG,
"auth_announce" => AUTH_MOD,
"auth_vote" => AUTH_REG,
"auth_pollcreate" => AUTH_REG
--- 31,49 ----
//
// Load default header
//
! $phpbb_root_path = "./../";
require($phpbb_root_path . 'extension.inc');
! require('./pagestart.' . $phpEx);
include($phpbb_root_path . 'includes/functions_admin.'.$phpEx);
$forum_auth_ary = array(
"auth_view" => AUTH_ALL,
"auth_read" => AUTH_ALL,
! "auth_post" => AUTH_REG,
! "auth_reply" => AUTH_REG,
"auth_edit" => AUTH_REG,
"auth_delete" => AUTH_REG,
! "auth_sticky" => AUTH_MOD,
"auth_announce" => AUTH_MOD,
"auth_vote" => AUTH_REG,
"auth_pollcreate" => AUTH_REG
***************
*** 56,61 ****
--- 55,61 ----
if( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) )
{
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
+ $mode = htmlspecialchars($mode);
}
else
{
***************
*** 233,238 ****
--- 233,239 ----
if( $mode == "addforum" )
{
list($cat_id) = each($HTTP_POST_VARS['addforum']);
+ $cat_id = intval($cat_id);
//
// stripslashes needs to be run on this because slashes are added when the forum name is posted
//
***************
*** 302,309 ****
$catlist = get_list('category', $cat_id, TRUE);
$forumstatus == ( FORUM_LOCKED ) ? $forumlocked = "selected=\"selected\"" : $forumunlocked = "selected=\"selected\"";
! $statuslist = "\n";
! $statuslist .= "\n";
$template->set_filenames(array(
"body" => "admin/forum_edit_body.tpl")
--- 303,316 ----
$catlist = get_list('category', $cat_id, TRUE);
$forumstatus == ( FORUM_LOCKED ) ? $forumlocked = "selected=\"selected\"" : $forumunlocked = "selected=\"selected\"";
!
! // These two options ($lang['Status_unlocked'] and $lang['Status_locked']) seem to be missing from
! // the language files.
! $lang['Status_unlocked'] = isset($lang['Status_unlocked']) ? $lang['Status_unlocked'] : 'Unlocked';
! $lang['Status_locked'] = isset($lang['Status_locked']) ? $lang['Status_locked'] : 'Locked';
!
! $statuslist = "\n";
! $statuslist .= "\n";
$template->set_filenames(array(
"body" => "admin/forum_edit_body.tpl")
***************
*** 493,499 ****
// There is no problem having duplicate forum names so we won't check for it.
//
$sql = "INSERT INTO " . CATEGORIES_TABLE . " (cat_title, cat_order)
! VALUES ('" . $HTTP_POST_VARS['categoryname'] . "', $next_order)";
if( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't insert row in categories table", "", __LINE__, __FILE__, $sql);
--- 500,506 ----
// There is no problem having duplicate forum names so we won't check for it.
//
$sql = "INSERT INTO " . CATEGORIES_TABLE . " (cat_title, cat_order)
! VALUES ('" . str_replace("\'", "''", $HTTP_POST_VARS['categoryname']) . "', $next_order)";
if( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't insert row in categories table", "", __LINE__, __FILE__, $sql);
***************
*** 604,611 ****
// Either delete or move all posts in a forum
if($to_id == -1)
{
include($phpbb_root_path . "includes/prune.$phpEx");
! prune($from_id, 0); // Delete everything from forum
}
else
{
--- 611,651 ----
// Either delete or move all posts in a forum
if($to_id == -1)
{
+ // Delete polls in this forum
+ $sql = "SELECT v.vote_id
+ FROM " . VOTE_DESC_TABLE . " v, " . TOPICS_TABLE . " t
+ WHERE t.forum_id = $from_id
+ AND v.topic_id = t.topic_id";
+ if (!($result = $db->sql_query($sql)))
+ {
+ message_die(GENERAL_ERROR, "Couldn't obtain list of vote ids", "", __LINE__, __FILE__, $sql);
+ }
+
+ if ($row = $db->sql_fetchrow($result))
+ {
+ $vote_ids = '';
+ do
+ {
+ $vote_ids .= (($vote_ids != '') ? ', ' : '') . $row['vote_id'];
+ }
+ while ($row = $db->sql_fetchrow($result));
+
+ $sql = "DELETE FROM " . VOTE_DESC_TABLE . "
+ WHERE vote_id IN ($vote_ids)";
+ $db->sql_query($sql);
+
+ $sql = "DELETE FROM " . VOTE_RESULTS_TABLE . "
+ WHERE vote_id IN ($vote_ids)";
+ $db->sql_query($sql);
+
+ $sql = "DELETE FROM " . VOTE_USERS_TABLE . "
+ WHERE vote_id IN ($vote_ids)";
+ $db->sql_query($sql);
+ }
+ $db->sql_freeresult($result);
+
include($phpbb_root_path . "includes/prune.$phpEx");
! prune($from_id, 0, true); // Delete everything from forum
}
else
{
***************
*** 616,621 ****
--- 656,662 ----
{
message_die(GENERAL_ERROR, "Couldn't verify existence of forums", "", __LINE__, __FILE__, $sql);
}
+
if($db->sql_numrows($result) != 2)
{
message_die(GENERAL_ERROR, "Ambiguous forum ID's", "", __LINE__, __FILE__);
***************
*** 637,642 ****
--- 678,734 ----
sync('forum', $to_id);
}
+ // Alter Mod level if appropriate - 2.0.4
+ $sql = "SELECT ug.user_id
+ FROM " . AUTH_ACCESS_TABLE . " a, " . USER_GROUP_TABLE . " ug
+ WHERE a.forum_id <> $from_id
+ AND a.auth_mod = 1
+ AND ug.group_id = a.group_id";
+ if( !$result = $db->sql_query($sql) )
+ {
+ message_die(GENERAL_ERROR, "Couldn't obtain moderator list", "", __LINE__, __FILE__, $sql);
+ }
+
+ if ($row = $db->sql_fetchrow($result))
+ {
+ $user_ids = '';
+ do
+ {
+ $user_ids .= (($user_ids != '') ? ', ' : '' ) . $row['user_id'];
+ }
+ while ($row = $db->sql_fetchrow($result));
+
+ $sql = "SELECT ug.user_id
+ FROM " . AUTH_ACCESS_TABLE . " a, " . USER_GROUP_TABLE . " ug
+ WHERE a.forum_id = $from_id
+ AND a.auth_mod = 1
+ AND ug.group_id = a.group_id
+ AND ug.user_id NOT IN ($user_ids)";
+ if( !$result2 = $db->sql_query($sql) )
+ {
+ message_die(GENERAL_ERROR, "Couldn't obtain moderator list", "", __LINE__, __FILE__, $sql);
+ }
+
+ if ($row = $db->sql_fetchrow($result2))
+ {
+ $user_ids = '';
+ do
+ {
+ $user_ids .= (($user_ids != '') ? ', ' : '' ) . $row['user_id'];
+ }
+ while ($row = $db->sql_fetchrow($result2));
+
+ $sql = "UPDATE " . USERS_TABLE . "
+ SET user_level = " . USER . "
+ WHERE user_id IN ($user_ids)
+ AND user_level <> " . ADMIN;
+ $db->sql_query($sql);
+ }
+ $db->sql_freeresult($result);
+
+ }
+ $db->sql_freeresult($result2);
+
$sql = "DELETE FROM " . FORUMS_TABLE . "
WHERE forum_id = $from_id";
if( !$result = $db->sql_query($sql) )
***************
*** 826,832 ****
if ($show_index != TRUE)
{
! include('page_footer_admin.'.$phpEx);
exit;
}
}
--- 918,924 ----
if ($show_index != TRUE)
{
! include('./page_footer_admin.'.$phpEx);
exit;
}
}
***************
*** 931,936 ****
$template->pparse("body");
! include('page_footer_admin.'.$phpEx);
! ?>
--- 1023,1028 ----
$template->pparse("body");
! include('./page_footer_admin.'.$phpEx);
! ?>
\ No newline at end of file
diff -crN phpbb200/admin/admin_groups.php phpbb2023/admin/admin_groups.php
*** phpbb200/admin/admin_groups.php Sat Jul 10 20:16:13 2004
--- phpbb2023/admin/admin_groups.php Sun Feb 10 18:19:53 2008
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_groups.php,v 1.25 2002/03/22 17:00:32 psotfx Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_groups.php 5614 2006-03-09 19:42:41Z grahamje $
*
*
***************************************************************************/
***************
*** 22,28 ****
define('IN_PHPBB', 1);
! if( !empty($setmodules) )
{
$filename = basename(__FILE__);
$module['Groups']['Manage'] = $filename;
--- 22,28 ----
define('IN_PHPBB', 1);
! if ( !empty($setmodules) )
{
$filename = basename(__FILE__);
$module['Groups']['Manage'] = $filename;
***************
*** 33,70 ****
//
// Load default header
//
! $phpbb_root_path = "../";
require($phpbb_root_path . 'extension.inc');
! require('pagestart.' . $phpEx);
! if( isset($HTTP_POST_VARS[POST_GROUPS_URL]) || isset($HTTP_GET_VARS[POST_GROUPS_URL]) )
{
$group_id = ( isset($HTTP_POST_VARS[POST_GROUPS_URL]) ) ? intval($HTTP_POST_VARS[POST_GROUPS_URL]) : intval($HTTP_GET_VARS[POST_GROUPS_URL]);
}
else
{
! $group_id = "";
}
! //
! // Mode setting
! //
! if( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) )
{
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
}
else
{
! $mode = "";
}
! if( isset($HTTP_POST_VARS['edit']) || isset($HTTP_POST_VARS['new']) )
{
//
// Ok they are editing a group or creating a new group
//
$template->set_filenames(array(
! "body" => "admin/group_edit_body.tpl")
);
if ( isset($HTTP_POST_VARS['edit']) )
--- 33,68 ----
//
// Load default header
//
! $phpbb_root_path = './../';
require($phpbb_root_path . 'extension.inc');
! require('./pagestart.' . $phpEx);
! if ( isset($HTTP_POST_VARS[POST_GROUPS_URL]) || isset($HTTP_GET_VARS[POST_GROUPS_URL]) )
{
$group_id = ( isset($HTTP_POST_VARS[POST_GROUPS_URL]) ) ? intval($HTTP_POST_VARS[POST_GROUPS_URL]) : intval($HTTP_GET_VARS[POST_GROUPS_URL]);
}
else
{
! $group_id = 0;
}
! if ( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) )
{
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
+ $mode = htmlspecialchars($mode);
}
else
{
! $mode = '';
}
! if ( isset($HTTP_POST_VARS['edit']) || isset($HTTP_POST_VARS['new']) )
{
//
// Ok they are editing a group or creating a new group
//
$template->set_filenames(array(
! 'body' => 'admin/group_edit_body.tpl')
);
if ( isset($HTTP_POST_VARS['edit']) )
***************
*** 76,229 ****
FROM " . GROUPS_TABLE . "
WHERE group_single_user <> " . TRUE . "
AND group_id = $group_id";
! if(!$result = $db->sql_query($sql))
{
! message_die(GENERAL_ERROR, "Error getting group information", "", __LINE__, __FILE__, $sql);
}
! if( !$db->sql_numrows($result) )
{
message_die(GENERAL_MESSAGE, $lang['Group_not_exist']);
}
! $group_info = $db->sql_fetchrow($result);
!
! $mode = "editgroup";
! $template->assign_block_vars("group_edit", array());
}
! else if( isset($HTTP_POST_VARS['new']) )
{
$group_info = array (
! "group_name" => "",
! "group_description" => "",
! "group_moderator" => "",
! "group_type" => GROUP_OPEN);
! $group_open = "checked=\"checked\"";
! $mode = "newgroup";
}
//
// Ok, now we know everything about them, let's show the page.
//
! $sql = "SELECT user_id, username
! FROM " . USERS_TABLE . "
! WHERE user_id <> " . ANONYMOUS . "
! ORDER BY username";
! $u_result = $db->sql_query($sql);
! if( !$u_result )
{
! message_die(GENERAL_ERROR, "Couldn't obtain user info for moderator list", "", __LINE__, __FILE__, $sql);
! }
!
! $user_list = $db->sql_fetchrowset($u_result);
! for($i = 0; $i < count($user_list); $i++)
! {
! if( $user_list[$i]['user_id'] == $group_info['group_moderator'] )
{
! $group_moderator = $user_list[$i]['username'];
}
}
! $group_open = ( $group_info['group_type'] == GROUP_OPEN ) ? "checked=\"checked\"" : "";
! $group_closed = ( $group_info['group_type'] == GROUP_CLOSED ) ? "checked=\"checked\"" : "";
! $group_hidden = ( $group_info['group_type'] == GROUP_HIDDEN ) ? "checked=\"checked\"" : "";
$s_hidden_fields = '';
$template->assign_vars(array(
! "GROUP_NAME" => $group_info['group_name'],
! "GROUP_DESCRIPTION" => $group_info['group_description'],
! "GROUP_MODERATOR" => $group_moderator,
!
! "L_GROUP_TITLE" => $lang['Group_administration'],
! "L_GROUP_EDIT_DELETE" => ( isset($HTTP_POST_VARS['new']) ) ? $lang['New_group'] : $lang['Edit_group'],
! "L_GROUP_NAME" => $lang['group_name'],
! "L_GROUP_DESCRIPTION" => $lang['group_description'],
! "L_GROUP_MODERATOR" => $lang['group_moderator'],
! "L_FIND_USERNAME" => $lang['Find_username'],
! "L_GROUP_STATUS" => $lang['group_status'],
! "L_GROUP_OPEN" => $lang['group_open'],
! "L_GROUP_CLOSED" => $lang['group_closed'],
! "L_GROUP_HIDDEN" => $lang['group_hidden'],
! "L_GROUP_DELETE" => $lang['group_delete'],
! "L_GROUP_DELETE_CHECK" => $lang['group_delete_check'],
! "L_SUBMIT" => $lang['Submit'],
! "L_RESET" => $lang['Reset'],
! "L_DELETE_MODERATOR" => $lang['delete_group_moderator'],
! "L_DELETE_MODERATOR_EXPLAIN" => $lang['delete_moderator_explain'],
! "L_YES" => $lang['Yes'],
!
! "U_SEARCH_USER" => append_sid("../search.$phpEx?mode=searchuser"),
!
! "S_GROUP_OPEN_TYPE" => GROUP_OPEN,
! "S_GROUP_CLOSED_TYPE" => GROUP_CLOSED,
! "S_GROUP_HIDDEN_TYPE" => GROUP_HIDDEN,
! "S_GROUP_OPEN_CHECKED" => $group_open,
! "S_GROUP_CLOSED_CHECKED" => $group_closed,
! "S_GROUP_HIDDEN_CHECKED" => $group_hidden,
! "S_GROUP_ACTION" => append_sid("admin_groups.$phpEx"),
! "S_HIDDEN_FIELDS" => $s_hidden_fields)
);
$template->pparse('body');
}
! else if( isset($HTTP_POST_VARS['group_update']) )
{
//
// Ok, they are submitting a group, let's save the data based on if it's new or editing
//
! if( isset($HTTP_POST_VARS['group_delete']) )
{
$sql = "DELETE FROM " . GROUPS_TABLE . "
WHERE group_id = " . $group_id;
! if ( !$result = $db->sql_query($sql) )
{
! message_die(GENERAL_ERROR, "Couldn't update group", "", __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . USER_GROUP_TABLE . "
WHERE group_id = " . $group_id;
! if ( !$result = $db->sql_query($sql) )
{
! message_die(GENERAL_ERROR, "Couldn't update user_group", "", __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . AUTH_ACCESS_TABLE . "
WHERE group_id = " . $group_id;
! if ( !$result = $db->sql_query($sql) )
{
! message_die(GENERAL_ERROR, "Couldn't update auth_access", "", __LINE__, __FILE__, $sql);
}
! $message = $lang['Deleted_group'] . "
" . sprintf($lang['Click_return_groupsadmin'], "", "") . "
" . sprintf($lang['Click_return_admin_index'], "", "");;
message_die(GENERAL_MESSAGE, $message);
}
else
{
$group_type = isset($HTTP_POST_VARS['group_type']) ? intval($HTTP_POST_VARS['group_type']) : GROUP_OPEN;
! $group_name = isset($HTTP_POST_VARS['group_name']) ? trim($HTTP_POST_VARS['group_name']) : "";
! $group_description = isset($HTTP_POST_VARS['group_description']) ? trim($HTTP_POST_VARS['group_description']) : "";
! $group_moderator = isset($HTTP_POST_VARS['username']) ? $HTTP_POST_VARS['username'] : "";
! $delete_old_moderator = isset($HTTP_POST_VARS['delete_old_moderator']) ? intval($HTTP_POST_VARS['delete_old_moderator']) : "";
! if( $group_name == "" )
{
message_die(GENERAL_MESSAGE, $lang['No_group_name']);
}
! else if( $group_moderator == "" )
{
message_die(GENERAL_MESSAGE, $lang['No_group_moderator']);
}
! $this_userdata = get_userdata($group_moderator);
$group_moderator = $this_userdata['user_id'];
! if( !$group_moderator )
{
message_die(GENERAL_MESSAGE, $lang['No_group_moderator']);
}
--- 74,278 ----
FROM " . GROUPS_TABLE . "
WHERE group_single_user <> " . TRUE . "
AND group_id = $group_id";
! if ( !($result = $db->sql_query($sql)) )
{
! message_die(GENERAL_ERROR, 'Error getting group information', '', __LINE__, __FILE__, $sql);
}
! if ( !($group_info = $db->sql_fetchrow($result)) )
{
message_die(GENERAL_MESSAGE, $lang['Group_not_exist']);
}
! $mode = 'editgroup';
! $template->assign_block_vars('group_edit', array());
}
! else if ( isset($HTTP_POST_VARS['new']) )
{
$group_info = array (
! 'group_name' => '',
! 'group_description' => '',
! 'group_moderator' => '',
! 'group_type' => GROUP_OPEN);
! $group_open = ' checked="checked"';
! $mode = 'newgroup';
}
+
//
// Ok, now we know everything about them, let's show the page.
//
! if ($group_info['group_moderator'] != '')
{
! $sql = "SELECT user_id, username
! FROM " . USERS_TABLE . "
! WHERE user_id = " . $group_info['group_moderator'];
! if ( !($result = $db->sql_query($sql)) )
! {
! message_die(GENERAL_ERROR, 'Could not obtain user info for moderator list', '', __LINE__, __FILE__, $sql);
! }
! if ( !($row = $db->sql_fetchrow($result)) )
{
! message_die(GENERAL_ERROR, 'Could not obtain user info for moderator list', '', __LINE__, __FILE__, $sql);
}
+
+ $group_moderator = $row['username'];
+ }
+ else
+ {
+ $group_moderator = '';
}
! $group_open = ( $group_info['group_type'] == GROUP_OPEN ) ? ' checked="checked"' : '';
! $group_closed = ( $group_info['group_type'] == GROUP_CLOSED ) ? ' checked="checked"' : '';
! $group_hidden = ( $group_info['group_type'] == GROUP_HIDDEN ) ? ' checked="checked"' : '';
$s_hidden_fields = '';
$template->assign_vars(array(
! 'GROUP_NAME' => $group_info['group_name'],
! 'GROUP_DESCRIPTION' => $group_info['group_description'],
! 'GROUP_MODERATOR' => $group_moderator,
!
! 'L_GROUP_TITLE' => $lang['Group_administration'],
! 'L_GROUP_EDIT_DELETE' => ( isset($HTTP_POST_VARS['new']) ) ? $lang['New_group'] : $lang['Edit_group'],
! 'L_GROUP_NAME' => $lang['group_name'],
! 'L_GROUP_DESCRIPTION' => $lang['group_description'],
! 'L_GROUP_MODERATOR' => $lang['group_moderator'],
! 'L_FIND_USERNAME' => $lang['Find_username'],
! 'L_GROUP_STATUS' => $lang['group_status'],
! 'L_GROUP_OPEN' => $lang['group_open'],
! 'L_GROUP_CLOSED' => $lang['group_closed'],
! 'L_GROUP_HIDDEN' => $lang['group_hidden'],
! 'L_GROUP_DELETE' => $lang['group_delete'],
! 'L_GROUP_DELETE_CHECK' => $lang['group_delete_check'],
! 'L_SUBMIT' => $lang['Submit'],
! 'L_RESET' => $lang['Reset'],
! 'L_DELETE_MODERATOR' => $lang['delete_group_moderator'],
! 'L_DELETE_MODERATOR_EXPLAIN' => $lang['delete_moderator_explain'],
! 'L_YES' => $lang['Yes'],
!
! 'U_SEARCH_USER' => append_sid("../search.$phpEx?mode=searchuser"),
!
! 'S_GROUP_OPEN_TYPE' => GROUP_OPEN,
! 'S_GROUP_CLOSED_TYPE' => GROUP_CLOSED,
! 'S_GROUP_HIDDEN_TYPE' => GROUP_HIDDEN,
! 'S_GROUP_OPEN_CHECKED' => $group_open,
! 'S_GROUP_CLOSED_CHECKED' => $group_closed,
! 'S_GROUP_HIDDEN_CHECKED' => $group_hidden,
! 'S_GROUP_ACTION' => append_sid("admin_groups.$phpEx"),
! 'S_HIDDEN_FIELDS' => $s_hidden_fields)
);
$template->pparse('body');
}
! else if ( isset($HTTP_POST_VARS['group_update']) )
{
//
// Ok, they are submitting a group, let's save the data based on if it's new or editing
//
! if ( isset($HTTP_POST_VARS['group_delete']) )
{
+ //
+ // Reset User Moderator Level
+ //
+
+ // Is Group moderating a forum ?
+ $sql = "SELECT auth_mod FROM " . AUTH_ACCESS_TABLE . "
+ WHERE group_id = " . $group_id;
+ if ( !($result = $db->sql_query($sql)) )
+ {
+ message_die(GENERAL_ERROR, 'Could not select auth_access', '', __LINE__, __FILE__, $sql);
+ }
+
+ $row = $db->sql_fetchrow($result);
+ if (intval($row['auth_mod']) == 1)
+ {
+ // Yes, get the assigned users and update their Permission if they are no longer moderator of one of the forums
+ $sql = "SELECT user_id FROM " . USER_GROUP_TABLE . "
+ WHERE group_id = " . $group_id;
+ if ( !($result = $db->sql_query($sql)) )
+ {
+ message_die(GENERAL_ERROR, 'Could not select user_group', '', __LINE__, __FILE__, $sql);
+ }
+
+ $rows = $db->sql_fetchrowset($result);
+ for ($i = 0; $i < count($rows); $i++)
+ {
+ $sql = "SELECT g.group_id FROM " . AUTH_ACCESS_TABLE . " a, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug
+ WHERE (a.auth_mod = 1) AND (g.group_id = a.group_id) AND (a.group_id = ug.group_id) AND (g.group_id = ug.group_id)
+ AND (ug.user_id = " . intval($rows[$i]['user_id']) . ") AND (ug.group_id <> " . $group_id . ")";
+ if ( !($result = $db->sql_query($sql)) )
+ {
+ message_die(GENERAL_ERROR, 'Could not obtain moderator permissions', '', __LINE__, __FILE__, $sql);
+ }
+
+ if ($db->sql_numrows($result) == 0)
+ {
+ $sql = "UPDATE " . USERS_TABLE . " SET user_level = " . USER . "
+ WHERE user_level = " . MOD . " AND user_id = " . intval($rows[$i]['user_id']);
+
+ if ( !$db->sql_query($sql) )
+ {
+ message_die(GENERAL_ERROR, 'Could not update moderator permissions', '', __LINE__, __FILE__, $sql);
+ }
+ }
+ }
+ }
+
+ //
+ // Delete Group
+ //
$sql = "DELETE FROM " . GROUPS_TABLE . "
WHERE group_id = " . $group_id;
! if ( !$db->sql_query($sql) )
{
! message_die(GENERAL_ERROR, 'Could not update group', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . USER_GROUP_TABLE . "
WHERE group_id = " . $group_id;
! if ( !$db->sql_query($sql) )
{
! message_die(GENERAL_ERROR, 'Could not update user_group', '', __LINE__, __FILE__, $sql);
}
$sql = "DELETE FROM " . AUTH_ACCESS_TABLE . "
WHERE group_id = " . $group_id;
! if ( !$db->sql_query($sql) )
{
! message_die(GENERAL_ERROR, 'Could not update auth_access', '', __LINE__, __FILE__, $sql);
}
! $message = $lang['Deleted_group'] . '
' . sprintf($lang['Click_return_groupsadmin'], '', '') . '
' . sprintf($lang['Click_return_admin_index'], '', '');
message_die(GENERAL_MESSAGE, $message);
}
else
{
$group_type = isset($HTTP_POST_VARS['group_type']) ? intval($HTTP_POST_VARS['group_type']) : GROUP_OPEN;
! $group_name = isset($HTTP_POST_VARS['group_name']) ? htmlspecialchars(trim($HTTP_POST_VARS['group_name'])) : '';
! $group_description = isset($HTTP_POST_VARS['group_description']) ? trim($HTTP_POST_VARS['group_description']) : '';
! $group_moderator = isset($HTTP_POST_VARS['username']) ? $HTTP_POST_VARS['username'] : '';
! $delete_old_moderator = isset($HTTP_POST_VARS['delete_old_moderator']) ? true : false;
! if ( $group_name == '' )
{
message_die(GENERAL_MESSAGE, $lang['No_group_name']);
}
! else if ( $group_moderator == '' )
{
message_die(GENERAL_MESSAGE, $lang['No_group_moderator']);
}
! $this_userdata = get_userdata($group_moderator, true);
$group_moderator = $this_userdata['user_id'];
! if ( !$group_moderator )
{
message_die(GENERAL_MESSAGE, $lang['No_group_moderator']);
}
***************
*** 234,314 ****
FROM " . GROUPS_TABLE . "
WHERE group_single_user <> " . TRUE . "
AND group_id = " . $group_id;
! if(!$result = $db->sql_query($sql))
{
! message_die(GENERAL_ERROR, "Error getting group information", "", __LINE__, __FILE__, $sql);
}
! if( !$db->sql_numrows($result) )
{
message_die(GENERAL_MESSAGE, $lang['Group_not_exist']);
}
- $group_info = $db->sql_fetchrow($result);
if ( $group_info['group_moderator'] != $group_moderator )
{
! if ( $delete_old_moderator != "" )
{
$sql = "DELETE FROM " . USER_GROUP_TABLE . "
WHERE user_id = " . $group_info['group_moderator'] . "
AND group_id = " . $group_id;
! if ( !$result = $db->sql_query($sql) )
{
! message_die(GENERAL_ERROR, "Couldn't update group moderator", "", __LINE__, __FILE__, $sql);
}
}
! $sql = "INSERT INTO " . USER_GROUP_TABLE . " (group_id, user_id, user_pending)
! VALUES (" . $group_id . ", " . $group_moderator . ", 0)";
! if ( !$result = $db->sql_query($sql) )
{
! message_die(GENERAL_ERROR, "Couldn't update group moderator", "", __LINE__, __FILE__, $sql);
}
}
$sql = "UPDATE " . GROUPS_TABLE . "
SET group_type = $group_type, group_name = '" . str_replace("\'", "''", $group_name) . "', group_description = '" . str_replace("\'", "''", $group_description) . "', group_moderator = $group_moderator
WHERE group_id = $group_id";
! if ( !$result = $db->sql_query($sql) )
{
! message_die(GENERAL_ERROR, "Couldn't update group", "", __LINE__, __FILE__, $sql);
}
! $message = $lang['Updated_group'] . "
" . sprintf($lang['Click_return_groupsadmin'], "", "") . "
" . sprintf($lang['Click_return_admin_index'], "", "");;
message_die(GENERAL_MESSAGE, $message);
}
! else if( $mode == "newgroup" )
{
! $sql = "SELECT MAX(group_id) AS new_group_id
! FROM " . GROUPS_TABLE;
! if ( !$result = $db->sql_query($sql) )
! {
! message_die(GENERAL_ERROR, "Couldn't insert new group", "", __LINE__, __FILE__, $sql);
! }
! $row = $db->sql_fetchrow($result);
!
! $new_group_id = $row['new_group_id'] + 1;
!
! $sql = "INSERT INTO " . GROUPS_TABLE . " (group_id, group_type, group_name, group_description, group_moderator, group_single_user)
! VALUES ($new_group_id, $group_type, '" . str_replace("\'", "''", $group_name) . "', '" . str_replace("\'", "''", $group_description) . "', $group_moderator, '0')";
! if ( !$result = $db->sql_query($sql) )
{
! message_die(GENERAL_ERROR, "Couldn't insert new group", "", __LINE__, __FILE__, $sql);
}
$sql = "INSERT INTO " . USER_GROUP_TABLE . " (group_id, user_id, user_pending)
VALUES ($new_group_id, $group_moderator, 0)";
! if ( !$result = $db->sql_query($sql) )
{
! message_die(GENERAL_ERROR, "Couldn't insert new user-group info", "", __LINE__, __FILE__, $sql);
}
! $message = $lang['Added_new_group'] . "
" . sprintf($lang['Click_return_groupsadmin'], "", "") . "
" . sprintf($lang['Click_return_admin_index'], "", "");;
message_die(GENERAL_MESSAGE, $message);
}
else
{
! message_die(GENERAL_MESSAGE, $lang['Group_mode_not_selected']);
}
}
}
--- 283,368 ----
FROM " . GROUPS_TABLE . "
WHERE group_single_user <> " . TRUE . "
AND group_id = " . $group_id;
! if ( !($result = $db->sql_query($sql)) )
{
! message_die(GENERAL_ERROR, 'Error getting group information', '', __LINE__, __FILE__, $sql);
}
!
! if( !($group_info = $db->sql_fetchrow($result)) )
{
message_die(GENERAL_MESSAGE, $lang['Group_not_exist']);
}
if ( $group_info['group_moderator'] != $group_moderator )
{
! if ( $delete_old_moderator )
{
$sql = "DELETE FROM " . USER_GROUP_TABLE . "
WHERE user_id = " . $group_info['group_moderator'] . "
AND group_id = " . $group_id;
! if ( !$db->sql_query($sql) )
{
! message_die(GENERAL_ERROR, 'Could not update group moderator', '', __LINE__, __FILE__, $sql);
}
}
!
! $sql = "SELECT user_id
! FROM " . USER_GROUP_TABLE . "
! WHERE user_id = $group_moderator
! AND group_id = $group_id";
! if ( !($result = $db->sql_query($sql)) )
{
! message_die(GENERAL_ERROR, 'Failed to obtain current group moderator info', '', __LINE__, __FILE__, $sql);
! }
!
! if ( !($row = $db->sql_fetchrow($result)) )
! {
! $sql = "INSERT INTO " . USER_GROUP_TABLE . " (group_id, user_id, user_pending)
! VALUES (" . $group_id . ", " . $group_moderator . ", 0)";
! if ( !$db->sql_query($sql) )
! {
! message_die(GENERAL_ERROR, 'Could not update group moderator', '', __LINE__, __FILE__, $sql);
! }
}
}
+
$sql = "UPDATE " . GROUPS_TABLE . "
SET group_type = $group_type, group_name = '" . str_replace("\'", "''", $group_name) . "', group_description = '" . str_replace("\'", "''", $group_description) . "', group_moderator = $group_moderator
WHERE group_id = $group_id";
! if ( !$db->sql_query($sql) )
{
! message_die(GENERAL_ERROR, 'Could not update group', '', __LINE__, __FILE__, $sql);
}
! $message = $lang['Updated_group'] . '
' . sprintf($lang['Click_return_groupsadmin'], '', '') . '
' . sprintf($lang['Click_return_admin_index'], '', '');;
message_die(GENERAL_MESSAGE, $message);
}
! else if( $mode == 'newgroup' )
{
! $sql = "INSERT INTO " . GROUPS_TABLE . " (group_type, group_name, group_description, group_moderator, group_single_user)
! VALUES ($group_type, '" . str_replace("\'", "''", $group_name) . "', '" . str_replace("\'", "''", $group_description) . "', $group_moderator, '0')";
! if ( !$db->sql_query($sql) )
{
! message_die(GENERAL_ERROR, 'Could not insert new group', '', __LINE__, __FILE__, $sql);
}
+ $new_group_id = $db->sql_nextid();
$sql = "INSERT INTO " . USER_GROUP_TABLE . " (group_id, user_id, user_pending)
VALUES ($new_group_id, $group_moderator, 0)";
! if ( !$db->sql_query($sql) )
{
! message_die(GENERAL_ERROR, 'Could not insert new user-group info', '', __LINE__, __FILE__, $sql);
}
! $message = $lang['Added_new_group'] . '
' . sprintf($lang['Click_return_groupsadmin'], '', '') . '
' . sprintf($lang['Click_return_admin_index'], '', '');;
message_die(GENERAL_MESSAGE, $message);
}
else
{
! message_die(GENERAL_MESSAGE, $lang['No_group_action']);
}
}
}
***************
*** 318,359 ****
FROM " . GROUPS_TABLE . "
WHERE group_single_user <> " . TRUE . "
ORDER BY group_name";
! $g_result = $db->sql_query($sql);
! $group_list = $db->sql_fetchrowset($g_result);
! $select_list = "";
$template->set_filenames(array(
! "body" => "admin/group_select_body.tpl")
);
$template->assign_vars(array(
! "L_GROUP_TITLE" => $lang['Group_administration'],
! "L_GROUP_EXPLAIN" => $lang['Group_admin_explain'],
! "L_GROUP_SELECT" => $lang['Select_group'],
! "L_LOOK_UP" => $lang['Look_up_group'],
! "L_CREATE_NEW_GROUP" => $lang['New_group'],
! "S_GROUP_ACTION" => append_sid("admin_groups.$phpEx"),
! "S_GROUP_SELECT" => $select_list)
);
! //
! // Faking the IF... ELSE statements again...
! //
! if( count($group_list) > 0 )
{
! $template->assign_block_vars("select_box", array());
}
$template->pparse('body');
}
! include('page_footer_admin.'.$phpEx);
?>
--- 372,417 ----
FROM " . GROUPS_TABLE . "
WHERE group_single_user <> " . TRUE . "
ORDER BY group_name";
! if ( !($result = $db->sql_query($sql)) )
! {
! message_die(GENERAL_ERROR, 'Could not obtain group list', '', __LINE__, __FILE__, $sql);
! }
! $select_list = '';
! if ( $row = $db->sql_fetchrow($result) )
{
! $select_list .= '';
}
$template->set_filenames(array(
! 'body' => 'admin/group_select_body.tpl')
);
$template->assign_vars(array(
! 'L_GROUP_TITLE' => $lang['Group_administration'],
! 'L_GROUP_EXPLAIN' => $lang['Group_admin_explain'],
! 'L_GROUP_SELECT' => $lang['Select_group'],
! 'L_LOOK_UP' => $lang['Look_up_group'],
! 'L_CREATE_NEW_GROUP' => $lang['New_group'],
! 'S_GROUP_ACTION' => append_sid("admin_groups.$phpEx"),
! 'S_GROUP_SELECT' => $select_list)
);
! if ( $select_list != '' )
{
! $template->assign_block_vars('select_box', array());
}
$template->pparse('body');
}
! include('./page_footer_admin.'.$phpEx);
?>
diff -crN phpbb200/admin/admin_mass_email.php phpbb2023/admin/admin_mass_email.php
*** phpbb200/admin/admin_mass_email.php Sat Jul 10 20:16:13 2004
--- phpbb2023/admin/admin_mass_email.php Sun Feb 10 18:19:53 2008
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_mass_email.php,v 1.15 2002/04/02 21:13:47 the_systech Exp $
*
****************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_mass_email.php 3966 2003-05-03 23:24:04Z acydburn $
*
****************************************************************************/
***************
*** 33,41 ****
// Load default header
//
$no_page_header = TRUE;
! $phpbb_root_path = "../";
require($phpbb_root_path . 'extension.inc');
! require('pagestart.' . $phpEx);
//
// Increase maximum execution time in case of a lot of users, but don't complain about it if it isn't
--- 33,41 ----
// Load default header
//
$no_page_header = TRUE;
! $phpbb_root_path = './../';
require($phpbb_root_path . 'extension.inc');
! require('./pagestart.' . $phpEx);
//
// Increase maximum execution time in case of a lot of users, but don't complain about it if it isn't
***************
*** 43,150 ****
//
@set_time_limit(1200);
! $message = "";
! $subject = "";
//
// Do the job ...
//
! if( isset($HTTP_POST_VARS['submit']) )
{
! $group_id = intval($HTTP_POST_VARS[POST_GROUPS_URL]);
! if( $group_id != -1 )
{
! $sql = "SELECT u.user_email
! FROM " . USERS_TABLE . " u, " . USER_GROUP_TABLE . " ug
! WHERE ug.group_id = $group_id
! AND ug.user_pending <> " . TRUE . "
! AND u.user_id = ug.user_id";
}
! else
{
! $sql = "SELECT user_email
! FROM " . USERS_TABLE;
}
! if( !$result = $db->sql_query($sql) )
{
! message_die(GENERAL_ERROR, "Coult not select group members!", __LINE__, __FILE__, $sql);
}
! if( !$db->sql_numrows($result) )
{
! //
! // Output a relevant GENERAL_MESSAGE about users/group
! // not existing
! //
}
! $email_list = $db->sql_fetchrowset($g_result);
!
! $subject = stripslashes($HTTP_POST_VARS["subject"]);
! $message = stripslashes($HTTP_POST_VARS["message"]);
!
! //
! // Error checking needs to go here ... if no subject and/or
! // no message then skip over the send and return to the form
! //
! $error = FALSE;
! if( !$error )
{
include($phpbb_root_path . 'includes/emailer.'.$phpEx);
//
// Let's do some checking to make sure that mass mail functions
// are working in win32 versions of php.
//
! if( preg_match('/[c-z]:\\\.*/i', getenv('PATH')) && !$board_config['smtp_delivery'])
{
! // We are running on windows, force delivery to use
! // our smtp functions since php's are broken by default
$board_config['smtp_delivery'] = 1;
! $board_config['smtp_host'] = get_cfg_var('SMTP');
}
$emailer = new emailer($board_config['smtp_delivery']);
! $email_headers = "From: " . $board_config['board_email'] . "\n";
! $bcc_list = "";
! for($i = 0; $i < count($email_list); $i++)
{
! if( $bcc_list != "" )
! {
! $bcc_list .= ", ";
! }
! $bcc_list .= $email_list[$i]['user_email'];
}
- $email_headers .= "Bcc: $bcc_list\n";
-
- $email_headers .= "Return-Path: " . $userdata['board_email'] . "\n";
- $email_headers .= "X-AntiAbuse: Board servername - " . $server_name . "\n";
- $email_headers .= "X-AntiAbuse: User_id - " . $userdata['user_id'] . "\n";
- $email_headers .= "X-AntiAbuse: Username - " . $userdata['username'] . "\n";
- $email_headers .= "X-AntiAbuse: User IP - " . decode_ip($user_ip) . "\r\n";
! $emailer->use_template("admin_send_email");
$emailer->email_address($board_config['board_email']);
$emailer->set_subject($subject);
$emailer->extra_headers($email_headers);
$emailer->assign_vars(array(
! "SITENAME" => $board_config['sitename'],
! "BOARD_EMAIL" => $board_config['board_email'],
! "MESSAGE" => $message)
);
$emailer->send();
$emailer->reset();
! $message = $lang['Email_sent'] . "
" . sprintf($lang['Click_return_admin_index'], "", "");
!
! message_die(GENERAL_MESSAGE, $message);
}
}
//
// Initial selection
//
--- 43,162 ----
//
@set_time_limit(1200);
! $message = '';
! $subject = '';
//
// Do the job ...
//
! if ( isset($HTTP_POST_VARS['submit']) )
{
! $subject = stripslashes(trim($HTTP_POST_VARS['subject']));
! $message = stripslashes(trim($HTTP_POST_VARS['message']));
!
! $error = FALSE;
! $error_msg = '';
! if ( empty($subject) )
{
! $error = true;
! $error_msg .= ( !empty($error_msg) ) ? '
' . $lang['Empty_subject'] : $lang['Empty_subject'];
}
!
! if ( empty($message) )
{
! $error = true;
! $error_msg .= ( !empty($error_msg) ) ? '
' . $lang['Empty_message'] : $lang['Empty_message'];
}
! $group_id = intval($HTTP_POST_VARS[POST_GROUPS_URL]);
!
! $sql = ( $group_id != -1 ) ? "SELECT u.user_email FROM " . USERS_TABLE . " u, " . USER_GROUP_TABLE . " ug WHERE ug.group_id = $group_id AND ug.user_pending <> " . TRUE . " AND u.user_id = ug.user_id" : "SELECT user_email FROM " . USERS_TABLE;
! if ( !($result = $db->sql_query($sql)) )
{
! message_die(GENERAL_ERROR, 'Could not select group members', '', __LINE__, __FILE__, $sql);
}
! if ( $row = $db->sql_fetchrow($result) )
{
! $bcc_list = array();
! do
! {
! $bcc_list[] = $row['user_email'];
! }
! while ( $row = $db->sql_fetchrow($result) );
!
! $db->sql_freeresult($result);
}
+ else
+ {
+ $message = ( $group_id != -1 ) ? $lang['Group_not_exist'] : $lang['No_such_user'];
! $error = true;
! $error_msg .= ( !empty($error_msg) ) ? '
' . $message : $message;
! }
! if ( !$error )
{
include($phpbb_root_path . 'includes/emailer.'.$phpEx);
+
//
// Let's do some checking to make sure that mass mail functions
// are working in win32 versions of php.
//
! if ( preg_match('/[c-z]:\\\.*/i', getenv('PATH')) && !$board_config['smtp_delivery'])
{
! $ini_val = ( @phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var';
!
! // We are running on windows, force delivery to use our smtp functions
! // since php's are broken by default
$board_config['smtp_delivery'] = 1;
! $board_config['smtp_host'] = @$ini_val('SMTP');
}
+
$emailer = new emailer($board_config['smtp_delivery']);
! $emailer->from($board_config['board_email']);
! $emailer->replyto($board_config['board_email']);
! for ($i = 0; $i < count($bcc_list); $i++)
{
! $emailer->bcc($bcc_list[$i]);
}
! $email_headers = 'X-AntiAbuse: Board servername - ' . $board_config['server_name'] . "\n";
! $email_headers .= 'X-AntiAbuse: User_id - ' . $userdata['user_id'] . "\n";
! $email_headers .= 'X-AntiAbuse: Username - ' . $userdata['username'] . "\n";
! $email_headers .= 'X-AntiAbuse: User IP - ' . decode_ip($user_ip) . "\n";
!
! $emailer->use_template('admin_send_email');
$emailer->email_address($board_config['board_email']);
$emailer->set_subject($subject);
$emailer->extra_headers($email_headers);
$emailer->assign_vars(array(
! 'SITENAME' => $board_config['sitename'],
! 'BOARD_EMAIL' => $board_config['board_email'],
! 'MESSAGE' => $message)
);
$emailer->send();
$emailer->reset();
! message_die(GENERAL_MESSAGE, $lang['Email_sent'] . '
' . sprintf($lang['Click_return_admin_index'], '', ''));
}
}
+ if ( $error )
+ {
+ $template->set_filenames(array(
+ 'reg_header' => 'error_body.tpl')
+ );
+ $template->assign_vars(array(
+ 'ERROR_MESSAGE' => $error_msg)
+ );
+ $template->assign_var_from_handle('ERROR_BOX', 'reg_header');
+ }
+
//
// Initial selection
//
***************
*** 152,198 ****
$sql = "SELECT group_id, group_name
FROM ".GROUPS_TABLE . "
WHERE group_single_user <> 1";
! $g_result = $db->sql_query($sql);
! $group_list = $db->sql_fetchrowset($g_result);
!
! $select_list = '";
//
// Generate page
//
! include('page_header_admin.'.$phpEx);
$template->set_filenames(array(
! "body" => "admin/user_email_body.tpl")
);
$template->assign_vars(array(
! "MESSAGE" => $message,
! "SUBJECT" => $subject,
! "L_EMAIL_TITLE" => $lang['Email'],
! "L_EMAIL_EXPLAIN" => $lang['Mass_email_explain'],
! "L_COMPOSE" => $lang['Compose'],
! "L_RECIPIENTS" => $lang['Recipients'],
! "L_EMAIL_SUBJECT" => $lang['Subject'],
! "L_EMAIL_MSG" => $lang['Message'],
! "L_EMAIL" => $lang['Email'],
! "L_NOTICE" => $notice,
! "S_USER_ACTION" => append_sid('admin_mass_email.'.$phpEx),
! "S_GROUP_SELECT" => $select_list)
);
$template->pparse('body');
! include('page_footer_admin.'.$phpEx);
! ?>
--- 164,213 ----
$sql = "SELECT group_id, group_name
FROM ".GROUPS_TABLE . "
WHERE group_single_user <> 1";
! if ( !($result = $db->sql_query($sql)) )
! {
! message_die(GENERAL_ERROR, 'Could not obtain list of groups', '', __LINE__, __FILE__, $sql);
! }
! $select_list = '';
//
// Generate page
//
! include('./page_header_admin.'.$phpEx);
$template->set_filenames(array(
! 'body' => 'admin/user_email_body.tpl')
);
$template->assign_vars(array(
! 'MESSAGE' => $message,
! 'SUBJECT' => $subject,
! 'L_EMAIL_TITLE' => $lang['Email'],
! 'L_EMAIL_EXPLAIN' => $lang['Mass_email_explain'],
! 'L_COMPOSE' => $lang['Compose'],
! 'L_RECIPIENTS' => $lang['Recipients'],
! 'L_EMAIL_SUBJECT' => $lang['Subject'],
! 'L_EMAIL_MSG' => $lang['Message'],
! 'L_EMAIL' => $lang['Email'],
! 'L_NOTICE' => $notice,
! 'S_USER_ACTION' => append_sid('admin_mass_email.'.$phpEx),
! 'S_GROUP_SELECT' => $select_list)
);
$template->pparse('body');
! include('./page_footer_admin.'.$phpEx);
! ?>
\ No newline at end of file
diff -crN phpbb200/admin/admin_ranks.php phpbb2023/admin/admin_ranks.php
*** phpbb200/admin/admin_ranks.php Sat Jul 10 20:16:13 2004
--- phpbb2023/admin/admin_ranks.php Sun Feb 10 18:19:53 2008
***************
*** 6,13 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_ranks.php,v 1.13 2002/03/22 17:00:32 psotfx Exp $
! *
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_ranks.php 8377 2008-02-10 12:52:05Z acydburn $
*
***************************************************************************/
***************
*** 20,44 ****
*
***************************************************************************/
- define('IN_PHPBB', 1);
-
if( !empty($setmodules) )
{
$file = basename(__FILE__);
! $module['Users']['Ranks'] = "$file";
return;
}
//
// Let's set the root dir for phpBB
//
! $phpbb_root_path = "../";
require($phpbb_root_path . 'extension.inc');
! require('pagestart.' . $phpEx);
if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
{
! $mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
}
else
{
--- 19,53 ----
*
***************************************************************************/
if( !empty($setmodules) )
{
$file = basename(__FILE__);
! $module['Users']['Ranks'] = $file;
return;
}
+ define('IN_PHPBB', 1);
+
//
// Let's set the root dir for phpBB
//
! $phpbb_root_path = "./../";
require($phpbb_root_path . 'extension.inc');
!
! $cancel = ( isset($HTTP_POST_VARS['cancel']) || isset($_POST['cancel']) ) ? true : false;
! $no_page_header = $cancel;
!
! require('./pagestart.' . $phpEx);
!
! if ($cancel)
! {
! redirect('admin/' . append_sid("admin_ranks.$phpEx", true));
! }
if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
{
! $mode = (isset($HTTP_GET_VARS['mode'])) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
! $mode = htmlspecialchars($mode);
}
else
{
***************
*** 59,64 ****
--- 68,75 ----
}
}
+ // Restrict mode input to valid options
+ $mode = ( in_array($mode, array('add', 'edit', 'save', 'delete')) ) ? $mode : '';
if( $mode != "" )
{
***************
*** 162,169 ****
}
}
! if( $rank_id )
{
$sql = "UPDATE " . RANKS_TABLE . "
SET rank_title = '" . str_replace("\'", "''", $rank_title) . "', rank_special = $special_rank, rank_min = $min_posts, rank_image = '" . str_replace("\'", "''", $rank_image) . "'
WHERE rank_id = $rank_id";
--- 173,191 ----
}
}
! if ($rank_id)
{
+ if (!$special_rank)
+ {
+ $sql = "UPDATE " . USERS_TABLE . "
+ SET user_rank = 0
+ WHERE user_rank = $rank_id";
+
+ if( !$result = $db->sql_query($sql) )
+ {
+ message_die(GENERAL_ERROR, $lang['No_update_ranks'], "", __LINE__, __FILE__, $sql);
+ }
+ }
$sql = "UPDATE " . RANKS_TABLE . "
SET rank_title = '" . str_replace("\'", "''", $rank_title) . "', rank_special = $special_rank, rank_min = $min_posts, rank_image = '" . str_replace("\'", "''", $rank_image) . "'
WHERE rank_id = $rank_id";
***************
*** 202,209 ****
{
$rank_id = 0;
}
! if( $rank_id )
{
$sql = "DELETE FROM " . RANKS_TABLE . "
WHERE rank_id = $rank_id";
--- 224,233 ----
{
$rank_id = 0;
}
+
+ $confirm = isset($HTTP_POST_VARS['confirm']);
! if( $rank_id && $confirm )
{
$sql = "DELETE FROM " . RANKS_TABLE . "
WHERE rank_id = $rank_id";
***************
*** 227,365 ****
message_die(GENERAL_MESSAGE, $message);
}
! else
! {
! message_die(GENERAL_MESSAGE, $lang['Must_select_rank']);
! }
! }
! else
! {
! //
! // They didn't feel like giving us any information. Oh, too bad, we'll just display the
! // list then...
! //
! $template->set_filenames(array(
! "body" => "admin/ranks_list_body.tpl")
! );
!
! $sql = "SELECT * FROM " . RANKS_TABLE . "
! ORDER BY rank_min, rank_title";
! if( !$result = $db->sql_query($sql) )
! {
! message_die(GENERAL_ERROR, "Couldn't obtain ranks data", "", __LINE__, __FILE__, $sql);
! }
!
! $rank_rows = $db->sql_fetchrowset($result);
! $rank_count = count($rank_rows);
!
! $template->assign_vars(array(
! "L_RANKS_TITLE" => $lang['Ranks_title'],
! "L_RANKS_TEXT" => $lang['Ranks_explain'],
! "L_RANK" => $lang['Rank'],
! "L_RANK_MINIMUM" => $lang['Rank_minimum'],
! "L_SPECIAL_RANK" => $lang['Special_rank'],
! "L_EDIT" => $lang['Edit'],
! "L_DELETE" => $lang['Delete'],
! "L_ADD_RANK" => $lang['Add_new_rank'],
! "L_ACTION" => $lang['Action'],
!
! "S_RANKS_ACTION" => append_sid("admin_ranks.$phpEx"))
! );
!
! for( $i = 0; $i < $rank_count; $i++)
{
! $rank = $rank_rows[$i]['rank_title'];
! $special_rank = $rank_rows[$i]['rank_special'];
! $rank_id = $rank_rows[$i]['rank_id'];
! $rank_min = $rank_rows[$i]['rank_min'];
! if($special_rank)
! {
! $rank_min = $rank_max = "-";
! }
!
! $row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
! $row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];
!
! $template->assign_block_vars("ranks", array(
! "ROW_COLOR" => "#" . $row_color,
! "ROW_CLASS" => $row_class,
! "RANK" => $rank,
! "RANK_MIN" => $rank_min,
! "SPECIAL_RANK" => ( $special_rank == 1 ) ? $lang['Yes'] : $lang['No'],
! "U_RANK_EDIT" => append_sid("admin_ranks.$phpEx?mode=edit&id=$rank_id"),
! "U_RANK_DELETE" => append_sid("admin_ranks.$phpEx?mode=delete&id=$rank_id"))
);
}
}
}
! else
{
! //
! // Show the default page
! //
! $template->set_filenames(array(
! "body" => "admin/ranks_list_body.tpl")
! );
!
! $sql = "SELECT * FROM " . RANKS_TABLE . "
! ORDER BY rank_min ASC, rank_special ASC";
! if( !$result = $db->sql_query($sql) )
! {
! message_die(GENERAL_ERROR, "Couldn't obtain ranks data", "", __LINE__, __FILE__, $sql);
! }
! $rank_count = $db->sql_numrows($result);
! $rank_rows = $db->sql_fetchrowset($result);
! $template->assign_vars(array(
! "L_RANKS_TITLE" => $lang['Ranks_title'],
! "L_RANKS_TEXT" => $lang['Ranks_explain'],
! "L_RANK" => $lang['Rank_title'],
! "L_RANK_MINIMUM" => $lang['Rank_minimum'],
! "L_SPECIAL_RANK" => $lang['Rank_special'],
! "L_EDIT" => $lang['Edit'],
! "L_DELETE" => $lang['Delete'],
! "L_ADD_RANK" => $lang['Add_new_rank'],
! "L_ACTION" => $lang['Action'],
!
! "S_RANKS_ACTION" => append_sid("admin_ranks.$phpEx"))
! );
! for($i = 0; $i < $rank_count; $i++)
{
! $rank = $rank_rows[$i]['rank_title'];
! $special_rank = $rank_rows[$i]['rank_special'];
! $rank_id = $rank_rows[$i]['rank_id'];
! $rank_min = $rank_rows[$i]['rank_min'];
!
! if( $special_rank == 1 )
! {
! $rank_min = $rank_max = "-";
! }
! $row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
! $row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];
! $rank_is_special = ( $special_rank ) ? $lang['Yes'] : $lang['No'];
!
! $template->assign_block_vars("ranks", array(
! "ROW_COLOR" => "#" . $row_color,
! "ROW_CLASS" => $row_class,
! "RANK" => $rank,
! "SPECIAL_RANK" => $rank_is_special,
! "RANK_MIN" => $rank_min,
! "U_RANK_EDIT" => append_sid("admin_ranks.$phpEx?mode=edit&id=$rank_id"),
! "U_RANK_DELETE" => append_sid("admin_ranks.$phpEx?mode=delete&id=$rank_id"))
! );
! }
}
$template->pparse("body");
! include('page_footer_admin.'.$phpEx);
?>
--- 251,349 ----
message_die(GENERAL_MESSAGE, $message);
}
! elseif( $rank_id && !$confirm)
{
! // Present the confirmation screen to the user
! $template->set_filenames(array(
! 'body' => 'admin/confirm_body.tpl')
! );
! $hidden_fields = '';
!
! $template->assign_vars(array(
! 'MESSAGE_TITLE' => $lang['Confirm'],
! 'MESSAGE_TEXT' => $lang['Confirm_delete_rank'],
! 'L_YES' => $lang['Yes'],
! 'L_NO' => $lang['No'],
! 'S_CONFIRM_ACTION' => append_sid("admin_ranks.$phpEx"),
! 'S_HIDDEN_FIELDS' => $hidden_fields)
);
}
+ else
+ {
+ message_die(GENERAL_MESSAGE, $lang['Must_select_rank']);
+ }
}
+
+ $template->pparse("body");
+
+ include('./page_footer_admin.'.$phpEx);
}
!
! //
! // Show the default page
! //
! $template->set_filenames(array(
! "body" => "admin/ranks_list_body.tpl")
! );
!
! $sql = "SELECT * FROM " . RANKS_TABLE . "
! ORDER BY rank_min ASC, rank_special ASC";
! if( !$result = $db->sql_query($sql) )
{
! message_die(GENERAL_ERROR, "Couldn't obtain ranks data", "", __LINE__, __FILE__, $sql);
! }
! $rank_count = $db->sql_numrows($result);
!
! $rank_rows = $db->sql_fetchrowset($result);
! $template->assign_vars(array(
! "L_RANKS_TITLE" => $lang['Ranks_title'],
! "L_RANKS_TEXT" => $lang['Ranks_explain'],
! "L_RANK" => $lang['Rank_title'],
! "L_RANK_MINIMUM" => $lang['Rank_minimum'],
! "L_SPECIAL_RANK" => $lang['Rank_special'],
! "L_EDIT" => $lang['Edit'],
! "L_DELETE" => $lang['Delete'],
! "L_ADD_RANK" => $lang['Add_new_rank'],
! "L_ACTION" => $lang['Action'],
! "S_RANKS_ACTION" => append_sid("admin_ranks.$phpEx"))
! );
!
! for($i = 0; $i < $rank_count; $i++)
! {
! $rank = $rank_rows[$i]['rank_title'];
! $special_rank = $rank_rows[$i]['rank_special'];
! $rank_id = $rank_rows[$i]['rank_id'];
! $rank_min = $rank_rows[$i]['rank_min'];
! if( $special_rank == 1 )
{
! $rank_min = $rank_max = "-";
! }
! $row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
! $row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];
! $rank_is_special = ( $special_rank ) ? $lang['Yes'] : $lang['No'];
!
! $template->assign_block_vars("ranks", array(
! "ROW_COLOR" => "#" . $row_color,
! "ROW_CLASS" => $row_class,
! "RANK" => $rank,
! "SPECIAL_RANK" => $rank_is_special,
! "RANK_MIN" => $rank_min,
! "U_RANK_EDIT" => append_sid("admin_ranks.$phpEx?mode=edit&id=$rank_id"),
! "U_RANK_DELETE" => append_sid("admin_ranks.$phpEx?mode=delete&id=$rank_id"))
! );
}
$template->pparse("body");
! include('./page_footer_admin.'.$phpEx);
?>
diff -crN phpbb200/admin/admin_smilies.php phpbb2023/admin/admin_smilies.php
*** phpbb200/admin/admin_smilies.php Sat Jul 10 20:16:13 2004
--- phpbb2023/admin/admin_smilies.php Sun Feb 10 18:19:53 2008
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_smilies.php,v 1.22 2002/03/24 00:15:36 psotfx Exp $
*
****************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_smilies.php 8377 2008-02-10 12:52:05Z acydburn $
*
****************************************************************************/
***************
*** 36,55 ****
return;
}
//
// Load default header
//
! if( isset($HTTP_GET_VARS['export_pack']) )
{
! if ( $HTTP_GET_VARS['export_pack'] == "send" )
! {
! $no_page_header = true;
! }
}
! $phpbb_root_path = "../";
! require($phpbb_root_path . 'extension.inc');
! require('pagestart.' . $phpEx);
//
// Check to see what mode we should operate in.
--- 36,61 ----
return;
}
+ $phpbb_root_path = "./../";
+ require($phpbb_root_path . 'extension.inc');
+
+ $cancel = ( isset($HTTP_POST_VARS['cancel']) || isset($_POST['cancel']) ) ? true : false;
+ $no_page_header = $cancel;
+
//
// Load default header
//
! if ((!empty($HTTP_GET_VARS['export_pack']) && $HTTP_GET_VARS['export_pack'] == 'send') || (!empty($_GET['export_pack']) && $_GET['export_pack'] == 'send'))
{
! $no_page_header = true;
}
! require('./pagestart.' . $phpEx);
!
! if ($cancel)
! {
! redirect('admin/' . append_sid("admin_smilies.$phpEx", true));
! }
//
// Check to see what mode we should operate in.
***************
*** 57,62 ****
--- 63,69 ----
if( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) )
{
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
+ $mode = htmlspecialchars($mode);
}
else
{
***************
*** 72,78 ****
while($file = @readdir($dir))
{
! if( !@is_dir($phpbb_root_path . $board_config['smilies_path'] . '/' . $file) )
{
$img_size = @getimagesize($phpbb_root_path . $board_config['smilies_path'] . '/' . $file);
--- 79,85 ----
while($file = @readdir($dir))
{
! if( !@is_dir(phpbb_realpath($phpbb_root_path . $board_config['smilies_path'] . '/' . $file)) )
{
$img_size = @getimagesize($phpbb_root_path . $board_config['smilies_path'] . '/' . $file);
***************
*** 239,245 ****
FROM " . SMILIES_TABLE;
if( !$result = $db->sql_query($sql) )
{
! message_die(GENERAL_ERROR, "Couldn't delete smiley", "", __LINE__, __FILE__, $sql);
}
$resultset = $db->sql_fetchrowset($result);
--- 246,252 ----
FROM " . SMILIES_TABLE;
if( !$result = $db->sql_query($sql) )
{
! message_die(GENERAL_ERROR, "Could not get smiley list", "", __LINE__, __FILE__, $sql);
}
$resultset = $db->sql_fetchrowset($result);
***************
*** 265,271 ****
message_die(GENERAL_MESSAGE, $message);
}
! else if( isset($HTTP_POST_VARS['add']) )
{
//
// Admin has selected to add a smiley.
--- 272,278 ----
message_die(GENERAL_MESSAGE, $message);
}
! else if( isset($HTTP_POST_VARS['add']) || isset($HTTP_GET_VARS['add']) )
{
//
// Admin has selected to add a smiley.
***************
*** 286,292 ****
$template->assign_vars(array(
"L_SMILEY_TITLE" => $lang['smiley_title'],
"L_SMILEY_CONFIG" => $lang['smiley_config'],
! "L_SMILEY_EXPLAIN" => $lang['smiley_instr'],
"L_SMILEY_CODE" => $lang['smiley_code'],
"L_SMILEY_URL" => $lang['smiley_url'],
"L_SMILEY_EMOTION" => $lang['smiley_emot'],
--- 293,299 ----
$template->assign_vars(array(
"L_SMILEY_TITLE" => $lang['smiley_title'],
"L_SMILEY_CONFIG" => $lang['smiley_config'],
! "L_SMILEY_EXPLAIN" => $lang['smile_desc'],
"L_SMILEY_CODE" => $lang['smiley_code'],
"L_SMILEY_URL" => $lang['smiley_url'],
"L_SMILEY_EMOTION" => $lang['smiley_emot'],
***************
*** 313,330 ****
//
$smiley_id = ( !empty($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id'];
! $sql = "DELETE FROM " . SMILIES_TABLE . "
! WHERE smilies_id = " . $smiley_id;
! $result = $db->sql_query($sql);
! if( !$result )
{
! message_die(GENERAL_ERROR, "Couldn't delete smiley", "", __LINE__, __FILE__, $sql);
! }
! $message = $lang['smiley_del_success'] . "
" . sprintf($lang['Click_return_smileadmin'], "", "") . "
" . sprintf($lang['Click_return_admin_index'], "", "");
! message_die(GENERAL_MESSAGE, $message);
break;
case 'edit':
--- 320,364 ----
//
$smiley_id = ( !empty($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id'];
+ $smiley_id = intval($smiley_id);
! $confirm = isset($HTTP_POST_VARS['confirm']);
!
! if( $confirm )
{
! $sql = "DELETE FROM " . SMILIES_TABLE . "
! WHERE smilies_id = " . $smiley_id;
! $result = $db->sql_query($sql);
! if( !$result )
! {
! message_die(GENERAL_ERROR, "Couldn't delete smiley", "", __LINE__, __FILE__, $sql);
! }
! $message = $lang['smiley_del_success'] . "
" . sprintf($lang['Click_return_smileadmin'], "", "") . "
" . sprintf($lang['Click_return_admin_index'], "", "");
! message_die(GENERAL_MESSAGE, $message);
! }
! else
! {
! // Present the confirmation screen to the user
! $template->set_filenames(array(
! 'body' => 'admin/confirm_body.tpl')
! );
!
! $hidden_fields = '';
!
! $template->assign_vars(array(
! 'MESSAGE_TITLE' => $lang['Confirm'],
! 'MESSAGE_TEXT' => $lang['Confirm_delete_smiley'],
!
! 'L_YES' => $lang['Yes'],
! 'L_NO' => $lang['No'],
!
! 'S_CONFIRM_ACTION' => append_sid("admin_smilies.$phpEx"),
! 'S_HIDDEN_FIELDS' => $hidden_fields)
! );
! $template->pparse('body');
! }
break;
case 'edit':
***************
*** 333,338 ****
--- 367,373 ----
//
$smiley_id = ( !empty($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id'];
+ $smiley_id = intval($smiley_id);
$sql = "SELECT *
FROM " . SMILIES_TABLE . "
***************
*** 340,346 ****
$result = $db->sql_query($sql);
if( !$result )
{
! message_die(GENERAL_ERROR, $lang['smile_edit_err'], "", __LINE__, __FILE__, $sql);
}
$smile_data = $db->sql_fetchrow($result);
--- 375,381 ----
$result = $db->sql_query($sql);
if( !$result )
{
! message_die(GENERAL_ERROR, 'Could not obtain emoticon information', "", __LINE__, __FILE__, $sql);
}
$smile_data = $db->sql_fetchrow($result);
***************
*** 399,408 ****
// Get the submitted data, being careful to ensure that we only
// accept the data we are looking for.
//
! $smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? $HTTP_POST_VARS['smile_code'] : $HTTP_GET_VARS['smile_code'];
! $smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : $HTTP_GET_VARS['smile_url'];
! $smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? $HTTP_POST_VARS['smile_emotion'] : $HTTP_GET_VARS['smile_emotion'];
! $smile_id = ( isset($HTTP_POST_VARS['smile_id']) ) ? intval($HTTP_POST_VARS['smile_id']) : intval($HTTP_GET_VARS['smile_id']);
//
// Convert < and > to proper htmlentities for parsing.
//
--- 434,453 ----
// Get the submitted data, being careful to ensure that we only
// accept the data we are looking for.
//
! $smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? trim($HTTP_POST_VARS['smile_code']) : '';
! $smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? trim($HTTP_POST_VARS['smile_url']) : '';
! $smile_url = phpbb_ltrim(basename($smile_url), "'");
! $smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? htmlspecialchars(trim($HTTP_POST_VARS['smile_emotion'])) : '';
! $smile_id = ( isset($HTTP_POST_VARS['smile_id']) ) ? intval($HTTP_POST_VARS['smile_id']) : 0;
! $smile_code = trim($smile_code);
! $smile_url = trim($smile_url);
!
! // If no code was entered complain ...
! if ($smile_code == '' || $smile_url == '')
! {
! message_die(GENERAL_MESSAGE, $lang['Fields_empty']);
! }
!
//
// Convert < and > to proper htmlentities for parsing.
//
***************
*** 415,422 ****
$sql = "UPDATE " . SMILIES_TABLE . "
SET code = '" . str_replace("\'", "''", $smile_code) . "', smile_url = '" . str_replace("\'", "''", $smile_url) . "', emoticon = '" . str_replace("\'", "''", $smile_emotion) . "'
WHERE smilies_id = $smile_id";
! $result = $db->sql_query($sql);
! if( !$result )
{
message_die(GENERAL_ERROR, "Couldn't update smilies info", "", __LINE__, __FILE__, $sql);
}
--- 460,466 ----
$sql = "UPDATE " . SMILIES_TABLE . "
SET code = '" . str_replace("\'", "''", $smile_code) . "', smile_url = '" . str_replace("\'", "''", $smile_url) . "', emoticon = '" . str_replace("\'", "''", $smile_emotion) . "'
WHERE smilies_id = $smile_id";
! if( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, "Couldn't update smilies info", "", __LINE__, __FILE__, $sql);
}
***************
*** 435,443 ****
// Get the submitted data being careful to ensure the the data
// we recieve and process is only the data we are looking for.
//
! $smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? $HTTP_POST_VARS['smile_code'] : $HTTP_GET_VARS['smile_code'];
! $smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : $HTTP_GET_VARS['smile_url'];
! $smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? $HTTP_POST_VARS['smile_emotion'] : $HTTP_GET_VARS['smile_emotion'];
//
// Convert < and > to proper htmlentities for parsing.
--- 479,496 ----
// Get the submitted data being careful to ensure the the data
// we recieve and process is only the data we are looking for.
//
! $smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? $HTTP_POST_VARS['smile_code'] : '';
! $smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : '';
! $smile_url = phpbb_ltrim(basename($smile_url), "'");
! $smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? htmlspecialchars(trim($HTTP_POST_VARS['smile_emotion'])) : '';
! $smile_code = trim($smile_code);
! $smile_url = trim($smile_url);
!
! // If no code was entered complain ...
! if ($smile_code == '' || $smile_url == '')
! {
! message_die(GENERAL_MESSAGE, $lang['Fields_empty']);
! }
//
// Convert < and > to proper htmlentities for parsing.
***************
*** 536,541 ****
//
// Page Footer
//
! include('page_footer_admin.'.$phpEx);
! ?>
--- 589,594 ----
//
// Page Footer
//
! include('./page_footer_admin.'.$phpEx);
! ?>
\ No newline at end of file
diff -crN phpbb200/admin/admin_styles.php phpbb2023/admin/admin_styles.php
*** phpbb200/admin/admin_styles.php Sat Jul 10 20:16:13 2004
--- phpbb2023/admin/admin_styles.php Sun Feb 10 18:19:53 2008
***************
*** 6,12 ****
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_styles.php,v 1.27 2002/04/02 21:13:47 the_systech Exp $
*
*
***************************************************************************/
--- 6,12 ----
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
! * $Id: admin_styles.php 8377 2008-02-10 12:52:05Z acydburn $
*
*
***************************************************************************/
***************
*** 27,33 ****
$file = basename(__FILE__);
$module['Styles']['Add_new'] = "$file?mode=addnew";
$module['Styles']['Create_new'] = "$file?mode=create";
! $module['Styles']['Manage'] = "$file";
$module['Styles']['Export'] = "$file?mode=export";
return;
}
--- 27,33 ----
$file = basename(__FILE__);
$module['Styles']['Add_new'] = "$file?mode=addnew";
$module['Styles']['Create_new'] = "$file?mode=create";
! $module['Styles']['Manage'] = $file;
$module['Styles']['Export'] = "$file?mode=export";
return;
}
***************
*** 38,63 ****
//
// Check if the user has cancled a confirmation message.
//
! $phpbb_root_path = "../";
$confirm = ( isset($HTTP_POST_VARS['confirm']) ) ? TRUE : FALSE;
$cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? TRUE : FALSE;
! if( empty($HTTP_POST_VARS['send_file']) )
{
! $no_page_header = ( $cancel ) ? TRUE : FALSE;
! require($phpbb_root_path . 'extension.inc');
! require('pagestart.' . $phpEx);
! }
!
! if( $cancel )
! {
! header("Location: " . append_sid("admin_styles.$phpEx"));
}
if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
{
$mode = ( isset($HTTP_GET_VARS['mode']) ) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
}
else
{
--- 38,65 ----
//
// Check if the user has cancled a confirmation message.
//
! $phpbb_root_path = "./../";
! require($phpbb_root_path . 'extension.inc');
!
! $confirm = (isset($HTTP_POST_VARS['confirm']) || isset($_POST['confirm'])) ? TRUE : FALSE;
! $cancel = (isset($HTTP_POST_VARS['cancel']) || isset($_POST['cancel'])) ? TRUE : FALSE;
!
! $no_page_header = (!empty($HTTP_POST_VARS['send_file']) || !empty($_POST['send_file']) || $cancel) ? TRUE : FALSE;
!
! require('./pagestart.' . $phpEx);
$confirm = ( isset($HTTP_POST_VARS['confirm']) ) ? TRUE : FALSE;
$cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? TRUE : FALSE;
! if ($cancel)
{
! redirect('admin/' . append_sid("admin_styles.$phpEx", true));
}
if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
{
$mode = ( isset($HTTP_GET_VARS['mode']) ) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
+ $mode = htmlspecialchars($mode);
}
else
{
***************
*** 73,79 ****
if( isset($install_to) )
{
! include($phpbb_root_path. "templates/" . $install_to . "/theme_info.cfg");
$template_name = $$install_to;
$found = FALSE;
--- 75,81 ----
if( isset($install_to) )
{
! include($phpbb_root_path. "templates/" . basename($install_to) . "/theme_info.cfg");
$template_name = $$install_to;
$found = FALSE;
***************
*** 132,140 ****
{
while( $sub_dir = @readdir($dir) )
{
! if( !is_file($phpbb_root_path . 'templates/' .$sub_dir) && !is_link($phpbb_root_path . 'templates/' .$sub_dir) && $sub_dir != "." && $sub_dir != ".." && $sub_dir != "CVS" )
{
! if( @file_exists($phpbb_root_path. "templates/" . $sub_dir . "/theme_info.cfg") )
{
include($phpbb_root_path. "templates/" . $sub_dir . "/theme_info.cfg");
--- 134,142 ----
{
while( $sub_dir = @readdir($dir) )
{
! if( !is_file(phpbb_realpath($phpbb_root_path . 'templates/' .$sub_dir)) && !is_link(phpbb_realpath($phpbb_root_path . 'templates/' .$sub_dir)) && $sub_dir != "." && $sub_dir != ".." && $sub_dir != "CVS" )
{
! if( @file_exists(@phpbb_realpath($phpbb_root_path. "templates/" . $sub_dir . "/theme_info.cfg")) )
{
include($phpbb_root_path. "templates/" . $sub_dir . "/theme_info.cfg");
***************
*** 490,496 ****
$themes_title = $lang['Edit_theme'];
$themes_explain = $lang['Edit_theme_explain'];
! $style_id = $HTTP_GET_VARS['style_id'];
$selected_names = array();
$selected_values = array();
--- 492,498 ----
$themes_title = $lang['Edit_theme'];
$themes_explain = $lang['Edit_theme_explain'];
! $style_id = intval($HTTP_GET_VARS['style_id']);
$selected_names = array();
$selected_values = array();
***************
*** 549,555 ****
$s_template_select = '