Fixed bug 478218 -- [ and ] in usernames qith quote= bbcode. Usernames can no longer contain the double-quote character. Also removed a dupe from lang_main file.

git-svn-id: file:///svn/phpbb/trunk@1441 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-06-28 06:08:52 +00:00 · 2001-11-25 23:31:04 +00:00 · 2001-11-25 23:31:04 +00:00 · dbb0ce8eee
commit dbb0ce8eee
parent a25d1820f5
6 changed files with 15 additions and 10 deletions
--- a/phpBB/includes/bbcode.php
+++ b/phpBB/includes/bbcode.php
@ -167,7 +167,7 @@ function bbencode_second_pass($text, $uid)
 	$text = str_replace("[quote:$uid]", $bbcode_tpl['quote_open'], $text);
 	$text = str_replace("[/quote:$uid]", $bbcode_tpl['quote_close'], $text);
-	$text = preg_replace("/\[quote:$uid=(.*?)\]/si", $bbcode_tpl['quote_username_open'], $text);
+	$text = preg_replace("/\[quote:$uid=\"?(.*?)\"?\]/si", $bbcode_tpl['quote_username_open'], $text);
 	// [b] and [/b] for bolding text.
 	$text = str_replace("[b:$uid]", $bbcode_tpl['b_open'], $text);
@ -240,7 +240,7 @@ function bbencode_first_pass($text, $uid)
 	// [QUOTE] and [/QUOTE] for posting replies with quote, or just for quoting stuff.
 	$text = bbencode_first_pass_pda($text, $uid, '[quote]', '[/quote]', '', false, '');
-	$text = bbencode_first_pass_pda($text, $uid, '/\[quote=(.*?)\]/is', '[/quote]', '', false, '', "[quote:$uid=\\1]");
+	$text = bbencode_first_pass_pda($text, $uid, '/\[quote=(\\\\".*?\\\\")\]/is', '[/quote]', '', false, '', "[quote:$uid=\\1]");
 	// [list] and [list=x] for (un)ordered lists.
 	$open_tag = array();
@ -276,8 +276,6 @@ function bbencode_first_pass($text, $uid)
 	// Remove our padding from the string..
 	$text = substr($text, 1);
 	// Add the uid tag to the start of the string..
 	//$text = '[uid=' . $uid . ']' . $text;
 	return $text;
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@ -476,6 +476,7 @@ function generate_pagination($base_url, $num_items, $per_page, $start_item, $add
 //
 // Check to see if the username has been taken, or if it is disallowed.
 // Also checks if it includes the " character, which we don't allow in usernames.
 // Used for registering, changing names, and posting anonymously with a username
 //
 function validate_username($username)
@ -550,6 +551,12 @@ function validate_username($username)
 		}
 	}
 	// Don't allow " in username.
 	if ( strstr($username, '"') )
 	{
 		return FALSE;
 	}
 	return(TRUE);
 }
--- a/phpBB/language/lang_english/lang_main.php
+++ b/phpBB/language/lang_english/lang_main.php
@ -455,7 +455,6 @@ $lang['Search_user_posts'] = "Find all posts by %s"; // Find all posts by userna
 $lang['No_user_id_specified'] = "Sorry but that user does not exist";
 $lang['Wrong_Profile'] = "You cannot modify a profile that is not your own.";
 $lang['Bad_username'] = "The username you choose has been taken or is disallowed by the administrator.";
 $lang['Sorry_banned_or_taken_email'] = "Sorry but the email address you gave has either been banned, is already registered to another user or is invalid. Please try an alternative address, if that is also banned you should contact the board administrator for advice";
 $lang['Only_one_avatar'] = "Only one type of avatar can be specified";
 $lang['File_no_data'] = "The file at the URL you gave contains no data";
@ -514,7 +513,7 @@ $lang['Profile_updated_inactive'] = "Your profile has been updated, however you
 $lang['Password_mismatch'] = "The passwords you entered did not match";
 $lang['Current_password_mismatch'] = "The current password you supplied does not match that stored in the database";
-$lang['Invalid_username'] = "The username you requested has been taken or disallowed";
+$lang['Invalid_username'] = "The username you requested has been taken or disallowed, or contains invalid characters like the \" character";
 $lang['Signature_too_long'] = "Your signature is too long";
 $lang['Fields_empty'] = "You must fill in the required fields";
 $lang['Avatar_filetype'] = "The avatar filetype must be .jpg, .gif or .png";
--- a/phpBB/posting.php
+++ b/phpBB/posting.php
@ -1040,7 +1040,7 @@ if( $submit && $mode != "vote" )
 			{
 				$error_msg .= "<br />";
 			}
-			$error_msg .= $lang['Bad_username'];
+			$error_msg .= $lang['Invalid_username'];
 		}
 	}
 	else
@ -2358,7 +2358,7 @@ else
 				$msg_date =  create_date($board_config['default_dateformat'], $postrow['post_time'], $board_config['board_timezone']);
-				$post_message = "[quote=" . $post_username . "]\n" . $post_message . "\n[/quote]";
+				$post_message = "[quote=\"" . $post_username . "\"]\n" . $post_message . "\n[/quote]";
 				$mode = "reply";
 			}
--- a/phpBB/privmsg.php
+++ b/phpBB/privmsg.php
@ -1263,7 +1263,7 @@ else if( $submit || $refresh || $mode != "" )
 			$to_username = $privmsg['username'];
 			$to_userid = $privmsg['user_id'];
-			$privmsg_message = preg_replace("/(|\:1)\:$post_bbcode_uid(|\:[a-z])/si", "", $privmsg_message);
+			$privmsg_message = preg_replace("/\:(([a-z0-9]:)?)$post_bbcode_uid/si", "", $privmsg_message);
 			$privmsg_message = str_replace("<br />", "\n", $privmsg_message);
 			$privmsg_message = preg_replace($html_entities_match, $html_entities_replace, $privmsg_message);
 			$privmsg_message = preg_replace('#</textarea>#si', '&lt;/textarea&gt;', $privmsg_message);
@ -1274,7 +1274,7 @@ else if( $submit || $refresh || $mode != "" )
 				$msg_date =  create_date($board_config['default_dateformat'], $privmsg['privmsgs_date'], $board_config['board_timezone']); //"[date]" . $privmsg['privmsgs_time'] . "[/date]";
-				$privmsg_message = "[quote=" . $to_username . "]\n" . $privmsg_message . "\n[/quote]";
+				$privmsg_message = "[quote=\"" . $to_username . "\"]\n" . $privmsg_message . "\n[/quote]";
 				$mode = "reply";
 			}
--- a/phpBB/profile.php
+++ b/phpBB/profile.php
@ -546,6 +546,7 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
 					$error = TRUE;
 					$error_msg = $lang['Fields_empty'];
 				}
 			}
 			$passwd_sql = "";