aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes/acp
diff options
context:
space:
mode:
authorMeik Sievertsen <acydburn@phpbb.com>2006-10-20 13:48:44 +0000
committerMeik Sievertsen <acydburn@phpbb.com>2006-10-20 13:48:44 +0000
commitf4da66a9328d12a3a5cb3a36feb184a4686ca2f3 (patch)
tree85fe8abffa4507ce66c4a52e241a58bc5f454353 /phpBB/includes/acp
parentb572e0db8f18d36d71c7ad645839bb9b0cdb5f38 (diff)
downloadforums-f4da66a9328d12a3a5cb3a36feb184a4686ca2f3.tar
forums-f4da66a9328d12a3a5cb3a36feb184a4686ca2f3.tar.gz
forums-f4da66a9328d12a3a5cb3a36feb184a4686ca2f3.tar.bz2
forums-f4da66a9328d12a3a5cb3a36feb184a4686ca2f3.tar.xz
forums-f4da66a9328d12a3a5cb3a36feb184a4686ca2f3.zip
- adjust unread query a bit to cope with large topics (thanks bart!)
- fixing some bugs - more username_clean work git-svn-id: file:///svn/phpbb/trunk@6513 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/acp')
-rw-r--r--phpBB/includes/acp/acp_email.php4
-rw-r--r--phpBB/includes/acp/acp_groups.php2
-rw-r--r--phpBB/includes/acp/acp_permissions.php4
-rw-r--r--phpBB/includes/acp/acp_prune.php14
-rw-r--r--phpBB/includes/acp/acp_users.php5
5 files changed, 16 insertions, 13 deletions
diff --git a/phpBB/includes/acp/acp_email.php b/phpBB/includes/acp/acp_email.php
index b727829dc4..48ad8546d1 100644
--- a/phpBB/includes/acp/acp_email.php
+++ b/phpBB/includes/acp/acp_email.php
@@ -28,7 +28,7 @@ class acp_email
$submit = (isset($_POST['submit'])) ? true : false;
$error = array();
- $usernames = request_var('usernames', '');
+ $usernames = request_var('usernames', '', true);
$group_id = request_var('g', 0);
$subject = request_var('subject', '', true);
$message = request_var('message', '', true);
@@ -57,7 +57,7 @@ class acp_email
{
$sql = 'SELECT username, user_email, user_jabber, user_notify_type, user_lang
FROM ' . USERS_TABLE . '
- WHERE ' . $db->sql_in_set('username', explode("\n", $usernames)) . '
+ WHERE ' . $db->sql_in_set('username_clean', array_map('utf8_clean_string', explode("\n", $usernames))) . '
AND user_allow_massemail = 1
ORDER BY user_lang, user_notify_type'; // , SUBSTRING(user_email FROM INSTR(user_email, '@'))
}
diff --git a/phpBB/includes/acp/acp_groups.php b/phpBB/includes/acp/acp_groups.php
index a390bd8212..9df1c52d65 100644
--- a/phpBB/includes/acp/acp_groups.php
+++ b/phpBB/includes/acp/acp_groups.php
@@ -30,7 +30,7 @@ class acp_groups
$action = (isset($_POST['add'])) ? 'add' : ((isset($_POST['addusers'])) ? 'addusers' : request_var('action', ''));
$group_id = request_var('g', 0);
$mark_ary = request_var('mark', array(0));
- $name_ary = request_var('usernames', '');
+ $name_ary = request_var('usernames', '', true);
$leader = request_var('leader', 0);
$default = request_var('default', 0);
$start = request_var('start', 0);
diff --git a/phpBB/includes/acp/acp_permissions.php b/phpBB/includes/acp/acp_permissions.php
index f9f08ee694..5fcf692735 100644
--- a/phpBB/includes/acp/acp_permissions.php
+++ b/phpBB/includes/acp/acp_permissions.php
@@ -59,8 +59,8 @@ class acp_permissions
$subforum_id = request_var('subforum_id', 0);
$forum_id = request_var('forum_id', array(0));
- $username = request_var('username', array(''));
- $usernames = request_var('usernames', '');
+ $username = request_var('username', array(''), true);
+ $usernames = request_var('usernames', '', true);
$user_id = request_var('user_id', array(0));
$group_id = request_var('group_id', array(0));
diff --git a/phpBB/includes/acp/acp_prune.php b/phpBB/includes/acp/acp_prune.php
index 8fe9e10bae..e71fe33557 100644
--- a/phpBB/includes/acp/acp_prune.php
+++ b/phpBB/includes/acp/acp_prune.php
@@ -196,17 +196,18 @@ class acp_prune
{
if (confirm_box(true))
{
- $users = request_var('users', '');
+ $users = request_var('users', '', true);
$action = request_var('action', 'deactivate');
$deleteposts = request_var('deleteposts', 0);
if ($users)
{
- $where_sql = ' AND ' . $db->sql_in_set('username', explode("\n", $users));
+ $users = explode("\n", $users);
+ $where_sql = ' AND ' . $db->sql_in_set('username_clean', array_map('utf8_clean_string', $users));
}
else
{
- $username = request_var('username', '');
+ $username = request_var('username', '', true);
$email = request_var('email', '');
$joined_select = request_var('joined_select', 'lt');
@@ -224,7 +225,7 @@ class acp_prune
$sort_by_types = array('username', 'user_email', 'user_posts', 'user_regdate', 'user_lastvisit');
$where_sql = '';
- $where_sql .= ($username) ? " AND username LIKE '" . $db->sql_escape(str_replace('*', '%', $username)) . "'" : '';
+ $where_sql .= ($username) ? " AND username_clean LIKE '" . $db->sql_escape(str_replace('*', '%', utf8_clean_string($username))) . "'" : '';
$where_sql .= ($email) ? " AND user_email LIKE '" . $db->sql_escape(str_replace('*', '%', $email)) . "' " : '';
$where_sql .= (sizeof($joined)) ? " AND user_regdate " . $key_match[$joined_select] . ' ' . gmmktime(0, 0, 0, (int) $joined[1], (int) $joined[2], (int) $joined[0]) : '';
$where_sql .= ($count) ? " AND user_posts " . $key_match[$count_select] . " $count " : '';
@@ -244,7 +245,8 @@ class acp_prune
$db->sql_freeresult($result);
// Do not prune founder members
- $sql = 'SELECT username, user_id FROM ' . USERS_TABLE . '
+ $sql = 'SELECT user_id, username
+ FROM ' . USERS_TABLE . '
WHERE user_id <> ' . ANONYMOUS . '
AND user_type <> ' . USER_FOUNDER . "
$where_sql";
@@ -305,7 +307,7 @@ class acp_prune
'prune' => 1,
'users' => request_var('users', ''),
- 'username' => request_var('username', ''),
+ 'username' => request_var('username', '', true),
'email' => request_var('email', ''),
'joined_select' => request_var('joined_select', ''),
'joined' => request_var('joined', ''),
diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php
index 7cdd86d612..c6700f3688 100644
--- a/phpBB/includes/acp/acp_users.php
+++ b/phpBB/includes/acp/acp_users.php
@@ -34,7 +34,7 @@ class acp_users
include($phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx);
$error = array();
- $username = request_var('username', '');
+ $username = request_var('username', '', true);
$user_id = request_var('u', 0);
$action = request_var('action', '');
@@ -86,7 +86,7 @@ class acp_users
{
$sql = 'SELECT user_id
FROM ' . USERS_TABLE . "
- WHERE username = '" . $db->sql_escape($username) . "'";
+ WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
$result = $db->sql_query($sql);
$user_id = (int) $db->sql_fetchfield('user_id');
$db->sql_freeresult($result);
@@ -736,6 +736,7 @@ class acp_users
if ($update_username !== false)
{
$sql_ary['username'] = $update_username;
+ $sql_ary['username_clean'] = utf8_clean_string($update_username);
add_log('user', $user_id, 'LOG_USER_UPDATE_NAME', $user_row['username'], $update_username);
}
generated by cgit v1.2.1 (git 2.21.0) at 2026-05-17 10:00:44 +0000