Some issues with change_lang and VC / form tokens

Small stuff.

#18325
#17415
#17085
#16515


git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8291 89ea8834-ac86-4346-8a33-228a782c2dd0

phpBB/adm/index.php

@@ -45,8 +45,8 @@ define('IN_ADMIN', true);
 $phpbb_admin_path = (defined('PHPBB_ADMIN_PATH')) ? PHPBB_ADMIN_PATH : './';
 
 // Some oft used variables
-$safe_mode		= (@ini_get('safe_mode') || @strtolower(ini_get('safe_mode')) == 'on') ? true : false;
-$file_uploads	= (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on') ? true : false;
+$safe_mode		= (@ini_get('safe_mode') === '1' || @strtolower(ini_get('safe_mode')) === 'on') ? true : false;
+$file_uploads	= (@ini_get('file_uploads') === '1' || strtolower(@ini_get('file_uploads')) === 'on') ? true : false;
 $module_id		= request_var('i', '');
 $mode			= request_var('mode', '');
 

phpBB/includes/functions_profile_fields.php

@@ -666,7 +666,7 @@ class custom_profile
 		}
 
 		$profile_row['s_year_options'] = '<option value="0"' . ((!$year) ? ' selected="selected"' : '') . '>--</option>';
-		for ($i = $now['year'] - 100; $i <= $now['year']; $i++)
+		for ($i = $now['year'] - 100; $i <= $now['year'] + 100; $i++)
 		{
 			$profile_row['s_year_options'] .= '<option value="' . $i . '"' . (($i == $year) ? ' selected="selected"' : '') . ">$i</option>";
 		}

phpBB/includes/ucp/ucp_register.php

@@ -46,8 +46,8 @@ class ucp_register
 
 
 		// not so fast, buddy
-		if (($submit && !check_form_key('ucp_register', false, '', false, $config['min_time_reg']))
-			|| (!$submit && !check_form_key('ucp_register_terms', false, '', false, $config['min_time_terms'])))
+		if (!check_form_key('ucp_register', false, '', false, $config['min_time_reg'])
+			&& !check_form_key('ucp_register_terms', false, '', false, $config['min_time_terms']))
 		{
 			$agreed = false;
 		}
@@ -103,12 +103,13 @@ class ucp_register
 			// If we change the language, we want to pass on some more possible parameter.
 			if ($change_lang)
 			{
-				// We do not include the password!
+				// We do not include the password and not the captcha
 				$s_hidden_fields = array_merge($s_hidden_fields, array(
 					'username'			=> utf8_normalize_nfc(request_var('username', '', true)),
 					'email'				=> strtolower(request_var('email', '')),
 					'email_confirm'		=> strtolower(request_var('email_confirm', '')),
 					'confirm_code'		=> request_var('confirm_code', ''),
+					'confirm_id'		=> request_var('confirm_id', ''),
 					'lang'				=> $user->lang_name,
 					'tz'				=> request_var('tz', (float) $config['board_timezone']),
 				));
@@ -451,13 +452,32 @@ class ucp_register
 		$confirm_image = '';
 
 		// Visual Confirmation - Show images
+
 		if ($config['enable_confirm'])
 		{
-			$str = '';
-			if (!$change_lang)
+			if ($change_lang)
+			{
+				$str = '&change_lang=' . $change_lang;
+				$sql = 'SELECT code
+						FROM ' . CONFIRM_TABLE . "
+						WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "'
+							AND session_id = '" . $db->sql_escape($user->session_id) . "'
+							AND confirm_type = " . CONFIRM_REG;
+				$result = $db->sql_query($sql);
+				if (!$row = $db->sql_fetchrow($result))
+				{
+					$confirm_id = '';
+				}
+				$db->sql_freeresult($result);
+			}
+			else
+			{
+				$str = '';
+			}
+			if (!$change_lang || !$confirm_id)
 			{
 				$user->confirm_gc(CONFIRM_REG);
-				
+					
 				$sql = 'SELECT COUNT(session_id) AS attempts
 					FROM ' . CONFIRM_TABLE . "
 					WHERE session_id = '" . $db->sql_escape($user->session_id) . "'
@@ -487,11 +507,6 @@ class ucp_register
 				);
 				$db->sql_query($sql);
 			}
-			else
-			{
-				$str .= '&change_lang=' . $change_lang;
-			}
-
 			$confirm_image = '<img src="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=confirm&amp;id=' . $confirm_id . '&amp;type=' . CONFIRM_REG . $str) . '" alt="" title="" />';
 			$s_hidden_fields .= '<input type="hidden" name="confirm_id" value="' . $confirm_id . '" />';
 		}