- adjust unread query a bit to cope with large topics (thanks bart!)

- fixing some bugs - more username_clean work git-svn-id: file:///svn/phpbb/trunk@6513 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-06-28 06:08:52 +00:00 · 2006-10-20 13:48:44 +00:00 · 2006-10-20 13:48:44 +00:00 · f4da66a932
commit f4da66a932
parent b572e0db8f
19 changed files with 94 additions and 64 deletions
--- a/phpBB/includes/acp/acp_email.php
+++ b/phpBB/includes/acp/acp_email.php
@ -28,7 +28,7 @@ class acp_email
 		$submit = (isset($_POST['submit'])) ? true : false;
 		$error = array();
-		$usernames	= request_var('usernames', '');
+		$usernames	= request_var('usernames', '', true);
 		$group_id	= request_var('g', 0);
 		$subject	= request_var('subject', '', true);
 		$message	= request_var('message', '', true);
@ -57,7 +57,7 @@ class acp_email
 				{
 					$sql = 'SELECT username, user_email, user_jabber, user_notify_type, user_lang 
 						FROM ' . USERS_TABLE . '
-						WHERE ' . $db->sql_in_set('username', explode("\n", $usernames)) . '
+						WHERE ' . $db->sql_in_set('username_clean', array_map('utf8_clean_string', explode("\n", $usernames))) . '
 							AND user_allow_massemail = 1
 						ORDER BY user_lang, user_notify_type'; // , SUBSTRING(user_email FROM INSTR(user_email, '@'))
 				}
--- a/phpBB/includes/acp/acp_groups.php
+++ b/phpBB/includes/acp/acp_groups.php
@ -30,7 +30,7 @@ class acp_groups
 		$action		= (isset($_POST['add'])) ? 'add' : ((isset($_POST['addusers'])) ? 'addusers' : request_var('action', ''));
 		$group_id	= request_var('g', 0);
 		$mark_ary	= request_var('mark', array(0));
-		$name_ary	= request_var('usernames', '');
+		$name_ary	= request_var('usernames', '', true);
 		$leader		= request_var('leader', 0);
 		$default	= request_var('default', 0);
 		$start		= request_var('start', 0);
--- a/phpBB/includes/acp/acp_permissions.php
+++ b/phpBB/includes/acp/acp_permissions.php
@ -59,8 +59,8 @@ class acp_permissions
 		$subforum_id = request_var('subforum_id', 0);
 		$forum_id = request_var('forum_id', array(0));
-		$username = request_var('username', array(''));
+		$username = request_var('username', array(''), true);
-		$usernames = request_var('usernames', '');
+		$usernames = request_var('usernames', '', true);
 		$user_id = request_var('user_id', array(0));
 		$group_id = request_var('group_id', array(0));
--- a/phpBB/includes/acp/acp_prune.php
+++ b/phpBB/includes/acp/acp_prune.php
@ -196,17 +196,18 @@ class acp_prune
 		{
 			if (confirm_box(true))
 			{
-				$users = request_var('users', '');
+				$users = request_var('users', '', true);
 				$action = request_var('action', 'deactivate');
 				$deleteposts = request_var('deleteposts', 0);
 				if ($users)
 				{
-					$where_sql = ' AND ' . $db->sql_in_set('username', explode("\n", $users));
+					$users = explode("\n", $users);
 					$where_sql = ' AND ' . $db->sql_in_set('username_clean', array_map('utf8_clean_string', $users));
 				}
 				else
 				{
-					$username = request_var('username', '');
+					$username = request_var('username', '', true);
 					$email = request_var('email', '');
 					$joined_select = request_var('joined_select', 'lt');
@ -224,7 +225,7 @@ class acp_prune
 					$sort_by_types = array('username', 'user_email', 'user_posts', 'user_regdate', 'user_lastvisit');
 					$where_sql = '';
-					$where_sql .= ($username) ? " AND username LIKE '" . $db->sql_escape(str_replace('*', '%', $username)) . "'" : '';
+					$where_sql .= ($username) ? " AND username_clean LIKE '" . $db->sql_escape(str_replace('*', '%', utf8_clean_string($username))) . "'" : '';
 					$where_sql .= ($email) ? " AND user_email LIKE '" . $db->sql_escape(str_replace('*', '%', $email)) . "' " : '';
 					$where_sql .= (sizeof($joined)) ? " AND user_regdate " . $key_match[$joined_select] . ' ' . gmmktime(0, 0, 0, (int) $joined[1], (int) $joined[2], (int) $joined[0]) : '';
 					$where_sql .= ($count) ? " AND user_posts " . $key_match[$count_select] . " $count " : '';
@ -244,7 +245,8 @@ class acp_prune
 				$db->sql_freeresult($result);
 				// Do not prune founder members
-				$sql = 'SELECT username, user_id FROM ' . USERS_TABLE . '
+				$sql = 'SELECT user_id, username
 					FROM ' . USERS_TABLE . '
 					WHERE user_id <> ' . ANONYMOUS . '
 						AND user_type <> ' . USER_FOUNDER . "
 					$where_sql";
@ -305,7 +307,7 @@ class acp_prune
 					'prune'			=> 1,
 					'users'			=> request_var('users', ''),
-					'username'		=> request_var('username', ''),
+					'username'		=> request_var('username', '', true),
 					'email'			=> request_var('email', ''),
 					'joined_select'	=> request_var('joined_select', ''),
 					'joined'		=> request_var('joined', ''),
--- a/phpBB/includes/acp/acp_users.php
+++ b/phpBB/includes/acp/acp_users.php
@ -34,7 +34,7 @@ class acp_users
 		include($phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx);
 		$error		= array();
-		$username	= request_var('username', '');
+		$username	= request_var('username', '', true);
 		$user_id	= request_var('u', 0);
 		$action		= request_var('action', '');
@ -86,7 +86,7 @@ class acp_users
 		{
 			$sql = 'SELECT user_id
 				FROM ' . USERS_TABLE . "
-				WHERE username = '" . $db->sql_escape($username) . "'";
+				WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
 			$result = $db->sql_query($sql);
 			$user_id = (int) $db->sql_fetchfield('user_id');
 			$db->sql_freeresult($result);
@ -736,6 +736,7 @@ class acp_users
 						if ($update_username !== false)
 						{
 							$sql_ary['username'] = $update_username;
 							$sql_ary['username_clean'] = utf8_clean_string($update_username);
 							add_log('user', $user_id, 'LOG_USER_UPDATE_NAME', $user_row['username'], $update_username);
 						}
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@ -291,6 +291,23 @@ function user_delete($mode, $user_id, $post_username = false)
 				SET topic_last_poster_id = ' . ANONYMOUS . ", topic_last_poster_name = '" . $db->sql_escape($post_username) . "', topic_last_poster_colour = ''
 				WHERE topic_last_poster_id = $user_id";
 			$db->sql_query($sql);
 			// Since we change every post by this author, we need to count this amount towards the anonymous user
 			$sql = 'SELECT user_posts
 				FROM ' . USERS_TABLE . '
 				WHERE user_id = ' . $user_id;
 			$result = $db->sql_query($sql);
 			$num_posts = (int) $db->sql_fetchfield('user_posts');
 			$db->sql_freeresult($result);
 			// Update the post count for the anonymous user
 			if ($num_posts)
 			{
 				$sql = 'UPDATE ' . USERS_TABLE . '
 					SET user_posts = user_posts + ' . $num_posts . '
 					WHERE user_id = ' . ANONYMOUS;
 				$db->sql_query($sql);
 			}
 		break;
 		case 'remove':
--- a/phpBB/includes/mcp/mcp_notes.php
+++ b/phpBB/includes/mcp/mcp_notes.php
@ -68,13 +68,13 @@ class mcp_notes
 		global $template, $db, $user, $auth;
 		$user_id = request_var('u', 0);
-		$username = request_var('username', '');
+		$username = request_var('username', '', true);
 		$start = request_var('start', 0);
 		$st	= request_var('st', 0);
 		$sk	= request_var('sk', 'b');
 		$sd	= request_var('sd', 'd');
-		$sql_where = ($user_id) ? "user_id = $user_id" : "username = '" . $db->sql_escape($username) . "'";
+		$sql_where = ($user_id) ? "user_id = $user_id" : "username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
 		$sql = 'SELECT *
 			FROM ' . USERS_TABLE . "
--- a/phpBB/includes/mcp/mcp_post.php
+++ b/phpBB/includes/mcp/mcp_post.php
@ -59,8 +59,8 @@ function mcp_post_details($id, $mode, $action)
 			if ($action == 'chgposter')
 			{
-				$username = request_var('username', '');
+				$username = request_var('username', '', true);
-				$sql_where = "username = '" . $db->sql_escape($username) . "'";
+				$sql_where = "username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
 			}
 			else
 			{
--- a/phpBB/includes/mcp/mcp_warn.php
+++ b/phpBB/includes/mcp/mcp_warn.php
@ -310,11 +310,11 @@ function mcp_warn_user_view($id, $mode, $action)
 	global $template, $db, $user, $auth;
 	$user_id = request_var('u', 0);
-	$username = request_var('username', '');
+	$username = request_var('username', '', true);
 	$notify = (isset($_REQUEST['notify_user'])) ? true : false;
 	$warning = request_var('warning', '', true);
-	$sql_where = ($user_id) ? "user_id = $user_id" : "username = '" . $db->sql_escape($username) . "'";
+	$sql_where = ($user_id) ? "user_id = $user_id" : "username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
 	$sql = 'SELECT *
 		FROM ' . USERS_TABLE . '
--- a/phpBB/includes/ucp/ucp_groups.php
+++ b/phpBB/includes/ucp/ucp_groups.php
@ -863,7 +863,7 @@ class ucp_groups
 						$user->add_lang(array('acp/groups', 'acp/common'));
-						$name_ary = request_var('usernames', '');
+						$name_ary = request_var('usernames', '', true);
 						if (!$group_id)
 						{
--- a/phpBB/includes/ucp/ucp_pm_compose.php
+++ b/phpBB/includes/ucp/ucp_pm_compose.php
@ -884,8 +884,8 @@ function handle_message_list_actions(&$address_list, $remove_u, $remove_g, $add_
 		$user_id_ary = array();
 		// Build usernames to add
-		$usernames = (isset($_REQUEST['username'])) ? array(request_var('username', '')) : array();
+		$usernames = (isset($_REQUEST['username'])) ? array(request_var('username', '', true)) : array();
-		$username_list = request_var('username_list', '');
+		$username_list = request_var('username_list', '', true);
 		if ($username_list)
 		{
 			$usernames = array_merge($usernames, explode("\n", $username_list));
--- a/phpBB/includes/ucp/ucp_profile.php
+++ b/phpBB/includes/ucp/ucp_profile.php
@ -98,6 +98,7 @@ class ucp_profile
 					{
 						$sql_ary = array(
 							'username'			=> ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? $username : $user->data['username'],
 							'username_clean'	=> ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? utf8_clean_string($username) : $user->data['username_clean'],
 							'user_email'		=> ($auth->acl_get('u_chgemail')) ? $email : $user->data['user_email'],
 							'user_email_hash'	=> ($auth->acl_get('u_chgemail')) ? crc32(strtolower($email)) . strlen($email) : $user->data['user_email_hash'],
 							'user_password'		=> ($auth->acl_get('u_chgpasswd') && $new_password) ? md5($new_password) : $user->data['user_password'],
--- a/phpBB/includes/ucp/ucp_remind.php
+++ b/phpBB/includes/ucp/ucp_remind.php
@ -22,7 +22,7 @@ class ucp_remind
 		global $config, $phpbb_root_path, $phpEx;
 		global $db, $user, $auth, $template;
-		$username	= request_var('username', '');
+		$username	= request_var('username', '', true);
 		$email		= request_var('email', '');
 		$submit		= (isset($_POST['submit'])) ? true : false;
--- a/phpBB/includes/ucp/ucp_resend.php
+++ b/phpBB/includes/ucp/ucp_resend.php
@ -22,7 +22,7 @@ class ucp_resend
 		global $config, $phpbb_root_path, $phpEx;
 		global $db, $user, $auth, $template;
-		$username	= request_var('username', '');
+		$username	= request_var('username', '', true);
 		$email		= request_var('email', '');
 		$submit		= (isset($_POST['submit'])) ? true : false;
--- a/phpBB/mcp.php
+++ b/phpBB/mcp.php
@ -72,7 +72,7 @@ $post_id = request_var('p', 0);
 $topic_id = request_var('t', 0);
 $forum_id = request_var('f', 0);
 $user_id = request_var('u', 0);
-$username = request_var('username', '');
+$username = request_var('username', '', true);
 if ($post_id)
 {
--- a/phpBB/memberlist.php
+++ b/phpBB/memberlist.php
@ -25,7 +25,7 @@ $user->setup(array('memberlist', 'groups'));
 $mode		= request_var('mode', '');
 $action		= request_var('action', '');
 $user_id	= request_var('u', ANONYMOUS);
-$username	= request_var('un', '');
+$username	= request_var('un', '', true);
 $group_id	= request_var('g', 0);
 $topic_id	= request_var('t', 0);
@ -814,7 +814,7 @@ switch ($mode)
 		if ($mode == 'searchuser' && ($config['load_search'] || $auth->acl_get('a_')))
 		{
-			$username	= request_var('username', '');
+			$username	= request_var('username', '', true);
 			$email		= request_var('email', '');
 			$icq		= request_var('icq', '');
 			$aim		= request_var('aim', '');
@ -856,7 +856,7 @@ switch ($mode)
 				$s_find_active_time .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>';
 			}
-			$sql_where .= ($username) ? " AND u.username LIKE '" . str_replace('*', '%', $db->sql_escape($username)) . "'" : '';
+			$sql_where .= ($username) ? " AND u.username_clean LIKE '" . str_replace('*', '%', $db->sql_escape(utf8_clean_string($username))) . "'" : '';
 			$sql_where .= ($email) ? " AND u.user_email LIKE '" . str_replace('*', '%', $db->sql_escape($email)) . "' " : '';
 			$sql_where .= ($icq) ? " AND u.user_icq LIKE '" . str_replace('*', '%', $db->sql_escape($icq)) . "' " : '';
 			$sql_where .= ($aim) ? " AND u.user_aim LIKE '" . str_replace('*', '%', $db->sql_escape($aim)) . "' " : '';
--- a/phpBB/posting.php
+++ b/phpBB/posting.php
@ -536,7 +536,7 @@ if ($submit || $preview || $refresh)
 	$post_data['post_subject'] = request_var('subject', '', true);
 	$message_parser->message = request_var('message', '', true);
-	$post_data['username']			= request_var('username', $post_data['username']);
+	$post_data['username']			= request_var('username', $post_data['username'], true);
 	$post_data['post_edit_reason']	= (!empty($_POST['edit_reason']) && $mode == 'edit' && $auth->acl_get('m_edit', $forum_id)) ? request_var('edit_reason', '', true) : '';
 	$post_data['topic_type']		= request_var('topic_type', (($mode != 'post') ? (int) $post_data['topic_type'] : POST_NORMAL));
@ -574,6 +574,8 @@ if ($submit || $preview || $refresh)
 	// Delete Poll
 	if ($poll_delete && $mode == 'edit' && sizeof($post_data['poll_options']) && 
 		((!$post_data['poll_last_vote'] && $post_data['poster_id'] == $user->data['user_id'] && $auth->acl_get('f_delete', $forum_id)) || $auth->acl_get('m_delete', $forum_id)))
 	{
 		if ($submit)
 		{
 			$sql = 'DELETE FROM ' . POLL_OPTIONS_TABLE . "
 				WHERE topic_id = $topic_id";
@ -596,6 +598,7 @@ if ($submit || $preview || $refresh)
 				SET ' . $db->sql_build_array('UPDATE', $topic_sql) . "
 				WHERE topic_id = $topic_id";
 			$db->sql_query($sql);
 		}
 		$post_data['poll_title'] = $post_data['poll_option_text'] = '';
 		$post_data['poll_vote_change'] = $post_data['poll_max_options'] = $post_data['poll_length'] = 0;
@ -954,7 +957,7 @@ if (!sizeof($error) && $preview)
 	$preview_subject = censor_text($post_data['post_subject']);
 	// Poll Preview
-	if (($mode == 'post' || ($mode == 'edit' && $post_id == $post_data['topic_first_post_id'] && (!$post_data['poll_last_vote'] || $auth->acl_get('m_edit', $forum_id))))
+	if (!$poll_delete && ($mode == 'post' || ($mode == 'edit' && $post_id == $post_data['topic_first_post_id'] && (!$post_data['poll_last_vote'] || $auth->acl_get('m_edit', $forum_id))))
 	&& $auth->acl_get('f_poll', $forum_id))
 	{
 		$parse_poll = new parse_message($post_data['poll_title']);
@ -1230,6 +1233,7 @@ if (($mode == 'post' || ($mode == 'edit' && $post_id == $post_data['topic_first_
 		'S_SHOW_POLL_BOX'		=> true,
 		'S_POLL_VOTE_CHANGE'	=> ($auth->acl_get('f_votechg', $forum_id)),
 		'S_POLL_DELETE'			=> ($mode == 'edit' && sizeof($post_data['poll_options']) && ((!$post_data['poll_last_vote'] && $post_data['poster_id'] == $user->data['user_id'] && $auth->acl_get('f_delete', $forum_id)) || $auth->acl_get('m_delete', $forum_id))),
 		'S_POLL_DELETE_CHECKED'	=> (!empty($poll_delete)) ? true : false,
 		'L_POLL_OPTIONS_EXPLAIN'	=> sprintf($user->lang['POLL_OPTIONS_EXPLAIN'], $config['max_poll_options']),
--- a/phpBB/styles/subSilver/template/posting_poll_body.html
+++ b/phpBB/styles/subSilver/template/posting_poll_body.html
@ -18,7 +18,7 @@
 	<td class="row2"><input class="post" type="text" name="poll_max_options" size="3" maxlength="3" value="{POLL_MAX_OPTIONS}" /></td>
 </tr>
 <tr>
-	<td class="row1"><b class="genmed">{L_POLL_FOR}</b></td>
+	<td class="row1"><b class="genmed">{L_POLL_FOR}:</b></td>
 	<td class="row2"><input class="post" type="text" name="poll_length" size="3" maxlength="3" value="{POLL_LENGTH}" />&nbsp;<b class="gen">{L_DAYS}</b> <span class="gensmall">{L_POLL_FOR_EXPLAIN}</span></td>
 </tr>
 <!-- IF S_POLL_VOTE_CHANGE -->
@ -30,7 +30,7 @@
 <!-- IF S_POLL_DELETE -->
 	<tr>
-		<td class="row1"><b class="genmed">{L_POLL_DELETE}</b></td>
+		<td class="row1"><b class="genmed">{L_POLL_DELETE}:</b></td>
-		<td class="row2"><input type="checkbox" class="radio" name="poll_delete" /></td>
+		<td class="row2"><input type="checkbox" class="radio" name="poll_delete"<!-- IF S_POLL_DELETE_CHECKED --> checked="checked"<!-- ENDIF --> /></td>
 	</tr>
 <!-- ENDIF -->
--- a/phpBB/viewtopic.php
+++ b/phpBB/viewtopic.php
@ -69,27 +69,32 @@ if ($view && !$post_id)
 		$topic_last_read = (isset($topic_tracking_info[$topic_id])) ? $topic_tracking_info[$topic_id] : 0;
-		$sql = 'SELECT p.post_id, p.topic_id, p.forum_id
+		$sql = 'SELECT post_id, topic_id, forum_id
-			FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . " t
+			FROM ' . POSTS_TABLE . "
-			WHERE t.topic_id = $topic_id
+			WHERE topic_id = $topic_id
-				AND p.topic_id = t.topic_id
+				" . (($auth->acl_get('m_approve', $forum_id)) ? '' : 'AND post_approved = 1') . "
-				" . (($auth->acl_get('m_approve', $forum_id)) ? '' : 'AND p.post_approved = 1') . "
+				AND post_time > $topic_last_read
-				AND (p.post_time > $topic_last_read
+			ORDER BY post_time ASC";
 					OR p.post_id = t.topic_last_post_id)
 			ORDER BY p.post_time ASC";
 		$result = $db->sql_query_limit($sql, 1);
 		$row = $db->sql_fetchrow($result);
 		$db->sql_freeresult($result);
 		if (!$row)
 		{
 			$sql = 'SELECT topic_last_post_id as post_id, topic_id, forum_id
 				FROM ' . TOPICS_TABLE . '
 				WHERE topic_id = ' . $topic_id;
 			$result = $db->sql_query($sql);
 			$row = $db->sql_fetchrow($result);
 			$db->sql_freeresult($result);
 		}
 		if (!$row)
 		{
 			// Setup user environment so we can process lang string
 			$user->setup('viewtopic');
-			$redirect = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&amp;t=$topic_id");
+			trigger_error('NO_TOPIC');
 			meta_refresh(3, $redirect);
 			trigger_error($user->lang['NO_UNREAD_POSTS'] . '<br /><br />' . sprintf($user->lang['RETURN_TOPIC'], '<a href="' . $redirect . '">', '</a>'));
 		}
 		$post_id = $row['post_id'];