function query() { global $dbpref, $args, $fieldLists; $args = func_get_args(); if (is_array($args[0])) { $args = $args[0]; } $query = $args[0]; // expand compacted field lists $query = preg_replace("@(\\w+)\\.\\(\\*\\)@s", '$1.*', $query); $query = str_replace(".(_userfields)", ".(" . $fieldLists["userfields"] . ")", $query); $query = preg_replace_callback("@(\\w+)\\.\\(([\\w,\\s]+)\\)@s", 'Query_ExpandFieldLists', $query); // add table prefixes $query = preg_replace("@\\{([a-z]\\w*)\\}@si", $dbpref . '$1', $query); // add the user input $query = preg_replace_callback("@\\{(\\d+\\w?)\\}@s", 'Query_AddUserInput', $query); return RawQuery($query); }
} //Force theme names to be alphanumeric to avoid possible directory traversal exploits ~Dirbaio if (preg_match("/^[a-zA-Z0-9_]+\$/", $_POST['theme'])) { $sets[] = "theme = '" . SqlEscape($_POST['theme']) . "'"; } $sets[] = "pluginsettings = '" . SqlEscape(serialize($pluginSettings)) . "'"; if ($editUserMode && ((int) $_POST['primarygroup'] != $user['primarygroup'] || $_POST['dopermaban'])) { $sets[] = "tempbantime = 0"; if ((int) $_POST['primarygroup'] != $user['primarygroup']) { $sets[] = "tempbanpl = " . (int) $user['primarygroup']; } Report($user['name'] . "'s primary group was changed from " . $groups[$user['primarygroup']] . " to " . $groups[(int) $_POST['primarygroup']]); } $query .= join($sets, ", ") . " WHERE id = " . $userid; if (!$failed) { RawQuery($query); $his = "[b]" . $user['name'] . "[/]'s"; if ($loguserid == $userid) { $his = HisHer($user['sex']); } Report("[b]" . $loguser['name'] . "[/] edited " . $his . " profile. -> [g]#HERE#?uid=" . $userid, 1); die(header("Location: " . actionLink("profile", $userid, '', $_POST['name'] ?: $user['name']))); } } //If failed, get values from $_POST //Else, get them from $user foreach ($epFields as $catid => $cfields) { foreach ($cfields as $field => $item) { if ($item['type'] == "label" || $item['type'] == "password") { continue; }