mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-30 21:40:43 +02:00
Code Issues Releases Wiki Activity

Ok, here comes a big one. Poor updater. Also requires testing.

Browse Source 
#i91
#i92
#i93
#i94
#i95
#i96


git-svn-id: file:///svn/phpbb/trunk@8120 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Henry Sudhof
2007-10-03 15:05:54 +00:00
parent 87e2e62c34
commit 4defd8a830
167 changed files with 998 additions and 399 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
phpBB/includes/ucp/ucp_groups.php
View File

@@ -393,6 +393,7 @@ class ucp_groups
$this->page_title = 'UCP_USERGROUPS_MANAGE';
$action = (isset($_POST['addusers'])) ? 'addusers' : request_var('action', '');
$group_id = request_var('g', 0);
add_form_key('ucp_groups');
if ($group_id)
{
@@ -552,6 +553,11 @@ class ucp_groups
}
}
if (!check_form_key('ucp_groups'))
{
$error[] = $user->lang['FORM_INVALID'];
}
if (!sizeof($error))
{
// Only set the rank, colour, etc. if it's changed or if we're adding a new

130
phpBB/includes/ucp/ucp_main.php
View File

@@ -194,41 +194,51 @@ class ucp_main
$user->add_lang('viewforum');
add_form_key('ucp_front_subscribed');
$unwatch = (isset($_POST['unwatch'])) ? true : false;
if ($unwatch)
{
$forums = array_keys(request_var('f', array(0 => 0)));
$topics = array_keys(request_var('t', array(0 => 0)));
if (sizeof($forums) || sizeof($topics))
if(check_form_key('ucp_front_subscribed'))
{
$l_unwatch = '';
if (sizeof($forums))
$forums = array_keys(request_var('f', array(0 => 0)));
$topics = array_keys(request_var('t', array(0 => 0)));
$msg = '';
if (sizeof($forums) || sizeof($topics))
{
$sql = 'DELETE FROM ' . FORUMS_WATCH_TABLE . '
WHERE ' . $db->sql_in_set('forum_id', $forums) . '
AND user_id = ' . $user->data['user_id'];
$db->sql_query($sql);
$l_unwatch = '';
if (sizeof($forums))
{
$sql = 'DELETE FROM ' . FORUMS_WATCH_TABLE . '
WHERE ' . $db->sql_in_set('forum_id', $forums) . '
AND user_id = ' . $user->data['user_id'];
$db->sql_query($sql);
$l_unwatch .= '_FORUMS';
}
if (sizeof($topics))
{
$sql = 'DELETE FROM ' . TOPICS_WATCH_TABLE . '
WHERE ' . $db->sql_in_set('topic_id', $topics) . '
AND user_id = ' . $user->data['user_id'];
$db->sql_query($sql);
$l_unwatch .= '_TOPICS';
}
$msg = $user->lang['UNWATCHED' . $l_unwatch];
$l_unwatch .= '_FORUMS';
}
if (sizeof($topics))
{
$sql = 'DELETE FROM ' . TOPICS_WATCH_TABLE . '
WHERE ' . $db->sql_in_set('topic_id', $topics) . '
AND user_id = ' . $user->data['user_id'];
$db->sql_query($sql);
$l_unwatch .= '_TOPICS';
}
$message = $user->lang['UNWATCHED' . $l_unwatch] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . append_sid("{$phpbb_root_path}ucp.$phpEx", "i=$id&amp;mode=subscribed") . '">', '</a>');
meta_refresh(3, append_sid("{$phpbb_root_path}ucp.$phpEx", "i=$id&amp;mode=subscribed"));
trigger_error($message);
}
else
{
$msg = $user->lang['FORM_INVALID'];
}
$message = $msg . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . append_sid("{$phpbb_root_path}ucp.$phpEx", "i=$id&amp;mode=subscribed") . '">', '</a>');
meta_refresh(3, append_sid("{$phpbb_root_path}ucp.$phpEx", "i=$id&amp;mode=subscribed"));
trigger_error($message);
}
$forbidden_forums = array();
@@ -418,53 +428,65 @@ class ucp_main
$s_hidden_fields = ($edit) ? '<input type="hidden" name="edit" value="' . $draft_id . '" />' : '';
$draft_subject = $draft_message = '';
add_form_key('ucp_draft');
if ($delete)
{
$drafts = array_keys(request_var('d', array(0 => 0)));
if (sizeof($drafts))
if (check_form_key('ucp_draft'))
{
$sql = 'DELETE FROM ' . DRAFTS_TABLE . '
WHERE ' . $db->sql_in_set('draft_id', $drafts) . '
AND user_id = ' . $user->data['user_id'];
$db->sql_query($sql);
$drafts = array_keys(request_var('d', array(0 => 0)));
$message = $user->lang['DRAFTS_DELETED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
meta_refresh(3, $this->u_action);
trigger_error($message);
if (sizeof($drafts))
{
$sql = 'DELETE FROM ' . DRAFTS_TABLE . '
WHERE ' . $db->sql_in_set('draft_id', $drafts) . '
AND user_id = ' . $user->data['user_id'];
$db->sql_query($sql);
}
$msg = $user->lang['DRAFTS_DELETED'];
unset($drafts);
}
unset($drafts);
else
{
$msg = $user->lang['FORM_INVALID'];
}
$message = $msg . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
meta_refresh(3, $this->u_action);
trigger_error($message);
}
if ($submit && $edit)
{
$draft_subject = utf8_normalize_nfc(request_var('subject', '', true));
$draft_message = utf8_normalize_nfc(request_var('message', '', true));
if ($draft_message && $draft_subject)
if (check_form_key('ucp_draft'))
{
$draft_row = array(
'draft_subject' => $draft_subject,
'draft_message' => $draft_message
);
if ($draft_message && $draft_subject)
{
$draft_row = array(
'draft_subject' => $draft_subject,
'draft_message' => $draft_message
);
$sql = 'UPDATE ' . DRAFTS_TABLE . '
SET ' . $db->sql_build_array('UPDATE', $draft_row) . "
WHERE draft_id = $draft_id
AND user_id = " . $user->data['user_id'];
$db->sql_query($sql);
$sql = 'UPDATE ' . DRAFTS_TABLE . '
SET ' . $db->sql_build_array('UPDATE', $draft_row) . "
WHERE draft_id = $draft_id
AND user_id = " . $user->data['user_id'];
$db->sql_query($sql);
$message = $user->lang['DRAFT_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
$message = $user->lang['DRAFT_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
meta_refresh(3, $this->u_action);
trigger_error($message);
meta_refresh(3, $this->u_action);
trigger_error($message);
}
else
{
$template->assign_var('ERROR', ($draft_message == '') ? $user->lang['EMPTY_DRAFT'] : (($draft_subject == '') ? $user->lang['EMPTY_DRAFT_TITLE'] : ''));
}
}
else
{
$template->assign_var('ERROR', ($draft_message == '') ? $user->lang['EMPTY_DRAFT'] : (($draft_subject == '') ? $user->lang['EMPTY_DRAFT_TITLE'] : ''));
$template->assign_var('ERROR', $user->lang['FORM_INVALID']);
}
}

5
phpBB/includes/ucp/ucp_pm_compose.php
View File

@@ -25,6 +25,7 @@ function compose_pm($id, $mode, $action)
{
$action = 'post';
}
add_form_key('ucp_pm_compose');
// Grab only parameters needed here
$to_user_id = request_var('u', 0);
@@ -532,6 +533,10 @@ function compose_pm($id, $mode, $action)
if ($submit || $preview || $refresh)
{
if (!check_form_key('ucp_pm_compose'))
{
$error[] = $user->lang['FORM_INVALID'];
}
$subject = utf8_normalize_nfc(request_var('subject', '', true));
$message_parser->message = utf8_normalize_nfc(request_var('message', '', true));

243
phpBB/includes/ucp/ucp_pm_options.php
View File

@@ -17,9 +17,11 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit
$redirect_url = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&amp;mode=options");
add_form_key('ucp_pm_options');
// Change "full folder" setting - what to do if folder is full
if (isset($_POST['fullfolder']))
{
check_form_key('ucp_pm_options', $config['form_token_lifetime'], $redirect_url);
$full_action = request_var('full_action', 0);
$set_folder_id = 0;
@@ -60,79 +62,94 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit
// Add Folder
if (isset($_POST['addfolder']))
{
$folder_name = utf8_normalize_nfc(request_var('foldername', '', true));
if ($folder_name)
if (check_form_key('ucp_pm_options'))
{
$sql = 'SELECT folder_name
FROM ' . PRIVMSGS_FOLDER_TABLE . "
WHERE folder_name = '" . $db->sql_escape($folder_name) . "'
AND user_id = " . $user->data['user_id'];
$result = $db->sql_query_limit($sql, 1);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$folder_name = utf8_normalize_nfc(request_var('foldername', '', true));
$msg = '';
if ($row)
if ($folder_name)
{
trigger_error(sprintf($user->lang['FOLDER_NAME_EXIST'], $folder_name));
$sql = 'SELECT folder_name
FROM ' . PRIVMSGS_FOLDER_TABLE . "
WHERE folder_name = '" . $db->sql_escape($folder_name) . "'
AND user_id = " . $user->data['user_id'];
$result = $db->sql_query_limit($sql, 1);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($row)
{
trigger_error(sprintf($user->lang['FOLDER_NAME_EXIST'], $folder_name));
}
$sql = 'SELECT COUNT(folder_id) as num_folder
FROM ' . PRIVMSGS_FOLDER_TABLE . '
WHERE user_id = ' . $user->data['user_id'];
$result = $db->sql_query($sql);
$num_folder = (int) $db->sql_fetchfield('num_folder');
$db->sql_freeresult($result);
if ($num_folder >= $config['pm_max_boxes'])
{
trigger_error('MAX_FOLDER_REACHED');
}
$sql = 'INSERT INTO ' . PRIVMSGS_FOLDER_TABLE . ' ' . $db->sql_build_array('INSERT', array(
'user_id' => (int) $user->data['user_id'],
'folder_name' => $folder_name)
);
$db->sql_query($sql);
$msg = $user->lang['FOLDER_ADDED'];
}
$sql = 'SELECT COUNT(folder_id) as num_folder
FROM ' . PRIVMSGS_FOLDER_TABLE . '
WHERE user_id = ' . $user->data['user_id'];
$result = $db->sql_query($sql);
$num_folder = (int) $db->sql_fetchfield('num_folder');
$db->sql_freeresult($result);
if ($num_folder >= $config['pm_max_boxes'])
{
trigger_error('MAX_FOLDER_REACHED');
}
$sql = 'INSERT INTO ' . PRIVMSGS_FOLDER_TABLE . ' ' . $db->sql_build_array('INSERT', array(
'user_id' => (int) $user->data['user_id'],
'folder_name' => $folder_name)
);
$db->sql_query($sql);
$message = $user->lang['FOLDER_ADDED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $redirect_url . '">', '</a>');
meta_refresh(3, $redirect_url);
trigger_error($message);
}
else
{
$msg = $user->lang['FORM_INVALID'];
}
$message = $msg . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $redirect_url . '">', '</a>');
meta_refresh(3, $redirect_url);
trigger_error($message);
}
// Rename folder
if (isset($_POST['rename_folder']))
{
$new_folder_name = utf8_normalize_nfc(request_var('new_folder_name', '', true));
$rename_folder_id= request_var('rename_folder_id', 0);
if (!$new_folder_name)
if (check_form_key('ucp_pm_options'))
{
trigger_error('NO_NEW_FOLDER_NAME');
$new_folder_name = utf8_normalize_nfc(request_var('new_folder_name', '', true));
$rename_folder_id= request_var('rename_folder_id', 0);
if (!$new_folder_name)
{
trigger_error('NO_NEW_FOLDER_NAME');
}
// Select custom folder
$sql = 'SELECT folder_name, pm_count
FROM ' . PRIVMSGS_FOLDER_TABLE . "
WHERE user_id = {$user->data['user_id']}
AND folder_id = $rename_folder_id";
$result = $db->sql_query_limit($sql, 1);
$folder_row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$folder_row)
{
trigger_error('CANNOT_RENAME_FOLDER');
}
$sql = 'UPDATE ' . PRIVMSGS_FOLDER_TABLE . "
SET folder_name = '" . $db->sql_escape($new_folder_name) . "'
WHERE folder_id = $rename_folder_id
AND user_id = {$user->data['user_id']}";
$db->sql_query($sql);
$msg = $user->lang['FOLDER_RENAMED'];
}
// Select custom folder
$sql = 'SELECT folder_name, pm_count
FROM ' . PRIVMSGS_FOLDER_TABLE . "
WHERE user_id = {$user->data['user_id']}
AND folder_id = $rename_folder_id";
$result = $db->sql_query_limit($sql, 1);
$folder_row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$folder_row)
else
{
trigger_error('CANNOT_RENAME_FOLDER');
$msg = $user->lang['FORM_INVALID'];
}
$sql = 'UPDATE ' . PRIVMSGS_FOLDER_TABLE . "
SET folder_name = '" . $db->sql_escape($new_folder_name) . "'
WHERE folder_id = $rename_folder_id
AND user_id = {$user->data['user_id']}";
$db->sql_query($sql);
$message = $user->lang['FOLDER_RENAMED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $redirect_url . '">', '</a>');
$message = $msg . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $redirect_url . '">', '</a>');
meta_refresh(3, $redirect_url);
trigger_error($message);
}
@@ -251,60 +268,68 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit
// Add Rule
if (isset($_POST['add_rule']))
{
$check_option = request_var('check_option', 0);
$rule_option = request_var('rule_option', 0);
$cond_option = request_var('cond_option', '');
$action_option = explode('|', request_var('action_option', ''));
$rule_string = ($cond_option != 'none') ? utf8_normalize_nfc(request_var('rule_string', '', true)) : '';
$rule_user_id = ($cond_option != 'none') ? request_var('rule_user_id', 0) : 0;
$rule_group_id = ($cond_option != 'none') ? request_var('rule_group_id', 0) : 0;
$action = (int) $action_option[0];
$folder_id = (int) $action_option[1];
if (!$action || !$check_option || !$rule_option || !$cond_option || ($cond_option != 'none' && !$rule_string))
if(check_form_key('ucp_pm_options'))
{
trigger_error('RULE_NOT_DEFINED');
}
$check_option = request_var('check_option', 0);
$rule_option = request_var('rule_option', 0);
$cond_option = request_var('cond_option', '');
$action_option = explode('|', request_var('action_option', ''));
$rule_string = ($cond_option != 'none') ? utf8_normalize_nfc(request_var('rule_string', '', true)) : '';
$rule_user_id = ($cond_option != 'none') ? request_var('rule_user_id', 0) : 0;
$rule_group_id = ($cond_option != 'none') ? request_var('rule_group_id', 0) : 0;
if (($cond_option == 'user' && !$rule_user_id) || ($cond_option == 'group' && !$rule_group_id))
$action = (int) $action_option[0];
$folder_id = (int) $action_option[1];
if (!$action || !$check_option || !$rule_option || !$cond_option || ($cond_option != 'none' && !$rule_string))
{
trigger_error('RULE_NOT_DEFINED');
}
if (($cond_option == 'user' && !$rule_user_id) || ($cond_option == 'group' && !$rule_group_id))
{
trigger_error('RULE_NOT_DEFINED');
}
$rule_ary = array(
'user_id' => $user->data['user_id'],
'rule_check' => $check_option,
'rule_connection' => $rule_option,
'rule_string' => $rule_string,
'rule_user_id' => $rule_user_id,
'rule_group_id' => $rule_group_id,
'rule_action' => $action,
'rule_folder_id' => $folder_id
);
$sql = 'SELECT rule_id
FROM ' . PRIVMSGS_RULES_TABLE . '
WHERE ' . $db->sql_build_array('SELECT', $rule_ary);
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($row)
{
trigger_error('RULE_ALREADY_DEFINED');
}
$sql = 'INSERT INTO ' . PRIVMSGS_RULES_TABLE . ' ' . $db->sql_build_array('INSERT', $rule_ary);
$db->sql_query($sql);
// Update users message rules
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_message_rules = 1
WHERE user_id = ' . $user->data['user_id'];
$db->sql_query($sql);
$msg = $user->lang['RULE_ADDED'];
}
else
{
trigger_error('RULE_NOT_DEFINED');
$msg = $user->lang['FORM_INVALID'];
}
$rule_ary = array(
'user_id' => $user->data['user_id'],
'rule_check' => $check_option,
'rule_connection' => $rule_option,
'rule_string' => $rule_string,
'rule_user_id' => $rule_user_id,
'rule_group_id' => $rule_group_id,
'rule_action' => $action,
'rule_folder_id' => $folder_id
);
$sql = 'SELECT rule_id
FROM ' . PRIVMSGS_RULES_TABLE . '
WHERE ' . $db->sql_build_array('SELECT', $rule_ary);
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($row)
{
trigger_error('RULE_ALREADY_DEFINED');
}
$sql = 'INSERT INTO ' . PRIVMSGS_RULES_TABLE . ' ' . $db->sql_build_array('INSERT', $rule_ary);
$db->sql_query($sql);
// Update users message rules
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_message_rules = 1
WHERE user_id = ' . $user->data['user_id'];
$db->sql_query($sql);
$message = $user->lang['RULE_ADDED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $redirect_url . '">', '</a>');
$message = $msg . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $redirect_url . '">', '</a>');
meta_refresh(3, $redirect_url);
trigger_error($message);
}

47
phpBB/includes/ucp/ucp_prefs.php
View File

@@ -28,7 +28,7 @@ class ucp_prefs
switch ($mode)
{
case 'personal':
add_form_key('ucp_prefs_personal');
$data = array(
'notifymethod' => request_var('notifymethod', $user->data['user_notify_type']),
'dateformat' => request_var('dateformat', $user->data['user_dateformat'], true),
@@ -55,6 +55,11 @@ class ucp_prefs
'tz' => array('num', false, -14, 14),
));
if (!check_form_key('ucp_prefs_personal'))
{
$error[] = 'FORM_INVALID';
}
if (!sizeof($error))
{
$user->optionset('popuppm', $data['popuppm']);
@@ -140,6 +145,8 @@ class ucp_prefs
case 'view':
add_form_key('ucp_prefs_view');
$data = array(
'topic_sk' => request_var('topic_sk', (!empty($user->data['user_topic_sortby_type'])) ? $user->data['user_topic_sortby_type'] : 't'),
'topic_sd' => request_var('topic_sd', (!empty($user->data['user_topic_sortby_dir'])) ? $user->data['user_topic_sortby_dir'] : 'd'),
@@ -166,6 +173,11 @@ class ucp_prefs
'post_sd' => array('string', false, 1, 1),
));
if (!check_form_key('ucp_prefs_view'))
{
$error[] = 'FORM_INVALID';
}
if (!sizeof($error))
{
$user->optionset('viewimg', $data['images']);
@@ -276,25 +288,34 @@ class ucp_prefs
'sig' => request_var('sig', $user->optionget('attachsig')),
'notify' => request_var('notify', $user->data['user_notify']),
);
add_form_key('ucp_prefs_post');
if ($submit)
{
$user->optionset('bbcode', $data['bbcode']);
$user->optionset('smilies', $data['smilies']);
$user->optionset('attachsig', $data['sig']);
if (check_form_key('ucp_prefs_post'))
{
$user->optionset('bbcode', $data['bbcode']);
$user->optionset('smilies', $data['smilies']);
$user->optionset('attachsig', $data['sig']);
$sql_ary = array(
'user_options' => $user->data['user_options'],
'user_notify' => $data['notify'],
);
$sql_ary = array(
'user_options' => $user->data['user_options'],
'user_notify' => $data['notify'],
);
$sql = 'UPDATE ' . USERS_TABLE . '
SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
WHERE user_id = ' . $user->data['user_id'];
$db->sql_query($sql);
$sql = 'UPDATE ' . USERS_TABLE . '
SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
WHERE user_id = ' . $user->data['user_id'];
$db->sql_query($sql);
$msg = $user->lang['PREFERENCES_UPDATED'];
}
else
{
$msg = $user->lang['FORM_INVALID'];
}
meta_refresh(3, $this->u_action);
$message = $user->lang['PREFERENCES_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
$message = $msg . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
trigger_error($message);
}

43
phpBB/includes/ucp/ucp_profile.php
View File

@@ -44,6 +44,8 @@ class ucp_profile
'password_confirm' => request_var('password_confirm', '', true),
);
add_form_key('ucp_reg_details');
if ($submit)
{
// Do not check cur_password, it is the old one.
@@ -89,6 +91,11 @@ class ucp_profile
$error[] = 'NEW_EMAIL_ERROR';
}
if (!check_form_key('ucp_reg_details'))
{
$error[] = 'FORM_INVALID';
}
if (!sizeof($error))
{
$sql_ary = array(
@@ -224,7 +231,7 @@ class ucp_profile
trigger_error($message);
}
// Replace "error" strings with their real, localised form
$error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error);
}
@@ -282,6 +289,8 @@ class ucp_profile
$data['bday_year'] = request_var('bday_year', $data['bday_year']);
}
add_form_key('ucp_profile_info');
if ($submit)
{
$validate_array = array(
@@ -321,6 +330,11 @@ class ucp_profile
$error = array_merge($error, $cp_error);
}
if (!check_form_key('ucp_profile_info'))
{
$error[] = 'FORM_INVALID';
}
if (!sizeof($error))
{
$sql_ary = array(
@@ -446,6 +460,8 @@ class ucp_profile
$signature = utf8_normalize_nfc(request_var('signature', (string) $user->data['user_sig'], true));
add_form_key('ucp_sig');
if ($submit || $preview)
{
include($phpbb_root_path . 'includes/message_parser.' . $phpEx);
@@ -462,6 +478,11 @@ class ucp_profile
$error[] = implode('<br />', $message_parser->warn_msg);
}
if (!check_form_key('ucp_sig'))
{
$error[] = 'FORM_INVALID';
}
if (!sizeof($error) && $submit)
{
$sql_ary = array(
@@ -517,7 +538,7 @@ class ucp_profile
'S_BBCODE_FLASH' => ($config['allow_sig_flash']) ? true : false,
'S_LINKS_ALLOWED' => ($config['allow_sig_links']) ? true : false)
);
// Build custom bbcodes array
display_custom_bbcodes();
@@ -533,15 +554,23 @@ class ucp_profile
$can_upload = ($config['allow_avatar_upload'] && file_exists($phpbb_root_path . $config['avatar_path']) && @is_writable($phpbb_root_path . $config['avatar_path']) && $auth->acl_get('u_chgavatar') && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on')) ? true : false;
add_form_key('ucp_avatar');
if ($submit)
{
if (avatar_process_user($error))
if (check_form_key('ucp_avatar'))
{
meta_refresh(3, $this->u_action);
$message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
trigger_error($message);
if (avatar_process_user($error))
{
meta_refresh(3, $this->u_action);
$message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
trigger_error($message);
}
}
else
{
$error[] = 'FORM_INVALID';
}
// Replace "error" strings with their real, localised form
$error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error);
}

11
phpBB/includes/ucp/ucp_register.php
View File

@@ -36,6 +36,16 @@ class ucp_register
$change_lang = request_var('change_lang', '');
$user_lang = request_var('lang', $user->lang_name);
add_form_key('ucp_register');
// not so fast, buddy
if (($submit && !check_form_key('ucp_register', false, '', false, 5))
|| (!$submit && !check_form_key('ucp_register', false, '', false, 1)))
{
$agreed = false;
}
if ($change_lang || $user_lang != $config['default_lang'])
{
$use_lang = ($change_lang) ? basename($change_lang) : basename($user_lang);
@@ -122,6 +132,7 @@ class ucp_register
return;
}
// Try to manually determine the timezone and adjust the dst if the server date/time complies with the default setting +/- 1
$timezone = date('Z') / 3600;
$is_dst = date('I');

7
phpBB/includes/ucp/ucp_resend.php
View File

@@ -26,8 +26,15 @@ class ucp_resend
$email = strtolower(request_var('email', ''));
$submit = (isset($_POST['submit'])) ? true : false;
add_form_key('ucp_resend');
if ($submit)
{
if (!check_form_key('ucp_resend'))
{
trigger_error('FORM_INVALID');
}
$sql = 'SELECT user_id, group_id, username, user_email, user_type, user_lang, user_actkey, user_inactive_reason
FROM ' . USERS_TABLE . "
WHERE user_email = '" . $db->sql_escape($email) . "'