Menu
▾
▴
[Phpbb-checkins] CVS: phpBB2/includes functions.php,1.133.2.3,1.133.2.4 usercp_avatar.php,1.8.2.5,1.8.2.6 usercp_register.php,1.20.2.14,1.20.2.15
|
From: Doug K. <dou...@us...> - 2002-07-08 06:09:14
|
Update of /cvsroot/phpbb/phpBB2/includes
In directory usw-pr-cvs1:/tmp/cvs-serv22965/includes
Modified Files:
Tag: phpBB-2_0_0
functions.php usercp_avatar.php usercp_register.php
Log Message:
Ok, not too much here... just a little enhancement to the Jumpbox, along
with some security problems fixed. All of them were found by Ludovic
Arnaud, with the exception of one, which was also found by Paranti.
I guess I'll be doing some more tomorrow, if I can find anything, but
that's it for tonight. (I'm tired...)
--Doug
Index: functions.php
===================================================================
RCS file: /cvsroot/phpbb/phpBB2/includes/functions.php,v
retrieving revision 1.133.2.3
retrieving revision 1.133.2.4
diff -C2 -r1.133.2.3 -r1.133.2.4
*** functions.php 23 Jun 2002 02:47:55 -0000 1.133.2.3
--- functions.php 8 Jul 2002 06:09:11 -0000 1.133.2.4
***************
*** 93,97 ****
function make_jumpbox($action, $match_forum_id = 0)
{
! global $template, $lang, $db, $SID, $nav_links, $phpEx;
$sql = "SELECT c.cat_id, c.cat_title, c.cat_order
--- 93,99 ----
function make_jumpbox($action, $match_forum_id = 0)
{
! global $template, $lang, $db, $userdata, $SID, $nav_links, $phpEx;
!
! $is_auth = auth(AUTH_VIEW, AUTH_LIST_ALL, $userdata);
$sql = "SELECT c.cat_id, c.cat_title, c.cat_order
***************
*** 136,140 ****
for($j = 0; $j < $total_forums; $j++)
{
! if ( $forum_rows[$j]['cat_id'] == $category_rows[$i]['cat_id'] && $forum_rows[$j]['auth_view'] <= AUTH_REG )
{
$selected = ( $forum_rows[$j]['forum_id'] == $match_forum_id ) ? 'selected="selected"' : '';
--- 138,142 ----
for($j = 0; $j < $total_forums; $j++)
{
! if ( $forum_rows[$j]['cat_id'] == $category_rows[$i]['cat_id'] && $is_auth[$forum_rows[$j]['forum_id']]['auth_view'] )
{
$selected = ( $forum_rows[$j]['forum_id'] == $match_forum_id ) ? 'selected="selected"' : '';
Index: usercp_avatar.php
===================================================================
RCS file: /cvsroot/phpbb/phpBB2/includes/usercp_avatar.php,v
retrieving revision 1.8.2.5
retrieving revision 1.8.2.6
diff -C2 -r1.8.2.5 -r1.8.2.6
*** usercp_avatar.php 23 Jun 2002 02:47:56 -0000 1.8.2.5
--- usercp_avatar.php 8 Jul 2002 06:09:11 -0000 1.8.2.6
***************
*** 65,69 ****
function user_avatar_gallery($mode, &$error, &$error_msg, $avatar_filename)
{
! return ( $mode == 'editprofile' ) ? ", user_avatar = '" . str_replace("\'", "''", $avatar_filename) . "', user_avatar_type = " . USER_AVATAR_GALLERY : '';
}
--- 65,77 ----
function user_avatar_gallery($mode, &$error, &$error_msg, $avatar_filename)
{
! if ( file_exists($board_config['avatar_gallery_path'] . '/' . $avatar_filename) && ($mode == 'editprofile') )
! {
! $return = ", user_avatar = '" . str_replace("\'", "''", $avatar_filename) . "', user_avatar_type = " . USER_AVATAR_GALLERY;
! }
! else
! {
! $return = '';
! }
! return $return;
}
Index: usercp_register.php
===================================================================
RCS file: /cvsroot/phpbb/phpBB2/includes/usercp_register.php,v
retrieving revision 1.20.2.14
retrieving revision 1.20.2.15
diff -C2 -r1.20.2.14 -r1.20.2.15
*** usercp_register.php 27 Jun 2002 20:06:44 -0000 1.20.2.14
--- usercp_register.php 8 Jul 2002 06:09:11 -0000 1.20.2.15
***************
*** 394,397 ****
--- 394,401 ----
$avatar_sql = user_avatar_gallery($mode, $error, $error_msg, $user_avatar_local);
}
+ else
+ {
+ $avatar_sql = '';
+ }
if ( !$error )
|
