Menu
▾
▴
[mxbb-commits] core/modules/mx_users/admin admin_users.php, 1.5, 1.6 admin_prune_user_posts.php, 1.2, 1.3 admin_groups.php, 1.3, 1.4 admin_groupcp.php, 1.3, 1.4 admin_userlist.php, 1.2, 1.3
Update of /cvsroot/mxbb/core/modules/mx_users/admin In directory sc8-pr-cvs16.sourceforge.net:/tmp/cvs-serv29297/modules/mx_users/admin Modified Files: admin_users.php admin_prune_user_posts.php admin_groups.php admin_groupcp.php admin_userlist.php Log Message: part of project wide change of using request_vars wrapper class instead of explicite and unfiltered $HTML_*_VARS Index: admin_groups.php =================================================================== RCS file: /cvsroot/mxbb/core/modules/mx_users/admin/admin_groups.php,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** admin_groups.php 8 Feb 2008 23:37:06 -0000 1.3 --- admin_groups.php 9 Feb 2008 12:51:06 -0000 1.4 *************** *** 49,55 **** } ! if ( isset($HTTP_POST_VARS[POST_GROUPS_URL]) || isset($HTTP_GET_VARS[POST_GROUPS_URL]) ) { ! $group_id = ( isset($HTTP_POST_VARS[POST_GROUPS_URL]) ) ? intval($HTTP_POST_VARS[POST_GROUPS_URL]) : intval($HTTP_GET_VARS[POST_GROUPS_URL]); } else --- 49,55 ---- } ! if ($mx_request_vars->is_request(POST_GROUPS_URL)) { ! $group_id = $mx_request_vars->request(POST_GROUPS_URL, MX_TYPE_INT); } else *************** *** 58,65 **** } ! if ( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) ) { ! $mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode']; ! $mode = htmlspecialchars($mode); } else --- 58,64 ---- } ! if ($mx_request_vars->is_request('mode')) { ! $mode = $mx_request_vars->request('mode', MX_TYPE_NO_TAGS); } else *************** *** 68,72 **** } ! if ( isset($HTTP_POST_VARS['edit']) || isset($HTTP_POST_VARS['new']) ) { // --- 67,71 ---- } ! if ($mx_request_vars->is_post('edit') || $mx_request_vars->is_post('new')) { // *************** *** 77,81 **** ); ! if ( isset($HTTP_POST_VARS['edit']) ) { // --- 76,80 ---- ); ! if ($mx_request_vars->is_post('edit') ) { // *************** *** 113,117 **** } ! else if ( isset($HTTP_POST_VARS['new']) ) { $group_info = array ( --- 112,116 ---- } ! else if ($mx_request_vars->is_post('new') ) { $group_info = array ( *************** *** 163,167 **** 'L_GROUP_TITLE' => $lang['Group_administration'], ! 'L_GROUP_EDIT_DELETE' => ( isset($HTTP_POST_VARS['new']) ) ? $lang['New_group'] : $lang['Edit_group'], 'L_GROUP_NAME' => $lang['group_name'], 'L_GROUP_DESCRIPTION' => $lang['group_description'], --- 162,166 ---- 'L_GROUP_TITLE' => $lang['Group_administration'], ! 'L_GROUP_EDIT_DELETE' => $mx_request_vars->is_post('new') ? $lang['New_group'] : $lang['Edit_group'], 'L_GROUP_NAME' => $lang['group_name'], 'L_GROUP_DESCRIPTION' => $lang['group_description'], *************** *** 195,204 **** } ! else if ( isset($HTTP_POST_VARS['group_update']) ) { // // Ok, they are submitting a group, let's save the data based on if it's new or editing // ! if ( isset($HTTP_POST_VARS['group_delete']) ) { // --- 194,203 ---- } ! else if ($mx_request_vars->is_post('group_update') ) { // // Ok, they are submitting a group, let's save the data based on if it's new or editing // ! if ($mx_request_vars->is_post('group_delete') ) { // *************** *** 279,287 **** else { ! $group_type = isset($HTTP_POST_VARS['group_type']) ? intval($HTTP_POST_VARS['group_type']) : GROUP_OPEN; ! $group_name = isset($HTTP_POST_VARS['group_name']) ? htmlspecialchars(trim($HTTP_POST_VARS['group_name'])) : ''; ! $group_description = isset($HTTP_POST_VARS['group_description']) ? trim($HTTP_POST_VARS['group_description']) : ''; ! $group_moderator = isset($HTTP_POST_VARS['username']) ? $HTTP_POST_VARS['username'] : ''; ! $delete_old_moderator = isset($HTTP_POST_VARS['delete_old_moderator']) ? true : false; if ( $group_name == '' ) --- 278,286 ---- else { ! $group_type = $mx_request_vars->post('group_type', MX_TYPE_INT, GROUP_OPEN); ! $group_name = $mx_request_vars->post('group_name', MX_TYPE_NO_TAGS); ! $group_description = $mx_request_vars->post('group_description', MX_TYPE_NO_TAGS); ! $group_moderator = $mx_request_vars->post('username', MX_TYPE_NO_TAGS); ! $delete_old_moderator = $mx_request_vars->is_post('delete_old_moderator'); if ( $group_name == '' ) Index: admin_prune_user_posts.php =================================================================== RCS file: /cvsroot/mxbb/core/modules/mx_users/admin/admin_prune_user_posts.php,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** admin_prune_user_posts.php 4 Feb 2008 18:53:12 -0000 1.2 --- admin_prune_user_posts.php 9 Feb 2008 12:51:06 -0000 1.3 *************** *** 50,54 **** // did they press the big red button? ! if( !isset($HTTP_POST_VARS['submit']) ) { // Set template name --- 50,54 ---- // did they press the big red button? ! if (!$mx_request_vars->is_post('submit')) { // Set template name *************** *** 295,299 **** // Figure out what users (criteria) are we pruning ! switch($HTTP_POST_VARS['prune_type']) { case 'user': --- 295,299 ---- // Figure out what users (criteria) are we pruning ! switch ($mx_request_vars->post('prune_type', MX_TYPE_NO_TAGS)) { case 'user': *************** *** 303,307 **** $sql = "SELECT user_id FROM ".USERS_TABLE." ! WHERE username = '".addslashes(trim($HTTP_POST_VARS['username']))."'"; $result = $db->sql_query($sql); --- 303,307 ---- $sql = "SELECT user_id FROM ".USERS_TABLE." ! WHERE username = '".addslashes($mx_request_vars->post('username', MX_TYPE_NO_TAGS))."'"; $result = $db->sql_query($sql); *************** *** 373,377 **** // Prune users in a specific group ! $group_id = intval($HTTP_POST_VARS['prune_group']); // Let's make sure the group exists --- 373,377 ---- // Prune users in a specific group ! $group_id = $mx_request_vars->post('prune_group', MX_TYPE_INT); // Let's make sure the group exists *************** *** 434,444 **** // Remove any whitespace ! $HTTP_POST_VARS['prune_ip'] = trim($HTTP_POST_VARS['prune_ip']); // Let's see if they entered a full valid IPv4 address ! if( preg_match('/^([0-9]{1,2}|[0-2][0-9]{0,2})(\.([0-9]{1,2}|[0-2][0-9]{0,2})){3}$/', $HTTP_POST_VARS['prune_ip']) ) { // Encode the ip into hexademicals ! $ip = phpBB2::encode_ip($HTTP_POST_VARS['prune_ip']); // Because we will be deleting based on IP's, we will store the encoded IP alone --- 434,444 ---- // Remove any whitespace ! $prune_ip = $mx_request_vars->post('prune_ip'); // Let's see if they entered a full valid IPv4 address ! if( preg_match('/^([0-9]{1,2}|[0-2][0-9]{0,2})(\.([0-9]{1,2}|[0-2][0-9]{0,2})){3}$/', $prune_ip) ) { // Encode the ip into hexademicals ! $ip = phpBB2::encode_ip($prune_ip); // Because we will be deleting based on IP's, we will store the encoded IP alone *************** *** 446,450 **** } // We will also support wildcards, is this an xxx.xxx.* address? ! else if( preg_match('/^([0-9]{1,2}|[0-2][0-9]{0,2})(\.([0-9]{1,2}|[0-2][0-9]{0,2})){0,2}\.\*/', $HTTP_POST_VARS['prune_ip']) ) { // Alright, now we do the ugly part, converting them to encoded ips --- 446,450 ---- } // We will also support wildcards, is this an xxx.xxx.* address? ! else if( preg_match('/^([0-9]{1,2}|[0-2][0-9]{0,2})(\.([0-9]{1,2}|[0-2][0-9]{0,2})){0,2}\.\*/', $prune_ip) ) { // Alright, now we do the ugly part, converting them to encoded ips *************** *** 455,459 **** // First we will split the IP into its quads ! $ip_split = explode('.', $HTTP_POST_VARS['prune_ip']); // Now we'll work with which type of wildcard we have --- 455,459 ---- // First we will split the IP into its quads ! $ip_split = explode('.', $prune_ip); // Now we'll work with which type of wildcard we have *************** *** 478,485 **** } // Lastly, let's see if they have a range in the last quad, like xxx.xxx.xxx.xxx - xxx.xxx.xxx.yyy ! else if( preg_match('/^([0-9]{1,2}|[0-2][0-9]{0,2})(\.([0-9]{1,2}|[0-2][0-9]{0,2})){3}(\s)*-(\s)*([0-9]{1,2}|[0-2][0-9]{0,2})(\.([0-9]{1,2}|[0-2][0-9]{0,2})){3}$/', $HTTP_POST_VARS['prune_ip']) ) { // We will split the two ranges ! $range = preg_split('/[-\s]+/', $HTTP_POST_VARS['prune_ip']); // This is where break the start and end ips into quads --- 478,485 ---- } // Lastly, let's see if they have a range in the last quad, like xxx.xxx.xxx.xxx - xxx.xxx.xxx.yyy ! else if( preg_match('/^([0-9]{1,2}|[0-2][0-9]{0,2})(\.([0-9]{1,2}|[0-2][0-9]{0,2})){3}(\s)*-(\s)*([0-9]{1,2}|[0-2][0-9]{0,2})(\.([0-9]{1,2}|[0-2][0-9]{0,2})){3}$/', $prune_ip) ) { // We will split the two ranges ! $range = preg_split('/[-\s]+/', $prune_ip); // This is where break the start and end ips into quads *************** *** 560,564 **** { // If we have to prune this forum ! if( $HTTP_POST_VARS['prune_forumid_'.$row['forum_id']] == 'true' ) { $forums_to_update[$row['forum_id']] = true; --- 560,564 ---- { // If we have to prune this forum ! if( $mx_request_vars->post('prune_forumid_'.$row['forum_id'], MX_TYPE_NO_TAGS) == 'true' ) { $forums_to_update[$row['forum_id']] = true; *************** *** 587,591 **** // (Exempts) // Are we going to prune stickies? ! if( $HTTP_POST_VARS['prune_stickies'] == 'true' ) { $where_sql .= ' AND t.topic_type <> '.POST_STICKY; --- 587,591 ---- // (Exempts) // Are we going to prune stickies? ! if ($mx_request_vars->post('prune_stickies', MX_TYPE_NO_TAGS) == 'true' ) { $where_sql .= ' AND t.topic_type <> '.POST_STICKY; *************** *** 593,597 **** // Are we going to prune announcements? ! if( $HTTP_POST_VARS['prune_announcements'] == 'true' ) { $where_sql .= ' AND t.topic_type <> '.POST_ANNOUNCE; --- 593,597 ---- // Are we going to prune announcements? ! if ($mx_request_vars->post('prune_announcements', MX_TYPE_NO_TAGS) == 'true') { $where_sql .= ' AND t.topic_type <> '.POST_ANNOUNCE; *************** *** 599,603 **** // How about open topics? ! if( $HTTP_POST_VARS['prune_open'] == 'true' ) { $where_sql .= ' AND t.topic_status <> '.TOPIC_UNLOCKED; --- 599,603 ---- // How about open topics? ! if ($mx_request_vars->post('prune_open', MX_TYPE_NO_TAGS) == 'true') { $where_sql .= ' AND t.topic_status <> '.TOPIC_UNLOCKED; *************** *** 605,609 **** // How about polls? ! if( $HTTP_POST_VARS['prune_polls'] == 'true' ) { $where_sql .= ' AND t.topic_vote <> 0'; --- 605,609 ---- // How about polls? ! if ($mx_request_vars->post('prune_polls', MX_TYPE_NO_TAGS) == 'true') { $where_sql .= ' AND t.topic_vote <> 0'; *************** *** 611,621 **** // Let's sort out dates now ! switch( $HTTP_POST_VARS['prune_date_type'] ) { // We are pruning before are certain amount of time case 'time': ! $time_value = intval($HTTP_POST_VARS['prune_time_value']); ! switch($HTTP_POST_VARS['prune_time_type']) { case 'seconds': --- 611,621 ---- // Let's sort out dates now ! switch ($mx_request_vars->post('prune_date_type', MX_TYPE_NO_TAGS)) { // We are pruning before are certain amount of time case 'time': ! $time_value = $mx_request_vars->post('prune_time_value', MX_TYPE_INT); ! switch ($mx_request_vars->post('prune_time_type', MX_TYPE_NO_TAGS)) { case 'seconds': *************** *** 636,640 **** // Are we pruning before or after this time? ! if( $HTTP_POST_VARS['prune_time_order'] == 'before' ) { $operator = '<'; --- 636,640 ---- // Are we pruning before or after this time? ! if ($mx_request_vars->post('prune_time_order', MX_TYPE_NO_TAGS) == 'before' ) { $operator = '<'; *************** *** 648,652 **** break; case 'by_date': ! $date = trim($HTTP_POST_VARS['prune_dateby_value']); // Is this a valid dd/mm/yyyy (note year is limited from 1970 - 2038 (Current 4 bit unix timestamp limits) --- 648,652 ---- break; case 'by_date': ! $date = $mx_request_vars->post('prune_dateby_value', MX_TYPE_NO_TAGS); // Is this a valid dd/mm/yyyy (note year is limited from 1970 - 2038 (Current 4 bit unix timestamp limits) *************** *** 672,680 **** // Are we pruning before or after this date? ! if( $HTTP_POST_VARS['prune_dateby_type'] == 'before' ) { $operator = '<'; } ! else if( $HTTP_POST_VARS['prune_dateby_type'] == 'after' ) { $operator = '>'; --- 672,680 ---- // Are we pruning before or after this date? ! if ($mx_request_vars->post('prune_dateby_type', MX_TYPE_NO_TAGS) == 'before' ) { $operator = '<'; } ! else if ($mx_request_vars->post('prune_dateby_type', MX_TYPE_NO_TAGS) == 'after' ) { $operator = '>'; *************** *** 694,699 **** case 'range': // from dd/mm/yyyy to dd/mm/yyyy ! $start_range = trim($HTTP_POST_VARS['prune_daterange_start']); ! $end_range = trim($HTTP_POST_VARS['prune_daterange_stop']); // Is this a valid dd/mm/yyyy (note year is limited from 1970 - 2038 (Current 4 bit unix timestamp limits) --- 694,699 ---- case 'range': // from dd/mm/yyyy to dd/mm/yyyy ! $start_range = $mx_request_vars->post('prune_daterange_start', MX_TYPE_NO_TAGS); ! $end_range = $mx_request_vars->post('prune_daterange_stop', MX_TYPE_NO_TAGS); // Is this a valid dd/mm/yyyy (note year is limited from 1970 - 2038 (Current 4 bit unix timestamp limits) *************** *** 869,873 **** // If we are to delete topics by this guy/gal/it ! if($HTTP_POST_VARS['prune_topic_started'] == 'true') { $delete_this_topic = true; --- 869,873 ---- // If we are to delete topics by this guy/gal/it ! if ($mx_request_vars->post('prune_topic_started', MX_TYPE_NO_TAGS) == 'true') { $delete_this_topic = true; *************** *** 955,959 **** // If we're going to update the search tables ! if( $HTTP_POST_VARS['prune_update_search'] == 'true' ) { remove_search_post($post_ids_sql); --- 955,959 ---- // If we're going to update the search tables ! if ($mx_request_vars->post('prune_update_search', MX_TYPE_NO_TAGS) == 'true' ) { remove_search_post($post_ids_sql); *************** *** 1232,1236 **** // Update user post counts if we need to ! if( $HTTP_POST_VARS['prune_update_post_counts'] == 'true' ) { foreach( $users_post_counts as $user_id => $post_count ) --- 1232,1236 ---- // Update user post counts if we need to ! if ($mx_request_vars->post('prune_update_post_counts', MX_TYPE_NO_TAGS) == 'true' ) { foreach( $users_post_counts as $user_id => $post_count ) Index: admin_groupcp.php =================================================================== RCS file: /cvsroot/mxbb/core/modules/mx_users/admin/admin_groupcp.php,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** admin_groupcp.php 30 Jan 2008 09:11:00 -0000 1.3 --- admin_groupcp.php 9 Feb 2008 12:51:07 -0000 1.4 *************** *** 135,141 **** // -------------------------- ! if ( isset($HTTP_GET_VARS[POST_GROUPS_URL]) || isset($HTTP_POST_VARS[POST_GROUPS_URL]) ) { ! $group_id = ( isset($HTTP_POST_VARS[POST_GROUPS_URL]) ) ? intval($HTTP_POST_VARS[POST_GROUPS_URL]) : intval($HTTP_GET_VARS[POST_GROUPS_URL]); } else --- 135,141 ---- // -------------------------- ! if ($mx_request_vars->is_request(POST_GROUPS_URL)) { ! $group_id = $mx_request_vars->request(POST_GROUPS_URL, MX_TYPE_NO_TAGS); } else *************** *** 144,151 **** } ! if ( isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) ) { ! $mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode']; ! $mode = htmlspecialchars($mode); } else --- 144,150 ---- } ! if ($mx_request_vars->is_request('mode')) { ! $mode = $mx_request_vars->request('mode', MX_TYPE_NO_TAGS); } else *************** *** 154,161 **** } ! $confirm = ( isset($HTTP_POST_VARS['confirm']) ) ? TRUE : 0; ! $cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? TRUE : 0; ! $start = ( isset($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0; // --- 153,160 ---- } ! $confirm = $mx_request_vars->is_post('confirm'); ! $cancel = $mx_request_vars->is_post('cancel'); ! $start = $mx_request_vars->get('start', MX_TYPE_INT, 0); // *************** *** 164,168 **** $is_moderator = FALSE; ! if ( isset($HTTP_POST_VARS['groupstatus']) && $group_id ) { if ( !$userdata['session_logged_in'] ) --- 163,167 ---- $is_moderator = FALSE; ! if ($mx_request_vars->is_post('groupstatus') && $group_id ) { if ( !$userdata['session_logged_in'] ) *************** *** 193,197 **** $sql = "UPDATE " . GROUPS_TABLE . " ! SET group_type = " . intval($HTTP_POST_VARS['group_type']) . " WHERE group_id = $group_id"; if ( !($result = $db->sql_query($sql)) ) --- 192,196 ---- $sql = "UPDATE " . GROUPS_TABLE . " ! SET group_type = " . $mx_request_vars->post('group_type', MX_TYPE_INT) . " WHERE group_id = $group_id"; if ( !($result = $db->sql_query($sql)) ) *************** *** 209,213 **** } ! else if ( isset($HTTP_POST_VARS['joingroup']) && $group_id ) { // --- 208,212 ---- } ! else if ($mx_request_vars->is_post('joingroup') && $group_id ) { // *************** *** 312,316 **** mx_message_die(GENERAL_MESSAGE, $message); } ! else if ( isset($HTTP_POST_VARS['unsub']) || isset($HTTP_POST_VARS['unsubpending']) && $group_id ) { // --- 311,315 ---- mx_message_die(GENERAL_MESSAGE, $message); } ! else if ($mx_request_vars->is_post('unsub') || $mx_request_vars->is_post('unsubpending') && $group_id ) { // *************** *** 373,377 **** else { ! $unsub_msg = ( isset($HTTP_POST_VARS['unsub']) ) ? $lang['Confirm_unsub'] : $lang['Confirm_unsub_pending']; $s_hidden_fields = '<input type="hidden" name="' . POST_GROUPS_URL . '" value="' . $group_id . '" /><input type="hidden" name="unsub" value="1" />'; --- 372,376 ---- else { ! $unsub_msg = $mx_request_vars->is_post('unsub') ? $lang['Confirm_unsub'] : $lang['Confirm_unsub_pending']; $s_hidden_fields = '<input type="hidden" name="' . POST_GROUPS_URL . '" value="' . $group_id . '" /><input type="hidden" name="unsub" value="1" />'; *************** *** 405,409 **** // If so, check to see if they are logged in. // ! if ( isset($HTTP_GET_VARS['validate']) ) { if ( !$userdata['session_logged_in'] ) --- 404,408 ---- // If so, check to see if they are logged in. // ! if ($mx_request_vars->is_get('validate') ) { if ( !$userdata['session_logged_in'] ) *************** *** 473,477 **** // Handle Additions, removals, approvals and denials // ! if ( !empty($HTTP_POST_VARS['add']) || !empty($HTTP_POST_VARS['remove']) || isset($HTTP_POST_VARS['approve']) || isset($HTTP_POST_VARS['deny']) ) { if ( !$userdata['session_logged_in'] ) --- 472,476 ---- // Handle Additions, removals, approvals and denials // ! if (!$mx_request_vars->is_empty_post('add') || !$mx_request_vars->is_empty_post('remove') || $mx_request_vars->is_post('approve') || $mx_request_vars->is_post('deny')) { if ( !$userdata['session_logged_in'] ) *************** *** 491,497 **** } ! if ( isset($HTTP_POST_VARS['add']) ) { ! $username = ( isset($HTTP_POST_VARS['username']) ) ? phpBB2::phpbb_clean_username($HTTP_POST_VARS['username']) : ''; $sql = "SELECT * --- 490,496 ---- } ! if ($mx_request_vars->is_post('add')) { ! $username = $mx_request_vars->is_post('username') ? phpBB2::phpbb_clean_username($mx_request_vars->post('username', MX_TYPE_NO_TAGS)) : ''; $sql = "SELECT * *************** *** 606,613 **** else { ! if ( ( ( isset($HTTP_POST_VARS['approve']) || isset($HTTP_POST_VARS['deny']) ) && isset($HTTP_POST_VARS['pending_members']) ) || ( isset($HTTP_POST_VARS['remove']) && isset($HTTP_POST_VARS['members']) ) ) { ! $members = ( isset($HTTP_POST_VARS['approve']) || isset($HTTP_POST_VARS['deny']) ) ? $HTTP_POST_VARS['pending_members'] : $HTTP_POST_VARS['members']; $sql_in = ''; --- 605,612 ---- else { ! if ( ( ($mx_request_vars->is_post('approve') || $mx_request_vars->is_post('deny') ) && $mx_request_vars->is_post('pending_members') ) || ( $mx_request_vars->is_post('remove') && $mx_request_vars->is_post('members') ) ) { ! $members = ($mx_request_vars->is_post('approve') || $mx_request_vars->is_post('deny')) ? $mx_request_vars->post('pending_members', MX_TYPE_NO_TAGS) : $mx_request_vars->post('members', MX_TYPE_NO_TAGS); $sql_in = ''; *************** *** 617,621 **** } ! if ( isset($HTTP_POST_VARS['approve']) ) { if ( $group_info['auth_mod'] ) --- 616,620 ---- } ! if ($mx_request_vars->is_post('approve')) { if ( $group_info['auth_mod'] ) *************** *** 639,643 **** WHERE user_id IN ($sql_in)"; } ! else if ( isset($HTTP_POST_VARS['deny']) || isset($HTTP_POST_VARS['remove']) ) { if ( $group_info['auth_mod'] ) --- 638,642 ---- WHERE user_id IN ($sql_in)"; } ! else if ($mx_request_vars->is_post('deny') || $mx_request_vars->is_post('remove') ) { if ( $group_info['auth_mod'] ) *************** *** 701,705 **** // Email users when they are approved // ! if ( isset($HTTP_POST_VARS['approve']) ) { if ( !($result = $db->sql_query($sql_select)) ) --- 700,704 ---- // Email users when they are approved // ! if ($mx_request_vars->is_post('approve') ) { if ( !($result = $db->sql_query($sql_select)) ) Index: admin_users.php =================================================================== RCS file: /cvsroot/mxbb/core/modules/mx_users/admin/admin_users.php,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** admin_users.php 25 Jan 2008 11:37:45 -0000 1.5 --- admin_users.php 9 Feb 2008 12:51:06 -0000 1.6 *************** *** 59,66 **** // Set mode // ! if( isset( $HTTP_POST_VARS['mode'] ) || isset( $HTTP_GET_VARS['mode'] ) ) { ! $mode = ( isset( $HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode']; ! $mode = htmlspecialchars($mode); } else --- 59,65 ---- // Set mode // ! if ($mx_request_vars->is_request('mode')) { ! $mode = $mx_request_vars->request('mode', MX_TYPE_NO_TAGS); } else *************** *** 69,85 **** } ! $action = (isset($HTTP_POST_VARS['id'])) && !empty($HTTP_POST_VARS['id']) ? 'do_update' : 'do_add'; // // Begin program // ! if ( $mode == 'edit' || $mode == 'add' || $mode == 'save' && ( isset($HTTP_GET_VARS['username']) || isset($HTTP_POST_VARS['username']) ) ) { // // Ok, the profile has been modified and submitted, let's update // ! if ( ( $mode == 'save' && isset( $HTTP_POST_VARS['submit'] ) ) ) { ! $user_id = intval($HTTP_POST_VARS['id']); $this_userdata = mx_get_userdata($user_id); --- 68,84 ---- } ! $action = !$mx_request_vars->is_empty_post('id') ? 'do_update' : 'do_add'; // // Begin program // ! if ( $mode == 'edit' || $mode == 'add' || $mode == 'save' && $mx_request_vars->is_request('username')) { // // Ok, the profile has been modified and submitted, let's update // ! if ($mode == 'save' && $mx_request_vars->is_post('submit') ) { ! $user_id = $mx_request_vars->post('id', MX_TYPE_INT); $this_userdata = mx_get_userdata($user_id); *************** *** 90,94 **** } ! if( $HTTP_POST_VARS['deleteuser'] && ( $userdata['user_id'] != $user_id ) ) { switch (PORTAL_BACKEND) --- 89,93 ---- } ! if ($mx_request_vars->is_post('deleteuser') && $userdata['user_id'] != $user_id) { switch (PORTAL_BACKEND) *************** *** 273,287 **** } ! $username = ( !empty($HTTP_POST_VARS['username']) ) ? phpBB2::phpbb_clean_username($HTTP_POST_VARS['username']) : ''; ! $email = ( !empty($HTTP_POST_VARS['email']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['email'] ) )) : ''; ! $password = ( !empty($HTTP_POST_VARS['password']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['password'] ) )) : ''; ! $password_confirm = ( !empty($HTTP_POST_VARS['password_confirm']) ) ? trim(strip_tags(htmlspecialchars( $HTTP_POST_VARS['password_confirm'] ) )) : ''; ! $user_status = ( !empty($HTTP_POST_VARS['user_status']) ) ? intval( $HTTP_POST_VARS['user_status'] ) : 0; } ! if( isset( $HTTP_POST_VARS['submit'] ) ) { $error = FALSE; --- 272,286 ---- } ! $username = phpBB2::phpbb_clean_username($mx_request_vars->post('username', MX_TYPE_NO_TAGS)); ! $email = $mx_request_vars->post('email', MX_TYPE_NO_TAGS); ! $password = $mx_request_vars->post('password', MX_TYPE_NO_TAGS); ! $password_confirm = $mx_request_vars->post('password_confirm', MX_TYPE_NO_TAGS); ! $user_status = $mx_request_vars->post('user_status', MX_TYPE_INT, 0); } ! if ($mx_request_vars->is_post('submit')) { $error = FALSE; *************** *** 450,460 **** // SHOW USER // ! else if( !isset( $HTTP_POST_VARS['submit'] ) && $mode != 'save' ) { if ($mode == 'edit') { ! if( isset( $HTTP_GET_VARS[POST_USERS_URL]) || isset( $HTTP_POST_VARS[POST_USERS_URL]) ) { ! $user_id = ( isset( $HTTP_POST_VARS[POST_USERS_URL]) ) ? intval( $HTTP_POST_VARS[POST_USERS_URL]) : intval( $HTTP_GET_VARS[POST_USERS_URL]); $this_userdata = mx_get_userdata($user_id); if( !$this_userdata ) --- 449,459 ---- // SHOW USER // ! else if ( !$mx_request_vars->post('submit') && $mode != 'save' ) { if ($mode == 'edit') { ! if ($mx_request_vars->is_request(POST_USERS_URL)) { ! $user_id = $mx_request_vars->request(POST_USERS_URL, MX_TYPE_INT); $this_userdata = mx_get_userdata($user_id); if( !$this_userdata ) *************** *** 465,470 **** else { ! //$this_userdata = mx_get_userdata($HTTP_POST_VARS['username'], true); ! $this_userdata = mx_get_userdata($HTTP_GET_VARS['username'], true); if( !$this_userdata ) { --- 464,468 ---- else { ! $this_userdata = mx_get_userdata($mx_request_vars->get('username', MX_TYPE_NO_TAGS), true); if( !$this_userdata ) { Index: admin_userlist.php =================================================================== RCS file: /cvsroot/mxbb/core/modules/mx_users/admin/admin_userlist.php,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** admin_userlist.php 4 Feb 2008 18:53:12 -0000 1.2 --- admin_userlist.php 9 Feb 2008 12:51:07 -0000 1.3 *************** *** 41,47 **** // Set mode // ! if( isset( $HTTP_POST_VARS['mode'] ) || isset( $HTTP_GET_VARS['mode'] ) ) { ! $mode = ( isset($HTTP_POST_VARS['mode']) ) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode']; } else --- 41,47 ---- // Set mode // ! if ($mx_request_vars->is_request('mode')) { ! $mode = $mx_request_vars->request('mode', MX_TYPE_NO_TAGS); } else *************** *** 53,57 **** // confirm // ! if( isset( $HTTP_POST_VARS['confirm'] ) || isset( $HTTP_GET_VARS['confirm'] ) ) { $confirm = true; --- 53,57 ---- // confirm // ! if ($mx_request_vars->is_request('confirm')) { $confirm = true; *************** *** 65,69 **** // cancel // ! if( isset( $HTTP_POST_VARS['cancel'] ) || isset( $HTTP_GET_VARS['cancel'] ) ) { $cancel = true; --- 65,69 ---- // cancel // ! if ($mx_request_vars->is_request('cancel')) { $cancel = true; *************** *** 78,89 **** // get starting position // ! $start = ( isset($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0; // // get show amount // ! if ( isset($HTTP_GET_VARS['show']) || isset($HTTP_POST_VARS['show']) ) { ! $show = ( isset($HTTP_POST_VARS['show']) ) ? intval($HTTP_POST_VARS['show']) : intval($HTTP_GET_VARS['show']); } else --- 78,89 ---- // get starting position // ! $start = $mx_request_vars->get('start', MX_TYPE_INT, 0); // // get show amount // ! if ($mx_request_vars->is_request('show')) { ! $show = $mx_request_vars->request('show', MX_TYPE_INT, 0); } else *************** *** 95,101 **** // sort method // ! if ( isset($HTTP_GET_VARS['sort']) || isset($HTTP_POST_VARS['sort']) ) { ! $sort = ( isset($HTTP_POST_VARS['sort']) ) ? htmlspecialchars($HTTP_POST_VARS['sort']) : htmlspecialchars($HTTP_GET_VARS['sort']); $sort = str_replace("\'", "''", $sort); } --- 95,101 ---- // sort method // ! if ($mx_request_vars->is_request('sort')) { ! $sort = $mx_request_vars->request('sort', MX_TYPE_NO_TAGS); $sort = str_replace("\'", "''", $sort); } *************** *** 108,118 **** // sort order // ! if( isset($HTTP_POST_VARS['order']) ) ! { ! $sort_order = ( $HTTP_POST_VARS['order'] == 'ASC' ) ? 'ASC' : 'DESC'; ! } ! else if( isset($HTTP_GET_VARS['order']) ) { ! $sort_order = ( $HTTP_GET_VARS['order'] == 'ASC' ) ? 'ASC' : 'DESC'; } else --- 108,114 ---- // sort order // ! if ($mx_request_vars->is_request('order')) { ! $sort_order = $mx_request_vars->request('order', MX_TYPE_NO_TAGS) == 'ASC' ? 'ASC' : 'DESC'; } else *************** *** 124,130 **** // alphanumeric stuff // ! if ( isset($HTTP_GET_VARS['alphanum']) || isset($HTTP_POST_VARS['alphanum']) ) { ! $alphanum = ( isset($HTTP_POST_VARS['alphanum']) ) ? htmlspecialchars($HTTP_POST_VARS['alphanum']) : htmlspecialchars($HTTP_GET_VARS['alphanum']); $alphanum = str_replace("\'", "''", $alphanum); switch( $dbms ) --- 120,126 ---- // alphanumeric stuff // ! if ($mx_request_vars->is_request('alphanum')) { ! $alphanum = $mx_request_vars->request('alphanum', MX_TYPE_NO_HTML); $alphanum = str_replace("\'", "''", $alphanum); switch( $dbms ) *************** *** 151,157 **** // because it is an array we will intval() it when we use it // ! if ( isset($HTTP_POST_VARS[POST_USERS_URL]) || isset($HTTP_GET_VARS[POST_USERS_URL]) ) { ! $user_ids = ( isset($HTTP_POST_VARS[POST_USERS_URL]) ) ? $HTTP_POST_VARS[POST_USERS_URL] : $HTTP_GET_VARS[POST_USERS_URL]; } else --- 147,153 ---- // because it is an array we will intval() it when we use it // ! if ($mx_request_vars->is_request(POST_USERS_URL)) { ! $user_ids = $mx_request_vars->request(POST_USERS_URL); } else *************** *** 556,560 **** { // add the users to the selected group ! $group_id = intval($HTTP_POST_VARS[POST_GROUPS_URL]); include($phpbb_root_path . 'includes/emailer.'.$phpEx); --- 552,556 ---- { // add the users to the selected group ! $group_id = $mx_request_vars->post(POST_GROUPS_URL, MX_TYPE_INT); include($phpbb_root_path . 'includes/emailer.'.$phpEx); *************** *** 943,947 **** // $template->assign_block_vars('user_row', array( ! 'ROW_NUMBER' => $i + ( $HTTP_GET_VARS['start'] + 1 ), 'ROW_CLASS' => ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'], --- 939,943 ---- // $template->assign_block_vars('user_row', array( ! 'ROW_NUMBER' => $i + ($mx_request_vars->get('start', MX_TYPE_INT) + 1 ), 'ROW_CLASS' => ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'], |
