diff --git a/classes/forums.class.php b/classes/forums.class.php index 552580bd..b7a27697 100644 --- a/classes/forums.class.php +++ b/classes/forums.class.php @@ -29,7 +29,7 @@ public static function quote_notify($Body, $PostID, $Page, $PageID) { $Level = 0; foreach ($Matches as $M) { if ($M[0] != '[/quote]') { - if ($Level == 0 && isset($M[1]) && strlen($M[1]) > 0 && preg_match('/^[a-z0-9_?]{1,20}$/iD', $M[1])) { + if ($Level == 0 && isset($M[1]) && strlen($M[1]) > 0 && preg_match(USERNAME_REGEX, $M[1])) { $Usernames[] = preg_replace('/(^[.,]*)|([.,]*$)/', '', $M[1]); // wut? } ++$Level; diff --git a/classes/regex.php b/classes/regex.php index 55600b58..fb584023 100644 --- a/classes/regex.php +++ b/classes/regex.php @@ -2,12 +2,13 @@ //resource_type://username:password@domain:port/path?query_string#anchor define('RESOURCE_REGEX','(https?|ftps?):\/\/'); define('IP_REGEX','(\d{1,3}\.){3}\d{1,3}'); -define('DOMAIN_REGEX','(ssl.)?(www.)?[a-z0-9-\.]{1,255}\.[a-zA-Z]{2,6}'); +define('DOMAIN_REGEX','([a-z0-9\-\_]+\.)+[a-z]{2,6}'); define('PORT_REGEX', '\d{1,5}'); define('URL_REGEX','('.RESOURCE_REGEX.')('.IP_REGEX.'|'.DOMAIN_REGEX.')(:'.PORT_REGEX.')?(\/\S*)*'); +define('USERNAME_REGEX', '/^[a-z0-9_?]{1,20}$/iD'); define('EMAIL_REGEX','[_a-z0-9-]+([.+][_a-z0-9-]+)*@'.DOMAIN_REGEX); define('IMAGE_REGEX', URL_REGEX.'\/\S+\.(jpg|jpeg|tif|tiff|png|gif|bmp)(\?\S*)?'); -define('SITELINK_REGEX', RESOURCE_REGEX.'(ssl.)?'.preg_quote(NONSSL_SITE_URL, '/').''); -define('TORRENT_REGEX', SITELINK_REGEX.'\/torrents.php\?(id=\d{1,10}\&)?torrentid=\d{1,10}'); -define('TORRENT_GROUP_REGEX', SITELINK_REGEX.'\/torrents.php\?id=\d{1,10}\&(torrentid=\d{1,10})?'); -?> +define('SITELINK_REGEX', RESOURCE_REGEX.'(ssl.)?'.preg_quote(NONSSL_SITE_URL, '/')); +define('TORRENT_REGEX', SITELINK_REGEX.'\/torrents\.php\?(.*&)?torrentid=(\d+)'); // torrentid = group 4 +define('TORRENT_GROUP_REGEX', SITELINK_REGEX.'\/torrents\.php\?(.*&)?id=(\d+)'); // id = group 4 +define('ARTIST_REGEX', SITELINK_REGEX.'\/artist\.php\?(.*&)?id=(\d+)'); // id = group 4 diff --git a/classes/validate.class.php b/classes/validate.class.php index a1e17c8b..9790dbd2 100644 --- a/classes/validate.class.php +++ b/classes/validate.class.php @@ -119,7 +119,7 @@ function ValidateForm($ValidateArray) { $MinLength = 10; } - if (!preg_match('/^(https?):\/\/([a-z0-9\-\_]+\.)+([a-z]{1,5}[^\.])(\/[^<>]+)*$/i', $ValidateVar)) { + if (!preg_match('/^'.URL_REGEX.'$/i', $ValidateVar)) { return $Field['ErrorMessage']; } elseif (strlen($ValidateVar) > $MaxLength) { return $Field['ErrorMessage']; @@ -139,7 +139,7 @@ function ValidateForm($ValidateArray) { $MinLength = 1; } - if (preg_match('/[^a-z0-9_\-?]/i', $ValidateVar)) { + if (!preg_match('/^'.USERNAME_REGEX.'$/i', $ValidateVar)) { return $Field['ErrorMessage']; } elseif (strlen($ValidateVar) > $MaxLength) { return $Field['ErrorMessage']; diff --git a/sections/artist/change_artistid.php b/sections/artist/change_artistid.php index 1d2a9890..474c9000 100644 --- a/sections/artist/change_artistid.php +++ b/sections/artist/change_artistid.php @@ -19,20 +19,32 @@ error('Please enter a valid artist ID number or a valid artist name.'); } -$DB->query("SELECT Name FROM artists_group WHERE ArtistID = $ArtistID LIMIT 1"); +$DB->query(" + SELECT Name + FROM artists_group + WHERE ArtistID = $ArtistID + LIMIT 1"); if (!(list($ArtistName) = $DB->next_record(MYSQLI_NUM, false))) { error('An error has occured.'); } if ($NewArtistID > 0) { // Make sure that's a real artist ID number, and grab the name - $DB->query("SELECT Name FROM artists_group WHERE ArtistID = $NewArtistID LIMIT 1"); + $DB->query(" + SELECT Name + FROM artists_group + WHERE ArtistID = $NewArtistID + LIMIT 1"); if (!(list($NewArtistName) = $DB->next_record())) { error('Please enter a valid artist ID number.'); } } else { // Didn't give an ID, so try to grab based on the name - $DB->query("SELECT ArtistID FROM artists_alias WHERE Name = '".db_string($NewArtistName)."' LIMIT 1"); + $DB->query(" + SELECT ArtistID + FROM artists_alias + WHERE Name = '".db_string($NewArtistName)."' + LIMIT 1"); if (!(list($NewArtistID) = $DB->next_record())) { error('No artist by that name was found.'); } @@ -57,17 +69,26 @@ $Collages = $DB->collect('CollageID'); // And the info to avoid double-listing an artist if it and the target are on the same group - $DB->query("SELECT DISTINCT GroupID FROM torrents_artists WHERE ArtistID = $NewArtistID"); + $DB->query(" + SELECT DISTINCT GroupID + FROM torrents_artists + WHERE ArtistID = $NewArtistID"); $NewArtistGroups = $DB->collect('GroupID'); $NewArtistGroups[] = '0'; $NewArtistGroups = implode(',',$NewArtistGroups); - $DB->query("SELECT DISTINCT RequestID FROM requests_artists WHERE ArtistID = $NewArtistID"); + $DB->query(" + SELECT DISTINCT RequestID + FROM requests_artists + WHERE ArtistID = $NewArtistID"); $NewArtistRequests = $DB->collect('RequestID'); $NewArtistRequests[] = '0'; $NewArtistRequests = implode(',',$NewArtistRequests); - $DB->query("SELECT DISTINCT UserID from bookmarks_artists WHERE ArtistID = $NewArtistID"); + $DB->query(" + SELECT DISTINCT UserID + FROM bookmarks_artists + WHERE ArtistID = $NewArtistID"); $NewArtistBookmarks = $DB->collect('UserID'); $NewArtistBookmarks[] = '0'; $NewArtistBookmarks = implode(',',$NewArtistBookmarks); diff --git a/sections/collages/add_artist.php b/sections/collages/add_artist.php index 1586e26d..dd7f7226 100644 --- a/sections/collages/add_artist.php +++ b/sections/collages/add_artist.php @@ -65,8 +65,7 @@ function add_artist($CollageID, $ArtistID) { } if ($_REQUEST['action'] == 'add_artist') { - $URLRegex = '/^https?:\/\/(www\.|ssl\.)?'.preg_quote(NONSSL_SITE_URL, '/').'\/artist\.php\?(page=[0-9]+&)?id=([0-9]+)/i'; - $Val->SetFields('url', '1','regex','The URL must be a link to a artist on the site.',array('regex'=>$URLRegex)); + $Val->SetFields('url', '1','regex','The URL must be a link to a artist on the site.',array('regex' => '/^'.ARTIST_REGEX.'/i')); $Err = $Val->ValidateForm($_POST); if ($Err) { @@ -76,9 +75,8 @@ function add_artist($CollageID, $ArtistID) { $URL = $_POST['url']; // Get artist ID - $URLRegex = '/artist\.php\?(page=[0-9]+&)?id=([0-9]+)/i'; - preg_match($URLRegex, $URL, $Matches); - $ArtistID = $Matches[2]; + preg_match('/^'.ARTIST_REGEX.'/i', $URL, $Matches); + $ArtistID = $Matches[4]; if (!$ArtistID || (int) $ArtistID == 0) { error(404); } @@ -91,8 +89,6 @@ function add_artist($CollageID, $ArtistID) { add_artist($CollageID, $ArtistID); } else { - $URLRegex = '/^https?:\/\/(www\.|ssl\.)?'.NONSSL_SITE_URL.'\/artist\.php\?(page=[0-9]+&)?id=([0-9]+)/i'; - $URLs = explode("\n",$_REQUEST['urls']); $ArtistIDs = array(); $Err = ''; @@ -115,9 +111,9 @@ function add_artist($CollageID, $ArtistID) { foreach ($URLs as $URL) { $Matches = array(); - if (preg_match($URLRegex, $URL, $Matches)) { - $ArtistIDs[] = $Matches[3]; - $ArtistID = $Matches[3]; + if (preg_match('/^'.ARTIST_REGEX.'/i', $URL, $Matches)) { + $ArtistIDs[] = $Matches[4]; + $ArtistID = $Matches[4]; } else { $Err = "One of the entered URLs ($URL) does not correspond to an artist on the site."; break; diff --git a/sections/collages/add_torrent.php b/sections/collages/add_torrent.php index 50a8e88a..7813cc6c 100644 --- a/sections/collages/add_torrent.php +++ b/sections/collages/add_torrent.php @@ -65,8 +65,7 @@ function add_torrent($CollageID, $GroupID) { } if ($_REQUEST['action'] == 'add_torrent') { - $URLRegex = '/^https?:\/\/(www\.|ssl\.)?'.NONSSL_SITE_URL.'\/torrents\.php\?(page=[0-9]+&)?id=([0-9]+)/i'; - $Val->SetFields('url', '1','regex','The URL must be a link to a torrent on the site.',array('regex'=>$URLRegex)); + $Val->SetFields('url', '1','regex','The URL must be a link to a torrent on the site.',array('regex' => '/^'.TORRENT_GROUP_REGEX.'/i')); $Err = $Val->ValidateForm($_POST); if ($Err) { @@ -76,9 +75,8 @@ function add_torrent($CollageID, $GroupID) { $URL = $_POST['url']; // Get torrent ID - $URLRegex = '/torrents\.php\?(page=[0-9]+&)?id=([0-9]+)/i'; - preg_match($URLRegex, $URL, $Matches); - $TorrentID = $Matches[2]; + preg_match('/^'.TORRENT_GROUP_REGEX.'/i', $URL, $Matches); + $TorrentID = $Matches[4]; if (!$TorrentID || (int)$TorrentID == 0) { error(404); } @@ -91,8 +89,6 @@ function add_torrent($CollageID, $GroupID) { add_torrent($CollageID, $GroupID); } else { - $URLRegex = '/^https?:\/\/(www\.|ssl\.)?'.NONSSL_SITE_URL.'\/torrents\.php\?(page=[0-9]+&)?id=([0-9]+)/i'; - $URLs = explode("\n",$_REQUEST['urls']); $GroupIDs = array(); $Err = ''; @@ -115,9 +111,9 @@ function add_torrent($CollageID, $GroupID) { foreach ($URLs as $URL) { $Matches = array(); - if (preg_match($URLRegex, $URL, $Matches)) { - $GroupIDs[] = $Matches[3]; - $GroupID = $Matches[3]; + if (preg_match('/^'.TORRENT_GROUP_REGEX.'/i', $URL, $Matches)) { + $GroupIDs[] = $Matches[4]; + $GroupID = $Matches[4]; } else { $Err = "One of the entered URLs ($URL) does not correspond to a torrent on the site."; break; diff --git a/sections/friends/add.php b/sections/friends/add.php index bda51c65..76d68506 100644 --- a/sections/friends/add.php +++ b/sections/friends/add.php @@ -1,10 +1,19 @@ query("SELECT 1 FROM users_main WHERE ID = '$FriendID'"); +if ($DB->record_count() == 0) { + error(404); +} + $DB->query(" INSERT IGNORE INTO friends (UserID, FriendID) VALUES ('$LoggedUser[ID]', '$FriendID')"); header('Location: friends.php'); -?> diff --git a/sections/inbox/inbox.php b/sections/inbox/inbox.php index 6a19a53d..567ebeb1 100644 --- a/sections/inbox/inbox.php +++ b/sections/inbox/inbox.php @@ -67,7 +67,7 @@ } } $sql .= (($Section == 'sentbox') ? ' cu.InSentbox' : ' cu.InInbox'); -$sql .="='1'"; +$sql .= "='1'"; $sql .=" GROUP BY c.ID @@ -80,7 +80,7 @@ $Count = $DB->record_count(); $Pages = Format::get_pages($Page, $NumResults, MESSAGES_PER_PAGE, 9); -echo $Pages; +echo "\t\t$Pages\n"; ?> @@ -136,17 +136,20 @@ -'; } if ($Sticky) { echo 'Sticky: '; } + echo "\n"; ?> '; + echo "\n"; } ?> @@ -164,7 +167,9 @@ -
+
+ +
SetFields('username',true,'regex','You did not enter a valid username.',array('regex'=>'/^[a-z0-9_?]{1,20}$/i')); + $Validate->SetFields('username',true,'regex','You did not enter a valid username.',array('regex' => USERNAME_REGEX)); $Validate->SetFields('password','1','string','You entered an invalid password.',array('minlength'=>'6','maxlength'=>'150')); $DB->query("SELECT ID, Attempts, Bans, BannedUntil FROM login_attempts WHERE IP='".db_string($_SERVER['REMOTE_ADDR'])."'"); diff --git a/sections/register/index.php b/sections/register/index.php index beb7aaa0..22e61402 100644 --- a/sections/register/index.php +++ b/sections/register/index.php @@ -32,7 +32,7 @@ } } elseif (OPEN_REGISTRATION || !empty($_REQUEST['invite'])) { - $Val->SetFields('username', true, 'regex', 'You did not enter a valid username.', array('regex'=>'/^[a-z0-9_?]{1,20}$/iD')); + $Val->SetFields('username', true, 'regex', 'You did not enter a valid username.', array('regex' => USERNAME_REGEX)); $Val->SetFields('email', true, 'email', 'You did not enter a valid email address.'); $Val->SetFields('password', true, 'regex', 'A strong password is between 8 and 40 characters long, contains at least 1 lowercase and uppercase letter, and contains at least a number or symbol', array('regex'=>'/(?=^.{8,}$)(?=.*[^a-zA-Z])(?=.*[A-Z])(?=.*[a-z]).*$/')); $Val->SetFields('confirm_password', true, 'compare', 'Your passwords do not match.', array('comparefield'=>'password')); diff --git a/sections/reportsv2/takereport.php b/sections/reportsv2/takereport.php index 78fd1833..d1ed8d8f 100644 --- a/sections/reportsv2/takereport.php +++ b/sections/reportsv2/takereport.php @@ -48,9 +48,9 @@ } if (!empty($_POST['sitelink'])) { - if (preg_match_all('/((https?:\/\/)?([a-zA-Z0-9\-]+(\.[a-zA-Z0-9\-]+)*\.)?'.SSL_SITE_URL.'\/torrents.php\?(id=[0-9]+\&)?torrentid=([0-9]+))/is', $_POST['sitelink'], $Matches)) { - $ExtraIDs = implode(' ', $Matches[6]); - if (in_array($TorrentID, $Matches[6])) { + if (preg_match_all('/'.TORRENT_REGEX.'/i', $_POST['sitelink'], $Matches)) { + $ExtraIDs = implode(' ', $Matches[4]); + if (in_array($TorrentID, $Matches[4])) { $Err = "The extra permalinks you gave included the link to the torrent you're reporting!"; } } else { @@ -63,7 +63,7 @@ if (!empty($_POST['link'])) { //resource_type://domain:port/filepathname?query_string#anchor // http:// www .foo.com /bar - if (preg_match_all('/(https?:\/\/)?[a-zA-Z0-9\-]+(\.[a-zA-Z0-9\-]+)*(:[0-9]{2,5})?(\/(\S)+)?/is', $_POST['link'], $Matches)) { + if (preg_match_all('/'.URL_REGEX.'/is', $_POST['link'], $Matches)) { $Links = implode(' ', $Matches[0]); } else { $Err = "The extra links you provided weren't links..."; diff --git a/sections/reportsv2/views.php b/sections/reportsv2/views.php index 5000b877..f5843db7 100644 --- a/sections/reportsv2/views.php +++ b/sections/reportsv2/views.php @@ -215,7 +215,7 @@ SELECT r.ResolverID, um.Username, - COUNT(r.ID) AS Count, + COUNT(r.ID) AS Count FROM reportsv2 AS r LEFT JOIN users_main AS um ON r.ResolverID=um.ID WHERE r.Status = 'InProgress' diff --git a/sections/requests/takefill.php b/sections/requests/takefill.php index 2ae8f5d6..2860f38b 100644 --- a/sections/requests/takefill.php +++ b/sections/requests/takefill.php @@ -14,22 +14,15 @@ $TorrentID = $_GET['torrentid']; } else { if (empty($_POST['link'])) { - $Err = 'You forgot to supply a link to the filling torrent'; + error('You forgot to supply a link to the filling torrent'); } else { $Link = $_POST['link']; - if (preg_match('/'.TORRENT_REGEX.'/i', $Link, $Matches) < 1) { - $Err = 'Your link didn\'t seem to be a valid torrent link'; + if (!preg_match('/'.TORRENT_REGEX.'/i', $Link, $Matches)) { + error('Your link didn\'t seem to be a valid torrent link'); } else { - $TorrentID = $Matches[0]; + $TorrentID = $Matches[4]; } } - - if (!empty($Err)) { - error($Err); - } - - preg_match("/torrentid=([0-9]+)/i", $Link, $Matches); - $TorrentID = $Matches[1]; if (!$TorrentID || !is_number($TorrentID)) { error(404); } diff --git a/sections/requests/takenew_edit.php b/sections/requests/takenew_edit.php index 849b8d9a..61e87ae8 100644 --- a/sections/requests/takenew_edit.php +++ b/sections/requests/takenew_edit.php @@ -177,9 +177,8 @@ // GroupID if (!empty($_POST['groupid'])) { $GroupID = trim($_POST['groupid']); - $URLRegex = '/^https?:\/\/(www\.|ssl\.)?'.SSL_SITE_URL.'\/torrents\.php\?(page=[0-9]+&)?id=([0-9]+)/i'; - if (preg_match($URLRegex, $GroupID, $Matches)) { - $GroupID = $Matches[3]; + if (preg_match('/^'.TORRENT_GROUP_REGEX.'/i', $GroupID, $Matches)) { + $GroupID = $Matches[4]; } if (is_number($GroupID)) { $DB->query("SELECT 1 FROM torrents_group WHERE ID = '$GroupID' AND CategoryID = 1"); diff --git a/sections/tools/managers/bans.php b/sections/tools/managers/bans.php index 88cc81cd..2c231ca9 100644 --- a/sections/tools/managers/bans.php +++ b/sections/tools/managers/bans.php @@ -64,7 +64,7 @@ $sql .= "WHERE Reason LIKE '%".db_string($_REQUEST['notes'])."%' "; } -if (!empty($_REQUEST['ip']) && preg_match('/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/', $_REQUEST['ip'])) { +if (!empty($_REQUEST['ip']) && preg_match('/'.IP_REGEX.'/', $_REQUEST['ip'])) { if (!empty($_REQUEST['notes'])) { $sql .= "AND '".Tools::ip_to_unsigned($_REQUEST['ip'])."' BETWEEN FromIP AND ToIP "; } else { diff --git a/sections/tools/managers/recommend_add.php b/sections/tools/managers/recommend_add.php index a164fb47..7b23f9d7 100644 --- a/sections/tools/managers/recommend_add.php +++ b/sections/tools/managers/recommend_add.php @@ -12,7 +12,7 @@ // Make sure the URL they entered is on our site, and is a link to a torrent $URLRegex = '/^https?:\/\/(www\.|ssl\.)?'.NONSSL_SITE_URL.'\/torrents\.php\?id=([0-9]+)$/i'; $Val->SetFields('url', - '1','regex','The URL must be a link to a torrent on the site.',array('regex'=>$URLRegex)); + '1','regex','The URL must be a link to a torrent on the site.',array('regex' => '/^'.TORRENT_GROUP_REGEX.'/i')); $Err = $Val->ValidateForm($_POST); // Validate the form if ($Err) { // if something didn't validate @@ -22,9 +22,8 @@ } // Get torrent ID -$URLRegex = '/torrents\.php\?id=([0-9]+)$/i'; -preg_match($URLRegex, $URL, $Matches); -$GroupID = $Matches[1]; +preg_match('/^'.TORRENT_GROUP_REGEX.'/i', $URL, $Matches); +$GroupID = $Matches[4]; if (empty($GroupID) || !is_number($GroupID)) { error(404); diff --git a/sections/tools/managers/tokens.php b/sections/tools/managers/tokens.php index 44eb2afe..54a67ee0 100644 --- a/sections/tools/managers/tokens.php +++ b/sections/tools/managers/tokens.php @@ -10,12 +10,18 @@ if (!is_number($Tokens) || ($Tokens < 0)) { error('Please enter a valid number of tokens.'); } - $sql = "UPDATE users_main SET FLTokens = FLTokens + $Tokens WHERE Enabled = '1'"; + $sql = " + UPDATE users_main + SET FLTokens = FLTokens + $Tokens + WHERE Enabled = '1'"; if (!isset($_REQUEST['leechdisabled'])) { $sql .= " AND can_leech = 1"; } $DB->query($sql); - $sql = "SELECT ID FROM users_main WHERE Enabled = '1'"; + $sql = " + SELECT ID + FROM users_main + WHERE Enabled = '1'"; if (!isset($_REQUEST['leechdisabled'])) { $sql .= " AND can_leech = 1"; } @@ -39,9 +45,15 @@ } else { $Where = "WHERE Enabled = '1' OR FLTokens > $Tokens"; } - $DB->query("SELECT ID FROM users_main $Where"); + $DB->query(" + SELECT ID + FROM users_main + $Where"); $Users = $DB->to_array(); - $DB->query("UPDATE users_main SET FLTokens = $Tokens $Where"); + $DB->query(" + UPDATE users_main + SET FLTokens = $Tokens + $Where"); foreach ($Users as $UserID) { list($UserID) = $UserID; diff --git a/sections/tools/services/get_host.php b/sections/tools/services/get_host.php index 2006d766..61c8b307 100644 --- a/sections/tools/services/get_host.php +++ b/sections/tools/services/get_host.php @@ -14,7 +14,7 @@ $Octets = explode('.', $_GET['ip']); if ( empty($_GET['ip']) || - !preg_match('/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/', $_GET['ip']) || + !preg_match('/'.IP_REGEX.'/', $_GET['ip']) || $Octets[0] < 0 || $Octets[0] > 255 || $Octets[1] < 0 || diff --git a/sections/torrents/browse2.php b/sections/torrents/browse2.php index d6071c7d..38eb8782 100644 --- a/sections/torrents/browse2.php +++ b/sections/torrents/browse2.php @@ -56,29 +56,41 @@ function header_link($SortKey,$DefaultWay="desc") { // Setting default search options if (!empty($_GET['setdefault'])) { - $UnsetList = array('page','setdefault'); - $UnsetRegexp = '/(&|^)('.implode('|',$UnsetList).')=.*?(&|$)/i'; + $UnsetList = array('page', 'setdefault'); + $UnsetRegexp = '/(&|^)('.implode('|', $UnsetList).')=.*?(&|$)/i'; - $DB->query("SELECT SiteOptions FROM users_info WHERE UserID='".db_string($LoggedUser['ID'])."'"); - list($SiteOptions)=$DB->next_record(MYSQLI_NUM, false); + $DB->query(" + SELECT SiteOptions + FROM users_info + WHERE UserID='".db_string($LoggedUser['ID'])."'"); + list($SiteOptions) = $DB->next_record(MYSQLI_NUM, false); if (!empty($SiteOptions)) { $SiteOptions = unserialize($SiteOptions); } else { $SiteOptions = array(); } - $SiteOptions['DefaultSearch'] = preg_replace($UnsetRegexp,'',$_SERVER['QUERY_STRING']); - $DB->query("UPDATE users_info SET SiteOptions='".db_string(serialize($SiteOptions))."' WHERE UserID='".db_string($LoggedUser['ID'])."'"); + $SiteOptions['DefaultSearch'] = preg_replace($UnsetRegexp, '', $_SERVER['QUERY_STRING']); + $DB->query(" + UPDATE users_info + SET SiteOptions='".db_string(serialize($SiteOptions))."' + WHERE UserID='".db_string($LoggedUser['ID'])."'"); $Cache->begin_transaction('user_info_heavy_'.$UserID); $Cache->update_row(false, array('DefaultSearch'=>$SiteOptions['DefaultSearch'])); $Cache->commit_transaction(0); // Clearing default search options } elseif (!empty($_GET['cleardefault'])) { - $DB->query("SELECT SiteOptions FROM users_info WHERE UserID='".db_string($LoggedUser['ID'])."'"); - list($SiteOptions)=$DB->next_record(MYSQLI_NUM, false); - $SiteOptions=unserialize($SiteOptions); - $SiteOptions['DefaultSearch']=''; - $DB->query("UPDATE users_info SET SiteOptions='".db_string(serialize($SiteOptions))."' WHERE UserID='".db_string($LoggedUser['ID'])."'"); + $DB->query(" + SELECT SiteOptions + FROM users_info + WHERE UserID='".db_string($LoggedUser['ID'])."'"); + list($SiteOptions) = $DB->next_record(MYSQLI_NUM, false); + $SiteOptions = unserialize($SiteOptions); + $SiteOptions['DefaultSearch'] = ''; + $DB->query(" + UPDATE users_info + SET SiteOptions='".db_string(serialize($SiteOptions))."' + WHERE UserID='".db_string($LoggedUser['ID'])."'"); $Cache->begin_transaction('user_info_heavy_'.$UserID); $Cache->update_row(false, array('DefaultSearch'=>'')); $Cache->commit_transaction(0); @@ -146,7 +158,7 @@ function header_link($SortKey,$DefaultWay="desc") { /** Start preparation of property arrays **/ array_pop($Bitrates); // remove 'other' -$SearchBitrates = array_merge($Bitrates, array('v0','v1','v2','24bit')); +$SearchBitrates = array_merge($Bitrates, array('v0', 'v1', 'v2', '24bit')); foreach ($SearchBitrates as $ID=>$Val) { $SearchBitrates[$ID] = strtolower($Val); @@ -237,7 +249,7 @@ function header_link($SortKey,$DefaultWay="desc") { //Simple search if (!empty($_GET['searchstr'])) { $SearchString = trim($_GET['searchstr']); - $Words = explode(' ',strtolower($SearchString)); + $Words = explode(' ', strtolower($SearchString)); if (!empty($Words)) { $FilterBitrates = $FilterFormats = array(); $BasicSearch = array('include' => array(), 'exclude' => array()); @@ -250,7 +262,7 @@ function header_link($SortKey,$DefaultWay="desc") { if ($Word[0] == '!' && strlen($Word) >= 2) { if ($Word == '!100%') { $_GET['haslog'] = '-1'; - } elseif (strpos($Word,'!',1) === false) { + } elseif (strpos($Word, '!', 1) === false) { $BasicSearch['exclude'][] = $Word; } else { $BasicSearch['include'][] = $Word; @@ -279,7 +291,7 @@ function header_link($SortKey,$DefaultWay="desc") { } if (!empty($BasicSearch['exclude'])) { foreach ($BasicSearch['exclude'] as $Word) { - $QueryParts[] = '!'.Sphinxql::escape_string(substr($Word,1)); + $QueryParts[] = '!'.Sphinxql::escape_string(substr($Word, 1)); } } if (!empty($FilterBitrates)) { @@ -309,7 +321,10 @@ function header_link($SortKey,$DefaultWay="desc") { //Get tag aliases. $TagAliases = $Cache->get_value('tag_aliases_search'); if (!$TagAliases) { - $DB->query("SELECT ID,BadTag,AliasTag FROM tag_aliases ORDER BY BadTag"); + $DB->query(" + SELECT ID, BadTag, AliasTag + FROM tag_aliases + ORDER BY BadTag"); $TagAliases = $DB->to_array(); //Unify tag aliases to be in_this_format as tags not in.this.format array_walk_recursive($TagAliases, create_function('&$val', '$val = preg_replace("/\./","_", $val);')); @@ -400,7 +415,7 @@ function header_link($SortKey,$DefaultWay="desc") { } if (!empty($Words['exclude'])) { foreach ($Words['exclude'] as $Word) { - $QueryParts[] = '!'.Sphinxql::escape_string(substr($Word,1)); + $QueryParts[] = '!'.Sphinxql::escape_string(substr($Word, 1)); } } if (!empty($QueryParts)) { @@ -451,7 +466,7 @@ function header_link($SortKey,$DefaultWay="desc") { $Filtered = true; } } -foreach (array('hascue','scene','vanityhouse','releasetype') as $Search) { +foreach (array('hascue', 'scene', 'vanityhouse', 'releasetype') as $Search) { if (isset($_GET[$Search]) && $_GET[$Search] !== '') { $SphQL->where($Search, $_GET[$Search]); // Release type is group specific @@ -459,6 +474,7 @@ function header_link($SortKey,$DefaultWay="desc") { $SphQLTor->where($Search, $_GET[$Search]); } if ($_GET[$Search] !== 0) { + //TODO: Clean up this hack // Hack! Deleted torrents may show up if we set to true unconditionally. Hope no one notices $Filtered = true; } diff --git a/sections/user/advancedsearch.php b/sections/user/advancedsearch.php index 6df4b846..d3a27280 100644 --- a/sections/user/advancedsearch.php +++ b/sections/user/advancedsearch.php @@ -4,11 +4,11 @@ * Best viewed with a wide screen monitor * **********************************************************************/ if (!empty($_GET['search'])) { - if (preg_match("/^".IP_REGEX."$/", $_GET['search'])) { + if (preg_match('/^'.IP_REGEX.'$/', $_GET['search'])) { $_GET['ip'] = $_GET['search']; - } elseif (preg_match("/^".EMAIL_REGEX."$/i", $_GET['search'])) { + } elseif (preg_match('/^'.EMAIL_REGEX.'$/i', $_GET['search'])) { $_GET['email'] = $_GET['search']; - } elseif (preg_match('/^[a-z0-9_?]{1,20}$/iD',$_GET['search'])) { + } elseif (preg_match(USERNAME_REGEX,$_GET['search'])) { $DB->query(" SELECT ID FROM users_main diff --git a/sections/user/connchecker.php b/sections/user/connchecker.php index 7ba61094..cc49371d 100644 --- a/sections/user/connchecker.php +++ b/sections/user/connchecker.php @@ -5,7 +5,7 @@ $Octets = explode(".", $_GET['ip']); if ( empty($_GET['ip']) || - !preg_match('/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/', $_GET['ip']) || + !preg_match('/'.IP_REGEX.'/', $_GET['ip']) || $Octets[0] < 0 || $Octets[0] > 255 || $Octets[1] < 0 || diff --git a/sections/wiki/takelink.php b/sections/wiki/takelink.php index 0c43219c..5dfc5197 100644 --- a/sections/wiki/takelink.php +++ b/sections/wiki/takelink.php @@ -1,10 +1,10 @@ to_id($Match[2]); } if (!$ArticleID) {