diff options
Diffstat (limited to 'phpBB/includes/ucp/ucp_pm.php')
| -rw-r--r-- | phpBB/includes/ucp/ucp_pm.php | 71 |
1 files changed, 51 insertions, 20 deletions
diff --git a/phpBB/includes/ucp/ucp_pm.php b/phpBB/includes/ucp/ucp_pm.php index f026cd3eb3..00d1ce7149 100644 --- a/phpBB/includes/ucp/ucp_pm.php +++ b/phpBB/includes/ucp/ucp_pm.php @@ -62,7 +62,7 @@ class ucp_pm $template->assign_var('S_PRIVMSGS', true); // Folder directly specified? - $folder_specified = request_var('folder', ''); + $folder_specified = $request->variable('folder', ''); if (!in_array($folder_specified, array('inbox', 'outbox', 'sentbox'))) { @@ -75,20 +75,23 @@ class ucp_pm if (!$folder_specified) { - $mode = (!$mode) ? request_var('mode', 'view') : $mode; + $mode = (!$mode) ? $request->variable('mode', 'view') : $mode; } else { $mode = 'view'; } - include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx); + if (!function_exists('get_folder')) + { + include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx); + } switch ($mode) { // Compose message case 'compose': - $action = request_var('action', 'post'); + $action = $request->variable('action', 'post'); $user_folders = get_folder($user->data['user_id']); @@ -104,7 +107,10 @@ class ucp_pm break; } - include($phpbb_root_path . 'includes/ucp/ucp_pm_compose.' . $phpEx); + if (!function_exists('compose_pm')) + { + include($phpbb_root_path . 'includes/ucp/ucp_pm_compose.' . $phpEx); + } compose_pm($id, $mode, $action, $user_folders); $tpl_file = 'posting_body'; @@ -114,7 +120,10 @@ class ucp_pm set_user_message_limit(); get_folder($user->data['user_id']); - include($phpbb_root_path . 'includes/ucp/ucp_pm_options.' . $phpEx); + if (!function_exists('message_options')) + { + include($phpbb_root_path . 'includes/ucp/ucp_pm_options.' . $phpEx); + } message_options($id, $mode, $global_privmsgs_rules, $global_rule_conditions); $tpl_file = 'ucp_pm_options'; @@ -125,8 +134,10 @@ class ucp_pm get_folder($user->data['user_id']); $this->p_name = 'pm'; - // Call another module... please do not try this at home... Hoochie Coochie Man - include($phpbb_root_path . 'includes/ucp/ucp_main.' . $phpEx); + if (!class_exists('ucp_main')) + { + include($phpbb_root_path . 'includes/ucp/ucp_main.' . $phpEx); + } $module = new ucp_main($this); $module->u_action = $this->u_action; @@ -151,12 +162,12 @@ class ucp_pm } else { - $folder_id = request_var('f', PRIVMSGS_NO_BOX); - $action = request_var('action', 'view_folder'); + $folder_id = $request->variable('f', PRIVMSGS_NO_BOX); + $action = $request->variable('action', 'view_folder'); } - $msg_id = request_var('p', 0); - $view = request_var('view', ''); + $msg_id = $request->variable('p', 0); + $view = $request->variable('view', ''); // View message if specified if ($msg_id) @@ -166,20 +177,29 @@ class ucp_pm if (!$auth->acl_get('u_readpm')) { + send_status_line(403, 'Forbidden'); trigger_error('NO_AUTH_READ_MESSAGE'); } + if ($view == 'print' && (!$config['print_pm'] || !$auth->acl_get('u_pm_printpm'))) + { + send_status_line(403, 'Forbidden'); + trigger_error('NO_AUTH_PRINT_MESSAGE'); + } + // Do not allow hold messages to be seen if ($folder_id == PRIVMSGS_HOLD_BOX) { trigger_error('NO_AUTH_READ_HOLD_MESSAGE'); } + add_form_key('ucp_pm_view'); + // First Handle Mark actions and moving messages $submit_mark = (isset($_POST['submit_mark'])) ? true : false; $move_pm = (isset($_POST['move_pm'])) ? true : false; - $mark_option = request_var('mark_option', ''); - $dest_folder = request_var('dest_folder', PRIVMSGS_NO_BOX); + $mark_option = $request->variable('mark_option', ''); + $dest_folder = $request->variable('dest_folder', PRIVMSGS_NO_BOX); // Is moving PM triggered through mark options? if (!in_array($mark_option, array('mark_important', 'delete_marked')) && $submit_mark) @@ -189,11 +209,16 @@ class ucp_pm $submit_mark = false; } + if (($move_pm || $submit_mark) && !check_form_key('ucp_pm_view')) + { + trigger_error('FORM_INVALID'); + } + // Move PM if ($move_pm) { - $move_msg_ids = (isset($_POST['marked_msg_id'])) ? request_var('marked_msg_id', array(0)) : array(); - $cur_folder_id = request_var('cur_folder_id', PRIVMSGS_NO_BOX); + $move_msg_ids = (isset($_POST['marked_msg_id'])) ? $request->variable('marked_msg_id', array(0)) : array(); + $cur_folder_id = $request->variable('cur_folder_id', PRIVMSGS_NO_BOX); if (move_pm($user->data['user_id'], $user->data['message_limit'], $move_msg_ids, $dest_folder, $cur_folder_id)) { @@ -201,7 +226,7 @@ class ucp_pm if ($action == 'view_message') { $msg_id = 0; - $folder_id = request_var('cur_folder_id', PRIVMSGS_NO_BOX); + $folder_id = $request->variable('cur_folder_id', PRIVMSGS_NO_BOX); $action = 'view_folder'; } } @@ -215,7 +240,7 @@ class ucp_pm // If new messages arrived, place them into the appropriate folder $num_not_moved = $num_removed = 0; - $release = request_var('release', 0); + $release = $request->variable('release', 0); if ($user->data['user_new_privmsg'] && ($action == 'view_folder' || $action == 'view_message')) { @@ -368,7 +393,10 @@ class ucp_pm if ($action == 'view_folder') { - include($phpbb_root_path . 'includes/ucp/ucp_pm_viewfolder.' . $phpEx); + if (!function_exists('view_folder')) + { + include($phpbb_root_path . 'includes/ucp/ucp_pm_viewfolder.' . $phpEx); + } view_folder($id, $mode, $folder_id, $folder); $tpl_file = 'ucp_pm_viewfolder'; @@ -386,7 +414,10 @@ class ucp_pm trigger_error('NO_MESSAGE'); } - include($phpbb_root_path . 'includes/ucp/ucp_pm_viewmessage.' . $phpEx); + if (!function_exists('view_message')) + { + include($phpbb_root_path . 'includes/ucp/ucp_pm_viewmessage.' . $phpEx); + } view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row); $tpl_file = ($view == 'print') ? 'ucp_pm_viewmessage_print' : 'ucp_pm_viewmessage'; |