aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB')
-rw-r--r--phpBB/includes/acp/acp_styles.php7
-rw-r--r--phpBB/includes/acp/acp_users.php4
-rw-r--r--phpBB/includes/auth.php2
-rw-r--r--phpBB/includes/functions.php6
-rw-r--r--phpBB/includes/template.php6
-rw-r--r--phpBB/includes/ucp/ucp_profile.php199
-rw-r--r--phpBB/includes/ucp/ucp_register.php52
-rw-r--r--phpBB/includes/ucp/ucp_zebra.php2
-rw-r--r--phpBB/includes/utf/utf_tools.php6
-rwxr-xr-xphpBB/install/install_install.php16
-rw-r--r--phpBB/search.php35
-rw-r--r--phpBB/viewtopic.php3
12 files changed, 172 insertions, 166 deletions
diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php
index 9e49e986e7..7731620c61 100644
--- a/phpBB/includes/acp/acp_styles.php
+++ b/phpBB/includes/acp/acp_styles.php
@@ -1353,16 +1353,19 @@ pagination_sep = \'{PAGINATION_SEP}\'
if ($imageset_id)
{
$sql_select = ($imgname) ? ", $imgname" : '';
+
$sql = "SELECT imageset_path, imageset_name, imageset_copyright$sql_select
FROM " . STYLES_IMAGESET_TABLE . "
WHERE imageset_id = $imageset_id";
$result = $db->sql_query($sql);
+ $imageset_row = $db->sql_fetchrow($result);
+ $db->sql_freeresult($result);
- if (!extract($db->sql_fetchrow($result)))
+ if (!$imageset_row)
{
trigger_error($user->lang['NO_IMAGESET'] . adm_back_link($this->u_action), E_USER_WARNING);
}
- $db->sql_freeresult($result);
+ extract($imageset_row);
// Check to see whether the selected image exists in the table
$valid_name = ($update) ? false : true;
diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php
index c6700f3688..5de6031c1e 100644
--- a/phpBB/includes/acp/acp_users.php
+++ b/phpBB/includes/acp/acp_users.php
@@ -635,7 +635,7 @@ class acp_users
// Get the data from the form. Use data from the database if no info is provided
foreach ($var_ary as $var => $default)
{
- $data[$var] = request_var($var, $default);
+ $data[$var] = ($var == 'user') ? request_var($var, $default, true) : request_var($var, $default);
}
// We use user within the form to circumvent auto filling
@@ -984,7 +984,7 @@ class acp_users
foreach ($var_ary as $var => $default)
{
- $data[$var] = (in_array($var, array('location', 'occupation', 'interests'))) ? request_var($var, $default, true) : $data[$var] = request_var($var, $default);
+ $data[$var] = (in_array($var, array('location', 'occupation', 'interests'))) ? request_var($var, $default, true) : request_var($var, $default);
}
$var_ary = array(
diff --git a/phpBB/includes/auth.php b/phpBB/includes/auth.php
index ffce18ffb7..8ee4a23abb 100644
--- a/phpBB/includes/auth.php
+++ b/phpBB/includes/auth.php
@@ -707,7 +707,7 @@ class auth
// we are going to use the user_add function so include functions_user.php if it wasn't defined yet
if (!function_exists('user_add'))
{
- include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+ include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
}
user_add($login['user_row'], (isset($login['cp_data'])) ? $login['cp_data'] : false);
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index b0d76fff4c..671f20d398 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -2249,7 +2249,7 @@ function generate_text_for_display($text, $uid, $bitfield, $flags)
if (!class_exists('bbcode'))
{
global $phpbb_root_path, $phpEx;
- include_once($phpbb_root_path . 'includes/bbcode.' . $phpEx);
+ include($phpbb_root_path . 'includes/bbcode.' . $phpEx);
}
if (empty($bbcode))
@@ -2287,7 +2287,7 @@ function generate_text_for_storage(&$text, &$uid, &$bitfield, &$flags, $allow_bb
if (!class_exists('parse_message'))
{
- include_once($phpbb_root_path . 'includes/message_parser.' . $phpEx);
+ include($phpbb_root_path . 'includes/message_parser.' . $phpEx);
}
$message_parser = new parse_message($text);
@@ -2419,7 +2419,7 @@ function parse_inline_attachments(&$text, &$attachments, &$update_count, $forum_
if (!function_exists('display_attachments'))
{
global $phpbb_root_path, $phpEx;
- include_once("{$phpbb_root_path}includes/functions_display.$phpEx");
+ include("{$phpbb_root_path}includes/functions_display.$phpEx");
}
$attachments = display_attachments($forum_id, NULL, $attachments, $update_count, false, true);
diff --git a/phpBB/includes/template.php b/phpBB/includes/template.php
index 6c7558faa3..36a0b8920b 100644
--- a/phpBB/includes/template.php
+++ b/phpBB/includes/template.php
@@ -197,7 +197,11 @@ class template
global $db, $phpbb_root_path;
- include_once($phpbb_root_path . 'includes/functions_template.' . $phpEx);
+ if (!class_exists('template_compile'))
+ {
+ include($phpbb_root_path . 'includes/functions_template.' . $phpEx);
+ }
+
$compile = new template_compile($this);
// If the file for this handle is already loaded and compiled, do nothing.
diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php
index 537b47b5a4..516e57e8b3 100644
--- a/phpBB/includes/ucp/ucp_profile.php
+++ b/phpBB/includes/ucp/ucp_profile.php
@@ -33,20 +33,20 @@ class ucp_profile
{
case 'reg_details':
+ $data = array(
+ 'username' => $user->data['username'],
+ 'email' => $user->data['user_email'],
+ 'email_confirm' => (string) '',
+ 'new_password' => (string) '',
+ 'cur_password' => (string) '',
+ 'password_confirm' => (string) '',
+ );
+
if ($submit)
{
- $var_ary = array(
- 'username' => $user->data['username'],
- 'email' => $user->data['user_email'],
- 'email_confirm' => (string) '',
- 'new_password' => (string) '',
- 'cur_password' => (string) '',
- 'password_confirm' => (string) '',
- );
-
- foreach ($var_ary as $var => $default)
+ foreach ($data as $var => $default)
{
- $data[$var] = request_var($var, $default);
+ $data[$var] = ($var == 'username') ? request_var($var, $default, true) : request_var($var, $default);
}
// Do not check cur_password, it is the old one.
@@ -70,26 +70,24 @@ class ucp_profile
}
$error = validate_data($data, $var_ary);
- extract($data);
- unset($data);
- if ($auth->acl_get('u_chgpasswd') && $new_password && $password_confirm != $new_password)
+ if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && $data['password_confirm'] != $data['new_password'])
{
$error[] = 'NEW_PASSWORD_ERROR';
}
- if (($new_password || ($auth->acl_get('u_chgemail') && $email != $user->data['user_email']) || ($username != $user->data['username'] && $auth->acl_get('u_chgname') && $config['allow_namechange'])) && md5($cur_password) != $user->data['user_password'])
+ if (($data['new_password'] || ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email']) || ($data['username'] != $user->data['username'] && $auth->acl_get('u_chgname') && $config['allow_namechange'])) && md5($data['cur_password']) != $user->data['user_password'])
{
$error[] = 'CUR_PASSWORD_ERROR';
}
// Only check the new password against the previous password if there have been no errors
- if (!sizeof($error) && $auth->acl_get('u_chgpasswd') && $new_password && md5($new_password) == $user->data['user_password'])
+ if (!sizeof($error) && $auth->acl_get('u_chgpasswd') && $data['new_password'] && md5($data['new_password']) == $user->data['user_password'])
{
$error[] = 'SAME_PASSWORD_ERROR';
}
- if ($auth->acl_get('u_chgemail') && $email != $user->data['user_email'] && $email_confirm != $email)
+ if ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email'] && $data['email_confirm'] != $data['email'])
{
$error[] = 'NEW_EMAIL_ERROR';
}
@@ -97,31 +95,31 @@ class ucp_profile
if (!sizeof($error))
{
$sql_ary = array(
- 'username' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? $username : $user->data['username'],
- 'username_clean' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? utf8_clean_string($username) : $user->data['username_clean'],
- 'user_email' => ($auth->acl_get('u_chgemail')) ? $email : $user->data['user_email'],
- 'user_email_hash' => ($auth->acl_get('u_chgemail')) ? crc32(strtolower($email)) . strlen($email) : $user->data['user_email_hash'],
- 'user_password' => ($auth->acl_get('u_chgpasswd') && $new_password) ? md5($new_password) : $user->data['user_password'],
- 'user_passchg' => ($auth->acl_get('u_chgpasswd') && $new_password) ? time() : 0,
+ 'username' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? $data['username'] : $user->data['username'],
+ 'username_clean' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? utf8_clean_string($data['username']) : $user->data['username_clean'],
+ 'user_email' => ($auth->acl_get('u_chgemail')) ? $data['email'] : $user->data['user_email'],
+ 'user_email_hash' => ($auth->acl_get('u_chgemail')) ? crc32(strtolower($data['email'])) . strlen($data['email']) : $user->data['user_email_hash'],
+ 'user_password' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? md5($data['new_password']) : $user->data['user_password'],
+ 'user_passchg' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? time() : 0,
);
- if ($auth->acl_get('u_chgname') && $config['allow_namechange'] && $username != $user->data['username'])
+ if ($auth->acl_get('u_chgname') && $config['allow_namechange'] && $data['username'] != $user->data['username'])
{
- add_log('user', $user->data['user_id'], 'LOG_USER_UPDATE_NAME', $user->data['username'], $username);
+ add_log('user', $user->data['user_id'], 'LOG_USER_UPDATE_NAME', $user->data['username'], $data['username']);
}
- if ($auth->acl_get('u_chgpasswd') && $new_password && md5($new_password) != $user->data['user_password'])
+ if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && md5($data['new_password']) != $user->data['user_password'])
{
$user->reset_login_keys();
- add_log('user', $user->data['user_id'], 'LOG_USER_NEW_PASSWORD', $username);
+ add_log('user', $user->data['user_id'], 'LOG_USER_NEW_PASSWORD', $data['username']);
}
- if ($auth->acl_get('u_chgemail') && $email != $user->data['user_email'])
+ if ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email'])
{
- add_log('user', $user->data['user_id'], 'LOG_USER_UPDATE_EMAIL', $username, $user->data['user_email'], $email);
+ add_log('user', $user->data['user_id'], 'LOG_USER_UPDATE_EMAIL', $data['username'], $user->data['user_email'], $data['email']);
}
- if ($config['email_enable'] && $email != $user->data['user_email'] && $user->data['user_type'] != USER_FOUNDER && ($config['require_activation'] == USER_ACTIVATION_SELF || $config['require_activation'] == USER_ACTIVATION_ADMIN))
+ if ($config['email_enable'] && $data['email'] != $user->data['user_email'] && $user->data['user_type'] != USER_FOUNDER && ($config['require_activation'] == USER_ACTIVATION_SELF || $config['require_activation'] == USER_ACTIVATION_ADMIN))
{
include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
@@ -138,7 +136,7 @@ class ucp_profile
$messenger->template($template_file, $user->data['user_lang']);
$messenger->replyto($config['board_contact']);
- $messenger->to($email, $username);
+ $messenger->to($data['email'], $data['username']);
$messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']);
$messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']);
@@ -147,7 +145,7 @@ class ucp_profile
$messenger->assign_vars(array(
'SITENAME' => $config['sitename'],
- 'USERNAME' => html_entity_decode($username),
+ 'USERNAME' => html_entity_decode($username, ENT_QUOTES, 'UTF-8'),
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']),
'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user->data['user_id']}&k=$user_actkey")
@@ -157,12 +155,21 @@ class ucp_profile
if ($config['require_activation'] == USER_ACTIVATION_ADMIN)
{
- // Grab an array of user_id's with a_user permissions
+ // Grab an array of user_id's with a_user permissions ... these users can activate a user
$admin_ary = $auth->acl_get_list(false, 'a_user', false);
+ $admin_ary = (!empty($admin_ary[0]['a_user'])) ? $admin_ary[0]['a_user'] : array();
+
+ // Also include founders
+ $where_sql = ' WHERE user_type = ' . USER_FOUNDER;
+
+ if (sizeof($admin_ary))
+ {
+ $where_sql .= ' OR ' . $db->sql_in_set('user_id', $admin_ary);
+ }
$sql = 'SELECT user_id, username, user_email, user_lang, user_jabber, user_notify_type
- FROM ' . USERS_TABLE . '
- WHERE ' . $db->sql_in_set('user_id', $admin_ary[0]['a_user']);
+ FROM ' . USERS_TABLE . ' ' .
+ $where_sql;
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@@ -173,7 +180,7 @@ class ucp_profile
$messenger->im($row['user_jabber'], $row['username']);
$messenger->assign_vars(array(
- 'USERNAME' => html_entity_decode($username),
+ 'USERNAME' => html_entity_decode($username, ENT_QUOTES, 'UTF-8'),
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']),
'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user->data['user_id']}&k=$user_actkey")
@@ -202,9 +209,9 @@ class ucp_profile
}
// Need to update config, forum, topic, posting, messages, etc.
- if ($username != $user->data['username'] && $auth->acl_get('u_chgname') && $config['allow_namechange'])
+ if ($data['username'] != $user->data['username'] && $auth->acl_get('u_chgname') && $config['allow_namechange'])
{
- user_update_name($user->data['username'], $username);
+ user_update_name($user->data['username'], $data['username']);
}
meta_refresh(3, $this->u_action);
@@ -222,10 +229,10 @@ class ucp_profile
$template->assign_vars(array(
'ERROR' => (sizeof($error)) ? implode('<br />', $error) : '',
- 'USERNAME' => (isset($username)) ? $username : $user->data['username'],
- 'EMAIL' => (isset($email)) ? $email : $user->data['user_email'],
- 'PASSWORD_CONFIRM' => (isset($password_confirm)) ? $password_confirm : '',
- 'NEW_PASSWORD' => (isset($new_password)) ? $new_password : '',
+ 'USERNAME' => $data['username'],
+ 'EMAIL' => $data['email'],
+ 'PASSWORD_CONFIRM' => $data['password_confirm'],
+ 'NEW_PASSWORD' => $data['new_password'],
'CUR_PASSWORD' => '',
'L_USERNAME_EXPLAIN' => sprintf($user->lang[$user_char_ary[str_replace('\\\\', '\\', $config['allow_name_chars'])] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']),
@@ -246,24 +253,29 @@ class ucp_profile
$cp_data = $cp_error = array();
- if ($submit)
+ $data = array(
+ 'icq' => (string) $user->data['user_icq'],
+ 'aim' => (string) $user->data['user_aim'],
+ 'msn' => (string) $user->data['user_msnm'],
+ 'yim' => (string) $user->data['user_yim'],
+ 'jabber' => (string) $user->data['user_jabber'],
+ 'website' => (string) $user->data['user_website'],
+ 'location' => (string) $user->data['user_from'],
+ 'occupation' => (string) $user->data['user_occ'],
+ 'interests' => (string) $user->data['user_interests'],
+ 'bday_day' => 0,
+ 'bday_month' => 0,
+ 'bday_year' => 0,
+ );
+
+ if ($user->data['user_birthday'])
{
- $var_ary = array(
- 'icq' => (string) '',
- 'aim' => (string) '',
- 'msn' => (string) '',
- 'yim' => (string) '',
- 'jabber' => (string) '',
- 'website' => (string) '',
- 'location' => (string) '',
- 'occupation' => (string) '',
- 'interests' => (string) '',
- 'bday_day' => 0,
- 'bday_month' => 0,
- 'bday_year' => 0,
- );
+ list($data['bday_day'], $data['bday_month'], $data['bday_year']) = explode('-', $user->data['user_birthday']);
+ }
- foreach ($var_ary as $var => $default)
+ if ($submit)
+ {
+ foreach ($data as $var => $default)
{
$data[$var] = (in_array($var, array('location', 'occupation', 'interests'))) ? request_var($var, $default, true) : request_var($var, $default);
}
@@ -290,8 +302,6 @@ class ucp_profile
);
$error = validate_data($data, $var_ary);
- extract($data);
- unset($data);
// validate custom profile fields
$cp->submit_cp_field('profile', $user->get_iso_lang_id(), $cp_data, $cp_error);
@@ -304,16 +314,16 @@ class ucp_profile
if (!sizeof($error))
{
$sql_ary = array(
- 'user_icq' => $icq,
- 'user_aim' => $aim,
- 'user_msnm' => $msn,
- 'user_yim' => $yim,
- 'user_jabber' => $jabber,
- 'user_website' => $website,
- 'user_from' => $location,
- 'user_occ' => $occupation,
- 'user_interests'=> $interests,
- 'user_birthday' => sprintf('%2d-%2d-%4d', $bday_day, $bday_month, $bday_year),
+ 'user_icq' => $data['icq'],
+ 'user_aim' => $data['aim'],
+ 'user_msnm' => $data['msn'],
+ 'user_yim' => $data['yim'],
+ 'user_jabber' => $data['jabber'],
+ 'user_website' => $data['website'],
+ 'user_from' => $data['location'],
+ 'user_occ' => $data['occupation'],
+ 'user_interests'=> $data['interests'],
+ 'user_birthday' => sprintf('%2d-%2d-%4d', $data['bday_day'], $data['bday_month'], $data['bday_year']),
);
$sql = 'UPDATE ' . USERS_TABLE . '
@@ -351,38 +361,26 @@ class ucp_profile
$error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error);
}
- if (!isset($bday_day))
- {
- if ($user->data['user_birthday'])
- {
- list($bday_day, $bday_month, $bday_year) = explode('-', $user->data['user_birthday']);
- }
- else
- {
- $bday_day = $bday_month = $bday_year = 0;
- }
- }
-
- $s_birthday_day_options = '<option value="0"' . ((!$bday_day) ? ' selected="selected"' : '') . '>--</option>';
+ $s_birthday_day_options = '<option value="0"' . ((!$data['bday_day']) ? ' selected="selected"' : '') . '>--</option>';
for ($i = 1; $i < 32; $i++)
{
- $selected = ($i == $bday_day) ? ' selected="selected"' : '';
+ $selected = ($i == $data['bday_day']) ? ' selected="selected"' : '';
$s_birthday_day_options .= "<option value=\"$i\"$selected>$i</option>";
}
- $s_birthday_month_options = '<option value="0"' . ((!$bday_month) ? ' selected="selected"' : '') . '>--</option>';
+ $s_birthday_month_options = '<option value="0"' . ((!$data['bday_month']) ? ' selected="selected"' : '') . '>--</option>';
for ($i = 1; $i < 13; $i++)
{
- $selected = ($i == $bday_month) ? ' selected="selected"' : '';
+ $selected = ($i == $data['bday_month']) ? ' selected="selected"' : '';
$s_birthday_month_options .= "<option value=\"$i\"$selected>$i</option>";
}
$s_birthday_year_options = '';
$now = getdate();
- $s_birthday_year_options = '<option value="0"' . ((!$bday_year) ? ' selected="selected"' : '') . '>--</option>';
+ $s_birthday_year_options = '<option value="0"' . ((!$data['bday_year']) ? ' selected="selected"' : '') . '>--</option>';
for ($i = $now['year'] - 100; $i < $now['year']; $i++)
{
- $selected = ($i == $bday_year) ? ' selected="selected"' : '';
+ $selected = ($i == $data['bday_year']) ? ' selected="selected"' : '';
$s_birthday_year_options .= "<option value=\"$i\"$selected>$i</option>";
}
unset($now);
@@ -390,15 +388,15 @@ class ucp_profile
$template->assign_vars(array(
'ERROR' => (sizeof($error)) ? implode('<br />', $error) : '',
- 'ICQ' => (isset($icq)) ? $icq : $user->data['user_icq'],
- 'YIM' => (isset($yim)) ? $yim : $user->data['user_yim'],
- 'AIM' => (isset($aim)) ? $aim : $user->data['user_aim'],
- 'MSN' => (isset($msn)) ? $msn : $user->data['user_msnm'],
- 'JABBER' => (isset($jabber)) ? $jabber : $user->data['user_jabber'],
- 'WEBSITE' => (isset($website)) ? $website : $user->data['user_website'],
- 'LOCATION' => (isset($location)) ? $location : $user->data['user_from'],
- 'OCCUPATION'=> (isset($occupation)) ? $occupation : $user->data['user_occ'],
- 'INTERESTS' => (isset($interests)) ? $interests : $user->data['user_interests'],
+ 'ICQ' => $data['icq'],
+ 'YIM' => $data['yim'],
+ 'AIM' => $data['aim'],
+ 'MSN' => $data['msn'],
+ 'JABBER' => $data['jabber'],
+ 'WEBSITE' => $data['website'],
+ 'LOCATION' => $data['location'],
+ 'OCCUPATION'=> $data['occupation'],
+ 'INTERESTS' => $data['interests'],
'S_BIRTHDAY_DAY_OPTIONS' => $s_birthday_day_options,
'S_BIRTHDAY_MONTH_OPTIONS' => $s_birthday_month_options,
@@ -607,9 +605,6 @@ class ucp_profile
trigger_error($message);
}
- extract($data);
- unset($data);
-
// Replace "error" strings with their real, localised form
$error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error);
}
@@ -653,8 +648,8 @@ class ucp_profile
$template->assign_vars(array(
'AVATAR' => $avatar_img,
'AVATAR_SIZE' => $config['avatar_filesize'],
- 'WIDTH' => (isset($width)) ? $width : $user->data['user_avatar_width'],
- 'HEIGHT' => (isset($height)) ? $height : $user->data['user_avatar_height'],
+ 'WIDTH' => (isset($data['width'])) ? $data['width'] : $user->data['user_avatar_width'],
+ 'HEIGHT' => (isset($data['height'])) ? $data['height'] : $user->data['user_avatar_height'],
'S_UPLOAD_AVATAR_FILE' => $can_upload,
'S_UPLOAD_AVATAR_URL' => $can_upload,
diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php
index 22f9c86f40..5489e89e0f 100644
--- a/phpBB/includes/ucp/ucp_register.php
+++ b/phpBB/includes/ucp/ucp_register.php
@@ -127,7 +127,7 @@ class ucp_register
{
foreach ($var_ary as $var => $default)
{
- $$var = request_var($var, $default, true);
+ $data[$var] = ($var == 'username') ? request_var($var, $default, true) : request_var($var, $default);
}
}
@@ -136,7 +136,7 @@ class ucp_register
{
foreach ($var_ary as $var => $default)
{
- $data[$var] = request_var($var, $default, true);
+ $data[$var] = ($var == 'username') ? request_var($var, $default, true) : request_var($var, $default);
}
$var_ary = array(
@@ -157,8 +157,6 @@ class ucp_register
);
$error = validate_data($data, $var_ary);
- extract($data);
- unset($data);
// Replace "error" strings with their real, localised form
$error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error);
@@ -197,7 +195,7 @@ class ucp_register
if ($row)
{
- if (strcasecmp($row['code'], $confirm_code) === 0)
+ if (strcasecmp($row['code'], $data['confirm_code']) === 0)
{
$sql = 'DELETE FROM ' . CONFIRM_TABLE . "
WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "'
@@ -221,12 +219,12 @@ class ucp_register
if (!sizeof($error))
{
- if ($new_password != $password_confirm)
+ if ($data['new_password'] != $data['password_confirm'])
{
$error[] = $user->lang['NEW_PASSWORD_ERROR'];
}
- if ($email != $email_confirm)
+ if ($data['email'] != $data['email_confirm'])
{
$error[] = $user->lang['NEW_EMAIL_ERROR'];
}
@@ -262,6 +260,7 @@ class ucp_register
$key_len = 54 - (strlen($server_url));
$key_len = ($key_len < 6) ? 6 : $key_len;
$user_actkey = substr($user_actkey, 0, $key_len);
+
$user_type = USER_INACTIVE;
$user_inactive_reason = INACTIVE_REGISTER;
$user_inactive_time = time();
@@ -275,13 +274,13 @@ class ucp_register
}
$user_row = array(
- 'username' => $username,
- 'user_password' => md5($new_password),
- 'user_email' => $email,
+ 'username' => $data['username'],
+ 'user_password' => md5($data['new_password']),
+ 'user_email' => $data['email'],
'group_id' => (int) $group_id,
- 'user_timezone' => (float) $tz,
+ 'user_timezone' => (float) $data['tz'],
'user_dst' => $is_dst,
- 'user_lang' => $lang,
+ 'user_lang' => $data['lang'],
'user_type' => $user_type,
'user_actkey' => $user_actkey,
'user_ip' => $user->ip,
@@ -326,10 +325,10 @@ class ucp_register
$messenger = new messenger(false);
- $messenger->template($email_template, $lang);
+ $messenger->template($email_template, $data['lang']);
$messenger->replyto($config['board_contact']);
- $messenger->to($email, $username);
+ $messenger->to($data['email'], $data['username']);
$messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']);
$messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']);
@@ -339,7 +338,7 @@ class ucp_register
$messenger->assign_vars(array(
'SITENAME' => $config['sitename'],
'WELCOME_MSG' => sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename']),
- 'USERNAME' => html_entity_decode($username),
+ 'USERNAME' => html_entity_decode($username, ENT_QUOTES, 'UTF-8'),
'PASSWORD' => html_entity_decode($password_confirm),
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']),
@@ -351,7 +350,7 @@ class ucp_register
$messenger->assign_vars(array(
'FAX_INFO' => $config['coppa_fax'],
'MAIL_INFO' => $config['coppa_mail'],
- 'EMAIL_ADDRESS' => $email,
+ 'EMAIL_ADDRESS' => $data['email'],
'SITENAME' => $config['sitename'])
);
}
@@ -385,7 +384,7 @@ class ucp_register
$messenger->im($row['user_jabber'], $row['username']);
$messenger->assign_vars(array(
- 'USERNAME' => html_entity_decode($username),
+ 'USERNAME' => html_entity_decode($username, ENT_QUOTES, 'UTF-8'),
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']),
'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u=$user_id&k=$user_actkey")
@@ -396,7 +395,6 @@ class ucp_register
$db->sql_freeresult($result);
}
}
- unset($data);
$message = $message . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>');
trigger_error($message);
@@ -489,17 +487,17 @@ class ucp_register
$user_char_ary = array('.*' => 'USERNAME_CHARS_ANY', '[\w]+' => 'USERNAME_ALPHA_ONLY', '[\w_\+\. \-\[\]]+' => 'USERNAME_ALPHA_SPACERS');
$pass_char_ary = array('.*' => 'PASS_TYPE_ANY', '[a-zA-Z]' => 'PASS_TYPE_CASE', '[a-zA-Z0-9]' => 'PASS_TYPE_ALPHA', '[a-zA-Z\W]' => 'PASS_TYPE_SYMBOL');
- $lang = (isset($lang)) ? $lang : $config['default_lang'];
- $tz = (isset($tz)) ? $tz : $timezone;
+ $data['lang'] = (isset($data['lang'])) ? $data['lang'] : $config['default_lang'];
+ $data['tz'] = (isset($data['tz'])) ? $data['tz'] : $timezone;
//
$template->assign_vars(array(
'ERROR' => (sizeof($error)) ? implode('<br />', $error) : '',
- 'USERNAME' => (isset($username)) ? $username : '',
- 'PASSWORD' => (isset($new_password)) ? $new_password : '',
- 'PASSWORD_CONFIRM' => (isset($password_confirm)) ? $password_confirm : '',
- 'EMAIL' => (isset($email)) ? $email : '',
- 'EMAIL_CONFIRM' => (isset($email_confirm)) ? $email_confirm : '',
+ 'USERNAME' => (isset($data['username'])) ? $data['username'] : '',
+ 'PASSWORD' => (isset($data['new_password'])) ? $data['new_password'] : '',
+ 'PASSWORD_CONFIRM' => (isset($data['password_confirm'])) ? $data['password_confirm'] : '',
+ 'EMAIL' => (isset($data['email'])) ? $data['email'] : '',
+ 'EMAIL_CONFIRM' => (isset($data['email_confirm'])) ? $data['email_confirm'] : '',
'CONFIRM_IMG' => $confirm_image,
'L_CONFIRM_EXPLAIN' => sprintf($user->lang['CONFIRM_EXPLAIN'], '<a href="mailto:' . htmlentities($config['board_contact']) . '">', '</a>'),
@@ -507,8 +505,8 @@ class ucp_register
'L_USERNAME_EXPLAIN' => sprintf($user->lang[$user_char_ary[str_replace('\\\\', '\\', $config['allow_name_chars'])] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']),
'L_NEW_PASSWORD_EXPLAIN' => sprintf($user->lang[$pass_char_ary[str_replace('\\\\', '\\', $config['pass_complex'])] . '_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']),
- 'S_LANG_OPTIONS' => language_select($lang),
- 'S_TZ_OPTIONS' => tz_select($tz),
+ 'S_LANG_OPTIONS' => language_select($data['lang']),
+ 'S_TZ_OPTIONS' => tz_select($data['tz']),
'S_CONFIRM_CODE' => ($config['enable_confirm']) ? true : false,
'S_COPPA' => $coppa,
'S_HIDDEN_FIELDS' => $s_hidden_fields,
diff --git a/phpBB/includes/ucp/ucp_zebra.php b/phpBB/includes/ucp/ucp_zebra.php
index 5ee28dd443..2548037b10 100644
--- a/phpBB/includes/ucp/ucp_zebra.php
+++ b/phpBB/includes/ucp/ucp_zebra.php
@@ -37,7 +37,7 @@ class ucp_zebra
foreach ($var_ary as $var => $default)
{
- $data[$var] = request_var($var, $default);
+ $data[$var] = request_var($var, $default, true);
}
if ($data['add'])
diff --git a/phpBB/includes/utf/utf_tools.php b/phpBB/includes/utf/utf_tools.php
index cb3e3b69ac..1f9a698163 100644
--- a/phpBB/includes/utf/utf_tools.php
+++ b/phpBB/includes/utf/utf_tools.php
@@ -901,19 +901,19 @@ function utf8_case_fold($text, $option = 'full')
// common is always set
if (!isset($uniarray['c']))
{
- $uniarray['c'] = include_once($phpbb_root_path . 'includes/utf/data/case_fold_c.' . $phpEx);
+ $uniarray['c'] = include($phpbb_root_path . 'includes/utf/data/case_fold_c.' . $phpEx);
}
// only set full if we need to
if ($option === 'full' && !isset($uniarray['f']))
{
- $uniarray['f'] = include_once($phpbb_root_path . 'includes/utf/data/case_fold_f.' . $phpEx);
+ $uniarray['f'] = include($phpbb_root_path . 'includes/utf/data/case_fold_f.' . $phpEx);
}
// only set simple if we need to
if ($option !== 'full' && !isset($uniarray['s']))
{
- $uniarray['s'] = include_once($phpbb_root_path . 'includes/utf/data/case_fold_s.' . $phpEx);
+ $uniarray['s'] = include($phpbb_root_path . 'includes/utf/data/case_fold_s.' . $phpEx);
}
$text = strtr($text, $uniarray['c']);
diff --git a/phpBB/install/install_install.php b/phpBB/install/install_install.php
index 95d3adb9c0..23cec1f29d 100755
--- a/phpBB/install/install_install.php
+++ b/phpBB/install/install_install.php
@@ -404,7 +404,7 @@ class install_install extends module
// Obtain any submitted data
foreach ($this->request_vars as $var)
{
- $$var = request_var($var, '');
+ $$var = ($var == 'admin_name') ? request_var($var, '', true) : request_var($var, '');
}
$connect_test = false;
@@ -546,7 +546,7 @@ class install_install extends module
// Obtain any submitted data
foreach ($this->request_vars as $var)
{
- $$var = request_var($var, '');
+ $$var = ($var == 'admin_name') ? request_var($var, '', true) : request_var($var, '');
}
if ($dbms == '')
@@ -718,7 +718,7 @@ class install_install extends module
// Obtain any submitted data
foreach ($this->request_vars as $var)
{
- $$var = request_var($var, '');
+ $$var = ($var == 'admin_name') ? request_var($var, '', true) : request_var($var, '');
}
if ($dbms == '')
@@ -873,7 +873,7 @@ class install_install extends module
// Obtain any submitted data
foreach ($this->request_vars as $var)
{
- $$var = request_var($var, '');
+ $$var = ($var == 'admin_name') ? request_var($var, '', true) : request_var($var, '');
}
if ($dbms == '')
@@ -957,7 +957,7 @@ class install_install extends module
// Obtain any submitted data
foreach ($this->request_vars as $var)
{
- $$var = request_var($var, '');
+ $$var = ($var == 'admin_name') ? request_var($var, '', true) : request_var($var, '');
}
if ($dbms == '')
@@ -1231,7 +1231,7 @@ class install_install extends module
// Obtain any submitted data
foreach ($this->request_vars as $var)
{
- $$var = request_var($var, '');
+ $$var = ($var == 'admin_name') ? request_var($var, '', true) : request_var($var, '');
}
$dbpasswd = html_entity_decode($dbpasswd);
@@ -1500,7 +1500,7 @@ class install_install extends module
// Obtain any submitted data
foreach ($this->request_vars as $var)
{
- $$var = request_var($var, '');
+ $$var = ($var == 'admin_name') ? request_var($var, '', true) : request_var($var, '');
}
// Fill the config array - it is needed by those functions we call
@@ -1582,7 +1582,7 @@ class install_install extends module
// Obtain any submitted data
foreach ($this->request_vars as $var)
{
- $$var = request_var($var, '');
+ $$var = ($var == 'admin_name') ? request_var($var, '', true) : request_var($var, '');
}
// Load the basic configuration data
diff --git a/phpBB/search.php b/phpBB/search.php
index 73c363bcc6..5418f34c6b 100644
--- a/phpBB/search.php
+++ b/phpBB/search.php
@@ -623,7 +623,7 @@ if ($keywords || $author || $author_id || $search_id || $submit)
// Does this post have an attachment? If so, add it to the list
if ($row['post_attachment'] && $config['allow_attachments'])
{
- $attach_list[] = $row['post_id'];
+ $attach_list[$row['forum_id']][] = $row['post_id'];
}
}
}
@@ -639,25 +639,32 @@ if ($keywords || $author || $author_id || $search_id || $submit)
// Pull attachment data
if (sizeof($attach_list))
{
- if ($auth->acl_get('u_download') && $auth->acl_get('f_download', $forum_id))
+ $use_attach_list = $attach_list;
+ $attach_list = array();
+
+ foreach ($use_attach_list as $forum_id => $_list)
{
- $sql = 'SELECT *
- FROM ' . ATTACHMENTS_TABLE . '
- WHERE ' . $db->sql_in_set('post_msg_id', $attach_list) . '
- AND in_message = 0
- ORDER BY filetime ' . ((!$config['display_order']) ? 'DESC' : 'ASC') . ', post_msg_id ASC';
- $result = $db->sql_query($sql);
-
- while ($row = $db->sql_fetchrow($result))
+ if ($auth->acl_get('u_download') && $auth->acl_get('f_download', $forum_id))
{
- $attachments[$row['post_msg_id']][] = $row;
+ $attach_list = array_merge($attach_list, $_list);
}
- $db->sql_freeresult($result);
}
- else
+ }
+
+ if (sizeof($attach_list))
+ {
+ $sql = 'SELECT *
+ FROM ' . ATTACHMENTS_TABLE . '
+ WHERE ' . $db->sql_in_set('post_msg_id', $attach_list) . '
+ AND in_message = 0
+ ORDER BY filetime ' . ((!$config['display_order']) ? 'DESC' : 'ASC') . ', post_msg_id ASC';
+ $result = $db->sql_query($sql);
+
+ while ($row = $db->sql_fetchrow($result))
{
- $display_notice = true;
+ $attachments[$row['post_msg_id']][] = $row;
}
+ $db->sql_freeresult($result);
}
}
diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php
index ba090f10a2..4275938548 100644
--- a/phpBB/viewtopic.php
+++ b/phpBB/viewtopic.php
@@ -16,6 +16,7 @@ $phpbb_root_path = './';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);
include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
+include($phpbb_root_path . 'includes/bbcode.' . $phpEx);
// Start session management
$user->session_begin();
@@ -726,7 +727,6 @@ if (!empty($topic_data['poll_start']))
if ($poll_info[0]['bbcode_bitfield'])
{
- include_once($phpbb_root_path . 'includes/bbcode.' . $phpEx);
$poll_bbcode = new bbcode();
}
else
@@ -1227,7 +1227,6 @@ if (sizeof($attach_list))
// Instantiate BBCode if need be
if ($bbcode_bitfield !== '')
{
- include_once($phpbb_root_path . 'includes/bbcode.' . $phpEx);
$bbcode = new bbcode(base64_encode($bbcode_bitfield));
}
generated by cgit v1.2.1 (git 2.21.0) at 2025-03-20 23:46:16 +0000