diff options
author | Maat <maat-pub@mageia.biz> | 2020-05-08 21:52:11 +0200 |
---|---|---|
committer | Maat <maat-pub@mageia.biz> | 2020-05-08 21:52:11 +0200 |
commit | 8ea437e30605e0f66b5220bf904a61d7c1d11ddd (patch) | |
tree | e0db2bb4a012d5b06a633160b19f62f4868ecd28 /phpBB/includes/ucp | |
parent | 36bc1870f21fac04736a1049c1d5b8e127d729f4 (diff) | |
parent | 2fdd46b36431ae0f58bb2e78e42553168db9a0ff (diff) | |
download | forums-8ea437e30605e0f66b5220bf904a61d7c1d11ddd.tar forums-8ea437e30605e0f66b5220bf904a61d7c1d11ddd.tar.gz forums-8ea437e30605e0f66b5220bf904a61d7c1d11ddd.tar.bz2 forums-8ea437e30605e0f66b5220bf904a61d7c1d11ddd.tar.xz forums-8ea437e30605e0f66b5220bf904a61d7c1d11ddd.zip |
Merge remote-tracking branch 'upstream/prep-release-3.2.9'
Diffstat (limited to 'phpBB/includes/ucp')
28 files changed, 1004 insertions, 589 deletions
diff --git a/phpBB/includes/ucp/info/ucp_attachments.php b/phpBB/includes/ucp/info/ucp_attachments.php index 2e20106f5c..96e7956db9 100644 --- a/phpBB/includes/ucp/info/ucp_attachments.php +++ b/phpBB/includes/ucp/info/ucp_attachments.php @@ -18,7 +18,6 @@ class ucp_attachments_info return array( 'filename' => 'ucp_attachments', 'title' => 'UCP_ATTACHMENTS', - 'version' => '1.0.0', 'modes' => array( 'attachments' => array('title' => 'UCP_MAIN_ATTACHMENTS', 'auth' => 'acl_u_attach', 'cat' => array('UCP_MAIN')), ), diff --git a/phpBB/includes/ucp/info/ucp_auth_link.php b/phpBB/includes/ucp/info/ucp_auth_link.php index 9ec4cb7b3a..57c9269c5e 100644 --- a/phpBB/includes/ucp/info/ucp_auth_link.php +++ b/phpBB/includes/ucp/info/ucp_auth_link.php @@ -18,7 +18,6 @@ class ucp_auth_link_info return array( 'filename' => 'ucp_auth_link', 'title' => 'UCP_AUTH_LINK', - 'version' => '1.0.0', 'modes' => array( 'auth_link' => array('title' => 'UCP_AUTH_LINK_MANAGE', 'auth' => 'authmethod_oauth', 'cat' => array('UCP_PROFILE')), ), diff --git a/phpBB/includes/ucp/info/ucp_groups.php b/phpBB/includes/ucp/info/ucp_groups.php index 6da2a4fe38..42eb285075 100644 --- a/phpBB/includes/ucp/info/ucp_groups.php +++ b/phpBB/includes/ucp/info/ucp_groups.php @@ -18,7 +18,6 @@ class ucp_groups_info return array( 'filename' => 'ucp_groups', 'title' => 'UCP_USERGROUPS', - 'version' => '1.0.0', 'modes' => array( 'membership' => array('title' => 'UCP_USERGROUPS_MEMBER', 'auth' => '', 'cat' => array('UCP_USERGROUPS')), 'manage' => array('title' => 'UCP_USERGROUPS_MANAGE', 'auth' => '', 'cat' => array('UCP_USERGROUPS')), diff --git a/phpBB/includes/ucp/info/ucp_main.php b/phpBB/includes/ucp/info/ucp_main.php index de8e7d5602..e967b8445f 100644 --- a/phpBB/includes/ucp/info/ucp_main.php +++ b/phpBB/includes/ucp/info/ucp_main.php @@ -18,7 +18,6 @@ class ucp_main_info return array( 'filename' => 'ucp_main', 'title' => 'UCP_MAIN', - 'version' => '1.0.0', 'modes' => array( 'front' => array('title' => 'UCP_MAIN_FRONT', 'auth' => '', 'cat' => array('UCP_MAIN')), 'subscribed' => array('title' => 'UCP_MAIN_SUBSCRIBED', 'auth' => '', 'cat' => array('UCP_MAIN')), diff --git a/phpBB/includes/ucp/info/ucp_notifications.php b/phpBB/includes/ucp/info/ucp_notifications.php index 0cc011d96e..94e0467ccb 100644 --- a/phpBB/includes/ucp/info/ucp_notifications.php +++ b/phpBB/includes/ucp/info/ucp_notifications.php @@ -18,10 +18,9 @@ class ucp_notifications_info return array( 'filename' => 'ucp_notifications', 'title' => 'UCP_NOTIFICATION_OPTIONS', - 'version' => '1.0.0', 'modes' => array( 'notification_options' => array('title' => 'UCP_NOTIFICATION_OPTIONS', 'auth' => '', 'cat' => array('UCP_PREFS')), - 'notification_list' => array('title' => 'UCP_NOTIFICATION_LIST', 'auth' => '', 'cat' => array('UCP_MAIN')), + 'notification_list' => array('title' => 'UCP_NOTIFICATION_LIST', 'auth' => 'cfg_allow_board_notifications', 'cat' => array('UCP_MAIN')), ), ); } diff --git a/phpBB/includes/ucp/info/ucp_pm.php b/phpBB/includes/ucp/info/ucp_pm.php index 6aa1669cb6..26bd670fc5 100644 --- a/phpBB/includes/ucp/info/ucp_pm.php +++ b/phpBB/includes/ucp/info/ucp_pm.php @@ -18,7 +18,6 @@ class ucp_pm_info return array( 'filename' => 'ucp_pm', 'title' => 'UCP_PM', - 'version' => '1.0.0', 'modes' => array( 'view' => array('title' => 'UCP_PM_VIEW', 'auth' => 'cfg_allow_privmsg', 'display' => false, 'cat' => array('UCP_PM')), 'compose' => array('title' => 'UCP_PM_COMPOSE', 'auth' => 'cfg_allow_privmsg', 'cat' => array('UCP_PM')), diff --git a/phpBB/includes/ucp/info/ucp_prefs.php b/phpBB/includes/ucp/info/ucp_prefs.php index 5c2d29ac73..4793aa2649 100644 --- a/phpBB/includes/ucp/info/ucp_prefs.php +++ b/phpBB/includes/ucp/info/ucp_prefs.php @@ -18,7 +18,6 @@ class ucp_prefs_info return array( 'filename' => 'ucp_prefs', 'title' => 'UCP_PREFS', - 'version' => '1.0.0', 'modes' => array( 'personal' => array('title' => 'UCP_PREFS_PERSONAL', 'auth' => '', 'cat' => array('UCP_PREFS')), 'post' => array('title' => 'UCP_PREFS_POST', 'auth' => '', 'cat' => array('UCP_PREFS')), diff --git a/phpBB/includes/ucp/info/ucp_profile.php b/phpBB/includes/ucp/info/ucp_profile.php index 919de99a96..fc2792224d 100644 --- a/phpBB/includes/ucp/info/ucp_profile.php +++ b/phpBB/includes/ucp/info/ucp_profile.php @@ -18,7 +18,6 @@ class ucp_profile_info return array( 'filename' => 'ucp_profile', 'title' => 'UCP_PROFILE', - 'version' => '1.0.0', 'modes' => array( 'profile_info' => array('title' => 'UCP_PROFILE_PROFILE_INFO', 'auth' => 'acl_u_chgprofileinfo', 'cat' => array('UCP_PROFILE')), 'signature' => array('title' => 'UCP_PROFILE_SIGNATURE', 'auth' => 'acl_u_sig', 'cat' => array('UCP_PROFILE')), diff --git a/phpBB/includes/ucp/info/ucp_zebra.php b/phpBB/includes/ucp/info/ucp_zebra.php index 99d4a4f4c0..69274c2866 100644 --- a/phpBB/includes/ucp/info/ucp_zebra.php +++ b/phpBB/includes/ucp/info/ucp_zebra.php @@ -18,7 +18,6 @@ class ucp_zebra_info return array( 'filename' => 'ucp_zebra', 'title' => 'UCP_ZEBRA', - 'version' => '1.0.0', 'modes' => array( 'friends' => array('title' => 'UCP_ZEBRA_FRIENDS', 'auth' => '', 'cat' => array('UCP_ZEBRA')), 'foes' => array('title' => 'UCP_ZEBRA_FOES', 'auth' => '', 'cat' => array('UCP_ZEBRA')), diff --git a/phpBB/includes/ucp/ucp_activate.php b/phpBB/includes/ucp/ucp_activate.php index 1f5ce93277..7a90f2e3b1 100644 --- a/phpBB/includes/ucp/ucp_activate.php +++ b/phpBB/includes/ucp/ucp_activate.php @@ -29,11 +29,11 @@ class ucp_activate function main($id, $mode) { - global $config, $phpbb_root_path, $phpEx; - global $db, $user, $auth, $template, $phpbb_container, $phpbb_dispatcher; + global $config, $phpbb_root_path, $phpEx, $request; + global $db, $user, $auth, $phpbb_container, $phpbb_log, $phpbb_dispatcher; - $user_id = request_var('u', 0); - $key = request_var('k', ''); + $user_id = $request->variable('u', 0); + $key = $request->variable('k', ''); $sql = 'SELECT user_id, username, user_type, user_email, user_newpasswd, user_lang, user_notify_type, user_actkey, user_inactive_reason FROM ' . USERS_TABLE . " @@ -67,6 +67,7 @@ class ucp_activate { login_box('', $user->lang['NO_AUTH_OPERATION']); } + send_status_line(403, 'Forbidden'); trigger_error('NO_AUTH_OPERATION'); } @@ -86,7 +87,12 @@ class ucp_activate WHERE user_id = ' . $user_row['user_id']; $db->sql_query($sql); - add_log('user', $user_row['user_id'], 'LOG_USER_NEW_PASSWORD', $user_row['username']); + $user->reset_login_keys($user_row['user_id']); + + $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_NEW_PASSWORD', false, array( + 'reportee_id' => $user_row['user_id'], + $user_row['username'] + )); } if (!$update_password) @@ -101,15 +107,19 @@ class ucp_activate $db->sql_query($sql); // Create the correct logs - add_log('user', $user_row['user_id'], 'LOG_USER_ACTIVE_USER'); + $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_ACTIVE_USER', false, array( + 'reportee_id' => $user_row['user_id'] + )); + if ($auth->acl_get('a_user')) { - add_log('admin', 'LOG_USER_ACTIVE', $user_row['username']); + $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_ACTIVE', false, array($user_row['username'])); } } if ($config['require_activation'] == USER_ACTIVATION_ADMIN && !$update_password) { + /* @var $phpbb_notifications \phpbb\notification\manager */ $phpbb_notifications = $phpbb_container->get('notification_manager'); $phpbb_notifications->delete_notifications('notification.type.admin_activate_user', $user_row['user_id']); diff --git a/phpBB/includes/ucp/ucp_attachments.php b/phpBB/includes/ucp/ucp_attachments.php index 42724209aa..7808fed325 100644 --- a/phpBB/includes/ucp/ucp_attachments.php +++ b/phpBB/includes/ucp/ucp_attachments.php @@ -29,35 +29,45 @@ class ucp_attachments function main($id, $mode) { - global $template, $user, $db, $config, $phpEx, $phpbb_root_path, $phpbb_container; + global $template, $user, $db, $config, $phpEx, $phpbb_root_path, $phpbb_container, $request, $auth; - $start = request_var('start', 0); - $sort_key = request_var('sk', 'a'); - $sort_dir = request_var('sd', 'a'); + $start = $request->variable('start', 0); + $sort_key = $request->variable('sk', 'a'); + $sort_dir = $request->variable('sd', 'a'); $delete = (isset($_POST['delete'])) ? true : false; - $confirm = (isset($_POST['confirm'])) ? true : false; - $delete_ids = array_keys(request_var('attachment', array(0))); + $delete_ids = array_keys($request->variable('attachment', array(0))); - if ($delete && sizeof($delete_ids)) + if ($delete && count($delete_ids)) { // Validate $delete_ids... - $sql = 'SELECT attach_id - FROM ' . ATTACHMENTS_TABLE . ' - WHERE poster_id = ' . $user->data['user_id'] . ' - AND is_orphan = 0 - AND ' . $db->sql_in_set('attach_id', $delete_ids); + $sql = 'SELECT a.attach_id, p.post_edit_locked, t.topic_status, f.forum_id, f.forum_status + FROM ' . ATTACHMENTS_TABLE . ' a + LEFT JOIN ' . POSTS_TABLE . ' p + ON (a.post_msg_id = p.post_id AND a.in_message = 0) + LEFT JOIN ' . TOPICS_TABLE . ' t + ON (t.topic_id = p.topic_id AND a.in_message = 0) + LEFT JOIN ' . FORUMS_TABLE . ' f + ON (f.forum_id = t.forum_id AND a.in_message = 0) + WHERE a.poster_id = ' . $user->data['user_id'] . ' + AND a.is_orphan = 0 + AND ' . $db->sql_in_set('a.attach_id', $delete_ids); $result = $db->sql_query($sql); $delete_ids = array(); while ($row = $db->sql_fetchrow($result)) { + if (!$auth->acl_get('m_edit', $row['forum_id']) && ($row['forum_status'] == ITEM_LOCKED || $row['topic_status'] == ITEM_LOCKED || $row['post_edit_locked'])) + { + continue; + } + $delete_ids[] = $row['attach_id']; } $db->sql_freeresult($result); } - if ($delete && sizeof($delete_ids)) + if ($delete && count($delete_ids)) { $s_hidden_fields = array( 'delete' => 1 @@ -70,20 +80,18 @@ class ucp_attachments if (confirm_box(true)) { - if (!function_exists('delete_attachments')) - { - include_once($phpbb_root_path . 'includes/functions_admin.' . $phpEx); - } - - delete_attachments('attach', $delete_ids); + /** @var \phpbb\attachment\manager $attachment_manager */ + $attachment_manager = $phpbb_container->get('attachment.manager'); + $attachment_manager->delete('attach', $delete_ids); + unset($attachment_manager); meta_refresh(3, $this->u_action); - $message = ((sizeof($delete_ids) == 1) ? $user->lang['ATTACHMENT_DELETED'] : $user->lang['ATTACHMENTS_DELETED']) . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); + $message = ((count($delete_ids) == 1) ? $user->lang['ATTACHMENT_DELETED'] : $user->lang['ATTACHMENTS_DELETED']) . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); trigger_error($message); } else { - confirm_box(false, (sizeof($delete_ids) == 1) ? 'DELETE_ATTACHMENT' : 'DELETE_ATTACHMENTS', build_hidden_fields($s_hidden_fields)); + confirm_box(false, (count($delete_ids) == 1) ? 'DELETE_ATTACHMENT' : 'DELETE_ATTACHMENTS', build_hidden_fields($s_hidden_fields)); } } @@ -123,13 +131,16 @@ class ucp_attachments $db->sql_freeresult($result); // Ensure start is a valid value + /* @var $pagination \phpbb\pagination */ $pagination = $phpbb_container->get('pagination'); $start = $pagination->validate_start($start, $config['topics_per_page'], $num_attachments); - $sql = 'SELECT a.*, t.topic_title, p.message_subject as message_title + $sql = 'SELECT a.*, t.topic_title, pr.message_subject as message_title, p.post_edit_locked, t.topic_status, f.forum_id, f.forum_status FROM ' . ATTACHMENTS_TABLE . ' a + LEFT JOIN ' . POSTS_TABLE . ' p ON (a.post_msg_id = p.post_id AND a.in_message = 0) LEFT JOIN ' . TOPICS_TABLE . ' t ON (a.topic_id = t.topic_id AND a.in_message = 0) - LEFT JOIN ' . PRIVMSGS_TABLE . ' p ON (a.post_msg_id = p.msg_id AND a.in_message = 1) + LEFT JOIN ' . FORUMS_TABLE . ' f ON (f.forum_id = t.forum_id AND a.in_message = 0) + LEFT JOIN ' . PRIVMSGS_TABLE . ' pr ON (a.post_msg_id = pr.msg_id AND a.in_message = 1) WHERE a.poster_id = ' . $user->data['user_id'] . " AND a.is_orphan = 0 ORDER BY $order_by"; @@ -166,6 +177,7 @@ class ucp_attachments 'TOPIC_ID' => $row['topic_id'], 'S_IN_MESSAGE' => $row['in_message'], + 'S_LOCKED' => !$row['in_message'] && !$auth->acl_get('m_edit', $row['forum_id']) && ($row['forum_status'] == ITEM_LOCKED || $row['topic_status'] == ITEM_LOCKED || $row['post_edit_locked']), 'U_VIEW_ATTACHMENT' => append_sid("{$phpbb_root_path}download/file.$phpEx", 'id=' . $row['attach_id']), 'U_VIEW_TOPIC' => $view_topic) diff --git a/phpBB/includes/ucp/ucp_auth_link.php b/phpBB/includes/ucp/ucp_auth_link.php index 748f0fdec2..e069f15eb2 100644 --- a/phpBB/includes/ucp/ucp_auth_link.php +++ b/phpBB/includes/ucp/ucp_auth_link.php @@ -38,6 +38,7 @@ class ucp_auth_link $error = array(); + /* @var $provider_collection \phpbb\auth\provider_collection */ $provider_collection = $phpbb_container->get('auth.provider_collection'); $auth_provider = $provider_collection->get_provider(); @@ -54,14 +55,14 @@ class ucp_auth_link $submit = $request->variable('submit', false, false, \phpbb\request\request_interface::POST); // This path is only for primary actions - if (!sizeof($error) && $submit) + if (!count($error) && $submit) { if (!check_form_key('ucp_auth_link')) { $error[] = 'FORM_INVALID'; } - if (!sizeof($error)) + if (!count($error)) { // Any post data could be necessary for auth (un)linking $link_data = $request->get_super_global(\phpbb\request\request_interface::POST); diff --git a/phpBB/includes/ucp/ucp_confirm.php b/phpBB/includes/ucp/ucp_confirm.php index 7392f8dea8..cdf4de65fd 100644 --- a/phpBB/includes/ucp/ucp_confirm.php +++ b/phpBB/includes/ucp/ucp_confirm.php @@ -36,10 +36,10 @@ class ucp_confirm function main($id, $mode) { - global $db, $user, $phpbb_root_path, $config, $phpEx, $phpbb_container; + global $config, $phpbb_container, $request; $captcha = $phpbb_container->get('captcha.factory')->get_instance($config['captcha_plugin']); - $captcha->init(request_var('type', 0)); + $captcha->init($request->variable('type', 0)); $captcha->execute(); garbage_collection(); diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php index 86a8226d5b..cf6e049748 100644 --- a/phpBB/includes/ucp/ucp_groups.php +++ b/phpBB/includes/ucp/ucp_groups.php @@ -30,16 +30,20 @@ class ucp_groups { global $config, $phpbb_root_path, $phpEx, $phpbb_admin_path; global $db, $user, $auth, $cache, $template; - global $request, $phpbb_container; + global $request, $phpbb_container, $phpbb_log; + + /** @var \phpbb\language\language $language Language object */ + $language = $phpbb_container->get('language'); $user->add_lang('groups'); $return_page = '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $this->u_action . '">', '</a>'); - $mark_ary = request_var('mark', array(0)); + $mark_ary = $request->variable('mark', array(0)); $submit = $request->variable('submit', false, false, \phpbb\request\request_interface::POST); - $delete = $request->variable('delete', false, false, \phpbb\request\request_interface::POST); - $error = $data = array(); + + /** @var \phpbb\group\helper $group_helper */ + $group_helper = $phpbb_container->get('group_helper'); switch ($mode) { @@ -49,8 +53,8 @@ class ucp_groups if ($submit || isset($_POST['change_default'])) { - $action = (isset($_POST['change_default'])) ? 'change_default' : request_var('action', ''); - $group_id = ($action == 'change_default') ? request_var('default', 0) : request_var('selected', 0); + $action = (isset($_POST['change_default'])) ? 'change_default' : $request->variable('action', ''); + $group_id = ($action == 'change_default') ? $request->variable('default', 0) : $request->variable('selected', 0); if (!$group_id) { @@ -65,12 +69,12 @@ class ucp_groups $group_row = array(); while ($row = $db->sql_fetchrow($result)) { - $row['group_name'] = ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']; + $row['group_name'] = $group_helper->get_name($row['group_name']); $group_row[$row['group_id']] = $row; } $db->sql_freeresult($result); - if (!sizeof($group_row)) + if (!count($group_row)) { trigger_error('GROUP_NOT_EXIST'); } @@ -86,6 +90,7 @@ class ucp_groups if (!$auth->acl_get('u_chggrp')) { + send_status_line(403, 'Forbidden'); trigger_error($user->lang['NOT_AUTHORISED'] . $return_page); } @@ -99,7 +104,10 @@ class ucp_groups { group_user_attributes('default', $group_id, $user->data['user_id']); - add_log('user', $user->data['user_id'], 'LOG_USER_GROUP_CHANGE', sprintf($user->lang['USER_GROUP_CHANGE'], $group_row[$user->data['group_id']]['group_name'], $group_row[$group_id]['group_name'])); + $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_GROUP_CHANGE', false, array( + 'reportee_id' => $user->data['user_id'], + sprintf($user->lang['USER_GROUP_CHANGE'], $group_row[$user->data['group_id']]['group_name'], $group_row[$group_id]['group_name']) + )); meta_refresh(3, $this->u_action); trigger_error($user->lang['CHANGED_DEFAULT_GROUP'] . $return_page); @@ -146,7 +154,10 @@ class ucp_groups { group_user_del($group_id, $user->data['user_id']); - add_log('user', $user->data['user_id'], 'LOG_USER_GROUP_RESIGN', $group_row[$group_id]['group_name']); + $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_GROUP_RESIGN', false, array( + 'reportee_id' => $user->data['user_id'], + $group_row[$group_id]['group_name'] + )); meta_refresh(3, $this->u_action); trigger_error($user->lang[($row['user_pending']) ? 'GROUP_RESIGNED_PENDING' : 'GROUP_RESIGNED_MEMBERSHIP'] . $return_page); @@ -202,7 +213,10 @@ class ucp_groups group_user_add($group_id, $user->data['user_id'], false, false, false, 0, 1); } - add_log('user', $user->data['user_id'], 'LOG_USER_GROUP_JOIN' . (($group_row[$group_id]['group_type'] == GROUP_FREE) ? '' : '_PENDING'), $group_row[$group_id]['group_name']); + $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_GROUP_JOIN' . (($group_row[$group_id]['group_type'] == GROUP_FREE) ? '' : '_PENDING'), false, array( + 'reportee_id' => $user->data['user_id'], + $group_row[$group_id]['group_name'] + )); meta_refresh(3, $this->u_action); trigger_error($user->lang[($group_row[$group_id]['group_type'] == GROUP_FREE) ? 'GROUP_JOINED' : 'GROUP_JOINED_PENDING'] . $return_page); @@ -237,7 +251,10 @@ class ucp_groups { group_user_attributes('demote', $group_id, $user->data['user_id']); - add_log('user', $user->data['user_id'], 'LOG_USER_GROUP_DEMOTE', $group_row[$group_id]['group_name']); + $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_GROUP_DEMOTE', false, array( + 'reportee_id' => $user->data['user_id'], + $group_row[$group_id]['group_name'] + )); meta_refresh(3, $this->u_action); trigger_error($user->lang['USER_GROUP_DEMOTED'] . $return_page); @@ -295,7 +312,7 @@ class ucp_groups $template->assign_block_vars($block, array( 'GROUP_ID' => $row['group_id'], - 'GROUP_NAME' => ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name'], + 'GROUP_NAME' => $group_helper->get_name($row['group_name']), 'GROUP_DESC' => ($row['group_type'] <> GROUP_SPECIAL) ? generate_text_for_display($row['group_desc'], $row['group_desc_uid'], $row['group_desc_bitfield'], $row['group_desc_options']) : $user->lang['GROUP_IS_SPECIAL'], 'GROUP_SPECIAL' => ($row['group_type'] <> GROUP_SPECIAL) ? false : true, 'GROUP_STATUS' => $user->lang['GROUP_IS_' . $group_status], @@ -316,7 +333,7 @@ class ucp_groups $sql = 'SELECT group_id, group_name, group_colour, group_desc, group_desc_uid, group_desc_bitfield, group_desc_options, group_type, group_founder_manage FROM ' . GROUPS_TABLE . ' - WHERE ' . ((sizeof($group_id_ary)) ? $db->sql_in_set('group_id', $group_id_ary, true) . ' AND ' : '') . " + WHERE ' . ((count($group_id_ary)) ? $db->sql_in_set('group_id', $group_id_ary, true) . ' AND ' : '') . " group_type $sql_and ORDER BY group_type DESC, group_name"; $result = $db->sql_query($sql); @@ -349,7 +366,7 @@ class ucp_groups $template->assign_block_vars('nonmember', array( 'GROUP_ID' => $row['group_id'], - 'GROUP_NAME' => ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name'], + 'GROUP_NAME' => $group_helper->get_name($row['group_name']), 'GROUP_DESC' => ($row['group_type'] <> GROUP_SPECIAL) ? generate_text_for_display($row['group_desc'], $row['group_desc_uid'], $row['group_desc_bitfield'], $row['group_desc_options']) : $user->lang['GROUP_IS_SPECIAL'], 'GROUP_SPECIAL' => ($row['group_type'] <> GROUP_SPECIAL) ? false : true, 'GROUP_CLOSED' => ($row['group_type'] <> GROUP_CLOSED || $auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel')) ? false : true, @@ -379,10 +396,13 @@ class ucp_groups case 'manage': $this->page_title = 'UCP_USERGROUPS_MANAGE'; - $action = (isset($_POST['addusers'])) ? 'addusers' : request_var('action', ''); - $group_id = request_var('g', 0); + $action = (isset($_POST['addusers'])) ? 'addusers' : $request->variable('action', ''); + $group_id = $request->variable('g', 0); - include($phpbb_root_path . 'includes/functions_display.' . $phpEx); + if (!function_exists('phpbb_get_user_rank')) + { + include($phpbb_root_path . 'includes/functions_display.' . $phpEx); + } add_form_key('ucp_groups'); @@ -414,7 +434,7 @@ class ucp_groups $avatar = phpbb_get_group_avatar($group_row, 'GROUP_AVATAR', true); $template->assign_vars(array( - 'GROUP_NAME' => ($group_type == GROUP_SPECIAL) ? $user->lang['G_' . $group_name] : $group_name, + 'GROUP_NAME' => $group_helper->get_name($group_name), 'GROUP_INTERNAL_NAME' => $group_name, 'GROUP_COLOUR' => (isset($group_row['group_colour'])) ? $group_row['group_colour'] : '', 'GROUP_DESC_DISP' => generate_text_for_display($group_row['group_desc'], $group_row['group_desc_uid'], $group_row['group_desc_bitfield'], $group_row['group_desc_options']), @@ -447,11 +467,8 @@ class ucp_groups trigger_error($user->lang['NOT_LEADER_OF_GROUP'] . $return_page); } - $file_uploads = (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on') ? true : false; $user->add_lang(array('acp/groups', 'acp/common')); - $data = $submit_ary = array(); - $update = (isset($_POST['update'])) ? true : false; $error = array(); @@ -499,29 +516,33 @@ class ucp_groups // Did we submit? if ($update) { - $group_name = utf8_normalize_nfc(request_var('group_name', '', true)); - $group_desc = utf8_normalize_nfc(request_var('group_desc', '', true)); - $group_type = request_var('group_type', GROUP_FREE); + $group_name = $request->variable('group_name', '', true); + $group_desc = $request->variable('group_desc', '', true); + $group_type = $request->variable('group_type', GROUP_FREE); - $allow_desc_bbcode = request_var('desc_parse_bbcode', false); - $allow_desc_urls = request_var('desc_parse_urls', false); - $allow_desc_smilies = request_var('desc_parse_smilies', false); + $allow_desc_bbcode = $request->variable('desc_parse_bbcode', false); + $allow_desc_urls = $request->variable('desc_parse_urls', false); + $allow_desc_smilies = $request->variable('desc_parse_smilies', false); $submit_ary = array( - 'colour' => request_var('group_colour', ''), - 'rank' => request_var('group_rank', 0), + 'colour' => $request->variable('group_colour', ''), + 'rank' => $request->variable('group_rank', 0), 'receive_pm' => isset($_REQUEST['group_receive_pm']) ? 1 : 0, - 'message_limit' => request_var('group_message_limit', 0), - 'max_recipients'=> request_var('group_max_recipients', 0), + 'message_limit' => $request->variable('group_message_limit', 0), + 'max_recipients'=> $request->variable('group_max_recipients', 0), 'legend' => $group_row['group_legend'], 'teampage' => $group_row['group_teampage'], ); - if ($config['allow_avatar']) + if (!check_form_key('ucp_groups')) + { + $error[] = $user->lang['FORM_INVALID']; + } + + if (!count($error) && $config['allow_avatar']) { // Handle avatar $driver_name = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', '')); - $config_name = preg_replace('#^avatar\.driver.#', '', $driver_name); if (in_array($driver_name, $avatar_drivers) && !$request->is_set_post('avatar_delete')) { @@ -540,11 +561,6 @@ class ucp_groups $error = array_merge($error, $phpbb_avatar_manager->localize_errors($user, $avatar_error)); } - if (!check_form_key('ucp_groups')) - { - $error[] = $user->lang['FORM_INVALID']; - } - // Validate submitted colour value if ($colour_error = validate_data($submit_ary, array('colour' => array('hex_colour', true)))) { @@ -552,7 +568,7 @@ class ucp_groups $error = array_merge($error, $colour_error); } - if (!sizeof($error)) + if (!count($error)) { // Only set the rank, colour, etc. if it's changed or if we're adding a new // group. This prevents existing group members being updated if no changes @@ -595,7 +611,7 @@ class ucp_groups } } - if (sizeof($error)) + if (count($error)) { $error = array_map(array(&$user, 'lang'), $error); $group_rank = $submit_ary['rank']; @@ -610,7 +626,6 @@ class ucp_groups } else if (!$group_id) { - $group_name = utf8_normalize_nfc(request_var('group_name', '', true)); $group_desc_data = array( 'text' => '', 'allow_bbcode' => true, @@ -694,12 +709,12 @@ class ucp_groups 'S_EDIT' => true, 'S_INCLUDE_SWATCH' => true, 'S_FORM_ENCTYPE' => ' enctype="multipart/form-data"', - 'S_ERROR' => (sizeof($error)) ? true : false, + 'S_ERROR' => (count($error)) ? true : false, 'S_SPECIAL_GROUP' => ($group_type == GROUP_SPECIAL) ? true : false, 'S_AVATARS_ENABLED' => ($config['allow_avatar'] && $avatars_enabled), 'S_GROUP_MANAGE' => true, - 'ERROR_MSG' => (sizeof($error)) ? implode('<br />', $error) : '', + 'ERROR_MSG' => (count($error)) ? implode('<br />', $error) : '', 'GROUP_RECEIVE_PM' => (isset($group_row['group_receive_pm']) && $group_row['group_receive_pm']) ? ' checked="checked"' : '', 'GROUP_MESSAGE_LIMIT' => (isset($group_row['group_message_limit'])) ? $group_row['group_message_limit'] : 0, 'GROUP_MAX_RECIPIENTS' => (isset($group_row['group_max_recipients'])) ? $group_row['group_max_recipients'] : 0, @@ -747,7 +762,7 @@ class ucp_groups } $user->add_lang(array('acp/groups', 'acp/common')); - $start = request_var('start', 0); + $start = $request->variable('start', 0); // Grab the leaders - always, on every page... $sql = 'SELECT u.user_id, u.username, u.username_clean, u.user_colour, u.user_regdate, u.user_posts, u.group_id, ug.group_leader, ug.user_pending @@ -836,6 +851,7 @@ class ucp_groups $s_action_options .= '<option value="' . $option . '">' . $user->lang['GROUP_' . $lang] . '</option>'; } + /* @var $pagination \phpbb\pagination */ $pagination = $phpbb_container->get('pagination'); $base_url = $this->u_action . "&action=$action&g=$group_id"; $start = $pagination->validate_start($start, $config['topics_per_page'], $total_members); @@ -859,6 +875,11 @@ class ucp_groups trigger_error($user->lang['NO_GROUP'] . $return_page); } + if (!check_form_key('ucp_groups')) + { + trigger_error($user->lang('FORM_INVALID') . $return_page); + } + if (!($row = group_memberships($group_id, $user->data['user_id']))) { trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page); @@ -897,11 +918,11 @@ class ucp_groups trigger_error($user->lang['NOT_LEADER_OF_GROUP'] . $return_page); } - $group_row['group_name'] = ($group_row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $group_row['group_name']] : $group_row['group_name']; + $group_row['group_name'] = $group_helper->get_name($group_row['group_name']); if (confirm_box(true)) { - if (!sizeof($mark_ary)) + if (!count($mark_ary)) { $start = 0; @@ -924,7 +945,7 @@ class ucp_groups group_user_attributes('default', $group_id, $mark_ary, false, $group_row['group_name'], $group_row); - $start = (sizeof($mark_ary) < 200) ? 0 : $start + 200; + $start = (count($mark_ary) < 200) ? 0 : $start + 200; } else { @@ -976,7 +997,7 @@ class ucp_groups trigger_error($user->lang['NOT_LEADER_OF_GROUP'] . $return_page); } - $group_row['group_name'] = ($group_row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $group_row['group_name']] : $group_row['group_name']; + $group_row['group_name'] = $group_helper->get_name($group_row['group_name']); if (confirm_box(true)) { @@ -1014,7 +1035,7 @@ class ucp_groups $user->add_lang(array('acp/groups', 'acp/common')); - $names = utf8_normalize_nfc(request_var('usernames', '', true)); + $names = $request->variable('usernames', '', true); if (!$group_id) { @@ -1038,19 +1059,33 @@ class ucp_groups } $name_ary = array_unique(explode("\n", $names)); - $group_name = ($group_row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $group_row['group_name']] : $group_row['group_name']; + $group_name = $group_helper->get_name($group_row['group_name']); - $default = request_var('default', 0); + $default = $request->variable('default', 0); if (confirm_box(true)) { + $return_manage_page = '<br /><br />' . $language->lang('RETURN_PAGE', '<a href="' . $this->u_action . '&action=list&g=' . $group_id . '">', '</a>'); + // Add user/s to group if ($error = group_user_add($group_id, false, $name_ary, $group_name, $default, 0, 0, $group_row)) { - trigger_error($user->lang[$error] . $return_page); + $display_message = $language->lang($error); + + if ($error == 'GROUP_USERS_INVALID') + { + // Find which users don't exist + $actual_name_ary = $name_ary; + $actual_user_id_ary = []; + user_get_id_name($actual_user_id_ary, $actual_name_ary, false, true); + + $display_message = $language->lang('GROUP_USERS_INVALID', implode($language->lang('COMMA_SEPARATOR'), array_udiff($name_ary, $actual_name_ary, 'strcasecmp'))); + } + + trigger_error($display_message . $return_manage_page); } - trigger_error($user->lang['GROUP_USERS_ADDED'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $this->u_action . '&action=list&g=' . $group_id . '">', '</a>')); + trigger_error($language->lang('GROUP_USERS_ADDED') . $return_manage_page); } else { @@ -1063,7 +1098,7 @@ class ucp_groups 'action' => $action ); - confirm_box(false, $user->lang('GROUP_CONFIRM_ADD_USERS', sizeof($name_ary), implode($user->lang['COMMA_SEPARATOR'], $name_ary)), build_hidden_fields($s_hidden_fields)); + confirm_box(false, $user->lang('GROUP_CONFIRM_ADD_USERS', count($name_ary), implode($user->lang['COMMA_SEPARATOR'], $name_ary)), build_hidden_fields($s_hidden_fields)); } trigger_error($user->lang['NO_USERS_ADDED'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $this->u_action . '&action=list&g=' . $group_id . '">', '</a>')); @@ -1084,7 +1119,7 @@ class ucp_groups while ($value = $db->sql_fetchrow($result)) { $template->assign_block_vars('leader', array( - 'GROUP_NAME' => ($value['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $value['group_name']] : $value['group_name'], + 'GROUP_NAME' => $group_helper->get_name($value['group_name']), 'GROUP_DESC' => generate_text_for_display($value['group_desc'], $value['group_desc_uid'], $value['group_desc_bitfield'], $value['group_desc_options']), 'GROUP_TYPE' => $value['group_type'], 'GROUP_ID' => $value['group_id'], diff --git a/phpBB/includes/ucp/ucp_login_link.php b/phpBB/includes/ucp/ucp_login_link.php index bfe4804286..c1f307eeb5 100644 --- a/phpBB/includes/ucp/ucp_login_link.php +++ b/phpBB/includes/ucp/ucp_login_link.php @@ -39,7 +39,7 @@ class ucp_login_link */ function main($id, $mode) { - global $phpbb_container, $request, $template, $user; + global $phpbb_container, $request, $template, $user, $phpbb_dispatcher; global $phpbb_root_path, $phpEx; // Initialize necessary variables @@ -57,6 +57,7 @@ class ucp_login_link } // Use the auth_provider requested even if different from configured + /* @var $provider_collection \phpbb\auth\provider_collection */ $provider_collection = $phpbb_container->get('auth.provider_collection'); $auth_provider = $provider_collection->get_provider($request->variable('auth_provider', '')); @@ -98,7 +99,7 @@ class ucp_login_link else { // Finish login - $result = $user->session_create($login_result['user_row']['user_id'], false, false, true); + $user->session_create($login_result['user_row']['user_id'], false, false, true); // Perform a redirect as the account has been linked $this->perform_redirect(); @@ -107,7 +108,7 @@ class ucp_login_link } } - $template->assign_vars(array( + $tpl_ary = array( // Common template elements 'LOGIN_LINK_ERROR' => $login_link_error, 'PASSWORD_CREDENTIAL' => 'login_password', @@ -120,7 +121,24 @@ class ucp_login_link // Login elements 'LOGIN_ERROR' => $login_error, 'LOGIN_USERNAME' => $login_username, - )); + ); + + /** + * Event to perform additional actions before ucp_login_link is displayed + * + * @event core.ucp_login_link_template_after + * @var array data Login link data + * @var \phpbb\auth\provider_interface auth_provider Auth provider + * @var string login_link_error Login link error + * @var string login_error Login error + * @var string login_username Login username + * @var array tpl_ary Template variables + * @since 3.2.4-RC1 + */ + $vars = array('data', 'auth_provider', 'login_link_error', 'login_error', 'login_username', 'tpl_ary'); + extract($phpbb_dispatcher->trigger_event('core.ucp_login_link_template_after', compact($vars))); + + $template->assign_vars($tpl_ary); $this->tpl_name = 'ucp_login_link'; $this->page_title = 'UCP_LOGIN_LINK'; @@ -181,7 +199,7 @@ class ucp_login_link */ protected function process_login_result($result) { - global $config, $request, $template, $user, $phpbb_container; + global $config, $template, $user, $phpbb_container; $login_error = null; diff --git a/phpBB/includes/ucp/ucp_main.php b/phpBB/includes/ucp/ucp_main.php index 8584a9a0fd..36f45f3f46 100644 --- a/phpBB/includes/ucp/ucp_main.php +++ b/phpBB/includes/ucp/ucp_main.php @@ -28,9 +28,9 @@ class ucp_main var $p_master; var $u_action; - function ucp_main(&$p_master) + function __construct($p_master) { - $this->p_master = &$p_master; + $this->p_master = $p_master; } function main($id, $mode) @@ -77,6 +77,22 @@ class ucp_main // If the user can't see any forums, he can't read any posts because fid of 0 is invalid if (!empty($forum_ary)) { + /** + * Modify sql variables before query is processed + * + * @event core.ucp_main_front_modify_sql + * @var string sql_select SQL select + * @var string sql_from SQL from + * @var array forum_ary Forum array + * @since 3.2.4-RC1 + */ + $vars = array( + 'sql_select', + 'sql_from', + 'forum_ary', + ); + extract($phpbb_dispatcher->trigger_event('core.ucp_main_front_modify_sql', compact($vars))); + $sql = "SELECT t.* $sql_select FROM $sql_from WHERE t.topic_type = " . POST_GLOBAL . ' @@ -144,7 +160,7 @@ class ucp_main $folder_img .= '_mine'; } - $template->assign_block_vars('topicrow', array( + $topicrow = array( 'FORUM_ID' => $forum_id, 'TOPIC_ID' => $topic_id, 'TOPIC_AUTHOR' => get_username_string('username', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']), @@ -171,8 +187,30 @@ class ucp_main 'U_LAST_POST' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&t=$topic_id&p=" . $row['topic_last_post_id']) . '#p' . $row['topic_last_post_id'], 'U_LAST_POST_AUTHOR' => get_username_string('profile', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), 'U_NEWEST_POST' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&t=$topic_id&view=unread") . '#unread', - 'U_VIEW_TOPIC' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&t=$topic_id")) + 'U_VIEW_TOPIC' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&t=$topic_id"), ); + + /** + * Add template variables to a front topics row. + * + * @event core.ucp_main_front_modify_template_vars + * @var array topicrow Array containing the template variables for the row + * @var array row Array containing the subscribed forum row data + * @var int forum_id Forum ID + * @var string folder_img Folder image + * @var string folder_alt Alt text for the folder image + * @since 3.2.4-RC1 + */ + $vars = array( + 'topicrow', + 'row', + 'forum_id', + 'folder_img', + 'folder_alt', + ); + extract($phpbb_dispatcher->trigger_event('core.ucp_main_front_modify_template_vars', compact($vars))); + + $template->assign_block_vars('topicrow', $topicrow); } if ($config['load_user_activity']) @@ -207,7 +245,10 @@ class ucp_main case 'subscribed': - include($phpbb_root_path . 'includes/functions_display.' . $phpEx); + if (!function_exists('topic_status')) + { + include($phpbb_root_path . 'includes/functions_display.' . $phpEx); + } $user->add_lang('viewforum'); @@ -227,14 +268,13 @@ class ucp_main { if (check_form_key('ucp_front_subscribed')) { - $forums = array_keys(request_var('f', array(0 => 0))); - $topics = array_keys(request_var('t', array(0 => 0))); - $msg = ''; + $forums = array_keys($request->variable('f', array(0 => 0))); + $topics = array_keys($request->variable('t', array(0 => 0))); - if (sizeof($forums) || sizeof($topics)) + if (count($forums) || count($topics)) { $l_unwatch = ''; - if (sizeof($forums)) + if (count($forums)) { $sql = 'DELETE FROM ' . FORUMS_WATCH_TABLE . ' WHERE ' . $db->sql_in_set('forum_id', $forums) . ' @@ -244,7 +284,7 @@ class ucp_main $l_unwatch .= '_FORUMS'; } - if (sizeof($topics)) + if (count($topics)) { $sql = 'DELETE FROM ' . TOPICS_WATCH_TABLE . ' WHERE ' . $db->sql_in_set('topic_id', $topics) . ' @@ -444,17 +484,20 @@ class ucp_main break; } - include($phpbb_root_path . 'includes/functions_display.' . $phpEx); + if (!function_exists('topic_status')) + { + include($phpbb_root_path . 'includes/functions_display.' . $phpEx); + } $user->add_lang('viewforum'); if (isset($_POST['unbookmark'])) { $s_hidden_fields = array('unbookmark' => 1); - $topics = (isset($_POST['t'])) ? array_keys(request_var('t', array(0 => 0))) : array(); + $topics = (isset($_POST['t'])) ? array_keys($request->variable('t', array(0 => 0))) : array(); $url = $this->u_action; - if (!sizeof($topics)) + if (!count($topics)) { trigger_error('NO_BOOKMARKS_SELECTED'); } @@ -503,13 +546,16 @@ class ucp_main $draft_subject = $draft_message = ''; add_form_key('ucp_draft'); + include_once($phpbb_root_path . 'includes/message_parser.' . $phpEx); + $message_parser = new parse_message(); + if ($delete) { if (check_form_key('ucp_draft')) { - $drafts = array_keys(request_var('d', array(0 => 0))); + $drafts = array_keys($request->variable('d', array(0 => 0))); - if (sizeof($drafts)) + if (count($drafts)) { $sql = 'DELETE FROM ' . DRAFTS_TABLE . ' WHERE ' . $db->sql_in_set('draft_id', $drafts) . ' @@ -530,15 +576,25 @@ class ucp_main if ($submit && $edit) { - $draft_subject = utf8_normalize_nfc(request_var('subject', '', true)); - $draft_message = utf8_normalize_nfc(request_var('message', '', true)); + $draft_subject = $request->variable('subject', '', true); + $draft_message = $request->variable('message', '', true); if (check_form_key('ucp_draft')) { if ($draft_message && $draft_subject) { + // $auth->acl_gets can't be used here because it will check for global forum permissions in this case + // In general we don't need too harsh checking here for permissions, as this will be handled later when submitting + $bbcode_status = $auth->acl_get('u_pm_bbcode') || $auth->acl_getf_global('f_bbcode'); + $smilies_status = $auth->acl_get('u_pm_smilies') || $auth->acl_getf_global('f_smilies'); + $img_status = $auth->acl_get('u_pm_img') || $auth->acl_getf_global('f_img'); + $flash_status = $auth->acl_get('u_pm_flash') || $auth->acl_getf_global('f_flash'); + + $message_parser->message = $draft_message; + $message_parser->parse($bbcode_status, $config['allow_post_links'], $smilies_status, $img_status, $flash_status, true, $config['allow_post_links']); + $draft_row = array( 'draft_subject' => $draft_subject, - 'draft_message' => $draft_message + 'draft_message' => $message_parser->message, ); $sql = 'UPDATE ' . DRAFTS_TABLE . ' @@ -595,7 +651,7 @@ class ucp_main } $db->sql_freeresult($result); - if (sizeof($topic_ids)) + if (count($topic_ids)) { $sql = 'SELECT topic_id, forum_id, topic_title FROM ' . TOPICS_TABLE . ' @@ -640,9 +696,16 @@ class ucp_main $insert_url = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=$id&mode=compose&d=" . $draft['draft_id']); } + if (!$submit) + { + $message_parser->message = $draft['draft_message']; + $message_parser->decode_message(); + $draft_message = $message_parser->message; + } + $template_row = array( 'DATE' => $user->format_date($draft['save_time']), - 'DRAFT_MESSAGE' => ($submit) ? $draft_message : $draft['draft_message'], + 'DRAFT_MESSAGE' => $draft_message, 'DRAFT_SUBJECT' => ($submit) ? $draft_subject : $draft['draft_subject'], 'TITLE' => $title, @@ -695,9 +758,10 @@ class ucp_main { global $user, $db, $template, $config, $cache, $auth, $phpbb_root_path, $phpEx, $phpbb_container, $request, $phpbb_dispatcher; - $table = ($mode == 'subscribed') ? TOPICS_WATCH_TABLE : BOOKMARKS_TABLE; - $start = request_var('start', 0); + /* @var $pagination \phpbb\pagination */ $pagination = $phpbb_container->get('pagination'); + $table = ($mode == 'subscribed') ? TOPICS_WATCH_TABLE : BOOKMARKS_TABLE; + $start = $request->variable('start', 0); // Grab icons $icons = $cache->obtain_icons(); @@ -852,6 +916,7 @@ class ucp_main } } + /* @var $phpbb_content_visibility \phpbb\content_visibility */ $phpbb_content_visibility = $phpbb_container->get('content.visibility'); foreach ($topic_list as $topic_id) diff --git a/phpBB/includes/ucp/ucp_notifications.php b/phpBB/includes/ucp/ucp_notifications.php index 66dc651447..a6d925f95e 100644 --- a/phpBB/includes/ucp/ucp_notifications.php +++ b/phpBB/includes/ucp/ucp_notifications.php @@ -34,7 +34,10 @@ class ucp_notifications $form_time = $request->variable('form_time', 0); $form_time = ($form_time <= 0 || $form_time > time()) ? time() : $form_time; + /* @var $phpbb_notifications \phpbb\notification\manager */ $phpbb_notifications = $phpbb_container->get('notification_manager'); + + /* @var $pagination \phpbb\pagination */ $pagination = $phpbb_container->get('pagination'); switch ($mode) @@ -67,15 +70,6 @@ class ucp_notifications $phpbb_notifications->delete_subscription($type, 0, $method_data['id']); } } - - if ($request->is_set_post(str_replace('.', '_', $type) . '_notification') && !isset($subscriptions[$type])) - { - $phpbb_notifications->add_subscription($type); - } - else if (!$request->is_set_post(str_replace('.', '_', $type) . '_notification') && isset($subscriptions[$type])) - { - $phpbb_notifications->delete_subscription($type); - } } } @@ -97,7 +91,7 @@ class ucp_notifications // Mark all items read if ($request->variable('mark', '') == 'all' && check_link_hash($request->variable('token', ''), 'mark_all_notifications_read')) { - $phpbb_notifications->mark_notifications_read(false, false, $user->data['user_id'], $form_time); + $phpbb_notifications->mark_notifications(false, false, $user->data['user_id'], $form_time); meta_refresh(3, $this->u_action); $message = $user->lang['NOTIFICATIONS_MARK_ALL_READ_SUCCESS']; @@ -128,11 +122,11 @@ class ucp_notifications if (!empty($mark_read)) { - $phpbb_notifications->mark_notifications_read_by_id($mark_read, $form_time); + $phpbb_notifications->mark_notifications_by_id('notification.method.board', $mark_read, $form_time); } } - $notifications = $phpbb_notifications->load_notifications(array( + $notifications = $phpbb_notifications->load_notifications('notification.method.board', array( 'start' => $start, 'limit' => $config['topics_per_page'], 'count_total' => true, @@ -186,15 +180,13 @@ class ucp_notifications 'GROUP_NAME' => $user->lang($group), )); - foreach ($subscription_types as $type => $data) + foreach ($subscription_types as $type => $type_data) { $template->assign_block_vars($block, array( 'TYPE' => $type, - 'NAME' => $user->lang($data['lang']), - 'EXPLAIN' => (isset($user->lang[$data['lang'] . '_EXPLAIN'])) ? $user->lang($data['lang'] . '_EXPLAIN') : '', - - 'SUBSCRIBED' => (isset($subscriptions[$type])) ? true : false, + 'NAME' => $user->lang($type_data['lang']), + 'EXPLAIN' => (isset($user->lang[$type_data['lang'] . '_EXPLAIN'])) ? $user->lang($type_data['lang'] . '_EXPLAIN') : '', )); foreach ($notification_methods as $method => $method_data) @@ -204,6 +196,8 @@ class ucp_notifications 'NAME' => $user->lang($method_data['lang']), + 'AVAILABLE' => $method_data['method']->is_available($type_data['type']), + 'SUBSCRIBED' => (isset($subscriptions[$type]) && in_array($method_data['id'], $subscriptions[$type])) ? true : false, )); } @@ -211,7 +205,7 @@ class ucp_notifications } $template->assign_vars(array( - strtoupper($block) . '_COLS' => sizeof($notification_methods) + 2, + strtoupper($block) . '_COLS' => count($notification_methods) + 1, )); } diff --git a/phpBB/includes/ucp/ucp_pm.php b/phpBB/includes/ucp/ucp_pm.php index f026cd3eb3..00d1ce7149 100644 --- a/phpBB/includes/ucp/ucp_pm.php +++ b/phpBB/includes/ucp/ucp_pm.php @@ -62,7 +62,7 @@ class ucp_pm $template->assign_var('S_PRIVMSGS', true); // Folder directly specified? - $folder_specified = request_var('folder', ''); + $folder_specified = $request->variable('folder', ''); if (!in_array($folder_specified, array('inbox', 'outbox', 'sentbox'))) { @@ -75,20 +75,23 @@ class ucp_pm if (!$folder_specified) { - $mode = (!$mode) ? request_var('mode', 'view') : $mode; + $mode = (!$mode) ? $request->variable('mode', 'view') : $mode; } else { $mode = 'view'; } - include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx); + if (!function_exists('get_folder')) + { + include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx); + } switch ($mode) { // Compose message case 'compose': - $action = request_var('action', 'post'); + $action = $request->variable('action', 'post'); $user_folders = get_folder($user->data['user_id']); @@ -104,7 +107,10 @@ class ucp_pm break; } - include($phpbb_root_path . 'includes/ucp/ucp_pm_compose.' . $phpEx); + if (!function_exists('compose_pm')) + { + include($phpbb_root_path . 'includes/ucp/ucp_pm_compose.' . $phpEx); + } compose_pm($id, $mode, $action, $user_folders); $tpl_file = 'posting_body'; @@ -114,7 +120,10 @@ class ucp_pm set_user_message_limit(); get_folder($user->data['user_id']); - include($phpbb_root_path . 'includes/ucp/ucp_pm_options.' . $phpEx); + if (!function_exists('message_options')) + { + include($phpbb_root_path . 'includes/ucp/ucp_pm_options.' . $phpEx); + } message_options($id, $mode, $global_privmsgs_rules, $global_rule_conditions); $tpl_file = 'ucp_pm_options'; @@ -125,8 +134,10 @@ class ucp_pm get_folder($user->data['user_id']); $this->p_name = 'pm'; - // Call another module... please do not try this at home... Hoochie Coochie Man - include($phpbb_root_path . 'includes/ucp/ucp_main.' . $phpEx); + if (!class_exists('ucp_main')) + { + include($phpbb_root_path . 'includes/ucp/ucp_main.' . $phpEx); + } $module = new ucp_main($this); $module->u_action = $this->u_action; @@ -151,12 +162,12 @@ class ucp_pm } else { - $folder_id = request_var('f', PRIVMSGS_NO_BOX); - $action = request_var('action', 'view_folder'); + $folder_id = $request->variable('f', PRIVMSGS_NO_BOX); + $action = $request->variable('action', 'view_folder'); } - $msg_id = request_var('p', 0); - $view = request_var('view', ''); + $msg_id = $request->variable('p', 0); + $view = $request->variable('view', ''); // View message if specified if ($msg_id) @@ -166,20 +177,29 @@ class ucp_pm if (!$auth->acl_get('u_readpm')) { + send_status_line(403, 'Forbidden'); trigger_error('NO_AUTH_READ_MESSAGE'); } + if ($view == 'print' && (!$config['print_pm'] || !$auth->acl_get('u_pm_printpm'))) + { + send_status_line(403, 'Forbidden'); + trigger_error('NO_AUTH_PRINT_MESSAGE'); + } + // Do not allow hold messages to be seen if ($folder_id == PRIVMSGS_HOLD_BOX) { trigger_error('NO_AUTH_READ_HOLD_MESSAGE'); } + add_form_key('ucp_pm_view'); + // First Handle Mark actions and moving messages $submit_mark = (isset($_POST['submit_mark'])) ? true : false; $move_pm = (isset($_POST['move_pm'])) ? true : false; - $mark_option = request_var('mark_option', ''); - $dest_folder = request_var('dest_folder', PRIVMSGS_NO_BOX); + $mark_option = $request->variable('mark_option', ''); + $dest_folder = $request->variable('dest_folder', PRIVMSGS_NO_BOX); // Is moving PM triggered through mark options? if (!in_array($mark_option, array('mark_important', 'delete_marked')) && $submit_mark) @@ -189,11 +209,16 @@ class ucp_pm $submit_mark = false; } + if (($move_pm || $submit_mark) && !check_form_key('ucp_pm_view')) + { + trigger_error('FORM_INVALID'); + } + // Move PM if ($move_pm) { - $move_msg_ids = (isset($_POST['marked_msg_id'])) ? request_var('marked_msg_id', array(0)) : array(); - $cur_folder_id = request_var('cur_folder_id', PRIVMSGS_NO_BOX); + $move_msg_ids = (isset($_POST['marked_msg_id'])) ? $request->variable('marked_msg_id', array(0)) : array(); + $cur_folder_id = $request->variable('cur_folder_id', PRIVMSGS_NO_BOX); if (move_pm($user->data['user_id'], $user->data['message_limit'], $move_msg_ids, $dest_folder, $cur_folder_id)) { @@ -201,7 +226,7 @@ class ucp_pm if ($action == 'view_message') { $msg_id = 0; - $folder_id = request_var('cur_folder_id', PRIVMSGS_NO_BOX); + $folder_id = $request->variable('cur_folder_id', PRIVMSGS_NO_BOX); $action = 'view_folder'; } } @@ -215,7 +240,7 @@ class ucp_pm // If new messages arrived, place them into the appropriate folder $num_not_moved = $num_removed = 0; - $release = request_var('release', 0); + $release = $request->variable('release', 0); if ($user->data['user_new_privmsg'] && ($action == 'view_folder' || $action == 'view_message')) { @@ -368,7 +393,10 @@ class ucp_pm if ($action == 'view_folder') { - include($phpbb_root_path . 'includes/ucp/ucp_pm_viewfolder.' . $phpEx); + if (!function_exists('view_folder')) + { + include($phpbb_root_path . 'includes/ucp/ucp_pm_viewfolder.' . $phpEx); + } view_folder($id, $mode, $folder_id, $folder); $tpl_file = 'ucp_pm_viewfolder'; @@ -386,7 +414,10 @@ class ucp_pm trigger_error('NO_MESSAGE'); } - include($phpbb_root_path . 'includes/ucp/ucp_pm_viewmessage.' . $phpEx); + if (!function_exists('view_message')) + { + include($phpbb_root_path . 'includes/ucp/ucp_pm_viewmessage.' . $phpEx); + } view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row); $tpl_file = ($view == 'print') ? 'ucp_pm_viewmessage_print' : 'ucp_pm_viewmessage'; diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index 4906eec1bb..87a8c91fd2 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -26,16 +26,27 @@ if (!defined('IN_PHPBB')) function compose_pm($id, $mode, $action, $user_folders = array()) { global $template, $db, $auth, $user, $cache; - global $phpbb_root_path, $phpEx, $config; + global $phpbb_root_path, $phpEx, $config, $language; global $request, $phpbb_dispatcher, $phpbb_container; // Damn php and globals - i know, this is horrible // Needed for handle_message_list_actions() global $refresh, $submit, $preview; - include($phpbb_root_path . 'includes/functions_posting.' . $phpEx); - include($phpbb_root_path . 'includes/functions_display.' . $phpEx); - include($phpbb_root_path . 'includes/message_parser.' . $phpEx); + if (!function_exists('generate_smilies')) + { + include($phpbb_root_path . 'includes/functions_posting.' . $phpEx); + } + + if (!function_exists('display_custom_bbcodes')) + { + include($phpbb_root_path . 'includes/functions_display.' . $phpEx); + } + + if (!class_exists('parse_message')) + { + include($phpbb_root_path . 'includes/message_parser.' . $phpEx); + } if (!$action) { @@ -44,14 +55,13 @@ function compose_pm($id, $mode, $action, $user_folders = array()) add_form_key('ucp_pm_compose'); // Grab only parameters needed here - $to_user_id = request_var('u', 0); - $to_group_id = request_var('g', 0); - $msg_id = request_var('p', 0); - $draft_id = request_var('d', 0); - $lastclick = request_var('lastclick', 0); + $to_user_id = $request->variable('u', 0); + $to_group_id = $request->variable('g', 0); + $msg_id = $request->variable('p', 0); + $draft_id = $request->variable('d', 0); // Reply to all triggered (quote/reply) - $reply_to_all = request_var('reply_to_all', 0); + $reply_to_all = $request->variable('reply_to_all', 0); $address_list = $request->variable('address_list', array('' => array(0 => ''))); @@ -76,8 +86,11 @@ function compose_pm($id, $mode, $action, $user_folders = array()) $error = array(); $current_time = time(); + /** @var \phpbb\group\helper $group_helper */ + $group_helper = $phpbb_container->get('group_helper'); + // Was cancel pressed? If so then redirect to the appropriate page - if ($cancel || ($current_time - $lastclick < 2 && $submit)) + if ($cancel) { if ($msg_id) { @@ -122,7 +135,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) // Add groups to PM box if ($config['allow_mass_pm'] && $auth->acl_get('u_masspm_group')) { - $sql = 'SELECT g.group_id, g.group_name, g.group_type + $sql = 'SELECT g.group_id, g.group_name, g.group_type, g.group_colour FROM ' . GROUPS_TABLE . ' g'; if (!$auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel')) @@ -145,7 +158,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) $group_options = ''; while ($row = $db->sql_fetchrow($result)) { - $group_options .= '<option' . (($row['group_type'] == GROUP_SPECIAL) ? ' class="sep"' : '') . ' value="' . $row['group_id'] . '">' . (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</option>'; + $group_options .= '<option' . (($row['group_type'] == GROUP_SPECIAL) ? ' class="sep"' : '') . ' value="' . $row['group_id'] . '"' . ($row['group_colour'] ? ' style="color: #' . $row['group_colour'] . '"' : '') . '>' . $group_helper->get_name($row['group_name']) . '</option>'; } $db->sql_freeresult($result); } @@ -168,6 +181,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) case 'post': if (!$auth->acl_get('u_sendpm')) { + send_status_line(403, 'Forbidden'); trigger_error('NO_AUTH_SEND_MESSAGE'); } break; @@ -183,6 +197,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) if (!$auth->acl_get('u_sendpm')) { + send_status_line(403, 'Forbidden'); trigger_error('NO_AUTH_SEND_MESSAGE'); } @@ -223,6 +238,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) case 'delete': if (!$auth->acl_get('u_pm_delete')) { + send_status_line(403, 'Forbidden'); trigger_error('NO_AUTH_DELETE_MESSAGE'); } @@ -248,11 +264,13 @@ function compose_pm($id, $mode, $action, $user_folders = array()) if ($action == 'forward' && (!$config['forward_pm'] || !$auth->acl_get('u_pm_forward'))) { + send_status_line(403, 'Forbidden'); trigger_error('NO_AUTH_FORWARD_MESSAGE'); } if ($action == 'edit' && !$auth->acl_get('u_pm_edit')) { + send_status_line(403, 'Forbidden'); trigger_error('NO_AUTH_EDIT_MESSAGE'); } @@ -263,8 +281,6 @@ function compose_pm($id, $mode, $action, $user_folders = array()) * * @event core.ucp_pm_compose_compose_pm_basic_info_query_before * @var string sql String with the query to be executed - * @var array forum_list List of forums that contain the posts - * @var int visibility_const Integer with one of the possible ITEM_* constant values * @var int msg_id topic_id in the page request * @var int to_user_id The id of whom the message is to * @var int to_group_id The id of the group whom the message is to @@ -273,14 +289,11 @@ function compose_pm($id, $mode, $action, $user_folders = array()) * @var string action One of: post, reply, quote, forward, quotepost, edit, delete, smilies * @var bool delete Whether the user is deleting the PM * @var int reply_to_all Value of reply_to_all request variable. - * @var string limit_time_sql String with the SQL code to limit the time interval of the post (Note: May be empty string) - * @var string sort_order_sql String with the ORDER BY SQL code used in this query * @since 3.1.0-RC5 + * @changed 3.2.0-a1 Removed undefined variables */ $vars = array( 'sql', - 'forum_list', - 'visibility_const', 'msg_id', 'to_user_id', 'to_group_id', @@ -289,8 +302,6 @@ function compose_pm($id, $mode, $action, $user_folders = array()) 'action', 'delete', 'reply_to_all', - 'limit_time_sql', - 'sort_order_sql', ); extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_compose_pm_basic_info_query_before', compact($vars))); @@ -325,6 +336,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) { if (($post['forum_id'] && !$auth->acl_get('f_read', $post['forum_id'])) || (!$post['forum_id'] && !$auth->acl_getf_global('f_read'))) { + send_status_line(403, 'Forbidden'); trigger_error('NOT_AUTHORISED'); } @@ -335,8 +347,6 @@ function compose_pm($id, $mode, $action, $user_folders = array()) * @var string sql The original SQL used in the query * @var array post Associative array with the data of the quoted post * @var array msg_id The post_id that was searched to get the message for quoting - * @var int visibility_const Visibility of the quoted post (one of the possible ITEM_* constant values) - * @var int topic_id Topic ID of the quoted post * @var int to_user_id Users the message is sent to * @var int to_group_id Groups the message is sent to * @var bool submit Whether the user is sending the PM or not @@ -345,13 +355,12 @@ function compose_pm($id, $mode, $action, $user_folders = array()) * @var bool delete If deleting message * @var int reply_to_all Value of reply_to_all request variable. * @since 3.1.0-RC5 + * @changed 3.2.0-a1 Removed undefined variables */ $vars = array( 'sql', 'post', 'msg_id', - 'visibility_const', - 'topic_id', 'to_user_id', 'to_group_id', 'submit', @@ -407,7 +416,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) $quote_username = (isset($post['quote_username'])) ? $post['quote_username'] : ''; $icon_id = (isset($post['icon_id'])) ? $post['icon_id'] : 0; - if (($action == 'reply' || $action == 'quote' || $action == 'quotepost') && !sizeof($address_list) && !$refresh && !$submit && !$preview) + if (($action == 'reply' || $action == 'quote' || $action == 'quotepost') && !count($address_list) && !$refresh && !$submit && !$preview) { // Add the original author as the recipient if quoting a post or only replying and not having checked "reply to all" if ($action == 'quotepost' || !$reply_to_all) @@ -429,7 +438,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) } } } - else if ($action == 'edit' && !sizeof($address_list) && !$refresh && !$submit && !$preview) + else if ($action == 'edit' && !count($address_list) && !$refresh && !$submit && !$preview) { // Rebuild TO and BCC Header $address_list = rebuild_header(array('to' => $post['to_address'], 'bcc' => $post['bcc_address'])); @@ -474,6 +483,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) if (($to_group_id || isset($address_list['g'])) && (!$config['allow_mass_pm'] || !$auth->acl_get('u_masspm_group'))) { + send_status_line(403, 'Forbidden'); trigger_error('NO_AUTH_GROUP_MESSAGE'); } @@ -495,8 +505,9 @@ function compose_pm($id, $mode, $action, $user_folders = array()) $icon_id = 0; } - $message_parser = new parse_message(); + /* @var $plupload \phpbb\plupload\plupload */ $plupload = $phpbb_container->get('plupload'); + $message_parser = new parse_message(); $message_parser->set_plupload($plupload); $message_parser->message = ($action == 'reply') ? '' : $message_text; @@ -509,7 +520,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) if ($action == 'delete') { // Folder id has been determined by the SQL Statement - // $folder_id = request_var('f', PRIVMSGS_NO_BOX); + // $folder_id = $request->variable('f', PRIVMSGS_NO_BOX); // Do we need to confirm ? if (confirm_box(true)) @@ -540,15 +551,9 @@ function compose_pm($id, $mode, $action, $user_folders = array()) } // Get maximum number of allowed recipients - $sql = 'SELECT MAX(g.group_max_recipients) as max_recipients - FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . ' ug - WHERE ug.user_id = ' . $user->data['user_id'] . ' - AND ug.user_pending = 0 - AND ug.group_id = g.group_id'; - $result = $db->sql_query($sql); - $max_recipients = (int) $db->sql_fetchfield('max_recipients'); - $db->sql_freeresult($result); + $max_recipients = phpbb_get_max_setting_from_group($db, $user->data['user_id'], 'max_recipients'); + // If it is 0, there is no limit set and we use the maximum value within the config. $max_recipients = (!$max_recipients) ? $config['pm_max_recipients'] : $max_recipients; // If this is a quote/reply "to all"... we may increase the max_recpients to the number of original recipients @@ -566,7 +571,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) unset($list[$user->data['user_id']]); } - $max_recipients = ($max_recipients < sizeof($list)) ? sizeof($list) : $max_recipients; + $max_recipients = ($max_recipients < count($list)) ? count($list) : $max_recipients; unset($list); } @@ -589,7 +594,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) } // Check for too many recipients - if (!empty($address_list['u']) && $max_recipients && sizeof($address_list['u']) > $max_recipients) + if (!empty($address_list['u']) && $max_recipients && count($address_list['u']) > $max_recipients) { $address_list = get_recipients($address_list, $max_recipients); $error[] = $user->lang('TOO_MANY_RECIPIENTS', $max_recipients); @@ -621,7 +626,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) $enable_urls = true; } - $enable_magic_url = $drafts = false; + $drafts = false; // User own some drafts? if ($auth->acl_get('u_savedrafts') && $action != 'delete') @@ -656,21 +661,24 @@ function compose_pm($id, $mode, $action, $user_folders = array()) // Save Draft if ($save && $auth->acl_get('u_savedrafts')) { - $subject = utf8_normalize_nfc(request_var('subject', '', true)); + $subject = $request->variable('subject', '', true); $subject = (!$subject && $action != 'post') ? $user->lang['NEW_MESSAGE'] : $subject; - $message = utf8_normalize_nfc(request_var('message', '', true)); + $message = $request->variable('message', '', true); if ($subject && $message) { if (confirm_box(true)) { + $message_parser->message = $message; + $message_parser->parse($bbcode_status, $url_status, $smilies_status, $img_status, $flash_status, true, $url_status); + $sql = 'INSERT INTO ' . DRAFTS_TABLE . ' ' . $db->sql_build_array('INSERT', array( 'user_id' => $user->data['user_id'], 'topic_id' => 0, 'forum_id' => 0, 'save_time' => $current_time, 'draft_subject' => $subject, - 'draft_message' => $message + 'draft_message' => $message_parser->message, ) ); $db->sql_query($sql); @@ -752,10 +760,10 @@ function compose_pm($id, $mode, $action, $user_folders = array()) { $error[] = $user->lang['FORM_INVALID']; } - $subject = utf8_normalize_nfc(request_var('subject', '', true)); - $message_parser->message = utf8_normalize_nfc(request_var('message', '', true)); + $subject = $request->variable('subject', '', true); + $message_parser->message = $request->variable('message', '', true); - $icon_id = request_var('icon', 0); + $icon_id = $request->variable('icon', 0); $enable_bbcode = (!$bbcode_status || isset($_POST['disable_bbcode'])) ? false : true; $enable_smilies = (!$smilies_status || isset($_POST['disable_smilies'])) ? false : true; @@ -790,20 +798,13 @@ function compose_pm($id, $mode, $action, $user_folders = array()) ); extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_modify_parse_before', compact($vars))); - if ($submit) - { - $status_switch = (($enable_bbcode+1) << 8) + (($enable_smilies+1) << 4) + (($enable_urls+1) << 2) + (($enable_sig+1) << 1); - $status_switch = ($status_switch != $check_value); - } - else + // Parse Attachments - before checksum is calculated + if ($message_parser->check_attachment_form_token($language, $request, 'ucp_pm_compose')) { - $status_switch = 1; + $message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true); } - // Parse Attachments - before checksum is calculated - $message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true); - - if (sizeof($message_parser->warn_msg) && !($remove_u || $remove_g || $add_to || $add_bcc)) + if (count($message_parser->warn_msg) && !($remove_u || $remove_g || $add_to || $add_bcc)) { $error[] = implode('<br />', $message_parser->warn_msg); $message_parser->warn_msg = array(); @@ -813,7 +814,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) $message_parser->parse($enable_bbcode, ($config['allow_post_links']) ? $enable_urls : false, $enable_smilies, $img_status, $flash_status, true, $config['allow_post_links']); // On a refresh we do not care about message parsing errors - if (sizeof($message_parser->warn_msg) && !$refresh) + if (count($message_parser->warn_msg) && !$refresh) { $error[] = implode('<br />', $message_parser->warn_msg); } @@ -840,14 +841,14 @@ function compose_pm($id, $mode, $action, $user_folders = array()) $error[] = $user->lang['EMPTY_MESSAGE_SUBJECT']; } - if (!sizeof($address_list)) + if (!count($address_list)) { $error[] = $user->lang['NO_RECIPIENT']; } } // Store message, sync counters - if (!sizeof($error) && $submit) + if (!count($error) && $submit) { $pm_data = array( 'msg_id' => (int) $msg_id, @@ -904,7 +905,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) } // Preview - if (!sizeof($error) && $preview) + if (!count($error) && $preview) { $preview_message = $message_parser->format_display($enable_bbcode, $enable_urls, $enable_smilies, false); @@ -915,13 +916,8 @@ function compose_pm($id, $mode, $action, $user_folders = array()) // Signature if ($enable_sig && $config['allow_sig'] && $preview_signature) { - $parse_sig = new parse_message($preview_signature); - $parse_sig->bbcode_uid = $preview_signature_uid; - $parse_sig->bbcode_bitfield = $preview_signature_bitfield; - - $parse_sig->format_display($config['allow_sig_bbcode'], $config['allow_sig_links'], $config['allow_sig_smilies']); - $preview_signature = $parse_sig->message; - unset($parse_sig); + $bbcode_flags = ($enable_bbcode ? OPTION_FLAG_BBCODE : 0) + ($enable_smilies ? OPTION_FLAG_SMILIES : 0) + ($enable_urls ? OPTION_FLAG_LINKS : 0); + $preview_signature = generate_text_for_display($preview_signature, $preview_signature_uid, $preview_signature_bitfield, $bbcode_flags); } else { @@ -929,7 +925,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) } // Attachment Preview - if (sizeof($message_parser->attachment_data)) + if (count($message_parser->attachment_data)) { $template->assign_var('S_HAS_ATTACHMENTS', true); @@ -949,7 +945,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) $preview_subject = censor_text($subject); - if (!sizeof($error)) + if (!count($error)) { $template->assign_vars(array( 'PREVIEW_SUBJECT' => $preview_subject, @@ -963,7 +959,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) } // Decode text for message display - $bbcode_uid = (($action == 'quote' || $action == 'forward') && !$preview && !$refresh && (!sizeof($error) || (sizeof($error) && !$submit))) ? $bbcode_uid : $message_parser->bbcode_uid; + $bbcode_uid = (($action == 'quote' || $action == 'forward') && !$preview && !$refresh && (!count($error) || (count($error) && !$submit))) ? $bbcode_uid : $message_parser->bbcode_uid; $message_parser->decode_message($bbcode_uid); @@ -971,10 +967,19 @@ function compose_pm($id, $mode, $action, $user_folders = array()) { if ($action == 'quotepost') { - $post_id = request_var('p', 0); + $post_id = $request->variable('p', 0); if ($config['allow_post_links']) { - $message_link = "[url=" . generate_board_url() . "/viewtopic.$phpEx?p={$post_id}#p{$post_id}]{$user->lang['SUBJECT']}{$user->lang['COLON']} {$message_subject}[/url]\n\n"; + $message_link = generate_board_url() . "/viewtopic.$phpEx?p={$post_id}#p{$post_id}"; + $message_link_subject = "{$user->lang['SUBJECT']}{$user->lang['COLON']} {$message_subject}"; + if ($bbcode_status) + { + $message_link = "[url=" . $message_link . "]" . $message_link_subject . "[/url]\n\n"; + } + else + { + $message_link = $message_link . " - " . $message_link_subject . "\n\n"; + } } else { @@ -985,12 +990,39 @@ function compose_pm($id, $mode, $action, $user_folders = array()) { $message_link = ''; } - $message_parser->message = $message_link . '[quote="' . $quote_username . '"]' . censor_text(trim($message_parser->message)) . "[/quote]\n"; + $quote_attributes = array( + 'author' => $quote_username, + 'time' => $post['message_time'], + 'user_id' => $post['author_id'], + ); + if ($action === 'quotepost') + { + $quote_attributes['post_id'] = $post['msg_id']; + } + if ($action === 'quote') + { + $quote_attributes['msg_id'] = $post['msg_id']; + } + /** @var \phpbb\language\language $language */ + $language = $phpbb_container->get('language'); + /** @var \phpbb\textformatter\utils_interface $text_formatter_utils */ + $text_formatter_utils = $phpbb_container->get('text_formatter.utils'); + phpbb_format_quote($language, $message_parser, $text_formatter_utils, $bbcode_status, $quote_attributes, $message_link); } if (($action == 'reply' || $action == 'quote' || $action == 'quotepost') && !$preview && !$refresh) { $message_subject = ((!preg_match('/^Re:/', $message_subject)) ? 'Re: ' : '') . censor_text($message_subject); + + /** + * This event allows you to modify the PM subject of the PM being quoted + * + * @event core.pm_modify_message_subject + * @var string message_subject String with the PM subject already censored. + * @since 3.2.8-RC1 + */ + $vars = array('message_subject'); + extract($phpbb_dispatcher->trigger_event('core.pm_modify_message_subject', compact($vars))); } if ($action == 'forward' && !$preview && !$refresh && !$submit) @@ -1013,7 +1045,11 @@ function compose_pm($id, $mode, $action, $user_folders = array()) $forward_text[] = sprintf($user->lang['FWD_FROM'], $quote_username_text); $forward_text[] = sprintf($user->lang['FWD_TO'], implode($user->lang['COMMA_SEPARATOR'], $fwd_to_field['to'])); - $message_parser->message = implode("\n", $forward_text) . "\n\n[quote="{$quote_username}"]\n" . censor_text(trim($message_parser->message)) . "\n[/quote]"; + $quote_text = $phpbb_container->get('text_formatter.utils')->generate_quote( + censor_text($message_parser->message), + array('author' => $quote_username) + ); + $message_parser->message = implode("\n", $forward_text) . "\n\n" . $quote_text; $message_subject = ((!preg_match('/^Fwd:/', $message_subject)) ? 'Fwd: ' : '') . censor_text($message_subject); } @@ -1038,7 +1074,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) // Build address list for display // array('u' => array($author_id => 'to')); - if (sizeof($address_list)) + if (count($address_list)) { // Get Usernames and Group Names $result = array(); @@ -1086,7 +1122,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) { if ($type == 'g') { - $row['name'] = ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['name']] : $row['name']; + $row['name'] = $group_helper->get_name($row['name']); } ${$type}[$row['id']] = array('name' => $row['name'], 'colour' => $row['colour']); @@ -1096,7 +1132,6 @@ function compose_pm($id, $mode, $action, $user_folders = array()) } // Now Build the address list - $plain_address_field = ''; foreach ($address_list as $type => $adr_ary) { foreach ($adr_ary as $id => $field) @@ -1178,28 +1213,30 @@ function compose_pm($id, $mode, $action, $user_folders = array()) break; } - $s_hidden_fields = '<input type="hidden" name="lastclick" value="' . $current_time . '" />'; - $s_hidden_fields .= (isset($check_value)) ? '<input type="hidden" name="status_switch" value="' . $check_value . '" />' : ''; + $s_hidden_fields = (isset($check_value)) ? '<input type="hidden" name="status_switch" value="' . $check_value . '" />' : ''; $s_hidden_fields .= ($draft_id || isset($_REQUEST['draft_loaded'])) ? '<input type="hidden" name="draft_loaded" value="' . ((isset($_REQUEST['draft_loaded'])) ? $request->variable('draft_loaded', 0) : $draft_id) . '" />' : ''; $form_enctype = (@ini_get('file_uploads') == '0' || strtolower(@ini_get('file_uploads')) == 'off' || !$config['allow_pm_attach'] || !$auth->acl_get('u_pm_attach')) ? '' : ' enctype="multipart/form-data"'; + /** @var \phpbb\controller\helper $controller_helper */ + $controller_helper = $phpbb_container->get('controller.helper'); + // Start assigning vars for main posting page ... - $template->assign_vars(array( + $template_ary = array( 'L_POST_A' => $page_title, 'L_ICON' => $user->lang['PM_ICON'], 'L_MESSAGE_BODY_EXPLAIN' => $user->lang('MESSAGE_BODY_EXPLAIN', (int) $config['max_post_chars']), 'SUBJECT' => (isset($message_subject)) ? $message_subject : '', 'MESSAGE' => $message_text, - 'BBCODE_STATUS' => ($bbcode_status) ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '">', '</a>'), + 'BBCODE_STATUS' => $user->lang(($bbcode_status ? 'BBCODE_IS_ON' : 'BBCODE_IS_OFF'), '<a href="' . $controller_helper->route('phpbb_help_bbcode_controller') . '">', '</a>'), 'IMG_STATUS' => ($img_status) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'], 'FLASH_STATUS' => ($flash_status) ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'], 'SMILIES_STATUS' => ($smilies_status) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'], 'URL_STATUS' => ($url_status) ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'], 'MAX_FONT_SIZE' => (int) $config['max_post_font_size'], 'MINI_POST_IMG' => $user->img('icon_post_target', $user->lang['PM']), - 'ERROR' => (sizeof($error)) ? implode('<br />', $error) : '', + 'ERROR' => (count($error)) ? implode('<br />', $error) : '', 'MAX_RECIPIENTS' => ($config['allow_mass_pm'] && ($auth->acl_get('u_masspm') || $auth->acl_get('u_masspm_group'))) ? $max_recipients : 0, 'S_COMPOSE_PM' => true, @@ -1230,7 +1267,19 @@ function compose_pm($id, $mode, $action, $user_folders = array()) 'S_CLOSE_PROGRESS_WINDOW' => isset($_POST['add_file']), 'U_PROGRESS_BAR' => append_sid("{$phpbb_root_path}posting.$phpEx", 'f=0&mode=popup'), 'UA_PROGRESS_BAR' => addslashes(append_sid("{$phpbb_root_path}posting.$phpEx", 'f=0&mode=popup')), - )); + ); + + /** + * Modify the default template vars + * + * @event core.ucp_pm_compose_template + * @var array template_ary Template variables + * @since 3.2.6-RC1 + */ + $vars = array('template_ary'); + extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_template', compact($vars))); + + $template->assign_vars($template_ary); // Build custom bbcodes array display_custom_bbcodes(); @@ -1263,7 +1312,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove_g, $add_to, $add_bcc) { global $auth, $db, $user; - global $request; + global $request, $phpbb_dispatcher; // Delete User [TO/BCC] if ($remove_u && $request->variable('remove_u', array(0 => ''))) @@ -1288,20 +1337,20 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove } // Add Selected Groups - $group_list = request_var('group_list', array(0)); + $group_list = $request->variable('group_list', array(0)); // Build usernames to add - $usernames = request_var('username', '', true); + $usernames = $request->variable('username', '', true); $usernames = (empty($usernames)) ? array() : array($usernames); - $username_list = request_var('username_list', '', true); + $username_list = $request->variable('username_list', '', true); if ($username_list) { $usernames = array_merge($usernames, explode("\n", $username_list)); } // If add to or add bcc not pressed, users could still have usernames listed they want to add... - if (!$add_to && !$add_bcc && (sizeof($group_list) || sizeof($usernames))) + if (!$add_to && !$add_bcc && (count($group_list) || count($usernames))) { $add_to = true; @@ -1311,7 +1360,7 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove $submit = false; // Preview is only true if there was also a message entered - if (request_var('message', '')) + if ($request->variable('message', '')) { $preview = true; } @@ -1322,7 +1371,7 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove { $type = ($add_to) ? 'to' : 'bcc'; - if (sizeof($group_list)) + if (count($group_list)) { foreach ($group_list as $group_id) { @@ -1334,13 +1383,13 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove $user_id_ary = array(); // Reveal the correct user_ids - if (sizeof($usernames)) + if (count($usernames)) { $user_id_ary = array(); user_get_id_name($user_id_ary, $usernames, array(USER_NORMAL, USER_FOUNDER, USER_INACTIVE)); // If there are users not existing, we will at least print a notice... - if (!sizeof($user_id_ary)) + if (!count($user_id_ary)) { $error[] = $user->lang['PM_NO_USERS']; } @@ -1409,7 +1458,7 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove $error[] = $user->lang['PM_USERS_REMOVED_NO_PERMISSION']; } - if (!sizeof(array_keys($address_list['u']))) + if (!count(array_keys($address_list['u']))) { return; } @@ -1440,10 +1489,25 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove $error[] = $user->lang['PM_USERS_REMOVED_NO_PERMISSION']; } } + + /** + * Event for additional message list actions + * + * @event core.message_list_actions + * @var array address_list The assoc array with the recipient user/group ids + * @var array error The array containing error data + * @var bool remove_u The variable for removing a user + * @var bool remove_g The variable for removing a group + * @var bool add_to The variable for adding a user to the [TO] field + * @var bool add_bcc The variable for adding a user to the [BCC] field + * @since 3.2.4-RC1 + */ + $vars = array('address_list', 'error', 'remove_u', 'remove_g', 'add_to', 'add_bcc'); + extract($phpbb_dispatcher->trigger_event('core.message_list_actions', compact($vars))); } /** -* Build the hidden field for the recipients. Needed, as the variable is not read via request_var. +* Build the hidden field for the recipients. Needed, as the variable is not read via $request->variable(). */ function build_address_field($address_list) { @@ -1467,7 +1531,7 @@ function num_recipients($address_list) foreach ($address_list as $field => $adr_ary) { - $num_recipients += sizeof($adr_ary); + $num_recipients += count($adr_ary); } return $num_recipients; diff --git a/phpBB/includes/ucp/ucp_pm_options.php b/phpBB/includes/ucp/ucp_pm_options.php index d1fc9d2c62..3861962516 100644 --- a/phpBB/includes/ucp/ucp_pm_options.php +++ b/phpBB/includes/ucp/ucp_pm_options.php @@ -24,7 +24,7 @@ if (!defined('IN_PHPBB')) */ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_conditions) { - global $phpbb_root_path, $phpEx, $user, $template, $auth, $config, $db; + global $phpbb_root_path, $phpEx, $user, $template, $config, $db, $request; $redirect_url = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&mode=options"); @@ -37,7 +37,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit trigger_error('FORM_INVALID'); } - $full_action = request_var('full_action', 0); + $full_action = $request->variable('full_action', 0); $set_folder_id = 0; switch ($full_action) @@ -47,7 +47,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit break; case 2: - $set_folder_id = request_var('full_move_to', PRIVMSGS_INBOX); + $set_folder_id = $request->variable('full_move_to', PRIVMSGS_INBOX); break; case 3: @@ -79,8 +79,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit { if (check_form_key('ucp_pm_options')) { - $folder_name = utf8_normalize_nfc(request_var('foldername', '', true)); - $msg = ''; + $folder_name = $request->variable('foldername', '', true); if ($folder_name) { @@ -135,8 +134,8 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit { if (check_form_key('ucp_pm_options')) { - $new_folder_name = utf8_normalize_nfc(request_var('new_folder_name', '', true)); - $rename_folder_id= request_var('rename_folder_id', 0); + $new_folder_name = $request->variable('new_folder_name', '', true); + $rename_folder_id= $request->variable('rename_folder_id', 0); if (!$new_folder_name) { @@ -178,11 +177,11 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit // Remove Folder if (isset($_POST['remove_folder'])) { - $remove_folder_id = request_var('remove_folder_id', 0); + $remove_folder_id = $request->variable('remove_folder_id', 0); // Default to "move all messages to inbox" - $remove_action = request_var('remove_action', 1); - $move_to = request_var('move_to', PRIVMSGS_INBOX); + $remove_action = $request->variable('remove_action', 1); + $move_to = $request->variable('move_to', PRIVMSGS_INBOX); // Move to same folder? if ($remove_action == 1 && $remove_folder_id == $move_to) @@ -291,13 +290,13 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit { if (check_form_key('ucp_pm_options')) { - $check_option = request_var('check_option', 0); - $rule_option = request_var('rule_option', 0); - $cond_option = request_var('cond_option', ''); - $action_option = explode('|', request_var('action_option', '')); - $rule_string = ($cond_option != 'none') ? utf8_normalize_nfc(request_var('rule_string', '', true)) : ''; - $rule_user_id = ($cond_option != 'none') ? request_var('rule_user_id', 0) : 0; - $rule_group_id = ($cond_option != 'none') ? request_var('rule_group_id', 0) : 0; + $check_option = $request->variable('check_option', 0); + $rule_option = $request->variable('rule_option', 0); + $cond_option = $request->variable('cond_option', ''); + $action_option = explode('|', $request->variable('action_option', '')); + $rule_string = ($cond_option != 'none') ? $request->variable('rule_string', '', true) : ''; + $rule_user_id = ($cond_option != 'none') ? $request->variable('rule_user_id', 0) : 0; + $rule_group_id = ($cond_option != 'none') ? $request->variable('rule_group_id', 0) : 0; $action = (int) $action_option[0]; $folder_id = (int) $action_option[1]; @@ -371,7 +370,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit // Remove Rule if (isset($_POST['delete_rule']) && !isset($_POST['cancel'])) { - $delete_id = array_keys(request_var('delete_rule', array(0 => 0))); + $delete_id = array_keys($request->variable('delete_rule', array(0 => 0))); $delete_id = (!empty($delete_id[0])) ? $delete_id[0] : 0; if (!$delete_id) @@ -507,20 +506,22 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit $rule_lang = $action_lang = $check_lang = array(); // Build all three language arrays - preg_replace('#^((RULE|ACTION|CHECK)_([A-Z0-9_]+))$#e', "\${strtolower('\\2') . '_lang'}[constant('\\1')] = \$user->lang['PM_\\2']['\\3']", array_keys(get_defined_constants())); + preg_replace_callback('#^((RULE|ACTION|CHECK)_([A-Z0-9_]+))$#', function ($match) use(&$rule_lang, &$action_lang, &$check_lang, $user) { + ${strtolower($match[2]) . '_lang'}[constant($match[1])] = $user->lang['PM_' . $match[2]][$match[3]]; + }, array_keys(get_defined_constants())); /* Rule Ordering: -> CHECK_* -> RULE_* [IN $global_privmsgs_rules:CHECK_*] -> [IF $rule_conditions[RULE_*] [|text|bool|user|group|own_group]] -> ACTION_* */ - $check_option = request_var('check_option', 0); - $rule_option = request_var('rule_option', 0); - $cond_option = request_var('cond_option', ''); - $action_option = request_var('action_option', ''); - $back = (isset($_REQUEST['back'])) ? request_var('back', array('' => 0)) : array(); + $check_option = $request->variable('check_option', 0); + $rule_option = $request->variable('rule_option', 0); + $cond_option = $request->variable('cond_option', ''); + $action_option = $request->variable('action_option', ''); + $back = (isset($_REQUEST['back'])) ? $request->variable('back', array('' => 0)) : array(); - if (sizeof($back)) + if (count($back)) { if ($action_option) { @@ -609,7 +610,7 @@ function define_check_option($hardcoded, $check_option, $check_lang) */ function define_action_option($hardcoded, $action_option, $action_lang, $folder) { - global $db, $template, $user; + global $template; $l_action = $s_action_options = ''; if ($hardcoded) @@ -698,7 +699,10 @@ function define_rule_option($hardcoded, $rule_option, $rule_lang, $check_ary) */ function define_cond_option($hardcoded, $cond_option, $rule_option, $global_rule_conditions) { - global $db, $template, $auth, $user; + global $db, $template, $auth, $user, $request, $phpbb_container; + + /** @var \phpbb\group\helper $group_helper */ + $group_helper = $phpbb_container->get('group_helper'); $template->assign_vars(array( 'S_COND_DEFINED' => true, @@ -717,12 +721,11 @@ function define_cond_option($hardcoded, $cond_option, $rule_option, $global_rule // Define Condition $condition = $global_rule_conditions[$rule_option]; - $current_value = ''; switch ($condition) { case 'text': - $rule_string = utf8_normalize_nfc(request_var('rule_string', '', true)); + $rule_string = $request->variable('rule_string', '', true); $template->assign_vars(array( 'S_TEXT_CONDITION' => true, @@ -735,8 +738,8 @@ function define_cond_option($hardcoded, $cond_option, $rule_option, $global_rule break; case 'user': - $rule_user_id = request_var('rule_user_id', 0); - $rule_string = utf8_normalize_nfc(request_var('rule_string', '', true)); + $rule_user_id = $request->variable('rule_user_id', 0); + $rule_string = $request->variable('rule_string', '', true); if ($rule_string && !$rule_user_id) { @@ -778,8 +781,8 @@ function define_cond_option($hardcoded, $cond_option, $rule_option, $global_rule break; case 'group': - $rule_group_id = request_var('rule_group_id', 0); - $rule_string = utf8_normalize_nfc(request_var('rule_string', '', true)); + $rule_group_id = $request->variable('rule_group_id', 0); + $rule_string = $request->variable('rule_string', '', true); $sql = 'SELECT g.group_id, g.group_name, g.group_type FROM ' . GROUPS_TABLE . ' g '; @@ -810,13 +813,13 @@ function define_cond_option($hardcoded, $cond_option, $rule_option, $global_rule { if ($rule_group_id && ($row['group_id'] == $rule_group_id)) { - $rule_string = (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']); + $rule_string = $group_helper->get_name($row['group_name']); } $s_class = ($row['group_type'] == GROUP_SPECIAL) ? ' class="sep"' : ''; $s_selected = ($row['group_id'] == $rule_group_id) ? ' selected="selected"' : ''; - $s_group_options .= '<option value="' . $row['group_id'] . '"' . $s_class . $s_selected . '>' . (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</option>'; + $s_group_options .= '<option value="' . $row['group_id'] . '"' . $s_class . $s_selected . '>' . $group_helper->get_name($row['group_name']) . '</option>'; } $db->sql_freeresult($result); diff --git a/phpBB/includes/ucp/ucp_pm_viewfolder.php b/phpBB/includes/ucp/ucp_pm_viewfolder.php index 3364206680..ce40a2507d 100644 --- a/phpBB/includes/ucp/ucp_pm_viewfolder.php +++ b/phpBB/includes/ucp/ucp_pm_viewfolder.php @@ -25,13 +25,15 @@ if (!defined('IN_PHPBB')) */ function view_folder($id, $mode, $folder_id, $folder) { - global $user, $template, $auth, $db, $cache; + global $user, $template, $auth, $db, $cache, $request; global $phpbb_root_path, $config, $phpEx; $submit_export = (isset($_POST['submit_export'])) ? true : false; $folder_info = get_pm_from($folder_id, $folder, $user->data['user_id']); + add_form_key('ucp_pm_view_folder'); + if (!$submit_export) { $user->add_lang('viewforum'); @@ -39,10 +41,7 @@ function view_folder($id, $mode, $folder_id, $folder) // Grab icons $icons = $cache->obtain_icons(); - $color_rows = array('marked', 'replied'); - - // only show the friend/foe color rows if the module is enabled - $zebra_enabled = false; + $color_rows = array('message_reported', 'marked', 'replied'); $_module = new p_master(); $_module->list_modules('ucp'); @@ -117,7 +116,7 @@ function view_folder($id, $mode, $folder_id, $folder) ); // Okay, lets dump out the page ... - if (sizeof($folder_info['pm_list'])) + if (count($folder_info['pm_list'])) { $address_list = array(); @@ -141,9 +140,9 @@ function view_folder($id, $mode, $folder_id, $folder) $row_indicator = ''; foreach ($color_rows as $var) { - if (($var != 'friend' && $var != 'foe' && $row['pm_' . $var]) + if (($var !== 'friend' && $var !== 'foe' && $row[($var === 'message_reported') ? $var : "pm_{$var}"]) || - (($var == 'friend' || $var == 'foe') && isset(${$var}[$row['author_id']]) && ${$var}[$row['author_id']])) + (($var === 'friend' || $var === 'foe') && isset(${$var}[$row['author_id']]) && ${$var}[$row['author_id']])) { $row_indicator = $var; break; @@ -196,9 +195,14 @@ function view_folder($id, $mode, $folder_id, $folder) } else { - $export_type = request_var('export_option', ''); - $enclosure = request_var('enclosure', ''); - $delimiter = request_var('delimiter', ''); + $export_type = $request->variable('export_option', ''); + $enclosure = $request->variable('enclosure', ''); + $delimiter = $request->variable('delimiter', ''); + + if (!check_form_key('ucp_pm_view_folder')) + { + trigger_error('FORM_INVALID'); + } if ($export_type == 'CSV' && ($delimiter === '' || $enclosure === '')) { @@ -239,7 +243,7 @@ function view_folder($id, $mode, $folder_id, $folder) $_types = array('u', 'g'); foreach ($_types as $ug_type) { - if (isset($address_temp[$message_id][$ug_type]) && sizeof($address_temp[$message_id][$ug_type])) + if (isset($address_temp[$message_id][$ug_type]) && count($address_temp[$message_id][$ug_type])) { if (!isset($address[$message_id][$ug_type])) { @@ -272,8 +276,8 @@ function view_folder($id, $mode, $folder_id, $folder) // There is the chance that all recipients of the message got deleted. To avoid creating // exports without recipients, we add a bogus "undisclosed recipient". - if (!(isset($address[$message_id]['g']) && sizeof($address[$message_id]['g'])) && - !(isset($address[$message_id]['u']) && sizeof($address[$message_id]['u']))) + if (!(isset($address[$message_id]['g']) && count($address[$message_id]['g'])) && + !(isset($address[$message_id]['u']) && count($address[$message_id]['u']))) { $address[$message_id]['u'] = array(); $address[$message_id]['u']['to'] = array(); @@ -397,15 +401,16 @@ function view_folder($id, $mode, $folder_id, $folder) */ function get_pm_from($folder_id, $folder, $user_id) { - global $user, $db, $template, $config, $auth, $phpbb_container, $phpbb_root_path, $phpEx, $phpbb_dispatcher; + global $user, $db, $template, $config, $auth, $phpbb_container, $phpbb_root_path, $phpEx, $request, $phpbb_dispatcher; - $start = request_var('start', 0); + $start = $request->variable('start', 0); // Additional vars later, pm ordering is mostly different from post ordering. :/ - $sort_days = request_var('st', 0); - $sort_key = request_var('sk', 't'); - $sort_dir = request_var('sd', 'd'); + $sort_days = $request->variable('st', 0); + $sort_key = $request->variable('sk', 't'); + $sort_dir = $request->variable('sd', 'd'); + /* @var $pagination \phpbb\pagination */ $pagination = $phpbb_container->get('pagination'); // PM ordering options diff --git a/phpBB/includes/ucp/ucp_pm_viewmessage.php b/phpBB/includes/ucp/ucp_pm_viewmessage.php index d7b9b32dbf..7c0091ef47 100644 --- a/phpBB/includes/ucp/ucp_pm_viewmessage.php +++ b/phpBB/includes/ucp/ucp_pm_viewmessage.php @@ -24,7 +24,7 @@ if (!defined('IN_PHPBB')) */ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) { - global $user, $template, $auth, $db, $cache, $phpbb_container; + global $user, $template, $auth, $db, $phpbb_container; global $phpbb_root_path, $request, $phpEx, $config, $phpbb_dispatcher; $user->add_lang(array('viewtopic', 'memberlist')); @@ -32,7 +32,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) $msg_id = (int) $msg_id; $folder_id = (int) $folder_id; $author_id = (int) $message_row['author_id']; - $view = request_var('view', ''); + $view = $request->variable('view', ''); // Not able to view message, it was deleted by the sender if ($message_row['pm_deleted']) @@ -41,6 +41,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) $message = $user->lang['NO_AUTH_READ_REMOVED_MESSAGE']; $message .= '<br /><br />' . sprintf($user->lang['RETURN_FOLDER'], '<a href="' . $meta_info . '">', '</a>'); + send_status_line(403, 'Forbidden'); trigger_error($message); } @@ -50,12 +51,10 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) trigger_error('NO_AUTH_READ_HOLD_MESSAGE'); } - // Grab icons - $icons = $cache->obtain_icons(); - // Load the custom profile fields if ($config['load_cpf_pm']) { + /* @var $cp \phpbb\profilefields\manager */ $cp = $phpbb_container->get('profilefields.manager'); $profile_fields = $cp->grab_profile_fields_data($author_id); @@ -114,7 +113,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) $db->sql_freeresult($result); // No attachments exist, but message table thinks they do so go ahead and reset attach flags - if (!sizeof($attachments)) + if (!count($attachments)) { $sql = 'UPDATE ' . PRIVMSGS_TABLE . " SET message_attachment = 0 @@ -135,7 +134,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) parse_attachments(false, $message, $attachments, $update_count); // Update the attachment download counts - if (sizeof($update_count)) + if (count($update_count)) { $sql = 'UPDATE ' . ATTACHMENTS_TABLE . ' SET download_count = download_count + 1 @@ -231,7 +230,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) 'U_DELETE' => ($auth->acl_get('u_pm_delete')) ? "$url&mode=compose&action=delete&f=$folder_id&p=" . $message_row['msg_id'] : '', 'U_EMAIL' => $user_info['email'], - 'U_REPORT' => ($config['allow_pm_report']) ? append_sid("{$phpbb_root_path}report.$phpEx", "pm=" . $message_row['msg_id']) : '', + 'U_REPORT' => ($config['allow_pm_report']) ? $phpbb_container->get('controller.helper')->route('phpbb_report_pm_controller', array('id' => $message_row['msg_id'])) : '', 'U_QUOTE' => ($auth->acl_get('u_sendpm') && $author_id != ANONYMOUS) ? "$url&mode=compose&action=quote&f=$folder_id&p=" . $message_row['msg_id'] : '', 'U_EDIT' => (($message_row['message_time'] > time() - ($config['pm_edit_time'] * 60) || !$config['pm_edit_time']) && $folder_id == PRIVMSGS_OUTBOX && $auth->acl_get('u_pm_edit')) ? "$url&mode=compose&action=edit&f=$folder_id&p=" . $message_row['msg_id'] : '', 'U_POST_REPLY_PM' => ($auth->acl_get('u_sendpm') && $author_id != ANONYMOUS) ? "$url&mode=compose&action=reply&f=$folder_id&p=" . $message_row['msg_id'] : '', @@ -241,7 +240,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) 'U_PM_ACTION' => $url . '&mode=compose&f=' . $folder_id . '&p=' . $message_row['msg_id'], - 'S_HAS_ATTACHMENTS' => (sizeof($attachments)) ? true : false, + 'S_HAS_ATTACHMENTS' => (count($attachments)) ? true : false, 'S_DISPLAY_NOTICE' => $display_notice && $message_row['message_attachment'], 'S_AUTHOR_DELETED' => ($author_id == ANONYMOUS) ? true : false, 'S_SPECIAL_FOLDER' => in_array($folder_id, array(PRIVMSGS_NO_BOX, PRIVMSGS_OUTBOX)), @@ -268,6 +267,8 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) * @var array user_info User data of the sender * @since 3.1.0-a1 * @changed 3.1.6-RC1 Added user_info into event + * @changed 3.2.2-RC1 Deprecated + * @deprecated 4.0.0 Event name is misspelled and is replaced with new event with correct name */ $vars = array( 'id', @@ -282,6 +283,37 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) ); extract($phpbb_dispatcher->trigger_event('core.ucp_pm_view_messsage', compact($vars))); + /** + * Modify pm and sender data before it is assigned to the template + * + * @event core.ucp_pm_view_message + * @var mixed id Active module category (can be int or string) + * @var string mode Active module + * @var int folder_id ID of the folder the message is in + * @var int msg_id ID of the private message + * @var array folder Array with data of user's message folders + * @var array message_row Array with message data + * @var array cp_row Array with senders custom profile field data + * @var array msg_data Template array with message data + * @var array user_info User data of the sender + * @var array attachments Attachments data + * @since 3.2.2-RC1 + * @changed 3.2.5-RC1 Added attachments + */ + $vars = array( + 'id', + 'mode', + 'folder_id', + 'msg_id', + 'folder', + 'message_row', + 'cp_row', + 'msg_data', + 'user_info', + 'attachments', + ); + extract($phpbb_dispatcher->trigger_event('core.ucp_pm_view_message', compact($vars))); + $template->assign_vars($msg_data); $contact_fields = array( @@ -331,7 +363,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) } // Display not already displayed Attachments for this post, we already parsed them. ;) - if (isset($attachments) && sizeof($attachments)) + if (isset($attachments) && count($attachments)) { foreach ($attachments as $attachment) { @@ -356,7 +388,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) */ function get_user_information($user_id, $user_row) { - global $db, $auth, $user, $cache; + global $db, $auth, $user; global $phpbb_root_path, $phpEx, $config; if (!$user_id) diff --git a/phpBB/includes/ucp/ucp_prefs.php b/phpBB/includes/ucp/ucp_prefs.php index e63e9b4c08..7785aeb07b 100644 --- a/phpBB/includes/ucp/ucp_prefs.php +++ b/phpBB/includes/ucp/ucp_prefs.php @@ -29,7 +29,7 @@ class ucp_prefs function main($id, $mode) { - global $config, $db, $user, $auth, $template, $phpbb_dispatcher, $phpbb_root_path, $phpEx; + global $config, $db, $user, $auth, $template, $phpbb_dispatcher, $request; $submit = (isset($_POST['submit'])) ? true : false; $error = $data = array(); @@ -40,16 +40,16 @@ class ucp_prefs case 'personal': add_form_key('ucp_prefs_personal'); $data = array( - 'notifymethod' => request_var('notifymethod', $user->data['user_notify_type']), - 'dateformat' => request_var('dateformat', $user->data['user_dateformat'], true), - 'lang' => basename(request_var('lang', $user->data['user_lang'])), - 'user_style' => request_var('user_style', (int) $user->data['user_style']), - 'tz' => request_var('tz', $user->data['user_timezone']), - - 'viewemail' => request_var('viewemail', (bool) $user->data['user_allow_viewemail']), - 'massemail' => request_var('massemail', (bool) $user->data['user_allow_massemail']), - 'hideonline' => request_var('hideonline', (bool) !$user->data['user_allow_viewonline']), - 'allowpm' => request_var('allowpm', (bool) $user->data['user_allow_pm']), + 'notifymethod' => $request->variable('notifymethod', $user->data['user_notify_type']), + 'dateformat' => $request->variable('dateformat', $user->data['user_dateformat'], true), + 'lang' => basename($request->variable('lang', $user->data['user_lang'])), + 'user_style' => $request->variable('user_style', (int) $user->data['user_style']), + 'tz' => $request->variable('tz', $user->data['user_timezone']), + + 'viewemail' => $request->variable('viewemail', (bool) $user->data['user_allow_viewemail']), + 'massemail' => $request->variable('massemail', (bool) $user->data['user_allow_massemail']), + 'hideonline' => $request->variable('hideonline', (bool) !$user->data['user_allow_viewonline']), + 'allowpm' => $request->variable('allowpm', (bool) $user->data['user_allow_pm']), ); if ($data['notifymethod'] == NOTIFY_IM && (!$config['jab_enable'] || !$user->data['user_jabber'] || !@extension_loaded('xml'))) @@ -96,7 +96,7 @@ class ucp_prefs $error[] = 'FORM_INVALID'; } - if (!sizeof($error)) + if (!count($error)) { $sql_ary = array( 'user_allow_pm' => $data['allowpm'], @@ -188,7 +188,7 @@ class ucp_prefs $db->sql_freeresult($result); $template->assign_vars(array( - 'ERROR' => (sizeof($error)) ? implode('<br />', $error) : '', + 'ERROR' => (count($error)) ? implode('<br />', $error) : '', 'S_NOTIFY_EMAIL' => ($data['notifymethod'] == NOTIFY_EMAIL) ? true : false, 'S_NOTIFY_IM' => ($data['notifymethod'] == NOTIFY_IM) ? true : false, @@ -221,20 +221,20 @@ class ucp_prefs add_form_key('ucp_prefs_view'); $data = array( - 'topic_sk' => request_var('topic_sk', (!empty($user->data['user_topic_sortby_type'])) ? $user->data['user_topic_sortby_type'] : 't'), - 'topic_sd' => request_var('topic_sd', (!empty($user->data['user_topic_sortby_dir'])) ? $user->data['user_topic_sortby_dir'] : 'd'), - 'topic_st' => request_var('topic_st', (!empty($user->data['user_topic_show_days'])) ? (int) $user->data['user_topic_show_days'] : 0), - - 'post_sk' => request_var('post_sk', (!empty($user->data['user_post_sortby_type'])) ? $user->data['user_post_sortby_type'] : 't'), - 'post_sd' => request_var('post_sd', (!empty($user->data['user_post_sortby_dir'])) ? $user->data['user_post_sortby_dir'] : 'a'), - 'post_st' => request_var('post_st', (!empty($user->data['user_post_show_days'])) ? (int) $user->data['user_post_show_days'] : 0), - - 'images' => request_var('images', (bool) $user->optionget('viewimg')), - 'flash' => request_var('flash', (bool) $user->optionget('viewflash')), - 'smilies' => request_var('smilies', (bool) $user->optionget('viewsmilies')), - 'sigs' => request_var('sigs', (bool) $user->optionget('viewsigs')), - 'avatars' => request_var('avatars', (bool) $user->optionget('viewavatars')), - 'wordcensor' => request_var('wordcensor', (bool) $user->optionget('viewcensors')), + 'topic_sk' => $request->variable('topic_sk', (!empty($user->data['user_topic_sortby_type'])) ? $user->data['user_topic_sortby_type'] : 't'), + 'topic_sd' => $request->variable('topic_sd', (!empty($user->data['user_topic_sortby_dir'])) ? $user->data['user_topic_sortby_dir'] : 'd'), + 'topic_st' => $request->variable('topic_st', (!empty($user->data['user_topic_show_days'])) ? (int) $user->data['user_topic_show_days'] : 0), + + 'post_sk' => $request->variable('post_sk', (!empty($user->data['user_post_sortby_type'])) ? $user->data['user_post_sortby_type'] : 't'), + 'post_sd' => $request->variable('post_sd', (!empty($user->data['user_post_sortby_dir'])) ? $user->data['user_post_sortby_dir'] : 'a'), + 'post_st' => $request->variable('post_st', (!empty($user->data['user_post_show_days'])) ? (int) $user->data['user_post_show_days'] : 0), + + 'images' => $request->variable('images', (bool) $user->optionget('viewimg')), + 'flash' => $request->variable('flash', (bool) $user->optionget('viewflash')), + 'smilies' => $request->variable('smilies', (bool) $user->optionget('viewsmilies')), + 'sigs' => $request->variable('sigs', (bool) $user->optionget('viewsigs')), + 'avatars' => $request->variable('avatars', (bool) $user->optionget('viewavatars')), + 'wordcensor' => $request->variable('wordcensor', (bool) $user->optionget('viewcensors')), ); /** @@ -277,7 +277,7 @@ class ucp_prefs $error[] = 'FORM_INVALID'; } - if (!sizeof($error)) + if (!count($error)) { $user->optionset('viewimg', $data['images']); $user->optionset('viewflash', $data['flash']); @@ -412,7 +412,7 @@ class ucp_prefs extract($phpbb_dispatcher->trigger_event('core.ucp_prefs_view_after', compact($vars))); $template->assign_vars(array( - 'ERROR' => (sizeof($error)) ? implode('<br />', $error) : '', + 'ERROR' => (count($error)) ? implode('<br />', $error) : '', 'S_IMAGES' => $data['images'], 'S_FLASH' => $data['flash'], @@ -436,10 +436,10 @@ class ucp_prefs case 'post': $data = array( - 'bbcode' => request_var('bbcode', $user->optionget('bbcode')), - 'smilies' => request_var('smilies', $user->optionget('smilies')), - 'sig' => request_var('sig', $user->optionget('attachsig')), - 'notify' => request_var('notify', (bool) $user->data['user_notify']), + 'bbcode' => $request->variable('bbcode', $user->optionget('bbcode')), + 'smilies' => $request->variable('smilies', $user->optionget('smilies')), + 'sig' => $request->variable('sig', $user->optionget('attachsig')), + 'notify' => $request->variable('notify', (bool) $user->data['user_notify']), ); add_form_key('ucp_prefs_post'); diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php index 4a3d8133b3..36ab3d0463 100644 --- a/phpBB/includes/ucp/ucp_profile.php +++ b/phpBB/includes/ucp/ucp_profile.php @@ -31,14 +31,12 @@ class ucp_profile function main($id, $mode) { - global $cache, $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx; - global $request, $phpbb_container, $phpbb_dispatcher; + global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx; + global $request, $phpbb_container, $phpbb_log, $phpbb_dispatcher; $user->add_lang('posting'); - $preview = $request->variable('preview', false, false, \phpbb\request\request_interface::POST); $submit = $request->variable('submit', false, false, \phpbb\request\request_interface::POST); - $delete = $request->variable('delete', false, false, \phpbb\request\request_interface::POST); $error = $data = array(); $s_hidden_fields = ''; @@ -47,8 +45,8 @@ class ucp_profile case 'reg_details': $data = array( - 'username' => utf8_normalize_nfc(request_var('username', $user->data['username'], true)), - 'email' => strtolower(request_var('email', $user->data['user_email'])), + 'username' => $request->variable('username', $user->data['username'], true), + 'email' => strtolower($request->variable('email', $user->data['user_email'])), 'new_password' => $request->variable('new_password', '', true), 'cur_password' => $request->variable('cur_password', '', true), 'password_confirm' => $request->variable('password_confirm', '', true), @@ -96,10 +94,11 @@ class ucp_profile } // Instantiate passwords manager + /* @var $passwords_manager \phpbb\passwords\manager */ $passwords_manager = $phpbb_container->get('passwords.manager'); // Only check the new password against the previous password if there have been no errors - if (!sizeof($error) && $auth->acl_get('u_chgpasswd') && $data['new_password'] && $passwords_manager->check($data['new_password'], $user->data['user_password'])) + if (!count($error) && $auth->acl_get('u_chgpasswd') && $data['new_password'] && $passwords_manager->check($data['new_password'], $user->data['user_password'])) { $error[] = 'SAME_PASSWORD_ERROR'; } @@ -126,7 +125,7 @@ class ucp_profile $vars = array('data', 'submit', 'error'); extract($phpbb_dispatcher->trigger_event('core.ucp_profile_reg_details_validate', compact($vars))); - if (!sizeof($error)) + if (!count($error)) { $sql_ary = array( 'username' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? $data['username'] : $user->data['username'], @@ -134,23 +133,36 @@ class ucp_profile 'user_email' => ($auth->acl_get('u_chgemail')) ? $data['email'] : $user->data['user_email'], 'user_email_hash' => ($auth->acl_get('u_chgemail')) ? phpbb_email_hash($data['email']) : $user->data['user_email_hash'], 'user_password' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? $passwords_manager->hash($data['new_password']) : $user->data['user_password'], - 'user_passchg' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? time() : 0, ); if ($auth->acl_get('u_chgname') && $config['allow_namechange'] && $data['username'] != $user->data['username']) { - add_log('user', $user->data['user_id'], 'LOG_USER_UPDATE_NAME', $user->data['username'], $data['username']); + $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_UPDATE_NAME', false, array( + 'reportee_id' => $user->data['user_id'], + $user->data['username'], + $data['username'] + )); } if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && !$passwords_manager->check($data['new_password'], $user->data['user_password'])) { + $sql_ary['user_passchg'] = time(); + $user->reset_login_keys(); - add_log('user', $user->data['user_id'], 'LOG_USER_NEW_PASSWORD', $data['username']); + $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_NEW_PASSWORD', false, array( + 'reportee_id' => $user->data['user_id'], + $user->data['username'] + )); } if ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email']) { - add_log('user', $user->data['user_id'], 'LOG_USER_UPDATE_EMAIL', $data['username'], $user->data['user_email'], $data['email']); + $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_UPDATE_EMAIL', false, array( + 'reportee_id' => $user->data['user_id'], + $user->data['username'], + $user->data['user_email'], + $data['email'] + )); } $message = 'PROFILE_UPDATED'; @@ -209,7 +221,7 @@ class ucp_profile $vars = array('data', 'sql_ary'); extract($phpbb_dispatcher->trigger_event('core.ucp_profile_reg_details_sql_ary', compact($vars))); - if (sizeof($sql_ary)) + if (count($sql_ary)) { $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' @@ -246,7 +258,7 @@ class ucp_profile } $template->assign_vars(array( - 'ERROR' => (sizeof($error)) ? implode('<br />', $error) : '', + 'ERROR' => (count($error)) ? implode('<br />', $error) : '', 'USERNAME' => $data['username'], 'EMAIL' => $data['email'], @@ -268,15 +280,17 @@ class ucp_profile // Do not display profile information panel if not authed to do so if (!$auth->acl_get('u_chgprofileinfo')) { + send_status_line(403, 'Forbidden'); trigger_error('NO_AUTH_PROFILEINFO'); } + /* @var $cp \phpbb\profilefields\manager */ $cp = $phpbb_container->get('profilefields.manager'); $cp_data = $cp_error = array(); $data = array( - 'jabber' => utf8_normalize_nfc(request_var('jabber', $user->data['user_jabber'], true)), + 'jabber' => $request->variable('jabber', $user->data['user_jabber'], true), ); if ($config['allow_birthdays']) @@ -288,9 +302,9 @@ class ucp_profile list($data['bday_day'], $data['bday_month'], $data['bday_year']) = explode('-', $user->data['user_birthday']); } - $data['bday_day'] = request_var('bday_day', $data['bday_day']); - $data['bday_month'] = request_var('bday_month', $data['bday_month']); - $data['bday_year'] = request_var('bday_year', $data['bday_year']); + $data['bday_day'] = $request->variable('bday_day', $data['bday_day']); + $data['bday_month'] = $request->variable('bday_month', $data['bday_month']); + $data['bday_year'] = $request->variable('bday_year', $data['bday_year']); $data['user_birthday'] = sprintf('%2d-%2d-%4d', $data['bday_day'], $data['bday_month'], $data['bday_year']); } @@ -330,7 +344,7 @@ class ucp_profile // validate custom profile fields $cp->submit_cp_field('profile', $user->get_iso_lang_id(), $cp_data, $cp_error); - if (sizeof($cp_error)) + if (count($cp_error)) { $error = array_merge($error, $cp_error); } @@ -352,7 +366,7 @@ class ucp_profile $vars = array('data', 'submit', 'error'); extract($phpbb_dispatcher->trigger_event('core.ucp_profile_validate_profile_info', compact($vars))); - if (!sizeof($error)) + if (!count($error)) { $data['notify'] = $user->data['user_notify_type']; @@ -417,7 +431,6 @@ class ucp_profile $selected = ($i == $data['bday_month']) ? ' selected="selected"' : ''; $s_birthday_month_options .= "<option value=\"$i\"$selected>$i</option>"; } - $s_birthday_year_options = ''; $now = getdate(); $s_birthday_year_options = '<option value="0"' . ((!$data['bday_year']) ? ' selected="selected"' : '') . '>--</option>'; @@ -437,7 +450,7 @@ class ucp_profile } $template->assign_vars(array( - 'ERROR' => (sizeof($error)) ? implode('<br />', $error) : '', + 'ERROR' => (count($error)) ? implode('<br />', $error) : '', 'S_JABBER_ENABLED' => $config['jab_enable'], 'JABBER' => $data['jabber'], )); @@ -453,128 +466,151 @@ class ucp_profile if (!$auth->acl_get('u_sig')) { + send_status_line(403, 'Forbidden'); trigger_error('NO_AUTH_SIGNATURE'); } - include($phpbb_root_path . 'includes/functions_posting.' . $phpEx); - include($phpbb_root_path . 'includes/functions_display.' . $phpEx); + if (!function_exists('generate_smilies')) + { + include($phpbb_root_path . 'includes/functions_posting.' . $phpEx); + } + + if (!function_exists('display_custom_bbcodes')) + { + include($phpbb_root_path . 'includes/functions_display.' . $phpEx); + } + + $preview = $request->is_set_post('preview'); - $enable_bbcode = ($config['allow_sig_bbcode']) ? (bool) $user->optionget('sig_bbcode') : false; - $enable_smilies = ($config['allow_sig_smilies']) ? (bool) $user->optionget('sig_smilies') : false; - $enable_urls = ($config['allow_sig_links']) ? (bool) $user->optionget('sig_links') : false; + $enable_bbcode = ($config['allow_sig_bbcode']) ? $user->optionget('sig_bbcode') : false; + $enable_smilies = ($config['allow_sig_smilies']) ? $user->optionget('sig_smilies') : false; + $enable_urls = ($config['allow_sig_links']) ? $user->optionget('sig_links') : false; - $signature = utf8_normalize_nfc(request_var('signature', (string) $user->data['user_sig'], true)); + $bbcode_flags = ($enable_bbcode ? OPTION_FLAG_BBCODE : 0) + ($enable_smilies ? OPTION_FLAG_SMILIES : 0) + ($enable_urls ? OPTION_FLAG_LINKS : 0); - add_form_key('ucp_sig'); + $decoded_message = generate_text_for_edit($user->data['user_sig'], $user->data['user_sig_bbcode_uid'], $bbcode_flags); + $signature = $request->variable('signature', $decoded_message['text'], true); + $signature_preview = ''; if ($submit || $preview) { - include($phpbb_root_path . 'includes/message_parser.' . $phpEx); + $enable_bbcode = ($config['allow_sig_bbcode']) ? !$request->variable('disable_bbcode', false) : false; + $enable_smilies = ($config['allow_sig_smilies']) ? !$request->variable('disable_smilies', false) : false; + $enable_urls = ($config['allow_sig_links']) ? !$request->variable('disable_magic_url', false) : false; + + if (!check_form_key('ucp_sig')) + { + $error[] = 'FORM_INVALID'; + } + } - $enable_bbcode = ($config['allow_sig_bbcode']) ? ((request_var('disable_bbcode', false)) ? false : true) : false; - $enable_smilies = ($config['allow_sig_smilies']) ? ((request_var('disable_smilies', false)) ? false : true) : false; - $enable_urls = ($config['allow_sig_links']) ? ((request_var('disable_magic_url', false)) ? false : true) : false; + /** + * Modify user signature on editing profile in UCP + * + * @event core.ucp_profile_modify_signature + * @var bool enable_bbcode Whether or not bbcode is enabled + * @var bool enable_smilies Whether or not smilies are enabled + * @var bool enable_urls Whether or not urls are enabled + * @var string signature Users signature text + * @var array error Any error strings + * @var bool submit Whether or not the form has been sumitted + * @var bool preview Whether or not the signature is being previewed + * @since 3.1.10-RC1 + * @changed 3.2.0-RC2 Removed message parser + */ + $vars = array( + 'enable_bbcode', + 'enable_smilies', + 'enable_urls', + 'signature', + 'error', + 'submit', + 'preview', + ); + extract($phpbb_dispatcher->trigger_event('core.ucp_profile_modify_signature', compact($vars))); + + $bbcode_uid = $bbcode_bitfield = $bbcode_flags = ''; + $warn_msg = generate_text_for_storage( + $signature, + $bbcode_uid, + $bbcode_bitfield, + $bbcode_flags, + $enable_bbcode, + $enable_urls, + $enable_smilies, + $config['allow_sig_img'], + $config['allow_sig_flash'], + true, + $config['allow_sig_links'], + 'sig' + ); + + if (count($warn_msg)) + { + $error += $warn_msg; + } - if (!sizeof($error)) + if (!$submit) + { + // Parse it for displaying + $signature_preview = generate_text_for_display($signature, $bbcode_uid, $bbcode_bitfield, $bbcode_flags); + } + else + { + if (!count($error)) { - $message_parser = new parse_message($signature); + $user->optionset('sig_bbcode', $enable_bbcode); + $user->optionset('sig_smilies', $enable_smilies); + $user->optionset('sig_links', $enable_urls); + + $sql_ary = array( + 'user_sig' => $signature, + 'user_options' => $user->data['user_options'], + 'user_sig_bbcode_uid' => $bbcode_uid, + 'user_sig_bbcode_bitfield' => $bbcode_bitfield + ); /** - * Modify user signature on editing profile in UCP + * Modify user registration data before submitting it to the database * - * @event core.ucp_profile_modify_signature - * @var bool enable_bbcode Whether or not bbcode is enabled - * @var bool enable_smilies Whether or not smilies are enabled - * @var bool enable_urls Whether or not urls are enabled - * @var string signature Users signature text - * @var object message_parser The message parser object - * @var array error Any error strings - * @var bool submit Whether or not the form has been sumitted - * @var bool preview Whether or not the signature is being previewed + * @event core.ucp_profile_modify_signature_sql_ary + * @var array sql_ary Array with user signature data to submit to the database * @since 3.1.10-RC1 */ - $vars = array( - 'enable_bbcode', - 'enable_smilies', - 'enable_urls', - 'signature', - 'message_parser', - 'error', - 'submit', - 'preview', - ); - extract($phpbb_dispatcher->trigger_event('core.ucp_profile_modify_signature', compact($vars))); + $vars = array('sql_ary'); + extract($phpbb_dispatcher->trigger_event('core.ucp_profile_modify_signature_sql_ary', compact($vars))); - // Allowing Quote BBCode - $message_parser->parse($enable_bbcode, $enable_urls, $enable_smilies, $config['allow_sig_img'], $config['allow_sig_flash'], true, $config['allow_sig_links'], true, 'sig'); - - if (sizeof($message_parser->warn_msg)) - { - $error[] = implode('<br />', $message_parser->warn_msg); - } - - if (!check_form_key('ucp_sig')) - { - $error[] = 'FORM_INVALID'; - } - - if (!sizeof($error) && $submit) - { - $user->optionset('sig_bbcode', $enable_bbcode); - $user->optionset('sig_smilies', $enable_smilies); - $user->optionset('sig_links', $enable_urls); - - $sql_ary = array( - 'user_sig' => (string) $message_parser->message, - 'user_options' => $user->data['user_options'], - 'user_sig_bbcode_uid' => (string) $message_parser->bbcode_uid, - 'user_sig_bbcode_bitfield' => $message_parser->bbcode_bitfield - ); - - /** - * Modify user registration data before submitting it to the database - * - * @event core.ucp_profile_modify_signature_sql_ary - * @var array sql_ary Array with user signature data to submit to the database - * @since 3.1.10-RC1 - */ - $vars = array('sql_ary'); - extract($phpbb_dispatcher->trigger_event('core.ucp_profile_modify_signature_sql_ary', compact($vars))); - - $sql = 'UPDATE ' . USERS_TABLE . ' - SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' - WHERE user_id = ' . $user->data['user_id']; - $db->sql_query($sql); + $sql = 'UPDATE ' . USERS_TABLE . ' + SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' + WHERE user_id = ' . $user->data['user_id']; + $db->sql_query($sql); - $message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); - trigger_error($message); - } + $message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); + trigger_error($message); } - - // Replace "error" strings with their real, localised form - $error = array_map(array($user, 'lang'), $error); } - $signature_preview = ''; - if ($preview) + // Replace "error" strings with their real, localised form + $error = array_map(array($user, 'lang'), $error); + + if ($request->is_set_post('preview')) { - // Now parse it for displaying - $signature_preview = $message_parser->format_display($enable_bbcode, $enable_urls, $enable_smilies, false); - unset($message_parser); + $decoded_message = generate_text_for_edit($signature, $bbcode_uid, $bbcode_flags); } - decode_message($signature, $user->data['user_sig_bbcode_uid']); + /** @var \phpbb\controller\helper $controller_helper */ + $controller_helper = $phpbb_container->get('controller.helper'); $template->assign_vars(array( - 'ERROR' => (sizeof($error)) ? implode('<br />', $error) : '', - 'SIGNATURE' => $signature, + 'ERROR' => (count($error)) ? implode('<br />', $error) : '', + 'SIGNATURE' => $decoded_message['text'], 'SIGNATURE_PREVIEW' => $signature_preview, 'S_BBCODE_CHECKED' => (!$enable_bbcode) ? ' checked="checked"' : '', 'S_SMILIES_CHECKED' => (!$enable_smilies) ? ' checked="checked"' : '', 'S_MAGIC_URL_CHECKED' => (!$enable_urls) ? ' checked="checked"' : '', - 'BBCODE_STATUS' => ($config['allow_sig_bbcode']) ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '">', '</a>'), + 'BBCODE_STATUS' => $user->lang(($config['allow_sig_bbcode'] ? 'BBCODE_IS_ON' : 'BBCODE_IS_OFF'), '<a href="' . $controller_helper->route('phpbb_help_bbcode_controller') . '">', '</a>'), 'SMILIES_STATUS' => ($config['allow_sig_smilies']) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'], 'IMG_STATUS' => ($config['allow_sig_img']) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'], 'FLASH_STATUS' => ($config['allow_sig_flash']) ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'], @@ -590,6 +626,8 @@ class ucp_profile 'S_LINKS_ALLOWED' => ($config['allow_sig_links']) ? true : false) ); + add_form_key('ucp_sig'); + // Build custom bbcodes array display_custom_bbcodes(); @@ -606,6 +644,7 @@ class ucp_profile if ($config['allow_avatar'] && $auth->acl_get('u_chgavatar')) { + /* @var $phpbb_avatar_manager \phpbb\avatar\manager */ $phpbb_avatar_manager = $phpbb_container->get('avatar.manager'); $avatar_drivers = $phpbb_avatar_manager->get_enabled_drivers(); @@ -722,7 +761,7 @@ class ucp_profile $avatar = phpbb_get_user_avatar($user->data, 'USER_AVATAR', true); $template->assign_vars(array( - 'ERROR' => (sizeof($error)) ? implode('<br />', $error) : '', + 'ERROR' => (count($error)) ? implode('<br />', $error) : '', 'AVATAR' => $avatar, 'S_FORM_ENCTYPE' => ' enctype="multipart/form-data"', @@ -740,14 +779,14 @@ class ucp_profile if ($submit) { - $keys = request_var('keys', array('')); + $keys = $request->variable('keys', array('')); if (!check_form_key('ucp_autologin_keys')) { $error[] = 'FORM_INVALID'; } - if (!sizeof($error)) + if (!count($error)) { if (!empty($keys)) { @@ -794,7 +833,7 @@ class ucp_profile } $template->assign_vars(array( - 'ERROR' => (sizeof($error)) ? implode('<br />', $error) : '', + 'ERROR' => (count($error)) ? implode('<br />', $error) : '', 'L_TITLE' => $user->lang['UCP_PROFILE_' . strtoupper($mode)], diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php index 52ed410b04..03ac63b12b 100644 --- a/phpBB/includes/ucp/ucp_register.php +++ b/phpBB/includes/ucp/ucp_register.php @@ -29,7 +29,7 @@ class ucp_register function main($id, $mode) { - global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx; + global $config, $db, $user, $template, $phpbb_root_path, $phpEx; global $request, $phpbb_container, $phpbb_dispatcher; // @@ -39,11 +39,22 @@ class ucp_register trigger_error('UCP_REGISTER_DISABLE'); } - $coppa = $request->is_set('coppa') ? (int) $request->variable('coppa', false) : false; + $coppa = $request->is_set('coppa_yes') ? 1 : ($request->is_set('coppa_no') ? 0 : false); + $coppa = $request->is_set('coppa') ? $request->variable('coppa', 0) : $coppa; $agreed = $request->variable('agreed', false); $submit = $request->is_set_post('submit'); - $change_lang = request_var('change_lang', ''); - $user_lang = request_var('lang', $user->lang_name); + $change_lang = $request->variable('change_lang', ''); + $user_lang = $request->variable('lang', $user->lang_name); + + if ($agreed && !check_form_key('ucp_register')) + { + $agreed = false; + } + + if ($coppa !== false && !check_form_key('ucp_register')) + { + $coppa = false; + } /** * Add UCP register data before they are assigned to the template or submitted @@ -67,14 +78,7 @@ class ucp_register ); extract($phpbb_dispatcher->trigger_event('core.ucp_register_requests_after', compact($vars))); - if ($agreed) - { - add_form_key('ucp_register'); - } - else - { - add_form_key('ucp_register_terms'); - } + add_form_key('ucp_register'); if ($change_lang || $user_lang != $config['default_lang']) { @@ -99,6 +103,7 @@ class ucp_register } } + /* @var $cp \phpbb\profilefields\manager */ $cp = $phpbb_container->get('profilefields.manager'); $error = $cp_data = $cp_error = array(); @@ -110,6 +115,7 @@ class ucp_register if (!empty($login_link_data)) { // Confirm that we have all necessary data + /* @var $provider_collection \phpbb\auth\provider_collection */ $provider_collection = $phpbb_container->get('auth.provider_collection'); $auth_provider = $provider_collection->get_provider($request->variable('auth_provider', '')); @@ -135,10 +141,10 @@ class ucp_register { // We do not include the password $s_hidden_fields = array_merge($s_hidden_fields, array( - 'username' => utf8_normalize_nfc(request_var('username', '', true)), - 'email' => strtolower(request_var('email', '')), + 'username' => $request->variable('username', '', true), + 'email' => strtolower($request->variable('email', '')), 'lang' => $user->lang_name, - 'tz' => request_var('tz', $config['board_timezone']), + 'tz' => $request->variable('tz', $config['board_timezone']), )); } @@ -164,13 +170,10 @@ class ucp_register ->format($user->lang['DATE_FORMAT'], true); unset($now); - $template->assign_vars(array( - 'S_LANG_OPTIONS' => (sizeof($lang_row) > 1) ? language_select($user_lang) : '', - 'L_COPPA_NO' => sprintf($user->lang['UCP_COPPA_BEFORE'], $coppa_birthday), - 'L_COPPA_YES' => sprintf($user->lang['UCP_COPPA_ON_AFTER'], $coppa_birthday), - - 'U_COPPA_NO' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register&coppa=0'), - 'U_COPPA_YES' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register&coppa=1'), + $template_vars = array( + 'S_LANG_OPTIONS' => (count($lang_row) > 1) ? language_select($user_lang) : '', + 'L_COPPA_NO' => $user->lang('UCP_COPPA_BEFORE', $coppa_birthday), + 'L_COPPA_YES' => $user->lang('UCP_COPPA_ON_AFTER', $coppa_birthday), 'S_SHOW_COPPA' => true, 'S_HIDDEN_FIELDS' => build_hidden_fields($s_hidden_fields), @@ -178,12 +181,12 @@ class ucp_register 'COOKIE_NAME' => $config['cookie_name'], 'COOKIE_PATH' => $config['cookie_path'], - )); + ); } else { - $template->assign_vars(array( - 'S_LANG_OPTIONS' => (sizeof($lang_row) > 1) ? language_select($user_lang) : '', + $template_vars = array( + 'S_LANG_OPTIONS' => (count($lang_row) > 1) ? language_select($user_lang) : '', 'L_TERMS_OF_USE' => sprintf($user->lang['TERMS_OF_USE_CONTENT'], $config['sitename'], generate_board_url()), 'S_SHOW_COPPA' => false, @@ -193,11 +196,32 @@ class ucp_register 'COOKIE_NAME' => $config['cookie_name'], 'COOKIE_PATH' => $config['cookie_path'], - ) ); } + + $tpl_name = 'ucp_agreement'; + + /** + * Allows to modify the agreements. + * + * @event core.ucp_register_agreement_modify_template_data + * @var string tpl_name Template file + * @var array template_vars Array with data about to be assigned to the template + * @var array s_hidden_fields Array with hidden form elements + * @var array lang_row Array with available languages, read only + * @since 3.2.2-RC1 + */ + $vars = array('tpl_name', 'template_vars', 's_hidden_fields', 'lang_row'); + extract($phpbb_dispatcher->trigger_event('core.ucp_register_agreement_modify_template_data', compact($vars))); + unset($lang_row); + $template_vars = array_merge($template_vars, array( + 'S_HIDDEN_FIELDS' => build_hidden_fields($s_hidden_fields), + )); + + $template->assign_vars($template_vars); + /** * Allows to modify the agreements. * @@ -205,10 +229,11 @@ class ucp_register * * @event core.ucp_register_agreement * @since 3.1.6-RC1 + * @deprecated 3.2.2-RC1 Replaced by core.ucp_register_agreement_modify_template_data and to be removed in 3.3.0-RC1 */ $phpbb_dispatcher->dispatch('core.ucp_register_agreement'); - $this->tpl_name = 'ucp_agreement'; + $this->tpl_name = $tpl_name; return; } @@ -222,12 +247,12 @@ class ucp_register $timezone = $config['board_timezone']; $data = array( - 'username' => utf8_normalize_nfc(request_var('username', '', true)), + 'username' => $request->variable('username', '', true), 'new_password' => $request->variable('new_password', '', true), 'password_confirm' => $request->variable('password_confirm', '', true), - 'email' => strtolower(request_var('email', '')), - 'lang' => basename(request_var('lang', $user->lang_name)), - 'tz' => request_var('tz', $timezone), + 'email' => strtolower($request->variable('email', '')), + 'lang' => basename($request->variable('lang', $user->lang_name)), + 'tz' => $request->variable('tz', $timezone), ); /** * Add UCP register data before they are assigned to the template or submitted @@ -295,7 +320,7 @@ class ucp_register // validate custom profile fields $cp->submit_cp_field('register', $user->get_iso_lang_id(), $cp_data, $error); - if (!sizeof($error)) + if (!count($error)) { if ($data['new_password'] != $data['password_confirm']) { @@ -316,7 +341,7 @@ class ucp_register $vars = array('submit', 'data', 'cp_data', 'error'); extract($phpbb_dispatcher->trigger_event('core.ucp_register_data_after', compact($vars))); - if (!sizeof($error)) + if (!count($error)) { $server_url = generate_board_url(); @@ -356,6 +381,7 @@ class ucp_register } // Instantiate passwords manager + /* @var $passwords_manager \phpbb\passwords\manager */ $passwords_manager = $phpbb_container->get('passwords.manager'); $user_row = array( @@ -456,11 +482,38 @@ class ucp_register ); } + /** + * Modify messenger data before welcome mail is sent + * + * @event core.ucp_register_welcome_email_before + * @var array user_row Array with user registration data + * @var array cp_data Array with custom profile fields data + * @var array data Array with current ucp registration data + * @var string message Message to be displayed to the user after registration + * @var string server_url Server URL + * @var int user_id New user ID + * @var string user_actkey User activation key + * @var messenger messenger phpBB Messenger + * @since 3.2.4-RC1 + */ + $vars = array( + 'user_row', + 'cp_data', + 'data', + 'message', + 'server_url', + 'user_id', + 'user_actkey', + 'messenger', + ); + extract($phpbb_dispatcher->trigger_event('core.ucp_register_welcome_email_before', compact($vars))); + $messenger->send(NOTIFY_EMAIL); } if ($config['require_activation'] == USER_ACTIVATION_ADMIN) { + /* @var $phpbb_notifications \phpbb\notification\manager */ $phpbb_notifications = $phpbb_container->get('notification_manager'); $phpbb_notifications->add_notifications('notification.type.admin_activate_user', array( 'user_id' => $user_id, @@ -482,6 +535,30 @@ class ucp_register } } + /** + * Perform additional actions after user registration + * + * @event core.ucp_register_register_after + * @var array user_row Array with user registration data + * @var array cp_data Array with custom profile fields data + * @var array data Array with current ucp registration data + * @var string message Message to be displayed to the user after registration + * @var string server_url Server URL + * @var int user_id New user ID + * @var string user_actkey User activation key + * @since 3.2.4-RC1 + */ + $vars = array( + 'user_row', + 'cp_data', + 'data', + 'message', + 'server_url', + 'user_id', + 'user_actkey', + ); + extract($phpbb_dispatcher->trigger_event('core.ucp_register_register_after', compact($vars))); + $message = $message . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>'); trigger_error($message); } @@ -501,8 +578,6 @@ class ucp_register { $s_hidden_fields = array_merge($s_hidden_fields, $captcha->get_hidden_fields()); } - $s_hidden_fields = build_hidden_fields($s_hidden_fields); - $confirm_image = ''; // Visual Confirmation - Show images if ($config['enable_confirm']) @@ -525,9 +600,10 @@ class ucp_register break; } - $timezone_selects = phpbb_timezone_select($template, $user, $data['tz'], true); - $template->assign_vars(array( - 'ERROR' => (sizeof($error)) ? implode('<br />', $error) : '', + // Assign template vars for timezone select + phpbb_timezone_select($template, $user, $data['tz'], true); + + $template_vars = array( 'USERNAME' => $data['username'], 'PASSWORD' => $data['new_password'], 'PASSWORD_CONFIRM' => $data['password_confirm'], @@ -542,13 +618,41 @@ class ucp_register 'S_CONFIRM_REFRESH' => ($config['enable_confirm'] && $config['confirm_refresh']) ? true : false, 'S_REGISTRATION' => true, 'S_COPPA' => $coppa, - 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_UCP_ACTION' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register'), 'COOKIE_NAME' => $config['cookie_name'], 'COOKIE_PATH' => $config['cookie_path'], + ); + + $tpl_name = 'ucp_register'; + + /** + * Modify template data on the registration page + * + * @event core.ucp_register_modify_template_data + * @var array template_vars Array with template data + * @var array data Array with user data, read only + * @var array error Array with errors + * @var array s_hidden_fields Array with hidden field elements + * @var string tpl_name Template name + * @since 3.2.2-RC1 + */ + $vars = array( + 'template_vars', + 'data', + 'error', + 's_hidden_fields', + 'tpl_name', + ); + extract($phpbb_dispatcher->trigger_event('core.ucp_register_modify_template_data', compact($vars))); + + $template_vars = array_merge($template_vars, array( + 'ERROR' => (count($error)) ? implode('<br />', $error) : '', + 'S_HIDDEN_FIELDS' => build_hidden_fields($s_hidden_fields), )); + $template->assign_vars($template_vars); + // $user->profile_fields = array(); @@ -556,8 +660,7 @@ class ucp_register $cp->generate_profile_fields('register', $user->get_iso_lang_id()); // - $this->tpl_name = 'ucp_register'; - $this->page_title = 'UCP_REGISTRATION'; + $this->tpl_name = $tpl_name; } /** diff --git a/phpBB/includes/ucp/ucp_remind.php b/phpBB/includes/ucp/ucp_remind.php index 497bf6a2c4..e50428bfea 100644 --- a/phpBB/includes/ucp/ucp_remind.php +++ b/phpBB/includes/ucp/ucp_remind.php @@ -29,16 +29,16 @@ class ucp_remind function main($id, $mode) { - global $config, $phpbb_root_path, $phpEx; - global $db, $user, $auth, $template, $phpbb_container, $phpbb_dispatcher; + global $config, $phpbb_root_path, $phpEx, $request; + global $db, $user, $template, $phpbb_container, $phpbb_dispatcher; if (!$config['allow_password_reset']) { trigger_error($user->lang('UCP_PASSWORD_RESET_DISABLED', '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>')); } - $username = request_var('username', '', true); - $email = strtolower(request_var('email', '')); + $username = $request->variable('username', '', true); + $email = strtolower($request->variable('email', '')); $submit = (isset($_POST['submit'])) ? true : false; add_form_key('ucp_remind'); @@ -50,11 +50,16 @@ class ucp_remind trigger_error('FORM_INVALID'); } + if (empty($email)) + { + trigger_error('NO_EMAIL_USER'); + } + $sql_array = array( 'SELECT' => 'user_id, username, user_permissions, user_email, user_jabber, user_notify_type, user_type, user_lang, user_inactive_reason', 'FROM' => array(USERS_TABLE => 'u'), - 'WHERE' => "user_email_hash = '" . $db->sql_escape(phpbb_email_hash($email)) . "' - AND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'" + 'WHERE' => "user_email_hash = '" . $db->sql_escape(phpbb_email_hash($email)) . "'" . + (!empty($username) ? " AND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'" : ''), ); /** @@ -74,80 +79,87 @@ class ucp_remind extract($phpbb_dispatcher->trigger_event('core.ucp_remind_modify_select_sql', compact($vars))); $sql = $db->sql_build_query('SELECT', $sql_array); - $result = $db->sql_query($sql); - $user_row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); + $result = $db->sql_query_limit($sql, 2); // don't waste resources on more rows than we need + $rowset = $db->sql_fetchrowset($result); - if (!$user_row) + if (count($rowset) > 1) { - trigger_error('NO_EMAIL_USER'); - } + $db->sql_freeresult($result); - if ($user_row['user_type'] == USER_IGNORE) - { - trigger_error('NO_USER'); + $template->assign_vars(array( + 'USERNAME_REQUIRED' => true, + 'EMAIL' => $email, + )); } - - if ($user_row['user_type'] == USER_INACTIVE) + else { - if ($user_row['user_inactive_reason'] == INACTIVE_MANUAL) + $message = $user->lang['PASSWORD_UPDATED_IF_EXISTED'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>'); + + if (empty($rowset)) { - trigger_error('ACCOUNT_DEACTIVATED'); + trigger_error($message); } - else + + $user_row = $rowset[0]; + $db->sql_freeresult($result); + + if (!$user_row) { - trigger_error('ACCOUNT_NOT_ACTIVATED'); + trigger_error($message); } - } - // Check users permissions - $auth2 = new \phpbb\auth\auth(); - $auth2->acl($user_row); + if ($user_row['user_type'] == USER_IGNORE || $user_row['user_type'] == USER_INACTIVE) + { + trigger_error($message); + } - if (!$auth2->acl_get('u_chgpasswd')) - { - trigger_error('NO_AUTH_PASSWORD_REMINDER'); - } + // Check users permissions + $auth2 = new \phpbb\auth\auth(); + $auth2->acl($user_row); - $server_url = generate_board_url(); + if (!$auth2->acl_get('u_chgpasswd')) + { + trigger_error($message); + } - // Make password at least 8 characters long, make it longer if admin wants to. - // gen_rand_string() however has a limit of 12 or 13. - $user_password = gen_rand_string_friendly(max(8, mt_rand((int) $config['min_pass_chars'], (int) $config['max_pass_chars']))); + $server_url = generate_board_url(); - // For the activation key a random length between 6 and 10 will do. - $user_actkey = gen_rand_string(mt_rand(6, 10)); + // Make password at least 8 characters long, make it longer if admin wants to. + // gen_rand_string() however has a limit of 12 or 13. + $user_password = gen_rand_string_friendly(max(8, mt_rand((int) $config['min_pass_chars'], (int) $config['max_pass_chars']))); - // Instantiate passwords manager - $passwords_manager = $phpbb_container->get('passwords.manager'); + // For the activation key a random length between 6 and 10 will do. + $user_actkey = gen_rand_string(mt_rand(6, 10)); - $sql = 'UPDATE ' . USERS_TABLE . " - SET user_newpasswd = '" . $db->sql_escape($passwords_manager->hash($user_password)) . "', user_actkey = '" . $db->sql_escape($user_actkey) . "' - WHERE user_id = " . $user_row['user_id']; - $db->sql_query($sql); + // Instantiate passwords manager + /* @var $manager \phpbb\passwords\manager */ + $passwords_manager = $phpbb_container->get('passwords.manager'); - include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); + $sql = 'UPDATE ' . USERS_TABLE . " + SET user_newpasswd = '" . $db->sql_escape($passwords_manager->hash($user_password)) . "', user_actkey = '" . $db->sql_escape($user_actkey) . "' + WHERE user_id = " . $user_row['user_id']; + $db->sql_query($sql); - $messenger = new messenger(false); + include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); - $messenger->template('user_activate_passwd', $user_row['user_lang']); + $messenger = new messenger(false); - $messenger->set_addresses($user_row); + $messenger->template('user_activate_passwd', $user_row['user_lang']); - $messenger->anti_abuse_headers($config, $user); + $messenger->set_addresses($user_row); - $messenger->assign_vars(array( - 'USERNAME' => htmlspecialchars_decode($user_row['username']), - 'PASSWORD' => htmlspecialchars_decode($user_password), - 'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k=$user_actkey") - ); + $messenger->anti_abuse_headers($config, $user); - $messenger->send($user_row['user_notify_type']); + $messenger->assign_vars(array( + 'USERNAME' => htmlspecialchars_decode($user_row['username']), + 'PASSWORD' => htmlspecialchars_decode($user_password), + 'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k=$user_actkey") + ); - meta_refresh(3, append_sid("{$phpbb_root_path}index.$phpEx")); + $messenger->send($user_row['user_notify_type']); - $message = $user->lang['PASSWORD_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>'); - trigger_error($message); + trigger_error($message); + } } $template->assign_vars(array( diff --git a/phpBB/includes/ucp/ucp_resend.php b/phpBB/includes/ucp/ucp_resend.php index 9fe8850000..44c54100cd 100644 --- a/phpBB/includes/ucp/ucp_resend.php +++ b/phpBB/includes/ucp/ucp_resend.php @@ -30,10 +30,10 @@ class ucp_resend function main($id, $mode) { global $config, $phpbb_root_path, $phpEx; - global $db, $user, $auth, $template; + global $db, $user, $auth, $template, $request; - $username = request_var('username', '', true); - $email = strtolower(request_var('email', '')); + $username = $request->variable('username', '', true); + $email = strtolower($request->variable('email', '')); $submit = (isset($_POST['submit'])) ? true : false; add_form_key('ucp_resend'); diff --git a/phpBB/includes/ucp/ucp_zebra.php b/phpBB/includes/ucp/ucp_zebra.php index dbf8cf31c1..b4c561fc76 100644 --- a/phpBB/includes/ucp/ucp_zebra.php +++ b/phpBB/includes/ucp/ucp_zebra.php @@ -25,7 +25,7 @@ class ucp_zebra function main($id, $mode) { - global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx, $request, $phpbb_dispatcher; + global $db, $user, $auth, $template, $phpbb_root_path, $phpEx, $request, $phpbb_dispatcher; $submit = (isset($_POST['submit']) || isset($_GET['add']) || isset($_GET['remove'])) ? true : false; $s_hidden_fields = ''; @@ -44,10 +44,10 @@ class ucp_zebra foreach ($var_ary as $var => $default) { - $data[$var] = request_var($var, $default, true); + $data[$var] = $request->variable($var, $default, true); } - if (!empty($data['add']) || sizeof($data['usernames'])) + if (!empty($data['add']) || count($data['usernames'])) { if (confirm_box(true)) { @@ -105,35 +105,35 @@ class ucp_zebra $db->sql_freeresult($result); // remove friends from the username array - $n = sizeof($data['add']); + $n = count($data['add']); $data['add'] = array_diff($data['add'], $friends); - if (sizeof($data['add']) < $n && $mode == 'foes') + if (count($data['add']) < $n && $mode == 'foes') { $error[] = $user->lang['NOT_ADDED_FOES_FRIENDS']; } // remove foes from the username array - $n = sizeof($data['add']); + $n = count($data['add']); $data['add'] = array_diff($data['add'], $foes); - if (sizeof($data['add']) < $n && $mode == 'friends') + if (count($data['add']) < $n && $mode == 'friends') { $error[] = $user->lang['NOT_ADDED_FRIENDS_FOES']; } // remove the user himself from the username array - $n = sizeof($data['add']); + $n = count($data['add']); $data['add'] = array_diff($data['add'], array(utf8_clean_string($user->data['username']))); - if (sizeof($data['add']) < $n) + if (count($data['add']) < $n) { $error[] = $user->lang['NOT_ADDED_' . $l_mode . '_SELF']; } unset($friends, $foes, $n); - if (sizeof($data['add'])) + if (count($data['add'])) { $sql = 'SELECT user_id, user_type FROM ' . USERS_TABLE . ' @@ -159,7 +159,7 @@ class ucp_zebra } $db->sql_freeresult($result); - if (sizeof($user_id_ary)) + if (count($user_id_ary)) { // Remove users from foe list if they are admins or moderators if ($mode == 'foes') @@ -175,7 +175,7 @@ class ucp_zebra $perms = array_unique($perms); - if (sizeof($perms)) + if (count($perms)) { $error[] = $user->lang['NOT_ADDED_FOES_MOD_ADMIN']; } @@ -185,7 +185,7 @@ class ucp_zebra unset($perms); } - if (sizeof($user_id_ary)) + if (count($user_id_ary)) { $sql_mode = ($mode == 'friends') ? 'friend' : 'foe'; @@ -218,7 +218,7 @@ class ucp_zebra } unset($user_id_ary); } - else if (!sizeof($error)) + else if (!count($error)) { $error[] = $user->lang['USER_NOT_FOUND_OR_INACTIVE']; } @@ -244,7 +244,7 @@ class ucp_zebra else if ($updated) { meta_refresh(3, $this->u_action); - $message = $user->lang[$l_mode . '_UPDATED'] . '<br />' . implode('<br />', $error) . ((sizeof($error)) ? '<br />' : '') . '<br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); + $message = $user->lang[$l_mode . '_UPDATED'] . '<br />' . implode('<br />', $error) . ((count($error)) ? '<br />' : '') . '<br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); trigger_error($message); } else |