Vergleich xmlhttp.php - 1.6.15 - 1.6.18

  Keine Änderungen   Hinzugefügt   Modifiziert   Entfernt
Zeile 342Zeile 342
	if(!$thread['tid'] || !$forum['fid'] || $forum['type'] != "f")
{
xmlhttp_error($lang->thread_doesnt_exist);

	if(!$thread['tid'] || !$forum['fid'] || $forum['type'] != "f")
{
xmlhttp_error($lang->thread_doesnt_exist);

 
	}

// Check if this forum is password protected and we have a valid password
if(check_forum_password($forum['fid'], 0, true))
{
xmlhttp_error($lang->wrong_forum_password);

	}

// Fetch forum permissions.

	}

// Fetch forum permissions.

Zeile 357Zeile 363
		}
// Forum is not open, user doesn't have permission to edit, or author doesn't match this user - don't allow editing.
else if($forum['open'] == 0 || $forumpermissions['caneditposts'] == 0 || $mybb->user['uid'] != $post['uid'] || $mybb->user['uid'] == 0 || $mybb->user['suspendposting'] == 1)

		}
// Forum is not open, user doesn't have permission to edit, or author doesn't match this user - don't allow editing.
else if($forum['open'] == 0 || $forumpermissions['caneditposts'] == 0 || $mybb->user['uid'] != $post['uid'] || $mybb->user['uid'] == 0 || $mybb->user['suspendposting'] == 1)

		{
xmlhttp_error($lang->no_permission_edit_post);
}

		{
xmlhttp_error($lang->no_permission_edit_post);
}

		// If we're past the edit time limit - don't allow editing.
else if($mybb->settings['edittimelimit'] != 0 && $post['dateline'] < (TIME_NOW-($mybb->settings['edittimelimit']*60)))

		// If we're past the edit time limit - don't allow editing.
else if($mybb->settings['edittimelimit'] != 0 && $post['dateline'] < (TIME_NOW-($mybb->settings['edittimelimit']*60)))

		{

		{

			$lang->edit_time_limit = $lang->sprintf($lang->edit_time_limit, $mybb->settings['edittimelimit']);
xmlhttp_error($lang->edit_time_limit);
}

			$lang->edit_time_limit = $lang->sprintf($lang->edit_time_limit, $mybb->settings['edittimelimit']);
xmlhttp_error($lang->edit_time_limit);
}

Zeile 370Zeile 376
		if($post['visible'] == 0)
{
xmlhttp_error($lang->post_moderation);

		if($post['visible'] == 0)
{
xmlhttp_error($lang->post_moderation);

		}

// Forum is closed - no editing allowed
if($forum['open'] == 0)
{
xmlhttp_error($lang->no_permission_edit_post);

 
		}
}
if($mybb->input['do'] == "get_post")

		}
}
if($mybb->input['do'] == "get_post")

Zeile 650Zeile 650
	$username = $mybb->input['value'];

// Fix bad characters

	$username = $mybb->input['value'];

// Fix bad characters

	$username = trim($username);

	$username = trim_blank_chrs($username);

	$username = str_replace(array(unichr(160), unichr(173), unichr(0xCA), dec_to_utf8(8238), dec_to_utf8(8237), dec_to_utf8(8203)), array(" ", "-", "", "", "", ""), $username);

// Remove multiple spaces from the username

	$username = str_replace(array(unichr(160), unichr(173), unichr(0xCA), dec_to_utf8(8238), dec_to_utf8(8237), dec_to_utf8(8203)), array(" ", "-", "", "", "", ""), $username);

// Remove multiple spaces from the username

Zeile 673Zeile 673
	}

// Check for certain characters in username (<, >, &, and slashes)

	}

// Check for certain characters in username (<, >, &, and slashes)

	if(strpos($username, "<") !== false || strpos($username, ">") !== false || strpos($username, "&") !== false || my_strpos($username, "\\") !== false || strpos($username, ";") !== false || !validate_utf8_string($username, false, false))

	if(strpos($username, "<") !== false || strpos($username, ">") !== false || strpos($username, "&") !== false || my_strpos($username, "\\") !== false || strpos($username, ";") !== false|| strpos($username, ",") !== false || !validate_utf8_string($username, false, false))

	{
echo "<fail>{$lang->banned_characters_username}</fail>";
exit;

	{
echo "<fail>{$lang->banned_characters_username}</fail>";
exit;