diff --git a/phpBB/index.php b/phpBB/index.php
index c67fe95514..348e3e33c9 100644
--- a/phpBB/index.php
+++ b/phpBB/index.php
@@ -49,12 +49,13 @@ else
//
if( $mark_read == "forums" )
{
+
$sql = "SELECT f.forum_id, t.topic_id
FROM " . FORUMS_TABLE . " f, " . TOPICS_TABLE . " t, " . POSTS_TABLE . " p
WHERE t.forum_id = f.forum_id
AND p.post_id = t.topic_last_post_id
AND p.post_time > " . $userdata['session_last_visit'] . "
- AND t.topic_moved_id = NULL";
+ AND t.topic_moved_id IS NULL";
if(!$t_result = $db->sql_query($sql))
{
message_die(GENERAL_ERROR, "Could not query new topic information", "", __LINE__, __FILE__, $sql);
@@ -238,6 +239,7 @@ if($total_categories = $db->sql_numrows($q_categories))
//
// Find which forums are visible for this user
//
+ $is_auth_ary = array();
$is_auth_ary = auth(AUTH_VIEW, AUTH_LIST_ALL, $userdata, $forum_rows);
$template->set_filenames(array(
diff --git a/phpBB/viewforum.php b/phpBB/viewforum.php
index 288e0a3535..23d5b15367 100644
--- a/phpBB/viewforum.php
+++ b/phpBB/viewforum.php
@@ -29,14 +29,14 @@ include($phpbb_root_path . 'common.'.$phpEx);
//
if( isset($HTTP_GET_VARS[POST_FORUM_URL]) || isset($HTTP_POST_VARS[POST_FORUM_URL]) )
{
- $forum_id = (isset($HTTP_GET_VARS[POST_FORUM_URL])) ? $HTTP_GET_VARS[POST_FORUM_URL] : $HTTP_POST_VARS[POST_FORUM_URL];
+ $forum_id = (isset($HTTP_GET_VARS[POST_FORUM_URL])) ? intval($HTTP_GET_VARS[POST_FORUM_URL]) : intval($HTTP_POST_VARS[POST_FORUM_URL]);
}
else
{
$forum_id = "";
}
-$start = (isset($HTTP_GET_VARS['start'])) ? $HTTP_GET_VARS['start'] : 0;
+$start = (isset($HTTP_GET_VARS['start'])) ? intval($HTTP_GET_VARS['start']) : 0;
if( isset($HTTP_GET_VARS['mark']) || isset($HTTP_POST_VARS['mark']) )
{
@@ -63,7 +63,7 @@ init_userprefs($userdata);
// Check if the user has actually sent a forum ID with his/her request
// If not give them a nice error page.
//
-if(isset($forum_id))
+if( isset($forum_id) )
{
$sql = "SELECT *
FROM " . FORUMS_TABLE . "
@@ -91,9 +91,10 @@ $forum_row = $db->sql_fetchrow($result);
//
// Start auth check
//
+$is_auth = array();
$is_auth = auth(AUTH_ALL, $forum_id, $userdata, $forum_row);
-if(!$is_auth['auth_read'] || !$is_auth['auth_view'])
+if( !$is_auth['auth_read'] || !$is_auth['auth_view'] )
{
//
// The user is not authed to read this forum ...
@@ -116,7 +117,7 @@ if( $mark_read == "topics" )
WHERE t.forum_id = $forum_id
AND p.post_id = t.topic_last_post_id
AND p.post_time > " . $userdata['session_last_visit'] . "
- AND t.topic_moved_id = NULL
+ AND t.topic_moved_id IS NULL
LIMIT $start, " . $board_config['topics_per_page'];
if(!$t_result = $db->sql_query($sql))
{
@@ -487,13 +488,15 @@ if($total_topics)
if($topic_rowset[$i]['topic_status'] == TOPIC_LOCKED)
{
$folder_image = "![\""](\"")
";
+ $newest_post_img = "";
}
else if($topic_rowset[$i]['topic_status'] == TOPIC_MOVED)
{
$topic_type = $lang['Topic_Moved'] . " ";
$topic_id = $topic_rowset[$i]['topic_moved_id'];
+
+ $folder_image = "![\""](\"$folder\")
";
$newest_post_img = "";
- $folder_image = "";
}
else
{
diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php
index d1859b96ab..f58133b066 100644
--- a/phpBB/viewtopic.php
+++ b/phpBB/viewtopic.php
@@ -30,14 +30,14 @@ include($phpbb_root_path . 'includes/bbcode.'.$phpEx);
//
if(isset($HTTP_GET_VARS[POST_TOPIC_URL]))
{
- $topic_id = $HTTP_GET_VARS[POST_TOPIC_URL];
+ $topic_id = intval($HTTP_GET_VARS[POST_TOPIC_URL]);
}
if(isset($HTTP_GET_VARS[POST_POST_URL]))
{
- $post_id = $HTTP_GET_VARS[POST_POST_URL];
+ $post_id = intval($HTTP_GET_VARS[POST_POST_URL]);
}
-$start = (isset($HTTP_GET_VARS['start'])) ? $HTTP_GET_VARS['start'] : 0;
+$start = ( isset($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0;
//
// End initial var setup
//
@@ -182,6 +182,7 @@ if(!empty($post_id))
//
// Start auth check
//
+$is_auth = array();
$is_auth = auth(AUTH_ALL, $forum_id, $userdata, $forum_row);
if(!$is_auth['auth_view'] || !$is_auth['auth_read'])
@@ -922,17 +923,17 @@ for($i = 0; $i < $total_posts; $i++)
//
// User authorisation levels output
//
-$s_auth_can = $lang['You'] . " " . ( ($is_auth['auth_read']) ? $lang['can'] : $lang['cannot'] ) . " " . $lang['read_posts'] . "
";
-$s_auth_can .= $lang['You'] . " " . ( ($is_auth['auth_post']) ? $lang['can'] : $lang['cannot'] ) . " " . $lang['post_topics'] . "
";
+$s_auth_can = $lang['You'] . " " . ( ($is_auth['auth_post']) ? $lang['can'] : $lang['cannot'] ) . " " . $lang['post_topics'] . "
";
$s_auth_can .= $lang['You'] . " " . ( ($is_auth['auth_reply']) ? $lang['can'] : $lang['cannot'] ) . " " . $lang['reply_posts'] . "
";
$s_auth_can .= $lang['You'] . " " . ( ($is_auth['auth_edit']) ? $lang['can'] : $lang['cannot'] ) . " " . $lang['edit_posts'] . "
";
$s_auth_can .= $lang['You'] . " " . ( ($is_auth['auth_delete']) ? $lang['can'] : $lang['cannot'] ) . " " . $lang['delete_posts'] . "
";
+$s_auth_can .= $lang['You'] . " " . ( ($is_auth['auth_vote']) ? $lang['can'] : $lang['cannot'] ) . " " . $lang['vote_polls'] . "
";
/*
-$s_auth_read_img = "";
$s_auth_post_img = "";
$s_auth_reply_img = "";
$s_auth_edit_img = "";
$s_auth_delete_img = "";
+$s_auth_delete_img = "";
*/
if( $is_auth['auth_mod'] )