diff options
| author | Meik Sievertsen <acydburn@phpbb.com> | 2006-06-06 20:53:46 +0000 |
|---|---|---|
| committer | Meik Sievertsen <acydburn@phpbb.com> | 2006-06-06 20:53:46 +0000 |
| commit | dd9ad539fdab80badedf801a816b8a0beafbbf5c (patch) | |
| tree | db8ae8a184b060d5576604cc0dfa723773daedb8 /phpBB/includes | |
| parent | 2c8afb820e3842bed2ab6cec4053e71b5c566985 (diff) | |
| download | forums-dd9ad539fdab80badedf801a816b8a0beafbbf5c.tar forums-dd9ad539fdab80badedf801a816b8a0beafbbf5c.tar.gz forums-dd9ad539fdab80badedf801a816b8a0beafbbf5c.tar.bz2 forums-dd9ad539fdab80badedf801a816b8a0beafbbf5c.tar.xz forums-dd9ad539fdab80badedf801a816b8a0beafbbf5c.zip | |
ok, this one is rather large... the most important change:
re-introduce append_sid: old style continues to work, not a performance hog as it was in 2.0.x -> structure is different
apart from this, code cleanage, bug fixing, etc.
git-svn-id: file:///svn/phpbb/trunk@6015 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes')
80 files changed, 2053 insertions, 1481 deletions
diff --git a/phpBB/includes/acp/acp_attachments.php b/phpBB/includes/acp/acp_attachments.php index cbee63aaf7..976c2b2257 100644 --- a/phpBB/includes/acp/acp_attachments.php +++ b/phpBB/includes/acp/acp_attachments.php @@ -19,7 +19,7 @@ class acp_attachments function main($id, $mode) { global $db, $user, $auth, $template, $cache; - global $config, $SID, $phpbb_admin_path, $phpbb_root_path, $phpEx; + global $config, $phpbb_admin_path, $phpbb_root_path, $phpEx; $user->add_lang(array('posting', 'viewtopic', 'acp/attachments')); @@ -684,7 +684,7 @@ class acp_attachments 'S_NO_IMAGE' => $no_image_select, 'S_FORUM_IDS' => (sizeof($forum_ids)) ? true : false, - 'U_EXTENSIONS' => $phpbb_admin_path . "index.$phpEx$SID&i=$id&mode=extensions", + 'U_EXTENSIONS' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&mode=extensions"), 'L_LEGEND' => $user->lang[strtoupper($action) . '_EXTENSION_GROUP'], ) @@ -1108,7 +1108,7 @@ class acp_attachments // Submit Attachment $attach_sql = $message_parser->attachment_data; - $db->sql_transaction(); + $db->sql_transaction('begin'); $sql = 'INSERT INTO ' . ATTACHMENTS_TABLE . ' ' . $db->sql_build_array('INSERT', $attach_sql); $db->sql_query($sql); diff --git a/phpBB/includes/acp/acp_ban.php b/phpBB/includes/acp/acp_ban.php index 778809d1b0..834fdd19a8 100644 --- a/phpBB/includes/acp/acp_ban.php +++ b/phpBB/includes/acp/acp_ban.php @@ -18,7 +18,7 @@ class acp_ban function main($id, $mode) { global $config, $db, $user, $auth, $template, $cache; - global $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix; + global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix; include($phpbb_root_path . 'includes/functions_user.' . $phpEx); @@ -91,7 +91,7 @@ class acp_ban 'S_USERNAME_BAN' => ($mode == 'user') ? true : false, 'U_ACTION' => $this->u_action, - 'U_FIND_USER' => $phpbb_root_path . "memberlist.$phpEx$SID&mode=searchuser&form=acp_ban&field=ban", + 'U_FIND_USER' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=acp_ban&field=ban'), ) ); } diff --git a/phpBB/includes/acp/acp_bbcodes.php b/phpBB/includes/acp/acp_bbcodes.php index 4f7f4b191b..4dfcaf7e8a 100644 --- a/phpBB/includes/acp/acp_bbcodes.php +++ b/phpBB/includes/acp/acp_bbcodes.php @@ -18,7 +18,7 @@ class acp_bbcodes function main($id, $mode) { global $db, $user, $auth, $template, $cache; - global $config, $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx; + global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx; $user->add_lang('acp/posting'); diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index 60f6706d75..60d3631673 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -20,7 +20,7 @@ class acp_board function main($id, $mode) { global $db, $user, $auth, $template; - global $config, $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx; + global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx; $user->add_lang('acp/board'); @@ -61,6 +61,7 @@ class acp_board 'allow_forum_notify' => array('lang' => 'ALLOW_FORUM_NOTIFY', 'type' => 'radio:yes_no', 'explain' => false), 'allow_namechange' => array('lang' => 'ALLOW_NAME_CHANGE', 'type' => 'radio:yes_no', 'explain' => false), 'allow_attachments' => array('lang' => 'ALLOW_ATTACHMENTS', 'type' => 'radio:yes_no', 'explain' => false), + 'allow_pm_attach' => array('lang' => 'ALLOW_PM_ATTACHMENTS', 'type' => 'radio:yes_no', 'explain' => false), 'allow_bbcode' => array('lang' => 'ALLOW_BBCODE', 'type' => 'radio:yes_no', 'explain' => false), 'allow_smilies' => array('lang' => 'ALLOW_SMILIES', 'type' => 'radio:yes_no', 'explain' => false), 'allow_sig' => array('lang' => 'ALLOW_SIG', 'type' => 'radio:yes_no', 'explain' => false), @@ -112,9 +113,7 @@ class acp_board 'allow_pm_attach' => array('lang' => 'ALLOW_PM_ATTACHMENTS', 'type' => 'radio:yes_no', 'explain' => false), 'auth_download_pm' => array('lang' => 'ALLOW_DOWNLOAD_PM', 'type' => 'radio:yes_no', 'explain' => false), 'allow_sig_pm' => array('lang' => 'ALLOW_SIG_PM', 'type' => 'radio:yes_no', 'explain' => false), -// 'auth_quote_pm' => array('lang' => 'ALLOW_QUOTE_PM', 'type' => 'radio:yes_no', 'explain' => false), 'print_pm' => array('lang' => 'ALLOW_PRINT_PM', 'type' => 'radio:yes_no', 'explain' => false), -// 'email_pm' => array('lang' => 'ALLOW_EMAIL_PM', 'type' => 'radio:yes_no', 'explain' => false), 'forward_pm' => array('lang' => 'ALLOW_FORWARD_PM', 'type' => 'radio:yes_no', 'explain' => false), 'auth_img_pm' => array('lang' => 'ALLOW_IMG_PM', 'type' => 'radio:yes_no', 'explain' => false), 'auth_flash_pm' => array('lang' => 'ALLOW_FLASH_PM', 'type' => 'radio:yes_no', 'explain' => false), @@ -263,6 +262,7 @@ class acp_board 'load_db_track' => array('lang' => 'YES_POST_MARKING', 'type' => 'radio:yes_no', 'explain' => true), 'load_db_lastread' => array('lang' => 'YES_READ_MARKING', 'type' => 'radio:yes_no', 'explain' => true), 'load_online' => array('lang' => 'YES_ONLINE', 'type' => 'radio:yes_no', 'explain' => true), + 'load_online_guests' => array('lang' => 'YES_ONLINE_GUESTS', 'type' => 'radio:yes_no', 'explain' => true), 'load_onlinetrack' => array('lang' => 'YES_ONLINE_TRACK', 'type' => 'radio:yes_no', 'explain' => true), 'load_birthdays' => array('lang' => 'YES_BIRTHDAYS', 'type' => 'radio:yes_no', 'explain' => false), 'load_moderators' => array('lang' => 'YES_MODERATORS', 'type' => 'radio:yes_no', 'explain' => false), @@ -323,6 +323,7 @@ class acp_board 'pass_complex' => array('lang' => 'PASSWORD_TYPE', 'type' => 'select', 'method' => 'select_password_chars', 'explain' => true), 'chg_passforce' => array('lang' => 'FORCE_PASS_CHANGE', 'type' => 'text:3:3', 'explain' => true), 'max_login_attempts' => array('lang' => 'MAX_LOGIN_ATTEMPTS','type' => 'text:3:3', 'explain' => true), + 'tpl_allow_php' => array('lang' => 'TPL_ALLOW_PHP', 'type' => 'radio:yes_no', 'explain' => true), ) ); break; @@ -339,7 +340,8 @@ class acp_board 'board_contact' => array('lang' => 'CONTACT_EMAIL', 'type' => 'text:25:100', 'explain' => true), 'board_email' => array('lang' => 'ADMIN_EMAIL', 'type' => 'text:25:100', 'explain' => true), 'board_email_sig' => array('lang' => 'EMAIL_SIG', 'type' => 'textarea:5:30', 'explain' => true), - + 'board_hide_emails' => array('lang' => 'BOARD_HIDE_EMAILS', 'type' => 'radio:yes_no', 'explain' => true), + 'legend2' => 'SMTP_SETTINGS', 'smtp_delivery' => array('lang' => 'USE_SMTP', 'type' => 'radio:yes_no', 'explain' => true), 'smtp_host' => array('lang' => 'SMTP_SERVER', 'type' => 'text:25:50', 'explain' => false), diff --git a/phpBB/includes/acp/acp_bots.php b/phpBB/includes/acp/acp_bots.php index 070ac75bea..407bf554a5 100644 --- a/phpBB/includes/acp/acp_bots.php +++ b/phpBB/includes/acp/acp_bots.php @@ -18,7 +18,7 @@ class acp_bots function main($id, $mode) { global $config, $db, $user, $auth, $template, $cache; - global $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix; + global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix; $action = request_var('action', ''); $submit = (isset($_POST['submit'])) ? true : false; @@ -86,7 +86,7 @@ class acp_bots } $db->sql_freeresult($result); - $db->sql_transaction(); + $db->sql_transaction('begin'); $sql = 'DELETE FROM ' . BOTS_TABLE . " WHERE bot_id $sql_id"; @@ -142,7 +142,7 @@ class acp_bots if (!sizeof($error)) { - $db->sql_transaction(); + $db->sql_transaction('begin'); // New bot? Create a new user and group entry if ($action == 'add') diff --git a/phpBB/includes/acp/acp_database.php b/phpBB/includes/acp/acp_database.php index 7502cbe8be..fc38a5ed9d 100644 --- a/phpBB/includes/acp/acp_database.php +++ b/phpBB/includes/acp/acp_database.php @@ -18,7 +18,7 @@ class acp_database function main($id, $mode) { global $db, $user, $auth, $template, $table_prefix; - global $config, $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx; + global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx; $user->add_lang('acp/database'); diff --git a/phpBB/includes/acp/acp_disallow.php b/phpBB/includes/acp/acp_disallow.php index 53fde19048..3065b8cceb 100644 --- a/phpBB/includes/acp/acp_disallow.php +++ b/phpBB/includes/acp/acp_disallow.php @@ -18,7 +18,7 @@ class acp_disallow function main($id, $mode) { global $db, $user, $auth, $template, $cache; - global $config, $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx; + global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx; include($phpbb_root_path . 'includes/functions_user.' . $phpEx); diff --git a/phpBB/includes/acp/acp_email.php b/phpBB/includes/acp/acp_email.php index 86ddd5ce56..2109011014 100644 --- a/phpBB/includes/acp/acp_email.php +++ b/phpBB/includes/acp/acp_email.php @@ -18,7 +18,7 @@ class acp_email function main($id, $mode) { global $config, $db, $user, $auth, $template, $cache; - global $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix; + global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix; $user->add_lang('acp/email'); $this->tpl_name = 'acp_email'; @@ -188,7 +188,7 @@ class acp_email } else { - $message = sprintf($user->lang['EMAIL_SEND_ERROR'], '<a href="' . $phpbb_admin_path . "index.$phpEx$SID&i=logs&mode=critical" . '">', '</a>'); + $message = sprintf($user->lang['EMAIL_SEND_ERROR'], '<a href="' . append_sid("{$phpbb_admin_path}index.$phpEx", 'i=logs&mode=critical') . '">', '</a>'); } trigger_error($message . adm_back_link($this->u_action)); } @@ -215,7 +215,7 @@ class acp_email 'U_ACTION' => $this->u_action, 'S_GROUP_OPTIONS' => $select_list, 'USERNAMES' => $usernames, - 'U_FIND_USERNAME' => $phpbb_root_path . "memberlist.$phpEx$SID&mode=searchuser&form=acp_email&field=usernames", + 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=acp_email&field=usernames'), 'SUBJECT' => $subject, 'MESSAGE' => $message, 'S_PRIORITY_OPTIONS' => $s_priority_options) diff --git a/phpBB/includes/acp/acp_forums.php b/phpBB/includes/acp/acp_forums.php index a9e9e727ce..d8d9aadeec 100644 --- a/phpBB/includes/acp/acp_forums.php +++ b/phpBB/includes/acp/acp_forums.php @@ -15,11 +15,11 @@ class acp_forums { var $u_action; var $parent_id = 0; - + function main($id, $mode) { global $db, $user, $auth, $template, $cache; - global $config, $phpbb_admin_path, $phpbb_root_path, $phpEx, $SID; + global $config, $phpbb_admin_path, $phpbb_root_path, $phpEx; $user->add_lang('acp/forums'); $this->tpl_name = 'acp_forums'; @@ -136,7 +136,7 @@ class acp_forums } $errors = $this->update_forum_data($forum_data); - + if (!sizeof($errors)) { $forum_perm_from = request_var('forum_perm_from', 0); @@ -147,7 +147,6 @@ class acp_forums // From the mysql documentation: // Prior to MySQL 4.0.14, the target table of the INSERT statement cannot appear in the FROM clause of the SELECT part of the query. This limitation is lifted in 4.0.14. // Due to this we stay on the safe side if we do the insertion "the manual way" - // Copy permisisons from/to the acl users table (only forum_id gets changed) $sql = 'SELECT user_id, auth_option_id, auth_role_id, auth_setting @@ -225,12 +224,12 @@ class acp_forums // Redirect to permissions $message = ($action == 'add') ? $user->lang['FORUM_CREATED'] : $user->lang['FORUM_UPDATED']; - $message .= '<br /><br />' . sprintf($user->lang['REDIRECT_ACL'], '<a href="' . $phpbb_admin_path . "index.$phpEx$SID&i=permissions" . $acl_url . '">', '</a>'); + $message .= '<br /><br />' . sprintf($user->lang['REDIRECT_ACL'], '<a href="' . append_sid("{$phpbb_admin_path}index.$phpEx", 'i=permissions' . $acl_url) . '">', '</a>'); // redirect directly to permission settings screen if ($action == 'add' && !$forum_perm_from) { - meta_refresh(4, $phpbb_admin_path . "index.$phpEx$SID&i=permissions" . $acl_url); + meta_refresh(4, append_sid("{$phpbb_admin_path}index.$phpEx", 'i=permissions' . $acl_url)); } trigger_error($message . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id)); @@ -244,12 +243,12 @@ class acp_forums { case 'move_up': case 'move_down': - + if (!$forum_id) { trigger_error($user->lang['NO_FORUM'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id)); } - + $sql = 'SELECT parent_id, left_id, right_id FROM ' . FORUMS_TABLE . " WHERE forum_id = $forum_id"; @@ -519,7 +518,7 @@ class acp_forums $db->sql_freeresult($result); $s_show_display_on_index = false; - + if ($forum_data['parent_id'] > 0) { // if this forum is a subforum put the "display on index" checkbox @@ -603,7 +602,7 @@ class acp_forums { trigger_error($user->lang['NO_FORUM'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id)); } - + $forum_data = $this->get_forum_info($forum_id); $subforums_id = array(); @@ -706,12 +705,13 @@ class acp_forums default: $folder_image = ($row['left_id'] + 1 != $row['right_id']) ? '<img src="images/icon_subfolder.gif" width="46" height="25" alt="' . $user->lang['SUBFORUM'] . '" />' : '<img src="images/icon_folder.gif" width="46" height="25" alt="' . $user->lang['FOLDER'] . '" />'; + break; } } $url = $this->u_action . "&parent_id=$this->parent_id&f={$row['forum_id']}"; - - $forum_title = ($forum_type != FORUM_LINK) ? "<a href=\"admin_forums.$phpEx$SID&parent_id=" . $row['forum_id'] . '">' : ''; + + $forum_title = ($forum_type != FORUM_LINK) ? '<a href="' . $this->u_action . '&parent_id=' . $row['forum_id'] . '">' : ''; $forum_title .= $row['forum_name']; $forum_title .= ($forum_type != FORUM_LINK) ? '</a>' : ''; @@ -721,17 +721,16 @@ class acp_forums 'FORUM_DESCRIPTION' => generate_text_for_display($row['forum_desc'], $row['forum_desc_uid'], $row['forum_desc_bitfield']), 'FORUM_TOPICS' => $row['forum_topics'], 'FORUM_POSTS' => $row['forum_posts'], - + 'S_FORUM_LINK' => ($forum_type == FORUM_LINK) ? true : false, 'S_FORUM_POST' => ($forum_type == FORUM_POST) ? true : false, - + 'U_FORUM' => $this->u_action . '&parent_id=' . $row['forum_id'], 'U_MOVE_UP' => $url . '&action=move_up', 'U_MOVE_DOWN' => $url . '&action=move_down', 'U_EDIT' => $url . '&action=edit', 'U_DELETE' => $url . '&action=delete', - 'U_SYNC' => $url . '&action=sync', - ) + 'U_SYNC' => $url . '&action=sync') ); } while ($row = $db->sql_fetchrow($result)); @@ -759,7 +758,6 @@ class acp_forums 'U_SEL_ACTION' => $this->u_action, 'U_ACTION' => $this->u_action . '&parent_id=' . $this->parent_id) ); - } /** @@ -778,7 +776,7 @@ class acp_forums if (!$row) { - trigger_error("Forum #$forum_id does not exist"); + trigger_error("Forum #$forum_id does not exist", E_USER_ERROR); } return $row; @@ -792,7 +790,7 @@ class acp_forums global $db, $user; $errors = array(); - + if (!$forum_data['forum_name']) { $errors[] = $user->lang['FORUM_NAME_EMPTY']; @@ -853,12 +851,13 @@ class acp_forums FROM ' . FORUMS_TABLE . ' WHERE forum_id = ' . $forum_data['parent_id']; $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); - if (!$row = $db->sql_fetchrow($result)) + if (!$row) { trigger_error($user->lang['PARENT_NOT_EXIST'] . adm_back_link($this->u_action . '&' . $this->parent_id)); } - $db->sql_freeresult($result); $sql = 'UPDATE ' . FORUMS_TABLE . ' SET left_id = left_id + 2, right_id = right_id + 2 @@ -878,7 +877,6 @@ class acp_forums $sql = 'SELECT MAX(right_id) AS right_id FROM ' . FORUMS_TABLE; $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); @@ -890,7 +888,7 @@ class acp_forums $db->sql_query($sql); $forum_data['forum_id'] = $db->sql_nextid(); - + add_log('admin', 'LOG_FORUM_ADD', $forum_data['forum_name']); } else @@ -929,19 +927,19 @@ class acp_forums { return $errors; } - + if ($row['parent_id'] != $forum_data['parent_id']) { $errors = $this->move_forum($forum_data['forum_id'], $forum_data['parent_id']); } - + if (sizeof($errors)) { return $errors; } unset($forum_data['type_action']); - + if ($row['forum_name'] != $forum_data['forum_name']) { // the forum name has changed, clear the parents list of child forums @@ -1020,7 +1018,7 @@ class acp_forums // Resync moved branch $to_data['right_id'] += $diff; - + if ($to_data['right_id'] > $from_data['right_id']) { $diff = '+ ' . ($to_data['right_id'] - $from_data['right_id'] - 1); @@ -1036,7 +1034,6 @@ class acp_forums FROM ' . FORUMS_TABLE . ' WHERE forum_id NOT IN (' . implode(', ', $moved_ids) . ')'; $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); @@ -1057,7 +1054,7 @@ class acp_forums global $db; $table_ary = array(LOG_TABLE, POSTS_TABLE, TOPICS_TABLE, DRAFTS_TABLE, TOPICS_TRACK_TABLE); - + foreach ($table_ary as $table) { $sql = "UPDATE $table @@ -1078,8 +1075,7 @@ class acp_forums if ($sync) { - // Delete ghost topics that link back to the same forum - // then resync counters + // Delete ghost topics that link back to the same forum then resync counters sync('topic_moved'); sync('forum', 'forum_id', $to_id); } @@ -1118,16 +1114,17 @@ class acp_forums FROM ' . FORUMS_TABLE . ' WHERE forum_id = ' . $posts_to_id; $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); - if (!$row = $db->sql_fetchrow($result)) + if (!$row) { $errors[] = $user->lang['NO_FORUM']; } else { $posts_to_name = $row['forum_name']; - - $errors = array_merge($errors, $this->move_forum_content($forum_id, $subforums_to_id)); + $errors = array_merge($errors, $this->move_forum_content($forum_id, $posts_to_id)); } } } @@ -1175,8 +1172,10 @@ class acp_forums FROM ' . FORUMS_TABLE . ' WHERE forum_id = ' . $subforums_to_id; $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); - if (!$row = $db->sql_fetchrow($result)) + if (!$row) { $errors[] = $user->lang['NO_FORUM']; } @@ -1238,12 +1237,16 @@ class acp_forums // Delete forum ids from extension groups table $sql = 'SELECT group_id, allowed_forums - FROM ' . EXTENSION_GROUPS_TABLE . " - WHERE allowed_forums <> ''"; + FROM ' . EXTENSION_GROUPS_TABLE; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { + if (!$row['allowed_forums']) + { + continue; + } + $allowed_forums = unserialize(trim($row['allowed_forums'])); $allowed_forums = array_diff($allowed_forums, $forum_ids); @@ -1252,6 +1255,8 @@ class acp_forums WHERE group_id = {$row['group_id']}"; $db->sql_query($sql); } + $db->sql_freeresult($result); + $cache->destroy('_extensions'); $log_action = implode('_', array($log_action_posts, $log_action_forums)); @@ -1261,19 +1266,19 @@ class acp_forums case 'MOVE_POSTS_MOVE_FORUMS': add_log('admin', 'LOG_FORUM_DEL_MOVE_POSTS_MOVE_FORUMS', $posts_to_name, $subforums_to_name, $forum_data['forum_name']); break; - + case 'MOVE_POSTS_FORUMS': add_log('admin', 'LOG_FORUM_DEL_MOVE_POSTS_FORUMS', $posts_to_name, $forum_data['forum_name']); break; - + case 'POSTS_MOVE_FORUMS': add_log('admin', 'LOG_FORUM_DEL_POSTS_MOVE_FORUMS', $subforums_to_name, $forum_data['forum_name']); break; - + case '_MOVE_FORUMS': add_log('admin', 'LOG_FORUM_DEL_MOVE_FORUMS', $subforums_to_name, $forum_data['forum_name']); break; - + case 'MOVE_POSTS_': add_log('admin', 'LOG_FORUM_DEL_MOVE_POSTS', $posts_to_name, $forum_data['forum_name']); break; @@ -1281,11 +1286,11 @@ class acp_forums case 'POSTS_FORUMS': add_log('admin', 'LOG_FORUM_DEL_POSTS_FORUMS', $forum_data['forum_name']); break; - + case '_FORUMS': add_log('admin', 'LOG_FORUM_DEL_FORUMS', $forum_data['forum_name']); break; - + case 'POSTS_': add_log('admin', 'LOG_FORUM_DEL_POSTS', $forum_data['forum_name']); break; @@ -1316,14 +1321,14 @@ class acp_forums AND a.in_message = 0 AND a.topic_id = p.topic_id"; $result = $db->sql_query($sql); - + $topic_ids = array(); while ($row = $db->sql_fetchrow($result)) { $topic_ids[] = $row['topic_id']; } $db->sql_freeresult($result); - + delete_attachments('topic', $topic_ids, false); switch (SQL_LAYER) @@ -1367,7 +1372,7 @@ class acp_forums REPORTS_TABLE, WARNINGS_TABLE, ), - + 'topic_id' => array( BOOKMARKS_TABLE, TOPICS_WATCH_TABLE, @@ -1380,7 +1385,7 @@ class acp_forums foreach ($tables_ary as $field => $tables) { $start = 0; - + do { $sql = "SELECT $field diff --git a/phpBB/includes/acp/acp_groups.php b/phpBB/includes/acp/acp_groups.php index 9a0aa1409d..a216a4d24f 100644 --- a/phpBB/includes/acp/acp_groups.php +++ b/phpBB/includes/acp/acp_groups.php @@ -18,7 +18,7 @@ class acp_groups function main($id, $mode) { global $config, $db, $user, $auth, $template, $cache; - global $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix, $file_uploads; + global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix, $file_uploads; $user->add_lang('acp/groups'); $this->tpl_name = 'acp_groups'; @@ -473,7 +473,7 @@ class acp_groups switch ($back_link) { case 'acp_users_groups': - $u_back = $phpbb_admin_path . "index.$phpEx$SID&i=users&mode=groups&u=" . request_var('u', 0); + $u_back = append_sid("{$phpbb_admin_path}index.$phpEx", 'i=users&mode=groups&u=' . request_var('u', 0)); break; default: @@ -523,8 +523,8 @@ class acp_groups 'GROUP_HIDDEN' => $type_hidden, 'U_BACK' => $u_back, - 'U_SWATCH' => "{$phpbb_admin_path}swatch.$phpEx$SID&form=settings&name=group_colour", - 'UA_SWATCH' => "{$phpbb_admin_path}swatch.$phpEx$SID&form=settings&name=group_colour", + 'U_SWATCH' => append_sid("{$phpbb_admin_path}swatch.$phpEx", 'form=settings&name=group_colour'), + 'UA_SWATCH' => append_sid("{$phpbb_admin_path}swatch.$phpEx", 'form=settings&name=group_colour', false), 'U_ACTION' => "{$this->u_action}&action=$action&g=$group_id", 'L_AVATAR_EXPLAIN' => sprintf($user->lang['AVATAR_EXPLAIN'], $config['avatar_max_width'], $config['avatar_max_height'], round($config['avatar_filesize'] / 1024)), ) @@ -607,13 +607,13 @@ class acp_groups 'U_ACTION' => $this->u_action . "&g=$group_id", 'U_BACK' => $this->u_action, - 'U_FIND_USERNAME' => $phpbb_root_path . "memberlist.$phpEx$SID&mode=searchuser&form=list&field=usernames") + 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=list&field=usernames')) ); foreach ($group_data['leader'] as $row) { $template->assign_block_vars('leader', array( - 'U_USER_EDIT' => $phpbb_admin_path . "index.$phpEx$SID&i=users&action=edit&u={$row['user_id']}", + 'U_USER_EDIT' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=users&action=edit&u={$row['user_id']}"), 'USERNAME' => $row['username'], 'S_GROUP_DEFAULT' => ($row['group_id'] == $group_id) ? true : false, @@ -637,7 +637,7 @@ class acp_groups } $template->assign_block_vars('member', array( - 'U_USER_EDIT' => $phpbb_admin_path . "index.$phpEx$SID&i=users&action=edit&u={$row['user_id']}", + 'U_USER_EDIT' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=users&action=edit&u={$row['user_id']}"), 'USERNAME' => $row['username'], 'S_GROUP_DEFAULT' => ($row['group_id'] == $group_id) ? true : false, diff --git a/phpBB/includes/acp/acp_icons.php b/phpBB/includes/acp/acp_icons.php index 69b37c2427..1f99793462 100644 --- a/phpBB/includes/acp/acp_icons.php +++ b/phpBB/includes/acp/acp_icons.php @@ -19,7 +19,7 @@ class acp_icons function main($id, $mode) { global $db, $user, $auth, $template, $cache; - global $config, $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx; + global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx; $user->add_lang('acp/posting'); @@ -374,6 +374,7 @@ class acp_icons trigger_error($user->lang['WRONG_PAK_TYPE'] . adm_back_link($this->u_action)); } + // Stripslash here because it got addslashed before... (on export) $img = stripslashes($data[1][0]); $width = stripslashes($data[1][1]); $height = stripslashes($data[1][2]); diff --git a/phpBB/includes/acp/acp_jabber.php b/phpBB/includes/acp/acp_jabber.php index c62cede3df..2977859b2f 100644 --- a/phpBB/includes/acp/acp_jabber.php +++ b/phpBB/includes/acp/acp_jabber.php @@ -19,7 +19,7 @@ class acp_jabber function main($id, $mode) { global $db, $user, $auth, $template; - global $config, $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx; + global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx; $user->add_lang('acp/board'); diff --git a/phpBB/includes/acp/acp_language.php b/phpBB/includes/acp/acp_language.php index 3a6ee380ac..2fbe2aec2f 100644 --- a/phpBB/includes/acp/acp_language.php +++ b/phpBB/includes/acp/acp_language.php @@ -24,7 +24,7 @@ class acp_language function main($id, $mode) { global $config, $db, $user, $auth, $template, $cache; - global $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix; + global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix; global $safe_mode, $file_uploads; include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx); @@ -702,9 +702,9 @@ class acp_language $lang_pack = array( 'iso' => $lang_iso, - 'name' => trim(htmlspecialchars(stripslashes($file[0]))), - 'local_name'=> trim(htmlspecialchars(stripslashes($file[1]))), - 'author' => trim(htmlspecialchars(stripslashes($file[2]))) + 'name' => trim(htmlspecialchars($file[0])), + 'local_name'=> trim(htmlspecialchars($file[1])), + 'author' => trim(htmlspecialchars($file[2])) ); unset($file); diff --git a/phpBB/includes/acp/acp_logs.php b/phpBB/includes/acp/acp_logs.php index 33a4ce13c2..038a3b0d3c 100644 --- a/phpBB/includes/acp/acp_logs.php +++ b/phpBB/includes/acp/acp_logs.php @@ -18,7 +18,7 @@ class acp_logs function main($id, $mode) { global $db, $user, $auth, $template, $cache; - global $config, $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx; + global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx; $user->add_lang('mcp'); diff --git a/phpBB/includes/acp/acp_main.php b/phpBB/includes/acp/acp_main.php index 3cc00db36e..292d78973f 100644 --- a/phpBB/includes/acp/acp_main.php +++ b/phpBB/includes/acp/acp_main.php @@ -18,7 +18,7 @@ class acp_main function main($id, $mode) { global $config, $db, $user, $auth, $template; - global $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix; + global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix; $action = request_var('action', ''); $mark = (isset($_REQUEST['mark'])) ? implode(', ', request_var('mark', array(0))) : ''; @@ -49,7 +49,7 @@ class acp_main if ($action == 'activate') { - include($phpbb_root_path . 'includes/functions_user.php'); + include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx); $mark_ary = explode(', ', $mark); foreach ($mark_ary as $user_id) @@ -424,7 +424,7 @@ class acp_main 'UPLOAD_DIR_SIZE' => $upload_dir_size, 'GZIP_COMPRESSION' => ($config['gzip_compress']) ? $user->lang['ON'] : $user->lang['OFF'], - 'U_ACTION' => "{$phpbb_admin_path}index.$phpEx$SID", + 'U_ACTION' => append_sid("{$phpbb_admin_path}index.$phpEx"), 'S_ACTION_OPTIONS' => ($auth->acl_get('a_board')) ? $s_action_options : '', ) @@ -462,7 +462,7 @@ class acp_main 'DATE' => $user->format_date($row['user_regdate']), 'USER_ID' => $row['user_id'], 'USERNAME' => $row['username'], - 'U_USER_ADMIN' => "{$phpbb_admin_path}index.$phpEx$SID&i=users&mode=overview&u={$row['user_id']}") + 'U_USER_ADMIN' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=users&mode=overview&u={$row['user_id']}")) ); } diff --git a/phpBB/includes/acp/acp_modules.php b/phpBB/includes/acp/acp_modules.php index ebb1245c22..f5c7d5fd55 100644 --- a/phpBB/includes/acp/acp_modules.php +++ b/phpBB/includes/acp/acp_modules.php @@ -29,7 +29,7 @@ class acp_modules function main($id, $mode) { global $db, $user, $auth, $template; - global $config, $phpbb_admin_path, $phpbb_root_path, $phpEx, $SID; + global $config, $phpbb_admin_path, $phpbb_root_path, $phpEx; // Set a global define for modules we might include (the author is able to prevent executing of code with this) define('MODULE_INCLUDE', true); diff --git a/phpBB/includes/acp/acp_permission_roles.php b/phpBB/includes/acp/acp_permission_roles.php index c161f8c0f2..8022498f67 100644 --- a/phpBB/includes/acp/acp_permission_roles.php +++ b/phpBB/includes/acp/acp_permission_roles.php @@ -18,7 +18,7 @@ class acp_permission_roles function main($id, $mode) { global $db, $user, $auth, $template, $cache; - global $config, $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx; + global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx; include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx); include_once($phpbb_root_path . 'includes/acp/auth.' . $phpEx); diff --git a/phpBB/includes/acp/acp_permissions.php b/phpBB/includes/acp/acp_permissions.php index 8aa17017cc..79f55a7dd2 100644 --- a/phpBB/includes/acp/acp_permissions.php +++ b/phpBB/includes/acp/acp_permissions.php @@ -19,7 +19,7 @@ class acp_permissions function main($id, $mode) { global $db, $user, $auth, $template, $cache; - global $config, $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx; + global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx; include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx); include_once($phpbb_root_path . 'includes/acp/auth.' . $phpEx); @@ -304,7 +304,7 @@ class acp_permissions $template->assign_vars(array( 'S_SELECT_USER' => true, - 'U_FIND_USERNAME' => $phpbb_root_path . "memberlist.$phpEx$SID&mode=searchuser&form=select_victim&field=username") + 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=select_victim&field=username')) ); break; @@ -435,7 +435,7 @@ class acp_permissions 'S_DEFINED_USER_OPTIONS' => $s_defined_user_options, 'S_DEFINED_GROUP_OPTIONS' => $s_defined_group_options, 'S_ADD_GROUP_OPTIONS' => group_select_options(false, $defined_group_ids), - 'U_FIND_USERNAME' => $phpbb_root_path . "memberlist.$phpEx$SID&mode=searchuser&form=add_user&field=username") + 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=add_user&field=username')) ); break; diff --git a/phpBB/includes/acp/acp_php_info.php b/phpBB/includes/acp/acp_php_info.php index 55f1227c1d..44917bd8fc 100644 --- a/phpBB/includes/acp/acp_php_info.php +++ b/phpBB/includes/acp/acp_php_info.php @@ -18,7 +18,7 @@ class acp_php_info function main($id, $mode) { global $db, $user, $auth, $template; - global $config, $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx; + global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx; if ($mode != 'info') { diff --git a/phpBB/includes/acp/acp_profile.php b/phpBB/includes/acp/acp_profile.php index 9ee89fcf35..4822e9158d 100644 --- a/phpBB/includes/acp/acp_profile.php +++ b/phpBB/includes/acp/acp_profile.php @@ -18,7 +18,7 @@ class acp_profile function main($id, $mode) { global $config, $db, $user, $auth, $template, $cache; - global $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix; + global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix; include($phpbb_root_path . 'includes/functions_posting.' . $phpEx); include($phpbb_root_path . 'includes/functions_user.' . $phpEx); @@ -1386,7 +1386,7 @@ class acp_profile } } - $db->sql_transaction(); + $db->sql_transaction('begin'); if ($action == 'create') { diff --git a/phpBB/includes/acp/acp_prune.php b/phpBB/includes/acp/acp_prune.php index 2214a8c9bd..cb9cf02573 100644 --- a/phpBB/includes/acp/acp_prune.php +++ b/phpBB/includes/acp/acp_prune.php @@ -17,7 +17,7 @@ class acp_prune function main($id, $mode) { - global $user, $phpEx, $SID, $phpbb_admin_path, $phpbb_root_path; + global $user, $phpEx, $phpbb_admin_path, $phpbb_root_path; $user->add_lang('acp/prune'); include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx); @@ -44,7 +44,7 @@ class acp_prune function prune_forums($id, $mode) { global $db, $user, $auth, $template, $cache; - global $config, $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx; + global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx; $forum_id = request_var('f', array(0)); $submit = (isset($_POST['submit'])) ? true : false; @@ -186,7 +186,7 @@ class acp_prune function prune_users($id, $mode) { global $db, $user, $auth, $template, $cache; - global $config, $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx; + global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx; $user->add_lang('memberlist'); @@ -359,7 +359,7 @@ class acp_prune 'S_JOINED_OPTIONS' => $s_find_join_time, 'S_ACTIVE_OPTIONS' => $s_find_active_time, 'S_COUNT_OPTIONS' => $s_find_count, - 'U_FIND_USER' => $phpbb_root_path . "memberlist.$phpEx$SID&mode=searchuser&form=acp_prune&field=users") + 'U_FIND_USER' => append_sid($phpbb_root_path . "memberlist.$phpEx", 'mode=searchuser&form=acp_prune&field=users')) ); } diff --git a/phpBB/includes/acp/acp_ranks.php b/phpBB/includes/acp/acp_ranks.php index 3978ed25ec..f5ec4bae30 100644 --- a/phpBB/includes/acp/acp_ranks.php +++ b/phpBB/includes/acp/acp_ranks.php @@ -18,7 +18,7 @@ class acp_ranks function main($id, $mode) { global $db, $user, $auth, $template, $cache; - global $config, $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx; + global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx; $user->add_lang('acp/posting'); diff --git a/phpBB/includes/acp/acp_reasons.php b/phpBB/includes/acp/acp_reasons.php index 02e06e87f2..0867158eff 100644 --- a/phpBB/includes/acp/acp_reasons.php +++ b/phpBB/includes/acp/acp_reasons.php @@ -18,7 +18,7 @@ class acp_reasons function main($id, $mode) { global $db, $user, $auth, $template, $cache; - global $config, $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx; + global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx; $user->add_lang(array('mcp', 'acp/posting')); diff --git a/phpBB/includes/acp/acp_search.php b/phpBB/includes/acp/acp_search.php index 8a601467dd..cafb3c795d 100644 --- a/phpBB/includes/acp/acp_search.php +++ b/phpBB/includes/acp/acp_search.php @@ -40,7 +40,7 @@ class acp_search function settings($id, $mode) { global $db, $user, $auth, $template, $cache; - global $config, $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx; + global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx; $submit = (isset($_POST['submit'])) ? true : false; @@ -148,7 +148,7 @@ class acp_search { add_log('admin', 'LOG_CONFIG_SEARCH'); } - $extra_message = '<br />' . $user->lang['SWITCHED_SEARCH_BACKEND'] . "<br /><a href=\"{$phpbb_admin_path}index.$phpEx$SID&i=search&mode=index\">» " . $user->lang['GO_TO_SEARCH_INDEX'] . '</a>'; + $extra_message = '<br />' . $user->lang['SWITCHED_SEARCH_BACKEND'] . '<br /><a href="' . append_sid("{$phpbb_admin_path}index.$phpEx", 'i=search&mode=index') . '">» ' . $user->lang['GO_TO_SEARCH_INDEX'] . '</a>'; } else { @@ -197,7 +197,7 @@ class acp_search function index($id, $mode) { global $db, $user, $auth, $template, $cache; - global $config, $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx; + global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx; if (isset($_REQUEST['action']) && is_array($_REQUEST['action'])) { @@ -258,7 +258,7 @@ class acp_search if (method_exists($this->search, 'delete_index')) { // pass a reference to myself so the $search object can make use of save_state() and attributes - if ($error = $this->search->delete_index($this, $phpbb_admin_path . "index.$phpEx$SID&i=$id&mode=$mode&action=delete")) + if ($error = $this->search->delete_index($this, append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&mode=$mode&action=delete", false))) { $this->state = array(''); $this->save_state(); @@ -293,7 +293,7 @@ class acp_search if ($post_counter <= $this->max_post_id) { - redirect($phpbb_admin_path . "index.$phpEx$SID&i=$id&mode=$mode&action=delete", 3); + redirect($this->u_action . '&action=delete', 3); } } @@ -309,7 +309,7 @@ class acp_search if (method_exists($this->search, 'create_index')) { // pass a reference to myself so the $search object can make use of save_state() and attributes - if ($error = $this->search->create_index($this, $phpbb_admin_path . "index.$phpEx$SID&i=$id&mode=$mode&action=create")) + if ($error = $this->search->create_index($this, append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&mode=$mode&action=create", false))) { $this->state = array(''); $this->save_state(); @@ -337,7 +337,7 @@ class acp_search if ($post_counter <= $this->max_post_id) { - redirect($phpbb_admin_path . "index.$phpEx$SID&i=$id&mode=$mode&action=create", 3); + redirect($this->u_action . '&action=create', 3); } } @@ -415,15 +415,15 @@ class acp_search $template->assign_vars(array( 'S_INDEX' => true, 'U_ACTION' => $this->u_action, - 'U_PROGRESS_BAR' => $phpbb_admin_path . "index.$phpEx$SID&i=$id&mode=$mode&action=progress_bar", - 'UA_PROGRESS_BAR' => $phpbb_admin_path . "index.$phpEx$SID&i=$id&mode=$mode&action=progress_bar") + 'U_PROGRESS_BAR' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&mode=$mode&action=progress_bar"), + 'UA_PROGRESS_BAR' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&mode=$mode&action=progress_bar", false)) ); if (isset($this->state[1])) { $template->assign_vars(array( 'S_CONTINUE_INDEXING' => $this->state[1], - 'U_CONTINUE_INDEXING' => $phpbb_admin_path . "index.$phpEx$SID&i=$id&mode=$mode&action=" . $this->state[1], + 'U_CONTINUE_INDEXING' => $this->u_action . '&action=' . $this->state[1], 'L_CONTINUE' => ($this->state[1] == 'create') ? $user->lang['CONTINUE_INDEXING'] : $user->lang['CONTINUE_INDEX_DELETING'], 'L_CONTINUE_EXPLAIN' => ($this->state[1] == 'create') ? $user->lang['CONTINUE_INDEXING_EXPLAIN'] : $user->lang['CONTINUE_INDEX_DELETING_EXPLAIN']) ); diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php index d0257dfed7..548cb743d8 100644 --- a/phpBB/includes/acp/acp_styles.php +++ b/phpBB/includes/acp/acp_styles.php @@ -24,7 +24,7 @@ class acp_styles function main($id, $mode) { global $db, $user, $auth, $template, $cache; - global $config, $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx; + global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx; // Hardcoded template bitfield to add for new templates define('TEMPLATE_BITFIELD', 6921); @@ -332,7 +332,7 @@ pagination_sep = \'{PAGINATION_SEP}\' */ function frontend($mode, $options) { - global $user, $template, $db, $config, $phpbb_root_path, $phpEx, $SID; + global $user, $template, $db, $config, $phpbb_root_path, $phpEx; $sql_from = ''; $style_count = array(); @@ -414,7 +414,7 @@ pagination_sep = \'{PAGINATION_SEP}\' 'U_STYLE_ACT_DEACT' => $this->u_action . '&action=' . $stylevis . '&id=' . $row[$mode . '_id'], 'L_STYLE_ACT_DEACT' => $user->lang['STYLE_' . strtoupper($stylevis)], 'S_OPTIONS' => implode(' | ', $s_options), - 'U_PREVIEW' => ($mode == 'style') ? "{$phpbb_root_path}index.$phpEx$SID&$mode=" . $row[$mode . '_id'] : '', + 'U_PREVIEW' => ($mode == 'style') ? append_sid("{$phpbb_root_path}index.$phpEx", "$mode=" . $row[$mode . '_id']) : '', 'NAME' => $row[$mode . '_name'], 'STYLE_COUNT' => ($mode == 'style' && isset($style_count[$row['style_id']])) ? $style_count[$row['style_id']] : 0, @@ -477,7 +477,7 @@ pagination_sep = \'{PAGINATION_SEP}\' */ function edit_template($template_id) { - global $phpbb_root_path, $phpEx, $SID, $config, $db, $cache, $user, $template, $safe_mode; + global $phpbb_root_path, $phpEx, $config, $db, $cache, $user, $template, $safe_mode; $this->page_title = 'EDIT_TEMPLATE'; @@ -687,7 +687,7 @@ pagination_sep = \'{PAGINATION_SEP}\' */ function template_cache($template_id) { - global $phpbb_root_path, $phpEx, $SID, $config, $db, $cache, $user, $template; + global $phpbb_root_path, $phpEx, $config, $db, $cache, $user, $template; $source = str_replace('/', '.', request_var('source', '')); $file_ary = array_diff(request_var('delete', array('')), array('')); @@ -811,7 +811,7 @@ pagination_sep = \'{PAGINATION_SEP}\' */ function edit_theme($theme_id) { - global $phpbb_root_path, $phpbb_admin_path, $phpEx, $SID, $config, $db, $cache, $user, $template, $safe_mode; + global $phpbb_root_path, $phpbb_admin_path, $phpEx, $config, $db, $cache, $user, $template, $safe_mode; $this->page_title = 'EDIT_THEME'; @@ -1214,8 +1214,8 @@ pagination_sep = \'{PAGINATION_SEP}\' $template->assign_vars(array( 'S_HIDDEN_FIELDS' => build_hidden_fields($s_hidden_fields), - 'U_SWATCH' => "{$phpbb_admin_path}swatch.$phpEx$SID&form=acp_theme&name=", - 'UA_SWATCH' => "{$phpbb_admin_path}swatch.$phpEx$SID&form=acp_theme&name=", + 'U_SWATCH' => append_sid("{$phpbb_admin_path}swatch.$phpEx", 'form=acp_theme') . '&name=', + 'UA_SWATCH' => append_sid("{$phpbb_admin_path}swatch.$phpEx", 'form=acp_theme', false) . '&name=', 'CSS_DATA' => htmlspecialchars($css_data)) ); @@ -2350,7 +2350,7 @@ pagination_sep = \'{PAGINATION_SEP}\' */ function install($mode) { - global $phpbb_root_path, $phpEx, $SID, $config, $db, $cache, $user, $template; + global $phpbb_root_path, $phpEx, $config, $db, $cache, $user, $template; $l_type = strtoupper($mode); @@ -2498,7 +2498,7 @@ pagination_sep = \'{PAGINATION_SEP}\' */ function add($mode) { - global $phpbb_root_path, $phpEx, $SID, $config, $db, $cache, $user, $template; + global $phpbb_root_path, $phpEx, $config, $db, $cache, $user, $template; $l_type = strtoupper($mode); $element_ary = array('template' => STYLES_TPL_TABLE, 'theme' => STYLES_CSS_TABLE, 'imageset' => STYLES_IMAGE_TABLE); diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index 071996d192..8621f30324 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -18,7 +18,7 @@ class acp_users function main($id, $mode) { global $config, $db, $user, $auth, $template, $cache; - global $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix, $file_uploads; + global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix, $file_uploads; $user->add_lang(array('posting', 'ucp', 'acp/users')); $this->tpl_name = 'acp_users'; @@ -68,7 +68,7 @@ class acp_users 'ANONYMOUS_USER_ID' => ANONYMOUS, 'S_SELECT_USER' => true, - 'U_FIND_USERNAME' => $phpbb_root_path . "memberlist.$phpEx$SID&mode=searchuser&form=select_user&field=username", + 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=select_user&field=username'), ) ); @@ -125,7 +125,7 @@ class acp_users $template->assign_vars(array( 'U_BACK' => $this->u_action, - 'U_MODE_SELECT' => "{$phpbb_admin_path}index.$phpEx$SID&i=$id&u=$user_id", + 'U_MODE_SELECT' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&u=$user_id"), 'U_ACTION' => $this->u_action . '&u=' . $user_id, 'S_FORM_OPTIONS' => $s_form_options) ); @@ -729,7 +729,7 @@ class acp_users 'U_SHOW_IP' => $this->u_action . "&u=$user_id&ip=" . (($ip == 'ip') ? 'hostname' : 'ip'), 'U_WHOIS' => $this->u_action . "&action=whois&user_ip={$user_row['user_ip']}", - 'U_SWITCH_PERMISSIONS' => ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_row['user_id']) ? "{$phpbb_root_path}ucp.$phpEx$SID&mode=switch_perm&u={$user_row['user_id']}" : '', + 'U_SWITCH_PERMISSIONS' => ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_row['user_id']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", "mode=switch_perm&u={$user_row['user_id']}") : '', 'USER' => $user_row['username'], 'USER_REGISTERED' => $user->format_date($user_row['user_regdate']), @@ -1494,7 +1494,7 @@ class acp_users 'S_SMILIES_CHECKED' => (!$enable_smilies) ? 'checked="checked"' : '', 'S_MAGIC_URL_CHECKED' => (!$enable_urls) ? 'checked="checked"' : '', - 'BBCODE_STATUS' => ($config['allow_sig_bbcode']) ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . $phpbb_root_path . "faq.$phpEx$SID&mode=bbcode" . '" onclick="target=\'_phpbbcode\';">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . "{$phpbb_root_path}faq.$phpEx$SID&mode=bbcode" . '" onclick="target=\'_phpbbcode\';">', '</a>'), + 'BBCODE_STATUS' => ($config['allow_sig_bbcode']) ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '" onclick="target=\'_phpbbcode\';">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '" onclick="target=\'_phpbbcode\';">', '</a>'), 'SMILIES_STATUS' => ($config['allow_sig_smilies']) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'], 'IMG_STATUS' => ($config['allow_sig_img']) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'], 'FLASH_STATUS' => ($config['allow_sig_flash']) ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'], @@ -1596,11 +1596,11 @@ class acp_users { if ($row['in_message']) { - $view_topic = "{$phpbb_root_path}ucp.$phpEx$SID&i=pm&p={$row['post_msg_id']}"; + $view_topic = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&p={$row['post_msg_id']}"); } else { - $view_topic = "{$phpbb_root_path}viewtopic.$phpEx$SID&t={$row['topic_id']}&p={$row['post_msg_id']}#{$row['post_msg_id']}"; + $view_topic = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "t={$row['topic_id']}&p={$row['post_msg_id']}#{$row['post_msg_id']}"); } $template->assign_block_vars('attach', array( @@ -1618,7 +1618,7 @@ class acp_users 'S_IN_MESSAGE' => $row['in_message'], - 'U_DOWNLOAD' => $phpbb_root_path . 'download.' . $phpEx . $SID . '&id=' . $row['attach_id'], + 'U_DOWNLOAD' => append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . $row['attach_id']), 'U_VIEW_TOPIC' => $view_topic) ); } @@ -1757,7 +1757,7 @@ class acp_users foreach ($data_ary as $data) { $template->assign_block_vars('group', array( - 'U_EDIT_GROUP' => "{$phpbb_admin_path}index.$phpEx$SID&i=groups&mode=manage&action=edit&u=$user_id&g=" . $data['group_id'] . '&back_link=acp_users_groups', + 'U_EDIT_GROUP' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=groups&mode=manage&action=edit&u=$user_id&g={$data['group_id']}&back_link=acp_users_groups"), 'U_DEFAULT' => $this->u_action . "&action=default&u=$user_id&g=" . $data['group_id'], 'U_DEMOTE_PROMOTE' => $this->u_action . '&action=' . (($data['group_leader']) ? 'demote' : 'promote') . "&u=$user_id&g=" . $data['group_id'], 'U_DELETE' => $this->u_action . "&action=delete&u=$user_id&g=" . $data['group_id'], @@ -1819,8 +1819,8 @@ class acp_users $template->assign_vars(array( 'S_PERMISSIONS' => true, - 'U_USER_PERMISSIONS' => $phpbb_admin_path . 'index.' . $phpEx . $SID . '&i=permissions&mode=setting_user_global&user_id[]=' . $user_id, - 'U_USER_FORUM_PERMISSIONS' => $phpbb_admin_path . 'index.' . $phpEx . $SID . '&i=permissions&mode=setting_user_local&user_id[]=' . $user_id) + 'U_USER_PERMISSIONS' => append_sid("{$phpbb_admin_path}index.$phpEx" ,'i=permissions&mode=setting_user_global&user_id[]=' . $user_id), + 'U_USER_FORUM_PERMISSIONS' => append_sid("{$phpbb_admin_path}index.$phpEx", 'i=permissions&mode=setting_user_local&user_id[]=' . $user_id)) ); break; diff --git a/phpBB/includes/acp/acp_words.php b/phpBB/includes/acp/acp_words.php index ef75eedcba..155443f04b 100644 --- a/phpBB/includes/acp/acp_words.php +++ b/phpBB/includes/acp/acp_words.php @@ -19,7 +19,7 @@ class acp_words function main($id, $mode) { global $db, $user, $auth, $template, $cache; - global $config, $SID, $phpbb_root_path, $phpbb_admin_path, $phpEx; + global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx; $user->add_lang('acp/posting'); diff --git a/phpBB/includes/acp/auth.php b/phpBB/includes/acp/auth.php index 7007c05104..3da19f5c0b 100644 --- a/phpBB/includes/acp/auth.php +++ b/phpBB/includes/acp/auth.php @@ -271,7 +271,7 @@ class auth_admin extends auth */ function display_mask($mode, $permission_type, &$hold_ary, $user_mode = 'user', $local = false, $group_display = true) { - global $template, $user, $db, $phpbb_root_path, $phpEx, $SID; + global $template, $user, $db, $phpbb_root_path, $phpEx; // Define names for template loops, might be able to be set $tpl_pmask = 'p_mask'; @@ -570,7 +570,7 @@ class auth_admin extends auth */ function display_role_mask(&$hold_ary) { - global $db, $template, $user, $phpbb_root_path, $phpbb_admin_path, $phpEx, $SID; + global $db, $template, $user, $phpbb_root_path, $phpbb_admin_path, $phpEx; if (!sizeof($hold_ary)) { @@ -610,7 +610,7 @@ class auth_admin extends auth $template->assign_block_vars('role_mask.users', array( 'USER_ID' => $row['user_id'], 'USERNAME' => $row['username'], - 'U_PROFILE' => "{$phpbb_root_path}memberlist.$phpEx$SID&mode=viewprofile&u={$row['user_id']}") + 'U_PROFILE' => append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=viewprofile&u={$row['user_id']}")) ); } $db->sql_freeresult($result); @@ -629,7 +629,7 @@ class auth_admin extends auth $template->assign_block_vars('role_mask.groups', array( 'GROUP_ID' => $row['group_id'], 'GROUP_NAME' => ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name'], - 'U_PROFILE' => $phpbb_root_path . "memberlist.$phpEx$SID&mode=group&g={$row['group_id']}") + 'U_PROFILE' => append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=group&g={$row['group_id']}")) ); } $db->sql_freeresult($result); @@ -1083,7 +1083,7 @@ class auth_admin extends auth */ function assign_cat_array(&$category_array, $tpl_cat, $tpl_mask, $ug_id, $forum_id, $show_trace = false) { - global $template, $user, $phpbb_admin_path, $phpEx, $SID; + global $template, $user, $phpbb_admin_path, $phpEx; foreach ($category_array as $cat => $cat_array) { @@ -1107,7 +1107,7 @@ class auth_admin extends auth 'FIELD_NAME' => $permission, 'S_FIELD_NAME' => 'setting[' . $ug_id . '][' . $forum_id . '][' . $permission . ']', - 'U_TRACE' => ($show_trace) ? "{$phpbb_admin_path}index.$phpEx$SID&i=permissions&mode=trace&u=$ug_id&f=$forum_id&auth=$permission" : '', + 'U_TRACE' => ($show_trace) ? append_sid("{$phpbb_admin_path}index.$phpEx", "i=permissions&mode=trace&u=$ug_id&f=$forum_id&auth=$permission") : '', 'PERMISSION' => $user->lang['acl_' . $permission]['lang']) ); diff --git a/phpBB/includes/auth.php b/phpBB/includes/auth.php index d9887d569d..edeb72aee6 100644 --- a/phpBB/includes/auth.php +++ b/phpBB/includes/auth.php @@ -310,17 +310,17 @@ class auth function acl_cache(&$userdata) { global $db; - + // Empty user_permissions $userdata['user_permissions'] = ''; - + $hold_ary = $this->acl_raw_data($userdata['user_id'], false, false); if (isset($hold_ary[$userdata['user_id']])) { $hold_ary = $hold_ary[$userdata['user_id']]; } - + // Key 0 in $hold_ary are global options, all others are forum_ids // If this user is founder we're going to force fill the admin options ... @@ -508,9 +508,9 @@ class auth ), 'WHERE' => '(ao.auth_option_id = a.auth_option_id OR ao.auth_option_id = r.auth_option_id) - ' . (($sql_user) ? 'AND a.' . $sql_user : '') . " - $sql_forum - $sql_opts", + ' . (($sql_user) ? 'AND a.' . $sql_user : '') . " + $sql_forum + $sql_opts", 'ORDER_BY' => 'a.forum_id, ao.auth_option' )); @@ -541,10 +541,10 @@ class auth ), 'WHERE' => '(ao.auth_option_id = a.auth_option_id OR ao.auth_option_id = r.auth_option_id) - AND a.group_id = ug.group_id - ' . (($sql_user) ? 'AND ug.' . $sql_user : '') . " - $sql_forum - $sql_opts", + AND a.group_id = ug.group_id + ' . (($sql_user) ? 'AND ug.' . $sql_user : '') . " + $sql_forum + $sql_opts", 'ORDER_BY' => 'a.forum_id, ao.auth_option' )); @@ -561,7 +561,7 @@ class auth if ($setting == ACL_NO) { $flag = substr($row['auth_option'], 0, strpos($row['auth_option'], '_') + 1); - + if (isset($hold_ary[$row['user_id']][$row['forum_id']][$flag]) && $hold_ary[$row['user_id']][$row['forum_id']][$flag] == ACL_YES) { unset($hold_ary[$row['user_id']][$row['forum_id']][$flag]); @@ -622,9 +622,9 @@ class auth ), 'WHERE' => '(ao.auth_option_id = a.auth_option_id OR ao.auth_option_id = r.auth_option_id) - ' . (($sql_user) ? 'AND a.' . $sql_user : '') . " - $sql_forum - $sql_opts", + ' . (($sql_user) ? 'AND a.' . $sql_user : '') . " + $sql_forum + $sql_opts", 'ORDER_BY' => 'a.forum_id, ao.auth_option' )); @@ -667,12 +667,12 @@ class auth // Grab group settings... $sql = $db->sql_build_query('SELECT', array( 'SELECT' => 'a.group_id, ao.auth_option, a.forum_id, a.auth_setting, a.auth_role_id, r.auth_setting as role_auth_setting', - + 'FROM' => array( ACL_OPTIONS_TABLE => 'ao', ACL_GROUPS_TABLE => 'a' ), - + 'LEFT_JOIN' => array( array( 'FROM' => array(ACL_ROLES_DATA_TABLE => 'r'), @@ -681,9 +681,9 @@ class auth ), 'WHERE' => '(ao.auth_option_id = a.auth_option_id OR ao.auth_option_id = r.auth_option_id) - ' . (($sql_group) ? 'AND a.' . $sql_group : '') . " - $sql_forum - $sql_opts", + ' . (($sql_group) ? 'AND a.' . $sql_group : '') . " + $sql_forum + $sql_opts", 'ORDER_BY' => 'a.forum_id, ao.auth_option' )); @@ -701,13 +701,12 @@ class auth /** * Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him. - * @todo replace this with a new system */ function login($username, $password, $autologin = false, $viewonline = 1, $admin = 0) { global $config, $db, $user, $phpbb_root_path, $phpEx; - $method = trim($config['auth_method']); + $method = trim(basename($config['auth_method'])); if (file_exists($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx)) { diff --git a/phpBB/includes/db/dbal.php b/phpBB/includes/db/dbal.php index 4900486a9e..3ad4bf86ba 100644 --- a/phpBB/includes/db/dbal.php +++ b/phpBB/includes/db/dbal.php @@ -121,6 +121,48 @@ class dbal } /** + * SQL Transaction + * @private + */ + function sql_transaction($status = 'begin') + { + switch ($status) + { + case 'begin': + // Commit previously opened transaction before opening another transaction + if ($this->transaction) + { + $this->_sql_transaction('commit'); + } + + $result = $this->_sql_transaction('begin'); + $this->transaction = true; + break; + + case 'commit': + $result = $this->_sql_transaction('commit'); + $this->transaction = false; + + if (!$result) + { + $this->_sql_transaction('rollback'); + } + break; + + case 'rollback': + $result = $this->_sql_transaction('rollback'); + $this->transaction = false; + break; + + default: + $result = $this->_sql_transaction($status); + break; + } + + return $result; + } + + /** * Build sql statement from array for insert/update/select statements * * Idea for this from Ikonboard @@ -328,7 +370,7 @@ class dbal */ function sql_report($mode, $query = '') { - global $cache, $starttime, $phpbb_root_path, $user, $SID; + global $cache, $starttime, $phpbb_root_path, $user; if (empty($_GET['explain'])) { diff --git a/phpBB/includes/db/firebird.php b/phpBB/includes/db/firebird.php index 61d76e275c..616e064176 100644 --- a/phpBB/includes/db/firebird.php +++ b/phpBB/includes/db/firebird.php @@ -49,37 +49,27 @@ class dbal_firebird extends dbal } /** - * sql transaction + * SQL Transaction + * @private */ - function sql_transaction($status = 'begin') + function _sql_transaction($status = 'begin') { switch ($status) { case 'begin': - $result = true; - $this->transaction = true; + return true; break; case 'commit': - $result = @ibase_commit(); - $this->transaction = false; - - if (!$result) - { - @ibase_rollback(); - } + return @ibase_commit(); break; case 'rollback': - $result = @ibase_rollback(); - $this->transaction = false; + return @ibase_rollback(); break; - - default: - $result = true; } - return $result; + return true; } /** diff --git a/phpBB/includes/db/mssql.php b/phpBB/includes/db/mssql.php index c700525577..ef6f406edc 100644 --- a/phpBB/includes/db/mssql.php +++ b/phpBB/includes/db/mssql.php @@ -56,37 +56,27 @@ class dbal_mssql extends dbal } /** - * sql transaction + * SQL Transaction + * @private */ - function sql_transaction($status = 'begin') + function _sql_transaction($status = 'begin') { switch ($status) { case 'begin': - $result = @mssql_query('BEGIN TRANSACTION', $this->db_connect_id); - $this->transaction = true; + return @mssql_query('BEGIN TRANSACTION', $this->db_connect_id); break; case 'commit': - $result = @mssql_query('commit', $this->db_connect_id); - $this->transaction = false; - - if (!$result) - { - @mssql_query('ROLLBACK', $this->db_connect_id); - } + return @mssql_query('commit', $this->db_connect_id); break; case 'rollback': - $result = @mssql_query('ROLLBACK', $this->db_connect_id); - $this->transaction = false; + return @mssql_query('ROLLBACK', $this->db_connect_id); break; - - default: - $result = true; } - return $result; + return true; } /** diff --git a/phpBB/includes/db/mssql_odbc.php b/phpBB/includes/db/mssql_odbc.php index 4ae5339a62..0ae0d7e770 100644 --- a/phpBB/includes/db/mssql_odbc.php +++ b/phpBB/includes/db/mssql_odbc.php @@ -50,40 +50,31 @@ class dbal_mssql_odbc extends dbal } /** - * sql transaction + * SQL Transaction + * @private */ - function sql_transaction($status = 'begin') + function _sql_transaction($status = 'begin') { switch ($status) { case 'begin': - $result = @odbc_autocommit($this->db_connect_id, false); - $this->transaction = true; + return @odbc_autocommit($this->db_connect_id, false); break; case 'commit': $result = @odbc_commit($this->db_connect_id); @odbc_autocommit($this->db_connect_id, true); - $this->transaction = false; - - if (!$result) - { - @odbc_rollback($this->db_connect_id); - @odbc_autocommit($this->db_connect_id, true); - } + return $result; break; case 'rollback': $result = @odbc_rollback($this->db_connect_id); @odbc_autocommit($this->db_connect_id, true); - $this->transaction = false; + return $result; break; - - default: - $result = true; } - return $result; + return true; } /** diff --git a/phpBB/includes/db/mysql.php b/phpBB/includes/db/mysql.php index c31132b990..f346663d56 100644 --- a/phpBB/includes/db/mysql.php +++ b/phpBB/includes/db/mysql.php @@ -56,37 +56,27 @@ class dbal_mysql extends dbal } /** - * sql transaction + * SQL Transaction + * @private */ - function sql_transaction($status = 'begin') + function _sql_transaction($status = 'begin') { switch ($status) { case 'begin': - $result = @mysql_query('BEGIN', $this->db_connect_id); - $this->transaction = true; + return @mysql_query('BEGIN', $this->db_connect_id); break; case 'commit': - $result = @mysql_query('COMMIT', $this->db_connect_id); - $this->transaction = false; - - if (!$result) - { - @mysql_query('ROLLBACK', $this->db_connect_id); - } + return @mysql_query('COMMIT', $this->db_connect_id); break; case 'rollback': - $result = @mysql_query('ROLLBACK', $this->db_connect_id); - $this->transaction = false; + return @mysql_query('ROLLBACK', $this->db_connect_id); break; - - default: - $result = true; } - return $result; + return true; } /** diff --git a/phpBB/includes/db/mysql4.php b/phpBB/includes/db/mysql4.php index 26da6432c1..d98a8069e8 100644 --- a/phpBB/includes/db/mysql4.php +++ b/phpBB/includes/db/mysql4.php @@ -58,37 +58,27 @@ class dbal_mysql4 extends dbal } /** - * sql transaction + * SQL Transaction + * @private */ - function sql_transaction($status = 'begin') + function _sql_transaction($status = 'begin') { switch ($status) { case 'begin': - $result = @mysql_query('BEGIN', $this->db_connect_id); - $this->transaction = true; + return @mysql_query('BEGIN', $this->db_connect_id); break; case 'commit': - $result = @mysql_query('COMMIT', $this->db_connect_id); - $this->transaction = false; - - if (!$result) - { - @mysql_query('ROLLBACK', $this->db_connect_id); - } + return @mysql_query('COMMIT', $this->db_connect_id); break; case 'rollback': - $result = @mysql_query('ROLLBACK', $this->db_connect_id); - $this->transaction = false; + return @mysql_query('ROLLBACK', $this->db_connect_id); break; - - default: - $result = true; } - return $result; + return true; } /** diff --git a/phpBB/includes/db/mysqli.php b/phpBB/includes/db/mysqli.php index 1a969684a2..cdcdc58d87 100644 --- a/phpBB/includes/db/mysqli.php +++ b/phpBB/includes/db/mysqli.php @@ -58,40 +58,31 @@ class dbal_mysqli extends dbal } /** - * sql transaction + * SQL Transaction + * @private */ - function sql_transaction($status = 'begin') + function _sql_transaction($status = 'begin') { switch ($status) { case 'begin': - $result = @mysqli_autocommit($this->db_connect_id, false); - $this->transaction = true; + return @mysqli_autocommit($this->db_connect_id, false); break; case 'commit': $result = @mysqli_commit($this->db_connect_id); @mysqli_autocommit($this->db_connect_id, true); - $this->transaction = false; - - if (!$result) - { - @mysqli_rollback($this->db_connect_id); - @mysqli_autocommit($this->db_connect_id, true); - } + return $result; break; case 'rollback': $result = @mysqli_rollback($this->db_connect_id); @mysqli_autocommit($this->db_connect_id, true); - $this->transaction = false; + return $result; break; - - default: - $result = true; } - return $result; + return true; } /** diff --git a/phpBB/includes/db/oracle.php b/phpBB/includes/db/oracle.php index bef33b4fd2..05f910e25d 100644 --- a/phpBB/includes/db/oracle.php +++ b/phpBB/includes/db/oracle.php @@ -48,37 +48,27 @@ class dbal_oracle extends dbal } /** - * sql transaction + * SQL Transaction + * @private */ - function sql_transaction($status = 'begin') + function _sql_transaction($status = 'begin') { switch ($status) { case 'begin': - $result = true; - $this->transaction = true; + return true; break; case 'commit': - $result = @ocicommit($this->db_connect_id); - $this->transaction = false; - - if (!$result) - { - @ocirollback($this->db_connect_id); - } + return @ocicommit($this->db_connect_id); break; case 'rollback': - $result = @ocirollback($this->db_connect_id); - $this->transaction = false; + return @ocirollback($this->db_connect_id); break; - - default: - $result = true; } - return $result; + return true; } /** @@ -355,7 +345,7 @@ class dbal_oracle extends dbal */ function sql_escape($msg) { - return str_replace("'", "''", str_replace('\\', '\\\\', $msg)); + return str_replace("'", "''", $msg); } function _sql_custom_build($stage, $data) diff --git a/phpBB/includes/db/postgres.php b/phpBB/includes/db/postgres.php index fbb113178a..3589f0c552 100644 --- a/phpBB/includes/db/postgres.php +++ b/phpBB/includes/db/postgres.php @@ -85,37 +85,27 @@ class dbal_postgres extends dbal } /** - * sql transaction + * SQL Transaction + * @private */ - function sql_transaction($status = 'begin') + function _sql_transaction($status = 'begin') { switch ($status) { case 'begin': - $result = @pg_query($this->db_connect_id, 'BEGIN'); - $this->transaction = true; + return @pg_query($this->db_connect_id, 'BEGIN'); break; case 'commit': - $result = @pg_query($this->db_connect_id, 'COMMIT'); - $this->transaction = false; - - if (!$result) - { - @pg_query($this->db_connect_id, 'ROLLBACK'); - } + return @pg_query($this->db_connect_id, 'COMMIT'); break; case 'rollback': - $result = @pg_query($this->db_connect_id, 'ROLLBACK'); - $this->transaction = false; + return @pg_query($this->db_connect_id, 'ROLLBACK'); break; - - default: - $result = true; } - return $result; + return true; } /** diff --git a/phpBB/includes/db/sqlite.php b/phpBB/includes/db/sqlite.php index 0bfe9a40ca..be2ec3e400 100644 --- a/phpBB/includes/db/sqlite.php +++ b/phpBB/includes/db/sqlite.php @@ -52,37 +52,27 @@ class dbal_sqlite extends dbal } /** - * sql transaction + * SQL Transaction + * @private */ - function sql_transaction($status = 'begin') + function _sql_transaction($status = 'begin') { switch ($status) { case 'begin': - $result = @sqlite_query('BEGIN', $this->db_connect_id); - $this->transaction = true; + return @sqlite_query('BEGIN', $this->db_connect_id); break; case 'commit': - $result = @sqlite_query('COMMIT', $this->db_connect_id); - $this->transaction = false; - - if (!$result) - { - @sqlite_query('ROLLBACK', $this->db_connect_id); - } + return @sqlite_query('COMMIT', $this->db_connect_id); break; case 'rollback': - $result = @sqlite_query('ROLLBACK', $this->db_connect_id); - $this->transaction = false; + return @sqlite_query('ROLLBACK', $this->db_connect_id); break; - - default: - $result = true; } - return $result; + return true; } /** diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 8d3b0c19ce..a9e3a59673 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -86,7 +86,7 @@ function request_var($var_name, $default, $multibyte = false) { set_var($var, $var, $type, $multibyte); } - + return $var; } @@ -195,7 +195,7 @@ function gen_sort_selects(&$limit_days, &$sort_by_text, &$sort_days, &$sort_key, */ function make_jumpbox($action, $forum_id = false, $select_all = false, $acl_list = false) { - global $config, $auth, $template, $user, $db, $phpEx, $SID; + global $config, $auth, $template, $user, $db, $phpEx; if (!$config['load_jumpbox']) { @@ -364,7 +364,7 @@ function language_select($default = '') $sql = 'SELECT lang_iso, lang_local_name FROM ' . LANG_TABLE . ' ORDER BY lang_english_name'; - $result = $db->sql_query($sql); + $result = $db->sql_query($sql, 600); $lang_options = ''; while ($row = $db->sql_fetchrow($result)) @@ -433,7 +433,7 @@ function tz_select($default = '') function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $user_id = 0) { global $db, $user, $config; - + if ($mode == 'all') { if ($forum_id === false || !sizeof($forum_id)) @@ -447,15 +447,16 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $ } else { - $tracking = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? unserialize(stripslashes($_COOKIE[$config['cookie_name'] . '_track'])) : array(); + $tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : ''; + $tracking_topics = ($tracking_topics) ? unserialize($tracking_topics) : array(); - unset($tracking['tf']); - unset($tracking['t']); - unset($tracking['f']); - $tracking['l'] = base_convert(time() - $config['board_startdate'], 10, 36); + unset($tracking_topics['tf']); + unset($tracking_topics['t']); + unset($tracking_topics['f']); + $tracking_topics['l'] = base_convert(time() - $config['board_startdate'], 10, 36); - $user->set_cookie('track', serialize($tracking), time() + 31536000); - unset($tracking); + $user->set_cookie('track', serialize($tracking_topics), time() + 31536000); + unset($tracking_topics); if ($user->data['is_registered']) { @@ -463,7 +464,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $ } } } - + return; } else if ($mode == 'topics') @@ -479,9 +480,10 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $ if ($config['load_db_lastread'] && $user->data['is_registered']) { - $db->sql_query('DELETE FROM ' . TOPICS_TRACK_TABLE . " + $sql = 'DELETE FROM ' . TOPICS_TRACK_TABLE . " WHERE user_id = {$user->data['user_id']} - AND forum_id IN (" . implode(', ', $forum_id) . ")"); + AND forum_id IN (" . implode(', ', $forum_id) . ")"; + $db->sql_query($sql); $sql = 'SELECT forum_id FROM ' . FORUMS_TRACK_TABLE . " @@ -539,7 +541,8 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $ } else { - $tracking = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? unserialize(stripslashes($_COOKIE[$config['cookie_name'] . '_track'])) : array(); + $tracking = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : ''; + $tracking = ($tracking) ? unserialize($tracking) : array(); foreach ($forum_id as $f_id) { @@ -554,7 +557,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $ { unset($tracking['t'][$topic_id36]); } - + if (isset($tracking['f'][$f_id])) { unset($tracking['f'][$f_id]); @@ -603,7 +606,8 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $ } else { - $tracking = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? unserialize(stripslashes($_COOKIE[$config['cookie_name'] . '_track'])) : array(); + $tracking = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : ''; + $tracking = ($tracking) ? unserialize($tracking) : array(); $topic_id36 = base_convert($topic_id, 10, 36); @@ -611,7 +615,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $ { $tracking['tf'][$forum_id][$topic_id36] = true; } - + $post_time = ($post_time) ? $post_time : time(); $tracking['t'][$topic_id36] = base_convert($post_time - $config['board_startdate'], 10, 36); @@ -653,7 +657,6 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $ { $tracking['l'] = max($time_keys); } - } $user->set_cookie('track', serialize($tracking), time() + 31536000); @@ -681,7 +684,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $ ); $db->sql_query('INSERT INTO ' . TOPICS_POSTED_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary)); - + $db->sql_return_on_error(false); } @@ -775,7 +778,7 @@ function get_topic_tracking($forum_id, $topic_ids, &$rowset, $forum_mark_time, $ function get_complete_topic_tracking($forum_id, $topic_ids, $global_announce_list = false) { global $config, $user; - + $last_read = array(); if (!is_array($topic_ids)) @@ -807,7 +810,7 @@ function get_complete_topic_tracking($forum_id, $topic_ids, $global_announce_lis FROM ' . FORUMS_TRACK_TABLE . " WHERE user_id = {$user->data['user_id']} AND forum_id " . - (($global_announce_list && sizeof($global_announce_list)) ? "IN (0, $forum_id)" : "= $forum_id"); + (($global_announce_list && sizeof($global_announce_list)) ? "IN (0, $forum_id)" : "= $forum_id"); $result = $db->sql_query($sql); $mark_time = array(); @@ -838,7 +841,8 @@ function get_complete_topic_tracking($forum_id, $topic_ids, $global_announce_lis if (!isset($tracking_topics) || !sizeof($tracking_topics)) { - $tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? unserialize(stripslashes($_COOKIE[$config['cookie_name'] . '_track'])) : array(); + $tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : ''; + $tracking_topics = ($tracking_topics) ? unserialize($tracking_topics) : array(); } if (!$user->data['is_registered']) @@ -908,7 +912,6 @@ function generate_pagination($base_url, $num_items, $per_page, $start_item, $add global $template, $user; $seperator = $user->theme['pagination_sep']; - $total_pages = ceil($num_items/$per_page); if ($total_pages == 1 || !$num_items) @@ -917,7 +920,6 @@ function generate_pagination($base_url, $num_items, $per_page, $start_item, $add } $on_page = floor($start_item / $per_page) + 1; - $page_string = ($on_page == 1) ? '<strong>1</strong>' : '<a href="' . $base_url . '">1</a>'; if ($total_pages > 5) @@ -927,7 +929,7 @@ function generate_pagination($base_url, $num_items, $per_page, $start_item, $add $page_string .= ($start_cnt > 1) ? ' ... ' : $seperator; - for($i = $start_cnt + 1; $i < $end_cnt; $i++) + for ($i = $start_cnt + 1; $i < $end_cnt; $i++) { $page_string .= ($i == $on_page) ? '<strong>' . $i . '</strong>' : '<a href="' . $base_url . "&start=" . (($i - 1) * $per_page) . '">' . $i . '</a>'; if ($i < $end_cnt - 1) @@ -942,7 +944,7 @@ function generate_pagination($base_url, $num_items, $per_page, $start_item, $add { $page_string .= $seperator; - for($i = 2; $i < $total_pages; $i++) + for ($i = 2; $i < $total_pages; $i++) { $page_string .= ($i == $on_page) ? '<strong>' . $i . '</strong>' : '<a href="' . $base_url . "&start=" . (($i - 1) * $per_page) . '">' . $i . '</a>'; if ($i < $total_pages) @@ -972,7 +974,7 @@ function generate_pagination($base_url, $num_items, $per_page, $start_item, $add $tpl_prefix . 'PER_PAGE' => $per_page, $tpl_prefix . 'PREVIOUS_PAGE' => ($on_page == 1) ? '' : $base_url . '&start=' . (($on_page - 2) * $per_page), - $tpl_prefix . 'NEXT_PAGE' => ($on_page == $total_pages) ? '' : $base_url . '&start=' . ($on_page * $per_page)) + $tpl_prefix . 'NEXT_PAGE' => ($on_page == $total_pages) ? '' : $base_url . '&start=' . ($on_page * $per_page)) ); return $page_string; @@ -997,6 +999,68 @@ function on_page($num_items, $per_page, $start) // Server functions (building urls, redirecting...) /** +* Append session id to url +* +* @param string $url The url the session id needs to be appended to (can have params) +* @param mixed $params String or array of additional url parameters +* @param bool $is_amp Is url using & (true) or & (false) +* @param string $session_id Possibility to use a custom session id instead of the global one +* +* Examples: +* <code> +* append_sid("{$phpbb_root_path}viewtopic.$phpEx?t=1&f=2"); +* append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=1&f=2'); +* append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=1&f=2', false); +* append_sid("{$phpbb_root_path}viewtopic.$phpEx", array('t' => 1, 'f' => 2)); +* </code> +*/ +function append_sid($url, $params = false, $is_amp = true, $session_id = false) +{ + global $_SID, $_EXTRA_URL; + + // Assign sid if session id is not specified + if ($session_id === false) + { + $session_id = $_SID; + } + + $amp_delim = ($is_amp) ? '&' : '&'; + $url_delim = (strpos($url, '?') === false) ? '?' : $amp_delim; + + // Appending custom url parameter? + $append_url = (!empty($_EXTRA_URL)) ? implode($amp_delim, $_EXTRA_URL) : ''; + + // Use the short variant if possible ;) + if ($params === false) + { + // Append session id + return (!$session_id) ? $url . (($append_url) ? $url_delim . $append_url : '') : $url . (($append_url) ? $url_delim . $append_url . $amp_delim : $url_delim) . 'sid=' . $session_id; + } + + // Build string if parameters are specified as array + if (is_array($params)) + { + $output = array(); + + foreach ($params as $key => $item) + { + if ($item === NULL) + { + continue; + } + + $output[] = $key . '=' . $item; + } + + $params = implode($amp_delim, $output); + } + + // Append session id and parameters (even if they are empty) + // If parameters are empty, the developer can still append his/her parameters without caring about the delimiter + return $url . (($append_url) ? $url_delim . $append_url . $amp_delim : $url_delim) . $params . ((!$session_id) ? '' : $amp_delim . 'sid=' . $session_id); +} + +/** * Generate board url (example: http://www.foo.bar/phpBB) * @param bool $without_script_path if set to true the script path gets not appended (example: http://www.foo.bar) */ @@ -1029,7 +1093,8 @@ function generate_board_url($without_script_path = false) return $url; } - return $url . $user->page['root_script_path']; + // Strip / from the end + return $url . substr($user->page['root_script_path'], 0, -1); } /** @@ -1094,20 +1159,23 @@ function redirect($url) } else { - $url = str_replace($pathinfo['dirname'] . '/', '', $url); + // Get the realpath of dirname + $root_dirs = explode('/', str_replace('\\', '/', realpath('./'))); + $page_dirs = explode('/', str_replace('\\', '/', realpath($pathinfo['dirname']))); + $intersection = array_intersect_assoc($root_dirs, $page_dirs); - // Make sure we point to the correct directory, we transform the relative uri to an absolute uri... - $substract_path = str_replace(realpath($pathinfo['dirname']), '', realpath('./')); - $dir = str_replace($substract_path, '', $user->page['script_path']); + $root_dirs = array_diff_assoc($root_dirs, $intersection); + $page_dirs = array_diff_assoc($page_dirs, $intersection); - if (!$dir) - { - $url = '/' . $url; - } - else + $dir = str_repeat('../', sizeof($root_dirs)) . implode('/', $page_dirs); + + if ($dir && substr($dir, -1, 1) == '/') { - $url = (strpos($dir, '/') !== 0) ? '/' . $dir . '/' . $url : $dir . '/' . $url; + $dir = substr($dir, 0, -1); } + + $url = $dir . '/' . str_replace($pathinfo['dirname'] . '/', '', $url); + $url = generate_board_url() . '/' . $url; } } @@ -1126,24 +1194,36 @@ function redirect($url) } /** -* Re-Apply $SID after page reloads +* Re-Apply session id after page reloads */ function reapply_sid($url) { - global $SID, $phpEx; + global $phpEx, $phpbb_root_path; if ($url === "index.$phpEx") { - return "index.$phpEx$SID"; + return append_sid("index.$phpEx"); + } + else if ($url === "{$phpbb_root_path}index.$phpEx") + { + return append_sid("{$phpbb_root_path}index.$phpEx"); } // Remove previously added sid - if (strpos($url, '?sid=')) + if (strpos($url, '?sid=') !== false) { - $url = preg_replace('/\?sid=[a-z0-9]+(&|&)?/', $SID . '\1', $url); + $url = preg_replace('/(\?)sid=[a-z0-9]+(&|&)?/', '\1', $url); + } + else if (strpos($url, '&sid=') !== false) + { + $url = preg_replace('/&sid=[a-z0-9]+(&)?/', '\1', $url); + } + else if (strpos($url, '&sid=') !== false) + { + $url = preg_replace('/&sid=[a-z0-9]+(&)?/', '\1', $url); } - return (strpos($url, '?') === false) ? $url . $SID : $url . str_replace('?', '&', $SID); + return append_sid($url); } /** @@ -1151,10 +1231,11 @@ function reapply_sid($url) */ function build_url($strip_vars = false) { - global $user, $phpbb_root_path, $SID; + global $user, $phpbb_root_path; // Append SID - $redirect = (($user->page['page_dir']) ? $user->page['page_dir'] . '/' : '') . $user->page['page_name'] . $SID . (($user->page['query_string']) ? "&{$user->page['query_string']}" : ''); + $redirect = (($user->page['page_dir']) ? $user->page['page_dir'] . '/' : '') . $user->page['page_name'] . (($user->page['query_string']) ? "?{$user->page['query_string']}" : ''); + $redirect = append_sid($redirect, false, false); // Strip vars... if ($strip_vars !== false && strpos($redirect, '?') !== false) @@ -1218,7 +1299,7 @@ function meta_refresh($time, $url) function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_body.html', $u_action = '') { global $user, $template, $db; - global $SID, $phpEx, $phpbb_root_path; + global $phpEx, $phpbb_root_path; if (isset($_POST['cancel'])) { @@ -1287,9 +1368,9 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo return false; } - // re-add $SID / transform & to & for user->page (user->page is always using &) + // re-add sid / transform & to & for user->page (user->page is always using &) $use_page = ($u_action) ? $phpbb_root_path . $u_action : $phpbb_root_path . str_replace('&', '&', $user->page['page']); - $u_action = (strpos($use_page, 'sid=') === false) ? ((strpos($use_page, '?') !== false) ? str_replace('?', $SID . '&', $use_page) : $use_page . '?' . str_replace('?', '', $SID)) : $use_page; + $u_action = reapply_sid($use_page); $u_action .= ((strpos($u_action, '?') === false) ? '?' : '&') . 'confirm_key=' . $confirm_key; $template->assign_vars(array( @@ -1320,7 +1401,7 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo */ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = false, $s_display = true) { - global $SID, $db, $user, $template, $auth, $phpEx, $phpbb_root_path, $config; + global $db, $user, $template, $auth, $phpEx, $phpbb_root_path, $config; $err = ''; @@ -1353,13 +1434,12 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa add_log('admin', 'LOG_ADMIN_AUTH_FAIL'); trigger_error('NO_AUTH_ADMIN_USER_DIFFER'); } - + // If authentication is successful we redirect user to previous page $result = $auth->login($username, $password, $autologin, $viewonline, $admin); // If admin authentication and login, we will log if it was a success or not... - // We also break the operation on the first non-success login - it could be argued that the user already - // knows + // We also break the operation on the first non-success login - it could be argued that the user already knows if ($admin) { if ($result['status'] == LOGIN_SUCCESS) @@ -1375,9 +1455,9 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa // The result parameter is always an array, holding the relevant informations... if ($result['status'] == LOGIN_SUCCESS) { - $redirect = request_var('redirect', "index.$phpEx"); + $redirect = request_var('redirect', "{$phpbb_root_path}index.$phpEx"); $message = ($l_success) ? $l_success : $user->lang['LOGIN_REDIRECT']; - $l_redirect = ($admin) ? $user->lang['PROCEED_TO_ACP'] : (($redirect === "index.$phpEx") ? $user->lang['RETURN_INDEX'] : $user->lang['RETURN_PAGE']); + $l_redirect = ($admin) ? $user->lang['PROCEED_TO_ACP'] : (($redirect === "{$phpbb_root_path}index.$phpEx") ? $user->lang['RETURN_INDEX'] : $user->lang['RETURN_PAGE']); // append/replace SID (may change during the session for AOL users) $redirect = reapply_sid($redirect); @@ -1408,7 +1488,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa WHERE session_id = '" . $db->sql_escape($user->session_id) . "' AND confirm_type = " . CONFIRM_LOGIN; $db->sql_query($sql); - + // Generate code $code = gen_rand_string(mt_rand(5, 8)); $confirm_id = md5(unique_id($user->ip)); @@ -1424,7 +1504,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa $template->assign_vars(array( 'S_CONFIRM_CODE' => true, 'CONFIRM_ID' => $confirm_id, - 'CONFIRM_IMAGE' => '<img src="' . $phpbb_root_path . 'ucp.' . $phpEx . $SID . '&mode=confirm&id=' . $confirm_id . '&type=' . CONFIRM_LOGIN . '" alt="" title="" />', + 'CONFIRM_IMAGE' => '<img src="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=confirm&id=' . $confirm_id . '&type=' . CONFIRM_LOGIN) . '" alt="" title="" />', 'L_LOGIN_CONFIRM_EXPLAIN' => sprintf($user->lang['LOGIN_CONFIRM_EXPLAIN'], '<a href="mailto:' . htmlentities($config['board_contact']) . '">', '</a>'), )); @@ -1457,13 +1537,13 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa 'LOGIN_ERROR' => $err, 'LOGIN_EXPLAIN' => $l_explain, - 'U_SEND_PASSWORD' => ($config['email_enable']) ? "{$phpbb_root_path}ucp.$phpEx$SID&mode=sendpassword" : '', - 'U_RESEND_ACTIVATION' => ($config['require_activation'] != USER_ACTIVATION_NONE && $config['email_enable']) ? "{$phpbb_root_path}ucp.$phpEx$SID&mode=resend_act" : '', - 'U_TERMS_USE' => "{$phpbb_root_path}ucp.$phpEx$SID&mode=terms", - 'U_PRIVACY' => "{$phpbb_root_path}ucp.$phpEx$SID&mode=privacy", + 'U_SEND_PASSWORD' => ($config['email_enable']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=sendpassword') : '', + 'U_RESEND_ACTIVATION' => ($config['require_activation'] != USER_ACTIVATION_NONE && $config['email_enable']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=resend_act') : '', + 'U_TERMS_USE' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=terms'), + 'U_PRIVACY' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=privacy'), 'S_DISPLAY_FULL_LOGIN' => ($s_display) ? true : false, - 'S_LOGIN_ACTION' => (!$admin) ? "{$phpbb_root_path}ucp.$phpEx$SID&mode=login" : "index.$phpEx$SID", + 'S_LOGIN_ACTION' => (!$admin) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=login') : append_sid("index.$phpEx"), // Needs to stay index.$phpEx because we are within the admin directory 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_ADMIN_AUTH' => $admin, @@ -1475,7 +1555,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa $template->set_filenames(array( 'body' => 'login_body.html') ); - make_jumpbox("{$phpbb_root_path}viewforum.$phpEx"); + make_jumpbox(append_sid("{$phpbb_root_path}viewforum.$phpEx")); page_footer(); } @@ -2228,7 +2308,7 @@ function msg_handler($errno, $msg_text, $errfile, $errline) */ function page_header($page_title = '') { - global $db, $config, $template, $SID, $user, $auth, $phpEx, $phpbb_root_path; + global $db, $config, $template, $SID, $_SID, $user, $auth, $phpEx, $phpbb_root_path; if (defined('HEADER_INC')) { @@ -2249,12 +2329,12 @@ function page_header($page_title = '') // Generate logged in/logged out status if ($user->data['user_id'] != ANONYMOUS) { - $u_login_logout = "{$phpbb_root_path}ucp.$phpEx$SID&mode=logout"; + $u_login_logout = append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=logout'); $l_login_logout = sprintf($user->lang['LOGOUT_USER'], $user->data['username']); } else { - $u_login_logout = "{$phpbb_root_path}ucp.$phpEx$SID&mode=login"; + $u_login_logout = append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=login'); $l_login_logout = $user->lang['LOGIN']; } @@ -2279,10 +2359,11 @@ function page_header($page_title = '') // Get number of online guests if (!$config['load_online_guests']) { - $sql = 'SELECT COUNT(DISTINCT s.session_ip) as num_guests FROM ' . SESSIONS_TABLE . ' s + $sql = 'SELECT COUNT(DISTINCT s.session_ip) as num_guests + FROM ' . SESSIONS_TABLE . ' s WHERE s.session_user_id = ' . ANONYMOUS . ' AND s.session_time >= ' . (time() - ($config['load_online_time'] * 60)) . - $reading_sql; + $reading_sql; $result = $db->sql_query($sql); $guests_online = (int) $db->sql_fetchfield('num_guests'); $db->sql_freeresult($result); @@ -2323,7 +2404,7 @@ function page_header($page_title = '') if (($row['user_allow_viewonline'] && $row['session_viewonline']) || $auth->acl_get('u_viewonline')) { - $user_online_link = ($row['user_type'] <> USER_IGNORE) ? "<a href=\"{$phpbb_root_path}memberlist.$phpEx$SID&mode=viewprofile&u=" . $row['user_id'] . '">' . $user_online_link . '</a>' : $user_online_link; + $user_online_link = ($row['user_type'] <> USER_IGNORE) ? '<a href="' . append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['user_id']) . '">' . $user_online_link . '</a>' : $user_online_link; $online_userlist .= ($online_userlist != '') ? ', ' . $user_online_link : $user_online_link; } } @@ -2368,10 +2449,10 @@ function page_header($page_title = '') // Build online listing $vars_online = array( - 'ONLINE'=> array('total_online_users', 'l_t_user_s'), - 'REG' => array('logged_visible_online', 'l_r_user_s'), - 'HIDDEN'=> array('logged_hidden_online', 'l_h_user_s'), - 'GUEST' => array('guests_online', 'l_g_user_s') + 'ONLINE' => array('total_online_users', 'l_t_user_s'), + 'REG' => array('logged_visible_online', 'l_r_user_s'), + 'HIDDEN' => array('logged_hidden_online', 'l_h_user_s'), + 'GUEST' => array('guests_online', 'l_g_user_s') ); foreach ($vars_online as $l_prefix => $var_ary) @@ -2380,15 +2461,15 @@ function page_header($page_title = '') { case 0: ${$var_ary[1]} = $user->lang[$l_prefix . '_USERS_ZERO_TOTAL']; - break; + break; case 1: ${$var_ary[1]} = $user->lang[$l_prefix . '_USER_TOTAL']; - break; + break; default: ${$var_ary[1]} = $user->lang[$l_prefix . '_USERS_TOTAL']; - break; + break; } } unset($vars_online); @@ -2451,59 +2532,62 @@ function page_header($page_title = '') // Which timezone? $tz = ($user->data['user_id'] != ANONYMOUS) ? strval(doubleval($user->data['user_timezone'])) : strval(doubleval($config['board_timezone'])); - // The following assigns all _common_ variables that may be used at any point - // in a template. + // The following assigns all _common_ variables that may be used at any point in a template. $template->assign_vars(array( - 'SITENAME' => $config['sitename'], - 'SITE_DESCRIPTION' => $config['site_desc'], - 'PAGE_TITLE' => $page_title, + 'SITENAME' => $config['sitename'], + 'SITE_DESCRIPTION' => $config['site_desc'], + 'PAGE_TITLE' => $page_title, 'SCRIPT_NAME' => str_replace('.' . $phpEx, '', $user->page['page_name']), - 'LAST_VISIT_DATE' => sprintf($user->lang['YOU_LAST_VISIT'], $s_last_visit), - 'CURRENT_TIME' => sprintf($user->lang['CURRENT_TIME'], $user->format_date(time(), false, true)), - 'TOTAL_USERS_ONLINE' => $l_online_users, - 'LOGGED_IN_USER_LIST' => $online_userlist, - 'RECORD_USERS' => $l_online_record, - 'PRIVATE_MESSAGE_INFO' => $l_privmsgs_text, - 'PRIVATE_MESSAGE_INFO_UNREAD' => $l_privmsgs_text_unread, - 'SID' => $SID, - - 'L_LOGIN_LOGOUT' => $l_login_logout, - 'L_INDEX' => $user->lang['FORUM_INDEX'], + 'LAST_VISIT_DATE' => sprintf($user->lang['YOU_LAST_VISIT'], $s_last_visit), + 'CURRENT_TIME' => sprintf($user->lang['CURRENT_TIME'], $user->format_date(time(), false, true)), + 'TOTAL_USERS_ONLINE' => $l_online_users, + 'LOGGED_IN_USER_LIST' => $online_userlist, + 'RECORD_USERS' => $l_online_record, + 'PRIVATE_MESSAGE_INFO' => $l_privmsgs_text, + 'PRIVATE_MESSAGE_INFO_UNREAD' => $l_privmsgs_text_unread, + + 'SID' => $SID, + '_SID' => $_SID, + 'SESSION_ID' => $user->session_id, + 'ROOT_PATH' => $phpbb_root_path, + + 'L_LOGIN_LOGOUT' => $l_login_logout, + 'L_INDEX' => $user->lang['FORUM_INDEX'], 'L_ONLINE_EXPLAIN' => $l_online_time, - 'U_PRIVATEMSGS' => "{$phpbb_root_path}ucp.$phpEx$SID&i=pm&folder=inbox", - 'U_RETURN_INBOX' => "{$phpbb_root_path}ucp.$phpEx$SID&i=pm&folder=inbox", - 'UA_RETURN_INBOX' => "{$phpbb_root_path}ucp.$phpEx$SID&i=pm&folder=inbox", - 'U_POPUP_PM' => "{$phpbb_root_path}ucp.$phpEx$SID&i=pm&mode=popup", - 'UA_POPUP_PM' => "{$phpbb_root_path}ucp.$phpEx$SID&i=pm&mode=popup", - 'U_MEMBERLIST' => "{$phpbb_root_path}memberlist.$phpEx$SID", - 'U_MEMBERSLIST' => "{$phpbb_root_path}memberlist.$phpEx$SID", - 'U_VIEWONLINE' => "{$phpbb_root_path}viewonline.$phpEx$SID", + 'U_PRIVATEMSGS' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&folder=inbox'), + 'U_RETURN_INBOX' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&folder=inbox'), + 'UA_RETURN_INBOX' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&folder=inbox', false), + 'U_POPUP_PM' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&mode=popup'), + 'UA_POPUP_PM' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&mode=popup', false), + 'U_MEMBERLIST' => append_sid("{$phpbb_root_path}memberlist.$phpEx"), + 'U_MEMBERSLIST' => append_sid("{$phpbb_root_path}memberlist.$phpEx"), + 'U_VIEWONLINE' => append_sid("{$phpbb_root_path}viewonline.$phpEx"), 'U_LOGIN_LOGOUT' => $u_login_logout, - 'U_INDEX' => "{$phpbb_root_path}index.$phpEx$SID", - 'U_SEARCH' => "{$phpbb_root_path}search.$phpEx$SID", - 'U_REGISTER' => "{$phpbb_root_path}ucp.$phpEx$SID&mode=register", - 'U_PROFILE' => "{$phpbb_root_path}ucp.$phpEx$SID", - 'U_MODCP' => "{$phpbb_root_path}mcp.$phpEx$SID", - 'U_FAQ' => "{$phpbb_root_path}faq.$phpEx$SID", - 'U_SEARCH_SELF' => "{$phpbb_root_path}search.$phpEx$SID&search_id=egosearch", - 'U_SEARCH_NEW' => "{$phpbb_root_path}search.$phpEx$SID&search_id=newposts", - 'U_SEARCH_UNANSWERED' => "{$phpbb_root_path}search.$phpEx$SID&search_id=unanswered", - 'U_SEARCH_ACTIVE_TOPICS'=> "{$phpbb_root_path}search.$phpEx$SID&search_id=active_topics", - 'U_DELETE_COOKIES' => "{$phpbb_root_path}ucp.$phpEx$SID&mode=delete_cookies", - 'U_TEAM' => "{$phpbb_root_path}memberlist.$phpEx$SID&mode=leaders", - 'U_RESTORE_PERMISSIONS' => ($user->data['user_perm_from'] && $auth->acl_get('a_switchperm')) ? "{$phpbb_root_path}ucp.$phpEx$SID&mode=restore_perm" : '', - - 'S_USER_LOGGED_IN' => ($user->data['user_id'] != ANONYMOUS) ? true : false, + 'U_INDEX' => append_sid("{$phpbb_root_path}index.$phpEx"), + 'U_SEARCH' => append_sid("{$phpbb_root_path}search.$phpEx"), + 'U_REGISTER' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register'), + 'U_PROFILE' => append_sid("{$phpbb_root_path}ucp.$phpEx"), + 'U_MODCP' => append_sid("{$phpbb_root_path}mcp.$phpEx", false, true, $user->session_id), + 'U_FAQ' => append_sid("{$phpbb_root_path}faq.$phpEx"), + 'U_SEARCH_SELF' => append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=egosearch'), + 'U_SEARCH_NEW' => append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=newposts'), + 'U_SEARCH_UNANSWERED' => append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=unanswered'), + 'U_SEARCH_ACTIVE_TOPICS'=> append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=active_topics'), + 'U_DELETE_COOKIES' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=delete_cookies'), + 'U_TEAM' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=leaders'), + 'U_RESTORE_PERMISSIONS' => ($user->data['user_perm_from'] && $auth->acl_get('a_switchperm')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=restore_perm') : '', + + 'S_USER_LOGGED_IN' => ($user->data['user_id'] != ANONYMOUS) ? true : false, 'S_REGISTERED_USER' => $user->data['is_registered'], - 'S_USER_PM_POPUP' => $user->optionget('popuppm'), + 'S_USER_PM_POPUP' => $user->optionget('popuppm'), 'S_USER_LANG' => $user->data['user_lang'], - 'S_USER_BROWSER' => (isset($user->data['session_browser'])) ? $user->data['session_browser'] : $user->lang['UNKNOWN_BROWSER'], - 'S_CONTENT_DIRECTION' => $user->lang['DIRECTION'], - 'S_CONTENT_ENCODING' => $user->lang['ENCODING'], - 'S_CONTENT_DIR_LEFT' => $user->lang['LEFT'], - 'S_CONTENT_DIR_RIGHT' => $user->lang['RIGHT'], - 'S_TIMEZONE' => ($user->data['user_dst'] || ($user->data['user_id'] == ANONYMOUS && $config['board_dst'])) ? sprintf($user->lang['ALL_TIMES'], $user->lang['tz'][$tz], $user->lang['tz']['dst']) : sprintf($user->lang['ALL_TIMES'], $user->lang['tz'][$tz], ''), + 'S_USER_BROWSER' => (isset($user->data['session_browser'])) ? $user->data['session_browser'] : $user->lang['UNKNOWN_BROWSER'], + 'S_CONTENT_DIRECTION' => $user->lang['DIRECTION'], + 'S_CONTENT_ENCODING' => $user->lang['ENCODING'], + 'S_CONTENT_DIR_LEFT' => $user->lang['LEFT'], + 'S_CONTENT_DIR_RIGHT' => $user->lang['RIGHT'], + 'S_TIMEZONE' => ($user->data['user_dst'] || ($user->data['user_id'] == ANONYMOUS && $config['board_dst'])) ? sprintf($user->lang['ALL_TIMES'], $user->lang['tz'][$tz], $user->lang['tz']['dst']) : sprintf($user->lang['ALL_TIMES'], $user->lang['tz'][$tz], ''), 'S_DISPLAY_ONLINE_LIST' => ($config['load_online']) ? 1 : 0, 'S_DISPLAY_SEARCH' => ($config['load_search']) ? 1 : 0, 'S_DISPLAY_PM' => ($config['allow_privmsg'] && $user->data['is_registered']) ? 1 : 0, @@ -2543,7 +2627,7 @@ function page_header($page_title = '') */ function page_footer() { - global $db, $config, $template, $SID, $user, $auth, $cache, $messenger, $starttime, $phpbb_root_path, $phpEx; + global $db, $config, $template, $user, $auth, $cache, $messenger, $starttime, $phpbb_root_path, $phpEx; // Output page creation time if (defined('DEBUG')) diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php index ada8809b74..91cd9cd05c 100644 --- a/phpBB/includes/functions_admin.php +++ b/phpBB/includes/functions_admin.php @@ -89,7 +89,6 @@ function recalc_btree($sql_id, $sql_table, $module_class = '') FROM $sql_table $sql_where"; $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); @@ -185,7 +184,7 @@ function make_forum_select($select_id = false, $ignore_id = false, $ignore_acl = } /** -* Generate size select form +* Generate size select options */ function size_select_options($size_compare) { @@ -195,13 +194,13 @@ function size_select_options($size_compare) $size_types = array('b', 'kb', 'mb'); $s_size_options = ''; - + for ($i = 0, $size = sizeof($size_types_text); $i < $size; $i++) { $selected = ($size_compare == $size_types[$i]) ? ' selected="selected"' : ''; $s_size_options .= '<option value="' . $size_types[$i] . '"' . $selected . '>' . $size_types_text[$i] . '</option>'; } - + return $s_size_options; } @@ -229,7 +228,7 @@ function group_select_options($group_id, $exclude_ids = false) $s_group_options .= '<option' . (($row['group_type'] == GROUP_SPECIAL) ? ' class="sep"' : '') . ' value="' . $row['group_id'] . '"' . $selected . '>' . (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</option>'; } $db->sql_freeresult($result); - + return $s_group_options; } @@ -245,6 +244,7 @@ function get_forum_list($acl_list = 'f_list', $id_only = true, $postable_only = { // This query is identical to the jumpbox one $expire_time = ($no_cache) ? 0 : 120; + $sql = 'SELECT forum_id, parent_id, forum_name, forum_type, left_id, right_id FROM ' . FORUMS_TABLE . ' ORDER BY left_id ASC'; @@ -285,14 +285,15 @@ function get_forum_branch($forum_id, $type = 'all', $order = 'descending', $incl { case 'parents': $condition = 'f1.left_id BETWEEN f2.left_id AND f2.right_id'; - break; + break; case 'children': $condition = 'f2.left_id BETWEEN f1.left_id AND f1.right_id'; - break; + break; default: $condition = 'f2.left_id BETWEEN f1.left_id AND f1.right_id OR f1.left_id BETWEEN f2.left_id AND f2.right_id'; + break; } $rows = array(); @@ -327,12 +328,12 @@ function filelist($rootdir, $dir = '', $type = 'gif|jpg|jpeg|png') // Remove initial / if present $rootdir = (substr($rootdir, 0, 1) == '/') ? substr($rootdir, 1) : $rootdir; - // Add closing / if present + // Add closing / if not present $rootdir = ($rootdir && substr($rootdir, -1) != '/') ? $rootdir . '/' : $rootdir; // Remove initial / if present $dir = (substr($dir, 0, 1) == '/') ? substr($dir, 1) : $dir; - // Add closing / if present + // Add closing / if not present $dir = ($dir && substr($dir, -1) != '/') ? $dir . '/' : $dir; if (!is_dir($rootdir . $dir)) @@ -373,7 +374,7 @@ function move_topics($topic_ids, $forum_id, $auto_sync = true) } $forum_ids = array($forum_id); - + if (!is_array($topic_ids)) { $topic_ids = array($topic_ids); @@ -398,9 +399,6 @@ function move_topics($topic_ids, $forum_id, $auto_sync = true) $db->sql_freeresult($result); } - /** - * @todo watch for undesired results on marked topics for moving topics, maybe handle it seperatly to cover cookie tracking - */ $table_ary = array(TOPICS_TABLE, POSTS_TABLE, LOG_TABLE, DRAFTS_TABLE, TOPICS_TRACK_TABLE); foreach ($table_ary as $table) { @@ -486,6 +484,7 @@ function move_posts($post_ids, $topic_id, $auto_sync = true) function delete_topics($where_type, $where_ids, $auto_sync = true) { global $db; + $forum_ids = $topic_ids = array(); if (is_array($where_ids)) @@ -521,8 +520,6 @@ function delete_topics($where_type, $where_ids, $auto_sync = true) return $return; } - // TODO: probably some other stuff too - $sql_where = ' IN (' . implode(', ', $topic_ids) . ')'; $db->sql_transaction('begin'); @@ -563,15 +560,17 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync = { $where_ids = array_unique($where_ids); } + if (empty($where_ids)) { return false; } + $post_ids = $topic_ids = $forum_ids = array(); $sql = 'SELECT post_id, poster_id, topic_id, forum_id FROM ' . POSTS_TABLE . " - WHERE $where_type " . ((!is_array($where_ids)) ? "= $where_ids" : 'IN (' . implode(', ', $where_ids) . ')'); + WHERE $where_type " . ((!is_array($where_ids)) ? '= ' . (int) $where_ids : 'IN (' . implode(', ', array_map('intval', $where_ids)) . ')'); $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) @@ -581,6 +580,7 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync = $topic_ids[] = $row['topic_id']; $forum_ids[] = $row['forum_id']; } + $db->sql_freeresult($result); if (!sizeof($post_ids)) { @@ -602,7 +602,7 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync = unset($table_ary); // Remove the message from the search index - $search_type = $config['search_type']; + $search_type = basename($config['search_type']); if (!file_exists($phpbb_root_path . 'includes/search/' . $search_type . '.' . $phpEx)) { @@ -643,9 +643,10 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync = /** * Delete Attachments -* mode => (post, topic, attach, user) -* ids => (post_ids, topic_ids, attach_ids, user_ids) -* resync => set this to false if you are deleting posts or topics... +* +* @param string $mode can be: post|topic|attach|user +* @param mixed $ids can be: post_ids, topic_ids, attach_ids, user_ids +* @param bool $resync set this to false if you are deleting posts or topics */ function delete_attachments($mode, $ids, $resync = true) { @@ -654,8 +655,13 @@ function delete_attachments($mode, $ids, $resync = true) if (is_array($ids)) { $ids = array_unique($ids); + $ids = array_map('intval', $ids); } - + else + { + $ids = array((int) $ids); + } + if (!sizeof($ids)) { return false; @@ -672,7 +678,7 @@ function delete_attachments($mode, $ids, $resync = true) FROM ' . ATTACHMENTS_TABLE . ' WHERE ' . $sql_id . ' IN (' . implode(', ', $ids) . ')'; $result = $db->sql_query($sql); - + while ($row = $db->sql_fetchrow($result)) { $post_ids[] = $row['post_id']; @@ -689,7 +695,7 @@ function delete_attachments($mode, $ids, $resync = true) WHERE post_msg_id IN (' . implode(', ', $ids) . ') AND in_message = 0'; $result = $db->sql_query($sql); - + while ($row = $db->sql_fetchrow($result)) { $topic_ids[] = $row['topic_id']; @@ -699,14 +705,16 @@ function delete_attachments($mode, $ids, $resync = true) } // Delete attachments - $db->sql_query('DELETE FROM ' . ATTACHMENTS_TABLE . ' WHERE ' . $sql_id . ' IN (' . implode(', ', $ids) . ')'); + $sql = 'DELETE FROM ' . ATTACHMENTS_TABLE . ' + WHERE ' . $sql_id . ' IN (' . implode(', ', $ids) . ')'; + $db->sql_query($sql); $num_deleted = $db->sql_affectedrows(); if (!$num_deleted) { return 0; } - + // Delete attachments from filesystem $space_removed = $files_removed = 0; foreach ($physical as $file_ary) @@ -744,9 +752,10 @@ function delete_attachments($mode, $ids, $resync = true) { if ($mode == 'post' || $mode == 'topic') { - $db->sql_query('UPDATE ' . POSTS_TABLE . ' + $sql = 'UPDATE ' . POSTS_TABLE . ' SET post_attachment = 0 - WHERE post_id IN (' . implode(', ', $post_ids) . ')'); + WHERE post_id IN (' . implode(', ', $post_ids) . ')'; + $db->sql_query($sql); } if ($mode == 'user' || $mode == 'attach') @@ -754,11 +763,11 @@ function delete_attachments($mode, $ids, $resync = true) $remaining = array(); $sql = 'SELECT post_msg_id - FROM ' . ATTACHMENTS_TABLE . ' - WHERE post_msg_id IN (' . implode(', ', $post_ids) . ') - AND in_message = 0'; + FROM ' . ATTACHMENTS_TABLE . ' + WHERE post_msg_id IN (' . implode(', ', $post_ids) . ') + AND in_message = 0'; $result = $db->sql_query($sql); - + while ($row = $db->sql_fetchrow($result)) { $remaining[] = $row['post_msg_id']; @@ -766,21 +775,23 @@ function delete_attachments($mode, $ids, $resync = true) $db->sql_freeresult($result); $unset_ids = array_diff($post_ids, $remaining); + if (sizeof($unset_ids)) { - $db->sql_query('UPDATE ' . POSTS_TABLE . ' + $sql = 'UPDATE ' . POSTS_TABLE . ' SET post_attachment = 0 - WHERE post_id IN (' . implode(', ', $unset_ids) . ')'); + WHERE post_id IN (' . implode(', ', $unset_ids) . ')'; + $db->sql_query($sql); } $remaining = array(); $sql = 'SELECT post_msg_id - FROM ' . ATTACHMENTS_TABLE . ' - WHERE post_msg_id IN (' . implode(', ', $post_ids) . ') - AND in_message = 1'; + FROM ' . ATTACHMENTS_TABLE . ' + WHERE post_msg_id IN (' . implode(', ', $post_ids) . ') + AND in_message = 1'; $result = $db->sql_query($sql); - + while ($row = $db->sql_fetchrow($result)) { $remaining[] = $row['post_msg_id']; @@ -788,11 +799,13 @@ function delete_attachments($mode, $ids, $resync = true) $db->sql_freeresult($result); $unset_ids = array_diff($post_ids, $remaining); + if (sizeof($unset_ids)) { - $db->sql_query('UPDATE ' . PRIVMSGS_TABLE . ' + $sql = 'UPDATE ' . PRIVMSGS_TABLE . ' SET message_attachment = 0 - WHERE msg_id IN (' . implode(', ', $unset_ids) . ')'); + WHERE msg_id IN (' . implode(', ', $unset_ids) . ')'; + $db->sql_query($sql); } } } @@ -802,9 +815,10 @@ function delete_attachments($mode, $ids, $resync = true) // Update topic indicator if ($mode == 'topic') { - $db->sql_query('UPDATE ' . TOPICS_TABLE . ' + $sql = 'UPDATE ' . TOPICS_TABLE . ' SET topic_attachment = 0 - WHERE topic_id IN (' . implode(', ', $topic_ids) . ')'); + WHERE topic_id IN (' . implode(', ', $topic_ids) . ')'; + $db->sql_query($sql); } if ($mode == 'post' || $mode == 'user' || $mode == 'attach') @@ -812,8 +826,8 @@ function delete_attachments($mode, $ids, $resync = true) $remaining = array(); $sql = 'SELECT topic_id - FROM ' . ATTACHMENTS_TABLE . ' - WHERE topic_id IN (' . implode(', ', $topic_ids) . ')'; + FROM ' . ATTACHMENTS_TABLE . ' + WHERE topic_id IN (' . implode(', ', $topic_ids) . ')'; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) @@ -823,11 +837,13 @@ function delete_attachments($mode, $ids, $resync = true) $db->sql_freeresult($result); $unset_ids = array_diff($topic_ids, $remaining); + if (sizeof($unset_ids)) { - $db->sql_query('UPDATE ' . TOPICS_TABLE . ' + $sql = 'UPDATE ' . TOPICS_TABLE . ' SET topic_attachment = 0 - WHERE topic_id IN (' . implode(', ', $unset_ids) . ')'); + WHERE topic_id IN (' . implode(', ', $unset_ids) . ')'; + $db->sql_query($sql); } } } @@ -840,7 +856,7 @@ function delete_attachments($mode, $ids, $resync = true) */ function delete_topic_shadows($max_age, $forum_id = '', $auto_sync = true) { - $where = (is_array($forum_id)) ? 'AND t.forum_id IN (' . implode(', ', $forum_id) . ')' : (($forum_id) ? "AND t.forum_id = $forum_id" : ''); + $where = (is_array($forum_id)) ? 'AND t.forum_id IN (' . implode(', ', array_map('intval', $forum_id)) . ')' : (($forum_id) ? 'AND t.forum_id = ' . (int) $forum_id : ''); switch (SQL_LAYER) { @@ -861,12 +877,13 @@ function delete_topic_shadows($max_age, $forum_id = '', $auto_sync = true) AND t.topic_time < ' . (time() - $max_age) . $where; $result = $db->sql_query($sql); - + $topic_ids = array(); while ($row = $db->sql_fetchrow($result)) { $topic_ids[] = $row['topic_id']; } + $db->sql_freeresult($result); if (sizeof($topic_ids)) { @@ -874,6 +891,7 @@ function delete_topic_shadows($max_age, $forum_id = '', $auto_sync = true) WHERE topic_id IN (' . implode(',', $topic_ids) . ')'; $db->sql_query($sql); } + break; } if ($auto_sync) @@ -965,19 +983,23 @@ function phpbb_unlink($filename, $mode = 'file') /** * All-encompasing sync function * -* Usage: -* sync('topic', 'topic_id', 123); <= resync topic #123 -* sync('topic', 'forum_id', array(2, 3)); <= resync topics from forum #2 and #3 -* sync('topic'); <= resync all topics -* sync('topic', 'range', 'topic_id BETWEEN 1 AND 60'); <= resync a range of topics/forums (only available for 'topic' and 'forum' modes) +* Exaples: +* <code> +* sync('topic', 'topic_id', 123); // resync topic #123 +* sync('topic', 'forum_id', array(2, 3)); // resync topics from forum #2 and #3 +* sync('topic'); // resync all topics +* sync('topic', 'range', 'topic_id BETWEEN 1 AND 60'); // resync a range of topics/forums (only available for 'topic' and 'forum' modes) +* </code> * * Modes: -* - topic_moved Removes topic shadows that would be in the same forum as the topic they link to +* - forum Resync complete forum +* - topic Resync topics +* - topic_moved Removes topic shadows that would be in the same forum as the topic they link to * - topic_approved Resyncs the topic_approved flag according to the status of the first post * - post_reported Resyncs the post_reported flag, relying on actual reports * - topic_reported Resyncs the topic_reported flag, relying on post_reported flags -* - post_attachement Same as post_reported, thanks to a quick Search/Replace -* - topic_attachement Same as topic_reported, thanks to a quick Search/Replace +* - post_attachement Same as post_reported, but with attachment flags +* - topic_attachement Same as topic_reported, but with attachment flags */ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, $sync_extra = false) { @@ -986,10 +1008,11 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, if (is_array($where_ids)) { $where_ids = array_unique($where_ids); + $where_ids = array_map('intval', $where_ids); } else if ($where_type != 'range') { - $where_ids = ($where_ids) ? array($where_ids) : array(); + $where_ids = ($where_ids) ? array((int) $where_ids) : array(); } if ($mode == 'forum' || $mode == 'topic') @@ -1028,7 +1051,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, { return; } - + // $where_type contains the field for the where clause (forum_id, topic_id) $where_sql = 'WHERE ' . $mode{0} . ".$where_type IN (" . implode(', ', $where_ids) . ')'; $where_sql_and = $where_sql . "\n\tAND"; @@ -1055,23 +1078,25 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, AND t1.forum_id = t2.forum_id"; $result = $db->sql_query($sql); - if ($row = $db->sql_fetchrow($result)) + $topic_id_ary = array(); + while ($row = $db->sql_fetchrow($result)) { - $topic_id_ary = array(); - do - { - $topic_id_ary[] = $row['topic_id']; - } - while ($row = $db->sql_fetchrow($result)); - - $sql = 'DELETE FROM ' . TOPICS_TABLE . ' - WHERE topic_id IN (' . implode(', ', $topic_id_ary) . ')'; - $db->sql_query($sql); - unset($topic_id_ary); + $topic_id_ary[] = $row['topic_id']; } $db->sql_freeresult($result); + + if (!sizeof($topic_id_ary)) + { + return; + } + + $sql = 'DELETE FROM ' . TOPICS_TABLE . ' + WHERE topic_id IN (' . implode(', ', $topic_id_ary) . ')'; + $db->sql_query($sql); + + break; } - break; + break; case 'topic_approved': switch (SQL_LAYER) @@ -1107,8 +1132,9 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, SET topic_approved = 1 - topic_approved WHERE topic_id IN (' . implode(', ', $topic_ids) . ')'; $db->sql_query($sql); + break; } - break; + break; case 'post_reported': $post_ids = $post_reported = array(); @@ -1118,6 +1144,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, $where_sql GROUP BY p.post_id, p.post_reported"; $result = $db->sql_query($sql); + while ($row = $db->sql_fetchrow($result)) { $post_ids[$row['post_id']] = $row['post_id']; @@ -1126,6 +1153,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, $post_reported[$row['post_id']] = 1; } } + $db->sql_freeresult($result); $sql = 'SELECT DISTINCT(post_id) FROM ' . REPORTS_TABLE . ' @@ -1144,6 +1172,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, unset($post_reported[$row['post_id']]); } } + $db->sql_freeresult($result); // $post_reported should be empty by now, if it's not it contains // posts that are falsely flagged as reported @@ -1159,7 +1188,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, WHERE post_id IN (' . implode(', ', $post_ids) . ')'; $db->sql_query($sql); } - break; + break; case 'topic_reported': if ($sync_extra) @@ -1173,15 +1202,18 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, FROM ' . POSTS_TABLE . " t $where_sql_and t.post_reported = 1"; $result = $db->sql_query($sql); + while ($row = $db->sql_fetchrow($result)) { $topic_reported[$row['topic_id']] = 1; } + $db->sql_freeresult($result); $sql = 'SELECT t.topic_id, t.topic_reported FROM ' . TOPICS_TABLE . " t $where_sql"; $result = $db->sql_query($sql); + while ($row = $db->sql_fetchrow($result)) { if ($row['topic_reported'] ^ isset($topic_reported[$row['topic_id']])) @@ -1189,6 +1221,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, $topic_ids[] = $row['topic_id']; } } + $db->sql_freeresult($result); if (sizeof($topic_ids)) { @@ -1197,7 +1230,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, WHERE topic_id IN (' . implode(', ', $topic_ids) . ')'; $db->sql_query($sql); } - break; + break; case 'post_attachment': $post_ids = $post_attachment = array(); @@ -1207,6 +1240,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, $where_sql GROUP BY p.post_id, p.post_attachment"; $result = $db->sql_query($sql); + while ($row = $db->sql_fetchrow($result)) { $post_ids[$row['post_id']] = $row['post_id']; @@ -1215,14 +1249,15 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, $post_attachment[$row['post_id']] = 1; } } + $db->sql_freeresult($result); $sql = 'SELECT DISTINCT(post_msg_id) FROM ' . ATTACHMENTS_TABLE . ' WHERE post_msg_id IN (' . implode(', ', $post_ids) . ') AND in_message = 0'; + $result = $db->sql_query($sql); $post_ids = array(); - $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { if (!isset($post_attachment[$row['post_id']])) @@ -1234,6 +1269,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, unset($post_attachment[$row['post_id']]); } } + $db->sql_freeresult($result); // $post_attachment should be empty by now, if it's not it contains // posts that are falsely flagged as having attachments @@ -1249,7 +1285,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, WHERE post_id IN (' . implode(', ', $post_ids) . ')'; $db->sql_query($sql); } - break; + break; case 'topic_attachment': if ($sync_extra) @@ -1263,15 +1299,18 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, FROM ' . POSTS_TABLE . " t $where_sql_and t.post_attachment = 1"; $result = $db->sql_query($sql); + while ($row = $db->sql_fetchrow($result)) { $topic_attachment[$row['topic_id']] = 1; } + $db->sql_freeresult($result); $sql = 'SELECT t.topic_id, t.topic_attachment FROM ' . TOPICS_TABLE . " t $where_sql"; $result = $db->sql_query($sql); + while ($row = $db->sql_fetchrow($result)) { if ($row['topic_attachment'] ^ isset($topic_attachment[$row['topic_id']])) @@ -1279,6 +1318,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, $topic_ids[] = $row['topic_id']; } } + $db->sql_freeresult($result); if (sizeof($topic_ids)) { @@ -1287,9 +1327,10 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, WHERE topic_id IN (' . implode(', ', $topic_ids) . ')'; $db->sql_query($sql); } - break; + break; case 'forum': + // 1: Get the list of all forums $sql = 'SELECT f.* FROM ' . FORUMS_TABLE . " f @@ -1316,6 +1357,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, $forum_data[$forum_id]['last_poster_id'] = 0; $forum_data[$forum_id]['last_poster_name'] = ''; } + $db->sql_freeresult($result); // 2: Get topic counts for each forum $sql = 'SELECT forum_id, topic_approved, COUNT(topic_id) AS forum_topics @@ -1323,6 +1365,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, WHERE forum_id IN (' . implode(', ', $forum_ids) . ') GROUP BY forum_id, topic_approved'; $result = $db->sql_query($sql); + while ($row = $db->sql_fetchrow($result)) { $forum_id = (int) $row['forum_id']; @@ -1333,6 +1376,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, $forum_data[$forum_id]['topics'] = $row['forum_topics']; } } + $db->sql_freeresult($result); // 3: Get post count and last_post_id for each forum $sql = 'SELECT forum_id, COUNT(post_id) AS forum_posts, MAX(post_id) AS last_post_id @@ -1341,15 +1385,17 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, AND post_approved = 1 GROUP BY forum_id'; $result = $db->sql_query($sql); + while ($row = $db->sql_fetchrow($result)) { $forum_id = (int) $row['forum_id']; - $forum_data[$forum_id]['posts'] = intval($row['forum_posts']); - $forum_data[$forum_id]['last_post_id'] = intval($row['last_post_id']); + $forum_data[$forum_id]['posts'] = (int) $row['forum_posts']; + $forum_data[$forum_id]['last_post_id'] = (int) $row['last_post_id']; $post_ids[] = $row['last_post_id']; } + $db->sql_freeresult($result); // 4: Retrieve last_post infos if (sizeof($post_ids)) @@ -1359,9 +1405,10 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, WHERE p.post_id IN (' . implode(', ', $post_ids) . ') AND p.poster_id = u.user_id'; $result = $db->sql_query($sql); + while ($row = $db->sql_fetchrow($result)) { - $post_info[intval($row['post_id'])] = $row; + $post_info[$row['post_id']] = $row; } $db->sql_freeresult($result); @@ -1393,7 +1440,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, foreach ($forum_data as $forum_id => $row) { - $sql = array(); + $sql_ary = array(); foreach ($fieldnames as $fieldname) { @@ -1401,24 +1448,24 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, { if (preg_match('#name$#', $fieldname)) { - $sql['forum_' . $fieldname] = (string) $row[$fieldname]; + $sql_ary['forum_' . $fieldname] = (string) $row[$fieldname]; } else { - $sql['forum_' . $fieldname] = (int) $row[$fieldname]; + $sql_ary['forum_' . $fieldname] = (int) $row[$fieldname]; } } } - if (sizeof($sql)) + if (sizeof($sql_ary)) { $sql = 'UPDATE ' . FORUMS_TABLE . ' - SET ' . $db->sql_build_array('UPDATE', $sql) . ' + SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' WHERE forum_id = ' . $forum_id; $db->sql_query($sql); } } - break; + break; case 'topic': $topic_data = $post_ids = $approved_unapproved_ids = $resync_forums = $delete_topics = $delete_posts = array(); @@ -1519,6 +1566,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, delete_topics($where_type, $where_ids, true); return; } + if (sizeof($delete_topics)) { $delete_topic_ids = array(); @@ -1553,6 +1601,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, $topic_data[$topic_id]['poster'] = $row['poster_id']; $topic_data[$topic_id]['first_poster_name'] = ($row['poster_id'] == ANONYMOUS) ? $row['post_username'] : $row['username']; } + if ($row['post_id'] == $topic_data[$topic_id]['last_post_id']) { $topic_data[$topic_id]['last_poster_id'] = $row['poster_id']; @@ -1612,20 +1661,20 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, foreach ($topic_data as $topic_id => $row) { - $sql = array(); + $sql_ary = array(); foreach ($fieldnames as $fieldname) { if ($row['topic_' . $fieldname] != $row[$fieldname]) { - $sql['topic_' . $fieldname] = $row[$fieldname]; + $sql_ary['topic_' . $fieldname] = $row[$fieldname]; } } - if (sizeof($sql)) + if (sizeof($sql_ary)) { $sql = 'UPDATE ' . TOPICS_TABLE . ' - SET ' . $db->sql_build_array('UPDATE', $sql) . ' + SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' WHERE topic_id = ' . $topic_id; $db->sql_query($sql); @@ -1641,8 +1690,10 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, { sync('forum', 'forum_id', $resync_forums, true); } - break; + break; } + + return; } /** @@ -1652,7 +1703,7 @@ function prune($forum_id, $prune_mode, $prune_date, $prune_flags = 0, $auto_sync { global $db; - $sql_forum = (is_array($forum_id)) ? ' IN (' . implode(',', $forum_id) . ')' : " = $forum_id"; + $sql_forum = (is_array($forum_id)) ? ' IN (' . implode(', ', array_map('intval', $forum_id)) . ')' : ' = ' . (int) $forum_id; $sql_and = ''; if (!($prune_flags & 4)) @@ -1722,8 +1773,10 @@ function auto_prune($forum_id, $prune_mode, $prune_flags, $prune_days, $prune_fr FROM ' . FORUMS_TABLE . " WHERE forum_id = $forum_id"; $result = $db->sql_query($sql, 3600); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); - if ($row = $db->sql_fetchrow($result)) + if ($row) { $prune_date = time() - ($prune_days * 86400); $next_prune = time() + ($prune_freq * 86400); @@ -1737,7 +1790,6 @@ function auto_prune($forum_id, $prune_mode, $prune_flags, $prune_days, $prune_fr add_log('admin', 'LOG_AUTO_PRUNE', $row['forum_name']); } - $db->sql_freeresult($result); return; } @@ -1806,6 +1858,7 @@ function split_sql_file($sql, $delimiter) { unset($data[key($data)]); } + return $data; } @@ -1852,11 +1905,11 @@ function cache_moderators() ), 'WHERE' => '(o.auth_option_id = a.auth_option_id OR o.auth_option_id = r.auth_option_id) - AND ((a.auth_setting = ' . ACL_NO . ' AND r.auth_setting IS NULL) - OR r.auth_setting = ' . ACL_NO . ') - AND a.group_id = ug.group_id - AND ug.user_id IN (' . implode(', ', $ug_id_ary) . ") - AND o.auth_option LIKE 'm\_%'", + AND ((a.auth_setting = ' . ACL_NO . ' AND r.auth_setting IS NULL) + OR r.auth_setting = ' . ACL_NO . ') + AND a.group_id = ug.group_id + AND ug.user_id IN (' . implode(', ', $ug_id_ary) . ") + AND o.auth_option LIKE 'm\_%'", )); $result = $db->sql_query($sql); @@ -1980,11 +2033,11 @@ function cache_moderators() */ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id = 0, $topic_id = 0, $user_id = 0, $limit_days = 0, $sort_by = 'l.log_time DESC') { - global $db, $user, $auth, $phpEx, $SID, $phpbb_root_path, $phpbb_admin_path; + global $db, $user, $auth, $phpEx, $phpbb_root_path, $phpbb_admin_path; $topic_id_list = $reportee_id_list = $is_auth = $is_mod = array(); - $profile_url = (defined('IN_ADMIN')) ? "{$phpbb_admin_path}index.$phpEx$SID&i=users&mode=overview" : "{$phpbb_root_path}memberlist.$phpEx$SID&mode=viewprofile"; + $profile_url = (defined('IN_ADMIN')) ? append_sid("{$phpbb_admin_path}index.$phpEx", 'i=users&mode=overview') : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile'); switch ($mode) { @@ -1992,7 +2045,7 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id $log_type = LOG_ADMIN; $sql_forum = ''; break; - + case 'mod': $log_type = LOG_MOD; @@ -2053,25 +2106,23 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id } $log[$i] = array( - 'id' => $row['log_id'], - + 'id' => $row['log_id'], 'reportee_id' => $row['reportee_id'], 'reportee_username' => '', - 'user_id' => $row['user_id'], 'username' => '<a href="' . $profile_url . '&u=' . $row['user_id'] . '">' . $row['username'] . '</a>', 'ip' => $row['log_ip'], 'time' => $row['log_time'], 'forum_id' => $row['forum_id'], 'topic_id' => $row['topic_id'], - - 'viewforum' => ($row['forum_id'] && $auth->acl_get('f_read', $row['forum_id'])) ? "{$phpbb_root_path}viewforum.$phpEx$SID&f=" . $row['forum_id'] : '', + + 'viewforum' => ($row['forum_id'] && $auth->acl_get('f_read', $row['forum_id'])) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']) : '', 'action' => (isset($user->lang[$row['log_operation']])) ? $user->lang[$row['log_operation']] : '{' . ucfirst(str_replace('_', ' ', $row['log_operation'])) . '}', ); if (!empty($row['log_data'])) { - $log_data_ary = unserialize(stripslashes($row['log_data'])); + $log_data_ary = unserialize($row['log_data']); if (isset($user->lang[$row['log_operation']])) { @@ -2097,19 +2148,39 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id $topic_id_list = array_unique($topic_id_list); // This query is not really needed if move_topics() updates the forum_id field, - // altough it's also used to determine if the topic still exists in the database + // although it's also used to determine if the topic still exists in the database $sql = 'SELECT topic_id, forum_id FROM ' . TOPICS_TABLE . ' WHERE topic_id IN (' . implode(', ', array_map('intval', $topic_id_list)) . ')'; $result = $db->sql_query($sql); + $default_forum_id = 0; + while ($row = $db->sql_fetchrow($result)) { - if ($auth->acl_get('f_read', $row['forum_id'])) + if (!$row['forum_id']) + { + if ($auth->acl_getf_global('f_read')) + { + if (!$default_forum_id) + { + $sql = 'SELECT forum_id + FROM ' . FORUMS_TABLE . ' + WHERE forum_type = ' . FORUM_POST; + $f_result = $db->sql_query_limit($sql, 1); + $default_forum_id = (int) $db->sql_fetchfield('forum_id', false, $f_result); + $db->sql_freeresult($f_result); + } + + $is_auth[$row['topic_id']] = $default_forum_id; + } + } + else { - // DEBUG!! - global topic - $config['default_forum_id'] = 2; - $is_auth[$row['topic_id']] = ($row['forum_id']) ? $row['forum_id'] : $config['default_forum_id']; + if ($auth->acl_get('f_read', $row['forum_id'])) + { + $is_auth[$row['topic_id']] = $row['forum_id']; + } } if ($auth->acl_gets('a_', 'm_', $row['forum_id'])) @@ -2117,11 +2188,12 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id $is_mod[$row['topic_id']] = $row['forum_id']; } } + $db->sql_freeresult($result); foreach ($log as $key => $row) { - $log[$key]['viewtopic'] = (isset($is_auth[$row['topic_id']])) ? "{$phpbb_root_path}viewtopic.$phpEx$SID&f=" . $is_auth[$row['topic_id']] . '&t=' . $row['topic_id'] : ''; - $log[$key]['viewlogs'] = (isset($is_mod[$row['topic_id']])) ? "{$phpbb_root_path}mcp.$phpEx$SID&i=logs&mode=topic_logs&t=" . $row['topic_id'] : ''; + $log[$key]['viewtopic'] = (isset($is_auth[$row['topic_id']])) ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $is_auth[$row['topic_id']] . '&t=' . $row['topic_id']) : ''; + $log[$key]['viewlogs'] = (isset($is_mod[$row['topic_id']])) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=logs&mode=topic_logs&t=' . $row['topic_id'], true, $user->session_id) : ''; } } @@ -2149,12 +2221,9 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id AND l.log_time >= $limit_days $sql_forum"; $result = $db->sql_query($sql); - - $row = $db->sql_fetchrow($result); + $log_count = (int) $db->sql_fetchfield('total_entries'); $db->sql_freeresult($result); - $log_count = $row['total_entries']; - return; } @@ -2171,7 +2240,6 @@ function view_warned_users(&$users, &$user_count, $limit = 0, $offset = 0, $limi ' . (($limit_days) ? "AND user_last_warning >= $limit_days" : '') . " ORDER BY $sort_by"; $result = $db->sql_query_limit($sql, $limit, $offset); - $users = $db->sql_fetchrowset($result); $db->sql_freeresult($result); @@ -2179,14 +2247,10 @@ function view_warned_users(&$users, &$user_count, $limit = 0, $offset = 0, $limi FROM ' . USERS_TABLE . ' WHERE user_warnings > 0 ' . (($limit_days) ? "AND user_last_warning >= $limit_days" : ''); - $result = $db->sql_query($sql); - - $row = $db->sql_fetchrow($result); + $user_count = (int) $db->sql_fetchfield('user_count'); $db->sql_freeresult($result); - $user_count = $row['user_count']; - return; } @@ -2198,13 +2262,15 @@ function get_database_size() { global $db, $user, $table_prefix; - // This code is heavily influenced by a similar routine - // in phpMyAdmin 2.2.0 + // This code is heavily influenced by a similar routine in phpMyAdmin 2.2.0 if (preg_match('#^mysql#', SQL_LAYER)) { - $result = $db->sql_query('SELECT VERSION() AS mysql_version'); + $sql = 'SELECT VERSION() AS mysql_version'; + $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); - if ($row = $db->sql_fetchrow($result)) + if ($row) { $version = $row['mysql_version']; @@ -2251,7 +2317,6 @@ function get_database_size() $sql = 'SELECT ((SUM(size) * 8.0) * 1024.0) as dbsize FROM sysfiles'; $result = $db->sql_query($sql); - $dbsize = ($row = $db->sql_fetchrow($result)) ? intval($row['dbsize']) : $user->lang['NOT_AVAILABLE']; $db->sql_freeresult($result); } diff --git a/phpBB/includes/functions_compress.php b/phpBB/includes/functions_compress.php index 51fbdab6ae..3be750e9bc 100644 --- a/phpBB/includes/functions_compress.php +++ b/phpBB/includes/functions_compress.php @@ -16,6 +16,9 @@ class compress { var $fp = 0; + /** + * Add file to archive + */ function add_file($src, $src_rm_prefix = '', $src_add_prefix = '', $skip_files = '') { global $phpbb_root_path; @@ -68,17 +71,23 @@ class compress $this->data("$src_path$path$file", file_get_contents("$phpbb_root_path$src$path$file"), false, stat("$phpbb_root_path$src$path$file")); } } - } + return true; } + /** + * Add custom file (the filepath will not be adjusted) + */ function add_custom_file($src, $filename) { $this->data($filename, file_get_contents($src), false, stat($src)); return true; } - + + /** + * Add file data + */ function add_data($src, $name) { $stat = array(); @@ -90,6 +99,9 @@ class compress return true; } + /** + * Return available methods + */ function methods() { $methods = array('.tar'); @@ -111,7 +123,7 @@ class compress /** * @package phpBB3 * -* Zip creation class from phpMyAdmin 2.3.0 © Tobias Ratschiller, Olivier Müller, Loïc Chapeaux, +* Zip creation class from phpMyAdmin 2.3.0 (c) Tobias Ratschiller, Olivier Müller, Loïc Chapeaux, * Marc Delisle, http://www.phpmyadmin.net/ * * Zip extraction function by Alexandre Tedeschi, alexandrebr at gmail dot com @@ -130,11 +142,17 @@ class compress_zip extends compress var $old_offset = 0; var $datasec_len = 0; + /** + * Constructor + */ function compress_zip($mode, $file) { return $this->fp = @fopen($file, $mode . 'b'); } + /** + * Convert unix to dos time + */ function unix_to_dos_time($time) { $timearray = (!$time) ? getdate() : getdate($time); @@ -149,6 +167,9 @@ class compress_zip extends compress return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1); } + /** + * Extract archive + */ function extract($dst) { // Loop the file, looking for files and folders @@ -276,10 +297,14 @@ class compress_zip extends compress trigger_error("Unexpected header, ending loop"); break 2; } + $dd_try = false; } } + /** + * Close archive + */ function close() { // Write out central file directory and footer ... if it exists @@ -290,7 +315,9 @@ class compress_zip extends compress fclose($this->fp); } - // Create the structures ... note we assume version made by is MSDOS + /** + * Create the structures ... note we assume version made by is MSDOS + */ function data($name, $data, $is_dir = false, $stat) { $name = str_replace('\\', '/', $name); @@ -327,6 +354,7 @@ class compress_zip extends compress // Are we a file or a directory? Set archive for file $attrib = ($is_dir) ? 16 : 32; + // File Record Header $fr = "\x50\x4b\x03\x04"; // Local file header 4bytes $fr .= pack('v', $var_ext); // ver needed to extract 2bytes @@ -351,21 +379,21 @@ class compress_zip extends compress // Central Directory Header $cdrec = "\x50\x4b\x01\x02"; // header 4bytes - $cdrec .= "\x00\x00"; // version made by + $cdrec .= "\x00\x00"; // version made by $cdrec .= pack('v', $var_ext); // version needed to extract - $cdrec .= "\x00\x00"; // gen purpose bit flag + $cdrec .= "\x00\x00"; // gen purpose bit flag $cdrec .= $c_method; // compression method - $cdrec .= $hexdtime; // last mod time & date - $cdrec .= pack('V', $crc); // crc32 - $cdrec .= pack('V', $c_len); // compressed filesize - $cdrec .= pack('V', $unc_len); // uncompressed filesize - $cdrec .= pack('v', strlen($name)); // length of filename - $cdrec .= pack('v', 0); // extra field length - $cdrec .= pack('v', 0); // file comment length - $cdrec .= pack('v', 0); // disk number start - $cdrec .= pack('v', 0); // internal file attributes + $cdrec .= $hexdtime; // last mod time & date + $cdrec .= pack('V', $crc); // crc32 + $cdrec .= pack('V', $c_len); // compressed filesize + $cdrec .= pack('V', $unc_len); // uncompressed filesize + $cdrec .= pack('v', strlen($name)); // length of filename + $cdrec .= pack('v', 0); // extra field length + $cdrec .= pack('v', 0); // file comment length + $cdrec .= pack('v', 0); // disk number start + $cdrec .= pack('v', 0); // internal file attributes $cdrec .= pack('V', $attrib); // external file attributes - $cdrec .= pack('V', $this->old_offset); // relative offset of local header + $cdrec .= pack('V', $this->old_offset); // relative offset of local header $cdrec .= $name; // Save to central directory @@ -374,6 +402,9 @@ class compress_zip extends compress $this->old_offset = $this->datasec_len; } + /** + * file + */ function file() { $ctrldir = implode('', $this->ctrl_dir); @@ -386,6 +417,9 @@ class compress_zip extends compress "\x00\x00"; // .zip file comment length } + /** + * Download archive + */ function download($filename) { global $phpbb_root_path; @@ -409,7 +443,7 @@ class compress_zip extends compress * @package phpBB3 * * Tar/tar.gz compression routine -* Header/checksum creation derived from tarfile.pl, © Tom Horsley, 1994 +* Header/checksum creation derived from tarfile.pl, (c) Tom Horsley, 1994 */ class compress_tar extends compress { @@ -420,6 +454,9 @@ class compress_tar extends compress var $type = ''; var $wrote = false; + /** + * Constructor + */ function compress_tar($mode, $file, $type = '') { $type = (!$type) ? $file : $type; @@ -432,6 +469,9 @@ class compress_tar extends compress $this->open(); } + /** + * Extract archive + */ function extract($dst) { $fzread = ($this->isbz && function_exists('bzread')) ? 'bzread' : (($this->isgz && extension_loaded('zlib')) ? 'gzread' : 'fread'); @@ -491,6 +531,9 @@ class compress_tar extends compress } } + /** + * Close archive + */ function close() { $fzclose = ($this->isbz && function_exists('bzclose')) ? 'bzclose' : (($this->isgz && extension_loaded('zlib')) ? 'gzclose' : 'fclose'); @@ -498,12 +541,17 @@ class compress_tar extends compress if ($this->wrote) { $fzwrite = ($this->isbz && function_exists('bzwrite')) ? 'bzwrite' : (($this->isgz && extension_loaded('zlib')) ? 'gzwrite' : 'fwrite'); - $fzwrite($this->fp, pack("a512", "")); // Symbolizes that there are no more files + + // Symbolizes that there are no more files + $fzwrite($this->fp, pack("a512", "")); } $fzclose($this->fp); } + /** + * Create the structures + */ function data($name, $data, $is_dir = false, $stat) { $this->wrote = true; @@ -513,12 +561,12 @@ class compress_tar extends compress // This is the header data, it contains all the info we know about the file or folder that we are about to archive $header = ''; - $header .= pack("a100", $name); // file name - $header .= pack("a8", sprintf("%07o", $stat[2])); // file mode - $header .= pack("a8", sprintf("%07o", $stat[4])); // owner id - $header .= pack("a8", sprintf("%07o", $stat[5])); // group id - $header .= pack("a12", sprintf("%011o", $stat[7])); // file size - $header .= pack("a12", sprintf("%011o", $stat[9])); // last mod time + $header .= pack("a100", $name); // file name + $header .= pack("a8", sprintf("%07o", $stat[2])); // file mode + $header .= pack("a8", sprintf("%07o", $stat[4])); // owner id + $header .= pack("a8", sprintf("%07o", $stat[5])); // group id + $header .= pack("a12", sprintf("%011o", $stat[7])); // file size + $header .= pack("a12", sprintf("%011o", $stat[9])); // last mod time // Checksum $checksum = 0; @@ -530,23 +578,26 @@ class compress_tar extends compress // We precompute the rest of the hash, this saves us time in the loop and allows us to insert our hash without resorting to string functions $checksum += 2415 + (($is_dir) ? 53 : 0); - $header .= pack("a8", sprintf("%07o", $checksum)); // checksum - $header .= pack("a1", $typeflag); // link indicator - $header .= pack("a100", ''); // name of linked file - $header .= pack("a6", 'ustar'); // ustar indicator - $header .= pack("a2", '00'); // ustar version - $header .= pack("a32", 'Unknown'); // owner name - $header .= pack("a32", 'Unknown'); // group name - $header .= pack("a8", ''); // device major number - $header .= pack("a8", ''); // device minor number - $header .= pack("a155", ''); // filename prefix - $header .= pack("a12", ''); // end + $header .= pack("a8", sprintf("%07o", $checksum)); // checksum + $header .= pack("a1", $typeflag); // link indicator + $header .= pack("a100", ''); // name of linked file + $header .= pack("a6", 'ustar'); // ustar indicator + $header .= pack("a2", '00'); // ustar version + $header .= pack("a32", 'Unknown'); // owner name + $header .= pack("a32", 'Unknown'); // group name + $header .= pack("a8", ''); // device major number + $header .= pack("a8", ''); // device minor number + $header .= pack("a155", ''); // filename prefix + $header .= pack("a12", ''); // end // This writes the entire file in one shot. Header, followed by data and then null padded to a multiple of 512 $fzwrite($this->fp, $header . (($stat[7] !== 0 && !$is_dir) ? $data . (($stat[7] % 512 > 0) ? str_repeat("\0", 512 - $stat[7] % 512) : '') : '')); unset($data); } + /** + * Open archive + */ function open() { $fzopen = ($this->isbz && function_exists('bzopen')) ? 'bzopen' : (($this->isgz && extension_loaded('zlib')) ? 'gzopen' : 'fopen'); @@ -558,6 +609,9 @@ class compress_tar extends compress } } + /** + * Download archive + */ function download($filename) { global $phpbb_root_path; diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php index 1f59fdf6de..aa91e4d761 100644 --- a/phpBB/includes/functions_display.php +++ b/phpBB/includes/functions_display.php @@ -14,7 +14,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_moderators = false) { global $db, $auth, $user, $template; - global $phpbb_root_path, $phpEx, $SID, $config; + global $phpbb_root_path, $phpEx, $config; $forum_rows = $subforums = $forum_ids = $forum_ids_moderator = $forum_moderators = $active_forum_ary = array(); $parent_id = $visible_forums = 0; @@ -56,11 +56,12 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod $sql_from = FORUMS_TABLE . ' f '; $lastread_select = $sql_lastread = ''; - $tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? unserialize(stripslashes($_COOKIE[$config['cookie_name'] . '_track'])) : array(); + $tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : ''; + $tracking_topics = ($tracking_topics) ? unserialize($tracking_topics) : array(); if (!$user->data['is_registered']) { - $user->data['user_lastmark'] = (isset($tracking_topics['l'])) ? base_convert($tracking_topics['l'], 36, 10) + $config['board_startdate'] : 0; + $user->data['user_lastmark'] = (isset($tracking_topics['l'])) ? (int) (base_convert($tracking_topics['l'], 36, 10) + $config['board_startdate']) : 0; } } @@ -108,7 +109,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod $right_id = $row['right_id']; continue; } - + $forum_ids[] = $forum_id; if ($config['load_db_lastread'] && $user->data['is_registered']) @@ -119,9 +120,9 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod { if (!$user->data['is_registered']) { - $user->data['user_lastmark'] = (isset($tracking_topics['l'])) ? base_convert($tracking_topics['l'], 36, 10) + $config['board_startdate'] : 0; + $user->data['user_lastmark'] = (isset($tracking_topics['l'])) ? (int) (base_convert($tracking_topics['l'], 36, 10) + $config['board_startdate']) : 0; } - $forum_tracking_info[$forum_id] = (isset($tracking_topics['f'][$forum_id])) ? base_convert($tracking_topics['f'][$forum_id], 36, 10) + $config['board_startdate'] : $user->data['user_lastmark']; + $forum_tracking_info[$forum_id] = (isset($tracking_topics['f'][$forum_id])) ? (int) (base_convert($tracking_topics['f'][$forum_id], 36, 10) + $config['board_startdate']) : $user->data['user_lastmark']; } // Display active topics from this forum? @@ -138,7 +139,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod } $active_forum_ary['forum_id'][] = $forum_id; - $active_forum_ary['enable_icons'][] = $row['enable_icons']; + $active_forum_ary['enable_icons'][] = $row['enable_icons']; $active_forum_ary['forum_topics'] += ($auth->acl_get('m_approve', $forum_id)) ? $row['forum_topics_real'] : $row['forum_topics']; $active_forum_ary['forum_posts'] += $row['forum_posts']; } @@ -162,7 +163,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod $subforums[$parent_id][$forum_id]['display'] = ($row['display_on_index']) ? true : false; $subforums[$parent_id][$forum_id]['name'] = $row['forum_name']; $subforums[$parent_id][$forum_id]['orig_forum_last_post_time'] = $row['forum_last_post_time']; - + $forum_rows[$parent_id]['forum_topics'] += ($auth->acl_get('m_approve', $forum_id)) ? $row['forum_topics_real'] : $row['forum_topics']; // Do not list redirects in LINK Forums as Posts. @@ -186,7 +187,6 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod } $forum_ids_moderator[$parent_id] = $forum_rows[$parent_id]['forum_id_last_post']; - } $db->sql_freeresult($result); @@ -207,11 +207,9 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod $message = sprintf($user->lang['RETURN_FORUM'], '<a href="' . $redirect . '">', '</a>'); } - + meta_refresh(3, $redirect); - - $message = $user->lang['FORUMS_MARKED'] . '<br /><br />' . $message; - trigger_error($message); + trigger_error($user->lang['FORUMS_MARKED'] . '<br /><br />' . $message); } // Grab moderators ... if necessary @@ -230,13 +228,13 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod if (!$row['parent_id'] && $row['forum_type'] == FORUM_CAT) { $template->assign_block_vars('forumrow', array( - 'S_IS_CAT' => true, - 'FORUM_ID' => $row['forum_id'], - 'FORUM_NAME' => $row['forum_name'], - 'FORUM_DESC' => generate_text_for_display($row['forum_desc'], $row['forum_desc_uid'], $row['forum_desc_bitfield']), + 'S_IS_CAT' => true, + 'FORUM_ID' => $row['forum_id'], + 'FORUM_NAME' => $row['forum_name'], + 'FORUM_DESC' => generate_text_for_display($row['forum_desc'], $row['forum_desc_uid'], $row['forum_desc_bitfield']), 'FORUM_FOLDER_IMG' => ($row['forum_image']) ? '<img src="' . $phpbb_root_path . $row['forum_image'] . '" alt="' . $user->lang['FORUM_CAT'] . '" />' : '', 'FORUM_FOLDER_IMG_SRC' => ($row['forum_image']) ? $phpbb_root_path . $row['forum_image'] : '', - 'U_VIEWFORUM' => "{$phpbb_root_path}viewforum.$phpEx$SID&f=" . $row['forum_id']) + 'U_VIEWFORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id'])) ); continue; @@ -263,14 +261,14 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod if ($subforum_row['display'] && $subforum_row['name']) { $subforums_list .= ($subforums_list == '') ? '' : ', '; - $subforums_list .= '<a href="' . $phpbb_root_path . "viewforum.$phpEx$SID&f=$subforum_id\">{$subforum_row['name']}</a>"; + $subforums_list .= '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $subforum_id) . '">' . $subforum_row['name'] . '</a>'; } else { unset($subforums[$forum_id][$subforum_id]); } } - + $l_subforums = (sizeof($subforums[$forum_id]) == 1) ? $user->lang['SUBFORUM'] . ': ' : $user->lang['SUBFORUMS'] . ': '; $folder_image = ($forum_unread) ? 'sub_forum_new' : 'sub_forum'; } @@ -305,9 +303,9 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod $last_post_time = $user->format_date($row['forum_last_post_time']); $last_poster = ($row['forum_last_poster_name'] != '') ? $row['forum_last_poster_name'] : $user->lang['GUEST']; - $last_poster_url = ($row['forum_last_poster_id'] == ANONYMOUS) ? '' : "{$phpbb_root_path}memberlist.$phpEx$SID&mode=viewprofile&u={$row['forum_last_poster_id']}"; + $last_poster_url = ($row['forum_last_poster_id'] == ANONYMOUS) ? '' : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['forum_last_poster_id']); - $last_post_url = "{$phpbb_root_path}viewtopic.$phpEx$SID&f=" . $row['forum_id_last_post'] . '&p=' . $row['forum_last_post_id'] . '#p' . $row['forum_last_post_id']; + $last_post_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id_last_post'] . '&p=' . $row['forum_last_post_id']) . '#p' . $row['forum_last_post_id']; } else { @@ -328,6 +326,8 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod $template->assign_block_vars('forumrow', array( 'S_IS_CAT' => false, 'S_IS_LINK' => ($row['forum_type'] == FORUM_LINK) ? true : false, + 'S_UNREAD_FORUM' => $forum_unread, + 'S_LOCKED_FORUM' => ($row['forum_status'] == ITEM_LOCKED) ? true : false, 'FORUM_ID' => $row['forum_id'], 'FORUM_NAME' => $row['forum_name'], @@ -341,23 +341,21 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod 'LAST_POSTER' => $last_poster, 'MODERATORS' => $moderators_list, - 'L_SUBFORUM_STR' => $l_subforums, - 'L_FORUM_FOLDER_ALT'=> $folder_alt, - 'L_MODERATOR_STR' => $l_moderator, + 'L_SUBFORUM_STR' => $l_subforums, + 'L_FORUM_FOLDER_ALT' => $folder_alt, + 'L_MODERATOR_STR' => $l_moderator, - 'U_VIEWFORUM' => ($row['forum_type'] != FORUM_LINK || $row['forum_flags'] & 1) ? "{$phpbb_root_path}viewforum.$phpEx$SID&f={$row['forum_id']}" : $row['forum_link'], + 'U_VIEWFORUM' => ($row['forum_type'] != FORUM_LINK || $row['forum_flags'] & 1) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']) : $row['forum_link'], 'U_LAST_POSTER' => $last_poster_url, - 'U_LAST_POST' => $last_post_url, - ) + 'U_LAST_POST' => $last_post_url) ); } $template->assign_vars(array( - 'U_MARK_FORUMS' => "{$phpbb_root_path}viewforum.$phpEx$SID&f=" . $root_data['forum_id'] . '&mark=forums', + 'U_MARK_FORUMS' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $root_data['forum_id'] . '&mark=forums'), 'S_HAS_SUBFORUM' => ($visible_forums) ? true : false, 'L_SUBFORUM' => ($visible_forums == 1) ? $user->lang['SUBFORUM'] : $user->lang['SUBFORUMS'], - 'LAST_POST_IMG' => $user->img('icon_post_latest', 'VIEW_LATEST_POST'), - ) + 'LAST_POST_IMG' => $user->img('icon_post_latest', 'VIEW_LATEST_POST')) ); if ($return_moderators) @@ -399,7 +397,7 @@ function generate_forum_rules(&$forum_data) function generate_forum_nav(&$forum_data) { global $db, $user, $template, $auth; - global $phpEx, $SID, $phpbb_root_path; + global $phpEx, $phpbb_root_path; if (!$auth->acl_get('f_list', $forum_data['forum_id'])) { @@ -426,7 +424,7 @@ function generate_forum_nav(&$forum_data) 'S_IS_POST' => ($parent_type == FORUM_POST) ? true : false, 'FORUM_NAME' => $parent_name, 'FORUM_ID' => $parent_forum_id, - 'U_VIEW_FORUM' => "{$phpbb_root_path}viewforum.$phpEx$SID&f=$parent_forum_id") + 'U_VIEW_FORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $parent_forum_id)) ); } @@ -436,7 +434,7 @@ function generate_forum_nav(&$forum_data) 'S_IS_POST' => ($forum_data['forum_type'] == FORUM_POST) ? true : false, 'FORUM_NAME' => $forum_data['forum_name'], 'FORUM_ID' => $forum_data['forum_id'], - 'U_VIEW_FORUM' => "{$phpbb_root_path}viewforum.$phpEx$SID&f=" . $forum_data['forum_id']) + 'U_VIEW_FORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_data['forum_id'])) ); $template->assign_vars(array( @@ -495,9 +493,9 @@ function get_forum_parents(&$forum_data) */ function topic_topic_author(&$topic_row) { - global $phpEx, $SID, $phpbb_root_path, $user; + global $phpEx, $phpbb_root_path, $user; - $topic_author = ($topic_row['topic_poster'] != ANONYMOUS) ? "<a href=\"{$phpbb_root_path}memberlist.$phpEx$SID&mode=viewprofile&u=" . $topic_row['topic_poster'] . '">' : ''; + $topic_author = ($topic_row['topic_poster'] != ANONYMOUS) ? '<a href="' . append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $topic_row['topic_poster']) . '">' : ''; $topic_author .= ($topic_row['topic_poster'] != ANONYMOUS) ? $topic_row['topic_first_poster_name'] : (($topic_row['topic_first_poster_name'] != '') ? $topic_row['topic_first_poster_name'] : $user->lang['GUEST']); $topic_author .= ($topic_row['topic_poster'] != ANONYMOUS) ? '</a>' : ''; @@ -519,7 +517,7 @@ function topic_generate_pagination($replies, $url) $times = 1; for ($j = 0; $j < $replies + 1; $j += $config['posts_per_page']) { - $pagination .= "<a href=\"$url&start=$j\">$times</a>"; + $pagination .= '<a href="' . $url . '&start=' . $j . '">' . $times . '</a>'; if ($times == 1 && $total_pages > 4) { $pagination .= ' ... '; @@ -546,7 +544,7 @@ function topic_generate_pagination($replies, $url) */ function get_moderators(&$forum_moderators, $forum_id = false) { - global $config, $template, $db, $phpbb_root_path, $phpEx, $SID; + global $config, $template, $db, $phpbb_root_path, $phpEx; // Have we disabled the display of moderators? If so, then return // from whence we came ... @@ -577,7 +575,7 @@ function get_moderators(&$forum_moderators, $forum_id = false) while ($row = $db->sql_fetchrow($result)) { - $forum_moderators[$row['forum_id']][] = (!empty($row['user_id'])) ? '<a href="' . $phpbb_root_path . "memberlist.$phpEx$SID&mode=viewprofile&u=" . $row['user_id'] . '">' . $row['username'] . '</a>' : '<a href="' . $phpbb_root_path . "memberlist.$phpEx$SID&mode=group&g=" . $row['group_id'] . '">' . $row['group_name'] . '</a>'; + $forum_moderators[$row['forum_id']][] = (!empty($row['user_id'])) ? '<a href="' . append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['user_id']) . '">' . $row['username'] . '</a>' : '<a href="' . append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=group&g=' . $row['group_id']) . '">' . $row['group_name'] . '</a>'; } $db->sql_freeresult($result); @@ -589,7 +587,7 @@ function get_moderators(&$forum_moderators, $forum_id = false) */ function gen_forum_auth_level($mode, $forum_id, $forum_status) { - global $SID, $template, $auth, $user, $config; + global $template, $auth, $user, $config; $locked = ($forum_status == ITEM_LOCKED && !$auth->acl_get('m_edit', $forum_id)) ? true : false; @@ -637,13 +635,13 @@ function topic_status(&$topic_row, $replies, $unread_topic, &$folder_img, &$fold $topic_type = $user->lang['VIEW_TOPIC_ANNOUNCEMENT']; $folder = 'folder_announce'; $folder_new = 'folder_announce_new'; - break; + break; case POST_STICKY: $topic_type = $user->lang['VIEW_TOPIC_STICKY']; $folder = 'folder_sticky'; $folder_new = 'folder_sticky_new'; - break; + break; default: if ($replies >= $config['hot_threshold']) @@ -656,7 +654,7 @@ function topic_status(&$topic_row, $replies, $unread_topic, &$folder_img, &$fold $folder = 'folder'; $folder_new = 'folder_new'; } - break; + break; } if ($topic_row['topic_status'] == ITEM_LOCKED) @@ -688,7 +686,7 @@ function topic_status(&$topic_row, $replies, $unread_topic, &$folder_img, &$fold function display_attachments($forum_id, $blockname, &$attachment_data, &$update_count, $force_physical = false, $return = false) { global $template, $cache, $user; - global $extensions, $config, $phpbb_root_path, $phpEx, $SID; + global $extensions, $config, $phpbb_root_path, $phpEx; $return_tpl = array(); @@ -715,13 +713,17 @@ function display_attachments($forum_id, $blockname, &$attachment_data, &$update_ $thumbnail_filename = $phpbb_root_path . $config['upload_path'] . '/thumb_' . basename($attachment['physical_filename']); $upload_icon = ''; - if ($user->img('icon_attach', '') && !$extensions[$attachment['extension']]['upload_icon']) - { - $upload_icon = $user->img('icon_attach', ''); - } - else if ($extensions[$attachment['extension']]['upload_icon']) + + if (isset($extensions[$attachment['extension']])) { - $upload_icon = '<img src="' . $phpbb_root_path . $config['upload_icons_path'] . '/' . trim($extensions[$attachment['extension']]['upload_icon']) . '" alt="" />'; + if ($user->img('icon_attach', '') && !$extensions[$attachment['extension']]['upload_icon']) + { + $upload_icon = $user->img('icon_attach', ''); + } + else if ($extensions[$attachment['extension']]['upload_icon']) + { + $upload_icon = '<img src="' . $phpbb_root_path . $config['upload_icons_path'] . '/' . trim($extensions[$attachment['extension']]['upload_icon']) . '" alt="" />'; + } } $filesize = $attachment['filesize']; @@ -796,7 +798,7 @@ function display_attachments($forum_id, $blockname, &$attachment_data, &$update_ // Images, but display Thumbnail case ATTACHMENT_CATEGORY_THUMB: $l_downloaded_viewed = $user->lang['VIEWED']; - $download_link = (!$force_physical && $attachment['attach_id']) ? $phpbb_root_path . "download.$phpEx$SID&id=" . $attachment['attach_id'] : $filename; + $download_link = (!$force_physical && $attachment['attach_id']) ? append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . $attachment['attach_id']) : $filename; $block_array += array( 'S_THUMBNAIL' => true, @@ -830,7 +832,7 @@ function display_attachments($forum_id, $blockname, &$attachment_data, &$update_ // Viewed/Heared File ... update the download count (download.php is not called here) $update_count[] = $attachment['attach_id']; - break; + break; /* // Macromedia Flash Files case SWF_CAT: @@ -851,7 +853,7 @@ function display_attachments($forum_id, $blockname, &$attachment_data, &$update_ */ default: $l_downloaded_viewed = $user->lang['DOWNLOADED']; - $download_link = (!$force_physical && $attachment['attach_id']) ? $phpbb_root_path . "download.$phpEx$SID&id=" . $attachment['attach_id'] : $filename; + $download_link = (!$force_physical && $attachment['attach_id']) ? append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . $attachment['attach_id']) : $filename; $block_array += array( 'S_FILE' => true, @@ -924,7 +926,7 @@ function display_reasons($reason_id = 0) function display_user_activity(&$userdata) { global $auth, $template, $db, $user; - global $phpbb_root_path, $SID, $phpEx; + global $phpbb_root_path, $phpEx; // Init new auth class if user is different if ($user->data['user_id'] != $userdata['user_id']) @@ -976,7 +978,7 @@ function display_user_activity(&$userdata) $post_count_sql GROUP BY f.forum_id ORDER BY COUNT(p.post_id) DESC"; - break; + break; default: $sql = 'SELECT f.forum_id, COUNT(p.post_id) AS num_posts @@ -1072,8 +1074,8 @@ function display_user_activity(&$userdata) 'ACTIVE_TOPIC' => censor_text($active_t_name), 'ACTIVE_TOPIC_POSTS' => ($active_t_count == 1) ? sprintf($user->lang['USER_POST'], 1) : sprintf($user->lang['USER_POSTS'], $active_t_count), 'ACTIVE_TOPIC_PCT' => sprintf($user->lang['POST_PCT'], $active_t_pct), - 'U_ACTIVE_FORUM' => "{$phpbb_root_path}viewforum.$phpEx$SID&f=$active_f_id", - 'U_ACTIVE_TOPIC' => "{$phpbb_root_path}viewtopic.$phpEx$SID&t=$active_t_id") + 'U_ACTIVE_FORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $active_f_id), + 'U_ACTIVE_TOPIC' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . $active_t_id)) ); } @@ -1082,7 +1084,7 @@ function display_user_activity(&$userdata) */ function watch_topic_forum($mode, &$s_watching, &$s_watching_img, $user_id, $forum_id, $topic_id, $notify_status = 'unset', $start = 0) { - global $template, $db, $user, $phpEx, $SID, $start, $phpbb_root_path; + global $template, $db, $user, $phpEx, $start, $phpbb_root_path; $table_sql = ($mode == 'forum') ? FORUMS_WATCH_TABLE : TOPICS_WATCH_TABLE; $where_sql = ($mode == 'forum') ? 'forum_id' : 'topic_id'; @@ -1121,9 +1123,11 @@ function watch_topic_forum($mode, &$s_watching, &$s_watching_img, $user_id, $for $db->sql_query($sql); } - meta_refresh(3, "view$mode.$phpEx$SID&$u_url=$match_id&start=$start"); + $redirect_url = append_sid("{$phpbb_root_path}view$mode.$phpEx", "$u_url=$match_id&start=$start"); + + meta_refresh(3, $redirect_url); - $message = $user->lang['NOT_WATCHING_' . strtoupper($mode)] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . "view$mode.$phpEx$SID&" . $u_url . "=$match_id&start=$start" . '">', '</a>'); + $message = $user->lang['NOT_WATCHING_' . strtoupper($mode)] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>'); trigger_error($message); } else @@ -1153,9 +1157,10 @@ function watch_topic_forum($mode, &$s_watching, &$s_watching_img, $user_id, $for $db->sql_query($sql); } - meta_refresh(3, "view$mode.$phpEx$SID&$u_url=$match_id&start=$start"); + $redirect_url = append_sid("{$phpbb_root_path}view$mode.$phpEx", "$u_url=$match_id&start=$start"); + meta_refresh(3, $redirect_url); - $message = $user->lang['ARE_WATCHING_' . strtoupper($mode)] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . "view$mode.$phpEx$SID&" . $u_url . "=$match_id&start=$start" . '">', '</a>'); + $message = $user->lang['ARE_WATCHING_' . strtoupper($mode)] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>'); trigger_error($message); } else @@ -1179,7 +1184,7 @@ function watch_topic_forum($mode, &$s_watching, &$s_watching_img, $user_id, $for if ($can_watch) { - $s_watching['link'] = "{$phpbb_root_path}view$mode.$phpEx$SID&$u_url=$match_id&" . (($is_watching) ? 'unwatch' : 'watch') . "=$mode&start=$start"; + $s_watching['link'] = append_sid("{$phpbb_root_path}view$mode.$phpEx", "$u_url=$match_id&" . (($is_watching) ? 'unwatch' : 'watch') . "=$mode&start=$start"); $s_watching['title'] = $user->lang[(($is_watching) ? 'STOP' : 'START') . '_WATCHING_' . strtoupper($mode)]; } diff --git a/phpBB/includes/functions_jabber.php b/phpBB/includes/functions_jabber.php index 9fd0386511..0f1a5df881 100644 --- a/phpBB/includes/functions_jabber.php +++ b/phpBB/includes/functions_jabber.php @@ -59,6 +59,9 @@ class jabber var $connector; + /** + * Constructor + */ function jabber() { $this->port = '5222'; @@ -93,6 +96,9 @@ class jabber ); } + /** + * Connect + */ function connect() { $this->connector = new cjp_standard_connector; @@ -120,6 +126,9 @@ class jabber } } + /** + * Disconnect + */ function disconnect() { if (is_int($this->delay_disconnect)) @@ -131,6 +140,9 @@ class jabber $this->connector->close_socket(); } + /** + * Cruise Control + */ function cruise_control($seconds = -1) { $count = 0; @@ -147,13 +159,12 @@ class jabber { $this->call_handler($packet); } - } while (sizeof($this->packet_queue) > 1); $count += 0.25; usleep(250000); - + if ($this->last_ping_time != date('H:i')) { // Modified by Nathan Fritz @@ -173,6 +184,9 @@ class jabber return true; } + /** + * Send authentication request + */ function send_auth() { $this->auth_id = 'auth_' . md5(time() . $_SERVER['REMOTE_ADDR']); @@ -208,13 +222,17 @@ class jabber } } + /** + * Register account + */ function account_registration($reg_email = NULL, $reg_name = NULL) { $packet = $this->send_iq($this->server, 'get', 'reg_01', 'jabber:iq:register'); if ($packet) { - $key = $this->get_info_from_iq_key($packet); // just in case a key was passed back from the server + // just in case a key was passed back from the server + $key = $this->get_info_from_iq_key($packet); unset($packet); $payload = "<username>{$this->username}</username> @@ -252,13 +270,17 @@ class jabber } } + /** + * Change password + */ function change_password($new_password) { $packet = $this->send_iq($this->server, 'get', 'A0', 'jabber:iq:register'); if ($packet) { - $key = $this->get_info_from_iq_key($packet); // just in case a key was passed back from the server + // just in case a key was passed back from the server + $key = $this->get_info_from_iq_key($packet); unset($packet); $payload = "<username>{$this->username}</username> @@ -292,6 +314,9 @@ class jabber } } + /** + * Send packet + */ function send_packet($xml) { $xml = trim($xml); @@ -299,8 +324,10 @@ class jabber return ($this->connector->write_to_socket($xml)) ? true : false; } - // get the transport registration fields - // method written by Steve Blinch, http://www.blitzaffe.com + /** + * get the transport registration fields + * method written by Steve Blinch, http://www.blitzaffe.com + */ function transport_registration_details($transport) { $this->txnid++; @@ -326,8 +353,10 @@ class jabber } } - // register with the transport - // method written by Steve Blinch, http://www.blitzaffe.com + /** + * register with the transport + * method written by Steve Blinch, http://www.blitzaffe.com + */ function transport_registration($transport, $details) { $this->txnid++; @@ -335,17 +364,18 @@ class jabber if ($packet) { - $key = $this->get_info_from_iq_key($packet); // just in case a key was passed back from the server + // just in case a key was passed back from the server + $key = $this->get_info_from_iq_key($packet); unset($packet); - + $payload = ($key) ? "<key>$key</key>\n" : ''; foreach ($details as $element => $value) { $payload .= "<$element>$value</$element>\n"; } - + $packet = $this->send_iq($transport, 'set', "reg_{$this->txnid}", "jabber:iq:register", $payload); - + if ($this->get_info_from_iq_type($packet) == 'result') { if (isset($packet['iq']['#']['query'][0]['#']['registered'][0]['#'])) @@ -374,6 +404,9 @@ class jabber } } + /** + * Listen to socket + */ function listen() { $incoming = ''; @@ -398,12 +431,18 @@ class jabber return true; } + /** + * Strip jid + */ function strip_jid($jid = NULL) { preg_match('#(.*)\/(.*)#Ui', $jid, $temp); return ($temp[1] != '') ? $temp[1] : $jid; } + /** + * Send a message + */ function send_message($to, $type = 'normal', $id = NULL, $content = NULL, $payload = NULL) { if ($to && is_array($content)) @@ -431,14 +470,7 @@ class jabber $xml .= $payload; $xml .= "</message>\n"; - if ($this->send_packet($xml)) - { - return true; - } - else - { - return false; - } + return ($this->send_packet($xml)) ? true : false; } else { @@ -446,6 +478,9 @@ class jabber } } + /** + * Send presence + */ function send_presence($type = NULL, $to = NULL, $status = NULL, $show = NULL, $priority = NULL) { $xml = '<presence'; @@ -462,6 +497,9 @@ class jabber return ($this->send_packet($xml)) ? true : false; } + /** + * Send error + */ function send_error($to, $id = NULL, $error_number, $error_message = NULL) { $xml = "<iq type='error' to='$to'"; @@ -475,11 +513,17 @@ class jabber $this->send_packet($xml); } + /** + * Get first from queue + */ function get_first_from_queue() { return array_shift($this->packet_queue); } + /** + * Get from queue by id + */ function get_from_queue_by_id($packet_type, $id) { $found_message = false; @@ -498,6 +542,9 @@ class jabber return (is_array($found_message)) ? $found_message : false; } + /** + * Call handler + */ function call_handler($packet = NULL) { $packet_type = $this->_get_packet_type($packet); @@ -538,6 +585,9 @@ class jabber } } + /** + * Send iq + */ function send_iq($to = NULL, $type = 'get', $id = NULL, $xmlns = NULL, $payload = NULL, $from = NULL) { if (!preg_match('#^(get|set|result|error)$#', $type)) @@ -569,11 +619,14 @@ class jabber } } - // ====================================================================== // private methods // ====================================================================== + /** + * Send auth + * @private + */ function _sendauth_ok($zerok_token, $zerok_sequence) { // initial hash of password @@ -598,6 +651,10 @@ class jabber return ($this->get_info_from_iq_type($packet) == 'result' && $this->get_info_from_iq_id($packet) == $this->auth_id) ? true : false; } + /** + * Send auth digest + * @private + */ function _sendauth_digest() { $payload = "<username>{$this->username}</username> @@ -610,6 +667,10 @@ class jabber return ($this->get_info_from_iq_type($packet) == 'result' && $this->get_info_from_iq_id($packet) == $this->auth_id) ? true : false; } + /** + * Send auth plain + * @private + */ function _sendauth_plaintext() { $payload = "<username>{$this->username}</username> @@ -622,6 +683,10 @@ class jabber return ($this->get_info_from_iq_type($packet) == 'result' && $this->get_info_from_iq_id($packet) == $this->auth_id) ? true : false; } + /** + * Listen on socket + * @private + */ function _listen_incoming() { $incoming = ''; @@ -635,6 +700,10 @@ class jabber return $this->xmlize($incoming); } + /** + * Check if connected + * @private + */ function _check_connected() { $incoming_array = $this->_listen_incoming(); @@ -660,6 +729,10 @@ class jabber } } + /** + * Split incoming packet + * @private + */ function _split_incoming($incoming) { $temp = preg_split('#<(message|iq|presence|stream)#', $incoming, -1, PREG_SPLIT_DELIM_CAPTURE); @@ -673,6 +746,10 @@ class jabber return $array; } + /** + * Get packet type + * @private + */ function _get_packet_type($packet = NULL) { if (is_array($packet)) @@ -684,8 +761,10 @@ class jabber return ($packet_type) ? $packet_type : false; } - // _array_htmlspecialchars() - // applies htmlspecialchars() to all values in an array + /** + * _array_htmlspecialchars() + * applies htmlspecialchars() to all values in an array + */ function _array_htmlspecialchars(&$array) { if (is_array($array)) @@ -703,36 +782,57 @@ class jabber // <message/> parsers // ====================================================================== + /** + * Get info from message (from) + */ function get_info_from_message_from($packet = NULL) { return (is_array($packet)) ? $packet['message']['@']['from'] : false; } + /** + * Get info from message (type) + */ function get_info_from_message_type($packet = NULL) { return (is_array($packet)) ? $packet['message']['@']['type'] : false; } + /** + * Get info from message (id) + */ function get_info_from_message_id($packet = NULL) { return (is_array($packet)) ? $packet['message']['@']['id'] : false; } + /** + * Get info from message (thread) + */ function get_info_from_message_thread($packet = NULL) { return (is_array($packet)) ? $packet['message']['#']['thread'][0]['#'] : false; } + /** + * Get info from message (subject) + */ function get_info_from_message_subject($packet = NULL) { return (is_array($packet)) ? $packet['message']['#']['subject'][0]['#'] : false; } + /** + * Get info from message (body) + */ function get_info_from_message_body($packet = NULL) { return (is_array($packet)) ? $packet['message']['#']['body'][0]['#'] : false; } + /** + * Get info from message (error) + */ function get_info_from_message_error($packet = NULL) { $error = preg_replace('#^\/$#', '', ($packet['message']['#']['error'][0]['@']['code'] . '/' . $packet['message']['#']['error'][0]['#'])); @@ -743,26 +843,41 @@ class jabber // <iq/> parsers // ====================================================================== + /** + * Get info from iq (from) + */ function get_info_from_iq_from($packet = NULL) { return (is_array($packet)) ? $packet['iq']['@']['from'] : false; } + /** + * Get info from iq (type) + */ function get_info_from_iq_type($packet = NULL) { return (is_array($packet)) ? $packet['iq']['@']['type'] : false; } + /** + * Get info from iq (id) + */ function get_info_from_iq_id($packet = NULL) { return (is_array($packet)) ? $packet['iq']['@']['id'] : false; } + /** + * Get info from iq (key) + */ function get_info_from_iq_key($packet = NULL) { return (is_array($packet) && isset($packet['iq']['#']['query'][0]['#']['key'][0]['#'])) ? $packet['iq']['#']['query'][0]['#']['key'][0]['#'] : false; } + /** + * Get info from iq (error) + */ function get_info_from_iq_error($packet = NULL) { $error = preg_replace('#^\/$#', '', ($packet['iq']['#']['error'][0]['@']['code'] . '/' . $packet['iq']['#']['error'][0]['#'])); @@ -773,11 +888,17 @@ class jabber // <message/> handlers // ====================================================================== + /** + * return message (from) + */ function handler_message_normal($packet) { $from = $packet['message']['@']['from']; } + /** + * return error (from) + */ function handler_message_error($packet) { $from = $packet['message']['@']['from']; @@ -787,7 +908,9 @@ class jabber // <iq/> handlers // ====================================================================== - // simple client authentication + /** + * simple client authentication + */ function handler_iq_jabber_iq_auth($packet) { $from = $this->get_info_from_iq_from($packet); @@ -796,7 +919,9 @@ class jabber $this->send_error($from, $id, 501); } - // method for interactive registration + /** + * method for interactive registration + */ function handler_iq_jabber_iq_register($packet) { $from = $this->get_info_from_iq_from($packet); @@ -805,7 +930,9 @@ class jabber $this->send_error($from, $id, 501); } - // keepalive method, added by Nathan Fritz + /** + * keepalive method, added by Nathan Fritz + */ function handler_iq_($packet) { if ($this->keep_alive_id == $this->get_info_from_iq_id($packet)) @@ -818,7 +945,9 @@ class jabber // Generic handlers // ====================================================================== - // Generic handler for unsupported requests + /** + * Generic handler for unsupported requests + */ function handler_not_implemented($packet) { $packet_type = $this->_get_packet_type($packet); @@ -831,8 +960,10 @@ class jabber // Third party code // m@d pr0ps to the coders ;) - // xmlize() - // (c) Hans Anderson / http://www.hansanderson.com/php/xml/ + /** + * xmlize() + * (c) Hans Anderson / http://www.hansanderson.com/php/xml/ + */ function xmlize($data) { $vals = $index = $array = array(); @@ -851,8 +982,10 @@ class jabber return $array; } - // _xml_depth() - // (c) Hans Anderson / http://www.hansanderson.com/php/xml/ + /** + * _xml_depth() + * (c) Hans Anderson / http://www.hansanderson.com/php/xml/ + */ function _xml_depth($vals, &$i) { $children = array(); @@ -868,7 +1001,7 @@ class jabber { case 'cdata': array_push($children, trim($vals[$i]['value'])); - break; + break; case 'complete': $tagname = $vals[$i]['tag']; @@ -878,7 +1011,7 @@ class jabber { $children[$tagname][$size]['@'] = $vals[$i]['attributes']; } - break; + break; case 'open': $tagname = $vals[$i]['tag']; @@ -892,19 +1025,21 @@ class jabber { $children[$tagname][$size]['#'] = $this->_xml_depth($vals, $i); } - break; + break; case 'close': return $children; - break; + break; } } return $children; } - // traverse_xmlize() - // (c) acebone@f2s.com, a HUGE help! + /** + * traverse_xmlize() + * (c) acebone@f2s.com, a HUGE help! + */ function traverse_xmlize($array, $arr_name = 'array', $level = 0) { if ($level == 0) @@ -935,7 +1070,6 @@ class jabber * @package phpBB3 * make_xml * Currently not in use -*/ class make_xml extends jabber { var $nodes; @@ -1036,6 +1170,7 @@ class make_xml extends jabber return (is_array($newarray)) ? $newarray : false; } } +*/ /** * @package phpBB3 @@ -1045,6 +1180,9 @@ class cjp_standard_connector { var $active_socket; + /** + * Open socket + */ function open_socket($server, $port) { if ($this->active_socket = @fsockopen($server, $port, $err, $err2, 5)) @@ -1060,19 +1198,30 @@ class cjp_standard_connector } } + /** + * Close socket + */ function close_socket() { return @fclose($this->active_socket); } + /** + * Write to socket + */ function write_to_socket($data) { return @fwrite($this->active_socket, $data); } + /** + * Read from socket + */ function read_from_socket($chunksize) { - $buffer = stripslashes(@fread($this->active_socket, $chunksize)); + $buffer = @fread($this->active_socket, $chunksize); + + //$buffer = (STRIP) ? stripslashes($buffer) : $buffer; //@set_magic_quotes_runtime(get_magic_quotes_gpc()); return $buffer; diff --git a/phpBB/includes/functions_messenger.php b/phpBB/includes/functions_messenger.php index b0ccc3b9b1..e4e035a9a4 100644 --- a/phpBB/includes/functions_messenger.php +++ b/phpBB/includes/functions_messenger.php @@ -21,6 +21,9 @@ class messenger var $use_queue = true; var $tpl_msg = array(); + /** + * Constructor + */ function messenger($use_queue = true) { global $config; @@ -36,7 +39,9 @@ class messenger $this->subject = ''; } - // Resets all the data (address, template file, etc etc) to default + /** + * Resets all the data (address, template file, etc etc) to default + */ function reset() { $this->addresses = array(); @@ -44,7 +49,9 @@ class messenger $this->mail_priority = MAIL_NORMAL_PRIORITY; } - // Sets an email address to send to + /** + * Sets an email address to send to + */ function to($address, $realname = '') { $pos = isset($this->addresses['to']) ? sizeof($this->addresses['to']) : 0; @@ -52,6 +59,9 @@ class messenger $this->addresses['to'][$pos]['name'] = trim($realname); } + /** + * Sets an cc address to send to + */ function cc($address, $realname = '') { $pos = isset($this->addresses['cc']) ? sizeof($this->addresses['cc']) : 0; @@ -59,6 +69,9 @@ class messenger $this->addresses['cc'][$pos]['name'] = trim($realname); } + /** + * Sets an bcc address to send to + */ function bcc($address, $realname = '') { $pos = isset($this->addresses['bcc']) ? sizeof($this->addresses['bcc']) : 0; @@ -66,6 +79,9 @@ class messenger $this->addresses['bcc'][$pos]['name'] = trim($realname); } + /** + * Sets a im contact to send to + */ function im($address, $realname = '') { $pos = isset($this->addresses['im']) ? sizeof($this->addresses['im']) : 0; @@ -73,33 +89,49 @@ class messenger $this->addresses['im'][$pos]['name'] = trim($realname); } + /** + * Set the reply to address + */ function replyto($address) { $this->replyto = trim($address); } + /** + * Set the from address + */ function from($address) { $this->from = trim($address); } - // set up subject for mail + /** + * set up subject for mail + */ function subject($subject = '') { $this->subject = trim($subject); } - // set up extra mail headers + /** + * set up extra mail headers + */ function headers($headers) { $this->extra_headers .= trim($headers) . "\n"; } + /** + * Set the email priority + */ function set_mail_priority($priority = MAIL_NORMAL_PRIORITY) { $this->mail_priority = $priority; } + /** + * Set email template to use + */ function template($template_file, $template_lang = '') { global $config, $phpbb_root_path; @@ -111,7 +143,7 @@ class messenger if (!trim($template_lang)) { - $template_lang = $config['default_lang']; + $template_lang = basename($config['default_lang']); } if (empty($this->tpl_msg[$template_lang . $template_file])) @@ -142,13 +174,17 @@ class messenger return true; } - // assign variables + /** + * assign variables to email template + */ function assign_vars($vars) { $this->vars = (empty($this->vars)) ? $vars : $this->vars + $vars; } - // Send the mail out to the recipients set previously in var $this->address + /** + * Send the mail out to the recipients set previously in var $this->addresses + */ function send($method = NOTIFY_EMAIL, $break = false) { global $config, $user; @@ -214,7 +250,7 @@ class messenger case NOTIFY_IM: $result = $this->msg_jabber(); break; - + case NOTIFY_BOTH: $result = $this->msg_email(); $this->msg_jabber(); @@ -225,6 +261,9 @@ class messenger return $result; } + /** + * Add error message to log + */ function error($type, $msg) { global $user, $phpEx, $phpbb_root_path; @@ -235,9 +274,9 @@ class messenger add_log('critical', 'LOG_ERROR_' . $type, $msg); } - // - // Messenger methods - // + /** + * Save to queue + */ function save_queue() { global $config; @@ -248,6 +287,9 @@ class messenger } } + /** + * Send out emails + */ function msg_email() { global $config, $user; @@ -343,6 +385,9 @@ class messenger return true; } + /** + * Send jabber message out + */ function msg_jabber() { global $config, $db, $user, $phpbb_root_path, $phpEx; @@ -406,8 +451,8 @@ class messenger { $this->queue->put('jabber', array( 'addresses' => $addresses, - 'subject' => htmlentities($this->subject), - 'msg' => htmlentities($this->msg)) + 'subject' => $this->subject, + 'msg' => $this->msg) ); } unset($addresses); @@ -417,8 +462,7 @@ class messenger /** * @package phpBB3 -* Queue -* At the moment it is only handling the email queue +* handling email and jabber queue */ class queue { @@ -427,6 +471,9 @@ class queue var $package_size = 0; var $cache_file = ''; + /** + * constructor + */ function queue() { global $phpEx, $phpbb_root_path; @@ -434,7 +481,10 @@ class queue $this->data = array(); $this->cache_file = "{$phpbb_root_path}cache/queue.$phpEx"; } - + + /** + * Init a queue object + */ function init($object, $package_size) { $this->data[$object] = array(); @@ -442,12 +492,18 @@ class queue $this->data[$object]['data'] = array(); } + /** + * Put object in queue + */ function put($object, $scope) { $this->data[$object]['data'][] = $scope; } - // Using lock file... + /** + * Process queue + * Using lock file + */ function process() { global $db, $config, $phpEx, $phpbb_root_path; @@ -599,6 +655,9 @@ class queue @unlink($this->cache_file . '.lock'); } + /** + * Save queue + */ function save() { if (!sizeof($this->data)) @@ -634,6 +693,10 @@ class queue } } + /** + * Format array + * @private + */ function format_array($array) { $lines = array(); @@ -703,13 +766,13 @@ function smtpmail($addresses, $subject, $message, &$err_msg, $encoding, $headers if (trim($subject) == '') { - $err_msg = 'No email Subject specified'; + $err_msg = (isset($user->lang['NO_EMAIL_SUBJECT'])) ? $user->lang['NO_EMAIL_SUBJECT'] : 'No email subject specified'; return false; } if (trim($message) == '') { - $err_msg = 'Email message was blank'; + $err_msg = (isset($user->lang['NO_EMAIL_MESSAGE'])) ? $user->lang['NO_EMAIL_MESSAGE'] : 'Email message was blank'; return false; } @@ -741,11 +804,10 @@ function smtpmail($addresses, $subject, $message, &$err_msg, $encoding, $headers $smtp = new smtp_class; - // Ok we have error checked as much as we can to this point let's get on - // it already. + // Ok we have error checked as much as we can to this point let's get on it already. if (!$smtp->socket = fsockopen($config['smtp_host'], $config['smtp_port'], $errno, $errstr, 20)) { - $err_msg = "Could not connect to smtp host : $errno : $errstr"; + $err_msg = (isset($user->lang['NO_CONNECT_TO_SMTP_HOST'])) ? sprintf($user->lang['NO_CONNECT_TO_SMTP_HOST'], $errno, $errstr) : "Could not connect to smtp host : $errno : $errstr"; return false; } @@ -807,7 +869,8 @@ function smtpmail($addresses, $subject, $message, &$err_msg, $encoding, $headers if (!$rcpt) { $user->session_begin(); - $err_msg .= '<br /><br />' . sprintf($user->lang['INVALID_EMAIL_LOG'], htmlspecialchars($mail_to_address)); + $err_msg .= '<br /><br />'; + $err_msg .= (isset($user->lang['INVALID_EMAIL_LOG'])) ? sprintf($user->lang['INVALID_EMAIL_LOG'], htmlspecialchars($mail_to_address)) : '<strong>' . htmlspecialchars($mail_to_address) . '</strong> possibly an invalid email address?'; $smtp->close_session(); return false; } @@ -870,7 +933,9 @@ class smtp_class var $commands = array(); var $numeric_response_code = 0; - // Send command to smtp server + /** + * Send command to smtp server + */ function server_send($command) { fputs($this->socket, $command . "\r\n"); @@ -878,9 +943,13 @@ class smtp_class // We could put additional code here } - // We use the line to give the support people an indication at which command the error occurred + /** + * We use the line to give the support people an indication at which command the error occurred + */ function server_parse($response, $line) { + global $user; + $this->server_response = ''; $this->responses = array(); $this->numeric_response_code = 0; @@ -889,7 +958,7 @@ class smtp_class { if (!($this->server_response = fgets($this->socket, 256))) { - return 'Could not get mail server response codes'; + return (isset($user->lang['NO_EMAIL_RESPONSE_CODE'])) ? $user->lang['NO_EMAIL_RESPONSE_CODE'] : 'Could not get mail server response codes'; } $this->responses[] = substr(rtrim($this->server_response), 4); $this->numeric_response_code = (int) substr($this->server_response, 0, 3); @@ -898,18 +967,23 @@ class smtp_class if (!(substr($this->server_response, 0, 3) == $response)) { $this->numeric_response_code = (int) substr($this->server_response, 0, 3); - return "Ran into problems sending Mail at <b>Line $line</b>. Response: $this->server_response"; + return (isset($user->lang['EMAIL_SMTP_ERROR_RESPONSE'])) ? sprintf($user->lang['EMAIL_SMTP_ERROR_RESPONSE'], $line, $this->server_response) : "Ran into problems sending Mail at <strong>Line $line</strong>. Response: $this->server_response"; } return 0; } + /** + * Close session + */ function close_session() { fclose($this->socket); } - // Log into server and get possible auth codes if neccessary + /** + * Log into server and get possible auth codes if neccessary + */ function log_into_server($hostname, $username, $password, $default_auth_method) { global $user; @@ -960,7 +1034,7 @@ class smtp_class if (!isset($this->commands['AUTH'])) { - return 'SMTP server does not support authentication'; + return (isset($user->lang['SMTP_NO_AUTH_SUPPORT'])) ? $user->lang['SMTP_NO_AUTH_SUPPORT'] : 'SMTP server does not support authentication'; } // Get best authentication method @@ -988,23 +1062,28 @@ class smtp_class if (!$method) { - return 'No supported authentication methods'; + return (isset($user->lang['NO_SUPPORTED_AUTH_METHODS'])) ? $user->lang['NO_SUPPORTED_AUTH_METHODS'] : 'No supported authentication methods'; } $method = strtolower(str_replace('-', '_', $method)); return $this->$method($username, $password); } + /** + * Pop before smtp authentication + */ function pop_before_smtp($hostname, $username, $password) { + global $user; + $old_socket = $this->socket; - + if (!$this->socket = fsockopen($hostname, 110, $errno, $errstr, 20)) { $this->socket = $old_socket; - return "Could not connect to smtp host : $errno : $errstr"; + return (isset($user->lang['NO_CONNECT_TO_SMTP_HOST'])) ? sprintf($user->lang['NO_CONNECT_TO_SMTP_HOST'], $errno, $errstr) : "Could not connect to smtp host : $errno : $errstr"; } - + $this->server_parse('0', __LINE__); if (substr($this->server_response, 0, 3) == '+OK') { @@ -1025,7 +1104,10 @@ class smtp_class return false; } - + + /** + * Plain authentication method + */ function plain($username, $password) { $this->server_send('AUTH PLAIN'); @@ -1044,6 +1126,9 @@ class smtp_class return false; } + /** + * Login authentication method + */ function login($username, $password) { $this->server_send('AUTH LOGIN'); @@ -1067,7 +1152,9 @@ class smtp_class return false; } - // The last two authentication mechanisms are a little bit tricky... + /** + * cram_md5 authentication method + */ function cram_md5($username, $password) { $this->server_send('AUTH CRAM-MD5'); @@ -1091,10 +1178,13 @@ class smtp_class return false; } - // A real pain in the *** + /** + * digest_md5 authentication method + * A real pain in the *** + */ function digest_md5($username, $password) { - global $config; + global $config, $user; $this->server_send('AUTH DIGEST-MD5'); if ($err_msg = $this->server_parse('334', __LINE__)) @@ -1179,9 +1269,9 @@ class smtp_class } else { - return 'Invalid digest challenge'; + return (isset($user->lang['INVALID_DIGEST_CHALLENGE'])) ? $user->lang['INVALID_DIGEST_CHALLENGE'] : 'Invalid digest challenge'; } - + $base64_method_digest_md5 = base64_encode($input_string); $this->server_send($base64_method_digest_md5); if ($err_msg = $this->server_parse('334', __LINE__)) @@ -1194,7 +1284,7 @@ class smtp_class { return $err_msg; } - + return false; } } diff --git a/phpBB/includes/functions_module.php b/phpBB/includes/functions_module.php index e1a629ca7c..6f45db1538 100644 --- a/phpBB/includes/functions_module.php +++ b/phpBB/includes/functions_module.php @@ -14,23 +14,15 @@ */ class p_master { - /**#@+ - * @access private - */ var $p_id; var $p_class; var $p_name; var $p_mode; var $p_parent; - var $acl_forup_id = false; - /**#@-*/ + var $acl_forum_id = false; - /**#@+ - * This array holds information on the list of modules - */ var $module_ary = array(); - /**#@-*/ /** * List modules @@ -40,8 +32,6 @@ class p_master * $this->module_y_ary is created with indentation information for * displaying the module list appropriately. Only modules for which * the user has access rights are included in these lists. - * - * @final */ function list_modules($p_class) { @@ -238,7 +228,7 @@ class p_master } $is_auth = false; - eval('$is_auth = (int) (' . preg_replace(array('#acl_([a-z_]+)(,\$id)?#', '#\$id#', '#aclf_([a-z_]+)#', '#cfg_([a-z_]+)#'), array('(int) $auth->acl_get("\\1"\\2)', '(int) $this->acl_forup_id', '(int) $auth->acl_getf_global("\\1")', '(int) $config["\\1"]'), $module_auth) . ');'); + eval('$is_auth = (int) (' . preg_replace(array('#acl_([a-z_]+)(,\$id)?#', '#\$id#', '#aclf_([a-z_]+)#', '#cfg_([a-z_]+)#'), array('(int) $auth->acl_get("\\1"\\2)', '(int) $this->acl_forum_id', '(int) $auth->acl_getf_global("\\1")', '(int) $config["\\1"]'), $module_auth) . ');'); return $is_auth; } @@ -300,12 +290,10 @@ class p_master * Loads currently active module * * This method loads a given module, passing it the relevant id and mode. - * - * @final */ function load_active($mode = false, $module_url = false, $execute_module = true) { - global $phpbb_root_path, $phpbb_admin_path, $phpEx, $SID, $user; + global $phpbb_root_path, $phpbb_admin_path, $phpEx, $user; $module_path = $phpbb_root_path . 'includes/' . $this->p_class; $icat = request_var('icat', ''); @@ -339,7 +327,7 @@ class p_master if (defined('IN_ADMIN')) { // Not being able to overwrite ;) - $this->module->u_action = "{$phpbb_admin_path}index.$phpEx$SID" . (($icat) ? '&icat=' . $icat : '') . "&i={$this->p_id}&mode={$this->p_mode}"; + $this->module->u_action = append_sid("{$phpbb_admin_path}index.$phpEx", "i={$this->p_id}") . (($icat) ? '&icat=' . $icat : '') . "&mode={$this->p_mode}"; } else { @@ -350,10 +338,10 @@ class p_master } else { - $this->module->u_action = "{$user->page['script_path']}/{$user->page['page_name']}"; + $this->module->u_action = $phpbb_root_path . (($user->page['page_dir']) ? $user->page['page_dir'] . '/' : '') . $user->page['page_name']; } - $this->module->u_action .= $SID . (($icat) ? '&icat=' . $icat : '') . "&i={$this->p_id}&mode={$this->p_mode}"; + $this->module->u_action = append_sid($this->module->u_action, "i={$this->p_id}") . (($icat) ? '&icat=' . $icat : '') . "&mode={$this->p_mode}"; } // Assign the module path for re-usage @@ -414,7 +402,7 @@ class p_master } break; } - + return $branch; } @@ -434,7 +422,7 @@ class p_master { // Go through the tree to find our branch $parent_tree = $parents[$row['module_id']]; - + foreach ($parent_tree as $id => $value) { if (!isset($branch[$id]) && isset($branch['child'])) @@ -452,7 +440,7 @@ class p_master $branch[$row['module_id']]['child'] = array(); } } - + return $tree; } diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index 914e4bd7a8..53f11651a3 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -13,7 +13,7 @@ */ function generate_smilies($mode, $forum_id) { - global $SID, $auth, $db, $user, $config, $template; + global $auth, $db, $user, $config, $template; global $phpEx, $phpbb_root_path; if ($mode == 'window') @@ -85,7 +85,7 @@ function generate_smilies($mode, $forum_id) { $template->assign_vars(array( 'S_SHOW_SMILEY_LINK' => true, - 'U_MORE_SMILIES' => $phpbb_root_path . "posting.$phpEx$SID&mode=smilies&f=$forum_id") + 'U_MORE_SMILIES' => append_sid("{$phpbb_root_path}posting.$phpEx", 'mode=smilies&f=' . $forum_id)) ); } @@ -197,7 +197,7 @@ function posting_gen_topic_icons($mode, $icon_id) { $template->assign_var('S_NO_ICON_CHECKED', ' checked="checked"'); } - + if (sizeof($icons)) { foreach ($icons as $id => $data) @@ -208,7 +208,7 @@ function posting_gen_topic_icons($mode, $icon_id) 'ICON_ID' => $id, 'ICON_IMG' => $phpbb_root_path . $config['icons_path'] . '/' . $data['img'], 'ICON_WIDTH' => $data['width'], - 'ICON_HEIGHT' => $data['height'], + 'ICON_HEIGHT' => $data['height'], 'S_CHECKED' => ($id == $icon_id) ? true : false, 'S_ICON_CHECKED' => ($id == $icon_id) ? ' checked="checked"' : '') @@ -236,9 +236,9 @@ function posting_gen_topic_types($forum_id, $cur_topic_type = POST_NORMAL) 'announce' => array('const' => POST_ANNOUNCE, 'lang' => 'POST_ANNOUNCEMENT'), 'global' => array('const' => POST_GLOBAL, 'lang' => 'POST_GLOBAL') ); - + $topic_type_array = array(); - + foreach ($topic_types as $auth_key => $topic_value) { // We do not have a special post global announcement permission @@ -262,7 +262,7 @@ function posting_gen_topic_types($forum_id, $cur_topic_type = POST_NORMAL) 'VALUE' => POST_NORMAL, 'S_CHECKED' => ($topic_type == POST_NORMAL) ? ' checked="checked"' : '', 'L_TOPIC_TYPE' => $user->lang['POST_NORMAL'])), - + $topic_type_array ); @@ -291,15 +291,15 @@ function posting_gen_topic_types($forum_id, $cur_topic_type = POST_NORMAL) function upload_attachment($form_name, $forum_id, $local = false, $local_storage = '', $is_message = false) { global $auth, $user, $config, $db, $cache; - global $phpbb_root_path; + global $phpbb_root_path, $phpEx; $filedata = array( 'error' => array() ); - include_once($phpbb_root_path . 'includes/functions_upload.php'); + include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx); $upload = new fileupload(); - + if (!$local) { $filedata['post_attach'] = ($upload->is_valid($form_name)) ? true : false; @@ -344,10 +344,10 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage $allowed_filesize = ($extensions[$file->get('extension')]['max_filesize'] != 0) ? $extensions[$file->get('extension')]['max_filesize'] : (($is_message) ? $config['max_filesize_pm'] : $config['max_filesize']); $file->upload->set_max_filesize($allowed_filesize); } - + $file->clean_filename('unique', $user->data['user_id'] . '_'); $file->move_file($config['upload_path']); - + if (sizeof($file->error)) { $file->remove(); @@ -387,7 +387,7 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage $filedata['post_attach'] = false; $file->remove(); - + return $filedata; } } @@ -421,8 +421,8 @@ function get_img_size_format($width, $height) round($width * ($max_width / $width)), round($height * ($max_width / $width)) ); - } - else + } + else { return array( round($width * ($max_width / $height)), @@ -456,11 +456,11 @@ function get_supported_image_types($type = false) case 12: $new_type = ($format & IMG_JPG) ? IMG_JPG : 0; break; - + case 3: $new_type = ($format & IMG_PNG) ? IMG_PNG : 0; break; - + case 6: case 15: $new_type = ($format & IMG_WBMP) ? IMG_WBMP : 0; @@ -480,7 +480,7 @@ function get_supported_image_types($type = false) } } } - + return array( 'gd' => ($new_type) ? true : false, 'format' => $new_type, @@ -541,11 +541,11 @@ function create_thumbnail($source, $destination, $mimetype) case IMG_JPG: $image = imagecreatefromjpeg($source); break; - + case IMG_PNG: $image = imagecreatefrompng($source); break; - + case IMG_WBMP: $image = imagecreatefromwbmp($source); break; @@ -561,21 +561,21 @@ function create_thumbnail($source, $destination, $mimetype) $new_image = imagecreatetruecolor($new_width, $new_height); imagecopyresampled($new_image, $image, 0, 0, 0, 0, $new_width, $new_height, $width, $height); } - + switch ($type['format']) { case IMG_GIF: imagegif($new_image, $destination); break; - + case IMG_JPG: imagejpeg($new_image, $destination, 90); break; - + case IMG_PNG: imagepng($new_image, $destination); break; - + case IMG_WBMP: imagewbmp($new_image, $destination); break; @@ -605,7 +605,7 @@ function posting_gen_inline_attachments(&$attachment_data) if (sizeof($attachment_data)) { $s_inline_attachment_options = ''; - + foreach ($attachment_data as $i => $attachment) { $s_inline_attachment_options .= '<option value="' . $i . '">' . $attachment['real_filename'] . '</option>'; @@ -624,8 +624,8 @@ function posting_gen_inline_attachments(&$attachment_data) */ function posting_gen_attachment_entry(&$attachment_data, &$filename_data) { - global $template, $config, $phpbb_root_path, $SID, $phpEx; - + global $template, $config, $phpbb_root_path, $phpEx; + $template->assign_vars(array( 'S_SHOW_ATTACH_BOX' => true) ); @@ -635,20 +635,20 @@ function posting_gen_attachment_entry(&$attachment_data, &$filename_data) $template->assign_vars(array( 'S_HAS_ATTACHMENTS' => true) ); - + $count = 0; foreach ($attachment_data as $attach_row) { $hidden = ''; - $attach_row['real_filename'] = stripslashes(basename($attach_row['real_filename'])); + $attach_row['real_filename'] = basename($attach_row['real_filename']); foreach ($attach_row as $key => $value) { $hidden .= '<input type="hidden" name="attachment_data[' . $count . '][' . $key . ']" value="' . $value . '" />'; } - - $download_link = (!$attach_row['attach_id']) ? $phpbb_root_path . $config['upload_path'] . '/' . basename($attach_row['physical_filename']) : $phpbb_root_path . "download.$phpEx$SID&id=" . intval($attach_row['attach_id']); - + + $download_link = (!$attach_row['attach_id']) ? $phpbb_root_path . $config['upload_path'] . '/' . basename($attach_row['physical_filename']) : append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . (int) $attach_row['attach_id']); + $template->assign_block_vars('attach_row', array( 'FILENAME' => basename($attach_row['real_filename']), 'ATTACH_FILENAME' => basename($attach_row['physical_filename']), @@ -682,7 +682,7 @@ function posting_gen_attachment_entry(&$attachment_data, &$filename_data) function load_drafts($topic_id = 0, $forum_id = 0, $id = 0) { global $user, $db, $template, $auth; - global $phpbb_root_path, $phpEx, $SID; + global $phpbb_root_path, $phpEx; $topic_ids = $forum_ids = $draft_rows = array(); @@ -695,8 +695,8 @@ function load_drafts($topic_id = 0, $forum_id = 0, $id = 0) else { $sql_and = ''; - $sql_and .= ($forum_id) ? ' AND d.forum_id = ' . $forum_id : ''; - $sql_and .= ($topic_id) ? ' AND d.topic_id = ' . $topic_id : ''; + $sql_and .= ($forum_id) ? ' AND d.forum_id = ' . (int) $forum_id : ''; + $sql_and .= ($topic_id) ? ' AND d.topic_id = ' . (int) $topic_id : ''; } $sql = 'SELECT d.*, f.forum_id, f.forum_name @@ -748,24 +748,24 @@ function load_drafts($topic_id = 0, $forum_id = 0, $id = 0) if (isset($topic_rows[$draft['topic_id']]) && $auth->acl_get('f_read', $topic_rows[$draft['topic_id']]['forum_id'])) { $link_topic = true; - $view_url = "{$phpbb_root_path}viewtopic.$phpEx$SID&f=" . $topic_rows[$draft['topic_id']]['forum_id'] . "&t=" . $draft['topic_id']; + $view_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $topic_rows[$draft['topic_id']]['forum_id'] . '&t=' . $draft['topic_id']); $title = $topic_rows[$draft['topic_id']]['topic_title']; - $insert_url = "{$phpbb_root_path}posting.$phpEx$SID&f=" . $topic_rows[$draft['topic_id']]['forum_id'] . '&t=' . $draft['topic_id'] . '&mode=reply&d=' . $draft['draft_id']; + $insert_url = append_sid("{$phpbb_root_path}posting.$phpEx", 'f=' . $topic_rows[$draft['topic_id']]['forum_id'] . '&t=' . $draft['topic_id'] . '&mode=reply&d=' . $draft['draft_id']); } else if ($draft['forum_id'] && $auth->acl_get('f_read', $draft['forum_id'])) { $link_forum = true; - $view_url = "{$phpbb_root_path}viewforum.$phpEx$SID&f=" . $draft['forum_id']; + $view_url = append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $draft['forum_id']); $title = $draft['forum_name']; - $insert_url = "{$phpbb_root_path}posting.$phpEx$SID&f=" . $draft['forum_id'] . '&mode=post&d=' . $draft['draft_id']; + $insert_url = append_sid("{$phpbb_root_path}posting.$phpEx", 'f=' . $draft['forum_id'] . '&mode=post&d=' . $draft['draft_id']); } else { // Either display as PM draft if forum_id and topic_id are empty or if access to the forums has been denied afterwards... $link_pm = true; - $insert_url = "{$phpbb_root_path}ucp.$phpEx$SID&i=$id&mode=compose&d=" . $draft['draft_id']; + $insert_url = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=$id&mode=compose&d={$draft['draft_id']}"); } $template->assign_block_vars('draftrow', array( @@ -790,7 +790,7 @@ function load_drafts($topic_id = 0, $forum_id = 0, $id = 0) function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id = 0, $show_quote_button = true) { global $user, $auth, $db, $template, $bbcode; - global $config, $phpbb_root_path, $phpEx, $SID; + global $config, $phpbb_root_path, $phpEx; // Go ahead and pull all data for this topic $sql = 'SELECT u.username, u.user_id, p.* @@ -820,7 +820,7 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id // Instantiate BBCode class if (!isset($bbcode) && $bbcode_bitfield) { - include_once($phpbb_root_path . 'includes/bbcode.'.$phpEx); + include_once($phpbb_root_path . 'includes/bbcode.' . $phpEx); $bbcode = new bbcode($bbcode_bitfield); } @@ -857,8 +857,8 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id 'MESSAGE' => str_replace("\n", '<br />', $message), 'U_POST_ID' => $row['post_id'], - 'U_MINI_POST' => "{$phpbb_root_path}viewtopic.$phpEx$SID&p=" . $row['post_id'] . '#p' . $row['post_id'], - 'U_MCP_DETAILS' => ($auth->acl_get('m_info', $forum_id)) ? "{$phpbb_root_path}mcp.$phpEx$SID&i=main&mode=post_details&p=" . $row['post_id'] : '', + 'U_MINI_POST' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'p=' . $row['post_id']) . '#p' . $row['post_id'], + 'U_MCP_DETAILS' => ($auth->acl_get('m_info', $forum_id)) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main&mode=post_details&p=' . $row['post_id'], true, $user->session_id) : '', 'U_QUOTE' => ($show_quote_button && $auth->acl_get('f_reply', $forum_id)) ? 'javascript:addquote(' . $row['post_id'] . ", '" . addslashes($poster) . "')" : '') ); unset($rowset[$i]); @@ -937,7 +937,7 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id ); } $db->sql_freeresult($result); - + // forum notification is sent to those not already receiving topic notifications if ($topic_notification) { @@ -1047,8 +1047,8 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id 'U_FORUM' => generate_board_url() . "/viewforum.$phpEx?f=$forum_id&e=0", 'U_TOPIC' => generate_board_url() . "/viewtopic.$phpEx?f=$forum_id&t=$topic_id&e=0", 'U_NEWEST_POST' => generate_board_url() . "/viewtopic.$phpEx?f=$forum_id&t=$topic_id&p=$post_id&e=$post_id", - 'U_STOP_WATCHING_TOPIC' => generate_board_url() . "/viewtopic.$phpEx?f=$forum_id&t=$topic_id&unwatch=topic", - 'U_STOP_WATCHING_FORUM' => generate_board_url() . "/viewforum.$phpEx?f=$forum_id&unwatch=forum", + 'U_STOP_WATCHING_TOPIC' => generate_board_url() . "/viewtopic.$phpEx?f=$forum_id&t=$topic_id&unwatch=topic", + 'U_STOP_WATCHING_FORUM' => generate_board_url() . "/viewforum.$phpEx?f=$forum_id&unwatch=forum", )); $messenger->send($addr['method']); @@ -1061,37 +1061,41 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id } // Handle the DB updates - $db->sql_transaction(); + $db->sql_transaction('begin'); if (!empty($update_notification['topic'])) { - $db->sql_query('UPDATE ' . TOPICS_WATCH_TABLE . " + $sql = 'UPDATE ' . TOPICS_WATCH_TABLE . " SET notify_status = 1 WHERE topic_id = $topic_id - AND user_id IN (" . implode(', ', $update_notification['topic']) . ")"); + AND user_id IN (" . implode(', ', $update_notification['topic']) . ")"; + $db->sql_query($sql); } if (!empty($update_notification['forum'])) { - $db->sql_query('UPDATE ' . FORUMS_WATCH_TABLE . " + $sql = 'UPDATE ' . FORUMS_WATCH_TABLE . " SET notify_status = 1 WHERE forum_id = $forum_id - AND user_id IN (" . implode(', ', $update_notification['forum']) . ")"); + AND user_id IN (" . implode(', ', $update_notification['forum']) . ")"; + $db->sql_query($sql); } // Now delete the user_ids not authorized to receive notifications on this topic/forum if (!empty($delete_ids['topic'])) { - $db->sql_query('DELETE FROM ' . TOPICS_WATCH_TABLE . " + $sql = 'DELETE FROM ' . TOPICS_WATCH_TABLE . " WHERE topic_id = $topic_id - AND user_id IN (" . implode(', ', $delete_ids['topic']) . ")"); + AND user_id IN (" . implode(', ', $delete_ids['topic']) . ")"; + $db->sql_query($sql); } if (!empty($delete_ids['forum'])) { - $db->sql_query('DELETE FROM ' . FORUMS_WATCH_TABLE . " + $sql = 'DELETE FROM ' . FORUMS_WATCH_TABLE . " WHERE forum_id = $forum_id - AND user_id IN (" . implode(', ', $delete_ids['forum']) . ")"); + AND user_id IN (" . implode(', ', $delete_ids['forum']) . ")"; + $db->sql_query($sql); } $db->sql_transaction('commit'); @@ -1107,7 +1111,7 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id function delete_post($forum_id, $topic_id, $post_id, &$data) { global $db, $user, $auth; - global $config, $phpEx, $SID, $phpbb_root_path; + global $config, $phpEx, $phpbb_root_path; // Specify our post mode $post_mode = ($data['topic_first_post_id'] == $data['topic_last_post_id']) ? 'delete_topic' : (($data['topic_first_post_id'] == $post_id) ? 'delete_first_post' : (($data['topic_last_post_id'] == $post_id) ? 'delete_last_post' : 'delete')); @@ -1116,7 +1120,7 @@ function delete_post($forum_id, $topic_id, $post_id, &$data) include_once($phpbb_root_path . 'includes/functions_admin.' . $phpEx); - $db->sql_transaction(); + $db->sql_transaction('begin'); if (!delete_posts('post_id', array($post_id), false, false)) { @@ -1150,7 +1154,7 @@ function delete_post($forum_id, $topic_id, $post_id, &$data) $sql_data[FORUMS_TABLE] .= ($sql_data[FORUMS_TABLE]) ? ', ' : ''; $sql_data[FORUMS_TABLE] .= implode(', ', $update_sql[$forum_id]); } - + $sql_data[TOPICS_TABLE] = 'topic_replies_real = topic_replies_real - 1' . (($data['post_approved']) ? ', topic_replies = topic_replies - 1' : ''); break; @@ -1187,7 +1191,7 @@ function delete_post($forum_id, $topic_id, $post_id, &$data) $sql_data[FORUMS_TABLE] .= ($sql_data[FORUMS_TABLE]) ? ', ' : ''; $sql_data[FORUMS_TABLE] .= implode(', ', $update_sql[$forum_id]); } - + $sql_data[TOPICS_TABLE] = 'topic_bumped = 0, topic_bumper = 0, topic_replies_real = topic_replies_real - 1' . (($data['post_approved']) ? ', topic_replies = topic_replies - 1' : ''); $update_sql = update_post_information('topic', $topic_id, true); @@ -1234,7 +1238,7 @@ function delete_post($forum_id, $topic_id, $post_id, &$data) $sql_data[USERS_TABLE] = ($auth->acl_get('f_postcount', $forum_id)) ? 'user_posts = user_posts - 1' : ''; set_config('num_posts', $config['num_posts'] - 1, true); - $db->sql_transaction(); + $db->sql_transaction('begin'); $where_sql = array( FORUMS_TABLE => "forum_id = $forum_id", @@ -1281,7 +1285,7 @@ function delete_post($forum_id, $topic_id, $post_id, &$data) */ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $update_message = true) { - global $db, $auth, $user, $config, $phpEx, $SID, $template, $phpbb_root_path; + global $db, $auth, $user, $config, $phpEx, $template, $phpbb_root_path; // We do not handle erasing posts here if ($mode == 'delete') @@ -1316,19 +1320,19 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u case 'post': case 'reply': $sql_data[POSTS_TABLE]['sql'] = array( - 'forum_id' => ($topic_type == POST_GLOBAL) ? 0 : $data['forum_id'], - 'poster_id' => (int) $user->data['user_id'], + 'forum_id' => ($topic_type == POST_GLOBAL) ? 0 : $data['forum_id'], + 'poster_id' => (int) $user->data['user_id'], 'icon_id' => $data['icon_id'], - 'poster_ip' => $user->ip, + 'poster_ip' => $user->ip, 'post_time' => $current_time, - 'post_approved' => ($auth->acl_get('f_moderate', $data['forum_id']) && !$auth->acl_get('m_approve', $data['forum_id'])) ? 0 : 1, - 'enable_bbcode' => $data['enable_bbcode'], - 'enable_smilies' => $data['enable_smilies'], - 'enable_magic_url' => $data['enable_urls'], - 'enable_sig' => $data['enable_sig'], + 'post_approved' => (!$auth->acl_get('f_noapprove', $data['forum_id']) && !$auth->acl_get('m_approve', $data['forum_id'])) ? 0 : 1, + 'enable_bbcode' => $data['enable_bbcode'], + 'enable_smilies' => $data['enable_smilies'], + 'enable_magic_url' => $data['enable_urls'], + 'enable_sig' => $data['enable_sig'], 'post_username' => (!$user->data['is_registered']) ? $username : '', 'post_subject' => $subject, - 'post_text' => $data['message'], + 'post_text' => $data['message'], 'post_checksum' => $data['message_md5'], 'post_encoding' => $user->lang['ENCODING'], 'post_attachment' => (isset($data['filename_data']['physical_filename']) && sizeof($data['filename_data'])) ? 1 : 0, @@ -1340,7 +1344,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u case 'edit_first_post': case 'edit': - + if (!$auth->acl_gets('m_', 'a_') || $data['post_edit_reason']) { $sql_data[POSTS_TABLE]['sql'] = array( @@ -1370,14 +1374,14 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u } $sql_data[POSTS_TABLE]['sql'] = array_merge($sql_data[POSTS_TABLE]['sql'], array( - 'forum_id' => ($topic_type == POST_GLOBAL) ? 0 : $data['forum_id'], - 'poster_id' => $data['poster_id'], + 'forum_id' => ($topic_type == POST_GLOBAL) ? 0 : $data['forum_id'], + 'poster_id' => $data['poster_id'], 'icon_id' => $data['icon_id'], - 'post_approved' => ($auth->acl_get('f_moderate', $data['forum_id']) && !$auth->acl_get('m_approve', $data['forum_id'])) ? 0 : 1, - 'enable_bbcode' => $data['enable_bbcode'], - 'enable_smilies' => $data['enable_smilies'], - 'enable_magic_url' => $data['enable_urls'], - 'enable_sig' => $data['enable_sig'], + 'post_approved' => (!$auth->acl_get('f_noapprove', $data['forum_id']) && !$auth->acl_get('m_approve', $data['forum_id'])) ? 0 : 1, + 'enable_bbcode' => $data['enable_bbcode'], + 'enable_smilies' => $data['enable_smilies'], + 'enable_magic_url' => $data['enable_urls'], + 'enable_sig' => $data['enable_sig'], 'post_username' => ($username && $data['poster_id'] == ANONYMOUS) ? $username : '', 'post_subject' => $subject, 'post_edit_reason' => $data['post_edit_reason'], @@ -1405,10 +1409,10 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u $sql_data[TOPICS_TABLE]['sql'] = array( 'topic_poster' => (int) $user->data['user_id'], 'topic_time' => $current_time, - 'forum_id' => ($topic_type == POST_GLOBAL) ? 0 : $data['forum_id'], + 'forum_id' => ($topic_type == POST_GLOBAL) ? 0 : $data['forum_id'], 'icon_id' => $data['icon_id'], - 'topic_approved' => ($auth->acl_get('f_moderate', $data['forum_id']) && !$auth->acl_get('m_approve', $data['forum_id'])) ? 0 : 1, - 'topic_title' => $subject, + 'topic_approved' => (!$auth->acl_get('f_noapprove', $data['forum_id']) && !$auth->acl_get('m_approve', $data['forum_id'])) ? 0 : 1, + 'topic_title' => $subject, 'topic_first_poster_name' => (!$user->data['is_registered'] && $username) ? $username : (($user->data['user_id'] != ANONYMOUS) ? $user->data['username'] : ''), 'topic_type' => $topic_type, 'topic_time_limit' => ($topic_type == POST_STICKY || $topic_type == POST_ANNOUNCE) ? ($data['topic_time_limit'] * 86400) : 0, @@ -1430,19 +1434,19 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u if ($topic_type != POST_GLOBAL) { - if (!$auth->acl_get('f_moderate', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id'])) + if ($auth->acl_get('f_noapprove', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id'])) { $sql_data[FORUMS_TABLE]['stat'][] = 'forum_posts = forum_posts + 1'; } - $sql_data[FORUMS_TABLE]['stat'][] = 'forum_topics_real = forum_topics_real + 1' . ((!$auth->acl_get('f_moderate', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id'])) ? ', forum_topics = forum_topics + 1' : ''); + $sql_data[FORUMS_TABLE]['stat'][] = 'forum_topics_real = forum_topics_real + 1' . (($auth->acl_get('f_noapprove', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id'])) ? ', forum_topics = forum_topics + 1' : ''); } break; case 'reply': - $sql_data[TOPICS_TABLE]['stat'][] = 'topic_replies_real = topic_replies_real + 1, topic_bumped = 0, topic_bumper = 0' . ((!$auth->acl_get('f_moderate', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id'])) ? ', topic_replies = topic_replies + 1' : ''); + $sql_data[TOPICS_TABLE]['stat'][] = 'topic_replies_real = topic_replies_real + 1, topic_bumped = 0, topic_bumper = 0' . (($auth->acl_get('f_noapprove', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id'])) ? ', topic_replies = topic_replies + 1' : ''); $sql_data[USERS_TABLE]['stat'][] = "user_lastpost_time = $current_time" . (($auth->acl_get('f_postcount', $data['forum_id'])) ? ', user_posts = user_posts + 1' : ''); - if ((!$auth->acl_get('f_moderate', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id'])) && $topic_type != POST_GLOBAL) + if (($auth->acl_get('f_noapprove', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id'])) && $topic_type != POST_GLOBAL) { $sql_data[FORUMS_TABLE]['stat'][] = 'forum_posts = forum_posts + 1'; } @@ -1452,10 +1456,10 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u case 'edit_first_post': $sql_data[TOPICS_TABLE]['sql'] = array( - 'forum_id' => ($topic_type == POST_GLOBAL) ? 0 : $data['forum_id'], + 'forum_id' => ($topic_type == POST_GLOBAL) ? 0 : $data['forum_id'], 'icon_id' => $data['icon_id'], - 'topic_approved' => ($auth->acl_get('f_moderate', $data['forum_id']) && !$auth->acl_get('m_approve', $data['forum_id'])) ? 0 : 1, - 'topic_title' => $subject, + 'topic_approved' => (!$auth->acl_get('f_noapprove', $data['forum_id']) && !$auth->acl_get('m_approve', $data['forum_id'])) ? 0 : 1, + 'topic_title' => $subject, 'topic_first_poster_name' => $username, 'topic_type' => $topic_type, 'topic_time_limit' => ($topic_type == POST_STICKY || $topic_type == POST_ANNOUNCE) ? ($data['topic_time_limit'] * 86400) : 0, @@ -1470,7 +1474,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u break; } - $db->sql_transaction(); + $db->sql_transaction('begin'); // Submit new topic if ($post_mode == 'post') @@ -1565,17 +1569,19 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u // Update the topics table if (isset($sql_data[TOPICS_TABLE]['sql'])) { - $db->sql_query('UPDATE ' . TOPICS_TABLE . ' + $sql = 'UPDATE ' . TOPICS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_data[TOPICS_TABLE]['sql']) . ' - WHERE topic_id = ' . $data['topic_id']); + WHERE topic_id = ' . $data['topic_id']; + $db->sql_query($sql); } // Update the posts table if (isset($sql_data[POSTS_TABLE]['sql'])) { - $db->sql_query('UPDATE ' . POSTS_TABLE . ' + $sql = 'UPDATE ' . POSTS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_data[POSTS_TABLE]['sql']) . ' - WHERE post_id = ' . $data['post_id']); + WHERE post_id = ' . $data['post_id']; + $db->sql_query($sql); } // Update Poll Tables @@ -1672,7 +1678,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u { continue; } - + $attach_sql = array( 'post_msg_id' => $data['post_id'], 'topic_id' => $data['topic_id'], @@ -1753,7 +1759,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u } // Update total post count, do not consider moderated posts/topics - if (!$auth->acl_get('f_moderate', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id'])) + if ($auth->acl_get('f_noapprove', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id'])) { if ($post_mode == 'post') { @@ -1768,7 +1774,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u } // Update forum stats - $db->sql_transaction(); + $db->sql_transaction('begin'); $where_sql = array(POSTS_TABLE => 'post_id = ' . $data['post_id'], TOPICS_TABLE => 'topic_id = ' . $data['topic_id'], FORUMS_TABLE => 'forum_id = ' . $data['forum_id'], USERS_TABLE => 'user_id = ' . $user->data['user_id']); @@ -1783,26 +1789,27 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u // Delete topic shadows (if any exist). We do not need a shadow topic for an global announcement if ($make_global) { - $db->sql_query('DELETE FROM ' . TOPICS_TABLE . ' - WHERE topic_moved_id = ' . $data['topic_id']); + $sql = 'DELETE FROM ' . TOPICS_TABLE . ' + WHERE topic_moved_id = ' . $data['topic_id']; + $db->sql_query($sql); } // Index message contents if ($update_message && $data['enable_indexing']) { // Select the search method and do some additional checks to ensure it can actually be utilised - $search_type = $config['search_type']; - + $search_type = basename($config['search_type']); + if (!file_exists($phpbb_root_path . 'includes/search/' . $search_type . '.' . $phpEx)) { trigger_error('NO_SUCH_SEARCH_MODULE'); } - + require("{$phpbb_root_path}includes/search/$search_type.$phpEx"); $error = false; $search = new $search_type($error); - + if ($error) { trigger_error($error); @@ -1817,7 +1824,10 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u $draft_id = request_var('draft_loaded', 0); if ($draft_id) { - $db->sql_query('DELETE FROM ' . DRAFTS_TABLE . " WHERE draft_id = $draft_id AND user_id = " . $user->data['user_id']); + $sql = 'DELETE FROM ' . DRAFTS_TABLE . " + WHERE draft_id = $draft_id + AND user_id = {$user->data['user_id']}"; + $db->sql_query($sql); } // Topic Notification, do not change if moderator is changing other users posts... @@ -1849,18 +1859,18 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u markread('topic', $data['forum_id'], $data['topic_id'], time()); // Send Notifications - if ($mode != 'edit' && $mode != 'delete' && (!$auth->acl_get('f_moderate', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id']))) + if ($mode != 'edit' && $mode != 'delete' && ($auth->acl_get('f_noapprove', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id']))) { user_notification($mode, $subject, $data['topic_title'], $data['forum_name'], $data['forum_id'], $data['topic_id'], $data['post_id']); } if ($mode == 'post') { - $url = (!$auth->acl_get('f_moderate', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id'])) ? "{$phpbb_root_path}viewtopic.$phpEx$SID&f=" . $data['forum_id'] . '&t=' . $data['topic_id'] : "{$phpbb_root_path}viewforum.$phpEx$SID&f=" . $data['forum_id']; + $url = ($auth->acl_get('f_noapprove', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id'])) ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $data['forum_id'] . '&t=' . $data['topic_id']) : append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $data['forum_id']); } else { - $url = (!$auth->acl_get('f_moderate', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id'])) ? "{$phpbb_root_path}viewtopic.$phpEx$SID&f={$data['forum_id']}&t={$data['topic_id']}&p={$data['post_id']}#p{$data['post_id']}" : "{$phpbb_root_path}viewtopic.$phpEx$SID&f={$data['forum_id']}&t={$data['topic_id']}"; + $url = ($auth->acl_get('f_noapprove', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id'])) ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f={$data['forum_id']}&t={$data['topic_id']}&p={$data['post_id']}") . "#p{$data['post_id']}" : append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f={$data['forum_id']}&t={$data['topic_id']}"); } return $url; diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php index ebbb119851..25b8ee8fbb 100644 --- a/phpBB/includes/functions_privmsgs.php +++ b/phpBB/includes/functions_privmsgs.php @@ -20,25 +20,25 @@ if (!defined('IN_PHPBB')) 1) Add an appropiate constant 2) Add a new check array to the global_privmsgs_rules variable and the condition array (if one is required) 3) Add a new language variable to ucp.php - + The user is then able to select the new rule. It will be checked against and handled as specified. To add new actions (yes, checks can be added here too) to the rule management, the core code has to be modified. */ -define('RULE_IS_LIKE', 1); // Is Like -define('RULE_IS_NOT_LIKE', 2); // Is Not Like -define('RULE_IS', 3); // Is -define('RULE_IS_NOT', 4); // Is Not -define('RULE_BEGINS_WITH', 5); // Begins with -define('RULE_ENDS_WITH', 6); // Ends with -define('RULE_IS_FRIEND', 7); // Is Friend -define('RULE_IS_FOE', 8); // Is Foe -define('RULE_IS_USER', 9); // Is User -define('RULE_IS_GROUP', 10); // Is In Usergroup -define('RULE_ANSWERED', 11); // Answered -define('RULE_FORWARDED', 12); // Forwarded -define('RULE_TO_GROUP', 14); // Usergroup -define('RULE_TO_ME', 15); // Me +define('RULE_IS_LIKE', 1); // Is Like +define('RULE_IS_NOT_LIKE', 2); // Is Not Like +define('RULE_IS', 3); // Is +define('RULE_IS_NOT', 4); // Is Not +define('RULE_BEGINS_WITH', 5); // Begins with +define('RULE_ENDS_WITH', 6); // Ends with +define('RULE_IS_FRIEND', 7); // Is Friend +define('RULE_IS_FOE', 8); // Is Foe +define('RULE_IS_USER', 9); // Is User +define('RULE_IS_GROUP', 10); // Is In Usergroup +define('RULE_ANSWERED', 11); // Answered +define('RULE_FORWARDED', 12); // Forwarded +define('RULE_TO_GROUP', 14); // Usergroup +define('RULE_TO_ME', 15); // Me define('ACTION_PLACE_INTO_FOLDER', 1); define('ACTION_MARK_AS_READ', 2); @@ -51,6 +51,10 @@ define('CHECK_MESSAGE', 3); define('CHECK_STATUS', 4); define('CHECK_TO', 5); +/** +* Global private message rules +* These rules define what to do if a rule is hit +*/ $global_privmsgs_rules = array( CHECK_SUBJECT => array( RULE_IS_LIKE => array('check0' => 'message_subject', 'function' => 'preg_match("/" . preg_quote({STRING}, "/") . "/i", {CHECK0})'), @@ -71,23 +75,25 @@ $global_privmsgs_rules = array( RULE_IS_FOE => array('check0' => 'foe', 'function' => '{CHECK0} == 1'), RULE_IS_USER => array('check0' => 'author_id', 'function' => '{CHECK0} == {USER_ID}'), RULE_IS_GROUP => array('check0' => 'author_in_group', 'function' => 'in_array({GROUP_ID}, {CHECK0})')), - + CHECK_MESSAGE => array( RULE_IS_LIKE => array('check0' => 'message_text', 'function' => 'preg_match("/" . preg_quote({STRING}, "/") . "/i", {CHECK0})'), RULE_IS_NOT_LIKE => array('check0' => 'message_text', 'function' => '!(preg_match("/" . preg_quote({STRING}, "/") . "/i", {CHECK0}))'), RULE_IS => array('check0' => 'message_text', 'function' => '{CHECK0} == {STRING}'), RULE_IS_NOT => array('check0' => 'message_text', 'function' => '{CHECK0} != {STRING}')), - + CHECK_STATUS => array( RULE_ANSWERED => array('check0' => 'replied', 'function' => '{CHECK0} == 1'), RULE_FORWARDED => array('check0' => 'forwarded', 'function' => '{CHECK0} == 1')), - + CHECK_TO => array( RULE_TO_GROUP => array('check0' => 'to', 'check1' => 'bcc', 'check2' => 'user_in_group', 'function' => 'in_array("g_" . {CHECK2}, {CHECK0}) || in_array("g_" . {CHECK2}, {CHECK1})'), RULE_TO_ME => array('check0' => 'to', 'check1' => 'bcc', 'function' => 'in_array("u_" . $user_id, {CHECK0}) || in_array("u_" . $user_id, {CHECK1})')) ); -// This is for defining which condition fields to show for which Rule +/** +* This is for defining which condition fields to show for which Rule +*/ $global_rule_conditions = array( RULE_IS_LIKE => 'text', RULE_IS_NOT_LIKE => 'text', @@ -105,7 +111,7 @@ $global_rule_conditions = array( function get_folder($user_id, $folder_id = false) { global $db, $user, $template; - global $phpbb_root_path, $phpEx, $SID; + global $phpbb_root_path, $phpEx; $folder = array(); @@ -143,23 +149,40 @@ function get_folder($user_id, $folder_id = false) // Adjust unread status for outbox $num_unread[PRIVMSGS_OUTBOX] = $num_messages[PRIVMSGS_OUTBOX]; - - $folder[PRIVMSGS_INBOX] = array('folder_name' => $user->lang['PM_INBOX'], 'num_messages' => $num_messages[PRIVMSGS_INBOX], 'unread_messages' => $num_unread[PRIVMSGS_INBOX]); + + $folder[PRIVMSGS_INBOX] = array( + 'folder_name' => $user->lang['PM_INBOX'], + 'num_messages' => $num_messages[PRIVMSGS_INBOX], + 'unread_messages' => $num_unread[PRIVMSGS_INBOX] + ); // Custom Folder $sql = 'SELECT folder_id, folder_name, pm_count FROM ' . PRIVMSGS_FOLDER_TABLE . " WHERE user_id = $user_id"; $result = $db->sql_query($sql); - + while ($row = $db->sql_fetchrow($result)) { - $folder[$row['folder_id']] = array('folder_name' => $row['folder_name'], 'num_messages' => $row['pm_count'], 'unread_messages' => ((isset($num_unread[$row['folder_id']])) ? $num_unread[$row['folder_id']] : 0)); + $folder[$row['folder_id']] = array( + 'folder_name' => $row['folder_name'], + 'num_messages' => $row['pm_count'], + 'unread_messages' => ((isset($num_unread[$row['folder_id']])) ? $num_unread[$row['folder_id']] : 0) + ); } $db->sql_freeresult($result); - $folder[PRIVMSGS_OUTBOX] = array('folder_name' => $user->lang['PM_OUTBOX'], 'num_messages' => $num_messages[PRIVMSGS_OUTBOX], 'unread_messages' => $num_unread[PRIVMSGS_OUTBOX]); - $folder[PRIVMSGS_SENTBOX] = array('folder_name' => $user->lang['PM_SENTBOX'], 'num_messages' => $num_messages[PRIVMSGS_SENTBOX], 'unread_messages' => $num_unread[PRIVMSGS_SENTBOX]); + $folder[PRIVMSGS_OUTBOX] = array( + 'folder_name' => $user->lang['PM_OUTBOX'], + 'num_messages' => $num_messages[PRIVMSGS_OUTBOX], + 'unread_messages' => $num_unread[PRIVMSGS_OUTBOX] + ); + + $folder[PRIVMSGS_SENTBOX] = array( + 'folder_name' => $user->lang['PM_SENTBOX'], + 'num_messages' => $num_messages[PRIVMSGS_SENTBOX], + 'unread_messages' => $num_unread[PRIVMSGS_SENTBOX] + ); // Define Folder Array for template designers (and for making custom folders usable by the template too) foreach ($folder as $f_id => $folder_ary) @@ -172,7 +195,7 @@ function get_folder($user_id, $folder_id = false) 'NUM_MESSAGES' => $folder_ary['num_messages'], 'UNREAD_MESSAGES' => $folder_ary['unread_messages'], - 'U_FOLDER' => ($f_id > 0) ? "{$phpbb_root_path}ucp.$phpEx$SID&i=pm&folder={$f_id}" : "{$phpbb_root_path}ucp.$phpEx$SID&i=pm&folder={$folder_id_name}", + 'U_FOLDER' => ($f_id > 0) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&folder=' . $f_id) : append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&folder=' . $folder_id_name), 'S_CUR_FOLDER' => ($f_id === $folder_id) ? true : false, 'S_UNREAD_MESSAGES' => ($folder_ary['unread_messages']) ? true : false, @@ -184,13 +207,14 @@ function get_folder($user_id, $folder_id = false) } /** -* Delete Messages From Sentbox - we are doing this here because this saves us a bunch of checks and queries +* Delete Messages From Sentbox +* we are doing this here because this saves us a bunch of checks and queries */ function clean_sentbox($num_sentbox_messages) { global $db, $user, $config; - // Check Message Limit - + // Check Message Limit if ($user->data['message_limit'] && $num_sentbox_messages > $user->data['message_limit']) { // Delete old messages @@ -236,7 +260,7 @@ function check_rule(&$rules, &$rule_row, &$message_row, $user_id) // Eval Statement $result = false; eval('$result = (' . $evaluate . ') ? true : false;'); - + if (!$result) { return false; @@ -284,7 +308,6 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false) FROM ' . PRIVMSGS_RULES_TABLE . " WHERE user_id = $user_id"; $result = $db->sql_query($sql); - $user_rules = $db->sql_fetchrowset($result); $db->sql_freeresult($result); @@ -313,7 +336,7 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false) } // Get those messages not yet placed into any box - // NOTE: Expand Group Information to all groups the user/author is in? + // @todo question: expand group information to all groups the user/author is in on private message folder?? (user_in_group) $sql = 'SELECT t.*, p.*, u.username, u.group_id as author_in_group FROM ' . PRIVMSGS_TO_TABLE . ' t, ' . PRIVMSGS_TABLE . ' p, ' . USERS_TABLE . " u WHERE t.user_id = $user_id @@ -373,7 +396,7 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false) $_folder_id = (int) $rule_ary['folder_id']; $move_into_folder[$_folder_id][] = $msg_id; $num_new++; - break; + break; case ACTION_MARK_AS_READ: if ($rule_ary['unread']) @@ -381,11 +404,11 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false) $unread_ids[] = $msg_id; } $move_into_folder[PRIVMSGS_INBOX][] = $msg_id; - break; + break; case ACTION_DELETE_MESSAGE: $delete_ids[] = $msg_id; - break; + break; case ACTION_MARK_AS_IMPORTANT: if (!$rule_ary['important']) @@ -393,9 +416,7 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false) $important_ids[] = $msg_id; } $move_into_folder[PRIVMSGS_INBOX][] = $msg_id; - break; - - default: + break; } } } @@ -585,7 +606,7 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false) function move_pm($user_id, $message_limit, $move_msg_ids, $dest_folder, $cur_folder_id) { global $db, $user; - global $phpbb_root_path, $phpEx, $SID; + global $phpbb_root_path, $phpEx; $num_moved = 0; @@ -605,17 +626,18 @@ function move_pm($user_id, $message_limit, $move_msg_ids, $dest_folder, $cur_fol WHERE folder_id = $dest_folder AND user_id = $user_id"; $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); - if (!($row = $db->sql_fetchrow($result))) + if (!$row) { trigger_error('NOT_AUTHORIZED'); } - $db->sql_freeresult($result); if ($row['pm_count'] + sizeof($move_msg_ids) > $message_limit) { $message = sprintf($user->lang['NOT_ENOUGH_SPACE_FOLDER'], $row['folder_name']) . '<br /><br />'; - $message .= sprintf($user->lang['CLICK_RETURN_FOLDER'], "<a href=\"{$phpbb_root_path}ucp.$phpEx$SID&i=pm&folder={$row['folder_id']}\">", '</a>', $row['folder_name']); + $message .= sprintf($user->lang['CLICK_RETURN_FOLDER'], '<a href="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&folder=' . $row['folder_id']) . '">', '</a>', $row['folder_name']); trigger_error($message); } } @@ -632,7 +654,7 @@ function move_pm($user_id, $message_limit, $move_msg_ids, $dest_folder, $cur_fol if ($num_messages + sizeof($move_msg_ids) > $message_limit) { $message = sprintf($user->lang['NOT_ENOUGH_SPACE_FOLDER'], $user->lang['PM_INBOX']) . '<br /><br />'; - $message .= sprintf($user->lang['CLICK_RETURN_FOLDER'], "<a href=\"{$phpbb_root_path}ucp.$phpEx$SID&i=pm&folder=inbox\">", '</a>', $user->lang['PM_INBOX']); + $message .= sprintf($user->lang['CLICK_RETURN_FOLDER'], '<a href="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&folder=inbox') . '">', '</a>', $user->lang['PM_INBOX']); trigger_error($message); } } @@ -701,7 +723,7 @@ function update_unread_status($unread, $msg_id, $user_id, $folder_id) */ function handle_mark_actions($user_id, $mark_action) { - global $db, $user, $_POST, $phpbb_root_path, $SID, $phpEx; + global $db, $user, $_POST, $phpbb_root_path, $phpEx; $msg_ids = (isset($_POST['marked_msg_id'])) ? array_map('intval', $_POST['marked_msg_id']) : array(); $cur_folder_id = request_var('cur_folder_id', PRIVMSGS_NO_BOX); @@ -732,7 +754,7 @@ function handle_mark_actions($user_id, $mark_action) delete_pm($user_id, $msg_ids, $cur_folder_id); $success_msg = (sizeof($msg_ids) == 1) ? 'MESSAGE_DELETED' : 'MESSAGES_DELETED'; - $redirect = "{$phpbb_root_path}ucp.$phpEx$SID&i=pm&folder=$cur_folder_id"; + $redirect = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&folder=' . $cur_folder_id); meta_refresh(3, $redirect); trigger_error($user->lang[$success_msg] . '<br /><br />' . sprintf($user->lang['RETURN_FOLDER'], '<a href="' . $redirect . '">', '</a>')); @@ -865,7 +887,7 @@ function delete_pm($user_id, $msg_ids, $folder_id) $set_sql .= ($set_sql != '') ? ', ' : ''; $set_sql .= 'user_new_privmsg = user_new_privmsg - ' . $num_new; } - + $db->sql_query('UPDATE ' . USERS_TABLE . " SET $set_sql WHERE user_id = $user_id"); } @@ -912,7 +934,7 @@ function rebuild_header($check_ary) { ${$type}[] = (int) $match[2][$id]; } - + $_types = array('u', 'g'); foreach ($_types as $type) { @@ -930,14 +952,14 @@ function rebuild_header($check_ary) } /** -* Print out/Assign recipient informations +* Print out/assign recipient informations */ function write_pm_addresses($check_ary, $author_id, $plaintext = false) { - global $db, $user, $template, $phpbb_root_path, $SID, $phpEx; + global $db, $user, $template, $phpbb_root_path, $phpEx; $addresses = array(); - + foreach ($check_ary as $check_type => $address_field) { if (!is_array($address_field)) @@ -1020,7 +1042,7 @@ function write_pm_addresses($check_ary, $author_id, $plaintext = false) $address['group'][$row['group_id']] = array('name' => $row['group_name'], 'colour' => $row['group_colour']); } } - + if (isset($address['user'][$row['user_id']])) { $address['user'][$row['user_id']]['in_group'] = $row['group_id']; @@ -1044,7 +1066,7 @@ function write_pm_addresses($check_ary, $author_id, $plaintext = false) 'IS_USER' => ($type == 'user'), 'COLOUR' => ($row['colour']) ? $row['colour'] : '', 'UG_ID' => $id, - 'U_VIEW' => ($type == 'user') ? "{$phpbb_root_path}memberlist.$phpEx$SID&mode=viewprofile&u=" . $id : "{$phpbb_root_path}memberlist.$phpEx$SID&mode=group&g=" . $id, + 'U_VIEW' => ($type == 'user') ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $id) : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=group&g=' . $id), 'TYPE' => $type) ); } @@ -1072,17 +1094,16 @@ function get_folder_status($folder_id, $folder) { return false; } - $return = array(); $return = array( 'folder_name' => $folder['folder_name'], 'cur' => $folder['num_messages'], 'remaining' => $user->data['message_limit'] - $folder['num_messages'], 'max' => $user->data['message_limit'], - 'percent' => ($user->data['message_limit'] > 0) ? round(($folder['num_messages'] / $user->data['message_limit']) * 100) : 100 - ); + 'percent' => ($user->data['message_limit'] > 0) ? round(($folder['num_messages'] / $user->data['message_limit']) * 100) : 100, - $return['message'] = sprintf($user->lang['FOLDER_STATUS_MSG'], $return['percent'], $return['cur'], $return['max']); + 'message' => sprintf($user->lang['FOLDER_STATUS_MSG'], $return['percent'], $return['cur'], $return['max']), + ); return $return; } @@ -1096,9 +1117,9 @@ function get_folder_status($folder_id, $folder) */ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = true) { - global $db, $auth, $config, $phpEx, $SID, $template, $user; + global $db, $auth, $config, $phpEx, $template, $user; - // We do not handle erasing posts here + // We do not handle erasing pms here if ($mode == 'delete') { return false; @@ -1165,7 +1186,7 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr } $sql = ''; - + switch ($mode) { case 'reply': @@ -1178,6 +1199,8 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr WHERE user_id = ' . $data['from_user_id'] . ' AND msg_id = ' . $data['reply_from_msg_id']; + // no break + case 'forward': case 'post': case 'quotepost': @@ -1185,14 +1208,14 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr 'root_level' => $root_level, 'author_id' => $data['from_user_id'], 'icon_id' => $data['icon_id'], - 'author_ip' => $data['from_user_ip'], + 'author_ip' => $data['from_user_ip'], 'message_time' => $current_time, - 'enable_bbcode' => $data['enable_bbcode'], - 'enable_smilies' => $data['enable_smilies'], - 'enable_magic_url' => $data['enable_urls'], - 'enable_sig' => $data['enable_sig'], + 'enable_bbcode' => $data['enable_bbcode'], + 'enable_smilies' => $data['enable_smilies'], + 'enable_magic_url' => $data['enable_urls'], + 'enable_sig' => $data['enable_sig'], 'message_subject' => $subject, - 'message_text' => $data['message'], + 'message_text' => $data['message'], 'message_encoding' => $user->lang['ENCODING'], 'message_attachment'=> (isset($data['filename_data']['physical_filename']) && sizeof($data['filename_data'])) ? 1 : 0, 'bbcode_bitfield' => $data['bbcode_bitfield'], @@ -1200,24 +1223,24 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr 'to_address' => implode(':', $to), 'bcc_address' => implode(':', $bcc) ); - break; + break; case 'edit': $sql_data = array( 'icon_id' => $data['icon_id'], 'message_edit_time' => $current_time, - 'enable_bbcode' => $data['enable_bbcode'], - 'enable_smilies' => $data['enable_smilies'], - 'enable_magic_url' => $data['enable_urls'], - 'enable_sig' => $data['enable_sig'], + 'enable_bbcode' => $data['enable_bbcode'], + 'enable_smilies' => $data['enable_smilies'], + 'enable_magic_url' => $data['enable_urls'], + 'enable_sig' => $data['enable_sig'], 'message_subject' => $subject, - 'message_text' => $data['message'], + 'message_text' => $data['message'], 'message_encoding' => $user->lang['ENCODING'], 'message_attachment'=> (isset($data['filename_data']['physical_filename']) && sizeof($data['filename_data'])) ? 1 : 0, 'bbcode_bitfield' => $data['bbcode_bitfield'], 'bbcode_uid' => $data['bbcode_uid'] ); - break; + break; } if (sizeof($sql_data)) @@ -1235,11 +1258,11 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr $db->sql_query($sql); } } - + if ($mode != 'edit') { - $db->sql_transaction(); - + $db->sql_transaction('begin'); + if ($sql) { $db->sql_query($sql); @@ -1310,7 +1333,7 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr $db->sql_query($sql); } - $db->sql_transaction(); + $db->sql_transaction('begin'); // Submit Attachments if (!empty($data['attachment_data']) && $data['msg_id'] && in_array($mode, array('post', 'reply', 'quote', 'quotepost', 'edit', 'forward'))) @@ -1353,7 +1376,7 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr $files_added++; } } - + if (sizeof($data['attachment_data'])) { $sql = 'UPDATE ' . PRIVMSGS_TABLE . ' @@ -1398,7 +1421,7 @@ function pm_notification($mode, $author, $recipients, $subject, $message) global $db, $user, $config, $phpbb_root_path, $phpEx, $auth; $subject = censor_text($subject); - + // Get banned User ID's $sql = 'SELECT ban_userid FROM ' . BANLIST_TABLE; @@ -1442,13 +1465,13 @@ function pm_notification($mode, $author, $recipients, $subject, $message) } } $db->sql_freeresult($result); - + if (!sizeof($msg_list_ary)) { return; } - include_once($phpbb_root_path . 'includes/functions_messenger.'.$phpEx); + include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); $messenger = new messenger(); $email_sig = str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']); diff --git a/phpBB/includes/functions_template.php b/phpBB/includes/functions_template.php index a497f0a94a..6416eebda1 100644 --- a/phpBB/includes/functions_template.php +++ b/phpBB/includes/functions_template.php @@ -20,10 +20,8 @@ if (!defined('IN_PHPBB')) * * Extension of template class - Functions needed for compiling templates only. * -* psoTFX - Completion of file caching, decompilation routines and implementation of -* conditionals/keywords and associated changes -* -* phpBB Development Team - further additions and fixes +* psoTFX, phpBB Development Team - Completion of file caching, decompilation +* routines and implementation of conditionals/keywords and associated changes * * The interface was inspired by PHPLib templates, and the template file (formats are * quite similar) @@ -106,7 +104,7 @@ class template_compile preg_match_all('#<!-- ([^<].*?) (.*?)?[ ]?-->#', $code, $blocks); $text_blocks = preg_split('#<!-- ([^<].*?) (.*?)?[ ]?-->#', $code); - + for ($i = 0, $j = sizeof($text_blocks); $i < $j; $i++) { $this->compile_var_tags($text_blocks[$i]); @@ -168,11 +166,11 @@ class template_compile break; case 'INCLUDEPHP': - $compile_blocks[] = ($config['tpl_php']) ? '<?php ' . $this->compile_tag_include_php(array_shift($includephp_blocks)) . ' ?>' : ''; + $compile_blocks[] = ($config['tpl_allow_php']) ? '<?php ' . $this->compile_tag_include_php(array_shift($includephp_blocks)) . ' ?>' : ''; break; case 'PHP': - $compile_blocks[] = ($config['tpl_php']) ? '<?php ' . array_shift($php_blocks) . ' ?>' : ''; + $compile_blocks[] = ($config['tpl_allow_php']) ? '<?php ' . array_shift($php_blocks) . ' ?>' : ''; break; default: @@ -221,11 +219,17 @@ class template_compile // This will handle the remaining root-level varrefs // transform vars prefixed by L_ into their language variable pendant if nothing is set within the tpldata array - $text_blocks = preg_replace('#\{L_([a-z0-9\-_]*)\}#is', "<?php echo ((isset(\$this->_tpldata['.'][0]['L_\\1'])) ? \$this->_tpldata['.'][0]['L_\\1'] : ((isset(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '{ ' . ucfirst(strtolower(str_replace('_', ' ', '\\1'))) . ' }')); ?>", $text_blocks); + if (strpos($text_blocks, '{L_') !== false) + { + $text_blocks = preg_replace('#\{L_([a-z0-9\-_]*)\}#is', "<?php echo ((isset(\$this->_tpldata['.'][0]['L_\\1'])) ? \$this->_tpldata['.'][0]['L_\\1'] : ((isset(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '{ ' . ucfirst(strtolower(str_replace('_', ' ', '\\1'))) . ' }')); ?>", $text_blocks); + } // Handle addslashed language variables prefixed with LA_ // If a template variable already exist, it will be used in favor of it... - $text_blocks = preg_replace('#\{LA_([a-z0-9\-_]*)\}#is', "<?php echo ((isset(\$this->_tpldata['.'][0]['LA_\\1'])) ? \$this->_tpldata['.'][0]['LA_\\1'] : ((isset(\$this->_tpldata['.'][0]['L_\\1'])) ? addslashes(\$this->_tpldata['.'][0]['L_\\1']) : ((isset(\$user->lang['\\1'])) ? addslashes(\$user->lang['\\1']) : '{ ' . ucfirst(strtolower(str_replace('_', ' ', '\\1'))) . ' }'))); ?>", $text_blocks); + if (strpos($text_blocks, '{LA_') !== false) + { + $text_blocks = preg_replace('#\{LA_([a-z0-9\-_]*)\}#is', "<?php echo ((isset(\$this->_tpldata['.'][0]['LA_\\1'])) ? \$this->_tpldata['.'][0]['LA_\\1'] : ((isset(\$this->_tpldata['.'][0]['L_\\1'])) ? addslashes(\$this->_tpldata['.'][0]['L_\\1']) : ((isset(\$user->lang['\\1'])) ? addslashes(\$user->lang['\\1']) : '{ ' . ucfirst(strtolower(str_replace('_', ' ', '\\1'))) . ' }'))); ?>", $text_blocks); + } // Handle remaining varrefs $text_blocks = preg_replace('#\{([a-z0-9\-_]*)\}#is', "<?php echo (isset(\$this->_tpldata['.'][0]['\\1'])) ? \$this->_tpldata['.'][0]['\\1'] : ''; ?>", $text_blocks); @@ -258,7 +262,7 @@ class template_compile if (preg_match('#^([^()]*)\(([\-\d]+)(?:,([\-\d]+))?\)$#', $tag_args, $match)) { $tag_args = $match[1]; - + if ($match[2] < 0) { $loop_start = '($_' . $tag_args . '_count ' . $match[2] . ' < 0 ? 0 : $_' . $tag_args . '_count ' . $match[2] . ')'; @@ -333,10 +337,10 @@ class template_compile { // Tokenize args for 'if' tag. preg_match_all('/(?: - "[^"\\\\]*(?:\\\\.[^"\\\\]*)*" | - \'[^\'\\\\]*(?:\\\\.[^\'\\\\]*)*\' | - [(),] | - [^\s(),]+)/x', $tag_args, $match); + "[^"\\\\]*(?:\\\\.[^"\\\\]*)*" | + \'[^\'\\\\]*(?:\\\\.[^\'\\\\]*)*\' | + [(),] | + [^\s(),]+)/x', $tag_args, $match); $tokens = $match[0]; $is_arg_stack = array(); @@ -491,11 +495,11 @@ class template_compile case 'false': $match[4] = strtoupper($match[4]); break; - + case '.': $match[4] = doubleval($match[4]); break; - + default: $match[4] = intval($match[4]); break; @@ -579,9 +583,6 @@ class template_compile $expr = "!($is_arg % $expr_arg)"; } break; - - default: - break; } if ($negate_expr) diff --git a/phpBB/includes/functions_transfer.php b/phpBB/includes/functions_transfer.php index 1cc0c48406..401eb01f46 100644 --- a/phpBB/includes/functions_transfer.php +++ b/phpBB/includes/functions_transfer.php @@ -47,7 +47,7 @@ class transfer { global $phpbb_root_path; - $destination_file = $this->root_path . '/' . str_replace($phpbb_root_path, '', $destination_file); + $destination_file = $this->root_path . str_replace($phpbb_root_path, '', $destination_file); // need to create a temp file and then move that temp file. // ftp functions can only move files around and can't create. @@ -121,7 +121,7 @@ class transfer $this->_chmod($dir[$i], $this->dir_perms); } - $this->_chdir($this->root_path . '/' . $dirs . $dir[$i]); + $this->_chdir($this->root_path . $dirs . $dir[$i]); $dirs .= $cur_dir; } @@ -141,7 +141,7 @@ class transfer global $phpbb_root_path; $from_loc = ((strpos($from_loc, $phpbb_root_path) !== 0) ? $phpbb_root_path : '') . $from_loc; - $to_loc = $this->root_path . '/' . str_replace($phpbb_root_path, '', $to_loc); + $to_loc = $this->root_path . str_replace($phpbb_root_path, '', $to_loc); if (!file_exists($from_loc)) { @@ -160,7 +160,7 @@ class transfer { global $phpbb_root_path; - $file = $this->root_path . '/' . str_replace($phpbb_root_path, '', $file); + $file = $this->root_path . str_replace($phpbb_root_path, '', $file); return $this->_delete($file); } @@ -173,7 +173,7 @@ class transfer { global $phpbb_root_path; - $dir = $this->root_path . '/' . str_replace($phpbb_root_path, '', $dir); + $dir = $this->root_path . str_replace($phpbb_root_path, '', $dir); return $this->_rmdir($dir); } @@ -185,7 +185,7 @@ class transfer { global $phpbb_root_path; - $old_handle = $this->root_path . '/' . str_replace($phpbb_root_path, '', $old_handle); + $old_handle = $this->root_path . str_replace($phpbb_root_path, '', $old_handle); return $this->_rename($old_handle, $new_handle); } @@ -245,9 +245,9 @@ class ftp extends transfer $this->password = $password; $this->timeout = $timeout; - // Make sure $this->root_path is layed out the same way as the $user->page['root_script_path'] value (prefixed with / and no / at the end) + // Make sure $this->root_path is layed out the same way as the $user->page['root_script_path'] value (/ at the end) $this->root_path = str_replace('\\', '/', $this->root_path); - $this->root_path = (($root_path{0} != '/' ) ? '/' : '') . ((substr($root_path, -1, 1) == '/') ? substr($root_path, 0, -1) : $root_path); + $this->root_path = (($root_path{0} != '/' ) ? '/' : '') . ((substr($root_path, -1, 1) == '/') ? '' : '/') . $root_path; // Init some needed values transfer::transfer(); @@ -447,7 +447,7 @@ class ftp_fsock extends transfer // Make sure $this->root_path is layed out the same way as the $user->page['root_script_path'] value (prefixed with / and no / at the end) $this->root_path = str_replace('\\', '/', $this->root_path); - $this->root_path = (($root_path{0} != '/' ) ? '/' : '') . ((substr($root_path, -1, 1) == '/') ? substr($root_path, 0, -1) : $root_path); + $this->root_path = (($root_path{0} != '/' ) ? '/' : '') . ((substr($root_path, -1, 1) == '/') ? '' : '/') . $root_path; // Init some needed values transfer::transfer(); diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index fe311061fd..4c3fbcb956 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -46,6 +46,7 @@ function user_get_id_name(&$user_id_ary, &$username_ary) if (!($row = $db->sql_fetchrow($result))) { + $db->sql_freeresult($result); return 'NO_USERS'; } @@ -63,6 +64,9 @@ function user_get_id_name(&$user_id_ary, &$username_ary) /** * Updates a username across all relevant tables/fields +* +* @param string $old_name the old/current username +* @param string $new_name the new username */ function user_update_name($old_name, $new_name) { @@ -99,7 +103,7 @@ function user_delete($mode, $user_id, $post_username = false) { global $config, $db, $user, $auth; - $db->sql_transaction(); + $db->sql_transaction('begin'); switch ($mode) { @@ -130,7 +134,7 @@ function user_delete($mode, $user_id, $post_username = false) if (!function_exists('delete_posts')) { global $phpbb_root_path, $phpEx; - include_once($phpbb_root_path . 'includes/functions_admin.'.$phpEx); + include_once($phpbb_root_path . 'includes/functions_admin.' . $phpEx); } $sql = 'SELECT topic_id, COUNT(post_id) AS total_posts @@ -174,7 +178,7 @@ function user_delete($mode, $user_id, $post_username = false) // Delete posts, attachments, etc. delete_posts('poster_id', $user_id); - break; + break; } $table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE); @@ -295,16 +299,16 @@ function user_active_flip($user_id, $user_type, $user_actkey = false, $username } /** - * Add a ban or ban exclusion to the banlist. Bans either a user, an IP or an email address - * - * @param string $mode Type of ban. One of the following: user, ip, email - * @param mixed $ban Banned entity. Either string or array with usernames, ips or email addresses - * @param int $ban_len Ban length in minutes - * @param string $ban_len_other Ban length as a date (YYYY-MM-DD) - * @param boolean $ban_exclude Exclude these entities from banning? - * @param string $ban_reason String describing the reason for this ban - * @return boolean - */ +* Add a ban or ban exclusion to the banlist. Bans either a user, an IP or an email address +* +* @param string $mode Type of ban. One of the following: user, ip, email +* @param mixed $ban Banned entity. Either string or array with usernames, ips or email addresses +* @param int $ban_len Ban length in minutes +* @param string $ban_len_other Ban length as a date (YYYY-MM-DD) +* @param boolean $ban_exclude Exclude these entities from banning? +* @param string $ban_reason String describing the reason for this ban +* @return boolean +*/ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reason, $ban_give_reason = '') { global $db, $user, $auth; @@ -538,7 +542,6 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas // We have some entities to ban if (sizeof($banlist_ary)) { - $sql = ''; $sql_ary = array(); foreach ($banlist_ary as $ban_entry) @@ -605,7 +608,6 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas $result = $db->sql_query($sql); $sql_in = array(); - $sql = ''; if ($row = $db->sql_fetchrow($result)) { @@ -656,7 +658,7 @@ function user_unban($mode, $ban) { $ban = array($ban); } - + $unban_sql = implode(', ', array_map('intval', $ban)); if ($unban_sql) @@ -748,8 +750,7 @@ function user_ipwhois($ip) } /** -* Data validation ... used primarily but not exclusively by -* ucp modules +* Data validation ... used primarily but not exclusively by ucp modules * * "Master" function for validating a range of data types */ @@ -837,6 +838,7 @@ function validate_match($string, $optional = false, $match) { return 'WRONG_DATA'; } + return false; } @@ -863,23 +865,25 @@ function validate_username($username) FROM ' . USERS_TABLE . " WHERE LOWER(username) = '" . strtolower($db->sql_escape($username)) . "'"; $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); - if ($row = $db->sql_fetchrow($result)) + if ($row) { return 'USERNAME_TAKEN'; } - $db->sql_freeresult($result); $sql = 'SELECT group_name FROM ' . GROUPS_TABLE . " WHERE LOWER(group_name) = '" . strtolower($db->sql_escape($username)) . "'"; $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); - if ($row = $db->sql_fetchrow($result)) + if ($row) { return 'USERNAME_TAKEN'; } - $db->sql_freeresult($result); $sql = 'SELECT disallow_username FROM ' . DISALLOW_TABLE; @@ -889,6 +893,7 @@ function validate_username($username) { if (preg_match('#^' . str_replace('%', '.*?', preg_quote($row['disallow_username'], '$#')) . '#i', $username)) { + $db->sql_freeresult($result); return 'USERNAME_DISALLOWED'; } } @@ -902,6 +907,7 @@ function validate_username($username) { if (preg_match('#(' . str_replace('\*', '.*?', preg_quote($row['word'], '#')) . ')#i', $username)) { + $db->sql_freeresult($result); return 'USERNAME_DISALLOWED'; } } @@ -938,12 +944,13 @@ function validate_email($email) FROM ' . USERS_TABLE . " WHERE user_email_hash = " . crc32(strtolower($email)) . strlen($email); $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); - if ($row = $db->sql_fetchrow($result)) + if ($row) { return 'EMAIL_TAKEN'; } - $db->sql_freeresult($result); } return false; @@ -1024,10 +1031,10 @@ function avatar_remote($data, &$error) */ function avatar_upload($data, &$error) { - global $phpbb_root_path, $config, $db, $user; + global $phpbb_root_path, $config, $db, $user, $phpEx; // Init upload class - include_once($phpbb_root_path . 'includes/functions_upload.php'); + include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx); $upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height']); if (!empty($_FILES['uploadfile']['name'])) @@ -1262,6 +1269,23 @@ function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow if (sizeof($sql_ary)) { + // Before we update the user attributes, we will make a list of those having now the group avatar assigned + if (in_array('user_avatar', array_keys($sql_ary))) + { + // Ok, get the original avatar data from users having an uploaded one (we need to remove these from the filesystem) + $sql = 'SELECT user_id, user_avatar + FROM ' . USERS_TABLE . ' + WHERE group_id = ' . $group_id . ' + AND user_avatar_type = ' . AVATAR_UPLOAD; + $result = $db->sql_query($sql); + + while ($row = $db->sql_fetchrow($result)) + { + avatar_delete($row['user_avatar']); + } + $db->sql_freeresult($result); + } + $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " WHERE group_id = $group_id"; $db->sql_query($sql); @@ -1358,18 +1382,14 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false, $result = $db->sql_query($sql); $add_id_ary = $update_id_ary = array(); - if ($row = $db->sql_fetchrow($result)) + while ($row = $db->sql_fetchrow($result)) { - do - { - $add_id_ary[] = $row['user_id']; + $add_id_ary[] = $row['user_id']; - if ($leader && !$row['group_leader']) - { - $update_id_ary[] = $row['user_id']; - } + if ($leader && !$row['group_leader']) + { + $update_id_ary[] = $row['user_id']; } - while ($row = $db->sql_fetchrow($result)); } $db->sql_freeresult($result); @@ -1396,7 +1416,7 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false, $sql = 'INSERT INTO ' . USER_GROUP_TABLE . " (user_id, group_id, group_leader, user_pending) VALUES " . implode(', ', preg_replace('#^([0-9]+)$#', "(\\1, $group_id, $leader, $pending)", $add_id_ary)); $db->sql_query($sql); - break; + break; default: foreach ($add_id_ary as $user_id) @@ -1405,7 +1425,7 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false, VALUES ($user_id, $group_id, $leader, $pending)"; $db->sql_query($sql); } - break; + break; } } @@ -1468,13 +1488,20 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false, $group_order_id[$row['group_name']] = $row['group_id']; $special_group_data[$row['group_id']] = array( - 'user_colour' => $row['group_colour'], - 'user_rank' => $row['group_rank'], - 'user_avatar' => $row['group_avatar'], - 'user_avatar_type' => $row['group_avatar_type'], - 'user_avatar_width' => $row['group_avatar_width'], - 'user_avatar_height'=> $row['group_avatar_height'], + 'user_colour' => $row['group_colour'], + 'user_rank' => $row['group_rank'], ); + + // Only set the group avatar if one is defined... + if ($row['group_avatar']) + { + $special_group_data[$row['group_id']] = array_merge($special_group_data[$row['group_id']], array( + 'user_avatar' => $row['group_avatar'], + 'user_avatar_type' => $row['group_avatar_type'], + 'user_avatar_width' => $row['group_avatar_width'], + 'user_avatar_height' => $row['group_avatar_height']) + ); + } } $db->sql_freeresult($result); @@ -1524,6 +1551,23 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false, { $special_group_data[$gid]['group_id'] = $gid; + // Before we update the user attributes, we will make a list of those having now the group avatar assigned + if (in_array('user_avatar', array_keys($special_group_data[$gid]))) + { + // Ok, get the original avatar data from users having an uploaded one (we need to remove these from the filesystem) + $sql = 'SELECT user_id, user_avatar + FROM ' . USERS_TABLE . ' + WHERE user_id IN (' . implode(', ', $sql_where_ary[$gid]) . ') + AND user_avatar_type = ' . AVATAR_UPLOAD; + $result = $db->sql_query($sql); + + while ($row = $db->sql_fetchrow($result)) + { + avatar_delete($row['user_avatar']); + } + $db->sql_freeresult($result); + } + $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $special_group_data[$gid]) . ' WHERE user_id IN (' . implode(', ', $sql_where_ary[$gid]) . ')'; $db->sql_query($sql); @@ -1556,7 +1600,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false, */ function group_user_attributes($action, $group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $group_attributes = false) { - global $db, $auth; + global $db, $auth, $phpbb_root_path, $phpEx, $config; // We need both username and user_id info user_get_id_name($user_id_ary, $username_ary); @@ -1566,6 +1610,11 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna return false; } + if (!$group_name) + { + $group_name = get_group_name($group_id); + } + switch ($action) { case 'demote': @@ -1580,29 +1629,75 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna break; case 'approve': + // Make sure we only approve those which are pending ;) + $sql = 'SELECT u.user_id, u.user_email, u.username, u.user_notify_type, u.user_jabber, u.user_lang + FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . ' ug + WHERE ug.group_id = ' . $group_id . ' + AND ug.user_pending = 1 + AND ug.user_id = u.user_id + AND ug.user_id IN (' . implode(', ', $user_id_ary) . ')'; + $result = $db->sql_query($sql); + + $user_id_ary = $email_users = array(); + while ($row = $db->sql_fetchrow($result)) + { + $user_id_ary[] = $row['user_id']; + $email_users[] = $row; + } + $db->sql_freeresult($result); + + if (!sizeof($user_id_ary)) + { + return false; + } + $sql = 'UPDATE ' . USER_GROUP_TABLE . " SET user_pending = 0 WHERE group_id = $group_id AND user_id IN (" . implode(', ', $user_id_ary) . ')'; $db->sql_query($sql); - $log = 'LOG_GROUP_APPROVE'; + // Send approved email to users... + include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); + $messenger = new messenger(); + + $email_sig = str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']); + + foreach ($email_users as $row) + { + $messenger->template('group_approved', $row['user_lang']); + + $messenger->replyto($config['board_email']); + $messenger->to($row['user_email'], $row['username']); + $messenger->im($row['user_jabber'], $row['username']); + + $messenger->assign_vars(array( + 'EMAIL_SIG' => $email_sig, + 'SITENAME' => $config['sitename'], + 'USERNAME' => html_entity_decode($row['username']), + 'GROUP_NAME' => html_entity_decode($group_name), + + 'U_GROUP' => generate_board_url() . "/ucp.$phpEx?i=groups&mode=membership") + ); + + $messenger->send($row['user_notify_type']); + $messenger->reset(); + } + + $messenger->save_queue(); + + $log = 'LOG_USERS_APPROVED'; break; case 'default': group_set_user_default($group_id, $user_id_ary, $group_attributes); $log = 'LOG_GROUP_DEFAULTS'; - break; + break; } // Clear permissions cache of relevant users $auth->acl_clear_prefetch($user_id_ary); - if (!$group_name) - { - $group_name = get_group_name($group_id); - } - add_log('admin', $log, $group_name, implode(', ', $username_ary)); return true; @@ -1659,6 +1754,23 @@ function group_set_user_default($group_id, $user_id_ary, $group_attributes = fal } } + // Before we update the user attributes, we will make a list of those having now the group avatar assigned + if (in_array('user_avatar', array_keys($sql_ary))) + { + // Ok, get the original avatar data from users having an uploaded one (we need to remove these from the filesystem) + $sql = 'SELECT user_id, user_avatar + FROM ' . USERS_TABLE . ' + WHERE user_id IN (' . implode(', ', $user_id_ary) . ') + AND user_avatar_type = ' . AVATAR_UPLOAD; + $result = $db->sql_query($sql); + + while ($row = $db->sql_fetchrow($result)) + { + avatar_delete($row['user_avatar']); + } + $db->sql_freeresult($result); + } + $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' WHERE user_id IN (' . implode(', ', $user_id_ary) . ')'; $db->sql_query($sql); diff --git a/phpBB/includes/mcp/mcp_ban.php b/phpBB/includes/mcp/mcp_ban.php index 7d1050f265..7435c3054e 100644 --- a/phpBB/includes/mcp/mcp_ban.php +++ b/phpBB/includes/mcp/mcp_ban.php @@ -18,7 +18,7 @@ class mcp_ban function main($id, $mode) { global $config, $db, $user, $auth, $template, $cache; - global $SID, $phpbb_root_path, $phpEx; + global $phpbb_root_path, $phpEx; include($phpbb_root_path . 'includes/functions_user.' . $phpEx); @@ -103,7 +103,7 @@ class mcp_ban 'S_USERNAME_BAN' => ($mode == 'user') ? true : false, 'U_ACTION' => $this->u_action, - 'U_FIND_USER' => $phpbb_root_path . "memberlist.$phpEx$SID&mode=searchuser&form=mcp_ban&field=ban", + 'U_FIND_USER' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=mcp_ban&field=ban'), ) ); } diff --git a/phpBB/includes/mcp/mcp_forum.php b/phpBB/includes/mcp/mcp_forum.php index 994784e2ac..659baffee0 100644 --- a/phpBB/includes/mcp/mcp_forum.php +++ b/phpBB/includes/mcp/mcp_forum.php @@ -14,9 +14,9 @@ function mcp_forum_view($id, $mode, $action, $forum_info) { global $template, $db, $user, $auth, $cache; - global $SID, $phpEx, $phpbb_root_path, $config; + global $phpEx, $phpbb_root_path, $config; - $url = "{$phpbb_root_path}mcp.$phpEx$SID" . extra_url(); + $url = append_sid("{$phpbb_root_path}mcp.$phpEx?" . extra_url()); if ($action == 'merge_select') { @@ -73,8 +73,8 @@ function mcp_forum_view($id, $mode, $action, $forum_info) 'S_CAN_SYNC' => $auth->acl_get('m_', $forum_id), 'S_CAN_APPROVE' => $auth->acl_get('m_approve', $forum_id), - 'U_VIEW_FORUM' => "{$phpbb_root_path}viewforum.$phpEx$SID&f=" . $forum_id, - 'U_VIEW_FORUM_LOGS' => ($auth->acl_gets('a_', 'm_', $forum_id)) ? "{$phpbb_root_path}mcp.$phpEx$SID&i=logs&mode=forum_logs&f=" . $forum_id : '', + 'U_VIEW_FORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id), + 'U_VIEW_FORUM_LOGS' => ($auth->acl_gets('a_', 'm_', $forum_id)) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=logs&mode=forum_logs&f=' . $forum_id) : '', 'S_MCP_ACTION' => $url . "&i=$id&action=$action&mode=$mode&start=$start" . (($action == 'merge_select') ? $selected_ids : ''), @@ -165,12 +165,12 @@ function mcp_forum_view($id, $mode, $action, $forum_info) $u_mcp_queue = ($topic_unapproved || $posts_unapproved) ? $url . '&i=queue&mode=' . (($topic_unapproved) ? 'approve_details' : 'unapproved_posts') . '&t=' . $row['topic_id'] : ''; $template->assign_block_vars('topicrow', array( - 'U_VIEW_TOPIC' => "{$phpbb_root_path}mcp.$phpEx$SID&i=$id&f=$forum_id&t={$row['topic_id']}&mode=topic_view", + 'U_VIEW_TOPIC' => append_sid("{$phpbb_root_path}mcp.$phpEx", "i=$id&f=$forum_id&t={$row['topic_id']}&mode=topic_view"), 'S_SELECT_TOPIC' => ($action == 'merge_select' && $row['topic_id'] != $topic_id) ? true : false, 'U_SELECT_TOPIC' => $url . "&i=$id&mode=topic_view&action=merge&to_topic_id=" . $row['topic_id'] . $selected_ids, 'U_MCP_QUEUE' => $u_mcp_queue, - 'U_MCP_REPORT' => "{$phpbb_root_path}mcp.$phpEx$SID&i=main&mode=topic_view&t={$row['topic_id']}&action=reports", + 'U_MCP_REPORT' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main&mode=topic_view&t=' . $row['topic_id'] . '&action=reports'), 'ATTACH_ICON_IMG' => ($auth->acl_gets('f_download', 'u_download', $row['forum_id']) && $row['topic_attachment']) ? $user->img('icon_attach', $user->lang['TOTAL_ATTACHMENTS']) : '', 'TOPIC_FOLDER_IMG' => $user->img($folder_img, $folder_alt), @@ -200,7 +200,7 @@ function mcp_forum_view($id, $mode, $action, $forum_info) */ function mcp_resync_topics($topic_ids) { - global $auth, $db, $template, $phpEx, $user, $SID, $phpbb_root_path; + global $auth, $db, $template, $phpEx, $user, $phpbb_root_path; if (!($forum_id = check_ids($topic_ids, TOPICS_TABLE, 'topic_id', 'm_'))) { diff --git a/phpBB/includes/mcp/mcp_front.php b/phpBB/includes/mcp/mcp_front.php index f227dec9a6..b9e4f083c7 100644 --- a/phpBB/includes/mcp/mcp_front.php +++ b/phpBB/includes/mcp/mcp_front.php @@ -13,10 +13,10 @@ */ function mcp_front_view($id, $mode, $action) { - global $SID, $phpEx, $phpbb_root_path, $config; + global $phpEx, $phpbb_root_path, $config; global $template, $db, $user, $auth; - $url = "{$phpbb_root_path}mcp.$phpEx$SID" . extra_url(); + $url = append_sid("{$phpbb_root_path}mcp.$phpEx?" . extra_url()); // Latest 5 unapproved $forum_list = get_forum_list('m_approve'); @@ -76,9 +76,9 @@ function mcp_front_view($id, $mode, $action) 'U_POST_DETAILS'=> $url . '&i=main&mode=post_details&p=' . $row['post_id'], 'U_MCP_FORUM' => ($row['forum_id']) ? $url . '&i=main&mode=forum_view&f=' . $row['forum_id'] : '', 'U_MCP_TOPIC' => $url . '&i=main&mode=topic_view&t=' . $row['topic_id'], - 'U_FORUM' => ($row['forum_id']) ? "{$phpbb_root_path}viewforum.$phpEx$SID&f=" . $row['forum_id'] : '', - 'U_TOPIC' => $phpbb_root_path . "{$phpbb_root_path}viewtopic.$phpEx$SID&f=" . (($row['forum_id']) ? $row['forum_id'] : $forum_id) . '&t=' . $row['topic_id'], - 'U_AUTHOR' => ($row['poster_id'] == ANONYMOUS) ? '' : "{$phpbb_root_path}memberlist.$phpEx$SID&mode=viewprofile&u=" . $row['poster_id'], + 'U_FORUM' => ($row['forum_id']) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']) : '', + 'U_TOPIC' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . (($row['forum_id']) ? $row['forum_id'] : $forum_id) . '&t=' . $row['topic_id']), + 'U_AUTHOR' => ($row['poster_id'] == ANONYMOUS) ? '' : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['poster_id']), 'FORUM_NAME' => ($row['forum_id']) ? $forum_names[$row['forum_id']] : $user->lang['GLOBAL_ANNOUNCEMENT'], 'TOPIC_TITLE' => $row['topic_title'], @@ -159,9 +159,9 @@ function mcp_front_view($id, $mode, $action) 'U_POST_DETAILS'=> $url . '&p=' . $row['post_id'] . "&i=reports&mode=report_details", 'U_MCP_FORUM' => ($row['forum_id']) ? $url . '&f=' . $row['forum_id'] . "&i=$id&mode=forum_view" : '', 'U_MCP_TOPIC' => $url . '&t=' . $row['topic_id'] . "&i=$id&mode=topic_view", - 'U_FORUM' => ($row['forum_id']) ? "{$phpbb_root_path}viewforum.$phpEx$SID&f=" . $row['forum_id'] : '', - 'U_TOPIC' => "{$phpbb_root_path}viewtopic.$phpEx$SID&f=" . $row['forum_id'] . '&t=' . $row['topic_id'], - 'U_REPORTER' => ($row['user_id'] == ANONYMOUS) ? '' : "{$phpbb_root_path}memberlist.$phpEx$SID&mode=viewprofile&u=" . $row['user_id'], + 'U_FORUM' => ($row['forum_id']) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']) : '', + 'U_TOPIC' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id'] . '&t=' . $row['topic_id']), + 'U_REPORTER' => ($row['user_id'] == ANONYMOUS) ? '' : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['user_id']), 'FORUM_NAME' => ($row['forum_id']) ? $row['forum_name'] : $user->lang['POST_GLOBAL'], 'TOPIC_TITLE' => $row['topic_title'], diff --git a/phpBB/includes/mcp/mcp_logs.php b/phpBB/includes/mcp/mcp_logs.php index 1fc90bf06d..3d4c5d10ab 100755 --- a/phpBB/includes/mcp/mcp_logs.php +++ b/phpBB/includes/mcp/mcp_logs.php @@ -26,7 +26,7 @@ class mcp_logs function main($id, $mode) { global $auth, $db, $user, $template; - global $config, $phpbb_root_path, $phpEx, $SID; + global $config, $phpbb_root_path, $phpEx; $user->add_lang('acp/common'); diff --git a/phpBB/includes/mcp/mcp_main.php b/phpBB/includes/mcp/mcp_main.php index 3f54a1edec..2e9c058bdd 100644 --- a/phpBB/includes/mcp/mcp_main.php +++ b/phpBB/includes/mcp/mcp_main.php @@ -15,8 +15,8 @@ */ class mcp_main { - var $p_master; + var $u_action; function mcp_main(&$p_master) { @@ -26,7 +26,7 @@ class mcp_main function main($id, $mode) { global $auth, $db, $user, $template, $action; - global $config, $phpbb_root_path, $phpEx, $SID; + global $config, $phpbb_root_path, $phpEx; $quickmod = ($mode == 'quickmod') ? true : false; @@ -175,14 +175,7 @@ class mcp_main mcp_post_details($id, $mode, $action); - if ($action == 'whois') - { - $this->tpl_name = 'mcp_whois'; - } - else - { - $this->tpl_name = 'mcp_post'; - } + $this->tpl_name = ($action == 'whois') ? 'mcp_whois' : 'mcp_post'; $this->page_title = 'MCP_MAIN_POST_DETAILS'; break; @@ -197,7 +190,7 @@ class mcp_main */ function lock_unlock($action, $ids) { - global $auth, $user, $db, $SID, $phpEx, $phpbb_root_path; + global $auth, $user, $db, $phpEx, $phpbb_root_path; if ($action == 'lock' || $action == 'unlock') { @@ -268,7 +261,7 @@ function lock_unlock($action, $ids) */ function change_topic_type($action, $topic_ids) { - global $auth, $user, $db, $SID, $phpEx, $phpbb_root_path; + global $auth, $user, $db, $phpEx, $phpbb_root_path; if (!($forum_id = check_ids($topic_ids, TOPICS_TABLE, 'topic_id', array('f_announce', 'f_sticky', 'm_')))) { @@ -374,7 +367,7 @@ function change_topic_type($action, $topic_ids) function mcp_move_topic($topic_ids) { global $auth, $user, $db, $template; - global $SID, $phpEx, $phpbb_root_path; + global $phpEx, $phpbb_root_path; if (!($forum_id = check_ids($topic_ids, TOPICS_TABLE, 'topic_id', 'm_move'))) { @@ -508,8 +501,8 @@ function mcp_move_topic($topic_ids) $message = $user->lang[$success_msg]; $message .= '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>'); - $message .= '<br /><br />' . sprintf($user->lang['RETURN_FORUM'], "<a href=\"{$phpbb_root_path}viewforum.$phpEx$SID&f=$forum_id\">", '</a>'); - $message .= '<br /><br />' . sprintf($user->lang['RETURN_NEW_FORUM'], "<a href=\"{$phpbb_root_path}viewforum.$phpEx$SID&f=$to_forum_id\">", '</a>'); + $message .= '<br /><br />' . sprintf($user->lang['RETURN_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", "f=$forum_id") . '">', '</a>'); + $message .= '<br /><br />' . sprintf($user->lang['RETURN_NEW_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", "f=$to_forum_id") . '">', '</a>'); trigger_error($message); } @@ -520,7 +513,7 @@ function mcp_move_topic($topic_ids) */ function mcp_delete_topic($topic_ids) { - global $auth, $user, $db, $SID, $phpEx, $phpbb_root_path; + global $auth, $user, $db, $phpEx, $phpbb_root_path; if (!($forum_id = check_ids($topic_ids, TOPICS_TABLE, 'topic_id', 'm_delete'))) { @@ -566,8 +559,9 @@ function mcp_delete_topic($topic_ids) } else { - meta_refresh(3, "viewforum.$phpEx$SID&f=$forum_id"); - trigger_error($user->lang[$success_msg] . '<br /><br />' . sprintf($user->lang['RETURN_FORUM'], '<a href="viewforum.' . $phpEx . $SID . '&f=' . $forum_id . '">', '</a>')); + $redirect_url = append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id); + meta_refresh(3, $redirect_url); + trigger_error($user->lang[$success_msg] . '<br /><br />' . sprintf($user->lang['RETURN_FORUM'], '<a href="' . $redirect_url . '">', '</a>')); } } @@ -576,7 +570,7 @@ function mcp_delete_topic($topic_ids) */ function mcp_delete_post($post_ids) { - global $auth, $user, $db, $SID, $phpEx, $phpbb_root_path; + global $auth, $user, $db, $phpEx, $phpbb_root_path; if (!($forum_id = check_ids($post_ids, POSTS_TABLE, 'post_id', 'm_delete'))) { @@ -641,9 +635,9 @@ function mcp_delete_post($post_ids) $return_link = array(); if ($affected_topics == 1 && !$deleted_topics && $topic_id) { - $return_link[] = sprintf($user->lang['RETURN_TOPIC'], "<a href=\"viewtopic.$phpEx$SID&f=$forum_id&t=$topic_id\">", '</a>'); + $return_link[] = sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&t=$topic_id") . '">', '</a>'); } - $return_link[] = sprintf($user->lang['RETURN_FORUM'], "<a href=\"viewforum.$phpEx$SID&f=$forum_id\">", '</a>'); + $return_link[] = sprintf($user->lang['RETURN_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id) . '">', '</a>'); if (sizeof($post_ids) == 1) { @@ -696,7 +690,7 @@ function mcp_delete_post($post_ids) function mcp_fork_topic($topic_ids) { global $auth, $user, $db, $template, $config; - global $SID, $phpEx, $phpbb_root_path; + global $phpEx, $phpbb_root_path; if (!($forum_id = check_ids($topic_ids, TOPICS_TABLE, 'topic_id', 'm_'))) { @@ -927,12 +921,13 @@ function mcp_fork_topic($topic_ids) } else { - meta_refresh(3, "viewforum.$phpEx$SID&f=$forum_id"); - $return_link = sprintf($user->lang['RETURN_FORUM'], '<a href="viewforum.' . $phpEx . $SID . '&f=' . $forum_id . '">', '</a>'); + $redirect_url = append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id); + meta_refresh(3, $redirect_url); + $return_link = sprintf($user->lang['RETURN_FORUM'], '<a href="' . $redirect_url . '">', '</a>'); if ($forum_id != $to_forum_id) { - $return_link .= '<br /><br />' . sprintf($user->lang['RETURN_NEW_FORUM'], '<a href="viewforum.' . $phpEx . $SID . '&f=' . $to_forum_id . '">', '</a>'); + $return_link .= '<br /><br />' . sprintf($user->lang['RETURN_NEW_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $to_forum_id) . '">', '</a>'); } trigger_error($user->lang[$success_msg] . '<br /><br />' . $return_link); diff --git a/phpBB/includes/mcp/mcp_notes.php b/phpBB/includes/mcp/mcp_notes.php index 1c65b68ae3..128a4de062 100755 --- a/phpBB/includes/mcp/mcp_notes.php +++ b/phpBB/includes/mcp/mcp_notes.php @@ -15,9 +15,9 @@ */ class mcp_notes { - var $p_master; - + var $u_action; + function mcp_main(&$p_master) { $this->p_master = &$p_master; @@ -26,7 +26,7 @@ class mcp_notes function main($id, $mode) { global $auth, $db, $user, $template; - global $config, $phpbb_root_path, $phpEx, $SID; + global $config, $phpbb_root_path, $phpEx; $action = request_var('action', array('' => '')); @@ -41,10 +41,10 @@ class mcp_notes { case 'front': $template->assign_vars(array( - 'L_TITLE' => $user->lang['MCP_NOTES'], - 'U_FIND_MEMBER' => "memberlist.$phpEx$SID&mode=searchuser&form=mcp&field=username", - 'U_POST_ACTION' => "mcp.$phpEx$SID&i=notes&mode=user_notes", - ) + 'U_FIND_MEMBER' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=mcp&field=username'), + 'U_POST_ACTION' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes'), + + 'L_TITLE' => $user->lang['MCP_NOTES']) ); $this->tpl_name = 'mcp_notes_front'; @@ -53,167 +53,171 @@ class mcp_notes case 'user_notes': $user->add_lang('acp/common'); - mcp_notes_user_view($id, $mode, $action); + $this->mcp_notes_user_view($action); $this->tpl_name = 'mcp_notes_user'; break; } } -} - -// -// Functions -// -function mcp_notes_user_view($id, $mode, $action) -{ - global $SID, $phpEx, $phpbb_root_path, $config; - global $template, $db, $user, $auth; - - $user_id = request_var('u', 0); - $username = request_var('username', '', true); - $start = request_var('start', 0); - $st = request_var('st', 0); - $sk = request_var('sk', 'b'); - $sd = request_var('sd', 'd'); - - $sql_where = ($user_id) ? "user_id = $user_id" : "username = '" . $db->sql_escape($username) . "'"; - - $sql = 'SELECT * FROM ' . USERS_TABLE . " WHERE $sql_where"; - $result = $db->sql_query($sql); - - if (!$userrow = $db->sql_fetchrow($result)) + /** + * Display user notes + */ + function mcp_notes_user_view($action) { - trigger_error($user->lang['NO_USER']); - } - $db->sql_freeresult($result); + global $phpEx, $phpbb_root_path, $config; + global $template, $db, $user, $auth; + + $user_id = request_var('u', 0); + $username = request_var('username', '', true); + $start = request_var('start', 0); + $st = request_var('st', 0); + $sk = request_var('sk', 'b'); + $sd = request_var('sd', 'd'); + + $sql_where = ($user_id) ? "user_id = $user_id" : "username = '" . $db->sql_escape($username) . "'"; + + $sql = 'SELECT * + FROM ' . USERS_TABLE . " + WHERE $sql_where"; + $result = $db->sql_query($sql); + $userrow = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + if (!$userrow) + { + trigger_error($user->lang['NO_USER']); + } - $user_id = $userrow['user_id']; + $user_id = $userrow['user_id']; - $deletemark = ($action == 'del_marked') ? true : false; - $deleteall = ($action == 'del_all') ? true : false; - $marked = request_var('marknote', array(0)); - $usernote = request_var('usernote', '', true); + $deletemark = ($action == 'del_marked') ? true : false; + $deleteall = ($action == 'del_all') ? true : false; + $marked = request_var('marknote', array(0)); + $usernote = request_var('usernote', '', true); - // Handle any actions - if (($deletemark || $deleteall) && $auth->acl_get('a_clearlogs')) - { - $where_sql = ''; - if ($deletemark && $marked) + // Handle any actions + if (($deletemark || $deleteall) && $auth->acl_get('a_clearlogs')) { - $sql_in = array(); - foreach ($marked as $mark) + $where_sql = ''; + if ($deletemark && $marked) { - $sql_in[] = $mark; + $sql_in = array(); + foreach ($marked as $mark) + { + $sql_in[] = $mark; + } + $where_sql = ' AND log_id IN (' . implode(', ', $sql_in) . ')'; + unset($sql_in); } - $where_sql = ' AND log_id IN (' . implode(', ', $sql_in) . ')'; - unset($sql_in); - } - if ($where_sql || $deleteall) - { - $sql = 'DELETE FROM ' . LOG_TABLE . ' - WHERE log_type = ' . LOG_USERS . " - AND reportee_id = $user_id - $where_sql"; - $db->sql_query($sql); - - add_log('admin', 'LOG_CLEAR_USER', $userrow['username']); - - $msg = ($deletemark) ? 'MARKED_NOTES_DELETED' : 'ALL_NOTES_DELETED'; - $redirect = "mcp.$phpEx$SID&i=$id&mode=$mode&u=$user_id"; - meta_refresh(2, $redirect); - trigger_error($user->lang[$msg] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>')); + if ($where_sql || $deleteall) + { + $sql = 'DELETE FROM ' . LOG_TABLE . ' + WHERE log_type = ' . LOG_USERS . " + AND reportee_id = $user_id + $where_sql"; + $db->sql_query($sql); + + add_log('admin', 'LOG_CLEAR_USER', $userrow['username']); + + $msg = ($deletemark) ? 'MARKED_NOTES_DELETED' : 'ALL_NOTES_DELETED'; + $redirect = $this->u_action . '&u=' . $user_id; + meta_refresh(3, $redirect); + trigger_error($user->lang[$msg] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>')); + } } - } - if ($usernote && $action == 'add_feedback') - { - add_log('admin', 'LOG_USER_FEEDBACK', $userrow['username']); - add_log('user', $user_id, 'LOG_USER_GENERAL', $usernote); + if ($usernote && $action == 'add_feedback') + { + add_log('admin', 'LOG_USER_FEEDBACK', $userrow['username']); + add_log('user', $user_id, 'LOG_USER_GENERAL', $usernote); - $redirect = "mcp.$phpEx$SID&i=$id&mode=$mode&u=$user_id"; - meta_refresh(2, $redirect); - trigger_error($user->lang['USER_FEEDBACK_ADDED'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>')); - } + $redirect = $this->u_action . '&u=' . $user_id; + meta_refresh(3, $redirect); + trigger_error($user->lang['USER_FEEDBACK_ADDED'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>')); + } - // Generate the appropriate user information for the user we are looking at - $rank_title = $rank_img = ''; -// get_user_rank($userrow['user_rank'], $userrow['user_posts'], $rank_title, $rank_img); + // Generate the appropriate user information for the user we are looking at + $rank_title = $rank_img = ''; +// get_user_rank($userrow['user_rank'], $userrow['user_posts'], $rank_title, $rank_img); - $avatar_img = ''; - if (!empty($userrow['user_avatar'])) - { - switch ($userrow['user_avatar_type']) + $avatar_img = ''; + if (!empty($userrow['user_avatar'])) { - case AVATAR_UPLOAD: - $avatar_img = $config['avatar_path'] . '/'; - break; - case AVATAR_GALLERY: - $avatar_img = $config['avatar_gallery_path'] . '/'; + switch ($userrow['user_avatar_type']) + { + case AVATAR_UPLOAD: + $avatar_img = $config['avatar_path'] . '/'; break; - } - $avatar_img .= $userrow['user_avatar']; - $avatar_img = '<img src="' . $avatar_img . '" width="' . $userrow['user_avatar_width'] . '" height="' . $userrow['user_avatar_height'] . '" border="0" alt="" />'; - } - else - { - $avatar_img = '<img src="adm/images/no_avatar.gif" alt="" />'; - } + case AVATAR_GALLERY: + $avatar_img = $config['avatar_gallery_path'] . '/'; + break; + } + $avatar_img .= $userrow['user_avatar']; - $limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); - $sort_by_text = array('a' => $user->lang['SORT_USERNAME'], 'b' => $user->lang['SORT_DATE'], 'c' => $user->lang['SORT_IP'], 'd' => $user->lang['SORT_ACTION']); - $sort_by_sql = array('a' => 'l.user_id', 'b' => 'l.log_time', 'c' => 'l.log_ip', 'd' => 'l.log_operation'); + $avatar_img = '<img src="' . $avatar_img . '" width="' . $userrow['user_avatar_width'] . '" height="' . $userrow['user_avatar_height'] . '" alt="" />'; + } + else + { + $avatar_img = '<img src="adm/images/no_avatar.gif" alt="" />'; + } - $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = ''; - gen_sort_selects($limit_days, $sort_by_text, $st, $sk, $sd, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param); + $limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']); + $sort_by_text = array('a' => $user->lang['SORT_USERNAME'], 'b' => $user->lang['SORT_DATE'], 'c' => $user->lang['SORT_IP'], 'd' => $user->lang['SORT_ACTION']); + $sort_by_sql = array('a' => 'l.user_id', 'b' => 'l.log_time', 'c' => 'l.log_ip', 'd' => 'l.log_operation'); - // Define where and sort sql for use in displaying logs - $sql_where = ($st) ? (time() - ($st * 86400)) : 0; - $sql_sort = $sort_by_sql[$sk] . ' ' . (($sd == 'd') ? 'DESC' : 'ASC'); + $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = ''; + gen_sort_selects($limit_days, $sort_by_text, $st, $sk, $sd, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param); - $log_data = array(); - $log_count = 0; - view_log('user', $log_data, $log_count, $config['posts_per_page'], $start, 0, 0, $user_id, $sql_where, $sql_sort); + // Define where and sort sql for use in displaying logs + $sql_where = ($st) ? (time() - ($st * 86400)) : 0; + $sql_sort = $sort_by_sql[$sk] . ' ' . (($sd == 'd') ? 'DESC' : 'ASC'); - if ($log_count) - { - $template->assign_var('S_USER_NOTES', true); + $log_data = array(); + $log_count = 0; + view_log('user', $log_data, $log_count, $config['posts_per_page'], $start, 0, 0, $user_id, $sql_where, $sql_sort); - foreach ($log_data as $row) + if ($log_count) { - $template->assign_block_vars('usernotes', array( - 'REPORT_BY' => $row['username'], - 'REPORT_AT' => $user->format_date($row['time']), - 'ACTION' => $row['action'], - 'ID' => $row['id']) - ); + $template->assign_var('S_USER_NOTES', true); + + foreach ($log_data as $row) + { + $template->assign_block_vars('usernotes', array( + 'REPORT_BY' => $row['username'], + 'REPORT_AT' => $user->format_date($row['time']), + 'ACTION' => $row['action'], + 'ID' => $row['id']) + ); + } } - } - $template->assign_vars(array( - 'U_POST_ACTION' => "mcp.$phpEx$SID&i=$id&mode=$mode&u=$user_id", - 'S_CLEAR_ALLOWED' => ($auth->acl_get('a_clearlogs')) ? true : false, - 'S_SELECT_SORT_DIR' => $s_sort_dir, - 'S_SELECT_SORT_KEY' => $s_sort_key, - 'S_SELECT_SORT_DAYS' => $s_limit_days, - - 'L_TITLE' => $user->lang['MCP_NOTES_USER'], - 'PAGE_NUMBER' => on_page($log_count, $config['posts_per_page'], $start), - 'PAGINATION' => generate_pagination("mcp.$phpEx$SID&i=$id&mode=$mode&u=$user_id&st=$st&sk=$sk&sd=$sd", $log_count, $config['posts_per_page'], $start), - 'TOTAL_REPORTS' => ($log_count == 1) ? $user->lang['LIST_REPORT'] : sprintf($user->lang['LIST_REPORTS'], $log_count), - - 'USERNAME' => $userrow['username'], - 'USER_COLOR' => (!empty($userrow['user_colour'])) ? $userrow['user_colour'] : '', - 'RANK_TITLE' => $rank_title, - 'JOINED' => $user->format_date($userrow['user_regdate']), - 'POSTS' => ($userrow['user_posts']) ? $userrow['user_posts'] : 0, - 'WARNINGS' => ($userrow['user_warnings']) ? $userrow['user_warnings'] : 0, - - 'AVATAR_IMG' => $avatar_img, - 'RANK_IMG' => $rank_img, - ) - ); + $template->assign_vars(array( + 'U_POST_ACTION' => $this->u_action . '&u=' . $user_id, + 'S_CLEAR_ALLOWED' => ($auth->acl_get('a_clearlogs')) ? true : false, + 'S_SELECT_SORT_DIR' => $s_sort_dir, + 'S_SELECT_SORT_KEY' => $s_sort_key, + 'S_SELECT_SORT_DAYS' => $s_limit_days, + + 'L_TITLE' => $user->lang['MCP_NOTES_USER'], + + 'PAGE_NUMBER' => on_page($log_count, $config['posts_per_page'], $start), + 'PAGINATION' => generate_pagination($this->u_action . "&u=$user_id&st=$st&sk=$sk&sd=$sd", $log_count, $config['posts_per_page'], $start), + 'TOTAL_REPORTS' => ($log_count == 1) ? $user->lang['LIST_REPORT'] : sprintf($user->lang['LIST_REPORTS'], $log_count), + + 'USERNAME' => $userrow['username'], + 'USER_COLOR' => (!empty($userrow['user_colour'])) ? $userrow['user_colour'] : '', + 'RANK_TITLE' => $rank_title, + 'JOINED' => $user->format_date($userrow['user_regdate']), + 'POSTS' => ($userrow['user_posts']) ? $userrow['user_posts'] : 0, + 'WARNINGS' => ($userrow['user_warnings']) ? $userrow['user_warnings'] : 0, + + 'AVATAR_IMG' => $avatar_img, + 'RANK_IMG' => $rank_img, + ) + ); + } } diff --git a/phpBB/includes/mcp/mcp_post.php b/phpBB/includes/mcp/mcp_post.php index 407314d494..9110695180 100644 --- a/phpBB/includes/mcp/mcp_post.php +++ b/phpBB/includes/mcp/mcp_post.php @@ -13,7 +13,7 @@ */ function mcp_post_details($id, $mode, $action) { - global $SID, $phpEx, $phpbb_root_path, $config; + global $phpEx, $phpbb_root_path, $config; global $template, $db, $user, $auth; $user->add_lang('posting'); @@ -30,7 +30,7 @@ function mcp_post_details($id, $mode, $action) } $post_info = $post_info[$post_id]; - $url = "{$phpbb_root_path}mcp.$phpEx$SID" . extra_url(); + $url = append_sid("{$phpbb_root_path}mcp.$phpEx?" . extra_url()); switch ($action) { @@ -45,7 +45,7 @@ function mcp_post_details($id, $mode, $action) $whois = preg_replace('#(\s)(http:/{2}[^\s]*)(\s)#', '\1<a href="\2" target="_blank">\2</a>\3', $whois); $template->assign_vars(array( - 'RETURN_POST' => sprintf($user->lang['RETURN_POST'], "<a href=\"{$phpbb_root_path}mcp.$phpEx$SID&i=$id&mode=$mode&p=$post_id\">", '</a>'), + 'RETURN_POST' => sprintf($user->lang['RETURN_POST'], '<a href="' . append_sid("{$phpbb_root_path}mcp.$phpEx", "i=$id&mode=$mode&p=$post_id") . '">', '</a>'), 'WHOIS' => trim($whois)) ); @@ -101,7 +101,7 @@ function mcp_post_details($id, $mode, $action) $template->assign_vars(array( 'U_MCP_ACTION' => "$url&i=main&quickmod=1", // Use this for mode paramaters 'U_POST_ACTION' => "$url&i=$id&mode=post_details", // Use this for action parameters - 'U_APPROVE_ACTION' => "{$phpbb_root_path}mcp.$phpEx$SID&i=queue&p=$post_id", + 'U_APPROVE_ACTION' => append_sid("{$phpbb_root_path}mcp.$phpEx", "i=queue&p=$post_id"), 'S_CAN_VIEWIP' => $auth->acl_get('m_info', $post_info['forum_id']), 'S_CAN_CHGPOSTER' => $auth->acl_get('m_chgposter', $post_info['forum_id']), @@ -114,14 +114,14 @@ function mcp_post_details($id, $mode, $action) 'S_USER_NOTES' => true, 'S_CLEAR_ALLOWED' => ($auth->acl_get('a_clearlogs')) ? true : false, - 'U_FIND_MEMBER' => "{$phpbb_root_path}memberlist.$phpEx$SID&mode=searchuser&form=mcp_chgposter&field=username", - 'U_VIEW_PROFILE' => "{$phpbb_root_path}memberlist.$phpEx$SID&mode=viewprofile&u=" . $post_info['user_id'], - 'U_MCP_USER_NOTES' => ($auth->acl_gets('m_', 'a_')) ? "{$phpbb_root_path}mcp.$phpEx$SID&i=notes&mode=user_notes&u=" . $post_info['user_id'] : '', - 'U_MCP_WARN_USER' => "{$phpbb_root_path}mcp.$phpEx$SID&i=warn&mode=warn_user&u=" . $post_info['user_id'], - 'U_EDIT' => ($auth->acl_get('m_edit', $post_info['forum_id'])) ? "{$phpbb_root_path}posting.$phpEx$SID&mode=edit&f={$post_info['forum_id']}&p={$post_info['post_id']}" : '', + 'U_FIND_MEMBER' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=mcp_chgposter&field=username'), + 'U_VIEW_PROFILE' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $post_info['user_id']), + 'U_MCP_USER_NOTES' => ($auth->acl_gets('m_', 'a_')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes&u=' . $post_info['user_id']) : '', + 'U_MCP_WARN_USER' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=warn&mode=warn_user&u=' . $post_info['user_id']), + 'U_EDIT' => ($auth->acl_get('m_edit', $post_info['forum_id'])) ? append_sid("{$phpbb_root_path}posting.$phpEx", "mode=edit&f={$post_info['forum_id']}&p={$post_info['post_id']}") : '', - 'RETURN_TOPIC' => sprintf($user->lang['RETURN_TOPIC'], "<a href=\"{$phpbb_root_path}viewtopic.$phpEx$SID&p=$post_id#p$post_id\">", '</a>'), - 'RETURN_FORUM' => sprintf($user->lang['RETURN_FORUM'], "<a href=\"{$phpbb_root_path}viewforum.$phpEx$SID&f={$post_info['forum_id']}&start={$start}\">", '</a>'), + 'RETURN_TOPIC' => sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", "p=$post_id") . "#p$post_id\">", '</a>'), + 'RETURN_FORUM' => sprintf($user->lang['RETURN_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", "f={$post_info['forum_id']}&start={$start}") . '">', '</a>'), 'REPORTED_IMG' => $user->img('icon_reported', $user->lang['POST_REPORTED']), 'UNAPPROVED_IMG' => $user->img('icon_unapproved', $user->lang['POST_UNAPPROVED']), 'EDIT_IMG' => $user->img('btn_edit', $user->lang['EDIT_POST']), @@ -184,7 +184,7 @@ function mcp_post_details($id, $mode, $action) 'REASON_TITLE' => $row['reason_title'], 'REASON_DESC' => $row['reason_description'], 'REPORTER' => ($row['user_id'] != ANONYMOUS) ? $row['username'] : $user->lang['GUEST'], - 'U_REPORTER' => ($row['user_id'] != ANONYMOUS) ? "{$phpbb_root_path}memberlist.$phpEx$SID&mode=viewprofile&u={$row['user_id']}" : '', + 'U_REPORTER' => ($row['user_id'] != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['user_id']) : '', 'USER_NOTIFY' => ($row['user_notify']) ? true : false, 'REPORT_TIME' => $user->format_date($row['report_time']), 'REPORT_TEXT' => str_replace("\n", '<br />', trim($row['report_text']))) @@ -249,8 +249,8 @@ function mcp_post_details($id, $mode, $action) 'NUM_POSTS' => $row['postings'], 'L_POST_S' => ($row['postings'] == 1) ? $user->lang['POST'] : $user->lang['POSTS'], - 'U_PROFILE' => ($row['user_id'] == ANONYMOUS) ? '' : "{$phpbb_root_path}memberlist.$phpEx$SID&mode=viewprofile&u=" . $row['user_id'], - 'U_SEARCHPOSTS' => "{$phpbb_root_path}search.$phpEx$SID&author=" . urlencode($row['username']) . "&sr=topics") + 'U_PROFILE' => ($row['user_id'] == ANONYMOUS) ? '' : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['user_id']), + 'U_SEARCHPOSTS' => append_sid("{$phpbb_root_path}search.$phpEx", 'author=' . urlencode($row['username']) . '&sr=topics')) ); } $db->sql_freeresult($result); @@ -290,7 +290,7 @@ function mcp_post_details($id, $mode, $action) 'L_POST_S' => ($row['postings'] == 1) ? $user->lang['POST'] : $user->lang['POSTS'], 'U_LOOKUP_IP' => ($rdns_ip_num == $row['poster_ip'] || $rdns_ip_num == 'all') ? '' : "$url&i=$id&mode=post_details&rdns={$row['poster_ip']}#ip", - 'U_WHOIS' => "{$phpbb_root_path}mcp.$phpEx$SID&i=$id&mode=$mode&action=whois&p=$post_id&ip={$row['poster_ip']}") + 'U_WHOIS' => append_sid("{$phpbb_root_path}mcp.$phpEx", "i=$id&mode=$mode&action=whois&p=$post_id&ip={$row['poster_ip']}")) ); } $db->sql_freeresult($result); diff --git a/phpBB/includes/mcp/mcp_queue.php b/phpBB/includes/mcp/mcp_queue.php index 9cdd9bcacb..f1a9b19acf 100644 --- a/phpBB/includes/mcp/mcp_queue.php +++ b/phpBB/includes/mcp/mcp_queue.php @@ -15,8 +15,8 @@ */ class mcp_queue { - var $p_master; + var $u_action; function mcp_main(&$p_master) { @@ -26,7 +26,7 @@ class mcp_queue function main($id, $mode) { global $auth, $db, $user, $template; - global $config, $phpbb_root_path, $phpEx, $SID, $action; + global $config, $phpbb_root_path, $phpEx, $action; include_once($phpbb_root_path . 'includes/functions_posting.' . $phpEx); @@ -112,19 +112,19 @@ class mcp_queue $template->assign_vars(array( 'S_MCP_QUEUE' => true, - 'S_APPROVE_ACTION' => "{$phpbb_root_path}mcp.$phpEx$SID&i=queue&p=$post_id&f=$forum_id", + 'S_APPROVE_ACTION' => append_sid("{$phpbb_root_path}mcp.$phpEx", "i=queue&p=$post_id&f=$forum_id"), 'S_CAN_VIEWIP' => $auth->acl_get('m_info', $post_info['forum_id']), 'S_POST_REPORTED' => $post_info['post_reported'], 'S_POST_UNAPPROVED' => !$post_info['post_approved'], 'S_POST_LOCKED' => $post_info['post_edit_locked'], 'S_USER_NOTES' => $auth->acl_gets('m_', 'a_') ? true : false, - 'U_VIEW_PROFILE' => ($post_info['user_id'] != ANONYMOUS) ? "{$phpbb_root_path}memberlist.$phpEx$SID&mode=viewprofile&u=" . $post_info['user_id'] : '', - 'U_MCP_USER_NOTES' => "{$phpbb_root_path}mcp.$phpEx$SID&i=notes&mode=user_notes&u=" . $post_info['user_id'], - 'U_MCP_WARN_USER' => "{$phpbb_root_path}mcp.$phpEx$SID&i=warn&mode=warn_user&u=" . $post_info['user_id'], - 'U_EDIT' => ($auth->acl_get('m_edit', $post_info['forum_id'])) ? "{$phpbb_root_path}posting.$phpEx$SID&mode=edit&f={$post_info['forum_id']}&p={$post_info['post_id']}" : '', + 'U_VIEW_PROFILE' => ($post_info['user_id'] != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $post_info['user_id']) : '', + 'U_MCP_USER_NOTES' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes&u=' . $post_info['user_id']), + 'U_MCP_WARN_USER' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=warn&mode=warn_user&u=' . $post_info['user_id']), + 'U_EDIT' => ($auth->acl_get('m_edit', $post_info['forum_id'])) ? append_sid("{$phpbb_root_path}posting.$phpEx", "mode=edit&f={$post_info['forum_id']}&p={$post_info['post_id']}") : '', - 'RETURN_QUEUE' => sprintf($user->lang['RETURN_QUEUE'], "<a href=\"{$phpbb_root_path}mcp.$phpEx$SID&i=queue" . (($topic_id) ? '&mode=unapproved_topics' : '&mode=unapproved_posts') . "&start=$start\">", '</a>'), + 'RETURN_QUEUE' => sprintf($user->lang['RETURN_QUEUE'], '<a href="' . append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue' . (($topic_id) ? '&mode=unapproved_topics' : '&mode=unapproved_posts')) . "&start=$start\">", '</a>'), 'REPORTED_IMG' => $user->img('icon_reported', $user->lang['POST_REPORTED']), 'UNAPPROVED_IMG' => $user->img('icon_unapproved', $user->lang['POST_UNAPPROVED']), 'EDIT_IMG' => $user->img('btn_edit', $user->lang['EDIT_POST']), @@ -293,12 +293,12 @@ class mcp_queue $s_checkbox = '<input type="checkbox" name="post_id_list[]" value="' . $row['post_id'] . '" />'; $template->assign_block_vars('postrow', array( - 'U_VIEWFORUM' => "{$phpbb_root_path}viewforum.$phpEx$SID&f=" . $row['forum_id'], + 'U_VIEWFORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']), // Q: Why accessing the topic by a post_id instead of its topic_id? // A: To prevent the post from being hidden because of wrong encoding or different charset - 'U_VIEWTOPIC' => "{$phpbb_root_path}viewtopic.$phpEx$SID&f=" . $row['forum_id'] . '&p=' . $row['post_id'] . (($mode == 'unapproved_posts') ? '#p' . $row['post_id'] : ''), - 'U_VIEW_DETAILS'=> "{$phpbb_root_path}mcp.$phpEx$SID&i=queue&start=$start&mode=approve_details&f={$forum_id}&p={$row['post_id']}" . (($mode == 'unapproved_topics') ? "&t={$row['topic_id']}" : '' ), - 'U_VIEWPROFILE' => ($row['poster_id'] != ANONYMOUS) ? "{$phpbb_root_path}memberlist.$phpEx$SID&mode=viewprofile&u={$row['poster_id']}" : '', + 'U_VIEWTOPIC' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id'] . '&p=' . $row['post_id']) . (($mode == 'unapproved_posts') ? '#p' . $row['post_id'] : ''), + 'U_VIEW_DETAILS'=> append_sid("{$phpbb_root_path}mcp.$phpEx", "i=queue&start=$start&mode=approve_details&f={$forum_id}&p={$row['post_id']}" . (($mode == 'unapproved_topics') ? "&t={$row['topic_id']}" : '')), + 'U_VIEWPROFILE' => ($row['poster_id'] != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['poster_id']) : '', 'FORUM_NAME' => $row['forum_name'], 'TOPIC_TITLE' => $row['topic_title'], @@ -319,7 +319,7 @@ class mcp_queue 'S_FORUM_OPTIONS' => $forum_options, 'S_MCP_ACTION' => build_url(array('t', 'f', 'sd', 'st', 'sk')), - 'PAGINATION' => generate_pagination("{$phpbb_root_path}mcp.$phpEx$SID&i=$id&mode=$mode&f=$forum_id", $total, $config['topics_per_page'], $start), + 'PAGINATION' => generate_pagination($this->u_action . "&f=$forum_id", $total, $config['topics_per_page'], $start), 'PAGE_NUMBER' => on_page($total, $config['topics_per_page'], $start), 'TOPIC_ID' => $topic_id, 'TOTAL' => $total) @@ -335,7 +335,7 @@ class mcp_queue function approve_post($post_id_list, $mode) { global $db, $template, $user, $config; - global $phpEx, $phpbb_root_path, $SID; + global $phpEx, $phpbb_root_path; if (!($forum_id = check_ids($post_id_list, POSTS_TABLE, 'post_id', 'm_approve'))) { @@ -551,7 +551,7 @@ function approve_post($post_id_list, $mode) function disapprove_post($post_id_list, $mode) { global $db, $template, $user, $config; - global $phpEx, $phpbb_root_path, $SID; + global $phpEx, $phpbb_root_path; if (!($forum_id = check_ids($post_id_list, POSTS_TABLE, 'post_id', 'm_approve'))) { diff --git a/phpBB/includes/mcp/mcp_reports.php b/phpBB/includes/mcp/mcp_reports.php index d003b9a6e2..a6725e887e 100755 --- a/phpBB/includes/mcp/mcp_reports.php +++ b/phpBB/includes/mcp/mcp_reports.php @@ -15,8 +15,8 @@ */ class mcp_reports { - var $p_master; + var $u_action; function mcp_main(&$p_master) { @@ -26,7 +26,7 @@ class mcp_reports function main($id, $mode) { global $auth, $db, $user, $template; - global $config, $phpbb_root_path, $phpEx, $SID, $action; + global $config, $phpbb_root_path, $phpEx, $action; include_once($phpbb_root_path . 'includes/functions_posting.' . $phpEx); @@ -119,24 +119,24 @@ class mcp_reports $template->assign_vars(array( 'S_MCP_REPORT' => true, - 'S_CLOSE_ACTION' => "{$phpbb_root_path}mcp.$phpEx$SID&i=reports&p=$post_id&f=$forum_id", + 'S_CLOSE_ACTION' => append_sid("{$phpbb_root_path}mcp.$phpEx", "i=reports&p=$post_id&f=$forum_id"), 'S_CAN_VIEWIP' => $auth->acl_get('m_info', $post_info['forum_id']), 'S_POST_REPORTED' => $post_info['post_reported'], 'S_POST_UNAPPROVED' => !$post_info['post_approved'], 'S_POST_LOCKED' => $post_info['post_edit_locked'], 'S_USER_NOTES' => $auth->acl_gets('m_', 'a_') ? true : false, - 'U_VIEW_PROFILE' => ($post_info['user_id'] != ANONYMOUS) ? "{$phpbb_root_path}memberlist.$phpEx$SID&mode=viewprofile&u=" . $post_info['user_id'] : '', - 'U_MCP_USER_NOTES' => "{$phpbb_root_path}mcp.$phpEx$SID&i=notes&mode=user_notes&u=" . $post_info['user_id'], - 'U_MCP_WARN_USER' => "{$phpbb_root_path}mcp.$phpEx$SID&i=warn&mode=warn_user&u=" . $post_info['user_id'], - 'U_VIEW_REPORTER_PROFILE' => "{$phpbb_root_path}memberlist.$phpEx$SID&mode=viewprofile&u=" . $report['user_id'], - 'U_MCP_REPORTER_NOTES' => "{$phpbb_root_path}mcp.$phpEx$SID&i=notes&mode=user_notes&u=" . $report['user_id'], - 'U_MCP_WARN_REPORTER' => "{$phpbb_root_path}mcp.$phpEx$SID&i=warn&mode=warn_user&u=" . $report['user_id'], - 'U_EDIT' => ($auth->acl_get('m_edit', $post_info['forum_id'])) ? "{$phpbb_root_path}posting.$phpEx$SID&mode=edit&f={$post_info['forum_id']}&p={$post_info['post_id']}" : '', + 'U_VIEW_PROFILE' => ($post_info['user_id'] != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $post_info['user_id']) : '', + 'U_MCP_USER_NOTES' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes&u=' . $post_info['user_id']), + 'U_MCP_WARN_USER' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=warn&mode=warn_user&u=' . $post_info['user_id']), + 'U_VIEW_REPORTER_PROFILE' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $report['user_id']), + 'U_MCP_REPORTER_NOTES' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes&u=' . $report['user_id']), + 'U_MCP_WARN_REPORTER' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=warn&mode=warn_user&u=' . $report['user_id']), + 'U_EDIT' => ($auth->acl_get('m_edit', $post_info['forum_id'])) ? append_sid("{$phpbb_root_path}posting.$phpEx", "mode=edit&f={$post_info['forum_id']}&p={$post_info['post_id']}") : '', 'EDIT_IMG' => $user->img('btn_edit', $user->lang['EDIT_POST']), - 'RETURN_REPORTS' => sprintf($user->lang['RETURN_REPORTS'], "<a href=\"{$phpbb_root_path}mcp.$phpEx$SID&i=reports" . (($post_info['post_reported']) ? '&mode=reports' : '&mode=reports_closed') . "&start=$start\">", '</a>'), + 'RETURN_REPORTS' => sprintf($user->lang['RETURN_REPORTS'], '<a href="' . append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports' . (($post_info['post_reported']) ? '&mode=reports' : '&mode=reports_closed') . '&start=' . $start) . '">', '</a>'), 'REPORTED_IMG' => $user->img('icon_reported', $user->lang['POST_REPORTED']), 'REPORT_REASON_TITLE' => $reason['title'], 'REPORT_REASON_DESCRIPTION' => $reason['description'], @@ -292,13 +292,13 @@ class mcp_reports $s_checkbox = '<input type="checkbox" name="post_id_list[]" value="' . $row['post_id'] . '" />'; $template->assign_block_vars('postrow', array( - 'U_VIEWFORUM' => "{$phpbb_root_path}viewforum.$phpEx$SID&f=" . $row['forum_id'], + 'U_VIEWFORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']), // Q: Why accessing the topic by a post_id instead of its topic_id? // A: To prevent the post from being hidden because of wrong encoding or different charset - 'U_VIEWTOPIC' => "{$phpbb_root_path}viewtopic.$phpEx$SID&f=" . $row['forum_id'] . '&p=' . $row['post_id'] . '#p' . $row['post_id'], - 'U_VIEW_DETAILS' => "{$phpbb_root_path}mcp.$phpEx$SID&i=reports&start=$start&mode=report_details&f={$forum_id}&p={$row['post_id']}", - 'U_VIEW_POSTER_PROFILE' => ($row['poster_id'] != ANONYMOUS) ? "{$phpbb_root_path}memberlist.$phpEx$SID&mode=viewprofile&u={$row['poster_id']}" : '', - 'U_VIEW_REPORTER_PROFILE' => ($row['reporter_id'] != ANONYMOUS) ? "{$phpbb_root_path}memberlist.$phpEx$SID&mode=viewprofile&u={$row['reporter_id']}" : '', + 'U_VIEWTOPIC' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id'] . '&p=' . $row['post_id']) . '#p' . $row['post_id'], + 'U_VIEW_DETAILS' => append_sid("{$phpbb_root_path}mcp.$phpEx", "i=reports&start=$start&mode=report_details&f={$forum_id}&p={$row['post_id']}"), + 'U_VIEW_POSTER_PROFILE' => ($row['poster_id'] != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['poster_id']) : '', + 'U_VIEW_REPORTER_PROFILE' => ($row['reporter_id'] != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['reporter_id']) : '', 'S_CHECKBOX' => $s_checkbox, @@ -324,7 +324,7 @@ class mcp_reports 'S_FORUM_OPTIONS' => $forum_options, 'S_CLOSED' => ($mode == 'reports_closed') ? true : false, - 'PAGINATION' => generate_pagination("{$phpbb_root_path}mcp.$phpEx$SID&i=$id&mode=$mode&f=$forum_id&t=$topic_id", $total, $config['topics_per_page'], $start), + 'PAGINATION' => generate_pagination($this->u_action . "&f=$forum_id&t=$topic_id", $total, $config['topics_per_page'], $start), 'PAGE_NUMBER' => on_page($total, $config['topics_per_page'], $start), 'TOPIC_ID' => $topic_id, 'TOTAL' => $total) @@ -342,7 +342,7 @@ class mcp_reports function close_report($post_id_list, $mode, $action) { global $db, $template, $user, $config; - global $phpEx, $phpbb_root_path, $SID; + global $phpEx, $phpbb_root_path; if (!($forum_id = check_ids($post_id_list, POSTS_TABLE, 'post_id', 'm_report'))) { diff --git a/phpBB/includes/mcp/mcp_topic.php b/phpBB/includes/mcp/mcp_topic.php index cf3d72303f..4b092a7bd0 100644 --- a/phpBB/includes/mcp/mcp_topic.php +++ b/phpBB/includes/mcp/mcp_topic.php @@ -13,10 +13,10 @@ */ function mcp_topic_view($id, $mode, $action) { - global $SID, $phpEx, $phpbb_root_path, $config; + global $phpEx, $phpbb_root_path, $config; global $template, $db, $user, $auth; - $url = "{$phpbb_root_path}mcp.$phpEx$SID" . extra_url(); + $url = append_sid("{$phpbb_root_path}mcp.$phpEx?" . extra_url()); $user->add_lang('viewtopic'); @@ -132,7 +132,7 @@ function mcp_topic_view($id, $mode, $action) 'POST_SUBJECT' => $post_subject, 'MESSAGE' => $message, 'POST_ID' => $row['post_id'], - 'RETURN_TOPIC' => sprintf($user->lang['RETURN_TOPIC'], "<a href=\"{$phpbb_root_path}viewtopic.$phpEx$SID&t=$topic_id\">", '</a>'), + 'RETURN_TOPIC' => sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . $topic_id) . '">', '</a>'), 'MINI_POST_IMG' => ($row['post_time'] > $user->data['user_lastvisit'] && $user->data['is_registered']) ? $user->img('icon_post_new', $user->lang['NEW_POST']) : $user->img('icon_post', $user->lang['POST']), @@ -141,8 +141,8 @@ function mcp_topic_view($id, $mode, $action) 'S_POST_UNAPPROVED' => ($row['post_approved']) ? false : true, 'U_POST_DETAILS' => "$url&i=$id&p={$row['post_id']}&mode=post_details", - 'U_MCP_APPROVE' => "{$phpbb_root_path}mcp.$phpEx$SID&i=queue&mode=unapproved_posts&action=approve&post_id_list[]=" . $row['post_id'], - 'U_MCP_REPORT' => "{$phpbb_root_path}mcp.$phpEx$SID&i=reports&mode=report_details&p=" . $row['post_id']) + 'U_MCP_APPROVE' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&mode=unapproved_posts&action=approve&post_id_list[]=' . $row['post_id']), + 'U_MCP_REPORT' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports&mode=report_details&p=' . $row['post_id'])) ); unset($rowset[$i]); @@ -179,10 +179,10 @@ function mcp_topic_view($id, $mode, $action) $template->assign_vars(array( 'TOPIC_TITLE' => $topic_info['topic_title'], - 'U_VIEWTOPIC' => "{$phpbb_root_path}viewtopic.$phpEx$SID&f=" . $topic_info['forum_id'] . '&t=' . $topic_info['topic_id'], + 'U_VIEWTOPIC' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $topic_info['forum_id'] . '&t=' . $topic_info['topic_id']), 'TO_TOPIC_ID' => $to_topic_id, - 'TO_TOPIC_INFO' => ($to_topic_id) ? sprintf($user->lang['YOU_SELECTED_TOPIC'], $to_topic_id, '<a href="' . $phpbb_root_path . "viewtopic.$phpEx$SID&f=" . $to_topic_info['forum_id'] . '&t=' . $to_topic_id . '" target="_new">' . $to_topic_info['topic_title'] . '</a>') : '', + 'TO_TOPIC_INFO' => ($to_topic_id) ? sprintf($user->lang['YOU_SELECTED_TOPIC'], $to_topic_id, '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $to_topic_info['forum_id'] . '&t=' . $to_topic_id) . '" target="_new">' . $to_topic_info['topic_title'] . '</a>') : '', 'SPLIT_SUBJECT' => $subject, 'POSTS_PER_PAGE' => $posts_per_page, @@ -205,11 +205,11 @@ function mcp_topic_view($id, $mode, $action) 'U_SELECT_TOPIC' => "$url&i=$id&mode=forum_view&action=merge_select", - 'RETURN_TOPIC' => sprintf($user->lang['RETURN_TOPIC'], "<a href=\"{$phpbb_root_path}viewtopic.$phpEx$SID&f={$topic_info['forum_id']}&t={$topic_info['topic_id']}&start=$start\">", '</a>'), - 'RETURN_FORUM' => sprintf($user->lang['RETURN_FORUM'], "<a href=\"{$phpbb_root_path}viewforum.$phpEx$SID&f={$topic_info['forum_id']}&start=$start\">", '</a>'), + 'RETURN_TOPIC' => sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f={$topic_info['forum_id']}&t={$topic_info['topic_id']}&start=$start") . '">', '</a>'), + 'RETURN_FORUM' => sprintf($user->lang['RETURN_FORUM'], '<a href="' . append_sid("{$phpbb_root_path}viewforum.$phpEx", "f={$topic_info['forum_id']}&start=$start") . '">', '</a>'), 'PAGE_NUMBER' => on_page($total, $posts_per_page, $start), - 'PAGINATION' => (!$posts_per_page) ? '' : generate_pagination("{$phpbb_root_path}mcp.$phpEx$SID&i=$id&t=" . $topic_info['topic_id'] . "&mode=$mode&action=$action&to_topic_id=$to_topic_id&posts_per_page=$posts_per_page&st=$sort_days&sk=$sort_key&sd=$sort_dir", $total, $posts_per_page, $start), + 'PAGINATION' => (!$posts_per_page) ? '' : generate_pagination(append_sid("{$phpbb_root_path}mcp.$phpEx", "i=$id&t={$topic_info['topic_id']}&mode=$mode&action=$action&to_topic_id=$to_topic_id&posts_per_page=$posts_per_page&st=$sort_days&sk=$sort_key&sd=$sort_dir"), $total, $posts_per_page, $start), 'TOTAL' => $total) ); } @@ -219,7 +219,7 @@ function mcp_topic_view($id, $mode, $action) */ function split_topic($action, $topic_id, $to_forum_id, $subject) { - global $db, $template, $user, $phpEx, $SID, $phpbb_root_path, $auth; + global $db, $template, $user, $phpEx, $phpbb_root_path, $auth; $post_id_list = request_var('post_id_list', array(0)); $start = request_var('start', 0); @@ -375,7 +375,7 @@ function split_topic($action, $topic_id, $to_forum_id, $subject) $success_msg = 'TOPIC_SPLIT_SUCCESS'; // Link back to both topics - $return_link = sprintf($user->lang['RETURN_TOPIC'], "<a href=\"{$phpbb_root_path}viewtopic.$phpEx$SID&f=" . $post_info['forum_id'] . '&t=' . $post_info['topic_id'] . '">', '</a>') . '<br /><br />' . sprintf($user->lang['RETURN_NEW_TOPIC'], "<a href=\"{$phpbb_root_path}viewtopic.$phpEx$SID&f=" . $to_forum_id . '&t=' . $to_topic_id . '">', '</a>'); + $return_link = sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $post_info['forum_id'] . '&t=' . $post_info['topic_id']) . '">', '</a>') . '<br /><br />' . sprintf($user->lang['RETURN_NEW_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $to_forum_id . '&t=' . $to_topic_id) . '">', '</a>'); } else { @@ -391,7 +391,7 @@ function split_topic($action, $topic_id, $to_forum_id, $subject) } else { - meta_refresh(3, "viewtopic.$phpEx$SID&f=$to_forum_id&t=$to_topic_id"); + meta_refresh(3, append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$to_forum_id&t=$to_topic_id")); trigger_error($user->lang[$success_msg] . '<br /><br />' . $return_link); } } @@ -401,7 +401,7 @@ function split_topic($action, $topic_id, $to_forum_id, $subject) */ function merge_posts($topic_id, $to_topic_id) { - global $db, $template, $user, $phpEx, $SID, $phpbb_root_path, $auth; + global $db, $template, $user, $phpEx, $phpbb_root_path, $auth; if (!$to_topic_id) { @@ -463,11 +463,11 @@ function merge_posts($topic_id, $to_topic_id) if (sizeof($topic_data)) { - $return_link .= sprintf($user->lang['RETURN_TOPIC'], '<a href="viewtopic.' . $phpEx . $SID . '&f=' . $forum_id . '&t=' . $topic_id . '">', '</a>'); + $return_link .= sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $forum_id . '&t=' . $topic_id) . '">', '</a>'); } // Link to the new topic - $return_link .= (($return_link) ? '<br /><br />' : '') . sprintf($user->lang['RETURN_NEW_TOPIC'], '<a href="viewtopic.' . $phpEx . $SID . '&f=' . $to_forum_id . '&t=' . $to_topic_id . '">', '</a>'); + $return_link .= (($return_link) ? '<br /><br />' : '') . sprintf($user->lang['RETURN_NEW_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $to_forum_id . '&t=' . $to_topic_id) . '">', '</a>'); } else { @@ -483,7 +483,7 @@ function merge_posts($topic_id, $to_topic_id) } else { - meta_refresh(3, "{$phpbb_root_path}viewtopic.$phpEx$SID&f=$to_forum_id&t=$to_topic_id"); + meta_refresh(3, append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$to_forum_id&t=$to_topic_id")); trigger_error($user->lang[$success_msg] . '<br /><br />' . $return_link); } } diff --git a/phpBB/includes/mcp/mcp_warn.php b/phpBB/includes/mcp/mcp_warn.php index 26eeb89bd6..e22739dd99 100755 --- a/phpBB/includes/mcp/mcp_warn.php +++ b/phpBB/includes/mcp/mcp_warn.php @@ -15,9 +15,9 @@ */ class mcp_warn { - var $p_master; - + var $u_action; + function mcp_main(&$p_master) { $this->p_master = &$p_master; @@ -26,7 +26,7 @@ class mcp_warn function main($id, $mode) { global $auth, $db, $user, $template; - global $config, $phpbb_root_path, $phpEx, $SID; + global $config, $phpbb_root_path, $phpEx; $action = request_var('action', array('' => '')); @@ -59,21 +59,17 @@ class mcp_warn } } -// -// Functions -// - /** * Generates the summary on the main page of the warning module */ function mcp_warn_front_view($id, $mode) { - global $SID, $phpEx, $phpbb_root_path, $config; + global $phpEx, $phpbb_root_path, $config; global $template, $db, $user, $auth; $template->assign_vars(array( - 'U_FIND_MEMBER' => "memberlist.$phpEx$SID&mode=searchuser&form=mcp&field=username", - 'U_POST_ACTION' => "mcp.$phpEx$SID&i=warn&mode=warn_user", + 'U_FIND_MEMBER' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=mcp&field=username'), + 'U_POST_ACTION' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=warn&mode=warn_user'), ) ); @@ -88,8 +84,8 @@ function mcp_warn_front_view($id, $mode) foreach ($highest as $row) { $template->assign_block_vars('highest', array( - 'U_NOTES' => 'mcp.' . $phpEx . $SID . '&i=notes&mode=user_notes&u=' . $row['user_id'], - 'U_USER' => 'memberlist.' . $phpEx . $SID . '&mode=viewprofile&u=' . $row['user_id'], + 'U_NOTES' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes&u=' . $row['user_id']), + 'U_USER' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['user_id']), 'USERNAME' => $row['username'], 'WARNING_TIME' => $user->format_date($row['user_last_warning']), @@ -109,8 +105,8 @@ function mcp_warn_front_view($id, $mode) while ($row = $db->sql_fetchrow($result)) { $template->assign_block_vars('latest', array( - 'U_NOTES' => 'mcp.' . $phpEx . $SID . '&i=notes&mode=user_notes&u=' . $row['user_id'], - 'U_USER' => 'memberlist.' . $phpEx . $SID . '&mode=viewprofile&u=' . $row['user_id'], + 'U_NOTES' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes&u=' . $row['user_id']), + 'U_USER' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['user_id']), 'USERNAME' => $row['username'], 'WARNING_TIME' => $user->format_date($row['warning_time']), @@ -126,7 +122,7 @@ function mcp_warn_front_view($id, $mode) */ function mcp_warn_list_view($id, $mode, $action) { - global $SID, $phpEx, $phpbb_root_path, $config; + global $phpEx, $phpbb_root_path, $config; global $template, $db, $user, $auth; $user->add_lang('memberlist'); @@ -155,8 +151,8 @@ function mcp_warn_list_view($id, $mode, $action) foreach ($users as $row) { $template->assign_block_vars('user', array( - 'U_NOTES' => 'mcp.' . $phpEx . $SID . '&i=notes&mode=user_notes&u=' . $row['user_id'], - 'U_USER' => 'memberlist.' . $phpEx . $SID . '&mode=viewprofile&u=' . $row['user_id'], + 'U_NOTES' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes&u=' . $row['user_id']), + 'U_USER' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['user_id']), 'USERNAME' => $row['username'], 'WARNING_TIME' => $user->format_date($row['user_last_warning']), @@ -166,14 +162,14 @@ function mcp_warn_list_view($id, $mode, $action) } $template->assign_vars(array( - 'U_POST_ACTION' => "mcp.$phpEx$SID&i=$id&mode=$mode", + 'U_POST_ACTION' => append_sid("{$phpbb_root_path}mcp.$phpEx", "i=$id&mode=$mode"), 'S_CLEAR_ALLOWED' => ($auth->acl_get('a_clearlogs')) ? true : false, 'S_SELECT_SORT_DIR' => $s_sort_dir, 'S_SELECT_SORT_KEY' => $s_sort_key, 'S_SELECT_SORT_DAYS' => $s_limit_days, 'PAGE_NUMBER' => on_page($user_count, $config['topics_per_page'], $start), - 'PAGINATION' => generate_pagination("mcp.$phpEx$SID&i=$id&mode=$mode&st=$st&sk=$sk&sd=$sd", $user_count, $config['topics_per_page'], $start), + 'PAGINATION' => generate_pagination(append_sid("{$phpbb_root_path}mcp.$phpEx", "i=$id&mode=$mode&st=$st&sk=$sk&sd=$sd"), $user_count, $config['topics_per_page'], $start), 'TOTAL_USERS' => ($user_count == 1) ? $user->lang['LIST_USER'] : sprintf($user->lang['LIST_USERS'], $user_count), ) ); @@ -185,7 +181,7 @@ function mcp_warn_list_view($id, $mode, $action) */ function mcp_warn_post_view($id, $mode, $action) { - global $SID, $phpEx, $phpbb_root_path, $config; + global $phpEx, $phpbb_root_path, $config; global $template, $db, $user, $auth; $post_id = request_var('p', 0); @@ -227,7 +223,7 @@ function mcp_warn_post_view($id, $mode, $action) { add_warning($userrow, $warning, $notify, $post_id); - $redirect = "mcp.$phpEx$SID&i=notes&mode=user_notes&u=$user_id"; + $redirect = append_sid("{$phpbb_root_path}mcp.$phpEx", "i=notes&mode=user_notes&u=$user_id"); meta_refresh(2, $redirect); trigger_error($user->lang['USER_WARNING_ADDED'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>')); } @@ -274,11 +270,11 @@ function mcp_warn_post_view($id, $mode, $action) } else { - $avatar_img = '<img src="adm/images/no_avatar.gif" alt="" />'; + $avatar_img = '<img src="' . $phpbb_root_path . 'images/no_avatar.gif" alt="" />'; } $template->assign_vars(array( - 'U_POST_ACTION' => "mcp.$phpEx$SID&i=$id&mode=$mode&p=$post_id", + 'U_POST_ACTION' => append_sid("{$phpbb_root_path}mcp.$phpEx", "i=$id&mode=$mode&p=$post_id"), 'POST' => $message, 'USERNAME' => $userrow['username'], @@ -298,7 +294,7 @@ function mcp_warn_post_view($id, $mode, $action) */ function mcp_warn_user_view($id, $mode, $action) { - global $SID, $phpEx, $phpbb_root_path, $config; + global $phpEx, $phpbb_root_path, $config; global $template, $db, $user, $auth; $user_id = request_var('u', 0); @@ -321,7 +317,7 @@ function mcp_warn_user_view($id, $mode, $action) { add_warning($userrow, $warning, $notify); - $redirect = "mcp.$phpEx$SID&i=notes&mode=user_notes&u=$user_id"; + $redirect = append_sid("{$phpbb_root_path}mcp.$phpEx", "i=notes&mode=user_notes&u=$user_id"); meta_refresh(2, $redirect); trigger_error($user->lang['USER_WARNING_ADDED'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>')); } @@ -353,7 +349,7 @@ function mcp_warn_user_view($id, $mode, $action) // OK, they didn't submit a warning so lets build the page for them to do so $template->assign_vars(array( - 'U_POST_ACTION' => "mcp.$phpEx$SID&i=$id&mode=$mode&u=$user_id", + 'U_POST_ACTION' => append_sid("{$phpbb_root_path}mcp.$phpEx", "i=$id&mode=$mode&u=$user_id"), 'USERNAME' => $userrow['username'], 'USER_COLOR' => (!empty($userrow['user_colour'])) ? $userrow['user_colour'] : '', @@ -373,7 +369,7 @@ function mcp_warn_user_view($id, $mode, $action) */ function add_warning($userrow, $warning, $send_pm = true, $post_id = 0) { - global $SID, $phpEx, $phpbb_root_path, $config; + global $phpEx, $phpbb_root_path, $config; global $template, $db, $user, $auth; if ($send_pm) diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index e4be20a91b..9f85549d8d 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -250,7 +250,21 @@ class bbcode_firstpass extends bbcode { return ''; } - + + // Apply the same size checks on flash files as on images + if ($config['max_' . $this->mode . '_img_height'] || $config['max_' . $this->mode . '_img_width']) + { + if ($config['max_' . $this->mode . '_img_height'] && $config['max_' . $this->mode . '_img_height'] < $height) + { + $this->warn_msg[] = sprintf($user->lang['MAX_FLASH_HEIGHT_EXCEEDED'], $config['max_' . $this->mode . '_img_height']); + } + + if ($config['max_' . $this->mode . '_img_width'] && $config['max_' . $this->mode . '_img_width'] < $width) + { + $this->warn_msg[] = sprintf($user->lang['MAX_FLASH_WIDTH_EXCEEDED'], $config['max_' . $this->mode . '_img_width']); + } + } + return '[flash=' . $width . ',' . $height . ':' . $this->bbcode_uid . ']' . $in . '[/flash:' . $this->bbcode_uid . ']'; } diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 40c6da1606..939fd94ae2 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -73,7 +73,7 @@ class session $page_dir = str_repeat('../', sizeof($root_dirs)) . implode('/', $page_dirs); - if ($page_dir && $page_dir{strlen($page_dir) - 1} == '/') + if ($page_dir && substr($page_dir, -1, 1) == '/') { $page_dir = substr($page_dir, 0, -1); } @@ -81,10 +81,10 @@ class session // Current page from phpBB root (for example: adm/index.php?i=10&b=2) $page = (($page_dir) ? $page_dir . '/' : '') . $page_name . (($query_string) ? "?$query_string" : ''); - // The script path from the webroot to the current directory (for example: /phpBB2/adm) : always prefixed with / + // The script path from the webroot to the current directory (for example: /phpBB2/adm/) : always prefixed with / and ends in / $script_path = trim(str_replace('\\', '/', dirname($script_name))); - // The script path from the webroot to the phpBB root (for example: /phpBB2) + // The script path from the webroot to the phpBB root (for example: /phpBB2/) $script_dirs = explode('/', $script_path); array_splice($script_dirs, -sizeof($page_dirs)); $root_script_path = implode('/', $script_dirs) . (sizeof($root_dirs) ? '/' . implode('/', $root_dirs) : ''); @@ -95,6 +95,9 @@ class session $root_script_path = ($page_dir) ? str_replace($page_dir, '', $script_path) : $script_path; } + $script_path .= (substr($script_path, -1, 1) == '/') ? '' : '/'; + $root_script_path .= (substr($root_script_path, -1, 1) == '/') ? '' : '/'; + $page_array += array( 'page_name' => $page_name, 'page_dir' => $page_dir, @@ -124,7 +127,7 @@ class session */ function session_begin() { - global $phpEx, $SID, $db, $config, $phpbb_root_path; + global $phpEx, $SID, $_SID, $db, $config, $phpbb_root_path; $this->time_now = time(); @@ -143,12 +146,13 @@ class session $this->cookie_data['u'] = request_var($config['cookie_name'] . '_u', 0); $this->cookie_data['k'] = request_var($config['cookie_name'] . '_k', ''); $this->session_id = request_var($config['cookie_name'] . '_sid', ''); - + $SID = (defined('NEED_SID')) ? '?sid=' . $this->session_id : '?sid='; + $_SID = (defined('NEED_SID')) ? $this->session_id : ''; } else { - $this->session_id = request_var('sid', ''); + $this->session_id = $_SID = request_var('sid', ''); $SID = '?sid=' . $this->session_id; } @@ -282,7 +286,7 @@ class session */ function session_create($user_id = false, $set_admin = false, $persist_login = false, $viewonline = true) { - global $SID, $db, $config, $cache, $phpbb_root_path, $phpEx; + global $SID, $_SID, $db, $config, $cache, $phpbb_root_path, $phpEx; $this->data = array(); @@ -490,6 +494,7 @@ class session } $SID = '?sid='; + $_SID = ''; if (!$bot) { $cookie_expire = $this->time_now + (($config['max_autologin_time']) ? 86400 * (int) $config['max_autologin_time'] : 31536000); @@ -499,6 +504,7 @@ class session $this->set_cookie('sid', $this->session_id, $cookie_expire); $SID = '?sid=' . $this->session_id; + $_SID = $this->session_id; if ($this->data['user_id'] != ANONYMOUS) { @@ -521,7 +527,7 @@ class session */ function session_kill() { - global $SID, $db, $config, $phpbb_root_path, $phpEx; + global $SID, $_SID, $db, $config, $phpbb_root_path, $phpEx; $sql = 'DELETE FROM ' . SESSIONS_TABLE . " WHERE session_id = '" . $db->sql_escape($this->session_id) . "' @@ -583,7 +589,7 @@ class session unset($cookie_expire); $SID = '?sid='; - $this->session_id = ''; + $this->session_id = $_SID = ''; return true; } @@ -966,10 +972,11 @@ class user extends session if (!empty($_GET['style']) && $auth->acl_get('a_styles')) { - global $SID; + global $SID, $_EXTRA_URL; $style = request_var('style', 0); $SID .= '&style=' . $style; + $_EXTRA_URL = array('style=' . $style); } else { @@ -1075,11 +1082,9 @@ class user extends session // already in the ucp if (!defined('IN_ADMIN') && $config['chg_passforce'] && $this->data['user_passchg'] < time() - ($config['chg_passforce'] * 86400)) { - global $SID; - if (strpos($this->page['query_string'], 'mode=reg_details') !== false && $this->page['page_name'] == "ucp.$phpEx") { - redirect("ucp.$phpEx$SID&i=profile&mode=reg_details"); + redirect(append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=profile&mode=reg_details')); } } diff --git a/phpBB/includes/ucp/ucp_activate.php b/phpBB/includes/ucp/ucp_activate.php index 83d8cf1701..93d1f63e05 100644 --- a/phpBB/includes/ucp/ucp_activate.php +++ b/phpBB/includes/ucp/ucp_activate.php @@ -17,7 +17,7 @@ class ucp_activate { function main($id, $mode) { - global $config, $db, $user, $auth, $SID, $template, $phpbb_root_path, $phpEx; + global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx; $user_id = request_var('u', 0); $key = request_var('k', ''); @@ -36,7 +36,7 @@ class ucp_activate if ($row['user_type'] <> USER_INACTIVE && !$row['user_newpasswd']) { - meta_refresh(3, "index.$phpEx$SID"); + meta_refresh(3, append_sid("{$phpbb_root_path}index.$phpEx")); trigger_error($user->lang['ALREADY_ACTIVATED']); } @@ -110,7 +110,7 @@ class ucp_activate set_config('num_users', $config['num_users'] + 1, true); } - meta_refresh(3, "{$phpbb_root_path}index.$phpEx$SID"); + meta_refresh(3, append_sid("{$phpbb_root_path}index.$phpEx")); trigger_error($user->lang[$message]); } } diff --git a/phpBB/includes/ucp/ucp_attachments.php b/phpBB/includes/ucp/ucp_attachments.php index f8a6d1bf89..b699643f37 100644 --- a/phpBB/includes/ucp/ucp_attachments.php +++ b/phpBB/includes/ucp/ucp_attachments.php @@ -15,9 +15,11 @@ */ class ucp_attachments { + var $u_action; + function main($id, $mode) { - global $template, $user, $db, $config, $phpEx, $phpbb_root_path, $SID; + global $template, $user, $db, $config, $phpEx, $phpbb_root_path; $start = request_var('start', 0); $sort_key = request_var('sk', 'a'); @@ -44,9 +46,8 @@ class ucp_attachments } delete_attachments('attach', $delete_ids); - $refresh_url = "{$phpbb_root_path}ucp.$phpEx$SID&i=$id"; - meta_refresh(3, $refresh_url); - $message = ((sizeof($delete_ids) == 1) ? $user->lang['ATTACHMENT_DELETED'] : $user->lang['ATTACHMENTS_DELETED']) . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $refresh_url . '">', '</a>'); + meta_refresh(3, $this->u_action); + $message = ((sizeof($delete_ids) == 1) ? $user->lang['ATTACHMENT_DELETED'] : $user->lang['ATTACHMENTS_DELETED']) . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); trigger_error($message); } else @@ -103,11 +104,11 @@ class ucp_attachments { if ($row['in_message']) { - $view_topic = "{$phpbb_root_path}ucp.$phpEx$SID&i=pm&p={$row['post_msg_id']}"; + $view_topic = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&p={$row['post_msg_id']}"); } else { - $view_topic = "{$phpbb_root_path}viewtopic.$phpEx$SID&t={$row['topic_id']}&p={$row['post_msg_id']}#p{$row['post_msg_id']}"; + $view_topic = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "t={$row['topic_id']}&p={$row['post_msg_id']}") . "#p{$row['post_msg_id']}"; } $template->assign_block_vars('attachrow', array( @@ -126,7 +127,7 @@ class ucp_attachments 'S_IN_MESSAGE' => $row['in_message'], - 'U_VIEW_ATTACHMENT' => $phpbb_root_path . 'download.' . $phpEx . $SID . '&id=' . $row['attach_id'], + 'U_VIEW_ATTACHMENT' => append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . $row['attach_id']), 'U_VIEW_TOPIC' => $view_topic) ); @@ -138,22 +139,22 @@ class ucp_attachments $template->assign_vars(array( 'PAGE_NUMBER' => on_page($num_attachments, $config['posts_per_page'], $start), - 'PAGINATION' => generate_pagination("{$phpbb_root_path}ucp.$phpEx$SID&i=$id&sk=$sort_key&sd=$sort_dir", $num_attachments, $config['posts_per_page'], $start), + 'PAGINATION' => generate_pagination($this->u_action . "&sk=$sort_key&sd=$sort_dir", $num_attachments, $config['posts_per_page'], $start), 'TOTAL_ATTACHMENTS' => $num_attachments, 'L_TITLE' => $user->lang['UCP_ATTACHMENTS'], - 'U_SORT_FILENAME' => "{$phpbb_root_path}ucp.$phpEx$SID&i=$id&sk=a&sd=" . (($sort_key == 'a' && $sort_dir == 'a') ? 'd' : 'a'), - 'U_SORT_FILE_COMMENT' => "{$phpbb_root_path}ucp.$phpEx$SID&i=$id&sk=b&sd=" . (($sort_key == 'b' && $sort_dir == 'a') ? 'd' : 'a'), - 'U_SORT_EXTENSION' => "{$phpbb_root_path}ucp.$phpEx$SID&i=$id&sk=c&sd=" . (($sort_key == 'c' && $sort_dir == 'a') ? 'd' : 'a'), - 'U_SORT_FILESIZE' => "{$phpbb_root_path}ucp.$phpEx$SID&i=$id&sk=d&sd=" . (($sort_key == 'd' && $sort_dir == 'a') ? 'd' : 'a'), - 'U_SORT_DOWNLOADS' => "{$phpbb_root_path}ucp.$phpEx$SID&i=$id&sk=e&sd=" . (($sort_key == 'e' && $sort_dir == 'a') ? 'd' : 'a'), - 'U_SORT_POST_TIME' => "{$phpbb_root_path}ucp.$phpEx$SID&i=$id&sk=f&sd=" . (($sort_key == 'f' && $sort_dir == 'a') ? 'd' : 'a'), - 'U_SORT_TOPIC_TITLE' => "{$phpbb_root_path}ucp.$phpEx$SID&i=$id&sk=g&sd=" . (($sort_key == 'f' && $sort_dir == 'a') ? 'd' : 'a'), + 'U_SORT_FILENAME' => $this->u_action . "&sk=a&sd=" . (($sort_key == 'a' && $sort_dir == 'a') ? 'd' : 'a'), + 'U_SORT_FILE_COMMENT' => $this->u_action . "&sk=b&sd=" . (($sort_key == 'b' && $sort_dir == 'a') ? 'd' : 'a'), + 'U_SORT_EXTENSION' => $this->u_action . "&i=$id&sk=c&sd=" . (($sort_key == 'c' && $sort_dir == 'a') ? 'd' : 'a'), + 'U_SORT_FILESIZE' => $this->u_action . "&sk=d&sd=" . (($sort_key == 'd' && $sort_dir == 'a') ? 'd' : 'a'), + 'U_SORT_DOWNLOADS' => $this->u_action . "&sk=e&sd=" . (($sort_key == 'e' && $sort_dir == 'a') ? 'd' : 'a'), + 'U_SORT_POST_TIME' => $this->u_action . "&sk=f&sd=" . (($sort_key == 'f' && $sort_dir == 'a') ? 'd' : 'a'), + 'U_SORT_TOPIC_TITLE' => $this->u_action . "&sk=g&sd=" . (($sort_key == 'f' && $sort_dir == 'a') ? 'd' : 'a'), 'S_DISPLAY_MARK_ALL' => ($num_attachments) ? true : false, 'S_DISPLAY_PAGINATION' => ($num_attachments) ? true : false, - 'S_UCP_ACTION' => "{$phpbb_root_path}ucp.$phpEx$SID&i=$id", + 'S_UCP_ACTION' => $this->u_action, 'S_SORT_OPTIONS' => $s_sort_key, 'S_ORDER_SELECT' => $s_sort_dir) ); diff --git a/phpBB/includes/ucp/ucp_confirm.php b/phpBB/includes/ucp/ucp_confirm.php index 6c371b7a63..ec9b5c77d6 100644 --- a/phpBB/includes/ucp/ucp_confirm.php +++ b/phpBB/includes/ucp/ucp_confirm.php @@ -24,7 +24,7 @@ class ucp_confirm { function main($id, $mode) { - global $db, $user, $phpbb_root_path, $config; + global $db, $user, $phpbb_root_path, $config, $phpEx; // Do we have an id? No, then just exit $confirm_id = request_var('id', ''); @@ -74,12 +74,12 @@ class ucp_confirm $policy = ''; if (extension_loaded('gd') && sizeof($policy_modules)) { - include($phpbb_root_path . 'includes/captcha/captcha_gd.php'); + include($phpbb_root_path . 'includes/captcha/captcha_gd.' . $phpEx); $policy = $policy_modules[array_rand($policy_modules)]; } else { - include($phpbb_root_path . 'includes/captcha/captcha_non_gd.php'); + include($phpbb_root_path . 'includes/captcha/captcha_non_gd.' . $phpEx); } $captcha = new captcha(); diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php index bb16baf2b3..3f30ec2d37 100644 --- a/phpBB/includes/ucp/ucp_groups.php +++ b/phpBB/includes/ucp/ucp_groups.php @@ -18,7 +18,7 @@ class ucp_groups function main($id, $mode) { - global $config, $db, $user, $auth, $SID, $template, $phpbb_root_path, $phpEx; + global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx; $user->add_lang('groups'); @@ -47,8 +47,8 @@ class ucp_groups FROM ' . GROUPS_TABLE . " WHERE group_id IN ($group_id, {$user->data['group_id']})"; $result = $db->sql_query($sql); - $group_row = array(); + $group_row = array(); while ($row = $db->sql_fetchrow($result)) { $row['group_name'] = ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']; @@ -86,7 +86,7 @@ class ucp_groups group_user_attributes('default', $group_id, $user->data['user_id']); add_log('user', $user->data['user_id'], 'LOG_USER_GROUP_CHANGE', sprintf($user->lang['USER_GROUP_CHANGE'], $group_row[$group_id]['group_name'], $group_row[$user->data['group_id']]['group_name'])); - + meta_refresh(3, $this->u_action); trigger_error($user->lang['CHANGED_DEFAULT_GROUP'] . $return_page); } @@ -96,7 +96,7 @@ class ucp_groups 'default' => $group_id, 'change_default'=> true ); - + confirm_box(false, sprintf($user->lang['GROUP_CHANGE_DEFAULT'], $group_row[$group_id]['group_name']), build_hidden_fields($s_hidden_fields)); } @@ -115,13 +115,13 @@ class ucp_groups trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page); } list(, $row) = each($row); - + if (confirm_box(true)) { group_user_del($group_id, $user->data['user_id']); - + add_log('user', $user->data['user_id'], 'LOG_USER_GROUP_RESIGN', $group_row[$group_id]['group_name']); - + meta_refresh(3, $this->u_action); trigger_error($user->lang[($row['user_pending']) ? 'GROUP_RESIGNED_PENDING' : 'GROUP_RESIGNED_MEMBERSHIP'] . $return_page); } @@ -132,7 +132,7 @@ class ucp_groups 'action' => 'resign', 'submit' => true ); - + confirm_box(false, ($row['user_pending']) ? 'GROUP_RESIGN_PENDING' : 'GROUP_RESIGN_MEMBERSHIP', build_hidden_fields($s_hidden_fields)); } @@ -192,7 +192,7 @@ class ucp_groups 'USERNAME' => html_entity_decode($row['username']), 'GROUP_NAME' => html_entity_decode($group_row[$group_id]['group_name']), - 'U_PENDING' => generate_board_url() . "/ucp.$phpEx?i=usergroups&mode=manage", + 'U_PENDING' => generate_board_url() . "/ucp.$phpEx?i=groups&mode=manage&action=list&g=$group_id", 'U_GROUP' => generate_board_url() . "/memberlist.$phpEx?mode=group&g=$group_id") ); @@ -301,7 +301,7 @@ class ucp_groups 'GROUP_SPECIAL' => ($row['group_type'] <> GROUP_SPECIAL) ? false : true, 'GROUP_STATUS' => $user->lang['GROUP_IS_' . $group_status], - 'U_VIEW_GROUP' => "{$phpbb_root_path}memberlist.$phpEx$SID&mode=group&g={$row['group_id']}", + 'U_VIEW_GROUP' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=group&g=' . $row['group_id']), 'S_GROUP_DEFAULT' => ($row['group_id'] == $user->data['group_id']) ? true : false, 'S_ROW_COUNT' => ${$block . '_count'}++) @@ -355,7 +355,7 @@ class ucp_groups 'GROUP_STATUS' => $user->lang['GROUP_IS_' . $group_status], 'S_CAN_JOIN' => ($row['group_type'] == GROUP_OPEN || $row['group_type'] == GROUP_FREE) ? true : false, - 'U_VIEW_GROUP' => "{$phpbb_root_path}memberlist.$phpEx$SID&mode=group&g={$row['group_id']}", + 'U_VIEW_GROUP' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=group&g=' . $row['group_id']), 'S_ROW_COUNT' => $nonmember_count++) ); @@ -637,8 +637,8 @@ class ucp_groups 'GROUP_CLOSED' => $type_closed, 'GROUP_HIDDEN' => $type_hidden, - 'U_SWATCH' => "{$phpbb_root_path}adm/swatch.$phpEx$SID&form=ucp&name=group_colour", - 'UA_SWATCH' => "{$phpbb_root_path}adm/swatch.$phpEx$SID&form=ucp&name=group_colour", + 'U_SWATCH' => append_sid("{$phpbb_root_path}adm/swatch.$phpEx", 'form=ucp&name=group_colour'), + 'UA_SWATCH' => append_sid("{$phpbb_root_path}adm/swatch.$phpEx", 'form=ucp&name=group_colour', false), 'S_UCP_ACTION' => $this->u_action . "&action=$action&g=$group_id", 'L_AVATAR_EXPLAIN' => sprintf($user->lang['AVATAR_EXPLAIN'], $config['avatar_max_width'], $config['avatar_max_height'], round($config['avatar_filesize'] / 1024))) ); @@ -693,7 +693,7 @@ class ucp_groups $template->assign_block_vars($row['group_leader'] ? 'leader' : 'member', array( 'USERNAME' => $row['username'], - 'U_USER_VIEW' => "{$phpbb_root_path}memberlist.$phpEx$SID&mode=viewprofile&u={$row['user_id']}", + 'U_USER_VIEW' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['user_id']), 'S_GROUP_DEFAULT' => ($row['group_id'] == $group_id) ? true : false, 'JOINED' => ($row['user_regdate']) ? $user->format_date($row['user_regdate']) : ' - ', 'USER_POSTS' => $row['user_posts'], @@ -717,7 +717,7 @@ class ucp_groups 'PAGINATION' => generate_pagination($this->u_action . "&action=$action&g=$group_id", $total_members, $config['topics_per_page'], $start, true), 'U_ACTION' => $this->u_action . "&g=$group_id", - 'U_FIND_USERNAME' => "{$phpbb_root_path}memberlist.$phpEx$SID&mode=searchuser&form=list&field=usernames") + 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=list&field=usernames')) ); break; diff --git a/phpBB/includes/ucp/ucp_main.php b/phpBB/includes/ucp/ucp_main.php index 336c050fad..70f0e20f60 100644 --- a/phpBB/includes/ucp/ucp_main.php +++ b/phpBB/includes/ucp/ucp_main.php @@ -16,6 +16,7 @@ class ucp_main { var $p_master; + var $u_action; function ucp_main(&$p_master) { @@ -24,7 +25,7 @@ class ucp_main function main($id, $mode) { - global $config, $db, $user, $auth, $SID, $template, $phpbb_root_path, $phpEx; + global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx; switch ($mode) { @@ -137,10 +138,10 @@ class ucp_main 'S_USER_POSTED' => (!empty($row['topic_posted']) && $row['topic_posted']) ? true : false, 'S_UNREAD' => $unread_topic, - 'U_LAST_POST' => "{$phpbb_root_path}viewtopic.$phpEx$SID&f=$g_forum_id&t=$topic_id&p=" . $row['topic_last_post_id'] . '#p' . $row['topic_last_post_id'], - 'U_LAST_POST_AUTHOR'=> ($row['topic_last_poster_id'] != ANONYMOUS) ? "{$phpbb_root_path}memberlist.$phpEx$SID&mode=viewprofile&u=" . $row['topic_last_poster_id'] : '', - 'U_NEWEST_POST' => "{$phpbb_root_path}viewtopic.$phpEx$SID&f=$g_forum_id&t=$topic_id&view=unread#unread", - 'U_VIEW_TOPIC' => "{$phpbb_root_path}viewtopic.$phpEx$SID&f=$g_forum_id&t=$topic_id") + 'U_LAST_POST' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$g_forum_id&t=$topic_id&p=" . $row['topic_last_post_id']) . '#p' . $row['topic_last_post_id'], + 'U_LAST_POST_AUTHOR'=> ($row['topic_last_poster_id'] != ANONYMOUS) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['topic_last_poster_id']) : '', + 'U_NEWEST_POST' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$g_forum_id&t=$topic_id&view=unread") . '#unread', + 'U_VIEW_TOPIC' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$g_forum_id&t=$topic_id")) ); } @@ -173,7 +174,7 @@ class ucp_main // 'S_GROUP_OPTIONS' => $group_options, 'S_SHOW_ACTIVITY' => ($config['load_user_activity']) ? true : false, - 'U_SEARCH_USER' => ($auth->acl_get('u_search')) ? "{$phpbb_root_path}search.$phpEx$SID&author_id=" . $user->data['user_id'] . "&sr=posts" : '', + 'U_SEARCH_USER' => ($auth->acl_get('u_search')) ? append_sid("{$phpbb_root_path}search.$phpEx", 'author_id=' . $user->data['user_id'] . '&sr=posts') : '', ) ); break; @@ -213,9 +214,9 @@ class ucp_main $l_unwatch .= '_TOPICS'; } - $message = $user->lang['UNWATCHED' . $l_unwatch] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], "<a href=\"ucp.$phpEx$SID&i=$id&mode=subscribed\">", '</a>'); + $message = $user->lang['UNWATCHED' . $l_unwatch] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . append_sid("{$phpbb_root_path}ucp.$phpEx", "i=$id&mode=subscribed") . '">', '</a>'); - meta_refresh(3, "ucp.$phpEx$SID&i=$id&mode=subscribed"); + meta_refresh(3, append_sid("{$phpbb_root_path}ucp.$phpEx", "i=$id&mode=subscribed")); trigger_error($message); } } @@ -246,7 +247,8 @@ class ucp_main } else { - $tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? unserialize(stripslashes($_COOKIE[$config['cookie_name'] . '_track'])) : array(); + $tracking_topics = (isset($_COOKIE[$config['cookie_name'] . '_track'])) ? ((STRIP) ? stripslashes($_COOKIE[$config['cookie_name'] . '_track']) : $_COOKIE[$config['cookie_name'] . '_track']) : ''; + $tracking_topics = ($tracking_topics) ? unserialize($tracking_topics) : array(); } $sql = $db->sql_build_query('SELECT', $sql_array); @@ -262,7 +264,7 @@ class ucp_main } else { - $forum_check = (isset($tracking_topics['f'][$forum_id])) ? base_convert($tracking_topics['f'][$forum_id], 36, 10) + $config['board_startdate'] : $user->data['user_lastmark']; + $forum_check = (isset($tracking_topics['f'][$forum_id])) ? (int) (base_convert($tracking_topics['f'][$forum_id], 36, 10) + $config['board_startdate']) : $user->data['user_lastmark']; } $unread_forum = ($row['forum_last_post_time'] > $forum_check) ? true : false; @@ -285,9 +287,9 @@ class ucp_main $last_post_time = $user->format_date($row['forum_last_post_time']); $last_poster = ($row['forum_last_poster_name'] != '') ? $row['forum_last_poster_name'] : $user->lang['GUEST']; - $last_poster_url = ($row['forum_last_poster_id'] == ANONYMOUS) ? '' : "{$phpbb_root_path}memberlist.$phpEx$SID&mode=viewprofile&u=" . $row['forum_last_poster_id']; + $last_poster_url = ($row['forum_last_poster_id'] == ANONYMOUS) ? '' : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['forum_last_poster_id']); - $last_post_url = "{$phpbb_root_path}viewtopic.$phpEx$SID&f=$forum_id&p=" . $row['forum_last_post_id'] . '#p' . $row['forum_last_post_id']; + $last_post_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&p=" . $row['forum_last_post_id']) . '#p' . $row['forum_last_post_id']; } else { @@ -305,7 +307,7 @@ class ucp_main 'U_LAST_POST_AUTHOR'=> $last_poster_url, 'U_LAST_POST' => $last_post_url, - 'U_VIEWFORUM' => "{$phpbb_root_path}viewforum.$phpEx$SID&f=" . $row['forum_id']) + 'U_VIEWFORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id'])) ); } $db->sql_freeresult($result); @@ -324,7 +326,7 @@ class ucp_main if ($topics_count) { $template->assign_vars(array( - 'PAGINATION' => generate_pagination("ucp.$phpEx$SID&i=$id&mode=$mode", $topics_count, $config['topics_per_page'], $start), + 'PAGINATION' => generate_pagination($this->u_action, $topics_count, $config['topics_per_page'], $start), 'PAGE_NUMBER' => on_page($topics_count, $config['topics_per_page'], $start), 'TOTAL_TOPICS' => ($topics_count == 1) ? $user->lang['VIEW_FORUM_TOPIC'] : sprintf($user->lang['VIEW_FORUM_TOPICS'], $topics_count)) ); @@ -413,7 +415,7 @@ class ucp_main $folder_img = $folder_alt = $topic_type = ''; topic_status($row, $replies, $unread_topic, $folder_img, $folder_alt, $topic_type); - $view_topic_url = "viewtopic.$phpEx$SID&f=$forum_id&t=$topic_id"; + $view_topic_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&t=$topic_id"); // Send vars to template $template->assign_block_vars('topicrow', array( @@ -424,7 +426,7 @@ class ucp_main 'LAST_POST_TIME' => $user->format_date($row['topic_last_post_time']), 'LAST_VIEW_TIME' => $user->format_date($row['topic_last_view_time']), 'LAST_POST_AUTHOR' => ($row['topic_last_poster_name'] != '') ? $row['topic_last_poster_name'] : $user->lang['GUEST'], - 'PAGINATION' => topic_generate_pagination($replies, "viewtopic.$phpEx$SID&f=" . (($row['forum_id']) ? $row['forum_id'] : $forum_id) . "&t=$topic_id"), + 'PAGINATION' => topic_generate_pagination($replies, append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . (($row['forum_id']) ? $row['forum_id'] : $forum_id) . "&t=$topic_id")), 'REPLIES' => $replies, 'VIEWS' => $row['topic_views'], 'TOPIC_TITLE' => censor_text($row['topic_title']), @@ -443,9 +445,9 @@ class ucp_main 'S_USER_POSTED' => (!empty($row['topic_posted'])) ? true : false, 'S_UNREAD_TOPIC' => $unread_topic, - 'U_NEWEST_POST' => "{$phpbb_root_path}viewtopic.$phpEx$SID&f=$forum_id&t=$topic_id&view=unread#unread", + 'U_NEWEST_POST' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&t=$topic_id&view=unread") . '#unread', 'U_LAST_POST' => $view_topic_url . '&p=' . $row['topic_last_post_id'] . '#p' . $row['topic_last_post_id'], - 'U_LAST_POST_AUTHOR'=> ($row['topic_last_poster_id'] != ANONYMOUS && $row['topic_last_poster_id']) ? "{$phpbb_root_path}memberlist.$phpEx$SID&mode=viewprofile&u={$row['topic_last_poster_id']}" : '', + 'U_LAST_POST_AUTHOR'=> ($row['topic_last_poster_id'] != ANONYMOUS && $row['topic_last_poster_id']) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['topic_last_poster_id']) : '', 'U_VIEW_TOPIC' => $view_topic_url) ); @@ -495,7 +497,7 @@ class ucp_main { $s_hidden_fields = '<input type="hidden" name="unbookmark" value="1" />'; $topics = (isset($_POST['t'])) ? array_map('intval', array_keys($_POST['t'])) : array(); - $url = "{$phpbb_root_path}ucp.$phpEx$SID&i=$id&mode=$mode"; + $url = $this->u_action; if (!sizeof($topics)) { @@ -564,7 +566,7 @@ class ucp_main $unread_topic = false; topic_status($row, $replies, $unread_topic, $folder_img, $folder_alt, $topic_type); - $view_topic_url = "viewtopic.$phpEx$SID&f=$forum_id&t=$topic_id"; + $view_topic_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&t=$topic_id"); $template->assign_block_vars('topicrow', array( 'FORUM_ID' => $forum_id, @@ -581,7 +583,7 @@ class ucp_main 'LAST_POST_TIME' => $user->format_date($row['topic_last_post_time']), 'LAST_VIEW_TIME' => $user->format_date($row['topic_last_view_time']), 'LAST_POST_AUTHOR' => ($row['topic_last_poster_name'] != '') ? $row['topic_last_poster_name'] : $user->lang['GUEST'], - 'PAGINATION' => topic_generate_pagination($replies, "viewtopic.$phpEx$SID&f=" . (($row['forum_id']) ? $row['forum_id'] : $forum_id) . "&t=$topic_id"), + 'PAGINATION' => topic_generate_pagination($replies, append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . (($row['forum_id']) ? $row['forum_id'] : $forum_id) . "&t=$topic_id")), 'POSTED_AT' => $user->format_date($row['topic_time']), @@ -591,11 +593,11 @@ class ucp_main 'LAST_POST_IMG' => $user->img('icon_post_latest', 'VIEW_LATEST_POST'), 'U_LAST_POST' => $view_topic_url . '&p=' . $row['topic_last_post_id'] . '#p' . $row['topic_last_post_id'], - 'U_LAST_POST_AUTHOR'=> ($row['topic_last_poster_id'] != ANONYMOUS && $row['topic_last_poster_id']) ? "{$phpbb_root_path}memberlist.$phpEx$SID&mode=viewprofile&u={$row['topic_last_poster_id']}" : '', + 'U_LAST_POST_AUTHOR'=> ($row['topic_last_poster_id'] != ANONYMOUS && $row['topic_last_poster_id']) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['topic_last_poster_id']) : '', 'U_VIEW_TOPIC' => $view_topic_url, - 'U_VIEW_FORUM' => "{$phpbb_root_path}viewforum.$phpEx$SID&f={$forum_id}", - 'U_MOVE_UP' => ($row['order_id'] != 1) ? "{$phpbb_root_path}ucp.$phpEx$SID&i=main&mode=bookmarks&move_up={$row['order_id']}" : '', - 'U_MOVE_DOWN' => ($row['order_id'] != $max_order_id) ? "{$phpbb_root_path}ucp.$phpEx$SID&i=main&mode=bookmarks&move_down={$row['order_id']}" : '') + 'U_VIEW_FORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id), + 'U_MOVE_UP' => ($row['order_id'] != 1) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=main&mode=bookmarks&move_up=' . $row['order_id']) : '', + 'U_MOVE_DOWN' => ($row['order_id'] != $max_order_id) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=main&mode=bookmarks&move_down=' . $row['order_id']) : '') ); } @@ -627,9 +629,9 @@ class ucp_main AND user_id = " .$user->data['user_id']; $db->sql_query($sql); - $message = $user->lang['DRAFTS_DELETED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], "<a href=\"ucp.$phpEx$SID&i=$id&mode=$mode\">", '</a>'); + $message = $user->lang['DRAFTS_DELETED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); - meta_refresh(3, "ucp.$phpEx$SID&i=$id&mode=$mode"); + meta_refresh(3, $this->u_action); trigger_error($message); } } @@ -652,9 +654,9 @@ class ucp_main AND user_id = " . $user->data['user_id']; $db->sql_query($sql); - $message = $user->lang['DRAFT_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], "<a href=\"ucp.$phpEx$SID&i=$id&mode=$mode\">", '</a>'); + $message = $user->lang['DRAFT_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); - meta_refresh(3, "ucp.$phpEx$SID&i=$id&mode=$mode"); + meta_refresh(3, $this->u_action); trigger_error($message); } else @@ -721,23 +723,23 @@ class ucp_main if (isset($topic_rows[$draft['topic_id']]) && $auth->acl_get('f_read', $topic_rows[$draft['topic_id']]['forum_id'])) { $link_topic = true; - $view_url = "{$phpbb_root_path}viewtopic.$phpEx$SID&f=" . $topic_rows[$draft['topic_id']]['forum_id'] . "&t=" . $draft['topic_id']; + $view_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $topic_rows[$draft['topic_id']]['forum_id'] . '&t=' . $draft['topic_id']); $title = $topic_rows[$draft['topic_id']]['topic_title']; - $insert_url = "{$phpbb_root_path}posting.$phpEx$SID&f=" . $topic_rows[$draft['topic_id']]['forum_id'] . '&t=' . $draft['topic_id'] . '&mode=reply&d=' . $draft['draft_id']; + $insert_url = append_sid("{$phpbb_root_path}posting.$phpEx", 'f=' . $topic_rows[$draft['topic_id']]['forum_id'] . '&t=' . $draft['topic_id'] . '&mode=reply&d=' . $draft['draft_id']); } else if ($auth->acl_get('f_read', $draft['forum_id'])) { $link_forum = true; - $view_url = "{$phpbb_root_path}viewforum.$phpEx$SID&f=" . $draft['forum_id']; + $view_url = append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $draft['forum_id']); $title = $draft['forum_name']; - $insert_url = "{$phpbb_root_path}posting.$phpEx$SID&f=" . $draft['forum_id'] . '&mode=post&d=' . $draft['draft_id']; + $insert_url = append_sid("{$phpbb_root_path}posting.$phpEx", 'f=' . $draft['forum_id'] . '&mode=post&d=' . $draft['draft_id']); } else if ($pm_drafts) { $link_pm = true; - $insert_url = "{$phpbb_root_path}ucp.$phpEx$SID&i=$id&mode=compose&d=" . $draft['draft_id']; + $insert_url = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=$id&mode=compose&d=" . $draft['draft_id']); } $template_row = array( @@ -751,7 +753,7 @@ class ucp_main 'TOPIC_ID' => $draft['topic_id'], 'U_VIEW' => $view_url, - 'U_VIEW_EDIT' => "{$phpbb_root_path}ucp.$phpEx$SID&i=$id&mode=$mode&edit=" . $draft['draft_id'], + 'U_VIEW_EDIT' => $this->u_action . '&edit=' . $draft['draft_id'], 'U_INSERT' => $insert_url, 'S_LINK_TOPIC' => $link_topic, @@ -778,7 +780,7 @@ class ucp_main 'S_DISPLAY_MARK_ALL'=> ($mode == 'watched' || ($mode == 'drafts' && !isset($_GET['edit']))) ? true : false, 'S_HIDDEN_FIELDS' => (isset($s_hidden_fields)) ? $s_hidden_fields : '', - 'S_UCP_ACTION' => $phpbb_root_path . "ucp.$phpEx$SID&i=$id&mode=$mode") + 'S_UCP_ACTION' => $this->u_action) ); // Set desired template diff --git a/phpBB/includes/ucp/ucp_pm.php b/phpBB/includes/ucp/ucp_pm.php index e6fe312dba..18ca027582 100644 --- a/phpBB/includes/ucp/ucp_pm.php +++ b/phpBB/includes/ucp/ucp_pm.php @@ -33,9 +33,11 @@ */ class ucp_pm { + var $u_action; + function main($id, $mode) { - global $user, $template, $phpbb_root_path, $auth, $phpEx, $db, $SID, $config; + global $user, $template, $phpbb_root_path, $auth, $phpEx, $db, $config; if (!$user->data['is_registered']) { @@ -95,8 +97,9 @@ class ucp_pm $template->assign_vars(array( 'MESSAGE' => $l_new_message, 'S_NOT_LOGGED_IN' => ($user->data['user_id'] == ANONYMOUS) ? true : false, - 'CLICK_TO_VIEW' => sprintf($user->lang['CLICK_VIEW_PRIVMSG'], '<a href="' . $phpbb_root_path . 'ucp.' . $phpEx . $SID . '&i=pm&folder=inbox" onclick="jump_to_inbox();return false;" target="_new">', '</a>'), - 'U_INBOX' => "{$phpbb_root_path}ucp.$phpEx$SID&i=pm&folder=inbox") + 'CLICK_TO_VIEW' => sprintf($user->lang['CLICK_VIEW_PRIVMSG'], '<a href="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&folder=inbox') . '" onclick="jump_to_inbox();return false;" target="_new">', '</a>'), + 'U_INBOX' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&folder=inbox'), + 'UA_INBOX' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&folder=inbox', false)) ); $tpl_file = 'ucp_pm_popup'; @@ -330,24 +333,23 @@ class ucp_pm // Header for message view - folder and so on $folder_status = get_folder_status($folder_id, $folder); - $url = "{$phpbb_root_path}ucp.$phpEx$SID&i=$id&mode=$mode"; $template->assign_vars(array( 'CUR_FOLDER_ID' => $folder_id, 'CUR_FOLDER_NAME' => $folder_status['folder_name'], 'NUM_NOT_MOVED' => $num_not_moved, - 'RELEASE_MESSAGE_INFO' => sprintf($user->lang['RELEASE_MESSAGES'], '<a href="' . $url . '&folder=' . $folder_id . '&release=1">', '</a>'), + 'RELEASE_MESSAGE_INFO' => sprintf($user->lang['RELEASE_MESSAGES'], '<a href="' . $this->u_action . '&folder=' . $folder_id . '&release=1">', '</a>'), 'NOT_MOVED_MESSAGES' => ($num_not_moved == 1) ? $user->lang['NOT_MOVED_MESSAGE'] : sprintf($user->lang['NOT_MOVED_MESSAGES'], $num_not_moved), 'S_FOLDER_OPTIONS' => $s_folder_options, 'S_TO_FOLDER_OPTIONS' => $s_to_folder_options, - 'S_FOLDER_ACTION' => "$url&action=view_folder", - 'S_PM_ACTION' => "$url&action=$action", + 'S_FOLDER_ACTION' => $this->u_action . '&action=view_folder', + 'S_PM_ACTION' => $this->u_action . '&action=' . $action, - 'U_INBOX' => "$url&folder=inbox", - 'U_OUTBOX' => "$url&folder=outbox", - 'U_SENTBOX' => "$url&folder=sentbox", - 'U_CREATE_FOLDER' => "$url&mode=options", + 'U_INBOX' => $this->u_action . '&folder=inbox', + 'U_OUTBOX' => $this->u_action . '&folder=outbox', + 'U_SENTBOX' => $this->u_action . '&folder=sentbox', + 'U_CREATE_FOLDER' => $this->u_action . '&mode=options', 'S_IN_INBOX' => ($folder_id == PRIVMSGS_INBOX) ? true : false, 'S_IN_OUTBOX' => ($folder_id == PRIVMSGS_OUTBOX) ? true : false, @@ -393,7 +395,7 @@ class ucp_pm $template->assign_vars(array( 'L_TITLE' => $user->lang['UCP_PM_' . strtoupper($mode)], - 'S_UCP_ACTION' => "{$phpbb_root_path}ucp.$phpEx$SID&i=$id&mode=$mode" . ((isset($action)) ? "&action=$action" : '')) + 'S_UCP_ACTION' => $this->u_action . ((isset($action)) ? "&action=$action" : '')) ); // Set desired template diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index 715a41b8cf..61e15a467e 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -15,7 +15,7 @@ function compose_pm($id, $mode, $action) { global $template, $db, $auth, $user; - global $phpbb_root_path, $phpEx, $config, $SID; + global $phpbb_root_path, $phpEx, $config; include($phpbb_root_path . 'includes/functions_posting.'.$phpEx); include($phpbb_root_path . 'includes/message_parser.'.$phpEx); @@ -60,9 +60,9 @@ function compose_pm($id, $mode, $action) { if ($msg_id) { - redirect("ucp.$phpEx$SID&i=pm&mode=view&action=view_message&p=$msg_id"); + redirect(append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&mode=view&action=view_message&p=' . $msg_id)); } - redirect("ucp.$phpEx$SID&i=pm"); + redirect(append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm')); } $sql = ''; @@ -253,7 +253,7 @@ function compose_pm($id, $mode, $action) $message_parser->message = ($action == 'reply') ? '' : $message_text; unset($message_text); - $s_action = "{$phpbb_root_path}ucp.$phpEx?sid={$user->session_id}&i=$id&mode=$mode&action=$action"; + $s_action = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=$id&mode=$mode&action=$action", true, $user->session_id); $s_action .= ($msg_id) ? "&p=$msg_id" : ''; // Delete triggered ? @@ -268,7 +268,7 @@ function compose_pm($id, $mode, $action) delete_pm($user->data['user_id'], $msg_id, $folder_id); // TODO - jump to next message in "history"? - $meta_info = "{$phpbb_root_path}ucp.$phpEx$SID&i=pm&folder=$folder_id"; + $meta_info = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&folder=$folder_id"); $message = $user->lang['MESSAGE_DELETED']; meta_refresh(3, $meta_info); @@ -283,7 +283,7 @@ function compose_pm($id, $mode, $action) 'action'=> 'delete' ); - // "{$phpbb_root_path}ucp.$phpEx$SID&i=pm&mode=compose" + // "{$phpbb_root_path}ucp.$phpEx?i=pm&mode=compose" confirm_box(false, 'DELETE_MESSAGE', build_hidden_fields($s_hidden_fields)); } } @@ -372,9 +372,10 @@ function compose_pm($id, $mode, $action) 'draft_message' => $message)); $db->sql_query($sql); - meta_refresh(3, "ucp.$phpEx$SID&i=pm&mode=$mode"); + $redirect_url = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&mode=$mode"); - $message = $user->lang['DRAFT_SAVED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], "<a href=\"ucp.$phpEx$SID&i=pm&mode=$mode\">", '</a>'); + meta_refresh(3, $redirect_url); + $message = $user->lang['DRAFT_SAVED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $redirect_url . '">', '</a>'); trigger_error($message); } @@ -519,8 +520,8 @@ function compose_pm($id, $mode, $action) // ((!$message_subject) ? $subject : $message_subject) $msg_id = submit_pm($action, $subject, $pm_data, true); - $return_message_url = "{$phpbb_root_path}ucp.$phpEx$SID&i=pm&mode=view&p=" . $msg_id; - $return_folder_url = "{$phpbb_root_path}ucp.$phpEx$SID&i=pm&folder=outbox"; + $return_message_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&mode=view&p=' . $msg_id); + $return_folder_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&folder=outbox'); meta_refresh(3, $return_message_url); $message = $user->lang['MESSAGE_STORED'] . '<br /><br />' . sprintf($user->lang['VIEW_MESSAGE'], '<a href="' . $return_message_url . '">', '</a>') . '<br /><br />' . sprintf($user->lang['CLICK_RETURN_FOLDER'], '<a href="' . $return_folder_url . '">', '</a>', $user->lang['PM_OUTBOX']); @@ -617,7 +618,7 @@ function compose_pm($id, $mode, $action) $forward_text[] = sprintf($user->lang['FWD_FROM'], $quote_username); $forward_text[] = sprintf($user->lang['FWD_TO'], implode(', ', $fwd_to_field['to'])); - $message_parser->message = implode("\n", $forward_text) . "\n\n[quote=\"[url=" . generate_board_url() . "/memberlist.$phpEx$SID&mode=viewprofile&u={$post['author_id']}]{$quote_username}[/url]\"]\n" . censor_text(trim($message_parser->message)) . "\n[/quote]"; + $message_parser->message = implode("\n", $forward_text) . "\n\n[quote=\"[url=" . generate_board_url() . "/memberlist.$phpEx?mode=viewprofile&u={$post['author_id']}]{$quote_username}[/url]\"]\n" . censor_text(trim($message_parser->message)) . "\n[/quote]"; $message_subject = ((!preg_match('/^Fwd:/', $message_subject)) ? 'Fwd: ' : '') . censor_text($message_subject); } @@ -705,7 +706,7 @@ function compose_pm($id, $mode, $action) 'IS_USER' => ($type == 'u'), 'COLOUR' => (${$type}[$id]['colour']) ? ${$type}[$id]['colour'] : '', 'UG_ID' => $id, - 'U_VIEW' => ($type == 'u') ? "{$phpbb_root_path}memberlist.$phpEx$SID&mode=viewprofile&u=" . $id : "{$phpbb_root_path}memberlist.$phpEx$SID&mode=group&g=" . $id, + 'U_VIEW' => ($type == 'u') ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $id) : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=group&g=' . $id), 'TYPE' => $type) ); } @@ -771,7 +772,7 @@ function compose_pm($id, $mode, $action) 'SUBJECT' => (isset($message_subject)) ? $message_subject : '', 'MESSAGE' => $message_text, - 'BBCODE_STATUS' => ($bbcode_status) ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . "faq.$phpEx$SID&mode=bbcode" . '" onclick="target=\'_phpbbcode\';">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . "faq.$phpEx$SID&mode=bbcode" . '" onclick="target=\'_phpbbcode\';">', '</a>'), + 'BBCODE_STATUS' => ($bbcode_status) ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '" onclick="target=\'_phpbbcode\';">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '" onclick="target=\'_phpbbcode\';">', '</a>'), 'IMG_STATUS' => ($img_status) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'], 'FLASH_STATUS' => ($flash_status) ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'], 'SMILIES_STATUS' => ($smilies_status) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'], @@ -800,8 +801,8 @@ function compose_pm($id, $mode, $action) 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_CLOSE_PROGRESS_WINDOW' => isset($_POST['add_file']), - 'U_PROGRESS_BAR' => "{$phpbb_root_path}posting.$phpEx$SID&f=0&mode=popup", - 'UA_PROGRESS_BAR' => "{$phpbb_root_path}posting.$phpEx$SID&f=0&mode=popup", + 'U_PROGRESS_BAR' => append_sid("{$phpbb_root_path}posting.$phpEx", 'f=0&mode=popup'), + 'UA_PROGRESS_BAR' => append_sid("{$phpbb_root_path}posting.$phpEx", 'f=0&mode=popup', false), ) ); diff --git a/phpBB/includes/ucp/ucp_pm_options.php b/phpBB/includes/ucp/ucp_pm_options.php index d4399b5b63..6b6542f498 100644 --- a/phpBB/includes/ucp/ucp_pm_options.php +++ b/phpBB/includes/ucp/ucp_pm_options.php @@ -13,9 +13,9 @@ */ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_conditions) { - global $phpbb_root_path, $phpEx, $SID, $user, $template, $auth, $config, $db; + global $phpbb_root_path, $phpEx, $user, $template, $auth, $config, $db; - $redirect_url = "{$phpbb_root_path}ucp.$phpEx$SID&i=pm&mode=options"; + $redirect_url = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&mode=options"); // Change "full folder" setting - what to do if folder is full if (isset($_POST['fullfolder'])) @@ -220,7 +220,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit $user->data['user_full_folder'] = PRIVMSGS_INBOX; } - $meta_info = "{$phpbb_root_path}ucp.$phpEx$SID&i=pm&mode=$mode"; + $meta_info = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&mode=$mode"); $message = $user->lang['FOLDER_REMOVED']; meta_refresh(3, $meta_info); @@ -299,7 +299,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit if (!$delete_id) { - redirect("ucp.$phpEx$SID&i=pm&mode=$mode"); + redirect(append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&mode=' . $mode)); } // Do we need to confirm? @@ -310,7 +310,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit AND rule_id = $delete_id"; $db->sql_query($sql); - $meta_info = "{$phpbb_root_path}ucp.$phpEx$SID&i=pm&mode=$mode"; + $meta_info = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&mode=' . $mode); $message = $user->lang['RULE_DELETED']; // Reset user_message_rules if no more assigned @@ -421,7 +421,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit 'DEFAULT_ACTION' => ($config['full_folder_action'] == 1) ? $user->lang['DELETE_OLDEST_MESSAGES'] : $user->lang['HOLD_NEW_MESSAGES'], - 'U_FIND_USERNAME' => "{$phpbb_root_path}memberlist.$phpEx$SID&mode=searchuser&form=ucp&field=rule_string") + 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=ucp&field=rule_string')) ); $rule_lang = $action_lang = $check_lang = array(); diff --git a/phpBB/includes/ucp/ucp_pm_viewfolder.php b/phpBB/includes/ucp/ucp_pm_viewfolder.php index e088104828..b3421a203d 100644 --- a/phpBB/includes/ucp/ucp_pm_viewfolder.php +++ b/phpBB/includes/ucp/ucp_pm_viewfolder.php @@ -15,11 +15,11 @@ function view_folder($id, $mode, $folder_id, $folder) { global $user, $template, $auth, $db, $cache; - global $phpbb_root_path, $config, $phpEx, $SID; + global $phpbb_root_path, $config, $phpEx; $submit_export = (isset($_POST['submit_export'])) ? true : false; - $folder_info = get_pm_from($folder_id, $folder, $user->data['user_id'], "{$phpbb_root_path}ucp.$phpEx$SID"); + $folder_info = get_pm_from($folder_id, $folder, $user->data['user_id']); if (!$submit_export) { @@ -148,15 +148,13 @@ function view_folder($id, $mode, $folder_id, $folder) { foreach ($id_ary as $ug_id => $_id) { - $address_list[$message_id][] = (($type == 'u') ? "<a href=\"{$phpbb_root_path}memberlist.$phpEx$SID&mode=viewprofile&u=$ug_id\">" : "<a href=\"{$phpbb_root_path}memberlist.$phpEx$SID&mode=group&g=$ug_id\">") . (($recipient_list[$type][$ug_id]['colour']) ? '<span style="color:#' . $recipient_list[$type][$ug_id]['colour'] . '">' : '<span>') . $recipient_list[$type][$ug_id]['name'] . '</span></a>'; + $address_list[$message_id][] = (($type == 'u') ? '<a href="' . append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $ug_id) . '">' : '<a href="' . append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=group&g=' . $ug_id) . '">') . (($recipient_list[$type][$ug_id]['colour']) ? '<span style="color:#' . $recipient_list[$type][$ug_id]['colour'] . '">' : '<span>') . $recipient_list[$type][$ug_id]['name'] . '</span></a>'; } } } unset($recipient_list, $address); } - $url = "{$phpbb_root_path}ucp.$phpEx$SID"; - $data = array(); foreach ($folder_info['pm_list'] as $message_id) @@ -167,9 +165,9 @@ function view_folder($id, $mode, $folder_id, $folder) $folder_alt = ($row['unread']) ? 'NEW_MESSAGES' : 'NO_NEW_MESSAGES'; // Generate all URIs ... - $message_author = "<a href=\"{$phpbb_root_path}memberlist.$phpEx$SID&mode=viewprofile&u=" . $row['author_id'] . '">' . $row['username'] . '</a>'; - $view_message_url = "$url&i=$id&mode=view&f=$folder_id&p=$message_id"; - $remove_message_url = "$url&i=$id&mode=compose&action=delete&p=$message_id"; + $message_author = '<a href="' . append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['author_id']) . '">' . $row['username'] . '</a>'; + $view_message_url = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=$id&mode=view&f=$folder_id&p=$message_id"); + $remove_message_url = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=$id&mode=compose&action=delete&p=$message_id"); $row_indicator = ''; foreach ($color_rows as $var) @@ -193,7 +191,7 @@ function view_folder($id, $mode, $folder_id, $folder) 'SENT_TIME' => $user->format_date($row['message_time']), 'SUBJECT' => censor_text($row['message_subject']), 'FOLDER' => (isset($folder[$row['folder_id']])) ? $folder[$row['folder_id']]['folder_name'] : '', - 'U_FOLDER' => (isset($folder[$row['folder_id']])) ? "$url&folder=" . $row['folder_id'] : '', + 'U_FOLDER' => (isset($folder[$row['folder_id']])) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'folder=' . $row['folder_id']) : '', 'PM_ICON_IMG' => (!empty($icons[$row['icon_id']])) ? '<img src="' . $config['icons_path'] . '/' . $icons[$row['icon_id']]['img'] . '" width="' . $icons[$row['icon_id']]['width'] . '" height="' . $icons[$row['icon_id']]['height'] . '" alt="" title="" />' : '', 'FOLDER_IMG' => $user->img($folder_img, $folder_alt), 'PM_IMG' => ($row_indicator) ? $user->img('pm_' . $row_indicator, '') : '', @@ -381,9 +379,9 @@ function view_folder($id, $mode, $folder_id, $folder) /** * Get Messages from folder/user */ -function get_pm_from($folder_id, $folder, $user_id, $url) +function get_pm_from($folder_id, $folder, $user_id) { - global $user, $db, $template, $config, $auth, $_POST; + global $user, $db, $template, $config, $auth, $phpbb_root_path, $phpEx; $start = request_var('start', 0); @@ -434,7 +432,7 @@ function get_pm_from($folder_id, $folder, $user_id, $url) } $template->assign_vars(array( - 'PAGINATION' => generate_pagination("$url&i=pm&mode=view&action=view_folder&f=$folder_id&$u_sort_param", $pm_count, $config['topics_per_page'], $start), + 'PAGINATION' => generate_pagination(append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&mode=view&action=view_folder&f=$folder_id&$u_sort_param"), $pm_count, $config['topics_per_page'], $start), 'PAGE_NUMBER' => on_page($pm_count, $config['topics_per_page'], $start), 'TOTAL_MESSAGES'=> (($pm_count == 1) ? $user->lang['VIEW_PM_MESSAGE'] : sprintf($user->lang['VIEW_PM_MESSAGES'], $pm_count)), @@ -447,8 +445,8 @@ function get_pm_from($folder_id, $folder, $user_id, $url) 'S_SELECT_SORT_DAYS' => $s_limit_days, 'S_TOPIC_ICONS' => ($config['enable_pm_icons']) ? true : false, - 'U_POST_NEW_TOPIC' => ($auth->acl_get('u_sendpm')) ? "$url&i=pm&mode=compose" : '', - 'S_PM_ACTION' => "$url&i=pm&mode=view&action=view_folder&f=$folder_id") + 'U_POST_NEW_TOPIC' => ($auth->acl_get('u_sendpm')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&mode=compose') : '', + 'S_PM_ACTION' => append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&mode=view&action=view_folder&f=$folder_id")) ); // Grab all pm data diff --git a/phpBB/includes/ucp/ucp_pm_viewmessage.php b/phpBB/includes/ucp/ucp_pm_viewmessage.php index 351e0646a1..aa32899e28 100644 --- a/phpBB/includes/ucp/ucp_pm_viewmessage.php +++ b/phpBB/includes/ucp/ucp_pm_viewmessage.php @@ -14,7 +14,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) { global $user, $template, $auth, $db, $cache; - global $phpbb_root_path, $phpEx, $SID, $config; + global $phpbb_root_path, $phpEx, $config; $user->add_lang(array('viewtopic', 'memberlist')); @@ -159,7 +159,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) $signature = str_replace("\n", '<br />', censor_text($signature)); } - $url = "{$phpbb_root_path}ucp.$phpEx$SID&i=pm"; + $url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm'); $template->assign_vars(array( 'AUTHOR_NAME' => ($user_info['user_colour']) ? '<span style="color:#' . $user_info['user_colour'] . '">' . $user_info['username'] . '</span>' : $user_info['username'], @@ -187,9 +187,9 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) 'SIGNATURE' => ($message_row['enable_sig']) ? $signature : '', 'EDITED_MESSAGE' => $l_edited_by, - 'U_INFO' => ($auth->acl_get('m_info') && $message_row['forwarded']) ? "{$phpbb_root_path}mcp.$phpEx$SID&mode=pm_details&p=" . $message_row['msg_id'] : '', + 'U_INFO' => ($auth->acl_get('m_info') && $message_row['forwarded']) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'mode=pm_details&p=' . $message_row['msg_id'], true, $user->session_id) : '', 'U_DELETE' => ($auth->acl_get('u_pm_delete')) ? "$url&mode=compose&action=delete&f=$folder_id&p=" . $message_row['msg_id'] : '', - 'U_AUTHOR_PROFILE' => "{$phpbb_root_path}memberlist.$phpEx$SID&mode=viewprofile&u=" . $author_id, + 'U_AUTHOR_PROFILE' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $author_id), 'U_EMAIL' => $user_info['email'], 'U_QUOTE' => ($auth->acl_get('u_sendpm')) ? "$url&mode=compose&action=quote&f=$folder_id&p=" . $message_row['msg_id'] : '', 'U_EDIT' => (($message_row['message_time'] > time() - $config['pm_edit_time'] || !$config['pm_edit_time']) && $folder_id == PRIVMSGS_OUTBOX && $auth->acl_get('u_pm_edit')) ? "$url&mode=compose&action=edit&f=$folder_id&p=" . $message_row['msg_id'] : '', @@ -235,7 +235,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) */ function message_history($msg_id, $user_id, $message_row, $folder) { - global $db, $user, $config, $template, $phpbb_root_path, $phpEx, $SID, $auth, $bbcode; + global $db, $user, $config, $template, $phpbb_root_path, $phpEx, $auth, $bbcode; // Get History Messages (could be newer) $sql = 'SELECT t.*, p.*, u.* @@ -266,7 +266,7 @@ function message_history($msg_id, $user_id, $message_row, $folder) $rowset = array(); $bbcode_bitfield = 0; - $folder_url = "{$phpbb_root_path}ucp.$phpEx$SID&i=pm&folder="; + $folder_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm') . '&folder='; $title = ($sort_dir == 'd') ? $row['message_subject'] : ''; do @@ -307,7 +307,7 @@ function message_history($msg_id, $user_id, $message_row, $folder) $title = censor_text($title); - $url = "{$phpbb_root_path}ucp.$phpEx$SID&i=pm"; + $url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm'); $next_history_pm = $previous_history_pm = $prev_id = 0; foreach ($rowset as $id => $row) @@ -347,7 +347,7 @@ function message_history($msg_id, $user_id, $message_row, $folder) 'U_MSG_ID' => $row['msg_id'], 'U_VIEW_MESSAGE' => "$url&f=$folder_id&p=" . $row['msg_id'], - 'U_AUTHOR_PROFILE' => "{$phpbb_root_path}memberlist.$phpEx$SID&mode=viewprofile&u=$author_id", + 'U_AUTHOR_PROFILE' => append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=viewprofile&u=$author_id"), 'U_QUOTE' => ($auth->acl_get('u_sendpm') && $author_id != $user->data['user_id']) ? "$url&mode=compose&action=quote&f=" . $folder_id . "&p=" . $row['msg_id'] : '', 'U_POST_REPLY_PM' => ($author_id != $user->data['user_id'] && $auth->acl_get('u_sendpm')) ? "$url&mode=compose&action=reply&f=$folder_id&p=" . $row['msg_id'] : '') ); @@ -372,7 +372,7 @@ function message_history($msg_id, $user_id, $message_row, $folder) function get_user_informations($user_id, $user_row) { global $db, $auth, $user, $cache; - global $phpbb_root_path, $phpEx, $SID, $config; + global $phpbb_root_path, $phpEx, $config; if (!$user_id) { @@ -455,7 +455,7 @@ function get_user_informations($user_id, $user_row) if (!empty($user_row['user_allow_viewemail']) || $auth->acl_get('a_email')) { - $user_row['email'] = ($config['board_email_form'] && $config['email_enable']) ? "{$phpbb_root_path}memberlist.$phpEx$SID&mode=email&u=$user_id" : (($config['board_hide_emails'] && !$auth->acl_get('a_email')) ? '' : 'mailto:' . $user_row['user_email']); + $user_row['email'] = ($config['board_email_form'] && $config['email_enable']) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=email&u=$user_id") : (($config['board_hide_emails'] && !$auth->acl_get('a_email')) ? '' : 'mailto:' . $user_row['user_email']); } else { diff --git a/phpBB/includes/ucp/ucp_prefs.php b/phpBB/includes/ucp/ucp_prefs.php index ba867481f8..9882d9c223 100644 --- a/phpBB/includes/ucp/ucp_prefs.php +++ b/phpBB/includes/ucp/ucp_prefs.php @@ -15,9 +15,11 @@ */ class ucp_prefs { + var $u_action; + function main($id, $mode) { - global $config, $db, $user, $auth, $SID, $template, $phpbb_root_path, $phpEx; + global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx; $submit = (isset($_POST['submit'])) ? true : false; $error = $data = array(); @@ -84,8 +86,8 @@ class ucp_prefs WHERE user_id = ' . $user->data['user_id']; $db->sql_query($sql); - meta_refresh(3, "ucp.$phpEx$SID&i=$id&mode=$mode"); - $message = $user->lang['PREFERENCES_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], "<a href=\"ucp.$phpEx$SID&i=$id&mode=$mode\">", '</a>'); + meta_refresh(3, $this->u_action); + $message = $user->lang['PREFERENCES_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); trigger_error($message); } @@ -240,8 +242,8 @@ class ucp_prefs WHERE user_id = ' . $user->data['user_id']; $db->sql_query($sql); - meta_refresh(3, "ucp.$phpEx$SID&i=$id&mode=$mode"); - $message = $user->lang['PREFERENCES_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], "<a href=\"ucp.$phpEx$SID&i=$id&mode=$mode\">", '</a>'); + meta_refresh(3, $this->u_action); + $message = $user->lang['PREFERENCES_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); trigger_error($message); } @@ -379,8 +381,8 @@ class ucp_prefs WHERE user_id = ' . $user->data['user_id']; $db->sql_query($sql); - meta_refresh(3, "ucp.$phpEx$SID&i=$id&mode=$mode"); - $message = $user->lang['PREFERENCES_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], "<a href=\"ucp.$phpEx$SID&i=$id&mode=$mode\">", '</a>'); + meta_refresh(3, $this->u_action); + $message = $user->lang['PREFERENCES_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); trigger_error($message); } @@ -420,7 +422,7 @@ class ucp_prefs 'L_TITLE' => $user->lang['UCP_PREFS_' . strtoupper($mode)], 'S_HIDDEN_FIELDS' => $s_hidden_fields, - 'S_UCP_ACTION' => "ucp.$phpEx$SID&i=$id&mode=$mode") + 'S_UCP_ACTION' => $this->u_action) ); $this->tpl_name = 'ucp_prefs_' . $mode; diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php index e50ed67037..1087d2f575 100644 --- a/phpBB/includes/ucp/ucp_profile.php +++ b/phpBB/includes/ucp/ucp_profile.php @@ -15,9 +15,11 @@ */ class ucp_profile { + var $u_action; + function main($id, $mode) { - global $config, $db, $user, $auth, $SID, $template, $phpbb_root_path, $phpEx; + global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx; $user->add_lang('posting'); @@ -195,8 +197,8 @@ class ucp_profile user_update_name($user->data['username'], $username); } - meta_refresh(3, "ucp.$phpEx$SID&i=$id&mode=$mode"); - $message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], "<a href=\"ucp.$phpEx$SID&i=$id&mode=$mode\">", '</a>'); + meta_refresh(3, $this->u_action); + $message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); trigger_error($message); } @@ -329,8 +331,8 @@ class ucp_profile } } - meta_refresh(3, "ucp.$phpEx$SID&i=$id&mode=$mode"); - $message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], "<a href=\"ucp.$phpEx$SID&i=$id&mode=$mode\">", '</a>'); + meta_refresh(3, $this->u_action); + $message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); trigger_error($message); } @@ -437,7 +439,7 @@ class ucp_profile WHERE user_id = ' . $user->data['user_id']; $db->sql_query($sql); - $message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], "<a href=\"ucp.$phpEx$SID&i=$id&mode=$mode\">", '</a>'); + $message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); trigger_error($message); } } @@ -465,7 +467,7 @@ class ucp_profile 'S_SMILIES_CHECKED' => (!$enable_smilies) ? 'checked="checked"' : '', 'S_MAGIC_URL_CHECKED' => (!$enable_urls) ? 'checked="checked"' : '', - 'BBCODE_STATUS' => ($config['allow_sig_bbcode']) ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . "faq.$phpEx$SID&mode=bbcode" . '" onclick="target=\'_phpbbcode\';">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . "faq.$phpEx$SID&mode=bbcode" . '" onclick="target=\'_phpbbcode\';">', '</a>'), + 'BBCODE_STATUS' => ($config['allow_sig_bbcode']) ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '" onclick="target=\'_phpbbcode\';">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '" onclick="target=\'_phpbbcode\';">', '</a>'), 'SMILIES_STATUS' => ($config['allow_sig_smilies']) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'], 'IMG_STATUS' => ($config['allow_sig_img']) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'], 'FLASH_STATUS' => ($config['allow_sig_flash']) ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'], @@ -595,8 +597,8 @@ class ucp_profile } } - meta_refresh(3, "{$phpbb_root_path}ucp.$phpEx$SID&i=$id&mode=$mode"); - $message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], "<a href=\"{$phpbb_root_path}ucp.$phpEx$SID&i=$id&mode=$mode\">", '</a>'); + meta_refresh(3, $this->u_action); + $message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); trigger_error($message); } @@ -663,7 +665,7 @@ class ucp_profile 'L_TITLE' => $user->lang['UCP_PROFILE_' . strtoupper($mode)], 'S_HIDDEN_FIELDS' => $s_hidden_fields, - 'S_UCP_ACTION' => "ucp.$phpEx$SID&i=$id&mode=$mode") + 'S_UCP_ACTION' => $this->u_action) ); // Set desired template diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php index e13983a761..99eed58884 100644 --- a/phpBB/includes/ucp/ucp_register.php +++ b/phpBB/includes/ucp/ucp_register.php @@ -15,9 +15,11 @@ */ class ucp_register { + var $u_action; + function main($id, $mode) { - global $config, $db, $user, $auth, $SID, $template, $phpbb_root_path, $phpEx; + global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx; // if ($config['require_activation'] == USER_ACTIVATION_DISABLE) @@ -60,11 +62,11 @@ class ucp_register 'L_COPPA_NO' => sprintf($user->lang['UCP_COPPA_BEFORE'], $coppa_birthday), 'L_COPPA_YES' => sprintf($user->lang['UCP_COPPA_ON_AFTER'], $coppa_birthday), - 'U_COPPA_NO' => "{$phpbb_root_path}ucp.$phpEx$SID&mode=register&coppa=0", - 'U_COPPA_YES' => "{$phpbb_root_path}ucp.$phpEx$SID&mode=register&coppa=1", + 'U_COPPA_NO' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register&coppa=0'), + 'U_COPPA_YES' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register&coppa=1'), 'S_SHOW_COPPA' => true, - 'S_REGISTER_ACTION' => "{$phpbb_root_path}ucp.$phpEx$SID&mode=register") + 'S_REGISTER_ACTION' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register')) ); } else @@ -74,7 +76,7 @@ class ucp_register 'S_SHOW_COPPA' => false, 'S_REGISTRATION' => true, - 'S_REGISTER_ACTION' => "{$phpbb_root_path}ucp.$phpEx$SID&mode=register") + 'S_REGISTER_ACTION' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register')) ); } @@ -232,7 +234,7 @@ class ucp_register } // Begin transaction ... should this screw up we can rollback - $db->sql_transaction(); + $db->sql_transaction('begin'); $sql_ary = array( 'username' => $username, @@ -404,7 +406,7 @@ class ucp_register } unset($data); - $message = $message . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], "<a href=\"index.$phpEx$SID\">", '</a>'); + $message = $message . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>'); trigger_error($message); } } @@ -468,7 +470,7 @@ class ucp_register $db->sql_query($sql); } - $confirm_image = '<img src="' . $phpbb_root_path . 'ucp.' . $phpEx . $SID . '&mode=confirm&id=' . $confirm_id . '&type=' . CONFIRM_REG . '" alt="" title="" />'; + $confirm_image = '<img src="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=confirm&id=' . $confirm_id . '&type=' . CONFIRM_REG) . '" alt="" title="" />'; $s_hidden_fields .= '<input type="hidden" name="confirm_id" value="' . $confirm_id . '" />'; } @@ -510,7 +512,7 @@ class ucp_register 'S_CONFIRM_CODE' => ($config['enable_confirm']) ? true : false, 'S_COPPA' => $coppa, 'S_HIDDEN_FIELDS' => $s_hidden_fields, - 'S_UCP_ACTION' => "{$phpbb_root_path}ucp.$phpEx$SID&mode=register") + 'S_UCP_ACTION' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register')) ); // diff --git a/phpBB/includes/ucp/ucp_remind.php b/phpBB/includes/ucp/ucp_remind.php index a0976da443..018c7b7105 100644 --- a/phpBB/includes/ucp/ucp_remind.php +++ b/phpBB/includes/ucp/ucp_remind.php @@ -15,9 +15,11 @@ */ class ucp_remind { + var $u_action; + function main($id, $mode) { - global $config, $db, $user, $auth, $SID, $template, $phpbb_root_path, $phpEx; + global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx; $submit = (isset($_POST['submit'])) ? true : false; @@ -80,9 +82,9 @@ class ucp_remind $messenger->save_queue(); - meta_refresh(3, "index.$phpEx$SID"); + meta_refresh(3, append_sid("{$phpbb_root_path}index.$phpEx")); - $message = $user->lang['PASSWORD_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . "index.$phpEx$SID" . '">', '</a>'); + $message = $user->lang['PASSWORD_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>'); trigger_error($message); } else diff --git a/phpBB/includes/ucp/ucp_resend.php b/phpBB/includes/ucp/ucp_resend.php index 96278fd35a..a18eb14e0d 100644 --- a/phpBB/includes/ucp/ucp_resend.php +++ b/phpBB/includes/ucp/ucp_resend.php @@ -15,9 +15,11 @@ */ class ucp_resend { + var $u_action; + function main($id, $mode) { - global $config, $db, $user, $auth, $SID, $template, $phpbb_root_path, $phpEx; + global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx; $submit = (isset($_POST['submit'])) ? true : false; @@ -130,9 +132,9 @@ class ucp_resend $db->sql_freeresult($result); } - meta_refresh(3, "index.$phpEx$SID"); + meta_refresh(3, append_sid("{$phpbb_root_path}index.$phpEx")); - $message = $user->lang['ACTIVATION_EMAIL_SENT'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . "index.$phpEx$SID" . '">', '</a>'); + $message = $user->lang['ACTIVATION_EMAIL_SENT'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>'); trigger_error($message); } else diff --git a/phpBB/includes/ucp/ucp_zebra.php b/phpBB/includes/ucp/ucp_zebra.php index c8b4e5b66d..60d8822a00 100644 --- a/phpBB/includes/ucp/ucp_zebra.php +++ b/phpBB/includes/ucp/ucp_zebra.php @@ -14,9 +14,11 @@ */ class ucp_zebra { + var $u_action; + function main($id, $mode) { - global $config, $db, $user, $auth, $SID, $template, $phpbb_root_path, $phpEx; + global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx; $submit = (isset($_POST['submit']) || isset($_GET['add'])) ? true : false; $s_hidden_fields = ''; @@ -171,8 +173,8 @@ class ucp_zebra if (!sizeof($error)) { - meta_refresh(3, "ucp.$phpEx$SID&i=$id&mode=$mode"); - $message = $user->lang[strtoupper($mode) . '_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], "<a href=\"ucp.$phpEx$SID&i=$id&mode=$mode\">", '</a>'); + meta_refresh(3, $this->u_action); + $message = $user->lang[strtoupper($mode) . '_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); trigger_error($message); } else @@ -200,11 +202,11 @@ class ucp_zebra $template->assign_vars(array( 'L_TITLE' => $user->lang['UCP_ZEBRA_' . strtoupper($mode)], - 'U_SEARCH_USER' => "{$phpbb_root_path}memberlist.$phpEx$SID&mode=searchuser&form=ucp&field=add", + 'U_SEARCH_USER' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=ucp&field=add'), 'S_USERNAME_OPTIONS' => $s_username_options, 'S_HIDDEN_FIELDS' => $s_hidden_fields, - 'S_UCP_ACTION' => "{$phpbb_root_path}ucp.$phpEx$SID&i=$id&mode=$mode") + 'S_UCP_ACTION' => $this->u_action) ); $this->tpl_name = 'ucp_zebra_' . $mode; |