diff --git a/lib/punbb/admin_index.php b/lib/punbb/admin_index.php
index a720aecae1a3d11cf20c846c57228bf896f2269b..2c09d63be864219f3fa34fc67a10093073863e9b 100644
--- a/lib/punbb/admin_index.php
+++ b/lib/punbb/admin_index.php
@@ -50,13 +50,10 @@ if ($action == 'check_upgrade')
if ($latest_version == '')
message('Check for upgrade failed for unknown reasons.');
- $cur_version = str_replace(array('.', 'dev', 'beta', ' '), '', strtolower($pun_config['o_cur_version']));
- $cur_version = (strlen($cur_version) == 2) ? intval($cur_version) * 10 : intval($cur_version);
+ $latest_version = preg_replace('/(\.0)+(?!\.)|(\.0+$)/', '$2', $latest_version);
+ $cur_version = preg_replace('/(\.0)+(?!\.)|(\.0+$)/', '$2', $cur_version);
- $latest_version = str_replace('.', '', strtolower($latest_version));
- $latest_version = (strlen($latest_version) == 2) ? intval($latest_version) * 10 : intval($latest_version);
-
- if ($cur_version >= $latest_version)
+ if (version_compare($cur_version, $latest_version, '>='))
message('You are running the latest version of PunBB.');
else
message('A new version of PunBB has been released. You can download the latest version at <a href="http://punbb.informer.com/">PunBB.Informer.Com</a>.');
diff --git a/lib/punbb/admin_prune.php b/lib/punbb/admin_prune.php
index 578b50149a11fd6e5fe96582ea1cc2060fd6e29f..d5ae2eb537df356718966e744d03d9dbe4c5d146 100644
--- a/lib/punbb/admin_prune.php
+++ b/lib/punbb/admin_prune.php
@@ -42,6 +42,7 @@ if (isset($_GET['action']) || isset($_POST['prune']) || isset($_POST['prune_comp
confirm_referrer('admin_prune.php');
$prune_from = $_POST['prune_from'];
+ $prune_sticky = isset($_POST['prune_sticky']) ? '1' : '0';
$prune_days = intval($_POST['prune_days']);
$prune_date = ($prune_days) ? time() - ($prune_days*86400) : -1;
@@ -56,14 +57,14 @@ if (isset($_GET['action']) || isset($_POST['prune']) || isset($_POST['prune_comp
{
$fid = $db->result($result, $i);
- prune($fid, $_POST['prune_sticky'], $prune_date);
+ prune($fid, $prune_sticky, $prune_date);
update_forum($fid);
}
}
else
{
$prune_from = intval($prune_from);
- prune($prune_from, $_POST['prune_sticky'], $prune_date);
+ prune($prune_from, $prune_sticky, $prune_date);
update_forum($prune_from);
}
@@ -93,7 +94,7 @@ if (isset($_GET['action']) || isset($_POST['prune']) || isset($_POST['prune_comp
// Concatenate together the query for counting number or topics to prune
$sql = 'SELECT COUNT(id) FROM '.$db->prefix.'topics WHERE last_post<'.$prune_date.' AND moved_to IS NULL';
- if ($_POST['prune_sticky'] == '0')
+ if (!$prune_sticky)
$sql .= ' AND sticky=\'0\'';
if ($prune_from != 'all')
@@ -127,7 +128,7 @@ if (isset($_GET['action']) || isset($_POST['prune']) || isset($_POST['prune_comp
<form method="post" action="admin_prune.php?action=foo">
<div class="inform">
<input type="hidden" name="prune_days" value="<?php echo $prune_days ?>" />
- <input type="hidden" name="prune_sticky" value="<?php echo $_POST['prune_sticky'] ?>" />
+ <input type="hidden" name="prune_sticky" value="<?php echo $prune_sticky ?>" />
<input type="hidden" name="prune_from" value="<?php echo $prune_from ?>" />
<fieldset>
<legend>Confirm prune posts</legend>
diff --git a/lib/punbb/include/common.php b/lib/punbb/include/common.php
index cb4916e9d6df2a0df2b5818953733760eff10d99..75aaa7ab696aa6643411e473a34c2215a47063aa 100644
--- a/lib/punbb/include/common.php
+++ b/lib/punbb/include/common.php
@@ -55,7 +55,8 @@ $pun_start = ((float)$usec + (float)$sec);
error_reporting(E_ALL ^ E_NOTICE);
// Turn off magic_quotes_runtime
-set_magic_quotes_runtime(0);
+if (get_magic_quotes_runtime())
+ set_magic_quotes_runtime(0);
// Strip slashes from GET/POST/COOKIE (if magic_quotes_gpc is enabled)
if (get_magic_quotes_gpc())
diff --git a/lib/punbb/include/functions.php b/lib/punbb/include/functions.php
index ee04d1a80ab34de35addbf7ff81d554407884992..8bb9f1c365be14bf4376a32c5ba097b60e65ee78 100644
--- a/lib/punbb/include/functions.php
+++ b/lib/punbb/include/functions.php
@@ -109,8 +109,8 @@ function check_cookie(&$pun_user)
$cookie = array('user_id' => 1, 'password_hash' => 'Guest');
// If a cookie is set, we get the user_id and password hash from it
- if (isset($_COOKIE[$cookie_name]))
- list($cookie['user_id'], $cookie['password_hash']) = @unserialize($_COOKIE[$cookie_name]);
+ if (isset($_COOKIE[$cookie_name]) && preg_match('/a:2:{i:0;s:\d+:"(\d+)";i:1;s:\d+:"([0-9a-f]+)";}/', $_COOKIE[$cookie_name], $matches))
+ list(, $cookie['user_id'], $cookie['password_hash']) = $matches;
if ($cookie['user_id'] > 1)
{
@@ -441,7 +441,7 @@ function update_forum($forum_id)
{
list($last_post, $last_post_id, $last_poster) = $db->fetch_row($result);
- $db->query('UPDATE '.$db->prefix.'forums SET num_topics='.$num_topics.', num_posts='.$num_posts.', last_post='.$last_post.', last_post_id='.$last_post_id.', last_poster=\''.$db->escape($last_poster).'\' WHERE id='.$forum_id) or error('Unable to update last_post/last_post_id/last_poster', __FILE__, __LINE__, $db->error());
+ $db->query('UPDATE '.$db->prefix.'forums SET num_topics='.$num_topics.', num_posts='.$num_posts.', last_post='.$last_post.', last_post_id='.$last_post_id.', last_poster=\''.$db->escape($last_poster).'\' WHERE id='.$forum_id) or error('Unable to update last_post/last_post_id/last_poster', __FILE__, __LINE__, $db->error());
}
else // There are no topics
$db->query('UPDATE '.$db->prefix.'forums SET num_topics='.$num_topics.', num_posts='.$num_posts.', last_post=NULL, last_post_id=NULL, last_poster=NULL WHERE id='.$forum_id) or error('Unable to update last_post/last_post_id/last_poster', __FILE__, __LINE__, $db->error());
diff --git a/lib/punbb/install.php b/lib/punbb/install.php
index 5adc6153514a08801e40c8247809697c44dac730..00836fcef4e1c9a12c148590a0b11d33783af47e 100644
--- a/lib/punbb/install.php
+++ b/lib/punbb/install.php
@@ -27,7 +27,7 @@ pun_exit();
// The PunBB version this script installs
-$punbb_version = '1.2.19';
+$punbb_version = '1.2.23';
define('PUN_ROOT', './');
diff --git a/lib/punbb/misc.php b/lib/punbb/misc.php
index 0ae9de3733e7e1fda5ddb3fd21275bfc7ce69f16..f5df5be955f22d1d90932fcbf57306abf93da4f7 100644
--- a/lib/punbb/misc.php
+++ b/lib/punbb/misc.php
@@ -253,7 +253,7 @@ else if (isset($_GET['subscribe']))
message($lang_common['Bad request']);
// Make sure the user can view the topic
- $result = $db->query('SELECT 1 FROM '.$db->prefix.'topics AS t LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=t.forum_id AND fp.group_id=1) WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.id='.$topic_id.' AND t.moved_to IS NULL') or error('Unable to fetch topic info', __FILE__, __LINE__, $db->error());
+ $result = $db->query('SELECT 1 FROM '.$db->prefix.'topics AS t LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=t.forum_id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.id='.$topic_id.' AND t.moved_to IS NULL') or error('Unable to fetch topic info', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
message($lang_common['Bad request']);
diff --git a/lib/punbb/moderate.php b/lib/punbb/moderate.php
index 2a367f8dbb5fbefa56be3f8a7fc9130fd60f0978..be00499951b550891e859e35acf247811ab732ec 100644
--- a/lib/punbb/moderate.php
+++ b/lib/punbb/moderate.php
@@ -170,7 +170,7 @@ if (isset($_GET['tid']))
// Determine the post offset (based on $_GET['p'])
$num_pages = ceil(($cur_topic['num_replies'] + 1) / $pun_user['disp_posts']);
- $p = (!isset($_GET['p']) || $_GET['p'] <= 1 || $_GET['p'] > $num_pages) ? 1 : $_GET['p'];
+ $p = (!isset($_GET['p']) || !is_numeric($_GET['p']) || $_GET['p'] <= 1 || $_GET['p'] > $num_pages) ? 1 : $_GET['p'];
$start_from = $pun_user['disp_posts'] * ($p - 1);
// Generate paging links
@@ -566,7 +566,7 @@ require PUN_ROOT.'header.php';
// Determine the topic offset (based on $_GET['p'])
$num_pages = ceil($cur_forum['num_topics'] / $pun_user['disp_topics']);
-$p = (!isset($_GET['p']) || $_GET['p'] <= 1 || $_GET['p'] > $num_pages) ? 1 : $_GET['p'];
+$p = (!isset($_GET['p']) || !is_numeric($_GET['p']) || $_GET['p'] <= 1 || $_GET['p'] > $num_pages) ? 1 : $_GET['p'];
$start_from = $pun_user['disp_topics'] * ($p - 1);
// Generate paging links
diff --git a/lib/punbb/search.php b/lib/punbb/search.php
index 01ec2e2db43b8acd94cf8c7bcf73603fd02d7ea3..955249552d175924011c173f2c02875a90a09f2c 100644
--- a/lib/punbb/search.php
+++ b/lib/punbb/search.php
@@ -466,7 +466,7 @@ if (isset($_GET['action']) || isset($_GET['search_id']))
$per_page = ($show_as == 'posts') ? $pun_user['disp_posts'] : $pun_user['disp_topics'];
$num_pages = ceil($num_hits / $per_page);
- $p = (!isset($_GET['p']) || $_GET['p'] <= 1 || $_GET['p'] > $num_pages) ? 1 : $_GET['p'];
+ $p = (!isset($_GET['p']) || !is_numeric($_GET['p']) || $_GET['p'] <= 1 || $_GET['p'] > $num_pages) ? 1 : $_GET['p'];
$start_from = $per_page * ($p - 1);
// Generate paging links
diff --git a/lib/punbb/userlist.php b/lib/punbb/userlist.php
index ad56a0749964a4ffd226efa9331726a63b620a3b..b667ec9dc1884d8b79237286712209889cb9df6a 100644
--- a/lib/punbb/userlist.php
+++ b/lib/punbb/userlist.php
@@ -125,7 +125,7 @@ $num_users = $db->result($result);
// Determine the user offset (based on $_GET['p'])
$num_pages = ceil($num_users / 50);
-$p = (!isset($_GET['p']) || $_GET['p'] <= 1 || $_GET['p'] > $num_pages) ? 1 : $_GET['p'];
+$p = (!isset($_GET['p']) || !is_numeric($_GET['p']) || $_GET['p'] <= 1 || $_GET['p'] > $num_pages) ? 1 : $_GET['p'];
$start_from = 50 * ($p - 1);
// Generate paging links
diff --git a/lib/punbb/viewforum.php b/lib/punbb/viewforum.php
index 6e3f3e733448bbf454ebe92a6337f7d858367814..5ec8674ca513a04a25ba5f4168d704c342c77136 100644
--- a/lib/punbb/viewforum.php
+++ b/lib/punbb/viewforum.php
@@ -69,7 +69,7 @@ else
// Determine the topic offset (based on $_GET['p'])
$num_pages = ceil($cur_forum['num_topics'] / $pun_user['disp_topics']);
-$p = (!isset($_GET['p']) || $_GET['p'] <= 1 || $_GET['p'] > $num_pages) ? 1 : $_GET['p'];
+$p = (!isset($_GET['p']) || !is_numeric($_GET['p']) || $_GET['p'] <= 1 || $_GET['p'] > $num_pages) ? 1 : $_GET['p'];
$start_from = $pun_user['disp_topics'] * ($p - 1);
// Generate paging links
@@ -253,4 +253,3 @@ else
$forum_id = $id;
$footer_style = 'viewforum';
require PUN_ROOT.'footer.php';
-
diff --git a/lib/punbb/viewtopic.php b/lib/punbb/viewtopic.php
index 5f1c3c986cf73c4ec2ef009afe78068167378468..584906e593a3b4c7377ff5a3206b672e9df9b8bf 100644
--- a/lib/punbb/viewtopic.php
+++ b/lib/punbb/viewtopic.php
@@ -128,7 +128,8 @@ else
// Determine the post offset (based on $_GET['p'])
$num_pages = ceil(($cur_topic['num_replies'] + 1) / $pun_user['disp_posts']);
-$p = (!isset($_GET['p']) || $_GET['p'] <= 1 || $_GET['p'] > $num_pages) ? 1 : $_GET['p'];
+$p = (!isset($_GET['p']) || !is_numeric($_GET['p']) || $_GET['p'] <= 1 || $_GET['p'] > $num_pages) ? 1 : $_GET['p'];
+
$start_from = $pun_user['disp_posts'] * ($p - 1);
// Generate paging links