Mainly HTML fixes, change to try and prevent on* text within HTML tags (HTML parser seems to not be behaving with disallowed tags as it should), etc.

git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@3207 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-06-27 21:58:52 +00:00 · 2002-12-18 14:14:11 +00:00 · 2002-12-18 14:14:11 +00:00 · 3b8e53ecf7
commit 3b8e53ecf7
parent fdc90ab03e
11 changed files with 162 additions and 177 deletions
--- a/phpBB/admin/admin_forum_prune.php
+++ b/phpBB/admin/admin_forum_prune.php
@ -168,9 +168,9 @@ else
 		$forum_name = ( $forum_id == -1 ) ? $lang['All_Forums'] : $forum_rows[0]['forum_name'];

 		$prune_data = $lang['Prune_topics_not_posted'] . " "; 
-		$prune_data .= '<input type="text" name="prunedays" size="4"> ' . $lang['Days'];
+		$prune_data .= '<input class="post" type="text" name="prunedays" size="4"> ' . $lang['Days'];

-		$hidden_input = '<input type="hidden" name="' . POST_FORUM_URL . '" value="' . $forum_id . '">';
+		$hidden_input = '<input type="hidden" name="' . POST_FORUM_URL . '" value="' . $forum_id . '" />';

 		//
 		// Assign the template variables.
--- a/phpBB/admin/admin_styles.php
+++ b/phpBB/admin/admin_styles.php
@ -748,7 +748,7 @@ switch( $mode )
 				$s_hidden_fields = '<input type="hidden" name="theme_info" value="' . htmlspecialchars($theme_data) . '" />';
 				$s_hidden_fields .= '<input type="hidden" name="send_file" value="1" /><input type="hidden" name="mode" value="export" />';
 				
-				$download_form = '<form action="' . append_sid("admin_styles.$phpEx") . '" method="post"><input type="submit" name="submit" value="' . $lang['Download'] . '" />' . $s_hidden_fields;
+				$download_form = '<form action="' . append_sid("admin_styles.$phpEx") . '" method="post"><input class="mainoption" type="submit" name="submit" value="' . $lang['Download'] . '" />' . $s_hidden_fields;

 				$template->set_filenames(array(
 					"body" => "message_body.tpl")
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@ -143,6 +143,11 @@ p,ul,td {font-size:10pt;}
 <li>Fixed wrong maxlength in modcp_split.tpl subject field</li>
 <li>Fixed inability to edit username of guest poster - <b>vHiker</b></li>
 <li>Fixed ability for guests to post with certain registered usernames</li>
+<li>Fixed various HTML issues to improve XHTML compliance - <b>Daz</b></li>
+<li>Fixed missing template var {L_PM} for memberslist - <b>Daz</b></li>
+<li>Fixed wrong key name for $images['Topic_un_watch'] - <b>Daz</b></li>
+<li>Fixed missing template var {S_WATCH_TOPIC_IMG} for viewtopic - <b>Daz</b></li>
+<li></li>
 <li></li>
 </ul>

--- a/phpBB/docs/README.html
+++ b/phpBB/docs/README.html
@ -3,7 +3,7 @@
 <head>
 <meta http-equiv="Content-Type" content="text/html">
 <meta http-equiv="Content-Style-Type" content="text/css">
-<title>phpBB 2.0.3 :: Readme</title>
+<title>phpBB 2.0.4 :: Readme</title>
 <link rel="stylesheet" href="../templates/subSilver/subSilver.css" type="text/css" />
 <style type="text/css">
 <!--
@ -24,7 +24,7 @@ p,ul,td {font-size:10pt;}
 <table width="100%" border="0" cellspacing="0" cellpadding="0">
 	<tr>
 		<td><img src="../templates/subSilver/images/logo_phpBB.gif" border="0" alt="phpBB 2 : Creating Communities" vspace="1" /></a></td>
-		<td align="center" width="100%" valign="middle"><span class="maintitle">phpBB 2.0.3 README</span></td>
+		<td align="center" width="100%" valign="middle"><span class="maintitle">phpBB 2.0.4 README</span></td>
 	</tr>
 </table>

@ -76,7 +76,7 @@ p,ul,td {font-size:10pt;}

 <p>A number of language packs and subSilver localisations are now available. You can find them on our official download page:</p>

-<p><a href="http://www.phpbb.com/downloads.php" target="_new">http://www.phpbb.com/downloads.php</a></p>
+<p><a href="http://www.phpbb.com/downloads.php#lang" target="_new">http://www.phpbb.com/downloads.php</a></p>

 <p>This is the <i>Official</i> location for all support language sets. If you download a package from a 3rd party site you do so with the understanding that we cannot offer support. So please, do not ask for help in these cases!</p>

@ -84,7 +84,7 @@ p,ul,td {font-size:10pt;}

 <p>If your language is not available please visit our forums where you will find a topic listing translations currently available or in preparation. This topic also gives you information should you wish to volunteer to translate a language not currently listed</p>

-<p><b>Please note</b> that users who have upgraded to 2.0.3 from versions prior to RC-3 should will <b>need</b> to download new versions of the language/subSilver image packs. Any package downloaded prior to the availability of RC-3 will <b>not</b> function correctly with this version of phpBB 2.</p>
+<p><b>Please note</b> that users who have upgraded to 2.0.4 from versions prior to RC-3 should will <b>need</b> to download new versions of the language/subSilver image packs. Any package downloaded prior to the availability of RC-3 will <b>not</b> function correctly with this version of phpBB 2.</p>

 <p>If you have upgraded from 2.0.0 and make use of non-English language packs you will benefit from downloading updated versions which will become available shortly. These introduce a number of strings which went missing from the first version plus a few updates and additions.</p>

--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@ -122,7 +122,7 @@ function make_jumpbox($action, $match_forum_id = 0)
 			message_die(GENERAL_ERROR, 'Could not obtain forums information', '', __LINE__, __FILE__, $sql);
 		}

-		$boxstring = '<select name="' . POST_FORUM_URL . '" onChange="if(this.options[this.selectedIndex].value != -1){ forms[\'jumpbox\'].submit() }"><option value="-1">' . $lang['Select_forum'] . '</option>';
+		$boxstring = '<select name="' . POST_FORUM_URL . '" onchange="if(this.options[this.selectedIndex].value != -1){ forms[\'jumpbox\'].submit() }"><option value="-1">' . $lang['Select_forum'] . '</option>';

 		$forum_rows = array();
 		while ( $row = $db->sql_fetchrow($result) )
@ -171,7 +171,7 @@ function make_jumpbox($action, $match_forum_id = 0)
 	}
 	else
 	{
-		$boxstring .= '<select name="' . POST_FORUM_URL . '" onChange="if(this.options[this.selectedIndex].value != -1){ forms[\'jumpbox\'].submit() }"></select>';
+		$boxstring .= '<select name="' . POST_FORUM_URL . '" onchange="if(this.options[this.selectedIndex].value != -1){ forms[\'jumpbox\'].submit() }"></select>';
 	}

 	if ( !empty($SID) )
--- a/phpBB/includes/functions_post.php
+++ b/phpBB/includes/functions_post.php
@ -39,35 +39,14 @@ function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid
 {
 	global $board_config, $html_entities_match, $html_entities_replace;

-	// Clean up the message - comment out second line if reverting to old
-	// html system
+	//
+	// Clean up the message
+	//
 	$message = trim($message);
-	$message = preg_replace($html_entities_match, $html_entities_replace, $message);

 	if ($html_on)
 	{
-		// ported from 2.2 - old system remains commented out below
-		// If $html is true then "allowed_tags" are converted back from entity
-		// form, others remain ... note this differs from the old version where you
-		// only needed to specify the first part of the tag ... with this version
-		// you need to specify either the exact layout of the tag or use preg_
-		// pattern matches ... this should prevent users from abusing simple
-		// tags by adding styles with javascript, etc. but may complicate the lives
-		// of those who use things like flash etc. ... it also won't close tags
-		// which have previously been left in entity form, e.g. <b style="fdsfs">dfsdf</b>
-		// assuming b was in the allowed tags it would leave the <b style ...> but convert
-		// the </b> ... will look into tightening this up for 2.0.5 (and 2.2 of course)
-		$allowed_tags = split(',', $board_config['allow_html_tags']);
-
-		if (sizeof($allowed_tags))
-		{
-			$message = preg_replace('#&lt;(\/?)(' . str_replace('*', '.*?', implode('|', $allowed_tags)) . ')&gt;#is', '<\1\2>', $message);
-		}
-	}	
-/*
-	if ($html_on)
-	{
-		$allowed_tags = split(',', $board_config['allow_html_tags']);
+		$allowed_html_tags = split(',', $board_config['allow_html_tags']);

 		$end_html = 0;
 		$start_html = 1;
@ -93,7 +72,7 @@ function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid
 				for ($i = 0; $i < sizeof($allowed_html_tags); $i++)
 				{
 					$match_tag = trim($allowed_html_tags[$i]);
-					if ( preg_match('/^<\/?' . $match_tag . '(?!(\s*)style(\s*)\\=)/i', $hold_string) )
+					if (preg_match('#^<\/?' . $match_tag . '(?!(.*?)((style)|(on[\w]+?))[\s]*?)#i', $hold_string))
 					{
 						$tagallowed = true;
 					}
@ -123,7 +102,6 @@ function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid
 	{
 		$message = preg_replace($html_entities_match, $html_entities_replace, $message);
 	}
-*/

 	if($bbcode_on && $bbcode_uid != '')
 	{
--- a/phpBB/install/install.php
+++ b/phpBB/install/install.php
@ -175,10 +175,10 @@ function guess_lang()
 		'macedonian'				=> 'mk', 
 		'dutch'						=> 'nl([_-][a-z]+)?', 
 		'norwegian'					=> 'no', 
+		'punjabi'					=> 'pa', 
 		'polish'					=> 'pl', 
 		'portuguese_brazil'			=> 'pt[_-]br', 
 		'portuguese'				=> 'pt([_-][a-z]+)?', 
-		'punjabi'					=> 'pa', 
 		'romanian'					=> 'ro([_-][a-z]+)?', 
 		'russian'					=> 'ru([_-][a-z]+)?', 
 		'slovenian'					=> 'sl([_-][a-z]+)?', 
@ -205,7 +205,7 @@ function guess_lang()
 			{
 				if (preg_match('#' . $match . '#i', trim($accept_lang_ary[$i])))
 				{
-					if (file_exists($phpbb_root_path . 'language/lang_' . $lang))
+					if (file_exists(@realpath($phpbb_root_path . 'language/lang_' . $lang)))
 					{
 						return $lang;
 					}
@ -584,7 +584,7 @@ else if (!empty($HTTP_POST_VARS['ftp_file']))
 		// section.
 		$s_hidden_fields = '<input type="hidden" name="username" value="' . $admin_name . '" />';
 		$s_hidden_fields .= '<input type="hidden" name="password" value="' . $admin_pass1 . '" />';
-		$s_hidden_fields .= '<input type="hidden" name="redirect" value="admin/index.php" />';
+		$s_hidden_fields .= '<input type="hidden" name="redirect" value="admin/index.'.$phpEx.'" />';
 		$s_hidden_fields .= '<input type="hidden" name="submit" value="' . $lang['Login'] . '" />';

 		page_header($lang['Inst_Step_2']);
--- a/phpBB/memberlist.php
+++ b/phpBB/memberlist.php
@ -107,6 +107,7 @@ $template->assign_vars(array(
 	'L_ICQ' => $lang['ICQ'], 
 	'L_JOINED' => $lang['Joined'], 
 	'L_POSTS' => $lang['Posts'], 
+	'L_PM' => $lang['Private_Message'], 

 	'S_MODE_SELECT' => $select_sort_mode,
 	'S_ORDER_SELECT' => $select_sort_order,
--- a/phpBB/modcp.php
+++ b/phpBB/modcp.php
@ -1024,7 +1024,7 @@ switch( $mode )
 			'L_SELECT' => $lang['Select'], 

 			'U_VIEW_FORUM' => append_sid("viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id"), 
-			'S_HIDDEN_FIELDS' => '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" /><input type="hidden" name="' . POST_FORUM_URL . '" value="' . $forum_id . '">',
+			'S_HIDDEN_FIELDS' => '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" /><input type="hidden" name="' . POST_FORUM_URL . '" value="' . $forum_id . '" />',
 			'S_MODCP_ACTION' => append_sid("modcp.$phpEx"))
 		);

--- a/phpBB/privmsg.php
+++ b/phpBB/privmsg.php
@ -161,7 +161,7 @@ if ( $mode == 'newpm' )
 			$l_new_message = $lang['You_no_new_pm'];
 		}

-		$l_new_message .= '<br /><br />' . sprintf($lang['Click_view_privmsg'], '<a href="' . append_sid("privmsg.".$phpEx."?folder=inbox") . '" onClick="jump_to_inbox();return false;" target="_new">', '</a>');
+		$l_new_message .= '<br /><br />' . sprintf($lang['Click_view_privmsg'], '<a href="' . append_sid("privmsg.".$phpEx."?folder=inbox") . '" onclick="jump_to_inbox();return false;" target="_new">', '</a>');
 	}
 	else
 	{
--- a/phpBB/viewtopic.php
+++ b/phpBB/viewtopic.php
@ -598,7 +598,7 @@ if ( $can_watch_topic )
 	if ( $is_watching_topic )
 	{
 		$s_watching_topic = "<a href=\"viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id&amp;unwatch=topic&amp;start=$start&amp;sid=" . $userdata['session_id'] . '">' . $lang['Stop_watching_topic'] . '</a>';
-		$s_watching_topic_img = ( isset($images['Topic_un_watch']) ) ? "<a href=\"viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id&amp;unwatch=topic&amp;start=$start&amp;sid=" . $userdata['session_id'] . '"><img src="' . $images['Topic_un_watch'] . '" alt="' . $lang['Stop_watching_topic'] . '" title="' . $lang['Stop_watching_topic'] . '" border="0"></a>' : '';
+		$s_watching_topic_img = ( isset($images['topic_un_watch']) ) ? "<a href=\"viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id&amp;unwatch=topic&amp;start=$start&amp;sid=" . $userdata['session_id'] . '"><img src="' . $images['topic_un_watch'] . '" alt="' . $lang['Stop_watching_topic'] . '" title="' . $lang['Stop_watching_topic'] . '" border="0"></a>' : '';
 	}
 	else
 	{
@ -651,6 +651,7 @@ $template->assign_vars(array(
 	'S_AUTH_LIST' => $s_auth_can,
 	'S_TOPIC_ADMIN' => $topic_mod,
 	'S_WATCH_TOPIC' => $s_watching_topic,
+	'S_WATCH_TOPIC_IMG' => $s_watching_topic_img,

 	'U_VIEW_TOPIC' => append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id&amp;start=$start&amp;postdays=$post_days&amp;postorder=$post_order&amp;highlight=$highlight"),
 	'U_VIEW_FORUM' => $view_forum_url,
@ -779,7 +780,7 @@ if ( !empty($forum_topic_data['topic_vote']) )
 				'U_VIEW_RESULTS' => append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id&amp;postdays=$post_days&amp;postorder=$post_order&amp;vote=viewresult"))
 			);

-			$s_hidden_fields = '<input type="hidden" name="topic_id" value="' . $topic_id . '"><input type="hidden" name="mode" value="vote">';
+			$s_hidden_fields = '<input type="hidden" name="topic_id" value="' . $topic_id . '" /><input type="hidden" name="mode" value="vote" />';
 		}

 		if ( count($orig_word) )