diff options
Diffstat (limited to 'phpBB/includes/acp/acp_profile.php')
| -rw-r--r-- | phpBB/includes/acp/acp_profile.php | 255 |
1 files changed, 204 insertions, 51 deletions
diff --git a/phpBB/includes/acp/acp_profile.php b/phpBB/includes/acp/acp_profile.php index 97c1f62077..d89c200a1b 100644 --- a/phpBB/includes/acp/acp_profile.php +++ b/phpBB/includes/acp/acp_profile.php @@ -25,32 +25,46 @@ class acp_profile var $edit_lang_id; var $lang_defs; + + /** + * @var \phpbb\di\service_collection + */ protected $type_collection; function main($id, $mode) { - global $config, $db, $user, $auth, $template, $cache; - global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix; - global $request, $phpbb_container; + global $config, $db, $user, $template; + global $phpbb_root_path, $phpEx; + global $request, $phpbb_container, $phpbb_log, $phpbb_dispatcher; - include($phpbb_root_path . 'includes/functions_posting.' . $phpEx); - include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + if (!function_exists('generate_smilies')) + { + include($phpbb_root_path . 'includes/functions_posting.' . $phpEx); + } + + if (!function_exists('user_get_id_name')) + { + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + } $user->add_lang(array('ucp', 'acp/profile')); $this->tpl_name = 'acp_profile'; $this->page_title = 'ACP_CUSTOM_PROFILE_FIELDS'; $field_id = $request->variable('field_id', 0); - $action = (isset($_POST['create'])) ? 'create' : request_var('action', ''); + $action = (isset($_POST['create'])) ? 'create' : $request->variable('action', ''); $error = array(); - $s_hidden_fields = ''; + + $form_key = 'acp_profile'; + add_form_key($form_key); if (!$field_id && in_array($action, array('delete','activate', 'deactivate', 'move_up', 'move_down', 'edit'))) { trigger_error($user->lang['NO_FIELD_ID'] . adm_back_link($this->u_action), E_USER_WARNING); } + /* @var $cp \phpbb\profilefields\manager */ $cp = $phpbb_container->get('profilefields.manager'); $this->type_collection = $phpbb_container->get('profilefields.type_collection'); @@ -112,6 +126,7 @@ class acp_profile $db->sql_query('DELETE FROM ' . PROFILE_FIELDS_LANG_TABLE . " WHERE field_id = $field_id"); $db->sql_query('DELETE FROM ' . PROFILE_LANG_TABLE . " WHERE field_id = $field_id"); + /* @var $db_tools \phpbb\db\tools\tools_interface */ $db_tools = $phpbb_container->get('dbal.tools'); $db_tools->sql_column_remove(PROFILE_FIELDS_DATA_TABLE, 'pf_' . $field_ident); @@ -137,7 +152,7 @@ class acp_profile $db->sql_transaction('commit'); - add_log('admin', 'LOG_PROFILE_FIELD_REMOVED', $field_ident); + $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_PROFILE_FIELD_REMOVED', false, array($field_ident)); trigger_error($user->lang['REMOVED_PROFILE_FIELD'] . adm_back_link($this->u_action)); } else @@ -154,6 +169,11 @@ class acp_profile case 'activate': + if (!check_link_hash($request->variable('hash', ''), 'acp_profile')) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + $sql = 'SELECT lang_id FROM ' . LANG_TABLE . " WHERE lang_iso = '" . $db->sql_escape($config['default_lang']) . "'"; @@ -178,7 +198,7 @@ class acp_profile $field_ident = (string) $db->sql_fetchfield('field_ident'); $db->sql_freeresult($result); - add_log('admin', 'LOG_PROFILE_FIELD_ACTIVATE', $field_ident); + $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_PROFILE_FIELD_ACTIVATE', false, array($field_ident)); if ($request->is_ajax()) { @@ -194,6 +214,11 @@ class acp_profile case 'deactivate': + if (!check_link_hash($request->variable('hash', ''), 'acp_profile')) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + $sql = 'UPDATE ' . PROFILE_FIELDS_TABLE . " SET field_active = 0 WHERE field_id = $field_id"; @@ -214,7 +239,7 @@ class acp_profile )); } - add_log('admin', 'LOG_PROFILE_FIELD_DEACTIVATE', $field_ident); + $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_PROFILE_FIELD_DEACTIVATE', false, array($field_ident)); trigger_error($user->lang['PROFILE_FIELD_DEACTIVATED'] . adm_back_link($this->u_action)); @@ -223,6 +248,11 @@ class acp_profile case 'move_up': case 'move_down': + if (!check_link_hash($request->variable('hash', ''), 'acp_profile')) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + $sql = 'SELECT field_order FROM ' . PROFILE_FIELDS_TABLE . " WHERE field_id = $field_id"; @@ -255,7 +285,7 @@ class acp_profile case 'create': case 'edit': - $step = request_var('step', 1); + $step = $request->variable('step', 1); $submit = (isset($_REQUEST['next']) || isset($_REQUEST['prev'])) ? true : false; $save = (isset($_REQUEST['save'])) ? true : false; @@ -319,7 +349,7 @@ class acp_profile // We are adding a new field, define basic params $lang_options = $field_row = array(); - $field_type = request_var('field_type', ''); + $field_type = $request->variable('field_type', ''); if (!isset($this->type_collection[$field_type])) { @@ -328,7 +358,7 @@ class acp_profile $profile_field = $this->type_collection[$field_type]; $field_row = array_merge($profile_field->get_default_option_values(), array( - 'field_ident' => str_replace(' ', '_', utf8_clean_string(request_var('field_ident', '', true))), + 'field_ident' => str_replace(' ', '_', utf8_clean_string($request->variable('field_ident', '', true))), 'field_required' => 0, 'field_show_novalue'=> 0, 'field_hide' => 0, @@ -341,7 +371,7 @@ class acp_profile 'field_is_contact' => 0, 'field_contact_desc'=> '', 'field_contact_url' => '', - 'lang_name' => utf8_normalize_nfc(request_var('field_ident', '', true)), + 'lang_name' => $request->variable('field_ident', '', true), 'lang_explain' => '', 'lang_default_value'=> '') ); @@ -369,9 +399,35 @@ class acp_profile 'field_is_contact', ); + /** + * Event to add initialization for new profile field table fields + * + * @event core.acp_profile_create_edit_init + * @var string action create|edit + * @var int step Configuration step (1|2|3) + * @var bool submit Form has been submitted + * @var bool save Configuration should be saved + * @var string field_type Type of the field we are dealing with + * @var array field_row Array of data about the field + * @var array exclude Array of excluded fields by step + * @var array visibility_ary Array of fields that are visibility related + * @since 3.1.6-RC1 + */ + $vars = array( + 'action', + 'step', + 'submit', + 'save', + 'field_type', + 'field_row', + 'exclude', + 'visibility_ary', + ); + extract($phpbb_dispatcher->trigger_event('core.acp_profile_create_edit_init', compact($vars))); + $options = $profile_field->prepare_options_form($exclude, $visibility_ary); - $cp->vars['field_ident'] = ($action == 'create' && $step == 1) ? utf8_clean_string(request_var('field_ident', $field_row['field_ident'], true)) : request_var('field_ident', $field_row['field_ident']); + $cp->vars['field_ident'] = ($action == 'create' && $step == 1) ? utf8_clean_string($request->variable('field_ident', $field_row['field_ident'], true)) : $request->variable('field_ident', $field_row['field_ident']); $cp->vars['lang_name'] = $request->variable('lang_name', $field_row['lang_name'], true); $cp->vars['lang_explain'] = $request->variable('lang_explain', $field_row['lang_explain'], true); $cp->vars['lang_default_value'] = $request->variable('lang_default_value', $field_row['lang_default_value'], true); @@ -390,7 +446,7 @@ class acp_profile { $exploded_options = (is_array($options)) ? $options : explode("\n", $options); - if (sizeof($exploded_options) == sizeof($lang_options) || $action == 'create') + if (count($exploded_options) == count($lang_options) || $action == 'create') { // The number of options in the field is equal to the number of options already in the database // Or we are creating a new dropdown list. @@ -410,7 +466,7 @@ class acp_profile // step 2 foreach ($exclude[2] as $key) { - $var = utf8_normalize_nfc(request_var($key, $field_row[$key], true)); + $var = $request->variable($key, $field_row[$key], true); $field_data = $cp->vars; $var = $profile_field->get_excluded_options($key, $action, $var, $field_data, 2); @@ -456,7 +512,7 @@ class acp_profile foreach ($exclude[3] as $key) { - $cp->vars[$key] = utf8_normalize_nfc(request_var($key, array(0 => ''), true)); + $cp->vars[$key] = $request->variable($key, array(0 => ''), true); if (!$cp->vars[$key] && $action == 'edit') { @@ -511,13 +567,14 @@ class acp_profile } } - $step = (isset($_REQUEST['next'])) ? $step + 1 : ((isset($_REQUEST['prev'])) ? $step - 1 : $step); - - if (sizeof($error)) + if (count($error)) { - $step--; $submit = false; } + else + { + $step = (isset($_REQUEST['next'])) ? $step + 1 : ((isset($_REQUEST['prev'])) ? $step - 1 : $step); + } // Build up the specific hidden fields foreach ($exclude as $num => $key_ary) @@ -535,7 +592,7 @@ class acp_profile $var = $profile_field->prepare_hidden_fields($step, $key, $action, $field_data); if ($var !== null) { - $_new_key_ary[$key] = $profile_field->prepare_hidden_fields($step, $key, $action, $field_data); + $_new_key_ary[$key] = $var; } } $cp->vars = $field_data; @@ -543,14 +600,15 @@ class acp_profile $s_hidden_fields .= build_hidden_fields($_new_key_ary); } - if (!sizeof($error)) + if (!count($error)) { - if ($step == 3 && (sizeof($this->lang_defs['iso']) == 1 || $save)) - { - $this->save_profile_field($cp, $field_type, $action); - } - else if ($action == 'edit' && $save) + if (($step == 3 && (count($this->lang_defs['iso']) == 1 || $save)) || ($action == 'edit' && $save)) { + if (!check_form_key($form_key)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + $this->save_profile_field($cp, $field_type, $action); } } @@ -558,7 +616,7 @@ class acp_profile $template->assign_vars(array( 'S_EDIT' => true, 'S_EDIT_MODE' => ($action == 'edit') ? true : false, - 'ERROR_MSG' => (sizeof($error)) ? implode('<br />', $error) : '', + 'ERROR_MSG' => (count($error)) ? implode('<br />', $error) : '', 'L_TITLE' => $user->lang['STEP_' . $step . '_TITLE_' . strtoupper($action)], 'L_EXPLAIN' => $user->lang['STEP_' . $step . '_EXPLAIN_' . strtoupper($action)], @@ -606,7 +664,7 @@ class acp_profile $template->assign_vars(array( 'S_STEP_TWO' => true, - 'L_NEXT_STEP' => (sizeof($this->lang_defs['iso']) == 1) ? $user->lang['SAVE'] : $user->lang['PROFILE_LANG_OPTIONS']) + 'L_NEXT_STEP' => (count($this->lang_defs['iso']) == 1) ? $user->lang['SAVE'] : $user->lang['PROFILE_LANG_OPTIONS']) ); // Build options based on profile type @@ -644,6 +702,33 @@ class acp_profile break; } + $field_data = $cp->vars; + /** + * Event to add template variables for new profile field table fields + * + * @event core.acp_profile_create_edit_after + * @var string action create|edit + * @var int step Configuration step (1|2|3) + * @var bool submit Form has been submitted + * @var bool save Configuration should be saved + * @var string field_type Type of the field we are dealing with + * @var array field_data Array of data about the field + * @var array s_hidden_fields Array of hidden fields in case this needs modification + * @var array options Array of options specific to this step + * @since 3.1.6-RC1 + */ + $vars = array( + 'action', + 'step', + 'submit', + 'save', + 'field_type', + 'field_data', + 's_hidden_fields', + 'options', + ); + extract($phpbb_dispatcher->trigger_event('core.acp_profile_create_edit_after', compact($vars))); + $template->assign_vars(array( 'S_HIDDEN_FIELDS' => $s_hidden_fields) ); @@ -653,6 +738,32 @@ class acp_profile break; } + $tpl_name = $this->tpl_name; + $page_title = $this->page_title; + $u_action = $this->u_action; + + /** + * Event to handle actions on the ACP profile fields page + * + * @event core.acp_profile_action + * @var string action Action that is being performed + * @var string tpl_name Template file to load + * @var string page_title Page title + * @var string u_action The URL we are at, read only + * @since 3.2.2-RC1 + */ + $vars = array( + 'action', + 'tpl_name', + 'page_title', + 'u_action', + ); + extract($phpbb_dispatcher->trigger_event('core.acp_profile_action', compact($vars))); + + $this->tpl_name = $tpl_name; + $this->page_title = $page_title; + unset($u_action); + $sql = 'SELECT * FROM ' . PROFILE_FIELDS_TABLE . ' ORDER BY field_order'; @@ -665,28 +776,51 @@ class acp_profile $active_value = (!$row['field_active']) ? 'activate' : 'deactivate'; $id = $row['field_id']; - $s_need_edit = (sizeof($this->lang_defs['diff'][$row['field_id']])) ? true : false; + $s_need_edit = (count($this->lang_defs['diff'][$row['field_id']])) ? true : false; if ($s_need_edit) { $s_one_need_edit = true; } + if (!isset($this->type_collection[$row['field_type']])) + { + continue; + } $profile_field = $this->type_collection[$row['field_type']]; - $template->assign_block_vars('fields', array( + + $field_block = array( 'FIELD_IDENT' => $row['field_ident'], 'FIELD_TYPE' => $profile_field->get_name(), 'L_ACTIVATE_DEACTIVATE' => $user->lang[$active_lang], - 'U_ACTIVATE_DEACTIVATE' => $this->u_action . "&action=$active_value&field_id=$id", + 'U_ACTIVATE_DEACTIVATE' => $this->u_action . "&action=$active_value&field_id=$id" . '&hash=' . generate_link_hash('acp_profile'), 'U_EDIT' => $this->u_action . "&action=edit&field_id=$id", 'U_TRANSLATE' => $this->u_action . "&action=edit&field_id=$id&step=3", 'U_DELETE' => $this->u_action . "&action=delete&field_id=$id", - 'U_MOVE_UP' => $this->u_action . "&action=move_up&field_id=$id", - 'U_MOVE_DOWN' => $this->u_action . "&action=move_down&field_id=$id", + 'U_MOVE_UP' => $this->u_action . "&action=move_up&field_id=$id" . '&hash=' . generate_link_hash('acp_profile'), + 'U_MOVE_DOWN' => $this->u_action . "&action=move_down&field_id=$id" . '&hash=' . generate_link_hash('acp_profile'), + + 'S_NEED_EDIT' => $s_need_edit, + ); - 'S_NEED_EDIT' => $s_need_edit) + /** + * Event to modify profile field data before it is assigned to the template + * + * @event core.acp_profile_modify_profile_row + * @var array row Array with data for the current profile field + * @var array field_block Template data that is being assigned to the 'fields' block + * @var object profile_field A profile field instance, implements \phpbb\profilefields\type\type_base + * @since 3.2.2-RC1 + */ + $vars = array( + 'row', + 'field_block', + 'profile_field', ); + extract($phpbb_dispatcher->trigger_event('core.acp_profile_modify_profile_row', compact($vars))); + + $template->assign_block_vars('fields', $field_block); } $db->sql_freeresult($result); @@ -713,7 +847,7 @@ class acp_profile */ function build_language_options(&$cp, $field_type, $action = 'create') { - global $user, $config, $db, $phpbb_container; + global $user, $config, $db, $request; $default_lang_id = (!empty($this->edit_lang_id)) ? $this->edit_lang_id : $this->lang_defs['iso'][$config['default_lang']]; @@ -754,7 +888,7 @@ class acp_profile $lang_options[$lang_id]['lang_iso'] = $lang_iso; foreach ($options as $field => $field_type) { - $value = ($action == 'create') ? utf8_normalize_nfc(request_var('l_' . $field, array(0 => ''), true)) : $cp->vars['l_' . $field]; + $value = ($action == 'create') ? $request->variable('l_' . $field, array(0 => ''), true) : $cp->vars['l_' . $field]; if ($field == 'lang_options') { $var = (!isset($cp->vars['l_lang_options'][$lang_id]) || !is_array($cp->vars['l_lang_options'][$lang_id])) ? $cp->vars['lang_options'] : $cp->vars['l_lang_options'][$lang_id]; @@ -810,9 +944,9 @@ class acp_profile */ function save_profile_field(&$cp, $field_type, $action = 'create') { - global $db, $config, $user, $phpbb_container; + global $db, $config, $user, $phpbb_container, $phpbb_log, $request, $phpbb_dispatcher; - $field_id = request_var('field_id', 0); + $field_id = $request->variable('field_id', 0); // Collect all information, if something is going wrong, abort the operation $profile_sql = $profile_lang = $empty_lang = $profile_lang_fields = array(); @@ -852,6 +986,25 @@ class acp_profile 'field_contact_url' => $cp->vars['field_contact_url'], ); + $field_data = $cp->vars; + /** + * Event to modify profile field configuration data before saving to database + * + * @event core.acp_profile_create_edit_save_before + * @var string action create|edit + * @var string field_type Type of the field we are dealing with + * @var array field_data Array of data about the field + * @var array profile_fields Array of fields to be sent to the database + * @since 3.1.6-RC1 + */ + $vars = array( + 'action', + 'field_type', + 'field_data', + 'profile_fields', + ); + extract($phpbb_dispatcher->trigger_event('core.acp_profile_create_edit_save_before', compact($vars))); + if ($action == 'create') { $profile_fields += array( @@ -880,7 +1033,7 @@ class acp_profile if ($action == 'create') { $field_ident = 'pf_' . $field_ident; - + /* @var $db_tools \phpbb\db\tools\tools_interface */ $db_tools = $phpbb_container->get('dbal.tools'); $db_tools->sql_column_add(PROFILE_FIELDS_DATA_TABLE, $field_ident, array($profile_field->get_database_column_type(), null)); } @@ -903,7 +1056,7 @@ class acp_profile $this->update_insert(PROFILE_LANG_TABLE, $sql_ary, array('field_id' => $field_id, 'lang_id' => $default_lang_id)); } - if (is_array($cp->vars['l_lang_name']) && sizeof($cp->vars['l_lang_name'])) + if (is_array($cp->vars['l_lang_name']) && count($cp->vars['l_lang_name'])) { foreach ($cp->vars['l_lang_name'] as $lang_id => $data) { @@ -979,7 +1132,7 @@ class acp_profile } } - if (is_array($cp->vars['l_lang_options']) && sizeof($cp->vars['l_lang_options'])) + if (is_array($cp->vars['l_lang_options']) && count($cp->vars['l_lang_options'])) { $empty_lang = array(); @@ -990,7 +1143,7 @@ class acp_profile $lang_ary = explode("\n", $lang_ary); } - if (sizeof($lang_ary) != sizeof($cp->vars['lang_options'])) + if (count($lang_ary) != count($cp->vars['lang_options'])) { $empty_lang[$lang_id] = true; } @@ -1042,7 +1195,7 @@ class acp_profile } } - if (sizeof($profile_lang_fields)) + if (count($profile_lang_fields)) { foreach ($profile_lang_fields as $sql) { @@ -1079,12 +1232,12 @@ class acp_profile if ($action == 'edit') { - add_log('admin', 'LOG_PROFILE_FIELD_EDIT', $cp->vars['field_ident'] . ':' . $cp->vars['lang_name']); + $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_PROFILE_FIELD_EDIT', false, array($cp->vars['field_ident'] . ':' . $cp->vars['lang_name'])); trigger_error($user->lang['CHANGED_PROFILE_FIELD'] . adm_back_link($this->u_action)); } else { - add_log('admin', 'LOG_PROFILE_FIELD_CREATE', substr($field_ident, 3) . ':' . $cp->vars['lang_name']); + $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_PROFILE_FIELD_CREATE', false, array(substr($field_ident, 3) . ':' . $cp->vars['lang_name'])); trigger_error($user->lang['ADDED_PROFILE_FIELD'] . adm_back_link($this->u_action)); } } @@ -1105,7 +1258,7 @@ class acp_profile $where_sql[] = $key . ' = ' . ((is_string($value)) ? "'" . $db->sql_escape($value) . "'" : (int) $value); } - if (!sizeof($where_sql)) + if (!count($where_sql)) { return; } @@ -1121,14 +1274,14 @@ class acp_profile { $sql_ary = array_merge($where_fields, $sql_ary); - if (sizeof($sql_ary)) + if (count($sql_ary)) { $db->sql_query("INSERT INTO $table " . $db->sql_build_array('INSERT', $sql_ary)); } } else { - if (sizeof($sql_ary)) + if (count($sql_ary)) { $sql = "UPDATE $table SET " . $db->sql_build_array('UPDATE', $sql_ary) . ' WHERE ' . implode(' AND ', $where_sql); |