[phpBB] svn: r287 - trunk/phpbb2/patches

kink at wolffelaar.nl kink at wolffelaar.nl
Mon Jul 3 13:33:06 CEST 2006


Author: kink
Date: 2006-07-03 13:33:05 +0200 (Mon, 03 Jul 2006)
New Revision: 287

Added:
   trunk/phpbb2/patches/024_warning_about_db_change.diff
Removed:
   trunk/phpbb2/patches/024_warnig_about_db_change.diff
Modified:
   trunk/phpbb2/patches/010_sane_defaults_with_autodetection.diff
   trunk/phpbb2/patches/018_disable_adminreauth.diff
   trunk/phpbb2/patches/022_waring_about_allow_html.diff
   trunk/phpbb2/patches/023_fix_xss_in_bbcode.diff
   trunk/phpbb2/patches/050_XXX_visual_confirm_for_guest_posts.XXXdiff
Log:
unfuzz patches


Modified: trunk/phpbb2/patches/010_sane_defaults_with_autodetection.diff
===================================================================
--- trunk/phpbb2/patches/010_sane_defaults_with_autodetection.diff	2006-07-03 11:10:41 UTC (rev 286)
+++ trunk/phpbb2/patches/010_sane_defaults_with_autodetection.diff	2006-07-03 11:33:05 UTC (rev 287)
@@ -1,6 +1,6 @@
 diff -ur phpBB2.orig/admin/admin_board.php phpBB2/admin/admin_board.php
---- phpBB2.orig/admin/admin_board.php	2005-10-31 08:32:35.000000000 +0100
-+++ phpBB2/admin/admin_board.php	2005-10-31 21:12:36.000000000 +0100
+--- phpBB2.orig/admin/admin_board.php	2006-06-09 16:29:41.000000000 +0200
++++ phpBB2/admin/admin_board.php	2006-07-03 13:19:01.000000000 +0200
 @@ -42,7 +42,7 @@
  	while( $row = $db->sql_fetchrow($result) )
  	{
@@ -11,9 +11,9 @@
  		
  		$new[$config_name] = ( isset($HTTP_POST_VARS[$config_name]) ) ? $HTTP_POST_VARS[$config_name] : $default_config[$config_name];
 diff -ur phpBB2.orig/common.php phpBB2/common.php
---- phpBB2.orig/common.php	2005-10-31 08:32:37.000000000 +0100
-+++ phpBB2/common.php	2005-10-31 21:12:36.000000000 +0100
-@@ -164,6 +164,7 @@
+--- phpBB2.orig/common.php	2006-06-09 16:29:42.000000000 +0200
++++ phpBB2/common.php	2006-07-03 13:19:01.000000000 +0200
+@@ -165,6 +165,7 @@
  // malicious rewriting of language and otherarray values via
  // URI params
  //
@@ -21,7 +21,7 @@
  $board_config = array();
  $userdata = array();
  $theme = array();
-@@ -215,9 +216,38 @@
+@@ -217,9 +218,38 @@
  
  while ( $row = $db->sql_fetchrow($result) )
  {
@@ -60,10 +60,10 @@
 +
  if (file_exists('install') || file_exists('contrib'))
  {
- 	message_die(GENERAL_MESSAGE, 'Please ensure both the install/ and contrib/ directories are deleted');
+ 	message_die(GENERAL_MESSAGE, 'Please_remove_install_contrib');
 diff -ur phpBB2.orig/install/schemas/mysql_basic.sql phpBB2/install/schemas/mysql_basic.sql
---- phpBB2.orig/install/schemas/mysql_basic.sql	2005-10-31 08:32:36.000000000 +0100
-+++ phpBB2/install/schemas/mysql_basic.sql	2005-10-31 21:12:36.000000000 +0100
+--- phpBB2.orig/install/schemas/mysql_basic.sql	2006-06-09 16:29:41.000000000 +0200
++++ phpBB2/install/schemas/mysql_basic.sql	2006-07-03 13:19:01.000000000 +0200
 @@ -5,9 +5,11 @@
  
  # -- Config
@@ -88,7 +88,7 @@
  INSERT INTO phpbb_config (config_name, config_value) VALUES ('smtp_delivery','0');
  INSERT INTO phpbb_config (config_name, config_value) VALUES ('smtp_host','');
  INSERT INTO phpbb_config (config_name, config_value) VALUES ('smtp_username','');
-@@ -61,9 +63,9 @@
+@@ -65,9 +67,9 @@
  INSERT INTO phpbb_config (config_name, config_value) VALUES ('coppa_mail', '');
  INSERT INTO phpbb_config (config_name, config_value) VALUES ('record_online_users', '0');
  INSERT INTO phpbb_config (config_name, config_value) VALUES ('record_online_date', '0');
@@ -99,9 +99,9 @@
 +INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_port', '');
 +INSERT INTO phpbb_config (config_name, config_value) VALUES ('script_path', '');
  INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '.0.21');
+ INSERT INTO phpbb_config (config_name, config_value) VALUES ('rand_seed', '0');
  
- 
-@@ -79,7 +81,7 @@
+@@ -84,7 +86,7 @@
  INSERT INTO phpbb_users (user_id, username, user_level, user_regdate, user_password, user_email, user_icq, user_website, user_occ, user_from, user_interests, user_sig, user_viewemail, user_style, user_aim, user_yim, user_msnm, user_posts, user_attachsig, user_allowsmile, user_allowhtml, user_allowbbcode, user_allow_pm, user_notify_pm, user_allow_viewonline, user_rank, user_avatar, user_lang, user_timezone, user_dateformat, user_actkey, user_newpasswd, user_notify, user_active) VALUES ( -1, 'Anonymous', 0, 0, '', '', '', '', '', '', '', '', 0, NULL, '', '', '', 0, 0, 1, 1, 1, 0, 1, 1, NULL, '', '', 0, '', '', '', 0, 0);
  
  # -- username: admin    password: admin (change this or remove it once everything is working!)
@@ -110,7 +110,7 @@
  
  
  # -- Ranks
-@@ -97,11 +99,11 @@
+@@ -102,11 +104,11 @@
  
  
  # -- Demo Topic
@@ -125,8 +125,8 @@
  
  
 diff -ur phpBB2.orig/install/schemas/postgres_basic.sql phpBB2/install/schemas/postgres_basic.sql
---- phpBB2.orig/install/schemas/postgres_basic.sql	2005-10-31 08:32:36.000000000 +0100
-+++ phpBB2/install/schemas/postgres_basic.sql	2005-10-31 21:12:36.000000000 +0100
+--- phpBB2.orig/install/schemas/postgres_basic.sql	2006-06-09 16:29:41.000000000 +0200
++++ phpBB2/install/schemas/postgres_basic.sql	2006-07-03 13:19:01.000000000 +0200
 @@ -6,9 +6,11 @@
  
  -- Config
@@ -151,7 +151,7 @@
  INSERT INTO phpbb_config (config_name, config_value) VALUES ('smtp_delivery','0');
  INSERT INTO phpbb_config (config_name, config_value) VALUES ('smtp_host','');
  INSERT INTO phpbb_config (config_name, config_value) VALUES ('smtp_username','');
-@@ -62,9 +64,9 @@
+@@ -66,9 +68,9 @@
  INSERT INTO phpbb_config (config_name, config_value) VALUES ('coppa_mail', '');
  INSERT INTO phpbb_config (config_name, config_value) VALUES ('record_online_users', '0');
  INSERT INTO phpbb_config (config_name, config_value) VALUES ('record_online_date', '0');
@@ -162,9 +162,9 @@
 +INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_port', '');
 +INSERT INTO phpbb_config (config_name, config_value) VALUES ('script_path', '');
  INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '.0.21');
+ INSERT INTO phpbb_config (config_name, config_value) VALUES ('rand_seed', '0');
  
- -- Categories
-@@ -78,7 +80,7 @@
+@@ -83,7 +85,7 @@
  INSERT INTO phpbb_users (user_id, username, user_level, user_regdate, user_password, user_email, user_icq, user_website, user_occ, user_from, user_interests, user_sig, user_viewemail, user_style, user_aim, user_yim, user_msnm, user_posts, user_attachsig, user_allowsmile, user_allowhtml, user_allowbbcode, user_allow_pm, user_notify_pm, user_allow_viewonline, user_rank, user_avatar, user_lang, user_timezone, user_dateformat, user_actkey, user_newpasswd, user_notify, user_active) VALUES ( -1, 'Anonymous', 0, 0, '', '', '', '', '', '', '', '', 0, NULL, '', '', '', 0, 0, 1, 1, 1, 0, 1, 1, NULL, '', '', 0, '', '', '', 0, 0);
  
  -- username: admin    password: admin (change this or remove it once everything is working!)
@@ -173,7 +173,7 @@
  
  
  -- Ranks
-@@ -96,11 +98,11 @@
+@@ -101,11 +103,11 @@
  
  
  -- Demo Topic

Modified: trunk/phpbb2/patches/018_disable_adminreauth.diff
===================================================================
--- trunk/phpbb2/patches/018_disable_adminreauth.diff	2006-07-03 11:10:41 UTC (rev 286)
+++ trunk/phpbb2/patches/018_disable_adminreauth.diff	2006-07-03 11:33:05 UTC (rev 287)
@@ -1,7 +1,7 @@
 diff -ur phpBB2.orig/admin/pagestart.php phpBB2/admin/pagestart.php
---- phpBB2.orig/admin/pagestart.php	2005-10-31 08:32:35.000000000 +0100
-+++ phpBB2/admin/pagestart.php	2005-10-31 21:14:46.000000000 +0100
-@@ -59,11 +59,6 @@
+--- phpBB2.orig/admin/pagestart.php	2006-06-09 16:29:41.000000000 +0200
++++ phpBB2/admin/pagestart.php	2006-07-03 13:21:52.000000000 +0200
+@@ -52,11 +52,6 @@
  	redirect("index.$phpEx?sid=" . $userdata['session_id']);
  }
  
@@ -14,8 +14,8 @@
  {
  	// Not including the pageheader can be neccesarry if META tags are
 diff -ur phpBB2.orig/includes/sessions.php phpBB2/includes/sessions.php
---- phpBB2.orig/includes/sessions.php	2005-10-31 08:32:36.000000000 +0100
-+++ phpBB2/includes/sessions.php	2005-10-31 21:15:42.000000000 +0100
+--- phpBB2.orig/includes/sessions.php	2006-06-09 16:29:41.000000000 +0200
++++ phpBB2/includes/sessions.php	2006-07-03 13:21:52.000000000 +0200
 @@ -172,7 +172,7 @@
  	// Create or update the session
  	//
@@ -25,8 +25,8 @@
  		WHERE session_id = '" . $session_id . "' 
  			AND session_ip = '$user_ip'";
  	if ( !$db->sql_query($sql) || !$db->sql_affectedrows() )
-@@ -182,8 +182,8 @@
- 		$session_id = md5(uniqid(mt_rand(), true));
+@@ -180,8 +180,8 @@
+ 		$session_id = md5(dss_rand());
  
  		$sql = "INSERT INTO " . SESSIONS_TABLE . "
 -			(session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in, session_admin)
@@ -36,7 +36,7 @@
  		if ( !$db->sql_query($sql) )
  		{
  			message_die(CRITICAL_ERROR, 'Error creating new session', '', __LINE__, __FILE__, $sql);
-@@ -252,7 +252,6 @@
+@@ -248,7 +248,6 @@
  	$userdata['session_page'] = $page_id;
  	$userdata['session_start'] = $current_time;
  	$userdata['session_time'] = $current_time;
@@ -44,7 +44,7 @@
  	$userdata['session_key'] = $sessiondata['autologinid'];
  
  	setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
-@@ -343,11 +342,8 @@
+@@ -339,11 +338,8 @@
  				//
  				if ( $current_time - $userdata['session_time'] > 60 )
  				{
@@ -58,9 +58,9 @@
  					if ( !$db->sql_query($sql) )
  					{
 diff -ur phpBB2.orig/install/schemas/mssql_schema.sql phpBB2/install/schemas/mssql_schema.sql
---- phpBB2.orig/install/schemas/mssql_schema.sql	2005-10-31 08:32:36.000000000 +0100
-+++ phpBB2/install/schemas/mssql_schema.sql	2005-10-31 21:14:46.000000000 +0100
-@@ -190,8 +190,7 @@
+--- phpBB2.orig/install/schemas/mssql_schema.sql	2006-06-09 16:29:41.000000000 +0200
++++ phpBB2/install/schemas/mssql_schema.sql	2006-07-03 13:21:52.000000000 +0200
+@@ -191,8 +191,7 @@
  	[session_time] [int] NULL ,
  	[session_ip] [char] (8) NOT NULL ,
  	[session_page] [int] NULL ,
@@ -71,9 +71,9 @@
  GO
  
 diff -ur phpBB2.orig/install/schemas/mysql_schema.sql phpBB2/install/schemas/mysql_schema.sql
---- phpBB2.orig/install/schemas/mysql_schema.sql	2005-10-31 08:32:36.000000000 +0100
-+++ phpBB2/install/schemas/mysql_schema.sql	2005-10-31 21:14:46.000000000 +0100
-@@ -305,7 +305,6 @@
+--- phpBB2.orig/install/schemas/mysql_schema.sql	2006-06-09 16:29:41.000000000 +0200
++++ phpBB2/install/schemas/mysql_schema.sql	2006-07-03 13:21:52.000000000 +0200
+@@ -306,7 +306,6 @@
     session_ip char(8) DEFAULT '0' NOT NULL,
     session_page int(11) DEFAULT '0' NOT NULL,
     session_logged_in tinyint(1) DEFAULT '0' NOT NULL,
@@ -82,9 +82,9 @@
     KEY session_user_id (session_user_id),
     KEY session_id_ip_user_id (session_id, session_ip, session_user_id)
 diff -ur phpBB2.orig/install/schemas/postgres_schema.sql phpBB2/install/schemas/postgres_schema.sql
---- phpBB2.orig/install/schemas/postgres_schema.sql	2005-10-31 08:32:36.000000000 +0100
-+++ phpBB2/install/schemas/postgres_schema.sql	2005-10-31 21:14:46.000000000 +0100
-@@ -289,7 +289,6 @@
+--- phpBB2.orig/install/schemas/postgres_schema.sql	2006-06-09 16:29:41.000000000 +0200
++++ phpBB2/install/schemas/postgres_schema.sql	2006-07-03 13:21:52.000000000 +0200
+@@ -290,7 +290,6 @@
     session_ip char(8) DEFAULT '0' NOT NULL,
     session_page int4 DEFAULT '0' NOT NULL,
     session_logged_in int2 DEFAULT '0' NOT NULL,

Modified: trunk/phpbb2/patches/022_waring_about_allow_html.diff
===================================================================
--- trunk/phpbb2/patches/022_waring_about_allow_html.diff	2006-07-03 11:10:41 UTC (rev 286)
+++ trunk/phpbb2/patches/022_waring_about_allow_html.diff	2006-07-03 11:33:05 UTC (rev 287)
@@ -1,7 +1,7 @@
 diff -ur phpBB2.orig/admin/admin_board.php phpBB2/admin/admin_board.php
---- phpBB2.orig/admin/admin_board.php	2005-10-31 08:32:35.000000000 +0100
-+++ phpBB2/admin/admin_board.php	2005-10-31 21:16:21.000000000 +0100
-@@ -204,7 +204,9 @@
+--- phpBB2.orig/admin/admin_board.php	2006-06-09 16:29:41.000000000 +0200
++++ phpBB2/admin/admin_board.php	2006-07-03 13:23:09.000000000 +0200
+@@ -221,7 +221,9 @@
  	"L_SYSTEM_TIMEZONE" => $lang['System_timezone'],
  	"L_ENABLE_GZIP" => $lang['Enable_gzip'],
  	"L_ENABLE_PRUNE" => $lang['Enable_prune'],

Modified: trunk/phpbb2/patches/023_fix_xss_in_bbcode.diff
===================================================================
--- trunk/phpbb2/patches/023_fix_xss_in_bbcode.diff	2006-07-03 11:10:41 UTC (rev 286)
+++ trunk/phpbb2/patches/023_fix_xss_in_bbcode.diff	2006-07-03 11:33:05 UTC (rev 287)
@@ -1,22 +1,22 @@
-diff -wur phpBB2.old/includes/bbcode.php phpBB2/includes/bbcode.php
---- phpBB2.old/includes/bbcode.php	2005-07-19 22:14:56.000000000 +0200
-+++ phpBB2/includes/bbcode.php	2005-09-23 12:48:25.000000000 +0200
+diff -ur phpBB2.orig/includes/bbcode.php phpBB2/includes/bbcode.php
+--- phpBB2.orig/includes/bbcode.php	2006-06-09 16:29:41.000000000 +0200
++++ phpBB2/includes/bbcode.php	2006-07-03 13:26:27.000000000 +0200
 @@ -194,13 +194,17 @@
  	$patterns = array();
  	$replacements = array();
  
-+	// These are the URL schemas we trust to be safe. This is to prevent
-+	// cross side scripting with javascript:, chrome: etc urls.
-+	$allowed_urlschemas = '(?:http|https|ftp|news|nntp|telnet|gopher|mailto)';
++ 	// These are the URL schemas we trust to be safe. This is to prevent
++ 	// cross side scripting with javascript:, chrome: etc urls.
++ 	$allowed_urlschemas = '(?:http|https|ftp|news|nntp|telnet|gopher|mailto)';
 +
  	// [img]image_url_here[/img] code..
  	// This one gets first-passed..
--	$patterns[] = "#\[img:$uid\]([^?].*?)\[/img:$uid\]#i";
+-	$patterns[] = "#\[img:$uid\]([^?](?:[^\[]+|\[(?!url))*?)\[/img:$uid\]#i";
 +	$patterns[] = "#\[img:$uid\]($allowed_urlschemas://[^ \"\n\r\t<]*?)\[/img:$uid\]#si";
  	$replacements[] = $bbcode_tpl['img'];
  
  	// matches a [url]xxxx://www.phpbb.com[/url] code..
--	$patterns[] = "#\[url\]([\w]+?://([\w\#$%&~/.\-;:=,?@\]+]|\[(?!url=))*?)\[/url\]#is";
+-	$patterns[] = "#\[url\]([\w]+?://([\w\#$%&~/.\-;:=,?@\]+]+|\[(?!url=))*?)\[/url\]#is";
 +	$patterns[] = "#\[url\]($allowed_urlschemas://[\w\#$%&~/.\-;:=,?@\[\]+]*?)\[/url\]#is";
  	$replacements[] = $bbcode_tpl['url1'];
  

Deleted: trunk/phpbb2/patches/024_warnig_about_db_change.diff
===================================================================
--- trunk/phpbb2/patches/024_warnig_about_db_change.diff	2006-07-03 11:10:41 UTC (rev 286)
+++ trunk/phpbb2/patches/024_warnig_about_db_change.diff	2006-07-03 11:33:05 UTC (rev 287)
@@ -1,14 +0,0 @@
-diff -ur phpBB2.old/includes/sessions.php phpBB2/includes/sessions.php
---- phpBB2.old/includes/sessions.php	2005-11-30 01:02:11.000000000 +0100
-+++ phpBB2/includes/sessions.php	2005-11-30 03:04:55.162555547 +0100
-@@ -86,7 +86,9 @@
- 					AND k.key_id = '" . md5($sessiondata['autologinid']) . "'";
- 			if (!($result = $db->sql_query($sql)))
- 			{
--				message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql);
-+				message_die(CRITICAL_ERROR, 'Error doing DB query userdata
-+					row fetch (did you read <tt>/usr/share/doc/phpbb2/NEWS.Debian.gz</tt>?)',
-+					'', __LINE__, __FILE__, $sql);
- 			}
- 
- 			$userdata = $db->sql_fetchrow($result);

Copied: trunk/phpbb2/patches/024_warning_about_db_change.diff (from rev 285, trunk/phpbb2/patches/024_warnig_about_db_change.diff)

Modified: trunk/phpbb2/patches/050_XXX_visual_confirm_for_guest_posts.XXXdiff
===================================================================
--- trunk/phpbb2/patches/050_XXX_visual_confirm_for_guest_posts.XXXdiff	2006-07-03 11:10:41 UTC (rev 286)
+++ trunk/phpbb2/patches/050_XXX_visual_confirm_for_guest_posts.XXXdiff	2006-07-03 11:33:05 UTC (rev 287)
@@ -1,6 +1,6 @@
-diff -urN phpBB2.old/posting.php phpBB2/posting.php
---- phpBB2.old/posting.php	2006-02-06 16:18:50.232137597 +0100
-+++ phpBB2/posting.php	2006-02-06 16:16:39.987888000 +0100
+diff -ur phpBB2.orig/posting.php phpBB2/posting.php
+--- phpBB2.orig/posting.php	2006-06-09 16:29:43.000000000 +0200
++++ phpBB2/posting.php	2006-07-03 13:29:44.000000000 +0200
 @@ -20,6 +20,12 @@
   *
   ***************************************************************************/
@@ -14,7 +14,7 @@
  define('IN_PHPBB', true);
  $phpbb_root_path = './';
  include($phpbb_root_path . 'extension.inc');
-@@ -539,6 +545,56 @@
+@@ -547,6 +553,56 @@
  		case 'editpost':
  		case 'newtopic':
  		case 'reply':
@@ -71,7 +71,7 @@
  			$username = ( !empty($HTTP_POST_VARS['username']) ) ? $HTTP_POST_VARS['username'] : '';
  			$subject = ( !empty($HTTP_POST_VARS['subject']) ) ? trim($HTTP_POST_VARS['subject']) : '';
  			$message = ( !empty($HTTP_POST_VARS['message']) ) ? $HTTP_POST_VARS['message'] : '';
-@@ -939,6 +995,66 @@
+@@ -948,6 +1004,66 @@
  		break;
  }
  
@@ -138,7 +138,7 @@
  // Generate smilies listing for page output
  generate_smilies('inline', PAGE_POSTING);
  
-@@ -978,6 +1094,7 @@
+@@ -987,6 +1103,7 @@
  	'HTML_STATUS' => $html_status,
  	'BBCODE_STATUS' => sprintf($bbcode_status, '<a href="' . append_sid("faq.$phpEx?mode=bbcode") . '" target="_phpbbcode">', '</a>'), 
  	'SMILIES_STATUS' => $smilies_status, 
@@ -146,7 +146,7 @@
  
  	'L_SUBJECT' => $lang['Subject'],
  	'L_MESSAGE_BODY' => $lang['Message_body'],
-@@ -993,6 +1110,9 @@
+@@ -1002,6 +1119,9 @@
  	'L_ATTACH_SIGNATURE' => $lang['Attach_signature'], 
  	'L_NOTIFY_ON_REPLY' => $lang['Notify'], 
  	'L_DELETE_POST' => $lang['Delete_post'],
@@ -156,9 +156,10 @@
  
  	'L_BBCODE_B_HELP' => $lang['bbcode_b_help'], 
  	'L_BBCODE_I_HELP' => $lang['bbcode_i_help'], 
-diff -urN phpBB2.old/templates/subSilver/posting_body.tpl phpBB2/templates/subSilver/posting_body.tpl
---- phpBB2.old/templates/subSilver/posting_body.tpl	2005-02-27 20:30:45.000000000 +0100
-+++ phpBB2/templates/subSilver/posting_body.tpl	2006-02-06 16:17:26.194874000 +0100
+Only in phpBB2: posting.php.orig
+diff -ur phpBB2.orig/templates/subSilver/posting_body.tpl phpBB2/templates/subSilver/posting_body.tpl
+--- phpBB2.orig/templates/subSilver/posting_body.tpl	2006-06-09 16:29:42.000000000 +0200
++++ phpBB2/templates/subSilver/posting_body.tpl	2006-07-03 13:29:44.000000000 +0200
 @@ -460,6 +460,16 @@
  	  </td>
  	</tr>





More information about the phpBB-l mailing list