mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-04 15:57:45 +02:00
Code Issues Releases Wiki Activity

Ok, here comes a big one. Poor updater. Also requires testing.

Browse Source 
#i91
#i92
#i93
#i94
#i95
#i96


git-svn-id: file:///svn/phpbb/trunk@8120 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Henry Sudhof
2007-10-03 15:05:54 +00:00
parent 87e2e62c34
commit 4defd8a830
167 changed files with 998 additions and 399 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
phpBB/includes/acp/acp_attachments.php
View File

@@ -27,6 +27,14 @@ class acp_attachments
$submit = (isset($_POST['submit'])) ? true : false;
$action = request_var('action', '');
$form_key = 'acp_attach';
add_form_key($form_key);
if ($submit && !check_form_key($form_key))
{
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
}
switch ($mode)
{
case 'attach':

9
phpBB/includes/acp/acp_ban.php
View File

@@ -23,11 +23,18 @@ class acp_ban
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
$bansubmit = (isset($_POST['bansubmit'])) ? true : false;
$unbansubmit= (isset($_POST['unbansubmit'])) ? true : false;
$unbansubmit = (isset($_POST['unbansubmit'])) ? true : false;
$current_time = time();
$user->add_lang(array('acp/ban', 'acp/users'));
$this->tpl_name = 'acp_ban';
$form_key = 'acp_ban';
add_form_key($form_key);
if(($bansubmit || $unbansubmit) && !check_form_key($form_key))
{
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
}
// Ban submitted?
if ($bansubmit)

3
phpBB/includes/acp/acp_bbcodes.php
View File

@@ -28,6 +28,9 @@ class acp_bbcodes
$this->tpl_name = 'acp_bbcodes';
$this->page_title = 'ACP_BBCODES';
$form_key = 'acp_bbcodes';
add_form_key($form_key);
// Set up mode-specific vars
switch ($action)

9
phpBB/includes/acp/acp_board.php
View File

@@ -27,6 +27,9 @@ class acp_board
$action = request_var('action', '');
$submit = (isset($_POST['submit'])) ? true : false;
$form_key = 'acp_board';
add_form_key($form_key);
/**
* Validation types are:
* string, int, bool,
@@ -314,6 +317,8 @@ class acp_board
'chg_passforce' => array('lang' => 'FORCE_PASS_CHANGE', 'validate' => 'int', 'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']),
'max_login_attempts' => array('lang' => 'MAX_LOGIN_ATTEMPTS', 'validate' => 'int', 'type' => 'text:3:3', 'explain' => true),
'tpl_allow_php' => array('lang' => 'TPL_ALLOW_PHP', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
'form_token_lifetime' => array('lang' => 'FORM_TIME_MAX', 'validate' => 'int', 'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
'form_token_mintime' => array('lang' => 'FORM_TIME_MIN', 'validate' => 'int', 'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
)
);
break;
@@ -360,6 +365,10 @@ class acp_board
// We validate the complete config if whished
validate_config_vars($display_vars['vars'], $cfg_array, $error);
if ($submit && !check_form_key($form_key))
{
$error[] = $user->lang['FORM_INVALID'];
}
// Do not write values if there is an error
if (sizeof($error))
{

7
phpBB/includes/acp/acp_bots.php
View File

@@ -35,6 +35,13 @@ class acp_bots
$user->add_lang('acp/bots');
$this->tpl_name = 'acp_bots';
$this->page_title = 'ACP_BOTS';
$form_key = 'acp_bots';
add_form_key($form_key);
if ($submit && !check_form_key($form_key))
{
$error[] = $user->lang['FORM_INVALID'];
}
// User wants to do something, how inconsiderate of them!
switch ($action)

11
phpBB/includes/acp/acp_captcha.php
View File

@@ -57,9 +57,12 @@ class acp_captcha
$this->tpl_name = 'acp_captcha';
$this->page_title = 'ACP_VC_SETTINGS';
$form_key = 'acp_captcha';
add_form_key($form_key);
$submit = request_var('submit', '');
if ($submit)
if ($submit && check_form_key($form_key))
{
$config_vars = array_keys($config_vars);
foreach ($config_vars as $config_var)
@@ -73,6 +76,10 @@ class acp_captcha
}
trigger_error($user->lang['CONFIG_UPDATED'] . adm_back_link($this->u_action));
}
else if ($submit)
{
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action));
}
else
{

8
phpBB/includes/acp/acp_disallow.php
View File

@@ -28,9 +28,17 @@ class acp_disallow
$this->tpl_name = 'acp_disallow';
$this->page_title = 'ACP_DISALLOW_USERNAMES';
$form_key = 'acp_disallow';
add_form_key($form_key);
$disallow = (isset($_POST['disallow'])) ? true : false;
$allow = (isset($_POST['allow'])) ? true : false;
if (($allow || $disallow) && !check_form_key($form_key))
{
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
}
if ($disallow)
{
$disallowed_user = str_replace('*', '%', utf8_normalize_nfc(request_var('disallowed_user', '', true)));

8
phpBB/includes/acp/acp_email.php
View File

@@ -24,6 +24,9 @@ class acp_email
$this->tpl_name = 'acp_email';
$this->page_title = 'ACP_MASS_EMAIL';
$form_key = 'acp_email';
add_form_key($form_key);
// Set some vars
$submit = (isset($_POST['submit'])) ? true : false;
$error = array();
@@ -41,6 +44,11 @@ class acp_email
$use_queue = (isset($_POST['send_immediately'])) ? false : true;
$priority = request_var('mail_priority_flag', MAIL_NORMAL_PRIORITY);
if (!check_form_key($form_key))
{
$error[] = $user->lang['FORM_INVALID'];
}
if (!$subject)
{
$error[] = $user->lang['NO_EMAIL_SUBJECT'];

9
phpBB/includes/acp/acp_forums.php
View File

@@ -25,6 +25,9 @@ class acp_forums
$this->tpl_name = 'acp_forums';
$this->page_title = 'ACP_MANAGE_FORUMS';
$form_key = 'acp_forums';
add_form_key($form_key);
$action = request_var('action', '');
$update = (isset($_POST['update'])) ? true : false;
$forum_id = request_var('f', 0);
@@ -33,6 +36,12 @@ class acp_forums
$forum_data = $errors = array();
if ($update && !check_form_key($form_key))
{
$update = false;
$error[] = $user->lang['FORM_INVALID'];
}
// Check additional permissions
switch ($action)
{

11
phpBB/includes/acp/acp_groups.php
View File

@@ -24,6 +24,9 @@ class acp_groups
$this->tpl_name = 'acp_groups';
$this->page_title = 'ACP_GROUPS_MANAGE';
$form_key = 'acp_groups';
add_form_key($form_key);
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
// Check and set some common vars
@@ -36,6 +39,7 @@ class acp_groups
$start = request_var('start', 0);
$update = (isset($_POST['update'])) ? true : false;
// Clear some vars
$can_upload = (file_exists($phpbb_root_path . $config['avatar_path']) && @is_writable($phpbb_root_path . $config['avatar_path']) && $file_uploads) ? true : false;
$group_row = array();
@@ -251,13 +255,18 @@ class acp_groups
$error = array();
$user->add_lang('ucp');
$avatar_select = basename(request_var('avatar_select', ''));
$category = basename(request_var('category', ''));
// Did we submit?
if ($update)
{
if (!check_form_key($form_key))
{
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
}
$group_name = utf8_normalize_nfc(request_var('group_name', '', true));
$group_desc = utf8_normalize_nfc(request_var('group_desc', '', true));
$group_type = request_var('group_type', GROUP_FREE);

11
phpBB/includes/acp/acp_inactive.php
View File

@@ -33,14 +33,23 @@ class acp_inactive
$action = request_var('action', '');
$mark = (isset($_REQUEST['mark'])) ? request_var('mark', array(0)) : array();
$start = request_var('start', 0);
$submit = isset($_POST['submit']);
// Sort keys
$sort_days = request_var('st', 0);
$sort_key = request_var('sk', 'i');
$sort_dir = request_var('sd', 'd');
if (sizeof($mark))
$form_key = 'acp_inactive';
add_form_key($form_key);
if ($submit && sizeof($mark))
{
if (!check_form_key($form_key))
{
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
}
switch ($action)
{
case 'activate':

8
phpBB/includes/acp/acp_jabber.php
View File

@@ -44,8 +44,16 @@ class acp_jabber
$jab_package_size = request_var('jab_package_size', $config['jab_package_size']);
$jab_use_ssl = request_var('jab_use_ssl', $config['jab_use_ssl']);
$form_name = 'acp_jabber';
add_form_key($form_name);
if ($submit)
{
if(!check_form_key($form_name))
{
trigger_error($user->lang['FORM_INVALID']. adm_back_link($this->u_action), E_USER_WARNING);
}
$error = array();
$message = $user->lang['JAB_SETTINGS_CHANGED'];

32
phpBB/includes/acp/acp_language.php
View File

@@ -32,14 +32,19 @@ class acp_language
$this->default_variables();
// Check and set some common vars
$action = request_var('action', '');
$action = (isset($_POST['update_details'])) ? 'update_details' : $action;
$action = (isset($_POST['download_file'])) ? 'download_file' : $action;
$action = (isset($_POST['upload_file'])) ? 'upload_file' : $action;
$action = (isset($_POST['upload_data'])) ? 'upload_data' : $action;
$action = (isset($_POST['submit_file'])) ? 'submit_file' : $action;
$action = (isset($_POST['remove_store'])) ? 'details' : $action;
$action = (isset($_POST['update_details'])) ? 'update_details' : '';
$action = (isset($_POST['download_file'])) ? 'download_file' : '';
$action = (isset($_POST['upload_file'])) ? 'upload_file' : '';
$action = (isset($_POST['upload_data'])) ? 'upload_data' : '';
$action = (isset($_POST['submit_file'])) ? 'submit_file' : '';
$action = (isset($_POST['remove_store'])) ? 'details' : '';
$submit = (empty($action)) ? false : true;
$action = (empty($action)) ? request_var('action', '') : $action;
$form_name = 'acp_lang';
add_form_key('acp_lang');
$lang_id = request_var('id', 0);
if (isset($_POST['missing_file']))
@@ -59,7 +64,7 @@ class acp_language
$this->tpl_name = 'acp_language';
$this->page_title = 'ACP_LANGUAGE_PACKS';
if ($action == 'upload_data' && request_var('test_connection', ''))
if ($submit && $action == 'upload_data' && request_var('test_connection', ''))
{
$test_connection = false;
$action = 'upload_file';
@@ -89,6 +94,7 @@ class acp_language
switch ($action)
{
case 'upload_file':
include_once($phpbb_root_path . 'includes/functions_transfer.' . $phpEx);
$method = request_var('method', '');
@@ -132,6 +138,11 @@ class acp_language
case 'update_details':
if(!$submit || !check_form_key($form_name))
{
trigger_error($user->lang['FORM_INVALID']. adm_back_link($this->u_action), E_USER_WARNING);
}
if (!$lang_id)
{
trigger_error($user->lang['NO_LANG_ID'] . adm_back_link($this->u_action), E_USER_WARNING);
@@ -162,6 +173,11 @@ class acp_language
case 'submit_file':
case 'download_file':
case 'upload_data':
if(!$submit || !check_form_key($form_name))
{
trigger_error($user->lang['FORM_INVALID']. adm_back_link($this->u_action), E_USER_WARNING);
}
if (!$lang_id || empty($_POST['entry']))
{

8
phpBB/includes/acp/acp_permission_roles.php
View File

@@ -35,6 +35,9 @@ class acp_permission_roles
$action = request_var('action', '');
$action = (isset($_POST['add'])) ? 'add' : $action;
$form_name = 'acp_permissions';
add_form_key($form_name);
switch ($mode)
{
case 'admin_roles':
@@ -134,6 +137,11 @@ class acp_permission_roles
case 'add':
if(!check_form_key($form_name))
{
trigger_error($user->lang['FORM_INVALID']. adm_back_link($this->u_action), E_USER_WARNING);
}
$role_name = utf8_normalize_nfc(request_var('role_name', '', true));
$role_description = utf8_normalize_nfc(request_var('role_description', '', true));
$auth_settings = request_var('setting', array('' => 0));

17
phpBB/includes/acp/acp_permissions.php
View File

@@ -46,7 +46,6 @@ class acp_permissions
$this->permission_trace($user_id, $forum_id, $permission);
return;
}
trigger_error('NO_MODE', E_USER_ERROR);
}
@@ -66,6 +65,9 @@ class acp_permissions
$group_id = request_var('group_id', array(0));
$select_all_groups = request_var('select_all_groups', 0);
$form_name = 'acp_permissions';
add_form_key($form_name);
// If select all groups is set, we pre-build the group id array (this option is used for other screens to link to the permission settings screen)
if ($select_all_groups)
{
@@ -214,6 +216,11 @@ class acp_permissions
switch ($action)
{
case 'delete':
if(!check_form_key($form_name))
{
trigger_error($user->lang['FORM_INVALID']. adm_back_link($this->u_action), E_USER_WARNING);
}
// All users/groups selected?
$all_users = (isset($_POST['all_users'])) ? true : false;
$all_groups = (isset($_POST['all_groups'])) ? true : false;
@@ -247,6 +254,10 @@ class acp_permissions
{
trigger_error($user->lang['NO_AUTH_SETTING_FOUND'] . adm_back_link($this->u_action), E_USER_WARNING);
}
if(!check_form_key($form_name))
{
trigger_error($user->lang['FORM_INVALID']. adm_back_link($this->u_action), E_USER_WARNING);
}
$this->set_permissions($mode, $permission_type, $auth_admin, $user_id, $group_id);
break;
@@ -256,6 +267,10 @@ class acp_permissions
{
trigger_error($user->lang['NO_AUTH_SETTING_FOUND'] . adm_back_link($this->u_action), E_USER_WARNING);
}
if(!check_form_key($form_name))
{
trigger_error($user->lang['FORM_INVALID']. adm_back_link($this->u_action), E_USER_WARNING);
}
$this->set_all_permissions($mode, $permission_type, $auth_admin, $user_id, $group_id);
break;

14
phpBB/includes/acp/acp_ranks.php
View File

@@ -31,10 +31,17 @@ class acp_ranks
$this->tpl_name = 'acp_ranks';
$this->page_title = 'ACP_MANAGE_RANKS';
$form_name = 'acp_prune';
add_form_key($form_name);
switch ($action)
{
case 'save':
if(!check_form_key($form_name))
{
trigger_error($user->lang['FORM_INVALID']. adm_back_link($this->u_action), E_USER_WARNING);
}
$rank_title = utf8_normalize_nfc(request_var('title', '', true));
$special_rank = request_var('special_rank', 0);
$min_posts = ($special_rank) ? 0 : request_var('min_posts', 0);
@@ -124,6 +131,11 @@ class acp_ranks
case 'edit':
case 'add':
if(!check_form_key($form_name))
{
trigger_error($user->lang['FORM_INVALID']. adm_back_link($this->u_action), E_USER_WARNING);
}
$data = $ranks = $existing_imgs = array();
$sql = 'SELECT *

7
phpBB/includes/acp/acp_reasons.php
View File

@@ -30,6 +30,9 @@ class acp_reasons
$this->tpl_name = 'acp_reasons';
$this->page_title = 'ACP_REASONS';
$form_name = 'acp_reason';
add_form_key('acp_reason');
$error = array();
switch ($action)
@@ -44,6 +47,10 @@ class acp_reasons
if ($submit)
{
if(!check_form_key($form_name))
{
$error[] = $user->lang['FORM_INVALID'];
}
// Reason specified?
if (!$reason_row['reason_title'] || !$reason_row['reason_description'])
{

83
phpBB/includes/acp/acp_users.php
View File

@@ -37,6 +37,9 @@ class acp_users
$submit = (isset($_POST['update'])) ? true : false;
$form_name = 'acp_users';
add_form_key($form_name);
// Whois (special case)
if ($action == 'whois')
{
@@ -218,6 +221,11 @@ class acp_users
trigger_error($user->lang['CANNOT_BAN_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
}
if (!check_form_key($form_name))
{
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
}
$ban = array();
switch ($action)
@@ -270,6 +278,11 @@ class acp_users
trigger_error($user->lang['CANNOT_FORCE_REACT_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
}
if (!check_form_key($form_name))
{
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
}
if ($user_row['user_type'] == USER_FOUNDER)
{
trigger_error($user->lang['CANNOT_FORCE_REACT_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
@@ -337,6 +350,11 @@ class acp_users
trigger_error($user->lang['CANNOT_DEACTIVATE_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
}
if (!check_form_key($form_name))
{
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
}
if ($user_row['user_type'] == USER_FOUNDER)
{
trigger_error($user->lang['CANNOT_DEACTIVATE_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
@@ -361,6 +379,11 @@ class acp_users
case 'delsig':
if (!check_form_key($form_name))
{
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
}
$sql_ary = array(
'user_sig' => '',
'user_sig_bbcode_uid' => '',
@@ -379,7 +402,12 @@ class acp_users
break;
case 'delavatar':
if (!check_form_key($form_name))
{
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
}
$sql_ary = array(
'user_avatar' => '',
'user_avatar_type' => 0,
@@ -451,6 +479,11 @@ class acp_users
case 'moveposts':
if (!check_form_key($form_name))
{
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
}
$user->add_lang('acp/forums');
$new_forum_id = request_var('new_f', 0);
@@ -654,6 +687,11 @@ class acp_users
$error[] = 'NEW_EMAIL_ERROR';
}
if (!check_form_key($form_name))
{
$error[] = 'FORM_INVALID';
}
// Which updates do we need to do?
$update_username = ($user_row['username'] != $data['username']) ? $data['username'] : false;
$update_password = ($data['new_password'] && $user_row['user_password'] != md5($data['new_password'])) ? true : false;
@@ -882,6 +920,11 @@ class acp_users
// Delete entries if requested and able
if (($deletemark || $deleteall) && $auth->acl_get('a_clearlogs'))
{
if (!check_form_key($form_name))
{
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
}
$where_sql = '';
if ($deletemark && $marked)
{
@@ -907,6 +950,11 @@ class acp_users
if ($submit && $message)
{
if (!check_form_key($form_name))
{
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
}
add_log('admin', 'LOG_USER_FEEDBACK', $user_row['username']);
add_log('mod', 0, 0, 'LOG_USER_FEEDBACK', $user_row['username']);
add_log('user', $user_id, 'LOG_USER_GENERAL', $message);
@@ -1027,6 +1075,10 @@ class acp_users
{
$error = array_merge($error, $cp_error);
}
if (!check_form_key($form_name))
{
$error[] = 'FORM_INVALID';
}
if (!sizeof($error))
{
@@ -1205,6 +1257,11 @@ class acp_users
'post_sd' => array('string', false, 1, 1),
));
if (!check_form_key($form_name))
{
$error[] = 'FORM_INVALID';
}
if (!sizeof($error))
{
$this->optionset($user_row, 'popuppm', $data['popuppm']);
@@ -1368,6 +1425,12 @@ class acp_users
if ($submit)
{
if (!check_form_key($form_name))
{
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
}
if (avatar_process_user($error, $user_row))
{
trigger_error($user->lang['USER_AVATAR_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_row['user_id']));
@@ -1410,6 +1473,11 @@ class acp_users
if ($submit)
{
if (!check_form_key($form_name))
{
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
}
$rank_id = request_var('user_rank', 0);
$sql = 'UPDATE ' . USERS_TABLE . "
@@ -1467,7 +1535,12 @@ class acp_users
{
$error[] = implode('<br />', $message_parser->warn_msg);
}
if (!check_form_key($form_name))
{
$error = 'FORM_INVALID';
}
if (!sizeof($error) && $submit)
{
$sql_ary = array(
@@ -1733,6 +1806,12 @@ class acp_users
// Add user to group?
if ($submit)
{
if (!check_form_key($form_name))
{
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);
}
if (!$group_id)
{
trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&amp;u=' . $user_id), E_USER_WARNING);

8
phpBB/includes/acp/acp_words.php
View File

@@ -33,6 +33,9 @@ class acp_words
$this->tpl_name = 'acp_words';
$this->page_title = 'ACP_WORDS';
$form_name = 'acp_words';
add_form_key($form_name);
switch ($action)
{
case 'edit':
@@ -68,6 +71,11 @@ class acp_words
break;
case 'save':
if(!check_form_key($form_name))
{
trigger_error($user->lang['FORM_INVALID']. adm_back_link($this->u_action), E_USER_WARNING);
}
$word_id = request_var('id', 0);
$word = utf8_normalize_nfc(request_var('word', '', true));
$replacement = utf8_normalize_nfc(request_var('replacement', '', true));

64
phpBB/includes/functions.php
View File

@@ -1964,6 +1964,70 @@ function meta_refresh($time, $url)
);
}
//Form validation
/**
* Add a secret token to the form (requires the S_FORM_TOKEN template variable)
* @param string $form_name The name of the form; has to match the name used in check_form_key, otherwise no restrictions apply
*/
function add_form_key($form_name)
{
global $template, $user;
$now = time();
$token = sha1($now . $user->data['user_form_salt'] . $form_name);
$s_fields = build_hidden_fields(array(
'creation_time' => $now,
'form_token' => $token,
));
$template->assign_vars(array(
'S_FORM_TOKEN' => $s_fields,
));
}
/**
* Check the form key. Required for all altering actions not secured by confirm_box
* @param string $form_name The name of the form; has to match the name used in add_form_key, otherwise no restrictions apply
* @param int $timespan The maximum acceptable age for a submitted form in seconds. Defaults to the config setting.
* @param string $return_page The address for the return link
* @param bool $trigger If true, the function will triger an error when encountering an invalid form
* @param int $minimum_time The minimum acceptable age for a submitted form in seconds
*/
function check_form_key($form_name, $timespan = false, $return_page = '', $trigger = false, $miniumum_time = false)
{
global $user, $config;
if ($timespan === false)
{
$timespan = $config['form_token_lifetime'];
}
if ($miniumum_time === false)
{
$miniumum_time = $config['form_token_mintime'];
}
if (isset($_POST['creation_time']) && isset($_POST['form_token']))
{
$creation_time = abs(request_var('creation_time', 0));
$token = request_var('form_token', '');
$diff = (time() - $creation_time);
if (($diff > $miniumum_time) && (($diff < $timespan) || $timespan == -1))
{
$key = sha1($creation_time . $user->data['user_form_salt'] . $form_name);
if ($key === $token)
{
return true;
}
}
}
if ($trigger)
{
trigger_error($user->lang['FORM_INVALID'] . $return_page);
}
return false;
}
// Message/Login boxes
/**

7
phpBB/includes/functions_posting.php
View File

@@ -1930,6 +1930,9 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
}
$sql_insert_ary = array();
$sql_delete_array = array();
print_r($cur_poll_options);
for ($i = 0, $size = sizeof($poll['poll_options']); $i < $size; $i++)
{
if (strlen(trim($poll['poll_options'][$i])))
@@ -1952,6 +1955,10 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
$db->sql_query($sql);
}
}
else if (!empty($cur_poll_options[$i]))
{
$sql_delete_array[] = $cur_poll_options[$i]['poll_option_id'];
}
}
$db->sql_multi_insert(POLL_OPTIONS_TABLE, $sql_insert_ary);

1
phpBB/includes/mcp/mcp_ban.php
View File

@@ -49,7 +49,6 @@ class mcp_ban
$ban_exclude = request_var('banexclude', 0);
$ban_reason = utf8_normalize_nfc(request_var('banreason', '', true));
$ban_give_reason = utf8_normalize_nfc(request_var('bangivereason', '', true));
if ($ban)
{

40
phpBB/includes/mcp/mcp_notes.php
View File

@@ -74,6 +74,8 @@ class mcp_notes
$sk = request_var('sk', 'b');
$sd = request_var('sd', 'd');
add_form_key('mcp_notes');
$sql_where = ($user_id) ? "user_id = $user_id" : "username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
$sql = 'SELECT *
@@ -121,15 +123,22 @@ class mcp_notes
if ($where_sql || $deleteall)
{
$sql = 'DELETE FROM ' . LOG_TABLE . '
WHERE log_type = ' . LOG_USERS . "
AND reportee_id = $user_id
$where_sql";
$db->sql_query($sql);
if (check_form_key('mcp_notes'))
{
$sql = 'DELETE FROM ' . LOG_TABLE . '
WHERE log_type = ' . LOG_USERS . "
AND reportee_id = $user_id
$where_sql";
$db->sql_query($sql);
add_log('admin', 'LOG_CLEAR_USER', $userrow['username']);
add_log('admin', 'LOG_CLEAR_USER', $userrow['username']);
$msg = ($deletemark) ? 'MARKED_NOTES_DELETED' : 'ALL_NOTES_DELETED';
$msg = ($deletemark) ? 'MARKED_NOTES_DELETED' : 'ALL_NOTES_DELETED';
}
else
{
$msg = 'FORM_INVALID';
}
$redirect = $this->u_action . '&amp;u=' . $user_id;
meta_refresh(3, $redirect);
trigger_error($user->lang[$msg] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>'));
@@ -138,15 +147,22 @@ class mcp_notes
if ($usernote && $action == 'add_feedback')
{
add_log('admin', 'LOG_USER_FEEDBACK', $userrow['username']);
add_log('mod', 0, 0, 'LOG_USER_FEEDBACK', $userrow['username']);
add_log('user', $user_id, 'LOG_USER_GENERAL', $usernote);
if(check_form_key('mcp_notes'))
{
add_log('admin', 'LOG_USER_FEEDBACK', $userrow['username']);
add_log('mod', 0, 0, 'LOG_USER_FEEDBACK', $userrow['username']);
add_log('user', $user_id, 'LOG_USER_GENERAL', $usernote);
$msg = $user->lang['USER_FEEDBACK_ADDED'];
}
else
{
$msg = $user->lang['FORM_INVALID'];
}
$redirect = $this->u_action;
meta_refresh(3, $redirect);
trigger_error($user->lang['USER_FEEDBACK_ADDED'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>'));
trigger_error($msg . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>'));
}
// Generate the appropriate user information for the user we are looking at

11
phpBB/includes/mcp/mcp_post.php
View File

@@ -24,6 +24,8 @@ function mcp_post_details($id, $mode, $action)
// Get post data
$post_info = get_post_data(array($post_id), false, true);
add_form_key('mcp_post_details');
if (!sizeof($post_info))
{
trigger_error('POST_NOT_EXIST');
@@ -82,7 +84,14 @@ function mcp_post_details($id, $mode, $action)
if ($auth->acl_get('m_chgposter', $post_info['forum_id']))
{
change_poster($post_info, $row);
if (check_form_key('mcp_post_details'))
{
change_poster($post_info, $row);
}
else
{
trigger_error('FORM_INVALID');
}
}
break;

14
phpBB/includes/mcp/mcp_topic.php
View File

@@ -40,7 +40,7 @@ function mcp_topic_view($id, $mode, $action)
$to_forum_id = request_var('to_forum_id', 0);
$post_id_list = request_var('post_id_list', array(0));
$sort = isset($_POST['sort']) ? true : false;
// Split Topic?
if ($action == 'split_all' || $action == 'split_beyond')
{
@@ -98,8 +98,8 @@ function mcp_topic_view($id, $mode, $action)
if ($total == -1)
{
$total = $topic_info['topic_replies'] + 1;
}
}
$posts_per_page = max(0, request_var('posts_per_page', intval($config['posts_per_page'])));
if ($posts_per_page == 0)
{
@@ -220,7 +220,7 @@ function mcp_topic_view($id, $mode, $action)
'S_POST_UNAPPROVED' => ($row['post_approved']) ? false : true,
'S_CHECKED' => ($post_id_list && in_array(intval($row['post_id']), $post_id_list)) ? true : false,
'S_HAS_ATTACHMENTS' => (!empty($attachments[$row['post_id']])) ? true : false,
'U_POST_DETAILS' => "$url&amp;i=$id&amp;p={$row['post_id']}&amp;mode=post_details" . (($forum_id) ? "&amp;f=$forum_id" : ''),
'U_MCP_APPROVE' => ($auth->acl_get('m_approve', $topic_info['forum_id'])) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&amp;mode=approve_details&amp;f=' . $topic_info['forum_id'] . '&amp;p=' . $row['post_id']) : '',
'U_MCP_REPORT' => ($auth->acl_get('m_report', $topic_info['forum_id'])) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports&amp;mode=report_details&amp;f=' . $topic_info['forum_id'] . '&amp;p=' . $row['post_id']) : '')
@@ -268,11 +268,11 @@ function mcp_topic_view($id, $mode, $action)
}
}
}
$s_hidden_fields = build_hidden_fields(array(
'st_old' => $sort_days,
));
$template->assign_vars(array(
'TOPIC_TITLE' => $topic_info['topic_title'],
'U_VIEW_TOPIC' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $topic_info['forum_id'] . '&amp;t=' . $topic_info['topic_id']),
@@ -298,7 +298,7 @@ function mcp_topic_view($id, $mode, $action)
'S_REPORT_VIEW' => ($action == 'reports') ? true : false,
'S_MERGE_VIEW' => ($action == 'merge') ? true : false,
'S_SPLIT_VIEW' => ($action == 'split') ? true : false,
'S_HIDDEN_FIELDS' => $s_hidden_fields,
'S_SHOW_TOPIC_ICONS' => $s_topic_icons,

26
phpBB/includes/mcp/mcp_warn.php
View File

@@ -37,6 +37,8 @@ class mcp_warn
$this->page_title = 'MCP_WARN';
add_form_key('mcp_warn');
switch ($mode)
{
case 'front':
@@ -241,8 +243,15 @@ class mcp_warn
if ($warning && $action == 'add_warning')
{
add_warning($user_row, $warning, $notify, $post_id);
if (check_form_key('mcp_warn'))
{
add_warning($user_row, $warning, $notify, $post_id);
$msg = $user->lang['USER_WARNING_ADDED'];
}
else
{
$msg = $user->lang['FORM_INVALID'];
}
$redirect = append_sid("{$phpbb_root_path}mcp.$phpEx", "i=notes&amp;mode=user_notes&amp;u=$user_id");
meta_refresh(2, $redirect);
trigger_error($user->lang['USER_WARNING_ADDED'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>'));
@@ -336,11 +345,18 @@ class mcp_warn
if ($warning && $action == 'add_warning')
{
add_warning($user_row, $warning, $notify);
if(check_form_key('mcp_warn'))
{
add_warning($user_row, $warning, $notify);
$msg = $user->lang['USER_WARNING_ADDED'];
}
else
{
$msg = $user->lang['FORM_INVALID'];
}
$redirect = append_sid("{$phpbb_root_path}mcp.$phpEx", "i=notes&amp;mode=user_notes&amp;u=$user_id");
meta_refresh(2, $redirect);
trigger_error($user->lang['USER_WARNING_ADDED'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>'));
trigger_error($msg . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>'));
}
// Generate the appropriate user information for the user we are looking at

18
phpBB/includes/session.php
View File

@@ -641,6 +641,24 @@ class session
$this->set_cookie('sid', $this->session_id, $cookie_expire);
unset($cookie_expire);
$sql = 'SELECT COUNT(session_id) AS sessions
FROM ' . SESSIONS_TABLE . '
WHERE session_user_id = ' . (int) $this->data['user_id'] . '
AND session_time >= ' . ($this->time_now - $config['form_token_lifetime']);
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ((int) $row['sessions'] <= 1 || empty($this->data['user_form_salt']))
{
$this->data['user_form_salt'] = unique_id();
// Update the form key
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_form_salt = \'' . $db->sql_escape($this->data['user_form_salt']) . '\'
WHERE user_id = ' . (int) $this->data['user_id'];
$db->sql_query($sql);
}
}
else
{

6
phpBB/includes/ucp/ucp_groups.php
View File

@@ -393,6 +393,7 @@ class ucp_groups
$this->page_title = 'UCP_USERGROUPS_MANAGE';
$action = (isset($_POST['addusers'])) ? 'addusers' : request_var('action', '');
$group_id = request_var('g', 0);
add_form_key('ucp_groups');
if ($group_id)
{
@@ -552,6 +553,11 @@ class ucp_groups
}
}
if (!check_form_key('ucp_groups'))
{
$error[] = $user->lang['FORM_INVALID'];
}
if (!sizeof($error))
{
// Only set the rank, colour, etc. if it's changed or if we're adding a new

130
phpBB/includes/ucp/ucp_main.php
View File

@@ -194,41 +194,51 @@ class ucp_main
$user->add_lang('viewforum');
add_form_key('ucp_front_subscribed');
$unwatch = (isset($_POST['unwatch'])) ? true : false;
if ($unwatch)
{
$forums = array_keys(request_var('f', array(0 => 0)));
$topics = array_keys(request_var('t', array(0 => 0)));
if (sizeof($forums) || sizeof($topics))
if(check_form_key('ucp_front_subscribed'))
{
$l_unwatch = '';
if (sizeof($forums))
$forums = array_keys(request_var('f', array(0 => 0)));
$topics = array_keys(request_var('t', array(0 => 0)));
$msg = '';
if (sizeof($forums) || sizeof($topics))
{
$sql = 'DELETE FROM ' . FORUMS_WATCH_TABLE . '
WHERE ' . $db->sql_in_set('forum_id', $forums) . '
AND user_id = ' . $user->data['user_id'];
$db->sql_query($sql);
$l_unwatch = '';
if (sizeof($forums))
{
$sql = 'DELETE FROM ' . FORUMS_WATCH_TABLE . '
WHERE ' . $db->sql_in_set('forum_id', $forums) . '
AND user_id = ' . $user->data['user_id'];
$db->sql_query($sql);
$l_unwatch .= '_FORUMS';
}
if (sizeof($topics))
{
$sql = 'DELETE FROM ' . TOPICS_WATCH_TABLE . '
WHERE ' . $db->sql_in_set('topic_id', $topics) . '
AND user_id = ' . $user->data['user_id'];
$db->sql_query($sql);
$l_unwatch .= '_TOPICS';
}
$msg = $user->lang['UNWATCHED' . $l_unwatch];
$l_unwatch .= '_FORUMS';
}
if (sizeof($topics))
{
$sql = 'DELETE FROM ' . TOPICS_WATCH_TABLE . '
WHERE ' . $db->sql_in_set('topic_id', $topics) . '
AND user_id = ' . $user->data['user_id'];
$db->sql_query($sql);
$l_unwatch .= '_TOPICS';
}
$message = $user->lang['UNWATCHED' . $l_unwatch] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . append_sid("{$phpbb_root_path}ucp.$phpEx", "i=$id&amp;mode=subscribed") . '">', '</a>');
meta_refresh(3, append_sid("{$phpbb_root_path}ucp.$phpEx", "i=$id&amp;mode=subscribed"));
trigger_error($message);
}
else
{
$msg = $user->lang['FORM_INVALID'];
}
$message = $msg . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . append_sid("{$phpbb_root_path}ucp.$phpEx", "i=$id&amp;mode=subscribed") . '">', '</a>');
meta_refresh(3, append_sid("{$phpbb_root_path}ucp.$phpEx", "i=$id&amp;mode=subscribed"));
trigger_error($message);
}
$forbidden_forums = array();
@@ -418,53 +428,65 @@ class ucp_main
$s_hidden_fields = ($edit) ? '<input type="hidden" name="edit" value="' . $draft_id . '" />' : '';
$draft_subject = $draft_message = '';
add_form_key('ucp_draft');
if ($delete)
{
$drafts = array_keys(request_var('d', array(0 => 0)));
if (sizeof($drafts))
if (check_form_key('ucp_draft'))
{
$sql = 'DELETE FROM ' . DRAFTS_TABLE . '
WHERE ' . $db->sql_in_set('draft_id', $drafts) . '
AND user_id = ' . $user->data['user_id'];
$db->sql_query($sql);
$drafts = array_keys(request_var('d', array(0 => 0)));
$message = $user->lang['DRAFTS_DELETED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
meta_refresh(3, $this->u_action);
trigger_error($message);
if (sizeof($drafts))
{
$sql = 'DELETE FROM ' . DRAFTS_TABLE . '
WHERE ' . $db->sql_in_set('draft_id', $drafts) . '
AND user_id = ' . $user->data['user_id'];
$db->sql_query($sql);
}
$msg = $user->lang['DRAFTS_DELETED'];
unset($drafts);
}
unset($drafts);
else
{
$msg = $user->lang['FORM_INVALID'];
}
$message = $msg . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
meta_refresh(3, $this->u_action);
trigger_error($message);
}
if ($submit && $edit)
{
$draft_subject = utf8_normalize_nfc(request_var('subject', '', true));
$draft_message = utf8_normalize_nfc(request_var('message', '', true));
if ($draft_message && $draft_subject)
if (check_form_key('ucp_draft'))
{
$draft_row = array(
'draft_subject' => $draft_subject,
'draft_message' => $draft_message
);
if ($draft_message && $draft_subject)
{
$draft_row = array(
'draft_subject' => $draft_subject,
'draft_message' => $draft_message
);
$sql = 'UPDATE ' . DRAFTS_TABLE . '
SET ' . $db->sql_build_array('UPDATE', $draft_row) . "
WHERE draft_id = $draft_id
AND user_id = " . $user->data['user_id'];
$db->sql_query($sql);
$sql = 'UPDATE ' . DRAFTS_TABLE . '
SET ' . $db->sql_build_array('UPDATE', $draft_row) . "
WHERE draft_id = $draft_id
AND user_id = " . $user->data['user_id'];
$db->sql_query($sql);
$message = $user->lang['DRAFT_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
$message = $user->lang['DRAFT_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
meta_refresh(3, $this->u_action);
trigger_error($message);
meta_refresh(3, $this->u_action);
trigger_error($message);
}
else
{
$template->assign_var('ERROR', ($draft_message == '') ? $user->lang['EMPTY_DRAFT'] : (($draft_subject == '') ? $user->lang['EMPTY_DRAFT_TITLE'] : ''));
}
}
else
{
$template->assign_var('ERROR', ($draft_message == '') ? $user->lang['EMPTY_DRAFT'] : (($draft_subject == '') ? $user->lang['EMPTY_DRAFT_TITLE'] : ''));
$template->assign_var('ERROR', $user->lang['FORM_INVALID']);
}
}

5
phpBB/includes/ucp/ucp_pm_compose.php
View File

@@ -25,6 +25,7 @@ function compose_pm($id, $mode, $action)
{
$action = 'post';
}
add_form_key('ucp_pm_compose');
// Grab only parameters needed here
$to_user_id = request_var('u', 0);
@@ -532,6 +533,10 @@ function compose_pm($id, $mode, $action)
if ($submit || $preview || $refresh)
{
if (!check_form_key('ucp_pm_compose'))
{
$error[] = $user->lang['FORM_INVALID'];
}
$subject = utf8_normalize_nfc(request_var('subject', '', true));
$message_parser->message = utf8_normalize_nfc(request_var('message', '', true));

243
phpBB/includes/ucp/ucp_pm_options.php
View File

@@ -17,9 +17,11 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit
$redirect_url = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&amp;mode=options");
add_form_key('ucp_pm_options');
// Change "full folder" setting - what to do if folder is full
if (isset($_POST['fullfolder']))
{
check_form_key('ucp_pm_options', $config['form_token_lifetime'], $redirect_url);
$full_action = request_var('full_action', 0);
$set_folder_id = 0;
@@ -60,79 +62,94 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit
// Add Folder
if (isset($_POST['addfolder']))
{
$folder_name = utf8_normalize_nfc(request_var('foldername', '', true));
if ($folder_name)
if (check_form_key('ucp_pm_options'))
{
$sql = 'SELECT folder_name
FROM ' . PRIVMSGS_FOLDER_TABLE . "
WHERE folder_name = '" . $db->sql_escape($folder_name) . "'
AND user_id = " . $user->data['user_id'];
$result = $db->sql_query_limit($sql, 1);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$folder_name = utf8_normalize_nfc(request_var('foldername', '', true));
$msg = '';
if ($row)
if ($folder_name)
{
trigger_error(sprintf($user->lang['FOLDER_NAME_EXIST'], $folder_name));
$sql = 'SELECT folder_name
FROM ' . PRIVMSGS_FOLDER_TABLE . "
WHERE folder_name = '" . $db->sql_escape($folder_name) . "'
AND user_id = " . $user->data['user_id'];
$result = $db->sql_query_limit($sql, 1);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($row)
{
trigger_error(sprintf($user->lang['FOLDER_NAME_EXIST'], $folder_name));
}
$sql = 'SELECT COUNT(folder_id) as num_folder
FROM ' . PRIVMSGS_FOLDER_TABLE . '
WHERE user_id = ' . $user->data['user_id'];
$result = $db->sql_query($sql);
$num_folder = (int) $db->sql_fetchfield('num_folder');
$db->sql_freeresult($result);
if ($num_folder >= $config['pm_max_boxes'])
{
trigger_error('MAX_FOLDER_REACHED');
}
$sql = 'INSERT INTO ' . PRIVMSGS_FOLDER_TABLE . ' ' . $db->sql_build_array('INSERT', array(
'user_id' => (int) $user->data['user_id'],
'folder_name' => $folder_name)
);
$db->sql_query($sql);
$msg = $user->lang['FOLDER_ADDED'];
}
$sql = 'SELECT COUNT(folder_id) as num_folder
FROM ' . PRIVMSGS_FOLDER_TABLE . '
WHERE user_id = ' . $user->data['user_id'];
$result = $db->sql_query($sql);
$num_folder = (int) $db->sql_fetchfield('num_folder');
$db->sql_freeresult($result);
if ($num_folder >= $config['pm_max_boxes'])
{
trigger_error('MAX_FOLDER_REACHED');
}
$sql = 'INSERT INTO ' . PRIVMSGS_FOLDER_TABLE . ' ' . $db->sql_build_array('INSERT', array(
'user_id' => (int) $user->data['user_id'],
'folder_name' => $folder_name)
);
$db->sql_query($sql);
$message = $user->lang['FOLDER_ADDED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $redirect_url . '">', '</a>');
meta_refresh(3, $redirect_url);
trigger_error($message);
}
else
{
$msg = $user->lang['FORM_INVALID'];
}
$message = $msg . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $redirect_url . '">', '</a>');
meta_refresh(3, $redirect_url);
trigger_error($message);
}
// Rename folder
if (isset($_POST['rename_folder']))
{
$new_folder_name = utf8_normalize_nfc(request_var('new_folder_name', '', true));
$rename_folder_id= request_var('rename_folder_id', 0);
if (!$new_folder_name)
if (check_form_key('ucp_pm_options'))
{
trigger_error('NO_NEW_FOLDER_NAME');
$new_folder_name = utf8_normalize_nfc(request_var('new_folder_name', '', true));
$rename_folder_id= request_var('rename_folder_id', 0);
if (!$new_folder_name)
{
trigger_error('NO_NEW_FOLDER_NAME');
}
// Select custom folder
$sql = 'SELECT folder_name, pm_count
FROM ' . PRIVMSGS_FOLDER_TABLE . "
WHERE user_id = {$user->data['user_id']}
AND folder_id = $rename_folder_id";
$result = $db->sql_query_limit($sql, 1);
$folder_row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$folder_row)
{
trigger_error('CANNOT_RENAME_FOLDER');
}
$sql = 'UPDATE ' . PRIVMSGS_FOLDER_TABLE . "
SET folder_name = '" . $db->sql_escape($new_folder_name) . "'
WHERE folder_id = $rename_folder_id
AND user_id = {$user->data['user_id']}";
$db->sql_query($sql);
$msg = $user->lang['FOLDER_RENAMED'];
}
// Select custom folder
$sql = 'SELECT folder_name, pm_count
FROM ' . PRIVMSGS_FOLDER_TABLE . "
WHERE user_id = {$user->data['user_id']}
AND folder_id = $rename_folder_id";
$result = $db->sql_query_limit($sql, 1);
$folder_row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$folder_row)
else
{
trigger_error('CANNOT_RENAME_FOLDER');
$msg = $user->lang['FORM_INVALID'];
}
$sql = 'UPDATE ' . PRIVMSGS_FOLDER_TABLE . "
SET folder_name = '" . $db->sql_escape($new_folder_name) . "'
WHERE folder_id = $rename_folder_id
AND user_id = {$user->data['user_id']}";
$db->sql_query($sql);
$message = $user->lang['FOLDER_RENAMED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $redirect_url . '">', '</a>');
$message = $msg . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $redirect_url . '">', '</a>');
meta_refresh(3, $redirect_url);
trigger_error($message);
}
@@ -251,60 +268,68 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit
// Add Rule
if (isset($_POST['add_rule']))
{
$check_option = request_var('check_option', 0);
$rule_option = request_var('rule_option', 0);
$cond_option = request_var('cond_option', '');
$action_option = explode('|', request_var('action_option', ''));
$rule_string = ($cond_option != 'none') ? utf8_normalize_nfc(request_var('rule_string', '', true)) : '';
$rule_user_id = ($cond_option != 'none') ? request_var('rule_user_id', 0) : 0;
$rule_group_id = ($cond_option != 'none') ? request_var('rule_group_id', 0) : 0;
$action = (int) $action_option[0];
$folder_id = (int) $action_option[1];
if (!$action || !$check_option || !$rule_option || !$cond_option || ($cond_option != 'none' && !$rule_string))
if(check_form_key('ucp_pm_options'))
{
trigger_error('RULE_NOT_DEFINED');
}
$check_option = request_var('check_option', 0);
$rule_option = request_var('rule_option', 0);
$cond_option = request_var('cond_option', '');
$action_option = explode('|', request_var('action_option', ''));
$rule_string = ($cond_option != 'none') ? utf8_normalize_nfc(request_var('rule_string', '', true)) : '';
$rule_user_id = ($cond_option != 'none') ? request_var('rule_user_id', 0) : 0;
$rule_group_id = ($cond_option != 'none') ? request_var('rule_group_id', 0) : 0;
if (($cond_option == 'user' && !$rule_user_id) || ($cond_option == 'group' && !$rule_group_id))
$action = (int) $action_option[0];
$folder_id = (int) $action_option[1];
if (!$action || !$check_option || !$rule_option || !$cond_option || ($cond_option != 'none' && !$rule_string))
{
trigger_error('RULE_NOT_DEFINED');
}
if (($cond_option == 'user' && !$rule_user_id) || ($cond_option == 'group' && !$rule_group_id))
{
trigger_error('RULE_NOT_DEFINED');
}
$rule_ary = array(
'user_id' => $user->data['user_id'],
'rule_check' => $check_option,
'rule_connection' => $rule_option,
'rule_string' => $rule_string,
'rule_user_id' => $rule_user_id,
'rule_group_id' => $rule_group_id,
'rule_action' => $action,
'rule_folder_id' => $folder_id
);
$sql = 'SELECT rule_id
FROM ' . PRIVMSGS_RULES_TABLE . '
WHERE ' . $db->sql_build_array('SELECT', $rule_ary);
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($row)
{
trigger_error('RULE_ALREADY_DEFINED');
}
$sql = 'INSERT INTO ' . PRIVMSGS_RULES_TABLE . ' ' . $db->sql_build_array('INSERT', $rule_ary);
$db->sql_query($sql);
// Update users message rules
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_message_rules = 1
WHERE user_id = ' . $user->data['user_id'];
$db->sql_query($sql);
$msg = $user->lang['RULE_ADDED'];
}
else
{
trigger_error('RULE_NOT_DEFINED');
$msg = $user->lang['FORM_INVALID'];
}
$rule_ary = array(
'user_id' => $user->data['user_id'],
'rule_check' => $check_option,
'rule_connection' => $rule_option,
'rule_string' => $rule_string,
'rule_user_id' => $rule_user_id,
'rule_group_id' => $rule_group_id,
'rule_action' => $action,
'rule_folder_id' => $folder_id
);
$sql = 'SELECT rule_id
FROM ' . PRIVMSGS_RULES_TABLE . '
WHERE ' . $db->sql_build_array('SELECT', $rule_ary);
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($row)
{
trigger_error('RULE_ALREADY_DEFINED');
}
$sql = 'INSERT INTO ' . PRIVMSGS_RULES_TABLE . ' ' . $db->sql_build_array('INSERT', $rule_ary);
$db->sql_query($sql);
// Update users message rules
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_message_rules = 1
WHERE user_id = ' . $user->data['user_id'];
$db->sql_query($sql);
$message = $user->lang['RULE_ADDED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $redirect_url . '">', '</a>');
$message = $msg . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $redirect_url . '">', '</a>');
meta_refresh(3, $redirect_url);
trigger_error($message);
}

47
phpBB/includes/ucp/ucp_prefs.php
View File

@@ -28,7 +28,7 @@ class ucp_prefs
switch ($mode)
{
case 'personal':
add_form_key('ucp_prefs_personal');
$data = array(
'notifymethod' => request_var('notifymethod', $user->data['user_notify_type']),
'dateformat' => request_var('dateformat', $user->data['user_dateformat'], true),
@@ -55,6 +55,11 @@ class ucp_prefs
'tz' => array('num', false, -14, 14),
));
if (!check_form_key('ucp_prefs_personal'))
{
$error[] = 'FORM_INVALID';
}
if (!sizeof($error))
{
$user->optionset('popuppm', $data['popuppm']);
@@ -140,6 +145,8 @@ class ucp_prefs
case 'view':
add_form_key('ucp_prefs_view');
$data = array(
'topic_sk' => request_var('topic_sk', (!empty($user->data['user_topic_sortby_type'])) ? $user->data['user_topic_sortby_type'] : 't'),
'topic_sd' => request_var('topic_sd', (!empty($user->data['user_topic_sortby_dir'])) ? $user->data['user_topic_sortby_dir'] : 'd'),
@@ -166,6 +173,11 @@ class ucp_prefs
'post_sd' => array('string', false, 1, 1),
));
if (!check_form_key('ucp_prefs_view'))
{
$error[] = 'FORM_INVALID';
}
if (!sizeof($error))
{
$user->optionset('viewimg', $data['images']);
@@ -276,25 +288,34 @@ class ucp_prefs
'sig' => request_var('sig', $user->optionget('attachsig')),
'notify' => request_var('notify', $user->data['user_notify']),
);
add_form_key('ucp_prefs_post');
if ($submit)
{
$user->optionset('bbcode', $data['bbcode']);
$user->optionset('smilies', $data['smilies']);
$user->optionset('attachsig', $data['sig']);
if (check_form_key('ucp_prefs_post'))
{
$user->optionset('bbcode', $data['bbcode']);
$user->optionset('smilies', $data['smilies']);
$user->optionset('attachsig', $data['sig']);
$sql_ary = array(
'user_options' => $user->data['user_options'],
'user_notify' => $data['notify'],
);
$sql_ary = array(
'user_options' => $user->data['user_options'],
'user_notify' => $data['notify'],
);
$sql = 'UPDATE ' . USERS_TABLE . '
SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
WHERE user_id = ' . $user->data['user_id'];
$db->sql_query($sql);
$sql = 'UPDATE ' . USERS_TABLE . '
SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
WHERE user_id = ' . $user->data['user_id'];
$db->sql_query($sql);
$msg = $user->lang['PREFERENCES_UPDATED'];
}
else
{
$msg = $user->lang['FORM_INVALID'];
}
meta_refresh(3, $this->u_action);
$message = $user->lang['PREFERENCES_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
$message = $msg . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
trigger_error($message);
}

43
phpBB/includes/ucp/ucp_profile.php
View File

@@ -44,6 +44,8 @@ class ucp_profile
'password_confirm' => request_var('password_confirm', '', true),
);
add_form_key('ucp_reg_details');
if ($submit)
{
// Do not check cur_password, it is the old one.
@@ -89,6 +91,11 @@ class ucp_profile
$error[] = 'NEW_EMAIL_ERROR';
}
if (!check_form_key('ucp_reg_details'))
{
$error[] = 'FORM_INVALID';
}
if (!sizeof($error))
{
$sql_ary = array(
@@ -224,7 +231,7 @@ class ucp_profile
trigger_error($message);
}
// Replace "error" strings with their real, localised form
$error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error);
}
@@ -282,6 +289,8 @@ class ucp_profile
$data['bday_year'] = request_var('bday_year', $data['bday_year']);
}
add_form_key('ucp_profile_info');
if ($submit)
{
$validate_array = array(
@@ -321,6 +330,11 @@ class ucp_profile
$error = array_merge($error, $cp_error);
}
if (!check_form_key('ucp_profile_info'))
{
$error[] = 'FORM_INVALID';
}
if (!sizeof($error))
{
$sql_ary = array(
@@ -446,6 +460,8 @@ class ucp_profile
$signature = utf8_normalize_nfc(request_var('signature', (string) $user->data['user_sig'], true));
add_form_key('ucp_sig');
if ($submit || $preview)
{
include($phpbb_root_path . 'includes/message_parser.' . $phpEx);
@@ -462,6 +478,11 @@ class ucp_profile
$error[] = implode('<br />', $message_parser->warn_msg);
}
if (!check_form_key('ucp_sig'))
{
$error[] = 'FORM_INVALID';
}
if (!sizeof($error) && $submit)
{
$sql_ary = array(
@@ -517,7 +538,7 @@ class ucp_profile
'S_BBCODE_FLASH' => ($config['allow_sig_flash']) ? true : false,
'S_LINKS_ALLOWED' => ($config['allow_sig_links']) ? true : false)
);
// Build custom bbcodes array
display_custom_bbcodes();
@@ -533,15 +554,23 @@ class ucp_profile
$can_upload = ($config['allow_avatar_upload'] && file_exists($phpbb_root_path . $config['avatar_path']) && @is_writable($phpbb_root_path . $config['avatar_path']) && $auth->acl_get('u_chgavatar') && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on')) ? true : false;
add_form_key('ucp_avatar');
if ($submit)
{
if (avatar_process_user($error))
if (check_form_key('ucp_avatar'))
{
meta_refresh(3, $this->u_action);
$message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
trigger_error($message);
if (avatar_process_user($error))
{
meta_refresh(3, $this->u_action);
$message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
trigger_error($message);
}
}
else
{
$error[] = 'FORM_INVALID';
}
// Replace "error" strings with their real, localised form
$error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error);
}

11
phpBB/includes/ucp/ucp_register.php
View File

@@ -36,6 +36,16 @@ class ucp_register
$change_lang = request_var('change_lang', '');
$user_lang = request_var('lang', $user->lang_name);
add_form_key('ucp_register');
// not so fast, buddy
if (($submit && !check_form_key('ucp_register', false, '', false, 5))
|| (!$submit && !check_form_key('ucp_register', false, '', false, 1)))
{
$agreed = false;
}
if ($change_lang || $user_lang != $config['default_lang'])
{
$use_lang = ($change_lang) ? basename($change_lang) : basename($user_lang);
@@ -122,6 +132,7 @@ class ucp_register
return;
}
// Try to manually determine the timezone and adjust the dst if the server date/time complies with the default setting +/- 1
$timezone = date('Z') / 3600;
$is_dst = date('I');

7
phpBB/includes/ucp/ucp_resend.php
View File

@@ -26,8 +26,15 @@ class ucp_resend
$email = strtolower(request_var('email', ''));
$submit = (isset($_POST['submit'])) ? true : false;
add_form_key('ucp_resend');
if ($submit)
{
if (!check_form_key('ucp_resend'))
{
trigger_error('FORM_INVALID');
}
$sql = 'SELECT user_id, group_id, username, user_email, user_type, user_lang, user_actkey, user_inactive_reason
FROM ' . USERS_TABLE . "
WHERE user_email = '" . $db->sql_escape($email) . "'