diff options
| author | natec <natec@users.sourceforge.net> | 2001-11-25 23:31:04 +0000 |
|---|---|---|
| committer | natec <natec@users.sourceforge.net> | 2001-11-25 23:31:04 +0000 |
| commit | dbb0ce8eeeeb9091d814e673b047253909c0d8c7 (patch) | |
| tree | 910c94ff8472fabd8cb09a083dd67f71408765e7 | |
| parent | a25d1820f584595a8d55398358f4ebfd8e165773 (diff) | |
| download | forums-dbb0ce8eeeeb9091d814e673b047253909c0d8c7.tar forums-dbb0ce8eeeeb9091d814e673b047253909c0d8c7.tar.gz forums-dbb0ce8eeeeb9091d814e673b047253909c0d8c7.tar.bz2 forums-dbb0ce8eeeeb9091d814e673b047253909c0d8c7.tar.xz forums-dbb0ce8eeeeb9091d814e673b047253909c0d8c7.zip | |
Fixed bug 478218 -- [ and ] in usernames qith quote= bbcode. Usernames can no longer contain the double-quote character. Also removed a dupe from lang_main file.
git-svn-id: file:///svn/phpbb/trunk@1441 89ea8834-ac86-4346-8a33-228a782c2dd0
| -rw-r--r-- | phpBB/includes/bbcode.php | 6 | ||||
| -rw-r--r-- | phpBB/includes/functions.php | 7 | ||||
| -rw-r--r-- | phpBB/language/lang_english/lang_main.php | 3 | ||||
| -rw-r--r-- | phpBB/posting.php | 4 | ||||
| -rw-r--r-- | phpBB/privmsg.php | 4 | ||||
| -rw-r--r-- | phpBB/profile.php | 1 |
6 files changed, 15 insertions, 10 deletions
diff --git a/phpBB/includes/bbcode.php b/phpBB/includes/bbcode.php index f86167deff..11c9ea88c1 100644 --- a/phpBB/includes/bbcode.php +++ b/phpBB/includes/bbcode.php @@ -167,7 +167,7 @@ function bbencode_second_pass($text, $uid) $text = str_replace("[quote:$uid]", $bbcode_tpl['quote_open'], $text); $text = str_replace("[/quote:$uid]", $bbcode_tpl['quote_close'], $text); - $text = preg_replace("/\[quote:$uid=(.*?)\]/si", $bbcode_tpl['quote_username_open'], $text); + $text = preg_replace("/\[quote:$uid=\"?(.*?)\"?\]/si", $bbcode_tpl['quote_username_open'], $text); // [b] and [/b] for bolding text. $text = str_replace("[b:$uid]", $bbcode_tpl['b_open'], $text); @@ -240,7 +240,7 @@ function bbencode_first_pass($text, $uid) // [QUOTE] and [/QUOTE] for posting replies with quote, or just for quoting stuff. $text = bbencode_first_pass_pda($text, $uid, '[quote]', '[/quote]', '', false, ''); - $text = bbencode_first_pass_pda($text, $uid, '/\[quote=(.*?)\]/is', '[/quote]', '', false, '', "[quote:$uid=\\1]"); + $text = bbencode_first_pass_pda($text, $uid, '/\[quote=(\\\\".*?\\\\")\]/is', '[/quote]', '', false, '', "[quote:$uid=\\1]"); // [list] and [list=x] for (un)ordered lists. $open_tag = array(); @@ -276,8 +276,6 @@ function bbencode_first_pass($text, $uid) // Remove our padding from the string.. $text = substr($text, 1); - // Add the uid tag to the start of the string.. - //$text = '[uid=' . $uid . ']' . $text; return $text; diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 0f4961d6e2..4c93d6a6f7 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -476,6 +476,7 @@ function generate_pagination($base_url, $num_items, $per_page, $start_item, $add // // Check to see if the username has been taken, or if it is disallowed. +// Also checks if it includes the " character, which we don't allow in usernames. // Used for registering, changing names, and posting anonymously with a username // function validate_username($username) @@ -550,6 +551,12 @@ function validate_username($username) } } + // Don't allow " in username. + if ( strstr($username, '"') ) + { + return FALSE; + } + return(TRUE); } diff --git a/phpBB/language/lang_english/lang_main.php b/phpBB/language/lang_english/lang_main.php index 1e58d85d66..2ec49b6e28 100644 --- a/phpBB/language/lang_english/lang_main.php +++ b/phpBB/language/lang_english/lang_main.php @@ -455,7 +455,6 @@ $lang['Search_user_posts'] = "Find all posts by %s"; // Find all posts by userna $lang['No_user_id_specified'] = "Sorry but that user does not exist"; $lang['Wrong_Profile'] = "You cannot modify a profile that is not your own."; -$lang['Bad_username'] = "The username you choose has been taken or is disallowed by the administrator."; $lang['Sorry_banned_or_taken_email'] = "Sorry but the email address you gave has either been banned, is already registered to another user or is invalid. Please try an alternative address, if that is also banned you should contact the board administrator for advice"; $lang['Only_one_avatar'] = "Only one type of avatar can be specified"; $lang['File_no_data'] = "The file at the URL you gave contains no data"; @@ -514,7 +513,7 @@ $lang['Profile_updated_inactive'] = "Your profile has been updated, however you $lang['Password_mismatch'] = "The passwords you entered did not match"; $lang['Current_password_mismatch'] = "The current password you supplied does not match that stored in the database"; -$lang['Invalid_username'] = "The username you requested has been taken or disallowed"; +$lang['Invalid_username'] = "The username you requested has been taken or disallowed, or contains invalid characters like the \" character"; $lang['Signature_too_long'] = "Your signature is too long"; $lang['Fields_empty'] = "You must fill in the required fields"; $lang['Avatar_filetype'] = "The avatar filetype must be .jpg, .gif or .png"; diff --git a/phpBB/posting.php b/phpBB/posting.php index c6a70d5372..7be2c1512b 100644 --- a/phpBB/posting.php +++ b/phpBB/posting.php @@ -1040,7 +1040,7 @@ if( $submit && $mode != "vote" ) { $error_msg .= "<br />"; } - $error_msg .= $lang['Bad_username']; + $error_msg .= $lang['Invalid_username']; } } else @@ -2358,7 +2358,7 @@ else $msg_date = create_date($board_config['default_dateformat'], $postrow['post_time'], $board_config['board_timezone']); - $post_message = "[quote=" . $post_username . "]\n" . $post_message . "\n[/quote]"; + $post_message = "[quote=\"" . $post_username . "\"]\n" . $post_message . "\n[/quote]"; $mode = "reply"; } diff --git a/phpBB/privmsg.php b/phpBB/privmsg.php index 9493434cc1..fa3e55fde7 100644 --- a/phpBB/privmsg.php +++ b/phpBB/privmsg.php @@ -1263,7 +1263,7 @@ else if( $submit || $refresh || $mode != "" ) $to_username = $privmsg['username']; $to_userid = $privmsg['user_id']; - $privmsg_message = preg_replace("/(|\:1)\:$post_bbcode_uid(|\:[a-z])/si", "", $privmsg_message); + $privmsg_message = preg_replace("/\:(([a-z0-9]:)?)$post_bbcode_uid/si", "", $privmsg_message); $privmsg_message = str_replace("<br />", "\n", $privmsg_message); $privmsg_message = preg_replace($html_entities_match, $html_entities_replace, $privmsg_message); $privmsg_message = preg_replace('#</textarea>#si', '</textarea>', $privmsg_message); @@ -1274,7 +1274,7 @@ else if( $submit || $refresh || $mode != "" ) $msg_date = create_date($board_config['default_dateformat'], $privmsg['privmsgs_date'], $board_config['board_timezone']); //"[date]" . $privmsg['privmsgs_time'] . "[/date]"; - $privmsg_message = "[quote=" . $to_username . "]\n" . $privmsg_message . "\n[/quote]"; + $privmsg_message = "[quote=\"" . $to_username . "\"]\n" . $privmsg_message . "\n[/quote]"; $mode = "reply"; } diff --git a/phpBB/profile.php b/phpBB/profile.php index 1fa3a24875..7ed4ec653f 100644 --- a/phpBB/profile.php +++ b/phpBB/profile.php @@ -546,6 +546,7 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) ) $error = TRUE; $error_msg = $lang['Fields_empty']; } + } $passwd_sql = ""; |