| Zeile 205 | Zeile 205 |
|---|
reset($pforumcache);
reset($pforumcache[$fid]);
|
reset($pforumcache);
reset($pforumcache[$fid]);
|
| |
$navigation = '';
|
foreach($pforumcache[$fid] as $key => $forum)
{
if($fid == $forum['fid'])
{
|
foreach($pforumcache[$fid] as $key => $forum)
{
if($fid == $forum['fid'])
{
|
if($pforumcache[$forum['pid']])
| if(!empty($pforumcache[$forum['pid']]))
|
{
$navigation = make_parent_list($forum['pid'], $navsep).$navigation;
}
if($navigation)
|
{
$navigation = make_parent_list($forum['pid'], $navsep).$navigation;
}
if($navigation)
|
{
| {
|
$navigation .= $navsep;
}
$navigation .= $forum['fid'];
| $navigation .= $navsep;
}
$navigation .= $forum['fid'];
|
| Zeile 255 | Zeile 257 |
|---|
$existing_permissions = $db->fetch_array($query2);
if(!$existing_permissions)
|
$existing_permissions = $db->fetch_array($query2);
if(!$existing_permissions)
|
{
| {
|
$query2 = $db->simple_select("usergroups", $db->escape_string(implode(',', array_keys($usergroup_permission_fields))), "gid='{$usergroup['gid']}'", array('limit' => 1));
$existing_permissions = $db->fetch_array($query2);
}
| $query2 = $db->simple_select("usergroups", $db->escape_string(implode(',', array_keys($usergroup_permission_fields))), "gid='{$usergroup['gid']}'", array('limit' => 1));
$existing_permissions = $db->fetch_array($query2);
}
|
| Zeile 264 | Zeile 266 |
|---|
$db->delete_query("forumpermissions", "fid='{$fid}' AND gid='{$usergroup['gid']}'");
// Only insert the new ones if we're using custom permissions
|
$db->delete_query("forumpermissions", "fid='{$fid}' AND gid='{$usergroup['gid']}'");
// Only insert the new ones if we're using custom permissions
|
if($inherit[$usergroup['gid']] != 1)
| if(empty($inherit[$usergroup['gid']]))
|
{
|
{
|
if($canview[$usergroup['gid']] == 1)
| if(!empty($canview[$usergroup['gid']]))
|
{
$pview = 1;
}
| {
$pview = 1;
}
|
| Zeile 275 | Zeile 277 |
|---|
$pview = 0;
}
|
$pview = 0;
}
|
if($canpostthreads[$usergroup['gid']] == 1)
| if(!empty($canpostthreads[$usergroup['gid']]))
|
{
$pthreads = 1;
}
| {
$pthreads = 1;
}
|
| Zeile 284 | Zeile 286 |
|---|
$pthreads = 0;
}
|
$pthreads = 0;
}
|
if($canpostreplies[$usergroup['gid']] == 1)
| if(!empty($canpostreplies[$usergroup['gid']]))
|
{
$preplies = 1;
|
{
$preplies = 1;
|
}
else
{
| }
else
{
|
$preplies = 0;
|
$preplies = 0;
|
}
if($canpostpolls[$usergroup['gid']] == 1)
| }
if(!empty($canpostpolls[$usergroup['gid']]))
|
{
$ppolls = 1;
}
|
{
$ppolls = 1;
}
|
else
{
$ppolls = 0;
}
| else
{
$ppolls = 0;
}
|
if(!$preplies && !$pthreads)
{
$ppost = 0;
}
else
|
if(!$preplies && !$pthreads)
{
$ppost = 0;
}
else
|
{
| {
|
$ppost = 1;
}
| $ppost = 1;
}
|
| Zeile 326 | Zeile 328 |
|---|
{
continue;
}
|
{
continue;
}
|
$insertquery[$db->escape_string($field)] = (int)$existing_permissions[$field];
|
$insertquery[$db->escape_string($field)] = isset($existing_permissions[$field]) ? (int)$existing_permissions[$field] : 0;
|
}
$db->insert_query("forumpermissions", $insertquery);
| }
$db->insert_query("forumpermissions", $insertquery);
|
| Zeile 346 | Zeile 348 |
|---|
function check_admin_permissions($action, $error = true)
{
global $mybb, $page, $lang, $modules_dir;
|
function check_admin_permissions($action, $error = true)
{
global $mybb, $page, $lang, $modules_dir;
|
|
|
if(is_super_admin($mybb->user['uid']))
{
return true;
| if(is_super_admin($mybb->user['uid']))
{
return true;
|
| Zeile 357 | Zeile 359 |
|---|
{
$func = $action['module']."_admin_permissions";
$permissions = $func();
|
{
$func = $action['module']."_admin_permissions";
$permissions = $func();
|
if($permissions['permissions'][$action['action']] && $mybb->admin['permissions'][$action['module']][$action['action']] != 1)
| if(
!empty($permissions['permissions'][$action['action']]) &&
empty($mybb->admin['permissions'][$action['module']][$action['action']])
)
|
{
if($error)
{
| {
if($error)
{
|
| Zeile 366 | Zeile 371 |
|---|
$page->output_error("<b>{$lang->access_denied}</b><ul><li style=\"list-style-type: none;\">{$lang->access_denied_desc}</li></ul>");
$page->output_footer();
exit;
|
$page->output_error("<b>{$lang->access_denied}</b><ul><li style=\"list-style-type: none;\">{$lang->access_denied_desc}</li></ul>");
$page->output_footer();
exit;
|
}
| }
|
else
{
return false;
| else
{
return false;
|
| Zeile 502 | Zeile 507 |
|---|
{
return $final_group_perms;
}
|
{
return $final_group_perms;
}
|
else
| elseif(isset($perms_def))
|
{
return $perms_def;
}
|
{
return $perms_def;
}
|
| |
return array();
|
}
}
| }
}
|
| Zeile 594 | Zeile 601 |
|---|
* @param integer $uid The uid of the admin to check
* @param boolean $return_num Return an array of the number of attempts and expiry time? (default false)
* @return mixed Return an array if the second parameter is true, boolean otherwise.
|
* @param integer $uid The uid of the admin to check
* @param boolean $return_num Return an array of the number of attempts and expiry time? (default false)
* @return mixed Return an array if the second parameter is true, boolean otherwise.
|
*/
| */
|
function login_attempt_check_acp($uid=0, $return_num=false)
{
global $db, $mybb;
|
function login_attempt_check_acp($uid=0, $return_num=false)
{
global $db, $mybb;
|
|
|
$attempts['loginattempts'] = 0;
if($uid > 0)
{
$query = $db->simple_select("adminoptions", "loginattempts, loginlockoutexpiry", "uid='".(int)$uid."'", 1);
$attempts = $db->fetch_array($query);
|
$attempts['loginattempts'] = 0;
if($uid > 0)
{
$query = $db->simple_select("adminoptions", "loginattempts, loginlockoutexpiry", "uid='".(int)$uid."'", 1);
$attempts = $db->fetch_array($query);
|
| |
if(!$attempts)
{
return false;
}
|
}
if($attempts['loginattempts'] <= 0)
| }
if($attempts['loginattempts'] <= 0)
|
| Zeile 655 | Zeile 667 |
|---|
function check_template($template)
{
// Check to see if our database password is in the template
|
function check_template($template)
{
// Check to see if our database password is in the template
|
if(preg_match('#\$config\[(([\'|"]database[\'|"])|([^\'"].*?))\]\[(([\'|"](database|hostname|password|table_prefix|username)[\'|"])|([^\'"].*?))\]#i', $template))
| if(preg_match('#\$config\[(([\'|"]database[\'|"])|([^\'"].*?))\]\[(([\'|"](database|hostname|password|table_prefix|username)[\'|"])|([^\'"].*?))\]#i', $template) !== 0)
|
{
return true;
}
// System calls via backtick
|
{
return true;
}
// System calls via backtick
|
if(preg_match('#\$\s*\{#', $template))
| if(preg_match('#\$\s*\{#', $template) !== 0)
|
{
return true;
}
// Any other malicious acts?
// Courtesy of ZiNgA BuRgA
|
{
return true;
}
// Any other malicious acts?
// Courtesy of ZiNgA BuRgA
|
if(preg_match("~\\{\\$.+?\\}~s", preg_replace('~\\{\\$+[a-zA-Z_][a-zA-Z_0-9]*((?:-\\>|\\:\\:)\\$*[a-zA-Z_][a-zA-Z_0-9]*|\\[\s*\\$*([\'"]?)[a-zA-Z_ 0-9 ]+\\2\\]\s*)*\\}~', '', $template)))
| $allowed = preg_replace('~\\{\\$+[a-zA-Z_][a-zA-Z_0-9]*((?:-\\>|\\:\\:)\\$*[a-zA-Z_][a-zA-Z_0-9]*|\\[\s*\\$*([\'"]?)[a-zA-Z_ 0-9 ]+\\2\\]\s*)*\\}~', '', $template);
if($allowed === null || preg_match("~\\{\\$.+?\\}~s", $allowed) !== 0)
|
{
return true;
}
| {
return true;
}
|
| Zeile 724 | Zeile 737 |
|---|
{
while($post = $db->fetch_array($query))
{
|
{
while($post = $db->fetch_array($query))
{
|
if($post['usepostcounts'] != 0 && $post['visible'] != 0)
| if($post['usepostcounts'] != 0 && $post['visible'] == 1)
|
{
++$post_count;
}
| {
++$post_count;
}
|
| Zeile 750 | Zeile 763 |
|---|
}
$db->update_query("users", array("postnum" => "postnum-".$post_count.""), "uid='".$uid."'", 1, true);
|
}
$db->update_query("users", array("postnum" => "postnum-".$post_count.""), "uid='".$uid."'", 1, true);
|
|
|
$to_return = array(
'to_delete' => $delete_thread_list,
'thread_update' => $thread_list,
| $to_return = array(
'to_delete' => $delete_thread_list,
'thread_update' => $thread_list,
|
| Zeile 758 | Zeile 771 |
|---|
);
return $to_return;
|
);
return $to_return;
|
}
}
}
| }
}
}
|
/**
* Prints a selection JavaScript code for selectable groups/forums fields.
|
/**
* Prints a selection JavaScript code for selectable groups/forums fields.
|
| Zeile 786 | Zeile 799 |
|---|
if($(this).prop('checked') == true)
{
checked = $(this).val();
|
if($(this).prop('checked') == true)
{
checked = $(this).val();
|
}
});
| }
});
|
$('.'+id+'_forums_groups').each(function(e)
|
$('.'+id+'_forums_groups').each(function(e)
|
{
| {
|
$(this).hide();
});
if($('#'+id+'_forums_groups_'+checked))
{
$('#'+id+'_forums_groups_'+checked).show();
|
$(this).hide();
});
if($('#'+id+'_forums_groups_'+checked))
{
$('#'+id+'_forums_groups_'+checked).show();
|
}
}
| }
}
|
</script>";
}
| </script>";
}
|
| Zeile 807 | Zeile 820 |
|---|
function array_column($input, $column_key)
{
$values = array();
|
function array_column($input, $column_key)
{
$values = array();
|
|
|
if(!is_array($input))
{
$input = array($input);
| if(!is_array($input))
{
$input = array($input);
|
| Zeile 827 | Zeile 840 |
|---|
return $values;
}
|
return $values;
}
|
| | }
/**
* Output the auto redirect block.
*
* @param \Form $form An existing form instance to wrap the redirect within.
* @param string $prompt The prompt to show.
*/
function output_auto_redirect($form, $prompt)
{
global $lang;
echo <<<HTML
<div class="confirm_action">
<p>{$prompt}</p>
<br />
<script type="text/javascript">
$(function() {
var button = $("#proceed_button");
if (button.length > 0) {
// create a temporary div element to render the text within, un-escaping HTML entities
var textElement = $('<div/>').html('{$lang->automatically_redirecting}');
button.val(textElement.text());
button.attr("disabled", true);
button.css("color", "#aaa");
button.css("borderColor", "#aaa");
var parent_form = button.closest('form');
if (parent_form.length > 0) {
parent_form.submit();
}
}
});
</script>
<p class="buttons">
{$form->generate_submit_button($lang->proceed, array('class' => 'button_yes', 'id' => 'proceed_button'))}
</p>
</div>
HTML;
|
}
| }
|