- now username changes should work as desired

- removed some extract() calls


git-svn-id: file:///svn/phpbb/trunk@6517 89ea8834-ac86-4346-8a33-228a782c2dd0

phpBB/includes/acp/acp_styles.php

@@ -1353,16 +1353,19 @@ pagination_sep = \'{PAGINATION_SEP}\'
 		if ($imageset_id)
 		{
 			$sql_select = ($imgname) ? ", $imgname" : '';
+
 			$sql = "SELECT imageset_path, imageset_name, imageset_copyright$sql_select
 				FROM " . STYLES_IMAGESET_TABLE . "
 				WHERE imageset_id = $imageset_id";
 			$result = $db->sql_query($sql);
+			$imageset_row = $db->sql_fetchrow($result);
+			$db->sql_freeresult($result);
 
-			if (!extract($db->sql_fetchrow($result)))
+			if (!$imageset_row)
 			{
 				trigger_error($user->lang['NO_IMAGESET'] . adm_back_link($this->u_action), E_USER_WARNING);
 			}
-			$db->sql_freeresult($result);
+			extract($imageset_row);
 
 			// Check to see whether the selected image exists in the table
 			$valid_name = ($update) ? false : true;

phpBB/includes/acp/acp_users.php

@@ -635,7 +635,7 @@ class acp_users
 					// Get the data from the form. Use data from the database if no info is provided
 					foreach ($var_ary as $var => $default)
 					{
-						$data[$var] = request_var($var, $default);
+						$data[$var] = ($var == 'user') ? request_var($var, $default, true) : request_var($var, $default);
 					}
 
 					// We use user within the form to circumvent auto filling
@@ -984,7 +984,7 @@ class acp_users
 
 					foreach ($var_ary as $var => $default)
 					{
-						$data[$var] = (in_array($var, array('location', 'occupation', 'interests'))) ? request_var($var, $default, true) : $data[$var] = request_var($var, $default);
+						$data[$var] = (in_array($var, array('location', 'occupation', 'interests'))) ? request_var($var, $default, true) : request_var($var, $default);
 					}
 
 					$var_ary = array(

phpBB/includes/auth.php

@@ -707,7 +707,7 @@ class auth
 				// we are going to use the user_add function so include functions_user.php if it wasn't defined yet
 				if (!function_exists('user_add'))
 				{
-					include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+					include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
 				}
 
 				user_add($login['user_row'], (isset($login['cp_data'])) ? $login['cp_data'] : false);

phpBB/includes/functions.php

@@ -2249,7 +2249,7 @@ function generate_text_for_display($text, $uid, $bitfield, $flags)
 		if (!class_exists('bbcode'))
 		{
 			global $phpbb_root_path, $phpEx;
-			include_once($phpbb_root_path . 'includes/bbcode.' . $phpEx);
+			include($phpbb_root_path . 'includes/bbcode.' . $phpEx);
 		}
 
 		if (empty($bbcode))
@@ -2287,7 +2287,7 @@ function generate_text_for_storage(&$text, &$uid, &$bitfield, &$flags, $allow_bb
 
 	if (!class_exists('parse_message'))
 	{
-		include_once($phpbb_root_path . 'includes/message_parser.' . $phpEx);
+		include($phpbb_root_path . 'includes/message_parser.' . $phpEx);
 	}
 
 	$message_parser = new parse_message($text);
@@ -2419,7 +2419,7 @@ function parse_inline_attachments(&$text, &$attachments, &$update_count, $forum_
 	if (!function_exists('display_attachments'))
 	{
 		global $phpbb_root_path, $phpEx;
-		include_once("{$phpbb_root_path}includes/functions_display.$phpEx");
+		include("{$phpbb_root_path}includes/functions_display.$phpEx");
 	}
 
 	$attachments = display_attachments($forum_id, NULL, $attachments, $update_count, false, true);

phpBB/includes/template.php

@@ -197,7 +197,11 @@ class template
 
 		global $db, $phpbb_root_path;
 
-		include_once($phpbb_root_path . 'includes/functions_template.' . $phpEx);
+		if (!class_exists('template_compile'))
+		{
+			include($phpbb_root_path . 'includes/functions_template.' . $phpEx);
+		}
+
 		$compile = new template_compile($this);
 
 		// If the file for this handle is already loaded and compiled, do nothing.

phpBB/includes/ucp/ucp_profile.php

@@ -33,9 +33,7 @@ class ucp_profile
 		{
 			case 'reg_details':
 
-				if ($submit)
+				$data = array(
-				{
-					$var_ary = array(
 					'username'			=> $user->data['username'],
 					'email'				=> $user->data['user_email'],
 					'email_confirm'		=> (string) '',
@@ -44,9 +42,11 @@ class ucp_profile
 					'password_confirm'	=> (string) '',
 				);
 
-					foreach ($var_ary as $var => $default)
+				if ($submit)
 				{
-						$data[$var] = request_var($var, $default);
+					foreach ($data as $var => $default)
+					{
+						$data[$var] = ($var == 'username') ? request_var($var, $default, true) : request_var($var, $default);
 					}
 
 					// Do not check cur_password, it is the old one.
@@ -70,26 +70,24 @@ class ucp_profile
 					}
 
 					$error = validate_data($data, $var_ary);
-					extract($data);
-					unset($data);
 
-					if ($auth->acl_get('u_chgpasswd') && $new_password && $password_confirm != $new_password)
+					if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && $data['password_confirm'] != $data['new_password'])
 					{
 						$error[] = 'NEW_PASSWORD_ERROR';
 					}
 
-					if (($new_password || ($auth->acl_get('u_chgemail') && $email != $user->data['user_email']) || ($username != $user->data['username'] && $auth->acl_get('u_chgname') && $config['allow_namechange'])) && md5($cur_password) != $user->data['user_password'])
+					if (($data['new_password'] || ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email']) || ($data['username'] != $user->data['username'] && $auth->acl_get('u_chgname') && $config['allow_namechange'])) && md5($data['cur_password']) != $user->data['user_password'])
 					{
 						$error[] = 'CUR_PASSWORD_ERROR';
 					}
 
 					// Only check the new password against the previous password if there have been no errors
-					if (!sizeof($error) && $auth->acl_get('u_chgpasswd') && $new_password && md5($new_password) == $user->data['user_password'])
+					if (!sizeof($error) && $auth->acl_get('u_chgpasswd') && $data['new_password'] && md5($data['new_password']) == $user->data['user_password'])
 					{
 						$error[] = 'SAME_PASSWORD_ERROR';
 					}
 
-					if ($auth->acl_get('u_chgemail') && $email != $user->data['user_email'] && $email_confirm != $email)
+					if ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email'] && $data['email_confirm'] != $data['email'])
 					{
 						$error[] = 'NEW_EMAIL_ERROR';
 					}
@@ -97,31 +95,31 @@ class ucp_profile
 					if (!sizeof($error))
 					{
 						$sql_ary = array(
-							'username'			=> ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? $username : $user->data['username'],
+							'username'			=> ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? $data['username'] : $user->data['username'],
-							'username_clean'	=> ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? utf8_clean_string($username) : $user->data['username_clean'],
+							'username_clean'	=> ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? utf8_clean_string($data['username']) : $user->data['username_clean'],
-							'user_email'		=> ($auth->acl_get('u_chgemail')) ? $email : $user->data['user_email'],
+							'user_email'		=> ($auth->acl_get('u_chgemail')) ? $data['email'] : $user->data['user_email'],
-							'user_email_hash'	=> ($auth->acl_get('u_chgemail')) ? crc32(strtolower($email)) . strlen($email) : $user->data['user_email_hash'],
+							'user_email_hash'	=> ($auth->acl_get('u_chgemail')) ? crc32(strtolower($data['email'])) . strlen($data['email']) : $user->data['user_email_hash'],
-							'user_password'		=> ($auth->acl_get('u_chgpasswd') && $new_password) ? md5($new_password) : $user->data['user_password'],
+							'user_password'		=> ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? md5($data['new_password']) : $user->data['user_password'],
-							'user_passchg'		=> ($auth->acl_get('u_chgpasswd') && $new_password) ? time() : 0,
+							'user_passchg'		=> ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? time() : 0,
 						);
 
-						if ($auth->acl_get('u_chgname') && $config['allow_namechange'] && $username != $user->data['username'])
+						if ($auth->acl_get('u_chgname') && $config['allow_namechange'] && $data['username'] != $user->data['username'])
 						{
-							add_log('user', $user->data['user_id'], 'LOG_USER_UPDATE_NAME', $user->data['username'], $username);
+							add_log('user', $user->data['user_id'], 'LOG_USER_UPDATE_NAME', $user->data['username'], $data['username']);
 						}
 
-						if ($auth->acl_get('u_chgpasswd') && $new_password && md5($new_password) != $user->data['user_password'])
+						if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && md5($data['new_password']) != $user->data['user_password'])
 						{
 							$user->reset_login_keys();
-							add_log('user', $user->data['user_id'], 'LOG_USER_NEW_PASSWORD', $username);
+							add_log('user', $user->data['user_id'], 'LOG_USER_NEW_PASSWORD', $data['username']);
 						}
 
-						if ($auth->acl_get('u_chgemail') && $email != $user->data['user_email'])
+						if ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email'])
 						{
-							add_log('user', $user->data['user_id'], 'LOG_USER_UPDATE_EMAIL', $username, $user->data['user_email'], $email);
+							add_log('user', $user->data['user_id'], 'LOG_USER_UPDATE_EMAIL', $data['username'], $user->data['user_email'], $data['email']);
 						}
 
-						if ($config['email_enable'] && $email != $user->data['user_email'] && $user->data['user_type'] != USER_FOUNDER && ($config['require_activation'] == USER_ACTIVATION_SELF || $config['require_activation'] == USER_ACTIVATION_ADMIN))
+						if ($config['email_enable'] && $data['email'] != $user->data['user_email'] && $user->data['user_type'] != USER_FOUNDER && ($config['require_activation'] == USER_ACTIVATION_SELF || $config['require_activation'] == USER_ACTIVATION_ADMIN))
 						{
 							include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
 
@@ -138,7 +136,7 @@ class ucp_profile
 							$messenger->template($template_file, $user->data['user_lang']);
 
 							$messenger->replyto($config['board_contact']);
-							$messenger->to($email, $username);
+							$messenger->to($data['email'], $data['username']);
 
 							$messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']);
 							$messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']);
@@ -147,7 +145,7 @@ class ucp_profile
 
 							$messenger->assign_vars(array(
 								'SITENAME'		=> $config['sitename'],
-								'USERNAME'		=> html_entity_decode($username),
+								'USERNAME'		=> html_entity_decode($username, ENT_QUOTES, 'UTF-8'),
 								'EMAIL_SIG'		=> str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']),
 
 								'U_ACTIVATE'	=> "$server_url/ucp.$phpEx?mode=activate&u={$user->data['user_id']}&k=$user_actkey")
@@ -157,12 +155,21 @@ class ucp_profile
 
 							if ($config['require_activation'] == USER_ACTIVATION_ADMIN)
 							{
-								// Grab an array of user_id's with a_user permissions
+								// Grab an array of user_id's with a_user permissions ... these users can activate a user
 								$admin_ary = $auth->acl_get_list(false, 'a_user', false);
+								$admin_ary = (!empty($admin_ary[0]['a_user'])) ? $admin_ary[0]['a_user'] : array();
+
+								// Also include founders
+								$where_sql = ' WHERE user_type = ' . USER_FOUNDER;
+
+								if (sizeof($admin_ary))
+								{
+									$where_sql .= ' OR ' . $db->sql_in_set('user_id', $admin_ary);
+								}
 
 								$sql = 'SELECT user_id, username, user_email, user_lang, user_jabber, user_notify_type
-									FROM ' . USERS_TABLE . '
+									FROM ' . USERS_TABLE . ' ' .
-									WHERE ' . $db->sql_in_set('user_id', $admin_ary[0]['a_user']);
+									$where_sql;
 								$result = $db->sql_query($sql);
 
 								while ($row = $db->sql_fetchrow($result))
@@ -173,7 +180,7 @@ class ucp_profile
 									$messenger->im($row['user_jabber'], $row['username']);
 
 									$messenger->assign_vars(array(
-										'USERNAME'		=> html_entity_decode($username),
+										'USERNAME'		=> html_entity_decode($username, ENT_QUOTES, 'UTF-8'),
 										'EMAIL_SIG'		=> str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']),
 
 										'U_ACTIVATE'	=> "$server_url/ucp.$phpEx?mode=activate&u={$user->data['user_id']}&k=$user_actkey")
@@ -202,9 +209,9 @@ class ucp_profile
 						}
 
 						// Need to update config, forum, topic, posting, messages, etc.
-						if ($username != $user->data['username'] && $auth->acl_get('u_chgname') && $config['allow_namechange'])
+						if ($data['username'] != $user->data['username'] && $auth->acl_get('u_chgname') && $config['allow_namechange'])
 						{
-							user_update_name($user->data['username'], $username);
+							user_update_name($user->data['username'], $data['username']);
 						}
 
 						meta_refresh(3, $this->u_action);
@@ -222,10 +229,10 @@ class ucp_profile
 				$template->assign_vars(array(
 					'ERROR'				=> (sizeof($error)) ? implode('<br />', $error) : '',
 
-					'USERNAME'			=> (isset($username)) ? $username : $user->data['username'],
+					'USERNAME'			=> $data['username'],
-					'EMAIL'				=> (isset($email)) ? $email : $user->data['user_email'],
+					'EMAIL'				=> $data['email'],
-					'PASSWORD_CONFIRM'	=> (isset($password_confirm)) ? $password_confirm : '',
+					'PASSWORD_CONFIRM'	=> $data['password_confirm'],
-					'NEW_PASSWORD'		=> (isset($new_password)) ? $new_password : '',
+					'NEW_PASSWORD'		=> $data['new_password'],
 					'CUR_PASSWORD'		=> '',
 
 					'L_USERNAME_EXPLAIN'		=> sprintf($user->lang[$user_char_ary[str_replace('\\\\', '\\', $config['allow_name_chars'])] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']),
@@ -246,24 +253,29 @@ class ucp_profile
 
 				$cp_data = $cp_error = array();
 
-				if ($submit)
+				$data = array(
-				{
+					'icq'			=> (string) $user->data['user_icq'],
-					$var_ary = array(
+					'aim'			=> (string) $user->data['user_aim'],
-						'icq'			=> (string) '',
+					'msn'			=> (string) $user->data['user_msnm'],
-						'aim'			=> (string) '',
+					'yim'			=> (string) $user->data['user_yim'],
-						'msn'			=> (string) '',
+					'jabber'		=> (string) $user->data['user_jabber'],
-						'yim'			=> (string) '',
+					'website'		=> (string) $user->data['user_website'],
-						'jabber'		=> (string) '',
+					'location'		=> (string) $user->data['user_from'],
-						'website'		=> (string) '',
+					'occupation'	=> (string) $user->data['user_occ'],
-						'location'		=> (string) '',
+					'interests'		=> (string) $user->data['user_interests'],
-						'occupation'	=> (string) '',
-						'interests'		=> (string) '',
 					'bday_day'		=> 0,
 					'bday_month'	=> 0,
 					'bday_year'		=> 0,
 				);
 
-					foreach ($var_ary as $var => $default)
+				if ($user->data['user_birthday'])
+				{
+					list($data['bday_day'], $data['bday_month'], $data['bday_year']) = explode('-', $user->data['user_birthday']);
+				}
+
+				if ($submit)
+				{
+					foreach ($data as $var => $default)
 					{
 						$data[$var] = (in_array($var, array('location', 'occupation', 'interests'))) ? request_var($var, $default, true) : request_var($var, $default);
 					}
@@ -290,8 +302,6 @@ class ucp_profile
 					);
 
 					$error = validate_data($data, $var_ary);
-					extract($data);
-					unset($data);
 
 					// validate custom profile fields
 					$cp->submit_cp_field('profile', $user->get_iso_lang_id(), $cp_data, $cp_error);
@@ -304,16 +314,16 @@ class ucp_profile
 					if (!sizeof($error))
 					{
 						$sql_ary = array(
-							'user_icq'		=> $icq,
+							'user_icq'		=> $data['icq'],
-							'user_aim'		=> $aim,
+							'user_aim'		=> $data['aim'],
-							'user_msnm'		=> $msn,
+							'user_msnm'		=> $data['msn'],
-							'user_yim'		=> $yim,
+							'user_yim'		=> $data['yim'],
-							'user_jabber'	=> $jabber,
+							'user_jabber'	=> $data['jabber'],
-							'user_website'	=> $website,
+							'user_website'	=> $data['website'],
-							'user_from'		=> $location,
+							'user_from'		=> $data['location'],
-							'user_occ'		=> $occupation,
+							'user_occ'		=> $data['occupation'],
-							'user_interests'=> $interests,
+							'user_interests'=> $data['interests'],
-							'user_birthday'	=> sprintf('%2d-%2d-%4d', $bday_day, $bday_month, $bday_year),
+							'user_birthday'	=> sprintf('%2d-%2d-%4d', $data['bday_day'], $data['bday_month'], $data['bday_year']),
 						);
 
 						$sql = 'UPDATE ' . USERS_TABLE . '
@@ -351,38 +361,26 @@ class ucp_profile
 					$error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error);
 				}
 
-				if (!isset($bday_day))
+				$s_birthday_day_options = '<option value="0"' . ((!$data['bday_day']) ? ' selected="selected"' : '') . '>--</option>';
-				{
-					if ($user->data['user_birthday'])
-					{
-						list($bday_day, $bday_month, $bday_year) = explode('-', $user->data['user_birthday']);
-					}
-					else
-					{
-						$bday_day = $bday_month = $bday_year = 0;
-					}
-				}
-
-				$s_birthday_day_options = '<option value="0"' . ((!$bday_day) ? ' selected="selected"' : '') . '>--</option>';
 				for ($i = 1; $i < 32; $i++)
 				{
-					$selected = ($i == $bday_day) ? ' selected="selected"' : '';
+					$selected = ($i == $data['bday_day']) ? ' selected="selected"' : '';
 					$s_birthday_day_options .= "<option value=\"$i\"$selected>$i</option>";
 				}
 
-				$s_birthday_month_options = '<option value="0"' . ((!$bday_month) ? ' selected="selected"' : '') . '>--</option>';
+				$s_birthday_month_options = '<option value="0"' . ((!$data['bday_month']) ? ' selected="selected"' : '') . '>--</option>';
 				for ($i = 1; $i < 13; $i++)
 				{
-					$selected = ($i == $bday_month) ? ' selected="selected"' : '';
+					$selected = ($i == $data['bday_month']) ? ' selected="selected"' : '';
 					$s_birthday_month_options .= "<option value=\"$i\"$selected>$i</option>";
 				}
 				$s_birthday_year_options = '';
 
 				$now = getdate();
-				$s_birthday_year_options = '<option value="0"' . ((!$bday_year) ? ' selected="selected"' : '') . '>--</option>';
+				$s_birthday_year_options = '<option value="0"' . ((!$data['bday_year']) ? ' selected="selected"' : '') . '>--</option>';
 				for ($i = $now['year'] - 100; $i < $now['year']; $i++)
 				{
-					$selected = ($i == $bday_year) ? ' selected="selected"' : '';
+					$selected = ($i == $data['bday_year']) ? ' selected="selected"' : '';
 					$s_birthday_year_options .= "<option value=\"$i\"$selected>$i</option>";
 				}
 				unset($now);
@@ -390,15 +388,15 @@ class ucp_profile
 				$template->assign_vars(array(
 					'ERROR'		=> (sizeof($error)) ? implode('<br />', $error) : '',
 
-					'ICQ'		=> (isset($icq)) ? $icq : $user->data['user_icq'],
+					'ICQ'		=> $data['icq'],
-					'YIM'		=> (isset($yim)) ? $yim : $user->data['user_yim'],
+					'YIM'		=> $data['yim'],
-					'AIM'		=> (isset($aim)) ? $aim : $user->data['user_aim'],
+					'AIM'		=> $data['aim'],
-					'MSN'		=> (isset($msn)) ? $msn : $user->data['user_msnm'],
+					'MSN'		=> $data['msn'],
-					'JABBER'	=> (isset($jabber)) ? $jabber : $user->data['user_jabber'],
+					'JABBER'	=> $data['jabber'],
-					'WEBSITE'	=> (isset($website)) ? $website : $user->data['user_website'],
+					'WEBSITE'	=> $data['website'],
-					'LOCATION'	=> (isset($location)) ? $location : $user->data['user_from'],
+					'LOCATION'	=> $data['location'],
-					'OCCUPATION'=> (isset($occupation)) ? $occupation : $user->data['user_occ'],
+					'OCCUPATION'=> $data['occupation'],
-					'INTERESTS'	=> (isset($interests)) ? $interests : $user->data['user_interests'],
+					'INTERESTS'	=> $data['interests'],
 
 					'S_BIRTHDAY_DAY_OPTIONS'	=> $s_birthday_day_options,
 					'S_BIRTHDAY_MONTH_OPTIONS'	=> $s_birthday_month_options,
@@ -607,9 +605,6 @@ class ucp_profile
 						trigger_error($message);
 					}
 
-					extract($data);
-					unset($data);
-
 					// Replace "error" strings with their real, localised form
 					$error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error);
 				}
@@ -653,8 +648,8 @@ class ucp_profile
 					$template->assign_vars(array(
 						'AVATAR'		=> $avatar_img,
 						'AVATAR_SIZE'	=> $config['avatar_filesize'],
-						'WIDTH'			=> (isset($width)) ? $width : $user->data['user_avatar_width'],
+						'WIDTH'			=> (isset($data['width'])) ? $data['width'] : $user->data['user_avatar_width'],
-						'HEIGHT'		=> (isset($height)) ? $height : $user->data['user_avatar_height'],
+						'HEIGHT'		=> (isset($data['height'])) ? $data['height'] : $user->data['user_avatar_height'],
 
 						'S_UPLOAD_AVATAR_FILE'	=> $can_upload,
 						'S_UPLOAD_AVATAR_URL'	=> $can_upload,

phpBB/includes/ucp/ucp_register.php

@@ -127,7 +127,7 @@ class ucp_register
 		{
 			foreach ($var_ary as $var => $default)
 			{
-				$$var = request_var($var, $default, true);
+				$data[$var] = ($var == 'username') ? request_var($var, $default, true) : request_var($var, $default);
 			}
 		}
 
@@ -136,7 +136,7 @@ class ucp_register
 		{
 			foreach ($var_ary as $var => $default)
 			{
-				$data[$var] = request_var($var, $default, true);
+				$data[$var] = ($var == 'username') ? request_var($var, $default, true) : request_var($var, $default);
 			}
 
 			$var_ary = array(
@@ -157,8 +157,6 @@ class ucp_register
 			);
 
 			$error = validate_data($data, $var_ary);
-			extract($data);
-			unset($data);
 
 			// Replace "error" strings with their real, localised form
 			$error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error);
@@ -197,7 +195,7 @@ class ucp_register
 
 					if ($row)
 					{
-						if (strcasecmp($row['code'], $confirm_code) === 0)
+						if (strcasecmp($row['code'], $data['confirm_code']) === 0)
 						{
 							$sql = 'DELETE FROM ' . CONFIRM_TABLE . "
 								WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "'
@@ -221,12 +219,12 @@ class ucp_register
 
 			if (!sizeof($error))
 			{
-				if ($new_password != $password_confirm)
+				if ($data['new_password'] != $data['password_confirm'])
 				{
 					$error[] = $user->lang['NEW_PASSWORD_ERROR'];
 				}
 
-				if ($email != $email_confirm)
+				if ($data['email'] != $data['email_confirm'])
 				{
 					$error[] = $user->lang['NEW_EMAIL_ERROR'];
 				}
@@ -262,6 +260,7 @@ class ucp_register
 					$key_len = 54 - (strlen($server_url));
 					$key_len = ($key_len < 6) ? 6 : $key_len;
 					$user_actkey = substr($user_actkey, 0, $key_len);
+
 					$user_type = USER_INACTIVE;
 					$user_inactive_reason = INACTIVE_REGISTER;
 					$user_inactive_time = time();
@@ -275,13 +274,13 @@ class ucp_register
 				}
 
 				$user_row = array(
-					'username'				=> $username,
+					'username'				=> $data['username'],
-					'user_password'			=> md5($new_password),
+					'user_password'			=> md5($data['new_password']),
-					'user_email'			=> $email,
+					'user_email'			=> $data['email'],
 					'group_id'				=> (int) $group_id,
-					'user_timezone'			=> (float) $tz,
+					'user_timezone'			=> (float) $data['tz'],
 					'user_dst'				=> $is_dst,
-					'user_lang'				=> $lang,
+					'user_lang'				=> $data['lang'],
 					'user_type'				=> $user_type,
 					'user_actkey'			=> $user_actkey,
 					'user_ip'				=> $user->ip,
@@ -326,10 +325,10 @@ class ucp_register
 
 					$messenger = new messenger(false);
 
-					$messenger->template($email_template, $lang);
+					$messenger->template($email_template, $data['lang']);
 
 					$messenger->replyto($config['board_contact']);
-					$messenger->to($email, $username);
+					$messenger->to($data['email'], $data['username']);
 
 					$messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']);
 					$messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']);
@@ -339,7 +338,7 @@ class ucp_register
 					$messenger->assign_vars(array(
 						'SITENAME'		=> $config['sitename'],
 						'WELCOME_MSG'	=> sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename']),
-						'USERNAME'		=> html_entity_decode($username),
+						'USERNAME'		=> html_entity_decode($username, ENT_QUOTES, 'UTF-8'),
 						'PASSWORD'		=> html_entity_decode($password_confirm),
 						'EMAIL_SIG'		=> str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']),
 
@@ -351,7 +350,7 @@ class ucp_register
 						$messenger->assign_vars(array(
 							'FAX_INFO'		=> $config['coppa_fax'],
 							'MAIL_INFO'		=> $config['coppa_mail'],
-							'EMAIL_ADDRESS'	=> $email,
+							'EMAIL_ADDRESS'	=> $data['email'],
 							'SITENAME'		=> $config['sitename'])
 						);
 					}
@@ -385,7 +384,7 @@ class ucp_register
 							$messenger->im($row['user_jabber'], $row['username']);
 
 							$messenger->assign_vars(array(
-								'USERNAME'		=> html_entity_decode($username),
+								'USERNAME'		=> html_entity_decode($username, ENT_QUOTES, 'UTF-8'),
 								'EMAIL_SIG'		=> str_replace('<br />', "\n", "-- \n" . $config['board_email_sig']),
 
 								'U_ACTIVATE'	=> "$server_url/ucp.$phpEx?mode=activate&u=$user_id&k=$user_actkey")
@@ -396,7 +395,6 @@ class ucp_register
 						$db->sql_freeresult($result);
 					}
 				}
-				unset($data);
 
 				$message = $message . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'],  '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>');
 				trigger_error($message);
@@ -489,17 +487,17 @@ class ucp_register
 		$user_char_ary = array('.*' => 'USERNAME_CHARS_ANY', '[\w]+' => 'USERNAME_ALPHA_ONLY', '[\w_\+\. \-\[\]]+' => 'USERNAME_ALPHA_SPACERS');
 		$pass_char_ary = array('.*' => 'PASS_TYPE_ANY', '[a-zA-Z]' => 'PASS_TYPE_CASE', '[a-zA-Z0-9]' => 'PASS_TYPE_ALPHA', '[a-zA-Z\W]' => 'PASS_TYPE_SYMBOL');
 
-		$lang = (isset($lang)) ? $lang : $config['default_lang'];
+		$data['lang'] = (isset($data['lang'])) ? $data['lang'] : $config['default_lang'];
-		$tz = (isset($tz)) ? $tz : $timezone;
+		$data['tz'] = (isset($data['tz'])) ? $data['tz'] : $timezone;
 
 		//
 		$template->assign_vars(array(
 			'ERROR'				=> (sizeof($error)) ? implode('<br />', $error) : '',
-			'USERNAME'			=> (isset($username)) ? $username : '',
+			'USERNAME'			=> (isset($data['username'])) ? $data['username'] : '',
-			'PASSWORD'			=> (isset($new_password)) ? $new_password : '',
+			'PASSWORD'			=> (isset($data['new_password'])) ? $data['new_password'] : '',
-			'PASSWORD_CONFIRM'	=> (isset($password_confirm)) ? $password_confirm : '',
+			'PASSWORD_CONFIRM'	=> (isset($data['password_confirm'])) ? $data['password_confirm'] : '',
-			'EMAIL'				=> (isset($email)) ? $email : '',
+			'EMAIL'				=> (isset($data['email'])) ? $data['email'] : '',
-			'EMAIL_CONFIRM'		=> (isset($email_confirm)) ? $email_confirm : '',
+			'EMAIL_CONFIRM'		=> (isset($data['email_confirm'])) ? $data['email_confirm'] : '',
 			'CONFIRM_IMG'		=> $confirm_image,
 
 			'L_CONFIRM_EXPLAIN'			=> sprintf($user->lang['CONFIRM_EXPLAIN'], '<a href="mailto:' . htmlentities($config['board_contact']) . '">', '</a>'),
@@ -507,8 +505,8 @@ class ucp_register
 			'L_USERNAME_EXPLAIN'		=> sprintf($user->lang[$user_char_ary[str_replace('\\\\', '\\', $config['allow_name_chars'])] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']),
 			'L_NEW_PASSWORD_EXPLAIN'	=> sprintf($user->lang[$pass_char_ary[str_replace('\\\\', '\\', $config['pass_complex'])] . '_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']),
 
-			'S_LANG_OPTIONS'	=> language_select($lang),
+			'S_LANG_OPTIONS'	=> language_select($data['lang']),
-			'S_TZ_OPTIONS'		=> tz_select($tz),
+			'S_TZ_OPTIONS'		=> tz_select($data['tz']),
 			'S_CONFIRM_CODE'	=> ($config['enable_confirm']) ? true : false,
 			'S_COPPA'			=> $coppa,
 			'S_HIDDEN_FIELDS'	=> $s_hidden_fields,

phpBB/includes/ucp/ucp_zebra.php

@@ -37,7 +37,7 @@ class ucp_zebra
 
 			foreach ($var_ary as $var => $default)
 			{
-				$data[$var] = request_var($var, $default);
+				$data[$var] = request_var($var, $default, true);
 			}
 
 			if ($data['add'])

phpBB/includes/utf/utf_tools.php

@@ -901,19 +901,19 @@ function utf8_case_fold($text, $option = 'full')
 	// common is always set
 	if (!isset($uniarray['c']))
 	{
-		$uniarray['c'] = include_once($phpbb_root_path . 'includes/utf/data/case_fold_c.' . $phpEx);
+		$uniarray['c'] = include($phpbb_root_path . 'includes/utf/data/case_fold_c.' . $phpEx);
 	}
 
 	// only set full if we need to
 	if ($option === 'full' && !isset($uniarray['f']))
 	{
-		$uniarray['f'] = include_once($phpbb_root_path . 'includes/utf/data/case_fold_f.' . $phpEx);
+		$uniarray['f'] = include($phpbb_root_path . 'includes/utf/data/case_fold_f.' . $phpEx);
 	}
 
 	// only set simple if we need to
 	if ($option !== 'full' && !isset($uniarray['s']))
 	{
-		$uniarray['s'] = include_once($phpbb_root_path . 'includes/utf/data/case_fold_s.' . $phpEx);
+		$uniarray['s'] = include($phpbb_root_path . 'includes/utf/data/case_fold_s.' . $phpEx);
 	}
 
 	$text = strtr($text, $uniarray['c']);

phpBB/install/install_install.php

@@ -404,7 +404,7 @@ class install_install extends module
 		// Obtain any submitted data
 		foreach ($this->request_vars as $var)
 		{
-			$$var = request_var($var, '');
+			$$var = ($var == 'admin_name') ? request_var($var, '', true) : request_var($var, '');
 		}
 
 		$connect_test = false;
@@ -546,7 +546,7 @@ class install_install extends module
 		// Obtain any submitted data
 		foreach ($this->request_vars as $var)
 		{
-			$$var = request_var($var, '');
+			$$var = ($var == 'admin_name') ? request_var($var, '', true) : request_var($var, '');
 		}
 
 		if ($dbms == '')
@@ -718,7 +718,7 @@ class install_install extends module
 		// Obtain any submitted data
 		foreach ($this->request_vars as $var)
 		{
-			$$var = request_var($var, '');
+			$$var = ($var == 'admin_name') ? request_var($var, '', true) : request_var($var, '');
 		}
 
 		if ($dbms == '')
@@ -873,7 +873,7 @@ class install_install extends module
 		// Obtain any submitted data
 		foreach ($this->request_vars as $var)
 		{
-			$$var = request_var($var, '');
+			$$var = ($var == 'admin_name') ? request_var($var, '', true) : request_var($var, '');
 		}
 
 		if ($dbms == '')
@@ -957,7 +957,7 @@ class install_install extends module
 		// Obtain any submitted data
 		foreach ($this->request_vars as $var)
 		{
-			$$var = request_var($var, '');
+			$$var = ($var == 'admin_name') ? request_var($var, '', true) : request_var($var, '');
 		}
 
 		if ($dbms == '')
@@ -1231,7 +1231,7 @@ class install_install extends module
 		// Obtain any submitted data
 		foreach ($this->request_vars as $var)
 		{
-			$$var = request_var($var, '');
+			$$var = ($var == 'admin_name') ? request_var($var, '', true) : request_var($var, '');
 		}
 
 		$dbpasswd = html_entity_decode($dbpasswd);
@@ -1500,7 +1500,7 @@ class install_install extends module
 		// Obtain any submitted data
 		foreach ($this->request_vars as $var)
 		{
-			$$var = request_var($var, '');
+			$$var = ($var == 'admin_name') ? request_var($var, '', true) : request_var($var, '');
 		}
 
 		// Fill the config array - it is needed by those functions we call
@@ -1582,7 +1582,7 @@ class install_install extends module
 		// Obtain any submitted data
 		foreach ($this->request_vars as $var)
 		{
-			$$var = request_var($var, '');
+			$$var = ($var == 'admin_name') ? request_var($var, '', true) : request_var($var, '');
 		}
 
 		// Load the basic configuration data

phpBB/search.php

@@ -623,7 +623,7 @@ if ($keywords || $author || $author_id || $search_id || $submit)
 					// Does this post have an attachment? If so, add it to the list
 					if ($row['post_attachment'] && $config['allow_attachments'])
 					{
-						$attach_list[] = $row['post_id'];
+						$attach_list[$row['forum_id']][] = $row['post_id'];
 					}
 				}
 			}
@@ -638,8 +638,20 @@ if ($keywords || $author || $author_id || $search_id || $submit)
 
 			// Pull attachment data
 			if (sizeof($attach_list))
+			{
+				$use_attach_list = $attach_list;
+				$attach_list = array();
+
+				foreach ($use_attach_list as $forum_id => $_list)
 				{
 					if ($auth->acl_get('u_download') && $auth->acl_get('f_download', $forum_id))
+					{
+						$attach_list = array_merge($attach_list, $_list);
+					}
+				}
+			}
+
+			if (sizeof($attach_list))
 			{
 				$sql = 'SELECT *
 					FROM ' . ATTACHMENTS_TABLE . '
@@ -654,11 +666,6 @@ if ($keywords || $author || $author_id || $search_id || $submit)
 				}
 				$db->sql_freeresult($result);
 			}
-				else
-				{
-					$display_notice = true;
-				}
-			}
 		}
 
 		if ($hilit)

phpBB/viewtopic.php

@@ -16,6 +16,7 @@ $phpbb_root_path = './';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);
 include($phpbb_root_path . 'common.' . $phpEx);
 include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
+include($phpbb_root_path . 'includes/bbcode.' . $phpEx);
 
 // Start session management
 $user->session_begin();
@@ -726,7 +727,6 @@ if (!empty($topic_data['poll_start']))
 
 	if ($poll_info[0]['bbcode_bitfield'])
 	{
-		include_once($phpbb_root_path . 'includes/bbcode.' . $phpEx);
 		$poll_bbcode = new bbcode();
 	}
 	else
@@ -1227,7 +1227,6 @@ if (sizeof($attach_list))
 // Instantiate BBCode if need be
 if ($bbcode_bitfield !== '')
 {
-	include_once($phpbb_root_path . 'includes/bbcode.' . $phpEx);
 	$bbcode = new bbcode(base64_encode($bbcode_bitfield));
 }