diff options
Diffstat (limited to 'phpBB/includes/ucp')
| -rw-r--r-- | phpBB/includes/ucp/ucp_groups.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_main.php | 40 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_pm_compose.php | 6 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_pm_viewfolder.php | 12 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_pm_viewmessage.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_profile.php | 8 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_register.php | 6 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_resend.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_zebra.php | 8 |
9 files changed, 45 insertions, 41 deletions
diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php index 1943db0190..9ac929fcea 100644 --- a/phpBB/includes/ucp/ucp_groups.php +++ b/phpBB/includes/ucp/ucp_groups.php @@ -318,7 +318,7 @@ class ucp_groups $sql_and = ($auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel')) ? '<> ' . GROUP_SPECIAL : 'NOT IN (' . GROUP_SPECIAL . ', ' . GROUP_HIDDEN . ')'; $sql = 'SELECT group_id, group_name, group_desc, group_desc_uid, group_desc_bitfield, group_desc_options, group_type FROM ' . GROUPS_TABLE . ' - WHERE group_id NOT IN (' . implode(', ', $group_id_ary) . ") + WHERE ' . $db->sql_in_set('group_id', $group_id_ary, true) . ") AND group_type $sql_and ORDER BY group_type DESC, group_name"; $result = $db->sql_query($sql); diff --git a/phpBB/includes/ucp/ucp_main.php b/phpBB/includes/ucp/ucp_main.php index e0c51204ed..8936a7728b 100644 --- a/phpBB/includes/ucp/ucp_main.php +++ b/phpBB/includes/ucp/ucp_main.php @@ -65,7 +65,7 @@ class ucp_main if (sizeof($forum_ary)) { - $sql .= ' AND forum_id NOT IN ( ' . implode(', ', $forum_ary) . ')'; + $sql .= ' AND ' . $db->sql_in_set('forum_id', $forum_ary); } $result = $db->sql_query_limit($sql, 1); $g_forum_id = (int) $db->sql_fetchfield('forum_id'); @@ -186,27 +186,27 @@ class ucp_main if ($unwatch) { - $forums = (isset($_POST['f'])) ? implode(', ', array_map('intval', array_keys($_POST['f']))) : false; - $topics = (isset($_POST['t'])) ? implode(', ', array_map('intval', array_keys($_POST['t']))) : false; + $forums = (isset($_POST['f'])) ? array_map('intval', array_keys($_POST['f'])) : array(); + $topics = (isset($_POST['t'])) ? array_map('intval', array_keys($_POST['t'])) : array(); - if ($forums || $topics) + if (sizeof($forums) || sizeof($topics)) { $l_unwatch = ''; - if ($forums) + if (sizeof($forums)) { - $sql = 'DELETE FROM ' . FORUMS_WATCH_TABLE . " - WHERE forum_id IN ($forums) - AND user_id = " . $user->data['user_id']; + $sql = 'DELETE FROM ' . FORUMS_WATCH_TABLE . ' + WHERE ' . $db->sql_in_set('forum_id', $forums) . ' + AND user_id = ' . $user->data['user_id']; $db->sql_query($sql); $l_unwatch .= '_FORUMS'; } - if ($topics) + if (sizeof($topics)) { - $sql = 'DELETE FROM ' . TOPICS_WATCH_TABLE . " - WHERE topic_id IN ($topics) - AND user_id = " . $user->data['user_id']; + $sql = 'DELETE FROM ' . TOPICS_WATCH_TABLE . ' + WHERE ' . $db->sql_in_set('topic_id', $topics) . ' + AND user_id = ' . $user->data['user_id']; $db->sql_query($sql); $l_unwatch .= '_TOPICS'; @@ -511,7 +511,7 @@ class ucp_main { $sql = 'DELETE FROM ' . BOOKMARKS_TABLE . ' WHERE user_id = ' . $user->data['user_id'] . ' - AND topic_id IN (' . implode(', ', $topics) . ')'; + AND ' . $db->sql_in_set('topic_id', $topics); $db->sql_query($sql); // Re-Order bookmarks (possible with one query? This query massaker is not really acceptable...) @@ -620,13 +620,13 @@ class ucp_main if ($delete) { - $drafts = (isset($_POST['d'])) ? implode(', ', array_map('intval', array_keys($_POST['d']))) : ''; + $drafts = (!empty($_POST['d'])) ? array_map('intval', array_keys($_POST['d'])) : array(); - if ($drafts) + if (sizeof($drafts)) { - $sql = 'DELETE FROM ' . DRAFTS_TABLE . " - WHERE draft_id IN ($drafts) - AND user_id = " .$user->data['user_id']; + $sql = 'DELETE FROM ' . DRAFTS_TABLE . ' + WHERE ' . $db->sql_in_set('draft_id', $drafts) . ' + AND user_id = ' . $user->data['user_id']; $db->sql_query($sql); $message = $user->lang['DRAFTS_DELETED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); @@ -634,6 +634,8 @@ class ucp_main meta_refresh(3, $this->u_action); trigger_error($message); } + + unset($drafts); } if ($submit && $edit) @@ -701,7 +703,7 @@ class ucp_main { $sql = 'SELECT topic_id, forum_id, topic_title FROM ' . TOPICS_TABLE . ' - WHERE topic_id IN (' . implode(',', array_unique($topic_ids)) . ')'; + WHERE ' . $db->sql_in_set('topic_id', array_unique($topic_ids)); $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index 27a9735d35..ff95bfc307 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -663,7 +663,7 @@ function compose_pm($id, $mode, $action) { $sql = 'SELECT user_id as id, username as name, user_colour as colour FROM ' . USERS_TABLE . ' - WHERE user_id IN (' . implode(', ', array_map('intval', array_keys($address_list['u']))) . ')'; + WHERE ' . $db->sql_in_set('user_id', array_map('intval', array_keys($address_list['u']))); $result['u'] = $db->sql_query($sql); } @@ -672,7 +672,7 @@ function compose_pm($id, $mode, $action) $sql = 'SELECT group_id as id, group_name as name, group_colour as colour, group_type FROM ' . GROUPS_TABLE . ' WHERE group_receive_pm = 1 - AND group_id IN (' . implode(', ', array_map('intval', array_keys($address_list['g']))) . ')'; + AND ' . $db->sql_in_set('group_id', array_map('intval', array_keys($address_list['g']))); $result['g'] = $db->sql_query($sql); } @@ -894,7 +894,7 @@ function handle_message_list_actions(&$address_list, $remove_u, $remove_g, $add_ { $sql = 'SELECT user_id FROM ' . USERS_TABLE . ' - WHERE user_id IN (' . implode(', ', $user_id_ary) . ') + WHERE ' . $db->sql_in_set('user_id', $user_id_ary) . ' AND user_allow_pm = 1'; $result = $db->sql_query($sql); diff --git a/phpBB/includes/ucp/ucp_pm_viewfolder.php b/phpBB/includes/ucp/ucp_pm_viewfolder.php index ef245e9d11..91a44c31c1 100644 --- a/phpBB/includes/ucp/ucp_pm_viewfolder.php +++ b/phpBB/includes/ucp/ucp_pm_viewfolder.php @@ -133,15 +133,15 @@ function view_folder($id, $mode, $folder_id, $folder) { $sql = 'SELECT user_id as id, username as name, user_colour as colour FROM ' . USERS_TABLE . ' - WHERE user_id'; + WHERE '; } else { $sql = 'SELECT group_id as id, group_name as name, group_colour as colour, group_type FROM ' . GROUPS_TABLE . ' - WHERE group_id'; + WHERE '; } - $sql .= ' IN (' . implode(', ', array_map('intval', array_keys($recipient_list[$ug_type]))) . ')'; + $sql .= $db->sql_in_set(($ug_type == 'u') ? 'user_id' : 'group_id', array_map('intval', array_keys($recipient_list[$ug_type]))); $result = $db->sql_query($sql); @@ -277,15 +277,15 @@ function view_folder($id, $mode, $folder_id, $folder) { $sql = 'SELECT user_id as id, username as name FROM ' . USERS_TABLE . ' - WHERE user_id'; + WHERE '; } else { $sql = 'SELECT group_id as id, group_name as name FROM ' . GROUPS_TABLE . ' - WHERE group_id'; + WHERE '; } - $sql .= ' IN (' . implode(', ', array_map('intval', array_keys($address[$message_id][$ug_type]))) . ')'; + $sql .= $db->sql_in_set(($ug_type == 'u') ? 'user_id' : 'group_id', array_map('intval', array_keys($address[$message_id][$ug_type]))); $result = $db->sql_query($sql); diff --git a/phpBB/includes/ucp/ucp_pm_viewmessage.php b/phpBB/includes/ucp/ucp_pm_viewmessage.php index 620bc9701f..4a399d847d 100644 --- a/phpBB/includes/ucp/ucp_pm_viewmessage.php +++ b/phpBB/includes/ucp/ucp_pm_viewmessage.php @@ -134,7 +134,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) { $sql = 'UPDATE ' . ATTACHMENTS_TABLE . ' SET download_count = download_count + 1 - WHERE attach_id IN (' . implode(', ', array_unique($update_count)) . ')'; + WHERE ' . $db->sql_in_set('attach_id', array_unique($update_count)); $db->sql_query($sql); } } diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php index 52f17a8048..d757d6e14d 100644 --- a/phpBB/includes/ucp/ucp_profile.php +++ b/phpBB/includes/ucp/ucp_profile.php @@ -153,7 +153,7 @@ class ucp_profile $sql = 'SELECT user_id, username, user_email, user_lang, user_jabber, user_notify_type FROM ' . USERS_TABLE . ' - WHERE user_id IN (' . implode(', ', $admin_ary[0]['a_user']) .')'; + WHERE ' . $db->sql_in_set('user_id', $admin_ary[0]['a_user']); $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) @@ -585,7 +585,11 @@ class ucp_profile // Delete old avatar if present if ($user->data['user_avatar'] && $filename != $user->data['user_avatar'] && $user->data['user_avatar_type'] != AVATAR_GALLERY) { - avatar_delete($user->data['user_avatar']); + // Check if the users avatar is actually a group avatar + if (strpos($user->data['user_avatar'], 'g' . $user->data['group_id'] . '_') !== 0 && strpos($user->data['user_avatar'], $user->data['user_id'] . '_') === 0) + { + avatar_delete($user->data['user_avatar']); + } } } diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php index 620b388f99..01b92125ac 100644 --- a/phpBB/includes/ucp/ucp_register.php +++ b/phpBB/includes/ucp/ucp_register.php @@ -323,7 +323,7 @@ class ucp_register $sql = 'SELECT user_id, username, user_email, user_lang, user_jabber, user_notify_type FROM ' . USERS_TABLE . ' - WHERE user_id IN (' . implode(', ', $admin_ary[0]['a_user']) .')'; + WHERE ' . $db->sql_in_set('user_id', $admin_ary[0]['a_user']); $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) @@ -375,12 +375,12 @@ class ucp_register $sql_in = array(); do { - $sql_in[] = "'" . $db->sql_escape($row['session_id']) . "'"; + $sql_in[] = (string) $row['session_id']; } while ($row = $db->sql_fetchrow($result)); $sql = 'DELETE FROM ' . CONFIRM_TABLE . ' - WHERE session_id NOT IN (' . implode(', ', $sql_in) . ') + WHERE ' . $db->sql_in_set('session_id', $sql_in, true) . ' AND confirm_type = ' . CONFIRM_REG; $db->sql_query($sql); } diff --git a/phpBB/includes/ucp/ucp_resend.php b/phpBB/includes/ucp/ucp_resend.php index 0e59c7560c..84ce3fe9b7 100644 --- a/phpBB/includes/ucp/ucp_resend.php +++ b/phpBB/includes/ucp/ucp_resend.php @@ -105,7 +105,7 @@ class ucp_resend $sql = 'SELECT user_id, username, user_email, user_lang, user_jabber, user_notify_type FROM ' . USERS_TABLE . ' - WHERE user_id IN (' . implode(', ', $admin_ary[0]['a_user']) .')'; + WHERE ' . $db->sql_in_set('user_id', $admin_ary[0]['a_user']); $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) diff --git a/phpBB/includes/ucp/ucp_zebra.php b/phpBB/includes/ucp/ucp_zebra.php index fb9925e248..2cf6edcac4 100644 --- a/phpBB/includes/ucp/ucp_zebra.php +++ b/phpBB/includes/ucp/ucp_zebra.php @@ -97,13 +97,11 @@ class ucp_zebra unset($friends, $foes, $n); - $data['add'] = implode(', ', preg_replace('#^(.*?)$#', "'$1'", array_map(array(&$db, 'sql_escape'), $data['add']))); - - if ($data['add']) + if (sizeof($data['add'])) { $sql = 'SELECT user_id, user_type FROM ' . USERS_TABLE . ' - WHERE LOWER(username) IN (' . $data['add'] . ') + WHERE ' . $db->sql_in_set('LOWER(username)', $data['add']) . ' AND user_type <> ' . USER_INACTIVE; $result = $db->sql_query($sql); @@ -197,7 +195,7 @@ class ucp_zebra $sql = 'DELETE FROM ' . ZEBRA_TABLE . ' WHERE user_id = ' . $user->data['user_id'] . ' - AND zebra_id IN (' . implode(', ', $data['usernames']) . ')'; + AND ' . $db->sql_in_set('zebra_id', $data['usernames']); $db->sql_query($sql); } |