diff --git a/index.php b/index.php index 8443c651..284342a7 100644 --- a/index.php +++ b/index.php @@ -68,72 +68,74 @@ if(empty($uri) || isset($_REQUEST['template'])) { $_REQUEST['p'] = 'news'; $found = true; } -else if(!preg_match('/[^A-z0-9_\-]/', $uri) && file_exists(SYSTEM . 'pages/' . $uri . '.php')) { - $_REQUEST['p'] = $uri; - $found = true; -} else { - $rules = array( - '/^account\/manage\/?$/' => array('subtopic' => 'accountmanagement'), - '/^account\/create\/?$/' => array('subtopic' => 'createaccount'), - '/^account\/lost\/?$/' => array('subtopic' => 'lostaccount'), - '/^account\/logout\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'logout'), - '/^account\/password\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_password'), - '/^account\/register\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'register'), - '/^account\/register\/new\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'register_new'), - '/^account\/email\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_email'), - '/^account\/info\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_info'), - '/^account\/character\/create\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'create_character'), - '/^account\/character\/name\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_name'), - '/^account\/character\/sex\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_sex'), - '/^account\/character\/delete\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'delete_character'), - '/^account\/character\/comment\/[A-Za-z]+\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_comment', 'name' => '$3'), - '/^account\/character\/comment\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_comment'), - '/^account\/confirm_email\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'confirm_email', 'v' => '$2'), - '/^characters\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'characters', 'name' => '$1'), - '/^commands\/add\/?$/' => array('subtopic' => 'commands', 'action' => 'add'), - '/^commands\/edit\/?$/' => array('subtopic' => 'commands', 'action' => 'edit'), - '/^faq\/add\/?$/' => array('subtopic' => 'faq', 'action' => 'add'), - '/^faq\/edit\/?$/' => array('subtopic' => 'faq', 'action' => 'edit'), - '/^forum\/add_board\/?$/' => array('subtopic' => 'forum', 'action' => 'add_board'),# - '/^forum\/edit_board\/?$/' => array('subtopic' => 'forum', 'action' => 'edit_board'), - '/^forum\/board\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_board', 'id' => '$2'), - '/^forum\/board\/[0-9]+\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_board', 'id' => '$2', 'page' => '$3'), - '/^forum\/thread\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_thread', 'id' => '$2'), - '/^forum\/thread\/[0-9]+\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_thread', 'id' => '$2', 'page' => '$3'), - '/^gallery\/add\/?$/' => array('subtopic' => 'gallery', 'action' => 'add'), - '/^gallery\/edit\/?$/' => array('subtopic' => 'gallery', 'action' => 'edit'), - '/^gallery\/[0-9]+\/?$/' => array('subtopic' => 'gallery', 'image' => '$1'), - '/^gifts\/history\/?$/' => array('subtopic' => 'gifts', 'action' => 'show_history'), - '/^guilds\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'guilds', 'action' => 'show', 'guild' => '$1'), - '/^highscores\/[A-Za-z0-9-_]+\/[A-Za-z0-9-_]+\/[0-9]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'vocation' => '$2', 'page' => '$3'), - '/^highscores\/[A-Za-z0-9-_]+\/[0-9]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'page' => '$2'), - '/^highscores\/[A-Za-z0-9-_]+\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'vocation' => '$2'), - '/^highscores\/[A-Za-z0-9-_\']+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1'), - '/^news\/add\/?$/' => array('subtopic' => 'news', 'action' => 'add'), - '/^news\/edit\/?$/' => array('subtopic' => 'news', 'action' => 'edit'), - '/^news\/archive\/?$/' => array('subtopic' => 'newsarchive'), - '/^news\/archive\/[0-9]+\/?$/' => array('subtopic' => 'newsarchive', 'id' => '$2'), - '/^polls\/[0-9]+\/?$/' => array('subtopic' => 'polls', 'id' => '$1'), - '/^spells\/[A-Za-z0-9-_%]+\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'spells', 'vocation' => '$1', 'order' => '$2'), - '/^gifts\/history\/?$/' => array('subtopic' => 'gifts', 'action' => 'show_history'), - ); - - foreach($rules as $rule => $redirect) { - if (preg_match($rule, $uri)) { - $tmp = explode('/', $uri); - foreach($redirect as $key => $value) { - - if(strpos($value, '$') !== false) { - $value = str_replace('$' . $value[1], $tmp[$value[1]], $value); + $tmp = strtolower($uri); + if(!preg_match('/[^A-z0-9_\-]/', $uri) && file_exists(SYSTEM . 'pages/' . $tmp . '.php')) { + $_REQUEST['p'] = $uri; + $found = true; + } + else { + $rules = array( + '/^account\/manage\/?$/' => array('subtopic' => 'accountmanagement'), + '/^account\/create\/?$/' => array('subtopic' => 'createaccount'), + '/^account\/lost\/?$/' => array('subtopic' => 'lostaccount'), + '/^account\/logout\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'logout'), + '/^account\/password\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_password'), + '/^account\/register\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'register'), + '/^account\/register\/new\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'register_new'), + '/^account\/email\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_email'), + '/^account\/info\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_info'), + '/^account\/character\/create\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'create_character'), + '/^account\/character\/name\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_name'), + '/^account\/character\/sex\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_sex'), + '/^account\/character\/delete\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'delete_character'), + '/^account\/character\/comment\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_comment'), + '/^account\/confirm_email\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'confirm_email', 'v' => '$2'), + '/^characters\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'characters', 'name' => '$1'), + '/^commands\/add\/?$/' => array('subtopic' => 'commands', 'action' => 'add'), + '/^commands\/edit\/?$/' => array('subtopic' => 'commands', 'action' => 'edit'), + '/^faq\/add\/?$/' => array('subtopic' => 'faq', 'action' => 'add'), + '/^faq\/edit\/?$/' => array('subtopic' => 'faq', 'action' => 'edit'), + '/^forum\/add_board\/?$/' => array('subtopic' => 'forum', 'action' => 'add_board'),# + '/^forum\/edit_board\/?$/' => array('subtopic' => 'forum', 'action' => 'edit_board'), + '/^forum\/board\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_board', 'id' => '$2'), + '/^forum\/board\/[0-9]+\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_board', 'id' => '$2', 'page' => '$3'), + '/^forum\/thread\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_thread', 'id' => '$2'), + '/^forum\/thread\/[0-9]+\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_thread', 'id' => '$2', 'page' => '$3'), + '/^gallery\/add\/?$/' => array('subtopic' => 'gallery', 'action' => 'add'), + '/^gallery\/edit\/?$/' => array('subtopic' => 'gallery', 'action' => 'edit'), + '/^gallery\/[0-9]+\/?$/' => array('subtopic' => 'gallery', 'image' => '$1'), + '/^gifts\/history\/?$/' => array('subtopic' => 'gifts', 'action' => 'show_history'), + '/^guilds\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'guilds', 'action' => 'show', 'guild' => '$1'), + '/^highscores\/[A-Za-z0-9-_]+\/[A-Za-z0-9-_]+\/[0-9]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'vocation' => '$2', 'page' => '$3'), + '/^highscores\/[A-Za-z0-9-_]+\/[0-9]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'page' => '$2'), + '/^highscores\/[A-Za-z0-9-_]+\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'vocation' => '$2'), + '/^highscores\/[A-Za-z0-9-_\']+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1'), + '/^news\/add\/?$/' => array('subtopic' => 'news', 'action' => 'add'), + '/^news\/edit\/?$/' => array('subtopic' => 'news', 'action' => 'edit'), + '/^news\/archive\/?$/' => array('subtopic' => 'newsarchive'), + '/^news\/archive\/[0-9]+\/?$/' => array('subtopic' => 'newsarchive', 'id' => '$2'), + '/^polls\/[0-9]+\/?$/' => array('subtopic' => 'polls', 'id' => '$1'), + '/^spells\/[A-Za-z0-9-_%]+\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'spells', 'vocation' => '$1', 'order' => '$2'), + '/^gifts\/history\/?$/' => array('subtopic' => 'gifts', 'action' => 'show_history'), + ); + + foreach($rules as $rule => $redirect) { + if (preg_match($rule, $uri)) { + $tmp = explode('/', $uri); + foreach($redirect as $key => $value) { + + if(strpos($value, '$') !== false) { + $value = str_replace('$' . $value[1], $tmp[$value[1]], $value); + } + + $_REQUEST[$key] = $value; + $_GET[$key] = $value; } - $_REQUEST[$key] = $value; - $_GET[$key] = $value; + $found = true; + break; } - - $found = true; - break; } } } diff --git a/system/init.php b/system/init.php index 0644a58c..3a29aa37 100644 --- a/system/init.php +++ b/system/init.php @@ -57,6 +57,11 @@ $function = new Twig_SimpleFunction('hook', function ($hook) { }); $twig->addFunction($function); +$filter = new Twig_SimpleFilter('urlencode', function ($s) { + return urlencode($s); +}); +$twig->addFilter($filter); + // trim values we receive if(isset($_POST)) { diff --git a/system/libs/validator.php b/system/libs/validator.php index 1846a000..9e2bba3a 100644 --- a/system/libs/validator.php +++ b/system/libs/validator.php @@ -364,6 +364,11 @@ class Validator */ public static function guildName($name) { + if(empty($name)) { + self::$lastError = 'Please enter guild name.'; + return false; + } + if(strspn($name, "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM0123456789- ") != strlen($name)) { self::$lastError = 'Invalid guild name format.'; return false; @@ -386,6 +391,11 @@ class Validator */ public static function rankName($name) { + if(empty($name)) { + self::$lastError = 'Please enter rank name.'; + return false; + } + if(strspn($name, "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM0123456789-[ ] ") != strlen($name)) { self::$lastError = 'Invalid rank name. Please use only a-Z, 0-9 and spaces.'; return false; diff --git a/system/pages/account/change_comment.php b/system/pages/account/change_comment.php index c6ade13b..a70020b6 100644 --- a/system/pages/account/change_comment.php +++ b/system/pages/account/change_comment.php @@ -10,7 +10,7 @@ */ defined('MYAAC') or die('Direct access not allowed!'); -$player_name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : null; +$player_name = isset($_REQUEST['name']) ? stripslashes(urldecode($_REQUEST['name'])) : null; $new_comment = isset($_POST['comment']) ? htmlspecialchars(stripslashes(substr($_POST['comment'],0,2000))) : NULL; $new_hideacc = isset($_POST['accountvisible']) ? (int)$_POST['accountvisible'] : NULL; diff --git a/system/pages/guilds.php b/system/pages/guilds.php index 5990d5f1..6adbfa35 100644 --- a/system/pages/guilds.php +++ b/system/pages/guilds.php @@ -22,7 +22,15 @@ define('MOTD_EXISTS', fieldExist('motd', 'guilds')); if(empty($action)) { require(PAGES . 'guilds/list_of_guilds.php'); } -else if(file_exists(PAGES . 'guilds/' . $action . '.php')) { - require(PAGES . 'guilds/' . $action . '.php'); +else { + if(!ctype_alnum(str_replace(array('-', '_'), '', $action))) { + error('Error: Action contains illegal characters.'); + } + else if(file_exists(PAGES . 'guilds/' . $action . '.php')) { + require(PAGES . 'guilds/' . $action . '.php'); + } + else { + error('This page does not exists.'); + } } ?> diff --git a/system/pages/guilds/accept_invite.php b/system/pages/guilds/accept_invite.php index b8613a01..096b0f64 100644 --- a/system/pages/guilds/accept_invite.php +++ b/system/pages/guilds/accept_invite.php @@ -11,7 +11,7 @@ defined('MYAAC') or die('Direct access not allowed!'); //set rights in guild -$guild_name = isset($_REQUEST['guild']) ? $_REQUEST['guild'] : NULL; +$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : NULL; $name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : NULL; if(!$logged) { $errors[] = 'You are not logged in. You can\'t accept invitations.'; @@ -86,12 +86,13 @@ else } } } - } - - if(!$acc_invited) { - $errors[] = "Any character from your account isn't invited to " . $guild->getName() . "."; + + if(!$acc_invited) { + $errors[] = "Any character from your account isn't invited to " . $guild->getName() . "."; + } } } + if(!empty($errors)) { echo $twig->render('error_box.html.twig', array('errors' => $errors)); diff --git a/system/pages/guilds/add_rank.php b/system/pages/guilds/add_rank.php index 0867429a..d15ba634 100644 --- a/system/pages/guilds/add_rank.php +++ b/system/pages/guilds/add_rank.php @@ -10,7 +10,7 @@ */ defined('MYAAC') or die('Direct access not allowed!'); -$guild_name = $_REQUEST['guild']; +$guild_name = urldecode($_REQUEST['guild']); $ranknew = $_REQUEST['rank_name']; if(!Validator::guildName($guild_name)) { $guild_errors[] = Validator::getLastError(); diff --git a/system/pages/guilds/change_description.php b/system/pages/guilds/change_description.php index 896a6bbd..fb9ae673 100644 --- a/system/pages/guilds/change_description.php +++ b/system/pages/guilds/change_description.php @@ -10,7 +10,7 @@ */ defined('MYAAC') or die('Direct access not allowed!'); -$guild_name = $_REQUEST['guild']; +$guild_name = urldecode($_REQUEST['guild']); if(!Validator::guildName($guild_name)) { $errors[] = Validator::getLastError(); } diff --git a/system/pages/guilds/change_logo.php b/system/pages/guilds/change_logo.php index d0ea3d50..484b6bf3 100644 --- a/system/pages/guilds/change_logo.php +++ b/system/pages/guilds/change_logo.php @@ -10,7 +10,7 @@ */ defined('MYAAC') or die('Direct access not allowed!'); -$guild_name = $_REQUEST['guild']; +$guild_name = urldecode($_REQUEST['guild']); if(!Validator::guildName($guild_name)) { $errors[] = Validator::getLastError(); } diff --git a/system/pages/guilds/change_motd.php b/system/pages/guilds/change_motd.php index 86b169af..4a7349c2 100644 --- a/system/pages/guilds/change_motd.php +++ b/system/pages/guilds/change_motd.php @@ -13,7 +13,7 @@ defined('MYAAC') or die('Direct access not allowed!'); if(!MOTD_EXISTS) return; -$guild_name = $_REQUEST['guild']; +$guild_name = urldecode($_REQUEST['guild']); if(!Validator::guildName($guild_name)) { $errors[] = Validator::getLastError(); } diff --git a/system/pages/guilds/change_rank.php b/system/pages/guilds/change_rank.php index e7068fe8..ed8e9400 100644 --- a/system/pages/guilds/change_rank.php +++ b/system/pages/guilds/change_rank.php @@ -10,7 +10,7 @@ */ defined('MYAAC') or die('Direct access not allowed!'); -$guild_name = $_REQUEST['guild']; +$guild_name = urldecode($_REQUEST['guild']); if(!Validator::guildName($guild_name)) $errors[] = Validator::getLastError(); if(!$logged) diff --git a/system/pages/guilds/create.php b/system/pages/guilds/create.php index 60545fad..9a507fc4 100644 --- a/system/pages/guilds/create.php +++ b/system/pages/guilds/create.php @@ -10,7 +10,7 @@ */ defined('MYAAC') or die('Direct access not allowed!'); -$guild_name = isset($_REQUEST['guild']) ? $_REQUEST['guild'] : NULL; +$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : NULL; $name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : NULL; $todo = isset($_REQUEST['todo']) ? $_REQUEST['todo'] : NULL; if(!$logged) { diff --git a/system/pages/guilds/delete_by_admin.php b/system/pages/guilds/delete_by_admin.php index 4e9ecd4f..7026dece 100644 --- a/system/pages/guilds/delete_by_admin.php +++ b/system/pages/guilds/delete_by_admin.php @@ -10,7 +10,7 @@ */ defined('MYAAC') or die('Direct access not allowed!'); -$guild_name = $_REQUEST['guild']; +$guild_name = urldecode($_REQUEST['guild']); if(!Validator::guildName($guild_name)) { $errors[] = Validator::getLastError(); } diff --git a/system/pages/guilds/delete_guild.php b/system/pages/guilds/delete_guild.php index b485daf8..562954dd 100644 --- a/system/pages/guilds/delete_guild.php +++ b/system/pages/guilds/delete_guild.php @@ -10,7 +10,7 @@ */ defined('MYAAC') or die('Direct access not allowed!'); -$guild_name = $_REQUEST['guild']; +$guild_name = urldecode($_REQUEST['guild']); if(!Validator::guildName($guild_name)) { $errors[] = Validator::getLastError(); } diff --git a/system/pages/guilds/delete_invite.php b/system/pages/guilds/delete_invite.php index 8cbf07a0..1e02fa72 100644 --- a/system/pages/guilds/delete_invite.php +++ b/system/pages/guilds/delete_invite.php @@ -11,7 +11,7 @@ defined('MYAAC') or die('Direct access not allowed!'); //set rights in guild -$guild_name = $_REQUEST['guild']; +$guild_name = urldecode($_REQUEST['guild']); $name = stripslashes($_REQUEST['name']); if(!$logged) $guild_errors[] = 'You are not logged in. You can\'t delete invitations.'; diff --git a/system/pages/guilds/delete_rank.php b/system/pages/guilds/delete_rank.php index 00f10e48..3a151087 100644 --- a/system/pages/guilds/delete_rank.php +++ b/system/pages/guilds/delete_rank.php @@ -10,7 +10,7 @@ */ defined('MYAAC') or die('Direct access not allowed!'); -$guild_name = $_REQUEST['guild']; +$guild_name = urldecode($_REQUEST['guild']); $rank_to_delete = (int) $_REQUEST['rankid']; if(!Validator::guildName($guild_name)) { $guild_errors[] = Validator::getLastError(); diff --git a/system/pages/guilds/invite.php b/system/pages/guilds/invite.php index ed13e621..dee4ff3f 100644 --- a/system/pages/guilds/invite.php +++ b/system/pages/guilds/invite.php @@ -11,7 +11,7 @@ defined('MYAAC') or die('Direct access not allowed!'); //set rights in guild -$guild_name = isset($_REQUEST['guild']) ? $_REQUEST['guild'] : NULL; +$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : NULL; $name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : NULL; if(!$logged) { $errors[] = "You are not logged in. You can't invite players."; diff --git a/system/pages/guilds/kick_player.php b/system/pages/guilds/kick_player.php index 0518230b..284b9455 100644 --- a/system/pages/guilds/kick_player.php +++ b/system/pages/guilds/kick_player.php @@ -11,7 +11,7 @@ defined('MYAAC') or die('Direct access not allowed!'); //set rights in guild -$guild_name = $_REQUEST['guild']; +$guild_name = urldecode($_REQUEST['guild']); $name = stripslashes($_REQUEST['name']); if(!$logged) { $errors[] = 'You are not logged in. You can\'t kick characters.'; diff --git a/system/pages/guilds/leave_guild.php b/system/pages/guilds/leave_guild.php index 8b266504..180f9f82 100644 --- a/system/pages/guilds/leave_guild.php +++ b/system/pages/guilds/leave_guild.php @@ -11,7 +11,7 @@ defined('MYAAC') or die('Direct access not allowed!'); //set rights in guild -$guild_name = isset($_REQUEST['guild']) ? $_REQUEST['guild'] : NULL; +$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : NULL; $name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : NULL; if(!$logged) { $errors[] = "You are not logged in. You can't leave guild."; diff --git a/system/pages/guilds/list_of_guilds.php b/system/pages/guilds/list_of_guilds.php index 1829c406..34650db4 100644 --- a/system/pages/guilds/list_of_guilds.php +++ b/system/pages/guilds/list_of_guilds.php @@ -79,22 +79,20 @@ else { foreach($guilds_list as $guild) { - $link = ($config['friendly_urls'] ? '' : '?') . 'guilds/' . $guild->getName(); - $guild_logo = $guild->getCustomField('logo_name'); if(empty($guild_logo) || !file_exists('images/guilds/' . $guild_logo)) $guild_logo = "default.gif"; + $description = $guild->getCustomField('description'); $description_with_lines = str_replace(array("\r\n", "\n", "\r"), '
', $description, $count); if($count < $config['guild_description_lines_limit']) $description = wordwrap(nl2br($description), 60, "
", true); - //$description = $description_with_lines; - + echo ' '.$guild->getName().'
'.$description.''; if(admin()) echo '
Delete this guild (for ADMIN only!)'; - echo ''; diff --git a/system/pages/guilds/manager.php b/system/pages/guilds/manager.php index da8688c3..5d07c7b3 100644 --- a/system/pages/guilds/manager.php +++ b/system/pages/guilds/manager.php @@ -10,7 +10,7 @@ */ defined('MYAAC') or die('Direct access not allowed!'); -$guild_name = $_REQUEST['guild']; +$guild_name = urldecode($_REQUEST['guild']); if(!Validator::guildName($guild_name)) { $guild_errors[] = Validator::getLastError(); } diff --git a/system/pages/guilds/pass_leadership.php b/system/pages/guilds/pass_leadership.php index a9ac01a4..b830e173 100644 --- a/system/pages/guilds/pass_leadership.php +++ b/system/pages/guilds/pass_leadership.php @@ -10,7 +10,7 @@ */ defined('MYAAC') or die('Direct access not allowed!'); -$guild_name = isset($_REQUEST['guild']) ? $_REQUEST['guild'] : NULL; +$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : NULL; $pass_to = isset($_REQUEST['player']) ? stripslashes($_REQUEST['player']) : NULL; if(!Validator::guildName($guild_name)) { $guild_errors[] = Validator::getLastError(); diff --git a/system/pages/guilds/save_ranks.php b/system/pages/guilds/save_ranks.php index d9b6fc01..00508b1f 100644 --- a/system/pages/guilds/save_ranks.php +++ b/system/pages/guilds/save_ranks.php @@ -10,7 +10,7 @@ */ defined('MYAAC') or die('Direct access not allowed!'); -$guild_name = $_REQUEST['guild']; +$guild_name = urldecode($_REQUEST['guild']); if(!Validator::guildName($guild_name)) { $errors[] = Validator::get; } diff --git a/system/pages/guilds/show.php b/system/pages/guilds/show.php index 405fc353..a6769401 100644 --- a/system/pages/guilds/show.php +++ b/system/pages/guilds/show.php @@ -10,7 +10,7 @@ */ defined('MYAAC') or die('Direct access not allowed!'); -$guild_name = $_REQUEST['guild']; +$guild_name = urldecode($_REQUEST['guild']); if(!Validator::guildName($guild_name)) $errors[] = Validator::getLastError(); diff --git a/system/pages/spells.php b/system/pages/spells.php index 56eef108..77fa9c54 100644 --- a/system/pages/spells.php +++ b/system/pages/spells.php @@ -30,7 +30,7 @@ if(isset($_REQUEST['vocation_id'])) { } } else { - $vocation = (isset($_REQUEST['vocation']) ? rawurldecode($_REQUEST['vocation']) : 'all'); + $vocation = (isset($_REQUEST['vocation']) ? urldecode($_REQUEST['vocation']) : 'all'); if($vocation == 'all') { $vocation_id = 'all'; diff --git a/templates/kathrine/template.php b/templates/kathrine/template.php index f29218fd..56ce5daf 100644 --- a/templates/kathrine/template.php +++ b/templates/kathrine/template.php @@ -32,7 +32,13 @@ defined('MYAAC') or die('Direct access not allowed!'); $tmp = array($_REQUEST['subtopic']); } else { - $tmp = explode('/', URI); + $tmp = URI; + if(empty($tmp)) { + $tmp = array('news'); + } + else { + $tmp = explode('/', URI); + } } if(in_array($tmp[0], get_template_pages(MENU_CATEGORY_NEWS)))
+ echo '