use NERDZ\Core\Messages; use NERDZ\Core\Db; use NERDZ\Core\User; use NERDZ\Core\Config; $messages = new Messages(); $user = new User(); $tplcfg = $user->getTemplateCfg(); $id = isset($_GET['id']) && is_numeric($_GET['id']) ? $_GET['id'] : false; // intval below $pid = isset($_GET['pid']) && is_numeric($_GET['pid']) ? intval($_GET['pid']) : false; $action = NERDZ\Core\Utils::actionValidator(!empty($_GET['action']) && is_string($_GET['action']) ? $_GET['action'] : false); $found = true; if ($id) { $id = intval($id); //intval here, so we can display the user not found message if (false === ($info = $user->getObject($id))) { $username = $user->lang('USER_NOT_FOUND'); $found = false; $post = new stdClass(); $post->message = ''; } else { $username = $info->username; if ($pid && !$user->hasInBlacklist($id)) { if (!$user->isLogged() && $info->private || !($post = Db::query(['SELECT "message" FROM "posts" WHERE "pid" = :pid AND "to" = :id', [':pid' => $pid, ':id' => $id]], Db::FETCH_OBJ))) { $post = new stdClass(); $post->message = ''; } } else { $post = new stdClass(); $post->message = ''; }
$userData['dateformat'] = isset($_POST['dateformat']) ? trim($_POST['dateformat']) : ''; foreach ($userData as $key => $val) { $userData[$key] = trim(htmlspecialchars($val, ENT_QUOTES, 'UTF-8')); } $closed = isset($_POST['closed']); $flag = true; if (!empty($userData['website']) && !Utils::isValidURL($userData['website'])) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('WEBSITE') . ': ' . $user->lang('INVALID_URL'))); } if (!empty($userData['userscript']) && !Utils::isValidURL($userData['userscript'])) { die(NERDZ\Core\Utils::jsonResponse('error', 'Userscript: ' . $user->lang('INVALID_URL'))); } if (!empty($userData['github']) && !preg_match('#^https?://(www\\.)?github\\.com/[a-z0-9]+$#i', $userData['github'])) { die(NERDZ\Core\Utils::jsonResponse('error', 'GitHub: ' . $user->lang('INVALID_URL'))); } if (false == ($obj = $user->getObject($_SESSION['id']))) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR'))); } if (!empty($userData['jabber']) && false == filter_var($userData['jabber'], FILTER_VALIDATE_EMAIL)) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('JABBER') . ': ' . $user->lang('MAIL_NOT_VALID'))); } if (empty($userData['dateformat'])) { $userData['dateformat'] = 'd/m/Y, H:i'; } if (!empty($userData['facebook']) && (!preg_match('#^https?://(([a-z]{2}\\-[a-z]{2})|www)\\.facebook\\.com/people/[^/]+/([a-z0-9_\\-]+)#i', $userData['facebook']) && !preg_match('#^https?://(([a-z]{2}\\-[a-z]{2})|www)\\.facebook\\.com/profile\\.php\\?id\\=([0-9]+)#i', $userData['facebook']) && !preg_match('#^https?://(([a-z]{2}\\-[a-z]{2})|www)\\.facebook\\.com/([a-z0-9_\\-\\.]+)#i', $userData['facebook']))) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': Facebook URL')); } if (!empty($userData['twitter']) && !preg_match('#^https?://twitter.com/([a-z0-9_]+)#i', $userData['twitter'])) { die(NERDZ\Core\Utils::jsonResponse('error', $user->lang('ERROR') . ': Twitter URL')); } if (!empty($userData['steam']) && strlen($userData['steam']) > 35) {