Menu
▾
▴
[Phpbb-checkins] CVS: phpBB2/includes usercp_avatar.php,1.6,1.7 usercp_register.php,1.13,1.14
|
From: Paul S. O. <ps...@us...> - 2002-03-23 14:56:54
|
Update of /cvsroot/phpbb/phpBB2/includes
In directory usw-pr-cvs1:/tmp/cvs-serv26551/includes
Modified Files:
usercp_avatar.php usercp_register.php
Log Message:
Fix issues with quotes in profile fields and avatars
Index: usercp_avatar.php
===================================================================
RCS file: /cvsroot/phpbb/phpBB2/includes/usercp_avatar.php,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -r1.6 -r1.7
*** usercp_avatar.php 22 Mar 2002 22:22:41 -0000 1.6
--- usercp_avatar.php 23 Mar 2002 14:56:51 -0000 1.7
***************
*** 86,94 ****
}
! function user_avatar_upload($mode, $avatar_mode, $user_id, &$error, &$error_msg, $avatar_filename, $avatar_realname, $avatar_filesize, $avatar_filetype)
{
! global $board_config, $db, $lang, $images;
! $ini_val = ( phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var';
if ( $avatar_mode == 'remote' && preg_match('/^(http:\/\/)?([\w\-\.]+)\:?([0-9]*)\/(.*)$/', $avatar_filename, $url_ary) )
--- 86,94 ----
}
! function user_avatar_upload($mode, $avatar_mode, &$current_avatar, &$current_type, &$error, &$error_msg, $avatar_filename, $avatar_realname, $avatar_filesize, $avatar_filetype)
{
! global $board_config, $user_ip, $db, $lang;
! $ini_val = ( @phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var';
if ( $avatar_mode == 'remote' && preg_match('/^(http:\/\/)?([\w\-\.]+)\:?([0-9]*)\/(.*)$/', $avatar_filename, $url_ary) )
***************
*** 136,141 ****
$avatar_data = substr($avatar_data, strlen($avatar_data) - $avatar_filesize, $avatar_filesize);
! $tmp_path = ( !@$ini_val('safe_mode') ) ? '/tmp' : './' . $board_config['avatar_path'] . "/tmp";
! $tmp_filename = tempnam($tmp_path, $userdata['user_id'] . '-');
$fptr = @fopen($tmp_filename, 'wb');
--- 136,141 ----
$avatar_data = substr($avatar_data, strlen($avatar_data) - $avatar_filesize, $avatar_filesize);
! $tmp_path = ( !@$ini_val('safe_mode') ) ? '/tmp' : './' . $board_config['avatar_path'] . '/tmp';
! $tmp_filename = tempnam($tmp_path, uniqid($user_ip) . '-');
$fptr = @fopen($tmp_filename, 'wb');
***************
*** 163,169 ****
if ( $avatar_filesize <= $board_config['avatar_filesize'] && $avatar_filesize > 0 )
{
- //
- // Opera appends the image name after the type, not big, not clever!
- //
preg_match("'image\/[x\-]*([a-z]+)'", $avatar_filetype, $avatar_filetype);
$avatar_filetype = $avatar_filetype[1];
--- 163,166 ----
***************
*** 188,198 ****
if ( $width <= $board_config['avatar_max_width'] && $height <= $board_config['avatar_max_height'] )
{
! $new_filename = $user_id . $imgtype;
! if ( $mode == 'editprofile' && $userdata['user_avatar_type'] == USER_AVATAR_UPLOAD && $userdata['user_avatar'] != '')
{
! if ( file_exists('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar']) )
{
! @unlink('./' . $board_config['avatar_path'] . '/' . $userdata['user_avatar']);
}
}
--- 185,195 ----
if ( $width <= $board_config['avatar_max_width'] && $height <= $board_config['avatar_max_height'] )
{
! $new_filename = ( $current_avatar != '' && $mode != 'register' ) ? $current_avatar : uniqid($user_ip) . $imgtype;
! if ( $mode == 'editprofile' && $current_type == USER_AVATAR_UPLOAD && $current_avatar != '' )
{
! if ( file_exists('./' . $board_config['avatar_path'] . '/' . $current_avatar) )
{
! @unlink('./' . $board_config['avatar_path'] . '/' . $current_avatar);
}
}
***************
*** 207,211 ****
if ( @$ini_val('open_basedir') != '' )
{
! if ( phpversion() < '4.0.3' )
{
message_die(GENERAL_ERROR, 'open_basedir is set and your PHP version does not allow move_uploaded_file', '', __LINE__, __FILE__);
--- 204,208 ----
if ( @$ini_val('open_basedir') != '' )
{
! if ( @phpversion() < '4.0.3' )
{
message_die(GENERAL_ERROR, 'open_basedir is set and your PHP version does not allow move_uploaded_file', '', __LINE__, __FILE__);
***************
*** 224,228 ****
@chmod('./' . $board_config['avatar_path'] . "/$new_filename", 0777);
! $avatar_sql = ( $mode == 'editprofile' ) ? ", user_avatar = '$new_filename', user_avatar_type = " . USER_AVATAR_UPLOAD : "'$avatar_filename', " . USER_AVATAR_UPLOAD;
}
else
--- 221,225 ----
@chmod('./' . $board_config['avatar_path'] . "/$new_filename", 0777);
! $avatar_sql = ( $mode == 'editprofile' ) ? ", user_avatar = '$new_filename', user_avatar_type = " . USER_AVATAR_UPLOAD : "'$new_filename', " . USER_AVATAR_UPLOAD;
}
else
Index: usercp_register.php
===================================================================
RCS file: /cvsroot/phpbb/phpBB2/includes/usercp_register.php,v
retrieving revision 1.13
retrieving revision 1.14
diff -C2 -r1.13 -r1.14
*** usercp_register.php 21 Mar 2002 15:45:13 -0000 1.13
--- usercp_register.php 23 Mar 2002 14:56:51 -0000 1.14
***************
*** 148,153 ****
$user_avatar_remoteurl = ( !empty($HTTP_POST_VARS['avatarremoteurl']) ) ? trim($HTTP_POST_VARS['avatarremoteurl']) : '';
! $user_avatar_url = ( !empty($HTTP_POST_VARS['avatarurl']) ) ? trim($HTTP_POST_VARS['avatarurl']) : '';
! $user_avatar_loc = ( $HTTP_POST_FILES['avatar']['tmp_name'] != "none") ? $HTTP_POST_FILES['avatar']['tmp_name'] : '';
$user_avatar_name = ( !empty($HTTP_POST_FILES['avatar']['name']) ) ? $HTTP_POST_FILES['avatar']['name'] : '';
$user_avatar_size = ( !empty($HTTP_POST_FILES['avatar']['size']) ) ? $HTTP_POST_FILES['avatar']['size'] : 0;
--- 148,152 ----
$user_avatar_remoteurl = ( !empty($HTTP_POST_VARS['avatarremoteurl']) ) ? trim($HTTP_POST_VARS['avatarremoteurl']) : '';
! $user_avatar_upload = ( !empty($HTTP_POST_VARS['avatarurl']) ) ? trim($HTTP_POST_VARS['avatarurl']) : ( ( $HTTP_POST_FILES['avatar']['tmp_name'] != "none") ? $HTTP_POST_FILES['avatar']['tmp_name'] : '' );
$user_avatar_name = ( !empty($HTTP_POST_FILES['avatar']['name']) ) ? $HTTP_POST_FILES['avatar']['name'] : '';
$user_avatar_size = ( !empty($HTTP_POST_FILES['avatar']['size']) ) ? $HTTP_POST_FILES['avatar']['size'] : 0;
***************
*** 338,358 ****
$avatar_sql = user_avatar_delete($userdata['avatar_type'], $userdata['avatar_file']);
}
! else if ( ( $user_avatar_loc != '' || !empty($user_avatar_url) || !empty($user_avatar_name) ) && $board_config['allow_avatar_upload'] )
{
! if ( !empty($user_avatar_loc) && !empty($user_avatar_url) )
{
! $error = true;
! $error_msg .= ( ( !empty($error_msg) ) ? '<br />' : '' ) . $lang['Only_one_avatar'];
! }
!
! $id = ( $mode == 'register' ) ? $new_user_id : $userdata['user_id'];
!
! if ( !empty($user_avatar_loc) )
! {
! $avatar_sql = user_avatar_upload($mode, 'local', $id, $error, $error_msg, $user_avatar_loc, $user_avatar_name, $user_avatar_size, $user_avatar_filetype);
! }
! else if ( !empty($user_avatar_url) )
! {
! $avatar_sql = user_avatar_upload($mode, 'remote', $id, $error, $error_msg, $user_avatar_url, $user_avatar_name, $user_avatar_size, $user_avatar_filetype);
}
else if ( !empty($user_avatar_name) )
--- 337,346 ----
$avatar_sql = user_avatar_delete($userdata['avatar_type'], $userdata['avatar_file']);
}
! else if ( !empty($user_avatar_upload) && $board_config['allow_avatar_upload'] )
{
! if ( !empty($user_avatar_upload) )
{
! $avatar_mode = ( !empty($user_avatar_name) ) ? 'local' : 'remote';
! $avatar_sql = user_avatar_upload($mode, $avatar_mode, $userdata['user_avatar'], $userdata['user_avatar_type'], $error, $error_msg, $user_avatar_upload, $user_avatar_name, $user_avatar_size, $user_avatar_filetype);
}
else if ( !empty($user_avatar_name) )
***************
*** 612,623 ****
$icq = stripslashes($icq);
! $aim = str_replace('+', ' ', stripslashes($aim));
! $msn = stripslashes($msn);
! $yim = stripslashes($yim);
!
! $website = stripslashes($website);
! $location = stripslashes($location);
! $occupation = stripslashes($occupation);
! $interests = stripslashes($interests);
$signature = stripslashes($signature);
--- 600,611 ----
$icq = stripslashes($icq);
! $aim = htmlspecialchars(str_replace('+', ' ', stripslashes($aim)));
! $msn = htmlspecialchars(stripslashes($msn));
! $yim = htmlspecialchars(stripslashes($yim));
!
! $website = htmlspecialchars(stripslashes($website));
! $location = htmlspecialchars(stripslashes($location));
! $occupation = htmlspecialchars(stripslashes($occupation));
! $interests = htmlspecialchars(stripslashes($interests));
$signature = stripslashes($signature);
***************
*** 629,648 ****
{
$user_id = $userdata['user_id'];
! $username = $userdata['username'];
$email = $userdata['user_email'];
! $password = "";
! $password_confirm = "";
$icq = $userdata['user_icq'];
! $aim = str_replace('+', ' ', $userdata['user_aim']);
! $msn = $userdata['user_msnm'];
! $yim = $userdata['user_yim'];
!
! $website = $userdata['user_website'];
! $location = $userdata['user_from'];
! $occupation = $userdata['user_occ'];
! $interests = $userdata['user_interests'];
$signature_bbcode_uid = $userdata['user_sig_bbcode_uid'];
! $signature = ( $signature_bbcode_uid != "" ) ? preg_replace("/\:(([a-z0-9]:)?)$signature_bbcode_uid/si", '', $userdata['user_sig']) : $userdata['user_sig'];
$viewemail = $userdata['user_viewemail'];
--- 617,636 ----
{
$user_id = $userdata['user_id'];
! $username = htmlspecialchars($userdata['username']);
$email = $userdata['user_email'];
! $password = '';
! $password_confirm = '';
$icq = $userdata['user_icq'];
! $aim = htmlspecialchars(str_replace('+', ' ', $userdata['user_aim']));
! $msn = htmlspecialchars($userdata['user_msnm']);
! $yim = htmlspecialchars($userdata['user_yim']);
!
! $website = htmlspecialchars($userdata['user_website']);
! $location = htmlspecialchars($userdata['user_from']);
! $occupation = htmlspecialchars($userdata['user_occ']);
! $interests = htmlspecialchars($userdata['user_interests']);
$signature_bbcode_uid = $userdata['user_sig_bbcode_uid'];
! $signature = ( $signature_bbcode_uid != '' ) ? preg_replace("/\:(([a-z0-9]:)?)$signature_bbcode_uid/si", '', $userdata['user_sig']) : $userdata['user_sig'];
$viewemail = $userdata['user_viewemail'];
|
