diff --git a/upload/admin/admin_disallow.php b/upload/admin/admin_disallow.php
index e510ddaaa..68f5f0323 100644
--- a/upload/admin/admin_disallow.php
+++ b/upload/admin/admin_disallow.php
@@ -28,7 +28,7 @@ if( isset($_POST['add_name']) )
else
{
$sql = "INSERT INTO " . BB_DISALLOW . " (disallow_username)
- VALUES('" . str_replace("\'", "''", $disallowed_user) . "')";
+ VALUES('" . DB()->escape($disallowed_user) . "')";
$result = DB()->sql_query( $sql );
if ( !$result )
{
diff --git a/upload/admin/admin_forums.php b/upload/admin/admin_forums.php
index 36f48b914..cdad8442d 100644
--- a/upload/admin/admin_forums.php
+++ b/upload/admin/admin_forums.php
@@ -172,8 +172,8 @@ if ($mode)
// Create a forum in the DB
//
$cat_id = intval($_POST[POST_CAT_URL]);
- $forum_name = str_replace("\'", "''", trim($_POST['forumname']));
- $forum_desc = str_replace("\'", "''", trim($_POST['forumdesc']));
+ $forum_name = DB()->escape(trim($_POST['forumname']));
+ $forum_desc = DB()->escape(trim($_POST['forumdesc']));
$forum_status = intval($_POST['forumstatus']);
$prune_enable = isset($_POST['prune_enable']);
@@ -240,8 +240,8 @@ if ($mode)
//
$cat_id = intval($_POST[POST_CAT_URL]);
$forum_id = intval($_POST[POST_FORUM_URL]);
- $forum_name = str_replace("\'", "''", trim($_POST['forumname']));
- $forum_desc = str_replace("\'", "''", trim($_POST['forumdesc']));
+ $forum_name = DB()->escape(trim($_POST['forumname']));
+ $forum_desc = DB()->escape(trim($_POST['forumdesc']));
$forum_status = intval($_POST['forumstatus']);
$prune_enable = isset($_POST['prune_enable']);
diff --git a/upload/admin/admin_log.php b/upload/admin/admin_log.php
index 6e6c381e2..28eb3bd9d 100644
--- a/upload/admin/admin_log.php
+++ b/upload/admin/admin_log.php
@@ -182,7 +182,6 @@ if ($var =& $_REQUEST[$title_match_key])
{
if ($tmp_title_match = substr(urldecode(trim($var)), 0, $title_match_max_len))
{
- $title_match_val = htmlspecialchars($tmp_title_match);
$title_match_sql = DB()->escape($tmp_title_match);
$url = url_arg($url, $title_match_key, urlencode($tmp_title_match));
}
diff --git a/upload/admin/admin_ranks.php b/upload/admin/admin_ranks.php
index fa7d2c748..b4240ed77 100644
--- a/upload/admin/admin_ranks.php
+++ b/upload/admin/admin_ranks.php
@@ -144,7 +144,7 @@ if( $mode != "" )
}
}
$sql = "UPDATE " . BB_RANKS . "
- SET rank_title = '" . str_replace("\'", "''", $rank_title) . "', rank_special = $special_rank, rank_min = $min_posts, rank_image = '" . str_replace("\'", "''", $rank_image) . "'
+ SET rank_title = '" . DB()->escape($rank_title) . "', rank_special = $special_rank, rank_min = $min_posts, rank_image = '" . DB()->escape($rank_image) . "'
WHERE rank_id = $rank_id";
$message = $lang['RANK_UPDATED'];
@@ -152,7 +152,7 @@ if( $mode != "" )
else
{
$sql = "INSERT INTO " . BB_RANKS . " (rank_title, rank_special, rank_min, rank_image)
- VALUES ('" . str_replace("\'", "''", $rank_title) . "', $special_rank, $min_posts, '" . str_replace("\'", "''", $rank_image) . "')";
+ VALUES ('" . DB()->escape($rank_title) . "', $special_rank, $min_posts, '" . DB()->escape($rank_image) . "')";
$message = $lang['RANK_ADDED'];
}
diff --git a/upload/admin/admin_smilies.php b/upload/admin/admin_smilies.php
index 8fe2beac3..3c97bc303 100644
--- a/upload/admin/admin_smilies.php
+++ b/upload/admin/admin_smilies.php
@@ -121,8 +121,8 @@ if( isset($_GET['import_pack']) || isset($_POST['import_pack']) )
if( !empty($replace_existing) )
{
$sql = "UPDATE " . BB_SMILIES . "
- SET smile_url = '" . str_replace("\'", "''", $smile_data[0]) . "', emoticon = '" . str_replace("\'", "''", $smile_data[1]) . "'
- WHERE code = '" . str_replace("\'", "''", $smile_data[$j]) . "'";
+ SET smile_url = '" . DB()->escape($smile_data[0]) . "', emoticon = '" . DB()->escape($smile_data[1]) . "'
+ WHERE code = '" . DB()->escape($smile_data[$j]) . "'";
}
else
{
@@ -132,7 +132,7 @@ if( isset($_GET['import_pack']) || isset($_POST['import_pack']) )
else
{
$sql = "INSERT INTO " . BB_SMILIES . " (code, smile_url, emoticon)
- VALUES('" . str_replace("\'", "''", $smile_data[$j]) . "', '" . str_replace("\'", "''", $smile_data[0]) . "', '" . str_replace("\'", "''", $smile_data[1]) . "')";
+ VALUES('" . DB()->escape($smile_data[$j]) . "', '" . DB()->escape($smile_data[0]) . "', '" . DB()->escape($smile_data[1]) . "')";
}
if( $sql != '' )
@@ -357,7 +357,7 @@ else if ( $mode != "" )
// Proceed with updating the smiley table.
//
$sql = "UPDATE " . BB_SMILIES . "
- SET code = '" . str_replace("\'", "''", $smile_code) . "', smile_url = '" . str_replace("\'", "''", $smile_url) . "', emoticon = '" . str_replace("\'", "''", $smile_emotion) . "'
+ SET code = '" . DB()->escape($smile_code) . "', smile_url = '" . DB()->escape($smile_url) . "', emoticon = '" . DB()->escape($smile_emotion) . "'
WHERE smilies_id = $smile_id";
if( !($result = DB()->sql_query($sql)) )
{
@@ -402,7 +402,7 @@ else if ( $mode != "" )
// Save the data to the smiley table.
//
$sql = "INSERT INTO " . BB_SMILIES . " (code, smile_url, emoticon)
- VALUES ('" . str_replace("\'", "''", $smile_code) . "', '" . str_replace("\'", "''", $smile_url) . "', '" . str_replace("\'", "''", $smile_emotion) . "')";
+ VALUES ('" . DB()->escape($smile_code) . "', '" . DB()->escape($smile_url) . "', '" . DB()->escape($smile_emotion) . "')";
$result = DB()->sql_query($sql);
if( !$result )
{
diff --git a/upload/admin/admin_user_ban.php b/upload/admin/admin_user_ban.php
index 67a42b7a2..9e044f708 100644
--- a/upload/admin/admin_user_ban.php
+++ b/upload/admin/admin_user_ban.php
@@ -231,7 +231,7 @@ if ( isset($_POST['submit']) )
if ( !$in_banlist )
{
$sql = "INSERT INTO " . BB_BANLIST . " (ban_email)
- VALUES ('" . str_replace("\'", "''", $email_list[$i]) . "')";
+ VALUES ('" . DB()->escape($email_list[$i]) . "')";
if ( !DB()->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't insert ban_email info into database", "", __LINE__, __FILE__, $sql);
@@ -262,7 +262,7 @@ if ( isset($_POST['submit']) )
{
if ( $ip_list[$i] != -1 )
{
- $where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . str_replace("\'", "''", $ip_list[$i]);
+ $where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . DB()->escape($ip_list[$i]);
}
}
}
@@ -275,7 +275,7 @@ if ( isset($_POST['submit']) )
{
if ( $email_list[$i] != -1 )
{
- $where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . str_replace("\'", "''", $email_list[$i]);
+ $where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . DB()->escape($email_list[$i]);
}
}
}
diff --git a/upload/admin/admin_user_search.php b/upload/admin/admin_user_search.php
index b48d53c07..8aca1c119 100644
--- a/upload/admin/admin_user_search.php
+++ b/upload/admin/admin_user_search.php
@@ -404,20 +404,20 @@ else
{
$total_sql .= "SELECT COUNT(user_id) AS total
FROM ".BB_USERS."
- WHERE REGEXP_LIKE(username, '".str_replace("\'", "''", $username)."')
+ WHERE REGEXP_LIKE(username, '".DB()->escape($username)."')
AND user_id <> ".ANONYMOUS;
- $select_sql .= " WHERE REGEXP_LIKE(u.username, '".str_replace("\'", "''", $username)."')
+ $select_sql .= " WHERE REGEXP_LIKE(u.username, '".DB()->escape($username)."')
AND u.user_id <> ".ANONYMOUS;
}
else
{
$total_sql .= "SELECT COUNT(user_id) AS total
FROM ".BB_USERS."
- WHERE {$lower_b}username{$lower_e} $op '".str_replace("\'", "''", $username)."'
+ WHERE {$lower_b}username{$lower_e} $op '".DB()->escape($username)."'
AND user_id <> ".ANONYMOUS;
- $select_sql .= " WHERE {$lower_b}u.username{$lower_e} $op '".str_replace("\'", "''", $username)."'
+ $select_sql .= " WHERE {$lower_b}u.username{$lower_e} $op '".DB()->escape($username)."'
AND u.user_id <> ".ANONYMOUS;
}
break;
@@ -453,20 +453,20 @@ else
{
$total_sql .= "SELECT COUNT(user_id) AS total
FROM ".BB_USERS."
- WHERE REGEXP_LIKE(user_email, '".str_replace("\'", "''", $email)."')
+ WHERE REGEXP_LIKE(user_email, '".DB()->escape($email)."')
AND user_id <> ".ANONYMOUS;
- $select_sql .= " WHERE REGEXP_LIKE(u.user_email, '".str_replace("\'", "''", $email)."')
+ $select_sql .= " WHERE REGEXP_LIKE(u.user_email, '".DB()->escape($email)."')
AND u.user_id <> ".ANONYMOUS;
}
else
{
$total_sql .= "SELECT COUNT(user_id) AS total
FROM ".BB_USERS."
- WHERE {$lower_b}user_email{$lower_e} $op '".str_replace("\'", "''", $email)."'
+ WHERE {$lower_b}user_email{$lower_e} $op '".DB()->escape($email)."'
AND user_id <> ".ANONYMOUS;
- $select_sql .= " WHERE {$lower_b}u.user_email{$lower_e} $op '".str_replace("\'", "''", $email)."'
+ $select_sql .= " WHERE {$lower_b}u.user_email{$lower_e} $op '".DB()->escape($email)."'
AND u.user_id <> ".ANONYMOUS;
}
break;
@@ -955,20 +955,20 @@ else
{
$total_sql .= "SELECT COUNT(user_id) AS total
FROM ".BB_USERS."
- WHERE REGEXP_LIKE($field, '".str_replace("\'", "''", $userfield_value)."')
+ WHERE REGEXP_LIKE($field, '".DB()->escape($userfield_value)."')
AND user_id <> ".ANONYMOUS;
- $select_sql .= " WHERE REGEXP_LIKE(u.$field, '".str_replace("\'", "''", $userfield_value)."')
+ $select_sql .= " WHERE REGEXP_LIKE(u.$field, '".DB()->escape($userfield_value)."')
AND u.user_id <> ".ANONYMOUS;
}
else
{
$total_sql .= "SELECT COUNT(user_id) AS total
FROM ".BB_USERS."
- WHERE {$lower_b}$field{$lower_e} $op '".str_replace("\'", "''", $userfield_value)."'
+ WHERE {$lower_b}$field{$lower_e} $op '".DB()->escape($userfield_value)."'
AND user_id <> ".ANONYMOUS;
- $select_sql .= " WHERE {$lower_b}u.$field{$lower_e} $op '".str_replace("\'", "''", $userfield_value)."'
+ $select_sql .= " WHERE {$lower_b}u.$field{$lower_e} $op '".DB()->escape($userfield_value)."'
AND u.user_id <> ".ANONYMOUS;
}
@@ -1025,10 +1025,10 @@ else
$total_sql .= "SELECT COUNT(user_id) AS total
FROM ".BB_USERS."
- WHERE user_lang = '".str_replace("\'", "''", $language_type)."'
+ WHERE user_lang = '".DB()->escape($language_type)."'
AND user_id <> ".ANONYMOUS;
- $select_sql .= " WHERE u.user_lang = '".str_replace("\'", "''", $language_type)."'
+ $select_sql .= " WHERE u.user_lang = '".DB()->escape($language_type)."'
AND u.user_id <> ".ANONYMOUS;
break;
diff --git a/upload/admin/admin_words.php b/upload/admin/admin_words.php
index bc6797486..818d9a9c7 100644
--- a/upload/admin/admin_words.php
+++ b/upload/admin/admin_words.php
@@ -86,14 +86,14 @@ if( $mode != "" )
if( $word_id )
{
$sql = "UPDATE " . BB_WORDS . "
- SET word = '" . str_replace("\'", "''", $word) . "', replacement = '" . str_replace("\'", "''", $replacement) . "'
+ SET word = '" . DB()->escape($word) . "', replacement = '" . DB()->escape($replacement) . "'
WHERE word_id = $word_id";
$message = $lang['WORD_UPDATED'];
}
else
{
$sql = "INSERT INTO " . BB_WORDS . " (word, replacement)
- VALUES ('" . str_replace("\'", "''", $word) . "', '" . str_replace("\'", "''", $replacement) . "')";
+ VALUES ('" . DB()->escape($word) . "', '" . DB()->escape($replacement) . "')";
$message = $lang['WORD_ADDED'];
}
diff --git a/upload/ajax/mod_action.php b/upload/ajax/mod_action.php
index 4048d5fab..0c8ac3dc8 100644
--- a/upload/ajax/mod_action.php
+++ b/upload/ajax/mod_action.php
@@ -33,7 +33,7 @@ switch ($mode)
case 'edit_topic_title':
$topic_id = (int) $this->request['topic_id'];
$topic_title = (string) $this->request['topic_title'];
- $new_title = clean_topic_title($topic_title);
+ $new_title = clean_title($topic_title);
if (!$topic_id) $this->ajax_die('invalid topic_id (empty)');
if ($new_title == '') $this->ajax_die('Вы должны указать заголовок сообщения');
diff --git a/upload/config.php b/upload/config.php
index fd7b129e8..9d1fe5d4f 100644
--- a/upload/config.php
+++ b/upload/config.php
@@ -57,7 +57,7 @@ $bb_cfg['css_ver'] = 1;
// Increase number of revision after update
$bb_cfg['tp_version'] = '2.0.2';
-$bb_cfg['tp_release_state'] = 'TP II r70';
+$bb_cfg['tp_release_state'] = 'TP II r71';
$bb_cfg['tp_release_date'] = '04-07-2011';
$bb_cfg['board_disabled_msg'] = 'форум временно отключен'; // 'forums temporarily disabled'; // show this msg if board has been disabled via ON/OFF trigger
diff --git a/upload/includes/functions.php b/upload/includes/functions.php
index f60eb4754..03e52e506 100644
--- a/upload/includes/functions.php
+++ b/upload/includes/functions.php
@@ -2714,7 +2714,7 @@ function bb_json_decode ($data)
return json_decode($data, true);
}
-function clean_topic_title ($str, $replace_underscore = false)
+function clean_title ($str, $replace_underscore = false)
{
$str = ($replace_underscore) ? str_replace('_', ' ', $str) : $str;
$str = htmlCHR(str_compact($str));
diff --git a/upload/includes/functions_post.php b/upload/includes/functions_post.php
index 054d69812..7a2cf63a6 100644
--- a/upload/includes/functions_post.php
+++ b/upload/includes/functions_post.php
@@ -171,7 +171,7 @@ function submit_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_
if ($row = DB()->fetch_row($sql))
{
- $last_msg = str_replace("\'", "''", $last_msg);
+ $last_msg = DB()->escape($last_msg);
if ($last_msg == $post_message)
{
@@ -286,7 +286,7 @@ function submit_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_
{
if (!empty($option_text))
{
- $option_text = str_replace("\'", "''", htmlspecialchars($option_text));
+ $option_text = DB()->escape(htmlspecialchars($option_text));
$poll_result = ($mode == "editpost" && isset($old_poll_result[$option_id])) ? $old_poll_result[$option_id] : 0;
$sql = ($mode != "editpost" || !isset($old_poll_result[$option_id])) ? "INSERT INTO " . BB_VOTE_RESULTS . " (vote_id, vote_option_id, vote_option_text, vote_result) VALUES ($poll_id, $poll_option_id, '$option_text', $poll_result)" : "UPDATE " . BB_VOTE_RESULTS . " SET vote_option_text = '$option_text', vote_result = $poll_result WHERE vote_option_id = $option_id AND vote_id = $poll_id";
diff --git a/upload/includes/functions_report.php b/upload/includes/functions_report.php
index a06849c57..a96fdfc62 100644
--- a/upload/includes/functions_report.php
+++ b/upload/includes/functions_report.php
@@ -1072,8 +1072,8 @@ function report_insert($module_id, $report_subject, $report_reason, $report_titl
$sql = 'INSERT INTO ' . BB_REPORTS . ' (user_id, report_time, report_module_id, report_status, report_reason_id,
report_subject, report_subject_data, report_title, report_desc)
VALUES (' . $userdata['user_id'] . ', ' . time() . ', ' . (int) $module_id . ', ' . REPORT_NEW . ', ' . (int) $report_reason . ',
- ' . (int) $report_subject . ", $report_subject_data_sql, '" . str_replace("'", "''", $report_title) . "',
- '" . str_replace("'", "''", $report_desc) . "')";
+ ' . (int) $report_subject . ", $report_subject_data_sql, '" . DB()->escape($report_title) . "',
+ '" . DB()->escape($report_desc) . "')";
if (!DB()->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Could not insert report', '', __LINE__, __FILE__, $sql);
@@ -1185,7 +1185,7 @@ function reports_update_status($report_ids, $report_status, $comment = '', $auth
//
// Insert report status changes and update reports
//
- $comment = str_replace("'", "''", $comment);
+ $comment = DB()->escape($comment);
foreach ($report_ids as $report_id)
{
$sql = 'INSERT INTO ' . BB_REPORTS_CHANGES . " (report_id, user_id, report_change_time, report_status, report_change_comment)
diff --git a/upload/includes/functions_report_admin.php b/upload/includes/functions_report_admin.php
index c70b0ee21..001e457ba 100644
--- a/upload/includes/functions_report_admin.php
+++ b/upload/includes/functions_report_admin.php
@@ -196,7 +196,7 @@ function report_module_install($module_notify, $module_prune, $module_name, $aut
$sql = 'INSERT INTO ' . BB_REPORTS_MODULES . ' (report_module_order, report_module_notify, report_module_prune,
report_module_name, auth_write, auth_view, auth_notify, auth_delete)
VALUES(' . ($max_order + 1) . ', ' . (int) $module_notify . ', ' . (int) $module_prune . ",
- '" . str_replace("'", "''", $module_name) . "', " . (int) $auth_write . ', ' . (int) $auth_view . ',
+ '" . DB()->escape($module_name) . "', " . (int) $auth_write . ', ' . (int) $auth_view . ',
' . (int) $auth_notify . ', ' . (int) $auth_delete . ')';
if (!DB()->sql_query($sql))
{
@@ -427,7 +427,7 @@ function report_reason_insert($module_id, $reason_desc)
// Insert reason
//
$sql = 'INSERT INTO ' . BB_REPORTS_REASONS . ' (report_module_id, report_reason_order, report_reason_desc)
- VALUES(' . (int) $module_id . ', ' . ($max_order + 1) . ", '" . str_replace("'", "''", $reason_desc) . "')";
+ VALUES(' . (int) $module_id . ', ' . ($max_order + 1) . ", '" . DB()->escape($reason_desc) . "')";
if (!DB()->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Could not insert report reason', '', __LINE__, __FILE__, $sql);
@@ -444,7 +444,7 @@ function report_reason_edit($reason_id, $module_id, $reason_desc)
$sql = 'UPDATE ' . BB_REPORTS_REASONS . '
SET
report_module_id = ' . (int) $module_id . ",
- report_reason_desc = '" . str_replace("'", "''", $reason_desc) . "'
+ report_reason_desc = '" . DB()->escape($reason_desc) . "'
WHERE report_reason_id = " . (int) $reason_id;
if (!DB()->sql_query($sql))
{
diff --git a/upload/includes/ucp/usercp_activate.php b/upload/includes/ucp/usercp_activate.php
index 93614c083..66cb836fa 100644
--- a/upload/includes/ucp/usercp_activate.php
+++ b/upload/includes/ucp/usercp_activate.php
@@ -39,7 +39,7 @@ if ( $row = DB()->sql_fetchrow($result) )
}
}
- $sql_update_pass = ( $row['user_newpasswd'] != '' ) ? ", user_password = '" . str_replace("\'", "''", $row['user_newpasswd']) . "', user_newpasswd = ''" : '';
+ $sql_update_pass = ( $row['user_newpasswd'] != '' ) ? ", user_password = '" . DB()->escape($row['user_newpasswd']) . "', user_newpasswd = ''" : '';
$sql = "UPDATE " . BB_USERS . "
SET user_active = 1, user_actkey = ''" . $sql_update_pass . "
diff --git a/upload/includes/ucp/usercp_avatar.php b/upload/includes/ucp/usercp_avatar.php
index fb2454b8f..210aaec1d 100644
--- a/upload/includes/ucp/usercp_avatar.php
+++ b/upload/includes/ucp/usercp_avatar.php
@@ -91,7 +91,7 @@ function user_avatar_gallery($mode, &$errors, $avatar_filename, $avatar_category
if ( file_exists(@phpbb_realpath($bb_cfg['avatar_gallery_path'] . '/' . $avatar_category . '/' . $avatar_filename)) && ($mode == 'editprofile') )
{
- return array('user_avatar' => str_replace("\'", "''", $avatar_category . '/' . $avatar_filename), 'user_avatar_type' => USER_AVATAR_GALLERY);
+ return array('user_avatar' => DB()->escape($avatar_category . '/' . $avatar_filename), 'user_avatar_type' => USER_AVATAR_GALLERY);
}
else
{
@@ -116,7 +116,7 @@ function user_avatar_url($mode, &$errors, $avatar_filename)
return;
}
- return array('user_avatar' => str_replace("\'", "''", $avatar_filename), 'user_avatar_type' => USER_AVATAR_REMOTE);
+ return array('user_avatar' => DB()->escape($avatar_filename), 'user_avatar_type' => USER_AVATAR_REMOTE);
}
diff --git a/upload/includes/ucp/usercp_sendpasswd.php b/upload/includes/ucp/usercp_sendpasswd.php
index 04276963b..ef627aab1 100644
--- a/upload/includes/ucp/usercp_sendpasswd.php
+++ b/upload/includes/ucp/usercp_sendpasswd.php
@@ -18,8 +18,8 @@ if ( isset($_POST['submit']) )
$sql = "SELECT *
FROM " . BB_USERS . "
- WHERE user_email = '" . str_replace("\'", "''", $email) . "'
- AND username = '" . str_replace("\'", "''", $username) . "'";
+ WHERE user_email = '" . DB()->escape($email) . "'
+ AND username = '" . DB()->escape($username) . "'";
if ( $result = DB()->sql_query($sql) )
{
if ( $row = DB()->sql_fetchrow($result) )
diff --git a/upload/memberlist.php b/upload/memberlist.php
index eae690d3d..e86a3341b 100644
--- a/upload/memberlist.php
+++ b/upload/memberlist.php
@@ -158,7 +158,7 @@ $sql = "SELECT username, user_id, user_opt, user_posts, user_regdate, user_from,
if ( $username )
{
$username = preg_replace('/\*/', '%', clean_username($username));
- $letter_sql = "username LIKE '". str_replace("\'", "''", $username) ."'";
+ $letter_sql = "username LIKE '". DB()->escape($username) ."'";
}
$sql .= ($letter_sql) ? " AND $letter_sql" : '';
$sql .= " ORDER BY $order_by";
diff --git a/upload/modcp.php b/upload/modcp.php
index d62b0e524..6b6aa87bd 100644
--- a/upload/modcp.php
+++ b/upload/modcp.php
@@ -440,7 +440,7 @@ switch ($mode)
}
while ($row = DB()->sql_fetchrow($result));
- $post_subject = trim(htmlspecialchars($_POST['subject']));
+ $post_subject = clean_title($_POST['subject']);
if (empty($post_subject))
{
message_die(GENERAL_MESSAGE, $lang['EMPTY_SUBJECT']);
@@ -464,7 +464,7 @@ switch ($mode)
DB()->sql_freeresult($result);
$sql = "INSERT INTO " . BB_TOPICS . " (topic_title, topic_poster, topic_time, forum_id, topic_status, topic_type)
- VALUES ('" . str_replace("\'", "''", $post_subject) . "', $first_poster, " . $topic_time . ", $new_forum_id, " . TOPIC_UNLOCKED . ", " . POST_NORMAL . ")";
+ VALUES ('" . DB()->escape($post_subject) . "', $first_poster, " . $topic_time . ", $new_forum_id, " . TOPIC_UNLOCKED . ", " . POST_NORMAL . ")";
if (!(DB()->sql_query($sql)))
{
message_die(GENERAL_ERROR, 'Could not insert new topic', '', __LINE__, __FILE__, $sql);
diff --git a/upload/posting.php b/upload/posting.php
index 356d9c843..510e486f6 100644
--- a/upload/posting.php
+++ b/upload/posting.php
@@ -502,7 +502,7 @@ else if ( ($submit || $confirm) && !$topic_has_new_posts )
{
$topic_type = ( isset($post_data['topic_type']) && $topic_type != $post_data['topic_type'] && !$is_auth['auth_sticky'] && !$is_auth['auth_announce'] ) ? $post_data['topic_type'] : $topic_type;
- submit_post($mode, $post_data, $return_message, $return_meta, $forum_id, $topic_id, $post_id, $poll_id, $topic_type, str_replace("\'", "''", $username), str_replace("\'", "''", $subject), str_replace("\'", "''", $message), str_replace("\'", "''", $poll_title), $poll_options, $poll_length, $update_post_time);
+ submit_post($mode, $post_data, $return_message, $return_meta, $forum_id, $topic_id, $post_id, $poll_id, $topic_type, DB()->escape($username), DB()->escape($subject), DB()->escape($message), DB()->escape($poll_title), $poll_options, $poll_length, $update_post_time);
}
break;
@@ -561,11 +561,11 @@ else if ( ($submit || $confirm) && !$topic_has_new_posts )
if( $refresh || isset($_POST['del_poll_option']) || $error_msg || ($submit && $topic_has_new_posts) )
//snp end
{
- $username = ( !empty($_POST['username']) ) ? htmlspecialchars(trim(stripslashes($_POST['username']))) : '';
- $subject = ( !empty($_POST['subject']) ) ? htmlspecialchars(trim(stripslashes($_POST['subject']))) : '';
- $message = ( !empty($_POST['message']) ) ? htmlspecialchars(trim(stripslashes($_POST['message']))) : '';
+ $username = ( !empty($_POST['username']) ) ? clean_username($_POST['username']) : '';
+ $subject = ( !empty($_POST['subject']) ) ? clean_title($_POST['subject']) : '';
+ $message = ( !empty($_POST['message']) ) ? $_POST['message'] : '';
- $poll_title = ( !empty($_POST['poll_title']) ) ? htmlspecialchars(trim(stripslashes($_POST['poll_title']))) : '';
+ $poll_title = ( !empty($_POST['poll_title']) ) ? clean_title($_POST['poll_title']) : '';
$poll_length = ( isset($_POST['poll_length']) ) ? max(0, intval($_POST['poll_length'])) : 0;
$poll_options = array();
@@ -580,66 +580,30 @@ if( $refresh || isset($_POST['del_poll_option']) || $error_msg || ($submit && $t
}
else if ( !empty($option_text) )
{
- $poll_options[$option_id] = htmlspecialchars(trim(stripslashes($option_text)));
+ $poll_options[$option_id] = clean_title($option_text);
}
}
}
if ( $poll_add && !empty($_POST['add_poll_option_text']) )
{
- $poll_options[] = htmlspecialchars(trim(stripslashes($_POST['add_poll_option_text'])));
+ $poll_options[] = clean_title($_POST['add_poll_option_text']);
}
if ($preview)
{
- $preview_message = $msg_html = $msg_html_tidy = '';
-
- $text = $message;
- $text = htmlCHR($text, false, ENT_NOQUOTES);
- $preview_message = bbcode2html($text); // создает объект $bbcode
-
- // ### DBG ###
- if (0 && $user->id == 10838)
- {
- $text = $_POST['message'];
- $text = htmlCHR($text, false, ENT_NOQUOTES);
- $msg_html_tidy = $bbcode->bbcode2html($text, true);
-
- if (1 && !empty($_COOKIE['explain']))
- {
- $msg_html = $bbcode->bbcode2html($text, false);
-
- $msg_html = html_compact($msg_html, true);
- $msg_html_tidy = html_compact($msg_html_tidy, true);
- $preview_message = html_compact($preview_message, true);
-
- file_write($msg_html, LOG_DIR.'before_tidy', false, true, true);
- file_write($msg_html_tidy, LOG_DIR.'after_tidy', false, true, true);
- }
- $template->assign_vars(array(
- 'MSG_HTML_TIDY' => $msg_html_tidy,
- ));
- }
- if (IS_AM)
- {
- $template->assign_vars(array(
- 'SPAM_WORD' => ($bbcode->found_spam) ? ''. htmlCHR(join("\n", $bbcode->found_spam)) .'' : '',
- ));
- }
- if (0 && $user->id == 10838)
- {
- $template->assign_vars(array(
- 'PREVIEW_INPUT_SRC' => get_html_src($_POST['message']),
- 'PREVIEW_HTML_SRC' => get_html_src($preview_message),
- ));
- }
- // ### DBG ###
+ $preview_subject = $subject;
+ $preview_username = $username;
+ $preview_message = bbcode2html($message);
$template->assign_vars(array(
- 'TPL_PREVIEW_POST' => true,
- 'PREVIEW_MSG' => $preview_message,
+ 'TPL_PREVIEW_POST' => true,
+ 'TOPIC_TITLE' => wbr($preview_subject),
+ 'POST_SUBJECT' => $preview_subject,
+ 'POSTER_NAME' => $preview_username,
+ 'POST_DATE' => bb_date(TIMENOW),
+ 'PREVIEW_MSG' => $preview_message,
));
-
}
}
else
@@ -664,10 +628,6 @@ else
$subject = ( $post_data['first_post'] ) ? $post_info['topic_title'] : $post_info['post_subject'];
$message = $post_info['post_text'];
- $message = str_replace('<', '<', $message);
- $message = str_replace('>', '>', $message);
- $message = str_replace('
', "\n", $message);
-
if ( $mode == 'quote' )
{
if (!defined('WORD_LIST_OBTAINED'))
diff --git a/upload/privmsg.php b/upload/privmsg.php
index 2e164aa81..bbd868711 100644
--- a/upload/privmsg.php
+++ b/upload/privmsg.php
@@ -280,7 +280,7 @@ if ( $mode == 'read' )
// set limits on numbers of storable posts for users ... hopefully!
//
$sql = "INSERT INTO " . BB_PRIVMSGS . " (privmsgs_type, privmsgs_subject, privmsgs_from_userid, privmsgs_to_userid, privmsgs_date, privmsgs_ip)
- VALUES (" . PRIVMSGS_SENT_MAIL . ", '" . str_replace("\'", "''", addslashes($privmsg['privmsgs_subject'])) . "', " . $privmsg['privmsgs_from_userid'] . ", " . $privmsg['privmsgs_to_userid'] . ", " . $privmsg['privmsgs_date'] . ", '" . $privmsg['privmsgs_ip'] . "')";
+ VALUES (" . PRIVMSGS_SENT_MAIL . ", '" . DB()->escape($privmsg['privmsgs_subject']) . "', " . $privmsg['privmsgs_from_userid'] . ", " . $privmsg['privmsgs_to_userid'] . ", " . $privmsg['privmsgs_date'] . ", '" . $privmsg['privmsgs_ip'] . "')";
if ( !DB()->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not insert private message sent info', '', __LINE__, __FILE__, $sql);
@@ -289,7 +289,7 @@ if ( $mode == 'read' )
$privmsg_sent_id = DB()->sql_nextid();
$sql = "INSERT INTO " . BB_PRIVMSGS_TEXT . " (privmsgs_text_id, privmsgs_text)
- VALUES ($privmsg_sent_id, '" . str_replace("\'", "''", addslashes($privmsg['privmsgs_text'])) . "')";
+ VALUES ($privmsg_sent_id, '" . DB()->escape($privmsg['privmsgs_text']) . "')";
if ( !DB()->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not insert private message sent text', '', __LINE__, __FILE__, $sql);
@@ -968,7 +968,7 @@ else if ( $submit || $refresh || $mode != '' )
{
$to_username = clean_username($_POST['username']);
// DelUsrKeepPM
- $to_username_sql = str_replace("\'", "''", $to_username);
+ $to_username_sql = DB()->escape($to_username);
$to_userdata = get_userdata ($to_username_sql);
@@ -996,7 +996,7 @@ else if ( $submit || $refresh || $mode != '' )
{
if ( !$error )
{
- $privmsg_message = DB()->escape($_POST['message']);
+ $privmsg_message = $_POST['message'];
}
}
else
@@ -1068,12 +1068,12 @@ else if ( $submit || $refresh || $mode != '' )
}
$sql_info = "INSERT INTO " . BB_PRIVMSGS . " (privmsgs_type, privmsgs_subject, privmsgs_from_userid, privmsgs_to_userid, privmsgs_date, privmsgs_ip)
- VALUES (" . PRIVMSGS_NEW_MAIL . ", '" . str_replace("\'", "''", $privmsg_subject) . "', " . $userdata['user_id'] . ", " . $to_userdata['user_id'] . ", $msg_time, '". USER_IP ."')";
+ VALUES (" . PRIVMSGS_NEW_MAIL . ", '" . DB()->escape($privmsg_subject) . "', " . $userdata['user_id'] . ", " . $to_userdata['user_id'] . ", $msg_time, '". USER_IP ."')";
}
else
{
$sql_info = "UPDATE " . BB_PRIVMSGS . "
- SET privmsgs_type = " . PRIVMSGS_NEW_MAIL . ", privmsgs_subject = '" . str_replace("\'", "''", $privmsg_subject) . "', privmsgs_from_userid = " . $userdata['user_id'] . ", privmsgs_to_userid = " . $to_userdata['user_id'] . ", privmsgs_date = $msg_time, privmsgs_ip = '". USER_IP ."'
+ SET privmsgs_type = " . PRIVMSGS_NEW_MAIL . ", privmsgs_subject = '" . DB()->escape($privmsg_subject) . "', privmsgs_from_userid = " . $userdata['user_id'] . ", privmsgs_to_userid = " . $to_userdata['user_id'] . ", privmsgs_date = $msg_time, privmsgs_ip = '". USER_IP ."'
WHERE privmsgs_id = $privmsg_id";
}
@@ -1087,12 +1087,12 @@ else if ( $submit || $refresh || $mode != '' )
$privmsg_sent_id = DB()->sql_nextid();
$sql = "INSERT INTO " . BB_PRIVMSGS_TEXT . " (privmsgs_text_id, privmsgs_text)
- VALUES ($privmsg_sent_id, '" . str_replace("\'", "''", $privmsg_message) . "')";
+ VALUES ($privmsg_sent_id, '" . DB()->escape($privmsg_message) . "')";
}
else
{
$sql = "UPDATE " . BB_PRIVMSGS_TEXT . "
- SET privmsgs_text = '" . str_replace("\'", "''", $privmsg_message) . "'
+ SET privmsgs_text = '" . DB()->escape($privmsg_message) . "'
WHERE privmsgs_text_id = $privmsg_id";
}
@@ -1163,14 +1163,10 @@ else if ( $submit || $refresh || $mode != '' )
// passed to the script, process it a little, do some checks
// where neccessary, etc.
//
- $to_username = (isset($_POST['username']) ) ? trim(htmlspecialchars(stripslashes($_POST['username']))) : '';
+ $to_username = (isset($_POST['username']) ) ? clean_username($_POST['username']) : '';
- $privmsg_subject = ( isset($_POST['subject']) ) ? trim(strip_tags(stripslashes($_POST['subject']))) : '';
+ $privmsg_subject = ( isset($_POST['subject']) ) ? clean_title($_POST['subject']) : '';
$privmsg_message = ( isset($_POST['message']) ) ? trim($_POST['message']) : '';
- if ( !$preview )
- {
- $privmsg_message = stripslashes($privmsg_message);
- }
//
// Do mode specific things
@@ -1334,8 +1330,6 @@ else if ( $submit || $refresh || $mode != '' )
$preview_subject = $privmsg_subject;
}
- $preview_message = str_replace("\n", '
', $preview_message);
-
$s_hidden_fields = '';
$s_hidden_fields .= '';
diff --git a/upload/report.php b/upload/report.php
index 0228a32f7..753d557df 100644
--- a/upload/report.php
+++ b/upload/report.php
@@ -77,7 +77,7 @@ if (isset($report_module))
if (isset($_POST['submit']))
{
$report_reason = (isset($_POST['reason'])) ? (int) $_POST['reason'] : 0;
- $report_desc = (isset($_POST['message'])) ? htmlspecialchars($_POST['message']) : '';
+ $report_desc = (isset($_POST['message'])) ? $_POST['message'] : '';
//
// Obtain report title if necessary
@@ -88,7 +88,7 @@ if (isset($report_module))
}
else
{
- $report_title = (isset($_POST['title'])) ? htmlspecialchars($_POST['title']) : '';
+ $report_title = (isset($_POST['title'])) ? $_POST['title'] : '';
$report_subject_id = 0;
}
@@ -110,8 +110,8 @@ if (isset($report_module))
//
if (empty($errors))
{
- $report_desc = str_replace("\'", "'", $report_desc);
- $report_title = str_replace("\'", "'", $report_title);
+ $report_desc = DB()->escape($report_desc);
+ $report_title = clean_title($report_title);
report_insert($report_module->id, $report_subject_id, $report_reason, $report_title, $report_desc, false);
@@ -304,7 +304,7 @@ else
{
if (isset($_POST['confirm']))
{
- $comment = (isset($_POST['comment'])) ? htmlspecialchars(str_replace("\'", "'", $_POST['comment'])) : '';
+ $comment = (isset($_POST['comment'])) ? DB()->escape($_POST['comment']) : '';
switch ($mode)
{
diff --git a/upload/search.php b/upload/search.php
index b74ebd0ea..cd1b7177b 100644
--- a/upload/search.php
+++ b/upload/search.php
@@ -866,7 +866,7 @@ function username_search ($search_match)
$sql = "
SELECT username
FROM ". BB_USERS ."
- WHERE username LIKE '". str_replace("\'", "''", $username_search) . "'
+ WHERE username LIKE '". DB()->escape($username_search) . "'
AND user_id <> ". ANONYMOUS ."
ORDER BY username
LIMIT 200
diff --git a/upload/viewtopic.php b/upload/viewtopic.php
index 2e6b02fb6..a07112412 100644
--- a/upload/viewtopic.php
+++ b/upload/viewtopic.php
@@ -893,7 +893,7 @@ for($i = 0; $i < $total_posts; $i++)
//
if ($user_sig)
{
- $user_sig = '
_________________
' . str_replace("\n", "\n
\n", $user_sig);
+ $user_sig = '
_________________
'. $user_sig;
}
//