- adjust unread query a bit to cope with large topics (thanks bart!)

- fixing some bugs
- more username_clean work


git-svn-id: file:///svn/phpbb/trunk@6513 89ea8834-ac86-4346-8a33-228a782c2dd0

phpBB/includes/acp/acp_email.php

@@ -28,7 +28,7 @@ class acp_email
 		$submit = (isset($_POST['submit'])) ? true : false;
 		$error = array();
 
-		$usernames	= request_var('usernames', '');
+		$usernames	= request_var('usernames', '', true);
 		$group_id	= request_var('g', 0);
 		$subject	= request_var('subject', '', true);
 		$message	= request_var('message', '', true);
@@ -57,7 +57,7 @@ class acp_email
 				{
 					$sql = 'SELECT username, user_email, user_jabber, user_notify_type, user_lang 
 						FROM ' . USERS_TABLE . '
-						WHERE ' . $db->sql_in_set('username', explode("\n", $usernames)) . '
+						WHERE ' . $db->sql_in_set('username_clean', array_map('utf8_clean_string', explode("\n", $usernames))) . '
 							AND user_allow_massemail = 1
 						ORDER BY user_lang, user_notify_type'; // , SUBSTRING(user_email FROM INSTR(user_email, '@'))
 				}

phpBB/includes/acp/acp_groups.php

@@ -30,7 +30,7 @@ class acp_groups
 		$action		= (isset($_POST['add'])) ? 'add' : ((isset($_POST['addusers'])) ? 'addusers' : request_var('action', ''));
 		$group_id	= request_var('g', 0);
 		$mark_ary	= request_var('mark', array(0));
-		$name_ary	= request_var('usernames', '');
+		$name_ary	= request_var('usernames', '', true);
 		$leader		= request_var('leader', 0);
 		$default	= request_var('default', 0);
 		$start		= request_var('start', 0);

phpBB/includes/acp/acp_permissions.php

@@ -59,8 +59,8 @@ class acp_permissions
 		$subforum_id = request_var('subforum_id', 0);
 		$forum_id = request_var('forum_id', array(0));
 
-		$username = request_var('username', array(''));
-		$usernames = request_var('usernames', '');
+		$username = request_var('username', array(''), true);
+		$usernames = request_var('usernames', '', true);
 		$user_id = request_var('user_id', array(0));
 
 		$group_id = request_var('group_id', array(0));

phpBB/includes/acp/acp_prune.php

@@ -196,17 +196,18 @@ class acp_prune
 		{
 			if (confirm_box(true))
 			{
-				$users = request_var('users', '');
+				$users = request_var('users', '', true);
 				$action = request_var('action', 'deactivate');
 				$deleteposts = request_var('deleteposts', 0);
 		
 				if ($users)
 				{
-					$where_sql = ' AND ' . $db->sql_in_set('username', explode("\n", $users));
+					$users = explode("\n", $users);
+					$where_sql = ' AND ' . $db->sql_in_set('username_clean', array_map('utf8_clean_string', $users));
 				}
 				else
 				{
-					$username = request_var('username', '');
+					$username = request_var('username', '', true);
 					$email = request_var('email', '');
 
 					$joined_select = request_var('joined_select', 'lt');
@@ -224,7 +225,7 @@ class acp_prune
 					$sort_by_types = array('username', 'user_email', 'user_posts', 'user_regdate', 'user_lastvisit');
 
 					$where_sql = '';
-					$where_sql .= ($username) ? " AND username LIKE '" . $db->sql_escape(str_replace('*', '%', $username)) . "'" : '';
+					$where_sql .= ($username) ? " AND username_clean LIKE '" . $db->sql_escape(str_replace('*', '%', utf8_clean_string($username))) . "'" : '';
 					$where_sql .= ($email) ? " AND user_email LIKE '" . $db->sql_escape(str_replace('*', '%', $email)) . "' " : '';
 					$where_sql .= (sizeof($joined)) ? " AND user_regdate " . $key_match[$joined_select] . ' ' . gmmktime(0, 0, 0, (int) $joined[1], (int) $joined[2], (int) $joined[0]) : '';
 					$where_sql .= ($count) ? " AND user_posts " . $key_match[$count_select] . " $count " : '';
@@ -244,7 +245,8 @@ class acp_prune
 				$db->sql_freeresult($result);
 
 				// Do not prune founder members
-				$sql = 'SELECT username, user_id FROM ' . USERS_TABLE . '
+				$sql = 'SELECT user_id, username
+					FROM ' . USERS_TABLE . '
 					WHERE user_id <> ' . ANONYMOUS . '
 						AND user_type <> ' . USER_FOUNDER . "
 					$where_sql";
@@ -305,7 +307,7 @@ class acp_prune
 					'prune'			=> 1,
 
 					'users'			=> request_var('users', ''),
-					'username'		=> request_var('username', ''),
+					'username'		=> request_var('username', '', true),
 					'email'			=> request_var('email', ''),
 					'joined_select'	=> request_var('joined_select', ''),
 					'joined'		=> request_var('joined', ''),

phpBB/includes/acp/acp_users.php

@@ -34,7 +34,7 @@ class acp_users
 		include($phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx);
 
 		$error		= array();
-		$username	= request_var('username', '');
+		$username	= request_var('username', '', true);
 		$user_id	= request_var('u', 0);
 		$action		= request_var('action', '');
 
@@ -86,7 +86,7 @@ class acp_users
 		{
 			$sql = 'SELECT user_id
 				FROM ' . USERS_TABLE . "
-				WHERE username = '" . $db->sql_escape($username) . "'";
+				WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
 			$result = $db->sql_query($sql);
 			$user_id = (int) $db->sql_fetchfield('user_id');
 			$db->sql_freeresult($result);
@@ -736,6 +736,7 @@ class acp_users
 						if ($update_username !== false)
 						{
 							$sql_ary['username'] = $update_username;
+							$sql_ary['username_clean'] = utf8_clean_string($update_username);
 
 							add_log('user', $user_id, 'LOG_USER_UPDATE_NAME', $user_row['username'], $update_username);
 						}