phpBB 2.0.8 to phpBB 2.0.9 Code Changes These are the Changes from phpBB 2.0.8 to phpBB 2.0.9 summed up into a little Mod. This might be very helpful if you want to update your Board and have installed a bunch of Mods. Then it's normally easier to apply the Code Changes than to install all Mods again. When you find a 'AFTER, ADD'-Statement, the Code have to be added after the last line quoted in the 'FIND'-Statement. When you find a 'BEFORE, ADD'-Statement, the Code have to be added before the first line quoted in the 'FIND'-Statement. When you find a 'REPLACE WITH'-Statement, the Code quoted in the 'FIND'-Statement have to be replaced completely with the quoted Code in the 'REPLACE WITH'-Statement. When you find a 'DELETE'-Statement, the Code have to be deleted. After you have finished this tutorial, you have to upload the update_to_209.php file, execute it and then delete it from your webspace. Ok, lets start: admin/admin_board.php FIND - Line 46 2.0.8 Code:       $default_config[$config_name] = $config_value; REPLACE WITH 2.0.9 Code:       $default_config[$config_name] = str_replace("'", "\'", $config_value); admin/index.php FIND - Line 335 2.0.8 Code:          AND u.user_session_time >= " . ( time() - 300 ) . " REPLACE WITH 2.0.9 Code:          AND s.session_time >= " . ( time() - 300 ) . " common.php FIND - Line 27 2.0.8 Code:    die("Hacking attempt"); } AFTER, ADD 2.0.9 Code: // function unset_vars(&$var) {    while (list($var_name, $null) = @each($var))    {       unset($GLOBALS[$var_name]);    }    return; } // FIND - Line 41 2.0.8 Code: error_reporting  (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables set_magic_quotes_runtime(0); // Disable magic_quotes_runtime AFTER, ADD 2.0.9 Code: $ini_val = (@phpversion() >= '4.0.0') ? 'ini_get' : 'get_cfg_var'; // Unset globally registered vars - PHP5 ... hhmmm if (@$ini_val('register_globals') == '1' || strtolower(@$ini_val('register_globals')) == 'on') {    $var_prefix = 'HTTP';    $var_suffix = '_VARS';        $test = array('_GET', '_POST', '_SERVER', '_COOKIE', '_ENV');    foreach ($test as $var)    {       if (is_array(${$var_prefix . $var . $var_suffix}))       {          unset_vars(${$var_prefix . $var . $var_suffix});       }       if (is_array(${$var}))       {          unset_vars(${$var});       }    }    if (is_array(${'_FILES'}))    {       unset_vars(${'_FILES'});    }    if (is_array(${'HTTP_POST_FILES'}))    {       unset_vars(${'HTTP_POST_FILES'});    } } FIND - Line 153 2.0.8 Code: $theme = array(); $images = array(); $lang = array(); AFTER, ADD 2.0.9 Code: $nav_links = array(); FIND - Line 174 2.0.8 Code: if( getenv('HTTP_X_FORWARDED_FOR') != '' ) {    $client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR );    $entries = explode(',', getenv('HTTP_X_FORWARDED_FOR'));    reset($entries);    while (list(, $entry) = each($entries))    {       $entry = trim($entry);       if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", $entry, $ip_list) )       {          $private_ip = array('/^0\./', '/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.((1[6-9])|(2[0-9])|(3[0-1]))\..*/', '/^10\..*/', '/^224\..*/', '/^240\..*/');          $found_ip = preg_replace($private_ip, $client_ip, $ip_list[1]);          if ($client_ip != $found_ip)          {             $client_ip = $found_ip;             break;          }       }    } } else {    $client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR ); } REPLACE WITH 2.0.9 Code: // I'm removing HTTP_X_FORWARDED_FOR ... this may well cause other problems such as // private range IP's appearing instead of the guilty routable IP, tough, don't // even bother complaining ... go scream and shout at the idiots out there who feel // "clever" is doing harm rather than good ... karma is a great thing ... :) // $client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR ); faq.php FIND - Line 37 2.0.8 Code: // End session management // AFTER, ADD 2.0.9 Code: // Set vars to prevent naughtiness $faq = array(); FIND - Line 103 2.0.8 Code: make_jumpbox('viewforum.'.$phpEx, $forum_id); REPLACE WITH 2.0.9 Code: make_jumpbox('viewforum.'.$phpEx); groupcp.php FIND - Line 428 2.0.8 Code:                AND aa.group_id = g.group_id(+)"; REPLACE WITH 2.0.9 Code:                AND aa.group_id (+) = g.group_id"; FIND - Line 1152 2.0.8 Code:    // Select all group that the user is a member of or where the user has    // a pending membership.    // AFTER, ADD 2.0.9 Code:    $in_group = array();     FIND - Line 1248 2.0.8 Code:       $s_hidden_fields = ''; REPLACE WITH 2.0.9 Code:       $s_hidden_fields = '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />'; includes/bbcode.php FIND - Line 284 2.0.8 Code:    $text = preg_replace("#\[img\]((ht|f)tp://)([^ \?&=\"\n\r\t<]*?(\.(jpg|jpeg|gif|png)))\[/img\]#sie", "'[img:$uid]\\1' . str_replace(' ', '%20', '\\3') . '[/img:$uid]'", $text); REPLACE WITH 2.0.9 Code:    $text = preg_replace("#\[img\]((http|ftp|https|ftps)://)([^ \?&=\#\"\n\r\t<]*?(\.(jpg|jpeg|gif|png)))\[/img\]#sie", "'[img:$uid]\\1' . str_replace(' ', '%20', '\\3') . '[/img:$uid]'", $text); includes/functions_post.php FIND - Line 772 2.0.8 Code:       $page_title = $lang['Review_topic'] . " - $topic_title"; REPLACE WITH 2.0.9 Code:       $page_title = $lang['Emoticons'] . " - $topic_title"; includes/page_header.php FIND - Line 94 2.0.8 Code: $logged_hidden_online = 0; $guests_online = 0; $online_userlist = ''; AFTER, ADD 2.0.9 Code: $l_online_users = ''; FIND - Line 115 2.0.8 Code:    $prev_user_ip = ''; REPLACE WITH 2.0.9 Code:    $prev_user_ip = $prev_session_ip = ''; includes/sessions.php FIND - Line 48 2.0.8 Code:       $sessiondata = array();       $session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : '';       $sessionmethod = SESSION_METHOD_GET;    } AFTER, ADD 2.0.9 Code:    //    if (!preg_match('/^[A-Za-z0-9]*$/', $session_id))    {       $session_id = '';    } FIND - Line 224 2.0.8 Code:       $sessiondata = array();       $session_id = ( isset($HTTP_GET_VARS['sid']) ) ? $HTTP_GET_VARS['sid'] : '';       $sessionmethod = SESSION_METHOD_GET;    } AFTER, ADD 2.0.9 Code:    if (!preg_match('/^[A-Za-z0-9]*$/', $session_id))    {       $session_id = '';    } FIND - Line 360 2.0.8 Code:       $sessionmethod = SESSION_METHOD_GET;    } AFTER, ADD 2.0.9 Code:    if (!preg_match('/^[A-Za-z0-9]*$/', $session_id))    {       return;    }     includes/usercp_avatar.php FIND - Line 86 2.0.8 Code:    if ( !preg_match('#^((http)|(ftp):\/\/[\w\-]+?\.([\w\-]+\.)+[\w]+(:[0-9]+)*\/.*?\.(gif|jpg|jpeg|png)$)#is', $avatar_filename) ) REPLACE WITH 2.0.9 Code:    if ( !preg_match("#^((ht|f)tp://)([^ \?&=\#\"\n\r\t<]*?(\.(jpg|jpeg|gif|png))$)#is", $avatar_filename) ) includes/usercp_viewprofile.php FIND - Line 44 2.0.8 Code:    message_die(GENERAL_ERROR, 'Could not obtain ranks information', '', __LINE__, __FILE__, $sql); } AFTER, ADD 2.0.9 Code: $ranksrow = array(); index.php FIND - Line 121 2.0.8 Code:    message_die(GENERAL_ERROR, 'Could not query categories list', '', __LINE__, __FILE__, $sql); } AFTER, ADD 2.0.9 Code: $category_rows = array(); memberlist.php FIND - Line 238 2.0.8 Code:          'ROW_NUMBER' => $i + ( $HTTP_GET_VARS['start'] + 1 ), REPLACE WITH 2.0.9 Code:          'ROW_NUMBER' => $i + ( $start + 1 ), modcp.php FIND - Line 841 2.0.8 Code:                'S_FORUM_SELECT' => make_forum_select("new_forum_id", false, $forum_id))             ); AFTER, ADD 2.0.9 Code:             //             // Define censored word matches             //             $orig_word = array();             $replacement_word = array();             obtain_word_list($orig_word, $replacement_word); FIND - Line 847 2.0.8 Code:                $poster_id = $postrow[$i]['user_id']; REPLACE WITH 2.0.9 Code:                $poster_id = $postrow[$i]['poster_id']; DELETE - Line 879 2.0.8 Code:                //                // Define censored word matches                //                $orig_word = array();                $replacement_word = array();                obtain_word_list($orig_word, $replacement_word); posting.php FIND - Line 33 2.0.8 Code: $params = array('submit' => 'post', 'confirm' => 'confirm', 'preview' => 'preview', 'delete' => 'delete', 'poll_delete' => 'poll_delete', 'poll_add' => 'add_poll_option', 'poll_edit' => 'edit_poll_option', 'mode' => 'mode'); REPLACE WITH 2.0.9 Code: $params = array('submit' => 'post', 'preview' => 'preview', 'delete' => 'delete', 'poll_delete' => 'poll_delete', 'poll_add' => 'add_poll_option', 'poll_edit' => 'edit_poll_option', 'mode' => 'mode'); FIND - Line 45 2.0.8 Code:       $$var = '';    } } AFTER, ADD 2.0.9 Code: $confirm = isset($HTTP_POST_VARS['confirm']) ? true : false; privmsg.php FIND - Line 215 2.0.8 Code:          $pm_sql_user .= "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . " REPLACE WITH 2.0.9 Code:          $pm_sql_user = "AND ( ( pm.privmsgs_to_userid = " . $userdata['user_id'] . " FIND - Line 496 2.0.8 Code:    $temp_url = append_sid("privmsg.$phpEx?mode=post&" . POST_USERS_URL . "=$poster_id"); REPLACE WITH 2.0.9 Code:    $temp_url = append_sid("privmsg.$phpEx?mode=post&" . POST_USERS_URL . "=$user_id_from"); FIND - Line 1045 2.0.8 Code:                      OR privmsgs_type = " . PRIVMSGS_UNERAD_MAIL . " ) "; REPLACE WITH 2.0.9 Code:                      OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " ) "; FIND - Line 1855 2.0.8 Code: $post_new_mesg_url = '<a href="' . append_sid("privmsg.$phpEx?mode=post") . '"><img src="' . $images['post_new'] . '" alt="' . $lang['Post_new_message'] . '" border="0" /></a>'; REPLACE WITH 2.0.9 Code: $post_new_mesg_url = '<a href="' . append_sid("privmsg.$phpEx?mode=post") . '"><img src="' . $images['post_new'] . '" alt="' . $lang['Send_a_new_message'] . '" border="0" /></a>'; FIND - Line 1935 2.0.8 Code:    $limit_msg_time = '';    $post_days = 0; REPLACE WITH 2.0.9 Code:    $limit_msg_time = $limit_msg_time_total = '';    $msg_days = 0; FIND - Line 2066 2.0.8 Code:    'U_POST_NEW_TOPIC' => $post_new_topic_url) REPLACE WITH 2.0.9 Code:    'U_POST_NEW_TOPIC' => append_sid("privmsg.$phpEx?mode=post")) profile.php FIND - Line 86 2.0.8 Code: if ( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) ) {    $mode = ( isset($HTTP_GET_VARS['mode']) ) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode']; AFTER, ADD 2.0.9 Code:    $mode = htmlspecialchars($mode); search.php FIND - Line 113 2.0.8 Code:    $search_time = time() - ( ( ( !empty($HTTP_POST_VARS['search_time']) ) ? intval($HTTP_POST_VARS['search_time']) : intval($HTTP_GET_VARS['search_time']) ) * 86400 ); } else {    $search_time = 0; } REPLACE WITH 2.0.9 Code:    $search_time = time() - ( ( ( !empty($HTTP_POST_VARS['search_time']) ) ? intval($HTTP_POST_VARS['search_time']) : intval($HTTP_GET_VARS['search_time']) ) * 86400 );    $topic_days = (!empty($HTTP_POST_VARS['search_time'])) ? intval($HTTP_POST_VARS['search_time']) : intval($HTTP_GET_VARS['search_time']); } else {    $search_time = 0;    $topic_days = 0; } viewonline.php FIND - Line 49 2.0.8 Code:    'L_WHOSONLINE' => $lang['Who_is_online'], REPLACE WITH 2.0.9 Code:    'L_WHOSONLINE' => $lang['Who_is_Online'], viewtopic.php FIND - Line 66 2.0.8 Code:       if ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid']) || isset($HTTP_GET_VARS['sid']) )       {          $session_id = isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid']) ? $HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_sid'] : $HTTP_GET_VARS['sid']; AFTER, ADD 2.0.9 Code:          if (!preg_match('/^[A-Za-z0-9]*$/', $session_id))          {             $session_id = '';          }