From 1d354ca387ea0d3c90465d65158adb022703bf0f Mon Sep 17 00:00:00 2001 From: dougk_ff7 Date: Wed, 12 Jun 2002 05:33:54 +0000 Subject: [PATCH] Ok, several things accomplished here... 1) Improvements to deletion of users in admin_users. This includes bug 166 and Sourceforge tracker task #49374. 2) Two security holes were patched, both pointed out by Nick Cleaton . Thanks for letting us know, Nick! That's about it for now, and it took almost all day. :P Bye for now! -Doug git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@2632 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/admin/admin_users.php | 113 +++++++++++++++++++++++++++++- phpBB/includes/bbcode.php | 2 +- phpBB/includes/functions_post.php | 5 +- 3 files changed, 115 insertions(+), 5 deletions(-) diff --git a/phpBB/admin/admin_users.php b/phpBB/admin/admin_users.php index c36faf3ca9..dc58a35cc4 100644 --- a/phpBB/admin/admin_users.php +++ b/phpBB/admin/admin_users.php @@ -525,7 +525,7 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) | $row = $db->sql_fetchrow($result); $sql = "UPDATE " . POSTS_TABLE . " - SET poster_id = " . ANONYMOUS . ", post_username = '$username' + SET poster_id = " . DELETED . ", post_username = '$username' WHERE poster_id = $user_id"; if( !$db->sql_query($sql) ) { @@ -533,12 +533,46 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) | } $sql = "UPDATE " . TOPICS_TABLE . " - SET topic_poster = " . ANONYMOUS . " + SET topic_poster = " . DELETED . " WHERE topic_poster = $user_id"; if( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not update topics for this user', '', __LINE__, __FILE__, $sql); } + + $sql = "UPDATE " . VOTE_USERS_TABLE . " + SET vote_user_id = " . DELETED . " + WHERE vote_user_id = $user_id"; + if( !$db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, 'Could not update votes for this user', '', __LINE__, __FILE__, $sql); + } + + $sql = "SELECT group_id + FROM " . GROUPS_TABLE . " + WHERE group_moderator = $user_id"; + if( !($result = $db->sql_query($sql)) ) + { + message_die(GENERAL_ERROR, 'Could not select groups where user was moderator', '', __LINE__, __FILE__, $sql); + } + + while ( $row_group = $db->sql_fetchrow($result) ) + { + $group_moderator[] = $row_group['group_id']; + } + + if ( count($group_moderator) ) + { + $update_moderator_id = implode(', ', $group_moderator); + + $sql = "UPDATE " . GROUPS_TABLE . " + SET group_moderator = " . $userdata['user_id'] . " + WHERE group_moderator IN ($update_moderator_id)"; + if( !$db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, 'Could not update group moderators', '', __LINE__, __FILE__, $sql); + } + } $sql = "DELETE FROM " . USERS_TABLE . " WHERE user_id = $user_id"; @@ -575,6 +609,80 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) | message_die(GENERAL_ERROR, 'Could not delete user from topic watch table', '', __LINE__, __FILE__, $sql); } + $sql = "SELECT privmsgs_id + FROM " . PRIVMSGS_TABLE . " + WHERE ( ( privmsgs_from_userid = $user_id + AND privmsgs_type = " . PRIVMSGS_NEW_MAIL . " ) + OR ( privmsgs_from_userid = $user_id + AND privmsgs_type = " . PRIVMSGS_SENT_MAIL . " ) + OR ( privmsgs_to_userid = $user_id + AND privmsgs_type = " . PRIVMSGS_READ_MAIL . " ) + OR ( privmsgs_to_userid = $user_id + AND privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " ) + OR ( privmsgs_from_userid = $user_id + AND privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " ) )"; + if ( !($result = $db->sql_query($sql)) ) + { + message_die(GENERAL_ERROR, 'Could not select all user\'s private messages', '', __LINE__, __FILE__, $sql); + } + + // + // This little bit of code directly from the private messaging section. + // Thanks Paul! + // + + while ( $row_privmsgs = $db->sql_fetchrow($result) ) + { + $mark_list[] = $row_privmsgs['privmsgs_id']; + } + + if ( count($mark_list) ) + { + $delete_sql_id = implode(', ', $mark_list); + + // + // We shouldn't need to worry about updating conters here... + // They are already gone! + // + + $delete_text_sql = "DELETE FROM " . PRIVMSGS_TEXT_TABLE . " + WHERE privmsgs_text_id IN ($delete_sql_id)"; + $delete_sql = "DELETE FROM " . PRIVMSGS_TABLE . " + WHERE privmsgs_id IN ($delete_sql_id)"; + + // + // Shouldn't need the switch statement here, either, as we just want + // to take out all of the private messages. This will not affect + // the other messages we want to keep; the ids are unique. + // + + if ( !$db->sql_query($delete_sql) ) + { + message_die(GENERAL_ERROR, 'Could not delete private message info', '', __LINE__, __FILE__, $delete_sql); + } + + if ( !$db->sql_query($delete_text_sql) ) + { + message_die(GENERAL_ERROR, 'Could not delete private message text', '', __LINE__, __FILE__, $delete_text_sql); + } + } + + $sql = "UPDATE " . PRIVMSGS_TABLE . " + SET privmsgs_to_userid = " . DELETED . " + WHERE privmsgs_to_userid = $user_id"; + if ( !$db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, 'Could not update private messages saved to the user', '', __LINE__, __FILE__, $sql); + } + + $sql = "UPDATE " . PRIVMSGS_TABLE . " + SET privmsgs_from_userid = " . DELETED . " + WHERE privmsgs_from_userid = $user_id"; + if ( !$db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, 'Could not update private messages saved from the user', '', __LINE__, __FILE__, $sql); + } + $message = $lang['User_deleted']; } @@ -1031,7 +1139,6 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) | } $template->pparse('body'); - } else { diff --git a/phpBB/includes/bbcode.php b/phpBB/includes/bbcode.php index f5c3cadba5..198843efd4 100644 --- a/phpBB/includes/bbcode.php +++ b/phpBB/includes/bbcode.php @@ -282,7 +282,7 @@ function bbencode_first_pass($text, $uid) $text = preg_replace("#\[i\](.*?)\[/i\]#si", "[i:$uid]\\1[/i:$uid]", $text); // [img]image_url_here[/img] code.. - $text = preg_replace("#\[img\](([a-z]+?)://([^ \"\n\r]+?))\[/img\]#si", "[img:$uid]\\1[/img:$uid]", $text); + $text = preg_replace("#\[img\]([http|https]+?://)([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+]+)\[/img\]#si", "[img:$uid]\\1\\2[/img:$uid]", $text); // Remove our padding from the string.. $text = substr($text, 1); diff --git a/phpBB/includes/functions_post.php b/phpBB/includes/functions_post.php index 9de8b08fc9..683a8eca2e 100644 --- a/phpBB/includes/functions_post.php +++ b/phpBB/includes/functions_post.php @@ -77,7 +77,10 @@ function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid if ( preg_match('/^<\/?' . $match_tag . '\b/i', $hold_string) ) { - $tagallowed = true; + if ( !preg_match('/style[="](.*?)["]/i', $hold_string) ) + { + $tagallowed = true; + } } }