diff options
Diffstat (limited to 'phpBB/includes')
| -rw-r--r-- | phpBB/includes/acp/acp_users.php | 8 | ||||
| -rw-r--r-- | phpBB/includes/functions_user.php | 12 | ||||
| -rw-r--r-- | phpBB/includes/mcp/mcp_post.php | 26 |
3 files changed, 24 insertions, 22 deletions
diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index e54ebf0a95..aaf066dfca 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -47,13 +47,7 @@ class acp_users $user_ip = request_var('user_ip', ''); $domain = gethostbyaddr($user_ip); - $ipwhois = ''; - - if ($ipwhois = user_ipwhois($user_ip)) - { - $ipwhois = preg_replace('#(\s)([\w\-\._\+]+@[\w\-\.]+)(\s)#', '\1<a href="mailto:\2">\2</a>\3', $ipwhois); - $ipwhois = preg_replace('#(\s)(http:/{2}[^\s]*)(\s)#', '\1<a href="\2">\2</a>\3', $ipwhois); - } + $ipwhois = user_ipwhois($user_ip); $template->assign_vars(array( 'MESSAGE_TITLE' => sprintf($user->lang['IP_WHOIS_FOR'], $domain), diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 86113899c7..fd077a796a 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1112,6 +1112,13 @@ function user_ipwhois($ip) { $ipwhois = ''; + // Check IP + // Only supporting IPv4 at the moment... + if (empty($ip) || !preg_match(get_preg_expression('ipv4'), $ip)) + { + return ''; + } + $match = array( '#RIPE\.NET#is' => 'whois.ripe.net', '#whois\.apnic\.net#is' => 'whois.apnic.net', @@ -1147,7 +1154,10 @@ function user_ipwhois($ip) } } - return $ipwhois; + $ipwhois = htmlspecialchars($ipwhois); + + // Magic URL ;) + return trim(make_clickable($ipwhois, false, '')); } /** diff --git a/phpBB/includes/mcp/mcp_post.php b/phpBB/includes/mcp/mcp_post.php index dd10750d99..b98910f55f 100644 --- a/phpBB/includes/mcp/mcp_post.php +++ b/phpBB/includes/mcp/mcp_post.php @@ -36,20 +36,18 @@ function mcp_post_details($id, $mode, $action) { case 'whois': - $ip = request_var('ip', ''); - include($phpbb_root_path . 'includes/functions_user.' . $phpEx); - - $whois = user_ipwhois($ip); - - $whois = preg_replace('#(\s)([\w\-\._\+]+@[\w\-\.]+)(\s)#', '\1<a href="mailto:\2">\2</a>\3', $whois); - $whois = preg_replace('#(\s)(ht{2}p:/{2}\S*)(\s)#', '\1<a href="\2">\2</a>\3', $whois); - - $template->assign_vars(array( - 'RETURN_POST' => sprintf($user->lang['RETURN_POST'], '<a href="' . append_sid("{$phpbb_root_path}mcp.$phpEx", "i=$id&mode=$mode&p=$post_id") . '">', '</a>'), - 'U_RETURN_POST' => append_sid("{$phpbb_root_path}mcp.$phpEx", "i=$id&mode=$mode&p=$post_id"), - 'L_RETURN_POST' => sprintf($user->lang['RETURN_POST'], '', ''), - 'WHOIS' => trim($whois)) - ); + if ($auth->acl_get('m_info', $post_info['forum_id'])) + { + $ip = request_var('ip', ''); + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + + $template->assign_vars(array( + 'RETURN_POST' => sprintf($user->lang['RETURN_POST'], '<a href="' . append_sid("{$phpbb_root_path}mcp.$phpEx", "i=$id&mode=$mode&p=$post_id") . '">', '</a>'), + 'U_RETURN_POST' => append_sid("{$phpbb_root_path}mcp.$phpEx", "i=$id&mode=$mode&p=$post_id"), + 'L_RETURN_POST' => sprintf($user->lang['RETURN_POST'], '', ''), + 'WHOIS' => user_ipwhois($ip), + )); + } // We're done with the whois page so return return; |