PHPY BugץμW[Wj\O
-------------------------------------------------------------------
2003.08.02

1.
ק textview.php
$lang[kdbhome] eאּ PHPY e KDB ׾µ{Ǫ
$lang[nothisday] Nhl~R
$lang[banhisip] [WU
$lang[dispset] [WC
$lang[userpasslen]="|KX(r)WX";
$lang[forumidnot]="w׾¤sbЪ^";
$lang[nonewstitle]="gsDDЪ^";
$lang[nulladmin]="׾¿ﶵgЪ^";
$lang[threadidnot]="w峹sbЪ^";
$lang[messagenot]="wܤsbЪ^";
$lang[themeidnot]="w椣sbЪ^";
$lang[repeatthemename]="W٭ƽЪ^";
$lang[nullforumname]="׾¼D";

2.ץXv|øT IP  IP LĪD
ק cp.php 
 683  N userip אּ regip 
] userip ȥusb onlineuser 

3.ץDŮ]oDDD
ק post.php
 127  
N if(trim($title)==''){ אּ if(trim($title)=='' || trim($title)=='@'){

4.ץ|KXL~D
ק member.php
 81  if(!$email){ WJ
if(strlen($password)>$admin[maxuserlen] || strlen($password)<$admin[minuserlen]){
$message.="<li>$lang[userpasslen] $admin[minuserlen]-$admin[maxuserlen]</li>";
}

5.ץiHoPs覨SesD ĤѼƬO_]n[JP_
ק cp.php 
 134  P  293-294 椤J
if (!$newstitle || $newstitle==' ' || $newstitle=='@'){
my_error($lang[nonewstitle]);
exit;
}

6.ץiHoPs覨SeD
ק cp.php 
N 134  אּ if(!$forumname || $forumname==' ' || $forumname=='@'){
 213-214 椤J 
      if(!$forumname || $forumname==' ' || $forumname=='@'){
        my_error($lang[nullforumname]);
        exit;
      }

7.ץiHoPs覨SW٪
ק cp.php
 360-361 椤J 
      if(!$themename || $themename==' ' || $themename=='@'){
        my_error($lang[nullthemename]);
        exit;
      }
 406-407 椤J 
      if(!$themename || $themename==' ' || $themename=='@'){
        my_error($lang[nullthemename]);
        exit;
      }

8.ץ׾¿ﶵ̨S[JP_
ק cp.php
 19-20 椤J
if(!$sitename || !$siteurl || !$forumname || !$forumurl || !$email || !$annexsize || !$annexext || $dlannexminposts=='' || !$posttwicetime || !$maxtitle || !$maxcontent || !$tpp || !$ppp || !$hotminreads || !$hotminreplies || !$maxkeyword || !$minkeyword || !$messagelife || !$maxmessage || !$avatars || !$apr || !$apc || !$defavatarposts || !$awidth || !$aheight || !$onlinetime || !$administrator || !$moderator || !$guestname || !$forumrule){
        my_error($lang[nulladmin]);
        exit;
}

9.ץ׾¤sbܪD
ק forumdisplay.php
 2-3 [J
   $forum=getdbdata("forum","forumid='$forumid'");
   if(!$forumid || !$forum[forumid]) {
     my_error($lang[forumidnot]);
     exit;
   }

10.ץ峹sbܪD
ק viewthread.php
 10-11 [J
   $threadnot=getdbdata('threads',"threadid='$threadid'");
   if(!$threadid || !$threadnot[threadid]) {
     my_error($lang[threadidnot]);
     exit;
   }

11.ץܤsbܪD
ק message.php
 19-20 [J
   $themessage=getdbdata("sm","smid='$smid'");
   if(!$smid || !$themessage[smid]){
     my_error($lang[messagenot]);
     exit;
   }

12.ץ椣sbܪD
ק cp.php
 414-415 椤J
   $themeidnot=getdbdata("themes","themeid='$themeid'");
   if(!$themeidnot){
     my_error($lang[themeidnot]);
     exit;
   }

13.N kdbhome [W
ק kdb.style
 563-564 [J
<tr><td bgcolor="$themes[altcolor1]" align="center"><img src="images/unionlink.gif" border="0"></td>
<td bgcolor="$themes[altcolor2]" colspan="3"><a href="http://omega.idv.tw/~joksky" target="_blank">$lang[kdbhome]</td>
<td bgcolor="$themes[altcolor1]" align="center">
<img src="images/forumlogo3.gif" border="0" width="103" height="31"></td>
<td bgcolor="$themes[altcolor2]" align="center"><a href="mailto:dykzq@sina.com">Joksky</a></td>
</tr>
========================================================

2003.08.14
1.ץbYǦAW|X{ $phpver ~T
ק header.php
 22  b᭱[J@ @ ~
$phpver=@ereg_replace("([^0-9\.]+)([0-9]+)",'',phpversion());

2.ץsDDLD
ק textview.php
$lang[nonewstitle]="gsDDμDLЪ^";
ק cp.php
 302 P 327  if P_[J || (strlen($newstitle)>255)

3.ץ׾´yzLD
ק textview.php
$lang[nullforumname]="׾¼Dũν׾´yzLЪ^";
ק cp.php
 138 P 218  if P_[J || (strlen($description)>255)

4.ץ׾¦W٨ϥο~ HTML NXLkܪD
ק cp.php
 141-142 P 217-218 椤J $forumname=my_htmlspecialchars($forumname);

5.ץsDDϥο~ HTML NXLkܪD
ק cp.php
 308-309 P 334-335 椤J $newstitle=my_htmlspecialchars($newstitle);

