mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-10 18:54:08 +02:00
Code Issues Releases Wiki Activity

- introducing clean usernames, needs to be tested more, I'm not sure I didn't miss anything

Browse Source 
- homograph list should probably be extended


git-svn-id: file:///svn/phpbb/trunk@6494 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Nils Adermann
2006-10-13 22:10:18 +00:00
parent 23d25ddcd1
commit c65048bd91
23 changed files with 81 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
phpBB/includes/ucp/ucp_pm_options.php
View File

@@ -653,7 +653,7 @@ function define_cond_option($hardcoded, $cond_option, $rule_option, $global_rule
{
$sql = 'SELECT user_id
FROM ' . USERS_TABLE . "
WHERE LOWER(username) = '" . $db->sql_escape(utf8_strtolower($rule_string)) . "'";
WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($rule_string)) . "'";
$result = $db->sql_query($sql);
$rule_user_id = (int) $db->sql_fetchfield('user_id');
$db->sql_freeresult($result);

2
phpBB/includes/ucp/ucp_remind.php
View File

@@ -31,7 +31,7 @@ class ucp_remind
$sql = 'SELECT user_id, username, user_email, user_jabber, user_notify_type, user_type, user_lang
FROM ' . USERS_TABLE . "
WHERE user_email = '" . $db->sql_escape($email) . "'
AND LOWER(username) = '" . $db->sql_escape(utf8_strtolower($username)) . "'";
AND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
$result = $db->sql_query($sql);
$user_row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);

2
phpBB/includes/ucp/ucp_resend.php
View File

@@ -31,7 +31,7 @@ class ucp_resend
$sql = 'SELECT user_id, group_id, username, user_email, user_type, user_lang, user_actkey
FROM ' . USERS_TABLE . "
WHERE user_email = '" . $db->sql_escape($email) . "'
AND LOWER(username) = '" . $db->sql_escape(utf8_strtolower($username)) . "'";
AND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
$result = $db->sql_query($sql);
$user_row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);

10
phpBB/includes/ucp/ucp_zebra.php
View File

@@ -42,7 +42,7 @@ class ucp_zebra
if ($data['add'])
{
$data['add'] = array_map('trim', array_map('utf8_strtolower', explode("\n", $data['add'])));
$data['add'] = array_map('trim', array_map('utf8_clean_string', explode("\n", $data['add'])));
// Do these name/s exist on a list already? If so, ignore ... we could be
// 'nice' and automatically handle names added to one list present on
@@ -59,11 +59,11 @@ class ucp_zebra
{
if ($row['friend'])
{
$friends[] = utf8_strtolower($row['username']);
$friends[] = utf8_clean_string($row['username']);
}
else
{
$foes[] = utf8_strtolower($row['username']);
$foes[] = utf8_clean_string($row['username']);
}
}
$db->sql_freeresult($result);
@@ -88,7 +88,7 @@ class ucp_zebra
// remove the user himself from the username array
$n = sizeof($data['add']);
$data['add'] = array_diff($data['add'], array(utf8_strtolower($user->data['username'])));
$data['add'] = array_diff($data['add'], array(utf8_clean_string($user->data['username'])));
if (sizeof($data['add']) < $n)
{
@@ -101,7 +101,7 @@ class ucp_zebra
{
$sql = 'SELECT user_id, user_type
FROM ' . USERS_TABLE . '
WHERE ' . $db->sql_in_set('LOWER(username)', $data['add']) . '
WHERE ' . $db->sql_in_set('username_clean', $data['add']) . '
AND user_type <> ' . USER_INACTIVE;
$result = $db->sql_query($sql);