Advertisement:

Navigation

Readme

This patch file will update your forum to SMF 2.0 RC1-1.

File Edits

./index.php

Operation #1
Find: [Select]
* =============================================================================== * * Software Version: SMF 2.0 RC1 *
Replace With: [Select]
* =============================================================================== * * Software Version: SMF 2.0 RC1-1 *
Operation #2
Find: [Select]
$forum_version = 'SMF 2.0 RC1';
Replace With: [Select]
$forum_version = 'SMF 2.0 RC1-1';
Operation #3
Find: [Select]
// If guest access is off, a guest can only do one of the very few following actions. elseif (empty($modSettings['allow_guestAccess']) && $user_info['is_guest'] && (!isset($_REQUEST['action']) || !in_array($_REQUEST['action'], array('coppa', 'login', 'login2', 'register', 'register2', 'reminder', 'activate', 'help', 'smstats', '.xml', 'mailq', 'verificationcode', 'openidreturn',))))
Replace With: [Select]
// If guest access is off, a guest can only do one of the very few following actions. elseif (empty($modSettings['allow_guestAccess']) && $user_info['is_guest'] && (!isset($_REQUEST['action']) || !in_array($_REQUEST['action'], array('coppa', 'login', 'login2', 'register', 'register2', 'reminder', 'activate', 'help', 'smstats', 'mailq', 'verificationcode', 'openidreturn',))))

./Sources/Display.php

Operation #1
Find: [Select]
* =============================================================================== * * Software Version: SMF 2.0 RC1 *
Replace With: [Select]
* =============================================================================== * * Software Version: SMF 2.0 RC1-1 *
Operation #2
Find: [Select]
SELECT a.id_attach, a.id_folder, a.id_msg, a.filename, IFNULL(a.size, 0) AS filesize, a.downloads, a.approved,
Replace With: [Select]
SELECT a.id_attach, a.id_folder, a.id_msg, a.filename, a.file_hash, IFNULL(a.size, 0) AS filesize, a.downloads, a.approved,
Operation #3
Find: [Select]
$request = $smcFunc['db_query']('', ' SELECT id_folder, filename, fileext, id_attach, attachment_type, mime_type, approved
Replace With: [Select]
$request = $smcFunc['db_query']('', ' SELECT id_folder, filename, file_hash, fileext, id_attach, attachment_type, mime_type, approved
Operation #4
Find: [Select]
$request = $smcFunc['db_query']('', ' SELECT a.id_folder, a.filename, a.fileext, a.id_attach, a.attachment_type, a.mime_type, a.approved
Replace With: [Select]
$request = $smcFunc['db_query']('', ' SELECT a.id_folder, a.filename, a.file_hash, a.fileext, a.id_attach, a.attachment_type, a.mime_type, a.approved
Operation #5
Find: [Select]
fatal_lang_error('no_access', false); list ($id_folder, $real_filename, $file_ext, $id_attach, $attachment_type, $mime_type, $is_approved) = $smcFunc['db_fetch_row']($request);
Replace With: [Select]
fatal_lang_error('no_access', false); list ($id_folder, $real_filename, $file_hash, $file_ext, $id_attach, $attachment_type, $mime_type, $is_approved) = $smcFunc['db_fetch_row']($request);
Operation #6
Find: [Select]
$filename = getAttachmentFilename($real_filename, $_REQUEST['attach'], $id_folder);
Replace With: [Select]
$filename = getAttachmentFilename($real_filename, $_REQUEST['attach'], $id_folder, false, $file_hash);
Operation #7
Find: [Select]
// Does this have a mime type? if ($mime_type && (isset($_REQUEST['image']) || !in_array($file_ext, array('jpg', 'gif', 'jpeg', 'bmp', 'png', 'psd', 'tiff', 'iff')))) header('Content-Type: ' . $mime_type);
Replace With: [Select]
// IE 6 just doesn't play nice. As dirty as this seems, it works. if ($context['browser']['is_ie6'] && isset($_REQUEST['image'])) unset($_REQUEST['image']); // Does this have a mime type? elseif ($mime_type && (isset($_REQUEST['image']) || !in_array($file_ext, array('jpg', 'gif', 'jpeg', 'x-ms-bmp', 'png', 'psd', 'tiff', 'iff')))) header('Content-Type: ' . strtr($mime_type, array('image/bmp' => 'image/x-ms-bmp')));
Operation #8
Find: [Select]
// Add this beauty to the database. $smcFunc['db_insert']('',
Replace With: [Select]
$thumb_hash = getAttachmentFilename($thumb_filename, false, null, true); // Add this beauty to the database. $smcFunc['db_insert']('',
Operation #9
Find: [Select]
array('id_folder' => 'int', 'id_msg' => 'int', 'attachment_type' => 'int', 'filename' => 'string', 'size' => 'int', 'width' => 'int', 'height' => 'int'), array($id_folder_thumb, $id_msg, 3, $thumb_filename, (int) $thumb_size, (int) $attachment['thumb_width'], (int) $attachment['thumb_height']),
Replace With: [Select]
// Does this have a mime type? array('id_folder' => 'int', 'id_msg' => 'int', 'attachment_type' => 'int', 'filename' => 'string', 'file_hash' => 'string', 'size' => 'int', 'width' => 'int', 'height' => 'int'), array($id_folder_thumb, $id_msg, 3, $thumb_filename, $thumb_hash, (int) $thumb_size, (int) $attachment['thumb_width'], (int) $attachment['thumb_height']),
Operation #10
Find: [Select]
$thumb_realname = getAttachmentFilename($thumb_filename, $attachment['id_thumb'], $id_folder_thumb, true); rename($filename . '_thumb', $path . '/' . $thumb_realname);
Replace With: [Select]
// Does this have a mime type? $thumb_realname = getAttachmentFilename($thumb_filename, $attachment['id_thumb'], $id_folder_thumb, false, $thumb_hash); rename($filename . '_thumb', $thumb_realname);

./Sources/Load.php

Operation #1
Find: [Select]
* =============================================================================== * * Software Version: SMF 2.0 RC1 *
Replace With: [Select]
* =============================================================================== * * Software Version: SMF 2.0 RC1-1 *
Operation #2
Find: [Select]
// If this is the theme_dir of the default theme, store it.
Replace With: [Select]
// There are just things we shouldn't be able to change as members. if ($row['id_member'] != 0 && in_array($row['variable'], array('actual_theme_url', 'actual_images_url', 'base_theme_dir', 'base_theme_url', 'default_images_url', 'default_theme_dir', 'default_theme_url', 'default_template', 'images_url', 'number_recent_posts', 'smiley_sets_default', 'theme_dir', 'theme_id', 'theme_layers', 'theme_templates', 'theme_url'))) continue; // If this is the theme_dir of the default theme, store it.

./Sources/ManageAttachments.php

Operation #1
Find: [Select]
* =============================================================================== * * Software Version: SMF 2.0 RC1 *
Replace With: [Select]
* =============================================================================== * * Software Version: SMF 2.0 RC1-1 *
Operation #2
Find: [Select]
array('text', 'attachmentExtensions', 40), array('check', 'attachmentEncryptFilenames'),
Replace With: [Select]
array('text', 'attachmentExtensions', 40),
Operation #3
Find: [Select]
{string:blank_text} AS id_msg, IFNULL(mem.real_name, {string:not_applicable_text}) AS poster_name, mem.last_login AS poster_time, 0 AS id_topic, a.id_member, a.id_attach, a.filename, a.attachment_type,
Replace With: [Select]
{string:blank_text} AS id_msg, IFNULL(mem.real_name, {string:not_applicable_text}) AS poster_name, mem.last_login AS poster_time, 0 AS id_topic, a.id_member, a.id_attach, a.filename, a.file_hash, a.attachment_type,
Operation #4
Find: [Select]
m.id_msg, IFNULL(mem.real_name, m.poster_name) AS poster_name, m.poster_time, m.id_topic, m.id_member, a.id_attach, a.filename, a.attachment_type, a.size, a.width, a.height, a.downloads, mf.subject, t.id_board
Replace With: [Select]
m.id_msg, IFNULL(mem.real_name, m.poster_name) AS poster_name, m.poster_time, m.id_topic, m.id_member, a.id_attach, a.filename, a.file_hash, a.attachment_type, a.size, a.width, a.height, a.downloads, mf.subject, t.id_board
Operation #5
Find: [Select]
$request = $smcFunc['db_query']('', ' SELECT id_attach, id_folder, id_member, filename
Replace With: [Select]
$request = $smcFunc['db_query']('', ' SELECT id_attach, id_folder, id_member, filename, file_hash
Operation #6
Find: [Select]
while ($row = $smcFunc['db_fetch_assoc']($request)) { $filename = getAttachmentFilename($row['filename'], $row['id_attach'], $row['id_folder']);
Replace With: [Select]
while ($row = $smcFunc['db_fetch_assoc']($request)) { $filename = getAttachmentFilename($row['filename'], $row['id_attach'], $row['id_folder'], false, $row['file_hash']);
Operation #7
Find: [Select]
a.id_folder, a.filename, a.attachment_type, a.id_attach, a.id_member' . ($query_type == 'messages' ? ', m.id_msg' : ', a.id_msg') . ', thumb.id_folder AS thumb_folder, IFNULL(thumb.id_attach, 0) AS id_thumb, thumb.filename AS thumb_filename, thumb_parent.id_attach AS id_parent
Replace With: [Select]
a.id_folder, a.filename, a.file_hash, a.attachment_type, a.id_attach, a.id_member' . ($query_type == 'messages' ? ', m.id_msg' : ', a.id_msg') . ', thumb.id_folder AS thumb_folder, IFNULL(thumb.id_attach, 0) AS id_thumb, thumb.filename AS thumb_filename, thumb.file_hash as thumb_file_hash, thumb_parent.id_attach AS id_parent
Operation #8
Find: [Select]
else { $filename = getAttachmentFilename($row['filename'], $row['id_attach'], $row['id_folder']);
Replace With: [Select]
else { $filename = getAttachmentFilename($row['filename'], $row['id_attach'], $row['id_folder'], false, $row['file_hash']);
Operation #9
Find: [Select]
if (!empty($row['id_thumb']) && $autoThumbRemoval) { $thumb_filename = getAttachmentFilename($row['thumb_filename'], $row['id_thumb'], $row['thumb_folder']);
Replace With: [Select]
if (!empty($row['id_thumb']) && $autoThumbRemoval) { $thumb_filename = getAttachmentFilename($row['thumb_filename'], $row['id_thumb'], $row['thumb_folder'], false, $row['file_hash']);
Operation #10
Find: [Select]
$result = $smcFunc['db_query']('', ' SELECT thumb.id_attach, thumb.id_folder, thumb.filename
Replace With: [Select]
$result = $smcFunc['db_query']('', ' SELECT thumb.id_attach, thumb.id_folder, thumb.filename, thumb.file_hash
Operation #11
Find: [Select]
if ($fix_errors && in_array('missing_thumbnail_parent', $to_fix)) { $filename = getAttachmentFilename($row['filename'], $row['id_attach'], $row['id_folder']);
Replace With: [Select]
if ($fix_errors && in_array('missing_thumbnail_parent', $to_fix)) { $filename = getAttachmentFilename($row['filename'], $row['id_attach'], $row['id_folder'], false, $row['file_hash']);
Operation #12
Find: [Select]
$result = $smcFunc['db_query']('', ' SELECT id_attach, id_folder, filename, size, attachment_type
Replace With: [Select]
$result = $smcFunc['db_query']('', ' SELECT id_attach, id_folder, filename, file_hash, size, attachment_type
Operation #13
Find: [Select]
else $filename = getAttachmentFilename($row['filename'], $row['id_attach'], $row['id_folder']);
Replace With: [Select]
else $filename = getAttachmentFilename($row['filename'], $row['id_attach'], $row['id_folder'], false, $row['file_hash']);
Operation #14
Find: [Select]
// Get the attachment name with out the folder. $attachment_name = getAttachmentFilename($row['filename'], $row['id_attach'], null, true);
Replace With: [Select]
// Get the attachment name with out the folder. $attachment_name = !empty($row['file_hash']) ? $row['id_attach'] . '_' . $row['file_hash'] : getLegacyAttachmentFilename($row['filename'], $row['id_attach'], null, true);
Operation #15
Find: [Select]
$result = $smcFunc['db_query']('', ' SELECT a.id_attach, a.id_folder, a.filename, a.attachment_type FROM {db_prefix}attachments AS a
Replace With: [Select]
$result = $smcFunc['db_query']('', ' SELECT a.id_attach, a.id_folder, a.filename, a.file_hash, a.attachment_type FROM {db_prefix}attachments AS a
Operation #16
Find: [Select]
else $filename = getAttachmentFilename($row['filename'], $row['id_attach'], $row['id_folder']);
Replace With: [Select]
else $filename = getAttachmentFilename($row['filename'], $row['id_attach'], $row['id_folder'], false, $row['file_hash']);
Operation #17
Find: [Select]
$result = $smcFunc['db_query']('', ' SELECT a.id_attach, a.id_folder, a.filename FROM {db_prefix}attachments AS a
Replace With: [Select]
$result = $smcFunc['db_query']('', ' SELECT a.id_attach, a.id_folder, a.filename, a.file_hash FROM {db_prefix}attachments AS a
Operation #18
Find: [Select]
if ($fix_errors && in_array('attachment_no_msg', $to_fix)) { $filename = getAttachmentFilename($row['filename'], $row['id_attach'], $row['id_folder']);
Replace With: [Select]
if ($fix_errors && in_array('attachment_no_msg', $to_fix)) { $filename = getAttachmentFilename($row['filename'], $row['id_attach'], $row['id_folder'], false, $row['file_hash']);

./Sources/PackageGet.php

Operation #1
Find: [Select]
* =============================================================================== * * Software Version: SMF 2.0 RC1 *
Replace With: [Select]
* =============================================================================== * * Software Version: SMF 2.0 RC1-1 *
Operation #2
Find: [Select]
$context['page_title'] = $txt['smf183']; $context['confirm_message'] = sprintf($txt['package_confirm_view_package_content'], htmlspecialchars($_GET['absolute'])); $context['proceed_href'] = $scripturl . '?action=packageget;sa=browse;absolute=' . urlencode($_GET['absolute']) . ';confirm=' . $token;
Replace With: [Select]
$context['page_title'] = $txt['package_servers']; $context['confirm_message'] = sprintf($txt['package_confirm_view_package_content'], htmlspecialchars($_GET['absolute'])); $context['proceed_href'] = $scripturl . '?action=admin;area=packages;get;sa=browse;absolute=' . urlencode($_GET['absolute']) . ';confirm=' . $token;
Operation #3
Find: [Select]
if ($listing->exists('default-author')) { $default_author = $listing->fetch('default-author');
Replace With: [Select]
if ($listing->exists('default-author')) { $default_author = $smcFunc['htmlspecialchars']($listing->fetch('default-author'));
Operation #4
Find: [Select]
if ($listing->exists('default-website/@title')) $default_title = $listing->fetch('default-website/@title');
Replace With: [Select]
if ($listing->exists('default-website/@title')) $default_title = $smcFunc['htmlspecialchars']($listing->fetch('default-website/@title'));
Operation #5
Find: [Select]
if (in_array($package['type'], array('title', 'text'))) $context['package_list'][$packageSection][$package['type']] = $thisPackage->fetch('.');
Replace With: [Select]
if (in_array($package['type'], array('title', 'text'))) $context['package_list'][$packageSection][$package['type']] = $smcFunc['htmlspecialchars']($thisPackage->fetch('.'));
Operation #6
Find: [Select]
elseif (in_array($package['type'], array('heading', 'rule'))) $package['name'] = $thisPackage->fetch('.');
Replace With: [Select]
elseif (in_array($package['type'], array('heading', 'rule'))) $package['name'] = $smcFunc['htmlspecialchars']($thisPackage->fetch('.'));
Operation #7
Find: [Select]
$package['name'] = $thisPackage->fetch('.');
Replace With: [Select]
$package['name'] = $smcFunc['htmlspecialchars']($thisPackage->fetch('.'));
Operation #8
Find: [Select]
$package['is_installed'] = isset($installed_mods[$package['id']]); $package['is_current'] = $package['is_installed'] && ($installed_mods[$package['id']] == $package['version']);
Replace With: [Select]
else $package['description'] = parse_bbc(preg_replace('~\[[/]?html\]~i', '', $smcFunc['htmlspecialchars']($package['description']))); $package['is_installed'] = isset($installed_mods[$package['id']]); $package['is_current'] = $package['is_installed'] && ($installed_mods[$package['id']] == $package['version']);
Operation #9
Find: [Select]
$package['link'] = '<a href="' . $package['href'] . '">' . $package['name'] . '</a>'; $package['download']['href'] = $scripturl . '?action=admin;area=packages;get;sa=download' . $server_att . ';package=' . $current_url . $package['filename'] . ($package['download_conflict'] ? ';conflict' : '') . ';' . $context['session_var'] . '=' . $context['session_id']; $package['download']['link'] = '<a href="' . $package['download']['href'] . '">' . $package['name'] . '</a>';
Replace With: [Select]
$package['name'] = $smcFunc['htmlspecialchars']($package['name']); $package['link'] = '<a href="' . $package['href'] . '">' . $package['name'] . '</a>'; $package['download']['href'] = $scripturl . '?action=admin;area=packages;get;sa=download' . $server_att . ';package=' . $current_url . $package['filename'] . ($package['download_conflict'] ? ';conflict' : '') . ';' . $context['session_var'] . '=' . $context['session_id']; $package['download']['link'] = '<a href="' . $package['download']['href'] . '">' . $package['name'] . '</a>';
Operation #10
Find: [Select]
if ($thisPackage->exists('author') && $thisPackage->fetch('author') != '') $package['author']['name'] = $thisPackage->fetch('author');
Replace With: [Select]
if ($thisPackage->exists('author') && $thisPackage->fetch('author') != '') $package['author']['name'] = $smcFunc['htmlspecialchars']($thisPackage->fetch('author'));
Operation #11
Find: [Select]
if ($thisPackage->exists('website') && $thisPackage->exists('website/@title')) $package['author']['website']['name'] = $thisPackage->fetch('website/@title');
Replace With: [Select]
if ($thisPackage->exists('website') && $thisPackage->exists('website/@title')) $package['author']['website']['name'] = $smcFunc['htmlspecialchars']($thisPackage->fetch('website/@title'));
Operation #12
Find: [Select]
elseif ($thisPackage->exists('website')) $package['author']['website']['name'] = $thisPackage->fetch('website');
Replace With: [Select]
elseif ($thisPackage->exists('website')) $package['author']['website']['name'] = $smcFunc['htmlspecialchars']($thisPackage->fetch('website'));

./Sources/Post.php

Operation #1
Find: [Select]
* =============================================================================== * * Software Version: SMF 2.0 RC1 *
Replace With: [Select]
* =============================================================================== * * Software Version: SMF 2.0 RC1-1 *
Operation #2
Find: [Select]
$context['current_attachments'][] = array( 'name' => getAttachmentFilename($name, false, null, true),
Replace With: [Select]
$context['current_attachments'][] = array( 'name' => $name,

./Sources/Profile-Modify.php

Operation #1
Find: [Select]
* =============================================================================== * * Software Version: SMF 2.0 RC1 *
Replace With: [Select]
* =============================================================================== * * Software Version: SMF 2.0 RC1-1 *
Operation #2
Find: [Select]
// Don't allow any overriding of custom fields with default or non-default options.
Replace With: [Select]
$reservedVars = array( 'actual_theme_url', 'actual_images_url', 'base_theme_dir', 'base_theme_url', 'default_images_url', 'default_theme_dir', 'default_theme_url', 'default_template', 'images_url', 'number_recent_posts', 'smiley_sets_default', 'theme_dir', 'theme_id', 'theme_layers', 'theme_templates', 'theme_url', ); // Can't change reserved vars. if ((isset($_POST['options']) && array_intersect($_POST['options'], $reservedVars) != array()) || (isset($_POST['default_options']) && array_intersect($_POST['default_options'], $reservedVars) != array())) fatal_lang_error('no_access'); // Don't allow any overriding of custom fields with default or non-default options.
Operation #3
Find: [Select]
$extensions = array( '1' => 'gif', '2' => 'jpg',
Replace With: [Select]
// Though not an exhaustive list, better safe than sorry. $fp = fopen($_FILES['attachment']['tmp_name'], 'rb'); if (!$fp) fatal_lang_error('attach_timeout'); // Now try to find an infection. while (!feof($fp)) { if (preg_match('~(iframe|\\<\\?php|\\<\\?[\s=]|\\<%[\s=]|html|eval|body|script\W)~', fgets($fp, 4096)) === 1) { if (file_exists($uploadDir . '/avatar_tmp_' . $memID)) @unlink($uploadDir . '/avatar_tmp_' . $memID); fatal_lang_error('attach_timeout'); } } fclose($fp); $extensions = array( '1' => 'gif', '2' => 'jpg',
Operation #4
Find: [Select]
$mime_type = 'image/' . ($extension == 'jpg' ? 'jpeg' : $extension); $destName = 'avatar_' . $memID . '.' . $extension;
Replace With: [Select]
$mime_type = 'image/' . ($extension === 'jpg' ? 'jpeg' : ($extension === 'bmp' ? 'x-ms-bmp' : $extension)); $destName = 'avatar_' . $memID . '_' . time() . '.' . $extension;
Operation #5
Find: [Select]
// Remove previous attachments this member might have had. removeAttachments(array('id_member' => $memID)); if (!rename($_FILES['attachment']['tmp_name'], $uploadDir . '/' . $destName)) fatal_lang_error('attach_timeout', 'critical');
Replace With: [Select]
$file_hash = empty($modSettings['custom_avatar_enabled']) ? getAttachmentFilename($destName, false, null, true) : ''; // Remove previous attachments this member might have had. removeAttachments(array('id_member' => $memID));
Operation #6
Find: [Select]
array( 'id_member' => 'int', 'attachment_type' => 'int', 'filename' => 'string', 'fileext' => 'string', 'size' => 'int',
Replace With: [Select]
array( 'id_member' => 'int', 'attachment_type' => 'int', 'filename' => 'string', 'file_hash' => 'string', 'fileext' => 'string', 'size' => 'int',
Operation #7
Find: [Select]
array( $memID, (empty($modSettings['custom_avatar_enabled']) ? 0 : 1), $destName, $extension, filesize($uploadDir . '/' . $destName),
Replace With: [Select]
array( $memID, (empty($modSettings['custom_avatar_enabled']) ? 0 : 1), $destName, $file_hash, $extension, filesize($_FILES['attachment']['tmp_name']),
Operation #8
Find: [Select]
// Attempt to chmod it. @chmod($uploadDir . '/' . $destName, 0644); }
Replace With: [Select]
$destinationPath = $uploadDir . '/' . (empty($file_hash) ? $destName : $cur_profile['id_attach'] . '_' . $file_hash); if (!rename($_FILES['attachment']['tmp_name'], $destinationPath)) { removeAttachments(array('id_member' => $memID)); fatal_lang_error('attach_timeout', 'critical'); } // Attempt to chmod it. @chmod($uploadDir . '/' . $destinationPath, 0644); }

./Sources/Profile-View.php

Operation #1
Find: [Select]
* =============================================================================== * * Software Version: SMF 2.0 RC1 *
Replace With: [Select]
* =============================================================================== * * Software Version: SMF 2.0 RC1-1 *
Operation #2
Find: [Select]
// Should we show a custom message? $context['activate_message'] = isset($txt['account_activate_method_' . $context['member']['is_activated'] % 10]) ? $txt['account_activate_method_' . $context['member']['is_activated']] : $txt['account_not_activated'];
Replace With: [Select]
// Should we show a custom message? $context['activate_message'] = isset($txt['account_activate_method_' . $context['member']['is_activated'] % 10]) ? $txt['account_activate_method_' . $context['member']['is_activated'] % 10] : $txt['account_not_activated'];

./Sources/QueryString.php

Operation #1
Find: [Select]
* =============================================================================== * * Software Version: SMF 2.0 RC1 *
Replace With: [Select]
* =============================================================================== * * Software Version: SMF 2.0 RC1-1 *
Operation #2
Find: [Select]
// Find the user's IP address. (but don't let it give you 'unknown'!) if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']) && !empty($_SERVER['HTTP_CLIENT_IP']) && (preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $_SERVER['HTTP_CLIENT_IP']) == 0 || preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $_SERVER['REMOTE_ADDR']) != 0))
Replace With: [Select]
// Find the user's IP address. (but don't let it give you 'unknown'!) if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']) && !empty($_SERVER['HTTP_CLIENT_IP']) && (preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $_SERVER['HTTP_CLIENT_IP']) == 0 || preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $_SERVER['REMOTE_ADDR']) != 0))
Operation #3
Find: [Select]
// We have both forwarded for AND client IP... check the first forwarded for as the block - only switch if it's better that way. if (strtok($_SERVER['HTTP_X_FORWARDED_FOR'], '.') != strtok($_SERVER['HTTP_CLIENT_IP'], '.') && '.' . strtok($_SERVER['HTTP_X_FORWARDED_FOR'], '.') == strrchr($_SERVER['HTTP_CLIENT_IP'], '.') && (preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $_SERVER['HTTP_X_FORWARDED_FOR']) == 0 || preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $_SERVER['REMOTE_ADDR']) != 0))
Replace With: [Select]
// We have both forwarded for AND client IP... check the first forwarded for as the block - only switch if it's better that way. if (strtok($_SERVER['HTTP_X_FORWARDED_FOR'], '.') != strtok($_SERVER['HTTP_CLIENT_IP'], '.') && '.' . strtok($_SERVER['HTTP_X_FORWARDED_FOR'], '.') == strrchr($_SERVER['HTTP_CLIENT_IP'], '.') && (preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $_SERVER['HTTP_X_FORWARDED_FOR']) == 0 || preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $_SERVER['REMOTE_ADDR']) != 0))
Operation #4
Find: [Select]
$_SERVER['BAN_CHECK_IP'] = $_SERVER['HTTP_CLIENT_IP']; } if (!empty($_SERVER['HTTP_CLIENT_IP']) && (preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $_SERVER['HTTP_CLIENT_IP']) == 0 || preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $_SERVER['REMOTE_ADDR']) != 0))
Replace With: [Select]
$_SERVER['BAN_CHECK_IP'] = $_SERVER['HTTP_CLIENT_IP']; } if (!empty($_SERVER['HTTP_CLIENT_IP']) && (preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $_SERVER['HTTP_CLIENT_IP']) == 0 || preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $_SERVER['REMOTE_ADDR']) != 0))
Operation #5
Find: [Select]
// Make sure it's in a valid range... if (preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $ip) != 0 && preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $_SERVER['REMOTE_ADDR']) == 0)
Replace With: [Select]
// Make sure it's in a valid range... if (preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $ip) != 0 && preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $_SERVER['REMOTE_ADDR']) == 0)
Operation #6
Find: [Select]
// Otherwise just use the only one. elseif (preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $_SERVER['HTTP_X_FORWARDED_FOR']) == 0 || preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $_SERVER['REMOTE_ADDR']) != 0)
Replace With: [Select]
// Otherwise just use the only one. elseif (preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $_SERVER['HTTP_X_FORWARDED_FOR']) == 0 || preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $_SERVER['REMOTE_ADDR']) != 0)

./Sources/Security.php

Operation #1
Find: [Select]
* =============================================================================== * * Software Version: SMF 2.0 RC1 *
Replace With: [Select]
* =============================================================================== * * Software Version: SMF 2.0 RC1-1 *
Operation #2
Find: [Select]
if (isset($_GET['confirm']) && isset($_SESSION['confirm_' . $action]) && md5($_GET['confirm'] . $_SERVER['HTTP_USER_AGENT']) !== $_SESSION['confirm_' . $action])
Replace With: [Select]
if (isset($_GET['confirm']) && isset($_SESSION['confirm_' . $action]) && md5($_GET['confirm'] . $_SERVER['HTTP_USER_AGENT']) == $_SESSION['confirm_' . $action])
Operation #3
Find: [Select]
$token = md5(mt_rand() . session_id() . (string) microtime() . $modSettings['rand_seed']); $_SESSION['confirm_' . $action] = md5($token, $_SERVER['HTTP_USER_AGENT']);
Replace With: [Select]
$token = md5(mt_rand() . session_id() . (string) microtime() . $modSettings['rand_seed']); $_SESSION['confirm_' . $action] = md5($token . $_SERVER['HTTP_USER_AGENT']);

./Sources/Subs.php

Operation #1
Find: [Select]
* =============================================================================== * * Software Version: SMF 2.0 RC1 *
Replace With: [Select]
* =============================================================================== * * Software Version: SMF 2.0 RC1-1 *
Operation #2
Find: [Select]
// Get an attachment's encrypted filename. If $new is true, won't check for file existence. function getAttachmentFilename($filename, $attachment_id, $dir = null, $new = false)
Replace With: [Select]
// Get an attachment's encrypted filename. If $new is true, won't check for file existence. function getAttachmentFilename($filename, $attachment_id, $dir = null, $new = false, $file_hash = '') { global $modSettings, $smcFunc; // Just make up a nice hash... if ($new) return sha1(md5($filename . time()) . mt_rand()); // Grab the file hash if it wasn't added. if ($file_hash === '') { $request = $smcFunc['db_query']('', ' SELECT file_hash FROM {db_prefix}attachments WHERE id_attach = {int:id_attach}', array( 'id_attach' => $attachment_id, )); if ($smcFunc['db_num_rows']($request) === 0) return false; list ($file_hash) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); } // In case of files from the old system, do a legacy call. if (empty($file_hash)) return getLegacyAttachmentFilename($filename, $attachment_id, $dir, $new); // Are we using multiple directories? if (!empty($modSettings['currentAttachmentUploadDir'])) { if (!is_array($modSettings['attachmentUploadDir'])) $modSettings['attachmentUploadDir'] = unserialize($modSettings['attachmentUploadDir']); $path = $modSettings['attachmentUploadDir'][$dir]; } else $path = $modSettings['attachmentUploadDir']; return $path . '/' . $attachment_id . '_' . $file_hash; } function getLegacyAttachmentFilename($filename, $attachment_id, $dir = null, $new = false)

./Sources/Subs-Graphics.php

Operation #1
Find: [Select]
* =============================================================================== * * Software Version: SMF 2.0 RC1 *
Replace With: [Select]
* =============================================================================== * * Software Version: SMF 2.0 RC1-1 *
Operation #2
Find: [Select]
$smcFunc['db_insert']('', '{db_prefix}attachments', array( 'id_member' => 'int', 'attachment_type' => 'int', 'filename' => 'string-255', 'fileext' => 'string-8', 'size' => 'int',
Replace With: [Select]
$avatar_hash = empty($modSettings['custom_avatar_enabled']) ? getAttachmentFilename($destName, false, null, true) : ''; $smcFunc['db_insert']('', '{db_prefix}attachments', array( 'id_member' => 'int', 'attachment_type' => 'int', 'filename' => 'string-255', 'file_hash' => 'string-255', 'fileext' => 'string-8', 'size' => 'int',
Operation #3
Find: [Select]
array( $memID, (empty($modSettings['custom_avatar_enabled']) ? 0 : 1), $destName, $ext, 1,
Replace With: [Select]
array( $memID, (empty($modSettings['custom_avatar_enabled']) ? 0 : 1), $destName, $avatar_hash, $ext, 1,
Operation #4
Find: [Select]
if ($fp2 !== false) { while (!feof($fp2)) fwrite($fp, fread($fp2, 8192)); fclose($fp2); }
Replace With: [Select]
if ($fp2 !== false) { $prev_chunk = ''; while (!feof($fp2)) { $cur_chunk = fread($fp2, 8192); // Make sure nothing odd came through. if (preg_match('~(iframe|\\<\\?php|\\<\\?[\s=]|\\<%[\s=]|html|eval|body|script\W)~', $prev_chunk . $cur_chunk) === 1) { fclose($fp2); fclose($fp); unlink($destName); return false; } fwrite($fp, $cur_chunk); $prev_chunk = $cur_chunk; } fclose($fp2); }
Operation #5
Find: [Select]
// Remove the .tmp extension from the attachment. if (rename($destName . '.tmp', $destName)) {
Replace With: [Select]
// Walk the right path. if (!empty($modSettings['currentAttachmentUploadDir'])) { if (!is_array($modSettings['attachmentUploadDir'])) $modSettings['attachmentUploadDir'] = unserialize($modSettings['attachmentUploadDir']); $path = $modSettings['attachmentUploadDir'][$dir]; } else $path = $modSettings['attachmentUploadDir']; // Remove the .tmp extension from the attachment. if (rename($destName . '.tmp', empty($avatar_hash) ? $destName : $path . '/' . $attachID . '_' . $avatar_hash)) { $destName = empty($avatar_hash) ? $destName : $path . '/' . $attachID . '_' . $avatar_hash;

./Sources/Subs-Members.php

Operation #1
Find: [Select]
* =============================================================================== * * Software Version: SMF 2.0 RC1 *
Replace With: [Select]
* =============================================================================== * * Software Version: SMF 2.0 RC1-1 *
Operation #2
Find: [Select]
// Some of these might be overwritten. (the lower ones that are in the arrays below.)
Replace With: [Select]
$reservedVars = array( 'actual_theme_url', 'actual_images_url', 'base_theme_dir', 'base_theme_url', 'default_images_url', 'default_theme_dir', 'default_theme_url', 'default_template', 'images_url', 'number_recent_posts', 'smiley_sets_default', 'theme_dir', 'theme_id', 'theme_layers', 'theme_templates', 'theme_url', ); // Can't change reserved vars. if (isset($regOptions['theme_vars']) && array_intersect($regOptions['theme_vars'], $reservedVars) != array()) fatal_lang_error('no_theme'); // Some of these might be overwritten. (the lower ones that are in the arrays below.)

./Sources/Subs-Post.php

Operation #1
Find: [Select]
* =============================================================================== * * Software Version: SMF 2.0 RC1 *
Replace With: [Select]
* =============================================================================== * * Software Version: SMF 2.0 RC1-1 *
Operation #2
Find: [Select]
// Change breaks back to \n's. return preg_replace('~<br( /)?' . '>~', "\n", implode('', $parts));
Replace With: [Select]
// Change breaks back to \n's. return preg_replace('~<br( /)?' . '>~', "\n", str_replace('&nbsp;', ' ', implode('', $parts)));
Operation #3
Find: [Select]
// Remove special foreign characters from the filename. if (empty($modSettings['attachmentEncryptFilenames'])) $attachmentOptions['name'] = getAttachmentFilename($attachmentOptions['name'], false, $id_folder, true);
Replace With: [Select]
// Get the hash if no hash has been given yet. if (empty($attachmentOptions['file_hash'])) $attachmentOptions['file_hash'] = getAttachmentFilename($attachmentOptions['name'], false, null, true);
Operation #4
Find: [Select]
array( 'id_folder' => 'int', 'id_msg' => 'int', 'filename' => 'string-255', 'fileext' => 'string-8',
Replace With: [Select]
array( 'id_folder' => 'int', 'id_msg' => 'int', 'filename' => 'string-255', 'file_hash' => 'string-40', 'fileext' => 'string-8',
Operation #5
Find: [Select]
array( $id_folder, (int) $attachmentOptions['post'], $attachmentOptions['name'], $attachmentOptions['fileext'],
Replace With: [Select]
array( $id_folder, (int) $attachmentOptions['post'], $attachmentOptions['name'], $attachmentOptions['file_hash'], $attachmentOptions['fileext'],
Operation #6
Find: [Select]
$attachmentOptions['destination'] = $attach_dir . '/' . getAttachmentFilename(basename($attachmentOptions['name']), $attachmentOptions['id'], $id_folder, true);
Replace With: [Select]
$attachmentOptions['destination'] = getAttachmentFilename(basename($attachmentOptions['name']), $attachmentOptions['id'], $id_folder, false, $attachmentOptions['file_hash']);
Operation #7
Find: [Select]
// To the database we go! $smcFunc['db_insert']('',
Replace With: [Select]
$thumb_file_hash = getAttachmentFilename($thumb_filename, false, null, true); // To the database we go! $smcFunc['db_insert']('',
Operation #8
Find: [Select]
array( 'id_folder' => 'int', 'id_msg' => 'int', 'attachment_type' => 'int', 'filename' => 'string-255', 'fileext' => 'string-8',
Replace With: [Select]
array( 'id_folder' => 'int', 'id_msg' => 'int', 'attachment_type' => 'int', 'filename' => 'string-255', 'file_hash' => 'string-40', 'fileext' => 'string-8',
Operation #9
Find: [Select]
array( $id_folder, (int) $attachmentOptions['post'], 3, $thumb_filename, $attachmentOptions['fileext'],
Replace With: [Select]
array( $id_folder, (int) $attachmentOptions['post'], 3, $thumb_filename, $thumb_file_hash, $attachmentOptions['fileext'],
Operation #10
Find: [Select]
rename($attachmentOptions['destination'] . '_thumb', $attach_dir . '/' . getAttachmentFilename($thumb_filename, $attachmentOptions['thumb'], $id_folder, true));
Replace With: [Select]
rename($attachmentOptions['destination'] . '_thumb', getAttachmentFilename($thumb_filename, $attachmentOptions['thumb'], $id_folder, false, $thumb_file_hash));

./attachments/.htaccess

Operation #1
Find: [Select]
</Files>
Replace With: [Select]
</Files> RemoveHandler .php .php3 .phtml .cgi .fcgi .pl .fpl .shtml
This operation isn't vital to the installation of this mod.

Code

updateDatabase.php