Обновляем форум BBtoNuke с версии 2.0.19 до 2.0.20

Открываем modules/Forums/admin/admin_board.php

Находим (52):
$cookie_name = str_replace('.', '_', $new['cookie_name']);
}

Заменяем на:
$new['cookie_name'] = str_replace('.', '_', $new['cookie_name']);
}
// Attempt to prevent a common mistake with this value,
// http:// is the protocol and not part of the server name
if ($config_name == 'server_name')
{
$new['server_name'] = str_replace('http://', '', $new['server_name']);
}

Находим(197):
"L_DISABLED" => $lang['Disabled'],
"L_ABILITIES_SETTINGS" => $lang['Abilities_settings'],
"L_MAX_POLL_OPTIONS" => $lang['Max_poll_options'],
"L_FLOOD_INTERVAL" => $lang['Flood_Interval'],
"L_FLOOD_INTERVAL_EXPLAIN" => $lang['Flood_Interval_explain'],

Ниже добавляем:
"L_SEARCH_FLOOD_INTERVAL" => $lang['Search_Flood_Interval'],
"L_SEARCH_FLOOD_INTERVAL_EXPLAIN" => $lang['Search_Flood_Interval_explain'],

Находим (285):
'AUTOLOGIN_TIME' => (int) $new['max_autologin_time'],
"BOARD_EMAIL_FORM_ENABLE" => $board_email_form_yes,
"BOARD_EMAIL_FORM_DISABLE" => $board_email_form_no,
"MAX_POLL_OPTIONS" => $new['max_poll_options'],
"FLOOD_INTERVAL" => $new['flood_interval'],

Ниже добавляем:
"SEARCH_FLOOD_INTERVAL" => $new['search_flood_interval'],

Открываем modules/Forums/admin/admin_db_utilities.php
Находим (507):
unset($schema_vals);
unset($schema_fields);
unset($schema_insert);

Заменяем на:
$schema_vals = '';
$schema_fields = '';
$schema_insert = '';

Находим (519):
if ($empty($strVal))
Замените на:
if (empty($strVal))
Открываем modules/Forums/admin/admin_forums.php
Найдите (42):
"auth_post" => AUTH_ALL,
"auth_reply" => AUTH_ALL,

Замените на:
"auth_post" => AUTH_REG,
"auth_reply" => AUTH_REG,

Открываем modules/Forums/admin/admin_groups.php
Найдите (107):
$sql = "SELECT user_id, username
FROM " . USERS_TABLE . "
WHERE user_id <> " . ANONYMOUS . "
ORDER BY username";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain user info for moderator list', '', __LINE__, __FILE__, $sql);
}
while ( $row = $db->sql_fetchrow($result) )
{
if ( $row['user_id'] == $group_info['group_moderator'] )
{
$group_moderator = $row['username'];
}

Замените на:
if ($group_info['group_moderator'] != '')
{
$sql = "SELECT user_id, username
FROM " . USERS_TABLE . "
WHERE user_id = " . $group_info['group_moderator'];
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain user info for moderator list', '', __LINE__, __FILE__, $sql);
}
if ( !($row = $db->sql_fetchrow($result)) )
{
message_die(GENERAL_ERROR, 'Could not obtain user info for moderator list', '', __LINE__, __FILE__, $sql);
}
$group_moderator = $row['username'];
}
else
{
$group_moderator = '';

Найдите (259):
$group_name = isset($HTTP_POST_VARS['group_name']) ? trim($HTTP_POST_VARS['group_name']) : '';
Замените на:
$group_name = isset($HTTP_POST_VARS['group_name']) ? htmlspecialchars(trim($HTTP_POST_VARS['group_name'])) : '';

Открываем modules/Forums/admin/admin_ranks.php
Найдите и удалите (22):
define('IN_PHPBB', 1);
Найдите(25):
{
$file = basename(__FILE__);
$module['Users']['Ranks'] = $file;
return;
}

Ниже добавьте:
define('IN_PHPBB', 1);
Найдите (41):
$mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
Замените на:
$mode = (isset($HTTP_GET_VARS['mode'])) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
Найдите (58):
{
$mode = "";
}
}

Ниже добавьте:
// Restrict mode input to valid options
$mode = ( in_array($mode, array('add', 'edit', 'save', 'delete')) ) ? $mode : '';
Найдите (214):
}
else
{
$rank_id = 0;
}
if( $rank_id )

Замените на:
}
else
{
$rank_id = 0;
}
$confirm = isset($HTTP_POST_VARS['confirm']);
if( $rank_id && $confirm )

Найдите (245):
else
{
message_die(GENERAL_MESSAGE, $lang['Must_select_rank']);
}
}
else
{
//
// They didn't feel like giving us any information. Oh, too bad, we'll just display the
// list then...
//
$template->set_filenames(array(
"body" => "admin/ranks_list_body.tpl")
);
$sql = "SELECT * FROM " . RANKS_TABLE . "
ORDER BY rank_min, rank_title";
if( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't obtain ranks data", "", __LINE__, __FILE__, $sql);
}
$rank_rows = $db->sql_fetchrowset($result);
$rank_count = count($rank_rows);
$template->assign_vars(array(
"L_RANKS_TITLE" => $lang['Ranks_title'],
"L_RANKS_TEXT" => $lang['Ranks_explain'],
"L_RANK" => $lang['Rank_title'],
"L_RANK_MINIMUM" => $lang['Rank_minimum'],
"L_SPECIAL_RANK" => $lang['Special_rank'],
"L_EDIT" => $lang['Edit'],
"L_DELETE" => $lang['Delete'],
"L_ADD_RANK" => $lang['Add_new_rank'],
"L_ACTION" => $lang['Action'],
"S_RANKS_ACTION" => append_sid("admin_ranks.$phpEx"))
);
for( $i = 0; $i < $rank_count; $i++)
{
$rank = $rank_rows[$i]['rank_title'];
$special_rank = $rank_rows[$i]['rank_special'];
$rank_id = $rank_rows[$i]['rank_id'];
$rank_min = $rank_rows[$i]['rank_min'];
if($special_rank)
{
$rank_min = $rank_max = "-";
}
$row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
$row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];
$template->assign_block_vars("ranks", array(
"ROW_COLOR" => "#" . $row_color,
"ROW_CLASS" => $row_class,
"RANK" => $rank,
"RANK_MIN" => $rank_min,
"SPECIAL_RANK" => ( $special_rank == 1 ) ? $lang['Yes'] : $lang['No'],
"U_RANK_EDIT" => append_sid("admin_ranks.$phpEx?mode=edit&amp;id=$rank_id"),
"U_RANK_DELETE" => append_sid("admin_ranks.$phpEx?mode=delete&amp;id=$rank_id"))
);
}
}
}
else
{
//
// Show the default page
//
$template->set_filenames(array(
"body" => "admin/ranks_list_body.tpl")
);
$sql = "SELECT * FROM " . RANKS_TABLE . "
ORDER BY rank_min ASC, rank_special ASC";
if( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't obtain ranks data", "", __LINE__, __FILE__, $sql);
}
$rank_count = $db->sql_numrows($result);
$rank_rows = $db->sql_fetchrowset($result);
$template->assign_vars(array(
"L_RANKS_TITLE" => $lang['Ranks_title'],
"L_RANKS_TEXT" => $lang['Ranks_explain'],
"L_RANK" => $lang['Rank_title'],
"L_RANK_MINIMUM" => $lang['Rank_minimum'],
"L_SPECIAL_RANK" => $lang['Rank_special'],
"L_EDIT" => $lang['Edit'],
"L_DELETE" => $lang['Delete'],
"L_ADD_RANK" => $lang['Add_new_rank'],
"L_ACTION" => $lang['Action'],
"S_RANKS_ACTION" => append_sid("admin_ranks.$phpEx"))
);
for($i = 0; $i < $rank_count; $i++)
{
$rank = $rank_rows[$i]['rank_title'];
$special_rank = $rank_rows[$i]['rank_special'];
$rank_id = $rank_rows[$i]['rank_id'];
$rank_min = $rank_rows[$i]['rank_min'];
if( $special_rank == 1 )
{
$rank_min = $rank_max = "-";
}
$row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
$row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];
$rank_is_special = ( $special_rank ) ? $lang['Yes'] : $lang['No'];
$template->assign_block_vars("ranks", array(
"ROW_COLOR" => "#" . $row_color,
"ROW_CLASS" => $row_class,
"RANK" => $rank,
"SPECIAL_RANK" => $rank_is_special,
"RANK_MIN" => $rank_min,
"U_RANK_EDIT" => append_sid("admin_ranks.$phpEx?mode=edit&amp;id=$rank_id"),
"U_RANK_DELETE" => append_sid("admin_ranks.$phpEx?mode=delete&amp;id=$rank_id"))
);
}

Замените на:
elseif( $rank_id && !$confirm)
{
// Present the confirmation screen to the user
$template->set_filenames(array(
'body' => 'admin/confirm_body.tpl')
);
$hidden_fields = '<input type="hidden" name="mode" value="delete" /><input type="hidden" name="id" value="' . $rank_id . '" />';
$template->assign_vars(array(
'MESSAGE_TITLE' => $lang['Confirm'],
'MESSAGE_TEXT' => $lang['Confirm_delete_rank'],
'L_YES' => $lang['Yes'],
'L_NO' => $lang['No'],
'S_CONFIRM_ACTION' => append_sid("admin_ranks.$phpEx"),
'S_HIDDEN_FIELDS' => $hidden_fields)
);
}
else
{
message_die(GENERAL_MESSAGE, $lang['Must_select_rank']);
}
}
$template->pparse("body");
include('./page_footer_admin.'.$phpEx);
}
//
// Show the default page
//
$template->set_filenames(array(
"body" => "admin/ranks_list_body.tpl")
);
$sql = "SELECT * FROM " . RANKS_TABLE . "
ORDER BY rank_min ASC, rank_special ASC";
if( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't obtain ranks data", "", __LINE__, __FILE__, $sql);
}
$rank_count = $db->sql_numrows($result);
$rank_rows = $db->sql_fetchrowset($result);
$template->assign_vars(array(
"L_RANKS_TITLE" => $lang['Ranks_title'],
"L_RANKS_TEXT" => $lang['Ranks_explain'],
"L_RANK" => $lang['Rank_title'],
"L_RANK_MINIMUM" => $lang['Rank_minimum'],
"L_SPECIAL_RANK" => $lang['Rank_special'],
"L_EDIT" => $lang['Edit'],
"L_DELETE" => $lang['Delete'],
"L_ADD_RANK" => $lang['Add_new_rank'],
"L_ACTION" => $lang['Action'],

"S_RANKS_ACTION" => append_sid("admin_ranks.$phpEx"))
);
for($i = 0; $i < $rank_count; $i++)
{
$rank = $rank_rows[$i]['rank_title'];
$special_rank = $rank_rows[$i]['rank_special'];
$rank_id = $rank_rows[$i]['rank_id'];
$rank_min = $rank_rows[$i]['rank_min'];

if( $special_rank == 1 )
{
$rank_min = $rank_max = "-";
}
$row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
$row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];
$rank_is_special = ( $special_rank ) ? $lang['Yes'] : $lang['No'];

$template->assign_block_vars("ranks", array(
"ROW_COLOR" => "#" . $row_color,
"ROW_CLASS" => $row_class,
"RANK" => $rank,
"SPECIAL_RANK" => $rank_is_special,
"RANK_MIN" => $rank_min,
"U_RANK_EDIT" => append_sid("admin_ranks.$phpEx?mode=edit&amp;id=$rank_id"),
"U_RANK_DELETE" => append_sid("admin_ranks.$phpEx?mode=delete&amp;id=$rank_id"))
);

Открываем modules/Forums/admin/admin_smilies.php
Найдите (319):
$sql = "DELETE FROM " . SMILIES_TABLE . "
WHERE smilies_id = " . $smiley_id;
$result = $db->sql_query($sql);
if( !$result )
{
message_die(GENERAL_ERROR, "Couldn't delete smiley", "", __LINE__, __FILE__, $sql);
}
$message = $lang['smiley_del_success'] . "<br /><br />" . sprintf($lang['Click_return_smileadmin'], "<a href=\"" . append_sid("admin_smilies.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");
message_die(GENERAL_MESSAGE, $message);

Замените на:
$confirm = isset($HTTP_POST_VARS['confirm']);
if( $confirm )
{
$sql = "DELETE FROM " . SMILIES_TABLE . "
WHERE smilies_id = " . $smiley_id;
$result = $db->sql_query($sql);
if( !$result )
{
message_die(GENERAL_ERROR, "Couldn't delete smiley", "", __LINE__, __FILE__, $sql);
}
$message = $lang['smiley_del_success'] . "<br /><br />" . sprintf($lang['Click_return_smileadmin'], "<a href=\"" . append_sid("admin_smilies.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");
message_die(GENERAL_MESSAGE, $message);
}
else
{
// Present the confirmation screen to the user
$template->set_filenames(array(
'body' => 'admin/confirm_body.tpl')
);
$hidden_fields = '<input type="hidden" name="mode" value="delete" /><input type="hidden" name="id" value="' . $smiley_id . '" />';
$template->assign_vars(array(
'MESSAGE_TITLE' => $lang['Confirm'],
'MESSAGE_TEXT' => $lang['Confirm_delete_smiley'],
'L_YES' => $lang['Yes'],
'L_NO' => $lang['No'],
'S_CONFIRM_ACTION' => append_sid("admin_smilies.$phpEx"),
'S_HIDDEN_FIELDS' => $hidden_fields)
);
$template->pparse('body');
}

Найдите (430):
$smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? trim($HTTP_POST_VARS['smile_code']) : trim($HTTP_GET_VARS['smile_code']);
$smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? trim($HTTP_POST_VARS['smile_url']) : trim($HTTP_GET_VARS['smile_url']);
$smile_url = phpbb_ltrim(basename($smile_url), "'");
$smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? trim($HTTP_POST_VARS['smile_emotion']) : trim($HTTP_GET_VARS['smile_emotion']);
$smile_id = ( isset($HTTP_POST_VARS['smile_id']) ) ? intval($HTTP_POST_VARS['smile_id']) : intval($HTTP_GET_VARS['smile_id']);

Замените на:
$smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? trim($HTTP_POST_VARS['smile_code']) : '';
$smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? trim($HTTP_POST_VARS['smile_url']) : '';
$smile_url = phpbb_ltrim(basename($smile_url), "'");
$smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? htmlspecialchars(trim($HTTP_POST_VARS['smile_emotion'])) : '';
$smile_id = ( isset($HTTP_POST_VARS['smile_id']) ) ? intval($HTTP_POST_VARS['smile_id']) : 0;
$smile_code = trim($smile_code);
$smile_url = trim($smile_url);

Найдите:
$smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? $HTTP_POST_VARS['smile_code'] : $HTTP_GET_VARS['smile_code'];
$smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : $HTTP_GET_VARS['smile_url'];
$smile_url = phpbb_ltrim(basename($smile_url), "'");
$smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? $HTTP_POST_VARS['smile_emotion'] : $HTTP_GET_VARS['smile_emotion'];
$smile_code = trim($smile_code);
$smile_url = trim($smile_url);
$smile_emotion = trim($smile_emotion);

Замените на:
$smile_code = ( isset($HTTP_POST_VARS['smile_code']) ) ? $HTTP_POST_VARS['smile_code'] : '';
$smile_url = ( isset($HTTP_POST_VARS['smile_url']) ) ? $HTTP_POST_VARS['smile_url'] : '';
$smile_url = phpbb_ltrim(basename($smile_url), "'");
$smile_emotion = ( isset($HTTP_POST_VARS['smile_emotion']) ) ? htmlspecialchars(trim($HTTP_POST_VARS['smile_emotion'])) : '';
$smile_code = trim($smile_code);
$smile_url = trim($smile_url);

Открываем modules/Forums/admin/admin_users.php
Найдите (254):
$user_style = ( $HTTP_POST_VARS['style'] ) ? intval( $HTTP_POST_VARS['style'] ) : $board_config['default_style'];
$user_lang = ( $HTTP_POST_VARS['language'] ) ? $HTTP_POST_VARS['language'] : $board_config['default_lang'];
$user_timezone = ( isset( $HTTP_POST_VARS['timezone']) ) ? doubleval( $HTTP_POST_VARS['timezone'] ) : $board_config['board_timezone'];
$user_template = ( $HTTP_POST_VARS['template'] ) ? $HTTP_POST_VARS['template'] : $board_config['board_template'];

Замените на:
$user_style = ( isset( $HTTP_POST_VARS['style'] ) ) ? intval( $HTTP_POST_VARS['style'] ) : $board_config['default_style'];
$user_lang = ( $HTTP_POST_VARS['language'] ) ? $HTTP_POST_VARS['language'] : $board_config['default_lang'];
$user_timezone = ( isset( $HTTP_POST_VARS['timezone']) ) ? doubleval( $HTTP_POST_VARS['timezone'] ) : $board_config['board_timezone'];

Найдите (698):

$message .= $lang['Admin_user_updated'];
}
else
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Admin_user_fail'];

Замените на:
// We remove all stored login keys since the password has been updated
// and change the current one (if applicable)
if ( !empty($passwd_sql) )
{
session_reset_keys($user_id, $user_ip);
}

$message .= $lang['Admin_user_updated'];
}
else
{
message_die(GENERAL_ERROR, 'Admin_user_fail', '', __LINE__, __FILE__, $sql);

Открываем modules/Forums/admin/admin_words.php
Найдите и удалите (22):
define('IN_PHPBB', 1);
Найдите (24):
{
$file = basename(__FILE__);
$module['General']['Word_Censor'] = $file;
return;
}
Ниже добавьте:
define('IN_PHPBB', 1);
Найдите (39):
$mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
Замените на:
$mode = (isset($HTTP_GET_VARS['mode'])) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
Найдите (56):
{
$mode = "";
}
}

Ниже добавьте:
// Restrict mode input to valid options
$mode = ( in_array($mode, array('add', 'edit', 'save', 'delete')) ) ? $mode : '';
Найдите (68):
$template->set_filenames(array(
"body" => "admin/words_edit_body.tpl")
);

Ниже добавьте:
$word_info = array('word' => '', 'replacement' => '');
Найдите (155):
else
{
$word_id = 0;
}
if( $word_id )

Замените на:
else
{
$word_id = 0;
}
$confirm = isset($HTTP_POST_VARS['confirm']);
if( $word_id && $confirm )

Найдите (168):
}
$message = $lang['Word_removed'] . "<br /><br />" . sprintf($lang['Click_return_wordadmin'], "<a href=\"" . append_sid("admin_words.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");
message_die(GENERAL_MESSAGE, $message);

Ниже добавьте:
}
elseif( $word_id && !$confirm)
{
// Present the confirmation screen to the user
$template->set_filenames(array(
'body' => 'admin/confirm_body.tpl')
);
$hidden_fields = '<input type="hidden" name="mode" value="delete" /><input type="hidden" name="id" value="' . $word_id . '" />';
$template->assign_vars(array(
'MESSAGE_TITLE' => $lang['Confirm'],
'MESSAGE_TEXT' => $lang['Confirm_delete_word'],
'L_YES' => $lang['Yes'],
'L_NO' => $lang['No'],
'S_CONFIRM_ACTION' => append_sid("admin_words.$phpEx"),
'S_HIDDEN_FIELDS' => $hidden_fields)
);

Найдите (211):
{
message_die(GENERAL_ERROR, "Could not query words table", $lang['Error'], __LINE__, __FILE__, $sql);
}
$word_rows = $db->sql_fetchrowset($result);

Ниже добавьте:
$db->sql_freeresult($result);
Открываем modules/Forums/admin/page_header_admin.php
Находим (138):
$template->pparse('header');
Выше добавляем:
// Work around for "current" Apache 2 + PHP module which seems to not
// cope with private cache control setting
if (!empty($HTTP_SERVER_VARS['SERVER_SOFTWARE']) && strstr($HTTP_SERVER_VARS['SERVER_SOFTWARE'], 'Apache/2'))
{
header ('Cache-Control: no-cache, pre-check=0, post-check=0');
}
else
{
header ('Cache-Control: private, pre-check=0, post-check=0, max-age=0');
}
header ('Expires: 0');
header ('Pragma: no-cache');

Открываем modules/Forums/common.php
Находим (169):
$userdata = array();
$theme = array();
$images = array();
$lang = array();
$nav_links = array();
Ниже добавляем:
$dss_seeded = false;
Открываем db/mssql.php
Находим (292):
$row[$key] = stripslashes($value);
Замените на:
$row[$key] = ($value === ' ') ? '' : stripslashes($value);
Найдите (320):
$rowset[$i][$key] = stripslashes($value);
Замените на:
$rowset[$i][$key] = ($value === ' ') ? '' : stripslashes($value);
Найдите (259):
$result = stripslashes($this->row[$query_id][$field]);
Замените на:
$result = ($this->row[$query_id][$field] === ' ') ? '' : stripslashes($this->row[$query_id][$field]);
Открываем includes/auth.php
Найдите (276):
{
for($k = 0; $k < count($f_access); $k++)
{
$value = $f_access[$k][$key];
$f_forum_id = $f_access[$k]['forum_id'];

Ниже добавьте:
$u_access[$f_forum_id] = isset($u_access[$f_forum_id]) ? $u_access[$f_forum_id] : array();
Найдите (325):
else
{
for($k = 0; $k < count($f_access); $k++)
{
$f_forum_id = $f_access[$k]['forum_id'];

Ниже добавьте:
$u_access[$f_forum_id] = isset($u_access[$f_forum_id]) ? $u_access[$f_forum_id] : array();
Открываем includes/bbcode.php
Найдите (198):
$patterns[] = "#\[img:$uid\]([^?].*?)\[/img:$uid\]#i";
$replacements[] = $bbcode_tpl['img'];
// matches a xxxx://www.phpbb.com code..
$patterns[] = "#\[url\]([\w]+?://([\w\#$%&~/.\-;:=,?@\]+]|\[(?!url=))*?)\[/url\]#is";
$replacements[] = $bbcode_tpl['url1'];
// www.phpbb.com code.. (no xxxx:// prefix).
$patterns[] = "#\[url\]((www|ftp)\.([\w\#$%&~/.\-;:=,?@\]+]|\[(?!url=))*?)\[/url\]#is";

Замените на:
$patterns[] = "#\[img:$uid\]([^?](?:[^\[]+|\[(?!url))*?)\[/img:$uid\]#i";
$replacements[] = $bbcode_tpl['img'];
// matches a xxxx://www.phpbb.com code..
$patterns[] = "#\[url\]([\w]+?://([\w\#$%&~/.\-;:=,?@\]+]+|\[(?!url=))*?)\[/url\]#is";
$replacements[] = $bbcode_tpl['url1'];
// www.phpbb.com code.. (no xxxx:// prefix).
$patterns[] = "#\[url\]((www|ftp)\.([\w\#$%&~/.\-;:=,?@\]+]+|\[(?!url=))*?)\[/url\]#is";
Найдите (237):
$uid = md5(mt_rand());
Замените на:
$uid = dss_rand();
Открываем includes/functions.php
Найдите (142):

}
return $str;
}

Ниже добавьте: (изменено)
/**
* Our own generator of random values
* This uses a constantly changing value as the base for generating the values
* The board wide setting is updated once per page if this code is called
* With thanks to Anthrax101 for the inspiration on this one
* Added in phpBB 2.0.20
*/
function dss_rand()
{
global $db, $board_config, $dss_seeded;
$val = $board_config['rand_seed'] . microtime();
$val = md5($val);
$board_config['rand_seed'] = md5($board_config['rand_seed'] . $val . 'a');

if($dss_seeded !== true)
{
$sql = "UPDATE " . CONFIG_TABLE . " SET
config_value = '" . $board_config['rand_seed'] . "'
WHERE config_name = 'rand_seed'";

if( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Unable to reseed PRNG", "", __LINE__, __FILE__, $sql);
}
$dss_seeded = true;
}
return substr($val, 4, 16);
}
Найдите (419):
message_die(CRITICAL_ERROR, "Could not get theme data for themes_id [$style]");
Замените на:
// We are trying to setup a style which does not exist in the database
// Try to fallback to the board default (if the user had a custom style)
// and then any users using this style to the default if it succeeds
if ( $style != $board_config['default_style'])
{
$sql = 'SELECT *
FROM ' . THEMES_TABLE . '
WHERE themes_id = ' . $board_config['default_style'];
if ( !($result = $db->sql_query($sql)) )
{
message_die(CRITICAL_ERROR, 'Could not query database for theme info');
}
if ( $row = $db->sql_fetchrow($result) )
{
$db->sql_freeresult($result);
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_style = ' . $board_config['default_style'] . "
WHERE user_style = $style";
if ( !($result = $db->sql_query($sql)) )
{
message_die(CRITICAL_ERROR, 'Could not update user theme info');
}
}
else
{
message_die(CRITICAL_ERROR, "Could not get theme data for themes_id [$style]");
}
}
else
{
message_die(CRITICAL_ERROR, "Could not get theme data for themes_id [$style]");
}

Найдите (725):
$debug_text .= '</br /><br />Line : ' . $err_line . '<br />File : ' . basename($err_file);
Замените на:
$debug_text .= '<br /><br />Line : ' . $err_line . '<br />File : ' . basename($err_file);
Найдите (752):
if ( empty($template) )
{
$ThemeSel = get_theme();
if (file_exists("themes/$ThemeSel/forums/".$board_config['board_template']."/index_body.tpl")) {
$template = new Template("themes/$ThemeSel/forums/".$board_config['board_template']."");
} else {
$template = new Template($phpbb_root_path . 'templates/' . $board_config['board_template']);
}
}
if ( empty($theme) )
Замените на:
if ( empty($template) || empty($theme) )

Открываем includes/functions_post.php
Находим (51):
$allowed_html_tags = split(',', $board_config['allow_html_tags']);
$end_html = 0;
$start_html = 1;
$tmp_message = '';
$message = ' ' . $message . ' ';
while ($start_html = strpos($message, '<', $start_html))
{
$tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1, ($start_html - $end_html - 1)));
if ($end_html = strpos($message, '>', $start_html))
{
$length = $end_html - $start_html + 1;
$hold_string = substr($message, $start_html, $length);
if (($unclosed_open = strrpos(' ' . $hold_string, '<')) != 1)
{
$tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($hold_string, 0, $unclosed_open - 1));
$hold_string = substr($hold_string, $unclosed_open - 1);
}
$tagallowed = false;
for ($i = 0; $i < sizeof($allowed_html_tags); $i++)
{
$match_tag = trim($allowed_html_tags[$i]);
if (preg_match('#^<\/?' . $match_tag . '[> ]#i', $hold_string))
{
$tagallowed = (preg_match('#^<\/?' . $match_tag . ' .*?(style[\t ]*?=|on[\w]+[\t ]*?=)#i', $hold_string)) ? false : true;
}
}
$tmp_message .= ($length && !$tagallowed) ? preg_replace($html_entities_match, $html_entities_replace, $hold_string) : $hold_string;
$start_html += $length;
}
else
{
$tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $start_html, strlen($message)));
$start_html = strlen($message);
$end_html = $start_html;
}
}
if (!$end_html || ($end_html != strlen($message) && $tmp_message != ''))
{
$tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1));
}
$message = ($tmp_message != '') ? trim($tmp_message) : trim($message);

Заменяем на: (изменено)
// If HTML is on, we try to make it safe
// This approach is quite agressive and anything that does not look like a valid tag
// is going to get converted to HTML entities
$message = stripslashes($message);
$html_match = '#<[^\w<]*(\w+)((?:"[^"]*"|\'[^\']*\'|[^<>\'"])+)?>#';
$matches = array();
$message_split = preg_split($html_match, $message);
preg_match_all($html_match, $message, $matches);
$message = '';
foreach ($message_split as $part)
{
$tag = array(array_shift($matches[0]), array_shift($matches[1]), array_shift($matches[2]));
$message .= htmlspecialchars($part) . clean_html($tag);
}
$message = addslashes($message);
$message = str_replace('&quot;', '\&quot;', $message);

Находим (161):
$temp_option_text[$option_id] = htmlspecialchars($option_text);
Заменяем на:
$temp_option_text[intval($option_id)] = htmlspecialchars($option_text);
Находим (824):
include("includes/page_tail_review.php");
}
}

Ниже добавьте:
/**
* Called from within prepare_message to clean included HTML tags if HTML is
* turned on for that post
* @param array $tag Matching text from the message to parse
*/
function clean_html($tag)
{
global $board_config;
if (empty($tag[0]))
{
return '';
}
$allowed_html_tags = preg_split('/, */', strtolower($board_config['allow_html_tags']));
$disallowed_attributes = '/^(?:style|on)/i';
// Check if this is an end tag
preg_match('/<[^\w\/]*\/[\W]*(\w+)/', $tag[0], $matches);
if (sizeof($matches))
{
if (in_array(strtolower($matches[1]), $allowed_html_tags))
{
return '</' . $matches[1] . '>';
}
else
{
return htmlspecialchars('</' . $matches[1] . '>');
}
}
// Check if this is an allowed tag
if (in_array(strtolower($tag[1]), $allowed_html_tags))
{
$attributes = '';
if (!empty($tag[2]))
{
preg_match_all('/[\W]*?(\w+)[\W]*?=[\W]*?(["\'])((?:(?!\2).)*)\2/', $tag[2], $test);
for ($i = 0; $i < sizeof($test[0]); $i++)
{
if (preg_match($disallowed_attributes, $test[1][$i]))
{
continue;
}
$attributes .= ' ' . $test[1][$i] . '=' . $test[2][$i] . str_replace(array('[', ']'), array('[', ']'), htmlspecialchars($test[3][$i])) . $test[2][$i];
}
}
if (in_array(strtolower($tag[1]), $allowed_html_tags))
{
return '<' . $tag[1] . $attributes . '>';
}
else
{
return htmlspecialchars('<' . $tag[1] . $attributes . '>');
}
}
// Finally, this is not an allowed tag so strip all the attibutes and escape it
else
{
return htmlspecialchars('<' . $tag[1] . '>');
}
}

Открываем modules/Forums/prune.php
Находим (72):
function prune($forum_id, $prune_date, $prune_all = false)
{
global $db, $lang;

Ниже добавляем:
// Before pruning, lets try to clean up the invalid topic entries
$sql = 'SELECT topic_id FROM ' . TOPICS_TABLE . '
WHERE topic_last_post_id = 0';
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain lists of topics to sync', '', __LINE__, __FILE__, $sql);
}
while( $row = $db->sql_fetchrow($result) )
{
sync('topic', $row['topic_id']);
}
$db->sql_freeresult($result);
Находим (98):
AND ( p.post_id = t.topic_last_post_id
OR t.topic_last_post_id = '0' )";

Заменяем на:
AND p.post_id = t.topic_last_post_id";
Открываем modules/Forums/sessions.php
Находим (183):
list($sec, $usec) = explode(' ', microtime());
mt_srand((float) $sec + ((float) $usec * 100000));
$session_id = md5(uniqid(mt_rand(), true));

Заменяем на:
$session_id = md5(dss_rand());
Находим (245):
list($sec, $usec) = explode(' ', microtime());
mt_srand(hexdec(substr($session_id, 0, 8)) + (float) $sec + ((float) $usec * 1000000));
$auto_login_key = uniqid(mt_rand(), true);

Заменяем на:
$auto_login_key = dss_rand() . dss_rand();
Находим (519):
WHERE last_login < ' . (time() - (86400 * (int) $board_config['max_autologin_time']));
$db->sql_query($sql);
}
return true;
}

Ниже добавляем:
/**
* Reset all login keys for the specified user
* Called on password changes
*/
function session_reset_keys($user_id, $user_ip)
{
global $db, $userdata;
$key_sql = ($user_id == $userdata['user_id'] && !empty($userdata['session_key'])) ? "AND key_id != '" . md5($userdata['session_key']) . "'" : '';
$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . '
WHERE user_id = ' . (int) $user_id . "
$key_sql";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error removing auto-login keys', '', __LINE__, __FILE__, $sql);
}
$where_sql = 'session_user_id = ' . (int) $user_id;
$where_sql .= ($user_id == $userdata['user_id']) ? " AND session_id <> '" . $userdata['session_id'] . "'" : '';
$sql = 'DELETE FROM ' . SESSIONS_TABLE . "
WHERE $where_sql";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error removing user session(s)', '', __LINE__, __FILE__, $sql);
}
if ( !empty($key_sql) )
{
$auto_login_key = dss_rand() . dss_rand();
$current_time = time();

$sql = 'UPDATE ' . SESSIONS_KEYS_TABLE . "
SET last_ip = '$user_ip', key_id = '" . md5($auto_login_key) . "', last_login = $current_time
WHERE key_id = '" . md5($userdata['session_key']) . "'";

if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error updating session key', '', __LINE__, __FILE__, $sql);
}
// And now rebuild the cookie
$sessiondata['userid'] = $user_id;
$sessiondata['autologinid'] = $autologin_id;
$cookiename = $board_config['cookie_name'];
$cookiepath = $board_config['cookie_path'];
$cookiedomain = $board_config['cookie_domain'];
$cookiesecure = $board_config['cookie_secure'];
setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);

$userdata['session_key'] = $auto_login_key;
unset($sessiondata);
unset($auto_login_key);
}
}

Открываем includes/usercp_avatar.php
Находим (103):

if ( !preg_match('#^(http)|(ftp):\/\/#i', $avatar_filename) )
{
$avatar_filename = 'http://' . $avatar_filename;
}

Ниже добавляем:
$avatar_filename = substr($avatar_filename, 0, 100);
Открываем includes/usercp_register.php
Находим (135):
$signature = str_replace('<br />', "\n", $signature);
Заменяем на:
$signature = (isset($signature)) ? str_replace('<br />', "\n", $signature) : '';
$signature_bbcode_uid = '';

Находим и удаляем (298):
// Only compare one char if the zlib-extension is not loaded
if (!@extension_loaded('zlib'))
{
$row['code'] = substr($row['code'], -1);
}


Находим (519):
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql);
}

Ниже добавляем:
// We remove all stored login keys since the password has been updated
// and change the current one (if applicable)
if ( !empty($passwd_sql) )
{
session_reset_keys($user_id, $user_ip);
}

Находим (788):
//
// If an error occured we need to stripslashes on returned data
//
$username = stripslashes($username);
$email = stripslashes($email);

Ниже добавляем:
$cur_password = '';
Находим (813):
else if ( $mode == 'editprofile' && !isset($HTTP_POST_VARS['avatargallery']) && !isset($HTTP_POST_VARS['submitavatar']) && !isset($HTTP_POST_VARS['cancelavatar']) )
{
$user_id = $userdata['user_id'];
$username = $userdata['username'];
$email = $userdata['user_email'];

Ниже добавляем:
$cur_password = '';
Находим (1011):
$confirm_chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9');
list($usec, $sec) = explode(' ', microtime());
mt_srand($sec * $usec);
$max_chars = count($confirm_chars) - 1;
$code = '';
for ($i = 0; $i < 6; $i++)
{
$code .= $confirm_chars[mt_rand(0, $max_chars)];
}

Заменяем на:
// Generate the required confirmation code
// NB 0 (zero) could get confused with O (the letter) so we make change it
$code = dss_rand();
$code = strtoupper(str_replace('0', 'o', substr($code, 6)));
Находим (1042):
'USERNAME' => $username,
'CUR_PASSWORD' => $cur_password,
'NEW_PASSWORD' => $new_password,
'PASSWORD_CONFIRM' => $password_confirm,
'EMAIL' => $email,

Заменяем на:
'USERNAME' => isset($username) ? $username : '',
'CUR_PASSWORD' => isset($cur_password) ? $cur_password : '',
'NEW_PASSWORD' => isset($new_password) ? $new_password : '',
'PASSWORD_CONFIRM' => isset($password_confirm) ? $password_confirm : '',
'EMAIL' => isset($email) ? $email : '',

Открываем modules/Forums/index.php
Находим (133):
while( $category_rows[] = $db->sql_fetchrow($result) );
Заменяем на:
while ($row = $db->sql_fetchrow($result))
{
$category_rows[] = $row;
}

Находим (318):
// Okay, let's build the index
//
for($i = 0; $i < $total_categories; $i++)
{
$cat_id = $category_rows[$i]['cat_id'];
//
// Should we display this category/forum set?
//
$display_forums = false;
for($j = 0; $j < $total_forums; $j++)
{
if ( $is_auth_ary[$forum_data[$j]['forum_id']]['auth_view'] && $forum_data[$j]['cat_id'] == $cat_id )
{
$display_forums = true;
}
}
//
// Yes, we should, so first dump out the category
// title, then, if appropriate the forum list
//
if ( $display_forums )

Заменяем на:
// Let's decide which categories we should display
//
$display_categories = array();
for ($i = 0; $i < $total_forums; $i++ )
{
if ($is_auth_ary[$forum_data[$i]['forum_id']]['auth_view'])
{
$display_categories[$forum_data[$i]['cat_id']] = true;
}
}
//
// Okay, let's build the index
//
for($i = 0; $i < $total_categories; $i++)
{
$cat_id = $category_rows[$i]['cat_id'];
//
// Yes, we should, so first dump out the category
// title, then, if appropriate the forum list
//
if (isset($display_categories[$cat_id]) && $display_categories[$cat_id])

Открываем modules/Forums/language/lang_english/email/group_request.tpl
Находим (6):
A user has requested to join a group you moderator on {SITENAME}.
Заменяем на:
A user has requested to join a group you moderate on {SITENAME}.
Открываем modules/Forums/language/lang_english/email/user_activate_passwd.tpl
Находим (12):
If sucessful you will be able to login using the following password:
Заменяем на:
If successful you will be able to login using the following password:
Открываем modules/Forums/language/lang_english/lang_admin.php
Находим (339):
$lang['Allow_autologin'] = 'Allow automatic logins';
$lang['Allow_autologin_explain'] = 'Determines whether users are allowed to select to be automatically logged in when visiting the forum';
$lang['Autologin_time'] = 'Automatic login key expiry';
$lang['Autologin_time_explain'] = 'How long a autologin key is valid for in days if the user does not visit the board. Set to zero to disable expiry.';

Ниже добавляем:
// Search Flood Control - added 2.0.20
$lang['Search_Flood_Interval'] = 'Search Flood Interval';
$lang['Search_Flood_Interval_explain'] = 'Number of seconds a user must wait between search requests';
Находим (427):
$lang['smiley_edit_success'] = 'The Smiley was successfully updated';
$lang['smiley_import_success'] = 'The Smiley Pack was imported successfully!';
$lang['smiley_del_success'] = 'The Smiley was successfully removed';
$lang['Click_return_smileadmin'] = 'Click %sHere%s to return to Smiley Administration';
Ниже добавляем:
$lang['Confirm_delete_smiley'] = 'Are you sure you want to delete this Smiley?';
Находим (519):
$lang['Word_updated'] = 'The selected word censor has been successfully updated';
$lang['Word_added'] = 'The word censor has been successfully added';
$lang['Word_removed'] = 'The selected word censor has been successfully removed';
$lang['Click_return_wordadmin'] = 'Click %sHere%s to return to Word Censor Administration';
Ниже добавляем:
$lang['Confirm_delete_word'] = 'Are you sure you want to delete this word censor?';
Находим (559):
$lang['Rank_removed'] = 'The rank was successfully deleted';
$lang['No_update_ranks'] = 'The rank was successfully deleted. However, user accounts using this rank were not updated. You will need to manually reset the rank on these accounts';
$lang['Click_return_rankadmin'] = 'Click %sHere%s to return to Rank Administration';
Ниже добавляем:
$lang['Confirm_delete_rank'] = 'Are you sure you want to delete this rank?';
Открываем modules/Forums/language/lang_russian/lang_admin.php
Находим (327):
$lang['Allow_autologin'] = 'Разрешить автоматическую авторизацию';
$lang['Allow_autologin_explain'] = 'Разрешено ли пользователям выбирать, автоматическую авторизацию, посещая форум';
$lang['Autologin_time'] = 'Истечение Автоматической авторизации';
$lang['Autologin_time_explain'] = 'Сколько дней не посещения форума пользователем, система будет хранить информацию о нем. Наберите нолю, чтобы отключить истечение срока.';
Ниже добавляем:
// Search Flood Control - added 2.0.20
$lang['Search_Flood_Interval'] = 'Поисковой интервал (антифлуд)';
$lang['Search_Flood_Interval_explain'] = 'Количество секунд, которое должен выждать пользователь перед новым поиском';

Находим (413):
$lang['smiley_edit_success'] = 'Смайлик был успешно изменён';
$lang['smiley_import_success'] = 'Набор смайликов был успешно импортирован';
$lang['smiley_del_success'] = 'Смайлик был успешно удалён';
$lang['Click_return_smileadmin'] = '%sВернуться к списку смайликов%s';

Ниже добавляем:
$lang['Confirm_delete_smiley'] = 'Вы уверены, что хотите удалить этот смайл?';
Находим (505):
$lang['Word_updated'] = 'Выбранный автоцензор был успешно изменён';
$lang['Word_added'] = 'Автоцензор был успешно добавлен';
$lang['Word_removed'] = 'Выбранный автоцензор был успешно удалён';
$lang['Click_return_wordadmin'] = '%sВернуться к управлению автоцензором%s';

Ниже добавляем:
$lang['Confirm_delete_word'] = 'Вы уверены, что хотите удалить это автоцензор?';
Находим (545):
$lang['Click_return_rankadmin'] = '%sВернуться к управлению званиями%s';
Ниже добавляем:
$lang['Confirm_delete_rank'] = 'Вы уверены, что хотите удалить это звание?';
Открываем modules/Forums/language/lang_english/lang_main.php
Находим (782):
$lang['No_searchable_forums'] = 'You do not have permissions to search any forum on this site.';
$lang['No_search_match'] = 'No topics or posts met your search criteria';
$lang['Found_search_match'] = 'Search found %d match'; // eg. Search found 1 match
$lang['Found_search_matches'] = 'Search found %d matches'; // eg. Search found 24 matches
Ниже добавляем:
$lang['Search_Flood_Error'] = 'You cannot make another search so soon after your last; please try again in a short while.';
Открываем modules/Forums/language/lang_russian/lang_main.php
Находим (764):
$lang['No_searchable_forums'] = 'У вас нет доступа к поиску ни в одном из форумов на сайте';
$lang['No_search_match'] = 'Подходящих тем или сообщений не найдено';
$lang['Found_search_match'] = 'Результатов поиска: %d'; // eg. Search found 1 match
$lang['Found_search_matches'] = 'Результатов поиска: %d'; // eg. Search found 24 matches

Ниже добавляем:
$lang['Search_Flood_Error'] = 'Вы не можете еще раз воспользоваться поиском, пожалуйста, попробуйте сделать это чуть позднее.';

Открываем modules/Forums/login.php
Находим (91):
$row['user_last_login_try'] >= (time() - ($board_config['login_reset_time'] * 60)) && $row['user_login_tries'] >= $board_config['max_login_attempts'])
Заменяем на:
$row['user_last_login_try'] >= (time() - ($board_config['login_reset_time'] * 60)) && $row['user_login_tries'] >= $board_config['max_login_attempts'] && $userdata['user_level'] != ADMIN)
Находим (116):
else
{
// Save login tries and last login

Заменяем на: (изменено)
else
{
// Save login tries and last login, but only store a failed login attempt for an
// active user - inactive users can't login even with a correct password
if ( $row['user_id'] != ANONYMOUS && $row['user_active'] )

Открываем modules/Members_List/index.php
Находим (247):
$search_img = '<a href="' . $temp_url . '"><img src="' . $images['icon_search'] . '" alt="' . $lang['Search_user_posts'] . '" title="' . $lang['Search_user_posts'] . '" border="0" /></a>';
$search = '<a href="' . $temp_url . '">' . $lang['Search_user_posts'] . '</a>';

Заменяем на:
$search_img = '<a href="' . $temp_url . '"><img src="' . $images['icon_search'] . '" alt="' . sprintf($lang['Search_user_posts'], $username) . '" title="' . sprintf($lang['Search_user_posts'], $username) . '" border="0" /></a>';
$search = '<a href="' . $temp_url . '">' . sprintf($lang['Search_user_posts'], $username) . '</a>';

Открываем modules/Forums/modcp.php
Находим (234):
$page_title = $lang['Mod_CP'];
include("includes/page_header.php");
if ( $confirm )
{

Ниже добавляем:
if ( empty($HTTP_POST_VARS['topic_id_list']) && empty($topic_id) )
{
message_die(GENERAL_MESSAGE, $lang['None_selected']);
}

Находим (264):
while ($row = $db->sql_fetchrow($result))
{
$topic_id_sql .= (($topic_id_sql != '') ? ', ' : '') . intval($row['topic_id']);
}
$db->sql_freeresult($result);

Ниже добавляем:

if ( $topic_id_sql == '')
{
message_die(GENERAL_MESSAGE, $lang['None_selected']);
}

Находим (750):
while ($row = $db->sql_fetchrow($result))
{
$post_id_sql .= (($post_id_sql != '') ? ', ' : '') . intval($row['post_id']);
}
$db->sql_freeresult($result);

Ниже добавляем:

if ($post_id_sql == '')
{
message_die(GENERAL_MESSAGE, $lang['None_selected']);
}

Находим (1008):
$ip_this_post = ( $rdns_ip_num == $ip_this_post ) ? gethostbyaddr($ip_this_post) : $ip_this_post;

Заменяем на:
$ip_this_post = ( $rdns_ip_num == $ip_this_post ) ? htmlspecialchars(gethostbyaddr($ip_this_post)) : $ip_this_post;
Находим (1053):
$ip = ( $rdns_ip_num == $row['poster_ip'] || $rdns_ip_num == 'all') ? gethostbyaddr($ip) : $ip;
Заменяем на:
$ip = ( $rdns_ip_num == $row['poster_ip'] || $rdns_ip_num == 'all') ? htmlspecialchars(gethostbyaddr($ip)) : $ip;
Открываем modules/Forums/posting.php
Находим (642):
$poll_options[$option_id] = htmlspecialchars(trim(stripslashes($option_text)));
Заменяем на:
$poll_options[intval($option_id)] = htmlspecialchars(trim(stripslashes($option_text)));
Открываем modules/Private_Messages/index.php
Находим (1251):
$privmsg_subject = trim(strip_tags($HTTP_POST_VARS['subject']));
Заменяем на:
$privmsg_subject = trim(htmlspecialchars($HTTP_POST_VARS['subject']));
Находим (1373):
message_die(GENERAL_ERROR, "Could not insert/update private message sent text.", "", __LINE__, __FILE__, $sql_info);
Заменяем на:
message_die(GENERAL_ERROR, "Could not insert/update private message sent text.", "", __LINE__, __FILE__, $sql);
Находим (1437):
$privmsg_subject = ( isset($HTTP_POST_VARS['subject']) ) ? trim(strip_tags(stripslashes($HTTP_POST_VARS['subject']))) : '';
Заменяем на:
$privmsg_subject = ( isset($HTTP_POST_VARS['subject']) ) ? trim(htmlspecialchars(stripslashes($HTTP_POST_VARS['subject']))) : '';
Находим (1572):
}
$privmsg_subject = ( ( !preg_match('/^Re:/', $privmsg['privmsgs_subject']) ) ? 'Re: ' : '' ) . $privmsg['privmsgs_subject'];

Заменяем на: (изменено)
}
$orig_word = $replacement_word = array();
obtain_word_list($orig_word, $replacement_word);
$privmsg_subject = ( ( !preg_match('/^Re:/', $privmsg['privmsgs_subject']) ) ? 'Re: ' : '' ) . $privmsg['privmsgs_subject'];
$privmsg_subject = preg_replace($orig_word, $replacement_word, $privmsg_subject);

Находим (1587):
$privmsg_bbcode_uid = $privmsg['privmsgs_bbcode_uid'];
$privmsg_message = preg_replace("/\:(([a-z0-9]:)?)$privmsg_bbcode_uid/si", '', $privmsg_message);
$privmsg_message = str_replace('<br />', "\n", $privmsg_message);
$privmsg_message = preg_replace('#</textarea>#si', '&lt;/textarea&gt;', $privmsg_message);

Ниже добавляем:
$privmsg_message = preg_replace($orig_word, $replacement_word, $privmsg_message);
Находим и удаляем (1816):

$privmsg_subject = preg_replace($html_entities_match, $html_entities_replace, $privmsg_subject);
$privmsg_subject = str_replace('"', '&quot;', $privmsg_subject);

Открываем modules/Forums/profile.php
Находим (75):
$chars = array( 'a', 'A', 'b', 'B', 'c', 'C', 'd', 'D', 'e', 'E', 'f', 'F', 'g', 'G', 'h', 'H', 'i', 'I', 'j', 'J', 'k', 'K', 'l', 'L', 'm', 'M', 'n', 'N', 'o', 'O', 'p', 'P', 'q', 'Q', 'r', 'R', 's', 'S', 't', 'T', 'u', 'U', 'v', 'V', 'w', 'W', 'x', 'X', 'y', 'Y', 'z', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0');

$max_chars = count($chars) - 1;
srand( (double) microtime()*1000000);

$rand_str = '';
for($i = 0; $i < 8; $i++)
{
$rand_str = ( $i == 0 ) ? $chars[rand(0, $max_chars)] : $rand_str . $chars[rand(0, $max_chars)];
}
return ( $hash ) ? md5($rand_str) : $rand_str;

Заменяем на: (изменено)
$rand_str = dss_rand();
return ( $hash ) ? md5($rand_str) : substr($rand_str, 0, 8);

Открываем modules/Forums/search.php
Находим (161):
$search_results = '';
//
// Search ID Limiter, decrease this value if you experience further timeout problems with searching forums
$limiter = 5000;

Ниже добавляем:
$current_time = time();
Находим (169):
//
// Cycle through options ...
//
if ( $search_id == 'newposts' || $search_id == 'egosearch' || $search_id == 'unanswered' || $search_keywords != '' || $search_author != '' )
{

Ниже добавляем:
//
// Flood control
//
$where_sql = ($userdata['user_id'] == ANONYMOUS) ? "se.session_ip = '$user_ip'" : 'se.session_user_id = ' . $userdata['user_id'];
$sql = 'SELECT MAX(sr.search_time) AS last_search_time
FROM ' . SEARCH_TABLE . ' sr, ' . SESSIONS_TABLE . " se
WHERE sr.session_id = se.session_id
AND $where_sql";
if ($result = $db->sql_query($sql))
{
if ($row = $db->sql_fetchrow($result))
{
if (intval($row['last_search_time']) > 0 && ($current_time - intval($row['last_search_time'])) < intval($board_config['search_flood_interval']))
{
message_die(GENERAL_MESSAGE, $lang['Search_Flood_Error']);
}
}
}

Находим (231):
if (preg_match('#^[\*%]+$#', trim($search_author)) || preg_match('#^[^\*]{1,2}$#', str_replace(array('*', '%'), '', trim($search_author))))
{
$search_author = '';
}
$search_author = str_replace('*', '%', trim($search_author));

Заменяем на:
$search_author = str_replace('*', '%', trim($search_author));
if( ( strpos($search_author, '%') !== false ) && ( strlen(str_replace('%', '', $search_author)) < 3 ) )
{
$search_author = '';
}

Находим (455):
if (preg_match('#^[\*%]+$#', trim($search_author)) || preg_match('#^[^\*]{1,2}$#', str_replace(array('*', '%'), '', trim($search_author))))
{
$search_author = '';
}
$search_author = str_replace('*', '%', trim(str_replace("\'", "''", $search_author)));

Заменяем на:
$search_author = str_replace('*', '%', trim($search_author));
if( ( strpos($search_author, '%') !== false ) && ( strlen(str_replace('%', '', $search_author)) < 3 ) )
{
$search_author = '';
}

Находим (665):
// Finish building query (for all combinations)
// and run it ...
//
$sql = "SELECT session_id
FROM " . SESSIONS_TABLE;
if ( $result = $db->sql_query($sql) )
{
$delete_search_ids = array();
while( $row = $db->sql_fetchrow($result) )
{
$delete_search_ids[] = "'" . $row['session_id'] . "'";
}
if ( count($delete_search_ids) )
{
$sql = "DELETE FROM " . SEARCH_TABLE . "
WHERE session_id NOT IN (" . implode(", ", $delete_search_ids) . ")";
if ( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete old search id sessions', '', __LINE__, __FILE__, $sql);
}
}

Заменяем на:
// Delete old data from the search result table
//
$sql = 'DELETE FROM ' . SEARCH_TABLE . '
WHERE search_time < ' . ($current_time - (int) $board_config['session_length']);
if ( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete old search id sessions', '', __LINE__, __FILE__, $sql);

Находим (713):
SET search_id = $search_id, search_array = '" . str_replace("\'", "''", $result_array) . "'
WHERE session_id = '" . $userdata['session_id'] . "'";
if ( !($result = $db->sql_query($sql)) || !$db->sql_affectedrows() )
{
$sql = "INSERT INTO " . SEARCH_TABLE . " (search_id, session_id, search_array)
VALUES('$search_id', '" . $userdata['session_id'] . "', '" . str_replace("\'", "''", $result_array) . "')";

Заменяем на:
SET search_id = $search_id, search_time = $current_time, search_array = '" . str_replace("\'", "''", $result_array) . "'
WHERE session_id = '" . $userdata['session_id'] . "'";
if ( !($result = $db->sql_query($sql)) || !$db->sql_affectedrows() )
{
$sql = "INSERT INTO " . SEARCH_TABLE . " (search_id, session_id, search_time, search_array)
VALUES($search_id, '" . $userdata['session_id'] . "', $current_time, '" . str_replace("\'", "''", $result_array) . "')";

Открываем modules/Forums/templates/subSilver/admin/board_config_body.tpl
Находим (52):
<td class="row2"><input type="radio" name="board_email_form" value="1" {BOARD_EMAIL_FORM_ENABLE} /> {L_ENABLED}&nbsp;&nbsp;<input type="radio" name="board_email_form" value="0" {BOARD_EMAIL_FORM_DISABLE} /> {L_DISABLED}</td>
</tr>
<tr>
<td class="row1">{L_FLOOD_INTERVAL} <br /><span class="gensmall">{L_FLOOD_INTERVAL_EXPLAIN}</span></td>
<td class="row2"><input class="post" type="text" size="3" maxlength="4" name="flood_interval" value="{FLOOD_INTERVAL}" /></td>

Ниже добавляем:
</tr>
<tr>
<td class="row1">{L_SEARCH_FLOOD_INTERVAL} <br /><span class="gensmall">{L_SEARCH_FLOOD_INTERVAL_EXPLAIN}</span></td>
<td class="row2"><input class="post" type="text" size="3" maxlength="4" name="search_flood_interval" value="{SEARCH_FLOOD_INTERVAL}" /></td>

Открываем modules/Forums/templates/subSilver/confirm_body.tpl
Находим (10):
<th class="thHead" height="25" valign="middle"><span class="tableTitle">{MESSAGE_TITLE}</span></th>

Заменяем на:
<th class="thHead" height="25" valign="middle">{MESSAGE_TITLE}</th>

Скопируйте файл из атача в директорию с php-nuke.
Выполните SQL-запросы:
INSERT INTO nuke_bbconfig (config_name, config_value) VALUES ('search_flood_interval', '15')
INSERT INTO nuke_bbconfig (config_name, config_value) VALUES ('rand_seed', '0')
DELETE FROM nuke_bbsessions
DELETE FROM nuke_bbsessions_keys
ALTER TABLE nuke_bbsearch_results ADD COLUMN search_time int(11) DEFAULT '0' NOT NULL
UPDATE nuke_bbconfig SET config_value = '.0.20' WHERE config_name = 'version'

не забываем в запросах менять префикс таблиц nuke_ на свой.

На этом все!

Успeшно апдeйтовал форум до 1.0.20 (до этого работал бeз замeчаний сущeствeнных). Тeпeрь возникла проблeма в админкe форума: Права доступа форумов, и права доступа юзeров послe измeнeния вмeсто мeню "права успeшно измeнeны" и.т.д возникают кракозябли. Права-то мeняются, но нe приятно на этот баг смотрeть.
Остальныe команды работают коррeктно.
Установлeна: PHP-Nuke-7.9.0.3.2_Rus. Хост нeмeцкий и кодировка utf8_general_si.

wotik скорее всего закачали файлы форума на хост как то криво, попробуйте в бинарном режиме.

Soniks, вопрос такой. Можно ли обновить форум 2.0.17 сразу на 2.0.20, или надо пошагово переходить с версии на версию....

пошагово, либо если у тебя не установлены моды то нужно заменить готовыми файлами, то тоже пошагово.

да, из модов только быстрый ответ по рецепту Soniksa.

Не работают цитаты...

вообще тэг Цитаты работает (цитата)текст(/цитата)

а вот при нажатии на кнопочку ОТВЕТИТЬ С ЦИТАТОЙ выводит сам тэг (цитата:"имя юзера")текст(/цитата)

хелп вот линк

http://innovation.bestwarez.kz/modules.php?name=Forums&file=viewtopic&p=32#32

если возникла проблема с отображением цитирования, то отключите использования Html тегов в сообщениях (в админ панели форума в разделе "конфигурации")

Фиксин найденные баги:
Открываем includes/functions_post.php
Находим:
$message = addslashes($message);
Ниже добавляем:
$message = str_replace('&quot;', '\&quot;', $message);
Открываем modules/Private_Messages/index.php
Находим:
obtain_word_list($orig_word, $replace_word);
Заменяем на:
obtain_word_list($orig_word, $replacement_word);
Открываем modules/Forums/login.php
Находим:
// Only store a failed login attempt for an active user - inactive users can't login even with a correct password
elseif( $row['user_active'] )

{
// Save login tries and last login
if ($row['user_id'] != ANONYMOUS)

Заменяем на:
else
{
// Save login tries and last login, but only store a failed login attempt for an
// active user - inactive users can't login even with a correct password
if ( $row['user_id'] != ANONYMOUS && $row['user_active'] )

Открываем includes/functions.php
Находим:
return substr($val, 16);
Заменяем на:
return substr($val, 4, 16);

Открываем modules/Forums/login.php
Находим:
return ( $hash ) ? md5($rand_str) : substr($rand_str, 8);
Заменяем на:
return ( $hash ) ? md5($rand_str) : substr($rand_str, 0, 8);

обновил форум, но в админке форума не отображается левая навигационная панель (меню админа). подскажите где посмотреть, плиз.

помогите!!! хоть подскажите где посмотреть......

DiVo вам нужно включить вывод ошибок, возможно гдето была допущена ошибка вами, или переделайте все исправления занова файлов из папки modules/Forums/admin/

Notice: Undefined variable: forum_admin in /home/kymunet/public_html/mainfile.php on line 1575

Notice: Undefined variable: inside_mod in /home/kymunet/public_html/mainfile.php on line 1577

Notice: Undefined index: name in /home/kymunet/public_html/modules/Your_Account/includes/mainfileend.php on line 29

DiVo попробуйте заменить вайлы форума на рабочие, в том числе и темпл файлы