diff --git a/phpBB/adm/style/acp_groups.html b/phpBB/adm/style/acp_groups.html index e082ae69c3..17193dff2e 100644 --- a/phpBB/adm/style/acp_groups.html +++ b/phpBB/adm/style/acp_groups.html @@ -87,7 +87,7 @@
-
+

{L_UPLOAD_AVATAR_URL_EXPLAIN}
@@ -170,24 +170,22 @@ - - - {L_GROUP_LEAD} + + {L_GROUP_LEAD} + + + + {leader.USERNAME} + {L_YES}{L_NO} + {leader.JOINED} + {leader.USER_POSTS} + - - - {leader.USERNAME} - {L_YES}{L_NO} - {leader.JOINED} - {leader.USER_POSTS} - - - - - {L_GROUPS_NO_MODS} - - - + + + {L_GROUPS_NO_MODS} + + {L_GROUP_APPROVED} diff --git a/phpBB/includes/acm/acm_main.php b/phpBB/includes/acm/acm_main.php index 8a492276c7..f1aea8c115 100644 --- a/phpBB/includes/acm/acm_main.php +++ b/phpBB/includes/acm/acm_main.php @@ -88,7 +88,7 @@ class cache extends acm $censors = array(); while ($row = $db->sql_fetchrow($result)) { - $censors['match'][] = '#\b(' . str_replace('\*', '\w*?', preg_quote($row['word'], '#')) . ')\b#i'; + $censors['match'][] = '#(?sql_freeresult($result); diff --git a/phpBB/includes/acp/acp_attachments.php b/phpBB/includes/acp/acp_attachments.php index 0dccf96101..8c2e043602 100644 --- a/phpBB/includes/acp/acp_attachments.php +++ b/phpBB/includes/acp/acp_attachments.php @@ -403,7 +403,7 @@ class acp_attachments $ext_row = array(); } - $group_name = request_var('group_name', ''); + $group_name = request_var('group_name', '', true); $new_group_name = ($action == 'add') ? $group_name : (($ext_row['group_name'] != $group_name) ? $group_name : ''); if (!$group_name) @@ -572,7 +572,7 @@ class acp_attachments if ($action == 'add') { $ext_group_row = array( - 'group_name' => request_var('group_name', ''), + 'group_name' => request_var('group_name', '', true), 'cat_id' => 0, 'allow_group' => 1, 'allow_in_pm' => 1, diff --git a/phpBB/includes/acp/acp_ban.php b/phpBB/includes/acp/acp_ban.php index f43732e603..e101d8514d 100644 --- a/phpBB/includes/acp/acp_ban.php +++ b/phpBB/includes/acp/acp_ban.php @@ -37,8 +37,8 @@ class acp_ban $ban_len = request_var('banlength', 0); $ban_len_other = request_var('banlengthother', ''); $ban_exclude = request_var('banexclude', 0); - $ban_reason = request_var('banreason', ''); - $ban_give_reason = request_var('bangivereason', ''); + $ban_reason = request_var('banreason', '', true); + $ban_give_reason = request_var('bangivereason', '', true); user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reason, $ban_give_reason); diff --git a/phpBB/includes/acp/acp_bots.php b/phpBB/includes/acp/acp_bots.php index 720430481b..070ac75bea 100644 --- a/phpBB/includes/acp/acp_bots.php +++ b/phpBB/includes/acp/acp_bots.php @@ -112,7 +112,7 @@ class acp_bots case 'edit': case 'add': $bot_row = array( - 'bot_name' => request_var('bot_name', ''), + 'bot_name' => request_var('bot_name', '', true), 'bot_agent' => request_var('bot_agent', ''), 'bot_ip' => request_var('bot_ip', ''), 'bot_active' => request_var('bot_active', true), diff --git a/phpBB/includes/acp/acp_email.php b/phpBB/includes/acp/acp_email.php index 395e3ca9ee..1d3149c958 100644 --- a/phpBB/includes/acp/acp_email.php +++ b/phpBB/includes/acp/acp_email.php @@ -125,6 +125,7 @@ class acp_email // Send the messages include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); + include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx); $messenger = new messenger($use_queue); $errored = false; @@ -170,12 +171,7 @@ class acp_email if ($group_id) { - $sql = 'SELECT group_name - FROM ' . GROUPS_TABLE . " - WHERE group_id = $group_id"; - $result = $db->sql_query($sql); - $group_name = (string) $db->sql_fetchfield('group_name'); - $db->sql_freeresult($result); + $group_name = get_group_name($group_id); } else { @@ -218,8 +214,8 @@ class acp_email 'S_GROUP_OPTIONS' => $select_list, 'USERNAMES' => $usernames, 'U_FIND_USERNAME' => $phpbb_root_path . "memberlist.$phpEx$SID&mode=searchuser&form=acp_email&field=usernames", - 'SUBJECT' => request_var('subject', ''), - 'MESSAGE' => request_var('message', ''), + 'SUBJECT' => request_var('subject', '', true), + 'MESSAGE' => request_var('message', '', true), 'S_PRIORITY_OPTIONS' => $s_priority_options) ); diff --git a/phpBB/includes/acp/acp_groups.php b/phpBB/includes/acp/acp_groups.php index aad8997395..b5948115cc 100644 --- a/phpBB/includes/acp/acp_groups.php +++ b/phpBB/includes/acp/acp_groups.php @@ -315,77 +315,81 @@ class acp_groups } } - // Only set the rank, colour, etc. if it's changed or if we're adding a new - // group. This prevents existing group members being updated if no changes - // were made. + if (!sizeof($error)) + { + // Only set the rank, colour, etc. if it's changed or if we're adding a new + // group. This prevents existing group members being updated if no changes + // were made. - $group_attributes = array(); - $test_variables = array('rank', 'colour', 'avatar', 'avatar_type', 'avatar_width', 'avatar_height', 'receive_pm', 'legend', 'message_limit'); - foreach ($test_variables as $test) - { - if (isset($submit_ary[$test]) && ($action == 'add' || $group_row['group_' . $test] != $submit_ary[$test])) + $group_attributes = array(); + $test_variables = array('rank', 'colour', 'avatar', 'avatar_type', 'avatar_width', 'avatar_height', 'receive_pm', 'legend', 'message_limit'); + foreach ($test_variables as $test) { - $group_attributes['group_' . $test] = $group_row['group_' . $test] = $submit_ary[$test]; - } - } - - if (!($error = group_create($group_id, $group_type, $group_name, $group_desc, $group_attributes, $allow_desc_bbcode, $allow_desc_urls, $allow_desc_smilies))) - { - $group_perm_from = request_var('group_perm_from', 0); - - // Copy permissions? - if ($group_perm_from && $action == 'add') - { - // From the mysql documentation: - // Prior to MySQL 4.0.14, the target table of the INSERT statement cannot appear in the FROM clause of the SELECT part of the query. This limitation is lifted in 4.0.14. - // Due to this we stay on the safe side if we do the insertion "the manual way" - - // Copy permisisons from/to the acl groups table (only group_id gets changed) - $sql = 'SELECT forum_id, auth_option_id, auth_role_id, auth_setting - FROM ' . ACL_GROUPS_TABLE . ' - WHERE group_id = ' . $group_perm_from; - $result = $db->sql_query($sql); - - $groups_sql_ary = array(); - while ($row = $db->sql_fetchrow($result)) + if (isset($submit_ary[$test]) && ($action == 'add' || $group_row['group_' . $test] != $submit_ary[$test])) { - $groups_sql_ary[] = array( - 'group_id' => (int) $group_id, - 'forum_id' => (int) $row['forum_id'], - 'auth_option_id' => (int) $row['auth_option_id'], - 'auth_role_id' => (int) $row['auth_role_id'], - 'auth_setting' => (int) $row['auth_setting'] - ); + $group_attributes['group_' . $test] = $group_row['group_' . $test] = $submit_ary[$test]; } - $db->sql_freeresult($result); + } - // Now insert the data - if (sizeof($groups_sql_ary)) + if (!($error = group_create($group_id, $group_type, $group_name, $group_desc, $group_attributes, $allow_desc_bbcode, $allow_desc_urls, $allow_desc_smilies))) + { + $group_perm_from = request_var('group_perm_from', 0); + + // Copy permissions? + if ($group_perm_from && $action == 'add') { - switch (SQL_LAYER) + // From the mysql documentation: + // Prior to MySQL 4.0.14, the target table of the INSERT statement cannot appear in the FROM clause of the SELECT part of the query. This limitation is lifted in 4.0.14. + // Due to this we stay on the safe side if we do the insertion "the manual way" + + // Copy permisisons from/to the acl groups table (only group_id gets changed) + $sql = 'SELECT forum_id, auth_option_id, auth_role_id, auth_setting + FROM ' . ACL_GROUPS_TABLE . ' + WHERE group_id = ' . $group_perm_from; + $result = $db->sql_query($sql); + + $groups_sql_ary = array(); + while ($row = $db->sql_fetchrow($result)) { - case 'mysql': - case 'mysql4': - case 'mysqli': - $db->sql_query('INSERT INTO ' . ACL_GROUPS_TABLE . ' ' . $db->sql_build_array('MULTI_INSERT', $groups_sql_ary)); - break; - - default: - foreach ($groups_sql_ary as $ary) - { - $db->sql_query('INSERT INTO ' . ACL_GROUPS_TABLE . ' ' . $db->sql_build_array('INSERT', $ary)); - } - break; + $groups_sql_ary[] = array( + 'group_id' => (int) $group_id, + 'forum_id' => (int) $row['forum_id'], + 'auth_option_id' => (int) $row['auth_option_id'], + 'auth_role_id' => (int) $row['auth_role_id'], + 'auth_setting' => (int) $row['auth_setting'] + ); } + $db->sql_freeresult($result); + + // Now insert the data + if (sizeof($groups_sql_ary)) + { + switch (SQL_LAYER) + { + case 'mysql': + case 'mysql4': + case 'mysqli': + $db->sql_query('INSERT INTO ' . ACL_GROUPS_TABLE . ' ' . $db->sql_build_array('MULTI_INSERT', $groups_sql_ary)); + break; + + default: + foreach ($groups_sql_ary as $ary) + { + $db->sql_query('INSERT INTO ' . ACL_GROUPS_TABLE . ' ' . $db->sql_build_array('INSERT', $ary)); + } + break; + } + } + + $auth->acl_clear_prefetch(); } - $auth->acl_clear_prefetch(); + $message = ($action == 'edit') ? 'GROUP_UPDATED' : 'GROUP_CREATED'; + trigger_error($user->lang[$message] . adm_back_link($this->u_action)); } - - $message = ($action == 'edit') ? 'GROUP_UPDATED' : 'GROUP_CREATED'; - trigger_error($user->lang[$message] . adm_back_link($this->u_action)); } - else + + if (sizeof($error)) { $group_rank = $submit_ary['rank']; @@ -605,20 +609,17 @@ class acp_groups 'U_FIND_USERNAME' => $phpbb_root_path . "memberlist.$phpEx$SID&mode=searchuser&form=list&field=usernames") ); - if ($group_row['group_type'] != GROUP_SPECIAL) + foreach ($group_data['leader'] as $row) { - foreach ($group_data['leader'] as $row) - { - $template->assign_block_vars('leader', array( - 'U_USER_EDIT' => $phpbb_admin_path . "index.$phpEx$SID&i=users&action=edit&u={$row['user_id']}", + $template->assign_block_vars('leader', array( + 'U_USER_EDIT' => $phpbb_admin_path . "index.$phpEx$SID&i=users&action=edit&u={$row['user_id']}", - 'USERNAME' => $row['username'], - 'S_GROUP_DEFAULT' => ($row['group_id'] == $group_id) ? true : false, - 'JOINED' => ($row['user_regdate']) ? $user->format_date($row['user_regdate']) : ' - ', - 'USER_POSTS' => $row['user_posts'], - 'USER_ID' => $row['user_id']) - ); - } + 'USERNAME' => $row['username'], + 'S_GROUP_DEFAULT' => ($row['group_id'] == $group_id) ? true : false, + 'JOINED' => ($row['user_regdate']) ? $user->format_date($row['user_regdate']) : ' - ', + 'USER_POSTS' => $row['user_posts'], + 'USER_ID' => $row['user_id']) + ); } $pending = false; diff --git a/phpBB/includes/acp/acp_language.php b/phpBB/includes/acp/acp_language.php index 19ac78b301..751ce81bef 100644 --- a/phpBB/includes/acp/acp_language.php +++ b/phpBB/includes/acp/acp_language.php @@ -138,7 +138,7 @@ class acp_language 'DATA' => $data, 'NAME' => $user->lang[strtoupper($method . '_' . $data)], 'EXPLAIN' => $user->lang[strtoupper($method . '_' . $data) . '_EXPLAIN'], - 'DEFAULT' => $_REQUEST[$data] ? request_var($data, '') : $default + 'DEFAULT' => (!empty($_REQUEST[$data])) ? request_var($data, '') : $default )); } @@ -170,8 +170,8 @@ class acp_language $sql_ary = array( 'lang_english_name' => request_var('lang_english_name', $row['lang_english_name']), - 'lang_local_name' => request_var('lang_local_name', $row['lang_local_name']), - 'lang_author' => request_var('lang_author', $row['lang_author']), + 'lang_local_name' => request_var('lang_local_name', $row['lang_local_name'], true), + 'lang_author' => request_var('lang_author', $row['lang_author'], true), ); $db->sql_query('UPDATE ' . LANG_TABLE . ' @@ -238,7 +238,9 @@ class acp_language if ($this->language_directory == 'email') { // Email Template - fwrite($fp, (STRIP) ? stripslashes($_POST['entry']) : $_POST['entry']); + $entry = (STRIP) ? stripslashes($_POST['entry']) : $_POST['entry']; + $entry = preg_replace('#&(\#[0-9]+;)#', '&\1', $entry); + fwrite($fp, $entry); } else { @@ -263,6 +265,7 @@ class acp_language foreach ($value as $_key => $_value) { $_value = (STRIP) ? stripslashes($_value) : $_value; + $_value = preg_replace('#&(\#[0-9]+;)#', '&\1', $_value); $entry .= "\t\t" . (int) $_key . "\t=> '" . str_replace("'", "\\'", $_value) . "',\n"; } @@ -283,6 +286,7 @@ class acp_language if (!is_array($value)) { $value = (STRIP) ? stripslashes($value) : $value; + $value = preg_replace('#&(\#[0-9]+;)#', '&\1', $value); $entry = "\t'" . $key . "'\t=> '" . str_replace("'", "\\'", $value) . "',\n"; } else @@ -292,6 +296,7 @@ class acp_language foreach ($value as $_key => $_value) { $_value = (STRIP) ? stripslashes($_value) : $_value; + $_value = preg_replace('#&(\#[0-9]+;)#', '&\1', $_value); $entry .= "\t\t'" . $_key . "'\t=> '" . str_replace("'", "\\'", $_value) . "',\n"; } diff --git a/phpBB/includes/acp/acp_modules.php b/phpBB/includes/acp/acp_modules.php index 481b6f066c..7e742c8e46 100644 --- a/phpBB/includes/acp/acp_modules.php +++ b/phpBB/includes/acp/acp_modules.php @@ -288,7 +288,7 @@ class acp_modules 'module_enabled' => 0, 'module_display' => 1, 'parent_id' => 0, - 'module_langname' => request_var('module_langname', ''), + 'module_langname' => request_var('module_langname', '', true), 'module_mode' => '', 'module_auth' => '', ); @@ -301,7 +301,7 @@ class acp_modules $module_data['module_display'] = request_var('module_display', (int) $module_row['module_display']); $module_data['parent_id'] = request_var('module_parent_id', (int) $module_row['parent_id']); $module_data['module_class'] = $this->module_class; - $module_data['module_langname'] = request_var('module_langname', (string) $module_row['module_langname']); + $module_data['module_langname'] = request_var('module_langname', (string) $module_row['module_langname'], true); $module_data['module_mode'] = request_var('module_mode', (string) $module_row['module_mode']); $submit = (isset($_POST['submit'])) ? true : false; diff --git a/phpBB/includes/acp/acp_permission_roles.php b/phpBB/includes/acp/acp_permission_roles.php index 9346d0ae3f..e4c4cafa85 100644 --- a/phpBB/includes/acp/acp_permission_roles.php +++ b/phpBB/includes/acp/acp_permission_roles.php @@ -149,7 +149,7 @@ class acp_permission_roles case 'add': - $role_name = request_var('role_name', ''); + $role_name = request_var('role_name', '', true); $role_group_ids = request_var('role_group_ids', array(0)); $pre_select = request_var('pre_select', 'custom'); $auth_settings = request_var('setting', array('' => 0)); @@ -313,7 +313,7 @@ class acp_permission_roles $options_from = request_var('options_from', 0); $role_row = array( - 'role_name' => request_var('role_name', ''), + 'role_name' => request_var('role_name', '', true), 'role_type' => $permission_type, 'role_group_ids' => implode(':', request_var('role_group_ids', array(0))), ); diff --git a/phpBB/includes/acp/acp_profile.php b/phpBB/includes/acp/acp_profile.php index 3a14640854..35fef141fd 100644 --- a/phpBB/includes/acp/acp_profile.php +++ b/phpBB/includes/acp/acp_profile.php @@ -314,11 +314,11 @@ class acp_profile } $cp->vars['field_ident'] = request_var('field_ident', $field_row['field_ident']); - $cp->vars['lang_name'] = request_var('lang_name', $field_row['lang_name']); - $cp->vars['lang_explain'] = request_var('lang_explain', $field_row['lang_explain']); - $cp->vars['lang_default_value'] = request_var('lang_default_value', $field_row['lang_default_value']); + $cp->vars['lang_name'] = request_var('lang_name', $field_row['lang_name'], true); + $cp->vars['lang_explain'] = request_var('lang_explain', $field_row['lang_explain'], true); + $cp->vars['lang_default_value'] = request_var('lang_default_value', $field_row['lang_default_value'], true); - $options = request_var('lang_options', ''); + $options = request_var('lang_options', '', true); // If the user has submitted a form with options (i.e. dropdown field) if ($options) @@ -358,14 +358,14 @@ class acp_profile } else { - $var = request_var($key, $field_row[$key]); + $var = request_var($key, $field_row[$key], true); } // Manipulate the intended variables a little bit if needed if ($field_type == FIELD_DROPDOWN && $key == 'field_maxlen') { // Get the number of options if this key is 'field_maxlen' - $var = sizeof(explode("\n", request_var('lang_options', ''))); + $var = sizeof(explode("\n", request_var('lang_options', '', true))); } if ($field_type == FIELD_TEXT && $key == 'field_length') @@ -450,7 +450,7 @@ class acp_profile foreach ($exclude[3] as $key) { - $cp->vars[$key] = request_var($key, array(0 => '')); + $cp->vars[$key] = request_var($key, array(0 => ''), true); if (!$cp->vars[$key] && $action == 'edit') { @@ -526,7 +526,7 @@ class acp_profile foreach ($key_ary as $key) { - $var = isset($_REQUEST[$key]) ? request_var($key, '') : false; + $var = isset($_REQUEST[$key]) ? request_var($key, '', true) : false; if ($var !== false) { @@ -846,7 +846,7 @@ class acp_profile $lang_options[$lang_id]['lang_iso'] = $lang_iso; foreach ($options as $field => $field_type) { - $value = ($action == 'create') ? request_var('l_' . $field, '') : $cp->vars['l_' . $field]; + $value = ($action == 'create') ? request_var('l_' . $field, '', true) : $cp->vars['l_' . $field]; if ($field == 'lang_options') { @@ -1045,10 +1045,10 @@ class acp_profile } } - $cp->vars['l_lang_name'] = request_var('l_lang_name', ''); - $cp->vars['l_lang_explain'] = request_var('l_lang_explain', ''); - $cp->vars['l_lang_default_value'] = request_var('l_lang_default_value', ''); - $cp->vars['l_lang_options'] = request_var('l_lang_options', ''); + $cp->vars['l_lang_name'] = request_var('l_lang_name', '', true); + $cp->vars['l_lang_explain'] = request_var('l_lang_explain', '', true); + $cp->vars['l_lang_default_value'] = request_var('l_lang_default_value', '', true); + $cp->vars['l_lang_options'] = request_var('l_lang_options', '', true); if ($cp->vars['lang_options']) { diff --git a/phpBB/includes/acp/acp_ranks.php b/phpBB/includes/acp/acp_ranks.php index 1b9ade9f55..3978ed25ec 100644 --- a/phpBB/includes/acp/acp_ranks.php +++ b/phpBB/includes/acp/acp_ranks.php @@ -35,7 +35,7 @@ class acp_ranks { case 'save': - $rank_title = request_var('title', ''); + $rank_title = request_var('title', '', true); $special_rank = request_var('special_rank', 0); $min_posts = ($special_rank) ? -1 : request_var('min_posts', 0); $rank_image = request_var('rank_image', ''); diff --git a/phpBB/includes/acp/acp_reasons.php b/phpBB/includes/acp/acp_reasons.php index 2e6f664946..02e06e87f2 100644 --- a/phpBB/includes/acp/acp_reasons.php +++ b/phpBB/includes/acp/acp_reasons.php @@ -39,8 +39,8 @@ class acp_reasons case 'edit': $reason_row = array( - 'reason_title' => request_var('reason_title', ''), - 'reason_description' => request_var('reason_description', '') + 'reason_title' => request_var('reason_title', '', true), + 'reason_description' => request_var('reason_description', '', true) ); if ($submit) diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php index 0a3529f3f5..5b2a8fdfc9 100644 --- a/phpBB/includes/acp/acp_styles.php +++ b/phpBB/includes/acp/acp_styles.php @@ -1113,7 +1113,7 @@ pagination_sep = \'{PAGINATION_SEP}\' if ($update) { $name = request_var('name', ''); - $copyright = request_var('copyright', ''); + $copyright = request_var('copyright', '', true); $template_id = request_var('template_id', 0); $theme_id = request_var('theme_id', 0); @@ -1598,7 +1598,7 @@ pagination_sep = \'{PAGINATION_SEP}\' $style_row = array( $mode . '_name' => request_var('name', ''), - $mode . '_copyright' => request_var('copyright', ''), + $mode . '_copyright' => request_var('copyright', '', true), 'template_id' => 0, 'theme_id' => 0, 'imageset_id' => 0, diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index a90832cd00..1d1c0b78ea 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -755,7 +755,7 @@ class acp_users $deletemark = (isset($_POST['delmarked'])) ? true : false; $deleteall = (isset($_POST['delall'])) ? true : false; $marked = request_var('mark', array(0)); - $message = request_var('message', ''); + $message = request_var('message', '', true); // Sort keys $sort_days = request_var('st', 0); @@ -872,7 +872,7 @@ class acp_users foreach ($var_ary as $var => $default) { - $data[$var] = request_var($var, $default); + $data[$var] = (in_array($var, array('location', 'occupation', 'interests')) ? request_var($var, $default, true) : $data[$var] = request_var($var, $default); } $var_ary = array( @@ -1424,7 +1424,7 @@ class acp_users $enable_bbcode = ($config['allow_sig_bbcode']) ? request_var('enable_bbcode', $this->optionget($user_row, 'bbcode')) : false; $enable_smilies = ($config['allow_sig_smilies']) ? request_var('enable_smilies', $this->optionget($user_row, 'smilies')) : false; $enable_urls = request_var('enable_urls', true); - $signature = request_var('signature', $user_row['user_sig']); + $signature = request_var('signature', $user_row['user_sig'], true); $preview = (isset($_POST['preview'])) ? true : false; diff --git a/phpBB/includes/acp/acp_words.php b/phpBB/includes/acp/acp_words.php index fce4757a3c..ef75eedcba 100644 --- a/phpBB/includes/acp/acp_words.php +++ b/phpBB/includes/acp/acp_words.php @@ -69,8 +69,8 @@ class acp_words case 'save': $word_id = request_var('id', 0); - $word = request_var('word', ''); - $replacement = request_var('replacement', ''); + $word = request_var('word', '', true); + $replacement = request_var('replacement', '', true); if (!$word || !$replacement) { diff --git a/phpBB/includes/acp/auth.php b/phpBB/includes/acp/auth.php index ebbb129994..2307d413fa 100644 --- a/phpBB/includes/acp/auth.php +++ b/phpBB/includes/acp/auth.php @@ -701,7 +701,7 @@ class auth_admin extends auth $id_field = $ug_type . '_id'; // Get any flags as required - list(, $flag) = each(array_keys($auth)); + $flag = key($auth); $flag = substr($flag, 0, strpos($flag, '_') + 1); // This ID (the any-flag) is set if one or more permissions are true... @@ -831,7 +831,7 @@ class auth_admin extends auth global $db; // Get any-flag as required - list(, $flag) = each(array_keys($auth)); + $flag = key($auth); $flag = substr($flag, 0, strpos($flag, '_') + 1); // Remove any-flag from auth ary diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php index 8ac13e25c1..0c259924d6 100644 --- a/phpBB/includes/functions_admin.php +++ b/phpBB/includes/functions_admin.php @@ -2254,7 +2254,7 @@ function tidy_warnings() WHERE warning_id $sql_where"; $db->sql_query($sql); - foreach($user_list as $user_id => $value) + foreach ($user_list as $user_id => $value) { $sql = 'UPDATE ' . USERS_TABLE . " SET user_warnings = user_warnings - $value WHERE user_id = $user_id"; diff --git a/phpBB/includes/functions_compress.php b/phpBB/includes/functions_compress.php index 55036b130d..2f3db3d343 100644 --- a/phpBB/includes/functions_compress.php +++ b/phpBB/includes/functions_compress.php @@ -116,7 +116,7 @@ class compress * * Zip extraction function by Alexandre Tedeschi, alexandrebr at gmail dot com * -* Modified extensively by psoTFX and DavidMJ, © phpBB Group, 2003 +* Modified extensively by psoTFX and DavidMJ, (c) phpBB Group, 2003 * * Based on work by Eric Mueller and Denis125 * Official ZIP file format: http://www.pkware.com/appnote.txt diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php index 398639034f..9e38d39296 100644 --- a/phpBB/includes/functions_display.php +++ b/phpBB/includes/functions_display.php @@ -563,16 +563,18 @@ function get_moderators(&$forum_moderators, $forum_id = false) /** * User authorisation levels output */ -function gen_forum_auth_level($mode, $forum_id) +function gen_forum_auth_level($mode, $forum_id, $forum_status) { global $SID, $template, $auth, $user; + $locked = ($forum_status == ITEM_LOCKED && !$auth->acl_get('m_edit', $forum_id)) ? true : false; + $rules = array( - ($auth->acl_get('f_post', $forum_id)) ? $user->lang['RULES_POST_CAN'] : $user->lang['RULES_POST_CANNOT'], - ($auth->acl_get('f_reply', $forum_id)) ? $user->lang['RULES_REPLY_CAN'] : $user->lang['RULES_REPLY_CANNOT'], - ($auth->acl_gets('f_edit', 'm_edit', $forum_id)) ? $user->lang['RULES_EDIT_CAN'] : $user->lang['RULES_EDIT_CANNOT'], - ($auth->acl_gets('f_delete', 'm_delete', $forum_id)) ? $user->lang['RULES_DELETE_CAN'] : $user->lang['RULES_DELETE_CANNOT'], - ($auth->acl_get('f_attach', $forum_id) && $auth->acl_get('u_attach', $forum_id)) ? $user->lang['RULES_ATTACH_CAN'] : $user->lang['RULES_ATTACH_CANNOT'] + ($auth->acl_get('f_post', $forum_id) && !$locked) ? $user->lang['RULES_POST_CAN'] : $user->lang['RULES_POST_CANNOT'], + ($auth->acl_get('f_reply', $forum_id) && !$locked) ? $user->lang['RULES_REPLY_CAN'] : $user->lang['RULES_REPLY_CANNOT'], + ($auth->acl_gets('f_edit', 'm_edit', $forum_id) && !$locked) ? $user->lang['RULES_EDIT_CAN'] : $user->lang['RULES_EDIT_CANNOT'], + ($auth->acl_gets('f_delete', 'm_delete', $forum_id) && !$locked) ? $user->lang['RULES_DELETE_CAN'] : $user->lang['RULES_DELETE_CANNOT'], + ($auth->acl_get('f_attach', $forum_id) && $auth->acl_get('u_attach', $forum_id) && !$locked) ? $user->lang['RULES_ATTACH_CAN'] : $user->lang['RULES_ATTACH_CANNOT'] ); foreach ($rules as $rule) diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index ec4ef3bf72..6fa73d10f6 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -834,7 +834,7 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id 'U_POST_ID' => $row['post_id'], 'U_MINI_POST' => "{$phpbb_root_path}viewtopic.$phpEx$SID&p=" . $row['post_id'] . '#p' . $row['post_id'], 'U_MCP_DETAILS' => ($auth->acl_get('m_', $forum_id)) ? "{$phpbb_root_path}mcp.$phpEx$SID&mode=post_details&p=" . $row['post_id'] : '', - 'U_QUOTE' => ($show_quote_button && $auth->acl_get('f_quote', $forum_id)) ? 'javascript:addquote(' . $row['post_id'] . ", '" . str_replace("'", "\\'", $poster) . "')" : '') + 'U_QUOTE' => ($show_quote_button && $auth->acl_get('f_reply', $forum_id)) ? 'javascript:addquote(' . $row['post_id'] . ", '" . str_replace("'", "\\'", $poster) . "')" : '') ); unset($rowset[$i]); } diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php index 3442e2fcc6..4104ba23f1 100644 --- a/phpBB/includes/functions_privmsgs.php +++ b/phpBB/includes/functions_privmsgs.php @@ -105,6 +105,7 @@ $global_rule_conditions = array( function get_folder($user_id, $folder_id = false) { global $db, $user, $template; + global $phpbb_root_path, $phpEx, $SID; $folder = array(); @@ -163,13 +164,17 @@ function get_folder($user_id, $folder_id = false) // Define Folder Array for template designers (and for making custom folders usable by the template too) foreach ($folder as $f_id => $folder_ary) { + $folder_id_name = ($f_id == PRIVMSGS_INBOX) ? 'inbox' : (($f_id == PRIVMSGS_OUTBOX) ? 'outbox' : 'sentbox'); + $template->assign_block_vars('folder', array( 'FOLDER_ID' => $f_id, 'FOLDER_NAME' => $folder_ary['folder_name'], 'NUM_MESSAGES' => $folder_ary['num_messages'], 'UNREAD_MESSAGES' => $folder_ary['unread_messages'], - 'S_CUR_FOLDER' => ($f_id == $folder_id) ? true : false, + 'U_FOLDER' => ($f_id > 0) ? "{$phpbb_root_path}ucp.$phpEx$SID&i=pm&folder={$f_id}" : "{$phpbb_root_path}ucp.$phpEx$SID&i=pm&folder={$folder_id_name}", + + 'S_CUR_FOLDER' => ($f_id === $folder_id) ? true : false, 'S_UNREAD_MESSAGES' => ($folder_ary['unread_messages']) ? true : false, 'S_CUSTOM_FOLDER' => ($f_id > 0) ? true : false) ); @@ -716,7 +721,7 @@ function handle_mark_actions($user_id, $mark_action) AND msg_id IN (" . implode(', ', $msg_ids) . ')'; $db->sql_query($sql); - break; + break; case 'delete_marked': @@ -742,13 +747,7 @@ function handle_mark_actions($user_id, $mark_action) confirm_box(false, 'DELETE_MARKED_PM', build_hidden_fields($s_hidden_fields)); } - break; - - case 'export_as_xml': - case 'export_as_csv': - case 'export_as_txt': - $export_as = str_replace('export_as_', '', $mark_action); - break; + break; default: return false; @@ -976,7 +975,7 @@ function write_pm_addresses($check_ary, $author_id, $plaintext = false) { if ($plaintext) { - $sql = 'SELECT group_name + $sql = 'SELECT group_name, group_type FROM ' . GROUPS_TABLE . ' WHERE group_id IN (' . implode(', ', $g) . ')'; $result = $db->sql_query($sql); @@ -985,7 +984,7 @@ function write_pm_addresses($check_ary, $author_id, $plaintext = false) { if ($check_type == 'to' || $author_id == $user->data['user_id'] || $row['user_id'] == $user->data['user_id']) { - $address[] = $row['group_name']; + $address[] = ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']; } } $db->sql_freeresult($result); @@ -1455,7 +1454,7 @@ function pm_notification($mode, $author, $recipients, $subject, $message) 'AUTHOR_NAME' => $author, 'USERNAME' => $addr['name'], - 'U_INBOX' => generate_board_url() . "/ucp.$phpEx?i=pm&mode=unread") + 'U_INBOX' => generate_board_url() . "/ucp.$phpEx?i=pm&folder=inbox") ); $messenger->send($addr['method']); diff --git a/phpBB/includes/functions_profile_fields.php b/phpBB/includes/functions_profile_fields.php index 0b87367216..f3f78e625b 100644 --- a/phpBB/includes/functions_profile_fields.php +++ b/phpBB/includes/functions_profile_fields.php @@ -454,7 +454,7 @@ class custom_profile } else { - $value = (isset($_REQUEST[$profile_row['field_ident']])) ? request_var($profile_row['field_ident'], $default_value) : ((!isset($user->profile_fields[str_replace('pf_', '', $profile_row['field_ident'])]) || $preview) ? $default_value : $user->profile_fields[str_replace('pf_', '', $profile_row['field_ident'])]); + $value = (isset($_REQUEST[$profile_row['field_ident']])) ? request_var($profile_row['field_ident'], $default_value, true) : ((!isset($user->profile_fields[str_replace('pf_', '', $profile_row['field_ident'])]) || $preview) ? $default_value : $user->profile_fields[str_replace('pf_', '', $profile_row['field_ident'])]); } switch ($field_validation) @@ -715,7 +715,7 @@ class custom_profile */ default: - $var = request_var($var_name, $profile_row['field_default_value']); + $var = request_var($var_name, $profile_row['field_default_value'], true); break; } diff --git a/phpBB/includes/functions_template.php b/phpBB/includes/functions_template.php index f7032d0e3c..6ed8c4c1ab 100644 --- a/phpBB/includes/functions_template.php +++ b/phpBB/includes/functions_template.php @@ -255,6 +255,14 @@ class template_compile */ function compile_tag_block($tag_args) { + $no_nesting = false; + + if (strpos($tag_args, '!') === 0) + { + $no_nesting = substr_count($tag_args, '!', 0, strrpos($tag_args, '!') + 1); + $tag_args = substr($tag_args, $no_nesting); + } + // Allow for control of looping (indexes start from zero): // foo(2) : Will start the loop on the 3rd entry // foo(-2) : Will start the loop two entries from the end @@ -305,7 +313,15 @@ class template_compile // This block is nested. // Generate a namespace string for this block. - $namespace = implode('.', $this->template->block_names); + if ($no_nesting !== false) + { + // We need to implode $no_nesting times from the end... + $namespace = implode('.', array_slice($this->template->block_names, -$no_nesting)); + } + else + { + $namespace = implode('.', $this->template->block_names); + } // Get a reference to the data array for this block that depends on the // current indices of all parent blocks. diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index ca2ef1517f..a9e08ec1e9 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -524,7 +524,7 @@ class fileupload $url = parse_url($upload_url); $host = $url['host']; - $path = dirname($url['path']); + $path = $url['path']; $port = (!empty($url['port'])) ? (int) $url['port'] : 80; $upload_ary['type'] = 'application/octet-stream'; @@ -543,7 +543,7 @@ class fileupload return $file; } - fputs($fsock, 'GET /' . $filename . " HTTP/1.1\r\n"); + fputs($fsock, 'GET /' . $path . " HTTP/1.1\r\n"); fputs($fsock, "HOST: " . $host . "\r\n"); fputs($fsock, "Connection: close\r\n\r\n"); @@ -569,6 +569,11 @@ class fileupload { $upload_ary['type'] = rtrim(str_replace('Content-Type: ', '', $line)); } + else if (strpos($line, 'HTTP/1.1 404 Not Found') !== false) + { + $file = new fileerror($user->lang[$this->error_prefix . 'URL_NOT_FOUND']); + return $file; + } } } } @@ -609,10 +614,15 @@ class fileupload { case 1: $error = (@ini_get('upload_max_filesize') == '') ? $user->lang[$this->error_prefix . 'PHP_SIZE_NA'] : sprintf($user->lang[$this->error_prefix . 'PHP_SIZE_OVERRUN'], @ini_get('upload_max_filesize')); - break; + break; + case 2: - $error = sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $this->max_filesize); - break; + $size_lang = ($this->max_filesize >= 1048576) ? $user->lang['MB'] : (($this->max_filesize >= 1024) ? $user->lang['KB'] : $user->lang['BYTES'] ); + $max_filesize = ($this->max_filesize >= 1048576) ? round($this->max_filesize / 1048576 * 100) / 100 : (($this->max_filesize >= 1024) ? round($this->max_filesize / 1024 * 100) / 100 : $this->max_filesize); + + $error = sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize, $size_lang); + break; + case 3: $error = 'The uploaded file was only partially uploaded'; break; @@ -637,7 +647,10 @@ class fileupload // Filesize is too big or it's 0 if it was larger than the maxsize in the upload form if ($this->max_filesize && ($file->get('filesize') > $this->max_filesize || $file->get('filesize') == 0)) { - $file->error[] = sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $this->max_filesize); + $size_lang = ($this->max_filesize >= 1048576) ? $user->lang['MB'] : (($this->max_filesize >= 1024) ? $user->lang['KB'] : $user->lang['BYTES'] ); + $max_filesize = ($this->max_filesize >= 1048576) ? round($this->max_filesize / 1048576 * 100) / 100 : (($this->max_filesize >= 1024) ? round($this->max_filesize / 1024 * 100) / 100 : $this->max_filesize); + + $file->error[] = sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize, $size_lang); } // check Filename diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 0b0adbcee5..4795348189 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1253,12 +1253,7 @@ function group_delete($group_id, $group_name = false) if (!$group_name) { - $sql = 'SELECT group_name - FROM ' . GROUPS_TABLE . " - WHERE group_id = $group_id"; - $result = $db->sql_query($sql); - $group_name = (string) $db->sql_fetchfield('group_name'); - $db->sql_freeresult($result); + $group_name = get_group_name($group_id); } $start = 0; @@ -1403,17 +1398,7 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false, if (!$group_name) { - $sql = 'SELECT group_name - FROM ' . GROUPS_TABLE . " - WHERE group_id = $group_id"; - $result = $db->sql_query($sql); - - if (!extract($db->sql_fetchrow($result))) - { - trigger_error("Could not obtain name of group $group_id", E_USER_ERROR); - } - - $db->sql_freeresult($result); + $group_name = get_group_name($group_id); } $log = ($leader) ? 'LOG_MODS_ADDED' : 'LOG_USERS_ADDED'; @@ -1526,12 +1511,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false, if (!$group_name) { - $sql = 'SELECT group_name - FROM ' . GROUPS_TABLE . " - WHERE group_id = $group_id"; - $result = $db->sql_query($sql); - $group_name = (string) $db->sql_fetchfield('group_name'); - $db->sql_freeresult($result); + $group_name = get_group_name($group_id); } $log = 'LOG_GROUP_REMOVE'; @@ -1590,12 +1570,7 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna if (!$group_name) { - $sql = 'SELECT group_name - FROM ' . GROUPS_TABLE . " - WHERE group_id = $group_id"; - $result = $db->sql_query($sql); - $group_name = (string) $db->sql_fetchfield('group_name'); - $db->sql_freeresult($result); + $group_name = get_group_name($group_id); } add_log('admin', $log, $group_name, implode(', ', $username_ary)); @@ -1653,6 +1628,28 @@ function group_set_user_default($group_id, $user_id_ary, $group_attributes = fal $db->sql_query($sql); } +/** +* Get group name +*/ +function get_group_name($group_id) +{ + global $db, $user; + + $sql = 'SELECT group_name, group_type + FROM ' . GROUPS_TABLE . ' + WHERE group_id = ' . (int) $group_id; + $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + if (!$row) + { + return ''; + } + + return ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']; +} + /** * Obtain either the members of a specified group, the groups the specified user is subscribed to * or checking if a specified user is in a specified group diff --git a/phpBB/includes/mcp/mcp_ban.php b/phpBB/includes/mcp/mcp_ban.php index ab13cce136..b79bbe00d7 100644 --- a/phpBB/includes/mcp/mcp_ban.php +++ b/phpBB/includes/mcp/mcp_ban.php @@ -40,8 +40,8 @@ class mcp_ban $ban_len = request_var('banlength', 0); $ban_len_other = request_var('banlengthother', ''); $ban_exclude = request_var('banexclude', 0); - $ban_reason = request_var('banreason', ''); - $ban_give_reason = request_var('bangivereason', ''); + $ban_reason = request_var('banreason', '', true); + $ban_give_reason = request_var('bangivereason', '', true); user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reason, $ban_give_reason); diff --git a/phpBB/includes/mcp/mcp_logs.php b/phpBB/includes/mcp/mcp_logs.php index cc4e931970..fe314eaac0 100755 --- a/phpBB/includes/mcp/mcp_logs.php +++ b/phpBB/includes/mcp/mcp_logs.php @@ -34,12 +34,12 @@ class mcp_logs { list($action, ) = each($action); } + else + { + $action = request_var('action', ''); + } // Set up general vars - - // Isn't this set above? :o - $action = request_var('action', ''); - $start = request_var('start', 0); $deletemark = (isset($_POST['del_marked'])) ? true : false; $deleteall = (isset($_POST['del_all'])) ? true : false; diff --git a/phpBB/includes/mcp/mcp_notes.php b/phpBB/includes/mcp/mcp_notes.php index 9a7419d0b4..c1620f778e 100755 --- a/phpBB/includes/mcp/mcp_notes.php +++ b/phpBB/includes/mcp/mcp_notes.php @@ -86,7 +86,7 @@ function mcp_notes_user_view($id, $mode, $action) $deletemark = ($action == 'del_marked') ? true : false; $deleteall = ($action == 'del_all') ? true : false; $marked = request_var('marknote', array(0)); - $usernote = request_var('usernote', ''); + $usernote = request_var('usernote', '', true); // Handle any actions if (($deletemark || $deleteall) && $auth->acl_get('a_clearlogs')) diff --git a/phpBB/includes/mcp/mcp_queue.php b/phpBB/includes/mcp/mcp_queue.php index 75052c4360..8e592d3ce8 100644 --- a/phpBB/includes/mcp/mcp_queue.php +++ b/phpBB/includes/mcp/mcp_queue.php @@ -535,7 +535,7 @@ function disapprove_post($post_id_list, $mode) } $redirect = request_var('redirect', $user->data['session_page']); - $reason = request_var('reason', ''); + $reason = request_var('reason', '', true); $reason_id = request_var('reason_id', 0); $success_msg = $additional_msg = ''; diff --git a/phpBB/includes/mcp/mcp_topic.php b/phpBB/includes/mcp/mcp_topic.php index a4bbca6e3b..b6a9bebd83 100644 --- a/phpBB/includes/mcp/mcp_topic.php +++ b/phpBB/includes/mcp/mcp_topic.php @@ -32,7 +32,7 @@ function mcp_topic_view($id, $mode, $action) // Set up some vars $icon_id = request_var('icon', 0); - $subject = request_var('subject', ''); + $subject = request_var('subject', '', true); $start = request_var('start', 0); $to_topic_id = request_var('to_topic_id', 0); $to_forum_id = request_var('to_forum_id', 0); diff --git a/phpBB/includes/mcp/mcp_warn.php b/phpBB/includes/mcp/mcp_warn.php index 10491b3528..6b6e809930 100755 --- a/phpBB/includes/mcp/mcp_warn.php +++ b/phpBB/includes/mcp/mcp_warn.php @@ -188,7 +188,7 @@ function mcp_warn_post_view($id, $mode, $action) $post_id = request_var('p', 0); $notify = (isset($_REQUEST['notify_user'])) ? true : false; - $warning = request_var('warning', ''); + $warning = request_var('warning', '', true); $sql = 'SELECT u.*, p.* FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . " u WHERE post_id = $post_id @@ -302,7 +302,7 @@ function mcp_warn_user_view($id, $mode, $action) $user_id = request_var('u', 0); $username = request_var('username', ''); $notify = (isset($_REQUEST['notify_user'])) ? true : false; - $warning = request_var('warning', ''); + $warning = request_var('warning', '', true); $sql_where = ($user_id) ? "user_id = $user_id" : "username = '" . $db->sql_escape($username) . "'"; diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index 9101b5ee87..9e86678580 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -1062,12 +1062,7 @@ class parse_message extends bbcode_firstpass { if ($edit_comment) { - $actual_comment_list = request_var('comment_list', array('')); - - foreach ($actual_comment_list as $index => $entry) - { - $this->attachment_data[$index]['comment'] = preg_replace('#&(\#[0-9]+;)#', '&\1', $entry); - } + $actual_comment_list = request_var('comment_list', array(''), true); } if (($add_file || $preview) && $upload_file) diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 8568d8f6db..4c08d0ce5b 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -177,22 +177,46 @@ class session $s_browser = ($config['browser_check']) ? substr($this->data['session_browser'], 0, 149) : ''; $u_browser = ($config['browser_check']) ? substr($this->browser, 0, 149) : ''; - if ($u_ip == $s_ip && $s_browser == $u_browser) + if ($u_ip === $s_ip && $s_browser === $u_browser) { - // Only update session DB a minute or so after last update or if page changes - if ($this->time_now - $this->data['session_time'] > 60 || $this->data['session_page'] != $this->page['page']) + $session_expired = false; + + // Check the session length timeframe if autologin is not enabled. + // Else check the autologin length... and also removing those having autologin enabled but no longer allowed board-wide. + if (!$this->data['session_autologin']) { - $sql = 'UPDATE ' . SESSIONS_TABLE . " - SET session_time = $this->time_now, session_page = '" . $db->sql_escape(substr($this->page['page'], 0, 199)) . "' - WHERE session_id = '" . $db->sql_escape($this->session_id) . "'"; - $db->sql_query($sql); + if ($this->data['session_time'] < $this->time_now - ($config['session_length'] + 60)) + { + $session_expired = true; + } } - - // Ultimately to be removed - $this->data['is_registered'] = ($this->data['user_id'] != ANONYMOUS && ($this->data['user_type'] == USER_NORMAL || $this->data['user_type'] == USER_FOUNDER)) ? true : false; - $this->data['is_bot'] = (!$this->data['is_registered'] && $this->data['user_id'] != ANONYMOUS) ? true : false; - - return true; + else if (!$config['allow_autologin'] || ($config['max_autologin_time'] && $this->data['session_time'] < $this->time_now - (86400 * (int) $config['max_autologin_time']) + 60)) + { + $session_expired = true; + } + + if (!$session_expired) + { + // Only update session DB a minute or so after last update or if page changes + if ($this->time_now - $this->data['session_time'] > 60 || $this->data['session_page'] != $this->page['page']) + { + $sql = 'UPDATE ' . SESSIONS_TABLE . " + SET session_time = $this->time_now, session_page = '" . $db->sql_escape(substr($this->page['page'], 0, 199)) . "' + WHERE session_id = '" . $db->sql_escape($this->session_id) . "'"; + $db->sql_query($sql); + } + + // Ultimately to be removed + $this->data['is_registered'] = ($this->data['user_id'] != ANONYMOUS && ($this->data['user_type'] == USER_NORMAL || $this->data['user_type'] == USER_FOUNDER)) ? true : false; + $this->data['is_bot'] = (!$this->data['is_registered'] && $this->data['user_id'] != ANONYMOUS) ? true : false; + + return true; + } + } + else + { + // Added logging temporarly to help debug bugs... + add_log('critical', 'LOG_IP_BROWSER_CHECK', $u_ip, $s_ip, $u_browser, $s_browser); } } } @@ -356,7 +380,7 @@ class session } else { - $this->data['session_last_visit'] = time(); + $this->data['session_last_visit'] = $this->time_now; } // At this stage we should have a filled data array, defined cookie u and k data. @@ -376,7 +400,10 @@ class session $this->data['is_bot'] = ($bot) ? true : false; // // - + + // @todo Change this ... check for "... && user_type & USER_NORMAL" ? + $session_autologin = (($this->cookie_data['k'] || $persist_login) && $this->data['is_registered']) ? true : false; + // Create or update the session $sql_ary = array( 'session_user_id' => (int) $this->data['user_id'], @@ -386,6 +413,7 @@ class session 'session_browser' => (string) $this->browser, 'session_page' => (string) substr($this->page['page'], 0, 199), 'session_ip' => (string) $this->ip, + 'session_autologin' => ($session_autologin) ? 1 : 0, 'session_admin' => ($set_admin) ? 1 : 0, 'session_viewonline' => ($viewonline) ? 1 : 0, ); @@ -423,8 +451,7 @@ class session $db->sql_return_on_error(false); // Regenerate autologin/persistent login key - // @todo Change this ... check for "... && user_type & USER_NORMAL" ? - if (($this->cookie_data['k'] || $persist_login) && $this->data['user_id'] != ANONYMOUS) + if ($session_autologin) { $this->set_login_key(); } diff --git a/phpBB/includes/ucp/info/ucp_pm.php b/phpBB/includes/ucp/info/ucp_pm.php index 5170f08d34..f1bc4776c8 100644 --- a/phpBB/includes/ucp/info/ucp_pm.php +++ b/phpBB/includes/ucp/info/ucp_pm.php @@ -19,9 +19,8 @@ class ucp_pm_info 'title' => 'UCP_PM', 'version' => '1.0.0', 'modes' => array( - 'view' => array('title' => 'UCP_PM_VIEW', 'auth' => 'cfg_allow_privmsg'), + 'view' => array('title' => 'UCP_PM_VIEW', 'auth' => 'cfg_allow_privmsg', 'display' => false), 'compose' => array('title' => 'UCP_PM_COMPOSE', 'auth' => 'cfg_allow_privmsg'), - 'unread' => array('title' => 'UCP_PM_UNREAD', 'auth' => 'cfg_allow_privmsg'), 'drafts' => array('title' => 'UCP_PM_DRAFTS', 'auth' => 'cfg_allow_privmsg'), 'options' => array('title' => 'UCP_PM_OPTIONS', 'auth' => 'cfg_allow_privmsg'), 'popup' => array('title' => 'UCP_PM_POPUP_TITLE', 'auth' => 'cfg_allow_privmsg', 'display' => false), diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php index 21824e7aef..14dd4fc157 100644 --- a/phpBB/includes/ucp/ucp_groups.php +++ b/phpBB/includes/ucp/ucp_groups.php @@ -486,26 +486,30 @@ class ucp_groups } } - // Only set the rank, colour, etc. if it's changed or if we're adding a new - // group. This prevents existing group members being updated if no changes - // were made. - - $group_attributes = array(); - $test_variables = array('rank', 'colour', 'avatar', 'avatar_type', 'avatar_width', 'avatar_height'); - foreach ($test_variables as $test) + if (!sizeof($error)) { - if ($action == 'add' || (isset($submit_ary[$test]) && $group_row['group_' . $test] != $submit_ary[$test])) + // Only set the rank, colour, etc. if it's changed or if we're adding a new + // group. This prevents existing group members being updated if no changes + // were made. + + $group_attributes = array(); + $test_variables = array('rank', 'colour', 'avatar', 'avatar_type', 'avatar_width', 'avatar_height'); + foreach ($test_variables as $test) { - $group_attributes['group_' . $test] = $group_row['group_' . $test] = $submit_ary[$test]; + if ($action == 'add' || (isset($submit_ary[$test]) && $group_row['group_' . $test] != $submit_ary[$test])) + { + $group_attributes['group_' . $test] = $group_row['group_' . $test] = $submit_ary[$test]; + } + } + + if (!($error = group_create($group_id, $group_type, $group_name, $group_desc, $group_attributes, $allow_desc_bbcode, $allow_desc_urls, $allow_desc_smilies))) + { + $message = ($action == 'edit') ? 'GROUP_UPDATED' : 'GROUP_CREATED'; + trigger_error($user->lang[$message] . $return_page); } } - if (!($error = group_create($group_id, $group_type, $group_name, $group_desc, $group_attributes, $allow_desc_bbcode, $allow_desc_urls, $allow_desc_smilies))) - { - $message = ($action == 'edit') ? 'GROUP_UPDATED' : 'GROUP_CREATED'; - trigger_error($user->lang[$message] . $return_page); - } - else + if (sizeof($error)) { $group_rank = $submit_ary['rank']; diff --git a/phpBB/includes/ucp/ucp_main.php b/phpBB/includes/ucp/ucp_main.php index 77d855cda9..cedb1ef091 100644 --- a/phpBB/includes/ucp/ucp_main.php +++ b/phpBB/includes/ucp/ucp_main.php @@ -543,7 +543,7 @@ class ucp_main // Get folder img, topic status/type related informations $folder_img = $folder_alt = $topic_type = ''; - $unread_topic = false; // TODO: get proper unread status + $unread_topic = false; topic_status($row, $replies, $unread_topic, $folder_img, $folder_alt, $topic_type); $view_topic_url = "viewtopic.$phpEx$SID&f=$forum_id&t=$topic_id"; diff --git a/phpBB/includes/ucp/ucp_pm.php b/phpBB/includes/ucp/ucp_pm.php index 83e711fea9..e6fe312dba 100644 --- a/phpBB/includes/ucp/ucp_pm.php +++ b/phpBB/includes/ucp/ucp_pm.php @@ -16,7 +16,6 @@ * @param inbox|outbox|sentbox display folder with the associated name * * -* Display Unread Messages - mode=unread * Display Messages (default to inbox) - mode=view * Display single message - mode=view&p=[msg_id] or &p=[msg_id] (short linkage) * @@ -101,7 +100,7 @@ class ucp_pm ); $tpl_file = 'ucp_pm_popup'; - break; + break; // Compose message case 'compose': @@ -118,7 +117,7 @@ class ucp_pm compose_pm($id, $mode, $action); $tpl_file = 'posting_body'; - break; + break; case 'options': $sql = 'SELECT group_message_limit @@ -136,7 +135,7 @@ class ucp_pm message_options($id, $mode, $global_privmsgs_rules, $global_rule_conditions); $tpl_file = 'ucp_pm_options'; - break; + break; case 'drafts': @@ -155,7 +154,6 @@ class ucp_pm break; - case 'unread': case 'view': $sql = 'SELECT group_message_limit @@ -181,7 +179,7 @@ class ucp_pm $msg_id = request_var('p', 0); $view = request_var('view', ''); -// if ($msg_id && $action == 'view_folder') + // View message if specified if ($msg_id) { $action = 'view_message'; @@ -200,12 +198,23 @@ class ucp_pm // First Handle Mark actions and moving messages + $submit_mark = (isset($_POST['submit_mark'])) ? true : false; + $move_pm = (isset($_POST['move_pm'])) ? true : false; + $mark_option = request_var('mark_option', ''); + $dest_folder = request_var('dest_folder', PRIVMSGS_NO_BOX); + + // Is moving PM triggered through mark options? + if (!in_array($mark_option, array('mark_important', 'delete_marked')) && $submit_mark) + { + $move_pm = true; + $dest_folder = (int) $mark_option; + $submit_mark = false; + } // Move PM - if (isset($_REQUEST['move_pm'])) + if ($move_pm) { $move_msg_ids = (isset($_POST['marked_msg_id'])) ? array_map('intval', $_POST['marked_msg_id']) : array(); - $dest_folder = request_var('dest_folder', PRIVMSGS_NO_BOX); $cur_folder_id = request_var('cur_folder_id', PRIVMSGS_NO_BOX); if (move_pm($user->data['user_id'], $user->data['message_limit'], $move_msg_ids, $dest_folder, $cur_folder_id)) @@ -221,9 +230,9 @@ class ucp_pm } // Message Mark Options - if (isset($_REQUEST['submit_mark'])) + if ($submit_mark) { - handle_mark_actions($user->data['user_id'], request_var('mark_option', '')); + handle_mark_actions($user->data['user_id'], $mark_option); } // If new messages arrived, place them into the appropiate folder @@ -234,7 +243,7 @@ class ucp_pm $num_not_moved = $user->data['user_new_privmsg']; } - if (!$msg_id && $folder_id == PRIVMSGS_NO_BOX && $mode != 'unread') + if (!$msg_id && $folder_id == PRIVMSGS_NO_BOX) { $folder_id = PRIVMSGS_INBOX; } @@ -244,8 +253,11 @@ class ucp_pm FROM ' . PRIVMSGS_TO_TABLE . " WHERE msg_id = $msg_id AND user_id = " . $user->data['user_id']; - $result = $db->sql_query_limit($sql, 1); - if (!($row = $db->sql_fetchrow($result))) + $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + if (!$row) { trigger_error('NO_MESSAGE'); } @@ -256,7 +268,6 @@ class ucp_pm if ($action == 'view_message' && $msg_id) { // Get Message user want to see - if ($view == 'next' || $view == 'previous') { $sql_condition = ($view == 'next') ? '>' : '<'; @@ -271,8 +282,10 @@ class ucp_pm AND p.message_time $sql_condition p2.message_time ORDER BY p.message_time $sql_ordering"; $result = $db->sql_query_limit($sql, 1); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); - if (!($row = $db->sql_fetchrow($result))) + if (!$row) { $message = ($view == 'next') ? 'NO_NEWER_PM' : 'NO_OLDER_PM'; trigger_error($message); @@ -290,9 +303,11 @@ class ucp_pm AND t.folder_id = $folder_id AND t.msg_id = p.msg_id AND p.msg_id = $msg_id"; - $result = $db->sql_query_limit($sql, 1); + $result = $db->sql_query($sql); + $message_row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); - if (!($message_row = $db->sql_fetchrow($result))) + if (!$message_row) { trigger_error('NO_MESSAGE'); } @@ -306,7 +321,7 @@ class ucp_pm $s_folder_options = $s_to_folder_options = ''; foreach ($folder as $f_id => $folder_ary) { - $option = '' . $folder_ary['folder_name'] . (($folder_ary['unread_messages']) ? ' [' . $folder_ary['unread_messages'] . '] ' : '') . ''; + $option = '' . $folder_ary['folder_name'] . (($folder_ary['unread_messages']) ? ' [' . $folder_ary['unread_messages'] . '] ' : '') . ''; $s_to_folder_options .= ($f_id != PRIVMSGS_OUTBOX && $f_id != PRIVMSGS_SENTBOX) ? $option : ''; $s_folder_options .= $option; @@ -338,25 +353,25 @@ class ucp_pm 'S_IN_OUTBOX' => ($folder_id == PRIVMSGS_OUTBOX) ? true : false, 'S_IN_SENTBOX' => ($folder_id == PRIVMSGS_SENTBOX) ? true : false, - 'FOLDER_STATUS' => $folder_status['message'], - 'FOLDER_MAX_MESSAGES' => $folder_status['max'], - 'FOLDER_CUR_MESSAGES' => $folder_status['cur'], + 'FOLDER_STATUS' => $folder_status['message'], + 'FOLDER_MAX_MESSAGES' => $folder_status['max'], + 'FOLDER_CUR_MESSAGES' => $folder_status['cur'], 'FOLDER_REMAINING_MESSAGES' => $folder_status['remaining'], - 'FOLDER_PERCENT' => $folder_status['percent']) + 'FOLDER_PERCENT' => $folder_status['percent']) ); - if ($mode == 'unread' || $action == 'view_folder') + if ($action == 'view_folder') { include($phpbb_root_path . 'includes/ucp/ucp_pm_viewfolder.'.$phpEx); - view_folder($id, $mode, $folder_id, $folder, (($mode == 'unread') ? 'unread' : 'folder')); + view_folder($id, $mode, $folder_id, $folder); $tpl_file = 'ucp_pm_viewfolder'; } else if ($action == 'view_message') { $template->assign_vars(array( - 'S_VIEW_MESSAGE'=> true, - 'MSG_ID' => $msg_id) + 'S_VIEW_MESSAGE' => true, + 'MSG_ID' => $msg_id) ); if (!$msg_id) @@ -370,7 +385,7 @@ class ucp_pm $tpl_file = ($view == 'print') ? 'ucp_pm_viewmessage_print' : 'ucp_pm_viewmessage'; } - break; + break; default: trigger_error('NO_ACTION_MODE'); diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index fcdeb65541..4fca6cec0b 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -413,16 +413,14 @@ function compose_pm($id, $mode, $action) if ($submit || $preview || $refresh) { - $subject = request_var('subject', ''); + $subject = request_var('subject', '', true); if (strcmp($subject, strtoupper($subject)) == 0 && $subject) { $subject = strtolower($subject); } - $subject = preg_replace('#&(\#[0-9]+;)#', '&\1', $subject); - $message_parser->message = (isset($_POST['message'])) ? htmlspecialchars(str_replace(array('\\\'', '\\"', '\\0', '\\\\'), array('\'', '"', '\0', '\\'), $_POST['message'])) : ''; - $message_parser->message = preg_replace('#&(\#[0-9]+;)#', '&\1', $message_parser->message); + $message_parser->message = request_var('message', '', true); $icon_id = request_var('icon', 0); @@ -502,7 +500,7 @@ function compose_pm($id, $mode, $action) unset($message_parser); // ((!$message_subject) ? $subject : $message_subject) - $msg_id = submit_pm($action, $subject, $pm_data, $update_message); + $msg_id = submit_pm($action, $subject, $pm_data, true); $return_message_url = "{$phpbb_root_path}ucp.$phpEx$SID&i=pm&mode=view&p=" . $msg_id; $return_folder_url = "{$phpbb_root_path}ucp.$phpEx$SID&i=pm&folder=outbox"; diff --git a/phpBB/includes/ucp/ucp_pm_options.php b/phpBB/includes/ucp/ucp_pm_options.php index b3f6b02bbe..d4399b5b63 100644 --- a/phpBB/includes/ucp/ucp_pm_options.php +++ b/phpBB/includes/ucp/ucp_pm_options.php @@ -56,7 +56,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit // Add Folder if (isset($_POST['addfolder'])) { - $folder_name = request_var('foldername', ''); + $folder_name = request_var('foldername', '', true); if ($folder_name) { @@ -97,7 +97,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit // Rename folder if (isset($_POST['rename_folder'])) { - $new_folder_name = request_var('new_folder_name', ''); + $new_folder_name = request_var('new_folder_name', '', true); $rename_folder_id= request_var('rename_folder_id', 0); if (!$new_folder_name) @@ -240,7 +240,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit $rule_option = request_var('rule_option', 0); $cond_option = request_var('cond_option', ''); $action_option = explode('|', request_var('action_option', '')); - $rule_string = ($cond_option != 'none') ? request_var('rule_string', '') : ''; + $rule_string = ($cond_option != 'none') ? request_var('rule_string', '', true) : ''; $rule_user_id = ($cond_option != 'none') ? request_var('rule_user_id', 0) : 0; $rule_group_id = ($cond_option != 'none') ? request_var('rule_group_id', 0) : 0; @@ -620,7 +620,7 @@ function define_cond_option($hardcoded, $cond_option, $rule_option, $global_rule switch ($condition) { case 'text': - $rule_string = request_var('rule_string', ''); + $rule_string = request_var('rule_string', '', true); $template->assign_vars(array( 'S_TEXT_CONDITION' => true, @@ -634,7 +634,7 @@ function define_cond_option($hardcoded, $cond_option, $rule_option, $global_rule case 'user': $rule_user_id = request_var('rule_user_id', 0); - $rule_string = request_var('rule_string', ''); + $rule_string = request_var('rule_string', '', true); if ($rule_string && !$rule_user_id) { @@ -677,7 +677,7 @@ function define_cond_option($hardcoded, $cond_option, $rule_option, $global_rule case 'group': $rule_group_id = request_var('rule_group_id', 0); - $rule_string = request_var('rule_string', ''); + $rule_string = request_var('rule_string', '', true); $sql_and = ($auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel')) ? '<> ' . GROUP_SPECIAL : 'NOT IN (' . GROUP_SPECIAL . ', ' . GROUP_HIDDEN . ')'; $sql = 'SELECT group_id, group_name, group_type diff --git a/phpBB/includes/ucp/ucp_pm_viewfolder.php b/phpBB/includes/ucp/ucp_pm_viewfolder.php index f54c62bb2e..98b9a439e2 100644 --- a/phpBB/includes/ucp/ucp_pm_viewfolder.php +++ b/phpBB/includes/ucp/ucp_pm_viewfolder.php @@ -12,14 +12,14 @@ * View message folder * Called from ucp_pm with mode == 'view' && action == 'view_folder' */ -function view_folder($id, $mode, $folder_id, $folder, $type) +function view_folder($id, $mode, $folder_id, $folder) { global $user, $template, $auth, $db, $cache; global $phpbb_root_path, $config, $phpEx, $SID; $submit_export = (isset($_POST['submit_export'])) ? true : false; - $folder_info = get_pm_from($folder_id, $folder, $user->data['user_id'], "{$phpbb_root_path}ucp.$phpEx$SID", $type); + $folder_info = get_pm_from($folder_id, $folder, $user->data['user_id'], "{$phpbb_root_path}ucp.$phpEx$SID"); if (!$submit_export) { @@ -48,6 +48,20 @@ function view_folder($id, $mode, $folder_id, $folder, $type) $s_mark_options .= ''; } + // We do the folder moving options here too, for template authors to use... + $s_folder_move_options = ''; + foreach ($folder as $f_id => $folder_ary) + { + if ($f_id == PRIVMSGS_OUTBOX || $f_id == PRIVMSGS_SENTBOX || $f_id == $folder_id) + { + continue; + } + + $s_folder_move_options .= ''; + $s_folder_move_options .= sprintf($user->lang['MOVE_MARKED_TO_FOLDER'], $folder_ary['folder_name']); + $s_folder_move_options .= (($folder_ary['unread_messages']) ? ' [' . $folder_ary['unread_messages'] . '] ' : '') . ''; + } + $friend = $foe = array(); // Get friends and foes @@ -64,8 +78,8 @@ function view_folder($id, $mode, $folder_id, $folder, $type) $db->sql_freeresult($result); $template->assign_vars(array( - 'S_UNREAD' => ($type == 'unread'), - 'S_MARK_OPTIONS'=> $s_mark_options) + 'S_MARK_OPTIONS' => $s_mark_options, + 'S_MOVE_MARKED_OPTIONS' => $s_folder_move_options) ); // Okay, lets dump out the page ... @@ -344,10 +358,8 @@ function view_folder($id, $mode, $folder_id, $folder, $type) /** * Get Messages from folder/user -* -* @param unread|new|folder $type type of message */ -function get_pm_from($folder_id, $folder, $user_id, $url, $type = 'folder') +function get_pm_from($folder_id, $folder, $user_id, $url) { global $user, $db, $template, $config, $auth, $_POST; @@ -368,16 +380,7 @@ function get_pm_from($folder_id, $folder, $user_id, $url, $type = 'folder') $s_limit_days = $s_sort_key = $s_sort_dir = $u_sort_param = ''; gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sort_dir, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param); - if ($type != 'folder') - { - $folder_sql = ($type == 'unread') ? 't.unread = 1' : 't.new = 1'; - $folder_sql .= ' AND t.folder_id NOT IN (' . PRIVMSGS_HOLD_BOX . ', ' . PRIVMSGS_NO_BOX . ')'; - $folder_id = PRIVMSGS_INBOX; - } - else - { - $folder_sql = 't.folder_id = ' . (int) $folder_id; - } + $folder_sql = 't.folder_id = ' . (int) $folder_id; // Limit pms to certain time frame, obtain correct pm count if ($sort_days) @@ -404,32 +407,7 @@ function get_pm_from($folder_id, $folder, $user_id, $url, $type = 'folder') } else { - if ($type == 'folder') - { - $pm_count = $folder[$folder_id]['num_messages']; - } - else - { - if (in_array($folder_id, array(PRIVMSGS_INBOX, PRIVMSGS_OUTBOX, PRIVMSGS_SENTBOX))) - { - $sql = 'SELECT COUNT(t.msg_id) AS pm_count - FROM ' . PRIVMSGS_TO_TABLE . ' t, ' . PRIVMSGS_TABLE . " p - WHERE $folder_sql - AND t.user_id = $user_id - AND t.msg_id = p.msg_id"; - } - else - { - $sql = 'SELECT pm_count - FROM ' . PRIVMSGS_FOLDER_TABLE . " - WHERE folder_id = $folder_id - AND user_id = $user_id"; - } - $result = $db->sql_query_limit($sql, 1); - $pm_count = ($row = $db->sql_fetchrow($result)) ? $row['pm_count'] : 0; - $db->sql_freeresult($result); - } - + $pm_count = $folder[$folder_id]['num_messages']; $sql_limit_time = ''; } diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php index cf5824200d..b2a2d6d878 100644 --- a/phpBB/includes/ucp/ucp_profile.php +++ b/phpBB/includes/ucp/ucp_profile.php @@ -255,7 +255,7 @@ class ucp_profile foreach ($var_ary as $var => $default) { - $data[$var] = request_var($var, $default); + $data[$var] = (in_array($var, array('location', 'occupation', 'interests'))) ? request_var($var, $default, true) : request_var($var, $default); } $var_ary = array( @@ -407,7 +407,7 @@ class ucp_profile $enable_bbcode = ($config['allow_sig_bbcode']) ? request_var('enable_bbcode', $user->optionget('bbcode')) : false; $enable_smilies = ($config['allow_sig_smilies']) ? request_var('enable_smilies', $user->optionget('smilies')) : false; $enable_urls = request_var('enable_urls', true); - $signature = request_var('signature', $user->data['user_sig']); + $signature = request_var('signature', $user->data['user_sig'], true); if ($submit || $preview) { diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php index 0ac9290c15..b471e1a79c 100644 --- a/phpBB/includes/ucp/ucp_register.php +++ b/phpBB/includes/ucp/ucp_register.php @@ -27,7 +27,6 @@ class ucp_register include($phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx); - // Do not alter this first one to use request_var! $confirm_id = request_var('confirm_id', ''); $coppa = (isset($_REQUEST['coppa'])) ? ((!empty($_REQUEST['coppa'])) ? 1 : 0) : false; $agreed = (!empty($_POST['agreed'])) ? 1 : 0; diff --git a/phpBB/install/schemas/firebird_schema.sql b/phpBB/install/schemas/firebird_schema.sql index 54ec5f5ced..547823ca11 100644 --- a/phpBB/install/schemas/firebird_schema.sql +++ b/phpBB/install/schemas/firebird_schema.sql @@ -520,6 +520,7 @@ CREATE TABLE phpbb_sessions ( session_browser VARCHAR(150), session_page VARCHAR(200) NOT NULL, session_viewonline INTEGER DEFAULT 1 NOT NULL, + session_autologin INTEGER DEFAULT 0 NOT NULL, session_admin INTEGER DEFAULT 0 NOT NULL );; diff --git a/phpBB/install/schemas/mssql_schema.sql b/phpBB/install/schemas/mssql_schema.sql index 4763557f9b..ad5666ae6f 100644 --- a/phpBB/install/schemas/mssql_schema.sql +++ b/phpBB/install/schemas/mssql_schema.sql @@ -526,6 +526,7 @@ CREATE TABLE [phpbb_sessions] ( [session_browser] [varchar] (150) NULL , [session_page] [varchar] (200) NOT NULL , [session_viewonline] [int] NOT NULL , + [session_autologin] [int] NOT NULL , [session_admin] [int] NOT NULL ) ON [PRIMARY] GO @@ -1525,6 +1526,7 @@ ALTER TABLE [phpbb_sessions] WITH NOCHECK ADD CONSTRAINT [DF_sessio_session_time] DEFAULT (0) FOR [session_time], CONSTRAINT [DF_sessio_session_ip] DEFAULT ('0') FOR [session_ip], CONSTRAINT [DF_sessio_session_viewonline] DEFAULT (1) FOR [session_viewonline], + CONSTRAINT [DF_sessio_session_autologin] DEFAULT (0) FOR [session_autologin], CONSTRAINT [DF_sessio_session_admin] DEFAULT (0) FOR [session_admin] GO diff --git a/phpBB/install/schemas/mysql_schema.sql b/phpBB/install/schemas/mysql_schema.sql index 1468e38ebc..cc6ee790ce 100644 --- a/phpBB/install/schemas/mysql_schema.sql +++ b/phpBB/install/schemas/mysql_schema.sql @@ -611,6 +611,7 @@ CREATE TABLE phpbb_sessions ( session_browser varchar(150) DEFAULT '' NOT NULL, session_page varchar(200) DEFAULT '' NOT NULL, session_viewonline tinyint(1) DEFAULT '1' NOT NULL, + session_autologin tinyint(1) DEFAULT '0' NOT NULL, session_admin tinyint(1) DEFAULT '0' NOT NULL, PRIMARY KEY (session_id), KEY session_time (session_time), diff --git a/phpBB/install/schemas/oracle_schema.sql b/phpBB/install/schemas/oracle_schema.sql index 928c22c0aa..86075cbf7b 100644 --- a/phpBB/install/schemas/oracle_schema.sql +++ b/phpBB/install/schemas/oracle_schema.sql @@ -1220,6 +1220,7 @@ CREATE TABLE phpbb_sessions ( session_browser varchar2(150) DEFAULT '', session_page varchar2(200) DEFAULT '', session_viewonline number(1) DEFAULT '1' NOT NULL, + session_autologin number(1) DEFAULT '0' NOT NULL, session_admin number(1) DEFAULT '0' NOT NULL, CONSTRAINT pk_phpbb_sessions PRIMARY KEY (session_id) ) diff --git a/phpBB/install/schemas/postgres_schema.sql b/phpBB/install/schemas/postgres_schema.sql index 4d956b5df0..1be0a40040 100644 --- a/phpBB/install/schemas/postgres_schema.sql +++ b/phpBB/install/schemas/postgres_schema.sql @@ -828,6 +828,7 @@ CREATE TABLE phpbb_sessions ( session_browser varchar(150) DEFAULT '' NULL, session_page varchar(200) DEFAULT '' NOT NULL, session_viewonline INT2 DEFAULT '1' NOT NULL, + session_autologin INT2 DEFAULT '0' NOT NULL, session_admin INT2 DEFAULT '0' NOT NULL, PRIMARY KEY (session_id), CHECK (session_user_id>=0) diff --git a/phpBB/install/schemas/schema_data.sql b/phpBB/install/schemas/schema_data.sql index d5c40c9cc0..dc402febf2 100644 --- a/phpBB/install/schemas/schema_data.sql +++ b/phpBB/install/schemas/schema_data.sql @@ -220,7 +220,6 @@ INSERT INTO phpbb_auth_options (auth_option, is_local) VALUES ('f_list', 1); INSERT INTO phpbb_auth_options (auth_option, is_local) VALUES ('f_read', 1); INSERT INTO phpbb_auth_options (auth_option, is_local) VALUES ('f_post', 1); INSERT INTO phpbb_auth_options (auth_option, is_local) VALUES ('f_reply', 1); -INSERT INTO phpbb_auth_options (auth_option, is_local) VALUES ('f_quote', 1); INSERT INTO phpbb_auth_options (auth_option, is_local) VALUES ('f_edit', 1); INSERT INTO phpbb_auth_options (auth_option, is_local) VALUES ('f_user_lock', 1); INSERT INTO phpbb_auth_options (auth_option, is_local) VALUES ('f_delete', 1); @@ -240,7 +239,6 @@ INSERT INTO phpbb_auth_options (auth_option, is_local) VALUES ('f_flash', 1); INSERT INTO phpbb_auth_options (auth_option, is_local) VALUES ('f_sigs', 1); INSERT INTO phpbb_auth_options (auth_option, is_local) VALUES ('f_search', 1); INSERT INTO phpbb_auth_options (auth_option, is_local) VALUES ('f_email', 1); -INSERT INTO phpbb_auth_options (auth_option, is_local) VALUES ('f_rate', 1); INSERT INTO phpbb_auth_options (auth_option, is_local) VALUES ('f_print', 1); INSERT INTO phpbb_auth_options (auth_option, is_local) VALUES ('f_ignoreflood', 1); INSERT INTO phpbb_auth_options (auth_option, is_local) VALUES ('f_postcount', 1); @@ -467,21 +465,20 @@ INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (24, 1, 'prefs', 'ucp', 1, 23, 80, 81, 'UCP_PREFS_PERSONAL', 'personal', ''); INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (25, 1, 'prefs', 'ucp', 1, 23, 82, 83, 'UCP_PREFS_VIEW', 'view', ''); INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (26, 1, 'prefs', 'ucp', 1, 23, 84, 85, 'UCP_PREFS_POST', 'post', ''); -INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (27, 1, '', 'ucp', 1, 0, 87, 100, 'UCP_PM', '', ''); -INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (28, 1, 'pm', 'ucp', 1, 27, 88, 89, 'UCP_PM_VIEW', 'view', 'cfg_allow_privmsg'); +INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (27, 1, '', 'ucp', 1, 0, 87, 98, 'UCP_PM', '', ''); +INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (28, 1, 'pm', 'ucp', 0, 27, 88, 89, 'UCP_PM_VIEW', 'view', 'cfg_allow_privmsg'); INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (29, 1, 'pm', 'ucp', 1, 27, 90, 91, 'UCP_PM_COMPOSE', 'compose', 'cfg_allow_privmsg'); -INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (30, 1, 'pm', 'ucp', 1, 27, 92, 93, 'UCP_PM_UNREAD', 'unread', 'cfg_allow_privmsg'); -INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (31, 1, 'pm', 'ucp', 1, 27, 94, 95, 'UCP_PM_DRAFTS', 'drafts', 'cfg_allow_privmsg'); -INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (32, 1, 'pm', 'ucp', 1, 27, 96, 97, 'UCP_PM_OPTIONS', 'options', 'cfg_allow_privmsg'); -INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (33, 1, '', 'ucp', 1, 0, 101, 106, 'UCP_USERGROUPS', '', ''); -INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (34, 1, 'groups', 'ucp', 1, 33, 102, 103, 'UCP_USERGROUPS_MEMBER', 'membership', ''); -INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (35, 1, 'groups', 'ucp', 1, 33, 104, 105, 'UCP_USERGROUPS_MANAGE', 'manage', ''); -INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (36, 1, '', 'ucp', 1, 0, 107, 110, 'UCP_ATTACHMENTS', '', ''); -INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (37, 1, 'attachments', 'ucp', 1, 36, 108, 109, 'UCP_ATTACHMENTS', 'attachments', 'acl_u_attach'); -INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (38, 1, '', 'ucp', 1, 0, 111, 116, 'UCP_ZEBRA', '', ''); -INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (39, 1, 'zebra', 'ucp', 1, 38, 112, 113, 'UCP_ZEBRA_FRIENDS', 'friends', ''); -INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (40, 1, 'zebra', 'ucp', 1, 38, 114, 115, 'UCP_ZEBRA_FOES', 'foes', ''); -INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (90, 1, 'pm', 'ucp', 0, 27, 98, 99, 'UCP_PM_POPUP_TITLE', 'popup', 'cfg_allow_privmsg'); +INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (31, 1, 'pm', 'ucp', 1, 27, 92, 93, 'UCP_PM_DRAFTS', 'drafts', 'cfg_allow_privmsg'); +INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (32, 1, 'pm', 'ucp', 1, 27, 94, 95, 'UCP_PM_OPTIONS', 'options', 'cfg_allow_privmsg'); +INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (33, 1, '', 'ucp', 1, 0, 99, 104, 'UCP_USERGROUPS', '', ''); +INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (34, 1, 'groups', 'ucp', 1, 33, 100, 101, 'UCP_USERGROUPS_MEMBER', 'membership', ''); +INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (35, 1, 'groups', 'ucp', 1, 33, 102, 103, 'UCP_USERGROUPS_MANAGE', 'manage', ''); +INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (36, 1, '', 'ucp', 1, 0, 105, 108, 'UCP_ATTACHMENTS', '', ''); +INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (37, 1, 'attachments', 'ucp', 1, 36, 106, 107, 'UCP_ATTACHMENTS', 'attachments', 'acl_u_attach'); +INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (38, 1, '', 'ucp', 1, 0, 109, 114, 'UCP_ZEBRA', '', ''); +INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (39, 1, 'zebra', 'ucp', 1, 38, 110, 111, 'UCP_ZEBRA_FRIENDS', 'friends', ''); +INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (40, 1, 'zebra', 'ucp', 1, 38, 112, 113, 'UCP_ZEBRA_FOES', 'foes', ''); +INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (90, 1, 'pm', 'ucp', 0, 27, 96, 97, 'UCP_PM_POPUP_TITLE', 'popup', 'cfg_allow_privmsg'); # ACP INSERT INTO phpbb_modules (module_id, module_enabled, module_display, module_name, module_class, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (2, 1, 1, '', 'acp', 0, 237, 274, 'ACP_CAT_GENERAL', '', ''); @@ -661,19 +658,19 @@ INSERT INTO phpbb_auth_groups (group_id, forum_id, auth_option_id, auth_setting) # REGISTERED/REGISTERED COPPA groups - common forum rights INSERT INTO phpbb_auth_groups (group_id, forum_id, auth_option_id, auth_setting) SELECT 4, 0, auth_option_id, 1 FROM phpbb_auth_options WHERE auth_option LIKE 'u_%' AND auth_option NOT IN ('u_chggrp', 'u_viewonline', 'u_chgname'); -INSERT INTO phpbb_auth_groups (group_id, forum_id, auth_option_id, auth_setting) SELECT 4, 1, auth_option_id, 1 FROM phpbb_auth_options WHERE auth_option IN ('f_', 'f_list', 'f_read', 'f_post', 'f_reply', 'f_quote', 'f_edit', 'f_delete', 'f_vote', 'f_download', 'f_bbcode', 'f_smilies', 'f_img', 'f_flash', 'f_sigs', 'f_search', 'f_email', 'f_print', 'f_postcount', 'f_subscribe'); -INSERT INTO phpbb_auth_groups (group_id, forum_id, auth_option_id, auth_setting) SELECT 4, 2, auth_option_id, 1 FROM phpbb_auth_options WHERE auth_option IN ('f_', 'f_list', 'f_read', 'f_post', 'f_reply', 'f_quote', 'f_edit', 'f_delete', 'f_vote', 'f_votechg', 'f_download', 'f_bbcode', 'f_smilies', 'f_img', 'f_flash', 'f_sigs', 'f_search', 'f_email', 'f_print', 'f_postcount', 'f_report', 'f_subscribe'); +INSERT INTO phpbb_auth_groups (group_id, forum_id, auth_option_id, auth_setting) SELECT 4, 1, auth_option_id, 1 FROM phpbb_auth_options WHERE auth_option IN ('f_', 'f_list', 'f_read', 'f_post', 'f_reply', 'f_edit', 'f_delete', 'f_vote', 'f_download', 'f_bbcode', 'f_smilies', 'f_img', 'f_flash', 'f_sigs', 'f_search', 'f_email', 'f_print', 'f_postcount', 'f_subscribe'); +INSERT INTO phpbb_auth_groups (group_id, forum_id, auth_option_id, auth_setting) SELECT 4, 2, auth_option_id, 1 FROM phpbb_auth_options WHERE auth_option IN ('f_', 'f_list', 'f_read', 'f_post', 'f_reply', 'f_edit', 'f_delete', 'f_vote', 'f_votechg', 'f_download', 'f_bbcode', 'f_smilies', 'f_img', 'f_flash', 'f_sigs', 'f_search', 'f_email', 'f_print', 'f_postcount', 'f_report', 'f_subscribe'); INSERT INTO phpbb_auth_groups (group_id, forum_id, auth_option_id, auth_setting) SELECT 5, 0, auth_option_id, 1 FROM phpbb_auth_options WHERE auth_option LIKE 'u_%' AND auth_option NOT IN ('u_chgcensors', 'u_chggrp', 'u_viewonline', 'u_chgname'); -INSERT INTO phpbb_auth_groups (group_id, forum_id, auth_option_id, auth_setting) SELECT 5, 1, auth_option_id, 1 FROM phpbb_auth_options WHERE auth_option IN ('f_', 'f_list', 'f_read', 'f_post', 'f_reply', 'f_quote', 'f_edit', 'f_delete', 'f_vote', 'f_download', 'f_bbcode', 'f_smilies', 'f_img', 'f_flash', 'f_sigs', 'f_search', 'f_email', 'f_print', 'f_postcount', 'f_subscribe'); -INSERT INTO phpbb_auth_groups (group_id, forum_id, auth_option_id, auth_setting) SELECT 5, 2, auth_option_id, 1 FROM phpbb_auth_options WHERE auth_option IN ('f_', 'f_list', 'f_read', 'f_post', 'f_reply', 'f_quote', 'f_edit', 'f_delete', 'f_vote', 'f_votechg', 'f_download', 'f_bbcode', 'f_smilies', 'f_img', 'f_flash', 'f_sigs', 'f_search', 'f_email', 'f_print', 'f_postcount', 'f_report', 'f_subscribe'); +INSERT INTO phpbb_auth_groups (group_id, forum_id, auth_option_id, auth_setting) SELECT 5, 1, auth_option_id, 1 FROM phpbb_auth_options WHERE auth_option IN ('f_', 'f_list', 'f_read', 'f_post', 'f_reply', 'f_edit', 'f_delete', 'f_vote', 'f_download', 'f_bbcode', 'f_smilies', 'f_img', 'f_flash', 'f_sigs', 'f_search', 'f_email', 'f_print', 'f_postcount', 'f_subscribe'); +INSERT INTO phpbb_auth_groups (group_id, forum_id, auth_option_id, auth_setting) SELECT 5, 2, auth_option_id, 1 FROM phpbb_auth_options WHERE auth_option IN ('f_', 'f_list', 'f_read', 'f_post', 'f_reply', 'f_edit', 'f_delete', 'f_vote', 'f_votechg', 'f_download', 'f_bbcode', 'f_smilies', 'f_img', 'f_flash', 'f_sigs', 'f_search', 'f_email', 'f_print', 'f_postcount', 'f_report', 'f_subscribe'); # GUESTS, INACTIVE, INACTIVE_COPPA group - basic rights -INSERT INTO phpbb_auth_groups (group_id, forum_id, auth_option_id, auth_setting) SELECT 1, 1, auth_option_id, 1 FROM phpbb_auth_options WHERE auth_option IN ('f_list', 'f_read', 'f_post', 'f_reply', 'f_quote', 'f_bbcode', 'f_search', 'f_print'); -INSERT INTO phpbb_auth_groups (group_id, forum_id, auth_option_id, auth_setting) SELECT 1, 2, auth_option_id, 1 FROM phpbb_auth_options WHERE auth_option IN ('f_list', 'f_read', 'f_post', 'f_reply', 'f_quote', 'f_bbcode', 'f_search', 'f_print'); -INSERT INTO phpbb_auth_groups (group_id, forum_id, auth_option_id, auth_setting) SELECT 2, 1, auth_option_id, 1 FROM phpbb_auth_options WHERE auth_option IN ('f_list', 'f_read', 'f_post', 'f_reply', 'f_quote', 'f_bbcode', 'f_search', 'f_print'); -INSERT INTO phpbb_auth_groups (group_id, forum_id, auth_option_id, auth_setting) SELECT 2, 2, auth_option_id, 1 FROM phpbb_auth_options WHERE auth_option IN ('f_list', 'f_read', 'f_post', 'f_reply', 'f_quote', 'f_bbcode', 'f_search', 'f_print'); -INSERT INTO phpbb_auth_groups (group_id, forum_id, auth_option_id, auth_setting) SELECT 3, 1, auth_option_id, 1 FROM phpbb_auth_options WHERE auth_option IN ('f_list', 'f_read', 'f_post', 'f_reply', 'f_quote', 'f_bbcode', 'f_search', 'f_print'); -INSERT INTO phpbb_auth_groups (group_id, forum_id, auth_option_id, auth_setting) SELECT 3, 2, auth_option_id, 1 FROM phpbb_auth_options WHERE auth_option IN ('f_list', 'f_read', 'f_post', 'f_reply', 'f_quote', 'f_bbcode', 'f_search', 'f_print'); +INSERT INTO phpbb_auth_groups (group_id, forum_id, auth_option_id, auth_setting) SELECT 1, 1, auth_option_id, 1 FROM phpbb_auth_options WHERE auth_option IN ('f_list', 'f_read', 'f_post', 'f_reply', 'f_bbcode', 'f_search', 'f_print'); +INSERT INTO phpbb_auth_groups (group_id, forum_id, auth_option_id, auth_setting) SELECT 1, 2, auth_option_id, 1 FROM phpbb_auth_options WHERE auth_option IN ('f_list', 'f_read', 'f_post', 'f_reply', 'f_bbcode', 'f_search', 'f_print'); +INSERT INTO phpbb_auth_groups (group_id, forum_id, auth_option_id, auth_setting) SELECT 2, 1, auth_option_id, 1 FROM phpbb_auth_options WHERE auth_option IN ('f_list', 'f_read', 'f_post', 'f_reply', 'f_bbcode', 'f_search', 'f_print'); +INSERT INTO phpbb_auth_groups (group_id, forum_id, auth_option_id, auth_setting) SELECT 2, 2, auth_option_id, 1 FROM phpbb_auth_options WHERE auth_option IN ('f_list', 'f_read', 'f_post', 'f_reply', 'f_bbcode', 'f_search', 'f_print'); +INSERT INTO phpbb_auth_groups (group_id, forum_id, auth_option_id, auth_setting) SELECT 3, 1, auth_option_id, 1 FROM phpbb_auth_options WHERE auth_option IN ('f_list', 'f_read', 'f_post', 'f_reply', 'f_bbcode', 'f_search', 'f_print'); +INSERT INTO phpbb_auth_groups (group_id, forum_id, auth_option_id, auth_setting) SELECT 3, 2, auth_option_id, 1 FROM phpbb_auth_options WHERE auth_option IN ('f_list', 'f_read', 'f_post', 'f_reply', 'f_bbcode', 'f_search', 'f_print'); # BOTS - read/view only INSERT INTO phpbb_auth_groups (group_id, forum_id, auth_option_id, auth_setting) SELECT 8, 1, auth_option_id, 1 FROM phpbb_auth_options WHERE auth_option IN ('f_list', 'f_read'); diff --git a/phpBB/install/schemas/sqlite_schema.sql b/phpBB/install/schemas/sqlite_schema.sql index 366e42305c..ea19be15f9 100644 --- a/phpBB/install/schemas/sqlite_schema.sql +++ b/phpBB/install/schemas/sqlite_schema.sql @@ -613,6 +613,7 @@ CREATE TABLE phpbb_sessions ( session_browser varchar(150) NOT NULL DEFAULT '', session_page varchar(200) NOT NULL DEFAULT '', session_viewonline tinyint(1) NOT NULL DEFAULT '1', + session_autologin tinyint(1) NOT NULL DEFAULT '0', session_admin tinyint(1) NOT NULL DEFAULT '0', PRIMARY KEY (session_id) ); diff --git a/phpBB/language/en/acp/permissions_phpbb.php b/phpBB/language/en/acp/permissions_phpbb.php index 0a5a3a5994..303ef97d1d 100644 --- a/phpBB/language/en/acp/permissions_phpbb.php +++ b/phpBB/language/en/acp/permissions_phpbb.php @@ -122,7 +122,6 @@ $lang = array_merge($lang, array( 'acl_f_announce' => array('lang' => 'Can post announcements', 'cat' => 'post'), 'acl_f_sticky' => array('lang' => 'Can post stickies', 'cat' => 'post'), 'acl_f_reply' => array('lang' => 'Can reply to posts', 'cat' => 'post'), - 'acl_f_quote' => array('lang' => 'Can quote posts', 'cat' => 'post'), 'acl_f_icons' => array('lang' => 'Can use post icons', 'cat' => 'post'), 'acl_f_poll' => array('lang' => 'Can create polls', 'cat' => 'polls'), @@ -141,7 +140,6 @@ $lang = array_merge($lang, array( 'acl_f_delete' => array('lang' => 'Can delete own posts', 'cat' => 'actions'), 'acl_f_user_lock' => array('lang' => 'Can lock own topics', 'cat' => 'actions'), 'acl_f_bump' => array('lang' => 'Can bump topics', 'cat' => 'actions'), - 'acl_f_rate' => array('lang' => 'Can rate posts', 'cat' => 'actions'), 'acl_f_report' => array('lang' => 'Can report posts', 'cat' => 'actions'), 'acl_f_subscribe' => array('lang' => 'Can subscribe forum', 'cat' => 'actions'), 'acl_f_print' => array('lang' => 'Can print topics', 'cat' => 'actions'), diff --git a/phpBB/language/en/common.php b/phpBB/language/en/common.php index 0a4be6edb3..1170e1b32d 100644 --- a/phpBB/language/en/common.php +++ b/phpBB/language/en/common.php @@ -71,6 +71,7 @@ $lang = array_merge($lang, array( 'AVATAR_PHP_SIZE_NA' => 'The avatar is too huge in filesize.
Could not determine the maximum size defined by PHP in php.ini.', 'AVATAR_PHP_SIZE_OVERRUN' => 'The avatar is too huge in filesize, maximum upload size is %d MB.
Please note this is set in php.ini and cannot be overriden.', 'AVATAR_URL_INVALID' => 'The URL you specified is invalid.', + 'AVATAR_URL_NOT_FOUND' => 'The file specified could not be found.', 'AVATAR_WRONG_FILESIZE' => 'The avatar must be between 0 and %1d %2s.', 'AVATAR_WRONG_SIZE' => 'The avatar must be at least %1$d pixels wide, %2$d pixels high and at most %3$d pixels wide and %4$d pixels high.', @@ -251,6 +252,8 @@ $lang = array_merge($lang, array( 'LOG_USER_WARNING' => 'Added user warning
»%s', 'LOG_USER_WARNING_BODY' => 'The following warning was issued to this user
»%s', + 'LOG_IP_BROWSER_CHECK' => 'Session IP/Browser check failed
»User IP "%s" checked against session IP "%s" and user browser string "%s" checked against session browser string "%s".', + 'MARK' => 'Mark', 'MARK_ALL' => 'Mark all', 'MARK_FORUMS_READ' => 'Mark Forums Read', @@ -260,6 +263,7 @@ $lang = array_merge($lang, array( 'MEMBERLIST_EXPLAIN' => 'View complete list of members', 'MERGE_TOPIC' => 'Merge Topic', 'MESSAGE' => 'Message', + 'MESSAGES' => 'Messages', 'MESSAGE_BODY' => 'Message body', 'MINUTES' => 'Minutes', 'MODERATE' => 'Moderate', @@ -469,6 +473,7 @@ $lang = array_merge($lang, array( 'USERGROUPS' => 'Groups', 'USERNAME' => 'Username', 'USERNAMES' => 'Usernames', + 'USER_CANNOT_READ' => 'You cannot read posts in this forum', 'USER_POST' => '%d Post', 'USER_POSTS' => '%d Posts', 'USERS' => 'Users', diff --git a/phpBB/language/en/posting.php b/phpBB/language/en/posting.php index bd801a7f58..dfa827fd8d 100644 --- a/phpBB/language/en/posting.php +++ b/phpBB/language/en/posting.php @@ -181,10 +181,10 @@ $lang = array_merge($lang, array( 'UNGLOBALISE_EXPLAIN' => 'To switch this topic back from being global to a normal topic, you need to select the forum you whish this topic to be displayed', 'UPDATE_COMMENT' => 'Update comment', 'URL_INVALID' => 'The URL you specified is invalid.', + 'URL_NOT_FOUND' => 'The file specified could not be found.', 'USER_CANNOT_BUMP' => 'You cannot bump topics in this forum', 'USER_CANNOT_DELETE' => 'You cannot delete posts in this forum', 'USER_CANNOT_EDIT' => 'You cannot edit posts in this forum', - 'USER_CANNOT_QUOTE' => 'You cannot quote posts in this forum', 'USER_CANNOT_REPLY' => 'You cannot reply in this forum', 'USERNAME_DISALLOWED' => 'The username you entered has been banned.', 'USERNAME_TAKEN' => 'The username you entered is already in use, please select an alternative.', diff --git a/phpBB/language/en/ucp.php b/phpBB/language/en/ucp.php index 6c1d41692e..c36e39042a 100644 --- a/phpBB/language/en/ucp.php +++ b/phpBB/language/en/ucp.php @@ -126,6 +126,7 @@ $lang = array_merge($lang, array( 'DEFAULT_NOTIFY' => 'Notify me upon replies by default', 'DEFAULT_SMILIES' => 'Enable smilies by default', 'DEFINED_RULES' => 'Defined Rules', + 'DELETED_TOPIC' => 'Topic has been removed', 'DELETE_ALL' => 'Delete all', 'DELETE_ATTACHMENT' => 'Delete Attachment', 'DELETE_ATTACHMENTS' => 'Delete Attachments', @@ -223,6 +224,7 @@ $lang = array_merge($lang, array( 'MESSAGES_DELETED' => 'Messages successfully deleted', 'MOVE_DELETED_MESSAGES_TO' => 'Move messages from removed folder to', 'MOVE_DOWN' => 'Move down', + 'MOVE_MARKED_TO_FOLDER' => 'Move marked to %s', 'MOVE_PM_ERROR' => 'An error occurred while moving the messages to the new folder, only %1d from %2d messages were moved.', 'MOVE_TO_FOLDER' => 'Move to Folder', 'MOVE_UP' => 'Move up', diff --git a/phpBB/mcp.php b/phpBB/mcp.php index 40cb78c0e4..c333573f70 100644 --- a/phpBB/mcp.php +++ b/phpBB/mcp.php @@ -33,7 +33,8 @@ $id = request_var('i', ''); if (isset($_REQUEST['mode']) && is_array($_REQUEST['mode'])) { - list($mode, ) = each(request_var('mode', array(''))); + $mode = request_var('mode', array('')); + list($mode, ) = each($mode); } else { diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index 0f67911fb9..c3818f179f 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -446,8 +446,8 @@ switch ($mode) trigger_error('FLOOD_EMAIL_LIMIT'); } - $name = strip_tags(request_var('name', '')); - $email = strip_tags(request_var('email', '')); + $name = request_var('name', ''); + $email = request_var('email', ''); $email_lang = request_var('lang', ''); $subject = request_var('subject', ''); $message = request_var('message', ''); diff --git a/phpBB/posting.php b/phpBB/posting.php index a77bd50426..121314da7e 100644 --- a/phpBB/posting.php +++ b/phpBB/posting.php @@ -285,17 +285,29 @@ else $notify_set = 0; } -if (!$auth->acl_get('f_' . $mode, $forum_id) && $forum_type == FORUM_POST) +// Check permissions +if ($forum_type != FORUM_POST && !$auth->acl_get('f_read', $forum_id)) { if ($user->data['is_registered']) { - trigger_error('USER_CANNOT_' . strtoupper($mode)); + trigger_error('USER_CANNOT_READ'); + } + + login_box('', $user->lang['LOGIN_EXPLAIN_POST']); +} + +$check_auth = ($mode == 'quote') ? 'reply' : $mode; + +if (!$auth->acl_get('f_' . $check_auth, $forum_id) && $forum_type == FORUM_POST) +{ + if ($user->data['is_registered']) + { + trigger_error('USER_CANNOT_' . strtoupper($check_auth)); } login_box('', $user->lang['LOGIN_EXPLAIN_' . strtoupper($mode)]); } - // Forum/Topic locked? if (($forum_status == ITEM_LOCKED || $topic_status == ITEM_LOCKED) && !$auth->acl_get('m_edit', $forum_id)) { @@ -402,7 +414,7 @@ $bbcode_status = ($config['allow_bbcode'] && $auth->acl_get('f_bbcode', $forum_i $smilies_status = ($config['allow_smilies'] && $auth->acl_get('f_smilies', $forum_id)); $img_status = ($auth->acl_get('f_img', $forum_id)); $flash_status = ($auth->acl_get('f_flash', $forum_id)); -$quote_status = ($auth->acl_get('f_quote', $forum_id)); +$quote_status = ($auth->acl_get('f_reply', $forum_id)); // Bump Topic if ($mode == 'bump' && ($bump_time = bump_topic_allowed($forum_id, $topic_bumped, $topic_last_post_time, $topic_poster, $topic_last_poster_id))) @@ -517,7 +529,7 @@ if ($submit || $preview || $refresh) $message_parser->message = request_var('message', '', true); $username = (isset($_POST['username'])) ? request_var('username', '') : $username; - $post_edit_reason = (isset($_POST['edit_reason']) && !empty($_POST['edit_reason']) && $mode == 'edit' && $user->data['user_id'] != $poster_id) ? request_var('edit_reason', '') : ''; + $post_edit_reason = (isset($_POST['edit_reason']) && !empty($_POST['edit_reason']) && $mode == 'edit' && $user->data['user_id'] != $poster_id) ? request_var('edit_reason', '', true) : ''; $topic_type = (isset($_POST['topic_type'])) ? (int) $_POST['topic_type'] : (($mode != 'post') ? $topic_type : POST_NORMAL); $topic_time_limit = (isset($_POST['topic_time_limit'])) ? (int) $_POST['topic_time_limit'] : (($mode != 'post') ? $topic_time_limit : 0); @@ -586,9 +598,9 @@ if ($submit || $preview || $refresh) } else { - $poll_title = request_var('poll_title', ''); + $poll_title = request_var('poll_title', '', true); $poll_length = request_var('poll_length', 0); - $poll_option_text = request_var('poll_option_text', ''); + $poll_option_text = request_var('poll_option_text', '', true); $poll_max_options = request_var('poll_max_options', 1); $poll_vote_change = ($auth->acl_get('f_votechg', $forum_id) && isset($_POST['poll_vote_change'])) ? 1 : 0; } diff --git a/phpBB/report.php b/phpBB/report.php index 9906cea7eb..61f1dd34d2 100644 --- a/phpBB/report.php +++ b/phpBB/report.php @@ -23,7 +23,7 @@ $user->setup('mcp'); $post_id = request_var('p', 0); $reason_id = request_var('reason_id', 0); -$report_text = request_var('report_text', ''); +$report_text = request_var('report_text', '', true); $user_notify = (isset($_POST['notify']) && $user->data['is_registered']) ? true : false; if (!$post_id) diff --git a/phpBB/styles/subSilver/template/confirm_body.html b/phpBB/styles/subSilver/template/confirm_body.html index d0e24f7062..3fd7f27992 100644 --- a/phpBB/styles/subSilver/template/confirm_body.html +++ b/phpBB/styles/subSilver/template/confirm_body.html @@ -1,7 +1,5 @@ - -
diff --git a/phpBB/styles/subSilver/template/faq_body.html b/phpBB/styles/subSilver/template/faq_body.html index ce4f129464..251123990f 100644 --- a/phpBB/styles/subSilver/template/faq_body.html +++ b/phpBB/styles/subSilver/template/faq_body.html @@ -1,6 +1,5 @@ -
diff --git a/phpBB/styles/subSilver/template/index_body.html b/phpBB/styles/subSilver/template/index_body.html index 6754e7c785..1c887edaa9 100644 --- a/phpBB/styles/subSilver/template/index_body.html +++ b/phpBB/styles/subSilver/template/index_body.html @@ -1,7 +1,5 @@ - -
diff --git a/phpBB/styles/subSilver/template/login_forum.html b/phpBB/styles/subSilver/template/login_forum.html index 3ba3a587ce..fa23bf4604 100644 --- a/phpBB/styles/subSilver/template/login_forum.html +++ b/phpBB/styles/subSilver/template/login_forum.html @@ -1,7 +1,5 @@ - -
diff --git a/phpBB/styles/subSilver/template/mcp_approve.html b/phpBB/styles/subSilver/template/mcp_approve.html index 0413114355..efb5f5bcc6 100644 --- a/phpBB/styles/subSilver/template/mcp_approve.html +++ b/phpBB/styles/subSilver/template/mcp_approve.html @@ -1,5 +1,4 @@ -
diff --git a/phpBB/styles/subSilver/template/mcp_ban.html b/phpBB/styles/subSilver/template/mcp_ban.html index d8dea4e1e4..62b45e90dd 100644 --- a/phpBB/styles/subSilver/template/mcp_ban.html +++ b/phpBB/styles/subSilver/template/mcp_ban.html @@ -1,7 +1,5 @@ - - -
- - - -
- {L_UNREAD_MESSAGES}{FOLDER_STATUS} - {L_PM_INBOX}{L_PM_INBOX} | {L_PM_OUTBOX}{L_PM_OUTBOX} | {L_PM_SENTBOX}{L_PM_SENTBOX} | {L_CREATE_FOLDER}
- - - +
+ + +
- - + + - +
+ + +
+ + - - + -
 {PAGE_NUMBER}
 [ {TOTAL_MESSAGES} ] {L_GOTO_PAGE} {L_PREVIOUS}  {PAGINATION}  {L_NEXT} [ {FOLDER_CUR_MESSAGES}/{FOLDER_MAX_MESSAGES} {L_MESSAGES} ({FOLDER_PERCENT}%) ] 
- - - - {L_VIEW_PREVIOUS_HISTORY} | {L_VIEW_NEXT_HISTORY} | {L_VIEW_PREVIOUS_PM} | {L_VIEW_NEXT_PM}  - - - 		-   -
+ + + + + + {L_VIEW_PREVIOUS_HISTORY} | {L_VIEW_NEXT_HISTORY} | + {L_VIEW_PREVIOUS_PM} | {L_VIEW_NEXT_PM}  + + + 		{L_GOTO_PAGE} {L_PREVIOUS}  {PAGINATION}  {L_NEXT}
+
- diff --git a/phpBB/styles/subSilver/template/ucp_pm_options.html b/phpBB/styles/subSilver/template/ucp_pm_options.html index 11926cc234..cdc01eb818 100644 --- a/phpBB/styles/subSilver/template/ucp_pm_options.html +++ b/phpBB/styles/subSilver/template/ucp_pm_options.html @@ -1,7 +1,5 @@ - - diff --git a/phpBB/styles/subSilver/template/ucp_pm_viewfolder.html b/phpBB/styles/subSilver/template/ucp_pm_viewfolder.html index b2e6468f5b..603f9f821e 100644 --- a/phpBB/styles/subSilver/template/ucp_pm_viewfolder.html +++ b/phpBB/styles/subSilver/template/ucp_pm_viewfolder.html @@ -1,24 +1,21 @@ - -
- +
- - - - - + + +
+ -
+
@@ -33,22 +30,20 @@ -
{L_OPTIONS}
  
+ + + - - - - - - + +
{NOT_MOVED_MESSAGES}
{RELEASE_MESSAGE_INFO}
+ + + + + - - - - - - + @@ -61,11 +56,11 @@ + - - - @@ -86,25 +78,26 @@ - -
{NOT_MOVED_MESSAGES}
{RELEASE_MESSAGE_INFO}
 {L_SUBJECT}  {L_RECIPIENTS}{L_AUTHOR}  {L_FOLDER}  {L_RECIPIENTS}{L_AUTHOR}  {L_RECIPIENTS}{L_AUTHOR}   {L_SENT_AT}   {L_MARK} 
-   +   {messagerow.PM_IMG}  -

+ {messagerow.ATTACH_ICON_IMG} {L_MESSAGE_REMOVED_FROM_OUTBOX}
@@ -73,11 +68,8 @@ {messagerow.SUBJECT} -

{messagerow.RECIPIENTS}{messagerow.MESSAGE_AUTHOR}

{messagerow.FOLDER}{L_UNKNOWN_FOLDER}

{messagerow.SENT_TIME}

{L_NO_MESSAGES}
+ + + - - - - + + +
{L_DISPLAY_MESSAGES}: {S_SELECT_SORT_DAYS} {L_SORT_BY} {S_SELECT_SORT_KEY} {S_SELECT_SORT_DIR}   
+ +
 
+
  
+ +
- -

 
- -
diff --git a/phpBB/styles/subSilver/template/ucp_pm_viewmessage.html b/phpBB/styles/subSilver/template/ucp_pm_viewmessage.html index 0e3cd78e4f..ec6c453459 100644 --- a/phpBB/styles/subSilver/template/ucp_pm_viewmessage.html +++ b/phpBB/styles/subSilver/template/ucp_pm_viewmessage.html @@ -1,7 +1,5 @@ - -
diff --git a/phpBB/styles/subSilver/template/ucp_prefs_personal.html b/phpBB/styles/subSilver/template/ucp_prefs_personal.html index 6ba799fb8e..595d978f6f 100644 --- a/phpBB/styles/subSilver/template/ucp_prefs_personal.html +++ b/phpBB/styles/subSilver/template/ucp_prefs_personal.html @@ -1,7 +1,5 @@ - -