fluxbb-1.5.4 to fluxbb-1.5.6

fluxbb-1.5.4 to fluxbb-1.5.6	Legend
	Lines removed
	Lines changed
		Lines added

a/admin_bans.php	b/admin_bans.php
30: {	30: {
31: $user_id = intval($_GET['add_ban']);	31: $user_id = intval($_GET['add_ban']);
32: if ($user_id < 2)	32: if ($user_id < 2)
33: message($lang_common['Bad request']);	33: message($lang_common['Bad request'], false, '404 Not Found');
34:	34:
35: $result = $db->query('SELECT group_id, username, email FROM '.$db->prefix.'users WHERE id='.$user_id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());	35: $result = $db->query('SELECT group_id, username, email FROM '.$db->prefix.'users WHERE id='.$user_id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
36: if ($db->num_rows($result))	36: if ($db->num_rows($result))
84: {	84: {
85: $ban_id = intval($_GET['edit_ban']);	85: $ban_id = intval($_GET['edit_ban']);
86: if ($ban_id < 1)	86: if ($ban_id < 1)
87: message($lang_common['Bad request']);	87: message($lang_common['Bad request'], false, '404 Not Found');
88:	88:
89: $result = $db->query('SELECT username, ip, email, message, expire FROM '.$db->prefix.'bans WHERE id='.$ban_id) or error('Unable to fetch ban info', __FILE__, __LINE__, $db->error());	89: $result = $db->query('SELECT username, ip, email, message, expire FROM '.$db->prefix.'bans WHERE id='.$ban_id) or error('Unable to fetch ban info', __FILE__, __LINE__, $db->error());
90: if ($db->num_rows($result))	90: if ($db->num_rows($result))
91: list($ban_user, $ban_ip, $ban_email, $ban_message, $ban_expire) = $db->fetch_row($result);	91: list($ban_user, $ban_ip, $ban_email, $ban_message, $ban_expire) = $db->fetch_row($result);
92: else	92: else
93: message($lang_common['Bad request']);	93: message($lang_common['Bad request'], false, '404 Not Found');
94:	94:
95: $diff = ($pun_user['timezone'] + $pun_user['dst']) * 3600;	95: $diff = ($pun_user['timezone'] + $pun_user['dst']) * 3600;
96: $ban_expire = ($ban_expire != '') ? gmdate('Y-m-d', $ban_expire + $diff) : '';	96: $ban_expire = ($ban_expire != '') ? gmdate('Y-m-d', $ban_expire + $diff) : '';
116: <?php endif; ?> <fieldset>	116: <?php endif; ?> <fieldset>
117: <legend><?php echo $lang_admin_bans['Ban advanced subhead'] ?></legend>	117: <legend><?php echo $lang_admin_bans['Ban advanced subhead'] ?></legend>
118: <div class="infldset">	118: <div class="infldset">
119: <table class="aligntop" cellspacing="0">	119: <table class="aligntop">
120: <tr>	120: <tr>
121: <th scope="row"><?php echo $lang_admin_bans['Username label'] ?></th>	121: <th scope="row"><?php echo $lang_admin_bans['Username label'] ?></th>
122: <td>	122: <td>
147: <fieldset>	147: <fieldset>
148: <legend><?php echo $lang_admin_bans['Message expiry subhead'] ?></legend>	148: <legend><?php echo $lang_admin_bans['Message expiry subhead'] ?></legend>
149: <div class="infldset">	149: <div class="infldset">
150: <table class="aligntop" cellspacing="0">	150: <table class="aligntop">
151: <tr>	151: <tr>
152: <th scope="row"><?php echo $lang_admin_bans['Ban message label'] ?></th>	152: <th scope="row"><?php echo $lang_admin_bans['Ban message label'] ?></th>
153: <td>	153: <td>
308:	308:
309: $ban_id = intval($_GET['del_ban']);	309: $ban_id = intval($_GET['del_ban']);
310: if ($ban_id < 1)	310: if ($ban_id < 1)
311: message($lang_common['Bad request']);	311: message($lang_common['Bad request'], false, '404 Not Found');
312:	312:
313: $db->query('DELETE FROM '.$db->prefix.'bans WHERE id='.$ban_id) or error('Unable to delete ban', __FILE__, __LINE__, $db->error());	313: $db->query('DELETE FROM '.$db->prefix.'bans WHERE id='.$ban_id) or error('Unable to delete ban', __FILE__, __LINE__, $db->error());
314:	314:
407: <h2><span><?php echo $lang_admin_bans['Results head'] ?></span></h2>	407: <h2><span><?php echo $lang_admin_bans['Results head'] ?></span></h2>
408: <div class="box">	408: <div class="box">
409: <div class="inbox">	409: <div class="inbox">
410: <table cellspacing="0">	410: <table>
411: <thead>	411: <thead>
412: <tr>	412: <tr>
413: <th class="tcl" scope="col"><?php echo $lang_admin_bans['Results username head'] ?></th>	413: <th class="tcl" scope="col"><?php echo $lang_admin_bans['Results username head'] ?></th>
489: <fieldset>	489: <fieldset>
490: <legend><?php echo $lang_admin_bans['Add ban subhead'] ?></legend>	490: <legend><?php echo $lang_admin_bans['Add ban subhead'] ?></legend>
491: <div class="infldset">	491: <div class="infldset">
492: <table class="aligntop" cellspacing="0">	492: <table class="aligntop">
493: <tr>	493: <tr>
494: <th scope="row"><?php echo $lang_admin_bans['Username label'] ?><div><input type="submit" name="add_ban" value="<?php echo $lang_admin_common['Add'] ?>" tabindex="2" /></div></th>	494: <th scope="row"><?php echo $lang_admin_bans['Username label'] ?><div><input type="submit" name="add_ban" value="<?php echo $lang_admin_common['Add'] ?>" tabindex="2" /></div></th>
495: <td>	495: <td>
513: <legend><?php echo $lang_admin_bans['Ban search subhead'] ?></legend>	513: <legend><?php echo $lang_admin_bans['Ban search subhead'] ?></legend>
514: <div class="infldset">	514: <div class="infldset">
515: <p><?php echo $lang_admin_bans['Ban search info'] ?></p>	515: <p><?php echo $lang_admin_bans['Ban search info'] ?></p>
516: <table class="aligntop" cellspacing="0">	516: <table class="aligntop">
517: <tr>	517: <tr>
518: <th scope="row"><?php echo $lang_admin_bans['Username label'] ?></th>	518: <th scope="row"><?php echo $lang_admin_bans['Username label'] ?></th>
519: <td><input type="text" name="form[username]" size="25" maxlength="25" tabindex="4" /></td>	519: <td><input type="text" name="form[username]" size="25" maxlength="25" tabindex="4" /></td>

a/admin_categories.php	b/admin_categories.php
41:	41:
42: $cat_to_delete = intval($_POST['cat_to_delete']);	42: $cat_to_delete = intval($_POST['cat_to_delete']);
43: if ($cat_to_delete < 1)	43: if ($cat_to_delete < 1)
44: message($lang_common['Bad request']);	44: message($lang_common['Bad request'], false, '404 Not Found');
45:	45:
46: if (isset($_POST['del_cat_comply'])) // Delete a category with all forums and posts	46: if (isset($_POST['del_cat_comply'])) // Delete a category with all forums and posts
47: {	47: {
128:	128:
129: $categories = $_POST['cat'];	129: $categories = $_POST['cat'];
130: if (empty($categories))	130: if (empty($categories))
131: message($lang_common['Bad request']);	131: message($lang_common['Bad request'], false, '404 Not Found');
132:	132:
133: foreach ($categories as $cat_id => $cur_cat)	133: foreach ($categories as $cat_id => $cur_cat)
134: {	134: {
175: <fieldset>	175: <fieldset>
176: <legend><?php echo $lang_admin_categories['Add categories subhead'] ?></legend>	176: <legend><?php echo $lang_admin_categories['Add categories subhead'] ?></legend>
177: <div class="infldset">	177: <div class="infldset">
178: <table class="aligntop" cellspacing="0">	178: <table class="aligntop">
179: <tr>	179: <tr>
180: <th scope="row"><?php echo $lang_admin_categories['Add category label'] ?><div><input type="submit" name="add_cat" value="<?php echo $lang_admin_categories['Add new submit'] ?>" tabindex="2" /></div></th>	180: <th scope="row"><?php echo $lang_admin_categories['Add category label'] ?><div><input type="submit" name="add_cat" value="<?php echo $lang_admin_categories['Add new submit'] ?>" tabindex="2" /></div></th>
181: <td>	181: <td>
197: <fieldset>	197: <fieldset>
198: <legend><?php echo $lang_admin_categories['Delete categories subhead'] ?></legend>	198: <legend><?php echo $lang_admin_categories['Delete categories subhead'] ?></legend>
199: <div class="infldset">	199: <div class="infldset">
200: <table class="aligntop" cellspacing="0">	200: <table class="aligntop">
201: <tr>	201: <tr>
202: <th scope="row"><?php echo $lang_admin_categories['Delete category label'] ?><div><input type="submit" name="del_cat" value="<?php echo $lang_admin_common['Delete'] ?>" tabindex="4" /></div></th>	202: <th scope="row"><?php echo $lang_admin_categories['Delete category label'] ?><div><input type="submit" name="del_cat" value="<?php echo $lang_admin_common['Delete'] ?>" tabindex="4" /></div></th>
203: <td>	203: <td>
227: <fieldset>	227: <fieldset>
228: <legend><?php echo $lang_admin_categories['Edit categories subhead'] ?></legend>	228: <legend><?php echo $lang_admin_categories['Edit categories subhead'] ?></legend>
229: <div class="infldset">	229: <div class="infldset">
230: <table id="categoryedit" cellspacing="0" >	230: <table id="categoryedit">
231: <thead>	231: <thead>
232: <tr>	232: <tr>
233: <th class="tcl" scope="col"><?php echo $lang_admin_categories['Category name label'] ?></th>	233: <th class="tcl" scope="col"><?php echo $lang_admin_categories['Category name label'] ?></th>

a/admin_censoring.php	b/admin_censoring.php
101: <legend><?php echo $lang_admin_censoring['Add word subhead'] ?></legend>	101: <legend><?php echo $lang_admin_censoring['Add word subhead'] ?></legend>
102: <div class="infldset">	102: <div class="infldset">
103: <p><?php echo $lang_admin_censoring['Add word info'].' '.($pun_config['o_censoring'] == '1' ? sprintf($lang_admin_censoring['Censoring enabled'], '<a href="admin_options.php#censoring">'.$lang_admin_common['Options'].'</a>') : sprintf($lang_admin_censoring['Censoring disabled'], '<a href="admin_options.php#censoring">'.$lang_admin_common['Options'].'</a>')) ?></p>	103: <p><?php echo $lang_admin_censoring['Add word info'].' '.($pun_config['o_censoring'] == '1' ? sprintf($lang_admin_censoring['Censoring enabled'], '<a href="admin_options.php#censoring">'.$lang_admin_common['Options'].'</a>') : sprintf($lang_admin_censoring['Censoring disabled'], '<a href="admin_options.php#censoring">'.$lang_admin_common['Options'].'</a>')) ?></p>
104: <table cellspacing="0">	104: <table>
105: <thead>	105: <thead>
106: <tr>	106: <tr>
107: <th class="tcl" scope="col"><?php echo $lang_admin_censoring['Censored word label'] ?></th>	107: <th class="tcl" scope="col"><?php echo $lang_admin_censoring['Censored word label'] ?></th>
131: {	131: {
132:	132:
133: ?>	133: ?>
134: <table cellspacing="0" >	134: <table>
135: <thead>	135: <thead>
136: <tr>	136: <tr>
137: <th class="tcl" scope="col"><?php echo $lang_admin_censoring['Censored word label'] ?></th>	137: <th class="tcl" scope="col"><?php echo $lang_admin_censoring['Censored word label'] ?></th>

a/admin_forums.php	b/admin_forums.php
27:	27:
28: $add_to_cat = intval($_POST['add_to_cat']);	28: $add_to_cat = intval($_POST['add_to_cat']);
29: if ($add_to_cat < 1)	29: if ($add_to_cat < 1)
30: message($lang_common['Bad request']);	30: message($lang_common['Bad request'], false, '404 Not Found');
31:	31:
32: $db->query('INSERT INTO '.$db->prefix.'forums (forum_name, cat_id) VALUES(\''.$db->escape($lang_admin_forums['New forum']).'\', '.$add_to_cat.')') or error('Unable to create forum', __FILE__, __LINE__, $db->error());	32: $db->query('INSERT INTO '.$db->prefix.'forums (forum_name, cat_id) VALUES(\''.$db->escape($lang_admin_forums['New forum']).'\', '.$add_to_cat.')') or error('Unable to create forum', __FILE__, __LINE__, $db->error());
33:	33:
47:	47:
48: $forum_id = intval($_GET['del_forum']);	48: $forum_id = intval($_GET['del_forum']);
49: if ($forum_id < 1)	49: if ($forum_id < 1)
50: message($lang_common['Bad request']);	50: message($lang_common['Bad request'], false, '404 Not Found');
51:	51:
52: if (isset($_POST['del_forum_comply'])) // Delete a forum with all posts	52: if (isset($_POST['del_forum_comply'])) // Delete a forum with all posts
53: {	53: {
147: {	147: {
148: $forum_id = intval($_GET['edit_forum']);	148: $forum_id = intval($_GET['edit_forum']);
149: if ($forum_id < 1)	149: if ($forum_id < 1)
150: message($lang_common['Bad request']);	150: message($lang_common['Bad request'], false, '404 Not Found');
151:	151:
152: // Update group permissions for $forum_id	152: // Update group permissions for $forum_id
153: if (isset($_POST['save']))	153: if (isset($_POST['save']))
165: message($lang_admin_forums['Must enter name message']);	165: message($lang_admin_forums['Must enter name message']);
166:	166:
167: if ($cat_id < 1)	167: if ($cat_id < 1)
168: message($lang_common['Bad request']);	168: message($lang_common['Bad request'], false, '404 Not Found');
169:	169:
170: $forum_desc = ($forum_desc != '') ? '\''.$db->escape($forum_desc).'\'' : 'NULL';	170: $forum_desc = ($forum_desc != '') ? '\''.$db->escape($forum_desc).'\'' : 'NULL';
171: $redirect_url = ($redirect_url != '') ? '\''.$db->escape($redirect_url).'\'' : 'NULL';	171: $redirect_url = ($redirect_url != '') ? '\''.$db->escape($redirect_url).'\'' : 'NULL';
225: // Fetch forum info	225: // Fetch forum info
226: $result = $db->query('SELECT id, forum_name, forum_desc, redirect_url, num_topics, sort_by, cat_id FROM '.$db->prefix.'forums WHERE id='.$forum_id) or error('Unable to fetch forum info', __FILE__, __LINE__, $db->error());	226: $result = $db->query('SELECT id, forum_name, forum_desc, redirect_url, num_topics, sort_by, cat_id FROM '.$db->prefix.'forums WHERE id='.$forum_id) or error('Unable to fetch forum info', __FILE__, __LINE__, $db->error());
227: if (!$db->num_rows($result))	227: if (!$db->num_rows($result))
228: message($lang_common['Bad request']);	228: message($lang_common['Bad request'], false, '404 Not Found');
229:	229:
230: $cur_forum = $db->fetch_assoc($result);	230: $cur_forum = $db->fetch_assoc($result);
231:	231:
245: <fieldset>	245: <fieldset>
246: <legend><?php echo $lang_admin_forums['Edit details subhead'] ?></legend>	246: <legend><?php echo $lang_admin_forums['Edit details subhead'] ?></legend>
247: <div class="infldset">	247: <div class="infldset">
248: <table class="aligntop" cellspacing="0">	248: <table class="aligntop">
249: <tr>	249: <tr>
250: <th scope="row"><?php echo $lang_admin_forums['Forum name label'] ?></th>	250: <th scope="row"><?php echo $lang_admin_forums['Forum name label'] ?></th>
251: <td><input type="text" name="forum_name" size="35" maxlength="80" value="<?php echo pun_htmlspecialchars($cur_forum['forum_name']) ?>" tabindex="1" /></td>	251: <td><input type="text" name="forum_name" size="35" maxlength="80" value="<?php echo pun_htmlspecialchars($cur_forum['forum_name']) ?>" tabindex="1" /></td>
294: <legend><?php echo $lang_admin_forums['Group permissions subhead'] ?></legend>	294: <legend><?php echo $lang_admin_forums['Group permissions subhead'] ?></legend>
295: <div class="infldset">	295: <div class="infldset">
296: <p><?php printf($lang_admin_forums['Group permissions info'], '<a href="admin_groups.php">'.$lang_admin_common['User groups'].'</a>') ?></p>	296: <p><?php printf($lang_admin_forums['Group permissions info'], '<a href="admin_groups.php">'.$lang_admin_common['User groups'].'</a>') ?></p>
297: <table id="forumperms" cellspacing="0">	297: <table id="forumperms">
298: <thead>	298: <thead>
299: <tr>	299: <tr>
300: <th class="atcl"> </th>	300: <th class="atcl"> </th>
371: <h2><span><?php echo $lang_admin_forums['Add forum head'] ?></span></h2>	371: <h2><span><?php echo $lang_admin_forums['Add forum head'] ?></span></h2>
372: <div class="box">	372: <div class="box">
373: <form method="post" action="admin_forums.php?action=adddel">	373: <form method="post" action="admin_forums.php?action=adddel">
	374: <?php
	375:
	376: $result = $db->query('SELECT id, cat_name FROM '.$db->prefix.'categories ORDER BY disp_position') or error('Unable to fetch category list', __FILE__, __LINE__, $db->error());
	377:
	378: if ($db->num_rows($result) > 0)
	379: {
	380:
	381: ?>
374: <div class="inform">	382: <div class="inform">
375: <fieldset>	383: <fieldset>
376: <legend><?php echo $lang_admin_forums['Create new subhead'] ?></legend>	384: <legend><?php echo $lang_admin_forums['Create new subhead'] ?></legend>
377: <div class="infldset">	385: <div class="infldset">
378: <table class="aligntop" cellspacing="0">	386: <table class="aligntop">
379: <tr>	387: <tr>
380: <th scope="row"><?php echo $lang_admin_forums['Add forum label'] ?><div><input type="submit" name="add_forum" value="<?php echo $lang_admin_forums['Add forum'] ?>" tabindex="2" /></div></th>	388: <th scope="row"><?php echo $lang_admin_forums['Add forum label'] ?><div><input type="submit" name="add_forum" value="<?php echo $lang_admin_forums['Add forum'] ?>" tabindex="2" /></div></th>
381: <td>	389: <td>
382: <select name="add_to_cat" tabindex="1">	390: <select name="add_to_cat" tabindex="1">
383: <?php	391: <?php
384:	392:
385: $result = $db->query('SELECT id, cat_name FROM '.$db->prefix.'categories ORDER BY disp_position') or error('Unable to fetch category list', __FILE__, __LINE__, $db->error());	393: while ($cur_cat = $db->fetch_assoc($result))
386: if ($db->num_rows($result) > 0)	394: echo "\t\t\t\t\t\t\t\t\t\t\t".'<option value="'.$cur_cat['id'].'">'.pun_htmlspecialchars($cur_cat['cat_name']).'</option>'."\n";
387: {
388: while ($cur_cat = $db->fetch_assoc($result))
389: echo "\t\t\t\t\t\t\t\t\t\t\t".'<option value="'.$cur_cat['id'].'">'.pun_htmlspecialchars($cur_cat['cat_name']).'</option>'."\n";
390: }
391: else
392: echo "\t\t\t\t\t\t\t\t\t\t\t".'<option value="0" disabled="disabled">'.$lang_admin_forums['No categories exist'].'</option>'."\n";
393:	395:
394: ?>	396: ?>
395: </select>	397: </select>
400: </div>	402: </div>
401: </fieldset>	403: </fieldset>
402: </div>	404: </div>
	405: <?php
	406:
	407: }
	408: else
	409: {
	410:
	411: ?>
	412: <div class="inform">
	413: <fieldset>
	414: <legend><?php echo $lang_admin_common['None'] ?></legend>
	415: <div class="infldset">
	416: <p><?php echo $lang_admin_forums['No categories exist'] ?></p>
	417: </div>
	418: </fieldset>
	419: </div>
	420: <?php
	421:
	422: }
	423:
	424: ?>
403: </form>	425: </form>
404: </div>	426: </div>
405: <?php	427: <?php
432: <fieldset>	454: <fieldset>
433: <legend><?php echo $lang_admin_forums['Category subhead'] ?> <?php echo pun_htmlspecialchars($cur_forum['cat_name']) ?></legend>	455: <legend><?php echo $lang_admin_forums['Category subhead'] ?> <?php echo pun_htmlspecialchars($cur_forum['cat_name']) ?></legend>
434: <div class="infldset">	456: <div class="infldset">
435: <table cellspacing="0">	457: <table>
436: <thead>	458: <thead>
437: <tr>	459: <tr>
438: <th class="tcl"><?php echo $lang_admin_common['Action'] ?></th>	460: <th class="tcl"><?php echo $lang_admin_common['Action'] ?></th>

a/admin_groups.php	b/admin_groups.php
41: {	41: {
42: $group_id = intval($_GET['edit_group']);	42: $group_id = intval($_GET['edit_group']);
43: if ($group_id < 1 \|\| !isset($groups[$group_id]))	43: if ($group_id < 1 \|\| !isset($groups[$group_id]))
44: message($lang_common['Bad request']);	44: message($lang_common['Bad request'], false, '404 Not Found');
45:	45:
46: $group = $groups[$group_id];	46: $group = $groups[$group_id];
47:	47:
71: <legend><?php echo $lang_admin_groups['Group settings subhead'] ?></legend>	71: <legend><?php echo $lang_admin_groups['Group settings subhead'] ?></legend>
72: <div class="infldset">	72: <div class="infldset">
73: <p><?php echo $lang_admin_groups['Group settings info'] ?></p>	73: <p><?php echo $lang_admin_groups['Group settings info'] ?></p>
74: <table class="aligntop" cellspacing="0">	74: <table class="aligntop">
75: <tr>	75: <tr>
76: <th scope="row"><?php echo $lang_admin_groups['Group title label'] ?></th>	76: <th scope="row"><?php echo $lang_admin_groups['Group title label'] ?></th>
77: <td>	77: <td>
383:	383:
384: // Make sure it's not the admin or guest groups	384: // Make sure it's not the admin or guest groups
385: if ($group_id == PUN_ADMIN \|\| $group_id == PUN_GUEST)	385: if ($group_id == PUN_ADMIN \|\| $group_id == PUN_GUEST)
386: message($lang_common['Bad request']);	386: message($lang_common['Bad request'], false, '404 Not Found');
387:	387:
388: // Make sure it's not a moderator group	388: // Make sure it's not a moderator group
389: if ($groups[$group_id]['g_moderator'] != 0)	389: if ($groups[$group_id]['g_moderator'] != 0)
390: message($lang_common['Bad request']);	390: message($lang_common['Bad request'], false, '404 Not Found');
391:	391:
392: $db->query('UPDATE '.$db->prefix.'config SET conf_value='.$group_id.' WHERE conf_name=\'o_default_user_group\'') or error('Unable to update board config', __FILE__, __LINE__, $db->error());	392: $db->query('UPDATE '.$db->prefix.'config SET conf_value='.$group_id.' WHERE conf_name=\'o_default_user_group\'') or error('Unable to update board config', __FILE__, __LINE__, $db->error());
393:	393:
408:	408:
409: $group_id = isset($_POST['group_to_delete']) ? intval($_POST['group_to_delete']) : intval($_GET['del_group']);	409: $group_id = isset($_POST['group_to_delete']) ? intval($_POST['group_to_delete']) : intval($_GET['del_group']);
410: if ($group_id < 5)	410: if ($group_id < 5)
411: message($lang_common['Bad request']);	411: message($lang_common['Bad request'], false, '404 Not Found');
412:	412:
413: // Make sure we don't remove the default group	413: // Make sure we don't remove the default group
414: if ($group_id == $pun_config['o_default_user_group'])	414: if ($group_id == $pun_config['o_default_user_group'])
540: <fieldset>	540: <fieldset>
541: <legend><?php echo $lang_admin_groups['Add group subhead'] ?></legend>	541: <legend><?php echo $lang_admin_groups['Add group subhead'] ?></legend>
542: <div class="infldset">	542: <div class="infldset">
543: <table class="aligntop" cellspacing="0">	543: <table class="aligntop">
544: <tr>	544: <tr>
545: <th scope="row"><?php echo $lang_admin_groups['New group label'] ?><div><input type="submit" name="add_group" value="<?php echo $lang_admin_common['Add'] ?>" tabindex="2" /></div></th>	545: <th scope="row"><?php echo $lang_admin_groups['New group label'] ?><div><input type="submit" name="add_group" value="<?php echo $lang_admin_common['Add'] ?>" tabindex="2" /></div></th>
546: <td>	546: <td>
571: <fieldset>	571: <fieldset>
572: <legend><?php echo $lang_admin_groups['Default group subhead'] ?></legend>	572: <legend><?php echo $lang_admin_groups['Default group subhead'] ?></legend>
573: <div class="infldset">	573: <div class="infldset">
574: <table class="aligntop" cellspacing="0">	574: <table class="aligntop">
575: <tr>	575: <tr>
576: <th scope="row"><?php echo $lang_admin_groups['Default group label'] ?><div><input type="submit" name="set_default_group" value="<?php echo $lang_admin_common['Save'] ?>" tabindex="4" /></div></th>	576: <th scope="row"><?php echo $lang_admin_groups['Default group label'] ?><div><input type="submit" name="set_default_group" value="<?php echo $lang_admin_common['Save'] ?>" tabindex="4" /></div></th>
577: <td>	577: <td>
609: <legend><?php echo $lang_admin_groups['Edit groups subhead'] ?></legend>	609: <legend><?php echo $lang_admin_groups['Edit groups subhead'] ?></legend>
610: <div class="infldset">	610: <div class="infldset">
611: <p><?php echo $lang_admin_groups['Edit groups info'] ?></p>	611: <p><?php echo $lang_admin_groups['Edit groups info'] ?></p>
612: <table cellspacing="0">	612: <table>
613: <?php	613: <?php
614:	614:
615: $cur_index = 5;	615: $cur_index = 5;

a/admin_loader.php	b/admin_loader.php
20: // The plugin to load should be supplied via GET	20: // The plugin to load should be supplied via GET
21: $plugin = isset($_GET['plugin']) ? $_GET['plugin'] : '';	21: $plugin = isset($_GET['plugin']) ? $_GET['plugin'] : '';
22: if (!preg_match('%^AM?P_(\w*?)\.php$%i', $plugin))	22: if (!preg_match('%^AM?P_(\w*?)\.php$%i', $plugin))
23: message($lang_common['Bad request']);	23: message($lang_common['Bad request'], false, '404 Not Found');
24:	24:
25: // AP_ == Admins only, AMP_ == admins and moderators	25: // AP_ == Admins only, AMP_ == admins and moderators
26: $prefix = substr($plugin, 0, strpos($plugin, '_'));	26: $prefix = substr($plugin, 0, strpos($plugin, '_'));
35: if (!isset($_SERVER['REQUEST_URI']))	35: if (!isset($_SERVER['REQUEST_URI']))
36: $_SERVER['REQUEST_URI'] = (isset($_SERVER['PHP_SELF']) ? $_SERVER['PHP_SELF'] : '').'?'.(isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '');	36: $_SERVER['REQUEST_URI'] = (isset($_SERVER['PHP_SELF']) ? $_SERVER['PHP_SELF'] : '').'?'.(isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '');
37:	37:
38: $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_common['Admin'], str_replace('_', ' ', substr($plugin, strpos($plugin, '_') + 1, -4)));	38: $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_admin_common['Admin'], str_replace('_', ' ', substr($plugin, strpos($plugin, '_') + 1, -4)));
39: define('PUN_ACTIVE_PAGE', 'admin');	39: define('PUN_ACTIVE_PAGE', 'admin');
40: require PUN_ROOT.'header.php';	40: require PUN_ROOT.'header.php';
41:	41:

a/admin_maintenance.php	b/admin_maintenance.php
262: <legend><?php echo $lang_admin_maintenance['Rebuild index subhead'] ?></legend>	262: <legend><?php echo $lang_admin_maintenance['Rebuild index subhead'] ?></legend>
263: <div class="infldset">	263: <div class="infldset">
264: <p><?php printf($lang_admin_maintenance['Rebuild index info'], '<a href="admin_options.php#maintenance">'.$lang_admin_common['Maintenance mode'].'</a>') ?></p>	264: <p><?php printf($lang_admin_maintenance['Rebuild index info'], '<a href="admin_options.php#maintenance">'.$lang_admin_common['Maintenance mode'].'</a>') ?></p>
265: <table class="aligntop" cellspacing="0">	265: <table class="aligntop">
266: <tr>	266: <tr>
267: <th scope="row"><?php echo $lang_admin_maintenance['Posts per cycle label'] ?></th>	267: <th scope="row"><?php echo $lang_admin_maintenance['Posts per cycle label'] ?></th>
268: <td>	268: <td>
297: <fieldset>	297: <fieldset>
298: <legend><?php echo $lang_admin_maintenance['Prune subhead'] ?></legend>	298: <legend><?php echo $lang_admin_maintenance['Prune subhead'] ?></legend>
299: <div class="infldset">	299: <div class="infldset">
300: <table class="aligntop" cellspacing="0">	300: <table class="aligntop">
301: <tr>	301: <tr>
302: <th scope="row"><?php echo $lang_admin_maintenance['Days old label'] ?></th>	302: <th scope="row"><?php echo $lang_admin_maintenance['Days old label'] ?></th>
303: <td>	303: <td>

a/admin_options.php	b/admin_options.php
104:	104:
105: $languages = forum_list_langs();	105: $languages = forum_list_langs();
106: if (!in_array($form['default_lang'], $languages))	106: if (!in_array($form['default_lang'], $languages))
107: message($lang_common['Bad request']);	107: message($lang_common['Bad request'], false, '404 Not Found');
108:	108:
109: $styles = forum_list_styles();	109: $styles = forum_list_styles();
110: if (!in_array($form['default_style'], $styles))	110: if (!in_array($form['default_style'], $styles))
111: message($lang_common['Bad request']);	111: message($lang_common['Bad request'], false, '404 Not Found');
112:	112:
113: if ($form['time_format'] == '')	113: if ($form['time_format'] == '')
114: $form['time_format'] = 'H:i:s';	114: $form['time_format'] = 'H:i:s';
183: $form['disp_posts_default'] = 75;	183: $form['disp_posts_default'] = 75;
184:	184:
185: if ($form['feed_type'] < 0 \|\| $form['feed_type'] > 2)	185: if ($form['feed_type'] < 0 \|\| $form['feed_type'] > 2)
186: message($lang_common['Bad request']);	186: message($lang_common['Bad request'], false, '404 Not Found');
187:	187:
188: if ($form['feed_ttl'] < 0)	188: if ($form['feed_ttl'] < 0)
189: message($lang_common['Bad request']);	189: message($lang_common['Bad request'], false, '404 Not Found');
190:	190:
191: if ($form['report_method'] < 0 \|\| $form['report_method'] > 2)	191: if ($form['report_method'] < 0 \|\| $form['report_method'] > 2)
192: message($lang_common['Bad request']);	192: message($lang_common['Bad request'], false, '404 Not Found');
193:	193:
194: if ($form['default_email_setting'] < 0 \|\| $form['default_email_setting'] > 2)	194: if ($form['default_email_setting'] < 0 \|\| $form['default_email_setting'] > 2)
195: message($lang_common['Bad request']);	195: message($lang_common['Bad request'], false, '404 Not Found');
196:	196:
197: if ($form['timeout_online'] >= $form['timeout_visit'])	197: if ($form['timeout_online'] >= $form['timeout_visit'])
198: message($lang_admin_options['Timeout error message']);	198: message($lang_admin_options['Timeout error message']);
238: <fieldset>	238: <fieldset>
239: <legend><?php echo $lang_admin_options['Essentials subhead'] ?></legend>	239: <legend><?php echo $lang_admin_options['Essentials subhead'] ?></legend>
240: <div class="infldset">	240: <div class="infldset">
241: <table class="aligntop" cellspacing="0">	241: <table class="aligntop">
242: <tr>	242: <tr>
243: <th scope="row"><?php echo $lang_admin_options['Board title label'] ?></th>	243: <th scope="row"><?php echo $lang_admin_options['Board title label'] ?></th>
244: <td>	244: <td>
372: <fieldset>	372: <fieldset>
373: <legend><?php echo $lang_admin_options['Timeouts subhead'] ?></legend>	373: <legend><?php echo $lang_admin_options['Timeouts subhead'] ?></legend>
374: <div class="infldset">	374: <div class="infldset">
375: <table class="aligntop" cellspacing="0">	375: <table class="aligntop">
376: <tr>	376: <tr>
377: <th scope="row"><?php echo $lang_admin_options['Time format label'] ?></th>	377: <th scope="row"><?php echo $lang_admin_options['Time format label'] ?></th>
378: <td>	378: <td>
416: <fieldset>	416: <fieldset>
417: <legend><?php echo $lang_admin_options['Display subhead'] ?></legend>	417: <legend><?php echo $lang_admin_options['Display subhead'] ?></legend>
418: <div class="infldset">	418: <div class="infldset">
419: <table class="aligntop" cellspacing="0">	419: <table class="aligntop">
420: <tr>	420: <tr>
421: <th scope="row"><?php echo $lang_admin_options['Version number label'] ?></th>	421: <th scope="row"><?php echo $lang_admin_options['Version number label'] ?></th>
422: <td>	422: <td>
508: <fieldset>	508: <fieldset>
509: <legend><?php echo $lang_admin_options['Features subhead'] ?></legend>	509: <legend><?php echo $lang_admin_options['Features subhead'] ?></legend>
510: <div class="infldset">	510: <div class="infldset">
511: <table class="aligntop" cellspacing="0">	511: <table class="aligntop">
512: <tr>	512: <tr>
513: <th scope="row"><?php echo $lang_admin_options['Quick post label'] ?></th>	513: <th scope="row"><?php echo $lang_admin_options['Quick post label'] ?></th>
514: <td>	514: <td>
596: <fieldset>	596: <fieldset>
597: <legend><?php echo $lang_admin_options['Feed subhead'] ?></legend>	597: <legend><?php echo $lang_admin_options['Feed subhead'] ?></legend>
598: <div class="infldset">	598: <div class="infldset">
599: <table class="aligntop" cellspacing="0">	599: <table class="aligntop">
600: <tr>	600: <tr>
601: <th scope="row"><?php echo $lang_admin_options['Default feed label'] ?></th>	601: <th scope="row"><?php echo $lang_admin_options['Default feed label'] ?></th>
602: <td>	602: <td>
631: <fieldset>	631: <fieldset>
632: <legend><?php echo $lang_admin_options['Reports subhead'] ?></legend>	632: <legend><?php echo $lang_admin_options['Reports subhead'] ?></legend>
633: <div class="infldset">	633: <div class="infldset">
634: <table class="aligntop" cellspacing="0">	634: <table class="aligntop">
635: <tr>	635: <tr>
636: <th scope="row"><?php echo $lang_admin_options['Reporting method label'] ?></th>	636: <th scope="row"><?php echo $lang_admin_options['Reporting method label'] ?></th>
637: <td>	637: <td>
656: <fieldset>	656: <fieldset>
657: <legend><?php echo $lang_admin_options['Avatars subhead'] ?></legend>	657: <legend><?php echo $lang_admin_options['Avatars subhead'] ?></legend>
658: <div class="infldset">	658: <div class="infldset">
659: <table class="aligntop" cellspacing="0">	659: <table class="aligntop">
660: <tr>	660: <tr>
661: <th scope="row"><?php echo $lang_admin_options['Use avatars label'] ?></th>	661: <th scope="row"><?php echo $lang_admin_options['Use avatars label'] ?></th>
662: <td>	662: <td>
701: <fieldset>	701: <fieldset>
702: <legend><?php echo $lang_admin_options['E-mail subhead'] ?></legend>	702: <legend><?php echo $lang_admin_options['E-mail subhead'] ?></legend>
703: <div class="infldset">	703: <div class="infldset">
704: <table class="aligntop" cellspacing="0">	704: <table class="aligntop">
705: <tr>	705: <tr>
706: <th scope="row"><?php echo $lang_admin_options['Admin e-mail label'] ?></th>	706: <th scope="row"><?php echo $lang_admin_options['Admin e-mail label'] ?></th>
707: <td>	707: <td>
772: <fieldset>	772: <fieldset>
773: <legend><?php echo $lang_admin_options['Registration subhead'] ?></legend>	773: <legend><?php echo $lang_admin_options['Registration subhead'] ?></legend>
774: <div class="infldset">	774: <div class="infldset">
775: <table class="aligntop" cellspacing="0">	775: <table class="aligntop">
776: <tr>	776: <tr>
777: <th scope="row"><?php echo $lang_admin_options['Allow new label'] ?></th>	777: <th scope="row"><?php echo $lang_admin_options['Allow new label'] ?></th>
778: <td>	778: <td>
829: <fieldset>	829: <fieldset>
830: <legend><?php echo $lang_admin_options['Announcement subhead'] ?></legend>	830: <legend><?php echo $lang_admin_options['Announcement subhead'] ?></legend>
831: <div class="infldset">	831: <div class="infldset">
832: <table class="aligntop" cellspacing="0">	832: <table class="aligntop">
833: <tr>	833: <tr>
834: <th scope="row"><?php echo $lang_admin_options['Display announcement label'] ?></th>	834: <th scope="row"><?php echo $lang_admin_options['Display announcement label'] ?></th>
835: <td>	835: <td>
853: <fieldset>	853: <fieldset>
854: <legend><?php echo $lang_admin_options['Maintenance subhead'] ?></legend>	854: <legend><?php echo $lang_admin_options['Maintenance subhead'] ?></legend>
855: <div class="infldset">	855: <div class="infldset">
856: <table class="aligntop" cellspacing="0">	856: <table class="aligntop">
857: <tr>	857: <tr>
858: <th scope="row"><a name="maintenance"></a><?php echo $lang_admin_options['Maintenance mode label'] ?></th>	858: <th scope="row"><a name="maintenance"></a><?php echo $lang_admin_options['Maintenance mode label'] ?></th>
859: <td>	859: <td>

a/admin_permissions.php	b/admin_permissions.php
63: <fieldset>	63: <fieldset>
64: <legend><?php echo $lang_admin_permissions['Posting subhead'] ?></legend>	64: <legend><?php echo $lang_admin_permissions['Posting subhead'] ?></legend>
65: <div class="infldset">	65: <div class="infldset">
66: <table class="aligntop" cellspacing="0">	66: <table class="aligntop">
67: <tr>	67: <tr>
68: <th scope="row"><?php echo $lang_admin_permissions['BBCode label'] ?></th>	68: <th scope="row"><?php echo $lang_admin_permissions['BBCode label'] ?></th>
69: <td>	69: <td>
112: <fieldset>	112: <fieldset>
113: <legend><?php echo $lang_admin_permissions['Signatures subhead'] ?></legend>	113: <legend><?php echo $lang_admin_permissions['Signatures subhead'] ?></legend>
114: <div class="infldset">	114: <div class="infldset">
115: <table class="aligntop" cellspacing="0">	115: <table class="aligntop">
116: <tr>	116: <tr>
117: <th scope="row"><?php echo $lang_admin_permissions['BBCode sigs label'] ?></th>	117: <th scope="row"><?php echo $lang_admin_permissions['BBCode sigs label'] ?></th>
118: <td>	118: <td>
159: <fieldset>	159: <fieldset>
160: <legend><?php echo $lang_admin_permissions['Registration subhead'] ?></legend>	160: <legend><?php echo $lang_admin_permissions['Registration subhead'] ?></legend>
161: <div class="infldset">	161: <div class="infldset">
162: <table class="aligntop" cellspacing="0">	162: <table class="aligntop">
163: <tr>	163: <tr>
164: <th scope="row"><?php echo $lang_admin_permissions['Banned e-mail label'] ?></th>	164: <th scope="row"><?php echo $lang_admin_permissions['Banned e-mail label'] ?></th>
165: <td>	165: <td>

a/admin_reports.php	b/admin_reports.php
76: <fieldset>	76: <fieldset>
77: <legend><?php printf($lang_admin_reports['Report subhead'], format_time($cur_report['created'])) ?></legend>	77: <legend><?php printf($lang_admin_reports['Report subhead'], format_time($cur_report['created'])) ?></legend>
78: <div class="infldset">	78: <div class="infldset">
79: <table class="aligntop" cellspacing="0">	79: <table class="aligntop">
80: <tr>	80: <tr>
81: <th scope="row"><?php printf($lang_admin_reports['Reported by'], $reporter) ?></th>	81: <th scope="row"><?php printf($lang_admin_reports['Reported by'], $reporter) ?></th>
82: <td class="location"><?php echo implode(' ', $report_location) ?></td>	82: <td class="location"><?php echo implode(' ', $report_location) ?></td>
140: <fieldset>	140: <fieldset>
141: <legend><?php printf($lang_admin_reports['Zapped subhead'], format_time($cur_report['zapped']), $zapped_by) ?></legend>	141: <legend><?php printf($lang_admin_reports['Zapped subhead'], format_time($cur_report['zapped']), $zapped_by) ?></legend>
142: <div class="infldset">	142: <div class="infldset">
143: <table class="aligntop" cellspacing="0">	143: <table class="aligntop">
144: <tr>	144: <tr>
145: <th scope="row"><?php printf($lang_admin_reports['Reported by'], $reporter) ?></th>	145: <th scope="row"><?php printf($lang_admin_reports['Reported by'], $reporter) ?></th>
146: <td class="location"><?php echo implode(' ', $report_location) ?></td>	146: <td class="location"><?php echo implode(' ', $report_location) ?></td>

a/admin_users.php	b/admin_users.php
25: {	25: {
26: $ip_stats = intval($_GET['ip_stats']);	26: $ip_stats = intval($_GET['ip_stats']);
27: if ($ip_stats < 1)	27: if ($ip_stats < 1)
28: message($lang_common['Bad request']);	28: message($lang_common['Bad request'], false, '404 Not Found');
29:	29:
30: // Fetch ip count	30: // Fetch ip count
31: $result = $db->query('SELECT poster_ip, MAX(posted) AS last_used FROM '.$db->prefix.'posts WHERE poster_id='.$ip_stats.' GROUP BY poster_ip') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());	31: $result = $db->query('SELECT poster_ip, MAX(posted) AS last_used FROM '.$db->prefix.'posts WHERE poster_id='.$ip_stats.' GROUP BY poster_ip') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
63: <h2><span><?php echo $lang_admin_users['Results head'] ?></span></h2>	63: <h2><span><?php echo $lang_admin_users['Results head'] ?></span></h2>
64: <div class="box">	64: <div class="box">
65: <div class="inbox">	65: <div class="inbox">
66: <table cellspacing="0">	66: <table>
67: <thead>	67: <thead>
68: <tr>	68: <tr>
69: <th class="tcl" scope="col"><?php echo $lang_admin_users['Results IP address head'] ?></th>	69: <th class="tcl" scope="col"><?php echo $lang_admin_users['Results IP address head'] ?></th>
164: <h2><span><?php echo $lang_admin_users['Results head'] ?></span></h2>	164: <h2><span><?php echo $lang_admin_users['Results head'] ?></span></h2>
165: <div class="box">	165: <div class="box">
166: <div class="inbox">	166: <div class="inbox">
167: <table cellspacing="0">	167: <table>
168: <thead>	168: <thead>
169: <tr>	169: <tr>
170: <th class="tcl" scope="col"><?php echo $lang_admin_users['Results username head'] ?></th>	170: <th class="tcl" scope="col"><?php echo $lang_admin_users['Results username head'] ?></th>
361: <fieldset>	361: <fieldset>
362: <legend><?php echo $lang_admin_users['Move users subhead'] ?></legend>	362: <legend><?php echo $lang_admin_users['Move users subhead'] ?></legend>
363: <div class="infldset">	363: <div class="infldset">
364: <table class="aligntop" cellspacing="0">	364: <table class="aligntop">
365: <tr>	365: <tr>
366: <th scope="row"><?php echo $lang_admin_users['New group label'] ?></th>	366: <th scope="row"><?php echo $lang_admin_users['New group label'] ?></th>
367: <td>	367: <td>
643: <fieldset>	643: <fieldset>
644: <legend><?php echo $lang_admin_users['Message expiry subhead'] ?></legend>	644: <legend><?php echo $lang_admin_users['Message expiry subhead'] ?></legend>
645: <div class="infldset">	645: <div class="infldset">
646: <table class="aligntop" cellspacing="0">	646: <table class="aligntop">
647: <tr>	647: <tr>
648: <th scope="row"><?php echo $lang_admin_users['Ban message label'] ?></th>	648: <th scope="row"><?php echo $lang_admin_users['Ban message label'] ?></th>
649: <td>	649: <td>
839: <h2><span><?php echo $lang_admin_users['Results head'] ?></span></h2>	839: <h2><span><?php echo $lang_admin_users['Results head'] ?></span></h2>
840: <div class="box">	840: <div class="box">
841: <div class="inbox">	841: <div class="inbox">
842: <table cellspacing="0">	842: <table>
843: <thead>	843: <thead>
844: <tr>	844: <tr>
845: <th class="tcl" scope="col"><?php echo $lang_admin_users['Results username head'] ?></th>	845: <th class="tcl" scope="col"><?php echo $lang_admin_users['Results username head'] ?></th>
935: <legend><?php echo $lang_admin_users['User search subhead'] ?></legend>	935: <legend><?php echo $lang_admin_users['User search subhead'] ?></legend>
936: <div class="infldset">	936: <div class="infldset">
937: <p><?php echo $lang_admin_users['User search info'] ?></p>	937: <p><?php echo $lang_admin_users['User search info'] ?></p>
938: <table class="aligntop" cellspacing="0">	938: <table class="aligntop">
939: <tr>	939: <tr>
940: <th scope="row"><?php echo $lang_admin_users['Username label'] ?></th>	940: <th scope="row"><?php echo $lang_admin_users['Username label'] ?></th>
941: <td><input type="text" name="form[username]" size="25" maxlength="25" tabindex="2" /></td>	941: <td><input type="text" name="form[username]" size="25" maxlength="25" tabindex="2" /></td>
1074: <fieldset>	1074: <fieldset>
1075: <legend><?php echo $lang_admin_users['IP search subhead'] ?></legend>	1075: <legend><?php echo $lang_admin_users['IP search subhead'] ?></legend>
1076: <div class="infldset">	1076: <div class="infldset">
1077: <table class="aligntop" cellspacing="0">	1077: <table class="aligntop">
1078: <tr>	1078: <tr>
1079: <th scope="row"><?php echo $lang_admin_users['IP address label'] ?><div><input type="submit" value="<?php echo $lang_admin_users['Find IP address'] ?>" tabindex="26" /></div></th>	1079: <th scope="row"><?php echo $lang_admin_users['IP address label'] ?><div><input type="submit" value="<?php echo $lang_admin_users['Find IP address'] ?>" tabindex="26" /></div></th>
1080: <td><input type="text" name="show_users" size="18" maxlength="15" tabindex="24" />	1080: <td><input type="text" name="show_users" size="18" maxlength="15" tabindex="24" />

a/db_update.php	b/db_update.php
7: */	7: */
8:	8:
9: // The FluxBB version this script updates to	9: // The FluxBB version this script updates to
10: define('UPDATE_TO', '1.5.4');	10: define('UPDATE_TO', '1.5.6');
11:	11:
12: define('UPDATE_TO_DB_REVISION', 20);	12: define('UPDATE_TO_DB_REVISION', 20);
13: define('UPDATE_TO_SI_REVISION', 2);	13: define('UPDATE_TO_SI_REVISION', 2);
266: if ($old_charset != 'UTF-8' && !seems_utf8($str))	266: if ($old_charset != 'UTF-8' && !seems_utf8($str))
267: {	267: {
268: if (function_exists('iconv'))	268: if (function_exists('iconv'))
269: $str = iconv($old_charset == 'ISO-8859-1' ? 'WINDOWS-1252' : 'ISO-8859-1', 'UTF-8', $str);	269: $str = iconv(!empty($old_charset) ? $old_charset : 'ISO-8859-1', 'UTF-8', $str);
270: else if (function_exists('mb_convert_encoding'))	270: else if (function_exists('mb_convert_encoding'))
271: $str = mb_convert_encoding($str, 'UTF-8', $old_charset == 'ISO-8859-1' ? 'WINDOWS-1252' : 'ISO-8859-1');	271: $str = mb_convert_encoding($str, 'UTF-8', !empty($old_charset) ? $old_charset : 'ISO-8859-1');
272: else if ($old_charset == 'ISO-8859-1')	272: else if ($old_charset == 'ISO-8859-1')
273: $str = utf8_encode($str);	273: $str = utf8_encode($str);
274: }	274: }
1282:	1282:
1283: convert_to_utf8($cur_item['forum_name'], $old_charset);	1283: convert_to_utf8($cur_item['forum_name'], $old_charset);
1284: convert_to_utf8($cur_item['forum_desc'], $old_charset);	1284: convert_to_utf8($cur_item['forum_desc'], $old_charset);
	1285: convert_to_utf8($cur_item['last_poster'], $old_charset);
1285:	1286:
1286: if (!empty($moderators_utf8))	1287: if (!empty($moderators_utf8))
1287: $cur_item['moderators'] = serialize($moderators_utf8);	1288: $cur_item['moderators'] = serialize($moderators_utf8);

a/delete.php	b/delete.php
51:	51:
52: if (isset($_POST['delete']))	52: if (isset($_POST['delete']))
53: {	53: {
54: if ($is_admmod)	54: // Make sure they got here from the site
55: confirm_referrer('delete.php');	55: confirm_referrer('delete.php');
56:	56:
57: require PUN_ROOT.'include/search_idx.php';	57: require PUN_ROOT.'include/search_idx.php';
58:	58:

a/edit.php	b/edit.php
56:	56:
57: if (isset($_POST['form_sent']))	57: if (isset($_POST['form_sent']))
58: {	58: {
59: if ($is_admmod)	59: // Make sure they got here from the site
60: confirm_referrer('edit.php');	60: confirm_referrer('edit.php');
61:	61:
62: // If it's a topic it must contain a subject	62: // If it's a topic it must contain a subject
63: if ($can_edit_subject)	63: if ($can_edit_subject)

a/footer.php	b/footer.php
40: {	40: {
41: echo "\t\t\t".'<dl>'."\n";	41: echo "\t\t\t".'<dl>'."\n";
42: echo "\t\t\t\t".'<dt><strong>'.$lang_topic['Mod controls'].'</strong></dt>'."\n";	42: echo "\t\t\t\t".'<dt><strong>'.$lang_topic['Mod controls'].'</strong></dt>'."\n";
43: echo "\t\t\t\t".'<dd><span><a href="moderate.php?fid='.$forum_id.'&tid='.$id.'&p='.$p.'">'.$lang_common['Moderate topic'].'</a></span></dd>'."\n";	43: echo "\t\t\t\t".'<dd><span><a href="moderate.php?fid='.$forum_id.'&tid='.$id.'&p='.$p.'">'.$lang_common['Moderate topic'].'</a>'.($num_pages > 1 ? ' (<a href="moderate.php?fid='.$forum_id.'&tid='.$id.'&action=all">'.$lang_common['All'].'</a>)' : '').'</span></dd>'."\n";
44: echo "\t\t\t\t".'<dd><span><a href="moderate.php?fid='.$forum_id.'&move_topics='.$id.'">'.$lang_common['Move topic'].'</a></span></dd>'."\n";	44: echo "\t\t\t\t".'<dd><span><a href="moderate.php?fid='.$forum_id.'&move_topics='.$id.'">'.$lang_common['Move topic'].'</a></span></dd>'."\n";
45:	45:
46: if ($cur_topic['closed'] == '1')	46: if ($cur_topic['closed'] == '1')

a/include/cache.php	b/include/cache.php
73: {	73: {
74: // A group_id was not supplied, so we generate the quick jump cache for all groups	74: // A group_id was not supplied, so we generate the quick jump cache for all groups
75: $result = $db->query('SELECT g_id, g_read_board FROM '.$db->prefix.'groups') or error('Unable to fetch user group list', __FILE__, __LINE__, $db->error());	75: $result = $db->query('SELECT g_id, g_read_board FROM '.$db->prefix.'groups') or error('Unable to fetch user group list', __FILE__, __LINE__, $db->error());
76: $num_groups = $db->num_rows($result);
77:	76:
78: while ($row = $db->fetch_row($result))	77: while ($row = $db->fetch_row($result))
79: $groups[$row[0]] = $row[1];	78: $groups[$row[0]] = $row[1];
109: $output .= "\t\t\t\t\t\t\t".'<option value="'.$cur_forum['fid'].'"<?php echo ($forum_id == '.$cur_forum['fid'].') ? \' selected="selected"\' : \'\' ?>>'.pun_htmlspecialchars($cur_forum['forum_name']).$redirect_tag.'</option>'."\n";	108: $output .= "\t\t\t\t\t\t\t".'<option value="'.$cur_forum['fid'].'"<?php echo ($forum_id == '.$cur_forum['fid'].') ? \' selected="selected"\' : \'\' ?>>'.pun_htmlspecialchars($cur_forum['forum_name']).$redirect_tag.'</option>'."\n";
110: }	109: }
111:	110:
112: $output .= "\t\t\t\t\t\t".'</optgroup>'."\n\t\t\t\t\t".'</select>'."\n\t\t\t\t\t".'<input type="submit" value="<?php echo $lang_common[\'Go\'] ?>" accesskey="g" />'."\n\t\t\t\t\t".'</label></div>'."\n\t\t\t\t".'</form>'."\n";	111: $output .= "\t\t\t\t\t\t".'</optgroup>'."\n\t\t\t\t\t".'</select></label>'."\n\t\t\t\t\t".'<input type="submit" value="<?php echo $lang_common[\'Go\'] ?>" accesskey="g" />'."\n\t\t\t\t\t".'</div>'."\n\t\t\t\t".'</form>'."\n";
113: }	112: }
114: }	113: }
115:	114:

a/include/common.php	b/include/common.php
10: exit('The constant PUN_ROOT must be defined and point to a valid FluxBB installation root directory.');	10: exit('The constant PUN_ROOT must be defined and point to a valid FluxBB installation root directory.');
11:	11:
12: // Define the version and database revision that this code was written for	12: // Define the version and database revision that this code was written for
13: define('FORUM_VERSION', '1.5.4');	13: define('FORUM_VERSION', '1.5.6');
14:	14:
15: define('FORUM_DB_REVISION', 20);	15: define('FORUM_DB_REVISION', 20);
16: define('FORUM_SI_REVISION', 2);	16: define('FORUM_SI_REVISION', 2);

a/include/email.php	b/include/email.php
10: if (!defined('PUN'))	10: if (!defined('PUN'))
11: exit;	11: exit;
12:	12:
	13: // Define line breaks in mail headers; possible values can be PHP_EOL, "\r\n", "\n" or "\r"
	14: if (!defined('FORUM_EOL'))
	15: define('FORUM_EOL', PHP_EOL);
	16:
13: require PUN_ROOT.'include/utf8/utils/ascii.php';	17: require PUN_ROOT.'include/utf8/utils/ascii.php';
14:	18:
15: //	19: //
229: $from = '"'.encode_mail_text($from_name).'" <'.$from_email.'>';	233: $from = '"'.encode_mail_text($from_name).'" <'.$from_email.'>';
230: $subject = encode_mail_text($subject);	234: $subject = encode_mail_text($subject);
231:	235:
232: $headers = 'From: '.$from."\r\n".'Date: '.gmdate('r')."\r\n".'MIME-Version: 1.0'."\r\n".'Content-transfer-encoding: 8bit'."\r\n".'Content-type: text/plain; charset=utf-8'."\r\n".'X-Mailer: FluxBB Mailer';	236: $headers = 'From: '.$from.FORUM_EOL.'Date: '.gmdate('r').FORUM_EOL.'MIME-Version: 1.0'.FORUM_EOL.'Content-transfer-encoding: 8bit'.FORUM_EOL.'Content-type: text/plain; charset=utf-8'.FORUM_EOL.'X-Mailer: FluxBB Mailer';
233:	237:
234: // If we specified a reply-to email, we deal with it here	238: // If we specified a reply-to email, we deal with it here
235: if (!empty($reply_to_email))	239: if (!empty($reply_to_email))
236: {	240: {
237: $reply_to = '"'.encode_mail_text($reply_to_name).'" <'.$reply_to_email.'>';	241: $reply_to = '"'.encode_mail_text($reply_to_name).'" <'.$reply_to_email.'>';
238:	242:
239: $headers .= "\r\n".'Reply-To: '.$reply_to;	243: $headers .= FORUM_EOL.'Reply-To: '.$reply_to;
240: }	244: }
241:	245:
242: // Make sure all linebreaks are LF in message (and strip out any NULL bytes)	246: // Make sure all linebreaks are LF in message (and strip out any NULL bytes)
283: function smtp_mail($to, $subject, $message, $headers = '')	287: function smtp_mail($to, $subject, $message, $headers = '')
284: {	288: {
285: global $pun_config;	289: global $pun_config;
	290: static $local_host;
286:	291:
287: $recipients = explode(',', $to);	292: $recipients = explode(',', $to);
288:	293:
307:	312:
308: server_parse($socket, '220');	313: server_parse($socket, '220');
309:	314:
310: if ($pun_config['o_smtp_user'] != '' && $pun_config['o_smtp_pass'] != '')	315: if (!isset($local_host))
311: {	316: {
312: // Here we try to determine the real hostname (reverse DNS entry preferably)	317: // Here we try to determine the real hostname (reverse DNS entry preferably)
313: $local_host = php_uname('n');	318: $local_host = php_uname('n');
317: {	322: {
318: // Able to resolve IP back to name	323: // Able to resolve IP back to name
319: if (($local_name = @gethostbyaddr($local_addr)) !== $local_addr)	324: if (($local_name = @gethostbyaddr($local_addr)) !== $local_addr)
320: {
321: $local_host = $local_name;	325: $local_host = $local_name;
322: }
323: }	326: }
	327: }
324:	328:
	329: if ($pun_config['o_smtp_user'] != '' && $pun_config['o_smtp_pass'] != '')
	330: {
325: fwrite($socket, 'EHLO '.$local_host."\r\n");	331: fwrite($socket, 'EHLO '.$local_host."\r\n");
326: server_parse($socket, '250');	332: server_parse($socket, '250');
327:	333:
336: }	342: }
337: else	343: else
338: {	344: {
339: fwrite($socket, 'HELO '.$smtp_host."\r\n");	345: fwrite($socket, 'HELO '.$local_host."\r\n");
340: server_parse($socket, '250');	346: server_parse($socket, '250');
341: }	347: }
342:	348:

a/include/functions.php	b/include/functions.php
6: * License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher	6: * License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
7: */	7: */
8:	8:
9: include PUN_ROOT.'include/srand.php';
10:	9:
11:	10:
12: //	11: //
454: {	453: {
455: global $db, $pun_config, $errors, $lang_prof_reg, $lang_register, $lang_common, $pun_bans;	454: global $db, $pun_config, $errors, $lang_prof_reg, $lang_register, $lang_common, $pun_bans;
456:	455:
	456: // Include UTF-8 function
	457: require_once PUN_ROOT.'include/utf8/strcasecmp.php';
	458:
457: // Convert multiple whitespace characters into one (to prevent people from registering with indistinguishable usernames)	459: // Convert multiple whitespace characters into one (to prevent people from registering with indistinguishable usernames)
458: $username = preg_replace('%\s+%s', ' ', $username);	460: $username = preg_replace('%\s+%s', ' ', $username);
459:	461:
462: $errors[] = $lang_prof_reg['Username too short'];	464: $errors[] = $lang_prof_reg['Username too short'];
463: else if (pun_strlen($username) > 25) // This usually doesn't happen since the form element only accepts 25 characters	465: else if (pun_strlen($username) > 25) // This usually doesn't happen since the form element only accepts 25 characters
464: $errors[] = $lang_prof_reg['Username too long'];	466: $errors[] = $lang_prof_reg['Username too long'];
465: else if (!strcasecmp($username, 'Guest') \|\| !strcasecmp($username, $lang_common['Guest']))	467: else if (!strcasecmp($username, 'Guest') \|\| !utf8_strcasecmp($username, $lang_common['Guest']))
466: $errors[] = $lang_prof_reg['Username guest'];	468: $errors[] = $lang_prof_reg['Username guest'];
467: else if (preg_match('%[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}%', $username) \|\| preg_match('%((([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4})\|(([0-9A-Fa-f]{1,4}:){6}:[0-9A-Fa-f]{1,4})\|(([0-9A-Fa-f]{1,4}:){5}:([0-9A-Fa-f]{1,4}:)?[0-9A-Fa-f]{1,4})\|(([0-9A-Fa-f]{1,4}:){4}:([0-9A-Fa-f]{1,4}:){0,2}[0-9A-Fa-f]{1,4})\|(([0-9A-Fa-f]{1,4}:){3}:([0-9A-Fa-f]{1,4}:){0,3}[0-9A-Fa-f]{1,4})\|(([0-9A-Fa-f]{1,4}:){2}:([0-9A-Fa-f]{1,4}:){0,4}[0-9A-Fa-f]{1,4})\|(([0-9A-Fa-f]{1,4}:){6}((\b((25[0-5])\|(1\d{2})\|(2[0-4]\d)\|(\d{1,2}))\b)\.){3}(\b((25[0-5])\|(1\d{2})\|(2[0-4]\d)\|(\d{1,2}))\b))\|(([0-9A-Fa-f]{1,4}:){0,5}:((\b((25[0-5])\|(1\d{2})\|(2[0-4]\d)\|(\d{1,2}))\b)\.){3}(\b((25[0-5])\|(1\d{2})\|(2[0-4]\d)\|(\d{1,2}))\b))\|(::([0-9A-Fa-f]{1,4}:){0,5}((\b((25[0-5])\|(1\d{2})\|(2[0-4]\d)\|(\d{1,2}))\b)\.){3}(\b((25[0-5])\|(1\d{2})\|(2[0-4]\d)\|(\d{1,2}))\b))\|([0-9A-Fa-f]{1,4}::([0-9A-Fa-f]{1,4}:){0,5}[0-9A-Fa-f]{1,4})\|(::([0-9A-Fa-f]{1,4}:){0,6}[0-9A-Fa-f]{1,4})\|(([0-9A-Fa-f]{1,4}:){1,7}:))%', $username))	469: else if (preg_match('%[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}%', $username) \|\| preg_match('%((([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4})\|(([0-9A-Fa-f]{1,4}:){6}:[0-9A-Fa-f]{1,4})\|(([0-9A-Fa-f]{1,4}:){5}:([0-9A-Fa-f]{1,4}:)?[0-9A-Fa-f]{1,4})\|(([0-9A-Fa-f]{1,4}:){4}:([0-9A-Fa-f]{1,4}:){0,2}[0-9A-Fa-f]{1,4})\|(([0-9A-Fa-f]{1,4}:){3}:([0-9A-Fa-f]{1,4}:){0,3}[0-9A-Fa-f]{1,4})\|(([0-9A-Fa-f]{1,4}:){2}:([0-9A-Fa-f]{1,4}:){0,4}[0-9A-Fa-f]{1,4})\|(([0-9A-Fa-f]{1,4}:){6}((\b((25[0-5])\|(1\d{2})\|(2[0-4]\d)\|(\d{1,2}))\b)\.){3}(\b((25[0-5])\|(1\d{2})\|(2[0-4]\d)\|(\d{1,2}))\b))\|(([0-9A-Fa-f]{1,4}:){0,5}:((\b((25[0-5])\|(1\d{2})\|(2[0-4]\d)\|(\d{1,2}))\b)\.){3}(\b((25[0-5])\|(1\d{2})\|(2[0-4]\d)\|(\d{1,2}))\b))\|(::([0-9A-Fa-f]{1,4}:){0,5}((\b((25[0-5])\|(1\d{2})\|(2[0-4]\d)\|(\d{1,2}))\b)\.){3}(\b((25[0-5])\|(1\d{2})\|(2[0-4]\d)\|(\d{1,2}))\b))\|([0-9A-Fa-f]{1,4}::([0-9A-Fa-f]{1,4}:){0,5}[0-9A-Fa-f]{1,4})\|(::([0-9A-Fa-f]{1,4}:){0,6}[0-9A-Fa-f]{1,4})\|(([0-9A-Fa-f]{1,4}:){1,7}:))%', $username))
468: $errors[] = $lang_prof_reg['Username IP'];	470: $errors[] = $lang_prof_reg['Username IP'];
476: $errors[] = $lang_register['Username censor'];	478: $errors[] = $lang_register['Username censor'];
477:	479:
478: // Check that the username (or a too similar username) is not already registered	480: // Check that the username (or a too similar username) is not already registered
479: $query = ($exclude_id) ? ' AND id!='.$exclude_id : '';	481: $query = (!is_null($exclude_id)) ? ' AND id!='.$exclude_id : '';
480:	482:
481: $result = $db->query('SELECT username FROM '.$db->prefix.'users WHERE (UPPER(username)=UPPER(\''.$db->escape($username).'\') OR UPPER(username)=UPPER(\''.$db->escape(ucp_preg_replace('%[^\p{L}\p{N}]%u', '', $username)).'\')) AND id>1'.$query) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());	483: $result = $db->query('SELECT username FROM '.$db->prefix.'users WHERE (UPPER(username)=UPPER(\''.$db->escape($username).'\') OR UPPER(username)=UPPER(\''.$db->escape(ucp_preg_replace('%[^\p{L}\p{N}]%u', '', $username)).'\')) AND id>1'.$query) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
482:	484:
591: {	593: {
592: global $pun_config, $lang_common;	594: global $pun_config, $lang_common;
593:	595:
	596: if (!is_array($page_title))
	597: $page_title = array($page_title);
	598:
594: $page_title = array_reverse($page_title);	599: $page_title = array_reverse($page_title);
595:	600:
596: if (!is_null($p))	601: if (!is_null($p))
834: $ban_list = array();	839: $ban_list = array();
835:	840:
836: foreach ($pun_bans as $cur_ban)	841: foreach ($pun_bans as $cur_ban)
837: $ban_list[] = strtolower($cur_ban['username']);	842: $ban_list[] = utf8_strtolower($cur_ban['username']);
838: }	843: }
839:	844:
840: // If the user has a custom title	845: // If the user has a custom title
841: if ($user['title'] != '')	846: if ($user['title'] != '')
842: $user_title = pun_htmlspecialchars($user['title']);	847: $user_title = pun_htmlspecialchars($user['title']);
843: // If the user is banned	848: // If the user is banned
844: else if (in_array(strtolower($user['username']), $ban_list))	849: else if (in_array(utf8_strtolower($user['username']), $ban_list))
845: $user_title = $lang_common['Banned'];	850: $user_title = $lang_common['Banned'];
846: // If the user group has a default user title	851: // If the user group has a default user title
847: else if ($user['g_user_title'] != '')	852: else if ($user['g_user_title'] != '')
1011: //	1016: //
1012: function random_key($len, $readable = false, $hash = false)	1017: function random_key($len, $readable = false, $hash = false)
1013: {	1018: {
	1019: if (!function_exists('secure_random_bytes'))
	1020: include PUN_ROOT.'include/srand.php';
	1021:
1014: $key = secure_random_bytes($len);	1022: $key = secure_random_bytes($len);
1015:	1023:
1016: if ($hash)	1024: if ($hash)
1017: $key = substr(bin2hex($key), 0, $len);	1025: return substr(bin2hex($key), 0, $len);
1018: else if ($readable)	1026: else if ($readable)
1019: $key = substr(base64_encode($key), 0, $len);	1027: {
	1028: $chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
	1029:
	1030: $result = '';
	1031: for ($i = 0; $i < $len; ++$i)
	1032: $result .= substr($chars, (ord($key[$i]) % strlen($chars)), 1);
	1033:
	1034: return $result;
	1035: }
1020:	1036:
1021: return $key;	1037: return $key;
1022: }	1038: }
1025: //	1041: //
1026: // Make sure that HTTP_REFERER matches base_url/script	1042: // Make sure that HTTP_REFERER matches base_url/script
1027: //	1043: //
1028: function confirm_referrer($script, $error_msg = false)	1044: function confirm_referrer($scripts, $error_msg = false)
1029: {	1045: {
1030: global $pun_config, $lang_common;	1046: global $pun_config, $lang_common;
1031:	1047:
	1048: if (!is_array($scripts))
	1049: $scripts = array($scripts);
	1050:
1032: // There is no referrer	1051: // There is no referrer
1033: if (empty($_SERVER['HTTP_REFERER']))	1052: if (empty($_SERVER['HTTP_REFERER']))
1034: message($error_msg ? $error_msg : $lang_common['Bad referrer']);	1053: message($error_msg ? $error_msg : $lang_common['Bad referrer']);
1038: if (strpos($referrer['host'], 'www.') === 0)	1057: if (strpos($referrer['host'], 'www.') === 0)
1039: $referrer['host'] = substr($referrer['host'], 4);	1058: $referrer['host'] = substr($referrer['host'], 4);
1040:	1059:
1041: $valid = parse_url(strtolower(get_base_url().'/'.$script));	1060: $valid_paths = array();
1042: // Remove www subdomain if it exists	1061: foreach ($scripts as $script)
1043: if (strpos($valid['host'], 'www.') === 0)	1062: {
1044: $valid['host'] = substr($valid['host'], 4);	1063: $valid = parse_url(strtolower(get_base_url().'/'.$script));
	1064: // Remove www subdomain if it exists
	1065: if (strpos($valid['host'], 'www.') === 0)
	1066: $valid['host'] = substr($valid['host'], 4);
	1067:
	1068: $valid_host = $valid['host'];
	1069: $valid_paths[] = $valid['path'];
	1070: }
1045:	1071:
1046: // Check the host and path match. Ignore the scheme, port, etc.	1072: // Check the host and path match. Ignore the scheme, port, etc.
1047: if ($referrer['host'] != $valid['host'] \|\| $referrer['path'] != $valid['path'])	1073: if ($referrer['host'] != $valid_host \|\| !in_array($referrer['path'], $valid_paths))
1048: message($error_msg ? $error_msg : $lang_common['Bad referrer']);	1074: message($error_msg ? $error_msg : $lang_common['Bad referrer']);
1049: }	1075: }
1050:	1076:
2059: <h2><span><?php echo $lang_common['Debug table'] ?></span></h2>	2085: <h2><span><?php echo $lang_common['Debug table'] ?></span></h2>
2060: <div class="box">	2086: <div class="box">
2061: <div class="inbox">	2087: <div class="inbox">
2062: <table cellspacing="0">	2088: <table>
2063: <thead>	2089: <thead>
2064: <tr>	2090: <tr>
2065: <th class="tcl" scope="col"><?php echo $lang_common['Query times'] ?></th>	2091: <th class="tcl" scope="col"><?php echo $lang_common['Query times'] ?></th>

a/include/parser.php	b/include/parser.php
823: $replace_callback[] = 'handle_url_tag($matches[1], $matches[2])';	823: $replace_callback[] = 'handle_url_tag($matches[1], $matches[2])';
824: $replace[] = '<a href="mailto:$1">$1</a>';	824: $replace[] = '<a href="mailto:$1">$1</a>';
825: $replace[] = '<a href="mailto:$1">$2</a>';	825: $replace[] = '<a href="mailto:$1">$2</a>';
826: $replace_callback[] = 'handle_url_tag(\''.get_base_url(true).'/viewtopic.php?id=.$matches[1]\')';	826: $replace_callback[] = 'handle_url_tag(\''.get_base_url(true).'/viewtopic.php?id=\'.$matches[1])';
827: $replace_callback[] = 'handle_url_tag(\''.get_base_url(true).'/viewtopic.php?id=.$matches[1],$matches[2]\')';	827: $replace_callback[] = 'handle_url_tag(\''.get_base_url(true).'/viewtopic.php?id=\'.$matches[1], $matches[2])';
828: $replace_callback[] = 'handle_url_tag(\''.get_base_url(true).'/viewtopic.php?pid=.$matches[1].#p.$matches[1]\')';	828: $replace_callback[] = 'handle_url_tag(\''.get_base_url(true).'/viewtopic.php?pid=\'.$matches[1].\'#p\'.$matches[1])';
829: $replace_callback[] = 'handle_url_tag(\''.get_base_url(true).'/viewtopic.php?pid=.$matches[1].#p.$matches[1],$matches[2]\')';	829: $replace_callback[] = 'handle_url_tag(\''.get_base_url(true).'/viewtopic.php?pid=\'.$matches[1].\'#p\'.$matches[1], $matches[2])';
830: $replace_callback[] = 'handle_url_tag(\''.get_base_url(true).'/viewforum.php?id=.$matches[1]\')';	830: $replace_callback[] = 'handle_url_tag(\''.get_base_url(true).'/viewforum.php?id=\'.$matches[1])';
831: $replace_callback[] = 'handle_url_tag(\''.get_base_url(true).'/viewforum.php?id=.$matches[1],$matches[2]\')';	831: $replace_callback[] = 'handle_url_tag(\''.get_base_url(true).'/viewforum.php?id=\'.$matches[1], $matches[2])';
832: $replace_callback[] = 'handle_url_tag(\''.get_base_url(true).'/profile.php?id=.$matches[1]\')';	832: $replace_callback[] = 'handle_url_tag(\''.get_base_url(true).'/profile.php?id=\'.$matches[1])';
833: $replace_callback[] = 'handle_url_tag(\''.get_base_url(true).'/profile.php?id=.$matches[1],$matches[2]\')';	833: $replace_callback[] = 'handle_url_tag(\''.get_base_url(true).'/profile.php?id=\'.$matches[1], $matches[2])';
834:	834:
835: // This thing takes a while! :)	835: // This thing takes a while! :)
836: $text = preg_replace($pattern, $replace, $text);	836: $text = preg_replace($pattern, $replace, $text);
849: function do_clickable($text)	849: function do_clickable($text)
850: {	850: {
851: $text = ' '.$text;	851: $text = ' '.$text;
852: $text = ucp_preg_replace_callback('%(?<=[\s\]\)])(<)?(\[)?($)?([\'"]?)(https?\|ftp\|news){1}://([\p{L}\p{N}\-]+\.([\p{L}\p{N}\-]+\.)[\p{L}\p{N}]+(:[0-9]+)?(/(?:[^\s\[][^\s.,?!\[;:-])?)?)\4(?(3)($))(?(2)(\]))(?(1)(>))(?![^\s]*\[/(?:url\|img)\])%ui', 'stripslashes($matches[1].$matches[2].$matches[3].$matches[4]).handle_url_tag($matches[5]."://".$matches[6], $matches[5]."://".$matches[6], true).stripslashes($matches[4].$matches[10].$matches[11].$matches[12])', $text);	852: $text = ucp_preg_replace_callback('%(?<=[\s\]\)])(<)?(\[)?($)?([\'"]?)(https?\|ftp\|news){1}://([\p{L}\p{N}\-]+\.([\p{L}\p{N}\-]+\.)[\p{L}\p{N}]+(:[0-9]+)?(/(?:[^\s\[][^\s.,?!\[;:-])?)?)\4(?(3)($))(?(2)(\]))(?(1)(>))(?![^\s]*\[/(?:url\|img)\])%ui', 'stripslashes($matches[1].$matches[2].$matches[3].$matches[4]).handle_url_tag($matches[5]."://".$matches[6], $matches[5]."://".$matches[6], true).stripslashes($matches[4].forum_array_key($matches, 10).forum_array_key($matches, 11).forum_array_key($matches, 12))', $text);
853: $text = ucp_preg_replace_callback('%(?<=[\s\]\)])(<)?(\[)?($)?([\'"]?)(www\|ftp)\.(([\p{L}\p{N}\-]+\.)+[\p{L}\p{N}]+(:[0-9]+)?(/(?:[^\s\[][^\s.,?!\[;:-])?)?)\4(?(3)($))(?(2)(\]))(?(1)(>))(?![^\s]\[/(?:url\|img)\])%ui','stripslashes($matches[1].$matches[2].$matches[3].$matches[4]).handle_url_tag($matches[5].".".$matches[6], $matches[5].".".$matches[6], true).stripslashes($matches[4].$matches[10].$matches[11].$matches[12])', $text);	853: $text = ucp_preg_replace_callback('%(?<=[\s\]\)])(<)?(\[)?($)?([\'"]?)(www\|ftp)\.(([\p{L}\p{N}\-]+\.)+[\p{L}\p{N}]+(:[0-9]+)?(/(?:[^\s\[][^\s.,?!\[;:-])?)?)\4(?(3)($))(?(2)(\]))(?(1)(>))(?![^\s]\[/(?:url\|img)\])%ui','stripslashes($matches[1].$matches[2].$matches[3].$matches[4]).handle_url_tag($matches[5].".".$matches[6], $matches[5].".".$matches[6], true).stripslashes($matches[4].forum_array_key($matches, 10).forum_array_key($matches, 11).forum_array_key($matches, 12))', $text);
854:	854:
855: return substr($text, 1);	855: return substr($text, 1);
856: }	856: }
857:	857:
858:	858:
859: //	859: //
	860: // Return an array key, if it exists, otherwise return an empty string
	861: //
	862: function forum_array_key($arr, $key)
	863: {
	864: return isset($arr[$key]) ? $arr[$key] : '';
	865: }
	866:
	867:
	868: //
860: // Convert a series of smilies to images	869: // Convert a series of smilies to images
861: //	870: //
862: function do_smilies($text)	871: function do_smilies($text)
863: {	872: {
864: global $pun_config, $smilies;	873: global $smilies;
865:	874:
866: $text = ' '.$text.' ';	875: $text = ' '.$text.' ';
867:	876:

a/index.php	b/index.php
68: <h2><span><?php echo pun_htmlspecialchars($cur_forum['cat_name']) ?></span></h2>	68: <h2><span><?php echo pun_htmlspecialchars($cur_forum['cat_name']) ?></span></h2>
69: <div class="box">	69: <div class="box">
70: <div class="inbox">	70: <div class="inbox">
71: <table cellspacing="0">	71: <table>
72: <thead>	72: <thead>
73: <tr>	73: <tr>
74: <th class="tcl" scope="col"><?php echo $lang_common['Forum'] ?></th>	74: <th class="tcl" scope="col"><?php echo $lang_common['Forum'] ?></th>

a/install.php	b/install.php
7: */	7: */
8:	8:
9: // The FluxBB version this script installs	9: // The FluxBB version this script installs
10: define('FORUM_VERSION', '1.5.4');	10: define('FORUM_VERSION', '1.5.6');
11:	11:
12: define('FORUM_DB_REVISION', 20);	12: define('FORUM_DB_REVISION', 20);
13: define('FORUM_SI_REVISION', 2);	13: define('FORUM_SI_REVISION', 2);

a/lang/English/common.php	b/lang/English/common.php
124: 'Jump to' => 'Jump to',	124: 'Jump to' => 'Jump to',
125: 'Go' => ' Go ', // Submit button in forum jump	125: 'Go' => ' Go ', // Submit button in forum jump
126: 'Moderate topic' => 'Moderate topic',	126: 'Moderate topic' => 'Moderate topic',
	127: 'All' => 'All',
127: 'Move topic' => 'Move topic',	128: 'Move topic' => 'Move topic',
128: 'Open topic' => 'Open topic',	129: 'Open topic' => 'Open topic',
129: 'Close topic' => 'Close topic',	130: 'Close topic' => 'Close topic',

a/lang/English/help.php	b/lang/English/help.php
38: 'Quotes' => 'Quotes',	38: 'Quotes' => 'Quotes',
39: 'Quotes info' => 'If you want to quote someone, you should use the quote tag.',	39: 'Quotes info' => 'If you want to quote someone, you should use the quote tag.',
40: 'Quotes info 2' => 'If you don\'t want to quote anyone in particular, you can use the quote tag without specifying a name.',	40: 'Quotes info 2' => 'If you don\'t want to quote anyone in particular, you can use the quote tag without specifying a name.',
41: 'Quote text' => 'This is the text i want to quote.',	41: 'Quote text' => 'This is the text I want to quote.',
42: 'produces quote box' => 'produces a quote box like this:',	42: 'produces quote box' => 'produces a quote box like this:',
43: 'quote note' => 'Note: If a username contains the characters [ or ] you can enclose it in quote marks.',	43: 'quote note' => 'Note: If a username contains the characters [ or ] you can enclose it in quote marks.',
44:	44:

a/lang/English/install.php	b/lang/English/install.php
65: 'Info 11' => 'Settings for your board. You can change this later.',	65: 'Info 11' => 'Settings for your board. You can change this later.',
66: 'General information' => 'Enter your board\'s title and description.',	66: 'General information' => 'Enter your board\'s title and description.',
67: 'Board description' => 'Board description (supports HTML)',	67: 'Board description' => 'Board description (supports HTML)',
68: 'Info 14' => 'The URL (without trailing slash) of your FluxBB forum (example: http://forum.myhost.com). This must be correct. Please note that the preset value below is just an educated guess by FluxBB.',
69: 'Appearance' => 'Appearance',	68: 'Appearance' => 'Appearance',
70: 'Info 15' => 'Make your forum yours. Choose a language and a style for your board.',	69: 'Info 15' => 'Make your forum yours. Choose a language and a style for your board.',
71: 'Default language' => 'Default language',	70: 'Default language' => 'Default language',

a/lang/English/update.php	b/lang/English/update.php
7: 'Update' => 'Update FluxBB',	7: 'Update' => 'Update FluxBB',
8: 'Update message' => 'Your FluxBB database is out-of-date and must be upgraded in order to continue. If you are the board administrator, please follow the instructions below to complete the upgrade.',	8: 'Update message' => 'Your FluxBB database is out-of-date and must be upgraded in order to continue. If you are the board administrator, please follow the instructions below to complete the upgrade.',
9: 'Note' => 'Note:',	9: 'Note' => 'Note:',
10: 'Members message' => 'This process is for board administators only. If you are a member there is nothing to worry about - the forums will be back shortly!',	10: 'Members message' => 'This process is for board administrators only. If you are a member there is nothing to worry about - the forums will be back shortly!',
11: 'Administrator only' => 'This step is for the board administrator only!',	11: 'Administrator only' => 'This step is for the board administrator only!',
12: 'Database password info' => 'To perform the database update please enter the database password with which FluxBB was installed. If you cannot remember, this is stored in your \'config.php\' file.',	12: 'Database password info' => 'To perform the database update please enter the database password with which FluxBB was installed. If you cannot remember, this is stored in your \'config.php\' file.',
13: 'Database password note' => 'If you are running SQLite (and hence have no database password) please use the database file name instead. This must exactly match the database file name given in your configuration file.',	13: 'Database password note' => 'If you are running SQLite (and hence have no database password) please use the database file name instead. This must exactly match the database file name given in your configuration file.',

a/misc.php	b/misc.php
22: if ($action == 'rules')	22: if ($action == 'rules')
23: {	23: {
24: if ($pun_config['o_rules'] == '0' \|\| ($pun_user['is_guest'] && $pun_user['g_read_board'] == '0' && $pun_config['o_regs_allow'] == '0'))	24: if ($pun_config['o_rules'] == '0' \|\| ($pun_user['is_guest'] && $pun_user['g_read_board'] == '0' && $pun_config['o_regs_allow'] == '0'))
25: message($lang_common['Bad request']);	25: message($lang_common['Bad request'], false, '404 Not Found');
26:	26:
27: // Load the register.php language file	27: // Load the register.php language file
28: require PUN_ROOT.'lang/'.$pun_user['language'].'/register.php';	28: require PUN_ROOT.'lang/'.$pun_user['language'].'/register.php';
68:	68:
69: $fid = isset($_GET['fid']) ? intval($_GET['fid']) : 0;	69: $fid = isset($_GET['fid']) ? intval($_GET['fid']) : 0;
70: if ($fid < 1)	70: if ($fid < 1)
71: message($lang_common['Bad request']);	71: message($lang_common['Bad request'], false, '404 Not Found');
72:	72:
73: $tracked_topics = get_tracked_topics();	73: $tracked_topics = get_tracked_topics();
74: $tracked_topics['forums'][$fid] = time();	74: $tracked_topics['forums'][$fid] = time();
85:	85:
86: $recipient_id = intval($_GET['email']);	86: $recipient_id = intval($_GET['email']);
87: if ($recipient_id < 2)	87: if ($recipient_id < 2)
88: message($lang_common['Bad request']);	88: message($lang_common['Bad request'], false, '404 Not Found');
89:	89:
90: $result = $db->query('SELECT username, email, email_setting FROM '.$db->prefix.'users WHERE id='.$recipient_id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());	90: $result = $db->query('SELECT username, email, email_setting FROM '.$db->prefix.'users WHERE id='.$recipient_id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
91: if (!$db->num_rows($result))	91: if (!$db->num_rows($result))
92: message($lang_common['Bad request']);	92: message($lang_common['Bad request'], false, '404 Not Found');
93:	93:
94: list($recipient, $recipient_email, $email_setting) = $db->fetch_row($result);	94: list($recipient, $recipient_email, $email_setting) = $db->fetch_row($result);
95:	95:
109: message($lang_misc['No email subject']);	109: message($lang_misc['No email subject']);
110: else if ($message == '')	110: else if ($message == '')
111: message($lang_misc['No email message']);	111: message($lang_misc['No email message']);
112: else if (pun_strlen($message) > PUN_MAX_POSTSIZE)	112: // Here we use strlen() not pun_strlen() as we want to limit the post to PUN_MAX_POSTSIZE bytes, not characters
	113: else if (strlen($message) > PUN_MAX_POSTSIZE)
113: message($lang_misc['Too long email message']);	114: message($lang_misc['Too long email message']);
114:	115:
115: if ($pun_user['last_email_sent'] != '' && (time() - $pun_user['last_email_sent']) < $pun_user['g_email_flood'] && (time() - $pun_user['last_email_sent']) >= 0)	116: if ($pun_user['last_email_sent'] != '' && (time() - $pun_user['last_email_sent']) < $pun_user['g_email_flood'] && (time() - $pun_user['last_email_sent']) >= 0)
207: else if (isset($_GET['report']))	208: else if (isset($_GET['report']))
208: {	209: {
209: if ($pun_user['is_guest'])	210: if ($pun_user['is_guest'])
210: message($lang_common['No permission']);	211: message($lang_common['No permission'], false, '403 Forbidden');
211:	212:
212: $post_id = intval($_GET['report']);	213: $post_id = intval($_GET['report']);
213: if ($post_id < 1)	214: if ($post_id < 1)
214: message($lang_common['Bad request']);	215: message($lang_common['Bad request'], false, '404 Not Found');
215:	216:
216: if (isset($_POST['form_sent']))	217: if (isset($_POST['form_sent']))
217: {	218: {
	219: // Make sure they got here from the site
	220: confirm_referrer('misc.php');
	221:
218: // Clean up reason from POST	222: // Clean up reason from POST
219: $reason = pun_linebreaks(pun_trim($_POST['req_reason']));	223: $reason = pun_linebreaks(pun_trim($_POST['req_reason']));
220: if ($reason == '')	224: if ($reason == '')
228: // Get the topic ID	232: // Get the topic ID
229: $result = $db->query('SELECT topic_id FROM '.$db->prefix.'posts WHERE id='.$post_id) or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());	233: $result = $db->query('SELECT topic_id FROM '.$db->prefix.'posts WHERE id='.$post_id) or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
230: if (!$db->num_rows($result))	234: if (!$db->num_rows($result))
231: message($lang_common['Bad request']);	235: message($lang_common['Bad request'], false, '404 Not Found');
232:	236:
233: $topic_id = $db->result($result);	237: $topic_id = $db->result($result);
234:	238:
235: // Get the subject and forum ID	239: // Get the subject and forum ID
236: $result = $db->query('SELECT subject, forum_id FROM '.$db->prefix.'topics WHERE id='.$topic_id) or error('Unable to fetch topic info', __FILE__, __LINE__, $db->error());	240: $result = $db->query('SELECT subject, forum_id FROM '.$db->prefix.'topics WHERE id='.$topic_id) or error('Unable to fetch topic info', __FILE__, __LINE__, $db->error());
237: if (!$db->num_rows($result))	241: if (!$db->num_rows($result))
238: message($lang_common['Bad request']);	242: message($lang_common['Bad request'], false, '404 Not Found');
239:	243:
240: list($subject, $forum_id) = $db->fetch_row($result);	244: list($subject, $forum_id) = $db->fetch_row($result);
241:	245:
278: // Fetch some info about the post, the topic and the forum	282: // Fetch some info about the post, the topic and the forum
279: $result = $db->query('SELECT f.id AS fid, f.forum_name, t.id AS tid, t.subject FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'topics AS t ON t.id=p.topic_id INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND p.id='.$post_id) or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());	283: $result = $db->query('SELECT f.id AS fid, f.forum_name, t.id AS tid, t.subject FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'topics AS t ON t.id=p.topic_id INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND p.id='.$post_id) or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
280: if (!$db->num_rows($result))	284: if (!$db->num_rows($result))
281: message($lang_common['Bad request']);	285: message($lang_common['Bad request'], false, '404 Not Found');
282:	286:
283: $cur_post = $db->fetch_assoc($result);	287: $cur_post = $db->fetch_assoc($result);
284:	288:
329: else if ($action == 'subscribe')	333: else if ($action == 'subscribe')
330: {	334: {
331: if ($pun_user['is_guest'])	335: if ($pun_user['is_guest'])
332: message($lang_common['No permission']);	336: message($lang_common['No permission'], false, '403 Forbidden');
333:	337:
334: $topic_id = isset($_GET['tid']) ? intval($_GET['tid']) : 0;	338: $topic_id = isset($_GET['tid']) ? intval($_GET['tid']) : 0;
335: $forum_id = isset($_GET['fid']) ? intval($_GET['fid']) : 0;	339: $forum_id = isset($_GET['fid']) ? intval($_GET['fid']) : 0;
336: if ($topic_id < 1 && $forum_id < 1)	340: if ($topic_id < 1 && $forum_id < 1)
337: message($lang_common['Bad request']);	341: message($lang_common['Bad request'], false, '404 Not Found');
338:	342:
339: if ($topic_id)	343: if ($topic_id)
340: {	344: {
341: if ($pun_config['o_topic_subscriptions'] != '1')	345: if ($pun_config['o_topic_subscriptions'] != '1')
342: message($lang_common['No permission']);	346: message($lang_common['No permission'], false, '403 Forbidden');
343:	347:
344: // Make sure the user can view the topic	348: // Make sure the user can view the topic
345: $result = $db->query('SELECT 1 FROM '.$db->prefix.'topics AS t LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=t.forum_id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.id='.$topic_id.' AND t.moved_to IS NULL') or error('Unable to fetch topic info', __FILE__, __LINE__, $db->error());	349: $result = $db->query('SELECT 1 FROM '.$db->prefix.'topics AS t LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=t.forum_id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.id='.$topic_id.' AND t.moved_to IS NULL') or error('Unable to fetch topic info', __FILE__, __LINE__, $db->error());
346: if (!$db->num_rows($result))	350: if (!$db->num_rows($result))
347: message($lang_common['Bad request']);	351: message($lang_common['Bad request'], false, '404 Not Found');
348:	352:
349: $result = $db->query('SELECT 1 FROM '.$db->prefix.'topic_subscriptions WHERE user_id='.$pun_user['id'].' AND topic_id='.$topic_id) or error('Unable to fetch subscription info', __FILE__, __LINE__, $db->error());	353: $result = $db->query('SELECT 1 FROM '.$db->prefix.'topic_subscriptions WHERE user_id='.$pun_user['id'].' AND topic_id='.$topic_id) or error('Unable to fetch subscription info', __FILE__, __LINE__, $db->error());
350: if ($db->num_rows($result))	354: if ($db->num_rows($result))
358: if ($forum_id)	362: if ($forum_id)
359: {	363: {
360: if ($pun_config['o_forum_subscriptions'] != '1')	364: if ($pun_config['o_forum_subscriptions'] != '1')
361: message($lang_common['No permission']);	365: message($lang_common['No permission'], false, '403 Forbidden');
362:	366:
363: // Make sure the user can view the forum	367: // Make sure the user can view the forum
364: $result = $db->query('SELECT 1 FROM '.$db->prefix.'forums AS f LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND f.id='.$forum_id) or error('Unable to fetch forum info', __FILE__, __LINE__, $db->error());	368: $result = $db->query('SELECT 1 FROM '.$db->prefix.'forums AS f LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND f.id='.$forum_id) or error('Unable to fetch forum info', __FILE__, __LINE__, $db->error());
365: if (!$db->num_rows($result))	369: if (!$db->num_rows($result))
366: message($lang_common['Bad request']);	370: message($lang_common['Bad request'], false, '404 Not Found');
367:	371:
368: $result = $db->query('SELECT 1 FROM '.$db->prefix.'forum_subscriptions WHERE user_id='.$pun_user['id'].' AND forum_id='.$forum_id) or error('Unable to fetch subscription info', __FILE__, __LINE__, $db->error());	372: $result = $db->query('SELECT 1 FROM '.$db->prefix.'forum_subscriptions WHERE user_id='.$pun_user['id'].' AND forum_id='.$forum_id) or error('Unable to fetch subscription info', __FILE__, __LINE__, $db->error());
369: if ($db->num_rows($result))	373: if ($db->num_rows($result))
379: else if ($action == 'unsubscribe')	383: else if ($action == 'unsubscribe')
380: {	384: {
381: if ($pun_user['is_guest'])	385: if ($pun_user['is_guest'])
382: message($lang_common['No permission']);	386: message($lang_common['No permission'], false, '403 Forbidden');
383:	387:
384: $topic_id = isset($_GET['tid']) ? intval($_GET['tid']) : 0;	388: $topic_id = isset($_GET['tid']) ? intval($_GET['tid']) : 0;
385: $forum_id = isset($_GET['fid']) ? intval($_GET['fid']) : 0;	389: $forum_id = isset($_GET['fid']) ? intval($_GET['fid']) : 0;
386: if ($topic_id < 1 && $forum_id < 1)	390: if ($topic_id < 1 && $forum_id < 1)
387: message($lang_common['Bad request']);	391: message($lang_common['Bad request'], false, '404 Not Found');
388:	392:
389: if ($topic_id)	393: if ($topic_id)
390: {	394: {
391: if ($pun_config['o_topic_subscriptions'] != '1')	395: if ($pun_config['o_topic_subscriptions'] != '1')
392: message($lang_common['No permission']);	396: message($lang_common['No permission'], false, '403 Forbidden');
393:	397:
394: $result = $db->query('SELECT 1 FROM '.$db->prefix.'topic_subscriptions WHERE user_id='.$pun_user['id'].' AND topic_id='.$topic_id) or error('Unable to fetch subscription info', __FILE__, __LINE__, $db->error());	398: $result = $db->query('SELECT 1 FROM '.$db->prefix.'topic_subscriptions WHERE user_id='.$pun_user['id'].' AND topic_id='.$topic_id) or error('Unable to fetch subscription info', __FILE__, __LINE__, $db->error());
395: if (!$db->num_rows($result))	399: if (!$db->num_rows($result))
403: if ($forum_id)	407: if ($forum_id)
404: {	408: {
405: if ($pun_config['o_forum_subscriptions'] != '1')	409: if ($pun_config['o_forum_subscriptions'] != '1')
406: message($lang_common['No permission']);	410: message($lang_common['No permission'], false, '403 Forbidden');
407:	411:
408: $result = $db->query('SELECT 1 FROM '.$db->prefix.'forum_subscriptions WHERE user_id='.$pun_user['id'].' AND forum_id='.$forum_id) or error('Unable to fetch subscription info', __FILE__, __LINE__, $db->error());	412: $result = $db->query('SELECT 1 FROM '.$db->prefix.'forum_subscriptions WHERE user_id='.$pun_user['id'].' AND forum_id='.$forum_id) or error('Unable to fetch subscription info', __FILE__, __LINE__, $db->error());
409: if (!$db->num_rows($result))	413: if (!$db->num_rows($result))
417:	421:
418:	422:
419: else	423: else

a/moderate.php	b/moderate.php
24: {	24: {
25: $get_host = intval($_GET['get_host']);	25: $get_host = intval($_GET['get_host']);
26: if ($get_host < 1)	26: if ($get_host < 1)
27: message($lang_common['Bad request']);	27: message($lang_common['Bad request'], false, '404 Not Found');
28:	28:
29: $result = $db->query('SELECT poster_ip FROM '.$db->prefix.'posts WHERE id='.$get_host) or error('Unable to fetch post IP address', __FILE__, __LINE__, $db->error());	29: $result = $db->query('SELECT poster_ip FROM '.$db->prefix.'posts WHERE id='.$get_host) or error('Unable to fetch post IP address', __FILE__, __LINE__, $db->error());
30: if (!$db->num_rows($result))	30: if (!$db->num_rows($result))
87: confirm_referrer('moderate.php');	87: confirm_referrer('moderate.php');
88:	88:
89: if (@preg_match('%[^0-9,]%', $posts))	89: if (@preg_match('%[^0-9,]%', $posts))
90: message($lang_common['Bad request']);	90: message($lang_common['Bad request'], false, '404 Not Found');
91:	91:
92: // Verify that the post IDs are valid	92: // Verify that the post IDs are valid
93: $admins_sql = ($pun_user['g_id'] != PUN_ADMIN) ? ' AND poster_id NOT IN('.implode(',', get_admin_ids()).')' : '';	93: $admins_sql = ($pun_user['g_id'] != PUN_ADMIN) ? ' AND poster_id NOT IN('.implode(',', get_admin_ids()).')' : '';
94: $result = $db->query('SELECT 1 FROM '.$db->prefix.'posts WHERE id IN('.$posts.') AND topic_id='.$tid.$admins_sql) or error('Unable to check posts', __FILE__, __LINE__, $db->error());	94: $result = $db->query('SELECT 1 FROM '.$db->prefix.'posts WHERE id IN('.$posts.') AND topic_id='.$tid.$admins_sql) or error('Unable to check posts', __FILE__, __LINE__, $db->error());
95:	95:
96: if ($db->num_rows($result) != substr_count($posts, ',') + 1)	96: if ($db->num_rows($result) != substr_count($posts, ',') + 1)
97: message($lang_common['Bad request']);	97: message($lang_common['Bad request'], false, '404 Not Found');
98:	98:
99: // Delete the posts	99: // Delete the posts
100: $db->query('DELETE FROM '.$db->prefix.'posts WHERE id IN('.$posts.')') or error('Unable to delete posts', __FILE__, __LINE__, $db->error());	100: $db->query('DELETE FROM '.$db->prefix.'posts WHERE id IN('.$posts.')') or error('Unable to delete posts', __FILE__, __LINE__, $db->error());
155: confirm_referrer('moderate.php');	155: confirm_referrer('moderate.php');
156:	156:
157: if (@preg_match('%[^0-9,]%', $posts))	157: if (@preg_match('%[^0-9,]%', $posts))
158: message($lang_common['Bad request']);	158: message($lang_common['Bad request'], false, '404 Not Found');
159:	159:
160: $move_to_forum = isset($_POST['move_to_forum']) ? intval($_POST['move_to_forum']) : 0;	160: $move_to_forum = isset($_POST['move_to_forum']) ? intval($_POST['move_to_forum']) : 0;
161: if ($move_to_forum < 1)	161: if ($move_to_forum < 1)
162: message($lang_common['Bad request']);	162: message($lang_common['Bad request'], false, '404 Not Found');
163:	163:
164: // How many posts did we just split off?	164: // How many posts did we just split off?
165: $num_posts_splitted = substr_count($posts, ',') + 1;	165: $num_posts_splitted = substr_count($posts, ',') + 1;
167: // Verify that the post IDs are valid	167: // Verify that the post IDs are valid
168: $result = $db->query('SELECT 1 FROM '.$db->prefix.'posts WHERE id IN('.$posts.') AND topic_id='.$tid) or error('Unable to check posts', __FILE__, __LINE__, $db->error());	168: $result = $db->query('SELECT 1 FROM '.$db->prefix.'posts WHERE id IN('.$posts.') AND topic_id='.$tid) or error('Unable to check posts', __FILE__, __LINE__, $db->error());
169: if ($db->num_rows($result) != $num_posts_splitted)	169: if ($db->num_rows($result) != $num_posts_splitted)
170: message($lang_common['Bad request']);	170: message($lang_common['Bad request'], false, '404 Not Found');
171:	171:
172: // Verify that the move to forum ID is valid	172: // Verify that the move to forum ID is valid
173: $result = $db->query('SELECT 1 FROM '.$db->prefix.'forums AS f LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.group_id='.$pun_user['g_id'].' AND fp.forum_id='.$move_to_forum.') WHERE f.redirect_url IS NULL AND (fp.post_topics IS NULL OR fp.post_topics=1)') or error('Unable to fetch forum permissions', __FILE__, __LINE__, $db->error());	173: $result = $db->query('SELECT 1 FROM '.$db->prefix.'forums AS f LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.group_id='.$pun_user['g_id'].' AND fp.forum_id='.$move_to_forum.') WHERE f.redirect_url IS NULL AND (fp.post_topics IS NULL OR fp.post_topics=1)') or error('Unable to fetch forum permissions', __FILE__, __LINE__, $db->error());
174: if (!$db->num_rows($result))	174: if (!$db->num_rows($result))
175: message($lang_common['Bad request']);	175: message($lang_common['Bad request'], false, '404 Not Found');
176:	176:
177: // Load the post.php language file	177: // Load the post.php language file
178: require PUN_ROOT.'lang/'.$pun_user['language'].'/post.php';	178: require PUN_ROOT.'lang/'.$pun_user['language'].'/post.php';
278: // Used to disable the Move and Delete buttons if there are no replies to this topic	278: // Used to disable the Move and Delete buttons if there are no replies to this topic
279: $button_status = ($cur_topic['num_replies'] == 0) ? ' disabled="disabled"' : '';	279: $button_status = ($cur_topic['num_replies'] == 0) ? ' disabled="disabled"' : '';
280:	280:
	281: if (isset($_GET['action']) && $_GET['action'] == 'all')
	282: $pun_user['disp_posts'] = $cur_topic['num_replies'] + 1;
281:	283:
282: // Determine the post offset (based on $_GET['p'])	284: // Determine the post offset (based on $_GET['p'])
283: $num_pages = ceil(($cur_topic['num_replies'] + 1) / $pun_user['disp_posts']);	285: $num_pages = ceil(($cur_topic['num_replies'] + 1) / $pun_user['disp_posts']);
425: confirm_referrer('moderate.php');	427: confirm_referrer('moderate.php');
426:	428:
427: if (@preg_match('%[^0-9,]%', $_POST['topics']))	429: if (@preg_match('%[^0-9,]%', $_POST['topics']))
428: message($lang_common['Bad request']);	430: message($lang_common['Bad request'], false, '404 Not Found');
429:	431:
430: $topics = explode(',', $_POST['topics']);	432: $topics = explode(',', $_POST['topics']);
431: $move_to_forum = isset($_POST['move_to_forum']) ? intval($_POST['move_to_forum']) : 0;	433: $move_to_forum = isset($_POST['move_to_forum']) ? intval($_POST['move_to_forum']) : 0;
432: if (empty($topics) \|\| $move_to_forum < 1)	434: if (empty($topics) \|\| $move_to_forum < 1)
433: message($lang_common['Bad request']);	435: message($lang_common['Bad request'], false, '404 Not Found');
434:	436:
435: // Verify that the topic IDs are valid	437: // Verify that the topic IDs are valid
436: $result = $db->query('SELECT 1 FROM '.$db->prefix.'topics WHERE id IN('.implode(',',$topics).') AND forum_id='.$fid) or error('Unable to check topics', __FILE__, __LINE__, $db->error());	438: $result = $db->query('SELECT 1 FROM '.$db->prefix.'topics WHERE id IN('.implode(',',$topics).') AND forum_id='.$fid) or error('Unable to check topics', __FILE__, __LINE__, $db->error());
437:	439:
438: if ($db->num_rows($result) != count($topics))	440: if ($db->num_rows($result) != count($topics))
439: message($lang_common['Bad request']);	441: message($lang_common['Bad request'], false, '404 Not Found');
440:	442:
441: // Verify that the move to forum ID is valid	443: // Verify that the move to forum ID is valid
442: $result = $db->query('SELECT 1 FROM '.$db->prefix.'forums AS f LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.group_id='.$pun_user['g_id'].' AND fp.forum_id='.$move_to_forum.') WHERE f.redirect_url IS NULL AND (fp.post_topics IS NULL OR fp.post_topics=1)') or error('Unable to fetch forum permissions', __FILE__, __LINE__, $db->error());	444: $result = $db->query('SELECT 1 FROM '.$db->prefix.'forums AS f LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.group_id='.$pun_user['g_id'].' AND fp.forum_id='.$move_to_forum.') WHERE f.redirect_url IS NULL AND (fp.post_topics IS NULL OR fp.post_topics=1)') or error('Unable to fetch forum permissions', __FILE__, __LINE__, $db->error());
443: if (!$db->num_rows($result))	445: if (!$db->num_rows($result))
444: message($lang_common['Bad request']);	446: message($lang_common['Bad request'], false, '404 Not Found');
445:	447:
446: // Delete any redirect topics if there are any (only if we moved/copied the topic back to where it was once moved from)	448: // Delete any redirect topics if there are any (only if we moved/copied the topic back to where it was once moved from)
447: $db->query('DELETE FROM '.$db->prefix.'topics WHERE forum_id='.$move_to_forum.' AND moved_to IN('.implode(',',$topics).')') or error('Unable to delete redirect topics', __FILE__, __LINE__, $db->error());	449: $db->query('DELETE FROM '.$db->prefix.'topics WHERE forum_id='.$move_to_forum.' AND moved_to IN('.implode(',',$topics).')') or error('Unable to delete redirect topics', __FILE__, __LINE__, $db->error());
483: {	485: {
484: $topics = intval($_GET['move_topics']);	486: $topics = intval($_GET['move_topics']);
485: if ($topics < 1)	487: if ($topics < 1)
486: message($lang_common['Bad request']);	488: message($lang_common['Bad request'], false, '404 Not Found');
487:	489:
488: $action = 'single';	490: $action = 'single';
489: }	491: }
553: confirm_referrer('moderate.php');	555: confirm_referrer('moderate.php');
554:	556:
555: if (@preg_match('%[^0-9,]%', $_POST['topics']))	557: if (@preg_match('%[^0-9,]%', $_POST['topics']))
556: message($lang_common['Bad request']);	558: message($lang_common['Bad request'], false, '404 Not Found');
557:	559:
558: $topics = explode(',', $_POST['topics']);	560: $topics = explode(',', $_POST['topics']);
559: if (count($topics) < 2)	561: if (count($topics) < 2)
562: // Verify that the topic IDs are valid (redirect links will point to the merged topic after the merge)	564: // Verify that the topic IDs are valid (redirect links will point to the merged topic after the merge)
563: $result = $db->query('SELECT id FROM '.$db->prefix.'topics WHERE id IN('.implode(',', $topics).') AND forum_id='.$fid.' ORDER BY id ASC') or error('Unable to check topics', __FILE__, __LINE__, $db->error());	565: $result = $db->query('SELECT id FROM '.$db->prefix.'topics WHERE id IN('.implode(',', $topics).') AND forum_id='.$fid.' ORDER BY id ASC') or error('Unable to check topics', __FILE__, __LINE__, $db->error());
564: if ($db->num_rows($result) != count($topics))	566: if ($db->num_rows($result) != count($topics))
565: message($lang_common['Bad request']);	567: message($lang_common['Bad request'], false, '404 Not Found');
566:	568:
567: // The topic that we are merging into is the one with the smallest ID	569: // The topic that we are merging into is the one with the smallest ID
568: $merge_to_tid = $db->result($result);	570: $merge_to_tid = $db->result($result);
580: $db->query('UPDATE '.$db->prefix.'posts SET topic_id='.$merge_to_tid.' WHERE topic_id IN('.implode(',', $topics).')') or error('Unable to merge the posts into the topic', __FILE__, __LINE__, $db->error());	582: $db->query('UPDATE '.$db->prefix.'posts SET topic_id='.$merge_to_tid.' WHERE topic_id IN('.implode(',', $topics).')') or error('Unable to merge the posts into the topic', __FILE__, __LINE__, $db->error());
581:	583:
582: // Update any subscriptions	584: // Update any subscriptions
583: $result = $db->query('SELECT user_id FROM '.$db->prefix.'topic_subscriptions WHERE topic_id IN ('.implode(',', $topics).')') or error('Unable to fetch subscriptions of merged topics', __FILE__, __LINE__, $db->error());	585: $result = $db->query('SELECT DISTINCT user_id FROM '.$db->prefix.'topic_subscriptions WHERE topic_id IN('.implode(',', $topics).')') or error('Unable to fetch subscriptions of merged topics', __FILE__, __LINE__, $db->error());
584:	586:
585: $subscribed_users = array();	587: $subscribed_users = array();
586: while ($cur_user_id = $db->result($result))	588: while ($row = $db->fetch_row($result))
587: $subscribed_users[] = $cur_user_id;	589: $subscribed_users[] = $row[0];
588: $subscribed_users = array_unique($subscribed_users);
589:	590:
590: $db->query('DELETE FROM '.$db->prefix.'topic_subscriptions WHERE topic_id IN ('.implode(',', $topics).')') or error('Unable to delete subscriptions of merged topics', __FILE__, __LINE__, $db->error());	591: $db->query('DELETE FROM '.$db->prefix.'topic_subscriptions WHERE topic_id IN('.implode(',', $topics).')') or error('Unable to delete subscriptions of merged topics', __FILE__, __LINE__, $db->error());
591:	592:
592: foreach ($subscribed_users as $cur_user_id)	593: foreach ($subscribed_users as $cur_user_id)
593: $db->query('INSERT INTO '.$db->prefix.'topic_subscriptions (topic_id, user_id) VALUES ('.$merge_to_tid.', '.$cur_user_id.')') or error('Unable to re-enter subscriptions for merge topic', __FILE__, __LINE__, $db->error());	594: $db->query('INSERT INTO '.$db->prefix.'topic_subscriptions (topic_id, user_id) VALUES ('.$merge_to_tid.', '.$cur_user_id.')') or error('Unable to re-enter subscriptions for merge topic', __FILE__, __LINE__, $db->error());
657: confirm_referrer('moderate.php');	658: confirm_referrer('moderate.php');
658:	659:
659: if (@preg_match('%[^0-9,]%', $topics))	660: if (@preg_match('%[^0-9,]%', $topics))
660: message($lang_common['Bad request']);	661: message($lang_common['Bad request'], false, '404 Not Found');
661:	662:
662: require PUN_ROOT.'include/search_idx.php';	663: require PUN_ROOT.'include/search_idx.php';
663:	664:
665: $result = $db->query('SELECT 1 FROM '.$db->prefix.'topics WHERE id IN('.$topics.') AND forum_id='.$fid) or error('Unable to check topics', __FILE__, __LINE__, $db->error());	666: $result = $db->query('SELECT 1 FROM '.$db->prefix.'topics WHERE id IN('.$topics.') AND forum_id='.$fid) or error('Unable to check topics', __FILE__, __LINE__, $db->error());
666:	667:
667: if ($db->num_rows($result) != substr_count($topics, ',') + 1)	668: if ($db->num_rows($result) != substr_count($topics, ',') + 1)
668: message($lang_common['Bad request']);	669: message($lang_common['Bad request'], false, '404 Not Found');
669:	670:
670: // Verify that the posts are not by admins	671: // Verify that the posts are not by admins
671: if ($pun_user['g_id'] != PUN_ADMIN)	672: if ($pun_user['g_id'] != PUN_ADMIN)
755:	756:
756: $topic_id = ($action) ? intval($_GET['close']) : intval($_GET['open']);	757: $topic_id = ($action) ? intval($_GET['close']) : intval($_GET['open']);
757: if ($topic_id < 1)	758: if ($topic_id < 1)
758: message($lang_common['Bad request']);	759: message($lang_common['Bad request'], false, '404 Not Found');
759:	760:
760: $db->query('UPDATE '.$db->prefix.'topics SET closed='.$action.' WHERE id='.$topic_id.' AND forum_id='.$fid) or error('Unable to close topic', __FILE__, __LINE__, $db->error());	761: $db->query('UPDATE '.$db->prefix.'topics SET closed='.$action.' WHERE id='.$topic_id.' AND forum_id='.$fid) or error('Unable to close topic', __FILE__, __LINE__, $db->error());
761:	762:
772:	773:
773: $stick = intval($_GET['stick']);	774: $stick = intval($_GET['stick']);
774: if ($stick < 1)	775: if ($stick < 1)
775: message($lang_common['Bad request']);	776: message($lang_common['Bad request'], false, '404 Not Found');
776:	777:
777: $db->query('UPDATE '.$db->prefix.'topics SET sticky=\'1\' WHERE id='.$stick.' AND forum_id='.$fid) or error('Unable to stick topic', __FILE__, __LINE__, $db->error());	778: $db->query('UPDATE '.$db->prefix.'topics SET sticky=\'1\' WHERE id='.$stick.' AND forum_id='.$fid) or error('Unable to stick topic', __FILE__, __LINE__, $db->error());
778:	779:
787:	788:
788: $unstick = intval($_GET['unstick']);	789: $unstick = intval($_GET['unstick']);
789: if ($unstick < 1)	790: if ($unstick < 1)
790: message($lang_common['Bad request']);	791: message($lang_common['Bad request'], false, '404 Not Found');
791:	792:
792: $db->query('UPDATE '.$db->prefix.'topics SET sticky=\'0\' WHERE id='.$unstick.' AND forum_id='.$fid) or error('Unable to unstick topic', __FILE__, __LINE__, $db->error());	793: $db->query('UPDATE '.$db->prefix.'topics SET sticky=\'0\' WHERE id='.$unstick.' AND forum_id='.$fid) or error('Unable to unstick topic', __FILE__, __LINE__, $db->error());
793:	794:
809:	810:
810: // Is this a redirect forum? In that case, abort!	811: // Is this a redirect forum? In that case, abort!
811: if ($cur_forum['redirect_url'] != '')	812: if ($cur_forum['redirect_url'] != '')
812: message($lang_common['Bad request']);	813: message($lang_common['Bad request'], false, '404 Not Found');
813:	814:
814: switch ($cur_forum['sort_by'])	815: switch ($cur_forum['sort_by'])
815: {	816: {
860: <h2><span><?php echo pun_htmlspecialchars($cur_forum['forum_name']) ?></span></h2>	861: <h2><span><?php echo pun_htmlspecialchars($cur_forum['forum_name']) ?></span></h2>
861: <div class="box">	862: <div class="box">
862: <div class="inbox">	863: <div class="inbox">
863: <table cellspacing="0">	864: <table>
864: <thead>	865: <thead>
865: <tr>	866: <tr>
866: <th class="tcl" scope="col"><?php echo $lang_common['Topic'] ?></th>	867: <th class="tcl" scope="col"><?php echo $lang_common['Topic'] ?></th>

a/post.php	b/post.php
33:	33:
34: // Is someone trying to post into a redirect forum?	34: // Is someone trying to post into a redirect forum?
35: if ($cur_posting['redirect_url'] != '')	35: if ($cur_posting['redirect_url'] != '')
36: message($lang_common['Bad request']);	36: message($lang_common['Bad request'], false, '404 Not Found');
37:	37:
38: // Sort out who the moderators are and if we are currently a moderator (or an admin)	38: // Sort out who the moderators are and if we are currently a moderator (or an admin)
39: $mods_array = ($cur_posting['moderators'] != '') ? unserialize($cur_posting['moderators']) : array();	39: $mods_array = ($cur_posting['moderators'] != '') ? unserialize($cur_posting['moderators']) : array();
63: if (!isset($_POST['preview']) && $pun_user['last_post'] != '' && (time() - $pun_user['last_post']) < $pun_user['g_post_flood'])	63: if (!isset($_POST['preview']) && $pun_user['last_post'] != '' && (time() - $pun_user['last_post']) < $pun_user['g_post_flood'])
64: $errors[] = sprintf($lang_post['Flood start'], $pun_user['g_post_flood'], $pun_user['g_post_flood'] - (time() - $pun_user['last_post']));	64: $errors[] = sprintf($lang_post['Flood start'], $pun_user['g_post_flood'], $pun_user['g_post_flood'] - (time() - $pun_user['last_post']));
65:	65:
	66: // Make sure they got here from the site
	67: confirm_referrer(array('post.php', 'viewtopic.php'));
	68:
66: // If it's a new topic	69: // If it's a new topic
67: if ($fid)	70: if ($fid)
68: {	71: {
523: $form = '<form id="post" method="post" action="post.php?action=post&fid='.$fid.'" onsubmit="return process_form(this)">';	526: $form = '<form id="post" method="post" action="post.php?action=post&fid='.$fid.'" onsubmit="return process_form(this)">';
524: }	527: }
525: else	528: else
526: message($lang_common['Bad request']);	529: message($lang_common['Bad request'], false, '404 Not Found');
527:	530:
528:	531:
529: $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $action);	532: $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $action);
547: <ul class="crumbs">	550: <ul class="crumbs">
548: <li><a href="index.php"><?php echo $lang_common['Index'] ?></a></li>	551: <li><a href="index.php"><?php echo $lang_common['Index'] ?></a></li>
549: <li><span>» </span><a href="viewforum.php?id=<?php echo $cur_posting['id'] ?>"><?php echo pun_htmlspecialchars($cur_posting['forum_name']) ?></a></li>	552: <li><span>» </span><a href="viewforum.php?id=<?php echo $cur_posting['id'] ?>"><?php echo pun_htmlspecialchars($cur_posting['forum_name']) ?></a></li>
	553: <?php if (isset($_POST['req_subject'])): ?> <li><span>» </span><?php echo pun_htmlspecialchars($_POST['req_subject']) ?></li>
	554: <?php endif; ?>
550: <?php if (isset($cur_posting['subject'])): ?> <li><span>» </span><a href="viewtopic.php?id=<?php echo $tid ?>"><?php echo pun_htmlspecialchars($cur_posting['subject']) ?></a></li>	555: <?php if (isset($cur_posting['subject'])): ?> <li><span>» </span><a href="viewtopic.php?id=<?php echo $tid ?>"><?php echo pun_htmlspecialchars($cur_posting['subject']) ?></a></li>
551: <?php endif; ?> <li><span>» </span><strong><?php echo $action ?></strong></li>	556: <?php endif; ?> <li><span>» </span><strong><?php echo $action ?></strong></li>
552: </ul>	557: </ul>

a/profile.php	b/profile.php
81:	81:
82: if (isset($_POST['form_sent']))	82: if (isset($_POST['form_sent']))
83: {	83: {
84: if ($pun_user['is_admmod'])	84: // Make sure they got here from the site
85: confirm_referrer('profile.php');	85: confirm_referrer('profile.php');
86:	86:
87: $old_password = isset($_POST['req_old_password']) ? pun_trim($_POST['req_old_password']) : '';	87: $old_password = isset($_POST['req_old_password']) ? pun_trim($_POST['req_old_password']) : '';
88: $new_password1 = pun_trim($_POST['req_new_password1']);	88: $new_password1 = pun_trim($_POST['req_new_password1']);
195: {	195: {
196: if (pun_hash($_POST['req_password']) !== $pun_user['password'])	196: if (pun_hash($_POST['req_password']) !== $pun_user['password'])
197: message($lang_profile['Wrong pass']);	197: message($lang_profile['Wrong pass']);
	198:
	199: // Make sure they got here from the site
	200: confirm_referrer('profile.php');
198:	201:
199: require PUN_ROOT.'include/email.php';	202: require PUN_ROOT.'include/email.php';
200:	203:
322: {	325: {
323: if (!isset($_FILES['req_file']))	326: if (!isset($_FILES['req_file']))
324: message($lang_profile['No file']);	327: message($lang_profile['No file']);
	328:
	329: // Make sure they got here from the site
	330: confirm_referrer('profile.php');
325:	331:
326: $uploaded_file = $_FILES['req_file'];	332: $uploaded_file = $_FILES['req_file'];
327:	333:
700: $is_moderator)))) // or the user is another mod	706: $is_moderator)))) // or the user is another mod
701: message($lang_common['No permission'], false, '403 Forbidden');	707: message($lang_common['No permission'], false, '403 Forbidden');
702:	708:
703: if ($pun_user['is_admmod'])	709: // Make sure they got here from the site
704: confirm_referrer('profile.php');	710: confirm_referrer('profile.php');
705:	711:
706: $username_updated = false;	712: $username_updated = false;
707:	713:
924: }	930: }
925:	931:
926: default:	932: default:
927: message($lang_common['Bad request']);	933: message($lang_common['Bad request'], false, '404 Not Found');
928: }	934: }
929:	935:
930:	936:
938: }	944: }
939:	945:
940: if (empty($temp))	946: if (empty($temp))
941: message($lang_common['Bad request']);	947: message($lang_common['Bad request'], false, '404 Not Found');
942:	948:
943:	949:
944: $db->query('UPDATE '.$db->prefix.'users SET '.implode(',', $temp).' WHERE id='.$id) or error('Unable to update profile', __FILE__, __LINE__, $db->error());	950: $db->query('UPDATE '.$db->prefix.'users SET '.implode(',', $temp).' WHERE id='.$id) or error('Unable to update profile', __FILE__, __LINE__, $db->error());
1495: else if ($section == 'personality')	1501: else if ($section == 'personality')
1496: {	1502: {
1497: if ($pun_config['o_avatars'] == '0' && $pun_config['o_signatures'] == '0')	1503: if ($pun_config['o_avatars'] == '0' && $pun_config['o_signatures'] == '0')
1498: message($lang_common['Bad request']);	1504: message($lang_common['Bad request'], false, '404 Not Found');
1499:	1505:
1500: $avatar_field = '<span><a href="profile.php?action=upload_avatar&id='.$id.'">'.$lang_profile['Change avatar'].'</a></span>';	1506: $avatar_field = '<span><a href="profile.php?action=upload_avatar&id='.$id.'">'.$lang_profile['Change avatar'].'</a></span>';
1501:	1507:
1821:	1827:
1822: }	1828: }
1823: else	1829: else
1824: message($lang_common['Bad request']);	1830: message($lang_common['Bad request'], false, '404 Not Found');
1825:	1831:
1826: ?>	1832: ?>
1827: <div class="clearer"></div>	1833: <div class="clearer"></div>

a/register.php	b/register.php
133: {	133: {
134: $language = preg_replace('%[\.\\\/]%', '', $_POST['language']);	134: $language = preg_replace('%[\.\\\/]%', '', $_POST['language']);
135: if (!file_exists(PUN_ROOT.'lang/'.$language.'/common.php'))	135: if (!file_exists(PUN_ROOT.'lang/'.$language.'/common.php'))
136: message($lang_common['Bad request']);	136: message($lang_common['Bad request'], false, '404 Not Found');
137: }	137: }
138: else	138: else
139: $language = $pun_config['o_default_lang'];	139: $language = $pun_config['o_default_lang'];
159: $db->query('INSERT INTO '.$db->prefix.'users (username, group_id, password, email, email_setting, timezone, dst, language, style, registered, registration_ip, last_visit) VALUES(\''.$db->escape($username).'\', '.$intial_group_id.', \''.$password_hash.'\', \''.$db->escape($email1).'\', '.$email_setting.', '.$timezone.' , '.$dst.', \''.$db->escape($language).'\', \''.$pun_config['o_default_style'].'\', '.$now.', \''.$db->escape(get_remote_address()).'\', '.$now.')') or error('Unable to create user', __FILE__, __LINE__, $db->error());	159: $db->query('INSERT INTO '.$db->prefix.'users (username, group_id, password, email, email_setting, timezone, dst, language, style, registered, registration_ip, last_visit) VALUES(\''.$db->escape($username).'\', '.$intial_group_id.', \''.$password_hash.'\', \''.$db->escape($email1).'\', '.$email_setting.', '.$timezone.' , '.$dst.', \''.$db->escape($language).'\', \''.$pun_config['o_default_style'].'\', '.$now.', \''.$db->escape(get_remote_address()).'\', '.$now.')') or error('Unable to create user', __FILE__, __LINE__, $db->error());
160: $new_uid = $db->insert_id();	160: $new_uid = $db->insert_id();
161:	161:
	162: if ($pun_config['o_regs_verify'] == '0')
	163: {
	164: // Regenerate the users info cache
	165: if (!defined('FORUM_CACHE_FUNCTIONS_LOADED'))
	166: require PUN_ROOT.'include/cache.php';
	167:
	168: generate_users_info_cache();
	169: }
	170:
162: // If the mailing list isn't empty, we may need to send out some alerts	171: // If the mailing list isn't empty, we may need to send out some alerts
163: if ($pun_config['o_mailing_list'] != '')	172: if ($pun_config['o_mailing_list'] != '')
164: {	173: {
243: message($lang_register['Reg email'].' <a href="mailto:'.pun_htmlspecialchars($pun_config['o_admin_email']).'">'.pun_htmlspecialchars($pun_config['o_admin_email']).'</a>.', true);	252: message($lang_register['Reg email'].' <a href="mailto:'.pun_htmlspecialchars($pun_config['o_admin_email']).'">'.pun_htmlspecialchars($pun_config['o_admin_email']).'</a>.', true);
244: }	253: }
245:	254:
246: // Regenerate the users info cache
247: if (!defined('FORUM_CACHE_FUNCTIONS_LOADED'))
248: require PUN_ROOT.'include/cache.php';
249:
250: generate_users_info_cache();
251:
252: pun_setcookie($new_uid, $password_hash, time() + $pun_config['o_timeout_visit']);	255: pun_setcookie($new_uid, $password_hash, time() + $pun_config['o_timeout_visit']);
253:	256:
254: redirect('index.php', $lang_register['Reg complete']);	257: redirect('index.php', $lang_register['Reg complete']);

a/search.php	b/search.php
84: else if ($action == 'show_replies')	84: else if ($action == 'show_replies')
85: {	85: {
86: if ($pun_user['is_guest'])	86: if ($pun_user['is_guest'])
87: message($lang_common['Bad request']);	87: message($lang_common['Bad request'], false, '404 Not Found');
88: }	88: }
89: else if ($action != 'show_new' && $action != 'show_unanswered')	89: else if ($action != 'show_new' && $action != 'show_unanswered')
90: message($lang_common['Bad request']);	90: message($lang_common['Bad request'], false, '404 Not Found');
91:	91:
92:	92:
93: // If a valid search_id was supplied we attempt to fetch the search results from the db	93: // If a valid search_id was supplied we attempt to fetch the search results from the db
379: else if ($action == 'show_subscriptions')	379: else if ($action == 'show_subscriptions')
380: {	380: {
381: if ($pun_user['is_guest'])	381: if ($pun_user['is_guest'])
382: message($lang_common['Bad request']);	382: message($lang_common['Bad request'], false, '404 Not Found');
383:	383:
384: $result = $db->query('SELECT t.id FROM '.$db->prefix.'topics AS t INNER JOIN '.$db->prefix.'topic_subscriptions AS s ON (t.id=s.topic_id AND s.user_id='.$user_id.') LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=t.forum_id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) ORDER BY t.last_post DESC') or error('Unable to fetch topic list', __FILE__, __LINE__, $db->error());	384: $result = $db->query('SELECT t.id FROM '.$db->prefix.'topics AS t INNER JOIN '.$db->prefix.'topic_subscriptions AS s ON (t.id=s.topic_id AND s.user_id='.$user_id.') LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=t.forum_id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) ORDER BY t.last_post DESC') or error('Unable to fetch topic list', __FILE__, __LINE__, $db->error());
385: $num_hits = $db->num_rows($result);	385: $num_hits = $db->num_rows($result);
407: $db->free_result($result);	407: $db->free_result($result);
408: }	408: }
409: else	409: else
410: message($lang_common['Bad request']);	410: message($lang_common['Bad request'], false, '404 Not Found');
411:	411:
412:	412:
413: // Prune "old" search results	413: // Prune "old" search results
577: <h2><span><?php echo $lang_search['Search results'] ?></span></h2>	577: <h2><span><?php echo $lang_search['Search results'] ?></span></h2>
578: <div class="box">	578: <div class="box">
579: <div class="inbox">	579: <div class="inbox">
580: <table cellspacing="0">	580: <table>
581: <thead>	581: <thead>
582: <tr>	582: <tr>
583: <th class="tcl" scope="col"><?php echo $lang_common['Topic'] ?></th>	583: <th class="tcl" scope="col"><?php echo $lang_common['Topic'] ?></th>

a/style/Air.css	b/style/Air.css
673: }	673: }
674:	674:
675: .pun .blocktable .tclcon {	675: .pun .blocktable .tclcon {
676: height: 1%;
677: min-height: 1px;	676: min-height: 1px;
678: overflow: hidden;	677: overflow: hidden;
679: padding: 0 11px 0 12px;	678: padding: 0 11px 0 12px;
964: }	963: }
965:	964:
966: .pun .codebox pre {	965: .pun .codebox pre {
967: overflow: hidden;	966: overflow: auto;
968: width: 100%;	967: width: 100%;
969: direction: ltr;	968: direction: ltr;
970: text-align: left;	969: text-align: left;
1188: width: 98%;	1187: width: 98%;
1189: }	1188: }
1190:	1189:
	1190: .pun textarea {
	1191: resize: vertical;
	1192: }
	1193:
1191: .pun #quickpost .txtarea {	1194: .pun #quickpost .txtarea {
1192: padding-right: 12px;	1195: padding-right: 12px;
1193: position: relative;	1196: position: relative;

a/style/Cobalt.css	b/style/Cobalt.css
516: .pun .blocktable .tclcon {	516: .pun .blocktable .tclcon {
517: padding: 0 11px 0 12px;	517: padding: 0 11px 0 12px;
518: overflow: hidden;	518: overflow: hidden;
519: height: 1%;
520: min-height: 1px;	519: min-height: 1px;
521: position: relative;	520: position: relative;
522: }	521: }

a/style/Earth.css	b/style/Earth.css
672: }	672: }
673:	673:
674: .pun .blocktable .tclcon {	674: .pun .blocktable .tclcon {
675: height: 1%;
676: min-height: 1px;	675: min-height: 1px;
677: overflow: hidden;	676: overflow: hidden;
678: padding: 0 11px 0 12px;	677: padding: 0 11px 0 12px;
963: }	962: }
964:	963:
965: .pun .codebox pre {	964: .pun .codebox pre {
966: overflow: hidden;	965: overflow: auto;
967: width: 100%;	966: width: 100%;
968: direction: ltr;	967: direction: ltr;
969: text-align: left;	968: text-align: left;
1187: width: 98%;	1186: width: 98%;
1188: }	1187: }
1189:	1188:
	1189: .pun textarea {
	1190: resize: vertical;
	1191: }
	1192:
1190: .pun #quickpost .txtarea {	1193: .pun #quickpost .txtarea {
1191: padding-right: 12px;	1194: padding-right: 12px;
1192: position: relative;	1195: position: relative;

a/style/Fire.css	b/style/Fire.css
672: }	672: }
673:	673:
674: .pun .blocktable .tclcon {	674: .pun .blocktable .tclcon {
675: height: 1%;
676: min-height: 1px;	675: min-height: 1px;
677: overflow: hidden;	676: overflow: hidden;
678: padding: 0 11px 0 12px;	677: padding: 0 11px 0 12px;
963: }	962: }
964:	963:
965: .pun .codebox pre {	964: .pun .codebox pre {
966: overflow: hidden;	965: overflow: auto;
967: width: 100%;	966: width: 100%;
968: direction: ltr;	967: direction: ltr;
969: text-align: left;	968: text-align: left;
1187: width: 98%;	1186: width: 98%;
1188: }	1187: }
1189:	1188:
	1189: .pun textarea {
	1190: resize: vertical;
	1191: }
	1192:
1190: .pun #quickpost .txtarea {	1193: .pun #quickpost .txtarea {
1191: padding-right: 12px;	1194: padding-right: 12px;
1192: position: relative;	1195: position: relative;

a/style/Lithium.css	b/style/Lithium.css
516: .pun .blocktable .tclcon {	516: .pun .blocktable .tclcon {
517: padding: 0 11px 0 12px;	517: padding: 0 11px 0 12px;
518: overflow: hidden;	518: overflow: hidden;
519: height: 1%;
520: min-height: 1px;	519: min-height: 1px;
521: position: relative;	520: position: relative;
522: }	521: }

a/style/Mercury.css	b/style/Mercury.css
516: .pun .blocktable .tclcon {	516: .pun .blocktable .tclcon {
517: padding: 0 11px 0 12px;	517: padding: 0 11px 0 12px;
518: overflow: hidden;	518: overflow: hidden;
519: height: 1%;
520: min-height: 1px;	519: min-height: 1px;
521: position: relative;	520: position: relative;
522: }	521: }

a/style/Oxygen.css	b/style/Oxygen.css
517: .pun .blocktable .tclcon {	517: .pun .blocktable .tclcon {
518: padding: 0 11px 0 12px;	518: padding: 0 11px 0 12px;
519: overflow: hidden;	519: overflow: hidden;
520: height: 1%;
521: min-height: 1px;	520: min-height: 1px;
522: position: relative;	521: position: relative;
523: }	522: }

a/style/Radium.css	b/style/Radium.css
516: .pun .blocktable .tclcon {	516: .pun .blocktable .tclcon {
517: padding: 0 11px 0 12px;	517: padding: 0 11px 0 12px;
518: overflow: hidden;	518: overflow: hidden;
519: height: 1%;
520: min-height: 1px;	519: min-height: 1px;
521: position: relative;	520: position: relative;
522: }	521: }

a/style/Sulfur.css	b/style/Sulfur.css
516: .pun .blocktable .tclcon {	516: .pun .blocktable .tclcon {
517: padding: 0 11px 0 12px;	517: padding: 0 11px 0 12px;
518: overflow: hidden;	518: overflow: hidden;
519: height: 1%;
520: min-height: 1px;	519: min-height: 1px;
521: position: relative;	520: position: relative;
522: }	521: }

a/style/Technetium.css	b/style/Technetium.css
582: .pun .blocktable .tclcon {	582: .pun .blocktable .tclcon {
583: padding: 0 11px 0 12px;	583: padding: 0 11px 0 12px;
584: overflow: hidden;	584: overflow: hidden;
585: height: 1%;
586: min-height: 1px;	585: min-height: 1px;
587: position: relative;	586: position: relative;
588: }	587: }

a/userlist.php	b/userlist.php
122: <h2><span><?php echo $lang_common['User list'] ?></span></h2>	122: <h2><span><?php echo $lang_common['User list'] ?></span></h2>
123: <div class="box">	123: <div class="box">
124: <div class="inbox">	124: <div class="inbox">
125: <table cellspacing="0">	125: <table>
126: <thead>	126: <thead>
127: <tr>	127: <tr>
128: <th class="tcl" scope="col"><?php echo $lang_common['Username'] ?></th>	128: <th class="tcl" scope="col"><?php echo $lang_common['Username'] ?></th>

a/viewforum.php	b/viewforum.php
122: <h2><span><?php echo pun_htmlspecialchars($cur_forum['forum_name']) ?></span></h2>	122: <h2><span><?php echo pun_htmlspecialchars($cur_forum['forum_name']) ?></span></h2>
123: <div class="box">	123: <div class="box">
124: <div class="inbox">	124: <div class="inbox">
125: <table cellspacing="0">	125: <table>
126: <thead>	126: <thead>
127: <tr>	127: <tr>
128: <th class="tcl" scope="col"><?php echo $lang_common['Topic'] ?></th>	128: <th class="tcl" scope="col"><?php echo $lang_common['Topic'] ?></th>
141: if ($db->num_rows($result))	141: if ($db->num_rows($result))
142: {	142: {
143: $topic_ids = array();	143: $topic_ids = array();
144: for ($i = 0;$cur_topic_id = $db->result($result, $i);$i++)	144: for ($i = 0; $cur_topic_id = $db->result($result, $i); $i++)
145: $topic_ids[] = $cur_topic_id;	145: $topic_ids[] = $cur_topic_id;
146:	146:
147: if (empty($topic_ids))
148: error('The topic table and forum table seem to be out of sync!', __FILE__, __LINE__);
149:
150: // Fetch list of topics to display on this page	147: // Fetch list of topics to display on this page
151: if ($pun_user['is_guest'] \|\| $pun_config['o_show_dot'] == '0')	148: if ($pun_user['is_guest'] \|\| $pun_config['o_show_dot'] == '0')
152: {	149: {

hdiff - version: 2.1.0 (modified)