## EasyMod 0.0.7 compliant
##############################################################
## MOD Title: phpBB 2.0.6 - Security Fix 2003-12-31
## MOD Author: psoTFX < > (psoTFX)
http://www.phpbb.com
## MOD Description:
http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=161943
##
## MOD Version: 1.00
##
## Installation Level: easy
## Installation Time: 3 Minutes
##
## Generator: phpBB2 Mod Maker 0.1.67
##############################################################
## Author Notes:
## Requires the installed EasyMOD Installer by Nuzzy !
## Setzt einen installierten EasyMOD Installer von Nuzzy voraus !
##############################################################
## This MOD is released under the GPL License. Intellectual Property is retained by the MOD Author(s) listed above.
http://www.gnu.org
##############################################################
## For Security Purposes, Please Check
http://www.phpbb.com For The Latest Version Of These Changes
##############################################################
## Before Adding This MOD To Your Forum, You Should Back Up Your Complete Database And All Files Related To This MOD !
##############################################################
#
#-----[ OPEN ]------------------------------------------
#
privmsg.php
#
#-----[ FIND ]------------------------------------------
#
if ( isset($HTTP_POST_VARS['folder']) || isset($HTTP_GET_VARS['folder']) )
{
$folder = ( isset($HTTP_POST_VARS['folder']) ) ? $HTTP_POST_VARS['folder'] : $HTTP_GET_VARS['folder'];
if ( $folder != 'inbox' && $folder != 'outbox' && $folder != 'sentbox' && $folder != 'savebox' )
{
$folder = 'inbox';
}
}
else
{
$folder = 'inbox';
}
#
#-----[ REPLACE WITH ]------------------------------------------
#
if ( isset($HTTP_POST_VARS['folder']) || isset($HTTP_GET_VARS['folder']) )
{
$folder = ( isset($HTTP_POST_VARS['folder']) ) ? $HTTP_POST_VARS['folder'] : $HTTP_GET_VARS['folder'];
$folder = htmlspecialchars($folder);
if ( $folder != 'inbox' && $folder != 'outbox' && $folder != 'sentbox' && $folder != 'savebox' )
{
$folder = 'inbox';
}
}
else
{
$folder = 'inbox';
}
#
#-----[ FIND ]------------------------------------------
#
if ( !empty($HTTP_POST_VARS['mode']) || !empty($HTTP_GET_VARS['mode']) )
{
$mode = ( !empty($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
}
else
{
$mode = '';
}
#
#-----[ REPLACE WITH ]------------------------------------------
#
if ( !empty($HTTP_POST_VARS['mode']) || !empty($HTTP_GET_VARS['mode']) )
{
$mode = ( !empty($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
$mode = htmlspecialchars($mode);
}
else
{
$mode = '';
}
#
#-----[ OPEN ]------------------------------------------
#
groupcp.php
#
#-----[ FIND ]------------------------------------------
#
if ( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) )
{
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
}
else
{
$mode = '';
}
#
#-----[ REPLACE WITH ]------------------------------------------
#
if ( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) )
{
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
$mode = htmlspecialchars($mode);
}
else
{
$mode = '';
}
#
#-----[ FIND ]------------------------------------------
#
if ( ( ( isset($HTTP_POST_VARS['approve']) || isset($HTTP_POST_VARS['deny']) ) && isset($HTTP_POST_VARS['pending_members']) ) || ( isset($HTTP_POST_VARS['remove']) && isset($HTTP_POST_VARS['members']) ) )
{
$members = ( isset($HTTP_POST_VARS['approve']) || isset($HTTP_POST_VARS['deny']) ) ? $HTTP_POST_VARS['pending_members'] : $HTTP_POST_VARS['members'];
$sql_in = '';
for($i = 0; $i < count($members); $i++)
{
$sql_in .= ( ( $sql_in != '' ) ? ', ' : '' ) . $members[$i];
}
#
#-----[ REPLACE WITH ]------------------------------------------
#
if ( ( ( isset($HTTP_POST_VARS['approve']) || isset($HTTP_POST_VARS['deny']) ) && isset($HTTP_POST_VARS['pending_members']) ) || ( isset($HTTP_POST_VARS['remove']) && isset($HTTP_POST_VARS['members']) ) )
{
$members = ( isset($HTTP_POST_VARS['approve']) || isset($HTTP_POST_VARS['deny']) ) ? $HTTP_POST_VARS['pending_members'] : $HTTP_POST_VARS['members'];
$sql_in = '';
for($i = 0; $i < count($members); $i++)
{
$sql_in .= ( ( $sql_in != '' ) ? ', ' : '' ) . intval($members[$i]);
}
#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM
