106
News & Announcements / Re: 4images 1.7.9
« on: November 20, 2010, 01:25:30 PM »
Here is a detailed list of what has been changed in the php files from 4images 1.7.8 -> 1.7.9.
(The best way for yourself to compare the code of files is to use Winmerge.)
Root files
global.php
find:
function addslashes_array($array) {
insert before:
if (!function_exists("date_default_timezone_set")) {
function date_default_timezone_set($timezone) {
return true;
}
}
find:
@include(ROOT_PATH.'config.php');
insert before:
// Initialize CSRF protection configuration
$csrf_protection_enable = 1;
$csrf_protection_frontend = 1;
$csrf_protection_backend = 1;
$csrf_protection_expires = 7200;
$csrf_protection_name = '__csrf';
$csrf_protection_xhtml = 1;
find:
include_once(ROOT_PATH.'includes/captcha_utils.php');
insert after:
//-----------------------------------------------------
//--- CSRF protection ---------------------------------
//-----------------------------------------------------
include_once(ROOT_PATH.'includes/csrf_utils.php');
member.php
find:
$search_words[$image_column] = stripslashes($HTTP_POST_VARS[$image_column]);
}
}
remove_searchwords($image_id);
replace with:
$search_words[$image_column] = stripslashes($HTTP_POST_VARS[$image_column]);
if ($image_column == 'image_keywords') {
$search_words[$image_column] = explode(',', $search_words[$image_column]);
}
}
}
remove_searchwords($image_id);
find:
$search_words[$image_column] = stripslashes($HTTP_POST_VARS[$image_column]);
}
}
add_searchwords($image_id, $search_words);
replace with:
$search_words[$image_column] = stripslashes($HTTP_POST_VARS[$image_column]);
if ($image_column == 'image_keywords') {
$search_words[$image_column] = explode(',', $search_words[$image_column]);
}
}
}
add_searchwords($image_id, $search_words);
Admin files
admin/admin_functions.php
find:
echo "<form action=\"".$site_sess->url($phpscript)."\"".$upload." name=\"".$name."\" method=\"post\">\n";
replace with:
echo "<form action=\"".$site_sess->url(safe_htmlspecialchars(strip_tags($phpscript)))."\"".$upload." name=\"".$name."\" method=\"post\">\n";
find:
echo "<a href=\"".$site_sess->url($url)."\"".$target.">[".$text."]</a> ";
replace with:
echo "<a href=\"".$site_sess->url(safe_htmlspecialchars(strip_tags($url)))."\"".$target.">[".$text."]</a> ";
find:
echo "<a href=\"".$site_sess->url($url)."\" class=\"navlink\">".$title."</a> $extra\n";
replace with:
echo "<a href=\"".$site_sess->url(safe_htmlspecialchars(strip_tags($url)))."\" class=\"navlink\">".$title."</a> $extra\n";
admin/admin_global.php
find:
include_once(ROOT_PATH.'admin/admin_functions.php');
insert after:
if ($csrf_protection_enable && $csrf_protection_backend) {
csrf_start();
}
admin/backup.php
find:
if (is_file(ROOT_PATH.DATABASE_DIR."/".$file) && $file != "." && $file != ".." && preg_match("/\.sql$/i",$file))
replace with:
if (is_file(ROOT_PATH.DATABASE_DIR."/".$file) && $file != "." && $file != ".." && preg_match("/\.sql/i",$file))
admin/checkimages.php
find and delete (line 345):
$image_thumb_file = "";
find:
$search_words[$image_column] = stripslashes($HTTP_POST_VARS[$image_column.'_'.$i]);
insert after:
if ($image_column == 'image_keywords') {
$search_words[$image_column] = explode(',', $search_words[$image_column]);
}
find:
echo "<td>Found in: ".(($cat_name == "" && !$key) ? "[root folder]" : "$cat_name (ID:$key)")."</td>\n";
replace with:
echo "<td>" . $lang['cni_foundin'] . ": ".(($cat_name == "" && !$key) ? "[root folder]" : "$cat_name (ID:$key)")."</td>\n";
admin/images.php
find:
$search_words[$image_column] = stripslashes($HTTP_POST_VARS[$image_column]);
insert after:
if ($image_column == 'image_keywords') {
$search_words[$image_column] = explode(',', $search_words[$image_column]);
}
find:
$search_words[$image_column] = stripslashes($HTTP_POST_VARS[$image_column.'_'.$i]);
insert after:
if ($image_column == 'image_keywords') {
$search_words[$image_column] = explode(',', $search_words[$image_column]);
}
admin/validateimages.php
find:
$search_words[$image_column] = $image_cache[$key][$image_column];
insert after:
if ($image_column == 'image_keywords') {
$search_words[$image_column] = explode(',', $search_words[$image_column]);
}
admin/plugins/migrate_keywords.php
find:
"image_keywords" => $image_keywords,
replace with:
"image_keywords" => explode(',', $image_keywords),
includes files
includes/constants.php
find:
define('MAX_SEARCH_KEYWORD_LENGTH', 25);
replace with:
define('MAX_SEARCH_KEYWORD_LENGTH', 60);
find:
define('SCRIPT_VERSION', '1.7.8');
replace with:
define('SCRIPT_VERSION', '1.7.9');
includes/page_header.php
find:
$site_template->un_register_vars("user_loginform");
unset($user_box);
}
insert after:
if ($csrf_protection_enable && $csrf_protection_frontend) {
csrf_start(true);
}
includes/search_utils.php
find:
function prepare_searchwords($val, $for_search = false)
{
$val = strip_tags(trim($val));
$val = convert_special($val);
$val = strtolower($val);
$val = preg_replace('/[\n\r]+/', ',', $val);
if ($for_search) {
$search_array = array(
"/\s+\+/",
"/\s+\-/"
replace with:
function prepare_searchwords($val, $for_search = false)
{
if (!is_array($val)) {
$val = strip_tags(trim($val));
$val = convert_special($val);
$val = strtolower($val);
$val = preg_replace('/[\n\r]+/', ',', $val);
if ($for_search) {
$search_array = array(
"/\s+\+/",
"/\s+\-/"
);
$replace_array = array(
" and ",
" not "
);
$val = preg_replace($search_array, $replace_array, $val);
} else {
$val = str_replace("*", "", $val);
}
$search_array = array(
"/&(?!(#[0-9]+|[a-z]+);)/si",
"#([^]_a-z0-9-=\"'\/])([a-z]+?)://([^, \(\)<>\n\r]+)#si",
"#([^]_a-z0-9-=\"'\/])www\.([a-z0-9\-]+)\.([a-z0-9\-.\~]+)((?:/[^, \(\)<>\n\r]*)?)#si",
"#[-_'`´]+#s",
"#[\n\t\r^\$\(\)<>\"\|@\?%~\+\.\[\]{}:\/=!§\\\\]+#s"
);
find:
$replace_array = array(
" and ",
" not "
);
replace with:
$replace_array = array(
" ",
" ",
" ",
"",
" "
);
find:
$val = preg_replace($search_array, $replace_array, $val);
} else {
$val = str_replace("*", "", $val);
}
$search_array = array(
"/&(?!(#[0-9]+|[a-z]+);)/si",
"#([^]_a-z0-9-=\"'\/])([a-z]+?)://([^, \(\)<>\n\r]+)#si",
"#([^]_a-z0-9-=\"'\/])www\.([a-z0-9\-]+)\.([a-z0-9\-.\~]+)((?:/[^, \(\)<>\n\r]*)?)#si",
"#[-_'`´]+#s",
"#[\n\t\r^\$\(\)<>\"\|@\?%~\+\.\[\]{}:\/=!§\\\\]+#s"
);
$replace_array = array(
" ",
" ",
" ",
"",
" "
);
$val = preg_replace($search_array, $replace_array, $val);
if (empty($val)) {
return array();
}
replace with:
$val = preg_replace($search_array, $replace_array, $val);
if (empty($val)) {
return array();
}
$split_words = preg_split("/\s+/", $val);
} else {
$split_words = $val;
array_walk($split_words, 'trim_value');
$split_words = array_unique(array_filter($split_words));
}
find and delete:
$split_words = preg_split("/,+/", $val);
find:
}
}
insert after:
if ($for_search) {
// Add whole string for image_keyword search
$clean_words[] = implode(' ', $clean_words);
}
includes/sessions.php
find:
replace with:
(The best way for yourself to compare the code of files is to use Winmerge.)
Root files
global.php
find:
function addslashes_array($array) {
insert before:
if (!function_exists("date_default_timezone_set")) {
function date_default_timezone_set($timezone) {
return true;
}
}
find:
@include(ROOT_PATH.'config.php');
insert before:
// Initialize CSRF protection configuration
$csrf_protection_enable = 1;
$csrf_protection_frontend = 1;
$csrf_protection_backend = 1;
$csrf_protection_expires = 7200;
$csrf_protection_name = '__csrf';
$csrf_protection_xhtml = 1;
find:
include_once(ROOT_PATH.'includes/captcha_utils.php');
insert after:
//-----------------------------------------------------
//--- CSRF protection ---------------------------------
//-----------------------------------------------------
include_once(ROOT_PATH.'includes/csrf_utils.php');
member.php
find:
$search_words[$image_column] = stripslashes($HTTP_POST_VARS[$image_column]);
}
}
remove_searchwords($image_id);
replace with:
$search_words[$image_column] = stripslashes($HTTP_POST_VARS[$image_column]);
if ($image_column == 'image_keywords') {
$search_words[$image_column] = explode(',', $search_words[$image_column]);
}
}
}
remove_searchwords($image_id);
find:
$search_words[$image_column] = stripslashes($HTTP_POST_VARS[$image_column]);
}
}
add_searchwords($image_id, $search_words);
replace with:
$search_words[$image_column] = stripslashes($HTTP_POST_VARS[$image_column]);
if ($image_column == 'image_keywords') {
$search_words[$image_column] = explode(',', $search_words[$image_column]);
}
}
}
add_searchwords($image_id, $search_words);
Admin files
admin/admin_functions.php
find:
echo "<form action=\"".$site_sess->url($phpscript)."\"".$upload." name=\"".$name."\" method=\"post\">\n";
replace with:
echo "<form action=\"".$site_sess->url(safe_htmlspecialchars(strip_tags($phpscript)))."\"".$upload." name=\"".$name."\" method=\"post\">\n";
find:
echo "<a href=\"".$site_sess->url($url)."\"".$target.">[".$text."]</a> ";
replace with:
echo "<a href=\"".$site_sess->url(safe_htmlspecialchars(strip_tags($url)))."\"".$target.">[".$text."]</a> ";
find:
echo "<a href=\"".$site_sess->url($url)."\" class=\"navlink\">".$title."</a> $extra\n";
replace with:
echo "<a href=\"".$site_sess->url(safe_htmlspecialchars(strip_tags($url)))."\" class=\"navlink\">".$title."</a> $extra\n";
admin/admin_global.php
find:
include_once(ROOT_PATH.'admin/admin_functions.php');
insert after:
if ($csrf_protection_enable && $csrf_protection_backend) {
csrf_start();
}
admin/backup.php
find:
if (is_file(ROOT_PATH.DATABASE_DIR."/".$file) && $file != "." && $file != ".." && preg_match("/\.sql$/i",$file))
replace with:
if (is_file(ROOT_PATH.DATABASE_DIR."/".$file) && $file != "." && $file != ".." && preg_match("/\.sql/i",$file))
admin/checkimages.php
find and delete (line 345):
$image_thumb_file = "";
find:
$search_words[$image_column] = stripslashes($HTTP_POST_VARS[$image_column.'_'.$i]);
insert after:
if ($image_column == 'image_keywords') {
$search_words[$image_column] = explode(',', $search_words[$image_column]);
}
find:
echo "<td>Found in: ".(($cat_name == "" && !$key) ? "[root folder]" : "$cat_name (ID:$key)")."</td>\n";
replace with:
echo "<td>" . $lang['cni_foundin'] . ": ".(($cat_name == "" && !$key) ? "[root folder]" : "$cat_name (ID:$key)")."</td>\n";
admin/images.php
find:
$search_words[$image_column] = stripslashes($HTTP_POST_VARS[$image_column]);
insert after:
if ($image_column == 'image_keywords') {
$search_words[$image_column] = explode(',', $search_words[$image_column]);
}
find:
$search_words[$image_column] = stripslashes($HTTP_POST_VARS[$image_column.'_'.$i]);
insert after:
if ($image_column == 'image_keywords') {
$search_words[$image_column] = explode(',', $search_words[$image_column]);
}
admin/validateimages.php
find:
$search_words[$image_column] = $image_cache[$key][$image_column];
insert after:
if ($image_column == 'image_keywords') {
$search_words[$image_column] = explode(',', $search_words[$image_column]);
}
admin/plugins/migrate_keywords.php
find:
"image_keywords" => $image_keywords,
replace with:
"image_keywords" => explode(',', $image_keywords),
includes files
includes/constants.php
find:
define('MAX_SEARCH_KEYWORD_LENGTH', 25);
replace with:
define('MAX_SEARCH_KEYWORD_LENGTH', 60);
find:
define('SCRIPT_VERSION', '1.7.8');
replace with:
define('SCRIPT_VERSION', '1.7.9');
includes/page_header.php
find:
$site_template->un_register_vars("user_loginform");
unset($user_box);
}
insert after:
if ($csrf_protection_enable && $csrf_protection_frontend) {
csrf_start(true);
}
includes/search_utils.php
find:
function prepare_searchwords($val, $for_search = false)
{
$val = strip_tags(trim($val));
$val = convert_special($val);
$val = strtolower($val);
$val = preg_replace('/[\n\r]+/', ',', $val);
if ($for_search) {
$search_array = array(
"/\s+\+/",
"/\s+\-/"
);
replace with:
function prepare_searchwords($val, $for_search = false)
{
if (!is_array($val)) {
$val = strip_tags(trim($val));
$val = convert_special($val);
$val = strtolower($val);
$val = preg_replace('/[\n\r]+/', ',', $val);
if ($for_search) {
$search_array = array(
"/\s+\+/",
"/\s+\-/"
);
$replace_array = array(
" and ",
" not "
);
$val = preg_replace($search_array, $replace_array, $val);
} else {
$val = str_replace("*", "", $val);
}
$search_array = array(
"/&(?!(#[0-9]+|[a-z]+);)/si",
"#([^]_a-z0-9-=\"'\/])([a-z]+?)://([^, \(\)<>\n\r]+)#si",
"#([^]_a-z0-9-=\"'\/])www\.([a-z0-9\-]+)\.([a-z0-9\-.\~]+)((?:/[^, \(\)<>\n\r]*)?)#si",
"#[-_'`´]+#s",
"#[\n\t\r^\$\(\)<>\"\|@\?%~\+\.\[\]{}:\/=!§\\\\]+#s"
);
find:
$replace_array = array(
" and ",
" not "
);
replace with:
$replace_array = array(
" ",
" ",
" ",
"",
" "
);
find:
$val = preg_replace($search_array, $replace_array, $val);
} else {
$val = str_replace("*", "", $val);
}
$search_array = array(
"/&(?!(#[0-9]+|[a-z]+);)/si",
"#([^]_a-z0-9-=\"'\/])([a-z]+?)://([^, \(\)<>\n\r]+)#si",
"#([^]_a-z0-9-=\"'\/])www\.([a-z0-9\-]+)\.([a-z0-9\-.\~]+)((?:/[^, \(\)<>\n\r]*)?)#si",
"#[-_'`´]+#s",
"#[\n\t\r^\$\(\)<>\"\|@\?%~\+\.\[\]{}:\/=!§\\\\]+#s"
);
$replace_array = array(
" ",
" ",
" ",
"",
" "
);
$val = preg_replace($search_array, $replace_array, $val);
if (empty($val)) {
return array();
}
replace with:
$val = preg_replace($search_array, $replace_array, $val);
if (empty($val)) {
return array();
}
$split_words = preg_split("/\s+/", $val);
} else {
$split_words = $val;
array_walk($split_words, 'trim_value');
$split_words = array_unique(array_filter($split_words));
}
find and delete:
$split_words = preg_split("/,+/", $val);
find:
$len = strlen(preg_replace("/&(#[0-9]+|[a-z]+);/siU", "_", $word));
if ($len >= MIN_SEARCH_KEYWORD_LENGTH && $len <= MAX_SEARCH_KEYWORD_LENGTH && !in_array($word, $stopword_list)) {
$clean_words[] = $word;
}
}
insert after:
if ($for_search) {
// Add whole string for image_keyword search
$clean_words[] = implode(' ', $clean_words);
}
includes/sessions.php
find:
if (@ini_get('register_globals')) {
replace with:
$register_globals = strtolower(@ini_get('register_globals'));
if ($register_globals && $register_globals != "off" && $register_globals != "false") {