Manual de Instruções Upgrade de - 1.1.8 para 1.1.9

Iniciado por candidosa2, 23 de Maio de 2009, 03:07

Tópico anterior - Tópico seguinte

0 Membros e 2 Visitantes estão a ver este tópico.

Imprimir
Ir para o fundo Páginas1
Ações do utilizador

candidosa2

23 de Maio de 2009, 03:07 Última edição: 15 de Julho de 2009, 09:30 por candidosa2
./index.php
Pesquisar
Código Selecionar
* Software Version:           SMF 1.1.8                                           *

Adicionar trocar por
Código Selecionar
* Software Version:           SMF 1.1.9                                           *


Código Selecionar
$forum_version = 'SMF 1.1.8';


Código Selecionar
$forum_version = 'SMF 1.1.9';


Código Selecionar
  elseif (empty($modSettings['allow_guestAccess']) && $user_info['is_guest'] && (!isset($_REQUEST['action']) || !in_array($_REQUEST['action'], array('coppa', 'login', 'login2', 'register', 'register2', 'reminder', 'activate', 'smstats', 'help', '.xml', 'verificationcode'))))


Código Selecionar
  elseif (empty($modSettings['allow_guestAccess']) && $user_info['is_guest'] && (!isset($_REQUEST['action']) || !in_array($_REQUEST['action'], array('coppa', 'login', 'login2', 'register', 'register2', 'reminder', 'activate', 'smstats', 'help', 'verificationcode'))))



./Display.php
Código Selecionar
* Software Version:           SMF 1.1.4                                           *


Código Selecionar
* Software Version:           SMF 1.1.9                                           *


Código Selecionar
              a.ID_ATTACH, a.ID_MSG, a.filename, IFNULL(a.size, 0) AS filesize, a.downloads,


Código Selecionar
              a.ID_ATTACH, a.ID_MSG, a.filename, a.file_hash, IFNULL(a.size, 0) AS filesize, a.downloads,


Código Selecionar
        SELECT filename, ID_ATTACH, attachmentType


Código Selecionar
        SELECT filename, ID_ATTACH, attachmentType, file_hash


Código Selecionar
        SELECT a.filename, a.ID_ATTACH, a.attachmentType


Código Selecionar
        SELECT a.filename, a.ID_ATTACH, a.attachmentType, a.file_hash


Código Selecionar
  list ($real_filename, $ID_ATTACH, $attachmentType) = mysql_fetch_row($request);


Código Selecionar
  list ($real_filename, $ID_ATTACH, $attachmentType, $file_hash) = mysql_fetch_row($request);


Código Selecionar
  $filename = getAttachmentFilename($real_filename, $_REQUEST['attach']);


Código Selecionar
  $filename = getAttachmentFilename($real_filename, $_REQUEST['attach'], false, $file_hash);


Código Selecionar
  if (filesize($filename) != 0)


Código Selecionar
  // IE 6 just doesn't play nice. As dirty as this seems, it works.
  if ($context['browser']['is_ie6'] && isset($_REQUEST['image']))
     unset($_REQUEST['image']);

  elseif (filesize($filename) != 0)


Código Selecionar
           6 => 'bmp',


Código Selecionar
           6 => 'x-ms-bmp',


Código Selecionar
        if (!empty($size['mime']))
           header('Content-Type: ' . $size['mime']);


Código Selecionar
        if (!empty($size['mime']) && !in_array($size[2], array(4, 13)))
           header('Content-Type: ' . strtr($size['mime'], array('image/bmp' => 'image/x-ms-bmp')));


Código Selecionar
  if (!isset($_REQUEST['image']))
  {
     header('Content-Disposition: attachment; filename="' . $real_filename . '"');
     header('Content-Type: application/octet-stream');
  }


Código Selecionar
  header('Content-Disposition: ' . (isset($_REQUEST['image']) ? 'inline' : 'attachment') . '; filename="' . $real_filename . '"');
  if (!isset($_REQUEST['image']))
     header('Content-Type: application/octet-stream');



Código Selecionar
              $filename = getAttachmentFilename($attachment['filename'], $attachment['ID_ATTACH']);


Código Selecionar
              $filename = getAttachmentFilename($attachment['filename'], $attachment['ID_ATTACH'], false, $attachment['file_hash']);


Código Selecionar
                 db_query("
                    INSERT INTO {$db_prefix}attachments
                       (ID_MSG, attachmentType, filename, size, width, height)
                    VALUES ($ID_MSG, 3, '$thumb_filename', " . (int) $thumb_size . ", " . (int) $attachment['thumb_width'] . ", " . (int) $attachment['thumb_height'] . ")", __FILE__, __LINE__);


Código Selecionar
                 $thumb_hash = getAttachmentFilename($thumb_filename, false, true);
                 db_query("
                    INSERT INTO {$db_prefix}attachments
                       (ID_MSG, attachmentType, filename, file_hash, size, width, height)
                    VALUES ($ID_MSG, 3, '$thumb_filename', '$thumb_hash', " . (int) $thumb_size . ", " . (int) $attachment['thumb_width'] . ", " . (int) $attachment['thumb_height'] . ")", __FILE__, __LINE__);


Código Selecionar
                    $thumb_realname = getAttachmentFilename($thumb_filename, $attachment['ID_THUMB'], true);
                    rename($filename . '_thumb', $modSettings['attachmentUploadDir'] . '/' . $thumb_realname);


Código Selecionar
                    $thumb_realname = getAttachmentFilename($thumb_filename, $attachment['ID_THUMB'], false, $thumb_hash);
                    rename($filename . '_thumb', $thumb_realname);



./Load.php

Pesquisar
Código Selecionar
* Software Version:           SMF 1.1.6                                           *


Alterar por
Código Selecionar
* Software Version:           SMF 1.1.9                                           *


Código Selecionar
        // If this is the theme_dir of the default theme, store it.


Código Selecionar
        // There are just things we shouldn't be able to change as members.
        if ($row['ID_MEMBER'] != 0 && in_array($row['variable'], array('actual_theme_url', 'actual_images_url', 'base_theme_dir', 'base_theme_url', 'default_images_url', 'default_theme_dir', 'default_theme_url', 'default_template', 'images_url', 'number_recent_posts', 'smiley_sets_default', 'theme_dir', 'theme_id', 'theme_layers', 'theme_templates', 'theme_url')))
           continue;

        // If this is the theme_dir of the default theme, store it.




./ManageAttachments.php
Pesquisar
Código Selecionar
* Software Version:           SMF 1.1.4                                           *


Alterar por
Código Selecionar
* Software Version:           SMF 1.1.9                                           *


Código Selecionar
* Copyright 2006 by:          Simple Machines LLC (http://www.simplemachines.org) *


Código Selecionar
* Copyright 2006-2009 by:     Simple Machines LLC (http://www.simplemachines.org) *


Código Selecionar
        'attachmentShowImages' => empty($_POST['attachmentShowImages']) ? '0' : '1',
        'attachmentEncryptFilenames' => empty($_POST['attachmentEncryptFilenames']) ? '0' : '1',


Código Selecionar
        'attachmentShowImages' => empty($_POST['attachmentShowImages']) ? '0' : '1',


Código Selecionar
     SELECT ID_ATTACH, ID_MEMBER, filename


Código Selecionar
     SELECT ID_ATTACH, ID_MEMBER, filename, file_hash


Código Selecionar
  while ($row = mysql_fetch_assoc($request))
  {
     $filename = getAttachmentFilename($row['filename'], $row['ID_ATTACH']);


Código Selecionar
  while ($row = mysql_fetch_assoc($request))
  {
     $filename = getAttachmentFilename($row['filename'], $row['ID_ATTACH'], false, $row['file_hash']);


Código Selecionar
        a.filename, a.attachmentType, a.ID_ATTACH, a.ID_MEMBER" . ($query_type == 'messages' ? ', m.ID_MSG' : ', a.ID_MSG') . ",


Código Selecionar
        a.filename, a.file_hash, a.attachmentType, a.ID_ATTACH, a.ID_MEMBER" . ($query_type == 'messages' ? ', m.ID_MSG' : ', a.ID_MSG') . ",


Código Selecionar
        $filename = getAttachmentFilename($row['filename'], $row['ID_ATTACH']);
        @unlink($filename);

        // If this was a thumb, the parent attachment should know about it.


Código Selecionar
        $filename = getAttachmentFilename($row['filename'], $row['ID_ATTACH'], false, $row['file_hash']);
        @unlink($filename);

        // If this was a thumb, the parent attachment should know about it.



Código Selecionar
           $thumb_filename = getAttachmentFilename($row['thumb_filename'], $row['ID_THUMB']);
           @unlink($thumb_filename);
           $attach[] = $row['ID_THUMB'];


Código Selecionar
           $thumb_filename = getAttachmentFilename($row['thumb_filename'], $row['ID_THUMB'], false, $row['file_hash']);
           @unlink($thumb_filename);
           $attach[] = $row['ID_THUMB'];


Código Selecionar
           SELECT thumb.ID_ATTACH, thumb.filename


Código Selecionar
           SELECT thumb.ID_ATTACH, thumb.filename, thumb.file_hash


Código Selecionar
           // If we are repairing remove the file from disk now.
           if ($fix_errors && in_array('missing_thumbnail_parent', $to_fix))
           {
              $filename = getAttachmentFilename($row['filename'], $row['ID_ATTACH']);


Código Selecionar
           // If we are repairing remove the file from disk now.
           if ($fix_errors && in_array('missing_thumbnail_parent', $to_fix))
           {
              $filename = getAttachmentFilename($row['filename'], $row['ID_ATTACH'], false, $row['file_hash']);


Código Selecionar
           SELECT ID_ATTACH, filename, size, attachmentType


Código Selecionar
           SELECT ID_ATTACH, filename, file_hash, size, attachmentType



Código Selecionar
              $filename = getAttachmentFilename($row['filename'], $row['ID_ATTACH']);

           // File doesn't exist?


Código Selecionar
              $filename = getAttachmentFilename($row['filename'], $row['ID_ATTACH'], false, $row['file_hash']);

           // File doesn't exist?


Código Selecionar
           SELECT a.ID_ATTACH, a.filename, a.attachmentType


Código Selecionar
           SELECT a.ID_ATTACH, a.filename, a.file_hash, a.attachmentType


Código Selecionar
              if ($row['attachmentType'] == 1)
                 $filename = $modSettings['custom_avatar_dir'] . '/' . $row['filename'];
              else
                 $filename = getAttachmentFilename($row['filename'], $row['ID_ATTACH']);
              @unlink($filename);
           }


Código Selecionar
              if ($row['attachmentType'] == 1)
                 $filename = $modSettings['custom_avatar_dir'] . '/' . $row['filename'];
              else
                 $filename = getAttachmentFilename($row['filename'], $row['ID_ATTACH'], false, $row['file_hash']);
              @unlink($filename);
           }


Código Selecionar
           SELECT a.ID_ATTACH, a.filename
           FROM {$db_prefix}attachments AS a


Código Selecionar
           SELECT a.ID_ATTACH, a.filename, a.file_hash
           FROM {$db_prefix}attachments AS a


Código Selecionar
           // If we are repairing remove the file from disk now.
           if ($fix_errors && in_array('attachment_no_msg', $to_fix))
           {
              $filename = getAttachmentFilename($row['filename'], $row['ID_ATTACH']);


Código Selecionar
           // If we are repairing remove the file from disk now.
           if ($fix_errors && in_array('attachment_no_msg', $to_fix))
           {
              $filename = getAttachmentFilename($row['filename'], $row['ID_ATTACH'], false, $row['file_hash']);




./Sources/PackageGet.php

Pesquisar por
Código Selecionar
* Software Version:           SMF 1.1.8                                           *


Código Selecionar
* Software Version:           SMF 1.1.9                                           *


Código Selecionar
* Copyright 2006 by:          Simple Machines LLC (http://www.simplemachines.org) *


Código Selecionar
* Copyright 2006-2009 by:     Simple Machines LLC (http://www.simplemachines.org) *


Código Selecionar
     $default_author = $listing->fetch('default-author');


Código Selecionar
     $default_author = htmlspecialchars($listing->fetch('default-author'));


Código Selecionar
        $default_title = $listing->fetch('default-website/@title');


Código Selecionar
        $default_title = htmlspecialchars($listing->fetch('default-website/@title'));


Código Selecionar
        if (in_array($package['type'], array('title', 'heading', 'text', 'rule')))
           $package['name'] = $thisPackage->fetch('.');


Código Selecionar
        if (in_array($package['type'], array('title', 'heading', 'text', 'rule')))
           $package['name'] = htmlspecialchars($thisPackage->fetch('.'));


Código Selecionar
           $package['name'] = $thisPackage->fetch('.');
           $package['link'] = '<a href="' . $package['href'] . '">' . $package['name'] . '</a>';


Código Selecionar
           $package['name'] = htmlspecialchars($thisPackage->fetch('.'));
           $package['link'] = '<a href="' . $package['href'] . '">' . $package['name'] . '</a>';


Código Selecionar
           if ($package['description'] == '')
              $package['description'] = $txt['pacman8'];


Código Selecionar
           if ($package['description'] == '')
              $package['description'] = $txt['pacman8'];
           else
              $package['description'] = parse_bbc(preg_replace('~\[[/]?html\]~i', '', htmlspecialchars($package['description'])));            


Código Selecionar
           $package['href'] = $url . '/' . $package['filename'];


Código Selecionar
           $package['href'] = $url . '/' . $package['filename'];
           $package['name'] = htmlspecialchars($package['name']);


Código Selecionar
                 $package['author']['email'] = $thisPackage->fetch('author/@email');


Código Selecionar
                 $package['author']['email'] = htmlspecialchars($thisPackage->fetch('author/@email'));


Código Selecionar
                 $package['author']['name'] = $thisPackage->fetch('author');


Código Selecionar
                 $package['author']['name'] = htmlspecialchars($thisPackage->fetch('author'));


Código Selecionar
                 $package['author']['website']['name'] = $thisPackage->fetch('website/@title');
              elseif (isset($default_title))
                 $package['author']['website']['name'] = $default_title;
              elseif ($thisPackage->exists('website'))
                 $package['author']['website']['name'] = $thisPackage->fetch('website');


Código Selecionar
                 $package['author']['website']['name'] = htmlspecialchars($thisPackage->fetch('website/@title'));
              elseif (isset($default_title))
                 $package['author']['website']['name'] = $default_title;
              elseif ($thisPackage->exists('website'))
                 $package['author']['website']['name'] = htmlspecialchars($thisPackage->fetch('website'));





./Sources/Post.php

Código Selecionar
* Software Version:           SMF 1.1.5                                           *


Código Selecionar
* Software Version:           SMF 1.1.9                                           *


Código Selecionar
              'name' => getAttachmentFilename($name, false, true),


Código Selecionar
              'name' => $name,




/Sources/Profile.php
Pesquisar
Código Selecionar
* Software Version:           SMF 1.1.6                                           *


Trocar por
Código Selecionar
* Software Version:           SMF 1.1.9                                           *


Código Selecionar
  // These are the theme changes...


Código Selecionar
  $reservedVars = array(
     'actual_theme_url',
     'actual_images_url',
     'base_theme_dir',
     'base_theme_url',
     'default_images_url',
     'default_theme_dir',
     'default_theme_url',
     'default_template',
     'images_url',
     'number_recent_posts',
     'smiley_sets_default',
     'theme_dir',
     'theme_id',
     'theme_layers',
     'theme_templates',
     'theme_url',
  );

  // Can't change reserved vars.
  if ((isset($_POST['options']) && array_intersect(array_keys($_POST['options']), $reservedVars) != array()) || (isset($_POST['default_options']) && array_intersect(array_keys($_POST['default_options']), $reservedVars) != array()))
     fatal_lang_error(1);

  // These are the theme changes...



Código Selecionar
           $extensions = array(


Código Selecionar
           // Though not an exhaustive list, better safe than sorry.
           $fp = fopen($_FILES['attachment']['tmp_name'], 'rb');
           if (!$fp)
              fatal_lang_error('smf124');

           // Now try to find an infection.
           while (!feof($fp))
           {
              if (preg_match('~(iframe|\\<\\?php|\\<\\?[\s=]|\\<%[\s=]|html|eval|body|script\W)~', fgets($fp, 4096)) === 1)
              {
                 if (file_exists($uploadDir . '/avatar_tmp_' . $memID))
                    @unlink($uploadDir . '/avatar_tmp_' . $memID);

                 fatal_lang_error('smf124');
              }
           }
           fclose($fp);

           $extensions = array(


Código Selecionar
           if (!rename($_FILES['attachment']['tmp_name'], $uploadDir . '/' . $destName))
              fatal_lang_error('smf124');

           db_query("
              INSERT INTO {$db_prefix}attachments
                 (ID_MEMBER, attachmentType, filename, size, width, height)
              VALUES ($memID, " . (empty($modSettings['custom_avatar_enabled']) ? '0' : '1') . ", '$destName', " . filesize($uploadDir . '/' . $destName) . ", " . (int) $width . ", " . (int) $height . ")", __FILE__, __LINE__);

           // Attempt to chmod it.
           @chmod($uploadDir . '/' . $destName, 0644);


Código Selecionar
           $file_hash = empty($modSettings['custom_avatar_enabled']) ? getAttachmentFilename($destName, false, true) : '';

           db_query("
              INSERT INTO {$db_prefix}attachments
                 (ID_MEMBER, attachmentType, filename, file_hash, size, width, height)
              VALUES ($memID, " . (empty($modSettings['custom_avatar_enabled']) ? '0' : '1') . ", '$destName', '" . (empty($file_hash) ? "" : "$file_hash") . "', " . filesize($_FILES['attachment']['tmp_name']) . ", " . (int) $width . ", " . (int) $height . ")", __FILE__, __LINE__);
           $attachID = db_insert_id();

           // Try to move this avatar.
           $destinationPath = $uploadDir . '/' . (empty($file_hash) ? $destName : $attachID . '_' . $file_hash);
           if (!rename($_FILES['attachment']['tmp_name'], $destinationPath))
           {
              // The move failed, get rid of it and die.
              db_query("
                 DELETE FROM {$db_prefix}attachments
                 WHERE ID_ATTACH = $attachID", __FILE__, __LINE__);

              fatal_lang_error('smf124');
           }

           // Attempt to chmod it.
           @chmod($destinationPath, 0644);


Código Selecionar
     $context['activate_message'] = isset($txt['account_activate_method_' . $context['member']['is_activated'] % 10]) ? $txt['account_activate_method_' . $context['member']['is_activated']] : $txt['account_not_activated'];


Código Selecionar
     $context['activate_message'] = isset($txt['account_activate_method_' . $context['member']['is_activated'] % 10]) ? $txt['account_activate_method_' . $context['member']['is_activated'] % 10] : $txt['account_not_activated'];




./Sources/QueryString.php
Pesquisar
Código Selecionar
* Software Version:           SMF 1.1.7                                           *


Código Selecionar
* Software Version:           SMF 1.1.9                                           *


Código Selecionar
* Copyright 2006 by:          Simple Machines LLC (http://www.simplemachines.org) *


Código Selecionar
* Copyright 2006-2009 by:     Simple Machines LLC (http://www.simplemachines.org) *


Código Selecionar
  if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']) && !empty($_SERVER['HTTP_CLIENT_IP']) && (preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $_SERVER['HTTP_CLIENT_IP']) == 0 || preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $_SERVER['REMOTE_ADDR']) != 0))
  {
     // We have both forwarded for AND client IP... check the first forwarded for as the block - only switch if it's better that way.
     if (strtok($_SERVER['HTTP_X_FORWARDED_FOR'], '.') != strtok($_SERVER['HTTP_CLIENT_IP'], '.') && '.' . strtok($_SERVER['HTTP_X_FORWARDED_FOR'], '.') == strrchr($_SERVER['HTTP_CLIENT_IP'], '.') && (preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $_SERVER['HTTP_X_FORWARDED_FOR']) == 0 || preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $_SERVER['REMOTE_ADDR']) != 0))


Código Selecionar
  if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']) && !empty($_SERVER['HTTP_CLIENT_IP']) && (preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $_SERVER['HTTP_CLIENT_IP']) == 0 || preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $_SERVER['REMOTE_ADDR']) != 0))
  {
     // We have both forwarded for AND client IP... check the first forwarded for as the block - only switch if it's better that way.
     if (strtok($_SERVER['HTTP_X_FORWARDED_FOR'], '.') != strtok($_SERVER['HTTP_CLIENT_IP'], '.') && '.' . strtok($_SERVER['HTTP_X_FORWARDED_FOR'], '.') == strrchr($_SERVER['HTTP_CLIENT_IP'], '.') && (preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $_SERVER['HTTP_X_FORWARDED_FOR']) == 0 || preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $_SERVER['REMOTE_ADDR']) != 0))


Código Selecionar
  if (!empty($_SERVER['HTTP_CLIENT_IP']) && (preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $_SERVER['HTTP_CLIENT_IP']) == 0 || preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $_SERVER['REMOTE_ADDR']) != 0))


Código Selecionar
  if (!empty($_SERVER['HTTP_CLIENT_IP']) && (preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $_SERVER['HTTP_CLIENT_IP']) == 0 || preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $_SERVER['REMOTE_ADDR']) != 0))


Código Selecionar
           if (preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $ip) != 0 && preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $_SERVER['REMOTE_ADDR']) == 0)


Código Selecionar
           if (preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $ip) != 0 && preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $_SERVER['REMOTE_ADDR']) == 0)


Código Selecionar
     elseif (preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $_SERVER['HTTP_X_FORWARDED_FOR']) == 0 || preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $_SERVER['REMOTE_ADDR']) != 0)


Código Selecionar
     elseif (preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $_SERVER['HTTP_X_FORWARDED_FOR']) == 0 || preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $_SERVER['REMOTE_ADDR']) != 0)





/Sources/Security.php
Pesquisar
Código Selecionar
* Software Version:           SMF 1.1.8                                           *


Código Selecionar
* Software Version:           SMF 1.1.9                                           *


Código Selecionar
  if (isset($_GET['confirm']) && isset($_SESSION['confirm_' . $action]) && md5($_GET['confirm'] . $_SERVER['HTTP_USER_AGENT']) !== $_SESSION['confirm_' . $action])
     return true;
     
  else
  {
     $token = md5(mt_rand() . session_id() . (string) microtime() . $modSettings['rand_seed']);
     $_SESSION['confirm_' . $action] = md5($token, $_SERVER['HTTP_USER_AGENT']);


Código Selecionar
  if (isset($_GET['confirm']) && isset($_SESSION['confirm_' . $action]) && md5($_GET['confirm'] . $_SERVER['HTTP_USER_AGENT']) == $_SESSION['confirm_' . $action])
     return true;
     
  else
  {
     $token = md5(mt_rand() . session_id() . (string) microtime() . $modSettings['rand_seed']);
     $_SESSION['confirm_' . $action] = md5($token . $_SERVER['HTTP_USER_AGENT']);





/Sources/Subs.php
Pesquisar por
Código Selecionar
* Software Version:           SMF 1.1.6                                           *


Código Selecionar
* Software Version:           SMF 1.1.9                                           *


Código Selecionar
        <div style="white-space: normal;">The administrator doesn\'t want a copyright notice saying this is copyright 2006 - 2007 by <a href="http://www.simplemachines.org/about/copyright.php" target="_blank">Simple Machines LLC</a>, and named <a href="http://www.simplemachines.org/">SMF</a>, so the forum will honor this request and be quiet.</div>';


Código Selecionar
        <div style="white-space: normal;">The administrator doesn\'t want a copyright notice saying this is copyright 2006 - 2009 by <a href="http://www.simplemachines.org/about/copyright.php" target="_blank">Simple Machines LLC</a>, and named <a href="http://www.simplemachines.org/">SMF</a>, so the forum will honor this request and be quiet.</div>';



Código Selecionar
// Get an attachment's encrypted filename.  If $new is true, won't check for file existence.
function getAttachmentFilename($filename, $attachment_id, $new = false)


Código Selecionar
// Get an attachment's encrypted filename.  If $new is true, won't check for file existence.
function getAttachmentFilename($filename, $attachment_id, $new = false, $file_hash = '')
{
  global $modSettings, $db_prefix;

  // Just make up a nice hash...
  if ($new)
     return sha1(md5($filename . time()) . mt_rand());

  // Grab the file hash if it wasn't added.
  if ($file_hash === '')
  {
     $request = db_query("
        SELECT file_hash
        FROM {$db_prefix}attachments
        WHERE ID_ATTACH = " . (int) $attachment_id, __FILE__, __LINE__);

     if (mysql_num_rows($request) === 0)
        return false;

     list ($file_hash) = mysql_fetch_row($request);

     mysql_free_result($request);
  }

  // In case of files from the old system, do a legacy call.
  if (empty($file_hash))
     return getLegacyAttachmentFilename($filename, $attachment_id, $new);

  return $modSettings['attachmentUploadDir'] . '/' . $attachment_id . '_' . $file_hash;
}

function getLegacyAttachmentFilename($filename, $attachment_id, $new = false)






./Sources/Subs-Graphics.php
Pesquisar por
Código Selecionar
* Software Version:           SMF 1.1.7                                           *


Código Selecionar
* Software Version:           SMF 1.1.9                                           *


Código Selecionar
  db_query("
     INSERT INTO {$db_prefix}attachments
        (ID_MEMBER, attachmentType, filename, size)
     VALUES ($memID, " . (empty($modSettings['custom_avatar_enabled']) ? '0' : '1') . ", '$destName', 1)", __FILE__, __LINE__);



Código Selecionar

  $avatar_hash = empty($modSettings['custom_avatar_enabled']) ? getAttachmentFilename($destName, false, true) : '';

  db_query("
     INSERT INTO {$db_prefix}attachments
        (ID_MEMBER, attachmentType, filename, file_hash, size)
     VALUES ($memID, " . (empty($modSettings['custom_avatar_enabled']) ? '0' : '1') . ", '$destName', '" . (empty($avatar_hash) ? "" : "$avatar_hash") . "', 1)", __FILE__, __LINE__);


Código Selecionar
     if (preg_match('~(iframe|\\<\\?php|\\<\\?|\\<%|html|eval|body|script)~', $fileContents) === 1)
     {
        fclose($fp);


Código Selecionar
     if (preg_match('~(iframe|\\<\\?php|\\<\\?[\s=]|\\<%[\s=]|html|eval|body|script\W)~', $fileContents) === 1)
     {
        fclose($fp);


Código Selecionar
     $fp2 = fopen($url, 'rb');
     while (!feof($fp2))
        fwrite($fp, fread($fp2, 8192));
     fclose($fp2);


Código Selecionar
     $fp2 = fopen($url, 'rb');
     $prev_chunk = '';
     while (!feof($fp2))
     {
        $cur_chunk = fread($fp2, 8192);

        // Make sure nothing odd came through.
        if (preg_match('~(iframe|\\<\\?php|\\<\\?[\s=]|\\<%[\s=]|html|eval|body|script\W)~', $prev_chunk . $cur_chunk) === 1)
        {
           fclose($fp2);
           fclose($fp);
           unlink($destName);
           return false;
        }

        fwrite($fp, $cur_chunk);
        $prev_chunk = $cur_chunk;
     }
     fclose($fp2);


Código Selecionar
     if (rename($destName . '.tmp', $destName))
     {


Código Selecionar
     if (rename($destName . '.tmp', empty($avatar_hash) ? $destName : $modSettings['attachmentUploadDir'] . '/' . $attachID . '_' . $avatar_hash))
     {
        $destName = empty($avatar_hash) ? $destName : $modSettings['attachmentUploadDir'] . '/' . $attachID . '_' . $avatar_hash;


Código Selecionar
  $code_image = imagecreate($total_width, $max_height);


Código Selecionar
  $code_image = $gd2 ? imagecreatetruecolor($total_width, $max_height) : imagecreate($total_width, $max_height);






/Sources/Subs-Members.php
Pesquisarpor
Código Selecionar
* Software Version:           SMF 1.1.6                                           *


Código Selecionar
* Software Version:           SMF 1.1.9                                           *


Código Selecionar
  // Some of these might be overwritten. (the lower ones that are in the arrays below.)


Código Selecionar
  $reservedVars = array(
     'actual_theme_url',
     'actual_images_url',
     'base_theme_dir',
     'base_theme_url',
     'default_images_url',
     'default_theme_dir',
     'default_theme_url',
     'default_template',
     'images_url',
     'number_recent_posts',
     'smiley_sets_default',
     'theme_dir',
     'theme_id',
     'theme_layers',
     'theme_templates',
     'theme_url',
  );

  // Can't change reserved vars.
  if (isset($regOptions['theme_vars']) && array_intersect(array_keys($regOptions['theme_vars']), $reservedVars) != array())
     fatal_lang_error('theme3');

  // Some of these might be overwritten. (the lower ones that are in the arrays below.)




./Sources/Subs-Post.php
Pesquisar por
Código Selecionar
* Software Version:           SMF 1.1.8                                           *


Código Selecionar
* Software Version:           SMF 1.1.9                                           *


Código Selecionar
        $parts[$i] = preg_replace('~\[([/]?)(list|li|table|tr|td)([^\]]*)\]~ie', '\'[$1\' . strtolower(\'$2\') . \'$3]\'', $parts[$i]);


Código Selecionar
        $parts[$i] = preg_replace('~\[([/]?)(list|li|table|tr|td)((\s[^\]]+)*)\]~ie', '\'[$1\' . strtolower(\'$2\') . \'$3]\'', $parts[$i]);


Código Selecionar
  // Change breaks back to \n's.
  return preg_replace('~<br( /)?' . '>~', "\n", implode('', $parts));


Código Selecionar
  // Change breaks back to \n's and &nsbp; back to spaces.
  return preg_replace('~<br( /)?' . '>~', "\n", str_replace('&nbsp;', ' ', implode('', $parts)));


Código Selecionar
  // Remove special foreign characters from the filename.
  if (empty($modSettings['attachmentEncryptFilenames']))
     $attachmentOptions['name'] = getAttachmentFilename($attachmentOptions['name'], false, true);


Código Selecionar
  // Get the hash if no hash has been given yet.
  if (empty($attachmentOptions['file_hash']))
     $attachmentOptions['file_hash'] = getAttachmentFilename($attachmentOptions['name'], false, true);


Código Selecionar
        (ID_MSG, filename, size, width, height)
     VALUES (" . (int) $attachmentOptions['post'] . ", SUBSTRING('" . $attachmentOptions['name'] . "', 1, 255), " . (int) $attachmentOptions['size'] . ', ' . (empty($attachmentOptions['width']) ? '0' : (int) $attachmentOptions['width']) . ', ' . (empty($attachmentOptions['height']) ? '0' : (int) $attachmentOptions['height']) . ')', __FILE__, __LINE__);


Código Selecionar
        (ID_MSG, filename, file_hash, size, width, height)
     VALUES (" . (int) $attachmentOptions['post'] . ", SUBSTRING('" . $attachmentOptions['name'] . "', 1, 255), '$attachmentOptions[file_hash]', " . (int) $attachmentOptions['size'] . ', ' . (empty($attachmentOptions['width']) ? '0' : (int) $attachmentOptions['width']) . ', ' . (empty($attachmentOptions['height']) ? '0' : (int) $attachmentOptions['height']) . ')', __FILE__, __LINE__);


Código Selecionar
  $attachmentOptions['destination'] = $modSettings['attachmentUploadDir'] . '/' . getAttachmentFilename(basename($attachmentOptions['name']), $attachmentOptions['id'], true);


Código Selecionar
  $attachmentOptions['destination'] = getAttachmentFilename(basename($attachmentOptions['name']), $attachmentOptions['id'], false, $attachmentOptions['file_hash']);
[/code

[code]         // To the database we go!
        db_query("
           INSERT INTO {$db_prefix}attachments
              (ID_MSG, attachmentType, filename, size, width, height)
           VALUES (" . (int) $attachmentOptions['post'] . ", 3, SUBSTRING('$thumb_filename', 1, 255), " . (int) $thumb_size . ", " . (int) $thumb_width . ", " . (int) $thumb_height . ")", __FILE__, __LINE__);


Código Selecionar
        // To the database we go!
        $thumb_file_hash = getAttachmentFilename($thumb_filename, false, true);
        db_query("
           INSERT INTO {$db_prefix}attachments
              (ID_MSG, attachmentType, filename, file_hash, size, width, height)
           VALUES (" . (int) $attachmentOptions['post'] . ", 3, SUBSTRING('$thumb_filename', 1, 255), '$thumb_file_hash', " . (int) $thumb_size . ", " . (int) $thumb_width . ", " . (int) $thumb_height . ")", __FILE__, __LINE__);


Código Selecionar
           rename($attachmentOptions['destination'] . '_thumb', $modSettings['attachmentUploadDir'] . '/' . getAttachmentFilename($thumb_filename, $attachmentOptions['thumb'], true));



Código Selecionar
           rename($attachmentOptions['destination'] . '_thumb', getAttachmentFilename($thumb_filename, $attachmentOptions['thumb'], false, $thumb_file_hash));
[/code




./Themes/[color=green]ManageAttachments.template.php[/color]
Pesquisar por
[code]// Version: 1.1; ManageAttachments


Código Selecionar
// Version: 1.1.9; ManageAttachments


Código Selecionar
        <td><input type="text" name="attachmentExtensions" id="attachmentExtensions" value="', $modSettings['attachmentExtensions'], '" size="40" /></td>
     </tr><tr class="windowbg2">
        <td width="50%" align="right"><label for="attachmentEncryptFilenames">', $txt['attachmentEncryptFilenames'], ' <a href="', $scripturl, '?action=helpadmin;help=attachmentEncryptFilenames" onclick="return reqWin(this.href);" class="help">(?)</a>:</label></td>
        <td><input type="checkbox" name="attachmentEncryptFilenames" id="attachmentEncryptFilenames" value="1" class="check"', empty($modSettings['attachmentEncryptFilenames']) ? '' : ' checked="checked"', ' /></td>


Código Selecionar
        <td><input type="text" name="attachmentExtensions" id="attachmentExtensions" value="', $modSettings['attachmentExtensions'], '" size="40" /></td>






./Themes/default/Recent.template.php[/color
Pesquisar por
Código Selecionar
// Version: 1.1.5; Recent


Código Selecionar
// Version: 1.1.9; Recent


Código Selecionar
        $button_set['delete'] = array('text' => 31, 'image' => 'delete.gif', 'lang' => true, 'custom' => 'onclick="return confirm(\'' . $txt[154] . '?\');"', 'url' => $scripturl . '?action=deletemsg2;msg=' . $post['id'] . ';topic=' . $post['topic'] . ';recent;sesc=' . $context['session_id']);


Código Selecionar
        $button_set['delete'] = array('text' => 31, 'image' => 'delete.gif', 'lang' => true, 'custom' => 'onclick="return confirm(\'' . $txt[154] . '?\');"', 'url' => $scripturl . '?action=deletemsg;msg=' . $post['id'] . ';topic=' . $post['topic'] . ';recent;sesc=' . $context['session_id']);



O anexado. Htaccess o ficheiro deve ser copiado para o directório anexos, se você já tem uma. Htaccess do root, actualizá-lo com
Código Selecionar
RemoveHandler .php .php3 .phtml .cgi .fcgi .pl .fpl .shtml


Finalmente, execute no SQL para actualizar a variável smfVersion em sua base de dados do fórum

Código Selecionar
UPDATE `smf_settings` SET `value` = '1.1.9' WHERE `variable` = 'smfVersion' LIMIT 1 [/code][/code]
Imprimir
Ir para o topo Páginas1
Ações do utilizador