diff --git a/phpBB/mcp.php b/phpBB/mcp.php
index 5126e3755a..9163c6dfae 100644
--- a/phpBB/mcp.php
+++ b/phpBB/mcp.php
@@ -605,19 +605,6 @@ switch ($mode)
$posts_per_page = (isset($_REQUEST['posts_per_page'])) ? intval($_REQUEST['posts_per_page']) : $config['posts_per_page'];
- // Post ordering options
- $previous_days = array(0 => $user->lang['ALL_POSTS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 364 => $user->lang['1_YEAR']);
- $sort_by_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 's' => $user->lang['SUBJECT']);
- $sort_by = array('a' => 'u.username', 't' => 'p.post_id', 's' => 'p.post_subject');
-
- $sort_days = (!empty($_REQUEST['sort_days'])) ? max(intval($_REQUEST['sort_days']), 0) : 0;
- $sort_key = (!empty($_REQUEST['sort_key']) && preg_match('/^(a|t|s)$/', $_REQUEST['sort_key'])) ? $_REQUEST['sort_key'] : 't';
- $sort_dir = (!empty($_REQUEST['sort_dir']) && preg_match('/^(a|d)$/', $_REQUEST['sort_dir'])) ? $_REQUEST['sort_dir'] : 'a';
- $sort_order = $sort_by[$sort_key] . ' ' . (($sort_dir == 'd') ? 'DESC' : 'ASC');
-
- $limit_posts_time = '';
- $total_posts = $topic_info['topic_replies'] + 1;
-
// Temp fix for merge: display all posts after the topic has been selected to avoid any confusion
if ($to_topic_id)
{
@@ -625,6 +612,22 @@ switch ($mode)
$posts_per_page = 0;
}
+
+ // Following section altered for consistency with viewforum, viewtopic, etc.
+ // Post ordering options
+ $limit_days = array(0 => $user->lang['ALL_POSTS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 364 => $user->lang['1_YEAR']);
+ $sort_by_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 's' => $user->lang['SUBJECT']);
+ $sort_by_sql = array('a' => 'u.username', 't' => 'p.post_id', 's' => 'p.post_subject');
+
+ $sort_days = (!empty($_REQUEST['st'])) ? max(intval($_REQUEST['st']), 0) : 0;
+ $sort_key = (!empty($_REQUEST['sk'])) ? $_REQUEST['sk'] : 't';
+ $sort_dir = (!empty($_REQUEST['sd'])) ? $_REQUEST['sd'] : 'a';
+
+ $s_limit_days = $s_sort_key = $s_sort_dir = '';
+ gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir);
+
+ $limit_posts_time = '';
+ $total_posts = $topic_info['topic_replies'] + 1;
if ($sort_days)
{
$min_post_time = time() - ($sort_days * 86400);
@@ -639,33 +642,8 @@ switch ($mode)
$limit_posts_time = "AND p.post_time >= $min_post_time ";
}
- $select_sort_days = '';
+ $sort_order = $sort_by_sql[$sort_key] . ' ' . (($sort_dir == 'd') ? 'DESC' : 'ASC');
- $select_sort = '';
-
- $select_sort_dir = '';
-
- $select_post_days = '';
$sql = 'SELECT u.username, p.*
FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . " u
@@ -678,7 +656,7 @@ switch ($mode)
$i = 0;
while ($row = $db->sql_fetchrow($result))
{
- $poster = (!empty($row['username'])) ? $row['username'] : ((!$row['post_username']) ? $user->lang['Guest'] : $row['post_username']);
+ $poster = (!empty($row['username'])) ? $row['username'] : ((!$row['post_username']) ? $user->lang['GUEST'] : $row['post_username']);
$message = $row['post_text'];
$post_subject = ($row['post_subject'] != '') ? $row['post_subject'] : $topic_data['topic_title'];
@@ -741,6 +719,8 @@ switch ($mode)
}
}
+ // The acl_get in this won't work properly, needs to be acl_gets - Paul
+ // Minor change to order selects for consistency with viewforum, viewtopic - Paul
$template->assign_vars(array(
'TOPIC_TITLE' => $topic_info['topic_title'],
'U_VIEW_TOPIC' => "viewtopic.$phpEx$SID&t=$topic_id",
@@ -759,10 +739,10 @@ switch ($mode)
'S_CAN_DELETE' => ($auth->acl_get('m_delete', 'a_', $forum_id) &&($mode == 'topic_view' || $mode == 'delete')) ? TRUE : FALSE,
'S_SHOW_TOPIC_ICONS'=> (!empty($s_topic_icons)) ? TRUE : FALSE,
- 'S_SELECT_SORT_DIR' => $select_sort_dir,
- 'S_SELECT_SORT_KEY' => $select_sort,
- 'S_SELECT_SORT_DAYS'=> $select_sort_days,
- 'PAGINATION' => (!$posts_per_page) ? '' : generate_pagination("$mcp_url&mode=$mode&posts_per_page=$posts_per_page&sort_key=$sort_key&sort_dir=$sort_dir&sort_days=$sort_days", $total_posts, $posts_per_page, $start)
+ 'S_SELECT_SORT_DIR' => $s_sort_dir,
+ 'S_SELECT_SORT_KEY' => $s_sort_key,
+ 'S_SELECT_SORT_DAYS'=> $s_limit_days,
+ 'PAGINATION' => (!$posts_per_page) ? '' : generate_pagination("$mcp_url&mode=$mode&posts_per_page=$posts_per_page&st=$sort_days&sk=$sort_key&sd=$sort_dir", $total_posts, $posts_per_page, $start)
));
break;
@@ -1152,8 +1132,8 @@ switch ($mode)
$template->assign_vars(array(
'PAGINATION' => generate_pagination("mcp.$phpEx$SID&f=$forum_id", $forum_info['forum_topics'], $config['topics_per_page'], $start),
- 'PAGE_NUMBER' => sprintf($user->lang['PAGE_OF'], (floor($start / $config['topics_per_page']) + 1), ceil($forum_info ['forum_topics'] / $config['topics_per_page']))
- ));
+ 'PAGE_NUMBER' => on_page($forum_info['forum_topics'], $config['topics_per_page'], $start))
+ );
break;
case 'front':
diff --git a/phpBB/viewforum.php b/phpBB/viewforum.php
index b7482f641f..eed996e06a 100644
--- a/phpBB/viewforum.php
+++ b/phpBB/viewforum.php
@@ -26,12 +26,13 @@ include($phpbb_root_path . 'common.'.$phpEx);
// Start initial var setup
-$forum_id = (!empty($_GET['f'])) ? intval($_GET['f']) : 0;
-$start = (isset($_GET['start'])) ? intval($_GET['start']) : 0;
+$forum_id = (isset($_GET['f'])) ? max(intval($_GET['f']), 0) : 0;
+$start = (isset($_GET['start'])) ? max(intval($_GET['start']), 0) : 0;
$mark_read = (!empty($_GET['mark'])) ? $_GET['mark'] : '';
-$sort_days = (!empty($_REQUEST['sort_days'])) ? intval($_REQUEST['sort_days']) : 0;
-$sort_key = (!empty($_REQUEST['sort_key'])) ? $_REQUEST['sort_key'] : 't';
-$sort_dir = (!empty($_REQUEST['sort_dir'])) ? $_REQUEST['sort_dir'] : 'd';
+
+$sort_days = (!empty($_REQUEST['st'])) ? max(intval($_REQUEST['st']), 0) : 0;
+$sort_key = (!empty($_REQUEST['sk'])) ? $_REQUEST['sk'] : 't';
+$sort_dir = (!empty($_REQUEST['sd'])) ? $_REQUEST['sd'] : 'd';
// Start session
@@ -177,39 +178,33 @@ if ($forum_data['forum_postable'])
$limit_days = array(0 => $user->lang['ALL_TOPICS'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 364 => $user->lang['1_YEAR']);
$sort_by_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 'r' => $user->lang['REPLIES'], 's' => $user->lang['SUBJECT'], 'v' => $user->lang['VIEWS']);
- $sort_by_sql = array('a' => 't.topic_last_poster_name', 't' => 't.topic_last_post_id', 'r' => 't.topic_replies', 's' => 't.topic_title', 'v' => 't.topic_views');
-
- gen_sort_selects($limit_days, $sort_by_text, $s_limit_days, $s_sort_key, $s_sort_dir);
+ $sort_by_sql = array('a' => 't.topic_first_poster_name', 't' => 't.topic_last_post_id', 'r' => 't.topic_replies', 's' => 't.topic_title', 'v' => 't.topic_views');
+ $s_limit_days = $s_sort_key = $s_sort_dir = '';
+ gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir);
// Limit topics to certain time frame, obtain correct topic count
- $topic_days = '';
- if (isset($_REQUEST['sort']))
+ $topics_count = ($forum_data['forum_topics']) ? $forum_data['forum_topics'] : 1;
+ $limit_topics_time = $topic_days = '';
+
+ if ($sort_days)
{
- if ($sort_days)
- {
- $min_topic_time = time() - ($sort_days * 86400);
+ $min_topic_time = time() - ($sort_days * 86400);
- // ref type on as rows as topics ... also not great
- $sql = "SELECT COUNT(topic_id) AS forum_topics
- FROM " . TOPICS_TABLE . "
- WHERE forum_id = $forum_id
- AND topic_last_post_time >= $min_topic_time";
- $result = $db->sql_query($sql);
+ // ref type on as rows as topics ... also not great
+ $sql = "SELECT COUNT(topic_id) AS forum_topics
+ FROM " . TOPICS_TABLE . "
+ WHERE forum_id = $forum_id
+ AND topic_last_post_time >= $min_topic_time";
+ $result = $db->sql_query($sql);
- $start = 0;
- $topics_count = ($row = $db->sql_fetchrow($result)) ? $row['forum_topics'] : 0;
- $limit_topics_time = "AND t.topic_last_post_time >= $min_topic_time";
- }
- else
- {
- $topics_count = ($forum_data['forum_topics']) ? $forum_data['forum_topics'] : 1;
- }
+ $start = 0;
+ $topics_count = ($row = $db->sql_fetchrow($result)) ? $row['forum_topics'] : 0;
+ $limit_topics_time = "AND t.topic_last_post_time >= $min_topic_time";
}
else
{
$topics_count = ($forum_data['forum_topics']) ? $forum_data['forum_topics'] : 1;
- $limit_topics_time = '';
}
// Select the sort order
@@ -220,7 +215,7 @@ if ($forum_data['forum_postable'])
$post_alt = (intval($forum_data['forum_status']) == ITEM_LOCKED) ? 'FORUM_LOCKED' : 'POST_NEW_TOPIC';
$template->assign_vars(array(
- 'PAGINATION' => generate_pagination("viewforum.$phpEx$SID&f=$forum_id", $topics_count, $config['topics_per_page'], $start),
+ 'PAGINATION' => generate_pagination("viewforum.$phpEx$SID&f=$forum_id&st=$sort_days&sk=$sort_key&sd=$sort_dir", $topics_count, $config['topics_per_page'], $start),
'PAGE_NUMBER' => on_page($topics_count, $config['topics_per_page'], $start),
'MOD_CP' => ($auth->acl_gets('m_', 'a_', $forum_id)) ? sprintf($user->lang['MCP'], '', '') : '',
'MODERATORS' => (!empty($moderators[$forum_id])) ? implode(', ', $moderators[$forum_id]) : $user->lang['NONE'],
diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php
index 7914b261c7..ff150774c8 100644
--- a/phpBB/viewtopic.php
+++ b/phpBB/viewtopic.php
@@ -27,13 +27,18 @@ include($phpbb_root_path . 'includes/bbcode.'.$phpEx);
// Initial var setup
-$topic_id = (isset($_GET['t'])) ? intval($_GET['t']) : 0;
-$post_id = (isset($_GET['p'])) ? intval($_GET['p']) : 0;
-$start = (isset($_GET['start'])) ? intval($_GET['start']) : 0;
+$forum_id = (isset($_GET['f'])) ? max(intval($_GET['f']), 0) : 0;
+$topic_id = (isset($_GET['t'])) ? max(intval($_GET['t']), 0) : 0;
+$post_id = (isset($_GET['p'])) ? max(intval($_GET['p']), 0) : 0;
+$start = (isset($_GET['start'])) ? max(intval($_GET['start']), 0) : 0;
-$sort_days = (!empty($_REQUEST['sort_days'])) ? intval($_REQUEST['sort_days']) : 0;
-$sort_key = (!empty($_REQUEST['sort_key'])) ? $_REQUEST['sort_key'] : 't';
-$sort_dir = (!empty($_REQUEST['sort_dir'])) ? $_REQUEST['sort_dir'] : 'a';
+// Do we need to check for specific allowed keys here? So long as
+// parameters are not directly used in SQL I'm tempted to say
+// if someone wishes to screw their view up by entering unknown data
+// good luck to them :D
+$sort_days = (!empty($_REQUEST['st'])) ? max(intval($_REQUEST['st']), 0) : 0;
+$sort_key = (!empty($_REQUEST['sk'])) ? $_REQUEST['sk'] : 't';
+$sort_dir = (!empty($_REQUEST['sd'])) ? $_REQUEST['sd'] : 'a';
// Do we have a topic or post id?
@@ -130,7 +135,8 @@ if ($user->data['user_id'] != ANONYMOUS)
$sql = "SELECT t.topic_id, t.topic_title, t.topic_status, t.topic_replies, t.topic_time, t.topic_type, t.poll_start, t.poll_length, t.poll_title, f.forum_name, f.forum_desc, f.forum_parents, f.parent_id, f.left_id, f.right_id, f.forum_status, f.forum_id, f.forum_style" . $extra_fields . "
FROM " . TOPICS_TABLE . " t, " . FORUMS_TABLE . " f" . $join_sql_table . "
WHERE $join_sql
- AND f.forum_id = t.forum_id
+ AND ( f.forum_id = t.forum_id
+ OR f.forum_id = $forum_id )
$order_sql";
$result = $db->sql_query($sql);
@@ -139,12 +145,13 @@ if (!$topic_data = $db->sql_fetchrow($result))
trigger_error('NO_TOPIC');
}
extract($topic_data);
-$forum_id = intval($forum_id);
+
// Configure style, language, etc.
$user->setup(false, intval($forum_style));
$auth->acl($user->data, intval($forum_id));
+
// Start auth check
if (!$auth->acl_gets('f_read', 'm_', 'a_', intval($forum_id)))
{
@@ -155,7 +162,7 @@ if (!$auth->acl_gets('f_read', 'm_', 'a_', intval($forum_id)))
redirect('login.' . $phpEx . $SID . '&redirect=viewtopic.' . $phpEx . '&' . $redirect);
}
- trigger_error($user->lang['Sorry_auth_read']);
+ trigger_error($user->lang['SORRY_AUTH_READ']);
}
@@ -178,14 +185,12 @@ $limit_days = array(0 => $user->lang['ALL_POSTS'], 1 => $user->lang['1_DAY'], 7
$sort_by_text = array('a' => $user->lang['AUTHOR'], 't' => $user->lang['POST_TIME'], 's' => $user->lang['SUBJECT']);
$sort_by_sql = array('a' => 'u.username', 't' => 'p.post_id', 's' => 'p.post_subject');
-gen_sort_selects($limit_days, $sort_by_text, $s_limit_days, $s_sort_key, $s_sort_dir);
+$s_limit_days = $s_sort_key = $s_sort_dir = '';
+gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir);
-$sort_days = (!empty($_REQUEST['sort_days'])) ? max(intval($_REQUEST['sort_days']), 0) : 0;
-$sort_key = (!empty($_REQUEST['sort_key']) && preg_match('/^(a|t|s)$/', $_REQUEST['sort_key'])) ? $_REQUEST['sort_key'] : 't';
-$sort_dir = (!empty($_REQUEST['sort_dir']) && preg_match('/^(a|d)$/', $_REQUEST['sort_dir'])) ? $_REQUEST['sort_dir'] : 'a';
-$sort_order = $sort_by_sql[$sort_key] . ' ' . (($sort_dir == 'd') ? 'DESC' : 'ASC');
-
+// Obtain correct post count and ordering SQL if user has
+// requested anything different
$limit_posts_time = '';
$total_posts = $topic_replies + 1;
@@ -205,33 +210,8 @@ if ($sort_days)
$limit_posts_time = "AND p.post_time >= $min_post_time ";
}
-$select_sort_days = '';
-
-$select_sort = '';
-
-$select_sort_dir = '';
-
-$select_post_days = '';
+// Select the sort order
+$sort_order = $sort_by_sql[$sort_key] . ' ' . (($sort_dir == 'd') ? 'DESC' : 'ASC');
// Cache this? ... it is after all doing a simple data grab
@@ -247,7 +227,6 @@ while ($row = $db->sql_fetchrow($result))
$db->sql_freeresult($result);
-
// Grab icons
$icons = array();
obtain_icons($icons);
@@ -255,10 +234,10 @@ obtain_icons($icons);
// Was a highlight request part of the URI?
$highlight_match = $highlight = '';
-if (isset($_GET['highlight']))
+if (isset($_GET['hilit']))
{
// Split words and phrases
- $words = explode(' ', trim(htmlspecialchars(urldecode($_GET['highlight']))));
+ $words = explode(' ', trim(htmlspecialchars(urldecode($_GET['hilit']))));
foreach ($words as $word)
{
@@ -269,7 +248,7 @@ if (isset($_GET['highlight']))
}
unset($words);
- $highlight = urlencode($_GET['highlight']);
+ $highlight = urlencode($_GET['hilit']);
}
@@ -287,7 +266,7 @@ $topic_mod .= ($auth->acl_gets('m_merge', 'a_', $forum_id)) ? '