Deleted POST, GET ...
This commit is contained in:
Visman
parent
e89537505d
commit
419dd54960
20 changed files with 131 additions and 119 deletions
|
|
@ -149,7 +149,7 @@ if (!defined('WITT_ENABLE')) // Кто в этой теме - Visman
|
|||
update_users_online();
|
||||
|
||||
// Check to see if we logged in without a cookie being set
|
||||
if ($pun_user['is_guest'] && isset($_GET['login']))
|
||||
if ($pun_user['is_guest'] && $container->get('Request')->isGet('login'))
|
||||
message($lang_common['No cookie']);
|
||||
|
||||
// The maximum size of a post, in bytes, since the field is now MEDIUMTEXT this allows ~16MB but lets cap at 1MB...
|
||||
|
|
|
|||
|
|
@ -17,15 +17,7 @@ if (isset($pun_config['o_fbox_files']) && !isset($http_status) && (!$pun_user['i
|
|||
|
||||
$page_head['fancyboxcss'] = '<link rel="stylesheet" type="text/css" href="style/imports/fancybox.css" />';
|
||||
|
||||
if (!isset($page_js))
|
||||
{
|
||||
$page_head['jquery'] = '<script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js"></script>';
|
||||
$page_head['fancybox'] = '<script type="text/javascript" src="js/fancybox.js"></script>';
|
||||
}
|
||||
else // For FluxBB by Visman
|
||||
{
|
||||
$page_js['j'] = 1;
|
||||
$page_js['f']['fancybox'] = 'js/fancybox.js';
|
||||
}
|
||||
$page_js['j'] = 1;
|
||||
$page_js['f']['fancybox'] = 'js/fancybox.js';
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1795,7 +1795,7 @@ H2 {MARGIN: 0; COLOR: #FFFFFF; BACKGROUND-COLOR: #B84623; FONT-SIZE: 1.1em; PADD
|
|||
//
|
||||
// Unset any variables instantiated as a result of register_globals being enabled
|
||||
//
|
||||
function forum_unregister_globals()
|
||||
function forum_unregister_globals() //????
|
||||
{
|
||||
$register_globals = ini_get('register_globals');
|
||||
if ($register_globals === '' || $register_globals === '0' || strtolower($register_globals) === 'off')
|
||||
|
|
@ -1824,7 +1824,7 @@ function forum_unregister_globals()
|
|||
//
|
||||
// Removes any "bad" characters (characters which mess with the display of a page, are invisible, etc) from user input
|
||||
//
|
||||
function forum_remove_bad_characters()
|
||||
function forum_remove_bad_characters() //????
|
||||
{
|
||||
$_GET = remove_bad_characters($_GET);
|
||||
$_POST = remove_bad_characters($_POST);
|
||||
|
|
|
|||
|
|
@ -173,12 +173,9 @@ function pmsn_user_delete($user, $mflag, $topics = array())
|
|||
|
||||
function pmsn_get_var($name, $default = null)
|
||||
{
|
||||
if (isset($_POST[$name]))
|
||||
return $_POST[$name];
|
||||
else if (isset($_GET[$name]))
|
||||
return $_GET[$name];
|
||||
else
|
||||
return $default;
|
||||
global $container;
|
||||
|
||||
return $container->get('Request')->request($name, $default);
|
||||
}
|
||||
|
||||
function pmsn_csrf_token($key)
|
||||
|
|
|
|||
|
|
@ -34,7 +34,9 @@ generate_pmsn_menu($pmsn_modul);
|
|||
$result = $db->query('SELECT COUNT(bl_user_id) FROM '.$db->prefix.'pms_new_block WHERE bl_id='.$pun_user['id']) or error('Unable to fetch pms_new_block', __FILE__, __LINE__, $db->error());
|
||||
$num_pages = ceil($db->result($result) / $pun_user['disp_topics']);
|
||||
|
||||
$p = (!isset($_GET['p']) || $_GET['p'] <= 1 || $_GET['p'] > $num_pages) ? 1 : intval($_GET['p']);
|
||||
$request = $container->get('Request');
|
||||
|
||||
$p = max(min($request->getInt('p', 1), $num_pages), 1);
|
||||
$start_from = $pun_user['disp_topics'] * ($p - 1);
|
||||
|
||||
// Generate paging links
|
||||
|
|
|
|||
|
|
@ -12,41 +12,38 @@ if (!defined('PUN') || !defined('PUN_PMS_NEW'))
|
|||
|
||||
define('PUN_PMS_LOADED', 1);
|
||||
|
||||
$request = $container->get('Request');
|
||||
|
||||
if (defined('PUN_PMS_NEW_CONFIRM'))
|
||||
{
|
||||
if (!isset($_POST['delete']))
|
||||
if (! $request->isPost('delete'))
|
||||
message($lang_common['Bad request'], false, '404 Not Found');
|
||||
|
||||
if (isset($_POST['action2']))
|
||||
if ($request->isPost('action2'))
|
||||
{
|
||||
if (!isset($_POST['user_numb']))
|
||||
$unumbs = $request->postStr('user_numb');
|
||||
if (empty($unumbs) || preg_match('/[^0-9,]/', $unumbs))
|
||||
message($lang_common['Bad request'], false, '404 Not Found');
|
||||
|
||||
if (@preg_match('/[^0-9,]/', $_POST['user_numb']))
|
||||
message($lang_common['Bad request'], false, '404 Not Found');
|
||||
|
||||
$unumbs = explode(',', $_POST['user_numb']);
|
||||
$unumbs = explode(',', $unumbs);
|
||||
}
|
||||
else
|
||||
{
|
||||
if (!isset($_POST['user_numb']))
|
||||
message($lang_common['Bad request'], false, '404 Not Found');
|
||||
|
||||
$unumbs = array_map('intval', array_keys($_POST['user_numb']));
|
||||
$unumbs = array_map('intval', array_keys($request->post('user_numb', array()))); //????
|
||||
}
|
||||
|
||||
if (count($unumbs) < 1)
|
||||
message($lang_common['Bad request'], false, '404 Not Found');
|
||||
|
||||
// действуем
|
||||
if (isset($_POST['action2']))
|
||||
if ($request->isPost('action2'))
|
||||
{
|
||||
$db->query('DELETE FROM '.$db->prefix.'pms_new_block WHERE bl_id='.$pun_user['id'].' AND bl_user_id IN ('.implode(',', $unumbs).')') or error('Unable to remove line in pms_new_block', __FILE__, __LINE__, $db->error());
|
||||
|
||||
$mred = '';
|
||||
if (isset($_POST['p']))
|
||||
if ($request->isPost('p'))
|
||||
{
|
||||
$p = intval($_POST['p']);
|
||||
$p = $request->postInt('p', 0);
|
||||
if ($p > 1)
|
||||
$mred = '&p='.$p;
|
||||
}
|
||||
|
|
@ -83,7 +80,7 @@ generate_pmsn_menu($pmsn_modul);
|
|||
<input type="hidden" name="csrf_hash" value="<?php echo $pmsn_csrf_hash; ?>" />
|
||||
<input type="hidden" name="user_numb" value="<?php echo implode(',', $unumbs) ?>" />
|
||||
<input type="hidden" name="delete" value="1" />
|
||||
<input type="hidden" name="p" value="<?php echo intval($_POST['p']); ?>" />
|
||||
<input type="hidden" name="p" value="<?php echo $request->postInt('p', 1); ?>" />
|
||||
<fieldset>
|
||||
<legend><?php echo $lang_pmsn['Attention'] ?></legend>
|
||||
<div class="infldset">
|
||||
|
|
|
|||
|
|
@ -46,7 +46,9 @@ else
|
|||
$mbm = $lang_pmsn['ReBlocking redirect'];
|
||||
}
|
||||
|
||||
if (isset($_POST['action2']))
|
||||
$request = $container->get('Request');
|
||||
|
||||
if ($request->isPost('action2'))
|
||||
{
|
||||
if (!defined('PUN_PMS_NEW_CONFIRM'))
|
||||
message($lang_common['Bad referrer']);
|
||||
|
|
@ -55,7 +57,7 @@ if (isset($_POST['action2']))
|
|||
{
|
||||
$db->query('INSERT INTO '.$db->prefix.'pms_new_block (bl_id, bl_user_id) VALUES('.$pun_user['id'].', '.$uid.')') or error('Unable to create line in pms_new_block', __FILE__, __LINE__, $db->error());
|
||||
|
||||
if (isset($_POST['delete_dlg'])) // удаление диалогов
|
||||
if ($request->isPost('delete_dlg')) // удаление диалогов
|
||||
{
|
||||
$result = $db->query('SELECT id FROM '.$db->prefix.'pms_new_topics WHERE (starter_id = '.$pun_user['id'].' AND topic_st < 2 AND to_id='.$uid.') OR (to_id = '.$pun_user['id'].' AND topic_to < 2 AND starter_id='.$uid.')') or error('Unable to fetch pms topics IDs', __FILE__, __LINE__, $db->error());
|
||||
if ($db->num_rows($result))
|
||||
|
|
|
|||
|
|
@ -30,7 +30,9 @@ $cur_post = $db->fetch_assoc($result);
|
|||
if (!in_array($cur_post['tid'], $pmsn_arr_list) && !in_array($cur_post['tid'], $pmsn_arr_save))
|
||||
message($lang_common['Bad request'], false, '404 Not Found');
|
||||
|
||||
if (isset($_POST['action2']))
|
||||
$request = $container->get('Request');
|
||||
|
||||
if ($request->isPost('action2'))
|
||||
{
|
||||
if (!defined('PUN_PMS_NEW_CONFIRM'))
|
||||
message($lang_common['Bad referrer']);
|
||||
|
|
|
|||
|
|
@ -12,7 +12,9 @@ if (!defined('PUN') || !defined('PUN_PMS_NEW'))
|
|||
|
||||
define('PUN_PMS_LOADED', 1);
|
||||
|
||||
$pid = isset($_GET['pid']) ? intval($_GET['pid']) : 0;
|
||||
$request = $container->get('Request');
|
||||
|
||||
$pid = $request->getInt('pid', 0);
|
||||
if ($pid < 1)
|
||||
message($lang_common['Bad request'], false, '404 Not Found');
|
||||
|
||||
|
|
@ -64,11 +66,11 @@ require PUN_ROOT.'lang/'.$pun_user['language'].'/post.php';
|
|||
// Start with a clean slate
|
||||
$errors = array();
|
||||
|
||||
if (isset($_POST['csrf_hash']))
|
||||
if ($reuest->isPost('csrf_hash'))
|
||||
{
|
||||
|
||||
// Clean up message from POST
|
||||
$message = pun_linebreaks(pun_trim($_POST['req_message']));
|
||||
$message = pun_linebreaks(trim($request->postStr('req_message')));
|
||||
|
||||
if (strlen($message) > 65535)
|
||||
$errors[] = $lang_pmsn['Too long message'];
|
||||
|
|
@ -85,10 +87,10 @@ if (isset($_POST['csrf_hash']))
|
|||
if ($message == '')
|
||||
$errors[] = $lang_post['No message'];
|
||||
|
||||
$hide_smilies = isset($_POST['hide_smilies']) ? '1' : '0';
|
||||
$hide_smilies = $request->isPost('hide_smilies') ? '1' : '0';
|
||||
|
||||
// Did everything go according to plan?
|
||||
if (empty($errors) && !isset($_POST['preview']))
|
||||
if (empty($errors) && ! $request->isPost('preview'))
|
||||
{
|
||||
// Update the post
|
||||
$db->query('UPDATE '.$db->prefix.'pms_new_posts SET message=\''.$db->escape($message).'\', hide_smilies='.$hide_smilies.', edited='.time().', edited_by=\''.$db->escape($pun_user['username']).'\' WHERE id='.$pid) or error('Unable to update pms_new_posts', __FILE__, __LINE__, $db->error());
|
||||
|
|
@ -152,7 +154,7 @@ if (!empty($errors))
|
|||
|
||||
<?php
|
||||
}
|
||||
else if (isset($_POST['preview']))
|
||||
else if ($request->isPost('preview'))
|
||||
{
|
||||
require_once PUN_ROOT.'include/parser.php';
|
||||
$preview_message = parse_message($message, $hide_smilies);
|
||||
|
|
@ -193,7 +195,7 @@ $cur_index = 1;
|
|||
<div class="infldset txtarea">
|
||||
<input type="hidden" name="csrf_hash" value="<?php echo $pmsn_csrf_hash ?>" />
|
||||
<label class="required"><strong><?php echo $lang_common['Message'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br />
|
||||
<textarea name="req_message" rows="20" cols="95" tabindex="<?php echo $cur_index++ ?>"><?php echo pun_htmlspecialchars(isset($_POST['req_message']) ? $message : $cur_post['message']) ?></textarea><br /></label>
|
||||
<textarea name="req_message" rows="20" cols="95" tabindex="<?php echo $cur_index++ ?>"><?php echo pun_htmlspecialchars($request->isPost('req_message') ? $message : $cur_post['message']) ?></textarea><br /></label>
|
||||
<ul class="bblinks">
|
||||
<li><span><a href="help.php#bbcode" onclick="window.open(this.href); return false;"><?php echo $lang_common['BBCode'] ?></a> <?php echo ($pun_config['p_message_bbcode'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></span></li>
|
||||
<li><span><a href="help.php#url" onclick="window.open(this.href); return false;"><?php echo $lang_common['url tag'] ?></a> <?php echo ($pun_config['p_message_bbcode'] == '1' && $pun_user['g_post_links'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></span></li>
|
||||
|
|
|
|||
|
|
@ -55,7 +55,9 @@ else
|
|||
// Determine the topic offset (based on $_GET['p'])
|
||||
$num_pages = ceil($pmsn_kol_list / $pun_user['disp_topics']);
|
||||
|
||||
$p = (!isset($_GET['p']) || $_GET['p'] <= 1 || $_GET['p'] > $num_pages) ? 1 : intval($_GET['p']);
|
||||
$request = $container->get('Request');
|
||||
|
||||
$p = max(min($request->getInt('p', 1), $num_pages), 1);
|
||||
$start_from = $pun_user['disp_topics'] * ($p - 1);
|
||||
|
||||
// Generate paging links
|
||||
|
|
|
|||
|
|
@ -12,32 +12,33 @@ if (!defined('PUN') || !defined('PUN_PMS_NEW'))
|
|||
|
||||
define('PUN_PMS_LOADED', 1);
|
||||
|
||||
$request = $container->get('Request');
|
||||
|
||||
if (defined('PUN_PMS_NEW_CONFIRM'))
|
||||
{
|
||||
if (!isset($_POST['delete']) && !isset($_POST['save']))
|
||||
if (! $request->isPost('delete') && ! $request->isPost('save'))
|
||||
message($lang_common['Bad request'], false, '404 Not Found');
|
||||
|
||||
if (isset($_POST['delete']))
|
||||
if ($request->isPost('delete'))
|
||||
$mflag = 2;
|
||||
else
|
||||
$mflag = 3;
|
||||
|
||||
if (isset($_POST['action2']))
|
||||
if ($request->isPost('action2'))
|
||||
{
|
||||
if (!isset($_POST['topics']))
|
||||
$topics = $request->postStr('topics');
|
||||
|
||||
if (empty($topics) || preg_match('/[^0-9,]/', $topics))
|
||||
message($lang_common['Bad request'], false, '404 Not Found');
|
||||
|
||||
if (@preg_match('/[^0-9,]/', $_POST['topics']))
|
||||
message($lang_common['Bad request'], false, '404 Not Found');
|
||||
|
||||
$topics = explode(',', $_POST['topics']);
|
||||
$topics = explode(',', $topics);
|
||||
}
|
||||
else
|
||||
{
|
||||
if (!isset($_POST['post_topic']))
|
||||
if (! $request->isPost('post_topic'))
|
||||
message($lang_common['Bad request'], false, '404 Not Found');
|
||||
|
||||
$topics = array_map('intval', array_keys($_POST['post_topic']));
|
||||
$topics = array_map('intval', array_keys($request->post('post_topic'))); //????
|
||||
}
|
||||
|
||||
$kolvo = count($topics);
|
||||
|
|
@ -50,14 +51,14 @@ if (defined('PUN_PMS_NEW_CONFIRM'))
|
|||
message($lang_pmsn['Err2']);
|
||||
|
||||
// действуем
|
||||
if (isset($_POST['action2']))
|
||||
if ($request->isPost('action2'))
|
||||
{
|
||||
pmsn_user_delete($pun_user['id'], $mflag, $topics);
|
||||
|
||||
$mred = '';
|
||||
if (isset($_POST['p']))
|
||||
if ($request->isPost('p'))
|
||||
{
|
||||
$p = intval($_POST['p']);
|
||||
$p = $request->postInt('p', 0);
|
||||
if ($p > 1)
|
||||
$mred = '&p='.$p;
|
||||
}
|
||||
|
|
@ -67,7 +68,7 @@ if (defined('PUN_PMS_NEW_CONFIRM'))
|
|||
else
|
||||
message($lang_common['Bad referrer']);
|
||||
|
||||
if (isset($_POST['delete']))
|
||||
if ($request->isPost('delete'))
|
||||
{
|
||||
$mh2 = $lang_pmsn['InfoDeleteQ'];
|
||||
$mhm = $lang_pmsn['InfoDeleteQm'];
|
||||
|
|
@ -107,7 +108,7 @@ generate_pmsn_menu($pmsn_modul);
|
|||
<input type="hidden" name="csrf_hash" value="<?php echo $pmsn_csrf_hash ?>" />
|
||||
<input type="hidden" name="topics" value="<?php echo implode(',', $topics) ?>" />
|
||||
<input type="hidden" name="<?php echo $mfm ?>" value="1" />
|
||||
<input type="hidden" name="p" value="<?php echo intval($_POST['p']) ?>" />
|
||||
<input type="hidden" name="p" value="<?php echo $request->postInt('p', 1); ?>" />
|
||||
<fieldset>
|
||||
<legend><?php echo $lang_pmsn['Attention'] ?></legend>
|
||||
<div class="infldset">
|
||||
|
|
|
|||
|
|
@ -55,7 +55,9 @@ else
|
|||
// Determine the topic offset (based on $_GET['p'])
|
||||
$num_pages = ceil($pmsn_kol_new / $pun_user['disp_topics']);
|
||||
|
||||
$p = (!isset($_GET['p']) || $_GET['p'] <= 1 || $_GET['p'] > $num_pages) ? 1 : intval($_GET['p']);
|
||||
$request = $container->get('Request');
|
||||
|
||||
$p = max(min($request->getInt('p', 1), $num_pages), 1);
|
||||
$start_from = $pun_user['disp_topics'] * ($p - 1);
|
||||
|
||||
// Generate paging links
|
||||
|
|
|
|||
|
|
@ -12,32 +12,33 @@ if (!defined('PUN') || !defined('PUN_PMS_NEW'))
|
|||
|
||||
define('PUN_PMS_LOADED', 1);
|
||||
|
||||
$request = $container->get('Request');
|
||||
|
||||
if (defined('PUN_PMS_NEW_CONFIRM'))
|
||||
{
|
||||
if (!isset($_POST['delete']) && !isset($_POST['save']))
|
||||
if (! $request->isPost('delete') && ! $request->isPost('save'))
|
||||
message($lang_common['Bad request'], false, '404 Not Found');
|
||||
|
||||
if (isset($_POST['delete']))
|
||||
if ($request->isPost('delete'))
|
||||
$mflag = 2;
|
||||
else
|
||||
$mflag = 3;
|
||||
|
||||
if (isset($_POST['action2']))
|
||||
if ($request->isPost('action2'))
|
||||
{
|
||||
if (!isset($_POST['topics']))
|
||||
$topics = $request->postStr('topics');
|
||||
|
||||
if (empty($topics) || preg_match('/[^0-9,]/', $topics))
|
||||
message($lang_common['Bad request'], false, '404 Not Found');
|
||||
|
||||
if (@preg_match('/[^0-9,]/', $_POST['topics']))
|
||||
message($lang_common['Bad request'], false, '404 Not Found');
|
||||
|
||||
$topics = explode(',', $_POST['topics']);
|
||||
$topics = explode(',', $topics);
|
||||
}
|
||||
else
|
||||
{
|
||||
if (!isset($_POST['post_topic']))
|
||||
if (! $request->isPost('post_topic'))
|
||||
message($lang_common['Bad request'], false, '404 Not Found');
|
||||
|
||||
$topics = array_map('intval', array_keys($_POST['post_topic']));
|
||||
$topics = array_map('intval', array_keys($request->post('post_topic'))); //????
|
||||
}
|
||||
|
||||
$kolvo = count($topics);
|
||||
|
|
@ -50,14 +51,14 @@ if (defined('PUN_PMS_NEW_CONFIRM'))
|
|||
message($lang_pmsn['Err2']);
|
||||
|
||||
// действуем
|
||||
if (isset($_POST['action2']))
|
||||
if ($request->isPost('action2'))
|
||||
{
|
||||
pmsn_user_delete($pun_user['id'], $mflag, $topics);
|
||||
|
||||
$mred = '';
|
||||
if (isset($_POST['p']))
|
||||
if ($request->isPost('p'))
|
||||
{
|
||||
$p = intval($_POST['p']);
|
||||
$p = $request->postInt('p', 0);
|
||||
if ($p > 1)
|
||||
$mred = '&p='.$p;
|
||||
}
|
||||
|
|
@ -67,7 +68,7 @@ if (defined('PUN_PMS_NEW_CONFIRM'))
|
|||
else
|
||||
message($lang_common['Bad referrer']);
|
||||
|
||||
if (isset($_POST['delete']))
|
||||
if ($request->isPost('delete'))
|
||||
{
|
||||
$mh2 = $lang_pmsn['InfoDeleteQ'];
|
||||
$mhm = $lang_pmsn['InfoDeleteQm'];
|
||||
|
|
@ -107,7 +108,7 @@ generate_pmsn_menu($pmsn_modul);
|
|||
<input type="hidden" name="csrf_hash" value="<?php echo $pmsn_csrf_hash ?>" />
|
||||
<input type="hidden" name="topics" value="<?php echo implode(',', $topics) ?>" />
|
||||
<input type="hidden" name="<?php echo $mfm ?>" value="1" />
|
||||
<input type="hidden" name="p" value="<?php echo intval($_POST['p']) ?>" />
|
||||
<input type="hidden" name="p" value="<?php echo $request->postInt('p', 1); ?>" />
|
||||
<fieldset>
|
||||
<legend><?php echo $lang_pmsn['Attention'] ?></legend>
|
||||
<div class="infldset">
|
||||
|
|
|
|||
|
|
@ -12,7 +12,9 @@ if (!defined('PUN') || !defined('PUN_PMS_NEW'))
|
|||
|
||||
define('PUN_PMS_LOADED', 1);
|
||||
|
||||
$tid = isset($_GET['tid']) ? intval($_GET['tid']) : 0;
|
||||
$request = $container->get('Request');
|
||||
|
||||
$tid = $request->getInt('tid', 0);
|
||||
if ($tid < 0)
|
||||
message($lang_common['Bad request'], false, '404 Not Found');
|
||||
|
||||
|
|
@ -80,12 +82,12 @@ else
|
|||
$mmodul = 'list';
|
||||
}
|
||||
|
||||
if (!isset($_POST['req_addressee']) && (isset($_GET['uid']) || $sid))
|
||||
if (! $request->isPost('req_addressee') && ($request->isGet('uid') || $sid))
|
||||
{
|
||||
if ($sid)
|
||||
$uid = $sid;
|
||||
else
|
||||
$uid = intval($_GET['uid']);
|
||||
$uid = $request->getInt('uid');
|
||||
if ($uid < 2)
|
||||
message($lang_common['Bad request'], false, '404 Not Found');
|
||||
|
||||
|
|
@ -125,7 +127,7 @@ require PUN_ROOT.'lang/'.$pun_user['language'].'/post.php';
|
|||
$errors = array();
|
||||
|
||||
// Did someone just hit "Submit" or "Preview" or ""Save?
|
||||
if (isset($_POST['csrf_hash']))
|
||||
if ($request->isPost('csrf_hash'))
|
||||
{
|
||||
if(!defined('PUN_PMS_NEW_CONFIRM'))
|
||||
message($lang_common['Bad referrer']);
|
||||
|
|
@ -133,13 +135,13 @@ if (isset($_POST['csrf_hash']))
|
|||
$now = time();
|
||||
|
||||
// Flood protection
|
||||
if (!isset($_POST['preview']) && $pun_user['pmsn_last_post'] != '' && ($now - $pun_user['pmsn_last_post']) < $pun_user['g_post_flood'])
|
||||
if (! $request->isPost('preview') && $pun_user['pmsn_last_post'] != '' && ($now - $pun_user['pmsn_last_post']) < $pun_user['g_post_flood'])
|
||||
$errors[] = sprintf($lang_post['Flood start'], $pun_user['g_post_flood'], $pun_user['g_post_flood'] - ($now - $pun_user['pmsn_last_post']));
|
||||
|
||||
if ($tid == 0)
|
||||
{
|
||||
$subject = pun_trim($_POST['req_subject']);
|
||||
$addressee = pun_trim($_POST['req_addressee']);
|
||||
$subject = trim($request->postStr('req_subject'));
|
||||
$addressee = trim($request->postStr('req_addressee'));
|
||||
|
||||
if ($subject == '')
|
||||
$errors[] = $lang_pmsn['No subject'];
|
||||
|
|
@ -160,9 +162,9 @@ if (isset($_POST['csrf_hash']))
|
|||
$to_user['id'] = $cur_addressee['id'];
|
||||
$to_user['username'] = $cur_addressee['username'];
|
||||
|
||||
if ($pun_user['g_id'] != PUN_ADMIN && !isset($_POST['preview']))
|
||||
if ($pun_user['g_id'] != PUN_ADMIN && ! $request->isPost('preview'))
|
||||
{
|
||||
if (isset($_POST['save']))
|
||||
if ($request->isPost('save'))
|
||||
{
|
||||
if ($pmsn_kol_save >= $pun_user['g_pm_limit'] && $pun_user['g_pm_limit'] != 0)
|
||||
$errors[] = $lang_pmsn['More maximum user'];
|
||||
|
|
@ -177,7 +179,7 @@ if (isset($_POST['csrf_hash']))
|
|||
}
|
||||
}
|
||||
}
|
||||
else if (!isset($_POST['preview']))
|
||||
else if (! $request->isPost('preview'))
|
||||
{
|
||||
if ($pun_user['id'] == $cur_topic['starter_id'])
|
||||
$mid = $cur_topic['to_id'];
|
||||
|
|
@ -189,7 +191,7 @@ if (isset($_POST['csrf_hash']))
|
|||
|
||||
if (empty($cur_addressee['id']) || $cur_addressee['id'] < 2)
|
||||
$errors[] = $lang_pmsn['No addressee'];
|
||||
else if ($pun_user['g_id'] != PUN_ADMIN && !isset($_POST['save']) && ($cur_addressee['messages_enable'] == 0 || $cur_addressee['g_pm'] == 0))
|
||||
else if ($pun_user['g_id'] != PUN_ADMIN && ! $request->isPost('save') && ($cur_addressee['messages_enable'] == 0 || $cur_addressee['g_pm'] == 0))
|
||||
$errors[] = $lang_pmsn['Off messages'];
|
||||
}
|
||||
|
||||
|
|
@ -207,7 +209,7 @@ if (isset($_POST['csrf_hash']))
|
|||
}
|
||||
}
|
||||
|
||||
$message = pun_linebreaks(pun_trim($_POST['req_message']));
|
||||
$message = pun_linebreaks(trim($request->postStr('req_message')));
|
||||
|
||||
if (strlen($message) > 65535)
|
||||
$errors[] = $lang_pmsn['Too long message'];
|
||||
|
|
@ -224,10 +226,10 @@ if (isset($_POST['csrf_hash']))
|
|||
if ($message == '')
|
||||
$errors[] = $lang_post['No message'];
|
||||
|
||||
$hide_smilies = isset($_POST['hide_smilies']) ? '1' : '0';
|
||||
$hide_smilies = $request->isPost('hide_smilies') ? '1' : '0';
|
||||
|
||||
// posting
|
||||
if (empty($errors) && !isset($_POST['preview']))
|
||||
if (empty($errors) && ! $request->isPost('preview'))
|
||||
{
|
||||
$flag2 = 0;
|
||||
|
||||
|
|
@ -270,7 +272,7 @@ if (isset($_POST['csrf_hash']))
|
|||
}
|
||||
else // new dialog
|
||||
{
|
||||
if (isset($_POST['save']))
|
||||
if ($request->isPost('save'))
|
||||
{
|
||||
$flag1 = 3;
|
||||
$flag2 = 2;
|
||||
|
|
@ -340,9 +342,9 @@ if ($tid)
|
|||
$form = '<form id="post" method="post" action="pmsnew.php?mdl=post&tid='.$tid.$sidamp.'" onsubmit="this.submit.disabled=true;if(process_form(this)){return true;}else{this.submit.disabled=false;return false;}">'."\n";
|
||||
|
||||
// If a quote ID was specified in the url
|
||||
if (isset($_GET['qid']))
|
||||
if ($request->isGet('qid'))
|
||||
{
|
||||
$qid = intval($_GET['qid']);
|
||||
$qid = $request->getInt('qid', 0);
|
||||
if ($qid < 1)
|
||||
message($lang_common['Bad request'], false, '404 Not Found');
|
||||
|
||||
|
|
@ -461,7 +463,7 @@ if (!empty($errors))
|
|||
|
||||
<?php
|
||||
}
|
||||
else if (isset($_POST['preview']))
|
||||
else if ($request->isPost('preview'))
|
||||
{
|
||||
require_once PUN_ROOT.'include/parser.php';
|
||||
$preview_message = parse_message($message, $hide_smilies);
|
||||
|
|
@ -512,7 +514,7 @@ if ($tid==0)
|
|||
}
|
||||
?>
|
||||
<label class="required"><strong><?php echo $lang_common['Message'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br />
|
||||
<textarea name="req_message" rows="20" cols="95" tabindex="<?php echo $cur_index++ ?>"><?php echo isset($_POST['req_message']) ? pun_htmlspecialchars($message) : (isset($quote) ? $quote : ''); ?></textarea><br /></label>
|
||||
<textarea name="req_message" rows="20" cols="95" tabindex="<?php echo $cur_index++ ?>"><?php echo $request->isPost('req_message') ? pun_htmlspecialchars($message) : (isset($quote) ? $quote : ''); ?></textarea><br /></label>
|
||||
<ul class="bblinks">
|
||||
<li><span><a href="help.php#bbcode" onclick="window.open(this.href); return false;"><?php echo $lang_common['BBCode'] ?></a> <?php echo ($pun_config['p_message_bbcode'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></span></li>
|
||||
<li><span><a href="help.php#url" onclick="window.open(this.href); return false;"><?php echo $lang_common['url tag'] ?></a> <?php echo ($pun_config['p_message_bbcode'] == '1' && $pun_user['g_post_links'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></span></li>
|
||||
|
|
@ -525,7 +527,7 @@ if ($tid==0)
|
|||
|
||||
$checkboxes = array();
|
||||
if ($pun_config['o_smilies'] == '1')
|
||||
$checkboxes[] = '<label><input type="checkbox" name="hide_smilies" value="1" tabindex="'.($cur_index++).'"'.(isset($_POST['hide_smilies']) ? ' checked="checked"' : '').' />'.$lang_post['Hide smilies'].'<br /></label>';
|
||||
$checkboxes[] = '<label><input type="checkbox" name="hide_smilies" value="1" tabindex="'.($cur_index++).'"'.($request->isPost('hide_smilies') ? ' checked="checked"' : '').' />'.$lang_post['Hide smilies'].'<br /></label>';
|
||||
if (!empty($checkboxes))
|
||||
{
|
||||
?>
|
||||
|
|
|
|||
|
|
@ -55,7 +55,9 @@ else
|
|||
// Determine the topic offset (based on $_GET['p'])
|
||||
$num_pages = ceil($pmsn_kol_save / $pun_user['disp_topics']);
|
||||
|
||||
$p = (!isset($_GET['p']) || $_GET['p'] <= 1 || $_GET['p'] > $num_pages) ? 1 : intval($_GET['p']);
|
||||
$request = $container->get('Request');
|
||||
|
||||
$p = max(min($request->getInt('p', 1), $num_pages), 1);
|
||||
$start_from = $pun_user['disp_topics'] * ($p - 1);
|
||||
|
||||
// Generate paging links
|
||||
|
|
|
|||
|
|
@ -12,29 +12,30 @@ if (!defined('PUN') || !defined('PUN_PMS_NEW'))
|
|||
|
||||
define('PUN_PMS_LOADED', 1);
|
||||
|
||||
$request = $container->get('Request');
|
||||
|
||||
if (defined('PUN_PMS_NEW_CONFIRM'))
|
||||
{
|
||||
if (!isset($_POST['delete']))
|
||||
if (! $request->isPost('delete'))
|
||||
message($lang_common['Bad request'], false, '404 Not Found');
|
||||
|
||||
$mflag = 2;
|
||||
|
||||
if (isset($_POST['action2']))
|
||||
if ($request->isPost('action2'))
|
||||
{
|
||||
if (!isset($_POST['topics']))
|
||||
$topics = $request->postStr('topics');
|
||||
|
||||
if (empty($topics) || preg_match('/[^0-9,]/', $topics))
|
||||
message($lang_common['Bad request'], false, '404 Not Found');
|
||||
|
||||
if (@preg_match('/[^0-9,]/', $_POST['topics']))
|
||||
message($lang_common['Bad request'], false, '404 Not Found');
|
||||
|
||||
$topics = explode(',', $_POST['topics']);
|
||||
$topics = explode(',', $topics);
|
||||
}
|
||||
else
|
||||
{
|
||||
if (!isset($_POST['post_topic']))
|
||||
if (! $request->isPost('post_topic'))
|
||||
message($lang_common['Bad request'], false, '404 Not Found');
|
||||
|
||||
$topics = array_map('intval', array_keys($_POST['post_topic']));
|
||||
$topics = array_map('intval', array_keys($request->post('post_topic'))); //????
|
||||
}
|
||||
|
||||
$kolvo = count($topics);
|
||||
|
|
@ -47,14 +48,14 @@ if (defined('PUN_PMS_NEW_CONFIRM'))
|
|||
message($lang_pmsn['Err2']);
|
||||
|
||||
// действуем
|
||||
if (isset($_POST['action2']))
|
||||
if ($request->isPost('action2'))
|
||||
{
|
||||
pmsn_user_delete($pun_user['id'], $mflag, $topics);
|
||||
|
||||
$mred = '';
|
||||
if (isset($_POST['p']))
|
||||
if ($request->isPost('p'))
|
||||
{
|
||||
$p = intval($_POST['p']);
|
||||
$p = $request->postInt('p', 0);
|
||||
if ($p > 1)
|
||||
$mred = '&p='.$p;
|
||||
}
|
||||
|
|
@ -95,7 +96,7 @@ generate_pmsn_menu($pmsn_modul);
|
|||
<input type="hidden" name="csrf_hash" value="<?php echo $pmsn_csrf_hash ?>" />
|
||||
<input type="hidden" name="topics" value="<?php echo implode(',', $topics) ?>" />
|
||||
<input type="hidden" name="<?php echo $mfm ?>" value="1" />
|
||||
<input type="hidden" name="p" value="<?php echo intval($_POST['p']) ?>" />
|
||||
<input type="hidden" name="p" value="<?php echo $request->postInt('p', 1); ?>" />
|
||||
<fieldset>
|
||||
<legend><?php echo $lang_pmsn['Attention'] ?></legend>
|
||||
<div class="infldset">
|
||||
|
|
|
|||
|
|
@ -12,8 +12,9 @@ if (!defined('PUN') || !defined('PUN_PMS_NEW'))
|
|||
|
||||
define('PUN_PMS_LOADED', 1);
|
||||
|
||||
$tid = isset($_GET['tid']) ? intval($_GET['tid']) : 0;
|
||||
$request = $container->get('Request');
|
||||
|
||||
$tid = $request->getInt('tid', 0);
|
||||
if ($tid < 1)
|
||||
message($lang_common['Bad request'], false, '404 Not Found');
|
||||
|
||||
|
|
@ -48,7 +49,7 @@ if ($pun_user['g_id'] != PUN_ADMIN)
|
|||
message($lang_pmsn['More maximum']);
|
||||
}
|
||||
|
||||
if (isset($_POST['action2']))
|
||||
if ($request->isPost('action2'))
|
||||
{
|
||||
if (!defined('PUN_PMS_NEW_CONFIRM'))
|
||||
message($lang_common['Bad referrer']);
|
||||
|
|
|
|||
|
|
@ -12,8 +12,10 @@ if (!defined('PUN') || !defined('PUN_PMS_NEW'))
|
|||
|
||||
define('PUN_PMS_LOADED', 1);
|
||||
|
||||
$tid = isset($_GET['tid']) ? intval($_GET['tid']) : 0;
|
||||
$pid = isset($_GET['pid']) ? intval($_GET['pid']) : 0;
|
||||
$request = $container->get('Request');
|
||||
|
||||
$tid = $request->getInt('tid', 0);
|
||||
$pid = $request->getInt('pid', 0);
|
||||
if ($tid < 1 && $pid < 1)
|
||||
message($lang_common['Bad request'], false, '404 Not Found');
|
||||
|
||||
|
|
@ -27,7 +29,7 @@ if ($pid)
|
|||
|
||||
$result = $db->query('SELECT COUNT(id) FROM '.$db->prefix.'pms_new_posts WHERE topic_id='.$tid.' AND id<'.$pid) or error('Unable to fetch pms_new_posts info', __FILE__, __LINE__, $db->error());
|
||||
$i = $db->result($result) + 1;
|
||||
$_GET['p'] = ceil($i / $pun_user['disp_posts']);
|
||||
$_GET['p'] = ceil($i / $pun_user['disp_posts']); //????
|
||||
}
|
||||
else if ($action == 'new')
|
||||
{
|
||||
|
|
@ -120,7 +122,7 @@ require PUN_ROOT.'lang/'.$pun_user['language'].'/topic.php';
|
|||
// Determine the post offset (based on $_GET['p'])
|
||||
$num_pages = ceil(($cur_topic['replies'] + 1) / $pun_user['disp_posts']);
|
||||
|
||||
$p = (!isset($_GET['p']) || $_GET['p'] <= 1 || $_GET['p'] > $num_pages) ? 1 : intval($_GET['p']);
|
||||
$p = max(min($request->getInt('p', 1), $num_pages), 1);
|
||||
$start_from = $pun_user['disp_posts'] * ($p - 1);
|
||||
|
||||
// Generate paging links
|
||||
|
|
|
|||
|
|
@ -33,7 +33,9 @@ function poll_mess($mess, $ques = '', $vote = '')
|
|||
// получение данных из формы ***************************************************
|
||||
function poll_post($var, $default = null)
|
||||
{
|
||||
return isset($_POST[$var]) ? $_POST[$var] : $default;
|
||||
global $container;
|
||||
|
||||
return $container->get('Request')->post($var, $default);
|
||||
}
|
||||
|
||||
// запрещено ли редактировать **************************************************
|
||||
|
|
|
|||
|
|
@ -241,11 +241,13 @@ function security_test_browser()
|
|||
|
||||
function security_verify_captcha($form_captcha)
|
||||
{
|
||||
global $container;
|
||||
|
||||
$form_captcha = unserialize($form_captcha);
|
||||
|
||||
foreach ($form_captcha as $key => $val)
|
||||
{
|
||||
if (!isset($_POST[$key]) || pun_trim($_POST[$key]) != $val)
|
||||
if (trim($container->get('Request')->postStr($key)) != $val)
|
||||
{
|
||||
if (substr($key, 0, 4) == 'jst_')
|
||||
return 8; // js выключен
|
||||
|
|
|
|||
Loading…
Reference in a new issue