phpBB 2.0.7 Çıktı (2.0.6 dan 2.0.7 ye değişecek dosyalar)

taNGo · Kayıt: 23 Haziran 2003 Mesajlar: 2563 Nerden: Geriden

Düzenlenecek dosyalar (edit files);

18 Dosya (18 Files)

- groupcp.php
- index.php
- login.php
- memberlist.php
- modcp.php
- posting.php
- privmsg.php
- search.php
- viewforum.php
- viewtopic.php
- includes/auth.php
- includes/bbcode.php
- includes/functions_post.php
- includes/functions_search.php
- includes/page_header.php
- includes/topic_review.php
- includes/usercp_register.php
- templates/subSilver/index_body.tpl

groupcp.php

BUL (FIND)

codeDivStart() $mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];

ALTINA EKLE (AFTER, ADD)

codeDivStart() $mode = htmlspecialchars($mode);

BUL (FIND)

codeDivStart() $sql_in .= ( ( $sql_in != '' ) ? ', ' : '' ) . $members[$i];

BUNUNLA DEĞİŞTİR (REPLACE WITH)

codeDivStart() $sql_in .= ( ( $sql_in != '' ) ? ', ' : '' ) . intval($members[$i]);

index.php

BUL (FIND)

codeDivStart() if( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not query categories list', '', __LINE__, __FILE__, $sql);
}

while( $category_rows[] = $db->sql_fetchrow($result) );

ALTINA EKLE (AFTER, ADD)

codeDivStart() $db->sql_freeresult($result);

BUL (FIND)

codeDivStart() while( $row = $db->sql_fetchrow($result) )
{
$forum_data[] = $row;
}

ALTINA EKLE (AFTER, ADD)

codeDivStart() $db->sql_freeresult($result);

BUL (FIND)

codeDivStart() while( $topic_data = $db->sql_fetchrow($result) )
{
$new_topic_data[$topic_data['forum_id']][$topic_data['topic_id']] = $topic_data['post_time'];
}

ALTINA EKLE (AFTER, ADD)

codeDivStart() $db->sql_freeresult($result);

BUL (FIND)

codeDivStart() while( $row = $db->sql_fetchrow($result) )
{
$forum_moderators[$row['forum_id']][] = '<a href="' . append_sid("profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=" . $row['user_id']) . '">' . $row['username'] . '</a>';
}

ALTINA EKLE (AFTER, ADD)

codeDivStart() $db->sql_freeresult($result);

BUL (FIND)

codeDivStart() while( $row = $db->sql_fetchrow($result) )
{
$forum_moderators[$row['forum_id']][] = '<a href="' . append_sid("groupcp.$phpEx?" . POST_GROUPS_URL . "=" . $row['group_id']) . '">' . $row['group_name'] . '</a>';
}

ALTINA EKLE (AFTER, ADD)

codeDivStart() $db->sql_freeresult($result);

login.php

BUL (FIND)

codeDivStart() if( $session_id )
{
$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? $HTTP_POST_VARS['redirect'] : "index.$phpEx";
redirect(append_sid($url, true));
}

BUNUNLA DEĞİŞTİR (REPLACE WITH)

codeDivStart() if( $session_id )
{
$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : "index.$phpEx";
redirect(append_sid($url, true));
}

BUL (FIND)

codeDivStart() else
{
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? $HTTP_POST_VARS['redirect'] : '';
$redirect = str_replace('?', '&', $redirect);

$template->assign_vars(array(

BUNUNLA DEĞİŞTİR (REPLACE WITH)

codeDivStart() else
{
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : '';
$redirect = str_replace('?', '&', $redirect);

$template->assign_vars(array(

BUL (FIND)

codeDivStart() else
{
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? $HTTP_POST_VARS['redirect'] : "";
$redirect = str_replace("?", "&", $redirect);

$template->assign_vars(array(

BUNUNLA DEĞİŞTİR (REPLACE WITH)

codeDivStart() else
{
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : "";
$redirect = str_replace("?", "&", $redirect);

$template->assign_vars(array(

BUL (FIND)

codeDivStart() if (!empty($HTTP_POST_VARS['redirect']) || !empty($HTTP_GET_VARS['redirect']))
{
$url = (!empty($HTTP_POST_VARS['redirect'])) ? $HTTP_POST_VARS['redirect'] : $HTTP_GET_VARS['redirect'];
redirect(append_sid($url, true));
}
else
{
redirect(append_sid("index.$phpEx", true));
}
}
else
{
$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? $HTTP_POST_VARS['redirect'] : "index.$phpEx";
redirect(append_sid($url, true));
}

BUNUNLA DEĞİŞTİR (REPLACE WITH)

codeDivStart() if (!empty($HTTP_POST_VARS['redirect']) || !empty($HTTP_GET_VARS['redirect']))
{
$url = (!empty($HTTP_POST_VARS['redirect'])) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : htmlspecialchars($HTTP_GET_VARS['redirect']);
redirect(append_sid($url, true));
}
else
{
redirect(append_sid("index.$phpEx", true));
}
}
else
{
$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : "index.$phpEx";
redirect(append_sid($url, true));
}

memberlist.php

BUL (FIND)

codeDivStart() $i++;
}
while ( $row = $db->sql_fetchrow($result) );

ALTINA EKLE (AFTER, ADD)

codeDivStart() $db->sql_freeresult($result);

BUL (FIND)

codeDivStart() $pagination = generate_pagination("memberlist.$phpEx?mode=$mode&order=$sort_order", $total_members, $board_config['topics_per_page'], $start). ' ';
}

ALTINA EKLE (AFTER, ADD)

codeDivStart() $db->sql_freeresult($result);

modcp.php

BUL (FIND)

codeDivStart() $mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];

ALTINA EKLE (AFTER, ADD)

codeDivStart() $mode = htmlspecialchars($mode);

posting.php

BUL (FIND)

codeDivStart() $$var = ( !empty($HTTP_POST_VARS[$param]) ) ? $HTTP_POST_VARS[$param] : $HTTP_GET_VARS[$param];

BUNUNLA DEĞİŞTİR (REPLACE WITH)

codeDivStart() $$var = ( !empty($HTTP_POST_VARS[$param]) ) ? htmlspecialchars($HTTP_POST_VARS[$param]) : htmlspecialchars($HTTP_GET_VARS[$param]);

BUL (FIND)

codeDivStart() $post_info = $db->sql_fetchrow($result);

ALTINA EKLE (AFTER, ADD)

codeDivStart() $db->sql_freeresult($result);

BUL (FIND)

codeDivStart() $poll_results_sum += $row['vote_result'];
}
while ( $row = $db->sql_fetchrow($result) );
}

ALTINA EKLE (AFTER, ADD)

codeDivStart() $db->sql_freeresult($result);

BUL (FIND)

codeDivStart() $notify_user = ( $db->sql_fetchrow($result) ) ? TRUE : $userdata['user_notify'];

ALTINA EKLE (AFTER, ADD)

codeDivStart() $db->sql_freeresult($result);

BUL (FIND)

codeDivStart() if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain user vote data for this topic', '', __LINE__, __FILE__, $sql);
}

if ( !($row = $db->sql_fetchrow($result)) )

BUNUNLA DEĞİŞTİR (REPLACE WITH)

codeDivStart() if ( !($result2 = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain user vote data for this topic', '', __LINE__, __FILE__, $sql);
}

if ( !($row = $db->sql_fetchrow($result2)) )

BUL (FIND)

codeDivStart() $message = $lang['Already_voted'];
}
}
else
{
$message = $lang['No_vote_option'];
}

BUNUNLA DEĞİŞTİR (REPLACE WITH)

codeDivStart() $message = $lang['Already_voted'];
}
$db->sql_freeresult($result2);
}
else
{
$message = $lang['No_vote_option'];
}
$db->sql_freeresult($result);

privmsg.php

BUL (FIND)

codeDivStart() $folder = ( isset($HTTP_POST_VARS['folder']) ) ? $HTTP_POST_VARS['folder'] : $HTTP_GET_VARS['folder'];

ALTINA EKLE (AFTER, ADD)

codeDivStart() $folder = htmlspecialchars($folder);

BUL VE SİL (FIND AND DELETE)
codeDivStart() // session id check
if (!empty($HTTP_POST_VARS['sid']) || !empty($HTTP_GET_VARS['sid']))
{
$sid = (!empty($HTTP_POST_VARS['sid'])) ? $HTTP_POST_VARS['sid'] : $HTTP_GET_VARS['sid'];
}
else
{
$sid = '';
}

BUL (FIND)

codeDivStart() $mode = ( !empty($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];

ALTINA EKLE (AFTER, ADD)

codeDivStart() $mode = htmlspecialchars($mode);

search.php

BUL (FIND)

codeDivStart() if ( intval($search_id) )

BUNUNLA DEĞİŞTİR (REPLACE WITH)

codeDivStart() $search_id = intval($search_id);
if ( $search_id )

viewforum.php

BUL (FIND)

codeDivStart() $topic_days = ( !empty($HTTP_POST_VARS['topicdays']) ) ? $HTTP_POST_VARS['topicdays'] : $HTTP_GET_VARS['topicdays'];

BUNUNLA DEĞİŞTİR (REPLACE WITH)

codeDivStart() $topic_days = ( !empty($HTTP_POST_VARS['topicdays']) ) ? intval($HTTP_POST_VARS['topicdays']) : intval($HTTP_GET_VARS['topicdays']);

viewtopic.php

BUL (FIND)

codeDivStart() $post_days = ( !empty($HTTP_POST_VARS['postdays']) ) ? $HTTP_POST_VARS['postdays'] : $HTTP_GET_VARS['postdays'];

BUNUNLA DEĞİŞTİR (REPLACE WITH)

codeDivStart() $post_days = ( !empty($HTTP_POST_VARS['postdays']) ) ? intval($HTTP_POST_VARS['postdays']) : intval($HTTP_GET_VARS['postdays']);

BUL (FIND)

codeDivStart() $post_order = (!empty($HTTP_POST_VARS['postorder'])) ? $HTTP_POST_VARS['postorder'] : $HTTP_GET_VARS['postorder'];

BUNUNLA DEĞİŞTİR (REPLACE WITH)

codeDivStart() $post_order = (!empty($HTTP_POST_VARS['postorder'])) ? htmlspecialchars($HTTP_POST_VARS['postorder']) : htmlspecialchars($HTTP_GET_VARS['postorder']);

includes/auth.php:

BUL (FIND)

codeDivStart() $u_access[$row['forum_id']][] = $row;
}
}
while( $row = $db->sql_fetchrow($result) );
}

ALTINA EKLE (AFTER, ADD)

codeDivStart() $db->sql_freeresult($result);

includes/bbcode.php

BUL (FIND)

codeDivStart() $bbcode_tpl['url4'] = str_replace('{DESCRIPTION}', '\\5', $bbcode_tpl['url4']);

BUNUNLA DEĞİŞTİR (REPLACE WITH)

codeDivStart() $bbcode_tpl['url4'] = str_replace('{DESCRIPTION}', '\\3', $bbcode_tpl['url4']);

BUL (FIND)

codeDivStart() $replacements[] = $bbcode_tpl['img'];

// matches a [url]xxxx://www.phpbb.com[/url] code..
$patterns[] = "#\[url\]([\w]+?://.*?[^ \"\n\r\t<]*?)\[/url\]#is";
$replacements[] = $bbcode_tpl['url1'];

// [url]www.phpbb.com[/url] code.. (no xxxx:// prefix).
$patterns[] = "#\[url\]((www|ftp)\.([\w\-]+\.)*?[\w\-]+\.[a-z]{2,4}(:?[0-9]*?/[^ \"\n\r\t<]*)?)\[/url\]#is";
$replacements[] = $bbcode_tpl['url2'];

// [url=xxxx://www.phpbb.com]phpBB[/url] code..
$patterns[] = "#\[url=([\w]+?://.*?[^ \"\n\r\t<]*?)\](.*?)\[/url\]#is";
$replacements[] = $bbcode_tpl['url3'];

// [url=www.phpbb.com]phpBB[/url] code.. (no xxxx:// prefix).
$patterns[] = "#\[url=((www|ftp)\.([\w\-]+\.)*?[\w\-]+\.[a-z]{2,4}(:?[0-9]*?/[^ \"\n\r\t<]*)?)\](.*?)\[/url\]#is";
$replacements[] = $bbcode_tpl['url4'];

BUNUNLA DEĞİŞTİR (REPLACE WITH)

codeDivStart() $replacements[] = $bbcode_tpl['img'];

// matches a [url]xxxx://www.phpbb.com[/url] code..
$patterns[] = "#\[url\]([\w]+?://[^ \"\n\r\t<]*?)\[/url\]#is";
$replacements[] = $bbcode_tpl['url1'];

// [url]www.phpbb.com[/url] code.. (no xxxx:// prefix).
$patterns[] = "#\[url\]((www|ftp)\.[^ \"\n\r\t<]*?)\[/url\]#is";
$replacements[] = $bbcode_tpl['url2'];

// [url=xxxx://www.phpbb.com]phpBB[/url] code..
$patterns[] = "#\[url=([\w]+?://[^ \"\n\r\t<]*?)\](.*?)\[/url\]#is";
$replacements[] = $bbcode_tpl['url3'];

// [url=www.phpbb.com]phpBB[/url] code.. (no xxxx:// prefix).
$patterns[] = "#\[url=((www|ftp)\.[^ \"\n\r\t<]*?)\](.*?)\[/url\]#is";
$replacements[] = $bbcode_tpl['url4'];

BUL (FIND)

codeDivStart() // matches an "xxxx://yyyy" URL at the start of a line, or after a space.
// xxxx can only be alpha characters.
// yyyy is anything up to the first space, newline, comma, double quote or <
$ret = preg_replace("#(^|[\n ])([\w]+?://.*?[^ \"\n\r\t<]*)#is", "\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $ret);

// matches a "www|ftp.xxxx.yyyy[/zzzz]" kinda lazy URL thing
// Must contain at least 2 dots. xxxx contains either alphanum, or "-"
// zzzz is optional.. will contain everything up to the first space, newline,
// comma, double quote or <.
$ret = preg_replace("#(^|[\n ])((www|ftp)\.[\w\-]+\.[\w\-.\~]+(?:/[^ \"\t\n\r<]*)?)#is", "\\1<a href=\"http://\\2\" target=\"_blank\">\\2</a>", $ret);

BUNUNLA DEĞİŞTİR (REPLACE WITH)

codeDivStart() // matches an "xxxx://yyyy" URL at the start of a line, or after a space.
// xxxx can only be alpha characters.
// yyyy is anything up to the first space, newline, comma, double quote or <
$ret = preg_replace("#(^|[\n ])([\w]+?://[^ \"\n\r\t<]*)#is", "\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $ret);

// matches a "www|ftp.xxxx.yyyy[/zzzz]" kinda lazy URL thing
// Must contain at least 2 dots. xxxx contains either alphanum, or "-"
// zzzz is optional.. will contain everything up to the first space, newline,
// comma, double quote or <.
$ret = preg_replace("#(^|[\n ])((www|ftp)\.[^ \"\t\n\r<]*)#is", "\\1<a href=\"http://\\2\" target=\"_blank\">\\2</a>", $ret);

includes/functions_post.php

BUL (FIND)

codeDivStart() $tagallowed = (preg_match('#^<\/?' . $match_tag . ' .*?(style[\t ]*?=|on[\w]+[\t ]*?=)#i', $hold_string)) ? false : true;

BUNUNLA DEĞİŞTİR (REPLACE WITH)

codeDivStart() $tagallowed = (preg_match('#^<\/?' . $match_tag . ' .*?(style[ ]*?=|on[\w]+[ ]*?=)#i', $hold_string)) ? false : true;

BUL (FIND)

codeDivStart() if (!$end_html || ($end_html != strlen($message) && $tmp_message != ''))

BUNUNLA DEĞİŞTİR (REPLACE WITH)

codeDivStart() if ($end_html != strlen($message) && $tmp_message != '')

includes/functions_search.php

BUL (FIND)

codeDivStart() if ( $match_sql != '' )
{
$sql = "INSERT IGNORE INTO " . SEARCH_MATCH_TABLE . " (post_id, word_id, title_match)
SELECT $post_id, word_id, $title_match
FROM " . SEARCH_WORD_TABLE . "
WHERE word_text IN ($match_sql)";

BUNUNLA DEĞİŞTİR (REPLACE WITH)

codeDivStart() if ( $match_sql != '' )
{
$sql = "INSERT INTO " . SEARCH_MATCH_TABLE . " (post_id, word_id, title_match)
SELECT $post_id, word_id, $title_match
FROM " . SEARCH_WORD_TABLE . "
WHERE word_text IN ($match_sql)";

includes/page_header.php

BUL (FIND)

codeDivStart() $Id: page_header.php,v 1.106.2.20 2003/06/10 20:48:19 acydburn Exp $

BUNUNLA DEĞİŞTİR (REPLACE, WITH)

codeDivStart() $Id: page_header.php,v 1.106.2.22 2004/03/01 16:46:37 psotfx Exp $

includes/topic_review.php

BUL (FIND)

codeDivStart() if ( !($forum_row = $db->sql_fetchrow($result)) )
{
message_die(GENERAL_MESSAGE, 'Topic_post_not_exist');
}

ALTINA EKLE (AFTER, ADD)

codeDivStart() $db->sql_freeresult($result);

BUL (FIND)

codeDivStart() else
{
message_die(GENERAL_MESSAGE, 'Topic_post_not_exist', '', __LINE__, __FILE__, $sql);
}

ALTINA EKLE (AFTER, ADD)

codeDivStart() $db->sql_freeresult($result);

includes/usercp_register.php

BUL (FIND)

codeDivStart() $avatar_category = ( !empty($HTTP_POST_VARS['avatarcategory']) ) ? $HTTP_POST_VARS['avatarcategory'] : '';

BUNUNLA DEĞİŞTİR (REPLACE WITH)

codeDivStart() $avatar_category = ( !empty($HTTP_POST_VARS['avatarcategory']) ) ? htmlspecialchars($HTTP_POST_VARS['avatarcategory']) : '';

templates/subSilver/index_body.tpl

BUL (FIND)

codeDivStart() <table cellspacing="3" border="0" align="center" cellpadding="0">
<tr>
<td width="20" align="center"><img src="templates/subSilver/images/folder_new.gif" alt="{L_NEW_POSTS}"/></td>
<td><span class="gensmall">{L_NEW_POSTS}</span></td>
<td>  </td>
<td width="20" align="center"><img src="templates/subSilver/images/folder.gif" alt="{L_NO_NEW_POSTS}" /></td>
<td><span class="gensmall">{L_NO_NEW_POSTS}</span></td>
<td>  </td>
<td width="20" align="center"><img src="templates/subSilver/images/folder_lock.gif" alt="{L_FORUM_LOCKED}" /></td>
<td><span class="gensmall">{L_FORUM_LOCKED}</span></td>
</tr>
</table>

BUNUNLA DEĞİŞTİR (REPLACE WITH)

codeDivStart() <table cellspacing="3" border="0" align="center" cellpadding="0">
<tr>
<td width="20" align="center"><img src="templates/subSilver/images/folder_new_big.gif" alt="{L_NEW_POSTS}"/></td>
<td><span class="gensmall">{L_NEW_POSTS}</span></td>
<td>  </td>
<td width="20" align="center"><img src="templates/subSilver/images/folder_big.gif" alt="{L_NO_NEW_POSTS}" /></td>
<td><span class="gensmall">{L_NO_NEW_POSTS}</span></td>
<td>  </td>
<td width="20" align="center"><img src="templates/subSilver/images/folder_locked_big.gif" alt="{L_FORUM_LOCKED}" /></td>
<td><span class="gensmall">{L_FORUM_LOCKED}</span></td>
</tr>
</table>

Dosyaları değiştirdikten sonra www.phpbb.com 'dan yüklemiş olduğunuz phpBB2.0.7 klasörünün içindeki install klasörünü phpBB forumunuzun bulunduğu klasöre gönderin.Daha sonra http://domainadınız.com/phpBB_klasör_yolu/install/update_to_207.php dizinine ulaşın ve phpBB 2.0.6 nın veritabanını phpBB 2.0.7 ye güncelleştirin.Daha sonra install klasörünü silmeyi kesinlikle unutmayın.

DeJaVu · Kayıt: 06 Şubat 2004 Mesajlar: 25 Nerden: Mersin

2.0.6 da açıklar mı varki 2.0.7 deki dosyalarla değişeceğiz?

taNGo · Kayıt: 23 Haziran 2003 Mesajlar: 2563 Nerden: Geriden

evet, editlemelerde bir çok güvenlik açığının kapatılması mevcut.

Romulus · Kayıt: 23 Mart 2004 Mesajlar: 784 Nerden: Chicago

Esquare kardes en son kitani anliyamadim onu acikliya bilirmisin bi zahmet. BIde cogu hackler 2.0.6 icin onlari yaptiktan sonra mi upgrade yapalim?

taNGo · Kayıt: 23 Haziran 2003 Mesajlar: 2563 Nerden: Geriden

2.0.6 ya uyan hackleri 2.0.7 ve 2.0.8 dede kullanabilirsin.En son kıtada dediğim ise phpbb.com dan phpbb 2.0.8 i download edip sadece install klasörünü kendi phpBB dosyalarının bulunduğu yere atıp update_to_207.php yoluna gideceksin explorerden sonra install klasörünü sileceksin.

Romulus · Kayıt: 23 Mart 2004 Mesajlar: 784 Nerden: Chicago

COk sagol hallettim sonunda simdide modlari install edicem. allah senden razi olsun.

Romulus · Kayıt: 23 Mart 2004 Mesajlar: 784 Nerden: Chicago

baba ben bu safer hersey iyi olsun diye 2.0.7. iyi full package olarak upload ettim. Sonra install/update 2.0.7 filanda yazdim orda upgrade oldun dedi sonra gittim install klasorunu silmid... Foruma tekrar geldim simdi gene .....

Please ensure both the install/ and contrib/ directories are deleted

Bunu yaziyor..... Ama forum upgrade olmus...Bunu 2.0.8 icinde yaptim gene aynisini soyluyor.... Update yapar yapmaz hemen gitip install dosyalarini siliyorum Niye bunu yaziyor????

taNGo · Kayıt: 23 Haziran 2003 Mesajlar: 2563 Nerden: Geriden

install klasörü ile contrib klasörünüde silceksin.

Romulus · Kayıt: 23 Mart 2004 Mesajlar: 784 Nerden: Chicago

Evet sonradan farkettim Guzel kardesim yardimin icin cok tesekkurler....Insallah gene forumu silmem yaaa uffffffffffffffffffffffff.... Butun arkadaslar telefonla arayip kufur ediyorlar dursiler :(