input.php

Revision 447, 38.5 kB (checked in by hannes, 3 months ago)
alternative (new default) view for list of new posts: group by topic

Line
1	<?php
2
3	/**
4	* Package: Spam Board 5
5	* File: includes/input.php
6	* Description: validation of input variables
7	*
8	* Copyright (C) 2007, 2008, 2009, 2012 Hannes Schueller
9	*
10	* This program is free software: you can redistribute it and/or modify
11	* it under the terms of the GNU Affero General Public License as
12	* published by the Free Software Foundation, version 3 of the
13	* License.
14	*
15	* This program is distributed in the hope that it will be useful,
16	* but WITHOUT ANY WARRANTY; without even the implied warranty of
17	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18	* GNU Affero General Public License for more details.
19	*
20	* You should have received a copy of the GNU Affero General Public License
21	* along with this program (see LICENCE). If not,
22	* see <http://www.gnu.org/licenses/>.
23	**/
24
25	/* register_globals atrocity can't just be disabled by using ini_set,
26	* because the damage is already done once that takes effect, so... */
27	if (ini_get('register_globals') !== 0 && strtolower(ini_get('register_globals')) !== 'off') {
28	// don't touch the following:
29	$not = Array();
30	$not[] = 'SETTINGS';
31	$not[] = 'VERSION';
32	$not[] = 'BOTS';
33	$not[] = 'MEMBERSTAGES';
34	$not[] = 'CIPHER';
35	$not[] = 'HASH';
36	$not[] = 'LANG';
37	$not[] = 'RULES';
38	$not[] = 'DEFAULTGROUPS';
39	// 'de-register' all local names of global variables
40	foreach ($_SERVER as $key=>$val) {
41	if (in_array($key, $not) === FALSE) {
42	unset($$key);
43	}
44	}
45	foreach ($_GET as $key=>$val) {
46	if (in_array($key, $not) === FALSE) {
47	unset($$key);
48	}
49	}
50	foreach ($_POST as $key=>$val) {
51	if (in_array($key, $not) === FALSE) {
52	unset($$key);
53	}
54	}
55	foreach ($_COOKIE as $key=>$val) {
56	if (in_array($key, $not) === FALSE) {
57	unset($$key);
58	}
59	}
60	foreach ($_FILES as $key=>$val) {
61	if (in_array($key, $not) === FALSE) {
62	unset($$key);
63	}
64	}
65	foreach ($_ENV as $key=>$val) {
66	if (in_array($key, $not) === FALSE) {
67	unset($$key);
68	}
69	}
70	foreach ($_REQUEST as $key=>$val) {
71	if (in_array($key, $not) === FALSE) {
72	unset($$key);
73	}
74	}
75	if (isset($_SESSION) && is_array($_SESSION)) {
76	foreach ($_SESSION as $key=>$val) {
77	if (in_array($key, $not) === FALSE) {
78	unset($$key);
79	}
80	}
81	}
82	}
83
84	// handle PHP's 'magic quotes' feature (bug) in case disabling it through .htaccess failed
85	function stripslashes_array($data) {
86	if (is_array($data)){
87	// another array within array
88	foreach ($data as $key => $value){
89	// recursive call
90	$data[$key] = stripslashes_array($value);
91	}
92	return $data;
93	} else {
94	// endpoint of recursion
95	return stripslashes($data);
96	}
97	}
98	if (get_magic_quotes_gpc()) {
99	// strip slashes from global arrays
100	$_SERVER = stripslashes_array($_SERVER);
101	$_GET = stripslashes_array($_GET);
102	$_POST = stripslashes_array($_POST);
103	$_COOKIE = stripslashes_array($_COOKIE);
104	$_FILES = stripslashes_array($_FILES);
105	$_ENV = stripslashes_array($_ENV);
106	$_REQUEST = stripslashes_array($_REQUEST);
107	if (isset($_SESSION) && is_array($_SESSION)) {
108	$_SESSION = stripslashes_array($_SESSION, '');
109	}
110	}
111
112	// check only for characters which actually are illegal in the current encoding
113	function check_legal($str) {
114	global $SETTINGS, $F;
115	if (mb_check_encoding($str, $SETTINGS['encoding']) === FALSE \|\| @simplexml_load_string('<root>' . $F->htmlentities($str) . '</root>') === FALSE) {
116	return FALSE;
117	} else {
118	return TRUE;
119	}
120	}
121
122	/* translate input variables to local names and check their integrity */
123
124	if (isset($_GET['show']) && $_GET['show'] != '') {
125	$INPUT['show'] = $_GET['show'];
126	if ($INPUT['show'] == 'index') { $INPUT['show'] = 'category'; }
127	if (preg_match('/^[a-z]+$/', $INPUT['show']) != 1) {
128	$WARNINGS[] = str_replace('%var%', 'show', $LANG['warning_input']);
129	$INPUT['show'] = 'category';
130	}
131	} else {
132	$INPUT['show'] = 'category';
133	}
134
135	if (isset($_GET['category']) && $_GET['category'] != '') {
136	$INPUT['category'] = $_GET['category'];
137	if (preg_match('/^[0-9]+$/', $INPUT['category']) != 1) {
138	$WARNINGS[] = str_replace('%var%', 'category', $LANG['warning_input']);
139	unset($INPUT['category']);
140	}
141	}
142
143	if (isset($_POST['id']) && $_POST['id'] != '') {
144	$INPUT['id'] = $_POST['id'];
145	} elseif (isset($_GET['id']) && $_GET['id'] != '') {
146	$INPUT['id'] = $_GET['id'];
147	}
148	if (isset($INPUT['id']) && $INPUT['id'] != '') {
149	if (preg_match('/^[0-9]+$/', $INPUT['id']) != 1) {
150	$WARNINGS[] = str_replace('%var%', 'id', $LANG['warning_input']);
151	unset($INPUT['id']);
152	}
153	}
154
155	if (isset($_POST['page']) && $_POST['page'] != '') {
156	$INPUT['page'] = $_POST['page'];
157	} elseif (isset($_GET['page']) && $_GET['page'] != '') {
158	$INPUT['page'] = $_GET['page'];
159	}
160	if (isset($INPUT['page']) && $INPUT['page'] != '') {
161	if (preg_match('/^[0-9]+$/', $INPUT['page']) != 1) {
162	$WARNINGS[] = str_replace('%var%', 'page', $LANG['warning_input']);
163	unset($INPUT['page']);
164	}
165	}
166
167	if (isset($_POST['remember'])) {
168	$INPUT['remember'] = $_POST['remember'];
169	if (preg_match('/^[y]?$/', $INPUT['remember']) != 1) {
170	$WARNINGS[] = str_replace('%var%', 'remember', $LANG['warning_input']);
171	unset($INPUT['remember']);
172	}
173	}
174
175	if (isset($_POST['user'])) {
176	$INPUT['user'] = $_POST['user'];
177	} elseif (isset($_GET['user'])) {
178	$INPUT['user'] = $_GET['user'];
179	}
180	if (isset($INPUT['user'])) {
181	if (check_legal($INPUT['user']) === FALSE) {
182	$WARNINGS[] = str_replace('%var%', 'user', $LANG['warning_input']);
183	unset($INPUT['user']);
184	}
185	}
186
187	// passwords are hashed anyway, so users are allowed to enter what they like
188	if (isset($_POST['password'])) {
189	$INPUT['password'] = $_POST['password'];
190	if (check_legal($INPUT['password']) === FALSE) {
191	$WARNINGS[] = str_replace('%var%', 'password', $LANG['warning_input']);
192	unset($INPUT['password']);
193	}
194	}
195	if (isset($_POST['newpassword'])) {
196	$INPUT['newpassword'] = $_POST['newpassword'];
197	if (check_legal($INPUT['newpassword']) === FALSE) {
198	$WARNINGS[] = str_replace('%var%', 'newpassword', $LANG['warning_input']);
199	unset($INPUT['newpassword']);
200	}
201	}
202	if (isset($_POST['newpassword2'])) {
203	$INPUT['newpassword2'] = $_POST['newpassword2'];
204	if (check_legal($INPUT['newpassword2']) === FALSE) {
205	$WARNINGS[] = str_replace('%var%', 'newpassword2', $LANG['warning_input']);
206	unset($INPUT['newpassword2']);
207	}
208	}
209
210	if (isset($_GET['month']) && $_GET['month'] != '') {
211	$INPUT['month'] = $_GET['month'];
212	if (preg_match('/^[0-9]{1,2}$/', $INPUT['month']) != 1) {
213	$WARNINGS[] = str_replace('%var%', 'month', $LANG['warning_input']);
214	unset($INPUT['month']);
215	}
216	}
217
218	if (isset($_GET['year']) && $_GET['year'] != '') {
219	$INPUT['year'] = $_GET['year'];
220	if (preg_match('/^[0-9]{4}$/', $INPUT['year']) != 1) {
221	$WARNINGS[] = str_replace('%var%', 'year', $LANG['warning_input']);
222	unset($INPUT['year']);
223	}
224	}
225
226	if (isset($_GET['order']) && $_GET['order'] != '') {
227	$INPUT['order'] = $_GET['order'];
228	if (preg_match('/^[a-z]+$/', $INPUT['order']) != 1) {
229	$WARNINGS[] = str_replace('%var%', 'order', $LANG['warning_input']);
230	unset($INPUT['order']);
231	}
232	}
233
234	if (isset($_GET['showresults'])) {
235	$INPUT['showresults'] = $_GET['showresults'];
236	if (preg_match('/^(yes)?$/', $INPUT['showresults']) != 1) {
237	$WARNINGS[] = str_replace('%var%', 'showresults', $LANG['warning_input']);
238	unset($INPUT['showresults']);
239	}
240	}
241
242	if (isset($_POST['poll']) && $_POST['poll'] != '') {
243	$INPUT['poll'] = $_POST['poll'];
244	if (preg_match('/^[0-9]+$/', $INPUT['poll']) != 1) {
245	$WARNINGS[] = str_replace('%var%', 'poll', $LANG['warning_input']);
246	unset($INPUT['poll']);
247	}
248	}
249
250	if (isset($_POST['topic']) && $_POST['topic'] != '') {
251	$INPUT['topic'] = $_POST['topic'];
252	} elseif (isset($_GET['topic']) && $_GET['topic'] != '') {
253	$INPUT['topic'] = $_GET['topic'];
254	}
255	if (isset($INPUT['topic'])) {
256	if (preg_match('/^[0-9]+$/', $INPUT['topic']) != 1) {
257	$WARNINGS[] = str_replace('%var%', 'topic', $LANG['warning_input']);
258	unset($INPUT['topic']);
259	}
260	}
261
262	if (isset($_POST['search_scope']) && $_POST['search_scope'] != '') {
263	$INPUT['search_scope'] = $_POST['search_scope'];
264	} elseif (isset($_GET['search_scope']) && $_GET['search_scope'] != '') {
265	$INPUT['search_scope'] = $_GET['search_scope'];
266	}
267	if (isset($INPUT['search_scope'])) {
268	if (preg_match('/^[a-z][=]?[0-9]$/', $INPUT['search_scope']) != 1) {
269	$WARNINGS[] = str_replace('%var%', 'search_scope', $LANG['warning_input']);
270	unset($INPUT['search_scope']);
271	}
272	}
273
274	if (isset($_POST['search_mode']) && $_POST['search_mode'] != '') {
275	$INPUT['search_mode'] = $_POST['search_mode'];
276	} elseif (isset($_GET['search_mode']) && $_GET['search_mode'] != '') {
277	$INPUT['search_mode'] = $_GET['search_mode'];
278	}
279	if (isset($INPUT['search_mode'])) {
280	if (preg_match('/^(all\|any\|phrase\|member)?$/', $INPUT['search_mode']) != 1) {
281	$WARNINGS[] = str_replace('%var%', 'search_mode', $LANG['warning_input']);
282	unset($INPUT['search_mode']);
283	}
284	}
285
286	if (isset($_POST['search_fields']) && $_POST['search_fields'] != '') {
287	$INPUT['search_fields'] = $_POST['search_fields'];
288	} elseif (isset($_GET['search_fields']) && $_GET['search_fields'] != '') {
289	$INPUT['search_fields'] = $_GET['search_fields'];
290	}
291	if (isset($INPUT['search_fields'])) {
292	if (preg_match('/^(both\|posts\|topics)?$/', $INPUT['search_fields']) != 1) {
293	$WARNINGS[] = str_replace('%var%', 'search_fields', $LANG['warning_input']);
294	unset($INPUT['search_fields']);
295	}
296	}
297
298	if (isset($_POST['search_age']) && $_POST['search_age'] != '') {
299	$INPUT['search_age'] = $_POST['search_age'];
300	} elseif (isset($_GET['search_age']) && $_GET['search_age'] != '') {
301	$INPUT['search_age'] = $_GET['search_age'];
302	}
303	if (isset($INPUT['search_age'])) {
304	if (preg_match('/^(all\|day\|week\|month\|year)?$/', $INPUT['search_age']) != 1) {
305	$WARNINGS[] = str_replace('%var%', 'search_age', $LANG['warning_input']);
306	unset($INPUT['search_age']);
307	}
308	}
309
310	if (isset($_POST['all']) && $_POST['all'] != '') {
311	$INPUT['all'] = $_POST['all'];
312	} elseif (isset($_GET['all']) && $_GET['all'] != '') {
313	$INPUT['all'] = $_GET['all'];
314	}
315	if (isset($INPUT['all'])) {
316	if (check_legal($INPUT['all']) === FALSE) {
317	$WARNINGS[] = str_replace('%var%', 'all', $LANG['warning_input']);
318	unset($INPUT['all']);
319	}
320	}
321
322	if (isset($_POST['forum']) && $_POST['forum'] != '') {
323	$INPUT['forum'] = $_POST['forum'];
324	} elseif (isset($_GET['forum']) && $_GET['forum'] != '') {
325	$INPUT['forum'] = $_GET['forum'];
326	}
327	if (isset($INPUT['forum'])) {
328	if (preg_match('/^[0-9]+$/', $INPUT['forum']) != 1) {
329	$WARNINGS[] = str_replace('%var%', 'forum', $LANG['warning_input']);
330	unset($INPUT['forum']);
331	}
332	}
333
334	if (isset($_POST['method']) && $_POST['method'] != '') {
335	$INPUT['method'] = $_POST['method'];
336	} elseif (isset($_GET['method']) && $_GET['method'] != '') {
337	$INPUT['method'] = $_GET['method'];
338	}
339	if (isset($INPUT['method'])) {
340	if (preg_match('/^[a-z]+$/', $INPUT['method']) != 1) {
341	$WARNINGS[] = str_replace('%var%', 'method', $LANG['warning_input']);
342	unset($INPUT['method']);
343	}
344	}
345
346	if (isset($_POST['results']) && $_POST['results'] != '') {
347	$INPUT['results'] = $_POST['results'];
348	} elseif (isset($_GET['results']) && $_GET['results'] != '') {
349	$INPUT['results'] = $_GET['results'];
350	}
351	if (isset($INPUT['results'])) {
352	if (preg_match('/^[y]?$/', $INPUT['results']) != 1) {
353	$WARNINGS[] = str_replace('%var%', 'results', $LANG['warning_input']);
354	unset($INPUT['results']);
355	}
356	}
357
358	if (isset($_POST['commit']) && $_POST['commit'] != '') {
359	$INPUT['commit'] = $_POST['commit'];
360	} elseif (isset($_GET['commit']) && $_GET['commit'] != '') {
361	$INPUT['commit'] = $_GET['commit'];
362	}
363	if (isset($INPUT['commit'])) {
364	if (preg_match('/^[y]?$/', $INPUT['commit']) != 1) {
365	$WARNINGS[] = str_replace('%var%', 'commit', $LANG['warning_input']);
366	unset($INPUT['commit']);
367	}
368	}
369
370	if (isset($_POST['email']) && $_POST['email'] != '') {
371	$INPUT['email'] = $_POST['email'];
372	if (preg_match('/^[a-zA-Z][\w\.-][a-zA-Z0-9]@[a-zA-Z0-9][\w\.-][a-zA-Z0-9]\.[a-zA-Z][a-zA-Z\.]*[a-zA-Z]$/', $INPUT['email']) != 1) {
373	$WARNINGS[] = str_replace('%var%', 'email', $LANG['warning_input']);
374	unset($INPUT['email']);
375	}
376	}
377
378	if (isset($_POST['hideemail'])) {
379	$INPUT['hideemail'] = $_POST['hideemail'];
380	if (preg_match('/^[0-1]?$/', $INPUT['hideemail']) != 1) {
381	$WARNINGS[] = str_replace('%var%', 'hideemail', $LANG['warning_input']);
382	unset($INPUT['hideemail']);
383	}
384	}
385
386	if (isset($_POST['homepage']) && $_POST['homepage'] != '') {
387	$INPUT['homepage'] = $_POST['homepage'];
388	if (preg_match('/^(ftp\|http\|https\|gopher\|mailto\|news\|nntp\|telnet\|wais\|file\|prospero\|aim\|webcal):\/\/[A-Za-z0-9\$_\.+!*(),;\/?:@&~=\-]+$/', $INPUT['homepage']) != 1) {
389	$WARNINGS[] = str_replace('%var%', 'homepage', $LANG['warning_input']);
390	unset($INPUT['homepage']);
391	}
392	}
393
394	if (isset($_POST['birthday0']) && $_POST['birthday0'] != '') {
395	$INPUT['birthday0'] = $_POST['birthday0'];
396	if (preg_match('/^[0-9]{4}$/', $INPUT['birthday0']) != 1) {
397	$WARNINGS[] = str_replace('%var%', 'birthday0', $LANG['warning_input']);
398	unset($INPUT['birthday0']);
399	}
400	}
401
402	if (isset($_POST['birthday1']) && $_POST['birthday1'] != '') {
403	$INPUT['birthday1'] = $_POST['birthday1'];
404	if (preg_match('/^[0-9]{2}$/', $INPUT['birthday1']) != 1) {
405	$WARNINGS[] = str_replace('%var%', 'birthday1', $LANG['warning_input']);
406	unset($INPUT['birthday1']);
407	}
408	}
409
410	if (isset($_POST['birthday2']) && $_POST['birthday2'] != '') {
411	$INPUT['birthday2'] = $_POST['birthday2'];
412	if (preg_match('/^[0-9]{2}$/', $INPUT['birthday2']) != 1) {
413	$WARNINGS[] = str_replace('%var%', 'birthday2', $LANG['warning_input']);
414	unset($INPUT['birthday2']);
415	}
416	}
417
418	// no way to check these, but they're escaped before using them
419	if (isset($_POST['subject'])) {
420	$INPUT['subject'] = $_POST['subject'];
421	if (check_legal($INPUT['subject']) === FALSE) {
422	$WARNINGS[] = str_replace('%var%', 'subject', $LANG['warning_input']);
423	unset($INPUT['subject']);
424	}
425	}
426
427	if (isset($_POST['location'])) {
428	$INPUT['location'] = $_POST['location'];
429	if (check_legal($INPUT['location']) === FALSE) {
430	$WARNINGS[] = str_replace('%var%', 'location', $LANG['warning_input']);
431	unset($INPUT['location']);
432	}
433	}
434
435	if (isset($_POST['aim'])) {
436	$INPUT['aim'] = $_POST['aim'];
437	if (check_legal($INPUT['aim']) === FALSE) {
438	$WARNINGS[] = str_replace('%var%', 'aim', $LANG['warning_input']);
439	unset($INPUT['aim']);
440	}
441	}
442
443	if (isset($_POST['yahoo'])) {
444	$INPUT['yahoo'] = $_POST['yahoo'];
445	if (check_legal($INPUT['yahoo']) === FALSE) {
446	$WARNINGS[] = str_replace('%var%', 'yahoo', $LANG['warning_input']);
447	unset($INPUT['yahoo']);
448	}
449	}
450
451	if (isset($_POST['msn'])) {
452	$INPUT['msn'] = $_POST['msn'];
453	if (check_legal($INPUT['msn']) === FALSE) {
454	$WARNINGS[] = str_replace('%var%', 'msn', $LANG['warning_input']);
455	unset($INPUT['msn']);
456	}
457	}
458
459	if (isset($_POST['jabber'])) {
460	$INPUT['jabber'] = $_POST['jabber'];
461	if (check_legal($INPUT['jabber']) === FALSE) {
462	$WARNINGS[] = str_replace('%var%', 'jabber', $LANG['warning_input']);
463	unset($INPUT['jabber']);
464	}
465	}
466
467	if (isset($_POST['signature'])) {
468	$INPUT['signature'] = $_POST['signature'];
469	if (check_legal($INPUT['signature']) === FALSE) {
470	$WARNINGS[] = str_replace('%var%', 'signature', $LANG['warning_input']);
471	unset($INPUT['signature']);
472	}
473	}
474
475	if (isset($_POST['attachments'])) {
476	$INPUT['attachments'] = $_POST['attachments'];
477	if (preg_match('/^[0-9]*$/', $INPUT['attachments']) != 1) {
478	$WARNINGS[] = str_replace('%var%', 'attachments', $LANG['warning_input']);
479	unset($INPUT['attachments']);
480	}
481	}
482
483	if (isset($_POST['avatar'])) {
484	$INPUT['avatar'] = $_POST['avatar'];
485	if (preg_match('/^[0-9a-zA-Z\.\/_\-]*$/', $INPUT['avatar']) != 1) {
486	$WARNINGS[] = str_replace('%var%', 'avatar', $LANG['warning_input']);
487	unset($INPUT['avatar']);
488	}
489	}
490
491	if (isset($_POST['icq'])) {
492	$INPUT['icq'] = $_POST['icq'];
493	if (preg_match('/^[0-9]*$/', $INPUT['icq']) != 1) {
494	$WARNINGS[] = str_replace('%var%', 'icq', $LANG['warning_input']);
495	unset($INPUT['icq']);
496	}
497	}
498
499	if (isset($_POST['action']) && $_POST['action'] != '') {
500	$INPUT['action'] = $_POST['action'];
501	} elseif (isset($_GET['action']) && $_GET['action'] != '') {
502	$INPUT['action'] = $_GET['action'];
503	}
504	if (isset($INPUT['action'])) {
505	if (preg_match('/^[a-z]*$/', $INPUT['action']) != 1) {
506	$WARNINGS[] = str_replace('%var%', 'action', $LANG['warning_input']);
507	unset($INPUT['action']);
508	}
509	}
510
511	if (isset($_POST['reply']) && $_POST['reply'] != '') {
512	$INPUT['reply'] = $_POST['reply'];
513	} elseif (isset($_GET['reply']) && $_GET['reply'] != '') {
514	$INPUT['reply'] = $_GET['reply'];
515	}
516	if (isset($INPUT['reply'])) {
517	if (preg_match('/^[0-9]*$/', $INPUT['reply']) != 1) {
518	$WARNINGS[] = str_replace('%var%', 'reply', $LANG['warning_input']);
519	unset($INPUT['reply']);
520	}
521	}
522
523	if (isset($_POST['to'])) {
524	$INPUT['to'] = $_POST['to'];
525	if (check_legal($INPUT['to']) === FALSE) {
526	$WARNINGS[] = str_replace('%var%', 'to', $LANG['warning_input']);
527	unset($INPUT['to']);
528	}
529	}
530
531	if (isset($_POST['title'])) {
532	$INPUT['title'] = $_POST['title'];
533	if (check_legal($INPUT['title']) === FALSE) {
534	$WARNINGS[] = str_replace('%var%', 'title', $LANG['warning_input']);
535	unset($INPUT['title']);
536	}
537	}
538
539	if (isset($_POST['post']) && $_POST['post'] != '') {
540	$INPUT['post'] = $_POST['post'];
541	} elseif (isset($_GET['post']) && $_GET['post'] != '') {
542	$INPUT['post'] = $_GET['post'];
543	}
544	if (isset($INPUT['post'])) {
545	if (check_legal($INPUT['post']) === FALSE) {
546	$WARNINGS[] = str_replace('%var%', 'post', $LANG['warning_input']);
547	unset($INPUT['post']);
548	}
549	}
550
551	if (isset($_POST['messagenotification_email'])) {
552	$INPUT['messagenotification_email'] = $_POST['messagenotification_email'];
553	if (preg_match('/^[0-1]?$/', $INPUT['messagenotification_email']) != 1) {
554	$WARNINGS[] = str_replace('%var%', 'messagenotification_email', $LANG['warning_input']);
555	unset($INPUT['messagenotification_email']);
556	}
557	}
558
559	if (isset($_POST['messagenotification_popup'])) {
560	$INPUT['messagenotification_popup'] = $_POST['messagenotification_popup'];
561	if (preg_match('/^[0-1]?$/', $INPUT['messagenotification_popup']) != 1) {
562	$WARNINGS[] = str_replace('%var%', 'messagenotification_popup', $LANG['warning_input']);
563	unset($INPUT['messagenotification_popup']);
564	}
565	}
566
567	if (isset($_POST['quote']) && $_POST['quote'] != '') {
568	$INPUT['quote'] = $_POST['quote'];
569	} elseif (isset($_GET['quote']) && $_GET['quote'] != '') {
570	$INPUT['quote'] = $_GET['quote'];
571	}
572	if (isset($INPUT['quote'])) {
573	if (preg_match('/^[0-9]+$/', $INPUT['quote']) != 1) {
574	$WARNINGS[] = str_replace('%var%', 'quote', $LANG['warning_input']);
575	unset($INPUT['quote']);
576	}
577	}
578
579	if (isset($_POST['pollchoices'])) {
580	$INPUT['pollchoices'] = $_POST['pollchoices'];
581	if (check_legal($INPUT['pollchoices']) === FALSE) {
582	$WARNINGS[] = str_replace('%var%', 'pollchoices', $LANG['warning_input']);
583	unset($INPUT['pollchoices']);
584	}
585	}
586
587	if (isset($_POST['vote'])) {
588	$INPUT['vote'] = $_POST['vote'];
589	if (preg_match('/^[0-9]*$/', $INPUT['vote']) != 1) {
590	$WARNINGS[] = str_replace('%var%', 'vote', $LANG['warning_input']);
591	unset($INPUT['vote']);
592	}
593	}
594
595	if (isset($_POST['auth_code'])) {
596	$INPUT['auth_code'] = $_POST['auth_code'];
597	if (preg_match('/^[0-9a-zA-Z!\$@+\-]*$/', $INPUT['auth_code']) != 1) {
598	$WARNINGS[] = str_replace('%var%', 'auth_code', $LANG['warning_input']);
599	unset($INPUT['auth_code']);
600	}
601	}
602
603	if (isset($_POST['boardstyle'])) {
604	$INPUT['boardstyle'] = $_POST['boardstyle'];
605	if (preg_match('/^[a-zA-Z0-9\-_]*(\.css)?$/', $INPUT['boardstyle']) != 1) {
606	$WARNINGS[] = str_replace('%var%', 'boardstyle', $LANG['warning_input']);
607	unset($INPUT['boardstyle']);
608	}
609	}
610
611	if (isset($_POST['newsqltype'])) {
612	$INPUT['newsqltype'] = $_POST['newsqltype'];
613	if (preg_match('/^[a-z]*$/', $INPUT['newsqltype']) != 1) {
614	$WARNINGS[] = str_replace('%var%', 'newsqltype', $LANG['warning_input']);
615	unset($INPUT['newsqltype']);
616	}
617	}
618
619	if (isset($_POST['newsqlhost'])) {
620	$INPUT['newsqlhost'] = $_POST['newsqlhost'];
621	if (preg_match('/^[a-zA-Z0-9\-_:\/\.]*$/', $INPUT['newsqlhost']) != 1) {
622	$WARNINGS[] = str_replace('%var%', 'newsqlhost', $LANG['warning_input']);
623	unset($INPUT['newsqlhost']);
624	}
625	}
626
627	if (isset($_POST['newsqluser'])) {
628	$INPUT['newsqluser'] = $_POST['newsqluser'];
629	if (preg_match('/^[a-zA-Z0-9\-_]*$/', $INPUT['newsqluser']) != 1) {
630	$WARNINGS[] = str_replace('%var%', 'newsqluser', $LANG['warning_input']);
631	unset($INPUT['newsqluser']);
632	}
633	}
634
635	if (isset($_POST['newsqlpassword'])) {
636	$INPUT['newsqlpassword'] = $_POST['newsqlpassword'];
637	if (check_legal($INPUT['newsqlpassword']) === FALSE) {
638	$WARNINGS[] = str_replace('%var%', 'newsqlpassword', $LANG['warning_input']);
639	unset($INPUT['newsqlpassword']);
640	}
641	}
642
643	if (isset($_POST['newdbname'])) {
644	$INPUT['newdbname'] = $_POST['newdbname'];
645	if (preg_match('/^[a-zA-Z0-9\-\._]*$/', $INPUT['newdbname']) != 1) {
646	$WARNINGS[] = str_replace('%var%', 'newdbname', $LANG['warning_input']);
647	unset($INPUT['newdbname']);
648	}
649	}
650
651	if (isset($_POST['newdbtableprefix'])) {
652	$INPUT['newdbtableprefix'] = $_POST['newdbtableprefix'];
653	if (preg_match('/^[a-zA-Z0-9\-_]*$/', $INPUT['newdbtableprefix']) != 1) {
654	$WARNINGS[] = str_replace('%var%', 'newdbtableprefix', $LANG['warning_input']);
655	unset($INPUT['newdbtableprefix']);
656	}
657	}
658
659	if (isset($_POST['newforumname'])) {
660	$INPUT['newforumname'] = $_POST['newforumname'];
661	if (check_legal($INPUT['newforumname']) === FALSE) {
662	$WARNINGS[] = str_replace('%var%', 'newforumname', $LANG['warning_input']);
663	unset($INPUT['newforumname']);
664	}
665	}
666
667	if (isset($_POST['newslogan'])) {
668	$INPUT['newslogan'] = $_POST['newslogan'];
669	if (check_legal($INPUT['newslogan']) === FALSE) {
670	$WARNINGS[] = str_replace('%var%', 'newslogan', $LANG['warning_input']);
671	unset($INPUT['newslogan']);
672	}
673	}
674
675	if (isset($_POST['newforumlogo'])) {
676	$INPUT['newforumlogo'] = $_POST['newforumlogo'];
677	if (preg_match('/^[a-zA-Z0-9\-_\.]*$/', $INPUT['newforumlogo']) != 1) {
678	$WARNINGS[] = str_replace('%var%', 'newforumlogo', $LANG['warning_input']);
679	unset($INPUT['newforumlogo']);
680	}
681	}
682
683	if (isset($_POST['newsitename'])) {
684	$INPUT['newsitename'] = $_POST['newsitename'];
685	if (check_legal($INPUT['newsitename']) === FALSE) {
686	$WARNINGS[] = str_replace('%var%', 'newsitename', $LANG['warning_input']);
687	unset($INPUT['newsitename']);
688	}
689	}
690
691	if (isset($_POST['newsiteurl']) && $_POST['newsiteurl'] != '') {
692	$INPUT['newsiteurl'] = $_POST['newsiteurl'];
693	if (check_legal($INPUT['newsiteurl']) === FALSE) {
694	$WARNINGS[] = str_replace('%var%', 'newsiteurl', $LANG['warning_input']);
695	unset($INPUT['newsiteurl']);
696	}
697	}
698
699	if (isset($_POST['newforumadmin'])) {
700	$INPUT['newforumadmin'] = $_POST['newforumadmin'];
701	if (check_legal($INPUT['newforumadmin']) === FALSE) {
702	$WARNINGS[] = str_replace('%var%', 'newforumadmin', $LANG['warning_input']);
703	unset($INPUT['newforumadmin']);
704	}
705	}
706
707	if (isset($_POST['newforumadminemail']) && $_POST['newforumadminemail'] != '') {
708	$INPUT['newforumadminemail'] = $_POST['newforumadminemail'];
709	if (preg_match('/^[a-zA-Z][\w\.-][a-zA-Z0-9]@[a-zA-Z0-9][\w\.-][a-zA-Z0-9]\.[a-zA-Z][a-zA-Z\.]*[a-zA-Z]$/', $INPUT['newforumadminemail']) != 1) {
710	$WARNINGS[] = str_replace('%var%', 'newforumadminemail', $LANG['warning_input']);
711	unset($INPUT['newforumadminemail']);
712	}
713	}
714
715	if (isset($_POST['newtopicsperpage'])) {
716	$INPUT['newtopicsperpage'] = $_POST['newtopicsperpage'];
717	if (preg_match('/^[0-9]*$/', $INPUT['newtopicsperpage']) != 1) {
718	$WARNINGS[] = str_replace('%var%', 'newtopicsperpage', $LANG['warning_input']);
719	unset($INPUT['newtopicsperpage']);
720	}
721	}
722
723	if (isset($_POST['newpostsperpage'])) {
724	$INPUT['newpostsperpage'] = $_POST['newpostsperpage'];
725	if (preg_match('/^[0-9]*$/', $INPUT['newpostsperpage']) != 1) {
726	$WARNINGS[] = str_replace('%var%', 'newpostsperpage', $LANG['warning_input']);
727	unset($INPUT['newpostsperpage']);
728	}
729	}
730
731	if (isset($_POST['newmaxavatarsize'])) {
732	$INPUT['newmaxavatarsize'] = $_POST['newmaxavatarsize'];
733	if (preg_match('/^[0-9]*$/', $INPUT['newmaxavatarsize']) != 1) {
734	$WARNINGS[] = str_replace('%var%', 'newmaxavatarsize', $LANG['warning_input']);
735	unset($INPUT['newmaxavatarsize']);
736	}
737	}
738
739	if (isset($_POST['newguestemail'])) {
740	$INPUT['newguestemail'] = $_POST['newguestemail'];
741	if (preg_match('/^[0-1]?$/', $INPUT['newguestemail']) != 1) {
742	$WARNINGS[] = str_replace('%var%', 'newguestemail', $LANG['warning_input']);
743	unset($INPUT['newguestemail']);
744	}
745	}
746
747	if (isset($_POST['newfloodcontrol'])) {
748	$INPUT['newfloodcontrol'] = $_POST['newfloodcontrol'];
749	if (preg_match('/^[0-9]*$/', $INPUT['newfloodcontrol']) != 1) {
750	$WARNINGS[] = str_replace('%var%', 'newfloodcontrol', $LANG['warning_input']);
751	unset($INPUT['newfloodcontrol']);
752	}
753	}
754
755	if (isset($_POST['newfloodcontrol_search'])) {
756	$INPUT['newfloodcontrol_search'] = $_POST['newfloodcontrol_search'];
757	if (preg_match('/^[0-9]*$/', $INPUT['newfloodcontrol_search']) != 1) {
758	$WARNINGS[] = str_replace('%var%', 'newfloodcontrol_search', $LANG['warning_input']);
759	unset($INPUT['newfloodcontrol_search']);
760	}
761	}
762
763	if (isset($_POST['newmaxuploadsize'])) {
764	$INPUT['newmaxuploadsize'] = $_POST['newmaxuploadsize'];
765	if (preg_match('/^[0-9]*$/', $INPUT['newmaxuploadsize']) != 1) {
766	$WARNINGS[] = str_replace('%var%', 'newmaxuploadsize', $LANG['warning_input']);
767	unset($INPUT['newmaxuploadsize']);
768	}
769	}
770
771	if (isset($_POST['newuploadextensions'])) {
772	$INPUT['newuploadextensions'] = $_POST['newuploadextensions'];
773	if (preg_match('/^[0-9A-Za-z\.,]*$/', $INPUT['newuploadextensions']) != 1) {
774	$WARNINGS[] = str_replace('%var%', 'newuploadextensions', $LANG['warning_input']);
775	unset($INPUT['newuploadextensions']);
776	}
777	}
778
779	if (isset($_POST['newlanguage'])) {
780	$INPUT['newlanguage'] = trim($_POST['newlanguage']);
781	if (preg_match('/^[0-9a-zA-Z_\-]*$/', $INPUT['newlanguage']) != 1) {
782	$WARNINGS[] = str_replace('%var%', 'newlanguage', $LANG['warning_input']);
783	unset($INPUT['newlanguage']);
784	}
785	}
786
787	if (isset($_POST['newurl_rewriting'])) {
788	$INPUT['newurl_rewriting'] = $_POST['newurl_rewriting'];
789	if (preg_match('/^[0-1]?$/', $INPUT['newurl_rewriting']) != 1) {
790	$WARNINGS[] = str_replace('%var%', 'newurl_rewriting', $LANG['warning_input']);
791	unset($INPUT['newurl_rewriting']);
792	}
793	}
794
795	if (isset($_POST['newtimezone'])) {
796	$INPUT['newtimezone'] = $_POST['newtimezone'];
797	if ($INPUT['newtimezone'] != '' && $INPUT['newtimezone'] != ' ') {
798	if (preg_match('/^[+\-]?[0-9]{1,2}(:[0-9]{2})?$/', $INPUT['newtimezone']) != 1) {
799	$WARNINGS[] = str_replace('%var%', 'newtimezone', $LANG['warning_input']);
800	unset($INPUT['newtimezone']);
801	}
802	}
803	}
804
805	if (isset($_POST['newencoding'])) {
806	$INPUT['newencoding'] = $_POST['newencoding'];
807	if (preg_match('/^[0-9a-zA-Z\-]*$/', $INPUT['newencoding']) != 1) {
808	$WARNINGS[] = str_replace('%var%', 'newencoding', $LANG['warning_input']);
809	unset($INPUT['newencoding']);
810	}
811	}
812
813	if (isset($_POST['newdefaultstyle'])) {
814	$INPUT['newdefaultstyle'] = $_POST['newdefaultstyle'];
815	if (preg_match('/^[0-9a-zA-Z\-_]*$/', $INPUT['newdefaultstyle']) != 1) {
816	$WARNINGS[] = str_replace('%var%', 'newdefaultstyle', $LANG['warning_input']);
817	unset($INPUT['newdefaultstyle']);
818	}
819	}
820
821	if (isset($_POST['newdebug'])) {
822	$INPUT['newdebug'] = $_POST['newdebug'];
823	if (preg_match('/^[0-2]?$/', $INPUT['newdebug']) != 1) {
824	$WARNINGS[] = str_replace('%var%', 'newdebug', $LANG['warning_input']);
825	unset($INPUT['newdebug']);
826	}
827	}
828
829	if (isset($_POST['warnings'])) {
830	$INPUT['warnings'] = $_POST['warnings'];
831	if (preg_match('/^[0-1]?$/', $INPUT['warnings']) != 1) {
832	$WARNINGS[] = str_replace('%var%', 'warnings', $LANG['warning_input']);
833	unset($INPUT['warnings']);
834	}
835	}
836
837	if (isset($_POST['newexpire'])) {
838	$INPUT['newexpire'] = $_POST['newexpire'];
839	if (preg_match('/^[0-9]*$/', $INPUT['newexpire']) != 1) {
840	$WARNINGS[] = str_replace('%var%', 'newexpire', $LANG['warning_input']);
841	unset($INPUT['newexpire']);
842	}
843	}
844
845	if (isset($_POST['newhash'])) {
846	$INPUT['newhash'] = $_POST['newhash'];
847	if (preg_match('/^[a-z0-9,]*$/', $INPUT['newhash']) != 1) {
848	$WARNINGS[] = str_replace('%var%', 'newhash', $LANG['warning_input']);
849	unset($INPUT['newhash']);
850	}
851	}
852
853	if (isset($_POST['newauthcodes'])) {
854	$INPUT['newauthcodes'] = $_POST['newauthcodes'];
855	if (preg_match('/^[0-2]{1}$/', $INPUT['newauthcodes']) != 1) {
856	$WARNINGS[] = str_replace('%var%', 'newauthcodes', $LANG['warning_input']);
857	unset($INPUT['newauthcodes']);
858	}
859	}
860
861	if (isset($_POST['newheader'])) {
862	$INPUT['newheader'] = $_POST['newheader'];
863	if (check_legal($INPUT['newheader']) === FALSE) {
864	$WARNINGS[] = str_replace('%var%', 'newheader', $LANG['warning_input']);
865	unset($INPUT['newheader']);
866	}
867	}
868
869	if (isset($_POST['newcategory'])) {
870	$INPUT['newcategory'] = $_POST['newcategory'];
871	if (check_legal($INPUT['newcategory']) === FALSE) {
872	$WARNINGS[] = str_replace('%var%', 'newcategory', $LANG['warning_input']);
873	unset($INPUT['newcategory']);
874	}
875	}
876
877	if (isset($_POST['admin'])) {
878	$INPUT['admin'] = $_POST['admin'];
879	if (preg_match('/^[1]?$/', $INPUT['admin']) != 1) {
880	$WARNINGS[] = str_replace('%var%', 'admin', $LANG['warning_input']);
881	unset($INPUT['admin']);
882	}
883	}
884
885	if (isset($_POST['newcategoryname']) && is_array($_POST['newcategoryname'])) {
886	$INPUT['newcategoryname'] = $_POST['newcategoryname'];
887	foreach ($INPUT['newcategoryname'] as $key=>$_name) {
888	if (check_legal($_name) === FALSE) {
889	$WARNINGS[] = str_replace('%var%', 'newcategoryname[' . $key . ']', $LANG['warning_input']);
890	unset($INPUT['newcategoryname'][$key]);
891	}
892	}
893	}
894
895	if (isset($_POST['newcategoryorder']) && is_array($_POST['newcategoryorder'])) {
896	$INPUT['newcategoryorder'] = $_POST['newcategoryorder'];
897	foreach ($INPUT['newcategoryorder'] as $key=>$_order) {
898	if (preg_match('/^[0-9]*$/', $_order) != 1) {
899	$WARNINGS[] = str_replace('%var%', 'newcategoryorder[' . $key . ']', $LANG['warning_input']);
900	unset($INPUT['newcategoryorder'][$key]);
901	}
902	}
903	}
904
905	if (isset($_POST['newdesc']) && is_array($_POST['newdesc'])) {
906	$INPUT['newdesc'] = $_POST['newdesc'];
907	foreach ($INPUT['newdesc'] as $key=>$_desc) {
908	if (check_legal($_desc) === FALSE) {
909	$WARNINGS[] = str_replace('%var%', 'newdesc[' . $key . ']', $LANG['warning_input']);
910	unset($INPUT['newdesc'][$key]);
911	}
912	}
913	}
914
915	if (isset($_POST['newforum']) && is_array($_POST['newforum'])) {
916	$INPUT['newforum'] = $_POST['newforum'];
917	foreach ($INPUT['newforum'] as $_forum=>$val) {
918	if (preg_match('/^[0-9]*$/', $_forum) != 1) {
919	$WARNINGS[] = str_replace('%var%', 'newforum[' . $_forum . ']', $LANG['warning_input']);
920	unset($INPUT['newforum'][$_forum]);
921	}
922	}
923	}
924
925	if (isset($_POST['tocategory']) && is_array($_POST['tocategory'])) {
926	$INPUT['tocategory'] = $_POST['tocategory'];
927	foreach ($INPUT['tocategory'] as $key=>$_cat) {
928	if (preg_match('/^[0-9]*$/', $_cat) != 1) {
929	$WARNINGS[] = str_replace('%var%', 'tocategory[' . $key . ']', $LANG['warning_input']);
930	unset($INPUT['tocategory'][$key]);
931	}
932	}
933	}
934
935	if (isset($_POST['newmemberstage']) && is_array($_POST['newmemberstage'])) {
936	$INPUT['newmemberstage'] = $_POST['newmemberstage'];
937	foreach ($INPUT['newmemberstage'] as $key=>$_stage) {
938	if (preg_match('/^[0-9]*$/', $_stage) != 1) {
939	$WARNINGS[] = str_replace('%var%', 'newmemberstage[' . $key . ']', $LANG['warning_input']);
940	unset($INPUT['newmemberstage'][$key]);
941	}
942	}
943	}
944
945	if (isset($_POST['newmemberstagename']) && is_array($_POST['newmemberstagename'])) {
946	$INPUT['newmemberstagename'] = $_POST['newmemberstagename'];
947	foreach ($INPUT['newmemberstagename'] as $key=>$_name) {
948	if (check_legal($_name) === FALSE) {
949	$WARNINGS[] = str_replace('%var%', 'newmemberstagename[' . $key . ']', $LANG['warning_input']);
950	unset($INPUT['newmemberstagename'][$key]);
951	}
952	}
953	}
954
955	if (isset($_POST['changegroupname']) && is_array($_POST['changegroupname'])) {
956	$INPUT['changegroupname'] = $_POST['changegroupname'];
957	foreach ($INPUT['changegroupname'] as $key=>$_name) {
958	if (check_legal($_name) === FALSE) {
959	$WARNINGS[] = str_replace('%var%', 'changegroupname[' . $key . ']', $LANG['warning_input']);
960	unset($INPUT['changegroupname'][$key]);
961	}
962	}
963	}
964
965	if (isset($_POST['changegrouppublic']) && is_array($_POST['changegrouppublic'])) {
966	$INPUT['changegrouppublic'] = $_POST['changegrouppublic'];
967	foreach ($INPUT['changegrouppublic'] as $key=>$_public) {
968	if (preg_match('/^[1]?$/', $_public) != 1 \|\| preg_match('/^[0-9]+$/', $key) != 1) {
969	$WARNINGS[] = str_replace('%var%', 'changegrouppublic[' . $key . ']', $LANG['warning_input']);
970	unset($INPUT['changegrouppublic'][$key]);
971	}
972	}
973	}
974
975	if (isset($_POST['changegroupdelete']) && is_array($_POST['changegroupdelete'])) {
976	$INPUT['changegroupdelete'] = $_POST['changegroupdelete'];
977	foreach ($INPUT['changegroupdelete'] as $key=>$_delete) {
978	if (preg_match('/^[1]?$/', $_delete) != 1) {
979	$WARNINGS[] = str_replace('%var%', 'changegroupdelete[' . $key . ']', $LANG['warning_input']);
980	unset($INPUT['changegroupdelete'][$key]);
981	}
982	}
983	}
984
985	if (isset($_POST['newgroup'])) {
986	$INPUT['newgroup'] = $_POST['newgroup'];
987	if (check_legal($INPUT['newgroup']) === FALSE) {
988	$WARNINGS[] = str_replace('%var%', 'newgroup', $LANG['warning_input']);
989	unset($INPUT['newgroup']);
990	}
991	}
992
993	if (isset($_POST['newgrouppublic'])) {
994	$INPUT['newgrouppublic'] = $_POST['newgrouppublic'];
995	if (preg_match('/^[1]?$/', $INPUT['newgrouppublic']) != 1) {
996	$WARNINGS[] = str_replace('%var%', 'newgrouppublic', $LANG['warning_input']);
997	unset($INPUT['newgrouppublic']);
998	}
999	}
1000
1001	if (isset($_POST['newpagepermissions']) && is_array($_POST['newpagepermissions'])) {
1002	$INPUT['newpagepermissions'] = $_POST['newpagepermissions'];
1003	foreach ($INPUT['newpagepermissions'] as $key=>$_perm) {
1004	if (preg_match('/^[A-Za-z0-9_=\/]+$/', $_perm) != 1) {
1005	$WARNINGS[] = str_replace('%var%', 'newpagepermissions[' . $key . ']', $LANG['warning_input']);
1006	unset($INPUT['newpagepermissions'][$key]);
1007	}
1008	}
1009	}
1010
1011	if (isset($_POST['newpageread']) && is_array($_POST['newpageread'])) {
1012	$INPUT['newpageread'] = $_POST['newpageread'];
1013	foreach ($INPUT['newpageread'] as $key=>$_read) {
1014	if (preg_match('/^[1]?$/', $_read) != 1) {
1015	$WARNINGS[] = str_replace('%var%', 'newpageread[' . $key . ']', $LANG['warning_input']);
1016	unset($INPUT['newpageread'][$key]);
1017	}
1018	}
1019	}
1020
1021	if (isset($_POST['newpagewrite']) && is_array($_POST['newpagewrite'])) {
1022	$INPUT['newpagewrite'] = $_POST['newpagewrite'];
1023	foreach ($INPUT['newpagewrite'] as $key=>$_write) {
1024	if (preg_match('/^[1]?$/', $_write) != 1) {
1025	$WARNINGS[] = str_replace('%var%', 'newpagewrite[' . $key . ']', $LANG['warning_input']);
1026	unset($INPUT['newpagewrite'][$key]);
1027	}
1028	}
1029	}
1030
1031	if (isset($_POST['submit'])) {
1032	$INPUT['submit'] = $_POST['submit'];
1033	if (check_legal($INPUT['submit']) === FALSE) {
1034	$WARNINGS[] = str_replace('%var%', 'submit', $LANG['warning_input']);
1035	unset($INPUT['submit']);
1036	}
1037	}
1038
1039	if (isset($_POST['status']) && $_POST['status'] != '') {
1040	$INPUT['status'] = $_POST['status'];
1041	if (preg_match('/^[0-9]+$/', $INPUT['status']) != 1) {
1042	$WARNINGS[] = str_replace('%var%', 'status', $LANG['warning_input']);
1043	unset($INPUT['status']);
1044	}
1045	}
1046
1047	if (isset($_POST['newgroupmemberships']) && is_array($_POST['newgroupmemberships'])) {
1048	$INPUT['newgroupmemberships'] = $_POST['newgroupmemberships'];
1049	foreach ($INPUT['newgroupmemberships'] as $key=>$_group) {
1050	if (preg_match('/^[1]?$/', $_group) != 1) {
1051	$WARNINGS[] = str_replace('%var%', 'newgroupmemberships[' . $key . ']', $LANG['warning_input']);
1052	unset($INPUT['newgroupmemberships'][$key]);
1053	}
1054	}
1055	}
1056
1057	if (isset($_POST['newbannedip'])) {
1058	$INPUT['newbannedip'] = $_POST['newbannedip'];
1059	if (check_legal($INPUT['newbannedip']) === FALSE) {
1060	$WARNINGS[] = str_replace('%var%', 'newbannedip', $LANG['warning_input']);
1061	unset($INPUT['newbannedip']);
1062	}
1063	}
1064
1065	if (isset($_POST['newbannedname'])) {
1066	$INPUT['newbannedname'] = $_POST['newbannedname'];
1067	if (check_legal($INPUT['newbannedname']) === FALSE) {
1068	$WARNINGS[] = str_replace('%var%', 'newbannedname', $LANG['warning_input']);
1069	unset($INPUT['newbannedname']);
1070	}
1071	}
1072
1073	if (isset($_POST['newbannedmail'])) {
1074	$INPUT['newbannedmail'] = $_POST['newbannedmail'];
1075	if (check_legal($INPUT['newbannedmail']) === FALSE) {
1076	$WARNINGS[] = str_replace('%var%', 'newbannedemail', $LANG['warning_input']);
1077	unset($INPUT['newbannedemail']);
1078	}
1079	}
1080
1081	if (isset($_POST['newseveralaccountspermail'])) {
1082	$INPUT['newseveralaccountspermail'] = $_POST['newseveralaccountspermail'];
1083	if (preg_match('/^[0-1]?$/', $INPUT['newseveralaccountspermail']) != 1) {
1084	$WARNINGS[] = str_replace('%var%', 'newseveralaccountspermail', $LANG['warning_input']);
1085	unset($INPUT['newseveralaccountspermail']);
1086	}
1087	}
1088
1089	if (isset($_POST['newmaintainancemode'])) {
1090	$INPUT['newmaintainancemode'] = $_POST['newmaintainancemode'];
1091	if (preg_match('/^[1]?$/', $INPUT['newmaintainancemode']) != 1) {
1092	$WARNINGS[] = str_replace('%var%', 'newmaintainencemode', $LANG['warning_input']);
1093	unset($INPUT['newmaintainencemode']);
1094	}
1095	}
1096
1097	if (isset($_POST['newfspath'])) {
1098	$INPUT['newfspath'] = $_POST['newfspath'];
1099	if (preg_match('/^[A-Za-z0-9_\-\/\\:\.]*$/', $INPUT['newfspath']) != 1) {
1100	$WARNINGS[] = str_replace('%var%', 'newfspath', $LANG['warning_input']);
1101	unset($INPUT['newfspath']);
1102	}
1103	}
1104
1105	if (isset($_POST['newwebpath'])) {
1106	$INPUT['newwebpath'] = $_POST['newwebpath'];
1107	if (preg_match('/^[A-Za-z0-9_\-\/\.~]*$/', $INPUT['newwebpath']) != 1) {
1108	$WARNINGS[] = str_replace('%var%', 'newwebpath', $LANG['warning_input']);
1109	unset($INPUT['newwebpath']);
1110	}
1111	}
1112
1113	if (isset($_POST['newcookiepath'])) {
1114	$INPUT['newcookiepath'] = $_POST['newcookiepath'];
1115	if (preg_match('/^[A-Za-z0-9_\-\/\.~]*$/', $INPUT['newcookiepath']) != 1) {
1116	$WARNINGS[] = str_replace('%var%', 'newcookiepath', $LANG['warning_input']);
1117	unset($INPUT['newcookiepath']);
1118	}
1119	}
1120
1121	if (isset($_POST['newpolls'])) {
1122	$INPUT['newpolls'] = $_POST['newpolls'];
1123	if (preg_match('/^[0-1]?$/', $INPUT['newpolls']) != 1) {
1124	$WARNINGS[] = str_replace('%var%', 'newpolls', $LANG['warning_input']);
1125	unset($INPUT['newpolls']);
1126	}
1127	}
1128
1129	if (isset($_POST['subscribe'])) {
1130	$INPUT['subscribe'] = $_POST['subscribe'];
1131	if (preg_match('/^[0-1]?$/', $INPUT['subscribe']) != 1) {
1132	$WARNINGS[] = str_replace('%var%', 'subscribe', $LANG['warning_input']);
1133	unset($INPUT['subscribe']);
1134	}
1135	}
1136
1137	if (isset($_POST['newsubscribed']) && is_array($_POST['newsubscribed'])) {
1138	$INPUT['newsubscribed'] = $_POST['newsubscribed'];
1139	foreach ($INPUT['newsubscribed'] as $key=>$val) {
1140	if (preg_match('/^[0-9]+$/', $val) != 1 \|\| preg_match('/^[0-9]+$/', $key) != 1) {
1141	$WARNINGS[] = str_replace('%var%', 'newsubscribed[' . $key . ']', $LANG['warning_input']);
1142	unset($INPUT['newsubscribed'][$key]);
1143	}
1144	}
1145	}
1146
1147	if (isset($_POST['delete']) && is_array($_POST['delete'])) {
1148	$INPUT['delete'] = $_POST['delete'];
1149	foreach ($INPUT['delete'] as $key=>$val) {
1150	if (preg_match('/^[0-9]+$/', $val) != 1 \|\| preg_match('/^[0-9]+$/', $key) != 1) {
1151	$WARNINGS[] = str_replace('%var%', 'delete[' . $key . ']', $LANG['warning_input']);
1152	unset($INPUT['delete'][$key]);
1153	}
1154	}
1155	}
1156
1157	if (isset($_POST['statusorder']) && is_array($_POST['statusorder'])) {
1158	$INPUT['statusorder'] = $_POST['statusorder'];
1159	foreach ($INPUT['statusorder'] as $key=>$val) {
1160	if (preg_match('/^[0-9]+$/', $val) != 1 \|\| preg_match('/^[0-9]+$/', $key) != 1) {
1161	$WARNINGS[] = str_replace('%var%', 'statusorder[' . $key . ']', $LANG['warning_input']);
1162	unset($INPUT['statusorder'][$key]);
1163	}
1164	}
1165	}
1166
1167	if (isset($_POST['newip_logging'])) {
1168	$INPUT['newip_logging'] = $_POST['newip_logging'];
1169	if (preg_match('/^[0-1]?$/', $INPUT['newip_logging']) != 1) {
1170	$WARNINGS[] = str_replace('%var%', 'newip_logging', $LANG['warning_input']);
1171	unset($INPUT['newip_logging']);
1172	}
1173	}
1174
1175	if (isset($_POST['newloginattempts'])) {
1176	$INPUT['newloginattempts'] = $_POST['newloginattempts'];
1177	if (preg_match('/^[0-9]*$/', $INPUT['newloginattempts']) != 1) {
1178	$WARNINGS[] = str_replace('%var%', 'newloginattempts', $LANG['warning_input']);
1179	unset($INPUT['newloginattempts']);
1180	}
1181	}
1182
1183	?>

Note: See TracBrowser for help on using the browser.

root/trunk/includes/input.php

Download in other formats: