Advertisement:

Navigation

Readme

This patch file will update your forum to SMF 1.1.9.

File Edits

./index.php

Operation #1
Find: [Select]
* Software Version: SMF 1.1.8 *
Replace With: [Select]
* Software Version: SMF 1.1.9 *
Operation #2
Find: [Select]
$forum_version = 'SMF 1.1.8';
Replace With: [Select]
$forum_version = 'SMF 1.1.9';
Operation #3
Find: [Select]
   elseif (empty($modSettings['allow_guestAccess']) && $user_info['is_guest'] && (!isset($_REQUEST['action']) || !in_array($_REQUEST['action'], array('coppa', 'login', 'login2', 'register', 'register2', 'reminder', 'activate', 'smstats', 'help', '.xml', 'verificationcode'))))
Replace With: [Select]
   elseif (empty($modSettings['allow_guestAccess']) && $user_info['is_guest'] && (!isset($_REQUEST['action']) || !in_array($_REQUEST['action'], array('coppa', 'login', 'login2', 'register', 'register2', 'reminder', 'activate', 'smstats', 'help', 'verificationcode'))))
Operation #4
Find: [Select]

* Copyright 2006-2007 by: Simple Machines LLC (http://www.simplemachines.org) *
Replace With: [Select]

* Copyright 2006-2009 by: Simple Machines LLC (http://www.simplemachines.org) *
This operation isn't vital to the installation of this mod.

Operation #5
Find: [Select]

* Copyright 2006 by: Simple Machines LLC (http://www.simplemachines.org) *
Replace With: [Select]

* Copyright 2006-2009 by: Simple Machines LLC (http://www.simplemachines.org) *
This operation isn't vital to the installation of this mod.

./Sources/Display.php

Operation #1
Find: [Select]
* Software Version: SMF 1.1.4 *
Replace With: [Select]
* Software Version: SMF 1.1.9 *
Operation #2
Find: [Select]
               a.ID_ATTACH, a.ID_MSG, a.filename, IFNULL(a.size, 0) AS filesize, a.downloads,
Replace With: [Select]
               a.ID_ATTACH, a.ID_MSG, a.filename, a.file_hash, IFNULL(a.size, 0) AS filesize, a.downloads,
Operation #3
Find: [Select]
         SELECT filename, ID_ATTACH, attachmentType
Replace With: [Select]
         SELECT filename, ID_ATTACH, attachmentType, file_hash
Operation #4
Find: [Select]
         SELECT a.filename, a.ID_ATTACH, a.attachmentType
Replace With: [Select]
         SELECT a.filename, a.ID_ATTACH, a.attachmentType, a.file_hash
Operation #5
Find: [Select]
   list ($real_filename, $ID_ATTACH, $attachmentType) = mysql_fetch_row($request);
Replace With: [Select]
   list ($real_filename, $ID_ATTACH, $attachmentType, $file_hash) = mysql_fetch_row($request);
Operation #6
Find: [Select]
   $filename = getAttachmentFilename($real_filename, $_REQUEST['attach']);
Replace With: [Select]
   $filename = getAttachmentFilename($real_filename, $_REQUEST['attach'], false, $file_hash);
Operation #7
Find: [Select]
   if (filesize($filename) != 0)
Replace With: [Select]
   // IE 6 just doesn't play nice. As dirty as this seems, it works.
   if ($context['browser']['is_ie6'] && isset($_REQUEST['image']))
      unset($_REQUEST['image']);

   elseif (filesize($filename) != 0)

Operation #8
Find: [Select]
            6 => 'bmp',
Replace With: [Select]
            6 => 'x-ms-bmp',
Operation #9
Find: [Select]
         if (!empty($size['mime']))
            header('Content-Type: ' . $size['mime']);
Replace With: [Select]
         if (!empty($size['mime']) && !in_array($size[2], array(4, 13)))
            header('Content-Type: ' . strtr($size['mime'], array('image/bmp' => 'image/x-ms-bmp')));

Operation #10
Find: [Select]
   if (!isset($_REQUEST['image']))
   {
      header('Content-Disposition: attachment; filename="' . $real_filename . '"');
      header('Content-Type: application/octet-stream');
   }
Replace With: [Select]
   header('Content-Disposition: ' . (isset($_REQUEST['image']) ? 'inline' : 'attachment') . '; filename="' . $real_filename . '"');
   if (!isset($_REQUEST['image']))
      header('Content-Type: application/octet-stream');

Operation #11
Find: [Select]
               $filename = getAttachmentFilename($attachment['filename'], $attachment['ID_ATTACH']);
Replace With: [Select]
               $filename = getAttachmentFilename($attachment['filename'], $attachment['ID_ATTACH'], false, $attachment['file_hash']);
Operation #12
Find: [Select]
                  db_query("
                     INSERT INTO {$db_prefix}attachments
                        (ID_MSG, attachmentType, filename, size, width, height)
                     VALUES ($ID_MSG, 3, '$thumb_filename', " . (int) $thumb_size . ", " . (int) $attachment['thumb_width'] . ", " . (int) $attachment['thumb_height'] . ")", __FILE__, __LINE__);
Replace With: [Select]
                  $thumb_hash = getAttachmentFilename($thumb_filename, false, true);
                  db_query("
                     INSERT INTO {$db_prefix}attachments
                        (ID_MSG, attachmentType, filename, file_hash, size, width, height)
                     VALUES ($ID_MSG, 3, '$thumb_filename', '$thumb_hash', " . (int) $thumb_size . ", " . (int) $attachment['thumb_width'] . ", " . (int) $attachment['thumb_height'] . ")", __FILE__, __LINE__);

Operation #13
Find: [Select]
                     $thumb_realname = getAttachmentFilename($thumb_filename, $attachment['ID_THUMB'], true);
                     rename($filename . '_thumb', $modSettings['attachmentUploadDir'] . '/' . $thumb_realname);
Replace With: [Select]
                     $thumb_realname = getAttachmentFilename($thumb_filename, $attachment['ID_THUMB'], false, $thumb_hash);
                     rename($filename . '_thumb', $thumb_realname);

Operation #14
Find: [Select]

* Copyright 2006-2007 by: Simple Machines LLC (http://www.simplemachines.org) *
Replace With: [Select]

* Copyright 2006-2009 by: Simple Machines LLC (http://www.simplemachines.org) *
This operation isn't vital to the installation of this mod.

Operation #15
Find: [Select]

* Copyright 2006 by: Simple Machines LLC (http://www.simplemachines.org) *
Replace With: [Select]

* Copyright 2006-2009 by: Simple Machines LLC (http://www.simplemachines.org) *
This operation isn't vital to the installation of this mod.

./Sources/Load.php

Operation #1
Find: [Select]
* Software Version: SMF 1.1.6 *
Replace With: [Select]
* Software Version: SMF 1.1.9 *
Operation #2
Find: [Select]
         // If this is the theme_dir of the default theme, store it.
Replace With: [Select]
         // There are just things we shouldn't be able to change as members.
         if ($row['ID_MEMBER'] != 0 && in_array($row['variable'], array('actual_theme_url', 'actual_images_url', 'base_theme_dir', 'base_theme_url', 'default_images_url', 'default_theme_dir', 'default_theme_url', 'default_template', 'images_url', 'number_recent_posts', 'smiley_sets_default', 'theme_dir', 'theme_id', 'theme_layers', 'theme_templates', 'theme_url')))
            continue;

         // If this is the theme_dir of the default theme, store it.

Operation #3
Find: [Select]

* Copyright 2006-2007 by: Simple Machines LLC (http://www.simplemachines.org) *
Replace With: [Select]

* Copyright 2006-2009 by: Simple Machines LLC (http://www.simplemachines.org) *
This operation isn't vital to the installation of this mod.

Operation #4
Find: [Select]

* Copyright 2006 by: Simple Machines LLC (http://www.simplemachines.org) *
Replace With: [Select]

* Copyright 2006-2009 by: Simple Machines LLC (http://www.simplemachines.org) *
This operation isn't vital to the installation of this mod.

./Sources/ManageAttachments.php

Operation #1
Find: [Select]
* Software Version: SMF 1.1.4 *
Replace With: [Select]
* Software Version: SMF 1.1.9 *
Operation #2
Find: [Select]
* Copyright 2006 by: Simple Machines LLC (http://www.simplemachines.org) *
Replace With: [Select]
* Copyright 2006-2009 by: Simple Machines LLC (http://www.simplemachines.org) *
Operation #3
Find: [Select]
         'attachmentShowImages' => empty($_POST['attachmentShowImages']) ? '0' : '1',
         'attachmentEncryptFilenames' => empty($_POST['attachmentEncryptFilenames']) ? '0' : '1',
Replace With: [Select]
         'attachmentShowImages' => empty($_POST['attachmentShowImages']) ? '0' : '1',
Operation #4
Find: [Select]
      SELECT ID_ATTACH, ID_MEMBER, filename
Replace With: [Select]
      SELECT ID_ATTACH, ID_MEMBER, filename, file_hash
Operation #5
Find: [Select]
   while ($row = mysql_fetch_assoc($request))
   {
      $filename = getAttachmentFilename($row['filename'], $row['ID_ATTACH']);
Replace With: [Select]
   while ($row = mysql_fetch_assoc($request))
   {
      $filename = getAttachmentFilename($row['filename'], $row['ID_ATTACH'], false, $row['file_hash']);

Operation #6
Find: [Select]
         a.filename, a.attachmentType, a.ID_ATTACH, a.ID_MEMBER" . ($query_type == 'messages' ? ', m.ID_MSG' : ', a.ID_MSG') . ",
Replace With: [Select]
         a.filename, a.file_hash, a.attachmentType, a.ID_ATTACH, a.ID_MEMBER" . ($query_type == 'messages' ? ', m.ID_MSG' : ', a.ID_MSG') . ",
Operation #7
Find: [Select]
         $filename = getAttachmentFilename($row['filename'], $row['ID_ATTACH']);
         @unlink($filename);

         // If this was a thumb, the parent attachment should know about it.
Replace With: [Select]
         $filename = getAttachmentFilename($row['filename'], $row['ID_ATTACH'], false, $row['file_hash']);
         @unlink($filename);

         // If this was a thumb, the parent attachment should know about it.

Operation #8
Find: [Select]
            $thumb_filename = getAttachmentFilename($row['thumb_filename'], $row['ID_THUMB']);
            @unlink($thumb_filename);
            $attach[] = $row['ID_THUMB'];
Replace With: [Select]
            $thumb_filename = getAttachmentFilename($row['thumb_filename'], $row['ID_THUMB'], false, $row['file_hash']);
            @unlink($thumb_filename);
            $attach[] = $row['ID_THUMB'];

Operation #9
Find: [Select]
            SELECT thumb.ID_ATTACH, thumb.filename
Replace With: [Select]
            SELECT thumb.ID_ATTACH, thumb.filename, thumb.file_hash
Operation #10
Find: [Select]
            // If we are repairing remove the file from disk now.
            if ($fix_errors && in_array('missing_thumbnail_parent', $to_fix))
            {
               $filename = getAttachmentFilename($row['filename'], $row['ID_ATTACH']);
Replace With: [Select]
            // If we are repairing remove the file from disk now.
            if ($fix_errors && in_array('missing_thumbnail_parent', $to_fix))
            {
               $filename = getAttachmentFilename($row['filename'], $row['ID_ATTACH'], false, $row['file_hash']);

Operation #11
Find: [Select]
            SELECT ID_ATTACH, filename, size, attachmentType
Replace With: [Select]
            SELECT ID_ATTACH, filename, file_hash, size, attachmentType
Operation #12
Find: [Select]
               $filename = getAttachmentFilename($row['filename'], $row['ID_ATTACH']);

            // File doesn't exist?
Replace With: [Select]
               $filename = getAttachmentFilename($row['filename'], $row['ID_ATTACH'], false, $row['file_hash']);

            // File doesn't exist?

Operation #13
Find: [Select]
            SELECT a.ID_ATTACH, a.filename, a.attachmentType
Replace With: [Select]
            SELECT a.ID_ATTACH, a.filename, a.file_hash, a.attachmentType
Operation #14
Find: [Select]
               if ($row['attachmentType'] == 1)
                  $filename = $modSettings['custom_avatar_dir'] . '/' . $row['filename'];
               else
                  $filename = getAttachmentFilename($row['filename'], $row['ID_ATTACH']);
               @unlink($filename);
            }
Replace With: [Select]
               if ($row['attachmentType'] == 1)
                  $filename = $modSettings['custom_avatar_dir'] . '/' . $row['filename'];
               else
                  $filename = getAttachmentFilename($row['filename'], $row['ID_ATTACH'], false, $row['file_hash']);
               @unlink($filename);
            }

Operation #15
Find: [Select]
            SELECT a.ID_ATTACH, a.filename
            FROM {$db_prefix}attachments AS a
Replace With: [Select]
            SELECT a.ID_ATTACH, a.filename, a.file_hash
            FROM {$db_prefix}attachments AS a

Operation #16
Find: [Select]
            // If we are repairing remove the file from disk now.
            if ($fix_errors && in_array('attachment_no_msg', $to_fix))
            {
               $filename = getAttachmentFilename($row['filename'], $row['ID_ATTACH']);
Replace With: [Select]
            // If we are repairing remove the file from disk now.
            if ($fix_errors && in_array('attachment_no_msg', $to_fix))
            {
               $filename = getAttachmentFilename($row['filename'], $row['ID_ATTACH'], false, $row['file_hash']);

./Sources/PackageGet.php

Operation #1
Find: [Select]
* Software Version: SMF 1.1.8 *
Replace With: [Select]
* Software Version: SMF 1.1.9 *
Operation #2
Find: [Select]
* Copyright 2006 by: Simple Machines LLC (http://www.simplemachines.org) *
Replace With: [Select]
* Copyright 2006-2009 by: Simple Machines LLC (http://www.simplemachines.org) *
Operation #3
Find: [Select]
      $default_author = $listing->fetch('default-author');
Replace With: [Select]
      $default_author = htmlspecialchars($listing->fetch('default-author'));
Operation #4
Find: [Select]
         $default_title = $listing->fetch('default-website/@title');
Replace With: [Select]
         $default_title = htmlspecialchars($listing->fetch('default-website/@title'));
Operation #5
Find: [Select]
         if (in_array($package['type'], array('title', 'heading', 'text', 'rule')))
            $package['name'] = $thisPackage->fetch('.');
Replace With: [Select]
         if (in_array($package['type'], array('title', 'heading', 'text', 'rule')))
            $package['name'] = htmlspecialchars($thisPackage->fetch('.'));

Operation #6
Find: [Select]
            $package['name'] = $thisPackage->fetch('.');
            $package['link'] = '<a href="' . $package['href'] . '">' . $package['name'] . '</a>';
Replace With: [Select]
            $package['name'] = htmlspecialchars($thisPackage->fetch('.'));
            $package['link'] = '<a href="' . $package['href'] . '">' . $package['name'] . '</a>';

Operation #7
Find: [Select]
            if ($package['description'] == '')
               $package['description'] = $txt['pacman8'];
Replace With: [Select]
            if ($package['description'] == '')
               $package['description'] = $txt['pacman8'];
            else
               $package['description'] = parse_bbc(preg_replace('~\[[/]?html\]~i', '', htmlspecialchars($package['description'])));            

Operation #8
Find: [Select]
            $package['href'] = $url . '/' . $package['filename'];
Replace With: [Select]
            $package['href'] = $url . '/' . $package['filename'];
            $package['name'] = htmlspecialchars($package['name']);

Operation #9
Find: [Select]
                  $package['author']['email'] = $thisPackage->fetch('author/@email');
Replace With: [Select]
                  $package['author']['email'] = htmlspecialchars($thisPackage->fetch('author/@email'));
Operation #10
Find: [Select]
                  $package['author']['name'] = $thisPackage->fetch('author');
Replace With: [Select]
                  $package['author']['name'] = htmlspecialchars($thisPackage->fetch('author'));
Operation #11
Find: [Select]
                  $package['author']['website']['name'] = $thisPackage->fetch('website/@title');
               elseif (isset($default_title))
                  $package['author']['website']['name'] = $default_title;
               elseif ($thisPackage->exists('website'))
                  $package['author']['website']['name'] = $thisPackage->fetch('website');
Replace With: [Select]
                  $package['author']['website']['name'] = htmlspecialchars($thisPackage->fetch('website/@title'));
               elseif (isset($default_title))
                  $package['author']['website']['name'] = $default_title;
               elseif ($thisPackage->exists('website'))
                  $package['author']['website']['name'] = htmlspecialchars($thisPackage->fetch('website'));

./Sources/Post.php

Operation #1
Find: [Select]
* Software Version: SMF 1.1.5 *
Replace With: [Select]
* Software Version: SMF 1.1.9 *
Operation #2
Find: [Select]
               'name' => getAttachmentFilename($name, false, true),
Replace With: [Select]
               'name' => $name,
Operation #3
Find: [Select]

* Copyright 2006-2007 by: Simple Machines LLC (http://www.simplemachines.org) *
Replace With: [Select]

* Copyright 2006-2009 by: Simple Machines LLC (http://www.simplemachines.org) *
This operation isn't vital to the installation of this mod.

Operation #4
Find: [Select]

* Copyright 2006 by: Simple Machines LLC (http://www.simplemachines.org) *
Replace With: [Select]

* Copyright 2006-2009 by: Simple Machines LLC (http://www.simplemachines.org) *
This operation isn't vital to the installation of this mod.

./Sources/Profile.php

Operation #1
Find: [Select]
* Software Version: SMF 1.1.6 *
Replace With: [Select]
* Software Version: SMF 1.1.9 *
Operation #2
Find: [Select]
   // These are the theme changes...
Replace With: [Select]
   $reservedVars = array(
      'actual_theme_url',
      'actual_images_url',
      'base_theme_dir',
      'base_theme_url',
      'default_images_url',
      'default_theme_dir',
      'default_theme_url',
      'default_template',
      'images_url',
      'number_recent_posts',
      'smiley_sets_default',
      'theme_dir',
      'theme_id',
      'theme_layers',
      'theme_templates',
      'theme_url',
   );

   // Can't change reserved vars.
   if ((isset($_POST['options']) && array_intersect(array_keys($_POST['options']), $reservedVars) != array()) || (isset($_POST['default_options']) && array_intersect(array_keys($_POST['default_options']), $reservedVars) != array()))
      fatal_lang_error(1);

   // These are the theme changes...

Operation #3
Find: [Select]
            $extensions = array(
Replace With: [Select]
            // Though not an exhaustive list, better safe than sorry.
            $fp = fopen($_FILES['attachment']['tmp_name'], 'rb');
            if (!$fp)
               fatal_lang_error('smf124');

            // Now try to find an infection.
            while (!feof($fp))
            {
               if (preg_match('~(iframe|\\<\\?php|\\<\\?[\s=]|\\<%[\s=]|html|eval|body|script\W)~', fgets($fp, 4096)) === 1)
               {
                  if (file_exists($uploadDir . '/avatar_tmp_' . $memID))
                     @unlink($uploadDir . '/avatar_tmp_' . $memID);

                  fatal_lang_error('smf124');
               }
            }
            fclose($fp);

            $extensions = array(

Operation #4
Find: [Select]
            if (!rename($_FILES['attachment']['tmp_name'], $uploadDir . '/' . $destName))
               fatal_lang_error('smf124');

            db_query("
               INSERT INTO {$db_prefix}attachments
                  (ID_MEMBER, attachmentType, filename, size, width, height)
               VALUES ($memID, " . (empty($modSettings['custom_avatar_enabled']) ? '0' : '1') . ", '$destName', " . filesize($uploadDir . '/' . $destName) . ", " . (int) $width . ", " . (int) $height . ")", __FILE__, __LINE__);

            // Attempt to chmod it.
            @chmod($uploadDir . '/' . $destName, 0644);
Replace With: [Select]
            $file_hash = empty($modSettings['custom_avatar_enabled']) ? getAttachmentFilename($destName, false, true) : '';

            db_query("
               INSERT INTO {$db_prefix}attachments
                  (ID_MEMBER, attachmentType, filename, file_hash, size, width, height)
               VALUES ($memID, " . (empty($modSettings['custom_avatar_enabled']) ? '0' : '1') . ", '$destName', '" . (empty($file_hash) ? "" : "$file_hash") . "', " . filesize($_FILES['attachment']['tmp_name']) . ", " . (int) $width . ", " . (int) $height . ")", __FILE__, __LINE__);
            $attachID = db_insert_id();

            // Try to move this avatar.
            $destinationPath = $uploadDir . '/' . (empty($file_hash) ? $destName : $attachID . '_' . $file_hash);
            if (!rename($_FILES['attachment']['tmp_name'], $destinationPath))
            {
               // The move failed, get rid of it and die.
               db_query("
                  DELETE FROM {$db_prefix}attachments
                  WHERE ID_ATTACH = $attachID", __FILE__, __LINE__);

               fatal_lang_error('smf124');
            }

            // Attempt to chmod it.
            @chmod($destinationPath, 0644);

Operation #5
Find: [Select]
      $context['activate_message'] = isset($txt['account_activate_method_' . $context['member']['is_activated'] % 10]) ? $txt['account_activate_method_' . $context['member']['is_activated']] : $txt['account_not_activated'];
Replace With: [Select]
      $context['activate_message'] = isset($txt['account_activate_method_' . $context['member']['is_activated'] % 10]) ? $txt['account_activate_method_' . $context['member']['is_activated'] % 10] : $txt['account_not_activated'];
Operation #6
Find: [Select]

* Copyright 2006-2007 by: Simple Machines LLC (http://www.simplemachines.org) *
Replace With: [Select]

* Copyright 2006-2009 by: Simple Machines LLC (http://www.simplemachines.org) *
This operation isn't vital to the installation of this mod.

Operation #7
Find: [Select]

* Copyright 2006 by: Simple Machines LLC (http://www.simplemachines.org) *
Replace With: [Select]

* Copyright 2006-2009 by: Simple Machines LLC (http://www.simplemachines.org) *
This operation isn't vital to the installation of this mod.

./Sources/QueryString.php

Operation #1
Find: [Select]
* Software Version: SMF 1.1.7 *
Replace With: [Select]
* Software Version: SMF 1.1.9 *
Operation #2
Find: [Select]
* Copyright 2006 by: Simple Machines LLC (http://www.simplemachines.org) *
Replace With: [Select]
* Copyright 2006-2009 by: Simple Machines LLC (http://www.simplemachines.org) *
Operation #3
Find: [Select]
   if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']) && !empty($_SERVER['HTTP_CLIENT_IP']) && (preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $_SERVER['HTTP_CLIENT_IP']) == 0 || preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $_SERVER['REMOTE_ADDR']) != 0))
   {
      // We have both forwarded for AND client IP... check the first forwarded for as the block - only switch if it's better that way.
      if (strtok($_SERVER['HTTP_X_FORWARDED_FOR'], '.') != strtok($_SERVER['HTTP_CLIENT_IP'], '.') && '.' . strtok($_SERVER['HTTP_X_FORWARDED_FOR'], '.') == strrchr($_SERVER['HTTP_CLIENT_IP'], '.') && (preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $_SERVER['HTTP_X_FORWARDED_FOR']) == 0 || preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $_SERVER['REMOTE_ADDR']) != 0))
Replace With: [Select]
   if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']) && !empty($_SERVER['HTTP_CLIENT_IP']) && (preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $_SERVER['HTTP_CLIENT_IP']) == 0 || preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $_SERVER['REMOTE_ADDR']) != 0))
   {
      // We have both forwarded for AND client IP... check the first forwarded for as the block - only switch if it's better that way.
      if (strtok($_SERVER['HTTP_X_FORWARDED_FOR'], '.') != strtok($_SERVER['HTTP_CLIENT_IP'], '.') && '.' . strtok($_SERVER['HTTP_X_FORWARDED_FOR'], '.') == strrchr($_SERVER['HTTP_CLIENT_IP'], '.') && (preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $_SERVER['HTTP_X_FORWARDED_FOR']) == 0 || preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $_SERVER['REMOTE_ADDR']) != 0))

Operation #4
Find: [Select]
   if (!empty($_SERVER['HTTP_CLIENT_IP']) && (preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $_SERVER['HTTP_CLIENT_IP']) == 0 || preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $_SERVER['REMOTE_ADDR']) != 0))
Replace With: [Select]
   if (!empty($_SERVER['HTTP_CLIENT_IP']) && (preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $_SERVER['HTTP_CLIENT_IP']) == 0 || preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $_SERVER['REMOTE_ADDR']) != 0))
Operation #5
Find: [Select]
            if (preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $ip) != 0 && preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $_SERVER['REMOTE_ADDR']) == 0)
Replace With: [Select]
            if (preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $ip) != 0 && preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $_SERVER['REMOTE_ADDR']) == 0)
Operation #6
Find: [Select]
      elseif (preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $_SERVER['HTTP_X_FORWARDED_FOR']) == 0 || preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $_SERVER['REMOTE_ADDR']) != 0)
Replace With: [Select]
      elseif (preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $_SERVER['HTTP_X_FORWARDED_FOR']) == 0 || preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $_SERVER['REMOTE_ADDR']) != 0)

./Sources/Security.php

Operation #1
Find: [Select]
* Software Version: SMF 1.1.8 *
Replace With: [Select]
* Software Version: SMF 1.1.9 *
Operation #2
Find: [Select]
   if (isset($_GET['confirm']) && isset($_SESSION['confirm_' . $action]) && md5($_GET['confirm'] . $_SERVER['HTTP_USER_AGENT']) !== $_SESSION['confirm_' . $action])
      return true;
      
   else
   {
      $token = md5(mt_rand() . session_id() . (string) microtime() . $modSettings['rand_seed']);
      $_SESSION['confirm_' . $action] = md5($token, $_SERVER['HTTP_USER_AGENT']);
Replace With: [Select]
   if (isset($_GET['confirm']) && isset($_SESSION['confirm_' . $action]) && md5($_GET['confirm'] . $_SERVER['HTTP_USER_AGENT']) == $_SESSION['confirm_' . $action])
      return true;
      
   else
   {
      $token = md5(mt_rand() . session_id() . (string) microtime() . $modSettings['rand_seed']);
      $_SESSION['confirm_' . $action] = md5($token . $_SERVER['HTTP_USER_AGENT']);

Operation #3
Find: [Select]

* Copyright 2006-2007 by: Simple Machines LLC (http://www.simplemachines.org) *
Replace With: [Select]

* Copyright 2006-2009 by: Simple Machines LLC (http://www.simplemachines.org) *
This operation isn't vital to the installation of this mod.

Operation #4
Find: [Select]

* Copyright 2006 by: Simple Machines LLC (http://www.simplemachines.org) *
Replace With: [Select]

* Copyright 2006-2009 by: Simple Machines LLC (http://www.simplemachines.org) *
This operation isn't vital to the installation of this mod.

./Sources/Subs.php

Operation #1
Find: [Select]
* Software Version: SMF 1.1.6 *
Replace With: [Select]
* Software Version: SMF 1.1.9 *
Operation #2
Find: [Select]
         <div style="white-space: normal;">The administrator doesn\'t want a copyright notice saying this is copyright 2006 - 2007 by <a href="http://www.simplemachines.org/about/copyright.php" target="_blank">Simple Machines LLC</a>, and named <a href="http://www.simplemachines.org/">SMF</a>, so the forum will honor this request and be quiet.</div>';
Replace With: [Select]
         <div style="white-space: normal;">The administrator doesn\'t want a copyright notice saying this is copyright 2006 - 2009 by <a href="http://www.simplemachines.org/about/copyright.php" target="_blank">Simple Machines LLC</a>, and named <a href="http://www.simplemachines.org/">SMF</a>, so the forum will honor this request and be quiet.</div>';
Operation #3
Find: [Select]
// Get an attachment's encrypted filename. If $new is true, won't check for file existence.
function getAttachmentFilename($filename, $attachment_id, $new = false)
Replace With: [Select]
// Get an attachment's encrypted filename. If $new is true, won't check for file existence.
function getAttachmentFilename($filename, $attachment_id, $new = false, $file_hash = '')
{
   global $modSettings, $db_prefix;

   // Just make up a nice hash...
   if ($new)
      return sha1(md5($filename . time()) . mt_rand());

   // Grab the file hash if it wasn't added.
   if ($file_hash === '')
   {
      $request = db_query("
         SELECT file_hash
         FROM {$db_prefix}attachments
         WHERE ID_ATTACH = " . (int) $attachment_id, __FILE__, __LINE__);

      if (mysql_num_rows($request) === 0)
         return false;

      list ($file_hash) = mysql_fetch_row($request);

      mysql_free_result($request);
   }

   // In case of files from the old system, do a legacy call.
   if (empty($file_hash))
      return getLegacyAttachmentFilename($filename, $attachment_id, $new);

   return $modSettings['attachmentUploadDir'] . '/' . $attachment_id . '_' . $file_hash;
}

function getLegacyAttachmentFilename($filename, $attachment_id, $new = false)

Operation #4
Find: [Select]

* Copyright 2006-2007 by: Simple Machines LLC (http://www.simplemachines.org) *
Replace With: [Select]

* Copyright 2006-2009 by: Simple Machines LLC (http://www.simplemachines.org) *
This operation isn't vital to the installation of this mod.

Operation #5
Find: [Select]

* Copyright 2006 by: Simple Machines LLC (http://www.simplemachines.org) *
Replace With: [Select]

* Copyright 2006-2009 by: Simple Machines LLC (http://www.simplemachines.org) *
This operation isn't vital to the installation of this mod.

./Sources/Subs-Graphics.php

Operation #1
Find: [Select]
* Software Version: SMF 1.1.7 *
Replace With: [Select]
* Software Version: SMF 1.1.9 *
Operation #2
Find: [Select]
   db_query("
      INSERT INTO {$db_prefix}attachments
         (ID_MEMBER, attachmentType, filename, size)
      VALUES ($memID, " . (empty($modSettings['custom_avatar_enabled']) ? '0' : '1') . ", '$destName', 1)", __FILE__, __LINE__);
Replace With: [Select]

   $avatar_hash = empty($modSettings['custom_avatar_enabled']) ? getAttachmentFilename($destName, false, true) : '';

   db_query("
      INSERT INTO {$db_prefix}attachments
         (ID_MEMBER, attachmentType, filename, file_hash, size)
      VALUES ($memID, " . (empty($modSettings['custom_avatar_enabled']) ? '0' : '1') . ", '$destName', '" . (empty($avatar_hash) ? "" : "$avatar_hash") . "', 1)", __FILE__, __LINE__);

Operation #3
Find: [Select]
      if (preg_match('~(iframe|\\<\\?php|\\<\\?|\\<%|html|eval|body|script)~', $fileContents) === 1)
      {
         fclose($fp);
Replace With: [Select]
      if (preg_match('~(iframe|\\<\\?php|\\<\\?[\s=]|\\<%[\s=]|html|eval|body|script\W)~', $fileContents) === 1)
      {
         fclose($fp);

Operation #4
Find: [Select]
      $fp2 = fopen($url, 'rb');
      while (!feof($fp2))
         fwrite($fp, fread($fp2, 8192));
      fclose($fp2);
Replace With: [Select]
      $fp2 = fopen($url, 'rb');
      $prev_chunk = '';
      while (!feof($fp2))
      {
         $cur_chunk = fread($fp2, 8192);

         // Make sure nothing odd came through.
         if (preg_match('~(iframe|\\<\\?php|\\<\\?[\s=]|\\<%[\s=]|html|eval|body|script\W)~', $prev_chunk . $cur_chunk) === 1)
         {
            fclose($fp2);
            fclose($fp);
            unlink($destName);
            return false;
         }

         fwrite($fp, $cur_chunk);
         $prev_chunk = $cur_chunk;
      }
      fclose($fp2);

Operation #5
Find: [Select]
      if (rename($destName . '.tmp', $destName))
      {
Replace With: [Select]
      if (rename($destName . '.tmp', empty($avatar_hash) ? $destName : $modSettings['attachmentUploadDir'] . '/' . $attachID . '_' . $avatar_hash))
      {
         $destName = empty($avatar_hash) ? $destName : $modSettings['attachmentUploadDir'] . '/' . $attachID . '_' . $avatar_hash;

Operation #6
Find: [Select]
   $code_image = imagecreate($total_width, $max_height);
Replace With: [Select]
   $code_image = $gd2 ? imagecreatetruecolor($total_width, $max_height) : imagecreate($total_width, $max_height);
Operation #7
Find: [Select]

* Copyright 2006-2007 by: Simple Machines LLC (http://www.simplemachines.org) *
Replace With: [Select]

* Copyright 2006-2009 by: Simple Machines LLC (http://www.simplemachines.org) *
This operation isn't vital to the installation of this mod.

Operation #8
Find: [Select]

* Copyright 2006 by: Simple Machines LLC (http://www.simplemachines.org) *
Replace With: [Select]

* Copyright 2006-2009 by: Simple Machines LLC (http://www.simplemachines.org) *
This operation isn't vital to the installation of this mod.

./Sources/Subs-Members.php

Operation #1
Find: [Select]
* Software Version: SMF 1.1.6 *
Replace With: [Select]
* Software Version: SMF 1.1.9 *
Operation #2
Find: [Select]
   // Some of these might be overwritten. (the lower ones that are in the arrays below.)
Replace With: [Select]
   $reservedVars = array(
      'actual_theme_url',
      'actual_images_url',
      'base_theme_dir',
      'base_theme_url',
      'default_images_url',
      'default_theme_dir',
      'default_theme_url',
      'default_template',
      'images_url',
      'number_recent_posts',
      'smiley_sets_default',
      'theme_dir',
      'theme_id',
      'theme_layers',
      'theme_templates',
      'theme_url',
   );

   // Can't change reserved vars.
   if (isset($regOptions['theme_vars']) && array_intersect(array_keys($regOptions['theme_vars']), $reservedVars) != array())
      fatal_lang_error('theme3');

   // Some of these might be overwritten. (the lower ones that are in the arrays below.)

Operation #3
Find: [Select]

* Copyright 2006-2007 by: Simple Machines LLC (http://www.simplemachines.org) *
Replace With: [Select]

* Copyright 2006-2009 by: Simple Machines LLC (http://www.simplemachines.org) *
This operation isn't vital to the installation of this mod.

Operation #4
Find: [Select]

* Copyright 2006 by: Simple Machines LLC (http://www.simplemachines.org) *
Replace With: [Select]

* Copyright 2006-2009 by: Simple Machines LLC (http://www.simplemachines.org) *
This operation isn't vital to the installation of this mod.

./Sources/Subs-Post.php

Operation #1
Find: [Select]
* Software Version: SMF 1.1.8 *
Replace With: [Select]
* Software Version: SMF 1.1.9 *
Operation #2
Find: [Select]
         $parts[$i] = preg_replace('~\[([/]?)(list|li|table|tr|td)([^\]]*)\]~ie', '\'[$1\' . strtolower(\'$2\') . \'$3]\'', $parts[$i]);
Replace With: [Select]
         $parts[$i] = preg_replace('~\[([/]?)(list|li|table|tr|td)((\s[^\]]+)*)\]~ie', '\'[$1\' . strtolower(\'$2\') . \'$3]\'', $parts[$i]);
Operation #3
Find: [Select]
   // Change breaks back to \n's.
   return preg_replace('~<br( /)?' . '>~', "\n", implode('', $parts));
Replace With: [Select]
   // Change breaks back to \n's and &nsbp; back to spaces.
   return preg_replace('~<br( /)?' . '>~', "\n", str_replace('&nbsp;', ' ', implode('', $parts)));

Operation #4
Find: [Select]
   // Remove special foreign characters from the filename.
   if (empty($modSettings['attachmentEncryptFilenames']))
      $attachmentOptions['name'] = getAttachmentFilename($attachmentOptions['name'], false, true);
Replace With: [Select]
   // Get the hash if no hash has been given yet.
   if (empty($attachmentOptions['file_hash']))
      $attachmentOptions['file_hash'] = getAttachmentFilename($attachmentOptions['name'], false, true);

Operation #5
Find: [Select]
         (ID_MSG, filename, size, width, height)
      VALUES (" . (int) $attachmentOptions['post'] . ", SUBSTRING('" . $attachmentOptions['name'] . "', 1, 255), " . (int) $attachmentOptions['size'] . ', ' . (empty($attachmentOptions['width']) ? '0' : (int) $attachmentOptions['width']) . ', ' . (empty($attachmentOptions['height']) ? '0' : (int) $attachmentOptions['height']) . ')', __FILE__, __LINE__);
Replace With: [Select]
         (ID_MSG, filename, file_hash, size, width, height)
      VALUES (" . (int) $attachmentOptions['post'] . ", SUBSTRING('" . $attachmentOptions['name'] . "', 1, 255), '$attachmentOptions[file_hash]', " . (int) $attachmentOptions['size'] . ', ' . (empty($attachmentOptions['width']) ? '0' : (int) $attachmentOptions['width']) . ', ' . (empty($attachmentOptions['height']) ? '0' : (int) $attachmentOptions['height']) . ')', __FILE__, __LINE__);

Operation #6
Find: [Select]
   $attachmentOptions['destination'] = $modSettings['attachmentUploadDir'] . '/' . getAttachmentFilename(basename($attachmentOptions['name']), $attachmentOptions['id'], true);
Replace With: [Select]
   $attachmentOptions['destination'] = getAttachmentFilename(basename($attachmentOptions['name']), $attachmentOptions['id'], false, $attachmentOptions['file_hash']);
Operation #7
Find: [Select]
         // To the database we go!
         db_query("
            INSERT INTO {$db_prefix}attachments
               (ID_MSG, attachmentType, filename, size, width, height)
            VALUES (" . (int) $attachmentOptions['post'] . ", 3, SUBSTRING('$thumb_filename', 1, 255), " . (int) $thumb_size . ", " . (int) $thumb_width . ", " . (int) $thumb_height . ")", __FILE__, __LINE__);
Replace With: [Select]
         // To the database we go!
         $thumb_file_hash = getAttachmentFilename($thumb_filename, false, true);
         db_query("
            INSERT INTO {$db_prefix}attachments
               (ID_MSG, attachmentType, filename, file_hash, size, width, height)
            VALUES (" . (int) $attachmentOptions['post'] . ", 3, SUBSTRING('$thumb_filename', 1, 255), '$thumb_file_hash', " . (int) $thumb_size . ", " . (int) $thumb_width . ", " . (int) $thumb_height . ")", __FILE__, __LINE__);

Operation #8
Find: [Select]
            rename($attachmentOptions['destination'] . '_thumb', $modSettings['attachmentUploadDir'] . '/' . getAttachmentFilename($thumb_filename, $attachmentOptions['thumb'], true));
Replace With: [Select]
            rename($attachmentOptions['destination'] . '_thumb', getAttachmentFilename($thumb_filename, $attachmentOptions['thumb'], false, $thumb_file_hash));
Operation #9
Find: [Select]

* Copyright 2006-2007 by: Simple Machines LLC (http://www.simplemachines.org) *
Replace With: [Select]

* Copyright 2006-2009 by: Simple Machines LLC (http://www.simplemachines.org) *
This operation isn't vital to the installation of this mod.

Operation #10
Find: [Select]

* Copyright 2006 by: Simple Machines LLC (http://www.simplemachines.org) *
Replace With: [Select]

* Copyright 2006-2009 by: Simple Machines LLC (http://www.simplemachines.org) *
This operation isn't vital to the installation of this mod.

./Themes/default/ManageAttachments.template.php

Operation #1
Find: [Select]
// Version: 1.1; ManageAttachments
Replace With: [Select]
// Version: 1.1.9; ManageAttachments
Operation #2
Find: [Select]
         <td><input type="text" name="attachmentExtensions" id="attachmentExtensions" value="', $modSettings['attachmentExtensions'], '" size="40" /></td>
      </tr><tr class="windowbg2">
         <td width="50%" align="right"><label for="attachmentEncryptFilenames">', $txt['attachmentEncryptFilenames'], ' <a href="', $scripturl, '?action=helpadmin;help=attachmentEncryptFilenames" onclick="return reqWin(this.href);" class="help">(?)</a>:</label></td>
         <td><input type="checkbox" name="attachmentEncryptFilenames" id="attachmentEncryptFilenames" value="1" class="check"', empty($modSettings['attachmentEncryptFilenames']) ? '' : ' checked="checked"', ' /></td>
Replace With: [Select]
         <td><input type="text" name="attachmentExtensions" id="attachmentExtensions" value="', $modSettings['attachmentExtensions'], '" size="40" /></td>

./Themes/default/Recent.template.php

Operation #1
Find: [Select]
// Version: 1.1.5; Recent
Replace With: [Select]
// Version: 1.1.9; Recent
Operation #2
Find: [Select]
         $button_set['delete'] = array('text' => 31, 'image' => 'delete.gif', 'lang' => true, 'custom' => 'onclick="return confirm(\'' . $txt[154] . '?\');"', 'url' => $scripturl . '?action=deletemsg2;msg=' . $post['id'] . ';topic=' . $post['topic'] . ';recent;sesc=' . $context['session_id']);
Replace With: [Select]
         $button_set['delete'] = array('text' => 31, 'image' => 'delete.gif', 'lang' => true, 'custom' => 'onclick="return confirm(\'' . $txt[154] . '?\');"', 'url' => $scripturl . '?action=deletemsg;msg=' . $post['id'] . ';topic=' . $post['topic'] . ';recent;sesc=' . $context['session_id']);

./Themes/babylon/Recent.template.php

Operation #1
Find: [Select]

// Version: 1.1; Recent
Replace With: [Select]

// Version: 1.1.9; Recent
This operation isn't vital to the installation of this mod.

Operation #2
Find: [Select]

                        <a href="', $scripturl, '?action=recent;delete=', $post['id'], ';sesc=', $context['session_id'], '" onclick="return confirm(\'', $txt[154], '?\');">', ($settings['use_image_buttons'] ? '<img src="' . $settings['images_url'] . '/' . $context['user']['language'] . '/delete.gif" alt="' . $txt[121] . '" border="0" />' : $txt[31]), '</a>';
Replace With: [Select]

                        <a href="', $scripturl, '?action=deletemsg;msg=', $post['id'], ';topic=', $post['topic'], ';recent;sesc=', $context['session_id'], '" onclick="return confirm(\'', $txt[154], '?\');">', ($settings['use_image_buttons'] ? '<img src="' . $settings['images_url'] . '/' . $context['user']['language'] . '/delete.gif" alt="' . $txt[121] . '" border="0" />' : $txt[31]), '</a>';
This operation isn't vital to the installation of this mod.

./Themes/classic/Recent.template.php

Operation #1
Find: [Select]

// Version: 1.1; Recent
Replace With: [Select]

// Version: 1.1.9; Recent
This operation isn't vital to the installation of this mod.

Operation #2
Find: [Select]

                        <a href="', $scripturl, '?action=recent;delete=', $post['id'], ';sesc=', $context['session_id'], '" onclick="return confirm(\'', $txt[154], '?\');">', $settings['use_image_buttons'] ? '<img src="' . $settings['images_url'] . '/' . $context['user']['language'] . '/delete.gif" alt="' . $txt[121] . '" border="0" />' : $txt[31], '</a>';
Replace With: [Select]

                        <a href="', $scripturl, '?action=deletemsg;msg=', $post['id'], ';topic=', $post['topic'], ';recent;sesc=', $context['session_id'], '" onclick="return confirm(\'', $txt[154], '?\');">', $settings['use_image_buttons'] ? '<img src="' . $settings['images_url'] . '/' . $context['user']['language'] . '/delete.gif" alt="' . $txt[121] . '" border="0" />' : $txt[31], '</a>';
This operation isn't vital to the installation of this mod.

./Themes/default/languages/index.english.php

Operation #1
Find: [Select]

// Version: 1.1.5; index
Replace With: [Select]

// Version: 1.1.9; index
This operation isn't vital to the installation of this mod.

Operation #2
Find: [Select]

$forum_copyright = '<a href="http://www.simplemachines.org/" title="Simple Machines Forum" target="_blank">Powered by ' . $forum_version . '</a> |
<a href="http://www.simplemachines.org/about/copyright.php" title="Free Forum Software" target="_blank">SMF &copy; 2006-2008, Simple Machines LLC</a>';
Replace With: [Select]

$forum_copyright = '<a href="http://www.simplemachines.org/" title="Simple Machines Forum" target="_blank">Powered by ' . $forum_version . '</a> |
<a href="http://www.simplemachines.org/about/copyright.php" title="Free Forum Software" target="_blank">SMF &copy; 2006-2009, Simple Machines LLC</a>';
This operation isn't vital to the installation of this mod.

./attachments/.htaccess

Operation #1
Find: [Select]

</Files>
Replace With: [Select]

</Files>
RemoveHandler .php .php3 .phtml .cgi .fcgi .pl .fpl .shtml
This operation isn't vital to the installation of this mod.

Code

updateDatabase.php