More fixes

git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@3173 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-06-28 06:08:52 +00:00 · 2002-12-03 20:55:37 +00:00 · 2002-12-03 20:55:37 +00:00 · 93dac10dbf
commit 93dac10dbf
parent 32830195ee
6 changed files with 53 additions and 52 deletions
--- a/phpBB/admin/admin_users.php
+++ b/phpBB/admin/admin_users.php
@ -65,8 +65,7 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) |
 	{
 		$user_id = intval( $HTTP_POST_VARS['id'] );
-		$this_userdata = get_userdata($user_id);
+		if (!($this_userdata = get_userdata($user_id)))
 		if( !$this_userdata )
 		{
 			message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] );
 		}
@ -179,26 +178,14 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) |
 			$sql = "SELECT privmsgs_id
 				FROM " . PRIVMSGS_TABLE . "
-				WHERE ( ( privmsgs_from_userid = $user_id 
+				WHERE privmsgs_from_userid = $user_id 
-						AND privmsgs_type = " . PRIVMSGS_NEW_MAIL . " )
+					OR privmsgs_to_userid = $user_id";
 					OR ( privmsgs_from_userid = $user_id
 						AND privmsgs_type = " . PRIVMSGS_SENT_MAIL . " )
 					OR ( privmsgs_to_userid = $user_id
 						AND privmsgs_type = " . PRIVMSGS_READ_MAIL . " )
 					OR ( privmsgs_to_userid = $user_id
 						AND privmsgs_type = " . PRIVMSGS_SAVED_IN_MAIL . " )
 					OR ( privmsgs_from_userid = $user_id
 						AND privmsgs_type = " . PRIVMSGS_SAVED_OUT_MAIL . " ) )";
 			if ( !($result = $db->sql_query($sql)) )
 			{
-				message_die(GENERAL_ERROR, 'Could not select all user\'s private messages', '', __LINE__, __FILE__, $sql);
+				message_die(GENERAL_ERROR, 'Could not select all users private messages', '', __LINE__, __FILE__, $sql);
 			}
-			
+
 			//
 			// This little bit of code directly from the private messaging section.
 			// Thanks Paul!
 			//
 			while ( $row_privmsgs = $db->sql_fetchrow($result) )
 			{
 				$mark_list[] = $row_privmsgs['privmsgs_id'];
@ -208,22 +195,11 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) |
 			{
 				$delete_sql_id = implode(', ', $mark_list);
 				//
 				// We shouldn't need to worry about updating conters here...
 				// They are already gone!
 				//
 				$delete_text_sql = "DELETE FROM " . PRIVMSGS_TEXT_TABLE . "
 					WHERE privmsgs_text_id IN ($delete_sql_id)";
 				$delete_sql = "DELETE FROM " . PRIVMSGS_TABLE . "
 					WHERE privmsgs_id IN ($delete_sql_id)";
 				//
 				// Shouldn't need the switch statement here, either, as we just want
 				// to take out all of the private messages.  This will not affect
 				// the other messages we want to keep; the ids are unique.
 				//
 				if ( !$db->sql_query($delete_sql) )
 				{
 					message_die(GENERAL_ERROR, 'Could not delete private message info', '', __LINE__, __FILE__, $delete_sql);
@ -234,22 +210,6 @@ if( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username']) |
 					message_die(GENERAL_ERROR, 'Could not delete private message text', '', __LINE__, __FILE__, $delete_text_sql);
 				}
 			}
 			$sql = "UPDATE " . PRIVMSGS_TABLE . "
 				SET privmsgs_to_userid = " . DELETED . "
 				WHERE privmsgs_to_userid = $user_id";
 			if ( !$db->sql_query($sql) )
 			{
 				message_die(GENERAL_ERROR, 'Could not update private messages saved to the user', '', __LINE__, __FILE__, $sql);
 			}
 			$sql = "UPDATE " . PRIVMSGS_TABLE . "
 				SET privmsgs_from_userid = " . DELETED . "
 				WHERE privmsgs_from_userid = $user_id";
 			if ( !$db->sql_query($sql) )
 			{
 				message_die(GENERAL_ERROR, 'Could not update private messages saved from the user', '', __LINE__, __FILE__, $sql);
 			}
 			$message = $lang['User_deleted'] . '<br /><br />' . sprintf($lang['Click_return_useradmin'], '<a href="' . append_sid("admin_users.$phpEx") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@ -133,6 +133,9 @@ h3 {font-size:12pt;color:blue}
 <li>Fixed ability of users to edit polls even after they have received votes</li>
 <li>Fixed header Location to be absolute URL as per HTTP 1.1 spec - noted by <b>PhilippK</b></li>
 <li>Added additional session_id checks to MCP, topic subscription, PM and similar items</li>
 <li>Fixed colour select box in posting_body to reset to Default colour after selection</li>
 <li>Altered PM icon to show new image until messages have been read</li>
 <li>Fixed incomplete deletion of PMs when removing the associated user</li>
 <li></li>
 </ul>
--- a/phpBB/includes/page_header.php
+++ b/phpBB/includes/page_header.php
@ -75,7 +75,7 @@ if ( $userdata['session_logged_in'] )
 }
 else
 {
-	$u_login_logout = 'login.'.$phpEx . '&amp;sid=' . $userdata['session_id'];
+	$u_login_logout = 'login.'.$phpEx;
 	$l_login_logout = $lang['Login'];
 }
--- a/phpBB/privmsg.php
+++ b/phpBB/privmsg.php
@ -69,6 +69,16 @@ else
 	$folder = 'inbox';
 }
 // session id check
 if (!empty($HTTP_POST_VARS['sid']) || !empty($HTTP_GET_VARS['sid']))
 {
 	$sid = (!empty($HTTP_POST_VARS['sid'])) ? $HTTP_POST_VARS['sid'] : $HTTP_GET_VARS['sid'];
 }
 else
 {
 	$sid = '';
 }
 //
 // Start session management
 //
@ -644,6 +654,13 @@ else if ( ( $delete && $mark_list ) || $delete_all )
 	{
 		redirect(append_sid("login.$phpEx?redirect=privmsg.$phpEx&folder=inbox", true));
 	}
 	// session id check
 	if ($sid == '' || $sid != $userdata['session_id'])
 	{
 		message_die(ERROR, 'Invalid_session');
 	}
 	if ( isset($mark_list) && !is_array($mark_list) )
 	{
 		// Set to empty array instead of '0' if nothing is selected.
@ -652,7 +669,7 @@ else if ( ( $delete && $mark_list ) || $delete_all )
 	if ( !$confirm )
 	{
-		$s_hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" />';
+		$s_hidden_fields = '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" /><input type="hidden" name="mode" value="' . $mode . '" />';
 		$s_hidden_fields .= ( isset($HTTP_POST_VARS['delete']) ) ? '<input type="hidden" name="delete" value="true" />' : '<input type="hidden" name="deleteall" value="true" />';
 		for($i = 0; $i < count($mark_list); $i++)
@ -842,6 +859,12 @@ else if ( $save && $mark_list && $folder != 'savebox' && $folder != 'outbox' )
 		redirect(append_sid("login.$phpEx?redirect=privmsg.$phpEx&folder=inbox", true));
 	}
 	// session id check
 	if ($sid == '' || $sid != $userdata['session_id'])
 	{
 		message_die(ERROR, 'Invalid_session');
 	}
 	//
 	// See if recipient is at their savebox limit
 	//
@ -939,13 +962,12 @@ else if ( $save && $mark_list && $folder != 'savebox' && $folder != 'outbox' )
 }
 else if ( $submit || $refresh || $mode != '' )
 {
 	if ( !$userdata['session_logged_in'] )
 	{
 		$user_id = ( isset($HTTP_GET_VARS[POST_USERS_URL]) ) ? '&' . POST_USERS_URL . '=' . intval($HTTP_GET_VARS[POST_USERS_URL]) : '';
 		redirect(append_sid("login.$phpEx?redirect=privmsg.$phpEx&folder=$folder&mode=$mode" . $user_id, true));
 	}
-
+	
 	//
 	// Toggles
 	//
@ -1006,6 +1028,12 @@ else if ( $submit || $refresh || $mode != '' )
 	if ( $submit )
 	{
 		// session id check
 		if ($sid == '' || $sid != $userdata['session_id'])
 		{
 			message_die(ERROR, 'Invalid_session');
 		}
 		if ( !empty($HTTP_POST_VARS['username']) )
 		{
 			$to_username = $HTTP_POST_VARS['username'];
@ -1444,7 +1472,7 @@ else if ( $submit || $refresh || $mode != '' )
 		$preview_message = make_clickable($preview_message);
 		$preview_message = str_replace("\n", '<br />', $preview_message);
-		$s_hidden_fields = '<input type="hidden" name="folder" value="' . $folder . '" />';
+		$s_hidden_fields = '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" /><input type="hidden" name="folder" value="' . $folder . '" />';
 		$s_hidden_fields .= '<input type="hidden" name="mode" value="' . $mode . '" />';
 		if ( isset($privmsg_id) )
@ -1566,7 +1594,7 @@ else if ( $submit || $refresh || $mode != '' )
 		$post_a = $lang['Edit_message'];
 	}
-	$s_hidden_fields = '<input type="hidden" name="folder" value="' . $folder . '" />';
+	$s_hidden_fields = '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" /><input type="hidden" name="folder" value="' . $folder . '" />';
 	$s_hidden_fields .= '<input type="hidden" name="mode" value="' . $mode . '" />';
 	if ( $mode == 'edit' )
 	{
--- a/phpBB/profile.php
+++ b/phpBB/profile.php
@ -34,6 +34,16 @@ init_userprefs($userdata);
 // End session management
 //
 // session id check
 if (!empty($HTTP_POST_VARS['sid']) || !empty($HTTP_GET_VARS['sid']))
 {
 	$sid = (!empty($HTTP_POST_VARS['sid'])) ? $HTTP_POST_VARS['sid'] : $HTTP_GET_VARS['sid'];
 }
 else
 {
 	$sid = '';
 }
 //
 // Set default email variables
 //
--- a/phpBB/templates/subSilver/posting_body.tpl
+++ b/phpBB/templates/subSilver/posting_body.tpl
@ -355,7 +355,7 @@ function storeCaret(textEl) {
 			  <table width="100%" border="0" cellspacing="0" cellpadding="0">
 				<tr> 
 				  <td><span class="genmed"> &nbsp;{L_FONT_COLOR}: 
-					<select name="addbbcode18" onChange="bbfontstyle('[color=' + this.form.addbbcode18.options[this.form.addbbcode18.selectedIndex].value + ']', '[/color]')" onMouseOver="helpline('s')">
+					<select name="addbbcode18" onChange="bbfontstyle('[color=' + this.form.addbbcode18.options[this.form.addbbcode18.selectedIndex].value + ']', '[/color]');this.selectedIndex=0;" onMouseOver="helpline('s')">
 					  <option style="color:black; background-color: {T_TD_COLOR1}" value="{T_FONTCOLOR1}" class="genmed">{L_COLOR_DEFAULT}</option>
 					  <option style="color:darkred; background-color: {T_TD_COLOR1}" value="darkred" class="genmed">{L_COLOR_DARK_RED}</option>
 					  <option style="color:red; background-color: {T_TD_COLOR1}" value="red" class="genmed">{L_COLOR_RED}</option>