diff options
Diffstat (limited to 'phpBB/includes')
| -rw-r--r-- | phpBB/includes/acp/acp_board.php | 8 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_email.php | 4 | ||||
| -rw-r--r-- | phpBB/includes/functions.php | 7 | ||||
| -rw-r--r-- | phpBB/includes/functions_privmsgs.php | 15 | ||||
| -rw-r--r-- | phpBB/includes/functions_user.php | 33 | ||||
| -rw-r--r-- | phpBB/includes/session.php | 17 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_pm.php | 1 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_pm_compose.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_pm_viewmessage.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_profile.php | 2 |
10 files changed, 64 insertions, 27 deletions
diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index da424d1131..cb27314f74 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -40,9 +40,9 @@ class acp_board 'board_disable_msg' => false, 'default_lang' => array('lang' => 'DEFAULT_LANGUAGE', 'type' => 'select', 'function' => 'language_select', 'params' => array('{CONFIG_VALUE}'), 'explain' => false), 'default_dateformat' => array('lang' => 'DEFAULT_DATE_FORMAT', 'type' => 'custom', 'method' => 'dateformat_select', 'explain' => true), - 'board_timezone' => array('lang' => 'SYSTEM_TIMEZONE', 'type' => 'select', 'function' => 'tz_select', 'params' => array('{CONFIG_VALUE}'), 'explain' => false), + 'board_timezone' => array('lang' => 'SYSTEM_TIMEZONE', 'type' => 'select', 'function' => 'tz_select', 'params' => array('{CONFIG_VALUE}', 1), 'explain' => false), 'board_dst' => array('lang' => 'SYSTEM_DST', 'type' => 'radio:yes_no', 'explain' => false), - 'default_style' => array('lang' => 'DEFAULT_STYLE', 'type' => 'select', 'function' => 'style_select', 'params' => array('{CONFIG_VALUE}', true), 'explain' => false), + 'default_style' => array('lang' => 'DEFAULT_STYLE', 'type' => 'select', 'function' => 'style_select', 'params' => array('{CONFIG_VALUE}', 1), 'explain' => false), 'override_user_style' => array('lang' => 'OVERRIDE_STYLE', 'type' => 'radio:yes_no', 'explain' => true), 'legend2' => 'WARNINGS', @@ -104,7 +104,7 @@ class acp_board 'pm_max_boxes' => array('lang' => 'BOXES_MAX', 'type' => 'text:4:4', 'explain' => true), 'pm_max_msgs' => array('lang' => 'BOXES_LIMIT', 'type' => 'text:4:4', 'explain' => true), 'full_folder_action' => array('lang' => 'FULL_FOLDER_ACTION', 'type' => 'select', 'method' => 'full_folder_select', 'explain' => true), - 'pm_edit_time' => array('lang' => 'PM_EDIT_TIME', 'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']), + 'pm_edit_time' => array('lang' => 'PM_EDIT_TIME', 'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']), 'legend2' => 'GENERAL_OPTIONS', 'allow_mass_pm' => array('lang' => 'ALLOW_MASS_PM', 'type' => 'radio:yes_no', 'explain' => false), @@ -137,7 +137,7 @@ class acp_board 'legend2' => 'POSTING', 'bump_type' => false, - 'edit_time' => array('lang' => 'EDIT_TIME', 'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']), + 'edit_time' => array('lang' => 'EDIT_TIME', 'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']), 'display_last_edited' => array('lang' => 'DISPLAY_LAST_EDITED', 'type' => 'radio:yes_no', 'explain' => true), 'flood_interval' => array('lang' => 'FLOOD_INTERVAL', 'type' => 'text:3:4', 'explain' => true), 'bump_interval' => array('lang' => 'BUMP_INTERVAL', 'type' => 'custom', 'method' => 'bump_interval', 'explain' => true), diff --git a/phpBB/includes/acp/acp_email.php b/phpBB/includes/acp/acp_email.php index 62a86eed19..f75d878a9e 100644 --- a/phpBB/includes/acp/acp_email.php +++ b/phpBB/includes/acp/acp_email.php @@ -85,10 +85,10 @@ class acp_email } $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); if (!$row) { + $db->sql_freeresult($result); trigger_error($user->lang['NO_USER'] . adm_back_link($this->u_action)); } @@ -121,7 +121,7 @@ class acp_email $email_list[$j][$i]['jabber'] = $row['user_jabber']; $i++; } - } + } while ($row = $db->sql_fetchrow($result)); $db->sql_freeresult($result); diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 7b36c36548..9115ac2b6a 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -429,13 +429,18 @@ function style_select($default = '', $all = false) /** * Pick a timezone */ -function tz_select($default = '') +function tz_select($default = '', $truncate = false) { global $sys_timezone, $user; $tz_select = ''; foreach ($user->lang['tz_zones'] as $offset => $zone) { + if ($truncate) + { + $zone = (strlen($zone) > 70) ? substr($zone, 0, 70) . '...' : $zone; + } + if (is_numeric($offset)) { $selected = ($offset == $default) ? ' selected="selected"' : ''; diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php index 7a9cdfb322..b5afbf436e 100644 --- a/phpBB/includes/functions_privmsgs.php +++ b/phpBB/includes/functions_privmsgs.php @@ -1477,19 +1477,18 @@ function pm_notification($mode, $author, $recipients, $subject, $message) $subject = censor_text($subject); + unset($recipients[ANONYMOUS], $recipients[$user->data['user_id']]); + // Get banned User ID's $sql = 'SELECT ban_userid - FROM ' . BANLIST_TABLE; + FROM ' . BANLIST_TABLE . ' + WHERE ban_userid IN (' . implode(', ', array_map('intval', array_keys($recipients))) . ') + AND ban_exclude = 0'; $result = $db->sql_query($sql); - unset($recipients[ANONYMOUS], $recipients[$user->data['user_id']]); - while ($row = $db->sql_fetchrow($result)) { - if (isset($row['ban_userid'])) - { - unset($recipients[$row['ban_userid']]); - } + unset($recipients[$row['ban_userid']]); } $db->sql_freeresult($result); @@ -1498,7 +1497,7 @@ function pm_notification($mode, $author, $recipients, $subject, $message) return; } - $recipient_list = implode(', ', array_keys($recipients)); + $recipient_list = implode(', ', array_map('intval', array_keys($recipients))); $sql = 'SELECT user_id, username, user_email, user_lang, user_notify_pm, user_notify_type, user_jabber FROM ' . USERS_TABLE . " diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index c246e98396..0eab7d8a6f 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -472,6 +472,23 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas $ban_end = 0; } + $founder = array(); + + if (!$ban_exclude) + { + // Create a list of founder... + $sql = 'SELECT user_id, user_email + FROM ' . USERS_TABLE . ' + WHERE user_type = ' . USER_FOUNDER; + $result = $db->sql_query($sql); + + while ($row = $db->sql_fetchrow($result)) + { + $founder[$row['user_id']] = $row['user_email']; + } + $db->sql_freeresult($result); + } + $banlist_ary = array(); switch ($mode) @@ -502,6 +519,12 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas $sql = 'SELECT user_id FROM ' . USERS_TABLE . ' WHERE username IN (' . $sql_usernames . ')'; + + if (sizeof($founder)) + { + $sql .= ' AND user_id NOT IN (' . implode(', ', array_keys($founder)) . ')'; + } + $result = $db->sql_query($sql); if ($row = $db->sql_fetchrow($result)) @@ -618,9 +641,14 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas foreach ($ban_list as $ban_item) { - if (preg_match('#^.*?@*|(([a-z0-9\-]+\.)+([a-z]{2,3}))$#i', trim($ban_item))) + $ban_item = trim($ban_item); + + if (preg_match('#^.*?@*|(([a-z0-9\-]+\.)+([a-z]{2,3}))$#i', $ban_item)) { - $banlist_ary[] = trim($ban_item); + if (!sizeof($founder) || !in_array($ban_item, $founder)) + { + $banlist_ary[] = $ban_item; + } } } @@ -764,6 +792,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas // Update log $log_entry = ($ban_exclude) ? 'LOG_BAN_EXCLUDE_' : 'LOG_BAN_'; add_log('admin', $log_entry . strtoupper($mode), $ban_reason, $ban_list_log); + return true; } diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 09ae84a210..5f921fcc22 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -82,7 +82,7 @@ class session } // Current page from phpBB root (for example: adm/index.php?i=10&b=2) - $page = (($page_dir) ? $page_dir . '/' : '') . $page_name . (($query_string) ? "?$query_string" : ''); + $page = (($page_dir) ? urlencode($page_dir) . '/' : '') . urlencode($page_name) . (($query_string) ? "?$query_string" : ''); // The script path from the webroot to the current directory (for example: /phpBB2/adm/) : always prefixed with / and ends in / $script_path = trim(str_replace('\\', '/', dirname($script_name))); @@ -102,12 +102,12 @@ class session $root_script_path .= (substr($root_script_path, -1, 1) == '/') ? '' : '/'; $page_array += array( - 'page_name' => $page_name, - 'page_dir' => $page_dir, + 'page_name' => urlencode($page_name), + 'page_dir' => urlencode($page_dir), 'query_string' => $query_string, - 'script_path' => htmlspecialchars($script_path), - 'root_script_path' => htmlspecialchars($root_script_path), + 'script_path' => urlencode(htmlspecialchars($script_path)), + 'root_script_path' => urlencode(htmlspecialchars($root_script_path)), 'page' => $page ); @@ -763,8 +763,11 @@ class session $sql = 'SELECT ban_ip, ban_userid, ban_email, ban_exclude, ban_give_reason, ban_end FROM ' . BANLIST_TABLE . ' - WHERE ban_end >= ' . time() . ' - OR ban_end = 0'; + WHERE (ban_end >= ' . time() . " OR ban_end = 0) + AND ( + ban_ip <> '' OR ban_email <> '' OR + (ban_userid <> 0 AND ban_userid = " . $user_id . ') + )'; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) diff --git a/phpBB/includes/ucp/ucp_pm.php b/phpBB/includes/ucp/ucp_pm.php index c23456715f..f3a92f6adb 100644 --- a/phpBB/includes/ucp/ucp_pm.php +++ b/phpBB/includes/ucp/ucp_pm.php @@ -148,6 +148,7 @@ class ucp_pm include($phpbb_root_path . 'includes/ucp/ucp_main.' . $phpEx); $module = new ucp_main($this); + $module->u_action = $this->u_action; $module->main($id, $mode); $this->tpl_name = $module->tpl_name; diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index bc7f22427b..e8b8606015 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -243,7 +243,7 @@ function compose_pm($id, $mode, $action) if ($action == 'edit' && !$refresh && !$preview && !$submit) { - if (!($message_time > time() - $config['pm_edit_time'] || !$config['pm_edit_time'])) + if (!($message_time > time() - ($config['pm_edit_time'] * 60) || !$config['pm_edit_time'])) { trigger_error('CANNOT_EDIT_MESSAGE_TIME'); } diff --git a/phpBB/includes/ucp/ucp_pm_viewmessage.php b/phpBB/includes/ucp/ucp_pm_viewmessage.php index e66b519327..2eb17337cf 100644 --- a/phpBB/includes/ucp/ucp_pm_viewmessage.php +++ b/phpBB/includes/ucp/ucp_pm_viewmessage.php @@ -194,7 +194,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) 'U_AUTHOR_PROFILE' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $author_id), 'U_EMAIL' => $user_info['email'], 'U_QUOTE' => ($auth->acl_get('u_sendpm')) ? "$url&mode=compose&action=quote&f=$folder_id&p=" . $message_row['msg_id'] : '', - 'U_EDIT' => (($message_row['message_time'] > time() - $config['pm_edit_time'] || !$config['pm_edit_time']) && $folder_id == PRIVMSGS_OUTBOX && $auth->acl_get('u_pm_edit')) ? "$url&mode=compose&action=edit&f=$folder_id&p=" . $message_row['msg_id'] : '', + 'U_EDIT' => (($message_row['message_time'] > time() - ($config['pm_edit_time'] * 60) || !$config['pm_edit_time']) && $folder_id == PRIVMSGS_OUTBOX && $auth->acl_get('u_pm_edit')) ? "$url&mode=compose&action=edit&f=$folder_id&p=" . $message_row['msg_id'] : '', 'U_POST_REPLY_PM' => ($auth->acl_get('u_sendpm')) ? "$url&mode=compose&action=reply&f=$folder_id&p=" . $message_row['msg_id'] : '', 'U_PREVIOUS_PM' => "$url&f=$folder_id&p=" . $message_row['msg_id'] . "&view=previous", 'U_NEXT_PM' => "$url&f=$folder_id&p=" . $message_row['msg_id'] . "&view=next", diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php index 9326e41427..e7b602b0d1 100644 --- a/phpBB/includes/ucp/ucp_profile.php +++ b/phpBB/includes/ucp/ucp_profile.php @@ -49,10 +49,10 @@ class ucp_profile $data[$var] = request_var($var, $default); } + // Do not check cur_password, it is the old one. $var_ary = array( 'password_confirm' => array('string', true, $config['min_pass_chars'], $config['max_pass_chars']), 'new_password' => array('string', true, $config['min_pass_chars'], $config['max_pass_chars']), - 'cur_password' => array('string', true, $config['min_pass_chars'], $config['max_pass_chars']), 'email' => array( array('string', false, 6, 60), array('email', $data['email'])), |