[COMMENT] /* +-------------------------------------------------------------------------- | Invision Board v1.3.1 | ======================================== | > Mod_Installer | > Module written by Peter(Pit) | > Peter member at ibforen.de, Pit member at invisionize.com | > email: Peter@ibforen.de | | > Mod_Installer Version Number: 1.3.3 (2011-06-01) | > 2003 - 2011 by Peter | | > This is the CodeChange.php for Mod Security Update For IPB 1.3.1 by Peter +-------------------------------------------------------------------------- */ [COMMENT_END] [INTERFACE] 'title' => 'Security Fixes, Updates And Enhancements For IPB 1.3.1, Part B', 'sub_title' => 'Updates your Invisionboard 1.3.1, inserts all known security fixes and adds more essential features.', 'category' => 'ACP Mod', 'compatible' => 'Invision Power Board 1.3.1', 'version' => '2.7.1', 'author' => 'Peter', 'email' => 'Peter@ibforen.de', 'mod_token' => 'mod_sec_update_131', [INTERFACE_END] [HISTORY] [size=7][color=red]Important: DO NOT INSTALL MANUALLY. Use my ModInstaller and read section Customize! I have split the mod into 3 parts in order to avoid timeout problems. Remove the directory of an older version. Take care of installing all three parts.[/color][/size] [size=3][color=red]Before installing this mod: Do not forget to remove my mods [b]Customize Date[/b], [b]Load Lang Bug[/b], [b]Extension Bug[/b] and some other mod providing relative dates.[/color][/size] 2.7.0 [arrow] 2.7.1, dated on July 29th, 2011 [list][*]New menu item in ACP [arrow] System Settings [arrow] General Configuration: Service for localization of ip addresses Localization of ip addresses is available for admins at board online view and several pages in ACP. It helps to recognize and to identify spammers and attackers. [*]New menu item in ACP [arrow] System Settings [arrow] General Configuration: Board Start Date (please remove my mod start_date if installed) [*]Bugfix for multi quote system Cookie values for quoted posts were not deleted [/list] [b]Update[/b] [list][*]Copy all files from mod archive to their appropriate places Do not forget folder sources/mods/sec_update_131_A/ip2loc [*]]Replace Skin/xxx/mod_sec_update_skin_topic.php [*]Install all 3 parts with The ModInstaller [*]Select the localization service in ACP [/list] 2.6.9 [arrow] 2.7.0, dated on July 25th, 2011 [list][*]New menu item in ACP: Board as Admin This means you can browse your board as root admin with full rights but invisible. Access to all areas even if they are inactive. [*]New in ACP [arrow] Board Logs: Online Stats This is similar to the board stats in board view but you can stay in ACP. [*]ACP menue slightly beautified [/list] [b]Update[/b] [list][*]Copy the new ACP images into html/sys-img [*]Copy the language files in their folders [*]Copy the mod files in their folders in sources/mods/xxx [*]Install all 3 parts with The ModInstaller [/list] 2.6.8 [arrow] 2.6.9, dated on July 15th, 2011 [list][*]Mod split injto 3 parts to avoid timeout problems and memory errors [LIST][*]Part A: sql commands admin.php and index.php All files in /sources from Boards.php to Profile.php [*]Part B: All files in /sources from Register.php to UserCP.php All files in /sources/lib and /sources/misc [*]Part C: All files in /sources/Admin[/LIST] [/list] 2.6.7 [arrow] 2.6.8, dated on June 26th, 2011 [list][*]Bugfixes concerning password protected forums [/list] 2.6.6 [arrow] 2.6.7, dated on June 14th, 2011 [list][*]Access to password protected forums is granted immediately to admins, global moderators and moderators for this forum without password login [*]Improvements in ModCP: Exchange mod_sec_update_skin_modcp (New function start_topics inherited from skin_modcp.php) [*]Improvements in AdminCP: Personal ACP settings are stored in a new sql table ibf_acp_config for each admin separately. So admins will have their preferences available independent of cookie storage. (New sql table and changes in admin.php and in sources/Admin/ad_prefs.php) [*]No lagging on index page with huge upload folders. Size of all uploads is calculated asynchronously with XAJAX. [*]Edit languages: List of language files ordered alphabetically. [*]Displaying macro images now language dependent If folder style_images// exists and the admin has chosen that language then macro images will be displayed using that folder. Chosing admin language is much easier if you have installed mod Admin Language. [*]Macros support multilanguage Example: Insert title='<{LANG_M_NEW_POST}>' as title attribut in macro definition and define $lang['MACRO_NEW_POST'] in file mod_sec_lang_macro.php. English and German version of mod_sec_lang_macro.php have been included in mod archive. [*]Bugfix in Messenger.php Deleting of tracking messages failed with unread messages. [*]Bugfix in misc\contact_member.php Reporting post to moderator disfunctional for moderator groups and super moderators. [/list] 2.6.5 [arrow] 2.6.6, dated on November 30th, 2010 Minor bugfixes for request system. Replace mod_sec_update_ad_req_func.php and mod_sec_update_ucp_func.php in sources/mods/sec_update_131_A. 2.6.1 [arrow] 2.6.5, dated on June 6th, 2010 [color=red][size=5][b]Attention[/b][/size] If you have Mod BBCode installed then you must reinstall it with version > 2.2.11. This is because a feature of Mod BBCode was moved to the new version of Mod Security&Updates (this mod). [/color] [list][*]New ModCP Nearly all moderator actions are concentrated in one place (Too much changes to list them here. Use The ModInstaller) [*]Changes for Lost Password User can enter user name or email address Changes in sources/Register.php, new lang/xx/mod_sec_lang_reg.php [*]Edit Post Permission: New in ACP => Forum Control => Manage Forums: [list][*]Use global group settings [*]Overwrite global group settings and set edit time in minutes [*]Always editable if group is allowed to edit own posts [/list][*]Profile Fields [list][*]New option in ACP to make them searchable in the memberlist [*]Custom location of custom fields in profile view Use <!--{CUSTOM.FIELD_1}-->, <!--{CUSTOM.FIELD_2}-->, etc. in skin_profile.php [/list]Changes in ad_profilefields.php, Memberlist.php, Profile.php [*]Guests Permission: Guests can see coming birthdays only if they are allowed to see member profiles Changes in Boards.php [*]Report system: New in ACP => System Settings => Security: 'Report this post' as PM (not only as email) Changes in sources/misc/contact_member.php, sources/Admin/ad_settings.php and language files [*]New in ACP => System Settings => Date & Time Formats: Set summertime for all members Changes in ad_settings.php [*]New in ACP => Board Guidelines: Board guidelines language dependent and additional fields for terms of use in registration process Changes in ad_settings.php [/list] 2.6.0 [arrow] 2.6.1, dated on December 14th, 2009 [list][*]Bugfix for inactive categories Although a category is switched off, forums and topics are reachable with direct links Changes in index.php, sources(Forums.php and sources/Topics.php [/list] 2.5.2 [arrow] 2.6.0, dated on December 1st, 2009 [b]Attention[/b]: This is a big update with a lot of code changes and sql changes. Do not install manually. [list][*]Thread view of topics Now you can reply to posts (not only to the topic). So we can have threaded topics with replies to replies [*]Thread view of PMs and answered PMs and replies to PMs Own replies to a PM and received replies are displayed in a threaded view [*]New quoting system [list][*]Multi quote: Mark several posts for quoting by clicking on the quote buttons. Selected post ids are stored in cookies. [*]Quote a part of a post by marking post text in topic view and by clicking on the quote buttons [*]Quoted posts and quoted parts of posts are transmitted into the qquick reply box. [/list] [*]New quick reply behavior [list][*]Each post has its quick reply button. The reply box appears always on the screen and not at the end of the page. [*]Quick reply box is fully draggable if javscript library scriptaculous is included. [/list] [*]New style of page links with css [*]Request system (user requests) Members have a new section in Personal CP to send requests to the administration of the board. In the current release they can send form based requests for changing their member names and text based informal requests. Administrators or moderators with ACP access can manage those requests. [*]Fix for permission to view online lists By default all groups can view the list of users online in board view, forum view and topic view, but only if the online list is active. You can withdraw permission for each group. [*]Bugfix for moderator logs Long topic titles causes sql error. Field action modified in ibf_moderator_logs [/list] [size=5][color=red]Complete Feature List[/color][/size] [i](Only new functions and modules)[/i] [size=5]User Mode[/size] [b]Common features[/b] [LIST][*]PHP5 ready [/LIST] [b]Register and Login[/b] [LIST][*]Admin anonymous login Admin anonymous login is totally unvisible except for admins (no count in stats, no count in topics nor forums nor board stats) [*]Profile fields in registration process [*]Timezone selection during registration process to avoid time problems [*]Timezone and daylight saving time (DST) calculated from ip address [*]Registration takes care of the language set for this guest (useful for multilanguage forums) [/LIST] [b]Views[/b] [LIST][*]Preview of topics [*]Thread view of topics Now you can reply to posts (not only to the topic). So we can have threaded topics with replies to replies [*]Thread view of PMs and answered PMs and replies to PMs Own replies to a PM and received replies are displayed in a threaded view [*]Guest restriction for attachments New Option in ACP Profiles for guest restriction from viewing and downloading attachments [*]New style of page links with css [*]Code added in index.php concerning language and skin selection for guests and members (useful for multilanguage forums) [*]Relative dates as in IPB2.x [*]Enables language dependant skins [*]Enables skin dependant emoticons, avatars, team icons and mime type icons [*]Enables appropriate mime type icons for attachments [*]Member online/offline status in topic view dependant on group setting [/LIST] [b]Posting[/b] [LIST][*]New quoting system [list][*]Multi quote: Mark several posts for quoting by clicking on the quote buttons. Selected post ids are stored in cookies. [*]Quote a part of a post by marking post text in topic view and by clicking on the quote buttons [*]Quoted posts and quoted parts of posts are transmitted into the qquick reply box. [/list] [*]New quick reply behavior [list][*]Each post has its quick reply button. The reply box appears always on the screen and not at the end of the page. [*]Quick reply box is fully draggable if javscript library scriptaculous is included. [/list] [*]BBCode system improved for lists Now you can use list=12 or list=a,12 or list=i,3 in order to set the start value of the ordered list. [/LIST] [b]Messaging[/b] [LIST][*]Preview of message text in message list view [*]Tracking of messages modified in order to meet data confidentiality Receipient of messages can send read receipts on his own decision [*]Request system (user requests) Members have a new section in Personal CP to send requests to the administration of the board. In the current release they can send form based requests for changing their member names and text based informal requests. Administrators or moderators with ACP access can manage those requests. [*]MSN Messenger Profile feature MSN Messenger updated to match the new service Live Messenger. Profile field should contain the Live identity like {i] (Live ID)[/i]. You can retrieve your ID with a new function in UserCP. [/LIST] [size=5]Admin Mode (Admin Control Panel ACP)[/size] [b]Common Features In Admin Control Panel[/b] [LIST][*]Improvements for ACP menu for faster access [*]Update information in ACP when an update of this mod is available [*]Update function removed (IPS does not provide any updates for IPB 1.3.x) [*]Skin&Languages [LIST][*]Filenames and function names added to sections and bits [*]Non default groups (e.g. added by modifications) show their functions in the original order [*]ACP => Skin&Templates=> Sets: List in alphabetical order [*]ACP => Skin&Templates => Macros: List in alphabetical order [/LIST] [/LIST] [b]Security Features For Admin Access[/b] [LIST][*]Access to ACP secured admin.php can be named as you like it. The link ACP in user mode does not redirect to that file. Call ACP directly by using the real script name. [*]Non-root admins cannot edit or delete root admins [*]Non-root admins do not have access to critical ACP sections (System Settings, SQL Management, Admin Logs) [*]Finetuning of ACP access for non-root admins [*]Logout button in ACP for security (e.g. in multi-user environments) [*]Removes debug information for other groups than admins, if debug is accidently activated (index.php) [/LIST] [HISTORY_END] [SQL] [SQL_END] [CODE] [MOD_TOKEN] mod_sec_update_131 [FNAME] sources/Register.php [STEP] [SEARCH] $ibforums->lang = $std->load_words($ibforums->lang, 'lang_register', $ibforums->lang_id ); [INSERT] //-- mod_sec_update_131 begin $ibforums->lang = $std->load_words($ibforums->lang, 'mod_sec_lang_reg', $ibforums->lang_id ); //-- mod_sec_update_131 end [MODE] insert_below [STEP] [SEARCH] $DB->query("SELECT name, id, email, mgroup FROM ibf_members WHERE LOWER(name)='$member_name'"); [INSERT] //-- mod_sec_update_131 begin $member_name = str_replace( '|', '|', $member_name); $DB->query("SELECT name, id, email, mgroup FROM ibf_members WHERE LOWER(name)='$member_name'"); if (!$DB->get_num_rows()) { if (strlen($member_name) <= 128 && preg_match("/^([^@]+)@(.*)$/", $member_name, $parts)) { $user = $parts[1]; $domain = $parts[2]; if (!preg_match("/[^a-zA-Z0-9_.+-]/", $user) && strlen($domain) <= 128 && !preg_match("/[^a-zA-Z0-9.-]/", $domain) && preg_match("/\\./", $domain)) { $DB->query("SELECT name, id, email, mgroup FROM ibf_members WHERE LOWER(email)='$member_name'"); if (!$DB->get_num_rows()) $std->Error( array( 'LEVEL' => 1, 'MSG' => 'no_such_user' ) ); } } } if (FALSE) //-- mod_sec_update_131 end [MODE] insert_above [STEP] [SEARCH] 'LONG' [INSERT] //-- mod_sec_update_131 begin , TRUE //-- mod_sec_update_131 end [MODE] insert_below [STEP] [SEARCH] 'lost_pass' => 1, 'ip_address' => $ibforums->input['IP_ADDRESS'] ) ); [INSERT] //-- mod_sec_update_131 begin $DB->query("DELETE FROM ibf_validating WHERE member_id={$member['id']} AND lost_pass=1"); //-- mod_sec_update_131 end [MODE] insert_below [STEP] [SEARCH] $DB->query("SELECT * from ibf_pfields_data WHERE fedit=1 AND fshowreg=1 ORDER BY forder"); [INSERT] //-- mod_sec_update_131 begin $lang = $std->load_words($lang, 'lang_ucp', $ibforums->lang_id ); $fields = array("website" => "website", "icq_number" => "icq", "aim_name" => "aol", "yahoo" => "yahoo", "msnname" => "msn", "location" => "location" ); $settings = array(); $config = explode("|", $ibforums->vars['profile_fields']); for ($i = 0; $i < count($config); $i++) { $value = explode(",", $config[$i]); $settings[$value[0]] = array($value[1], $value[2]); } if ($settings["birthday"][0]) { $date = getdate(); $day = ""; $month = ""; $year = ""; for ( $i = 1 ; $i < 32 ; $i++ ) { $day .= "" : ">$i"; } $day = ""; for ( $i = 1 ; $i < 13 ; $i++ ) { $month .= "" : ">{$lang['month'.$i]}"; } $month = ""; $i = $date['year'] - 1; $j = $date['year'] - 100; for ( $i ; $j < $i ; $i-- ) { $year .= "" : ">$i"; } $year = ""; $entry = $this->html->field_entry($lang['birthday'], "", $day.$month.$year); if ($settings["birthday"][1]) $required_output .= $entry; else $optional_output .= $entry; } foreach ($fields as $field => $desc) { if ($settings[$field][0]) { $entry = $this->html->field_entry($lang[$desc], "", $this->html->field_textinput("pfield_".$field, $ibforums->input["pfield_".$field])); if ($settings[$field][1]) $required_output .= $entry; else $optional_output .= $entry; } } if ($settings["interests"][0]) { $entry = $this->html->field_entry($lang['interests'], "", $this->html->field_textarea( 'pfield_interests', $ibforums->input['pfield_interests'])); if ($settings["interests"][1]) $required_output .= $entry; else $optional_output .= $entry; } //-- mod_sec_update_131 end [MODE] insert_above [STEP] [SEARCH] 'new_reg' => 1, 'ip_address' => $member['ip_address'] ) ); [INSERT] //-- mod_sec_update_131 begin $DB->query("DELETE FROM ibf_validating WHERE member_id={$member['id']} AND new_reg=1"); //-- mod_sec_update_131 end [MODE] insert_below [STEP] [SEARCH] $this->output .= $this->html->ShowForm( array( 'TEXT' => $ibforums->lang['std_text'], [INSERT] //-- mod_sec_update_131 begin if (file_exists(ROOT_PATH."lang/".$ibforums->lang_id."/lang_glines.php")) { $ibforums->lang = $std->load_words($ibforums->lang, 'lang_glines', $ibforums->lang_id ); $ibforums->lang['click_wrap'] = $std->my_nl2br($ibforums->lang['terms_of_use']); } $this->html = $std->load_template('mod_sec_update_skin_reg'); //-- mod_sec_update_131 end [MODE] insert_above [STEP] [SEARCH] if ($required_output != "") [INSERT] //-- mod_sec_update_131 begin require_once (ROOT_PATH."sources/mods/sec_update_131_A/mod_sec_update_func.php"); $xajax = new mod_sec_update_xajax(); if ($ibforums->input['tz']) $xajax->process("reg", "process_xajax"); else $required_output .= $xajax->process("reg", "get_javascript"); $lang = $std->load_words($lang, "lang_ucp", $ibforums->lang_id); $time_select = "

"; $dst_check = $dst?"checked='checked'":""; $dst_in_use = " "; $time_select .= $dst_in_use; $lang = $std->load_words($lang, 'lang_date', $ibforums->lang_id); $time_select .= $lang['dst_box']; $site = parse_url($ibforums->vars['board_url']); $site = $site['host']; $time_select .= "

".str_replace("{site}", $site, $lang['calculate_zone_info']); $required_output .= $this->html->field_entry( $lang['settings_time'], $lang['settings_time_txt']."
{$lang['calculated_zone']}
", $time_select ); //-- mod_sec_update_131 end [MODE] insert_above [STEP] [SEARCH] 'new_reg' => 1, 'ip_address' => $member['ip_address'] ) ); [INSERT] //-- mod_sec_update_131 begin $DB->query("DELETE FROM ibf_validating WHERE member_id={$member['id']} AND new_reg=1"); //-- mod_sec_update_131 end [MODE] insert_below [STEP] [SEARCH] $DB->query("SELECT * FROM ibf_members WHERE LOWER(name)='".strtolower($ibforums->input['username'])."'"); [INSERT] //-- mod_sec_update_131 begin $ibforums->input['username'] = str_replace( '|', '|',trim($ibforums->input['username'])); $ibforums->input['username'] = preg_replace("/&#([0-9]+);/ie", "\$this->convert_html_char('\\1')", $ibforums->input['username'] ); $ibforums->input['username'] = preg_replace("`(\.|\!)+$`", "_", $ibforums->input['username'] ); //-- mod_sec_update_131 end [MODE] insert_above [STEP] [SEARCH] //---------------------------------- // Custom profile field stuff [INSERT] //-- mod_sec_update_131 begin $fields = array("website" => "website", "icq_number" => "icq", "aim_name" => "aol", "yahoo" => "yahoo", "msnname" => "msn", "location" => "location", "interests" => "interests" ); $settings = array(); $config = explode("|", $ibforums->vars['profile_fields']); for ($i = 0; $i < count($config); $i++) { $value = explode(",", $config[$i]); $settings[$value[0]] = array($value[1], $value[2]); } if ($settings["birthday"][0] && $settings["birthday"][1]) { if (!$ibforums->input['day'] || !$ibforums->input['month'] || (!$ibforums->vars['birthday_wo_year'] && !$ibforums->input['year'])) $std->Error( array( 'LEVEL' => 1, 'MSG' => 'complete_form' ) ); } foreach ($fields as $field) { if ($settings[$field][0] && $settings[$field][1]) { if (empty($ibforums->input["pfield_".$field])) $std->Error( array( 'LEVEL' => 1, 'MSG' => 'complete_form' ) ); } } //-- mod_sec_update_131 end [MODE] insert_above [STEP] [SEARCH] // Trim off the username and password [INSERT] //-- mod_sec_update_131 begin $ibforums->input['UserName'] = preg_replace("/&#([0-9]+);/ie", "\$this->convert_html_char('\\1')", $ibforums->input['UserName'] ); $ibforums->input['UserName'] = preg_replace("`(\.|\!)+$`", "_", $ibforums->input['UserName'] ); //-- mod_sec_update_131 end [MODE] insert_below [STEP] [SEARCH] //+-------------------------------------------- //| Insert into the DB [INSERT] //-- mod_sec_update_131 begin if ($settings["birthday"][0]) { $member['bday_day'] = $ibforums->input['day']; $member['bday_month'] = $ibforums->input['month']; $member['bday_year'] = $ibforums->input['year']; } foreach ($fields as $field => $desc) { if ($settings[$field][0]) { $member[$field] = $ibforums->input["pfield_".$field]; } } if ($ibforums->vars['profile_allow_ibc']) { require "./sources/lib/post_parser.php"; $this->parser = new post_parser(); $member['interests'] = $this->parser->convert($member['interests']); $member['location'] = $this->parser->convert($member['location']); } $member['language'] = $ibforums->lang_id; $member['time_offset'] = intval($ibforums->input['time_offset']); $member['dst_in_use'] = intval($ibforums->input['dst_in_use']); //-- mod_sec_update_131 end [MODE] insert_above [STEP] [SEARCH] } ?> [INSERT] //-- mod_sec_update_131 begin function convert_html_char($char = "") { if ($char < 126) return html_entity_decode("&#".$char.";"); else return ""; } //-- mod_sec_update_131 end [MODE] insert_above [FNAME_END] [MOD_TOKEN] mod_sec_update_131 [FNAME] sources/Search.php [STEP] [SEARCH] $ibforums->lang = $std->load_words($ibforums->lang, 'lang_search', [INSERT] //-- mod_sec_update_131 begin $ibforums->lang = $std->load_words($ibforums->lang, 'mod_sec_lang', $ibforums->lang_id); $ibforums->vars['pre_pinned'] = $ibforums->lang['pre_pinned']; $ibforums->vars['pre_moved'] = $ibforums->lang['pre_moved']; $ibforums->vars['pre_polls'] = $ibforums->lang['pre_polls']; //-- mod_sec_update_131 end [MODE] insert_above [STEP] [SEARCH] $words = trim(urldecode($words)); [INSERT] //-- mod_sec_update_131 begin global $std; $words = $std->clean_value($words); //-- mod_sec_update_131 end [MODE] insert_below [STEP] [SEARCH] $this->first = $ibforums->input['st']; [INSERT] //-- mod_sec_update_131 begin $this->first = max(0, $this->first); //-- mod_sec_update_131 end [MODE] insert_below [STEP] [SEARCH] $this->read_array = unserialize(stripslashes($read)); [INSERT] //-- mod_sec_update_131 begin $this->read_array = $std->clean_int_array(unserialize(stripslashes($read))); //-- mod_sec_update_131 end [MODE] insert_below [STEP] [SEARCH] $topics .= $row['tid'].","; [INSERT] //-- mod_sec_update_131 begin $topics .= " "; //-- mod_sec_update_131 end [MODE] insert_below [STEP] [SEARCH] preg_replace( "/,$/", "", $topics ); [INSERT] //-- mod_sec_update_131 begin $topics = preg_replace( "/, $/", "", $topics ); //-- mod_sec_update_131 end [MODE] insert_above_bol [STEP] [SEARCH] $this->first = intval($ibforums->input['st']) != "" ? intval($ibforums->input['st']) : 0; [INSERT] //-- mod_sec_update_131 begin $this->first = max(0, $this->first); //-- mod_sec_update_131 end [MODE] insert_below [STEP] [SEARCH] function check_access($i) [INSERT] /*-- mod_sec_update_131 exclude begin [MODE] insert_above [STEP] [SEARCH] if ($i['password'] != "") [INSERT] -- mod_sec_update_131 exclude end */ //-- mod_sec_update_131 begin function check_access(&$i) { global $std, $ibforums; $can_read = TRUE; if ($ibforums->member['mgroup'] == $ibforums->vars['admin_group'] || $ibforums->member['g_is_supmod'] || ($ibforums->member['is_mod'] && $ibforums->member['mod_forums'][$i['id']])) $i['password'] = ""; //-- mod_sec_update_131 end [MODE] insert_above [FNAME_END] [MOD_TOKEN] mod_sec_update_131 [FNAME] sources/Topics.php [STEP] [SEARCH] $this->html = $std->load_template('skin_topic'); [INSERT] //-- mod_sec_update_131 begin $ibforums->lang = $std->load_words($ibforums->lang, 'mod_sec_lang_topic', $ibforums->lang_id); $this->html = $std->load_template('mod_sec_update_skin_topic'); //-- mod_sec_update_131 end [MODE] insert_below [STEP] [SEARCH] if ( ! $ibforums->topic_cache['tid'] ) { [INSERT] //-- mod_sec_update_131 begin if (TRUE) $DB->query("SELECT f.*, f.name as forum_name, f.id as forum_id, f.posts as forum_posts, f.topics as forum_topics, t.*, c.name as cat_name, c.id as cat_id, c.state as cat_state FROM ibf_topics t, ibf_forums f , ibf_categories c WHERE t.tid=".$ibforums->input['t']." and f.id = t.forum_id and f.category=c.id"); else //-- mod_sec_update_131 end [MODE] insert_below [STEP] [SEARCH] $this->topic = $ibforums->topic_cache; } [INSERT] //-- mod_sec_update_131 begin if ($ibforums->member['mgroup'] == $ibforums->vars['admin_group'] || $ibforums->member['g_is_supmod'] || ($ibforums->member['is_mod'] && $ibforums->member['mod_forums'][$this->topic['forum_id']])) $this->topic['password'] = ""; if ( $this->topic['cat_state'] == 0 ) $std->Error( array( LEVEL => 1, MSG => 'is_broken_link') ); //-- mod_sec_update_131 end [MODE] insert_below [STEP] [SEARCH] $this->read_array = unserialize(stripslashes($read)); [INSERT] //-- mod_sec_update_131 begin $this->read_array = $std->clean_int_array( unserialize(stripslashes($read)) ); //-- mod_sec_update_131 end [MODE] insert_below [STEP] [SEARCH] if ( isset($ibforums->input['view']) ) [INSERT] //-- mod_sec_update_131 begin if (!$ibforums->input['tooltip']) //-- mod_sec_update_131 end [MODE] insert_above [STEP] [SEARCH] $pid = "&#entry".$post['pid']; [INSERT] //-- mod_sec_update_131 begin $pid = "&pid=".$post['pid']."&#entry".$post['pid']; //-- mod_sec_update_131 end [MODE] insert_below [STEP] [SEARCH] $std->boink_it($ibforums->base_url."showtopic=".$this->topic['tid']."&st=$st"."&#entry".$pid); [INSERT] //-- mod_sec_update_131 begin $std->boink_it($ibforums->base_url."showtopic=".$this->topic['tid']."&st=$st"."&pid=$pid&mode={$ibforums->input['mode']}#entry".$pid); exit(); //-- mod_sec_update_131 end [MODE] insert_above [STEP] [SEARCH] //------------------------------------- // Update the topic views counter [INSERT] //-- mod_sec_update_131 begin if ($ibforums->input['tooltip']) { $dir = $ibforums->input['tooltip'] == "last"?"DESC":"ASC"; if ($ibforums->input['pid']) $filter = "AND pid='".intval($ibforums->input['pid'])."'"; $DB->query( "SELECT post, post_date, author_id, author_name FROM ibf_posts WHERE topic_id=".$this->topic['tid']." AND queued != 1 $filter ORDER BY post_date $dir LIMIT 1"); if ($DB->get_num_rows()) { $row = $DB->fetch_row(); $post = preg_replace( "#.+?#", "\\1" , $row['post'] ); $post = preg_replace( "//", "(IMG:\\1)", $post ); if ($this->forum['use_html'] == 1) { if (stristr( $post, '[dohtml]')) { $parse = ($this->forum['use_html'] AND $row['g_dohtml']) ? 1 : 0; $post = $this->parser->post_db_parse($post, $parse ); } } if ( $ibforums->vars['post_wordwrap'] > 0 ) $post = $this->parser->my_wordwrap( $post, $ibforums->vars['post_wordwrap']) ; $date = $std->get_date($row['post_date'], "LONG"); $post = "
[{$row['author_name']}] {$ibforums->lang['posted_on']} $date
".str_replace( "
", "
", $post )."
"; $print->pop_up_window("Preview", $post); die; } exit(); } //-- mod_sec_update_131 end [MODE] insert_above [STEP] [SEARCH] $this->topic['SHOW_PAGES'] [INSERT] //-- mod_sec_update_131 begin $first = max(0, intval($ibforums->input['st'])); $limit = "$first, ".$ibforums->vars['display_max_posts']; if ($ibforums->vars['display_topic_thread']) { $view_thread = intval($ibforums->member['topic_thread']); $tc = $std->my_getcookie("topic_thread"); $toggle_view = $this->topic['topic_thread']; if (isset($ibforums->input['thread'])) { $view_thread = intval($ibforums->input['thread']); if ($tc != $view_thread) { $std->my_setcookie("topic_thread", $view_thread?1:2); } } elseif ($tc) $view_thread = intval($tc == 1); // if (!$ibforums->vars['display_topic_preview'] || !$this->topic['topic_thread']) if (!$this->topic['topic_thread']) $view_thread = false; elseif (!$tc && !isset($ibforums->input['thread'])) { if ($ibforums->member['topic_thread'] == 0) $view_thread = 0; elseif ($ibforums->member['topic_thread'] == 1) $view_thread = 1; elseif ($this->topic['topic_thread'] == 1 && $ibforums->vars['display_topic_thread_global']) { if ( $ibforums->vars['display_topic_thread_default']) $view_thread = 1; else $view_thread = 0; } elseif ($this->topic['topic_thread'] == 2) $view_thread = 0; elseif ($this->topic['topic_thread'] == 3) $view_thread = 1; } if ($view_thread) { $tst = intval($ibforums->input['tst']); $DB->query( "SELECT p.pid, p.ref, p.topic_id, p.post_date, p.post, m.id, m.name FROM ibf_posts p LEFT JOIN ibf_members m ON (p.author_id=m.id) WHERE p.topic_id=".$this->topic['tid']." and p.queued != 1 ORDER BY p.post_date"); $children = array(); $ref = array(); $pid = intval($ibforums->input['pid']); $pids = array(); while ($r = $DB->fetch_row()) { $r['post'] = str_replace("
", " ", $r['post']); $r['post'] = str_replace("

", " ", $r['post']); $r['post'] = preg_replace("``s", "", $r['post']); $r['post'] = preg_replace("`<.+?>`s", "", $r['post']); if (strlen($r['post']) > 40) { $i = 40; while ($i < strlen($r['post']) && substr($r['post'], $i, 1) != " ") $i++; $r['post'] = substr($r['post'], 0, $i)." ..."; } if (!isset($this->first_post)) { $r['post'] = $this->topic['title']; $this->first_post = $r; } else if (!$r['ref']) { $r['ref'] = $this->first_post['pid']; } if ($r['pid'] == $pid) $this->post = $r; if ($r['ref'] == $this->first_post['pid']) $root_answers++; if ($r['ref']) { $children[$r['ref']][$r['pid']] = $r; $ref[$r['pid']] = $r['ref']; } $pids[$r['pid']] = 1; } $this->test_children($children, $pids); $view_thread = intval(count($children) > 0); if ($view_thread) if ($parents = $this->get_parents($ref, $pid)) { $filter = " AND p.pid in (".implode(",", array_keys($parents)).")"; $this->topic['posts'] = count($parents) - 1; if ($ibforums->input['st'] > count($parents)) { $ibforums->input['st'] = 0; $limit = "0, ".$ibforums->vars['display_max_posts']; } $this->topic['SHOW_PAGES'] = $std->build_pagelinks( array( 'TOTAL_POSS' => ($this->topic['posts']+1), 'PER_PAGE' => $ibforums->vars['display_max_posts'], 'CUR_ST_VAL' => $ibforums->input['st'], 'L_SINGLE' => "", 'BASE_URL' => $this->base_url."thread=1&pid=$pid&tst=$st&showtopic=".$this->topic['tid'].$hl, ) ); } else { $filter = " AND p.pid='".$this->first_post['pid']."'"; $limit = "1"; $this->topic['SHOW_PAGES'] = ""; } } } if (!$view_thread) //-- mod_sec_update_131 end [MODE] insert_above [STEP] [SEARCH] $this->output .= $this->html->PageTop( array( 'TOPIC' => $this->topic, 'FORUM' => $this->forum ) ); [INSERT] //-- mod_sec_update_131 begin if ($ibforums->input['mode'] == "single") { $this->topic['pid'] = $ibforums->input['pid']; $this->output .= $this->html->PageTopSingle( array( 'TOPIC' => $this->topic, 'FORUM' => $this->forum ) ); } else //-- mod_sec_update_131 end [MODE] insert_above [STEP] [SEARCH] $first = intval($ibforums->input['st']); [INSERT] //-- mod_sec_update_131 begin $first = max(0, $first); //-- mod_sec_update_131 end [MODE] insert_below [STEP] [SEARCH] $DB->query( "SELECT p.*, [INSERT] //-- mod_sec_update_131 begin if (!$ibforums->topic_cache['f_rte'] && $ibforums->vars['allow_multi_quote']) { $mqt = $std->my_getcookie("mqt_ids"); if ($mqt) { $mqt_ids = explode(",", $mqt); array_splice($mqt_ids, 0, 1); if (count($mqt_ids)) { $i = 0; foreach ($mqt_ids as $id) { $_id = explode("_", $id); $i++; $ids_array[$i] = $_id[0]; } $mqt_ids = array_flip($ids_array); } } } if ($toggle_view) $this->output = str_replace( "", $this->html->toggle_view( $this->topic['tid'], $ibforums->input['pid'], (1 - $view_thread), $ibforums->input['st'], $view_thread?$ibforums->lang['normal_view']:$ibforums->lang['thread_view'], $view_thread?$ibforums->lang['thread_view']:$ibforums->lang['normal_view'] ), $this->output ); if ($view_thread) { $per_page = 3*$ibforums->vars['display_max_posts']; $start = $tst; $end = $start + $per_page; $page_links = $std->build_pagelinks( array( 'TOTAL_POSS' => $root_answers, 'PER_PAGE' => $per_page, 'CUR_ST_VAL' => $tst, 'L_SINGLE' => "", 'BASE_URL' => $this->base_url."showtopic=".$this->topic['tid']."&pid=$pid&thread=1", ) ); $page_links = str_replace("multi_page_jump", "thread_multi_page_jump", $page_links); $page_links = str_replace("st=", "tst=", $page_links); $thread[] = array($this->first_post, "", $pid); $thread = array_merge($thread, $this->get_children($this->first_post['pid'], $children, $parents, "", $start, $end)); if (count($thread)) { $img = array("S" => "children_space", "D" => "children_down", "M" => "children_more", "L" => "children_last"); $show_preview = $ibforums->vars['display_topic_preview'] && $ibforums->member['topic_preview'] && strpos($ibforums->skin['css_text'], "domTT") !== FALSE; if ($show_preview) { $tooltip = "onMouseOver=\"domTT_oneOnly = true; this.style.color = '#000000';"; $tooltip .= "return makeFalse(domTT_activate(this, event, 'caption', '', 'width', '510px', 'fade', 'both', 'fadeMax', 100, 'trail', false, 'offsetX', 20, 'offsetY', 5, 'lazy', true, 'delay', 500, 'content', '<iframe src="{$ibforums->base_url}showtopic={$this->topic['tid']}&pid={PID}&tooltip=1" style="width:500px;height:200px;"></iframe>', 'styleClass', 'domTTlegend', 'type', 'velcro' ));\""; } foreach($thread as $entry) { $prefix = $entry[1]; foreach ($img as $s => $r) $prefix = str_replace($s, "", $prefix); $class = "row1"; if ($entry[2]) $class = "searchlite"; $out .= $this->html->thread_entry(array('class' => $class, 'prefix' => $prefix, 'tid' => $this->topic['tid'], 'pid' => $entry[0]['pid'], 'post' => $entry[0]['post'], 'poster' => $entry[0]['name'], 'poster_id' => $entry[0]['id'], 'date' => $std->get_date($entry[0]['post_date'], "LONG"), 'tooltip' => $show_preview?str_replace("{PID}", $entry[0]['pid'], $tooltip):"", 'tst' => $tst, ) ); } $this->output = str_replace( "", $this->html->show_thread($out, $page_links, intval($ibforums->input['scroll'])), $this->output ); } unset($show_preview); unset($thread); unset($ref); unset($parents); unset($children); } if ($ibforums->input['mode'] == "single") { $filter = " AND p.pid='".$ibforums->input['pid']."'"; $limit = "1"; } $can_view_onoff = $ibforums->member['g_can_view_on_off'] || $ibforums->member['mgroup'] == $ibforums->vars['admin_group'] || $ibforums->member['access_cp'] || $ibforums->member['is_sup_mod']; if ($can_view_onoff) { $ibforums->lang = $std->load_words($ibforums->lang, 'lang_date', $ibforums->lang_id); $DB->query( "SELECT p.*, m.id,m.name,m.mgroup,m.email,m.joined,m.avatar,m.avatar_size,m.posts,m.aim_name,m.icq_number,m.last_activity, m.signature, m.website,m.yahoo,m.integ_msg,m.title,m.hide_email,m.msnname, m.warn_level, m.warn_lastwarn, g.g_id, g.g_title, g.g_icon, g.g_dohtml, s.login_type, s.running_time, g.g_hide_from_list, g.g_can_view_on_off $join_get_fields FROM ibf_posts p LEFT JOIN ibf_members m ON (p.author_id=m.id) LEFT JOIN ibf_groups g ON (g.g_id=m.mgroup) LEFT JOIN ibf_sessions s ON (s.member_id=p.author_id AND s.member_id<>0 AND s.member_id IS NOT NULL) $join_profile_query WHERE p.topic_id=".$this->topic['tid']." and p.queued != 1 $filter GROUP BY pid ORDER BY p.{$ibforums->vars['post_order_column']} {$ibforums->vars['post_order_sort']} LIMIT $limit"); } else { $DB->query( "SELECT p.*, m.id,m.name,m.mgroup,m.email,m.joined,m.avatar,m.avatar_size,m.posts,m.aim_name,m.icq_number, m.signature, m.website,m.yahoo,m.integ_msg,m.title,m.hide_email,m.msnname, m.warn_level, m.warn_lastwarn,m.last_activity, g.g_id, g.g_title, g.g_icon, g.g_dohtml $join_get_fields FROM ibf_posts p LEFT JOIN ibf_members m ON (p.author_id=m.id) LEFT JOIN ibf_groups g ON (g.g_id=m.mgroup) $join_profile_query WHERE p.topic_id=".$this->topic['tid']." and p.queued != 1 $filter ORDER BY p.{$ibforums->vars['post_order_column']} {$ibforums->vars['post_order_sort']} LIMIT $limit"); } if ($this->topic['quick_reply'] && $std->check_perms( $this->topic['reply_perms'])) $quick_reply = true; if (FALSE) //-- mod_sec_update_131 end [MODE] insert_above [STEP] [SEARCH] // Add it to the cached list [INSERT] //-- mod_sec_update_131 begin if ($can_view_onoff) { $cutoff = time() - ($ibforums->vars['au_cutoff']?$ibforums->vars['au_cutoff']:15)*60; if ($ibforums->member['mgroup'] == $ibforums->vars['admin_group'] || $ibforums->member['access_cp'] || $ibforums->member['is_sup_mod']) { $online =$poster['login_type'] == 1?"online_anon":($poster['login_type'] === '0' || $poster['login_type'] == -1?"online":"offline"); } else if ($ibforums->member['g_can_view_on_off']) { $online =$poster['login_type'] == 1?"offline":($poster['login_type'] === '0' || $poster['login_type'] == -1?"online":"offline"); } if ($online == "online" && intval($poster['running_time']) < $cutoff) { $online = "offline"; } if (method_exists($this->html, "state_online")) switch($online) { case "online" : $poster['state_on_off'] = $this->html->state_online(); break; case "online_anon" : $poster['state_on_off'] = $this->html->state_online_anon(); break; case "offline" : $poster['state_on_off'] = $this->html->state_offline(); break; } } //-- mod_sec_update_131 end [MODE] insert_above [STEP] [SEARCH] $row['post'] = preg_replace( "/member['id']) $row['post'] = preg_replace( "//", "".$ibforums->lang[", $row['post'] ); else //-- mod_sec_update_131 end [MODE] insert_above [STEP] [SEARCH] $keywords = str_replace( "+", " ", $ibforums->input['hl'] ); [INSERT] //-- mod_sec_update_131 begin $ibforums->input['hl'] = $std->clean_value(urldecode($ibforums->input['hl'])); //-- mod_sec_update_131 end [MODE] insert_above [STEP] [SEARCH] $row['post_date'] = $std->get_date( $row['post_date'], 'LONG' ); [INSERT] //-- mod_sec_update_131 begin if ($ibforums->input['mode'] == "single") $row['nr'] = 1; else $row['nr'] = intval($limit) + $post_count + 1; $row['time'] = $row['post_date']; if (!$ibforums->topic_cache['f_rte'] && $ibforums->vars['allow_multi_quote']) if (isset($mqt_ids[$row['pid']])) $row['quote_link'] = $this->html->multiquote_remove_link($row['pid']); else $row['quote_link'] = $this->html->multiquote_add_link($row['pid']); else $row['quote_link'] = $this->html->quote_link($row['pid']); if (!empty($ibforums->vars['cookie_domain']) && $ibforums->vars['cookie_domain'] != "localhost") $row['cookie_domain'] = "domain={$ibforums->vars['cookie_domain']};"; $row['reply_link'] = $this->post_reply_button($row['pid']); if ($quick_reply) $row['quick_reply_link'] = $this->post_quick_reply_button($row['pid']); //-- mod_sec_update_131 end [MODE] insert_above [STEP] [SEARCH] if ($row['attach_id']) [INSERT] //-- mod_sec_update_131 begin if ($ibforums->input['mode'] == "single") { $row['quick_reply_link'] = ""; $row['report_link'] = ""; $row['delete_button'] = ""; $row['quote_link'] = $this->html->quote_link($row['pid']); } //-- mod_sec_update_131 end [MODE] insert_above [STEP] [SEARCH] if ($row['attach_id']) [INSERT] //-- mod_sec_update_131 begin if (!$ibforums->member['id'] && !$ibforums->vars['guests_attach']) $row['attachment'] = "

".$ibforums->lang["; else //-- mod_sec_update_131 end [MODE] insert_below [STEP] [SEARCH] if ( $ibforums->vars['siu_thumb'] AND [INSERT] //-- mod_sec_update_131 begin if (!$ibforums->member['view_img']) { if (!$ibforums->member['id']) $row['attachment'] = "

".$ibforums->lang["; else $row['attachment'] = "

(IMG:{$ibforums->lang['pic_attach']})"; } else //-- mod_sec_update_131 end [MODE] insert_above [STEP] [SEARCH] $row['attachment'] = $this->html->Show_attachments( array ( [INSERT] //-- mod_sec_update_131 begin $icon = $this->mimetypes[ $row['attach_type'] ][1]; $ext = pathinfo($row['attach_file']); $default_icon = $ext['extension'].".gif"; unset ($ext); if (TRUE) $row['attachment'] = $this->html->Show_attachments( array ( 'hits' => $row['attach_hits'], 'image' => file_exists($ibforums->vars['html_dir']."mime_types/".$icon)?$icon:$default_icon, 'name' => $row['attach_file'], 'pid' => $row['pid'], ) ); else //-- mod_sec_update_131 end [MODE] insert_above [STEP] [SEARCH] $this->output .= $this->html->TableFooter [INSERT] //-- mod_sec_update_131 begin if ($ibforums->input['mode'] == "single") { if (strpos($this->output, "output = preg_replace("``ie", "\$std->get_date(\\1, \"LONG\")", $this->output); if (strpos($this->output, "output = preg_replace("``ie", "\$this->get_post_link('\\1')", $this->output); $this->output .= $this->html->TableFooterSingle( array( 'TOPIC' => $this->topic, 'FORUM' => $this->forum ) ); $print->pop_up_window($ibforums->lang['single_post_title'], $this->output); exit; } //-- mod_sec_update_131 end [MODE] insert_above [STEP] [SEARCH] $this->output .= $this->html->TableFooter( [INSERT] //-- mod_sec_update_131 begin if (strpos($this->output, "output = preg_replace("``ie", "\$std->get_date(\\1, \"LONG\")", $this->output); if (strpos($this->output, "output = preg_replace("``ie", "\$this->get_post_link('\\1')", $this->output); if ($view_thread) { $this->output = str_replace( "", $this->html->show_thread($out, $page_links, intval($ibforums->input['scroll'])), $this->output ); unset($out); unset($page_links); } //-- mod_sec_update_131 end [MODE] insert_below_eol [STEP] [SEARCH] if ($ibforums->vars['no_au_topic'] != 1 [INSERT] //-- mod_sec_update_131 begin && $ibforums->member['g_can_view_online'] //-- mod_sec_update_131 end [MODE] insert_below [STEP] [SEARCH] $DB->query("SELECT s.member_id, s.member_name, s.login_type, s.location, g.suffix, g.prefix, g.g_perm_id, m.org_perm_id [INSERT] //-- mod_sec_update_131 begin if ($ibforums->member['mgroup'] == $ibforums->vars['admin_group']) { $DB->query("SELECT s.member_id, s.member_name, s.login_type, s.location, g.suffix, g.prefix, g.g_perm_id, m.org_perm_id FROM ibf_sessions s LEFT JOIN ibf_groups g ON (g.g_id=s.member_group) LEFT JOIN ibf_members m on (s.member_id=m.id) WHERE s.in_topic={$this->topic['tid']} AND s.running_time > $time ORDER BY s.running_time DESC"); } else { $DB->query("SELECT s.member_id, s.member_name, s.login_type, s.location, g.suffix, g.prefix, g.g_perm_id, m.org_perm_id FROM ibf_sessions s LEFT JOIN ibf_groups g ON (g.g_id=s.member_group) LEFT JOIN ibf_members m on (s.member_id=m.id) WHERE s.in_topic={$this->topic['tid']} AND s.running_time > $time AND ((s.login_type IS NULL) OR s.login_type<>'1' OR (s.login_type='1' AND s.member_group<>'{$ibforums->vars['admin_group']}')) ORDER BY s.running_time DESC"); } if (FALSE) //-- mod_sec_update_131 end [MODE] insert_above [STEP] [SEARCH] $this->output = str_replace( "" [INSERT] //-- mod_sec_update_131 begin else if ($std->check_perms( $this->topic['reply_perms']) && $this->topic['state'] != 'closed') $this->output = str_replace( "" , $this->html->quick_reply_box_open($this->topic['forum_id'], $this->topic['tid'], "none", $this->md5_check), $this->output ); //-- mod_sec_update_131 end [MODE] insert_above [STEP] [SEARCH] if ($member['msnname']) [INSERT] //-- mod_sec_update_131 begin if ($member['msnname'] && $ibforums->member['id']) { $member['msn_icon'] = "base_url}act=MSN&control=1&MID={$member['id']}','MSNCONTROL','455','300',0,1,1,5,50);PopUp('{$this->base_url}act=MSN&MID={$member['id']}','Pager',450,370,1,0,0,50,50);\"><{P_MSN}>"; $name = $member['msnname']; $names = explode("(", $name); if (count($names) > 1) { $result = ""; $names[1] = trim(str_replace(")", "", $names[1])); $lid = $names[1]."@apps.messenger.live.com"; $url = "http://messenger.services.live.com/users/{$lid}/presenceimage"; $a = parse_url($url); $fp = @fsockopen ($a['host'], 80, $errno, $errstr, 30); if (!$errno && !$errstr) { @fwrite ($fp, "GET {$a['path']} HTTP/1.0\r\nHost: {$a['host']}\r\n\r\n"); while (!feof($fp)) { $result .= @fgets($fp,1024); } @fclose($fp); } if ($result) { $img = trim(preg_replace("`^.*location:\s*(.*?)\n.*?$`is", "\\1", $result)); } $member['msn_icon'] .= ""; } } if (FALSE) //-- mod_sec_update_131 end [MODE] insert_above [STEP] [SEARCH] if ($member['integ_msg']) [INSERT] //-- mod_sec_update_131 begin if (FALSE) //-- mod_sec_update_131 end [MODE] insert_above [STEP] [SEARCH] if ($ibforums->member['g_edit_cutoff'] > 0) [INSERT] //-- mod_sec_update_131 begin if ($ibforums->topic_cache['editable'] == "overwrite") { if ( $post_date > (time() - (intval($ibforums->topic_cache['edit_time']) * 60 ))) return $button; } elseif ($ibforums->topic_cache['editable'] == "always") return $button; else //-- mod_sec_update_131 end [MODE] insert_above [STEP] [SEARCH] if ($this->topic['state'] == 'closed') [INSERT] //-- mod_sec_update_131 begin return $this->topic_reply_button(); //-- mod_sec_update_131 end [MODE] insert_above [STEP] [SEARCH] $std->boink_it($ibforums->base_url."showtopic=".$this->topic['tid']."&st=$st&"."#entry".$post['pid']); [INSERT] //-- mod_sec_update_131 begin $std->boink_it($ibforums->base_url."showtopic=".$this->topic['tid']."&st=$st&pid=".$post['pid']."&#entry".$post['pid']); exit(); //-- mod_sec_update_131 end [MODE] insert_above [STEP] [SEARCH] } ?> [INSERT] //-- mod_sec_update_131 begin function topic_reply_button() { global $ibforums; if ($this->topic['state'] == 'closed') { if ($ibforums->member['g_post_closed'] == 1) return "<{A_LOCKED_B}>"; else return "<{A_LOCKED_B}>"; } if ($this->topic['state'] == 'moved') return "<{A_MOVED_B}>"; if ($this->topic['poll_state'] == 'closed') return "<{A_POLLONLY_B}>"; return "<{A_REPLY}>"; } function post_reply_button($pid = 0) { global $ibforums; if (!$pid) return; if ($this->topic['state'] == 'closed') { if ($ibforums->member['g_post_closed'] == 1) return "<{P_REPLY}>"; else return; } if ($this->topic['state'] == 'moved') return; if ($this->topic['poll_state'] == 'closed') return; return "<{P_REPLY}>"; } function post_quick_reply_button($pid = 0) { global $ibforums; if (!$pid) return; if ($this->topic['state'] == 'closed') { if ($ibforums->member['g_post_closed'] == 1) return "<{P_QREPLY}>"; else return; } if ($this->topic['state'] == 'moved') return; if ($this->topic['poll_state'] == 'closed') return; return "<{P_QREPLY}>"; } function get_post_link($pid = "") { global $ibforums; if ($pid == "") return; return " "; } function get_parents(&$ref, $pid = "") { if (!$pid || !isset($ref[$pid])) return; $parents[$this->first_post['pid']] = 1; $id = $pid; while (isset($ref[$id])) { $parents[$ref[$id]] = 1; $id = $ref[$id]; } if ($this->post) $parents[$this->post['pid']] = 1; return $parents; } function get_children($parent_id, &$children, &$parents, $level = "", $start = 0, $end = 0) { $thread = array(); if (!isset($children[$parent_id])) return array(); $i = 0; foreach ($children[$parent_id] as $pid => $r) { $i++; if ($end) if ($i <= $start) continue; elseif ($i > $end ) break; $entry = array($r, "", false); if (isset($parents[$pid])) $entry[2] = true; if ($i == count($children[$parent_id])) { $entry[1] = $level."L"; $level1 = "S"; } else { $entry[1] = $level."M"; $level1 = "D"; } $thread[] = $entry; $thread = array_merge($thread, $this->get_children($pid, $children, $parents, $level.$level1)); } $children[$parent_id] = ""; return $thread; } function test_children(&$children, &$pids) { foreach ($children as $pid => $r) { if (!isset($pids[$pid])) { foreach ($r as $id => $s) { $children[$pid][$id]['ref'] = $this->first_post['pid']; $children[$this->first_post['pid']][$id] = $s; } unset($children[$pid]); } } } //-- mod_sec_update_131 end [MODE] insert_above [FNAME_END] [MOD_TOKEN] mod_sec_update_131 [FNAME] sources/Usercp.php [STEP] [SEARCH] var $html = ""; [INSERT] /*-- mod_sec_update_131 exclude begin [MODE] insert_below [STEP] [SEARCH] var $member = array(); [INSERT] -- mod_sec_update_131 exclude end */ [MODE] insert_above [STEP] [SEARCH] $ibforums->lang = $std->load_words($ibforums->lang, 'lang_post' [INSERT] //-- mod_sec_update_131 begin $ibforums->lang = $std->load_words($ibforums->lang, 'mod_sec_lang', $ibforums->lang_id); $ibforums->lang = $std->load_words($ibforums->lang, 'mod_sec_lang_ucp', $ibforums->lang_id); $ibforums->vars['pre_pinned'] = $ibforums->lang['pre_pinned']; $ibforums->vars['pre_moved'] = $ibforums->lang['pre_moved']; $ibforums->vars['pre_polls'] = $ibforums->lang['pre_polls']; //-- mod_sec_update_131 end [MODE] insert_above [STEP] [SEARCH] if (empty($this->member['vdirs'])) [INSERT] //-- mod_sec_update_131 begin $ibforums->lang = $std->load_words($ibforums->lang, "mod_sec_lang_msg", $ibforums->lang_id); //-- mod_sec_update_131 end [MODE] insert_above [STEP] [SEARCH] $folder_links .= $this->html->menu_bar_msg_folder_link($id, $real); [INSERT] //-- mod_sec_update_131 begin if ($id == "in") $real = $ibforums->lang['inbox']; if ($id == "sent") $real = $ibforums->lang['outbox']; //-- mod_sec_update_131 end [MODE] insert_above [STEP] [SEARCH] //-------------------------------------------- // Using Sub Manager? [INSERT] //-- mod_sec_update_131 begin if ($ibforums->vars['requests_active']) { require(ROOT_PATH."sources/mods/sec_update_131_A/mod_sec_update_ucp_func.php"); $ucp = new mod_sec_update_ucp(); $req_html = $ucp->get_menu(); if (strpos($menu_html, "") !== FALSE) { $menu_html = str_replace( "", $req_html, $menu_html); } else { $menu_html = str_replace("", $req_html."\n", $menu_html); } } //-- mod_sec_update_131 end [MODE] insert_above [STEP] [SEARCH] default: $this->splash(); [INSERT] //-- mod_sec_update_131 begin case 'requests': if (isset($ucp)) $ucp->dispatch($this); break; //-- mod_sec_update_131 end [MODE] insert_above [STEP] [SEARCH] $DB->query("INSERT INTO ibf_validating ({$db_str['FIELD_NAMES']}) VALUES({$db_str['FIELD_VALUES']})"); [INSERT] //-- mod_sec_update_131 begin $DB->query("DELETE FROM ibf_validating WHERE member_id={$this->member['id']} AND email_chg=1"); //-- mod_sec_update_131 end [MODE] insert_above [STEP] [SEARCH] time(), 'LONG' [INSERT] //-- mod_sec_update_131 begin , TRUE //-- mod_sec_update_131 end [MODE] insert_below [STEP] [SEARCH] $time_select = ""; else //-- mod_sec_update_131 end [MODE] insert_above [STEP] [SEARCH] $hide_sess = $std->my_getcookie('hide_sess'); [INSERT] //-- mod_sec_update_131 begin $this->output = str_replace("name='DST'", "name='DST' id='DST'", $this->output); if ($ibforums->member['time_offset'] != "") { $lang = $std->load_words($lang, 'lang_date', $ibforums->lang_id); $calc_html = "
"; $this->output .= $calc_html; } //-- mod_sec_update_131 end [MODE] insert_above [STEP] [SEARCH] 'PPS' => $post_select, ) ); [INSERT] //-- mod_sec_update_131 begin if ($ibforums->vars['display_topic_preview']) { if ($this->member['topic_preview']) $s_y = "selected='selected'"; else $s_n = "selected='selected'"; $topic_preview = "\n"; $this->output = str_replace("", "{$ibforums->lang['ucp_topic_preview']}\n", $this->output); } if ($ibforums->vars['display_topic_thread']) { $s_y = ""; $s_n = ""; if ($this->member['topic_thread'] == 1) $s_y = "selected='selected'"; elseif ($this->member['topic_thread'] == 2) $s_f = "selected='selected'"; else $s_n = "selected='selected'"; $topic_thread = "\n\n"; $this->output = str_replace("", "{$ibforums->lang['ucp_topic_view']}\n", $this->output); } //-- mod_sec_update_131 end [MODE] insert_below [STEP] [SEARCH] $std->Error( array( 'LEVEL' => 1, 'MSG' => 'cant_use_feature' ) ); } [INSERT] //-- mod_sec_update_131 begin $ibforums->lang = $std->load_words($ibforums->lang, 'mod_sec_lang_msg', $ibforums->lang_id); $ibforums->lang['msn'] = $ibforums->lang['ucp_msn']; if ($ibforums->input['getID']) { $this->html = $std->load_template('skin_emails'); $this->html2 = $std->load_template('mod_sec_update_skin_emails'); $return_url = str_replace("&", "%26", str_replace("?", "%3F", $ibforums->base_url)); $privacy_url = $return_url; $return_url .= "act=UserCP%26CODE=01%26getID=1%26return=1"; $privacy_url .= "act=UserCP%26CODE=01%26getID=1%26privacy=1"; if ($ibforums->input['privacy']) echo $this->html2->privacy(); else { if ($ibforums->input['return']) { if ($ibforums->input['result'] == "Accepted") { $id = explode("@", $ibforums->input['id']); echo $this->html2->setID_window($id[0]); } else { echo $this->html2->closeWindow(); } } else { echo $this->html2->getID_window($return_url, $privacy_url); } } exit(); } //-- mod_sec_update_131 end [MODE] insert_below [STEP] [SEARCH] $this->output .= $this->html->personal_panel($this->member); [INSERT] //-- mod_sec_update_131 begin $this->output = preg_replace("`(^.*)`is", "\\1", $this->output); $getid = "base_url}act=UserCP&CODE=01&getID=1','GETID','455','300',0,1,1,5,50);\" />"; $info = $ibforums->lang['ucp_msn_info']; $this->output = preg_replace("`(^.*)()`is", "\\1
\\2maxlength='64'\\3
$getid
$info", $this->output); //-- mod_sec_update_131 end [MODE] insert_below [STEP] [SEARCH] if ( $row['ftype'] == 'drop' ) [INSERT] //-- mod_sec_update_131 begin if ($row['ftype'] != "drop") { $field_data[$row['fid']] = $this->parser->unconvert( $field_data[$row['fid']], $ibforums->vars['profile_allow_ibc'], 0 ); } //-- mod_sec_update_131 end [MODE] insert_above [FNAME_END] [MOD_TOKEN] mod_sec_update_131 [FNAME] sources/lib/emailer.php [STEP] [SEARCH] $this->mail_headers .= "X-Mailer: IPB PHP Mailer\n"; [INSERT] //-- mod_sec_update_131 begin $offset = $ibforums->vars['time_offset']; $offset += round($ibforums->vars['time_adjust']/60); $offset += $ibforums->vars['dst_in_use']; $offset_h = floor(abs($offset)); $offset_m = round((abs($offset) - $offset_h)*60); $offset_h = str_pad($offset_h, 2, "0", STR_PAD_LEFT); if ($offset < 0) { $offset_h = "-".$offset_h; } else { $offset_h = "+".$offset_h; } $offset_m = str_pad($offset_m, 2, "0", STR_PAD_LEFT); $this->mail_headers .= "Date: ".date("D, d M Y H:i:s ", time()).$offset_h.$offset_m."\n"; //-- mod_sec_update_131 end [MODE] insert_below [STEP] [SEARCH] $this->build_headers(); [INSERT] //-- mod_sec_update_131 begin if (preg_match("`^\s*.*\s*$`is", $this->message)) { $this->mail_headers = str_replace("X-Mailer: IPB PHP Mailer", "X-Mailer: IPB PHP Mailer\nContent-Type: text/html; charset=\"iso-8859-1\"",$this->mail_headers); } //-- mod_sec_update_131 end [MODE] insert_below [FNAME_END] [MOD_TOKEN] mod_sec_update_131 [FNAME] sources/lib/post_new_post.php [STEP] [SEARCH] $this->topic = array( [INSERT] //-- mod_sec_update_131 begin $ibforums->input['UserName'] = str_replace("|", "|", $ibforums->input['UserName']); //-- mod_sec_update_131 end [MODE] insert_above [STEP] [SEARCH] 'pinned' => $pinned, ); [INSERT] //-- mod_sec_update_131 begin $this->topic['last_post'] = $this->post['post_date']; //-- mod_sec_update_131 end [MODE] insert_below [STEP] [SEARCH] $class->forum['last_post'] = time(); [INSERT] //-- mod_sec_update_131 begin $class->forum['last_post'] = $this->post['post_date']; //-- mod_sec_update_131 end [MODE] insert_below [FNAME_END] [MOD_TOKEN] mod_sec_update_131 [FNAME] sources/lib/post_poll.php [STEP] [SEARCH] $this->topic = array( [INSERT] //-- mod_sec_update_131 begin $ibforums->input['UserName'] = str_replace("|", "|", $ibforums->input['UserName']); //-- mod_sec_update_131 end [MODE] insert_above [STEP] [SEARCH] 'pinned' => 0, ); [INSERT] //-- mod_sec_update_131 begin $this->topic['last_post'] = $this->post['post_date']; //-- mod_sec_update_131 end [MODE] insert_below [STEP] [SEARCH] $class->forum['last_post'] = time(); [INSERT] //-- mod_sec_update_131 begin $class->forum['last_post'] = $this->post['post_date']; //-- mod_sec_update_131 end [MODE] insert_below [FNAME_END] [MOD_TOKEN] mod_sec_update_131 [FNAME] sources/lib/post_edit_post.php [STEP] [SEARCH] $this->orig_post = $DB->fetch_row(); [INSERT] //-- mod_sec_update_131 begin if( $this->orig_post['topic_id'] != $this->topic['tid'] ) { $std->Error( array( LEVEL => 1, MSG => 'missing_files') ); } //-- mod_sec_update_131 end [MODE] insert_below [STEP] [SEARCH] if ($ibforums->member['g_edit_cutoff'] > 0) [INSERT] //-- mod_sec_update_131 begin if ($class->forum['editable'] == "overwrite") { if ( $this->orig_post['post_date'] > (time() - (intval($class->forum['edit_time']) * 60 ))) $can_edit = 1; } elseif ($class->forum['editable'] == "always") $can_edit = 1; else //-- mod_sec_update_131 end [MODE] insert_above [STEP] [SEARCH] 'LONG' [INSERT] //-- mod_sec_update_131 begin , TRUE //-- mod_sec_update_131 end [MODE] insert_below [STEP] [SEARCH] $print->redirect_screen [INSERT] //-- mod_sec_update_131 begin if (isset($ibforums->input['redirect_opener'])) { if (isset($ibforums->input['opener_reload'])) $reload = "opener.location.reload();"; echo ""; die; } else $print->redirect_screen( $ibforums->lang['post_edited'], "act=ST&f={$class->forum['id']}&t={$this->topic['tid']}&pid={$this->post['pid']}&st={$ibforums->input['st']}#entry{$this->post['pid']}"); exit(); //-- mod_sec_update_131 end [MODE] insert_above [STEP] [SEARCH] $class->forum['use_html'] AND $ibforums->member['g_dohtml'] ? 1 : 0); [INSERT] //-- mod_sec_update_131 begin $this->post['post'] = preg_replace("``ie", "\$std->get_date(\\1, \"LONG\")", $this->post['post']); $this->post['post'] = preg_replace("``ie", "\$class->get_post_link('\\1', \$this->topic['tid'])", $this->post['post']); //-- mod_sec_update_131 end [MODE] insert_below [STEP] [SEARCH] $class->output .= $class->html->table_structure(); [INSERT] //-- mod_sec_update_131 begin if (isset($ibforums->input['redirect_opener'])) { $class->output .= "\n\n"; if (isset($ibforums->input['opener_reload'])) $class->output .= "\n"; } //-- mod_sec_update_131 end [MODE] insert_above [FNAME_END] [MOD_TOKEN] mod_sec_update_131 [FNAME] sources/lib/post_q_reply_post.php [STEP] [SEARCH] if ( ($class->obj['post_errors'] != "") or ($class->obj['preview_post'] != "") ) [INSERT] //-- mod_sec_update_131 begin $class->obj['preview_post'] = $ibforums->input['preview'] || $ibforums->input['is_preview']; //-- mod_sec_update_131 end [MODE] insert_above [STEP] [SEARCH] // Lets load the topic from the database before we do anything else. [INSERT] //-- mod_sec_update_131 begin $ibforums->input['pid'] = $ibforums->input['p']; //-- mod_sec_update_131 end [MODE] insert_above [STEP] [SEARCH] 'LONG' [INSERT] //-- mod_sec_update_131 begin , TRUE //-- mod_sec_update_131 end [MODE] insert_below [STEP] [SEARCH] $class->forum['last_post'] = time(); [INSERT] //-- mod_sec_update_131 begin $class->forum['last_post'] = $this->post['post_date']; $ibforums->input['UserName'] = str_replace("|", "|", $ibforums->input['UserName']); $std->my_setcookie("mqt_ids", ""); //-- mod_sec_update_131 end [MODE] insert_below [STEP] [SEARCH] $std->boink_it($class->base_url."showtopic={$this->topic['tid']}&st=$page&#entry{$this->post['pid']}"); [INSERT] //-- mod_sec_update_131 begin $std->boink_it($class->base_url."showtopic={$this->topic['tid']}&pid={$this->post['pid']}&st=$page&#entry{$this->post['pid']}"); exit(); //-- mod_sec_update_131 end [MODE] insert_above [FNAME_END] [MOD_TOKEN] mod_sec_update_131 [FNAME] sources/lib/post_reply_post.php [STEP] [SEARCH] if ( ($class->obj['post_errors'] != "") or ($class->obj['preview_post'] != "") ) [INSERT] //-- mod_sec_update_131 begin $class->obj['preview_post'] = $ibforums->input['preview'] || $ibforums->input['is_preview']; //-- mod_sec_update_131 end [MODE] insert_above [STEP] [SEARCH] $class->forum['last_post'] = time(); [INSERT] //-- mod_sec_update_131 begin $class->forum['last_post'] = $this->post['post_date']; $ibforums->input['UserName'] = str_replace("|", "|", $ibforums->input['UserName']); $std->my_setcookie("mqt_ids", ""); //-- mod_sec_update_131 end [MODE] insert_below [STEP] [SEARCH] $std->boink_it($class->base_url."showtopic={$this->topic['tid']}&st=$page&#entry{$this->post['pid']}"); [INSERT] //-- mod_sec_update_131 begin $std->boink_it($class->base_url."showtopic={$this->topic['tid']}&pid={$this->post['pid']}&st=$page&#entry{$this->post['pid']}"); exit(); //-- mod_sec_update_131 end [MODE] insert_above [STEP] [SEARCH] // we have a