beenull/forkbb
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Deleted POST, GET ...

Browse source
This commit is contained in:
Visman 2017-01-08 11:47:41 +07:00
parent 239018c439
commit 0f8cd197ac
5 changed files with 180 additions and 169 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

60
post.php
View file

@ -14,8 +14,10 @@ if ($pun_user['g_read_board'] == '0')
message($lang_common['No view'], false, '403 Forbidden');
$tid = isset($_GET['tid']) ? intval($_GET['tid']) : 0;
$fid = isset($_GET['fid']) ? intval($_GET['fid']) : 0;
$request = $container->get('Request');
$tid = $request->getInt('tid', 0);
$fid = $request->getInt('fid', 0);
if ($tid < 1 && $fid < 1 || $tid > 0 && $fid > 0)
message($lang_common['Bad request'], false, '404 Not Found');
@ -68,12 +70,12 @@ $errors = array();
// Did someone just hit "Submit" or "Preview"?
if (isset($_POST['form_sent']))
if ($request->isPost('form_sent'))
{
flux_hook('post_before_validation');
// Flood protection
if (!isset($_POST['preview']) && $pun_user['last_post'] != '' && (time() - $pun_user['last_post']) < $pun_user['g_post_flood'])
if (! $request->isPost('preview') && $pun_user['last_post'] != '' && (time() - $pun_user['last_post']) < $pun_user['g_post_flood'])
$errors[] = sprintf($lang_post['Flood start'], $pun_user['g_post_flood'], $pun_user['g_post_flood'] - (time() - $pun_user['last_post']));
// Make sure they got here from the site
@ -82,7 +84,7 @@ if (isset($_POST['form_sent']))
// If it's a new topic
if ($fid)
{
$subject = pun_trim($_POST['req_subject']);
$subject = trim($request->postStr('req_subject'));
if ($pun_config['o_censoring'] == '1')
$censored_subject = pun_trim(censor_words($subject));
@ -106,8 +108,8 @@ if (isset($_POST['form_sent']))
// Otherwise it should be in $_POST
else
{
$username = pun_trim($_POST['req_username']);
$email = strtolower(pun_trim(($pun_config['p_force_guest_email'] == '1') ? $_POST['req_email'] : $_POST['email']));
$username = trim($request->postStr('req_username'));
$email = strtolower(pun_trim($request->postStr($pun_config['p_force_guest_email'] == '1' ? 'req_email' : 'email')));
$banned_email = false;
// Load the register.php/prof_reg.php language files
@ -136,7 +138,7 @@ if (isset($_POST['form_sent']))
}
// Clean up message from POST
$orig_message = $message = pun_linebreaks(pun_trim($_POST['req_message']));
$orig_message = $message = pun_linebreaks(trim($request->postStr('req_message')));
// Here we use strlen() not pun_strlen() as we want to limit the post to PUN_MAX_POSTSIZE bytes, not characters
if (pun_strlen($message) > PUN_MAX_POSTSIZE)
@ -165,9 +167,9 @@ if (isset($_POST['form_sent']))
}
}
$hide_smilies = isset($_POST['hide_smilies']) ? '1' : '0';
$subscribe = isset($_POST['subscribe']) ? '1' : '0';
$stick_topic = isset($_POST['stick_topic']) && $is_admmod ? '1' : '0';
$hide_smilies = $request->isPost('hide_smilies') ? '1' : '0';
$subscribe = $request->isPost('subscribe') ? '1' : '0';
$stick_topic = $request->isPost('stick_topic') && $is_admmod ? '1' : '0';
// Replace four-byte characters (MySQL cannot handle them)
$message = strip_bad_multibyte_chars($message);
@ -181,12 +183,12 @@ if (isset($_POST['form_sent']))
flux_hook('post_after_validation');
// Did everything go according to plan?
if (empty($errors) && !isset($_POST['preview']))
if (empty($errors) && ! $request->isPost('preview'))
{
require PUN_ROOT.'include/search_idx.php';
// START Merge Post
if (isset($pun_config['o_merge_timeout']) && !$pun_user['is_guest'] && !$fid && (($is_admmod && !empty($_POST['merge'])) || !$is_admmod) && $cur_posting['poster_id']!=NULL && $cur_posting['message']!=NULL && ($now - $cur_posting['posted'])<$pun_config['o_merge_timeout'] && (pun_strlen($cur_posting['message'].$message) + 100 < PUN_MAX_POSTSIZE))
if (isset($pun_config['o_merge_timeout']) && !$pun_user['is_guest'] && !$fid && (($is_admmod && $request->isPost('merge')) || !$is_admmod) && $cur_posting['poster_id']!=NULL && $cur_posting['message']!=NULL && ($now - $cur_posting['posted'])<$pun_config['o_merge_timeout'] && (pun_strlen($cur_posting['message'].$message) + 100 < PUN_MAX_POSTSIZE))
{
$message= '[after='.($now - $cur_posting['posted']).']'."\n".$message;
$merged = true;
@ -327,7 +329,7 @@ if (isset($_POST['form_sent']))
// If it's a new topic
else if ($fid)
{
$stick_fp = ($is_admmod && isset($_POST['stickfp'])) ? 1 : 0; // StickFP - Visman
$stick_fp = ($is_admmod && $request->isPost('stickfp')) ? 1 : 0; // StickFP - Visman
// Create the topic
$db->query('INSERT INTO '.$db->prefix.'topics (stick_fp, poster, subject, posted, last_post, last_poster, sticky, forum_id) VALUES('.$stick_fp.', \''.$db->escape($username).'\', \''.$db->escape($subject).'\', '.$now.', '.$now.', \''.$db->escape($username).'\', '.$stick_topic.', '.$fid.')') or error('Unable to create topic', __FILE__, __LINE__, $db->error());
$new_tid = $db->insert_id();
@ -502,9 +504,9 @@ if ($tid)
$form = '<form id="post" method="post" action="post.php?action=post&amp;tid='.$tid.'" onsubmit="this.submit.disabled=true;if(process_form(this)){return true;}else{this.submit.disabled=false;return false;}">';
// If a quote ID was specified in the url
if (isset($_GET['qid']))
if ($request->isGet('qid'))
{
$qid = intval($_GET['qid']);
$qid = $request->getInt('qid', 0);
if ($qid < 1)
message($lang_common['Bad request'], false, '404 Not Found');
@ -608,7 +610,7 @@ require PUN_ROOT.'header.php';
<ul class="crumbs">
<li><a href="index.php"><?php echo $lang_common['Index'] ?></a></li>
<li><span>»&#160;</span><a href="viewforum.php?id=<?php echo $cur_posting['id'] ?>"><?php echo pun_htmlspecialchars($cur_posting['forum_name']) ?></a></li>
<?php if (isset($_POST['req_subject'])): ?> <li><span>»&#160;</span><?php echo pun_htmlspecialchars($_POST['req_subject']) ?></li>
<?php if ($request->isPost('req_subject')): ?> <li><span>»&#160;</span><?php echo pun_htmlspecialchars($request->postStr('req_subject', '')) ?></li>
<?php endif; ?>
<?php if (isset($cur_posting['subject'])): ?> <li><span>»&#160;</span><a href="viewtopic.php?id=<?php echo $tid ?>"><?php echo pun_htmlspecialchars($cur_posting['subject']) ?></a></li>
<?php endif; ?> <li><span>»&#160;</span><strong><?php echo $action ?></strong></li>
@ -642,7 +644,7 @@ if (!empty($errors))
<?php
}
else if (isset($_POST['preview']))
else if ($request->isPost('preview'))
{
require_once PUN_ROOT.'include/parser.php';
$preview_message = parse_message($message, $hide_smilies);
@ -689,18 +691,18 @@ if ($pun_user['is_guest'])
$email_form_name = ($pun_config['p_force_guest_email'] == '1') ? 'req_email' : 'email';
?>
<label class="conl required"><strong><?php echo $lang_post['Guest name'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br /><input type="text" name="req_username" value="<?php if (isset($_POST['req_username'])) echo pun_htmlspecialchars($username); ?>" size="25" maxlength="25" tabindex="<?php echo $cur_index++ ?>" /><br /></label>
<label class="conl<?php echo ($pun_config['p_force_guest_email'] == '1') ? ' required' : '' ?>"><?php echo $email_label ?><br /><input type="text" name="<?php echo $email_form_name ?>" value="<?php if (isset($_POST[$email_form_name])) echo pun_htmlspecialchars($email); ?>" size="50" maxlength="80" tabindex="<?php echo $cur_index++ ?>" /><br /></label>
<label class="conl required"><strong><?php echo $lang_post['Guest name'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br /><input type="text" name="req_username" value="<?php if ($request->isPost('req_username')) echo pun_htmlspecialchars($username); ?>" size="25" maxlength="25" tabindex="<?php echo $cur_index++ ?>" /><br /></label>
<label class="conl<?php echo ($pun_config['p_force_guest_email'] == '1') ? ' required' : '' ?>"><?php echo $email_label ?><br /><input type="text" name="<?php echo $email_form_name ?>" value="<?php if ($request->isPost($email_form_name)) echo pun_htmlspecialchars($email); ?>" size="50" maxlength="80" tabindex="<?php echo $cur_index++ ?>" /><br /></label>
<div class="clearer"></div>
<?php
}
if ($fid): ?>
<label class="required"><strong><?php echo $lang_common['Subject'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br /><input class="longinput" type="text" name="req_subject" value="<?php if (isset($_POST['req_subject'])) echo pun_htmlspecialchars($subject); ?>" size="80" maxlength="70" tabindex="<?php echo $cur_index++ ?>" /><br /></label>
<label class="required"><strong><?php echo $lang_common['Subject'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br /><input class="longinput" type="text" name="req_subject" value="<?php if ($request->isPost('req_subject')) echo pun_htmlspecialchars($subject); ?>" size="80" maxlength="70" tabindex="<?php echo $cur_index++ ?>" /><br /></label>
<?php endif; ?>
<label class="required"><strong><?php echo $lang_common['Message'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br />
<textarea name="req_message" rows="20" cols="95" tabindex="<?php echo $cur_index++ ?>"><?php echo isset($_POST['req_message']) ? pun_htmlspecialchars($orig_message) : (isset($quote) ? $quote : ''); ?></textarea><br /></label>
<textarea name="req_message" rows="20" cols="95" tabindex="<?php echo $cur_index++ ?>"><?php echo $request->isPost('req_message') ? pun_htmlspecialchars($orig_message) : (isset($quote) ? $quote : ''); ?></textarea><br /></label>
<ul class="bblinks">
<li><span><a href="help.php#bbcode" onclick="window.open(this.href); return false;"><?php echo $lang_common['BBCode'] ?></a> <?php echo ($pun_config['p_message_bbcode'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></span></li>
<li><span><a href="help.php#url" onclick="window.open(this.href); return false;"><?php echo $lang_common['url tag'] ?></a> <?php echo ($pun_config['p_message_bbcode'] == '1' && $pun_user['g_post_links'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></span></li>
@ -713,20 +715,20 @@ if ($fid): ?>
$checkboxes = array();
if ($fid && $is_admmod)
$checkboxes[] = '<label><input type="checkbox" name="stick_topic" value="1" tabindex="'.($cur_index++).'"'.(isset($_POST['stick_topic']) ? ' checked="checked"' : '').' />'.$lang_common['Stick topic'].'<br /></label>';
$checkboxes[] = '<label><input type="checkbox" name="stick_topic" value="1" tabindex="'.($cur_index++).'"'.($request->isPost('stick_topic') ? ' checked="checked"' : '').' />'.$lang_common['Stick topic'].'<br /></label>';
if (!$pun_user['is_guest'])
{
if ($pun_config['o_smilies'] == '1')
$checkboxes[] = '<label><input type="checkbox" name="hide_smilies" value="1" tabindex="'.($cur_index++).'"'.(isset($_POST['hide_smilies']) ? ' checked="checked"' : '').' />'.$lang_post['Hide smilies'].'<br /></label>';
$checkboxes[] = '<label><input type="checkbox" name="hide_smilies" value="1" tabindex="'.($cur_index++).'"'.($request->isPost('hide_smilies') ? ' checked="checked"' : '').' />'.$lang_post['Hide smilies'].'<br /></label>';
if ($pun_config['o_topic_subscriptions'] == '1')
{
$subscr_checked = false;
// If it's a preview
if (isset($_POST['preview']))
$subscr_checked = isset($_POST['subscribe']) ? true : false;
if ($request->isPost('preview'))
$subscr_checked = $request->isPost('subscribe') ? true : false;
// If auto subscribed
else if ($pun_user['auto_notify'])
$subscr_checked = true;
@ -738,12 +740,12 @@ if (!$pun_user['is_guest'])
}
if ($is_admmod && !$fid) // Merge mod - Visman
$checkboxes[] = '<label><input type="checkbox" name="merge" value="1" tabindex="'.($cur_index++).'"'.((isset($_POST['merge']) || (!isset($_POST['merge']) && !isset($_POST['form_sent']))) ? ' checked="checked"' : '').' />'.$lang_post['Merge posts'].'<br /></label>';
$checkboxes[] = '<label><input type="checkbox" name="merge" value="1" tabindex="'.($cur_index++).'"'.(($request->isPost('merge') || (! $request->isPost('merge') && ! $request->isPost('form_sent'))) ? ' checked="checked"' : '').' />'.$lang_post['Merge posts'].'<br /></label>';
if ($is_admmod && $fid) // StickFP - Visman
$checkboxes[] = '<label><input type="checkbox" name="stickfp" value="1" tabindex="'.($cur_index++).'"'.((isset($_POST['stickfp'])) ? ' checked="checked"' : '').' />'.$lang_post['Stick first post'].'<br /></label>';
$checkboxes[] = '<label><input type="checkbox" name="stickfp" value="1" tabindex="'.($cur_index++).'"'.($request->isPost('stickfp') ? ' checked="checked"' : '').' />'.$lang_post['Stick first post'].'<br /></label>';
}
else if ($pun_config['o_smilies'] == '1')
$checkboxes[] = '<label><input type="checkbox" name="hide_smilies" value="1" tabindex="'.($cur_index++).'"'.(isset($_POST['hide_smilies']) ? ' checked="checked"' : '').' />'.$lang_post['Hide smilies'].'<br /></label>';
$checkboxes[] = '<label><input type="checkbox" name="hide_smilies" value="1" tabindex="'.($cur_index++).'"'.($request->isPost('hide_smilies') ? ' checked="checked"' : '').' />'.$lang_post['Hide smilies'].'<br /></label>';
if (!empty($checkboxes))
{

148
profile.php
View file

@ -14,13 +14,15 @@ require PUN_ROOT.'include/utf8/substr_replace.php';
require PUN_ROOT.'include/utf8/ucwords.php'; // utf8_ucwords needs utf8_substr_replace
require PUN_ROOT.'include/utf8/strcasecmp.php';
$action = isset($_GET['action']) ? $_GET['action'] : null;
$section = isset($_GET['section']) ? $_GET['section'] : null;
$id = isset($_GET['id']) ? intval($_GET['id']) : 0;
$request = $container->get('Request');
$action = $request->getStr('action');
$section = $request->getStr('section');
$id = $request->getInt('id', 0);
if ($id < 2)
message($lang_common['Bad request'], false, '404 Not Found');
if ($action != 'change_pass' || !isset($_GET['key']))
if ($action !== 'change_pass' || ! $request->isGet('key'))
{
if ($pun_user['g_read_board'] == '0')
message($lang_common['No view'], false, '403 Forbidden');
@ -38,9 +40,9 @@ require PUN_ROOT.'lang/'.$pun_user['language'].'/profile.php';
// Load the Genders Integration mod language file
require PUN_ROOT.'lang/'.$pun_user['language'].'/genders_integration.php';
if ($action == 'change_pass')
if ($action === 'change_pass')
{
if (isset($_GET['key']))
if ($request->isGet('key'))
{
// If the user is already logged in we shouldn't be here :)
if (!$pun_user['is_guest'])
@ -49,7 +51,7 @@ if ($action == 'change_pass')
exit;
}
$key = $_GET['key'];
$key = $request->getStr('key', '');
$result = $db->query('SELECT * FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch new password', __FILE__, __LINE__, $db->error());
$cur_user = $db->fetch_assoc($result);
@ -82,14 +84,14 @@ if ($action == 'change_pass')
}
}
if (isset($_POST['form_sent']))
if ($request->isPost('form_sent'))
{
// Make sure they got here from the site
confirm_referrer('profile.php');
$old_password = isset($_POST['req_old_password']) ? pun_trim($_POST['req_old_password']) : '';
$new_password1 = pun_trim($_POST['req_new_password1']);
$new_password2 = pun_trim($_POST['req_new_password2']);
$old_password = trim($request->postStr('req_old_password'));
$new_password1 = trim($request->postStr('req_new_password1'));
$new_password2 = trim($request->postStr('req_new_password2'));
if ($new_password1 != $new_password2)
message($lang_prof_reg['Pass not match']);
@ -159,7 +161,7 @@ if ($action == 'change_pass')
}
else if ($action == 'change_email')
else if ($action === 'change_email')
{
// Make sure we are allowed to change this user's email
if ($pun_user['id'] != $id)
@ -179,9 +181,9 @@ else if ($action == 'change_email')
}
}
if (isset($_GET['key']))
if ($request->isGet('key'))
{
$key = $_GET['key'];
$key = $request->getStr('key', '');
$result = $db->query('SELECT activate_string, activate_key FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch activation data', __FILE__, __LINE__, $db->error());
list($new_email, $new_email_key) = $db->fetch_row($result);
@ -195,9 +197,9 @@ else if ($action == 'change_email')
message($lang_profile['Email updated'], true);
}
}
else if (isset($_POST['form_sent']))
else if ($request->isPost('form_sent'))
{
if (pun_hash($_POST['req_password']) !== $pun_user['password'])
if (pun_hash($request->postStr('req_password','')) !== $pun_user['password'])
message($lang_profile['Wrong pass']);
// Make sure they got here from the site
@ -206,7 +208,7 @@ else if ($action == 'change_email')
require PUN_ROOT.'include/email.php';
// Validate the email address
$new_email = strtolower(pun_trim($_POST['req_new_email']));
$new_email = strtolower(pun_trim($request->postStr('req_new_email')));
if (!is_valid_email($new_email))
message($lang_common['Invalid email']);
@ -318,7 +320,7 @@ else if ($action == 'change_email')
}
else if ($action == 'upload_avatar' || $action == 'upload_avatar2')
else if ($action === 'upload_avatar' || $action === 'upload_avatar2')
{
if ($pun_config['o_avatars'] == '0')
message($lang_profile['Avatars disabled']);
@ -328,7 +330,7 @@ else if ($action == 'upload_avatar' || $action == 'upload_avatar2')
require PUN_ROOT.'include/upload.php'; // Visman - auto resize avatar
if (isset($_POST['form_sent']))
if ($request->isPost('form_sent'))
{
if (!isset($_FILES['req_file']))
message($lang_profile['No file']);
@ -465,7 +467,7 @@ else if ($action == 'upload_avatar' || $action == 'upload_avatar2')
}
else if ($action == 'delete_avatar')
else if ($action === 'delete_avatar')
{
if ($pun_user['id'] != $id && !$pun_user['is_admmod'])
message($lang_common['No permission'], false, '403 Forbidden');
@ -478,14 +480,14 @@ else if ($action == 'delete_avatar')
}
else if (isset($_POST['update_group_membership']))
else if ($request->isPost('update_group_membership'))
{
if ($pun_user['g_id'] > PUN_ADMIN)
message($lang_common['No permission'], false, '403 Forbidden');
confirm_referrer('profile.php');
$new_group_id = intval($_POST['group_id']);
$new_group_id = $request->postInt('group_id', 0);
$result = $db->query('SELECT group_id FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch user group', __FILE__, __LINE__, $db->error());
$old_group_id = $db->result($result);
@ -528,7 +530,7 @@ else if (isset($_POST['update_group_membership']))
}
else if (isset($_POST['update_forums']))
else if ($request->isPost('update_forums'))
{
if ($pun_user['g_id'] > PUN_ADMIN)
message($lang_common['No permission'], false, '403 Forbidden');
@ -539,7 +541,7 @@ else if (isset($_POST['update_forums']))
$result = $db->query('SELECT username FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
$username = $db->result($result);
$moderator_in = (isset($_POST['moderator_in'])) ? array_keys($_POST['moderator_in']) : array();
$moderator_in = array_keys($request->post('moderator_in', array());
// Loop through all forums
$result = $db->query('SELECT id, moderators FROM '.$db->prefix.'forums') or error('Unable to fetch forum list', __FILE__, __LINE__, $db->error());
@ -569,7 +571,7 @@ else if (isset($_POST['update_forums']))
}
else if (isset($_POST['ban']))
else if ($request->isPost('ban'))
{
if ($pun_user['g_id'] != PUN_ADMIN && ($pun_user['g_moderator'] != '1' || $pun_user['g_mod_ban_users'] == '0'))
message($lang_common['No permission'], false, '403 Forbidden');
@ -590,14 +592,14 @@ else if (isset($_POST['ban']))
}
else if ($action == 'promote')
else if ($action === 'promote')
{
if ($pun_user['g_id'] != PUN_ADMIN && ($pun_user['g_moderator'] != '1' || $pun_user['g_mod_promote_users'] == '0'))
message($lang_common['No permission'], false, '403 Forbidden');
confirm_referrer('viewtopic.php');
$pid = isset($_GET['pid']) ? intval($_GET['pid']) : 0;
$pid = $request->getInt('pid', 0);
$sql = 'SELECT g.g_promote_next_group FROM '.$db->prefix.'groups AS g INNER JOIN '.$db->prefix.'users AS u ON u.group_id=g.g_id WHERE u.id='.$id.' AND g.g_promote_next_group>0';
$result = $db->query($sql) or error('Unable to fetch promotion information', __FILE__, __LINE__, $db->error());
@ -612,7 +614,7 @@ else if ($action == 'promote')
}
else if (isset($_POST['delete_user']) || isset($_POST['delete_user_comply']))
else if ($request->isPost('delete_user') || $request->isPost('delete_user_comply'))
{
if ($pun_user['g_id'] > PUN_ADMIN)
message($lang_common['No permission'], false, '403 Forbidden');
@ -626,7 +628,7 @@ else if (isset($_POST['delete_user']) || isset($_POST['delete_user_comply']))
if ($group_id == PUN_ADMIN)
message($lang_profile['No delete admin message']);
if (isset($_POST['delete_user_comply']))
if ($request->isPost('delete_user_comply'))
{
// If the user is a moderator or an administrator, we remove him/her from the moderator list in all forums as well
$result = $db->query('SELECT g_moderator FROM '.$db->prefix.'groups WHERE g_id='.$group_id) or error('Unable to fetch group', __FILE__, __LINE__, $db->error());
@ -658,7 +660,7 @@ else if (isset($_POST['delete_user']) || isset($_POST['delete_user_comply']))
$db->query('DELETE FROM '.$db->prefix.'online WHERE user_id='.$id) or error('Unable to remove user from online list', __FILE__, __LINE__, $db->error());
// Should we delete all posts made by this user?
if (isset($_POST['delete_posts']))
if ($request->isPost('delete_posts'))
{
require PUN_ROOT.'include/search_idx.php';
@set_time_limit(0);
@ -741,7 +743,7 @@ else if (isset($_POST['delete_user']) || isset($_POST['delete_user_comply']))
}
else if (isset($_POST['form_sent']))
else if ($request->isPost('form_sent'))
{
// Fetch the user group of the user we are editing
$result = $db->query('SELECT u.username, u.group_id, g.g_moderator FROM '.$db->prefix.'users AS u LEFT JOIN '.$db->prefix.'groups AS g ON (g.g_id=u.group_id) WHERE u.id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
@ -763,23 +765,25 @@ else if (isset($_POST['form_sent']))
$username_updated = false;
$data = $request->post('form', array());
// Validate input depending on section
switch ($section)
{
case 'essentials':
{
$form = array(
'timezone' => floatval($_POST['form']['timezone']),
'dst' => isset($_POST['form']['dst']) ? '1' : '0',
'time_format' => intval($_POST['form']['time_format']),
'date_format' => intval($_POST['form']['date_format']),
'timezone' => floatval($data['timezone']),
'dst' => isset($data['dst']) ? '1' : '0',
'time_format' => intval($data['time_format']),
'date_format' => intval($data['date_format']),
);
// Make sure we got a valid language string
if (isset($_POST['form']['language']))
if (isset($data['language']))
{
$languages = forum_list_langs();
$form['language'] = pun_trim($_POST['form']['language']);
$form['language'] = pun_trim($data['language']);
if (!in_array($form['language'], $languages))
message($lang_common['Bad request'], false, '404 Not Found');
}
@ -788,12 +792,12 @@ else if (isset($_POST['form_sent']))
if ($pun_user['is_admmod'])
{
$form['admin_note'] = pun_trim($_POST['admin_note']);
$form['admin_note'] = trim($request->postStr('admin_note'));
// Are we allowed to change usernames?
if ($pun_user['g_id'] == PUN_ADMIN || ($pun_user['g_moderator'] == '1' && $pun_user['g_mod_rename_users'] == '1'))
{
$form['username'] = pun_trim($_POST['req_username']);
$form['username'] = trim($request->postStr('req_username'));
if ($form['username'] != $old_username)
{
@ -811,7 +815,7 @@ else if (isset($_POST['form_sent']))
// We only allow administrators to update the post count
if ($pun_user['g_id'] == PUN_ADMIN)
$form['num_posts'] = intval($_POST['num_posts']);
$form['num_posts'] = $request->postInt('num_posts', 0); //????
}
if ($pun_config['o_regs_verify'] == '0' || $pun_user['is_admmod'])
@ -819,7 +823,7 @@ else if (isset($_POST['form_sent']))
require PUN_ROOT.'include/email.php';
// Validate the email address
$form['email'] = strtolower(pun_trim($_POST['req_email']));
$form['email'] = strtolower(pun_trim($request->postStr('req_email')));
if (!is_valid_email($form['email']))
message($lang_common['Invalid email']);
}
@ -830,10 +834,10 @@ else if (isset($_POST['form_sent']))
case 'personal':
{
$form = array(
'realname' => isset($_POST['form']['realname']) ? pun_trim($_POST['form']['realname']) : '',
'gender' => isset($_POST['form']['gender']) ? pun_trim($_POST['form']['gender']) : '', // мод пола - Visman
'url' => isset($_POST['form']['url']) ? pun_trim($_POST['form']['url']) : '',
'location' => isset($_POST['form']['location']) ? pun_trim($_POST['form']['location']) : '',
'realname' => isset($data['realname']) ? pun_trim($data['realname']) : '',
'gender' => isset($data['gender']) ? pun_trim($data['gender']) : '', // мод пола - Visman
'url' => isset($data['url']) ? pun_trim($data['url']) : '',
'location' => isset($data['location']) ? pun_trim($data['location']) : '',
);
// Add http:// if the URL doesn't contain it already (while allowing https://, too)
@ -858,10 +862,10 @@ else if (isset($_POST['form_sent']))
}
if ($pun_user['g_id'] == PUN_ADMIN)
$form['title'] = pun_trim($_POST['title']);
$form['title'] = trim($request->postStr('title'));
else if ($pun_user['g_set_title'] == '1')
{
$form['title'] = pun_trim($_POST['title']);
$form['title'] = trim($request->postStr('title'));
if ($form['title'] != '')
{
@ -880,11 +884,11 @@ else if (isset($_POST['form_sent']))
case 'messaging':
{
$form = array(
'jabber' => pun_trim($_POST['form']['jabber']),
'icq' => pun_trim($_POST['form']['icq']),
'msn' => pun_trim($_POST['form']['msn']),
'aim' => pun_trim($_POST['form']['aim']),
'yahoo' => pun_trim($_POST['form']['yahoo']),
'jabber' => pun_trim($data['jabber']),
'icq' => pun_trim($data['icq']),
'msn' => pun_trim($data['msn']),
'aim' => pun_trim($data['aim']),
'yahoo' => pun_trim($data['yahoo']),
);
// If the ICQ UIN contains anything other than digits it's invalid
@ -901,7 +905,7 @@ else if (isset($_POST['form_sent']))
// Clean up signature from POST
if ($pun_config['o_signatures'] == '1')
{
$form['signature'] = pun_linebreaks(pun_trim($_POST['signature']));
$form['signature'] = pun_linebreaks(pun_trim($request->postStr('signature')));
// Validate signature
if (pun_strlen($form['signature']) > $pun_config['p_sig_length'])
@ -931,8 +935,8 @@ else if (isset($_POST['form_sent']))
case 'display':
{
$form = array(
'disp_topics' => pun_trim($_POST['form']['disp_topics']),
'disp_posts' => pun_trim($_POST['form']['disp_posts']),
'disp_topics' => pun_trim($data['disp_topics']),
'disp_posts' => pun_trim($data['disp_posts']),
);
if ($form['disp_topics'] != '')
@ -954,25 +958,25 @@ else if (isset($_POST['form_sent']))
}
if ($pun_config['o_smilies'] == '1' || $pun_config['o_smilies_sig'] == '1')
$form['show_smilies'] = isset($_POST['form']['show_smilies']) ? '1' : '0';
$form['show_smilies'] = isset($data['show_smilies']) ? '1' : '0';
if ($pun_config['p_message_bbcode'] == '1' && $pun_config['p_message_img_tag'] == '1')
$form['show_img'] = isset($_POST['form']['show_img']) ? '1' : '0';
$form['show_img'] = isset($data['show_img']) ? '1' : '0';
if ($pun_config['o_signatures'] == '1' && $pun_config['p_sig_bbcode'] == '1' && $pun_config['p_sig_img_tag'] == '1')
$form['show_img_sig'] = isset($_POST['form']['show_img_sig']) ? '1' : '0';
$form['show_img_sig'] = isset($data['show_img_sig']) ? '1' : '0';
if ($pun_config['o_avatars'] == '1')
$form['show_avatars'] = isset($_POST['form']['show_avatars']) ? '1' : '0';
$form['show_avatars'] = isset($data['show_avatars']) ? '1' : '0';
if ($pun_config['o_signatures'] == '1')
$form['show_sig'] = isset($_POST['form']['show_sig']) ? '1' : '0';
$form['show_sig'] = isset($data['show_sig']) ? '1' : '0';
// Make sure we got a valid style string
if (isset($_POST['form']['style']))
if (isset($data['style']))
{
$styles = forum_list_styles();
$form['style'] = pun_trim($_POST['form']['style']);
$form['style'] = pun_trim($data['style']);
if (!in_array($form['style'], $styles))
message($lang_common['Bad request'], false, '404 Not Found');
}
@ -983,9 +987,9 @@ else if (isset($_POST['form_sent']))
case 'privacy':
{
$form = array(
'email_setting' => intval($_POST['form']['email_setting']),
'notify_with_post' => isset($_POST['form']['notify_with_post']) ? '1' : '0',
'auto_notify' => isset($_POST['form']['auto_notify']) ? '1' : '0',
'email_setting' => intval($data['email_setting']),
'notify_with_post' => isset($data['notify_with_post']) ? '1' : '0',
'auto_notify' => isset($data['auto_notify']) ? '1' : '0',
);
if ($form['email_setting'] < 0 || $form['email_setting'] > 2)
@ -1307,7 +1311,7 @@ if ($pun_user['id'] != $id && // If we aren't the user (i.e. edi
}
else
{
if (!$section || $section == 'essentials')
if (!$section || $section === 'essentials')
{
if ($pun_user['is_admmod'])
{
@ -1523,7 +1527,7 @@ else
<?php
}
else if ($section == 'personal')
else if ($section === 'personal')
{
if ($pun_user['g_set_title'] == '1')
$title_field = '<label>'.$lang_common['Title'].' <em>('.$lang_profile['Leave blank'].')</em><br /><input type="text" name="title" value="'.pun_htmlspecialchars($user['title']).'" size="30" maxlength="50" /><br /></label>'."\n";
@ -1565,7 +1569,7 @@ else
<?php
}
else if ($section == 'messaging')
else if ($section === 'messaging')
{
$page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_common['Profile'], $lang_profile['Section messaging']);
@ -1600,7 +1604,7 @@ else
<?php
}
else if ($section == 'personality')
else if ($section === 'personality')
{
if ($pun_config['o_avatars'] == '0' && $pun_config['o_signatures'] == '0')
message($lang_common['Bad request'], false, '404 Not Found');
@ -1667,7 +1671,7 @@ else
<?php
}
else if ($section == 'display')
else if ($section === 'display')
{
$page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_common['Profile'], $lang_profile['Section display']);
define('PUN_ACTIVE_PAGE', 'profile');
@ -1754,7 +1758,7 @@ else
<?php
}
else if ($section == 'privacy')
else if ($section === 'privacy')
{
$page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_common['Profile'], $lang_profile['Section privacy']);
define('PUN_ACTIVE_PAGE', 'profile');
@ -1801,7 +1805,7 @@ else
<?php
}
else if ($section == 'admin')
else if ($section === 'admin')
{
if (!$pun_user['is_admmod'] || ($pun_user['g_moderator'] == '1' && $pun_user['g_mod_ban_users'] == '0'))
message($lang_common['Bad request'], false, '403 Forbidden');

43
register.php
View file

@ -26,13 +26,14 @@ require PUN_ROOT.'lang/'.$pun_user['language'].'/prof_reg.php';
if ($pun_config['o_regs_allow'] == '0')
message($lang_register['No new regs']);
$request = $container->get('Request');
// User pressed the cancel button
if (isset($_GET['cancel']))
if ($request->isGet('cancel'))
redirect('index.php', $lang_register['Reg cancel redirect']);
else if ($pun_config['o_rules'] == '1' && !isset($_GET['agree']) && !isset($_POST['form_sent']))
else if ($pun_config['o_rules'] == '1' && ! $request->isGet('agree') && ! $request->isPost('form_sent'))
{
$page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_register['Register'], $lang_register['Forum rules']);
define('PUN_ACTIVE_PAGE', 'register');
@ -63,7 +64,7 @@ else if ($pun_config['o_rules'] == '1' && !isset($_GET['agree']) && !isset($_POS
// Start with a clean slate
$errors = array();
if (isset($_POST['form_sent']))
if ($request->isPost('form_sent'))
{
flux_hook('register_before_validation');
@ -74,20 +75,20 @@ if (isset($_POST['form_sent']))
message($lang_register['Registration flood']);
$username = pun_trim($_POST['req_user']);
$email1 = strtolower(pun_trim($_POST['req_email1']));
$username = trim($request->posStr('req_user'));
$email1 = strtolower(trim($request->postStr('req_email1')));
if ($pun_config['o_regs_verify'] == '1')
{
$email2 = strtolower(pun_trim($_POST['req_email2']));
$email2 = strtolower(trim($request->posStr('req_email2')));
$password1 = random_pass(12);
$password2 = $password1;
}
else
{
$password1 = pun_trim($_POST['req_password1']);
$password2 = pun_trim($_POST['req_password2']);
$password1 = trim($request->postStr('req_password1'));
$password2 = trim($request->postStr('req_password2'));
}
// Validate username and passwords
@ -131,22 +132,22 @@ if (isset($_POST['form_sent']))
}
// Make sure we got a valid language string
if (isset($_POST['language']))
if ($request->isPost('language'))
{
$language = preg_replace('%[\.\\\/]%', '', $_POST['language']);
$language = preg_replace('%[\.\\\/]%', '', $request->postStr('language', ''));
if (!file_exists(PUN_ROOT.'lang/'.$language.'/common.php'))
message($lang_common['Bad request'], false, '404 Not Found');
}
else
$language = $pun_config['o_default_lang'];
$timezone = round($_POST['timezone'], 1);
$timezone = round($request->postStr('timezone', 0), 1);
// мод запоминания пароля - Visman
$save_pass = isset($_POST['save_pass']) ? $_POST['save_pass'] : '0';
$save_pass = $request->isPost('save_pass') ? 1 : 0; //????
$dst = isset($_POST['dst']) ? '1' : '0';
$dst = $request->isPost('dst') ? '1' : '0'; //????
$email_setting = intval($_POST['email_setting']);
$email_setting = $request->postInt('email_setting');
if ($email_setting < 0 || $email_setting > 2)
$email_setting = $pun_config['o_default_email_setting'];
@ -259,7 +260,7 @@ if (isset($_POST['form_sent']))
message($lang_register['Reg email'].' <a href="mailto:'.pun_htmlspecialchars($pun_config['o_admin_email']).'">'.pun_htmlspecialchars($pun_config['o_admin_email']).'</a>.', true);
}
pun_setcookie($new_uid, $password_hash, ($save_pass == '1') ? time() + 1209600 : time() + $pun_config['o_timeout_visit']); // мод запоминания пароля - Visman
pun_setcookie($new_uid, $password_hash, $save_pass === 1 ? time() + 1209600 : time() + $pun_config['o_timeout_visit']); // мод запоминания пароля - Visman
// удаляем из онлайн таблицы запись для этого пользователя для правильного подсчета макс. кол-во пользователей - Visman
$db->query('DELETE FROM '.$db->prefix.'online WHERE ident=\''.$db->escape(get_remote_address()).'\'') or error('Unable to delete from online list', __FILE__, __LINE__, $db->error());
@ -321,7 +322,7 @@ if (!empty($errors))
<legend><?php echo $lang_register['Username legend'] ?></legend>
<div class="infldset">
<input type="hidden" name="form_sent" value="1" />
<label class="required"><strong><?php echo $lang_common['Username'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br /><input type="text" name="req_user" value="<?php if (isset($_POST['req_user'])) echo pun_htmlspecialchars($_POST['req_user']); ?>" size="25" maxlength="25" /><br /></label>
<label class="required"><strong><?php echo $lang_common['Username'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br /><input type="text" name="req_user" value="<?php if ($request->isPost('req_user')) echo pun_htmlspecialchars($request->postStr('req_user', '')); ?>" size="25" maxlength="25" /><br /></label>
</div>
</fieldset>
</div>
@ -329,8 +330,8 @@ if (!empty($errors))
<fieldset>
<legend><?php echo $lang_register['Pass legend'] ?></legend>
<div class="infldset">
<label class="conl required"><strong><?php echo $lang_common['Password'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br /><input type="password" name="req_password1" value="<?php if (isset($_POST['req_password1'])) echo pun_htmlspecialchars($_POST['req_password1']); ?>" size="16" /><br /></label>
<label class="conl required"><strong><?php echo $lang_prof_reg['Confirm pass'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br /><input type="password" name="req_password2" value="<?php if (isset($_POST['req_password2'])) echo pun_htmlspecialchars($_POST['req_password2']); ?>" size="16" /><br /></label>
<label class="conl required"><strong><?php echo $lang_common['Password'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br /><input type="password" name="req_password1" value="<?php if ($request->isPost('req_password1')) echo pun_htmlspecialchars($request->postStr('req_password1', '')); ?>" size="16" /><br /></label>
<label class="conl required"><strong><?php echo $lang_prof_reg['Confirm pass'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br /><input type="password" name="req_password2" value="<?php if ($request->isPost('req_password2')) echo pun_htmlspecialchars($request->postStr('req_password2', '')); ?>" size="16" /><br /></label>
<p class="clearb"><?php echo $lang_register['Pass info'] ?></p>
</div>
</fieldset>
@ -341,9 +342,9 @@ if (!empty($errors))
<div class="infldset">
<?php if ($pun_config['o_regs_verify'] == '1'): ?> <p><?php echo $lang_register['Email info'] ?></p>
<?php endif; ?> <label class="required"><strong><?php echo $lang_common['Email'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br />
<input type="text" name="req_email1" value="<?php if (isset($_POST['req_email1'])) echo pun_htmlspecialchars($_POST['req_email1']); ?>" size="50" maxlength="80" /><br /></label>
<input type="text" name="req_email1" value="<?php if ($request->isPost('req_email1')) echo pun_htmlspecialchars($request->postStr('req_email1', '')); ?>" size="50" maxlength="80" /><br /></label>
<?php if ($pun_config['o_regs_verify'] == '1'): ?> <label class="required"><strong><?php echo $lang_register['Confirm email'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br />
<input type="text" name="req_email2" value="<?php if (isset($_POST['req_email2'])) echo pun_htmlspecialchars($_POST['req_email2']); ?>" size="50" maxlength="80" /><br /></label>
<input type="text" name="req_email2" value="<?php if ($request->isPost('req_email2')) echo pun_htmlspecialchars($request->postStr('req_email2', '')); ?>" size="50" maxlength="80" /><br /></label>
<?php endif; ?> </div>
</fieldset>
</div>
@ -442,7 +443,7 @@ if (!empty($errors))
</div>
<?php if ($pun_config['o_regs_verify'] == '0'): ?> <p><?php echo $lang_prof_reg['Save user/pass info'] ?></p>
<div class="rbox">
<label><input type="checkbox" name="save_pass" value="1"<?php if (isset($save_pass) && $save_pass == '1') echo ' checked="checked"' ?> /><?php echo $lang_prof_reg['Save user/pass'] ?><br /></label>
<label><input type="checkbox" name="save_pass" value="1"<?php if ($save_pass === 1) echo ' checked="checked"' ?> /><?php echo $lang_prof_reg['Save user/pass'] ?><br /></label>
</div>
<?php endif; ?> </div>
</fieldset>

76
search.php
View file

@ -16,48 +16,50 @@ require PUN_ROOT.'include/common.php';
require PUN_ROOT.'lang/'.$pun_user['language'].'/search.php';
require PUN_ROOT.'lang/'.$pun_user['language'].'/forum.php';
$request = $container->get('Request');
$action = $request->isGet('action');
if ($pun_user['g_read_board'] == '0')
message($lang_common['No view'], false, '403 Forbidden');
else if ($pun_user['g_search'] == '0')
message($lang_search['No search permission'], false, '403 Forbidden');
else if ($pun_user['is_bot'] && (isset($_GET['search_id']) || !isset($_GET['action']) || $_GET['action'] == 'search')) // Visman - запрет поиска ботам
else if ($pun_user['is_bot'] && ($request->isGet('search_id') || empty($action) || $action === 'search')) // Visman - запрет поиска ботам
message($lang_search['No search permission'], false, '403 Forbidden');
require PUN_ROOT.'include/search_idx.php';
// Figure out what to do :-)
if (isset($_GET['action']) || isset($_GET['search_id']))
if (! empty($action) || $request->isGet('search_id'))
{
// search HL - Visman
$array_shl = array();
$url_shl = '';
// search HL - Visman
$action = (isset($_GET['action'])) ? $_GET['action'] : null;
$forums = isset($_GET['forums']) ? (is_array($_GET['forums']) ? $_GET['forums'] : array_filter(explode(',', $_GET['forums']))) : ((isset($_GET['forum']) && isset($sf_array_asc[$_GET['forum']])) ? $sf_array_asc[$_GET['forum']] : array()); // MOD subforums - Visman
$sort_dir = (isset($_GET['sort_dir']) && $_GET['sort_dir'] == 'DESC') ? 'DESC' : 'ASC';
//????
$forums = $request->isGet('forums') ? (is_array($request->get('forums')) ? $request->get('forums') : array_filter(explode(',', $request->get('forums')))) : (isset($sf_array_asc[$request->getInt('forum', -1)]) ? $sf_array_asc[$request->getInt('forum')] : array()); // MOD subforums - Visman
$sort_dir = $request->getStr('sort_dir') === 'DESC' ? 'DESC' : 'ASC';
$forums = array_map('intval', $forums);
// Allow the old action names for backwards compatibility reasons
if ($action == 'show_user')
if ($action === 'show_user')
$action = 'show_user_posts';
else if ($action == 'show_24h')
else if ($action === 'show_24h')
$action = 'show_recent';
// If a search_id was supplied
if (isset($_GET['search_id']))
if ($request->isGet('search_id'))
{
$search_id = intval($_GET['search_id']);
$search_id = $request->getInt('search_id', 0);
if ($search_id < 1)
message($lang_common['Bad request'], false, '404 Not Found');
}
// If it's a regular search (keywords and/or author)
else if ($action == 'search')
else if ($action === 'search')
{
$keywords = (isset($_GET['keywords'])) ? utf8_strtolower(pun_trim($_GET['keywords'])) : null;
$author = (isset($_GET['author'])) ? utf8_strtolower(pun_trim($_GET['author'])) : null;
$keywords = utf8_strtolower(trim($request->getStr('keywords')));
$author = utf8_strtolower(trim($request->getStr('author')));
if (preg_match('%^[\*\%]+$%', $keywords) || (pun_strlen(str_replace(array('*', '%'), '', $keywords)) < PUN_SEARCH_MIN_WORD && !is_cjk($keywords)))
$keywords = '';
@ -71,39 +73,39 @@ if (isset($_GET['action']) || isset($_GET['search_id']))
if ($author)
$author = str_replace('*', '%', $author);
$show_as = (isset($_GET['show_as']) && $_GET['show_as'] == 'topics') ? 'topics' : 'posts';
$sort_by = (isset($_GET['sort_by'])) ? intval($_GET['sort_by']) : 0;
$search_in = (!isset($_GET['search_in']) || $_GET['search_in'] == '0') ? 0 : (($_GET['search_in'] == '1') ? 1 : -1);
$show_as = $request->getStr('show_as') === 'topics' ? 'topics' : 'posts';
$sort_by = $request->getInt('sort_by', 0);
$search_in = min(max($request->getInt('search_in', 0), 1), -1);
}
// If it's a user search (by ID)
else if ($action == 'show_user_posts' || $action == 'show_user_topics' || $action == 'show_subscriptions')
else if ($action === 'show_user_posts' || $action === 'show_user_topics' || $action === 'show_subscriptions')
{
$user_id = (isset($_GET['user_id'])) ? intval($_GET['user_id']) : $pun_user['id'];
$user_id = $request->getInt('user_id', $pun_user['id']);
if ($user_id < 2)
message($lang_common['Bad request'], false, '404 Not Found');
// Subscribed topics can only be viewed by admins, moderators and the users themselves
if ($action == 'show_subscriptions' && !$pun_user['is_admmod'] && $user_id != $pun_user['id'])
if ($action === 'show_subscriptions' && !$pun_user['is_admmod'] && $user_id != $pun_user['id'])
message($lang_common['No permission'], false, '403 Forbidden');
}
// MOD warnings - Visman
else if ($action == 'show_user_warn')
else if ($action === 'show_user_warn')
{
if ($pun_user['is_guest'])
message($lang_common['No permission'], false, '403 Forbidden');
$user_id = (isset($_GET['user_id'])) ? intval($_GET['user_id']) : $pun_user['id'];
$user_id = $request->getInt('user_id', $pun_user['id']);
if ($user_id < 2)
message($lang_common['Bad request'], false, '404 Not Found');
}
else if ($action == 'show_recent')
$interval = isset($_GET['value']) ? intval($_GET['value']) : 86400;
else if ($action == 'show_replies')
else if ($action === 'show_recent')
$interval = $request->getInt('value', 86400);
else if ($action === 'show_replies')
{
if ($pun_user['is_guest'])
message($lang_common['Bad request'], false, '404 Not Found');
}
else if ($action != 'show_new' && $action != 'show_unanswered')
else if ($action !== 'show_new' && $action !== 'show_unanswered')
message($lang_common['Bad request'], false, '404 Not Found');
@ -308,7 +310,7 @@ if (isset($_GET['action']) || isset($_GET['search_id']))
if ($author && $keywords)
{
$search_ids = array_intersect_assoc($keyword_results, $author_results);
$search_type = array('both', array($keywords, pun_trim($_GET['author'])), implode(',', $forums), $search_in);
$search_type = array('both', array($keywords, trim($request->getStr('author'))), implode(',', $forums), $search_in);
}
else if ($keywords)
{
@ -318,7 +320,7 @@ if (isset($_GET['action']) || isset($_GET['search_id']))
else
{
$search_ids = $author_results;
$search_type = array('author', pun_trim($_GET['author']), implode(',', $forums), $search_in);
$search_type = array('author', trim($request->getStr('author')), implode(',', $forums), $search_in);
}
unset($keyword_results, $author_results);
@ -334,7 +336,7 @@ if (isset($_GET['action']) || isset($_GET['search_id']))
if (!$num_hits)
message($lang_search['No hits']);
}
else if ($action == 'show_new' || $action == 'show_recent' || $action == 'show_replies' || $action == 'show_user_posts' || $action == 'show_user_topics' || $action == 'show_subscriptions' || $action == 'show_unanswered')
else if ($action === 'show_new' || $action === 'show_recent' || $action === 'show_replies' || $action === 'show_user_posts' || $action === 'show_user_topics' || $action === 'show_subscriptions' || $action === 'show_unanswered')
{
$search_type = array('action', $action);
$show_as = 'topics';
@ -343,28 +345,28 @@ if (isset($_GET['action']) || isset($_GET['search_id']))
$sort_dir = 'DESC';
// If it's a search for new posts since last visit
if ($action == 'show_new')
if ($action === 'show_new')
{
if ($pun_user['is_guest'])
message($lang_common['No permission'], false, '403 Forbidden');
$result = $db->query('SELECT t.id FROM '.$db->prefix.'topics AS t LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=t.forum_id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.last_post>'.$pun_user['last_visit'].' AND t.moved_to IS NULL'.(isset($_GET['fid']) ? (isset($sf_array_asc[$_GET['fid']]) ? ' AND t.forum_id IN ('.implode(',', $sf_array_asc[$_GET['fid']]).')' : ' AND t.forum_id='.intval($_GET['fid'])) : '').' ORDER BY t.last_post DESC') or error('Unable to fetch topic list', __FILE__, __LINE__, $db->error()); // MOD subforums - Visman
$result = $db->query('SELECT t.id FROM '.$db->prefix.'topics AS t LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=t.forum_id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.last_post>'.$pun_user['last_visit'].' AND t.moved_to IS NULL'.($request->isGet('fid') ? (isset($sf_array_asc[$request->getInt('fid', -1)]) ? ' AND t.forum_id IN ('.implode(',', $sf_array_asc[$request->getInt('fid', -1)]).')' : ' AND t.forum_id='.$request->getInt('fid', 0)) : '').' ORDER BY t.last_post DESC') or error('Unable to fetch topic list', __FILE__, __LINE__, $db->error()); // MOD subforums - Visman
$num_hits = $db->num_rows($result);
if (!$num_hits)
message($lang_search['No new posts']);
}
// If it's a search for recent posts (in a certain time interval)
else if ($action == 'show_recent')
else if ($action === 'show_recent')
{
$result = $db->query('SELECT t.id FROM '.$db->prefix.'topics AS t LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=t.forum_id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.last_post>'.(time() - $interval).' AND t.moved_to IS NULL'.(isset($_GET['fid']) ? (isset($sf_array_asc[$_GET['fid']]) ? ' AND t.forum_id IN ('.implode(',', $sf_array_asc[$_GET['fid']]).')' : ' AND t.forum_id='.intval($_GET['fid'])) : '').' ORDER BY t.last_post DESC') or error('Unable to fetch topic list', __FILE__, __LINE__, $db->error()); // MOD subforums - Visman
$result = $db->query('SELECT t.id FROM '.$db->prefix.'topics AS t LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=t.forum_id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.last_post>'.(time() - $interval).' AND t.moved_to IS NULL'.($request->isGet('fid') ? (isset($sf_array_asc[$request->getInt('fid', -1)]) ? ' AND t.forum_id IN ('.implode(',', $sf_array_asc[$request->getInt('fid', -1)]).')' : ' AND t.forum_id='.$request->getInt('fid', 0)) : '').' ORDER BY t.last_post DESC') or error('Unable to fetch topic list', __FILE__, __LINE__, $db->error()); // MOD subforums - Visman
$num_hits = $db->num_rows($result);
if (!$num_hits)
message($lang_search['No recent posts']);
}
// If it's a search for topics in which the user has posted
else if ($action == 'show_replies')
else if ($action === 'show_replies')
{
$result = $db->query('SELECT t.id FROM '.$db->prefix.'topics AS t INNER JOIN '.$db->prefix.'posts AS p ON t.id=p.topic_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=t.forum_id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND p.poster_id='.$pun_user['id'].' GROUP BY t.id'.($container->getParameter('DB_TYPE') == 'pgsql' ? ', t.last_post' : '').' ORDER BY t.last_post DESC') or error('Unable to fetch topic list', __FILE__, __LINE__, $db->error());
$num_hits = $db->num_rows($result);
@ -373,7 +375,7 @@ if (isset($_GET['action']) || isset($_GET['search_id']))
message($lang_search['No user posts']);
}
// If it's a search for posts by a specific user ID
else if ($action == 'show_user_posts')
else if ($action === 'show_user_posts')
{
$show_as = 'posts';
@ -387,7 +389,7 @@ if (isset($_GET['action']) || isset($_GET['search_id']))
$search_type[2] = $user_id;
}
// If it's a search for topics by a specific user ID
else if ($action == 'show_user_topics')
else if ($action === 'show_user_topics')
{
$result = $db->query('SELECT t.id FROM '.$db->prefix.'topics AS t INNER JOIN '.$db->prefix.'posts AS p ON t.first_post_id=p.id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=t.forum_id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND p.poster_id='.$user_id.' ORDER BY t.last_post DESC') or error('Unable to fetch user topics', __FILE__, __LINE__, $db->error());
$num_hits = $db->num_rows($result);
@ -399,7 +401,7 @@ if (isset($_GET['action']) || isset($_GET['search_id']))
$search_type[2] = $user_id;
}
// If it's a search for subscribed topics
else if ($action == 'show_subscriptions')
else if ($action === 'show_subscriptions')
{
if ($pun_user['is_guest'])
message($lang_common['Bad request'], false, '404 Not Found');
@ -430,7 +432,7 @@ if (isset($_GET['action']) || isset($_GET['search_id']))
$db->free_result($result);
}
// MOD warnings - Visman
else if ($action == 'show_user_warn')
else if ($action === 'show_user_warn')
{
$sort_by = 9;
$show_as = 'posts';
@ -529,7 +531,7 @@ if (isset($_GET['action']) || isset($_GET['search_id']))
$per_page = ($show_as == 'posts') ? $pun_user['disp_posts'] : $pun_user['disp_topics'];
$num_pages = ceil($num_hits / $per_page);
$p = (!isset($_GET['p']) || $_GET['p'] <= 1 || $_GET['p'] > $num_pages) ? 1 : intval($_GET['p']);
$p = max(min($request->getInt('p', 1), $num_pages), 1);
$start_from = $per_page * ($p - 1);
// Generate paging links

22
upfiles.php
View file

@ -5,7 +5,7 @@
* License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
*/
if (isset($_GET['delete']))
if (isset($_GET['delete'])) //????
define('PUN_QUIET_VISIT', 1);
define('PUN_ROOT', dirname(__FILE__).'/');
@ -22,7 +22,9 @@ require PUN_ROOT.'include/upload.php';
define('PLUGIN_REF', pun_htmlspecialchars('upfiles.php'));
define('PLUGIN_NF', 25);
if (!isset($_GET['id']))
$request = $container->get('Request');
if (! $request->isGet('id'))
{
$id = $pun_user['id'];
@ -38,7 +40,7 @@ if (!isset($_GET['id']))
}
else
{
$id = intval($_GET['id']);
$id = $request->getInt('id', 0);
if ($id < 2 || ($pun_user['g_id'] != PUN_ADMIN && $id != $pun_user['id']))
message($lang_common['Bad request'], false, '404 Not Found');
@ -67,7 +69,7 @@ $extsup = explode(',', $extsup.','.strtoupper($extsup));
// #############################################################################
// Удаление файлов
if (isset($_GET['delete']))
if ($request->isGet('delete'))
{
confirm_referrer(PLUGIN_REF);
@ -75,7 +77,7 @@ if (isset($_GET['delete']))
if (is_dir(PUN_ROOT.$dir))
{
$file = parse_file(pun_trim($_GET['delete']));
$file = parse_file(trim($request->getStr('delete')));
$ext = strtolower(substr(strrchr($file, '.'), 1)); // берем расширение файла
if ($file[0] != '.' && $ext != '' && !in_array($ext, $extforno) && is_file(PUN_ROOT.$dir.$file))
{
@ -97,7 +99,7 @@ if (isset($_GET['delete']))
else
$error++;
if (isset($_GET['ajx']))
if ($request->isGet('ajx'))
{
$db->end_transaction();
$db->close();
@ -116,7 +118,7 @@ if (isset($_GET['delete']))
$pun_config['o_redirect_delay'] = 5;
$s = $lang_up['Error'].$lang_up['Error delete'];
}
redirect(empty($_GET['p']) || $_GET['p'] < 2 ? PLUGIN_URL : PLUGIN_URLD.'p='.intval($_GET['p']).'#gofile', $s);
redirect($request->getInt('p', 0) < 2 ? PLUGIN_URL : PLUGIN_URLD . 'p=' . $request->getInt('p', 0) . '#gofile', $s);
}
// Загрузка файла
@ -243,7 +245,7 @@ else if (isset($_FILES['upfile']) && $id == $pun_user['id'])
}
// Unknown failure
else if (!empty($_POST))
else if (!empty($_POST)) //????
redirect(PLUGIN_URL, $lang_up['Error'].$lang_up['Unknown failure']);
// #############################################################################
@ -325,7 +327,7 @@ if (is_dir(PUN_ROOT.$dir))
if (!empty($filesvar))
{
$num_pages = ceil(sizeof($filesvar) / PLUGIN_NF);
$p = (!isset($_GET['p']) || $_GET['p'] <= 1) ? 1 : intval($_GET['p']);
$p = max($request->getInt('p', 1), 1);
if ($p > $num_pages)
{
header('Location: '.str_replace('&amp;', '&', PLUGIN_URLD).'p='.$num_pages.'#gofile');
@ -401,7 +403,7 @@ else
</a>
</div>
<div class="upf-size"><span><?php echo pun_htmlspecialchars($size_file) ?></span></div>
<div class="upf-but upf-delete"><a title="<?php echo $lang_up['delete'] ?>" href="<?php echo PLUGIN_URLD.'csrf_hash='.$vcsrf.(empty($_GET['p']) || $_GET['p'] < 2 ? '' : '&amp;p='.intval($_GET['p'])).'&amp;delete='.$f ?>" onclick="return FluxBB.upfile.del(this);"><span></span></a></div>
<div class="upf-but upf-delete"><a title="<?php echo $lang_up['delete'] ?>" href="<?php echo PLUGIN_URLD.'csrf_hash='.$vcsrf.($request->getInt('p', 0) < 2 ? '' : '&amp;p='.$request->getInt('p', 0)).'&amp;delete='.$f ?>" onclick="return FluxBB.upfile.del(this);"><span></span></a></div>
</li>
<?php