phpBB 2.0.21 released !

Administrator Anmeldungsdatum: 01.08.2002 Beiträge: 4735 Wohnort: Aachen

phpBB 2.0.21, "Bertie's Summer Vacation" was released today by the phpBB Group. "This release is a cumulative bug fix update, as well as including a number of minor security fixes. We have altered the visual confirmation system used on servers without zlib enabled to bring it up to the same level as that used elsewhere and made a few small performance improvements.

It is important that you carry out both parts of the update - updating the files and running the database update script - for updates to be complete.

What has changed in this release?

The changelog (contained within this release) is as follows:

[Fix] Changes to random number generator code to explicitly truncate the length of the string
[Fix] Quoting on boards with HTML enabled
[Fix] Special characters on boards with HTML enabled
[Fix] Redirect to list if cancelling deletion of ranks, smilies or word censors
[Fix] Missing error message if an inactive user tried to login (Bug #1598)
[Fix] Do not alter post counts when just removing a poll (Bug #1602)
[Fix] Correct error in removal of old session keys
[Fix] Changed filtering of short search terms
[Sec] Improved filtering on language selection (also addresses a number of bug reports related to missing languages)
[Change] Backported more efficient highlighting code from Olympus
[Change] Backported zlib emulation code so that there is only a single confirmation image even if zlib is not available

phpBB 2.0.21 Full Package
phpBB 2.0.21 Updated Files only
phpBB 2.0.21 Patch File
phpBB 2.0.21 to phpBB 2.0.21 Code Changes

phpBB2 Plus 1.53 Code Changes to 2.0.21 Code

phpBB2.de User Anmeldungsdatum: 11.03.2005 Beiträge: 229

warum gibts hier nicht gleich einen update für plus ? das hier ist doch eine plus support seite,wer einen normalen update machen will kann www.phpbb.de oder www.phpbb.com nachschauen oder verstehe ich das ganze falsch.

Und das die updates noch auf englisch sein mussen.

mfg

Will there a Plus 1.5x update?

phpBB2.de User Anmeldungsdatum: 11.10.2004 Beiträge: 88

wahrscheinlich die übliche dumme frage..aber...
kann ich den fix auch für das plus benutzen oder wird es dafür ein extra update geben?

Administrator Anmeldungsdatum: 24.03.2004 Beiträge: 4255

Zitat:

warum gibts hier nicht gleich einen update für plus ?

weil wir auch erst wissen an welchem Tag eine neue Version kommt wenn diese tatsächlich erscheint

sicher könnte man die CVS schon vorab checken aber da gibt es immer mal Änderungen was die Sache dann nur unnötig aufwändig macht

die Differenzen sind in der Plus aber nicht großartig abweichend - ja es wird ein umfangreiches Plus update geben

phpBB2.de User Anmeldungsdatum: 08.06.2006 Beiträge: 6

Mensch Leute, macht doch mal nicht so ne Panik.
Wenn ich mir man so das PlusPackage anschaue wie aufwendig das ist dauert es eben mal ein bißchen bis alle Updates eingebaut sind.

Statt gegen den Support zu wettern sollte sich lieber mal der ein- oder andere daran erinnern, das man ein wirklich hervorragendes System für lau bekommt und das hier viele Leute sehr viel Arbeit reinsetzen! Shocked

Denkt halt auch zwischendurch mal an ein Backup von Webspace und DB, dann kanns gar nicht so schlimm werden Rolling Eyes

phpBB2.de User Anmeldungsdatum: 11.10.2004 Beiträge: 88

ok..danke für die auskunft..dann wart ich nämlich ab und kämppf nicht mit dem update Wink

ps@insomnia: ich hab nicht gewettert, ich wollte nur wissen ob..auch nicht wann. aus dem einfache grund weil es eben doch viele unterschiede gibt und es da mM nach sinnvoller ist abzuwarten, ob und falls ein extra update kommt, als hektisch jetzt das normale update zurechtzubiegen..x fehler reinzumachen und sich das board zu zerschießen *g*
ps2: ich bin SEHR zufrieden mit dem phpbb2..ich hab mir sogar das handbuch gekauft Wink

phpBB2.de User Anmeldungsdatum: 08.06.2006 Beiträge: 6

@Rabe

*g* du warst auch nicht gemeint Wink

phpBB2.de User Anmeldungsdatum: 13.03.2006 Beiträge: 128

where is the Plus 1.53 Update or do i use the patch file form the 2021 and how do i apply this patch i don t understand it...Please help

phpBB2.de User Anmeldungsdatum: 27.11.2003 Beiträge: 994 Wohnort: sLOVEnia

I ask for a help with updating to 2.0.21 verison
I don't have this file!
Why?

Code:

includes/usercp_confirm.php

#
#-----[ FIND ]---------------------------------------------
# Line 64
// If we can we will generate a single filtered png else we will have to simply
// output six seperate original pngs ... first way is preferable!
if (@extension_loaded('zlib'))
{
$_png = define_filtered_pngs();

$total_width = 320;
$total_height = 50;
$img_height = 40;
$img_width = 0;
$l = 0;

list($usec, $sec) = explode(' ', microtime());
mt_srand($sec * $usec);

$char_widths = array();
for ($i = 0; $i < strlen($code); $i++)
{
 $char = $code{$i};

 $width = mt_rand(0, 4);
 $char_widths[] = $width;
 $img_width += $_png[$char]['width'] - $width;
}

$offset_x = mt_rand(0, $total_width - $img_width);
$offset_y = mt_rand(0, $total_height - $img_height);

$image = '';
$hold_chars = array();
for ($i = 0; $i < $total_height; $i++)
{
 $image .= chr(0);

 if ($i > $offset_y && $i < $offset_y + $img_height)
 {
 $j = 0;

 for ($k = 0; $k < $offset_x; $k++)
 {
 $image .= chr(mt_rand(140, 255));
 }

 for ($k = 0; $k < strlen($code); $k++)
 {
 $char = $code{$k};

 if (empty($hold_chars[$char]))
 {
 $hold_chars[$char] = explode("\n", chunk_split(base64_decode($_png[$char]['data']), $_png[$char]['width'] + 1, "\n"));
 }
 $image .= randomise(substr($hold_chars[$char][$l], 1), $char_widths[$j]);
 $j++;
 }

 for ($k = $offset_x + $img_width; $k < $total_width; $k++)
 {
 $image .= chr(mt_rand(140, 255));
 }

 $l++;
 }
 else
 {
 for ($k = 0; $k < $total_width; $k++)
 {
 $image .= chr(mt_rand(140, 255));
 }
 }

}
unset($hold);

$image = create_png(gzcompress($image), $total_width, $total_height);

// Output image
header('Content-Type: image/png');
header('Cache-control: no-cache, no-store');
echo $image;

unset($image);
unset($_png);
exit;

}
else
{
$_png = define_raw_pngs();

$c = intval($HTTP_GET_VARS['c']);
$char = substr($code, $c - 1, 1);

header('Content-Type: image/png');
header('Cache-control: no-cache, no-store');
echo base64_decode($_png[$char]);

unset($_png);
exit;
}

exit;

#
#-----[ REPLACE WITH ]---------------------------------------------
#
// We can we will generate a single filtered png
// Thanks to DavidMJ for emulating zlib within the code :)
$_png = define_filtered_pngs();

$total_width = 320;
$total_height = 50;
$img_height = 40;
$img_width = 0;
$l = 0;

list($usec, $sec) = explode(' ', microtime());
mt_srand($sec * $usec);

$char_widths = array();
for ($i = 0; $i < strlen($code); $i++)
{
$char = $code{$i};

$width = mt_rand(0, 4);
$char_widths[] = $width;
$img_width += $_png[$char]['width'] - $width;
}

$offset_x = mt_rand(0, $total_width - $img_width);
$offset_y = mt_rand(0, $total_height - $img_height);

$image = '';
$hold_chars = array();
for ($i = 0; $i < $total_height; $i++)
{
$image .= chr(0);

if ($i > $offset_y && $i < $offset_y + $img_height)
{
 $j = 0;

 for ($k = 0; $k < $offset_x; $k++)
 {
 $image .= chr(mt_rand(140, 255));
 }

 for ($k = 0; $k < strlen($code); $k++)
 {
 $char = $code{$k};

 if (empty($hold_chars[$char]))
 {
 $hold_chars[$char] = explode("\n", chunk_split(base64_decode($_png[$char]['data']), $_png[$char]['width'] + 1, "\n"));
 }
 $image .= randomise(substr($hold_chars[$char][$l], 1), $char_widths[$j]);
 $j++;
 }

 for ($k = $offset_x + $img_width; $k < $total_width; $k++)
 {
 $image .= chr(mt_rand(140, 255));
 }

 $l++;
}
else
{
 for ($k = 0; $k < $total_width; $k++)
 {
 $image .= chr(mt_rand(140, 255));
 }
}

}
unset($hold);

$image = create_png($image, $total_width, $total_height);

// Output image
header('Content-Type: image/png');
header('Cache-control: no-cache, no-store');
echo $image;

unset($image);
unset($_png);
exit;

#
#-----[ FIND ]---------------------------------------------
# Line 198
function create_png($gzimage, $width, $height)

#
#-----[ REPLACE WITH ]---------------------------------------------
#
function create_png($raw_image, $width, $height)

#
#-----[ FIND ]---------------------------------------------
# Line 202
// IDAT
$image .= png_chunk(strlen($gzimage), 'IDAT', $gzimage);

#
#-----[ REPLACE WITH ]---------------------------------------------
#

if (@extension_loaded('zlib'))
{
 $raw_image = gzcompress($raw_image);
 $length = strlen($raw_image);
}
else
{
 // The total length of this image, uncompressed, is just a calculation of pixels
 $length = ($width + 1) * $height;

 // Adler-32 hash generation
 // Optimized Adler-32 loop ported from the GNU Classpath project
 $temp_length = $length;
 $s1 = 1;
 $s2 = $index = 0;

 while ($temp_length > 0)
 {
 // We can defer the modulo operation:
 // s1 maximally grows from 65521 to 65521 + 255 * 3800
 // s2 maximally grows by 3800 * median(s1) = 2090079800 < 2^31
 $substract_value = ($temp_length < 3800) ? $temp_length : 3800;
 $temp_length -= $substract_value;

 while (--$substract_value >= 0)
 {
 $s1 += ord($raw_image[$index]);
 $s2 += $s1;

 $index++;
 }

 $s1 %= 65521;
 $s2 %= 65521;
 }
 $adler_hash = pack('N', ($s2 << 16) | $s1);

 // This is the same thing as gzcompress($raw_image, 0) but does not need zlib
 $raw_image = pack('C3v2', 0x78, 0x01, 0x01, $length, ~$length) . $raw_image . $adler_hash;

 // The Zlib header + Adler hash make us add on 11
 $length += 11;
}

// IDAT
$image .= png_chunk($length, 'IDAT', $raw_image);

in file usercp_register.php I don't have this code

Code:

includes/usercp_register.php

#
#-----[ FIND ]---------------------------------------------
# Line 989
 $code = strtoupper(str_replace('0', 'o', substr($code, 6)));

#
#-----[ REPLACE WITH ]---------------------------------------------
#
 $code = substr(str_replace('0', 'Z', strtoupper(base_convert($code, 16, 35))), 2, 6);
#-----[ FIND ]---------------------------------------------
# Line 1002
 $confirm_image = (@extension_loaded('zlib')) ? '<img src="' . append_sid("profile.$phpEx?mode=confirm&id=$confirm_id") . '" alt="" title="" />' : '<img src="' . append_sid("profile.$phpEx?mode=confirm&id=$confirm_id&c=1") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&id=$confirm_id&c=2") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&id=$confirm_id&c=3") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&id=$confirm_id&c=4") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&id=$confirm_id&c=5") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&id=$confirm_id&c=6") . '" alt="" title="" />';

#
#-----[ REPLACE WITH ]---------------------------------------------
#
 $confirm_image = '<img src="' . append_sid("profile.$phpEx?mode=confirm&id=$confirm_id") . '" alt="" title="" />';

in login.php I don't have this code, because of protect user account mod.

Code:

login.php

#
#-----[ FIND ]---------------------------------------------
# Line 116

 $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : '';
 $redirect = str_replace('?', '&', $redirect);

 if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r"))
 {
 message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
 }

 $template->assign_vars(array(
 'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">")
 );

 $message = $lang['Error_login'] . ' ' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . ' ' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');

 message_die(GENERAL_MESSAGE, $message);
 }

#
#-----[ REPLACE WITH ]---------------------------------------------
#
 }

 $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : '';
 $redirect = str_replace('?', '&', $redirect);

 if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r"))
 {
 message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
 }

 $template->assign_vars(array(
 'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">")
 );

 $message = $lang['Error_login'] . ' ' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . ' ' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');

 message_die(GENERAL_MESSAGE, $message);

In profile.php I don't have this code

Code:

#-----[ FIND ]---------------------------------------------
# Line 60
return ( $hash ) ? md5($rand_str) : substr($rand_str, 8);

#
#-----[ REPLACE WITH ]---------------------------------------------
#
return ( $hash ) ? md5($rand_str) : substr($rand_str, 0, 8);

Administrator Anmeldungsdatum: 01.08.2002 Beiträge: 4735 Wohnort: Aachen

Manual Codechanges File is available to update the Core Code to phpBB 2.0.21. See the Announcement Post, the File is linked there !

phpBB2.de User Anmeldungsdatum: 27.11.2003 Beiträge: 994 Wohnort: sLOVEnia

stefan hat folgendes geschrieben:

Manual Codechanges File is available to update the Core Code to phpBB 2.0.21. See the Announcement Post, the File is linked there !

profile.php
and
user_register.php
still doesn't match code in it.
can you please check it.
It is on post above!

in profile.php I found only this similair

Code:

// Page specific functions
//
function gen_rand_string($hash)
{
$chars = array( 'a', 'A', 'b', 'B', 'c', 'C', 'd', 'D', 'e', 'E', 'f', 'F', 'g', 'G', 'h', 'H', 'i', 'I', 'j', 'J', 'k', 'K', 'l', 'L', 'm', 'M', 'n', 'N', 'o', 'O', 'p', 'P', 'q', 'Q', 'r', 'R', 's', 'S', 't', 'T', 'u', 'U', 'v', 'V', 'w', 'W', 'x', 'X', 'y', 'Y', 'z', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0');

$max_chars = count($chars) - 1;
srand( (double) microtime()*1000000);

$rand_str = '';
for($i = 0; $i < 8; $i++)
{
$rand_str = ( $i == 0 ) ? $chars[rand(0, $max_chars)] : $rand_str . $chars[rand(0, $max_chars)];
}

return ( $hash ) ? md5($rand_str) : $rand_str;
}
//
// End page specific functions

phpBB2.de User Anmeldungsdatum: 13.03.2006 Beiträge: 128

Yes it don't match how come, and isn't a patch available to update it like in the phpbb2 XS version, why all of this hard work? Sad

phpBB2.de User Anmeldungsdatum: 27.11.2003 Beiträge: 994 Wohnort: sLOVEnia

the code I think is fore version 1.53 and not for 1.52.
But the problem is only in 3 files
and 1 is missing

Administrator Anmeldungsdatum: 24.03.2004 Beiträge: 4255

in 1.52 visual confirm of phpBB is not avalible so
includes/usercp_confirm.php, includes/usercp_register.php and profile.php was nothing to do

login.php can be a litte be different to 1.53
but if you cannot find the part, post youre login.php please and i take a look what the canges for you