From 05f8756a1273e7d36e0c31eb5ee814fc9f724ec1 Mon Sep 17 00:00:00 2001
From: slawkens1 <slawkens@gmail.com>
Date: Tue, 14 Nov 2017 19:58:44 +0100
Subject: [PATCH] * fixed viewing pages with capital letters (like serverInfo)
 on case sensitive systems

* fixed changing comment of characters with space and other special
characters in name (#29)
* fixed viewing guilds with space and other special characters in name
(#29)
* (kathrine template) fixed displaying menu when no URI is set (URI =
'/')
* added some additional checks for Validator guildName and rankName if
name is empty
* (internal) new twig filter: urlencode, which is using urlencode php
function
---
 index.php                                  | 126 +++++++++++----------
 system/init.php                            |   5 +
 system/libs/validator.php                  |  10 ++
 system/pages/account/change_comment.php    |   2 +-
 system/pages/guilds.php                    |  12 +-
 system/pages/guilds/accept_invite.php      |  11 +-
 system/pages/guilds/add_rank.php           |   2 +-
 system/pages/guilds/change_description.php |   2 +-
 system/pages/guilds/change_logo.php        |   2 +-
 system/pages/guilds/change_motd.php        |   2 +-
 system/pages/guilds/change_rank.php        |   2 +-
 system/pages/guilds/create.php             |   2 +-
 system/pages/guilds/delete_by_admin.php    |   2 +-
 system/pages/guilds/delete_guild.php       |   2 +-
 system/pages/guilds/delete_invite.php      |   2 +-
 system/pages/guilds/delete_rank.php        |   2 +-
 system/pages/guilds/invite.php             |   2 +-
 system/pages/guilds/kick_player.php        |   2 +-
 system/pages/guilds/leave_guild.php        |   2 +-
 system/pages/guilds/list_of_guilds.php     |   8 +-
 system/pages/guilds/manager.php            |   2 +-
 system/pages/guilds/pass_leadership.php    |   2 +-
 system/pages/guilds/save_ranks.php         |   2 +-
 system/pages/guilds/show.php               |   2 +-
 system/pages/spells.php                    |   2 +-
 templates/kathrine/template.php            |   8 +-
 26 files changed, 124 insertions(+), 94 deletions(-)

diff --git a/index.php b/index.php
index 8443c651..284342a7 100644
--- a/index.php
+++ b/index.php
@@ -68,72 +68,74 @@ if(empty($uri) || isset($_REQUEST['template'])) {
 	$_REQUEST['p'] = 'news';
 	$found = true;
 }
-else if(!preg_match('/[^A-z0-9_\-]/', $uri) && file_exists(SYSTEM . 'pages/' . $uri . '.php')) {
-	$_REQUEST['p'] = $uri;
-	$found = true;
-}
 else {
-	$rules = array(
-		'/^account\/manage\/?$/' => array('subtopic' => 'accountmanagement'),
-		'/^account\/create\/?$/' => array('subtopic' => 'createaccount'),
-		'/^account\/lost\/?$/' => array('subtopic' => 'lostaccount'),
-		'/^account\/logout\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'logout'),
-		'/^account\/password\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_password'),
-		'/^account\/register\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'register'),
-		'/^account\/register\/new\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'register_new'),
-		'/^account\/email\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_email'),
-		'/^account\/info\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_info'),
-		'/^account\/character\/create\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'create_character'),
-		'/^account\/character\/name\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_name'),
-		'/^account\/character\/sex\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_sex'),
-		'/^account\/character\/delete\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'delete_character'),
-		'/^account\/character\/comment\/[A-Za-z]+\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_comment', 'name' => '$3'),
-		'/^account\/character\/comment\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_comment'),
-		'/^account\/confirm_email\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'confirm_email', 'v' => '$2'),
-		'/^characters\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'characters', 'name' => '$1'),
-		'/^commands\/add\/?$/' => array('subtopic' => 'commands', 'action' => 'add'),
-		'/^commands\/edit\/?$/' => array('subtopic' => 'commands', 'action' => 'edit'),
-		'/^faq\/add\/?$/' => array('subtopic' => 'faq', 'action' => 'add'),
-		'/^faq\/edit\/?$/' => array('subtopic' => 'faq', 'action' => 'edit'),
-		'/^forum\/add_board\/?$/' => array('subtopic' => 'forum', 'action' => 'add_board'),#
-		'/^forum\/edit_board\/?$/' => array('subtopic' => 'forum', 'action' => 'edit_board'),
-		'/^forum\/board\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_board', 'id' => '$2'),
-		'/^forum\/board\/[0-9]+\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_board', 'id' => '$2', 'page' => '$3'),
-		'/^forum\/thread\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_thread', 'id' => '$2'),
-		'/^forum\/thread\/[0-9]+\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_thread', 'id' => '$2', 'page' => '$3'),
-		'/^gallery\/add\/?$/' => array('subtopic' => 'gallery', 'action' => 'add'),
-		'/^gallery\/edit\/?$/' => array('subtopic' => 'gallery', 'action' => 'edit'),
-		'/^gallery\/[0-9]+\/?$/' => array('subtopic' => 'gallery', 'image' => '$1'),
-		'/^gifts\/history\/?$/' => array('subtopic' => 'gifts', 'action' => 'show_history'),
-		'/^guilds\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'guilds', 'action' => 'show', 'guild' => '$1'),
-		'/^highscores\/[A-Za-z0-9-_]+\/[A-Za-z0-9-_]+\/[0-9]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'vocation' => '$2', 'page' => '$3'),
-		'/^highscores\/[A-Za-z0-9-_]+\/[0-9]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'page' => '$2'),
-		'/^highscores\/[A-Za-z0-9-_]+\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'vocation' => '$2'),
-		'/^highscores\/[A-Za-z0-9-_\']+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1'),
-		'/^news\/add\/?$/' => array('subtopic' => 'news', 'action' => 'add'),
-		'/^news\/edit\/?$/' => array('subtopic' => 'news', 'action' => 'edit'),
-		'/^news\/archive\/?$/' => array('subtopic' => 'newsarchive'),
-		'/^news\/archive\/[0-9]+\/?$/' => array('subtopic' => 'newsarchive', 'id' => '$2'),
-		'/^polls\/[0-9]+\/?$/' => array('subtopic' => 'polls', 'id' => '$1'),
-		'/^spells\/[A-Za-z0-9-_%]+\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'spells', 'vocation' => '$1', 'order' => '$2'),
-		'/^gifts\/history\/?$/' => array('subtopic' => 'gifts', 'action' => 'show_history'),
-	);
-	
-	foreach($rules as $rule => $redirect) {
-		if (preg_match($rule, $uri)) {
-			$tmp = explode('/', $uri);
-			foreach($redirect as $key => $value) {
-				
-				if(strpos($value, '$') !== false) {
-					$value = str_replace('$' . $value[1], $tmp[$value[1]], $value);
+	$tmp = strtolower($uri);
+	if(!preg_match('/[^A-z0-9_\-]/', $uri) && file_exists(SYSTEM . 'pages/' . $tmp . '.php')) {
+		$_REQUEST['p'] = $uri;
+		$found = true;
+	}
+	else {
+		$rules = array(
+			'/^account\/manage\/?$/' => array('subtopic' => 'accountmanagement'),
+			'/^account\/create\/?$/' => array('subtopic' => 'createaccount'),
+			'/^account\/lost\/?$/' => array('subtopic' => 'lostaccount'),
+			'/^account\/logout\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'logout'),
+			'/^account\/password\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_password'),
+			'/^account\/register\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'register'),
+			'/^account\/register\/new\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'register_new'),
+			'/^account\/email\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_email'),
+			'/^account\/info\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_info'),
+			'/^account\/character\/create\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'create_character'),
+			'/^account\/character\/name\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_name'),
+			'/^account\/character\/sex\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_sex'),
+			'/^account\/character\/delete\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'delete_character'),
+			'/^account\/character\/comment\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_comment'),
+			'/^account\/confirm_email\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'confirm_email', 'v' => '$2'),
+			'/^characters\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'characters', 'name' => '$1'),
+			'/^commands\/add\/?$/' => array('subtopic' => 'commands', 'action' => 'add'),
+			'/^commands\/edit\/?$/' => array('subtopic' => 'commands', 'action' => 'edit'),
+			'/^faq\/add\/?$/' => array('subtopic' => 'faq', 'action' => 'add'),
+			'/^faq\/edit\/?$/' => array('subtopic' => 'faq', 'action' => 'edit'),
+			'/^forum\/add_board\/?$/' => array('subtopic' => 'forum', 'action' => 'add_board'),#
+			'/^forum\/edit_board\/?$/' => array('subtopic' => 'forum', 'action' => 'edit_board'),
+			'/^forum\/board\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_board', 'id' => '$2'),
+			'/^forum\/board\/[0-9]+\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_board', 'id' => '$2', 'page' => '$3'),
+			'/^forum\/thread\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_thread', 'id' => '$2'),
+			'/^forum\/thread\/[0-9]+\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_thread', 'id' => '$2', 'page' => '$3'),
+			'/^gallery\/add\/?$/' => array('subtopic' => 'gallery', 'action' => 'add'),
+			'/^gallery\/edit\/?$/' => array('subtopic' => 'gallery', 'action' => 'edit'),
+			'/^gallery\/[0-9]+\/?$/' => array('subtopic' => 'gallery', 'image' => '$1'),
+			'/^gifts\/history\/?$/' => array('subtopic' => 'gifts', 'action' => 'show_history'),
+			'/^guilds\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'guilds', 'action' => 'show', 'guild' => '$1'),
+			'/^highscores\/[A-Za-z0-9-_]+\/[A-Za-z0-9-_]+\/[0-9]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'vocation' => '$2', 'page' => '$3'),
+			'/^highscores\/[A-Za-z0-9-_]+\/[0-9]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'page' => '$2'),
+			'/^highscores\/[A-Za-z0-9-_]+\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'vocation' => '$2'),
+			'/^highscores\/[A-Za-z0-9-_\']+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1'),
+			'/^news\/add\/?$/' => array('subtopic' => 'news', 'action' => 'add'),
+			'/^news\/edit\/?$/' => array('subtopic' => 'news', 'action' => 'edit'),
+			'/^news\/archive\/?$/' => array('subtopic' => 'newsarchive'),
+			'/^news\/archive\/[0-9]+\/?$/' => array('subtopic' => 'newsarchive', 'id' => '$2'),
+			'/^polls\/[0-9]+\/?$/' => array('subtopic' => 'polls', 'id' => '$1'),
+			'/^spells\/[A-Za-z0-9-_%]+\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'spells', 'vocation' => '$1', 'order' => '$2'),
+			'/^gifts\/history\/?$/' => array('subtopic' => 'gifts', 'action' => 'show_history'),
+		);
+		
+		foreach($rules as $rule => $redirect) {
+			if (preg_match($rule, $uri)) {
+				$tmp = explode('/', $uri);
+				foreach($redirect as $key => $value) {
+					
+					if(strpos($value, '$') !== false) {
+						$value = str_replace('$' . $value[1], $tmp[$value[1]], $value);
+					}
+					
+					$_REQUEST[$key] = $value;
+					$_GET[$key] = $value;
 				}
 				
-				$_REQUEST[$key] = $value;
-				$_GET[$key] = $value;
+				$found = true;
+				break;
 			}
-			
-			$found = true;
-			break;
 		}
 	}
 }
diff --git a/system/init.php b/system/init.php
index 0644a58c..3a29aa37 100644
--- a/system/init.php
+++ b/system/init.php
@@ -57,6 +57,11 @@ $function = new Twig_SimpleFunction('hook', function ($hook) {
 });
 $twig->addFunction($function);
 
+$filter = new Twig_SimpleFilter('urlencode', function ($s) {
+	return urlencode($s);
+});
+$twig->addFilter($filter);
+
 // trim values we receive
 if(isset($_POST))
 {
diff --git a/system/libs/validator.php b/system/libs/validator.php
index 1846a000..9e2bba3a 100644
--- a/system/libs/validator.php
+++ b/system/libs/validator.php
@@ -364,6 +364,11 @@ class Validator
 	 */
 	public static function guildName($name)
 	{
+		if(empty($name)) {
+			self::$lastError = 'Please enter guild name.';
+			return false;
+		}
+		
 		if(strspn($name, "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM0123456789- ") != strlen($name)) {
 			self::$lastError = 'Invalid guild name format.';
 			return false;
@@ -386,6 +391,11 @@ class Validator
 	 */
 	public static function rankName($name)
 	{
+		if(empty($name)) {
+			self::$lastError = 'Please enter rank name.';
+			return false;
+		}
+		
 		if(strspn($name, "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM0123456789-[ ] ") != strlen($name)) {
 			self::$lastError = 'Invalid rank name. Please use only a-Z, 0-9 and spaces.';
 			return false;
diff --git a/system/pages/account/change_comment.php b/system/pages/account/change_comment.php
index c6ade13b..a70020b6 100644
--- a/system/pages/account/change_comment.php
+++ b/system/pages/account/change_comment.php
@@ -10,7 +10,7 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
-$player_name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : null;
+$player_name = isset($_REQUEST['name']) ? stripslashes(urldecode($_REQUEST['name'])) : null;
 $new_comment = isset($_POST['comment']) ? htmlspecialchars(stripslashes(substr($_POST['comment'],0,2000))) : NULL;
 $new_hideacc = isset($_POST['accountvisible']) ? (int)$_POST['accountvisible'] : NULL;
 
diff --git a/system/pages/guilds.php b/system/pages/guilds.php
index 5990d5f1..6adbfa35 100644
--- a/system/pages/guilds.php
+++ b/system/pages/guilds.php
@@ -22,7 +22,15 @@ define('MOTD_EXISTS', fieldExist('motd', 'guilds'));
 if(empty($action)) {
 	require(PAGES . 'guilds/list_of_guilds.php');
 }
-else if(file_exists(PAGES . 'guilds/' . $action . '.php')) {
-	require(PAGES . 'guilds/' . $action . '.php');
+else {
+	if(!ctype_alnum(str_replace(array('-', '_'), '', $action))) {
+		error('Error: Action contains illegal characters.');
+	}
+	else if(file_exists(PAGES . 'guilds/' . $action . '.php')) {
+		require(PAGES . 'guilds/' . $action . '.php');
+	}
+	else {
+		error('This page does not exists.');
+	}
 }
 ?>
diff --git a/system/pages/guilds/accept_invite.php b/system/pages/guilds/accept_invite.php
index b8613a01..096b0f64 100644
--- a/system/pages/guilds/accept_invite.php
+++ b/system/pages/guilds/accept_invite.php
@@ -11,7 +11,7 @@
 defined('MYAAC') or die('Direct access not allowed!');
 
 //set rights in guild
-$guild_name = isset($_REQUEST['guild']) ? $_REQUEST['guild'] : NULL;
+$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : NULL;
 $name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : NULL;
 if(!$logged) {
 	$errors[] = 'You are not logged in. You can\'t accept invitations.';
@@ -86,12 +86,13 @@ else
 				}
 			}
 		}
-	}
-	
-	if(!$acc_invited) {
-		$errors[] = "Any character from your account isn't invited to <b>" . $guild->getName() . "</b>.";
+
+		if(!$acc_invited) {
+			$errors[] = "Any character from your account isn't invited to <b>" . $guild->getName() . "</b>.";
+		}
 	}
 }
+
 if(!empty($errors)) {
 	echo $twig->render('error_box.html.twig', array('errors' => $errors));
 	
diff --git a/system/pages/guilds/add_rank.php b/system/pages/guilds/add_rank.php
index 0867429a..d15ba634 100644
--- a/system/pages/guilds/add_rank.php
+++ b/system/pages/guilds/add_rank.php
@@ -10,7 +10,7 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
-$guild_name = $_REQUEST['guild'];
+$guild_name = urldecode($_REQUEST['guild']);
 $ranknew = $_REQUEST['rank_name'];
 if(!Validator::guildName($guild_name)) {
 	$guild_errors[] = Validator::getLastError();
diff --git a/system/pages/guilds/change_description.php b/system/pages/guilds/change_description.php
index 896a6bbd..fb9ae673 100644
--- a/system/pages/guilds/change_description.php
+++ b/system/pages/guilds/change_description.php
@@ -10,7 +10,7 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
-$guild_name = $_REQUEST['guild'];
+$guild_name = urldecode($_REQUEST['guild']);
 if(!Validator::guildName($guild_name)) {
 	$errors[] = Validator::getLastError();
 }
diff --git a/system/pages/guilds/change_logo.php b/system/pages/guilds/change_logo.php
index d0ea3d50..484b6bf3 100644
--- a/system/pages/guilds/change_logo.php
+++ b/system/pages/guilds/change_logo.php
@@ -10,7 +10,7 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
-$guild_name = $_REQUEST['guild'];
+$guild_name = urldecode($_REQUEST['guild']);
 if(!Validator::guildName($guild_name)) {
 	$errors[] = Validator::getLastError();
 }
diff --git a/system/pages/guilds/change_motd.php b/system/pages/guilds/change_motd.php
index 86b169af..4a7349c2 100644
--- a/system/pages/guilds/change_motd.php
+++ b/system/pages/guilds/change_motd.php
@@ -13,7 +13,7 @@ defined('MYAAC') or die('Direct access not allowed!');
 if(!MOTD_EXISTS)
 	return;
 
-$guild_name = $_REQUEST['guild'];
+$guild_name = urldecode($_REQUEST['guild']);
 if(!Validator::guildName($guild_name)) {
 	$errors[] = Validator::getLastError();
 }
diff --git a/system/pages/guilds/change_rank.php b/system/pages/guilds/change_rank.php
index e7068fe8..ed8e9400 100644
--- a/system/pages/guilds/change_rank.php
+++ b/system/pages/guilds/change_rank.php
@@ -10,7 +10,7 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
-$guild_name = $_REQUEST['guild'];
+$guild_name = urldecode($_REQUEST['guild']);
 if(!Validator::guildName($guild_name))
 	$errors[] = Validator::getLastError();
 if(!$logged)
diff --git a/system/pages/guilds/create.php b/system/pages/guilds/create.php
index 60545fad..9a507fc4 100644
--- a/system/pages/guilds/create.php
+++ b/system/pages/guilds/create.php
@@ -10,7 +10,7 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
-$guild_name = isset($_REQUEST['guild']) ? $_REQUEST['guild'] : NULL;
+$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : NULL;
 $name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : NULL;
 $todo = isset($_REQUEST['todo']) ? $_REQUEST['todo'] : NULL;
 if(!$logged) {
diff --git a/system/pages/guilds/delete_by_admin.php b/system/pages/guilds/delete_by_admin.php
index 4e9ecd4f..7026dece 100644
--- a/system/pages/guilds/delete_by_admin.php
+++ b/system/pages/guilds/delete_by_admin.php
@@ -10,7 +10,7 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
-$guild_name = $_REQUEST['guild'];
+$guild_name = urldecode($_REQUEST['guild']);
 if(!Validator::guildName($guild_name)) {
 	$errors[] = Validator::getLastError();
 }
diff --git a/system/pages/guilds/delete_guild.php b/system/pages/guilds/delete_guild.php
index b485daf8..562954dd 100644
--- a/system/pages/guilds/delete_guild.php
+++ b/system/pages/guilds/delete_guild.php
@@ -10,7 +10,7 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
-$guild_name = $_REQUEST['guild'];
+$guild_name = urldecode($_REQUEST['guild']);
 if(!Validator::guildName($guild_name)) {
 	$errors[] = Validator::getLastError();
 }
diff --git a/system/pages/guilds/delete_invite.php b/system/pages/guilds/delete_invite.php
index 8cbf07a0..1e02fa72 100644
--- a/system/pages/guilds/delete_invite.php
+++ b/system/pages/guilds/delete_invite.php
@@ -11,7 +11,7 @@
 defined('MYAAC') or die('Direct access not allowed!');
 
 //set rights in guild
-$guild_name = $_REQUEST['guild'];
+$guild_name = urldecode($_REQUEST['guild']);
 $name = stripslashes($_REQUEST['name']);
 if(!$logged)
 	$guild_errors[] = 'You are not logged in. You can\'t delete invitations.';
diff --git a/system/pages/guilds/delete_rank.php b/system/pages/guilds/delete_rank.php
index 00f10e48..3a151087 100644
--- a/system/pages/guilds/delete_rank.php
+++ b/system/pages/guilds/delete_rank.php
@@ -10,7 +10,7 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
-$guild_name = $_REQUEST['guild'];
+$guild_name = urldecode($_REQUEST['guild']);
 $rank_to_delete = (int) $_REQUEST['rankid'];
 if(!Validator::guildName($guild_name)) {
 	$guild_errors[] = Validator::getLastError();
diff --git a/system/pages/guilds/invite.php b/system/pages/guilds/invite.php
index ed13e621..dee4ff3f 100644
--- a/system/pages/guilds/invite.php
+++ b/system/pages/guilds/invite.php
@@ -11,7 +11,7 @@
 defined('MYAAC') or die('Direct access not allowed!');
 
 //set rights in guild
-$guild_name = isset($_REQUEST['guild']) ? $_REQUEST['guild'] : NULL;
+$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : NULL;
 $name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : NULL;
 if(!$logged) {
 	$errors[] = "You are not logged in. You can't invite players.";
diff --git a/system/pages/guilds/kick_player.php b/system/pages/guilds/kick_player.php
index 0518230b..284b9455 100644
--- a/system/pages/guilds/kick_player.php
+++ b/system/pages/guilds/kick_player.php
@@ -11,7 +11,7 @@
 defined('MYAAC') or die('Direct access not allowed!');
 
 //set rights in guild
-$guild_name = $_REQUEST['guild'];
+$guild_name = urldecode($_REQUEST['guild']);
 $name = stripslashes($_REQUEST['name']);
 if(!$logged) {
 	$errors[] = 'You are not logged in. You can\'t kick characters.';
diff --git a/system/pages/guilds/leave_guild.php b/system/pages/guilds/leave_guild.php
index 8b266504..180f9f82 100644
--- a/system/pages/guilds/leave_guild.php
+++ b/system/pages/guilds/leave_guild.php
@@ -11,7 +11,7 @@
 defined('MYAAC') or die('Direct access not allowed!');
 
 //set rights in guild
-$guild_name = isset($_REQUEST['guild']) ? $_REQUEST['guild'] : NULL;
+$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : NULL;
 $name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : NULL;
 if(!$logged) {
 	$errors[] = "You are not logged in. You can't leave guild.";
diff --git a/system/pages/guilds/list_of_guilds.php b/system/pages/guilds/list_of_guilds.php
index 1829c406..34650db4 100644
--- a/system/pages/guilds/list_of_guilds.php
+++ b/system/pages/guilds/list_of_guilds.php
@@ -79,22 +79,20 @@ else
 	{
 		foreach($guilds_list as $guild)
 		{
-			$link = ($config['friendly_urls'] ? '' : '?') . 'guilds/' . $guild->getName();
-			
 			$guild_logo = $guild->getCustomField('logo_name');
 			if(empty($guild_logo) || !file_exists('images/guilds/' . $guild_logo))
 				$guild_logo = "default.gif";
+
 			$description = $guild->getCustomField('description');
 			$description_with_lines = str_replace(array("\r\n", "\n", "\r"), '<br />', $description, $count);
 			if($count < $config['guild_description_lines_limit'])
 				$description = wordwrap(nl2br($description), 60, "<br />", true);
-			//$description = $description_with_lines;
-			
+
 			echo '<TR BGCOLOR="' . getStyle($showed_guilds++) . '"><TD><IMG SRC="images/guilds/' . $guild_logo.'" WIDTH=64 HEIGHT=64></TD>
 					<TD valign="top"><B>'.$guild->getName().'</B><BR/>'.$description.'';
 			if(admin())
 				echo '<br /><a href="?subtopic=guilds&action=delete_by_admin&guild='.$guild->getName().'">Delete this guild (for ADMIN only!)</a>';
-			echo '</TD><TD><TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0><FORM ACTION="' . $link . '" METHOD=post><TR><TD>
+			echo '</TD><TD><TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0><FORM ACTION="' . getGuildLink($guild->getName(), false) . '" METHOD=post><TR><TD>
 					<INPUT TYPE=image NAME="View" ALT="View" SRC="'.$template_path.'/images/global/buttons/sbutton_view.gif" BORDER=0 WIDTH=120 HEIGHT=18>
 					</TD></TR></FORM></TABLE>
 					</TD></TR>';
diff --git a/system/pages/guilds/manager.php b/system/pages/guilds/manager.php
index da8688c3..5d07c7b3 100644
--- a/system/pages/guilds/manager.php
+++ b/system/pages/guilds/manager.php
@@ -10,7 +10,7 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
-$guild_name = $_REQUEST['guild'];
+$guild_name = urldecode($_REQUEST['guild']);
 if(!Validator::guildName($guild_name)) {
 	$guild_errors[] = Validator::getLastError();
 }
diff --git a/system/pages/guilds/pass_leadership.php b/system/pages/guilds/pass_leadership.php
index a9ac01a4..b830e173 100644
--- a/system/pages/guilds/pass_leadership.php
+++ b/system/pages/guilds/pass_leadership.php
@@ -10,7 +10,7 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
-$guild_name = isset($_REQUEST['guild']) ? $_REQUEST['guild'] : NULL;
+$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : NULL;
 $pass_to = isset($_REQUEST['player']) ? stripslashes($_REQUEST['player']) : NULL;
 if(!Validator::guildName($guild_name)) {
 	$guild_errors[] = Validator::getLastError();
diff --git a/system/pages/guilds/save_ranks.php b/system/pages/guilds/save_ranks.php
index d9b6fc01..00508b1f 100644
--- a/system/pages/guilds/save_ranks.php
+++ b/system/pages/guilds/save_ranks.php
@@ -10,7 +10,7 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
-$guild_name = $_REQUEST['guild'];
+$guild_name = urldecode($_REQUEST['guild']);
 if(!Validator::guildName($guild_name)) {
 	$errors[] = Validator::get;
 }
diff --git a/system/pages/guilds/show.php b/system/pages/guilds/show.php
index 405fc353..a6769401 100644
--- a/system/pages/guilds/show.php
+++ b/system/pages/guilds/show.php
@@ -10,7 +10,7 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
-$guild_name = $_REQUEST['guild'];
+$guild_name = urldecode($_REQUEST['guild']);
 if(!Validator::guildName($guild_name))
 	$errors[] = Validator::getLastError();
 
diff --git a/system/pages/spells.php b/system/pages/spells.php
index 56eef108..77fa9c54 100644
--- a/system/pages/spells.php
+++ b/system/pages/spells.php
@@ -30,7 +30,7 @@ if(isset($_REQUEST['vocation_id'])) {
 	}
 }
 else {
-	$vocation = (isset($_REQUEST['vocation']) ? rawurldecode($_REQUEST['vocation']) : 'all');
+	$vocation = (isset($_REQUEST['vocation']) ? urldecode($_REQUEST['vocation']) : 'all');
 	
 	if($vocation == 'all') {
 		$vocation_id = 'all';
diff --git a/templates/kathrine/template.php b/templates/kathrine/template.php
index f29218fd..56ce5daf 100644
--- a/templates/kathrine/template.php
+++ b/templates/kathrine/template.php
@@ -32,7 +32,13 @@ defined('MYAAC') or die('Direct access not allowed!');
 						$tmp = array($_REQUEST['subtopic']);
 					}
 					else {
-						$tmp = explode('/', URI);
+						$tmp = URI;
+						if(empty($tmp)) {
+							$tmp = array('news');
+						}
+						else {
+							$tmp = explode('/', URI);
+						}
 					}
 					
 				if(in_array($tmp[0], get_template_pages(MENU_CATEGORY_NEWS)))