gauvain/san-reymoros
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Tentative de régler le bordel

Browse Source
This commit is contained in:
Gauvain Boiché
2020-03-31 15:58:31 +02:00
parent a1864c0414
commit 459b46df7b
345 changed files with 10758 additions and 4066 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
includes/ucp/ucp_attachments.php
View File

@@ -29,7 +29,7 @@ class ucp_attachments
function main($id, $mode)
{
global $template, $user, $db, $config, $phpEx, $phpbb_root_path, $phpbb_container, $request;
global $template, $user, $db, $config, $phpEx, $phpbb_root_path, $phpbb_container, $request, $auth;
$start = $request->variable('start', 0);
$sort_key = $request->variable('sk', 'a');
@@ -41,16 +41,27 @@ class ucp_attachments
if ($delete && count($delete_ids))
{
// Validate $delete_ids...
$sql = 'SELECT attach_id
FROM ' . ATTACHMENTS_TABLE . '
WHERE poster_id = ' . $user->data['user_id'] . '
AND is_orphan = 0
AND ' . $db->sql_in_set('attach_id', $delete_ids);
$sql = 'SELECT a.attach_id, p.post_edit_locked, t.topic_status, f.forum_id, f.forum_status
FROM ' . ATTACHMENTS_TABLE . ' a
LEFT JOIN ' . POSTS_TABLE . ' p
ON (a.post_msg_id = p.post_id AND a.in_message = 0)
LEFT JOIN ' . TOPICS_TABLE . ' t
ON (t.topic_id = p.topic_id AND a.in_message = 0)
LEFT JOIN ' . FORUMS_TABLE . ' f
ON (f.forum_id = t.forum_id AND a.in_message = 0)
WHERE a.poster_id = ' . $user->data['user_id'] . '
AND a.is_orphan = 0
AND ' . $db->sql_in_set('a.attach_id', $delete_ids);
$result = $db->sql_query($sql);
$delete_ids = array();
while ($row = $db->sql_fetchrow($result))
{
if (!$auth->acl_get('m_edit', $row['forum_id']) && ($row['forum_status'] == ITEM_LOCKED || $row['topic_status'] == ITEM_LOCKED || $row['post_edit_locked']))
{
continue;
}
$delete_ids[] = $row['attach_id'];
}
$db->sql_freeresult($result);
@@ -124,10 +135,12 @@ class ucp_attachments
$pagination = $phpbb_container->get('pagination');
$start = $pagination->validate_start($start, $config['topics_per_page'], $num_attachments);
$sql = 'SELECT a.*, t.topic_title, p.message_subject as message_title
$sql = 'SELECT a.*, t.topic_title, pr.message_subject as message_title, p.post_edit_locked, t.topic_status, f.forum_id, f.forum_status
FROM ' . ATTACHMENTS_TABLE . ' a
LEFT JOIN ' . POSTS_TABLE . ' p ON (a.post_msg_id = p.post_id AND a.in_message = 0)
LEFT JOIN ' . TOPICS_TABLE . ' t ON (a.topic_id = t.topic_id AND a.in_message = 0)
LEFT JOIN ' . PRIVMSGS_TABLE . ' p ON (a.post_msg_id = p.msg_id AND a.in_message = 1)
LEFT JOIN ' . FORUMS_TABLE . ' f ON (f.forum_id = t.forum_id AND a.in_message = 0)
LEFT JOIN ' . PRIVMSGS_TABLE . ' pr ON (a.post_msg_id = pr.msg_id AND a.in_message = 1)
WHERE a.poster_id = ' . $user->data['user_id'] . "
AND a.is_orphan = 0
ORDER BY $order_by";
@@ -164,6 +177,7 @@ class ucp_attachments
'TOPIC_ID' => $row['topic_id'],
'S_IN_MESSAGE' => $row['in_message'],
'S_LOCKED' => !$row['in_message'] && !$auth->acl_get('m_edit', $row['forum_id']) && ($row['forum_status'] == ITEM_LOCKED || $row['topic_status'] == ITEM_LOCKED || $row['post_edit_locked']),
'U_VIEW_ATTACHMENT' => append_sid("{$phpbb_root_path}download/file.$phpEx", 'id=' . $row['attach_id']),
'U_VIEW_TOPIC' => $view_topic)

33
includes/ucp/ucp_groups.php
View File

@@ -136,7 +136,7 @@ class ucp_groups
{
trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page);
}
list(, $row) = each($row);
$row = current($row);
$sql = 'SELECT group_type
FROM ' . GROUPS_TABLE . '
@@ -240,7 +240,7 @@ class ucp_groups
{
trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page);
}
list(, $row) = each($row);
$row = current($row);
if (!$row['group_leader'])
{
@@ -460,7 +460,7 @@ class ucp_groups
{
trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page);
}
list(, $row) = each($row);
$row = current($row);
if (!$row['group_leader'])
{
@@ -534,7 +534,12 @@ class ucp_groups
'teampage' => $group_row['group_teampage'],
);
if ($config['allow_avatar'])
if (!check_form_key('ucp_groups'))
{
$error[] = $user->lang['FORM_INVALID'];
}
if (!count($error) && $config['allow_avatar'])
{
// Handle avatar
$driver_name = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', ''));
@@ -556,11 +561,6 @@ class ucp_groups
$error = array_merge($error, $phpbb_avatar_manager->localize_errors($user, $avatar_error));
}
if (!check_form_key('ucp_groups'))
{
$error[] = $user->lang['FORM_INVALID'];
}
// Validate submitted colour value
if ($colour_error = validate_data($submit_ary, array('colour' => array('hex_colour', true))))
{
@@ -754,7 +754,7 @@ class ucp_groups
{
trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page);
}
list(, $row) = each($row);
$row = current($row);
if (!$row['group_leader'])
{
@@ -875,11 +875,16 @@ class ucp_groups
trigger_error($user->lang['NO_GROUP'] . $return_page);
}
if (!check_form_key('ucp_groups'))
{
trigger_error($user->lang('FORM_INVALID') . $return_page);
}
if (!($row = group_memberships($group_id, $user->data['user_id'])))
{
trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page);
}
list(, $row) = each($row);
$row = current($row);
if (!$row['group_leader'])
{
@@ -906,7 +911,7 @@ class ucp_groups
{
trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page);
}
list(, $row) = each($row);
$row = current($row);
if (!$row['group_leader'])
{
@@ -985,7 +990,7 @@ class ucp_groups
{
trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page);
}
list(, $row) = each($row);
$row = current($row);
if (!$row['group_leader'])
{
@@ -1046,7 +1051,7 @@ class ucp_groups
{
trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page);
}
list(, $row) = each($row);
$row = current($row);
if (!$row['group_leader'])
{

7
includes/ucp/ucp_pm.php
View File

@@ -193,6 +193,8 @@ class ucp_pm
trigger_error('NO_AUTH_READ_HOLD_MESSAGE');
}
add_form_key('ucp_pm_view');
// First Handle Mark actions and moving messages
$submit_mark = (isset($_POST['submit_mark'])) ? true : false;
$move_pm = (isset($_POST['move_pm'])) ? true : false;
@@ -207,6 +209,11 @@ class ucp_pm
$submit_mark = false;
}
if (($move_pm || $submit_mark) && !check_form_key('ucp_pm_view'))
{
trigger_error('FORM_INVALID');
}
// Move PM
if ($move_pm)
{

22
includes/ucp/ucp_pm_compose.php
View File

@@ -26,7 +26,7 @@ if (!defined('IN_PHPBB'))
function compose_pm($id, $mode, $action, $user_folders = array())
{
global $template, $db, $auth, $user, $cache;
global $phpbb_root_path, $phpEx, $config;
global $phpbb_root_path, $phpEx, $config, $language;
global $request, $phpbb_dispatcher, $phpbb_container;
// Damn php and globals - i know, this is horrible
@@ -799,7 +799,10 @@ function compose_pm($id, $mode, $action, $user_folders = array())
extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_modify_parse_before', compact($vars)));
// Parse Attachments - before checksum is calculated
$message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true);
if ($message_parser->check_attachment_form_token($language, $request, 'ucp_pm_compose'))
{
$message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true);
}
if (count($message_parser->warn_msg) && !($remove_u || $remove_g || $add_to || $add_bcc))
{
@@ -996,7 +999,10 @@ function compose_pm($id, $mode, $action, $user_folders = array())
{
$quote_attributes['post_id'] = $post['msg_id'];
}
if ($action === 'quote')
{
$quote_attributes['msg_id'] = $post['msg_id'];
}
/** @var \phpbb\language\language $language */
$language = $phpbb_container->get('language');
/** @var \phpbb\textformatter\utils_interface $text_formatter_utils */
@@ -1007,6 +1013,16 @@ function compose_pm($id, $mode, $action, $user_folders = array())
if (($action == 'reply' || $action == 'quote' || $action == 'quotepost') && !$preview && !$refresh)
{
$message_subject = ((!preg_match('/^Re:/', $message_subject)) ? 'Re: ' : '') . censor_text($message_subject);
/**
* This event allows you to modify the PM subject of the PM being quoted
*
* @event core.pm_modify_message_subject
* @var string message_subject String with the PM subject already censored.
* @since 3.2.8-RC1
*/
$vars = array('message_subject');
extract($phpbb_dispatcher->trigger_event('core.pm_modify_message_subject', compact($vars)));
}
if ($action == 'forward' && !$preview && !$refresh && !$submit)

7
includes/ucp/ucp_pm_viewfolder.php
View File

@@ -32,6 +32,8 @@ function view_folder($id, $mode, $folder_id, $folder)
$folder_info = get_pm_from($folder_id, $folder, $user->data['user_id']);
add_form_key('ucp_pm_view_folder');
if (!$submit_export)
{
$user->add_lang('viewforum');
@@ -197,6 +199,11 @@ function view_folder($id, $mode, $folder_id, $folder)
$enclosure = $request->variable('enclosure', '');
$delimiter = $request->variable('delimiter', '');
if (!check_form_key('ucp_pm_view_folder'))
{
trigger_error('FORM_INVALID');
}
if ($export_type == 'CSV' && ($delimiter === '' || $enclosure === ''))
{
$template->assign_var('PROMPT', true);

10
includes/ucp/ucp_profile.php
View File

@@ -70,9 +70,9 @@ class ucp_profile
// Do not check cur_password, it is the old one.
$check_ary = array(
'new_password' => array(
array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
array('string', true, $config['min_pass_chars'], 0),
array('password')),
'password_confirm' => array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
'password_confirm' => array('string', true, $config['min_pass_chars'], 0),
'email' => array(
array('string', false, 6, 60),
array('user_email')),
@@ -131,9 +131,7 @@ class ucp_profile
'username' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? $data['username'] : $user->data['username'],
'username_clean' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? utf8_clean_string($data['username']) : $user->data['username_clean'],
'user_email' => ($auth->acl_get('u_chgemail')) ? $data['email'] : $user->data['user_email'],
'user_email_hash' => ($auth->acl_get('u_chgemail')) ? phpbb_email_hash($data['email']) : $user->data['user_email_hash'],
'user_password' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? $passwords_manager->hash($data['new_password']) : $user->data['user_password'],
'user_passchg' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? time() : 0,
);
if ($auth->acl_get('u_chgname') && $config['allow_namechange'] && $data['username'] != $user->data['username'])
@@ -147,6 +145,8 @@ class ucp_profile
if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && !$passwords_manager->check($data['new_password'], $user->data['user_password']))
{
$sql_ary['user_passchg'] = time();
$user->reset_login_keys();
$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_NEW_PASSWORD', false, array(
'reportee_id' => $user->data['user_id'],
@@ -266,7 +266,7 @@ class ucp_profile
'CUR_PASSWORD' => '',
'L_USERNAME_EXPLAIN' => $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_name_chars']), $user->lang('CHARACTERS', (int) $config['max_name_chars'])),
'L_CHANGE_PASSWORD_EXPLAIN' => $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars']), $user->lang('CHARACTERS', (int) $config['max_pass_chars'])),
'L_CHANGE_PASSWORD_EXPLAIN' => $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars'])),
'S_FORCE_PASSWORD' => ($auth->acl_get('u_chgpasswd') && $config['chg_passforce'] && $user->data['user_passchg'] < time() - ($config['chg_passforce'] * 86400)) ? true : false,
'S_CHANGE_USERNAME' => ($config['allow_namechange'] && $auth->acl_get('u_chgname')) ? true : false,

63
includes/ucp/ucp_register.php
View File

@@ -39,12 +39,23 @@ class ucp_register
trigger_error('UCP_REGISTER_DISABLE');
}
$coppa = $request->is_set('coppa') ? (int) $request->variable('coppa', false) : false;
$coppa = $request->is_set('coppa_yes') ? 1 : ($request->is_set('coppa_no') ? 0 : false);
$coppa = $request->is_set('coppa') ? $request->variable('coppa', 0) : $coppa;
$agreed = $request->variable('agreed', false);
$submit = $request->is_set_post('submit');
$change_lang = $request->variable('change_lang', '');
$user_lang = $request->variable('lang', $user->lang_name);
if ($agreed && !check_form_key('ucp_register'))
{
$agreed = false;
}
if ($coppa !== false && !check_form_key('ucp_register'))
{
$coppa = false;
}
/**
* Add UCP register data before they are assigned to the template or submitted
*
@@ -67,14 +78,7 @@ class ucp_register
);
extract($phpbb_dispatcher->trigger_event('core.ucp_register_requests_after', compact($vars)));
if ($agreed)
{
add_form_key('ucp_register');
}
else
{
add_form_key('ucp_register_terms');
}
add_form_key('ucp_register');
if ($change_lang || $user_lang != $config['default_lang'])
{
@@ -168,11 +172,8 @@ class ucp_register
$template_vars = array(
'S_LANG_OPTIONS' => (count($lang_row) > 1) ? language_select($user_lang) : '',
'L_COPPA_NO' => sprintf($user->lang['UCP_COPPA_BEFORE'], $coppa_birthday),
'L_COPPA_YES' => sprintf($user->lang['UCP_COPPA_ON_AFTER'], $coppa_birthday),
'U_COPPA_NO' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register&amp;coppa=0'),
'U_COPPA_YES' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register&amp;coppa=1'),
'L_COPPA_NO' => $user->lang('UCP_COPPA_BEFORE', $coppa_birthday),
'L_COPPA_YES' => $user->lang('UCP_COPPA_ON_AFTER', $coppa_birthday),
'S_SHOW_COPPA' => true,
'S_HIDDEN_FIELDS' => build_hidden_fields($s_hidden_fields),
@@ -275,9 +276,9 @@ class ucp_register
array('string', false, $config['min_name_chars'], $config['max_name_chars']),
array('username', '')),
'new_password' => array(
array('string', false, $config['min_pass_chars'], $config['max_pass_chars']),
array('string', false, $config['min_pass_chars'], 0),
array('password')),
'password_confirm' => array('string', false, $config['min_pass_chars'], $config['max_pass_chars']),
'password_confirm' => array('string', false, $config['min_pass_chars'], 0),
'email' => array(
array('string', false, 6, 60),
array('user_email')),
@@ -451,6 +452,9 @@ class ucp_register
{
$message = $user->lang['ACCOUNT_ADDED'];
$email_template = 'user_welcome';
// Autologin after registration
$user->session_create($user_id, 0, false, 1);
}
if ($config['email_enable'])
@@ -599,6 +603,31 @@ class ucp_register
break;
}
/* @var $provider_collection \phpbb\auth\provider_collection */
$provider_collection = $phpbb_container->get('auth.provider_collection');
$auth_provider = $provider_collection->get_provider();
$auth_provider_data = $auth_provider->get_login_data();
if ($auth_provider_data)
{
if (isset($auth_provider_data['VARS']))
{
$template->assign_vars($auth_provider_data['VARS']);
}
if (isset($auth_provider_data['BLOCK_VAR_NAME']))
{
foreach ($auth_provider_data['BLOCK_VARS'] as $block_vars)
{
$template->assign_block_vars($auth_provider_data['BLOCK_VAR_NAME'], $block_vars);
}
}
$template->assign_vars(array(
'PROVIDER_TEMPLATE_FILE' => $auth_provider_data['TEMPLATE_FILE'],
));
}
// Assign template vars for timezone select
phpbb_timezone_select($template, $user, $data['tz'], true);
@@ -610,7 +639,7 @@ class ucp_register
'L_REG_COND' => $l_reg_cond,
'L_USERNAME_EXPLAIN' => $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_name_chars']), $user->lang('CHARACTERS', (int) $config['max_name_chars'])),
'L_PASSWORD_EXPLAIN' => $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars']), $user->lang('CHARACTERS', (int) $config['max_pass_chars'])),
'L_PASSWORD_EXPLAIN' => $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars'])),
'S_LANG_OPTIONS' => language_select($data['lang']),
'S_TZ_PRESELECT' => !$submit,

2
includes/ucp/ucp_resend.php
View File

@@ -47,7 +47,7 @@ class ucp_resend
$sql = 'SELECT user_id, group_id, username, user_email, user_type, user_lang, user_actkey, user_inactive_reason
FROM ' . USERS_TABLE . "
WHERE user_email_hash = '" . $db->sql_escape(phpbb_email_hash($email)) . "'
WHERE user_email = '" . $db->sql_escape($email) . "'
AND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
$result = $db->sql_query($sql);
$user_row = $db->sql_fetchrow($result);