More slash slashing ... this does require magic_quotes_gpc be on though ...

git-svn-id: file:///svn/phpbb/trunk@364 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-07-25 19:38:53 +00:00 · 2001-05-28 17:02:27 +00:00 · 2001-05-28 17:02:27 +00:00 · f3024c3d67
commit f3024c3d67
parent e0f263dd0d
1 changed files with 51 additions and 50 deletions
--- a/phpBB/profile.php
+++ b/phpBB/profile.php
@ -309,36 +309,37 @@ if(isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']))
 				$email = $l_hidden;
 			}
 			$template->assign_vars(array(
 				"L_VIEWING_PROFILE" => $l_viewing_profile, 
 				"USERNAME" => stripslashes($profiledata['username']),
 				"JOINED" => create_date($board_config['default_dateformat'], $profiledata['user_regdate'], $board_config['default_timezone']),
 				"POSTS_PER_DAY" => $posts_per_day,
 				"POSTS" => $profiledata['user_posts'],
 				"PERCENTAGE" => $percentage . "%",
 				"EMAIL" => $email,
 				"ICQ" => stripslashes($profiledata['user_icq']),
 				"AIM" => stripslashes($profiledata['user_aim']),
 				"MSN" => stripslashes($profiledata['user_msnm']),
 				"L_YAHOO" => stripslashes($l_yahoo),
 				"YIM" => stripslashes($profiledata['user_yim']),
 				"WEBSITE" => "<a href=\"".stripslashes($profiledata['user_website'])."\" target=\"_blank\">".stripslashes($profiledata['user_website'])."</a>",
 				"LOCATION" => stripslashes($profiledata['user_from']),
 				"OCCUPATION" => stripslashes($profiledata['user_occ']),
 				"INTERESTS" => stripslashes($profiledata['user_interests']),
 				"L_VIEWING_PROFILE" => $l_viewing_profile, 
 				"L_USERNAME" => $l_username,
 				"L_VIEW_USERS_POSTS" => $l_view_users_posts,
 				"L_JOINED" => $l_joined,
 				"JOINED" => create_date($board_config['default_dateformat'], $profiledata['user_regdate'], $board_config['default_timezone']),
 				"POSTS_PER_DAY" => $posts_per_day,
 				"L_PER_DAY" => $l_per_day,
 				"POSTS" => $profiledata['user_posts'],
 				"PERCENTAGE" => $percentage . "%",
 				"L_OF_TOTAL" => $l_of_total,
 				"L_EMAIL_ADDRESS" => $l_emailaddress,
 				"EMAIL" => $email,
 				"L_ICQ_NUMBER" => $l_icq_number,
 				"ICQ" => $profiledata['user_icq'],
 				"L_AIM" => $l_aim,
 				"AIM" => $profiledata['user_aim'],
 				"L_MESSENGER" => $l_messenger,
 				"MSN" => $profiledata['user_msnm'],
 				"L_YAHOO" => $l_yahoo,
 				"YIM" => $profiledata['user_yim'],
 				"L_WEBSITE" => $l_website,
-				"WEBSITE" => "<a href=\"".$profiledata['user_website']."\" target=\"_blank\">".$profiledata['user_website']."</a>",
+				"L_MESSENGER" => $l_messenger,
 				"L_LOCATION" => $l_from,
 				"LOCATION" => stripslashes($profiledata['user_from']),
 				"L_OCCUPATION" => $l_occupation,
 				"OCCUPATION" => stripslashes($profiledata['user_occ']),
 				"L_INTERESTS" => $l_interests,
-				"INTERESTS" => stripslashes($profiledata['user_interests']),
+
 				"S_PROFILE_ACTION" => append_sid("profile.$phpEx"))
 			);
@ -373,15 +374,15 @@ if(isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']))
 				$password_confirm = (!empty($HTTP_POST_VARS['password_confirm'])) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['password_confirm']))) : "";
 				$icq = (!empty($HTTP_POST_VARS['icq'])) ? trim(strip_tags($HTTP_POST_VARS['icq'])) : "";
-				$aim = (!empty($HTTP_POST_VARS['aim'])) ? trim(strip_tags(addslashes($HTTP_POST_VARS['aim']))) : "";
+				$aim = (!empty($HTTP_POST_VARS['aim'])) ? trim(strip_tags($HTTP_POST_VARS['aim'])) : "";
-				$msn = (!empty($HTTP_POST_VARS['msn'])) ? trim(strip_tags(addslashes($HTTP_POST_VARS['msn']))) : "";
+				$msn = (!empty($HTTP_POST_VARS['msn'])) ? trim(strip_tags($HTTP_POST_VARS['msn'])) : "";
-				$yim = (!empty($HTTP_POST_VARS['yim'])) ? trim(strip_tags(addslashes($HTTP_POST_VARS['yim']))) : "";
+				$yim = (!empty($HTTP_POST_VARS['yim'])) ? trim(strip_tags($HTTP_POST_VARS['yim'])) : "";
-				$website = (!empty($HTTP_POST_VARS['website'])) ? trim(strip_tags(addslashes($HTTP_POST_VARS['website']))) : "";
+				$website = (!empty($HTTP_POST_VARS['website'])) ? trim(strip_tags($HTTP_POST_VARS['website'])) : "";
-				$location = (!empty($HTTP_POST_VARS['location'])) ? trim(strip_tags(addslashes($HTTP_POST_VARS['location']))) : "";
+				$location = (!empty($HTTP_POST_VARS['location'])) ? trim(strip_tags($HTTP_POST_VARS['location'])) : "";
-				$occupation = (!empty($HTTP_POST_VARS['occupation'])) ? trim(strip_tags(addslashes($HTTP_POST_VARS['occupation']))) : "";
+				$occupation = (!empty($HTTP_POST_VARS['occupation'])) ? trim(strip_tags($HTTP_POST_VARS['occupation'])) : "";
-				$interests = (!empty($HTTP_POST_VARS['interests'])) ? trim(addslashes($HTTP_POST_VARS['interests'])) : "";
+				$interests = (!empty($HTTP_POST_VARS['interests'])) ? trim($HTTP_POST_VARS['interests']) : "";
-				$signature = (!empty($HTTP_POST_VARS['signature'])) ? trim(addslashes(str_replace("<br />", "\n", $HTTP_POST_VARS['signature']))) : "";
+				$signature = (!empty($HTTP_POST_VARS['signature'])) ? trim(str_replace("<br />", "\n", $HTTP_POST_VARS['signature'])) : "";
 				$viewemail = $HTTP_POST_VARS['viewemail'];
 				$attachsig = $HTTP_POST_VARS['attachsig'];
@ -555,21 +556,21 @@ if(isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']))
 			else
 			{
 				$user_id = $userdata['user_id'];
-				$username = stripslashes($userdata['username']);
+				$username = $userdata['username'];
-				$email = stripslashes($userdata['user_email']);
+				$email = $userdata['user_email'];
 				$password = "";
 				$password_confirm = "";
-				$icq = stripslashes($userdata['user_icq']);
+				$icq = $userdata['user_icq'];
-				$aim = stripslashes($userdata['user_aim']);
+				$aim = $userdata['user_aim'];
-				$msn = stripslashes($userdata['user_msnm']);
+				$msn = $userdata['user_msnm'];
-				$yim = stripslashes($userdata['user_yim']);
+				$yim = $userdata['user_yim'];
-				$website = stripslashes($userdata['user_website']);
+				$website = $userdata['user_website'];
-				$location = stripslashes($userdata['user_from']);
+				$location = $userdata['user_from'];
-				$occupation = stripslashes($userdata['user_occ']);
+				$occupation = $userdata['user_occ'];
-				$interests = stripslashes($userdata['user_interests']);
+				$interests = $userdata['user_interests'];
-				$signature = stripslashes(str_replace("<br />", "\n", $userdata['user_sig']));
+				$signature = $userdata['user_sig'];
 				$viewemail = $userdata['user_viewemail'];
 				$attachsig = $userdata['user_attachsig'];
@ -577,12 +578,12 @@ if(isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']))
 				$allowbbcode = $userdata['user_allowbbcode'];
 				$allowsmilies = $userdata['user_allowsmile'];
-				$user_avatar = stripslashes($userdata['user_avatar']);
+				$user_avatar = $userdata['user_avatar'];
 				$user_theme = $userdata['user_theme'];
 				$user_lang = $userdata['user_lang'];
 				$user_timezone = $userdata['user_timezone'];
 				$user_template = $userdata['user_template'];
-				$user_dateformat = stripslashes($userdata['user_dateformat']);
+				$user_dateformat = $userdata['user_dateformat'];
 			}
 			$template->set_filenames(array(
@ -599,17 +600,17 @@ if(isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']))
 				"COPPA" => 0,
 				"MODE" => $mode,
 				"USER_ID" => $userdata['user_id'],
-				"USERNAME" => $username,
+				"USERNAME" => stripslashes($username),
-				"EMAIL" => $email,
+				"EMAIL" => stripslashes($email),
-				"YIM" => $yim,
+				"YIM" => stripslashes($yim),
-				"ICQ" => $icq,
+				"ICQ" => stripslashes($icq),
-				"MSN" => $msn,
+				"MSN" => stripslashes($msn),
-				"AIM" => $aim,
+				"AIM" => stripslashes($aim),
-				"OCCUPATION" => $occupation,
+				"OCCUPATION" => stripslashes($occupation),
-				"INTERESTS" => $interests,
+				"INTERESTS" => stripslashes($interests),
-				"LOCATION" => $location,
+				"LOCATION" => stripslashes($location),
-				"WEBSITE" => $website,
+				"WEBSITE" => stripslashes($website),
-				"SIGNATURE" => $signature,
+				"SIGNATURE" => stripslashes(str_replace("<br />", "\n", $signature)),
 				"VIEW_EMAIL_YES" => ($viewemail) ? "CHECKED" : "",
 				"VIEW_EMAIL_NO" => (!$viewemail) ? "CHECKED" : "",
 				"ALWAYS_ADD_SIGNATURE_YES" => ($attachsig) ? "CHECKED" : "",
@ -626,7 +627,7 @@ if(isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']))
 				"LANGUAGE_SELECT" => language_select($user_lang),
 				"THEME_SELECT" => theme_select($user_theme),
 				"TIMEZONE_SELECT" => tz_select($user_timezone),
-				"DATE_FORMAT" => $user_dateformat,
+				"DATE_FORMAT" => stripslashes($user_dateformat),
 				"TEMPLATE_SELECT" => template_select($user_template),
 				"L_PASSWORD_IF_CHANGED" => $l_password_if_changed,