[Tool] phpBB 2.0.8 to 2.0.9 Code Changes

All new MODs released in our MOD Database will be announced in here. All support for released MODs needs to take place in here. No new MODs will be accepted into the MOD Database for phpBB2
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

On February 1, 2009 this forum will be set to read only as part of retiring of phpBB2.

Rating:

Excellent!
15
83%
Very Good
0
No votes
Good
0
No votes
Fair
0
No votes
Poor
3
17%
 
Total votes: 18

bcs10
Registered User
Posts: 1525
Joined: Mon Jul 14, 2003 4:45 am
Location: Chicago, IL

Post by bcs10 »

ycl6 wrote:
bcs10 wrote:where is the update_to_209.php file

This is just a step-by-step guide to how to upgrade, if you want the SQL update file, you have to download the main file on the download page

http://www.phpbb.com/downloads.php

~Mac
oh yes... thanks a lot... stupid me.... ttyl
SNagy
Registered User
Posts: 11
Joined: Fri Jul 09, 2004 6:39 am

Post by SNagy »

Hello!

phpbb newbie: but tried to install the upgrade to 2.0.9 anyway, having just installed ezmod and wanting to test it. :)

ezmod gave me the following error message:

Critical Error

FIND FAILED: In file [privmsg.php] could not find:

$pm_sql_user .= "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . "

MOD script line #555 :: FAQ :: Report

And then also gave me this message:

Unprocessed Commands
DELETE line #509

//
// Define censored word matches
//
$orig_word = array();
$replacement_word = array();
obtain_word_list($orig_word, $replacement_word);

Should I be worried about either of these?

Thanks for your help!

Regards,

Steven
madnessmotors
Registered User
Posts: 269
Joined: Sun Aug 17, 2003 7:33 pm
Contact:

Post by madnessmotors »

I'm getting a wierd error now when I tried to make a post that contains an apostrophe.

Code: Select all

General Error 
  
Error in posting

DEBUG MODE

SQL Error : 1196 Warning: Some non-transactional changed tables couldn't be rolled back

INSERT INTO phpbb_posts_text (post_id, post_subject, bbcode_uid, post_text) VALUES (9392, '', '19ea8b6567', 'don't')

Line : 299
File : /home/madnessmotors/public_html/forum/includes/functions_post.php  
I don't see where the update changed that section of functions_post.php but, it just started happening, here are lines 296-300:

Code: Select all

	$sql = ($mode != 'editpost') ? "INSERT INTO " . POSTS_TEXT_TABLE . " (post_id, post_subject, bbcode_uid, post_text) VALUES ($post_id, '$post_subject', '$bbcode_uid', '$post_message')" : "UPDATE " . POSTS_TEXT_TABLE . " SET post_text = '$post_message',  bbcode_uid = '$bbcode_uid', post_subject = '$post_subject' WHERE post_id = $post_id";
	if (!$db->sql_query($sql))
	{
		message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
	}
If I type don't it errors but, don\'t works fine and comes up in the reply as don't, also it shows the person as the last poster even though the reply doesn't show up.

Edit: I just noticed that quoting is messed up it just shows the quote bbtag before and after the quote, the other bb codes seem to be fine and \'s don't show up in posts.
BlueRook
Registered User
Posts: 2892
Joined: Wed Mar 10, 2004 2:38 am

Post by BlueRook »

The following code breaks styles admin, or at least deleting styles.

Code: Select all

$ini_val = (@phpversion() >= '4.0.0') ? 'ini_get' : 'get_cfg_var';

// Unset globally registered vars - PHP5 ... hhmmm
if (@$ini_val('register_globals') == '1' || strtolower(@$ini_val('register_globals')) == 'on')
{
	$var_prefix = 'HTTP';
	$var_suffix = '_VARS';
	
	$test = array('_GET', '_POST', '_SERVER', '_COOKIE', '_ENV');

	foreach ($test as $var)
	{
		if (is_array(${$var_prefix . $var . $var_suffix}))
		{
			unset_vars(${$var_prefix . $var . $var_suffix});
		}

		if (is_array(${$var}))
		{
			unset_vars(${$var});
		}
	}

	if (is_array(${'_FILES'}))
	{
		unset_vars(${'_FILES'});
	}

	if (is_array(${'HTTP_POST_FILES'}))
	{
		unset_vars(${'HTTP_POST_FILES'});
	}
}
The machine that I'm hosted on is using php 4.3.4.

At least one other user is having the same issue. Reference this topic
Acyd Burn
Consultant
Consultant
Posts: 5830
Joined: Wed Dec 05, 2001 8:31 pm
Location: Behind You
Name: Meik Sievertsen

Post by Acyd Burn »

SNagy wrote: Hello!

phpbb newbie: but tried to install the upgrade to 2.0.9 anyway, having just installed ezmod and wanting to test it. :)

ezmod gave me the following error message:

Critical Error

FIND FAILED: In file [privmsg.php] could not find:

$pm_sql_user .= "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . "


I hope EasyMod continues then? ;) The reason is that you applied a previous security fix. Since these are the changes from 2.0.8 to 2.0.9, the one fix for 2.0.8a is included too, for those not having followed it.


BlueRook: If this is the case, it was broken in 2.0.0 to 2.0.8a too, for those not having register_globals set to on, since the code you are quoting is responsible for unsetting global vars.
BlueRook
Registered User
Posts: 2892
Joined: Wed Mar 10, 2004 2:38 am

Post by BlueRook »

Acyd Burn wrote: BlueRook: If this is the case, it was broken in 2.0.0 to 2.0.8a too, for those not having register_globals set to on, since the code you are quoting is responsible for unsetting global vars.


So should that code only be implemented if register_globals is set to off? Which wouldn't make sense as that code is looking to see if it is on. My setup has register globals as on and deletion of styles works perfectly if that code is not there, and has worked fine since 2.0.6.
Acyd Burn
Consultant
Consultant
Posts: 5830
Joined: Wed Dec 05, 2001 8:31 pm
Location: Behind You
Name: Meik Sievertsen

Post by Acyd Burn »

It is there to unset global vars for people having register globals on. You should really set register globals to off, since this is the main security hole people let open.
BlueRook
Registered User
Posts: 2892
Joined: Wed Mar 10, 2004 2:38 am

Post by BlueRook »

Acyd Burn wrote: It is there to unset global vars for people having register globals on. You should really set register globals to off, since this is the main security hole people let open.


Thanks for the information. My host has that setup on their server so that is why it is on. I'll look into it.
LegoSHAQ
Registered User
Posts: 10
Joined: Thu Jul 08, 2004 11:56 am

Post by LegoSHAQ »

sorry if this has been asked before.. but I couldn't find anything..

I want to upgrade using these cool upgrades. Problem is I am on 2.06. Do I need to run update_to_207.php and update_to_208.php? Cause I can only download 2.09 now and it only has update_to_209.php. So if I do need to run the other php files where can I find them? Or will running update_to_209.php only be fine?

Thanks :)
BlueRook
Registered User
Posts: 2892
Joined: Wed Mar 10, 2004 2:38 am

Post by BlueRook »

LegoSHAQ wrote: sorry if this has been asked before.. but I couldn't find anything..

I want to upgrade using these cool upgrades. Problem is I am on 2.06. Do I need to run update_to_207.php and update_to_208.php? Cause I can only download 2.09 now and it only has update_to_209.php. So if I do need to run the other php files where can I find them? Or will running update_to_209.php only be fine?

Thanks :)


If you don't have any or only have a couple of easy MODs the easiest way would be to just dowload the full install of then 2.0.9, save a copy of your current config.php, upload the new files and your old config.php and run the update_to_209.php file. Then deleted the install and contrib folders.

If you have a number of MODs then you can alway do incremental upgrades using the MOD templates for the previous versions found here. I don't think that any database changes were made between 2.0.6 and 2.0.9 but those files should give the information.
BlueRook
Registered User
Posts: 2892
Joined: Wed Mar 10, 2004 2:38 am

Post by BlueRook »

New question. The following code in admin/config_board.php

Code: Select all

		$default_config[$config_name] = str_replace("'", "\'", $config_value);

replaces ' with \' and every time you update your configuration it adds a new \. For example in the site description I have a "it's" but it keeps adding a \ every time so that I ended up with it\\\'s.

I ended up just using the the ASCII code but that only worked for the first time since it translates that to a '.

What would be the best way around this other than not using an apostrophe there, or I would gues, in any text field in the board configuration.
ycl6
Translator
Posts: 5696
Joined: Sat Feb 15, 2003 10:35 am
Location: Taiwan
Contact:

Post by ycl6 »

Just a small error in the update guide

In privmsg.php

The first change regarding the following line
Replace:

Code: Select all

$pm_sql_user .= "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . "

To:

Code: Select all

$pm_sql_user = "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . "
This has already been fixed in v2.0.8a

~Mac
madnessmotors
Registered User
Posts: 269
Joined: Sun Aug 17, 2003 7:33 pm
Contact:

Post by madnessmotors »

BlueRook wrote: New question. The following code in admin/config_board.php

Code: Select all

		$default_config[$config_name] = str_replace("'", "\'", $config_value);

replaces ' with \' and every time you update your configuration it adds a new \. For example in the site description I have a "it's" but it keeps adding a \ every time so that I ended up with it\\\'s.

I ended up just using the the ASCII code but that only worked for the first time since it translates that to a '.

What would be the best way around this other than not using an apostrophe there, or I would gues, in any text field in the board configuration.
I believe this maybe some what related to my problem. Only I can't use apostrophes in posts.
nei.ch
Registered User
Posts: 21
Joined: Thu Aug 08, 2002 6:00 pm

Post by nei.ch »

The bbcode correction for the img tag is still incorrect.
I created a sourceforge.net bug request:
990269 BBCode img Parser Bug

copy'n'paste from sourceforge:

The BBCode parser for [img doesn't recognize correct
URLs as image URLs.
The problem is that the regular expression in the
bbcode.php only accepts URLs that end with and image
extension (.jpg, .bmp, .gif, ...).
But more and more websites use uncommon image URLs,
sometimes they hide an image through a website and the
website returns a valid image on a php/cgi request.

Example: Project G2 from gallery.menalto.com.
www.heise.de uses numbers as the filename of images,
i.e. http://www.heise.de/bilder/45844/0/0

So, actually, every URL is a valid image URL !
In version 2.0.9 acydburn corrected psotfx and uses
following code on line 283/284 of bbcode.php, but the
bbcode still lacks of the problem i mension here:
2.0.9 version:

Code: Select all

// [img]image_url_here[/img] code..
$text = preg_replace("#\[img\]((http|ftp|https|ftps)://)([^ \?&=\#\"\n\r\t<]*?(\.(jpg|jpeg|gif|png)))\[/img\]#sie", "'[img:$uid]\\1' . str_replace(' ', '%20', '\\3') . '[/img:$uid]'", $text);
corrected version:

Code: Select all

// [img]image_url_here[/img] code..
$text = preg_replace("#\[img\]((http|ftp|https|ftps)://)([^ \"\n\r\t<]*?(|\.(jpg|jpeg|gif|png)))\[/img\]#sie", "'[img:$uid]\\1' . str_replace(' ', '%20', '\\3') . '[/img:$uid]'", $text);
Well, it's a dirty hack, but it works.
1. ?, &, =, # are all characters that may be part of a URL (php request and the like).
2. an image URL may or may not end with an image extension.
3. But you should accept every string in between the [img] tags as long as they start with [ht|f]tp[|s]://


edit: same applies for usercp_avater.php:
line 84:

Code: Select all

if ( !preg_match("#^((ht|f)tp://)([^ \?&=\#\"\n\r\t<]*?(\.(jpg|jpeg|gif|png))$)#is", $avatar_filename) )
covers the same bug.

wouldn't it be worth a helper function to validate all URLs instead of using everywhere different regular expressions? very nasty.
kober
Registered User
Posts: 3
Joined: Tue Jul 13, 2004 4:43 pm
Contact:

Post by kober »

I didn`t know where to post it so i will do it here :)

I found that something is wrong with [qoute="username"] when we are using only [quote]text[/quote] it is ok but when we try to use [quote="username"]text[/quote] it is printed like a normal text as if the bbcode was off

can anybody fix it ;) it started to be so when I instaled the 2.0.9, previous was 2.0.8
Post Reply

Return to “[2.0.x] MOD Database Releases”