makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 22:28:51 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix issues with quotes in profile fields and avatars

Browse source 
git-svn-id: file:///svn/phpbb/trunk@2412 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2002-03-23 14:56:51 +00:00
parent c2ded8a7aa
commit 18c2f78c9c
2 changed files with 34 additions and 49 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
phpBB/includes/usercp_avatar.php
View file

@ -85,11 +85,11 @@ function user_avatar_url($mode, &$error, &$error_msg, $avatar_filename)
} }
function user_avatar_upload($mode, $avatar_mode, $user_id, &$error, &$error_msg, $avatar_filename, $avatar_realname, $avatar_filesize, $avatar_filetype) function user_avatar_upload($mode, $avatar_mode, &$current_avatar, &$current_type, &$error, &$error_msg, $avatar_filename, $avatar_realname, $avatar_filesize, $avatar_filetype)
{ {
global $board_config, $db, $lang, $images; global $board_config, $user_ip, $db, $lang;
$ini_val = ( phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var'; $ini_val = ( @phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var';
if ( $avatar_mode == 'remote' && preg_match('/^(http:\/\/)?([\w\-\.]+)\:?([0-9]*)\/(.*)$/', $avatar_filename, $url_ary) ) if ( $avatar_mode == 'remote' && preg_match('/^(http:\/\/)?([\w\-\.]+)\:?([0-9]*)\/(.*)$/', $avatar_filename, $url_ary) )
{ {
@ -135,8 +135,8 @@ function user_avatar_upload($mode, $avatar_mode, $user_id, &$error, &$error_msg,
{ {
$avatar_data = substr($avatar_data, strlen($avatar_data) - $avatar_filesize, $avatar_filesize); $avatar_data = substr($avatar_data, strlen($avatar_data) - $avatar_filesize, $avatar_filesize);
$tmp_path = ( !@$ini_val('safe_mode') ) ? '/tmp' : './' . $board_config['avatar_path'] . "/tmp"; $tmp_path = ( !@$ini_val('safe_mode') ) ? '/tmp' : './' . $board_config['avatar_path'] . '/tmp';
$tmp_filename = tempnam($tmp_path, $userdata['user_id'] . '-'); $tmp_filename = tempnam($tmp_path, uniqid($user_ip) . '-');
$fptr = @fopen($tmp_filename, 'wb'); $fptr = @fopen($tmp_filename, 'wb');
$bytes_written = @fwrite($fptr, $avatar_data, $avatar_filesize); $bytes_written = @fwrite($fptr, $avatar_data, $avatar_filesize);
@ -162,9 +162,6 @@ function user_avatar_upload($mode, $avatar_mode, $user_id, &$error, &$error_msg,
{ {
if ( $avatar_filesize <= $board_config['avatar_filesize'] && $avatar_filesize > 0 ) if ( $avatar_filesize <= $board_config['avatar_filesize'] && $avatar_filesize > 0 )
{ {
//
// Opera appends the image name after the type, not big, not clever!
//
preg_match("'image\/[x\-]*([a-z]+)'", $avatar_filetype, $avatar_filetype); preg_match("'image\/[x\-]*([a-z]+)'", $avatar_filetype, $avatar_filetype);
$avatar_filetype = $avatar_filetype[1]; $avatar_filetype = $avatar_filetype[1];
} }
@ -187,13 +184,13 @@ function user_avatar_upload($mode, $avatar_mode, $user_id, &$error, &$error_msg,
if ( $width <= $board_config['avatar_max_width'] && $height <= $board_config['avatar_max_height'] ) if ( $width <= $board_config['avatar_max_width'] && $height <= $board_config['avatar_max_height'] )
{ {
$new_filename = $user_id . $imgtype; $new_filename = ( $current_avatar != '' && $mode != 'register' ) ? $current_avatar : uniqid($user_ip) . $imgtype;
if ( $mode == 'editprofile' && $userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && $userdata['user_avatar'] != '') if ( $mode == 'editprofile' && $current_type == USER_AVATAR_UPLOAD && $current_avatar != '' )
{ {
if ( file_exists('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar']) ) if ( file_exists('./' . $board_config['avatar_path'] . '/' . $current_avatar) )
{ {
@unlink('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar']); @unlink('./' . $board_config['avatar_path'] . '/' . $current_avatar);
} }
} }
@ -206,7 +203,7 @@ function user_avatar_upload($mode, $avatar_mode, $user_id, &$error, &$error_msg,
{ {
if ( @$ini_val('open_basedir') != '' ) if ( @$ini_val('open_basedir') != '' )
{ {
if ( phpversion() < '4.0.3' ) if ( @phpversion() < '4.0.3' )
{ {
message_die(GENERAL_ERROR, 'open_basedir is set and your PHP version does not allow move_uploaded_file', '', __LINE__, __FILE__); message_die(GENERAL_ERROR, 'open_basedir is set and your PHP version does not allow move_uploaded_file', '', __LINE__, __FILE__);
} }
@ -223,7 +220,7 @@ function user_avatar_upload($mode, $avatar_mode, $user_id, &$error, &$error_msg,
@chmod('./' . $board_config['avatar_path'] . "/$new_filename", 0777); @chmod('./' . $board_config['avatar_path'] . "/$new_filename", 0777);
$avatar_sql = ( $mode == 'editprofile' ) ? ", user_avatar = '$new_filename', user_avatar_type = " . USER_AVATAR_UPLOAD : "'$avatar_filename', " . USER_AVATAR_UPLOAD; $avatar_sql = ( $mode == 'editprofile' ) ? ", user_avatar = '$new_filename', user_avatar_type = " . USER_AVATAR_UPLOAD : "'$new_filename', " . USER_AVATAR_UPLOAD;
} }
else else
{ {

58
phpBB/includes/usercp_register.php
View file

@ -147,8 +147,7 @@ if ( isset($HTTP_POST_VARS['submit']) || isset($HTTP_POST_VARS['avatargallery'])
$user_avatar_local = ( isset($HTTP_POST_VARS['avatarselect']) && !empty($HTTP_POST_VARS['submitavatar']) && $board_config['allow_avatar_local'] ) ? $HTTP_POST_VARS['avatarselect'] : ( ( isset($HTTP_POST_VARS['avatarlocal']) ) ? $HTTP_POST_VARS['avatarlocal'] : '' ); $user_avatar_local = ( isset($HTTP_POST_VARS['avatarselect']) && !empty($HTTP_POST_VARS['submitavatar']) && $board_config['allow_avatar_local'] ) ? $HTTP_POST_VARS['avatarselect'] : ( ( isset($HTTP_POST_VARS['avatarlocal']) ) ? $HTTP_POST_VARS['avatarlocal'] : '' );
$user_avatar_remoteurl = ( !empty($HTTP_POST_VARS['avatarremoteurl']) ) ? trim($HTTP_POST_VARS['avatarremoteurl']) : ''; $user_avatar_remoteurl = ( !empty($HTTP_POST_VARS['avatarremoteurl']) ) ? trim($HTTP_POST_VARS['avatarremoteurl']) : '';
$user_avatar_url = ( !empty($HTTP_POST_VARS['avatarurl']) ) ? trim($HTTP_POST_VARS['avatarurl']) : ''; $user_avatar_upload = ( !empty($HTTP_POST_VARS['avatarurl']) ) ? trim($HTTP_POST_VARS['avatarurl']) : ( ( $HTTP_POST_FILES['avatar']['tmp_name'] != "none") ? $HTTP_POST_FILES['avatar']['tmp_name'] : '' );
$user_avatar_loc = ( $HTTP_POST_FILES['avatar']['tmp_name'] != "none") ? $HTTP_POST_FILES['avatar']['tmp_name'] : '';
$user_avatar_name = ( !empty($HTTP_POST_FILES['avatar']['name']) ) ? $HTTP_POST_FILES['avatar']['name'] : ''; $user_avatar_name = ( !empty($HTTP_POST_FILES['avatar']['name']) ) ? $HTTP_POST_FILES['avatar']['name'] : '';
$user_avatar_size = ( !empty($HTTP_POST_FILES['avatar']['size']) ) ? $HTTP_POST_FILES['avatar']['size'] : 0; $user_avatar_size = ( !empty($HTTP_POST_FILES['avatar']['size']) ) ? $HTTP_POST_FILES['avatar']['size'] : 0;
$user_avatar_filetype = ( !empty($HTTP_POST_FILES['avatar']['type']) ) ? $HTTP_POST_FILES['avatar']['type'] : ''; $user_avatar_filetype = ( !empty($HTTP_POST_FILES['avatar']['type']) ) ? $HTTP_POST_FILES['avatar']['type'] : '';
@ -337,23 +336,12 @@ if ( isset($HTTP_POST_VARS['submit']) )
{ {
$avatar_sql = user_avatar_delete($userdata['avatar_type'], $userdata['avatar_file']); $avatar_sql = user_avatar_delete($userdata['avatar_type'], $userdata['avatar_file']);
} }
else if ( ( $user_avatar_loc != '' || !empty($user_avatar_url) || !empty($user_avatar_name) ) && $board_config['allow_avatar_upload'] ) else if ( !empty($user_avatar_upload) && $board_config['allow_avatar_upload'] )
{ {
if ( !empty($user_avatar_loc) && !empty($user_avatar_url) ) if ( !empty($user_avatar_upload) )
{ {
$error = true; $avatar_mode = ( !empty($user_avatar_name) ) ? 'local' : 'remote';
$error_msg .= ( ( !empty($error_msg) ) ? '<br />' : '' ) . $lang['Only_one_avatar']; $avatar_sql = user_avatar_upload($mode, $avatar_mode, $userdata['user_avatar'], $userdata['user_avatar_type'], $error, $error_msg, $user_avatar_upload, $user_avatar_name, $user_avatar_size, $user_avatar_filetype);
}
$id = ( $mode == 'register' ) ? $new_user_id : $userdata['user_id'];
if ( !empty($user_avatar_loc) )
{
$avatar_sql = user_avatar_upload($mode, 'local', $id, $error, $error_msg, $user_avatar_loc, $user_avatar_name, $user_avatar_size, $user_avatar_filetype);
}
else if ( !empty($user_avatar_url) )
{
$avatar_sql = user_avatar_upload($mode, 'remote', $id, $error, $error_msg, $user_avatar_url, $user_avatar_name, $user_avatar_size, $user_avatar_filetype);
} }
else if ( !empty($user_avatar_name) ) else if ( !empty($user_avatar_name) )
{ {
@ -611,14 +599,14 @@ if ( $error )
$password_confirm = ''; $password_confirm = '';
$icq = stripslashes($icq); $icq = stripslashes($icq);
$aim = str_replace('+', ' ', stripslashes($aim)); $aim = htmlspecialchars(str_replace('+', ' ', stripslashes($aim)));
$msn = stripslashes($msn); $msn = htmlspecialchars(stripslashes($msn));
$yim = stripslashes($yim); $yim = htmlspecialchars(stripslashes($yim));
$website = stripslashes($website); $website = htmlspecialchars(stripslashes($website));
$location = stripslashes($location); $location = htmlspecialchars(stripslashes($location));
$occupation = stripslashes($occupation); $occupation = htmlspecialchars(stripslashes($occupation));
$interests = stripslashes($interests); $interests = htmlspecialchars(stripslashes($interests));
$signature = stripslashes($signature); $signature = stripslashes($signature);
$user_lang = stripslashes($user_lang); $user_lang = stripslashes($user_lang);
@ -628,22 +616,22 @@ if ( $error )
else if ( $mode == 'editprofile' && !isset($HTTP_POST_VARS['avatargallery']) && !isset($HTTP_POST_VARS['submitavatar']) && !isset($HTTP_POST_VARS['cancelavatar']) ) else if ( $mode == 'editprofile' && !isset($HTTP_POST_VARS['avatargallery']) && !isset($HTTP_POST_VARS['submitavatar']) && !isset($HTTP_POST_VARS['cancelavatar']) )
{ {
$user_id = $userdata['user_id']; $user_id = $userdata['user_id'];
$username = $userdata['username']; $username = htmlspecialchars($userdata['username']);
$email = $userdata['user_email']; $email = $userdata['user_email'];
$password = ""; $password = '';
$password_confirm = ""; $password_confirm = '';
$icq = $userdata['user_icq']; $icq = $userdata['user_icq'];
$aim = str_replace('+', ' ', $userdata['user_aim']); $aim = htmlspecialchars(str_replace('+', ' ', $userdata['user_aim']));
$msn = $userdata['user_msnm']; $msn = htmlspecialchars($userdata['user_msnm']);
$yim = $userdata['user_yim']; $yim = htmlspecialchars($userdata['user_yim']);
$website = $userdata['user_website']; $website = htmlspecialchars($userdata['user_website']);
$location = $userdata['user_from']; $location = htmlspecialchars($userdata['user_from']);
$occupation = $userdata['user_occ']; $occupation = htmlspecialchars($userdata['user_occ']);
$interests = $userdata['user_interests']; $interests = htmlspecialchars($userdata['user_interests']);
$signature_bbcode_uid = $userdata['user_sig_bbcode_uid']; $signature_bbcode_uid = $userdata['user_sig_bbcode_uid'];
$signature = ( $signature_bbcode_uid != "" ) ? preg_replace("/\:(([a-z0-9]:)?)$signature_bbcode_uid/si", '', $userdata['user_sig']) : $userdata['user_sig']; $signature = ( $signature_bbcode_uid != '' ) ? preg_replace("/\:(([a-z0-9]:)?)$signature_bbcode_uid/si", '', $userdata['user_sig']) : $userdata['user_sig'];
$viewemail = $userdata['user_viewemail']; $viewemail = $userdata['user_viewemail'];
$notifypm = $userdata['user_notify_pm']; $notifypm = $userdata['user_notify_pm'];