Skip to content
This repository was archived by the owner on Feb 13, 2025. It is now read-only.

Sanitize Event Names/Usernames #1

Merged
merged 4 commits into from
Mar 8, 2019
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
Sanitize Event Name
  • Loading branch information
0xB9 committed Mar 8, 2019
commit d0a0e1c6e56f248613e0150344ebea8764bba5fa
114 changes: 57 additions & 57 deletions Upload/inc/plugins/upcoming_events.php
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,14 @@
/***************************************************************************
*
* Upcoming Events for MyBB
* Copyright: � 2011 by Christopher Lorentz
*
* Copyright: � 2011 by Christopher Lorentz
*
* Website: http://lorus.org/
* Author: Lorus
* Updated by: Vintagedaddyo
* Website: http://community.mybb.com/user-6029.html
*
*
*
* Last modified: 03/04/2019 by Vintagedaddyo
*
***************************************************************************/
Expand All @@ -30,7 +30,7 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
***************************************************************************/

if(!defined("IN_MYBB"))
{
die("This file cannot be accessed directly.");
Expand All @@ -47,9 +47,9 @@ function upcoming_events_info()
global $lang;

$lang->load("upcoming_events");

$lang->upcoming_events_PDesc = '<form action="https://www.paypal.com/cgi-bin/webscr" method="post" style="float:right;">' .
'<input type="hidden" name="cmd" value="_s-xclick">' .
'<input type="hidden" name="cmd" value="_s-xclick">' .
'<input type="hidden" name="hosted_button_id" value="AZE6ZNZPBPVUL">' .
'<input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_donate_SM.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!">' .
'<img alt="" border="0" src="https://www.paypalobjects.com/pl_PL/i/scr/pixel.gif" width="1" height="1">' .
Expand All @@ -70,9 +70,9 @@ function upcoming_events_install()
{

global $db, $lang;

$lang->load("upcoming_events");

//add 'upcoming_events' template to global theme

$template = "<tr>\r\n<td class=\"tcat\"><span class=\"smalltext\"><strong>{\$upcoming_events_text}</strong></span></td>\r\n</tr>\r\n<tr>\r\n<td class=\"trow1\"><span class=\"smalltext\">{\$eventlist}</span></td>\r\n</tr>";
Expand All @@ -85,7 +85,7 @@ function upcoming_events_install()
);

$db->insert_query("templates", $insert_array);

//add 'upcoming_events_portal' template to global theme

$template = "<table border=\"0\" cellspacing=\"{\$theme['borderwidth']}\" cellpadding=\"{\$theme['tablespace']}\" class=\"tborder\">\r\n<tr>\r\n<td class=\"thead\"><strong>{\$upcoming_events_text}</strong></td>\r\n</tr>\r\n<tr>\r\n<td class=\"trow1\">\r\n<span class=\"smalltext\">\r\n{\$eventlist}\r\n</span>\r\n</td>\r\n</tr>\r\n</table>\r\n<br />";
Expand Down Expand Up @@ -113,7 +113,7 @@ function upcoming_events_install()
$db->insert_query('settinggroups', $settings_group);

$gid = (int) $db->insert_id();

$setting = array(
'sid' => '0',
'name' => 'upcoming_events_timerange',
Expand All @@ -125,8 +125,8 @@ function upcoming_events_install()
'gid' => $gid
);

$db->insert_query('settings', $setting);
$db->insert_query('settings', $setting);

$setting = array(
'sid' => '0',
'name' => 'upcoming_events_maxdisplay',
Expand All @@ -139,7 +139,7 @@ function upcoming_events_install()
);

$db->insert_query('settings', $setting);

$setting = array(
'sid' => '0',
'name' => 'upcoming_events_showindex',
Expand All @@ -152,7 +152,7 @@ function upcoming_events_install()
);

$db->insert_query('settings', $setting);

$setting = array(
'sid' => '0',
'name' => 'upcoming_events_showportal',
Expand All @@ -164,41 +164,41 @@ function upcoming_events_install()
'gid' => $gid
);

$db->insert_query('settings', $setting);
$db->insert_query('settings', $setting);

rebuild_settings();

}

function upcoming_events_is_installed()
{
global $db;

// is the template installed?

$query = $db->query("
SELECT *
FROM ".TABLE_PREFIX."templates
WHERE title = 'upcoming_events'
");

$row = $db->fetch_array($query);
$template_exists = !empty($row);


// are the settings present?

$query = $db->simple_select("settinggroups", "gid", "name='upcoming_events'");
$row2 = $db->num_rows($query);
$settings_exists = !empty($row2);

return $settings_exists && $template_exists;
}

function upcoming_events_uninstall()
{
global $db;

//removing 'upcoming_events' and '_portal' template from global theme

$query = $db->query("DELETE FROM ".TABLE_PREFIX."templates WHERE title = 'upcoming_events'");
Expand Down Expand Up @@ -236,20 +236,20 @@ function upcoming_events_index_start()
{

global $upcoming_events, $mybb, $templates, $lang;

if ($mybb->settings['upcoming_events_showindex'] == 1)
{

$lang->load("upcoming_events");

//generate heading

$upcoming_events_text = $lang->sprintf($lang->upcoming_events, $mybb->settings['upcoming_events_maxdisplay'], $mybb->settings['upcoming_events_timerange']);

//generate eventlist

$events = get_upcoming_events();

if (empty($events))
{
$line = $lang->upcoming_events_no_events;
Expand All @@ -258,25 +258,25 @@ function upcoming_events_index_start()
{
foreach($events as $event)
{
if (!empty($event['end']))
if (!empty($event['end']))
{
$line .= $lang->sprintf($lang->upcoming_events_eventline, $event['link'], $event['date'], $event['start'], $event['end']);
$line .= $lang->sprintf($lang->upcoming_events_created, $event['poster'])."<br />";
}
else
else
{
$line .= $lang->sprintf($lang->upcoming_events_eventline_day, $event['link'], $event['date']);
$line .= $lang->sprintf($lang->upcoming_events_created, $event['poster'])."<br />";
}
}
}

$eventlist .= $line;

//generate template variable

eval("\$upcoming_events = \"".$templates->get("upcoming_events")."\";");

}

}
Expand All @@ -285,21 +285,21 @@ function upcoming_events_portal_start()
{

global $upcoming_events_portal, $mybb, $templates, $lang, $theme;

if ($mybb->settings['upcoming_events_showportal'] == 1)
{

$lang->load("upcoming_events");

//generate heading

$upcoming_events_text = $lang->sprintf($lang->upcoming_events_portal, $mybb->settings['upcoming_events_maxdisplay'], $mybb->settings['upcoming_events_timerange']);
$upcoming_events_text .= '<img align="right" src="'.$mybb->settings['bburl'].'/images/toplinks/calendar.png"/>';

//generate event list

$events = get_upcoming_events();

if (empty($events))
{
$eventlist = $lang->upcoming_events_no_events;
Expand All @@ -308,26 +308,26 @@ function upcoming_events_portal_start()
{
foreach($events as $event)
{

$event['link'] = truncate($event['link'],7);
if (!empty($event['end']))

if (!empty($event['end']))
{
$line = $lang->sprintf($lang->upcoming_events_eventline, $event['link'], $event['date'], $event['start'], $event['end']);
}
else
else
{
$line = $lang->sprintf($lang->upcoming_events_eventline_day, $event['link'], $event['date']);
}

$eventlist .= truncate($line,32)."<br />";
}
}

//generate template variable

eval("\$upcoming_events_portal = \"".$templates->get("upcoming_events_portal")."\";");

}

}
Expand All @@ -342,10 +342,10 @@ function get_upcoming_events()
{

global $date_formats, $time_formats, $lang, $templates, $mybb, $db;

date_default_timezone_set('UTC');
$today = mktime(0,0,0,date("m"),date("d"),date("Y"));

$statement = "
SELECT u.username,eid,e.starttime, e.timezone, e.endtime, e.ignoretimezone, e.name, cp.canviewcalendar as cp_canviewcalendar, ug.canviewcalendar as ug_canviewcalendar
FROM ".TABLE_PREFIX."events e
Expand All @@ -360,46 +360,46 @@ function get_upcoming_events()
AND starttime>=".$today."
ORDER BY starttime ASC
LIMIT ".$mybb->settings['upcoming_events_maxdisplay'].";";

$query = $db->query($statement);

//set time and dateformats

$timeformat = ($mybb->user['timeformat'] == 0) ? $mybb->settings['timeformat'] : $time_formats[$mybb->user['timeformat']];
$dateformat = ($mybb->user['dateformat'] == 0) ? $mybb->settings['dateformat'] : $date_formats[$mybb->user['dateformat']];

$i = 0;

//generate array with upcoming events inside

while($events = $db->fetch_array($query))
{
if($events['ug_canviewcalendar'] == 1 || $events['cp_canviewcalendar'] == 1)
{
$event[$i]['link'] = "<a href=\"".get_event_link($events['eid'])."\">".$events['name']."</a>";
$event[$i]['link'] = "<a href=\"".get_event_link($events['eid'])."\">".htmlspecialchars_uni($events['name'])."</a>";
$event[$i]['date'] = date($dateformat,$events['starttime']);
if (mktime(0,0,0,date("m",$events['starttime']),date("d",$events['starttime']),date("Y",$events['starttime'])) == $today)
{
$event[$i]['date'] = $lang->upcoming_events_today;
}

$event[$i]['poster'] = $events['username'];


if ($events['endtime'] != 0)
{
if ($events['ignoretimezone'] == 0)
{
{
$offset = $events['timezone'];
}
else
{
$offset = $mybb->user['timezone'];
}

$event[$i]['start'] = date($timeformat,$events['starttime']+$offset*3600);
$event[$i]['end'] = date($timeformat,$events['endtime']+$offset*3600);

}
}
$i++;
Expand Down Expand Up @@ -499,4 +499,4 @@ function truncate($text, $length = 100, $ending = '...', $exact = true ,$conside
return $truncate;
}

?>
?>