diff options
| author | Meik Sievertsen <acydburn@phpbb.com> | 2005-12-28 17:35:20 +0000 |
|---|---|---|
| committer | Meik Sievertsen <acydburn@phpbb.com> | 2005-12-28 17:35:20 +0000 |
| commit | 0334d424779dac4f0adf89caa0362a03f93163c3 (patch) | |
| tree | 91f9771d64488df6366eac5e76f783a1979576e1 /phpBB/style.php | |
| parent | 761598e1b78d704b7f9aed82f8ac35673b4174bd (diff) | |
| download | forums-0334d424779dac4f0adf89caa0362a03f93163c3.tar forums-0334d424779dac4f0adf89caa0362a03f93163c3.tar.gz forums-0334d424779dac4f0adf89caa0362a03f93163c3.tar.bz2 forums-0334d424779dac4f0adf89caa0362a03f93163c3.tar.xz forums-0334d424779dac4f0adf89caa0362a03f93163c3.zip | |
- some changes to browser checking (was the reason for not working logins)
- partly working style acp
- other tiny changes here and there
git-svn-id: file:///svn/phpbb/trunk@5388 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/style.php')
| -rw-r--r-- | phpBB/style.php | 40 |
1 files changed, 25 insertions, 15 deletions
diff --git a/phpBB/style.php b/phpBB/style.php index d6de27a453..2c47e72f17 100644 --- a/phpBB/style.php +++ b/phpBB/style.php @@ -28,12 +28,21 @@ if (!empty($load_extensions)) } } + +$sid = (isset($_GET['sid'])) ? htmlspecialchars($_GET['sid']) : ''; +$id = (isset($_GET['id'])) ? intval($_GET['id']) : 0; + +if (!preg_match('/^[A-Za-z0-9]*$/', $sid)) +{ + $sid = ''; +} + // This is a simple script to grab and output the requested CSS data stored in the DB // We include a session_id check to try and limit 3rd party linking ... unless they // happen to have a current session it will output nothing. We will also cache the // resulting CSS data for five minutes ... anything to reduce the load on the SQL // server a little -if (!empty($_GET['id']) && !empty($_GET['sid'])) +if ($id && $sid) { // Include files require($phpbb_root_path . 'includes/acm/acm_' . $acm_type . '.'.$phpEx); @@ -49,16 +58,15 @@ if (!empty($_GET['id']) && !empty($_GET['sid'])) exit; } - $sid = htmlspecialchars($_GET['sid']); - $id = intval($_GET['id']); - $sql = "SELECT s.session_id, u.user_lang FROM {$table_prefix}sessions s, {$table_prefix}users u - WHERE s.session_id = '" . ((!get_magic_quotes_gpc()) ? $db->sql_escape($sid) : $sid) . "' + WHERE s.session_id = '" . $db->sql_escape($sid) . "' AND s.session_user_id = u.user_id"; $result = $db->sql_query($sql); + $user = $db->sql_fetchrow($result); + $db->sql_freeresult($result); - if ($user = $db->sql_fetchrow($result)) + if ($user) { $sql = "SELECT s.style_id, c.theme_data, c.theme_path, c.theme_name, c.theme_mtime, i.imageset_path, t.template_path FROM {$table_prefix}styles s, {$table_prefix}styles_template t, {$table_prefix}styles_theme c, {$table_prefix}styles_imageset i @@ -66,13 +74,14 @@ if (!empty($_GET['id']) && !empty($_GET['sid'])) AND t.template_id = s.template_id AND c.theme_id = s.theme_id AND i.imageset_id = s.imageset_id"; - $result2 = $db->sql_query($sql, 300); + $result = $db->sql_query($sql, 300); + $theme = $db->sql_fetchrow($result); + $db->sql_freeresult($result); - if (!($theme = $db->sql_fetchrow($result2))) + if (!$theme) { exit; } - $db->sql_freeresult($result2); $force_load = true; // Ideally this needs to be based on $config['load_tplcompile'] @@ -81,24 +90,26 @@ if (!empty($_GET['id']) && !empty($_GET['sid'])) $theme['theme_data'] = implode('', file("{$phpbb_root_path}styles/" . $theme['theme_path'] . '/theme/stylesheet.css')); // Match CSS imports + $matches = array(); preg_match_all('/@import url\(\"(.*)\"\);/i', $theme['theme_data'], $matches); - if ($matches) + if (sizeof($matches)) { foreach ($matches[0] as $idx => $match) { - $theme['theme_data'] = str_replace($match, load_css_file( $matches[1][$idx] ), $theme['theme_data']); + $theme['theme_data'] = str_replace($match, load_css_file($matches[1][$idx]), $theme['theme_data']); } } - $db->sql_query("UPDATE {$table_prefix}styles_theme SET theme_data = '" . $db->sql_escape($theme['theme_data']) . "', theme_mtime = " . time() . " - WHERE theme_id = $id"); + $sql = "UPDATE {$table_prefix}styles_theme + SET theme_data = '" . $db->sql_escape($theme['theme_data']) . "', theme_mtime = " . time() . " + WHERE theme_id = $id"; + $db->sql_query($sql); } header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time() + 3600)); header('Content-type: text/css'); - // Parse Theme Data $replace = array( '{T_THEME_PATH}' => "{$phpbb_root_path}styles/" . $theme['theme_path'] . '/theme', @@ -113,7 +124,6 @@ if (!empty($_GET['id']) && !empty($_GET['sid'])) echo $theme['theme_data']; } - $db->sql_freeresult($result); if (!empty($cache)) { |