summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--web/html/passreset.php2
-rw-r--r--web/lib/acctfuncs.inc.php2
-rw-r--r--web/lib/aur.inc.php44
-rw-r--r--web/template/pkg_details.php18
-rw-r--r--web/template/pkgbase_details.php18
-rw-r--r--web/template/tu_details.php2
-rw-r--r--web/template/tu_last_votes_list.php4
7 files changed, 47 insertions, 43 deletions
diff --git a/web/html/passreset.php b/web/html/passreset.php
index 9541021..9d8e1ae 100644
--- a/web/html/passreset.php
+++ b/web/html/passreset.php
@@ -25,7 +25,7 @@ if (isset($_GET['resetkey'], $_POST['email'], $_POST['password'], $_POST['confir
$error = __('Missing a required field.');
} elseif ($password != $confirm) {
$error = __('Password fields do not match.');
- } elseif ($uid == NULL || $uid == 'None') {
+ } elseif ($uid == null) {
$error = __('Invalid e-mail.');
}
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index 51ffec6..a996561 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -642,7 +642,7 @@ function send_resetkey($email, $subject, $body) {
global $AUR_LOCATION;
$uid = uid_from_email($email);
- if ($uid != NULL && $uid != 'None') {
+ if ($uid != null) {
/*
* We (ab)use new_sid() to get a random 32 characters long
* string.
diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php
index 99f5ae4..3368696 100644
--- a/web/lib/aur.inc.php
+++ b/web/lib/aur.inc.php
@@ -135,20 +135,19 @@ function new_sid() {
*
* @param string $id User's ID
*
- * @return string Username if it exists, otherwise "None"
+ * @return string Username if it exists, otherwise null
*/
-function username_from_id($id="") {
- if (!$id) {
- return "";
- }
+function username_from_id($id) {
+ $id = intval($id);
+
$dbh = DB::connect();
$q = "SELECT Username FROM Users WHERE ID = " . $dbh->quote($id);
$result = $dbh->query($q);
if (!$result) {
- return "None";
+ return null;
}
- $row = $result->fetch(PDO::FETCH_NUM);
+ $row = $result->fetch(PDO::FETCH_NUM);
return $row[0];
}
@@ -178,6 +177,17 @@ function username_from_sid($sid="") {
}
/**
+ * Format a user name for inclusion in HTML data
+ *
+ * @param string $username The user name to format
+ *
+ * @return void
+ */
+function html_format_username($username) {
+ return $username ? htmlspecialchars($username) : __("None");
+}
+
+/**
* Determine the user's e-mail address in the database using a session ID
*
* @param string $sid User's session ID
@@ -363,20 +373,17 @@ function rm_tree($dirname) {
*
* @param string $username The username of an account
*
- * @return string Return user ID if exists for username, otherwise "None"
+ * @return string Return user ID if exists for username, otherwise null
*/
-function uid_from_username($username="") {
- if (!$username) {
- return "";
- }
+function uid_from_username($username) {
$dbh = DB::connect();
$q = "SELECT ID FROM Users WHERE Username = " . $dbh->quote($username);
$result = $dbh->query($q);
if (!$result) {
- return "None";
+ return null;
}
- $row = $result->fetch(PDO::FETCH_NUM);
+ $row = $result->fetch(PDO::FETCH_NUM);
return $row[0];
}
@@ -387,18 +394,15 @@ function uid_from_username($username="") {
*
* @return string The user's ID
*/
-function uid_from_email($email="") {
- if (!$email) {
- return "";
- }
+function uid_from_email($email) {
$dbh = DB::connect();
$q = "SELECT ID FROM Users WHERE Email = " . $dbh->quote($email);
$result = $dbh->query($q);
if (!$result) {
- return "None";
+ return null;
}
- $row = $result->fetch(PDO::FETCH_NUM);
+ $row = $result->fetch(PDO::FETCH_NUM);
return $row[0];
}
diff --git a/web/template/pkg_details.php b/web/template/pkg_details.php
index c813e35..6326d4e 100644
--- a/web/template/pkg_details.php
+++ b/web/template/pkg_details.php
@@ -261,12 +261,12 @@ if ($row["SubmitterUID"]):
if ($SID):
if (!$USE_VIRTUAL_URLS):
?>
- <td><a href="<?= get_uri('/account/'); ?>?Action=AccountInfo&amp;ID=<?= htmlspecialchars($row['SubmitterUID'], ENT_QUOTES) ?>" title="<?= __('View account information for')?> <?= htmlspecialchars($submitter) ?>"><?= htmlspecialchars($submitter) ?></a></td>
+ <td><a href="<?= get_uri('/account/'); ?>?Action=AccountInfo&amp;ID=<?= htmlspecialchars($row['SubmitterUID'], ENT_QUOTES) ?>" title="<?= __('View account information for')?> <?= html_format_username($submitter) ?>"><?= html_format_username($submitter) ?></a></td>
<?php else: ?>
- <td><a href="<?= get_uri('/account/') . htmlspecialchars($submitter, ENT_QUOTES) ?>" title="<?= __('View account information for %s', htmlspecialchars($submitter)) ?>"><?= htmlspecialchars($submitter) ?></a></td>
+ <td><a href="<?= get_uri('/account/') . html_format_username($submitter) ?>" title="<?= __('View account information for %s', html_format_username($submitter)) ?>"><?= html_format_username($submitter) ?></a></td>
<?php endif; ?>
<?php else: ?>
- <td><?= htmlspecialchars($submitter) ?></td>
+ <td><?= html_format_username($submitter) ?></td>
<?php endif; ?>
<?php else: ?>
<td><?= __('None') ?></td>
@@ -279,12 +279,12 @@ if ($row["MaintainerUID"]):
if ($SID):
if (!$USE_VIRTUAL_URLS):
?>
- <td><a href="<?= get_uri('/account/'); ?>?Action=AccountInfo&amp;ID=<?= htmlspecialchars($row['MaintainerUID'], ENT_QUOTES) ?>" title="<?= __('View account information for')?> <?= htmlspecialchars($maintainer) ?>"><?= htmlspecialchars($maintainer) ?></a></td>
+ <td><a href="<?= get_uri('/account/'); ?>?Action=AccountInfo&amp;ID=<?= htmlspecialchars($row['MaintainerUID'], ENT_QUOTES) ?>" title="<?= __('View account information for')?> <?= html_format_username($maintainer) ?>"><?= html_format_username($maintainer) ?></a></td>
<?php else: ?>
- <td><a href="<?= get_uri('/account/') . htmlspecialchars($maintainer, ENT_QUOTES) ?>" title="<?= __('View account information for %s', htmlspecialchars($maintainer)) ?>"><?= htmlspecialchars($maintainer) ?></a></td>
+ <td><a href="<?= get_uri('/account/') . html_format_username($maintainer) ?>" title="<?= __('View account information for %s', html_format_username($maintainer)) ?>"><?= html_format_username($maintainer) ?></a></td>
<?php endif; ?>
<?php else: ?>
- <td><?= htmlspecialchars($maintainer) ?></td>
+ <td><?= html_format_username($maintainer) ?></td>
<?php endif; ?>
<?php else: ?>
<td><?= __('None') ?></td>
@@ -297,12 +297,12 @@ if ($row["PackagerUID"]):
if ($SID):
if (!$USE_VIRTUAL_URLS):
?>
- <td><a href="<?= get_uri('/account/'); ?>?Action=AccountInfo&amp;ID=<?= htmlspecialchars($row['PackagerUID'], ENT_QUOTES) ?>" title="<?= __('View account information for')?> <?= htmlspecialchars($packager) ?>"><?= htmlspecialchars($packager) ?></a></td>
+ <td><a href="<?= get_uri('/account/'); ?>?Action=AccountInfo&amp;ID=<?= htmlspecialchars($row['PackagerUID'], ENT_QUOTES) ?>" title="<?= __('View account information for')?> <?= html_format_username($packager) ?>"><?= html_format_username($packager) ?></a></td>
<?php else: ?>
- <td><a href="<?= get_uri('/account/') . htmlspecialchars($packager, ENT_QUOTES) ?>" title="<?= __('View account information for %s', htmlspecialchars($packager)) ?>"><?= htmlspecialchars($packager) ?></a></td>
+ <td><a href="<?= get_uri('/account/') . html_format_username($packager) ?>" title="<?= __('View account information for %s', html_format_username($packager)) ?>"><?= html_format_username($packager) ?></a></td>
<?php endif; ?>
<?php else: ?>
- <td><?= htmlspecialchars($packager) ?></td>
+ <td><?= html_format_username($packager) ?></td>
<?php endif; ?>
<?php else: ?>
<td><?= __('None') ?></td>
diff --git a/web/template/pkgbase_details.php b/web/template/pkgbase_details.php
index da9a962..6c617bf 100644
--- a/web/template/pkgbase_details.php
+++ b/web/template/pkgbase_details.php
@@ -144,12 +144,12 @@ if ($row["SubmitterUID"]):
if ($SID):
if (!$USE_VIRTUAL_URLS):
?>
- <td><a href="<?= get_uri('/account/'); ?>?Action=AccountInfo&amp;ID=<?= htmlspecialchars($row['SubmitterUID'], ENT_QUOTES) ?>" title="<?= __('View account information for')?> <?= htmlspecialchars($submitter) ?>"><?= htmlspecialchars($submitter) ?></a></td>
+ <td><a href="<?= get_uri('/account/'); ?>?Action=AccountInfo&amp;ID=<?= htmlspecialchars($row['SubmitterUID'], ENT_QUOTES) ?>" title="<?= __('View account information for')?> <?= html_format_username($submitter) ?>"><?= html_format_username($submitter) ?></a></td>
<?php else: ?>
- <td><a href="<?= get_uri('/account/') . htmlspecialchars($submitter, ENT_QUOTES) ?>" title="<?= __('View account information for %s', htmlspecialchars($submitter)) ?>"><?= htmlspecialchars($submitter) ?></a></td>
+ <td><a href="<?= get_uri('/account/') . html_format_username($submitter, ENT_QUOTES) ?>" title="<?= __('View account information for %s', html_format_username($submitter)) ?>"><?= html_format_username($submitter) ?></a></td>
<?php endif; ?>
<?php else: ?>
- <td><?= htmlspecialchars($submitter) ?></td>
+ <td><?= html_format_username($submitter) ?></td>
<?php endif; ?>
<?php else: ?>
<td><?= __('None') ?></td>
@@ -162,12 +162,12 @@ if ($row["MaintainerUID"]):
if ($SID):
if (!$USE_VIRTUAL_URLS):
?>
- <td><a href="<?= get_uri('/account/'); ?>?Action=AccountInfo&amp;ID=<?= htmlspecialchars($row['MaintainerUID'], ENT_QUOTES) ?>" title="<?= __('View account information for')?> <?= htmlspecialchars($maintainer) ?>"><?= htmlspecialchars($maintainer) ?></a></td>
+ <td><a href="<?= get_uri('/account/'); ?>?Action=AccountInfo&amp;ID=<?= htmlspecialchars($row['MaintainerUID'], ENT_QUOTES) ?>" title="<?= __('View account information for')?> <?= html_format_username($maintainer) ?>"><?= html_format_username($maintainer) ?></a></td>
<?php else: ?>
- <td><a href="<?= get_uri('/account/') . htmlspecialchars($maintainer, ENT_QUOTES) ?>" title="<?= __('View account information for %s', htmlspecialchars($maintainer)) ?>"><?= htmlspecialchars($maintainer) ?></a></td>
+ <td><a href="<?= get_uri('/account/') . html_format_username($maintainer) ?>" title="<?= __('View account information for %s', html_format_username($maintainer)) ?>"><?= html_format_username($maintainer) ?></a></td>
<?php endif; ?>
<?php else: ?>
- <td><?= htmlspecialchars($maintainer) ?></td>
+ <td><?= html_format_username($maintainer) ?></td>
<?php endif; ?>
<?php else: ?>
<td><?= __('None') ?></td>
@@ -180,12 +180,12 @@ if ($row["PackagerUID"]):
if ($SID):
if (!$USE_VIRTUAL_URLS):
?>
- <td><a href="<?= get_uri('/account/'); ?>?Action=AccountInfo&amp;ID=<?= htmlspecialchars($row['PackagerUID'], ENT_QUOTES) ?>" title="<?= __('View account information for')?> <?= htmlspecialchars($packager) ?>"><?= htmlspecialchars($packager) ?></a></td>
+ <td><a href="<?= get_uri('/account/'); ?>?Action=AccountInfo&amp;ID=<?= htmlspecialchars($row['PackagerUID'], ENT_QUOTES) ?>" title="<?= __('View account information for')?> <?= html_format_username($packager) ?>"><?= html_format_username($packager) ?></a></td>
<?php else: ?>
- <td><a href="<?= get_uri('/account/') . htmlspecialchars($packager, ENT_QUOTES) ?>" title="<?= __('View account information for %s', htmlspecialchars($packager)) ?>"><?= htmlspecialchars($packager) ?></a></td>
+ <td><a href="<?= get_uri('/account/') . html_format_username($packager) ?>" title="<?= __('View account information for %s', html_format_username($packager)) ?>"><?= html_format_username($packager) ?></a></td>
<?php endif; ?>
<?php else: ?>
- <td><?= htmlspecialchars($packager) ?></td>
+ <td><?= html_format_username($packager) ?></td>
<?php endif; ?>
<?php else: ?>
<td><?= __('None') ?></td>
diff --git a/web/template/tu_details.php b/web/template/tu_details.php
index fca1815..38f6c0d 100644
--- a/web/template/tu_details.php
+++ b/web/template/tu_details.php
@@ -39,7 +39,7 @@ if ($yes > $active_tus / 2) {
<?php endif; ?>
</strong>
<br />
- <?= __("Submitted: %s by %s", gmdate("Y-m-d H:i", $row['Submitted']), username_from_id($row['SubmitterID'])) ?>
+ <?= __("Submitted: %s by %s", gmdate("Y-m-d H:i", $row['Submitted']), html_format_username(username_from_id($row['SubmitterID']))) ?>
<br />
<?= __("End") ?>:
<strong><?= gmdate("Y-m-d H:i", $row['End']) ?></strong>
diff --git a/web/template/tu_last_votes_list.php b/web/template/tu_last_votes_list.php
index 090ce8d..e897a6a 100644
--- a/web/template/tu_last_votes_list.php
+++ b/web/template/tu_last_votes_list.php
@@ -22,9 +22,9 @@
<tr class="<?= $c ?>">
<td>
<?php if (!$USE_VIRTUAL_URLS): ?>
- <a href="<?= get_uri('/account/'); ?>?Action=AccountInfo&amp;ID=<?= htmlspecialchars($row['UserID'], ENT_QUOTES) ?>" title="<?= __('View account information for')?> <?= htmlspecialchars($username) ?>"><?= htmlspecialchars($username) ?></a></td>
+ <a href="<?= get_uri('/account/'); ?>?Action=AccountInfo&amp;ID=<?= htmlspecialchars($row['UserID'], ENT_QUOTES) ?>" title="<?= __('View account information for')?> <?= html_format_username($username) ?>"><?= html_format_username($username) ?></a></td>
<?php else: ?>
- <a href="<?= get_uri('/account/') . htmlspecialchars($username, ENT_QUOTES) ?>" title="<?= __('View account information for %s', htmlspecialchars($username)) ?>"><?= htmlspecialchars($username) ?></a>
+ <a href="<?= get_uri('/account/') . html_format_username($username) ?>" title="<?= __('View account information for %s', html_format_username($username)) ?>"><?= html_format_username($username) ?></a>
<?php endif; ?>
</td>
<td>