mirror of
https://github.com/slawkens/myaac.git
synced 2025-04-26 17:29:21 +02:00
* fixed viewing pages with capital letters (like serverInfo) on case sensitive systems
* fixed changing comment of characters with space and other special characters in name (#29) * fixed viewing guilds with space and other special characters in name (#29) * (kathrine template) fixed displaying menu when no URI is set (URI = '/') * added some additional checks for Validator guildName and rankName if name is empty * (internal) new twig filter: urlencode, which is using urlencode php function
This commit is contained in:
slawkens1
parent
c581c35a73
commit
05f8756a12
10
index.php
10
index.php
@ -68,11 +68,13 @@ if(empty($uri) || isset($_REQUEST['template'])) {
|
||||
$_REQUEST['p'] = 'news';
|
||||
$found = true;
|
||||
}
|
||||
else if(!preg_match('/[^A-z0-9_\-]/', $uri) && file_exists(SYSTEM . 'pages/' . $uri . '.php')) {
|
||||
else {
|
||||
$tmp = strtolower($uri);
|
||||
if(!preg_match('/[^A-z0-9_\-]/', $uri) && file_exists(SYSTEM . 'pages/' . $tmp . '.php')) {
|
||||
$_REQUEST['p'] = $uri;
|
||||
$found = true;
|
||||
}
|
||||
else {
|
||||
}
|
||||
else {
|
||||
$rules = array(
|
||||
'/^account\/manage\/?$/' => array('subtopic' => 'accountmanagement'),
|
||||
'/^account\/create\/?$/' => array('subtopic' => 'createaccount'),
|
||||
@ -87,7 +89,6 @@ else {
|
||||
'/^account\/character\/name\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_name'),
|
||||
'/^account\/character\/sex\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_sex'),
|
||||
'/^account\/character\/delete\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'delete_character'),
|
||||
'/^account\/character\/comment\/[A-Za-z]+\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_comment', 'name' => '$3'),
|
||||
'/^account\/character\/comment\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_comment'),
|
||||
'/^account\/confirm_email\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'confirm_email', 'v' => '$2'),
|
||||
'/^characters\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'characters', 'name' => '$1'),
|
||||
@ -136,6 +137,7 @@ else {
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// define page visited, so it can be used within events system
|
||||
|
||||
@ -57,6 +57,11 @@ $function = new Twig_SimpleFunction('hook', function ($hook) {
|
||||
});
|
||||
$twig->addFunction($function);
|
||||
|
||||
$filter = new Twig_SimpleFilter('urlencode', function ($s) {
|
||||
return urlencode($s);
|
||||
});
|
||||
$twig->addFilter($filter);
|
||||
|
||||
// trim values we receive
|
||||
if(isset($_POST))
|
||||
{
|
||||
|
||||
@ -364,6 +364,11 @@ class Validator
|
||||
*/
|
||||
public static function guildName($name)
|
||||
{
|
||||
if(empty($name)) {
|
||||
self::$lastError = 'Please enter guild name.';
|
||||
return false;
|
||||
}
|
||||
|
||||
if(strspn($name, "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM0123456789- ") != strlen($name)) {
|
||||
self::$lastError = 'Invalid guild name format.';
|
||||
return false;
|
||||
@ -386,6 +391,11 @@ class Validator
|
||||
*/
|
||||
public static function rankName($name)
|
||||
{
|
||||
if(empty($name)) {
|
||||
self::$lastError = 'Please enter rank name.';
|
||||
return false;
|
||||
}
|
||||
|
||||
if(strspn($name, "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM0123456789-[ ] ") != strlen($name)) {
|
||||
self::$lastError = 'Invalid rank name. Please use only a-Z, 0-9 and spaces.';
|
||||
return false;
|
||||
|
||||
@ -10,7 +10,7 @@
|
||||
*/
|
||||
defined('MYAAC') or die('Direct access not allowed!');
|
||||
|
||||
$player_name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : null;
|
||||
$player_name = isset($_REQUEST['name']) ? stripslashes(urldecode($_REQUEST['name'])) : null;
|
||||
$new_comment = isset($_POST['comment']) ? htmlspecialchars(stripslashes(substr($_POST['comment'],0,2000))) : NULL;
|
||||
$new_hideacc = isset($_POST['accountvisible']) ? (int)$_POST['accountvisible'] : NULL;
|
||||
|
||||
|
||||
@ -22,7 +22,15 @@ define('MOTD_EXISTS', fieldExist('motd', 'guilds'));
|
||||
if(empty($action)) {
|
||||
require(PAGES . 'guilds/list_of_guilds.php');
|
||||
}
|
||||
else if(file_exists(PAGES . 'guilds/' . $action . '.php')) {
|
||||
else {
|
||||
if(!ctype_alnum(str_replace(array('-', '_'), '', $action))) {
|
||||
error('Error: Action contains illegal characters.');
|
||||
}
|
||||
else if(file_exists(PAGES . 'guilds/' . $action . '.php')) {
|
||||
require(PAGES . 'guilds/' . $action . '.php');
|
||||
}
|
||||
else {
|
||||
error('This page does not exists.');
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
||||
@ -11,7 +11,7 @@
|
||||
defined('MYAAC') or die('Direct access not allowed!');
|
||||
|
||||
//set rights in guild
|
||||
$guild_name = isset($_REQUEST['guild']) ? $_REQUEST['guild'] : NULL;
|
||||
$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : NULL;
|
||||
$name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : NULL;
|
||||
if(!$logged) {
|
||||
$errors[] = 'You are not logged in. You can\'t accept invitations.';
|
||||
@ -86,12 +86,13 @@ else
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if(!$acc_invited) {
|
||||
$errors[] = "Any character from your account isn't invited to <b>" . $guild->getName() . "</b>.";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if(!empty($errors)) {
|
||||
echo $twig->render('error_box.html.twig', array('errors' => $errors));
|
||||
|
||||
|
||||
@ -10,7 +10,7 @@
|
||||
*/
|
||||
defined('MYAAC') or die('Direct access not allowed!');
|
||||
|
||||
$guild_name = $_REQUEST['guild'];
|
||||
$guild_name = urldecode($_REQUEST['guild']);
|
||||
$ranknew = $_REQUEST['rank_name'];
|
||||
if(!Validator::guildName($guild_name)) {
|
||||
$guild_errors[] = Validator::getLastError();
|
||||
|
||||
@ -10,7 +10,7 @@
|
||||
*/
|
||||
defined('MYAAC') or die('Direct access not allowed!');
|
||||
|
||||
$guild_name = $_REQUEST['guild'];
|
||||
$guild_name = urldecode($_REQUEST['guild']);
|
||||
if(!Validator::guildName($guild_name)) {
|
||||
$errors[] = Validator::getLastError();
|
||||
}
|
||||
|
||||
@ -10,7 +10,7 @@
|
||||
*/
|
||||
defined('MYAAC') or die('Direct access not allowed!');
|
||||
|
||||
$guild_name = $_REQUEST['guild'];
|
||||
$guild_name = urldecode($_REQUEST['guild']);
|
||||
if(!Validator::guildName($guild_name)) {
|
||||
$errors[] = Validator::getLastError();
|
||||
}
|
||||
|
||||
@ -13,7 +13,7 @@ defined('MYAAC') or die('Direct access not allowed!');
|
||||
if(!MOTD_EXISTS)
|
||||
return;
|
||||
|
||||
$guild_name = $_REQUEST['guild'];
|
||||
$guild_name = urldecode($_REQUEST['guild']);
|
||||
if(!Validator::guildName($guild_name)) {
|
||||
$errors[] = Validator::getLastError();
|
||||
}
|
||||
|
||||
@ -10,7 +10,7 @@
|
||||
*/
|
||||
defined('MYAAC') or die('Direct access not allowed!');
|
||||
|
||||
$guild_name = $_REQUEST['guild'];
|
||||
$guild_name = urldecode($_REQUEST['guild']);
|
||||
if(!Validator::guildName($guild_name))
|
||||
$errors[] = Validator::getLastError();
|
||||
if(!$logged)
|
||||
|
||||
@ -10,7 +10,7 @@
|
||||
*/
|
||||
defined('MYAAC') or die('Direct access not allowed!');
|
||||
|
||||
$guild_name = isset($_REQUEST['guild']) ? $_REQUEST['guild'] : NULL;
|
||||
$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : NULL;
|
||||
$name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : NULL;
|
||||
$todo = isset($_REQUEST['todo']) ? $_REQUEST['todo'] : NULL;
|
||||
if(!$logged) {
|
||||
|
||||
@ -10,7 +10,7 @@
|
||||
*/
|
||||
defined('MYAAC') or die('Direct access not allowed!');
|
||||
|
||||
$guild_name = $_REQUEST['guild'];
|
||||
$guild_name = urldecode($_REQUEST['guild']);
|
||||
if(!Validator::guildName($guild_name)) {
|
||||
$errors[] = Validator::getLastError();
|
||||
}
|
||||
|
||||
@ -10,7 +10,7 @@
|
||||
*/
|
||||
defined('MYAAC') or die('Direct access not allowed!');
|
||||
|
||||
$guild_name = $_REQUEST['guild'];
|
||||
$guild_name = urldecode($_REQUEST['guild']);
|
||||
if(!Validator::guildName($guild_name)) {
|
||||
$errors[] = Validator::getLastError();
|
||||
}
|
||||
|
||||
@ -11,7 +11,7 @@
|
||||
defined('MYAAC') or die('Direct access not allowed!');
|
||||
|
||||
//set rights in guild
|
||||
$guild_name = $_REQUEST['guild'];
|
||||
$guild_name = urldecode($_REQUEST['guild']);
|
||||
$name = stripslashes($_REQUEST['name']);
|
||||
if(!$logged)
|
||||
$guild_errors[] = 'You are not logged in. You can\'t delete invitations.';
|
||||
|
||||
@ -10,7 +10,7 @@
|
||||
*/
|
||||
defined('MYAAC') or die('Direct access not allowed!');
|
||||
|
||||
$guild_name = $_REQUEST['guild'];
|
||||
$guild_name = urldecode($_REQUEST['guild']);
|
||||
$rank_to_delete = (int) $_REQUEST['rankid'];
|
||||
if(!Validator::guildName($guild_name)) {
|
||||
$guild_errors[] = Validator::getLastError();
|
||||
|
||||
@ -11,7 +11,7 @@
|
||||
defined('MYAAC') or die('Direct access not allowed!');
|
||||
|
||||
//set rights in guild
|
||||
$guild_name = isset($_REQUEST['guild']) ? $_REQUEST['guild'] : NULL;
|
||||
$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : NULL;
|
||||
$name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : NULL;
|
||||
if(!$logged) {
|
||||
$errors[] = "You are not logged in. You can't invite players.";
|
||||
|
||||
@ -11,7 +11,7 @@
|
||||
defined('MYAAC') or die('Direct access not allowed!');
|
||||
|
||||
//set rights in guild
|
||||
$guild_name = $_REQUEST['guild'];
|
||||
$guild_name = urldecode($_REQUEST['guild']);
|
||||
$name = stripslashes($_REQUEST['name']);
|
||||
if(!$logged) {
|
||||
$errors[] = 'You are not logged in. You can\'t kick characters.';
|
||||
|
||||
@ -11,7 +11,7 @@
|
||||
defined('MYAAC') or die('Direct access not allowed!');
|
||||
|
||||
//set rights in guild
|
||||
$guild_name = isset($_REQUEST['guild']) ? $_REQUEST['guild'] : NULL;
|
||||
$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : NULL;
|
||||
$name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : NULL;
|
||||
if(!$logged) {
|
||||
$errors[] = "You are not logged in. You can't leave guild.";
|
||||
|
||||
@ -79,22 +79,20 @@ else
|
||||
{
|
||||
foreach($guilds_list as $guild)
|
||||
{
|
||||
$link = ($config['friendly_urls'] ? '' : '?') . 'guilds/' . $guild->getName();
|
||||
|
||||
$guild_logo = $guild->getCustomField('logo_name');
|
||||
if(empty($guild_logo) || !file_exists('images/guilds/' . $guild_logo))
|
||||
$guild_logo = "default.gif";
|
||||
|
||||
$description = $guild->getCustomField('description');
|
||||
$description_with_lines = str_replace(array("\r\n", "\n", "\r"), '<br />', $description, $count);
|
||||
if($count < $config['guild_description_lines_limit'])
|
||||
$description = wordwrap(nl2br($description), 60, "<br />", true);
|
||||
//$description = $description_with_lines;
|
||||
|
||||
echo '<TR BGCOLOR="' . getStyle($showed_guilds++) . '"><TD><IMG SRC="images/guilds/' . $guild_logo.'" WIDTH=64 HEIGHT=64></TD>
|
||||
<TD valign="top"><B>'.$guild->getName().'</B><BR/>'.$description.'';
|
||||
if(admin())
|
||||
echo '<br /><a href="?subtopic=guilds&action=delete_by_admin&guild='.$guild->getName().'">Delete this guild (for ADMIN only!)</a>';
|
||||
echo '</TD><TD><TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0><FORM ACTION="' . $link . '" METHOD=post><TR><TD>
|
||||
echo '</TD><TD><TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0><FORM ACTION="' . getGuildLink($guild->getName(), false) . '" METHOD=post><TR><TD>
|
||||
<INPUT TYPE=image NAME="View" ALT="View" SRC="'.$template_path.'/images/global/buttons/sbutton_view.gif" BORDER=0 WIDTH=120 HEIGHT=18>
|
||||
</TD></TR></FORM></TABLE>
|
||||
</TD></TR>';
|
||||
|
||||
@ -10,7 +10,7 @@
|
||||
*/
|
||||
defined('MYAAC') or die('Direct access not allowed!');
|
||||
|
||||
$guild_name = $_REQUEST['guild'];
|
||||
$guild_name = urldecode($_REQUEST['guild']);
|
||||
if(!Validator::guildName($guild_name)) {
|
||||
$guild_errors[] = Validator::getLastError();
|
||||
}
|
||||
|
||||
@ -10,7 +10,7 @@
|
||||
*/
|
||||
defined('MYAAC') or die('Direct access not allowed!');
|
||||
|
||||
$guild_name = isset($_REQUEST['guild']) ? $_REQUEST['guild'] : NULL;
|
||||
$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : NULL;
|
||||
$pass_to = isset($_REQUEST['player']) ? stripslashes($_REQUEST['player']) : NULL;
|
||||
if(!Validator::guildName($guild_name)) {
|
||||
$guild_errors[] = Validator::getLastError();
|
||||
|
||||
@ -10,7 +10,7 @@
|
||||
*/
|
||||
defined('MYAAC') or die('Direct access not allowed!');
|
||||
|
||||
$guild_name = $_REQUEST['guild'];
|
||||
$guild_name = urldecode($_REQUEST['guild']);
|
||||
if(!Validator::guildName($guild_name)) {
|
||||
$errors[] = Validator::get;
|
||||
}
|
||||
|
||||
@ -10,7 +10,7 @@
|
||||
*/
|
||||
defined('MYAAC') or die('Direct access not allowed!');
|
||||
|
||||
$guild_name = $_REQUEST['guild'];
|
||||
$guild_name = urldecode($_REQUEST['guild']);
|
||||
if(!Validator::guildName($guild_name))
|
||||
$errors[] = Validator::getLastError();
|
||||
|
||||
|
||||
@ -30,7 +30,7 @@ if(isset($_REQUEST['vocation_id'])) {
|
||||
}
|
||||
}
|
||||
else {
|
||||
$vocation = (isset($_REQUEST['vocation']) ? rawurldecode($_REQUEST['vocation']) : 'all');
|
||||
$vocation = (isset($_REQUEST['vocation']) ? urldecode($_REQUEST['vocation']) : 'all');
|
||||
|
||||
if($vocation == 'all') {
|
||||
$vocation_id = 'all';
|
||||
|
||||
@ -31,9 +31,15 @@ defined('MYAAC') or die('Direct access not allowed!');
|
||||
if(strpos(URI, 'subtopic=') !== false) {
|
||||
$tmp = array($_REQUEST['subtopic']);
|
||||
}
|
||||
else {
|
||||
$tmp = URI;
|
||||
if(empty($tmp)) {
|
||||
$tmp = array('news');
|
||||
}
|
||||
else {
|
||||
$tmp = explode('/', URI);
|
||||
}
|
||||
}
|
||||
|
||||
if(in_array($tmp[0], get_template_pages(MENU_CATEGORY_NEWS)))
|
||||
echo 'news';
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user