* fixed viewing pages with capital letters (like serverInfo) on case sensitive systems

* fixed changing comment of characters with space and other special
characters in name (#29)
* fixed viewing guilds with space and other special characters in name
(#29)
* (kathrine template) fixed displaying menu when no URI is set (URI =
'/')
* added some additional checks for Validator guildName and rankName if
name is empty
* (internal) new twig filter: urlencode, which is using urlencode php
function

system/pages/account/change_comment.php

@@ -10,7 +10,7 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
-$player_name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : null;
+$player_name = isset($_REQUEST['name']) ? stripslashes(urldecode($_REQUEST['name'])) : null;
 $new_comment = isset($_POST['comment']) ? htmlspecialchars(stripslashes(substr($_POST['comment'],0,2000))) : NULL;
 $new_hideacc = isset($_POST['accountvisible']) ? (int)$_POST['accountvisible'] : NULL;
 

system/pages/guilds.php

@@ -22,7 +22,15 @@ define('MOTD_EXISTS', fieldExist('motd', 'guilds'));
 if(empty($action)) {
 	require(PAGES . 'guilds/list_of_guilds.php');
 }
-else if(file_exists(PAGES . 'guilds/' . $action . '.php')) {
-	require(PAGES . 'guilds/' . $action . '.php');
+else {
+	if(!ctype_alnum(str_replace(array('-', '_'), '', $action))) {
+		error('Error: Action contains illegal characters.');
+	}
+	else if(file_exists(PAGES . 'guilds/' . $action . '.php')) {
+		require(PAGES . 'guilds/' . $action . '.php');
+	}
+	else {
+		error('This page does not exists.');
+	}
 }
 ?>

system/pages/guilds/accept_invite.php

@@ -11,7 +11,7 @@
 defined('MYAAC') or die('Direct access not allowed!');
 
 //set rights in guild
-$guild_name = isset($_REQUEST['guild']) ? $_REQUEST['guild'] : NULL;
+$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : NULL;
 $name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : NULL;
 if(!$logged) {
 	$errors[] = 'You are not logged in. You can\'t accept invitations.';
@@ -86,12 +86,13 @@ else
 				}
 			}
 		}
-	}
-	
-	if(!$acc_invited) {
-		$errors[] = "Any character from your account isn't invited to <b>" . $guild->getName() . "</b>.";
+
+		if(!$acc_invited) {
+			$errors[] = "Any character from your account isn't invited to <b>" . $guild->getName() . "</b>.";
+		}
 	}
 }
+
 if(!empty($errors)) {
 	echo $twig->render('error_box.html.twig', array('errors' => $errors));
 	

system/pages/guilds/add_rank.php

@@ -10,7 +10,7 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
-$guild_name = $_REQUEST['guild'];
+$guild_name = urldecode($_REQUEST['guild']);
 $ranknew = $_REQUEST['rank_name'];
 if(!Validator::guildName($guild_name)) {
 	$guild_errors[] = Validator::getLastError();

system/pages/guilds/change_description.php

@@ -10,7 +10,7 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
-$guild_name = $_REQUEST['guild'];
+$guild_name = urldecode($_REQUEST['guild']);
 if(!Validator::guildName($guild_name)) {
 	$errors[] = Validator::getLastError();
 }

system/pages/guilds/change_logo.php

@@ -10,7 +10,7 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
-$guild_name = $_REQUEST['guild'];
+$guild_name = urldecode($_REQUEST['guild']);
 if(!Validator::guildName($guild_name)) {
 	$errors[] = Validator::getLastError();
 }

system/pages/guilds/change_motd.php

@@ -13,7 +13,7 @@ defined('MYAAC') or die('Direct access not allowed!');
 if(!MOTD_EXISTS)
 	return;
 
-$guild_name = $_REQUEST['guild'];
+$guild_name = urldecode($_REQUEST['guild']);
 if(!Validator::guildName($guild_name)) {
 	$errors[] = Validator::getLastError();
 }

system/pages/guilds/change_rank.php

@@ -10,7 +10,7 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
-$guild_name = $_REQUEST['guild'];
+$guild_name = urldecode($_REQUEST['guild']);
 if(!Validator::guildName($guild_name))
 	$errors[] = Validator::getLastError();
 if(!$logged)

system/pages/guilds/create.php

@@ -10,7 +10,7 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
-$guild_name = isset($_REQUEST['guild']) ? $_REQUEST['guild'] : NULL;
+$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : NULL;
 $name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : NULL;
 $todo = isset($_REQUEST['todo']) ? $_REQUEST['todo'] : NULL;
 if(!$logged) {

system/pages/guilds/delete_by_admin.php

@@ -10,7 +10,7 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
-$guild_name = $_REQUEST['guild'];
+$guild_name = urldecode($_REQUEST['guild']);
 if(!Validator::guildName($guild_name)) {
 	$errors[] = Validator::getLastError();
 }

system/pages/guilds/delete_guild.php

@@ -10,7 +10,7 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
-$guild_name = $_REQUEST['guild'];
+$guild_name = urldecode($_REQUEST['guild']);
 if(!Validator::guildName($guild_name)) {
 	$errors[] = Validator::getLastError();
 }

system/pages/guilds/delete_invite.php

@@ -11,7 +11,7 @@
 defined('MYAAC') or die('Direct access not allowed!');
 
 //set rights in guild
-$guild_name = $_REQUEST['guild'];
+$guild_name = urldecode($_REQUEST['guild']);
 $name = stripslashes($_REQUEST['name']);
 if(!$logged)
 	$guild_errors[] = 'You are not logged in. You can\'t delete invitations.';

system/pages/guilds/delete_rank.php

@@ -10,7 +10,7 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
-$guild_name = $_REQUEST['guild'];
+$guild_name = urldecode($_REQUEST['guild']);
 $rank_to_delete = (int) $_REQUEST['rankid'];
 if(!Validator::guildName($guild_name)) {
 	$guild_errors[] = Validator::getLastError();

system/pages/guilds/invite.php

@@ -11,7 +11,7 @@
 defined('MYAAC') or die('Direct access not allowed!');
 
 //set rights in guild
-$guild_name = isset($_REQUEST['guild']) ? $_REQUEST['guild'] : NULL;
+$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : NULL;
 $name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : NULL;
 if(!$logged) {
 	$errors[] = "You are not logged in. You can't invite players.";

system/pages/guilds/kick_player.php

@@ -11,7 +11,7 @@
 defined('MYAAC') or die('Direct access not allowed!');
 
 //set rights in guild
-$guild_name = $_REQUEST['guild'];
+$guild_name = urldecode($_REQUEST['guild']);
 $name = stripslashes($_REQUEST['name']);
 if(!$logged) {
 	$errors[] = 'You are not logged in. You can\'t kick characters.';

system/pages/guilds/leave_guild.php

@@ -11,7 +11,7 @@
 defined('MYAAC') or die('Direct access not allowed!');
 
 //set rights in guild
-$guild_name = isset($_REQUEST['guild']) ? $_REQUEST['guild'] : NULL;
+$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : NULL;
 $name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : NULL;
 if(!$logged) {
 	$errors[] = "You are not logged in. You can't leave guild.";

system/pages/guilds/list_of_guilds.php

@@ -79,22 +79,20 @@ else
 	{
 		foreach($guilds_list as $guild)
 		{
-			$link = ($config['friendly_urls'] ? '' : '?') . 'guilds/' . $guild->getName();
-			
 			$guild_logo = $guild->getCustomField('logo_name');
 			if(empty($guild_logo) || !file_exists('images/guilds/' . $guild_logo))
 				$guild_logo = "default.gif";
+
 			$description = $guild->getCustomField('description');
 			$description_with_lines = str_replace(array("\r\n", "\n", "\r"), '<br />', $description, $count);
 			if($count < $config['guild_description_lines_limit'])
 				$description = wordwrap(nl2br($description), 60, "<br />", true);
-			//$description = $description_with_lines;
-			
+
 			echo '<TR BGCOLOR="' . getStyle($showed_guilds++) . '"><TD><IMG SRC="images/guilds/' . $guild_logo.'" WIDTH=64 HEIGHT=64></TD>
 					<TD valign="top"><B>'.$guild->getName().'</B><BR/>'.$description.'';
 			if(admin())
 				echo '<br /><a href="?subtopic=guilds&action=delete_by_admin&guild='.$guild->getName().'">Delete this guild (for ADMIN only!)</a>';
-			echo '</TD><TD><TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0><FORM ACTION="' . $link . '" METHOD=post><TR><TD>
+			echo '</TD><TD><TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0><FORM ACTION="' . getGuildLink($guild->getName(), false) . '" METHOD=post><TR><TD>
 					<INPUT TYPE=image NAME="View" ALT="View" SRC="'.$template_path.'/images/global/buttons/sbutton_view.gif" BORDER=0 WIDTH=120 HEIGHT=18>
 					</TD></TR></FORM></TABLE>
 					</TD></TR>';

system/pages/guilds/manager.php

@@ -10,7 +10,7 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
-$guild_name = $_REQUEST['guild'];
+$guild_name = urldecode($_REQUEST['guild']);
 if(!Validator::guildName($guild_name)) {
 	$guild_errors[] = Validator::getLastError();
 }

system/pages/guilds/pass_leadership.php

@@ -10,7 +10,7 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
-$guild_name = isset($_REQUEST['guild']) ? $_REQUEST['guild'] : NULL;
+$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : NULL;
 $pass_to = isset($_REQUEST['player']) ? stripslashes($_REQUEST['player']) : NULL;
 if(!Validator::guildName($guild_name)) {
 	$guild_errors[] = Validator::getLastError();

system/pages/guilds/save_ranks.php

@@ -10,7 +10,7 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
-$guild_name = $_REQUEST['guild'];
+$guild_name = urldecode($_REQUEST['guild']);
 if(!Validator::guildName($guild_name)) {
 	$errors[] = Validator::get;
 }

system/pages/guilds/show.php

@@ -10,7 +10,7 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 
-$guild_name = $_REQUEST['guild'];
+$guild_name = urldecode($_REQUEST['guild']);
 if(!Validator::guildName($guild_name))
 	$errors[] = Validator::getLastError();
 

system/pages/spells.php

@@ -30,7 +30,7 @@ if(isset($_REQUEST['vocation_id'])) {
 	}
 }
 else {
-	$vocation = (isset($_REQUEST['vocation']) ? rawurldecode($_REQUEST['vocation']) : 'all');
+	$vocation = (isset($_REQUEST['vocation']) ? urldecode($_REQUEST['vocation']) : 'all');
 	
 	if($vocation == 'all') {
 		$vocation_id = 'all';