mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-05-05 23:25:30 +02:00
Code Issues Releases Wiki Activity

More varied changes, again hopefully not breaking anything

Browse Source 
git-svn-id: file:///svn/phpbb/trunk@824 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2001-08-09 22:21:55 +00:00
parent 5f31c03802
commit 56772bb75a
4 changed files with 252 additions and 165 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
phpBB/common.php
View File

@ -22,6 +22,35 @@
*
***************************************************************************/
error_reporting (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables
set_magic_quotes_runtime(0); // Disable magic_quotes_runtime
//
// addslashes to vars if magic_quotes_gpc is off
// this is a security precaution to prevent someone
// trying to break out of a SQL statement.
//
if( !get_magic_quotes_gpc() )
{
@reset($HTTP_GET_VARS);
while( list($k, $v) = each($HTTP_GET_VARS) )
{
$HTTP_GET_VARS[$k] = addslashes($v);
}
@reset($HTTP_POST_VARS);
while( list($k, $v) = each($HTTP_POST_VARS) )
{
$HTTP_POST_VARS[$k] = addslashes($v);
}
@reset($HTTP_COOKIE_VARS);
while( list($k, $v) = each($HTTP_COOKIE_VARS) )
{
$HTTP_COOKIE_VARS[$k] = addslashes($v);
}
}
//
// Define some basic configuration arrays this also prevents
// malicious rewriting of language and otherarray values via
@ -93,6 +122,7 @@ else
$board_config['board_startdate'] = $config['board_startdate'];
$board_config['sitename'] = stripslashes($config['sitename']);
$board_config['allow_html'] = $config['allow_html'];
$board_config['allow_html_tags'] = split(",", $config['allow_html_tags']);
$board_config['allow_bbcode'] = $config['allow_bbcode'];
$board_config['allow_smilies'] = $config['allow_smilies'];
$board_config['allow_sig'] = $config['allow_sig'];
@ -115,21 +145,22 @@ else
$board_config['flood_interval'] = $config['flood_interval'];
$board_config['session_length'] = $config['session_length'];
// $board_config['session_max'] = $config['session_max'];
$board_config['cookie_name'] = $config['cookie_name'];
$board_config['cookie_path'] = $config['cookie_path'];
$board_config['cookie_domain'] = $config['cookie_domain'];
$board_config['cookie_name'] = stripslashes($config['cookie_name']);
$board_config['cookie_path'] = stripslashes($config['cookie_path']);
$board_config['cookie_domain'] = stripslashes($config['cookie_domain']);
$board_config['cookie_secure'] = $config['cookie_secure'];
$board_config['avatar_filesize'] = $config['avatar_filesize'];
$board_config['avatar_max_width'] = $config['avatar_max_width'];
$board_config['avatar_max_height'] = $config['avatar_max_height'];
$board_config['avatar_path'] = $config['avatar_path'];
$board_config['avatar_path'] = stripslashes($config['avatar_path']);
$board_config['smilies_path'] = stripslashes($config['smilies_path']);
$board_config['prune_enable'] = $config['prune_enable'];
$board_config['gzip_compress'] = $config['gzip_compress'];
$board_config['smtp_delivery'] = $config['smtp_delivery'];
$board_config['smtp_host'] = $config['smtp_host'];
$board_config['smtp_host'] = stripslashes($config['smtp_host']);
}
if($board_config['board_disable'])
if($board_config['board_disable'] && !defined("IN_ADMIN"))
{
include($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '.'.$phpEx);

221
phpBB/posting.php
View File

@ -344,8 +344,8 @@ if( ( isset($HTTP_POST_VARS['submit']) || $preview ) && $topic_status == TOPIC_U
//
if(isset($HTTP_POST_VARS['username']))
{
$username = trim(strip_tags(htmlspecialchars(stripslashes($HTTP_POST_VARS['username']))));
if(!validate_username($username))
$username = trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['username'])));
if(!validate_username(stripslashes($username)))
{
$error = TRUE;
if(!empty($error_msg))
@ -360,7 +360,7 @@ if( ( isset($HTTP_POST_VARS['submit']) || $preview ) && $topic_status == TOPIC_U
$username = "";
}
$subject = trim(strip_tags(htmlspecialchars(stripslashes($HTTP_POST_VARS['subject']))));
$subject = trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['subject'])));
if($mode == 'newtopic' && empty($subject))
{
$error = TRUE;
@ -371,29 +371,16 @@ if( ( isset($HTTP_POST_VARS['submit']) || $preview ) && $topic_status == TOPIC_U
$error_msg .= $lang['Empty_subject'];
}
//
// You can't make it both an annoumcement and a stick topic
//
if($annouce && $sticky)
{
$error = TRUE;
if(!empty($error_msg))
{
$error_msg .= "<br />";
}
$error_msg .= $lang['Annouce_and_sticky'];
}
if(!empty($HTTP_POST_VARS['message']))
{
if(!$error && !$preview)
{
$smile_on = ($disable_smilies) ? FALSE : TRUE;
$html_on = ($disable_html) ? FALSE : TRUE;
$smile_on = ($disable_smilies || !$board_config['allow_smilies']) ? 0 : TRUE;
$html_on = ($disable_html || !$board_config['allow_html']) ? 0 : TRUE;
if($disable_bbcode)
if($disable_bbcode || !$board_config['allow_bbcode'])
{
$bbcode_on = FALSE;
$bbcode_on = 0;
}
else
{
@ -401,17 +388,20 @@ if( ( isset($HTTP_POST_VARS['submit']) || $preview ) && $topic_status == TOPIC_U
$bbcode_on = TRUE;
}
//
// prepare_message returns a bbcode parsed
// html parsed and slashed result ...
//
$message = prepare_message(stripslashes($HTTP_POST_VARS['message']), $html_on, $bbcode_on, $smile_on, $bbcode_uid);
if( $attach_sig )
{
$message .= (eregi(" $", $message)) ? "[addsig]" : " [addsig]";
$message .= (ereg(" $", $message)) ? "[addsig]" : " [addsig]";
}
}
else
else
{
// do stripslashes incase magic_quotes is on.
$message = stripslashes($HTTP_POST_VARS['message']);
$message = stripslashes(trim($HTTP_POST_VARS['message']));
}
}
else
@ -445,6 +435,7 @@ if( ($mode == "newtopic" || $mode == "reply") && $topic_status == TOPIC_UNLOCKED
else if($mode == "newtopic")
{
$topic_notify = ($HTTP_POST_VARS['notify']) ? 1 : 0;
$sql = "INSERT INTO " . TOPICS_TABLE . " (topic_title, topic_poster, topic_time, forum_id, topic_notify, topic_status, topic_type)
VALUES ('$subject', " . $userdata['user_id'] . ", " . $topic_time . ", $forum_id, $topic_notify, " . TOPIC_UNLOCKED . ", $topic_type)";
@ -460,9 +451,8 @@ if( ($mode == "newtopic" || $mode == "reply") && $topic_status == TOPIC_UNLOCKED
if($mode == "reply" || ( $mode == "newtopic" && $result ) )
{
$enable_smiles = ($smile_on) ? 1 : 0;
$sql = "INSERT INTO " . POSTS_TABLE . " (topic_id, forum_id, poster_id, post_username, post_time, poster_ip, bbcode_uid, enable_smiles)
VALUES ($new_topic_id, $forum_id, " . $userdata['user_id'] . ", '$username', $topic_time, '$user_ip', '$bbcode_uid', $enable_smiles)";
$sql = "INSERT INTO " . POSTS_TABLE . " (topic_id, forum_id, poster_id, post_username, post_time, poster_ip, bbcode_uid, enable_bbcode, enable_html, enable_smilies)
VALUES ($new_topic_id, $forum_id, " . $userdata['user_id'] . ", '$username', $topic_time, '$user_ip', '$bbcode_uid', $bbcode_on, $html_on, $smile_on)";
if($mode == "reply")
{
$result = $db->sql_query($sql, BEGIN_TRANSACTION);
@ -517,29 +507,44 @@ if( ($mode == "newtopic" || $mode == "reply") && $topic_status == TOPIC_UNLOCKED
}
else
{
if(SQL_LAYER == "mysql")
{
}
message_die(GENERAL_ERROR, "Error updating users table", "", __LINE__, __FILE__, $sql);
}
}
else
{
if(SQL_LAYER == "mysql")
{
}
// Rollback ?
message_die(GENERAL_ERROR, "Error updating forums table", "", __LINE__, __FILE__, $sql);
}
}
else
{
if(SQL_LAYER == "mysql")
{
}
// Rollback ?
message_die(GENERAL_ERROR, "Error updating topics table", "", __LINE__, __FILE__, $sql);
}
}
else
{
if(SQL_LAYER == "mysql")
{
}
// Rollback ?
message_die(GENERAL_ERROR, "Error inserting data into posts text table", "", __LINE__, __FILE__, $sql);
}
}
else
{
if(SQL_LAYER == "mysql")
{
}
// Rollback ?
message_die(GENERAL_ERROR, "Error inserting data into posts table", "", __LINE__, __FILE__, $sql);
}
@ -575,9 +580,6 @@ else if($mode == "quote" && !$preview && $topic_status == TOPIC_UNLOCKED)
// Removes UID from BBCode entries
$message = preg_replace("/\:[0-9a-z\:]*?\]/si", "]", $message);
// This has not been implemented yet!
//$message = desmile($message);
$message = str_replace("<br />", "\n", $message);
$message = undo_htmlspecialchars($message);
@ -637,7 +639,7 @@ else if( $mode == "editpost" && $topic_status == TOPIC_UNLOCKED )
!isset($HTTP_GET_VARS['confirm']) && !isset($HTTP_POST_VARS['confirm']))
{
$s_hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '"><input type="hidden" name="' . POST_TOPIC_URL . '" value="'. $topic_id . '"><input type="hidden" name="' . POST_POST_URL . '" value="' . $post_id . '"><input type="hidden" name="delete" value="true">';
$s_hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" /><input type="hidden" name="' . POST_TOPIC_URL . '" value="'. $topic_id . '" /><input type="hidden" name="' . POST_POST_URL . '" value="' . $post_id . '" /><input type="hidden" name="delete" value="true" />';
//
// Output confirmation page
@ -691,6 +693,9 @@ else if( $mode == "editpost" && $topic_status == TOPIC_UNLOCKED )
}
else
{
if(SQL_LAYER == "mysql")
{
}
// Rollback ?
message_die(GENERAL_ERROR, "Error deleting from post table", "", __LINE__, __FILE__, $sql);
}
@ -721,12 +726,18 @@ else if( $mode == "editpost" && $topic_status == TOPIC_UNLOCKED )
}
else
{
if(SQL_LAYER == "mysql")
{
}
// Rollback ?
message_die(GENERAL_ERROR, "Error obtaining new last topic id", "", __LINE__, __FILE__, $sql);
}
}
else
{
if(SQL_LAYER == "mysql")
{
}
// Rollback ?
message_die(GENERAL_ERROR, "Error deleting from post table", "", __LINE__, __FILE__, $sql);
}
@ -792,6 +803,9 @@ else if( $mode == "editpost" && $topic_status == TOPIC_UNLOCKED )
}
else
{
if(SQL_LAYER == "mysql")
{
}
// Rollback ?
message_die(GENERAL_ERROR, "Error updating forums table", "", __LINE__, __FILE__, $sql);
}
@ -802,12 +816,18 @@ else if( $mode == "editpost" && $topic_status == TOPIC_UNLOCKED )
// This error is produced by the last SQL query carried out
// before we jumped into this common block
//
if(SQL_LAYER == "mysql")
{
}
// Rollback ?
message_die(GENERAL_ERROR, $if_die_msg, "", __LINE__, __FILE__, $sql);
}
}
else
{
if(SQL_LAYER == "mysql")
{
}
// Rollback ?
message_die(GENERAL_ERROR, "Error deleting from posts text table", "", __LINE__, __FILE__, $sql);
}
@ -831,9 +851,9 @@ else if( $mode == "editpost" && $topic_status == TOPIC_UNLOCKED )
{
$edited_sql = "";
}
$enable_smiles = ($smile_on) ? 1 : 0;
$sql = "UPDATE " . POSTS_TABLE . "
SET bbcode_uid = '$bbcode_uid', enable_smiles=$enable_smiles" . $edited_sql . "
SET bbcode_uid = '$bbcode_uid', enable_bbcode = $bbcode_on, enable_html = $html_on, enable_smilies = $smile_on" . $edited_sql . "
WHERE post_id = $post_id";
if($db->sql_query($sql, BEGIN_TRANSACTION))
@ -864,9 +884,18 @@ else if( $mode == "editpost" && $topic_status == TOPIC_UNLOCKED )
}
else
{
if(SQL_LAYER == "mysql")
{
}
message_die(GENERAL_ERROR, "Updating topics table", "", __LINE__, __FILE__, $sql);
}
}
else
{
if(SQL_LAYER == "mysql")
{
}
}
}
else
{
@ -881,12 +910,18 @@ else if( $mode == "editpost" && $topic_status == TOPIC_UNLOCKED )
}
else
{
if(SQL_LAYER == "mysql")
{
}
message_die(GENERAL_ERROR, "Error updating posts text table", "", __LINE__, __FILE__, $sql);
}
}
}
else
{
if(SQL_LAYER == "mysql")
{
}
message_die(GENERAL_ERROR, "Error updating posts text table", "", __LINE__, __FILE__, $sql);
}
}
@ -936,9 +971,6 @@ else if( $mode == "editpost" && $topic_status == TOPIC_UNLOCKED )
// Removes UID from BBCode entries
$message = preg_replace("/\:[0-9a-z\:]*?\]/si", "]", $message);
// This has not been implemented yet!
//$message = desmile($message);
$message = str_replace("<br />", "\n", $message);
$message = undo_htmlspecialchars($message);
@ -978,10 +1010,24 @@ else if( $mode == "editpost" && $topic_status == TOPIC_UNLOCKED )
//
// Output page
//
if($mode == "newtopic")
{
$post_a = $lang['Post_a_new_topic'];
}
else if($mode == "reply")
{
$post_a = $lang['Post_a_reply'];
}
else if($mode == "editpost")
{
$post_a = $lang['Edit_Post'];
}
$page_title = $post_a;
include($phpbb_root_path . 'includes/page_header.'.$phpEx);
//
// Start: Error handling
// Start Error handling
//
if($error)
{
@ -994,12 +1040,12 @@ if($error)
$template->pparse("reg_header");
}
//
// End: error handling
// End error handling
//
if(empty($username))
{
$username = $userdata['username'];
$username = stripslashes($userdata['username']);
}
//
@ -1018,21 +1064,39 @@ if($preview && !$error)
break;
}
$bbcode_uid = make_bbcode_uid();
$preview_message = prepare_message($message, TRUE, TRUE, TRUE, $bbcode_uid);
$preview_message = bbencode_second_pass($preview_message, $bbcode_uid);
$preview_smile_on = ($disable_smilies) ? FALSE : TRUE;
$preview_html_on = ($disable_html) ? FALSE : TRUE;
$preview_html_on = TRUE;
if($disable_bbcode)
{
$preview_bbcode_on = FALSE;
}
else
{
$bbcode_uid = make_bbcode_uid();
$preview_bbcode_on = TRUE;
}
$preview_message = stripslashes(prepare_message($message, $preview_html_on, $preview_bbcode_on, $preview_smile_on, $bbcode_uid));
if(!$disable_bbcode)
{
$preview_message = bbencode_second_pass($preview_message, $bbcode_uid);
}
$preview_message = make_clickable($preview_message);
$preview_message = str_replace("\n", "<br />", $preview_message);
$template->set_filenames(array(
"preview" => "posting_preview.tpl")
);
$template->assign_vars(array(
"TOPIC_TITLE" => $subject,
"POST_SUBJECT" => $subject,
"TOPIC_TITLE" => stripslashes($subject),
"POST_SUBJECT" => stripslashes($subject),
"ROW_COLOR" => "#" . $theme['td_color1'],
"POSTER_NAME" => $username,
"ROW_CLASS" => $theme['td_class1'],
"POSTER_NAME" => stripslashes($username),
"POST_DATE" => create_date($board_config['default_dateformat'], time(), $board_config['default_timezone']),
"MESSAGE" => stripslashes(nl2br($preview_message)),
"MESSAGE" => $preview_message,
"L_PREVIEW" => $lang['Preview'],
"L_POSTED" => $lang['Posted'])
@ -1061,38 +1125,18 @@ if(!$result = $db->sql_query($sql))
$forum_info = $db->sql_fetchrow($result);
$forum_name = stripslashes($forum_info['forum_name']);
$template->set_filenames(array(
"body" => "posting_body.tpl",
"jumpbox" => "jumpbox.tpl")
);
$jumpbox = make_jumpbox();
$template->assign_vars(array(
"JUMPBOX_LIST" => $jumpbox,
"SELECT_NAME" => POST_FORUM_URL)
);
$template->assign_var_from_handle("JUMPBOX", "jumpbox");
$template->assign_vars(array(
"FORUM_ID" => $forum_id,
"FORUM_NAME" => $forum_name,
"L_POSTNEWIN" => $section_title,
"U_VIEW_FORUM" => append_sid("viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id"))
);
if($userdata['session_logged_in'])
{
$username_input = $userdata["username"];
$username_input = stripslashes($userdata["username"]);
$password_input = "";
}
else
{
$username_input = '<input type="text" name="username" value="' . $username . '" size="25" maxlength="50">';
$password_input = '<input type="password" name="password" size="25" maxlenght="40">';
$password_input = '<input type="password" name="password" size="25" maxlength="40">';
}
$subject_input = '<input type="text" name="subject" value="'.$subject.'" size="50" maxlength="255">';
$message_input = '<textarea name="message" rows="10" cols="40" wrap="virtual">'.$message.'</textarea>';
$subject_input = '<input type="text" name="subject" value="' . stripslashes($subject) . '" size="50" maxlength="255">';
$message_input = '<textarea name="message" rows="10" cols="40" wrap="virtual">' . $message . '</textarea>';
if($board_config['allow_html'])
{
@ -1157,7 +1201,7 @@ if($mode == 'newtopic' || ( $mode == 'editpost' && $is_first_post ) )
{
$announce_toggle .= ' checked';
}
$announce_toggle .= '> ' . $lang['Post_Annoucement'] . '&nbsp;&nbsp;';
$announce_toggle .= '> ' . $lang['Post_Announcement'] . '&nbsp;&nbsp;';
}
if($is_auth['auth_sticky'])
@ -1222,19 +1266,26 @@ else if($mode == "editpost")
}
$hidden_form_fields .= "<input type=\"hidden\" name=\"mode\" value=\"$mode\">";
if($mode == "newtopic")
{
$post_a = $lang['Post_a_new_topic'];
}
else if($mode == "reply")
{
$post_a = $lang['Post_a_reply'];
}
else if($mode == "editpost")
{
$post_a = $lang['Edit_Post'];
}
$template->set_filenames(array(
"body" => "posting_body.tpl",
"jumpbox" => "jumpbox.tpl")
);
$jumpbox = make_jumpbox();
$template->assign_vars(array(
"JUMPBOX_LIST" => $jumpbox,
"SELECT_NAME" => POST_FORUM_URL)
);
$template->assign_var_from_handle("JUMPBOX", "jumpbox");
$template->assign_vars(array(
"FORUM_ID" => $forum_id,
"FORUM_NAME" => $forum_name,
"L_POSTNEWIN" => $section_title,
"U_VIEW_FORUM" => append_sid("viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id"))
);
$template->assign_vars(array(
"USERNAME_INPUT" => $username_input,
"PASSWORD_INPUT" => $password_input,
@ -1273,4 +1324,4 @@ $template->pparse("body");
include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
?>
?>

28
phpBB/profile.php
View File

@ -160,7 +160,7 @@ if(isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']))
"YIM_IMG" => $yim_img,
"WEBSITE" => ( ($profiledata['user_website']) ? stripslashes($profiledata['user_website']) : "&nbsp;" ),
"WEBSITE_IMG" => $www_img,
"LOCATION" => ( ($profiledatas['user_from']) ? stripslashes($profiledata['user_from']) : "&nbsp;" ),
"LOCATION" => ( ($profiledata['user_from']) ? stripslashes($profiledata['user_from']) : "&nbsp;" ),
"OCCUPATION" => ( ($profiledata['user_occ']) ? stripslashes($profiledata['user_occ']) : "&nbsp;" ),
"INTERESTS" => ( ($profiledata['user_interests']) ? stripslashes($profiledata['user_interests']) : "&nbsp;" ),
"AVATAR_IMG" => $avatar_img,
@ -331,7 +331,7 @@ if(isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']))
for($i = 0; $i < count($ban_email_list); $i++)
{
$match_email = str_replace("*@", ".*@", $ban_email_list[$i]['ban_email']);
if( eregi("^" . $match_email . "$", $email) )
if( preg_match("/^" . $match_email . "$/is", $email) )
{
$error = TRUE;
if(isset($error_msg))
@ -767,21 +767,21 @@ if(isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']))
else if($mode == "editprofile")
{
$user_id = $userdata['user_id'];
$username = stripslashes($userdata['username']);
$username = $userdata['username'];
$email = $userdata['user_email'];
$password = "";
$password_confirm = "";
$icq = $userdata['user_icq'];
$aim = stripslashes($userdata['user_aim']);
$msn = stripslashes($userdata['user_msnm']);
$yim = stripslashes($userdata['user_yim']);
$aim = $userdata['user_aim'];
$msn = $userdata['user_msnm'];
$yim = $userdata['user_yim'];
$website = stripslashes($userdata['user_website']);
$location = stripslashes($userdata['user_from']);
$occupation = stripslashes($userdata['user_occ']);
$interests = stripslashes($userdata['user_interests']);
$signature = stripslashes($userdata['user_sig']);
$website = $userdata['user_website'];
$location = $userdata['user_from'];
$occupation = $userdata['user_occ'];
$interests = $userdata['user_interests'];
$signature = $userdata['user_sig'];
$viewemail = $userdata['user_viewemail'];
$notifypm = $userdata['user_notify_pm'];
@ -861,13 +861,13 @@ if(isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']))
"ALWAYS_ALLOW_SMILIES_YES" => ($allowsmilies) ? "checked=\"checked\"" : "",
"ALWAYS_ALLOW_SMILIES_NO" => (!$allowsmilies) ? "checked=\"checked\"" : "",
"ALLOW_AVATAR" => $board_config['allow_avatar_upload'],
"AVATAR" => ($user_avatar != "") ? "<img src=\"".$board_config['avatar_path']."/$user_avatar\" alt=\"\" />" : "",
"AVATAR" => ($user_avatar != "") ? "<img src=\"" . $board_config['avatar_path'] . "/" . stripslashes($user_avatar) . "\" alt=\"\" />" : "",
"AVATAR_SIZE" => $board_config['avatar_filesize'],
"LANGUAGE_SELECT" => language_select($user_lang),
"LANGUAGE_SELECT" => language_select(stripslashes($user_lang)),
"THEME_SELECT" => theme_select($user_theme),
"TIMEZONE_SELECT" => tz_select($user_timezone),
"DATE_FORMAT" => stripslashes($user_dateformat),
"TEMPLATE_SELECT" => template_select($user_template),
"TEMPLATE_SELECT" => template_select(stripslashes($user_template)),
"HTML_STATUS" => $html_status,
"BBCODE_STATUS" => $bbcode_status,
"SMILIES_STATUS" => $smilies_status,

125
phpBB/viewtopic.php
View File

@ -25,18 +25,13 @@ include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);
include($phpbb_root_path . 'includes/bbcode.'.$phpEx);
//
// Begin function to parse Smilies :)
// Start functions
//
function smilies_pass($message)
{
global $db, $smilies_url;
global $db, $board_config;
static $smilies;
if(empty($smilies_url))
{
$smilies_url = "images/smilies";
}
if(empty($smilies))
{
@ -53,8 +48,9 @@ function smilies_pass($message)
$orig[] = "'([\s\.\>\
])" . preg_quote($smilies[$i]['code']) . "([\s\.\
])'si";
$repl[] = '\1<img src="'. $smilies_url . '/' . $smilies[$i]['smile_url'] . '" alt="' . $smilies[$i]['smile_url'] . '">\2';
$repl[] = '\1<img src="'. $board_config['smilies_path'] . '/' . $smilies[$i]['smile_url'] . '" alt="' . $smilies[$i]['smile_url'] . '">\2';
}
if($i > 0)
{
$message = preg_replace($orig, $repl, ' ' . $message . ' ');
@ -63,11 +59,9 @@ function smilies_pass($message)
return($message);
}
//
// End Smiley parsing function :)
// End functions
//
//
// Start initial var setup
//
@ -80,16 +74,16 @@ if(isset($HTTP_GET_VARS[POST_POST_URL]))
$post_id = $HTTP_GET_VARS[POST_POST_URL];
}
if(!isset($topic_id) && !isset($post_id))
{
message_die(GENERAL_MESSAGE, $lang['Topic_post_not_exist']);
}
$start = (isset($HTTP_GET_VARS['start'])) ? $HTTP_GET_VARS['start'] : 0;
//
// End initial var setup
//
if(!isset($topic_id) && !isset($post_id))
{
message_die(GENERAL_MESSAGE, $lang['Topic_post_not_exist']);
}
//
// Find topic id if user requested a newer
// or older topic
@ -123,7 +117,7 @@ if( isset($HTTP_GET_VARS["view"]) && empty($HTTP_GET_VARS[POST_POST_URL]) )
}
list($topic_id) = $db->sql_fetchrow($result);
if(empty($topic_id))
if( empty($topic_id) )
{
if($HTTP_GET_VARS["view"] == "next")
{
@ -164,18 +158,8 @@ if(!$total_rows = $db->sql_numrows($result))
}
$forum_row = $db->sql_fetchrow($result);
$forum_name = stripslashes($forum_row['forum_name']);
$forum_id = $forum_row['forum_id'];
$topic_title = stripslashes($forum_row['topic_title']);
$topic_id = $forum_row['topic_id'];
$topic_time = $forum_row['topic_time'];
if(!empty($post_id))
{
$start = floor(($forum_row['prev_posts'] - 1) / $board_config['posts_per_page']) * $board_config['posts_per_page'];
}
//
// Start session management
//
@ -185,6 +169,16 @@ init_userprefs($userdata);
// End session management
//
$forum_name = stripslashes($forum_row['forum_name']);
$topic_title = stripslashes($forum_row['topic_title']);
$topic_id = $forum_row['topic_id'];
$topic_time = $forum_row['topic_time'];
if(!empty($post_id))
{
$start = floor(($forum_row['prev_posts'] - 1) / $board_config['posts_per_page']) * $board_config['posts_per_page'];
}
//
// Start auth check
//
@ -276,7 +270,7 @@ $select_post_order .= "</select>";
//
// Go ahead and pull all data for this topic
//
$sql = "SELECT u.username, u.user_id, u.user_posts, u.user_from, u.user_website, u.user_icq, u.user_aim, u.user_yim, u.user_regdate, u.user_msnm, u.user_viewemail, u.user_rank, u.user_sig, u.user_avatar, p.post_time, p.post_id, p.post_username, p.bbcode_uid, p.post_edit_time, p.post_edit_count, pt.post_text, pt.post_subject, p.enable_smiles
$sql = "SELECT u.username, u.user_id, u.user_posts, u.user_from, u.user_website, u.user_icq, u.user_aim, u.user_yim, u.user_regdate, u.user_msnm, u.user_viewemail, u.user_rank, u.user_sig, u.user_avatar, p.post_time, p.post_id, p.post_username, p.bbcode_uid, p.post_edit_time, p.post_edit_count, p.enable_bbcode, p.enable_html, p.enable_smilies, pt.post_text, pt.post_subject
FROM " . POSTS_TABLE . " p, " . USERS_TABLE . " u, " . POSTS_TEXT_TABLE . " pt
WHERE p.topic_id = $topic_id
AND p.poster_id = u.user_id
@ -307,7 +301,7 @@ $ranksrow = $db->sql_fetchrowset($ranksresult);
//
// Dump out the page header and load viewtopic body template
//
setcookie('phpbb2_' . $forum_id . '_' . $topic_id, time(), time()+6000, $cookiepath, $cookiedomain, $cookiesecure);
setcookie('phpbb2_' . $forum_id . '_' . $topic_id, time(), time() + 6000, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);
$page_title = $lang['View_topic'] ." - $topic_title";
include($phpbb_root_path . 'includes/page_header.'.$phpEx);
@ -402,13 +396,13 @@ for($i = 0; $i < $total_posts; $i++)
$poster_posts = ($postrow[$i]['user_id'] != ANONYMOUS) ? $lang['Posts'] . ": " . $postrow[$i]['user_posts'] : "";
$poster_from = ($postrow[$i]['user_from'] && $postrow[$i]['user_id'] != ANONYMOUS) ? $lang['From'] . ": " .$postrow[$i]['user_from'] : "";
$poster_from = ($postrow[$i]['user_from'] && $postrow[$i]['user_id'] != ANONYMOUS) ? $lang['From'] . ": " . stripslashes($postrow[$i]['user_from']) : "";
$poster_joined = ($postrow[$i]['user_id'] != ANONYMOUS) ? $lang['Joined'] . ": " . create_date($board_config['default_dateformat'], $postrow[$i]['user_regdate'], $board_config['default_timezone']) : "";
if($postrow[$i]['user_avatar'] != "" && $poster_id != ANONYMOUS)
{
$poster_avatar = (strstr("http", $postrow[$i]['user_avatar']) && $board_config['allow_avatar_remote']) ? "<br /><img src=\"" . $postrow[$i]['user_avatar'] . "\"><br />" : "<br /><img src=\"" . $board_config['avatar_path'] . "/" . $postrow[$i]['user_avatar'] . "\" alt=\"\" /><br />";
$poster_avatar = (strstr("http", $postrow[$i]['user_avatar']) && $board_config['allow_avatar_remote']) ? "<br /><img src=\"" . stripslashes($postrow[$i]['user_avatar']) . "\"><br />" : "<br /><img src=\"" . $board_config['avatar_path'] . "/" . stripslashes($postrow[$i]['user_avatar']) . "\" alt=\"\" /><br />";
}
else
{
@ -429,8 +423,8 @@ for($i = 0; $i < $total_posts; $i++)
{
if($postrow[$i]['user_rank'] == $ranksrow[$j]['rank_id'] && $ranksrow[$j]['rank_special'])
{
$poster_rank = $ranksrow[$j]['rank_title'];
$rank_image = ($ranksrow[$j]['rank_image']) ? "<img src=\"" . $ranksrow[$j]['rank_image'] . "\"><br />" : "";
$poster_rank = stripslashes($ranksrow[$j]['rank_title']);
$rank_image = ($ranksrow[$j]['rank_image']) ? "<img src=\"" . stripslashes($ranksrow[$j]['rank_image']) . "\"><br />" : "";
}
}
}
@ -440,8 +434,8 @@ for($i = 0; $i < $total_posts; $i++)
{
if($postrow[$i]['user_posts'] > $ranksrow[$j]['rank_min'] && $postrow[$i]['user_posts'] < $ranksrow[$j]['rank_max'] && !$ranksrow[$j]['rank_special'])
{
$poster_rank = $ranksrow[$j]['rank_title'];
$rank_image = ($ranksrow[$j]['rank_image']) ? "<img src=\"" . $ranksrow[$j]['rank_image'] . "\"><br />" : "";
$poster_rank = stripslashes($ranksrow[$j]['rank_title']);
$rank_image = ($ranksrow[$j]['rank_image']) ? "<img src=\"" . stripslashes($ranksrow[$j]['rank_image']) . "\"><br />" : "";
}
}
}
@ -461,15 +455,15 @@ for($i = 0; $i < $total_posts; $i++)
$pm_img = "<a href=\"" . append_sid("privmsg.$phpEx?mode=post&amp;" . POST_USERS_URL . "=$poster_id") . "\"><img src=\"". $images['icon_pm'] . "\" alt=\"" . $lang['Private_messaging'] . "\" border=\"0\" /></a>";
$email_img = ($postrow[$i]['user_viewemail'] == 1) ? "<a href=\"mailto:" . $postrow[$i]['user_email'] . "\"><img src=\"" . $images['icon_email'] . "\" alt=\"" . $lang['Send_email'] . " $poster\" border=\"0\" /></a>" : "";
$email_img = ($postrow[$i]['user_viewemail'] == 1) ? "<a href=\"mailto:" . stripslashes($postrow[$i]['user_email']) . "\"><img src=\"" . $images['icon_email'] . "\" alt=\"" . $lang['Send_email'] . " $poster\" border=\"0\" /></a>" : "";
$www_img = ($postrow[$i]['user_website']) ? "<a href=\"" . $postrow[$i]['user_website'] . "\" target=\"_userwww\"><img src=\"" . $images['icon_www'] . "\" alt=\"" . $lang['Visit_website'] . "\" border=\"0\" /></a>" : "";
$www_img = ($postrow[$i]['user_website']) ? "<a href=\"" . stripslashes($postrow[$i]['user_website']) . "\" target=\"_userwww\"><img src=\"" . $images['icon_www'] . "\" alt=\"" . $lang['Visit_website'] . "\" border=\"0\" /></a>" : "";
if($postrow[$i]['user_icq'])
{
$icq_status_img = "<a href=\"http://wwp.icq.com/" . $postrow[$i]['user_icq'] . "#pager\"><img src=\"http://online.mirabilis.com/scripts/online.dll?icq=" . $postrow[$i]['user_icq'] . "&amp;img=5\" border=\"0\" /></a>";
$icq_status_img = "<a href=\"http://wwp.icq.com/" . stripslashes($postrow[$i]['user_icq']) . "#pager\"><img src=\"http://online.mirabilis.com/scripts/online.dll?icq=" . $postrow[$i]['user_icq'] . "&amp;img=5\" border=\"0\" /></a>";
$icq_add_img = "<a href=\"http://wwp.icq.com/scripts/search.dll?to=" . $postrow[$i]['user_icq'] . "\"><img src=\"" . $images['icon_icq'] . "\" alt=\"" . $lang['ICQ'] . "\" border=\"0\" /></a>";
$icq_add_img = "<a href=\"http://wwp.icq.com/scripts/search.dll?to=" . stripslashes($postrow[$i]['user_icq']) . "\"><img src=\"" . $images['icon_icq'] . "\" alt=\"" . $lang['ICQ'] . "\" border=\"0\" /></a>";
}
else
{
@ -477,11 +471,11 @@ for($i = 0; $i < $total_posts; $i++)
$icq_add_img = "";
}
$aim_img = ($postrow[$i]['user_aim']) ? "<a href=\"aim:goim?screenname=" . $postrow[$i]['user_aim'] . "&amp;message=Hello+Are+you+there?\"><img src=\"" . $images['icon_aim'] . "\" border=\"0\" alt=\"" . $lang['AIM'] . "\" /></a>" : "";
$aim_img = ($postrow[$i]['user_aim']) ? "<a href=\"aim:goim?screenname=" . stripslashes($postrow[$i]['user_aim']) . "&amp;message=Hello+Are+you+there?\"><img src=\"" . $images['icon_aim'] . "\" border=\"0\" alt=\"" . $lang['AIM'] . "\" /></a>" : "";
$msn_img = ($postrow[$i]['user_msnm']) ? "<a href=\"profile.$phpEx?mode=viewprofile&amp;" . POST_USERS_URL . "=$poster_id\"><img src=\"" . $images['icon_msnm'] . "\" border=\"0\" alt=\"" . $lang['MSNM'] . "\" /></a>" : "";
$yim_img = ($postrow[$i]['user_yim']) ? "<a href=\"http://edit.yahoo.com/config/send_webmesg?.target=" . $postrow[$i]['user_yim'] . "&amp;.src=pg\"><img src=\"" . $images['icon_yim'] . "\" border=\"0\" alt=\"" . $lang['YIM'] . "\" /></a>" : "";
$yim_img = ($postrow[$i]['user_yim']) ? "<a href=\"http://edit.yahoo.com/config/send_webmesg?.target=" . stripslashes($postrow[$i]['user_yim']) . "&amp;.src=pg\"><img src=\"" . $images['icon_yim'] . "\" border=\"0\" alt=\"" . $lang['YIM'] . "\" /></a>" : "";
}
else
{
@ -516,43 +510,40 @@ for($i = 0; $i < $total_posts; $i++)
$user_sig = stripslashes($postrow[$i]['user_sig']);
$message = stripslashes($postrow[$i]['post_text']);
if(!$board_config['allow_html'])
if(!$board_config['allow_html'] || !$postrow[$i]['enable_html'])
{
if($user_sig != "")
{
$user_sig = htmlspecialchars($user_sig);
}
$message = htmlspecialchars($message);
//
// Added next line to fix doubled up conversions due to htmlspecialchars
// already being run on posts.
//
$message = str_replace('&amp;', '&', $message);
}
if($board_config['allow_bbcode'])
{
if($user_sig != "")
{
//
// Move this to profile? Well, first pass
//
$sig_uid = make_bbcode_uid();
$user_sig = bbencode_first_pass($user_sig, $sig_uid);
$user_sig = bbencode_second_pass($user_sig, $sig_uid);
$user_sig = str_replace("\n", "<br />", $user_sig);
}
$message = bbencode_second_pass($message, $bbcode_uid);
if($postrow[$i]['allow_bbcode'])
{
$message = bbencode_second_pass($message, $bbcode_uid);
}
}
$message = make_clickable($message);
$message = str_replace("\n", "<br />", $message);
if($user_sig != "")
{
$message = eregi_replace("\[addsig]$", "<br /><br />_________________<br />" . nl2br($user_sig), $message);
}
$message = ($user_sig != "") ? ereg_replace("\[addsig]$", "<br /><br />_________________<br />" . $user_sig, $message) : ereg_replace("\[addsig]$", "", $message);
if($board_config['allow_smilies'] && $postrow[$i]['enable_smiles'] == 1)
if($board_config['allow_smilies'] && $postrow[$i]['enable_smilies'])
{
$message = smilies_pass($message);
}
@ -571,11 +562,11 @@ for($i = 0; $i < $total_posts; $i++)
// Again this will be handled by the templating
// code at some point
//
$row_color = ( !($i % 2) ) ? "#" . $theme['td_color1'] : "#" . $theme['td_color2'];
$row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
$row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];
$template->assign_block_vars("postrow", array(
"ROW_COLOR" => $row_color,
"ROW_COLOR" => "#" . $row_color,
"ROW_CLASS" => $row_class,
"POSTER_NAME" => $poster,
"POSTER_RANK" => $poster_rank,
@ -615,11 +606,20 @@ $s_auth_can .= $lang['You'] . " " . ( ($is_auth['auth_post']) ? $lang['can'] : $
$s_auth_can .= $lang['You'] . " " . ( ($is_auth['auth_reply']) ? $lang['can'] : $lang['cannot'] ) . " " . $lang['reply_posts'] . "<br />";
$s_auth_can .= $lang['You'] . " " . ( ($is_auth['auth_edit']) ? $lang['can'] : $lang['cannot'] ) . " " . $lang['edit_posts'] . "<br />";
$s_auth_can .= $lang['You'] . " " . ( ($is_auth['auth_delete']) ? $lang['can'] : $lang['cannot'] ) . " " . $lang['delete_posts'] . "<br />";
/*
$s_auth_read_img = "<img src=\"" . ( ($is_auth['auth_read']) ? $image['auth_can_read'] : $image['auth_cannot_read'] ) . "\" alt=\"" . $lang['You'] . " " . ( ($is_auth['auth_read']) ? $lang['can'] : $lang['cannot'] ) . " " . $lang['read_posts'] . "\" />";
$s_auth_post_img = "<img src=\"" . ( ($is_auth['auth_post']) ? $image['auth_can_post'] : $image['auth_cannot_post'] ) . "\" alt=\"" . $lang['You'] . " " . ( ($is_auth['auth_post']) ? $lang['can'] : $lang['cannot'] ) . " " . $lang['post_topics'] . "\" />";
$s_auth_reply_img = "<img src=\"" . ( ($is_auth['auth_reply']) ? $image['auth_can_reply'] : $image['auth_cannot_reply'] ) . "\" alt=\"" . $lang['You'] . " " . ( ($is_auth['auth_reply']) ? $lang['can'] : $lang['cannot'] ) . " " . $lang['reply_posts'] . "\" />";
$s_auth_edit_img = "<img src=\"" . ( ($is_auth['auth_edit']) ? $image['auth_can_edit'] : $image['auth_cannot_edit'] ) . "\" alt=\"" . $lang['You'] . " " . ( ($is_auth['auth_edit']) ? $lang['can'] : $lang['cannot'] ) . " " . $lang['edit_posts'] . "\" />";
$s_auth_delete_img = "<img src=\"" . ( ($is_auth['auth_delete']) ? $image['auth_can_delete'] : $image['auth_cannot_delete'] ) . "\" alt=\"" . $lang['You'] . " " . ( ($is_auth['auth_delete']) ? $lang['can'] : $lang['cannot'] ) . " " . $lang['delete_posts'] . "\" />";
*/
if( $is_auth['auth_mod'] )
{
$s_auth_can .= $lang['You'] . " " . $lang['can'] . " <a href=\"" . append_sid("modcp.$phpEx?" . POST_FORUM_URL . "=$forum_id") . "\">" . $lang['moderate_forum'] . "</a><br />";
// $s_auth_mod_img = "<a href=\"" . append_sid("modcp.$phpEx?" . POST_FORUM_URL . "=$forum_id") . "\"><img src=\"" . $images['auth_mod'] . "\" alt=\"" . $lang['You'] . " " . $lang['can'] . " " . $lang['moderate_forum'] . "\" border=\"0\"/></a>";
$topic_mod = "<a href=\"" . append_sid("modcp.$phpEx?" . POST_TOPIC_URL . "=$topic_id&amp;mode=delete&amp;quick_op=1") . "\"><img src=\"" . $images['topic_mod_delete'] . "\" alt = \"" . $lang['Delete_topic'] . "\" border=\"0\" /></a>&nbsp;";
$topic_mod .= "<a href=\"" . append_sid("modcp.$phpEx?" . POST_TOPIC_URL . "=$topic_id&amp;mode=move&amp;quick_op=1"). "\"><img src=\"" . $images['topic_mod_move'] . "\" alt = \"" . $lang['Move_topic'] . "\" border=\"0\" /></a>&nbsp;";
@ -636,11 +636,16 @@ if( $is_auth['auth_mod'] )
}
$template->assign_vars(array(
"PAGINATION" => generate_pagination("viewtopic.$phpEx?".POST_TOPIC_URL."=$topic_id&amp;postdays=$post_days&amp;postorder=$post_order", $total_replies, $board_config['posts_per_page'], $start),
"PAGINATION" => generate_pagination("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id&amp;postdays=$post_days&amp;postorder=$post_order", $total_replies, $board_config['posts_per_page'], $start),
"ON_PAGE" => ( floor( $start / $board_config['posts_per_page'] ) + 1 ),
"TOTAL_PAGES" => ceil( $total_replies / $board_config['posts_per_page'] ),
"S_AUTH_LIST" => $s_auth_can,
"S_AUTH_LIST" => $s_auth_can,
"S_AUTH_READ_IMG" => $s_auth_read_img,
"S_AUTH_POST_IMG" => $s_auth_post_img,
"S_AUTH_REPLY_IMG" => $s_auth_reply_img,
"S_AUTH_EDIT_IMG" => $s_auth_edit_img,
"S_AUTH_MOD_IMG" => $s_auth_mod_img,
"S_TOPIC_ADMIN" => $topic_mod,
"L_OF" => $lang['of'],
@ -652,4 +657,4 @@ $template->pparse("body");
include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
?>
?>