aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes')
-rw-r--r--phpBB/includes/acp/acp_attachments.php149
-rw-r--r--phpBB/includes/acp/acp_board.php6
-rw-r--r--phpBB/includes/acp/acp_bots.php6
-rw-r--r--phpBB/includes/acp/acp_captcha.php2
-rw-r--r--phpBB/includes/acp/acp_email.php1
-rw-r--r--phpBB/includes/acp/acp_forums.php12
-rw-r--r--phpBB/includes/acp/acp_groups.php1
-rw-r--r--phpBB/includes/acp/acp_main.php14
-rw-r--r--phpBB/includes/acp/acp_permissions.php11
-rw-r--r--phpBB/includes/acp/acp_users.php15
-rw-r--r--phpBB/includes/constants.php13
-rw-r--r--phpBB/includes/functions.php73
-rw-r--r--phpBB/includes/functions_admin.php6
-rw-r--r--phpBB/includes/functions_display.php54
-rw-r--r--phpBB/includes/functions_posting.php129
-rw-r--r--phpBB/includes/functions_privmsgs.php78
-rw-r--r--phpBB/includes/functions_upload.php18
-rw-r--r--phpBB/includes/functions_user.php25
-rw-r--r--phpBB/includes/mcp/mcp_post.php2
-rw-r--r--phpBB/includes/mcp/mcp_topic.php2
-rwxr-xr-xphpBB/includes/mcp/mcp_warn.php2
-rw-r--r--phpBB/includes/message_parser.php214
-rw-r--r--phpBB/includes/session.php64
-rw-r--r--phpBB/includes/ucp/ucp_groups.php3
-rw-r--r--phpBB/includes/ucp/ucp_pm.php2
-rw-r--r--phpBB/includes/ucp/ucp_pm_compose.php40
-rw-r--r--phpBB/includes/ucp/ucp_pm_options.php3
-rw-r--r--phpBB/includes/ucp/ucp_pm_viewmessage.php6
-rw-r--r--phpBB/includes/ucp/ucp_profile.php8
29 files changed, 635 insertions, 324 deletions
diff --git a/phpBB/includes/acp/acp_attachments.php b/phpBB/includes/acp/acp_attachments.php
index 0b3e9dda0a..acb1319c16 100644
--- a/phpBB/includes/acp/acp_attachments.php
+++ b/phpBB/includes/acp/acp_attachments.php
@@ -825,24 +825,45 @@ class acp_attachments
$add_files = (isset($_POST['add'])) ? array_keys(request_var('add', array('' => 0))) : array();
$post_ids = request_var('post_id', array('' => 0));
- foreach ($delete_files as $delete)
+ if (sizeof($delete_files))
{
- phpbb_unlink($delete);
- phpbb_unlink($delete, 'thumbnail');
+ $sql = 'SELECT *
+ FROM ' . ATTACHMENTS_TABLE . '
+ WHERE ' . $db->sql_in_set('attach_id', $delete_files) . '
+ AND is_orphan = 1';
+ $result = $db->sql_query($sql);
+
+ $delete_files = array();
+ while ($row = $db->sql_fetchrow($result))
+ {
+ phpbb_unlink($row['physical_filename']);
+
+ if ($row['thumbnail'])
+ {
+ phpbb_unlink($row['physical_filename'], 'thumbnail');
+ }
+
+ $delete_files[$row['attach_id']] = $row['real_filename'];
+ }
+ $db->sql_freeresult($result);
}
if (sizeof($delete_files))
{
+ $sql = 'DELETE FROM ' . ATTACHMENTS_TABLE . '
+ WHERE ' . $db->sql_in_set('attach_id', array_keys($delete_files));
+ $db->sql_query($sql);
+
add_log('admin', 'LOG_ATTACH_ORPHAN_DEL', implode(', ', $delete_files));
$notify[] = sprintf($user->lang['LOG_ATTACH_ORPHAN_DEL'], implode(', ', $delete_files));
}
$upload_list = array();
- foreach ($add_files as $file)
+ foreach ($add_files as $attach_id)
{
- if (!in_array($file, $delete_files) && $post_ids[$file])
+ if (!in_array($attach_id, array_keys($delete_files)) && !empty($post_ids[$attach_id]))
{
- $upload_list[$post_ids[$file]] = $file;
+ $upload_list[$attach_id] = $post_ids[$attach_id];
}
}
unset($add_files);
@@ -851,13 +872,10 @@ class acp_attachments
{
$template->assign_var('S_UPLOADING_FILES', true);
- include_once($phpbb_root_path . 'includes/message_parser.' . $phpEx);
- $message_parser = new parse_message();
-
$sql = 'SELECT forum_id, forum_name
FROM ' . FORUMS_TABLE;
$result = $db->sql_query($sql);
-
+
$forum_names = array();
while ($row = $db->sql_fetchrow($result))
{
@@ -865,30 +883,67 @@ class acp_attachments
}
$db->sql_freeresult($result);
- $sql = 'SELECT forum_id, topic_id, post_id
+ $sql = 'SELECT forum_id, topic_id, post_id, poster_id
FROM ' . POSTS_TABLE . '
- WHERE ' . $db->sql_in_set('post_id', array_keys($upload_list));
+ WHERE ' . $db->sql_in_set('post_id', $upload_list);
$result = $db->sql_query($sql);
+ $post_info = array();
while ($row = $db->sql_fetchrow($result))
{
- $return = true;
+ $post_info[$row['post_id']] = $row;
+ }
+ $db->sql_freeresult($result);
- if ($auth->acl_get('f_attach', $row['forum_id']))
+ // Select those attachments we want to change...
+ $sql = 'SELECT *
+ FROM ' . ATTACHMENTS_TABLE . '
+ WHERE ' . $db->sql_in_set('attach_id', array_keys($upload_list)) . '
+ AND is_orphan = 1';
+ $result = $db->sql_query($sql);
+
+ while ($row = $db->sql_fetchrow($result))
+ {
+ $post_row = $post_info[$upload_list[$row['attach_id']]];
+
+ $template->assign_block_vars('upload', array(
+ 'FILE_INFO' => sprintf($user->lang['UPLOADING_FILE_TO'], $row['real_filename'], $post_row['post_id']),
+ 'S_DENIED' => (!$auth->acl_get('f_attach', $post_row['forum_id'])) ? true : false,
+ 'L_DENIED' => (!$auth->acl_get('f_attach', $post_row['forum_id'])) ? sprintf($user->lang['UPLOAD_DENIED_FORUM'], $forum_names[$row['forum_id']]) : '')
+ );
+
+ if (!$auth->acl_get('f_attach', $post_row['forum_id']))
{
- $return = $this->upload_file($row['post_id'], $row['topic_id'], $row['forum_id'], $config['upload_path'], $upload_list[$row['post_id']]);
+ continue;
}
- $template->assign_block_vars('upload', array(
- 'FILE_INFO' => sprintf($user->lang['UPLOADING_FILE_TO'], $upload_list[$row['post_id']], $row['post_id']),
- 'S_DENIED' => (!$auth->acl_get('f_attach', $row['forum_id'])) ? true : false,
- 'L_DENIED' => (!$auth->acl_get('f_attach', $row['forum_id'])) ? sprintf($user->lang['UPLOAD_DENIED_FORUM'], $forum_names[$row['forum_id']]) : '',
- 'ERROR_MSG' => ($return === true) ? false : $return)
+ // Adjust attachment entry
+ $sql_ary = array(
+ 'in_message' => 0,
+ 'is_orphan' => 0,
+ 'poster_id' => $post_row['poster_id'],
+ 'post_msg_id' => $post_row['post_id'],
+ 'topic_id' => $post_row['topic_id'],
);
+
+ $sql = 'UPDATE ' . ATTACHMENTS_TABLE . '
+ SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
+ WHERE attach_id = ' . $row['attach_id'];
+ $db->sql_query($sql);
+
+ $sql = 'UPDATE ' . POSTS_TABLE . '
+ SET post_attachment = 1
+ WHERE post_id = ' . $post_row['post_id'];
+ $db->sql_query($sql);
+
+ $sql = 'UPDATE ' . TOPICS_TABLE . '
+ SET topic_attachment = 1
+ WHERE topic_id = ' . $post_row['topic_id'];
+ $db->sql_query($sql);
+
+ add_log('admin', 'LOG_ATTACH_FILEUPLOAD', $post_row['post_id'], $row['real_filename']);
}
$db->sql_freeresult($result);
-
- unset($message_parser);
}
}
@@ -896,43 +951,31 @@ class acp_attachments
'S_ORPHAN' => true)
);
- $attach_filelist = array();
-
- $dir = @opendir($phpbb_root_path . $config['upload_path']);
- while (($file = @readdir($dir)) !== false)
- {
- if (is_file($phpbb_root_path . $config['upload_path'] . '/' . $file) && filesize($phpbb_root_path . $config['upload_path'] . '/' . $file) && $file{0} != '.' && $file != 'index.htm' && !preg_match('#^thumb\_#', $file))
- {
- $attach_filelist[$file] = $file;
- }
- }
- @closedir($dir);
-
- $sql = 'SELECT physical_filename
- FROM ' . ATTACHMENTS_TABLE;
+ // Just get the files with is_orphan set and older than 3 hours
+ $sql = 'SELECT *
+ FROM ' . ATTACHMENTS_TABLE . '
+ WHERE is_orphan = 1
+ AND filetime < ' . (time() - 3*60*60) . '
+ ORDER BY filetime DESC';
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
- unset($attach_filelist[$row['physical_filename']]);
- }
- $db->sql_freeresult($result);
-
- $i = 0;
- foreach ($attach_filelist as $file)
- {
- $filesize = @filesize($phpbb_root_path . $config['upload_path'] . '/' . $file);
- $size_lang = ($filesize >= 1048576) ? $user->lang['MB'] : ( ($filesize >= 1024) ? $user->lang['KB'] : $user->lang['BYTES'] );
- $filesize = ($filesize >= 1048576) ? round((round($filesize / 1048576 * 100) / 100), 2) : (($filesize >= 1024) ? round((round($filesize / 1024 * 100) / 100), 2) : $filesize);
+ $size_lang = ($row['filesize'] >= 1048576) ? $user->lang['MB'] : (($row['filesize'] >= 1024) ? $user->lang['KB'] : $user->lang['BYTES']);
+ $row['filesize'] = ($row['filesize'] >= 1048576) ? round((round($row['filesize'] / 1048576 * 100) / 100), 2) : (($row['filesize'] >= 1024) ? round((round($row['filesize'] / 1024 * 100) / 100), 2) : $row['filesize']);
$template->assign_block_vars('orphan', array(
- 'FILESIZE' => $filesize . ' ' . $size_lang,
- 'U_FILE' => $phpbb_root_path . $config['upload_path'] . '/' . $file,
- 'FILE' => $file,
- 'POST_IDS' => (!empty($post_ids[$file])) ? $post_ids[$file] : '')
+ 'FILESIZE' => $row['filesize'] . ' ' . $size_lang,
+ 'FILETIME' => $user->format_date($row['filetime']),
+ 'REAL_FILENAME' => basename($row['real_filename']),
+ 'PHYSICAL_FILENAME' => basename($row['physical_filename']),
+ 'ATTACH_ID' => $row['attach_id'],
+ 'POST_IDS' => (!empty($post_ids[$row['attach_id']])) ? $post_ids[$row['attach_id']] : '',
+ 'U_FILE' => append_sid($phpbb_root_path . 'download.' . $phpEx, 'id=' . $row['attach_id']))
);
}
-
+ $db->sql_freeresult($result);
+
break;
}
@@ -1083,15 +1126,12 @@ class acp_attachments
/**
* Upload already uploaded file... huh? are you kidding?
- */
function upload_file($post_id, $topic_id, $forum_id, $upload_dir, $filename)
{
global $message_parser, $db, $user, $phpbb_root_path;
$message_parser->attachment_data = array();
-
$message_parser->filename_data['filecomment'] = '';
- $message_parser->filename_data['filename'] = $phpbb_root_path . $upload_dir . '/' . basename($filename);
$filedata = upload_attachment('local', $forum_id, true, $phpbb_root_path . $upload_dir . '/' . basename($filename));
@@ -1144,6 +1184,7 @@ class acp_attachments
return sprintf($user->lang['ADMIN_UPLOAD_ERROR'], implode('<br />', $filedata['error']));
}
}
+ */
/**
* Search Imagick
diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php
index 5f5cf6cd99..5e181b6dd6 100644
--- a/phpBB/includes/acp/acp_board.php
+++ b/phpBB/includes/acp/acp_board.php
@@ -65,10 +65,6 @@ class acp_board
'allow_bbcode' => array('lang' => 'ALLOW_BBCODE', 'type' => 'radio:yes_no', 'explain' => false),
'allow_smilies' => array('lang' => 'ALLOW_SMILIES', 'type' => 'radio:yes_no', 'explain' => false),
'allow_sig' => array('lang' => 'ALLOW_SIG', 'type' => 'radio:yes_no', 'explain' => false),
- 'allow_sig_bbcode' => array('lang' => 'ALLOW_SIG_BBCODE', 'type' => 'radio:yes_no', 'explain' => false),
- 'allow_sig_img' => array('lang' => 'ALLOW_SIG_IMG', 'type' => 'radio:yes_no', 'explain' => false),
- 'allow_sig_flash' => array('lang' => 'ALLOW_SIG_FLASH', 'type' => 'radio:yes_no', 'explain' => false),
- 'allow_sig_smilies' => array('lang' => 'ALLOW_SIG_SMILIES', 'type' => 'radio:yes_no', 'explain' => false),
'allow_nocensors' => array('lang' => 'ALLOW_NO_CENSORS', 'type' => 'radio:yes_no', 'explain' => true),
'allow_bookmarks' => array('lang' => 'ALLOW_BOOKMARKS', 'type' => 'radio:yes_no', 'explain' => true),
@@ -138,6 +134,7 @@ class acp_board
'allow_forum_notify' => array('lang' => 'ALLOW_FORUM_NOTIFY', 'type' => 'radio:yes_no', 'explain' => false),
'allow_bbcode' => array('lang' => 'ALLOW_BBCODE', 'type' => 'radio:yes_no', 'explain' => false),
'allow_smilies' => array('lang' => 'ALLOW_SMILIES', 'type' => 'radio:yes_no', 'explain' => false),
+ 'allow_post_links' => array('lang' => 'ALLOW_POST_LINKS', 'type' => 'radio:yes_no', 'explain' => true),
'allow_nocensors' => array('lang' => 'ALLOW_NO_CENSORS', 'type' => 'radio:yes_no', 'explain' => true),
'allow_bookmarks' => array('lang' => 'ALLOW_BOOKMARKS', 'type' => 'radio:yes_no', 'explain' => true),
'enable_post_confirm' => array('lang' => 'VISUAL_CONFIRM_POST', 'type' => 'radio:yes_no', 'explain' => true),
@@ -173,6 +170,7 @@ class acp_board
'allow_sig_img' => array('lang' => 'ALLOW_SIG_IMG', 'type' => 'radio:yes_no', 'explain' => false),
'allow_sig_flash' => array('lang' => 'ALLOW_SIG_FLASH', 'type' => 'radio:yes_no', 'explain' => false),
'allow_sig_smilies' => array('lang' => 'ALLOW_SIG_SMILIES', 'type' => 'radio:yes_no', 'explain' => false),
+ 'allow_sig_links' => array('lang' => 'ALLOW_SIG_LINKS', 'type' => 'radio:yes_no', 'explain' => true),
'legend2' => 'GENERAL_SETTINGS',
'max_sig_chars' => array('lang' => 'MAX_SIG_LENGTH', 'type' => 'text:5:4', 'explain' => true),
diff --git a/phpBB/includes/acp/acp_bots.php b/phpBB/includes/acp/acp_bots.php
index fcee10fde5..1cda4a3c78 100644
--- a/phpBB/includes/acp/acp_bots.php
+++ b/phpBB/includes/acp/acp_bots.php
@@ -142,6 +142,12 @@ class acp_bots
}
$bot_row['bot_ip'] = str_replace(' ', '', $bot_row['bot_ip']);
+ // Make sure the admin is not adding a bot with an user agent similar to his one
+ if ($bot_row['bot_agent'] && substr($user->data['session_browser'], 0, 149) === substr($bot_row['bot_agent'])
+ {
+ $error[] = $user->lang['ERR_BOT_AGENT_MATCHES_UA'];
+ }
+
if (!sizeof($error))
{
$db->sql_transaction('begin');
diff --git a/phpBB/includes/acp/acp_captcha.php b/phpBB/includes/acp/acp_captcha.php
index 2ae65b7687..b3d13c42f9 100644
--- a/phpBB/includes/acp/acp_captcha.php
+++ b/phpBB/includes/acp/acp_captcha.php
@@ -71,7 +71,7 @@ class acp_captcha
$template->assign_var('GD', true);
foreach ($policy_modules as $module_name)
{
- $template->assign_var('U_' . strtoupper($module_name), sprintf($user->lang['CAPTCHA_EXPLAIN'], '<a href="' . append_sid("{$phpbb_root_path}adm/index.$phpEx", 'i=captcha&amp;mode=img&amp;policy=' . $module_name) . '" target="_blank">', '</a>'));
+ $template->assign_var('U_' . strtoupper($module_name), sprintf($user->lang['CAPTCHA_EXPLAIN'], '<a href="' . append_sid("{$phpbb_root_path}adm/index.$phpEx", 'i=captcha&amp;mode=img&amp;policy=' . $module_name) . '">', '</a>'));
}
if (function_exists('imagettfbbox') && function_exists('imagettftext'))
{
diff --git a/phpBB/includes/acp/acp_email.php b/phpBB/includes/acp/acp_email.php
index c977d405cc..b727829dc4 100644
--- a/phpBB/includes/acp/acp_email.php
+++ b/phpBB/includes/acp/acp_email.php
@@ -217,6 +217,7 @@ class acp_email
'S_GROUP_OPTIONS' => $select_list,
'USERNAMES' => $usernames,
'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&amp;form=acp_email&amp;field=usernames'),
+ 'UA_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=acp_email&field=usernames', false),
'SUBJECT' => $subject,
'MESSAGE' => $message,
'S_PRIORITY_OPTIONS' => $s_priority_options)
diff --git a/phpBB/includes/acp/acp_forums.php b/phpBB/includes/acp/acp_forums.php
index aad3306f3e..5f70a15fc7 100644
--- a/phpBB/includes/acp/acp_forums.php
+++ b/phpBB/includes/acp/acp_forums.php
@@ -543,12 +543,12 @@ class acp_forums
'S_TOPIC_ICONS' => ($forum_data['enable_icons']) ? true : false,
'S_DISPLAY_ON_INDEX' => ($forum_data['display_on_index']) ? true : false,
'S_PRUNE_ENABLE' => ($forum_data['enable_prune']) ? true : false,
- 'S_FORUM_LINK_TRACK' => ($forum_data['forum_flags'] & 1) ? true : false,
- 'S_PRUNE_OLD_POLLS' => ($forum_data['forum_flags'] & 2) ? true : false,
- 'S_PRUNE_ANNOUNCE' => ($forum_data['forum_flags'] & 4) ? true : false,
- 'S_PRUNE_STICKY' => ($forum_data['forum_flags'] & 8) ? true : false,
- 'S_DISPLAY_ACTIVE_TOPICS' => ($forum_data['forum_flags'] & 16) ? true : false,
- 'S_ENABLE_POST_REVIEW' => ($forum_data['forum_flags'] & 32) ? true : false,
+ 'S_FORUM_LINK_TRACK' => ($forum_data['forum_flags'] & FORUM_FLAG_LINK_TRACK) ? true : false,
+ 'S_PRUNE_OLD_POLLS' => ($forum_data['forum_flags'] & FORUM_FLAG_PRUNE_POLL) ? true : false,
+ 'S_PRUNE_ANNOUNCE' => ($forum_data['forum_flags'] & FORUM_FLAG_PRUNE_ANNOUNCE) ? true : false,
+ 'S_PRUNE_STICKY' => ($forum_data['forum_flags'] & FORUM_FLAG_PRUNE_STICKY) ? true : false,
+ 'S_DISPLAY_ACTIVE_TOPICS' => ($forum_data['forum_flags'] & FORUM_FLAG_ACTIVE_TOPICS) ? true : false,
+ 'S_ENABLE_POST_REVIEW' => ($forum_data['forum_flags'] & FORUM_FLAG_POST_REVIEW) ? true : false,
)
);
diff --git a/phpBB/includes/acp/acp_groups.php b/phpBB/includes/acp/acp_groups.php
index 1443cf476a..13e1c11cdf 100644
--- a/phpBB/includes/acp/acp_groups.php
+++ b/phpBB/includes/acp/acp_groups.php
@@ -614,6 +614,7 @@ class acp_groups
'U_ACTION' => $this->u_action . "&amp;g=$group_id",
'U_BACK' => $this->u_action,
'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&amp;form=list&amp;field=usernames'),
+ 'UA_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=list&field=usernames', false),
'U_DEFAULT_ALL' => "{$this->u_action}&amp;action=default&amp;g=$group_id")
);
diff --git a/phpBB/includes/acp/acp_main.php b/phpBB/includes/acp/acp_main.php
index 7246395ecc..8b165160fd 100644
--- a/phpBB/includes/acp/acp_main.php
+++ b/phpBB/includes/acp/acp_main.php
@@ -215,14 +215,16 @@ class acp_main
set_config('num_users', (int) $row['stat'], true);
$sql = 'SELECT COUNT(attach_id) as stat
- FROM ' . ATTACHMENTS_TABLE;
+ FROM ' . ATTACHMENTS_TABLE . '
+ WHERE is_orphan = 0';
$result = $db->sql_query($sql);
set_config('num_files', (int) $db->sql_fetchfield('stat'), true);
$db->sql_freeresult($result);
$sql = 'SELECT SUM(filesize) as stat
- FROM ' . ATTACHMENTS_TABLE;
+ FROM ' . ATTACHMENTS_TABLE . '
+ WHERE is_orphan = 0';
$result = $db->sql_query($sql);
set_config('upload_dir_size', (int) $db->sql_fetchfield('stat'), true);
@@ -404,6 +406,13 @@ class acp_main
$files_per_day = $total_files;
}
+ $sql = 'SELECT COUNT(attach_id) total_orphan
+ FROM ' . ATTACHMENTS_TABLE . '
+ WHERE is_orphan = 1';
+ $result = $db->sql_query($sql);
+ $total_orphan = (int) $db->sql_fetchfield('total_orphan');
+ $db->sql_freeresult($result);
+
$dbsize = get_database_size();
$s_action_options = build_select(array('online' => 'RESET_ONLINE', 'date' => 'RESET_DATE', 'stats' => 'RESYNC_STATS', 'user' => 'RESYNC_POSTCOUNTS', 'db_track' => 'RESYNC_POST_MARKING'));
@@ -420,6 +429,7 @@ class acp_main
'AVATAR_DIR_SIZE' => $avatar_dir_size,
'DBSIZE' => $dbsize,
'UPLOAD_DIR_SIZE' => $upload_dir_size,
+ 'TOTAL_ORPHAN' => $total_orphan,
'GZIP_COMPRESSION' => ($config['gzip_compress']) ? $user->lang['ON'] : $user->lang['OFF'],
'DATABASE_INFO' => $db->sql_server_info(),
diff --git a/phpBB/includes/acp/acp_permissions.php b/phpBB/includes/acp/acp_permissions.php
index fe244b7175..de3948d551 100644
--- a/phpBB/includes/acp/acp_permissions.php
+++ b/phpBB/includes/acp/acp_permissions.php
@@ -331,7 +331,8 @@ class acp_permissions
$template->assign_vars(array(
'S_SELECT_USER' => true,
- 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&amp;form=select_victim&amp;field=username'))
+ 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&amp;form=select_victim&amp;field=username'),
+ 'UA_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=select_victim&field=username', false))
);
break;
@@ -393,17 +394,23 @@ class acp_permissions
'S_DEFINED_USER_OPTIONS' => $items['user_ids_options'],
'S_DEFINED_GROUP_OPTIONS' => $items['group_ids_options'],
'S_ADD_GROUP_OPTIONS' => group_select_options(false, $items['group_ids']),
- 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&amp;form=add_user&amp;field=username'))
+ 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&amp;form=add_user&amp;field=username'),
+ 'UA_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=add_user&field=username', false))
);
break;
}
+ // The S_ALLOW_SELECT parameter below is a measure to lower memory usage.
+ // If there are more than 5 forums selected the admin is not able to select all users/groups too.
+ // We need to see if the number of forums can be increased or need to be decreased.
+
$template->assign_vars(array(
'U_ACTION' => $this->u_action,
'ANONYMOUS_USER_ID' => ANONYMOUS,
'S_SELECT_VICTIM' => true,
+ 'S_ALLOW_ALL_SELECT' => (sizeof($forum_id) > 5) ? false : true,
'S_CAN_SELECT_USER' => ($auth->acl_get('a_authusers')) ? true : false,
'S_CAN_SELECT_GROUP' => ($auth->acl_get('a_authgroups')) ? true : false,
'S_HIDDEN_FIELDS' => $s_hidden_fields)
diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php
index 12fb528830..cc5c1ffa78 100644
--- a/phpBB/includes/acp/acp_users.php
+++ b/phpBB/includes/acp/acp_users.php
@@ -53,7 +53,7 @@ class acp_users
if ($ipwhois = user_ipwhois($user_ip))
{
$ipwhois = preg_replace('#(\s)([\w\-\._\+]+@[\w\-\.]+)(\s)#', '\1<a href="mailto:\2">\2</a>\3', $ipwhois);
- $ipwhois = preg_replace('#(\s)(http:/{2}[^\s]*)(\s)#', '\1<a href="\2" target="_blank">\2</a>\3', $ipwhois);
+ $ipwhois = preg_replace('#(\s)(http:/{2}[^\s]*)(\s)#', '\1<a href="\2">\2</a>\3', $ipwhois);
}
$template->assign_vars(array(
@@ -75,6 +75,7 @@ class acp_users
'S_SELECT_USER' => true,
'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&amp;form=select_user&amp;field=username'),
+ 'UA_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=select_user&field=username', false),
)
);
@@ -241,8 +242,8 @@ class acp_users
user_ban(substr($action, 3), $ban, 0, 0, 0, $user->lang[$reason]);
- add_log('admin', $log, $user->lang[$reason]);
- add_log('user', $user_id, $log, $user->lang[$reason]);
+ add_log('admin', $log, $user->lang[$reason], implode(', ', $ban));
+ add_log('user', $user_id, $log, $user->lang[$reason], implode(', ', $ban));
trigger_error($user->lang['BAN_SUCCESSFUL'] . adm_back_link($this->u_action . '&amp;u=' . $user_id));
@@ -1558,7 +1559,7 @@ class acp_users
$message_parser = new parse_message($signature);
// Allowing Quote BBCode
- $message_parser->parse($enable_bbcode, $enable_urls, $enable_smilies, $config['allow_sig_img'], $config['allow_sig_flash'], true, true, 'sig');
+ $message_parser->parse($enable_bbcode, ($config['allow_sig_links']) ? $enable_urls : false, $enable_smilies, $config['allow_sig_img'], $config['allow_sig_flash'], true, $config['allow_sig_links'], true, 'sig');
if (sizeof($message_parser->warn_msg))
{
@@ -1606,17 +1607,19 @@ class acp_users
'S_SMILIES_CHECKED' => (!$enable_smilies) ? 'checked="checked"' : '',
'S_MAGIC_URL_CHECKED' => (!$enable_urls) ? 'checked="checked"' : '',
- 'BBCODE_STATUS' => ($config['allow_sig_bbcode']) ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '" onclick="target=\'_phpbbcode\';">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '" onclick="target=\'_phpbbcode\';">', '</a>'),
+ 'BBCODE_STATUS' => ($config['allow_sig_bbcode']) ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '">', '</a>'),
'SMILIES_STATUS' => ($config['allow_sig_smilies']) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'],
'IMG_STATUS' => ($config['allow_sig_img']) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'],
'FLASH_STATUS' => ($config['allow_sig_flash']) ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'],
+ 'URL_STATUS' => ($config['allow_sig_links']) ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'],
'L_SIGNATURE_EXPLAIN' => sprintf($user->lang['SIGNATURE_EXPLAIN'], $config['max_sig_chars']),
'S_BBCODE_ALLOWED' => $config['allow_sig_bbcode'],
'S_SMILIES_ALLOWED' => $config['allow_sig_smilies'],
'S_BBCODE_IMG' => ($config['allow_sig_img']) ? true : false,
- 'S_BBCODE_FLASH' => ($config['allow_sig_flash']) ? true : false)
+ 'S_BBCODE_FLASH' => ($config['allow_sig_flash']) ? true : false,
+ 'S_LINKS_ALLOWED' => ($config['allow_sig_links']) ? true : false)
);
// Assigning custom bbcodes
diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php
index 55c7ec7428..f20729e6c6 100644
--- a/phpBB/includes/constants.php
+++ b/phpBB/includes/constants.php
@@ -61,6 +61,19 @@ define('ITEM_UNLOCKED', 0);
define('ITEM_LOCKED', 1);
define('ITEM_MOVED', 2);
+// Forum Flags
+define('FORUM_FLAG_LINK_TRACK', 1);
+define('FORUM_FLAG_PRUNE_POLL', 2);
+define('FORUM_FLAG_PRUNE_ANNOUNCE', 4);
+define('FORUM_FLAG_PRUNE_STICKY', 8);
+define('FORUM_FLAG_ACTIVE_TOPICS', 16);
+define('FORUM_FLAG_POST_REVIEW', 32);
+
+// Optional text flags
+define('OPTION_FLAG_BBCODE', 1);
+define('OPTION_FLAG_SMILIES', 2);
+define('OPTION_FLAG_LINKS', 4);
+
// Topic types
define('POST_NORMAL', 0);
define('POST_STICKY', 1);
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 88cdab17d2..620b64a54a 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -2146,21 +2146,10 @@ function decode_message(&$message, $bbcode_uid = '')
$message = str_replace($match, $replace, $message);
- $match = array(
- '#<!\-\- e \-\-><a href="mailto:(.*?)">.*?</a><!\-\- e \-\->#',
- '#<!\-\- m \-\-><a href="(.*?)" target="_blank">.*?</a><!\-\- m \-\->#',
- '#<!\-\- w \-\-><a href="http:\/\/(.*?)" target="_blank">.*?</a><!\-\- w \-\->#',
- '#<!\-\- l \-\-><a href="(.*?)">.*?</a><!\-\- l \-\->#',
- '#<!\-\- s(.*?) \-\-><img src="\{SMILIES_PATH\}\/.*? \/><!\-\- s\1 \-\->#',
- '#<!\-\- .*? \-\->#s',
- '#<.*?>#s'
- );
-
- $replace = array('\1', '\1', '\1', '\1', '\1', '', '');
-
- $message = preg_replace($match, $replace, $message);
+ $match = get_preg_expression('bbcode_htm');
+ $replace = array('\1', '\2', '\1', '', '');
- return;
+ $message = preg_replace($match, $replace, $message);
}
/**
@@ -2175,17 +2164,8 @@ function strip_bbcode(&$text, $uid = '')
$text = preg_replace("#\[\/?[a-z0-9\*\+\-]+(?:=.*?)?(?::[a-z])?(\:?$uid)\]#", ' ', $text);
- $match = array(
- '#<!\-\- e \-\-><a href="mailto:(.*?)">.*?</a><!\-\- e \-\->#',
- '#<!\-\- m \-\-><a href="(.*?)" target="_blank">.*?</a><!\-\- m \-\->#',
- '#<!\-\- w \-\-><a href="http:\/\/(.*?)" target="_blank">.*?</a><!\-\- w \-\->#',
- '#<!\-\- l \-\-><a href="(.*?)">.*?</a><!\-\- l \-\->#',
- '#<!\-\- s(.*?) \-\-><img src="\{SMILIES_PATH\}\/.*? \/><!\-\- s\1 \-\->#',
- '#<!\-\- .*? \-\->#s',
- '#<.*?>#s'
- );
-
- $replace = array('\1', '\1', '\1', '\1', '\1', '', '');
+ $match = get_preg_expression('bbcode_htm');
+ $replace = array('\1', '\2', '\1', '', '');
$text = preg_replace($match, $replace, $text);
}
@@ -2206,7 +2186,7 @@ function generate_text_for_display($text, $uid, $bitfield, $flags)
$text = str_replace("\n", '<br />', censor_text($text));
// Parse bbcode if bbcode uid stored and bbcode enabled
- if ($uid && ($flags & 1))
+ if ($uid && ($flags & OPTION_FLAG_BBCODE))
{
if (!class_exists('bbcode'))
{
@@ -2226,7 +2206,7 @@ function generate_text_for_display($text, $uid, $bitfield, $flags)
$bbcode->bbcode_second_pass($text, $uid);
}
- $text = smiley_text($text, !($flags & 2));
+ $text = smiley_text($text, !($flags & OPTION_FLAG_SMILIES));
return $text;
}
@@ -2282,9 +2262,9 @@ function generate_text_for_edit($text, $uid, $flags)
decode_message($text, $uid);
return array(
- 'allow_bbcode' => ($flags & 1) ? 1 : 0,
- 'allow_smilies' => ($flags & 2) ? 1 : 0,
- 'allow_urls' => ($flags & 4) ? 1 : 0,
+ 'allow_bbcode' => ($flags & OPTION_FLAG_BBCODE) ? 1 : 0,
+ 'allow_smilies' => ($flags & OPTION_FLAG_SMILIES) ? 1 : 0,
+ 'allow_urls' => ($flags & OPTION_FLAG_LINKS) ? 1 : 0,
'text' => $text
);
}
@@ -2317,11 +2297,11 @@ function make_clickable($text, $server_url = false)
// matches a xxxx://aaaaa.bbb.cccc. ...
$magic_url_match[] = '#(^|[\n ]|\()([\w]+:/{2}.*?([^[ \t\n\r<"\'\)&]+|&(?!lt;|quot;))*)#ie';
- $magic_url_replace[] = "'\$1<!-- m --><a href=\"\$2\" target=\"_blank\">' . ((strlen('\$2') > 55) ? substr(str_replace('&amp;', '&', '\$2'), 0, 39) . ' ... ' . substr(str_replace('&amp;', '&', '\$2'), -10) : '\$2') . '</a><!-- m -->'";
+ $magic_url_replace[] = "'\$1<!-- m --><a href=\"\$2\">' . ((strlen('\$2') > 55) ? substr(str_replace('&amp;', '&', '\$2'), 0, 39) . ' ... ' . substr(str_replace('&amp;', '&', '\$2'), -10) : '\$2') . '</a><!-- m -->'";
// matches a "www.xxxx.yyyy[/zzzz]" kinda lazy URL thing
$magic_url_match[] = '#(^|[\n ]|\()(w{3}\.[\w\-]+\.[\w\-.\~]+(?:[^[ \t\n\r<"\'\)&]+|&(?!lt;|quot;))*)#ie';
- $magic_url_replace[] = "'\$1<!-- w --><a href=\"http://\$2\" target=\"_blank\">' . ((strlen('\$2') > 55) ? substr(str_replace('&amp;', '&', '\$2'), 0, 39) . ' ... ' . substr(str_replace('&amp;', '&', '\$2'), -10) : '\$2') . '</a><!-- w -->'";
+ $magic_url_replace[] = "'\$1<!-- w --><a href=\"http://\$2\">' . ((strlen('\$2') > 55) ? substr(str_replace('&amp;', '&', '\$2'), 0, 39) . ' ... ' . substr(str_replace('&amp;', '&', '\$2'), -10) : '\$2') . '</a><!-- w -->'";
// matches an email@domain type address at the start of a line, or after a space or after what might be a BBCode.
$magic_url_match[] = '/(^|[\n ]|\()(' . get_preg_expression('email') . ')/ie';
@@ -2336,19 +2316,18 @@ function make_clickable($text, $server_url = false)
*/
function censor_text($text)
{
- global $censors, $user, $cache;
+ static $censors;
+ global $cache;
- if (!isset($censors))
+ if (!isset($censors) || !is_array($censors))
{
$censors = array();
- if ($user->optionget('viewcensors'))
- {
- $cache->obtain_word_list($censors);
- }
+ // obtain_word_list is taking care of the users censor option and the board-wide option
+ $cache->obtain_word_list($censors);
}
- if (sizeof($censors) && $user->optionget('viewcensors'))
+ if (sizeof($censors))
{
return preg_replace($censors['match'], $censors['replace'], $text);
}
@@ -2645,8 +2624,8 @@ function get_backtrace()
/**
* This function returns a regular expression pattern for commonly used expressions
-* Use with / as delimiter
-* mode can be: email|
+* Use with / as delimiter for email mode
+* mode can be: email|bbcode_htm
*/
function get_preg_expression($mode)
{
@@ -2655,6 +2634,16 @@ function get_preg_expression($mode)
case 'email':
return '[a-z0-9&\'\.\-_\+]+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*[a-z]+';
break;
+
+ case 'bbcode_htm':
+ return array(
+ '#<!\-\- e \-\-><a href="mailto:(.*?)">.*?</a><!\-\- e \-\->#',
+ '#<!\-\- (l|m|w) \-\-><a href="(.*?)">.*?</a><!\-\- \1 \-\->#',
+ '#<!\-\- s(.*?) \-\-><img src="\{SMILIES_PATH\}\/.*? \/><!\-\- s\1 \-\->#',
+ '#<!\-\- .*? \-\->#s',
+ '#<.*?>#s',
+ );
+ break;
}
return '';
@@ -3154,7 +3143,7 @@ function page_header($page_title = '', $display_online_list = true)
'S_CONTENT_DIR_LEFT' => $user->lang['LEFT'],
'S_CONTENT_DIR_RIGHT' => $user->lang['RIGHT'],
'S_TIMEZONE' => ($user->data['user_dst'] || ($user->data['user_id'] == ANONYMOUS && $config['board_dst'])) ? sprintf($user->lang['ALL_TIMES'], $user->lang['tz'][$tz], $user->lang['tz']['dst']) : sprintf($user->lang['ALL_TIMES'], $user->lang['tz'][$tz], ''),
- 'S_DISPLAY_ONLINE_LIST' => ($config['load_online']) ? 1 : 0,
+ 'S_DISPLAY_ONLINE_LIST' => ($l_online_time) ? 1 : 0,
'S_DISPLAY_SEARCH' => (!$config['load_search']) ? 0 : (isset($auth) ? ($auth->acl_get('u_search') && $auth->acl_getf_global('f_search')) : 1),
'S_DISPLAY_PM' => ($config['allow_privmsg'] && $user->data['is_registered']) ? 1 : 0,
'S_DISPLAY_MEMBERLIST' => (isset($auth)) ? $auth->acl_get('u_viewprofile') : 0,
diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php
index 26133786b3..49bad121e1 100644
--- a/phpBB/includes/functions_admin.php
+++ b/phpBB/includes/functions_admin.php
@@ -1782,12 +1782,12 @@ function prune($forum_id, $prune_mode, $prune_date, $prune_flags = 0, $auto_sync
$sql_and = '';
- if (!($prune_flags & 4))
+ if (!($prune_flags & FORUM_FLAG_PRUNE_ANNOUNCE))
{
$sql_and .= ' AND topic_type <> ' . POST_ANNOUNCE;
}
- if (!($prune_flags & 8))
+ if (!($prune_flags & FORUM_FLAG_PRUNE_STICKY))
{
$sql_and .= ' AND topic_type <> ' . POST_STICKY;
}
@@ -1816,7 +1816,7 @@ function prune($forum_id, $prune_mode, $prune_date, $prune_flags = 0, $auto_sync
}
$db->sql_freeresult($result);
- if ($prune_flags & 2)
+ if ($prune_flags & FORUM_FLAG_PRUNE_POLL)
{
$sql = 'SELECT topic_id
FROM ' . TOPICS_TABLE . '
diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php
index f46298002c..8e7edea1e2 100644
--- a/phpBB/includes/functions_display.php
+++ b/phpBB/includes/functions_display.php
@@ -44,7 +44,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
}
// Display list of active topics for this category?
- $show_active = (isset($root_data['forum_flags']) && $root_data['forum_flags'] & 16) ? true : false;
+ $show_active = (isset($root_data['forum_flags']) && ($root_data['forum_flags'] & FORUM_FLAG_ACTIVE_TOPICS)) ? true : false;
$sql_from = FORUMS_TABLE . ' f ';
$lastread_select = $sql_lastread = '';
@@ -126,7 +126,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
}
// Display active topics from this forum?
- if ($show_active && $row['forum_type'] == FORUM_POST && $auth->acl_get('f_read', $forum_id) && ($row['forum_flags'] & 16))
+ if ($show_active && $row['forum_type'] == FORUM_POST && $auth->acl_get('f_read', $forum_id) && ($row['forum_flags'] & FORUM_FLAG_ACTIVE_TOPICS))
{
if (!isset($active_forum_ary['forum_topics']))
{
@@ -328,7 +328,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
}
$l_post_click_count = ($row['forum_type'] == FORUM_LINK) ? 'CLICKS' : 'POSTS';
- $post_click_count = ($row['forum_type'] != FORUM_LINK || $row['forum_flags'] & 1) ? $row['forum_posts'] : '';
+ $post_click_count = ($row['forum_type'] != FORUM_LINK || $row['forum_flags'] & FORUM_FLAG_LINK_TRACK) ? $row['forum_posts'] : '';
$template->assign_block_vars('forumrow', array(
'S_IS_CAT' => false,
@@ -354,7 +354,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
'L_FORUM_FOLDER_ALT' => $folder_alt,
'L_MODERATOR_STR' => $l_moderator,
- 'U_VIEWFORUM' => ($row['forum_type'] != FORUM_LINK || $row['forum_flags'] & 1) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']) : $row['forum_link'],
+ 'U_VIEWFORUM' => ($row['forum_type'] != FORUM_LINK || ($row['forum_flags'] & FORUM_FLAG_LINK_TRACK)) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']) : $row['forum_link'],
'U_LAST_POSTER' => $last_poster_url,
'U_LAST_POST' => $last_post_url)
);
@@ -698,14 +698,60 @@ function display_attachments($forum_id, $blockname, &$attachment_data, &$update_
'attachment_tpl' => 'attachment.html')
);
+ if (!sizeof($attachment_data))
+ {
+ return array();
+ }
+
if (empty($extensions) || !is_array($extensions))
{
$extensions = array();
$cache->obtain_attach_extensions($extensions);
}
+ // Look for missing attachment informations...
+ $attach_ids = array();
+ foreach ($attachment_data as $pos => $attachment)
+ {
+ // If is_orphan is set, we need to retrieve the attachments again...
+ if (!isset($attachment['extension']) && !isset($attachment['physical_filename']))
+ {
+ $attach_ids[(int) $attachment['attach_id']] = $pos;
+ }
+ }
+
+ if (sizeof($attach_ids))
+ {
+ global $db;
+
+ $attachment_data = array();
+
+ $sql = 'SELECT *
+ FROM ' . ATTACHMENTS_TABLE . '
+ WHERE ' . $db->sql_in_set('attach_id', array_keys($attach_ids));
+ $result = $db->sql_query($sql);
+
+ while ($row = $db->sql_fetchrow($result))
+ {
+ if (!isset($attach_ids[$row['attach_id']]))
+ {
+ continue;
+ }
+
+ $attachment_data[$attach_ids[$row['attach_id']]] = $row;
+ }
+ $db->sql_freeresult($result);
+
+ ksort($attachment_data);
+ }
+
foreach ($attachment_data as $attachment)
{
+ if (!sizeof($attachment))
+ {
+ continue;
+ }
+
// We need to reset/empty the _file block var, because this function might be called more than once
$template->destroy_block_vars('_file');
diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php
index 1bc07debe1..4a46dc1062 100644
--- a/phpBB/includes/functions_posting.php
+++ b/phpBB/includes/functions_posting.php
@@ -113,16 +113,31 @@ function update_post_information($type, $ids, $return_update_sql = false)
$update_sql = $empty_forums = array();
- $sql = 'SELECT ' . $type . '_id, MAX(post_id) as last_post_id
- FROM ' . POSTS_TABLE . '
- WHERE post_approved = 1
- AND ' . $db->sql_in_set($type . '_id', $ids) . "
- GROUP BY {$type}_id";
+ if (sizeof($ids) == 1)
+ {
+ $sql = 'SELECT MAX(post_id) as last_post_id
+ FROM ' . POSTS_TABLE . '
+ WHERE post_approved = 1
+ AND ' . $db->sql_in_set($type . '_id', $ids);
+ }
+ else
+ {
+ $sql = 'SELECT ' . $type . '_id, MAX(post_id) as last_post_id
+ FROM ' . POSTS_TABLE . '
+ WHERE post_approved = 1
+ AND ' . $db->sql_in_set($type . '_id', $ids) . "
+ GROUP BY {$type}_id";
+ }
$result = $db->sql_query($sql);
$last_post_ids = array();
while ($row = $db->sql_fetchrow($result))
{
+ if (sizeof($ids) == 1)
+ {
+ $row[$type . '_id'] = $ids[0];
+ }
+
if ($type == 'forum')
{
$empty_forums[] = $row['forum_id'];
@@ -315,7 +330,7 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage
if (!$filedata['post_attach'])
{
- $filedata['error'][] = 'No filedata found';
+ $filedata['error'][] = $user->lang['NO_UPLOAD_FORM_FOUND'];
return $filedata;
}
@@ -334,6 +349,16 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage
$cat_id = (isset($extensions[$file->get('extension')]['display_cat'])) ? $extensions[$file->get('extension')]['display_cat'] : ATTACHMENT_CATEGORY_NONE;
+ // Make sure the image category only holds valid images...
+ if ($cat_id == ATTACHMENT_CATEGORY_IMAGE && !$file->is_image())
+ {
+ $file->remove();
+
+ // If this error occurs a user tried to exploit an IE Bug by renaming extensions
+ // Since the image category is displaying content inline we need to catch this.
+ trigger_error($user->lang['UNABLE_GET_IMAGE_SIZE']);
+ }
+
// Do we have to create a thumbnail?
$filedata['thumbnail'] = ($cat_id == ATTACHMENT_CATEGORY_IMAGE && $config['img_create_thumbnail']) ? 1 : 0;
@@ -645,7 +670,7 @@ function posting_gen_inline_attachments(&$attachment_data)
foreach ($attachment_data as $i => $attachment)
{
- $s_inline_attachment_options .= '<option value="' . $i . '">' . $attachment['real_filename'] . '</option>';
+ $s_inline_attachment_options .= '<option value="' . $i . '">' . basename($attachment['real_filename']) . '</option>';
}
$template->assign_var('S_INLINE_ATTACHMENT_OPTIONS', $s_inline_attachment_options);
@@ -661,7 +686,7 @@ function posting_gen_inline_attachments(&$attachment_data)
*/
function posting_gen_attachment_entry(&$attachment_data, &$filename_data)
{
- global $template, $config, $phpbb_root_path, $phpEx;
+ global $template, $config, $phpbb_root_path, $phpEx, $user;
$template->assign_vars(array(
'S_SHOW_ATTACH_BOX' => true)
@@ -684,13 +709,13 @@ function posting_gen_attachment_entry(&$attachment_data, &$filename_data)
$hidden .= '<input type="hidden" name="attachment_data[' . $count . '][' . $key . ']" value="' . $value . '" />';
}
- $download_link = (!$attach_row['attach_id']) ? $phpbb_root_path . $config['upload_path'] . '/' . basename($attach_row['physical_filename']) : append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . (int) $attach_row['attach_id']);
+ $download_link = append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . (int) $attach_row['attach_id'], false, ($attach_row['is_orphan']) ? $user->session_id : false);
$template->assign_block_vars('attach_row', array(
'FILENAME' => basename($attach_row['real_filename']),
- 'ATTACH_FILENAME' => basename($attach_row['physical_filename']),
'FILE_COMMENT' => $attach_row['attach_comment'],
'ATTACH_ID' => $attach_row['attach_id'],
+ 'S_IS_ORPHAN' => $attach_row['is_orphan'],
'ASSOC_INDEX' => $count,
'U_VIEW_ATTACHMENT' => $download_link,
@@ -928,8 +953,8 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
{
global $db, $user, $config, $phpbb_root_path, $phpEx, $auth;
- $topic_notification = ($mode == 'reply' || $mode == 'quote');
- $forum_notification = ($mode == 'post');
+ $topic_notification = ($mode == 'reply' || $mode == 'quote') ? true : false;
+ $forum_notification = ($mode == 'post') ? true : false;
if (!$topic_notification && !$forum_notification)
{
@@ -1390,7 +1415,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
'post_text' => $data['message'],
'post_checksum' => $data['message_md5'],
'post_encoding' => $user->lang['ENCODING'],
- 'post_attachment' => (isset($data['filename_data']['physical_filename']) && sizeof($data['filename_data'])) ? 1 : 0,
+ 'post_attachment' => (sizeof($data['attachment_data'])) ? 1 : 0,
'bbcode_bitfield' => $data['bbcode_bitfield'],
'bbcode_uid' => $data['bbcode_uid'],
'post_postcount' => ($auth->acl_get('f_postcount', $data['forum_id'])) ? 1 : 0,
@@ -1444,7 +1469,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
'post_edit_user' => (int) $data['post_edit_user'],
'post_checksum' => $data['message_md5'],
'post_encoding' => $user->lang['ENCODING'],
- 'post_attachment' => (isset($data['filename_data']['physical_filename']) && sizeof($data['filename_data'])) ? 1 : 0,
+ 'post_attachment' => (sizeof($data['attachment_data'])) ? 1 : 0,
'bbcode_bitfield' => $data['bbcode_bitfield'],
'bbcode_uid' => $data['bbcode_uid'],
'post_edit_locked' => $data['post_edit_locked'])
@@ -1473,7 +1498,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
'topic_first_poster_colour' => (($user->data['user_id'] != ANONYMOUS) ? $user->data['user_colour'] : ''),
'topic_type' => $topic_type,
'topic_time_limit' => ($topic_type == POST_STICKY || $topic_type == POST_ANNOUNCE) ? ($data['topic_time_limit'] * 86400) : 0,
- 'topic_attachment' => (isset($data['filename_data']['physical_filename']) && sizeof($data['filename_data'])) ? 1 : 0
+ 'topic_attachment' => (sizeof($data['attachment_data'])) ? 1 : 0,
);
if (isset($poll['poll_options']) && !empty($poll['poll_options']))
@@ -1526,7 +1551,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
'poll_length' => (isset($poll['poll_options'])) ? ($poll['poll_length'] * 86400) : 0,
'poll_vote_change' => (isset($poll['poll_vote_change'])) ? $poll['poll_vote_change'] : 0,
- 'topic_attachment' => ($post_mode == 'edit_topic') ? ((isset($data['filename_data']['physical_filename']) && sizeof($data['filename_data'])) ? 1 : 0) : (isset($data['topic_attachment']) ? $data['topic_attachment'] : 0)
+ 'topic_attachment' => (sizeof($data['attachment_data'])) ? 1 : (isset($data['topic_attachment']) ? $data['topic_attachment'] : 0),
);
break;
}
@@ -1717,64 +1742,78 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
if (sizeof($data['attachment_data']) && $data['post_id'] && in_array($mode, array('post', 'reply', 'quote', 'edit')))
{
$space_taken = $files_added = 0;
+ $orphan_rows = array();
foreach ($data['attachment_data'] as $pos => $attach_row)
{
- if ($attach_row['attach_id'])
+ $orphan_rows[(int) $attach_row['attach_id']] = array();
+ }
+
+ if (sizeof($orphan_rows))
+ {
+ $sql = 'SELECT attach_id, filesize, physical_filename
+ FROM ' . ATTACHMENTS_TABLE . '
+ WHERE ' . $db->sql_in_set('attach_id', array_keys($orphan_rows)) . '
+ AND is_orphan = 1
+ AND poster_id = ' . $user->data['user_id'];
+ $result = $db->sql_query($sql);
+
+ $orphan_rows = array();
+ while ($row = $db->sql_fetchrow($result))
+ {
+ $orphan_rows[$row['attach_id']] = $row;
+ }
+ $db->sql_freeresult($result);
+ }
+
+ foreach ($data['attachment_data'] as $pos => $attach_row)
+ {
+ if ($attach_row['is_orphan'] && !in_array($attach_row['attach_id'], array_keys($orphan_rows)))
+ {
+ continue;
+ }
+
+ if (!$attach_row['is_orphan'])
{
// update entry in db if attachment already stored in db and filespace
$sql = 'UPDATE ' . ATTACHMENTS_TABLE . "
SET attach_comment = '" . $db->sql_escape($attach_row['attach_comment']) . "'
- WHERE attach_id = " . (int) $attach_row['attach_id'];
+ WHERE attach_id = " . (int) $attach_row['attach_id'] . '
+ AND is_orphan = 0';
$db->sql_query($sql);
}
else
{
// insert attachment into db
- if (!@file_exists($phpbb_root_path . $config['upload_path'] . '/' . basename($attach_row['physical_filename'])))
+ if (!@file_exists($phpbb_root_path . $config['upload_path'] . '/' . basename($orphan_rows[$attach_row['attach_id']]['physical_filename'])))
{
continue;
}
+ $space_taken += $orphan_rows[$attach_row['attach_id']]['filesize'];
+ $files_added++;
+
$attach_sql = array(
'post_msg_id' => $data['post_id'],
'topic_id' => $data['topic_id'],
- 'in_message' => 0,
+ 'is_orphan' => 0,
'poster_id' => $poster_id,
- 'physical_filename' => basename($attach_row['physical_filename']),
- 'real_filename' => basename($attach_row['real_filename']),
'attach_comment' => $attach_row['attach_comment'],
- 'extension' => $attach_row['extension'],
- 'mimetype' => $attach_row['mimetype'],
- 'filesize' => $attach_row['filesize'],
- 'filetime' => $attach_row['filetime'],
- 'thumbnail' => $attach_row['thumbnail']
);
- $sql = 'INSERT INTO ' . ATTACHMENTS_TABLE . ' ' .
- $db->sql_build_array('INSERT', $attach_sql);
+ $sql = 'UPDATE ' . ATTACHMENTS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $attach_sql) . '
+ WHERE attach_id = ' . $attach_row['attach_id'] . '
+ AND is_orphan = 1
+ AND poster_id = ' . $user->data['user_id'];
$db->sql_query($sql);
-
- $space_taken += $attach_row['filesize'];
- $files_added++;
}
}
- if (sizeof($data['attachment_data']))
+ if ($space_taken && $files_added)
{
- $sql = 'UPDATE ' . POSTS_TABLE . '
- SET post_attachment = 1
- WHERE post_id = ' . $data['post_id'];
- $db->sql_query($sql);
-
- $sql = 'UPDATE ' . TOPICS_TABLE . '
- SET topic_attachment = 1
- WHERE topic_id = ' . $data['topic_id'];
- $db->sql_query($sql);
+ set_config('upload_dir_size', $config['upload_dir_size'] + $space_taken, true);
+ set_config('num_files', $config['num_files'] + $files_added, true);
}
-
- set_config('upload_dir_size', $config['upload_dir_size'] + $space_taken, true);
- set_config('num_files', $config['num_files'] + $files_added, true);
}
$db->sql_transaction('commit');
diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php
index ad6ed9907a..94b6368493 100644
--- a/phpBB/includes/functions_privmsgs.php
+++ b/phpBB/includes/functions_privmsgs.php
@@ -1324,7 +1324,7 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr
'message_subject' => $subject,
'message_text' => $data['message'],
'message_encoding' => $user->lang['ENCODING'],
- 'message_attachment'=> (isset($data['filename_data']['physical_filename']) && sizeof($data['filename_data'])) ? 1 : 0,
+ 'message_attachment'=> (sizeof($data['attachment_data'])) ? 1 : 0,
'bbcode_bitfield' => $data['bbcode_bitfield'],
'bbcode_uid' => $data['bbcode_uid'],
'to_address' => implode(':', $to),
@@ -1343,7 +1343,7 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr
'message_subject' => $subject,
'message_text' => $data['message'],
'message_encoding' => $user->lang['ENCODING'],
- 'message_attachment'=> (isset($data['filename_data']['physical_filename']) && sizeof($data['filename_data'])) ? 1 : 0,
+ 'message_attachment'=> (sizeof($data['attachment_data'])) ? 1 : 0,
'bbcode_bitfield' => $data['bbcode_bitfield'],
'bbcode_uid' => $data['bbcode_uid']
);
@@ -1448,52 +1448,74 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr
if (!empty($data['attachment_data']) && $data['msg_id'] && in_array($mode, array('post', 'reply', 'quote', 'quotepost', 'edit', 'forward')))
{
$space_taken = $files_added = 0;
+ $orphan_rows = array();
foreach ($data['attachment_data'] as $pos => $attach_row)
{
- if ($attach_row['attach_id'])
+ $orphan_rows[(int) $attach_row['attach_id']] = array();
+ }
+
+ if (sizeof($orphan_rows))
+ {
+ $sql = 'SELECT attach_id, filesize, physical_filename
+ FROM ' . ATTACHMENTS_TABLE . '
+ WHERE ' . $db->sql_in_set('attach_id', array_keys($orphan_rows)) . '
+ AND in_message = 1
+ AND is_orphan = 1
+ AND poster_id = ' . $user->data['user_id'];
+ $result = $db->sql_query($sql);
+
+ $orphan_rows = array();
+ while ($row = $db->sql_fetchrow($result))
+ {
+ $orphan_rows[$row['attach_id']] = $row;
+ }
+ $db->sql_freeresult($result);
+ }
+
+ foreach ($data['attachment_data'] as $pos => $attach_row)
+ {
+ if ($attach_row['is_orphan'] && !in_array($attach_row['attach_id'], array_keys($orphan_rows)))
+ {
+ continue;
+ }
+
+ if (!$attach_row['is_orphan'])
{
// update entry in db if attachment already stored in db and filespace
- $sql = 'UPDATE ' . ATTACHMENTS_TABLE . "
- SET attach_comment = '" . $db->sql_escape($attach_row['attach_comment']) . "'
- WHERE attach_id = " . (int) $attach_row['attach_id'];
+ $sql = 'UPDATE ' . ATTACHMENTS_TABLE . "
+ SET attach_comment = '" . $db->sql_escape($attach_row['attach_comment']) . "'
+ WHERE attach_id = " . (int) $attach_row['attach_id'] . '
+ AND is_orphan = 0';
$db->sql_query($sql);
}
else
{
- // insert attachment into db
+ // insert attachment into db
+ if (!@file_exists($phpbb_root_path . $config['upload_path'] . '/' . basename($orphan_rows[$attach_row['attach_id']]['physical_filename'])))
+ {
+ continue;
+ }
+
+ $space_taken += $orphan_rows[$attach_row['attach_id']]['filesize'];
+ $files_added++;
+
$attach_sql = array(
'post_msg_id' => $data['msg_id'],
'topic_id' => 0,
- 'in_message' => 1,
+ 'is_orphan' => 0,
'poster_id' => $data['from_user_id'],
- 'physical_filename' => basename($attach_row['physical_filename']),
- 'real_filename' => basename($attach_row['real_filename']),
'attach_comment' => $attach_row['attach_comment'],
- 'extension' => $attach_row['extension'],
- 'mimetype' => $attach_row['mimetype'],
- 'filesize' => $attach_row['filesize'],
- 'filetime' => $attach_row['filetime'],
- 'thumbnail' => $attach_row['thumbnail']
);
- $sql = 'INSERT INTO ' . ATTACHMENTS_TABLE . ' ' .
- $db->sql_build_array('INSERT', $attach_sql);
+ $sql = 'UPDATE ' . ATTACHMENTS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $attach_sql) . '
+ WHERE attach_id = ' . $attach_row['attach_id'] . '
+ AND is_orphan = 1
+ AND poster_id = ' . $user->data['user_id'];
$db->sql_query($sql);
-
- $space_taken += $attach_row['filesize'];
- $files_added++;
}
}
- if (sizeof($data['attachment_data']))
- {
- $sql = 'UPDATE ' . PRIVMSGS_TABLE . '
- SET message_attachment = 1
- WHERE msg_id = ' . $data['msg_id'];
- $db->sql_query($sql);
- }
-
if ($space_taken && $files_added)
{
set_config('upload_dir_size', $config['upload_dir_size'] + $space_taken, true);
diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php
index 9f02c5f74e..cd35254b28 100644
--- a/phpBB/includes/functions_upload.php
+++ b/phpBB/includes/functions_upload.php
@@ -221,6 +221,8 @@ class filespec
return false;
}
+
+/*
// Adjust destination path (no trailing slash)
if ($destination{(sizeof($destination)-1)} == '/' || $destination{(sizeof($destination)-1)} == '\\')
{
@@ -232,13 +234,29 @@ class filespec
{
$destination = '';
}
+*/
+ // We need to trust the admin in specifying valid upload directories and an attacker not being able to overwrite it...
$this->destination_path = $phpbb_root_path . $destination;
+ // Check if the destination path exist...
+ if (!file_exists($this->destination_path))
+ {
+ @unlink($this->filename);
+ return false;
+ }
+
$upload_mode = (@ini_get('open_basedir') || @ini_get('safe_mode')) ? 'move' : 'copy';
$upload_mode = ($this->local) ? 'local' : $upload_mode;
$this->destination_file = $this->destination_path . '/' . basename($this->realname);
+ // Check if the file already exist, else there is something wrong...
+ if (file_exists($this->destination_file))
+ {
+ @unlink($this->filename);
+ return false;
+ }
+
switch ($upload_mode)
{
case 'copy':
diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php
index 1d41aeb9ba..f25a521ed1 100644
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@@ -469,11 +469,6 @@ function user_active_flip($user_id, $user_type, $user_actkey = false, $username
'user_type' => ($user_type == USER_NORMAL) ? USER_INACTIVE : USER_NORMAL
);
- if ($new_group_id == $group_id_ary[$group_name])
- {
- $sql_ary['group_id'] = $new_group_id;
- }
-
if ($user_actkey !== false)
{
$sql_ary['user_actkey'] = $user_actkey;
@@ -483,6 +478,10 @@ function user_active_flip($user_id, $user_type, $user_actkey = false, $username
WHERE user_id = $user_id";
$db->sql_query($sql);
+ // Set the users default group from inactive to registered or registered to inactive
+ // only if the group id changed...
+ group_set_user_default($new_group_id, array($user_id));
+
$auth->acl_clear_prefetch($user_id);
if (!$no_log)
@@ -1344,7 +1343,21 @@ function avatar_upload($data, &$error)
}
$file->clean_filename('real', $data['user_id'] . '_');
- $file->move_file($config['avatar_path']);
+
+ $destination = $config['avatar_path'];
+
+ if ($destination{(sizeof($destination)-1)} == '/' || $destination{(sizeof($destination)-1)} == '\\')
+ {
+ $destination = substr($destination, 0, sizeof($destination)-2);
+ }
+
+ $destination = str_replace(array('../', '..\\', './', '.\\'), '', $destination);
+ if ($destination && ($destination{0} == '/' || $destination{0} == "\\"))
+ {
+ $destination = '';
+ }
+
+ $file->move_file($destination);
if (sizeof($file->error))
{
diff --git a/phpBB/includes/mcp/mcp_post.php b/phpBB/includes/mcp/mcp_post.php
index 9cb3ec278b..fc8220828c 100644
--- a/phpBB/includes/mcp/mcp_post.php
+++ b/phpBB/includes/mcp/mcp_post.php
@@ -42,7 +42,7 @@ function mcp_post_details($id, $mode, $action)
$whois = user_ipwhois($ip);
$whois = preg_replace('#(\s)([\w\-\._\+]+@[\w\-\.]+)(\s)#', '\1<a href="mailto:\2">\2</a>\3', $whois);
- $whois = preg_replace('#(\s)(http:/{2}[^\s]*)(\s)#', '\1<a href="\2" target="_blank">\2</a>\3', $whois);
+ $whois = preg_replace('#(\s)(http:/{2}[^\s]*)(\s)#', '\1<a href="\2">\2</a>\3', $whois);
$template->assign_vars(array(
'RETURN_POST' => sprintf($user->lang['RETURN_POST'], '<a href="' . append_sid("{$phpbb_root_path}mcp.$phpEx", "i=$id&amp;mode=$mode&amp;p=$post_id") . '">', '</a>'),
diff --git a/phpBB/includes/mcp/mcp_topic.php b/phpBB/includes/mcp/mcp_topic.php
index 466459415d..b0d883e7e5 100644
--- a/phpBB/includes/mcp/mcp_topic.php
+++ b/phpBB/includes/mcp/mcp_topic.php
@@ -180,7 +180,7 @@ function mcp_topic_view($id, $mode, $action)
'U_VIEWTOPIC' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $topic_info['forum_id'] . '&amp;t=' . $topic_info['topic_id']),
'TO_TOPIC_ID' => $to_topic_id,
- 'TO_TOPIC_INFO' => ($to_topic_id) ? sprintf($user->lang['YOU_SELECTED_TOPIC'], $to_topic_id, '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $to_topic_info['forum_id'] . '&amp;t=' . $to_topic_id) . '" target="_new">' . $to_topic_info['topic_title'] . '</a>') : '',
+ 'TO_TOPIC_INFO' => ($to_topic_id) ? sprintf($user->lang['YOU_SELECTED_TOPIC'], $to_topic_id, '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $to_topic_info['forum_id'] . '&amp;t=' . $to_topic_id) . '">' . $to_topic_info['topic_title'] . '</a>') : '',
'SPLIT_SUBJECT' => $subject,
'POSTS_PER_PAGE' => $posts_per_page,
diff --git a/phpBB/includes/mcp/mcp_warn.php b/phpBB/includes/mcp/mcp_warn.php
index 9a6ae1ab8f..02eb316ed8 100755
--- a/phpBB/includes/mcp/mcp_warn.php
+++ b/phpBB/includes/mcp/mcp_warn.php
@@ -403,7 +403,7 @@ function add_warning($userrow, $warning, $send_pm = true, $post_id = 0)
$message_parser = new parse_message();
$message_parser->message = sprintf($lang['WARNING_PM_BODY'], $warning);
- $message_parser->parse(true, true, true, false, false, true);
+ $message_parser->parse(true, true, true, false, false, true, true);
$pm_data = array(
'from_user_id' => $user->data['user_id'],
diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php
index 84dbd7370f..70d6e13f4d 100644
--- a/phpBB/includes/message_parser.php
+++ b/phpBB/includes/message_parser.php
@@ -364,15 +364,11 @@ class bbcode_firstpass extends bbcode
// We remove the hardcoded elements from the code block here because it is not used in code blocks
// Having it here saves us one preg_replace per message containing [code] blocks
// Additionally, magic url parsing should go after parsing bbcodes, but for safety those are stripped out too...
- $htm_match = array(
- '#<!\-\- e \-\-><a href="mailto:(.*?)">.*?</a><!\-\- e \-\->#',
- '#<!\-\- m \-\-><a href="(.*?)" target="_blank">.*?</a><!\-\- m \-\->#',
- '#<!\-\- w \-\-><a href="http:\/\/(.*?)" target="_blank">.*?</a><!\-\- w \-\->#',
- '#<!\-\- l \-\-><a href="(.*?)">.*?</a><!\-\- l \-\->#',
- '#<!\-\- s(.*?) \-\-><img src="\{SMILIES_PATH\}\/.*? \/><!\-\- s\1 \-\->#',
- '#&\#([0-9]+);#',
- );
- $htm_replace = array('\1', '\1', '\1', '\1', '\1', '&amp;#\1;');
+ $htm_match = get_preg_expression('bbcode_htm');
+ $htm_match[3] = '#&\#([0-9]+);#';
+ unset($htm_match[4]);
+
+ $htm_replace = array('\1', '\2', '\1', '&amp;#\1;');
$out = '';
@@ -853,6 +849,7 @@ class parse_message extends bbcode_firstpass
var $allow_img_bbcode = true;
var $allow_flash_bbcode = true;
var $allow_quote_bbcode = true;
+ var $allow_url_bbcode = true;
var $mode;
@@ -873,7 +870,7 @@ class parse_message extends bbcode_firstpass
/**
* Parse Message
*/
- function parse($allow_bbcode, $allow_magic_url, $allow_smilies, $allow_img_bbcode = true, $allow_flash_bbcode = true, $allow_quote_bbcode = true, $update_this_message = true, $mode = 'post')
+ function parse($allow_bbcode, $allow_magic_url, $allow_smilies, $allow_img_bbcode = true, $allow_flash_bbcode = true, $allow_quote_bbcode = true, $allow_url_bbcode = true, $update_this_message = true, $mode = 'post')
{
global $config, $db, $user;
@@ -884,6 +881,7 @@ class parse_message extends bbcode_firstpass
$this->allow_img_bbcode = $allow_img_bbcode;
$this->allow_flash_bbcode = $allow_flash_bbcode;
$this->allow_quote_bbcode = $allow_quote_bbcode;
+ $this->allow_url_bbcode = $allow_url_bbcode;
// If false, then $this->message won't be altered, the text will be returned instead.
if (!$update_this_message)
@@ -920,7 +918,7 @@ class parse_message extends bbcode_firstpass
if ($allow_bbcode && strpos($this->message, '[') !== false)
{
$this->bbcode_init();
- $disallow = array('img', 'flash', 'quote');
+ $disallow = array('img', 'flash', 'quote', 'url');
foreach ($disallow as $bool)
{
if (!${'allow_' . $bool . '_bbcode'})
@@ -991,7 +989,7 @@ class parse_message extends bbcode_firstpass
if ($this->message_status == 'plain')
{
// Force updating message - of course.
- $this->parse($allow_bbcode, $allow_magic_url, $allow_smilies, $this->allow_img_bbcode, $this->allow_flash_bbcode, $this->allow_quote_bbcode, true);
+ $this->parse($allow_bbcode, $allow_magic_url, $allow_smilies, $this->allow_img_bbcode, $this->allow_flash_bbcode, $this->allow_quote_bbcode, $this->allow_url_bbcode, true);
}
// Parse BBcode
@@ -1100,7 +1098,7 @@ class parse_message extends bbcode_firstpass
{
// (assertion)
$match[] = '#(?<=^|[\n ]|\.)' . preg_quote($row['code'], '#') . '#';
- $replace[] = '<!-- s' . $row['code'] . ' --><img src="{SMILIES_PATH}/' . $row['smiley_url'] . '" border="0" alt="' . $row['emotion'] . '" title="' . $row['emotion'] . '" /><!-- s' . $row['code'] . ' -->';
+ $replace[] = '<!-- s' . $row['code'] . ' --><img src="{SMILIES_PATH}/' . $row['smiley_url'] . '" alt="' . $row['emotion'] . '" title="' . $row['emotion'] . '" /><!-- s' . $row['code'] . ' -->';
}
$db->sql_freeresult($result);
}
@@ -1127,7 +1125,7 @@ class parse_message extends bbcode_firstpass
*/
function parse_attachments($form_name, $mode, $forum_id, $submit, $preview, $refresh, $is_message = false)
{
- global $config, $auth, $user, $phpbb_root_path, $phpEx;
+ global $config, $auth, $user, $phpbb_root_path, $phpEx, $db;
$error = array();
@@ -1152,7 +1150,7 @@ class parse_message extends bbcode_firstpass
if ($filedata['post_attach'] && !sizeof($error))
{
- $new_entry = array(
+ $sql_ary = array(
'physical_filename' => $filedata['physical_filename'],
'attach_comment' => $this->filename_data['filecomment'],
'real_filename' => $filedata['real_filename'],
@@ -1160,8 +1158,19 @@ class parse_message extends bbcode_firstpass
'mimetype' => $filedata['mimetype'],
'filesize' => $filedata['filesize'],
'filetime' => $filedata['filetime'],
- 'attach_id' => 0,
- 'thumbnail' => $filedata['thumbnail']
+ 'thumbnail' => $filedata['thumbnail'],
+ 'is_orphan' => 1,
+ 'in_message' => ($is_message) ? 1 : 0,
+ 'poster_id' => $user->data['user_id'],
+ );
+
+ $db->sql_query('INSERT INTO ' . ATTACHMENTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
+
+ $new_entry = array(
+ 'attach_id' => $db->sql_nextid(),
+ 'is_orphan' => 1,
+ 'real_filename' => $filedata['real_filename'],
+ 'attach_comment'=> $this->filename_data['filecomment'],
);
$this->attachment_data = array_merge(array(0 => $new_entry), $this->attachment_data);
@@ -1195,26 +1204,44 @@ class parse_message extends bbcode_firstpass
$index = (int) key($_POST['delete_file']);
- // delete selected attachment
- if (!$this->attachment_data[$index]['attach_id'])
+ if (!empty($this->attachment_data[$index]))
{
- phpbb_unlink($this->attachment_data[$index]['physical_filename'], 'file');
- if ($this->attachment_data[$index]['thumbnail'])
+ // delete selected attachment
+ if ($this->attachment_data[$index]['is_orphan'])
{
- phpbb_unlink($this->attachment_data[$index]['physical_filename'], 'thumbnail');
+ $sql = 'SELECT attach_id, physical_filename, thumbnail
+ FROM ' . ATTACHMENTS_TABLE . '
+ WHERE attach_id = ' . (int) $this->attachment_data[$index]['attach_id'] . '
+ AND is_orphan = 1
+ AND poster_id = ' . $user->data['user_id'];
+ $result = $db->sql_query($sql);
+ $row = $db->sql_fetchrow($result);
+ $db->sql_freeresult($result);
+
+ if ($row)
+ {
+ phpbb_unlink($row['physical_filename'], 'file');
+
+ if ($row['thumbnail'])
+ {
+ phpbb_unlink($row['physical_filename'], 'thumbnail');
+ }
+
+ $db->sql_query('DELETE FROM ' . ATTACHMENTS_TABLE . ' WHERE attach_id = ' . (int) $this->attachment_data[$index]['attach_id']);
+ }
+ }
+ else
+ {
+ delete_attachments('attach', array(intval($this->attachment_data[$index]['attach_id'])));
}
- }
- else
- {
- delete_attachments('attach', array(intval($this->attachment_data[$index]['attach_id'])));
- }
- unset($this->attachment_data[$index]);
- $this->message = preg_replace('#\[attachment=([0-9]+)\](.*?)\[\/attachment\]#e', "(\\1 == \$index) ? '' : ((\\1 > \$index) ? '[attachment=' . (\\1 - 1) . ']\\2[/attachment]' : '\\0')", $this->message);
+ unset($this->attachment_data[$index]);
+ $this->message = preg_replace('#\[attachment=([0-9]+)\](.*?)\[\/attachment\]#e', "(\\1 == \$index) ? '' : ((\\1 > \$index) ? '[attachment=' . (\\1 - 1) . ']\\2[/attachment]' : '\\0')", $this->message);
- // Reindex Array
- $this->attachment_data = array_values($this->attachment_data);
+ // Reindex Array
+ $this->attachment_data = array_values($this->attachment_data);
+ }
}
else if ($edit_comment || $add_file || $preview)
{
@@ -1236,7 +1263,7 @@ class parse_message extends bbcode_firstpass
if (!sizeof($error))
{
- $new_entry = array(
+ $sql_ary = array(
'physical_filename' => $filedata['physical_filename'],
'attach_comment' => $this->filename_data['filecomment'],
'real_filename' => $filedata['real_filename'],
@@ -1244,8 +1271,19 @@ class parse_message extends bbcode_firstpass
'mimetype' => $filedata['mimetype'],
'filesize' => $filedata['filesize'],
'filetime' => $filedata['filetime'],
- 'attach_id' => 0,
- 'thumbnail' => $filedata['thumbnail']
+ 'thumbnail' => $filedata['thumbnail'],
+ 'is_orphan' => 1,
+ 'in_message' => ($is_message) ? 1 : 0,
+ 'poster_id' => $user->data['user_id'],
+ );
+
+ $db->sql_query('INSERT INTO ' . ATTACHMENTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
+
+ $new_entry = array(
+ 'attach_id' => $db->sql_nextid(),
+ 'is_orphan' => 1,
+ 'real_filename' => $filedata['real_filename'],
+ 'attach_comment'=> $this->filename_data['filecomment'],
);
$this->attachment_data = array_merge(array(0 => $new_entry), $this->attachment_data);
@@ -1275,99 +1313,83 @@ class parse_message extends bbcode_firstpass
global $user, $db, $phpbb_root_path, $phpEx, $config;
$this->filename_data['filecomment'] = request_var('filecomment', '', true);
- $this->attachment_data = (isset($_POST['attachment_data'])) ? $_POST['attachment_data'] : array();
+ $attachment_data = (isset($_POST['attachment_data'])) ? $_POST['attachment_data'] : array();
+ $this->attachment_data = array();
$check_user_id = ($check_user_id === false) ? $user->data['user_id'] : $check_user_id;
- // Regenerate data array...
- $attach_ids = $filenames = array();
+ if (!sizeof($attachment_data))
+ {
+ return;
+ }
+
+ $not_orphan = $orphan = array();
- foreach ($this->attachment_data as $pos => $var_ary)
+ foreach ($attachment_data as $pos => $var_ary)
{
- if ($var_ary['attach_id'])
+ if ($var_ary['is_orphan'])
{
- $attach_ids[(int) $this->attachment_data[$pos]['attach_id']] = $pos;
+ $orphan[(int) $var_ary['attach_id']] = $pos;
}
else
{
- $filenames[$pos] = '';
- set_var($filenames[$pos], $this->attachment_data[$pos]['physical_filename'], 'string');
- $filenames[$pos] = basename($filenames[$pos]);
+ $not_orphan[(int) $var_ary['attach_id']] = $pos;
}
}
- $this->attachment_data = array();
-
- // Regenerate already posted attachments...
- if (sizeof($attach_ids))
+ // Regenerate already posted attachments
+ if (sizeof($not_orphan))
{
- // Get the data from the attachments
- $sql = 'SELECT attach_id, physical_filename, real_filename, extension, mimetype, filesize, filetime, thumbnail
+ // Get the attachment data, based on the poster id...
+ $sql = 'SELECT attach_id, is_orphan, real_filename, attach_comment
FROM ' . ATTACHMENTS_TABLE . '
- WHERE ' . $db->sql_in_set('attach_id', array_keys($attach_ids)) . '
+ WHERE ' . $db->sql_in_set('attach_id', array_keys($not_orphan)) . '
AND poster_id = ' . $check_user_id;
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
- if (isset($attach_ids[$row['attach_id']]))
- {
- $pos = $attach_ids[$row['attach_id']];
- $this->attachment_data[$pos] = $row;
- set_var($this->attachment_data[$pos]['attach_comment'], $_POST['attachment_data'][$pos]['attach_comment'], 'string', true);
+ $pos = $not_orphan[$row['attach_id']];
+ $this->attachment_data[$pos] = $row;
+ set_var($this->attachment_data[$pos]['attach_comment'], $_POST['attachment_data'][$pos]['attach_comment'], 'string', true);
- unset($attach_ids[$row['attach_id']]);
- }
+ unset($not_orphan[$row['attach_id']]);
}
$db->sql_freeresult($result);
+ }
- if (sizeof($attach_ids))
- {
- trigger_error($user->lang['NO_ACCESS_ATTACHMENT'], E_USER_ERROR);
- }
+ if (sizeof($not_orphan))
+ {
+ trigger_error($user->lang['NO_ACCESS_ATTACHMENT'], E_USER_ERROR);
}
// Regenerate newly uploaded attachments
- if (sizeof($filenames))
+ if (sizeof($orphan))
{
- include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
-
- $sql = 'SELECT attach_id
+ $sql = 'SELECT attach_id, is_orphan, real_filename, attach_comment
FROM ' . ATTACHMENTS_TABLE . '
- WHERE ' . $db->sql_in_set('LOWER(physical_filename)', array_map('strtolower', $filenames));
- $result = $db->sql_query_limit($sql, 1);
- $row = $db->sql_fetchrow($result);
- $db->sql_freeresult($result);
-
- if ($row)
- {
- trigger_error($user->lang['NO_ACCESS_ATTACHMENT'], E_USER_ERROR);
- }
+ WHERE ' . $db->sql_in_set('attach_id', array_keys($orphan)) . '
+ AND poster_id = ' . $user->data['user_id'] . '
+ AND is_orphan = 1';
+ $result = $db->sql_query($sql);
- foreach ($filenames as $pos => $physical_filename)
+ while ($row = $db->sql_fetchrow($result))
{
- $this->attachment_data[$pos] = array(
- 'physical_filename' => $physical_filename,
- 'extension' => strtolower(filespec::get_extension($phpbb_root_path . $config['upload_path'] . '/' . $physical_filename)),
- 'filesize' => filespec::get_filesize($phpbb_root_path . $config['upload_path'] . '/' . $physical_filename),
- 'attach_id' => 0,
- 'thumbnail' => (file_exists($phpbb_root_path . $config['upload_path'] . '/thumb_' . $physical_filename)) ? 1 : 0,
- );
-
+ $pos = $orphan[$row['attach_id']];
+ $this->attachment_data[$pos] = $row;
set_var($this->attachment_data[$pos]['attach_comment'], $_POST['attachment_data'][$pos]['attach_comment'], 'string', true);
- set_var($this->attachment_data[$pos]['real_filename'], $_POST['attachment_data'][$pos]['real_filename'], 'string', true);
- set_var($this->attachment_data[$pos]['filetime'], $_POST['attachment_data'][$pos]['filetime'], 'int');
- if (strpos($_POST['attachment_data'][$pos]['mimetype'], 'image/') !== false)
- {
- set_var($this->attachment_data[$pos]['mimetype'], $_POST['attachment_data'][$pos]['mimetype'], 'string');
- }
- else
- {
- $this->attachment_data[$pos]['mimetype'] = filespec::get_mimetype($phpbb_root_path . $config['upload_path'] . '/' . $physical_filename);
- }
+ unset($orphan[$row['attach_id']]);
}
+ $db->sql_freeresult($result);
+ }
+
+ if (sizeof($orphan))
+ {
+ trigger_error($user->lang['NO_ACCESS_ATTACHMENT'], E_USER_ERROR);
}
+
+ ksort($this->attachment_data);
}
/**
@@ -1384,8 +1406,7 @@ class parse_message extends bbcode_firstpass
$this->message = $poll['poll_option_text'];
- $poll['poll_option_text'] = $this->parse($poll['enable_bbcode'], $poll['enable_urls'], $poll['enable_smilies'], $poll['img_status'], false, false, false);
-
+ $poll['poll_option_text'] = $this->parse($poll['enable_bbcode'], ($config['allow_post_links']) ? $poll['enable_urls'] : false, $poll['enable_smilies'], $poll['img_status'], false, false, $config['allow_post_links'], false);
$this->message = $tmp_message;
@@ -1394,8 +1415,7 @@ class parse_message extends bbcode_firstpass
$this->message = $poll['poll_title'];
- $poll['poll_title'] = $this->parse($poll['enable_bbcode'], $poll['enable_urls'], $poll['enable_smilies'], $poll['img_status'], false, false, false);
-
+ $poll['poll_title'] = $this->parse($poll['enable_bbcode'], ($config['allow_post_links']) ? $poll['enable_urls'] : false, $poll['enable_smilies'], $poll['img_status'], false, false, $config['allow_post_links'], false);
$this->message = $tmp_message;
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php
index 5549606bcc..458eb44b40 100644
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@@ -405,9 +405,21 @@ class session
$this->cookie_data['k'] = '';
$this->cookie_data['u'] = ($bot) ? $bot : ANONYMOUS;
- $sql = 'SELECT *
- FROM ' . USERS_TABLE . '
- WHERE user_id = ' . (int) $this->cookie_data['u'];
+ if (!$bot)
+ {
+ $sql = 'SELECT *
+ FROM ' . USERS_TABLE . '
+ WHERE user_id = ' . (int) $this->cookie_data['u'];
+ }
+ else
+ {
+ // We give bots always the same session if it is not yet expired.
+ $sql = 'SELECT u.*, s.*
+ FROM ' . USERS_TABLE . ' u
+ LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id)
+ WHERE u.user_id = ' . (int) $bot;
+ }
+
$result = $db->sql_query($sql);
$this->data = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
@@ -440,6 +452,47 @@ class session
//
//
+ // If our friend is a bot, we re-assign a previously assigned session
+ if ($this->data['is_bot'] && $bot === $this->data['user_id'] && $this->data['session_id'])
+ {
+ // Only assign the current session if the ip and browser match...
+ $s_ip = implode('.', array_slice(explode('.', $this->data['session_ip']), 0, $config['ip_check']));
+ $u_ip = implode('.', array_slice(explode('.', $this->ip), 0, $config['ip_check']));
+
+ $s_browser = ($config['browser_check']) ? strtolower(substr($this->data['session_browser'], 0, 149)) : '';
+ $u_browser = ($config['browser_check']) ? strtolower(substr($this->browser, 0, 149)) : '';
+
+ if ($u_ip === $s_ip && $s_browser === $u_browser)
+ {
+ $this->session_id = $this->data['session_id'];
+
+ // Only update session DB a minute or so after last update or if page changes
+ if ($this->time_now - $this->data['session_time'] > 60 || ($this->update_session_page && $this->data['session_page'] != $this->page['page']))
+ {
+ $sql_ary = array('session_time' => $this->time_now, 'session_last_visit' => $this->time_now, 'session_admin' => 0);
+
+ if ($this->update_session_page)
+ {
+ $sql_ary['session_page'] = substr($this->page['page'], 0, 199);
+ }
+
+ $sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
+ WHERE session_id = '" . $db->sql_escape($this->session_id) . "'";
+ $db->sql_query($sql);
+ }
+
+ $SID = '?sid=';
+ $_SID = '';
+
+ return true;
+ }
+ else
+ {
+ // If the ip and browser does not match make sure we only have one bot assigned to one session
+ $db->sql_query('DELETE FROM ' . SESSIONS_TABLE . ' WHERE session_user_id = ' . $this->data['user_id']);
+ }
+ }
+
// @todo Change this ... check for "... && user_type & USER_NORMAL" ?
$session_autologin = (($this->cookie_data['k'] || $persist_login) && $this->data['is_registered']) ? true : false;
@@ -516,6 +569,11 @@ class session
unset($cookie_expire);
}
+ else
+ {
+ $SID = '?sid=';
+ $_SID = '';
+ }
return true;
}
diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php
index 47403c83da..2d867177d5 100644
--- a/phpBB/includes/ucp/ucp_groups.php
+++ b/phpBB/includes/ucp/ucp_groups.php
@@ -723,7 +723,8 @@ class ucp_groups
'PAGINATION' => generate_pagination($this->u_action . "&amp;action=$action&amp;g=$group_id", $total_members, $config['topics_per_page'], $start, true),
'U_ACTION' => $this->u_action . "&amp;g=$group_id",
- 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&amp;form=ucp&amp;field=usernames'))
+ 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&amp;form=ucp&amp;field=usernames'),
+ 'UA_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=ucp&field=usernames', false))
);
break;
diff --git a/phpBB/includes/ucp/ucp_pm.php b/phpBB/includes/ucp/ucp_pm.php
index ace879c3d9..18b8bbfff2 100644
--- a/phpBB/includes/ucp/ucp_pm.php
+++ b/phpBB/includes/ucp/ucp_pm.php
@@ -96,7 +96,7 @@ class ucp_pm
$template->assign_vars(array(
'MESSAGE' => $l_new_message,
'S_NOT_LOGGED_IN' => ($user->data['user_id'] == ANONYMOUS) ? true : false,
- 'CLICK_TO_VIEW' => sprintf($user->lang['CLICK_VIEW_PRIVMSG'], '<a href="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;folder=inbox') . '" onclick="jump_to_inbox();return false;" target="_new">', '</a>'),
+ 'CLICK_TO_VIEW' => sprintf($user->lang['CLICK_VIEW_PRIVMSG'], '<a href="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;folder=inbox') . '" onclick="jump_to_inbox(); return false;">', '</a>'),
'U_INBOX' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;folder=inbox'),
'UA_INBOX' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&folder=inbox', false))
);
diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php
index cd495535ec..e8a7a4a538 100644
--- a/phpBB/includes/ucp/ucp_pm_compose.php
+++ b/phpBB/includes/ucp/ucp_pm_compose.php
@@ -307,19 +307,21 @@ function compose_pm($id, $mode, $action)
$error[] = $user->lang['TOO_MANY_RECIPIENTS'];
}
+ // Always check if the submitted attachment data is valid and belongs to the user.
+ // Further down (especially in submit_post()) we do not check this again.
$message_parser->get_submitted_attachment_data();
if ($message_attachment && !$submit && !$refresh && !$preview && $action == 'edit')
{
- $sql = 'SELECT attach_id, physical_filename, attach_comment, real_filename, extension, mimetype, filesize, filetime, thumbnail
+ // Do not change to SELECT *
+ $sql = 'SELECT attach_id, is_orphan, attach_comment, real_filename
FROM ' . ATTACHMENTS_TABLE . "
WHERE post_msg_id = $msg_id
AND in_message = 1
- ORDER BY filetime " . ((!$config['display_order']) ? 'DESC' : 'ASC');
+ AND is_orphan = 0
+ ORDER BY filetime " . ((!$config['display_order']) ? 'DESC' : 'ASC');
$result = $db->sql_query($sql);
-
$message_parser->attachment_data = array_merge($message_parser->attachment_data, $db->sql_fetchrowset($result));
-
$db->sql_freeresult($result);
}
@@ -361,6 +363,7 @@ function compose_pm($id, $mode, $action)
$smilies_status = ($config['allow_smilies'] && $config['auth_smilies_pm'] && $auth->acl_get('u_pm_smilies')) ? true : false;
$img_status = ($config['auth_img_pm'] && $auth->acl_get('u_pm_img')) ? true : false;
$flash_status = ($config['auth_flash_pm'] && $auth->acl_get('u_pm_flash')) ? true : false;
+ $url_status = ($config['allow_post_links']) ? true : false;
// Save Draft
if ($save && $auth->acl_get('u_savedrafts'))
@@ -473,7 +476,7 @@ function compose_pm($id, $mode, $action)
$message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true);
// Parse message
- $message_parser->parse($enable_bbcode, $enable_urls, $enable_smilies, $img_status, $flash_status, true);
+ $message_parser->parse($enable_bbcode, ($config['allow_post_links']) ? $enable_urls : false, $enable_smilies, $img_status, $flash_status, true, $config['allow_sig_links']);
if ($action != 'edit' && !$preview && !$refresh && $config['flood_interval'] && !$auth->acl_get('u_ignoreflood'))
{
@@ -604,7 +607,14 @@ function compose_pm($id, $mode, $action)
if ($action == 'quotepost')
{
$post_id = request_var('p', 0);
- $message_link = "[url=" . generate_board_url() . "/viewtopic.$phpEx?p={$post_id}#p{$post_id}]{$message_subject}[/url]\n";
+ if ($config['allow_post_links'])
+ {
+ $message_link = "[url=" . generate_board_url() . "/viewtopic.$phpEx?p={$post_id}#p{$post_id}]{$message_subject}[/url]\n\n";
+ }
+ else
+ {
+ $message_link = $user->lang['SUBJECT'] . ': ' . $message_subject . " (" . generate_board_url() . "/viewtopic.$phpEx?p={$post_id}#p{$post_id})\n\n";
+ }
}
else
{
@@ -622,14 +632,23 @@ function compose_pm($id, $mode, $action)
{
$fwd_to_field = write_pm_addresses(array('to' => $post['to_address']), 0, true);
+ if ($config['allow_post_links'])
+ {
+ $quote_username_text = '[url=' . generate_board_url() . "/memberlist.$phpEx?mode=viewprofile&u={$post['author_id']}]{$quote_username}[/url]";
+ }
+ else
+ {
+ $quote_username_text = $quote_username . ' (' . generate_board_url() . "/memberlist.$phpEx?mode=viewprofile&u={$post['author_id']})";
+ }
+
$forward_text = array();
$forward_text[] = $user->lang['FWD_ORIGINAL_MESSAGE'];
$forward_text[] = sprintf($user->lang['FWD_SUBJECT'], censor_text($message_subject));
$forward_text[] = sprintf($user->lang['FWD_DATE'], $user->format_date($message_time));
- $forward_text[] = sprintf($user->lang['FWD_FROM'], $quote_username);
+ $forward_text[] = sprintf($user->lang['FWD_FROM'], $quote_username_text);
$forward_text[] = sprintf($user->lang['FWD_TO'], implode(', ', $fwd_to_field['to']));
- $message_parser->message = implode("\n", $forward_text) . "\n\n[quote=\"[url=" . generate_board_url() . "/memberlist.$phpEx?mode=viewprofile&u={$post['author_id']}]{$quote_username}[/url]\"]\n" . censor_text(trim($message_parser->message)) . "\n[/quote]";
+ $message_parser->message = implode("\n", $forward_text) . "\n\n[quote=\"{$quote_username}\"]\n" . censor_text(trim($message_parser->message)) . "\n[/quote]";
$message_subject = ((!preg_match('/^Fwd:/', $message_subject)) ? 'Fwd: ' : '') . censor_text($message_subject);
}
@@ -783,10 +802,11 @@ function compose_pm($id, $mode, $action)
'SUBJECT' => (isset($message_subject)) ? $message_subject : '',
'MESSAGE' => $message_text,
- 'BBCODE_STATUS' => ($bbcode_status) ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '" onclick="target=\'_phpbbcode\';">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '" onclick="target=\'_phpbbcode\';">', '</a>'),
+ 'BBCODE_STATUS' => ($bbcode_status) ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '">', '</a>'),
'IMG_STATUS' => ($img_status) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'],
'FLASH_STATUS' => ($flash_status) ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'],
'SMILIES_STATUS' => ($smilies_status) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'],
+ 'URL_STATUS' => ($url_status) ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'],
'MINI_POST_IMG' => $user->img('icon_post_target', $user->lang['PM']),
'ERROR' => (sizeof($error)) ? implode('<br />', $error) : '',
@@ -798,6 +818,7 @@ function compose_pm($id, $mode, $action)
'S_SMILIES_CHECKED' => ($smilies_checked) ? ' checked="checked"' : '',
'S_SIG_ALLOWED' => ($config['allow_sig'] && $auth->acl_get('u_sig')),
'S_SIGNATURE_CHECKED' => ($sig_checked) ? ' checked="checked"' : '',
+ 'S_LINKS_ALLOWED' => $url_status,
'S_MAGIC_URL_CHECKED' => ($urls_checked) ? ' checked="checked"' : '',
'S_SAVE_ALLOWED' => $auth->acl_get('u_savedrafts'),
'S_HAS_DRAFTS' => ($auth->acl_get('u_savedrafts') && $drafts),
@@ -806,6 +827,7 @@ function compose_pm($id, $mode, $action)
'S_BBCODE_IMG' => $img_status,
'S_BBCODE_FLASH' => $flash_status,
'S_BBCODE_QUOTE' => true,
+ 'S_BBCODE_URL' => $url_status,
'S_POST_ACTION' => $s_action,
'S_HIDDEN_ADDRESS_FIELD' => $s_hidden_address_field,
diff --git a/phpBB/includes/ucp/ucp_pm_options.php b/phpBB/includes/ucp/ucp_pm_options.php
index c9e911b5f4..72af30fa21 100644
--- a/phpBB/includes/ucp/ucp_pm_options.php
+++ b/phpBB/includes/ucp/ucp_pm_options.php
@@ -433,7 +433,8 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit
'DEFAULT_ACTION' => ($config['full_folder_action'] == 1) ? $user->lang['DELETE_OLDEST_MESSAGES'] : $user->lang['HOLD_NEW_MESSAGES'],
- 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&amp;form=ucp&amp;field=rule_string'))
+ 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&amp;form=ucp&amp;field=rule_string'),
+ 'UA_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=ucp&field=rule_string', true))
);
$rule_lang = $action_lang = $check_lang = array();
diff --git a/phpBB/includes/ucp/ucp_pm_viewmessage.php b/phpBB/includes/ucp/ucp_pm_viewmessage.php
index 5e6917073f..ad386ea4b5 100644
--- a/phpBB/includes/ucp/ucp_pm_viewmessage.php
+++ b/phpBB/includes/ucp/ucp_pm_viewmessage.php
@@ -435,7 +435,7 @@ function get_user_informations($user_id, $user_row)
}
$avatar_img .= $user_row['user_avatar'];
- $user_row['avatar'] = '<img src="' . $avatar_img . '" width="' . $user_row['user_avatar_width'] . '" height="' . $user_row['user_avatar_height'] . '" border="0" alt="" />';
+ $user_row['avatar'] = '<img src="' . $avatar_img . '" width="' . $user_row['user_avatar_width'] . '" height="' . $user_row['user_avatar_height'] . '" alt="' . $user->lang['USER_AVATAR'] . '" />';
}
$user_row['rank_title'] = $user_row['rank_image'] = '';
@@ -443,7 +443,7 @@ function get_user_informations($user_id, $user_row)
if (!empty($user_row['user_rank']))
{
$user_row['rank_title'] = (isset($ranks['special'][$user_row['user_rank']])) ? $ranks['special'][$user_row['user_rank']]['rank_title'] : '';
- $user_row['rank_image'] = (!empty($ranks['special'][$user_row['user_rank']]['rank_image'])) ? '<img src="' . $config['ranks_path'] . '/' . $ranks['special'][$user_row['user_rank']]['rank_image'] . '" border="0" alt="' . $ranks['special'][$user_row['user_rank']]['rank_title'] . '" title="' . $ranks['special'][$user_row['user_rank']]['rank_title'] . '" /><br />' : '';
+ $user_row['rank_image'] = (!empty($ranks['special'][$user_row['user_rank']]['rank_image'])) ? '<img src="' . $config['ranks_path'] . '/' . $ranks['special'][$user_row['user_rank']]['rank_image'] . '" alt="' . $ranks['special'][$user_row['user_rank']]['rank_title'] . '" title="' . $ranks['special'][$user_row['user_rank']]['rank_title'] . '" /><br />' : '';
}
else
{
@@ -454,7 +454,7 @@ function get_user_informations($user_id, $user_row)
if ($user_row['user_posts'] >= $rank['rank_min'])
{
$user_row['rank_title'] = $rank['rank_title'];
- $user_row['rank_image'] = (!empty($rank['rank_image'])) ? '<img src="' . $config['ranks_path'] . '/' . $rank['rank_image'] . '" border="0" alt="' . $rank['rank_title'] . '" title="' . $rank['rank_title'] . '" /><br />' : '';
+ $user_row['rank_image'] = (!empty($rank['rank_image'])) ? '<img src="' . $config['ranks_path'] . '/' . $rank['rank_image'] . '" alt="' . $rank['rank_title'] . '" title="' . $rank['rank_title'] . '" /><br />' : '';
break;
}
}
diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php
index eec8d4c3da..e070ba8453 100644
--- a/phpBB/includes/ucp/ucp_profile.php
+++ b/phpBB/includes/ucp/ucp_profile.php
@@ -428,7 +428,7 @@ class ucp_profile
$message_parser = new parse_message($signature);
// Allowing Quote BBCode
- $message_parser->parse($enable_bbcode, $enable_urls, $enable_smilies, $config['allow_sig_img'], $config['allow_sig_flash'], true, true, 'sig');
+ $message_parser->parse($enable_bbcode, ($config['allow_sig_links']) ? $enable_urls : false, $enable_smilies, $config['allow_sig_img'], $config['allow_sig_flash'], true, $config['allow_sig_links'], true, 'sig');
if (sizeof($message_parser->warn_msg))
{
@@ -476,17 +476,19 @@ class ucp_profile
'S_SMILIES_CHECKED' => (!$enable_smilies) ? 'checked="checked"' : '',
'S_MAGIC_URL_CHECKED' => (!$enable_urls) ? 'checked="checked"' : '',
- 'BBCODE_STATUS' => ($config['allow_sig_bbcode']) ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '" onclick="target=\'_phpbbcode\';">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '" onclick="target=\'_phpbbcode\';">', '</a>'),
+ 'BBCODE_STATUS' => ($config['allow_sig_bbcode']) ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '">', '</a>'),
'SMILIES_STATUS' => ($config['allow_sig_smilies']) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'],
'IMG_STATUS' => ($config['allow_sig_img']) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'],
'FLASH_STATUS' => ($config['allow_sig_flash']) ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'],
+ 'URL_STATUS' => ($config['allow_sig_links']) ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'],
'L_SIGNATURE_EXPLAIN' => sprintf($user->lang['SIGNATURE_EXPLAIN'], $config['max_sig_chars']),
'S_BBCODE_ALLOWED' => $config['allow_sig_bbcode'],
'S_SMILIES_ALLOWED' => $config['allow_sig_smilies'],
'S_BBCODE_IMG' => ($config['allow_sig_img']) ? true : false,
- 'S_BBCODE_FLASH' => ($config['allow_sig_flash']) ? true : false)
+ 'S_BBCODE_FLASH' => ($config['allow_sig_flash']) ? true : false,
+ 'S_LINKS_ALLOWED' => ($config['allow_sig_links']) ? true : false)
);
// Build custom bbcodes array