aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes/acp
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes/acp')
-rw-r--r--phpBB/includes/acp/acp_attachments.php4
-rw-r--r--phpBB/includes/acp/acp_ban.php4
-rw-r--r--phpBB/includes/acp/acp_bots.php2
-rw-r--r--phpBB/includes/acp/acp_email.php12
-rw-r--r--phpBB/includes/acp/acp_groups.php143
-rw-r--r--phpBB/includes/acp/acp_language.php13
-rw-r--r--phpBB/includes/acp/acp_modules.php4
-rw-r--r--phpBB/includes/acp/acp_permission_roles.php4
-rw-r--r--phpBB/includes/acp/acp_profile.php26
-rw-r--r--phpBB/includes/acp/acp_ranks.php2
-rw-r--r--phpBB/includes/acp/acp_reasons.php4
-rw-r--r--phpBB/includes/acp/acp_styles.php4
-rw-r--r--phpBB/includes/acp/acp_users.php6
-rw-r--r--phpBB/includes/acp/acp_words.php4
-rw-r--r--phpBB/includes/acp/auth.php4
15 files changed, 119 insertions, 117 deletions
diff --git a/phpBB/includes/acp/acp_attachments.php b/phpBB/includes/acp/acp_attachments.php
index 0dccf96101..8c2e043602 100644
--- a/phpBB/includes/acp/acp_attachments.php
+++ b/phpBB/includes/acp/acp_attachments.php
@@ -403,7 +403,7 @@ class acp_attachments
$ext_row = array();
}
- $group_name = request_var('group_name', '');
+ $group_name = request_var('group_name', '', true);
$new_group_name = ($action == 'add') ? $group_name : (($ext_row['group_name'] != $group_name) ? $group_name : '');
if (!$group_name)
@@ -572,7 +572,7 @@ class acp_attachments
if ($action == 'add')
{
$ext_group_row = array(
- 'group_name' => request_var('group_name', ''),
+ 'group_name' => request_var('group_name', '', true),
'cat_id' => 0,
'allow_group' => 1,
'allow_in_pm' => 1,
diff --git a/phpBB/includes/acp/acp_ban.php b/phpBB/includes/acp/acp_ban.php
index f43732e603..e101d8514d 100644
--- a/phpBB/includes/acp/acp_ban.php
+++ b/phpBB/includes/acp/acp_ban.php
@@ -37,8 +37,8 @@ class acp_ban
$ban_len = request_var('banlength', 0);
$ban_len_other = request_var('banlengthother', '');
$ban_exclude = request_var('banexclude', 0);
- $ban_reason = request_var('banreason', '');
- $ban_give_reason = request_var('bangivereason', '');
+ $ban_reason = request_var('banreason', '', true);
+ $ban_give_reason = request_var('bangivereason', '', true);
user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reason, $ban_give_reason);
diff --git a/phpBB/includes/acp/acp_bots.php b/phpBB/includes/acp/acp_bots.php
index 720430481b..070ac75bea 100644
--- a/phpBB/includes/acp/acp_bots.php
+++ b/phpBB/includes/acp/acp_bots.php
@@ -112,7 +112,7 @@ class acp_bots
case 'edit':
case 'add':
$bot_row = array(
- 'bot_name' => request_var('bot_name', ''),
+ 'bot_name' => request_var('bot_name', '', true),
'bot_agent' => request_var('bot_agent', ''),
'bot_ip' => request_var('bot_ip', ''),
'bot_active' => request_var('bot_active', true),
diff --git a/phpBB/includes/acp/acp_email.php b/phpBB/includes/acp/acp_email.php
index 395e3ca9ee..1d3149c958 100644
--- a/phpBB/includes/acp/acp_email.php
+++ b/phpBB/includes/acp/acp_email.php
@@ -125,6 +125,7 @@ class acp_email
// Send the messages
include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
+ include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
$messenger = new messenger($use_queue);
$errored = false;
@@ -170,12 +171,7 @@ class acp_email
if ($group_id)
{
- $sql = 'SELECT group_name
- FROM ' . GROUPS_TABLE . "
- WHERE group_id = $group_id";
- $result = $db->sql_query($sql);
- $group_name = (string) $db->sql_fetchfield('group_name');
- $db->sql_freeresult($result);
+ $group_name = get_group_name($group_id);
}
else
{
@@ -218,8 +214,8 @@ class acp_email
'S_GROUP_OPTIONS' => $select_list,
'USERNAMES' => $usernames,
'U_FIND_USERNAME' => $phpbb_root_path . "memberlist.$phpEx$SID&mode=searchuser&form=acp_email&field=usernames",
- 'SUBJECT' => request_var('subject', ''),
- 'MESSAGE' => request_var('message', ''),
+ 'SUBJECT' => request_var('subject', '', true),
+ 'MESSAGE' => request_var('message', '', true),
'S_PRIORITY_OPTIONS' => $s_priority_options)
);
diff --git a/phpBB/includes/acp/acp_groups.php b/phpBB/includes/acp/acp_groups.php
index aad8997395..b5948115cc 100644
--- a/phpBB/includes/acp/acp_groups.php
+++ b/phpBB/includes/acp/acp_groups.php
@@ -315,77 +315,81 @@ class acp_groups
}
}
- // Only set the rank, colour, etc. if it's changed or if we're adding a new
- // group. This prevents existing group members being updated if no changes
- // were made.
-
- $group_attributes = array();
- $test_variables = array('rank', 'colour', 'avatar', 'avatar_type', 'avatar_width', 'avatar_height', 'receive_pm', 'legend', 'message_limit');
- foreach ($test_variables as $test)
+ if (!sizeof($error))
{
- if (isset($submit_ary[$test]) && ($action == 'add' || $group_row['group_' . $test] != $submit_ary[$test]))
+ // Only set the rank, colour, etc. if it's changed or if we're adding a new
+ // group. This prevents existing group members being updated if no changes
+ // were made.
+
+ $group_attributes = array();
+ $test_variables = array('rank', 'colour', 'avatar', 'avatar_type', 'avatar_width', 'avatar_height', 'receive_pm', 'legend', 'message_limit');
+ foreach ($test_variables as $test)
{
- $group_attributes['group_' . $test] = $group_row['group_' . $test] = $submit_ary[$test];
+ if (isset($submit_ary[$test]) && ($action == 'add' || $group_row['group_' . $test] != $submit_ary[$test]))
+ {
+ $group_attributes['group_' . $test] = $group_row['group_' . $test] = $submit_ary[$test];
+ }
}
- }
-
- if (!($error = group_create($group_id, $group_type, $group_name, $group_desc, $group_attributes, $allow_desc_bbcode, $allow_desc_urls, $allow_desc_smilies)))
- {
- $group_perm_from = request_var('group_perm_from', 0);
- // Copy permissions?
- if ($group_perm_from && $action == 'add')
+ if (!($error = group_create($group_id, $group_type, $group_name, $group_desc, $group_attributes, $allow_desc_bbcode, $allow_desc_urls, $allow_desc_smilies)))
{
- // From the mysql documentation:
- // Prior to MySQL 4.0.14, the target table of the INSERT statement cannot appear in the FROM clause of the SELECT part of the query. This limitation is lifted in 4.0.14.
- // Due to this we stay on the safe side if we do the insertion "the manual way"
-
- // Copy permisisons from/to the acl groups table (only group_id gets changed)
- $sql = 'SELECT forum_id, auth_option_id, auth_role_id, auth_setting
- FROM ' . ACL_GROUPS_TABLE . '
- WHERE group_id = ' . $group_perm_from;
- $result = $db->sql_query($sql);
-
- $groups_sql_ary = array();
- while ($row = $db->sql_fetchrow($result))
- {
- $groups_sql_ary[] = array(
- 'group_id' => (int) $group_id,
- 'forum_id' => (int) $row['forum_id'],
- 'auth_option_id' => (int) $row['auth_option_id'],
- 'auth_role_id' => (int) $row['auth_role_id'],
- 'auth_setting' => (int) $row['auth_setting']
- );
- }
- $db->sql_freeresult($result);
+ $group_perm_from = request_var('group_perm_from', 0);
- // Now insert the data
- if (sizeof($groups_sql_ary))
+ // Copy permissions?
+ if ($group_perm_from && $action == 'add')
{
- switch (SQL_LAYER)
+ // From the mysql documentation:
+ // Prior to MySQL 4.0.14, the target table of the INSERT statement cannot appear in the FROM clause of the SELECT part of the query. This limitation is lifted in 4.0.14.
+ // Due to this we stay on the safe side if we do the insertion "the manual way"
+
+ // Copy permisisons from/to the acl groups table (only group_id gets changed)
+ $sql = 'SELECT forum_id, auth_option_id, auth_role_id, auth_setting
+ FROM ' . ACL_GROUPS_TABLE . '
+ WHERE group_id = ' . $group_perm_from;
+ $result = $db->sql_query($sql);
+
+ $groups_sql_ary = array();
+ while ($row = $db->sql_fetchrow($result))
{
- case 'mysql':
- case 'mysql4':
- case 'mysqli':
- $db->sql_query('INSERT INTO ' . ACL_GROUPS_TABLE . ' ' . $db->sql_build_array('MULTI_INSERT', $groups_sql_ary));
- break;
-
- default:
- foreach ($groups_sql_ary as $ary)
- {
- $db->sql_query('INSERT INTO ' . ACL_GROUPS_TABLE . ' ' . $db->sql_build_array('INSERT', $ary));
- }
- break;
+ $groups_sql_ary[] = array(
+ 'group_id' => (int) $group_id,
+ 'forum_id' => (int) $row['forum_id'],
+ 'auth_option_id' => (int) $row['auth_option_id'],
+ 'auth_role_id' => (int) $row['auth_role_id'],
+ 'auth_setting' => (int) $row['auth_setting']
+ );
}
+ $db->sql_freeresult($result);
+
+ // Now insert the data
+ if (sizeof($groups_sql_ary))
+ {
+ switch (SQL_LAYER)
+ {
+ case 'mysql':
+ case 'mysql4':
+ case 'mysqli':
+ $db->sql_query('INSERT INTO ' . ACL_GROUPS_TABLE . ' ' . $db->sql_build_array('MULTI_INSERT', $groups_sql_ary));
+ break;
+
+ default:
+ foreach ($groups_sql_ary as $ary)
+ {
+ $db->sql_query('INSERT INTO ' . ACL_GROUPS_TABLE . ' ' . $db->sql_build_array('INSERT', $ary));
+ }
+ break;
+ }
+ }
+
+ $auth->acl_clear_prefetch();
}
- $auth->acl_clear_prefetch();
+ $message = ($action == 'edit') ? 'GROUP_UPDATED' : 'GROUP_CREATED';
+ trigger_error($user->lang[$message] . adm_back_link($this->u_action));
}
-
- $message = ($action == 'edit') ? 'GROUP_UPDATED' : 'GROUP_CREATED';
- trigger_error($user->lang[$message] . adm_back_link($this->u_action));
}
- else
+
+ if (sizeof($error))
{
$group_rank = $submit_ary['rank'];
@@ -605,20 +609,17 @@ class acp_groups
'U_FIND_USERNAME' => $phpbb_root_path . "memberlist.$phpEx$SID&mode=searchuser&form=list&field=usernames")
);
- if ($group_row['group_type'] != GROUP_SPECIAL)
+ foreach ($group_data['leader'] as $row)
{
- foreach ($group_data['leader'] as $row)
- {
- $template->assign_block_vars('leader', array(
- 'U_USER_EDIT' => $phpbb_admin_path . "index.$phpEx$SID&i=users&action=edit&u={$row['user_id']}",
-
- 'USERNAME' => $row['username'],
- 'S_GROUP_DEFAULT' => ($row['group_id'] == $group_id) ? true : false,
- 'JOINED' => ($row['user_regdate']) ? $user->format_date($row['user_regdate']) : ' - ',
- 'USER_POSTS' => $row['user_posts'],
- 'USER_ID' => $row['user_id'])
- );
- }
+ $template->assign_block_vars('leader', array(
+ 'U_USER_EDIT' => $phpbb_admin_path . "index.$phpEx$SID&i=users&action=edit&u={$row['user_id']}",
+
+ 'USERNAME' => $row['username'],
+ 'S_GROUP_DEFAULT' => ($row['group_id'] == $group_id) ? true : false,
+ 'JOINED' => ($row['user_regdate']) ? $user->format_date($row['user_regdate']) : ' - ',
+ 'USER_POSTS' => $row['user_posts'],
+ 'USER_ID' => $row['user_id'])
+ );
}
$pending = false;
diff --git a/phpBB/includes/acp/acp_language.php b/phpBB/includes/acp/acp_language.php
index 19ac78b301..751ce81bef 100644
--- a/phpBB/includes/acp/acp_language.php
+++ b/phpBB/includes/acp/acp_language.php
@@ -138,7 +138,7 @@ class acp_language
'DATA' => $data,
'NAME' => $user->lang[strtoupper($method . '_' . $data)],
'EXPLAIN' => $user->lang[strtoupper($method . '_' . $data) . '_EXPLAIN'],
- 'DEFAULT' => $_REQUEST[$data] ? request_var($data, '') : $default
+ 'DEFAULT' => (!empty($_REQUEST[$data])) ? request_var($data, '') : $default
));
}
@@ -170,8 +170,8 @@ class acp_language
$sql_ary = array(
'lang_english_name' => request_var('lang_english_name', $row['lang_english_name']),
- 'lang_local_name' => request_var('lang_local_name', $row['lang_local_name']),
- 'lang_author' => request_var('lang_author', $row['lang_author']),
+ 'lang_local_name' => request_var('lang_local_name', $row['lang_local_name'], true),
+ 'lang_author' => request_var('lang_author', $row['lang_author'], true),
);
$db->sql_query('UPDATE ' . LANG_TABLE . '
@@ -238,7 +238,9 @@ class acp_language
if ($this->language_directory == 'email')
{
// Email Template
- fwrite($fp, (STRIP) ? stripslashes($_POST['entry']) : $_POST['entry']);
+ $entry = (STRIP) ? stripslashes($_POST['entry']) : $_POST['entry'];
+ $entry = preg_replace('#&(\#[0-9]+;)#', '&\1', $entry);
+ fwrite($fp, $entry);
}
else
{
@@ -263,6 +265,7 @@ class acp_language
foreach ($value as $_key => $_value)
{
$_value = (STRIP) ? stripslashes($_value) : $_value;
+ $_value = preg_replace('#&(\#[0-9]+;)#', '&\1', $_value);
$entry .= "\t\t" . (int) $_key . "\t=> '" . str_replace("'", "\\'", $_value) . "',\n";
}
@@ -283,6 +286,7 @@ class acp_language
if (!is_array($value))
{
$value = (STRIP) ? stripslashes($value) : $value;
+ $value = preg_replace('#&(\#[0-9]+;)#', '&\1', $value);
$entry = "\t'" . $key . "'\t=> '" . str_replace("'", "\\'", $value) . "',\n";
}
else
@@ -292,6 +296,7 @@ class acp_language
foreach ($value as $_key => $_value)
{
$_value = (STRIP) ? stripslashes($_value) : $_value;
+ $_value = preg_replace('#&(\#[0-9]+;)#', '&\1', $_value);
$entry .= "\t\t'" . $_key . "'\t=> '" . str_replace("'", "\\'", $_value) . "',\n";
}
diff --git a/phpBB/includes/acp/acp_modules.php b/phpBB/includes/acp/acp_modules.php
index 481b6f066c..7e742c8e46 100644
--- a/phpBB/includes/acp/acp_modules.php
+++ b/phpBB/includes/acp/acp_modules.php
@@ -288,7 +288,7 @@ class acp_modules
'module_enabled' => 0,
'module_display' => 1,
'parent_id' => 0,
- 'module_langname' => request_var('module_langname', ''),
+ 'module_langname' => request_var('module_langname', '', true),
'module_mode' => '',
'module_auth' => '',
);
@@ -301,7 +301,7 @@ class acp_modules
$module_data['module_display'] = request_var('module_display', (int) $module_row['module_display']);
$module_data['parent_id'] = request_var('module_parent_id', (int) $module_row['parent_id']);
$module_data['module_class'] = $this->module_class;
- $module_data['module_langname'] = request_var('module_langname', (string) $module_row['module_langname']);
+ $module_data['module_langname'] = request_var('module_langname', (string) $module_row['module_langname'], true);
$module_data['module_mode'] = request_var('module_mode', (string) $module_row['module_mode']);
$submit = (isset($_POST['submit'])) ? true : false;
diff --git a/phpBB/includes/acp/acp_permission_roles.php b/phpBB/includes/acp/acp_permission_roles.php
index 9346d0ae3f..e4c4cafa85 100644
--- a/phpBB/includes/acp/acp_permission_roles.php
+++ b/phpBB/includes/acp/acp_permission_roles.php
@@ -149,7 +149,7 @@ class acp_permission_roles
case 'add':
- $role_name = request_var('role_name', '');
+ $role_name = request_var('role_name', '', true);
$role_group_ids = request_var('role_group_ids', array(0));
$pre_select = request_var('pre_select', 'custom');
$auth_settings = request_var('setting', array('' => 0));
@@ -313,7 +313,7 @@ class acp_permission_roles
$options_from = request_var('options_from', 0);
$role_row = array(
- 'role_name' => request_var('role_name', ''),
+ 'role_name' => request_var('role_name', '', true),
'role_type' => $permission_type,
'role_group_ids' => implode(':', request_var('role_group_ids', array(0))),
);
diff --git a/phpBB/includes/acp/acp_profile.php b/phpBB/includes/acp/acp_profile.php
index 3a14640854..35fef141fd 100644
--- a/phpBB/includes/acp/acp_profile.php
+++ b/phpBB/includes/acp/acp_profile.php
@@ -314,11 +314,11 @@ class acp_profile
}
$cp->vars['field_ident'] = request_var('field_ident', $field_row['field_ident']);
- $cp->vars['lang_name'] = request_var('lang_name', $field_row['lang_name']);
- $cp->vars['lang_explain'] = request_var('lang_explain', $field_row['lang_explain']);
- $cp->vars['lang_default_value'] = request_var('lang_default_value', $field_row['lang_default_value']);
+ $cp->vars['lang_name'] = request_var('lang_name', $field_row['lang_name'], true);
+ $cp->vars['lang_explain'] = request_var('lang_explain', $field_row['lang_explain'], true);
+ $cp->vars['lang_default_value'] = request_var('lang_default_value', $field_row['lang_default_value'], true);
- $options = request_var('lang_options', '');
+ $options = request_var('lang_options', '', true);
// If the user has submitted a form with options (i.e. dropdown field)
if ($options)
@@ -358,14 +358,14 @@ class acp_profile
}
else
{
- $var = request_var($key, $field_row[$key]);
+ $var = request_var($key, $field_row[$key], true);
}
// Manipulate the intended variables a little bit if needed
if ($field_type == FIELD_DROPDOWN && $key == 'field_maxlen')
{
// Get the number of options if this key is 'field_maxlen'
- $var = sizeof(explode("\n", request_var('lang_options', '')));
+ $var = sizeof(explode("\n", request_var('lang_options', '', true)));
}
if ($field_type == FIELD_TEXT && $key == 'field_length')
@@ -450,7 +450,7 @@ class acp_profile
foreach ($exclude[3] as $key)
{
- $cp->vars[$key] = request_var($key, array(0 => ''));
+ $cp->vars[$key] = request_var($key, array(0 => ''), true);
if (!$cp->vars[$key] && $action == 'edit')
{
@@ -526,7 +526,7 @@ class acp_profile
foreach ($key_ary as $key)
{
- $var = isset($_REQUEST[$key]) ? request_var($key, '') : false;
+ $var = isset($_REQUEST[$key]) ? request_var($key, '', true) : false;
if ($var !== false)
{
@@ -846,7 +846,7 @@ class acp_profile
$lang_options[$lang_id]['lang_iso'] = $lang_iso;
foreach ($options as $field => $field_type)
{
- $value = ($action == 'create') ? request_var('l_' . $field, '') : $cp->vars['l_' . $field];
+ $value = ($action == 'create') ? request_var('l_' . $field, '', true) : $cp->vars['l_' . $field];
if ($field == 'lang_options')
{
@@ -1045,10 +1045,10 @@ class acp_profile
}
}
- $cp->vars['l_lang_name'] = request_var('l_lang_name', '');
- $cp->vars['l_lang_explain'] = request_var('l_lang_explain', '');
- $cp->vars['l_lang_default_value'] = request_var('l_lang_default_value', '');
- $cp->vars['l_lang_options'] = request_var('l_lang_options', '');
+ $cp->vars['l_lang_name'] = request_var('l_lang_name', '', true);
+ $cp->vars['l_lang_explain'] = request_var('l_lang_explain', '', true);
+ $cp->vars['l_lang_default_value'] = request_var('l_lang_default_value', '', true);
+ $cp->vars['l_lang_options'] = request_var('l_lang_options', '', true);
if ($cp->vars['lang_options'])
{
diff --git a/phpBB/includes/acp/acp_ranks.php b/phpBB/includes/acp/acp_ranks.php
index 1b9ade9f55..3978ed25ec 100644
--- a/phpBB/includes/acp/acp_ranks.php
+++ b/phpBB/includes/acp/acp_ranks.php
@@ -35,7 +35,7 @@ class acp_ranks
{
case 'save':
- $rank_title = request_var('title', '');
+ $rank_title = request_var('title', '', true);
$special_rank = request_var('special_rank', 0);
$min_posts = ($special_rank) ? -1 : request_var('min_posts', 0);
$rank_image = request_var('rank_image', '');
diff --git a/phpBB/includes/acp/acp_reasons.php b/phpBB/includes/acp/acp_reasons.php
index 2e6f664946..02e06e87f2 100644
--- a/phpBB/includes/acp/acp_reasons.php
+++ b/phpBB/includes/acp/acp_reasons.php
@@ -39,8 +39,8 @@ class acp_reasons
case 'edit':
$reason_row = array(
- 'reason_title' => request_var('reason_title', ''),
- 'reason_description' => request_var('reason_description', '')
+ 'reason_title' => request_var('reason_title', '', true),
+ 'reason_description' => request_var('reason_description', '', true)
);
if ($submit)
diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php
index 0a3529f3f5..5b2a8fdfc9 100644
--- a/phpBB/includes/acp/acp_styles.php
+++ b/phpBB/includes/acp/acp_styles.php
@@ -1113,7 +1113,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
if ($update)
{
$name = request_var('name', '');
- $copyright = request_var('copyright', '');
+ $copyright = request_var('copyright', '', true);
$template_id = request_var('template_id', 0);
$theme_id = request_var('theme_id', 0);
@@ -1598,7 +1598,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
$style_row = array(
$mode . '_name' => request_var('name', ''),
- $mode . '_copyright' => request_var('copyright', ''),
+ $mode . '_copyright' => request_var('copyright', '', true),
'template_id' => 0,
'theme_id' => 0,
'imageset_id' => 0,
diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php
index a90832cd00..1d1c0b78ea 100644
--- a/phpBB/includes/acp/acp_users.php
+++ b/phpBB/includes/acp/acp_users.php
@@ -755,7 +755,7 @@ class acp_users
$deletemark = (isset($_POST['delmarked'])) ? true : false;
$deleteall = (isset($_POST['delall'])) ? true : false;
$marked = request_var('mark', array(0));
- $message = request_var('message', '');
+ $message = request_var('message', '', true);
// Sort keys
$sort_days = request_var('st', 0);
@@ -872,7 +872,7 @@ class acp_users
foreach ($var_ary as $var => $default)
{
- $data[$var] = request_var($var, $default);
+ $data[$var] = (in_array($var, array('location', 'occupation', 'interests')) ? request_var($var, $default, true) : $data[$var] = request_var($var, $default);
}
$var_ary = array(
@@ -1424,7 +1424,7 @@ class acp_users
$enable_bbcode = ($config['allow_sig_bbcode']) ? request_var('enable_bbcode', $this->optionget($user_row, 'bbcode')) : false;
$enable_smilies = ($config['allow_sig_smilies']) ? request_var('enable_smilies', $this->optionget($user_row, 'smilies')) : false;
$enable_urls = request_var('enable_urls', true);
- $signature = request_var('signature', $user_row['user_sig']);
+ $signature = request_var('signature', $user_row['user_sig'], true);
$preview = (isset($_POST['preview'])) ? true : false;
diff --git a/phpBB/includes/acp/acp_words.php b/phpBB/includes/acp/acp_words.php
index fce4757a3c..ef75eedcba 100644
--- a/phpBB/includes/acp/acp_words.php
+++ b/phpBB/includes/acp/acp_words.php
@@ -69,8 +69,8 @@ class acp_words
case 'save':
$word_id = request_var('id', 0);
- $word = request_var('word', '');
- $replacement = request_var('replacement', '');
+ $word = request_var('word', '', true);
+ $replacement = request_var('replacement', '', true);
if (!$word || !$replacement)
{
diff --git a/phpBB/includes/acp/auth.php b/phpBB/includes/acp/auth.php
index ebbb129994..2307d413fa 100644
--- a/phpBB/includes/acp/auth.php
+++ b/phpBB/includes/acp/auth.php
@@ -701,7 +701,7 @@ class auth_admin extends auth
$id_field = $ug_type . '_id';
// Get any flags as required
- list(, $flag) = each(array_keys($auth));
+ $flag = key($auth);
$flag = substr($flag, 0, strpos($flag, '_') + 1);
// This ID (the any-flag) is set if one or more permissions are true...
@@ -831,7 +831,7 @@ class auth_admin extends auth
global $db;
// Get any-flag as required
- list(, $flag) = each(array_keys($auth));
+ $flag = key($auth);
$flag = substr($flag, 0, strpos($flag, '_') + 1);
// Remove any-flag from auth ary
generated by cgit v1.2.1 (git 2.21.0) at 2024-11-11 07:04:32 +0000