mirror of
https://github.com/phpbb/phpbb.git
synced 2025-08-06 08:47:45 +02:00
ok... i hope i haven't messed too much with the code and everything is still working.
Changes:
- Ascraeus now uses constants for the phpbb root path and the php extension. This ensures more security for external applications and modifications (no more overwriting of root path and extension possible through insecure mods and register globals enabled) as well as no more globalizing needed.
- A second change implemented here is an additional short-hand-notation for append_sid(). It is allowed to omit the root path and extension now (for example calling append_sid('memberlist')) - in this case the root path and extension get added automatically. The hook is called after these are added.
git-svn-id: file:///svn/phpbb/trunk@8572 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen
@@ -33,8 +33,7 @@ class mcp_warn
|
||||
|
||||
function main($id, $mode)
|
||||
{
|
||||
global $auth, $db, $user, $template;
|
||||
global $config, $phpbb_root_path, $phpEx;
|
||||
global $auth, $db, $user, $template, $config;
|
||||
|
||||
$action = request_var('action', array('' => ''));
|
||||
|
||||
@@ -76,12 +75,11 @@ class mcp_warn
|
||||
*/
|
||||
function mcp_warn_front_view()
|
||||
{
|
||||
global $phpEx, $phpbb_root_path, $config;
|
||||
global $template, $db, $user, $auth;
|
||||
global $template, $db, $user, $auth, $config;
|
||||
|
||||
$template->assign_vars(array(
|
||||
'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=mcp&field=username&select_single=true'),
|
||||
'U_POST_ACTION' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=warn&mode=warn_user'),
|
||||
'U_FIND_USERNAME' => append_sid('memberlist', 'mode=searchuser&form=mcp&field=username&select_single=true'),
|
||||
'U_POST_ACTION' => append_sid('mcp', 'i=warn&mode=warn_user'),
|
||||
));
|
||||
|
||||
// Obtain a list of the 5 naughtiest users....
|
||||
@@ -94,12 +92,12 @@ class mcp_warn
|
||||
foreach ($highest as $row)
|
||||
{
|
||||
$template->assign_block_vars('highest', array(
|
||||
'U_NOTES' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes&u=' . $row['user_id']),
|
||||
'U_NOTES' => append_sid('mcp', 'i=notes&mode=user_notes&u=' . $row['user_id']),
|
||||
|
||||
'USERNAME_FULL' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']),
|
||||
'USERNAME' => $row['username'],
|
||||
'USERNAME_COLOUR' => ($row['user_colour']) ? '#' . $row['user_colour'] : '',
|
||||
'U_USER' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['user_id']),
|
||||
'U_USER' => append_sid('memberlist', 'mode=viewprofile&u=' . $row['user_id']),
|
||||
|
||||
'WARNING_TIME' => $user->format_date($row['user_last_warning']),
|
||||
'WARNINGS' => $row['user_warnings'],
|
||||
@@ -116,12 +114,12 @@ class mcp_warn
|
||||
while ($row = $db->sql_fetchrow($result))
|
||||
{
|
||||
$template->assign_block_vars('latest', array(
|
||||
'U_NOTES' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes&u=' . $row['user_id']),
|
||||
'U_NOTES' => append_sid('mcp', 'i=notes&mode=user_notes&u=' . $row['user_id']),
|
||||
|
||||
'USERNAME_FULL' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']),
|
||||
'USERNAME' => $row['username'],
|
||||
'USERNAME_COLOUR' => ($row['user_colour']) ? '#' . $row['user_colour'] : '',
|
||||
'U_USER' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['user_id']),
|
||||
'U_USER' => append_sid('memberlist', 'mode=viewprofile&u=' . $row['user_id']),
|
||||
|
||||
'WARNING_TIME' => $user->format_date($row['warning_time']),
|
||||
'WARNINGS' => $row['user_warnings'],
|
||||
@@ -135,8 +133,7 @@ class mcp_warn
|
||||
*/
|
||||
function mcp_warn_list_view($action)
|
||||
{
|
||||
global $phpEx, $phpbb_root_path, $config;
|
||||
global $template, $db, $user, $auth;
|
||||
global $template, $db, $user, $auth, $config;
|
||||
|
||||
$user->add_lang('memberlist');
|
||||
|
||||
@@ -164,12 +161,12 @@ class mcp_warn
|
||||
foreach ($users as $row)
|
||||
{
|
||||
$template->assign_block_vars('user', array(
|
||||
'U_NOTES' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes&u=' . $row['user_id']),
|
||||
'U_NOTES' => append_sid('mcp', 'i=notes&mode=user_notes&u=' . $row['user_id']),
|
||||
|
||||
'USERNAME_FULL' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']),
|
||||
'USERNAME' => $row['username'],
|
||||
'USERNAME_COLOUR' => ($row['user_colour']) ? '#' . $row['user_colour'] : '',
|
||||
'U_USER' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u=' . $row['user_id']),
|
||||
'U_USER' => append_sid('memberlist', 'mode=viewprofile&u=' . $row['user_id']),
|
||||
|
||||
'WARNING_TIME' => $user->format_date($row['user_last_warning']),
|
||||
'WARNINGS' => $row['user_warnings'],
|
||||
@@ -184,7 +181,7 @@ class mcp_warn
|
||||
'S_SELECT_SORT_DAYS' => $s_limit_days,
|
||||
|
||||
'PAGE_NUMBER' => on_page($user_count, $config['topics_per_page'], $start),
|
||||
'PAGINATION' => generate_pagination(append_sid("{$phpbb_root_path}mcp.$phpEx", "i=warn&mode=list&st=$st&sk=$sk&sd=$sd"), $user_count, $config['topics_per_page'], $start),
|
||||
'PAGINATION' => generate_pagination(append_sid('mcp', "i=warn&mode=list&st=$st&sk=$sk&sd=$sd"), $user_count, $config['topics_per_page'], $start),
|
||||
'TOTAL_USERS' => ($user_count == 1) ? $user->lang['LIST_USER'] : sprintf($user->lang['LIST_USERS'], $user_count),
|
||||
));
|
||||
}
|
||||
@@ -194,8 +191,7 @@ class mcp_warn
|
||||
*/
|
||||
function mcp_warn_post_view($action)
|
||||
{
|
||||
global $phpEx, $phpbb_root_path, $config;
|
||||
global $template, $db, $user, $auth;
|
||||
global $template, $db, $user, $auth, $config;
|
||||
|
||||
$post_id = request_var('p', 0);
|
||||
$forum_id = request_var('f', 0);
|
||||
@@ -260,7 +256,7 @@ class mcp_warn
|
||||
{
|
||||
$msg = $user->lang['FORM_INVALID'];
|
||||
}
|
||||
$redirect = append_sid("{$phpbb_root_path}mcp.$phpEx", "i=notes&mode=user_notes&u=$user_id");
|
||||
$redirect = append_sid('mcp', "i=notes&mode=user_notes&u=$user_id");
|
||||
meta_refresh(2, $redirect);
|
||||
trigger_error($user->lang['USER_WARNING_ADDED'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>'));
|
||||
}
|
||||
@@ -274,7 +270,7 @@ class mcp_warn
|
||||
// Second parse bbcode here
|
||||
if ($user_row['bbcode_bitfield'])
|
||||
{
|
||||
include_once($phpbb_root_path . 'includes/bbcode.' . $phpEx);
|
||||
include_once(PHPBB_ROOT_PATH . 'includes/bbcode.' . PHP_EXT);
|
||||
|
||||
$bbcode = new bbcode($user_row['bbcode_bitfield']);
|
||||
$bbcode->bbcode_second_pass($message, $user_row['bbcode_uid'], $user_row['bbcode_bitfield']);
|
||||
@@ -286,7 +282,7 @@ class mcp_warn
|
||||
// Generate the appropriate user information for the user we are looking at
|
||||
if (!function_exists('get_user_avatar'))
|
||||
{
|
||||
include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
|
||||
include(PHPBB_ROOT_PATH . 'includes/functions_display.' . PHP_EXT);
|
||||
}
|
||||
|
||||
$rank_title = $rank_img = '';
|
||||
@@ -306,7 +302,7 @@ class mcp_warn
|
||||
'AVATAR_IMG' => $avatar_img,
|
||||
'RANK_IMG' => $rank_img,
|
||||
|
||||
'L_WARNING_POST_DEFAULT' => sprintf($user->lang['WARNING_POST_DEFAULT'], generate_board_url() . "/viewtopic.$phpEx?f=$forum_id&p=$post_id#p$post_id"),
|
||||
'L_WARNING_POST_DEFAULT' => sprintf($user->lang['WARNING_POST_DEFAULT'], generate_board_url() . '/viewtopic.' . PHP_EXT . "?f=$forum_id&p=$post_id#p$post_id"),
|
||||
));
|
||||
}
|
||||
|
||||
@@ -315,7 +311,7 @@ class mcp_warn
|
||||
*/
|
||||
function mcp_warn_user_view($action)
|
||||
{
|
||||
global $phpEx, $phpbb_root_path, $config, $module;
|
||||
global $config, $module;
|
||||
global $template, $db, $user, $auth;
|
||||
|
||||
$user_id = request_var('u', 0);
|
||||
@@ -362,7 +358,7 @@ class mcp_warn
|
||||
{
|
||||
$msg = $user->lang['FORM_INVALID'];
|
||||
}
|
||||
$redirect = append_sid("{$phpbb_root_path}mcp.$phpEx", "i=notes&mode=user_notes&u=$user_id");
|
||||
$redirect = append_sid('mcp', "i=notes&mode=user_notes&u=$user_id");
|
||||
meta_refresh(2, $redirect);
|
||||
trigger_error($msg . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>'));
|
||||
}
|
||||
@@ -370,7 +366,7 @@ class mcp_warn
|
||||
// Generate the appropriate user information for the user we are looking at
|
||||
if (!function_exists('get_user_avatar'))
|
||||
{
|
||||
include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
|
||||
include(PHPBB_ROOT_PATH . 'includes/functions_display.' . PHP_EXT);
|
||||
}
|
||||
|
||||
$rank_title = $rank_img = '';
|
||||
@@ -400,16 +396,15 @@ class mcp_warn
|
||||
*/
|
||||
function add_warning($user_row, $warning, $send_pm = true, $post_id = 0)
|
||||
{
|
||||
global $phpEx, $phpbb_root_path, $config;
|
||||
global $template, $db, $user, $auth;
|
||||
global $template, $db, $user, $auth, $config;
|
||||
|
||||
if ($send_pm)
|
||||
{
|
||||
include_once($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx);
|
||||
include_once($phpbb_root_path . 'includes/message_parser.' . $phpEx);
|
||||
include_once(PHPBB_ROOT_PATH . 'includes/functions_privmsgs.' . PHP_EXT);
|
||||
include_once(PHPBB_ROOT_PATH . 'includes/message_parser.' . PHP_EXT);
|
||||
|
||||
$user_row['user_lang'] = (file_exists($phpbb_root_path . 'language/' . $user_row['user_lang'] . "/mcp.$phpEx")) ? $user_row['user_lang'] : $config['default_lang'];
|
||||
include($phpbb_root_path . 'language/' . basename($user_row['user_lang']) . "/mcp.$phpEx");
|
||||
$user_row['user_lang'] = (file_exists(PHPBB_ROOT_PATH . 'language/' . $user_row['user_lang'] . '/mcp.' . PHP_EXT)) ? $user_row['user_lang'] : $config['default_lang'];
|
||||
include(PHPBB_ROOT_PATH . 'language/' . basename($user_row['user_lang']) . '/mcp.' . PHP_EXT);
|
||||
|
||||
$message_parser = new parse_message();
|
||||
|
||||
|
||||
Reference in New Issue
Block a user