Пример #1
0
function query()
{
    global $dbpref, $args, $fieldLists;
    $args = func_get_args();
    if (is_array($args[0])) {
        $args = $args[0];
    }
    $query = $args[0];
    // expand compacted field lists
    $query = preg_replace("@(\\w+)\\.\\(\\*\\)@s", '$1.*', $query);
    $query = str_replace(".(_userfields)", ".(" . $fieldLists["userfields"] . ")", $query);
    $query = preg_replace_callback("@(\\w+)\\.\\(([\\w,\\s]+)\\)@s", 'Query_ExpandFieldLists', $query);
    // add table prefixes
    $query = preg_replace("@\\{([a-z]\\w*)\\}@si", $dbpref . '$1', $query);
    // add the user input
    $query = preg_replace_callback("@\\{(\\d+\\w?)\\}@s", 'Query_AddUserInput', $query);
    return RawQuery($query);
}
Пример #2
0
    }
    //Force theme names to be alphanumeric to avoid possible directory traversal exploits ~Dirbaio
    if (preg_match("/^[a-zA-Z0-9_]+\$/", $_POST['theme'])) {
        $sets[] = "theme = '" . SqlEscape($_POST['theme']) . "'";
    }
    $sets[] = "pluginsettings = '" . SqlEscape(serialize($pluginSettings)) . "'";
    if ($editUserMode && ((int) $_POST['primarygroup'] != $user['primarygroup'] || $_POST['dopermaban'])) {
        $sets[] = "tempbantime = 0";
        if ((int) $_POST['primarygroup'] != $user['primarygroup']) {
            $sets[] = "tempbanpl = " . (int) $user['primarygroup'];
        }
        Report($user['name'] . "'s primary group was changed from " . $groups[$user['primarygroup']] . " to " . $groups[(int) $_POST['primarygroup']]);
    }
    $query .= join($sets, ", ") . " WHERE id = " . $userid;
    if (!$failed) {
        RawQuery($query);
        $his = "[b]" . $user['name'] . "[/]'s";
        if ($loguserid == $userid) {
            $his = HisHer($user['sex']);
        }
        Report("[b]" . $loguser['name'] . "[/] edited " . $his . " profile. -> [g]#HERE#?uid=" . $userid, 1);
        die(header("Location: " . actionLink("profile", $userid, '', $_POST['name'] ?: $user['name'])));
    }
}
//If failed, get values from $_POST
//Else, get them from $user
foreach ($epFields as $catid => $cfields) {
    foreach ($cfields as $field => $item) {
        if ($item['type'] == "label" || $item['type'] == "password") {
            continue;
        }