r71

Экранирование в запросах git-svn-id: https://torrentpier2.googlecode.com/svn/trunk@71 a8ac35ab-4ca4-ca47-4c2d-a49a94f06293
2025-08-22 06:13:58 -07:00 · 2011-07-04 05:36:35 +00:00 · 2011-07-04 05:36:35 +00:00 · 4c616ae52f
commit 4c616ae52f
parent b694cba467
24 changed files with 83 additions and 130 deletions
--- a/upload/admin/admin_disallow.php
+++ b/upload/admin/admin_disallow.php
@ -28,7 +28,7 @@ if( isset($_POST['add_name']) )
 	else
 	{
 		$sql = "INSERT INTO " . BB_DISALLOW . " (disallow_username)
-			VALUES('" . str_replace("\'", "''", $disallowed_user) . "')";
+			VALUES('" . DB()->escape($disallowed_user) . "')";
 		$result = DB()->sql_query( $sql );
 		if ( !$result )
 		{
--- a/upload/admin/admin_forums.php
+++ b/upload/admin/admin_forums.php
@ -172,8 +172,8 @@ if ($mode)
 			// Create a forum in the DB
 			//
 			$cat_id = intval($_POST[POST_CAT_URL]);
-			$forum_name = str_replace("\'", "''", trim($_POST['forumname']));
-			$forum_desc = str_replace("\'", "''", trim($_POST['forumdesc']));
+			$forum_name = DB()->escape(trim($_POST['forumname']));
+			$forum_desc = DB()->escape(trim($_POST['forumdesc']));
 			$forum_status = intval($_POST['forumstatus']);

 			$prune_enable = isset($_POST['prune_enable']);
@ -240,8 +240,8 @@ if ($mode)
 			//
 			$cat_id = intval($_POST[POST_CAT_URL]);
 			$forum_id = intval($_POST[POST_FORUM_URL]);
-			$forum_name = str_replace("\'", "''", trim($_POST['forumname']));
-			$forum_desc = str_replace("\'", "''", trim($_POST['forumdesc']));
+			$forum_name = DB()->escape(trim($_POST['forumname']));
+			$forum_desc = DB()->escape(trim($_POST['forumdesc']));
 			$forum_status = intval($_POST['forumstatus']);

 			$prune_enable = isset($_POST['prune_enable']);
--- a/upload/admin/admin_log.php
+++ b/upload/admin/admin_log.php
@ -182,7 +182,6 @@ if ($var =& $_REQUEST[$title_match_key])
 {
 	if ($tmp_title_match = substr(urldecode(trim($var)), 0, $title_match_max_len))
 	{
-		$title_match_val = htmlspecialchars($tmp_title_match);
 		$title_match_sql = DB()->escape($tmp_title_match);
 		$url = url_arg($url, $title_match_key, urlencode($tmp_title_match));
 	}
--- a/upload/admin/admin_ranks.php
+++ b/upload/admin/admin_ranks.php
@ -144,7 +144,7 @@ if( $mode != "" )
 				}
 			}
 			$sql = "UPDATE " . BB_RANKS . "
-				SET rank_title = '" . str_replace("\'", "''", $rank_title) . "', rank_special = $special_rank, rank_min = $min_posts, rank_image = '" . str_replace("\'", "''", $rank_image) . "'
+				SET rank_title = '" . DB()->escape($rank_title) . "', rank_special = $special_rank, rank_min = $min_posts, rank_image = '" . DB()->escape($rank_image) . "'
 				WHERE rank_id = $rank_id";

 			$message = $lang['RANK_UPDATED'];
@ -152,7 +152,7 @@ if( $mode != "" )
 		else
 		{
 			$sql = "INSERT INTO " . BB_RANKS . " (rank_title, rank_special, rank_min, rank_image)
-				VALUES ('" . str_replace("\'", "''", $rank_title) . "', $special_rank, $min_posts, '" . str_replace("\'", "''", $rank_image) . "')";
+				VALUES ('" . DB()->escape($rank_title) . "', $special_rank, $min_posts, '" . DB()->escape($rank_image) . "')";

 			$message = $lang['RANK_ADDED'];
 		}
--- a/upload/admin/admin_smilies.php
+++ b/upload/admin/admin_smilies.php
@ -121,8 +121,8 @@ if( isset($_GET['import_pack']) || isset($_POST['import_pack']) )
 					if( !empty($replace_existing) )
 					{
 						$sql = "UPDATE " . BB_SMILIES . "
-							SET smile_url = '" . str_replace("\'", "''", $smile_data[0]) . "', emoticon = '" . str_replace("\'", "''", $smile_data[1]) . "'
-							WHERE code = '" . str_replace("\'", "''", $smile_data[$j]) . "'";
+							SET smile_url = '" . DB()->escape($smile_data[0]) . "', emoticon = '" . DB()->escape($smile_data[1]) . "'
+							WHERE code = '" . DB()->escape($smile_data[$j]) . "'";
 					}
 					else
 					{
@ -132,7 +132,7 @@ if( isset($_GET['import_pack']) || isset($_POST['import_pack']) )
 				else
 				{
 					$sql = "INSERT INTO " . BB_SMILIES . " (code, smile_url, emoticon)
-						VALUES('" . str_replace("\'", "''", $smile_data[$j]) . "', '" . str_replace("\'", "''", $smile_data[0]) . "', '" . str_replace("\'", "''", $smile_data[1]) . "')";
+						VALUES('" . DB()->escape($smile_data[$j]) . "', '" . DB()->escape($smile_data[0]) . "', '" . DB()->escape($smile_data[1]) . "')";
 				}

 				if( $sql != '' )
@ -357,7 +357,7 @@ else if ( $mode != "" )
 			// Proceed with updating the smiley table.
 			//
 			$sql = "UPDATE " . BB_SMILIES . "
-				SET code = '" . str_replace("\'", "''", $smile_code) . "', smile_url = '" . str_replace("\'", "''", $smile_url) . "', emoticon = '" . str_replace("\'", "''", $smile_emotion) . "'
+				SET code = '" . DB()->escape($smile_code) . "', smile_url = '" . DB()->escape($smile_url) . "', emoticon = '" . DB()->escape($smile_emotion) . "'
 				WHERE smilies_id = $smile_id";
 			if( !($result = DB()->sql_query($sql)) )
 			{
@ -402,7 +402,7 @@ else if ( $mode != "" )
 			// Save the data to the smiley table.
 			//
 			$sql = "INSERT INTO " . BB_SMILIES . " (code, smile_url, emoticon)
-				VALUES ('" . str_replace("\'", "''", $smile_code) . "', '" . str_replace("\'", "''", $smile_url) . "', '" . str_replace("\'", "''", $smile_emotion) . "')";
+				VALUES ('" . DB()->escape($smile_code) . "', '" . DB()->escape($smile_url) . "', '" . DB()->escape($smile_emotion) . "')";
 			$result = DB()->sql_query($sql);
 			if( !$result )
 			{
--- a/upload/admin/admin_user_ban.php
+++ b/upload/admin/admin_user_ban.php
@ -231,7 +231,7 @@ if ( isset($_POST['submit']) )
 		if ( !$in_banlist )
 		{
 			$sql = "INSERT INTO " . BB_BANLIST . " (ban_email)
-				VALUES ('" . str_replace("\'", "''", $email_list[$i]) . "')";
+				VALUES ('" . DB()->escape($email_list[$i]) . "')";
 			if ( !DB()->sql_query($sql) )
 			{
 				message_die(GENERAL_ERROR, "Couldn't insert ban_email info into database", "", __LINE__, __FILE__, $sql);
@ -262,7 +262,7 @@ if ( isset($_POST['submit']) )
 		{
 			if ( $ip_list[$i] != -1 )
 			{
-				$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . str_replace("\'", "''", $ip_list[$i]);
+				$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . DB()->escape($ip_list[$i]);
 			}
 		}
 	}
@ -275,7 +275,7 @@ if ( isset($_POST['submit']) )
 		{
 			if ( $email_list[$i] != -1 )
 			{
-				$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . str_replace("\'", "''", $email_list[$i]);
+				$where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . DB()->escape($email_list[$i]);
 			}
 		}
 	}
--- a/upload/admin/admin_user_search.php
+++ b/upload/admin/admin_user_search.php
@ -404,20 +404,20 @@ else
 			{
 				$total_sql .= "SELECT COUNT(user_id) AS total
 								FROM ".BB_USERS."
-									WHERE REGEXP_LIKE(username, '".str_replace("\'", "''", $username)."')
+									WHERE REGEXP_LIKE(username, '".DB()->escape($username)."')
 										AND user_id <> ".ANONYMOUS;

-				$select_sql .= "	WHERE REGEXP_LIKE(u.username, '".str_replace("\'", "''", $username)."')
+				$select_sql .= "	WHERE REGEXP_LIKE(u.username, '".DB()->escape($username)."')
 										AND u.user_id <> ".ANONYMOUS;
 			}
 			else
 			{
 				$total_sql .= "SELECT COUNT(user_id) AS total
 								FROM ".BB_USERS."
-									WHERE {$lower_b}username{$lower_e} $op '".str_replace("\'", "''", $username)."'
+									WHERE {$lower_b}username{$lower_e} $op '".DB()->escape($username)."'
 										AND user_id <> ".ANONYMOUS;

-				$select_sql .= "	WHERE {$lower_b}u.username{$lower_e} $op '".str_replace("\'", "''", $username)."'
+				$select_sql .= "	WHERE {$lower_b}u.username{$lower_e} $op '".DB()->escape($username)."'
 										AND u.user_id <> ".ANONYMOUS;
 			}
 			break;
@ -453,20 +453,20 @@ else
 			{
 				$total_sql .= "SELECT COUNT(user_id) AS total
 								FROM ".BB_USERS."
-									WHERE REGEXP_LIKE(user_email, '".str_replace("\'", "''", $email)."')
+									WHERE REGEXP_LIKE(user_email, '".DB()->escape($email)."')
 										AND user_id <> ".ANONYMOUS;

-				$select_sql .= "	WHERE REGEXP_LIKE(u.user_email, '".str_replace("\'", "''", $email)."')
+				$select_sql .= "	WHERE REGEXP_LIKE(u.user_email, '".DB()->escape($email)."')
 										AND u.user_id <> ".ANONYMOUS;
 			}
 			else
 			{
 				$total_sql .= "SELECT COUNT(user_id) AS total
 								FROM ".BB_USERS."
-									WHERE {$lower_b}user_email{$lower_e} $op '".str_replace("\'", "''", $email)."'
+									WHERE {$lower_b}user_email{$lower_e} $op '".DB()->escape($email)."'
 										AND user_id <> ".ANONYMOUS;

-				$select_sql .= "	WHERE {$lower_b}u.user_email{$lower_e} $op '".str_replace("\'", "''", $email)."'
+				$select_sql .= "	WHERE {$lower_b}u.user_email{$lower_e} $op '".DB()->escape($email)."'
 										AND u.user_id <> ".ANONYMOUS;
 			}
 			break;
@ -955,20 +955,20 @@ else
 			{
 				$total_sql .= "SELECT COUNT(user_id) AS total
 								FROM ".BB_USERS."
-									WHERE REGEXP_LIKE($field, '".str_replace("\'", "''", $userfield_value)."')
+									WHERE REGEXP_LIKE($field, '".DB()->escape($userfield_value)."')
 										AND user_id <> ".ANONYMOUS;

-				$select_sql .= "	WHERE REGEXP_LIKE(u.$field, '".str_replace("\'", "''", $userfield_value)."')
+				$select_sql .= "	WHERE REGEXP_LIKE(u.$field, '".DB()->escape($userfield_value)."')
 										AND u.user_id <> ".ANONYMOUS;
 			}
 			else
 			{
 				$total_sql .= "SELECT COUNT(user_id) AS total
 								FROM ".BB_USERS."
-									WHERE {$lower_b}$field{$lower_e} $op '".str_replace("\'", "''", $userfield_value)."'
+									WHERE {$lower_b}$field{$lower_e} $op '".DB()->escape($userfield_value)."'
 										AND user_id <> ".ANONYMOUS;

-				$select_sql .= "	WHERE {$lower_b}u.$field{$lower_e} $op '".str_replace("\'", "''", $userfield_value)."'
+				$select_sql .= "	WHERE {$lower_b}u.$field{$lower_e} $op '".DB()->escape($userfield_value)."'
 										AND u.user_id <> ".ANONYMOUS;
 			}

@ -1025,10 +1025,10 @@ else

 			$total_sql .= "SELECT COUNT(user_id) AS total
 							FROM ".BB_USERS."
-								WHERE user_lang = '".str_replace("\'", "''", $language_type)."'
+								WHERE user_lang = '".DB()->escape($language_type)."'
 									AND user_id <> ".ANONYMOUS;

-			$select_sql .= "	WHERE u.user_lang = '".str_replace("\'", "''", $language_type)."'
+			$select_sql .= "	WHERE u.user_lang = '".DB()->escape($language_type)."'
 									AND u.user_id <> ".ANONYMOUS;

 			break;
--- a/upload/admin/admin_words.php
+++ b/upload/admin/admin_words.php
@ -86,14 +86,14 @@ if( $mode != "" )
 		if( $word_id )
 		{
 			$sql = "UPDATE " . BB_WORDS . "
-				SET word = '" . str_replace("\'", "''", $word) . "', replacement = '" . str_replace("\'", "''", $replacement) . "'
+				SET word = '" . DB()->escape($word) . "', replacement = '" . DB()->escape($replacement) . "'
 				WHERE word_id = $word_id";
 			$message = $lang['WORD_UPDATED'];
 		}
 		else
 		{
 			$sql = "INSERT INTO " . BB_WORDS . " (word, replacement)
-				VALUES ('" . str_replace("\'", "''", $word) . "', '" . str_replace("\'", "''", $replacement) . "')";
+				VALUES ('" . DB()->escape($word) . "', '" . DB()->escape($replacement) . "')";
 			$message = $lang['WORD_ADDED'];
 		}

--- a/upload/ajax/mod_action.php
+++ b/upload/ajax/mod_action.php
@ -33,7 +33,7 @@ switch ($mode)
 	case 'edit_topic_title':
        $topic_id    = (int) $this->request['topic_id'];
 		$topic_title = (string) $this->request['topic_title'];
-		$new_title   = clean_topic_title($topic_title);
+		$new_title   = clean_title($topic_title);

 		if (!$topic_id) $this->ajax_die('invalid topic_id (empty)');
 		if ($new_title == '') $this->ajax_die('Вы должны указать заголовок сообщения');
--- a/upload/config.php
+++ b/upload/config.php
@ -57,7 +57,7 @@ $bb_cfg['css_ver'] = 1;

 // Increase number of revision after update
 $bb_cfg['tp_version'] = '2.0.2';
-$bb_cfg['tp_release_state'] = 'TP II r70';
+$bb_cfg['tp_release_state'] = 'TP II r71';
 $bb_cfg['tp_release_date'] = '04-07-2011';

 $bb_cfg['board_disabled_msg'] = 'форум временно отключен'; // 'forums temporarily disabled'; // show this msg if board has been disabled via ON/OFF trigger
--- a/upload/includes/functions.php
+++ b/upload/includes/functions.php
@ -2714,7 +2714,7 @@ function bb_json_decode ($data)
 	return json_decode($data, true);
 }

-function clean_topic_title ($str, $replace_underscore = false)
+function clean_title ($str, $replace_underscore = false)
 {
 	$str = ($replace_underscore) ? str_replace('_', ' ', $str) : $str;
 	$str = htmlCHR(str_compact($str));
--- a/upload/includes/functions_post.php
+++ b/upload/includes/functions_post.php
@ -171,7 +171,7 @@ function submit_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_

 		if ($row = DB()->fetch_row($sql))
 		{
-			$last_msg = str_replace("\'", "''", $last_msg);
+			$last_msg = DB()->escape($last_msg);

 			if ($last_msg == $post_message)
 			{
@ -286,7 +286,7 @@ function submit_post($mode, &$post_data, &$message, &$meta, &$forum_id, &$topic_
 		{
 			if (!empty($option_text))
 			{
-				$option_text = str_replace("\'", "''", htmlspecialchars($option_text));
+				$option_text = DB()->escape(htmlspecialchars($option_text));
 				$poll_result = ($mode == "editpost" && isset($old_poll_result[$option_id])) ? $old_poll_result[$option_id] : 0;

 				$sql = ($mode != "editpost" || !isset($old_poll_result[$option_id])) ? "INSERT INTO " . BB_VOTE_RESULTS . " (vote_id, vote_option_id, vote_option_text, vote_result) VALUES ($poll_id, $poll_option_id, '$option_text', $poll_result)" : "UPDATE " . BB_VOTE_RESULTS . " SET vote_option_text = '$option_text', vote_result = $poll_result WHERE vote_option_id = $option_id AND vote_id = $poll_id";
--- a/upload/includes/functions_report.php
+++ b/upload/includes/functions_report.php
@ -1072,8 +1072,8 @@ function report_insert($module_id, $report_subject, $report_reason, $report_titl
 	$sql = 'INSERT INTO ' . BB_REPORTS . ' (user_id, report_time, report_module_id, report_status, report_reason_id,
 		report_subject, report_subject_data, report_title, report_desc)
 		VALUES (' . $userdata['user_id'] . ', ' . time() . ', ' . (int) $module_id . ', ' . REPORT_NEW . ', ' . (int) $report_reason . ',
-			' . (int) $report_subject . ", $report_subject_data_sql, '" . str_replace("'", "''", $report_title) . "',
-			'" . str_replace("'", "''", $report_desc) . "')";
+			' . (int) $report_subject . ", $report_subject_data_sql, '" . DB()->escape($report_title) . "',
+			'" . DB()->escape($report_desc) . "')";
 	if (!DB()->sql_query($sql))
 	{
 		message_die(GENERAL_ERROR, 'Could not insert report', '', __LINE__, __FILE__, $sql);
@ -1185,7 +1185,7 @@ function reports_update_status($report_ids, $report_status, $comment = '', $auth
 	//
 	// Insert report status changes and update reports
 	//
-	$comment = str_replace("'", "''", $comment);
+	$comment = DB()->escape($comment);
 	foreach ($report_ids as $report_id)
 	{
 		$sql = 'INSERT INTO ' . BB_REPORTS_CHANGES . " (report_id, user_id, report_change_time, report_status, report_change_comment)
--- a/upload/includes/functions_report_admin.php
+++ b/upload/includes/functions_report_admin.php
@ -196,7 +196,7 @@ function report_module_install($module_notify, $module_prune, $module_name, $aut
 	$sql = 'INSERT INTO ' . BB_REPORTS_MODULES . ' (report_module_order, report_module_notify, report_module_prune,
 		report_module_name, auth_write, auth_view, auth_notify, auth_delete)
 		VALUES(' . ($max_order + 1) . ', ' . (int) $module_notify . ', ' . (int) $module_prune . ",
-			'" . str_replace("'", "''", $module_name) . "', " . (int) $auth_write . ', ' . (int) $auth_view . ',
+			'" . DB()->escape($module_name) . "', " . (int) $auth_write . ', ' . (int) $auth_view . ',
 			' . (int) $auth_notify . ', ' . (int) $auth_delete . ')';
 	if (!DB()->sql_query($sql))
 	{
@ -427,7 +427,7 @@ function report_reason_insert($module_id, $reason_desc)
 	// Insert reason
 	//
 	$sql = 'INSERT INTO ' . BB_REPORTS_REASONS . ' (report_module_id, report_reason_order, report_reason_desc)
-		VALUES(' . (int) $module_id . ', ' . ($max_order + 1) . ", '" . str_replace("'", "''", $reason_desc) . "')";
+		VALUES(' . (int) $module_id . ', ' . ($max_order + 1) . ", '" . DB()->escape($reason_desc) . "')";
 	if (!DB()->sql_query($sql))
 	{
 		message_die(GENERAL_ERROR, 'Could not insert report reason', '', __LINE__, __FILE__, $sql);
@ -444,7 +444,7 @@ function report_reason_edit($reason_id, $module_id, $reason_desc)
 	$sql = 'UPDATE ' . BB_REPORTS_REASONS . '
 		SET
 			report_module_id = ' . (int) $module_id . ",
-			report_reason_desc = '" . str_replace("'", "''", $reason_desc) . "'
+			report_reason_desc = '" . DB()->escape($reason_desc) . "'
 		WHERE report_reason_id = " . (int) $reason_id;
 	if (!DB()->sql_query($sql))
 	{
--- a/upload/includes/ucp/usercp_activate.php
+++ b/upload/includes/ucp/usercp_activate.php
@ -39,7 +39,7 @@ if ( $row = DB()->sql_fetchrow($result) )
 			}
 		}

-		$sql_update_pass = ( $row['user_newpasswd'] != '' ) ? ", user_password = '" . str_replace("\'", "''", $row['user_newpasswd']) . "', user_newpasswd = ''" : '';
+		$sql_update_pass = ( $row['user_newpasswd'] != '' ) ? ", user_password = '" . DB()->escape($row['user_newpasswd']) . "', user_newpasswd = ''" : '';

 		$sql = "UPDATE " . BB_USERS . "
 			SET user_active = 1, user_actkey = ''" . $sql_update_pass . "
--- a/upload/includes/ucp/usercp_avatar.php
+++ b/upload/includes/ucp/usercp_avatar.php
@ -91,7 +91,7 @@ function user_avatar_gallery($mode, &$errors, $avatar_filename, $avatar_category

 	if ( file_exists(@phpbb_realpath($bb_cfg['avatar_gallery_path'] . '/' . $avatar_category . '/' . $avatar_filename)) && ($mode == 'editprofile') )
 	{
-		return array('user_avatar' => str_replace("\'", "''", $avatar_category . '/' . $avatar_filename), 'user_avatar_type' => USER_AVATAR_GALLERY);
+		return array('user_avatar' => DB()->escape($avatar_category . '/' . $avatar_filename), 'user_avatar_type' => USER_AVATAR_GALLERY);
 	}
 	else
 	{
@ -116,7 +116,7 @@ function user_avatar_url($mode, &$errors, $avatar_filename)
 		return;
 	}

-	return array('user_avatar' => str_replace("\'", "''", $avatar_filename), 'user_avatar_type' => USER_AVATAR_REMOTE);
+	return array('user_avatar' => DB()->escape($avatar_filename), 'user_avatar_type' => USER_AVATAR_REMOTE);

 }

--- a/upload/includes/ucp/usercp_sendpasswd.php
+++ b/upload/includes/ucp/usercp_sendpasswd.php
@ -18,8 +18,8 @@ if ( isset($_POST['submit']) )

 	$sql = "SELECT *
 		FROM " . BB_USERS . "
-		WHERE user_email = '" . str_replace("\'", "''", $email) . "'
-			AND username = '" . str_replace("\'", "''", $username) . "'";
+		WHERE user_email = '" . DB()->escape($email) . "'
+			AND username = '" . DB()->escape($username) . "'";
 	if ( $result = DB()->sql_query($sql) )
 	{
 		if ( $row = DB()->sql_fetchrow($result) )
--- a/upload/memberlist.php
+++ b/upload/memberlist.php
@ -158,7 +158,7 @@ $sql = "SELECT username, user_id, user_opt, user_posts, user_regdate, user_from,
 if ( $username )
 {
 	$username = preg_replace('/\*/', '%', clean_username($username));
-	$letter_sql = "username LIKE '". str_replace("\'", "''", $username) ."'";
+	$letter_sql = "username LIKE '". DB()->escape($username) ."'";
 }
 $sql .= ($letter_sql) ? " AND $letter_sql" : '';
 $sql .= " ORDER BY $order_by";
--- a/upload/modcp.php
+++ b/upload/modcp.php
@ -440,7 +440,7 @@ switch ($mode)
 				}
 				while ($row = DB()->sql_fetchrow($result));

-				$post_subject = trim(htmlspecialchars($_POST['subject']));
+				$post_subject = clean_title($_POST['subject']);
 				if (empty($post_subject))
 				{
 					message_die(GENERAL_MESSAGE, $lang['EMPTY_SUBJECT']);
@ -464,7 +464,7 @@ switch ($mode)
 				DB()->sql_freeresult($result);

 				$sql  = "INSERT INTO " . BB_TOPICS . " (topic_title, topic_poster, topic_time, forum_id, topic_status, topic_type)
-					VALUES ('" . str_replace("\'", "''", $post_subject) . "', $first_poster, " . $topic_time . ", $new_forum_id, " . TOPIC_UNLOCKED . ", " . POST_NORMAL . ")";
+					VALUES ('" . DB()->escape($post_subject) . "', $first_poster, " . $topic_time . ", $new_forum_id, " . TOPIC_UNLOCKED . ", " . POST_NORMAL . ")";
 				if (!(DB()->sql_query($sql)))
 				{
 					message_die(GENERAL_ERROR, 'Could not insert new topic', '', __LINE__, __FILE__, $sql);
--- a/upload/posting.php
+++ b/upload/posting.php
@ -502,7 +502,7 @@ else if ( ($submit || $confirm) && !$topic_has_new_posts )
 			{
 				$topic_type = ( isset($post_data['topic_type']) && $topic_type != $post_data['topic_type'] && !$is_auth['auth_sticky'] && !$is_auth['auth_announce'] ) ? $post_data['topic_type'] : $topic_type;

-				submit_post($mode, $post_data, $return_message, $return_meta, $forum_id, $topic_id, $post_id, $poll_id, $topic_type, str_replace("\'", "''", $username), str_replace("\'", "''", $subject), str_replace("\'", "''", $message), str_replace("\'", "''", $poll_title), $poll_options, $poll_length, $update_post_time);
+				submit_post($mode, $post_data, $return_message, $return_meta, $forum_id, $topic_id, $post_id, $poll_id, $topic_type, DB()->escape($username), DB()->escape($subject), DB()->escape($message), DB()->escape($poll_title), $poll_options, $poll_length, $update_post_time);
 			}
 			break;

@ -561,11 +561,11 @@ else if ( ($submit || $confirm) && !$topic_has_new_posts )
 if( $refresh || isset($_POST['del_poll_option']) || $error_msg || ($submit && $topic_has_new_posts) )
 //snp end
 {
-	$username = ( !empty($_POST['username']) ) ? htmlspecialchars(trim(stripslashes($_POST['username']))) : '';
-	$subject = ( !empty($_POST['subject']) ) ? htmlspecialchars(trim(stripslashes($_POST['subject']))) : '';
-	$message = ( !empty($_POST['message']) ) ? htmlspecialchars(trim(stripslashes($_POST['message']))) : '';
+	$username = ( !empty($_POST['username']) ) ? clean_username($_POST['username']) : '';
+	$subject = ( !empty($_POST['subject']) ) ? clean_title($_POST['subject']) : '';
+	$message = ( !empty($_POST['message']) ) ? $_POST['message'] : '';

-	$poll_title = ( !empty($_POST['poll_title']) ) ? htmlspecialchars(trim(stripslashes($_POST['poll_title']))) : '';
+	$poll_title = ( !empty($_POST['poll_title']) ) ? clean_title($_POST['poll_title']) : '';
 	$poll_length = ( isset($_POST['poll_length']) ) ? max(0, intval($_POST['poll_length'])) : 0;

 	$poll_options = array();
@ -580,66 +580,30 @@ if( $refresh || isset($_POST['del_poll_option']) || $error_msg || ($submit && $t
 			}
 			else if ( !empty($option_text) )
 			{
-				$poll_options[$option_id] = htmlspecialchars(trim(stripslashes($option_text)));
+				$poll_options[$option_id] = clean_title($option_text);
 			}
 		}
 	}

 	if ( $poll_add && !empty($_POST['add_poll_option_text']) )
 	{
-		$poll_options[] = htmlspecialchars(trim(stripslashes($_POST['add_poll_option_text'])));
+		$poll_options[] = clean_title($_POST['add_poll_option_text']);
 	}

 	if ($preview)
 	{
-		$preview_message = $msg_html = $msg_html_tidy = '';
-
-		$text = $message;
-		$text = htmlCHR($text, false, ENT_NOQUOTES);
-		$preview_message = bbcode2html($text);  // создает объект $bbcode
-
-		// ### DBG ###
-		if (0 && $user->id == 10838)
-		{
-			$text = $_POST['message'];
-			$text = htmlCHR($text, false, ENT_NOQUOTES);
-			$msg_html_tidy = $bbcode->bbcode2html($text, true);
-
-			if (1 && !empty($_COOKIE['explain']))
-			{
-				$msg_html = $bbcode->bbcode2html($text, false);
-
-				$msg_html = html_compact($msg_html, true);
-				$msg_html_tidy = html_compact($msg_html_tidy, true);
-				$preview_message = html_compact($preview_message, true);
-
-				file_write($msg_html, LOG_DIR.'before_tidy', false, true, true);
-				file_write($msg_html_tidy, LOG_DIR.'after_tidy', false, true, true);
-			}
-			$template->assign_vars(array(
-				'MSG_HTML_TIDY' => $msg_html_tidy,
-			));
-		}
-		if (IS_AM)
-		{
-			$template->assign_vars(array(
-				'SPAM_WORD' => ($bbcode->found_spam) ? '<pre>'. htmlCHR(join("\n", $bbcode->found_spam)) .'</pre>' : '',
-			));
-		}
-		if (0 && $user->id == 10838)
-		{
-			$template->assign_vars(array(
-				'PREVIEW_INPUT_SRC' => get_html_src($_POST['message']),
-				'PREVIEW_HTML_SRC'  => get_html_src($preview_message),
-			));
-		}
-		// ### DBG ###
+		$preview_subject  = $subject;
+		$preview_username = $username;
+		$preview_message  = bbcode2html($message);

 		$template->assign_vars(array(
 			'TPL_PREVIEW_POST' => true,
+			'TOPIC_TITLE'    => wbr($preview_subject),
+			'POST_SUBJECT'   => $preview_subject,
+			'POSTER_NAME'    => $preview_username,
+			'POST_DATE'      => bb_date(TIMENOW),
 			'PREVIEW_MSG'    => $preview_message,
 		));
-
 	}
 }
 else
@ -664,10 +628,6 @@ else
 		$subject = ( $post_data['first_post'] ) ? $post_info['topic_title'] : $post_info['post_subject'];
 		$message = $post_info['post_text'];

-		$message = str_replace('<', '&lt;', $message);
-		$message = str_replace('>', '&gt;', $message);
-		$message = str_replace('<br />', "\n", $message);
-
 		if ( $mode == 'quote' )
 		{
 			if (!defined('WORD_LIST_OBTAINED'))
--- a/upload/privmsg.php
+++ b/upload/privmsg.php
@ -280,7 +280,7 @@ if ( $mode == 'read' )
 		// set limits on numbers of storable posts for users ... hopefully!
 		//
 		$sql = "INSERT INTO " . BB_PRIVMSGS . " (privmsgs_type, privmsgs_subject, privmsgs_from_userid, privmsgs_to_userid, privmsgs_date, privmsgs_ip)
-			VALUES (" . PRIVMSGS_SENT_MAIL . ", '" . str_replace("\'", "''", addslashes($privmsg['privmsgs_subject'])) . "', " . $privmsg['privmsgs_from_userid'] . ", " . $privmsg['privmsgs_to_userid'] . ", " . $privmsg['privmsgs_date'] . ", '" . $privmsg['privmsgs_ip'] . "')";
+			VALUES (" . PRIVMSGS_SENT_MAIL . ", '" . DB()->escape($privmsg['privmsgs_subject']) . "', " . $privmsg['privmsgs_from_userid'] . ", " . $privmsg['privmsgs_to_userid'] . ", " . $privmsg['privmsgs_date'] . ", '" . $privmsg['privmsgs_ip'] . "')";
 		if ( !DB()->sql_query($sql) )
 		{
 			message_die(GENERAL_ERROR, 'Could not insert private message sent info', '', __LINE__, __FILE__, $sql);
@ -289,7 +289,7 @@ if ( $mode == 'read' )
 		$privmsg_sent_id = DB()->sql_nextid();

 		$sql = "INSERT INTO " . BB_PRIVMSGS_TEXT . " (privmsgs_text_id, privmsgs_text)
-			VALUES ($privmsg_sent_id, '" . str_replace("\'", "''", addslashes($privmsg['privmsgs_text'])) . "')";
+			VALUES ($privmsg_sent_id, '" . DB()->escape($privmsg['privmsgs_text']) . "')";
 		if ( !DB()->sql_query($sql) )
 		{
 			message_die(GENERAL_ERROR, 'Could not insert private message sent text', '', __LINE__, __FILE__, $sql);
@ -968,7 +968,7 @@ else if ( $submit || $refresh || $mode != '' )
 		{
 			$to_username = clean_username($_POST['username']);
 			// DelUsrKeepPM
-			$to_username_sql = str_replace("\'", "''", $to_username);
+			$to_username_sql = DB()->escape($to_username);

 			$to_userdata = get_userdata ($to_username_sql);

@ -996,7 +996,7 @@ else if ( $submit || $refresh || $mode != '' )
 		{
 			if ( !$error )
 			{
-				$privmsg_message = DB()->escape($_POST['message']);
+				$privmsg_message = $_POST['message'];
 			}
 		}
 		else
@ -1068,12 +1068,12 @@ else if ( $submit || $refresh || $mode != '' )
 			}

 			$sql_info = "INSERT INTO " . BB_PRIVMSGS . " (privmsgs_type, privmsgs_subject, privmsgs_from_userid, privmsgs_to_userid, privmsgs_date, privmsgs_ip)
-				VALUES (" . PRIVMSGS_NEW_MAIL . ", '" . str_replace("\'", "''", $privmsg_subject) . "', " . $userdata['user_id'] . ", " . $to_userdata['user_id'] . ", $msg_time, '". USER_IP ."')";
+				VALUES (" . PRIVMSGS_NEW_MAIL . ", '" . DB()->escape($privmsg_subject) . "', " . $userdata['user_id'] . ", " . $to_userdata['user_id'] . ", $msg_time, '". USER_IP ."')";
 		}
 		else
 		{
 			$sql_info = "UPDATE " . BB_PRIVMSGS . "
-				SET privmsgs_type = " . PRIVMSGS_NEW_MAIL . ", privmsgs_subject = '" . str_replace("\'", "''", $privmsg_subject) . "', privmsgs_from_userid = " . $userdata['user_id'] . ", privmsgs_to_userid = " . $to_userdata['user_id'] . ", privmsgs_date = $msg_time, privmsgs_ip = '". USER_IP ."'
+				SET privmsgs_type = " . PRIVMSGS_NEW_MAIL . ", privmsgs_subject = '" . DB()->escape($privmsg_subject) . "', privmsgs_from_userid = " . $userdata['user_id'] . ", privmsgs_to_userid = " . $to_userdata['user_id'] . ", privmsgs_date = $msg_time, privmsgs_ip = '". USER_IP ."'
 				WHERE privmsgs_id = $privmsg_id";
 		}

@ -1087,12 +1087,12 @@ else if ( $submit || $refresh || $mode != '' )
 			$privmsg_sent_id = DB()->sql_nextid();

 			$sql = "INSERT INTO " . BB_PRIVMSGS_TEXT . " (privmsgs_text_id, privmsgs_text)
-				VALUES ($privmsg_sent_id, '" . str_replace("\'", "''", $privmsg_message) . "')";
+				VALUES ($privmsg_sent_id, '" . DB()->escape($privmsg_message) . "')";
 		}
 		else
 		{
 			$sql = "UPDATE " . BB_PRIVMSGS_TEXT . "
-				SET privmsgs_text = '" . str_replace("\'", "''", $privmsg_message) . "'
+				SET privmsgs_text = '" . DB()->escape($privmsg_message) . "'
 				WHERE privmsgs_text_id = $privmsg_id";
 		}

@ -1163,14 +1163,10 @@ else if ( $submit || $refresh || $mode != '' )
 		// passed to the script, process it a little, do some checks
 		// where neccessary, etc.
 		//
-		$to_username = (isset($_POST['username']) ) ? trim(htmlspecialchars(stripslashes($_POST['username']))) : '';
+		$to_username = (isset($_POST['username']) ) ? clean_username($_POST['username']) : '';

-		$privmsg_subject = ( isset($_POST['subject']) ) ? trim(strip_tags(stripslashes($_POST['subject']))) : '';
+		$privmsg_subject = ( isset($_POST['subject']) ) ? clean_title($_POST['subject']) : '';
 		$privmsg_message = ( isset($_POST['message']) ) ? trim($_POST['message']) : '';
-		if ( !$preview )
-		{
-			$privmsg_message = stripslashes($privmsg_message);
-		}

 		//
 		// Do mode specific things
@ -1334,8 +1330,6 @@ else if ( $submit || $refresh || $mode != '' )
 			$preview_subject = $privmsg_subject;
 		}

-		$preview_message = str_replace("\n", '<br />', $preview_message);
-
 		$s_hidden_fields = '<input type="hidden" name="folder" value="' . $folder . '" />';
 		$s_hidden_fields .= '<input type="hidden" name="mode" value="' . $mode . '" />';

--- a/upload/report.php
+++ b/upload/report.php
@ -77,7 +77,7 @@ if (isset($report_module))
 	if (isset($_POST['submit']))
 	{
 		$report_reason = (isset($_POST['reason'])) ? (int) $_POST['reason'] : 0;
-		$report_desc = (isset($_POST['message'])) ? htmlspecialchars($_POST['message']) : '';
+		$report_desc = (isset($_POST['message'])) ? $_POST['message'] : '';

 		//
 		// Obtain report title if necessary
@ -88,7 +88,7 @@ if (isset($report_module))
 		}
 		else
 		{
-			$report_title = (isset($_POST['title'])) ? htmlspecialchars($_POST['title']) : '';
+			$report_title = (isset($_POST['title'])) ? $_POST['title'] : '';
 			$report_subject_id = 0;
 		}

@ -110,8 +110,8 @@ if (isset($report_module))
 		//
 		if (empty($errors))
 		{
-			$report_desc = str_replace("\'", "'", $report_desc);
-			$report_title = str_replace("\'", "'", $report_title);
+			$report_desc = DB()->escape($report_desc);
+			$report_title = clean_title($report_title);

 			report_insert($report_module->id, $report_subject_id, $report_reason, $report_title, $report_desc, false);

@ -304,7 +304,7 @@ else
 			{
 				if (isset($_POST['confirm']))
 				{
-					$comment = (isset($_POST['comment'])) ? htmlspecialchars(str_replace("\'", "'", $_POST['comment'])) : '';
+					$comment = (isset($_POST['comment'])) ? DB()->escape($_POST['comment']) : '';

 					switch ($mode)
 					{
--- a/upload/search.php
+++ b/upload/search.php
@ -866,7 +866,7 @@ function username_search ($search_match)
 		$sql = "
 			SELECT username
 			FROM ". BB_USERS ."
-			WHERE username LIKE '". str_replace("\'", "''", $username_search) . "'
+			WHERE username LIKE '". DB()->escape($username_search) . "'
 				AND user_id <> ". ANONYMOUS ."
 			ORDER BY username
 			LIMIT 200
--- a/upload/viewtopic.php
+++ b/upload/viewtopic.php
@ -893,7 +893,7 @@ for($i = 0; $i < $total_posts; $i++)
 	//
 	if ($user_sig)
 	{
-		$user_sig = '<br />_________________<br />' . str_replace("\n", "\n<br />\n", $user_sig);
+		$user_sig = '<br />_________________<br />'. $user_sig;
 	}

 	//