diff options
Diffstat (limited to 'phpBB/includes/ucp')
28 files changed, 409 insertions, 366 deletions
diff --git a/phpBB/includes/ucp/info/ucp_attachments.php b/phpBB/includes/ucp/info/ucp_attachments.php index 2e20106f5c..96e7956db9 100644 --- a/phpBB/includes/ucp/info/ucp_attachments.php +++ b/phpBB/includes/ucp/info/ucp_attachments.php @@ -18,7 +18,6 @@ class ucp_attachments_info return array( 'filename' => 'ucp_attachments', 'title' => 'UCP_ATTACHMENTS', - 'version' => '1.0.0', 'modes' => array( 'attachments' => array('title' => 'UCP_MAIN_ATTACHMENTS', 'auth' => 'acl_u_attach', 'cat' => array('UCP_MAIN')), ), diff --git a/phpBB/includes/ucp/info/ucp_auth_link.php b/phpBB/includes/ucp/info/ucp_auth_link.php index 9ec4cb7b3a..57c9269c5e 100644 --- a/phpBB/includes/ucp/info/ucp_auth_link.php +++ b/phpBB/includes/ucp/info/ucp_auth_link.php @@ -18,7 +18,6 @@ class ucp_auth_link_info return array( 'filename' => 'ucp_auth_link', 'title' => 'UCP_AUTH_LINK', - 'version' => '1.0.0', 'modes' => array( 'auth_link' => array('title' => 'UCP_AUTH_LINK_MANAGE', 'auth' => 'authmethod_oauth', 'cat' => array('UCP_PROFILE')), ), diff --git a/phpBB/includes/ucp/info/ucp_groups.php b/phpBB/includes/ucp/info/ucp_groups.php index 6da2a4fe38..42eb285075 100644 --- a/phpBB/includes/ucp/info/ucp_groups.php +++ b/phpBB/includes/ucp/info/ucp_groups.php @@ -18,7 +18,6 @@ class ucp_groups_info return array( 'filename' => 'ucp_groups', 'title' => 'UCP_USERGROUPS', - 'version' => '1.0.0', 'modes' => array( 'membership' => array('title' => 'UCP_USERGROUPS_MEMBER', 'auth' => '', 'cat' => array('UCP_USERGROUPS')), 'manage' => array('title' => 'UCP_USERGROUPS_MANAGE', 'auth' => '', 'cat' => array('UCP_USERGROUPS')), diff --git a/phpBB/includes/ucp/info/ucp_main.php b/phpBB/includes/ucp/info/ucp_main.php index de8e7d5602..e967b8445f 100644 --- a/phpBB/includes/ucp/info/ucp_main.php +++ b/phpBB/includes/ucp/info/ucp_main.php @@ -18,7 +18,6 @@ class ucp_main_info return array( 'filename' => 'ucp_main', 'title' => 'UCP_MAIN', - 'version' => '1.0.0', 'modes' => array( 'front' => array('title' => 'UCP_MAIN_FRONT', 'auth' => '', 'cat' => array('UCP_MAIN')), 'subscribed' => array('title' => 'UCP_MAIN_SUBSCRIBED', 'auth' => '', 'cat' => array('UCP_MAIN')), diff --git a/phpBB/includes/ucp/info/ucp_notifications.php b/phpBB/includes/ucp/info/ucp_notifications.php index 0cc011d96e..94e0467ccb 100644 --- a/phpBB/includes/ucp/info/ucp_notifications.php +++ b/phpBB/includes/ucp/info/ucp_notifications.php @@ -18,10 +18,9 @@ class ucp_notifications_info return array( 'filename' => 'ucp_notifications', 'title' => 'UCP_NOTIFICATION_OPTIONS', - 'version' => '1.0.0', 'modes' => array( 'notification_options' => array('title' => 'UCP_NOTIFICATION_OPTIONS', 'auth' => '', 'cat' => array('UCP_PREFS')), - 'notification_list' => array('title' => 'UCP_NOTIFICATION_LIST', 'auth' => '', 'cat' => array('UCP_MAIN')), + 'notification_list' => array('title' => 'UCP_NOTIFICATION_LIST', 'auth' => 'cfg_allow_board_notifications', 'cat' => array('UCP_MAIN')), ), ); } diff --git a/phpBB/includes/ucp/info/ucp_pm.php b/phpBB/includes/ucp/info/ucp_pm.php index 6aa1669cb6..26bd670fc5 100644 --- a/phpBB/includes/ucp/info/ucp_pm.php +++ b/phpBB/includes/ucp/info/ucp_pm.php @@ -18,7 +18,6 @@ class ucp_pm_info return array( 'filename' => 'ucp_pm', 'title' => 'UCP_PM', - 'version' => '1.0.0', 'modes' => array( 'view' => array('title' => 'UCP_PM_VIEW', 'auth' => 'cfg_allow_privmsg', 'display' => false, 'cat' => array('UCP_PM')), 'compose' => array('title' => 'UCP_PM_COMPOSE', 'auth' => 'cfg_allow_privmsg', 'cat' => array('UCP_PM')), diff --git a/phpBB/includes/ucp/info/ucp_prefs.php b/phpBB/includes/ucp/info/ucp_prefs.php index 5c2d29ac73..4793aa2649 100644 --- a/phpBB/includes/ucp/info/ucp_prefs.php +++ b/phpBB/includes/ucp/info/ucp_prefs.php @@ -18,7 +18,6 @@ class ucp_prefs_info return array( 'filename' => 'ucp_prefs', 'title' => 'UCP_PREFS', - 'version' => '1.0.0', 'modes' => array( 'personal' => array('title' => 'UCP_PREFS_PERSONAL', 'auth' => '', 'cat' => array('UCP_PREFS')), 'post' => array('title' => 'UCP_PREFS_POST', 'auth' => '', 'cat' => array('UCP_PREFS')), diff --git a/phpBB/includes/ucp/info/ucp_profile.php b/phpBB/includes/ucp/info/ucp_profile.php index 919de99a96..fc2792224d 100644 --- a/phpBB/includes/ucp/info/ucp_profile.php +++ b/phpBB/includes/ucp/info/ucp_profile.php @@ -18,7 +18,6 @@ class ucp_profile_info return array( 'filename' => 'ucp_profile', 'title' => 'UCP_PROFILE', - 'version' => '1.0.0', 'modes' => array( 'profile_info' => array('title' => 'UCP_PROFILE_PROFILE_INFO', 'auth' => 'acl_u_chgprofileinfo', 'cat' => array('UCP_PROFILE')), 'signature' => array('title' => 'UCP_PROFILE_SIGNATURE', 'auth' => 'acl_u_sig', 'cat' => array('UCP_PROFILE')), diff --git a/phpBB/includes/ucp/info/ucp_zebra.php b/phpBB/includes/ucp/info/ucp_zebra.php index 99d4a4f4c0..69274c2866 100644 --- a/phpBB/includes/ucp/info/ucp_zebra.php +++ b/phpBB/includes/ucp/info/ucp_zebra.php @@ -18,7 +18,6 @@ class ucp_zebra_info return array( 'filename' => 'ucp_zebra', 'title' => 'UCP_ZEBRA', - 'version' => '1.0.0', 'modes' => array( 'friends' => array('title' => 'UCP_ZEBRA_FRIENDS', 'auth' => '', 'cat' => array('UCP_ZEBRA')), 'foes' => array('title' => 'UCP_ZEBRA_FOES', 'auth' => '', 'cat' => array('UCP_ZEBRA')), diff --git a/phpBB/includes/ucp/ucp_activate.php b/phpBB/includes/ucp/ucp_activate.php index 1f5ce93277..1e54c18dc1 100644 --- a/phpBB/includes/ucp/ucp_activate.php +++ b/phpBB/includes/ucp/ucp_activate.php @@ -29,11 +29,11 @@ class ucp_activate function main($id, $mode) { - global $config, $phpbb_root_path, $phpEx; - global $db, $user, $auth, $template, $phpbb_container, $phpbb_dispatcher; + global $config, $phpbb_root_path, $phpEx, $request; + global $db, $user, $auth, $phpbb_container, $phpbb_log, $phpbb_dispatcher; - $user_id = request_var('u', 0); - $key = request_var('k', ''); + $user_id = $request->variable('u', 0); + $key = $request->variable('k', ''); $sql = 'SELECT user_id, username, user_type, user_email, user_newpasswd, user_lang, user_notify_type, user_actkey, user_inactive_reason FROM ' . USERS_TABLE . " @@ -67,6 +67,7 @@ class ucp_activate { login_box('', $user->lang['NO_AUTH_OPERATION']); } + send_status_line(403, 'Forbidden'); trigger_error('NO_AUTH_OPERATION'); } @@ -86,7 +87,10 @@ class ucp_activate WHERE user_id = ' . $user_row['user_id']; $db->sql_query($sql); - add_log('user', $user_row['user_id'], 'LOG_USER_NEW_PASSWORD', $user_row['username']); + $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_NEW_PASSWORD', false, array( + 'reportee_id' => $user_row['user_id'], + $user_row['username'] + )); } if (!$update_password) @@ -101,15 +105,19 @@ class ucp_activate $db->sql_query($sql); // Create the correct logs - add_log('user', $user_row['user_id'], 'LOG_USER_ACTIVE_USER'); + $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_ACTIVE_USER', false, array( + 'reportee_id' => $user_row['user_id'] + )); + if ($auth->acl_get('a_user')) { - add_log('admin', 'LOG_USER_ACTIVE', $user_row['username']); + $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_ACTIVE', false, array($user_row['username'])); } } if ($config['require_activation'] == USER_ACTIVATION_ADMIN && !$update_password) { + /* @var $phpbb_notifications \phpbb\notification\manager */ $phpbb_notifications = $phpbb_container->get('notification_manager'); $phpbb_notifications->delete_notifications('notification.type.admin_activate_user', $user_row['user_id']); diff --git a/phpBB/includes/ucp/ucp_attachments.php b/phpBB/includes/ucp/ucp_attachments.php index 42724209aa..66c3109b3d 100644 --- a/phpBB/includes/ucp/ucp_attachments.php +++ b/phpBB/includes/ucp/ucp_attachments.php @@ -29,15 +29,14 @@ class ucp_attachments function main($id, $mode) { - global $template, $user, $db, $config, $phpEx, $phpbb_root_path, $phpbb_container; + global $template, $user, $db, $config, $phpEx, $phpbb_root_path, $phpbb_container, $request; - $start = request_var('start', 0); - $sort_key = request_var('sk', 'a'); - $sort_dir = request_var('sd', 'a'); + $start = $request->variable('start', 0); + $sort_key = $request->variable('sk', 'a'); + $sort_dir = $request->variable('sd', 'a'); $delete = (isset($_POST['delete'])) ? true : false; - $confirm = (isset($_POST['confirm'])) ? true : false; - $delete_ids = array_keys(request_var('attachment', array(0))); + $delete_ids = array_keys($request->variable('attachment', array(0))); if ($delete && sizeof($delete_ids)) { @@ -70,12 +69,10 @@ class ucp_attachments if (confirm_box(true)) { - if (!function_exists('delete_attachments')) - { - include_once($phpbb_root_path . 'includes/functions_admin.' . $phpEx); - } - - delete_attachments('attach', $delete_ids); + /** @var \phpbb\attachment\manager $attachment_manager */ + $attachment_manager = $phpbb_container->get('attachment.manager'); + $attachment_manager->delete('attach', $delete_ids); + unset($attachment_manager); meta_refresh(3, $this->u_action); $message = ((sizeof($delete_ids) == 1) ? $user->lang['ATTACHMENT_DELETED'] : $user->lang['ATTACHMENTS_DELETED']) . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); @@ -123,6 +120,7 @@ class ucp_attachments $db->sql_freeresult($result); // Ensure start is a valid value + /* @var $pagination \phpbb\pagination */ $pagination = $phpbb_container->get('pagination'); $start = $pagination->validate_start($start, $config['topics_per_page'], $num_attachments); diff --git a/phpBB/includes/ucp/ucp_auth_link.php b/phpBB/includes/ucp/ucp_auth_link.php index 748f0fdec2..08aacdef3a 100644 --- a/phpBB/includes/ucp/ucp_auth_link.php +++ b/phpBB/includes/ucp/ucp_auth_link.php @@ -38,6 +38,7 @@ class ucp_auth_link $error = array(); + /* @var $provider_collection \phpbb\auth\provider_collection */ $provider_collection = $phpbb_container->get('auth.provider_collection'); $auth_provider = $provider_collection->get_provider(); diff --git a/phpBB/includes/ucp/ucp_confirm.php b/phpBB/includes/ucp/ucp_confirm.php index 7392f8dea8..cdf4de65fd 100644 --- a/phpBB/includes/ucp/ucp_confirm.php +++ b/phpBB/includes/ucp/ucp_confirm.php @@ -36,10 +36,10 @@ class ucp_confirm function main($id, $mode) { - global $db, $user, $phpbb_root_path, $config, $phpEx, $phpbb_container; + global $config, $phpbb_container, $request; $captcha = $phpbb_container->get('captcha.factory')->get_instance($config['captcha_plugin']); - $captcha->init(request_var('type', 0)); + $captcha->init($request->variable('type', 0)); $captcha->execute(); garbage_collection(); diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php index 86a8226d5b..352b7d1ec3 100644 --- a/phpBB/includes/ucp/ucp_groups.php +++ b/phpBB/includes/ucp/ucp_groups.php @@ -30,16 +30,17 @@ class ucp_groups { global $config, $phpbb_root_path, $phpEx, $phpbb_admin_path; global $db, $user, $auth, $cache, $template; - global $request, $phpbb_container; + global $request, $phpbb_container, $phpbb_log; $user->add_lang('groups'); $return_page = '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $this->u_action . '">', '</a>'); - $mark_ary = request_var('mark', array(0)); + $mark_ary = $request->variable('mark', array(0)); $submit = $request->variable('submit', false, false, \phpbb\request\request_interface::POST); - $delete = $request->variable('delete', false, false, \phpbb\request\request_interface::POST); - $error = $data = array(); + + /** @var \phpbb\group\helper $group_helper */ + $group_helper = $phpbb_container->get('group_helper'); switch ($mode) { @@ -49,8 +50,8 @@ class ucp_groups if ($submit || isset($_POST['change_default'])) { - $action = (isset($_POST['change_default'])) ? 'change_default' : request_var('action', ''); - $group_id = ($action == 'change_default') ? request_var('default', 0) : request_var('selected', 0); + $action = (isset($_POST['change_default'])) ? 'change_default' : $request->variable('action', ''); + $group_id = ($action == 'change_default') ? $request->variable('default', 0) : $request->variable('selected', 0); if (!$group_id) { @@ -65,7 +66,7 @@ class ucp_groups $group_row = array(); while ($row = $db->sql_fetchrow($result)) { - $row['group_name'] = ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']; + $row['group_name'] = $group_helper->get_name($row['group_name']); $group_row[$row['group_id']] = $row; } $db->sql_freeresult($result); @@ -86,6 +87,7 @@ class ucp_groups if (!$auth->acl_get('u_chggrp')) { + send_status_line(403, 'Forbidden'); trigger_error($user->lang['NOT_AUTHORISED'] . $return_page); } @@ -99,7 +101,10 @@ class ucp_groups { group_user_attributes('default', $group_id, $user->data['user_id']); - add_log('user', $user->data['user_id'], 'LOG_USER_GROUP_CHANGE', sprintf($user->lang['USER_GROUP_CHANGE'], $group_row[$user->data['group_id']]['group_name'], $group_row[$group_id]['group_name'])); + $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_GROUP_CHANGE', false, array( + 'reportee_id' => $user->data['user_id'], + sprintf($user->lang['USER_GROUP_CHANGE'], $group_row[$user->data['group_id']]['group_name'], $group_row[$group_id]['group_name']) + )); meta_refresh(3, $this->u_action); trigger_error($user->lang['CHANGED_DEFAULT_GROUP'] . $return_page); @@ -146,7 +151,10 @@ class ucp_groups { group_user_del($group_id, $user->data['user_id']); - add_log('user', $user->data['user_id'], 'LOG_USER_GROUP_RESIGN', $group_row[$group_id]['group_name']); + $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_GROUP_RESIGN', false, array( + 'reportee_id' => $user->data['user_id'], + $group_row[$group_id]['group_name'] + )); meta_refresh(3, $this->u_action); trigger_error($user->lang[($row['user_pending']) ? 'GROUP_RESIGNED_PENDING' : 'GROUP_RESIGNED_MEMBERSHIP'] . $return_page); @@ -202,7 +210,10 @@ class ucp_groups group_user_add($group_id, $user->data['user_id'], false, false, false, 0, 1); } - add_log('user', $user->data['user_id'], 'LOG_USER_GROUP_JOIN' . (($group_row[$group_id]['group_type'] == GROUP_FREE) ? '' : '_PENDING'), $group_row[$group_id]['group_name']); + $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_GROUP_JOIN' . (($group_row[$group_id]['group_type'] == GROUP_FREE) ? '' : '_PENDING'), false, array( + 'reportee_id' => $user->data['user_id'], + $group_row[$group_id]['group_name'] + )); meta_refresh(3, $this->u_action); trigger_error($user->lang[($group_row[$group_id]['group_type'] == GROUP_FREE) ? 'GROUP_JOINED' : 'GROUP_JOINED_PENDING'] . $return_page); @@ -237,7 +248,10 @@ class ucp_groups { group_user_attributes('demote', $group_id, $user->data['user_id']); - add_log('user', $user->data['user_id'], 'LOG_USER_GROUP_DEMOTE', $group_row[$group_id]['group_name']); + $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_GROUP_DEMOTE', false, array( + 'reportee_id' => $user->data['user_id'], + $group_row[$group_id]['group_name'] + )); meta_refresh(3, $this->u_action); trigger_error($user->lang['USER_GROUP_DEMOTED'] . $return_page); @@ -295,7 +309,7 @@ class ucp_groups $template->assign_block_vars($block, array( 'GROUP_ID' => $row['group_id'], - 'GROUP_NAME' => ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name'], + 'GROUP_NAME' => $group_helper->get_name($row['group_name']), 'GROUP_DESC' => ($row['group_type'] <> GROUP_SPECIAL) ? generate_text_for_display($row['group_desc'], $row['group_desc_uid'], $row['group_desc_bitfield'], $row['group_desc_options']) : $user->lang['GROUP_IS_SPECIAL'], 'GROUP_SPECIAL' => ($row['group_type'] <> GROUP_SPECIAL) ? false : true, 'GROUP_STATUS' => $user->lang['GROUP_IS_' . $group_status], @@ -349,7 +363,7 @@ class ucp_groups $template->assign_block_vars('nonmember', array( 'GROUP_ID' => $row['group_id'], - 'GROUP_NAME' => ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name'], + 'GROUP_NAME' => $group_helper->get_name($row['group_name']), 'GROUP_DESC' => ($row['group_type'] <> GROUP_SPECIAL) ? generate_text_for_display($row['group_desc'], $row['group_desc_uid'], $row['group_desc_bitfield'], $row['group_desc_options']) : $user->lang['GROUP_IS_SPECIAL'], 'GROUP_SPECIAL' => ($row['group_type'] <> GROUP_SPECIAL) ? false : true, 'GROUP_CLOSED' => ($row['group_type'] <> GROUP_CLOSED || $auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel')) ? false : true, @@ -379,8 +393,8 @@ class ucp_groups case 'manage': $this->page_title = 'UCP_USERGROUPS_MANAGE'; - $action = (isset($_POST['addusers'])) ? 'addusers' : request_var('action', ''); - $group_id = request_var('g', 0); + $action = (isset($_POST['addusers'])) ? 'addusers' : $request->variable('action', ''); + $group_id = $request->variable('g', 0); include($phpbb_root_path . 'includes/functions_display.' . $phpEx); @@ -414,7 +428,7 @@ class ucp_groups $avatar = phpbb_get_group_avatar($group_row, 'GROUP_AVATAR', true); $template->assign_vars(array( - 'GROUP_NAME' => ($group_type == GROUP_SPECIAL) ? $user->lang['G_' . $group_name] : $group_name, + 'GROUP_NAME' => $group_helper->get_name($group_name), 'GROUP_INTERNAL_NAME' => $group_name, 'GROUP_COLOUR' => (isset($group_row['group_colour'])) ? $group_row['group_colour'] : '', 'GROUP_DESC_DISP' => generate_text_for_display($group_row['group_desc'], $group_row['group_desc_uid'], $group_row['group_desc_bitfield'], $group_row['group_desc_options']), @@ -447,11 +461,8 @@ class ucp_groups trigger_error($user->lang['NOT_LEADER_OF_GROUP'] . $return_page); } - $file_uploads = (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on') ? true : false; $user->add_lang(array('acp/groups', 'acp/common')); - $data = $submit_ary = array(); - $update = (isset($_POST['update'])) ? true : false; $error = array(); @@ -499,20 +510,20 @@ class ucp_groups // Did we submit? if ($update) { - $group_name = utf8_normalize_nfc(request_var('group_name', '', true)); - $group_desc = utf8_normalize_nfc(request_var('group_desc', '', true)); - $group_type = request_var('group_type', GROUP_FREE); + $group_name = $request->variable('group_name', '', true); + $group_desc = $request->variable('group_desc', '', true); + $group_type = $request->variable('group_type', GROUP_FREE); - $allow_desc_bbcode = request_var('desc_parse_bbcode', false); - $allow_desc_urls = request_var('desc_parse_urls', false); - $allow_desc_smilies = request_var('desc_parse_smilies', false); + $allow_desc_bbcode = $request->variable('desc_parse_bbcode', false); + $allow_desc_urls = $request->variable('desc_parse_urls', false); + $allow_desc_smilies = $request->variable('desc_parse_smilies', false); $submit_ary = array( - 'colour' => request_var('group_colour', ''), - 'rank' => request_var('group_rank', 0), + 'colour' => $request->variable('group_colour', ''), + 'rank' => $request->variable('group_rank', 0), 'receive_pm' => isset($_REQUEST['group_receive_pm']) ? 1 : 0, - 'message_limit' => request_var('group_message_limit', 0), - 'max_recipients'=> request_var('group_max_recipients', 0), + 'message_limit' => $request->variable('group_message_limit', 0), + 'max_recipients'=> $request->variable('group_max_recipients', 0), 'legend' => $group_row['group_legend'], 'teampage' => $group_row['group_teampage'], ); @@ -521,7 +532,6 @@ class ucp_groups { // Handle avatar $driver_name = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', '')); - $config_name = preg_replace('#^avatar\.driver.#', '', $driver_name); if (in_array($driver_name, $avatar_drivers) && !$request->is_set_post('avatar_delete')) { @@ -610,7 +620,6 @@ class ucp_groups } else if (!$group_id) { - $group_name = utf8_normalize_nfc(request_var('group_name', '', true)); $group_desc_data = array( 'text' => '', 'allow_bbcode' => true, @@ -747,7 +756,7 @@ class ucp_groups } $user->add_lang(array('acp/groups', 'acp/common')); - $start = request_var('start', 0); + $start = $request->variable('start', 0); // Grab the leaders - always, on every page... $sql = 'SELECT u.user_id, u.username, u.username_clean, u.user_colour, u.user_regdate, u.user_posts, u.group_id, ug.group_leader, ug.user_pending @@ -836,6 +845,7 @@ class ucp_groups $s_action_options .= '<option value="' . $option . '">' . $user->lang['GROUP_' . $lang] . '</option>'; } + /* @var $pagination \phpbb\pagination */ $pagination = $phpbb_container->get('pagination'); $base_url = $this->u_action . "&action=$action&g=$group_id"; $start = $pagination->validate_start($start, $config['topics_per_page'], $total_members); @@ -897,7 +907,7 @@ class ucp_groups trigger_error($user->lang['NOT_LEADER_OF_GROUP'] . $return_page); } - $group_row['group_name'] = ($group_row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $group_row['group_name']] : $group_row['group_name']; + $group_row['group_name'] = $group_helper->get_name($group_row['group_name']); if (confirm_box(true)) { @@ -976,7 +986,7 @@ class ucp_groups trigger_error($user->lang['NOT_LEADER_OF_GROUP'] . $return_page); } - $group_row['group_name'] = ($group_row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $group_row['group_name']] : $group_row['group_name']; + $group_row['group_name'] = $group_helper->get_name($group_row['group_name']); if (confirm_box(true)) { @@ -1014,7 +1024,7 @@ class ucp_groups $user->add_lang(array('acp/groups', 'acp/common')); - $names = utf8_normalize_nfc(request_var('usernames', '', true)); + $names = $request->variable('usernames', '', true); if (!$group_id) { @@ -1038,9 +1048,9 @@ class ucp_groups } $name_ary = array_unique(explode("\n", $names)); - $group_name = ($group_row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $group_row['group_name']] : $group_row['group_name']; + $group_name = $group_helper->get_name($group_row['group_name']); - $default = request_var('default', 0); + $default = $request->variable('default', 0); if (confirm_box(true)) { @@ -1084,7 +1094,7 @@ class ucp_groups while ($value = $db->sql_fetchrow($result)) { $template->assign_block_vars('leader', array( - 'GROUP_NAME' => ($value['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $value['group_name']] : $value['group_name'], + 'GROUP_NAME' => $group_helper->get_name($value['group_name']), 'GROUP_DESC' => generate_text_for_display($value['group_desc'], $value['group_desc_uid'], $value['group_desc_bitfield'], $value['group_desc_options']), 'GROUP_TYPE' => $value['group_type'], 'GROUP_ID' => $value['group_id'], diff --git a/phpBB/includes/ucp/ucp_login_link.php b/phpBB/includes/ucp/ucp_login_link.php index bfe4804286..f4d47e30bb 100644 --- a/phpBB/includes/ucp/ucp_login_link.php +++ b/phpBB/includes/ucp/ucp_login_link.php @@ -57,6 +57,7 @@ class ucp_login_link } // Use the auth_provider requested even if different from configured + /* @var $provider_collection \phpbb\auth\provider_collection */ $provider_collection = $phpbb_container->get('auth.provider_collection'); $auth_provider = $provider_collection->get_provider($request->variable('auth_provider', '')); @@ -98,7 +99,7 @@ class ucp_login_link else { // Finish login - $result = $user->session_create($login_result['user_row']['user_id'], false, false, true); + $user->session_create($login_result['user_row']['user_id'], false, false, true); // Perform a redirect as the account has been linked $this->perform_redirect(); @@ -181,7 +182,7 @@ class ucp_login_link */ protected function process_login_result($result) { - global $config, $request, $template, $user, $phpbb_container; + global $config, $template, $user, $phpbb_container; $login_error = null; diff --git a/phpBB/includes/ucp/ucp_main.php b/phpBB/includes/ucp/ucp_main.php index 8584a9a0fd..77ac1dfb54 100644 --- a/phpBB/includes/ucp/ucp_main.php +++ b/phpBB/includes/ucp/ucp_main.php @@ -227,9 +227,8 @@ class ucp_main { if (check_form_key('ucp_front_subscribed')) { - $forums = array_keys(request_var('f', array(0 => 0))); - $topics = array_keys(request_var('t', array(0 => 0))); - $msg = ''; + $forums = array_keys($request->variable('f', array(0 => 0))); + $topics = array_keys($request->variable('t', array(0 => 0))); if (sizeof($forums) || sizeof($topics)) { @@ -451,7 +450,7 @@ class ucp_main if (isset($_POST['unbookmark'])) { $s_hidden_fields = array('unbookmark' => 1); - $topics = (isset($_POST['t'])) ? array_keys(request_var('t', array(0 => 0))) : array(); + $topics = (isset($_POST['t'])) ? array_keys($request->variable('t', array(0 => 0))) : array(); $url = $this->u_action; if (!sizeof($topics)) @@ -507,7 +506,7 @@ class ucp_main { if (check_form_key('ucp_draft')) { - $drafts = array_keys(request_var('d', array(0 => 0))); + $drafts = array_keys($request->variable('d', array(0 => 0))); if (sizeof($drafts)) { @@ -530,8 +529,8 @@ class ucp_main if ($submit && $edit) { - $draft_subject = utf8_normalize_nfc(request_var('subject', '', true)); - $draft_message = utf8_normalize_nfc(request_var('message', '', true)); + $draft_subject = $request->variable('subject', '', true); + $draft_message = $request->variable('message', '', true); if (check_form_key('ucp_draft')) { if ($draft_message && $draft_subject) @@ -695,9 +694,10 @@ class ucp_main { global $user, $db, $template, $config, $cache, $auth, $phpbb_root_path, $phpEx, $phpbb_container, $request, $phpbb_dispatcher; - $table = ($mode == 'subscribed') ? TOPICS_WATCH_TABLE : BOOKMARKS_TABLE; - $start = request_var('start', 0); + /* @var $pagination \phpbb\pagination */ $pagination = $phpbb_container->get('pagination'); + $table = ($mode == 'subscribed') ? TOPICS_WATCH_TABLE : BOOKMARKS_TABLE; + $start = $request->variable('start', 0); // Grab icons $icons = $cache->obtain_icons(); @@ -852,6 +852,7 @@ class ucp_main } } + /* @var $phpbb_content_visibility \phpbb\content_visibility */ $phpbb_content_visibility = $phpbb_container->get('content.visibility'); foreach ($topic_list as $topic_id) diff --git a/phpBB/includes/ucp/ucp_notifications.php b/phpBB/includes/ucp/ucp_notifications.php index 66dc651447..51bd77bd4c 100644 --- a/phpBB/includes/ucp/ucp_notifications.php +++ b/phpBB/includes/ucp/ucp_notifications.php @@ -34,7 +34,10 @@ class ucp_notifications $form_time = $request->variable('form_time', 0); $form_time = ($form_time <= 0 || $form_time > time()) ? time() : $form_time; + /* @var $phpbb_notifications \phpbb\notification\manager */ $phpbb_notifications = $phpbb_container->get('notification_manager'); + + /* @var $pagination \phpbb\pagination */ $pagination = $phpbb_container->get('pagination'); switch ($mode) @@ -67,15 +70,6 @@ class ucp_notifications $phpbb_notifications->delete_subscription($type, 0, $method_data['id']); } } - - if ($request->is_set_post(str_replace('.', '_', $type) . '_notification') && !isset($subscriptions[$type])) - { - $phpbb_notifications->add_subscription($type); - } - else if (!$request->is_set_post(str_replace('.', '_', $type) . '_notification') && isset($subscriptions[$type])) - { - $phpbb_notifications->delete_subscription($type); - } } } @@ -97,7 +91,7 @@ class ucp_notifications // Mark all items read if ($request->variable('mark', '') == 'all' && check_link_hash($request->variable('token', ''), 'mark_all_notifications_read')) { - $phpbb_notifications->mark_notifications_read(false, false, $user->data['user_id'], $form_time); + $phpbb_notifications->mark_notifications(false, false, $user->data['user_id'], $form_time); meta_refresh(3, $this->u_action); $message = $user->lang['NOTIFICATIONS_MARK_ALL_READ_SUCCESS']; @@ -128,11 +122,11 @@ class ucp_notifications if (!empty($mark_read)) { - $phpbb_notifications->mark_notifications_read_by_id($mark_read, $form_time); + $phpbb_notifications->mark_notifications_by_id('notification.method.board', $mark_read, $form_time); } } - $notifications = $phpbb_notifications->load_notifications(array( + $notifications = $phpbb_notifications->load_notifications('notification.method.board', array( 'start' => $start, 'limit' => $config['topics_per_page'], 'count_total' => true, @@ -193,8 +187,6 @@ class ucp_notifications 'NAME' => $user->lang($data['lang']), 'EXPLAIN' => (isset($user->lang[$data['lang'] . '_EXPLAIN'])) ? $user->lang($data['lang'] . '_EXPLAIN') : '', - - 'SUBSCRIBED' => (isset($subscriptions[$type])) ? true : false, )); foreach ($notification_methods as $method => $method_data) diff --git a/phpBB/includes/ucp/ucp_pm.php b/phpBB/includes/ucp/ucp_pm.php index f026cd3eb3..d145d66f59 100644 --- a/phpBB/includes/ucp/ucp_pm.php +++ b/phpBB/includes/ucp/ucp_pm.php @@ -62,7 +62,7 @@ class ucp_pm $template->assign_var('S_PRIVMSGS', true); // Folder directly specified? - $folder_specified = request_var('folder', ''); + $folder_specified = $request->variable('folder', ''); if (!in_array($folder_specified, array('inbox', 'outbox', 'sentbox'))) { @@ -75,7 +75,7 @@ class ucp_pm if (!$folder_specified) { - $mode = (!$mode) ? request_var('mode', 'view') : $mode; + $mode = (!$mode) ? $request->variable('mode', 'view') : $mode; } else { @@ -88,7 +88,7 @@ class ucp_pm { // Compose message case 'compose': - $action = request_var('action', 'post'); + $action = $request->variable('action', 'post'); $user_folders = get_folder($user->data['user_id']); @@ -151,12 +151,12 @@ class ucp_pm } else { - $folder_id = request_var('f', PRIVMSGS_NO_BOX); - $action = request_var('action', 'view_folder'); + $folder_id = $request->variable('f', PRIVMSGS_NO_BOX); + $action = $request->variable('action', 'view_folder'); } - $msg_id = request_var('p', 0); - $view = request_var('view', ''); + $msg_id = $request->variable('p', 0); + $view = $request->variable('view', ''); // View message if specified if ($msg_id) @@ -166,6 +166,7 @@ class ucp_pm if (!$auth->acl_get('u_readpm')) { + send_status_line(403, 'Forbidden'); trigger_error('NO_AUTH_READ_MESSAGE'); } @@ -178,8 +179,8 @@ class ucp_pm // First Handle Mark actions and moving messages $submit_mark = (isset($_POST['submit_mark'])) ? true : false; $move_pm = (isset($_POST['move_pm'])) ? true : false; - $mark_option = request_var('mark_option', ''); - $dest_folder = request_var('dest_folder', PRIVMSGS_NO_BOX); + $mark_option = $request->variable('mark_option', ''); + $dest_folder = $request->variable('dest_folder', PRIVMSGS_NO_BOX); // Is moving PM triggered through mark options? if (!in_array($mark_option, array('mark_important', 'delete_marked')) && $submit_mark) @@ -192,8 +193,8 @@ class ucp_pm // Move PM if ($move_pm) { - $move_msg_ids = (isset($_POST['marked_msg_id'])) ? request_var('marked_msg_id', array(0)) : array(); - $cur_folder_id = request_var('cur_folder_id', PRIVMSGS_NO_BOX); + $move_msg_ids = (isset($_POST['marked_msg_id'])) ? $request->variable('marked_msg_id', array(0)) : array(); + $cur_folder_id = $request->variable('cur_folder_id', PRIVMSGS_NO_BOX); if (move_pm($user->data['user_id'], $user->data['message_limit'], $move_msg_ids, $dest_folder, $cur_folder_id)) { @@ -201,7 +202,7 @@ class ucp_pm if ($action == 'view_message') { $msg_id = 0; - $folder_id = request_var('cur_folder_id', PRIVMSGS_NO_BOX); + $folder_id = $request->variable('cur_folder_id', PRIVMSGS_NO_BOX); $action = 'view_folder'; } } @@ -215,7 +216,7 @@ class ucp_pm // If new messages arrived, place them into the appropriate folder $num_not_moved = $num_removed = 0; - $release = request_var('release', 0); + $release = $request->variable('release', 0); if ($user->data['user_new_privmsg'] && ($action == 'view_folder' || $action == 'view_message')) { diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index d365e8b489..b61a9fab9f 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -44,14 +44,14 @@ function compose_pm($id, $mode, $action, $user_folders = array()) add_form_key('ucp_pm_compose'); // Grab only parameters needed here - $to_user_id = request_var('u', 0); - $to_group_id = request_var('g', 0); - $msg_id = request_var('p', 0); - $draft_id = request_var('d', 0); - $lastclick = request_var('lastclick', 0); + $to_user_id = $request->variable('u', 0); + $to_group_id = $request->variable('g', 0); + $msg_id = $request->variable('p', 0); + $draft_id = $request->variable('d', 0); + $lastclick = $request->variable('lastclick', 0); // Reply to all triggered (quote/reply) - $reply_to_all = request_var('reply_to_all', 0); + $reply_to_all = $request->variable('reply_to_all', 0); $address_list = $request->variable('address_list', array('' => array(0 => ''))); @@ -76,6 +76,9 @@ function compose_pm($id, $mode, $action, $user_folders = array()) $error = array(); $current_time = time(); + /** @var \phpbb\group\helper $group_helper */ + $group_helper = $phpbb_container->get('group_helper'); + // Was cancel pressed? If so then redirect to the appropriate page if ($cancel || ($current_time - $lastclick < 2 && $submit)) { @@ -145,7 +148,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) $group_options = ''; while ($row = $db->sql_fetchrow($result)) { - $group_options .= '<option' . (($row['group_type'] == GROUP_SPECIAL) ? ' class="sep"' : '') . ' value="' . $row['group_id'] . '">' . (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</option>'; + $group_options .= '<option' . (($row['group_type'] == GROUP_SPECIAL) ? ' class="sep"' : '') . ' value="' . $row['group_id'] . '">' . $group_helper->get_name($row['group_name']) . '</option>'; } $db->sql_freeresult($result); } @@ -168,6 +171,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) case 'post': if (!$auth->acl_get('u_sendpm')) { + send_status_line(403, 'Forbidden'); trigger_error('NO_AUTH_SEND_MESSAGE'); } break; @@ -183,6 +187,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) if (!$auth->acl_get('u_sendpm')) { + send_status_line(403, 'Forbidden'); trigger_error('NO_AUTH_SEND_MESSAGE'); } @@ -223,6 +228,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) case 'delete': if (!$auth->acl_get('u_pm_delete')) { + send_status_line(403, 'Forbidden'); trigger_error('NO_AUTH_DELETE_MESSAGE'); } @@ -248,11 +254,13 @@ function compose_pm($id, $mode, $action, $user_folders = array()) if ($action == 'forward' && (!$config['forward_pm'] || !$auth->acl_get('u_pm_forward'))) { + send_status_line(403, 'Forbidden'); trigger_error('NO_AUTH_FORWARD_MESSAGE'); } if ($action == 'edit' && !$auth->acl_get('u_pm_edit')) { + send_status_line(403, 'Forbidden'); trigger_error('NO_AUTH_EDIT_MESSAGE'); } @@ -263,8 +271,6 @@ function compose_pm($id, $mode, $action, $user_folders = array()) * * @event core.ucp_pm_compose_compose_pm_basic_info_query_before * @var string sql String with the query to be executed - * @var array forum_list List of forums that contain the posts - * @var int visibility_const Integer with one of the possible ITEM_* constant values * @var int msg_id topic_id in the page request * @var int to_user_id The id of whom the message is to * @var int to_group_id The id of the group whom the message is to @@ -273,14 +279,11 @@ function compose_pm($id, $mode, $action, $user_folders = array()) * @var string action One of: post, reply, quote, forward, quotepost, edit, delete, smilies * @var bool delete Whether the user is deleting the PM * @var int reply_to_all Value of reply_to_all request variable. - * @var string limit_time_sql String with the SQL code to limit the time interval of the post (Note: May be empty string) - * @var string sort_order_sql String with the ORDER BY SQL code used in this query * @since 3.1.0-RC5 + * @change 3.2.0-a1 Removed undefined variables */ $vars = array( 'sql', - 'forum_list', - 'visibility_const', 'msg_id', 'to_user_id', 'to_group_id', @@ -289,8 +292,6 @@ function compose_pm($id, $mode, $action, $user_folders = array()) 'action', 'delete', 'reply_to_all', - 'limit_time_sql', - 'sort_order_sql', ); extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_compose_pm_basic_info_query_before', compact($vars))); @@ -325,6 +326,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) { if (($post['forum_id'] && !$auth->acl_get('f_read', $post['forum_id'])) || (!$post['forum_id'] && !$auth->acl_getf_global('f_read'))) { + send_status_line(403, 'Forbidden'); trigger_error('NOT_AUTHORISED'); } @@ -335,8 +337,6 @@ function compose_pm($id, $mode, $action, $user_folders = array()) * @var string sql The original SQL used in the query * @var array post Associative array with the data of the quoted post * @var array msg_id The post_id that was searched to get the message for quoting - * @var int visibility_const Visibility of the quoted post (one of the possible ITEM_* constant values) - * @var int topic_id Topic ID of the quoted post * @var int to_user_id Users the message is sent to * @var int to_group_id Groups the message is sent to * @var bool submit Whether the user is sending the PM or not @@ -345,13 +345,12 @@ function compose_pm($id, $mode, $action, $user_folders = array()) * @var bool delete If deleting message * @var int reply_to_all Value of reply_to_all request variable. * @since 3.1.0-RC5 + * @change 3.2.0-a1 Removed undefined variables */ $vars = array( 'sql', 'post', 'msg_id', - 'visibility_const', - 'topic_id', 'to_user_id', 'to_group_id', 'submit', @@ -463,6 +462,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) if (($to_group_id || isset($address_list['g'])) && (!$config['allow_mass_pm'] || !$auth->acl_get('u_masspm_group'))) { + send_status_line(403, 'Forbidden'); trigger_error('NO_AUTH_GROUP_MESSAGE'); } @@ -484,8 +484,9 @@ function compose_pm($id, $mode, $action, $user_folders = array()) $icon_id = 0; } - $message_parser = new parse_message(); + /* @var $plupload \phpbb\plupload\plupload */ $plupload = $phpbb_container->get('plupload'); + $message_parser = new parse_message(); $message_parser->set_plupload($plupload); $message_parser->message = ($action == 'reply') ? '' : $message_text; @@ -498,7 +499,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) if ($action == 'delete') { // Folder id has been determined by the SQL Statement - // $folder_id = request_var('f', PRIVMSGS_NO_BOX); + // $folder_id = $request->variable('f', PRIVMSGS_NO_BOX); // Do we need to confirm ? if (confirm_box(true)) @@ -529,15 +530,9 @@ function compose_pm($id, $mode, $action, $user_folders = array()) } // Get maximum number of allowed recipients - $sql = 'SELECT MAX(g.group_max_recipients) as max_recipients - FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . ' ug - WHERE ug.user_id = ' . $user->data['user_id'] . ' - AND ug.user_pending = 0 - AND ug.group_id = g.group_id'; - $result = $db->sql_query($sql); - $max_recipients = (int) $db->sql_fetchfield('max_recipients'); - $db->sql_freeresult($result); + $max_recipients = phpbb_get_max_setting_from_group($db, $user->data['user_id'], 'max_recipients'); + // If it is 0, there is no limit set and we use the maximum value within the config. $max_recipients = (!$max_recipients) ? $config['pm_max_recipients'] : $max_recipients; // If this is a quote/reply "to all"... we may increase the max_recpients to the number of original recipients @@ -610,7 +605,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) $enable_urls = true; } - $enable_magic_url = $drafts = false; + $drafts = false; // User own some drafts? if ($auth->acl_get('u_savedrafts') && $action != 'delete') @@ -645,9 +640,9 @@ function compose_pm($id, $mode, $action, $user_folders = array()) // Save Draft if ($save && $auth->acl_get('u_savedrafts')) { - $subject = utf8_normalize_nfc(request_var('subject', '', true)); + $subject = $request->variable('subject', '', true); $subject = (!$subject && $action != 'post') ? $user->lang['NEW_MESSAGE'] : $subject; - $message = utf8_normalize_nfc(request_var('message', '', true)); + $message = $request->variable('message', '', true); if ($subject && $message) { @@ -741,10 +736,10 @@ function compose_pm($id, $mode, $action, $user_folders = array()) { $error[] = $user->lang['FORM_INVALID']; } - $subject = utf8_normalize_nfc(request_var('subject', '', true)); - $message_parser->message = utf8_normalize_nfc(request_var('message', '', true)); + $subject = $request->variable('subject', '', true); + $message_parser->message = $request->variable('message', '', true); - $icon_id = request_var('icon', 0); + $icon_id = $request->variable('icon', 0); $enable_bbcode = (!$bbcode_status || isset($_POST['disable_bbcode'])) ? false : true; $enable_smilies = (!$smilies_status || isset($_POST['disable_smilies'])) ? false : true; @@ -779,16 +774,6 @@ function compose_pm($id, $mode, $action, $user_folders = array()) ); extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_modify_parse_before', compact($vars))); - if ($submit) - { - $status_switch = (($enable_bbcode+1) << 8) + (($enable_smilies+1) << 4) + (($enable_urls+1) << 2) + (($enable_sig+1) << 1); - $status_switch = ($status_switch != $check_value); - } - else - { - $status_switch = 1; - } - // Parse Attachments - before checksum is calculated $message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true); @@ -960,7 +945,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) { if ($action == 'quotepost') { - $post_id = request_var('p', 0); + $post_id = $request->variable('p', 0); if ($config['allow_post_links']) { $message_link = "[url=" . generate_board_url() . "/viewtopic.$phpEx?p={$post_id}#p{$post_id}]{$user->lang['SUBJECT']}{$user->lang['COLON']} {$message_subject}[/url]\n\n"; @@ -974,7 +959,20 @@ function compose_pm($id, $mode, $action, $user_folders = array()) { $message_link = ''; } - $message_parser->message = $message_link . '[quote="' . $quote_username . '"]' . censor_text(trim($message_parser->message)) . "[/quote]\n"; + $quote_attributes = array( + 'author' => $quote_username, + 'time' => $post['message_time'], + 'user_id' => $post['author_id'], + ); + if ($action === 'quotepost') + { + $quote_attributes['post_id'] = $post['msg_id']; + } + $quote_text = $phpbb_container->get('text_formatter.utils')->generate_quote( + censor_text($message_parser->message), + $quote_attributes + ); + $message_parser->message = $message_link . $quote_text . "\n\n"; } if (($action == 'reply' || $action == 'quote' || $action == 'quotepost') && !$preview && !$refresh) @@ -1002,7 +1000,11 @@ function compose_pm($id, $mode, $action, $user_folders = array()) $forward_text[] = sprintf($user->lang['FWD_FROM'], $quote_username_text); $forward_text[] = sprintf($user->lang['FWD_TO'], implode($user->lang['COMMA_SEPARATOR'], $fwd_to_field['to'])); - $message_parser->message = implode("\n", $forward_text) . "\n\n[quote="{$quote_username}"]\n" . censor_text(trim($message_parser->message)) . "\n[/quote]"; + $quote_text = $phpbb_container->get('text_formatter.utils')->generate_quote( + censor_text($message_parser->message), + array('author' => $quote_username) + ); + $message_parser->message = implode("\n", $forward_text) . "\n\n" . $quote_text; $message_subject = ((!preg_match('/^Fwd:/', $message_subject)) ? 'Fwd: ' : '') . censor_text($message_subject); } @@ -1075,7 +1077,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) { if ($type == 'g') { - $row['name'] = ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['name']] : $row['name']; + $row['name'] = $group_helper->get_name($row['name']); } ${$type}[$row['id']] = array('name' => $row['name'], 'colour' => $row['colour']); @@ -1085,7 +1087,6 @@ function compose_pm($id, $mode, $action, $user_folders = array()) } // Now Build the address list - $plain_address_field = ''; foreach ($address_list as $type => $adr_ary) { foreach ($adr_ary as $id => $field) @@ -1173,6 +1174,9 @@ function compose_pm($id, $mode, $action, $user_folders = array()) $form_enctype = (@ini_get('file_uploads') == '0' || strtolower(@ini_get('file_uploads')) == 'off' || !$config['allow_pm_attach'] || !$auth->acl_get('u_pm_attach')) ? '' : ' enctype="multipart/form-data"'; + /** @var \phpbb\controller\helper $controller_helper */ + $controller_helper = $phpbb_container->get('controller.helper'); + // Start assigning vars for main posting page ... $template->assign_vars(array( 'L_POST_A' => $page_title, @@ -1181,7 +1185,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) 'SUBJECT' => (isset($message_subject)) ? $message_subject : '', 'MESSAGE' => $message_text, - 'BBCODE_STATUS' => ($bbcode_status) ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '">', '</a>'), + 'BBCODE_STATUS' => $user->lang(($bbcode_status ? 'BBCODE_IS_ON' : 'BBCODE_IS_OFF'), '<a href="' . $controller_helper->route('phpbb_help_bbcode_controller') . '">', '</a>'), 'IMG_STATUS' => ($img_status) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'], 'FLASH_STATUS' => ($flash_status) ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'], 'SMILIES_STATUS' => ($smilies_status) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'], @@ -1277,13 +1281,13 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove } // Add Selected Groups - $group_list = request_var('group_list', array(0)); + $group_list = $request->variable('group_list', array(0)); // Build usernames to add - $usernames = request_var('username', '', true); + $usernames = $request->variable('username', '', true); $usernames = (empty($usernames)) ? array() : array($usernames); - $username_list = request_var('username_list', '', true); + $username_list = $request->variable('username_list', '', true); if ($username_list) { $usernames = array_merge($usernames, explode("\n", $username_list)); @@ -1300,7 +1304,7 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove $submit = false; // Preview is only true if there was also a message entered - if (request_var('message', '')) + if ($request->variable('message', '')) { $preview = true; } @@ -1432,7 +1436,7 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove } /** -* Build the hidden field for the recipients. Needed, as the variable is not read via request_var. +* Build the hidden field for the recipients. Needed, as the variable is not read via $request->variable(). */ function build_address_field($address_list) { diff --git a/phpBB/includes/ucp/ucp_pm_options.php b/phpBB/includes/ucp/ucp_pm_options.php index d1fc9d2c62..2458c4118d 100644 --- a/phpBB/includes/ucp/ucp_pm_options.php +++ b/phpBB/includes/ucp/ucp_pm_options.php @@ -24,7 +24,7 @@ if (!defined('IN_PHPBB')) */ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_conditions) { - global $phpbb_root_path, $phpEx, $user, $template, $auth, $config, $db; + global $phpbb_root_path, $phpEx, $user, $template, $config, $db, $request; $redirect_url = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&mode=options"); @@ -37,7 +37,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit trigger_error('FORM_INVALID'); } - $full_action = request_var('full_action', 0); + $full_action = $request->variable('full_action', 0); $set_folder_id = 0; switch ($full_action) @@ -47,7 +47,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit break; case 2: - $set_folder_id = request_var('full_move_to', PRIVMSGS_INBOX); + $set_folder_id = $request->variable('full_move_to', PRIVMSGS_INBOX); break; case 3: @@ -79,8 +79,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit { if (check_form_key('ucp_pm_options')) { - $folder_name = utf8_normalize_nfc(request_var('foldername', '', true)); - $msg = ''; + $folder_name = $request->variable('foldername', '', true); if ($folder_name) { @@ -135,8 +134,8 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit { if (check_form_key('ucp_pm_options')) { - $new_folder_name = utf8_normalize_nfc(request_var('new_folder_name', '', true)); - $rename_folder_id= request_var('rename_folder_id', 0); + $new_folder_name = $request->variable('new_folder_name', '', true); + $rename_folder_id= $request->variable('rename_folder_id', 0); if (!$new_folder_name) { @@ -178,11 +177,11 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit // Remove Folder if (isset($_POST['remove_folder'])) { - $remove_folder_id = request_var('remove_folder_id', 0); + $remove_folder_id = $request->variable('remove_folder_id', 0); // Default to "move all messages to inbox" - $remove_action = request_var('remove_action', 1); - $move_to = request_var('move_to', PRIVMSGS_INBOX); + $remove_action = $request->variable('remove_action', 1); + $move_to = $request->variable('move_to', PRIVMSGS_INBOX); // Move to same folder? if ($remove_action == 1 && $remove_folder_id == $move_to) @@ -291,13 +290,13 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit { if (check_form_key('ucp_pm_options')) { - $check_option = request_var('check_option', 0); - $rule_option = request_var('rule_option', 0); - $cond_option = request_var('cond_option', ''); - $action_option = explode('|', request_var('action_option', '')); - $rule_string = ($cond_option != 'none') ? utf8_normalize_nfc(request_var('rule_string', '', true)) : ''; - $rule_user_id = ($cond_option != 'none') ? request_var('rule_user_id', 0) : 0; - $rule_group_id = ($cond_option != 'none') ? request_var('rule_group_id', 0) : 0; + $check_option = $request->variable('check_option', 0); + $rule_option = $request->variable('rule_option', 0); + $cond_option = $request->variable('cond_option', ''); + $action_option = explode('|', $request->variable('action_option', '')); + $rule_string = ($cond_option != 'none') ? $request->variable('rule_string', '', true) : ''; + $rule_user_id = ($cond_option != 'none') ? $request->variable('rule_user_id', 0) : 0; + $rule_group_id = ($cond_option != 'none') ? $request->variable('rule_group_id', 0) : 0; $action = (int) $action_option[0]; $folder_id = (int) $action_option[1]; @@ -371,7 +370,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit // Remove Rule if (isset($_POST['delete_rule']) && !isset($_POST['cancel'])) { - $delete_id = array_keys(request_var('delete_rule', array(0 => 0))); + $delete_id = array_keys($request->variable('delete_rule', array(0 => 0))); $delete_id = (!empty($delete_id[0])) ? $delete_id[0] : 0; if (!$delete_id) @@ -507,18 +506,20 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit $rule_lang = $action_lang = $check_lang = array(); // Build all three language arrays - preg_replace('#^((RULE|ACTION|CHECK)_([A-Z0-9_]+))$#e', "\${strtolower('\\2') . '_lang'}[constant('\\1')] = \$user->lang['PM_\\2']['\\3']", array_keys(get_defined_constants())); + preg_replace_callback('#^((RULE|ACTION|CHECK)_([A-Z0-9_]+))$#', function ($match) use(&$rule_lang, &$action_lang, &$check_lang, $user) { + ${strtolower($match[2]) . '_lang'}[constant($match[1])] = $user->lang['PM_' . $match[2]][$match[3]]; + }, array_keys(get_defined_constants())); /* Rule Ordering: -> CHECK_* -> RULE_* [IN $global_privmsgs_rules:CHECK_*] -> [IF $rule_conditions[RULE_*] [|text|bool|user|group|own_group]] -> ACTION_* */ - $check_option = request_var('check_option', 0); - $rule_option = request_var('rule_option', 0); - $cond_option = request_var('cond_option', ''); - $action_option = request_var('action_option', ''); - $back = (isset($_REQUEST['back'])) ? request_var('back', array('' => 0)) : array(); + $check_option = $request->variable('check_option', 0); + $rule_option = $request->variable('rule_option', 0); + $cond_option = $request->variable('cond_option', ''); + $action_option = $request->variable('action_option', ''); + $back = (isset($_REQUEST['back'])) ? $request->variable('back', array('' => 0)) : array(); if (sizeof($back)) { @@ -609,7 +610,7 @@ function define_check_option($hardcoded, $check_option, $check_lang) */ function define_action_option($hardcoded, $action_option, $action_lang, $folder) { - global $db, $template, $user; + global $template; $l_action = $s_action_options = ''; if ($hardcoded) @@ -698,7 +699,10 @@ function define_rule_option($hardcoded, $rule_option, $rule_lang, $check_ary) */ function define_cond_option($hardcoded, $cond_option, $rule_option, $global_rule_conditions) { - global $db, $template, $auth, $user; + global $db, $template, $auth, $user, $request, $phpbb_container; + + /** @var \phpbb\group\helper $group_helper */ + $group_helper = $phpbb_container->get('group_helper'); $template->assign_vars(array( 'S_COND_DEFINED' => true, @@ -717,12 +721,11 @@ function define_cond_option($hardcoded, $cond_option, $rule_option, $global_rule // Define Condition $condition = $global_rule_conditions[$rule_option]; - $current_value = ''; switch ($condition) { case 'text': - $rule_string = utf8_normalize_nfc(request_var('rule_string', '', true)); + $rule_string = $request->variable('rule_string', '', true); $template->assign_vars(array( 'S_TEXT_CONDITION' => true, @@ -735,8 +738,8 @@ function define_cond_option($hardcoded, $cond_option, $rule_option, $global_rule break; case 'user': - $rule_user_id = request_var('rule_user_id', 0); - $rule_string = utf8_normalize_nfc(request_var('rule_string', '', true)); + $rule_user_id = $request->variable('rule_user_id', 0); + $rule_string = $request->variable('rule_string', '', true); if ($rule_string && !$rule_user_id) { @@ -778,8 +781,8 @@ function define_cond_option($hardcoded, $cond_option, $rule_option, $global_rule break; case 'group': - $rule_group_id = request_var('rule_group_id', 0); - $rule_string = utf8_normalize_nfc(request_var('rule_string', '', true)); + $rule_group_id = $request->variable('rule_group_id', 0); + $rule_string = $request->variable('rule_string', '', true); $sql = 'SELECT g.group_id, g.group_name, g.group_type FROM ' . GROUPS_TABLE . ' g '; @@ -810,13 +813,13 @@ function define_cond_option($hardcoded, $cond_option, $rule_option, $global_rule { if ($rule_group_id && ($row['group_id'] == $rule_group_id)) { - $rule_string = (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']); + $rule_string = $group_helper->get_name($row['group_name']); } $s_class = ($row['group_type'] == GROUP_SPECIAL) ? ' class="sep"' : ''; $s_selected = ($row['group_id'] == $rule_group_id) ? ' selected="selected"' : ''; - $s_group_options .= '<option value="' . $row['group_id'] . '"' . $s_class . $s_selected . '>' . (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</option>'; + $s_group_options .= '<option value="' . $row['group_id'] . '"' . $s_class . $s_selected . '>' . $group_helper->get_name($row['group_name']) . '</option>'; } $db->sql_freeresult($result); diff --git a/phpBB/includes/ucp/ucp_pm_viewfolder.php b/phpBB/includes/ucp/ucp_pm_viewfolder.php index 19acd9ecb9..af2126c83d 100644 --- a/phpBB/includes/ucp/ucp_pm_viewfolder.php +++ b/phpBB/includes/ucp/ucp_pm_viewfolder.php @@ -25,7 +25,7 @@ if (!defined('IN_PHPBB')) */ function view_folder($id, $mode, $folder_id, $folder) { - global $user, $template, $auth, $db, $cache; + global $user, $template, $auth, $db, $cache, $request; global $phpbb_root_path, $config, $phpEx; $submit_export = (isset($_POST['submit_export'])) ? true : false; @@ -41,9 +41,6 @@ function view_folder($id, $mode, $folder_id, $folder) $color_rows = array('marked', 'replied'); - // only show the friend/foe color rows if the module is enabled - $zebra_enabled = false; - $_module = new p_master(); $_module->list_modules('ucp'); $_module->set_active('zebra'); @@ -196,9 +193,9 @@ function view_folder($id, $mode, $folder_id, $folder) } else { - $export_type = request_var('export_option', ''); - $enclosure = request_var('enclosure', ''); - $delimiter = request_var('delimiter', ''); + $export_type = $request->variable('export_option', ''); + $enclosure = $request->variable('enclosure', ''); + $delimiter = $request->variable('delimiter', ''); if ($export_type == 'CSV' && ($delimiter === '' || $enclosure === '')) { @@ -397,15 +394,16 @@ function view_folder($id, $mode, $folder_id, $folder) */ function get_pm_from($folder_id, $folder, $user_id) { - global $user, $db, $template, $config, $auth, $phpbb_container, $phpbb_root_path, $phpEx; + global $user, $db, $template, $config, $auth, $phpbb_container, $phpbb_root_path, $phpEx, $request; - $start = request_var('start', 0); + $start = $request->variable('start', 0); // Additional vars later, pm ordering is mostly different from post ordering. :/ - $sort_days = request_var('st', 0); - $sort_key = request_var('sk', 't'); - $sort_dir = request_var('sd', 'd'); + $sort_days = $request->variable('st', 0); + $sort_key = $request->variable('sk', 't'); + $sort_dir = $request->variable('sd', 'd'); + /* @var $pagination \phpbb\pagination */ $pagination = $phpbb_container->get('pagination'); // PM ordering options diff --git a/phpBB/includes/ucp/ucp_pm_viewmessage.php b/phpBB/includes/ucp/ucp_pm_viewmessage.php index d7b9b32dbf..48d14a133c 100644 --- a/phpBB/includes/ucp/ucp_pm_viewmessage.php +++ b/phpBB/includes/ucp/ucp_pm_viewmessage.php @@ -24,7 +24,7 @@ if (!defined('IN_PHPBB')) */ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) { - global $user, $template, $auth, $db, $cache, $phpbb_container; + global $user, $template, $auth, $db, $phpbb_container; global $phpbb_root_path, $request, $phpEx, $config, $phpbb_dispatcher; $user->add_lang(array('viewtopic', 'memberlist')); @@ -32,7 +32,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) $msg_id = (int) $msg_id; $folder_id = (int) $folder_id; $author_id = (int) $message_row['author_id']; - $view = request_var('view', ''); + $view = $request->variable('view', ''); // Not able to view message, it was deleted by the sender if ($message_row['pm_deleted']) @@ -41,6 +41,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) $message = $user->lang['NO_AUTH_READ_REMOVED_MESSAGE']; $message .= '<br /><br />' . sprintf($user->lang['RETURN_FOLDER'], '<a href="' . $meta_info . '">', '</a>'); + send_status_line(403, 'Forbidden'); trigger_error($message); } @@ -50,12 +51,10 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) trigger_error('NO_AUTH_READ_HOLD_MESSAGE'); } - // Grab icons - $icons = $cache->obtain_icons(); - // Load the custom profile fields if ($config['load_cpf_pm']) { + /* @var $cp \phpbb\profilefields\manager */ $cp = $phpbb_container->get('profilefields.manager'); $profile_fields = $cp->grab_profile_fields_data($author_id); @@ -231,7 +230,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) 'U_DELETE' => ($auth->acl_get('u_pm_delete')) ? "$url&mode=compose&action=delete&f=$folder_id&p=" . $message_row['msg_id'] : '', 'U_EMAIL' => $user_info['email'], - 'U_REPORT' => ($config['allow_pm_report']) ? append_sid("{$phpbb_root_path}report.$phpEx", "pm=" . $message_row['msg_id']) : '', + 'U_REPORT' => ($config['allow_pm_report']) ? $phpbb_container->get('controller.helper')->route('phpbb_report_pm_controller', array('id' => $message_row['msg_id'])) : '', 'U_QUOTE' => ($auth->acl_get('u_sendpm') && $author_id != ANONYMOUS) ? "$url&mode=compose&action=quote&f=$folder_id&p=" . $message_row['msg_id'] : '', 'U_EDIT' => (($message_row['message_time'] > time() - ($config['pm_edit_time'] * 60) || !$config['pm_edit_time']) && $folder_id == PRIVMSGS_OUTBOX && $auth->acl_get('u_pm_edit')) ? "$url&mode=compose&action=edit&f=$folder_id&p=" . $message_row['msg_id'] : '', 'U_POST_REPLY_PM' => ($auth->acl_get('u_sendpm') && $author_id != ANONYMOUS) ? "$url&mode=compose&action=reply&f=$folder_id&p=" . $message_row['msg_id'] : '', @@ -356,7 +355,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) */ function get_user_information($user_id, $user_row) { - global $db, $auth, $user, $cache; + global $db, $auth, $user; global $phpbb_root_path, $phpEx, $config; if (!$user_id) diff --git a/phpBB/includes/ucp/ucp_prefs.php b/phpBB/includes/ucp/ucp_prefs.php index e63e9b4c08..c2aa910ed0 100644 --- a/phpBB/includes/ucp/ucp_prefs.php +++ b/phpBB/includes/ucp/ucp_prefs.php @@ -29,7 +29,7 @@ class ucp_prefs function main($id, $mode) { - global $config, $db, $user, $auth, $template, $phpbb_dispatcher, $phpbb_root_path, $phpEx; + global $config, $db, $user, $auth, $template, $phpbb_dispatcher, $request; $submit = (isset($_POST['submit'])) ? true : false; $error = $data = array(); @@ -40,16 +40,16 @@ class ucp_prefs case 'personal': add_form_key('ucp_prefs_personal'); $data = array( - 'notifymethod' => request_var('notifymethod', $user->data['user_notify_type']), - 'dateformat' => request_var('dateformat', $user->data['user_dateformat'], true), - 'lang' => basename(request_var('lang', $user->data['user_lang'])), - 'user_style' => request_var('user_style', (int) $user->data['user_style']), - 'tz' => request_var('tz', $user->data['user_timezone']), - - 'viewemail' => request_var('viewemail', (bool) $user->data['user_allow_viewemail']), - 'massemail' => request_var('massemail', (bool) $user->data['user_allow_massemail']), - 'hideonline' => request_var('hideonline', (bool) !$user->data['user_allow_viewonline']), - 'allowpm' => request_var('allowpm', (bool) $user->data['user_allow_pm']), + 'notifymethod' => $request->variable('notifymethod', $user->data['user_notify_type']), + 'dateformat' => $request->variable('dateformat', $user->data['user_dateformat'], true), + 'lang' => basename($request->variable('lang', $user->data['user_lang'])), + 'user_style' => $request->variable('user_style', (int) $user->data['user_style']), + 'tz' => $request->variable('tz', $user->data['user_timezone']), + + 'viewemail' => $request->variable('viewemail', (bool) $user->data['user_allow_viewemail']), + 'massemail' => $request->variable('massemail', (bool) $user->data['user_allow_massemail']), + 'hideonline' => $request->variable('hideonline', (bool) !$user->data['user_allow_viewonline']), + 'allowpm' => $request->variable('allowpm', (bool) $user->data['user_allow_pm']), ); if ($data['notifymethod'] == NOTIFY_IM && (!$config['jab_enable'] || !$user->data['user_jabber'] || !@extension_loaded('xml'))) @@ -221,20 +221,20 @@ class ucp_prefs add_form_key('ucp_prefs_view'); $data = array( - 'topic_sk' => request_var('topic_sk', (!empty($user->data['user_topic_sortby_type'])) ? $user->data['user_topic_sortby_type'] : 't'), - 'topic_sd' => request_var('topic_sd', (!empty($user->data['user_topic_sortby_dir'])) ? $user->data['user_topic_sortby_dir'] : 'd'), - 'topic_st' => request_var('topic_st', (!empty($user->data['user_topic_show_days'])) ? (int) $user->data['user_topic_show_days'] : 0), - - 'post_sk' => request_var('post_sk', (!empty($user->data['user_post_sortby_type'])) ? $user->data['user_post_sortby_type'] : 't'), - 'post_sd' => request_var('post_sd', (!empty($user->data['user_post_sortby_dir'])) ? $user->data['user_post_sortby_dir'] : 'a'), - 'post_st' => request_var('post_st', (!empty($user->data['user_post_show_days'])) ? (int) $user->data['user_post_show_days'] : 0), - - 'images' => request_var('images', (bool) $user->optionget('viewimg')), - 'flash' => request_var('flash', (bool) $user->optionget('viewflash')), - 'smilies' => request_var('smilies', (bool) $user->optionget('viewsmilies')), - 'sigs' => request_var('sigs', (bool) $user->optionget('viewsigs')), - 'avatars' => request_var('avatars', (bool) $user->optionget('viewavatars')), - 'wordcensor' => request_var('wordcensor', (bool) $user->optionget('viewcensors')), + 'topic_sk' => $request->variable('topic_sk', (!empty($user->data['user_topic_sortby_type'])) ? $user->data['user_topic_sortby_type'] : 't'), + 'topic_sd' => $request->variable('topic_sd', (!empty($user->data['user_topic_sortby_dir'])) ? $user->data['user_topic_sortby_dir'] : 'd'), + 'topic_st' => $request->variable('topic_st', (!empty($user->data['user_topic_show_days'])) ? (int) $user->data['user_topic_show_days'] : 0), + + 'post_sk' => $request->variable('post_sk', (!empty($user->data['user_post_sortby_type'])) ? $user->data['user_post_sortby_type'] : 't'), + 'post_sd' => $request->variable('post_sd', (!empty($user->data['user_post_sortby_dir'])) ? $user->data['user_post_sortby_dir'] : 'a'), + 'post_st' => $request->variable('post_st', (!empty($user->data['user_post_show_days'])) ? (int) $user->data['user_post_show_days'] : 0), + + 'images' => $request->variable('images', (bool) $user->optionget('viewimg')), + 'flash' => $request->variable('flash', (bool) $user->optionget('viewflash')), + 'smilies' => $request->variable('smilies', (bool) $user->optionget('viewsmilies')), + 'sigs' => $request->variable('sigs', (bool) $user->optionget('viewsigs')), + 'avatars' => $request->variable('avatars', (bool) $user->optionget('viewavatars')), + 'wordcensor' => $request->variable('wordcensor', (bool) $user->optionget('viewcensors')), ); /** @@ -436,10 +436,10 @@ class ucp_prefs case 'post': $data = array( - 'bbcode' => request_var('bbcode', $user->optionget('bbcode')), - 'smilies' => request_var('smilies', $user->optionget('smilies')), - 'sig' => request_var('sig', $user->optionget('attachsig')), - 'notify' => request_var('notify', (bool) $user->data['user_notify']), + 'bbcode' => $request->variable('bbcode', $user->optionget('bbcode')), + 'smilies' => $request->variable('smilies', $user->optionget('smilies')), + 'sig' => $request->variable('sig', $user->optionget('attachsig')), + 'notify' => $request->variable('notify', (bool) $user->data['user_notify']), ); add_form_key('ucp_prefs_post'); diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php index 0be1930f1a..a86c4f2672 100644 --- a/phpBB/includes/ucp/ucp_profile.php +++ b/phpBB/includes/ucp/ucp_profile.php @@ -31,14 +31,12 @@ class ucp_profile function main($id, $mode) { - global $cache, $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx; - global $request, $phpbb_container, $phpbb_dispatcher; + global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx; + global $request, $phpbb_container, $phpbb_log, $phpbb_dispatcher; $user->add_lang('posting'); - $preview = $request->variable('preview', false, false, \phpbb\request\request_interface::POST); $submit = $request->variable('submit', false, false, \phpbb\request\request_interface::POST); - $delete = $request->variable('delete', false, false, \phpbb\request\request_interface::POST); $error = $data = array(); $s_hidden_fields = ''; @@ -47,8 +45,8 @@ class ucp_profile case 'reg_details': $data = array( - 'username' => utf8_normalize_nfc(request_var('username', $user->data['username'], true)), - 'email' => strtolower(request_var('email', $user->data['user_email'])), + 'username' => $request->variable('username', $user->data['username'], true), + 'email' => strtolower($request->variable('email', $user->data['user_email'])), 'new_password' => $request->variable('new_password', '', true), 'cur_password' => $request->variable('cur_password', '', true), 'password_confirm' => $request->variable('password_confirm', '', true), @@ -96,6 +94,7 @@ class ucp_profile } // Instantiate passwords manager + /* @var $passwords_manager \phpbb\passwords\manager */ $passwords_manager = $phpbb_container->get('passwords.manager'); // Only check the new password against the previous password if there have been no errors @@ -139,18 +138,30 @@ class ucp_profile if ($auth->acl_get('u_chgname') && $config['allow_namechange'] && $data['username'] != $user->data['username']) { - add_log('user', $user->data['user_id'], 'LOG_USER_UPDATE_NAME', $user->data['username'], $data['username']); + $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_UPDATE_NAME', false, array( + 'reportee_id' => $user->data['user_id'], + $user->data['username'], + $data['username'] + )); } if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && !$passwords_manager->check($data['new_password'], $user->data['user_password'])) { $user->reset_login_keys(); - add_log('user', $user->data['user_id'], 'LOG_USER_NEW_PASSWORD', $data['username']); + $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_NEW_PASSWORD', false, array( + 'reportee_id' => $user->data['user_id'], + $user->data['username'] + )); } if ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email']) { - add_log('user', $user->data['user_id'], 'LOG_USER_UPDATE_EMAIL', $data['username'], $user->data['user_email'], $data['email']); + $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_UPDATE_EMAIL', false, array( + 'reportee_id' => $user->data['user_id'], + $user->data['username'], + $data['user_email'], + $data['email'] + )); } $message = 'PROFILE_UPDATED'; @@ -268,15 +279,17 @@ class ucp_profile // Do not display profile information panel if not authed to do so if (!$auth->acl_get('u_chgprofileinfo')) { + send_status_line(403, 'Forbidden'); trigger_error('NO_AUTH_PROFILEINFO'); } + /* @var $cp \phpbb\profilefields\manager */ $cp = $phpbb_container->get('profilefields.manager'); $cp_data = $cp_error = array(); $data = array( - 'jabber' => utf8_normalize_nfc(request_var('jabber', $user->data['user_jabber'], true)), + 'jabber' => $request->variable('jabber', $user->data['user_jabber'], true), ); if ($config['allow_birthdays']) @@ -288,9 +301,9 @@ class ucp_profile list($data['bday_day'], $data['bday_month'], $data['bday_year']) = explode('-', $user->data['user_birthday']); } - $data['bday_day'] = request_var('bday_day', $data['bday_day']); - $data['bday_month'] = request_var('bday_month', $data['bday_month']); - $data['bday_year'] = request_var('bday_year', $data['bday_year']); + $data['bday_day'] = $request->variable('bday_day', $data['bday_day']); + $data['bday_month'] = $request->variable('bday_month', $data['bday_month']); + $data['bday_year'] = $request->variable('bday_year', $data['bday_year']); $data['user_birthday'] = sprintf('%2d-%2d-%4d', $data['bday_day'], $data['bday_month'], $data['bday_year']); } @@ -417,7 +430,6 @@ class ucp_profile $selected = ($i == $data['bday_month']) ? ' selected="selected"' : ''; $s_birthday_month_options .= "<option value=\"$i\"$selected>$i</option>"; } - $s_birthday_year_options = ''; $now = getdate(); $s_birthday_year_options = '<option value="0"' . ((!$data['bday_year']) ? ' selected="selected"' : '') . '>--</option>'; @@ -453,128 +465,142 @@ class ucp_profile if (!$auth->acl_get('u_sig')) { + send_status_line(403, 'Forbidden'); trigger_error('NO_AUTH_SIGNATURE'); } include($phpbb_root_path . 'includes/functions_posting.' . $phpEx); include($phpbb_root_path . 'includes/functions_display.' . $phpEx); - $enable_bbcode = ($config['allow_sig_bbcode']) ? (bool) $user->optionget('sig_bbcode') : false; - $enable_smilies = ($config['allow_sig_smilies']) ? (bool) $user->optionget('sig_smilies') : false; - $enable_urls = ($config['allow_sig_links']) ? (bool) $user->optionget('sig_links') : false; + $preview = $request->is_set_post('preview'); - $signature = utf8_normalize_nfc(request_var('signature', (string) $user->data['user_sig'], true)); + $enable_bbcode = ($config['allow_sig_bbcode']) ? $user->optionget('sig_bbcode') : false; + $enable_smilies = ($config['allow_sig_smilies']) ? $user->optionget('sig_smilies') : false; + $enable_urls = ($config['allow_sig_links']) ? $user->optionget('sig_links') : false; - add_form_key('ucp_sig'); + $decoded_message = generate_text_for_edit($user->data['user_sig'], $user->data['user_sig_bbcode_uid'], $user->data['user_sig_bbcode_bitfield']); + $signature = $request->variable('signature', $decoded_message['text'], true); + $signature_preview = ''; if ($submit || $preview) { - include($phpbb_root_path . 'includes/message_parser.' . $phpEx); + $enable_bbcode = ($config['allow_sig_bbcode']) ? !$request->variable('disable_bbcode', false) : false; + $enable_smilies = ($config['allow_sig_smilies']) ? !$request->variable('disable_smilies', false) : false; + $enable_urls = ($config['allow_sig_links']) ? !$request->variable('disable_magic_url', false) : false; + + if (!check_form_key('ucp_sig')) + { + $error[] = 'FORM_INVALID'; + } + } + + /** + * Modify user signature on editing profile in UCP + * + * @event core.ucp_profile_modify_signature + * @var bool enable_bbcode Whether or not bbcode is enabled + * @var bool enable_smilies Whether or not smilies are enabled + * @var bool enable_urls Whether or not urls are enabled + * @var string signature Users signature text + * @var array error Any error strings + * @var bool submit Whether or not the form has been sumitted + * @var bool preview Whether or not the signature is being previewed + * @since 3.1.10-RC1 + * @change 3.2.0-RC2 Removed message parser + */ + $vars = array( + 'enable_bbcode', + 'enable_smilies', + 'enable_urls', + 'signature', + 'error', + 'submit', + 'preview', + ); + extract($phpbb_dispatcher->trigger_event('core.ucp_profile_modify_signature', compact($vars))); + + $bbcode_uid = $bbcode_bitfield = $bbcode_flags = ''; + $warn_msg = generate_text_for_storage( + $signature, + $bbcode_uid, + $bbcode_bitfield, + $bbcode_flags, + $enable_bbcode, + $enable_urls, + $enable_smilies, + $config['allow_sig_img'], + $config['allow_sig_flash'], + true, + $config['allow_sig_links'], + 'sig' + ); - $enable_bbcode = ($config['allow_sig_bbcode']) ? ((request_var('disable_bbcode', false)) ? false : true) : false; - $enable_smilies = ($config['allow_sig_smilies']) ? ((request_var('disable_smilies', false)) ? false : true) : false; - $enable_urls = ($config['allow_sig_links']) ? ((request_var('disable_magic_url', false)) ? false : true) : false; + if (sizeof($warn_msg)) + { + $error += $warn_msg; + } + if (!$submit) + { + // Parse it for displaying + $signature_preview = generate_text_for_display($signature, $bbcode_uid, $bbcode_bitfield, $bbcode_flags); + } + else + { if (!sizeof($error)) { - $message_parser = new parse_message($signature); + $user->optionset('sig_bbcode', $enable_bbcode); + $user->optionset('sig_smilies', $enable_smilies); + $user->optionset('sig_links', $enable_urls); + + $sql_ary = array( + 'user_sig' => $signature, + 'user_options' => $user->data['user_options'], + 'user_sig_bbcode_uid' => $bbcode_uid, + 'user_sig_bbcode_bitfield' => $bbcode_bitfield + ); /** - * Modify user signature on editing profile in UCP + * Modify user registration data before submitting it to the database * - * @event core.ucp_profile_modify_signature - * @var bool enable_bbcode Whether or not bbcode is enabled - * @var bool enable_smilies Whether or not smilies are enabled - * @var bool enable_urls Whether or not urls are enabled - * @var string signature Users signature text - * @var object message_parser The message parser object - * @var array error Any error strings - * @var bool submit Whether or not the form has been sumitted - * @var bool preview Whether or not the signature is being previewed + * @event core.ucp_profile_modify_signature_sql_ary + * @var array sql_ary Array with user signature data to submit to the database * @since 3.1.10-RC1 */ - $vars = array( - 'enable_bbcode', - 'enable_smilies', - 'enable_urls', - 'signature', - 'message_parser', - 'error', - 'submit', - 'preview', - ); - extract($phpbb_dispatcher->trigger_event('core.ucp_profile_modify_signature', compact($vars))); - - // Allowing Quote BBCode - $message_parser->parse($enable_bbcode, $enable_urls, $enable_smilies, $config['allow_sig_img'], $config['allow_sig_flash'], true, $config['allow_sig_links'], true, 'sig'); - - if (sizeof($message_parser->warn_msg)) - { - $error[] = implode('<br />', $message_parser->warn_msg); - } - - if (!check_form_key('ucp_sig')) - { - $error[] = 'FORM_INVALID'; - } - - if (!sizeof($error) && $submit) - { - $user->optionset('sig_bbcode', $enable_bbcode); - $user->optionset('sig_smilies', $enable_smilies); - $user->optionset('sig_links', $enable_urls); - - $sql_ary = array( - 'user_sig' => (string) $message_parser->message, - 'user_options' => $user->data['user_options'], - 'user_sig_bbcode_uid' => (string) $message_parser->bbcode_uid, - 'user_sig_bbcode_bitfield' => $message_parser->bbcode_bitfield - ); - - /** - * Modify user registration data before submitting it to the database - * - * @event core.ucp_profile_modify_signature_sql_ary - * @var array sql_ary Array with user signature data to submit to the database - * @since 3.1.10-RC1 - */ - $vars = array('sql_ary'); - extract($phpbb_dispatcher->trigger_event('core.ucp_profile_modify_signature_sql_ary', compact($vars))); + $vars = array('sql_ary'); + extract($phpbb_dispatcher->trigger_event('core.ucp_profile_modify_signature_sql_ary', compact($vars))); - $sql = 'UPDATE ' . USERS_TABLE . ' - SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' - WHERE user_id = ' . $user->data['user_id']; - $db->sql_query($sql); + $sql = 'UPDATE ' . USERS_TABLE . ' + SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' + WHERE user_id = ' . $user->data['user_id']; + $db->sql_query($sql); - $message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); - trigger_error($message); - } + $message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); + trigger_error($message); } - - // Replace "error" strings with their real, localised form - $error = array_map(array($user, 'lang'), $error); } - $signature_preview = ''; - if ($preview) + // Replace "error" strings with their real, localised form + $error = array_map(array($user, 'lang'), $error); + + if ($request->is_set_post('preview')) { - // Now parse it for displaying - $signature_preview = $message_parser->format_display($enable_bbcode, $enable_urls, $enable_smilies, false); - unset($message_parser); + $decoded_message = generate_text_for_edit($signature, $bbcode_uid, $bbcode_flags); } - decode_message($signature, $user->data['user_sig_bbcode_uid']); + /** @var \phpbb\controller\helper $controller_helper */ + $controller_helper = $phpbb_container->get('controller.helper'); $template->assign_vars(array( 'ERROR' => (sizeof($error)) ? implode('<br />', $error) : '', - 'SIGNATURE' => $signature, + 'SIGNATURE' => $decoded_message['text'], 'SIGNATURE_PREVIEW' => $signature_preview, 'S_BBCODE_CHECKED' => (!$enable_bbcode) ? ' checked="checked"' : '', 'S_SMILIES_CHECKED' => (!$enable_smilies) ? ' checked="checked"' : '', 'S_MAGIC_URL_CHECKED' => (!$enable_urls) ? ' checked="checked"' : '', - 'BBCODE_STATUS' => ($config['allow_sig_bbcode']) ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '">', '</a>'), + 'BBCODE_STATUS' => $user->lang(($config['allow_sig_bbcode'] ? 'BBCODE_IS_ON' : 'BBCODE_IS_OFF'), '<a href="' . $controller_helper->route('phpbb_help_bbcode_controller') . '">', '</a>'), 'SMILIES_STATUS' => ($config['allow_sig_smilies']) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'], 'IMG_STATUS' => ($config['allow_sig_img']) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'], 'FLASH_STATUS' => ($config['allow_sig_flash']) ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'], @@ -590,6 +616,8 @@ class ucp_profile 'S_LINKS_ALLOWED' => ($config['allow_sig_links']) ? true : false) ); + add_form_key('ucp_sig'); + // Build custom bbcodes array display_custom_bbcodes(); @@ -606,6 +634,7 @@ class ucp_profile if ($config['allow_avatar'] && $auth->acl_get('u_chgavatar')) { + /* @var $phpbb_avatar_manager \phpbb\avatar\manager */ $phpbb_avatar_manager = $phpbb_container->get('avatar.manager'); $avatar_drivers = $phpbb_avatar_manager->get_enabled_drivers(); @@ -731,7 +760,7 @@ class ucp_profile if ($submit) { - $keys = request_var('keys', array('')); + $keys = $request->variable('keys', array('')); if (!check_form_key('ucp_autologin_keys')) { diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php index 3426af95d0..1b62790700 100644 --- a/phpBB/includes/ucp/ucp_register.php +++ b/phpBB/includes/ucp/ucp_register.php @@ -29,7 +29,7 @@ class ucp_register function main($id, $mode) { - global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx; + global $config, $db, $user, $template, $phpbb_root_path, $phpEx; global $request, $phpbb_container, $phpbb_dispatcher; // @@ -42,8 +42,8 @@ class ucp_register $coppa = $request->is_set('coppa') ? (int) $request->variable('coppa', false) : false; $agreed = $request->variable('agreed', false); $submit = $request->is_set_post('submit'); - $change_lang = request_var('change_lang', ''); - $user_lang = request_var('lang', $user->lang_name); + $change_lang = $request->variable('change_lang', ''); + $user_lang = $request->variable('lang', $user->lang_name); if ($agreed) { @@ -77,6 +77,7 @@ class ucp_register } } + /* @var $cp \phpbb\profilefields\manager */ $cp = $phpbb_container->get('profilefields.manager'); $error = $cp_data = $cp_error = array(); @@ -88,6 +89,7 @@ class ucp_register if (!empty($login_link_data)) { // Confirm that we have all necessary data + /* @var $provider_collection \phpbb\auth\provider_collection */ $provider_collection = $phpbb_container->get('auth.provider_collection'); $auth_provider = $provider_collection->get_provider($request->variable('auth_provider', '')); @@ -113,10 +115,10 @@ class ucp_register { // We do not include the password $s_hidden_fields = array_merge($s_hidden_fields, array( - 'username' => utf8_normalize_nfc(request_var('username', '', true)), - 'email' => strtolower(request_var('email', '')), + 'username' => $request->variable('username', '', true), + 'email' => strtolower($request->variable('email', '')), 'lang' => $user->lang_name, - 'tz' => request_var('tz', $config['board_timezone']), + 'tz' => $request->variable('tz', $config['board_timezone']), )); } @@ -200,12 +202,12 @@ class ucp_register $timezone = $config['board_timezone']; $data = array( - 'username' => utf8_normalize_nfc(request_var('username', '', true)), + 'username' => $request->variable('username', '', true), 'new_password' => $request->variable('new_password', '', true), 'password_confirm' => $request->variable('password_confirm', '', true), - 'email' => strtolower(request_var('email', '')), - 'lang' => basename(request_var('lang', $user->lang_name)), - 'tz' => request_var('tz', $timezone), + 'email' => strtolower($request->variable('email', '')), + 'lang' => basename($request->variable('lang', $user->lang_name)), + 'tz' => $request->variable('tz', $timezone), ); /** * Add UCP register data before they are assigned to the template or submitted @@ -334,6 +336,7 @@ class ucp_register } // Instantiate passwords manager + /* @var $passwords_manager \phpbb\passwords\manager */ $passwords_manager = $phpbb_container->get('passwords.manager'); $user_row = array( @@ -439,6 +442,7 @@ class ucp_register if ($config['require_activation'] == USER_ACTIVATION_ADMIN) { + /* @var $phpbb_notifications \phpbb\notification\manager */ $phpbb_notifications = $phpbb_container->get('notification_manager'); $phpbb_notifications->add_notifications('notification.type.admin_activate_user', array( 'user_id' => $user_id, @@ -480,7 +484,6 @@ class ucp_register $s_hidden_fields = array_merge($s_hidden_fields, $captcha->get_hidden_fields()); } $s_hidden_fields = build_hidden_fields($s_hidden_fields); - $confirm_image = ''; // Visual Confirmation - Show images if ($config['enable_confirm']) @@ -503,7 +506,9 @@ class ucp_register break; } - $timezone_selects = phpbb_timezone_select($template, $user, $data['tz'], true); + // Assign template vars for timezone select + phpbb_timezone_select($template, $user, $data['tz'], true); + $template->assign_vars(array( 'ERROR' => (sizeof($error)) ? implode('<br />', $error) : '', 'USERNAME' => $data['username'], diff --git a/phpBB/includes/ucp/ucp_remind.php b/phpBB/includes/ucp/ucp_remind.php index 415bf0e84d..a44f077693 100644 --- a/phpBB/includes/ucp/ucp_remind.php +++ b/phpBB/includes/ucp/ucp_remind.php @@ -29,16 +29,16 @@ class ucp_remind function main($id, $mode) { - global $config, $phpbb_root_path, $phpEx; - global $db, $user, $auth, $template, $phpbb_container; + global $config, $phpbb_root_path, $phpEx, $request; + global $db, $user, $template, $phpbb_container; if (!$config['allow_password_reset']) { trigger_error($user->lang('UCP_PASSWORD_RESET_DISABLED', '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>')); } - $username = request_var('username', '', true); - $email = strtolower(request_var('email', '')); + $username = $request->variable('username', '', true); + $email = strtolower($request->variable('email', '')); $submit = (isset($_POST['submit'])) ? true : false; if ($submit) @@ -79,6 +79,7 @@ class ucp_remind if (!$auth2->acl_get('u_chgpasswd')) { + send_status_line(403, 'Forbidden'); trigger_error('NO_AUTH_PASSWORD_REMINDER'); } @@ -92,6 +93,7 @@ class ucp_remind $user_actkey = gen_rand_string(mt_rand(6, 10)); // Instantiate passwords manager + /* @var $manager \phpbb\passwords\manager */ $passwords_manager = $phpbb_container->get('passwords.manager'); $sql = 'UPDATE ' . USERS_TABLE . " diff --git a/phpBB/includes/ucp/ucp_resend.php b/phpBB/includes/ucp/ucp_resend.php index 9fe8850000..44c54100cd 100644 --- a/phpBB/includes/ucp/ucp_resend.php +++ b/phpBB/includes/ucp/ucp_resend.php @@ -30,10 +30,10 @@ class ucp_resend function main($id, $mode) { global $config, $phpbb_root_path, $phpEx; - global $db, $user, $auth, $template; + global $db, $user, $auth, $template, $request; - $username = request_var('username', '', true); - $email = strtolower(request_var('email', '')); + $username = $request->variable('username', '', true); + $email = strtolower($request->variable('email', '')); $submit = (isset($_POST['submit'])) ? true : false; add_form_key('ucp_resend'); diff --git a/phpBB/includes/ucp/ucp_zebra.php b/phpBB/includes/ucp/ucp_zebra.php index dbf8cf31c1..fa6a03f87c 100644 --- a/phpBB/includes/ucp/ucp_zebra.php +++ b/phpBB/includes/ucp/ucp_zebra.php @@ -25,7 +25,7 @@ class ucp_zebra function main($id, $mode) { - global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx, $request, $phpbb_dispatcher; + global $db, $user, $auth, $template, $phpbb_root_path, $phpEx, $request, $phpbb_dispatcher; $submit = (isset($_POST['submit']) || isset($_GET['add']) || isset($_GET['remove'])) ? true : false; $s_hidden_fields = ''; @@ -44,7 +44,7 @@ class ucp_zebra foreach ($var_ary as $var => $default) { - $data[$var] = request_var($var, $default, true); + $data[$var] = $request->variable($var, $default, true); } if (!empty($data['add']) || sizeof($data['usernames'])) |