* fixed viewing pages with capital letters (like serverInfo) on case sensitive systems

* fixed changing comment of characters with space and other special characters in name (#29) * fixed viewing guilds with space and other special characters in name (#29) * (kathrine template) fixed displaying menu when no URI is set (URI = '/') * added some additional checks for Validator guildName and rankName if name is empty * (internal) new twig filter: urlencode, which is using urlencode php function
2025-04-26 17:29:21 +02:00 · 2017-11-14 19:58:44 +01:00 · 2017-11-14 19:58:44 +01:00 · 05f8756a12
commit 05f8756a12
parent c581c35a73
26 changed files with 124 additions and 94 deletions
--- a/index.php
+++ b/index.php
@ -68,72 +68,74 @@ if(empty($uri) || isset($_REQUEST['template'])) {
 	$_REQUEST['p'] = 'news';
 	$found = true;
 }
 else if(!preg_match('/[^A-z0-9_\-]/', $uri) && file_exists(SYSTEM . 'pages/' . $uri . '.php')) {
 	$_REQUEST['p'] = $uri;
 	$found = true;
 }
 else {
-	$rules = array(
+	$tmp = strtolower($uri);
-		'/^account\/manage\/?$/' => array('subtopic' => 'accountmanagement'),
+	if(!preg_match('/[^A-z0-9_\-]/', $uri) && file_exists(SYSTEM . 'pages/' . $tmp . '.php')) {
-		'/^account\/create\/?$/' => array('subtopic' => 'createaccount'),
+		$_REQUEST['p'] = $uri;
-		'/^account\/lost\/?$/' => array('subtopic' => 'lostaccount'),
+		$found = true;
-		'/^account\/logout\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'logout'),
+	}
-		'/^account\/password\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_password'),
+	else {
-		'/^account\/register\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'register'),
+		$rules = array(
-		'/^account\/register\/new\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'register_new'),
+			'/^account\/manage\/?$/' => array('subtopic' => 'accountmanagement'),
-		'/^account\/email\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_email'),
+			'/^account\/create\/?$/' => array('subtopic' => 'createaccount'),
-		'/^account\/info\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_info'),
+			'/^account\/lost\/?$/' => array('subtopic' => 'lostaccount'),
-		'/^account\/character\/create\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'create_character'),
+			'/^account\/logout\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'logout'),
-		'/^account\/character\/name\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_name'),
+			'/^account\/password\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_password'),
-		'/^account\/character\/sex\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_sex'),
+			'/^account\/register\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'register'),
-		'/^account\/character\/delete\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'delete_character'),
+			'/^account\/register\/new\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'register_new'),
-		'/^account\/character\/comment\/[A-Za-z]+\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_comment', 'name' => '$3'),
+			'/^account\/email\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_email'),
-		'/^account\/character\/comment\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_comment'),
+			'/^account\/info\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_info'),
-		'/^account\/confirm_email\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'confirm_email', 'v' => '$2'),
+			'/^account\/character\/create\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'create_character'),
-		'/^characters\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'characters', 'name' => '$1'),
+			'/^account\/character\/name\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_name'),
-		'/^commands\/add\/?$/' => array('subtopic' => 'commands', 'action' => 'add'),
+			'/^account\/character\/sex\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_sex'),
-		'/^commands\/edit\/?$/' => array('subtopic' => 'commands', 'action' => 'edit'),
+			'/^account\/character\/delete\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'delete_character'),
-		'/^faq\/add\/?$/' => array('subtopic' => 'faq', 'action' => 'add'),
+			'/^account\/character\/comment\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_comment'),
-		'/^faq\/edit\/?$/' => array('subtopic' => 'faq', 'action' => 'edit'),
+			'/^account\/confirm_email\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'confirm_email', 'v' => '$2'),
-		'/^forum\/add_board\/?$/' => array('subtopic' => 'forum', 'action' => 'add_board'),#
+			'/^characters\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'characters', 'name' => '$1'),
-		'/^forum\/edit_board\/?$/' => array('subtopic' => 'forum', 'action' => 'edit_board'),
+			'/^commands\/add\/?$/' => array('subtopic' => 'commands', 'action' => 'add'),
-		'/^forum\/board\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_board', 'id' => '$2'),
+			'/^commands\/edit\/?$/' => array('subtopic' => 'commands', 'action' => 'edit'),
-		'/^forum\/board\/[0-9]+\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_board', 'id' => '$2', 'page' => '$3'),
+			'/^faq\/add\/?$/' => array('subtopic' => 'faq', 'action' => 'add'),
-		'/^forum\/thread\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_thread', 'id' => '$2'),
+			'/^faq\/edit\/?$/' => array('subtopic' => 'faq', 'action' => 'edit'),
-		'/^forum\/thread\/[0-9]+\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_thread', 'id' => '$2', 'page' => '$3'),
+			'/^forum\/add_board\/?$/' => array('subtopic' => 'forum', 'action' => 'add_board'),#
-		'/^gallery\/add\/?$/' => array('subtopic' => 'gallery', 'action' => 'add'),
+			'/^forum\/edit_board\/?$/' => array('subtopic' => 'forum', 'action' => 'edit_board'),
-		'/^gallery\/edit\/?$/' => array('subtopic' => 'gallery', 'action' => 'edit'),
+			'/^forum\/board\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_board', 'id' => '$2'),
-		'/^gallery\/[0-9]+\/?$/' => array('subtopic' => 'gallery', 'image' => '$1'),
+			'/^forum\/board\/[0-9]+\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_board', 'id' => '$2', 'page' => '$3'),
-		'/^gifts\/history\/?$/' => array('subtopic' => 'gifts', 'action' => 'show_history'),
+			'/^forum\/thread\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_thread', 'id' => '$2'),
-		'/^guilds\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'guilds', 'action' => 'show', 'guild' => '$1'),
+			'/^forum\/thread\/[0-9]+\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_thread', 'id' => '$2', 'page' => '$3'),
-		'/^highscores\/[A-Za-z0-9-_]+\/[A-Za-z0-9-_]+\/[0-9]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'vocation' => '$2', 'page' => '$3'),
+			'/^gallery\/add\/?$/' => array('subtopic' => 'gallery', 'action' => 'add'),
-		'/^highscores\/[A-Za-z0-9-_]+\/[0-9]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'page' => '$2'),
+			'/^gallery\/edit\/?$/' => array('subtopic' => 'gallery', 'action' => 'edit'),
-		'/^highscores\/[A-Za-z0-9-_]+\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'vocation' => '$2'),
+			'/^gallery\/[0-9]+\/?$/' => array('subtopic' => 'gallery', 'image' => '$1'),
-		'/^highscores\/[A-Za-z0-9-_\']+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1'),
+			'/^gifts\/history\/?$/' => array('subtopic' => 'gifts', 'action' => 'show_history'),
-		'/^news\/add\/?$/' => array('subtopic' => 'news', 'action' => 'add'),
+			'/^guilds\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'guilds', 'action' => 'show', 'guild' => '$1'),
-		'/^news\/edit\/?$/' => array('subtopic' => 'news', 'action' => 'edit'),
+			'/^highscores\/[A-Za-z0-9-_]+\/[A-Za-z0-9-_]+\/[0-9]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'vocation' => '$2', 'page' => '$3'),
-		'/^news\/archive\/?$/' => array('subtopic' => 'newsarchive'),
+			'/^highscores\/[A-Za-z0-9-_]+\/[0-9]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'page' => '$2'),
-		'/^news\/archive\/[0-9]+\/?$/' => array('subtopic' => 'newsarchive', 'id' => '$2'),
+			'/^highscores\/[A-Za-z0-9-_]+\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'vocation' => '$2'),
-		'/^polls\/[0-9]+\/?$/' => array('subtopic' => 'polls', 'id' => '$1'),
+			'/^highscores\/[A-Za-z0-9-_\']+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1'),
-		'/^spells\/[A-Za-z0-9-_%]+\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'spells', 'vocation' => '$1', 'order' => '$2'),
+			'/^news\/add\/?$/' => array('subtopic' => 'news', 'action' => 'add'),
-		'/^gifts\/history\/?$/' => array('subtopic' => 'gifts', 'action' => 'show_history'),
+			'/^news\/edit\/?$/' => array('subtopic' => 'news', 'action' => 'edit'),
-	);
+			'/^news\/archive\/?$/' => array('subtopic' => 'newsarchive'),
-	
+			'/^news\/archive\/[0-9]+\/?$/' => array('subtopic' => 'newsarchive', 'id' => '$2'),
-	foreach($rules as $rule => $redirect) {
+			'/^polls\/[0-9]+\/?$/' => array('subtopic' => 'polls', 'id' => '$1'),
-		if (preg_match($rule, $uri)) {
+			'/^spells\/[A-Za-z0-9-_%]+\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'spells', 'vocation' => '$1', 'order' => '$2'),
-			$tmp = explode('/', $uri);
+			'/^gifts\/history\/?$/' => array('subtopic' => 'gifts', 'action' => 'show_history'),
-			foreach($redirect as $key => $value) {
+		);
-				
+		
-				if(strpos($value, '$') !== false) {
+		foreach($rules as $rule => $redirect) {
-					$value = str_replace('$' . $value[1], $tmp[$value[1]], $value);
+			if (preg_match($rule, $uri)) {
 				$tmp = explode('/', $uri);
 				foreach($redirect as $key => $value) {
 					if(strpos($value, '$') !== false) {
 						$value = str_replace('$' . $value[1], $tmp[$value[1]], $value);
 					}
 					$_REQUEST[$key] = $value;
 					$_GET[$key] = $value;
 				}
-				$_REQUEST[$key] = $value;
+				$found = true;
-				$_GET[$key] = $value;
+				break;
 			}
 			$found = true;
 			break;
 		}
 	}
 }
--- a/system/init.php
+++ b/system/init.php
@ -57,6 +57,11 @@ $function = new Twig_SimpleFunction('hook', function ($hook) {
 });
 $twig->addFunction($function);
 $filter = new Twig_SimpleFilter('urlencode', function ($s) {
 	return urlencode($s);
 });
 $twig->addFilter($filter);
 // trim values we receive
 if(isset($_POST))
 {
--- a/system/libs/validator.php
+++ b/system/libs/validator.php
@ -364,6 +364,11 @@ class Validator
 	 */
 	public static function guildName($name)
 	{
 		if(empty($name)) {
 			self::$lastError = 'Please enter guild name.';
 			return false;
 		}
 		if(strspn($name, "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM0123456789- ") != strlen($name)) {
 			self::$lastError = 'Invalid guild name format.';
 			return false;
@ -386,6 +391,11 @@ class Validator
 	 */
 	public static function rankName($name)
 	{
 		if(empty($name)) {
 			self::$lastError = 'Please enter rank name.';
 			return false;
 		}
 		if(strspn($name, "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM0123456789-[ ] ") != strlen($name)) {
 			self::$lastError = 'Invalid rank name. Please use only a-Z, 0-9 and spaces.';
 			return false;
--- a/system/pages/account/change_comment.php
+++ b/system/pages/account/change_comment.php
@ -10,7 +10,7 @@
 */
 defined('MYAAC') or die('Direct access not allowed!');
-$player_name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : null;
+$player_name = isset($_REQUEST['name']) ? stripslashes(urldecode($_REQUEST['name'])) : null;
 $new_comment = isset($_POST['comment']) ? htmlspecialchars(stripslashes(substr($_POST['comment'],0,2000))) : NULL;
 $new_hideacc = isset($_POST['accountvisible']) ? (int)$_POST['accountvisible'] : NULL;
--- a/system/pages/guilds.php
+++ b/system/pages/guilds.php
@ -22,7 +22,15 @@ define('MOTD_EXISTS', fieldExist('motd', 'guilds'));
 if(empty($action)) {
 	require(PAGES . 'guilds/list_of_guilds.php');
 }
-else if(file_exists(PAGES . 'guilds/' . $action . '.php')) {
+else {
-	require(PAGES . 'guilds/' . $action . '.php');
+	if(!ctype_alnum(str_replace(array('-', '_'), '', $action))) {
 		error('Error: Action contains illegal characters.');
 	}
 	else if(file_exists(PAGES . 'guilds/' . $action . '.php')) {
 		require(PAGES . 'guilds/' . $action . '.php');
 	}
 	else {
 		error('This page does not exists.');
 	}
 }
 ?>
--- a/system/pages/guilds/accept_invite.php
+++ b/system/pages/guilds/accept_invite.php
@ -11,7 +11,7 @@
 defined('MYAAC') or die('Direct access not allowed!');
 //set rights in guild
-$guild_name = isset($_REQUEST['guild']) ? $_REQUEST['guild'] : NULL;
+$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : NULL;
 $name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : NULL;
 if(!$logged) {
 	$errors[] = 'You are not logged in. You can\'t accept invitations.';
@ -86,12 +86,13 @@ else
 				}
 			}
 		}
-	}
+
-	
+		if(!$acc_invited) {
-	if(!$acc_invited) {
+			$errors[] = "Any character from your account isn't invited to <b>" . $guild->getName() . "</b>.";
-		$errors[] = "Any character from your account isn't invited to <b>" . $guild->getName() . "</b>.";
+		}
 	}
 }
 if(!empty($errors)) {
 	echo $twig->render('error_box.html.twig', array('errors' => $errors));
--- a/system/pages/guilds/add_rank.php
+++ b/system/pages/guilds/add_rank.php
@ -10,7 +10,7 @@
 */
 defined('MYAAC') or die('Direct access not allowed!');
-$guild_name = $_REQUEST['guild'];
+$guild_name = urldecode($_REQUEST['guild']);
 $ranknew = $_REQUEST['rank_name'];
 if(!Validator::guildName($guild_name)) {
 	$guild_errors[] = Validator::getLastError();
--- a/system/pages/guilds/change_description.php
+++ b/system/pages/guilds/change_description.php
@ -10,7 +10,7 @@
 */
 defined('MYAAC') or die('Direct access not allowed!');
-$guild_name = $_REQUEST['guild'];
+$guild_name = urldecode($_REQUEST['guild']);
 if(!Validator::guildName($guild_name)) {
 	$errors[] = Validator::getLastError();
 }
--- a/system/pages/guilds/change_logo.php
+++ b/system/pages/guilds/change_logo.php
@ -10,7 +10,7 @@
 */
 defined('MYAAC') or die('Direct access not allowed!');
-$guild_name = $_REQUEST['guild'];
+$guild_name = urldecode($_REQUEST['guild']);
 if(!Validator::guildName($guild_name)) {
 	$errors[] = Validator::getLastError();
 }
--- a/system/pages/guilds/change_motd.php
+++ b/system/pages/guilds/change_motd.php
@ -13,7 +13,7 @@ defined('MYAAC') or die('Direct access not allowed!');
 if(!MOTD_EXISTS)
 	return;
-$guild_name = $_REQUEST['guild'];
+$guild_name = urldecode($_REQUEST['guild']);
 if(!Validator::guildName($guild_name)) {
 	$errors[] = Validator::getLastError();
 }
--- a/system/pages/guilds/change_rank.php
+++ b/system/pages/guilds/change_rank.php
@ -10,7 +10,7 @@
 */
 defined('MYAAC') or die('Direct access not allowed!');
-$guild_name = $_REQUEST['guild'];
+$guild_name = urldecode($_REQUEST['guild']);
 if(!Validator::guildName($guild_name))
 	$errors[] = Validator::getLastError();
 if(!$logged)
--- a/system/pages/guilds/create.php
+++ b/system/pages/guilds/create.php
@ -10,7 +10,7 @@
 */
 defined('MYAAC') or die('Direct access not allowed!');
-$guild_name = isset($_REQUEST['guild']) ? $_REQUEST['guild'] : NULL;
+$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : NULL;
 $name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : NULL;
 $todo = isset($_REQUEST['todo']) ? $_REQUEST['todo'] : NULL;
 if(!$logged) {
--- a/system/pages/guilds/delete_by_admin.php
+++ b/system/pages/guilds/delete_by_admin.php
@ -10,7 +10,7 @@
 */
 defined('MYAAC') or die('Direct access not allowed!');
-$guild_name = $_REQUEST['guild'];
+$guild_name = urldecode($_REQUEST['guild']);
 if(!Validator::guildName($guild_name)) {
 	$errors[] = Validator::getLastError();
 }
--- a/system/pages/guilds/delete_guild.php
+++ b/system/pages/guilds/delete_guild.php
@ -10,7 +10,7 @@
 */
 defined('MYAAC') or die('Direct access not allowed!');
-$guild_name = $_REQUEST['guild'];
+$guild_name = urldecode($_REQUEST['guild']);
 if(!Validator::guildName($guild_name)) {
 	$errors[] = Validator::getLastError();
 }
--- a/system/pages/guilds/delete_invite.php
+++ b/system/pages/guilds/delete_invite.php
@ -11,7 +11,7 @@
 defined('MYAAC') or die('Direct access not allowed!');
 //set rights in guild
-$guild_name = $_REQUEST['guild'];
+$guild_name = urldecode($_REQUEST['guild']);
 $name = stripslashes($_REQUEST['name']);
 if(!$logged)
 	$guild_errors[] = 'You are not logged in. You can\'t delete invitations.';
--- a/system/pages/guilds/delete_rank.php
+++ b/system/pages/guilds/delete_rank.php
@ -10,7 +10,7 @@
 */
 defined('MYAAC') or die('Direct access not allowed!');
-$guild_name = $_REQUEST['guild'];
+$guild_name = urldecode($_REQUEST['guild']);
 $rank_to_delete = (int) $_REQUEST['rankid'];
 if(!Validator::guildName($guild_name)) {
 	$guild_errors[] = Validator::getLastError();
--- a/system/pages/guilds/invite.php
+++ b/system/pages/guilds/invite.php
@ -11,7 +11,7 @@
 defined('MYAAC') or die('Direct access not allowed!');
 //set rights in guild
-$guild_name = isset($_REQUEST['guild']) ? $_REQUEST['guild'] : NULL;
+$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : NULL;
 $name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : NULL;
 if(!$logged) {
 	$errors[] = "You are not logged in. You can't invite players.";
--- a/system/pages/guilds/kick_player.php
+++ b/system/pages/guilds/kick_player.php
@ -11,7 +11,7 @@
 defined('MYAAC') or die('Direct access not allowed!');
 //set rights in guild
-$guild_name = $_REQUEST['guild'];
+$guild_name = urldecode($_REQUEST['guild']);
 $name = stripslashes($_REQUEST['name']);
 if(!$logged) {
 	$errors[] = 'You are not logged in. You can\'t kick characters.';
--- a/system/pages/guilds/leave_guild.php
+++ b/system/pages/guilds/leave_guild.php
@ -11,7 +11,7 @@
 defined('MYAAC') or die('Direct access not allowed!');
 //set rights in guild
-$guild_name = isset($_REQUEST['guild']) ? $_REQUEST['guild'] : NULL;
+$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : NULL;
 $name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : NULL;
 if(!$logged) {
 	$errors[] = "You are not logged in. You can't leave guild.";
--- a/system/pages/guilds/list_of_guilds.php
+++ b/system/pages/guilds/list_of_guilds.php
@ -79,22 +79,20 @@ else
 	{
 		foreach($guilds_list as $guild)
 		{
 			$link = ($config['friendly_urls'] ? '' : '?') . 'guilds/' . $guild->getName();
 			$guild_logo = $guild->getCustomField('logo_name');
 			if(empty($guild_logo) || !file_exists('images/guilds/' . $guild_logo))
 				$guild_logo = "default.gif";
 			$description = $guild->getCustomField('description');
 			$description_with_lines = str_replace(array("\r\n", "\n", "\r"), '<br />', $description, $count);
 			if($count < $config['guild_description_lines_limit'])
 				$description = wordwrap(nl2br($description), 60, "<br />", true);
-			//$description = $description_with_lines;
+
 			echo '<TR BGCOLOR="' . getStyle($showed_guilds++) . '"><TD><IMG SRC="images/guilds/' . $guild_logo.'" WIDTH=64 HEIGHT=64></TD>
 					<TD valign="top"><B>'.$guild->getName().'</B><BR/>'.$description.'';
 			if(admin())
 				echo '<br /><a href="?subtopic=guilds&action=delete_by_admin&guild='.$guild->getName().'">Delete this guild (for ADMIN only!)</a>';
-			echo '</TD><TD><TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0><FORM ACTION="' . $link . '" METHOD=post><TR><TD>
+			echo '</TD><TD><TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0><FORM ACTION="' . getGuildLink($guild->getName(), false) . '" METHOD=post><TR><TD>
 					<INPUT TYPE=image NAME="View" ALT="View" SRC="'.$template_path.'/images/global/buttons/sbutton_view.gif" BORDER=0 WIDTH=120 HEIGHT=18>
 					</TD></TR></FORM></TABLE>
 					</TD></TR>';
--- a/system/pages/guilds/manager.php
+++ b/system/pages/guilds/manager.php
@ -10,7 +10,7 @@
 */
 defined('MYAAC') or die('Direct access not allowed!');
-$guild_name = $_REQUEST['guild'];
+$guild_name = urldecode($_REQUEST['guild']);
 if(!Validator::guildName($guild_name)) {
 	$guild_errors[] = Validator::getLastError();
 }
--- a/system/pages/guilds/pass_leadership.php
+++ b/system/pages/guilds/pass_leadership.php
@ -10,7 +10,7 @@
 */
 defined('MYAAC') or die('Direct access not allowed!');
-$guild_name = isset($_REQUEST['guild']) ? $_REQUEST['guild'] : NULL;
+$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : NULL;
 $pass_to = isset($_REQUEST['player']) ? stripslashes($_REQUEST['player']) : NULL;
 if(!Validator::guildName($guild_name)) {
 	$guild_errors[] = Validator::getLastError();
--- a/system/pages/guilds/save_ranks.php
+++ b/system/pages/guilds/save_ranks.php
@ -10,7 +10,7 @@
 */
 defined('MYAAC') or die('Direct access not allowed!');
-$guild_name = $_REQUEST['guild'];
+$guild_name = urldecode($_REQUEST['guild']);
 if(!Validator::guildName($guild_name)) {
 	$errors[] = Validator::get;
 }
--- a/system/pages/guilds/show.php
+++ b/system/pages/guilds/show.php
@ -10,7 +10,7 @@
 */
 defined('MYAAC') or die('Direct access not allowed!');
-$guild_name = $_REQUEST['guild'];
+$guild_name = urldecode($_REQUEST['guild']);
 if(!Validator::guildName($guild_name))
 	$errors[] = Validator::getLastError();
--- a/system/pages/spells.php
+++ b/system/pages/spells.php
@ -30,7 +30,7 @@ if(isset($_REQUEST['vocation_id'])) {
 	}
 }
 else {
-	$vocation = (isset($_REQUEST['vocation']) ? rawurldecode($_REQUEST['vocation']) : 'all');
+	$vocation = (isset($_REQUEST['vocation']) ? urldecode($_REQUEST['vocation']) : 'all');
 	if($vocation == 'all') {
 		$vocation_id = 'all';
--- a/templates/kathrine/template.php
+++ b/templates/kathrine/template.php
@ -32,7 +32,13 @@ defined('MYAAC') or die('Direct access not allowed!');
 						$tmp = array($_REQUEST['subtopic']);
 					}
 					else {
-						$tmp = explode('/', URI);
+						$tmp = URI;
 						if(empty($tmp)) {
 							$tmp = array('news');
 						}
 						else {
 							$tmp = explode('/', URI);
 						}
 					}
 				if(in_array($tmp[0], get_template_pages(MENU_CATEGORY_NEWS)))