Update to SMF 1.1.9 - Installation Instructions for 1.1.8

Update to SMF 1.1.9
This patch file will update your forum to SMF 1.1.9.

File Edits ALT + Click to collapse all the operations

./index.php

Find: Select
* Software Version: SMF 1.1.8 *
Replace With: Select
* Software Version: SMF 1.1.9 *
Find: Select
$forum_version = 'SMF 1.1.8';
Replace With: Select
$forum_version = 'SMF 1.1.9';
Find: Select
elseif (empty($modSettings['allow_guestAccess']) && $user_info['is_guest'] && (!isset($_REQUEST['action']) || !in_array($_REQUEST['action'], array('coppa', 'login', 'login2', 'register', 'register2', 'reminder', 'activate', 'smstats', 'help', '.xml', 'verificationcode'))))
Replace With: Select
elseif (empty($modSettings['allow_guestAccess']) && $user_info['is_guest'] && (!isset($_REQUEST['action']) || !in_array($_REQUEST['action'], array('coppa', 'login', 'login2', 'register', 'register2', 'reminder', 'activate', 'smstats', 'help', 'verificationcode'))))

./Sources/Display.php

Find: Select
* Software Version: SMF 1.1.4 *
Replace With: Select
* Software Version: SMF 1.1.9 *
Find: Select
a.ID_ATTACH, a.ID_MSG, a.filename, IFNULL(a.size, 0) AS filesize, a.downloads,
Replace With: Select
a.ID_ATTACH, a.ID_MSG, a.filename, a.file_hash, IFNULL(a.size, 0) AS filesize, a.downloads,
Find: Select
SELECT filename, ID_ATTACH, attachmentType
Replace With: Select
SELECT filename, ID_ATTACH, attachmentType, file_hash
Find: Select
SELECT a.filename, a.ID_ATTACH, a.attachmentType
Replace With: Select
SELECT a.filename, a.ID_ATTACH, a.attachmentType, a.file_hash
Find: Select
list ($real_filename, $ID_ATTACH, $attachmentType) = mysql_fetch_row($request);
Replace With: Select
list ($real_filename, $ID_ATTACH, $attachmentType, $file_hash) = mysql_fetch_row($request);
Find: Select
$filename = getAttachmentFilename($real_filename, $_REQUEST['attach']);
Replace With: Select
$filename = getAttachmentFilename($real_filename, $_REQUEST['attach'], false, $file_hash);
Find: Select
if (filesize($filename) != 0)
Replace With: Select
// IE 6 just doesn't play nice. As dirty as this seems, it works.
if ($context['browser']['is_ie6'] && isset($_REQUEST['image']))
unset($_REQUEST['image']);

elseif (filesize($filename) != 0)
Find: Select
6 => 'bmp',
Replace With: Select
6 => 'x-ms-bmp',
Find: Select
if (!empty($size['mime']))
header('Content-Type: ' . $size['mime']);
Replace With: Select
if (!empty($size['mime']) && !in_array($size[2], array(4, 13)))
header('Content-Type: ' . strtr($size['mime'], array('image/bmp' => 'image/x-ms-bmp')));
Find: Select
if (!isset($_REQUEST['image']))
{
header('Content-Disposition: attachment; filename="' . $real_filename . '"');
header('Content-Type: application/octet-stream');
}
Replace With: Select
header('Content-Disposition: ' . (isset($_REQUEST['image']) ? 'inline' : 'attachment') . '; filename="' . $real_filename . '"');
if (!isset($_REQUEST['image']))
header('Content-Type: application/octet-stream');
Find: Select
$filename = getAttachmentFilename($attachment['filename'], $attachment['ID_ATTACH']);
Replace With: Select
$filename = getAttachmentFilename($attachment['filename'], $attachment['ID_ATTACH'], false, $attachment['file_hash']);
Find: Select
db_query("
INSERT INTO {$db_prefix}attachments
(ID_MSG, attachmentType, filename, size, width, height)
VALUES ($ID_MSG, 3, '$thumb_filename', " . (int) $thumb_size . ", " . (int) $attachment['thumb_width'] . ", " . (int) $attachment['thumb_height'] . ")", __FILE__, __LINE__);
Replace With: Select
$thumb_hash = getAttachmentFilename($thumb_filename, false, true);
db_query("
INSERT INTO {$db_prefix}attachments
(ID_MSG, attachmentType, filename, file_hash, size, width, height)
VALUES ($ID_MSG, 3, '$thumb_filename', '$thumb_hash', " . (int) $thumb_size . ", " . (int) $attachment['thumb_width'] . ", " . (int) $attachment['thumb_height'] . ")", __FILE__, __LINE__);
Find: Select
$thumb_realname = getAttachmentFilename($thumb_filename, $attachment['ID_THUMB'], true);
rename($filename . '_thumb', $modSettings['attachmentUploadDir'] . '/' . $thumb_realname);
Replace With: Select
$thumb_realname = getAttachmentFilename($thumb_filename, $attachment['ID_THUMB'], false, $thumb_hash);
rename($filename . '_thumb', $thumb_realname);

./Sources/Load.php

Find: Select
* Software Version: SMF 1.1.6 *
Replace With: Select
* Software Version: SMF 1.1.9 *
Find: Select
// If this is the theme_dir of the default theme, store it.
Replace With: Select
// There are just things we shouldn't be able to change as members.
if ($row['ID_MEMBER'] != 0 && in_array($row['variable'], array('actual_theme_url', 'actual_images_url', 'base_theme_dir', 'base_theme_url', 'default_images_url', 'default_theme_dir', 'default_theme_url', 'default_template', 'images_url', 'number_recent_posts', 'smiley_sets_default', 'theme_dir', 'theme_id', 'theme_layers', 'theme_templates', 'theme_url')))
continue;

// If this is the theme_dir of the default theme, store it.

./Sources/ManageAttachments.php

Find: Select
* Software Version: SMF 1.1.4 *
Replace With: Select
* Software Version: SMF 1.1.9 *
Find: Select
* Copyright 2006 by: Simple Machines LLC (http://www.simplemachines.org) *
Replace With: Select
* Copyright 2006-2009 by: Simple Machines LLC (http://www.simplemachines.org) *
Find: Select
'attachmentShowImages' => empty($_POST['attachmentShowImages']) ? '0' : '1',
'attachmentEncryptFilenames' => empty($_POST['attachmentEncryptFilenames']) ? '0' : '1',
Replace With: Select
'attachmentShowImages' => empty($_POST['attachmentShowImages']) ? '0' : '1',
Find: Select
SELECT ID_ATTACH, ID_MEMBER, filename
Replace With: Select
SELECT ID_ATTACH, ID_MEMBER, filename, file_hash
Find: Select
while ($row = mysql_fetch_assoc($request))
{
$filename = getAttachmentFilename($row['filename'], $row['ID_ATTACH']);
Replace With: Select
while ($row = mysql_fetch_assoc($request))
{
$filename = getAttachmentFilename($row['filename'], $row['ID_ATTACH'], false, $row['file_hash']);
Find: Select
a.filename, a.attachmentType, a.ID_ATTACH, a.ID_MEMBER" . ($query_type == 'messages' ? ', m.ID_MSG' : ', a.ID_MSG') . ",
Replace With: Select
a.filename, a.file_hash, a.attachmentType, a.ID_ATTACH, a.ID_MEMBER" . ($query_type == 'messages' ? ', m.ID_MSG' : ', a.ID_MSG') . ",
Find: Select
$filename = getAttachmentFilename($row['filename'], $row['ID_ATTACH']);
@unlink($filename);

// If this was a thumb, the parent attachment should know about it.
Replace With: Select
$filename = getAttachmentFilename($row['filename'], $row['ID_ATTACH'], false, $row['file_hash']);
@unlink($filename);

// If this was a thumb, the parent attachment should know about it.
Find: Select
$thumb_filename = getAttachmentFilename($row['thumb_filename'], $row['ID_THUMB']);
@unlink($thumb_filename);
$attach[] = $row['ID_THUMB'];
Replace With: Select
$thumb_filename = getAttachmentFilename($row['thumb_filename'], $row['ID_THUMB'], false, $row['file_hash']);
@unlink($thumb_filename);
$attach[] = $row['ID_THUMB'];
Find: Select
SELECT thumb.ID_ATTACH, thumb.filename
Replace With: Select
SELECT thumb.ID_ATTACH, thumb.filename, thumb.file_hash
Find: Select
// If we are repairing remove the file from disk now.
if ($fix_errors && in_array('missing_thumbnail_parent', $to_fix))
{
$filename = getAttachmentFilename($row['filename'], $row['ID_ATTACH']);
Replace With: Select
// If we are repairing remove the file from disk now.
if ($fix_errors && in_array('missing_thumbnail_parent', $to_fix))
{
$filename = getAttachmentFilename($row['filename'], $row['ID_ATTACH'], false, $row['file_hash']);
Find: Select
SELECT ID_ATTACH, filename, size, attachmentType
Replace With: Select
SELECT ID_ATTACH, filename, file_hash, size, attachmentType
Find: Select
$filename = getAttachmentFilename($row['filename'], $row['ID_ATTACH']);

// File doesn't exist?
Replace With: Select
$filename = getAttachmentFilename($row['filename'], $row['ID_ATTACH'], false, $row['file_hash']);

// File doesn't exist?
Find: Select
SELECT a.ID_ATTACH, a.filename, a.attachmentType
Replace With: Select
SELECT a.ID_ATTACH, a.filename, a.file_hash, a.attachmentType
Find: Select
if ($row['attachmentType'] == 1)
$filename = $modSettings['custom_avatar_dir'] . '/' . $row['filename'];
else
$filename = getAttachmentFilename($row['filename'], $row['ID_ATTACH']);
@unlink($filename);
}
Replace With: Select
if ($row['attachmentType'] == 1)
$filename = $modSettings['custom_avatar_dir'] . '/' . $row['filename'];
else
$filename = getAttachmentFilename($row['filename'], $row['ID_ATTACH'], false, $row['file_hash']);
@unlink($filename);
}
Find: Select
SELECT a.ID_ATTACH, a.filename
FROM {$db_prefix}attachments AS a
Replace With: Select
SELECT a.ID_ATTACH, a.filename, a.file_hash
FROM {$db_prefix}attachments AS a
Find: Select
// If we are repairing remove the file from disk now.
if ($fix_errors && in_array('attachment_no_msg', $to_fix))
{
$filename = getAttachmentFilename($row['filename'], $row['ID_ATTACH']);
Replace With: Select
// If we are repairing remove the file from disk now.
if ($fix_errors && in_array('attachment_no_msg', $to_fix))
{
$filename = getAttachmentFilename($row['filename'], $row['ID_ATTACH'], false, $row['file_hash']);

./Sources/PackageGet.php

Find: Select
* Software Version: SMF 1.1.8 *
Replace With: Select
* Software Version: SMF 1.1.9 *
Find: Select
* Copyright 2006 by: Simple Machines LLC (http://www.simplemachines.org) *
Replace With: Select
* Copyright 2006-2009 by: Simple Machines LLC (http://www.simplemachines.org) *
Find: Select
$default_author = $listing->fetch('default-author');
Replace With: Select
$default_author = htmlspecialchars($listing->fetch('default-author'));
Find: Select
$default_title = $listing->fetch('default-website/@title');
Replace With: Select
$default_title = htmlspecialchars($listing->fetch('default-website/@title'));
Find: Select
if (in_array($package['type'], array('title', 'heading', 'text', 'rule')))
$package['name'] = $thisPackage->fetch('.');
Replace With: Select
if (in_array($package['type'], array('title', 'heading', 'text', 'rule')))
$package['name'] = htmlspecialchars($thisPackage->fetch('.'));
Find: Select
$package['name'] = $thisPackage->fetch('.');
$package['link'] = '<a href="' . $package['href'] . '">' . $package['name'] . '</a>';
Replace With: Select
$package['name'] = htmlspecialchars($thisPackage->fetch('.'));
$package['link'] = '<a href="' . $package['href'] . '">' . $package['name'] . '</a>';
Find: Select
if ($package['description'] == '')
$package['description'] = $txt['pacman8'];
Replace With: Select
if ($package['description'] == '')
$package['description'] = $txt['pacman8'];
else
$package['description'] = parse_bbc(preg_replace('~\[[/]?html\]~i', '', htmlspecialchars($package['description'])));
Find: Select
$package['href'] = $url . '/' . $package['filename'];
Replace With: Select
$package['href'] = $url . '/' . $package['filename'];
$package['name'] = htmlspecialchars($package['name']);
Find: Select
$package['author']['email'] = $thisPackage->fetch('author/@email');
Replace With: Select
$package['author']['email'] = htmlspecialchars($thisPackage->fetch('author/@email'));
Find: Select
$package['author']['name'] = $thisPackage->fetch('author');
Replace With: Select
$package['author']['name'] = htmlspecialchars($thisPackage->fetch('author'));
Find: Select
$package['author']['website']['name'] = $thisPackage->fetch('website/@title');
elseif (isset($default_title))
$package['author']['website']['name'] = $default_title;
elseif ($thisPackage->exists('website'))
$package['author']['website']['name'] = $thisPackage->fetch('website');
Replace With: Select
$package['author']['website']['name'] = htmlspecialchars($thisPackage->fetch('website/@title'));
elseif (isset($default_title))
$package['author']['website']['name'] = $default_title;
elseif ($thisPackage->exists('website'))
$package['author']['website']['name'] = htmlspecialchars($thisPackage->fetch('website'));

./Sources/Post.php

Find: Select
* Software Version: SMF 1.1.5 *
Replace With: Select
* Software Version: SMF 1.1.9 *
Find: Select
'name' => getAttachmentFilename($name, false, true),
Replace With: Select
'name' => $name,

./Sources/Profile.php

Find: Select
* Software Version: SMF 1.1.6 *
Replace With: Select
* Software Version: SMF 1.1.9 *
Find: Select
// These are the theme changes...
Replace With: Select
$reservedVars = array(
'actual_theme_url',
'actual_images_url',
'base_theme_dir',
'base_theme_url',
'default_images_url',
'default_theme_dir',
'default_theme_url',
'default_template',
'images_url',
'number_recent_posts',
'smiley_sets_default',
'theme_dir',
'theme_id',
'theme_layers',
'theme_templates',
'theme_url',
);

// Can't change reserved vars.
if ((isset($_POST['options']) && array_intersect(array_keys($_POST['options']), $reservedVars) != array()) || (isset($_POST['default_options']) && array_intersect(array_keys($_POST['default_options']), $reservedVars) != array()))
fatal_lang_error(1);

// These are the theme changes...
Find: Select
$extensions = array(
Replace With: Select
// Though not an exhaustive list, better safe than sorry.
$fp = fopen($_FILES['attachment']['tmp_name'], 'rb');
if (!$fp)
fatal_lang_error('smf124');

// Now try to find an infection.
while (!feof($fp))
{
if (preg_match('~(iframe|\\<\\?php|\\<\\?[\s=]|\\<%[\s=]|html|eval|body|script\W)~', fgets($fp, 4096)) === 1)
{
if (file_exists($uploadDir . '/avatar_tmp_' . $memID))
@unlink($uploadDir . '/avatar_tmp_' . $memID);

fatal_lang_error('smf124');
}
}
fclose($fp);

$extensions = array(
Find: Select
if (!rename($_FILES['attachment']['tmp_name'], $uploadDir . '/' . $destName))
fatal_lang_error('smf124');

db_query("
INSERT INTO {$db_prefix}attachments
(ID_MEMBER, attachmentType, filename, size, width, height)
VALUES ($memID, " . (empty($modSettings['custom_avatar_enabled']) ? '0' : '1') . ", '$destName', " . filesize($uploadDir . '/' . $destName) . ", " . (int) $width . ", " . (int) $height . ")", __FILE__, __LINE__);

// Attempt to chmod it.
@chmod($uploadDir . '/' . $destName, 0644);
Replace With: Select
$file_hash = empty($modSettings['custom_avatar_enabled']) ? getAttachmentFilename($destName, false, true) : '';

db_query("
INSERT INTO {$db_prefix}attachments
(ID_MEMBER, attachmentType, filename, file_hash, size, width, height)
VALUES ($memID, " . (empty($modSettings['custom_avatar_enabled']) ? '0' : '1') . ", '$destName', '" . (empty($file_hash) ? "" : "$file_hash") . "', " . filesize($_FILES['attachment']['tmp_name']) . ", " . (int) $width . ", " . (int) $height . ")", __FILE__, __LINE__);
$attachID = db_insert_id();

// Try to move this avatar.
$destinationPath = $uploadDir . '/' . (empty($file_hash) ? $destName : $attachID . '_' . $file_hash);
if (!rename($_FILES['attachment']['tmp_name'], $destinationPath))
{
// The move failed, get rid of it and die.
db_query("
DELETE FROM {$db_prefix}attachments
WHERE ID_ATTACH = $attachID", __FILE__, __LINE__);

fatal_lang_error('smf124');
}

// Attempt to chmod it.
@chmod($destinationPath, 0644);
Find: Select
$context['activate_message'] = isset($txt['account_activate_method_' . $context['member']['is_activated'] % 10]) ? $txt['account_activate_method_' . $context['member']['is_activated']] : $txt['account_not_activated'];
Replace With: Select
$context['activate_message'] = isset($txt['account_activate_method_' . $context['member']['is_activated'] % 10]) ? $txt['account_activate_method_' . $context['member']['is_activated'] % 10] : $txt['account_not_activated'];

./Sources/QueryString.php

Find: Select
* Software Version: SMF 1.1.7 *
Replace With: Select
* Software Version: SMF 1.1.9 *
Find: Select
* Copyright 2006 by: Simple Machines LLC (http://www.simplemachines.org) *
Replace With: Select
* Copyright 2006-2009 by: Simple Machines LLC (http://www.simplemachines.org) *
Find: Select
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']) && !empty($_SERVER['HTTP_CLIENT_IP']) && (preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $_SERVER['HTTP_CLIENT_IP']) == 0 || preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $_SERVER['REMOTE_ADDR']) != 0))
{
// We have both forwarded for AND client IP... check the first forwarded for as the block - only switch if it's better that way.
if (strtok($_SERVER['HTTP_X_FORWARDED_FOR'], '.') != strtok($_SERVER['HTTP_CLIENT_IP'], '.') && '.' . strtok($_SERVER['HTTP_X_FORWARDED_FOR'], '.') == strrchr($_SERVER['HTTP_CLIENT_IP'], '.') && (preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $_SERVER['HTTP_X_FORWARDED_FOR']) == 0 || preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $_SERVER['REMOTE_ADDR']) != 0))
Replace With: Select
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']) && !empty($_SERVER['HTTP_CLIENT_IP']) && (preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $_SERVER['HTTP_CLIENT_IP']) == 0 || preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $_SERVER['REMOTE_ADDR']) != 0))
{
// We have both forwarded for AND client IP... check the first forwarded for as the block - only switch if it's better that way.
if (strtok($_SERVER['HTTP_X_FORWARDED_FOR'], '.') != strtok($_SERVER['HTTP_CLIENT_IP'], '.') && '.' . strtok($_SERVER['HTTP_X_FORWARDED_FOR'], '.') == strrchr($_SERVER['HTTP_CLIENT_IP'], '.') && (preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $_SERVER['HTTP_X_FORWARDED_FOR']) == 0 || preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $_SERVER['REMOTE_ADDR']) != 0))
Find: Select
if (!empty($_SERVER['HTTP_CLIENT_IP']) && (preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $_SERVER['HTTP_CLIENT_IP']) == 0 || preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $_SERVER['REMOTE_ADDR']) != 0))
Replace With: Select
if (!empty($_SERVER['HTTP_CLIENT_IP']) && (preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $_SERVER['HTTP_CLIENT_IP']) == 0 || preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $_SERVER['REMOTE_ADDR']) != 0))
Find: Select
if (preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $ip) != 0 && preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $_SERVER['REMOTE_ADDR']) == 0)
Replace With: Select
if (preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $ip) != 0 && preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $_SERVER['REMOTE_ADDR']) == 0)
Find: Select
elseif (preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $_SERVER['HTTP_X_FORWARDED_FOR']) == 0 || preg_match('~^((0|10|172\.16|192\.168|255|127\.0)\.|unknown)~', $_SERVER['REMOTE_ADDR']) != 0)
Replace With: Select
elseif (preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $_SERVER['HTTP_X_FORWARDED_FOR']) == 0 || preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown)~', $_SERVER['REMOTE_ADDR']) != 0)

./Sources/Security.php

Find: Select
* Software Version: SMF 1.1.8 *
Replace With: Select
* Software Version: SMF 1.1.9 *
Find: Select
if (isset($_GET['confirm']) && isset($_SESSION['confirm_' . $action]) && md5($_GET['confirm'] . $_SERVER['HTTP_USER_AGENT']) !== $_SESSION['confirm_' . $action])
return true;

else
{
$token = md5(mt_rand() . session_id() . (string) microtime() . $modSettings['rand_seed']);
$_SESSION['confirm_' . $action] = md5($token, $_SERVER['HTTP_USER_AGENT']);
Replace With: Select
if (isset($_GET['confirm']) && isset($_SESSION['confirm_' . $action]) && md5($_GET['confirm'] . $_SERVER['HTTP_USER_AGENT']) == $_SESSION['confirm_' . $action])
return true;

else
{
$token = md5(mt_rand() . session_id() . (string) microtime() . $modSettings['rand_seed']);
$_SESSION['confirm_' . $action] = md5($token . $_SERVER['HTTP_USER_AGENT']);

./Sources/Subs.php

Find: Select
* Software Version: SMF 1.1.6 *
Replace With: Select
* Software Version: SMF 1.1.9 *
Find: Select
<div style="white-space: normal;">The administrator doesn\'t want a copyright notice saying this is copyright 2006 - 2007 by <a href="http://www.simplemachines.org/about/copyright.php" target="_blank">Simple Machines LLC</a>, and named <a href="http://www.simplemachines.org/">SMF</a>, so the forum will honor this request and be quiet.</div>';
Replace With: Select
<div style="white-space: normal;">The administrator doesn\'t want a copyright notice saying this is copyright 2006 - 2009 by <a href="http://www.simplemachines.org/about/copyright.php" target="_blank">Simple Machines LLC</a>, and named <a href="http://www.simplemachines.org/">SMF</a>, so the forum will honor this request and be quiet.</div>';
Find: Select
// Get an attachment's encrypted filename. If $new is true, won't check for file existence.
function getAttachmentFilename($filename, $attachment_id, $new = false)
Replace With: Select
// Get an attachment's encrypted filename. If $new is true, won't check for file existence.
function getAttachmentFilename($filename, $attachment_id, $new = false, $file_hash = '')
{
global $modSettings, $db_prefix;

// Just make up a nice hash...
if ($new)
return sha1(md5($filename . time()) . mt_rand());

// Grab the file hash if it wasn't added.
if ($file_hash === '')
{
$request = db_query("
SELECT file_hash
FROM {$db_prefix}attachments
WHERE ID_ATTACH = " . (int) $attachment_id, __FILE__, __LINE__);

if (mysql_num_rows($request) === 0)
return false;

list ($file_hash) = mysql_fetch_row($request);

mysql_free_result($request);
}

// In case of files from the old system, do a legacy call.
if (empty($file_hash))
return getLegacyAttachmentFilename($filename, $attachment_id, $new);

return $modSettings['attachmentUploadDir'] . '/' . $attachment_id . '_' . $file_hash;
}

function getLegacyAttachmentFilename($filename, $attachment_id, $new = false)

./Sources/Subs-Graphics.php

Find: Select
* Software Version: SMF 1.1.7 *
Replace With: Select
* Software Version: SMF 1.1.9 *
Find: Select
db_query("
INSERT INTO {$db_prefix}attachments
(ID_MEMBER, attachmentType, filename, size)
VALUES ($memID, " . (empty($modSettings['custom_avatar_enabled']) ? '0' : '1') . ", '$destName', 1)", __FILE__, __LINE__);
Replace With: Select

$avatar_hash = empty($modSettings['custom_avatar_enabled']) ? getAttachmentFilename($destName, false, true) : '';

db_query("
INSERT INTO {$db_prefix}attachments
(ID_MEMBER, attachmentType, filename, file_hash, size)
VALUES ($memID, " . (empty($modSettings['custom_avatar_enabled']) ? '0' : '1') . ", '$destName', '" . (empty($avatar_hash) ? "" : "$avatar_hash") . "', 1)", __FILE__, __LINE__);
Find: Select
if (preg_match('~(iframe|\\<\\?php|\\<\\?|\\<%|html|eval|body|script)~', $fileContents) === 1)
{
fclose($fp);
Replace With: Select
if (preg_match('~(iframe|\\<\\?php|\\<\\?[\s=]|\\<%[\s=]|html|eval|body|script\W)~', $fileContents) === 1)
{
fclose($fp);
Find: Select
$fp2 = fopen($url, 'rb');
while (!feof($fp2))
fwrite($fp, fread($fp2, 8192));
fclose($fp2);
Replace With: Select
$fp2 = fopen($url, 'rb');
$prev_chunk = '';
while (!feof($fp2))
{
$cur_chunk = fread($fp2, 8192);

// Make sure nothing odd came through.
if (preg_match('~(iframe|\\<\\?php|\\<\\?[\s=]|\\<%[\s=]|html|eval|body|script\W)~', $prev_chunk . $cur_chunk) === 1)
{
fclose($fp2);
fclose($fp);
unlink($destName);
return false;
}

fwrite($fp, $cur_chunk);
$prev_chunk = $cur_chunk;
}
fclose($fp2);
Find: Select
if (rename($destName . '.tmp', $destName))
{
Replace With: Select
if (rename($destName . '.tmp', empty($avatar_hash) ? $destName : $modSettings['attachmentUploadDir'] . '/' . $attachID . '_' . $avatar_hash))
{
$destName = empty($avatar_hash) ? $destName : $modSettings['attachmentUploadDir'] . '/' . $attachID . '_' . $avatar_hash;
Find: Select
$code_image = imagecreate($total_width, $max_height);
Replace With: Select
$code_image = $gd2 ? imagecreatetruecolor($total_width, $max_height) : imagecreate($total_width, $max_height);

./Sources/Subs-Members.php

Find: Select
* Software Version: SMF 1.1.6 *
Replace With: Select
* Software Version: SMF 1.1.9 *
Find: Select
// Some of these might be overwritten. (the lower ones that are in the arrays below.)
Replace With: Select
$reservedVars = array(
'actual_theme_url',
'actual_images_url',
'base_theme_dir',
'base_theme_url',
'default_images_url',
'default_theme_dir',
'default_theme_url',
'default_template',
'images_url',
'number_recent_posts',
'smiley_sets_default',
'theme_dir',
'theme_id',
'theme_layers',
'theme_templates',
'theme_url',
);

// Can't change reserved vars.
if (isset($regOptions['theme_vars']) && array_intersect(array_keys($regOptions['theme_vars']), $reservedVars) != array())
fatal_lang_error('theme3');

// Some of these might be overwritten. (the lower ones that are in the arrays below.)

./Sources/Subs-Post.php

Find: Select
* Software Version: SMF 1.1.8 *
Replace With: Select
* Software Version: SMF 1.1.9 *
Find: Select
$parts[$i] = preg_replace('~\[([/]?)(list|li|table|tr|td)([^\]]*)\]~ie', '\'[$1\' . strtolower(\'$2\') . \'$3]\'', $parts[$i]);
Replace With: Select
$parts[$i] = preg_replace('~\[([/]?)(list|li|table|tr|td)((\s[^\]]+)*)\]~ie', '\'[$1\' . strtolower(\'$2\') . \'$3]\'', $parts[$i]);
Find: Select
// Change breaks back to \n's.
return preg_replace('~<br( /)?' . '>~', "\n", implode('', $parts));
Replace With: Select
// Change breaks back to \n's and &nsbp; back to spaces.
return preg_replace('~<br( /)?' . '>~', "\n", str_replace('&nbsp;', ' ', implode('', $parts)));
Find: Select
// Remove special foreign characters from the filename.
if (empty($modSettings['attachmentEncryptFilenames']))
$attachmentOptions['name'] = getAttachmentFilename($attachmentOptions['name'], false, true);
Replace With: Select
// Get the hash if no hash has been given yet.
if (empty($attachmentOptions['file_hash']))
$attachmentOptions['file_hash'] = getAttachmentFilename($attachmentOptions['name'], false, true);
Find: Select
(ID_MSG, filename, size, width, height)
VALUES (" . (int) $attachmentOptions['post'] . ", SUBSTRING('" . $attachmentOptions['name'] . "', 1, 255), " . (int) $attachmentOptions['size'] . ', ' . (empty($attachmentOptions['width']) ? '0' : (int) $attachmentOptions['width']) . ', ' . (empty($attachmentOptions['height']) ? '0' : (int) $attachmentOptions['height']) . ')', __FILE__, __LINE__);
Replace With: Select
(ID_MSG, filename, file_hash, size, width, height)
VALUES (" . (int) $attachmentOptions['post'] . ", SUBSTRING('" . $attachmentOptions['name'] . "', 1, 255), '$attachmentOptions[file_hash]', " . (int) $attachmentOptions['size'] . ', ' . (empty($attachmentOptions['width']) ? '0' : (int) $attachmentOptions['width']) . ', ' . (empty($attachmentOptions['height']) ? '0' : (int) $attachmentOptions['height']) . ')', __FILE__, __LINE__);
Find: Select
$attachmentOptions['destination'] = $modSettings['attachmentUploadDir'] . '/' . getAttachmentFilename(basename($attachmentOptions['name']), $attachmentOptions['id'], true);
Replace With: Select
$attachmentOptions['destination'] = getAttachmentFilename(basename($attachmentOptions['name']), $attachmentOptions['id'], false, $attachmentOptions['file_hash']);
Find: Select
// To the database we go!
db_query("
INSERT INTO {$db_prefix}attachments
(ID_MSG, attachmentType, filename, size, width, height)
VALUES (" . (int) $attachmentOptions['post'] . ", 3, SUBSTRING('$thumb_filename', 1, 255), " . (int) $thumb_size . ", " . (int) $thumb_width . ", " . (int) $thumb_height . ")", __FILE__, __LINE__);
Replace With: Select
// To the database we go!
$thumb_file_hash = getAttachmentFilename($thumb_filename, false, true);
db_query("
INSERT INTO {$db_prefix}attachments
(ID_MSG, attachmentType, filename, file_hash, size, width, height)
VALUES (" . (int) $attachmentOptions['post'] . ", 3, SUBSTRING('$thumb_filename', 1, 255), '$thumb_file_hash', " . (int) $thumb_size . ", " . (int) $thumb_width . ", " . (int) $thumb_height . ")", __FILE__, __LINE__);
Find: Select
rename($attachmentOptions['destination'] . '_thumb', $modSettings['attachmentUploadDir'] . '/' . getAttachmentFilename($thumb_filename, $attachmentOptions['thumb'], true));
Replace With: Select
rename($attachmentOptions['destination'] . '_thumb', getAttachmentFilename($thumb_filename, $attachmentOptions['thumb'], false, $thumb_file_hash));

./Themes/default/ManageAttachments.template.php

Find: Select
// Version: 1.1; ManageAttachments
Replace With: Select
// Version: 1.1.9; ManageAttachments
Find: Select
<td><input type="text" name="attachmentExtensions" id="attachmentExtensions" value="', $modSettings['attachmentExtensions'], '" size="40" /></td>
</tr><tr class="windowbg2">
<td width="50%" align="right"><label for="attachmentEncryptFilenames">', $txt['attachmentEncryptFilenames'], ' <a href="', $scripturl, '?action=helpadmin;help=attachmentEncryptFilenames" onclick="return reqWin(this.href);" class="help">(?)</a>:</label></td>
<td><input type="checkbox" name="attachmentEncryptFilenames" id="attachmentEncryptFilenames" value="1" class="check"', empty($modSettings['attachmentEncryptFilenames']) ? '' : ' checked="checked"', ' /></td>
Replace With: Select
<td><input type="text" name="attachmentExtensions" id="attachmentExtensions" value="', $modSettings['attachmentExtensions'], '" size="40" /></td>

./Themes/default/Recent.template.php

Find: Select
// Version: 1.1.5; Recent
Replace With: Select
// Version: 1.1.9; Recent
Find: Select
$button_set['delete'] = array('text' => 31, 'image' => 'delete.gif', 'lang' => true, 'custom' => 'onclick="return confirm(\'' . $txt[154] . '?\');"', 'url' => $scripturl . '?action=deletemsg2;msg=' . $post['id'] . ';topic=' . $post['topic'] . ';recent;sesc=' . $context['session_id']);
Replace With: Select
$button_set['delete'] = array('text' => 31, 'image' => 'delete.gif', 'lang' => true, 'custom' => 'onclick="return confirm(\'' . $txt[154] . '?\');"', 'url' => $scripturl . '?action=deletemsg;msg=' . $post['id'] . ';topic=' . $post['topic'] . ';recent;sesc=' . $context['session_id']);

./Themes/babylon/Recent.template.php

This operation isn't vital to the installation of this mod.
Find: Select

// Version: 1.1; Recent
Replace With: Select

// Version: 1.1.9; Recent
This operation isn't vital to the installation of this mod.
Find: Select

<a href="', $scripturl, '?action=recent;delete=', $post['id'], ';sesc=', $context['session_id'], '" onclick="return confirm(\'', $txt[154], '?\');">', ($settings['use_image_buttons'] ? '<img src="' . $settings['images_url'] . '/' . $context['user']['language'] . '/delete.gif" alt="' . $txt[121] . '" border="0" />' : $txt[31]), '</a>';
Replace With: Select

<a href="', $scripturl, '?action=deletemsg;msg=', $post['id'], ';topic=', $post['topic'], ';recent;sesc=', $context['session_id'], '" onclick="return confirm(\'', $txt[154], '?\');">', ($settings['use_image_buttons'] ? '<img src="' . $settings['images_url'] . '/' . $context['user']['language'] . '/delete.gif" alt="' . $txt[121] . '" border="0" />' : $txt[31]), '</a>';

./Themes/classic/Recent.template.php

This operation isn't vital to the installation of this mod.
Find: Select

// Version: 1.1; Recent
Replace With: Select

// Version: 1.1.9; Recent
This operation isn't vital to the installation of this mod.
Find: Select

<a href="', $scripturl, '?action=recent;delete=', $post['id'], ';sesc=', $context['session_id'], '" onclick="return confirm(\'', $txt[154], '?\');">', $settings['use_image_buttons'] ? '<img src="' . $settings['images_url'] . '/' . $context['user']['language'] . '/delete.gif" alt="' . $txt[121] . '" border="0" />' : $txt[31], '</a>';
Replace With: Select

<a href="', $scripturl, '?action=deletemsg;msg=', $post['id'], ';topic=', $post['topic'], ';recent;sesc=', $context['session_id'], '" onclick="return confirm(\'', $txt[154], '?\');">', $settings['use_image_buttons'] ? '<img src="' . $settings['images_url'] . '/' . $context['user']['language'] . '/delete.gif" alt="' . $txt[121] . '" border="0" />' : $txt[31], '</a>';

./Themes/default/languages/index.english.php

This operation isn't vital to the installation of this mod.
Find: Select

// Version: 1.1.5; index
Replace With: Select

// Version: 1.1.9; index
This operation isn't vital to the installation of this mod.
Find: Select

$forum_copyright = '<a href="http://www.simplemachines.org/" title="Simple Machines Forum" target="_blank">Powered by ' . $forum_version . '</a> |
<a href="http://www.simplemachines.org/about/copyright.php" title="Free Forum Software" target="_blank">SMF &copy; 2006-2008, Simple Machines LLC</a>';
Replace With: Select

$forum_copyright = '<a href="http://www.simplemachines.org/" title="Simple Machines Forum" target="_blank">Powered by ' . $forum_version . '</a> |
<a href="http://www.simplemachines.org/about/copyright.php" title="Free Forum Software" target="_blank">SMF &copy; 2006-2009, Simple Machines LLC</a>';

./attachments/.htaccess

This operation isn't vital to the installation of this mod.
Find: Select

</Files>
Replace With: Select

</Files>
RemoveHandler .php .php3 .phtml .cgi .fcgi .pl .fpl .shtml

Code

updateDatabase.php
This file should be able to execute standalone.
Advertisement: