From 548cc2c10b56cc9e5c71c2f87356947939abe888 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Wed, 15 Nov 2006 15:35:50 +0000 Subject: - fixes for the following bugs: #5326 #5318 #5304 #5290 #5288 #5278 #5276 #5272 #5266 - also fixed the "Call-time pass-by-reference" bug #5252 - within this step changed the normalize calls to require references. - added captcha size variables to the class scope (suggestion was posted at area51) git-svn-id: file:///svn/phpbb/trunk@6584 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/posting.php | 24 +++++++++--------------- 1 file changed, 9 insertions(+), 15 deletions(-) (limited to 'phpBB/posting.php') diff --git a/phpBB/posting.php b/phpBB/posting.php index d2d9ef0e27..64f99c6a7c 100644 --- a/phpBB/posting.php +++ b/phpBB/posting.php @@ -445,12 +445,10 @@ $quote_status = ($auth->acl_get('f_reply', $forum_id)) ? true : false; // Save Draft if ($save && $user->data['is_registered'] && $auth->acl_get('u_savedrafts')) { - $subject = request_var('subject', '', true); + $subject = utf8_normalize_nfc(request_var('subject', '', true)); $subject = (!$subject && $mode != 'post') ? $post_data['topic_title'] : $subject; - $message = request_var('message', '', true); + $message = utf8_normalize_nfc(request_var('message', '', true)); - utf8_normalize_nfc(array(&$subject, &$message)); - if ($subject && $message) { if (confirm_box(true)) @@ -528,15 +526,13 @@ $solved_captcha = false; if ($submit || $preview || $refresh) { - $post_data['topic_cur_post_id'] = request_var('topic_cur_post_id', 0); - $post_data['post_subject'] = request_var('subject', '', true); - $message_parser->message = request_var('message', '', true); + $post_data['topic_cur_post_id'] = request_var('topic_cur_post_id', 0); + $post_data['post_subject'] = utf8_normalize_nfc(request_var('subject', '', true)); + $message_parser->message = utf8_normalize_nfc(request_var('message', '', true)); - $post_data['username'] = request_var('username', $post_data['username'], true); - $post_data['post_edit_reason'] = (!empty($_POST['edit_reason']) && $mode == 'edit' && $auth->acl_get('m_edit', $forum_id)) ? request_var('edit_reason', '', true) : ''; + $post_data['username'] = utf8_normalize_nfc(request_var('username', $post_data['username'], true)); + $post_data['post_edit_reason'] = (!empty($_POST['edit_reason']) && $mode == 'edit' && $auth->acl_get('m_edit', $forum_id)) ? utf8_normalize_nfc(request_var('edit_reason', '', true)) : ''; - utf8_normalize_nfc(array(&$post_data['post_subject'], &$message_parser->message, &$post_data['username'], &$post_data['post_edit_reason'])); - $post_data['topic_type'] = request_var('topic_type', (($mode != 'post') ? (int) $post_data['topic_type'] : POST_NORMAL)); $post_data['topic_time_limit'] = request_var('topic_time_limit', (($mode != 'post') ? (int) $post_data['topic_time_limit'] : 0)); $post_data['icon_id'] = request_var('icon', 0); @@ -603,13 +599,11 @@ if ($submit || $preview || $refresh) } else { - $post_data['poll_title'] = request_var('poll_title', '', true); + $post_data['poll_title'] = utf8_normalize_nfc(request_var('poll_title', '', true)); $post_data['poll_length'] = request_var('poll_length', 0); - $post_data['poll_option_text'] = request_var('poll_option_text', '', true); + $post_data['poll_option_text'] = utf8_normalize_nfc(request_var('poll_option_text', '', true)); $post_data['poll_max_options'] = request_var('poll_max_options', 1); $post_data['poll_vote_change'] = ($auth->acl_get('f_votechg', $forum_id) && isset($_POST['poll_vote_change'])) ? 1 : 0; - - utf8_normalize_nfc(array(&$post_data['poll_title'], &$post_data['poll_option_text'])); } // If replying/quoting and last post id has changed -- cgit v1.2.1 From e264a62b731d29389ba0a4a3548070e259e373c0 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Sat, 18 Nov 2006 16:27:35 +0000 Subject: - a handful of mcp fixed, the most important one is the change for check_ids() - it is now supporting ids from more than one forum too, making it possible to use some mcp features as designed initially. We really need to get our moderator team testing the mcp extensively. - fixed some other tiny glitches - if a forum category with subforums get changed to a link type forum give options of what to do with the subforums (#5334) - other bugfixes git-svn-id: file:///svn/phpbb/trunk@6601 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/posting.php | 48 +++++++++++++++++++++++++++--------------------- 1 file changed, 27 insertions(+), 21 deletions(-) (limited to 'phpBB/posting.php') diff --git a/phpBB/posting.php b/phpBB/posting.php index 64f99c6a7c..72151470d4 100644 --- a/phpBB/posting.php +++ b/phpBB/posting.php @@ -1117,7 +1117,7 @@ generate_forum_nav($post_data); // Build Forum Rules generate_forum_rules($post_data); -if ($config['enable_post_confirm'] && !$user->data['is_registered'] && ($mode == 'post' || $mode == 'reply' || $mode == 'quote')) +if ($config['enable_post_confirm'] && !$user->data['is_registered'] && $solved_captcha === false && ($mode == 'post' || $mode == 'reply' || $mode == 'quote')) { // Show confirm image $sql = 'DELETE FROM ' . CONFIRM_TABLE . " @@ -1126,32 +1126,38 @@ if ($config['enable_post_confirm'] && !$user->data['is_registered'] && ($mode == $db->sql_query($sql); // Generate code - if ($solved_captcha === false) - { - $code = gen_rand_string(mt_rand(5, 8)); - $confirm_id = md5(unique_id($user->ip)); - - $sql = 'INSERT INTO ' . CONFIRM_TABLE . ' ' . $db->sql_build_array('INSERT', array( - 'confirm_id' => (string) $confirm_id, - 'session_id' => (string) $user->session_id, - 'confirm_type' => (int) CONFIRM_POST, - 'code' => (string) $code) - ); - $db->sql_query($sql); + $code = gen_rand_string(mt_rand(5, 8)); + $confirm_id = md5(unique_id($user->ip)); + + $sql = 'INSERT INTO ' . CONFIRM_TABLE . ' ' . $db->sql_build_array('INSERT', array( + 'confirm_id' => (string) $confirm_id, + 'session_id' => (string) $user->session_id, + 'confirm_type' => (int) CONFIRM_POST, + 'code' => (string) $code) + ); + $db->sql_query($sql); - $template->assign_vars(array( - 'S_CONFIRM_CODE' => true, - 'CONFIRM_ID' => $confirm_id, - 'CONFIRM_IMAGE' => '', - 'L_POST_CONFIRM_EXPLAIN' => sprintf($user->lang['POST_CONFIRM_EXPLAIN'], '', ''), - )); - } + $template->assign_vars(array( + 'S_CONFIRM_CODE' => true, + 'CONFIRM_ID' => $confirm_id, + 'CONFIRM_IMAGE' => '', + 'L_POST_CONFIRM_EXPLAIN' => sprintf($user->lang['POST_CONFIRM_EXPLAIN'], '', ''), + )); } $s_hidden_fields = ($mode == 'reply' || $mode == 'quote') ? '' : ''; $s_hidden_fields .= ''; $s_hidden_fields .= ($draft_id || isset($_REQUEST['draft_loaded'])) ? '' : ''; +// Add the confirm id/code pair to the hidden fields, else an error is displayed on next submit/preview +if ($solved_captcha !== false) +{ + $s_hidden_fields .= build_hidden_fields(array( + 'confirm_id' => request_var('confirm_id', ''), + 'confirm_code' => request_var('confirm_code', '')) + ); +} + $form_enctype = (@ini_get('file_uploads') == '0' || strtolower(@ini_get('file_uploads')) == 'off' || @ini_get('file_uploads') == '0' || !$config['allow_attachments'] || !$auth->acl_get('u_attach') || !$auth->acl_get('f_attach', $forum_id)) ? '' : ' enctype="multipart/form-data"'; // Start assigning vars for main posting page ... @@ -1178,7 +1184,7 @@ $template->assign_vars(array( 'TOPIC_TIME_LIMIT' => (int) $post_data['topic_time_limit'], 'EDIT_REASON' => $post_data['post_edit_reason'], 'U_VIEW_FORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", "f=$forum_id"), - 'U_VIEWTOPIC' => ($mode != 'post') ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&t=$topic_id") : '', + 'U_VIEW_TOPIC' => ($mode != 'post') ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&t=$topic_id") : '', 'U_PROGRESS_BAR' => append_sid("{$phpbb_root_path}posting.$phpEx", "f=$forum_id&mode=popup"), 'UA_PROGRESS_BAR' => append_sid("{$phpbb_root_path}posting.$phpEx", "f=$forum_id&mode=popup", false), -- cgit v1.2.1 From 2774981b2ddcf0e6c7076a0371a4b8941199dec8 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Mon, 20 Nov 2006 16:40:44 +0000 Subject: fix for bug #5490 - make sure bots are catched by the posting auth too. git-svn-id: file:///svn/phpbb/trunk@6619 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/posting.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/posting.php') diff --git a/phpBB/posting.php b/phpBB/posting.php index 72151470d4..7b2695cefa 100644 --- a/phpBB/posting.php +++ b/phpBB/posting.php @@ -163,7 +163,7 @@ if ($post_data['forum_password']) // Is the user able to read within this forum? if (!$auth->acl_get('f_read', $forum_id)) { - if ($user->data['is_registered']) + if ($user->data['user_id'] != ANONYMOUS) { trigger_error('USER_CANNOT_READ'); } -- cgit v1.2.1 From ab9ec8064acb25d09d6d0edb93ecbe3b59541010 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Tue, 21 Nov 2006 18:15:53 +0000 Subject: - fixing a bunch of bugs - moved the install trigger error to sessions and also disabled it for those having DEBUG_EXTRA enabled. i hope not having introduced too many new bugs. git-svn-id: file:///svn/phpbb/trunk@6628 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/posting.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/posting.php') diff --git a/phpBB/posting.php b/phpBB/posting.php index 7b2695cefa..654db73a61 100644 --- a/phpBB/posting.php +++ b/phpBB/posting.php @@ -370,7 +370,7 @@ if ($post_data['post_attachment'] && !$submit && !$refresh && !$preview && $mode WHERE post_msg_id = $post_id AND in_message = 0 AND is_orphan = 0 - ORDER BY filetime " . ((!$config['display_order']) ? 'DESC' : 'ASC'); + ORDER BY filetime DESC"; $result = $db->sql_query($sql); $message_parser->attachment_data = array_merge($message_parser->attachment_data, $db->sql_fetchrowset($result)); $db->sql_freeresult($result); -- cgit v1.2.1