Advertisement:

Navigation

Readme

This patch file will update your forum to SMF 2.0 RC1-1.

File Edits

./index.php

Operation #1
Find: [Select]
* =============================================================================== *
* Software Version: SMF 2.0 RC1 *
Replace With: [Select]
* =============================================================================== *
* Software Version: SMF 2.0 RC1-1 *

Operation #2
Find: [Select]

$forum_version = 'SMF 2.0 RC1';
Replace With: [Select]

$forum_version = 'SMF 2.0 RC1-1';

Operation #3
Find: [Select]
// If guest access is off, a guest can only do one of the very few following actions.
elseif (empty($modSettings['allow_guestAccess']) && $user_info['is_guest'] && (!isset($_REQUEST['action']) || !in_array($_REQUEST['action'], array('coppa', 'login', 'login2', 'register', 'register2', 'reminder', 'activate', 'help', 'smstats', '.xml', 'mailq', 'verificationcode', 'openidreturn',))))
Replace With: [Select]
// If guest access is off, a guest can only do one of the very few following actions.
elseif (empty($modSettings['allow_guestAccess']) && $user_info['is_guest'] && (!isset($_REQUEST['action']) || !in_array($_REQUEST['action'], array('coppa', 'login', 'login2', 'register', 'register2', 'reminder', 'activate', 'help', 'smstats', 'mailq', 'verificationcode', 'openidreturn',))))

./Sources/Display.php

Operation #1
Find: [Select]
* =============================================================================== *
* Software Version: SMF 2.0 RC1 *
Replace With: [Select]
* =============================================================================== *
* Software Version: SMF 2.0 RC1-1 *

Operation #2
Find: [Select]
SELECT
a.id_attach, a.id_folder, a.id_msg, a.filename, IFNULL(a.size, 0) AS filesize, a.downloads, a.approved,
Replace With: [Select]
SELECT
a.id_attach, a.id_folder, a.id_msg, a.filename, a.file_hash, IFNULL(a.size, 0) AS filesize, a.downloads, a.approved,

Operation #3
Find: [Select]
$request = $smcFunc['db_query']('', '
SELECT id_folder, filename, fileext, id_attach, attachment_type, mime_type, approved
Replace With: [Select]
$request = $smcFunc['db_query']('', '
SELECT id_folder, filename, file_hash, fileext, id_attach, attachment_type, mime_type, approved

Operation #4
Find: [Select]
$request = $smcFunc['db_query']('', '
SELECT a.id_folder, a.filename, a.fileext, a.id_attach, a.attachment_type, a.mime_type, a.approved
Replace With: [Select]
$request = $smcFunc['db_query']('', '
SELECT a.id_folder, a.filename, a.file_hash, a.fileext, a.id_attach, a.attachment_type, a.mime_type, a.approved

Operation #5
Find: [Select]
fatal_lang_error('no_access', false);
list ($id_folder, $real_filename, $file_ext, $id_attach, $attachment_type, $mime_type, $is_approved) = $smcFunc['db_fetch_row']($request);
Replace With: [Select]
fatal_lang_error('no_access', false);
list ($id_folder, $real_filename, $file_hash, $file_ext, $id_attach, $attachment_type, $mime_type, $is_approved) = $smcFunc['db_fetch_row']($request);

Operation #6
Find: [Select]

$filename = getAttachmentFilename($real_filename, $_REQUEST['attach'], $id_folder);
Replace With: [Select]

$filename = getAttachmentFilename($real_filename, $_REQUEST['attach'], $id_folder, false, $file_hash);

Operation #7
Find: [Select]
// Does this have a mime type?
if ($mime_type && (isset($_REQUEST['image']) || !in_array($file_ext, array('jpg', 'gif', 'jpeg', 'bmp', 'png', 'psd', 'tiff', 'iff'))))
header('Content-Type: ' . $mime_type);
Replace With: [Select]
// IE 6 just doesn't play nice. As dirty as this seems, it works.
if ($context['browser']['is_ie6'] && isset($_REQUEST['image']))
unset($_REQUEST['image']);
// Does this have a mime type?
elseif ($mime_type && (isset($_REQUEST['image']) || !in_array($file_ext, array('jpg', 'gif', 'jpeg', 'x-ms-bmp', 'png', 'psd', 'tiff', 'iff'))))
header('Content-Type: ' . strtr($mime_type, array('image/bmp' => 'image/x-ms-bmp')));

Operation #8
Find: [Select]

// Add this beauty to the database.
$smcFunc['db_insert']('',
Replace With: [Select]
$thumb_hash = getAttachmentFilename($thumb_filename, false, null, true);

// Add this beauty to the database.
$smcFunc['db_insert']('',

Operation #9
Find: [Select]
array('id_folder' => 'int', 'id_msg' => 'int', 'attachment_type' => 'int', 'filename' => 'string', 'size' => 'int', 'width' => 'int', 'height' => 'int'),
array($id_folder_thumb, $id_msg, 3, $thumb_filename, (int) $thumb_size, (int) $attachment['thumb_width'], (int) $attachment['thumb_height']),
Replace With: [Select]
// Does this have a mime type?
array('id_folder' => 'int', 'id_msg' => 'int', 'attachment_type' => 'int', 'filename' => 'string', 'file_hash' => 'string', 'size' => 'int', 'width' => 'int', 'height' => 'int'),
array($id_folder_thumb, $id_msg, 3, $thumb_filename, $thumb_hash, (int) $thumb_size, (int) $attachment['thumb_width'], (int) $attachment['thumb_height']),

Operation #10
Find: [Select]
$thumb_realname = getAttachmentFilename($thumb_filename, $attachment['id_thumb'], $id_folder_thumb, true);
rename($filename . '_thumb', $path . '/' . $thumb_realname);
Replace With: [Select]
// Does this have a mime type?
$thumb_realname = getAttachmentFilename($thumb_filename, $attachment['id_thumb'], $id_folder_thumb, false, $thumb_hash);
rename($filename . '_thumb', $thumb_realname);

./Sources/Load.php

Operation #1
Find: [Select]
* =============================================================================== *
* Software Version: SMF 2.0 RC1 *
Replace With: [Select]
* =============================================================================== *
* Software Version: SMF 2.0 RC1-1 *

Operation #2
Find: [Select]
// If this is the theme_dir of the default theme, store it.
Replace With: [Select]
// There are just things we shouldn't be able to change as members.
if ($row['id_member'] != 0 && in_array($row['variable'], array('actual_theme_url', 'actual_images_url', 'base_theme_dir', 'base_theme_url', 'default_images_url', 'default_theme_dir', 'default_theme_url', 'default_template', 'images_url', 'number_recent_posts', 'smiley_sets_default', 'theme_dir', 'theme_id', 'theme_layers', 'theme_templates', 'theme_url')))
continue;

// If this is the theme_dir of the default theme, store it.

./Sources/ManageAttachments.php

Operation #1
Find: [Select]
* =============================================================================== *
* Software Version: SMF 2.0 RC1 *
Replace With: [Select]
* =============================================================================== *
* Software Version: SMF 2.0 RC1-1 *

Operation #2
Find: [Select]
array('text', 'attachmentExtensions', 40),
array('check', 'attachmentEncryptFilenames'),
Replace With: [Select]
array('text', 'attachmentExtensions', 40),
Operation #3
Find: [Select]
{string:blank_text} AS id_msg, IFNULL(mem.real_name, {string:not_applicable_text}) AS poster_name,
mem.last_login AS poster_time, 0 AS id_topic, a.id_member, a.id_attach, a.filename, a.attachment_type,
Replace With: [Select]
{string:blank_text} AS id_msg, IFNULL(mem.real_name, {string:not_applicable_text}) AS poster_name,
mem.last_login AS poster_time, 0 AS id_topic, a.id_member, a.id_attach, a.filename, a.file_hash, a.attachment_type,

Operation #4
Find: [Select]
m.id_msg, IFNULL(mem.real_name, m.poster_name) AS poster_name, m.poster_time, m.id_topic, m.id_member,
a.id_attach, a.filename, a.attachment_type, a.size, a.width, a.height, a.downloads, mf.subject, t.id_board
Replace With: [Select]
m.id_msg, IFNULL(mem.real_name, m.poster_name) AS poster_name, m.poster_time, m.id_topic, m.id_member,
a.id_attach, a.filename, a.file_hash, a.attachment_type, a.size, a.width, a.height, a.downloads, mf.subject, t.id_board

Operation #5
Find: [Select]
$request = $smcFunc['db_query']('', '
SELECT id_attach, id_folder, id_member, filename
Replace With: [Select]
$request = $smcFunc['db_query']('', '
SELECT id_attach, id_folder, id_member, filename, file_hash

Operation #6
Find: [Select]
while ($row = $smcFunc['db_fetch_assoc']($request))
{
$filename = getAttachmentFilename($row['filename'], $row['id_attach'], $row['id_folder']);
Replace With: [Select]
while ($row = $smcFunc['db_fetch_assoc']($request))
{
$filename = getAttachmentFilename($row['filename'], $row['id_attach'], $row['id_folder'], false, $row['file_hash']);

Operation #7
Find: [Select]
a.id_folder, a.filename, a.attachment_type, a.id_attach, a.id_member' . ($query_type == 'messages' ? ', m.id_msg' : ', a.id_msg') . ',
thumb.id_folder AS thumb_folder, IFNULL(thumb.id_attach, 0) AS id_thumb, thumb.filename AS thumb_filename, thumb_parent.id_attach AS id_parent
Replace With: [Select]
a.id_folder, a.filename, a.file_hash, a.attachment_type, a.id_attach, a.id_member' . ($query_type == 'messages' ? ', m.id_msg' : ', a.id_msg') . ',
thumb.id_folder AS thumb_folder, IFNULL(thumb.id_attach, 0) AS id_thumb, thumb.filename AS thumb_filename, thumb.file_hash as thumb_file_hash, thumb_parent.id_attach AS id_parent

Operation #8
Find: [Select]
else
{
$filename = getAttachmentFilename($row['filename'], $row['id_attach'], $row['id_folder']);
Replace With: [Select]
else
{
$filename = getAttachmentFilename($row['filename'], $row['id_attach'], $row['id_folder'], false, $row['file_hash']);

Operation #9
Find: [Select]
if (!empty($row['id_thumb']) && $autoThumbRemoval)
{
$thumb_filename = getAttachmentFilename($row['thumb_filename'], $row['id_thumb'], $row['thumb_folder']);
Replace With: [Select]
if (!empty($row['id_thumb']) && $autoThumbRemoval)
{
$thumb_filename = getAttachmentFilename($row['thumb_filename'], $row['id_thumb'], $row['thumb_folder'], false, $row['file_hash']);

Operation #10
Find: [Select]
$result = $smcFunc['db_query']('', '
SELECT thumb.id_attach, thumb.id_folder, thumb.filename
Replace With: [Select]
$result = $smcFunc['db_query']('', '
SELECT thumb.id_attach, thumb.id_folder, thumb.filename, thumb.file_hash

Operation #11
Find: [Select]
if ($fix_errors && in_array('missing_thumbnail_parent', $to_fix))
{
$filename = getAttachmentFilename($row['filename'], $row['id_attach'], $row['id_folder']);
Replace With: [Select]
if ($fix_errors && in_array('missing_thumbnail_parent', $to_fix))
{
$filename = getAttachmentFilename($row['filename'], $row['id_attach'], $row['id_folder'], false, $row['file_hash']);

Operation #12
Find: [Select]
$result = $smcFunc['db_query']('', '
SELECT id_attach, id_folder, filename, size, attachment_type
Replace With: [Select]
$result = $smcFunc['db_query']('', '
SELECT id_attach, id_folder, filename, file_hash, size, attachment_type

Operation #13
Find: [Select]
else
$filename = getAttachmentFilename($row['filename'], $row['id_attach'], $row['id_folder']);
Replace With: [Select]
else
$filename = getAttachmentFilename($row['filename'], $row['id_attach'], $row['id_folder'], false, $row['file_hash']);

Operation #14
Find: [Select]
// Get the attachment name with out the folder.
$attachment_name = getAttachmentFilename($row['filename'], $row['id_attach'], null, true);
Replace With: [Select]
// Get the attachment name with out the folder.
$attachment_name = !empty($row['file_hash']) ? $row['id_attach'] . '_' . $row['file_hash'] : getLegacyAttachmentFilename($row['filename'], $row['id_attach'], null, true);

Operation #15
Find: [Select]
$result = $smcFunc['db_query']('', '
SELECT a.id_attach, a.id_folder, a.filename, a.attachment_type
FROM {db_prefix}attachments AS a
Replace With: [Select]
$result = $smcFunc['db_query']('', '
SELECT a.id_attach, a.id_folder, a.filename, a.file_hash, a.attachment_type
FROM {db_prefix}attachments AS a

Operation #16
Find: [Select]
else
$filename = getAttachmentFilename($row['filename'], $row['id_attach'], $row['id_folder']);
Replace With: [Select]
else
$filename = getAttachmentFilename($row['filename'], $row['id_attach'], $row['id_folder'], false, $row['file_hash']);

Operation #17
Find: [Select]
$result = $smcFunc['db_query']('', '
SELECT a.id_attach, a.id_folder, a.filename
FROM {db_prefix}attachments AS a
Replace With: [Select]
$result = $smcFunc['db_query']('', '
SELECT a.id_attach, a.id_folder, a.filename, a.file_hash
FROM {db_prefix}attachments AS a

Operation #18
Find: [Select]
if ($fix_errors && in_array('attachment_no_msg', $to_fix))
{
$filename = getAttachmentFilename($row['filename'], $row['id_attach'], $row['id_folder']);
Replace With: [Select]
if ($fix_errors && in_array('attachment_no_msg', $to_fix))
{
$filename = getAttachmentFilename($row['filename'], $row['id_attach'], $row['id_folder'], false, $row['file_hash']);

./Sources/PackageGet.php

Operation #1
Find: [Select]
* =============================================================================== *
* Software Version: SMF 2.0 RC1 *
Replace With: [Select]
* =============================================================================== *
* Software Version: SMF 2.0 RC1-1 *

Operation #2
Find: [Select]

$context['page_title'] = $txt['smf183'];
$context['confirm_message'] = sprintf($txt['package_confirm_view_package_content'], htmlspecialchars($_GET['absolute']));
$context['proceed_href'] = $scripturl . '?action=packageget;sa=browse;absolute=' . urlencode($_GET['absolute']) . ';confirm=' . $token;
Replace With: [Select]

$context['page_title'] = $txt['package_servers'];
$context['confirm_message'] = sprintf($txt['package_confirm_view_package_content'], htmlspecialchars($_GET['absolute']));
$context['proceed_href'] = $scripturl . '?action=admin;area=packages;get;sa=browse;absolute=' . urlencode($_GET['absolute']) . ';confirm=' . $token;

Operation #3
Find: [Select]
if ($listing->exists('default-author'))
{
$default_author = $listing->fetch('default-author');
Replace With: [Select]
if ($listing->exists('default-author'))
{
$default_author = $smcFunc['htmlspecialchars']($listing->fetch('default-author'));

Operation #4
Find: [Select]
if ($listing->exists('default-website/@title'))
$default_title = $listing->fetch('default-website/@title');
Replace With: [Select]
if ($listing->exists('default-website/@title'))
$default_title = $smcFunc['htmlspecialchars']($listing->fetch('default-website/@title'));

Operation #5
Find: [Select]
if (in_array($package['type'], array('title', 'text')))
$context['package_list'][$packageSection][$package['type']] = $thisPackage->fetch('.');
Replace With: [Select]
if (in_array($package['type'], array('title', 'text')))
$context['package_list'][$packageSection][$package['type']] = $smcFunc['htmlspecialchars']($thisPackage->fetch('.'));

Operation #6
Find: [Select]
elseif (in_array($package['type'], array('heading', 'rule')))
$package['name'] = $thisPackage->fetch('.');
Replace With: [Select]
elseif (in_array($package['type'], array('heading', 'rule')))
$package['name'] = $smcFunc['htmlspecialchars']($thisPackage->fetch('.'));

Operation #7
Find: [Select]

$package['name'] = $thisPackage->fetch('.');
Replace With: [Select]

$package['name'] = $smcFunc['htmlspecialchars']($thisPackage->fetch('.'));

Operation #8
Find: [Select]

$package['is_installed'] = isset($installed_mods[$package['id']]);
$package['is_current'] = $package['is_installed'] && ($installed_mods[$package['id']] == $package['version']);
Replace With: [Select]
else
$package['description'] = parse_bbc(preg_replace('~\[[/]?html\]~i', '', $smcFunc['htmlspecialchars']($package['description'])));

$package['is_installed'] = isset($installed_mods[$package['id']]);
$package['is_current'] = $package['is_installed'] && ($installed_mods[$package['id']] == $package['version']);

Operation #9
Find: [Select]
$package['link'] = '<a href="' . $package['href'] . '">' . $package['name'] . '</a>';
$package['download']['href'] = $scripturl . '?action=admin;area=packages;get;sa=download' . $server_att . ';package=' . $current_url . $package['filename'] . ($package['download_conflict'] ? ';conflict' : '') . ';' . $context['session_var'] . '=' . $context['session_id'];
$package['download']['link'] = '<a href="' . $package['download']['href'] . '">' . $package['name'] . '</a>';
Replace With: [Select]
$package['name'] = $smcFunc['htmlspecialchars']($package['name']);
$package['link'] = '<a href="' . $package['href'] . '">' . $package['name'] . '</a>';
$package['download']['href'] = $scripturl . '?action=admin;area=packages;get;sa=download' . $server_att . ';package=' . $current_url . $package['filename'] . ($package['download_conflict'] ? ';conflict' : '') . ';' . $context['session_var'] . '=' . $context['session_id'];
$package['download']['link'] = '<a href="' . $package['download']['href'] . '">' . $package['name'] . '</a>';

Operation #10
Find: [Select]
if ($thisPackage->exists('author') && $thisPackage->fetch('author') != '')
$package['author']['name'] = $thisPackage->fetch('author');
Replace With: [Select]
if ($thisPackage->exists('author') && $thisPackage->fetch('author') != '')
$package['author']['name'] = $smcFunc['htmlspecialchars']($thisPackage->fetch('author'));

Operation #11
Find: [Select]
if ($thisPackage->exists('website') && $thisPackage->exists('website/@title'))
$package['author']['website']['name'] = $thisPackage->fetch('website/@title');
Replace With: [Select]
if ($thisPackage->exists('website') && $thisPackage->exists('website/@title'))
$package['author']['website']['name'] = $smcFunc['htmlspecialchars']($thisPackage->fetch('website/@title'));

Operation #12
Find: [Select]
elseif ($thisPackage->exists('website'))
$package['author']['website']['name'] = $thisPackage->fetch('website');
Replace With: [Select]
elseif ($thisPackage->exists('website'))
$package['author']['website']['name'] = $smcFunc['htmlspecialchars']($thisPackage->fetch('website'));

./Sources/Post.php

Operation #1
Find: [Select]
* =============================================================================== *
* Software Version: SMF 2.0 RC1 *
Replace With: [Select]
* =============================================================================== *
* Software Version: SMF 2.0 RC1-1 *

Operation #2
Find: [Select]
$context['current_attachments'][] = array(
'name' => getAttachmentFilename($name, false, null, true),
Replace With: [Select]
$context['current_attachments'][] = array(
'name' => $name,

./Sources/Profile-Modify.php

Operation #1
Find: [Select]
* =============================================================================== *
* Software Version: SMF 2.0 RC1 *
Replace With: [Select]
* =============================================================================== *
* Software Version: SMF 2.0 RC1-1 *

Operation #2
Find: [Select]
// Don't allow any overriding of custom fields with default or non-default options.
Replace With: [Select]
$reservedVars = array(
'actual_theme_url',
'actual_images_url',
'base_theme_dir',
'base_theme_url',
'default_images_url',
'default_theme_dir',
'default_theme_url',
'default_template',
'images_url',
'number_recent_posts',
'smiley_sets_default',
'theme_dir',
'theme_id',
'theme_layers',
'theme_templates',
'theme_url',
);

// Can't change reserved vars.
if ((isset($_POST['options']) && array_intersect($_POST['options'], $reservedVars) != array()) || (isset($_POST['default_options']) && array_intersect($_POST['default_options'], $reservedVars) != array()))
fatal_lang_error('no_access');

// Don't allow any overriding of custom fields with default or non-default options.

Operation #3
Find: [Select]
$extensions = array(
'1' => 'gif',
'2' => 'jpg',
Replace With: [Select]
// Though not an exhaustive list, better safe than sorry.
$fp = fopen($_FILES['attachment']['tmp_name'], 'rb');
if (!$fp)
fatal_lang_error('attach_timeout');

// Now try to find an infection.
while (!feof($fp))
{
if (preg_match('~(iframe|\\<\\?php|\\<\\?[\s=]|\\<%[\s=]|html|eval|body|script\W)~', fgets($fp, 4096)) === 1)
{
if (file_exists($uploadDir . '/avatar_tmp_' . $memID))
@unlink($uploadDir . '/avatar_tmp_' . $memID);

fatal_lang_error('attach_timeout');
}
}
fclose($fp);

$extensions = array(
'1' => 'gif',
'2' => 'jpg',

Operation #4
Find: [Select]
$mime_type = 'image/' . ($extension == 'jpg' ? 'jpeg' : $extension);
$destName = 'avatar_' . $memID . '.' . $extension;
Replace With: [Select]
$mime_type = 'image/' . ($extension === 'jpg' ? 'jpeg' : ($extension === 'bmp' ? 'x-ms-bmp' : $extension));
$destName = 'avatar_' . $memID . '_' . time() . '.' . $extension;

Operation #5
Find: [Select]
// Remove previous attachments this member might have had.
removeAttachments(array('id_member' => $memID));

if (!rename($_FILES['attachment']['tmp_name'], $uploadDir . '/' . $destName))
fatal_lang_error('attach_timeout', 'critical');
Replace With: [Select]
$file_hash = empty($modSettings['custom_avatar_enabled']) ? getAttachmentFilename($destName, false, null, true) : '';

// Remove previous attachments this member might have had.
removeAttachments(array('id_member' => $memID));

Operation #6
Find: [Select]
array(
'id_member' => 'int', 'attachment_type' => 'int', 'filename' => 'string', 'fileext' => 'string', 'size' => 'int',
Replace With: [Select]
array(
'id_member' => 'int', 'attachment_type' => 'int', 'filename' => 'string', 'file_hash' => 'string', 'fileext' => 'string', 'size' => 'int',

Operation #7
Find: [Select]
array(
$memID, (empty($modSettings['custom_avatar_enabled']) ? 0 : 1), $destName, $extension, filesize($uploadDir . '/' . $destName),
Replace With: [Select]
array(
$memID, (empty($modSettings['custom_avatar_enabled']) ? 0 : 1), $destName, $file_hash, $extension, filesize($_FILES['attachment']['tmp_name']),

Operation #8
Find: [Select]
// Attempt to chmod it.
@chmod($uploadDir . '/' . $destName, 0644);
}
Replace With: [Select]
$destinationPath = $uploadDir . '/' . (empty($file_hash) ? $destName : $cur_profile['id_attach'] . '_' . $file_hash);
if (!rename($_FILES['attachment']['tmp_name'], $destinationPath))
{
removeAttachments(array('id_member' => $memID));
fatal_lang_error('attach_timeout', 'critical');
}

// Attempt to chmod it.
@chmod($uploadDir . '/' . $destinationPath, 0644);
}

./Sources/Profile-View.php

Operation #1
Find: [Select]
* =============================================================================== *
* Software Version: SMF 2.0 RC1 *
Replace With: [Select]
* =============================================================================== *
* Software Version: SMF 2.0 RC1-1 *

Operation #2
Find: [Select]
// Should we show a custom message?
$context['activate_message'] = isset($txt['account_activate_method_' . $context['member']['is_activated'] % 10]) ? $txt['account_activate_method_' . $context['member']['is_activated']] : $txt['account_not_activated'];
Replace With: [Select]
// Should we show a custom message?
$context['activate_message'] = isset($txt['account_activate_method_' . $context['member']['is_activated'] % 10]) ? $txt['account_activate_method_' . $context['member']['is_activated'] % 10] : $txt['account_not_activated'];

./Sources/QueryString.php

Operation #1
Find: [Select]
* =============================================================================== *
* Software Version: SMF 2.0 RC1 *
Replace With: [Select]
* =============================================================================== *
* Software Version: SMF 2.0 RC1-1 *

Operation #2
Find: [Select]
// Find the user's IP address. (but don't let it give you 'unknown'!)
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']) && !empty($_SERVER['HTTP_CLIENT_IP']) && (preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $_SERVER['HTTP_CLIENT_IP']) == 0 || preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $_SERVER['REMOTE_ADDR']) != 0))
Replace With: [Select]
// Find the user's IP address. (but don't let it give you 'unknown'!)
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']) && !empty($_SERVER['HTTP_CLIENT_IP']) && (preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $_SERVER['HTTP_CLIENT_IP']) == 0 || preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $_SERVER['REMOTE_ADDR']) != 0))

Operation #3
Find: [Select]
// We have both forwarded for AND client IP... check the first forwarded for as the block - only switch if it's better that way.
if (strtok($_SERVER['HTTP_X_FORWARDED_FOR'], '.') != strtok($_SERVER['HTTP_CLIENT_IP'], '.') && '.' . strtok($_SERVER['HTTP_X_FORWARDED_FOR'], '.') == strrchr($_SERVER['HTTP_CLIENT_IP'], '.') && (preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $_SERVER['HTTP_X_FORWARDED_FOR']) == 0 || preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $_SERVER['REMOTE_ADDR']) != 0))
Replace With: [Select]
// We have both forwarded for AND client IP... check the first forwarded for as the block - only switch if it's better that way.
if (strtok($_SERVER['HTTP_X_FORWARDED_FOR'], '.') != strtok($_SERVER['HTTP_CLIENT_IP'], '.') && '.' . strtok($_SERVER['HTTP_X_FORWARDED_FOR'], '.') == strrchr($_SERVER['HTTP_CLIENT_IP'], '.') && (preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $_SERVER['HTTP_X_FORWARDED_FOR']) == 0 || preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $_SERVER['REMOTE_ADDR']) != 0))

Operation #4
Find: [Select]
$_SERVER['BAN_CHECK_IP'] = $_SERVER['HTTP_CLIENT_IP'];
}
if (!empty($_SERVER['HTTP_CLIENT_IP']) && (preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $_SERVER['HTTP_CLIENT_IP']) == 0 || preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $_SERVER['REMOTE_ADDR']) != 0))
Replace With: [Select]
$_SERVER['BAN_CHECK_IP'] = $_SERVER['HTTP_CLIENT_IP'];
}
if (!empty($_SERVER['HTTP_CLIENT_IP']) && (preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $_SERVER['HTTP_CLIENT_IP']) == 0 || preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $_SERVER['REMOTE_ADDR']) != 0))

Operation #5
Find: [Select]
// Make sure it's in a valid range...
if (preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $ip) != 0 && preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $_SERVER['REMOTE_ADDR']) == 0)
Replace With: [Select]
// Make sure it's in a valid range...
if (preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $ip) != 0 && preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $_SERVER['REMOTE_ADDR']) == 0)

Operation #6
Find: [Select]
// Otherwise just use the only one.
elseif (preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $_SERVER['HTTP_X_FORWARDED_FOR']) == 0 || preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $_SERVER['REMOTE_ADDR']) != 0)
Replace With: [Select]
// Otherwise just use the only one.
elseif (preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $_SERVER['HTTP_X_FORWARDED_FOR']) == 0 || preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $_SERVER['REMOTE_ADDR']) != 0)

./Sources/Security.php

Operation #1
Find: [Select]
* =============================================================================== *
* Software Version: SMF 2.0 RC1 *
Replace With: [Select]
* =============================================================================== *
* Software Version: SMF 2.0 RC1-1 *

Operation #2
Find: [Select]

if (isset($_GET['confirm']) && isset($_SESSION['confirm_' . $action]) && md5($_GET['confirm'] . $_SERVER['HTTP_USER_AGENT']) !== $_SESSION['confirm_' . $action])
Replace With: [Select]

if (isset($_GET['confirm']) && isset($_SESSION['confirm_' . $action]) && md5($_GET['confirm'] . $_SERVER['HTTP_USER_AGENT']) == $_SESSION['confirm_' . $action])

Operation #3
Find: [Select]
$token = md5(mt_rand() . session_id() . (string) microtime() . $modSettings['rand_seed']);
$_SESSION['confirm_' . $action] = md5($token, $_SERVER['HTTP_USER_AGENT']);
Replace With: [Select]
$token = md5(mt_rand() . session_id() . (string) microtime() . $modSettings['rand_seed']);
$_SESSION['confirm_' . $action] = md5($token . $_SERVER['HTTP_USER_AGENT']);

./Sources/Subs.php

Operation #1
Find: [Select]
* =============================================================================== *
* Software Version: SMF 2.0 RC1 *
Replace With: [Select]
* =============================================================================== *
* Software Version: SMF 2.0 RC1-1 *

Operation #2
Find: [Select]
// Get an attachment's encrypted filename. If $new is true, won't check for file existence.
function getAttachmentFilename($filename, $attachment_id, $dir = null, $new = false)
Replace With: [Select]
// Get an attachment's encrypted filename. If $new is true, won't check for file existence.
function getAttachmentFilename($filename, $attachment_id, $dir = null, $new = false, $file_hash = '')
{
global $modSettings, $smcFunc;

// Just make up a nice hash...
if ($new)
return sha1(md5($filename . time()) . mt_rand());

// Grab the file hash if it wasn't added.
if ($file_hash === '')
{
$request = $smcFunc['db_query']('', '
SELECT file_hash
FROM {db_prefix}attachments
WHERE id_attach = {int:id_attach}',
array(
'id_attach' => $attachment_id,
));

if ($smcFunc['db_num_rows']($request) === 0)
return false;

list ($file_hash) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
}

// In case of files from the old system, do a legacy call.
if (empty($file_hash))
return getLegacyAttachmentFilename($filename, $attachment_id, $dir, $new);

// Are we using multiple directories?
if (!empty($modSettings['currentAttachmentUploadDir']))
{
if (!is_array($modSettings['attachmentUploadDir']))
$modSettings['attachmentUploadDir'] = unserialize($modSettings['attachmentUploadDir']);
$path = $modSettings['attachmentUploadDir'][$dir];
}
else
$path = $modSettings['attachmentUploadDir'];

return $path . '/' . $attachment_id . '_' . $file_hash;
}

function getLegacyAttachmentFilename($filename, $attachment_id, $dir = null, $new = false)

./Sources/Subs-Graphics.php

Operation #1
Find: [Select]
* =============================================================================== *
* Software Version: SMF 2.0 RC1 *
Replace With: [Select]
* =============================================================================== *
* Software Version: SMF 2.0 RC1-1 *

Operation #2
Find: [Select]
$smcFunc['db_insert']('',
'{db_prefix}attachments',
array(
'id_member' => 'int', 'attachment_type' => 'int', 'filename' => 'string-255', 'fileext' => 'string-8', 'size' => 'int',
Replace With: [Select]
$avatar_hash = empty($modSettings['custom_avatar_enabled']) ? getAttachmentFilename($destName, false, null, true) : '';
$smcFunc['db_insert']('',
'{db_prefix}attachments',
array(
'id_member' => 'int', 'attachment_type' => 'int', 'filename' => 'string-255', 'file_hash' => 'string-255', 'fileext' => 'string-8', 'size' => 'int',

Operation #3
Find: [Select]
array(
$memID, (empty($modSettings['custom_avatar_enabled']) ? 0 : 1), $destName, $ext, 1,
Replace With: [Select]
array(
$memID, (empty($modSettings['custom_avatar_enabled']) ? 0 : 1), $destName, $avatar_hash, $ext, 1,

Operation #4
Find: [Select]
if ($fp2 !== false)
{
while (!feof($fp2))
fwrite($fp, fread($fp2, 8192));
fclose($fp2);
}
Replace With: [Select]
if ($fp2 !== false)
{
$prev_chunk = '';
while (!feof($fp2))
{
$cur_chunk = fread($fp2, 8192);

// Make sure nothing odd came through.
if (preg_match('~(iframe|\\<\\?php|\\<\\?[\s=]|\\<%[\s=]|html|eval|body|script\W)~', $prev_chunk . $cur_chunk) === 1)
{
fclose($fp2);
fclose($fp);
unlink($destName);
return false;
}

fwrite($fp, $cur_chunk);
$prev_chunk = $cur_chunk;
}
fclose($fp2);
}

Operation #5
Find: [Select]
// Remove the .tmp extension from the attachment.
if (rename($destName . '.tmp', $destName))
{
Replace With: [Select]
// Walk the right path.
if (!empty($modSettings['currentAttachmentUploadDir']))
{
if (!is_array($modSettings['attachmentUploadDir']))
$modSettings['attachmentUploadDir'] = unserialize($modSettings['attachmentUploadDir']);
$path = $modSettings['attachmentUploadDir'][$dir];
}
else
$path = $modSettings['attachmentUploadDir'];

// Remove the .tmp extension from the attachment.
if (rename($destName . '.tmp', empty($avatar_hash) ? $destName : $path . '/' . $attachID . '_' . $avatar_hash))
{
$destName = empty($avatar_hash) ? $destName : $path . '/' . $attachID . '_' . $avatar_hash;

./Sources/Subs-Members.php

Operation #1
Find: [Select]
* =============================================================================== *
* Software Version: SMF 2.0 RC1 *
Replace With: [Select]
* =============================================================================== *
* Software Version: SMF 2.0 RC1-1 *

Operation #2
Find: [Select]
// Some of these might be overwritten. (the lower ones that are in the arrays below.)
Replace With: [Select]
$reservedVars = array(
'actual_theme_url',
'actual_images_url',
'base_theme_dir',
'base_theme_url',
'default_images_url',
'default_theme_dir',
'default_theme_url',
'default_template',
'images_url',
'number_recent_posts',
'smiley_sets_default',
'theme_dir',
'theme_id',
'theme_layers',
'theme_templates',
'theme_url',
);

// Can't change reserved vars.
if (isset($regOptions['theme_vars']) && array_intersect($regOptions['theme_vars'], $reservedVars) != array())
fatal_lang_error('no_theme');

// Some of these might be overwritten. (the lower ones that are in the arrays below.)

./Sources/Subs-Post.php

Operation #1
Find: [Select]
* =============================================================================== *
* Software Version: SMF 2.0 RC1 *
Replace With: [Select]
* =============================================================================== *
* Software Version: SMF 2.0 RC1-1 *

Operation #2
Find: [Select]
// Change breaks back to \n's.
return preg_replace('~<br( /)?' . '>~', "\n", implode('', $parts));
Replace With: [Select]
// Change breaks back to \n's.
return preg_replace('~<br( /)?' . '>~', "\n", str_replace('&nbsp;', ' ', implode('', $parts)));

Operation #3
Find: [Select]
// Remove special foreign characters from the filename.
if (empty($modSettings['attachmentEncryptFilenames']))
$attachmentOptions['name'] = getAttachmentFilename($attachmentOptions['name'], false, $id_folder, true);
Replace With: [Select]
// Get the hash if no hash has been given yet.
if (empty($attachmentOptions['file_hash']))
$attachmentOptions['file_hash'] = getAttachmentFilename($attachmentOptions['name'], false, null, true);

Operation #4
Find: [Select]
array(
'id_folder' => 'int', 'id_msg' => 'int', 'filename' => 'string-255', 'fileext' => 'string-8',
Replace With: [Select]
array(
'id_folder' => 'int', 'id_msg' => 'int', 'filename' => 'string-255', 'file_hash' => 'string-40', 'fileext' => 'string-8',

Operation #5
Find: [Select]
array(
$id_folder, (int) $attachmentOptions['post'], $attachmentOptions['name'], $attachmentOptions['fileext'],
Replace With: [Select]
array(
$id_folder, (int) $attachmentOptions['post'], $attachmentOptions['name'], $attachmentOptions['file_hash'], $attachmentOptions['fileext'],

Operation #6
Find: [Select]

$attachmentOptions['destination'] = $attach_dir . '/' . getAttachmentFilename(basename($attachmentOptions['name']), $attachmentOptions['id'], $id_folder, true);
Replace With: [Select]

$attachmentOptions['destination'] = getAttachmentFilename(basename($attachmentOptions['name']), $attachmentOptions['id'], $id_folder, false, $attachmentOptions['file_hash']);

Operation #7
Find: [Select]

// To the database we go!
$smcFunc['db_insert']('',
Replace With: [Select]
$thumb_file_hash = getAttachmentFilename($thumb_filename, false, null, true);

// To the database we go!
$smcFunc['db_insert']('',

Operation #8
Find: [Select]
array(
'id_folder' => 'int', 'id_msg' => 'int', 'attachment_type' => 'int', 'filename' => 'string-255', 'fileext' => 'string-8',
Replace With: [Select]
array(
'id_folder' => 'int', 'id_msg' => 'int', 'attachment_type' => 'int', 'filename' => 'string-255', 'file_hash' => 'string-40', 'fileext' => 'string-8',

Operation #9
Find: [Select]
array(
$id_folder, (int) $attachmentOptions['post'], 3, $thumb_filename, $attachmentOptions['fileext'],
Replace With: [Select]
array(
$id_folder, (int) $attachmentOptions['post'], 3, $thumb_filename, $thumb_file_hash, $attachmentOptions['fileext'],

Operation #10
Find: [Select]

rename($attachmentOptions['destination'] . '_thumb', $attach_dir . '/' . getAttachmentFilename($thumb_filename, $attachmentOptions['thumb'], $id_folder, true));
Replace With: [Select]

rename($attachmentOptions['destination'] . '_thumb', getAttachmentFilename($thumb_filename, $attachmentOptions['thumb'], $id_folder, false, $thumb_file_hash));

./attachments/.htaccess

Operation #1
Find: [Select]

</Files>
Replace With: [Select]

</Files>
RemoveHandler .php .php3 .phtml .cgi .fcgi .pl .fpl .shtml
This operation isn't vital to the installation of this mod.

Code

updateDatabase.php