diff options
Diffstat (limited to 'phpBB/includes')
| -rw-r--r-- | phpBB/includes/auth.php | 28 | ||||
| -rw-r--r-- | phpBB/includes/bbcode.php | 23 | ||||
| -rw-r--r-- | phpBB/includes/constants.php | 19 | ||||
| -rw-r--r-- | phpBB/includes/functions.php | 32 | ||||
| -rw-r--r-- | phpBB/includes/post.php | 56 | ||||
| -rw-r--r-- | phpBB/includes/prune.php | 146 |
6 files changed, 177 insertions, 127 deletions
diff --git a/phpBB/includes/auth.php b/phpBB/includes/auth.php index 575574f9e1..5fcbe0eb4f 100644 --- a/phpBB/includes/auth.php +++ b/phpBB/includes/auth.php @@ -1,15 +1,15 @@ <?php /*************************************************************************** * auth.php - * ------------------- - * begin : Saturday, Feb 13, 2001 - * copyright : (C) 2001 The phpBB Group - * email : support@phpbb.com - * - * $Id$ - * - * - ***************************************************************************/ + * ------------------- + * begin : Saturday, Feb 13, 2001 + * copyright : (C) 2001 The phpBB Group + * email : support@phpbb.com + * + * $Id$ + * + * + ***************************************************************************/ /*************************************************************************** * @@ -59,8 +59,8 @@ function auth($type, $forum_id, $userdata, $f_access = -1) switch($type) { case AUTH_ALL: - $a_sql = "a.auth_view, a.auth_read, a.auth_post, a.auth_reply, a.auth_edit, a.auth_delete, a.auth_sticky, a.auth_announce"; - $auth_fields = array("auth_view", "auth_read", "auth_post", "auth_reply", "auth_edit", "auth_delete", "auth_sticky", "auth_announce"); + $a_sql = "a.auth_view, a.auth_read, a.auth_post, a.auth_reply, a.auth_edit, a.auth_delete, a.auth_sticky, a.auth_announce, a.auth_vote, a.auth_pollcreate"; + $auth_fields = array("auth_view", "auth_read", "auth_post", "auth_reply", "auth_edit", "auth_delete", "auth_sticky", "auth_announce", "auth_vote", "auth_pollcreate"); break; case AUTH_VIEW: @@ -98,9 +98,13 @@ function auth($type, $forum_id, $userdata, $f_access = -1) $auth_fields = array("auth_sticky"); break; - case AUTH_VOTECREATE: + case AUTH_POLLCREATE: + $a_sql = "a.auth_pollcreate"; + $auth_fields = array("auth_pollcreate"); break; case AUTH_VOTE: + $a_sql = "a.auth_vote"; + $auth_fields = array("auth_vote"); break; case AUTH_ATTACH: break; diff --git a/phpBB/includes/bbcode.php b/phpBB/includes/bbcode.php index 45c6774d6c..c4e799a0d5 100644 --- a/phpBB/includes/bbcode.php +++ b/phpBB/includes/bbcode.php @@ -28,6 +28,7 @@ define("BBCODE_UID_LEN", 10); */ function bbencode_second_pass($text, $uid) { + global $lang; //$uid_tag_length = strpos($text, ']') + 1; //$uid = substr($text, 5, BBCODE_UID_LEN); @@ -60,8 +61,8 @@ function bbencode_second_pass($text, $uid) $text = preg_replace("/\[list=([a1]):$uid\]/si", '<OL TYPE="\1">', $text); // [QUOTE] and [/QUOTE] for posting replies with quote, or just for quoting stuff. - $text = str_replace("[quote:$uid]", '<TABLE BORDER="0" ALIGN="CENTER" WIDTH="85%"><TR><TD><font size="-1">Quote:</font><HR></TD></TR><TR><TD><FONT SIZE="-1"><BLOCKQUOTE>', $text); - $text = str_replace("[/quote:$uid]", '</BLOCKQUOTE></FONT></TD></TR><TR><TD><HR></TD></TR></TABLE>', $text); + $text = str_replace("[quote:$uid]", '<table border="0" align="center" width="85%"><tr><td><font size="-1">' . $lang['Quote'] . '</font><hr /> </td></tr><tr><td><font size="-1"><blockquote>', $text); + $text = str_replace("[/quote:$uid]", '</blockquote></font></td></tr><tr><td><hr></td></tr></table>', $text); // [b] and [/b] for bolding text. $text = str_replace("[b:$uid]", '<B>', $text); @@ -89,15 +90,15 @@ function bbencode_second_pass($text, $uid) // [url=xxxx://www.phpbb.com]phpBB[/url] code.. $patterns[2] = "#\[url=([a-z]+?://){1}(.*?)\](.*?)\[/url\]#si"; - $replacements[2] = '<A HREF="\1\2" TARGET="_blank">\3</A>'; + $replacements[2] = '<a href="\1\2" target="_blank">\3</A>'; // [url=www.phpbb.com]phpBB[/url] code.. (no xxxx:// prefix). $patterns[3] = "#\[url=(.*?)\](.*?)\[/url\]#si"; - $replacements[3] = '<A HREF="http://\1" TARGET="_blank">\2</A>'; + $replacements[3] = '<A href="http://\1" TARGET="_blank">\2</A>'; // [email]user@domain.tld[/email] code.. $patterns[4] = "#\[email\](.*?)\[/email\]#si"; - $replacements[4] = '<A HREF="mailto:\1">\1</A>'; + $replacements[4] = '<A href="mailto:\1">\1</A>'; $text = preg_replace($patterns, $replacements, $text); @@ -351,11 +352,13 @@ function bbencode_first_pass_pda($text, $uid, $open_tag, $close_tag, $close_tag_ */ function bbencode_second_pass_code($text, $uid) { - // If HTML is turned on we undo any HTML special chars that were created by the viewtopic code. -// $text = undo_htmlspecialchars($text); + global $lang; - $code_start_html = '<TABLE BORDER="0" ALIGN="CENTER" WIDTH="85%"><TR><TD><font size="-1">Code:</font><HR></TD></TR><TR><TD><FONT SIZE="-1"><PRE>'; - $code_end_html = '</PRE></FONT></TD></TR><TR><TD><HR></TD></TR></TABLE>'; + $html_entities_match = array("#<#", "#>#"); + $html_entities_replace = array("<", ">"); + + $code_start_html = '<table width="85%" border="0" align="center"><tr><td><font size="-1">' . $lang['Code'] . '</font><hr /></td></tr><tr><td><font size="-1"><pre>'; + $code_end_html = '</pre></font></td></tr><tr><td><hr /></td></tr></table>'; // First, do all the 1st-level matches. These need an htmlspecialchars() run, // so they have to be handled differently. @@ -366,7 +369,7 @@ function bbencode_second_pass_code($text, $uid) $before_replace = $matches[1][$i]; $after_replace = $matches[1][$i]; - $after_replace = htmlspecialchars($after_replace); + $after_replace = preg_replace($html_entities_match, $html_entities_replace, $after_replace); $str_to_match = "[code:1:$uid]" . $before_replace . "[/code:1:$uid]"; diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index 9124fcdd47..79d44a885b 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -28,16 +28,19 @@ define(DEBUG, 1); // Debugging on //define(DEBUG, 0); // Debugging off + // User Levels <- Do not change the values of USER or ADMIN define(DELETED, -1); define(ANONYMOUS, -1); define(USER, 0); define(ADMIN, 1); + // Forum state define(FORUM_UNLOCKED, 0); define(FORUM_LOCKED, 1); + // Topic status define(TOPIC_UNLOCKED, 0); define(TOPIC_LOCKED, 1); @@ -57,6 +60,7 @@ define(POST_GLOBAL_ANNOUNCE, 3); define(BEGIN_TRANSACTION, 1); define(END_TRANSACTION, 2); + // Error codes define(GENERAL_MESSAGE, 200); define(GENERAL_ERROR, 202); @@ -70,11 +74,15 @@ define(SESSION_CREATE, 4); define(NO_TOPICS, 5); define(LOGIN_FAILED, 7); + // Private messaging define(PRIVMSGS_READ_MAIL, 0); define(PRIVMSGS_NEW_MAIL, 1); define(PRIVMSGS_SENT_MAIL, 2); define(PRIVMSGS_SAVED_MAIL, 3); +define(PRIVMSGS_SAVED_IN_MAIL, 3); +define(PRIVMSGS_SAVED_OUT_MAIL, 4); + // URL PARAMETERS define(POST_TOPIC_URL, 't'); @@ -83,10 +91,12 @@ define(POST_USERS_URL, 'u'); define(POST_POST_URL, 'p'); define(POST_GROUPS_URL, 'g'); + // Session parameters define(SESSION_METHOD_COOKIE, 100); define(SESSION_METHOD_GET, 101); + // Page numbers for session handling define(PAGE_INDEX, 0); define(PAGE_LOGIN, -1); @@ -101,6 +111,7 @@ define(PAGE_PRIVMSGS, -10); define(PAGE_GROUPCP, -11); define(PAGE_TOPIC_OFFSET, 5000); + // Auth settings define(AUTH_ALL, 0); @@ -119,12 +130,13 @@ define(AUTH_DELETE, 6); define(AUTH_ANNOUNCE, 7); define(AUTH_STICKY, 8); -define(AUTH_VOTECREATE, 9); +define(AUTH_POLLCREATE, 9); define(AUTH_VOTE, 10); define(AUTH_ATTACH, 11); define(AUTH_LIST_ALL, 20); + // Table names define('AUTH_ACCESS_TABLE', $table_prefix.'auth_access'); define('BANLIST_TABLE', $table_prefix.'banlist'); @@ -138,6 +150,7 @@ define('POSTS_TEXT_TABLE', $table_prefix.'posts_text'); define('PRIVMSGS_TABLE', $table_prefix.'privmsgs'); define('PRIVMSGS_TEXT_TABLE', $table_prefix.'privmsgs_text'); define('PRIVMSGS_IGNORE_TABLE', $table_prefix.'privmsgs_ignore'); +define('PRUNE_TABLE', $table_prefix.'forum_prune'); define('RANKS_TABLE', $table_prefix.'ranks'); define('SESSIONS_TABLE', $table_prefix.'session'); define('SMILIES_TABLE', $table_prefix.'smilies'); @@ -147,6 +160,8 @@ define('TOPICS_WATCH_TABLE', $table_prefix.'topics_watch'); define('USER_GROUP_TABLE', $table_prefix.'user_group'); define('USERS_TABLE', $table_prefix.'users'); define('WORDS_TABLE', $table_prefix.'words'); -define('PRUNE_TABLE', $table_prefix.'forum_prune'); +define('VOTE_DESC_TABLE', $table_prefix.'vote_desc'); +define('VOTE_RESULTS_TABLE', $table_prefix.'vote_results'); +define('VOTE_USERS_TABLE', $table_prefix.'vote_voters'); ?>
\ No newline at end of file diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index cc668e8f3a..4642446a21 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -627,7 +627,15 @@ function sync($type, $id) { message_die(GENERAL_ERROR, "Could not get post count", "Error", __LINE__, __FILE__, $sql); } - $total_posts = ( $row = $db->sql_fetchrow($result) ) ? $row['total'] : 0; + + if( $row = $db->sql_fetchrow($result) ) + { + $total_posts = ($row['total']) ? $row['total'] : 0; + } + else + { + $total_posts = 0; + } $sql = "SELECT COUNT(topic_id) AS total FROM " . TOPICS_TABLE . " @@ -636,7 +644,15 @@ function sync($type, $id) { message_die(GENERAL_ERROR, "Could not get topic count", "Error", __LINE__, __FILE__, $sql); } - $total_topics = ( $row = $db->sql_fetchrow($result) ) ? $row['total'] : 0; + + if( $row = $db->sql_fetchrow($result) ) + { + $total_topics = ($row['total']) ? $row['total'] : 0; + } + else + { + $total_topics = 0; + } $sql = "UPDATE " . FORUMS_TABLE . " SET forum_last_post_id = $last_post, forum_posts = $total_posts, forum_topics = $total_topics @@ -658,7 +674,7 @@ function sync($type, $id) if( $row = $db->sql_fetchrow($result) ) { - $last_post = $row['last_post']; + $last_post = ($row['last_post']) ? $row['last_post'] : 0; } else { @@ -672,7 +688,15 @@ function sync($type, $id) { message_die(GENERAL_ERROR, "Could not get post count", "Error", __LINE__, __FILE__, $sql); } - $total_posts = ( $row = $db->sql_fetchrow($result) ) ? $row['total'] - 1 : 0; + + if( $row = $db->sql_fetchrow($result) ) + { + $total_posts = ($row['total']) ? $row['total'] - 1 : 0; + } + else + { + $total_posts = 0; + } $sql = "UPDATE " . TOPICS_TABLE . " SET topic_replies = $total_posts, topic_last_post_id = $last_post diff --git a/phpBB/includes/post.php b/phpBB/includes/post.php index 9d41b85f28..ac364f6472 100644 --- a/phpBB/includes/post.php +++ b/phpBB/includes/post.php @@ -35,50 +35,60 @@ function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid if( $html_on ) { - $start = -1; - $end = 0; + $html_entities_match = array("#<#", "#>#", "#& #"); + $html_entities_replace = array("<", ">", "& "); - for($h = 0; $h < strlen($message); $h++) - { - $start = strpos($message, "<", $h); + $start_html = 1; - if($start > -1) + $message = " " . $message; + while( $start_html = strpos($message, "<", $start_html) ) + { + if( $end_html = strpos($message, ">", $start_html) ) { - $end = strpos($message, ">", $start); + $length = $end_html - $start_html + 1; - if($end) + $tagallowed = 0; + for($i = 0; $i < sizeof($board_config['allow_html_tags']); $i++) { - $length = $end - $start + 1; - $tagallowed = 0; + $match_tag = trim($board_config['allow_html_tags'][$i]); - for($i = 0; $i < sizeof($board_config['allow_html_tags']); $i++) + if( preg_match("/^[\/]?" . $match_tag . "( .*?)*$/i", trim(substr($message, $start_html + 1, $length - 2))) ) { - $match_tag = trim($board_config['allow_html_tags'][$i]); - list($match_tag_split) = explode(" ", $match_tag); - - if( preg_match("/^((\/" . $match_tag_split . ")|(" . $match_tag . "))[ \=]+/i", trim(substr($message, $start + 1, $length - 2)) . " ") ) + if( !preg_match("/(^\?)|(\?$)/", trim(substr($message, $start_html + 1, $length - 2))) ) { $tagallowed = 1; } } + } - if($length && !$tagallowed) - { - $message = str_replace(substr($message, $start, $length), htmlspecialchars(substr($message, $start, $length)), $message); - } + if( $length && !$tagallowed ) + { + $message = str_replace(substr($message, $start_html, $length), preg_replace($html_entities_match, $html_entities_replace, substr($message, $start_html, $length)), $message); } - $start = -1; + + $start_html += $length; + } + else + { + $message = str_replace(substr($message, $start_html, 1), preg_replace($html_entities_match, $html_entities_replace, substr($message, $start_html, 1)), $message); + + $start_html = strlen($message); } } + $message = trim($message); + } + else + { + $html_entities_match = array("#<#", "#>#", "#& #"); + $html_entities_replace = array("<", ">", "& "); + $message = preg_replace($html_entities_match, $html_entities_replace, $message); } - if($bbcode_on) + if( $bbcode_on && $bbcode_uid != "" ) { $message = bbencode_first_pass($message, $bbcode_uid); } - $message = addslashes($message); - return($message); } diff --git a/phpBB/includes/prune.php b/phpBB/includes/prune.php index 9224e71a25..a9680dadcf 100644 --- a/phpBB/includes/prune.php +++ b/phpBB/includes/prune.php @@ -24,115 +24,108 @@ function prune($forum_id, $prune_date) { global $db, $lang; - $sql = "SELECT t.topic_id + $pruned_topic_list = array(); + + // + // Those without polls ... + // + $sql = "SELECT t.topic_id FROM " . POSTS_TABLE . " p, " . TOPICS_TABLE . " t WHERE t.forum_id = $forum_id - AND t.topic_type = " . POST_NORMAL . " + AND t.topic_vote = 0 + AND t.topic_type <> " . POST_ANNOUNCE . " AND p.post_id = t.topic_last_post_id"; - // Do we want to delete everything in the forum? - if ($prune_date != FALSE) + if ($prune_date != "") { $sql .= " AND p.post_time < $prune_date"; } + if(!$result_topics = $db->sql_query($sql)) { message_die(GENERAL_ERROR, "Couldn't obtain lists of topics to prune.", "", __LINE__, __FILE__, $sql); } - $pruned_topics = $db->sql_numrows($result_topics); - - $sql = "SELECT p.post_id - FROM " . POSTS_TABLE . " p, " . TOPICS_TABLE . " t - WHERE p.forum_id = $forum_id - AND t.topic_id = p.topic_id - AND t.topic_type = " . POST_NORMAL; - // Do we want to delete everything in the forum? - if ($prune_date != FALSE) - { - $sql .= " AND p.post_time < $prune_date"; - } - if(!$result_posts = $db->sql_query($sql)) - { - message_die(GENERAL_ERROR, "Couldn't obtain list of posts to prune.", "", __LINE__, __FILE__, $sql); - } - $pruned_posts = $db->sql_numrows($result_posts); - if( $pruned_topics > 0 ) + if( $pruned_topics = $db->sql_numrows($result_topics) ) { $pruned_topic_list = $db->sql_fetchrowset($result_topics); - + $sql_topics = ""; - for($i = 0; $i < $pruned_topics; $i++) { if($sql_topics != "") { - $sql_topics .= " OR "; + $sql_topics .= ", "; } - $sql_topics .= "topic_id = " . $pruned_topic_list[$i]['topic_id']; + $sql_topics .= $pruned_topic_list[$i]['topic_id']; } + $sql_topics = "topic_id IN (" . $sql_topics . ")"; - $sql_topics = "DELETE FROM " . TOPICS_TABLE . " WHERE " . $sql_topics; - - if(!$result = $db->sql_query($sql_topics)) + $sql = "SELECT post_id + FROM " . POSTS_TABLE . " + WHERE forum_id = $forum_id + AND $sql_topics"; + if(!$result_posts = $db->sql_query($sql)) { - message_die(GENERAL_ERROR, "Couldn't delete topics during prune.", "", __LINE__, __FILE__, $sql_topics); + message_die(GENERAL_ERROR, "Couldn't obtain list of posts to prune.", "", __LINE__, __FILE__, $sql); } - } - if( $pruned_posts > 0 ) - { + $pruned_posts = $db->sql_numrows($result_posts); $pruned_post_list = $db->sql_fetchrowset($result_posts); - $sql_post_text = ""; $sql_post = ""; - for($i = 0; $i < $pruned_posts; $i++) { $post_id = $pruned_post_list[$i]['post_id']; - if($sql_post_text != "") - { - $sql_post_text .= " OR "; - } - $sql_post_text .= "post_id = $post_id"; - - if($sql_post != "") + if( $sql_post != "" ) { - $sql_post .= " OR "; + $sql_post .= ", "; } - $sql_post .= "post_id = $post_id"; + $sql_post .= $post_id; } + $sql_post = "post_id IN (" . $sql_post . ")"; - $sql_post_text = "DELETE FROM " . POSTS_TEXT_TABLE . " WHERE " . $sql_post_text; - $sql_post = "DELETE FROM " . POSTS_TABLE . " WHERE " . $sql_post; + $sql = "DELETE FROM " . TOPICS_TABLE . " + WHERE " . $sql_topics; + if(!$result = $db->sql_query($sql)) + { + message_die(GENERAL_ERROR, "Couldn't delete topics during prune.", "", __LINE__, __FILE__, $sql); + } - if(!$result = $db->sql_query($sql_post_text, BEGIN_TRANSACTION)) + $sql = "DELETE FROM " . POSTS_TABLE . " + WHERE " . $sql_post; + if(!$result = $db->sql_query($sql, BEGIN_TRANSACTION)) { - message_die(GENERAL_ERROR, "Couldn't delete post_text during prune.", "", __LINE__, __FILE__, $sql_post_text); + message_die(GENERAL_ERROR, "Couldn't delete post_text during prune.", "", __LINE__, __FILE__, $sql); } else { - if(!$result = $db->sql_query($sql_post, END_TRANSACTION)) + $sql = "DELETE FROM " . POSTS_TEXT_TABLE . " + WHERE " . $sql_post; + if(!$result = $db->sql_query($sql, END_TRANSACTION)) { - message_die(GENERAL_ERROR, "Couldn't delete post during prune.", "", __LINE__, __FILE__, $sql_post); + message_die(GENERAL_ERROR, "Couldn't delete post during prune.", "", __LINE__, __FILE__, $sql); } } - } - $sql = "UPDATE " . FORUMS_TABLE . " - SET forum_topics = forum_topics - $pruned_topics, forum_posts = forum_posts - $pruned_posts - WHERE forum_id = $forum_id"; - if(!$result = $db->sql_query($sql)) - { - message_die(GENERAL_ERROR, "Couldn't update forum data after prune.", "", __LINE__, __FILE__, $sql); - } - - $returnval = array ( - "topics" => $pruned_topics, - "posts" => $pruned_posts); + $sql = "UPDATE " . FORUMS_TABLE . " + SET forum_topics = forum_topics - $pruned_topics, forum_posts = forum_posts - $pruned_posts + WHERE forum_id = $forum_id"; + if(!$result = $db->sql_query($sql)) + { + message_die(GENERAL_ERROR, "Couldn't update forum data after prune.", "", __LINE__, __FILE__, $sql); + } - return $returnval; + $returnval = array ( + "topics" => $pruned_topics, + "posts" => $pruned_posts); + return $returnval; + } + else + { + return (array("topics" => 0, "posts" => 0)); + } } /***************************************************************************\ @@ -145,8 +138,6 @@ function auto_prune($forum_id = 0) { global $db, $lang; - $one_day = 60 * 60 * 24; - $sql = "SELECT * FROM " . PRUNE_TABLE . " WHERE forum_id = $forum_id"; @@ -156,18 +147,21 @@ function auto_prune($forum_id = 0) message_die(GENERAL_ERROR, "Auto-Prune: Couldn't read auto_prune table.", __LINE__, __FILE__); } - while($row = $db->sql_fetchrow($result)) + if( $db->sql_numrows($result) ) { - if($row['prune_freq'] > 0 && $row['prune_days'] > 0) + $row = $db->sql_fetchrow($result); + + if( $row['prune_freq'] && $row['prune_days'] ) { - $forum_id = $row['forum_id']; - $prune_date = time() - ($row['prune_days'] * $one_day); - $pruned = prune($forum_id, $prune_date); - $next_prune = time() + ($row['prune_freq'] * $one_day); - $sql = "UPDATE " . FORUMS_TABLE . " - SET prune_next = $next_prune - WHERE forum_id = $forum_id"; - if(!$db->sql_query($sql)) + $prune_date = time() - ( $row['prune_days'] * 86400 ); + prune($forum_id, $prune_date); + + $next_prune = time() + ( $row['prune_freq'] * 86400 ); + + $sql = "UPDATE " . FORUMS_TABLE . " + SET prune_next = $next_prune + WHERE forum_id = $forum_id"; + if( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, "Auto-Prune: Couldn't update forum table.", __LINE__, __FILE__); } @@ -177,4 +171,4 @@ function auto_prune($forum_id = 0) return; } -?> +?>
\ No newline at end of file |