fluxbb-1.5.6 to fluxbb-1.5.7

fluxbb-1.5.6 to fluxbb-1.5.7	Legend
	Lines removed
	Lines changed
		Lines added

a/admin_options.php	b/admin_options.php
705: <tr>	705: <tr>
706: <th scope="row"><?php echo $lang_admin_options['Admin e-mail label'] ?></th>	706: <th scope="row"><?php echo $lang_admin_options['Admin e-mail label'] ?></th>
707: <td>	707: <td>
708: <input type="text" name="form[admin_email]" size="50" maxlength="80" value="<?php echo $pun_config['o_admin_email'] ?>" />	708: <input type="text" name="form[admin_email]" size="50" maxlength="80" value="<?php echo pun_htmlspecialchars($pun_config['o_admin_email']) ?>" />
709: <span><?php echo $lang_admin_options['Admin e-mail help'] ?></span>	709: <span><?php echo $lang_admin_options['Admin e-mail help'] ?></span>
710: </td>	710: </td>
711: </tr>	711: </tr>
712: <tr>	712: <tr>
713: <th scope="row"><?php echo $lang_admin_options['Webmaster e-mail label'] ?></th>	713: <th scope="row"><?php echo $lang_admin_options['Webmaster e-mail label'] ?></th>
714: <td>	714: <td>
715: <input type="text" name="form[webmaster_email]" size="50" maxlength="80" value="<?php echo $pun_config['o_webmaster_email'] ?>" />	715: <input type="text" name="form[webmaster_email]" size="50" maxlength="80" value="<?php echo pun_htmlspecialchars($pun_config['o_webmaster_email']) ?>" />
716: <span><?php echo $lang_admin_options['Webmaster e-mail help'] ?></span>	716: <span><?php echo $lang_admin_options['Webmaster e-mail help'] ?></span>
717: </td>	717: </td>
718: </tr>	718: </tr>

a/db_update.php	b/db_update.php
7: */	7: */
8:	8:
9: // The FluxBB version this script updates to	9: // The FluxBB version this script updates to
10: define('UPDATE_TO', '1.5.6');	10: define('UPDATE_TO', '1.5.7');
11:	11:
12: define('UPDATE_TO_DB_REVISION', 20);	12: define('UPDATE_TO_DB_REVISION', 20);
13: define('UPDATE_TO_SI_REVISION', 2);	13: define('UPDATE_TO_SI_REVISION', 2);

a/include/common.php	b/include/common.php
10: exit('The constant PUN_ROOT must be defined and point to a valid FluxBB installation root directory.');	10: exit('The constant PUN_ROOT must be defined and point to a valid FluxBB installation root directory.');
11:	11:
12: // Define the version and database revision that this code was written for	12: // Define the version and database revision that this code was written for
13: define('FORUM_VERSION', '1.5.6');	13: define('FORUM_VERSION', '1.5.7');
14:	14:
15: define('FORUM_DB_REVISION', 20);	15: define('FORUM_DB_REVISION', 20);
16: define('FORUM_SI_REVISION', 2);	16: define('FORUM_SI_REVISION', 2);

a/include/functions.php	b/include/functions.php
1070: }	1070: }
1071:	1071:
1072: // Check the host and path match. Ignore the scheme, port, etc.	1072: // Check the host and path match. Ignore the scheme, port, etc.
1073: if ($referrer['host'] != $valid_host \|\| !in_array($referrer['path'], $valid_paths))	1073: if ($referrer['host'] != $valid_host \|\| !in_array($referrer['path'], $valid_paths, true))
1074: message($error_msg ? $error_msg : $lang_common['Bad referrer']);	1074: message($error_msg ? $error_msg : $lang_common['Bad referrer']);
1075: }	1075: }
1076:	1076:
1077:	1077:
1078: //	1078: //
	1079: // Validate the given redirect URL, use the fallback otherwise
	1080: //
	1081: function validate_redirect($redirect_url, $fallback_url)
	1082: {
	1083: $referrer = parse_url(strtolower($redirect_url));
	1084:
	1085: // Remove www subdomain if it exists
	1086: if (strpos($referrer['host'], 'www.') === 0)
	1087: $referrer['host'] = substr($referrer['host'], 4);
	1088:
	1089: // Make sure the path component exists
	1090: if (!isset($referrer['path']))
	1091: $referrer['path'] = '';
	1092:
	1093: $valid = parse_url(strtolower(get_base_url()));
	1094:
	1095: // Remove www subdomain if it exists
	1096: if (strpos($valid['host'], 'www.') === 0)
	1097: $valid['host'] = substr($valid['host'], 4);
	1098:
	1099: // Make sure the path component exists
	1100: if (!isset($valid['path']))
	1101: $valid['path'] = '';
	1102:
	1103: if ($referrer['host'] == $valid['host'] && preg_match('%^'.preg_quote($valid['path'], '%').'/(.*?)\.php%i', $referrer['path']))
	1104: return $redirect_url;
	1105: else
	1106: return $fallback_url;
	1107: }
	1108:
	1109:
	1110: //
1079: // Generate a random password of length $len	1111: // Generate a random password of length $len
1080: // Compatibility wrapper for random_key	1112: // Compatibility wrapper for random_key
1081: //	1113: //

a/install.php	b/install.php
7: */	7: */
8:	8:
9: // The FluxBB version this script installs	9: // The FluxBB version this script installs
10: define('FORUM_VERSION', '1.5.6');	10: define('FORUM_VERSION', '1.5.7');
11:	11:
12: define('FORUM_DB_REVISION', 20);	12: define('FORUM_DB_REVISION', 20);
13: define('FORUM_SI_REVISION', 2);	13: define('FORUM_SI_REVISION', 2);

a/login.php	b/login.php
84: // Reset tracked topics	84: // Reset tracked topics
85: set_tracked_topics(null);	85: set_tracked_topics(null);
86:	86:
87: redirect(pun_htmlspecialchars($_POST['redirect_url']), $lang_login['Login redirect']);	87: // Try to determine if the data in redirect_url is valid (if not, we redirect to index.php after login)
	88: $redirect_url = validate_redirect($_POST['redirect_url'], 'index.php');
	89:
	90: redirect(pun_htmlspecialchars($redirect_url), $lang_login['Login redirect']);
88: }	91: }
89:	92:
90:	93:
238:	241:
239: // Try to determine if the data in HTTP_REFERER is valid (if not, we redirect to index.php after login)	242: // Try to determine if the data in HTTP_REFERER is valid (if not, we redirect to index.php after login)
240: if (!empty($_SERVER['HTTP_REFERER']))	243: if (!empty($_SERVER['HTTP_REFERER']))
241: {	244: $redirect_url = validate_redirect($_SERVER['HTTP_REFERER'], null);
242: $referrer = parse_url($_SERVER['HTTP_REFERER']);
243: // Remove www subdomain if it exists
244: if (strpos($referrer['host'], 'www.') === 0)
245: $referrer['host'] = substr($referrer['host'], 4);
246:
247: // Make sure the path component exists
248: if (!isset($referrer['path']))
249: $referrer['path'] = '';
250:
251: $valid = parse_url(get_base_url());
252: // Remove www subdomain if it exists
253: if (strpos($valid['host'], 'www.') === 0)
254: $valid['host'] = substr($valid['host'], 4);
255:
256: // Make sure the path component exists
257: if (!isset($valid['path']))
258: $valid['path'] = '';
259:
260: if ($referrer['host'] == $valid['host'] && preg_match('%^'.preg_quote($valid['path'], '%').'/(.*?)\.php%i', $referrer['path']))
261: $redirect_url = $_SERVER['HTTP_REFERER'];
262: }
263:	245:
264: if (!isset($redirect_url))	246: if (!isset($redirect_url))
265: $redirect_url = 'index.php';	247: $redirect_url = 'index.php';

a/misc.php	b/misc.php
136:	136:
137: $db->query('UPDATE '.$db->prefix.'users SET last_email_sent='.time().' WHERE id='.$pun_user['id']) or error('Unable to update user', __FILE__, __LINE__, $db->error());	137: $db->query('UPDATE '.$db->prefix.'users SET last_email_sent='.time().' WHERE id='.$pun_user['id']) or error('Unable to update user', __FILE__, __LINE__, $db->error());
138:	138:
139: redirect(pun_htmlspecialchars($_POST['redirect_url']), $lang_misc['Email sent redirect']);	139: // Try to determine if the data in redirect_url is valid (if not, we redirect to index.php after login)
	140: $redirect_url = validate_redirect($_POST['redirect_url'], 'index.php');
	141:
	142: redirect(pun_htmlspecialchars($redirect_url), $lang_misc['Email sent redirect']);
140: }	143: }
141:	144:
142:	145:
143: // Try to determine if the data in HTTP_REFERER is valid (if not, we redirect to the user's profile after the email is sent)	146: // Try to determine if the data in HTTP_REFERER is valid (if not, we redirect to the user's profile after the email is sent)
144: if (!empty($_SERVER['HTTP_REFERER']))	147: if (!empty($_SERVER['HTTP_REFERER']))
145: {	148: $redirect_url = validate_redirect($_SERVER['HTTP_REFERER'], null);
146: $referrer = parse_url($_SERVER['HTTP_REFERER']);
147: // Remove www subdomain if it exists
148: if (strpos($referrer['host'], 'www.') === 0)
149: $referrer['host'] = substr($referrer['host'], 4);
150:
151: // Make sure the path component exists
152: if (!isset($referrer['path']))
153: $referrer['path'] = '';
154:
155: $valid = parse_url(get_base_url());
156: // Remove www subdomain if it exists
157: if (strpos($valid['host'], 'www.') === 0)
158: $valid['host'] = substr($valid['host'], 4);
159:
160: // Make sure the path component exists
161: if (!isset($valid['path']))
162: $valid['path'] = '';
163:
164: if ($referrer['host'] == $valid['host'] && preg_match('%^'.preg_quote($valid['path'], '%').'/(.*?)\.php%i', $referrer['path']))
165: $redirect_url = $_SERVER['HTTP_REFERER'];
166: }
167:	149:
168: if (!isset($redirect_url))	150: if (!isset($redirect_url))
169: $redirect_url = 'profile.php?id='.$recipient_id;	151: $redirect_url = 'profile.php?id='.$recipient_id;

a/profile.php	b/profile.php
55: message($lang_profile['Pass key bad'].' <a href="mailto:'.pun_htmlspecialchars($pun_config['o_admin_email']).'">'.pun_htmlspecialchars($pun_config['o_admin_email']).'</a>.');	55: message($lang_profile['Pass key bad'].' <a href="mailto:'.pun_htmlspecialchars($pun_config['o_admin_email']).'">'.pun_htmlspecialchars($pun_config['o_admin_email']).'</a>.');
56: else	56: else
57: {	57: {
58: $db->query('UPDATE '.$db->prefix.'users SET password=\''.$cur_user['activate_string'].'\', activate_string=NULL, activate_key=NULL'.(!empty($cur_user['salt']) ? ', salt=NULL' : '').' WHERE id='.$id) or error('Unable to update password', __FILE__, __LINE__, $db->error());	58: $db->query('UPDATE '.$db->prefix.'users SET password=\''.$db->escape($cur_user['activate_string']).'\', activate_string=NULL, activate_key=NULL'.(!empty($cur_user['salt']) ? ', salt=NULL' : '').' WHERE id='.$id) or error('Unable to update password', __FILE__, __LINE__, $db->error());
59:	59:
60: message($lang_profile['Pass updated'], true);	60: message($lang_profile['Pass updated'], true);
61: }	61: }

hdiff - version: 2.1.0 (modified)

a/admin_bans.php	b/admin_bans.php
134: <tr>	134: <tr>
135: <th scope="row"><?php echo $lang_admin_bans['E-mail label'] ?></th>	135: <th scope="row"><?php echo $lang_admin_bans['E-mail label'] ?></th>
136: <td>	136: <td>
137: <input type="text" name="ban_email" size="40" maxlength="80" value="<?php if (isset($ban_email)) echo $ban_email; ?>" tabindex="3" />	137: <input type="text" name="ban_email" size="40" maxlength="80" value="<?php if (isset($ban_email)) echo pun_htmlspecialchars($ban_email); ?>" tabindex="3" />
138: <span><?php echo $lang_admin_bans['E-mail help'] ?></span>	138: <span><?php echo $lang_admin_bans['E-mail help'] ?></span>
139: </td>	139: </td>
140: </tr>	140: </tr>
259: require PUN_ROOT.'include/email.php';	259: require PUN_ROOT.'include/email.php';
260: if ($ban_email != '' && !is_valid_email($ban_email))	260: if ($ban_email != '' && !is_valid_email($ban_email))
261: {	261: {
262: if (!preg_match('%^[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$%', $ban_email))	262: if (!preg_match('%^[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,63})$%', $ban_email))
263: message($lang_admin_bans['Invalid e-mail message']);	263: message($lang_admin_bans['Invalid e-mail message']);
264: }	264: }
265:	265:
434: ?>	434: ?>
435: <tr>	435: <tr>
436: <td class="tcl"><?php echo ($ban_data['username'] != '') ? pun_htmlspecialchars($ban_data['username']) : ' ' ?></td>	436: <td class="tcl"><?php echo ($ban_data['username'] != '') ? pun_htmlspecialchars($ban_data['username']) : ' ' ?></td>
437: <td class="tc2"><?php echo ($ban_data['email'] != '') ? $ban_data['email'] : ' ' ?></td>	437: <td class="tc2"><?php echo ($ban_data['email'] != '') ? pun_htmlspecialchars($ban_data['email']) : ' ' ?></td>
438: <td class="tc3"><?php echo ($ban_data['ip'] != '') ? pun_htmlspecialchars($ban_data['ip']) : ' ' ?></td>	438: <td class="tc3"><?php echo ($ban_data['ip'] != '') ? pun_htmlspecialchars($ban_data['ip']) : ' ' ?></td>
439: <td class="tc4"><?php echo $expire ?></td>	439: <td class="tc4"><?php echo $expire ?></td>
440: <td class="tc5"><?php echo ($ban_data['message'] != '') ? pun_htmlspecialchars($ban_data['message']) : ' ' ?></td>	440: <td class="tc5"><?php echo ($ban_data['message'] != '') ? pun_htmlspecialchars($ban_data['message']) : ' ' ?></td>