PDA

View Full Version : Обновляем форум phpBB 2.0.20 до 2.0.21

Soniks
10.06.2006, 00:45
Инструкция по ручному обновлению встроенного форума phpbb в php-nuke с версии 2.0.20 до версии 2.0.21

Открываем modules/Forums/admin/admin_ranks.php
Находим (34):
//
$phpbb_root_path = "./../";
require($phpbb_root_path . 'extension.inc');
Ниже добавляем:

$cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? true : false;
$no_page_header = $cancel;

Находим (39):
require('./pagestart.' . $phpEx);
Ниже добавляем:
if ($cancel)
{
redirect('admin/' . append_sid("admin_ranks.$phpEx", true));
}

Открываем modules/Forums/admin/admin_smilies.php
Находим (50):
$phpbb_root_path = "./../";
require($phpbb_root_path . 'extension.inc');

Ниже добавляем:
$cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? true : false;
$no_page_header = $cancel;

Находим (54):
require('./pagestart.' . $phpEx);
Ниже добавляем:
if ($cancel)
{
redirect('admin/' . append_sid("admin_smilies.$phpEx", true));
}

Открываем modules/Forums/admin/admin_styles.php
Находим (840):
$template->set_filenames(array(
"confirm" => "confirm_body.tpl")
);

Заменяем на:
$template->set_filenames(array(
"confirm" => "admin/confirm_body.tpl")
);

Открываем modules/Forums/admin/admin_words.php
Находим (33):
$phpbb_root_path = "./../";
require($phpbb_root_path . 'extension.inc');

Ниже добавляем:
$cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? true : false;
$no_page_header = $cancel;

Находим (37):
require('./pagestart.' . $phpEx);
Ниже добавляем:
if ($cancel)
{
redirect('admin/' . append_sid("admin_words.$phpEx", true));
}

Открываем includes/functions.php
Находим (176):
return substr($val, 16);
Заменяем на:
return substr($val, 4, 16);
Находим (316):
global $board_config, $theme, $images, $template, $lang, $phpEx, $phpbb_root_path, $nav_links;
Заменяем на:
global $board_config, $theme, $images, $template, $lang, $phpEx, $phpbb_root_path, $nav_links, $db;
Находим (322):
$board_config['default_lang'] = $userdata['user_lang'];
Заменяем на:
$default_lang = phpbb_ltrim(basename(phpbb_rtrim($userdata['user_lang'])), "'");
Находим (336):
if ( !file_exists(@phpbb_realpath($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_main.'.$phpEx)) )
{
$board_config['default_lang'] = 'english';
}

Заменяем на:
else
{
$default_lang = phpbb_ltrim(basename(phpbb_rtrim($board_config['default_lang'])), "'");
}
if ( !file_exists(@phpbb_realpath($phpbb_root_path . 'language/lang_' . $default_lang . '/lang_main.'.$phpEx)) )
{
if ( $userdata['user_id'] != ANONYMOUS )
{
// For logged in users, try the board default language next
$default_lang = phpbb_ltrim(basename(phpbb_rtrim($board_config['default_lang'])), "'");
}
else
{
// For guests it means the default language is not present, try english
// This is a long shot since it means serious errors in the setup to reach here,
// but english is part of a new install so it's worth us trying
$default_lang = 'english';
}
if ( !file_exists(@phpbb_realpath($phpbb_root_path . 'language/lang_' . $default_lang . '/lang_main.'.$phpEx)) )
{
message_die(CRITICAL_ERROR, 'Could not locate valid language pack');
}
}
// If we've had to change the value in any way then let's write it back to the database
// before we go any further since it means there is something wrong with it
if ( $userdata['user_id'] != ANONYMOUS && $userdata['user_lang'] !== $default_lang )
{
$sql = 'UPDATE ' . USERS_TABLE . "
SET user_lang = '" . $default_lang . "'
WHERE user_lang = '" . $userdata['user_lang'] . "'";
if ( !($result = $db->sql_query($sql)) )
{
message_die(CRITICAL_ERROR, 'Could not update user language info');
}
$userdata['user_lang'] = $default_lang;
}
elseif ( $userdata['user_id'] === ANONYMOUS && $board_config['default_lang'] !== $default_lang )
{
$sql = 'UPDATE ' . CONFIG_TABLE . "
SET config_value = '" . $default_lang . "'
WHERE config_name = 'default_lang'";
if ( !($result = $db->sql_query($sql)) )
{
message_die(CRITICAL_ERROR, 'Could not update user language info');
}
}
$board_config['default_lang'] = $default_lang;
Находим (459):
$sql = "SELECT *
FROM " . THEMES_TABLE . "
WHERE themes_id = '$style'";

Заменяем на:
$sql = 'SELECT *
FROM ' . THEMES_TABLE . '
WHERE themes_id = ' . (int) $style;

Открываем includes/functions_post.php
Находим (67):
$message .= htmlspecialchars($part) . clean_html($tag);
}
$message = addslashes($message);

Заменяем на:
$message .= preg_replace($html_entities_match, $html_entities_replace, $part) . clean_html($tag);
}
$message = addslashes($message);
$message = str_replace('"', '\"', $message);

Находим (420):
$sql = "UPDATE " . FORUMS_TABLE . " SET
$forum_update_sql
WHERE forum_id = '$forum_id'";
if (!$db->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
}

Заменяем на:
if ($mode != 'poll_delete')
{
$sql = "UPDATE " . FORUMS_TABLE . " SET
$forum_update_sql
WHERE forum_id = $forum_id";
if (!$db->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
}
}

Открываем includes/sessions.php
Находим (368):
setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure);
}

Ниже добавляем:
// Add the session_key to the userdata array if it is set
if ( isset($sessiondata['autologinid']) && $sessiondata['autologinid'] != '' )
{
$userdata['session_key'] = $sessiondata['autologinid'];
}

Находим (505):
function session_reset_keys($user_id, $user_ip)
{
global $db, $userdata;

Заменяем на:
function session_reset_keys($user_id, $user_ip)
{
global $db, $userdata, $board_config;

Находим (544):
// And now rebuild the cookie
$sessiondata['userid'] = $user_id;
$sessiondata['autologinid'] = $autologin_id;

Заменяем на:
// And now rebuild the cookie
$sessiondata['userid'] = $user_id;
$sessiondata['autologinid'] = $auto_login_key;
Soniks
10.06.2006, 00:55
Открываем includes/usercp_avatar.php
Находим (130):
if ( $avatar_mode == 'remote' && preg_match('/^(http:\/\/)?([\w\-\.]+)\:?([0-9]*)\/(.*)$/', $avatar_filename, $url_ary) )
Заменяем на:
if ( $avatar_mode == 'remote' && preg_match('/^(http:\/\/)?([\w\-\.]+)\:?([0-9]*)\/([^ \?&=\#\"\n\r\t<]*?(\.(jpg|jpeg|gif|png)))$/', $avatar_filename, $url_ary) )
Открываем modules/Forums/usercp_confirm.php
Находим (84):
// If we can we will generate a single filtered png else we will have to simply
// output six seperate original pngs ... first way is preferable!
if (@extension_loaded('zlib'))
{
$_png = define_filtered_pngs();
$total_width = 320;
$total_height = 50;
$img_height = 40;
$img_width = 0;
$l = 0;
list($usec, $sec) = explode(' ', microtime());
mt_srand($sec * $usec);
$char_widths = array();
for ($i = 0; $i < strlen($code); $i++)
{
$char = $code{$i};
$width = mt_rand(0, 4);
$char_widths[] = $width;
$img_width += $_png[$char]['width'] - $width;
}
$offset_x = mt_rand(0, $total_width - $img_width);
$offset_y = mt_rand(0, $total_height - $img_height);
$image = '';
$hold_chars = array();
for ($i = 0; $i < $total_height; $i++)
{
$image .= chr(0);
if ($i > $offset_y && $i < $offset_y + $img_height)
{
$j = 0;
for ($k = 0; $k < $offset_x; $k++)
{
$image .= chr(mt_rand(140, 255));
}
for ($k = 0; $k < strlen($code); $k++)
{
$char = $code{$k};
if (empty($hold_chars[$char]))
{
$hold_chars[$char] = explode("\n", chunk_split(base64_decode($_png[$char]['data']), $_png[$char]['width'] + 1, "\n"));
}
$image .= randomise(substr($hold_chars[$char][$l], 1), $char_widths[$j]);
$j++;
}
for ($k = $offset_x + $img_width; $k < $total_width; $k++)
{
$image .= chr(mt_rand(140, 255));
}
$l++;
}
else
{
for ($k = 0; $k < $total_width; $k++)
{
$image .= chr(mt_rand(140, 255));
}
}
}
unset($hold);
$image = create_png(gzcompress($image), $total_width, $total_height);
// Output image
header('Content-Type: image/png');
header('Cache-control: no-cache, no-store');
echo $image;
unset($image);
unset($_png);
exit;
}
else
{
if (!empty($HTTP_GET_VARS['c']))
{
$_png = define_raw_pngs();
$char = substr($code, intval($HTTP_GET_VARS['c']) - 1, 1);
header('Content-Type: image/png');
header('Cache-control: no-cache, no-store');
echo base64_decode($_png[$char]);
unset($_png);
exit;
}
}
exit;
Заменяем на:
// We can we will generate a single filtered png
// Thanks to DavidMJ for emulating zlib within the code :)
$_png = define_filtered_pngs();
$total_width = 320;
$total_height = 50;
$img_height = 40;
$img_width = 0;
$l = 0;
list($usec, $sec) = explode(' ', microtime());
mt_srand($sec * $usec);
$char_widths = array();
for ($i = 0; $i < strlen($code); $i++)
{
$char = $code{$i};
$width = mt_rand(0, 4);
$char_widths[] = $width;
$img_width += $_png[$char]['width'] - $width;
}
$offset_x = mt_rand(0, $total_width - $img_width);
$offset_y = mt_rand(0, $total_height - $img_height);
$image = '';
$hold_chars = array();
for ($i = 0; $i < $total_height; $i++)
{
$image .= chr(0);
if ($i > $offset_y && $i < $offset_y + $img_height)
{
$j = 0;
for ($k = 0; $k < $offset_x; $k++)
{
$image .= chr(mt_rand(140, 255));
}
for ($k = 0; $k < strlen($code); $k++)
{
$char = $code{$k};
if (empty($hold_chars[$char]))
{
$hold_chars[$char] = explode("\n", chunk_split(base64_decode($_png[$char]['data']), $_png[$char]['width'] + 1, "\n"));
}
$image .= randomise(substr($hold_chars[$char][$l], 1), $char_widths[$j]);
$j++;
}
for ($k = $offset_x + $img_width; $k < $total_width; $k++)
{
$image .= chr(mt_rand(140, 255));
}
$l++;
}
else
{
for ($k = 0; $k < $total_width; $k++)
{
$image .= chr(mt_rand(140, 255));
}
}
}
unset($hold);
$image = create_png($image, $total_width, $total_height);
// Output image
header('Content-Type: image/png');
header('Cache-control: no-cache, no-store');
echo $image;
unset($image);
unset($_png);
exit;

Находим (213):
function create_png($gzimage, $width, $height)

Заменяем на:
function create_png($raw_image, $width, $height)

Находим (222):
// IDAT
$image .= png_chunk(strlen($gzimage), 'IDAT', $gzimage);

Заменяем на:
if (@extension_loaded('zlib'))
{
$raw_image = gzcompress($raw_image);
$length = strlen($raw_image);
}
else
{
// The total length of this image, uncompressed, is just a calculation of pixels
$length = ($width + 1) * $height;
// Adler-32 hash generation
// Optimized Adler-32 loop ported from the GNU Classpath project
$temp_length = $length;
$s1 = 1;
$s2 = $index = 0;
while ($temp_length > 0)
{
// We can defer the modulo operation:
// s1 maximally grows from 65521 to 65521 + 255 * 3800
// s2 maximally grows by 3800 * median(s1) = 2090079800 < 2^31
$substract_value = ($temp_length < 3800) ? $temp_length : 3800;
$temp_length -= $substract_value;
while (--$substract_value >= 0)
{
$s1 += ord($raw_image[$index]);
$s2 += $s1;
$index++;
}
$s1 %= 65521;
$s2 %= 65521;
}
$adler_hash = pack('N', ($s2 << 16) | $s1);
// This is the same thing as gzcompress($raw_image, 0) but does not need zlib
$raw_image = pack('C3v2', 0x78, 0x01, 0x01, $length, ~$length) . $raw_image . $adler_hash;
// The Zlib header + Adler hash make us add on 11
$length += 11;
}
// IDAT
$image .= png_chunk($length, 'IDAT', $raw_image);

Открываем includes/usercp_register.php
Находим (1008):
$code = strtoupper(str_replace('0', 'o', substr($code, 6)));
Заменяем на:
$code = substr(str_replace('0', 'Z', strtoupper(base_convert($code, 16, 35))), 2, 6);
Находим (1021):
$confirm_image = (@extension_loaded('zlib')) ? '<img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id") . '" alt="" title="" />' : '<img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id&amp;c=1") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id&amp;c=2") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id&amp;c=3") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id&amp;c=4") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id&amp;c=5") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id&amp;c=6") . '" alt="" title="" />';

Заменяем на:
$confirm_image = '<img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id") . '" alt="" title="" />';
Soniks
10.06.2006, 01:11
Открываем modules/Forums/login.php
Находим (127):
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&amp;', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : '';
$redirect = str_replace('?', '&', $redirect);
if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r"))
{
message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
}
$template->assign_vars(array(
'META' => '<meta http-equiv=\"refresh\" content=\"3;url=' . append_sid("login.$phpEx?redirect=$redirect") . '\">')
);
$message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], '<a href=\"' . append_sid("login.$phpEx?redirect=$redirect") . '\">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');
message_die(GENERAL_MESSAGE, $message);
}

Заменяем на:
}
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&amp;', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : '';
$redirect = str_replace('?', '&', $redirect);
if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r"))
{
message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
}
$template->assign_vars(array(
'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">")
);
$message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');
message_die(GENERAL_MESSAGE, $message);

Открываем modules/Private_Messages/index.php
Находим (1574):
$orig_word = $replacement_word = array();
obtain_word_list($orig_word, $replace_word);
Заменяем на:
$orig_word = $replacement_word = array();
obtain_word_list($orig_word, $replacement_word);
Открываем modules/Forums/profile.php
Находим (86):
return ( $hash ) ? md5($rand_str) : $rand_str;
Заменяем на:
return ( $hash ) ? md5($rand_str) : substr($rand_str, 0, 8);
Открываем modules/Forums/search.php
Находим (233):
if( ( strpos($search_author, '%') !== false ) && ( strlen(str_replace('%', '', $search_author)) < 3 ) )
Заменяем на:
if( ( strpos($search_author, '%') !== false ) && ( strlen(str_replace('%', '', $search_author)) < $board_config['search_min_chars'] ) )
Находим (306):
if (preg_match('#^[\*%]+$#', trim($split_search[$i])) || preg_match('#^[^\*]{1,2}$#', str_replace(array('*', '%'), '', trim($split_search[$i]))))
Заменяем на:
if ( strlen(str_replace(array('*', '%'), '', trim($split_search[$i]))) < $board_config['search_min_chars'] )
Находим (457):
if( ( strpos($search_author, '%') !== false ) && ( strlen(str_replace('%', '', $search_author)) < 3 ) )
Заменяем на:
if( ( strpos($search_author, '%') !== false ) && ( strlen(str_replace('%', '', $search_author)) < $board_config['search_min_chars'] ) )
Открываем modules/Forums/viewtopic.php
Находим (1141):
// This was shamelessly 'borrowed' from volker at multiartstudio dot de
// via php.net's annotated manual
$message = str_replace('\"', '"', substr(@preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "@preg_replace('#\b(" . str_replace('\\', '\\\\', addslashes($highlight_match)) . ")\b#i', '<span style=\"color:#" . $theme['fontcolor3'] . "\"><b>\\\\1</b></span>', '\\0')", '>' . $message . '<'), 1, -1));

Заменяем на:
// This has been back-ported from 3.0 CVS
$message = preg_replace('#(?!<.*)(?<!\w)(' . $highlight_match . ')(?!\w|[^<>]*>)#i', '<b style="color:#'.$theme['fontcolor3'].'">\1</b>', $message);


Выполняем SQL запросы:
INSERT INTO nuke_bbconfig (config_name, config_value) VALUES ('search_min_chars', '3')
UPDATE nuke_bbconfig SET config_value='.0.21' where config_name='version'
не забываем изменить в запросах префикс nuke на свой.

Все!