From c3a5fd30eea8b5426adfc9318d6e6b89616bc071 Mon Sep 17 00:00:00 2001
From: Josh Woody <a_jelly_doughnut@phpbb.com>
Date: Fri, 20 Aug 2010 15:37:48 -0500
Subject: [PATCH 1/2] [ticket/9646] Honor CSS comments in @import statements

Add a basic CSS comment parser that allows comments to prevent loading an
@import statement. For simplicity, only whitespace is allowed between /* and
the @import. Also adjust regex to not parse improper quotation marks.

PHPBB3-9646
PHPBB3-8169
---
 phpBB/includes/acp/acp_styles.php | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php
index 3310560c73..95b700c876 100644
--- a/phpBB/includes/acp/acp_styles.php
+++ b/phpBB/includes/acp/acp_styles.php
@@ -2531,13 +2531,21 @@ parse_css_file = {PARSE_CSS_FILE}
 
 		// Match CSS imports
 		$matches = array();
-		preg_match_all('/@import url\(["\'](.*)["\']\);/i', $stylesheet, $matches);
+		preg_match_all('/@import url\((["\'])(.*)\1\);/i', $stylesheet, $matches);
+
+		// remove commented stylesheets (very simple parser, allows only whitespace
+		// around an @import statement)
+		preg_match_all('#/\*\s*@import url\((["\'])(.*)\1\);\s\*/#i', $stylesheet, $commented);
+		$matches[2] = array_diff($matches[2], $commented[2]);
 
 		if (sizeof($matches))
 		{
 			foreach ($matches[0] as $idx => $match)
 			{
-				$stylesheet = str_replace($match, acp_styles::load_css_file($theme_row['theme_path'], $matches[1][$idx]), $stylesheet);
+				if (isset($matches[2][$idx]))
+				{
+					$stylesheet = str_replace($match, acp_styles::load_css_file($theme_row['theme_path'], $matches[2][$idx]), $stylesheet);
+				}
 			}
 		}
 

From aa4519fb44f4ff83e923c6cc4d5bde3f20082340 Mon Sep 17 00:00:00 2001
From: Joas Schilling <nickvergessen@gmx.de>
Date: Fri, 20 Aug 2010 12:15:23 -0400
Subject: [PATCH 2/2] [ticket/7260] Don't delete poll if one exists and editing
 user lacks permission

PHPBB3-7260
---
 phpBB/posting.php | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/phpBB/posting.php b/phpBB/posting.php
index df063ef391..8cacac2910 100644
--- a/phpBB/posting.php
+++ b/phpBB/posting.php
@@ -402,6 +402,16 @@ if ($post_data['poll_start'])
 	$db->sql_freeresult($result);
 }
 
+$original_poll_data = array(
+	'poll_title'		=> $post_data['poll_title'],
+	'poll_length'		=> $post_data['poll_length'],
+	'poll_max_options'	=> $post_data['poll_max_options'],
+	'poll_option_text'	=> implode("\n", $post_data['poll_options']),
+	'poll_start'		=> $post_data['poll_start'],
+	'poll_last_vote'	=> $post_data['poll_last_vote'],
+	'poll_vote_change'	=> $post_data['poll_vote_change'],
+);
+
 $orig_poll_options_size = sizeof($post_data['poll_options']);
 
 $message_parser = new parse_message();
@@ -912,6 +922,22 @@ if ($submit || $preview || $refresh)
 			$message_parser->warn_msg[] = $user->lang['NO_DELETE_POLL_OPTIONS'];
 		}*/
 	}
+	else if (!$auth->acl_get('f_poll', $forum_id) && ($mode == 'edit') && ($post_id == $post_data['topic_first_post_id']) && ($original_poll_data['poll_title'] != ''))
+	{
+		// We have a poll but the editing user is not permitted to create/edit it.
+		// So we just keep the original poll-data.
+		$poll = array_merge($original_poll_data, array(
+			'enable_bbcode'		=> $post_data['enable_bbcode'],
+			'enable_urls'		=> $post_data['enable_urls'],
+			'enable_smilies'	=> $post_data['enable_smilies'],
+			'img_status'		=> $img_status,
+		));
+
+		$message_parser->parse_poll($poll);
+
+		$post_data['poll_options'] = (isset($poll['poll_options'])) ? $poll['poll_options'] : '';
+		$post_data['poll_title'] = (isset($poll['poll_title'])) ? $poll['poll_title'] : '';
+	}
 	else
 	{
 		$poll = array();