Vergleich admin/inc/functions.php - 1.8.30 - 1.8.37

  Keine Änderungen   Hinzugefügt   Modifiziert   Entfernt
Zeile 266Zeile 266
		$db->delete_query("forumpermissions", "fid='{$fid}' AND gid='{$usergroup['gid']}'");

// Only insert the new ones if we're using custom permissions

		$db->delete_query("forumpermissions", "fid='{$fid}' AND gid='{$usergroup['gid']}'");

// Only insert the new ones if we're using custom permissions

		if($inherit[$usergroup['gid']] != 1)

		if(empty($inherit[$usergroup['gid']]))

		{

		{

			if($canview[$usergroup['gid']] == 1)

			if(!empty($canview[$usergroup['gid']]))

			{
$pview = 1;
}

			{
$pview = 1;
}

Zeile 277Zeile 277
				$pview = 0;
}


				$pview = 0;
}


			if($canpostthreads[$usergroup['gid']] == 1)

			if(!empty($canpostthreads[$usergroup['gid']]))

			{
$pthreads = 1;
}

			{
$pthreads = 1;
}

Zeile 286Zeile 286
				$pthreads = 0;
}


				$pthreads = 0;
}


			if($canpostreplies[$usergroup['gid']] == 1)

			if(!empty($canpostreplies[$usergroup['gid']]))

			{
$preplies = 1;
}

			{
$preplies = 1;
}

Zeile 295Zeile 295
				$preplies = 0;
}


				$preplies = 0;
}


			if($canpostpolls[$usergroup['gid']] == 1)

			if(!empty($canpostpolls[$usergroup['gid']]))

			{
$ppolls = 1;
}

			{
$ppolls = 1;
}

Zeile 329Zeile 329
					continue;
}


					continue;
}


				$insertquery[$db->escape_string($field)] = (int)$existing_permissions[$field];

				$insertquery[$db->escape_string($field)] = isset($existing_permissions[$field]) ? (int)$existing_permissions[$field] : 0;

			}

$db->insert_query("forumpermissions", $insertquery);

			}

$db->insert_query("forumpermissions", $insertquery);

Zeile 667Zeile 667
function check_template($template)
{
// Check to see if our database password is in the template

function check_template($template)
{
// Check to see if our database password is in the template

	if(preg_match('#\$config\[(([\'|"]database[\'|"])|([^\'"].*?))\]\[(([\'|"](database|hostname|password|table_prefix|username)[\'|"])|([^\'"].*?))\]#i', $template)) 

	if(preg_match('#\$config\[(([\'|"]database[\'|"])|([^\'"].*?))\]\[(([\'|"](database|hostname|password|table_prefix|username)[\'|"])|([^\'"].*?))\]#i', $template) !== 0)

	{
return true;
}

// System calls via backtick

	{
return true;
}

// System calls via backtick

	if(preg_match('#\$\s*\{#', $template))

	if(preg_match('#\$\s*\{#', $template) !== 0)

	{
return true;
}

// Any other malicious acts?
// Courtesy of ZiNgA BuRgA

	{
return true;
}

// Any other malicious acts?
// Courtesy of ZiNgA BuRgA

	if(preg_match("~\\{\\$.+?\\}~s", preg_replace('~\\{\\$+[a-zA-Z_][a-zA-Z_0-9]*((?:-\\>|\\:\\:)\\$*[a-zA-Z_][a-zA-Z_0-9]*|\\[\s*\\$*([\'"]?)[a-zA-Z_ 0-9 ]+\\2\\]\s*)*\\}~', '', $template)))


	$allowed = preg_replace('~\\{\\$+[a-zA-Z_][a-zA-Z_0-9]*((?:-\\>|\\:\\:)\\$*[a-zA-Z_][a-zA-Z_0-9]*|\\[\s*\\$*([\'"]?)[a-zA-Z_ 0-9 ]+\\2\\]\s*)*\\}~', '', $template);
if($allowed === null || preg_match("~\\{\\$.+?\\}~s", $allowed) !== 0)

	{
return true;
}

	{
return true;
}