makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 22:28:51 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix issues with quotes in profile fields and avatars

Browse source 
git-svn-id: file:///svn/phpbb/trunk@2412 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2002-03-23 14:56:51 +00:00
parent c2ded8a7aa
commit 18c2f78c9c
2 changed files with 34 additions and 49 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
phpBB/includes/usercp_avatar.php
View file

@ -85,11 +85,11 @@ function user_avatar_url($mode, &$error, &$error_msg, $avatar_filename)
}
function user_avatar_upload($mode, $avatar_mode, $user_id, &$error, &$error_msg, $avatar_filename, $avatar_realname, $avatar_filesize, $avatar_filetype)
function user_avatar_upload($mode, $avatar_mode, &$current_avatar, &$current_type, &$error, &$error_msg, $avatar_filename, $avatar_realname, $avatar_filesize, $avatar_filetype)
{
global $board_config, $db, $lang, $images;
global $board_config, $user_ip, $db, $lang;
$ini_val = ( phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var';
$ini_val = ( @phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var';
if ( $avatar_mode == 'remote' && preg_match('/^(http:\/\/)?([\w\-\.]+)\:?([0-9]*)\/(.*)$/', $avatar_filename, $url_ary) )
{
@ -135,8 +135,8 @@ function user_avatar_upload($mode, $avatar_mode, $user_id, &$error, &$error_msg,
{
$avatar_data = substr($avatar_data, strlen($avatar_data) - $avatar_filesize, $avatar_filesize);
$tmp_path = ( !@$ini_val('safe_mode') ) ? '/tmp' : './' . $board_config['avatar_path'] . "/tmp";
$tmp_filename = tempnam($tmp_path, $userdata['user_id'] . '-');
$tmp_path = ( !@$ini_val('safe_mode') ) ? '/tmp' : './' . $board_config['avatar_path'] . '/tmp';
$tmp_filename = tempnam($tmp_path, uniqid($user_ip) . '-');
$fptr = @fopen($tmp_filename, 'wb');
$bytes_written = @fwrite($fptr, $avatar_data, $avatar_filesize);
@ -162,9 +162,6 @@ function user_avatar_upload($mode, $avatar_mode, $user_id, &$error, &$error_msg,
{
if ( $avatar_filesize <= $board_config['avatar_filesize'] && $avatar_filesize > 0 )
{
//
// Opera appends the image name after the type, not big, not clever!
//
preg_match("'image\/[x\-]*([a-z]+)'", $avatar_filetype, $avatar_filetype);
$avatar_filetype = $avatar_filetype[1];
}
@ -187,13 +184,13 @@ function user_avatar_upload($mode, $avatar_mode, $user_id, &$error, &$error_msg,
if ( $width <= $board_config['avatar_max_width'] && $height <= $board_config['avatar_max_height'] )
{
$new_filename = $user_id . $imgtype;
$new_filename = ( $current_avatar != '' && $mode != 'register' ) ? $current_avatar : uniqid($user_ip) . $imgtype;
if ( $mode == 'editprofile' && $userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && $userdata['user_avatar'] != '')
if ( $mode == 'editprofile' && $current_type == USER_AVATAR_UPLOAD && $current_avatar != '' )
{
if ( file_exists('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar']) )
if ( file_exists('./' . $board_config['avatar_path'] . '/' . $current_avatar) )
{
@unlink('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar']);
@unlink('./' . $board_config['avatar_path'] . '/' . $current_avatar);
}
}
@ -206,7 +203,7 @@ function user_avatar_upload($mode, $avatar_mode, $user_id, &$error, &$error_msg,
{
if ( @$ini_val('open_basedir') != '' )
{
if ( phpversion() < '4.0.3' )
if ( @phpversion() < '4.0.3' )
{
message_die(GENERAL_ERROR, 'open_basedir is set and your PHP version does not allow move_uploaded_file', '', __LINE__, __FILE__);
}
@ -223,7 +220,7 @@ function user_avatar_upload($mode, $avatar_mode, $user_id, &$error, &$error_msg,
@chmod('./' . $board_config['avatar_path'] . "/$new_filename", 0777);
$avatar_sql = ( $mode == 'editprofile' ) ? ", user_avatar = '$new_filename', user_avatar_type = " . USER_AVATAR_UPLOAD : "'$avatar_filename', " . USER_AVATAR_UPLOAD;
$avatar_sql = ( $mode == 'editprofile' ) ? ", user_avatar = '$new_filename', user_avatar_type = " . USER_AVATAR_UPLOAD : "'$new_filename', " . USER_AVATAR_UPLOAD;
}
else
{

58
phpBB/includes/usercp_register.php
View file

@ -147,8 +147,7 @@ if ( isset($HTTP_POST_VARS['submit']) || isset($HTTP_POST_VARS['avatargallery'])
$user_avatar_local = ( isset($HTTP_POST_VARS['avatarselect']) && !empty($HTTP_POST_VARS['submitavatar']) && $board_config['allow_avatar_local'] ) ? $HTTP_POST_VARS['avatarselect'] : ( ( isset($HTTP_POST_VARS['avatarlocal']) ) ? $HTTP_POST_VARS['avatarlocal'] : '' );
$user_avatar_remoteurl = ( !empty($HTTP_POST_VARS['avatarremoteurl']) ) ? trim($HTTP_POST_VARS['avatarremoteurl']) : '';
$user_avatar_url = ( !empty($HTTP_POST_VARS['avatarurl']) ) ? trim($HTTP_POST_VARS['avatarurl']) : '';
$user_avatar_loc = ( $HTTP_POST_FILES['avatar']['tmp_name'] != "none") ? $HTTP_POST_FILES['avatar']['tmp_name'] : '';
$user_avatar_upload = ( !empty($HTTP_POST_VARS['avatarurl']) ) ? trim($HTTP_POST_VARS['avatarurl']) : ( ( $HTTP_POST_FILES['avatar']['tmp_name'] != "none") ? $HTTP_POST_FILES['avatar']['tmp_name'] : '' );
$user_avatar_name = ( !empty($HTTP_POST_FILES['avatar']['name']) ) ? $HTTP_POST_FILES['avatar']['name'] : '';
$user_avatar_size = ( !empty($HTTP_POST_FILES['avatar']['size']) ) ? $HTTP_POST_FILES['avatar']['size'] : 0;
$user_avatar_filetype = ( !empty($HTTP_POST_FILES['avatar']['type']) ) ? $HTTP_POST_FILES['avatar']['type'] : '';
@ -337,23 +336,12 @@ if ( isset($HTTP_POST_VARS['submit']) )
{
$avatar_sql = user_avatar_delete($userdata['avatar_type'], $userdata['avatar_file']);
}
else if ( ( $user_avatar_loc != '' || !empty($user_avatar_url) || !empty($user_avatar_name) ) && $board_config['allow_avatar_upload'] )
else if ( !empty($user_avatar_upload) && $board_config['allow_avatar_upload'] )
{
if ( !empty($user_avatar_loc) && !empty($user_avatar_url) )
if ( !empty($user_avatar_upload) )
{
$error = true;
$error_msg .= ( ( !empty($error_msg) ) ? '<br />' : '' ) . $lang['Only_one_avatar'];
}
$id = ( $mode == 'register' ) ? $new_user_id : $userdata['user_id'];
if ( !empty($user_avatar_loc) )
{
$avatar_sql = user_avatar_upload($mode, 'local', $id, $error, $error_msg, $user_avatar_loc, $user_avatar_name, $user_avatar_size, $user_avatar_filetype);
}
else if ( !empty($user_avatar_url) )
{
$avatar_sql = user_avatar_upload($mode, 'remote', $id, $error, $error_msg, $user_avatar_url, $user_avatar_name, $user_avatar_size, $user_avatar_filetype);
$avatar_mode = ( !empty($user_avatar_name) ) ? 'local' : 'remote';
$avatar_sql = user_avatar_upload($mode, $avatar_mode, $userdata['user_avatar'], $userdata['user_avatar_type'], $error, $error_msg, $user_avatar_upload, $user_avatar_name, $user_avatar_size, $user_avatar_filetype);
}
else if ( !empty($user_avatar_name) )
{
@ -611,14 +599,14 @@ if ( $error )
$password_confirm = '';
$icq = stripslashes($icq);
$aim = str_replace('+', ' ', stripslashes($aim));
$msn = stripslashes($msn);
$yim = stripslashes($yim);
$aim = htmlspecialchars(str_replace('+', ' ', stripslashes($aim)));
$msn = htmlspecialchars(stripslashes($msn));
$yim = htmlspecialchars(stripslashes($yim));
$website = stripslashes($website);
$location = stripslashes($location);
$occupation = stripslashes($occupation);
$interests = stripslashes($interests);
$website = htmlspecialchars(stripslashes($website));
$location = htmlspecialchars(stripslashes($location));
$occupation = htmlspecialchars(stripslashes($occupation));
$interests = htmlspecialchars(stripslashes($interests));
$signature = stripslashes($signature);
$user_lang = stripslashes($user_lang);
@ -628,22 +616,22 @@ if ( $error )
else if ( $mode == 'editprofile' && !isset($HTTP_POST_VARS['avatargallery']) && !isset($HTTP_POST_VARS['submitavatar']) && !isset($HTTP_POST_VARS['cancelavatar']) )
{
$user_id = $userdata['user_id'];
$username = $userdata['username'];
$username = htmlspecialchars($userdata['username']);
$email = $userdata['user_email'];
$password = "";
$password_confirm = "";
$password = '';
$password_confirm = '';
$icq = $userdata['user_icq'];
$aim = str_replace('+', ' ', $userdata['user_aim']);
$msn = $userdata['user_msnm'];
$yim = $userdata['user_yim'];
$aim = htmlspecialchars(str_replace('+', ' ', $userdata['user_aim']));
$msn = htmlspecialchars($userdata['user_msnm']);
$yim = htmlspecialchars($userdata['user_yim']);
$website = $userdata['user_website'];
$location = $userdata['user_from'];
$occupation = $userdata['user_occ'];
$interests = $userdata['user_interests'];
$website = htmlspecialchars($userdata['user_website']);
$location = htmlspecialchars($userdata['user_from']);
$occupation = htmlspecialchars($userdata['user_occ']);
$interests = htmlspecialchars($userdata['user_interests']);
$signature_bbcode_uid = $userdata['user_sig_bbcode_uid'];
$signature = ( $signature_bbcode_uid != "" ) ? preg_replace("/\:(([a-z0-9]:)?)$signature_bbcode_uid/si", '', $userdata['user_sig']) : $userdata['user_sig'];
$signature = ( $signature_bbcode_uid != '' ) ? preg_replace("/\:(([a-z0-9]:)?)$signature_bbcode_uid/si", '', $userdata['user_sig']) : $userdata['user_sig'];
$viewemail = $userdata['user_viewemail'];
$notifypm = $userdata['user_notify_pm'];