Knowledge Base Navigation
Articles: 51 Categories: 8
KB Article: How to Update phpBB 2.0.9 to 2.0.10
Article: | How to Update phpBB 2.0.9 to 2.0.10 |
Submitted By: | Telli |
Date Added: | 07-19-2004 2:04:40 |
Hits: | 13,469 |
Mod like instructions for updating phpBBtonuke 2.0.9 to 2.0.10
These are the Changes from phpBB 2.0.9 to phpBB 2.0.10 summed up into a little Mod. This might be very helpful if you want to update your Board and have installed a bunch of Mods. Then it's normally easier to apply the Code Changes than to install all Mods again. When you find a 'AFTER, ADD'-Statement, the Code have to be added after the last line quoted in the 'FIND'-Statement. When you find a 'BEFORE, ADD'-Statement, the Code have to be added before the first line quoted in the 'FIND'-Statement. When you find a 'REPLACE WITH'-Statement, the Code quoted in the 'FIND'-Statement have to be replaced completely with the quoted Code in the 'REPLACE WITH'-Statement. When you find a 'DELETE'-Statement, the Code have to be deleted. After you have finished this tutorial, you have to upload the update_to_210.php file, execute it modules.php?name=Forums&file=update_to_210 and then delete it from your webspace. The update_to_210 is located in the download at the bottom of this tutorial. Ok, lets start: [*]modules/Forums/common.php [*]FIND - Line 43 // Unset globally registered vars - PHP5 ... hhmmm if (@$ini_val('register_globals') == '1' || strtolower(@$ini_val('register_globals')) == 'on') { $var_prefix = 'HTTP'; $var_suffix = '_VARS'; $test = array('_GET', '_POST', '_SERVER', '_COOKIE', '_ENV'); foreach ($test as $var) { if (is_array(${$var_prefix . $var . $var_suffix})) { unset_vars(${$var_prefix . $var . $var_suffix}); } if (is_array(${$var})) { unset_vars(${$var}); } } if (is_array(${'_FILES'})) { unset_vars(${'_FILES'}); } if (is_array(${'HTTP_POST_FILES'})) { unset_vars(${'HTTP_POST_FILES'}); } } REPLACE WITH // Unset globally registered vars - PHP5 ... hhmmm if (@$ini_val('register_globals') == '1' || strtolower(@$ini_val('register_globals')) == 'on') { $var_prefix = 'HTTP'; $var_suffix = '_VARS'; $test = array('_GET', '_POST', '_SERVER', '_COOKIE', '_ENV'); foreach ($test as $var) { if (is_array(${$var_prefix . $var . $var_suffix})) { unset_vars(${$var_prefix . $var . $var_suffix}); @reset(${$var_prefix . $var . $var_suffix}); } if (is_array(${$var})) { unset_vars(${$var}); @reset(${$var}); } } if (is_array(${'_FILES'})) { unset_vars(${'_FILES'}); @reset(${'_FILES'}); } if (is_array(${'HTTP_POST_FILES'})) { unset_vars(${'HTTP_POST_FILES'}); @reset(${'HTTP_POST_FILES'}); } } // PHP5 with register_long_arrays off? if (!isset($HTTP_POST_VARS) && isset($_POST)) { $HTTP_POST_VARS = $_POST; $HTTP_GET_VARS = $_GET; $HTTP_SERVER_VARS = $_SERVER; $HTTP_COOKIE_VARS = $_COOKIE; $HTTP_ENV_VARS = $_ENV; $HTTP_POST_FILES = $_FILES; } There was one bug introduced by a security fix in 2.0.9 making submitting board settings with single quotes (for example the board description) buggy. This has been fixed by the following change: [*]modules/Forums/admin/admin_board.php [*]FIND - Line 46 $default_config[$config_name] = str_replace("'", "\'", $config_value); REPLACE WITH $default_config[$config_name] = isset($HTTP_POST_VARS['submit']) ? str_replace("'", "\'", $config_value) : $config_value; There was a problem caused by the unsetting of global vars. Because the style system itself makes two variables global, deleting styles no longer worked. To fix this problem, the following change is necessary: [*]modules/Forums/admin/admin_styles.php [*]FIND - Line 49 require('./pagestart.' . $phpEx); AFTER, ADD $confirm = ( isset($HTTP_POST_VARS['confirm']) ) ? TRUE : FALSE; $cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? TRUE : FALSE; Some users reported problems with the jumpbox not working within the moderator control panel. The fix: [*]includes/functions.php [*]This first change is not part of the phpbb changelog but is a change that should have been performed previously but got left out. Thanks to chatserv for the fix. FIND - Line 119 function get_userdata($user) { global $db; REPLACE WITH // // Get Userdata, $user can be username or user_id. If force_str is true, the username will be forced. // function get_userdata($user, $force_str = false) { global $db; if (intval($user) == 0 || $force_str) { $user = trim(htmlspecialchars($user)); $user = substr(str_replace("\\'", "'", $user), 0, 25); $user = str_replace("'", "\\'", $user); } else { $user = intval($user); } FIND - Line 190 if ( !empty($SID) ) { $boxstring .= '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />'; } REPLACE WITH // Let the jumpbox work again in sites having additional session id checks. // if ( !empty($SID) ) // { $boxstring .= '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />'; // } Amit Klein and Ory Segal reported a vulnerability with redirects (Apache users are not affected by this), which is fixed by these changes: [*]includes/functions.php [*]FIND - Line 743 if (!empty($db)) { $db->sql_close(); } AFTER, ADD if (strstr(urldecode($url), "\n") || strstr(urldecode($url), "\r")) { message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.'); } [*]modules/Forums/login.php [*]FIND - Line 96 $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : ''; $redirect = str_replace('?', '&', $redirect); AFTER, ADD if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r")) { message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.'); } [*]FIND - Line 116 $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : ""; $redirect = str_replace("?", "&", $redirect); AFTER, ADD if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r")) { message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.'); } Searching for authors sometimes lead to no results, even if the author existed. This is due to special chars within the username, now searching for these is working correctly: [*]modules/Forums/search.php [*]FIND - Line 62 $search_author = ( isset($HTTP_POST_VARS['search_author']) ) ? $HTTP_POST_VARS['search_author'] : $HTTP_GET_VARS['search_author']; AFTER, ADD $search_author = htmlspecialchars($search_author); If your Forums are not heavily modded you can use the premodded files located here: [ Register or login to view links on this board. ] |
Current rating: 8.22 by 169 users
Please take one second and rate this article... |
Not a Chance | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | Absolutely |
Please register or sign-in to post comments.