aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes')
-rw-r--r--phpBB/includes/acp/acp_language.php2
-rw-r--r--phpBB/includes/acp/acp_profile.php4
-rw-r--r--phpBB/includes/acp/acp_styles.php20
-rw-r--r--phpBB/includes/functions.php8
-rw-r--r--phpBB/includes/functions_convert.php2
-rw-r--r--phpBB/includes/functions_messenger.php8
-rw-r--r--phpBB/includes/functions_privmsgs.php10
-rw-r--r--phpBB/includes/functions_user.php1
-rw-r--r--phpBB/includes/message_parser.php5
-rw-r--r--phpBB/includes/ucp/ucp_pm_options.php4
-rw-r--r--phpBB/includes/utf/utf_tools.php49
11 files changed, 77 insertions, 36 deletions
diff --git a/phpBB/includes/acp/acp_language.php b/phpBB/includes/acp/acp_language.php
index ff827c5141..b59729c873 100644
--- a/phpBB/includes/acp/acp_language.php
+++ b/phpBB/includes/acp/acp_language.php
@@ -163,7 +163,7 @@ class acp_language
case 'download_file':
case 'upload_data':
- if (!$lang_id || empty($_POST['entry']))
+ if (!$lang_id || empty($_POST['entry']) || !is_array($_POST['entry']))
{
trigger_error($user->lang['NO_LANG_ID'] . adm_back_link($this->u_action), E_USER_WARNING);
}
diff --git a/phpBB/includes/acp/acp_profile.php b/phpBB/includes/acp/acp_profile.php
index 3b70b716b4..00f8d64acb 100644
--- a/phpBB/includes/acp/acp_profile.php
+++ b/phpBB/includes/acp/acp_profile.php
@@ -492,11 +492,11 @@ class acp_profile
}
}
}
- else if ($field_type == FIELD_BOOL && $key == 'field_default_value')
+ /* else if ($field_type == FIELD_BOOL && $key == 'field_default_value')
{
// Get the number of options if this key is 'field_maxlen'
$var = request_var('field_default_value', 0);
- }
+ }*/
$cp->vars[$key] = $var;
}
diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php
index 45e0ed35d1..300e795f3b 100644
--- a/phpBB/includes/acp/acp_styles.php
+++ b/phpBB/includes/acp/acp_styles.php
@@ -666,10 +666,8 @@ parse_css_file = {PARSE_CSS_FILE}
$filelist = $filelist_cats = array();
- // we want newlines no carriage returns!
- $_POST['template_data'] = (isset($_POST['template_data']) && !empty($_POST['template_data'])) ? str_replace(array("\r\n", "\r"), array("\n", "\n"), $_POST['template_data']) : '';
-
- $template_data = (STRIP) ? stripslashes($_POST['template_data']) : $_POST['template_data'];
+ $template_data = utf8_normalize_nfc(request_var('template_data', '', true));
+ $template_data = htmlspecialchars_decode($template_data);
$template_file = utf8_normalize_nfc(request_var('template_file', '', true));
$text_rows = max(5, min(999, request_var('text_rows', 20)));
$save_changes = (isset($_POST['save'])) ? true : false;
@@ -871,7 +869,7 @@ parse_css_file = {PARSE_CSS_FILE}
'SELECTED_TEMPLATE' => $template_info['template_name'],
'TEMPLATE_FILE' => $template_file,
- 'TEMPLATE_DATA' => htmlspecialchars($template_data),
+ 'TEMPLATE_DATA' => utf8_htmlspecialchars($template_data),
'TEXT_ROWS' => $text_rows)
);
}
@@ -1021,11 +1019,9 @@ parse_css_file = {PARSE_CSS_FILE}
$filelist = $filelist_cats = array();
- // we want newlines no carriage returns!
- $_POST['template_data'] = (isset($_POST['template_data']) && !empty($_POST['template_data'])) ? str_replace(array("\r\n", "\r"), array("\n", "\n"), $_POST['template_data']) : '';
-
- $theme_data = (STRIP) ? stripslashes($_POST['template_data']) : $_POST['template_data'];
- $theme_file = utf8_normalize_nfc(request_var('template_file', '', true));
+ $theme_data = utf8_normalize_nfc(request_var('template_data', '', true));
+ $theme_data = htmlspecialchars_decode($theme_data);
+ $theme_file = utf8_normalize_nfc(request_var('template_file', '', true));
$text_rows = max(5, min(999, request_var('text_rows', 20)));
$save_changes = (isset($_POST['save'])) ? true : false;
@@ -1040,7 +1036,7 @@ parse_css_file = {PARSE_CSS_FILE}
if (!($theme_info = $db->sql_fetchrow($result)))
{
- trigger_error($user->lang['NO_THEME'] . adm_bacl_link($this->u_action), E_USER_WARNING);
+ trigger_error($user->lang['NO_THEME'] . adm_back_link($this->u_action), E_USER_WARNING);
}
$db->sql_freeresult($result);
@@ -1188,7 +1184,7 @@ parse_css_file = {PARSE_CSS_FILE}
'SELECTED_TEMPLATE' => $theme_info['theme_name'],
'TEMPLATE_FILE' => $theme_file,
- 'TEMPLATE_DATA' => htmlspecialchars($theme_data),
+ 'TEMPLATE_DATA' => utf8_htmlspecialchars($theme_data),
'TEXT_ROWS' => $text_rows)
);
}
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 64162cc598..ea8b45116a 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -1977,7 +1977,7 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo
if (isset($_POST['confirm']))
{
// language frontier
- if ($_POST['confirm'] == $user->lang['YES'])
+ if ($_POST['confirm'] === $user->lang['YES'])
{
$confirm = true;
}
@@ -3498,14 +3498,14 @@ function truncate_string($string, $max_length = 60, $allow_reply = true, $append
}
$_chars = utf8_str_split(htmlspecialchars_decode($string));
- $chars = array_map('htmlspecialchars', $_chars);
+ $chars = array_map('utf8_htmlspecialchars', $_chars);
// Now check the length ;)
if (sizeof($chars) > $max_length)
{
// Cut off the last elements from the array
$string = implode('', array_slice($chars, 0, $max_length));
- $stripped = true;
+ $stripped = true;
}
if ($strip_reply)
@@ -3697,7 +3697,7 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
{
if (@extension_loaded('zlib') && !headers_sent())
{
- ob_end_flush();
+ ob_flush();
}
}
diff --git a/phpBB/includes/functions_convert.php b/phpBB/includes/functions_convert.php
index 5e1159cb22..12b3109430 100644
--- a/phpBB/includes/functions_convert.php
+++ b/phpBB/includes/functions_convert.php
@@ -228,7 +228,7 @@ function validate_website($url)
{
return '';
}
- else if (strpos(strtolower($url), 'http://') !== 0 && strlen($url) > 0)
+ else if (!preg_match('#^[a-z0-9]+://#i', $url) && strlen($url) > 0)
{
return 'http://' . $url;
}
diff --git a/phpBB/includes/functions_messenger.php b/phpBB/includes/functions_messenger.php
index cbc6dc5031..735588ce21 100644
--- a/phpBB/includes/functions_messenger.php
+++ b/phpBB/includes/functions_messenger.php
@@ -399,12 +399,12 @@ class messenger
if ($config['smtp_delivery'])
{
- $result = smtpmail($this->addresses, mail_encode($this->subject), wordwrap($this->msg), $err_msg, $headers);
+ $result = smtpmail($this->addresses, mail_encode($this->subject), utf8_wordwrap($this->msg), $err_msg, $headers);
}
else
{
ob_start();
- $result = $config['email_function_name']($mail_to, mail_encode($this->subject), implode("\n", preg_split("/\r?\n/", wordwrap($this->msg))), $headers);
+ $result = $config['email_function_name']($mail_to, mail_encode($this->subject), utf8_wordwrap($this->msg), $headers);
$err_msg = ob_get_clean();
}
@@ -633,12 +633,12 @@ class queue
if ($config['smtp_delivery'])
{
- $result = smtpmail($addresses, mail_encode($subject), wordwrap($msg), $err_msg, $headers);
+ $result = smtpmail($addresses, mail_encode($subject), utf8_wordwrap($msg), $err_msg, $headers);
}
else
{
ob_start();
- $result = $config['email_function_name']($to, mail_encode($subject), implode("\n", preg_split("/\r?\n/", wordwrap($msg))), $headers);
+ $result = $config['email_function_name']($to, mail_encode($subject), utf8_wordwrap($msg), $headers);
$err_msg = ob_get_clean();
}
diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php
index 61f4648f4f..2a8990b607 100644
--- a/phpBB/includes/functions_privmsgs.php
+++ b/phpBB/includes/functions_privmsgs.php
@@ -1348,10 +1348,12 @@ function submit_pm($mode, $subject, &$data, $put_in_outbox = true)
if (isset($data['address_list']['g']) && sizeof($data['address_list']['g']))
{
- $sql = 'SELECT group_id, user_id
- FROM ' . USER_GROUP_TABLE . '
- WHERE ' . $db->sql_in_set('group_id', array_keys($data['address_list']['g'])) . '
- AND user_pending = 0';
+ $sql = 'SELECT u.user_type, ug.group_id, ug.user_id
+ FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . ' ug
+ WHERE ' . $db->sql_in_set('ug.group_id', array_keys($data['address_list']['g'])) . '
+ AND ug.user_pending = 0
+ AND u.user_id = ug.user_id
+ AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')';
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php
index cee09bef7c..fed783e880 100644
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@@ -173,6 +173,7 @@ function user_add($user_row, $cp_data = false)
'user_ip' => '',
'user_regdate' => time(),
'user_passchg' => time(),
+ 'user_options' => 895,
'user_inactive_reason' => 0,
'user_inactive_time' => 0,
diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php
index ea28061da0..fda31a20e3 100644
--- a/phpBB/includes/message_parser.php
+++ b/phpBB/includes/message_parser.php
@@ -1370,9 +1370,10 @@ class parse_message extends bbcode_firstpass
{
include_once($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
- $index = (int) key($_POST['delete_file']);
+ $index = array_keys(request_var('delete_file', array(0 => 0)));
+ $index = (!empty($index[0])) ? $index[0] : false;
- if (!empty($this->attachment_data[$index]))
+ if ($index !== false && !empty($this->attachment_data[$index]))
{
// delete selected attachment
if ($this->attachment_data[$index]['is_orphan'])
diff --git a/phpBB/includes/ucp/ucp_pm_options.php b/phpBB/includes/ucp/ucp_pm_options.php
index 95326090c7..b4f2cbeb65 100644
--- a/phpBB/includes/ucp/ucp_pm_options.php
+++ b/phpBB/includes/ucp/ucp_pm_options.php
@@ -312,8 +312,8 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit
// Remove Rule
if (isset($_POST['delete_rule']) && !isset($_POST['cancel']))
{
- $delete_id = array_map('intval', array_keys($_POST['delete_rule']));
- $delete_id = (int) $delete_id[0];
+ $delete_id = array_keys(request_var('delete_rule', array(0 => 0)));
+ $delete_id = (!empty($delete_id[0])) ? $delete_id[0] : 0;
if (!$delete_id)
{
diff --git a/phpBB/includes/utf/utf_tools.php b/phpBB/includes/utf/utf_tools.php
index 0c855be7c3..9ee39570a9 100644
--- a/phpBB/includes/utf/utf_tools.php
+++ b/phpBB/includes/utf/utf_tools.php
@@ -6,9 +6,6 @@
* @copyright (c) 2006 phpBB Group
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
*
-* @todo make sure the replacements are called correctly
-* already done: strtolower, strtoupper, ucfirst, str_split, strrpos, strlen (hopefully!), strpos, substr, htmlspecialchars
-* remaining: strspn, chr, ord
*/
/**
@@ -621,7 +618,7 @@ else
* @author Harry Fuecks
* @param string $str UTF-8 encoded
* @param int $split_len number to characters to split string by
-* @return string characters in string reverses
+* @return array characters in string reverses
*/
function utf8_str_split($str, $split_len = 1)
{
@@ -1864,4 +1861,48 @@ function utf8_convert_message($message)
return utf8_htmlspecialchars(utf8_recode($message, 'ISO-8859-1'));
}
+/**
+* UTF8-compatible wordwrap replacement
+*
+* @param string $string The input string
+* @param int $width The column width. Defaults to 75.
+* @param string $break The line is broken using the optional break parameter. Defaults to '\n'.
+* @param bool $cut If the cut is set to TRUE, the string is always wrapped at the specified width. So if you have a word that is larger than the given width, it is broken apart.
+*
+* @return string the given string wrapped at the specified column.
+*
+*/
+function utf8_wordwrap($string, $width = 75, $break = "\n", $cut = false)
+{
+ // If cutting, we just split by $width chars
+ if ($cut)
+ {
+ return implode($break, utf8_str_split($string, $width));
+ }
+
+ // If not cutting, we first need to explode on spacer and then merge
+ $words = explode(' ', $string);
+ $lines = array();
+ $index = 0;
+
+ foreach ($words as $word)
+ {
+ if (!isset($lines[$index]))
+ {
+ $lines[$index] = '';
+ }
+
+ if (!empty($lines[$index]) && utf8_strlen($lines[$index]) > $width)
+ {
+ $lines[$index] = substr($lines[$index], 0, -1);
+ $index++;
+ $lines[$index] = '';
+ }
+
+ $lines[$index] .= $word . ' ';
+ }
+
+ return implode($break, $lines);
+}
+
?> \ No newline at end of file
generated by cgit v1.2.1 (git 2.21.0) at 2025-07-30 21:38:31 +0000