+// malicious rewriting of language and otherarray values via

+// URI params

+// for the following if... loop because a language file

+if( isset($HTTP_GET_VARS[POST_GROUPS_URL]) || ( isset($HTTP_POST_VARS[POST_GROUPS_URL]) && isset($HTTP_POST_VARS['viewinfo']) ) )

+ $group_id = ( isset($HTTP_POST_VARS[POST_GROUPS_URL]) ) ? $HTTP_POST_VARS[POST_GROUPS_URL] : $HTTP_GET_VARS[POST_GROUPS_URL];

+ $email_img = "<a href=\"mailto:$altered_email\"><img src=\"" . $images['icon_email'] . "\" border=\"0\" alt=\"" . $lang['Send_an_email'] . "\"></a>";

+ $pm_img = "<a href=\"" . append_sid("privmsg.$phpEx?mode=post&" . POST_USERS_URL . "=" . $group_members[$i]['user_id']) . "\"><img src=\"" . $images['icon_pm'] . "\" border=\"0\" alt=\"" . $lang['Send_private_message'] . "\"></a>";

+ $www_img = "<a href=\"$website_url\" target=\"_userwww\"><img src=\"" . $images['icon_www'] . "\" border=\"0\"/></a>";

+ $icq_status_img = "<a href=\"http://wwp.icq.com/" . $group_members[$i]['user_icq'] . "#pager\"><img src=\"http://online.mirabilis.com/scripts/online.dll?icq=" . $group_members[$i]['user_icq'] . "&img=5\" border=\"0\"></a>";

+ $icq_add_img = "<a href=\"http://wwp.icq.com/scripts/search.dll?to=" . $group_members[$i]['user_icq'] . "\"><img src=\"" . $images['icq'] . "\" alt=\"". $lang['ICQ'] . "\" border=\"0\"></a>";

+ $aim_img = ($group_members[$i]['user_aim']) ? "<a href=\"aim:goim?screenname=" . $group_members[$i]['user_aim'] . "&message=Hello+Are+you+there?\"><img src=\"" . $images['icon_aim'] . "\" border=\"0\"></a>" : "&nbsp;";

+ $msn_img = ($group_members[$i]['user_msnm']) ? "<a href=\"profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=$poster_id\"><img src=\"" . $images['icon_msnm'] . "\" border=\"0\"></a>" : "&nbsp;";

+ $yim_img = ($group_members[$i]['user_yim']) ? "<a href=\"http://edit.yahoo.com/config/send_webmesg?.target=" . $group_members[$i]['user_yim'] . "&.src=pg\"><img src=\"" . $images['icon_yim'] . "\" border=\"0\"></a>" : "&nbsp;";

+ $search_img = "<a href=\"" . append_sid("search.$phpEx?a=" . urlencode($group_members[$i]['username']) . "&f=all&b=0&d=DESC&c=100&dosearch=1") . "\"><img src=\"" . $images['icon_search'] . "\" border=\"0\"></a>";

+

+

+else

+{

+

+ $sql = "SELECT group_id, group_name

+ FROM " . GROUPS_TABLE . "

+ WHERE group_single_user <> " . TRUE . "

+ ORDER BY group_name";

+ if(!$result = $db->sql_query($sql))

+ {

+ message_die(GENERAL_ERROR, "Error getting group information", "", __LINE__, __FILE__, $sql);

+ }

+ if( !$db->sql_numrows($result) )

+ {

+ message_die(GENERAL_MESSAGE, "No groups exist");

+ }

+ $group_list = $db->sql_fetchrowset($result);

+

+ $sql = "SELECT g.group_id, g.group_name, ug.user_pending

+ FROM " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug

+ WHERE ug.user_id = " . $userdata['user_id'] . "

+ AND g.group_id = ug.group_id

+ AND g.group_single_user <> " . TRUE . "

+ ORDER BY g.group_name";

+ if(!$result = $db->sql_query($sql))

+ {

+ message_die(GENERAL_ERROR, "Error getting group information", "", __LINE__, __FILE__, $sql);

+ }

+ if($db->sql_numrows($result))

+ {

+ $membergroup_list = $db->sql_fetchrowset($result);

+ }

+

+ $template->set_filenames(array(

+ "user" => "groupcp_user_body.tpl",

+ "jumpbox" => "jumpbox.tpl")

+ );

+

+ $jumpbox = make_jumpbox();

+ $template->assign_vars(array(

+ "JUMPBOX_LIST" => $jumpbox,

+ "SELECT_NAME" => POST_FORUM_URL)

+ );

+ $template->assign_var_from_handle("JUMPBOX", "jumpbox");

+

+ $s_group_list = '<select name="' . POST_GROUPS_URL . '">';

+ for($i = 0; $i < count($group_list); $i++)

+ {

+ $s_group_list .= '<option value="' . $group_list[$i]['group_id'] . '">' . $group_list[$i]['group_name'] . '</option>';

+ }

+ $s_group_list .= "</select>";

+

+ $s_member_groups = '<select name="' . POST_GROUPS_URL . '">';

+ $s_pending_groups = '<select name="' . POST_GROUPS_URL . '">';

+ for($i = 0; $i < count($membergroup_list); $i++)

+ {

+ if($membergroup_list[$i]['user_pending'])

+ {

+ $s_pending_groups .= '<option value="' . $membergroup_list[$i]['group_id'] . '">' . $membergroup_list[$i]['group_name'] . '</option>';

+ }

+ else

+ {

+ $s_member_groups .= '<option value="' . $membergroup_list[$i]['group_id'] . '">' . $membergroup_list[$i]['group_name'] . '</option>';

+ }

+ }

+ $s_pending_groups .= "</select>";

+ $s_member_groups .= "</select>";

+

+

+ $template->assign_vars(array(

+ "L_YOU_BELONG_GROUPS" => "You belong to the following usergroups",

+ "L_SELECT_A_GROUP" => "To join a usergroup select one from the list",

+ "L_PENDING_GROUPS" => "You have memberships pending on these groups",

+

+ "GROUP_LIST_SELECT" => $s_group_list,

+ "GROUP_PENDING_SELECT" => $s_pending_groups,

+ "GROUP_MEMBER_SELECT" => $s_member_groups)

+ );

+

+ $template->pparse("user");

+

+

+}

+ global $board_config, $theme, $images, $template, $lang, $phpEx, $phpbb_root_path;

+ if($template)

+ {

+ @include($phpbb_root_path . "templates/" . $board_config['default_template'] . "/" . $board_config['default_template'] . ".cfg");

+

+ if( !defined("TEMPLATE_CONFIG") )

+ {

+ message_die(CRITICAL_MESSAGE, "Couldn't open " . $board_config['default_template'] . " template config file");

+ }

+

+ }

+

+ $folder_image = ($forum_rows[$j]['post_time'] > $userdata['session_last_visit']) ? "<img src=\"" . $images['folder_new'] . "\">" : "<img src=\"" . $images['folder'] . "\">";

+ $folder_image = ($forum_rows[$j]['post_time'] >= $userdata['session_time'] - 300) ? "<img src=\"" . $images['folder_new'] . "\">" : "<img src=\"" . $images['folder'] . "\">";

+ $last_post .= "<a href=\"" . append_sid("viewtopic.$phpEx?" . POST_POST_URL . "=" . $forum_rows[$j]['topic_last_post_id']) . "#" . $forum_rows[$j]['topic_last_post_id'] . "\"><img src=\"" . $images['icon_latest_reply'] . "\" width=\"20\" height=\"11\" border=\"0\" alt=\"" . $lang['View_latest_post'] . "\"></a>";

+ if($members[$i]['user_avatar'] != "" && $user_id != ANONYMOUS)

+ $email_img = "<a href=\"mailto:$altered_email\"><img src=\"" . $images['icon_email'] . "\" border=\"0\" alt=\"" . $lang['Send_an_email'] . "\"></a>";

+ $pm_img = "<a href=\"" . append_sid("privmsg.$phpEx?mode=post&" . POST_USERS_URL . "=" . $members[$i]['user_id']) . "\"><img src=\"" . $images['icon_pm'] . "\" border=\"0\" alt=\"" . $lang['Send_private_message'] . "\"></a>";

+ $www_img = "<a href=\"$website_url\" target=\"_userwww\"><img src=\"" . $images['icon_www'] . "\" border=\"0\"/></a>";

+ $icq_status_img = "<a href=\"http://wwp.icq.com/" . $members[$i]['user_icq'] . "#pager\"><img src=\"http://online.mirabilis.com/scripts/online.dll?icq=" . $members[$i]['user_icq'] . "&img=5\" border=\"0\"></a>";

+ $icq_add_img = "<a href=\"http://wwp.icq.com/scripts/search.dll?to=" . $members[$i]['user_icq'] . "\"><img src=\"" . $images['icq'] . "\" alt=\"" . $lang['ICQ'] . "\" border=\"0\"></a>";

+ $aim_img = ($members[$i]['user_aim']) ? "<a href=\"aim:goim?screenname=" . $members[$i]['user_aim'] . "&message=Hello+Are+you+there?\"><img src=\"" . $images['icon_aim'] . "\" border=\"0\"></a>" : "&nbsp;";

+ $msn_img = ($members[$i]['user_msnm']) ? "<a href=\"profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=$poster_id\"><img src=\"" . $images['icon_msnm'] . "\" border=\"0\"></a>" : "&nbsp;";

+ $yim_img = ($members[$i]['user_yim']) ? "<a href=\"http://edit.yahoo.com/config/send_webmesg?.target=" . $members[$i]['user_yim'] . "&.src=pg\"><img src=\"" . $images['icon_yim'] . "\" border=\"0\"></a>" : "&nbsp;";

+ $search_img = "<a href=\"" . append_sid("search.$phpEx?a=" . urlencode($members[$i]['username']) . "&f=all&b=0&d=DESC&c=100&dosearch=1") . "\"><img src=\"" . $images['icon_search'] . "\" border=\"0\"></a>";

+

+ "AVATAR_IMG" => $poster_avatar,

+ $folder_image = "<img src=\"" . $images['folder_locked'] . "\" alt=\"Topic Locked\">";

+ $profile_img = "<a href=\"" . append_sid("profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=$poster_id") . "\"><img src=\"" . $images['icon_profile'] . "\" alt=\"" . $lang['Profile'] . "\" border=\"0\"></a>";

+ $email_img = ($privmsg['user_viewemail'] == 1) ? "<a href=\"mailto:" . $privmsg['user_email'] . "\"><img src=\"" .$images['icon_email'] . "\" alt=\"" . $lang['Email'] . "\" border=\"0\"></a>" : "";

+ $www_img = ($privmsg['user_website']) ? "<a href=\"" . $privmsg['user_website'] . "\"><img src=\"" . $images['icon_www'] . "\" alt=\"" . $lang['Website'] . "\" border=\"0\"></a>" : "";

+ $icq_status_img = "<a href=\"http://wwp.icq.com/" . $privmsg['user_icq'] . "#pager\"><img src=\"http://online.mirabilis.com/scripts/online.dll?icq=" . $privmsg['user_icq'] . "&img=5\" border=\"0\"></a>";

+ $icq_add_img = "<a href=\"http://wwp.icq.com/scripts/search.dll?to=" . $privmsg['user_icq'] . "\"><img src=\"" . $images['icon_icq'] . "\" alt=\"" . $lang['ICQ'] . "\" border=\"0\"></a>";

+ $aim_img = ($privmsg['user_aim']) ? "<a href=\"aim:goim?screenname=" . $privmsg['user_aim'] . "&message=Hello+Are+you+there?\"><img src=\"" . $images['icon_aim'] . "\" border=\"0\"></a>" : "";

+ $msn_img = ($privmsg['user_msnm']) ? "<a href=\"profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=$poster_id\"><img src=\"" . $images['icon_msnm'] . "\" border=\"0\"></a>" : "";

+ $yim_img = ($privmsg['user_yim']) ? "<a href=\"http://edit.yahoo.com/config/send_webmesg?.target=" . $privmsg['user_yim'] . "&.src=pg\"><img src=\"" . $images['icon_yim'] . "\" border=\"0\"></a>" : "";

+ $quote_img = "<a href=\"" . append_sid("privmsg.$phpEx?mode=reply&quote=true&" . POST_POST_URL . "=" . $privmsgs_id) . "\"><img src=\"" . $images['icon_quote'] . "\" alt=\"\" border=\"0\"></a>";

+ $edit_img = "<a href=\"" . append_sid("privmsg.$phpEx?folder=$folder&mode=edit&" . POST_POST_URL . "=" . $privmsgs_id) . "\"><img src=\"" . $images['icon_edit'] . "\" alt=\"\" border=\"0\"></a>";

+ $icq_status = "<a href=\"http://wwp.icq.com/" . $members[$i]['user_icq'] . "#pager\"><img src=\"http://online.mirabilis.com/scripts/online.dll?icq=" . $members[$i]['user_icq'] . "&img=5\" border=\"0\"></a>";

+ $icq_add = "<a href=\"http://wwp.icq.com/scripts/search.dll?to=" . $members[$i]['user_icq'] . "\"><img src=\"" . $images['icon_icq'] . "\" alt=\"" . $lang['ICQ'] . "\" border=\"0\"></a>";

+ $aim = ($members[$i]['user_aim']) ? "<a href=\"aim:goim?screenname=" . $members[$i]['user_aim'] . "&message=Hello+Are+you+there?\"><img src=\"" . $images['icon_aim'] . "\" border=\"0\"></a>" : "&nbsp;";

+ $msnm = ($members[$i]['user_msnm']) ? "<a href=\"profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=$poster_id\"><img src=\"" . $images['icon_msnm'] . "\" border=\"0\"></a>" : "&nbsp;";

+ $yim = ($members[$i]['user_yim']) ? "<a href=\"http://edit.yahoo.com/config/send_webmesg?.target=" . $members[$i]['user_yim'] . "&.src=pg\"><img src=\"" . $images['icon_yim'] . "\" border=\"0\"></a>" : "&nbsp;";

+ $search = "<a href=\"" . append_sid("search.$phpEx?a=" . urlencode($members[$i]['username']) . "&f=all&b=0&d=DESC&c=100&dosearch=1") . "\"><img src=\"" . $images['icon_search'] . "\" border=\"0\"></a>";

+<?php

+

+//

+// Do not alter this line!

+//

+define(TEMPLATE_CONFIG, TRUE);

+

+//

+// Configuration file for PSO template

+//

+// This contains (at present) an array, images which

+// points to the location of individiual images used

+// by the template

+//

+

+$images['icon_quote'] = "images/icon_quote.gif";

+$images['icon_edit'] = "images/icon_edit.gif";

+$images['icon_search'] = "images/icon_search.gif";

+$images['icon_profile'] = "images/icon_profile.gif";

+$images['icon_pm'] = "images/icon_pm.gif";

+$images['icon_email'] = "images/icon_email.gif";

+$images['icon_delpost'] = "images/icon_delete.gif";

+$images['icon_ip'] = "images/icon_ip.gif";

+$images['icon_www'] = "images/icon_www.gif";

+$images['icon_icq'] = "images/icon_icq_add.gif";

+$images['icon_aim'] = "images/icon_aim.gif";

+$images['icon_yim'] = "images/icon_yim.gif";

+$images['icon_msnm'] = "images/icon_msnm.gif";

+$images['icon_minipost'] = "images/icon_minipost.gif";

+$images['icon_latest_reply'] = "images/icon_latest_reply.gif";

+

+$images['folder'] = "images/folder.gif";

+$images['folder_new'] = "images/folder_new.gif";

+$images['folder_locked'] = "images/folder_lock.gif";

+

+$images['topic_new'] = "templates/PSO/images/post.gif";

+$images['topic_reply'] = "templates/PSO/images/reply.gif";

+$images['topic_locked'] = "templates/PSO/images/reply-locked.gif";

+

+?> \ No newline at end of file

+$images['icon_quote'] = "images/icon_quote.gif";

+$images['icon_edit'] = "images/icon_edit.gif";

+$images['icon_profile'] = "images/icon_profile.gif";

+$images['icon_pm'] = "images/icon_pm.gif";

+$images['icon_email'] = "images/icon_email.gif";

+$images['icon_delpost'] = "images/icon_delete.gif";

+$images['icon_ip'] = "images/icon_ip.gif";

+$images['icon_www'] = "images/icon_www.gif";

+$images['icon_icq'] = "images/icon_icq_add.gif";

+$images['icon_aim'] = "images/icon_aim.gif";

+$images['icon_yim'] = "images/icon_yim.gif";

+$images['icon_msnm'] = "images/icon_msnm.gif";

+$images['icon_minipost'] = "images/icon_minipost.gif";

+$images['icon_latest_reply'] = "images/icon_latest_reply.gif";

+$images['folder_new'] = "images/folder_new.gif";

+$images['folder_locked'] = "images/folder_lock.gif";

+$images['topic_new'] = "templates/PSO/images/post.gif";

+$images['topic_reply'] = "templates/PSO/images/reply.gif";

+$images['topic_locked'] = "templates/PSO/images/reply-locked.gif";

+

+ "IMG_POST" => $images['topic_new'])

+ $goto_page = "&nbsp;&nbsp;&nbsp;(<img src=\"" . $images['icon_minipost'] . "\">" . $lang['Goto_page'] . ": ";

+ $folder_image = "<img src=\"" . $images['folder_locked'] . "\" alt=\"Topic Locked\">";

+ $folder_image = ($topic_rowset[$i]['post_time'] > $userdata['session_last_visit']) ? "<img src=\"" . $images['folder_new'] . "\">" : "<img src=\"" . $images['folder'] . "\">";

+ $folder_image = ($topic_rowset[$i]['post_time'] > $userdata['session_time'] - 300) ? "<img src=\"" . $images['folder_new'] . "\">" : "<img src=\"" . $images['folder'] . "\">";

+ $last_post .= "<a href=\"" . append_sid("viewtopic.$phpEx?" . POST_POST_URL . "=" . $topic_rowset[$i]['topic_last_post_id']) . "#" . $topic_rowset[$i]['topic_last_post_id'] . "\"><img src=\"" . $images['icon_latest_reply'] . "\" width=\"20\" height=\"11\" border=\"0\" alt=\"View Latest Post\"></a>";

+ "IMG_POST" => $images['topic_new'],

+ "IMG_REPLY" => ( ($forum_row[0]['topic_status'] == TOPIC_LOCKED) ? $images['topic_locked'] : $images['topic_reply'] ),

+ $profile_img = "<a href=\"" . append_sid("profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=$poster_id") . "\"><img src=\"" . $images['icon_profile'] . "\" alt=\"" . $lang['Read_profile'] . " $poster\" border=\"0\"></a>";

+ $pm_img = "<a href=\"" . append_sid("privmsg.$phpEx?mode=post&" . POST_USERS_URL . "=$poster_id") . "\"><img src=\"". $images['icon_pm'] . "\" alt=\"" . $lang['Private_messaging'] . "\" border=\"0\"></a>";

+ $email_img = ($postrow[$i]['user_viewemail'] == 1) ? "<a href=\"mailto:" . $postrow[$i]['user_email'] . "\"><img src=\"" . $images['icon_email'] . "\" alt=\"" . $lang['Send_email'] . " $poster\" border=\"0\"></a>" : "";

+ $www_img = ($postrow[$i]['user_website']) ? "<a href=\"" . $postrow[$i]['user_website'] . "\"><img src=\"" . $images['icon_www'] . "\" alt=\"" . $lang['Visit_website'] . "\" border=\"0\"></a>" : "";

+ $icq_status_img = "<a href=\"http://wwp.icq.com/" . $postrow[$i]['user_icq'] . "#pager\"><img src=\"http://online.mirabilis.com/scripts/online.dll?icq=" . $postrow[$i]['user_icq'] . "&img=5\" border=\"0\"></a>";

+ $icq_add_img = "<a href=\"http://wwp.icq.com/scripts/search.dll?to=" . $postrow[$i]['user_icq'] . "\"><img src=\"" . $images['icon_icq'] . "\" alt=\"" . $lang['ICQ'] . "\" border=\"0\"></a>";

+ $aim_img = ($postrow[$i]['user_aim']) ? "<a href=\"aim:goim?screenname=" . $postrow[$i]['user_aim'] . "&message=Hello+Are+you+there?\"><img src=\"" . $images['icon_aim'] . "\" border=\"0\" alt=\"" . $lang['AIM'] . "\"></a>" : "";

+ $msn_img = ($postrow[$i]['user_msnm']) ? "<a href=\"profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=$poster_id\"><img src=\"" . $images['icon_msnm'] . "\" border=\"0\" alt=\"" . $lang['MSNM'] . "\"></a>" : "";

+ $yim_img = ($postrow[$i]['user_yim']) ? "<a href=\"http://edit.yahoo.com/config/send_webmesg?.target=" . $postrow[$i]['user_yim'] . "&.src=pg\"><img src=\"" . $images['icon_yim'] . "\" border=\"0\" alt=\"" . $lang['YIM'] . "\"></a>" : "";

+ $search_img = "<a href=\"" . append_sid("search.$phpEx?a=" . urlencode($poster) . "&f=all&b=0&d=DESC&c=100&dosearch=1") . "\"><img src=\"" . $images['icon_search'] . "\" border=\"0\"></a>";

+ $edit_img = "<a href=\"" . append_sid("posting.$phpEx?mode=editpost&" . POST_POST_URL . "=" . $postrow[$i]['post_id'] . "&" . POST_TOPIC_URL . "=$topic_id") . "\"><img src=\"" . $images['icon_edit'] . "\" alt=\"" . $lang['Edit_delete_post'] . "\" border=\"0\"></a>";

+ $quote_img = "<a href=\"" . append_sid("posting.$phpEx?mode=quote&" . POST_POST_URL . "=" . $postrow[$i]['post_id']) . "\"><img src=\"" . $images['icon_quote'] . "\" alt=\"" . $lang['Reply_with_quote'] ."\" border=\"0\"></a>";

+ $ip_img = "<a href=\"" . append_sid("modcp.$phpEx?mode=viewip&" . POST_POST_URL . "=" . $post_id) . "\"><img src=\"" . $images['icon_ip'] . "\" alt=\"" . $lang['View_IP'] . "\" border=\"0\"></a>";

+ $delpost_img = "<a href=\"" . append_sid("topicadmin.$phpEx?mode=delpost&" . POST_POST_URL . "=" . $postrow[$i]['post_id']) . "\"><img src=\"" . $images['icon_delpost'] . "\" alt=\"" . $lang['Delete_post'] . "\" border=\"0\"></a>";