diff options
| author | Henry Sudhof <kellanved@phpbb.com> | 2007-10-03 15:05:54 +0000 |
|---|---|---|
| committer | Henry Sudhof <kellanved@phpbb.com> | 2007-10-03 15:05:54 +0000 |
| commit | 4defd8a8306fa8daa25427a37fb6db00bff390c7 (patch) | |
| tree | 7914a43cdc9b2d2107e7baeb7061990664bdd841 /phpBB/includes/mcp/mcp_notes.php | |
| parent | 87e2e62c34da983258944db361d9a9b9785737e6 (diff) | |
| download | forums-4defd8a8306fa8daa25427a37fb6db00bff390c7.tar forums-4defd8a8306fa8daa25427a37fb6db00bff390c7.tar.gz forums-4defd8a8306fa8daa25427a37fb6db00bff390c7.tar.bz2 forums-4defd8a8306fa8daa25427a37fb6db00bff390c7.tar.xz forums-4defd8a8306fa8daa25427a37fb6db00bff390c7.zip | |
Ok, here comes a big one. Poor updater. Also requires testing.
#i91
#i92
#i93
#i94
#i95
#i96
git-svn-id: file:///svn/phpbb/trunk@8120 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/mcp/mcp_notes.php')
| -rwxr-xr-x | phpBB/includes/mcp/mcp_notes.php | 40 |
1 files changed, 28 insertions, 12 deletions
diff --git a/phpBB/includes/mcp/mcp_notes.php b/phpBB/includes/mcp/mcp_notes.php index 6e6e1ffdd9..3519e86424 100755 --- a/phpBB/includes/mcp/mcp_notes.php +++ b/phpBB/includes/mcp/mcp_notes.php @@ -74,6 +74,8 @@ class mcp_notes $sk = request_var('sk', 'b'); $sd = request_var('sd', 'd'); + add_form_key('mcp_notes'); + $sql_where = ($user_id) ? "user_id = $user_id" : "username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; $sql = 'SELECT * @@ -121,15 +123,22 @@ class mcp_notes if ($where_sql || $deleteall) { - $sql = 'DELETE FROM ' . LOG_TABLE . ' - WHERE log_type = ' . LOG_USERS . " - AND reportee_id = $user_id - $where_sql"; - $db->sql_query($sql); + if (check_form_key('mcp_notes')) + { + $sql = 'DELETE FROM ' . LOG_TABLE . ' + WHERE log_type = ' . LOG_USERS . " + AND reportee_id = $user_id + $where_sql"; + $db->sql_query($sql); - add_log('admin', 'LOG_CLEAR_USER', $userrow['username']); + add_log('admin', 'LOG_CLEAR_USER', $userrow['username']); - $msg = ($deletemark) ? 'MARKED_NOTES_DELETED' : 'ALL_NOTES_DELETED'; + $msg = ($deletemark) ? 'MARKED_NOTES_DELETED' : 'ALL_NOTES_DELETED'; + } + else + { + $msg = 'FORM_INVALID'; + } $redirect = $this->u_action . '&u=' . $user_id; meta_refresh(3, $redirect); trigger_error($user->lang[$msg] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>')); @@ -138,15 +147,22 @@ class mcp_notes if ($usernote && $action == 'add_feedback') { - add_log('admin', 'LOG_USER_FEEDBACK', $userrow['username']); - add_log('mod', 0, 0, 'LOG_USER_FEEDBACK', $userrow['username']); - - add_log('user', $user_id, 'LOG_USER_GENERAL', $usernote); + if(check_form_key('mcp_notes')) + { + add_log('admin', 'LOG_USER_FEEDBACK', $userrow['username']); + add_log('mod', 0, 0, 'LOG_USER_FEEDBACK', $userrow['username']); + add_log('user', $user_id, 'LOG_USER_GENERAL', $usernote); + $msg = $user->lang['USER_FEEDBACK_ADDED']; + } + else + { + $msg = $user->lang['FORM_INVALID']; + } $redirect = $this->u_action; meta_refresh(3, $redirect); - trigger_error($user->lang['USER_FEEDBACK_ADDED'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>')); + trigger_error($msg . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>')); } // Generate the appropriate user information for the user we are looking at |