1 files changed, 117 insertions, 97 deletions
diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php
index 84dbd7370f..70d6e13f4d 100644
--- a/phpBB/includes/message_parser.php
+++ b/phpBB/includes/message_parser.php
@@ -364,15 +364,11 @@ class bbcode_firstpass extends bbcode
 		// We remove the hardcoded elements from the code block here because it is not used in code blocks
 		// Having it here saves us one preg_replace per message containing [code] blocks
 		// Additionally, magic url parsing should go after parsing bbcodes, but for safety those are stripped out too...
-		$htm_match = array(
-			'#<!\-\- e \-\-><a href="mailto:(.*?)">.*?</a><!\-\- e \-\->#',
-			'#<!\-\- m \-\-><a href="(.*?)" target="_blank">.*?</a><!\-\- m \-\->#',
-			'#<!\-\- w \-\-><a href="http:\/\/(.*?)" target="_blank">.*?</a><!\-\- w \-\->#',
-			'#<!\-\- l \-\-><a href="(.*?)">.*?</a><!\-\- l \-\->#',
-			'#<!\-\- s(.*?) \-\-><img src="\{SMILIES_PATH\}\/.*? \/><!\-\- s\1 \-\->#',
-			'#&\#([0-9]+);#',
-		);
-		$htm_replace = array('\1', '\1', '\1', '\1', '\1', '&amp;#\1;');
+		$htm_match = get_preg_expression('bbcode_htm');
+		$htm_match[3] = '#&\#([0-9]+);#';
+		unset($htm_match[4]);
+
+		$htm_replace = array('\1', '\2', '\1', '&amp;#\1;');
 
 		$out = '';
 
@@ -853,6 +849,7 @@ class parse_message extends bbcode_firstpass
 	var $allow_img_bbcode = true;
 	var $allow_flash_bbcode = true;
 	var $allow_quote_bbcode = true;
+	var $allow_url_bbcode = true;
 
 	var $mode;
 
@@ -873,7 +870,7 @@ class parse_message extends bbcode_firstpass
 	/**
 	* Parse Message
 	*/
-	function parse($allow_bbcode, $allow_magic_url, $allow_smilies, $allow_img_bbcode = true, $allow_flash_bbcode = true, $allow_quote_bbcode = true, $update_this_message = true, $mode = 'post')
+	function parse($allow_bbcode, $allow_magic_url, $allow_smilies, $allow_img_bbcode = true, $allow_flash_bbcode = true, $allow_quote_bbcode = true, $allow_url_bbcode = true, $update_this_message = true, $mode = 'post')
 	{
 		global $config, $db, $user;
 
@@ -884,6 +881,7 @@ class parse_message extends bbcode_firstpass
 		$this->allow_img_bbcode = $allow_img_bbcode;
 		$this->allow_flash_bbcode = $allow_flash_bbcode;
 		$this->allow_quote_bbcode = $allow_quote_bbcode;
+		$this->allow_url_bbcode = $allow_url_bbcode;
 
 		// If false, then $this->message won't be altered, the text will be returned instead.
 		if (!$update_this_message)
@@ -920,7 +918,7 @@ class parse_message extends bbcode_firstpass
 		if ($allow_bbcode && strpos($this->message, '[') !== false)
 		{
 			$this->bbcode_init();
-			$disallow = array('img', 'flash', 'quote');
+			$disallow = array('img', 'flash', 'quote', 'url');
 			foreach ($disallow as $bool)
 			{
 				if (!${'allow_' . $bool . '_bbcode'})
@@ -991,7 +989,7 @@ class parse_message extends bbcode_firstpass
 		if ($this->message_status == 'plain')
 		{
 			// Force updating message - of course.
-			$this->parse($allow_bbcode, $allow_magic_url, $allow_smilies, $this->allow_img_bbcode, $this->allow_flash_bbcode, $this->allow_quote_bbcode, true);
+			$this->parse($allow_bbcode, $allow_magic_url, $allow_smilies, $this->allow_img_bbcode, $this->allow_flash_bbcode, $this->allow_quote_bbcode, $this->allow_url_bbcode, true);
 		}
 
 		// Parse BBcode
@@ -1100,7 +1098,7 @@ class parse_message extends bbcode_firstpass
 			{
 				// (assertion)
 				$match[] = '#(?<=^|[\n ]|\.)' . preg_quote($row['code'], '#') . '#';
-				$replace[] = '<!-- s' . $row['code'] . ' --><img src="{SMILIES_PATH}/' . $row['smiley_url'] . '" border="0" alt="' . $row['emotion'] . '" title="' . $row['emotion'] . '" /><!-- s' . $row['code'] . ' -->';
+				$replace[] = '<!-- s' . $row['code'] . ' --><img src="{SMILIES_PATH}/' . $row['smiley_url'] . '" alt="' . $row['emotion'] . '" title="' . $row['emotion'] . '" /><!-- s' . $row['code'] . ' -->';
 			}
 			$db->sql_freeresult($result);
 		}
@@ -1127,7 +1125,7 @@ class parse_message extends bbcode_firstpass
 	*/
 	function parse_attachments($form_name, $mode, $forum_id, $submit, $preview, $refresh, $is_message = false)
 	{
-		global $config, $auth, $user, $phpbb_root_path, $phpEx;
+		global $config, $auth, $user, $phpbb_root_path, $phpEx, $db;
 
 		$error = array();
 
@@ -1152,7 +1150,7 @@ class parse_message extends bbcode_firstpass
 
 				if ($filedata['post_attach'] && !sizeof($error))
 				{
-					$new_entry = array(
+					$sql_ary = array(
 						'physical_filename'	=> $filedata['physical_filename'],
 						'attach_comment'	=> $this->filename_data['filecomment'],
 						'real_filename'		=> $filedata['real_filename'],
@@ -1160,8 +1158,19 @@ class parse_message extends bbcode_firstpass
 						'mimetype'			=> $filedata['mimetype'],
 						'filesize'			=> $filedata['filesize'],
 						'filetime'			=> $filedata['filetime'],
-						'attach_id'			=> 0,
-						'thumbnail'			=> $filedata['thumbnail']
+						'thumbnail'			=> $filedata['thumbnail'],
+						'is_orphan'			=> 1,
+						'in_message'		=> ($is_message) ? 1 : 0,
+						'poster_id'			=> $user->data['user_id'],
+					);
+
+					$db->sql_query('INSERT INTO ' . ATTACHMENTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
+
+					$new_entry = array(
+						'attach_id'		=> $db->sql_nextid(),
+						'is_orphan'		=> 1,
+						'real_filename'	=> $filedata['real_filename'],
+						'attach_comment'=> $this->filename_data['filecomment'],
 					);
 
 					$this->attachment_data = array_merge(array(0 => $new_entry), $this->attachment_data);
@@ -1195,26 +1204,44 @@ class parse_message extends bbcode_firstpass
 
 				$index = (int) key($_POST['delete_file']);
 
-				// delete selected attachment
-				if (!$this->attachment_data[$index]['attach_id'])
+				if (!empty($this->attachment_data[$index]))
 				{
-					phpbb_unlink($this->attachment_data[$index]['physical_filename'], 'file');
 
-					if ($this->attachment_data[$index]['thumbnail'])
+					// delete selected attachment
+					if ($this->attachment_data[$index]['is_orphan'])
 					{
-						phpbb_unlink($this->attachment_data[$index]['physical_filename'], 'thumbnail');
+						$sql = 'SELECT attach_id, physical_filename, thumbnail
+							FROM ' . ATTACHMENTS_TABLE . '
+							WHERE attach_id = ' . (int) $this->attachment_data[$index]['attach_id'] . '
+								AND is_orphan = 1
+								AND poster_id = ' . $user->data['user_id'];
+						$result = $db->sql_query($sql);
+						$row = $db->sql_fetchrow($result);
+						$db->sql_freeresult($result);
+
+						if ($row)
+						{
+							phpbb_unlink($row['physical_filename'], 'file');
+
+							if ($row['thumbnail'])
+							{
+								phpbb_unlink($row['physical_filename'], 'thumbnail');
+							}
+
+							$db->sql_query('DELETE FROM ' . ATTACHMENTS_TABLE . ' WHERE attach_id = ' . (int) $this->attachment_data[$index]['attach_id']);
+						}
+					}
+					else
+					{
+						delete_attachments('attach', array(intval($this->attachment_data[$index]['attach_id'])));
 					}
-				}
-				else
-				{
-					delete_attachments('attach', array(intval($this->attachment_data[$index]['attach_id'])));
-				}
 
-				unset($this->attachment_data[$index]);
-				$this->message = preg_replace('#\[attachment=([0-9]+)\](.*?)\[\/attachment\]#e', "(\\1 == \$index) ? '' : ((\\1 > \$index) ? '[attachment=' . (\\1 - 1) . ']\\2[/attachment]' : '\\0')", $this->message);
+					unset($this->attachment_data[$index]);
+					$this->message = preg_replace('#\[attachment=([0-9]+)\](.*?)\[\/attachment\]#e', "(\\1 == \$index) ? '' : ((\\1 > \$index) ? '[attachment=' . (\\1 - 1) . ']\\2[/attachment]' : '\\0')", $this->message);
 
-				// Reindex Array
-				$this->attachment_data = array_values($this->attachment_data);
+					// Reindex Array
+					$this->attachment_data = array_values($this->attachment_data);
+				}
 			}
 			else if ($edit_comment || $add_file || $preview)
 			{
@@ -1236,7 +1263,7 @@ class parse_message extends bbcode_firstpass
 
 						if (!sizeof($error))
 						{
-							$new_entry = array(
+							$sql_ary = array(
 								'physical_filename'	=> $filedata['physical_filename'],
 								'attach_comment'	=> $this->filename_data['filecomment'],
 								'real_filename'		=> $filedata['real_filename'],
@@ -1244,8 +1271,19 @@ class parse_message extends bbcode_firstpass
 								'mimetype'			=> $filedata['mimetype'],
 								'filesize'			=> $filedata['filesize'],
 								'filetime'			=> $filedata['filetime'],
-								'attach_id'			=> 0,
-								'thumbnail'			=> $filedata['thumbnail']
+								'thumbnail'			=> $filedata['thumbnail'],
+								'is_orphan'			=> 1,
+								'in_message'		=> ($is_message) ? 1 : 0,
+								'poster_id'			=> $user->data['user_id'],
+							);
+
+							$db->sql_query('INSERT INTO ' . ATTACHMENTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
+
+							$new_entry = array(
+								'attach_id'		=> $db->sql_nextid(),
+								'is_orphan'		=> 1,
+								'real_filename'	=> $filedata['real_filename'],
+								'attach_comment'=> $this->filename_data['filecomment'],
 							);
 
 							$this->attachment_data = array_merge(array(0 => $new_entry), $this->attachment_data);
@@ -1275,99 +1313,83 @@ class parse_message extends bbcode_firstpass
 		global $user, $db, $phpbb_root_path, $phpEx, $config;
 
 		$this->filename_data['filecomment'] = request_var('filecomment', '', true);
-		$this->attachment_data = (isset($_POST['attachment_data'])) ? $_POST['attachment_data'] : array();
+		$attachment_data = (isset($_POST['attachment_data'])) ? $_POST['attachment_data'] : array();
+		$this->attachment_data = array();
 
 		$check_user_id = ($check_user_id === false) ? $user->data['user_id'] : $check_user_id;
 
-		// Regenerate data array...
-		$attach_ids = $filenames = array();
+		if (!sizeof($attachment_data))
+		{
+			return;
+		}
+
+		$not_orphan = $orphan = array();
 
-		foreach ($this->attachment_data as $pos => $var_ary)
+		foreach ($attachment_data as $pos => $var_ary)
 		{
-			if ($var_ary['attach_id'])
+			if ($var_ary['is_orphan'])
 			{
-				$attach_ids[(int) $this->attachment_data[$pos]['attach_id']] = $pos;
+				$orphan[(int) $var_ary['attach_id']] = $pos;
 			}
 			else
 			{
-				$filenames[$pos] = '';
-				set_var($filenames[$pos], $this->attachment_data[$pos]['physical_filename'], 'string');
-				$filenames[$pos] = basename($filenames[$pos]);
+				$not_orphan[(int) $var_ary['attach_id']] = $pos;
 			}
 		}
 
-		$this->attachment_data = array();
-
-		// Regenerate already posted attachments...
-		if (sizeof($attach_ids))
+		// Regenerate already posted attachments
+		if (sizeof($not_orphan))
 		{
-			// Get the data from the attachments
-			$sql = 'SELECT attach_id, physical_filename, real_filename, extension, mimetype, filesize, filetime, thumbnail
+			// Get the attachment data, based on the poster id...
+			$sql = 'SELECT attach_id, is_orphan, real_filename, attach_comment
 				FROM ' . ATTACHMENTS_TABLE . '
-				WHERE ' . $db->sql_in_set('attach_id', array_keys($attach_ids)) . '
+				WHERE ' . $db->sql_in_set('attach_id', array_keys($not_orphan)) . '
 					AND poster_id = ' . $check_user_id;
 			$result = $db->sql_query($sql);
 
 			while ($row = $db->sql_fetchrow($result))
 			{
-				if (isset($attach_ids[$row['attach_id']]))
-				{
-					$pos = $attach_ids[$row['attach_id']];
-					$this->attachment_data[$pos] = $row;
-					set_var($this->attachment_data[$pos]['attach_comment'], $_POST['attachment_data'][$pos]['attach_comment'], 'string', true);
+				$pos = $not_orphan[$row['attach_id']];
+				$this->attachment_data[$pos] = $row;
+				set_var($this->attachment_data[$pos]['attach_comment'], $_POST['attachment_data'][$pos]['attach_comment'], 'string', true);
 
-					unset($attach_ids[$row['attach_id']]);
-				}
+				unset($not_orphan[$row['attach_id']]);
 			}
 			$db->sql_freeresult($result);
+		}
 
-			if (sizeof($attach_ids))
-			{
-				trigger_error($user->lang['NO_ACCESS_ATTACHMENT'], E_USER_ERROR);
-			}
+		if (sizeof($not_orphan))
+		{
+			trigger_error($user->lang['NO_ACCESS_ATTACHMENT'], E_USER_ERROR);
 		}
 
 		// Regenerate newly uploaded attachments
-		if (sizeof($filenames))
+		if (sizeof($orphan))
 		{
-			include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
-
-			$sql = 'SELECT attach_id
+			$sql = 'SELECT attach_id, is_orphan, real_filename, attach_comment
 				FROM ' . ATTACHMENTS_TABLE . '
-				WHERE ' . $db->sql_in_set('LOWER(physical_filename)', array_map('strtolower', $filenames));
-			$result = $db->sql_query_limit($sql, 1);
-			$row = $db->sql_fetchrow($result);
-			$db->sql_freeresult($result);
-
-			if ($row)
-			{
-				trigger_error($user->lang['NO_ACCESS_ATTACHMENT'], E_USER_ERROR);
-			}
+				WHERE ' . $db->sql_in_set('attach_id', array_keys($orphan)) . '
+					AND poster_id = ' . $user->data['user_id'] . '
+					AND is_orphan = 1';
+			$result = $db->sql_query($sql);
 
-			foreach ($filenames as $pos => $physical_filename)
+			while ($row = $db->sql_fetchrow($result))
 			{
-				$this->attachment_data[$pos] = array(
-					'physical_filename'	=> $physical_filename,
-					'extension'			=> strtolower(filespec::get_extension($phpbb_root_path . $config['upload_path'] . '/' . $physical_filename)),
-					'filesize'			=> filespec::get_filesize($phpbb_root_path . $config['upload_path'] . '/' . $physical_filename),
-					'attach_id'			=> 0,
-					'thumbnail'			=> (file_exists($phpbb_root_path . $config['upload_path'] . '/thumb_' . $physical_filename)) ? 1 : 0,
-				);
-
+				$pos = $orphan[$row['attach_id']];
+				$this->attachment_data[$pos] = $row;
 				set_var($this->attachment_data[$pos]['attach_comment'], $_POST['attachment_data'][$pos]['attach_comment'], 'string', true);
-				set_var($this->attachment_data[$pos]['real_filename'], $_POST['attachment_data'][$pos]['real_filename'], 'string', true);
-				set_var($this->attachment_data[$pos]['filetime'], $_POST['attachment_data'][$pos]['filetime'], 'int');
 
-				if (strpos($_POST['attachment_data'][$pos]['mimetype'], 'image/') !== false)
-				{
-					set_var($this->attachment_data[$pos]['mimetype'], $_POST['attachment_data'][$pos]['mimetype'], 'string');
-				}
-				else
-				{
-					$this->attachment_data[$pos]['mimetype'] = filespec::get_mimetype($phpbb_root_path . $config['upload_path'] . '/' . $physical_filename);
-				}
+				unset($orphan[$row['attach_id']]);
 			}
+			$db->sql_freeresult($result);
+		}
+
+		if (sizeof($orphan))
+		{
+			trigger_error($user->lang['NO_ACCESS_ATTACHMENT'], E_USER_ERROR);
 		}
+
+		ksort($this->attachment_data);
 	}
 
 	/**
@@ -1384,8 +1406,7 @@ class parse_message extends bbcode_firstpass
 		$this->message = $poll['poll_option_text'];
 
 
-		$poll['poll_option_text'] = $this->parse($poll['enable_bbcode'], $poll['enable_urls'], $poll['enable_smilies'], $poll['img_status'], false, false, false);
-
+		$poll['poll_option_text'] = $this->parse($poll['enable_bbcode'], ($config['allow_post_links']) ? $poll['enable_urls'] : false, $poll['enable_smilies'], $poll['img_status'], false, false, $config['allow_post_links'], false);
 
 		$this->message = $tmp_message;
 
@@ -1394,8 +1415,7 @@ class parse_message extends bbcode_firstpass
 		$this->message = $poll['poll_title'];
 
 
-		$poll['poll_title'] = $this->parse($poll['enable_bbcode'], $poll['enable_urls'], $poll['enable_smilies'], $poll['img_status'], false, false, false);
-
+		$poll['poll_title'] = $this->parse($poll['enable_bbcode'], ($config['allow_post_links']) ? $poll['enable_urls'] : false, $poll['enable_smilies'], $poll['img_status'], false, false, $config['allow_post_links'], false);
 
 		$this->message = $tmp_message;