diff options
| author | Meik Sievertsen <acydburn@phpbb.com> | 2007-07-22 20:11:45 +0000 |
|---|---|---|
| committer | Meik Sievertsen <acydburn@phpbb.com> | 2007-07-22 20:11:45 +0000 |
| commit | ec1da5b1fd694b4f1abcf4fa8009095d23b2c1a6 (patch) | |
| tree | c6a4f679afd375f000d5b64485c7e14737fc941b /phpBB | |
| parent | fcb0c89962242fec72d7ed01c7049601a696e4be (diff) | |
| download | forums-ec1da5b1fd694b4f1abcf4fa8009095d23b2c1a6.tar forums-ec1da5b1fd694b4f1abcf4fa8009095d23b2c1a6.tar.gz forums-ec1da5b1fd694b4f1abcf4fa8009095d23b2c1a6.tar.bz2 forums-ec1da5b1fd694b4f1abcf4fa8009095d23b2c1a6.tar.xz forums-ec1da5b1fd694b4f1abcf4fa8009095d23b2c1a6.zip | |
try to normalize everything...
git-svn-id: file:///svn/phpbb/trunk@7920 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB')
31 files changed, 300 insertions, 272 deletions
diff --git a/phpBB/includes/acp/acp_attachments.php b/phpBB/includes/acp/acp_attachments.php index a0aaf8d67e..95a2b0e322 100644 --- a/phpBB/includes/acp/acp_attachments.php +++ b/phpBB/includes/acp/acp_attachments.php @@ -441,7 +441,7 @@ class acp_attachments $ext_row = array(); } - $group_name = request_var('group_name', '', true); + $group_name = utf8_normalize_nfc(request_var('group_name', '', true)); $new_group_name = ($action == 'add') ? $group_name : (($ext_row['group_name'] != $group_name) ? $group_name : ''); if (!$group_name) @@ -618,7 +618,7 @@ class acp_attachments if ($action == 'add') { $ext_group_row = array( - 'group_name' => request_var('group_name', '', true), + 'group_name' => utf8_normalize_nfc(request_var('group_name', '', true)), 'cat_id' => 0, 'allow_group' => 1, 'allow_in_pm' => 1, diff --git a/phpBB/includes/acp/acp_ban.php b/phpBB/includes/acp/acp_ban.php index ea0a054d5f..206f332c36 100644 --- a/phpBB/includes/acp/acp_ban.php +++ b/phpBB/includes/acp/acp_ban.php @@ -33,12 +33,12 @@ class acp_ban if ($bansubmit) { // Grab the list of entries - $ban = request_var('ban', '', true); + $ban = utf8_normalize_nfc(request_var('ban', '', true)); $ban_len = request_var('banlength', 0); $ban_len_other = request_var('banlengthother', ''); $ban_exclude = request_var('banexclude', 0); - $ban_reason = request_var('banreason', '', true); - $ban_give_reason = request_var('bangivereason', '', true); + $ban_reason = utf8_normalize_nfc(request_var('banreason', '', true)); + $ban_give_reason = utf8_normalize_nfc(request_var('bangivereason', '', true)); if ($ban) { diff --git a/phpBB/includes/acp/acp_bbcodes.php b/phpBB/includes/acp/acp_bbcodes.php index 65c1f9026d..ce0d12b356 100644 --- a/phpBB/includes/acp/acp_bbcodes.php +++ b/phpBB/includes/acp/acp_bbcodes.php @@ -75,8 +75,8 @@ class acp_bbcodes $display_on_posting = request_var('display_on_posting', 0); $bbcode_match = request_var('bbcode_match', ''); - $bbcode_tpl = htmlspecialchars_decode(request_var('bbcode_tpl', '', true)); - $bbcode_helpline = request_var('bbcode_helpline', '', true); + $bbcode_tpl = htmlspecialchars_decode(utf8_normalize_nfc(request_var('bbcode_tpl', '', true))); + $bbcode_helpline = utf8_normalize_nfc(request_var('bbcode_helpline', '', true)); break; } diff --git a/phpBB/includes/acp/acp_bots.php b/phpBB/includes/acp/acp_bots.php index 5bab27d5b2..dbee5f6eed 100644 --- a/phpBB/includes/acp/acp_bots.php +++ b/phpBB/includes/acp/acp_bots.php @@ -129,7 +129,7 @@ class acp_bots include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx); $bot_row = array( - 'bot_name' => request_var('bot_name', '', true), + 'bot_name' => utf8_normalize_nfc(request_var('bot_name', '', true)), 'bot_agent' => request_var('bot_agent', ''), 'bot_ip' => request_var('bot_ip', ''), 'bot_active' => request_var('bot_active', true), diff --git a/phpBB/includes/acp/acp_disallow.php b/phpBB/includes/acp/acp_disallow.php index c574c8e803..4be61ad778 100644 --- a/phpBB/includes/acp/acp_disallow.php +++ b/phpBB/includes/acp/acp_disallow.php @@ -33,7 +33,7 @@ class acp_disallow if ($disallow) { - $disallowed_user = str_replace('*', '%', request_var('disallowed_user', '', true)); + $disallowed_user = str_replace('*', '%', utf8_normalize_nfc(request_var('disallowed_user', '', true))); if (!$disallowed_user) { diff --git a/phpBB/includes/acp/acp_email.php b/phpBB/includes/acp/acp_email.php index 3fbbe6472f..50f3d2a4c8 100644 --- a/phpBB/includes/acp/acp_email.php +++ b/phpBB/includes/acp/acp_email.php @@ -30,8 +30,8 @@ class acp_email $usernames = request_var('usernames', '', true); $group_id = request_var('g', 0); - $subject = request_var('subject', '', true); - $message = request_var('message', '', true); + $subject = utf8_normalize_nfc(request_var('subject', '', true)); + $message = utf8_normalize_nfc(request_var('message', '', true)); // Do the job ... if ($submit) @@ -178,7 +178,7 @@ class acp_email if ($usernames) { $usernames = explode("\n", $usernames); - add_log('admin', 'LOG_MASS_EMAIL', implode(', ', $usernames)); + add_log('admin', 'LOG_MASS_EMAIL', implode(', ', utf8_normalize_nfc($usernames))); } else { diff --git a/phpBB/includes/acp/acp_forums.php b/phpBB/includes/acp/acp_forums.php index 2fae905b5f..fd2602d329 100644 --- a/phpBB/includes/acp/acp_forums.php +++ b/phpBB/includes/acp/acp_forums.php @@ -103,14 +103,14 @@ class acp_forums 'type_action' => request_var('type_action', ''), 'forum_status' => request_var('forum_status', ITEM_UNLOCKED), 'forum_parents' => '', - 'forum_name' => request_var('forum_name', '', true), + 'forum_name' => utf8_normalize_nfc(request_var('forum_name', '', true)), 'forum_link' => request_var('forum_link', ''), 'forum_link_track' => request_var('forum_link_track', false), - 'forum_desc' => request_var('forum_desc', '', true), + 'forum_desc' => utf8_normalize_nfc(request_var('forum_desc', '', true)), 'forum_desc_uid' => '', 'forum_desc_options' => 7, 'forum_desc_bitfield' => '', - 'forum_rules' => request_var('forum_rules', '', true), + 'forum_rules' => utf8_normalize_nfc(request_var('forum_rules', '', true)), 'forum_rules_uid' => '', 'forum_rules_options' => 7, 'forum_rules_bitfield' => '', @@ -445,7 +445,7 @@ class acp_forums 'parent_id' => $this->parent_id, 'forum_type' => FORUM_POST, 'forum_status' => ITEM_UNLOCKED, - 'forum_name' => request_var('forum_name', '', true), + 'forum_name' => utf8_normalize_nfc(request_var('forum_name', '', true)), 'forum_link' => '', 'forum_link_track' => false, 'forum_desc' => '', diff --git a/phpBB/includes/acp/acp_groups.php b/phpBB/includes/acp/acp_groups.php index 07088de75d..35499b132f 100644 --- a/phpBB/includes/acp/acp_groups.php +++ b/phpBB/includes/acp/acp_groups.php @@ -258,8 +258,8 @@ class acp_groups // Did we submit? if ($update) { - $group_name = request_var('group_name', '', true); - $group_desc = request_var('group_desc', '', true); + $group_name = utf8_normalize_nfc(request_var('group_name', '', true)); + $group_desc = utf8_normalize_nfc(request_var('group_desc', '', true)); $group_type = request_var('group_type', GROUP_FREE); $allow_desc_bbcode = request_var('desc_parse_bbcode', false); @@ -450,7 +450,7 @@ class acp_groups } else if (!$group_id) { - $group_name = request_var('group_name', '', true); + $group_name = utf8_normalize_nfc(request_var('group_name', '', true)); $group_desc_data = array( 'text' => '', 'allow_bbcode' => true, diff --git a/phpBB/includes/acp/acp_icons.php b/phpBB/includes/acp/acp_icons.php index f37448032e..33e5bea058 100644 --- a/phpBB/includes/acp/acp_icons.php +++ b/phpBB/includes/acp/acp_icons.php @@ -276,16 +276,16 @@ class acp_icons $image_width = (isset($_POST['width'])) ? request_var('width', array('' => 0)) : array(); $image_height = (isset($_POST['height'])) ? request_var('height', array('' => 0)) : array(); $image_add = (isset($_POST['add_img'])) ? request_var('add_img', array('' => 0)) : array(); - $image_emotion = request_var('emotion', array('' => ''), true); - $image_code = request_var('code', array('' => ''), true); + $image_emotion = utf8_normalize_nfc(request_var('emotion', array('' => ''), true)); + $image_code = utf8_normalize_nfc(request_var('code', array('' => ''), true)); $image_display_on_posting = (isset($_POST['display_on_posting'])) ? request_var('display_on_posting', array('' => 0)) : array(); // Ok, add the relevant bits if we are adding new codes to existing emoticons... if (!empty($_POST['add_additional_code'])) { $add_image = request_var('add_image', ''); - $add_code = request_var('add_code', '', true); - $add_emotion = request_var('add_emotion', '', true); + $add_code = utf8_normalize_nfc(request_var('add_code', '', true)); + $add_emotion = utf8_normalize_nfc(request_var('add_emotion', '', true)); if ($add_image && $add_emotion && $add_code) { diff --git a/phpBB/includes/acp/acp_language.php b/phpBB/includes/acp/acp_language.php index 607bbd3cac..266729765d 100644 --- a/phpBB/includes/acp/acp_language.php +++ b/phpBB/includes/acp/acp_language.php @@ -146,8 +146,8 @@ class acp_language $sql_ary = array( 'lang_english_name' => request_var('lang_english_name', $row['lang_english_name']), - 'lang_local_name' => request_var('lang_local_name', $row['lang_local_name'], true), - 'lang_author' => request_var('lang_author', $row['lang_author'], true), + 'lang_local_name' => utf8_normalize_nfc(request_var('lang_local_name', $row['lang_local_name'], true)), + 'lang_author' => utf8_normalize_nfc(request_var('lang_author', $row['lang_author'], true)), ); $db->sql_query('UPDATE ' . LANG_TABLE . ' diff --git a/phpBB/includes/acp/acp_modules.php b/phpBB/includes/acp/acp_modules.php index 3daf5273cb..8148d648a3 100644 --- a/phpBB/includes/acp/acp_modules.php +++ b/phpBB/includes/acp/acp_modules.php @@ -232,7 +232,7 @@ class acp_modules 'module_enabled' => 0, 'module_display' => 1, 'parent_id' => 0, - 'module_langname' => request_var('module_langname', '', true), + 'module_langname' => utf8_normalize_nfc(request_var('module_langname', '', true)), 'module_mode' => '', 'module_auth' => '', ); @@ -245,7 +245,7 @@ class acp_modules $module_data['module_display'] = request_var('module_display', (int) $module_row['module_display']); $module_data['parent_id'] = request_var('module_parent_id', (int) $module_row['parent_id']); $module_data['module_class'] = $this->module_class; - $module_data['module_langname'] = request_var('module_langname', (string) $module_row['module_langname'], true); + $module_data['module_langname'] = utf8_normalize_nfc(request_var('module_langname', (string) $module_row['module_langname'], true)); $module_data['module_mode'] = request_var('module_mode', (string) $module_row['module_mode']); $submit = (isset($_POST['submit'])) ? true : false; diff --git a/phpBB/includes/acp/acp_permission_roles.php b/phpBB/includes/acp/acp_permission_roles.php index 674468a862..57fd4c1ea5 100644 --- a/phpBB/includes/acp/acp_permission_roles.php +++ b/phpBB/includes/acp/acp_permission_roles.php @@ -134,8 +134,8 @@ class acp_permission_roles case 'add': - $role_name = request_var('role_name', '', true); - $role_description = request_var('role_description', '', true); + $role_name = utf8_normalize_nfc(request_var('role_name', '', true)); + $role_description = utf8_normalize_nfc(request_var('role_description', '', true)); $auth_settings = request_var('setting', array('' => 0)); if (!$role_name) @@ -214,8 +214,8 @@ class acp_permission_roles $options_from = request_var('options_from', 0); $role_row = array( - 'role_name' => request_var('role_name', '', true), - 'role_description' => request_var('role_description', '', true), + 'role_name' => utf8_normalize_nfc(request_var('role_name', '', true)), + 'role_description' => utf8_normalize_nfc(request_var('role_description', '', true)), 'role_type' => $permission_type, ); diff --git a/phpBB/includes/acp/acp_profile.php b/phpBB/includes/acp/acp_profile.php index f5ff319ece..bc6730abac 100644 --- a/phpBB/includes/acp/acp_profile.php +++ b/phpBB/includes/acp/acp_profile.php @@ -354,7 +354,7 @@ class acp_profile 'field_hide' => 0, 'field_no_view' => 0, 'field_show_on_reg' => 0, - 'lang_name' => request_var('field_ident', '', true), + 'lang_name' => utf8_normalize_nfc(request_var('field_ident', '', true)), 'lang_explain' => '', 'lang_default_value'=> '') ); @@ -382,9 +382,9 @@ class acp_profile } $cp->vars['field_ident'] = ($action == 'create' && $step == 1) ? utf8_clean_string(request_var('field_ident', $field_row['field_ident'], true)) : request_var('field_ident', $field_row['field_ident']); - $cp->vars['lang_name'] = request_var('lang_name', $field_row['lang_name'], true); - $cp->vars['lang_explain'] = request_var('lang_explain', $field_row['lang_explain'], true); - $cp->vars['lang_default_value'] = request_var('lang_default_value', $field_row['lang_default_value'], true); + $cp->vars['lang_name'] = utf8_normalize_nfc(request_var('lang_name', $field_row['lang_name'], true)); + $cp->vars['lang_explain'] = utf8_normalize_nfc(request_var('lang_explain', $field_row['lang_explain'], true)); + $cp->vars['lang_default_value'] = utf8_normalize_nfc(request_var('lang_default_value', $field_row['lang_default_value'], true)); // Field option... if (isset($_REQUEST['field_option'])) @@ -409,11 +409,11 @@ class acp_profile // A boolean field expects an array as the lang options if ($field_type == FIELD_BOOL) { - $options = request_var('lang_options', array(''), true); + $options = utf8_normalize_nfc(request_var('lang_options', array(''), true)); } else { - $options = request_var('lang_options', '', true); + $options = utf8_normalize_nfc(request_var('lang_options', '', true)); } // If the user has submitted a form with options (i.e. dropdown field) @@ -441,13 +441,13 @@ class acp_profile // step 2 foreach ($exclude[2] as $key) { - $var = request_var($key, $field_row[$key], true); + $var = utf8_normalize_nfc(request_var($key, $field_row[$key], true)); // Manipulate the intended variables a little bit if needed if ($field_type == FIELD_DROPDOWN && $key == 'field_maxlen') { // Get the number of options if this key is 'field_maxlen' - $var = sizeof(explode("\n", request_var('lang_options', '', true))); + $var = sizeof(explode("\n", utf8_normalize_nfc(request_var('lang_options', '', true)))); } else if ($field_type == FIELD_TEXT && $key == 'field_length') { @@ -534,7 +534,7 @@ class acp_profile foreach ($exclude[3] as $key) { - $cp->vars[$key] = request_var($key, array(0 => ''), true); + $cp->vars[$key] = utf8_normalize_nfc(request_var($key, array(0 => ''), true)); if (!$cp->vars[$key] && $action == 'edit') { @@ -542,7 +542,7 @@ class acp_profile } else if ($key == 'l_lang_options' && $field_type == FIELD_BOOL) { - $cp->vars[$key] = request_var($key, array(0 => array('')), true); + $cp->vars[$key] = utf8_normalize_nfc(request_var($key, array(0 => array('')), true)); } else if ($key == 'l_lang_options' && is_array($cp->vars[$key])) { @@ -631,10 +631,10 @@ class acp_profile $cp->vars['columns'] = request_var('columns', 0); $_new_key_ary[$key] = $cp->vars['rows'] . '|' . $cp->vars['columns']; } + if ($field_type == FIELD_BOOL && $key == 'l_lang_options' && isset($_REQUEST['l_lang_options'])) { - $_new_key_ary[$key] = request_var($key, array(array('')), true); - + $_new_key_ary[$key] = utf8_normalize_nfc(request_var($key, array(array('')), true)); } else { @@ -644,7 +644,7 @@ class acp_profile } else { - $_new_key_ary[$key] = (is_array($_REQUEST[$key])) ? request_var($key, array(''), true) : request_var($key, '', true); + $_new_key_ary[$key] = (is_array($_REQUEST[$key])) ? utf8_normalize_nfc(request_var($key, array(''), true)) : utf8_normalize_nfc(request_var($key, '', true)); } } } @@ -915,7 +915,7 @@ class acp_profile $lang_options[$lang_id]['lang_iso'] = $lang_iso; foreach ($options as $field => $field_type) { - $value = ($action == 'create') ? request_var('l_' . $field, array(0 => ''), true) : $cp->vars['l_' . $field]; + $value = ($action == 'create') ? utf8_normalize_nfc(request_var('l_' . $field, array(0 => ''), true)) : $cp->vars['l_' . $field]; if ($field == 'lang_options') { @@ -1087,17 +1087,23 @@ class acp_profile } // These are always arrays because the key is the language id... - $cp->vars['l_lang_name'] = request_var('l_lang_name', array(0 => ''), true); - $cp->vars['l_lang_explain'] = request_var('l_lang_explain', array(0 => ''), true); - $cp->vars['l_lang_default_value'] = request_var('l_lang_default_value', array(0 => ''), true); + $cp->vars['l_lang_name'] = utf8_normalize_nfc(request_var('l_lang_name', array(0 => ''), true)); + $cp->vars['l_lang_explain'] = utf8_normalize_nfc(request_var('l_lang_explain', array(0 => ''), true)); + $cp->vars['l_lang_default_value'] = utf8_normalize_nfc(request_var('l_lang_default_value', array(0 => ''), true)); + if ($field_type != FIELD_BOOL) { - $cp->vars['l_lang_options'] = request_var('l_lang_options', array(0 => ''), true); + $cp->vars['l_lang_options'] = utf8_normalize_nfc(request_var('l_lang_options', array(0 => ''), true)); } else { + /** + * @todo check if this line is correct... $cp->vars['l_lang_default_value'] = request_var('l_lang_default_value', array(0 => array('')), true); + */ + $cp->vars['l_lang_options'] = utf8_normalize_nfc(request_var('l_lang_options', array(0 => array('')), true)); } + if ($cp->vars['lang_options']) { if (!is_array($cp->vars['lang_options'])) diff --git a/phpBB/includes/acp/acp_ranks.php b/phpBB/includes/acp/acp_ranks.php index 08270a7221..950a645487 100644 --- a/phpBB/includes/acp/acp_ranks.php +++ b/phpBB/includes/acp/acp_ranks.php @@ -35,7 +35,7 @@ class acp_ranks { case 'save': - $rank_title = request_var('title', '', true); + $rank_title = utf8_normalize_nfc(request_var('title', '', true)); $special_rank = request_var('special_rank', 0); $min_posts = ($special_rank) ? 0 : request_var('min_posts', 0); $rank_image = request_var('rank_image', ''); diff --git a/phpBB/includes/acp/acp_reasons.php b/phpBB/includes/acp/acp_reasons.php index 4fe76c7bbb..ca9fbcb806 100644 --- a/phpBB/includes/acp/acp_reasons.php +++ b/phpBB/includes/acp/acp_reasons.php @@ -38,8 +38,8 @@ class acp_reasons case 'edit': $reason_row = array( - 'reason_title' => request_var('reason_title', '', true), - 'reason_description' => request_var('reason_description', '', true) + 'reason_title' => utf8_normalize_nfc(request_var('reason_title', '', true)), + 'reason_description' => utf8_normalize_nfc(request_var('reason_description', '', true)), ); if ($submit) diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php index 1e0e3af54a..74659fe792 100644 --- a/phpBB/includes/acp/acp_styles.php +++ b/phpBB/includes/acp/acp_styles.php @@ -670,7 +670,7 @@ parse_css_file = {PARSE_CSS_FILE} $_POST['template_data'] = (isset($_POST['template_data']) && !empty($_POST['template_data'])) ? str_replace(array("\r\n", "\r"), array("\n", "\n"), $_POST['template_data']) : ''; $template_data = (STRIP) ? stripslashes($_POST['template_data']) : $_POST['template_data']; - $template_file = request_var('template_file', '', true); + $template_file = utf8_normalize_nfc(request_var('template_file', '', true)); $text_rows = max(5, min(999, request_var('text_rows', 20))); $save_changes = (isset($_POST['save'])) ? true : false; @@ -1025,7 +1025,7 @@ parse_css_file = {PARSE_CSS_FILE} $_POST['template_data'] = (isset($_POST['template_data']) && !empty($_POST['template_data'])) ? str_replace(array("\r\n", "\r"), array("\n", "\n"), $_POST['template_data']) : ''; $theme_data = (STRIP) ? stripslashes($_POST['template_data']) : $_POST['template_data']; - $theme_file = request_var('template_file', '', true); + $theme_file = utf8_normalize_nfc(request_var('template_file', '', true)); $text_rows = max(5, min(999, request_var('text_rows', 20))); $save_changes = (isset($_POST['save'])) ? true : false; @@ -2016,8 +2016,8 @@ parse_css_file = {PARSE_CSS_FILE} if ($update) { - $name = request_var('name', '', true); - $copyright = request_var('copyright', '', true); + $name = utf8_normalize_nfc(request_var('name', '', true)); + $copyright = utf8_normalize_nfc(request_var('copyright', '', true)); $template_id = request_var('template_id', 0); $theme_id = request_var('theme_id', 0); @@ -2652,8 +2652,8 @@ parse_css_file = {PARSE_CSS_FILE} $error = array(); $style_row = array( - $mode . '_name' => request_var('name', '', true), - $mode . '_copyright' => request_var('copyright', '', true), + $mode . '_name' => utf8_normalize_nfc(request_var('name', '', true)), + $mode . '_copyright' => utf8_normalize_nfc(request_var('copyright', '', true)), 'template_id' => 0, 'theme_id' => 0, 'imageset_id' => 0, diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index 8f5fd8d0de..5b6a790e97 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -30,11 +30,8 @@ class acp_users $this->tpl_name = 'acp_users'; $this->page_title = 'ACP_USER_' . strtoupper($mode); - include($phpbb_root_path . 'includes/functions_user.' . $phpEx); - include($phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx); - $error = array(); - $username = request_var('username', '', true); + $username = utf8_normalize_nfc(request_var('username', '', true)); $user_id = request_var('u', 0); $action = request_var('action', ''); @@ -43,6 +40,8 @@ class acp_users // Whois (special case) if ($action == 'whois') { + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + $this->page_title = 'WHOIS'; $this->tpl_name = 'simple_body'; @@ -148,6 +147,8 @@ class acp_users { case 'overview': + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + $user->add_lang('acp/ban'); $delete = request_var('delete', 0); @@ -248,8 +249,8 @@ class acp_users break; } - $ban_reason = request_var('ban_reason', $user->lang[$reason], true); - $ban_give_reason = request_var('ban_give_reason', '', true); + $ban_reason = utf8_normalize_nfc(request_var('ban_reason', $user->lang[$reason], true)); + $ban_give_reason = utf8_normalize_nfc(request_var('ban_give_reason', '', true)); // Log not used at the moment, we simply utilize the ban function. $result = user_ban(substr($action, 3), $ban, 0, 0, 0, $ban_reason, $ban_give_reason); @@ -598,7 +599,7 @@ class acp_users // Handle registration info updates $data = array( - 'username' => request_var('user', $user_row['username'], true), + 'username' => utf8_normalize_nfc(request_var('user', $user_row['username'], true)), 'user_founder' => request_var('user_founder', ($user_row['user_type'] == USER_FOUNDER) ? 1 : 0), 'email' => strtolower(request_var('user_email', $user_row['user_email'])), 'email_confirm' => strtolower(request_var('email_confirm', '')), @@ -867,7 +868,7 @@ class acp_users $deletemark = (isset($_POST['delmarked'])) ? true : false; $deleteall = (isset($_POST['delall'])) ? true : false; $marked = request_var('mark', array(0)); - $message = request_var('message', '', true); + $message = utf8_normalize_nfc(request_var('message', '', true)); // Sort keys $sort_days = request_var('st', 0); @@ -952,6 +953,9 @@ class acp_users case 'profile': + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + include($phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx); + $cp = new custom_profile(); $cp_data = $cp_error = array(); @@ -1147,8 +1151,10 @@ class acp_users case 'prefs': + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + $data = array( - 'dateformat' => request_var('dateformat', $user_row['user_dateformat'], true), + 'dateformat' => utf8_normalize_nfc(request_var('dateformat', $user_row['user_dateformat'], true)), 'lang' => basename(request_var('lang', $user_row['user_lang'])), 'tz' => request_var('tz', (float) $user_row['user_timezone']), 'style' => request_var('style', $user_row['user_style']), @@ -1352,6 +1358,7 @@ class acp_users case 'avatar': include($phpbb_root_path . 'includes/functions_display.' . $phpEx); + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); $can_upload = (file_exists($phpbb_root_path . $config['avatar_path']) && @is_writable($phpbb_root_path . $config['avatar_path']) && $file_uploads) ? true : false; @@ -1652,6 +1659,8 @@ class acp_users case 'groups': + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + $user->add_lang(array('groups', 'acp/groups')); $group_id = request_var('g', 0); diff --git a/phpBB/includes/mcp/mcp_ban.php b/phpBB/includes/mcp/mcp_ban.php index 5e223b1980..d7c1b28b77 100644 --- a/phpBB/includes/mcp/mcp_ban.php +++ b/phpBB/includes/mcp/mcp_ban.php @@ -38,11 +38,17 @@ class mcp_ban // Grab the list of entries $ban = request_var('ban', '', ($mode === 'user') ? true : false); + + if ($mode === 'user') + { + $ban = utf8_normalize_nfc($ban); + } + $ban_len = request_var('banlength', 0); $ban_len_other = request_var('banlengthother', ''); $ban_exclude = request_var('banexclude', 0); - $ban_reason = request_var('banreason', '', true); - $ban_give_reason = request_var('bangivereason', '', true); + $ban_reason = utf8_normalize_nfc(request_var('banreason', '', true)); + $ban_give_reason = utf8_normalize_nfc(request_var('bangivereason', '', true)); if ($ban) diff --git a/phpBB/includes/mcp/mcp_notes.php b/phpBB/includes/mcp/mcp_notes.php index bc4782abea..391d41b6fb 100755 --- a/phpBB/includes/mcp/mcp_notes.php +++ b/phpBB/includes/mcp/mcp_notes.php @@ -103,7 +103,7 @@ class mcp_notes $deletemark = ($action == 'del_marked') ? true : false; $deleteall = ($action == 'del_all') ? true : false; $marked = request_var('marknote', array(0)); - $usernote = request_var('usernote', '', true); + $usernote = utf8_normalize_nfc(request_var('usernote', '', true)); // Handle any actions if (($deletemark || $deleteall) && $auth->acl_get('a_clearlogs')) diff --git a/phpBB/includes/mcp/mcp_queue.php b/phpBB/includes/mcp/mcp_queue.php index 1259944439..1e908b1c1f 100644 --- a/phpBB/includes/mcp/mcp_queue.php +++ b/phpBB/includes/mcp/mcp_queue.php @@ -734,7 +734,7 @@ function disapprove_post($post_id_list, $id, $mode) } $redirect = request_var('redirect', build_url(array('t', 'mode', '_f_', 'quickmod')) . '&mode=unapproved_topics'); - $reason = request_var('reason', '', true); + $reason = utf8_normalize_nfc(request_var('reason', '', true)); $reason_id = request_var('reason_id', 0); $success_msg = $additional_msg = ''; diff --git a/phpBB/includes/mcp/mcp_warn.php b/phpBB/includes/mcp/mcp_warn.php index 6fd0f52d6f..915df898f7 100755 --- a/phpBB/includes/mcp/mcp_warn.php +++ b/phpBB/includes/mcp/mcp_warn.php @@ -191,7 +191,7 @@ class mcp_warn $post_id = request_var('p', 0); $forum_id = request_var('f', 0); $notify = (isset($_REQUEST['notify_user'])) ? true : false; - $warning = request_var('warning', '', true); + $warning = utf8_normalize_nfc(request_var('warning', '', true)); $sql = 'SELECT u.*, p.* FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . " u @@ -306,7 +306,7 @@ class mcp_warn $user_id = request_var('u', 0); $username = request_var('username', '', true); $notify = (isset($_REQUEST['notify_user'])) ? true : false; - $warning = request_var('warning', '', true); + $warning = utf8_normalize_nfc(request_var('warning', '', true)); $sql_where = ($user_id) ? "user_id = $user_id" : "username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php index 1e8bd23af9..44b5498ca7 100644 --- a/phpBB/includes/ucp/ucp_groups.php +++ b/phpBB/includes/ucp/ucp_groups.php @@ -454,8 +454,8 @@ class ucp_groups // Did we submit? if ($update) { - $group_name = request_var('group_name', '', true); - $group_desc = request_var('group_desc', '', true); + $group_name = utf8_normalize_nfc(request_var('group_name', '', true)); + $group_desc = utf8_normalize_nfc(request_var('group_desc', '', true)); $group_type = request_var('group_type', GROUP_FREE); $allow_desc_bbcode = request_var('desc_parse_bbcode', false); @@ -591,7 +591,7 @@ class ucp_groups } else if (!$group_id) { - $group_name = request_var('group_name', '', true); + $group_name = utf8_normalize_nfc(request_var('group_name', '', true)); $group_desc_data = array( 'text' => '', 'allow_bbcode' => true, @@ -951,7 +951,7 @@ class ucp_groups $user->add_lang(array('acp/groups', 'acp/common')); - $names = request_var('usernames', '', true); + $names = utf8_normalize_nfc(request_var('usernames', '', true)); if (!$group_id) { diff --git a/phpBB/includes/ucp/ucp_pm_options.php b/phpBB/includes/ucp/ucp_pm_options.php index f242c864b6..95326090c7 100644 --- a/phpBB/includes/ucp/ucp_pm_options.php +++ b/phpBB/includes/ucp/ucp_pm_options.php @@ -60,7 +60,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit // Add Folder if (isset($_POST['addfolder'])) { - $folder_name = request_var('foldername', '', true); + $folder_name = utf8_normalize_nfc(request_var('foldername', '', true)); if ($folder_name) { @@ -104,7 +104,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit // Rename folder if (isset($_POST['rename_folder'])) { - $new_folder_name = request_var('new_folder_name', '', true); + $new_folder_name = utf8_normalize_nfc(request_var('new_folder_name', '', true)); $rename_folder_id= request_var('rename_folder_id', 0); if (!$new_folder_name) diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php index 2dab4af710..b62ee04318 100644 --- a/phpBB/includes/ucp/ucp_register.php +++ b/phpBB/includes/ucp/ucp_register.php @@ -79,7 +79,7 @@ class ucp_register { // We do not include the password! $s_hidden_fields = array_merge($s_hidden_fields, array( - 'username' => request_var('username', '', true), + 'username' => utf8_normalize_nfc(request_var('username', '', true)), 'email' => strtolower(request_var('email', '')), 'email_confirm' => strtolower(request_var('email_confirm', '')), 'confirm_code' => request_var('confirm_code', ''), diff --git a/phpBB/includes/utf/utf_tools.php b/phpBB/includes/utf/utf_tools.php index c9a79cc0df..b4ad6a7af9 100644 --- a/phpBB/includes/utf/utf_tools.php +++ b/phpBB/includes/utf/utf_tools.php @@ -1787,7 +1787,17 @@ function utf8_normalize_nfc($strings) { foreach ($strings as $key => $string) { - utf_normalizer::nfc($strings[$key]); + if (is_array($string)) + { + foreach ($string as $_key => $_string) + { + utf_normalizer::nfc($strings[$key][$_key]); + } + } + else + { + utf_normalizer::nfc($strings[$key]); + } } } diff --git a/phpBB/install/install_install.php b/phpBB/install/install_install.php index 7db99eb56a..9a14ac3839 100755 --- a/phpBB/install/install_install.php +++ b/phpBB/install/install_install.php @@ -540,10 +540,7 @@ class install_install extends module $this->page_title = $lang['STAGE_DATABASE']; // Obtain any submitted data - foreach ($this->request_vars as $var) - { - $$var = (in_array($var, array('admin_name', 'dbpasswd', 'admin_pass1', 'admin_pass2'))) ? request_var($var, '', true) : request_var($var, ''); - } + $data = $this->get_submitted_data(); $connect_test = false; $error = array(); @@ -552,15 +549,14 @@ class install_install extends module // Has the user opted to test the connection? if (isset($_POST['testdb'])) { - if (!isset($available_dbms[$dbms]) || !$available_dbms[$dbms]['AVAILABLE']) + if (!isset($available_dbms[$data['dbms']]) || !$available_dbms[$data['dbms']]['AVAILABLE']) { $error['db'][] = $lang['INST_ERR_NO_DB']; $connect_test = false; } else { - $dbpasswd = htmlspecialchars_decode($dbpasswd); - $connect_test = connect_check_db(true, $error, $available_dbms[$dbms], $table_prefix, $dbhost, $dbuser, $dbpasswd, $dbname, $dbport); + $connect_test = connect_check_db(true, $error, $available_dbms[$data['dbms']], $data['table_prefix'], $data['dbhost'], $data['dbuser'], $data['dbpasswd'], $data['dbname'], $data['dbport']); } $template->assign_block_vars('checks', array( @@ -608,7 +604,7 @@ class install_install extends module $available_dbms = &$available_dbms_temp; // And now for the main part of this page - $table_prefix = (!empty($table_prefix) ? $table_prefix : 'phpbb_'); + $data['table_prefix'] = (!empty($data['table_prefix']) ? $data['table_prefix'] : 'phpbb_'); foreach ($this->db_config_options as $config_key => $vars) { @@ -635,15 +631,15 @@ class install_install extends module 'S_EXPLAIN' => $vars['explain'], 'S_LEGEND' => false, 'TITLE_EXPLAIN' => ($vars['explain']) ? $lang[$vars['lang'] . '_EXPLAIN'] : '', - 'CONTENT' => $this->p_master->input_field($config_key, $vars['type'], $$config_key, $options), + 'CONTENT' => $this->p_master->input_field($config_key, $vars['type'], $data[$config_key], $options), ) ); } } // And finally where do we want to go next (well today is taken isn't it :P) - $s_hidden_fields = ($img_imagick) ? '<input type="hidden" name="img_imagick" value="' . addslashes($img_imagick) . '" />' : ''; - $s_hidden_fields .= '<input type="hidden" name="language" value="' . $language . '" />'; + $s_hidden_fields = ($data['img_imagick']) ? '<input type="hidden" name="img_imagick" value="' . addslashes($data['img_imagick']) . '" />' : ''; + $s_hidden_fields .= '<input type="hidden" name="language" value="' . $data['language'] . '" />'; if ($connect_test) { foreach ($this->db_config_options as $config_key => $vars) @@ -652,7 +648,7 @@ class install_install extends module { continue; } - $s_hidden_fields .= '<input type="hidden" name="' . $config_key . '" value="' . $$config_key . '" />'; + $s_hidden_fields .= '<input type="hidden" name="' . $config_key . '" value="' . $data[$config_key] . '" />'; } } @@ -678,69 +674,63 @@ class install_install extends module $this->page_title = $lang['STAGE_ADMINISTRATOR']; // Obtain any submitted data - foreach ($this->request_vars as $var) - { - $$var = (in_array($var, array('admin_name', 'dbpasswd', 'admin_pass1', 'admin_pass2'))) ? request_var($var, '', true) : request_var($var, ''); - } + $data = $this->get_submitted_data(); - if ($dbms == '') + if ($data['dbms'] == '') { // Someone's been silly and tried calling this page direct // So we send them back to the start to do it again properly $this->p_master->redirect("index.$phpEx?mode=install"); } - $s_hidden_fields = ($img_imagick) ? '<input type="hidden" name="img_imagick" value="' . addslashes($img_imagick) . '" />' : ''; + $s_hidden_fields = ($data['img_imagick']) ? '<input type="hidden" name="img_imagick" value="' . addslashes($data['img_imagick']) . '" />' : ''; $passed = false; - $default_lang = ($default_lang !== '') ? $default_lang : $language; - - $board_email1 = strtolower($board_email1); - $board_email2 = strtolower($board_email2); + $data['default_lang'] = ($data['default_lang'] !== '') ? $data['default_lang'] : $data['language']; if (isset($_POST['check'])) { $error = array(); // Check the entered email address and password - if ($admin_name == '' || $admin_pass1 == '' || $admin_pass2 == '' || $board_email1 == '' || $board_email2 == '') + if ($data['admin_name'] == '' || $data['admin_pass1'] == '' || $data['admin_pass2'] == '' || $data['board_email1'] == '' || $data['board_email2'] == '') { $error[] = $lang['INST_ERR_MISSING_DATA']; } - if ($admin_pass1 != $admin_pass2 && $admin_pass1 != '') + if ($data['admin_pass1'] != $data['admin_pass2'] && $data['admin_pass1'] != '') { $error[] = $lang['INST_ERR_PASSWORD_MISMATCH']; } // Test against the default username rules - if ($admin_name != '' && utf8_strlen($admin_name) < 3) + if ($data['admin_name'] != '' && utf8_strlen($data['admin_name']) < 3) { $error[] = $lang['INST_ERR_USER_TOO_SHORT']; } - if ($admin_name != '' && utf8_strlen($admin_name) > 20) + if ($data['admin_name'] != '' && utf8_strlen($data['admin_name']) > 20) { $error[] = $lang['INST_ERR_USER_TOO_LONG']; } // Test against the default password rules - if ($admin_pass1 != '' && utf8_strlen($admin_pass1) < 6) + if ($data['admin_pass1'] != '' && utf8_strlen($data['admin_pass1']) < 6) { $error[] = $lang['INST_ERR_PASSWORD_TOO_SHORT']; } - if ($admin_pass1 != '' && utf8_strlen($admin_pass1) > 30) + if ($data['admin_pass1'] != '' && utf8_strlen($data['admin_pass1']) > 30) { $error[] = $lang['INST_ERR_PASSWORD_TOO_LONG']; } - if ($board_email1 != $board_email2 && $board_email1 != '') + if ($data['board_email1'] != $data['board_email2'] && $data['board_email1'] != '') { $error[] = $lang['INST_ERR_EMAIL_MISMATCH']; } - if ($board_email1 != '' && !preg_match('/^' . get_preg_expression('email') . '$/i', $board_email1)) + if ($data['board_email1'] != '' && !preg_match('/^' . get_preg_expression('email') . '$/i', $data['board_email1'])) { $error[] = $lang['INST_ERR_EMAIL_INVALID']; } @@ -801,7 +791,7 @@ class install_install extends module 'S_EXPLAIN' => $vars['explain'], 'S_LEGEND' => false, 'TITLE_EXPLAIN' => ($vars['explain']) ? $lang[$vars['lang'] . '_EXPLAIN'] : '', - 'CONTENT' => $this->p_master->input_field($config_key, $vars['type'], $$config_key, $options), + 'CONTENT' => $this->p_master->input_field($config_key, $vars['type'], $data[$config_key], $options), ) ); } @@ -814,12 +804,12 @@ class install_install extends module { continue; } - $s_hidden_fields .= '<input type="hidden" name="' . $config_key . '" value="' . $$config_key . '" />'; + $s_hidden_fields .= '<input type="hidden" name="' . $config_key . '" value="' . $data[$config_key] . '" />'; } } - $s_hidden_fields .= ($img_imagick) ? '<input type="hidden" name="img_imagick" value="' . addslashes($img_imagick) . '" />' : ''; - $s_hidden_fields .= '<input type="hidden" name="language" value="' . $language . '" />'; + $s_hidden_fields .= ($data['img_imagick']) ? '<input type="hidden" name="img_imagick" value="' . addslashes($data['img_imagick']) . '" />' : ''; + $s_hidden_fields .= '<input type="hidden" name="language" value="' . $data['language'] . '" />'; foreach ($this->db_config_options as $config_key => $vars) { @@ -827,7 +817,7 @@ class install_install extends module { continue; } - $s_hidden_fields .= '<input type="hidden" name="' . $config_key . '" value="' . $$config_key . '" />'; + $s_hidden_fields .= '<input type="hidden" name="' . $config_key . '" value="' . $data[$config_key] . '" />'; } $submit = $lang['NEXT_STEP']; @@ -852,26 +842,23 @@ class install_install extends module $this->page_title = $lang['STAGE_CONFIG_FILE']; // Obtain any submitted data - foreach ($this->request_vars as $var) - { - $$var = (in_array($var, array('admin_name', 'dbpasswd', 'admin_pass1', 'admin_pass2'))) ? request_var($var, '', true) : request_var($var, ''); - } + $data = $this->get_submitted_data(); - if ($dbms == '') + if ($data['dbms'] == '') { // Someone's been silly and tried calling this page direct // So we send them back to the start to do it again properly $this->p_master->redirect("index.$phpEx?mode=install"); } - $s_hidden_fields = ($img_imagick) ? '<input type="hidden" name="img_imagick" value="' . addslashes($img_imagick) . '" />' : ''; - $s_hidden_fields .= '<input type="hidden" name="language" value="' . $language . '" />'; + $s_hidden_fields = ($data['img_imagick']) ? '<input type="hidden" name="img_imagick" value="' . addslashes($data['img_imagick']) . '" />' : ''; + $s_hidden_fields .= '<input type="hidden" name="language" value="' . $data['language'] . '" />'; $written = false; // Create a list of any PHP modules we wish to have loaded $load_extensions = array(); - $available_dbms = get_available_dbms($dbms); - $check_exts = array_merge(array($available_dbms[$dbms]['MODULE']), $this->php_dlls_other); + $available_dbms = get_available_dbms($data['dbms']); + $check_exts = array_merge(array($available_dbms[$data['dbms']]['MODULE']), $this->php_dlls_other); foreach ($check_exts as $dll) { @@ -897,19 +884,18 @@ class install_install extends module @chmod($phpbb_root_path . 'cache/install_lock', 0666); - $dbpasswd = htmlspecialchars_decode($dbpasswd); $load_extensions = implode(',', $load_extensions); // Time to convert the data provided into a config file $config_data = "<?php\n"; $config_data .= "// phpBB 3.0.x auto-generated configuration file\n// Do not change anything in this file!\n"; - $config_data .= "\$dbms = '" . $available_dbms[$dbms]['DRIVER'] . "';\n"; - $config_data .= "\$dbhost = '$dbhost';\n"; - $config_data .= "\$dbport = '$dbport';\n"; - $config_data .= "\$dbname = '$dbname';\n"; - $config_data .= "\$dbuser = '$dbuser';\n"; - $config_data .= "\$dbpasswd = '$dbpasswd';\n\n"; - $config_data .= "\$table_prefix = '$table_prefix';\n"; + $config_data .= "\$dbms = '" . $available_dbms[$data['dbms']]['DRIVER'] . "';\n"; + $config_data .= "\$dbhost = '{$data['dbhost']}';\n"; + $config_data .= "\$dbport = '{$data['dbport']}';\n"; + $config_data .= "\$dbname = '{$data['dbname']}';\n"; + $config_data .= "\$dbuser = '{$data['dbuser']}';\n"; + $config_data .= "\$dbpasswd = '{$data['dbpasswd']}';\n\n"; + $config_data .= "\$table_prefix = '{$data['table_prefix']}';\n"; // $config_data .= "\$acm_type = '" . (($acm_type) ? $acm_type : 'file') . "';\n"; $config_data .= "\$acm_type = 'file';\n"; $config_data .= "\$load_extensions = '$load_extensions';\n\n"; @@ -964,7 +950,7 @@ class install_install extends module { continue; } - $s_hidden_fields .= '<input type="hidden" name="' . $config_key . '" value="' . $$config_key . '" />'; + $s_hidden_fields .= '<input type="hidden" name="' . $config_key . '" value="' . $data[$config_key] . '" />'; } if (!$written) @@ -1016,28 +1002,25 @@ class install_install extends module $this->page_title = $lang['STAGE_ADVANCED']; // Obtain any submitted data - foreach ($this->request_vars as $var) - { - $$var = (in_array($var, array('admin_name', 'dbpasswd', 'admin_pass1', 'admin_pass2'))) ? request_var($var, '', true) : request_var($var, ''); - } + $data = $this->get_submitted_data(); - if ($dbms == '') + if ($data['dbms'] == '') { // Someone's been silly and tried calling this page direct // So we send them back to the start to do it again properly $this->p_master->redirect("index.$phpEx?mode=install"); } - $s_hidden_fields = ($img_imagick) ? '<input type="hidden" name="img_imagick" value="' . addslashes($img_imagick) . '" />' : ''; - $s_hidden_fields .= '<input type="hidden" name="language" value="' . $language . '" />'; + $s_hidden_fields = ($data['img_imagick']) ? '<input type="hidden" name="img_imagick" value="' . addslashes($data['img_imagick']) . '" />' : ''; + $s_hidden_fields .= '<input type="hidden" name="language" value="' . $data['language'] . '" />'; - $email_enable = ($email_enable !== '') ? $email_enable : true; - $server_name = ($server_name !== '') ? $server_name : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME')); - $server_port = ($server_port !== '') ? $server_port : ((!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT')); - $server_protocol = ($server_protocol !== '') ? $server_protocol : ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 'https://' : 'http://'); - $cookie_secure = ($cookie_secure !== '') ? $cookie_secure : ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? true : false); + $data['email_enable'] = ($data['email_enable'] !== '') ? $data['email_enable'] : true; + $data['server_name'] = ($data['server_name'] !== '') ? $data['server_name'] : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME')); + $data['server_port'] = ($data['server_port'] !== '') ? $data['server_port'] : ((!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT')); + $data['server_protocol'] = ($data['server_protocol'] !== '') ? $data['server_protocol'] : ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 'https://' : 'http://'); + $data['cookie_secure'] = ($data['cookie_secure'] !== '') ? $data['cookie_secure'] : ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? true : false); - if ($script_path === '') + if ($data['script_path'] === '') { $name = (!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : getenv('PHP_SELF'); if (!$name) @@ -1047,7 +1030,7 @@ class install_install extends module // Replace backslashes and doubled slashes (could happen on some proxy setups) $name = str_replace(array('\\', '//', '/install'), '/', $name); - $script_path = trim(dirname($name)); + $data['script_path'] = trim(dirname($name)); } foreach ($this->advanced_config_options as $config_key => $vars) @@ -1075,7 +1058,7 @@ class install_install extends module 'S_EXPLAIN' => $vars['explain'], 'S_LEGEND' => false, 'TITLE_EXPLAIN' => ($vars['explain']) ? $lang[$vars['lang'] . '_EXPLAIN'] : '', - 'CONTENT' => $this->p_master->input_field($config_key, $vars['type'], $$config_key, $options), + 'CONTENT' => $this->p_master->input_field($config_key, $vars['type'], $data[$config_key], $options), ) ); } @@ -1087,7 +1070,7 @@ class install_install extends module { continue; } - $s_hidden_fields .= '<input type="hidden" name="' . $config_key . '" value="' . $$config_key . '" />'; + $s_hidden_fields .= '<input type="hidden" name="' . $config_key . '" value="' . $data[$config_key] . '" />'; } $submit = $lang['NEXT_STEP']; @@ -1113,19 +1096,16 @@ class install_install extends module $s_hidden_fields = ''; // Obtain any submitted data - foreach ($this->request_vars as $var) - { - $$var = (in_array($var, array('admin_name', 'dbpasswd', 'admin_pass1', 'admin_pass2'))) ? request_var($var, '', true) : request_var($var, ''); - } + $data = $this->get_submitted_data(); - if ($dbms == '') + if ($data['dbms'] == '') { // Someone's been silly and tried calling this page direct // So we send them back to the start to do it again properly $this->p_master->redirect("index.$phpEx?mode=install"); } - $cookie_domain = ($server_name != '') ? $server_name : (!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'); + $cookie_domain = ($data['server_name'] != '') ? $data['server_name'] : (!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'); // Try to come up with the best solution for cookie domain... if (strpos($cookie_domain, 'www.') === 0) @@ -1134,45 +1114,43 @@ class install_install extends module } // If we get here and the extension isn't loaded it should be safe to just go ahead and load it - $available_dbms = get_available_dbms($dbms); - - $dbpasswd = htmlspecialchars_decode($dbpasswd); + $available_dbms = get_available_dbms($data['dbms']); // Load the appropriate database class if not already loaded - include($phpbb_root_path . 'includes/db/' . $available_dbms[$dbms]['DRIVER'] . '.' . $phpEx); + include($phpbb_root_path . 'includes/db/' . $available_dbms[$data['dbms']]['DRIVER'] . '.' . $phpEx); // Instantiate the database - $sql_db = 'dbal_' . $available_dbms[$dbms]['DRIVER']; + $sql_db = 'dbal_' . $available_dbms[$data['dbms']]['DRIVER']; $db = new $sql_db(); - $db->sql_connect($dbhost, $dbuser, $dbpasswd, $dbname, $dbport, false, false); + $db->sql_connect($data['dbhost'], $data['dbuser'], $data['dbpasswd'], $data['dbname'], $data['dbport'], false, false); // NOTE: trigger_error does not work here. $db->sql_return_on_error(true); // If mysql is chosen, we need to adjust the schema filename slightly to reflect the correct version. ;) - if ($dbms == 'mysql') + if ($data['dbms'] == 'mysql') { if (version_compare($db->mysql_version, '4.1.3', '>=')) { - $available_dbms[$dbms]['SCHEMA'] .= '_41'; + $available_dbms[$data['dbms']]['SCHEMA'] .= '_41'; } else { - $available_dbms[$dbms]['SCHEMA'] .= '_40'; + $available_dbms[$data['dbms']]['SCHEMA'] .= '_40'; } } // Ok we have the db info go ahead and read in the relevant schema // and work on building the table - $dbms_schema = 'schemas/' . $available_dbms[$dbms]['SCHEMA'] . '_schema.sql'; + $dbms_schema = 'schemas/' . $available_dbms[$data['dbms']]['SCHEMA'] . '_schema.sql'; // How should we treat this schema? - $remove_remarks = $available_dbms[$dbms]['COMMENTS']; - $delimiter = $available_dbms[$dbms]['DELIM']; + $remove_remarks = $available_dbms[$data['dbms']]['COMMENTS']; + $delimiter = $available_dbms[$data['dbms']]['DELIM']; $sql_query = @file_get_contents($dbms_schema); - $sql_query = preg_replace('#phpbb_#i', $table_prefix, $sql_query); + $sql_query = preg_replace('#phpbb_#i', $data['table_prefix'], $sql_query); $remove_remarks($sql_query); @@ -1193,7 +1171,7 @@ class install_install extends module $sql_query = file_get_contents('schemas/schema_data.sql'); // Deal with any special comments - switch ($dbms) + switch ($data['dbms']) { case 'mssql': case 'mssql_odbc': @@ -1206,7 +1184,7 @@ class install_install extends module } // Change prefix - $sql_query = preg_replace('#phpbb_#i', $table_prefix, $sql_query); + $sql_query = preg_replace('#phpbb_#i', $data['table_prefix'], $sql_query); // Change language strings... $sql_query = preg_replace_callback('#\{L_([A-Z0-9\-_]*)\}#s', 'adjust_language_keys_callback', $sql_query); @@ -1230,139 +1208,139 @@ class install_install extends module $user_ip = (!empty($_SERVER['REMOTE_ADDR'])) ? htmlspecialchars($_SERVER['REMOTE_ADDR']) : ''; - if ($script_path !== '/') + if ($data['script_path'] !== '/') { // Adjust destination path (no trailing slash) - if (substr($script_path, -1) == '/') + if (substr($data['script_path'], -1) == '/') { - $script_path = substr($script_path, 0, -1); + $data['script_path'] = substr($data['script_path'], 0, -1); } - $script_path = str_replace(array('../', './'), '', $script_path); + $data['script_path'] = str_replace(array('../', './'), '', $data['script_path']); - if ($script_path[0] != '/') + if ($data['script_path'][0] != '/') { - $script_path = '/' . $script_path; + $data['script_path'] = '/' . $data['script_path']; } } // Set default config and post data, this applies to all DB's $sql_ary = array( - 'INSERT INTO ' . $table_prefix . "config (config_name, config_value) + 'INSERT INTO ' . $data['table_prefix'] . "config (config_name, config_value) VALUES ('board_startdate', '$current_time')", - 'INSERT INTO ' . $table_prefix . "config (config_name, config_value) - VALUES ('default_lang', '" . $db->sql_escape($default_lang) . "')", + 'INSERT INTO ' . $data['table_prefix'] . "config (config_name, config_value) + VALUES ('default_lang', '" . $db->sql_escape($data['default_lang']) . "')", - 'UPDATE ' . $table_prefix . "config - SET config_value = '" . $db->sql_escape($img_imagick) . "' + 'UPDATE ' . $data['table_prefix'] . "config + SET config_value = '" . $db->sql_escape($data['img_imagick']) . "' WHERE config_name = 'img_imagick'", - 'UPDATE ' . $table_prefix . "config - SET config_value = '" . $db->sql_escape($server_name) . "' + 'UPDATE ' . $data['table_prefix'] . "config + SET config_value = '" . $db->sql_escape($data['server_name']) . "' WHERE config_name = 'server_name'", - 'UPDATE ' . $table_prefix . "config - SET config_value = '" . $db->sql_escape($server_port) . "' + 'UPDATE ' . $data['table_prefix'] . "config + SET config_value = '" . $db->sql_escape($data['server_port']) . "' WHERE config_name = 'server_port'", - 'UPDATE ' . $table_prefix . "config - SET config_value = '" . $db->sql_escape($board_email1) . "' + 'UPDATE ' . $data['table_prefix'] . "config + SET config_value = '" . $db->sql_escape($data['board_email1']) . "' WHERE config_name = 'board_email'", - 'UPDATE ' . $table_prefix . "config - SET config_value = '" . $db->sql_escape($board_email1) . "' + 'UPDATE ' . $data['table_prefix'] . "config + SET config_value = '" . $db->sql_escape($data['board_email1']) . "' WHERE config_name = 'board_contact'", - 'UPDATE ' . $table_prefix . "config + 'UPDATE ' . $data['table_prefix'] . "config SET config_value = '" . $db->sql_escape($cookie_domain) . "' WHERE config_name = 'cookie_domain'", - 'UPDATE ' . $table_prefix . "config + 'UPDATE ' . $data['table_prefix'] . "config SET config_value = '" . $db->sql_escape($lang['default_dateformat']) . "' WHERE config_name = 'default_dateformat'", - 'UPDATE ' . $table_prefix . "config - SET config_value = '" . $db->sql_escape($email_enable) . "' + 'UPDATE ' . $data['table_prefix'] . "config + SET config_value = '" . $db->sql_escape($data['email_enable']) . "' WHERE config_name = 'email_enable'", - 'UPDATE ' . $table_prefix . "config - SET config_value = '" . $db->sql_escape($smtp_delivery) . "' + 'UPDATE ' . $data['table_prefix'] . "config + SET config_value = '" . $db->sql_escape($data['smtp_delivery']) . "' WHERE config_name = 'smtp_delivery'", - 'UPDATE ' . $table_prefix . "config - SET config_value = '" . $db->sql_escape($smtp_host) . "' + 'UPDATE ' . $data['table_prefix'] . "config + SET config_value = '" . $db->sql_escape($data['smtp_host']) . "' WHERE config_name = 'smtp_host'", - 'UPDATE ' . $table_prefix . "config - SET config_value = '" . $db->sql_escape($smtp_auth) . "' + 'UPDATE ' . $data['table_prefix'] . "config + SET config_value = '" . $db->sql_escape($data['smtp_auth']) . "' WHERE config_name = 'smtp_auth_method'", - 'UPDATE ' . $table_prefix . "config - SET config_value = '" . $db->sql_escape($smtp_user) . "' + 'UPDATE ' . $data['table_prefix'] . "config + SET config_value = '" . $db->sql_escape($data['smtp_user']) . "' WHERE config_name = 'smtp_username'", - 'UPDATE ' . $table_prefix . "config - SET config_value = '" . $db->sql_escape($smtp_pass) . "' + 'UPDATE ' . $data['table_prefix'] . "config + SET config_value = '" . $db->sql_escape($data['smtp_pass']) . "' WHERE config_name = 'smtp_password'", - 'UPDATE ' . $table_prefix . "config - SET config_value = '" . $db->sql_escape($cookie_secure) . "' + 'UPDATE ' . $data['table_prefix'] . "config + SET config_value = '" . $db->sql_escape($data['cookie_secure']) . "' WHERE config_name = 'cookie_secure'", - 'UPDATE ' . $table_prefix . "config - SET config_value = '" . $db->sql_escape($force_server_vars) . "' + 'UPDATE ' . $data['table_prefix'] . "config + SET config_value = '" . $db->sql_escape($data['force_server_vars']) . "' WHERE config_name = 'force_server_vars'", - 'UPDATE ' . $table_prefix . "config - SET config_value = '" . $db->sql_escape($script_path) . "' + 'UPDATE ' . $data['table_prefix'] . "config + SET config_value = '" . $db->sql_escape($data['script_path']) . "' WHERE config_name = 'script_path'", - 'UPDATE ' . $table_prefix . "config - SET config_value = '" . $db->sql_escape($server_protocol) . "' + 'UPDATE ' . $data['table_prefix'] . "config + SET config_value = '" . $db->sql_escape($data['server_protocol']) . "' WHERE config_name = 'server_protocol'", - 'UPDATE ' . $table_prefix . "config - SET config_value = '" . $db->sql_escape($admin_name) . "' + 'UPDATE ' . $data['table_prefix'] . "config + SET config_value = '" . $db->sql_escape($data['admin_name']) . "' WHERE config_name = 'newest_username'", - 'UPDATE ' . $table_prefix . "config + 'UPDATE ' . $data['table_prefix'] . "config SET config_value = '" . md5(mt_rand()) . "' WHERE config_name = 'avatar_salt'", - 'UPDATE ' . $table_prefix . "users - SET username = '" . $db->sql_escape($admin_name) . "', user_password='" . $db->sql_escape(md5($admin_pass1)) . "', user_ip = '" . $db->sql_escape($user_ip) . "', user_lang = '" . $db->sql_escape($default_lang) . "', user_email='" . $db->sql_escape($board_email1) . "', user_dateformat='" . $db->sql_escape($lang['default_dateformat']) . "', user_email_hash = " . (crc32($board_email1) . strlen($board_email1)) . ", username_clean = '" . $db->sql_escape(utf8_clean_string($admin_name)) . "' + 'UPDATE ' . $data['table_prefix'] . "users + SET username = '" . $db->sql_escape($data['admin_name']) . "', user_password='" . $db->sql_escape(md5($data['admin_pass1'])) . "', user_ip = '" . $db->sql_escape($user_ip) . "', user_lang = '" . $db->sql_escape($data['default_lang']) . "', user_email='" . $db->sql_escape($data['board_email1']) . "', user_dateformat='" . $db->sql_escape($lang['default_dateformat']) . "', user_email_hash = " . (crc32($data['board_email1']) . strlen($data['board_email1'])) . ", username_clean = '" . $db->sql_escape(utf8_clean_string($data['admin_name'])) . "' WHERE username = 'Admin'", - 'UPDATE ' . $table_prefix . "moderator_cache - SET username = '" . $db->sql_escape($admin_name) . "' + 'UPDATE ' . $data['table_prefix'] . "moderator_cache + SET username = '" . $db->sql_escape($data['admin_name']) . "' WHERE username = 'Admin'", - 'UPDATE ' . $table_prefix . "forums - SET forum_last_poster_name = '" . $db->sql_escape($admin_name) . "' + 'UPDATE ' . $data['table_prefix'] . "forums + SET forum_last_poster_name = '" . $db->sql_escape($data['admin_name']) . "' WHERE forum_last_poster_name = 'Admin'", - 'UPDATE ' . $table_prefix . "topics - SET topic_first_poster_name = '" . $db->sql_escape($admin_name) . "', topic_last_poster_name = '" . $db->sql_escape($admin_name) . "' + 'UPDATE ' . $data['table_prefix'] . "topics + SET topic_first_poster_name = '" . $db->sql_escape($data['admin_name']) . "', topic_last_poster_name = '" . $db->sql_escape($data['admin_name']) . "' WHERE topic_first_poster_name = 'Admin' OR topic_last_poster_name = 'Admin'", - 'UPDATE ' . $table_prefix . "users + 'UPDATE ' . $data['table_prefix'] . "users SET user_regdate = $current_time", - 'UPDATE ' . $table_prefix . "posts + 'UPDATE ' . $data['table_prefix'] . "posts SET post_time = $current_time, poster_ip = '" . $db->sql_escape($user_ip) . "'", - 'UPDATE ' . $table_prefix . "topics + 'UPDATE ' . $data['table_prefix'] . "topics SET topic_time = $current_time, topic_last_post_time = $current_time", - 'UPDATE ' . $table_prefix . "forums + 'UPDATE ' . $data['table_prefix'] . "forums SET forum_last_post_time = $current_time", ); if (@extension_loaded('gd') || can_load_dll('gd')) { - $sql_ary[] = 'UPDATE ' . $table_prefix . "config + $sql_ary[] = 'UPDATE ' . $data['table_prefix'] . "config SET config_value = '1' WHERE config_name = 'captcha_gd'"; } @@ -1374,7 +1352,7 @@ class install_install extends module $rand_str = substr($rand_str, 0, 5); $cookie_name .= strtolower($rand_str); - $sql_ary[] = 'UPDATE ' . $table_prefix . "config + $sql_ary[] = 'UPDATE ' . $data['table_prefix'] . "config SET config_value = '" . $db->sql_escape($cookie_name) . "' WHERE config_name = 'cookie_name'"; @@ -1389,11 +1367,6 @@ class install_install extends module } } - foreach ($this->request_vars as $var) - { - $s_hidden_fields .= '<input type="hidden" name="' . $var . '" value="' . $$var . '" />'; - } - $submit = $lang['NEXT_STEP']; $url = $this->p_master->module_url . "?mode=$mode&sub=final"; @@ -1401,7 +1374,7 @@ class install_install extends module $template->assign_vars(array( 'BODY' => $lang['STAGE_CREATE_TABLE_EXPLAIN'], 'L_SUBMIT' => $submit, - 'S_HIDDEN' => $s_hidden_fields, + 'S_HIDDEN' => build_hidden_fields($data), 'U_ACTION' => $url, )); } @@ -1414,23 +1387,18 @@ class install_install extends module global $db, $lang, $phpbb_root_path, $phpEx, $config; // Obtain any submitted data - foreach ($this->request_vars as $var) - { - $$var = (in_array($var, array('admin_name', 'dbpasswd', 'admin_pass1', 'admin_pass2'))) ? request_var($var, '', true) : request_var($var, ''); - } - - $dbpasswd = htmlspecialchars_decode($dbpasswd); + $data = $this->get_submitted_data(); // If we get here and the extension isn't loaded it should be safe to just go ahead and load it - $available_dbms = get_available_dbms($dbms); + $available_dbms = get_available_dbms($data['dbms']); // Load the appropriate database class if not already loaded - include($phpbb_root_path . 'includes/db/' . $available_dbms[$dbms]['DRIVER'] . '.' . $phpEx); + include($phpbb_root_path . 'includes/db/' . $available_dbms[$data['dbms']]['DRIVER'] . '.' . $phpEx); // Instantiate the database - $sql_db = 'dbal_' . $available_dbms[$dbms]['DRIVER']; + $sql_db = 'dbal_' . $available_dbms[$data['dbms']]['DRIVER']; $db = new $sql_db(); - $db->sql_connect($dbhost, $dbuser, $dbpasswd, $dbname, $dbport, false, false); + $db->sql_connect($data['dbhost'], $data['dbuser'], $data['dbpasswd'], $data['dbname'], $data['dbport'], false, false); // NOTE: trigger_error does not work here. $db->sql_return_on_error(true); @@ -1807,10 +1775,7 @@ class install_install extends module global $db, $lang, $phpbb_root_path, $phpEx, $config; // Obtain any submitted data - foreach ($this->request_vars as $var) - { - $$var = (in_array($var, array('admin_name', 'dbpasswd', 'admin_pass1', 'admin_pass2'))) ? request_var($var, '', true) : request_var($var, ''); - } + $data = $this->get_submitted_data(); // Fill the config array - it is needed by those functions we call $sql = 'SELECT * @@ -1852,7 +1817,7 @@ class install_install extends module 'user_password' => '', 'user_colour' => '9E8DA7', 'user_email' => '', - 'user_lang' => $default_lang, + 'user_lang' => $data['default_lang'], 'user_style' => 1, 'user_timezone' => 0, 'user_dateformat' => $lang['default_dateformat'], @@ -1890,10 +1855,7 @@ class install_install extends module $this->page_title = $lang['STAGE_FINAL']; // Obtain any submitted data - foreach ($this->request_vars as $var) - { - $$var = (in_array($var, array('admin_name', 'dbpasswd', 'admin_pass1', 'admin_pass2'))) ? request_var($var, '', true) : request_var($var, ''); - } + $data = $this->get_submitted_data(); // Load the basic configuration data include_once($phpbb_root_path . 'includes/constants.' . $phpEx); @@ -1910,7 +1872,7 @@ class install_install extends module $db->sql_freeresult($result); $user->session_begin(); - $auth->login($admin_name, $admin_pass1, false, true, true); + $auth->login($data['admin_name'], $data['admin_pass1'], false, true, true); // OK, Now that we've reached this point we can be confident that everything // is installed and working......I hope :) @@ -1923,9 +1885,9 @@ class install_install extends module $messenger = new messenger(false); - $messenger->template('installed', $language); + $messenger->template('installed', $data['language']); - $messenger->to($board_email1, $admin_name); + $messenger->to($data['board_email1'], $data['admin_name']); $messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']); $messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']); @@ -1933,8 +1895,8 @@ class install_install extends module $messenger->headers('X-AntiAbuse: User IP - ' . $user->ip); $messenger->assign_vars(array( - 'USERNAME' => htmlspecialchars_decode($admin_name), - 'PASSWORD' => htmlspecialchars_decode($admin_pass1)) + 'USERNAME' => htmlspecialchars_decode($data['admin_name']), + 'PASSWORD' => htmlspecialchars_decode($data['admin_pass1'])) ); $messenger->send(NOTIFY_EMAIL); @@ -1945,7 +1907,7 @@ class install_install extends module $template->assign_vars(array( 'TITLE' => $lang['INSTALL_CONGRATS'], - 'BODY' => sprintf($lang['INSTALL_CONGRATS_EXPLAIN'], $config['version'], append_sid($phpbb_root_path . 'install/index.' . $phpEx, 'mode=convert&language=' . $language), '../docs/README.html'), + 'BODY' => sprintf($lang['INSTALL_CONGRATS_EXPLAIN'], $config['version'], append_sid($phpbb_root_path . 'install/index.' . $phpEx, 'mode=convert&language=' . $data['language']), '../docs/README.html'), 'L_SUBMIT' => $lang['INSTALL_LOGIN'], 'U_ACTION' => append_sid($phpbb_root_path . 'adm/index.' . $phpEx), )); @@ -1969,12 +1931,44 @@ class install_install extends module return $s_smtp_auth_options; } - /** - * The variables that we will be passing between pages - * Used to retrieve data quickly on each page + * Get submitted data */ - var $request_vars = array('language', 'dbms', 'dbhost', 'dbport', 'dbuser', 'dbpasswd', 'dbname', 'table_prefix', 'default_lang', 'admin_name', 'admin_pass1', 'admin_pass2', 'board_email1', 'board_email2', 'img_imagick', 'ftp_path', 'ftp_user', 'ftp_pass', 'email_enable', 'smtp_delivery', 'smtp_host', 'smtp_auth', 'smtp_user', 'smtp_pass', 'cookie_secure', 'force_server_vars', 'server_protocol', 'server_name', 'server_port', 'script_path'); + function get_submitted_data() + { + return array( + 'language' => basename(request_var('language', '')), + 'dbms' => request_var('dbms', ''), + 'dbhost' => request_var('dbhost', ''), + 'dbport' => request_var('dbport', ''), + 'dbuser' => request_var('dbuser', ''), + 'dbpasswd' => htmlspecialchars_decode(request_var('dbpasswd', '', true)), + 'dbname' => request_var('dbname', ''), + 'table_prefix' => request_var('table_prefix', ''), + 'default_lang' => basename(request_var('default_lang', '')), + 'admin_name' => utf8_normalize_nfc(request_var('admin_name', '', true)), + 'admin_pass1' => request_var('admin_pass1', '', true), + 'admin_pass2' => request_var('admin_pass2', '', true), + 'board_email1' => strtolower(request_var('board_email1', '')), + 'board_email2' => strtolower(request_var('board_email2', '')), + 'img_imagick' => request_var('img_imagick', ''), + 'ftp_path' => request_var('ftp_path', ''), + 'ftp_user' => request_var('ftp_user', ''), + 'ftp_pass' => request_var('ftp_pass', ''), + 'email_enable' => request_var('email_enable', ''), + 'smtp_delivery' => request_var('smtp_delivery', ''), + 'smtp_host' => request_var('smtp_host', ''), + 'smtp_auth' => request_var('smtp_auth', ''), + 'smtp_user' => request_var('smtp_user', ''), + 'smtp_pass' => request_var('smtp_pass', ''), + 'cookie_secure' => request_var('cookie_secure', ''), + 'force_server_vars' => request_var('force_server_vars', ''), + 'server_protocol' => request_var('server_protocol', ''), + 'server_name' => request_var('server_name', ''), + 'server_port' => request_var('server_port', ''), + 'script_path' => request_var('script_path', ''), + ); + } /** * The information below will be used to build the input fields presented to the user diff --git a/phpBB/mcp.php b/phpBB/mcp.php index 839c8082c6..e2670c66c0 100644 --- a/phpBB/mcp.php +++ b/phpBB/mcp.php @@ -78,7 +78,7 @@ $post_id = request_var('p', 0); $topic_id = request_var('t', 0); $forum_id = request_var('f', 0); $user_id = request_var('u', 0); -$username = request_var('username', '', true); +$username = utf8_normalize_nfc(request_var('username', '', true)); if ($post_id) { diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index 9d3262deeb..759355481f 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -332,7 +332,7 @@ switch ($mode) include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); $subject = sprintf($user->lang['IM_JABBER_SUBJECT'], $user->data['username'], $config['server_name']); - $message = trim(request_var('message', '', true)); + $message = utf8_normalize_nfc(request_var('message', '', true)); if (empty($message)) { @@ -698,11 +698,11 @@ switch ($mode) $error = array(); - $name = request_var('name', '', true); + $name = utf8_normalize_nfc(request_var('name', '', true)); $email = request_var('email', ''); $email_lang = request_var('lang', $config['default_lang']); - $subject = request_var('subject', '', true); - $message = request_var('message', '', true); + $subject = utf8_normalize_nfc(request_var('subject', '', true)); + $message = utf8_normalize_nfc(request_var('message', '', true)); $cc = (isset($_POST['cc_email'])) ? true : false; $submit = (isset($_POST['submit'])) ? true : false; diff --git a/phpBB/posting.php b/phpBB/posting.php index 282f651f43..11cce9a451 100644 --- a/phpBB/posting.php +++ b/phpBB/posting.php @@ -561,7 +561,7 @@ $solved_captcha = false; if ($submit || $preview || $refresh) { $post_data['topic_cur_post_id'] = request_var('topic_cur_post_id', 0); - $post_data['post_subject'] = trim(utf8_normalize_nfc(request_var('subject', '', true))); + $post_data['post_subject'] = utf8_normalize_nfc(request_var('subject', '', true)); $message_parser->message = utf8_normalize_nfc(request_var('message', '', true)); $post_data['username'] = utf8_normalize_nfc(request_var('username', $post_data['username'], true)); diff --git a/phpBB/search.php b/phpBB/search.php index bf3422a7ed..16840a4c6d 100644 --- a/phpBB/search.php +++ b/phpBB/search.php @@ -30,8 +30,8 @@ $topic_id = request_var('t', 0); $view = request_var('view', ''); $submit = request_var('submit', false); -$keywords = request_var('keywords', '', true); -$add_keywords = request_var('add_keywords', '', true); +$keywords = utf8_normalize_nfc(request_var('keywords', '', true)); +$add_keywords = utf8_normalize_nfc(request_var('add_keywords', '', true)); $author = request_var('author', '', true); $author_id = request_var('author_id', 0); $show_results = ($topic_id) ? 'posts' : request_var('sr', 'posts'); diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index a722a20cd8..7d07b227fb 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -37,6 +37,9 @@ $sort_dir = request_var('sd', ((!empty($user->data['user_post_sortby_dir'])) ? $ $update = request_var('update', false); +/** +* @todo normalize? +*/ $hilit_words = request_var('hilit', '', true); // Do we have a topic or post id? |