[phpBB] svn: r85 - in branches/2.0.6d/phpbb2: . patches

jeroen at wolffelaar.nl jeroen at wolffelaar.nl
Sun Mar 28 22:23:02 CEST 2004


Author: jeroen
Date: 2004-03-28 22:22:40 +0200 (Sun, 28 Mar 2004)
New Revision: 85

Added:
   branches/2.0.6d/phpbb2/patches/001_security_stolen_from_207a_through_208a.diff
Modified:
   branches/2.0.6d/phpbb2/changelog
Log:
Fix quite a number of security issues all discovered while I was on
vacation...


Modified: branches/2.0.6d/phpbb2/changelog
===================================================================
--- branches/2.0.6d/phpbb2/changelog	2004-03-28 19:42:21 UTC (rev 84)
+++ branches/2.0.6d/phpbb2/changelog	2004-03-28 20:22:40 UTC (rev 85)
@@ -1,3 +1,16 @@
+phpbb2 (2.0.6d-3) unstable; urgency=high
+
+  * Fix various security issues, all backported for now:
+    - Fixed redirect problems (2.0.7a)
+    - Fixed sql injection vulnerability in search (2.0.7a)
+    - Fixed several vulnerabilities in admin pages (2.0.8)
+    - Fixed sid checking code in admin/pagestart.php (2.0.8)
+    - Fixed injection vulnerabilities possible with the img bbcode tag (2.0.8)
+    - Limited allowed images in img bbcode tag to jpg, jpeg, gif and png (2.0.8)
+    - Fixed sql injection vulnerability in privmsg (2.0.8a)
+
+ -- Jeroen van Wolffelaar <jeroen at wolffelaar.nl>  Sun, 28 Mar 2004 21:51:11 +0200
+
 phpbb2 (2.0.6d-2) unstable; urgency=medium
 
   * Security ``just before leaving for a week'' release, featuring an
@@ -19,3 +32,4 @@
 
  -- Jeroen van Wolffelaar <jeroen at wolffelaar.nl>  Tue, 10 Feb 2004 12:00:14 +0100
 
+vim: et

Added: branches/2.0.6d/phpbb2/patches/001_security_stolen_from_207a_through_208a.diff
===================================================================
--- branches/2.0.6d/phpbb2/patches/001_security_stolen_from_207a_through_208a.diff	2004-03-28 19:42:21 UTC (rev 84)
+++ branches/2.0.6d/phpbb2/patches/001_security_stolen_from_207a_through_208a.diff	2004-03-28 20:22:40 UTC (rev 85)
@@ -0,0 +1,417 @@
+diff -ur phpBB2.orig/admin/admin_forumauth.php phpBB2/admin/admin_forumauth.php
+--- phpBB2.orig/admin/admin_forumauth.php	2003-07-20 17:42:23.000000000 +0200
++++ phpBB2/admin/admin_forumauth.php	2004-03-25 18:16:36.000000000 +0100
+@@ -102,20 +102,23 @@
+ 	{
+ 		if(isset($HTTP_POST_VARS['simpleauth']))
+ 		{
+-			$simple_ary = $simple_auth_ary[$HTTP_POST_VARS['simpleauth']];
++			$simple_ary = $simple_auth_ary[intval($HTTP_POST_VARS['simpleauth'])];
+ 
+ 			for($i = 0; $i < count($simple_ary); $i++)
+ 			{
+ 				$sql .= ( ( $sql != '' ) ? ', ' : '' ) . $forum_auth_fields[$i] . ' = ' . $simple_ary[$i];
+ 			}
+ 
+-			$sql = "UPDATE " . FORUMS_TABLE . " SET $sql WHERE forum_id = $forum_id";
++			if (is_array($simple_ary))
++			{
++				$sql = "UPDATE " . FORUMS_TABLE . " SET $sql WHERE forum_id = $forum_id";
++			}
+ 		}
+ 		else
+ 		{
+ 			for($i = 0; $i < count($forum_auth_fields); $i++)
+ 			{
+-				$value = $HTTP_POST_VARS[$forum_auth_fields[$i]];
++				$value = intval($HTTP_POST_VARS[$forum_auth_fields[$i]]);
+ 
+ 				if ( $forum_auth_fields[$i] == 'auth_vote' )
+ 				{
+diff -ur phpBB2.orig/admin/admin_forums.php phpBB2/admin/admin_forums.php
+--- phpBB2.orig/admin/admin_forums.php	2003-07-20 17:42:23.000000000 +0200
++++ phpBB2/admin/admin_forums.php	2004-03-25 18:16:36.000000000 +0100
+@@ -55,6 +55,7 @@
+ if( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) )
+ {
+ 	$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
++	$mode = htmlspecialchars($mode);
+ }
+ else
+ {
+diff -ur phpBB2.orig/admin/admin_groups.php phpBB2/admin/admin_groups.php
+--- phpBB2.orig/admin/admin_groups.php	2003-07-20 17:42:23.000000000 +0200
++++ phpBB2/admin/admin_groups.php	2004-03-25 18:16:36.000000000 +0100
+@@ -49,6 +49,7 @@
+ if ( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) )
+ {
+ 	$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
++	$mode = htmlspecialchars($mode);
+ }
+ else
+ {
+diff -ur phpBB2.orig/admin/admin_ranks.php phpBB2/admin/admin_ranks.php
+--- phpBB2.orig/admin/admin_ranks.php	2003-07-20 17:42:23.000000000 +0200
++++ phpBB2/admin/admin_ranks.php	2004-03-25 18:16:36.000000000 +0100
+@@ -38,6 +38,7 @@
+ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
+ {
+ 	$mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
++	$mode = htmlspecialchars($mode);
+ }
+ else 
+ {
+diff -ur phpBB2.orig/admin/admin_smilies.php phpBB2/admin/admin_smilies.php
+--- phpBB2.orig/admin/admin_smilies.php	2003-07-20 17:42:23.000000000 +0200
++++ phpBB2/admin/admin_smilies.php	2004-03-25 18:16:36.000000000 +0100
+@@ -57,6 +57,7 @@
+ if( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) )
+ {
+ 	$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
++	$mode = htmlspecialchars($mode);
+ }
+ else
+ {
+@@ -313,6 +314,7 @@
+ 			//
+ 
+ 			$smiley_id = ( !empty($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id'];
++			$smiley_id = intval($smiley_id);
+ 
+ 			$sql = "DELETE FROM " . SMILIES_TABLE . "
+ 				WHERE smilies_id = " . $smiley_id;
+@@ -333,6 +335,7 @@
+ 			//
+ 
+ 			$smiley_id = ( !empty($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id'];
++			$smiley_id = intval($smiley_id);
+ 
+ 			$sql = "SELECT *
+ 				FROM " . SMILIES_TABLE . "
+diff -ur phpBB2.orig/admin/admin_styles.php phpBB2/admin/admin_styles.php
+--- phpBB2.orig/admin/admin_styles.php	2003-07-20 17:42:23.000000000 +0200
++++ phpBB2/admin/admin_styles.php	2004-03-25 18:16:36.000000000 +0100
+@@ -56,6 +56,7 @@
+ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
+ {
+ 	$mode = ( isset($HTTP_GET_VARS['mode']) ) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
++	$mode = htmlspecialchars($mode);
+ }
+ else 
+ {
+@@ -488,7 +489,7 @@
+ 				$themes_title = $lang['Edit_theme'];
+ 				$themes_explain = $lang['Edit_theme_explain'];
+ 				
+-				$style_id = $HTTP_GET_VARS['style_id'];
++				$style_id = intval($HTTP_GET_VARS['style_id']);
+ 				
+ 				$selected_names = array();
+ 				$selected_values = array();
+@@ -703,7 +704,7 @@
+ 
+ 			$sql = "SELECT * 
+ 				FROM " . THEMES_TABLE . " 
+-				WHERE template_name = '$template_name'";
++				WHERE template_name = '" . str_replace("\'", "''", $template_name) . "'";
+ 			if(!$result = $db->sql_query($sql))
+ 			{
+ 				message_die(GENERAL_ERROR, "Could not get theme data for selected template", "", __LINE__, __FILE__, $sql);
+diff -ur phpBB2.orig/admin/admin_ug_auth.php phpBB2/admin/admin_ug_auth.php
+--- phpBB2.orig/admin/admin_ug_auth.php	2003-07-20 17:42:23.000000000 +0200
++++ phpBB2/admin/admin_ug_auth.php	2004-03-25 18:16:36.000000000 +0100
+@@ -56,6 +56,8 @@
+ 
+ $user_id = intval($user_id);
+ $group_id = intval($group_id);
++$adv = intval($adv);
++$mode = htmlspecialchars($mode);
+ 
+ //
+ // Start program - define vars
+diff -ur phpBB2.orig/admin/admin_user_ban.php phpBB2/admin/admin_user_ban.php
+--- phpBB2.orig/admin/admin_user_ban.php	2003-07-20 17:42:23.000000000 +0200
++++ phpBB2/admin/admin_user_ban.php	2004-03-25 18:16:36.000000000 +0100
+@@ -277,7 +277,7 @@
+ 		{
+ 			if ( $user_list[$i] != -1 )
+ 			{
+-				$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . $user_list[$i];
++				$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . intval($user_list[$i]);
+ 			}
+ 		}
+ 	}
+@@ -290,7 +290,7 @@
+ 		{
+ 			if ( $ip_list[$i] != -1 )
+ 			{
+-				$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . $ip_list[$i];
++				$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . str_replace("\'", "''", $ip_list[$i]);
+ 			}
+ 		}
+ 	}
+@@ -303,7 +303,7 @@
+ 		{
+ 			if ( $email_list[$i] != -1 )
+ 			{
+-				$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . $email_list[$i];
++				$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . str_replace("\'", "''", $email_list[$i]);
+ 			}
+ 		}
+ 	}
+diff -ur phpBB2.orig/admin/admin_users.php phpBB2/admin/admin_users.php
+--- phpBB2.orig/admin/admin_users.php	2003-07-20 17:42:23.000000000 +0200
++++ phpBB2/admin/admin_users.php	2004-03-25 18:16:36.000000000 +0100
+@@ -47,6 +47,7 @@
+ if( isset( $HTTP_POST_VARS['mode'] ) || isset( $HTTP_GET_VARS['mode'] ) )
+ {
+ 	$mode = ( isset( $HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
++	$mode = htmlspecialchars($mode);
+ }
+ else
+ {
+@@ -838,7 +839,7 @@
+ 
+ 			if( isset($HTTP_POST_VARS['avatarcategory']) )
+ 			{
+-				$category = $HTTP_POST_VARS['avatarcategory'];
++				$category = htmlspecialchars($HTTP_POST_VARS['avatarcategory']);
+ 			}
+ 			else
+ 			{
+diff -ur phpBB2.orig/admin/admin_words.php phpBB2/admin/admin_words.php
+--- phpBB2.orig/admin/admin_words.php	2003-07-20 17:42:23.000000000 +0200
++++ phpBB2/admin/admin_words.php	2004-03-25 18:16:36.000000000 +0100
+@@ -39,6 +39,7 @@
+ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
+ {
+ 	$mode = ($HTTP_GET_VARS['mode']) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
++	$mode = htmlspecialchars($mode);
+ }
+ else 
+ {
+@@ -63,7 +64,7 @@
+ {
+ 	if( $mode == "edit" || $mode == "add" )
+ 	{
+-		$word_id = ( isset($HTTP_GET_VARS['id']) ) ? $HTTP_GET_VARS['id'] : 0;
++		$word_id = ( isset($HTTP_GET_VARS['id']) ) ? intval($HTTP_GET_VARS['id']) : 0;
+ 
+ 		$template->set_filenames(array(
+ 			"body" => "admin/words_edit_body.tpl")
+@@ -113,7 +114,7 @@
+ 	}
+ 	else if( $mode == "save" )
+ 	{
+-		$word_id = ( isset($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : 0;
++		$word_id = ( isset($HTTP_POST_VARS['id']) ) ? intval($HTTP_POST_VARS['id']) : 0;
+ 		$word = ( isset($HTTP_POST_VARS['word']) ) ? trim($HTTP_POST_VARS['word']) : "";
+ 		$replacement = ( isset($HTTP_POST_VARS['replacement']) ) ? trim($HTTP_POST_VARS['replacement']) : "";
+ 
+@@ -150,6 +151,7 @@
+ 		if( isset($HTTP_POST_VARS['id']) ||  isset($HTTP_GET_VARS['id']) )
+ 		{
+ 			$word_id = ( isset($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id'];
++			$word_id = intval($word_id);
+ 		}
+ 		else
+ 		{
+diff -ur phpBB2.orig/admin/pagestart.php phpBB2/admin/pagestart.php
+--- phpBB2.orig/admin/pagestart.php	2003-07-20 17:42:23.000000000 +0200
++++ phpBB2/admin/pagestart.php	2004-03-25 18:16:36.000000000 +0100
+@@ -56,7 +56,7 @@
+ 	$url = preg_replace('/\?$/', '', $url);
+ 	$url .= ((strpos($url, '?')) ? '&' : '?') . 'sid=' . $userdata['session_id'];
+ 
+-	redirect($url);
++	redirect("index.$phpEx?sid=" . $userdata['session_id']);
+ }
+ 
+ if (empty($no_page_header))
+diff -ur phpBB2.orig/contrib/fixfiles.sh phpBB2/contrib/fixfiles.sh
+--- phpBB2.orig/contrib/fixfiles.sh	2002-09-06 13:52:48.000000000 +0200
++++ phpBB2/contrib/fixfiles.sh	2004-03-25 17:56:11.000000000 +0100
+@@ -7,18 +7,21 @@
+ #
+ # UPDATE: 7/31/2001: fix so that it doesn't touch things in the images directory
+ #
++# UPDATE: 12/15/2003: Fix so that it doesn't touch any "non-text" files
++#
+ 
+ find . > FILELIST.$$
+ grep -sv FILELIST FILELIST.$$ > FILELIST2.$$
+ grep -sv $(basename $0) FILELIST2.$$ > FILELIST.$$
+ grep -sv "^\.$" FILELIST.$$ > FILELIST2.$$
+-grep -sv "images" FILELIST2.$$ > FILELIST
++file -f FILELIST2.$$  |grep text | sed -e 's/^\([^\:]*\)\:.*$/\1/' > FILELIST
++file -f FILELIST2.$$  |grep -sv text | sed -e 's/^\([^\:]*\)\:.*$/Not Modifying file: \1/'
+ rm FILELIST2.$$
+ rm FILELIST.$$
+ 
+ for i in $(cat FILELIST); do
+ 	if [ -f $i ]; then  	 
+-  		sed -e s/
//g $i > $i.tmp
++		sed -e s/
//g $i > $i.tmp
+   		mv $i.tmp $i
+ 	fi	
+ done
+diff -ur phpBB2.orig/includes/bbcode.php phpBB2/includes/bbcode.php
+--- phpBB2.orig/includes/bbcode.php	2004-03-13 17:21:53.000000000 +0100
++++ phpBB2/includes/bbcode.php	2004-03-25 18:16:36.000000000 +0100
+@@ -281,7 +281,7 @@
+ 	$text = preg_replace("#\[i\](.*?)\[/i\]#si", "[i:$uid]\\1[/i:$uid]", $text);
+ 
+ 	// [img]image_url_here[/img] code..
+-	$text = preg_replace("#\[img\]((ht|f)tp://)([^\r\n\t<\"]*?)\[/img\]#sie", "'[img:$uid]\\1' . str_replace(' ', '%20', '\\3') . '[/img:$uid]'", $text);
++	$text = preg_replace("#\[img\]((ht|f)tp://)([^ \?&=\"\n\r\t<]*?(\.(jpg|jpeg|gif|png)))\[/img\]#sie", "'[img:$uid]\\1' . str_replace(' ', '%20', '\\3') . '[/img:$uid]'", $text);
+ 
+ 	// Remove our padding from the string..
+ 	return substr($text, 1);;
+diff -ur phpBB2.orig/includes/functions_post.php phpBB2/includes/functions_post.php
+--- phpBB2.orig/includes/functions_post.php	2004-03-13 17:21:53.000000000 +0100
++++ phpBB2/includes/functions_post.php	2004-03-13 17:02:49.000000000 +0100
+@@ -74,7 +74,7 @@
+ 					$match_tag = trim($allowed_html_tags[$i]);
+ 					if (preg_match('#^<\/?' . $match_tag . '[> ]#i', $hold_string))
+ 					{
+-						$tagallowed = (preg_match('#^<\/?' . $match_tag . ' .*?(style[ ]*?=|on[\w]+[ ]*?=)#i', $hold_string)) ? false : true;
++						$tagallowed = (preg_match('#^<\/?' . $match_tag . ' .*?(style[\t ]*?=|on[\w]+[\t ]*?=)#i', $hold_string)) ? false : true;
+ 					}
+ 				}
+ 
+@@ -91,7 +91,7 @@
+ 			}
+ 		}
+ 
+-		if ($end_html != strlen($message) && $tmp_message != '')
++		if (!$end_html || ($end_html != strlen($message) && $tmp_message != ''))
+ 		{
+ 			$tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1));
+ 		}
+diff -ur phpBB2.orig/includes/functions_search.php phpBB2/includes/functions_search.php
+--- phpBB2.orig/includes/functions_search.php	2004-03-13 17:21:53.000000000 +0100
++++ phpBB2/includes/functions_search.php	2004-03-25 18:16:36.000000000 +0100
+@@ -198,6 +198,7 @@
+ 						$value_sql .= ( ( $value_sql != '' ) ? ', ' : '' ) . '(\'' . $word[$i] . '\', 0)';
+ 						break;
+ 					case 'mssql':
++					case 'mssql-odbc':
+ 						$value_sql .= ( ( $value_sql != '' ) ? ' UNION ALL ' : '' ) . "SELECT '" . $word[$i] . "', 0";
+ 						break;
+ 					default:
+@@ -222,6 +223,7 @@
+ 						VALUES $value_sql"; 
+ 					break;
+ 				case 'mssql':
++				case 'mssql-odbc':
+ 					$sql = "INSERT INTO " . SEARCH_WORD_TABLE . " (word_text, word_common) 
+ 						$value_sql"; 
+ 					break;
+diff -ur phpBB2.orig/includes/usercp_register.php phpBB2/includes/usercp_register.php
+--- phpBB2.orig/includes/usercp_register.php	2004-03-13 17:21:53.000000000 +0100
++++ phpBB2/includes/usercp_register.php	2004-03-25 18:16:36.000000000 +0100
+@@ -177,7 +177,7 @@
+ 	$board_config['default_dateformat'] = $row['config_value'];
+ 	$user_dateformat = ( !empty($HTTP_POST_VARS['dateformat']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['dateformat'])) : $board_config['default_dateformat'];
+ 
+-	$user_avatar_local = ( isset($HTTP_POST_VARS['avatarselect']) && !empty($HTTP_POST_VARS['submitavatar']) && $board_config['allow_avatar_local'] ) ? $HTTP_POST_VARS['avatarselect'] : ( ( isset($HTTP_POST_VARS['avatarlocal'])  ) ? htmlspecialchars($HTTP_POST_VARS['avatarlocal']) : '' );
++	$user_avatar_local = ( isset($HTTP_POST_VARS['avatarselect']) && !empty($HTTP_POST_VARS['submitavatar']) && $board_config['allow_avatar_local'] ) ? htmlspecialchars($HTTP_POST_VARS['avatarselect']) : ( ( isset($HTTP_POST_VARS['avatarlocal'])  ) ? htmlspecialchars($HTTP_POST_VARS['avatarlocal']) : '' );
+ 
+ 	$user_avatar_remoteurl = ( !empty($HTTP_POST_VARS['avatarremoteurl']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['avatarremoteurl'])) : '';
+ 	$user_avatar_upload = ( !empty($HTTP_POST_VARS['avatarurl']) ) ? trim($HTTP_POST_VARS['avatarurl']) : ( ( $HTTP_POST_FILES['avatar']['tmp_name'] != "none") ? $HTTP_POST_FILES['avatar']['tmp_name'] : '' );
+diff -ur phpBB2.orig/login.php phpBB2/login.php
+--- phpBB2.orig/login.php	2004-03-13 17:21:53.000000000 +0100
++++ phpBB2/login.php	2004-03-18 20:51:32.000000000 +0100
+@@ -83,7 +83,7 @@
+ 
+ 					if( $session_id )
+ 					{
+-						$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : "index.$phpEx";
++						$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&amp;', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "index.$phpEx";
+ 						redirect(append_sid($url, true));
+ 					}
+ 					else
+@@ -93,7 +93,7 @@
+ 				}
+ 				else
+ 				{
+-					$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : '';
++					$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&amp;', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : '';
+ 					$redirect = str_replace('?', '&', $redirect);
+ 
+ 					$template->assign_vars(array(
+@@ -108,7 +108,7 @@
+ 		}
+ 		else
+ 		{
+-			$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : "";
++			$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&amp;', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "";
+ 			$redirect = str_replace("?", "&", $redirect);
+ 
+ 			$template->assign_vars(array(
+@@ -130,6 +130,7 @@
+ 		if (!empty($HTTP_POST_VARS['redirect']) || !empty($HTTP_GET_VARS['redirect']))
+ 		{
+ 			$url = (!empty($HTTP_POST_VARS['redirect'])) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : htmlspecialchars($HTTP_GET_VARS['redirect']);
++			$url = str_replace('&amp;', '&', $url);
+ 			redirect(append_sid($url, true));
+ 		}
+ 		else
+@@ -139,7 +140,7 @@
+ 	}
+ 	else
+ 	{
+-		$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : "index.$phpEx";
++		$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&amp;', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "index.$phpEx";
+ 		redirect(append_sid($url, true));
+ 	}
+ }
+diff -ur phpBB2.orig/privmsg.php phpBB2/privmsg.php
+--- phpBB2.orig/privmsg.php	2004-03-13 17:21:53.000000000 +0100
++++ phpBB2/privmsg.php	2004-03-28 18:57:23.000000000 +0200
+@@ -212,7 +212,7 @@
+ 			break;
+ 		case 'savebox':
+ 			$l_box_name = $lang['Savebox'];
+-			$pm_sql_user .= "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . "
++			$pm_sql_user = "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . "
+ 					AND pm.privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " ) 
+ 				OR ( pm.privmsgs_from_userid = " . $userdata['user_id'] . "
+ 					AND pm.privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " ) 
+@@ -2076,6 +2076,7 @@
+ 
+ if ( $row = $db->sql_fetchrow($result) )
+ {
++	$i = 0;
+ 	do
+ 	{
+ 		$privmsg_id = $row['privmsgs_id'];
+@@ -2110,6 +2111,7 @@
+ 
+ 		$row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
+ 		$row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];
++		$i++;
+ 
+ 		$template->assign_block_vars('listrow', array(
+ 			'ROW_COLOR' => '#' . $row_color,
+diff -ur phpBB2.orig/search.php phpBB2/search.php
+--- phpBB2.orig/search.php	2004-03-13 17:21:53.000000000 +0100
++++ phpBB2/search.php	2004-03-18 20:51:32.000000000 +0100
+@@ -69,6 +69,7 @@
+ $search_id = ( isset($HTTP_GET_VARS['search_id']) ) ? $HTTP_GET_VARS['search_id'] : '';
+ 
+ $show_results = ( isset($HTTP_POST_VARS['show_results']) ) ? $HTTP_POST_VARS['show_results'] : 'posts';
++$show_results = ($show_results == 'topics') ? 'topics' : 'posts';
+ 
+ if ( isset($HTTP_POST_VARS['search_terms']) )
+ {
+@@ -144,7 +145,8 @@
+ else if ( $search_keywords != '' || $search_author != '' || $search_id )
+ {
+ 	$store_vars = array('search_results', 'total_match_count', 'split_search', 'sort_by', 'sort_dir', 'show_results', 'return_chars');
+-	
++	$search_results = '';
++
+ 	//
+ 	// Search ID Limiter, decrease this value if you experience further timeout problems with searching forums
+ 	$limiter = 5000;





More information about the phpBB-l mailing list