diff --git a/inc/datahandlers/user.php b/inc/datahandlers/user.php
index 7be3e38fca..ecd8db932a 100644
--- a/inc/datahandlers/user.php
+++ b/inc/datahandlers/user.php
@@ -282,18 +282,17 @@ function verify_website()
{
$website = &$this->data['website'];
- $website_lower = my_strtolower($website);
- if(empty($website) || $website_lower == 'http://' || $website_lower == 'https://')
+ if(empty($website) || my_strtolower($website) == 'http://' || my_strtolower($website) == 'https://')
{
$website = '';
return true;
}
// Does the website start with http(s)://?
- if(!validate_website_format($website))
+ if(my_strtolower(substr($website, 0, 4)) != "http")
{
- $this->set_error('invalid_website');
- return false;
+ // Website does not start with http://, let's see if the user forgot.
+ $website = "http://".$website;
}
return true;
@@ -1007,15 +1006,15 @@ function insert_user()
"usergroup" => intval($user['usergroup']),
"additionalgroups" => $db->escape_string($user['additionalgroups']),
"displaygroup" => intval($user['displaygroup']),
- "usertitle" => $db->escape_string($user['usertitle']),
+ "usertitle" => $db->escape_string(htmlspecialchars_uni($user['usertitle'])),
"regdate" => intval($user['regdate']),
"lastactive" => intval($user['lastactive']),
"lastvisit" => intval($user['lastvisit']),
- "website" => $db->escape_string($user['website']),
+ "website" => $db->escape_string(htmlspecialchars($user['website'])),
"icq" => intval($user['icq']),
- "aim" => $db->escape_string($user['aim']),
- "yahoo" => $db->escape_string($user['yahoo']),
- "msn" => $db->escape_string($user['msn']),
+ "aim" => $db->escape_string(htmlspecialchars($user['aim'])),
+ "yahoo" => $db->escape_string(htmlspecialchars($user['yahoo'])),
+ "msn" => $db->escape_string(htmlspecialchars($user['msn'])),
"birthday" => $user['bday'],
"signature" => $db->escape_string($user['signature']),
"allownotices" => $user['options']['allownotices'],
@@ -1172,7 +1171,7 @@ function update_user()
}
if(isset($user['usertitle']))
{
- $this->user_update_data['usertitle'] = $db->escape_string($user['usertitle']);
+ $this->user_update_data['usertitle'] = $db->escape_string(htmlspecialchars_uni($user['usertitle']));
}
if(isset($user['regdate']))
{
@@ -1192,7 +1191,7 @@ function update_user()
}
if(isset($user['website']))
{
- $this->user_update_data['website'] = $db->escape_string($user['website']);
+ $this->user_update_data['website'] = $db->escape_string(htmlspecialchars($user['website']));
}
if(isset($user['icq']))
{
@@ -1200,15 +1199,15 @@ function update_user()
}
if(isset($user['aim']))
{
- $this->user_update_data['aim'] = $db->escape_string($user['aim']);
+ $this->user_update_data['aim'] = $db->escape_string(htmlspecialchars($user['aim']));
}
if(isset($user['yahoo']))
{
- $this->user_update_data['yahoo'] = $db->escape_string($user['yahoo']);
+ $this->user_update_data['yahoo'] = $db->escape_string(htmlspecialchars($user['yahoo']));
}
if(isset($user['msn']))
{
- $this->user_update_data['msn'] = $db->escape_string($user['msn']);
+ $this->user_update_data['msn'] = $db->escape_string(htmlspecialchars($user['msn']));
}
if(isset($user['bday']))
{
diff --git a/inc/functions.php b/inc/functions.php
index b27f1a23c6..749a3ef596 100644
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -5176,28 +5176,6 @@ function validate_email_format($email)
return preg_match("/^[a-zA-Z0-9&*+\-_.{}~^\?=\/]+@[a-zA-Z0-9-]+\.([a-zA-Z0-9-]+\.)*[a-zA-Z0-9-]{2,}$/si", $email);
}
-/**
- * Validates the format of a website address.
- *
- * @param string The string to check.
- * @return boolean True when valid, false when invalid.
- */
-function validate_website_format($website)
-{
- if(empty($website) || !trim($website) || !my_strtolower(substr($website, 0, 4)) == 'http')
- {
- return false;
- }
-
- $website_lower = my_strtolower($website);
- if($website_lower == 'http://' || $website_lower == 'https://')
- {
- return false;
- }
-
- return preg_match("/^(http(s?):\/\/)?(www\.)+[a-zA-Z0-9\.\-\_]+(\.[a-zA-Z]{2,3})+(\/[a-zA-Z0-9\_\-\s\.\/\?\%\#\&\=]*)?$/", $website);
-}
-
/**
* Checks to see if the email is already in use by another
*
diff --git a/inc/functions_post.php b/inc/functions_post.php
index 971b71a101..7948c7edb0 100644
--- a/inc/functions_post.php
+++ b/inc/functions_post.php
@@ -355,27 +355,17 @@ function build_postbit($post, $post_type=0)
eval("\$post['button_rep'] = \"".$templates->get("postbit_rep_button")."\";");
}
-
- if(validate_website_format($post['website']))
+
+ if($post['website'] != "")
{
$post['website'] = htmlspecialchars_uni($post['website']);
eval("\$post['button_www'] = \"".$templates->get("postbit_www")."\";");
}
else
{
- $post['website'] = $post['button_www'] = '';
- }
-
- $post['icq'] = (int)$post['icq'];
- if(!$post['icq'])
- {
- $post['icq'] = '';
+ $post['button_www'] = "";
}
-
- $post['msn'] = htmlspecialchars_uni($post['msn']);
- $post['aim'] = htmlspecialchars_uni($post['aim']);
- $post['yahoo'] = htmlspecialchars_uni($post['yahoo']);
-
+
if($post['hideemail'] != 1 && $mybb->usergroup['cansendemail'] == 1)
{
eval("\$post['button_email'] = \"".$templates->get("postbit_email")."\";");
diff --git a/member.php b/member.php
index 7f8d96a04b..61fccc20cb 100644
--- a/member.php
+++ b/member.php
@@ -1522,14 +1522,11 @@
$bgcolors[$cat] = alt_trow();
}
- if(validate_website_format($memprofile['website']))
+ $website = '';
+ if($memprofile['website'])
{
$memprofile['website'] = htmlspecialchars_uni($memprofile['website']);
- $website = ''.$memprofile['website'].'';
- }
- else
- {
- $memprofile['website'] = $website = '';
+ $website = "{$memprofile['website']}";
}
$signature = '';
@@ -1578,8 +1575,11 @@
$percent = 100;
}
- $memprofile['icq'] = (int)$memprofile['icq'];
- if(!$memprofile['icq'])
+ if(!empty($memprofile['icq']))
+ {
+ $memprofile['icq'] = intval($memprofile['icq']);
+ }
+ else
{
$memprofile['icq'] = '';
}
diff --git a/memberlist.php b/memberlist.php
index 9634e0b4e1..6ede57daa3 100644
--- a/memberlist.php
+++ b/memberlist.php
@@ -321,25 +321,6 @@
}
}
- if(validate_website_format($user['website']))
- {
- $user['website'] = htmlspecialchars_uni($user['website']);
- }
- else
- {
- $user['website'] = '';
- }
-
- $user['icq'] = (int)$user['icq'];
- if(!$user['icq'])
- {
- $user['icq'] = '';
- }
-
- $user['msn'] = htmlspecialchars_uni($user['msn']);
- $user['aim'] = htmlspecialchars_uni($user['aim']);
- $user['yahoo'] = htmlspecialchars_uni($user['yahoo']);
-
if($user['userstars'] && $usergroup['groupimage'])
{
$user['userstars'] = "
".$user['userstars'];
diff --git a/misc.php b/misc.php
index 5b35092ffe..98dfc7ee19 100644
--- a/misc.php
+++ b/misc.php
@@ -551,37 +551,18 @@
$navigationbar = $navsep = '';
if($user['aim'])
{
- $user['aim'] = htmlspecialchars_uni($user['aim']);
$navigationbar .= "$lang->aol_im";
$navsep = ' - ';
}
if($user['msn'])
{
- $user['msn'] = htmlspecialchars_uni($user['msn']);
$navigationbar .= "$navsep$lang->msn";
$navsep = ' - ';
}
if($user['yahoo'])
{
- $user['yahoo'] = htmlspecialchars_uni($user['yahoo']);
$navigationbar .= "$navsep$lang->yahoo_im";
}
-
- $user['icq'] = (int)$user['icq'];
- if(!$user['icq'])
- {
- $user['icq'] = '';
- }
-
- if(validate_website_format($user['website']))
- {
- $user['website'] = htmlspecialchars_uni($user['website']);
- }
- else
- {
- $user['website'] = '';
- }
-
$lang->msn_address_is = $lang->sprintf($lang->msn_address_is, $user['username']);
$lang->send_y_message = $lang->sprintf($lang->send_y_message, $user['username']);
$lang->view_y_profile = $lang->sprintf($lang->view_y_profile, $user['username']);
diff --git a/modcp.php b/modcp.php
index d38e9176ab..4b450026dd 100644
--- a/modcp.php
+++ b/modcp.php
@@ -1821,25 +1821,20 @@
error_no_permission();
}
- if(validate_website_format($user['website']))
+ if($user['website'] == "" || $user['website'] == "http://")
{
- $user['website'] = htmlspecialchars_uni($user['website']);
+ $user['website'] = "http://";
}
- else
+
+ if($user['icq'] != "0")
{
- $user['website'] = '';
+ $user['icq'] = intval($user['icq']);
}
-
- $user['icq'] = (int)$user['icq'];
- if(!$user['icq'])
+ if($user['icq'] == 0)
{
- $user['icq'] = '';
+ $user['icq'] = "";
}
- $user['msn'] = htmlspecialchars_uni($user['msn']);
- $user['aim'] = htmlspecialchars_uni($user['aim']);
- $user['yahoo'] = htmlspecialchars_uni($user['yahoo']);
-
if(!$errors)
{
$mybb->input = array_merge($user, $mybb->input);
diff --git a/usercp.php b/usercp.php
index 857689c6df..1bc54f0f73 100644
--- a/usercp.php
+++ b/usercp.php
@@ -352,21 +352,23 @@
$bdayprivacysel .= "";
}
- if(validate_website_format($user['website']))
+ if($user['website'] == "" || $user['website'] == "http://")
{
- $user['website'] = htmlspecialchars_uni($user['website']);
+ $user['website'] = "http://";
}
else
{
- $user['website'] = '';
+ $user['website'] = htmlspecialchars_uni($user['website']);
}
- $user['icq'] = (int)$user['icq'];
- if(!$user['icq'])
+ if($user['icq'] != "0")
{
- $user['icq'] = '';
+ $user['icq'] = intval($user['icq']);
+ }
+ if($user['icq'] == 0)
+ {
+ $user['icq'] = "";
}
-
if($errors)
{
$user['msn'] = htmlspecialchars_uni($user['msn']);