diff options
Diffstat (limited to 'phpBB/includes/ucp')
| -rw-r--r-- | phpBB/includes/ucp/ucp_main.php | 5 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_pm_compose.php | 5 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_pm_options.php | 26 |
3 files changed, 27 insertions, 9 deletions
diff --git a/phpBB/includes/ucp/ucp_main.php b/phpBB/includes/ucp/ucp_main.php index 4a98ea2829..f236f5dd9d 100644 --- a/phpBB/includes/ucp/ucp_main.php +++ b/phpBB/includes/ucp/ucp_main.php @@ -687,9 +687,8 @@ class ucp_main extends module if ($submit && $edit) { - $draft_subject = preg_replace('#&(\#[0-9]+;)#', '&\1', request_var('subject', '')); - $draft_message = (isset($_POST['message'])) ? htmlspecialchars(trim(str_replace(array('\\\'', '\\"', '\\0', '\\\\'), array('\'', '"', '\0', '\\'), $_POST['message']))) : ''; - $draft_message = preg_replace('#&(\#[0-9]+;)#', '&\1', $draft_message); + $draft_subject = request_var('subject', '', true); + $draft_message = request_var('message', '', true); if ($draft_message && $draft_subject) { diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index 33ee31b22c..80a9c7676e 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -333,10 +333,9 @@ function compose_pm($id, $mode, $action) // Save Draft if ($save && $auth->acl_get('u_savedrafts')) { - $subject = preg_replace('#&(\#[0-9]+;)#', '&\1', request_var('subject', '')); + $subject = request_var('subject', '', true); $subject = (!$subject && $action != 'post') ? $user->lang['NEW_MESSAGE'] : $subject; - $message = (isset($_POST['message'])) ? htmlspecialchars(trim(str_replace(array('\\\'', '\\"', '\\0', '\\\\'), array('\'', '"', '\0', '\\'), $_POST['message']))) : ''; - $message = preg_replace('#&(\#[0-9]+;)#', '&\1', $message); + $message = request_var('message', '', true); if ($subject && $message) { diff --git a/phpBB/includes/ucp/ucp_pm_options.php b/phpBB/includes/ucp/ucp_pm_options.php index 253547cd47..129c6cb84f 100644 --- a/phpBB/includes/ucp/ucp_pm_options.php +++ b/phpBB/includes/ucp/ucp_pm_options.php @@ -418,7 +418,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit $rule_option = request_var('rule_option', 0); $cond_option = request_var('cond_option', ''); $action_option = request_var('action_option', ''); - $back = (isset($_REQUEST['back'])) ? request_var('back', '') : array(); + $back = (isset($_REQUEST['back'])) ? request_var('back', array('' => 0)) : array(); if (sizeof($back)) { @@ -576,7 +576,7 @@ function define_rule_option($hardcoded, $rule_option, $rule_lang, $check_ary) */ function define_cond_option($hardcoded, $cond_option, $rule_option, $global_rule_conditions) { - global $db, $template; + global $db, $template, $auth; $template->assign_vars(array( 'S_COND_DEFINED' => true, @@ -657,15 +657,35 @@ function define_cond_option($hardcoded, $cond_option, $rule_option, $global_rule $rule_group_id = request_var('rule_group_id', 0); $rule_string = request_var('rule_string', ''); + $sql_and = ($auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel')) ? '<> ' . GROUP_SPECIAL : 'NOT IN (' . GROUP_SPECIAL . ', ' . GROUP_HIDDEN . ')'; + $sql = 'SELECT group_id, group_name, group_type + FROM ' . GROUPS_TABLE . " + WHERE group_type $sql_and + ORDER BY group_type DESC, group_name"; + $result = $db->sql_query($sql); + + $s_group_options = ''; + while ($row = $db->sql_fetchrow($result)) + { + if ($rule_group_id && ($row['group_id'] == $rule_group_id)) + { + $rule_string = (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']); + } + + $s_selected = ($row['group_id'] == $rule_group_id) ? ' selected="selected"' : ''; + $s_group_options .= '<option value="' . $row['group_id'] . '"' . $s_selected . '>' . (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</option>'; + } + $db->sql_freeresult($result); + $template->assign_vars(array( 'S_GROUP_CONDITION' => true, + 'S_GROUP_OPTIONS' => $s_group_options, 'CURRENT_STRING' => $rule_string, 'CURRENT_USER_ID' => 0, 'CURRENT_GROUP_ID' => $rule_group_id) ); $current_value = $rule_string; - break; default: |