punbb-1.2.1/upload/admin_groups.php |
punbb-1.2.5/upload/admin_groups.php |
54: message($lang_common['Bad request']); | 54: message($lang_common['Bad request']); |
55: | 55: |
56: $result = $db->query('SELECT * FROM '.$db->prefix.'groups WHERE g_id='.$group_id) or error('Unable to fetch user group info', __FILE__, __LINE__, $db->error()); | 56: $result = $db->query('SELECT * FROM '.$db->prefix.'groups WHERE g_id='.$group_id) or error('Unable to fetch user group info', __FILE__, __LINE__, $db->error()); |
| 57: if (!$db->num_rows($result)) |
| 58: message($lang_common['Bad request']); |
| 59: |
57: $group = $db->fetch_assoc($result); | 60: $group = $db->fetch_assoc($result); |
58: | 61: |
59: $mode = 'edit'; | 62: $mode = 'edit'; |
226: | 229: |
227: if ($_POST['mode'] == 'add') | 230: if ($_POST['mode'] == 'add') |
228: { | 231: { |
229: $db->query('SELECT 1 FROM '.$db->prefix.'groups WHERE g_title=\''.$db->escape($title).'\'') or error('Unable to check group title collision', __FILE__, __LINE__, $db->error()); | 232: $result = $db->query('SELECT 1 FROM '.$db->prefix.'groups WHERE g_title=\''.$db->escape($title).'\'') or error('Unable to check group title collision', __FILE__, __LINE__, $db->error()); |
230: if ($db->num_rows()) | 233: if ($db->num_rows($result)) |
231: message('There is already a group with the title \''.pun_htmlspecialchars($title).'\'.'); | 234: message('There is already a group with the title \''.pun_htmlspecialchars($title).'\'.'); |
232: | 235: |
233: $db->query('INSERT INTO '.$db->prefix.'groups (g_title, g_user_title, g_read_board, g_post_replies, g_post_topics, g_edit_posts, g_delete_posts, g_delete_topics, g_set_title, g_search, g_search_users, g_edit_subjects_interval, g_post_flood, g_search_flood) VALUES(\''.$db->escape($title).'\', '.$user_title.', '.$read_board.', '.$post_replies.', '.$post_topics.', '.$edit_posts.', '.$delete_posts.', '.$delete_topics.', '.$set_title.', '.$search.', '.$search_users.', '.$edit_subjects_interval.', '.$post_flood.', '.$search_flood.')') or error('Unable to add group', __FILE__, __LINE__, $db->error()); | 236: $db->query('INSERT INTO '.$db->prefix.'groups (g_title, g_user_title, g_read_board, g_post_replies, g_post_topics, g_edit_posts, g_delete_posts, g_delete_topics, g_set_title, g_search, g_search_users, g_edit_subjects_interval, g_post_flood, g_search_flood) VALUES(\''.$db->escape($title).'\', '.$user_title.', '.$read_board.', '.$post_replies.', '.$post_topics.', '.$edit_posts.', '.$delete_posts.', '.$delete_topics.', '.$set_title.', '.$search.', '.$search_users.', '.$edit_subjects_interval.', '.$post_flood.', '.$search_flood.')') or error('Unable to add group', __FILE__, __LINE__, $db->error()); |
239: $db->query('INSERT INTO '.$db->prefix.'forum_perms (group_id, forum_id, read_forum, post_replies, post_topics) VALUES('.$new_group_id.', '.$cur_forum_perm['forum_id'].', '.$cur_forum_perm['read_forum'].', '.$cur_forum_perm['post_replies'].', '.$cur_forum_perm['post_topics'].')') or error('Unable to insert group forum permissions', __FILE__, __LINE__, $db->error()); | 242: $db->query('INSERT INTO '.$db->prefix.'forum_perms (group_id, forum_id, read_forum, post_replies, post_topics) VALUES('.$new_group_id.', '.$cur_forum_perm['forum_id'].', '.$cur_forum_perm['read_forum'].', '.$cur_forum_perm['post_replies'].', '.$cur_forum_perm['post_topics'].')') or error('Unable to insert group forum permissions', __FILE__, __LINE__, $db->error()); |
240: } | 243: } |
241: else | 244: else |
| 245: { |
| 246: $result = $db->query('SELECT 1 FROM '.$db->prefix.'groups WHERE g_title=\''.$db->escape($title).'\' AND g_id!='.$_POST['group_id']) or error('Unable to check group title collision', __FILE__, __LINE__, $db->error()); |
| 247: if ($db->num_rows($result)) |
| 248: message('There is already a group with the title \''.pun_htmlspecialchars($title).'\'.'); |
| 249: |
242: $db->query('UPDATE '.$db->prefix.'groups SET g_title=\''.$db->escape($title).'\', g_user_title='.$user_title.', g_read_board='.$read_board.', g_post_replies='.$post_replies.', g_post_topics='.$post_topics.', g_edit_posts='.$edit_posts.', g_delete_posts='.$delete_posts.', g_delete_topics='.$delete_topics.', g_set_title='.$set_title.', g_search='.$search.', g_search_users='.$search_users.', g_edit_subjects_interval='.$edit_subjects_interval.', g_post_flood='.$post_flood.', g_search_flood='.$search_flood.' WHERE g_id='.$_POST['group_id']) or error('Unable to update group', __FILE__, __LINE__, $db->error()); | 250: $db->query('UPDATE '.$db->prefix.'groups SET g_title=\''.$db->escape($title).'\', g_user_title='.$user_title.', g_read_board='.$read_board.', g_post_replies='.$post_replies.', g_post_topics='.$post_topics.', g_edit_posts='.$edit_posts.', g_delete_posts='.$delete_posts.', g_delete_topics='.$delete_topics.', g_set_title='.$set_title.', g_search='.$search.', g_search_users='.$search_users.', g_edit_subjects_interval='.$edit_subjects_interval.', g_post_flood='.$post_flood.', g_search_flood='.$search_flood.' WHERE g_id='.$_POST['group_id']) or error('Unable to update group', __FILE__, __LINE__, $db->error()); |
| 251: } |
243: | 252: |
244: // Regenerate the quickjump cache | 253: // Regenerate the quickjump cache |
245: require_once PUN_ROOT.'include/cache.php'; | 254: require_once PUN_ROOT.'include/cache.php'; |
punbb-1.2.1/upload/admin_users.php |
punbb-1.2.5/upload/admin_users.php |
49: ?> | 49: ?> |
50: <div class="linkst"> | 50: <div class="linkst"> |
51: <div class="inbox"> | 51: <div class="inbox"> |
52: <div><a href="javascript:history.go(-1)" />Go back</a></div> | 52: <div><a href="javascript:history.go(-1)">Go back</a></div> |
53: </div> | 53: </div> |
54: </div> | 54: </div> |
55: | 55: |
98: | 98: |
99: <div class="linksb"> | 99: <div class="linksb"> |
100: <div class="inbox"> | 100: <div class="inbox"> |
101: <div><a href="javascript:history.go(-1)" />Go back</a></div> | 101: <div><a href="javascript:history.go(-1)">Go back</a></div> |
102: </div> | 102: </div> |
103: </div> | 103: </div> |
104: <?php | 104: <?php |
121: ?> | 121: ?> |
122: <div class="linkst"> | 122: <div class="linkst"> |
123: <div class="inbox"> | 123: <div class="inbox"> |
124: <div><a href="javascript:history.go(-1)" />Go back</a></div> | 124: <div><a href="javascript:history.go(-1)">Go back</a></div> |
125: </div> | 125: </div> |
126: </div> | 126: </div> |
127: | 127: |
202: | 202: |
203: <div class="linksb"> | 203: <div class="linksb"> |
204: <div class="inbox"> | 204: <div class="inbox"> |
205: <div><a href="javascript:history.go(-1)" />Go back</a></div> | 205: <div><a href="javascript:history.go(-1)">Go back</a></div> |
206: </div> | 206: </div> |
207: </div> | 207: </div> |
208: <?php | 208: <?php |
266: $conditions[] = 'u.num_posts<'.$posts_less; | 266: $conditions[] = 'u.num_posts<'.$posts_less; |
267: | 267: |
268: if ($user_group != 'all') | 268: if ($user_group != 'all') |
269: $conditions[] = 'u.group_id='.$user_group; | 269: $conditions[] = 'u.group_id='.$db->escape($user_group); |
270: | 270: |
271: if (!isset($conditions)) | 271: if (!isset($conditions)) |
272: message('You didn\'t enter any search terms.'); | 272: message('You didn\'t enter any search terms.'); |
278: ?> | 278: ?> |
279: <div class="linkst"> | 279: <div class="linkst"> |
280: <div class="inbox"> | 280: <div class="inbox"> |
281: <div><a href="javascript:history.go(-1)" />Go back</a></div> | 281: <div><a href="javascript:history.go(-1)">Go back</a></div> |
282: </div> | 282: </div> |
283: </div> | 283: </div> |
284: | 284: |
300: <tbody> | 300: <tbody> |
301: <?php | 301: <?php |
302: | 302: |
303: $result = $db->query('SELECT u.id, u.username, u.email, u.title, u.num_posts, u.admin_note, g.g_id, g.g_user_title FROM '.$db->prefix.'users AS u LEFT JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id WHERE u.id>1 AND '.implode(' AND ', $conditions).' ORDER BY '.$order_by.' '.$direction) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); | 303: $result = $db->query('SELECT u.id, u.username, u.email, u.title, u.num_posts, u.admin_note, g.g_id, g.g_user_title FROM '.$db->prefix.'users AS u LEFT JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id WHERE u.id>1 AND '.implode(' AND ', $conditions).' ORDER BY '.$db->escape($order_by).' '.$db->escape($direction)) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); |
304: if ($db->num_rows($result)) | 304: if ($db->num_rows($result)) |
305: { | 305: { |
306: while ($user_data = $db->fetch_assoc($result)) | 306: while ($user_data = $db->fetch_assoc($result)) |
338: | 338: |
339: <div class="linksb"> | 339: <div class="linksb"> |
340: <div class="inbox"> | 340: <div class="inbox"> |
341: <div><a href="javascript:history.go(-1)" />Go back</a></div> | 341: <div><a href="javascript:history.go(-1)">Go back</a></div> |
342: </div> | 342: </div> |
343: </div> | 343: </div> |
344: <?php | 344: <?php |
punbb-1.2.1/upload/include/email.php |
punbb-1.2.5/upload/include/email.php |
33: // | 33: // |
34: function is_valid_email($email) | 34: function is_valid_email($email) |
35: { | 35: { |
36: return preg_match('#^.{1,}@.{2,}\..{2,}$#', $email); | 36: if (strlen($email) > 50) |
| 37: return false; |
| 38: |
| 39: return preg_match('/^(([^<>()[\]\\.,;:\s@"\']+(\.[^<>()[\]\\.,;:\s@"\']+)*)|("[^"\']+"))@((\[\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\])|(([a-zA-Z\d\-]+\.)+[a-zA-Z]{2,}))$/', $email); |
37: } | 40: } |
38: | 41: |
39: | 42: |
65: | 68: |
66: // Default sender/return address | 69: // Default sender/return address |
67: if (!$from) | 70: if (!$from) |
68: $from = '"'.$pun_config['o_board_title'].' '.$lang_common['Mailer'].'" <'.$pun_config['o_webmaster_email'].'>'; | 71: $from = '"'.str_replace('"', '', $pun_config['o_board_title'].' '.$lang_common['Mailer']).'" <'.$pun_config['o_webmaster_email'].'>'; |
69: | 72: |
70: // Make sure the from line doesn't contain a colon (the character, that is :D) | 73: // Do a little spring cleaning |
71: $from = str_replace(':', ' ', $from); | 74: $to = trim(preg_replace('#[\n\r]+#s', '', $to)); |
| 75: $subject = trim(preg_replace('#[\n\r]+#s', '', $subject)); |
| 76: $from = trim(preg_replace('#[\n\r:]+#s', '', $from)); |
72: | 77: |
73: // Detect what linebreak we should use for the headers | 78: // Detect what linebreak we should use for the headers |
74: if (strtoupper(substr(PHP_OS, 0, 3) == 'WIN')) | 79: if (strtoupper(substr(PHP_OS, 0, 3) == 'WIN')) |
75: $eol = "\r\n"; | 80: $eol = "\r\n"; |
76: else if (strtoupper(substr(PHP_OS, 0, 3) == 'MAC')) | 81: else if (strtoupper(substr(PHP_OS, 0, 3) == 'MAC')) |
77: $eol = "\r"; | 82: $eol = "\r"; |
78: else | 83: else |
79: $eol = "\n"; | 84: $eol = "\n"; |
80: | 85: |
81: $headers = 'From: '.$from.$eol.'Date: '.date('r').$eol.'MIME-Version: 1.0'.$eol.'Content-transfer-encoding: 8bit'.$eol.'Content-type: text/plain; charset='.$lang_common['lang_encoding'].$eol.'X-Mailer: PunBB Mailer'; | 86: $headers = 'From: '.$from.$eol.'Date: '.date('r').$eol.'MIME-Version: 1.0'.$eol.'Content-transfer-encoding: 8bit'.$eol.'Content-type: text/plain; charset='.$lang_common['lang_encoding'].$eol.'X-Mailer: PunBB Mailer'; |
82: | 87: |
punbb-1.2.1/upload/include/functions.php |
punbb-1.2.5/upload/include/functions.php |
46: $pun_user = $db->fetch_assoc($result); | 46: $pun_user = $db->fetch_assoc($result); |
47: | 47: |
48: // If user authorisation failed | 48: // If user authorisation failed |
49: if (!isset($pun_user['id']) || md5($cookie_seed.$pun_user['password']) != $cookie['password_hash']) | 49: if (!isset($pun_user['id']) || md5($cookie_seed.$pun_user['password']) !== $cookie['password_hash']) |
50: { | 50: { |
51: pun_setcookie(0, random_pass(8), $expire); | 51: pun_setcookie(0, random_pass(8), $expire); |
52: set_default_user(); | 52: set_default_user(); |
108: | 108: |
109: // Fetch guest user | 109: // Fetch guest user |
110: $result = $db->query('SELECT u.*, g.*, o.logged FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'groups AS g ON u.group_id=g.g_id LEFT JOIN '.$db->prefix.'online AS o ON o.ident=\''.$remote_addr.'\' WHERE u.id=1') or error('Unable to fetch guest information', __FILE__, __LINE__, $db->error()); | 110: $result = $db->query('SELECT u.*, g.*, o.logged FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'groups AS g ON u.group_id=g.g_id LEFT JOIN '.$db->prefix.'online AS o ON o.ident=\''.$remote_addr.'\' WHERE u.id=1') or error('Unable to fetch guest information', __FILE__, __LINE__, $db->error()); |
| 111: if (!$db->num_rows($result)) |
| 112: exit('Unable to fetch guest information. The table \''.$db->prefix.'users\' must contain an entry with id = 1 that represents anonymous users.'); |
| 113: |
111: $pun_user = $db->fetch_assoc($result); | 114: $pun_user = $db->fetch_assoc($result); |
112: | 115: |
113: // Update online list | 116: // Update online list |
229: global $pun_config, $lang_common, $pun_user; | 232: global $pun_config, $lang_common, $pun_user; |
230: | 233: |
231: // Index and Userlist should always be displayed | 234: // Index and Userlist should always be displayed |
232: $links[] = '<li id="navindex"><a href="index.php">'.$lang_common['Index'].'</a>'; | 235: $links[] = '<li id="navindex"><a href="index.php">'.$lang_common['Index'].'</a>'; |
233: $links[] = '<li id="navuserlist"><a href="userlist.php">'.$lang_common['User list'].'</a>'; | 236: $links[] = '<li id="navuserlist"><a href="userlist.php">'.$lang_common['User list'].'</a>'; |
234: | 237: |
235: if ($pun_config['o_rules'] == '1') | 238: if ($pun_config['o_rules'] == '1') |
236: $links[] = '<li id="navrules"><a href="misc.php?action=rules">'.$lang_common['Rules'].'</a>'; | 239: $links[] = '<li id="navrules"><a href="misc.php?action=rules">'.$lang_common['Rules'].'</a>'; |
| 240: |
| 241: if ($pun_user['is_guest']) |
| 242: { |
| 243: if ($pun_user['g_search'] == '1') |
| 244: $links[] = '<li id="navsearch"><a href="search.php">'.$lang_common['Search'].'</a>'; |
| 245: |
| 246: $links[] = '<li id="navregister"><a href="register.php">'.$lang_common['Register'].'</a>'; |
| 247: $links[] = '<li id="navlogin"><a href="login.php">'.$lang_common['Login'].'</a>'; |
237: | 248: |
238: if ($pun_user['is_guest']) | 249: $info = $lang_common['Not logged in']; |
239: { | 250: } |
240: if ($pun_user['g_search'] == '1') | |
241: $links[] = '<li id="navsearch"><a href="search.php">'.$lang_common['Search'].'</a>'; | |
242: | |
243: $links[] = '<li id="navregister"><a href="register.php">'.$lang_common['Register'].'</a>'; | |
244: $links[] = '<li id="navlogin"><a href="login.php">'.$lang_common['Login'].'</a>'; | |
245: | |
246: $info = $lang_common['Not logged in']; | |
247: } | |
248: else | 251: else |
249: { | 252: { |
250: if ($pun_user['g_id'] > PUN_MOD) | 253: if ($pun_user['g_id'] > PUN_MOD) |
251: { | 254: { |
252: if ($pun_user['g_search'] == '1') | 255: if ($pun_user['g_search'] == '1') |
253: $links[] = '<li id="navsearch"><a href="search.php">'.$lang_common['Search'].'</a>'; | 256: $links[] = '<li id="navsearch"><a href="search.php">'.$lang_common['Search'].'</a>'; |
254: | 257: |
255: $links[] = '<li id="navprofile"><a href="profile.php?id='.$pun_user['id'].'">'.$lang_common['Profile'].'</a>'; | 258: $links[] = '<li id="navprofile"><a href="profile.php?id='.$pun_user['id'].'">'.$lang_common['Profile'].'</a>'; |
256: $links[] = '<li id="navlogout"><a href="login.php?action=out&id='.$pun_user['id'].'">'.$lang_common['Logout'].'</a>'; | 259: $links[] = '<li id="navlogout"><a href="login.php?action=out&id='.$pun_user['id'].'">'.$lang_common['Logout'].'</a>'; |
257: } | 260: } |
258: else | 261: else |
259: { | 262: { |
260: $links[] = '<li id="navsearch"><a href="search.php">'.$lang_common['Search'].'</a>'; | 263: $links[] = '<li id="navsearch"><a href="search.php">'.$lang_common['Search'].'</a>'; |
261: $links[] = '<li id="navprofile"><a href="profile.php?id='.$pun_user['id'].'">'.$lang_common['Profile'].'</a>'; | 264: $links[] = '<li id="navprofile"><a href="profile.php?id='.$pun_user['id'].'">'.$lang_common['Profile'].'</a>'; |
262: $links[] = '<li id="navadmin"><a href="admin_index.php">'.$lang_common['Admin'].'</a>'; | 265: $links[] = '<li id="navadmin"><a href="admin_index.php">'.$lang_common['Admin'].'</a>'; |
263: $links[] = '<li id="navlogout"><a href="login.php?action=out&id='.$pun_user['id'].'">'.$lang_common['Logout'].'</a>'; | 266: $links[] = '<li id="navlogout"><a href="login.php?action=out&id='.$pun_user['id'].'">'.$lang_common['Logout'].'</a>'; |
264: } | 267: } |
265: } | 268: } |
266: | 269: |
267: // Are there any additional navlinks we should insert into the array before imploding it? | 270: // Are there any additional navlinks we should insert into the array before imploding it? |
268: if ($pun_config['o_additional_navlinks'] != '') | 271: if ($pun_config['o_additional_navlinks'] != '') |
271: { | 274: { |
272: // Insert any additional links into the $links array (at the correct index) | 275: // Insert any additional links into the $links array (at the correct index) |
273: for ($i = 0; $i < count($extra_links[1]); ++$i) | 276: for ($i = 0; $i < count($extra_links[1]); ++$i) |
274: array_splice($links, $extra_links[1][$i], 0, array('<li id="navextra'.($i + 1).'">'.$extra_links[2][$i])); | 277: array_splice($links, $extra_links[1][$i], 0, array('<li id="navextra'.($i + 1).'">'.$extra_links[2][$i])); |
275: } | 278: } |
276: } | 279: } |
277: | 280: |
278: return '<ul>'."\n\t\t\t\t".implode($lang_common['Link separator'].'</li>'."\n\t\t\t\t", $links).'</li>'."\n\t\t\t".'</ul>'; | 281: return '<ul>'."\n\t\t\t\t".implode($lang_common['Link separator'].'</li>'."\n\t\t\t\t", $links).'</li>'."\n\t\t\t".'</ul>'; |
279: } | 282: } |
280: | 283: |
281: | 284: |
736: | 739: |
737: if (strpos($lang_common['lang_encoding'], '8859') !== false) | 740: if (strpos($lang_common['lang_encoding'], '8859') !== false) |
738: { | 741: { |
739: $fishy_chars = array(chr(0x81), chr(0x8D), chr(0x8F), chr(0x90), chr(0x9D), chr(0xA0), chr(0xCA)); | 742: $fishy_chars = array(chr(0x81), chr(0x8D), chr(0x8F), chr(0x90), chr(0x9D), chr(0xA0)); |
740: return trim(str_replace($fishy_chars, ' ', $str)); | 743: return trim(str_replace($fishy_chars, ' ', $str)); |
741: } | 744: } |
742: else | 745: else |
punbb-1.2.1/upload/include/parser.php |
punbb-1.2.5/upload/include/parser.php |
45: $b = array('[b]', '[i]', '[u]', '[/b]', '[/i]', '[/u]'); | 45: $b = array('[b]', '[i]', '[u]', '[/b]', '[/i]', '[/u]'); |
46: $text = str_replace($a, $b, $text); | 46: $text = str_replace($a, $b, $text); |
47: | 47: |
48: // Do the more complex BBCodes (and strip excessive whitespace) | 48: // Do the more complex BBCodes (also strip excessive whitespace and useless quotes) |
49: $a = array( '#\[url=(.*?)\]\s*#i', | 49: $a = array( '#\[url=("|\'|)(.*?)\\1\]\s*#i', |
50: '#\[url\]\s*#i', | 50: '#\[url\]\s*#i', |
51: '#\s*\[/url\]#i', | 51: '#\s*\[/url\]#i', |
52: '#\[email=(.*?)\]\s*#i', | 52: '#\[email=("|\'|)(.*?)\\1\]\s*#i', |
53: '#\[email\]\s*#i', | 53: '#\[email\]\s*#i', |
54: '#\s*\[/email\]#i', | 54: '#\s*\[/email\]#i', |
55: '#\[img\]\s*(.*?)\s*\[/img\]#is', | 55: '#\[img\]\s*(.*?)\s*\[/img\]#is', |
56: '#\[colou?r=(.*?)\](.*?)\[/colou?r\]#is'); | 56: '#\[colou?r=("|\'|)(.*?)\\1\](.*?)\[/colou?r\]#is'); |
57: | 57: |
58: $b = array( '[url=$1]', | 58: $b = array( '[url=$2]', |
59: '[url]', | 59: '[url]', |
60: '[/url]', | 60: '[/url]', |
61: '[email=$1]', | 61: '[email=$2]', |
62: '[email]', | 62: '[email]', |
63: '[/email]', | 63: '[/email]', |
64: '[img]$1[/img]', | 64: '[img]$1[/img]', |
65: '[color=$1]$2[/color]'); | 65: '[color=$2]$3[/color]'); |
66: | 66: |
67: if (!$is_signature) | 67: if (!$is_signature) |
68: { | 68: { |
69: // For non-signatures, we have to do the quote and code tags as well | 69: // For non-signatures, we have to do the quote and code tags as well |
70: $a[] = '#\[quote=("|"|\'|)(.*)\\1\]\s*#i'; | 70: $a[] = '#\[quote=("|"|\'|)(.*?)\\1\]\s*#i'; |
71: $a[] = '#\[quote\]\s*#i'; | 71: $a[] = '#\[quote\]\s*#i'; |
72: $a[] = '#\s*\[/quote\]\s*#i'; | 72: $a[] = '#\s*\[/quote\]\s*#i'; |
73: $a[] = '#\[code\][\r\n]*(.*?)\s*\[/code\]\s*#is'; | 73: $a[] = '#\[code\][\r\n]*(.*?)\s*\[/code\]\s*#is'; |
182: // We found a [code] | 182: // We found a [code] |
183: else if ($c_start < min($c_end, $q_start, $q_end)) | 183: else if ($c_start < min($c_end, $q_start, $q_end)) |
184: { | 184: { |
| 185: // Make sure there's a [/code] and that any new [code] doesn't occur before the end tag |
185: $tmp = strpos($text, '[/code]'); | 186: $tmp = strpos($text, '[/code]'); |
186: if ($tmp === false) | 187: $tmp2 = strpos(substr($text, 6), '[code]'); |
| 188: if ($tmp === false || ($tmp2 !== false && $tmp2 < $tmp)) |
187: { | 189: { |
188: $error = $lang_common['BBCode error'].' '.$lang_common['BBCode error 2']; | 190: $error = $lang_common['BBCode error'].' '.$lang_common['BBCode error 2']; |
189: return; | 191: return; |
punbb-1.2.1/upload/login.php |
punbb-1.2.5/upload/login.php |
40: $form_username = trim($_POST['req_username']); | 40: $form_username = trim($_POST['req_username']); |
41: $form_password = trim($_POST['req_password']); | 41: $form_password = trim($_POST['req_password']); |
42: | 42: |
43: $result = $db->query('SELECT id, group_id, password, save_pass FROM '.$db->prefix.'users WHERE username=\''.$db->escape($form_username).'\'') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); | 43: $username_sql = ($db_type == 'mysql' || $db_type == 'mysqli') ? 'username=\''.$db->escape($form_username).'\'' : 'LOWER(username)=LOWER(\''.$db->escape($form_username).'\')'; |
| 44: |
| 45: $result = $db->query('SELECT id, group_id, password, save_pass FROM '.$db->prefix.'users WHERE '.$username_sql) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); |
44: list($user_id, $group_id, $db_password_hash, $save_pass) = $db->fetch_row($result); | 46: list($user_id, $group_id, $db_password_hash, $save_pass) = $db->fetch_row($result); |
45: | 47: |
46: $authorized = false; | 48: $authorized = false; |
91: // Remove user from "users online" list. | 93: // Remove user from "users online" list. |
92: $db->query('DELETE FROM '.$db->prefix.'online WHERE user_id='.$pun_user['id']) or error('Unable to delete from online list', __FILE__, __LINE__, $db->error()); | 94: $db->query('DELETE FROM '.$db->prefix.'online WHERE user_id='.$pun_user['id']) or error('Unable to delete from online list', __FILE__, __LINE__, $db->error()); |
93: | 95: |
94: // Update last_visit | 96: // Update last_visit (make sure there's something to update it with) |
95: $db->query('UPDATE '.$db->prefix.'users SET last_visit='.$pun_user['logged'].' WHERE id='.$pun_user['id']) or error('Unable to update user visit data', __FILE__, __LINE__, $db->error()); | 97: if (isset($pun_user['logged'])) |
| 98: $db->query('UPDATE '.$db->prefix.'users SET last_visit='.$pun_user['logged'].' WHERE id='.$pun_user['id']) or error('Unable to update user visit data', __FILE__, __LINE__, $db->error()); |
96: | 99: |
97: pun_setcookie(1, random_pass(8), time() + 31536000); | 100: pun_setcookie(1, random_pass(8), time() + 31536000); |
98: | 101: |
punbb-1.2.1/upload/moderate.php |
punbb-1.2.5/upload/moderate.php |
50: $ip = $db->result($result); | 50: $ip = $db->result($result); |
51: } | 51: } |
52: | 52: |
53: message('The IP address is: '.$ip.'<br />The host name is: '.gethostbyaddr($ip).'<br /><br /><a href="admin_users.php?show_users='.$ip.'">Show more users for this IP</a>'); | 53: message('The IP address is: '.$ip.'<br />The host name is: '.@gethostbyaddr($ip).'<br /><br /><a href="admin_users.php?show_users='.$ip.'">Show more users for this IP</a>'); |
54: } | 54: } |
55: | 55: |
56: | 56: |
98: { | 98: { |
99: confirm_referrer('moderate.php'); | 99: confirm_referrer('moderate.php'); |
100: | 100: |
| 101: if (preg_match('/[^0-9,]/', $posts)) |
| 102: message($lang_common['Bad request']); |
| 103: |
101: // Delete the posts | 104: // Delete the posts |
102: $db->query('DELETE FROM '.$db->prefix.'posts WHERE id IN('.$posts.')') or error('Unable to delete posts', __FILE__, __LINE__, $db->error()); | 105: $db->query('DELETE FROM '.$db->prefix.'posts WHERE id IN('.$posts.')') or error('Unable to delete posts', __FILE__, __LINE__, $db->error()); |
103: | 106: |
278: { | 281: { |
279: confirm_referrer('moderate.php'); | 282: confirm_referrer('moderate.php'); |
280: | 283: |
| 284: if (preg_match('/[^0-9,]/', $_POST['topics'])) |
| 285: message($lang_common['Bad request']); |
| 286: |
281: $topics = explode(',', $_POST['topics']); | 287: $topics = explode(',', $_POST['topics']); |
282: $move_to_forum = intval($_POST['move_to_forum']); | 288: $move_to_forum = isset($_POST['move_to_forum']) ? intval($_POST['move_to_forum']) : 0; |
283: if (empty($topics) || $move_to_forum < 1) | 289: if (empty($topics) || $move_to_forum < 1) |
284: message($lang_common['Bad request']); | 290: message($lang_common['Bad request']); |
285: | 291: |
345: <br /><select name="move_to_forum"> | 351: <br /><select name="move_to_forum"> |
346: <?php | 352: <?php |
347: | 353: |
348: $result = $db->query('SELECT c.id AS cid, c.cat_name, f.id AS fid, f.forum_name FROM '.$db->prefix.'categories AS c INNER JOIN '.$db->prefix.'forums AS f ON c.id=f.cat_id WHERE f.redirect_url IS NULL ORDER BY c.disp_position, c.id, f.disp_position') or error('Unable to fetch category/forum list', __FILE__, __LINE__, $db->error()); | 354: $result = $db->query('SELECT c.id AS cid, c.cat_name, f.id AS fid, f.forum_name FROM '.$db->prefix.'categories AS c INNER JOIN '.$db->prefix.'forums AS f ON c.id=f.cat_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['group_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND f.redirect_url IS NULL ORDER BY c.disp_position, c.id, f.disp_position', true) or error('Unable to fetch category/forum list', __FILE__, __LINE__, $db->error()); |
349: | 355: |
350: $cur_category = 0; | 356: $cur_category = 0; |
351: while ($cur_forum = $db->fetch_assoc($result)) | 357: while ($cur_forum = $db->fetch_assoc($result)) |
394: { | 400: { |
395: confirm_referrer('moderate.php'); | 401: confirm_referrer('moderate.php'); |
396: | 402: |
| 403: if (preg_match('/[^0-9,]/', $topics)) |
| 404: message($lang_common['Bad request']); |
| 405: |
397: require PUN_ROOT.'include/search_idx.php'; | 406: require PUN_ROOT.'include/search_idx.php'; |
398: | 407: |
399: // Delete the topics and any redirect topics | 408: // Delete the topics and any redirect topics |
459: { | 468: { |
460: confirm_referrer('moderate.php'); | 469: confirm_referrer('moderate.php'); |
461: | 470: |
462: $topics = isset($_POST['topics']) ? $_POST['topics'] : array(); | 471: $topics = isset($_POST['topics']) ? @array_map('intval', @array_keys($_POST['topics'])) : array(); |
463: if (empty($topics)) | 472: if (empty($topics)) |
464: message($lang_misc['No topics selected']); | 473: message($lang_misc['No topics selected']); |
465: | 474: |
466: $db->query('UPDATE '.$db->prefix.'topics SET closed='.$action.' WHERE id IN('.implode(',', array_keys($topics)).')') or error('Unable to close topics', __FILE__, __LINE__, $db->error()); | 475: $db->query('UPDATE '.$db->prefix.'topics SET closed='.$action.' WHERE id IN('.implode(',', $topics).')') or error('Unable to close topics', __FILE__, __LINE__, $db->error()); |
467: | 476: |
468: $redirect_msg = ($action) ? $lang_misc['Close topics redirect'] : $lang_misc['Open topics redirect']; | 477: $redirect_msg = ($action) ? $lang_misc['Close topics redirect'] : $lang_misc['Open topics redirect']; |
469: redirect('moderate.php?fid='.$fid, $redirect_msg); | 478: redirect('moderate.php?fid='.$fid, $redirect_msg); |
punbb-1.2.1/upload/post.php |
punbb-1.2.5/upload/post.php |
207: | 207: |
208: update_forum($cur_posting['id']); | 208: update_forum($cur_posting['id']); |
209: | 209: |
210: | 210: // Should we send out notifications? |
211: // Get the post time for the previous post in this topic | 211: if ($pun_config['o_subscriptions'] == '1') |
212: $result = $db->query('SELECT posted FROM '.$db->prefix.'posts WHERE topic_id='.$tid.' ORDER BY id DESC LIMIT 1, 1') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error()); | |
213: $previous_post_time = $db->result($result); | |
214: | |
215: // Get any subscribed users that should be notified (banned users are excluded) | |
216: $result = $db->query('SELECT u.id, u.email, u.notify_with_post, u.language FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'subscriptions AS s ON u.id=s.user_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id='.$cur_posting['id'].' AND fp.group_id=u.group_id) LEFT JOIN '.$db->prefix.'online AS o ON u.id=o.user_id LEFT JOIN '.$db->prefix.'bans AS b ON u.username=b.username WHERE b.username IS NULL AND COALESCE(o.logged, u.last_visit)>'.$previous_post_time.' AND (fp.read_forum IS NULL OR fp.read_forum=1) AND s.topic_id='.$tid.' AND u.id!='.intval($pun_user['id'])) or error('Unable to fetch subscription info', __FILE__, __LINE__, $db->error()); | |
217: if ($db->num_rows($result)) | |
218: { | 212: { |
219: require_once PUN_ROOT.'include/email.php'; | 213: // Get the post time for the previous post in this topic |
| 214: $result = $db->query('SELECT posted FROM '.$db->prefix.'posts WHERE topic_id='.$tid.' ORDER BY id DESC LIMIT 1, 1') or error('Unable to fetch post info', __FILE__, __LINE__, $db->error()); |
| 215: $previous_post_time = $db->result($result); |
| 216: |
| 217: // Get any subscribed users that should be notified (banned users are excluded) |
| 218: $result = $db->query('SELECT u.id, u.email, u.notify_with_post, u.language FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'subscriptions AS s ON u.id=s.user_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id='.$cur_posting['id'].' AND fp.group_id=u.group_id) LEFT JOIN '.$db->prefix.'online AS o ON u.id=o.user_id LEFT JOIN '.$db->prefix.'bans AS b ON u.username=b.username WHERE b.username IS NULL AND COALESCE(o.logged, u.last_visit)>'.$previous_post_time.' AND (fp.read_forum IS NULL OR fp.read_forum=1) AND s.topic_id='.$tid.' AND u.id!='.intval($pun_user['id'])) or error('Unable to fetch subscription info', __FILE__, __LINE__, $db->error()); |
| 219: if ($db->num_rows($result)) |
| 220: { |
| 221: require_once PUN_ROOT.'include/email.php'; |
220: | 222: |
221: $notification_emails = array(); | 223: $notification_emails = array(); |
222: | 224: |
223: // Loop through subscribed users and send e-mails | 225: // Loop through subscribed users and send e-mails |
224: while ($cur_subscriber = $db->fetch_assoc($result)) | 226: while ($cur_subscriber = $db->fetch_assoc($result)) |
225: { | |
226: // Is the subscription e-mail for $cur_subscriber['language'] cached or not? | |
227: if (!isset($notification_emails[$cur_subscriber['language']])) | |
228: { | 227: { |
229: if (file_exists(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply.tpl')) | 228: // Is the subscription e-mail for $cur_subscriber['language'] cached or not? |
| 229: if (!isset($notification_emails[$cur_subscriber['language']])) |
230: { | 230: { |
231: // Load the "new reply" template | 231: if (file_exists(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply.tpl')) |
232: $mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply.tpl')); | 232: { |
233: | 233: // Load the "new reply" template |
234: // Load the "new reply full" template (with post included) | 234: $mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply.tpl')); |
235: $mail_tpl_full = trim(file_get_contents(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply_full.tpl')); | 235: |
| 236: // Load the "new reply full" template (with post included) |
| 237: $mail_tpl_full = trim(file_get_contents(PUN_ROOT.'lang/'.$cur_subscriber['language'].'/mail_templates/new_reply_full.tpl')); |
| 238: |
| 239: // The first row contains the subject (it also starts with "Subject:") |
| 240: $first_crlf = strpos($mail_tpl, "\n"); |
| 241: $mail_subject = trim(substr($mail_tpl, 8, $first_crlf-8)); |
| 242: $mail_message = trim(substr($mail_tpl, $first_crlf)); |
| 243: |
| 244: $first_crlf = strpos($mail_tpl_full, "\n"); |
| 245: $mail_subject_full = trim(substr($mail_tpl_full, 8, $first_crlf-8)); |
| 246: $mail_message_full = trim(substr($mail_tpl_full, $first_crlf)); |
| 247: |
| 248: $mail_subject = str_replace('<topic_subject>', '\''.$cur_posting['subject'].'\'', $mail_subject); |
| 249: $mail_message = str_replace('<topic_subject>', '\''.$cur_posting['subject'].'\'', $mail_message); |
| 250: $mail_message = str_replace('<replier>', $username, $mail_message); |
| 251: $mail_message = str_replace('<post_url>', $pun_config['o_base_url'].'/viewtopic.php?pid='.$new_pid.'#p'.$new_pid, $mail_message); |
| 252: $mail_message = str_replace('<unsubscribe_url>', $pun_config['o_base_url'].'/misc.php?unsubscribe='.$tid, $mail_message); |
| 253: $mail_message = str_replace('<board_mailer>', $pun_config['o_board_title'].' '.$lang_common['Mailer'], $mail_message); |
| 254: |
| 255: $mail_subject_full = str_replace('<topic_subject>', '\''.$cur_posting['subject'].'\'', $mail_subject_full); |
| 256: $mail_message_full = str_replace('<topic_subject>', '\''.$cur_posting['subject'].'\'', $mail_message_full); |
| 257: $mail_message_full = str_replace('<replier>', $username, $mail_message_full); |
| 258: $mail_message_full = str_replace('<message>', $message, $mail_message_full); |
| 259: $mail_message_full = str_replace('<post_url>', $pun_config['o_base_url'].'/viewtopic.php?pid='.$new_pid.'#p'.$new_pid, $mail_message_full); |
| 260: $mail_message_full = str_replace('<unsubscribe_url>', $pun_config['o_base_url'].'/misc.php?unsubscribe='.$tid, $mail_message_full); |
| 261: $mail_message_full = str_replace('<board_mailer>', $pun_config['o_board_title'].' '.$lang_common['Mailer'], $mail_message_full); |
| 262: |
| 263: $notification_emails[$cur_subscriber['language']][0] = $mail_subject; |
| 264: $notification_emails[$cur_subscriber['language']][1] = $mail_message; |
| 265: $notification_emails[$cur_subscriber['language']][2] = $mail_subject_full; |
| 266: $notification_emails[$cur_subscriber['language']][3] = $mail_message_full; |
236: | 267: |
237: // The first row contains the subject (it also starts with "Subject:") | 268: $mail_subject = $mail_message = $mail_subject_full = $mail_message_full = null; |
238: $first_crlf = strpos($mail_tpl, "\n"); | 269: } |
239: $mail_subject = trim(substr($mail_tpl, 8, $first_crlf-8)); | |
240: $mail_message = trim(substr($mail_tpl, $first_crlf)); | |
241: | |
242: $first_crlf = strpos($mail_tpl_full, "\n"); | |
243: $mail_subject_full = trim(substr($mail_tpl_full, 8, $first_crlf-8)); | |
244: $mail_message_full = trim(substr($mail_tpl_full, $first_crlf)); | |
245: | |
246: $mail_subject = str_replace('<topic_subject>', '\''.$cur_posting['subject'].'\'', $mail_subject); | |
247: $mail_message = str_replace('<topic_subject>', '\''.$cur_posting['subject'].'\'', $mail_message); | |
248: $mail_message = str_replace('<replier>', $username, $mail_message); | |
249: $mail_message = str_replace('<post_url>', $pun_config['o_base_url'].'/viewtopic.php?pid='.$new_pid.'#p'.$new_pid, $mail_message); | |
250: $mail_message = str_replace('<unsubscribe_url>', $pun_config['o_base_url'].'/misc.php?unsubscribe='.$tid, $mail_message); | |
251: $mail_message = str_replace('<board_mailer>', $pun_config['o_board_title'].' '.$lang_common['Mailer'], $mail_message); | |
252: | |
253: $mail_subject_full = str_replace('<topic_subject>', '\''.$cur_posting['subject'].'\'', $mail_subject_full); | |
254: $mail_message_full = str_replace('<topic_subject>', '\''.$cur_posting['subject'].'\'', $mail_message_full); | |
255: $mail_message_full = str_replace('<replier>', $username, $mail_message_full); | |
256: $mail_message_full = str_replace('<message>', $message, $mail_message_full); | |
257: $mail_message_full = str_replace('<post_url>', $pun_config['o_base_url'].'/viewtopic.php?pid='.$new_pid.'#p'.$new_pid, $mail_message_full); | |
258: $mail_message_full = str_replace('<unsubscribe_url>', $pun_config['o_base_url'].'/misc.php?unsubscribe='.$tid, $mail_message_full); | |
259: $mail_message_full = str_replace('<board_mailer>', $pun_config['o_board_title'].' '.$lang_common['Mailer'], $mail_message_full); | |
260: | |
261: $notification_emails[$cur_subscriber['language']][0] = $mail_subject; | |
262: $notification_emails[$cur_subscriber['language']][1] = $mail_message; | |
263: $notification_emails[$cur_subscriber['language']][2] = $mail_subject_full; | |
264: $notification_emails[$cur_subscriber['language']][3] = $mail_message_full; | |
265: | |
266: $mail_subject = $mail_message = $mail_subject_full = $mail_message_full = null; | |
267: } | 270: } |
268: } | |
269: | 271: |
270: // We have to double check here because the templates could be missing | 272: // We have to double check here because the templates could be missing |
271: if (isset($notification_emails[$cur_subscriber['language']])) | 273: if (isset($notification_emails[$cur_subscriber['language']])) |
272: { | 274: { |
273: if ($cur_subscriber['notify_with_post'] == '0') | 275: if ($cur_subscriber['notify_with_post'] == '0') |
274: pun_mail($cur_subscriber['email'], $notification_emails[$cur_subscriber['language']][0], $notification_emails[$cur_subscriber['language']][1]); | 276: pun_mail($cur_subscriber['email'], $notification_emails[$cur_subscriber['language']][0], $notification_emails[$cur_subscriber['language']][1]); |
275: else | 277: else |
276: pun_mail($cur_subscriber['email'], $notification_emails[$cur_subscriber['language']][2], $notification_emails[$cur_subscriber['language']][3]); | 278: pun_mail($cur_subscriber['email'], $notification_emails[$cur_subscriber['language']][2], $notification_emails[$cur_subscriber['language']][3]); |
| 279: } |
277: } | 280: } |
278: } | 281: } |
279: } | 282: } |
punbb-1.2.1/upload/profile.php |
punbb-1.2.5/upload/profile.php |
59: $result = $db->query('SELECT activate_string, activate_key FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch new password', __FILE__, __LINE__, $db->error()); | 59: $result = $db->query('SELECT activate_string, activate_key FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch new password', __FILE__, __LINE__, $db->error()); |
60: list($new_password_hash, $new_password_key) = $db->fetch_row($result); | 60: list($new_password_hash, $new_password_key) = $db->fetch_row($result); |
61: | 61: |
62: if ($key != $new_password_key) | 62: if ($key == '' || $key != $new_password_key) |
63: message($lang_profile['Pass key bad'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.'); | 63: message($lang_profile['Pass key bad'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.'); |
64: else | 64: else |
65: { | 65: { |
194: message($lang_profile['E-mail key bad'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.'); | 194: message($lang_profile['E-mail key bad'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.'); |
195: else | 195: else |
196: { | 196: { |
197: $db->query('UPDATE '.$db->prefix.'users SET email=\''.$new_email.'\', activate_string=NULL, activate_key=NULL WHERE id='.$id) or error('Unable to update e-mail address', __FILE__, __LINE__, $db->error()); | 197: $db->query('UPDATE '.$db->prefix.'users SET email=activate_string, activate_string=NULL, activate_key=NULL WHERE id='.$id) or error('Unable to update e-mail address', __FILE__, __LINE__, $db->error()); |
198: | 198: |
199: message($lang_profile['E-mail updated'], true); | 199: message($lang_profile['E-mail updated'], true); |
200: } | 200: } |
223: } | 223: } |
224: | 224: |
225: // Check if someone else already has registered with that e-mail address | 225: // Check if someone else already has registered with that e-mail address |
226: $result = $db->query('SELECT id, username FROM '.$db->prefix.'users WHERE email=\''.$new_email.'\'') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); | 226: $result = $db->query('SELECT id, username FROM '.$db->prefix.'users WHERE email=\''.$db->escape($new_email).'\'') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); |
227: if ($db->num_rows($result)) | 227: if ($db->num_rows($result)) |
228: { | 228: { |
229: if ($pun_config['p_allow_dupe_email'] == '0') | 229: if ($pun_config['p_allow_dupe_email'] == '0') |
243: | 243: |
244: $new_email_key = random_pass(8); | 244: $new_email_key = random_pass(8); |
245: | 245: |
246: $db->query('UPDATE '.$db->prefix.'users SET activate_string=\''.$new_email.'\', activate_key=\''.$new_email_key.'\' WHERE id='.$id) or error('Unable to update activation data', __FILE__, __LINE__, $db->error()); | 246: $db->query('UPDATE '.$db->prefix.'users SET activate_string=\''.$db->escape($new_email).'\', activate_key=\''.$new_email_key.'\' WHERE id='.$id) or error('Unable to update activation data', __FILE__, __LINE__, $db->error()); |
247: | 247: |
248: // Load the "activate e-mail" template | 248: // Load the "activate e-mail" template |
249: $mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$pun_user['language'].'/mail_templates/activate_email.tpl')); | 249: $mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$pun_user['language'].'/mail_templates/activate_email.tpl')); |
303: | 303: |
304: if (isset($_POST['form_sent'])) | 304: if (isset($_POST['form_sent'])) |
305: { | 305: { |
| 306: if (!isset($_FILES['req_file'])) |
| 307: message($lang_profile['No file']); |
| 308: |
306: $uploaded_file = $_FILES['req_file']; | 309: $uploaded_file = $_FILES['req_file']; |
307: | 310: |
308: // Make sure the upload went smooth | 311: // Make sure the upload went smooth |
360: | 363: |
361: // Now check the width/height | 364: // Now check the width/height |
362: list($width, $height, ,) = getimagesize($pun_config['o_avatars_dir'].'/'.$id.'.tmp'); | 365: list($width, $height, ,) = getimagesize($pun_config['o_avatars_dir'].'/'.$id.'.tmp'); |
363: if ($width > $pun_config['o_avatars_width'] || $height > $pun_config['o_avatars_height']) | 366: if (empty($width) || empty($height) || $width > $pun_config['o_avatars_width'] || $height > $pun_config['o_avatars_height']) |
364: { | 367: { |
365: @unlink($pun_config['o_avatars_dir'].'/'.$id.'.tmp'); | 368: @unlink($pun_config['o_avatars_dir'].'/'.$id.'.tmp'); |
366: message($lang_profile['Too wide or high'].' '.$pun_config['o_avatars_width'].'x'.$pun_config['o_avatars_height'].' '.$lang_profile['pixels'].'.'); | 369: message($lang_profile['Too wide or high'].' '.$pun_config['o_avatars_width'].'x'.$pun_config['o_avatars_height'].' '.$lang_profile['pixels'].'.'); |
711: { | 714: { |
712: $form = extract_elements(array('realname', 'url', 'location')); | 715: $form = extract_elements(array('realname', 'url', 'location')); |
713: | 716: |
714: if ($pun_user['g_id'] < PUN_GUEST) | 717: if ($pun_user['g_id'] == PUN_ADMIN) |
715: $form['title'] = trim($_POST['title']); | 718: $form['title'] = trim($_POST['title']); |
716: else if ($pun_user['g_set_title'] == '1') | 719: else if ($pun_user['g_set_title'] == '1') |
717: { | 720: { |
819: // Singlequotes around non-empty values and NULL for empty values | 822: // Singlequotes around non-empty values and NULL for empty values |
820: while (list($key, $input) = @each($form)) | 823: while (list($key, $input) = @each($form)) |
821: { | 824: { |
822: $value = ($input != '') ? '\''.$db->escape($input).'\'' : 'NULL'; | 825: $value = ($input !== '') ? '\''.$db->escape($input).'\'' : 'NULL'; |
823: | 826: |
824: $temp[] = $key.'='.$value; | 827: $temp[] = $key.'='.$value; |
825: } | 828: } |
966: <div class="infldset"> | 969: <div class="infldset"> |
967: <dl> | 970: <dl> |
968: <dt><?php echo $lang_profile['Jabber'] ?>: </dt> | 971: <dt><?php echo $lang_profile['Jabber'] ?>: </dt> |
969: <dd><?php echo ($user['jabber'] !='') ? $user['jabber'] : $lang_profile['Unknown']; ?></dd> | 972: <dd><?php echo ($user['jabber'] !='') ? pun_htmlspecialchars($user['jabber']) : $lang_profile['Unknown']; ?></dd> |
970: <dt><?php echo $lang_profile['ICQ'] ?>: </dt> | 973: <dt><?php echo $lang_profile['ICQ'] ?>: </dt> |
971: <dd><?php echo ($user['icq'] !='') ? $user['icq'] : $lang_profile['Unknown']; ?></dd> | 974: <dd><?php echo ($user['icq'] !='') ? $user['icq'] : $lang_profile['Unknown']; ?></dd> |
972: <dt><?php echo $lang_profile['MSN'] ?>: </dt> | 975: <dt><?php echo $lang_profile['MSN'] ?>: </dt> |
1182: } | 1185: } |
1183: else if ($section == 'personal') | 1186: else if ($section == 'personal') |
1184: { | 1187: { |
1185: if ($pun_user['g_set_title'] == '1' || $pun_user['g_id'] < PUN_GUEST) | 1188: if ($pun_user['g_set_title'] == '1') |
1186: $title_field = '<label>'.$lang_common['Title'].' (<em>'.$lang_profile['Leave blank'].'</em>)<br /><input type="text" name="title" value="'.pun_htmlspecialchars($user['title']).'" size="30" maxlength="50" /><br /></label>'."\n"; | 1189: $title_field = '<label>'.$lang_common['Title'].' (<em>'.$lang_profile['Leave blank'].'</em>)<br /><input type="text" name="title" value="'.pun_htmlspecialchars($user['title']).'" size="30" maxlength="50" /><br /></label>'."\n"; |
1187: | 1190: |
1188: $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Profile']; | 1191: $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Profile']; |
1232: <legend><?php echo $lang_profile['Contact details legend'] ?></legend> | 1235: <legend><?php echo $lang_profile['Contact details legend'] ?></legend> |
1233: <div class="infldset"> | 1236: <div class="infldset"> |
1234: <input type="hidden" name="form_sent" value="1" /> | 1237: <input type="hidden" name="form_sent" value="1" /> |
1235: <label><?php echo $lang_profile['Jabber'] ?><br /><input id="jabber" type="text" name="form[jabber]" value="<?php echo $user['jabber'] ?>" size="40" maxlength="75" /><br /></label> | 1238: <label><?php echo $lang_profile['Jabber'] ?><br /><input id="jabber" type="text" name="form[jabber]" value="<?php echo pun_htmlspecialchars($user['jabber']) ?>" size="40" maxlength="75" /><br /></label> |
1236: <label><?php echo $lang_profile['ICQ'] ?><br /><input id="icq" type="text" name="form[icq]" value="<?php echo $user['icq'] ?>" size="12" maxlength="12" /><br /></label> | 1239: <label><?php echo $lang_profile['ICQ'] ?><br /><input id="icq" type="text" name="form[icq]" value="<?php echo $user['icq'] ?>" size="12" maxlength="12" /><br /></label> |
1237: <label><?php echo $lang_profile['MSN'] ?><br /><input id="msn" type="text" name="form[msn]" value="<?php echo pun_htmlspecialchars($user['msn']) ?>" size="40" maxlength="50" /><br /></label> | 1240: <label><?php echo $lang_profile['MSN'] ?><br /><input id="msn" type="text" name="form[msn]" value="<?php echo pun_htmlspecialchars($user['msn']) ?>" size="40" maxlength="50" /><br /></label> |
1238: <label><?php echo $lang_profile['AOL IM'] ?><br /><input id="aim" type="text" name="form[aim]" value="<?php echo pun_htmlspecialchars($user['aim']) ?>" size="20" maxlength="30" /><br /></label> | 1241: <label><?php echo $lang_profile['AOL IM'] ?><br /><input id="aim" type="text" name="form[aim]" value="<?php echo pun_htmlspecialchars($user['aim']) ?>" size="20" maxlength="30" /><br /></label> |
punbb-1.2.1/upload/viewtopic.php |
punbb-1.2.5/upload/viewtopic.php |
183: $post_count = 0; // Keep track of post numbers | 183: $post_count = 0; // Keep track of post numbers |
184: | 184: |
185: // Retrieve the posts (and their respective poster/online status) | 185: // Retrieve the posts (and their respective poster/online status) |
186: $result = $db->query('SELECT DISTINCT u.email, u.title, u.url, u.location, u.use_avatar, u.signature, u.email_setting, u.num_posts, u.registered, u.admin_note, p.id, p.poster AS username, p.poster_id, p.poster_ip, p.poster_email, p.message, p.hide_smilies, p.posted, p.edited, p.edited_by, g.g_id, g.g_user_title, o.user_id AS is_online FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'users AS u ON u.id=p.poster_id INNER JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id LEFT JOIN '.$db->prefix.'online AS o ON (o.user_id=u.id AND o.idle=0) WHERE p.topic_id='.$id.' ORDER BY p.id LIMIT '.$start_from.','.$pun_user['disp_posts'], true) or error('Unable to fetch post info', __FILE__, __LINE__, $db->error()); | 186: $result = $db->query('SELECT u.email, u.title, u.url, u.location, u.use_avatar, u.signature, u.email_setting, u.num_posts, u.registered, u.admin_note, p.id, p.poster AS username, p.poster_id, p.poster_ip, p.poster_email, p.message, p.hide_smilies, p.posted, p.edited, p.edited_by, g.g_id, g.g_user_title, o.user_id AS is_online FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'users AS u ON u.id=p.poster_id INNER JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id LEFT JOIN '.$db->prefix.'online AS o ON (o.user_id=u.id AND o.idle=0) WHERE p.topic_id='.$id.' ORDER BY p.id LIMIT '.$start_from.','.$pun_user['disp_posts'], true) or error('Unable to fetch post info', __FILE__, __LINE__, $db->error()); |
187: while ($cur_post = $db->fetch_assoc($result)) | 187: while ($cur_post = $db->fetch_assoc($result)) |
188: { | 188: { |
189: $post_count++; | 189: $post_count++; |