rev.74

db_update.php

@@ -9,7 +9,7 @@
 // The FluxBB version this script updates to
 define('UPDATE_TO', '1.5.9');
 
-define('UPDATE_TO_VER_REVISION', 73);	// номер сборки - Visman
+define('UPDATE_TO_VER_REVISION', 74);	// номер сборки - Visman
 
 define('UPDATE_TO_DB_REVISION', 21);
 define('UPDATE_TO_SI_REVISION', 2.1);
@@ -752,12 +752,7 @@ if (!array_key_exists('o_cur_ver_revision', $pun_config) || $pun_config['o_cur_v
 						'datatype'		=> 'INT(10) UNSIGNED',
 						'allow_null'	=> false,
 						'default'		=> '0'
-					),
-					'bl_user'		=> array(
-						'datatype'		=> 'VARCHAR(200)',
-						'allow_null'	=> false,
-						'default'		=> '\'\''
-					),
+					)
 				),
 				'INDEXES'		=> array(
 					'bl_id_idx'	=> array('bl_id'),
@@ -812,11 +807,6 @@ if (!array_key_exists('o_cur_ver_revision', $pun_config) || $pun_config['o_cur_v
 						'datatype'		=> 'VARCHAR(200)',
 						'allow_null'	=> true
 					),
-					'post_seen'		=> array(
-						'datatype'		=> 'TINYINT(1)',
-						'allow_null'	=> false,
-						'default'		=> '0'
-					),
 					'post_new'		=> array(
 						'datatype'		=> 'TINYINT(1)',
 						'allow_null'	=> false,
@@ -1238,6 +1228,11 @@ if (!array_key_exists('o_cur_ver_revision', $pun_config) || $pun_config['o_cur_v
 	@unlink(PUN_ROOT.'js/minmax.js');
 	@unlink(PUN_ROOT.'install.php');
 } // rev.72
+if (!array_key_exists('o_cur_ver_revision', $pun_config) || $pun_config['o_cur_ver_revision'] < 74)
+{
+		$db->drop_field('pms_new_block', 'bl_user') or error('Unable to drop bl_user field', __FILE__, __LINE__, $db->error());
+		$db->drop_field('pms_new_posts', 'post_seen') or error('Unable to drop post_seen field', __FILE__, __LINE__, $db->error());
+} // rev.74
 // Visman
 
 		// If we don't need to update the database, skip this stage

include/bbcode.inc.php

@@ -48,7 +48,7 @@ if (!$pun_user['is_guest'] && !empty($pun_user['g_up_ext']))
 		$bbflagup = 1;
 }
 
-//$page_js['j'] = 1;
+$page_js['j'] = 1; // for resize textarea :(
 $page_js['f']['bbcode'] = 'js/post.js';
 $page_js['c'][] = 'if (typeof FluxBB === \'undefined\' || !FluxBB) {var FluxBB = {};}
 FluxBB.vars = {

include/bots.inc.php

@@ -8,25 +8,26 @@
 if (!defined('PUN')) exit;
 
 
-function ua_isbot($ua)
+function ua_isbot($ua, $ual)
 {
-	if ('' == pun_trim($ua)) return false;
+	if (!trim($ua))
+		return false;
 
-	$ual = strtolower($ua);
-	if (strstr($ual, 'bot') || strstr($ual, 'spider') || strstr($ual, 'crawler'))
+	if (strpos($ual, 'bot') !== false || strpos($ual, 'spider') !== false ||
+			strpos($ual, 'crawler') !== false || strpos($ual, 'http') !== false)
 		return true;
 
-	if (strstr($ua, 'Mozilla/'))
+	if (strpos($ua, 'Mozilla/') !== false)
 	{
-		if (strstr($ua, 'Gecko'))
+		if (strpos($ua, 'Gecko') !== false)
 			return false;
 
-		if (strstr($ua, '(compatible; MSIE ') && strstr($ua, 'Windows'))
+		if (strpos($ua, '(compatible; MSIE ') !== false && strpos($ua, 'Windows') !== false)
 			return false;
 	}
-	else if (strstr($ua, 'Opera/'))
+	else if (strpos($ua, 'Opera/') !== false)
 	{
-		if (strstr($ua, 'Presto/'))
+		if (strpos($ua, 'Presto/') !== false)
 			return false;
 	}
 
@@ -36,43 +37,88 @@ function ua_isbot($ua)
 
 function ua_isbotex($ra)
 {
-
 	$ua = getenv('HTTP_USER_AGENT');
+	$ual = strtolower($ua);
+
+	if (!ua_isbot($ua, $ual))
+		return $ra;
+
+	if (strpos($ual, 'mozilla') !== false)
+		$ua = preg_replace('%Mozilla.*?compatible%i', ' ', $ua);
+
+	if(strpos($ual, 'http') !== false || strpos($ual, 'www.') !== false)
+		$ua = preg_replace('%(?:https?://|www\.)[^\)]*(\)[^/]+$)?%i', ' ', $ua);
+
+	if (strpos($ua, '@') !== false)
+		$ua = preg_replace('%\b[\w\.-]+@[^\)]+%i', ' ', $ua);
+
+	if (strpos($ual, 'bot') !== false || strpos($ual, 'spider') !== false ||
+			strpos($ual, 'crawler') !== false || strpos($ual, 'engine') !== false)
+	{
+		$f = true;
+		$p = '%(?<=[^a-z\d\.-])(?:robot|bot|spider|crawler)\b.*%i';
+	}
+	else
+	{
+		$f = false;
+		$p = '%^$%';
+	}
 
-	if (!ua_isbot($ua)) return $ra;
-
-	$pat = array(
-		'%(https?://|www\.).*%i',
-		'%.*compatible[^\s]*%i',
-		'%[\w\.-]+@[\w\.-]+.*%',
-		'%.*?([^\s]+(bot|spider|crawler)[^\s]*).*%i',
-		'%(?<=[\s_-])(bot|spider|crawler).*%i',
-		'%(Mozilla|Gecko|Firefox|AppleWebKit)[^\s]*%i',
-//		'%(MSIE|Windows|\.NET|Linux)[^;]+%i',
-//		'%[^\s]*\.(com|html)[^\s]*%i',
-		'%\/[v\d]+.*%',
-		'%[^0-9a-z\.]+%i'
-	);
-	$rep = array(
-		' ',
-		' ',
-		' ',
-		'$1',
-		' ',
-		' ',
-//		' ',
-//		' ',
-		' ',
-		' '
-	);
-	$ua = pun_trim(preg_replace($pat, $rep, $ua));
-
-	if (empty($ua)) return $ra.'[Bot]Unknown';
+//	if ($f && preg_match('%\b([a-z\d\.! _-]+(?:robot|(?<!ro)bot|spider|crawler|engine)[a-z\d\.! _-]*)%i', $ua, $matches))
+	if ($f && preg_match('%\b(([a-z\d\.! _-]+)?(?:robot|(?<!ro)bot|spider|crawler|engine)(?(2)[a-z\d\.! _-]*|[a-z\d\.! _-]+))%i', $ua, $matches))
+	{
+		$ua = $matches[1];
+
+		$pat = array(
+			$p,
+			'%[^a-z\d\.!-]+%i',
+			'%(?<=^|\s|-)v?\d+\.\d[^\s]*\s*%i',
+			'%(?<=^|\s)\S{1,2}(?:\s|$)%',
+		);
+		$rep = array(
+			'',
+			' ',
+			'',
+			'',
+		);
+	}
+	else
+	{
+		$pat = array(
+			'%\((?:KHTML|Linux|Mac|Windows|X11)[^\)]*\)?%i',
+			$p,
+			'%\b(?:AppleWebKit|Chrom|compatible|Firefox|Gecko|Mobile(?=[/ ])|Moz|Opera|OPR|Presto|Safari|Version)[^\s]*%i',
+			'%\b(?:InfoP|Intel|Linux|Mac|MRA|MRS|MSIE|SV|Trident|Win|WOW|X11)[^;\)]*%i',
+			'%\.NET[^;\)]*%i',
+			'%/.*%',
+			'%[^a-z\d\.!-]+%i',
+			'%(?<=^|\s|-)v?\d+\.\d[^\s]*\s*%i',
+			'%(?<=^|\s)\S{1,2}(?:\s|$)%',
+		);
+		$rep = array(
+			' ',
+			'',
+			'',
+			'',
+			'',
+			'',
+			' ',
+			'',
+			'',
+		);
+	}
+	$ua = trim(preg_replace($pat, $rep, $ua), ' -');
+
+	if (empty($ua))
+		return $ra.'[Bot]Unknown';
 
 	$a = explode(' ', $ua);
+
 	$ua = $a[0];
-	if (strlen($ua) < 20 && !empty($a[1])) $ua.= ' '.$a[1];
-	if (strlen($ua) > 25) $ua = 'Unknown';
+	if (strlen($ua) < 20 && !empty($a[1]) && strlen($ua.' '.$a[1]) < 26)
+		$ua.= ' '.$a[1];
+	else if (strlen($ua) > 25)
+		$ua = 'Unknown';
 
 	return $ra.'[Bot]'.$ua;
 }

include/common.php

@@ -12,7 +12,7 @@ if (!defined('PUN_ROOT'))
 // Define the version and database revision that this code was written for
 define('FORUM_VERSION', '1.5.9');
 
-define('FORUM_VER_REVISION', 73);	// номер сборки - Visman
+define('FORUM_VER_REVISION', 74);	// номер сборки - Visman
 
 $page_js = array();
 

include/email.php

@@ -65,19 +65,19 @@ function encode_mail_text($str)
 function bbcode2email($text, $wrap_length = 72, $language = null)
 {
 	static $base_url;
-	static $wtotes = array();
+	static $wrotes = array();
 
 	$wrote = 'wrote:';
 
 	if (isset($language))
 	{
-		if (isset($wtotes[$language]))
-			$wrote = $wtotes[$language];
+		if (isset($wrotes[$language]))
+			$wrote = $wrotes[$language];
 
 		else if (file_exists(PUN_ROOT.'lang/'.$language.'/common.php'))
 		{
 			require PUN_ROOT.'lang/'.$language.'/common.php';
-			$wrote = $wtotes[$language] = $lang_common['wrote'];
+			$wrote = $wrotes[$language] = $lang_common['wrote'];
 		}
 	}
 

include/functions.php

@@ -1194,7 +1194,7 @@ function csrf_hash($script = false, $use_ip = true, $user = false)
 	$key = $script.$ip.$user['id'];
 
 	if (!isset($arr[$key]))
-		$arr[$key] = pun_hash($script.$user['id'].pun_hash($ip.$user['password'].$pun_config['o_crypto_pas']));
+		$arr[$key] = pun_hash(PUN_ROOT.$script.$user['id'].pun_hash($ip.$user['password'].$pun_config['o_crypto_pas']));
 
 	return $arr[$key];
 }

include/pms_new/common_pmsn.php

@@ -1,7 +1,7 @@
 <?php
 
 /**
- * Copyright (C) 2010-2013 Visman (mio.visman@yandex.ru)
+ * Copyright (C) 2010-2015 Visman (mio.visman@yandex.ru)
  * License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
  */
 
@@ -15,7 +15,7 @@ else
 
 function generate_pmsn_menu($page = '')
 {
-	global $pun_config, $pun_user, $lang_pmsn, $lang_common, $pmsn_kol_list, $pmsn_kol_new, $pmsn_kol_save;
+	global $pun_user, $lang_pmsn, $pmsn_kol_list, $pmsn_kol_new, $pmsn_kol_save;
 	global $sidamp, $sidvop;
 
 ?>
@@ -49,14 +49,14 @@ function generate_pmsn_menu($page = '')
 			</div>
 		</div>
 <?php
-    }
+		}
 ?>
 		<h2 class="block2"><span><?php echo $lang_pmsn['Options'] ?></span></h2>
 		<div class="box">
 			<div class="inbox">
 				<ul>
-					<li><a href="pmsnew.php?action=onoff"><?php echo $lang_pmsn['Off'] ?></a></li>
-					<li><a href="pmsnew.php?action=email"><?php echo (($pun_user['messages_email'] == 1) ? $lang_pmsn['Email on'] : $lang_pmsn['Email off']) ?></a></li>
+					<li><a href="pmsnew.php?action=onoff&amp;csrf_token=<?php echo pmsn_csrf_token('onoff') ?>"><?php echo $lang_pmsn['Off'] ?></a></li>
+					<li><a href="pmsnew.php?action=email&amp;csrf_token=<?php echo pmsn_csrf_token('email') ?>"><?php echo (($pun_user['messages_email'] == 1) ? $lang_pmsn['Email on'] : $lang_pmsn['Email off']) ?></a></li>
 					<li<?php if ($page == 'blocked') echo ' class="isactive"'; ?>><a href="pmsnew.php?mdl=blocked"><?php echo $lang_pmsn['blocked'] ?></a></li>
 				</ul>
 			</div>
@@ -72,7 +72,7 @@ function generate_pmsn_menu($page = '')
 		<div class="box">
 			<div class="inbox">
 				<ul>
-					<li><a href="pmsnew.php?action=onoff"><?php echo $lang_pmsn['On'] ?></a></li>
+					<li><a href="pmsnew.php?action=onoff&amp;csrf_token=<?php echo pmsn_csrf_token('onoff') ?>"><?php echo $lang_pmsn['On'] ?></a></li>
 				</ul>
 			</div>
 		</div>
@@ -110,9 +110,9 @@ function pmsn_user_delete($user, $mflag, $topics = array())
 	$tf_st = $tf_to = $tm_st = $tm_to = array();
 
 	if (empty($topics))
-		$result = $db->query('SELECT id, starter_id, to_id, see_to, topic_st, topic_to  FROM '.$db->prefix.'pms_new_topics WHERE starter_id='.$user.' OR to_id='.$user) or error('Unable to fetch pms topics IDs', __FILE__, __LINE__, $db->error());
+		$result = $db->query('SELECT id, starter_id, to_id, see_to, topic_st, topic_to FROM '.$db->prefix.'pms_new_topics WHERE starter_id='.$user.' OR to_id='.$user) or error('Unable to fetch pms topics IDs', __FILE__, __LINE__, $db->error());
 	else
-		$result = $db->query('SELECT id, starter_id, to_id, see_to, topic_st, topic_to  FROM '.$db->prefix.'pms_new_topics WHERE id IN ('.implode(',', $topics).')') or error('Unable to fetch pms topics IDs', __FILE__, __LINE__, $db->error());
+		$result = $db->query('SELECT id, starter_id, to_id, see_to, topic_st, topic_to FROM '.$db->prefix.'pms_new_topics WHERE id IN ('.implode(',', $topics).')') or error('Unable to fetch pms topics IDs', __FILE__, __LINE__, $db->error());
 
 	while ($cur_topic = $db->fetch_assoc($result))
 	{
@@ -165,4 +165,25 @@ function pmsn_user_delete($user, $mflag, $topics = array())
 	// обновляем юзеров
 	foreach ($user_up as $i => $s)
 		pmsn_user_update($user_up[$i]);
-}
+}
+
+function pmsn_get_var($name, $default = NULL)
+{
+	if (isset($_POST[$name]))
+		return $_POST[$name];
+	else if (isset($_GET[$name]))
+		return $_GET[$name];
+	else
+		return $default;
+}
+
+function pmsn_csrf_token($key)
+{
+	global $pun_config, $pun_user;
+	static $arr = array();
+
+	if (!isset($arr[$key]))
+		$arr[$key] = pun_hash(PUN_ROOT.$pun_user['id'].$pun_user['password'].pun_hash($pun_config['o_crypto_pas'].$key.get_remote_address()));
+
+	return $arr[$key];
+}

include/pms_new/mdl/blocked.php

@@ -1,7 +1,7 @@
 <?php
 
 /**
- * Copyright (C) 2010-2013 Visman (mio.visman@yandex.ru)
+ * Copyright (C) 2010-2015 Visman (mio.visman@yandex.ru)
  * Copyright (C) 2008-2010 FluxBB
  * based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
  * License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
@@ -31,13 +31,14 @@ require PUN_ROOT.'header.php';
 generate_pmsn_menu($pmsn_modul);
 
 // Determine the topic offset (based on $_GET['p'])
-$num_pages = ceil($pmsn_kol_save / $pun_user['disp_topics']);
+$result = $db->query('SELECT COUNT(bl_user_id) FROM '.$db->prefix.'pms_new_block WHERE bl_id='.$pun_user['id']) or error('Unable to fetch pms_new_block', __FILE__, __LINE__, $db->error());
+$num_pages = ceil($db->result($result) / $pun_user['disp_topics']);
 
 $p = (!isset($_GET['p']) || $_GET['p'] <= 1 || $_GET['p'] > $num_pages) ? 1 : intval($_GET['p']);
 $start_from = $pun_user['disp_topics'] * ($p - 1);
 
 // Generate paging links
-$paging_links = '<span class="pages-label">'.$lang_common['Pages'].' </span>'.paginate($num_pages, $p, 'pmsnew.php?mdl=save');
+$paging_links = '<span class="pages-label">'.$lang_common['Pages'].' </span>'.paginate($num_pages, $p, 'pmsnew.php?mdl=blocked');
 
 $pmsn_f_savedel = '<input type="submit" name="delete" value="'.$lang_pmsn['Delete'].'" />';
 
@@ -82,7 +83,7 @@ function ChekUncheck()
 					<tbody>
 <?php
 
-$result = $db->query('SELECT b.bl_user_id, b.bl_user as username, u.id, u.title, u.registered, u.num_posts, g.g_id, g.g_user_title FROM '.$db->prefix.'pms_new_block AS b LEFT JOIN '.$db->prefix.'users AS u ON b.bl_user_id=u.id LEFT JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id WHERE bl_id='.$pun_user['id'].' ORDER BY b.bl_user LIMIT '.$start_from.','.$pun_user['disp_topics']) or error('Unable to fetch pms_new_block and users', __FILE__, __LINE__, $db->error());
+$result = $db->query('SELECT b.bl_user_id, u.username, u.id, u.title, u.registered, u.num_posts, g.g_id, g.g_user_title FROM '.$db->prefix.'pms_new_block AS b LEFT JOIN '.$db->prefix.'users AS u ON b.bl_user_id=u.id LEFT JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id WHERE b.bl_id='.$pun_user['id'].' ORDER BY u.username LIMIT '.$start_from.','.$pun_user['disp_topics']) or error('Unable to fetch pms_new_block and users', __FILE__, __LINE__, $db->error());
 
 if ($db->num_rows($result))
 {

include/pms_new/mdl/blockedq.php

@@ -1,7 +1,7 @@
 <?php
 
 /**
- * Copyright (C) 2010-2013 Visman (mio.visman@yandex.ru)
+ * Copyright (C) 2010-2015 Visman (mio.visman@yandex.ru)
  * Copyright (C) 2008-2010 FluxBB
  * based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
  * License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher

include/pms_new/mdl/blocking.php

@@ -1,7 +1,7 @@
 <?php
 
 /**
- * Copyright (C) 2010-2013 Visman (mio.visman@yandex.ru)
+ * Copyright (C) 2010-2015 Visman (mio.visman@yandex.ru)
  * Copyright (C) 2008-2010 FluxBB
  * based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
  * License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
@@ -12,12 +12,12 @@ if (!defined('PUN') || !defined('PUN_PMS_NEW'))
 
 define('PUN_PMS_LOADED', 1);
 
-$uid = isset($_REQUEST['uid']) ? intval($_REQUEST['uid']) : 0;
+$uid = intval(pmsn_get_var('uid', 0));
 if ($uid < 2)
 	message($lang_common['Bad request'], false, '404 Not Found');
 
-$csrf_token = pun_hash($pun_user['id'].pun_hash($pun_config['o_crypto_pas'].$uid).PUN_ROOT);
-if (!isset($_REQUEST['csrf_token']) || $_REQUEST['csrf_token'] != $csrf_token)
+$csrf_token = pmsn_csrf_token($uid);
+if (!pun_hash_equals($csrf_token, pmsn_get_var('csrf_token', '')))
 	message($lang_common['Bad request'], false, '404 Not Found');
 
 $result = $db->query('SELECT id, group_id, username FROM '.$db->prefix.'users WHERE id='.$uid) or error('Unable to fetch user information', __FILE__, __LINE__, $db->error());
@@ -53,9 +53,9 @@ if (isset($_POST['action2']))
 
 	if ($mfl)
 	{
-		$db->query('INSERT INTO '.$db->prefix.'pms_new_block (bl_id, bl_user_id, bl_user) VALUES('.$pun_user['id'].', '.$uid.', \''.$db->escape($cur_user['username']).'\')') or error('Unable to create line in pms_new_block', __FILE__, __LINE__, $db->error());
+		$db->query('INSERT INTO '.$db->prefix.'pms_new_block (bl_id, bl_user_id) VALUES('.$pun_user['id'].', '.$uid.')') or error('Unable to create line in pms_new_block', __FILE__, __LINE__, $db->error());
 
-		if (isset($_POST['delete_dlg']) && $_POST['delete_dlg'] == '1') // удаление диалогов
+		if (isset($_POST['delete_dlg'])) // удаление диалогов
 		{
 			$result = $db->query('SELECT id FROM '.$db->prefix.'pms_new_topics WHERE (starter_id = '.$pun_user['id'].' AND topic_st < 2 AND to_id='.$uid.') OR (to_id = '.$pun_user['id'].' AND topic_to < 2 AND starter_id='.$uid.')') or error('Unable to fetch pms topics IDs', __FILE__, __LINE__, $db->error());
 			if ($db->num_rows($result))
@@ -71,7 +71,7 @@ if (isset($_POST['action2']))
 	else
 		$db->query('DELETE FROM '.$db->prefix.'pms_new_block WHERE bl_id='.$pun_user['id'].' AND bl_user_id='.$uid) or error('Unable to remove line in pms_new_block', __FILE__, __LINE__, $db->error());;
 
-	redirect('pmsnew.php', $mbm);   // ???
+	redirect('pmsnew.php', $mbm); // ???
 }
 
 define('PUN_ACTIVE_PAGE', 'pms_new');

include/pms_new/mdl/close.php

@@ -1,7 +1,7 @@
 <?php
 
 /**
- * Copyright (C) 2010-2013 Visman (mio.visman@yandex.ru)
+ * Copyright (C) 2010-2015 Visman (mio.visman@yandex.ru)
  * Copyright (C) 2008-2010 FluxBB
  * based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
  * License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher

include/pms_new/mdl/closeq.php

@@ -1,7 +1,7 @@
 <?php
 
 /**
- * Copyright (C) 2010-2013 Visman (mio.visman@yandex.ru)
+ * Copyright (C) 2010-2015 Visman (mio.visman@yandex.ru)
  * Copyright (C) 2008-2010 FluxBB
  * based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
  * License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
@@ -36,6 +36,7 @@ generate_pmsn_menu($pmsn_modul);
 		<div class="box">
 			<form method="post" action="pmsnew.php?action=onoff">
 				<div class="inform">
+					<input type="hidden" name="csrf_token" value="<?php echo pmsn_csrf_token('onoff') ?>" />
 					<input type="hidden" name="csrf_hash" value="<?php echo $pmsn_csrf_hash; ?>" />
 					<fieldset>
 						<legend><?php echo $lang_pmsn['Attention'] ?></legend>

include/pms_new/mdl/del.php

@@ -1,7 +1,7 @@
 <?php
 
 /**
- * Copyright (C) 2010-2013 Visman (mio.visman@yandex.ru)
+ * Copyright (C) 2010-2015 Visman (mio.visman@yandex.ru)
  * Copyright (C) 2008-2010 FluxBB
  * based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
  * License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
@@ -12,8 +12,8 @@ if (!defined('PUN') || !defined('PUN_PMS_NEW'))
 
 define('PUN_PMS_LOADED', 1);
 
-$tid = isset($_REQUEST['tid']) ? intval($_REQUEST['tid']) : 0;
-$pid = isset($_REQUEST['pid']) ? intval($_REQUEST['pid']) : 0;
+$tid = intval(pmsn_get_var('tid', 0));
+$pid = intval(pmsn_get_var('pid', 0));
 if ($tid < 1 && $pid < 1)
 	message($lang_common['Bad request'], false, '404 Not Found');
 

include/pms_new/mdl/edit.php

@@ -1,7 +1,7 @@
 <?php
 
 /**
- * Copyright (C) 2010-2013 Visman (mio.visman@yandex.ru)
+ * Copyright (C) 2010-2015 Visman (mio.visman@yandex.ru)
  * Copyright (C) 2008-2010 FluxBB
  * based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
  * License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
@@ -16,7 +16,7 @@ $pid = isset($_GET['pid']) ? intval($_GET['pid']) : 0;
 if ($pid < 1)
 	message($lang_common['Bad request'], false, '404 Not Found');
 
-$result = $db->query('SELECT t.id AS tid, t.topic, t.starter, t.starter_id, t.to_user, t.to_id, t.see_to, t.topic_st, t.topic_to, p.poster, p.poster_id, p.message, p.hide_smilies, p.post_seen, p.post_new FROM '.$db->prefix.'pms_new_posts AS p INNER JOIN '.$db->prefix.'pms_new_topics AS t ON t.id=p.topic_id WHERE p.id='.$pid) or error('Unable to fetch pms_new_posts info', __FILE__, __LINE__, $db->error());
+$result = $db->query('SELECT t.id AS tid, t.topic, t.starter, t.starter_id, t.to_user, t.to_id, t.see_to, t.topic_st, t.topic_to, p.poster, p.poster_id, p.message, p.hide_smilies, p.post_new FROM '.$db->prefix.'pms_new_posts AS p INNER JOIN '.$db->prefix.'pms_new_topics AS t ON t.id=p.topic_id WHERE p.id='.$pid) or error('Unable to fetch pms_new_posts info', __FILE__, __LINE__, $db->error());
 if (!$db->num_rows($result))
 	message($lang_common['Bad request'], false, '404 Not Found');
 
@@ -90,10 +90,8 @@ if (isset($_POST['csrf_hash']))
 	// Did everything go according to plan?
 	if (empty($errors) && !isset($_POST['preview']))
 	{
-		$edited_sql = (!isset($_POST['silent']) || !$is_admmod) ? $edited_sql = ', edited='.time().', edited_by=\''.$db->escape($pun_user['username']).'\'' : '';
-
 		// Update the post
-		$db->query('UPDATE '.$db->prefix.'pms_new_posts SET message=\''.$db->escape($message).'\', hide_smilies='.$hide_smilies.$edited_sql.' WHERE id='.$pid) or error('Unable to update pms_new_posts', __FILE__, __LINE__, $db->error());
+		$db->query('UPDATE '.$db->prefix.'pms_new_posts SET message=\''.$db->escape($message).'\', hide_smilies='.$hide_smilies.', edited='.time().', edited_by=\''.$db->escape($pun_user['username']).'\' WHERE id='.$pid) or error('Unable to update pms_new_posts', __FILE__, __LINE__, $db->error());
 
 		redirect('pmsnew.php?mdl=topic'.$sidamp.'&amp;pid='.$pid.'#p'.$pid, $lang_post['Edit redirect']);
 	}
@@ -208,7 +206,7 @@ $cur_index = 1;
 
 $checkboxes = array();
 if ($pun_config['o_smilies'] == '1')
-	$checkboxes[] = '<label><input type="checkbox" name="hide_smilies" value="1" tabindex="'.($cur_index++).'"'.(isset($_POST['hide_smilies']) ? ' checked="checked"' : '').' />'.$lang_post['Hide smilies'].'<br /></label>';
+	$checkboxes[] = '<label><input type="checkbox" name="hide_smilies" value="1" tabindex="'.($cur_index++).'"'.((isset($hide_smilies) && $hide_smilies || !isset($hide_smilies) && $cur_post['hide_smilies']) ? ' checked="checked"' : '').' />'.$lang_post['Hide smilies'].'<br /></label>';
 if (!empty($checkboxes))
 {
 ?>
@@ -231,4 +229,5 @@ if (!empty($checkboxes))
 		</div>
 	</div>
 <?php
+
 require PUN_ROOT.'include/bbcode.inc.php';

include/pms_new/mdl/list.php

@@ -1,7 +1,7 @@
 <?php
 
 /**
- * Copyright (C) 2010-2013 Visman (mio.visman@yandex.ru)
+ * Copyright (C) 2010-2015 Visman (mio.visman@yandex.ru)
  * Copyright (C) 2008-2010 FluxBB
  * based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
  * License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
@@ -61,9 +61,9 @@ else
 	// Generate paging links
 	$paging_links = '<span class="pages-label">'.$lang_common['Pages'].' </span>'.paginate($num_pages, $p, 'pmsnew.php?mdl=list'.$sidamp);
 
-  if ($pun_user['g_pm_limit'] != 0 && $pmsn_kol_save >= $pun_user['g_pm_limit'])
+	if ($pun_user['g_pm_limit'] != 0 && $pmsn_kol_save >= $pun_user['g_pm_limit'])
 		$pmsn_f_savedel = '';
-  else
+	else
 		$pmsn_f_savedel = '<input type="submit" name="save" value="'.$lang_pmsn['Save_'].'" />&#160;';
 	$pmsn_f_savedel .= '<input type="submit" name="delete" value="'.$lang_pmsn['Delete'].'" />';
 
@@ -226,4 +226,4 @@ function ChekUncheck()
 		</form>
 	</div>
 <?php
-}
+}

include/pms_new/mdl/listq.php

@@ -1,7 +1,7 @@
 <?php
 
 /**
- * Copyright (C) 2010-2013 Visman (mio.visman@yandex.ru)
+ * Copyright (C) 2010-2015 Visman (mio.visman@yandex.ru)
  * Copyright (C) 2008-2010 FluxBB
  * based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
  * License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
@@ -41,7 +41,7 @@ if (defined('PUN_PMS_NEW_CONFIRM'))
 	}
 
 	$kolvo = count($topics);
-  
+
 	if ($kolvo == 0)
 		message($lang_pmsn['No dialogs']);
 	if (count(array_diff($topics, $pmsn_arr_list)) > 0)

include/pms_new/mdl/new.php

@@ -1,7 +1,7 @@
 <?php
 
 /**
- * Copyright (C) 2010-2013 Visman (mio.visman@yandex.ru)
+ * Copyright (C) 2010-2015 Visman (mio.visman@yandex.ru)
  * Copyright (C) 2008-2010 FluxBB
  * based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
  * License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
@@ -61,9 +61,9 @@ else
 	// Generate paging links
 	$paging_links = '<span class="pages-label">'.$lang_common['Pages'].' </span>'.paginate($num_pages, $p, 'pmsnew.php?mdl=new'.$sidamp);
 
-  if ($pun_user['g_pm_limit'] != 0 && $pmsn_kol_save >= $pun_user['g_pm_limit'])
+	if ($pun_user['g_pm_limit'] != 0 && $pmsn_kol_save >= $pun_user['g_pm_limit'])
 		$pmsn_f_savedel = '';
-  else
+	else
 		$pmsn_f_savedel = '<input type="submit" name="save" value="'.$lang_pmsn['Save_'].'" />&#160;';
 	$pmsn_f_savedel .= '<input type="submit" name="delete" value="'.$lang_pmsn['Delete'].'" />';
 
@@ -226,4 +226,4 @@ function ChekUncheck()
 		</form>
 	</div>
 <?php
-}
+}

include/pms_new/mdl/newq.php

@@ -1,7 +1,7 @@
 <?php
 
 /**
- * Copyright (C) 2010-2013 Visman (mio.visman@yandex.ru)
+ * Copyright (C) 2010-2015 Visman (mio.visman@yandex.ru)
  * Copyright (C) 2008-2010 FluxBB
  * based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
  * License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
@@ -41,7 +41,7 @@ if (defined('PUN_PMS_NEW_CONFIRM'))
 	}
 
 	$kolvo = count($topics);
-  
+
 	if ($kolvo == 0)
 		message($lang_pmsn['No dialogs']);
 	if (count(array_diff($topics, $pmsn_arr_new)) > 0)

include/pms_new/mdl/post.php

@@ -1,7 +1,7 @@
 <?php
 
 /**
- * Copyright (C) 2010-2013 Visman (mio.visman@yandex.ru)
+ * Copyright (C) 2010-2015 Visman (mio.visman@yandex.ru)
  * Copyright (C) 2008-2010 FluxBB
  * based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
  * License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
@@ -82,7 +82,7 @@ else
 
 if (!isset($_POST['req_addressee']) && (isset($_GET['uid']) || $sid))
 {
-  if ($sid)
+	if ($sid)
 		$uid = $sid;
 	else
 		$uid = intval($_GET['uid']);
@@ -103,7 +103,7 @@ if (!isset($_POST['req_addressee']) && (isset($_GET['uid']) || $sid))
 		else if ($cur_user['messages_all'] >= $cur_user['g_pm_limit'] && $cur_user['g_pm_limit'] != 0)
 			message($lang_pmsn['More maximum']);
 	}
-  
+
 	$result = $db->query('SELECT bl_id FROM '.$db->prefix.'pms_new_block WHERE (bl_id='.$pun_user['id'].' AND bl_user_id='.$cur_user['id'].') OR (bl_id='.$cur_user['id'].' AND bl_user_id='.$pun_user['id'].')') or error('Unable to fetch pms_new_block', __FILE__, __LINE__, $db->error());
 	$tmp_bl = $db->fetch_assoc($result);
 	if ($tmp_bl['bl_id'] == $pun_user['id'])
@@ -151,42 +151,31 @@ if (isset($_POST['csrf_hash']))
 		$result = $db->query('SELECT u.*, g.* FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'groups AS g ON u.group_id=g.g_id WHERE u.username=\''.$db->escape($addressee).'\'') or error('Unable to fetch user information', __FILE__, __LINE__, $db->error());
 		$cur_addressee = $db->fetch_assoc($result);
 
-		if (!isset($cur_addressee['id']) || $cur_addressee['id'] < 2)
+		if (empty($cur_addressee['id']) || $cur_addressee['id'] < 2)
 			$errors[] = $lang_pmsn['No addressee'];
+		else if ($cur_addressee['id'] == $pun_user['id'])
+			$errors[] = $lang_pmsn['No for itself'];
 		else
 		{
 			$to_user['id'] = $cur_addressee['id'];
 			$to_user['username'] = $cur_addressee['username'];
-		}
-		if ($cur_addressee['id'] == $pun_user['id'])
-			$errors[] = $lang_pmsn['No for itself'];
 
-		if ($pun_user['g_id'] != PUN_ADMIN && !isset($_POST['preview']) && isset($cur_addressee['id']))
-		{
-			if (isset($_POST['save']))
+			if ($pun_user['g_id'] != PUN_ADMIN && !isset($_POST['preview']))
 			{
-				if ($pmsn_kol_save >= $pun_user['g_pm_limit'] && $pun_user['g_pm_limit'] != 0)
-					$errors[] = $lang_pmsn['More maximum user'];
-			}
-			else
-			{
-				if ($cur_addressee['messages_enable'] == 0 || $cur_addressee['g_pm'] == 0)
-					$errors[] = $lang_pmsn['Off messages'];
-				else if ($cur_addressee['messages_all'] >= $cur_addressee['g_pm_limit'] && $cur_addressee['g_pm_limit'] > 0)
-					$errors[] = $lang_pmsn['More maximum'];
+				if (isset($_POST['save']))
+				{
+					if ($pmsn_kol_save >= $pun_user['g_pm_limit'] && $pun_user['g_pm_limit'] != 0)
+						$errors[] = $lang_pmsn['More maximum user'];
+				}
+				else
+				{
+					if ($cur_addressee['messages_enable'] == 0 || $cur_addressee['g_pm'] == 0)
+						$errors[] = $lang_pmsn['Off messages'];
+					else if ($cur_addressee['messages_all'] >= $cur_addressee['g_pm_limit'] && $cur_addressee['g_pm_limit'] > 0)
+						$errors[] = $lang_pmsn['More maximum'];
+				}
 			}
 		}
-
-		if (isset($cur_addressee['id']))
-		{
-			$result = $db->query('SELECT bl_id FROM '.$db->prefix.'pms_new_block WHERE (bl_id='.$pun_user['id'].' AND bl_user_id='.$cur_addressee['id'].') OR (bl_id='.$cur_addressee['id'].' AND bl_user_id='.$pun_user['id'].')') or error('Unable to fetch pms_new_block', __FILE__, __LINE__, $db->error());
-			$tmp_bl = $db->fetch_assoc($result);
-
-			if ($tmp_bl['bl_id'] == $pun_user['id'])
-				$errors[] = $lang_pmsn['You block addr'];
-			else if ($pun_user['g_id'] != PUN_ADMIN && $tmp_bl['bl_id'] == $cur_addressee['id'])
-				$errors[] = $lang_pmsn['Addr block you'];
-    }
 	}
 	else if (!isset($_POST['preview']))
 	{
@@ -198,15 +187,19 @@ if (isset($_POST['csrf_hash']))
 		$result = $db->query('SELECT u.*, g.* FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'groups AS g ON u.group_id=g.g_id WHERE u.id='.$mid) or error('Unable to fetch user information', __FILE__, __LINE__, $db->error());
 		$cur_addressee = $db->fetch_assoc($result);
 
-		if (!isset($cur_addressee['id']))
+		if (empty($cur_addressee['id']) || $cur_addressee['id'] < 2)
 			$errors[] = $lang_pmsn['No addressee'];
 		else if ($pun_user['g_id'] != PUN_ADMIN && !isset($_POST['save']) && ($cur_addressee['messages_enable'] == 0 || $cur_addressee['g_pm'] == 0))
 			$errors[] = $lang_pmsn['Off messages'];
+ 	}
+
+	if (empty($errors) && !empty($cur_addressee['id']))
+	{
+		$result = $db->query('SELECT bl_id FROM '.$db->prefix.'pms_new_block WHERE (bl_id='.$pun_user['id'].' AND bl_user_id='.$cur_addressee['id'].') OR (bl_id='.$cur_addressee['id'].' AND bl_user_id='.$pun_user['id'].')') or error('Unable to fetch pms_new_block', __FILE__, __LINE__, $db->error());
+		$tmp_bl = $db->fetch_assoc($result);
 
-		if (isset($cur_addressee['id']))
+		if (isset($tmp_bl['bl_id']))
 		{
-			$result = $db->query('SELECT bl_id FROM '.$db->prefix.'pms_new_block WHERE (bl_id='.$pun_user['id'].' AND bl_user_id='.$cur_addressee['id'].') OR (bl_id='.$cur_addressee['id'].' AND bl_user_id='.$pun_user['id'].')') or error('Unable to fetch pms_new_block', __FILE__, __LINE__, $db->error());
-			$tmp_bl = $db->fetch_assoc($result);
 			if ($tmp_bl['bl_id'] == $pun_user['id'])
 				$errors[] = $lang_pmsn['You block addr'];
 			else if ($pun_user['g_id'] != PUN_ADMIN && $tmp_bl['bl_id'] == $cur_addressee['id'])
@@ -241,7 +234,7 @@ if (isset($_POST['csrf_hash']))
 		if ($tid) // new post
 		{
 			// создаем новое сообщение
-			$db->query('INSERT INTO '.$db->prefix.'pms_new_posts (poster, poster_id, poster_ip, message, hide_smilies, posted, post_seen, post_new, topic_id) VALUES(\''.$db->escape($pun_user['username']).'\', '.$pun_user['id'].', \''.$db->escape(get_remote_address()).'\',  \''.$db->escape($message).'\', '.$hide_smilies.', '.$now.', 0, 1, '.$tid.')') or error('Unable to create pms_new_posts', __FILE__, __LINE__, $db->error());
+			$db->query('INSERT INTO '.$db->prefix.'pms_new_posts (poster, poster_id, poster_ip, message, hide_smilies, posted, post_new, topic_id) VALUES(\''.$db->escape($pun_user['username']).'\', '.$pun_user['id'].', \''.$db->escape(get_remote_address()).'\', \''.$db->escape($message).'\', '.$hide_smilies.', '.$now.', 1, '.$tid.')') or error('Unable to create pms_new_posts', __FILE__, __LINE__, $db->error());
 			$new_pid = $db->insert_id();
 
 			// обновляем тему
@@ -283,7 +276,7 @@ if (isset($_POST['csrf_hash']))
 				$flag2 = 2;
 				$m_all = $pmsn_kol_list;
 			}
-      else
+			else
 			{
 				$flag1 = 0;
 				$flag2 = 1;
@@ -294,7 +287,7 @@ if (isset($_POST['csrf_hash']))
 			$new_tid = $db->insert_id();
 			
 			// создаем новое сообщение
-			$db->query('INSERT INTO '.$db->prefix.'pms_new_posts (poster, poster_id, poster_ip, message, hide_smilies, posted, post_seen, post_new, topic_id) VALUES(\''.$db->escape($pun_user['username']).'\', '.$pun_user['id'].', \''.$db->escape(get_remote_address()).'\',  \''.$db->escape($message).'\', '.$hide_smilies.', '.$now.', 0, 1, '.$new_tid.')') or error('Unable to create pms_new_posts', __FILE__, __LINE__, $db->error());
+			$db->query('INSERT INTO '.$db->prefix.'pms_new_posts (poster, poster_id, poster_ip, message, hide_smilies, posted, post_new, topic_id) VALUES(\''.$db->escape($pun_user['username']).'\', '.$pun_user['id'].', \''.$db->escape(get_remote_address()).'\', \''.$db->escape($message).'\', '.$hide_smilies.', '.$now.', 1, '.$new_tid.')') or error('Unable to create pms_new_posts', __FILE__, __LINE__, $db->error());
 			$new_pid = $db->insert_id();
 
 			// update users
@@ -340,7 +333,7 @@ $focus_element = array('post');
 if ($tid)
 {
 	$action1 = $lang_post['Post a reply'];
-	$action0 =  $lang_pmsn[$pmsn_modul];
+	$action0 = $lang_pmsn[$pmsn_modul];
 	if (isset($to_user['id']) && $to_user['id'] != $sid)
 		$form = '<form id="post" method="post" action="pmsnew.php?mdl=post&amp;tid='.$tid.'" onsubmit="this.submit.disabled=true;if(process_form(this)){return true;}else{this.submit.disabled=false;return false;}">'."\n";
 	else
@@ -396,7 +389,7 @@ if ($tid)
 else
 {
 	$action1 = $lang_pmsn['Post new topic'];
-	$action0 =  $lang_pmsn['New dialog'];
+	$action0 = $lang_pmsn['New dialog'];
 	if (isset($to_user['id']) && $to_user['id'] != $sid)
 		$form = '<form id="post" method="post" action="pmsnew.php?mdl=post" onsubmit="return process_form(this)">'."\n";
 	else
@@ -555,6 +548,7 @@ if (!empty($checkboxes))
 		</div>
 	</div>
 <?php
+
 require PUN_ROOT.'include/bbcode.inc.php';
 
 // Check to see if the topic review is to be displayed

include/pms_new/mdl/save.php

@@ -1,7 +1,7 @@
 <?php
 
 /**
- * Copyright (C) 2010-2013 Visman (mio.visman@yandex.ru)
+ * Copyright (C) 2010-2015 Visman (mio.visman@yandex.ru)
  * Copyright (C) 2008-2010 FluxBB
  * based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
  * License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
@@ -220,4 +220,4 @@ function ChekUncheck()
 		</form>
 	</div>
 <?php
-}
+}

include/pms_new/mdl/saveq.php

@@ -1,7 +1,7 @@
 <?php
 
 /**
- * Copyright (C) 2010-2013 Visman (mio.visman@yandex.ru)
+ * Copyright (C) 2010-2015 Visman (mio.visman@yandex.ru)
  * Copyright (C) 2008-2010 FluxBB
  * based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
  * License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
@@ -38,7 +38,7 @@ if (defined('PUN_PMS_NEW_CONFIRM'))
 	}
 
 	$kolvo = count($topics);
-  
+
 	if ($kolvo == 0)
 		message($lang_pmsn['No dialogs']);
 	if (count(array_diff($topics, $pmsn_arr_save)) > 0)

include/pms_new/mdl/send.php

@@ -1,7 +1,7 @@
 <?php
 
 /**
- * Copyright (C) 2010-2013 Visman (mio.visman@yandex.ru)
+ * Copyright (C) 2010-2015 Visman (mio.visman@yandex.ru)
  * Copyright (C) 2008-2010 FluxBB
  * based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
  * License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
@@ -55,8 +55,8 @@ if (isset($_POST['action2']))
 
 	$db->query('UPDATE '.$db->prefix.'pms_new_topics SET topic_st=0, topic_to=1 WHERE id='.$tid) or error('Unable to update pms_new_topics', __FILE__, __LINE__, $db->error());
 	
-  pmsn_user_update($cur_user['id'], true);
-  pmsn_user_update($pun_user['id']);
+	pmsn_user_update($cur_user['id'], true);
+	pmsn_user_update($pun_user['id']);
 
 	if ($cur_user['messages_email'] == 1)
 	{

include/pms_new/mdl/topic.php

@@ -1,7 +1,7 @@
 <?php
 
 /**
- * Copyright (C) 2010-2013 Visman (mio.visman@yandex.ru)
+ * Copyright (C) 2010-2015 Visman (mio.visman@yandex.ru)
  * Copyright (C) 2008-2010 FluxBB
  * based on code by Rickard Andersson copyright (C) 2002-2008 PunBB
  * License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
@@ -178,11 +178,10 @@ for ($i = 0;$cur_post_id = $db->result($result, $i);$i++)
 	$post_ids[] = $cur_post_id;
 	
 $post_view_new = array();
-$a_token = array();
 
 // мод пола, добавлен u.gender
 // убран запрос к таблице online
-$result = $db->query('SELECT u.gender, u.email, u.title, u.url, u.location, u.signature, u.email_setting, u.num_posts, u.registered, u.admin_note, p.id, p.poster AS username, p.poster_id, p.message, p.hide_smilies, p.posted, p.edited, p.edited_by, p.post_seen, p.post_new, g.g_id, g.g_user_title FROM '.$db->prefix.'pms_new_posts AS p LEFT JOIN '.$db->prefix.'users AS u ON u.id=p.poster_id LEFT JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id WHERE p.id IN ('.implode(',', $post_ids).') ORDER BY p.id', true) or error('Unable to fetch pms_new_posts info', __FILE__, __LINE__, $db->error());
+$result = $db->query('SELECT u.gender, u.email, u.title, u.url, u.location, u.signature, u.email_setting, u.num_posts, u.registered, u.admin_note, p.id, p.poster AS username, p.poster_id, p.message, p.hide_smilies, p.posted, p.edited, p.edited_by, p.post_new, g.g_id, g.g_user_title FROM '.$db->prefix.'pms_new_posts AS p LEFT JOIN '.$db->prefix.'users AS u ON u.id=p.poster_id LEFT JOIN '.$db->prefix.'groups AS g ON g.g_id=u.group_id WHERE p.id IN ('.implode(',', $post_ids).') ORDER BY p.id', true) or error('Unable to fetch pms_new_posts info', __FILE__, __LINE__, $db->error());
 while ($cur_post = $db->fetch_assoc($result))
 {
 	$post_count++;
@@ -214,12 +213,7 @@ while ($cur_post = $db->fetch_assoc($result))
 			$post_view_new[] = $cur_post['id'];
 
 		if ($cur_post['g_id'] != PUN_GUEST && $cur_post['g_id'] != PUN_ADMIN)
-		{
-			if (!isset($a_token[$cur_post['poster_id']]))
-				$a_token[$cur_post['poster_id']] = pun_hash($pun_user['id'].pun_hash($pun_config['o_crypto_pas'].$cur_post['poster_id']).PUN_ROOT);
-		  
-			$post_actions[] = '<li class="postreport"><span><a href="pmsnew.php?mdl=blocking&amp;uid='.$cur_post['poster_id'].'&amp;csrf_token='.$a_token[$cur_post['poster_id']].'">'.$lang_pmsn['Block'].'</a></span></li>';
-		}
+			$post_actions[] = '<li class="postreport"><span><a href="pmsnew.php?mdl=blocking&amp;uid='.$cur_post['poster_id'].'&amp;csrf_token='.pmsn_csrf_token($cur_post['poster_id']).'">'.$lang_pmsn['Block'].'</a></span></li>';
 	}
 	else if ($cur_post['post_new'] == 1 && $newpost)
 	{
@@ -344,7 +338,7 @@ while ($cur_post = $db->fetch_assoc($result))
 		</div>
 <?php
 
-}  // while
+} // while
 
 ?>
 		<div class="pagepost">
@@ -358,7 +352,7 @@ if ($status)
 {
 	if (count($post_view_new) > 0 )
 	{
-		$db->query('UPDATE '.$db->prefix.'pms_new_posts SET post_seen=1, post_new=0 WHERE id IN ('.implode(',', $post_view_new).')') or error('Unable to update pms_new_posts', __FILE__, __LINE__, $db->error());
+		$db->query('UPDATE '.$db->prefix.'pms_new_posts SET post_new=0 WHERE id IN ('.implode(',', $post_view_new).')') or error('Unable to update pms_new_posts', __FILE__, __LINE__, $db->error());
 
 		$result = $db->query('SELECT MIN(id) FROM '.$db->prefix.'pms_new_posts WHERE poster_id!='.$pun_user['id'].' AND topic_id='.$tid.' AND post_new=1') or error('Unable to fetch pms_new_posts info', __FILE__, __LINE__, $db->error());
 		$first_new_post_id = $db->result($result);
@@ -388,7 +382,7 @@ if ($quickpost)
 						<legend><?php echo $lang_common['Write message legend'] ?></legend>
 						<div class="infldset txtarea">
 							<input type="hidden" name="csrf_hash" value="<?php echo $pmsn_csrf_hash ?>" />
-							<label><textarea name="req_message" rows="7" cols="75"  tabindex="<?php echo $cur_index++ ?>"></textarea></label>
+							<label><textarea name="req_message" rows="7" cols="75" tabindex="<?php echo $cur_index++ ?>"></textarea></label>
 							<ul class="bblinks">
 								<li><span><a href="help.php#bbcode" onclick="window.open(this.href); return false;"><?php echo $lang_common['BBCode'] ?></a> <?php echo ($pun_config['p_message_bbcode'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></span></li>
 								<li><span><a href="help.php#url" onclick="window.open(this.href); return false;"><?php echo $lang_common['url tag'] ?></a> <?php echo ($pun_config['p_message_bbcode'] == '1' && $pun_user['g_post_links'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></span></li>
@@ -403,6 +397,6 @@ if ($quickpost)
 		</div>
 	</div>
 <?php
-require PUN_ROOT.'include/bbcode.inc.php';
 
+	require PUN_ROOT.'include/bbcode.inc.php';
 }

include/pms_new/pmsnheader.php

@@ -1,7 +1,7 @@
 <?php
 
 /**
- * Copyright (C) 2010-2013 Visman (mio.visman@yandex.ru)
+ * Copyright (C) 2010-2015 Visman (mio.visman@yandex.ru)
  * License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
  */
 
@@ -66,4 +66,4 @@ if (!$pun_user['is_guest'])
 		else
 			$page_head['reminderstyle'] = '<link rel="stylesheet" type="text/css" href="style/imports/reminder.css" />';
 	}
-}
+}

include/user_agent.php

@@ -19,6 +19,8 @@ function ua_search_for_item($items, $usrag)
 		if (strpos($usrag, strtolower($item)) !== false)
 			return $item;
 	}
+
+	return 'Unknown';
 }
 
 function get_useragent_names($usrag)
@@ -32,8 +34,11 @@ function get_useragent_names($usrag)
 
 	$browser = ua_search_for_item($browsers, $usrag);
 
-	preg_match('#'.preg_quote(strtolower((in_array($browser, array('Safari', 'Opera')) ? 'Version' : ($browser == 'Trident' ? 'rv:' : $browser)))).'[\s/]*([\.0-9]+)#', $usrag, $matches);
-	$browser_version = isset($matches[1]) ? $matches[1] : '';
+	if (preg_match('#'.preg_quote(strtolower((in_array($browser, array('Safari', 'Opera')) ? 'Version' : ($browser == 'Trident' ? 'rv:' : $browser)))).'[\s/]*([\.0-9]+)#', $usrag, $matches))
+	{
+		$matches = explode('.', $matches[1]);
+		$browser_version = $matches[0].(isset($matches[1]) ? '.'.$matches[1] : '');
+	}
 
 	if ($browser == 'Trident' && !empty($browser_version) || $browser == 'MSIE')
 	{
@@ -52,11 +57,8 @@ function get_useragent_names($usrag)
 	elseif ($browser == 'OPR')
 		$browser = 'Opera';
 
-	elseif (empty($browser))
-		$browser = 'Unknown';
-
 	// System detection
-	$systems = array('Windows', 'Linux', 'Macintosh', 'Mac', 'Amiga', 'BeOS', 'FreeBSD', 'HP-UX', 'NetBSD', 'OS/2', 'SunOS', 'Symbian', 'Unix', 'Samsung', 'Sun', 'J2ME/MIDP');
+	$systems = array('Windows', 'Linux', 'Mac', 'Amiga', 'BeOS', 'FreeBSD', 'HP-UX', 'NetBSD', 'OS/2', 'SunOS', 'Symbian', 'Unix', 'J2ME/MIDP');
 	
 	$system = ua_search_for_item($systems, $usrag);
 	
@@ -66,7 +68,7 @@ function get_useragent_names($usrag)
 
 		$system = ua_search_for_item($systems, $usrag);
 
-		if (empty($system))
+		if ($system == 'Unknown')
 			$system = 'Linux';
 
 		elseif ($system == 'Mandrake')
@@ -104,16 +106,12 @@ function get_useragent_names($usrag)
 	elseif ($system == 'Mac')
 		$system = 'Macintosh';
 
-	elseif (empty($system))
-		$system = 'Unknown';
-
 	if (empty($browser_img))
 		$browser_img = $browser;
 
 	$result = array(
 		'system'					=> $system,
 		'browser_img'			=> $browser_img,
-		'browser_version'	=> $browser_version,
 		'browser_name'		=> $browser.' '.$browser_version
 	);
 

install.php

@@ -9,7 +9,7 @@
 // The FluxBB version this script installs
 define('FORUM_VERSION', '1.5.9');
 
-define('FORUM_VER_REVISION', 73);	// номер сборки - Visman
+define('FORUM_VER_REVISION', 74);	// номер сборки - Visman
 
 define('FORUM_DB_REVISION', 21);
 define('FORUM_SI_REVISION', 2.1);
@@ -1396,11 +1396,6 @@ else
 				'datatype'		=> 'INT(10) UNSIGNED',
 				'allow_null'	=> false,
 				'default'		=> '0'
-			),
-			'bl_user'		=> array(
-				'datatype'		=> 'VARCHAR(200)',
-				'allow_null'	=> false,
-				'default'		=> '\'\''
 			)
 		),
 		'INDEXES'		=> array(
@@ -1453,11 +1448,6 @@ else
 				'datatype'		=> 'VARCHAR(200)',
 				'allow_null'	=> true
 			),
-			'post_seen'		=> array(
-				'datatype'		=> 'TINYINT(1)',
-				'allow_null'	=> false,
-				'default'		=> '0'
-			),
 			'post_new'		=> array(
 				'datatype'		=> 'TINYINT(1)',
 				'allow_null'	=> false,

lang/English/common.php

@@ -72,7 +72,7 @@ $lang_common = array(
 'and'								=>	'and',
 'Image link'						=>	'image', // This is displayed (i.e. <image>) instead of images when "Show images" is disabled in the profile
 'wrote'								=>	'wrote:', // For [quote]'s
-'Mailer'							=>	'%s Mailer', // As in "MyForums Mailer" in the signature of outgoing emails
+'Mailer'							=>	'%s', // As in "MyForums Mailer" in the signature of outgoing emails
 'Important information'				=>	'Important information',
 'Write message legend'				=>	'Write your message and submit',
 'Previous'							=>	'Previous',

lang/English/mail_templates/form_pmsn.tpl

@@ -3,8 +3,8 @@ Subject: New personal message: <mail_subject>
 Hello, <user>!
 
 <sender> from <board_title> has sent you a personal message.
-The message is located at  <message_url>
+The message is located at <message_url>
 
 -- 
 <board_mailer> Mailer
-(Do not reply to this message)
+(Do not reply to this message)

lang/English/pms_new.php

@@ -105,7 +105,7 @@ $lang_pmsn = array(
 'InfoDeleteQTop' => 'Confirm removing of this dialogue',
 'InfoSend' => 'Sending dialogue ”%s”',
 'InfoSendQ' => 'Send dialogue to user <strong>%s</strong>?',
-'Attention' =>  'Attention!!!',
+'Attention' => 'Attention!!!',
 'Delete dialog' => 'Remove dialogues between you and this user',
 
 'Modul failed message' => 'The module &rdquo;%s&rdquo; failed to load.',

lang/Russian/admin_plugin_pms_new.php

@@ -2,11 +2,11 @@
 
 $lang_apmsn = array(
 
-'Plugin title'	=>	'PMS New - Новая служба личных сообщений',
-'Explanation 1'			=>	'Плагин служит для настройки системы личных сообщений вашего форума.',
-'Explanation 2'			=>	'Вы можете включить или выключить ЛС на форуме, ограничить количество сообщений в ящиках пользователей (0 - снимает ограничение).',
-'Form title'	=>	'Настройки',
-'Show text button'		=>	'Сохранить изменения',
+'Plugin title' => 'PMS New - Новая служба личных сообщений',
+'Explanation 1' => 'Плагин служит для настройки системы личных сообщений вашего форума.',
+'Explanation 2' => 'Вы можете включить или выключить ЛС на форуме, ограничить количество сообщений в ящиках пользователей (0 - снимает ограничение).',
+'Form title' => 'Настройки',
+'Show text button' => 'Сохранить изменения',
 'Plugin redirect' => 'Настройки изменены. Переадресация …',
 'Group' => 'Группа',
 'Kolvo' => 'Емкость ящика',

plugins/AP_PMS_New.php

@@ -11,7 +11,7 @@ if (!defined('PUN'))
 
 // Tell admin_loader.php that this is indeed a plugin and that it is loaded
 define('PUN_PLUGIN_LOADED', 1);
-define('PLUGIN_VERSION', '1.7.2');
+define('PLUGIN_VERSION', '1.8.0');
 define('PLUGIN_URL', pun_htmlspecialchars('admin_loader.php?plugin='.$plugin));
 
 // Load language file
@@ -103,7 +103,7 @@ if ($pun_config['o_pms_enabled'] == '1')
 							<table class="aligntop">
 								<tr>
 									<td>
-										<span><input type="text" name="min_kolvo" value="<?php echo pun_htmlspecialchars($pun_config['o_pms_min_kolvo']) ?>"  tabindex="<?php echo ($tabindex++) ?>" size="10" maxlength="10" />&#160;&#160;<?php echo $lang_apmsn['Q3'] ?></span>
+										<span><input type="text" name="min_kolvo" value="<?php echo pun_htmlspecialchars($pun_config['o_pms_min_kolvo']) ?>" tabindex="<?php echo ($tabindex++) ?>" size="10" maxlength="10" />&#160;&#160;<?php echo $lang_apmsn['Q3'] ?></span>
 									</td>
 								</tr>
 								<tr>
@@ -140,7 +140,7 @@ if ($pun_config['o_pms_enabled'] == '1')
 								<tr>
 									<td class="tcl"><?php echo pun_htmlspecialchars($cur_group['g_title']) ?></td>
 									<td class="tc2"><input type="checkbox" name="g_pm[<?php echo $cur_group['g_id'] ?>]" value="1" tabindex="<?php echo ($tabindex++) ?>"<?php echo ($cur_group['g_pm'] == 1 ? ' checked="checked"' : '')?> /></td>
-									<td class="tcr"><input type="text" name="g_limit[<?php echo $cur_group['g_id'] ?>]" value="<?php echo $cur_group['g_pm_limit'] ?>"  tabindex="<?php echo ($tabindex++) ?>" size="10" maxlength="10" /></td>
+									<td class="tcr"><input type="text" name="g_limit[<?php echo $cur_group['g_id'] ?>]" value="<?php echo $cur_group['g_pm_limit'] ?>" tabindex="<?php echo ($tabindex++) ?>" size="10" maxlength="10" /></td>
 								</tr>
 <?php
 

pmsnew.php

@@ -1,7 +1,7 @@
 <?php
 
 /**
- * Copyright (C) 2010-2014 Visman (mio.visman@yandex.ru)
+ * Copyright (C) 2010-2015 Visman (mio.visman@yandex.ru)
  * License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
  */
 
@@ -29,9 +29,13 @@ if (isset($_POST['csrf_hash']) || isset($_GET['csrf_hash']))
 	define('PUN_PMS_NEW_CONFIRM', 1);
 }
 
-$action = isset($_REQUEST['action']) ? pun_trim($_REQUEST['action']) : '';
+$action = pmsn_get_var('action', '');
 if ($action == 'onoff')
 {
+	$csrf_token = pmsn_csrf_token('onoff');
+	if (!pun_hash_equals($csrf_token, pmsn_get_var('csrf_token', '')))
+		message($lang_common['Bad request'], false, '404 Not Found');
+
 	if ($pun_user['messages_enable'] == 0 || ($pun_user['messages_enable'] == 1 && isset($_POST['action2']) && defined('PUN_PMS_NEW_CONFIRM')))
 	{
 		// удаляем сообщения пользователя
@@ -44,12 +48,16 @@ if ($action == 'onoff')
 		redirect('pmsnew.php', $lang_pmsn['Options redirect']);
 	}
 	else if ($pun_user['messages_enable'] == 1 && isset($_POST['action2']))
-		message($lang_common['Bad referrer']);
+		message($lang_common['Bad request'], false, '404 Not Found');
 	else
 		$pmsn_modul = 'closeq';
 }
 else if ($action == 'email')
 {
+	$csrf_token = pmsn_csrf_token('email');
+	if (!pun_hash_equals($csrf_token, pmsn_get_var('csrf_token', '')))
+		message($lang_common['Bad request'], false, '404 Not Found');
+
 	if ($pun_user['messages_email'] == 1)
 	{
 		$action = $lang_pmsn['Email off Red'];
@@ -67,7 +75,7 @@ else if ($pun_user['messages_enable'] == 0 && $pun_user['messages_new'] == 0) //
 	$pmsn_modul = 'close';
 else
 {
-	$pmsn_modul = isset($_REQUEST['mdl']) ? pun_trim($_REQUEST['mdl']) : 'new';
+	$pmsn_modul = pmsn_get_var('mdl', 'new');
 	
 	if ($pun_user['g_pm'] == 0 || $pun_user['messages_enable'] == 0)
 		if (!in_array($pmsn_modul, array('new','topic','close','closeq')))
@@ -96,7 +104,7 @@ if ($sid < 2)
 
 if ($sid)
 {
-	$result = $db->query('SELECT id, starter, to_user, starter_id, topic_st, topic_to  FROM '.$db->prefix.'pms_new_topics WHERE (starter_id = '.$pun_user['id'].' AND topic_st != 2 AND to_id='.$sid.') OR (to_id = '.$pun_user['id'].' AND topic_to != 2 AND starter_id='.$sid.') ORDER BY last_posted DESC') or error('Unable to fetch pms topics IDs', __FILE__, __LINE__, $db->error());
+	$result = $db->query('SELECT id, starter, to_user, starter_id, topic_st, topic_to FROM '.$db->prefix.'pms_new_topics WHERE (starter_id = '.$pun_user['id'].' AND topic_st != 2 AND to_id='.$sid.') OR (to_id = '.$pun_user['id'].' AND topic_to != 2 AND starter_id='.$sid.') ORDER BY last_posted DESC') or error('Unable to fetch pms topics IDs', __FILE__, __LINE__, $db->error());
 	if (!$db->num_rows($result))
 		$sid = 0;
 	else
@@ -106,7 +114,7 @@ if ($sid)
 	}
 }
 if ($sid == 0)
-	$result = $db->query('SELECT id, starter, to_user, starter_id, topic_st, topic_to  FROM '.$db->prefix.'pms_new_topics WHERE (starter_id = '.$pun_user['id'].' AND topic_st != 2) OR (to_id = '.$pun_user['id'].' AND topic_to != 2) ORDER BY last_posted DESC') or error('Unable to fetch pms topics IDs', __FILE__, __LINE__, $db->error());
+	$result = $db->query('SELECT id, starter, to_user, starter_id, topic_st, topic_to FROM '.$db->prefix.'pms_new_topics WHERE (starter_id = '.$pun_user['id'].' AND topic_st != 2) OR (to_id = '.$pun_user['id'].' AND topic_to != 2) ORDER BY last_posted DESC') or error('Unable to fetch pms topics IDs', __FILE__, __LINE__, $db->error());
 
 while ($ttmp = $db->fetch_assoc($result))
 {
@@ -132,9 +140,9 @@ $pmsn_kol_save = count($pmsn_arr_save);
 
 // можно ли создать новый диалог
 if ($pun_user['g_pm'] == 0 || $pun_user['messages_enable'] == 0 || ($pun_user['g_pm_limit'] != 0 && $pmsn_kol_list >= $pun_user['g_pm_limit'] && $pmsn_kol_save >= $pun_user['g_pm_limit']))
-  $pmsn_f_cnt = '';
+	$pmsn_f_cnt = '';
 else
-  $pmsn_f_cnt = '<span><a href="pmsnew.php?mdl=post'.$sidamp.'">'.$lang_pmsn['New dialog'].'</a></span>';
+	$pmsn_f_cnt = '<span><a href="pmsnew.php?mdl=post'.$sidamp.'">'.$lang_pmsn['New dialog'].'</a></span>';
 
 if (!isset($page_head))
 	$page_head = array();

profile.php

@@ -1012,7 +1012,6 @@ else if (isset($_POST['form_sent']))
 		$db->query('UPDATE '.$db->prefix.'pms_new_topics SET to_user=\''.$db->escape($form['username']).'\' WHERE to_id='.$id) or error('Unable to update pms_new_topics', __FILE__, __LINE__, $db->error());
 		$db->query('UPDATE '.$db->prefix.'pms_new_posts SET poster=\''.$db->escape($form['username']).'\' WHERE poster_id='.$id) or error('Unable to update pms_new_posts', __FILE__, __LINE__, $db->error());
 		$db->query('UPDATE '.$db->prefix.'pms_new_posts SET edited_by=\''.$db->escape($form['username']).'\' WHERE edited_by=\''.$db->escape($old_username).'\'') or error('Unable to update pms_new_posts', __FILE__, __LINE__, $db->error());
-		$db->query('UPDATE '.$db->prefix.'pms_new_block SET bl_user=\''.$db->escape($form['username']).'\' WHERE bl_user_id='.$id) or error('Unable to update ms_new_block', __FILE__, __LINE__, $db->error());
 // New PMS - Visman
 		$db->query('UPDATE '.$db->prefix.'bans SET username=\''.$db->escape($form['username']).'\' WHERE username=\''.$db->escape($old_username).'\'') or error('Unable to update bans', __FILE__, __LINE__, $db->error());
 		// If any bans were updated, we will need to know because the cache will need to be regenerated.