beenull/forkbb
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Deleted POST, GET. REQUEST ...

Browse source
This commit is contained in:
Visman 2017-01-07 22:17:25 +07:00
parent a93b49d905
commit 8dc5a439d5
7 changed files with 102 additions and 93 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
delete.php
View file

@ -13,8 +13,9 @@ require PUN_ROOT.'include/common.php';
if ($pun_user['g_read_board'] == '0')
message($lang_common['No view'], false, '403 Forbidden');
$request = $container->get('Request');
$id = isset($_GET['id']) ? intval($_GET['id']) : 0;
$id = $request->getInt('id', 0);
if ($id < 1)
message($lang_common['Bad request'], false, '404 Not Found');
@ -57,7 +58,7 @@ if (!$is_admmod && $pun_user['g_deledit_interval'] != 0 && (time()-$cur_post['po
require PUN_ROOT.'lang/'.$pun_user['language'].'/delete.php';
if (isset($_POST['delete']))
if ($request->isPost('delete'))
{
// Make sure they got here from the site
confirm_referrer('delete.php');

45
edit.php
View file

@ -13,8 +13,9 @@ require PUN_ROOT.'include/poll.php';
if ($pun_user['g_read_board'] == '0')
message($lang_common['No view'], false, '403 Forbidden');
$request = $container->get('Request');
$id = isset($_GET['id']) ? intval($_GET['id']) : 0;
$id = $request->getInt('id', 0);
if ($id < 1)
message($lang_common['Bad request'], false, '404 Not Found');
@ -63,7 +64,7 @@ require PUN_ROOT.'lang/'.$pun_user['language'].'/post.php';
$errors = array();
if (isset($_POST['form_sent']))
if ($request->isPost('form_sent'))
{
// Make sure they got here from the site
confirm_referrer('edit.php');
@ -71,7 +72,7 @@ if (isset($_POST['form_sent']))
// If it's a topic it must contain a subject
if ($can_edit_subject)
{
$subject = pun_trim($_POST['req_subject']);
$subject = trim($request->postStr('req_subject'));
if ($pun_config['o_censoring'] == '1')
$censored_subject = pun_trim(censor_words($subject));
@ -92,7 +93,7 @@ if (isset($_POST['form_sent']))
}
// Clean up message from POST
$message = pun_linebreaks(pun_trim($_POST['req_message']));
$message = pun_linebreaks(pun_trim($request->postStr('req_message')));
// Here we use strlen() not pun_strlen() as we want to limit the post to PUN_MAX_POSTSIZE bytes, not characters
if (pun_strlen($message) > PUN_MAX_POSTSIZE)
@ -121,8 +122,8 @@ if (isset($_POST['form_sent']))
}
}
$hide_smilies = isset($_POST['hide_smilies']) ? '1' : '0';
$stick_topic = isset($_POST['stick_topic']) ? '1' : '0';
$hide_smilies = $request->isPost('hide_smilies') ? '1' : '0';
$stick_topic = $request->isPost('stick_topic') ? '1' : '0';
if (!$is_admmod)
$stick_topic = $cur_post['sticky'];
@ -130,16 +131,16 @@ if (isset($_POST['form_sent']))
$message = strip_bad_multibyte_chars($message);
// Visman
$edit_post = isset($_POST['editpost']) ? '1' : '0';
$edit_post = $request->isPost('editpost') ? '1' : '0';
if ($pun_user['g_id'] != PUN_ADMIN)
$edit_post = $cur_post['edit_post'];
$stick_fp = isset($_POST['stickfp']) ? '1' : '0';
$stick_fp = $request->isPost('stickfp') ? '1' : '0';
if (!$is_admmod)
$stick_fp = $cur_post['stick_fp'];
// Did everything go according to plan?
if (empty($errors) && !isset($_POST['preview']))
if (empty($errors) && ! $request->isPost('preview'))
{
$is_modified = ($subject != $cur_post['subject'] ||
$message != $cur_post['message'] ||
@ -148,7 +149,7 @@ if (isset($_POST['form_sent']))
$stick_fp != $cur_post['stick_fp'] ||
$stick_topic != $cur_post['sticky']); // MOD warnings - Visman
$edited_sql = (!isset($_POST['silent']) || !$is_admmod) ? ', edited='.time().', edited_by=\''.$db->escape($pun_user['username']).'\'' : '';
$edited_sql = (! $request->isPost('silent') || ! $is_admmod) ? ', edited='.time().', edited_by=\''.$db->escape($pun_user['username']).'\'' : '';
$edited_sql.= ', edit_post='.$edit_post; // Visman
require PUN_ROOT.'include/search_idx.php';
@ -175,14 +176,14 @@ if (isset($_POST['form_sent']))
if ($is_admmod)
{
$warning = pun_linebreaks(pun_trim($_POST['warning']));
$warning = pun_linebreaks(pun_trim($request->postStr('warning')));
if ($warning != $cur_post['warning'])
{
$db->query('DELETE FROM '.$db->prefix.'warnings WHERE id='.$id) or error('Unable to remove warning', __FILE__, __LINE__, $db->error());
$sql_warm = '';
if (strlen($_POST['warning']) > 0 )
if (strlen($warning) > 0 )
{
$db->query('INSERT INTO '.$db->prefix.'warnings (id, poster, poster_id, posted, message) VALUES('.$id.', \''.$db->escape($pun_user['username']).'\', '.$pun_user['id'].', '.time().', \''.$db->escape($_POST['warning']).'\')') or error('Unable to insert warning', __FILE__, __LINE__, $db->error());
$db->query('INSERT INTO '.$db->prefix.'warnings (id, poster, poster_id, posted, message) VALUES('.$id.', \''.$db->escape($pun_user['username']).'\', '.$pun_user['id'].', '.time().', \''.$db->escape($warning).'\')') or error('Unable to insert warning', __FILE__, __LINE__, $db->error());
$sql_warm = ', warning_flag=1';
}
$result = $db->query('SELECT COUNT(p.id) FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'warnings AS w ON w.id=p.id WHERE p.poster_id='.$cur_post['poster_id']) or error('Unable to sum for posts', __FILE__, __LINE__, $db->error());
@ -255,7 +256,7 @@ if (!empty($errors))
<?php
}
else if (isset($_POST['preview']))
else if ($request->isPost('preview'))
{
require_once PUN_ROOT.'include/parser.php';
$preview_message = parse_message($message, $hide_smilies);
@ -293,9 +294,9 @@ else if (isset($_POST['preview']))
<input type="hidden" name="csrf_hash" value="<?php echo csrf_hash() ?>" />
<div class="infldset txtarea">
<?php if ($can_edit_subject): ?> <label class="required"><strong><?php echo $lang_common['Subject'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br />
<input class="longinput" type="text" name="req_subject" size="80" maxlength="70" tabindex="<?php echo $cur_index++ ?>" value="<?php echo pun_htmlspecialchars(isset($_POST['req_subject']) ? $_POST['req_subject'] : $cur_post['subject']) ?>" /><br /></label>
<input class="longinput" type="text" name="req_subject" size="80" maxlength="70" tabindex="<?php echo $cur_index++ ?>" value="<?php echo pun_htmlspecialchars($request->postStr('req_subject', $cur_post['subject'])) ?>" /><br /></label>
<?php endif; ?> <label class="required"><strong><?php echo $lang_common['Message'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br />
<textarea name="req_message" rows="20" cols="95" tabindex="<?php echo $cur_index++ ?>"><?php echo pun_htmlspecialchars(isset($_POST['req_message']) ? $message : $cur_post['message']) ?></textarea><br /></label>
<textarea name="req_message" rows="20" cols="95" tabindex="<?php echo $cur_index++ ?>"><?php echo pun_htmlspecialchars($request->isPost('req_message') ? $message : $cur_post['message']) ?></textarea><br /></label>
<ul class="bblinks">
<li><span><a href="help.php#bbcode" onclick="window.open(this.href); return false;"><?php echo $lang_common['BBCode'] ?></a> <?php echo ($pun_config['p_message_bbcode'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></span></li>
<li><span><a href="help.php#url" onclick="window.open(this.href); return false;"><?php echo $lang_common['url tag'] ?></a> <?php echo ($pun_config['p_message_bbcode'] == '1' && $pun_user['g_post_links'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></span></li>
@ -303,7 +304,7 @@ else if (isset($_POST['preview']))
<li><span><a href="help.php#smilies" onclick="window.open(this.href); return false;"><?php echo $lang_common['Smilies'] ?></a> <?php echo ($pun_config['o_smilies'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></span></li>
</ul>
<?php if ($is_admmod): ?> <label><strong><?php echo $lang_common['Moderator'] ?></strong><br />
<input class="longinput" type="text" name="warning" size="80" maxlength="5000" tabindex="<?php echo $cur_index++ ?>" value="<?php echo pun_htmlspecialchars(isset($_POST['warning']) ? $_POST['warning'] : $cur_post['warning']) ?>" /><br /></label>
<input class="longinput" type="text" name="warning" size="80" maxlength="5000" tabindex="<?php echo $cur_index++ ?>" value="<?php echo pun_htmlspecialchars($request->postStr('warning', $cur_post['warning'])) ?>" /><br /></label>
<?php elseif ($cur_post['warning'] != ''): ?>
<div class="postwarn">
<?php echo pun_htmlspecialchars($cur_post['warning'])."\n" ?>
@ -316,7 +317,7 @@ else if (isset($_POST['preview']))
$checkboxes = array();
if ($can_edit_subject && $is_admmod)
{
if (isset($_POST['stick_topic']) || !isset($_POST['form_sent']) && $cur_post['sticky'] == '1')
if ($request->isPost('stick_topic') || ! $request->isPost('form_sent') && $cur_post['sticky'] == '1')
$checkboxes[] = '<label><input type="checkbox" name="stick_topic" value="1" checked="checked" tabindex="'.($cur_index++).'" />'.$lang_common['Stick topic'].'<br /></label>';
else
$checkboxes[] = '<label><input type="checkbox" name="stick_topic" value="1" tabindex="'.($cur_index++).'" />'.$lang_common['Stick topic'].'<br /></label>';
@ -324,7 +325,7 @@ if ($can_edit_subject && $is_admmod)
if ($pun_config['o_smilies'] == '1')
{
if (isset($_POST['hide_smilies']) || !isset($_POST['form_sent']) && $cur_post['hide_smilies'] == '1')
if ($request->isPost('hide_smilies') || ! $request->isPost('form_sent') && $cur_post['hide_smilies'] == '1')
$checkboxes[] = '<label><input type="checkbox" name="hide_smilies" value="1" checked="checked" tabindex="'.($cur_index++).'" />'.$lang_post['Hide smilies'].'<br /></label>';
else
$checkboxes[] = '<label><input type="checkbox" name="hide_smilies" value="1" tabindex="'.($cur_index++).'" />'.$lang_post['Hide smilies'].'<br /></label>';
@ -332,14 +333,14 @@ if ($pun_config['o_smilies'] == '1')
if ($is_admmod)
{
if (isset($_POST['silent']) || !isset($_POST['form_sent']))
if ($request->isPost('silent') || ! $request->isPost('form_sent'))
$checkboxes[] = '<label><input type="checkbox" name="silent" value="1" tabindex="'.($cur_index++).'" checked="checked" />'.$lang_post['Silent edit'].'<br /></label>';
else
$checkboxes[] = '<label><input type="checkbox" name="silent" value="1" tabindex="'.($cur_index++).'" />'.$lang_post['Silent edit'].'<br /></label>';
// StickFP - Visman
if ($can_edit_subject)
{
if (isset($_POST['stickfp']) || !isset($_POST['form_sent']) && $cur_post['stick_fp'] == '1')
if ($request->isPost('stickfp') || ! $request->isPost('form_sent') && $cur_post['stick_fp'] == '1')
$checkboxes[] = '<label><input type="checkbox" name="stickfp" value="1" tabindex="'.($cur_index++).'" checked="checked" />'.$lang_post['Stick first post'].'<br /></label>';
else
$checkboxes[] = '<label><input type="checkbox" name="stickfp" value="1" tabindex="'.($cur_index++).'" />'.$lang_post['Stick first post'].'<br /></label>';
@ -349,7 +350,7 @@ if ($is_admmod)
// мод ограничения времени редактирвания - Visman
if ($pun_user['g_id'] == PUN_ADMIN)
{
if (isset($_POST['editpost']) || !isset($_POST['form_sent']) && $cur_post['edit_post'] == '1')
if ($request->isPost('editpost') || ! $request->isPost('form_sent') && $cur_post['edit_post'] == '1')
$checkboxes[] = '<label><input type="checkbox" name="editpost" value="1" tabindex="'.($cur_index++).'" checked="checked" />'.$lang_post['EditPost edit'].'<br /></label>';
else
$checkboxes[] = '<label><input type="checkbox" name="editpost" value="1" tabindex="'.($cur_index++).'" />'.$lang_post['EditPost edit'].'<br /></label>';

31
extern.php
View file

@ -74,19 +74,21 @@ if ($pun_user['g_read_board'] == '0')
exit($lang_common['No view']);
}
$action = isset($_GET['action']) ? strtolower($_GET['action']) : 'feed';
$request = $container->get('Request');
$action = strtolower($request->getStr('action', 'feed'));
// Handle a couple old formats, from FluxBB 1.2
switch ($action)
{
case 'active':
$action = 'feed';
$_GET['order'] = 'last_post';
$_GET['order'] = 'last_post'; //????
break;
case 'new':
$action = 'feed';
$_GET['order'] = 'posted';
$_GET['order'] = 'posted'; //????
break;
}
@ -280,18 +282,18 @@ if ($action == 'feed')
require PUN_ROOT.'include/parser.php';
// Determine what type of feed to output
$type = isset($_GET['type']) ? strtolower($_GET['type']) : 'html';
$type = strtolower($request->getStr('type', ''));
if (!in_array($type, array('html', 'rss', 'atom', 'xml')))
$type = 'html';
$show = isset($_GET['show']) ? intval($_GET['show']) : 15;
$show = $request->getInt('show', 15);
if ($show < 1 || $show > 50)
$show = 15;
// Was a topic ID supplied?
if (isset($_GET['tid']))
if ($request->isGet('tid'))
{
$tid = intval($_GET['tid']);
$tid = $request->getInt('tid', 0);
// Fetch topic subject
$result = $db->query('SELECT t.subject, t.first_post_id FROM '.$db->prefix.'topics AS t LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=t.forum_id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.moved_to IS NULL AND t.id='.$tid) or error('Unable to fetch topic info', __FILE__, __LINE__, $db->error());
@ -350,14 +352,16 @@ if ($action == 'feed')
}
else
{
$order_posted = isset($_GET['order']) && strtolower($_GET['order']) == 'posted';
$order_posted = strtolower($request->getStr('order', '')) === 'posted';
$forum_name = '';
$forum_sql = '';
$fids = trim($request->getStr('fid'));
// Were any forum IDs supplied?
if (isset($_GET['fid']) && is_scalar($_GET['fid']) && $_GET['fid'] != '')
if (! empty($fids))
{
$fids = explode(',', pun_trim($_GET['fid']));
$fids = explode(',', $fids);
$fids = array_map('intval', $fids);
if (!empty($fids))
@ -372,10 +376,11 @@ if ($action == 'feed')
}
}
$nfids = trim($request->getStr('nfid'));
// Any forum IDs to exclude?
if (isset($_GET['nfid']) && is_scalar($_GET['nfid']) && $_GET['nfid'] != '')
if (! empty($nfids))
{
$nfids = explode(',', pun_trim($_GET['nfid']));
$nfids = explode(',', $nfids);
$nfids = array_map('intval', $nfids);
if (!empty($nfids))
@ -383,7 +388,7 @@ if ($action == 'feed')
}
// Only attempt to cache if caching is enabled and we have all or a single forum
if ($pun_config['o_feed_ttl'] > 0 && ($forum_sql == '' || ($forum_name != '' && !isset($_GET['nfid']))))
if ($pun_config['o_feed_ttl'] > 0 && ($forum_sql == '' || ($forum_name != '' && ! $request->isGet('nfid'))))
$cache_id = 'feed'.sha1($pun_user['g_id'].'|'.$lang_common['lang_identifier'].'|'.($order_posted ? '1' : '0').($forum_name == '' ? '' : '|'.$fids[0]));
// Load cached feed

7
include/functions.php
View file

@ -1192,12 +1192,9 @@ function confirm_message($error_msg = false)
function confirm_referrer($script, $error_msg = false, $use_ip = true)
{
$hash = '';
global $container;
if (isset($_POST['csrf_hash']))
$hash = $_POST['csrf_hash'];
else if (isset($_GET['csrf_hash']))
$hash = $_GET['csrf_hash'];
$hash = $container->get('Request')->requestStr('csrf_hash', '');
if (empty($hash) || !pun_hash_equals(csrf_hash($script, $use_ip), $hash))
confirm_message($error_msg);

32
login.php
View file

@ -6,7 +6,7 @@
* License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
*/
if (isset($_GET['action']))
if (isset($_GET['action'])) //????
define('PUN_QUIET_VISIT', 1);
define('PUN_ROOT', dirname(__FILE__).'/');
@ -16,16 +16,18 @@ require PUN_ROOT.'include/common.php';
// Load the login.php language file
require PUN_ROOT.'lang/'.$pun_user['language'].'/login.php';
$action = isset($_GET['action']) ? $_GET['action'] : null;
$request = $container->get('Request');
$action = $request->getStr('action');
$errors = array();
if (isset($_POST['form_sent']) && $action == 'in')
if ($request->isPost('form_sent') && $action === 'in')
{
flux_hook('login_before_validation');
$form_username = pun_trim($_POST['req_username']);
$form_password = pun_trim($_POST['req_password']);
$save_pass = isset($_POST['save_pass']);
$form_username = trim($request->postStr('req_username'));
$form_password = trim($request->postStr('req_password'));
$save_pass = $request->isPost('save_pass');
$username_sql = in_array($container->getParameter('DB_TYPE'), ['mysql', 'mysqli', 'mysql_innodb', 'mysqli_innodb']) ? 'username=\''.$db->escape($form_username).'\'' : 'LOWER(username)=LOWER(\''.$db->escape($form_username).'\')';
@ -106,16 +108,16 @@ if (isset($_POST['form_sent']) && $action == 'in')
set_tracked_topics(null);
// Try to determine if the data in redirect_url is valid (if not, we redirect to index.php after login)
$redirect_url = validate_redirect($_POST['redirect_url'], 'index.php');
$redirect_url = validate_redirect($reqiest->postStr('redirect_url'), 'index.php');
redirect(pun_htmlspecialchars($redirect_url), $lang_login['Login redirect']);
}
}
else if ($action == 'out')
else if ($action === 'out')
{
if ($pun_user['is_guest'] || !isset($_GET['id']) || $_GET['id'] != $pun_user['id'])
if ($pun_user['is_guest'] || ! $request->isGet('id') || $request->getInt('id') !== $pun_user['id'])
{
header('Location: index.php');
exit;
@ -136,7 +138,7 @@ else if ($action == 'out')
}
else if ($action == 'forget' || $action == 'forget_2')
else if ($action === 'forget' || $action === 'forget_2')
{
if (!$pun_user['is_guest'])
{
@ -144,14 +146,14 @@ else if ($action == 'forget' || $action == 'forget_2')
exit;
}
if (isset($_POST['form_sent']))
if ($request->isPost('form_sent'))
{
flux_hook('forget_password_before_validation');
require PUN_ROOT.'include/email.php';
// Validate the email address
$email = strtolower(pun_trim($_POST['req_email']));
$email = strtolower(trim($request->postStr('req_email')));
if (!is_valid_email($email))
$errors[] = $lang_common['Invalid email'];
@ -246,7 +248,7 @@ if (!empty($errors))
<legend><?php echo $lang_login['Request pass legend'] ?></legend>
<div class="infldset">
<input type="hidden" name="form_sent" value="1" />
<label class="required"><strong><?php echo $lang_common['Email'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br /><input id="req_email" type="text" name="req_email" value="<?php if (isset($_POST['req_email'])) echo pun_htmlspecialchars($_POST['req_email']); ?>" size="50" maxlength="80" /><br /></label>
<label class="required"><strong><?php echo $lang_common['Email'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br /><input id="req_email" type="text" name="req_email" value="<?php if ($request->isPost('req_email')) echo pun_htmlspecialchars($request->postStr('req_email', '')); ?>" size="50" maxlength="80" /><br /></label>
<p><?php echo $lang_login['Request pass info'] ?></p>
</div>
</fieldset>
@ -321,11 +323,11 @@ if (!empty($errors))
<div class="infldset">
<input type="hidden" name="form_sent" value="1" />
<input type="hidden" name="redirect_url" value="<?php echo pun_htmlspecialchars($redirect_url) ?>" />
<label class="conl required"><strong><?php echo $lang_common['Username'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br /><input type="text" name="req_username" value="<?php if (isset($_POST['req_username'])) echo pun_htmlspecialchars($_POST['req_username']); ?>" size="25" maxlength="25" tabindex="1" /><br /></label>
<label class="conl required"><strong><?php echo $lang_common['Username'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br /><input type="text" name="req_username" value="<?php if ($request->isPost('req_username')) echo pun_htmlspecialchars($request->postStr('req_username', '')); ?>" size="25" maxlength="25" tabindex="1" /><br /></label>
<label class="conl required"><strong><?php echo $lang_common['Password'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br /><input type="password" name="req_password" size="25" tabindex="2" /><br /></label>
<div class="rbox clearb">
<label><input type="checkbox" name="save_pass" value="1"<?php if (isset($_POST['save_pass'])) echo ' checked="checked"'; ?> tabindex="3" /><?php echo $lang_login['Remember me'] ?><br /></label>
<label><input type="checkbox" name="save_pass" value="1"<?php if ($request->isPost('save_pass')) echo ' checked="checked"'; ?> tabindex="3" /><?php echo $lang_login['Remember me'] ?><br /></label>
</div>
<p class="clearb"><?php echo $lang_login['Login info'] ?></p>

50
misc.php
View file

@ -6,7 +6,7 @@
* License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
*/
if (isset($_GET['action']))
if (isset($_GET['action'])) //????
define('PUN_QUIET_VISIT', 1);
define('PUN_ROOT', dirname(__FILE__).'/');
@ -16,10 +16,12 @@ require PUN_ROOT.'include/common.php';
// Load the misc.php language file
require PUN_ROOT.'lang/'.$pun_user['language'].'/misc.php';
$action = isset($_GET['action']) ? $_GET['action'] : null;
$request = $container->get('Reuqest');
$action = $request->getStr('action');
if ($action == 'rules')
if ($action === 'rules')
{
if ($pun_config['o_rules'] == '0' || ($pun_user['is_guest'] && $pun_user['g_read_board'] == '0' && $pun_config['o_regs_allow'] == '0'))
message($lang_common['Bad request'], false, '404 Not Found');
@ -46,11 +48,11 @@ if ($action == 'rules')
}
// START быстрое переключение языка - Visman
else if ($action == 'lang')
else if ($action === 'lang')
{
confirm_referrer('misc.php');
$language = isset($_GET['lang']) ? preg_replace('%[^\w]%', '', pun_trim($_GET['lang'])) : '';
$language = preg_replace('%[^\w]%', '', $request->getStr('lang', ''));
if (empty($language) || !file_exists(PUN_ROOT.'lang/'.$language.'/common.php'))
message($lang_common['Bad request'], false, '404 Not Found');
@ -74,7 +76,7 @@ else if ($action == 'lang')
}
// END быстрое переключение языка - Visman
else if ($action == 'markread')
else if ($action === 'markread')
{
if ($pun_user['is_guest'])
message($lang_common['No permission'], false, '403 Forbidden');
@ -91,14 +93,14 @@ else if ($action == 'markread')
// Mark the topics/posts in a forum as read?
else if ($action == 'markforumread')
else if ($action === 'markforumread')
{
if ($pun_user['is_guest'])
message($lang_common['No permission'], false, '403 Forbidden');
confirm_referrer('viewforum.php');
$fid = isset($_GET['fid']) ? intval($_GET['fid']) : 0;
$fid = $request->getInt('fid', 0);
if ($fid < 1)
message($lang_common['Bad request'], false, '404 Not Found');
@ -110,12 +112,12 @@ else if ($action == 'markforumread')
}
else if (isset($_GET['email']))
else if ($request->isGet('email'))
{
if ($pun_user['is_guest'] || $pun_user['g_send_email'] == '0')
message($lang_common['No permission'], false, '403 Forbidden');
$recipient_id = intval($_GET['email']);
$recipient_id = $request->getInt('email', 0);
if ($recipient_id < 2)
message($lang_common['Bad request'], false, '404 Not Found');
@ -129,13 +131,13 @@ else if (isset($_GET['email']))
message($lang_misc['Form email disabled']);
if (isset($_POST['form_sent']))
if ($request->isPost('form_sent'))
{
confirm_referrer('misc.php');
// Clean up message and subject from POST
$subject = pun_trim($_POST['req_subject']);
$message = pun_trim($_POST['req_message']);
$subject = trim($request->postStr('req_subject'));
$message = trim($request->postStr('req_message'));
if ($subject == '')
message($lang_misc['No email subject']);
@ -169,7 +171,7 @@ else if (isset($_GET['email']))
$db->query('UPDATE '.$db->prefix.'users SET last_email_sent='.time().' WHERE id='.$pun_user['id']) or error('Unable to update user', __FILE__, __LINE__, $db->error());
// Try to determine if the data in redirect_url is valid (if not, we redirect to index.php after the email is sent)
$redirect_url = validate_redirect($_POST['redirect_url'], 'index.php');
$redirect_url = validate_redirect($request->postStr('redirect_url'), 'index.php');
redirect(pun_htmlspecialchars($redirect_url), $lang_misc['Email sent redirect']);
}
@ -220,22 +222,22 @@ else if (isset($_GET['email']))
}
else if (isset($_GET['report']))
else if ($request->isGet('report'))
{
if ($pun_user['is_guest'])
message($lang_common['No permission'], false, '403 Forbidden');
$post_id = intval($_GET['report']);
$post_id = $request->getInt('report', 0);
if ($post_id < 1)
message($lang_common['Bad request'], false, '404 Not Found');
if (isset($_POST['form_sent']))
if ($request->isPost('form_sent'))
{
// Make sure they got here from the site
confirm_referrer('misc.php');
// Clean up reason from POST
$reason = pun_linebreaks(pun_trim($_POST['req_reason']));
$reason = pun_linebreaks(pun_trim($request->postStr('req_reason')));
if ($reason == '')
message($lang_misc['No reason']);
else if (strlen($reason) > 65535) // TEXT field can only hold 65535 bytes
@ -346,15 +348,15 @@ else if (isset($_GET['report']))
}
else if ($action == 'subscribe')
else if ($action === 'subscribe')
{
if ($pun_user['is_guest'])
message($lang_common['No permission'], false, '403 Forbidden');
confirm_referrer('misc.php');
$topic_id = isset($_GET['tid']) ? intval($_GET['tid']) : 0;
$forum_id = isset($_GET['fid']) ? intval($_GET['fid']) : 0;
$topic_id = $request->getInt('tid', 0);
$forum_id = $request->getInt('fid', 0);
if ($topic_id < 1 && $forum_id < 1)
message($lang_common['Bad request'], false, '404 Not Found');
@ -398,15 +400,15 @@ else if ($action == 'subscribe')
}
else if ($action == 'unsubscribe')
else if ($action === 'unsubscribe')
{
if ($pun_user['is_guest'])
message($lang_common['No permission'], false, '403 Forbidden');
confirm_referrer('misc.php');
$topic_id = isset($_GET['tid']) ? intval($_GET['tid']) : 0;
$forum_id = isset($_GET['fid']) ? intval($_GET['fid']) : 0;
$topic_id = $request->getInt('tid', 0);
$forum_id = $request->getInt('fid', 0);
if ($topic_id < 1 && $forum_id < 1)
message($lang_common['Bad request'], false, '404 Not Found');

25
pjq.php
View file

@ -18,12 +18,15 @@ if ($pun_user['g_read_board'] == '0')
if ($pun_user['is_guest'])
exit($lang_common['No permission']);
$action = isset($_POST['action']) ? $_POST['action'] : '';
$id = isset($_POST['id']) ? intval($_POST['id']) : 0;
$request = $container->get('Request');
$action = $request->postStr('action');
$id = $request->postInt('id', 0);
if ($id < 1)
exit($lang_common['Bad request']);
if ($action == "quote")
if ($action === "quote")
{
// Fetch some info about the post, the topic and the forum
$result = $db->query('SELECT p.message FROM '.$db->prefix.'posts AS p INNER JOIN '.$db->prefix.'topics AS t ON t.id=p.topic_id INNER JOIN '.$db->prefix.'forums AS f ON f.id=t.forum_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND p.id='.$id) or exit('Unable to fetch post info '.$db->error());
@ -35,12 +38,11 @@ if ($action == "quote")
if ($pun_config['o_censoring'] == '1')
$cur_post['message'] = censor_words($cur_post['message']);
?>
<quote_post><?php echo $cur_post['message'] ?></quote_post>
<?php
echo '<quote_post>' . $cur_post['message'] . '</quote_post>';
}
else if ($action == "pmquote")
else if ($action === "pmquote")
{
if ($pun_config['o_pms_enabled'] != '1' || $pun_user['g_pm'] == 0 || $pun_user['messages_enable'] == 0)
exit($lang_common['No permission']);
@ -55,11 +57,10 @@ else if ($action == "pmquote")
if ($pun_config['o_censoring'] == '1')
$cur_post['message'] = censor_words($cur_post['message']);
?>
<quote_post><?php echo $cur_post['message'] ?></quote_post>
<?php
echo '<quote_post>' . $cur_post['message'] . '</quote_post>';
}
else
exit($lang_common['Bad request']);