diff options
| author | Henry Sudhof <kellanved@phpbb.com> | 2007-10-03 15:05:54 +0000 |
|---|---|---|
| committer | Henry Sudhof <kellanved@phpbb.com> | 2007-10-03 15:05:54 +0000 |
| commit | 4defd8a8306fa8daa25427a37fb6db00bff390c7 (patch) | |
| tree | 7914a43cdc9b2d2107e7baeb7061990664bdd841 /phpBB/includes/mcp | |
| parent | 87e2e62c34da983258944db361d9a9b9785737e6 (diff) | |
| download | forums-4defd8a8306fa8daa25427a37fb6db00bff390c7.tar forums-4defd8a8306fa8daa25427a37fb6db00bff390c7.tar.gz forums-4defd8a8306fa8daa25427a37fb6db00bff390c7.tar.bz2 forums-4defd8a8306fa8daa25427a37fb6db00bff390c7.tar.xz forums-4defd8a8306fa8daa25427a37fb6db00bff390c7.zip | |
Ok, here comes a big one. Poor updater. Also requires testing.
#i91
#i92
#i93
#i94
#i95
#i96
git-svn-id: file:///svn/phpbb/trunk@8120 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/mcp')
| -rw-r--r-- | phpBB/includes/mcp/mcp_ban.php | 1 | ||||
| -rwxr-xr-x | phpBB/includes/mcp/mcp_notes.php | 40 | ||||
| -rw-r--r-- | phpBB/includes/mcp/mcp_post.php | 11 | ||||
| -rw-r--r-- | phpBB/includes/mcp/mcp_topic.php | 14 | ||||
| -rwxr-xr-x | phpBB/includes/mcp/mcp_warn.php | 26 |
5 files changed, 66 insertions, 26 deletions
diff --git a/phpBB/includes/mcp/mcp_ban.php b/phpBB/includes/mcp/mcp_ban.php index 4b33af8b09..212116dfba 100644 --- a/phpBB/includes/mcp/mcp_ban.php +++ b/phpBB/includes/mcp/mcp_ban.php @@ -49,7 +49,6 @@ class mcp_ban $ban_exclude = request_var('banexclude', 0); $ban_reason = utf8_normalize_nfc(request_var('banreason', '', true)); $ban_give_reason = utf8_normalize_nfc(request_var('bangivereason', '', true)); - if ($ban) { diff --git a/phpBB/includes/mcp/mcp_notes.php b/phpBB/includes/mcp/mcp_notes.php index 6e6e1ffdd9..3519e86424 100755 --- a/phpBB/includes/mcp/mcp_notes.php +++ b/phpBB/includes/mcp/mcp_notes.php @@ -74,6 +74,8 @@ class mcp_notes $sk = request_var('sk', 'b'); $sd = request_var('sd', 'd'); + add_form_key('mcp_notes'); + $sql_where = ($user_id) ? "user_id = $user_id" : "username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; $sql = 'SELECT * @@ -121,15 +123,22 @@ class mcp_notes if ($where_sql || $deleteall) { - $sql = 'DELETE FROM ' . LOG_TABLE . ' - WHERE log_type = ' . LOG_USERS . " - AND reportee_id = $user_id - $where_sql"; - $db->sql_query($sql); + if (check_form_key('mcp_notes')) + { + $sql = 'DELETE FROM ' . LOG_TABLE . ' + WHERE log_type = ' . LOG_USERS . " + AND reportee_id = $user_id + $where_sql"; + $db->sql_query($sql); - add_log('admin', 'LOG_CLEAR_USER', $userrow['username']); + add_log('admin', 'LOG_CLEAR_USER', $userrow['username']); - $msg = ($deletemark) ? 'MARKED_NOTES_DELETED' : 'ALL_NOTES_DELETED'; + $msg = ($deletemark) ? 'MARKED_NOTES_DELETED' : 'ALL_NOTES_DELETED'; + } + else + { + $msg = 'FORM_INVALID'; + } $redirect = $this->u_action . '&u=' . $user_id; meta_refresh(3, $redirect); trigger_error($user->lang[$msg] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>')); @@ -138,15 +147,22 @@ class mcp_notes if ($usernote && $action == 'add_feedback') { - add_log('admin', 'LOG_USER_FEEDBACK', $userrow['username']); - add_log('mod', 0, 0, 'LOG_USER_FEEDBACK', $userrow['username']); - - add_log('user', $user_id, 'LOG_USER_GENERAL', $usernote); + if(check_form_key('mcp_notes')) + { + add_log('admin', 'LOG_USER_FEEDBACK', $userrow['username']); + add_log('mod', 0, 0, 'LOG_USER_FEEDBACK', $userrow['username']); + add_log('user', $user_id, 'LOG_USER_GENERAL', $usernote); + $msg = $user->lang['USER_FEEDBACK_ADDED']; + } + else + { + $msg = $user->lang['FORM_INVALID']; + } $redirect = $this->u_action; meta_refresh(3, $redirect); - trigger_error($user->lang['USER_FEEDBACK_ADDED'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>')); + trigger_error($msg . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>')); } // Generate the appropriate user information for the user we are looking at diff --git a/phpBB/includes/mcp/mcp_post.php b/phpBB/includes/mcp/mcp_post.php index 4a5bf77bca..2da4c1769a 100644 --- a/phpBB/includes/mcp/mcp_post.php +++ b/phpBB/includes/mcp/mcp_post.php @@ -24,6 +24,8 @@ function mcp_post_details($id, $mode, $action) // Get post data $post_info = get_post_data(array($post_id), false, true); + add_form_key('mcp_post_details'); + if (!sizeof($post_info)) { trigger_error('POST_NOT_EXIST'); @@ -82,7 +84,14 @@ function mcp_post_details($id, $mode, $action) if ($auth->acl_get('m_chgposter', $post_info['forum_id'])) { - change_poster($post_info, $row); + if (check_form_key('mcp_post_details')) + { + change_poster($post_info, $row); + } + else + { + trigger_error('FORM_INVALID'); + } } break; diff --git a/phpBB/includes/mcp/mcp_topic.php b/phpBB/includes/mcp/mcp_topic.php index 4459c8e673..ef3dea55d2 100644 --- a/phpBB/includes/mcp/mcp_topic.php +++ b/phpBB/includes/mcp/mcp_topic.php @@ -40,7 +40,7 @@ function mcp_topic_view($id, $mode, $action) $to_forum_id = request_var('to_forum_id', 0); $post_id_list = request_var('post_id_list', array(0)); $sort = isset($_POST['sort']) ? true : false; - + // Split Topic? if ($action == 'split_all' || $action == 'split_beyond') { @@ -98,8 +98,8 @@ function mcp_topic_view($id, $mode, $action) if ($total == -1) { $total = $topic_info['topic_replies'] + 1; - } - + } + $posts_per_page = max(0, request_var('posts_per_page', intval($config['posts_per_page']))); if ($posts_per_page == 0) { @@ -220,7 +220,7 @@ function mcp_topic_view($id, $mode, $action) 'S_POST_UNAPPROVED' => ($row['post_approved']) ? false : true, 'S_CHECKED' => ($post_id_list && in_array(intval($row['post_id']), $post_id_list)) ? true : false, 'S_HAS_ATTACHMENTS' => (!empty($attachments[$row['post_id']])) ? true : false, - + 'U_POST_DETAILS' => "$url&i=$id&p={$row['post_id']}&mode=post_details" . (($forum_id) ? "&f=$forum_id" : ''), 'U_MCP_APPROVE' => ($auth->acl_get('m_approve', $topic_info['forum_id'])) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&mode=approve_details&f=' . $topic_info['forum_id'] . '&p=' . $row['post_id']) : '', 'U_MCP_REPORT' => ($auth->acl_get('m_report', $topic_info['forum_id'])) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports&mode=report_details&f=' . $topic_info['forum_id'] . '&p=' . $row['post_id']) : '') @@ -268,11 +268,11 @@ function mcp_topic_view($id, $mode, $action) } } } - + $s_hidden_fields = build_hidden_fields(array( 'st_old' => $sort_days, )); - + $template->assign_vars(array( 'TOPIC_TITLE' => $topic_info['topic_title'], 'U_VIEW_TOPIC' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $topic_info['forum_id'] . '&t=' . $topic_info['topic_id']), @@ -298,7 +298,7 @@ function mcp_topic_view($id, $mode, $action) 'S_REPORT_VIEW' => ($action == 'reports') ? true : false, 'S_MERGE_VIEW' => ($action == 'merge') ? true : false, 'S_SPLIT_VIEW' => ($action == 'split') ? true : false, - + 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_SHOW_TOPIC_ICONS' => $s_topic_icons, diff --git a/phpBB/includes/mcp/mcp_warn.php b/phpBB/includes/mcp/mcp_warn.php index 3f61f6549a..a997d01ca5 100755 --- a/phpBB/includes/mcp/mcp_warn.php +++ b/phpBB/includes/mcp/mcp_warn.php @@ -37,6 +37,8 @@ class mcp_warn $this->page_title = 'MCP_WARN'; + add_form_key('mcp_warn'); + switch ($mode) { case 'front': @@ -241,8 +243,15 @@ class mcp_warn if ($warning && $action == 'add_warning') { - add_warning($user_row, $warning, $notify, $post_id); - + if (check_form_key('mcp_warn')) + { + add_warning($user_row, $warning, $notify, $post_id); + $msg = $user->lang['USER_WARNING_ADDED']; + } + else + { + $msg = $user->lang['FORM_INVALID']; + } $redirect = append_sid("{$phpbb_root_path}mcp.$phpEx", "i=notes&mode=user_notes&u=$user_id"); meta_refresh(2, $redirect); trigger_error($user->lang['USER_WARNING_ADDED'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>')); @@ -336,11 +345,18 @@ class mcp_warn if ($warning && $action == 'add_warning') { - add_warning($user_row, $warning, $notify); - + if(check_form_key('mcp_warn')) + { + add_warning($user_row, $warning, $notify); + $msg = $user->lang['USER_WARNING_ADDED']; + } + else + { + $msg = $user->lang['FORM_INVALID']; + } $redirect = append_sid("{$phpbb_root_path}mcp.$phpEx", "i=notes&mode=user_notes&u=$user_id"); meta_refresh(2, $redirect); - trigger_error($user->lang['USER_WARNING_ADDED'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>')); + trigger_error($msg . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>')); } // Generate the appropriate user information for the user we are looking at |