aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes
diff options
context:
space:
mode:
authorMeik Sievertsen <acydburn@phpbb.com>2006-04-06 17:15:45 +0000
committerMeik Sievertsen <acydburn@phpbb.com>2006-04-06 17:15:45 +0000
commit431e494ae43257bea251a59ed6b2a4bb20eb7fd4 (patch)
tree66bea58ebc6be0c6a76b5444a73016fd2a97f7ff /phpBB/includes
parent3933f0bab385f7702cd6335842aa42e004b3d195 (diff)
downloadforums-431e494ae43257bea251a59ed6b2a4bb20eb7fd4.tar
forums-431e494ae43257bea251a59ed6b2a4bb20eb7fd4.tar.gz
forums-431e494ae43257bea251a59ed6b2a4bb20eb7fd4.tar.bz2
forums-431e494ae43257bea251a59ed6b2a4bb20eb7fd4.tar.xz
forums-431e494ae43257bea251a59ed6b2a4bb20eb7fd4.zip
To all people having their bug status set to fixed: SF pserver CVS access is currently down, therefore the snapshots are still out of date.
- fix a bunch of bugs - <!-- $Id$ --> is no longer allowed in template (.html) files - changed layout of private message screens (folders are menu items) - removed unread mode for private messages - added new feature to template engine - "jump out of loop" or "loop another loop within my loop" :D (will be documented within the coding guidelines) - added autologin field to sessions - check session length checks - added add_log statement to sessions to track session valid to invalid changes if ip/browser change depending on config settings (only debug) - added multibyte support for various variables (exception at the moment is usernames which needs some discussion) - hopefully not broke something. :/ git-svn-id: file:///svn/phpbb/trunk@5765 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes')
-rw-r--r--phpBB/includes/acm/acm_main.php2
-rw-r--r--phpBB/includes/acp/acp_attachments.php4
-rw-r--r--phpBB/includes/acp/acp_ban.php4
-rw-r--r--phpBB/includes/acp/acp_bots.php2
-rw-r--r--phpBB/includes/acp/acp_email.php12
-rw-r--r--phpBB/includes/acp/acp_groups.php143
-rw-r--r--phpBB/includes/acp/acp_language.php13
-rw-r--r--phpBB/includes/acp/acp_modules.php4
-rw-r--r--phpBB/includes/acp/acp_permission_roles.php4
-rw-r--r--phpBB/includes/acp/acp_profile.php26
-rw-r--r--phpBB/includes/acp/acp_ranks.php2
-rw-r--r--phpBB/includes/acp/acp_reasons.php4
-rw-r--r--phpBB/includes/acp/acp_styles.php4
-rw-r--r--phpBB/includes/acp/acp_users.php6
-rw-r--r--phpBB/includes/acp/acp_words.php4
-rw-r--r--phpBB/includes/acp/auth.php4
-rw-r--r--phpBB/includes/functions_admin.php2
-rw-r--r--phpBB/includes/functions_compress.php2
-rw-r--r--phpBB/includes/functions_display.php14
-rw-r--r--phpBB/includes/functions_posting.php2
-rw-r--r--phpBB/includes/functions_privmsgs.php23
-rw-r--r--phpBB/includes/functions_profile_fields.php4
-rw-r--r--phpBB/includes/functions_template.php18
-rw-r--r--phpBB/includes/functions_upload.php25
-rw-r--r--phpBB/includes/functions_user.php55
-rw-r--r--phpBB/includes/mcp/mcp_ban.php4
-rwxr-xr-xphpBB/includes/mcp/mcp_logs.php8
-rwxr-xr-xphpBB/includes/mcp/mcp_notes.php2
-rw-r--r--phpBB/includes/mcp/mcp_queue.php2
-rw-r--r--phpBB/includes/mcp/mcp_topic.php2
-rwxr-xr-xphpBB/includes/mcp/mcp_warn.php4
-rw-r--r--phpBB/includes/message_parser.php7
-rw-r--r--phpBB/includes/session.php61
-rw-r--r--phpBB/includes/ucp/info/ucp_pm.php3
-rw-r--r--phpBB/includes/ucp/ucp_groups.php34
-rw-r--r--phpBB/includes/ucp/ucp_main.php2
-rw-r--r--phpBB/includes/ucp/ucp_pm.php69
-rw-r--r--phpBB/includes/ucp/ucp_pm_compose.php8
-rw-r--r--phpBB/includes/ucp/ucp_pm_options.php12
-rw-r--r--phpBB/includes/ucp/ucp_pm_viewfolder.php64
-rw-r--r--phpBB/includes/ucp/ucp_profile.php4
-rw-r--r--phpBB/includes/ucp/ucp_register.php1
42 files changed, 357 insertions, 313 deletions
diff --git a/phpBB/includes/acm/acm_main.php b/phpBB/includes/acm/acm_main.php
index 8a492276c7..f1aea8c115 100644
--- a/phpBB/includes/acm/acm_main.php
+++ b/phpBB/includes/acm/acm_main.php
@@ -88,7 +88,7 @@ class cache extends acm
$censors = array();
while ($row = $db->sql_fetchrow($result))
{
- $censors['match'][] = '#\b(' . str_replace('\*', '\w*?', preg_quote($row['word'], '#')) . ')\b#i';
+ $censors['match'][] = '#(?<!\w)(' . str_replace('\*', '\w*?', preg_quote($row['word'], '#')) . ')(?!\w)#i';
$censors['replace'][] = $row['replacement'];
}
$db->sql_freeresult($result);
diff --git a/phpBB/includes/acp/acp_attachments.php b/phpBB/includes/acp/acp_attachments.php
index 0dccf96101..8c2e043602 100644
--- a/phpBB/includes/acp/acp_attachments.php
+++ b/phpBB/includes/acp/acp_attachments.php
@@ -403,7 +403,7 @@ class acp_attachments
$ext_row = array();
}
- $group_name = request_var('group_name', '');
+ $group_name = request_var('group_name', '', true);
$new_group_name = ($action == 'add') ? $group_name : (($ext_row['group_name'] != $group_name) ? $group_name : '');
if (!$group_name)
@@ -572,7 +572,7 @@ class acp_attachments
if ($action == 'add')
{
$ext_group_row = array(
- 'group_name' => request_var('group_name', ''),
+ 'group_name' => request_var('group_name', '', true),
'cat_id' => 0,
'allow_group' => 1,
'allow_in_pm' => 1,
diff --git a/phpBB/includes/acp/acp_ban.php b/phpBB/includes/acp/acp_ban.php
index f43732e603..e101d8514d 100644
--- a/phpBB/includes/acp/acp_ban.php
+++ b/phpBB/includes/acp/acp_ban.php
@@ -37,8 +37,8 @@ class acp_ban
$ban_len = request_var('banlength', 0);
$ban_len_other = request_var('banlengthother', '');
$ban_exclude = request_var('banexclude', 0);
- $ban_reason = request_var('banreason', '');
- $ban_give_reason = request_var('bangivereason', '');
+ $ban_reason = request_var('banreason', '', true);
+ $ban_give_reason = request_var('bangivereason', '', true);
user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reason, $ban_give_reason);
diff --git a/phpBB/includes/acp/acp_bots.php b/phpBB/includes/acp/acp_bots.php
index 720430481b..070ac75bea 100644
--- a/phpBB/includes/acp/acp_bots.php
+++ b/phpBB/includes/acp/acp_bots.php
@@ -112,7 +112,7 @@ class acp_bots
case 'edit':
case 'add':
$bot_row = array(
- 'bot_name' => request_var('bot_name', ''),
+ 'bot_name' => request_var('bot_name', '', true),
'bot_agent' => request_var('bot_agent', ''),
'bot_ip' => request_var('bot_ip', ''),
'bot_active' => request_var('bot_active', true),
diff --git a/phpBB/includes/acp/acp_email.php b/phpBB/includes/acp/acp_email.php
index 395e3ca9ee..1d3149c958 100644
--- a/phpBB/includes/acp/acp_email.php
+++ b/phpBB/includes/acp/acp_email.php
@@ -125,6 +125,7 @@ class acp_email
// Send the messages
include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
+ include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
$messenger = new messenger($use_queue);
$errored = false;
@@ -170,12 +171,7 @@ class acp_email
if ($group_id)
{
- $sql = 'SELECT group_name
- FROM ' . GROUPS_TABLE . "
- WHERE group_id = $group_id";
- $result = $db->sql_query($sql);
- $group_name = (string) $db->sql_fetchfield('group_name');
- $db->sql_freeresult($result);
+ $group_name = get_group_name($group_id);
}
else
{
@@ -218,8 +214,8 @@ class acp_email
'S_GROUP_OPTIONS' => $select_list,
'USERNAMES' => $usernames,
'U_FIND_USERNAME' => $phpbb_root_path . "memberlist.$phpEx$SID&amp;mode=searchuser&amp;form=acp_email&amp;field=usernames",
- 'SUBJECT' => request_var('subject', ''),
- 'MESSAGE' => request_var('message', ''),
+ 'SUBJECT' => request_var('subject', '', true),
+ 'MESSAGE' => request_var('message', '', true),
'S_PRIORITY_OPTIONS' => $s_priority_options)
);
diff --git a/phpBB/includes/acp/acp_groups.php b/phpBB/includes/acp/acp_groups.php
index aad8997395..b5948115cc 100644
--- a/phpBB/includes/acp/acp_groups.php
+++ b/phpBB/includes/acp/acp_groups.php
@@ -315,77 +315,81 @@ class acp_groups
}
}
- // Only set the rank, colour, etc. if it's changed or if we're adding a new
- // group. This prevents existing group members being updated if no changes
- // were made.
-
- $group_attributes = array();
- $test_variables = array('rank', 'colour', 'avatar', 'avatar_type', 'avatar_width', 'avatar_height', 'receive_pm', 'legend', 'message_limit');
- foreach ($test_variables as $test)
+ if (!sizeof($error))
{
- if (isset($submit_ary[$test]) && ($action == 'add' || $group_row['group_' . $test] != $submit_ary[$test]))
+ // Only set the rank, colour, etc. if it's changed or if we're adding a new
+ // group. This prevents existing group members being updated if no changes
+ // were made.
+
+ $group_attributes = array();
+ $test_variables = array('rank', 'colour', 'avatar', 'avatar_type', 'avatar_width', 'avatar_height', 'receive_pm', 'legend', 'message_limit');
+ foreach ($test_variables as $test)
{
- $group_attributes['group_' . $test] = $group_row['group_' . $test] = $submit_ary[$test];
+ if (isset($submit_ary[$test]) && ($action == 'add' || $group_row['group_' . $test] != $submit_ary[$test]))
+ {
+ $group_attributes['group_' . $test] = $group_row['group_' . $test] = $submit_ary[$test];
+ }
}
- }
-
- if (!($error = group_create($group_id, $group_type, $group_name, $group_desc, $group_attributes, $allow_desc_bbcode, $allow_desc_urls, $allow_desc_smilies)))
- {
- $group_perm_from = request_var('group_perm_from', 0);
- // Copy permissions?
- if ($group_perm_from && $action == 'add')
+ if (!($error = group_create($group_id, $group_type, $group_name, $group_desc, $group_attributes, $allow_desc_bbcode, $allow_desc_urls, $allow_desc_smilies)))
{
- // From the mysql documentation:
- // Prior to MySQL 4.0.14, the target table of the INSERT statement cannot appear in the FROM clause of the SELECT part of the query. This limitation is lifted in 4.0.14.
- // Due to this we stay on the safe side if we do the insertion "the manual way"
-
- // Copy permisisons from/to the acl groups table (only group_id gets changed)
- $sql = 'SELECT forum_id, auth_option_id, auth_role_id, auth_setting
- FROM ' . ACL_GROUPS_TABLE . '
- WHERE group_id = ' . $group_perm_from;
- $result = $db->sql_query($sql);
-
- $groups_sql_ary = array();
- while ($row = $db->sql_fetchrow($result))
- {
- $groups_sql_ary[] = array(
- 'group_id' => (int) $group_id,
- 'forum_id' => (int) $row['forum_id'],
- 'auth_option_id' => (int) $row['auth_option_id'],
- 'auth_role_id' => (int) $row['auth_role_id'],
- 'auth_setting' => (int) $row['auth_setting']
- );
- }
- $db->sql_freeresult($result);
+ $group_perm_from = request_var('group_perm_from', 0);
- // Now insert the data
- if (sizeof($groups_sql_ary))
+ // Copy permissions?
+ if ($group_perm_from && $action == 'add')
{
- switch (SQL_LAYER)
+ // From the mysql documentation:
+ // Prior to MySQL 4.0.14, the target table of the INSERT statement cannot appear in the FROM clause of the SELECT part of the query. This limitation is lifted in 4.0.14.
+ // Due to this we stay on the safe side if we do the insertion "the manual way"
+
+ // Copy permisisons from/to the acl groups table (only group_id gets changed)
+ $sql = 'SELECT forum_id, auth_option_id, auth_role_id, auth_setting
+ FROM ' . ACL_GROUPS_TABLE . '
+ WHERE group_id = ' . $group_perm_from;
+ $result = $db->sql_query($sql);
+
+ $groups_sql_ary = array();
+ while ($row = $db->sql_fetchrow($result))
{
- case 'mysql':
- case 'mysql4':
- case 'mysqli':
- $db->sql_query('INSERT INTO ' . ACL_GROUPS_TABLE . ' ' . $db->sql_build_array('MULTI_INSERT', $groups_sql_ary));
- break;
-
- default:
- foreach ($groups_sql_ary as $ary)
- {
- $db->sql_query('INSERT INTO ' . ACL_GROUPS_TABLE . ' ' . $db->sql_build_array('INSERT', $ary));
- }
- break;
+ $groups_sql_ary[] = array(
+ 'group_id' => (int) $group_id,
+ 'forum_id' => (int) $row['forum_id'],
+ 'auth_option_id' => (int) $row['auth_option_id'],
+ 'auth_role_id' => (int) $row['auth_role_id'],
+ 'auth_setting' => (int) $row['auth_setting']
+ );
}
+ $db->sql_freeresult($result);
+
+ // Now insert the data
+ if (sizeof($groups_sql_ary))
+ {
+ switch (SQL_LAYER)
+ {
+ case 'mysql':
+ case 'mysql4':
+ case 'mysqli':
+ $db->sql_query('INSERT INTO ' . ACL_GROUPS_TABLE . ' ' . $db->sql_build_array('MULTI_INSERT', $groups_sql_ary));
+ break;
+
+ default:
+ foreach ($groups_sql_ary as $ary)
+ {
+ $db->sql_query('INSERT INTO ' . ACL_GROUPS_TABLE . ' ' . $db->sql_build_array('INSERT', $ary));
+ }
+ break;
+ }
+ }
+
+ $auth->acl_clear_prefetch();
}
- $auth->acl_clear_prefetch();
+ $message = ($action == 'edit') ? 'GROUP_UPDATED' : 'GROUP_CREATED';
+ trigger_error($user->lang[$message] . adm_back_link($this->u_action));
}
-
- $message = ($action == 'edit') ? 'GROUP_UPDATED' : 'GROUP_CREATED';
- trigger_error($user->lang[$message] . adm_back_link($this->u_action));
}
- else
+
+ if (sizeof($error))
{
$group_rank = $submit_ary['rank'];
@@ -605,20 +609,17 @@ class acp_groups
'U_FIND_USERNAME' => $phpbb_root_path . "memberlist.$phpEx$SID&amp;mode=searchuser&amp;form=list&amp;field=usernames")
);
- if ($group_row['group_type'] != GROUP_SPECIAL)
+ foreach ($group_data['leader'] as $row)
{
- foreach ($group_data['leader'] as $row)
- {
- $template->assign_block_vars('leader', array(
- 'U_USER_EDIT' => $phpbb_admin_path . "index.$phpEx$SID&amp;i=users&amp;action=edit&amp;u={$row['user_id']}",
-
- 'USERNAME' => $row['username'],
- 'S_GROUP_DEFAULT' => ($row['group_id'] == $group_id) ? true : false,
- 'JOINED' => ($row['user_regdate']) ? $user->format_date($row['user_regdate']) : ' - ',
- 'USER_POSTS' => $row['user_posts'],
- 'USER_ID' => $row['user_id'])
- );
- }
+ $template->assign_block_vars('leader', array(
+ 'U_USER_EDIT' => $phpbb_admin_path . "index.$phpEx$SID&amp;i=users&amp;action=edit&amp;u={$row['user_id']}",
+
+ 'USERNAME' => $row['username'],
+ 'S_GROUP_DEFAULT' => ($row['group_id'] == $group_id) ? true : false,
+ 'JOINED' => ($row['user_regdate']) ? $user->format_date($row['user_regdate']) : ' - ',
+ 'USER_POSTS' => $row['user_posts'],
+ 'USER_ID' => $row['user_id'])
+ );
}
$pending = false;
diff --git a/phpBB/includes/acp/acp_language.php b/phpBB/includes/acp/acp_language.php
index 19ac78b301..751ce81bef 100644
--- a/phpBB/includes/acp/acp_language.php
+++ b/phpBB/includes/acp/acp_language.php
@@ -138,7 +138,7 @@ class acp_language
'DATA' => $data,
'NAME' => $user->lang[strtoupper($method . '_' . $data)],
'EXPLAIN' => $user->lang[strtoupper($method . '_' . $data) . '_EXPLAIN'],
- 'DEFAULT' => $_REQUEST[$data] ? request_var($data, '') : $default
+ 'DEFAULT' => (!empty($_REQUEST[$data])) ? request_var($data, '') : $default
));
}
@@ -170,8 +170,8 @@ class acp_language
$sql_ary = array(
'lang_english_name' => request_var('lang_english_name', $row['lang_english_name']),
- 'lang_local_name' => request_var('lang_local_name', $row['lang_local_name']),
- 'lang_author' => request_var('lang_author', $row['lang_author']),
+ 'lang_local_name' => request_var('lang_local_name', $row['lang_local_name'], true),
+ 'lang_author' => request_var('lang_author', $row['lang_author'], true),
);
$db->sql_query('UPDATE ' . LANG_TABLE . '
@@ -238,7 +238,9 @@ class acp_language
if ($this->language_directory == 'email')
{
// Email Template
- fwrite($fp, (STRIP) ? stripslashes($_POST['entry']) : $_POST['entry']);
+ $entry = (STRIP) ? stripslashes($_POST['entry']) : $_POST['entry'];
+ $entry = preg_replace('#&amp;(\#[0-9]+;)#', '&\1', $entry);
+ fwrite($fp, $entry);
}
else
{
@@ -263,6 +265,7 @@ class acp_language
foreach ($value as $_key => $_value)
{
$_value = (STRIP) ? stripslashes($_value) : $_value;
+ $_value = preg_replace('#&amp;(\#[0-9]+;)#', '&\1', $_value);
$entry .= "\t\t" . (int) $_key . "\t=> '" . str_replace("'", "\\'", $_value) . "',\n";
}
@@ -283,6 +286,7 @@ class acp_language
if (!is_array($value))
{
$value = (STRIP) ? stripslashes($value) : $value;
+ $value = preg_replace('#&amp;(\#[0-9]+;)#', '&\1', $value);
$entry = "\t'" . $key . "'\t=> '" . str_replace("'", "\\'", $value) . "',\n";
}
else
@@ -292,6 +296,7 @@ class acp_language
foreach ($value as $_key => $_value)
{
$_value = (STRIP) ? stripslashes($_value) : $_value;
+ $_value = preg_replace('#&amp;(\#[0-9]+;)#', '&\1', $_value);
$entry .= "\t\t'" . $_key . "'\t=> '" . str_replace("'", "\\'", $_value) . "',\n";
}
diff --git a/phpBB/includes/acp/acp_modules.php b/phpBB/includes/acp/acp_modules.php
index 481b6f066c..7e742c8e46 100644
--- a/phpBB/includes/acp/acp_modules.php
+++ b/phpBB/includes/acp/acp_modules.php
@@ -288,7 +288,7 @@ class acp_modules
'module_enabled' => 0,
'module_display' => 1,
'parent_id' => 0,
- 'module_langname' => request_var('module_langname', ''),
+ 'module_langname' => request_var('module_langname', '', true),
'module_mode' => '',
'module_auth' => '',
);
@@ -301,7 +301,7 @@ class acp_modules
$module_data['module_display'] = request_var('module_display', (int) $module_row['module_display']);
$module_data['parent_id'] = request_var('module_parent_id', (int) $module_row['parent_id']);
$module_data['module_class'] = $this->module_class;
- $module_data['module_langname'] = request_var('module_langname', (string) $module_row['module_langname']);
+ $module_data['module_langname'] = request_var('module_langname', (string) $module_row['module_langname'], true);
$module_data['module_mode'] = request_var('module_mode', (string) $module_row['module_mode']);
$submit = (isset($_POST['submit'])) ? true : false;
diff --git a/phpBB/includes/acp/acp_permission_roles.php b/phpBB/includes/acp/acp_permission_roles.php
index 9346d0ae3f..e4c4cafa85 100644
--- a/phpBB/includes/acp/acp_permission_roles.php
+++ b/phpBB/includes/acp/acp_permission_roles.php
@@ -149,7 +149,7 @@ class acp_permission_roles
case 'add':
- $role_name = request_var('role_name', '');
+ $role_name = request_var('role_name', '', true);
$role_group_ids = request_var('role_group_ids', array(0));
$pre_select = request_var('pre_select', 'custom');
$auth_settings = request_var('setting', array('' => 0));
@@ -313,7 +313,7 @@ class acp_permission_roles
$options_from = request_var('options_from', 0);
$role_row = array(
- 'role_name' => request_var('role_name', ''),
+ 'role_name' => request_var('role_name', '', true),
'role_type' => $permission_type,
'role_group_ids' => implode(':', request_var('role_group_ids', array(0))),
);
diff --git a/phpBB/includes/acp/acp_profile.php b/phpBB/includes/acp/acp_profile.php
index 3a14640854..35fef141fd 100644
--- a/phpBB/includes/acp/acp_profile.php
+++ b/phpBB/includes/acp/acp_profile.php
@@ -314,11 +314,11 @@ class acp_profile
}
$cp->vars['field_ident'] = request_var('field_ident', $field_row['field_ident']);
- $cp->vars['lang_name'] = request_var('lang_name', $field_row['lang_name']);
- $cp->vars['lang_explain'] = request_var('lang_explain', $field_row['lang_explain']);
- $cp->vars['lang_default_value'] = request_var('lang_default_value', $field_row['lang_default_value']);
+ $cp->vars['lang_name'] = request_var('lang_name', $field_row['lang_name'], true);
+ $cp->vars['lang_explain'] = request_var('lang_explain', $field_row['lang_explain'], true);
+ $cp->vars['lang_default_value'] = request_var('lang_default_value', $field_row['lang_default_value'], true);
- $options = request_var('lang_options', '');
+ $options = request_var('lang_options', '', true);
// If the user has submitted a form with options (i.e. dropdown field)
if ($options)
@@ -358,14 +358,14 @@ class acp_profile
}
else
{
- $var = request_var($key, $field_row[$key]);
+ $var = request_var($key, $field_row[$key], true);
}
// Manipulate the intended variables a little bit if needed
if ($field_type == FIELD_DROPDOWN && $key == 'field_maxlen')
{
// Get the number of options if this key is 'field_maxlen'
- $var = sizeof(explode("\n", request_var('lang_options', '')));
+ $var = sizeof(explode("\n", request_var('lang_options', '', true)));
}
if ($field_type == FIELD_TEXT && $key == 'field_length')
@@ -450,7 +450,7 @@ class acp_profile
foreach ($exclude[3] as $key)
{
- $cp->vars[$key] = request_var($key, array(0 => ''));
+ $cp->vars[$key] = request_var($key, array(0 => ''), true);
if (!$cp->vars[$key] && $action == 'edit')
{
@@ -526,7 +526,7 @@ class acp_profile
foreach ($key_ary as $key)
{
- $var = isset($_REQUEST[$key]) ? request_var($key, '') : false;
+ $var = isset($_REQUEST[$key]) ? request_var($key, '', true) : false;
if ($var !== false)
{
@@ -846,7 +846,7 @@ class acp_profile
$lang_options[$lang_id]['lang_iso'] = $lang_iso;
foreach ($options as $field => $field_type)
{
- $value = ($action == 'create') ? request_var('l_' . $field, '') : $cp->vars['l_' . $field];
+ $value = ($action == 'create') ? request_var('l_' . $field, '', true) : $cp->vars['l_' . $field];
if ($field == 'lang_options')
{
@@ -1045,10 +1045,10 @@ class acp_profile
}
}
- $cp->vars['l_lang_name'] = request_var('l_lang_name', '');
- $cp->vars['l_lang_explain'] = request_var('l_lang_explain', '');
- $cp->vars['l_lang_default_value'] = request_var('l_lang_default_value', '');
- $cp->vars['l_lang_options'] = request_var('l_lang_options', '');
+ $cp->vars['l_lang_name'] = request_var('l_lang_name', '', true);
+ $cp->vars['l_lang_explain'] = request_var('l_lang_explain', '', true);
+ $cp->vars['l_lang_default_value'] = request_var('l_lang_default_value', '', true);
+ $cp->vars['l_lang_options'] = request_var('l_lang_options', '', true);
if ($cp->vars['lang_options'])
{
diff --git a/phpBB/includes/acp/acp_ranks.php b/phpBB/includes/acp/acp_ranks.php
index 1b9ade9f55..3978ed25ec 100644
--- a/phpBB/includes/acp/acp_ranks.php
+++ b/phpBB/includes/acp/acp_ranks.php
@@ -35,7 +35,7 @@ class acp_ranks
{
case 'save':
- $rank_title = request_var('title', '');
+ $rank_title = request_var('title', '', true);
$special_rank = request_var('special_rank', 0);
$min_posts = ($special_rank) ? -1 : request_var('min_posts', 0);
$rank_image = request_var('rank_image', '');
diff --git a/phpBB/includes/acp/acp_reasons.php b/phpBB/includes/acp/acp_reasons.php
index 2e6f664946..02e06e87f2 100644
--- a/phpBB/includes/acp/acp_reasons.php
+++ b/phpBB/includes/acp/acp_reasons.php
@@ -39,8 +39,8 @@ class acp_reasons
case 'edit':
$reason_row = array(
- 'reason_title' => request_var('reason_title', ''),
- 'reason_description' => request_var('reason_description', '')
+ 'reason_title' => request_var('reason_title', '', true),
+ 'reason_description' => request_var('reason_description', '', true)
);
if ($submit)
diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php
index 0a3529f3f5..5b2a8fdfc9 100644
--- a/phpBB/includes/acp/acp_styles.php
+++ b/phpBB/includes/acp/acp_styles.php
@@ -1113,7 +1113,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
if ($update)
{
$name = request_var('name', '');
- $copyright = request_var('copyright', '');
+ $copyright = request_var('copyright', '', true);
$template_id = request_var('template_id', 0);
$theme_id = request_var('theme_id', 0);
@@ -1598,7 +1598,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
$style_row = array(
$mode . '_name' => request_var('name', ''),
- $mode . '_copyright' => request_var('copyright', ''),
+ $mode . '_copyright' => request_var('copyright', '', true),
'template_id' => 0,
'theme_id' => 0,
'imageset_id' => 0,
diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php
index a90832cd00..1d1c0b78ea 100644
--- a/phpBB/includes/acp/acp_users.php
+++ b/phpBB/includes/acp/acp_users.php
@@ -755,7 +755,7 @@ class acp_users
$deletemark = (isset($_POST['delmarked'])) ? true : false;
$deleteall = (isset($_POST['delall'])) ? true : false;
$marked = request_var('mark', array(0));
- $message = request_var('message', '');
+ $message = request_var('message', '', true);
// Sort keys
$sort_days = request_var('st', 0);
@@ -872,7 +872,7 @@ class acp_users
foreach ($var_ary as $var => $default)
{
- $data[$var] = request_var($var, $default);
+ $data[$var] = (in_array($var, array('location', 'occupation', 'interests')) ? request_var($var, $default, true) : $data[$var] = request_var($var, $default);
}
$var_ary = array(
@@ -1424,7 +1424,7 @@ class acp_users
$enable_bbcode = ($config['allow_sig_bbcode']) ? request_var('enable_bbcode', $this->optionget($user_row, 'bbcode')) : false;
$enable_smilies = ($config['allow_sig_smilies']) ? request_var('enable_smilies', $this->optionget($user_row, 'smilies')) : false;
$enable_urls = request_var('enable_urls', true);
- $signature = request_var('signature', $user_row['user_sig']);
+ $signature = request_var('signature', $user_row['user_sig'], true);
$preview = (isset($_POST['preview'])) ? true : false;
diff --git a/phpBB/includes/acp/acp_words.php b/phpBB/includes/acp/acp_words.php
index fce4757a3c..ef75eedcba 100644
--- a/phpBB/includes/acp/acp_words.php
+++ b/phpBB/includes/acp/acp_words.php
@@ -69,8 +69,8 @@ class acp_words
case 'save':
$word_id = request_var('id', 0);
- $word = request_var('word', '');
- $replacement = request_var('replacement', '');
+ $word = request_var('word', '', true);
+ $replacement = request_var('replacement', '', true);
if (!$word || !$replacement)
{
diff --git a/phpBB/includes/acp/auth.php b/phpBB/includes/acp/auth.php
index ebbb129994..2307d413fa 100644
--- a/phpBB/includes/acp/auth.php
+++ b/phpBB/includes/acp/auth.php
@@ -701,7 +701,7 @@ class auth_admin extends auth
$id_field = $ug_type . '_id';
// Get any flags as required
- list(, $flag) = each(array_keys($auth));
+ $flag = key($auth);
$flag = substr($flag, 0, strpos($flag, '_') + 1);
// This ID (the any-flag) is set if one or more permissions are true...
@@ -831,7 +831,7 @@ class auth_admin extends auth
global $db;
// Get any-flag as required
- list(, $flag) = each(array_keys($auth));
+ $flag = key($auth);
$flag = substr($flag, 0, strpos($flag, '_') + 1);
// Remove any-flag from auth ary
diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php
index 8ac13e25c1..0c259924d6 100644
--- a/phpBB/includes/functions_admin.php
+++ b/phpBB/includes/functions_admin.php
@@ -2254,7 +2254,7 @@ function tidy_warnings()
WHERE warning_id $sql_where";
$db->sql_query($sql);
- foreach($user_list as $user_id => $value)
+ foreach ($user_list as $user_id => $value)
{
$sql = 'UPDATE ' . USERS_TABLE . " SET user_warnings = user_warnings - $value
WHERE user_id = $user_id";
diff --git a/phpBB/includes/functions_compress.php b/phpBB/includes/functions_compress.php
index 55036b130d..2f3db3d343 100644
--- a/phpBB/includes/functions_compress.php
+++ b/phpBB/includes/functions_compress.php
@@ -116,7 +116,7 @@ class compress
*
* Zip extraction function by Alexandre Tedeschi, alexandrebr at gmail dot com
*
-* Modified extensively by psoTFX and DavidMJ, © phpBB Group, 2003
+* Modified extensively by psoTFX and DavidMJ, (c) phpBB Group, 2003
*
* Based on work by Eric Mueller and Denis125
* Official ZIP file format: http://www.pkware.com/appnote.txt
diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php
index 398639034f..9e38d39296 100644
--- a/phpBB/includes/functions_display.php
+++ b/phpBB/includes/functions_display.php
@@ -563,16 +563,18 @@ function get_moderators(&$forum_moderators, $forum_id = false)
/**
* User authorisation levels output
*/
-function gen_forum_auth_level($mode, $forum_id)
+function gen_forum_auth_level($mode, $forum_id, $forum_status)
{
global $SID, $template, $auth, $user;
+ $locked = ($forum_status == ITEM_LOCKED && !$auth->acl_get('m_edit', $forum_id)) ? true : false;
+
$rules = array(
- ($auth->acl_get('f_post', $forum_id)) ? $user->lang['RULES_POST_CAN'] : $user->lang['RULES_POST_CANNOT'],
- ($auth->acl_get('f_reply', $forum_id)) ? $user->lang['RULES_REPLY_CAN'] : $user->lang['RULES_REPLY_CANNOT'],
- ($auth->acl_gets('f_edit', 'm_edit', $forum_id)) ? $user->lang['RULES_EDIT_CAN'] : $user->lang['RULES_EDIT_CANNOT'],
- ($auth->acl_gets('f_delete', 'm_delete', $forum_id)) ? $user->lang['RULES_DELETE_CAN'] : $user->lang['RULES_DELETE_CANNOT'],
- ($auth->acl_get('f_attach', $forum_id) && $auth->acl_get('u_attach', $forum_id)) ? $user->lang['RULES_ATTACH_CAN'] : $user->lang['RULES_ATTACH_CANNOT']
+ ($auth->acl_get('f_post', $forum_id) && !$locked) ? $user->lang['RULES_POST_CAN'] : $user->lang['RULES_POST_CANNOT'],
+ ($auth->acl_get('f_reply', $forum_id) && !$locked) ? $user->lang['RULES_REPLY_CAN'] : $user->lang['RULES_REPLY_CANNOT'],
+ ($auth->acl_gets('f_edit', 'm_edit', $forum_id) && !$locked) ? $user->lang['RULES_EDIT_CAN'] : $user->lang['RULES_EDIT_CANNOT'],
+ ($auth->acl_gets('f_delete', 'm_delete', $forum_id) && !$locked) ? $user->lang['RULES_DELETE_CAN'] : $user->lang['RULES_DELETE_CANNOT'],
+ ($auth->acl_get('f_attach', $forum_id) && $auth->acl_get('u_attach', $forum_id) && !$locked) ? $user->lang['RULES_ATTACH_CAN'] : $user->lang['RULES_ATTACH_CANNOT']
);
foreach ($rules as $rule)
diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php
index ec4ef3bf72..6fa73d10f6 100644
--- a/phpBB/includes/functions_posting.php
+++ b/phpBB/includes/functions_posting.php
@@ -834,7 +834,7 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id
'U_POST_ID' => $row['post_id'],
'U_MINI_POST' => "{$phpbb_root_path}viewtopic.$phpEx$SID&amp;p=" . $row['post_id'] . '#p' . $row['post_id'],
'U_MCP_DETAILS' => ($auth->acl_get('m_', $forum_id)) ? "{$phpbb_root_path}mcp.$phpEx$SID&amp;mode=post_details&amp;p=" . $row['post_id'] : '',
- 'U_QUOTE' => ($show_quote_button && $auth->acl_get('f_quote', $forum_id)) ? 'javascript:addquote(' . $row['post_id'] . ", '" . str_replace("'", "\\'", $poster) . "')" : '')
+ 'U_QUOTE' => ($show_quote_button && $auth->acl_get('f_reply', $forum_id)) ? 'javascript:addquote(' . $row['post_id'] . ", '" . str_replace("'", "\\'", $poster) . "')" : '')
);
unset($rowset[$i]);
}
diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php
index 3442e2fcc6..4104ba23f1 100644
--- a/phpBB/includes/functions_privmsgs.php
+++ b/phpBB/includes/functions_privmsgs.php
@@ -105,6 +105,7 @@ $global_rule_conditions = array(
function get_folder($user_id, $folder_id = false)
{
global $db, $user, $template;
+ global $phpbb_root_path, $phpEx, $SID;
$folder = array();
@@ -163,13 +164,17 @@ function get_folder($user_id, $folder_id = false)
// Define Folder Array for template designers (and for making custom folders usable by the template too)
foreach ($folder as $f_id => $folder_ary)
{
+ $folder_id_name = ($f_id == PRIVMSGS_INBOX) ? 'inbox' : (($f_id == PRIVMSGS_OUTBOX) ? 'outbox' : 'sentbox');
+
$template->assign_block_vars('folder', array(
'FOLDER_ID' => $f_id,
'FOLDER_NAME' => $folder_ary['folder_name'],
'NUM_MESSAGES' => $folder_ary['num_messages'],
'UNREAD_MESSAGES' => $folder_ary['unread_messages'],
- 'S_CUR_FOLDER' => ($f_id == $folder_id) ? true : false,
+ 'U_FOLDER' => ($f_id > 0) ? "{$phpbb_root_path}ucp.$phpEx$SID&amp;i=pm&amp;folder={$f_id}" : "{$phpbb_root_path}ucp.$phpEx$SID&amp;i=pm&amp;folder={$folder_id_name}",
+
+ 'S_CUR_FOLDER' => ($f_id === $folder_id) ? true : false,
'S_UNREAD_MESSAGES' => ($folder_ary['unread_messages']) ? true : false,
'S_CUSTOM_FOLDER' => ($f_id > 0) ? true : false)
);
@@ -716,7 +721,7 @@ function handle_mark_actions($user_id, $mark_action)
AND msg_id IN (" . implode(', ', $msg_ids) . ')';
$db->sql_query($sql);
- break;
+ break;
case 'delete_marked':
@@ -742,13 +747,7 @@ function handle_mark_actions($user_id, $mark_action)
confirm_box(false, 'DELETE_MARKED_PM', build_hidden_fields($s_hidden_fields));
}
- break;
-
- case 'export_as_xml':
- case 'export_as_csv':
- case 'export_as_txt':
- $export_as = str_replace('export_as_', '', $mark_action);
- break;
+ break;
default:
return false;
@@ -976,7 +975,7 @@ function write_pm_addresses($check_ary, $author_id, $plaintext = false)
{
if ($plaintext)
{
- $sql = 'SELECT group_name
+ $sql = 'SELECT group_name, group_type
FROM ' . GROUPS_TABLE . '
WHERE group_id IN (' . implode(', ', $g) . ')';
$result = $db->sql_query($sql);
@@ -985,7 +984,7 @@ function write_pm_addresses($check_ary, $author_id, $plaintext = false)
{
if ($check_type == 'to' || $author_id == $user->data['user_id'] || $row['user_id'] == $user->data['user_id'])
{
- $address[] = $row['group_name'];
+ $address[] = ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name'];
}
}
$db->sql_freeresult($result);
@@ -1455,7 +1454,7 @@ function pm_notification($mode, $author, $recipients, $subject, $message)
'AUTHOR_NAME' => $author,
'USERNAME' => $addr['name'],
- 'U_INBOX' => generate_board_url() . "/ucp.$phpEx?i=pm&mode=unread")
+ 'U_INBOX' => generate_board_url() . "/ucp.$phpEx?i=pm&folder=inbox")
);
$messenger->send($addr['method']);
diff --git a/phpBB/includes/functions_profile_fields.php b/phpBB/includes/functions_profile_fields.php
index 0b87367216..f3f78e625b 100644
--- a/phpBB/includes/functions_profile_fields.php
+++ b/phpBB/includes/functions_profile_fields.php
@@ -454,7 +454,7 @@ class custom_profile
}
else
{
- $value = (isset($_REQUEST[$profile_row['field_ident']])) ? request_var($profile_row['field_ident'], $default_value) : ((!isset($user->profile_fields[str_replace('pf_', '', $profile_row['field_ident'])]) || $preview) ? $default_value : $user->profile_fields[str_replace('pf_', '', $profile_row['field_ident'])]);
+ $value = (isset($_REQUEST[$profile_row['field_ident']])) ? request_var($profile_row['field_ident'], $default_value, true) : ((!isset($user->profile_fields[str_replace('pf_', '', $profile_row['field_ident'])]) || $preview) ? $default_value : $user->profile_fields[str_replace('pf_', '', $profile_row['field_ident'])]);
}
switch ($field_validation)
@@ -715,7 +715,7 @@ class custom_profile
*/
default:
- $var = request_var($var_name, $profile_row['field_default_value']);
+ $var = request_var($var_name, $profile_row['field_default_value'], true);
break;
}
diff --git a/phpBB/includes/functions_template.php b/phpBB/includes/functions_template.php
index f7032d0e3c..6ed8c4c1ab 100644
--- a/phpBB/includes/functions_template.php
+++ b/phpBB/includes/functions_template.php
@@ -255,6 +255,14 @@ class template_compile
*/
function compile_tag_block($tag_args)
{
+ $no_nesting = false;
+
+ if (strpos($tag_args, '!') === 0)
+ {
+ $no_nesting = substr_count($tag_args, '!', 0, strrpos($tag_args, '!') + 1);
+ $tag_args = substr($tag_args, $no_nesting);
+ }
+
// Allow for control of looping (indexes start from zero):
// foo(2) : Will start the loop on the 3rd entry
// foo(-2) : Will start the loop two entries from the end
@@ -305,7 +313,15 @@ class template_compile
// This block is nested.
// Generate a namespace string for this block.
- $namespace = implode('.', $this->template->block_names);
+ if ($no_nesting !== false)
+ {
+ // We need to implode $no_nesting times from the end...
+ $namespace = implode('.', array_slice($this->template->block_names, -$no_nesting));
+ }
+ else
+ {
+ $namespace = implode('.', $this->template->block_names);
+ }
// Get a reference to the data array for this block that depends on the
// current indices of all parent blocks.
diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php
index ca2ef1517f..a9e08ec1e9 100644
--- a/phpBB/includes/functions_upload.php
+++ b/phpBB/includes/functions_upload.php
@@ -524,7 +524,7 @@ class fileupload
$url = parse_url($upload_url);
$host = $url['host'];
- $path = dirname($url['path']);
+ $path = $url['path'];
$port = (!empty($url['port'])) ? (int) $url['port'] : 80;
$upload_ary['type'] = 'application/octet-stream';
@@ -543,7 +543,7 @@ class fileupload
return $file;
}
- fputs($fsock, 'GET /' . $filename . " HTTP/1.1\r\n");
+ fputs($fsock, 'GET /' . $path . " HTTP/1.1\r\n");
fputs($fsock, "HOST: " . $host . "\r\n");
fputs($fsock, "Connection: close\r\n\r\n");
@@ -569,6 +569,11 @@ class fileupload
{
$upload_ary['type'] = rtrim(str_replace('Content-Type: ', '', $line));
}
+ else if (strpos($line, 'HTTP/1.1 404 Not Found') !== false)
+ {
+ $file = new fileerror($user->lang[$this->error_prefix . 'URL_NOT_FOUND']);
+ return $file;
+ }
}
}
}
@@ -609,10 +614,15 @@ class fileupload
{
case 1:
$error = (@ini_get('upload_max_filesize') == '') ? $user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : sprintf($user->lang[$this->error_prefix . 'PHP_SIZE_OVERRUN'], @ini_get('upload_max_filesize'));
- break;
+ break;
+
case 2:
- $error = sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $this->max_filesize);
- break;
+ $size_lang = ($this->max_filesize >= 1048576) ? $user->lang['MB'] : (($this->max_filesize >= 1024) ? $user->lang['KB'] : $user->lang['BYTES'] );
+ $max_filesize = ($this->max_filesize >= 1048576) ? round($this->max_filesize / 1048576 * 100) / 100 : (($this->max_filesize >= 1024) ? round($this->max_filesize / 1024 * 100) / 100 : $this->max_filesize);
+
+ $error = sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize, $size_lang);
+ break;
+
case 3:
$error = 'The uploaded file was only partially uploaded';
break;
@@ -637,7 +647,10 @@ class fileupload
// Filesize is too big or it's 0 if it was larger than the maxsize in the upload form
if ($this->max_filesize && ($file->get('filesize') > $this->max_filesize || $file->get('filesize') == 0))
{
- $file->error[] = sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $this->max_filesize);
+ $size_lang = ($this->max_filesize >= 1048576) ? $user->lang['MB'] : (($this->max_filesize >= 1024) ? $user->lang['KB'] : $user->lang['BYTES'] );
+ $max_filesize = ($this->max_filesize >= 1048576) ? round($this->max_filesize / 1048576 * 100) / 100 : (($this->max_filesize >= 1024) ? round($this->max_filesize / 1024 * 100) / 100 : $this->max_filesize);
+
+ $file->error[] = sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize, $size_lang);
}
// check Filename
diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php
index 0b0adbcee5..4795348189 100644
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@@ -1253,12 +1253,7 @@ function group_delete($group_id, $group_name = false)
if (!$group_name)
{
- $sql = 'SELECT group_name
- FROM ' . GROUPS_TABLE . "
- WHERE group_id = $group_id";
- $result = $db->sql_query($sql);
- $group_name = (string) $db->sql_fetchfield('group_name');
- $db->sql_freeresult($result);
+ $group_name = get_group_name($group_id);
}
$start = 0;
@@ -1403,17 +1398,7 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false,
if (!$group_name)
{
- $sql = 'SELECT group_name
- FROM ' . GROUPS_TABLE . "
- WHERE group_id = $group_id";
- $result = $db->sql_query($sql);
-
- if (!extract($db->sql_fetchrow($result)))
- {
- trigger_error("Could not obtain name of group $group_id", E_USER_ERROR);
- }
-
- $db->sql_freeresult($result);
+ $group_name = get_group_name($group_id);
}
$log = ($leader) ? 'LOG_MODS_ADDED' : 'LOG_USERS_ADDED';
@@ -1526,12 +1511,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false,
if (!$group_name)
{
- $sql = 'SELECT group_name
- FROM ' . GROUPS_TABLE . "
- WHERE group_id = $group_id";
- $result = $db->sql_query($sql);
- $group_name = (string) $db->sql_fetchfield('group_name');
- $db->sql_freeresult($result);
+ $group_name = get_group_name($group_id);
}
$log = 'LOG_GROUP_REMOVE';
@@ -1590,12 +1570,7 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna
if (!$group_name)
{
- $sql = 'SELECT group_name
- FROM ' . GROUPS_TABLE . "
- WHERE group_id = $group_id";
- $result = $db->sql_query($sql);
- $group_name = (string) $db->sql_fetchfield('group_name');
- $db->sql_freeresult($result);
+ $group_name = get_group_name($group_id);
}
add_log('admin', $log, $group_name, implode(', ', $username_ary));
@@ -1654,6 +1629,28 @@ function group_set_user_default($group_id, $user_id_ary, $group_attributes = fal
}
/**
+* Get group name
+*/
+function get_group_name($group_id)
+{
+ global $db, $user;
+
+ $sql = 'SELECT group_name, group_type
+ FROM ' . GROUPS_TABLE . '
+ WHERE group_id = ' . (int) $group_id;
+ $result = $db->sql_query($sql);
+ $row = $db->sql_fetchrow($result);
+ $db->sql_freeresult($result);
+
+ if (!$row)
+ {
+ return '';
+ }
+
+ return ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name'];
+}
+
+/**
* Obtain either the members of a specified group, the groups the specified user is subscribed to
* or checking if a specified user is in a specified group
*
diff --git a/phpBB/includes/mcp/mcp_ban.php b/phpBB/includes/mcp/mcp_ban.php
index ab13cce136..b79bbe00d7 100644
--- a/phpBB/includes/mcp/mcp_ban.php
+++ b/phpBB/includes/mcp/mcp_ban.php
@@ -40,8 +40,8 @@ class mcp_ban
$ban_len = request_var('banlength', 0);
$ban_len_other = request_var('banlengthother', '');
$ban_exclude = request_var('banexclude', 0);
- $ban_reason = request_var('banreason', '');
- $ban_give_reason = request_var('bangivereason', '');
+ $ban_reason = request_var('banreason', '', true);
+ $ban_give_reason = request_var('bangivereason', '', true);
user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reason, $ban_give_reason);
diff --git a/phpBB/includes/mcp/mcp_logs.php b/phpBB/includes/mcp/mcp_logs.php
index cc4e931970..fe314eaac0 100755
--- a/phpBB/includes/mcp/mcp_logs.php
+++ b/phpBB/includes/mcp/mcp_logs.php
@@ -34,12 +34,12 @@ class mcp_logs
{
list($action, ) = each($action);
}
+ else
+ {
+ $action = request_var('action', '');
+ }
// Set up general vars
-
- // Isn't this set above? :o
- $action = request_var('action', '');
-
$start = request_var('start', 0);
$deletemark = (isset($_POST['del_marked'])) ? true : false;
$deleteall = (isset($_POST['del_all'])) ? true : false;
diff --git a/phpBB/includes/mcp/mcp_notes.php b/phpBB/includes/mcp/mcp_notes.php
index 9a7419d0b4..c1620f778e 100755
--- a/phpBB/includes/mcp/mcp_notes.php
+++ b/phpBB/includes/mcp/mcp_notes.php
@@ -86,7 +86,7 @@ function mcp_notes_user_view($id, $mode, $action)
$deletemark = ($action == 'del_marked') ? true : false;
$deleteall = ($action == 'del_all') ? true : false;
$marked = request_var('marknote', array(0));
- $usernote = request_var('usernote', '');
+ $usernote = request_var('usernote', '', true);
// Handle any actions
if (($deletemark || $deleteall) && $auth->acl_get('a_clearlogs'))
diff --git a/phpBB/includes/mcp/mcp_queue.php b/phpBB/includes/mcp/mcp_queue.php
index 75052c4360..8e592d3ce8 100644
--- a/phpBB/includes/mcp/mcp_queue.php
+++ b/phpBB/includes/mcp/mcp_queue.php
@@ -535,7 +535,7 @@ function disapprove_post($post_id_list, $mode)
}
$redirect = request_var('redirect', $user->data['session_page']);
- $reason = request_var('reason', '');
+ $reason = request_var('reason', '', true);
$reason_id = request_var('reason_id', 0);
$success_msg = $additional_msg = '';
diff --git a/phpBB/includes/mcp/mcp_topic.php b/phpBB/includes/mcp/mcp_topic.php
index a4bbca6e3b..b6a9bebd83 100644
--- a/phpBB/includes/mcp/mcp_topic.php
+++ b/phpBB/includes/mcp/mcp_topic.php
@@ -32,7 +32,7 @@ function mcp_topic_view($id, $mode, $action)
// Set up some vars
$icon_id = request_var('icon', 0);
- $subject = request_var('subject', '');
+ $subject = request_var('subject', '', true);
$start = request_var('start', 0);
$to_topic_id = request_var('to_topic_id', 0);
$to_forum_id = request_var('to_forum_id', 0);
diff --git a/phpBB/includes/mcp/mcp_warn.php b/phpBB/includes/mcp/mcp_warn.php
index 10491b3528..6b6e809930 100755
--- a/phpBB/includes/mcp/mcp_warn.php
+++ b/phpBB/includes/mcp/mcp_warn.php
@@ -188,7 +188,7 @@ function mcp_warn_post_view($id, $mode, $action)
$post_id = request_var('p', 0);
$notify = (isset($_REQUEST['notify_user'])) ? true : false;
- $warning = request_var('warning', '');
+ $warning = request_var('warning', '', true);
$sql = 'SELECT u.*, p.* FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . " u
WHERE post_id = $post_id
@@ -302,7 +302,7 @@ function mcp_warn_user_view($id, $mode, $action)
$user_id = request_var('u', 0);
$username = request_var('username', '');
$notify = (isset($_REQUEST['notify_user'])) ? true : false;
- $warning = request_var('warning', '');
+ $warning = request_var('warning', '', true);
$sql_where = ($user_id) ? "user_id = $user_id" : "username = '" . $db->sql_escape($username) . "'";
diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php
index 9101b5ee87..9e86678580 100644
--- a/phpBB/includes/message_parser.php
+++ b/phpBB/includes/message_parser.php
@@ -1062,12 +1062,7 @@ class parse_message extends bbcode_firstpass
{
if ($edit_comment)
{
- $actual_comment_list = request_var('comment_list', array(''));
-
- foreach ($actual_comment_list as $index => $entry)
- {
- $this->attachment_data[$index]['comment'] = preg_replace('#&amp;(\#[0-9]+;)#', '&\1', $entry);
- }
+ $actual_comment_list = request_var('comment_list', array(''), true);
}
if (($add_file || $preview) && $upload_file)
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php
index 8568d8f6db..4c08d0ce5b 100644
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@@ -177,22 +177,46 @@ class session
$s_browser = ($config['browser_check']) ? substr($this->data['session_browser'], 0, 149) : '';
$u_browser = ($config['browser_check']) ? substr($this->browser, 0, 149) : '';
- if ($u_ip == $s_ip && $s_browser == $u_browser)
+ if ($u_ip === $s_ip && $s_browser === $u_browser)
{
- // Only update session DB a minute or so after last update or if page changes
- if ($this->time_now - $this->data['session_time'] > 60 || $this->data['session_page'] != $this->page['page'])
+ $session_expired = false;
+
+ // Check the session length timeframe if autologin is not enabled.
+ // Else check the autologin length... and also removing those having autologin enabled but no longer allowed board-wide.
+ if (!$this->data['session_autologin'])
{
- $sql = 'UPDATE ' . SESSIONS_TABLE . "
- SET session_time = $this->time_now, session_page = '" . $db->sql_escape(substr($this->page['page'], 0, 199)) . "'
- WHERE session_id = '" . $db->sql_escape($this->session_id) . "'";
- $db->sql_query($sql);
+ if ($this->data['session_time'] < $this->time_now - ($config['session_length'] + 60))
+ {
+ $session_expired = true;
+ }
}
-
- // Ultimately to be removed
- $this->data['is_registered'] = ($this->data['user_id'] != ANONYMOUS && ($this->data['user_type'] == USER_NORMAL || $this->data['user_type'] == USER_FOUNDER)) ? true : false;
- $this->data['is_bot'] = (!$this->data['is_registered'] && $this->data['user_id'] != ANONYMOUS) ? true : false;
-
- return true;
+ else if (!$config['allow_autologin'] || ($config['max_autologin_time'] && $this->data['session_time'] < $this->time_now - (86400 * (int) $config['max_autologin_time']) + 60))
+ {
+ $session_expired = true;
+ }
+
+ if (!$session_expired)
+ {
+ // Only update session DB a minute or so after last update or if page changes
+ if ($this->time_now - $this->data['session_time'] > 60 || $this->data['session_page'] != $this->page['page'])
+ {
+ $sql = 'UPDATE ' . SESSIONS_TABLE . "
+ SET session_time = $this->time_now, session_page = '" . $db->sql_escape(substr($this->page['page'], 0, 199)) . "'
+ WHERE session_id = '" . $db->sql_escape($this->session_id) . "'";
+ $db->sql_query($sql);
+ }
+
+ // Ultimately to be removed
+ $this->data['is_registered'] = ($this->data['user_id'] != ANONYMOUS && ($this->data['user_type'] == USER_NORMAL || $this->data['user_type'] == USER_FOUNDER)) ? true : false;
+ $this->data['is_bot'] = (!$this->data['is_registered'] && $this->data['user_id'] != ANONYMOUS) ? true : false;
+
+ return true;
+ }
+ }
+ else
+ {
+ // Added logging temporarly to help debug bugs...
+ add_log('critical', 'LOG_IP_BROWSER_CHECK', $u_ip, $s_ip, $u_browser, $s_browser);
}
}
}
@@ -356,7 +380,7 @@ class session
}
else
{
- $this->data['session_last_visit'] = time();
+ $this->data['session_last_visit'] = $this->time_now;
}
// At this stage we should have a filled data array, defined cookie u and k data.
@@ -376,7 +400,10 @@ class session
$this->data['is_bot'] = ($bot) ? true : false;
//
//
-
+
+ // @todo Change this ... check for "... && user_type & USER_NORMAL" ?
+ $session_autologin = (($this->cookie_data['k'] || $persist_login) && $this->data['is_registered']) ? true : false;
+
// Create or update the session
$sql_ary = array(
'session_user_id' => (int) $this->data['user_id'],
@@ -386,6 +413,7 @@ class session
'session_browser' => (string) $this->browser,
'session_page' => (string) substr($this->page['page'], 0, 199),
'session_ip' => (string) $this->ip,
+ 'session_autologin' => ($session_autologin) ? 1 : 0,
'session_admin' => ($set_admin) ? 1 : 0,
'session_viewonline' => ($viewonline) ? 1 : 0,
);
@@ -423,8 +451,7 @@ class session
$db->sql_return_on_error(false);
// Regenerate autologin/persistent login key
- // @todo Change this ... check for "... && user_type & USER_NORMAL" ?
- if (($this->cookie_data['k'] || $persist_login) && $this->data['user_id'] != ANONYMOUS)
+ if ($session_autologin)
{
$this->set_login_key();
}
diff --git a/phpBB/includes/ucp/info/ucp_pm.php b/phpBB/includes/ucp/info/ucp_pm.php
index 5170f08d34..f1bc4776c8 100644
--- a/phpBB/includes/ucp/info/ucp_pm.php
+++ b/phpBB/includes/ucp/info/ucp_pm.php
@@ -19,9 +19,8 @@ class ucp_pm_info
'title' => 'UCP_PM',
'version' => '1.0.0',
'modes' => array(
- 'view' => array('title' => 'UCP_PM_VIEW', 'auth' => 'cfg_allow_privmsg'),
+ 'view' => array('title' => 'UCP_PM_VIEW', 'auth' => 'cfg_allow_privmsg', 'display' => false),
'compose' => array('title' => 'UCP_PM_COMPOSE', 'auth' => 'cfg_allow_privmsg'),
- 'unread' => array('title' => 'UCP_PM_UNREAD', 'auth' => 'cfg_allow_privmsg'),
'drafts' => array('title' => 'UCP_PM_DRAFTS', 'auth' => 'cfg_allow_privmsg'),
'options' => array('title' => 'UCP_PM_OPTIONS', 'auth' => 'cfg_allow_privmsg'),
'popup' => array('title' => 'UCP_PM_POPUP_TITLE', 'auth' => 'cfg_allow_privmsg', 'display' => false),
diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php
index 21824e7aef..14dd4fc157 100644
--- a/phpBB/includes/ucp/ucp_groups.php
+++ b/phpBB/includes/ucp/ucp_groups.php
@@ -486,26 +486,30 @@ class ucp_groups
}
}
- // Only set the rank, colour, etc. if it's changed or if we're adding a new
- // group. This prevents existing group members being updated if no changes
- // were made.
-
- $group_attributes = array();
- $test_variables = array('rank', 'colour', 'avatar', 'avatar_type', 'avatar_width', 'avatar_height');
- foreach ($test_variables as $test)
+ if (!sizeof($error))
{
- if ($action == 'add' || (isset($submit_ary[$test]) && $group_row['group_' . $test] != $submit_ary[$test]))
+ // Only set the rank, colour, etc. if it's changed or if we're adding a new
+ // group. This prevents existing group members being updated if no changes
+ // were made.
+
+ $group_attributes = array();
+ $test_variables = array('rank', 'colour', 'avatar', 'avatar_type', 'avatar_width', 'avatar_height');
+ foreach ($test_variables as $test)
{
- $group_attributes['group_' . $test] = $group_row['group_' . $test] = $submit_ary[$test];
+ if ($action == 'add' || (isset($submit_ary[$test]) && $group_row['group_' . $test] != $submit_ary[$test]))
+ {
+ $group_attributes['group_' . $test] = $group_row['group_' . $test] = $submit_ary[$test];
+ }
}
- }
- if (!($error = group_create($group_id, $group_type, $group_name, $group_desc, $group_attributes, $allow_desc_bbcode, $allow_desc_urls, $allow_desc_smilies)))
- {
- $message = ($action == 'edit') ? 'GROUP_UPDATED' : 'GROUP_CREATED';
- trigger_error($user->lang[$message] . $return_page);
+ if (!($error = group_create($group_id, $group_type, $group_name, $group_desc, $group_attributes, $allow_desc_bbcode, $allow_desc_urls, $allow_desc_smilies)))
+ {
+ $message = ($action == 'edit') ? 'GROUP_UPDATED' : 'GROUP_CREATED';
+ trigger_error($user->lang[$message] . $return_page);
+ }
}
- else
+
+ if (sizeof($error))
{
$group_rank = $submit_ary['rank'];
diff --git a/phpBB/includes/ucp/ucp_main.php b/phpBB/includes/ucp/ucp_main.php
index 77d855cda9..cedb1ef091 100644
--- a/phpBB/includes/ucp/ucp_main.php
+++ b/phpBB/includes/ucp/ucp_main.php
@@ -543,7 +543,7 @@ class ucp_main
// Get folder img, topic status/type related informations
$folder_img = $folder_alt = $topic_type = '';
- $unread_topic = false; // TODO: get proper unread status
+ $unread_topic = false;
topic_status($row, $replies, $unread_topic, $folder_img, $folder_alt, $topic_type);
$view_topic_url = "viewtopic.$phpEx$SID&amp;f=$forum_id&amp;t=$topic_id";
diff --git a/phpBB/includes/ucp/ucp_pm.php b/phpBB/includes/ucp/ucp_pm.php
index 83e711fea9..e6fe312dba 100644
--- a/phpBB/includes/ucp/ucp_pm.php
+++ b/phpBB/includes/ucp/ucp_pm.php
@@ -16,7 +16,6 @@
* @param inbox|outbox|sentbox display folder with the associated name
*
*
-* Display Unread Messages - mode=unread
* Display Messages (default to inbox) - mode=view
* Display single message - mode=view&p=[msg_id] or &p=[msg_id] (short linkage)
*
@@ -101,7 +100,7 @@ class ucp_pm
);
$tpl_file = 'ucp_pm_popup';
- break;
+ break;
// Compose message
case 'compose':
@@ -118,7 +117,7 @@ class ucp_pm
compose_pm($id, $mode, $action);
$tpl_file = 'posting_body';
- break;
+ break;
case 'options':
$sql = 'SELECT group_message_limit
@@ -136,7 +135,7 @@ class ucp_pm
message_options($id, $mode, $global_privmsgs_rules, $global_rule_conditions);
$tpl_file = 'ucp_pm_options';
- break;
+ break;
case 'drafts':
@@ -155,7 +154,6 @@ class ucp_pm
break;
- case 'unread':
case 'view':
$sql = 'SELECT group_message_limit
@@ -181,7 +179,7 @@ class ucp_pm
$msg_id = request_var('p', 0);
$view = request_var('view', '');
-// if ($msg_id && $action == 'view_folder')
+ // View message if specified
if ($msg_id)
{
$action = 'view_message';
@@ -200,12 +198,23 @@ class ucp_pm
// First Handle Mark actions and moving messages
+ $submit_mark = (isset($_POST['submit_mark'])) ? true : false;
+ $move_pm = (isset($_POST['move_pm'])) ? true : false;
+ $mark_option = request_var('mark_option', '');
+ $dest_folder = request_var('dest_folder', PRIVMSGS_NO_BOX);
+
+ // Is moving PM triggered through mark options?
+ if (!in_array($mark_option, array('mark_important', 'delete_marked')) && $submit_mark)
+ {
+ $move_pm = true;
+ $dest_folder = (int) $mark_option;
+ $submit_mark = false;
+ }
// Move PM
- if (isset($_REQUEST['move_pm']))
+ if ($move_pm)
{
$move_msg_ids = (isset($_POST['marked_msg_id'])) ? array_map('intval', $_POST['marked_msg_id']) : array();
- $dest_folder = request_var('dest_folder', PRIVMSGS_NO_BOX);
$cur_folder_id = request_var('cur_folder_id', PRIVMSGS_NO_BOX);
if (move_pm($user->data['user_id'], $user->data['message_limit'], $move_msg_ids, $dest_folder, $cur_folder_id))
@@ -221,9 +230,9 @@ class ucp_pm
}
// Message Mark Options
- if (isset($_REQUEST['submit_mark']))
+ if ($submit_mark)
{
- handle_mark_actions($user->data['user_id'], request_var('mark_option', ''));
+ handle_mark_actions($user->data['user_id'], $mark_option);
}
// If new messages arrived, place them into the appropiate folder
@@ -234,7 +243,7 @@ class ucp_pm
$num_not_moved = $user->data['user_new_privmsg'];
}
- if (!$msg_id && $folder_id == PRIVMSGS_NO_BOX && $mode != 'unread')
+ if (!$msg_id && $folder_id == PRIVMSGS_NO_BOX)
{
$folder_id = PRIVMSGS_INBOX;
}
@@ -244,8 +253,11 @@ class ucp_pm
FROM ' . PRIVMSGS_TO_TABLE . "
WHERE msg_id = $msg_id
AND user_id = " . $user->data['user_id'];
- $result = $db->sql_query_limit($sql, 1);
- if (!($row = $db->sql_fetchrow($result)))
+ $result = $db->sql_query($sql);
+ $row = $db->sql_fetchrow($result);
+ $db->sql_freeresult($result);
+
+ if (!$row)
{
trigger_error('NO_MESSAGE');
}
@@ -256,7 +268,6 @@ class ucp_pm
if ($action == 'view_message' && $msg_id)
{
// Get Message user want to see
-
if ($view == 'next' || $view == 'previous')
{
$sql_condition = ($view == 'next') ? '>' : '<';
@@ -271,8 +282,10 @@ class ucp_pm
AND p.message_time $sql_condition p2.message_time
ORDER BY p.message_time $sql_ordering";
$result = $db->sql_query_limit($sql, 1);
+ $row = $db->sql_fetchrow($result);
+ $db->sql_freeresult($result);
- if (!($row = $db->sql_fetchrow($result)))
+ if (!$row)
{
$message = ($view == 'next') ? 'NO_NEWER_PM' : 'NO_OLDER_PM';
trigger_error($message);
@@ -290,9 +303,11 @@ class ucp_pm
AND t.folder_id = $folder_id
AND t.msg_id = p.msg_id
AND p.msg_id = $msg_id";
- $result = $db->sql_query_limit($sql, 1);
+ $result = $db->sql_query($sql);
+ $message_row = $db->sql_fetchrow($result);
+ $db->sql_freeresult($result);
- if (!($message_row = $db->sql_fetchrow($result)))
+ if (!$message_row)
{
trigger_error('NO_MESSAGE');
}
@@ -306,7 +321,7 @@ class ucp_pm
$s_folder_options = $s_to_folder_options = '';
foreach ($folder as $f_id => $folder_ary)
{
- $option = '<option' . ((!in_array($f_id, array(PRIVMSGS_INBOX, PRIVMSGS_OUTBOX, PRIVMSGS_SENTBOX))) ? ' class="blue"' : '') . ' value="' . $f_id . '"' . ((($f_id == $folder_id && $mode != 'unread') || ($f_id === 'unread' && $mode == 'unread')) ? ' selected="selected"' : '') . '>' . $folder_ary['folder_name'] . (($folder_ary['unread_messages']) ? ' [' . $folder_ary['unread_messages'] . '] ' : '') . '</option>';
+ $option = '<option' . ((!in_array($f_id, array(PRIVMSGS_INBOX, PRIVMSGS_OUTBOX, PRIVMSGS_SENTBOX))) ? ' class="blue"' : '') . ' value="' . $f_id . '"' . (($f_id == $folder_id) ? ' selected="selected"' : '') . '>' . $folder_ary['folder_name'] . (($folder_ary['unread_messages']) ? ' [' . $folder_ary['unread_messages'] . '] ' : '') . '</option>';
$s_to_folder_options .= ($f_id != PRIVMSGS_OUTBOX && $f_id != PRIVMSGS_SENTBOX) ? $option : '';
$s_folder_options .= $option;
@@ -338,25 +353,25 @@ class ucp_pm
'S_IN_OUTBOX' => ($folder_id == PRIVMSGS_OUTBOX) ? true : false,
'S_IN_SENTBOX' => ($folder_id == PRIVMSGS_SENTBOX) ? true : false,
- 'FOLDER_STATUS' => $folder_status['message'],
- 'FOLDER_MAX_MESSAGES' => $folder_status['max'],
- 'FOLDER_CUR_MESSAGES' => $folder_status['cur'],
+ 'FOLDER_STATUS' => $folder_status['message'],
+ 'FOLDER_MAX_MESSAGES' => $folder_status['max'],
+ 'FOLDER_CUR_MESSAGES' => $folder_status['cur'],
'FOLDER_REMAINING_MESSAGES' => $folder_status['remaining'],
- 'FOLDER_PERCENT' => $folder_status['percent'])
+ 'FOLDER_PERCENT' => $folder_status['percent'])
);
- if ($mode == 'unread' || $action == 'view_folder')
+ if ($action == 'view_folder')
{
include($phpbb_root_path . 'includes/ucp/ucp_pm_viewfolder.'.$phpEx);
- view_folder($id, $mode, $folder_id, $folder, (($mode == 'unread') ? 'unread' : 'folder'));
+ view_folder($id, $mode, $folder_id, $folder);
$tpl_file = 'ucp_pm_viewfolder';
}
else if ($action == 'view_message')
{
$template->assign_vars(array(
- 'S_VIEW_MESSAGE'=> true,
- 'MSG_ID' => $msg_id)
+ 'S_VIEW_MESSAGE' => true,
+ 'MSG_ID' => $msg_id)
);
if (!$msg_id)
@@ -370,7 +385,7 @@ class ucp_pm
$tpl_file = ($view == 'print') ? 'ucp_pm_viewmessage_print' : 'ucp_pm_viewmessage';
}
- break;
+ break;
default:
trigger_error('NO_ACTION_MODE');
diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php
index fcdeb65541..4fca6cec0b 100644
--- a/phpBB/includes/ucp/ucp_pm_compose.php
+++ b/phpBB/includes/ucp/ucp_pm_compose.php
@@ -413,16 +413,14 @@ function compose_pm($id, $mode, $action)
if ($submit || $preview || $refresh)
{
- $subject = request_var('subject', '');
+ $subject = request_var('subject', '', true);
if (strcmp($subject, strtoupper($subject)) == 0 && $subject)
{
$subject = strtolower($subject);
}
- $subject = preg_replace('#&amp;(\#[0-9]+;)#', '&\1', $subject);
- $message_parser->message = (isset($_POST['message'])) ? htmlspecialchars(str_replace(array('\\\'', '\\"', '\\0', '\\\\'), array('\'', '"', '\0', '\\'), $_POST['message'])) : '';
- $message_parser->message = preg_replace('#&amp;(\#[0-9]+;)#', '&\1', $message_parser->message);
+ $message_parser->message = request_var('message', '', true);
$icon_id = request_var('icon', 0);
@@ -502,7 +500,7 @@ function compose_pm($id, $mode, $action)
unset($message_parser);
// ((!$message_subject) ? $subject : $message_subject)
- $msg_id = submit_pm($action, $subject, $pm_data, $update_message);
+ $msg_id = submit_pm($action, $subject, $pm_data, true);
$return_message_url = "{$phpbb_root_path}ucp.$phpEx$SID&amp;i=pm&amp;mode=view&amp;p=" . $msg_id;
$return_folder_url = "{$phpbb_root_path}ucp.$phpEx$SID&amp;i=pm&amp;folder=outbox";
diff --git a/phpBB/includes/ucp/ucp_pm_options.php b/phpBB/includes/ucp/ucp_pm_options.php
index b3f6b02bbe..d4399b5b63 100644
--- a/phpBB/includes/ucp/ucp_pm_options.php
+++ b/phpBB/includes/ucp/ucp_pm_options.php
@@ -56,7 +56,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit
// Add Folder
if (isset($_POST['addfolder']))
{
- $folder_name = request_var('foldername', '');
+ $folder_name = request_var('foldername', '', true);
if ($folder_name)
{
@@ -97,7 +97,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit
// Rename folder
if (isset($_POST['rename_folder']))
{
- $new_folder_name = request_var('new_folder_name', '');
+ $new_folder_name = request_var('new_folder_name', '', true);
$rename_folder_id= request_var('rename_folder_id', 0);
if (!$new_folder_name)
@@ -240,7 +240,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit
$rule_option = request_var('rule_option', 0);
$cond_option = request_var('cond_option', '');
$action_option = explode('|', request_var('action_option', ''));
- $rule_string = ($cond_option != 'none') ? request_var('rule_string', '') : '';
+ $rule_string = ($cond_option != 'none') ? request_var('rule_string', '', true) : '';
$rule_user_id = ($cond_option != 'none') ? request_var('rule_user_id', 0) : 0;
$rule_group_id = ($cond_option != 'none') ? request_var('rule_group_id', 0) : 0;
@@ -620,7 +620,7 @@ function define_cond_option($hardcoded, $cond_option, $rule_option, $global_rule
switch ($condition)
{
case 'text':
- $rule_string = request_var('rule_string', '');
+ $rule_string = request_var('rule_string', '', true);
$template->assign_vars(array(
'S_TEXT_CONDITION' => true,
@@ -634,7 +634,7 @@ function define_cond_option($hardcoded, $cond_option, $rule_option, $global_rule
case 'user':
$rule_user_id = request_var('rule_user_id', 0);
- $rule_string = request_var('rule_string', '');
+ $rule_string = request_var('rule_string', '', true);
if ($rule_string && !$rule_user_id)
{
@@ -677,7 +677,7 @@ function define_cond_option($hardcoded, $cond_option, $rule_option, $global_rule
case 'group':
$rule_group_id = request_var('rule_group_id', 0);
- $rule_string = request_var('rule_string', '');
+ $rule_string = request_var('rule_string', '', true);
$sql_and = ($auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel')) ? '<> ' . GROUP_SPECIAL : 'NOT IN (' . GROUP_SPECIAL . ', ' . GROUP_HIDDEN . ')';
$sql = 'SELECT group_id, group_name, group_type
diff --git a/phpBB/includes/ucp/ucp_pm_viewfolder.php b/phpBB/includes/ucp/ucp_pm_viewfolder.php
index f54c62bb2e..98b9a439e2 100644
--- a/phpBB/includes/ucp/ucp_pm_viewfolder.php
+++ b/phpBB/includes/ucp/ucp_pm_viewfolder.php
@@ -12,14 +12,14 @@
* View message folder
* Called from ucp_pm with mode == 'view' && action == 'view_folder'
*/
-function view_folder($id, $mode, $folder_id, $folder, $type)
+function view_folder($id, $mode, $folder_id, $folder)
{
global $user, $template, $auth, $db, $cache;
global $phpbb_root_path, $config, $phpEx, $SID;
$submit_export = (isset($_POST['submit_export'])) ? true : false;
- $folder_info = get_pm_from($folder_id, $folder, $user->data['user_id'], "{$phpbb_root_path}ucp.$phpEx$SID", $type);
+ $folder_info = get_pm_from($folder_id, $folder, $user->data['user_id'], "{$phpbb_root_path}ucp.$phpEx$SID");
if (!$submit_export)
{
@@ -48,6 +48,20 @@ function view_folder($id, $mode, $folder_id, $folder, $type)
$s_mark_options .= '<option value="' . $mark_option . '">' . $user->lang[strtoupper($mark_option)] . '</option>';
}
+ // We do the folder moving options here too, for template authors to use...
+ $s_folder_move_options = '';
+ foreach ($folder as $f_id => $folder_ary)
+ {
+ if ($f_id == PRIVMSGS_OUTBOX || $f_id == PRIVMSGS_SENTBOX || $f_id == $folder_id)
+ {
+ continue;
+ }
+
+ $s_folder_move_options .= '<option' . (($f_id != PRIVMSGS_INBOX) ? ' class="blue"' : '') . ' value="' . $f_id . '">';
+ $s_folder_move_options .= sprintf($user->lang['MOVE_MARKED_TO_FOLDER'], $folder_ary['folder_name']);
+ $s_folder_move_options .= (($folder_ary['unread_messages']) ? ' [' . $folder_ary['unread_messages'] . '] ' : '') . '</option>';
+ }
+
$friend = $foe = array();
// Get friends and foes
@@ -64,8 +78,8 @@ function view_folder($id, $mode, $folder_id, $folder, $type)
$db->sql_freeresult($result);
$template->assign_vars(array(
- 'S_UNREAD' => ($type == 'unread'),
- 'S_MARK_OPTIONS'=> $s_mark_options)
+ 'S_MARK_OPTIONS' => $s_mark_options,
+ 'S_MOVE_MARKED_OPTIONS' => $s_folder_move_options)
);
// Okay, lets dump out the page ...
@@ -344,10 +358,8 @@ function view_folder($id, $mode, $folder_id, $folder, $type)
/**
* Get Messages from folder/user
-*
-* @param unread|new|folder $type type of message
*/
-function get_pm_from($folder_id, $folder, $user_id, $url, $type = 'folder')
+function get_pm_from($folder_id, $folder, $user_id, $url)
{
global $user, $db, $template, $config, $auth, $_POST;
@@ -368,16 +380,7 @@ function get_pm_from($folder_id, $folder, $user_id, $url, $type = 'folder')
$s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = '';
gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param);
- if ($type != 'folder')
- {
- $folder_sql = ($type == 'unread') ? 't.unread = 1' : 't.new = 1';
- $folder_sql .= ' AND t.folder_id NOT IN (' . PRIVMSGS_HOLD_BOX . ', ' . PRIVMSGS_NO_BOX . ')';
- $folder_id = PRIVMSGS_INBOX;
- }
- else
- {
- $folder_sql = 't.folder_id = ' . (int) $folder_id;
- }
+ $folder_sql = 't.folder_id = ' . (int) $folder_id;
// Limit pms to certain time frame, obtain correct pm count
if ($sort_days)
@@ -404,32 +407,7 @@ function get_pm_from($folder_id, $folder, $user_id, $url, $type = 'folder')
}
else
{
- if ($type == 'folder')
- {
- $pm_count = $folder[$folder_id]['num_messages'];
- }
- else
- {
- if (in_array($folder_id, array(PRIVMSGS_INBOX, PRIVMSGS_OUTBOX, PRIVMSGS_SENTBOX)))
- {
- $sql = 'SELECT COUNT(t.msg_id) AS pm_count
- FROM ' . PRIVMSGS_TO_TABLE . ' t, ' . PRIVMSGS_TABLE . " p
- WHERE $folder_sql
- AND t.user_id = $user_id
- AND t.msg_id = p.msg_id";
- }
- else
- {
- $sql = 'SELECT pm_count
- FROM ' . PRIVMSGS_FOLDER_TABLE . "
- WHERE folder_id = $folder_id
- AND user_id = $user_id";
- }
- $result = $db->sql_query_limit($sql, 1);
- $pm_count = ($row = $db->sql_fetchrow($result)) ? $row['pm_count'] : 0;
- $db->sql_freeresult($result);
- }
-
+ $pm_count = $folder[$folder_id]['num_messages'];
$sql_limit_time = '';
}
diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php
index cf5824200d..b2a2d6d878 100644
--- a/phpBB/includes/ucp/ucp_profile.php
+++ b/phpBB/includes/ucp/ucp_profile.php
@@ -255,7 +255,7 @@ class ucp_profile
foreach ($var_ary as $var => $default)
{
- $data[$var] = request_var($var, $default);
+ $data[$var] = (in_array($var, array('location', 'occupation', 'interests'))) ? request_var($var, $default, true) : request_var($var, $default);
}
$var_ary = array(
@@ -407,7 +407,7 @@ class ucp_profile
$enable_bbcode = ($config['allow_sig_bbcode']) ? request_var('enable_bbcode', $user->optionget('bbcode')) : false;
$enable_smilies = ($config['allow_sig_smilies']) ? request_var('enable_smilies', $user->optionget('smilies')) : false;
$enable_urls = request_var('enable_urls', true);
- $signature = request_var('signature', $user->data['user_sig']);
+ $signature = request_var('signature', $user->data['user_sig'], true);
if ($submit || $preview)
{
diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php
index 0ac9290c15..b471e1a79c 100644
--- a/phpBB/includes/ucp/ucp_register.php
+++ b/phpBB/includes/ucp/ucp_register.php
@@ -27,7 +27,6 @@ class ucp_register
include($phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx);
- // Do not alter this first one to use request_var!
$confirm_id = request_var('confirm_id', '');
$coppa = (isset($_REQUEST['coppa'])) ? ((!empty($_REQUEST['coppa'])) ? 1 : 0) : false;
$agreed = (!empty($_POST['agreed'])) ? 1 : 0;
generated by cgit v1.2.1 (git 2.21.0) at 2025-04-01 10:59:35 +0000