diff --git a/phpBB/common.php b/phpBB/common.php index 6f725f0132..5c4db5e658 100644 --- a/phpBB/common.php +++ b/phpBB/common.php @@ -22,6 +22,35 @@ * ***************************************************************************/ +error_reporting (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables +set_magic_quotes_runtime(0); // Disable magic_quotes_runtime + +// +// addslashes to vars if magic_quotes_gpc is off +// this is a security precaution to prevent someone +// trying to break out of a SQL statement. +// +if( !get_magic_quotes_gpc() ) +{ + @reset($HTTP_GET_VARS); + while( list($k, $v) = each($HTTP_GET_VARS) ) + { + $HTTP_GET_VARS[$k] = addslashes($v); + } + + @reset($HTTP_POST_VARS); + while( list($k, $v) = each($HTTP_POST_VARS) ) + { + $HTTP_POST_VARS[$k] = addslashes($v); + } + + @reset($HTTP_COOKIE_VARS); + while( list($k, $v) = each($HTTP_COOKIE_VARS) ) + { + $HTTP_COOKIE_VARS[$k] = addslashes($v); + } +} + // // Define some basic configuration arrays this also prevents // malicious rewriting of language and otherarray values via @@ -93,6 +122,7 @@ else $board_config['board_startdate'] = $config['board_startdate']; $board_config['sitename'] = stripslashes($config['sitename']); $board_config['allow_html'] = $config['allow_html']; + $board_config['allow_html_tags'] = split(",", $config['allow_html_tags']); $board_config['allow_bbcode'] = $config['allow_bbcode']; $board_config['allow_smilies'] = $config['allow_smilies']; $board_config['allow_sig'] = $config['allow_sig']; @@ -115,21 +145,22 @@ else $board_config['flood_interval'] = $config['flood_interval']; $board_config['session_length'] = $config['session_length']; // $board_config['session_max'] = $config['session_max']; - $board_config['cookie_name'] = $config['cookie_name']; - $board_config['cookie_path'] = $config['cookie_path']; - $board_config['cookie_domain'] = $config['cookie_domain']; + $board_config['cookie_name'] = stripslashes($config['cookie_name']); + $board_config['cookie_path'] = stripslashes($config['cookie_path']); + $board_config['cookie_domain'] = stripslashes($config['cookie_domain']); $board_config['cookie_secure'] = $config['cookie_secure']; $board_config['avatar_filesize'] = $config['avatar_filesize']; $board_config['avatar_max_width'] = $config['avatar_max_width']; $board_config['avatar_max_height'] = $config['avatar_max_height']; - $board_config['avatar_path'] = $config['avatar_path']; + $board_config['avatar_path'] = stripslashes($config['avatar_path']); + $board_config['smilies_path'] = stripslashes($config['smilies_path']); $board_config['prune_enable'] = $config['prune_enable']; $board_config['gzip_compress'] = $config['gzip_compress']; $board_config['smtp_delivery'] = $config['smtp_delivery']; - $board_config['smtp_host'] = $config['smtp_host']; + $board_config['smtp_host'] = stripslashes($config['smtp_host']); } -if($board_config['board_disable']) +if($board_config['board_disable'] && !defined("IN_ADMIN")) { include($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '.'.$phpEx); diff --git a/phpBB/posting.php b/phpBB/posting.php index e0ca2d55d9..5d7dbfbbff 100644 --- a/phpBB/posting.php +++ b/phpBB/posting.php @@ -344,8 +344,8 @@ if( ( isset($HTTP_POST_VARS['submit']) || $preview ) && $topic_status == TOPIC_U // if(isset($HTTP_POST_VARS['username'])) { - $username = trim(strip_tags(htmlspecialchars(stripslashes($HTTP_POST_VARS['username'])))); - if(!validate_username($username)) + $username = trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['username']))); + if(!validate_username(stripslashes($username))) { $error = TRUE; if(!empty($error_msg)) @@ -360,7 +360,7 @@ if( ( isset($HTTP_POST_VARS['submit']) || $preview ) && $topic_status == TOPIC_U $username = ""; } - $subject = trim(strip_tags(htmlspecialchars(stripslashes($HTTP_POST_VARS['subject'])))); + $subject = trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['subject']))); if($mode == 'newtopic' && empty($subject)) { $error = TRUE; @@ -371,29 +371,16 @@ if( ( isset($HTTP_POST_VARS['submit']) || $preview ) && $topic_status == TOPIC_U $error_msg .= $lang['Empty_subject']; } - // - // You can't make it both an annoumcement and a stick topic - // - if($annouce && $sticky) - { - $error = TRUE; - if(!empty($error_msg)) - { - $error_msg .= "
"; - } - $error_msg .= $lang['Annouce_and_sticky']; - } - if(!empty($HTTP_POST_VARS['message'])) { if(!$error && !$preview) { - $smile_on = ($disable_smilies) ? FALSE : TRUE; - $html_on = ($disable_html) ? FALSE : TRUE; + $smile_on = ($disable_smilies || !$board_config['allow_smilies']) ? 0 : TRUE; + $html_on = ($disable_html || !$board_config['allow_html']) ? 0 : TRUE; - if($disable_bbcode) + if($disable_bbcode || !$board_config['allow_bbcode']) { - $bbcode_on = FALSE; + $bbcode_on = 0; } else { @@ -401,17 +388,20 @@ if( ( isset($HTTP_POST_VARS['submit']) || $preview ) && $topic_status == TOPIC_U $bbcode_on = TRUE; } + // + // prepare_message returns a bbcode parsed + // html parsed and slashed result ... + // $message = prepare_message(stripslashes($HTTP_POST_VARS['message']), $html_on, $bbcode_on, $smile_on, $bbcode_uid); if( $attach_sig ) { - $message .= (eregi(" $", $message)) ? "[addsig]" : " [addsig]"; + $message .= (ereg(" $", $message)) ? "[addsig]" : " [addsig]"; } } - else + else { - // do stripslashes incase magic_quotes is on. - $message = stripslashes($HTTP_POST_VARS['message']); + $message = stripslashes(trim($HTTP_POST_VARS['message'])); } } else @@ -445,6 +435,7 @@ if( ($mode == "newtopic" || $mode == "reply") && $topic_status == TOPIC_UNLOCKED else if($mode == "newtopic") { $topic_notify = ($HTTP_POST_VARS['notify']) ? 1 : 0; + $sql = "INSERT INTO " . TOPICS_TABLE . " (topic_title, topic_poster, topic_time, forum_id, topic_notify, topic_status, topic_type) VALUES ('$subject', " . $userdata['user_id'] . ", " . $topic_time . ", $forum_id, $topic_notify, " . TOPIC_UNLOCKED . ", $topic_type)"; @@ -460,9 +451,8 @@ if( ($mode == "newtopic" || $mode == "reply") && $topic_status == TOPIC_UNLOCKED if($mode == "reply" || ( $mode == "newtopic" && $result ) ) { - $enable_smiles = ($smile_on) ? 1 : 0; - $sql = "INSERT INTO " . POSTS_TABLE . " (topic_id, forum_id, poster_id, post_username, post_time, poster_ip, bbcode_uid, enable_smiles) - VALUES ($new_topic_id, $forum_id, " . $userdata['user_id'] . ", '$username', $topic_time, '$user_ip', '$bbcode_uid', $enable_smiles)"; + $sql = "INSERT INTO " . POSTS_TABLE . " (topic_id, forum_id, poster_id, post_username, post_time, poster_ip, bbcode_uid, enable_bbcode, enable_html, enable_smilies) + VALUES ($new_topic_id, $forum_id, " . $userdata['user_id'] . ", '$username', $topic_time, '$user_ip', '$bbcode_uid', $bbcode_on, $html_on, $smile_on)"; if($mode == "reply") { $result = $db->sql_query($sql, BEGIN_TRANSACTION); @@ -517,29 +507,44 @@ if( ($mode == "newtopic" || $mode == "reply") && $topic_status == TOPIC_UNLOCKED } else { + if(SQL_LAYER == "mysql") + { + } message_die(GENERAL_ERROR, "Error updating users table", "", __LINE__, __FILE__, $sql); } } else { + if(SQL_LAYER == "mysql") + { + } // Rollback ? message_die(GENERAL_ERROR, "Error updating forums table", "", __LINE__, __FILE__, $sql); } } else { + if(SQL_LAYER == "mysql") + { + } // Rollback ? message_die(GENERAL_ERROR, "Error updating topics table", "", __LINE__, __FILE__, $sql); } } else { + if(SQL_LAYER == "mysql") + { + } // Rollback ? message_die(GENERAL_ERROR, "Error inserting data into posts text table", "", __LINE__, __FILE__, $sql); } } else { + if(SQL_LAYER == "mysql") + { + } // Rollback ? message_die(GENERAL_ERROR, "Error inserting data into posts table", "", __LINE__, __FILE__, $sql); } @@ -575,9 +580,6 @@ else if($mode == "quote" && !$preview && $topic_status == TOPIC_UNLOCKED) // Removes UID from BBCode entries $message = preg_replace("/\:[0-9a-z\:]*?\]/si", "]", $message); - // This has not been implemented yet! - //$message = desmile($message); - $message = str_replace("
", "\n", $message); $message = undo_htmlspecialchars($message); @@ -637,7 +639,7 @@ else if( $mode == "editpost" && $topic_status == TOPIC_UNLOCKED ) !isset($HTTP_GET_VARS['confirm']) && !isset($HTTP_POST_VARS['confirm'])) { - $s_hidden_fields = ''; + $s_hidden_fields = ''; // // Output confirmation page @@ -691,6 +693,9 @@ else if( $mode == "editpost" && $topic_status == TOPIC_UNLOCKED ) } else { + if(SQL_LAYER == "mysql") + { + } // Rollback ? message_die(GENERAL_ERROR, "Error deleting from post table", "", __LINE__, __FILE__, $sql); } @@ -721,12 +726,18 @@ else if( $mode == "editpost" && $topic_status == TOPIC_UNLOCKED ) } else { + if(SQL_LAYER == "mysql") + { + } // Rollback ? message_die(GENERAL_ERROR, "Error obtaining new last topic id", "", __LINE__, __FILE__, $sql); } } else { + if(SQL_LAYER == "mysql") + { + } // Rollback ? message_die(GENERAL_ERROR, "Error deleting from post table", "", __LINE__, __FILE__, $sql); } @@ -792,6 +803,9 @@ else if( $mode == "editpost" && $topic_status == TOPIC_UNLOCKED ) } else { + if(SQL_LAYER == "mysql") + { + } // Rollback ? message_die(GENERAL_ERROR, "Error updating forums table", "", __LINE__, __FILE__, $sql); } @@ -802,12 +816,18 @@ else if( $mode == "editpost" && $topic_status == TOPIC_UNLOCKED ) // This error is produced by the last SQL query carried out // before we jumped into this common block // + if(SQL_LAYER == "mysql") + { + } // Rollback ? message_die(GENERAL_ERROR, $if_die_msg, "", __LINE__, __FILE__, $sql); } } else { + if(SQL_LAYER == "mysql") + { + } // Rollback ? message_die(GENERAL_ERROR, "Error deleting from posts text table", "", __LINE__, __FILE__, $sql); } @@ -831,9 +851,9 @@ else if( $mode == "editpost" && $topic_status == TOPIC_UNLOCKED ) { $edited_sql = ""; } - $enable_smiles = ($smile_on) ? 1 : 0; + $sql = "UPDATE " . POSTS_TABLE . " - SET bbcode_uid = '$bbcode_uid', enable_smiles=$enable_smiles" . $edited_sql . " + SET bbcode_uid = '$bbcode_uid', enable_bbcode = $bbcode_on, enable_html = $html_on, enable_smilies = $smile_on" . $edited_sql . " WHERE post_id = $post_id"; if($db->sql_query($sql, BEGIN_TRANSACTION)) @@ -864,9 +884,18 @@ else if( $mode == "editpost" && $topic_status == TOPIC_UNLOCKED ) } else { + if(SQL_LAYER == "mysql") + { + } message_die(GENERAL_ERROR, "Updating topics table", "", __LINE__, __FILE__, $sql); } } + else + { + if(SQL_LAYER == "mysql") + { + } + } } else { @@ -881,12 +910,18 @@ else if( $mode == "editpost" && $topic_status == TOPIC_UNLOCKED ) } else { + if(SQL_LAYER == "mysql") + { + } message_die(GENERAL_ERROR, "Error updating posts text table", "", __LINE__, __FILE__, $sql); } } } else { + if(SQL_LAYER == "mysql") + { + } message_die(GENERAL_ERROR, "Error updating posts text table", "", __LINE__, __FILE__, $sql); } } @@ -936,9 +971,6 @@ else if( $mode == "editpost" && $topic_status == TOPIC_UNLOCKED ) // Removes UID from BBCode entries $message = preg_replace("/\:[0-9a-z\:]*?\]/si", "]", $message); - // This has not been implemented yet! - //$message = desmile($message); - $message = str_replace("
", "\n", $message); $message = undo_htmlspecialchars($message); @@ -978,10 +1010,24 @@ else if( $mode == "editpost" && $topic_status == TOPIC_UNLOCKED ) // // Output page // +if($mode == "newtopic") +{ + $post_a = $lang['Post_a_new_topic']; +} +else if($mode == "reply") +{ + $post_a = $lang['Post_a_reply']; +} +else if($mode == "editpost") +{ + $post_a = $lang['Edit_Post']; +} + +$page_title = $post_a; include($phpbb_root_path . 'includes/page_header.'.$phpEx); // -// Start: Error handling +// Start Error handling // if($error) { @@ -994,12 +1040,12 @@ if($error) $template->pparse("reg_header"); } // -// End: error handling +// End error handling // if(empty($username)) { - $username = $userdata['username']; + $username = stripslashes($userdata['username']); } // @@ -1018,21 +1064,39 @@ if($preview && !$error) break; } - $bbcode_uid = make_bbcode_uid(); - $preview_message = prepare_message($message, TRUE, TRUE, TRUE, $bbcode_uid); - $preview_message = bbencode_second_pass($preview_message, $bbcode_uid); + $preview_smile_on = ($disable_smilies) ? FALSE : TRUE; + $preview_html_on = ($disable_html) ? FALSE : TRUE; + $preview_html_on = TRUE; + + if($disable_bbcode) + { + $preview_bbcode_on = FALSE; + } + else + { + $bbcode_uid = make_bbcode_uid(); + $preview_bbcode_on = TRUE; + } + + $preview_message = stripslashes(prepare_message($message, $preview_html_on, $preview_bbcode_on, $preview_smile_on, $bbcode_uid)); + if(!$disable_bbcode) + { + $preview_message = bbencode_second_pass($preview_message, $bbcode_uid); + } $preview_message = make_clickable($preview_message); + $preview_message = str_replace("\n", "
", $preview_message); $template->set_filenames(array( "preview" => "posting_preview.tpl") ); $template->assign_vars(array( - "TOPIC_TITLE" => $subject, - "POST_SUBJECT" => $subject, + "TOPIC_TITLE" => stripslashes($subject), + "POST_SUBJECT" => stripslashes($subject), "ROW_COLOR" => "#" . $theme['td_color1'], - "POSTER_NAME" => $username, + "ROW_CLASS" => $theme['td_class1'], + "POSTER_NAME" => stripslashes($username), "POST_DATE" => create_date($board_config['default_dateformat'], time(), $board_config['default_timezone']), - "MESSAGE" => stripslashes(nl2br($preview_message)), + "MESSAGE" => $preview_message, "L_PREVIEW" => $lang['Preview'], "L_POSTED" => $lang['Posted']) @@ -1061,38 +1125,18 @@ if(!$result = $db->sql_query($sql)) $forum_info = $db->sql_fetchrow($result); $forum_name = stripslashes($forum_info['forum_name']); -$template->set_filenames(array( - "body" => "posting_body.tpl", - "jumpbox" => "jumpbox.tpl") -); -$jumpbox = make_jumpbox(); -$template->assign_vars(array( - "JUMPBOX_LIST" => $jumpbox, - "SELECT_NAME" => POST_FORUM_URL) -); -$template->assign_var_from_handle("JUMPBOX", "jumpbox"); - -$template->assign_vars(array( - "FORUM_ID" => $forum_id, - "FORUM_NAME" => $forum_name, - - "L_POSTNEWIN" => $section_title, - - "U_VIEW_FORUM" => append_sid("viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id")) -); - if($userdata['session_logged_in']) { - $username_input = $userdata["username"]; + $username_input = stripslashes($userdata["username"]); $password_input = ""; } else { $username_input = ''; - $password_input = ''; + $password_input = ''; } -$subject_input = ''; -$message_input = ''; +$subject_input = ''; +$message_input = ''; if($board_config['allow_html']) { @@ -1157,7 +1201,7 @@ if($mode == 'newtopic' || ( $mode == 'editpost' && $is_first_post ) ) { $announce_toggle .= ' checked'; } - $announce_toggle .= '> ' . $lang['Post_Annoucement'] . '  '; + $announce_toggle .= '> ' . $lang['Post_Announcement'] . '  '; } if($is_auth['auth_sticky']) @@ -1222,19 +1266,26 @@ else if($mode == "editpost") } $hidden_form_fields .= ""; -if($mode == "newtopic") -{ - $post_a = $lang['Post_a_new_topic']; -} -else if($mode == "reply") -{ - $post_a = $lang['Post_a_reply']; -} -else if($mode == "editpost") -{ - $post_a = $lang['Edit_Post']; -} - +$template->set_filenames(array( + "body" => "posting_body.tpl", + "jumpbox" => "jumpbox.tpl") +); +$jumpbox = make_jumpbox(); +$template->assign_vars(array( + "JUMPBOX_LIST" => $jumpbox, + "SELECT_NAME" => POST_FORUM_URL) +); +$template->assign_var_from_handle("JUMPBOX", "jumpbox"); + +$template->assign_vars(array( + "FORUM_ID" => $forum_id, + "FORUM_NAME" => $forum_name, + + "L_POSTNEWIN" => $section_title, + + "U_VIEW_FORUM" => append_sid("viewforum.$phpEx?" . POST_FORUM_URL . "=$forum_id")) +); + $template->assign_vars(array( "USERNAME_INPUT" => $username_input, "PASSWORD_INPUT" => $password_input, @@ -1273,4 +1324,4 @@ $template->pparse("body"); include($phpbb_root_path . 'includes/page_tail.'.$phpEx); -?> +?> \ No newline at end of file diff --git a/phpBB/profile.php b/phpBB/profile.php index 882848ae50..0c77560381 100644 --- a/phpBB/profile.php +++ b/phpBB/profile.php @@ -160,7 +160,7 @@ if(isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode'])) "YIM_IMG" => $yim_img, "WEBSITE" => ( ($profiledata['user_website']) ? stripslashes($profiledata['user_website']) : " " ), "WEBSITE_IMG" => $www_img, - "LOCATION" => ( ($profiledatas['user_from']) ? stripslashes($profiledata['user_from']) : " " ), + "LOCATION" => ( ($profiledata['user_from']) ? stripslashes($profiledata['user_from']) : " " ), "OCCUPATION" => ( ($profiledata['user_occ']) ? stripslashes($profiledata['user_occ']) : " " ), "INTERESTS" => ( ($profiledata['user_interests']) ? stripslashes($profiledata['user_interests']) : " " ), "AVATAR_IMG" => $avatar_img, @@ -331,7 +331,7 @@ if(isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode'])) for($i = 0; $i < count($ban_email_list); $i++) { $match_email = str_replace("*@", ".*@", $ban_email_list[$i]['ban_email']); - if( eregi("^" . $match_email . "$", $email) ) + if( preg_match("/^" . $match_email . "$/is", $email) ) { $error = TRUE; if(isset($error_msg)) @@ -767,21 +767,21 @@ if(isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode'])) else if($mode == "editprofile") { $user_id = $userdata['user_id']; - $username = stripslashes($userdata['username']); + $username = $userdata['username']; $email = $userdata['user_email']; $password = ""; $password_confirm = ""; $icq = $userdata['user_icq']; - $aim = stripslashes($userdata['user_aim']); - $msn = stripslashes($userdata['user_msnm']); - $yim = stripslashes($userdata['user_yim']); + $aim = $userdata['user_aim']; + $msn = $userdata['user_msnm']; + $yim = $userdata['user_yim']; - $website = stripslashes($userdata['user_website']); - $location = stripslashes($userdata['user_from']); - $occupation = stripslashes($userdata['user_occ']); - $interests = stripslashes($userdata['user_interests']); - $signature = stripslashes($userdata['user_sig']); + $website = $userdata['user_website']; + $location = $userdata['user_from']; + $occupation = $userdata['user_occ']; + $interests = $userdata['user_interests']; + $signature = $userdata['user_sig']; $viewemail = $userdata['user_viewemail']; $notifypm = $userdata['user_notify_pm']; @@ -861,13 +861,13 @@ if(isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode'])) "ALWAYS_ALLOW_SMILIES_YES" => ($allowsmilies) ? "checked=\"checked\"" : "", "ALWAYS_ALLOW_SMILIES_NO" => (!$allowsmilies) ? "checked=\"checked\"" : "", "ALLOW_AVATAR" => $board_config['allow_avatar_upload'], - "AVATAR" => ($user_avatar != "") ? "\"\"" : "", + "AVATAR" => ($user_avatar != "") ? "\"\"" : "", "AVATAR_SIZE" => $board_config['avatar_filesize'], - "LANGUAGE_SELECT" => language_select($user_lang), + "LANGUAGE_SELECT" => language_select(stripslashes($user_lang)), "THEME_SELECT" => theme_select($user_theme), "TIMEZONE_SELECT" => tz_select($user_timezone), "DATE_FORMAT" => stripslashes($user_dateformat), - "TEMPLATE_SELECT" => template_select($user_template), + "TEMPLATE_SELECT" => template_select(stripslashes($user_template)), "HTML_STATUS" => $html_status, "BBCODE_STATUS" => $bbcode_status, "SMILIES_STATUS" => $smilies_status, diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index 1c8e4b89f1..733840db0a 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -25,18 +25,13 @@ include($phpbb_root_path . 'extension.inc'); include($phpbb_root_path . 'common.'.$phpEx); include($phpbb_root_path . 'includes/bbcode.'.$phpEx); - // -// Begin function to parse Smilies :) +// Start functions // function smilies_pass($message) { - global $db, $smilies_url; + global $db, $board_config; static $smilies; - if(empty($smilies_url)) - { - $smilies_url = "images/smilies"; - } if(empty($smilies)) { @@ -53,8 +48,9 @@ function smilies_pass($message) $orig[] = "'([\s\.\>\ ])" . preg_quote($smilies[$i]['code']) . "([\s\.\ ])'si"; - $repl[] = '\1' . $smilies[$i]['smile_url'] . '\2'; + $repl[] = '\1' . $smilies[$i]['smile_url'] . '\2'; } + if($i > 0) { $message = preg_replace($orig, $repl, ' ' . $message . ' '); @@ -63,11 +59,9 @@ function smilies_pass($message) return($message); } // -// End Smiley parsing function :) +// End functions // - - // // Start initial var setup // @@ -80,16 +74,16 @@ if(isset($HTTP_GET_VARS[POST_POST_URL])) $post_id = $HTTP_GET_VARS[POST_POST_URL]; } -if(!isset($topic_id) && !isset($post_id)) -{ - message_die(GENERAL_MESSAGE, $lang['Topic_post_not_exist']); -} - $start = (isset($HTTP_GET_VARS['start'])) ? $HTTP_GET_VARS['start'] : 0; // // End initial var setup // +if(!isset($topic_id) && !isset($post_id)) +{ + message_die(GENERAL_MESSAGE, $lang['Topic_post_not_exist']); +} + // // Find topic id if user requested a newer // or older topic @@ -123,7 +117,7 @@ if( isset($HTTP_GET_VARS["view"]) && empty($HTTP_GET_VARS[POST_POST_URL]) ) } list($topic_id) = $db->sql_fetchrow($result); - if(empty($topic_id)) + if( empty($topic_id) ) { if($HTTP_GET_VARS["view"] == "next") { @@ -164,18 +158,8 @@ if(!$total_rows = $db->sql_numrows($result)) } $forum_row = $db->sql_fetchrow($result); -$forum_name = stripslashes($forum_row['forum_name']); $forum_id = $forum_row['forum_id']; -$topic_title = stripslashes($forum_row['topic_title']); -$topic_id = $forum_row['topic_id']; -$topic_time = $forum_row['topic_time']; - -if(!empty($post_id)) -{ - $start = floor(($forum_row['prev_posts'] - 1) / $board_config['posts_per_page']) * $board_config['posts_per_page']; -} - // // Start session management // @@ -185,6 +169,16 @@ init_userprefs($userdata); // End session management // +$forum_name = stripslashes($forum_row['forum_name']); +$topic_title = stripslashes($forum_row['topic_title']); +$topic_id = $forum_row['topic_id']; +$topic_time = $forum_row['topic_time']; + +if(!empty($post_id)) +{ + $start = floor(($forum_row['prev_posts'] - 1) / $board_config['posts_per_page']) * $board_config['posts_per_page']; +} + // // Start auth check // @@ -276,7 +270,7 @@ $select_post_order .= ""; // // Go ahead and pull all data for this topic // -$sql = "SELECT u.username, u.user_id, u.user_posts, u.user_from, u.user_website, u.user_icq, u.user_aim, u.user_yim, u.user_regdate, u.user_msnm, u.user_viewemail, u.user_rank, u.user_sig, u.user_avatar, p.post_time, p.post_id, p.post_username, p.bbcode_uid, p.post_edit_time, p.post_edit_count, pt.post_text, pt.post_subject, p.enable_smiles +$sql = "SELECT u.username, u.user_id, u.user_posts, u.user_from, u.user_website, u.user_icq, u.user_aim, u.user_yim, u.user_regdate, u.user_msnm, u.user_viewemail, u.user_rank, u.user_sig, u.user_avatar, p.post_time, p.post_id, p.post_username, p.bbcode_uid, p.post_edit_time, p.post_edit_count, p.enable_bbcode, p.enable_html, p.enable_smilies, pt.post_text, pt.post_subject FROM " . POSTS_TABLE . " p, " . USERS_TABLE . " u, " . POSTS_TEXT_TABLE . " pt WHERE p.topic_id = $topic_id AND p.poster_id = u.user_id @@ -307,7 +301,7 @@ $ranksrow = $db->sql_fetchrowset($ranksresult); // // Dump out the page header and load viewtopic body template // -setcookie('phpbb2_' . $forum_id . '_' . $topic_id, time(), time()+6000, $cookiepath, $cookiedomain, $cookiesecure); +setcookie('phpbb2_' . $forum_id . '_' . $topic_id, time(), time() + 6000, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']); $page_title = $lang['View_topic'] ." - $topic_title"; include($phpbb_root_path . 'includes/page_header.'.$phpEx); @@ -402,13 +396,13 @@ for($i = 0; $i < $total_posts; $i++) $poster_posts = ($postrow[$i]['user_id'] != ANONYMOUS) ? $lang['Posts'] . ": " . $postrow[$i]['user_posts'] : ""; - $poster_from = ($postrow[$i]['user_from'] && $postrow[$i]['user_id'] != ANONYMOUS) ? $lang['From'] . ": " .$postrow[$i]['user_from'] : ""; + $poster_from = ($postrow[$i]['user_from'] && $postrow[$i]['user_id'] != ANONYMOUS) ? $lang['From'] . ": " . stripslashes($postrow[$i]['user_from']) : ""; $poster_joined = ($postrow[$i]['user_id'] != ANONYMOUS) ? $lang['Joined'] . ": " . create_date($board_config['default_dateformat'], $postrow[$i]['user_regdate'], $board_config['default_timezone']) : ""; if($postrow[$i]['user_avatar'] != "" && $poster_id != ANONYMOUS) { - $poster_avatar = (strstr("http", $postrow[$i]['user_avatar']) && $board_config['allow_avatar_remote']) ? "

" : "
\"\"
"; + $poster_avatar = (strstr("http", $postrow[$i]['user_avatar']) && $board_config['allow_avatar_remote']) ? "

" : "
\"\"
"; } else { @@ -429,8 +423,8 @@ for($i = 0; $i < $total_posts; $i++) { if($postrow[$i]['user_rank'] == $ranksrow[$j]['rank_id'] && $ranksrow[$j]['rank_special']) { - $poster_rank = $ranksrow[$j]['rank_title']; - $rank_image = ($ranksrow[$j]['rank_image']) ? "
" : ""; + $poster_rank = stripslashes($ranksrow[$j]['rank_title']); + $rank_image = ($ranksrow[$j]['rank_image']) ? "
" : ""; } } } @@ -440,8 +434,8 @@ for($i = 0; $i < $total_posts; $i++) { if($postrow[$i]['user_posts'] > $ranksrow[$j]['rank_min'] && $postrow[$i]['user_posts'] < $ranksrow[$j]['rank_max'] && !$ranksrow[$j]['rank_special']) { - $poster_rank = $ranksrow[$j]['rank_title']; - $rank_image = ($ranksrow[$j]['rank_image']) ? "
" : ""; + $poster_rank = stripslashes($ranksrow[$j]['rank_title']); + $rank_image = ($ranksrow[$j]['rank_image']) ? "
" : ""; } } } @@ -461,15 +455,15 @@ for($i = 0; $i < $total_posts; $i++) $pm_img = "\"""; - $email_img = ($postrow[$i]['user_viewemail'] == 1) ? "\""" : ""; + $email_img = ($postrow[$i]['user_viewemail'] == 1) ? "\""" : ""; - $www_img = ($postrow[$i]['user_website']) ? "\""" : ""; + $www_img = ($postrow[$i]['user_website']) ? "\""" : ""; if($postrow[$i]['user_icq']) { - $icq_status_img = ""; + $icq_status_img = ""; - $icq_add_img = "\"""; + $icq_add_img = "\"""; } else { @@ -477,11 +471,11 @@ for($i = 0; $i < $total_posts; $i++) $icq_add_img = ""; } - $aim_img = ($postrow[$i]['user_aim']) ? "\""" : ""; + $aim_img = ($postrow[$i]['user_aim']) ? "\""" : ""; $msn_img = ($postrow[$i]['user_msnm']) ? "\""" : ""; - $yim_img = ($postrow[$i]['user_yim']) ? "\""" : ""; + $yim_img = ($postrow[$i]['user_yim']) ? "\""" : ""; } else { @@ -516,43 +510,40 @@ for($i = 0; $i < $total_posts; $i++) $user_sig = stripslashes($postrow[$i]['user_sig']); $message = stripslashes($postrow[$i]['post_text']); - if(!$board_config['allow_html']) + if(!$board_config['allow_html'] || !$postrow[$i]['enable_html']) { if($user_sig != "") { $user_sig = htmlspecialchars($user_sig); } $message = htmlspecialchars($message); - // - // Added next line to fix doubled up conversions due to htmlspecialchars - // already being run on posts. - // - $message = str_replace('&', '&', $message); } if($board_config['allow_bbcode']) { if($user_sig != "") { + // + // Move this to profile? Well, first pass + // $sig_uid = make_bbcode_uid(); $user_sig = bbencode_first_pass($user_sig, $sig_uid); $user_sig = bbencode_second_pass($user_sig, $sig_uid); + $user_sig = str_replace("\n", "
", $user_sig); } - $message = bbencode_second_pass($message, $bbcode_uid); + if($postrow[$i]['allow_bbcode']) + { + $message = bbencode_second_pass($message, $bbcode_uid); + } } - - $message = make_clickable($message); $message = str_replace("\n", "
", $message); - if($user_sig != "") - { - $message = eregi_replace("\[addsig]$", "

_________________
" . nl2br($user_sig), $message); - } + $message = ($user_sig != "") ? ereg_replace("\[addsig]$", "

_________________
" . $user_sig, $message) : ereg_replace("\[addsig]$", "", $message); - if($board_config['allow_smilies'] && $postrow[$i]['enable_smiles'] == 1) + if($board_config['allow_smilies'] && $postrow[$i]['enable_smilies']) { $message = smilies_pass($message); } @@ -571,11 +562,11 @@ for($i = 0; $i < $total_posts; $i++) // Again this will be handled by the templating // code at some point // - $row_color = ( !($i % 2) ) ? "#" . $theme['td_color1'] : "#" . $theme['td_color2']; + $row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2']; $row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2']; $template->assign_block_vars("postrow", array( - "ROW_COLOR" => $row_color, + "ROW_COLOR" => "#" . $row_color, "ROW_CLASS" => $row_class, "POSTER_NAME" => $poster, "POSTER_RANK" => $poster_rank, @@ -615,11 +606,20 @@ $s_auth_can .= $lang['You'] . " " . ( ($is_auth['auth_post']) ? $lang['can'] : $ $s_auth_can .= $lang['You'] . " " . ( ($is_auth['auth_reply']) ? $lang['can'] : $lang['cannot'] ) . " " . $lang['reply_posts'] . "
"; $s_auth_can .= $lang['You'] . " " . ( ($is_auth['auth_edit']) ? $lang['can'] : $lang['cannot'] ) . " " . $lang['edit_posts'] . "
"; $s_auth_can .= $lang['You'] . " " . ( ($is_auth['auth_delete']) ? $lang['can'] : $lang['cannot'] ) . " " . $lang['delete_posts'] . "
"; +/* +$s_auth_read_img = "\"""; +$s_auth_post_img = "\"""; +$s_auth_reply_img = "\"""; +$s_auth_edit_img = "\"""; +$s_auth_delete_img = "\"""; +*/ if( $is_auth['auth_mod'] ) { $s_auth_can .= $lang['You'] . " " . $lang['can'] . " " . $lang['moderate_forum'] . "
"; +// $s_auth_mod_img = "\"""; + $topic_mod = "\"" "; $topic_mod .= "\"" "; @@ -636,11 +636,16 @@ if( $is_auth['auth_mod'] ) } $template->assign_vars(array( - "PAGINATION" => generate_pagination("viewtopic.$phpEx?".POST_TOPIC_URL."=$topic_id&postdays=$post_days&postorder=$post_order", $total_replies, $board_config['posts_per_page'], $start), + "PAGINATION" => generate_pagination("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id&postdays=$post_days&postorder=$post_order", $total_replies, $board_config['posts_per_page'], $start), "ON_PAGE" => ( floor( $start / $board_config['posts_per_page'] ) + 1 ), "TOTAL_PAGES" => ceil( $total_replies / $board_config['posts_per_page'] ), - "S_AUTH_LIST" => $s_auth_can, + "S_AUTH_LIST" => $s_auth_can, + "S_AUTH_READ_IMG" => $s_auth_read_img, + "S_AUTH_POST_IMG" => $s_auth_post_img, + "S_AUTH_REPLY_IMG" => $s_auth_reply_img, + "S_AUTH_EDIT_IMG" => $s_auth_edit_img, + "S_AUTH_MOD_IMG" => $s_auth_mod_img, "S_TOPIC_ADMIN" => $topic_mod, "L_OF" => $lang['of'], @@ -652,4 +657,4 @@ $template->pparse("body"); include($phpbb_root_path . 'includes/page_tail.'.$phpEx); -?> +?> \ No newline at end of file