Ignore:
Timestamp:
Nov 19, 2009, 10:54:46 PM (15 years ago)
Author:
Eric
Message:

[NBC_UserAdvManager] Merged from trunk to branch 2.12
Bug 1238 fixed - Simple custom email text wasn't send when Extended Description plugin wasn't set
Bug 1245 fixed - Semicolons (;) are no longer allowed in text areas (mail info text, ConfirmMail text, reminder text,...). They'll be replaced by dots (.).
Bug 1248 fixed - Php notice on user registration with a forbidden email domain
Bug 1250 fixed - Email provider didn't work after the third exclusion in list

File:
1 edited

Legend:

Unmodified
Added
Removed
  • extensions/NBC_UserAdvManager/branches/2.12/admin/UserAdvManager_admin.php

    r4168 r4317  
    4545$error = array();
    4646$UserAdvManager_Password_Test_Score = 0;
     47$pattern = '/;/';
     48$replacement = '.';
     49
     50$UserAdvManager_MailInfo_Error_Txt = false;
     51$UserAdvManager_ConfirmMail_Error_Txt = false;
     52$UserAdvManager_Reminder_Error_Txt = false;
     53$UserAdvManager_ConfirmMail_Error_Txt1 = false;
     54$UserAdvManager_ConfirmMail_Error_Txt2 = false;
    4755
    4856// +-----------------------------------------------------------------------+
     
    6068       
    6169        if (isset($_POST['submit']) and !is_adviser() and isset($_POST['UserAdvManager_Mail_Info']) and isset($_POST['UserAdvManager_No_Casse']) and isset($_POST['UserAdvManager_Username_Char']) and isset($_POST['UserAdvManager_Confirm_Mail']) and isset($_POST['UserAdvManager_No_Comment_Anonymous']) and isset($_POST['UserAdvManager_Password_Enforced']) and isset($_POST['UserAdvManager_AdminPassword_Enforced']) and isset($_POST['UserAdvManager_GhostUser_Tracker']))
    62   {
     70  { 
    6371                $_POST['UserAdvManager_MailInfo_Text'] = str_replace("\'", "'", str_replace("\\\\", "\\", $_POST['UserAdvManager_MailInfo_Text']));
     72   
    6473                $_POST['UserAdvManager_ConfirmMail_Text'] = str_replace("\'", "'", str_replace("\\\\", "\\", $_POST['UserAdvManager_ConfirmMail_Text']));
    6574
    66   $_POST['UserAdvManager_GhostTracker_ReminderText'] = str_replace("\'", "'", str_replace("\\\\", "\\", $_POST['UserAdvManager_GhostTracker_ReminderText']));
     75    $_POST['UserAdvManager_GhostTracker_ReminderText'] = str_replace("\'", "'", str_replace("\\\\", "\\", $_POST['UserAdvManager_GhostTracker_ReminderText']));
     76
     77
     78/* Control of semicolons - Replaced by dots - Warning message is displayed */   
     79    if ((preg_match($pattern, $_POST['UserAdvManager_MailInfo_Text'])) or (preg_match($pattern, $_POST['UserAdvManager_GhostTracker_ReminderText'])) or (preg_match($pattern, $_POST['UserAdvManager_ConfirmMail_Text'])))
     80    {
     81      if (preg_match($pattern, $_POST['UserAdvManager_MailInfo_Text']))
     82      {
     83        $_POST['UserAdvManager_MailInfo_Text'] = preg_replace($pattern, $replacement, $_POST['UserAdvManager_MailInfo_Text']);
     84        $UserAdvManager_MailInfo_Error_Txt = true;
     85      }
     86     
     87      if (preg_match($pattern, $_POST['UserAdvManager_ConfirmMail_Text']))
     88      {
     89        $_POST['UserAdvManager_ConfirmMail_Text'] = preg_replace($pattern, $replacement, $_POST['UserAdvManager_ConfirmMail_Text']);
     90        $UserAdvManager_ConfirmMail_Error_Txt = true;
     91      }
     92     
     93      if (preg_match($pattern, $_POST['UserAdvManager_GhostTracker_ReminderText']))
     94      {
     95        $_POST['UserAdvManager_GhostTracker_ReminderText'] = preg_replace($pattern, $replacement, $_POST['UserAdvManager_GhostTracker_ReminderText']);
     96        $UserAdvManager_Reminder_Error_Txt = true;
     97      }
     98     
     99      array_push($page['errors'], l10n('mail_text_error'));
     100    }
    67101               
    68102                $newconf_nbc_UserAdvManager = $_POST['UserAdvManager_Mail_Info'].';'.$_POST['UserAdvManager_No_Casse'].';'.$_POST['UserAdvManager_Confirm_Mail'].';'.(isset($_POST['UserAdvManager_No_Confirm_Group'])?$_POST['UserAdvManager_No_Confirm_Group']:'').';'.(isset($_POST['UserAdvManager_Validated_Group'])?$_POST['UserAdvManager_Validated_Group']:'').';'.(isset($_POST['UserAdvManager_Validated_Status'])?$_POST['UserAdvManager_Validated_Status']:'').';'.$_POST['UserAdvManager_No_Comment_Anonymous'].';'.$_POST['UserAdvManager_Username_Char'].';'.$_POST['UserAdvManager_Username_List'].';'.(isset($_POST['UserAdvManager_No_Confirm_Status'])?$_POST['UserAdvManager_No_Confirm_Status']:'').';'.$_POST['UserAdvManager_MailInfo_Text'].';'.$_POST['UserAdvManager_ConfirmMail_Text'].';'.$_POST['UserAdvManager_MailExclusion'].';'.$_POST['UserAdvManager_MailExclusion_List'].';'.$_POST['UserAdvManager_Password_Enforced'].';'.$_POST['UserAdvManager_Password_Score'].';'.$_POST['UserAdvManager_AdminPassword_Enforced'].';'.$_POST['UserAdvManager_GhostUser_Tracker'].';'.$_POST['UserAdvManager_GhostTracker_DayLimit'].';'.$_POST['UserAdvManager_GhostTracker_ReminderText'];
     
    107141  $result = pwg_query($query);
    108142       
    109   while ($row = mysql_fetch_array($result))
     143  while ($row = mysql_fetch_assoc($result))
    110144  {
    111145    $groups[$row['id']] = $row['name'];
     
    214248    'UserAdvManager_GHOSTRACKER_REMINDERTEXT' => $conf_nbc_UserAdvManager[19],
    215249                'UserAdvManager_PASSWORD_TEST_SCORE'      => $UserAdvManager_Password_Test_Score,
     250    'UserAdvManager_ERROR_REPORTS1'           => $UserAdvManager_MailInfo_Error_Txt,
     251    'UserAdvManager_ERROR_REPORTS2'           => $UserAdvManager_ConfirmMail_Error_Txt,
     252    'UserAdvManager_ERROR_REPORTS3'           => $UserAdvManager_Reminder_Error_Txt,
    216253    )
    217254  );
     
    238275                  $result = pwg_query($query);
    239276                       
    240                   while($row = mysql_fetch_array($result))
     277                  while($row = mysql_fetch_assoc($result))
    241278                {
    242                                 $msg_error1 .= (($msg_error1 <> '') ? '<br/>' : '') . l10n('Err_audit_no_casse').$row['username'];
     279                                $msg_error1 .= (($msg_error1 <> '') ? '<br/>' : '') . l10n('Err_audit_no_casse').stripslashes($row['username']);
    243280                        }
    244281                }
     
    256293                        $result = pwg_query($query);
    257294                       
    258                         while($row = mysql_fetch_array($result))
     295                        while($row = mysql_fetch_assoc($result))
    259296                        {
    260                                 if (!ValidateUsername($row['username']))
    261                                         $msg_error2 .= (($msg_error2 <> '') ? '<br/>' : '') . l10n('Err_audit_username_char').$row['username'];
     297                                if (!ValidateUsername(stripslashes($row['username'])))
     298                                        $msg_error2 .= (($msg_error2 <> '') ? '<br/>' : '') . l10n('Err_audit_username_char').stripslashes($row['username']);
    262299                        }
    263300                }
     
    275312                  $result = pwg_query($query);
    276313                       
    277                   while($row = mysql_fetch_array($result))
     314                  while($row = mysql_fetch_assoc($result))
    278315                  {
    279316                                $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array();
     
    284321                                  if (preg_match($pattern, $row['mail_address']))
    285322                                  {
    286                                                 $msg_error3 .=  (($msg_error3 <> '') ? '<br/>' : '') . l10n('Err_audit_email_forbidden').$row['username'].' ('.$row['mail_address'].')';
     323                                                $msg_error3 .=  (($msg_error3 <> '') ? '<br/>' : '') . l10n('Err_audit_email_forbidden').stripslashes($row['username']).' ('.$row['mail_address'].')';
    287324                                        }
    288325                                }
     
    340377                {
    341378                $_POST['UserAdvManager_ConfirmMail_ReMail_Txt1'] = str_replace("\'", "'", str_replace("\\\\", "\\", $_POST['UserAdvManager_ConfirmMail_ReMail_Txt1']));
     379
    342380                $_POST['UserAdvManager_ConfirmMail_ReMail_Txt2'] = str_replace("\'", "'", str_replace("\\\\", "\\", $_POST['UserAdvManager_ConfirmMail_ReMail_Txt2']));
     381
     382/* Control of semicolons - Replaced by dots - Warning message displayed */
     383    if ((preg_match($pattern, $_POST['UserAdvManager_ConfirmMail_ReMail_Txt1'])) or (preg_match($pattern, $_POST['UserAdvManager_ConfirmMail_ReMail_Txt2'])))
     384    {
     385      if ((preg_match($pattern, $_POST['UserAdvManager_ConfirmMail_ReMail_Txt1'])))
     386      {
     387        $_POST['UserAdvManager_ConfirmMail_ReMail_Txt1'] = preg_replace($pattern, $replacement, $_POST['UserAdvManager_ConfirmMail_ReMail_Txt1']);
     388        $UserAdvManager_ConfirmMail_Error_Txt1 = true;
     389      }
     390     
     391      if ((preg_match($pattern, $_POST['UserAdvManager_ConfirmMail_ReMail_Txt2'])))
     392      {
     393        $_POST['UserAdvManager_ConfirmMail_ReMail_Txt2'] = preg_replace($pattern, $replacement, $_POST['UserAdvManager_ConfirmMail_ReMail_Txt2']);
     394       
     395        $UserAdvManager_ConfirmMail_Error_Txt2 = true;
     396      }
     397     
     398      array_push($page['errors'], l10n('mail_text_error'));
     399    }
    343400                 
    344401                $newconf_nbc_UserAdvManager_ConfirmMail = $_POST['UserAdvManager_ConfirmMail_TimeOut'].';'.$_POST['UserAdvManager_ConfirmMail_Delay'].';'.$_POST['UserAdvManager_ConfirmMail_ReMail_Txt1'].';'.$_POST['UserAdvManager_ConfirmMail_Remail'].';'.$_POST['UserAdvManager_ConfirmMail_ReMail_Txt2'];
     
    371428    'UserAdvManager_CONFIRMMAIL_REMAIL_TXT1'            => $conf_nbc_UserAdvManager_ConfirmMail[2],
    372429    'UserAdvManager_CONFIRMMAIL_REMAIL_TXT2'            => $conf_nbc_UserAdvManager_ConfirmMail[4],
     430    'UserAdvManager_ERROR_REPORTS1'             => $UserAdvManager_ConfirmMail_Error_Txt1,
     431    'UserAdvManager_ERROR_REPORTS2'             => $UserAdvManager_ConfirmMail_Error_Txt2,
    373432        )
    374433          );           
     
    588647WHERE id = '".$user_id."'
    589648;";
    590                                         $data = mysql_fetch_array(pwg_query($query));
     649                                        $data = mysql_fetch_assoc(pwg_query($query));
    591650                               
    592                 ResendMail2User($typemail,$user_id,$data['username'],$data['mail_address'],true);
     651                ResendMail2User($typemail,$user_id,stripslashes($data['username']),$data['mail_address'],true);
    593652        }
    594653        array_push(
     
    673732;";
    674733                                       
    675                                         $data = mysql_fetch_array(pwg_query($query));
     734                                        $data = mysql_fetch_assoc(pwg_query($query));
    676735                               
    677                 ResendMail2User($typemail,$user_id,$data['username'],$data['mail_address'],false);                             
     736                ResendMail2User($typemail,$user_id,stripslashes($data['username']),$data['mail_address'],false);                               
    678737        }
    679738        array_push(
     
    757816;";
    758817                                       
    759                                         $data = mysql_fetch_array(pwg_query($query));
     818                                        $data = mysql_fetch_assoc(pwg_query($query));
    760819                               
    761820                ForceValidation($data['id']);                           
     
    788847                $result = pwg_query($query);
    789848         
    790     while ($row = mysql_fetch_array($result))
     849    while ($row = mysql_fetch_assoc($result))
    791850    {
    792851      $groups[$row['id']] = $row['name'];
     
    884943                'U_PROFILE' => $profile_url.$local_user['id'],
    885944                'U_PERM' => $perm_url.$local_user['id'],
    886                 'USERNAME' => $local_user['username']
     945                'USERNAME' => stripslashes($local_user['username'])
    887946                                                .($local_user['id'] == $conf['guest_id']
    888947                                                ? '<BR />['.l10n('is_the_guest').']' : '')
     
    11121171;";
    11131172                                       
    1114                                         $data = mysql_fetch_array(pwg_query($query));
     1173                                        $data = mysql_fetch_assoc(pwg_query($query));
    11151174                               
    1116                 ghostreminder($user_id,$data['username'],$data['mail_address']);                               
     1175                ghostreminder($user_id,stripslashes($data['username']),$data['mail_address']);                         
    11171176        }
    11181177        array_push(
     
    11561215          $result = pwg_query($query);
    11571216         
    1158           while ($row = mysql_fetch_array($result))
     1217          while ($row = mysql_fetch_assoc($result))
    11591218          {
    11601219            list($dbnow) = mysql_fetch_row(pwg_query('SELECT NOW();'));
     
    11831242          $result = pwg_query($query);
    11841243         
    1185           while($row = mysql_fetch_array($result))
     1244          while($row = mysql_fetch_assoc($result))
    11861245          {
    11871246            list($dbnow) = mysql_fetch_row(pwg_query('SELECT NOW();'));
     
    12761335                'ID' => $local_user['id'],
    12771336                'CHECKED' => $checked,
    1278                 'USERNAME' => $local_user['username']
     1337                'USERNAME' => stripslashes($local_user['username'])
    12791338                                                .($local_user['id'] == $conf['guest_id']
    12801339                                                ? '<BR />['.l10n('is_the_guest').']' : '')
Note: See TracChangeset for help on using the changeset viewer.