File: '.$file.'
'."\n\t\t".'
Line: '.$line.'
'."\n\t\t".'
FluxBB reported : '.$message."\n";
@@ -1627,7 +1635,7 @@ function remove_bad_characters($array)
$array = utf8_bad_strip($array);
// Remove control characters
- $array = preg_replace('/[\x{00}-\x{08}\x{0b}-\x{0c}\x{0e}-\x{1f}]/', '', $array);
+ $array = preg_replace('%[\x00-\x08\x0b-\x0c\x0e-\x1f]%', '', $array);
// Replace some "bad" characters
$array = str_replace(array_keys($bad_utf8_chars), array_values($bad_utf8_chars), $array);
@@ -1641,12 +1649,14 @@ function remove_bad_characters($array)
//
function file_size($size)
{
+ global $lang_common;
+
$units = array('B', 'KiB', 'MiB', 'GiB', 'TiB', 'PiB', 'EiB');
for ($i = 0; $size > 1024; $i++)
$size /= 1024;
- return round($size, 2).' '.$units[$i];
+ return sprintf($lang_common['Size unit '.$units[$i]], round($size, 2));
}
@@ -1736,10 +1746,12 @@ function forum_list_plugins($is_admin)
$suffix = substr($entry, strlen($entry) - 4);
if ($suffix == '.php' && ((!$is_admin && $prefix == 'AMP') || ($is_admin && ($prefix == 'AP' || $prefix == 'AMP'))))
- $plugins[] = array(substr($entry, strpos($entry, '_') + 1, -4), $entry);
+ $plugins[$entry] = substr($entry, strpos($entry, '_') + 1, -4);
}
$d->close();
+ natcasesort($plugins);
+
return $plugins;
}
@@ -1747,37 +1759,87 @@ function forum_list_plugins($is_admin)
//
// Split text into chunks ($inside contains all text inside $start and $end, and $outside contains all text outside)
//
-function split_text($text, $start, $end, &$errors, $retab = true)
+function split_text($text, $start, $end, $retab = true)
{
global $pun_config, $lang_common;
- $tokens = explode($start, $text);
+ $result = array(0 => array(), 1 => array()); // 0 = inside, 1 = outside
- $outside[] = $tokens[0];
+ // split the text into parts
+ $parts = preg_split('%'.preg_quote($start, '%').'(.*)'.preg_quote($end, '%').'%Us', $text, -1, PREG_SPLIT_DELIM_CAPTURE);
+ $num_parts = count($parts);
- $num_tokens = count($tokens);
- for ($i = 1; $i < $num_tokens; ++$i)
+ // preg_split results in outside parts having even indices, inside parts having odd
+ for ($i = 0;$i < $num_parts;$i++)
+ $result[1 - ($i % 2)][] = $parts[$i];
+
+ if ($pun_config['o_indent_num_spaces'] != 8 && $retab)
{
- $temp = explode($end, $tokens[$i]);
+ $spaces = str_repeat(' ', $pun_config['o_indent_num_spaces']);
+ $result[1] = str_replace("\t", $spaces, $result[1]);
+ }
+
+ return $result;
+}
- if (count($temp) != 2)
+
+//
+// Extract blocks from a text with a starting and ending string
+// This function always matches the most outer block so nesting is possible
+//
+function extract_blocks($text, $start, $end, $retab = true)
+{
+ global $pun_config;
+
+ $code = array();
+ $start_len = strlen($start);
+ $end_len = strlen($end);
+ $regex = '%(?:'.preg_quote($start, '%').'|'.preg_quote($end, '%').')%';
+ $matches = array();
+
+ if (preg_match_all($regex, $text, $matches))
+ {
+ $counter = $offset = 0;
+ $start_pos = $end_pos = false;
+
+ foreach ($matches[0] as $match)
{
- $errors[] = $lang_common['BBCode code problem'];
- return array(null, array($text));
+ if ($match == $start)
+ {
+ if ($counter == 0)
+ $start_pos = strpos($text, $start);
+ $counter++;
+ }
+ elseif ($match == $end)
+ {
+ $counter--;
+ if ($counter == 0)
+ $end_pos = strpos($text, $end, $offset + 1);
+ $offset = strpos($text, $end, $offset + 1);
+ }
+
+ if ($start_pos !== false && $end_pos !== false)
+ {
+ $code[] = substr($text, $start_pos + $start_len,
+ $end_pos - $start_pos - $start_len);
+ $text = substr_replace($text, "\1", $start_pos,
+ $end_pos - $start_pos + $end_len);
+ $start_pos = $end_pos = false;
+ $offset = 0;
+ }
}
- $inside[] = $temp[0];
- $outside[] = $temp[1];
}
if ($pun_config['o_indent_num_spaces'] != 8 && $retab)
{
$spaces = str_repeat(' ', $pun_config['o_indent_num_spaces']);
- $inside = str_replace("\t", $spaces, $inside);
+ $text = str_replace("\t", $spaces, $text);
}
- return array($inside, $outside);
+ return array($code, $text);
}
+
//
// function url_valid($url) {
//
@@ -1897,7 +1959,7 @@ function url_valid($url)
function ucp_preg_replace($pattern, $replace, $subject)
{
$replaced = preg_replace($pattern, $replace, $subject);
-
+
// If preg_replace() returns false, this probably means unicode support is not built-in, so we need to modify the pattern a little
if ($replaced === false)
{
@@ -1905,16 +1967,75 @@ function ucp_preg_replace($pattern, $replace, $subject)
{
foreach ($pattern as $cur_key => $cur_pattern)
$pattern[$cur_key] = str_replace('\p{L}\p{N}', '\w', $cur_pattern);
-
+
$replaced = preg_replace($pattern, $replace, $subject);
}
else
$replaced = preg_replace(str_replace('\p{L}\p{N}', '\w', $pattern), $replace, $subject);
}
-
+
return $replaced;
}
+//
+// Replace four-byte characters with a question mark
+//
+// As MySQL cannot properly handle four-byte characters with the default utf-8
+// charset up until version 5.5.3 (where a special charset has to be used), they
+// need to be replaced, by question marks in this case.
+//
+function strip_bad_multibyte_chars($str)
+{
+ $result = '';
+ $length = strlen($str);
+
+ for ($i = 0; $i < $length; $i++)
+ {
+ // Replace four-byte characters (11110www 10zzzzzz 10yyyyyy 10xxxxxx)
+ $ord = ord($str[$i]);
+ if ($ord >= 240 && $ord <= 244)
+ {
+ $result .= '?';
+ $i += 3;
+ }
+ else
+ {
+ $result .= $str[$i];
+ }
+ }
+
+ return $result;
+}
+
+//
+// Check whether a file/folder is writable.
+//
+// This function also works on Windows Server where ACLs seem to be ignored.
+//
+function forum_is_writable($path)
+{
+ if (is_dir($path))
+ {
+ $path = rtrim($path, '/').'/';
+ return forum_is_writable($path.uniqid(mt_rand()).'.tmp');
+ }
+
+ // Check temporary file for read/write capabilities
+ $rm = file_exists($path);
+ $f = @fopen($path, 'a');
+
+ if ($f === false)
+ return false;
+
+ fclose($f);
+
+ if (!$rm)
+ @unlink($path);
+
+ return true;
+}
+
+
// DEBUG FUNCTIONS BELOW
//
diff --git a/include/parser.php b/include/parser.php
index 02449b7..238932d 100644
--- a/include/parser.php
+++ b/include/parser.php
@@ -1,7 +1,7 @@
$part)
{
- $text .= $outside[$i];
+ $text .= $part;
if (isset($inside[$i]))
$text .= '[code]'.$inside[$i].'[/code]';
}
}
// Remove empty code tags
- while (($new_text = preg_replace('/\[(code)\]\s*\[\/\1\]/', '', $text)) !== NULL)
+ while (!is_null($new_text = preg_replace('%\[(code)\]\s*\[/\1\]%', '', $text)))
{
if ($new_text != $text)
$text = $new_text;
@@ -196,7 +188,7 @@ function preparse_tags($text, &$errors, $is_signature = false)
// Start off by making some arrays of bbcode tags and what we need to do with each one
// List of all the tags
- $tags = array('quote', 'code', 'b', 'i', 'u', 's', 'ins', 'del', 'em', 'color', 'colour', 'url', 'email', 'img', 'list', '*', 'h');
+ $tags = array('quote', 'code', 'b', 'i', 'u', 's', 'ins', 'del', 'em', 'color', 'colour', 'url', 'email', 'img', 'list', '*', 'h', 'topic', 'post', 'forum', 'user');
// List of tags that we need to check are open (You could not put b,i,u in here then illegal nesting like [b][i][/b][/i] would be allowed)
$tags_opened = $tags;
// and tags we need to check are closed (the same as above, added it just in case)
@@ -208,26 +200,30 @@ function preparse_tags($text, &$errors, $is_signature = false)
// Block tags, block tags can only go within another block tag, they cannot be in a normal tag
$tags_block = array('quote', 'code', 'list', 'h', '*');
// Inline tags, we do not allow new lines in these
- $tags_inline = array('b', 'i', 'u', 's', 'ins', 'del', 'em', 'color', 'colour', 'h');
+ $tags_inline = array('b', 'i', 'u', 's', 'ins', 'del', 'em', 'color', 'colour', 'h', 'topic', 'post', 'forum', 'user');
// Tags we trim interior space
$tags_trim = array('img');
// Tags we remove quotes from the argument
- $tags_quotes = array('url', 'email', 'img');
+ $tags_quotes = array('url', 'email', 'img', 'topic', 'post', 'forum', 'user');
// Tags we limit bbcode in
$tags_limit_bbcode = array(
- '*' => array('b', 'i', 'u', 's', 'ins', 'del', 'em', 'color', 'colour', 'url', 'email', 'list', 'img', 'code'),
+ '*' => array('b', 'i', 'u', 's', 'ins', 'del', 'em', 'color', 'colour', 'url', 'email', 'list', 'img', 'code', 'topic', 'post', 'forum', 'user'),
'list' => array('*'),
- 'url' => array('b', 'i', 'u', 's', 'ins', 'del', 'em', 'color', 'colour', 'img'),
- 'email' => array('b', 'i', 'u', 's', 'ins', 'del', 'em', 'color', 'colour', 'img'),
+ 'url' => array('img'),
+ 'email' => array('img'),
+ 'topic' => array('img'),
+ 'post' => array('img'),
+ 'forum' => array('img'),
+ 'user' => array('img'),
'img' => array(),
- 'h' => array('b', 'i', 'u', 's', 'ins', 'del', 'em', 'color', 'colour', 'url', 'email'),
+ 'h' => array('b', 'i', 'u', 's', 'ins', 'del', 'em', 'color', 'colour', 'url', 'email', 'topic', 'post', 'forum', 'user'),
);
// Tags we can automatically fix bad nesting
- $tags_fix = array('quote', 'b', 'i', 'u', 's', 'ins', 'del', 'em', 'color', 'colour', 'url', 'email', 'h');
+ $tags_fix = array('quote', 'b', 'i', 'u', 's', 'ins', 'del', 'em', 'color', 'colour', 'url', 'email', 'h', 'topic', 'post', 'forum', 'user');
- $split_text = preg_split("/(\[[\*a-zA-Z0-9-\/]*?(?:=.*?)?\])/", $text, -1, PREG_SPLIT_DELIM_CAPTURE|PREG_SPLIT_NO_EMPTY);
+ $split_text = preg_split('%(\[[\*a-zA-Z0-9-/]*?(?:=.*?)?\])%', $text, -1, PREG_SPLIT_DELIM_CAPTURE|PREG_SPLIT_NO_EMPTY);
- $open_tags = array('post');
+ $open_tags = array('fluxbb-bbcode');
$open_args = array('');
$opened_tag = 0;
$new_text = '';
@@ -235,6 +231,7 @@ function preparse_tags($text, &$errors, $is_signature = false)
$current_nest = '';
$current_depth = array();
$limit_bbcode = $tags;
+ $count_ignored = array();
foreach ($split_text as $current)
{
@@ -245,7 +242,6 @@ function preparse_tags($text, &$errors, $is_signature = false)
if (substr($current, 0, 1) != '[' || substr($current, -1, 1) != ']')
{
// It's not a bbcode tag so we put it on the end and continue
-
// If we are nested too deeply don't add to the end
if ($current_nest)
continue;
@@ -255,7 +251,7 @@ function preparse_tags($text, &$errors, $is_signature = false)
if (in_array($open_tags[$opened_tag], $tags_inline) && strpos($current, "\n") !== false)
{
// Deal with new lines
- $split_current = preg_split("/(\n\n+)/", $current, -1, PREG_SPLIT_DELIM_CAPTURE|PREG_SPLIT_NO_EMPTY);
+ $split_current = preg_split('%(\n\n+)%', $current, -1, PREG_SPLIT_DELIM_CAPTURE|PREG_SPLIT_NO_EMPTY);
$current = '';
if (!pun_trim($split_current[0], "\n")) // The first part is a linebreak so we need to handle any open tags first
@@ -357,13 +353,24 @@ function preparse_tags($text, &$errors, $is_signature = false)
$current = strtolower($current);
// This is if we are currently in a tag which escapes other bbcode such as code
+ // We keep a count of ignored bbcodes (code tags) so we can nest them, but
+ // only balanced sets of tags can be nested
if ($current_ignore)
{
+ // Increase the current ignored tags counter
+ if ('['.$current_ignore.']' == $current)
+ $count_ignored[$current_tag]++;
+
+ // Decrease the current ignored tags counter
if ('[/'.$current_ignore.']' == $current)
+ $count_ignored[$current_tag]--;
+
+ if ('[/'.$current_ignore.']' == $current && $count_ignored[$current_tag] == 0)
{
// We've finished the ignored section
$current = '[/'.$current_tag.']';
$current_ignore = '';
+ $count_ignored = array();
}
$new_text .= $current;
@@ -398,7 +405,6 @@ function preparse_tags($text, &$errors, $is_signature = false)
if (substr($current, 1, 1) == '/')
{
// This is if we are closing a tag
-
if ($opened_tag == 0 || !in_array($current_tag, $open_tags))
{
// We tried to close a tag which is not open
@@ -521,6 +527,7 @@ function preparse_tags($text, &$errors, $is_signature = false)
{
// It's an ignore tag so we don't need to worry about what's inside it
$current_ignore = $current_tag;
+ $count_ignored[$current_tag] = 1;
$new_text .= $current;
continue;
}
@@ -552,7 +559,7 @@ function preparse_tags($text, &$errors, $is_signature = false)
// Remove quotes from arguments for certain tags
if (strpos($current, '=') !== false && in_array($current_tag, $tags_quotes))
{
- $current = preg_replace('#\['.$current_tag.'=("|\'|)(.*?)\\1\]\s*#i', '['.$current_tag.'=$2]', $current);
+ $current = preg_replace('%\['.$current_tag.'=("|\'|)(.*?)\\1\]\s*%i', '['.$current_tag.'=$2]', $current);
}
if (in_array($current_tag, array_keys($tags_limit_bbcode)))
@@ -591,7 +598,7 @@ function preparse_tags($text, &$errors, $is_signature = false)
//
// Preparse the contents of [list] bbcode
//
-function preparse_list_tag($content, $type = '*', &$errors)
+function preparse_list_tag($content, $type = '*')
{
global $lang_common, $re_list;
@@ -600,7 +607,7 @@ function preparse_list_tag($content, $type = '*', &$errors)
if (strpos($content,'[list') !== false)
{
- $content = preg_replace($re_list, 'preparse_list_tag(\'$2\', \'$1\', $errors)', $content);
+ $content = preg_replace($re_list, 'preparse_list_tag(\'$2\', \'$1\')', $content);
}
$items = explode('[*]', str_replace('\"', '"', $content));
@@ -622,11 +629,18 @@ function preparse_list_tag($content, $type = '*', &$errors)
function handle_url_tag($url, $link = '', $bbcode = false)
{
$url = pun_trim($url);
+
+ // Deal with [url][img]http://example.com/test.png[/img][/url]
+ if (preg_match('%
<'.$lang_common['Image link'].' - '.$alt.'>';
@@ -713,9 +727,9 @@ function do_bbcode($text, $is_signature = false)
if (strpos($text, '[quote') !== false)
{
- $text = preg_replace('#\[quote\]\s*#', '
', $text);
- $text = preg_replace('#\[quote=("|&\#039;|"|\'|)(.*?)\\1\]#se', '"
".str_replace(array(\'[\', \'\\"\'), array(\'[\', \'"\'), \'$2\')." ".$lang_common[\'wrote\']." "', $text);
- $text = preg_replace('#\s*\[\/quote\]#S', '
', $text);
+ $text = preg_replace('%\[quote\]\s*%', '
', $text);
+ $text = preg_replace('%\[quote=("|&\#039;|"|\'|)(.*?)\\1\]%se', '"
".str_replace(array(\'[\', \'\\"\'), array(\'[\', \'"\'), \'$2\')." ".$lang_common[\'wrote\']." "', $text);
+ $text = preg_replace('%\s*\[\/quote\]%S', '
', $text);
}
if (!$is_signature)
@@ -724,15 +738,15 @@ function do_bbcode($text, $is_signature = false)
$replace[] = 'handle_list_tag(\'$2\', \'$1\')';
}
- $pattern[] = '#\[b\](.*?)\[/b\]#ms';
- $pattern[] = '#\[i\](.*?)\[/i\]#ms';
- $pattern[] = '#\[u\](.*?)\[/u\]#ms';
- $pattern[] = '#\[s\](.*?)\[/s\]#ms';
- $pattern[] = '#\[del\](.*?)\[/del\]#ms';
- $pattern[] = '#\[ins\](.*?)\[/ins\]#ms';
- $pattern[] = '#\[em\](.*?)\[/em\]#ms';
- $pattern[] = '#\[colou?r=([a-zA-Z]{3,20}|\#[0-9a-fA-F]{6}|\#[0-9a-fA-F]{3})](.*?)\[/colou?r\]#ms';
- $pattern[] = '#\[h\](.*?)\[/h\]#ms';
+ $pattern[] = '%\[b\](.*?)\[/b\]%ms';
+ $pattern[] = '%\[i\](.*?)\[/i\]%ms';
+ $pattern[] = '%\[u\](.*?)\[/u\]%ms';
+ $pattern[] = '%\[s\](.*?)\[/s\]%ms';
+ $pattern[] = '%\[del\](.*?)\[/del\]%ms';
+ $pattern[] = '%\[ins\](.*?)\[/ins\]%ms';
+ $pattern[] = '%\[em\](.*?)\[/em\]%ms';
+ $pattern[] = '%\[colou?r=([a-zA-Z]{3,20}|\#[0-9a-fA-F]{6}|\#[0-9a-fA-F]{3})](.*?)\[/colou?r\]%ms';
+ $pattern[] = '%\[h\](.*?)\[/h\]%ms';
$replace[] = '$1 ';
$replace[] = '$1 ';
@@ -746,8 +760,8 @@ function do_bbcode($text, $is_signature = false)
if (($is_signature && $pun_config['p_sig_img_tag'] == '1') || (!$is_signature && $pun_config['p_message_img_tag'] == '1'))
{
- $pattern[] = '#\[img\]((ht|f)tps?://)([^\s<"]*?)\[/img\]#e';
- $pattern[] = '#\[img=([^\[]*?)\]((ht|f)tps?://)([^\s<"]*?)\[/img\]#e';
+ $pattern[] = '%\[img\]((ht|f)tps?://)([^\s<"]*?)\[/img\]%e';
+ $pattern[] = '%\[img=([^\[]*?)\]((ht|f)tps?://)([^\s<"]*?)\[/img\]%e';
if ($is_signature)
{
$replace[] = 'handle_img_tag(\'$1$3\', true)';
@@ -760,15 +774,31 @@ function do_bbcode($text, $is_signature = false)
}
}
- $pattern[] = '#\[url\]([^\[]*?)\[/url\]#e';
- $pattern[] = '#\[url=([^\[]+?)\](.*?)\[/url\]#e';
- $pattern[] = '#\[email\]([^\[]*?)\[/email\]#';
- $pattern[] = '#\[email=([^\[]+?)\](.*?)\[/email\]#';
+ $pattern[] = '%\[url\]([^\[]*?)\[/url\]%e';
+ $pattern[] = '%\[url=([^\[]+?)\](.*?)\[/url\]%e';
+ $pattern[] = '%\[email\]([^\[]*?)\[/email\]%';
+ $pattern[] = '%\[email=([^\[]+?)\](.*?)\[/email\]%';
+ $pattern[] = '%\[topic\]([1-9]\d*)\[/topic\]%e';
+ $pattern[] = '%\[topic=([1-9]\d*)\](.*?)\[/topic\]%e';
+ $pattern[] = '%\[post\]([1-9]\d*)\[/post\]%e';
+ $pattern[] = '%\[post=([1-9]\d*)\](.*?)\[/post\]%e';
+ $pattern[] = '%\[forum\]([1-9]\d*)\[/forum\]%e';
+ $pattern[] = '%\[forum=([1-9]\d*)\](.*?)\[/forum\]%e';
+ $pattern[] = '%\[user\]([1-9]\d*)\[/user\]%e';
+ $pattern[] = '%\[user=([1-9]\d*)\](.*?)\[/user\]%e';
$replace[] = 'handle_url_tag(\'$1\')';
$replace[] = 'handle_url_tag(\'$1\', \'$2\')';
$replace[] = '$1 ';
$replace[] = '$2 ';
+ $replace[] = 'handle_url_tag(\''.get_base_url(true).'/viewtopic.php?id=$1\')';
+ $replace[] = 'handle_url_tag(\''.get_base_url(true).'/viewtopic.php?id=$1\', \'$2\')';
+ $replace[] = 'handle_url_tag(\''.get_base_url(true).'/viewtopic.php?pid=$1#p$1\')';
+ $replace[] = 'handle_url_tag(\''.get_base_url(true).'/viewtopic.php?pid=$1#p$1\', \'$2\')';
+ $replace[] = 'handle_url_tag(\''.get_base_url(true).'/viewforum.php?id=$1\')';
+ $replace[] = 'handle_url_tag(\''.get_base_url(true).'/viewforum.php?id=$1\', \'$2\')';
+ $replace[] = 'handle_url_tag(\''.get_base_url(true).'/profile.php?id=$1\')';
+ $replace[] = 'handle_url_tag(\''.get_base_url(true).'/profile.php?id=$1\', \'$2\')';
// This thing takes a while! :)
$text = preg_replace($pattern, $replace, $text);
@@ -784,8 +814,8 @@ function do_clickable($text)
{
$text = ' '.$text;
- $text = ucp_preg_replace('#(?<=[\s\]\)])(<)?(\[)?(\()?([\'"]?)(https?|ftp|news){1}://([\p{L}\p{N}\-]+\.([\p{L}\p{N}\-]+\.)*[\p{L}\p{N}]+(:[0-9]+)?(/[^\s\[]*[^\s.,?!\[;:-])?)\4(?(3)(\)))(?(2)(\]))(?(1)(>))(?![^\s]*\[/(?:url|img)\])#uie', 'stripslashes(\'$1$2$3$4\').handle_url_tag(\'$5://$6\', \'$5://$6\', true).stripslashes(\'$4$10$11$12\')', $text);
- $text = ucp_preg_replace('#(?<=[\s\]\)])(<)?(\[)?(\()?([\'"]?)(www|ftp)\.(([\p{L}\p{N}\-]+\.)*[\p{L}\p{N}]+(:[0-9]+)?(/[^\s\[]*[^\s.,?!\[;:-])?)\4(?(3)(\)))(?(2)(\]))(?(1)(>))(?![^\s]*\[/(?:url|img)\])#uie', 'stripslashes(\'$1$2$3$4\').handle_url_tag(\'$5.$6\', \'$5.$6\', true).stripslashes(\'$4$10$11$12\')', $text);
+ $text = ucp_preg_replace('%(?<=[\s\]\)])(<)?(\[)?(\()?([\'"]?)(https?|ftp|news){1}://([\p{L}\p{N}\-]+\.([\p{L}\p{N}\-]+\.)*[\p{L}\p{N}]+(:[0-9]+)?(/(?:[^\s\[]*[^\s.,?!\[;:-])?)?)\4(?(3)(\)))(?(2)(\]))(?(1)(>))(?![^\s]*\[/(?:url|img)\])%uie', 'stripslashes(\'$1$2$3$4\').handle_url_tag(\'$5://$6\', \'$5://$6\', true).stripslashes(\'$4$10$11$12\')', $text);
+ $text = ucp_preg_replace('%(?<=[\s\]\)])(<)?(\[)?(\()?([\'"]?)(www|ftp)\.(([\p{L}\p{N}\-]+\.)*[\p{L}\p{N}]+(:[0-9]+)?(/(?:[^\s\[]*[^\s.,?!\[;:-])?)?)\4(?(3)(\)))(?(2)(\]))(?(1)(>))(?![^\s]*\[/(?:url|img)\])%uie', 'stripslashes(\'$1$2$3$4\').handle_url_tag(\'$5.$6\', \'$5.$6\', true).stripslashes(\'$4$10$11$12\')', $text);
return substr($text, 1);
}
@@ -803,7 +833,7 @@ function do_smilies($text)
foreach ($smilies as $smiley_text => $smiley_img)
{
if (strpos($text, $smiley_text) !== false)
- $text = ucp_preg_replace('#(?<=[>\s])'.preg_quote($smiley_text, '#').'(?=[^\p{L}\p{N}])#um', '
'.pun_trim($inside[$i], "\n\r").'';
{
$num_lines = (substr_count($inside[$i], "\n"));
$text .= '
28) ? ' class="vscroll"' : '').'>'.pun_trim($inside[$i], "\n\r").' ';
@@ -861,10 +884,31 @@ function parse_message($text, $hide_smilies)
}
}
+ return clean_paragraphs($text);
+}
+
+
+//
+// Clean up paragraphs and line breaks
+//
+function clean_paragraphs($text)
+{
// Add paragraph tag around post, but make sure there are no empty paragraphs
- $text = preg_replace('#
$1
", $text);
- $text = str_replace('
', $text);
- $text = str_replace('
', '', '
'.$text.'
');
+
+ $text = '
'.$text.'
';
+
+ // Replace any breaks next to paragraphs so our replace below catches them
+ $text = preg_replace('%()(?:\s*?
){1,2}%i', '$1', $text);
+ $text = preg_replace('%(?:
\s*?){1,2}()%i', '$1', $text);
+
+ // Remove any empty paragraph tags (inserted via quotes/lists/code/etc) which should be stripped
+ $text = str_replace('
', '', $text);
+
+ $text = preg_replace('%
\s*?
%i', '
', $text);
+
+ $text = str_replace('
', $text);
+ $text = str_replace('
', '
', $text);
+ $text = str_replace('
', '
', $text);
return $text;
}
@@ -895,10 +939,5 @@ function parse_signature($text)
$replace = array('
', ' ', ' ', ' ');
$text = str_replace($pattern, $replace, $text);
- // Add paragraph tag around post, but make sure there are no empty paragraphs
- $text = preg_replace('#
\s*?
((\s*
)*)#i', "$1
", $text);
- $text = str_replace('
', $text);
- $text = str_replace('
', '', '
'.$text.'
');
-
- return $text;
+ return clean_paragraphs($text);
}
diff --git a/include/search_idx.php b/include/search_idx.php
index 7f3a834..550f348 100644
--- a/include/search_idx.php
+++ b/include/search_idx.php
@@ -1,7 +1,7 @@
= PUN_SEARCH_MIN_WORD && $num_chars <= PUN_SEARCH_MAX_WORD;
@@ -128,7 +131,7 @@ function is_keyword($word)
//
function is_cjk($word)
{
- return preg_match('/^'.PUN_CJK_HANGUL_REGEX.'+$/u', $word) ? true : false;
+ return preg_match('%^'.PUN_CJK_HANGUL_REGEX.'+$%u', $word) ? true : false;
}
@@ -142,9 +145,10 @@ function strip_bbcode($text)
if (!isset($patterns))
{
$patterns = array(
- '%\[img=([^\]]*+)\][^[]*+\[/img\]%' => '$1', // Keep the alt description
- '%\[(url|email)=[^\]]*+\]([^[]*+(?:(?!\[/\1\])\[[^[]*+)*)\[/\1\]%' => '$2', // Keep the text
- '%\[(img|url|email)\]([^[]*+(?:(?!\[/\1\])\[[^[]*+)*)\[/\1\]%' => '', // Remove the whole thing
+ '%\[img=([^\]]*+)\]([^[]*+)\[/img\]%' => '$2 $1', // Keep the url and description
+ '%\[(url|email)=([^\]]*+)\]([^[]*+(?:(?!\[/\1\])\[[^[]*+)*)\[/\1\]%' => '$2 $3', // Keep the url and text
+ '%\[(img|url|email)\]([^[]*+(?:(?!\[/\1\])\[[^[]*+)*)\[/\1\]%' => '$2', // Keep the url
+ '%\[(topic|post|forum|user)\][1-9]\d*\[/\1\]%' => ' ', // Do not index topic/post/forum/user ID
);
}
diff --git a/include/user/index.html b/include/user/index.html
new file mode 100644
index 0000000..89337b2
--- /dev/null
+++ b/include/user/index.html
@@ -0,0 +1 @@
+
. .
diff --git a/include/utf8/strcspn.php b/include/utf8/strcspn.php
index 1e3756d..b05e327 100644
--- a/include/utf8/strcspn.php
+++ b/include/utf8/strcspn.php
@@ -24,7 +24,7 @@ function utf8_strcspn($str, $mask, $start=null, $length=null)
$mask = preg_replace('!([\\\\\\-\\]\\[/^])!','\\\${1}', $mask);
- if ($start !== null || $length !== null)
+ if (!is_null($start) || !is_null($length))
$str = utf8_substr($str, $start, $length);
preg_match('/^[^'.$mask.']+/u', $str, $matches);
diff --git a/include/utf8/strspn.php b/include/utf8/strspn.php
index 424ceb7..49d300a 100644
--- a/include/utf8/strspn.php
+++ b/include/utf8/strspn.php
@@ -20,7 +20,7 @@ function utf8_strspn($str, $mask, $start=null, $length=null)
{
$mask = preg_replace('!([\\\\\\-\\]\\[/^])!', '\\\${1}', $mask);
- if ($start !== null || $length !== null)
+ if (!is_null($start)|| !is_null($length))
$str = utf8_substr($str, $start, $length);
preg_match('/^['.$mask.']+/u', $str, $matches);
diff --git a/include/utf8/substr_replace.php b/include/utf8/substr_replace.php
index 7fc7369..20a43b5 100644
--- a/include/utf8/substr_replace.php
+++ b/include/utf8/substr_replace.php
@@ -18,7 +18,7 @@ function utf8_substr_replace($str, $repl, $start , $length=null)
preg_match_all('/./us', $str, $ar);
preg_match_all('/./us', $repl, $rar);
- if($length === null)
+ if(is_null($length))
$length = utf8_strlen($str);
array_splice($ar[0], $start, $length, $rar[0]);
diff --git a/include/utf8/utf8.php b/include/utf8/utf8.php
index 281f18c..661b2d7 100644
--- a/include/utf8/utf8.php
+++ b/include/utf8/utf8.php
@@ -34,7 +34,7 @@ if (!defined('UTF8'))
if (extension_loaded('mbstring') && !defined('UTF8_USE_MBSTRING') && !defined('UTF8_USE_NATIVE'))
define('UTF8_USE_MBSTRING', true);
-else
+else if (!defined('UTF8_USE_NATIVE'))
define('UTF8_USE_NATIVE', true);
// utf8_strpos() and utf8_strrpos() need utf8_bad_strip() to strip invalid
diff --git a/include/utf8/utils/bad.php b/include/utf8/utils/bad.php
index 78e9d17..2704294 100644
--- a/include/utf8/utils/bad.php
+++ b/include/utf8/utils/bad.php
@@ -114,33 +114,9 @@ function utf8_bad_findall($str)
* @package utf8
* @subpackage bad
*/
-function utf8_bad_strip($str)
+function utf8_bad_strip($original)
{
- $UTF8_BAD =
- '([\x00-\x7F]'. # ASCII (including control chars)
- '|[\xC2-\xDF][\x80-\xBF]'. # Non-overlong 2-byte
- '|\xE0[\xA0-\xBF][\x80-\xBF]'. # Excluding overlongs
- '|[\xE1-\xEC\xEE\xEF][\x80-\xBF]{2}'. # Straight 3-byte
- '|\xED[\x80-\x9F][\x80-\xBF]'. # Excluding surrogates
- '|\xF0[\x90-\xBF][\x80-\xBF]{2}'. # Planes 1-3
- '|[\xF1-\xF3][\x80-\xBF]{3}'. # Planes 4-15
- '|\xF4[\x80-\x8F][\x80-\xBF]{2}'. # Plane 16
- '|(.{1}))'; # Invalid byte
-
- ob_start();
-
- while (preg_match('/'.$UTF8_BAD.'/S', $str, $matches))
- {
- if (!isset($matches[2]))
- echo $matches[0];
-
- $str = substr($str, strlen($matches[0]));
- }
-
- $result = ob_get_contents();
- ob_end_clean();
-
- return $result;
+ return utf8_bad_replace($original, '');
}
/**
@@ -156,33 +132,52 @@ function utf8_bad_strip($str)
* @package utf8
* @subpackage bad
*/
-function utf8_bad_replace($str, $replace='?')
-{
- $UTF8_BAD =
- '([\x00-\x7F]'. # ASCII (including control chars)
- '|[\xC2-\xDF][\x80-\xBF]'. # Non-overlong 2-byte
- '|\xE0[\xA0-\xBF][\x80-\xBF]'. # Excluding overlongs
- '|[\xE1-\xEC\xEE\xEF][\x80-\xBF]{2}'. # Straight 3-byte
- '|\xED[\x80-\x9F][\x80-\xBF]'. # Excluding surrogates
- '|\xF0[\x90-\xBF][\x80-\xBF]{2}'. # Planes 1-3
- '|[\xF1-\xF3][\x80-\xBF]{3}'. # Planes 4-15
- '|\xF4[\x80-\x8F][\x80-\xBF]{2}'. # Plane 16
- '|(.{1}))'; # Invalid byte
+function utf8_bad_replace($original, $replace = '?') {
+ $result = '';
+
+ $strlen = strlen($original);
+ for ($i = 0; $i < $strlen;) {
+ $char = $original[$i++];
+ $byte = ord($char);
+
+ if ($byte < 0x80) $bytes = 0; // 1-bytes (00000000 - 01111111)
+ else if ($byte < 0xC0) { // 1-bytes (10000000 - 10111111)
+ $result .= $replace;
+ continue;
+ }
+ else if ($byte < 0xE0) $bytes = 1; // 2-bytes (11000000 - 11011111)
+ else if ($byte < 0xF0) $bytes = 2; // 3-bytes (11100000 - 11101111)
+ else if ($byte < 0xF8) $bytes = 3; // 4-bytes (11110000 - 11110111)
+ else if ($byte < 0xFC) $bytes = 4; // 5-bytes (11111000 - 11111011)
+ else if ($byte < 0xFE) $bytes = 5; // 6-bytes (11111100 - 11111101)
+ else { // Otherwise it's something invalid
+ $result .= $replace;
+ continue;
+ }
- ob_start();
+ // Check our input actually has enough data
+ if ($i + $bytes > $strlen) {
+ $result .= $replace;
+ continue;
+ }
- while (preg_match('/'.$UTF8_BAD.'/S', $str, $matches))
- {
- if (!isset($matches[2]))
- echo $matches[0];
- else
- echo $replace;
+ // If we've got this far then we have a multiple-byte character
+ for ($j = 0; $j < $bytes; $j++) {
+ $byte = $original[$i + $j];
- $str = substr($str, strlen($matches[0]));
- }
+ $char .= $byte;
+ $byte = ord($byte);
- $result = ob_get_contents();
- ob_end_clean();
+ // Every following byte must be 10000000 - 10111111
+ if ($byte < 0x80 || $byte > 0xBF) {
+ $result .= $replace;
+ continue 2;
+ }
+ }
+
+ $i += $bytes;
+ $result .= $char;
+ }
return $result;
}
diff --git a/index.php b/index.php
index e80e73b..0f257ac 100644
--- a/index.php
+++ b/index.php
@@ -1,7 +1,7 @@
",
"req_db_host": "",
"req_db_name": "",
- "db_prefix": "",
"req_username": "",
"req_password1": "",
"req_password2": "",
@@ -270,14 +271,11 @@ function process_form(the_form)
for (var i = 0; i < the_form.length; ++i)
{
var elem = the_form.elements[i];
- if (elem.name && (/^req_/.test(elem.name)))
+ if (elem.name && required_fields[elem.name] && !elem.value && elem.type && (/^(?:text(?:area)?|password|file)$/i.test(elem.type)))
{
- if (!elem.value && elem.type && (/^(?:text(?:area)?|password|file)$/i.test(elem.type)))
- {
- alert('"' + element_names[elem.name] + '" ');
- elem.focus();
- return false;
- }
+ alert('"' + required_fields[elem.name] + '" ');
+ elem.focus();
+ return false;
}
}
}
@@ -286,7 +284,7 @@ function process_form(the_form)
/* ]]> */
-
+
@@ -336,7 +334,7 @@ function process_form(the_form)
-
+
diff --git a/misc.php b/misc.php
index 8468313..46d2707 100644
--- a/misc.php
+++ b/misc.php
@@ -1,7 +1,7 @@
query('UPDATE '.$db->prefix.'users SET last_visit='.$pun_user['logged'].' WHERE id='.$pun_user['id']) or error('Unable to update user last visit data', __FILE__, __LINE__, $db->error());
@@ -64,7 +64,7 @@ else if ($action == 'markread')
else if ($action == 'markforumread')
{
if ($pun_user['is_guest'])
- message($lang_common['No permission']);
+ message($lang_common['No permission'], false, '403 Forbidden');
$fid = isset($_GET['fid']) ? intval($_GET['fid']) : 0;
if ($fid < 1)
@@ -81,7 +81,7 @@ else if ($action == 'markforumread')
else if (isset($_GET['email']))
{
if ($pun_user['is_guest'] || $pun_user['g_send_email'] == '0')
- message($lang_common['No permission']);
+ message($lang_common['No permission'], false, '403 Forbidden');
$recipient_id = intval($_GET['email']);
if ($recipient_id < 2)
@@ -125,7 +125,7 @@ else if (isset($_GET['email']))
$mail_message = str_replace('
', $pun_user['username'], $mail_message);
$mail_message = str_replace('', $pun_config['o_board_title'], $mail_message);
$mail_message = str_replace('', $message, $mail_message);
- $mail_message = str_replace('', $pun_config['o_board_title'].' '.$lang_common['Mailer'], $mail_message);
+ $mail_message = str_replace('', $pun_config['o_board_title'], $mail_message);
require_once PUN_ROOT.'include/email.php';
@@ -145,12 +145,20 @@ else if (isset($_GET['email']))
if (strpos($referrer['host'], 'www.') === 0)
$referrer['host'] = substr($referrer['host'], 4);
+ // Make sure the path component exists
+ if (!isset($referrer['path']))
+ $referrer['path'] = '';
+
$valid = parse_url(get_base_url());
// Remove www subdomain if it exists
if (strpos($valid['host'], 'www.') === 0)
$valid['host'] = substr($valid['host'], 4);
- if ($referrer['host'] == $valid['host'] && preg_match('#^'.preg_quote($valid['path']).'/(.*?)\.php#i', $referrer['path']))
+ // Make sure the path component exists
+ if (!isset($valid['path']))
+ $valid['path'] = '';
+
+ if ($referrer['host'] == $valid['host'] && preg_match('%^'.preg_quote($valid['path'], '%').'/(.*?)\.php%i', $referrer['path']))
$redirect_url = $_SERVER['HTTP_REFERER'];
}
@@ -210,8 +218,8 @@ else if (isset($_GET['report']))
else if (strlen($reason) > 65535) // TEXT field can only hold 65535 bytes
message($lang_misc['Reason too long']);
- if ($pun_user['last_email_sent'] != '' && (time() - $pun_user['last_email_sent']) < $pun_user['g_email_flood'] && (time() - $pun_user['last_email_sent']) >= 0)
- message(sprintf($lang_misc['Report flood'], $pun_user['g_email_flood']));
+ if ($pun_user['last_report_sent'] != '' && (time() - $pun_user['last_report_sent']) < $pun_user['g_report_flood'] && (time() - $pun_user['last_report_sent']) >= 0)
+ message(sprintf($lang_misc['Report flood'], $pun_user['g_report_flood']));
// Get the topic ID
$result = $db->query('SELECT topic_id FROM '.$db->prefix.'posts WHERE id='.$post_id) or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
@@ -237,10 +245,20 @@ else if (isset($_GET['report']))
// We send it to the complete mailing-list in one swoop
if ($pun_config['o_mailing_list'] != '')
{
- $mail_subject = sprintf($lang_common['Report notification'], $forum_id, $subject);
- $mail_message = sprintf($lang_common['Report message 1'], $pun_user['username'], get_base_url().'/viewtopic.php?pid='.$post_id.'#p'.$post_id)."\n";
- $mail_message .= sprintf($lang_common['Report message 2'], $reason)."\n";
- $mail_message .= "\n".'--'."\n".$lang_common['Email signature'];
+ // Load the "new report" template
+ $mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$pun_user['language'].'/mail_templates/new_report.tpl'));
+
+ // The first row contains the subject
+ $first_crlf = strpos($mail_tpl, "\n");
+ $mail_subject = trim(substr($mail_tpl, 8, $first_crlf-8));
+ $mail_message = trim(substr($mail_tpl, $first_crlf));
+
+ $mail_subject = str_replace('', $forum_id, $mail_subject);
+ $mail_subject = str_replace('', $subject, $mail_subject);
+ $mail_message = str_replace('', $pun_user['username'], $mail_message);
+ $mail_message = str_replace('', get_base_url().'/viewtopic.php?pid='.$post_id.'#p'.$post_id, $mail_message);
+ $mail_message = str_replace('', $reason, $mail_message);
+ $mail_message = str_replace('', $pun_config['o_board_title'], $mail_message);
require PUN_ROOT.'include/email.php';
@@ -248,7 +266,7 @@ else if (isset($_GET['report']))
}
}
- $db->query('UPDATE '.$db->prefix.'users SET last_email_sent='.time().' WHERE id='.$pun_user['id']) or error('Unable to update user', __FILE__, __LINE__, $db->error());
+ $db->query('UPDATE '.$db->prefix.'users SET last_report_sent='.time().' WHERE id='.$pun_user['id']) or error('Unable to update user', __FILE__, __LINE__, $db->error());
redirect('viewtopic.php?pid='.$post_id.'#p'.$post_id, $lang_misc['Report redirect']);
}
diff --git a/moderate.php b/moderate.php
index 77b45e2..4555e31 100644
--- a/moderate.php
+++ b/moderate.php
@@ -1,7 +1,7 @@
query('SELECT poster_ip FROM '.$db->prefix.'posts WHERE id='.$get_host) or error('Unable to fetch post IP address', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
- message($lang_common['Bad request']);
+ message($lang_common['Bad request'], false, '404 Not Found');
$ip = $db->result($result);
}
@@ -43,7 +43,7 @@ if (isset($_GET['get_host']))
// All other functions require moderator/admin access
$fid = isset($_GET['fid']) ? intval($_GET['fid']) : 0;
if ($fid < 1)
- message($lang_common['Bad request']);
+ message($lang_common['Bad request'], false, '404 Not Found');
$result = $db->query('SELECT moderators FROM '.$db->prefix.'forums WHERE id='.$fid) or error('Unable to fetch forum info', __FILE__, __LINE__, $db->error());
@@ -51,7 +51,7 @@ $moderators = $db->result($result);
$mods_array = ($moderators != '') ? unserialize($moderators) : array();
if ($pun_user['g_id'] != PUN_ADMIN && ($pun_user['g_moderator'] == '0' || !array_key_exists($pun_user['username'], $mods_array)))
- message($lang_common['No permission']);
+ message($lang_common['No permission'], false, '403 Forbidden');
// Get topic/forum tracking data
if (!$pun_user['is_guest'])
@@ -66,12 +66,12 @@ if (isset($_GET['tid']))
{
$tid = intval($_GET['tid']);
if ($tid < 1)
- message($lang_common['Bad request']);
+ message($lang_common['Bad request'], false, '404 Not Found');
// Fetch some info about the topic
$result = $db->query('SELECT t.subject, t.num_replies, t.first_post_id, f.id AS forum_id, forum_name FROM '.$db->prefix.'topics AS t INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND f.id='.$fid.' AND t.id='.$tid.' AND t.moved_to IS NULL') or error('Unable to fetch topic info', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
- message($lang_common['Bad request']);
+ message($lang_common['Bad request'], false, '404 Not Found');
$cur_topic = $db->fetch_assoc($result);
@@ -86,7 +86,7 @@ if (isset($_GET['tid']))
{
confirm_referrer('moderate.php');
- if (@preg_match('/[^0-9,]/', $posts))
+ if (@preg_match('%[^0-9,]%', $posts))
message($lang_common['Bad request']);
// Verify that the post IDs are valid
@@ -153,7 +153,7 @@ if (isset($_GET['tid']))
{
confirm_referrer('moderate.php');
- if (@preg_match('/[^0-9,]/', $posts))
+ if (@preg_match('%[^0-9,]%', $posts))
message($lang_common['Bad request']);
$move_to_forum = isset($_POST['move_to_forum']) ? intval($_POST['move_to_forum']) : 0;
@@ -195,6 +195,9 @@ if (isset($_GET['tid']))
// Move the posts to the new topic
$db->query('UPDATE '.$db->prefix.'posts SET topic_id='.$new_tid.' WHERE id IN('.$posts.')') or error('Unable to move posts into new topic', __FILE__, __LINE__, $db->error());
+ // Apply every subscription to both topics
+ $db->query('INSERT INTO '.$db->prefix.'topic_subscriptions (user_id, topic_id) SELECT user_id, '.$new_tid.' FROM '.$db->prefix.'topic_subscriptions WHERE topic_id='.$tid) or error('Unable to copy existing subscriptions', __FILE__, __LINE__, $db->error());
+
// Get last_post, last_post_id, and last_poster from the topic and update it
$result = $db->query('SELECT id, poster, posted FROM '.$db->prefix.'posts WHERE topic_id='.$tid.' ORDER BY id DESC LIMIT 1') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error());
$last_post_data = $db->fetch_assoc($result);
@@ -420,7 +423,7 @@ if (isset($_REQUEST['move_topics']) || isset($_POST['move_topics_to']))
{
confirm_referrer('moderate.php');
- if (@preg_match('/[^0-9,]/', $_POST['topics']))
+ if (@preg_match('%[^0-9,]%', $_POST['topics']))
message($lang_common['Bad request']);
$topics = explode(',', $_POST['topics']);
@@ -548,21 +551,19 @@ else if (isset($_POST['merge_topics']) || isset($_POST['merge_topics_comply']))
{
confirm_referrer('moderate.php');
- if (@preg_match('/[^0-9,]/', $_POST['topics']))
+ if (@preg_match('%[^0-9,]%', $_POST['topics']))
message($lang_common['Bad request']);
$topics = explode(',', $_POST['topics']);
if (count($topics) < 2)
message($lang_misc['Not enough topics selected']);
- // Verify that the topic IDs are valid (moved topics can not be merged?)
- // $result = $db->query('SELECT 1 FROM '.$db->prefix.'topics WHERE id IN('.implode(',', $topics).') AND moved_to IS NULL AND forum_id='.$fid) or error('Unable to check topics', __FILE__, __LINE__, $db->error());
- $result = $db->query('SELECT 1 FROM '.$db->prefix.'topics WHERE id IN('.implode(',', $topics).') AND forum_id='.$fid) or error('Unable to check topics', __FILE__, __LINE__, $db->error());
+ // Verify that the topic IDs are valid (redirect links will point to the merged topic after the merge)
+ $result = $db->query('SELECT id FROM '.$db->prefix.'topics WHERE id IN('.implode(',', $topics).') AND forum_id='.$fid.' ORDER BY id ASC') or error('Unable to check topics', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result) != count($topics))
message($lang_common['Bad request']);
- // Fetch the topic that we're merging into
- $result = $db->query('SELECT MIN(t.id) FROM '.$db->prefix.'topics AS t WHERE t.id IN('.implode(',', $topics).')') or error('Unable to get topic', __FILE__, __LINE__, $db->error());
+ // The topic that we are merging into is the one with the smallest ID
$merge_to_tid = $db->result($result);
// Make any redirect topics point to our new, merged topic
@@ -577,8 +578,18 @@ else if (isset($_POST['merge_topics']) || isset($_POST['merge_topics_comply']))
// Merge the posts into the topic
$db->query('UPDATE '.$db->prefix.'posts SET topic_id='.$merge_to_tid.' WHERE topic_id IN('.implode(',', $topics).')') or error('Unable to merge the posts into the topic', __FILE__, __LINE__, $db->error());
- // Delete any subscriptions
- $db->query('DELETE FROM '.$db->prefix.'topic_subscriptions WHERE topic_id IN('.implode(',', $topics).') AND topic_id != '.$merge_to_tid) or error('Unable to delete subscriptions', __FILE__, __LINE__, $db->error());
+ // Update any subscriptions
+ $result = $db->query('SELECT user_id FROM '.$db->prefix.'topic_subscriptions WHERE topic_id IN ('.implode(',', $topics).')') or error('Unable to fetch subscriptions of merged topics', __FILE__, __LINE__, $db->error());
+
+ $subscribed_users = array();
+ while ($cur_user_id = $db->result($result))
+ $subscribed_users[] = $cur_user_id;
+ $subscribed_users = array_unique($subscribed_users);
+
+ $db->query('DELETE FROM '.$db->prefix.'topic_subscriptions WHERE topic_id IN ('.implode(',', $topics).')') or error('Unable to delete subscriptions of merged topics', __FILE__, __LINE__, $db->error());
+
+ foreach ($subscribed_users as $cur_user_id)
+ $db->query('INSERT INTO '.$db->prefix.'topic_subscriptions (topic_id, user_id) VALUES ('.$merge_to_tid.', '.$cur_user_id.')') or error('Unable to re-enter subscriptions for merge topic', __FILE__, __LINE__, $db->error());
// Without redirection the old topics are removed
if (!isset($_POST['with_redirect']))
@@ -644,7 +655,7 @@ else if (isset($_POST['delete_topics']) || isset($_POST['delete_topics_comply'])
{
confirm_referrer('moderate.php');
- if (@preg_match('/[^0-9,]/', $topics))
+ if (@preg_match('%[^0-9,]%', $topics))
message($lang_common['Bad request']);
require PUN_ROOT.'include/search_idx.php';
@@ -783,7 +794,7 @@ require PUN_ROOT.'lang/'.$pun_user['language'].'/forum.php';
// Fetch some info about the forum
$result = $db->query('SELECT f.forum_name, f.redirect_url, f.num_topics, f.sort_by FROM '.$db->prefix.'forums AS f LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND f.id='.$fid) or error('Unable to fetch forum info', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
- message($lang_common['Bad request']);
+ message($lang_common['Bad request'], false, '404 Not Found');
$cur_forum = $db->fetch_assoc($result);
@@ -877,7 +888,7 @@ if ($db->num_rows($result))
$item_status = ($topic_count % 2 == 0) ? 'roweven' : 'rowodd';
$icon_type = 'icon';
- if ($cur_topic['moved_to'] == null)
+ if (is_null($cur_topic['moved_to']))
{
$last_post = ''.format_time($cur_topic['last_post']).' '.$lang_common['by'].' '.pun_htmlspecialchars($cur_topic['last_poster']).' ';
$ghost_topic = false;
diff --git a/post.php b/post.php
index c849b14..a01fc1c 100644
--- a/post.php
+++ b/post.php
@@ -1,7 +1,7 @@
0 && $fid > 0)
- message($lang_common['Bad request']);
+ message($lang_common['Bad request'], false, '404 Not Found');
// Fetch some info about the topic and/or the forum
if ($tid)
@@ -26,7 +26,7 @@ else
$result = $db->query('SELECT f.id, f.forum_name, f.moderators, f.redirect_url, fp.post_replies, fp.post_topics FROM '.$db->prefix.'forums AS f LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND f.id='.$fid) or error('Unable to fetch forum info', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
- message($lang_common['Bad request']);
+ message($lang_common['Bad request'], false, '404 Not Found');
$cur_posting = $db->fetch_assoc($result);
$is_subscribed = $tid && $cur_posting['is_subscribed'];
@@ -47,7 +47,7 @@ if ((($tid && (($cur_posting['post_replies'] == '' && $pun_user['g_post_replies'
($fid && (($cur_posting['post_topics'] == '' && $pun_user['g_post_topics'] == '0') || $cur_posting['post_topics'] == '0')) ||
(isset($cur_posting['closed']) && $cur_posting['closed'] == '1')) &&
!$is_admmod)
- message($lang_common['No permission']);
+ message($lang_common['No permission'], false, '403 Forbidden');
// Load the post.php language file
require PUN_ROOT.'lang/'.$pun_user['language'].'/post.php';
@@ -59,10 +59,6 @@ $errors = array();
// Did someone just hit "Submit" or "Preview"?
if (isset($_POST['form_sent']))
{
- // Make sure form_user is correct
- if (($pun_user['is_guest'] && $_POST['form_user'] != 'Guest') || (!$pun_user['is_guest'] && $_POST['form_user'] != $pun_user['username']))
- message($lang_common['Bad request']);
-
// Flood protection
if (!isset($_POST['preview']) && $pun_user['last_post'] != '' && (time() - $pun_user['last_post']) < $pun_user['g_post_flood'])
$errors[] = $lang_post['Flood start'].' '.$pun_user['g_post_flood'].' '.$lang_post['flood end'];
@@ -95,9 +91,10 @@ if (isset($_POST['form_sent']))
else
{
$username = pun_trim($_POST['req_username']);
- $email = strtolower(trim(($pun_config['p_force_guest_email'] == '1') ? $_POST['req_email'] : $_POST['email']));
+ $email = strtolower(pun_trim(($pun_config['p_force_guest_email'] == '1') ? $_POST['req_email'] : $_POST['email']));
+ $banned_email = false;
- // Load the register.php/profile.php language files
+ // Load the register.php/prof_reg.php language files
require PUN_ROOT.'lang/'.$pun_user['language'].'/prof_reg.php';
require PUN_ROOT.'lang/'.$pun_user['language'].'/register.php';
@@ -119,8 +116,6 @@ if (isset($_POST['form_sent']))
$banned_email = true; // Used later when we send an alert email
}
- else
- $banned_email = false;
}
}
@@ -157,6 +152,9 @@ if (isset($_POST['form_sent']))
$hide_smilies = isset($_POST['hide_smilies']) ? '1' : '0';
$subscribe = isset($_POST['subscribe']) ? '1' : '0';
$stick_topic = isset($_POST['stick_topic']) && $is_admmod ? '1' : '0';
+
+ // Replace four-byte characters (MySQL cannot handle them)
+ $message = strip_bad_multibyte_chars($message);
$now = time();
@@ -188,17 +186,13 @@ if (isset($_POST['form_sent']))
else
{
// It's a guest. Insert the new post
- $email_sql = ($pun_config['p_force_guest_email'] == '1' || $email != '') ? '\''.$email.'\'' : 'NULL';
+ $email_sql = ($pun_config['p_force_guest_email'] == '1' || $email != '') ? '\''.$db->escape($email).'\'' : 'NULL';
$db->query('INSERT INTO '.$db->prefix.'posts (poster, poster_ip, poster_email, message, hide_smilies, posted, topic_id) VALUES(\''.$db->escape($username).'\', \''.get_remote_address().'\', '.$email_sql.', \''.$db->escape($message).'\', '.$hide_smilies.', '.$now.', '.$tid.')') or error('Unable to create post', __FILE__, __LINE__, $db->error());
$new_pid = $db->insert_id();
}
- // Count number of replies in the topic
- $result = $db->query('SELECT COUNT(id) FROM '.$db->prefix.'posts WHERE topic_id='.$tid) or error('Unable to fetch post count for topic', __FILE__, __LINE__, $db->error());
- $num_replies = $db->result($result, 0) - 1;
-
// Update topic
- $db->query('UPDATE '.$db->prefix.'topics SET num_replies='.$num_replies.', last_post='.$now.', last_post_id='.$new_pid.', last_poster=\''.$db->escape($username).'\' WHERE id='.$tid) or error('Unable to update topic', __FILE__, __LINE__, $db->error());
+ $db->query('UPDATE '.$db->prefix.'topics SET num_replies=num_replies+1, last_post='.$now.', last_post_id='.$new_pid.', last_poster=\''.$db->escape($username).'\' WHERE id='.$tid) or error('Unable to update topic', __FILE__, __LINE__, $db->error());
update_search_index('post', $new_pid, $message);
@@ -219,6 +213,11 @@ if (isset($_POST['form_sent']))
$notification_emails = array();
+ if ($pun_config['o_censoring'] == '1')
+ $cleaned_message = bbcode2email($censored_message, -1);
+ else
+ $cleaned_message = bbcode2email($message, -1);
+
// Loop through subscribed users and send emails
while ($cur_subscriber = $db->fetch_assoc($result))
{
@@ -247,15 +246,15 @@ if (isset($_POST['form_sent']))
$mail_message = str_replace('', $username, $mail_message);
$mail_message = str_replace('', get_base_url().'/viewtopic.php?pid='.$new_pid.'#p'.$new_pid, $mail_message);
$mail_message = str_replace('', get_base_url().'/misc.php?action=unsubscribe&tid='.$tid, $mail_message);
- $mail_message = str_replace('', $pun_config['o_board_title'].' '.$lang_common['Mailer'], $mail_message);
+ $mail_message = str_replace('', $pun_config['o_board_title'], $mail_message);
$mail_subject_full = str_replace('', $cur_posting['subject'], $mail_subject_full);
$mail_message_full = str_replace('', $cur_posting['subject'], $mail_message_full);
$mail_message_full = str_replace('', $username, $mail_message_full);
- $mail_message_full = str_replace('', $pun_config['o_censoring'] == '1' ? $censored_message : $message, $mail_message_full);
+ $mail_message_full = str_replace('', $cleaned_message, $mail_message_full);
$mail_message_full = str_replace('', get_base_url().'/viewtopic.php?pid='.$new_pid.'#p'.$new_pid, $mail_message_full);
$mail_message_full = str_replace('', get_base_url().'/misc.php?action=unsubscribe&tid='.$tid, $mail_message_full);
- $mail_message_full = str_replace('', $pun_config['o_board_title'].' '.$lang_common['Mailer'], $mail_message_full);
+ $mail_message_full = str_replace('', $pun_config['o_board_title'], $mail_message_full);
$notification_emails[$cur_subscriber['language']][0] = $mail_subject;
$notification_emails[$cur_subscriber['language']][1] = $mail_message;
@@ -275,6 +274,8 @@ if (isset($_POST['form_sent']))
pun_mail($cur_subscriber['email'], $notification_emails[$cur_subscriber['language']][2], $notification_emails[$cur_subscriber['language']][3]);
}
}
+
+ unset($cleaned_message);
}
}
}
@@ -297,7 +298,7 @@ if (isset($_POST['form_sent']))
else
{
// Create the post ("topic post")
- $email_sql = ($pun_config['p_force_guest_email'] == '1' || $email != '') ? '\''.$email.'\'' : 'NULL';
+ $email_sql = ($pun_config['p_force_guest_email'] == '1' || $email != '') ? '\''.$db->escape($email).'\'' : 'NULL';
$db->query('INSERT INTO '.$db->prefix.'posts (poster, poster_ip, poster_email, message, hide_smilies, posted, topic_id) VALUES(\''.$db->escape($username).'\', \''.get_remote_address().'\', '.$email_sql.', \''.$db->escape($message).'\', '.$hide_smilies.', '.$now.', '.$new_tid.')') or error('Unable to create post', __FILE__, __LINE__, $db->error());
}
$new_pid = $db->insert_id();
@@ -320,6 +321,11 @@ if (isset($_POST['form_sent']))
$notification_emails = array();
+ if ($pun_config['o_censoring'] == '1')
+ $cleaned_message = bbcode2email($censored_message, -1);
+ else
+ $cleaned_message = bbcode2email($message, -1);
+
// Loop through subscribed users and send emails
while ($cur_subscriber = $db->fetch_assoc($result))
{
@@ -349,16 +355,16 @@ if (isset($_POST['form_sent']))
$mail_message = str_replace('', $username, $mail_message);
$mail_message = str_replace('', get_base_url().'/viewtopic.php?id='.$new_tid, $mail_message);
$mail_message = str_replace('', get_base_url().'/misc.php?action=unsubscribe&fid='.$cur_posting['id'], $mail_message);
- $mail_message = str_replace('', $pun_config['o_board_title'].' '.$lang_common['Mailer'], $mail_message);
+ $mail_message = str_replace('', $pun_config['o_board_title'], $mail_message);
$mail_subject_full = str_replace('', $cur_posting['forum_name'], $mail_subject_full);
$mail_message_full = str_replace('', $pun_config['o_censoring'] == '1' ? $censored_subject : $subject, $mail_message_full);
$mail_message_full = str_replace('', $cur_posting['forum_name'], $mail_message_full);
$mail_message_full = str_replace('', $username, $mail_message_full);
- $mail_message_full = str_replace('', $pun_config['o_censoring'] == '1' ? $censored_message : $message, $mail_message_full);
+ $mail_message_full = str_replace('', $cleaned_message, $mail_message_full);
$mail_message_full = str_replace('', get_base_url().'/viewtopic.php?id='.$new_tid, $mail_message_full);
$mail_message_full = str_replace('', get_base_url().'/misc.php?action=unsubscribe&fid='.$cur_posting['id'], $mail_message_full);
- $mail_message_full = str_replace('', $pun_config['o_board_title'].' '.$lang_common['Mailer'], $mail_message_full);
+ $mail_message_full = str_replace('', $pun_config['o_board_title'], $mail_message_full);
$notification_emails[$cur_subscriber['language']][0] = $mail_subject;
$notification_emails[$cur_subscriber['language']][1] = $mail_message;
@@ -378,6 +384,8 @@ if (isset($_POST['form_sent']))
pun_mail($cur_subscriber['email'], $notification_emails[$cur_subscriber['language']][2], $notification_emails[$cur_subscriber['language']][3]);
}
}
+
+ unset($cleaned_message);
}
}
}
@@ -385,10 +393,18 @@ if (isset($_POST['form_sent']))
// If we previously found out that the email was banned
if ($pun_user['is_guest'] && $banned_email && $pun_config['o_mailing_list'] != '')
{
- $mail_subject = $lang_common['Banned email notification'];
- $mail_message = sprintf($lang_common['Banned email post message'], $username, $email)."\n";
- $mail_message .= sprintf($lang_common['Post URL'], get_base_url().'/viewtopic.php?pid='.$new_pid.'#p'.$new_pid)."\n";
- $mail_message .= "\n".'--'."\n".$lang_common['Email signature'];
+ // Load the "banned email post" template
+ $mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$pun_user['language'].'/mail_templates/banned_email_post.tpl'));
+
+ // The first row contains the subject
+ $first_crlf = strpos($mail_tpl, "\n");
+ $mail_subject = trim(substr($mail_tpl, 8, $first_crlf-8));
+ $mail_message = trim(substr($mail_tpl, $first_crlf));
+
+ $mail_message = str_replace('', $username, $mail_message);
+ $mail_message = str_replace('', $email, $mail_message);
+ $mail_message = str_replace('', get_base_url().'/viewtopic.php?pid='.$new_pid.'#p'.$new_pid, $mail_message);
+ $mail_message = str_replace('', $pun_config['o_board_title'], $mail_message);
pun_mail($pun_config['o_mailing_list'], $mail_subject, $mail_message);
}
@@ -423,21 +439,18 @@ if ($tid)
{
$qid = intval($_GET['qid']);
if ($qid < 1)
- message($lang_common['Bad request']);
+ message($lang_common['Bad request'], false, '404 Not Found');
$result = $db->query('SELECT poster, message FROM '.$db->prefix.'posts WHERE id='.$qid.' AND topic_id='.$tid) or error('Unable to fetch quote info', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
- message($lang_common['Bad request']);
+ message($lang_common['Bad request'], false, '404 Not Found');
list($q_poster, $q_message) = $db->fetch_row($result);
// If the message contains a code tag we have to split it up (text within [code][/code] shouldn't be touched)
if (strpos($q_message, '[code]') !== false && strpos($q_message, '[/code]') !== false)
{
- $errors = array();
- list($inside, $outside) = split_text($q_message, '[code]', '[/code]', $errors);
- if (!empty($errors)) // Technically this shouldn't happen, since $q_message is an existing post it should only exist if it previously passed validation
- message($errors[0]);
+ list($inside, $outside) = split_text($q_message, '[code]', '[/code]');
$q_message = implode("\1", $outside);
}
@@ -596,7 +609,6 @@ $cur_index = 1;
-
query('SELECT u.group_id, g.g_moderator FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'groups AS g ON (g.g_id=u.group_id) WHERE u.id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
- message($lang_common['Bad request']);
+ message($lang_common['Bad request'], false, '404 Not Found');
list($group_id, $is_moderator) = $db->fetch_row($result);
if ($pun_user['g_mod_edit_users'] == '0' || $pun_user['g_mod_change_passwords'] == '0' || $group_id == PUN_ADMIN || $is_moderator == '1')
- message($lang_common['No permission']);
+ message($lang_common['No permission'], false, '403 Forbidden');
}
}
@@ -161,17 +161,17 @@ else if ($action == 'change_email')
if ($pun_user['id'] != $id)
{
if (!$pun_user['is_admmod']) // A regular user trying to change another users email?
- message($lang_common['No permission']);
+ message($lang_common['No permission'], false, '403 Forbidden');
else if ($pun_user['g_moderator'] == '1') // A moderator trying to change a users email?
{
$result = $db->query('SELECT u.group_id, g.g_moderator FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'groups AS g ON (g.g_id=u.group_id) WHERE u.id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
- message($lang_common['Bad request']);
+ message($lang_common['Bad request'], false, '404 Not Found');
list($group_id, $is_moderator) = $db->fetch_row($result);
if ($pun_user['g_mod_edit_users'] == '0' || $group_id == PUN_ADMIN || $is_moderator == '1')
- message($lang_common['No permission']);
+ message($lang_common['No permission'], false, '403 Forbidden');
}
}
@@ -199,7 +199,7 @@ else if ($action == 'change_email')
require PUN_ROOT.'include/email.php';
// Validate the email address
- $new_email = strtolower(trim($_POST['req_new_email']));
+ $new_email = strtolower(pun_trim($_POST['req_new_email']));
if (!is_valid_email($new_email))
message($lang_common['Invalid email']);
@@ -210,10 +210,18 @@ else if ($action == 'change_email')
message($lang_prof_reg['Banned email']);
else if ($pun_config['o_mailing_list'] != '')
{
- $mail_subject = $lang_common['Banned email notification'];
- $mail_message = sprintf($lang_common['Banned email change message'], $pun_user['username'], $new_email)."\n";
- $mail_message .= sprintf($lang_common['User profile'], get_base_url().'/profile.php?id='.$id)."\n";
- $mail_message .= "\n".'--'."\n".$lang_common['Email signature'];
+ // Load the "banned email change" template
+ $mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$pun_user['language'].'/mail_templates/banned_email_change.tpl'));
+
+ // The first row contains the subject
+ $first_crlf = strpos($mail_tpl, "\n");
+ $mail_subject = trim(substr($mail_tpl, 8, $first_crlf-8));
+ $mail_message = trim(substr($mail_tpl, $first_crlf));
+
+ $mail_message = str_replace('
', $pun_user['username'], $mail_message);
+ $mail_message = str_replace('', $new_email, $mail_message);
+ $mail_message = str_replace('', get_base_url().'/profile.php?id='.$id, $mail_message);
+ $mail_message = str_replace('', $pun_config['o_board_title'], $mail_message);
pun_mail($pun_config['o_mailing_list'], $mail_subject, $mail_message);
}
@@ -230,10 +238,18 @@ else if ($action == 'change_email')
while ($cur_dupe = $db->fetch_assoc($result))
$dupe_list[] = $cur_dupe['username'];
- $mail_subject = $lang_common['Duplicate email notification'];
- $mail_message = sprintf($lang_common['Duplicate email change message'], $pun_user['username'], implode(', ', $dupe_list))."\n";
- $mail_message .= sprintf($lang_common['User profile'], get_base_url().'/profile.php?id='.$id)."\n";
- $mail_message .= "\n".'--'."\n".$lang_common['Email signature'];
+ // Load the "dupe email change" template
+ $mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$pun_user['language'].'/mail_templates/dupe_email_change.tpl'));
+
+ // The first row contains the subject
+ $first_crlf = strpos($mail_tpl, "\n");
+ $mail_subject = trim(substr($mail_tpl, 8, $first_crlf-8));
+ $mail_message = trim(substr($mail_tpl, $first_crlf));
+
+ $mail_message = str_replace('', $pun_user['username'], $mail_message);
+ $mail_message = str_replace('', implode(', ', $dupe_list), $mail_message);
+ $mail_message = str_replace('', get_base_url().'/profile.php?id='.$id, $mail_message);
+ $mail_message = str_replace('', $pun_config['o_board_title'], $mail_message);
pun_mail($pun_config['o_mailing_list'], $mail_subject, $mail_message);
}
@@ -255,7 +271,7 @@ else if ($action == 'change_email')
$mail_message = str_replace('', $pun_user['username'], $mail_message);
$mail_message = str_replace('', get_base_url(), $mail_message);
$mail_message = str_replace('', get_base_url().'/profile.php?action=change_email&id='.$id.'&key='.$new_email_key, $mail_message);
- $mail_message = str_replace('', $pun_config['o_board_title'].' '.$lang_common['Mailer'], $mail_message);
+ $mail_message = str_replace('', $pun_config['o_board_title'], $mail_message);
pun_mail($new_email, $mail_subject, $mail_message);
@@ -300,7 +316,7 @@ else if ($action == 'upload_avatar' || $action == 'upload_avatar2')
message($lang_profile['Avatars disabled']);
if ($pun_user['id'] != $id && !$pun_user['is_admmod'])
- message($lang_common['No permission']);
+ message($lang_common['No permission'], false, '403 Forbidden');
if (isset($_POST['form_sent']))
{
@@ -423,7 +439,7 @@ else if ($action == 'upload_avatar' || $action == 'upload_avatar2')
else if ($action == 'delete_avatar')
{
if ($pun_user['id'] != $id && !$pun_user['is_admmod'])
- message($lang_common['No permission']);
+ message($lang_common['No permission'], false, '403 Forbidden');
confirm_referrer('profile.php');
@@ -436,7 +452,7 @@ else if ($action == 'delete_avatar')
else if (isset($_POST['update_group_membership']))
{
if ($pun_user['g_id'] > PUN_ADMIN)
- message($lang_common['No permission']);
+ message($lang_common['No permission'], false, '403 Forbidden');
confirm_referrer('profile.php');
@@ -480,7 +496,7 @@ else if (isset($_POST['update_group_membership']))
else if (isset($_POST['update_forums']))
{
if ($pun_user['g_id'] > PUN_ADMIN)
- message($lang_common['No permission']);
+ message($lang_common['No permission'], false, '403 Forbidden');
confirm_referrer('profile.php');
@@ -521,16 +537,28 @@ else if (isset($_POST['update_forums']))
else if (isset($_POST['ban']))
{
if ($pun_user['g_id'] != PUN_ADMIN && ($pun_user['g_moderator'] != '1' || $pun_user['g_mod_ban_users'] == '0'))
- message($lang_common['No permission']);
+ message($lang_common['No permission'], false, '403 Forbidden');
+
+ // Get the username of the user we are banning
+ $result = $db->query('SELECT username FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch username', __FILE__, __LINE__, $db->error());
+ $username = $db->result($result);
- redirect('admin_bans.php?add_ban='.$id, $lang_profile['Ban redirect']);
+ // Check whether user is already banned
+ $result = $db->query('SELECT id FROM '.$db->prefix.'bans WHERE username = \''.$db->escape($username).'\' ORDER BY expire IS NULL DESC, expire DESC LIMIT 1') or error('Unable to fetch ban ID', __FILE__, __LINE__, $db->error());
+ if ($db->num_rows($result))
+ {
+ $ban_id = $db->result($result);
+ redirect('admin_bans.php?edit_ban='.$ban_id.'&exists', $lang_profile['Ban redirect']);
+ }
+ else
+ redirect('admin_bans.php?add_ban='.$id, $lang_profile['Ban redirect']);
}
else if (isset($_POST['delete_user']) || isset($_POST['delete_user_comply']))
{
if ($pun_user['g_id'] > PUN_ADMIN)
- message($lang_common['No permission']);
+ message($lang_common['No permission'], false, '403 Forbidden');
confirm_referrer('profile.php');
@@ -651,7 +679,7 @@ else if (isset($_POST['form_sent']))
// Fetch the user group of the user we are editing
$result = $db->query('SELECT u.username, u.group_id, g.g_moderator FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'groups AS g ON (g.g_id=u.group_id) WHERE u.id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
- message($lang_common['Bad request']);
+ message($lang_common['Bad request'], false, '404 Not Found');
list($old_username, $group_id, $is_moderator) = $db->fetch_row($result);
@@ -661,7 +689,7 @@ else if (isset($_POST['form_sent']))
($pun_user['g_mod_edit_users'] == '0' || // mods aren't allowed to edit users
$group_id == PUN_ADMIN || // or the user is an admin
$is_moderator)))) // or the user is another mod
- message($lang_common['No permission']);
+ message($lang_common['No permission'], false, '403 Forbidden');
if ($pun_user['is_admmod'])
confirm_referrer('profile.php');
@@ -686,7 +714,7 @@ else if (isset($_POST['form_sent']))
$languages = forum_list_langs();
$form['language'] = pun_trim($_POST['form']['language']);
if (!in_array($form['language'], $languages))
- message($lang_common['Bad request']);
+ message($lang_common['Bad request'], false, '404 Not Found');
}
if ($pun_user['is_admmod'])
@@ -722,7 +750,7 @@ else if (isset($_POST['form_sent']))
require PUN_ROOT.'include/email.php';
// Validate the email address
- $form['email'] = strtolower(trim($_POST['req_email']));
+ $form['email'] = strtolower(pun_trim($_POST['req_email']));
if (!is_valid_email($form['email']))
message($lang_common['Invalid email']);
}
@@ -739,8 +767,15 @@ else if (isset($_POST['form_sent']))
);
// Add http:// if the URL doesn't contain it already (while allowing https://, too)
- if ($form['url'] != '' && !preg_match('#^https?://#i', $form['url']))
- $form['url'] = 'http://'.$form['url'];
+ if ($form['url'] != '')
+ {
+ $url = url_valid($form['url']);
+
+ if ($url === false)
+ message($lang_profile['Invalid website URL']);
+
+ $form['url'] = $url['url'];
+ }
if ($pun_user['g_id'] == PUN_ADMIN)
$form['title'] = pun_trim($_POST['title']);
@@ -773,7 +808,7 @@ else if (isset($_POST['form_sent']))
);
// If the ICQ UIN contains anything other than digits it's invalid
- if (preg_match('/[^0-9]/', $form['icq']))
+ if (preg_match('%[^0-9]%', $form['icq']))
message($lang_prof_reg['Bad ICQ']);
break;
@@ -849,7 +884,7 @@ else if (isset($_POST['form_sent']))
$styles = forum_list_styles();
$form['style'] = pun_trim($_POST['form']['style']);
if (!in_array($form['style'], $styles))
- message($lang_common['Bad request']);
+ message($lang_common['Bad request'], false, '404 Not Found');
}
break;
@@ -892,6 +927,10 @@ else if (isset($_POST['form_sent']))
// If we changed the username we have to update some stuff
if ($username_updated)
{
+ $db->query('UPDATE '.$db->prefix.'bans SET username=\''.$db->escape($form['username']).'\' WHERE username=\''.$db->escape($old_username).'\'') or error('Unable to update bans', __FILE__, __LINE__, $db->error());
+ // If any bans were updated, we will need to know because the cache will need to be regenerated.
+ if ($db->affected_rows() > 0)
+ $bans_updated = true;
$db->query('UPDATE '.$db->prefix.'posts SET poster=\''.$db->escape($form['username']).'\' WHERE poster_id='.$id) or error('Unable to update posts', __FILE__, __LINE__, $db->error());
$db->query('UPDATE '.$db->prefix.'posts SET edited_by=\''.$db->escape($form['username']).'\' WHERE edited_by=\''.$db->escape($old_username).'\'') or error('Unable to update posts', __FILE__, __LINE__, $db->error());
$db->query('UPDATE '.$db->prefix.'topics SET poster=\''.$db->escape($form['username']).'\' WHERE poster=\''.$db->escape($old_username).'\'') or error('Unable to update topics', __FILE__, __LINE__, $db->error());
@@ -924,6 +963,16 @@ else if (isset($_POST['form_sent']))
}
}
}
+
+ // Regenerate the users info cache
+ if (!defined('FORUM_CACHE_FUNCTIONS_LOADED'))
+ require PUN_ROOT.'include/cache.php';
+
+ generate_users_info_cache();
+
+ // Check if the bans table was updated and regenerate the bans cache when needed
+ if (isset($bans_updated))
+ generate_bans_cache();
}
redirect('profile.php?section='.$section.'&id='.$id, $lang_profile['Profile redirect']);
@@ -932,7 +981,7 @@ else if (isset($_POST['form_sent']))
$result = $db->query('SELECT u.username, u.email, u.title, u.realname, u.url, u.jabber, u.icq, u.msn, u.aim, u.yahoo, u.location, u.signature, u.disp_topics, u.disp_posts, u.email_setting, u.notify_with_post, u.auto_notify, u.show_smilies, u.show_img, u.show_img_sig, u.show_avatars, u.show_sig, u.timezone, u.dst, u.language, u.style, u.num_posts, u.last_post, u.registered, u.registration_ip, u.admin_note, u.date_format, u.time_format, u.last_visit, g.g_id, g.g_user_title, g.g_moderator FROM '.$db->prefix.'users AS u LEFT JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id WHERE u.id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result))
- message($lang_common['Bad request']);
+ message($lang_common['Bad request'], false, '404 Not Found');
$user = $db->fetch_assoc($result);
@@ -1625,7 +1674,7 @@ else
else if ($section == 'admin')
{
if (!$pun_user['is_admmod'] || ($pun_user['g_moderator'] == '1' && $pun_user['g_mod_ban_users'] == '0'))
- message($lang_common['Bad request']);
+ message($lang_common['Bad request'], false, '403 Forbidden');
$page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_common['Profile'], $lang_profile['Section admin']);
define('PUN_ACTIVE_PAGE', 'profile');
diff --git a/register.php b/register.php
index 980eaf1..815eec2 100644
--- a/register.php
+++ b/register.php
@@ -1,7 +1,7 @@
', $username, $mail_message);
+ $mail_message = str_replace('', $email1, $mail_message);
+ $mail_message = str_replace('', get_base_url().'/profile.php?id='.$new_uid, $mail_message);
+ $mail_message = str_replace('', $pun_config['o_board_title'], $mail_message);
pun_mail($pun_config['o_mailing_list'], $mail_subject, $mail_message);
}
@@ -176,10 +184,18 @@ if (isset($_POST['form_sent']))
// If we previously found out that the email was a dupe
if (!empty($dupe_list))
{
- $mail_subject = $lang_common['Duplicate email notification'];
- $mail_message = sprintf($lang_common['Duplicate email register message'], $username, implode(', ', $dupe_list))."\n";
- $mail_message .= sprintf($lang_common['User profile'], get_base_url().'/profile.php?id='.$new_uid)."\n";
- $mail_message .= "\n".'--'."\n".$lang_common['Email signature'];
+ // Load the "dupe email register" template
+ $mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$pun_user['language'].'/mail_templates/dupe_email_register.tpl'));
+
+ // The first row contains the subject
+ $first_crlf = strpos($mail_tpl, "\n");
+ $mail_subject = trim(substr($mail_tpl, 8, $first_crlf-8));
+ $mail_message = trim(substr($mail_tpl, $first_crlf));
+
+ $mail_message = str_replace('', $username, $mail_message);
+ $mail_message = str_replace('', implode(', ', $dupe_list), $mail_message);
+ $mail_message = str_replace('', get_base_url().'/profile.php?id='.$new_uid, $mail_message);
+ $mail_message = str_replace('', $pun_config['o_board_title'], $mail_message);
pun_mail($pun_config['o_mailing_list'], $mail_subject, $mail_message);
}
@@ -187,10 +203,18 @@ if (isset($_POST['form_sent']))
// Should we alert people on the admin mailing list that a new user has registered?
if ($pun_config['o_regs_report'] == '1')
{
- $mail_subject = $lang_common['New user notification'];
- $mail_message = sprintf($lang_common['New user message'], $username, get_base_url().'/')."\n";
- $mail_message .= sprintf($lang_common['User profile'], get_base_url().'/profile.php?id='.$new_uid)."\n";
- $mail_message .= "\n".'--'."\n".$lang_common['Email signature'];
+ // Load the "new user" template
+ $mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$pun_user['language'].'/mail_templates/new_user.tpl'));
+
+ // The first row contains the subject
+ $first_crlf = strpos($mail_tpl, "\n");
+ $mail_subject = trim(substr($mail_tpl, 8, $first_crlf-8));
+ $mail_message = trim(substr($mail_tpl, $first_crlf));
+
+ $mail_message = str_replace('', $username, $mail_message);
+ $mail_message = str_replace('', get_base_url().'/', $mail_message);
+ $mail_message = str_replace('', get_base_url().'/profile.php?id='.$new_uid, $mail_message);
+ $mail_message = str_replace('', $pun_config['o_board_title'], $mail_message);
pun_mail($pun_config['o_mailing_list'], $mail_subject, $mail_message);
}
@@ -212,7 +236,7 @@ if (isset($_POST['form_sent']))
$mail_message = str_replace('', $username, $mail_message);
$mail_message = str_replace('', $password1, $mail_message);
$mail_message = str_replace('', get_base_url().'/login.php', $mail_message);
- $mail_message = str_replace('', $pun_config['o_board_title'].' '.$lang_common['Mailer'], $mail_message);
+ $mail_message = str_replace('', $pun_config['o_board_title'], $mail_message);
pun_mail($email1, $mail_subject, $mail_message);
@@ -242,9 +266,6 @@ $timezone = isset($timezone) ? $timezone : $pun_config['o_default_timezone'];
$dst = isset($dst) ? $dst : $pun_config['o_default_dst'];
$email_setting = isset($email_setting) ? $email_setting : $pun_config['o_default_email_setting'];
-?>
-
-