mirror of
https://github.com/phpbb/phpbb.git
synced 2025-08-06 08:47:45 +02:00
merge
git-svn-id: file:///svn/phpbb/trunk@8776 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Henry Sudhof
@@ -2014,6 +2014,37 @@ function meta_refresh($time, $url)
|
||||
|
||||
//Form validation
|
||||
|
||||
|
||||
/**
|
||||
* Add a secret hash for use in links/GET requests
|
||||
* @param string $link_name The name of the link; has to match the name used in check_form_key, otherwise no restrictions apply
|
||||
* @param int $length The length of the key to generate
|
||||
* @return sting the hash
|
||||
|
||||
*/
|
||||
function generate_link_hash($link_name)
|
||||
{
|
||||
global $user;
|
||||
if (!isset($user->data["hash_$link_name"]))
|
||||
{
|
||||
$user->data["hash_$link_name"] = substr(sha1($user->data['user_form_salt'] . $link_name), 0, 8);
|
||||
}
|
||||
return $user->data["hash_$link_name"];
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* checks a link hash - for GET requests
|
||||
* @param string $token the submitted token
|
||||
* @param string $link_name The name of the link; has to match the name used in check_form_key, otherwise no restrictions apply
|
||||
* @param int $length The length of the key to check
|
||||
* @return boolean true if all is fine
|
||||
*/
|
||||
function check_link_hash($token, $link_name)
|
||||
{
|
||||
return $token === generate_link_hash($link_name);
|
||||
}
|
||||
|
||||
/**
|
||||
* Add a secret token to the form (requires the S_FORM_TOKEN template variable)
|
||||
* @param string $form_name The name of the form; has to match the name used in check_form_key, otherwise no restrictions apply
|
||||
|
||||
@@ -985,8 +985,8 @@ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id,
|
||||
$table_sql = ($mode == 'forum') ? FORUMS_WATCH_TABLE : TOPICS_WATCH_TABLE;
|
||||
$where_sql = ($mode == 'forum') ? 'forum_id' : 'topic_id';
|
||||
$match_id = ($mode == 'forum') ? $forum_id : $topic_id;
|
||||
|
||||
$u_url = ($mode == 'forum') ? 'f' : 'f=' . $forum_id . '&t';
|
||||
$u_url = "uid={$user->data['user_id']}&hash=" . generate_link_hash("{$mode}_$topic_id");
|
||||
$u_url .= ($mode == 'forum') ? '&f' : '&f=' . $forum_id . '&t';
|
||||
|
||||
// Is user watching this thread?
|
||||
if ($user_id != ANONYMOUS)
|
||||
@@ -1007,8 +1007,16 @@ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id,
|
||||
|
||||
if (!is_null($notify_status) && $notify_status !== '')
|
||||
{
|
||||
|
||||
if (isset($_GET['unwatch']))
|
||||
{
|
||||
$uid = request_var('uid', 0);
|
||||
if ($uid != $user_id)
|
||||
{
|
||||
$redirect_url = append_sid("{$phpbb_root_path}view$mode.$phpEx", "$u_url=$match_id&start=$start");
|
||||
$message = $user->lang['ERR_UNWATCHING'] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>');
|
||||
trigger_error($message);
|
||||
}
|
||||
if ($_GET['unwatch'] == $mode)
|
||||
{
|
||||
$is_watching = 0;
|
||||
@@ -1044,19 +1052,25 @@ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id,
|
||||
{
|
||||
if (isset($_GET['watch']))
|
||||
{
|
||||
if ($_GET['watch'] == $mode)
|
||||
$token = request_var('hash', '');
|
||||
$redirect_url = append_sid("view$mode", "$u_url=$match_id&start=$start");
|
||||
|
||||
if ($_GET['watch'] == $mode && check_link_hash($token, "{$mode}_$topic_id"))
|
||||
{
|
||||
$is_watching = true;
|
||||
|
||||
$sql = 'INSERT INTO ' . $table_sql . " (user_id, $where_sql, notify_status)
|
||||
VALUES ($user_id, $match_id, 0)";
|
||||
$db->sql_query($sql);
|
||||
$message = $user->lang['ARE_WATCHING_' . strtoupper($mode)] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>');
|
||||
}
|
||||
|
||||
$redirect_url = append_sid("view$mode", "$u_url=$match_id&start=$start");
|
||||
else
|
||||
{
|
||||
$message = $user->lang['ERR_WATCHING'] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>');
|
||||
}
|
||||
|
||||
meta_refresh(3, $redirect_url);
|
||||
|
||||
$message = $user->lang['ARE_WATCHING_' . strtoupper($mode)] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>');
|
||||
trigger_error($message);
|
||||
}
|
||||
else
|
||||
|
||||
@@ -1267,8 +1267,8 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
|
||||
'U_FORUM' => generate_board_url() . '/viewforum.' . PHP_EXT . "?f=$forum_id",
|
||||
'U_TOPIC' => generate_board_url() . '/viewtopic.' . PHP_EXT . "?f=$forum_id&t=$topic_id",
|
||||
'U_NEWEST_POST' => generate_board_url() . '/viewtopic.' . PHP_EXT . "?f=$forum_id&t=$topic_id&p=$post_id&e=$post_id",
|
||||
'U_STOP_WATCHING_TOPIC' => generate_board_url() . '/viewtopic.' . PHP_EXT . "?f=$forum_id&t=$topic_id&unwatch=topic",
|
||||
'U_STOP_WATCHING_FORUM' => generate_board_url() . '/viewforum.' . PHP_EXT . "?f=$forum_id&unwatch=forum",
|
||||
'U_STOP_WATCHING_TOPIC' => generate_board_url() . '/viewtopic.' . PHP_EXT . "?uid={$addr['user_id']}&f=$forum_id&t=$topic_id&unwatch=topic",
|
||||
'U_STOP_WATCHING_FORUM' => generate_board_url() . '/viewforum.' . PHP_EXT . "?uid={$addr['user_id']}&f=$forum_id&unwatch=forum",
|
||||
));
|
||||
|
||||
$messenger->send($addr['method']);
|
||||
|
||||
Reference in New Issue
Block a user