phpBB 2.0.10 released !

Administrator Anmeldungsdatum: 02.08.2002 Beiträge: 4735 Wohnort: Aachen

phpBB 2.0.10 was released today by phpBB Group. The Version is called "Murphy is furry" release. This release had been made to fix one security related issue and some bugs introduced by the 2.0.9 release, plus two new ones.

This are the Code changes from 2.0.9 -> 2.0.10:

common.php

find line 43:

Code:

// Unset globally registered vars - PHP5 ... hhmmm
if (@$ini_val('register_globals') == '1' || strtolower(@$ini_val('register_globals')) == 'on')
{
$var_prefix = 'HTTP';
$var_suffix = '_VARS';

$test = array('_GET', '_POST', '_SERVER', '_COOKIE', '_ENV');

foreach ($test as $var)
{
if (is_array(${$var_prefix . $var . $var_suffix}))
{
unset_vars(${$var_prefix . $var . $var_suffix});
}

if (is_array(${$var}))
{
unset_vars(${$var});
}
}

if (is_array(${'_FILES'}))
{
unset_vars(${'_FILES'});
}

if (is_array(${'HTTP_POST_FILES'}))
{
unset_vars(${'HTTP_POST_FILES'});
}
}

replace with

Code:

// Unset globally registered vars - PHP5 ... hhmmm
if (@$ini_val('register_globals') == '1' || strtolower(@$ini_val('register_globals')) == 'on')
{
$var_prefix = 'HTTP';
$var_suffix = '_VARS';

$test = array('_GET', '_POST', '_SERVER', '_COOKIE', '_ENV');

foreach ($test as $var)
{
if (is_array(${$var_prefix . $var . $var_suffix}))
{
unset_vars(${$var_prefix . $var . $var_suffix});
@reset(${$var_prefix . $var . $var_suffix});
}

if (is_array(${$var}))
{
unset_vars(${$var});
@reset(${$var});
}
}

if (is_array(${'_FILES'}))
{
unset_vars(${'_FILES'});
@reset(${'_FILES'});
}

if (is_array(${'HTTP_POST_FILES'}))
{
unset_vars(${'HTTP_POST_FILES'});
@reset(${'HTTP_POST_FILES'});
}
}

// PHP5 with register_long_arrays off?
if (!isset($HTTP_POST_VARS) && isset($_POST))
{
$HTTP_POST_VARS = $_POST;
$HTTP_GET_VARS = $_GET;
$HTTP_SERVER_VARS = $_SERVER;
$HTTP_COOKIE_VARS = $_COOKIE;
$HTTP_ENV_VARS = $_ENV;
$HTTP_POST_FILES = $_FILES;
}

There was one bug introduced by a security fix in 2.0.9 making submitting board settings with single quotes (for example the board description) buggy.
This has been fixed by the following change:

admin/admin_board.php

find line 46:

Code:

$default_config[$config_name] = str_replace("'", "\'", $config_value);

replace with

Code:

$default_config[$config_name] = isset($HTTP_POST_VARS['submit']) ? str_replace("'", "\'", $config_value) : $config_value;

There was a problem caused by the unsetting of global vars. Because the style system itself makes two variables global, deleting styles no longer worked. To fix this problem, the following change is necessary:

admin/admin_styles.php

find line 49:

Code:

require('./pagestart.' . $phpEx);

after add:

Code:

$confirm = ( isset($HTTP_POST_VARS['confirm']) ) ? TRUE : FALSE;
$cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? TRUE : FALSE;

Some users reported problems with the jumpbox not working within the moderator control panel. The fix:

includes/functions.php

find line 190:

Code:

if ( !empty($SID) )
{
$boxstring .= '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />';
}

replace with

Code:

// Let the jumpbox work again in sites having additional session id checks.
// if ( !empty($SID) )
// {
$boxstring .= '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />';
// }

Amit Klein and Ory Segal reported a vulnerability with redirects (Apache users are not affected by this), which is fixed by these changes:

includes/functions.php

find line 743:

Code:

if (!empty($db))
{
$db->sql_close();
}

after add:

Code:

if (strstr(urldecode($url), "\n") || strstr(urldecode($url), "\r"))
{
message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
}

login.php

find line 96:

Code:

$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : '';
$redirect = str_replace('?', '&', $redirect);

after add

Code:

if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r"))
{
message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
}

find line 116:

Code:

$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "";
$redirect = str_replace("?", "&", $redirect);

after add

Code:

if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r"))
{
message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
}

search.php

find line 62:

Code:

$search_author = ( isset($HTTP_POST_VARS['search_author']) ) ? $HTTP_POST_VARS['search_author'] : $HTTP_GET_VARS['search_author'];

after add

Code:

$search_author = htmlspecialchars($search_author);

The visual confirmation pre-edited files were fixed to resolve an issue with a regular expression checking for correct confirm ids.
As with previous versions the visual confirmation and the template caching Mods are included in the contrib directory.

We urge all users to update promptly to this new release.

Downloads:

phpBB 2.0.10 Full Package
phpBB 2.0.10 Updated Files only
phpBB 2.0.10 Patch File

phpBB2.de User Anmeldungsdatum: 29.02.2004 Beiträge: 165

lol? schonwieder?
aber gut. gibts irgentwelche probleme mit 1.51 und diesen änderungen? und kommt noch ein fix für 1.51 raus?
mfg,
max

*erster*

phpBB2.de User Anmeldungsdatum: 12.06.2003 Beiträge: 311 Wohnort: Danmark

No database update?

phpBB2.de User Anmeldungsdatum: 06.06.2004 Beiträge: 5 Wohnort: Danmark

frold hat folgendes geschrieben:

No database update?

Hmm skal man selv kode alt det der ind?

Er i sikker på det virker i plus 1.51 2.0.9???

Hygge Wink

phpBB2.de User Anmeldungsdatum: 23.10.2003 Beiträge: 325 Wohnort: Troy, MI

Is there gonna be an update to the plus package?

So there won't be a need for a Plus 1.52 release if we do the following update you posted Stefan...

Cool Smile

phpBB2.de User Anmeldungsdatum: 02.12.2003 Beiträge: 125 Wohnort: JUBAIL

Rodriqo.com hat folgendes geschrieben:

Is there gonna be an update to the plus package?

I hope is there any update for plus version as you now the plus is very near date released so it is very bad to be in 2.0.9 instead of new 2.0.10 and really I hope is there no more new version release of phpBB also but if it is relate to security I hope is there Cool

So I hope Stefan will do some thing to release new plus package

phpBB2.de User Anmeldungsdatum: 27.11.2003 Beiträge: 994 Wohnort: sLOVEnia

Stefan this guys from phpbb makes you very bussy.
I am soure you are a bit anger about them.
Very Happy

phpBB2.de User Anmeldungsdatum: 02.12.2003 Beiträge: 125 Wohnort: JUBAIL

Reliable hat folgendes geschrieben:

So there won't be a need for a Plus 1.52 release if we do the following update you posted Stefan...

Cool Smile

New version of plus was released ====. phpBB2 plus 1.52

It is very cool and you can read more about the new released from here

http://www.phpbb2.de/viewtopic.php?t=14476

Good luck for all

Hi ...

Warum heißt die Version 2.0.10 und nicht 2.1.0 ????
2.0.10 sieht nämlich beschissen aus.

MFG Melissa

alsakrah hat folgendes geschrieben:

Reliable hat folgendes geschrieben:

So there won't be a need for a Plus 1.52 release if we do the following update you posted Stefan...

Cool Smile

New version of plus was released ====. phpBB2 plus 1.52

It is very cool and you can read more about the new released from here

http://www.phpbb2.de/viewtopic.php?t=14476

Good luck for all

Bummer!

Das liegt am Aufbau der Releasenummern. Mal kurz zur Erklärung:

X.Y.Z

X = Main Release
Y = Core Code
Z = Releases

Somit wäre ein 2.1.0 ein neues phpBB, was intern weniger mit dem 2.0.x zu tun hätte. Es ist ja auch ein 2.2.x in Arbeit, was irgendwann diesen Sommer veröffentlicht werden sollte.

Daher ein 2.0.10 und nicht 2.1.0.

phpBB2.de User Anmeldungsdatum: 06.08.2002 Beiträge: 1628 Wohnort: Hannover

Nach dem Update bekomme ich folgende Fehlermeldung beim ÄNDERN eines Eintrages:

Zitat:

Error in posting

DEBUG MODE

SQL Error : 1064 You have an error in your SQL syntax near 'WHERE topic_id = 183' at line 1

UPDATE phpbb_topics SET topic_title = 'Åkerman 1400', topic_type = 0 , k_id= WHERE topic_id = 183

Line : 266
File : /customers/gremminger.se/gremminger.se/httpd.www/service/forum/includes/functions_post.php

Woran kann das liegen?

/Holger

Zitat:

UPDATE phpbb_topics SET topic_title = 'Åkerman 1400', topic_type = 0 , k_id= WHERE topic_id = 183

Die Variable für "k_id" fehlt. Vielleicht ein Fehler beim Eingeben des Posts...

phpBB2.de User Anmeldungsdatum: 06.08.2002 Beiträge: 1628 Wohnort: Hannover

Oh-oh ... da dämmert mir was ... ich habe den Categories MOD installiert Sad

In der functions_post.php wurden Änderungen für die Version 2.0.9 vorgenommen!
Was muss ich ändern, um das wieder hinzubekommen?

Embarassed

Code:

<?php
/***************************************************************************
* functions_post.php
* -------------------
* begin : Saturday, Feb 13, 2001
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
* $Id: functions_post.php,v 1.9.2.34 2003/06/09 15:45:10 psotfx Exp $
*
*
***************************************************************************/

/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/

if (!defined('IN_PHPBB'))
{
die('Hacking attempt');
}

$html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#');
$html_entities_replace = array('&', '<', '>');

$unhtml_specialchars_match = array('#>#', '#<#', '#"#', '#&#');
$unhtml_specialchars_replace = array('>', '<', '"', '&');

// BEGIN Quiz Hack
if ( defined('FUNCTIONS_POST_INCLUDED') )
{
return;
}
define('FUNCTIONS_POST_INCLUDED', true);
// END Quiz Hack

//
// This function will prepare a posted message for
// entry into the database.
//
function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid = 0)
{
global $board_config, $html_entities_match, $html_entities_replace;

//
// Clean up the message
//
$message = trim($message);

if ($html_on)
{
 $allowed_html_tags = split(',', $board_config['allow_html_tags']);

 $end_html = 0;
 $start_html = 1;
 $tmp_message = '';
 $message = ' ' . $message . ' ';

 while ($start_html = strpos($message, '<', $start_html))
 {
 $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1, ($start_html - $end_html - 1)));

 if ($end_html = strpos($message, '>', $start_html))
 {
 $length = $end_html - $start_html + 1;
 $hold_string = substr($message, $start_html, $length);

 if (($unclosed_open = strrpos(' ' . $hold_string, '<')) != 1)
 {
 $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($hold_string, 0, $unclosed_open - 1));
 $hold_string = substr($hold_string, $unclosed_open - 1);
 }

 $tagallowed = false;
 for ($i = 0; $i < sizeof($allowed_html_tags); $i++)
 {
 $match_tag = trim($allowed_html_tags[$i]);
 if (preg_match('#^<\/?' . $match_tag . '[> ]#i', $hold_string))
 {
 $tagallowed = (preg_match('#^<\/?' . $match_tag . ' .*?(style[ ]*?=|on[\w]+[ ]*?=)#i', $hold_string)) ? false : true;
 }
 }

 $tmp_message .= ($length && !$tagallowed) ? preg_replace($html_entities_match, $html_entities_replace, $hold_string) : $hold_string;

 $start_html += $length;
 }
 else
 {
 $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $start_html, strlen($message)));

 $start_html = strlen($message);
 $end_html = $start_html;
 }
 }

 if ($end_html != strlen($message) && $tmp_message != '')
 {
 $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1));
 }

 $message = ($tmp_message != '') ? trim($tmp_message) : trim($message);
}
else
{
 $message = preg_replace($html_entities_match, $html_entities_replace, $message);
}

if($bbcode_on && $bbcode_uid != '')
{
 $message = bbencode_first_pass($message, $bbcode_uid);
}

return $message;
}

function unprepare_message($message)
{
global $unhtml_specialchars_match, $unhtml_specialchars_replace;

return preg_replace($unhtml_specialchars_match, $unhtml_specialchars_replace, $message);
}

//
// Prepare a message for posting
//
function prepare_post(&$mode, &$post_data, &$bbcode_on, &$html_on, &$smilies_on, &$error_msg, &$username, &$bbcode_uid, &$subject, &$message, &$poll_title, &$poll_options, &$poll_length)
{
global $board_config, $userdata, $lang, $phpEx, $phpbb_root_path;

// Check username
if (!empty($username))
{
 $username = trim(strip_tags($username));

 if (!$userdata['session_logged_in'] || ($userdata['session_logged_in'] && $username != $userdata['username']))
 {
 include($phpbb_root_path . 'includes/functions_validate.'.$phpEx);

 $result = validate_username($username);
 if ($result['error'])
 {
 $error_msg .= (!empty($error_msg)) ? ' ' . $result['error_msg'] : $result['error_msg'];
 }
 }
 else
 {
 $username = '';
 }
}

// Check subject
if (!empty($subject))
{
 $subject = htmlspecialchars(trim($subject));
}
else if ($mode == 'newtopic' || ($mode == 'editpost' && $post_data['first_post']))
{
 $error_msg .= (!empty($error_msg)) ? ' ' . $lang['Empty_subject'] : $lang['Empty_subject'];
}

// Check message
if (!empty($message))
{
 $bbcode_uid = ($bbcode_on) ? make_bbcode_uid() : '';
 $message = prepare_message(trim($message), $html_on, $bbcode_on, $smilies_on, $bbcode_uid);
}
else if ($mode != 'delete' && $mode != 'polldelete' && empty($post_data['quiz_answer'])) // ADDED && empty($post_data['quiz_answer']) BY Quiz Hack
{
 $error_msg .= (!empty($error_msg)) ? ' ' . $lang['Empty_message'] : $lang['Empty_message'];
}

//
// Handle poll stuff
//
if ($mode == 'newtopic' || ($mode == 'editpost' && $post_data['first_post']))
{
 $poll_length = (isset($poll_length)) ? max(0, intval($poll_length)) : 0;

 if (!empty($poll_title))
 {
 $poll_title = htmlspecialchars(trim($poll_title));
 }

 if(!empty($poll_options))
 {
 $temp_option_text = array();
 while(list($option_id, $option_text) = @each($poll_options))
 {
 $option_text = trim($option_text);
 if (!empty($option_text))
 {
 $temp_option_text[$option_id] = htmlspecialchars($option_text);
 }
 }
 $option_text = $temp_option_text;

 if (count($poll_options) < 2)
 {
 $error_msg .= (!empty($error_msg)) ? ' ' . $lang['To_few_poll_options'] : $lang['To_few_poll_options'];
 }
 else if (count($poll_options) > $board_config['max_poll_options'])
 {
 $error_msg .= (!empty($error_msg)) ? ' ' . $lang['To_many_poll_options'] : $lang['To_many_poll_options'];
 }
 else if ($poll_title == '')
 {
 $error_msg .= (!empty($error_msg)) ? ' ' . $lang['Empty_poll_title'] : $lang['Empty_poll_title'];
 }
 }
}

return;
}

//
// Post a new topic/reply/poll or edit existing post/poll
//
function submit_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_id, &$post_id, &$poll_id, &$topic_type, &$bbcode_on, &$html_on, &$smilies_on, &$attach_sig, &$bbcode_uid, &$post_username, &$post_subject, &$post_message, &$poll_title, &$poll_options, &$poll_length, &$k_id)
{
global $board_config, $lang, $db, $phpbb_root_path, $phpEx;
global $userdata, $user_ip;

include($phpbb_root_path . 'includes/functions_search.'.$phpEx);

$current_time = time();

if ( !isset($post_data['flood_control_off']) && ( $mode == 'newtopic' || $mode == 'reply' || $mode == 'editpost' ) ) // ADDED ' !isset($post_data['flood_control_off']) && ( ' AND ')' BY Quiz Hack
{
 //
 // Flood control
 //
 $where_sql = ($userdata['user_id'] == ANONYMOUS) ? "poster_ip = '$user_ip'" : 'poster_id = ' . $userdata['user_id'];
 $sql = "SELECT MAX(post_time) AS last_post_time
 FROM " . POSTS_TABLE . "
 WHERE $where_sql";
 if ($result = $db->sql_query($sql))
 {
 if ($row = $db->sql_fetchrow($result))
 {
 if (intval($row['last_post_time']) > 0 && ($current_time - intval($row['last_post_time'])) < intval($board_config['flood_interval']))
 {
 message_die(GENERAL_MESSAGE, $lang['Flood_Error']);
 }
 }
 }
}

if ($mode == 'editpost')
{
 remove_search_post($post_id);
}

if ($mode == 'newtopic' || ($mode == 'editpost' && $post_data['first_post']))
{
 $topic_vote = (!empty($poll_title) && count($poll_options) >= 2) ? 1 : 0;
// ADDED , topic_quiz AND , " . ( empty($post_data['topic_quiz']) ? '0' : '1' ) . " BY Quiz Hack
 $sql = ($mode != "editpost") ? "INSERT INTO " . TOPICS_TABLE . " (topic_title, topic_poster, topic_time, forum_id, topic_status, topic_type, topic_vote, topic_quiz,k_id) VALUES ('$post_subject', " . $userdata['user_id'] . ", $current_time, $forum_id, " . TOPIC_UNLOCKED . ", $topic_type, $topic_vote, " . ( empty($post_data['topic_quiz']) ? '0' : '1' ) . ", '". $k_id ."' )" : "UPDATE " . TOPICS_TABLE . " SET topic_title = '$post_subject', topic_type = $topic_type " . (($post_data['edit_vote'] || !empty($poll_title)) ? ", topic_vote = " . $topic_vote : "") . ", k_id=$k_id WHERE topic_id = $topic_id";
 if (!$db->sql_query($sql))
 {
 message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
 }

 if ($mode == 'newtopic')
 {
 $topic_id = $db->sql_nextid();
 }
}

$edited_sql = ($mode == 'editpost' && !$post_data['last_post'] && $post_data['poster_post']) ? ", post_edit_time = $current_time, post_edit_count = post_edit_count + 1 " : "";
$sql = ($mode != "editpost") ? "INSERT INTO " . POSTS_TABLE . " (topic_id, forum_id, poster_id, post_username, post_time, poster_ip, enable_bbcode, enable_html, enable_smilies, enable_sig) VALUES ($topic_id, $forum_id, " . $userdata['user_id'] . ", '$post_username', $current_time, '$user_ip', $bbcode_on, $html_on, $smilies_on, $attach_sig)" : "UPDATE " . POSTS_TABLE . " SET post_username = '$post_username', enable_bbcode = $bbcode_on, enable_html = $html_on, enable_smilies = $smilies_on, enable_sig = $attach_sig" . $edited_sql . " WHERE post_id = $post_id";
if (!$db->sql_query($sql, BEGIN_TRANSACTION))
{
 message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
}

if ($mode != 'editpost')
{
 $post_id = $db->sql_nextid();
}
// ADDED , quiz_answer AND , '" . ( empty($post_data['quiz_answer']) ? '' : $post_data['quiz_answer'] ) . "' BY Quiz Hack
$sql = ($mode != 'editpost') ? "INSERT INTO " . POSTS_TEXT_TABLE . " (post_id, post_subject, bbcode_uid, post_text, quiz_answer) VALUES ($post_id, '$post_subject', '$bbcode_uid', '$post_message', '" . ( empty($post_data['quiz_answer']) ? '' : $post_data['quiz_answer'] ) . "')" : "UPDATE " . POSTS_TEXT_TABLE . " SET post_text = '$post_message', bbcode_uid = '$bbcode_uid', post_subject = '$post_subject' WHERE post_id = $post_id";
if (!$db->sql_query($sql))
{
 message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
}

add_search_words('single', $post_id, stripslashes($post_message), stripslashes($post_subject));

//
// Add poll
//
if (($mode == 'newtopic' || ($mode == 'editpost' && $post_data['edit_poll'])) && !empty($poll_title) && count($poll_options) >= 2)
{
 $sql = (!$post_data['has_poll']) ? "INSERT INTO " . VOTE_DESC_TABLE . " (topic_id, vote_text, vote_start, vote_length) VALUES ($topic_id, '$poll_title', $current_time, " . ($poll_length * 86400) . ")" : "UPDATE " . VOTE_DESC_TABLE . " SET vote_text = '$poll_title', vote_length = " . ($poll_length * 86400) . " WHERE topic_id = $topic_id";
 if (!$db->sql_query($sql))
 {
 message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
 }

 $delete_option_sql = '';
 $old_poll_result = array();
 if ($mode == 'editpost' && $post_data['has_poll'])
 {
 $sql = "SELECT vote_option_id, vote_result
 FROM " . VOTE_RESULTS_TABLE . "
 WHERE vote_id = $poll_id
 ORDER BY vote_option_id ASC";
 if (!($result = $db->sql_query($sql)))
 {
 message_die(GENERAL_ERROR, 'Could not obtain vote data results for this topic', '', __LINE__, __FILE__, $sql);
 }

 while ($row = $db->sql_fetchrow($result))
 {
 $old_poll_result[$row['vote_option_id']] = $row['vote_result'];

 if (!isset($poll_options[$row['vote_option_id']]))
 {
 $delete_option_sql .= ($delete_option_sql != '') ? ', ' . $row['vote_option_id'] : $row['vote_option_id'];
 }
 }
 }
 else
 {
 $poll_id = $db->sql_nextid();
 }

 @reset($poll_options);

 $poll_option_id = 1;
 while (list($option_id, $option_text) = each($poll_options))
 {
 if (!empty($option_text))
 {
 $option_text = str_replace("\'", "''", htmlspecialchars($option_text));
 $poll_result = ($mode == "editpost" && isset($old_poll_result[$option_id])) ? $old_poll_result[$option_id] : 0;

 $sql = ($mode != "editpost" || !isset($old_poll_result[$option_id])) ? "INSERT INTO " . VOTE_RESULTS_TABLE . " (vote_id, vote_option_id, vote_option_text, vote_result) VALUES ($poll_id, $poll_option_id, '$option_text', $poll_result)" : "UPDATE " . VOTE_RESULTS_TABLE . " SET vote_option_text = '$option_text', vote_result = $poll_result WHERE vote_option_id = $option_id AND vote_id = $poll_id";
 if (!$db->sql_query($sql))
 {
 message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
 }
 $poll_option_id++;
 }
 }

 if ($delete_option_sql != '')
 {
 $sql = "DELETE FROM " . VOTE_RESULTS_TABLE . "
 WHERE vote_option_id IN ($delete_option_sql)
 AND vote_id = $poll_id";
 if (!$db->sql_query($sql))
 {
 message_die(GENERAL_ERROR, 'Error deleting pruned poll options', '', __LINE__, __FILE__, $sql);
 }
 }
}

$meta = '<meta http-equiv="refresh" content="3;url=' . append_sid("viewtopic.$phpEx?" . POST_POST_URL . "=" . $post_id) . '#' . $post_id . '">';
$message = $lang['Stored'] . ' ' . sprintf($lang['Click_view_message'], '<a href="' . append_sid("viewtopic.$phpEx?" . POST_POST_URL . "=" . $post_id) . '#' . $post_id . '">', '</a>') . ' ' . sprintf($lang['Click_return_forum'], '<a href="' . append_sid("viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id") . '">', '</a>');

return false;
}

//
// Update post stats and details
//
function update_post_stats(&$mode, &$post_data, &$forum_id, &$topic_id, &$post_id, &$user_id)
{
global $db;

$sign = ($mode == 'delete') ? '- 1' : '+ 1';
$forum_update_sql = "forum_posts = forum_posts $sign";
$topic_update_sql = '';

if ($mode == 'delete')
{
 if ($post_data['last_post'])
 {
 if ($post_data['first_post'])
 {
 $forum_update_sql .= ', forum_topics = forum_topics - 1';
 }
 else
 {

 $topic_update_sql .= 'topic_replies = topic_replies - 1';

 $sql = "SELECT MAX(post_id) AS last_post_id
 FROM " . POSTS_TABLE . "
 WHERE topic_id = $topic_id";
 if (!($result = $db->sql_query($sql)))
 {
 message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
 }

 if ($row = $db->sql_fetchrow($result))
 {
 $topic_update_sql .= ', topic_last_post_id = ' . $row['last_post_id'];
 }
 }

 if ($post_data['last_topic'])
 {
 $sql = "SELECT MAX(post_id) AS last_post_id
 FROM " . POSTS_TABLE . "
 WHERE forum_id = $forum_id";
 if (!($result = $db->sql_query($sql)))
 {
 message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
 }

 if ($row = $db->sql_fetchrow($result))
 {
 $forum_update_sql .= ($row['last_post_id']) ? ', forum_last_post_id = ' . $row['last_post_id'] : ', forum_last_post_id = 0';
 }
 }
 }
 else if ($post_data['first_post'])
 {
 $sql = "SELECT MIN(post_id) AS first_post_id
 FROM " . POSTS_TABLE . "
 WHERE topic_id = $topic_id";
 if (!($result = $db->sql_query($sql)))
 {
 message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
 }

 if ($row = $db->sql_fetchrow($result))
 {
 $topic_update_sql .= 'topic_replies = topic_replies - 1, topic_first_post_id = ' . $row['first_post_id'];
 }
 }
 else
 {
 $topic_update_sql .= 'topic_replies = topic_replies - 1';
 }
}
else if ($mode != 'poll_delete')
{
 $forum_update_sql .= ", forum_last_post_id = $post_id" . (($mode == 'newtopic') ? ", forum_topics = forum_topics $sign" : "");
 $topic_update_sql = "topic_last_post_id = $post_id" . (($mode == 'reply') ? ", topic_replies = topic_replies $sign" : ", topic_first_post_id = $post_id");
}
else
{
 $topic_update_sql .= 'topic_vote = 0';
}

$sql = "UPDATE " . FORUMS_TABLE . " SET
 $forum_update_sql
 WHERE forum_id = $forum_id";
if (!$db->sql_query($sql))
{
 message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
}

if ($topic_update_sql != '')
{
 $sql = "UPDATE " . TOPICS_TABLE . " SET
 $topic_update_sql
 WHERE topic_id = $topic_id";
 if (!$db->sql_query($sql))
 {
 message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
 }
}

if ($mode != 'poll_delete')
{
 $sql = "UPDATE " . USERS_TABLE . "
 SET user_posts = user_posts $sign
 WHERE user_id = $user_id";
 if (!$db->sql_query($sql, END_TRANSACTION))
 {
 message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
 }
}

return;
}

//
// Delete a post/poll
//
function delete_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_id, &$post_id, &$poll_id)
{
global $board_config, $lang, $db, $phpbb_root_path, $phpEx;
global $userdata, $user_ip;

if ($mode != 'poll_delete')
{
 include($phpbb_root_path . 'includes/functions_search.'.$phpEx);

 $sql = "DELETE FROM " . POSTS_TABLE . "
 WHERE post_id = $post_id";
 if (!$db->sql_query($sql))
 {
 message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
 }

 $sql = "DELETE FROM " . POSTS_TEXT_TABLE . "
 WHERE post_id = $post_id";
 if (!$db->sql_query($sql))
 {
 message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
 }

 if ($post_data['last_post'])
 {
 if ($post_data['first_post'])
 {
 $forum_update_sql .= ', forum_topics = forum_topics - 1';
 $sql = "DELETE FROM " . TOPICS_TABLE . "
 WHERE topic_id = $topic_id
 OR topic_moved_id = $topic_id";
 if (!$db->sql_query($sql))
 {
 message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
 }

 $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . "
 WHERE topic_id = $topic_id";
 if (!$db->sql_query($sql))
 {
 message_die(GENERAL_ERROR, 'Error in deleting post', '', __LINE__, __FILE__, $sql);
 }
 // BEGIN Quiz Hack
 if ( $post_data['topic_quiz'] )
 {
 $sql = "UPDATE " . QUIZ_TABLE . "
 SET quiz_status = 4, quiz_topic_id = 0
 WHERE quiz_topic_id = $topic_id";
 if ( !$db->sql_query($sql) )
 {
 message_die(GENERAL_ERROR, 'Could not update quiz status', '', __LINE__, __FILE__, $sql);
 }
 $sql = "DELETE FROM " . QUIZ_ANSWER_TABLE . "
 WHERE topic_id = $topic_id";
 if ( !$db->sql_query($sql) )
 {
 message_die(GENERAL_ERROR, 'Could not update quiz answer table', '', __LINE__, __FILE__, $sql);
 }
 }
 // END Quiz Hack
 }
 }

 remove_search_post($post_id);
}

if ($mode == 'poll_delete' || ($mode == 'delete' && $post_data['first_post'] && $post_data['last_post']) && $post_data['has_poll'] && $post_data['edit_poll'])
{
 $sql = "DELETE FROM " . VOTE_DESC_TABLE . "
 WHERE topic_id = $topic_id";
 if (!$db->sql_query($sql))
 {
 message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql);
 }

 $sql = "DELETE FROM " . VOTE_RESULTS_TABLE . "
 WHERE vote_id = $poll_id";
 if (!$db->sql_query($sql))
 {
 message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql);
 }

 $sql = "DELETE FROM " . VOTE_USERS_TABLE . "
 WHERE vote_id = $poll_id";
 if (!$db->sql_query($sql))
 {
 message_die(GENERAL_ERROR, 'Error in deleting poll', '', __LINE__, __FILE__, $sql);
 }
}

if ($mode == 'delete' && $post_data['first_post'] && $post_data['last_post'])
{
 $meta = '<meta http-equiv="refresh" content="3;url=' . append_sid("viewforum.$phpEx?" . POST_FORUM_URL . '=' . $forum_id) . '">';
 $message = $lang['Deleted'];
}
else
{
 $meta = '<meta http-equiv="refresh" content="3;url=' . append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . '=' . $topic_id) . '">';
 $message = (($mode == 'poll_delete') ? $lang['Poll_delete'] : $lang['Deleted']) . ' ' . sprintf($lang['Click_return_topic'], '<a href="' . append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id") . '">', '</a>');
}

$message .= ' ' . sprintf($lang['Click_return_forum'], '<a href="' . append_sid("viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id") . '">', '</a>');

return;
}

//
// Handle user notification on new post
//
function user_notification($mode, &$post_data, &$topic_title, &$forum_id, &$topic_id, &$post_id, &$notify_user)
{
global $board_config, $lang, $db, $phpbb_root_path, $phpEx;
global $userdata, $user_ip;

$current_time = time();

if ($mode == 'delete')
{
 $delete_sql = (!$post_data['first_post'] && !$post_data['last_post']) ? " AND user_id = " . $userdata['user_id'] : '';
 $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . " WHERE topic_id = $topic_id" . $delete_sql;
 if (!$db->sql_query($sql))
 {
 message_die(GENERAL_ERROR, 'Could not change topic notify data', '', __LINE__, __FILE__, $sql);
 }
}
else
{
 if ($mode == 'reply')
 {
 $sql = "SELECT ban_userid
 FROM " . BANLIST_TABLE;
 if (!($result = $db->sql_query($sql)))
 {
 message_die(GENERAL_ERROR, 'Could not obtain banlist', '', __LINE__, __FILE__, $sql);
 }

 $user_id_sql = '';
 while ($row = $db->sql_fetchrow($result))
 {
 if (isset($row['ban_userid']) && !empty($row['ban_userid']))
 {
 $user_id_sql .= ', ' . $row['ban_userid'];
 }
 }

 $sql = "SELECT u.user_id, u.user_email, u.user_lang
 FROM " . TOPICS_WATCH_TABLE . " tw, " . USERS_TABLE . " u
 WHERE tw.topic_id = $topic_id
 AND tw.user_id NOT IN (" . $userdata['user_id'] . ", " . ANONYMOUS . $user_id_sql . ")
 AND tw.notify_status = " . TOPIC_WATCH_UN_NOTIFIED . "
 AND u.user_id = tw.user_id";
 if (!($result = $db->sql_query($sql)))
 {
 message_die(GENERAL_ERROR, 'Could not obtain list of topic watchers', '', __LINE__, __FILE__, $sql);
 }

 $update_watched_sql = '';
 $bcc_list_ary = array();

 if ($row = $db->sql_fetchrow($result))
 {
 // Sixty second limit
 @set_time_limit(60);

 do
 {
 if ($row['user_email'] != '')
 {
 $bcc_list_ary[$row['user_lang']][] = $row['user_email'];
 }
 $update_watched_sql .= ($update_watched_sql != '') ? ', ' . $row['user_id'] : $row['user_id'];
 }
 while ($row = $db->sql_fetchrow($result));

 //
 // Let's do some checking to make sure that mass mail functions
 // are working in win32 versions of php.
 //
 if (preg_match('/[c-z]:\\\.*/i', getenv('PATH')) && !$board_config['smtp_delivery'])
 {
 $ini_val = (@phpversion() >= '4.0.0') ? 'ini_get' : 'get_cfg_var';

 // We are running on windows, force delivery to use our smtp functions
 // since php's are broken by default
 $board_config['smtp_delivery'] = 1;
 $board_config['smtp_host'] = @$ini_val('SMTP');
 }

 if (sizeof($bcc_list_ary))
 {
 include($phpbb_root_path . 'includes/emailer.'.$phpEx);
 $emailer = new emailer($board_config['smtp_delivery']);

 $script_name = preg_replace('/^\/?(.*?)\/?$/', '\1', trim($board_config['script_path']));
 $script_name = ($script_name != '') ? $script_name . '/viewtopic.'.$phpEx : 'viewtopic.'.$phpEx;
 $server_name = trim($board_config['server_name']);
 $server_protocol = ($board_config['cookie_secure']) ? 'https://' : 'http://';
 $server_port = ($board_config['server_port'] <> 80) ? ':' . trim($board_config['server_port']) . '/' : '/';

 $orig_word = array();
 $replacement_word = array();
 obtain_word_list($orig_word, $replacement_word);

 $emailer->from($board_config['board_email']);
 $emailer->replyto($board_config['board_email']);

 $topic_title = (count($orig_word)) ? preg_replace($orig_word, $replacement_word, unprepare_message($topic_title)) : unprepare_message($topic_title);

 @reset($bcc_list_ary);
 while (list($user_lang, $bcc_list) = each($bcc_list_ary))
 {
 $emailer->use_template('topic_notify', $user_lang);

 for ($i = 0; $i < count($bcc_list); $i++)
 {
 $emailer->bcc($bcc_list[$i]);
 }

 // The Topic_reply_notification lang string below will be used
 // if for some reason the mail template subject cannot be read
 // ... note it will not necessarily be in the posters own language!
 $emailer->set_subject($lang['Topic_reply_notification']);

 // This is a nasty kludge to remove the username var ... till (if?)
 // translators update their templates
 $emailer->msg = preg_replace('#[ ]?{USERNAME}#', '', $emailer->msg);

 $emailer->assign_vars(array(
 'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace(' ', "\n", "-- \n" . $board_config['board_email_sig']) : '',
 'SITENAME' => $board_config['sitename'],
 'TOPIC_TITLE' => $topic_title,

 'U_TOPIC' => $server_protocol . $server_name . $server_port . $script_name . '?' . POST_POST_URL . "=$post_id#$post_id",
 'U_STOP_WATCHING_TOPIC' => $server_protocol . $server_name . $server_port . $script_name . '?' . POST_TOPIC_URL . "=$topic_id&unwatch=topic")
 );

 $emailer->send();
 $emailer->reset();
 }
 }
 }
 $db->sql_freeresult($result);

 if ($update_watched_sql != '')
 {
 $sql = "UPDATE " . TOPICS_WATCH_TABLE . "
 SET notify_status = " . TOPIC_WATCH_NOTIFIED . "
 WHERE topic_id = $topic_id
 AND user_id IN ($update_watched_sql)";
 $db->sql_query($sql);
 }
 }

 $sql = "SELECT topic_id
 FROM " . TOPICS_WATCH_TABLE . "
 WHERE topic_id = $topic_id
 AND user_id = " . $userdata['user_id'];
 if (!($result = $db->sql_query($sql)))
 {
 message_die(GENERAL_ERROR, 'Could not obtain topic watch information', '', __LINE__, __FILE__, $sql);
 }

 $row = $db->sql_fetchrow($result);

 if (!$notify_user && !empty($row['topic_id']))
 {
 $sql = "DELETE FROM " . TOPICS_WATCH_TABLE . "
 WHERE topic_id = $topic_id
 AND user_id = " . $userdata['user_id'];
 if (!$db->sql_query($sql))
 {
 message_die(GENERAL_ERROR, 'Could not delete topic watch information', '', __LINE__, __FILE__, $sql);
 }
 }
 else if ($notify_user && empty($row['topic_id']))
 {
 $sql = "INSERT INTO " . TOPICS_WATCH_TABLE . " (user_id, topic_id, notify_status)
 VALUES (" . $userdata['user_id'] . ", $topic_id, 0)";
 if (!$db->sql_query($sql))
 {
 message_die(GENERAL_ERROR, 'Could not insert topic watch information', '', __LINE__, __FILE__, $sql);
 }
 }
}
}

//
// Fill smiley templates (or just the variables) with smileys
// Either in a window or inline
//
function generate_smilies($mode, $page_id)
{
global $db, $board_config, $template, $lang, $images, $theme, $phpEx, $phpbb_root_path;
global $user_ip, $session_length, $starttime;
global $userdata;

$inline_columns = 4;
$inline_rows = 5;
$window_columns = 8;

if ($mode == 'window')
{
 $userdata = session_pagestart($user_ip, $page_id);
 init_userprefs($userdata);

 $gen_simple_header = TRUE;

 $page_title = $lang['Emoticons'] . " - $topic_title";
 if ( defined('IN_ADMIN') )
 {
 include('./page_header_admin.'.$phpEx);
 }
 else
 {
 include($phpbb_root_path . 'includes/page_header.'.$phpEx);
 }

 $template->set_filenames(array(
 'smiliesbody' => 'posting_smilies.tpl')
 );
}

$sql = "SELECT emoticon, code, smile_url
 FROM " . SMILIES_TABLE . "
 ORDER BY smilies_id";
if ($result = $db->sql_query($sql))
{
 $num_smilies = 0;
 $rowset = array();
 while ($row = $db->sql_fetchrow($result))
 {
 if (empty($rowset[$row['smile_url']]))
 {
 $rowset[$row['smile_url']]['code'] = str_replace("'", "\\'", str_replace('\\', '\\\\', $row['code']));
 $rowset[$row['smile_url']]['emoticon'] = $row['emoticon'];
 $num_smilies++;
 }
 }

 if ($num_smilies)
 {
 $smilies_count = ($mode == 'inline') ? min(19, $num_smilies) : $num_smilies;
 $smilies_split_row = ($mode == 'inline') ? $inline_columns - 1 : $window_columns - 1;

 $s_colspan = 0;
 $row = 0;
 $col = 0;

 while (list($smile_url, $data) = @each($rowset))
 {
 if (!$col)
 {
 $template->assign_block_vars('smilies_row', array());
 }

 $template->assign_block_vars('smilies_row.smilies_col', array(
 'SMILEY_CODE' => $data['code'],
 'SMILEY_IMG' => $board_config['smilies_path'] . '/' . $smile_url,
 'SMILEY_DESC' => $data['emoticon'])
 );

 $s_colspan = max($s_colspan, $col + 1);

 if ($col == $smilies_split_row)
 {
 if ($mode == 'inline' && $row == $inline_rows - 1)
 {
 break;
 }
 $col = 0;
 $row++;
 }
 else
 {
 $col++;
 }
 }

 if ($mode == 'inline' && $num_smilies > $inline_rows * $inline_columns)
 {
 $template->assign_block_vars('switch_smilies_extra', array());

 $template->assign_vars(array(
 'L_MORE_SMILIES' => $lang['More_emoticons'],
 'U_MORE_SMILIES' => append_sid("posting.$phpEx?mode=smilies"))
 );
 }

 $template->assign_vars(array(
 'L_EMOTICONS' => $lang['Emoticons'],
 'L_CLOSE_WINDOW' => $lang['Close_window'],
 'S_SMILIES_COLSPAN' => $s_colspan)
 );
 }
}

if ($mode == 'window')
{
 $template->pparse('smiliesbody');

 include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
}
}

?>