Thread: [Phpbb-php5mod-cvs-checkins] phpbb-php5/includes bbcode.php, 1.7, 1.8 functions.php, 1.7, 1.8 userc
Brought to you by:
jelly_doughnut
Menu
▾
▴
phpbb-php5mod-cvs-checkins
|
From: Josh <jel...@us...> - 2006-12-23 23:21:51
|
Update of /cvsroot/phpbb-php5mod/phpbb-php5/includes In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv21123/includes Modified Files: bbcode.php functions.php usercp_email.php usercp_register.php Log Message: 2.0.22.5 Index: functions.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/includes/functions.php,v retrieving revision 1.7 retrieving revision 1.8 diff -C2 -d -r1.7 -r1.8 *** functions.php 8 Jun 2006 19:24:57 -0000 1.7 --- functions.php 23 Dec 2006 23:21:49 -0000 1.8 *************** *** 866,870 **** } ! if (strstr(urldecode($url), "\n") || strstr(urldecode($url), "\r")) { message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.'); --- 866,870 ---- } ! if (strstr(urldecode($url), "\n") || strstr(urldecode($url), "\r") || strstr(urldecode($url), ';url')) { message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.'); Index: usercp_register.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/includes/usercp_register.php,v retrieving revision 1.10 retrieving revision 1.11 diff -C2 -d -r1.10 -r1.11 *** usercp_register.php 8 Jun 2006 19:24:57 -0000 1.10 --- usercp_register.php 23 Dec 2006 23:21:49 -0000 1.11 *************** *** 143,146 **** --- 143,147 ---- $notifypm = ( isset($_POST['notifypm']) ) ? ( ($_POST['notifypm']) ? TRUE : 0 ) : TRUE; $popup_pm = ( isset($_POST['popup_pm']) ) ? ( ($_POST['popup_pm']) ? TRUE : 0 ) : TRUE; + $sid = (isset($_POST['sid'])) ? $_POST['sid'] : 0; if ( $mode == 'register' ) *************** *** 250,253 **** --- 251,261 ---- if ( isset($_POST['submit']) ) { + // session id check + if ($sid == '' || $sid != $userdata['session_id']) + { + $error = true; + $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Session_invalid']; + } + include($phpbb_root_path . 'includes/usercp_avatar.'.$phpEx); *************** *** 290,294 **** if (!($result = $db->sql_query($sql))) { ! message_die(GENERAL_ERROR, 'Could not obtain confirmation code', __LINE__, __FILE__, $sql); } --- 298,302 ---- if (!($result = $db->sql_query($sql))) { ! message_die(GENERAL_ERROR, 'Could not obtain confirmation code', '', __LINE__, __FILE__, $sql); } *************** *** 307,311 **** if (!$db->sql_query($sql)) { ! message_die(GENERAL_ERROR, 'Could not delete confirmation code', __LINE__, __FILE__, $sql); } } --- 315,319 ---- if (!$db->sql_query($sql)) { ! message_die(GENERAL_ERROR, 'Could not delete confirmation code', '', __LINE__, __FILE__, $sql); } } *************** *** 889,892 **** --- 897,901 ---- $s_hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" /><input type="hidden" name="agreed" value="true" /><input type="hidden" name="coppa" value="' . $coppa . '" />'; + $s_hidden_fields .= '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" />'; if( $mode == 'editprofile' ) { Index: usercp_email.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/includes/usercp_email.php,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** usercp_email.php 30 Jul 2004 02:12:38 -0000 1.2 --- usercp_email.php 23 Dec 2006 23:21:49 -0000 1.3 *************** *** 53,133 **** if ( $result = $db->sql_query($sql) ) { ! $row = $db->sql_fetchrow($result); ! ! $username = $row['username']; ! $user_email = $row['user_email']; ! $user_lang = $row['user_lang']; ! ! if ( $row['user_viewemail'] || $userdata['user_level'] == ADMIN ) { ! if ( time() - $userdata['user_emailtime'] < $board_config['flood_interval'] ) ! { ! message_die(GENERAL_MESSAGE, $lang['Flood_email_limit']); ! } ! if ( isset($_POST['submit']) ) { ! $error = FALSE; ! ! if ( !empty($_POST['subject']) ) ! { ! $subject = trim(stripslashes($_POST['subject'])); ! } ! else { ! $error = TRUE; ! $error_msg = ( !empty($error_msg) ) ? $error_msg . '<br />' . $lang['Empty_subject_email'] : $lang['Empty_subject_email']; } ! if ( !empty($_POST['message']) ) ! { ! $message = trim(stripslashes($_POST['message'])); ! } ! else { ! $error = TRUE; ! $error_msg = ( !empty($error_msg) ) ? $error_msg . '<br />' . $lang['Empty_message_email'] : $lang['Empty_message_email']; ! } ! if ( !$error ) ! { ! $sql = "UPDATE " . USERS_TABLE . " ! SET user_emailtime = " . time() . " ! WHERE user_id = " . $userdata['user_id']; ! if ( $result = $db->sql_query($sql) ) { ! include($phpbb_root_path . 'includes/emailer.'.$phpEx); ! $emailer = new emailer($board_config['smtp_delivery']); ! ! $emailer->from($userdata['user_email']); ! $emailer->replyto($userdata['user_email']); ! ! $email_headers = 'X-AntiAbuse: Board servername - ' . $server_name . "\n"; ! $email_headers .= 'X-AntiAbuse: User_id - ' . $userdata['user_id'] . "\n"; ! $email_headers .= 'X-AntiAbuse: Username - ' . $userdata['username'] . "\n"; ! $email_headers .= 'X-AntiAbuse: User IP - ' . decode_ip($user_ip) . "\n"; ! ! $emailer->use_template('profile_send_email', $user_lang); ! $emailer->email_address($user_email); ! $emailer->set_subject($subject); ! $emailer->extra_headers($email_headers); ! $emailer->assign_vars(array( ! 'SITENAME' => $board_config['sitename'], ! 'BOARD_EMAIL' => $board_config['board_email'], ! 'FROM_USERNAME' => $userdata['username'], ! 'TO_USERNAME' => $username, ! 'MESSAGE' => $message) ! ); ! $emailer->send(); ! $emailer->reset(); ! if ( !empty($_POST['cc_email']) ) { $emailer->from($userdata['user_email']); $emailer->replyto($userdata['user_email']); ! $emailer->use_template('profile_send_email'); ! $emailer->email_address($userdata['user_email']); $emailer->set_subject($subject); $emailer->assign_vars(array( --- 53,115 ---- if ( $result = $db->sql_query($sql) ) { ! if ( $row = $db->sql_fetchrow($result) ) { ! $username = $row['username']; ! $user_email = $row['user_email']; ! $user_lang = $row['user_lang']; ! if ( $row['user_viewemail'] || $userdata['user_level'] == ADMIN ) { ! if ( time() - $userdata['user_emailtime'] < $board_config['flood_interval'] ) { ! message_die(GENERAL_MESSAGE, $lang['Flood_email_limit']); } ! if ( isset($_POST['submit']) ) { ! $error = FALSE; ! if ( !empty($_POST['subject']) ) { ! $subject = trim(stripslashes($_POST['subject'])); ! } ! else ! { ! $error = TRUE; ! $error_msg = ( !empty($error_msg) ) ? $error_msg . '<br />' . $lang['Empty_subject_email'] : $lang['Empty_subject_email']; ! } ! if ( !empty($_POST['message']) ) ! { ! $message = trim(stripslashes($_POST['message'])); ! } ! else ! { ! $error = TRUE; ! $error_msg = ( !empty($error_msg) ) ? $error_msg . '<br />' . $lang['Empty_message_email'] : $lang['Empty_message_email']; ! } ! if ( !$error ) ! { ! $sql = "UPDATE " . USERS_TABLE . " ! SET user_emailtime = " . time() . " ! WHERE user_id = " . $userdata['user_id']; ! if ( $result = $db->sql_query($sql) ) { + include($phpbb_root_path . 'includes/emailer.'.$phpEx); + $emailer = new emailer($board_config['smtp_delivery']); + $emailer->from($userdata['user_email']); $emailer->replyto($userdata['user_email']); ! ! $email_headers = 'X-AntiAbuse: Board servername - ' . $server_name . "\n"; ! $email_headers .= 'X-AntiAbuse: User_id - ' . $userdata['user_id'] . "\n"; ! $email_headers .= 'X-AntiAbuse: Username - ' . $userdata['username'] . "\n"; ! $email_headers .= 'X-AntiAbuse: User IP - ' . decode_ip($user_ip) . "\n"; ! ! $emailer->use_template('profile_send_email', $user_lang); ! $emailer->email_address($user_email); $emailer->set_subject($subject); + $emailer->extra_headers($email_headers); $emailer->assign_vars(array( *************** *** 140,209 **** $emailer->send(); $emailer->reset(); - } ! $template->assign_vars(array( ! 'META' => '<meta http-equiv="refresh" content="5;url=' . append_sid("index.$phpEx") . '">') ! ); ! $message = $lang['Email_sent'] . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>'); ! message_die(GENERAL_MESSAGE, $message); ! } ! else ! { ! message_die(GENERAL_ERROR, 'Could not update last email time', '', __LINE__, __FILE__, $sql); } } - } - - include($phpbb_root_path . 'includes/page_header.'.$phpEx); ! $template->set_filenames(array( ! 'body' => 'profile_send_email.tpl') ! ); ! make_jumpbox('viewforum.'.$phpEx); - if ( $error ) - { $template->set_filenames(array( ! 'reg_header' => 'error_body.tpl') ! ); ! $template->assign_vars(array( ! 'ERROR_MESSAGE' => $error_msg) ); ! $template->assign_var_from_handle('ERROR_BOX', 'reg_header'); ! } ! $template->assign_vars(array( ! 'USERNAME' => $username, ! 'S_HIDDEN_FIELDS' => '', ! 'S_POST_ACTION' => append_sid("profile.$phpEx?mode=email&" . POST_USERS_URL . "=$user_id"), ! 'L_SEND_EMAIL_MSG' => $lang['Send_email_msg'], ! 'L_RECIPIENT' => $lang['Recipient'], ! 'L_SUBJECT' => $lang['Subject'], ! 'L_MESSAGE_BODY' => $lang['Message_body'], ! 'L_MESSAGE_BODY_DESC' => $lang['Email_message_desc'], ! 'L_EMPTY_SUBJECT_EMAIL' => $lang['Empty_subject_email'], ! 'L_EMPTY_MESSAGE_EMAIL' => $lang['Empty_message_email'], ! 'L_OPTIONS' => $lang['Options'], ! 'L_CC_EMAIL' => $lang['CC_email'], ! 'L_SPELLCHECK' => $lang['Spellcheck'], ! 'L_SEND_EMAIL' => $lang['Send_email']) ! ); ! $template->pparse('body'); ! include($phpbb_root_path . 'includes/page_tail.'.$phpEx); } else { ! message_die(GENERAL_MESSAGE, $lang['User_prevent_email']); } } else { ! message_die(GENERAL_MESSAGE, $lang['User_not_exist']); } --- 122,214 ---- $emailer->send(); $emailer->reset(); ! if ( !empty($_POST['cc_email']) ) ! { ! $emailer->from($userdata['user_email']); ! $emailer->replyto($userdata['user_email']); ! $emailer->use_template('profile_send_email'); ! $emailer->email_address($userdata['user_email']); ! $emailer->set_subject($subject); ! $emailer->assign_vars(array( ! 'SITENAME' => $board_config['sitename'], ! 'BOARD_EMAIL' => $board_config['board_email'], ! 'FROM_USERNAME' => $userdata['username'], ! 'TO_USERNAME' => $username, ! 'MESSAGE' => $message) ! ); ! $emailer->send(); ! $emailer->reset(); ! } ! $template->assign_vars(array( ! 'META' => '<meta http-equiv="refresh" content="5;url=' . append_sid("index.$phpEx") . '">') ! ); ! ! $message = $lang['Email_sent'] . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>'); ! ! message_die(GENERAL_MESSAGE, $message); ! } ! else ! { ! message_die(GENERAL_ERROR, 'Could not update last email time', '', __LINE__, __FILE__, $sql); ! } } } ! include($phpbb_root_path . 'includes/page_header.'.$phpEx); $template->set_filenames(array( ! 'body' => 'profile_send_email.tpl') ); ! make_jumpbox('viewforum.'.$phpEx); ! if ( $error ) ! { ! $template->set_filenames(array( ! 'reg_header' => 'error_body.tpl') ! ); ! $template->assign_vars(array( ! 'ERROR_MESSAGE' => $error_msg) ! ); ! $template->assign_var_from_handle('ERROR_BOX', 'reg_header'); ! } ! $template->assign_vars(array( ! 'USERNAME' => $username, ! 'S_HIDDEN_FIELDS' => '', ! 'S_POST_ACTION' => append_sid("profile.$phpEx?mode=email&" . POST_USERS_URL . "=$user_id"), ! 'L_SEND_EMAIL_MSG' => $lang['Send_email_msg'], ! 'L_RECIPIENT' => $lang['Recipient'], ! 'L_SUBJECT' => $lang['Subject'], ! 'L_MESSAGE_BODY' => $lang['Message_body'], ! 'L_MESSAGE_BODY_DESC' => $lang['Email_message_desc'], ! 'L_EMPTY_SUBJECT_EMAIL' => $lang['Empty_subject_email'], ! 'L_EMPTY_MESSAGE_EMAIL' => $lang['Empty_message_email'], ! 'L_OPTIONS' => $lang['Options'], ! 'L_CC_EMAIL' => $lang['CC_email'], ! 'L_SPELLCHECK' => $lang['Spellcheck'], ! 'L_SEND_EMAIL' => $lang['Send_email']) ! ); ! $template->pparse('body'); ! ! include($phpbb_root_path . 'includes/page_tail.'.$phpEx); ! } ! else ! { ! message_die(GENERAL_MESSAGE, $lang['User_prevent_email']); ! } } else { ! message_die(GENERAL_MESSAGE, $lang['User_not_exist']); } } else { ! message_die(GENERAL_ERROR, 'Could not select user data', '', __LINE__, __FILE__, $sql); } Index: bbcode.php =================================================================== RCS file: /cvsroot/phpbb-php5mod/phpbb-php5/includes/bbcode.php,v retrieving revision 1.7 retrieving revision 1.8 diff -C2 -d -r1.7 -r1.8 *** bbcode.php 8 Jun 2006 19:24:57 -0000 1.7 --- bbcode.php 23 Dec 2006 23:21:49 -0000 1.8 *************** *** 206,209 **** --- 206,210 ---- // [url]www.phpbb.com[/url] code.. (no xxxx:// prefix). $patterns[] = "#\[url\]((www|ftp)\.([\w\#$%&~/.\-;:=,?@\]+]+|\[(?!url=))*?)\[/url\]#is"; + $replacements[] = $bbcode_tpl['url2']; // [url=xxxx://www.phpbb.com]phpBB[/url] code.. |
Thanks for helping keep SourceForge clean.
X