diff options
-rw-r--r-- | web/html/passreset.php | 2 | ||||
-rw-r--r-- | web/lib/acctfuncs.inc.php | 2 | ||||
-rw-r--r-- | web/lib/aur.inc.php | 44 | ||||
-rw-r--r-- | web/template/pkg_details.php | 18 | ||||
-rw-r--r-- | web/template/pkgbase_details.php | 18 | ||||
-rw-r--r-- | web/template/tu_details.php | 2 | ||||
-rw-r--r-- | web/template/tu_last_votes_list.php | 4 |
7 files changed, 47 insertions, 43 deletions
diff --git a/web/html/passreset.php b/web/html/passreset.php index 9541021..9d8e1ae 100644 --- a/web/html/passreset.php +++ b/web/html/passreset.php @@ -25,7 +25,7 @@ if (isset($_GET['resetkey'], $_POST['email'], $_POST['password'], $_POST['confir $error = __('Missing a required field.'); } elseif ($password != $confirm) { $error = __('Password fields do not match.'); - } elseif ($uid == NULL || $uid == 'None') { + } elseif ($uid == null) { $error = __('Invalid e-mail.'); } diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php index 51ffec6..a996561 100644 --- a/web/lib/acctfuncs.inc.php +++ b/web/lib/acctfuncs.inc.php @@ -642,7 +642,7 @@ function send_resetkey($email, $subject, $body) { global $AUR_LOCATION; $uid = uid_from_email($email); - if ($uid != NULL && $uid != 'None') { + if ($uid != null) { /* * We (ab)use new_sid() to get a random 32 characters long * string. diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php index 99f5ae4..3368696 100644 --- a/web/lib/aur.inc.php +++ b/web/lib/aur.inc.php @@ -135,20 +135,19 @@ function new_sid() { * * @param string $id User's ID * - * @return string Username if it exists, otherwise "None" + * @return string Username if it exists, otherwise null */ -function username_from_id($id="") { - if (!$id) { - return ""; - } +function username_from_id($id) { + $id = intval($id); + $dbh = DB::connect(); $q = "SELECT Username FROM Users WHERE ID = " . $dbh->quote($id); $result = $dbh->query($q); if (!$result) { - return "None"; + return null; } - $row = $result->fetch(PDO::FETCH_NUM); + $row = $result->fetch(PDO::FETCH_NUM); return $row[0]; } @@ -178,6 +177,17 @@ function username_from_sid($sid="") { } /** + * Format a user name for inclusion in HTML data + * + * @param string $username The user name to format + * + * @return void + */ +function html_format_username($username) { + return $username ? htmlspecialchars($username) : __("None"); +} + +/** * Determine the user's e-mail address in the database using a session ID * * @param string $sid User's session ID @@ -363,20 +373,17 @@ function rm_tree($dirname) { * * @param string $username The username of an account * - * @return string Return user ID if exists for username, otherwise "None" + * @return string Return user ID if exists for username, otherwise null */ -function uid_from_username($username="") { - if (!$username) { - return ""; - } +function uid_from_username($username) { $dbh = DB::connect(); $q = "SELECT ID FROM Users WHERE Username = " . $dbh->quote($username); $result = $dbh->query($q); if (!$result) { - return "None"; + return null; } - $row = $result->fetch(PDO::FETCH_NUM); + $row = $result->fetch(PDO::FETCH_NUM); return $row[0]; } @@ -387,18 +394,15 @@ function uid_from_username($username="") { * * @return string The user's ID */ -function uid_from_email($email="") { - if (!$email) { - return ""; - } +function uid_from_email($email) { $dbh = DB::connect(); $q = "SELECT ID FROM Users WHERE Email = " . $dbh->quote($email); $result = $dbh->query($q); if (!$result) { - return "None"; + return null; } - $row = $result->fetch(PDO::FETCH_NUM); + $row = $result->fetch(PDO::FETCH_NUM); return $row[0]; } diff --git a/web/template/pkg_details.php b/web/template/pkg_details.php index c813e35..6326d4e 100644 --- a/web/template/pkg_details.php +++ b/web/template/pkg_details.php @@ -261,12 +261,12 @@ if ($row["SubmitterUID"]): if ($SID): if (!$USE_VIRTUAL_URLS): ?> - <td><a href="<?= get_uri('/account/'); ?>?Action=AccountInfo&ID=<?= htmlspecialchars($row['SubmitterUID'], ENT_QUOTES) ?>" title="<?= __('View account information for')?> <?= htmlspecialchars($submitter) ?>"><?= htmlspecialchars($submitter) ?></a></td> + <td><a href="<?= get_uri('/account/'); ?>?Action=AccountInfo&ID=<?= htmlspecialchars($row['SubmitterUID'], ENT_QUOTES) ?>" title="<?= __('View account information for')?> <?= html_format_username($submitter) ?>"><?= html_format_username($submitter) ?></a></td> <?php else: ?> - <td><a href="<?= get_uri('/account/') . htmlspecialchars($submitter, ENT_QUOTES) ?>" title="<?= __('View account information for %s', htmlspecialchars($submitter)) ?>"><?= htmlspecialchars($submitter) ?></a></td> + <td><a href="<?= get_uri('/account/') . html_format_username($submitter) ?>" title="<?= __('View account information for %s', html_format_username($submitter)) ?>"><?= html_format_username($submitter) ?></a></td> <?php endif; ?> <?php else: ?> - <td><?= htmlspecialchars($submitter) ?></td> + <td><?= html_format_username($submitter) ?></td> <?php endif; ?> <?php else: ?> <td><?= __('None') ?></td> @@ -279,12 +279,12 @@ if ($row["MaintainerUID"]): if ($SID): if (!$USE_VIRTUAL_URLS): ?> - <td><a href="<?= get_uri('/account/'); ?>?Action=AccountInfo&ID=<?= htmlspecialchars($row['MaintainerUID'], ENT_QUOTES) ?>" title="<?= __('View account information for')?> <?= htmlspecialchars($maintainer) ?>"><?= htmlspecialchars($maintainer) ?></a></td> + <td><a href="<?= get_uri('/account/'); ?>?Action=AccountInfo&ID=<?= htmlspecialchars($row['MaintainerUID'], ENT_QUOTES) ?>" title="<?= __('View account information for')?> <?= html_format_username($maintainer) ?>"><?= html_format_username($maintainer) ?></a></td> <?php else: ?> - <td><a href="<?= get_uri('/account/') . htmlspecialchars($maintainer, ENT_QUOTES) ?>" title="<?= __('View account information for %s', htmlspecialchars($maintainer)) ?>"><?= htmlspecialchars($maintainer) ?></a></td> + <td><a href="<?= get_uri('/account/') . html_format_username($maintainer) ?>" title="<?= __('View account information for %s', html_format_username($maintainer)) ?>"><?= html_format_username($maintainer) ?></a></td> <?php endif; ?> <?php else: ?> - <td><?= htmlspecialchars($maintainer) ?></td> + <td><?= html_format_username($maintainer) ?></td> <?php endif; ?> <?php else: ?> <td><?= __('None') ?></td> @@ -297,12 +297,12 @@ if ($row["PackagerUID"]): if ($SID): if (!$USE_VIRTUAL_URLS): ?> - <td><a href="<?= get_uri('/account/'); ?>?Action=AccountInfo&ID=<?= htmlspecialchars($row['PackagerUID'], ENT_QUOTES) ?>" title="<?= __('View account information for')?> <?= htmlspecialchars($packager) ?>"><?= htmlspecialchars($packager) ?></a></td> + <td><a href="<?= get_uri('/account/'); ?>?Action=AccountInfo&ID=<?= htmlspecialchars($row['PackagerUID'], ENT_QUOTES) ?>" title="<?= __('View account information for')?> <?= html_format_username($packager) ?>"><?= html_format_username($packager) ?></a></td> <?php else: ?> - <td><a href="<?= get_uri('/account/') . htmlspecialchars($packager, ENT_QUOTES) ?>" title="<?= __('View account information for %s', htmlspecialchars($packager)) ?>"><?= htmlspecialchars($packager) ?></a></td> + <td><a href="<?= get_uri('/account/') . html_format_username($packager) ?>" title="<?= __('View account information for %s', html_format_username($packager)) ?>"><?= html_format_username($packager) ?></a></td> <?php endif; ?> <?php else: ?> - <td><?= htmlspecialchars($packager) ?></td> + <td><?= html_format_username($packager) ?></td> <?php endif; ?> <?php else: ?> <td><?= __('None') ?></td> diff --git a/web/template/pkgbase_details.php b/web/template/pkgbase_details.php index da9a962..6c617bf 100644 --- a/web/template/pkgbase_details.php +++ b/web/template/pkgbase_details.php @@ -144,12 +144,12 @@ if ($row["SubmitterUID"]): if ($SID): if (!$USE_VIRTUAL_URLS): ?> - <td><a href="<?= get_uri('/account/'); ?>?Action=AccountInfo&ID=<?= htmlspecialchars($row['SubmitterUID'], ENT_QUOTES) ?>" title="<?= __('View account information for')?> <?= htmlspecialchars($submitter) ?>"><?= htmlspecialchars($submitter) ?></a></td> + <td><a href="<?= get_uri('/account/'); ?>?Action=AccountInfo&ID=<?= htmlspecialchars($row['SubmitterUID'], ENT_QUOTES) ?>" title="<?= __('View account information for')?> <?= html_format_username($submitter) ?>"><?= html_format_username($submitter) ?></a></td> <?php else: ?> - <td><a href="<?= get_uri('/account/') . htmlspecialchars($submitter, ENT_QUOTES) ?>" title="<?= __('View account information for %s', htmlspecialchars($submitter)) ?>"><?= htmlspecialchars($submitter) ?></a></td> + <td><a href="<?= get_uri('/account/') . html_format_username($submitter, ENT_QUOTES) ?>" title="<?= __('View account information for %s', html_format_username($submitter)) ?>"><?= html_format_username($submitter) ?></a></td> <?php endif; ?> <?php else: ?> - <td><?= htmlspecialchars($submitter) ?></td> + <td><?= html_format_username($submitter) ?></td> <?php endif; ?> <?php else: ?> <td><?= __('None') ?></td> @@ -162,12 +162,12 @@ if ($row["MaintainerUID"]): if ($SID): if (!$USE_VIRTUAL_URLS): ?> - <td><a href="<?= get_uri('/account/'); ?>?Action=AccountInfo&ID=<?= htmlspecialchars($row['MaintainerUID'], ENT_QUOTES) ?>" title="<?= __('View account information for')?> <?= htmlspecialchars($maintainer) ?>"><?= htmlspecialchars($maintainer) ?></a></td> + <td><a href="<?= get_uri('/account/'); ?>?Action=AccountInfo&ID=<?= htmlspecialchars($row['MaintainerUID'], ENT_QUOTES) ?>" title="<?= __('View account information for')?> <?= html_format_username($maintainer) ?>"><?= html_format_username($maintainer) ?></a></td> <?php else: ?> - <td><a href="<?= get_uri('/account/') . htmlspecialchars($maintainer, ENT_QUOTES) ?>" title="<?= __('View account information for %s', htmlspecialchars($maintainer)) ?>"><?= htmlspecialchars($maintainer) ?></a></td> + <td><a href="<?= get_uri('/account/') . html_format_username($maintainer) ?>" title="<?= __('View account information for %s', html_format_username($maintainer)) ?>"><?= html_format_username($maintainer) ?></a></td> <?php endif; ?> <?php else: ?> - <td><?= htmlspecialchars($maintainer) ?></td> + <td><?= html_format_username($maintainer) ?></td> <?php endif; ?> <?php else: ?> <td><?= __('None') ?></td> @@ -180,12 +180,12 @@ if ($row["PackagerUID"]): if ($SID): if (!$USE_VIRTUAL_URLS): ?> - <td><a href="<?= get_uri('/account/'); ?>?Action=AccountInfo&ID=<?= htmlspecialchars($row['PackagerUID'], ENT_QUOTES) ?>" title="<?= __('View account information for')?> <?= htmlspecialchars($packager) ?>"><?= htmlspecialchars($packager) ?></a></td> + <td><a href="<?= get_uri('/account/'); ?>?Action=AccountInfo&ID=<?= htmlspecialchars($row['PackagerUID'], ENT_QUOTES) ?>" title="<?= __('View account information for')?> <?= html_format_username($packager) ?>"><?= html_format_username($packager) ?></a></td> <?php else: ?> - <td><a href="<?= get_uri('/account/') . htmlspecialchars($packager, ENT_QUOTES) ?>" title="<?= __('View account information for %s', htmlspecialchars($packager)) ?>"><?= htmlspecialchars($packager) ?></a></td> + <td><a href="<?= get_uri('/account/') . html_format_username($packager) ?>" title="<?= __('View account information for %s', html_format_username($packager)) ?>"><?= html_format_username($packager) ?></a></td> <?php endif; ?> <?php else: ?> - <td><?= htmlspecialchars($packager) ?></td> + <td><?= html_format_username($packager) ?></td> <?php endif; ?> <?php else: ?> <td><?= __('None') ?></td> diff --git a/web/template/tu_details.php b/web/template/tu_details.php index fca1815..38f6c0d 100644 --- a/web/template/tu_details.php +++ b/web/template/tu_details.php @@ -39,7 +39,7 @@ if ($yes > $active_tus / 2) { <?php endif; ?> </strong> <br /> - <?= __("Submitted: %s by %s", gmdate("Y-m-d H:i", $row['Submitted']), username_from_id($row['SubmitterID'])) ?> + <?= __("Submitted: %s by %s", gmdate("Y-m-d H:i", $row['Submitted']), html_format_username(username_from_id($row['SubmitterID']))) ?> <br /> <?= __("End") ?>: <strong><?= gmdate("Y-m-d H:i", $row['End']) ?></strong> diff --git a/web/template/tu_last_votes_list.php b/web/template/tu_last_votes_list.php index 090ce8d..e897a6a 100644 --- a/web/template/tu_last_votes_list.php +++ b/web/template/tu_last_votes_list.php @@ -22,9 +22,9 @@ <tr class="<?= $c ?>"> <td> <?php if (!$USE_VIRTUAL_URLS): ?> - <a href="<?= get_uri('/account/'); ?>?Action=AccountInfo&ID=<?= htmlspecialchars($row['UserID'], ENT_QUOTES) ?>" title="<?= __('View account information for')?> <?= htmlspecialchars($username) ?>"><?= htmlspecialchars($username) ?></a></td> + <a href="<?= get_uri('/account/'); ?>?Action=AccountInfo&ID=<?= htmlspecialchars($row['UserID'], ENT_QUOTES) ?>" title="<?= __('View account information for')?> <?= html_format_username($username) ?>"><?= html_format_username($username) ?></a></td> <?php else: ?> - <a href="<?= get_uri('/account/') . htmlspecialchars($username, ENT_QUOTES) ?>" title="<?= __('View account information for %s', htmlspecialchars($username)) ?>"><?= htmlspecialchars($username) ?></a> + <a href="<?= get_uri('/account/') . html_format_username($username) ?>" title="<?= __('View account information for %s', html_format_username($username)) ?>"><?= html_format_username($username) ?></a> <?php endif; ?> </td> <td> |