mirror of
https://github.com/phpbb/phpbb.git
synced 2025-06-28 14:18:52 +00:00
fix resource id error. ;)
request_var updates attachment updates/fixes fix bbcode uid Redirect to login upon emailed notification links (viewtopic and viewforum are not committed yet) git-svn-id: file:///svn/phpbb/trunk@4539 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen
parent
a69762f024
commit
4da761be39
1 changed files with 68 additions and 39 deletions
|
|
@ -26,11 +26,11 @@ $auth->acl($user->data);
|
||||||
|
|
||||||
|
|
||||||
// Grab only parameters needed here
|
// Grab only parameters needed here
|
||||||
$mode = (!empty($_REQUEST['mode'])) ? strval($_REQUEST['mode']) : '';
|
$mode = request_var('mode', '');
|
||||||
$post_id = (!empty($_REQUEST['p'])) ? intval($_REQUEST['p']) : FALSE;
|
$post_id = request_var('p', 0);
|
||||||
$topic_id = (!empty($_REQUEST['t'])) ? intval($_REQUEST['t']) : FALSE;
|
$topic_id = request_var('t', 0);
|
||||||
$forum_id = (!empty($_REQUEST['f'])) ? intval($_REQUEST['f']) : FALSE;
|
$forum_id = request_var('f', 0);
|
||||||
$lastclick = (isset($_POST['lastclick'])) ? intval($_POST['lastclick']) : 0;
|
$lastclick = request_var('lastclick', 0);
|
||||||
|
|
||||||
$submit = (isset($_POST['post'])) ? TRUE : FALSE;
|
$submit = (isset($_POST['post'])) ? TRUE : FALSE;
|
||||||
$preview = (isset($_POST['preview'])) ? TRUE : FALSE;
|
$preview = (isset($_POST['preview'])) ? TRUE : FALSE;
|
||||||
|
|
@ -161,17 +161,29 @@ if ($sql != '')
|
||||||
$message_parser = new parse_message(0); // <- TODO: add constant (MSG_POST/MSG_PM)
|
$message_parser = new parse_message(0); // <- TODO: add constant (MSG_POST/MSG_PM)
|
||||||
|
|
||||||
|
|
||||||
$message_parser->filename_data['filecomment'] = (isset($_POST['filecomment'])) ? prepare_data($_POST['filecomment']) : '';
|
$message_parser->filename_data['filecomment'] = request_var('filecomment', '');
|
||||||
$message_parser->filename_data['filename'] = ($_FILES['fileupload']['name'] != 'none') ? trim($_FILES['fileupload']['name']) : '';
|
$message_parser->filename_data['filename'] = ($_FILES['fileupload']['name'] != 'none') ? trim($_FILES['fileupload']['name']) : '';
|
||||||
|
|
||||||
// Get Attachment Data
|
// Get Attachment Data
|
||||||
$message_parser->attachment_data = (isset($_POST['attachment_data'])) ? $_POST['attachment_data'] : array();
|
$message_parser->attachment_data = (isset($_POST['attachment_data'])) ? $_POST['attachment_data'] : array();
|
||||||
|
|
||||||
//
|
//
|
||||||
foreach ($message_parser->attachment_data as $pos => $var)
|
foreach ($message_parser->attachment_data as $pos => $var_ary)
|
||||||
{
|
{
|
||||||
|
prepare_data($message_parser->attachment_data[$pos]['physical_filename'], TRUE);
|
||||||
prepare_data($message_parser->attachment_data[$pos]['comment'], TRUE);
|
prepare_data($message_parser->attachment_data[$pos]['comment'], TRUE);
|
||||||
|
prepare_data($message_parser->attachment_data[$pos]['real_filename'], TRUE);
|
||||||
|
prepare_data($message_parser->attachment_data[$pos]['extension'], TRUE);
|
||||||
|
prepare_data($message_parser->attachment_data[$pos]['mimetype'], TRUE);
|
||||||
|
$message_parser->attachment_data[$pos]['filesize'] = (int) $message_parser->attachment_data[$pos]['filesize'];
|
||||||
|
$message_parser->attachment_data[$pos]['filetime'] = (int) $message_parser->attachment_data[$pos]['filetime'];
|
||||||
|
$message_parser->attachment_data[$pos]['attach_id'] = (int) $message_parser->attachment_data[$pos]['attach_id'];
|
||||||
|
$message_parser->attachment_data[$pos]['thumbnail'] = (int) $message_parser->attachment_data[$pos]['thumbnail'];
|
||||||
}
|
}
|
||||||
|
echo ";<pre>";
|
||||||
|
print_r($message_parser->attachment_data);
|
||||||
|
echo "</pre>;";
|
||||||
|
|
||||||
|
|
||||||
if ($post_attachment && !$submit && !$refresh && !$preview && $mode == 'edit')
|
if ($post_attachment && !$submit && !$refresh && !$preview && $mode == 'edit')
|
||||||
{
|
{
|
||||||
|
|
@ -371,18 +383,21 @@ $quote_status = ($config['allow_quote'] && $auth->acl_get('f_quote', $forum_id))
|
||||||
// Save Draft
|
// Save Draft
|
||||||
if (($save || isset($_POST['draft_save'])) && $user->data['user_id'] != ANONYMOUS && $auth->acl_get('u_savedrafts'))
|
if (($save || isset($_POST['draft_save'])) && $user->data['user_id'] != ANONYMOUS && $auth->acl_get('u_savedrafts'))
|
||||||
{
|
{
|
||||||
if (isset($_POST['draft_title_update']) && intval($_POST['draft_id']) && trim($_POST['draft_title']) != '')
|
$draft_id = request_var('draft_id', 0);
|
||||||
|
$draft_title = request_var('draft_title', '');
|
||||||
|
|
||||||
|
if (isset($_POST['draft_title_update']) && $draft_id && $draft_title != '')
|
||||||
{
|
{
|
||||||
$sql = 'UPDATE ' . DRAFTS_TABLE . "
|
$sql = 'UPDATE ' . DRAFTS_TABLE . "
|
||||||
SET title = '" . $db->sql_escape(prepare_data($_POST['draft_title'])) . "'
|
SET title = '" . $db->sql_escape($draft_title) . "'
|
||||||
WHERE draft_id = " . intval($_POST['draft_id']) . "
|
WHERE draft_id = $draft_id
|
||||||
AND user_id = " . $user->data['user_id'];
|
AND user_id = " . $user->data['user_id'];
|
||||||
$db->sql_query($sql);
|
$db->sql_query($sql);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
$subject = (!empty($_POST['subject'])) ? prepare_data($_POST['subject']) : '';
|
$subject = request_var('subject', '');
|
||||||
$message = (!empty($_POST['message'])) ? prepare_data($_POST['message']) : '';
|
$message = request_var('message', '');
|
||||||
|
|
||||||
if ($message != '')
|
if ($message != '')
|
||||||
{
|
{
|
||||||
|
|
@ -407,24 +422,27 @@ if (($save || isset($_POST['draft_save'])) && $user->data['user_id'] != ANONYMOU
|
||||||
unset($subject);
|
unset($subject);
|
||||||
unset($message);
|
unset($message);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
unset($draft_id);
|
||||||
|
unset($draft_title);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
if ($submit || $preview || $refresh)
|
if ($submit || $preview || $refresh)
|
||||||
{
|
{
|
||||||
$topic_cur_post_id = (isset($_POST['topic_cur_post_id'])) ? intval($_POST['topic_cur_post_id']) : FALSE;
|
$topic_cur_post_id = request_var('topic_cur_post_id', 0);
|
||||||
$subject = (!empty($_POST['subject'])) ? prepare_data($_POST['subject']) : '';
|
$subject = request_var('subject', '');
|
||||||
|
|
||||||
if (strcmp($subject, strtoupper($subject)) == 0 && $subject != '')
|
if (strcmp($subject, strtoupper($subject)) == 0 && $subject != '')
|
||||||
{
|
{
|
||||||
$subject = phpbb_strtolower($subject);
|
$subject = phpbb_strtolower($subject);
|
||||||
}
|
}
|
||||||
|
|
||||||
$message_parser->message = (!empty($_POST['message'])) ? prepare_data($_POST['message']) : '';
|
$message_parser->message = request_var('message', '');
|
||||||
|
|
||||||
$username = (!empty($_POST['username'])) ? htmlspecialchars($_POST['username']) : ((!empty($username)) ? $username : '');
|
$username = (!empty($_POST['username'])) ? request_var('username', '') : ((!empty($username)) ? $username : '');
|
||||||
$topic_type = (isset($_POST['topic_type'])) ? (int) $_POST['topic_type'] : (($mode != 'post') ? $topic_type : POST_NORMAL);
|
$topic_type = (isset($_POST['topic_type'])) ? (int) $_POST['topic_type'] : (($mode != 'post') ? $topic_type : POST_NORMAL);
|
||||||
$icon_id = (!empty($_POST['icon'])) ? (int) $_POST['icon'] : 0;
|
$icon_id = request_var('icon', 0);
|
||||||
|
|
||||||
$enable_html = (!$html_status || !empty($_POST['disable_html'])) ? FALSE : TRUE;
|
$enable_html = (!$html_status || !empty($_POST['disable_html'])) ? FALSE : TRUE;
|
||||||
$enable_bbcode = (!$bbcode_status || !empty($_POST['disable_bbcode'])) ? FALSE : TRUE;
|
$enable_bbcode = (!$bbcode_status || !empty($_POST['disable_bbcode'])) ? FALSE : TRUE;
|
||||||
|
|
@ -472,10 +490,10 @@ if ($submit || $preview || $refresh)
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
$poll_title = (!empty($_POST['poll_title'])) ? prepare_data($_POST['poll_title']) : '';
|
$poll_title = request_var('poll_title', '');
|
||||||
$poll_length = (!empty($_POST['poll_length'])) ? (int) $_POST['poll_length'] : 0;
|
$poll_length = request_var('poll_length', 0);
|
||||||
$poll_option_text = (!empty($_POST['poll_option_text'])) ? prepare_data($_POST['poll_option_text']) : '';
|
$poll_option_text = request_var('poll_option_text', '');
|
||||||
$poll_max_options = (!empty($_POST['poll_max_options'])) ? (int) $_POST['poll_max_options'] : 1;
|
$poll_max_options = request_var('poll_max_options', 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -653,7 +671,7 @@ if ($submit || $preview || $refresh)
|
||||||
|
|
||||||
if ($row && (int)$row['forum_id'] == 0 && $row['topic_type'] == POST_GLOBAL)
|
if ($row && (int)$row['forum_id'] == 0 && $row['topic_type'] == POST_GLOBAL)
|
||||||
{
|
{
|
||||||
$to_forum_id = (!empty($_REQUEST['to_forum_id'])) ? (int) $_REQUEST['to_forum_id'] : 0;
|
$to_forum_id = request_var('to_forum_id', 0);
|
||||||
|
|
||||||
if (!$to_forum_id)
|
if (!$to_forum_id)
|
||||||
{
|
{
|
||||||
|
|
@ -791,7 +809,7 @@ if (!sizeof($error) && $preview)
|
||||||
|
|
||||||
|
|
||||||
// Decode text for message display
|
// Decode text for message display
|
||||||
$bbcode_uid = ($mode == 'quote' && !$preview) ? $bbcode_uid : $message_parser->bbcode_uid;
|
$bbcode_uid = ($mode == 'quote' && !$preview && !$refresh && !sizeof($error)) ? $bbcode_uid : $message_parser->bbcode_uid;
|
||||||
|
|
||||||
decode_text($post_text, $bbcode_uid);
|
decode_text($post_text, $bbcode_uid);
|
||||||
if ($subject)
|
if ($subject)
|
||||||
|
|
@ -1055,7 +1073,7 @@ if ($auth->acl_get('f_attach', $forum_id) && $config['allow_attachments'] && $fo
|
||||||
$hidden .= '<input type="hidden" name="attachment_data[' . $count . '][' . $key . ']" value="' . $value . '" />';
|
$hidden .= '<input type="hidden" name="attachment_data[' . $count . '][' . $key . ']" value="' . $value . '" />';
|
||||||
}
|
}
|
||||||
|
|
||||||
$download_link = ($attach_row['attach_id'] == '-1') ? $config['upload_dir'] . '/' . $attach_row['physical_filename'] : $phpbb_root_path . "download.$phpEx$SID&id=" . intval($attach_row['attach_id']);
|
$download_link = (!$attach_row['attach_id']) ? $config['upload_dir'] . '/' . $attach_row['physical_filename'] : $phpbb_root_path . "download.$phpEx$SID&id=" . intval($attach_row['attach_id']);
|
||||||
|
|
||||||
$template->assign_block_vars('attach_row', array(
|
$template->assign_block_vars('attach_row', array(
|
||||||
'FILENAME' => $attach_row['real_filename'],
|
'FILENAME' => $attach_row['real_filename'],
|
||||||
|
|
@ -1121,7 +1139,7 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
|
||||||
obtain_word_list($censors);
|
obtain_word_list($censors);
|
||||||
}
|
}
|
||||||
|
|
||||||
$topic_title = ($topic_notification) ? $tpüoc_title : $subject;
|
$topic_title = ($topic_notification) ? $topic_title : $subject;
|
||||||
decode_text($topic_title);
|
decode_text($topic_title);
|
||||||
$topic_title = (sizeof($censors['match'])) ? preg_replace($censors['match'], $censors['replace'], $topic_title) : $topic_title;
|
$topic_title = (sizeof($censors['match'])) ? preg_replace($censors['match'], $censors['replace'], $topic_title) : $topic_title;
|
||||||
|
|
||||||
|
|
@ -1149,7 +1167,7 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
|
||||||
AND w.user_id NOT IN ($sql_ignore_users)
|
AND w.user_id NOT IN ($sql_ignore_users)
|
||||||
AND w.notify_status = 0
|
AND w.notify_status = 0
|
||||||
AND u.user_id = w.user_id";
|
AND u.user_id = w.user_id";
|
||||||
$result = $db->sql_query($result);
|
$result = $db->sql_query($sql);
|
||||||
|
|
||||||
while ($row = $db->sql_fetchrow($result))
|
while ($row = $db->sql_fetchrow($result))
|
||||||
{
|
{
|
||||||
|
|
@ -1285,9 +1303,9 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
|
||||||
'TOPIC_TITLE' => trim($topic_title),
|
'TOPIC_TITLE' => trim($topic_title),
|
||||||
'FORUM_NAME' => trim($forum_name),
|
'FORUM_NAME' => trim($forum_name),
|
||||||
|
|
||||||
'U_NEWEST_POST' => generate_board_url() . '/viewtopic.'.$phpEx . '?t=' . $topic_id . '&p=' . $post_id . '#' . $post_id,
|
'U_NEWEST_POST' => generate_board_url() . '/viewtopic.'.$phpEx . '?e=1&t=' . $topic_id . '&p=' . $post_id . '#' . $post_id,
|
||||||
'U_TOPIC' => generate_board_url() . '/viewtopic.'.$phpEx . '?t=' . $topic_id,
|
'U_TOPIC' => generate_board_url() . '/viewtopic.'.$phpEx . '?e=1&t=' . $topic_id,
|
||||||
'U_FORUM' => generate_board_url() . '/viewforum.'.$phpEx . '?f=' . $forum_id,
|
'U_FORUM' => generate_board_url() . '/viewforum.'.$phpEx . '?e=1&f=' . $forum_id,
|
||||||
'U_STOP_WATCHING_TOPIC' => generate_board_url() . '/viewtopic.'.$phpEx . '?t=' . $topic_id . '&unwatch=topic',
|
'U_STOP_WATCHING_TOPIC' => generate_board_url() . '/viewtopic.'.$phpEx . '?t=' . $topic_id . '&unwatch=topic',
|
||||||
'U_STOP_WATCHING_FORUM' => generate_board_url() . '/viewforum.'.$phpEx . '?f=' . $forum_id . '&unwatch=forum')
|
'U_STOP_WATCHING_FORUM' => generate_board_url() . '/viewforum.'.$phpEx . '?f=' . $forum_id . '&unwatch=forum')
|
||||||
);
|
);
|
||||||
|
|
@ -1301,6 +1319,8 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
|
||||||
$emailer->mail_queue->save();
|
$emailer->mail_queue->save();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$db->sql_transaction();
|
||||||
|
|
||||||
// Now delete the user_ids not authorized to receive notifications on this topic/forum
|
// Now delete the user_ids not authorized to receive notifications on this topic/forum
|
||||||
if (sizeof($delete_ids['topic']))
|
if (sizeof($delete_ids['topic']))
|
||||||
{
|
{
|
||||||
|
|
@ -1336,6 +1356,9 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
|
||||||
AND user_id IN (" . implode(', ', $update_notification['forum']) . ")";
|
AND user_id IN (" . implode(', ', $update_notification['forum']) . ")";
|
||||||
$db->sql_query($sql);
|
$db->sql_query($sql);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$db->sql_transaction('commit');
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Topic Review
|
// Topic Review
|
||||||
|
|
@ -1622,7 +1645,7 @@ function delete_post($mode, $post_id, $topic_id, $forum_id, $data)
|
||||||
WHERE user_id = ' . $data['poster_id'];
|
WHERE user_id = ' . $data['poster_id'];
|
||||||
$db->sql_query($sql);
|
$db->sql_query($sql);
|
||||||
}
|
}
|
||||||
|
/*
|
||||||
if (sizeof($parent_sql))
|
if (sizeof($parent_sql))
|
||||||
{
|
{
|
||||||
foreach ($parent_sql as $sql)
|
foreach ($parent_sql as $sql)
|
||||||
|
|
@ -1630,7 +1653,7 @@ function delete_post($mode, $post_id, $topic_id, $forum_id, $data)
|
||||||
$db->sql_query($sql);
|
$db->sql_query($sql);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
*/
|
||||||
$db->sql_transaction('commit');
|
$db->sql_transaction('commit');
|
||||||
|
|
||||||
return $next_post_id;
|
return $next_post_id;
|
||||||
|
|
@ -1949,11 +1972,11 @@ function submit_post($mode, $message, $subject, $username, $topic_type, $bbcode_
|
||||||
}
|
}
|
||||||
|
|
||||||
// Submit Attachments
|
// Submit Attachments
|
||||||
if (count($attach_data) && !empty($data['post_id']) && ($mode == 'post' || $mode == 'reply' || $mode == 'edit'))
|
if (count($attach_data) && !empty($data['post_id']) && in_array($mode, array('post', 'reply', 'quote', 'edit')))
|
||||||
{
|
{
|
||||||
foreach ($attach_data as $attach_row)
|
foreach ($attach_data as $attach_row)
|
||||||
{
|
{
|
||||||
if ($attach_row['attach_id'] != '-1')
|
if ($attach_row['attach_id'])
|
||||||
{
|
{
|
||||||
// update entry in db if attachment already stored in db and filespace
|
// update entry in db if attachment already stored in db and filespace
|
||||||
$sql = 'UPDATE ' . ATTACHMENTS_DESC_TABLE . "
|
$sql = 'UPDATE ' . ATTACHMENTS_DESC_TABLE . "
|
||||||
|
|
@ -2131,16 +2154,22 @@ function submit_post($mode, $message, $subject, $username, $topic_type, $bbcode_
|
||||||
trigger_error($message);
|
trigger_error($message);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
function prepare_data(&$variable, $change = FALSE)
|
function prepare_data(&$variable, $change = FALSE)
|
||||||
{
|
{
|
||||||
if (!$change)
|
if (!$change)
|
||||||
{
|
{
|
||||||
return htmlspecialchars(trim(str_replace(array('\\\'', '\\"', '\\0', '\\\\'), array('\'', '"', '\0', '\\'), $variable)));
|
// return htmlspecialchars(trim(str_replace(array('\\\'', '\\"', '\\0', '\\\\'), array('\'', '"', '\0', '\\'), $variable)));
|
||||||
|
return htmlspecialchars(trim(stripslashes(preg_replace(array("#[ \xFF]{2,}#s", "#[\r\n]{2,}#s"), array(' ', "\n"), $variable))));
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$variable = htmlspecialchars(trim(str_replace(array('\\\'', '\\"', '\\0', '\\\\'), array('\'', '"', '\0', '\\'), $variable)));
|
// $variable = htmlspecialchars(trim(str_replace(array('\\\'', '\\"', '\\0', '\\\\'), array('\'', '"', '\0', '\\'), $variable)));
|
||||||
|
$variable = htmlspecialchars(trim(stripslashes(preg_replace(array("#[ \xFF]{2,}#s", "#[\r\n]{2,}#s"), array(' ', "\n"), $variable))));
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
//
|
//
|
||||||
// FUNCTIONS
|
// FUNCTIONS
|
||||||
// ---------
|
// ---------
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue