diff --git a/admin_bans.php b/admin_bans.php index d141889..8b70428 100644 --- a/admin_bans.php +++ b/admin_bans.php @@ -1,7 +1,7 @@ $cur_cat) { $cur_cat['name'] = pun_trim($cur_cat['name']); - $cur_cat['order'] = trim($cur_cat['order']); + $cur_cat['order'] = pun_trim($cur_cat['order']); if ($cur_cat['name'] == '') message($lang_admin_categories['Must enter name message']); diff --git a/admin_censoring.php b/admin_censoring.php index 06d2a85..420ca62 100644 --- a/admin_censoring.php +++ b/admin_censoring.php @@ -1,7 +1,7 @@ = 0) ? intval($_POST['post_flood']) : '0'; + $search_flood = (isset($_POST['search_flood']) && $_POST['search_flood'] >= 0) ? intval($_POST['search_flood']) : '0'; + $email_flood = (isset($_POST['email_flood']) && $_POST['email_flood'] >= 0) ? intval($_POST['email_flood']) : '0'; + $report_flood = (isset($_POST['report_flood']) && $_POST['report_flood'] >= 0) ? intval($_POST['report_flood']) : '0'; if ($title == '') message($lang_admin_groups['Must enter title message']); diff --git a/admin_index.php b/admin_index.php index e4f6023..5d82031 100644 --- a/admin_index.php +++ b/admin_index.php @@ -1,7 +1,7 @@ pun_trim($_POST['form']['default_style']), 'time_format' => pun_trim($_POST['form']['time_format']), 'date_format' => pun_trim($_POST['form']['date_format']), - 'timeout_visit' => intval($_POST['form']['timeout_visit']), - 'timeout_online' => intval($_POST['form']['timeout_online']), - 'redirect_delay' => intval($_POST['form']['redirect_delay']), + 'timeout_visit' => (intval($_POST['form']['timeout_visit']) > 0) ? intval($_POST['form']['timeout_visit']) : 1, + 'timeout_online' => (intval($_POST['form']['timeout_online']) > 0) ? intval($_POST['form']['timeout_online']) : 1, + 'redirect_delay' => (intval($_POST['form']['redirect_delay']) >= 0) ? intval($_POST['form']['redirect_delay']) : 0, 'show_version' => $_POST['form']['show_version'] != '1' ? '0' : '1', 'show_user_info' => $_POST['form']['show_user_info'] != '1' ? '0' : '1', 'show_post_count' => $_POST['form']['show_post_count'] != '1' ? '0' : '1', 'smilies' => $_POST['form']['smilies'] != '1' ? '0' : '1', 'smilies_sig' => $_POST['form']['smilies_sig'] != '1' ? '0' : '1', 'make_links' => $_POST['form']['make_links'] != '1' ? '0' : '1', - 'topic_review' => intval($_POST['form']['topic_review']), + 'topic_review' => (intval($_POST['form']['topic_review']) >= 0) ? intval($_POST['form']['topic_review']) : 0, 'disp_topics_default' => intval($_POST['form']['disp_topics_default']), 'disp_posts_default' => intval($_POST['form']['disp_posts_default']), - 'indent_num_spaces' => intval($_POST['form']['indent_num_spaces']), - 'quote_depth' => intval($_POST['form']['quote_depth']), + 'indent_num_spaces' => (intval($_POST['form']['indent_num_spaces']) >= 0) ? intval($_POST['form']['indent_num_spaces']) : 0, + 'quote_depth' => (intval($_POST['form']['quote_depth']) > 0) ? intval($_POST['form']['quote_depth']) : 1, 'quickpost' => $_POST['form']['quickpost'] != '1' ? '0' : '1', 'users_online' => $_POST['form']['users_online'] != '1' ? '0' : '1', 'censoring' => $_POST['form']['censoring'] != '1' ? '0' : '1', @@ -65,9 +65,9 @@ if (isset($_POST['form_sent'])) 'mailing_list' => pun_trim($_POST['form']['mailing_list']), 'avatars' => $_POST['form']['avatars'] != '1' ? '0' : '1', 'avatars_dir' => pun_trim($_POST['form']['avatars_dir']), - 'avatars_width' => intval($_POST['form']['avatars_width']), - 'avatars_height' => intval($_POST['form']['avatars_height']), - 'avatars_size' => intval($_POST['form']['avatars_size']), + 'avatars_width' => (intval($_POST['form']['avatars_width']) > 0) ? intval($_POST['form']['avatars_width']) : 1, + 'avatars_height' => (intval($_POST['form']['avatars_height']) > 0) ? intval($_POST['form']['avatars_height']) : 1, + 'avatars_size' => (intval($_POST['form']['avatars_size']) > 0) ? intval($_POST['form']['avatars_size']) : 1, 'admin_email' => strtolower(pun_trim($_POST['form']['admin_email'])), 'webmaster_email' => strtolower(pun_trim($_POST['form']['webmaster_email'])), 'forum_subscriptions' => $_POST['form']['forum_subscriptions'] != '1' ? '0' : '1', @@ -303,7 +303,7 @@ generate_admin_menu('options'); - />     />  + />     />  @@ -411,42 +411,42 @@ generate_admin_menu('options'); - />     />  + />     />  - />     />  + />     />  - />     />  + />     />  - />     />  + />     />  - />     />  + />     />  - />     />  + />     />  @@ -497,70 +497,70 @@ generate_admin_menu('options'); - />     />  + />     />  - />     />  + />     />  - + - />     />  + />     />  '.$lang_admin_common['Censoring'].'') ?> - + - />     />  + />     />  - + - />     />  + />     />  '.$lang_admin_common['Ranks'].'') ?> - />     />  + />     />  - />     />  + />     />  - />     />  + />     />  - />     />  + />     />  - />     />  + />     />  @@ -583,7 +583,7 @@ generate_admin_menu('options'); - />     />     />  + />     />     />  @@ -616,7 +616,7 @@ generate_admin_menu('options'); - />     />     />  + />     />     />  @@ -639,7 +639,7 @@ generate_admin_menu('options'); - />     />  + />     />  @@ -697,14 +697,14 @@ generate_admin_menu('options'); - />     />  + />     />  - />     />  + />     />  @@ -725,7 +725,7 @@ generate_admin_menu('options'); -    +    @@ -735,7 +735,7 @@ generate_admin_menu('options'); - />     />  + />     />  @@ -751,28 +751,28 @@ generate_admin_menu('options'); - />     />  + />     />  - />     />  + />     />  - />     />  + />     />  - />     />  + />     />  @@ -787,9 +787,9 @@ generate_admin_menu('options'); - /> 
- /> 
- /> 
+ /> 
+ /> 
+ /> 
@@ -804,7 +804,7 @@ generate_admin_menu('options'); - />     />  + />     />  @@ -825,9 +825,9 @@ generate_admin_menu('options');
- + diff --git a/admin_permissions.php b/admin_permissions.php index c92e01d..a239979 100644 --- a/admin_permissions.php +++ b/admin_permissions.php @@ -1,7 +1,7 @@ $input) { + // Make sure the input is never a negative value + if($input < 0) + $input = 0; + // Only update values that have changed if (array_key_exists('p_'.$key, $pun_config) && $pun_config['p_'.$key] != $input) $db->query('UPDATE '.$db->prefix.'config SET conf_value='.$input.' WHERE conf_name=\'p_'.$db->escape($key).'\'') or error('Unable to update board config', __FILE__, __LINE__, $db->error()); diff --git a/admin_ranks.php b/admin_ranks.php index fb5f7c1..e054915 100644 --- a/admin_ranks.php +++ b/admin_ranks.php @@ -1,7 +1,7 @@ PUN_ADMIN) - message($lang_common['No permission']); + message($lang_common['No permission'], false, '403 Forbidden'); confirm_referrer('admin_users.php'); @@ -383,7 +383,7 @@ else if (isset($_POST['move_users']) || isset($_POST['move_users_comply'])) else if (isset($_POST['delete_users']) || isset($_POST['delete_users_comply'])) { if ($pun_user['g_id'] > PUN_ADMIN) - message($lang_common['No permission']); + message($lang_common['No permission'], false, '403 Forbidden'); confirm_referrer('admin_users.php'); @@ -532,7 +532,7 @@ else if (isset($_POST['delete_users']) || isset($_POST['delete_users_comply'])) else if (isset($_POST['ban_users']) || isset($_POST['ban_users_comply'])) { if ($pun_user['g_id'] != PUN_ADMIN && ($pun_user['g_moderator'] != '1' || $pun_user['g_mod_ban_users'] == '0')) - message($lang_common['No permission']); + message($lang_common['No permission'], false, '403 Forbidden'); confirm_referrer('admin_users.php'); @@ -680,14 +680,14 @@ else if (isset($_GET['find_user'])) $form = array_map('pun_trim', $form); $conditions = $query_str = array(); - $posts_greater = isset($_GET['posts_greater']) ? trim($_GET['posts_greater']) : ''; - $posts_less = isset($_GET['posts_less']) ? trim($_GET['posts_less']) : ''; - $last_post_after = isset($_GET['last_post_after']) ? trim($_GET['last_post_after']) : ''; - $last_post_before = isset($_GET['last_post_before']) ? trim($_GET['last_post_before']) : ''; - $last_visit_after = isset($_GET['last_visit_after']) ? trim($_GET['last_visit_after']) : ''; - $last_visit_before = isset($_GET['last_visit_before']) ? trim($_GET['last_visit_before']) : ''; - $registered_after = isset($_GET['registered_after']) ? trim($_GET['registered_after']) : ''; - $registered_before = isset($_GET['registered_before']) ? trim($_GET['registered_before']) : ''; + $posts_greater = isset($_GET['posts_greater']) ? pun_trim($_GET['posts_greater']) : ''; + $posts_less = isset($_GET['posts_less']) ? pun_trim($_GET['posts_less']) : ''; + $last_post_after = isset($_GET['last_post_after']) ? pun_trim($_GET['last_post_after']) : ''; + $last_post_before = isset($_GET['last_post_before']) ? pun_trim($_GET['last_post_before']) : ''; + $last_visit_after = isset($_GET['last_visit_after']) ? pun_trim($_GET['last_visit_after']) : ''; + $last_visit_before = isset($_GET['last_visit_before']) ? pun_trim($_GET['last_visit_before']) : ''; + $registered_after = isset($_GET['registered_after']) ? pun_trim($_GET['registered_after']) : ''; + $registered_before = isset($_GET['registered_before']) ? pun_trim($_GET['registered_before']) : ''; $order_by = isset($_GET['order_by']) && in_array($_GET['order_by'], array('username', 'email', 'num_posts', 'last_post', 'last_visit', 'registered')) ? $_GET['order_by'] : 'username'; $direction = isset($_GET['direction']) && $_GET['direction'] == 'DESC' ? 'DESC' : 'ASC'; $user_group = isset($_GET['user_group']) ? intval($_GET['user_group']) : -1; diff --git a/common.js b/common.js index b7ff12f..47a7155 100644 --- a/common.js +++ b/common.js @@ -1,4 +1,10 @@ +/** + * Copyright (C) 2008-2012 FluxBB + * based on code by Rickard Andersson copyright (C) 2002-2008 PunBB + * License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher + */ + function select_checkboxes(curFormId, link, new_string) { var curForm = document.getElementById(curFormId); @@ -29,4 +35,4 @@ function unselect_checkboxes(curFormId, link, new_string) link.innerHTML = new_string; return false; -} \ No newline at end of file +} diff --git a/db_update.php b/db_update.php index 20a00af..51f4ff9 100644 --- a/db_update.php +++ b/db_update.php @@ -1,13 +1,13 @@ query('SHOW FULL COLUMNS FROM '.$table) or error('Unable to fetch column information', __FILE__, __LINE__, $db->error()); while ($cur_column = $db->fetch_assoc($result)) { - if ($cur_column['Collation'] === null) + if (is_null($cur_column['Collation'])) continue; list($type) = explode('(', $cur_column['Type']); @@ -359,7 +359,7 @@ function convert_table_utf8($table, $callback, $old_charset, $key = null, $start if ($mysql) { // Only set up the tables if we are doing this in 1 go, or its the first go - if ($start_at === null || $start_at == 0) + if (is_null($start_at) || $start_at == 0) { // Drop any temp table that exists, in-case it's left over from a failed update $db->drop_table($table.'_utf8', true) or error('Unable to drop left over temp table', __FILE__, __LINE__, $db->error()); @@ -375,7 +375,7 @@ function convert_table_utf8($table, $callback, $old_charset, $key = null, $start $db->set_names($old_connection_charset); // Move & Convert everything - $result = $db->query('SELECT * FROM '.$table.($start_at === null ? '' : ' WHERE '.$key.'>'.$start_at).' ORDER BY '.$key.' ASC'.($start_at === null ? '' : ' LIMIT '.PER_PAGE), false) or error('Unable to select from old table', __FILE__, __LINE__, $db->error()); + $result = $db->query('SELECT * FROM '.$table.(is_null($start_at) ? '' : ' WHERE '.$key.'>'.$start_at).' ORDER BY '.$key.' ASC'.(is_null($start_at) ? '' : ' LIMIT '.PER_PAGE), false) or error('Unable to select from old table', __FILE__, __LINE__, $db->error()); // Change back to utf8 mode so we can insert it into the new table $db->set_names('utf8'); @@ -386,15 +386,15 @@ function convert_table_utf8($table, $callback, $old_charset, $key = null, $start $temp = array(); foreach ($cur_item as $idx => $value) - $temp[$idx] = $value === null ? 'NULL' : '\''.$db->escape($value).'\''; + $temp[$idx] = is_null($value) ? 'NULL' : '\''.$db->escape($value).'\''; - $db->query('INSERT INTO '.$table.'_utf8('.implode(',', array_keys($temp)).') VALUES ('.implode(',', array_values($temp)).')') or ($error_callback === null ? error('Unable to insert data to new table', __FILE__, __LINE__, $db->error()) : call_user_func($error_callback, $cur_item)); + $db->query('INSERT INTO '.$table.'_utf8('.implode(',', array_keys($temp)).') VALUES ('.implode(',', array_values($temp)).')') or (is_null($error_callback) ? error('Unable to insert data to new table', __FILE__, __LINE__, $db->error()) : call_user_func($error_callback, $cur_item)); $end_at = $cur_item[$key]; } // If we aren't doing this all in 1 go and $end_at has a value (i.e. we have processed at least 1 row), figure out if we have more to do or not - if ($start_at !== null && $end_at > 0) + if (!is_null($start_at) && $end_at > 0) { $result = $db->query('SELECT 1 FROM '.$table.' WHERE '.$key.'>'.$end_at.' ORDER BY '.$key.' ASC LIMIT 1') or error('Unable to check for next row', __FILE__, __LINE__, $db->error()); $finished = $db->num_rows($result) == 0; @@ -417,14 +417,14 @@ function convert_table_utf8($table, $callback, $old_charset, $key = null, $start else { // Convert everything - $result = $db->query('SELECT * FROM '.$table.($start_at === null ? '' : ' WHERE '.$key.'>'.$start_at).' ORDER BY '.$key.' ASC'.($start_at === null ? '' : ' LIMIT '.PER_PAGE)) or error('Unable to select from table', __FILE__, __LINE__, $db->error()); + $result = $db->query('SELECT * FROM '.$table.(is_null($start_at) ? '' : ' WHERE '.$key.'>'.$start_at).' ORDER BY '.$key.' ASC'.(is_null($start_at ) ? '' : ' LIMIT '.PER_PAGE)) or error('Unable to select from table', __FILE__, __LINE__, $db->error()); while ($cur_item = $db->fetch_assoc($result)) { $cur_item = call_user_func($callback, $cur_item, $old_charset); $temp = array(); foreach ($cur_item as $idx => $value) - $temp[] = $idx.'='.($value === null ? 'NULL' : '\''.$db->escape($value).'\''); + $temp[] = $idx.'='.(is_null($value) ? 'NULL' : '\''.$db->escape($value).'\''); if (!empty($temp)) $db->query('UPDATE '.$table.' SET '.implode(', ', $temp).' WHERE '.$key.'=\''.$db->escape($cur_item[$key]).'\'') or error('Unable to update data', __FILE__, __LINE__, $db->error()); @@ -432,7 +432,7 @@ function convert_table_utf8($table, $callback, $old_charset, $key = null, $start $end_at = $cur_item[$key]; } - if ($start_at !== null && $end_at > 0) + if (!is_null($start_at) && $end_at > 0) { $result = $db->query('SELECT 1 FROM '.$table.' WHERE '.$key.'>'.$end_at.' ORDER BY '.$key.' ASC LIMIT 1') or error('Unable to check for next row', __FILE__, __LINE__, $db->error()); if ($db->num_rows($result) == 0) @@ -621,7 +621,7 @@ $lock_error = false; // Generate or fetch the UID - this confirms we have a valid admin if (isset($_POST['req_db_pass'])) { - $req_db_pass = strtolower(trim($_POST['req_db_pass'])); + $req_db_pass = strtolower(pun_trim($_POST['req_db_pass'])); switch ($db_type) { @@ -674,7 +674,7 @@ if (isset($_POST['req_db_pass'])) } else if (isset($_GET['uid'])) { - $uid = trim($_GET['uid']); + $uid = pun_trim($_GET['uid']); if (!$lock || $lock != $uid) // The lock doesn't exist or doesn't match the given UID $lock_error = true; } @@ -1557,7 +1557,7 @@ switch ($stage) $temp = array(); foreach ($cur_user as $idx => $value) - $temp[$idx] = $value === null ? 'NULL' : '\''.$db->escape($value).'\''; + $temp[$idx] = is_null($value) ? 'NULL' : '\''.$db->escape($value).'\''; // Insert the renamed user $db->query('INSERT INTO '.$db->prefix.'users('.implode(',', array_keys($temp)).') VALUES ('.implode(',', array_values($temp)).')') or error('Unable to insert data to new table', __FILE__, __LINE__, $db->error()); @@ -1905,4 +1905,4 @@ $db->end_transaction(); $db->close(); if ($query_str != '') - exit(''); \ No newline at end of file + exit(''); diff --git a/delete.php b/delete.php index 7844c4b..f022f53 100644 --- a/delete.php +++ b/delete.php @@ -1,7 +1,7 @@ query('SELECT f.id AS fid, f.forum_name, f.moderators, f.redirect_url, fp.post_replies, fp.post_topics, t.id AS tid, t.subject, t.first_post_id, t.closed, p.posted, p.poster, p.poster_id, p.message, p.hide_smilies FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'topics AS t ON t.id=p.topic_id INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND p.id='.$id) or error('Unable to fetch post info', __FILE__, __LINE__, $db->error()); if (!$db->num_rows($result)) - message($lang_common['Bad request']); + message($lang_common['Bad request'], false, '404 Not Found'); $cur_post = $db->fetch_assoc($result); @@ -40,7 +40,7 @@ if (($pun_user['g_delete_posts'] == '0' || $cur_post['poster_id'] != $pun_user['id'] || $cur_post['closed'] == '1') && !$is_admmod) - message($lang_common['No permission']); + message($lang_common['No permission'], false, '403 Forbidden'); // Load the delete.php language file require PUN_ROOT.'lang/'.$pun_user['language'].'/delete.php'; diff --git a/edit.php b/edit.php index 1f35edd..f9b036b 100644 --- a/edit.php +++ b/edit.php @@ -1,7 +1,7 @@ query('SELECT f.id AS fid, f.forum_name, f.moderators, f.redirect_url, fp.post_replies, fp.post_topics, t.id AS tid, t.subject, t.posted, t.first_post_id, t.sticky, t.closed, p.poster, p.poster_id, p.message, p.hide_smilies FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'topics AS t ON t.id=p.topic_id INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND p.id='.$id) or error('Unable to fetch post info', __FILE__, __LINE__, $db->error()); if (!$db->num_rows($result)) - message($lang_common['Bad request']); + message($lang_common['Bad request'], false, '404 Not Found'); $cur_post = $db->fetch_assoc($result); @@ -42,7 +42,7 @@ if (($pun_user['g_edit_posts'] == '0' || $cur_post['poster_id'] != $pun_user['id'] || $cur_post['closed'] == '1') && !$is_admmod) - message($lang_common['No permission']); + message($lang_common['No permission'], false, '403 Forbidden'); // Load the post.php/edit.php language file require PUN_ROOT.'lang/'.$pun_user['language'].'/post.php'; @@ -108,6 +108,9 @@ if (isset($_POST['form_sent'])) $stick_topic = isset($_POST['stick_topic']) ? '1' : '0'; if (!$is_admmod) $stick_topic = $cur_post['sticky']; + + // Replace four-byte characters (MySQL cannot handle them) + $message = strip_bad_multibyte_chars($message); // Did everything go according to plan? if (empty($errors) && !isset($_POST['preview'])) diff --git a/extern.php b/extern.php index 364229e..eb4bc94 100644 --- a/extern.php +++ b/extern.php @@ -1,7 +1,7 @@ '); - elem.focus(); - return false; - } + alert('"' + required_fields[elem.name] + '" '); + elem.focus(); + return false; } } } diff --git a/help.php b/help.php index 0820794..caa7c23 100644 --- a/help.php +++ b/help.php @@ -1,7 +1,7 @@

[url=][/url]

[url][/url]

-

[url=/help.php][/url]

+

[url=/help.php][/url]

[email]myname@mydomain.com[/email] myname@mydomain.com

[email=myname@mydomain.com][/email]

[topic=1][/topic]

diff --git a/include/cache.php b/include/cache.php index 2070fb4..e4b9112 100644 --- a/include/cache.php +++ b/include/cache.php @@ -1,7 +1,7 @@ query('SELECT * FROM '.$db->prefix.'config', true) or error('Unable to fetch forum config', __FILE__, __LINE__, $db->error()); + + $output = array(); while ($cur_config_item = $db->fetch_row($result)) $output[$cur_config_item[0]] = $cur_config_item[1]; diff --git a/include/common.php b/include/common.php index 613dda8..b3bf44b 100644 --- a/include/common.php +++ b/include/common.php @@ -1,7 +1,7 @@ $value) + $_FILES[$key]['tmp_name'] = str_replace('\\', '\\\\', $value['tmp_name']); + $_FILES = stripslashes_array($_FILES); + } } // If a cookie name is not specified in config.php, we use the default (pun_cookie) diff --git a/include/common_admin.php b/include/common_admin.php index bc353ac..594b401 100644 --- a/include/common_admin.php +++ b/include/common_admin.php @@ -1,7 +1,7 @@ datatype_transformations), array_values($this->datatype_transformations), $field_type); - if ($default_value !== null && !is_int($default_value) && !is_float($default_value)) + if (!is_null($default_value) && !is_int($default_value) && !is_float($default_value)) $default_value = '\''.$this->escape($default_value).'\''; - return $this->query('ALTER TABLE '.($no_prefix ? '' : $this->prefix).$table_name.' ADD '.$field_name.' '.$field_type.($allow_null ? ' ' : ' NOT NULL').($default_value !== null ? ' DEFAULT '.$default_value : ' ').($after_field != null ? ' AFTER '.$after_field : '')) ? true : false; + return $this->query('ALTER TABLE '.($no_prefix ? '' : $this->prefix).$table_name.' ADD '.$field_name.' '.$field_type.($allow_null ? ' ' : ' NOT NULL').(!is_null($default_value) ? ' DEFAULT '.$default_value : ' ').(!is_null($after_field) ? ' AFTER '.$after_field : '')) ? true : false; } @@ -332,10 +332,10 @@ class DBLayer $field_type = preg_replace(array_keys($this->datatype_transformations), array_values($this->datatype_transformations), $field_type); - if ($default_value !== null && !is_int($default_value) && !is_float($default_value)) + if (!is_null($default_value) && !is_int($default_value) && !is_float($default_value)) $default_value = '\''.$this->escape($default_value).'\''; - return $this->query('ALTER TABLE '.($no_prefix ? '' : $this->prefix).$table_name.' MODIFY '.$field_name.' '.$field_type.($allow_null ? ' ' : ' NOT NULL').($default_value !== null ? ' DEFAULT '.$default_value : ' ').($after_field != null ? ' AFTER '.$after_field : '')) ? true : false; + return $this->query('ALTER TABLE '.($no_prefix ? '' : $this->prefix).$table_name.' MODIFY '.$field_name.' '.$field_type.($allow_null ? ' ' : ' NOT NULL').(!is_null($default_value) ? ' DEFAULT '.$default_value : ' ').(!is_null($after_field) ? ' AFTER '.$after_field : '')) ? true : false; } diff --git a/include/dblayer/mysql_innodb.php b/include/dblayer/mysql_innodb.php index 6851309..01ca724 100644 --- a/include/dblayer/mysql_innodb.php +++ b/include/dblayer/mysql_innodb.php @@ -1,7 +1,7 @@ datatype_transformations), array_values($this->datatype_transformations), $field_type); - if ($default_value !== null && !is_int($default_value) && !is_float($default_value)) + if (!is_null($default_value) && !is_int($default_value) && !is_float($default_value)) $default_value = '\''.$this->escape($default_value).'\''; - return $this->query('ALTER TABLE '.($no_prefix ? '' : $this->prefix).$table_name.' ADD '.$field_name.' '.$field_type.($allow_null ? ' ' : ' NOT NULL').($default_value !== null ? ' DEFAULT '.$default_value : ' ').($after_field != null ? ' AFTER '.$after_field : '')) ? true : false; + return $this->query('ALTER TABLE '.($no_prefix ? '' : $this->prefix).$table_name.' ADD '.$field_name.' '.$field_type.($allow_null ? ' ' : ' NOT NULL').(!is_null($default_value) ? ' DEFAULT '.$default_value : ' ').(!is_null($after_field) ? ' AFTER '.$after_field : '')) ? true : false; } @@ -346,10 +346,10 @@ class DBLayer $field_type = preg_replace(array_keys($this->datatype_transformations), array_values($this->datatype_transformations), $field_type); - if ($default_value !== null && !is_int($default_value) && !is_float($default_value)) + if (!is_null($default_value) && !is_int($default_value) && !is_float($default_value)) $default_value = '\''.$this->escape($default_value).'\''; - return $this->query('ALTER TABLE '.($no_prefix ? '' : $this->prefix).$table_name.' MODIFY '.$field_name.' '.$field_type.($allow_null ? ' ' : ' NOT NULL').($default_value !== null ? ' DEFAULT '.$default_value : ' ').($after_field != null ? ' AFTER '.$after_field : '')) ? true : false; + return $this->query('ALTER TABLE '.($no_prefix ? '' : $this->prefix).$table_name.' MODIFY '.$field_name.' '.$field_type.($allow_null ? ' ' : ' NOT NULL').(!is_null($default_value) ? ' DEFAULT '.$default_value : ' ').(!is_null($after_field) ? ' AFTER '.$after_field : '')) ? true : false; } diff --git a/include/dblayer/mysqli.php b/include/dblayer/mysqli.php index c17294d..8b2675b 100644 --- a/include/dblayer/mysqli.php +++ b/include/dblayer/mysqli.php @@ -1,7 +1,7 @@ datatype_transformations), array_values($this->datatype_transformations), $field_type); - if ($default_value !== null && !is_int($default_value) && !is_float($default_value)) + if (!is_null($default_value) && !is_int($default_value) && !is_float($default_value)) $default_value = '\''.$this->escape($default_value).'\''; - return $this->query('ALTER TABLE '.($no_prefix ? '' : $this->prefix).$table_name.' ADD '.$field_name.' '.$field_type.($allow_null ? ' ' : ' NOT NULL').($default_value !== null ? ' DEFAULT '.$default_value : ' ').($after_field != null ? ' AFTER '.$after_field : '')) ? true : false; + return $this->query('ALTER TABLE '.($no_prefix ? '' : $this->prefix).$table_name.' ADD '.$field_name.' '.$field_type.($allow_null ? ' ' : ' NOT NULL').(!is_null($default_value) ? ' DEFAULT '.$default_value : ' ').(!is_null($after_field) ? ' AFTER '.$after_field : '')) ? true : false; } @@ -339,10 +339,10 @@ class DBLayer $field_type = preg_replace(array_keys($this->datatype_transformations), array_values($this->datatype_transformations), $field_type); - if ($default_value !== null && !is_int($default_value) && !is_float($default_value)) + if (!is_null($default_value) && !is_int($default_value) && !is_float($default_value)) $default_value = '\''.$this->escape($default_value).'\''; - return $this->query('ALTER TABLE '.($no_prefix ? '' : $this->prefix).$table_name.' MODIFY '.$field_name.' '.$field_type.($allow_null ? ' ' : ' NOT NULL').($default_value !== null ? ' DEFAULT '.$default_value : ' ').($after_field != null ? ' AFTER '.$after_field : '')) ? true : false; + return $this->query('ALTER TABLE '.($no_prefix ? '' : $this->prefix).$table_name.' MODIFY '.$field_name.' '.$field_type.($allow_null ? ' ' : ' NOT NULL').(!is_null($default_value) ? ' DEFAULT '.$default_value : ' ').(!is_null($after_field) ? ' AFTER '.$after_field : '')) ? true : false; } diff --git a/include/dblayer/mysqli_innodb.php b/include/dblayer/mysqli_innodb.php index b9f43db..3a07431 100644 --- a/include/dblayer/mysqli_innodb.php +++ b/include/dblayer/mysqli_innodb.php @@ -1,7 +1,7 @@ datatype_transformations), array_values($this->datatype_transformations), $field_type); - if ($default_value !== null && !is_int($default_value) && !is_float($default_value)) + if (!is_null($default_value) && !is_int($default_value) && !is_float($default_value)) $default_value = '\''.$this->escape($default_value).'\''; - return $this->query('ALTER TABLE '.($no_prefix ? '' : $this->prefix).$table_name.' ADD '.$field_name.' '.$field_type.($allow_null ? ' ' : ' NOT NULL').($default_value !== null ? ' DEFAULT '.$default_value : ' ').($after_field != null ? ' AFTER '.$after_field : '')) ? true : false; + return $this->query('ALTER TABLE '.($no_prefix ? '' : $this->prefix).$table_name.' ADD '.$field_name.' '.$field_type.($allow_null ? ' ' : ' NOT NULL').(!is_null($default_value) ? ' DEFAULT '.$default_value : ' ').(!is_null($after_field) ? ' AFTER '.$after_field : '')) ? true : false; } @@ -352,10 +352,10 @@ class DBLayer $field_type = preg_replace(array_keys($this->datatype_transformations), array_values($this->datatype_transformations), $field_type); - if ($default_value !== null && !is_int($default_value) && !is_float($default_value)) + if (!is_null($default_value) && !is_int($default_value) && !is_float($default_value)) $default_value = '\''.$this->escape($default_value).'\''; - return $this->query('ALTER TABLE '.($no_prefix ? '' : $this->prefix).$table_name.' MODIFY '.$field_name.' '.$field_type.($allow_null ? ' ' : ' NOT NULL').($default_value !== null ? ' DEFAULT '.$default_value : ' ').($after_field != null ? ' AFTER '.$after_field : '')) ? true : false; + return $this->query('ALTER TABLE '.($no_prefix ? '' : $this->prefix).$table_name.' MODIFY '.$field_name.' '.$field_type.($allow_null ? ' ' : ' NOT NULL').(!is_null($default_value) ? ' DEFAULT '.$default_value : ' ').(!is_null($after_field) ? ' AFTER '.$after_field : '')) ? true : false; } diff --git a/include/dblayer/pgsql.php b/include/dblayer/pgsql.php index 66b81ca..3a73118 100644 --- a/include/dblayer/pgsql.php +++ b/include/dblayer/pgsql.php @@ -1,7 +1,7 @@ query('ALTER TABLE '.($no_prefix ? '' : $this->prefix).$table_name.' ADD '.$field_name.' '.$field_type) ? true : false; - if ($default_value !== null) + if (!is_null($default_value)) { if (!is_int($default_value) && !is_float($default_value)) $default_value = '\''.$this->escape($default_value).'\''; diff --git a/include/dblayer/sqlite.php b/include/dblayer/sqlite.php index e934dc4..e83ec70 100644 --- a/include/dblayer/sqlite.php +++ b/include/dblayer/sqlite.php @@ -1,7 +1,7 @@ table_exists($table_name, $no_prefix)) return true; - return $this->query('DROP TABLE '.($no_prefix ? '' : $this->prefix).$table_name) ? true : false; + return $this->query('DROP TABLE '.($no_prefix ? '' : $this->prefix).$this->escape($table_name)) ? true : false; } @@ -372,7 +372,7 @@ class DBLayer $result &= $this->query('INSERT INTO '.($no_prefix ? '' : $this->prefix).$this->escape($new_name).' SELECT * FROM '.($no_prefix ? '' : $this->prefix).$this->escape($old_name)) ? true : false; // Drop old table - $result &= $this->drop_table(($no_prefix ? '' : $this->prefix).$this->escape($table_name)); + $result &= $this->drop_table($table_name, $no_prefix); return $result; } @@ -438,7 +438,7 @@ class DBLayer $query = $field_type; if (!$allow_null) $query .= ' NOT NULL'; - if ($default_value === null || $default_value === '') + if (is_null($default_value) || $default_value === '') $default_value = '\'\''; $query .= ' DEFAULT '.$default_value; @@ -460,7 +460,7 @@ class DBLayer $new_table = trim($new_table, ',')."\n".');'; // Drop old table - $result &= $this->drop_table(($no_prefix ? '' : $this->prefix).$this->escape($table_name)); + $result &= $this->drop_table($table_name, $no_prefix); // Create new table $result &= $this->query($new_table) ? true : false; @@ -476,7 +476,7 @@ class DBLayer $result &= $this->query('INSERT INTO '.($no_prefix ? '' : $this->prefix).$this->escape($table_name).' ('.implode(', ', $old_columns).') SELECT * FROM '.($no_prefix ? '' : $this->prefix).$this->escape($table_name).'_t'.$now) ? true : false; // Drop temp table - $result &= $this->drop_table(($no_prefix ? '' : $this->prefix).$this->escape($table_name).'_t'.$now); + $result &= $this->drop_table($table_name.'_t'.$now, $no_prefix); return $result; } @@ -520,7 +520,7 @@ class DBLayer $new_table = trim($new_table, ',')."\n".');'; // Drop old table - $result &= $this->drop_table(($no_prefix ? '' : $this->prefix).$this->escape($table_name)); + $result &= $this->drop_table($table_name, $no_prefix); // Create new table $result &= $this->query($new_table) ? true : false; @@ -537,7 +537,7 @@ class DBLayer $result &= $this->query('INSERT INTO '.($no_prefix ? '' : $this->prefix).$this->escape($table_name).' SELECT '.implode(', ', $new_columns).' FROM '.($no_prefix ? '' : $this->prefix).$this->escape($table_name).'_t'.$now) ? true : false; // Drop temp table - $result &= $this->drop_table(($no_prefix ? '' : $this->prefix).$this->escape($table_name).'_t'.$now); + $result &= $this->drop_table($table_name.'_t'.$now, $no_prefix); return $result; } diff --git a/include/email.php b/include/email.php index 94058d0..85543d1 100644 --- a/include/email.php +++ b/include/email.php @@ -1,7 +1,7 @@ '/viewtopic.php?id=$1', - 'post' => '/viewtopic.php?pid=$1#p$1', - 'forum' => '/viewforum.php?id=$1', - 'user' => '/profile.php?id=$1', - ); - - // Split code blocks and text so BBcode in codeblocks won't be touched - list($code, $text) = extract_blocks($text, '[code]', '[/code]'); - - // Strip all bbcodes, except the quote, url, img, email, code and list items bbcodes - $text = preg_replace(array( - '%\[/?(?!(?:quote|url|topic|post|user|forum|img|email|code|list|\*))[a-z]+(?:=[^\]]+)?\]%i', - '%\n\[/?list(?:=[^\]]+)?\]%i' // A separate regex for the list tags to get rid of some whitespace - ), '', $text); - - // Match the deepest nested bbcode - // An adapted example from Mastering Regular Expressions - $match_quote_regex = '% - \[(quote|\*|url|img|email|topic|post|user|forum)(?:=([^\]]+))?\] - ( - (?>[^\[]*) - (?> - (?!\[/?\1(?:=[^\]]+)?\]) - \[ - [^\[]* - )* - ) - \[/\1\] - %ix'; - - $url_index = 1; - $url_stack = array(); - while (preg_match($match_quote_regex, $text, $matches)) - { - // Quotes - if ($matches[1] == 'quote') - { - // Put '>' or '> ' at the start of a line - $replacement = preg_replace( - array('%^(?=\>)%m', '%^(?!\>)%m'), - array('>', '> '), - $matches[2]." said:\n".$matches[3]); - } - - // List items - elseif ($matches[1] == '*') - { - $replacement = ' * '.$matches[3]; - } - - // URLs and emails - elseif (in_array($matches[1], array('url', 'email'))) - { - if (!empty($matches[2])) - { - $replacement = '['.$matches[3].']['.$url_index.']'; - $url_stack[$url_index] = $matches[2]; - $url_index++; - } - else - $replacement = '['.$matches[3].']'; - } - - // Images - elseif ($matches[1] == 'img') - { - if (!empty($matches[2])) - $replacement = '['.$matches[2].']['.$url_index.']'; - else - $replacement = '['.basename($matches[3]).']['.$url_index.']'; - - $url_stack[$url_index] = $matches[3]; - $url_index++; - } - - // Topic, post, forum and user URLs - elseif (in_array($matches[1], array('topic', 'post', 'forum', 'user'))) - { - $url = isset($shortcut_urls[$matches[1]]) ? $base_url.$shortcut_urls[$matches[1]] : ''; - - if (!empty($matches[2])) - { - $replacement = '['.$matches[3].']['.$url_index.']'; - $url_stack[$url_index] = str_replace('$1', $matches[2], $url); - $url_index++; - } - else - $replacement = '['.str_replace('$1', $matches[3], $url).']'; - } - - // Update the main text if there is a replacment - if (!is_null($replacement)) - { - $text = str_replace($matches[0], $replacement, $text); - $replacement = null; - } - } - - // Put code blocks and text together - if (isset($code)) - { - $parts = explode("\1", $text); - $text = ''; - foreach ($parts as $i => $part) - { - $text .= $part; - if (isset($code[$i])) - $text .= trim($code[$i], "\n\r"); - } - } - - // Put URLs at the bottom - if ($url_stack) - { - $text .= "\n\n"; - foreach ($url_stack as $i => $url) - $text .= "\n".' ['.$i.']: '.$url; - } - - // Wrap lines if $wrap_length is higher than -1 - if ($wrap_length > -1) - { - // Split all lines and wrap them individually - $parts = explode("\n", $text); - foreach ($parts as $k => $part) - { - preg_match('%^(>+ )?(.*)%', $part, $matches); - $parts[$k] = wordwrap($matches[1].$matches[2], $wrap_length - - strlen($matches[1]), "\n".$matches[1]); - } - - return implode("\n", $parts); - } - else - return $text; + static $base_url; + + if (!isset($base_url)) + $base_url = get_base_url(); + + $text = pun_trim($text, "\t\n "); + + $shortcut_urls = array( + 'topic' => '/viewtopic.php?id=$1', + 'post' => '/viewtopic.php?pid=$1#p$1', + 'forum' => '/viewforum.php?id=$1', + 'user' => '/profile.php?id=$1', + ); + + // Split code blocks and text so BBcode in codeblocks won't be touched + list($code, $text) = extract_blocks($text, '[code]', '[/code]'); + + // Strip all bbcodes, except the quote, url, img, email, code and list items bbcodes + $text = preg_replace(array( + '%\[/?(?!(?:quote|url|topic|post|user|forum|img|email|code|list|\*))[a-z]+(?:=[^\]]+)?\]%i', + '%\n\[/?list(?:=[^\]]+)?\]%i' // A separate regex for the list tags to get rid of some whitespace + ), '', $text); + + // Match the deepest nested bbcode + // An adapted example from Mastering Regular Expressions + $match_quote_regex = '% + \[(quote|\*|url|img|email|topic|post|user|forum)(?:=([^\]]+))?\] + ( + (?>[^\[]*) + (?> + (?!\[/?\1(?:=[^\]]+)?\]) + \[ + [^\[]* + )* + ) + \[/\1\] + %ix'; + + $url_index = 1; + $url_stack = array(); + while (preg_match($match_quote_regex, $text, $matches)) + { + // Quotes + if ($matches[1] == 'quote') + { + // Put '>' or '> ' at the start of a line + $replacement = preg_replace( + array('%^(?=\>)%m', '%^(?!\>)%m'), + array('>', '> '), + $matches[2]." said:\n".$matches[3]); + } + + // List items + elseif ($matches[1] == '*') + { + $replacement = ' * '.$matches[3]; + } + + // URLs and emails + elseif (in_array($matches[1], array('url', 'email'))) + { + if (!empty($matches[2])) + { + $replacement = '['.$matches[3].']['.$url_index.']'; + $url_stack[$url_index] = $matches[2]; + $url_index++; + } + else + $replacement = '['.$matches[3].']'; + } + + // Images + elseif ($matches[1] == 'img') + { + if (!empty($matches[2])) + $replacement = '['.$matches[2].']['.$url_index.']'; + else + $replacement = '['.basename($matches[3]).']['.$url_index.']'; + + $url_stack[$url_index] = $matches[3]; + $url_index++; + } + + // Topic, post, forum and user URLs + elseif (in_array($matches[1], array('topic', 'post', 'forum', 'user'))) + { + $url = isset($shortcut_urls[$matches[1]]) ? $base_url.$shortcut_urls[$matches[1]] : ''; + + if (!empty($matches[2])) + { + $replacement = '['.$matches[3].']['.$url_index.']'; + $url_stack[$url_index] = str_replace('$1', $matches[2], $url); + $url_index++; + } + else + $replacement = '['.str_replace('$1', $matches[3], $url).']'; + } + + // Update the main text if there is a replacment + if (!is_null($replacement)) + { + $text = str_replace($matches[0], $replacement, $text); + $replacement = null; + } + } + + // Put code blocks and text together + if (isset($code)) + { + $parts = explode("\1", $text); + $text = ''; + foreach ($parts as $i => $part) + { + $text .= $part; + if (isset($code[$i])) + $text .= trim($code[$i], "\n\r"); + } + } + + // Put URLs at the bottom + if ($url_stack) + { + $text .= "\n\n"; + foreach ($url_stack as $i => $url) + $text .= "\n".' ['.$i.']: '.$url; + } + + // Wrap lines if $wrap_length is higher than -1 + if ($wrap_length > -1) + { + // Split all lines and wrap them individually + $parts = explode("\n", $text); + foreach ($parts as $k => $part) + { + preg_match('%^(>+ )?(.*)%', $part, $matches); + $parts[$k] = wordwrap($matches[1].$matches[2], $wrap_length - + strlen($matches[1]), "\n".$matches[1]); + } + + return implode("\n", $parts); + } + else + return $text; } diff --git a/include/functions.php b/include/functions.php index 6c87050..3a52a85 100644 --- a/include/functions.php +++ b/include/functions.php @@ -1,7 +1,7 @@ array(), 'forums' => array()); - if (strlen($cookie_data) > 4048) + if (strlen($cookie_data) > FORUM_MAX_COOKIE_SIZE) return array('topics' => array(), 'forums' => array()); // Unserialize data from cookie @@ -882,7 +882,7 @@ function paginate($num_pages, $cur_page, $link) { // Add a previous page link if ($num_pages > 1 && $cur_page > 1) - $pages[] = ''.$lang_common['Previous'].''; + $pages[] = ''; if ($cur_page > 3) { @@ -913,7 +913,7 @@ function paginate($num_pages, $cur_page, $link) // Add a next page link if ($num_pages > 1 && !$link_to_all && $cur_page < $num_pages) - $pages[] = ''.$lang_common['Next'].''; + $pages[] = ''; } return implode(' ', $pages); @@ -923,10 +923,15 @@ function paginate($num_pages, $cur_page, $link) // // Display a message // -function message($message, $no_back_link = false) +function message($message, $no_back_link = false, $http_status = null) { global $db, $lang_common, $pun_config, $pun_start, $tpl_main, $pun_user; + // Did we receive a custom header? + if(!is_null($http_status)) { + header('HTTP/1.1 ' . $http_status); + } + if (!defined('PUN_HEADER')) { $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_common['Info']); @@ -965,10 +970,10 @@ function format_time($timestamp, $date_only = false, $date_format = null, $time_ $timestamp += $diff; $now = time(); - if($date_format == null) + if(is_null($date_format)) $date_format = $forum_date_formats[$pun_user['date_format']]; - if($time_format == null) + if(is_null($time_format)) $time_format = $forum_time_formats[$pun_user['time_format']]; $date = gmdate($date_format, $timestamp); @@ -1155,7 +1160,7 @@ function pun_linebreaks($str) // function pun_trim($str, $charlist = false) { - return utf8_trim($str, $charlist); + return is_string($str) ? utf8_trim($str, $charlist) : ''; } // @@ -1175,7 +1180,7 @@ function is_all_uppercase($string) // function array_insert(&$input, $offset, $element, $key = null) { - if ($key == null) + if (is_null($key)) $key = $offset; // Determine the proper offset if we're using a string @@ -1501,7 +1506,7 @@ H2 {MARGIN: 0; COLOR: #FFFFFF; BACKGROUND-COLOR: #B84623; FONT-SIZE: 1.1em; PADD
File: '.$file.'
'."\n\t\t".'Line: '.$line.'

'."\n\t\t".'FluxBB reported: '.$message."\n"; @@ -1630,7 +1635,7 @@ function remove_bad_characters($array) $array = utf8_bad_strip($array); // Remove control characters - $array = preg_replace('%[\x{00}-\x{08}\x{0b}-\x{0c}\x{0e}-\x{1f}]%', '', $array); + $array = preg_replace('%[\x00-\x08\x0b-\x0c\x0e-\x1f]%', '', $array); // Replace some "bad" characters $array = str_replace(array_keys($bad_utf8_chars), array_values($bad_utf8_chars), $array); @@ -1651,7 +1656,7 @@ function file_size($size) for ($i = 0; $size > 1024; $i++) $size /= 1024; - return sprintf($lang_common['Size unit '.$units[$i]], round($size, 2));; + return sprintf($lang_common['Size unit '.$units[$i]], round($size, 2)); } @@ -1754,7 +1759,7 @@ function forum_list_plugins($is_admin) // // Split text into chunks ($inside contains all text inside $start and $end, and $outside contains all text outside) // -function split_text($text, $start, $end, &$errors, $retab = true) +function split_text($text, $start, $end, $retab = true) { global $pun_config, $lang_common; @@ -1782,7 +1787,7 @@ function split_text($text, $start, $end, &$errors, $retab = true) // Extract blocks from a text with a starting and ending string // This function always matches the most outer block so nesting is possible // -function extract_blocks($text, $start, $end, &$errors = array(), $retab = true) +function extract_blocks($text, $start, $end, $retab = true) { global $pun_config; @@ -1972,6 +1977,65 @@ function ucp_preg_replace($pattern, $replace, $subject) return $replaced; } +// +// Replace four-byte characters with a question mark +// +// As MySQL cannot properly handle four-byte characters with the default utf-8 +// charset up until version 5.5.3 (where a special charset has to be used), they +// need to be replaced, by question marks in this case. +// +function strip_bad_multibyte_chars($str) +{ + $result = ''; + $length = strlen($str); + + for ($i = 0; $i < $length; $i++) + { + // Replace four-byte characters (11110www 10zzzzzz 10yyyyyy 10xxxxxx) + $ord = ord($str[$i]); + if ($ord >= 240 && $ord <= 244) + { + $result .= '?'; + $i += 3; + } + else + { + $result .= $str[$i]; + } + } + + return $result; +} + +// +// Check whether a file/folder is writable. +// +// This function also works on Windows Server where ACLs seem to be ignored. +// +function forum_is_writable($path) +{ + if (is_dir($path)) + { + $path = rtrim($path, '/').'/'; + return forum_is_writable($path.uniqid(mt_rand()).'.tmp'); + } + + // Check temporary file for read/write capabilities + $rm = file_exists($path); + $f = @fopen($path, 'a'); + + if ($f === false) + return false; + + fclose($f); + + if (!$rm) + @unlink($path); + + return true; +} + + // DEBUG FUNCTIONS BELOW // diff --git a/include/parser.php b/include/parser.php index 0aba148..238932d 100644 --- a/include/parser.php +++ b/include/parser.php @@ -1,7 +1,7 @@ $part) - { - $text .= $part; - if (isset($inside[$i])) - $text .= '[code]'.$inside[$i].'[/code]'; - } - } + if (isset($inside)) + { + $parts = explode("\1", $text); + $text = ''; + foreach ($parts as $i => $part) + { + $text .= $part; + if (isset($inside[$i])) + $text .= '[code]'.$inside[$i].'[/code]'; + } + } // Remove empty code tags - while (($new_text = preg_replace('%\[(code)\]\s*\[/\1\]%', '', $text)) !== NULL) + while (!is_null($new_text = preg_replace('%\[(code)\]\s*\[/\1\]%', '', $text))) { if ($new_text != $text) $text = $new_text; @@ -352,18 +353,13 @@ function preparse_tags($text, &$errors, $is_signature = false) $current = strtolower($current); // This is if we are currently in a tag which escapes other bbcode such as code - // We keep a cound of ignored bbcodes (code tags) so we can nest them, but + // We keep a count of ignored bbcodes (code tags) so we can nest them, but // only balanced sets of tags can be nested if ($current_ignore) { // Increase the current ignored tags counter if ('['.$current_ignore.']' == $current) - { - if (!isset($count_ignored[$current_tag])) - $count_ignored[$current_tag] = 2; - else - $count_ignored[$current_tag]++; - } + $count_ignored[$current_tag]++; // Decrease the current ignored tags counter if ('[/'.$current_ignore.']' == $current) @@ -531,6 +527,7 @@ function preparse_tags($text, &$errors, $is_signature = false) { // It's an ignore tag so we don't need to worry about what's inside it $current_ignore = $current_tag; + $count_ignored[$current_tag] = 1; $new_text .= $current; continue; } @@ -601,7 +598,7 @@ function preparse_tags($text, &$errors, $is_signature = false) // // Preparse the contents of [list] bbcode // -function preparse_list_tag($content, $type = '*', &$errors) +function preparse_list_tag($content, $type = '*') { global $lang_common, $re_list; @@ -610,7 +607,7 @@ function preparse_list_tag($content, $type = '*', &$errors) if (strpos($content,'[list') !== false) { - $content = preg_replace($re_list, 'preparse_list_tag(\'$2\', \'$1\', $errors)', $content); + $content = preg_replace($re_list, 'preparse_list_tag(\'$2\', \'$1\')', $content); } $items = explode('[*]', str_replace('\"', '"', $content)); @@ -632,6 +629,11 @@ function preparse_list_tag($content, $type = '*', &$errors) function handle_url_tag($url, $link = '', $bbcode = false) { $url = pun_trim($url); + + // Deal with [url][img]http://example.com/test.png[/img][/url] + if (preg_match('%<'.$lang_common['Image link'].' - '.$alt.'>'; @@ -776,14 +778,14 @@ function do_bbcode($text, $is_signature = false) $pattern[] = '%\[url=([^\[]+?)\](.*?)\[/url\]%e'; $pattern[] = '%\[email\]([^\[]*?)\[/email\]%'; $pattern[] = '%\[email=([^\[]+?)\](.*?)\[/email\]%'; - $pattern[] = '%\[topic\]([^\[]*?)\[/topic\]%e'; - $pattern[] = '%\[topic=([^\[]+?)\](.*?)\[/topic\]%e'; - $pattern[] = '%\[post\]([^\[]*?)\[/post\]%e'; - $pattern[] = '%\[post=([^\[]+?)\](.*?)\[/post\]%e'; - $pattern[] = '%\[forum\]([^\[]*?)\[/forum\]%e'; - $pattern[] = '%\[forum=([^\[]+?)\](.*?)\[/forum\]%e'; - $pattern[] = '%\[user\]([^\[]*?)\[/user\]%e'; - $pattern[] = '%\[user=([^\[]+?)\](.*?)\[/user\]%e'; + $pattern[] = '%\[topic\]([1-9]\d*)\[/topic\]%e'; + $pattern[] = '%\[topic=([1-9]\d*)\](.*?)\[/topic\]%e'; + $pattern[] = '%\[post\]([1-9]\d*)\[/post\]%e'; + $pattern[] = '%\[post=([1-9]\d*)\](.*?)\[/post\]%e'; + $pattern[] = '%\[forum\]([1-9]\d*)\[/forum\]%e'; + $pattern[] = '%\[forum=([1-9]\d*)\](.*?)\[/forum\]%e'; + $pattern[] = '%\[user\]([1-9]\d*)\[/user\]%e'; + $pattern[] = '%\[user=([1-9]\d*)\](.*?)\[/user\]%e'; $replace[] = 'handle_url_tag(\'$1\')'; $replace[] = 'handle_url_tag(\'$1\', \'$2\')'; @@ -812,8 +814,8 @@ function do_clickable($text) { $text = ' '.$text; - $text = ucp_preg_replace('%(?<=[\s\]\)])(<)?(\[)?(\()?([\'"]?)(https?|ftp|news){1}://([\p{L}\p{N}\-]+\.([\p{L}\p{N}\-]+\.)*[\p{L}\p{N}]+(:[0-9]+)?(/[^\s\[]*[^\s.,?!\[;:-])?)\4(?(3)(\)))(?(2)(\]))(?(1)(>))(?![^\s]*\[/(?:url|img)\])%uie', 'stripslashes(\'$1$2$3$4\').handle_url_tag(\'$5://$6\', \'$5://$6\', true).stripslashes(\'$4$10$11$12\')', $text); - $text = ucp_preg_replace('%(?<=[\s\]\)])(<)?(\[)?(\()?([\'"]?)(www|ftp)\.(([\p{L}\p{N}\-]+\.)*[\p{L}\p{N}]+(:[0-9]+)?(/[^\s\[]*[^\s.,?!\[;:-])?)\4(?(3)(\)))(?(2)(\]))(?(1)(>))(?![^\s]*\[/(?:url|img)\])%uie', 'stripslashes(\'$1$2$3$4\').handle_url_tag(\'$5.$6\', \'$5.$6\', true).stripslashes(\'$4$10$11$12\')', $text); + $text = ucp_preg_replace('%(?<=[\s\]\)])(<)?(\[)?(\()?([\'"]?)(https?|ftp|news){1}://([\p{L}\p{N}\-]+\.([\p{L}\p{N}\-]+\.)*[\p{L}\p{N}]+(:[0-9]+)?(/(?:[^\s\[]*[^\s.,?!\[;:-])?)?)\4(?(3)(\)))(?(2)(\]))(?(1)(>))(?![^\s]*\[/(?:url|img)\])%uie', 'stripslashes(\'$1$2$3$4\').handle_url_tag(\'$5://$6\', \'$5://$6\', true).stripslashes(\'$4$10$11$12\')', $text); + $text = ucp_preg_replace('%(?<=[\s\]\)])(<)?(\[)?(\()?([\'"]?)(www|ftp)\.(([\p{L}\p{N}\-]+\.)*[\p{L}\p{N}]+(:[0-9]+)?(/(?:[^\s\[]*[^\s.,?!\[;:-])?)?)\4(?(3)(\)))(?(2)(\]))(?(1)(>))(?![^\s]*\[/(?:url|img)\])%uie', 'stripslashes(\'$1$2$3$4\').handle_url_tag(\'$5.$6\', \'$5.$6\', true).stripslashes(\'$4$10$11$12\')', $text); return substr($text, 1); } @@ -853,7 +855,7 @@ function parse_message($text, $hide_smilies) // If the message contains a code tag we have to split it up (text within [code][/code] shouldn't be touched) if (strpos($text, '[code]') !== false && strpos($text, '[/code]') !== false) - list($inside, $text) = extract_blocks($text, '[code]', '[/code]', $errors); + list($inside, $text) = extract_blocks($text, '[code]', '[/code]'); if ($pun_config['p_message_bbcode'] == '1' && strpos($text, '[') !== false && strpos($text, ']') !== false) $text = do_bbcode($text); @@ -867,24 +869,46 @@ function parse_message($text, $hide_smilies) $text = str_replace($pattern, $replace, $text); // If we split up the message before we have to concatenate it together again (code tags) - if (isset($inside)) { - $parts = explode("\1", $text); - $text = ''; - foreach ($parts as $i => $part) - { - $text .= $part; - if (isset($inside[$i])) - { - $num_lines = (substr_count($inside[$i], "\n")); - $text .= '

28) ? ' class="vscroll"' : '').'>'.pun_trim($inside[$i], "\n\r").'

'; - } - } - } + if (isset($inside)) + { + $parts = explode("\1", $text); + $text = ''; + foreach ($parts as $i => $part) + { + $text .= $part; + if (isset($inside[$i])) + { + $num_lines = (substr_count($inside[$i], "\n")); + $text .= '

28) ? ' class="vscroll"' : '').'>'.pun_trim($inside[$i], "\n\r").'

'; + } + } + } + return clean_paragraphs($text); +} + + +// +// Clean up paragraphs and line breaks +// +function clean_paragraphs($text) +{ // Add paragraph tag around post, but make sure there are no empty paragraphs - $text = preg_replace('%
\s*?
((\s*
)*)%i', "

$1

", $text); - $text = str_replace('


', '

', $text); - $text = str_replace('

', '', '

'.$text.'

'); + + $text = '

'.$text.'

'; + + // Replace any breaks next to paragraphs so our replace below catches them + $text = preg_replace('%()(?:\s*?
){1,2}%i', '$1', $text); + $text = preg_replace('%(?:
\s*?){1,2}()%i', '$1', $text); + + // Remove any empty paragraph tags (inserted via quotes/lists/code/etc) which should be stripped + $text = str_replace('

', '', $text); + + $text = preg_replace('%
\s*?
%i', '

', $text); + + $text = str_replace('


', '

', $text); + $text = str_replace('

', '


', $text); + $text = str_replace('

', '

', $text); return $text; } @@ -915,10 +939,5 @@ function parse_signature($text) $replace = array('
', '    ', '  ', '  '); $text = str_replace($pattern, $replace, $text); - // Add paragraph tag around post, but make sure there are no empty paragraphs - $text = preg_replace('%
\s*?
((\s*
)*)%i', "

$1

", $text); - $text = str_replace('


', '

', $text); - $text = str_replace('

', '', '

'.$text.'

'); - - return $text; + return clean_paragraphs($text); } diff --git a/include/search_idx.php b/include/search_idx.php index 210b268..550f348 100644 --- a/include/search_idx.php +++ b/include/search_idx.php @@ -1,7 +1,7 @@ = PUN_SEARCH_MIN_WORD && $num_chars <= PUN_SEARCH_MAX_WORD; @@ -145,6 +148,7 @@ function strip_bbcode($text) '%\[img=([^\]]*+)\]([^[]*+)\[/img\]%' => '$2 $1', // Keep the url and description '%\[(url|email)=([^\]]*+)\]([^[]*+(?:(?!\[/\1\])\[[^[]*+)*)\[/\1\]%' => '$2 $3', // Keep the url and text '%\[(img|url|email)\]([^[]*+(?:(?!\[/\1\])\[[^[]*+)*)\[/\1\]%' => '$2', // Keep the url + '%\[(topic|post|forum|user)\][1-9]\d*\[/\1\]%' => ' ', // Do not index topic/post/forum/user ID ); } diff --git a/include/utf8/strcspn.php b/include/utf8/strcspn.php index 1e3756d..b05e327 100644 --- a/include/utf8/strcspn.php +++ b/include/utf8/strcspn.php @@ -24,7 +24,7 @@ function utf8_strcspn($str, $mask, $start=null, $length=null) $mask = preg_replace('!([\\\\\\-\\]\\[/^])!','\\\${1}', $mask); - if ($start !== null || $length !== null) + if (!is_null($start) || !is_null($length)) $str = utf8_substr($str, $start, $length); preg_match('/^[^'.$mask.']+/u', $str, $matches); diff --git a/include/utf8/strspn.php b/include/utf8/strspn.php index 424ceb7..49d300a 100644 --- a/include/utf8/strspn.php +++ b/include/utf8/strspn.php @@ -20,7 +20,7 @@ function utf8_strspn($str, $mask, $start=null, $length=null) { $mask = preg_replace('!([\\\\\\-\\]\\[/^])!', '\\\${1}', $mask); - if ($start !== null || $length !== null) + if (!is_null($start)|| !is_null($length)) $str = utf8_substr($str, $start, $length); preg_match('/^['.$mask.']+/u', $str, $matches); diff --git a/include/utf8/substr_replace.php b/include/utf8/substr_replace.php index 7fc7369..20a43b5 100644 --- a/include/utf8/substr_replace.php +++ b/include/utf8/substr_replace.php @@ -18,7 +18,7 @@ function utf8_substr_replace($str, $repl, $start , $length=null) preg_match_all('/./us', $str, $ar); preg_match_all('/./us', $repl, $rar); - if($length === null) + if(is_null($length)) $length = utf8_strlen($str); array_splice($ar[0], $start, $length, $rar[0]); diff --git a/include/utf8/utf8.php b/include/utf8/utf8.php index 281f18c..661b2d7 100644 --- a/include/utf8/utf8.php +++ b/include/utf8/utf8.php @@ -34,7 +34,7 @@ if (!defined('UTF8')) if (extension_loaded('mbstring') && !defined('UTF8_USE_MBSTRING') && !defined('UTF8_USE_NATIVE')) define('UTF8_USE_MBSTRING', true); -else +else if (!defined('UTF8_USE_NATIVE')) define('UTF8_USE_NATIVE', true); // utf8_strpos() and utf8_strrpos() need utf8_bad_strip() to strip invalid diff --git a/include/utf8/utils/bad.php b/include/utf8/utils/bad.php index 78e9d17..2704294 100644 --- a/include/utf8/utils/bad.php +++ b/include/utf8/utils/bad.php @@ -114,33 +114,9 @@ function utf8_bad_findall($str) * @package utf8 * @subpackage bad */ -function utf8_bad_strip($str) +function utf8_bad_strip($original) { - $UTF8_BAD = - '([\x00-\x7F]'. # ASCII (including control chars) - '|[\xC2-\xDF][\x80-\xBF]'. # Non-overlong 2-byte - '|\xE0[\xA0-\xBF][\x80-\xBF]'. # Excluding overlongs - '|[\xE1-\xEC\xEE\xEF][\x80-\xBF]{2}'. # Straight 3-byte - '|\xED[\x80-\x9F][\x80-\xBF]'. # Excluding surrogates - '|\xF0[\x90-\xBF][\x80-\xBF]{2}'. # Planes 1-3 - '|[\xF1-\xF3][\x80-\xBF]{3}'. # Planes 4-15 - '|\xF4[\x80-\x8F][\x80-\xBF]{2}'. # Plane 16 - '|(.{1}))'; # Invalid byte - - ob_start(); - - while (preg_match('/'.$UTF8_BAD.'/S', $str, $matches)) - { - if (!isset($matches[2])) - echo $matches[0]; - - $str = substr($str, strlen($matches[0])); - } - - $result = ob_get_contents(); - ob_end_clean(); - - return $result; + return utf8_bad_replace($original, ''); } /** @@ -156,33 +132,52 @@ function utf8_bad_strip($str) * @package utf8 * @subpackage bad */ -function utf8_bad_replace($str, $replace='?') -{ - $UTF8_BAD = - '([\x00-\x7F]'. # ASCII (including control chars) - '|[\xC2-\xDF][\x80-\xBF]'. # Non-overlong 2-byte - '|\xE0[\xA0-\xBF][\x80-\xBF]'. # Excluding overlongs - '|[\xE1-\xEC\xEE\xEF][\x80-\xBF]{2}'. # Straight 3-byte - '|\xED[\x80-\x9F][\x80-\xBF]'. # Excluding surrogates - '|\xF0[\x90-\xBF][\x80-\xBF]{2}'. # Planes 1-3 - '|[\xF1-\xF3][\x80-\xBF]{3}'. # Planes 4-15 - '|\xF4[\x80-\x8F][\x80-\xBF]{2}'. # Plane 16 - '|(.{1}))'; # Invalid byte +function utf8_bad_replace($original, $replace = '?') { + $result = ''; + + $strlen = strlen($original); + for ($i = 0; $i < $strlen;) { + $char = $original[$i++]; + $byte = ord($char); + + if ($byte < 0x80) $bytes = 0; // 1-bytes (00000000 - 01111111) + else if ($byte < 0xC0) { // 1-bytes (10000000 - 10111111) + $result .= $replace; + continue; + } + else if ($byte < 0xE0) $bytes = 1; // 2-bytes (11000000 - 11011111) + else if ($byte < 0xF0) $bytes = 2; // 3-bytes (11100000 - 11101111) + else if ($byte < 0xF8) $bytes = 3; // 4-bytes (11110000 - 11110111) + else if ($byte < 0xFC) $bytes = 4; // 5-bytes (11111000 - 11111011) + else if ($byte < 0xFE) $bytes = 5; // 6-bytes (11111100 - 11111101) + else { // Otherwise it's something invalid + $result .= $replace; + continue; + } - ob_start(); + // Check our input actually has enough data + if ($i + $bytes > $strlen) { + $result .= $replace; + continue; + } - while (preg_match('/'.$UTF8_BAD.'/S', $str, $matches)) - { - if (!isset($matches[2])) - echo $matches[0]; - else - echo $replace; + // If we've got this far then we have a multiple-byte character + for ($j = 0; $j < $bytes; $j++) { + $byte = $original[$i + $j]; - $str = substr($str, strlen($matches[0])); - } + $char .= $byte; + $byte = ord($byte); - $result = ob_get_contents(); - ob_end_clean(); + // Every following byte must be 10000000 - 10111111 + if ($byte < 0x80 || $byte > 0xBF) { + $result .= $replace; + continue 2; + } + } + + $i += $bytes; + $result .= $char; + } return $result; } diff --git a/index.php b/index.php index e80e73b..0f257ac 100644 --- a/index.php +++ b/index.php @@ -1,7 +1,7 @@ ", "req_db_host": "", "req_db_name": "", - "db_prefix": "", "req_username": "", "req_password1": "", "req_password2": "", @@ -272,14 +271,11 @@ function process_form(the_form) for (var i = 0; i < the_form.length; ++i) { var elem = the_form.elements[i]; - if (elem.name && (/^req_/.test(elem.name))) + if (elem.name && required_fields[elem.name] && !elem.value && elem.type && (/^(?:text(?:area)?|password|file)$/i.test(elem.type))) { - if (!elem.value && elem.type && (/^(?:text(?:area)?|password|file)$/i.test(elem.type))) - { - alert('"' + element_names[elem.name] + '" '); - elem.focus(); - return false; - } + alert('"' + required_fields[elem.name] + '" '); + elem.focus(); + return false; } } } @@ -338,7 +334,7 @@ function process_form(the_form)
-

+

@@ -1584,90 +1580,90 @@ else $avatars = in_array(strtolower(@ini_get('file_uploads')), array('on', 'true', '1')) ? 1 : 0; // Insert config data - $config = array( - 'o_cur_version' => "'".FORUM_VERSION."'", - 'o_database_revision' => "'".FORUM_DB_REVISION."'", - 'o_searchindex_revision' => "'".FORUM_SI_REVISION."'", - 'o_parser_revision' => "'".FORUM_PARSER_REVISION."'", - 'o_board_title' => "'".$db->escape($title)."'", - 'o_board_desc' => "'".$db->escape($description)."'", - 'o_default_timezone' => "'0'", - 'o_time_format' => "'H:i:s'", - 'o_date_format' => "'Y-m-d'", - 'o_timeout_visit' => "'1800'", - 'o_timeout_online' => "'300'", - 'o_redirect_delay' => "'1'", - 'o_show_version' => "'0'", - 'o_show_user_info' => "'1'", - 'o_show_post_count' => "'1'", - 'o_signatures' => "'1'", - 'o_smilies' => "'1'", - 'o_smilies_sig' => "'1'", - 'o_make_links' => "'1'", - 'o_default_lang' => "'".$db->escape($default_lang)."'", - 'o_default_style' => "'".$db->escape($default_style)."'", - 'o_default_user_group' => "'4'", - 'o_topic_review' => "'15'", - 'o_disp_topics_default' => "'30'", - 'o_disp_posts_default' => "'25'", - 'o_indent_num_spaces' => "'4'", - 'o_quote_depth' => "'3'", - 'o_quickpost' => "'1'", - 'o_users_online' => "'1'", - 'o_censoring' => "'0'", - 'o_ranks' => "'1'", - 'o_show_dot' => "'0'", - 'o_topic_views' => "'1'", - 'o_quickjump' => "'1'", - 'o_gzip' => "'0'", - 'o_additional_navlinks' => "''", - 'o_report_method' => "'0'", - 'o_regs_report' => "'0'", - 'o_default_email_setting' => "'1'", - 'o_mailing_list' => "'".$email."'", - 'o_avatars' => "'".$avatars."'", - 'o_avatars_dir' => "'img/avatars'", - 'o_avatars_width' => "'60'", - 'o_avatars_height' => "'60'", - 'o_avatars_size' => "'10240'", - 'o_search_all_forums' => "'1'", - 'o_base_url' => "'".$db->escape($base_url)."'", - 'o_admin_email' => "'".$email."'", - 'o_webmaster_email' => "'".$email."'", - 'o_forum_subscriptions' => "'1'", - 'o_topic_subscriptions' => "'1'", - 'o_smtp_host' => "NULL", - 'o_smtp_user' => "NULL", - 'o_smtp_pass' => "NULL", - 'o_smtp_ssl' => "'0'", - 'o_regs_allow' => "'1'", - 'o_regs_verify' => "'0'", - 'o_announcement' => "'0'", - 'o_announcement_message' => "'".$db->escape($lang_install['Announcement'])."'", - 'o_rules' => "'0'", - 'o_rules_message' => "'".$db->escape($lang_install['Rules'])."'", - 'o_maintenance' => "'0'", - 'o_maintenance_message' => "'".$db->escape($lang_install['Maintenance message'])."'", - 'o_default_dst' => "'0'", - 'o_feed_type' => "'2'", - 'o_feed_ttl' => "'0'", - 'p_message_bbcode' => "'1'", - 'p_message_img_tag' => "'1'", - 'p_message_all_caps' => "'1'", - 'p_subject_all_caps' => "'1'", - 'p_sig_all_caps' => "'1'", - 'p_sig_bbcode' => "'1'", - 'p_sig_img_tag' => "'0'", - 'p_sig_length' => "'400'", - 'p_sig_lines' => "'4'", - 'p_allow_banned_email' => "'1'", - 'p_allow_dupe_email' => "'0'", - 'p_force_guest_email' => "'1'" + $pun_config = array( + 'o_cur_version' => FORUM_VERSION, + 'o_database_revision' => FORUM_DB_REVISION, + 'o_searchindex_revision' => FORUM_SI_REVISION, + 'o_parser_revision' => FORUM_PARSER_REVISION, + 'o_board_title' => $title, + 'o_board_desc' => $description, + 'o_default_timezone' => 0, + 'o_time_format' => 'H:i:s', + 'o_date_format' => 'Y-m-d', + 'o_timeout_visit' => 1800, + 'o_timeout_online' => 300, + 'o_redirect_delay' => 1, + 'o_show_version' => 0, + 'o_show_user_info' => 1, + 'o_show_post_count' => 1, + 'o_signatures' => 1, + 'o_smilies' => 1, + 'o_smilies_sig' => 1, + 'o_make_links' => 1, + 'o_default_lang' => $default_lang, + 'o_default_style' => $default_style, + 'o_default_user_group' => 4, + 'o_topic_review' => 15, + 'o_disp_topics_default' => 30, + 'o_disp_posts_default' => 25, + 'o_indent_num_spaces' => 4, + 'o_quote_depth' => 3, + 'o_quickpost' => 1, + 'o_users_online' => 1, + 'o_censoring' => 0, + 'o_ranks' => 1, + 'o_show_dot' => 0, + 'o_topic_views' => 1, + 'o_quickjump' => 1, + 'o_gzip' => 0, + 'o_additional_navlinks' => '', + 'o_report_method' => 0, + 'o_regs_report' => 0, + 'o_default_email_setting' => 1, + 'o_mailing_list' => $email, + 'o_avatars' => $avatars, + 'o_avatars_dir' => 'img/avatars', + 'o_avatars_width' => 60, + 'o_avatars_height' => 60, + 'o_avatars_size' => 10240, + 'o_search_all_forums' => 1, + 'o_base_url' => $base_url, + 'o_admin_email' => $email, + 'o_webmaster_email' => $email, + 'o_forum_subscriptions' => 1, + 'o_topic_subscriptions' => 1, + 'o_smtp_host' => NULL, + 'o_smtp_user' => NULL, + 'o_smtp_pass' => NULL, + 'o_smtp_ssl' => 0, + 'o_regs_allow' => 1, + 'o_regs_verify' => 0, + 'o_announcement' => 0, + 'o_announcement_message' => $lang_install['Announcement'], + 'o_rules' => 0, + 'o_rules_message' => $lang_install['Rules'], + 'o_maintenance' => 0, + 'o_maintenance_message' => $lang_install['Maintenance message'], + 'o_default_dst' => 0, + 'o_feed_type' => 2, + 'o_feed_ttl' => 0, + 'p_message_bbcode' => 1, + 'p_message_img_tag' => 1, + 'p_message_all_caps' => 1, + 'p_subject_all_caps' => 1, + 'p_sig_all_caps' => 1, + 'p_sig_bbcode' => 1, + 'p_sig_img_tag' => 0, + 'p_sig_length' => 400, + 'p_sig_lines' => 4, + 'p_allow_banned_email' => 1, + 'p_allow_dupe_email' => 0, + 'p_force_guest_email' => 1 ); - foreach ($config as $conf_name => $conf_value) + foreach ($pun_config as $conf_name => $conf_value) { - $db->query('INSERT INTO '.$db_prefix."config (conf_name, conf_value) VALUES('$conf_name', $conf_value)") + $db->query('INSERT INTO '.$db_prefix.'config (conf_name, conf_value) VALUES(\''.$conf_name.'\', '.(is_null($conf_value) ? 'NULL' : '\''.$db->escape($conf_value).'\'').')') or error('Unable to insert into table '.$db_prefix.'config. Please check your configuration and try again', __FILE__, __LINE__, $db->error()); } @@ -1695,7 +1691,6 @@ else // Index the test post so searching for it works require PUN_ROOT.'include/search_idx.php'; - $pun_config['o_default_lang'] = $default_lang; update_search_index('post', 1, $message, $subject); $db->end_transaction(); @@ -1715,7 +1710,7 @@ else // Attempt to write config.php and serve it up for download if writing fails $written = false; - if (is_writable(PUN_ROOT)) + if (forum_is_writable(PUN_ROOT)) { $fh = @fopen(PUN_ROOT.'config.php', 'wb'); if ($fh) diff --git a/lang/English/admin_options.php b/lang/English/admin_options.php index 00923ce..0274bdf 100644 --- a/lang/English/admin_options.php +++ b/lang/English/admin_options.php @@ -51,27 +51,27 @@ $lang_admin_options = array( 'UTC' => '(UTC) Western European, Greenwich', 'UTC+01:00' => '(UTC+01:00) Central European, West African', 'UTC+02:00' => '(UTC+02:00) Eastern European, Central African', -'UTC+03:00' => '(UTC+03:00) Moscow, Eastern African', +'UTC+03:00' => '(UTC+03:00) Eastern African', 'UTC+03:30' => '(UTC+03:30) Iran', -'UTC+04:00' => '(UTC+04:00) Gulf, Samara', +'UTC+04:00' => '(UTC+04:00) Moscow, Gulf, Samara', 'UTC+04:30' => '(UTC+04:30) Afghanistan', -'UTC+05:00' => '(UTC+05:00) Pakistan, Yekaterinburg', +'UTC+05:00' => '(UTC+05:00) Pakistan', 'UTC+05:30' => '(UTC+05:30) India, Sri Lanka', 'UTC+05:45' => '(UTC+05:45) Nepal', -'UTC+06:00' => '(UTC+06:00) Bangladesh, Bhutan, Novosibirsk', +'UTC+06:00' => '(UTC+06:00) Bangladesh, Bhutan, Yekaterinburg', 'UTC+06:30' => '(UTC+06:30) Cocos Islands, Myanmar', -'UTC+07:00' => '(UTC+07:00) Indochina, Krasnoyarsk', -'UTC+08:00' => '(UTC+08:00) Greater China, Australian Western, Irkutsk', +'UTC+07:00' => '(UTC+07:00) Indochina, Novosibirsk', +'UTC+08:00' => '(UTC+08:00) Greater China, Australian Western, Krasnoyarsk', 'UTC+08:45' => '(UTC+08:45) Southeastern Western Australia', -'UTC+09:00' => '(UTC+09:00) Japan, Korea, Chita', +'UTC+09:00' => '(UTC+09:00) Japan, Korea, Chita, Irkutsk', 'UTC+09:30' => '(UTC+09:30) Australian Central', -'UTC+10:00' => '(UTC+10:00) Australian Eastern, Vladivostok', +'UTC+10:00' => '(UTC+10:00) Australian Eastern', 'UTC+10:30' => '(UTC+10:30) Lord Howe', -'UTC+11:00' => '(UTC+11:00) Solomon Island, Magadan', +'UTC+11:00' => '(UTC+11:00) Solomon Island, Vladivostok', 'UTC+11:30' => '(UTC+11:30) Norfolk Island', -'UTC+12:00' => '(UTC+12:00) New Zealand, Fiji, Kamchatka', +'UTC+12:00' => '(UTC+12:00) New Zealand, Fiji, Magadan', 'UTC+12:45' => '(UTC+12:45) Chatham Islands', -'UTC+13:00' => '(UTC+13:00) Tonga, Phoenix Islands', +'UTC+13:00' => '(UTC+13:00) Tonga, Phoenix Islands, Kamchatka', 'UTC+14:00' => '(UTC+14:00) Line Islands', // Timeout Section diff --git a/lang/English/install.php b/lang/English/install.php index 4fa1a2d..318faf3 100644 --- a/lang/English/install.php +++ b/lang/English/install.php @@ -36,7 +36,7 @@ $lang_install = array( 'Required field' => 'is a required field in this form.', 'FluxBB Installation' => 'FluxBB Installation', 'Welcome' => 'You are about to install FluxBB. In order to install FluxBB, you must complete the form set out below. If you encounter any difficulties with the installation, please refer to the documentation.', -'Install' => 'Install FluxBB 1.4', +'Install' => 'Install FluxBB %s', 'Errors' => 'The following errors need to be corrected:', 'Database setup' => 'Database setup', 'Info 1' => 'Please enter the requested information in order to setup your database for FluxBB. You must know all the information asked for before proceeding with the installation.', @@ -102,7 +102,7 @@ $lang_install = array( 'Announcement' => 'Enter your announcement here.', 'Rules' => 'Enter your rules here', 'Maintenance message' => 'The forums are temporarily down for maintenance. Please try again in a few minutes.', -'Test post' => 'Test post', +'Test post' => 'Test topic', 'Message' => 'If you are looking at this (which I guess you are), the install of FluxBB appears to have worked! Now log in and head over to the administration control panel to configure your forum.', 'Test category' => 'Test category', 'Test forum' => 'Test forum', diff --git a/lang/English/mail_templates/new_reply_full.tpl b/lang/English/mail_templates/new_reply_full.tpl index 73363ea..4fbc777 100644 --- a/lang/English/mail_templates/new_reply_full.tpl +++ b/lang/English/mail_templates/new_reply_full.tpl @@ -2,6 +2,8 @@ Subject: Reply to topic: '' has replied to the topic '' to which you are subscribed. There may be more new replies, but this is the only notification you will receive until you visit the board again. +The post is located at + The message reads as follows: ----------------------------------------------------------------------- @@ -9,8 +11,6 @@ The message reads as follows: ----------------------------------------------------------------------- -The post is located at - You can unsubscribe by going to -- diff --git a/lang/English/mail_templates/new_topic_full.tpl b/lang/English/mail_templates/new_topic_full.tpl index 2ea6b0f..f70c726 100644 --- a/lang/English/mail_templates/new_topic_full.tpl +++ b/lang/English/mail_templates/new_topic_full.tpl @@ -2,6 +2,8 @@ Subject: New topic in forum: '' has posted a new topic '' in the forum '', to which you are subscribed. +The topic is located at + The message reads as follows: ----------------------------------------------------------------------- @@ -9,8 +11,6 @@ The message reads as follows: ----------------------------------------------------------------------- -The topic is located at - You can unsubscribe by going to -- diff --git a/lang/English/post.php b/lang/English/post.php index 2b3c678..b89804b 100644 --- a/lang/English/post.php +++ b/lang/English/post.php @@ -9,7 +9,7 @@ $lang_post = array( 'Too long subject' => 'Subjects cannot be longer than 70 characters.', 'No message' => 'You must enter a message.', 'No message after censoring' => 'You must enter a message. After applying censoring filters, your message was empty.', -'Too long message' => 'Posts cannot be longer that %s bytes.', +'Too long message' => 'Posts cannot be longer than %s bytes.', 'All caps subject' => 'Subjects cannot contain only capital letters.', 'All caps message' => 'Posts cannot contain only capital letters.', 'Empty after strip' => 'It seems your post consisted of empty BBCodes only. It is possible that this happened because e.g. the innermost quote was discarded because of the maximum quote depth level.', diff --git a/lang/English/prof_reg.php b/lang/English/prof_reg.php index 1cbbec6..7a0a6f6 100644 --- a/lang/English/prof_reg.php +++ b/lang/English/prof_reg.php @@ -53,27 +53,27 @@ $lang_prof_reg = array( 'UTC' => '(UTC) Western European, Greenwich', 'UTC+01:00' => '(UTC+01:00) Central European, West African', 'UTC+02:00' => '(UTC+02:00) Eastern European, Central African', -'UTC+03:00' => '(UTC+03:00) Moscow, Eastern African', +'UTC+03:00' => '(UTC+03:00) Eastern African', 'UTC+03:30' => '(UTC+03:30) Iran', -'UTC+04:00' => '(UTC+04:00) Gulf, Samara', +'UTC+04:00' => '(UTC+04:00) Moscow, Gulf, Samara', 'UTC+04:30' => '(UTC+04:30) Afghanistan', -'UTC+05:00' => '(UTC+05:00) Pakistan, Yekaterinburg', +'UTC+05:00' => '(UTC+05:00) Pakistan', 'UTC+05:30' => '(UTC+05:30) India, Sri Lanka', 'UTC+05:45' => '(UTC+05:45) Nepal', -'UTC+06:00' => '(UTC+06:00) Bangladesh, Bhutan, Novosibirsk', +'UTC+06:00' => '(UTC+06:00) Bangladesh, Bhutan, Yekaterinburg', 'UTC+06:30' => '(UTC+06:30) Cocos Islands, Myanmar', -'UTC+07:00' => '(UTC+07:00) Indochina, Krasnoyarsk', -'UTC+08:00' => '(UTC+08:00) Greater China, Australian Western, Irkutsk', +'UTC+07:00' => '(UTC+07:00) Indochina, Novosibirsk', +'UTC+08:00' => '(UTC+08:00) Greater China, Australian Western, Krasnoyarsk', 'UTC+08:45' => '(UTC+08:45) Southeastern Western Australia', -'UTC+09:00' => '(UTC+09:00) Japan, Korea, Chita', +'UTC+09:00' => '(UTC+09:00) Japan, Korea, Chita, Irkutsk', 'UTC+09:30' => '(UTC+09:30) Australian Central', -'UTC+10:00' => '(UTC+10:00) Australian Eastern, Vladivostok', +'UTC+10:00' => '(UTC+10:00) Australian Eastern', 'UTC+10:30' => '(UTC+10:30) Lord Howe', -'UTC+11:00' => '(UTC+11:00) Solomon Island, Magadan', +'UTC+11:00' => '(UTC+11:00) Solomon Island, Vladivostok', 'UTC+11:30' => '(UTC+11:30) Norfolk Island', -'UTC+12:00' => '(UTC+12:00) New Zealand, Fiji, Kamchatka', +'UTC+12:00' => '(UTC+12:00) New Zealand, Fiji, Magadan', 'UTC+12:45' => '(UTC+12:45) Chatham Islands', -'UTC+13:00' => '(UTC+13:00) Tonga, Phoenix Islands', +'UTC+13:00' => '(UTC+13:00) Tonga, Phoenix Islands, Kamchatka', 'UTC+14:00' => '(UTC+14:00) Line Islands' ); diff --git a/login.php b/login.php index e719b39..0497ad6 100644 --- a/login.php +++ b/login.php @@ -1,7 +1,7 @@ query('UPDATE '.$db->prefix.'users SET last_visit='.$pun_user['logged'].' WHERE id='.$pun_user['id']) or error('Unable to update user last visit data', __FILE__, __LINE__, $db->error()); @@ -64,7 +64,7 @@ else if ($action == 'markread') else if ($action == 'markforumread') { if ($pun_user['is_guest']) - message($lang_common['No permission']); + message($lang_common['No permission'], false, '403 Forbidden'); $fid = isset($_GET['fid']) ? intval($_GET['fid']) : 0; if ($fid < 1) @@ -81,7 +81,7 @@ else if ($action == 'markforumread') else if (isset($_GET['email'])) { if ($pun_user['is_guest'] || $pun_user['g_send_email'] == '0') - message($lang_common['No permission']); + message($lang_common['No permission'], false, '403 Forbidden'); $recipient_id = intval($_GET['email']); if ($recipient_id < 2) @@ -145,11 +145,19 @@ else if (isset($_GET['email'])) if (strpos($referrer['host'], 'www.') === 0) $referrer['host'] = substr($referrer['host'], 4); + // Make sure the path component exists + if (!isset($referrer['path'])) + $referrer['path'] = ''; + $valid = parse_url(get_base_url()); // Remove www subdomain if it exists if (strpos($valid['host'], 'www.') === 0) $valid['host'] = substr($valid['host'], 4); + // Make sure the path component exists + if (!isset($valid['path'])) + $valid['path'] = ''; + if ($referrer['host'] == $valid['host'] && preg_match('%^'.preg_quote($valid['path'], '%').'/(.*?)\.php%i', $referrer['path'])) $redirect_url = $_SERVER['HTTP_REFERER']; } diff --git a/moderate.php b/moderate.php index 7f27d66..4555e31 100644 --- a/moderate.php +++ b/moderate.php @@ -1,7 +1,7 @@ query('SELECT poster_ip FROM '.$db->prefix.'posts WHERE id='.$get_host) or error('Unable to fetch post IP address', __FILE__, __LINE__, $db->error()); if (!$db->num_rows($result)) - message($lang_common['Bad request']); + message($lang_common['Bad request'], false, '404 Not Found'); $ip = $db->result($result); } @@ -43,7 +43,7 @@ if (isset($_GET['get_host'])) // All other functions require moderator/admin access $fid = isset($_GET['fid']) ? intval($_GET['fid']) : 0; if ($fid < 1) - message($lang_common['Bad request']); + message($lang_common['Bad request'], false, '404 Not Found'); $result = $db->query('SELECT moderators FROM '.$db->prefix.'forums WHERE id='.$fid) or error('Unable to fetch forum info', __FILE__, __LINE__, $db->error()); @@ -51,7 +51,7 @@ $moderators = $db->result($result); $mods_array = ($moderators != '') ? unserialize($moderators) : array(); if ($pun_user['g_id'] != PUN_ADMIN && ($pun_user['g_moderator'] == '0' || !array_key_exists($pun_user['username'], $mods_array))) - message($lang_common['No permission']); + message($lang_common['No permission'], false, '403 Forbidden'); // Get topic/forum tracking data if (!$pun_user['is_guest']) @@ -66,12 +66,12 @@ if (isset($_GET['tid'])) { $tid = intval($_GET['tid']); if ($tid < 1) - message($lang_common['Bad request']); + message($lang_common['Bad request'], false, '404 Not Found'); // Fetch some info about the topic $result = $db->query('SELECT t.subject, t.num_replies, t.first_post_id, f.id AS forum_id, forum_name FROM '.$db->prefix.'topics AS t INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND f.id='.$fid.' AND t.id='.$tid.' AND t.moved_to IS NULL') or error('Unable to fetch topic info', __FILE__, __LINE__, $db->error()); if (!$db->num_rows($result)) - message($lang_common['Bad request']); + message($lang_common['Bad request'], false, '404 Not Found'); $cur_topic = $db->fetch_assoc($result); @@ -195,6 +195,9 @@ if (isset($_GET['tid'])) // Move the posts to the new topic $db->query('UPDATE '.$db->prefix.'posts SET topic_id='.$new_tid.' WHERE id IN('.$posts.')') or error('Unable to move posts into new topic', __FILE__, __LINE__, $db->error()); + // Apply every subscription to both topics + $db->query('INSERT INTO '.$db->prefix.'topic_subscriptions (user_id, topic_id) SELECT user_id, '.$new_tid.' FROM '.$db->prefix.'topic_subscriptions WHERE topic_id='.$tid) or error('Unable to copy existing subscriptions', __FILE__, __LINE__, $db->error()); + // Get last_post, last_post_id, and last_poster from the topic and update it $result = $db->query('SELECT id, poster, posted FROM '.$db->prefix.'posts WHERE topic_id='.$tid.' ORDER BY id DESC LIMIT 1') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error()); $last_post_data = $db->fetch_assoc($result); @@ -575,8 +578,18 @@ else if (isset($_POST['merge_topics']) || isset($_POST['merge_topics_comply'])) // Merge the posts into the topic $db->query('UPDATE '.$db->prefix.'posts SET topic_id='.$merge_to_tid.' WHERE topic_id IN('.implode(',', $topics).')') or error('Unable to merge the posts into the topic', __FILE__, __LINE__, $db->error()); - // Delete any subscriptions - $db->query('DELETE FROM '.$db->prefix.'topic_subscriptions WHERE topic_id IN('.implode(',', $topics).') AND topic_id != '.$merge_to_tid) or error('Unable to delete subscriptions', __FILE__, __LINE__, $db->error()); + // Update any subscriptions + $result = $db->query('SELECT user_id FROM '.$db->prefix.'topic_subscriptions WHERE topic_id IN ('.implode(',', $topics).')') or error('Unable to fetch subscriptions of merged topics', __FILE__, __LINE__, $db->error()); + + $subscribed_users = array(); + while ($cur_user_id = $db->result($result)) + $subscribed_users[] = $cur_user_id; + $subscribed_users = array_unique($subscribed_users); + + $db->query('DELETE FROM '.$db->prefix.'topic_subscriptions WHERE topic_id IN ('.implode(',', $topics).')') or error('Unable to delete subscriptions of merged topics', __FILE__, __LINE__, $db->error()); + + foreach ($subscribed_users as $cur_user_id) + $db->query('INSERT INTO '.$db->prefix.'topic_subscriptions (topic_id, user_id) VALUES ('.$merge_to_tid.', '.$cur_user_id.')') or error('Unable to re-enter subscriptions for merge topic', __FILE__, __LINE__, $db->error()); // Without redirection the old topics are removed if (!isset($_POST['with_redirect'])) @@ -781,7 +794,7 @@ require PUN_ROOT.'lang/'.$pun_user['language'].'/forum.php'; // Fetch some info about the forum $result = $db->query('SELECT f.forum_name, f.redirect_url, f.num_topics, f.sort_by FROM '.$db->prefix.'forums AS f LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND f.id='.$fid) or error('Unable to fetch forum info', __FILE__, __LINE__, $db->error()); if (!$db->num_rows($result)) - message($lang_common['Bad request']); + message($lang_common['Bad request'], false, '404 Not Found'); $cur_forum = $db->fetch_assoc($result); @@ -875,7 +888,7 @@ if ($db->num_rows($result)) $item_status = ($topic_count % 2 == 0) ? 'roweven' : 'rowodd'; $icon_type = 'icon'; - if ($cur_topic['moved_to'] == null) + if (is_null($cur_topic['moved_to'])) { $last_post = ''.format_time($cur_topic['last_post']).' '.$lang_common['by'].' '.pun_htmlspecialchars($cur_topic['last_poster']).''; $ghost_topic = false; diff --git a/post.php b/post.php index 9d09f10..a01fc1c 100644 --- a/post.php +++ b/post.php @@ -1,7 +1,7 @@ 0 && $fid > 0) - message($lang_common['Bad request']); + message($lang_common['Bad request'], false, '404 Not Found'); // Fetch some info about the topic and/or the forum if ($tid) @@ -26,7 +26,7 @@ else $result = $db->query('SELECT f.id, f.forum_name, f.moderators, f.redirect_url, fp.post_replies, fp.post_topics FROM '.$db->prefix.'forums AS f LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND f.id='.$fid) or error('Unable to fetch forum info', __FILE__, __LINE__, $db->error()); if (!$db->num_rows($result)) - message($lang_common['Bad request']); + message($lang_common['Bad request'], false, '404 Not Found'); $cur_posting = $db->fetch_assoc($result); $is_subscribed = $tid && $cur_posting['is_subscribed']; @@ -47,7 +47,7 @@ if ((($tid && (($cur_posting['post_replies'] == '' && $pun_user['g_post_replies' ($fid && (($cur_posting['post_topics'] == '' && $pun_user['g_post_topics'] == '0') || $cur_posting['post_topics'] == '0')) || (isset($cur_posting['closed']) && $cur_posting['closed'] == '1')) && !$is_admmod) - message($lang_common['No permission']); + message($lang_common['No permission'], false, '403 Forbidden'); // Load the post.php language file require PUN_ROOT.'lang/'.$pun_user['language'].'/post.php'; @@ -91,7 +91,7 @@ if (isset($_POST['form_sent'])) else { $username = pun_trim($_POST['req_username']); - $email = strtolower(trim(($pun_config['p_force_guest_email'] == '1') ? $_POST['req_email'] : $_POST['email'])); + $email = strtolower(pun_trim(($pun_config['p_force_guest_email'] == '1') ? $_POST['req_email'] : $_POST['email'])); $banned_email = false; // Load the register.php/prof_reg.php language files @@ -152,6 +152,9 @@ if (isset($_POST['form_sent'])) $hide_smilies = isset($_POST['hide_smilies']) ? '1' : '0'; $subscribe = isset($_POST['subscribe']) ? '1' : '0'; $stick_topic = isset($_POST['stick_topic']) && $is_admmod ? '1' : '0'; + + // Replace four-byte characters (MySQL cannot handle them) + $message = strip_bad_multibyte_chars($message); $now = time(); @@ -188,12 +191,8 @@ if (isset($_POST['form_sent'])) $new_pid = $db->insert_id(); } - // Count number of replies in the topic - $result = $db->query('SELECT COUNT(id) FROM '.$db->prefix.'posts WHERE topic_id='.$tid) or error('Unable to fetch post count for topic', __FILE__, __LINE__, $db->error()); - $num_replies = $db->result($result, 0) - 1; - // Update topic - $db->query('UPDATE '.$db->prefix.'topics SET num_replies='.$num_replies.', last_post='.$now.', last_post_id='.$new_pid.', last_poster=\''.$db->escape($username).'\' WHERE id='.$tid) or error('Unable to update topic', __FILE__, __LINE__, $db->error()); + $db->query('UPDATE '.$db->prefix.'topics SET num_replies=num_replies+1, last_post='.$now.', last_post_id='.$new_pid.', last_poster=\''.$db->escape($username).'\' WHERE id='.$tid) or error('Unable to update topic', __FILE__, __LINE__, $db->error()); update_search_index('post', $new_pid, $message); @@ -440,21 +439,18 @@ if ($tid) { $qid = intval($_GET['qid']); if ($qid < 1) - message($lang_common['Bad request']); + message($lang_common['Bad request'], false, '404 Not Found'); $result = $db->query('SELECT poster, message FROM '.$db->prefix.'posts WHERE id='.$qid.' AND topic_id='.$tid) or error('Unable to fetch quote info', __FILE__, __LINE__, $db->error()); if (!$db->num_rows($result)) - message($lang_common['Bad request']); + message($lang_common['Bad request'], false, '404 Not Found'); list($q_poster, $q_message) = $db->fetch_row($result); // If the message contains a code tag we have to split it up (text within [code][/code] shouldn't be touched) if (strpos($q_message, '[code]') !== false && strpos($q_message, '[/code]') !== false) { - $errors = array(); - list($inside, $outside) = split_text($q_message, '[code]', '[/code]', $errors); - if (!empty($errors)) // Technically this shouldn't happen, since $q_message is an existing post it should only exist if it previously passed validation - message($errors[0]); + list($inside, $outside) = split_text($q_message, '[code]', '[/code]'); $q_message = implode("\1", $outside); } diff --git a/profile.php b/profile.php index 4598c63..bd9b7b3 100644 --- a/profile.php +++ b/profile.php @@ -1,7 +1,7 @@ query('SELECT u.group_id, g.g_moderator FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'groups AS g ON (g.g_id=u.group_id) WHERE u.id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); if (!$db->num_rows($result)) - message($lang_common['Bad request']); + message($lang_common['Bad request'], false, '404 Not Found'); list($group_id, $is_moderator) = $db->fetch_row($result); if ($pun_user['g_mod_edit_users'] == '0' || $pun_user['g_mod_change_passwords'] == '0' || $group_id == PUN_ADMIN || $is_moderator == '1') - message($lang_common['No permission']); + message($lang_common['No permission'], false, '403 Forbidden'); } } @@ -161,17 +161,17 @@ else if ($action == 'change_email') if ($pun_user['id'] != $id) { if (!$pun_user['is_admmod']) // A regular user trying to change another users email? - message($lang_common['No permission']); + message($lang_common['No permission'], false, '403 Forbidden'); else if ($pun_user['g_moderator'] == '1') // A moderator trying to change a users email? { $result = $db->query('SELECT u.group_id, g.g_moderator FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'groups AS g ON (g.g_id=u.group_id) WHERE u.id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); if (!$db->num_rows($result)) - message($lang_common['Bad request']); + message($lang_common['Bad request'], false, '404 Not Found'); list($group_id, $is_moderator) = $db->fetch_row($result); if ($pun_user['g_mod_edit_users'] == '0' || $group_id == PUN_ADMIN || $is_moderator == '1') - message($lang_common['No permission']); + message($lang_common['No permission'], false, '403 Forbidden'); } } @@ -199,7 +199,7 @@ else if ($action == 'change_email') require PUN_ROOT.'include/email.php'; // Validate the email address - $new_email = strtolower(trim($_POST['req_new_email'])); + $new_email = strtolower(pun_trim($_POST['req_new_email'])); if (!is_valid_email($new_email)) message($lang_common['Invalid email']); @@ -316,7 +316,7 @@ else if ($action == 'upload_avatar' || $action == 'upload_avatar2') message($lang_profile['Avatars disabled']); if ($pun_user['id'] != $id && !$pun_user['is_admmod']) - message($lang_common['No permission']); + message($lang_common['No permission'], false, '403 Forbidden'); if (isset($_POST['form_sent'])) { @@ -439,7 +439,7 @@ else if ($action == 'upload_avatar' || $action == 'upload_avatar2') else if ($action == 'delete_avatar') { if ($pun_user['id'] != $id && !$pun_user['is_admmod']) - message($lang_common['No permission']); + message($lang_common['No permission'], false, '403 Forbidden'); confirm_referrer('profile.php'); @@ -452,7 +452,7 @@ else if ($action == 'delete_avatar') else if (isset($_POST['update_group_membership'])) { if ($pun_user['g_id'] > PUN_ADMIN) - message($lang_common['No permission']); + message($lang_common['No permission'], false, '403 Forbidden'); confirm_referrer('profile.php'); @@ -496,7 +496,7 @@ else if (isset($_POST['update_group_membership'])) else if (isset($_POST['update_forums'])) { if ($pun_user['g_id'] > PUN_ADMIN) - message($lang_common['No permission']); + message($lang_common['No permission'], false, '403 Forbidden'); confirm_referrer('profile.php'); @@ -537,7 +537,7 @@ else if (isset($_POST['update_forums'])) else if (isset($_POST['ban'])) { if ($pun_user['g_id'] != PUN_ADMIN && ($pun_user['g_moderator'] != '1' || $pun_user['g_mod_ban_users'] == '0')) - message($lang_common['No permission']); + message($lang_common['No permission'], false, '403 Forbidden'); // Get the username of the user we are banning $result = $db->query('SELECT username FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch username', __FILE__, __LINE__, $db->error()); @@ -558,7 +558,7 @@ else if (isset($_POST['ban'])) else if (isset($_POST['delete_user']) || isset($_POST['delete_user_comply'])) { if ($pun_user['g_id'] > PUN_ADMIN) - message($lang_common['No permission']); + message($lang_common['No permission'], false, '403 Forbidden'); confirm_referrer('profile.php'); @@ -679,7 +679,7 @@ else if (isset($_POST['form_sent'])) // Fetch the user group of the user we are editing $result = $db->query('SELECT u.username, u.group_id, g.g_moderator FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'groups AS g ON (g.g_id=u.group_id) WHERE u.id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); if (!$db->num_rows($result)) - message($lang_common['Bad request']); + message($lang_common['Bad request'], false, '404 Not Found'); list($old_username, $group_id, $is_moderator) = $db->fetch_row($result); @@ -689,7 +689,7 @@ else if (isset($_POST['form_sent'])) ($pun_user['g_mod_edit_users'] == '0' || // mods aren't allowed to edit users $group_id == PUN_ADMIN || // or the user is an admin $is_moderator)))) // or the user is another mod - message($lang_common['No permission']); + message($lang_common['No permission'], false, '403 Forbidden'); if ($pun_user['is_admmod']) confirm_referrer('profile.php'); @@ -714,7 +714,7 @@ else if (isset($_POST['form_sent'])) $languages = forum_list_langs(); $form['language'] = pun_trim($_POST['form']['language']); if (!in_array($form['language'], $languages)) - message($lang_common['Bad request']); + message($lang_common['Bad request'], false, '404 Not Found'); } if ($pun_user['is_admmod']) @@ -750,7 +750,7 @@ else if (isset($_POST['form_sent'])) require PUN_ROOT.'include/email.php'; // Validate the email address - $form['email'] = strtolower(trim($_POST['req_email'])); + $form['email'] = strtolower(pun_trim($_POST['req_email'])); if (!is_valid_email($form['email'])) message($lang_common['Invalid email']); } @@ -884,7 +884,7 @@ else if (isset($_POST['form_sent'])) $styles = forum_list_styles(); $form['style'] = pun_trim($_POST['form']['style']); if (!in_array($form['style'], $styles)) - message($lang_common['Bad request']); + message($lang_common['Bad request'], false, '404 Not Found'); } break; @@ -927,6 +927,10 @@ else if (isset($_POST['form_sent'])) // If we changed the username we have to update some stuff if ($username_updated) { + $db->query('UPDATE '.$db->prefix.'bans SET username=\''.$db->escape($form['username']).'\' WHERE username=\''.$db->escape($old_username).'\'') or error('Unable to update bans', __FILE__, __LINE__, $db->error()); + // If any bans were updated, we will need to know because the cache will need to be regenerated. + if ($db->affected_rows() > 0) + $bans_updated = true; $db->query('UPDATE '.$db->prefix.'posts SET poster=\''.$db->escape($form['username']).'\' WHERE poster_id='.$id) or error('Unable to update posts', __FILE__, __LINE__, $db->error()); $db->query('UPDATE '.$db->prefix.'posts SET edited_by=\''.$db->escape($form['username']).'\' WHERE edited_by=\''.$db->escape($old_username).'\'') or error('Unable to update posts', __FILE__, __LINE__, $db->error()); $db->query('UPDATE '.$db->prefix.'topics SET poster=\''.$db->escape($form['username']).'\' WHERE poster=\''.$db->escape($old_username).'\'') or error('Unable to update topics', __FILE__, __LINE__, $db->error()); @@ -965,6 +969,10 @@ else if (isset($_POST['form_sent'])) require PUN_ROOT.'include/cache.php'; generate_users_info_cache(); + + // Check if the bans table was updated and regenerate the bans cache when needed + if (isset($bans_updated)) + generate_bans_cache(); } redirect('profile.php?section='.$section.'&id='.$id, $lang_profile['Profile redirect']); @@ -973,7 +981,7 @@ else if (isset($_POST['form_sent'])) $result = $db->query('SELECT u.username, u.email, u.title, u.realname, u.url, u.jabber, u.icq, u.msn, u.aim, u.yahoo, u.location, u.signature, u.disp_topics, u.disp_posts, u.email_setting, u.notify_with_post, u.auto_notify, u.show_smilies, u.show_img, u.show_img_sig, u.show_avatars, u.show_sig, u.timezone, u.dst, u.language, u.style, u.num_posts, u.last_post, u.registered, u.registration_ip, u.admin_note, u.date_format, u.time_format, u.last_visit, g.g_id, g.g_user_title, g.g_moderator FROM '.$db->prefix.'users AS u LEFT JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id WHERE u.id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); if (!$db->num_rows($result)) - message($lang_common['Bad request']); + message($lang_common['Bad request'], false, '404 Not Found'); $user = $db->fetch_assoc($result); @@ -1666,7 +1674,7 @@ else else if ($section == 'admin') { if (!$pun_user['is_admmod'] || ($pun_user['g_moderator'] == '1' && $pun_user['g_mod_ban_users'] == '0')) - message($lang_common['Bad request']); + message($lang_common['Bad request'], false, '403 Forbidden'); $page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_common['Profile'], $lang_profile['Section admin']); define('PUN_ACTIVE_PAGE', 'profile'); diff --git a/register.php b/register.php index 0dfeb95..815eec2 100644 --- a/register.php +++ b/register.php @@ -1,7 +1,7 @@ query('SELECT t.id FROM '.$db->prefix.'topics AS t LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=t.forum_id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.last_post>'.$pun_user['last_visit'].' AND t.moved_to IS NULL'.(isset($_GET['fid']) ? ' AND t.forum_id='.intval($_GET['fid']) : '').' ORDER BY t.last_post DESC') or error('Unable to fetch topic list', __FILE__, __LINE__, $db->error()); $num_hits = $db->num_rows($result); @@ -517,7 +517,7 @@ if (isset($_GET['action']) || isset($_GET['search_id'])) if ($db->num_rows($result)) $subscriber_name = $db->result($result); else - message($lang_common['Bad request']); + message($lang_common['Bad request'], false, '404 Not Found'); $crumbs_text['search_type'] = ''.sprintf($lang_search['Quick search show_subscriptions'], pun_htmlspecialchars($subscriber_name)).''; } diff --git a/style/Technetium.css b/style/Technetium.css index c4633cb..d8fd7be 100644 --- a/style/Technetium.css +++ b/style/Technetium.css @@ -1029,7 +1029,7 @@ body { overflow-y: auto } -.pun .postmsg img.postimg, .pun .postmsg a img.postimg { +.pun .postmsg .postimg img, .pun .postmsg a .postimg img { max-width: 100%; vertical-align: middle; } diff --git a/style/imports/minmax.js b/style/imports/minmax.js index 65fddca..c8cb073 100644 --- a/style/imports/minmax.js +++ b/style/imports/minmax.js @@ -25,6 +25,16 @@ function minmax_bind(el) { minmax_elements[minmax_elements.length]= el; minmax_delayout(); } + + if (cs['min-width']) + st['minWidth']= cs['min-width']; + + ms= cs['minWidth']; + if (ms && ms!='auto' && ms!='none' && ms!='0' && ms!='') { + st.minmaxWidth= cs.width; + minmax_elements[minmax_elements.length]= el; + minmax_delayout(); + } } var minmax_delaying= false; @@ -81,4 +91,4 @@ minmax_scan(); minmax_scanner= window.setInterval(minmax_scan, minmax_SCANDELAY); window.attachEvent('onload', minmax_stop); -@end @*/ +@end @*/ \ No newline at end of file diff --git a/userlist.php b/userlist.php index 73d448d..0f1480d 100644 --- a/userlist.php +++ b/userlist.php @@ -1,7 +1,7 @@ query('SELECT f.forum_name, f.redirect_url, f.moderators, f.num_topics, f.sort_by, fp.post_topics, 0 AS is_subscribed FROM '.$db->prefix.'forums AS f LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND f.id='.$id) or error('Unable to fetch forum info', __FILE__, __LINE__, $db->error()); if (!$db->num_rows($result)) - message($lang_common['Bad request']); + message($lang_common['Bad request'], false, '404 Not Found'); $cur_forum = $db->fetch_assoc($result); @@ -169,7 +169,7 @@ if ($db->num_rows($result)) $item_status = ($topic_count % 2 == 0) ? 'roweven' : 'rowodd'; $icon_type = 'icon'; - if ($cur_topic['moved_to'] == null) + if (is_null($cur_topic['moved_to'])) $last_post = ''.format_time($cur_topic['last_post']).' '.$lang_common['by'].' '.pun_htmlspecialchars($cur_topic['last_poster']).''; else $last_post = '- - -'; @@ -198,7 +198,7 @@ if ($db->num_rows($result)) $item_status .= ' iclosed'; } - if (!$pun_user['is_guest'] && $cur_topic['last_post'] > $pun_user['last_visit'] && (!isset($tracked_topics['topics'][$cur_topic['id']]) || $tracked_topics['topics'][$cur_topic['id']] < $cur_topic['last_post']) && (!isset($tracked_topics['forums'][$id]) || $tracked_topics['forums'][$id] < $cur_topic['last_post']) && $cur_topic['moved_to'] == null) + if (!$pun_user['is_guest'] && $cur_topic['last_post'] > $pun_user['last_visit'] && (!isset($tracked_topics['topics'][$cur_topic['id']]) || $tracked_topics['topics'][$cur_topic['id']] < $cur_topic['last_post']) && (!isset($tracked_topics['forums'][$id]) || $tracked_topics['forums'][$id] < $cur_topic['last_post']) && is_null($cur_topic['moved_to'])) { $item_status .= ' inew'; $icon_type = 'icon icon-new'; @@ -245,8 +245,8 @@ if ($db->num_rows($result))
-
- + +query('SELECT topic_id, posted FROM '.$db->prefix.'posts WHERE id='.$pid) or error('Unable to fetch topic ID', __FILE__, __LINE__, $db->error()); if (!$db->num_rows($result)) - message($lang_common['Bad request']); + message($lang_common['Bad request'], false, '404 Not Found'); list($id, $posted) = $db->fetch_row($result); @@ -85,7 +85,7 @@ else $result = $db->query('SELECT t.subject, t.closed, t.num_replies, t.sticky, t.first_post_id, f.id AS forum_id, f.forum_name, f.moderators, fp.post_replies, 0 AS is_subscribed FROM '.$db->prefix.'topics AS t INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.id='.$id.' AND t.moved_to IS NULL') or error('Unable to fetch topic info', __FILE__, __LINE__, $db->error()); if (!$db->num_rows($result)) - message($lang_common['Bad request']); + message($lang_common['Bad request'], false, '404 Not Found'); $cur_topic = $db->fetch_assoc($result);
- />     />  + />     />