mirror of
https://github.com/phpbb/phpbb.git
synced 2025-07-30 21:40:43 +02:00
A whole bunch of fixes
git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@3081 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen
@@ -68,7 +68,7 @@ class emailer
|
||||
//
|
||||
function set_subject($subject = '')
|
||||
{
|
||||
$this->subject = $subject;
|
||||
$this->subject = preg_replace('#[\n\r]+#s', '', $subject);
|
||||
}
|
||||
|
||||
//
|
||||
|
||||
@@ -176,7 +176,7 @@ function make_jumpbox($action, $match_forum_id = 0)
|
||||
|
||||
if ( isset($SID) )
|
||||
{
|
||||
$boxstring .= '<input type="hidden" name="sid" value="' . $SID . '" />';
|
||||
$boxstring .= '<input type="hidden" name="sid" value="' . substr($SID, 4) . '" />';
|
||||
}
|
||||
|
||||
$template->set_filenames(array(
|
||||
|
||||
@@ -160,7 +160,7 @@ function prepare_post(&$mode, &$post_data, &$bbcode_on, &$html_on, &$smilies_on,
|
||||
$bbcode_uid = ( $bbcode_on ) ? make_bbcode_uid() : '';
|
||||
$message = prepare_message(trim($message), $html_on, $bbcode_on, $smilies_on, $bbcode_uid);
|
||||
}
|
||||
else if ( $mode != 'delete' && $mode != 'polldelete' )
|
||||
else if ( $mode != 'delete' && $mode != 'poll_delete' )
|
||||
{
|
||||
$error_msg .= ( !empty($error_msg) ) ? '<br />' . $lang['Empty_message'] : $lang['Empty_message'];
|
||||
}
|
||||
@@ -233,7 +233,7 @@ function submit_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_
|
||||
{
|
||||
if ( $row = $db->sql_fetchrow($result) )
|
||||
{
|
||||
if ( $row['last_post_time'] > 0 && ( $current_time - $row['last_post_time'] ) < $board_config['flood_interval'] )
|
||||
if ( intval($row['last_post_time']) > 0 && ( $current_time - intval($row['last_post_time']) ) < intval($board_config['flood_interval']) )
|
||||
{
|
||||
message_die(GENERAL_MESSAGE, $lang['Flood_Error']);
|
||||
}
|
||||
@@ -278,7 +278,7 @@ function submit_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_
|
||||
message_die(GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql);
|
||||
}
|
||||
|
||||
add_search_words($post_id, stripslashes($post_message), stripslashes($post_subject));
|
||||
add_search_words('single', $post_id, stripslashes($post_message), stripslashes($post_subject));
|
||||
|
||||
//
|
||||
// Add poll
|
||||
@@ -634,9 +634,9 @@ function user_notification($mode, &$post_data, &$forum_id, &$topic_id, &$post_id
|
||||
$update_watched_sql = '';
|
||||
if ( $row = $db->sql_fetchrow($result) )
|
||||
{
|
||||
@set_time_limit(120);
|
||||
@set_time_limit(240);
|
||||
|
||||
$topic_title = preg_replace($orig_word, $replacement_word, unprepare_message($row['topic_title']));
|
||||
$topic_title = (count($orig_word)) ? preg_replace($orig_word, $replacement_word, unprepare_message($row['topic_title'])) : unprepare_message($row['topic_title']);
|
||||
|
||||
do
|
||||
{
|
||||
@@ -648,7 +648,7 @@ function user_notification($mode, &$post_data, &$forum_id, &$topic_id, &$post_id
|
||||
$emailer->extra_headers($email_headers);
|
||||
|
||||
$emailer->assign_vars(array(
|
||||
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
|
||||
'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']) : '',
|
||||
'USERNAME' => $row['username'],
|
||||
'SITENAME' => $board_config['sitename'],
|
||||
'TOPIC_TITLE' => $topic_title,
|
||||
|
||||
@@ -97,11 +97,11 @@ function split_words(&$entry, $mode = 'post')
|
||||
return $split_entries[1];
|
||||
}
|
||||
|
||||
function add_search_words($post_id, $post_text, $post_title = '')
|
||||
function add_search_words($mode, $post_id, $post_text, $post_title = '')
|
||||
{
|
||||
global $db, $phpbb_root_path, $board_config, $lang;
|
||||
|
||||
$stopwords_array = @file($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . "/search_stopwords.txt");
|
||||
$stopword_array = @file($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . "/search_stopwords.txt");
|
||||
$synonym_array = @file($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . "/search_synonyms.txt");
|
||||
|
||||
$search_raw_words = array();
|
||||
@@ -244,7 +244,7 @@ function add_search_words($post_id, $post_text, $post_title = '')
|
||||
}
|
||||
}
|
||||
|
||||
if ( $mode == 'single' )
|
||||
if ($mode == 'single')
|
||||
{
|
||||
remove_common('single', 0.4, $word);
|
||||
}
|
||||
|
||||
@@ -331,7 +331,7 @@ class Template {
|
||||
if ($block_nesting_level < 2)
|
||||
{
|
||||
// Block is not nested.
|
||||
$code_lines[$i] = '$_' . $a[1] . '_count = ( isset($this->_tpldata[\'' . $n[1] . '.\']) ) ? sizeof($this->_tpldata[\'' . $n[1] . '.\']) : 0;';
|
||||
$code_lines[$i] = '$_' . $n[1] . '_count = ( isset($this->_tpldata[\'' . $n[1] . '.\']) ) ? sizeof($this->_tpldata[\'' . $n[1] . '.\']) : 0;';
|
||||
$code_lines[$i] .= "\n" . 'for ($_' . $n[1] . '_i = 0; $_' . $n[1] . '_i < $_' . $n[1] . '_count; $_' . $n[1] . '_i++)';
|
||||
$code_lines[$i] .= "\n" . '{';
|
||||
}
|
||||
@@ -347,7 +347,7 @@ class Template {
|
||||
// current indices of all parent blocks.
|
||||
$varref = $this->generate_block_data_ref($namespace, false);
|
||||
// Create the for loop code to iterate over this block.
|
||||
$code_lines[$i] = '$_' . $a[1] . '_count = ( isset(' . $varref . ') ) ? sizeof(' . $varref . ') : 0;';
|
||||
$code_lines[$i] = '$_' . $n[1] . '_count = ( isset(' . $varref . ') ) ? sizeof(' . $varref . ') : 0;';
|
||||
$code_lines[$i] .= "\n" . 'for ($_' . $n[1] . '_i = 0; $_' . $n[1] . '_i < $_' . $n[1] . '_count; $_' . $n[1] . '_i++)';
|
||||
$code_lines[$i] .= "\n" . '{';
|
||||
}
|
||||
|
||||
@@ -27,7 +27,7 @@ if ( !defined('IN_PHPBB') )
|
||||
exit;
|
||||
}
|
||||
|
||||
$sql = "SELECT user_active, user_id, user_email, user_newpasswd, user_lang, user_actkey
|
||||
$sql = "SELECT user_active, user_id, username, user_email, user_newpasswd, user_lang, user_actkey
|
||||
FROM " . USERS_TABLE . "
|
||||
WHERE user_id = " . intval($HTTP_GET_VARS[POST_USERS_URL]);
|
||||
if ( !($result = $db->sql_query($sql)) )
|
||||
@@ -57,7 +57,7 @@ if ( $row = $db->sql_fetchrow($result) )
|
||||
message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql_update);
|
||||
}
|
||||
|
||||
if ( $board_config['require_activation'] == USER_ACTIVATION_ADMIN && $sql_update_pass == '' )
|
||||
if ( intval($board_config['require_activation']) == USER_ACTIVATION_ADMIN && $sql_update_pass == '' )
|
||||
{
|
||||
include($phpbb_root_path . 'includes/emailer.'.$phpEx);
|
||||
$emailer = new emailer($board_config['smtp_delivery']);
|
||||
@@ -71,9 +71,9 @@ if ( $row = $db->sql_fetchrow($result) )
|
||||
|
||||
$emailer->assign_vars(array(
|
||||
'SITENAME' => $board_config['sitename'],
|
||||
'USERNAME' => $username,
|
||||
'USERNAME' => $row['username'],
|
||||
'PASSWORD' => $password_confirm,
|
||||
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']))
|
||||
'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']) : '')
|
||||
);
|
||||
$emailer->send();
|
||||
$emailer->reset();
|
||||
|
||||
@@ -242,7 +242,7 @@ function user_avatar_upload($mode, $avatar_mode, &$current_avatar, &$current_typ
|
||||
return $avatar_sql;
|
||||
}
|
||||
|
||||
function display_avatar_gallery($mode, &$category, &$user_id, &$email, &$current_email, &$coppa, &$username, &$email, &$new_password, &$cur_password, &$password_confirm, &$icq, &$aim, &$msn, &$yim, &$website, &$location, &$occupation, &$interests, &$signature, &$viewemail, &$notifypm, &$popuppm, &$notifyreply, &$attachsig, &$allowhtml, &$allowbbcode, &$allowsmilies, &$hideonline, &$style, &$language, &$timezone, &$dateformat)
|
||||
function display_avatar_gallery($mode, &$category, &$user_id, &$email, &$current_email, &$coppa, &$username, &$email, &$new_password, &$cur_password, &$password_confirm, &$icq, &$aim, &$msn, &$yim, &$website, &$location, &$occupation, &$interests, &$signature, &$viewemail, &$notifypm, &$popuppm, &$notifyreply, &$attachsig, &$allowhtml, &$allowbbcode, &$allowsmilies, &$hideonline, &$style, &$language, &$timezone, &$dateformat, &$session_id)
|
||||
{
|
||||
global $board_config, $db, $template, $lang, $images, $theme;
|
||||
global $phpbb_root_path, $phpEx;
|
||||
@@ -320,7 +320,7 @@ function display_avatar_gallery($mode, &$category, &$user_id, &$email, &$current
|
||||
|
||||
$params = array('coppa', 'user_id', 'username', 'email', 'current_email', 'cur_password', 'new_password', 'password_confirm', 'icq', 'aim', 'msn', 'yim', 'website', 'location', 'occupation', 'interests', 'signature', 'viewemail', 'notifypm', 'popuppm', 'notifyreply', 'attachsig', 'allowhtml', 'allowbbcode', 'allowsmilies', 'hideonline', 'style', 'language', 'timezone', 'dateformat');
|
||||
|
||||
$s_hidden_vars = '<input type="hidden" name="agreed" value="true" />';
|
||||
$s_hidden_vars = '<input type="hidden" name="session_id" value="' . $session_id . '" /><input type="hidden" name="agreed" value="true" />';
|
||||
|
||||
for($i = 0; $i < count($params); $i++)
|
||||
{
|
||||
|
||||
@@ -62,6 +62,11 @@ if ( $result = $db->sql_query($sql) )
|
||||
|
||||
if ( isset($HTTP_POST_VARS['submit']) )
|
||||
{
|
||||
if (!isset($HTTP_POST_VARS['session_id']) || $HTTP_POST_VARS['session_id'] != $userdata['session_id'])
|
||||
{
|
||||
message_die(ERROR, 'Invalid_session');
|
||||
}
|
||||
|
||||
$error = FALSE;
|
||||
|
||||
if ( !empty($HTTP_POST_VARS['subject']) )
|
||||
@@ -170,6 +175,7 @@ if ( $result = $db->sql_query($sql) )
|
||||
$template->assign_vars(array(
|
||||
'USERNAME' => $username,
|
||||
|
||||
'S_HIDDEN_FIELDS' => '<input type="hidden" name="session_id" value="' . $userdata['session_id'] . '" />',
|
||||
'S_POST_ACTION' => append_sid("profile.$phpEx?&mode=email&" . POST_USERS_URL . "=$user_id"),
|
||||
|
||||
'L_SEND_EMAIL_MSG' => $lang['Send_email_msg'],
|
||||
|
||||
@@ -80,6 +80,11 @@ if (
|
||||
isset($HTTP_POST_VARS['cancelavatar']) ||
|
||||
$mode == 'register' )
|
||||
{
|
||||
if (!isset($HTTP_POST_VARS['session_id']) || $HTTP_POST_VARS['session_id'] != $userdata['session_id'])
|
||||
{
|
||||
message_die(ERROR, 'Invalid_session_id');
|
||||
}
|
||||
|
||||
include($phpbb_root_path . 'includes/functions_validate.'.$phpEx);
|
||||
include($phpbb_root_path . 'includes/bbcode.'.$phpEx);
|
||||
include($phpbb_root_path . 'includes/functions_post.'.$phpEx);
|
||||
@@ -183,18 +188,18 @@ if (
|
||||
$password_confirm = stripslashes($password_confirm);
|
||||
|
||||
$icq = stripslashes($icq);
|
||||
$aim = stripslashes($aim);
|
||||
$msn = stripslashes($msn);
|
||||
$yim = stripslashes($yim);
|
||||
$aim = htmlspecialchars(stripslashes($aim));
|
||||
$msn = htmlspecialchars(stripslashes($msn));
|
||||
$yim = htmlspecialchars(stripslashes($yim));
|
||||
|
||||
$website = stripslashes($website);
|
||||
$location = stripslashes($location);
|
||||
$occupation = stripslashes($occupation);
|
||||
$interests = stripslashes($interests);
|
||||
$signature = stripslashes($signature);
|
||||
$website = htmlspecialchars(stripslashes($website));
|
||||
$location = htmlspecialchars(stripslashes($location));
|
||||
$occupation = htmlspecialchars(stripslashes($occupation));
|
||||
$interests = htmlspecialchars(stripslashes($interests));
|
||||
$signature = htmlspecialchars(stripslashes($signature));
|
||||
|
||||
$user_lang = stripslashes($user_lang);
|
||||
$user_dateformat = stripslashes($user_dateformat);
|
||||
$user_dateformat = htmlspecialchars(stripslashes($user_dateformat));
|
||||
|
||||
if ( !isset($HTTP_POST_VARS['cancelavatar']))
|
||||
{
|
||||
@@ -459,7 +464,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
|
||||
$emailer->assign_vars(array(
|
||||
'SITENAME' => $board_config['sitename'],
|
||||
'USERNAME' => $username,
|
||||
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
|
||||
'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']) : '',
|
||||
|
||||
'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey)
|
||||
);
|
||||
@@ -651,7 +656,7 @@ if ( $error )
|
||||
$signature = ( $signature_bbcode_uid != '' ) ? preg_replace("/:(([a-z0-9]+:)?)$signature_bbcode_uid\]/si", ']', $signature) : $signature;
|
||||
|
||||
$user_lang = stripslashes($user_lang);
|
||||
$user_dateformat = stripslashes($user_dateformat);
|
||||
$user_dateformat = htmlspecialchars(stripslashes($user_dateformat));
|
||||
|
||||
}
|
||||
else if ( $mode == 'editprofile' && !isset($HTTP_POST_VARS['avatargallery']) && !isset($HTTP_POST_VARS['submitavatar']) && !isset($HTTP_POST_VARS['cancelavatar']) )
|
||||
@@ -690,7 +695,7 @@ else if ( $mode == 'editprofile' && !isset($HTTP_POST_VARS['avatargallery']) &&
|
||||
$user_style = $userdata['user_style'];
|
||||
$user_lang = $userdata['user_lang'];
|
||||
$user_timezone = $userdata['user_timezone'];
|
||||
$user_dateformat = $userdata['user_dateformat'];
|
||||
$user_dateformat = htmlspecialchars($userdata['user_dateformat']);
|
||||
}
|
||||
|
||||
//
|
||||
@@ -721,7 +726,7 @@ if( isset($HTTP_POST_VARS['avatargallery']) && !$error )
|
||||
|
||||
$allowviewonline = !$allowviewonline;
|
||||
|
||||
display_avatar_gallery($mode, $avatar_category, $user_id, $email, $current_email, $coppa, $username, $email, &$new_password, &$cur_password, $password_confirm, $icq, $aim, $msn, $yim, $website, $location, $occupation, $interests, $signature, $viewemail, $notifypm, $popuppm, $notifyreply, $attachsig, $allowhtml, $allowbbcode, $allowsmilies, $allowviewonline, $user_style, $user_lang, $user_timezone, $user_dateformat);
|
||||
display_avatar_gallery($mode, $avatar_category, $user_id, $email, $current_email, $coppa, $username, $email, &$new_password, &$cur_password, $password_confirm, $icq, $aim, $msn, $yim, $website, $location, $occupation, $interests, $signature, $viewemail, $notifypm, $popuppm, $notifyreply, $attachsig, $allowhtml, $allowbbcode, $allowsmilies, $allowviewonline, $user_style, $user_lang, $user_timezone, $user_dateformat, $userdata['session_id']);
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -754,7 +759,7 @@ else
|
||||
}
|
||||
}
|
||||
|
||||
$s_hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" /><input type="hidden" name="agreed" value="true" /><input type="hidden" name="coppa" value="' . $coppa . '" />';
|
||||
$s_hidden_fields = '<input type="hidden" name="session_id" value="' . $userdata['session_id'] . '" /><input type="hidden" name="mode" value="' . $mode . '" /><input type="hidden" name="agreed" value="true" /><input type="hidden" name="coppa" value="' . $coppa . '" />';
|
||||
if( $mode == 'editprofile' )
|
||||
{
|
||||
$s_hidden_fields .= '<input type="hidden" name="user_id" value="' . $userdata['user_id'] . '" />';
|
||||
|
||||
@@ -76,7 +76,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
|
||||
'SITENAME' => $board_config['sitename'],
|
||||
'USERNAME' => $username,
|
||||
'PASSWORD' => $user_password,
|
||||
'EMAIL_SIG' => str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']),
|
||||
'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']) : '',
|
||||
|
||||
'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey)
|
||||
);
|
||||
|
||||
Reference in New Issue
Block a user