diff --git a/phpBB/admin/admin_forums.php b/phpBB/admin/admin_forums.php
index a65dc23b6b..5588784cb3 100644
--- a/phpBB/admin/admin_forums.php
+++ b/phpBB/admin/admin_forums.php
@@ -302,9 +302,11 @@ if( !empty($mode) )
$forumstatus == ( FORUM_LOCKED ) ? $forumlocked = "selected=\"selected\"" : $forumunlocked = "selected=\"selected\"";
$statuslist = "\n";
+
$statuslist .= "\n";
+
$template->set_filenames(array(
"body" => "admin/forum_edit_body.tpl")
);
@@ -604,6 +606,40 @@ if( !empty($mode) )
// Either delete or move all posts in a forum
if($to_id == -1)
{
+ // Delete polls in this forum
+ $sql = "SELECT v.vote_id
+ FROM " . VOTE_DESC_TABLE . " v, " . TOPICS_TABLE . " t
+ WHERE t.forum_id = $forum_id
+ AND v.topic_id = t.topic_id";
+ if (!($result = $db->sql_query($sql)))
+ {
+ message_die(GENERAL_ERROR, "Couldn't obtain list of vote ids", "", __LINE__, __FILE__, $sql);
+ }
+
+ if ($row = $db->sql_fetchrow($result))
+ {
+ $vote_ids = '';
+ do
+ {
+ $vote_ids = (($vote_ids != '') ? ', ' : '') . $row['vote_id'];
+ }
+ while ($row = $db->sql_fetchrow($result));
+
+ $sql = "DELETE FROM " . VOTE_DESC_TABLE . "
+ WHERE vote_id IN ($vote_ids)";
+ $db->sql_query($sql);
+
+ $sql = "DELETE FROM " . VOTE_RESULTS_TABLE . "
+ WHERE vote_id IN ($vote_ids)";
+ $db->sql_query($sql);
+
+ $sql = "DELETE FROM " . VOTE_USERS_TABLE . "
+ WHERE vote_id IN ($vote_ids)";
+ $db->sql_query($sql);
+ }
+ $db->sql_freeresult($result);
+
+
include($phpbb_root_path . "includes/prune.$phpEx");
prune($from_id, 0); // Delete everything from forum
}
@@ -616,6 +652,7 @@ if( !empty($mode) )
{
message_die(GENERAL_ERROR, "Couldn't verify existence of forums", "", __LINE__, __FILE__, $sql);
}
+
if($db->sql_numrows($result) != 2)
{
message_die(GENERAL_ERROR, "Ambiguous forum ID's", "", __LINE__, __FILE__);
@@ -637,6 +674,58 @@ if( !empty($mode) )
sync('forum', $to_id);
}
+ // Alter Mod level if appropriate - 2.0.4
+ $sql = "SELECT ug.user_id
+ FROM " . AUTH_ACCESS_TABLE . " a, " . USER_GROUP_TABLE . " ug
+ WHERE a.forum_id <> $forum_id
+ AND a.auth_mod = 1
+ AND ug.group_id = a.group_id";
+ if( !$result = $db->sql_query($sql) )
+ {
+ message_die(GENERAL_ERROR, "Couldn't obtain moderator list", "", __LINE__, __FILE__, $sql);
+ }
+
+ if ($row = $db->sql_fetchrow($result))
+ {
+ $user_ids = '';
+ do
+ {
+ $user_ids = (($user_ids != '') ? ', ' : '' ) . $row['user_id'];
+ }
+ while ($row = $db->sql_fetchrow($result));
+
+ $sql = "SELECT ug.user_id
+ FROM " . AUTH_ACCESS_TABLE . " a, " . USER_GROUP_TABLE . " ug
+ WHERE a.forum_id = $forum_id
+ AND a.auth_mod = 1
+ AND ug.group_id = a.group_id
+ AND ug.user_id NOT IN ($user_ids)";
+ if( !$result2 = $db->sql_query($sql) )
+ {
+ message_die(GENERAL_ERROR, "Couldn't obtain moderator list", "", __LINE__, __FILE__, $sql);
+ }
+
+ if ($row = $db->sql_fetchrow($result2))
+ {
+ $user_ids = '';
+ do
+ {
+ $user_ids = (($user_ids != '') ? ', ' : '' ) . $row['user_id'];
+ }
+ while ($row = $db->sql_fetchrow($result2));
+
+ $sql = "UPDATE " . USERS_TABLE . "
+ SET user_level = " . USER . "
+ WHERE user_id IN ($user_ids)
+ AND user_level <> " . ADMIN;
+ $db->sql_query($sql);
+ }
+ $db->sql_freeresult($result);
+
+ }
+ $db->sql_freeresult($result2);
+
+
$sql = "DELETE FROM " . FORUMS_TABLE . "
WHERE forum_id = $from_id";
if( !$result = $db->sql_query($sql) )
diff --git a/phpBB/groupcp.php b/phpBB/groupcp.php
index e1d484f4f9..cf40a549b3 100644
--- a/phpBB/groupcp.php
+++ b/phpBB/groupcp.php
@@ -717,7 +717,7 @@ else if ( $group_id )
$email_headers = 'From: ' . $board_config['board_email'] . "\nReturn-Path: " . $board_config['board_email'] . "\nBcc: " . $email_addresses . "\n";
$emailer->use_template('group_approved');
- $emailer->email_address($userdata['user_email']);
+ $emailer->email_address(' ');//$userdata['user_email']
$emailer->set_subject();//$lang['Group_approved']
$emailer->extra_headers($email_headers);
diff --git a/phpBB/includes/emailer.php b/phpBB/includes/emailer.php
index 30f58cc44e..2192b886b4 100755
--- a/phpBB/includes/emailer.php
+++ b/phpBB/includes/emailer.php
@@ -88,7 +88,7 @@ class emailer
$template_lang = $board_config['default_lang'];
}
- $this->tpl_file = realpath($phpbb_root_path . 'language/lang_' . $template_lang . '/email/' . $template_file . '.tpl');
+ $this->tpl_file = @realpath($phpbb_root_path . 'language/lang_' . $template_lang . '/email/' . $template_file . '.tpl');
if ( !file_exists($this->tpl_file) )
{
diff --git a/phpBB/includes/functions_post.php b/phpBB/includes/functions_post.php
index 16b283022a..ce3288d6f3 100644
--- a/phpBB/includes/functions_post.php
+++ b/phpBB/includes/functions_post.php
@@ -326,7 +326,7 @@ function submit_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_
{
if ( !empty($option_text) )
{
- $option_text = str_replace("\'", "''", $option_text);
+ $option_text = str_replace("\'", "''", htmlspecialchars($option_text));
$poll_result = ( $mode == "editpost" && isset($old_poll_result[$option_id]) ) ? $old_poll_result[$option_id] : 0;
$sql = ( $mode != "editpost" || !isset($old_poll_result[$option_id]) ) ? "INSERT INTO " . VOTE_RESULTS_TABLE . " (vote_id, vote_option_id, vote_option_text, vote_result) VALUES ($poll_id, $poll_option_id, '$option_text', $poll_result)" : "UPDATE " . VOTE_RESULTS_TABLE . " SET vote_option_text = '$option_text', vote_result = $poll_result WHERE vote_option_id = $option_id AND vote_id = $poll_id";
diff --git a/phpBB/modcp.php b/phpBB/modcp.php
index bc2df98f99..e9d98e5f42 100644
--- a/phpBB/modcp.php
+++ b/phpBB/modcp.php
@@ -1013,6 +1013,7 @@ switch( $mode )
$template->set_filenames(array(
'body' => 'modcp_body.tpl')
);
+ make_jumpbox('modcp.'.$phpEx);
//
// Define censored word matches