From 3cb990df4d8d8d09b46a16918e10c6ba2d0fde19 Mon Sep 17 00:00:00 2001
From: Henry Sudhof <kellanved@phpbb.com>
Date: Fri, 29 Jun 2007 13:37:21 +0000
Subject: #12461

git-svn-id: file:///svn/phpbb/trunk@7809 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/includes/acp/acp_bots.php      | 67 ++++++++++++++++++++++++++++++++----
 phpBB/includes/acp/acp_icons.php     |  6 ++--
 phpBB/includes/functions_convert.php |  2 +-
 3 files changed, 64 insertions(+), 11 deletions(-)

(limited to 'phpBB/includes')

diff --git a/phpBB/includes/acp/acp_bots.php b/phpBB/includes/acp/acp_bots.php
index 3c7fe9f1f3..d75a29b748 100644
--- a/phpBB/includes/acp/acp_bots.php
+++ b/phpBB/includes/acp/acp_bots.php
@@ -162,7 +162,32 @@ class acp_bots
 					{
 						$error[] = $user->lang['ERR_BOT_AGENT_MATCHES_UA'];
 					}
+					
+					$bot_name = false;
+					if ($bot_id)
+					{
+						$sql = 'SELECT u.username_clean
+							FROM ' . BOTS_TABLE . ' b, ' . USERS_TABLE . " u
+							WHERE b.bot_id = $bot_id
+								AND u.user_id = b.user_id";
+						$result = $db->sql_query($sql);
+						$row = $db->sql_fetchrow($result);
+						$db->sql_freeresult($result);
 
+						if (!$bot_row)
+						{
+							$error[] = $user->lang['NO_BOT'];
+						}
+						else
+						{
+							$bot_name = $row['username_clean'];
+						}
+					}
+					if (!$this->validate_botname($bot_row['bot_name'], $bot_name))
+					{
+						$error[] = $user->lang['BOT_NAME_TAKEN'];
+					}
+					
 					if (!sizeof($error))
 					{
 						// New bot? Create a new user and group entry
@@ -180,6 +205,7 @@ class acp_bots
 							{
 								trigger_error($user->lang['NO_BOT_GROUP'] . adm_back_link($this->u_action . "&amp;id=$bot_id&amp;action=$action"), E_USER_WARNING);
 							}
+						
 
 							$user_id = user_add(array(
 								'user_type'				=> (int) USER_IGNORE, 
@@ -193,7 +219,7 @@ class acp_bots
 								'user_style'			=> (int) $bot_row['bot_style'],
 								'user_allow_massemail'	=> 0,
 							));
-
+	
 							$sql = 'INSERT INTO ' . BOTS_TABLE . ' ' . $db->sql_build_array('INSERT', array(
 								'user_id'		=> (int) $user_id,
 								'bot_name'		=> (string) $bot_row['bot_name'], 
@@ -202,7 +228,7 @@ class acp_bots
 								'bot_ip'		=> (string) $bot_row['bot_ip'])
 							);
 							$db->sql_query($sql);
-
+	
 							$log = 'ADDED';
 						}
 						else if ($bot_id)
@@ -249,11 +275,13 @@ class acp_bots
 
 							$log = 'UPDATED';
 						}
-
-						$cache->destroy('_bots');
-
-						add_log('admin', 'LOG_BOT_' . $log, $bot_row['bot_name']);
-						trigger_error($user->lang['BOT_' . $log] . adm_back_link($this->u_action . "&amp;id=$bot_id&amp;action=$action"));
+						if ($bot_id)
+						{
+							$cache->destroy('_bots');
+	
+							add_log('admin', 'LOG_BOT_' . $log, $bot_row['bot_name']);
+							trigger_error($user->lang['BOT_' . $log] . adm_back_link($this->u_action . "&amp;id=$bot_id&amp;action=$action"));
+						}
 					}
 				}
 				else if ($bot_id)
@@ -348,6 +376,31 @@ class acp_bots
 		}
 		$db->sql_freeresult($result);
 	}
+	
+	function validate_botname($newname, $oldname = false)
+	{
+		global $db;
+		if ($oldname && utf8_clean_string($newname) === $oldname)
+		{
+			return true;
+		}
+		 // Admins might want to use names otherwise forbidden, thus we only check for duplicates.
+		$sql = 'SELECT username
+			FROM ' . USERS_TABLE . "
+			WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($newname)) . "'";
+		$result = $db->sql_query($sql);
+		$row = $db->sql_fetchrow($result);
+		$db->sql_freeresult($result);
+		
+		if ($row)
+		{
+			return false;
+		}
+		else
+		{
+			return true;
+		}
+	}
 }
 
 ?>
\ No newline at end of file
diff --git a/phpBB/includes/acp/acp_icons.php b/phpBB/includes/acp/acp_icons.php
index 66bc377490..ebf058850f 100644
--- a/phpBB/includes/acp/acp_icons.php
+++ b/phpBB/includes/acp/acp_icons.php
@@ -276,14 +276,14 @@ class acp_icons
 				$image_height	= (isset($_POST['height'])) ? request_var('height', array('' => 0)) : array();
 				$image_add		= (isset($_POST['add_img'])) ? request_var('add_img', array('' => 0)) : array();
 				$image_emotion	= request_var('emotion', array('' => ''), true);
-				$image_code		= request_var('code', array('' => ''));
+				$image_code		= request_var('code', array('' => ''), true);
 				$image_display_on_posting = (isset($_POST['display_on_posting'])) ? request_var('display_on_posting', array('' => 0)) : array();
 
 				// Ok, add the relevant bits if we are adding new codes to existing emoticons...
 				if (!empty($_POST['add_additional_code']))
 				{
 					$add_image			= request_var('add_image', '');
-					$add_code			= request_var('add_code', '');
+					$add_code			= request_var('add_code', '', true);
 					$add_emotion		= request_var('add_emotion', '', true);
 
 					if ($add_image && $add_emotion && $add_code)
@@ -336,7 +336,7 @@ class acp_icons
 						}
 
 						// Image_order holds the 'new' order value
-						if (!empty($image_order[$image]))
+						if (!empty($image_order[$image]) && !empty($$image_id[$image]))
 						{
 							$img_sql = array_merge($img_sql, array(
 								$fields . '_order'	=>	$image_order[$image])
diff --git a/phpBB/includes/functions_convert.php b/phpBB/includes/functions_convert.php
index 0aa3c205f5..4037fb4872 100644
--- a/phpBB/includes/functions_convert.php
+++ b/phpBB/includes/functions_convert.php
@@ -227,7 +227,7 @@ function validate_website($url)
 	if ($url === 'http://'){
 		return '';
 	}
-	else if (strstr('http://', $url) !== 0)
+	else if (strpos(strtolower($url), 'http://') !== 0)
 	{
 		return 'http://' . $url;
 	}
-- 
cgit v1.2.1