aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes/ucp
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes/ucp')
-rw-r--r--phpBB/includes/ucp/ucp_attachments.php30
-rw-r--r--phpBB/includes/ucp/ucp_pm_compose.php22
-rw-r--r--phpBB/includes/ucp/ucp_pm_viewfolder.php4
-rw-r--r--phpBB/includes/ucp/ucp_profile.php3
-rw-r--r--phpBB/includes/ucp/ucp_register.php29
5 files changed, 60 insertions, 28 deletions
diff --git a/phpBB/includes/ucp/ucp_attachments.php b/phpBB/includes/ucp/ucp_attachments.php
index c1b623cd71..7808fed325 100644
--- a/phpBB/includes/ucp/ucp_attachments.php
+++ b/phpBB/includes/ucp/ucp_attachments.php
@@ -29,7 +29,7 @@ class ucp_attachments
function main($id, $mode)
{
- global $template, $user, $db, $config, $phpEx, $phpbb_root_path, $phpbb_container, $request;
+ global $template, $user, $db, $config, $phpEx, $phpbb_root_path, $phpbb_container, $request, $auth;
$start = $request->variable('start', 0);
$sort_key = $request->variable('sk', 'a');
@@ -41,16 +41,27 @@ class ucp_attachments
if ($delete && count($delete_ids))
{
// Validate $delete_ids...
- $sql = 'SELECT attach_id
- FROM ' . ATTACHMENTS_TABLE . '
- WHERE poster_id = ' . $user->data['user_id'] . '
- AND is_orphan = 0
- AND ' . $db->sql_in_set('attach_id', $delete_ids);
+ $sql = 'SELECT a.attach_id, p.post_edit_locked, t.topic_status, f.forum_id, f.forum_status
+ FROM ' . ATTACHMENTS_TABLE . ' a
+ LEFT JOIN ' . POSTS_TABLE . ' p
+ ON (a.post_msg_id = p.post_id AND a.in_message = 0)
+ LEFT JOIN ' . TOPICS_TABLE . ' t
+ ON (t.topic_id = p.topic_id AND a.in_message = 0)
+ LEFT JOIN ' . FORUMS_TABLE . ' f
+ ON (f.forum_id = t.forum_id AND a.in_message = 0)
+ WHERE a.poster_id = ' . $user->data['user_id'] . '
+ AND a.is_orphan = 0
+ AND ' . $db->sql_in_set('a.attach_id', $delete_ids);
$result = $db->sql_query($sql);
$delete_ids = array();
while ($row = $db->sql_fetchrow($result))
{
+ if (!$auth->acl_get('m_edit', $row['forum_id']) && ($row['forum_status'] == ITEM_LOCKED || $row['topic_status'] == ITEM_LOCKED || $row['post_edit_locked']))
+ {
+ continue;
+ }
+
$delete_ids[] = $row['attach_id'];
}
$db->sql_freeresult($result);
@@ -124,10 +135,12 @@ class ucp_attachments
$pagination = $phpbb_container->get('pagination');
$start = $pagination->validate_start($start, $config['topics_per_page'], $num_attachments);
- $sql = 'SELECT a.*, t.topic_title, p.message_subject as message_title
+ $sql = 'SELECT a.*, t.topic_title, pr.message_subject as message_title, p.post_edit_locked, t.topic_status, f.forum_id, f.forum_status
FROM ' . ATTACHMENTS_TABLE . ' a
+ LEFT JOIN ' . POSTS_TABLE . ' p ON (a.post_msg_id = p.post_id AND a.in_message = 0)
LEFT JOIN ' . TOPICS_TABLE . ' t ON (a.topic_id = t.topic_id AND a.in_message = 0)
- LEFT JOIN ' . PRIVMSGS_TABLE . ' p ON (a.post_msg_id = p.msg_id AND a.in_message = 1)
+ LEFT JOIN ' . FORUMS_TABLE . ' f ON (f.forum_id = t.forum_id AND a.in_message = 0)
+ LEFT JOIN ' . PRIVMSGS_TABLE . ' pr ON (a.post_msg_id = pr.msg_id AND a.in_message = 1)
WHERE a.poster_id = ' . $user->data['user_id'] . "
AND a.is_orphan = 0
ORDER BY $order_by";
@@ -164,6 +177,7 @@ class ucp_attachments
'TOPIC_ID' => $row['topic_id'],
'S_IN_MESSAGE' => $row['in_message'],
+ 'S_LOCKED' => !$row['in_message'] && !$auth->acl_get('m_edit', $row['forum_id']) && ($row['forum_status'] == ITEM_LOCKED || $row['topic_status'] == ITEM_LOCKED || $row['post_edit_locked']),
'U_VIEW_ATTACHMENT' => append_sid("{$phpbb_root_path}download/file.$phpEx", 'id=' . $row['attach_id']),
'U_VIEW_TOPIC' => $view_topic)
diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php
index 543db4f889..87a8c91fd2 100644
--- a/phpBB/includes/ucp/ucp_pm_compose.php
+++ b/phpBB/includes/ucp/ucp_pm_compose.php
@@ -26,7 +26,7 @@ if (!defined('IN_PHPBB'))
function compose_pm($id, $mode, $action, $user_folders = array())
{
global $template, $db, $auth, $user, $cache;
- global $phpbb_root_path, $phpEx, $config;
+ global $phpbb_root_path, $phpEx, $config, $language;
global $request, $phpbb_dispatcher, $phpbb_container;
// Damn php and globals - i know, this is horrible
@@ -799,7 +799,10 @@ function compose_pm($id, $mode, $action, $user_folders = array())
extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_modify_parse_before', compact($vars)));
// Parse Attachments - before checksum is calculated
- $message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true);
+ if ($message_parser->check_attachment_form_token($language, $request, 'ucp_pm_compose'))
+ {
+ $message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true);
+ }
if (count($message_parser->warn_msg) && !($remove_u || $remove_g || $add_to || $add_bcc))
{
@@ -996,7 +999,10 @@ function compose_pm($id, $mode, $action, $user_folders = array())
{
$quote_attributes['post_id'] = $post['msg_id'];
}
-
+ if ($action === 'quote')
+ {
+ $quote_attributes['msg_id'] = $post['msg_id'];
+ }
/** @var \phpbb\language\language $language */
$language = $phpbb_container->get('language');
/** @var \phpbb\textformatter\utils_interface $text_formatter_utils */
@@ -1007,6 +1013,16 @@ function compose_pm($id, $mode, $action, $user_folders = array())
if (($action == 'reply' || $action == 'quote' || $action == 'quotepost') && !$preview && !$refresh)
{
$message_subject = ((!preg_match('/^Re:/', $message_subject)) ? 'Re: ' : '') . censor_text($message_subject);
+
+ /**
+ * This event allows you to modify the PM subject of the PM being quoted
+ *
+ * @event core.pm_modify_message_subject
+ * @var string message_subject String with the PM subject already censored.
+ * @since 3.2.8-RC1
+ */
+ $vars = array('message_subject');
+ extract($phpbb_dispatcher->trigger_event('core.pm_modify_message_subject', compact($vars)));
}
if ($action == 'forward' && !$preview && !$refresh && !$submit)
diff --git a/phpBB/includes/ucp/ucp_pm_viewfolder.php b/phpBB/includes/ucp/ucp_pm_viewfolder.php
index a0b535d683..09e7bf4d7c 100644
--- a/phpBB/includes/ucp/ucp_pm_viewfolder.php
+++ b/phpBB/includes/ucp/ucp_pm_viewfolder.php
@@ -138,9 +138,9 @@ function view_folder($id, $mode, $folder_id, $folder)
$row_indicator = '';
foreach ($color_rows as $var)
{
- if (($var != 'friend' && $var != 'foe' && $row['pm_' . $var])
+ if (($var !== 'friend' && $var !== 'foe' && $row[($var === 'message_reported') ? $var : "pm_{$var}"])
||
- (($var == 'friend' || $var == 'foe') && isset(${$var}[$row['author_id']]) && ${$var}[$row['author_id']]))
+ (($var === 'friend' || $var === 'foe') && isset(${$var}[$row['author_id']]) && ${$var}[$row['author_id']]))
{
$row_indicator = $var;
break;
diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php
index 9a1284083f..36ab3d0463 100644
--- a/phpBB/includes/ucp/ucp_profile.php
+++ b/phpBB/includes/ucp/ucp_profile.php
@@ -133,7 +133,6 @@ class ucp_profile
'user_email' => ($auth->acl_get('u_chgemail')) ? $data['email'] : $user->data['user_email'],
'user_email_hash' => ($auth->acl_get('u_chgemail')) ? phpbb_email_hash($data['email']) : $user->data['user_email_hash'],
'user_password' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? $passwords_manager->hash($data['new_password']) : $user->data['user_password'],
- 'user_passchg' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? time() : 0,
);
if ($auth->acl_get('u_chgname') && $config['allow_namechange'] && $data['username'] != $user->data['username'])
@@ -147,6 +146,8 @@ class ucp_profile
if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && !$passwords_manager->check($data['new_password'], $user->data['user_password']))
{
+ $sql_ary['user_passchg'] = time();
+
$user->reset_login_keys();
$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_NEW_PASSWORD', false, array(
'reportee_id' => $user->data['user_id'],
diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php
index 0e673cb692..03ac63b12b 100644
--- a/phpBB/includes/ucp/ucp_register.php
+++ b/phpBB/includes/ucp/ucp_register.php
@@ -39,12 +39,23 @@ class ucp_register
trigger_error('UCP_REGISTER_DISABLE');
}
- $coppa = $request->is_set('coppa') ? (int) $request->variable('coppa', false) : false;
+ $coppa = $request->is_set('coppa_yes') ? 1 : ($request->is_set('coppa_no') ? 0 : false);
+ $coppa = $request->is_set('coppa') ? $request->variable('coppa', 0) : $coppa;
$agreed = $request->variable('agreed', false);
$submit = $request->is_set_post('submit');
$change_lang = $request->variable('change_lang', '');
$user_lang = $request->variable('lang', $user->lang_name);
+ if ($agreed && !check_form_key('ucp_register'))
+ {
+ $agreed = false;
+ }
+
+ if ($coppa !== false && !check_form_key('ucp_register'))
+ {
+ $coppa = false;
+ }
+
/**
* Add UCP register data before they are assigned to the template or submitted
*
@@ -67,14 +78,7 @@ class ucp_register
);
extract($phpbb_dispatcher->trigger_event('core.ucp_register_requests_after', compact($vars)));
- if ($agreed)
- {
- add_form_key('ucp_register');
- }
- else
- {
- add_form_key('ucp_register_terms');
- }
+ add_form_key('ucp_register');
if ($change_lang || $user_lang != $config['default_lang'])
{
@@ -168,11 +172,8 @@ class ucp_register
$template_vars = array(
'S_LANG_OPTIONS' => (count($lang_row) > 1) ? language_select($user_lang) : '',
- 'L_COPPA_NO' => sprintf($user->lang['UCP_COPPA_BEFORE'], $coppa_birthday),
- 'L_COPPA_YES' => sprintf($user->lang['UCP_COPPA_ON_AFTER'], $coppa_birthday),
-
- 'U_COPPA_NO' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register&coppa=0'),
- 'U_COPPA_YES' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register&coppa=1'),
+ 'L_COPPA_NO' => $user->lang('UCP_COPPA_BEFORE', $coppa_birthday),
+ 'L_COPPA_YES' => $user->lang('UCP_COPPA_ON_AFTER', $coppa_birthday),
'S_SHOW_COPPA' => true,
'S_HIDDEN_FIELDS' => build_hidden_fields($s_hidden_fields),
generated by cgit v1.2.1 (git 2.21.0) at 2025-05-29 19:56:30 +0000