NexusPHP v1.5 beta4 到 beta5 的改變

擺在這沒啥特別用意，單純是借用一下 syntax highlight 的功能方便手動 patch。
因為有些站台原本用 beta4 架的已經被大幅變更過了。
不知道的也別問這是啥。

diff -Nrupad nexusphp.v1.5.beta4.20100919.with.update3/RELEASENOTE nexusphp.v1.5.beta5.20120301/RELEASENOTE
--- nexusphp.v1.5.beta4.20100919.with.update3/RELEASENOTE	2010-09-19 10:15:58.000000000 +0800
+++ nexusphp.v1.5.beta5.20120301/RELEASENOTE	2012-03-01 23:56:06.000000000 +0800
@@ -1,3 +1,13 @@
+Release note for v1.5 beta 5 20120301
+Fix: several security issues
+Fix: takesignup not checking invitation code
+Fix: function sqlesc() with numeric value
+Fix: sendmail delay issue
+Fix: language file in docleanup()
+Fix: language setting at FAQ and Rules
+Mod: default promotion display type to 'icon'
+thank http://wiki.nexusphp.org for reporting bugs
+
 Release note for v1.5 beta 4 20100919
 Fix: "There is a minimum announce time of 30 seconds", caused by timezone settings. Now you should set correct timezone in php.ini
 Fix: varchar column length exceed 255 characters, which causes errors in MySQL 5.0.3 and later
diff -Nrupad nexusphp.v1.5.beta4.20100919.with.update3/_db/dbstructure.sql nexusphp.v1.5.beta5.20120301/_db/dbstructure.sql
--- nexusphp.v1.5.beta4.20100919.with.update3/_db/dbstructure.sql	2012-02-28 10:29:32.000000000 +0800
+++ nexusphp.v1.5.beta5.20120301/_db/dbstructure.sql	2012-03-01 23:39:26.000000000 +0800
@@ -2415,7 +2415,7 @@ CREATE TABLE IF NOT EXISTS `users` (
   `timetype` enum('timeadded','timealive') DEFAULT 'timealive',
   `appendsticky` enum('yes','no') DEFAULT 'yes',
   `appendnew` enum('yes','no') DEFAULT 'yes',
-  `appendpromotion` enum('highlight','word','icon','off') DEFAULT 'highlight',
+  `appendpromotion` enum('highlight','word','icon','off') DEFAULT 'icon',
   `appendpicked` enum('yes','no') DEFAULT 'yes',
   `dlicon` enum('yes','no') DEFAULT 'yes',
   `bmicon` enum('yes','no') DEFAULT 'yes',
diff -Nrupad nexusphp.v1.5.beta4.20100919.with.update3/announce.php nexusphp.v1.5.beta5.20120301/announce.php
--- nexusphp.v1.5.beta4.20100919.with.update3/announce.php	2010-05-10 13:36:32.000000000 +0800
+++ nexusphp.v1.5.beta5.20120301/announce.php	2012-03-01 22:44:32.000000000 +0800
@@ -60,7 +60,7 @@ if (!$az) err("Invalid passkey! Re-downl
 $userid = 0+$az['id'];
 
 //3. CHECK IF CLIENT IS ALLOWED
-$clicheck_res = check_client($peer_id,$agent,&$client_familyid);
+$clicheck_res = check_client($peer_id,$agent,$client_familyid);
 if($clicheck_res){
 	if ($az['showclienterror'] == 'no')
 	{
diff -Nrupad nexusphp.v1.5.beta4.20100919.with.update3/bannedemails.php nexusphp.v1.5.beta5.20120301/bannedemails.php
--- nexusphp.v1.5.beta4.20100919.with.update3/bannedemails.php	2010-05-08 16:56:26.000000000 +0800
+++ nexusphp.v1.5.beta5.20120301/bannedemails.php	2012-03-01 22:45:26.000000000 +0800
@@ -1,5 +1,4 @@
 <?php
-define("VERSION", "BAN EMAIL");
 require "include/bittorrent.php";
 dbconn();
 loggedinorreturn();
diff -Nrupad nexusphp.v1.5.beta4.20100919.with.update3/faq.php nexusphp.v1.5.beta5.20120301/faq.php
--- nexusphp.v1.5.beta4.20100919.with.update3/faq.php	2010-05-09 21:35:52.000000000 +0800
+++ nexusphp.v1.5.beta5.20120301/faq.php	2012-03-01 23:32:02.000000000 +0800
@@ -16,9 +16,7 @@ begin_main_frame();
 begin_frame($lang_faq['text_welcome_to'].$SITENAME." - ".$SLOGAN);
 print($lang_faq['text_welcome_content_one'].$lang_faq['text_welcome_content_two']);
 end_frame();
-if ($CURUSER)
-$lang_id = $CURUSER['lang'];
-else
+
 $lang_id = get_guest_lang_id();
 $is_rulelang = get_single_value("language","rule_lang","WHERE id = ".sqlesc($lang_id));
 if (!$is_rulelang){
diff -Nrupad nexusphp.v1.5.beta4.20100919.with.update3/include/cleanup.php nexusphp.v1.5.beta5.20120301/include/cleanup.php
--- nexusphp.v1.5.beta4.20100919.with.update3/include/cleanup.php	2010-06-16 23:35:32.000000000 +0800
+++ nexusphp.v1.5.beta5.20120301/include/cleanup.php	2012-03-01 23:36:26.000000000 +0800
@@ -2,7 +2,6 @@
 # IMPORTANT: Do not edit below unless you know what you are doing!
 if(!defined('IN_TRACKER'))
 die('Hacking attempt!');
-require_once($rootpath . '/lang/_target/lang_cleanup.php');
 
 function printProgress($msg) {
 	echo $msg.'...done<br />';
@@ -18,6 +17,9 @@ function docleanup($forceAll = 0, $print
 	global $neverdelete_account, $neverdeletepacked_account, $deletepacked_account, $deleteunpacked_account, $deletenotransfer_account, $deletenotransfertwo_account, $deletepeasant_account, $psdlone_account, $psratioone_account, $psdltwo_account, $psratiotwo_account, $psdlthree_account, $psratiothree_account, $psdlfour_account, $psratiofour_account, $psdlfive_account, $psratiofive_account, $putime_account, $pudl_account, $puprratio_account, $puderatio_account, $eutime_account, $eudl_account, $euprratio_account, $euderatio_account, $cutime_account, $cudl_account, $cuprratio_account, $cuderatio_account, $iutime_account, $iudl_account, $iuprratio_account, $iuderatio_account, $vutime_account, $vudl_account, $vuprratio_account, $vuderatio_account, $exutime_account, $exudl_account, $exuprratio_account, $exuderatio_account, $uutime_account, $uudl_account, $uuprratio_account, $uuderatio_account, $nmtime_account, $nmdl_account, $nmprratio_account, $nmderatio_account, $getInvitesByPromotion_class;
 	global $enablenoad_advertisement, $noad_advertisement;
 	global $Cache;
+	global $rootpath;
+
+	require_once($rootpath . '/lang/_target/lang_cleanup.php');
 
 	set_time_limit(0);
 	ignore_user_abort(1);
diff -Nrupad nexusphp.v1.5.beta4.20100919.with.update3/include/core.php nexusphp.v1.5.beta5.20120301/include/core.php
--- nexusphp.v1.5.beta4.20100919.with.update3/include/core.php	2010-09-19 10:09:22.000000000 +0800
+++ nexusphp.v1.5.beta5.20120301/include/core.php	2012-03-01 22:46:16.000000000 +0800
@@ -2,7 +2,7 @@
 if(!defined('IN_TRACKER'))
   die('Hacking attempt!');
 error_reporting(E_ERROR | E_PARSE);
-ini_set('display_errors', 1);
+ini_set('display_errors', 0);
 include_once($rootpath . 'classes/class_cache.php'); //Require the caching class
 $Cache = NEW CACHE(); //Load the caching class
 $Cache->setLanguageFolderArray(get_langfolder_list());
diff -Nrupad nexusphp.v1.5.beta4.20100919.with.update3/include/functions.php nexusphp.v1.5.beta5.20120301/include/functions.php
--- nexusphp.v1.5.beta4.20100919.with.update3/include/functions.php	2010-09-19 10:07:36.000000000 +0800
+++ nexusphp.v1.5.beta5.20120301/include/functions.php	2012-03-01 23:10:18.000000000 +0800
@@ -1841,8 +1841,6 @@ function autoclean() {
 }
 
 function unesc($x) {
-	if (get_magic_quotes_gpc())
-	return stripslashes($x);
 	return $x;
 }
 
@@ -3330,9 +3328,6 @@ function GetVar ($name) {
 	} else {
 		if ( !isset($_REQUEST[$name]) )
 		return false;
-		if ( get_magic_quotes_gpc() ) {
-			$_REQUEST[$name] = ssr($_REQUEST[$name]);
-		}
 		$GLOBALS[$name] = $_REQUEST[$name];
 		return $GLOBALS[$name];
 	}
diff -Nrupad nexusphp.v1.5.beta4.20100919.with.update3/include/functions_announce.php nexusphp.v1.5.beta5.20120301/include/functions_announce.php
--- nexusphp.v1.5.beta4.20100919.with.update3/include/functions_announce.php	2010-09-19 10:10:14.000000000 +0800
+++ nexusphp.v1.5.beta5.20120301/include/functions_announce.php	2012-03-01 23:16:00.000000000 +0800
@@ -167,7 +167,7 @@ function ipv4_to_compact($ip, $port)
 	return $compact;
 }
 
-function check_client($peer_id, $agent, $agent_familyid)
+function check_client($peer_id, $agent, &$agent_familyid)
 {
 	global $BASEURL, $Cache;
 
@@ -296,7 +296,7 @@ function check_client($peer_id, $agent, 
 
 	if($allowed_flag_peer_id && $allowed_flag_agent)
 	{
-		if($exception = 'yes')
+		if($exception == 'yes')
 		{
 			if (!$clients_exp = $Cache->get_value('allowed_client_exception_family_'.$family_id.'_list')){
 				$clients_exp = array();
diff -Nrupad nexusphp.v1.5.beta4.20100919.with.update3/include/globalfunctions.php nexusphp.v1.5.beta5.20120301/include/globalfunctions.php
--- nexusphp.v1.5.beta4.20100919.with.update3/include/globalfunctions.php	2010-05-14 16:27:34.000000000 +0800
+++ nexusphp.v1.5.beta5.20120301/include/globalfunctions.php	2012-03-01 23:10:36.000000000 +0800
@@ -73,14 +73,7 @@ function sql_query($query)
 }
 
 function sqlesc($value) {
-	// Stripslashes
-	if (get_magic_quotes_gpc()) {
-		$value = stripslashes($value);
-	}
-	// Quote if not a number or a numeric string
-	if (!is_numeric($value)) {
 		$value = "'" . mysql_real_escape_string($value) . "'";
-	}
 	return $value;
 }
 
diff -Nrupad nexusphp.v1.5.beta4.20100919.with.update3/lang/_target/lang_cleanup.php nexusphp.v1.5.beta5.20120301/lang/_target/lang_cleanup.php
--- nexusphp.v1.5.beta4.20100919.with.update3/lang/_target/lang_cleanup.php	2009-11-25 23:43:50.000000000 +0800
+++ nexusphp.v1.5.beta5.20120301/lang/_target/lang_cleanup.php	2012-03-01 23:29:26.000000000 +0800
@@ -7,7 +7,7 @@ $lang_cleanup_target = array
 	'msg_your_ratio_warning_removed' => "Your warning of low ratio have been removed and auto-promoted to [b]User[/b]. We highly recommend you to keep a your ratio up to not be warned again.\n",
 	'msg_promoted_to' => "Promoted to ",
 	'msg_now_you_are' => "Congratulations, you have been auto-promoted to [b]",
-	'msg_see_faq' => "[/b]. :)\nPlease see the [b][url=faq.php#idid22]FAQ[/url][/b] for what you can do now.\n",
+	'msg_see_faq' => "[/b]. :)\nPlease see the [b][url=faq.php#id22]FAQ[/url][/b] for what you can do now.\n",
 	'msg_demoted_to' => "Demoted to ",
 	'msg_demoted_from' => "You have been auto-demoted from [b]",
 	'msg_to' => "[/b] to [b]",
diff -Nrupad nexusphp.v1.5.beta4.20100919.with.update3/rules.php nexusphp.v1.5.beta5.20120301/rules.php
--- nexusphp.v1.5.beta4.20100919.with.update3/rules.php	2010-05-09 21:45:16.000000000 +0800
+++ nexusphp.v1.5.beta5.20120301/rules.php	2012-03-01 23:31:44.000000000 +0800
@@ -11,9 +11,7 @@ $Cache->add_whole_row();
 //make_folder("cache/" , get_langfolder_cookie());
 //cache_check ('rules');
 begin_main_frame();
-if ($CURUSER)
-$lang_id = $CURUSER['lang'];
-else
+
 $lang_id = get_guest_lang_id();
 $is_rulelang = get_single_value("language","rule_lang","WHERE id = ".sqlesc($lang_id));
 if (!$is_rulelang){
diff -Nrupad nexusphp.v1.5.beta4.20100919.with.update3/takeinvite.php nexusphp.v1.5.beta5.20120301/takeinvite.php
--- nexusphp.v1.5.beta4.20100919.with.update3/takeinvite.php	2010-05-08 17:06:42.000000000 +0800
+++ nexusphp.v1.5.beta5.20120301/takeinvite.php	2012-03-01 23:19:14.000000000 +0800
@@ -47,6 +47,9 @@ $hash  = md5(mt_rand(1,10000).$CURUSER['
 
 $title = $SITENAME.$lang_takeinvite['mail_tilte'];
 
+sql_query("INSERT INTO invites (inviter, invitee, hash, time_invited) VALUES ('".mysql_real_escape_string($id)."', '".mysql_real_escape_string($email)."', '".mysql_real_escape_string($hash)."', " . sqlesc(date("Y-m-d H:i:s")) . ")");
+sql_query("UPDATE users SET invites = invites - 1 WHERE id = ".mysql_real_escape_string($id)."") or sqlerr(__FILE__, __LINE__);
+
 $message = <<<EOD
 {$lang_takeinvite['mail_one']}{$arr[username]}{$lang_takeinvite['mail_two']}
 <b><a href="javascript:void(null)" onclick="window.open('http://$BASEURL/signup.php?type=invite&invitenumber=$hash')">{$lang_takeinvite['mail_here']}</a></b><br />
@@ -59,9 +62,6 @@ EOD;
 sent_mail($email,$SITENAME,$SITEEMAIL,change_email_encode(get_langfolder_cookie(), $title),change_email_encode(get_langfolder_cookie(),$message),"invitesignup",false,false,'',get_email_encode(get_langfolder_cookie()));
 //this email is sent only when someone give out an invitation
 
-sql_query("INSERT INTO invites (inviter, invitee, hash, time_invited) VALUES ('".mysql_real_escape_string($id)."', '".mysql_real_escape_string($email)."', '".mysql_real_escape_string($hash)."', " . sqlesc(date("Y-m-d H:i:s")) . ")");
-sql_query("UPDATE users SET invites = invites - 1 WHERE id = ".mysql_real_escape_string($id)."") or sqlerr(__FILE__, __LINE__);
-
 header("Refresh: 0; url=invite.php?id=".htmlspecialchars($id)."&sent=1");
 ?> 
   
diff -Nrupad nexusphp.v1.5.beta4.20100919.with.update3/takesignup.php nexusphp.v1.5.beta5.20120301/takesignup.php
--- nexusphp.v1.5.beta4.20100919.with.update3/takesignup.php	2010-05-12 18:51:02.000000000 +0800
+++ nexusphp.v1.5.beta5.20120301/takesignup.php	2012-03-01 23:21:12.000000000 +0800
@@ -51,6 +51,14 @@ if ($type=='invite')
 $inviter =  $_POST["inviter"];
 	int_check($inviter);
 $code = unesc($_POST["hash"]);
+
+//check invite code
+	$sq = sprintf("SELECT inviter FROM invites WHERE hash ='%s'",mysql_real_escape_string($code));
+	$res = sql_query($sq) or sqlerr(__FILE__, __LINE__);
+	$inv = mysql_fetch_assoc($res);
+	if (!$inv)
+		bark('invalid invite code');
+
 $ip = getip();
 
 
@@ -175,6 +183,19 @@ http://$BASEURL/confirm_resend.php
 {$lang_takesignup['mail_five']}
 EOD;
 
+if ($type == 'invite')
+{
+//don't forget to delete confirmed invitee's hash code from table invites
+sql_query("DELETE FROM invites WHERE hash = '".mysql_real_escape_string($code)."'");
+$dt = sqlesc(date("Y-m-d H:i:s"));
+$subject = sqlesc($lang_takesignup_target[get_user_lang($inviter)]['msg_invited_user_has_registered']);
+$msg = sqlesc($lang_takesignup_target[get_user_lang($inviter)]['msg_user_you_invited'].$usern.$lang_takesignup_target[get_user_lang($inviter)]['msg_has_registered']);
+//sql_query("UPDATE users SET uploaded = uploaded + 10737418240 WHERE id = $inviter"); //add 10GB to invitor's uploading credit
+sql_query("INSERT INTO messages (sender, receiver, subject, added, msg) VALUES(0, $inviter, $subject, $dt, $msg)") or sqlerr(__FILE__, __LINE__);
+$Cache->delete_value('user_'.$inviter.'_unread_message_count');
+$Cache->delete_value('user_'.$inviter.'_inbox_count');
+}
+
 if ($verification == 'admin'){
 	if ($type == 'invite')
 	header("Location: " . get_protocol_prefix() . "$BASEURL/ok.php?type=inviter");
@@ -188,16 +209,5 @@ else{
 	sent_mail($send_email,$SITENAME,$SITEEMAIL,change_email_encode(get_langfolder_cookie(), $title),change_email_encode(get_langfolder_cookie(),$body),"signup",false,false,'',get_email_encode(get_langfolder_cookie()));
 	header("Location: " . get_protocol_prefix() . "$BASEURL/ok.php?type=signup&email=" . rawurlencode($send_email));
 }
-if ($type == 'invite')
-{
-//don't forget to delete confirmed invitee's hash code from table invites
-sql_query("DELETE FROM invites WHERE hash = '".mysql_real_escape_string($code)."'");
-$dt = sqlesc(date("Y-m-d H:i:s"));
-$subject = sqlesc($lang_takesignup_target[get_user_lang($inviter)]['msg_invited_user_has_registered']);
-$msg = sqlesc($lang_takesignup_target[get_user_lang($inviter)]['msg_user_you_invited'].$usern.$lang_takesignup_target[get_user_lang($inviter)]['msg_has_registered']);
-//sql_query("UPDATE users SET uploaded = uploaded + 10737418240 WHERE id = $inviter"); //add 10GB to invitor's uploading credit
-sql_query("INSERT INTO messages (sender, receiver, subject, added, msg) VALUES(0, $inviter, $subject, $dt, $msg)") or sqlerr(__FILE__, __LINE__);
-$Cache->delete_value('user_'.$inviter.'_unread_message_count');
-$Cache->delete_value('user_'.$inviter.'_inbox_count');
-}
+
 ?>
diff -Nrupad nexusphp.v1.5.beta4.20100919.with.update3/takeupload.php nexusphp.v1.5.beta5.20120301/takeupload.php
--- nexusphp.v1.5.beta4.20100919.with.update3/takeupload.php	2010-05-10 02:30:14.000000000 +0800
+++ nexusphp.v1.5.beta5.20120301/takeupload.php	2012-03-01 23:12:08.000000000 +0800
@@ -205,8 +205,6 @@ function hex_esc2($matches) {
 
 //die(phpinfo());
 
-//die("magic:" . get_magic_quotes_gpc());
-
 //die("\\' pos:" . strpos($infohash,"\\") . ", after sqlesc:" . (strpos(sqlesc($infohash),"\\") == false ? "gone" : strpos(sqlesc($infohash),"\\")));
 
 //die(preg_replace_callback('/./s', "hex_esc2", $infohash));
diff -Nrupad nexusphp.v1.5.beta4.20100919.with.update3/viewsnatches.php nexusphp.v1.5.beta5.20120301/viewsnatches.php
--- nexusphp.v1.5.beta4.20100919.with.update3/viewsnatches.php	2010-06-03 14:23:06.000000000 +0800
+++ nexusphp.v1.5.beta5.20120301/viewsnatches.php	2012-03-01 23:28:10.000000000 +0800
@@ -44,7 +44,7 @@ if ($count){
 		$downrate = $arr["leechtime"] > 0 ? mksize($arr["downloaded"] / $arr["leechtime"]) : mksize(0);
 		//end
 
-		$highlight = $CURUSER["id"] == $arr["id"] ? " bgcolor=#00A527" : "";
+		$highlight = $CURUSER["id"] == $arr["userid"] ? " bgcolor=#00A527" : "";
 		$userrow = get_user_row($arr['userid']);
 		if ($userrow['privacy'] == 'strong'){
 			$username = $lang_viewsnatches['text_anonymous'];

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

diff -Nrupad nexusphp.v1.5.beta4.20100919.with.update3/RELEASENOTE nexusphp.v1.5.beta5.20120301/RELEASENOTE

--- nexusphp.v1.5.beta4.20100919.with.update3/RELEASENOTE 2010-09-19 10:15:58.000000000 +0800

+++ nexusphp.v1.5.beta5.20120301/RELEASENOTE 2012-03-01 23:56:06.000000000 +0800

@@ -1,3 +1,13 @@

+Release note for v1.5 beta 5 20120301

+Fix: several security issues

+Fix: takesignup not checking invitation code

+Fix: function sqlesc() with numeric value

+Fix: sendmail delay issue

+Fix: language file in docleanup()

+Fix: language setting at FAQ and Rules

+Mod: default promotion display type to 'icon'

+thank http://wiki.nexusphp.org for reporting bugs

Release note for v1.5 beta 4 20100919

Fix: "There is a minimum announce time of 30 seconds", caused by timezone settings. Now you should set correct timezone in php.ini

Fix: varchar column length exceed 255 characters, which causes errors in MySQL 5.0.3 and later

diff -Nrupad nexusphp.v1.5.beta4.20100919.with.update3/_db/dbstructure.sql nexusphp.v1.5.beta5.20120301/_db/dbstructure.sql

--- nexusphp.v1.5.beta4.20100919.with.update3/_db/dbstructure.sql 2012-02-28 10:29:32.000000000 +0800

+++ nexusphp.v1.5.beta5.20120301/_db/dbstructure.sql 2012-03-01 23:39:26.000000000 +0800

@@ -2415,7 +2415,7 @@ CREATE TABLE IF NOT EXISTS `users` (

`timetype` enum('timeadded','timealive') DEFAULT 'timealive',

`appendsticky` enum('yes','no') DEFAULT 'yes',

`appendnew` enum('yes','no') DEFAULT 'yes',

- `appendpromotion` enum('highlight','word','icon','off') DEFAULT 'highlight',

+ `appendpromotion` enum('highlight','word','icon','off') DEFAULT 'icon',

`appendpicked` enum('yes','no') DEFAULT 'yes',

`dlicon` enum('yes','no') DEFAULT 'yes',

`bmicon` enum('yes','no') DEFAULT 'yes',

diff -Nrupad nexusphp.v1.5.beta4.20100919.with.update3/announce.php nexusphp.v1.5.beta5.20120301/announce.php

--- nexusphp.v1.5.beta4.20100919.with.update3/announce.php 2010-05-10 13:36:32.000000000 +0800

+++ nexusphp.v1.5.beta5.20120301/announce.php 2012-03-01 22:44:32.000000000 +0800

@@ -60,7 +60,7 @@ if (!$az) err("Invalid passkey! Re-downl

$userid = 0+$az['id'];

//3. CHECK IF CLIENT IS ALLOWED

-$clicheck_res = check_client($peer_id,$agent,&$client_familyid);

+$clicheck_res = check_client($peer_id,$agent,$client_familyid);

if($clicheck_res){

if ($az['showclienterror'] == 'no')

{

diff -Nrupad nexusphp.v1.5.beta4.20100919.with.update3/bannedemails.php nexusphp.v1.5.beta5.20120301/bannedemails.php

--- nexusphp.v1.5.beta4.20100919.with.update3/bannedemails.php 2010-05-08 16:56:26.000000000 +0800

+++ nexusphp.v1.5.beta5.20120301/bannedemails.php 2012-03-01 22:45:26.000000000 +0800

@@ -1,5 +1,4 @@

<?php

-define("VERSION", "BAN EMAIL");

require "include/bittorrent.php";

dbconn();

loggedinorreturn();

diff -Nrupad nexusphp.v1.5.beta4.20100919.with.update3/faq.php nexusphp.v1.5.beta5.20120301/faq.php

--- nexusphp.v1.5.beta4.20100919.with.update3/faq.php 2010-05-09 21:35:52.000000000 +0800

+++ nexusphp.v1.5.beta5.20120301/faq.php 2012-03-01 23:32:02.000000000 +0800

@@ -16,9 +16,7 @@ begin_main_frame();

begin_frame($lang_faq['text_welcome_to'].$SITENAME." - ".$SLOGAN);

print($lang_faq['text_welcome_content_one'].$lang_faq['text_welcome_content_two']);

end_frame();

-if ($CURUSER)

-$lang_id = $CURUSER['lang'];

-else

$lang_id = get_guest_lang_id();

$is_rulelang = get_single_value("language","rule_lang","WHERE id = ".sqlesc($lang_id));

if (!$is_rulelang){

diff -Nrupad nexusphp.v1.5.beta4.20100919.with.update3/include/cleanup.php nexusphp.v1.5.beta5.20120301/include/cleanup.php

--- nexusphp.v1.5.beta4.20100919.with.update3/include/cleanup.php 2010-06-16 23:35:32.000000000 +0800

+++ nexusphp.v1.5.beta5.20120301/include/cleanup.php 2012-03-01 23:36:26.000000000 +0800

@@ -2,7 +2,6 @@

# IMPORTANT: Do not edit below unless you know what you are doing!

if(!defined('IN_TRACKER'))

die('Hacking attempt!');

-require_once($rootpath . '/lang/_target/lang_cleanup.php');

function printProgress($msg) {

echo $msg.'...done<br />';

@@ -18,6 +17,9 @@ function docleanup($forceAll = 0, $print

global $neverdelete_account, $neverdeletepacked_account, $deletepacked_account, $deleteunpacked_account, $deletenotransfer_account, $deletenotransfertwo_account, $deletepeasant_account, $psdlone_account, $psratioone_account, $psdltwo_account, $psratiotwo_account, $psdlthree_account, $psratiothree_account, $psdlfour_account, $psratiofour_account, $psdlfive_account, $psratiofive_account, $putime_account, $pudl_account, $puprratio_account, $puderatio_account, $eutime_account, $eudl_account, $euprratio_account, $euderatio_account, $cutime_account, $cudl_account, $cuprratio_account, $cuderatio_account, $iutime_account, $iudl_account, $iuprratio_account, $iuderatio_account, $vutime_account, $vudl_account, $vuprratio_account, $vuderatio_account, $exutime_account, $exudl_account, $exuprratio_account, $exuderatio_account, $uutime_account, $uudl_account, $uuprratio_account, $uuderatio_account, $nmtime_account, $nmdl_account, $nmprratio_account, $nmderatio_account, $getInvitesByPromotion_class;

global $enablenoad_advertisement, $noad_advertisement;

global $Cache;

+ global $rootpath;

+ require_once($rootpath . '/lang/_target/lang_cleanup.php');

set_time_limit(0);

ignore_user_abort(1);

diff -Nrupad nexusphp.v1.5.beta4.20100919.with.update3/include/core.php nexusphp.v1.5.beta5.20120301/include/core.php

--- nexusphp.v1.5.beta4.20100919.with.update3/include/core.php 2010-09-19 10:09:22.000000000 +0800

+++ nexusphp.v1.5.beta5.20120301/include/core.php 2012-03-01 22:46:16.000000000 +0800

@@ -2,7 +2,7 @@

if(!defined('IN_TRACKER'))

die('Hacking attempt!');

error_reporting(E_ERROR | E_PARSE);

-ini_set('display_errors', 1);

+ini_set('display_errors', 0);

include_once($rootpath . 'classes/class_cache.php'); //Require the caching class

$Cache = NEW CACHE(); //Load the caching class

$Cache->setLanguageFolderArray(get_langfolder_list());

diff -Nrupad nexusphp.v1.5.beta4.20100919.with.update3/include/functions.php nexusphp.v1.5.beta5.20120301/include/functions.php

--- nexusphp.v1.5.beta4.20100919.with.update3/include/functions.php 2010-09-19 10:07:36.000000000 +0800

+++ nexusphp.v1.5.beta5.20120301/include/functions.php 2012-03-01 23:10:18.000000000 +0800

@@ -1841,8 +1841,6 @@ function autoclean() {

}

function unesc($x) {

- if (get_magic_quotes_gpc())

- return stripslashes($x);

return $x;

}

@@ -3330,9 +3328,6 @@ function GetVar ($name) {

} else {

if ( !isset($_REQUEST[$name]) )

return false;

- if ( get_magic_quotes_gpc() ) {

- $_REQUEST[$name] = ssr($_REQUEST[$name]);

- }

$GLOBALS[$name] = $_REQUEST[$name];

return $GLOBALS[$name];

}

diff -Nrupad nexusphp.v1.5.beta4.20100919.with.update3/include/functions_announce.php nexusphp.v1.5.beta5.20120301/include/functions_announce.php

--- nexusphp.v1.5.beta4.20100919.with.update3/include/functions_announce.php 2010-09-19 10:10:14.000000000 +0800

+++ nexusphp.v1.5.beta5.20120301/include/functions_announce.php 2012-03-01 23:16:00.000000000 +0800

@@ -167,7 +167,7 @@ function ipv4_to_compact($ip, $port)

return $compact;

}

-function check_client($peer_id, $agent, $agent_familyid)

+function check_client($peer_id, $agent, &$agent_familyid)

{

global $BASEURL, $Cache;

@@ -296,7 +296,7 @@ function check_client($peer_id, $agent,

if($allowed_flag_peer_id && $allowed_flag_agent)

{

- if($exception = 'yes')

+ if($exception == 'yes')

{

if (!$clients_exp = $Cache->get_value('allowed_client_exception_family_'.$family_id.'_list')){

$clients_exp = array();

diff -Nrupad nexusphp.v1.5.beta4.20100919.with.update3/include/globalfunctions.php nexusphp.v1.5.beta5.20120301/include/globalfunctions.php

--- nexusphp.v1.5.beta4.20100919.with.update3/include/globalfunctions.php 2010-05-14 16:27:34.000000000 +0800

+++ nexusphp.v1.5.beta5.20120301/include/globalfunctions.php 2012-03-01 23:10:36.000000000 +0800

@@ -73,14 +73,7 @@ function sql_query($query)

}

function sqlesc($value) {

- // Stripslashes

- if (get_magic_quotes_gpc()) {

- $value = stripslashes($value);

- }

- // Quote if not a number or a numeric string

- if (!is_numeric($value)) {

$value = "'" . mysql_real_escape_string($value) . "'";

- }

return $value;

}

diff -Nrupad nexusphp.v1.5.beta4.20100919.with.update3/lang/_target/lang_cleanup.php nexusphp.v1.5.beta5.20120301/lang/_target/lang_cleanup.php

--- nexusphp.v1.5.beta4.20100919.with.update3/lang/_target/lang_cleanup.php 2009-11-25 23:43:50.000000000 +0800

+++ nexusphp.v1.5.beta5.20120301/lang/_target/lang_cleanup.php 2012-03-01 23:29:26.000000000 +0800

@@ -7,7 +7,7 @@ $lang_cleanup_target = array

'msg_your_ratio_warning_removed' => "Your warning of low ratio have been removed and auto-promoted to [b]User[/b]. We highly recommend you to keep a your ratio up to not be warned again.\n",

'msg_promoted_to' => "Promoted to ",

'msg_now_you_are' => "Congratulations, you have been auto-promoted to [b]",

- 'msg_see_faq' => "[/b]. :)\nPlease see the [b][url=faq.php#idid22]FAQ[/url][/b] for what you can do now.\n",

+ 'msg_see_faq' => "[/b]. :)\nPlease see the [b][url=faq.php#id22]FAQ[/url][/b] for what you can do now.\n",

'msg_demoted_to' => "Demoted to ",

'msg_demoted_from' => "You have been auto-demoted from [b]",

'msg_to' => "[/b] to [b]",

diff -Nrupad nexusphp.v1.5.beta4.20100919.with.update3/rules.php nexusphp.v1.5.beta5.20120301/rules.php

--- nexusphp.v1.5.beta4.20100919.with.update3/rules.php 2010-05-09 21:45:16.000000000 +0800

+++ nexusphp.v1.5.beta5.20120301/rules.php 2012-03-01 23:31:44.000000000 +0800

@@ -11,9 +11,7 @@ $Cache->add_whole_row();

//make_folder("cache/" , get_langfolder_cookie());

//cache_check ('rules');

begin_main_frame();

-if ($CURUSER)

-$lang_id = $CURUSER['lang'];

-else

$lang_id = get_guest_lang_id();

$is_rulelang = get_single_value("language","rule_lang","WHERE id = ".sqlesc($lang_id));

if (!$is_rulelang){

diff -Nrupad nexusphp.v1.5.beta4.20100919.with.update3/takeinvite.php nexusphp.v1.5.beta5.20120301/takeinvite.php

--- nexusphp.v1.5.beta4.20100919.with.update3/takeinvite.php 2010-05-08 17:06:42.000000000 +0800

+++ nexusphp.v1.5.beta5.20120301/takeinvite.php 2012-03-01 23:19:14.000000000 +0800

@@ -47,6 +47,9 @@ $hash = md5(mt_rand(1,10000).$CURUSER['

$title = $SITENAME.$lang_takeinvite['mail_tilte'];

+sql_query("INSERT INTO invites (inviter, invitee, hash, time_invited) VALUES ('".mysql_real_escape_string($id)."', '".mysql_real_escape_string($email)."', '".mysql_real_escape_string($hash)."', " . sqlesc(date("Y-m-d H:i:s")) . ")");

+sql_query("UPDATE users SET invites = invites - 1 WHERE id = ".mysql_real_escape_string($id)."") or sqlerr(__FILE__, __LINE__);

$message = <<<EOD

{$lang_takeinvite['mail_one']}{$arr[username]}{$lang_takeinvite['mail_two']}

<b><a href="javascript:void(null)" onclick="window.open('http://$BASEURL/signup.php?type=invite&invitenumber=$hash')">{$lang_takeinvite['mail_here']}</a></b><br />

@@ -59,9 +62,6 @@ EOD;

sent_mail($email,$SITENAME,$SITEEMAIL,change_email_encode(get_langfolder_cookie(), $title),change_email_encode(get_langfolder_cookie(),$message),"invitesignup",false,false,'',get_email_encode(get_langfolder_cookie()));

//this email is sent only when someone give out an invitation

-sql_query("INSERT INTO invites (inviter, invitee, hash, time_invited) VALUES ('".mysql_real_escape_string($id)."', '".mysql_real_escape_string($email)."', '".mysql_real_escape_string($hash)."', " . sqlesc(date("Y-m-d H:i:s")) . ")");

-sql_query("UPDATE users SET invites = invites - 1 WHERE id = ".mysql_real_escape_string($id)."") or sqlerr(__FILE__, __LINE__);

header("Refresh: 0; url=invite.php?id=".htmlspecialchars($id)."&sent=1");

diff -Nrupad nexusphp.v1.5.beta4.20100919.with.update3/takesignup.php nexusphp.v1.5.beta5.20120301/takesignup.php

--- nexusphp.v1.5.beta4.20100919.with.update3/takesignup.php 2010-05-12 18:51:02.000000000 +0800

+++ nexusphp.v1.5.beta5.20120301/takesignup.php 2012-03-01 23:21:12.000000000 +0800

@@ -51,6 +51,14 @@ if ($type=='invite')

$inviter = $_POST["inviter"];

int_check($inviter);

$code = unesc($_POST["hash"]);

+//check invite code

+ $sq = sprintf("SELECT inviter FROM invites WHERE hash ='%s'",mysql_real_escape_string($code));

+ $res = sql_query($sq) or sqlerr(__FILE__, __LINE__);

+ $inv = mysql_fetch_assoc($res);

+ if (!$inv)

+ bark('invalid invite code');

$ip = getip();

@@ -175,6 +183,19 @@ http://$BASEURL/confirm_resend.php

{$lang_takesignup['mail_five']}

EOD;

+if ($type == 'invite')

+//don't forget to delete confirmed invitee's hash code from table invites

+sql_query("DELETE FROM invites WHERE hash = '".mysql_real_escape_string($code)."'");

+$dt = sqlesc(date("Y-m-d H:i:s"));

+$subject = sqlesc($lang_takesignup_target[get_user_lang($inviter)]['msg_invited_user_has_registered']);

+$msg = sqlesc($lang_takesignup_target[get_user_lang($inviter)]['msg_user_you_invited'].$usern.$lang_takesignup_target[get_user_lang($inviter)]['msg_has_registered']);

+//sql_query("UPDATE users SET uploaded = uploaded + 10737418240 WHERE id = $inviter"); //add 10GB to invitor's uploading credit

+sql_query("INSERT INTO messages (sender, receiver, subject, added, msg) VALUES(0, $inviter, $subject, $dt, $msg)") or sqlerr(__FILE__, __LINE__);

+$Cache->delete_value('user_'.$inviter.'_unread_message_count');

+$Cache->delete_value('user_'.$inviter.'_inbox_count');

if ($verification == 'admin'){

if ($type == 'invite')

header("Location: " . get_protocol_prefix() . "$BASEURL/ok.php?type=inviter");

@@ -188,16 +209,5 @@ else{

sent_mail($send_email,$SITENAME,$SITEEMAIL,change_email_encode(get_langfolder_cookie(), $title),change_email_encode(get_langfolder_cookie(),$body),"signup",false,false,'',get_email_encode(get_langfolder_cookie()));

header("Location: " . get_protocol_prefix() . "$BASEURL/ok.php?type=signup&email=" . rawurlencode($send_email));

}

-if ($type == 'invite')

-//don't forget to delete confirmed invitee's hash code from table invites

-sql_query("DELETE FROM invites WHERE hash = '".mysql_real_escape_string($code)."'");

-$dt = sqlesc(date("Y-m-d H:i:s"));

-$subject = sqlesc($lang_takesignup_target[get_user_lang($inviter)]['msg_invited_user_has_registered']);

-$msg = sqlesc($lang_takesignup_target[get_user_lang($inviter)]['msg_user_you_invited'].$usern.$lang_takesignup_target[get_user_lang($inviter)]['msg_has_registered']);

-//sql_query("UPDATE users SET uploaded = uploaded + 10737418240 WHERE id = $inviter"); //add 10GB to invitor's uploading credit

-sql_query("INSERT INTO messages (sender, receiver, subject, added, msg) VALUES(0, $inviter, $subject, $dt, $msg)") or sqlerr(__FILE__, __LINE__);

-$Cache->delete_value('user_'.$inviter.'_unread_message_count');

-$Cache->delete_value('user_'.$inviter.'_inbox_count');

diff -Nrupad nexusphp.v1.5.beta4.20100919.with.update3/takeupload.php nexusphp.v1.5.beta5.20120301/takeupload.php

--- nexusphp.v1.5.beta4.20100919.with.update3/takeupload.php 2010-05-10 02:30:14.000000000 +0800

+++ nexusphp.v1.5.beta5.20120301/takeupload.php 2012-03-01 23:12:08.000000000 +0800

@@ -205,8 +205,6 @@ function hex_esc2($matches) {

//die(phpinfo());

-//die("magic:" . get_magic_quotes_gpc());

//die("\\' pos:" . strpos($infohash,"\\") . ", after sqlesc:" . (strpos(sqlesc($infohash),"\\") == false ? "gone" : strpos(sqlesc($infohash),"\\")));

//die(preg_replace_callback('/./s', "hex_esc2", $infohash));

diff -Nrupad nexusphp.v1.5.beta4.20100919.with.update3/viewsnatches.php nexusphp.v1.5.beta5.20120301/viewsnatches.php

--- nexusphp.v1.5.beta4.20100919.with.update3/viewsnatches.php 2010-06-03 14:23:06.000000000 +0800

+++ nexusphp.v1.5.beta5.20120301/viewsnatches.php 2012-03-01 23:28:10.000000000 +0800

@@ -44,7 +44,7 @@ if ($count){

$downrate = $arr["leechtime"] > 0 ? mksize($arr["downloaded"] / $arr["leechtime"]) : mksize(0);

//end

- $highlight = $CURUSER["id"] == $arr["id"] ? " bgcolor=#00A527" : "";

+ $highlight = $CURUSER["id"] == $arr["userid"] ? " bgcolor=#00A527" : "";

$userrow = get_user_row($arr['userid']);

if ($userrow['privacy'] == 'strong'){

$username = $lang_viewsnatches['text_anonymous'];

thanatos' blog

Calendar

Categories

Comments

META

NexusPHP v1.5 beta4 到 beta5 的改變