phpBB 2.0.11 released

Website announcements.

Moderator: Moderators

phpBB 2.0.11 released

Postby Krisiun on Fri Nov 19, 2004 3:22 am

The phpBB Group has been released the newest version of the phpBB, the 2.0.11 with small number of modifications. This fixes a number of issues, introduces visual confirmation as standard and addresses a potentially serious exploit. We encourage everyone to update as soon as possible. We also encourage any hosting providers out there to contact and/or update users copies of phpBB to this latest version. Please spread news of this release far and wide.

Here is the changelog:

Changes since 2.0.10
  • Fixed unsetting global vars - Matt Kavanagh
  • Fixed XSS vulnerability in username handling - AnthraX101
  • Fixed not confirmed sql injection in username handling - warmth
  • Added check for empty topic id in topic_review function
  • Added visual confirmation mod to code base


Are available three different packages of the phpBB 2.0.11:
  • Full Package
    Contains entire phpBB2 source and English language package
  • Changed Files Only
    Contains only those files changed from previous versions of phpBB. Please note this archive contains changed files for each previous release
  • Patch Files
    Contains patch compatible patches from the previous versions of phpBB.

For copy some of them packages CLICK HERE.

For manual Update Instructions to upgrade from 2.0.10 to 2.0.11, look this MOD:

:arrow: http://www.phpbb.com/phpBB/viewtopic.php?t=240611


More informations:

:arrow: http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=240636

Thanks.
[span style="color: red; font-weight: bold"]Krisiun[/span]
phpBB Brasil
http://www.phpbbrasil.com.br
krisiun@phpbbrasil.com.br
Krisiun
Registered User
Registered User
 
Posts: 99
Joined: Sun Oct 24, 2004 5:18 pm

Postby PostBot on Sat Nov 20, 2004 10:19 pm

phpBB 2.0.10 to phpBB 2.0.11 Code Changes


This post is based on phpbb_2.0.10_to_2.0.11_bbcode.txt by Acyd Burn


These are the Changes from phpBB 2.0.10 to phpBB 2.0.11 summed up into a little Mod. This might be very helpful if you want to update your Board and have installed a bunch of Mods. Then it's normally easier to apply the Code Changes than to install all Mods again.

When you find a 'AFTER, ADD'-Statement, the Code have to be added after the last line quoted in the 'FIND'-Statement.
When you find a 'BEFORE, ADD'-Statement, the Code have to be added before the first line quoted in the 'FIND'-Statement.
When you find a 'REPLACE WITH'-Statement, the Code quoted in the 'FIND'-Statement have to be replaced completely with the quoted Code in the 'REPLACE WITH'-Statement.
When you find a 'DELETE'-Statement, the Code have to be deleted.

After you have finished this tutorial, you have to upload the update_to_2011.php file, execute it and then delete it from your webspace.

Ok, lets start:

The first step to do, is to upload the new file usercp_confirm.php to your includes folder:

copy usercp_confirm.php to includes/usercp_confirm.php


The two files can be found within the phpBB Archive itself.


admin/admin_board.php
  • FIND - Line 97
    [code start="97" files="admin/admin_board.php"]$activation_user = ( $new['require_activation'] == USER_ACTIVATION_SELF ) ? "checked=\"checked\"" : "";
    $activation_admin = ( $new['require_activation'] == USER_ACTIVATION_ADMIN ) ? "checked=\"checked\"" : "";[/code]

    AFTER, ADD
    [code start="99" files="admin/admin_board.php"]$confirm_yes = ($new['enable_confirm']) ? 'checked="checked"' : '';
    $confirm_no = (!$new['enable_confirm']) ? 'checked="checked"' : '';[/code]
  • FIND - Line 162
    [code start="162" files="admin/admin_board.php"] "L_NONE" => $lang['Acc_None'],
    "L_USER" => $lang['Acc_User'],
    "L_ADMIN" => $lang['Acc_Admin'],[/code]

    AFTER, ADD
    [code start="165" files="admin/admin_board.php"] "L_VISUAL_CONFIRM" => $lang['Visual_confirm'],
    "L_VISUAL_CONFIRM_EXPLAIN" => $lang['Visual_confirm_explain'], [/code]
common.php
  1. FIND - Line 28
    [code start="28" file="common.php"]function unset_vars(&$var)
    {
    while (list($var_name, $null) = @each($var))
    {
    unset($GLOBALS[$var_name]);
    }
    return;
    }

    //
    error_reporting (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables
    set_magic_quotes_runtime(0); // Disable magic_quotes_runtime

    $ini_val = (@phpversion() >= '4.0.0') ? 'ini_get' : 'get_cfg_var';

    // Unset globally registered vars - PHP5 ... hhmmm
    if (@$ini_val('register_globals') == '1' || strtolower(@$ini_val('register_globals')) == 'on')
    {
    $var_prefix = 'HTTP';
    $var_suffix = '_VARS';

    $test = array('_GET', '_POST', '_SERVER', '_COOKIE', '_ENV');

    foreach ($test as $var)
    {
    if (is_array(${$var_prefix . $var . $var_suffix}))
    {
    unset_vars(${$var_prefix . $var . $var_suffix});
    @reset(${$var_prefix . $var . $var_suffix});
    }

    if (is_array(${$var}))
    {
    unset_vars(${$var});
    @reset(${$var});
    }
    }

    if (is_array(${'_FILES'}))
    {
    unset_vars(${'_FILES'});
    @reset(${'_FILES'});
    }

    if (is_array(${'HTTP_POST_FILES'}))
    {
    unset_vars(${'HTTP_POST_FILES'});
    @reset(${'HTTP_POST_FILES'});
    }
    }

    // PHP5 with register_long_arrays off?
    if (!isset($HTTP_POST_VARS) && isset($_POST))
    {
    $HTTP_POST_VARS = $_POST;
    $HTTP_GET_VARS = $_GET;
    $HTTP_SERVER_VARS = $_SERVER;
    $HTTP_COOKIE_VARS = $_COOKIE;
    $HTTP_ENV_VARS = $_ENV;
    $HTTP_POST_FILES = $_FILES;
    [/code]

    REPLACE WITH
    [code start="28" file="common.php"]error_reporting (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables
    set_magic_quotes_runtime(0); // Disable magic_quotes_runtime

    // The following code (unsetting globals) was contributed by Matt Kavanagh

    // PHP5 with register_long_arrays off?
    if (!isset($HTTP_POST_VARS) && isset($_POST))
    {
    $HTTP_POST_VARS = $_POST;
    $HTTP_GET_VARS = $_GET;
    $HTTP_SERVER_VARS = $_SERVER;
    $HTTP_COOKIE_VARS = $_COOKIE;
    $HTTP_ENV_VARS = $_ENV;
    $HTTP_POST_FILES = $_FILES;

    // _SESSION is the only superglobal which is conditionally set
    if (isset($_SESSION))
    {
    $HTTP_SESSION_VARS = $_SESSION;
    }
    }

    if (@phpversion() < '4.0.0')
    {
    // PHP3 path; in PHP3, globals are _always_ registered

    // We 'flip' the array of variables to test like this so that
    // we can validate later with isset($test[$var]) (no in_array())
    $test = array('HTTP_GET_VARS' => NULL, 'HTTP_POST_VARS' => NULL, 'HTTP_COOKIE_VARS' => NULL, 'HTTP_SERVER_VARS' => NULL, 'HTTP_ENV_VARS' => NULL, 'HTTP_POST_FILES' => NULL);

    // Loop through each input array
    @reset($test);
    while (list($input,) = @each($test))
    {
    while (list($var,) = @each($$input))
    {
    // Validate the variable to be unset
    if (!isset($test[$var]) && $var != 'test' && $var != 'input')
    {
    unset($$var);
    }
    }
    }
    }
    else if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on')
    {
    // PHP4+ path

    // Not only will array_merge give a warning if a parameter
    // is not an array, it will actually fail. So we check if
    // HTTP_SESSION_VARS has been initialised.
    if (!isset($HTTP_SESSION_VARS))
    {
    $HTTP_SESSION_VARS = array();
    }

    // Merge all into one extremely huge array; unset
    // this later
    $input = array_merge($HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES);

    unset($input['input']);

    while (list($var,) = @each($input))
    {
    unset($$var);
    }

    unset($input);
    [/code]
groupcp.php
  1. FIND - Line 475
    [code file="groupcp.php" start="475"] $username = ( isset($HTTP_POST_VARS['username']) ) ? htmlspecialchars($HTTP_POST_VARS['username']) : '';[/code]

    REPLACE WITH
    [code file="groupcp.php" start="475"] $username = ( isset($HTTP_POST_VARS['username']) ) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';[/code]
includes/constants.php
  1. FIND - Line 150
    [code file="includes/constants.php" start="150"]// Table names[/code]

    AFTER, ADD
    [code file="includes/constants.php" start="151"]define('CONFIRM_TABLE', $table_prefix.'confirm');[/code]
includes/functions.php
  1. FIND - Line 77
    [code file="includes/functions.php" start="77"]//
    // Get Userdata, $user can be username or user_id. If force_str is true, the username will be forced.
    //[/code]

    BEFORE, ADD
    [code start="77" file="includes/functions.php"]
    // added at phpBB 2.0.11 to properly format the username
    function phpbb_clean_username($username)
    {
    $username = htmlspecialchars(rtrim(trim($username), "\\"));
    $username = substr(str_replace("\\'", "'", $username), 0, 25);
    $username = str_replace("'", "\\'", $username);

    return $username;
    }
    [/code]
  2. FIND - Line 95
    [code start="95" file="includes/functions.php"] $user = trim(htmlspecialchars($user));
    $user = substr(str_replace("\\'", "'", $user), 0, 25);
    $user = str_replace("'", "\\'", $user);[/code]

    REPLACE WITH
    [code start="95" file="includes/functions.php"] $user = phpbb_clean_username($user);[/code]
includes/functions_post.php
  1. FIND - Line 131
    [code start="131" file="includes/functions_post.php"] $username = trim(strip_tags($username));[/code]

    REPLACE WITH
    [code start="131" file="includes/functions_post.php"] $username = phpbb_clean_username($username);[/code]
includes/functions_search.php
  1. FIND - Line 438
    [code file="includes/functions_search.php" start="438"] $username_search = preg_replace('/\*/', '%', trim(strip_tags($search_match)));[/code]

    REPLACE WITH
    [code file="includes/functions_search.php" start="438"] $username_search = preg_replace('/\*/', '%', phpbb_clean_username($search_match));[/code]
  2. FIND - Line 472
    [code file="includes/functions_search.php" start="472"] 'USERNAME' => ( !empty($search_match) ) ? strip_tags($search_match) : '',[/code]

    REPLACE WITH
    [code file="includes/functions_search.php" start="472"] 'USERNAME' => (!empty($search_match)) ? phpbb_clean_username($search_match) : '',[/code]
includes/topic_review.php
  1. FIND - Line 33
    [code file="includes/topic_review.php" start="33"] if ( !isset($topic_id) )
    {
    message_die(GENERAL_MESSAGE, 'Topic_not_exist');
    }[/code]

    REPLACE WITH
    [code file="includes/topic_review.php" start="33" highlight="33"] if ( !isset($topic_id) || !$topic_id)
    {
    message_die(GENERAL_MESSAGE, 'Topic_post_not_exist');
    }[/code]
includes/usercp_register.php
  1. FIND - Line 96
    [code start="96" file="includes/usercp_register.php"] $strip_var_list = array('username' => 'username', 'email' => 'email', 'icq' => 'icq', 'aim' => 'aim', 'msn' => 'msn', 'yim' => 'yim', 'website' => 'website', 'location' => 'location', 'occupation' => 'occupation', 'interests' => 'interests');[/code]

    AFTER, ADD
    [code file="includes/usercp_register.php" start="97"] $strip_var_list['confirm_code'] = 'confirm_code';[/code]
  2. FIND - Line 253
    [code file="includes/usercp_register.php" start="253"] $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Fields_empty'];
    }
    }[/code]

    AFTER, ADD
    [code file="includes/usercp_register.php" start="256"] if ($board_config['enable_confirm'] && $mode == 'register')
    {
    if (empty($HTTP_POST_VARS['confirm_id']))
    {
    $error = TRUE;
    $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Confirm_code_wrong'];
    }
    else
    {
    $confirm_id = htmlspecialchars($HTTP_POST_VARS['confirm_id']);
    if (!preg_match('/^[A-Za-z0-9]+$/', $confirm_id))
    {
    $confirm_id = '';
    }

    $sql = 'SELECT code
    FROM ' . CONFIRM_TABLE . "
    WHERE confirm_id = '$confirm_id'
    AND session_id = '" . $userdata['session_id'] . "'";
    if (!($result = $db->sql_query($sql)))
    {
    message_die(GENERAL_ERROR, 'Could not obtain confirmation code', __LINE__, __FILE__, $sql);
    }

    if ($row = $db->sql_fetchrow($result))
    {
    if ($row['code'] != $confirm_code)
    {
    $error = TRUE;
    $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Confirm_code_wrong'];
    }
    else
    {
    $sql = 'DELETE FROM ' . CONFIRM_TABLE . "
    WHERE confirm_id = '$confirm_id'
    AND session_id = '" . $userdata['session_id'] . "'";
    if (!$db->sql_query($sql))
    {
    message_die(GENERAL_ERROR, 'Could not delete confirmation code', __LINE__, __FILE__, $sql);
    }
    }
    }
    else
    {
    $error = TRUE;
    $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Confirm_code_wrong'];
    }
    $db->sql_freeresult($result);
    }
    }[/code]
  3. FIND - Line 886
    [code start="886" file="includes/usercp_register.php"] $template->assign_block_vars('switch_namechange_disallowed', array());
    }[/code]

    AFTER, ADD
    [code start="888" file="includes/usercp_register.php"] // Visual Confirmation
    $confirm_image = '';
    if (!empty($board_config['enable_confirm']) && $mode == 'register')
    {
    $sql = 'SELECT session_id
    FROM ' . SESSIONS_TABLE;
    if (!($result = $db->sql_query($sql)))
    {
    message_die(GENERAL_ERROR, 'Could not select session data', '', __LINE__, __FILE__, $sql);
    }

    if ($row = $db->sql_fetchrow($result))
    {
    $confirm_sql = '';
    do
    {
    $confirm_sql .= (($confirm_sql != '') ? ', ' : '') . "'" . $row['session_id'] . "'";
    }
    while ($row = $db->sql_fetchrow($result));

    $sql = 'DELETE FROM ' . CONFIRM_TABLE . "
    WHERE session_id NOT IN ($confirm_sql)";
    if (!$db->sql_query($sql))
    {
    message_die(GENERAL_ERROR, 'Could not delete stale confirm data', '', __LINE__, __FILE__, $sql);
    }
    }
    $db->sql_freeresult($result);

    $sql = 'SELECT COUNT(session_id) AS attempts
    FROM ' . CONFIRM_TABLE . "
    WHERE session_id = '" . $userdata['session_id'] . "'";
    if (!($result = $db->sql_query($sql)))
    {
    message_die(GENERAL_ERROR, 'Could not obtain confirm code count', '', __LINE__, __FILE__, $sql);
    }

    if ($row = $db->sql_fetchrow($result))
    {
    if ($row['attempts'] > 3)
    {
    message_die(GENERAL_MESSAGE, $lang['Too_many_registers']);
    }
    }
    $db->sql_freeresult($result);

    $confirm_chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9');

    list($usec, $sec) = explode(' ', microtime());
    mt_srand($sec * $usec);

    $max_chars = count($confirm_chars) - 1;
    $code = '';
    for ($i = 0; $i < 6; $i++)
    {
    $code .= $confirm_chars[mt_rand(0, $max_chars)];
    }

    $confirm_id = md5(uniqid($user_ip));

    $sql = 'INSERT INTO ' . CONFIRM_TABLE . " (confirm_id, session_id, code)
    VALUES ('$confirm_id', '". $userdata['session_id'] . "', '$code')";
    if (!$db->sql_query($sql))
    {
    message_die(GENERAL_ERROR, 'Could not insert new confirm code information', '', __LINE__, __FILE__, $sql);
    }

    unset($code);

    $confirm_image = (@extension_loaded('zlib')) ? '<img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id") . '" alt="" title="" />' : '<img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id&amp;c=1") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id&amp;c=2") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id&amp;c=3") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id&amp;c=4") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id&amp;c=5") . '" alt="" title="" /><img src="' . append_sid("profile.$phpEx?mode=confirm&amp;id=$confirm_id&amp;c=6") . '" alt="" title="" />';
    $s_hidden_fields .= '<input type="hidden" name="confirm_id" value="' . $confirm_id . '" />';

    $template->assign_block_vars('switch_confirm', array());
    }[/code]
  4. FIND - Line 973
    [code file="includes/usercp_register.php" start="973"] 'NEW_PASSWORD' => $new_password,
    'PASSWORD_CONFIRM' => $password_confirm,
    'EMAIL' => $email,[/code]

    AFTER, ADD
    [code file="includes/usercp_register.php" start="976"] 'CONFIRM_IMG' => $confirm_image, [/code]
  5. FIND - Line 1067
    [code start="1067" file="includes/usercp_register.php"] 'L_PROFILE_INFO' => $lang['Profile_info'],
    'L_PROFILE_INFO_NOTICE' => $lang['Profile_info_warn'],
    'L_EMAIL_ADDRESS' => $lang['Email_address'],[/code]

    AFTER, ADD
    [code start="1070" file="includes/usercp_register.php"] 'L_CONFIRM_CODE_IMPAIRED' => sprintf($lang['Confirm_code_impaired'], '<a href="mailto:' . $board_config['board_email'] . '">', '</a>'),
    'L_CONFIRM_CODE' => $lang['Confirm_code'],
    'L_CONFIRM_CODE_EXPLAIN' => $lang['Confirm_code_explain'],[/code]
includes/usercp_sendpasswd.php
  1. FIND - Line 32
    [code start="32" file="includes/usercp_sendpasswd.php"] $username = ( !empty($HTTP_POST_VARS['username']) ) ? trim(strip_tags($HTTP_POST_VARS['username'])) : '';
    [/code]

    REPLACE WITH
    [code start="32" file="includes/usercp_sendpasswd.php"] $username = ( !empty($HTTP_POST_VARS['username']) ) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';[/code]
includes/usercp_viewprofile.php
  1. FIND - Line 169
    [code start="169" file="includes/usercp_viewprofile.php"]$page_title = $lang['Viewing_profile'];
    include($phpbb_root_path . 'includes/page_header.'.$phpEx);[/code]

    AFTER, ADD
    [code start="171" file="includes/usercp_viewprofile.php"]if (function_exists('get_html_translation_table'))
    {
    $u_search_author = urlencode(strtr($profiledata['username'], array_flip(get_html_translation_table(HTML_ENTITIES))));
    }
    else
    {
    $u_search_author = urlencode(str_replace(array('&amp;', ''', '&quot;', '&lt;', '&gt;'), array('&', "'", '"', '<', '>'), $profiledata['username']));
    }[/code]
  2. FIND - Line 234
    [code start="234" file="includes/usercp_viewprofile.php"] 'U_SEARCH_USER' => append_sid("search.$phpEx?search_author=" . urlencode($profiledata['username'])),[/code]

    REPLACE WITH
    [code start="234" file="includes/usercp_viewprofile.php"] 'U_SEARCH_USER' => append_sid("search.$phpEx?search_author=" . $u_search_author),[/code]
login.php
  1. FIND - Line 57
    [code file="login.php" start="57"] $username = isset($HTTP_POST_VARS['username']) ? trim(htmlspecialchars($HTTP_POST_VARS['username'])) : '';
    $username = substr(str_replace("\\'", "'", $username), 0, 25);
    $username = str_replace("'", "\\'", $username);[/code]

    REPLACE WITH
    [code start="57" file="login.php"] $username = isset($HTTP_POST_VARS['username']) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';[/code]
privmsg.php
  1. FIND - Line 1135
    [code file="privmsg.php" start="1135"] $to_username = $HTTP_POST_VARS['username'];[/code]

    REPLACE WITH
    [code file="privmsg.php" start="1135"] $to_username = phpbb_clean_username($HTTP_POST_VARS['username']);[/code]
  2. FIND - Line 1340
    [code file="privmsg.php" start="1340"] $to_username = ( isset($HTTP_POST_VARS['username']) ) ? trim(strip_tags(stripslashes($HTTP_POST_VARS['username']))) : '';[/code]

    REPLACE WITH
    [code file="privmsg.php" start="1340"] $to_username = (isset($HTTP_POST_VARS['username']) ) ? trim(htmlspecialchars(stripslashes($HTTP_POST_VARS['username']))) : '';[/code]
  3. FIND - Line 1711
    [code start="1711" file="privmsg.php"] 'USERNAME' => preg_replace($html_entities_match, $html_entities_replace, $to_username),[/code]

    REPLACE WITH
    [code start="1711" file="privmsg.php"] 'USERNAME' => $to_username,[/code]
profile.php
  1. FIND - Line 100
    [code file="profile.php" start="100"] include($phpbb_root_path . 'includes/usercp_register.'.$phpEx);
    exit;
    }[/code]

    AFTER, ADD
    [code file="profile.php" start="103"] else if ( $mode == 'confirm' )
    {
    // Visual Confirmation
    if ( $userdata['session_logged_in'] )
    {
    exit;
    }

    include($phpbb_root_path . 'includes/usercp_confirm.'.$phpEx);
    exit;
    }[/code]
search.php
  1. FIND - Line 63
    [code file="search.php" start="63"] $search_author = htmlspecialchars($search_author);[/code]

    REPLACE WITH
    [code file="search.php" start="63"] $search_author = phpbb_clean_username($search_author);[/code]
templates/subSilver/admin/board_config_body.tpl
  1. FIND - Line 38
    [code file="templates/subSilver/admin/board_config_body.tpl" start="38"] <tr>
    <td class="row2"><input type="radio" name="require_activation" value="{ACTIVATION_NONE}" {ACTIVATION_NONE_CHECKED} />{L_NONE}&nbsp; &nbsp;<input type="radio" name="require_activation" value="{ACTIVATION_USER}" {ACTIVATION_USER_CHECKED} />{L_USER}&nbsp; &nbsp;<input type="radio" name="require_activation" value="{ACTIVATION_ADMIN}" {ACTIVATION_ADMIN_CHECKED} />{L_ADMIN}</td>
    </tr>
    [/code]

    AFTER, ADD
    [code file="templates/subSilver/admin/board_config_body.tpl" start="41"] <tr>
    <td class="row1">{L_VISUAL_CONFIRM}<br /><span class="gensmall">{L_VISUAL_CONFIRM_EXPLAIN}</span></td>
    <td class="row2"><input type="radio" name="enable_confirm" value="1" {CONFIRM_ENABLE} />{L_YES}&nbsp; &nbsp;<input type="radio" name="enable_confirm" value="0" {CONFIRM_DISABLE} />{L_NO}</td>
    </tr>[/code]
viewtopic.php
  1. FIND - Line 486
    [code file="viewtopic.php" start="486"] $words = explode(' ', trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight']))));[/code]

    REPLACE WITH
    [code file="viewtopic.php" start="486"] $words = explode(' ', trim(htmlspecialchars($HTTP_GET_VARS['highlight'])));[/code]
Do NOT pm me, I don't visit this forum anymore, don't own it, don't provide any support and don't moderate.
User avatar
PostBot
Moderator
Moderator
 
Posts: 10659
Joined: Sat Aug 02, 2003 3:52 pm
Location: Mars


Return to Announcements

Who is online

Users browsing this forum: No registered users and 1 guest