Merge pull request #573 from marc1706/ticket/571

[ticket/571] Intval more variables and fix validation issues

acp/portal_module.php

@@ -470,7 +470,7 @@ class portal_module
 
 						$sql = 'SELECT module_order
 							FROM ' . PORTAL_MODULES_TABLE . '
-							WHERE module_column = ' . $add_column . '
+							WHERE module_column = ' . (int) $add_column . '
 							ORDER BY module_order DESC';
 						$result = $this->db->sql_query_limit($sql, 1);
 						$module_order = 1 + (int) $this->db->sql_fetchfield('module_order');

adm/style/portal/acp_portal_calendar.html

@@ -80,7 +80,7 @@
 	</form>
 
 <!-- ELSE -->
-	<form id="acp_portal_calendar" method="post" action="{U_ACTION}">
+	<form id="acp_portal_calendar" method="post" action="{B3P_U_ACTION}">
 	<!-- IF SHOW_MODULE_OPTIONS -->
 	<fieldset>
 		<legend>{L_MODULE_OPTIONS}</legend>
@@ -149,47 +149,47 @@
 	</fieldset>
 
 	<fieldset>
-	<legend>{L_ACP_PORTAL_EVENTS}</legend>
-	<fieldset class="tabulated">
+		<legend>{L_ACP_PORTAL_EVENTS}</legend>
+		<fieldset class="tabulated">
 
-	<p class="quick">
-		<input class="button2" name="add" type="submit" value="{L_ADD_EVENT}" />
-	</p>
+		<p class="quick">
+			<input class="button2" name="add" type="submit" value="{L_ADD_EVENT}" />
+		</p>
 
-	<table cellspacing="1">
-	<thead>
-	<tr>
-		<th>{L_EVENT_TITLE}</th>
-		<th>{L_EVENT_DESC}</th>
-		<th>{L_EVENT_TIME}</th>
-		<th>{L_EVENT_LINK}</th>
-		<th>{L_ACTION}</th>
-	</tr>
-	</thead>
-	<tbody>
-	<!-- BEGIN events -->
-		<!-- IF events.S_ROW_COUNT is even --><tr class="row1"><!-- ELSE --><tr class="row2"><!-- ENDIF -->
-		<td style="text-align: center;">{events.EVENT_TITLE}</td>
-		<td style="text-align: center;">{events.EVENT_DESC}</td>
-		<td style="text-align: center;"><!-- IF events.EVENT_END -->{L_EVENT_START}{L_COLON}&nbsp;{events.EVENT_START}&nbsp;&#124;&nbsp;{L_EVENT_END}{L_COLON}&nbsp;{events.EVENT_END}<!-- ELSE -->{L_EVENT_TIME}{L_COLON}&nbsp;{events.EVENT_START}<!-- IF events.EVENT_ALL_DAY -->&nbsp;&#124;&nbsp;{L_EVENT_ALL_DAY}<!-- ENDIF --><!-- ENDIF --></td>
-		<td style="text-align: center;"><a href="{events.EVENT_URL}" alt="{events.EVENT_TITLE}">{events.EVENT_URL_RAW}</td>
-		<td style="text-align: center;">
-			<a href="{events.U_EDIT}">{ICON_EDIT}</a> <a href="{events.U_DELETE}">{ICON_DELETE}</a>
-		</td>
-	</tr>
-	<!-- BEGINELSE -->
-	<tr class="row1">
-		<td style="text-align: center;" colspan="5">{L_NO_EVENTS}</td>
-	</tr>
-	<!-- END events -->
-	</tbody>
-	</table>
-	<p class="submit-buttons">
-		<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
-		<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
-	</p>
-	{S_FORM_TOKEN}
-	</fieldset>
+		<table style="cellspacing: 1;">
+		<thead>
+		<tr>
+			<th>{L_EVENT_TITLE}</th>
+			<th>{L_EVENT_DESC}</th>
+			<th>{L_EVENT_TIME}</th>
+			<th>{L_EVENT_LINK}</th>
+			<th>{L_ACTION}</th>
+		</tr>
+		</thead>
+		<tbody>
+		<!-- BEGIN events -->
+			<!-- IF events.S_ROW_COUNT is even --><tr class="row1"><!-- ELSE --><tr class="row2"><!-- ENDIF -->
+			<td style="text-align: center;">{events.EVENT_TITLE}</td>
+			<td style="text-align: center;">{events.EVENT_DESC}</td>
+			<td style="text-align: center;"><!-- IF events.EVENT_END -->{L_EVENT_START}{L_COLON}&nbsp;{events.EVENT_START}&nbsp;&#124;&nbsp;{L_EVENT_END}{L_COLON}&nbsp;{events.EVENT_END}<!-- ELSE -->{L_EVENT_TIME}{L_COLON}&nbsp;{events.EVENT_START}<!-- IF events.EVENT_ALL_DAY -->&nbsp;&#124;&nbsp;{L_EVENT_ALL_DAY}<!-- ENDIF --><!-- ENDIF --></td>
+			<td style="text-align: center;"><a href="{events.EVENT_URL}" alt="{events.EVENT_TITLE}">{events.EVENT_URL_RAW}</td>
+			<td style="text-align: center;">
+				<a href="{events.U_EDIT}">{ICON_EDIT}</a> <a href="{events.U_DELETE}">{ICON_DELETE}</a>
+			</td>
+		</tr>
+		<!-- BEGINELSE -->
+		<tr class="row1">
+			<td style="text-align: center;" colspan="5">{L_NO_EVENTS}</td>
+		</tr>
+		<!-- END events -->
+		</tbody>
+		</table>
+		<p class="submit-buttons">
+			<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
+			<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
+		</p>
+		{S_FORM_TOKEN}
+		</fieldset>
 	</fieldset>
 	</form>
 

adm/style/portal/acp_portal_links.html

@@ -64,7 +64,7 @@
 	</form>
 
 <!-- ELSE -->
-	<form id="acp_portal_links" method="post" action="{U_ACTION}">
+	<form id="acp_portal_links" method="post" action="{B3P_U_ACTION}">
 	<!-- IF SHOW_MODULE_OPTIONS -->
 	<fieldset>
 		<legend>{L_MODULE_OPTIONS}</legend>
@@ -139,7 +139,7 @@
 		<input class="button2" name="add" type="submit" value="{L_ACP_PORTAL_LINK_ADD}" />
 	</p>
 
-	<table cellspacing="1">
+	<table style="cellspacing: 1;">
 	<thead>
 	<tr>
 		<th>{L_ACP_PORTAL_LINK_TITLE}</th>

adm/style/portal/acp_portal_menu.html

@@ -71,7 +71,7 @@
 	</form>
 
 <!-- ELSE -->
-	<form id="acp_portal_links" method="post" action="{U_ACTION}">
+	<form id="acp_portal_links" method="post" action="{B3P_U_ACTION}">
 	<!-- IF SHOW_MODULE_OPTIONS -->
 	<fieldset>
 		<legend>{L_MODULE_OPTIONS}</legend>
@@ -146,7 +146,7 @@
 		<input class="button2" name="add" type="submit" value="{L_ACP_PORTAL_MENU_ADD}" />
 	</p>
 
-	<table cellspacing="1">
+	<table style="cellspacing: 1;">
 	<thead>
 	<tr>
 		<th>{L_ACP_PORTAL_MENU_TITLE}</th>

controller/helper.php

@@ -114,7 +114,7 @@ class helper
 	*/
 	protected function check_permission()
 	{
-		if (!isset($this->config['board3_enable']) || !$this->config['board3_enable'] || !$this->auth->acl_get('u_view_portal'))
+		if (empty($this->config['board3_enable']) || !$this->auth->acl_get('u_view_portal'))
 		{
 			redirect(append_sid($this->phpbb_root_path . 'index' . $this->php_ext));
 		}
@@ -173,7 +173,9 @@ class helper
 	}
 
 	/**
-	* Check if user is in required groups
+	* Check if user is in required groups.
+	* If the group_ary is empty, this means that there are no limitation on
+	* which groups can see this module.
 	*
 	* @param array $row Module row
 	*

ext.php

@@ -1,16 +0,0 @@
-<?php
-/**
-*
-* @package Board3 Portal v2.1
-* @copyright (c) 2014 Board3 Group ( www.board3.de )
-* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
-*
-*/
-
-// This file is needed for phpBB3 to properly register the extension
-
-namespace board3\portal;
-
-class ext extends \phpbb\extension\base
-{
-}

includes/functions.php

@@ -312,9 +312,9 @@ function get_portal_tracking_info($fetch_news)
 			$mark_time = array();
 
 			$sql = 'SELECT topic_id, mark_time
-				FROM ' . TOPICS_TRACK_TABLE . "
-				WHERE user_id = {$user->data['user_id']}
-					AND " . $db->sql_in_set('topic_id', $current_forum);
+				FROM ' . TOPICS_TRACK_TABLE . '
+				WHERE user_id =  ' . (int) $user->data['user_id'] . '
+					AND ' . $db->sql_in_set('topic_id', $current_forum);
 			$result = $db->sql_query($sql);
 
 			while ($row = $db->sql_fetchrow($result))
@@ -328,9 +328,9 @@ function get_portal_tracking_info($fetch_news)
 			if (sizeof($topic_ids))
 			{
 				$sql = 'SELECT forum_id, mark_time
-					FROM ' . FORUMS_TRACK_TABLE . "
-					WHERE user_id = {$user->data['user_id']}
-						AND " . $db->sql_in_set('forum_id', $forum_ids);
+					FROM ' . FORUMS_TRACK_TABLE . '
+					WHERE user_id =  ' . (int) $user->data['user_id'] . '
+						AND ' . $db->sql_in_set('forum_id', $forum_ids);
 				$result = $db->sql_query($sql);
 
 				while ($row = $db->sql_fetchrow($result))
@@ -339,10 +339,10 @@ function get_portal_tracking_info($fetch_news)
 				}
 				$db->sql_freeresult($result);
 
-				// @todo: do not use $current_forum here as this is already used by the outside foreach
-				foreach ($forum_ids as $current_forum)
+				// Set user last mark time
+				foreach ($forum_ids as $current_forum_id)
 				{
-					$user_lastmark[$current_forum] = (isset($mark_time[$current_forum])) ? $mark_time[$current_forum] : $user->data['user_lastmark'];
+					$user_lastmark[$current_forum_id] = (isset($mark_time[$current_forum_id])) ? $mark_time[$current_forum_id] : $user->data['user_lastmark'];
 				}
 
 				// @todo: also check if $user_lastmark has been defined for this specific forum_id

migrations/v210_beta1.php

@@ -180,7 +180,8 @@ class v210_beta1 extends \phpbb\db\migration\migration
 	{
 		if ($this->db_tools->sql_table_exists($this->table_prefix . 'portal_config'))
 		{
-			$sql = 'SELECT * FROM ' . $this->table_prefix . 'portal_config';
+			$sql = 'SELECT *
+				FROM ' . $this->table_prefix . 'portal_config';
 			$result = $this->db->sql_query_limit($sql, 1);
 			$row = $this->db->sql_fetchrow($result);
 			$this->db->sql_freeresult($result);
@@ -198,7 +199,8 @@ class v210_beta1 extends \phpbb\db\migration\migration
 		$in_ary = array('GUESTS', 'REGISTERED', 'REGISTERED_COPPA');
 		$groups_ary = array();
 
-		$sql = 'SELECT group_id, group_name FROM ' . $this->table_prefix . 'groups
+		$sql = 'SELECT group_id, group_name
+			FROM ' . $this->table_prefix . 'groups
 			WHERE ' . $this->db->sql_in_set('group_name', $in_ary);
 		$result = $this->db->sql_query($sql);
 		while ($row = $this->db->sql_fetchrow($result))

modules/calendar.php

@@ -313,8 +313,8 @@ class calendar extends module_base
 							$this->template->assign_block_vars('minical.cur_events', array(
 								'EVENT_URL'		=> (isset($cur_event['url']) && $cur_event['url'] != '') ? $this->validate_url($cur_event['url']) : '',
 								'EVENT_TITLE'	=> $cur_event['title'],
-								'START_TIME'	=> $this->user->format_date($cur_event['start_time'], 'j. M Y, H:i'),
-								'END_TIME'		=> (!empty($cur_event['end_time'])) ? $this->user->format_date($cur_event['end_time'], 'j. M Y, H:i') : false,
+								'START_TIME'	=> $this->user->format_date($cur_event['start_time']),
+								'END_TIME'		=> (!empty($cur_event['end_time'])) ? $this->user->format_date($cur_event['end_time']) : false,
 								'EVENT_DESC'	=> (isset($cur_event['desc']) && $cur_event['desc'] != '') ? $cur_event['desc'] : '',
 								'ALL_DAY'	=> ($cur_event['all_day']) ? true : false,
 								'MODULE_ID'		=> $module_id,
@@ -326,8 +326,8 @@ class calendar extends module_base
 							$this->template->assign_block_vars('minical.upcoming_events', array(
 								'EVENT_URL'		=> (isset($cur_event['url']) && $cur_event['url'] != '') ? $this->validate_url($cur_event['url']) : '',
 								'EVENT_TITLE'	=> $cur_event['title'],
-								'START_TIME'	=> $this->user->format_date($cur_event['start_time'], 'j. M Y, H:i'),
-								'END_TIME'		=> (!$cur_event['all_day']) ? $this->user->format_date($cur_event['end_time'], 'j. M Y, H:i') : '',
+								'START_TIME'	=> $this->user->format_date($cur_event['start_time']),
+								'END_TIME'		=> (!$cur_event['all_day']) ? $this->user->format_date($cur_event['end_time']) : '',
 								'EVENT_DESC'	=> (isset($cur_event['desc']) && $cur_event['desc'] != '') ? $cur_event['desc'] : '',
 								'ALL_DAY'	=> (($cur_event['start_time'] - $cur_event['end_time']) == 1) ? true : false,
 								'MODULE_ID'		=> $module_id,
@@ -426,7 +426,7 @@ class calendar extends module_base
 		$events = (strlen($portal_config['board3_calendar_events_' . $module_id]) >= 1) ? json_decode($portal_config['board3_calendar_events_' . $module_id], true) : array();
 
 		// append_sid() adds adm/ already, no need to add it here
-		$u_action = append_sid('index.' . $this->php_ext, 'i=\board3\portal\acp\portal_module&mode=config&module_id=' . $module_id);
+		$u_action = append_sid('index.' . $this->php_ext, 'i=-board3-portal-acp-portal_module&mode=config&module_id=' . $module_id);
 
 		switch ($action)
 		{
@@ -613,17 +613,12 @@ class calendar extends module_base
 		for ($i = 0; $i < sizeof($events); $i++)
 		{
 			$event_all_day = ($events[$i]['all_day'] == true) ? true : false;
-			$start_time_format = (!intval($this->user->format_date($events[$i]['start_time'], 'H')) && !intval($this->user->format_date($events[$i]['start_time'], 'i'))) ? 'j. M Y' : 'j. M Y, H:i';
-			if (!empty($events[$i]['end_time']))
-			{
-				$end_time_format = (!intval($this->user->format_date($events[$i]['end_time'], 'H')) && !intval($this->user->format_date($events[$i]['end_time'], 'i'))) ? 'j. M Y' : 'j. M Y, H:i';
-			}
 
 			$this->template->assign_block_vars('events', array(
 				'EVENT_TITLE'	=> ($action != 'add') ? ((isset($this->user->lang[$events[$i]['title']])) ? $this->user->lang[$events[$i]['title']] : $events[$i]['title']) : '',
 				'EVENT_DESC'	=> ($action != 'add') ? $events[$i]['desc'] : '',
-				'EVENT_START'	=> ($action != 'add') ? $this->user->format_date($events[$i]['start_time'], $start_time_format) : '',
-				'EVENT_END'		=> ($action != 'add' && !$event_all_day && !empty($end_time_format)) ? $this->user->format_date($events[$i]['end_time'], $end_time_format) : '',
+				'EVENT_START'	=> ($action != 'add') ? $this->user->format_date($events[$i]['start_time']) : '',
+				'EVENT_END'		=> ($action != 'add' && !$event_all_day && !empty($end_time_format)) ? $this->user->format_date($events[$i]['end_time']) : '',
 				'EVENT_URL'		=> ($action != 'add' && isset($events[$i]['url']) && !empty($events[$i]['url'])) ? $this->validate_url($events[$i]['url']) : '',
 				'EVENT_URL_RAW'	=> ($action != 'add' && isset($events[$i]['url']) && !empty($events[$i]['url'])) ? $events[$i]['url'] : '',
 				'U_EDIT'		=> $u_action . '&amp;action=edit&amp;id=' . $i,

modules/custom.php

@@ -187,7 +187,7 @@ class custom extends module_base
 
 		$portal_config = obtain_portal_config();
 
-		$u_action = append_sid('index.' . $this->php_ext, 'i=\board3\portal\acp\portal_module&mode=config&module_id=' . $module_id);
+		$u_action = append_sid('index.' . $this->php_ext, 'i=-board3-portal-acp-portal_module&mode=config&module_id=' . $module_id);
 
 		switch ($action)
 		{

modules/links.php

@@ -249,7 +249,7 @@ class links extends module_base
 
 		$links = json_decode($portal_config['board3_links_array_' . $module_id], true);
 
-		$u_action = append_sid('index.' . $this->php_ext, 'i=\board3\portal\acp\portal_module&mode=config&module_id=' . $module_id);
+		$u_action = append_sid('index.' . $this->php_ext, 'i=-board3-portal-acp-portal_module&mode=config&module_id=' . $module_id);
 
 		switch ($action)
 		{

modules/main_menu.php

@@ -304,7 +304,7 @@ class main_menu extends module_base
 
 		$links = json_decode($portal_config['board3_menu_array_' . $module_id], true);
 
-		$u_action = append_sid('index.' . $this->php_ext, 'i=%5Cboard3%5Cportal%5Cacp%5Cportal_module&mode=config&module_id=' . $module_id);
+		$u_action = append_sid('index.' . $this->php_ext, 'i=-board3-portal-acp-portal_module&mode=config&module_id=' . $module_id);
 
 		switch ($action)
 		{

modules/poll.php

@@ -199,8 +199,8 @@ class poll extends module_base
 			{
 				$sql = 'SELECT poll_option_id
 					FROM ' . POLL_VOTES_TABLE . '
-					WHERE topic_id = ' . $up_topic_id . '
-						AND vote_user_id = ' . $this->user->data['user_id'];
+					WHERE topic_id = ' . (int) $up_topic_id . '
+						AND vote_user_id = ' . (int) $this->user->data['user_id'];
 				$result = $this->db->sql_query($sql);
 
 				while ($row = $this->db->sql_fetchrow($result))
@@ -222,8 +222,10 @@ class poll extends module_base
 			}
 
 			$sql = 'SELECT t.poll_length, t.poll_start, t.poll_vote_change, t.topic_status, f.forum_status, t.poll_max_options
-					FROM ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . " f
-					WHERE t.forum_id = f.forum_id AND t.topic_id = " . (int) $up_topic_id . " AND t.forum_id = " . (int) $up_forum_id;
+				FROM ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . " f
+				WHERE t.forum_id = f.forum_id
+					AND t.topic_id = " . (int) $up_topic_id . "
+					AND t.forum_id = " . (int) $up_forum_id;
 			$result = $this->db->sql_query_limit($sql, 1);
 			$topic_data = $this->db->sql_fetchrow($result);
 			$this->db->sql_freeresult($result);
@@ -312,8 +314,8 @@ class poll extends module_base
 				}
 
 				$sql = 'UPDATE ' . TOPICS_TABLE . '
-					SET poll_last_vote = ' . time() . "
-					WHERE topic_id = $up_topic_id";
+					SET poll_last_vote = ' . time() . '
+					WHERE topic_id = ' . (int) $up_topic_id;
 				//, topic_last_post_time = ' . time() . " -- for bumping topics with new votes, ignore for now
 				$this->db->sql_query($sql);
 
@@ -351,7 +353,7 @@ class poll extends module_base
 
 		if ($this->config['board3_poll_hide_' . $module_id])
 		{
-			$portal_poll_hide = "AND (t.poll_start + t.poll_length > ". time() ." OR t.poll_length = 0)";
+			$portal_poll_hide = 'AND (t.poll_start + t.poll_length > ' . time() . ' OR t.poll_length = 0)';
 		}
 		else
 		{
@@ -362,13 +364,15 @@ class poll extends module_base
 		{
 
 			$sql = 'SELECT t.poll_title, t.poll_start, t.topic_id,  t.topic_first_post_id, t.forum_id, t.poll_length, t.poll_vote_change, t.poll_max_options, t.topic_status, f.forum_status, p.bbcode_bitfield, p.bbcode_uid
-					FROM ' . TOPICS_TABLE . ' t, ' . POSTS_TABLE . ' p, ' . FORUMS_TABLE . " f
-					WHERE t.forum_id = f.forum_id AND t.topic_visibility = 1 AND t.poll_start > 0
+				FROM ' . TOPICS_TABLE . ' t, ' . POSTS_TABLE . ' p, ' . FORUMS_TABLE . " f
+				WHERE t.forum_id = f.forum_id
+					AND t.topic_visibility = 1
+					AND t.poll_start > 0
 					{$where}
 					AND t.topic_moved_id = 0
 					AND p.post_id = t.topic_first_post_id
 					{$portal_poll_hide}
-					ORDER BY t.poll_start DESC";
+				ORDER BY t.poll_start DESC";
 			$limit = (isset($this->config['board3_poll_limit_' . $module_id])) ? $this->config['board3_poll_limit_' . $module_id] : 3;
 			$result = $this->db->sql_query_limit($sql, $limit);
 			$has_poll = false;
@@ -390,8 +394,8 @@ class poll extends module_base
 						{
 							$vote_sql = 'SELECT poll_option_id
 								FROM ' . POLL_VOTES_TABLE . '
-								WHERE topic_id = ' . $topic_id . '
-									AND vote_user_id = ' . $this->user->data['user_id'];
+								WHERE topic_id = ' . (int) $topic_id . '
+									AND vote_user_id = ' . (int) $this->user->data['user_id'];
 							$vote_result = $this->db->sql_query($vote_sql);
 
 							while ($row = $this->db->sql_fetchrow($vote_result))
@@ -426,9 +430,9 @@ class poll extends module_base
 					$s_display_results = (!$s_can_vote || ($s_can_vote && sizeof($cur_voted_id)) || ($view == 'viewpoll' && in_array($topic_id, $poll_view_ar))) ? true : false;
 
 					$poll_sql = 'SELECT po.poll_option_id, po.poll_option_text, po.poll_option_total
-						FROM ' . POLL_OPTIONS_TABLE . " po
-						WHERE po.topic_id = {$topic_id}
-						ORDER BY po.poll_option_id";
+						FROM ' . POLL_OPTIONS_TABLE . ' po
+						WHERE po.topic_id = ' . (int) $topic_id .'
+						ORDER BY po.poll_option_id';
 
 					$poll_result = $this->db->sql_query($poll_sql);
 					$poll_total_votes = 0;
@@ -483,7 +487,7 @@ class poll extends module_base
 					$this->template->assign_block_vars(($type !== '') ? 'poll_' . $type : 'poll', array(
 						'S_POLL_HAS_OPTIONS'	=> $poll_has_options,
 						'POLL_QUESTION'			=> $data['poll_title'],
-						'U_POLL_TOPIC'			=> append_sid($this->phpbb_root_path . 'viewtopic.' . $this->php_ext . '?t=' . $topic_id . '&f=' . $forum_id),
+						'U_POLL_TOPIC'			=> append_sid($this->phpbb_root_path . 'viewtopic.' . $this->php_ext, 't=' . $topic_id . '&f=' . $forum_id),
 						'POLL_LENGTH'			=> $data['poll_length'],
 						'TOPIC_ID'				=> $topic_id,
 						'TOTAL_VOTES'			=> $poll_total_votes,

modules/random_member.php

@@ -127,7 +127,7 @@ class random_member extends module_base
 
 			'USER_POSTS'	=> (int) $row['user_posts'],
 			'AVATAR_IMG'	=> $avatar_img,
-			'JOINED'		=> $this->user->format_date($row['user_regdate'], 'd.M.Y'),
+			'JOINED'		=> $this->user->format_date($row['user_regdate']),
 //			'USER_OCC'		=> censor_text($row['user_occ']),
 //			'USER_FROM'		=> censor_text($row['user_from']),
 //			'U_WWW'			=> censor_text($row['user_website']),

modules/user_menu.php

@@ -127,7 +127,7 @@ class user_menu extends module_base
 
 			$sql = 'SELECT COUNT(DISTINCT t.topic_id) as total
 						FROM ' . TOPICS_TABLE . ' t
-						WHERE t.topic_last_post_time > ' . $this->user->data['user_lastvisit'] . '
+						WHERE t.topic_last_post_time > ' . (int) $this->user->data['user_lastvisit'] . '
 							AND t.topic_moved_id = 0
 							' . str_replace(array('p.', 'post_'), array('t.', 'topic_'), $m_approve_fid_sql) . '
 							' . ((sizeof($ex_fid_ary)) ? 'AND ' . $this->db->sql_in_set('t.forum_id', $ex_fid_ary, true) : '');

modules/welcome.php

@@ -171,7 +171,7 @@ class welcome extends module_base
 
 		$portal_config = obtain_portal_config();
 
-		$u_action = append_sid('index.' . $this->php_ext, 'i=\board3\portal\acp\portal_module&mode=config&module_id=' . $module_id);
+		$u_action = append_sid('index.' . $this->php_ext, 'i=-board3-portal-acp-portal_module&mode=config&module_id=' . $module_id);
 
 		switch($action)
 		{

modules/whois_online.php

@@ -112,11 +112,11 @@ class whois_online extends module_base
 				LEFT JOIN ' . USER_GROUP_TABLE . ' ug
 					ON (
 						g.group_id = ug.group_id
-						AND ug.user_id = ' . $this->user->data['user_id'] . '
+						AND ug.user_id = ' . (int) $this->user->data['user_id'] . '
 						AND ug.user_pending = 0
 					)
 				WHERE g.group_legend > 0
-					AND (g.group_type <> ' . GROUP_HIDDEN . ' OR ug.user_id = ' . $this->user->data['user_id'] . ')
+					AND (g.group_type <> ' . GROUP_HIDDEN . ' OR ug.user_id = ' . (int) $this->user->data['user_id'] . ')
 				ORDER BY g.' . $order_legend . ' ASC';
 		}
 		$result = $this->db->sql_query($sql);

portal/modules/database_handler.php

@@ -97,6 +97,9 @@ class database_handler
 	 */
 	public function move_module_vertical($module_id, $module_data, $direction, $step = 1)
 	{
+		$direction = (int) $direction;
+		$step = (int) $step;
+
 		if ($direction == self::MOVE_DIRECTION_DOWN)
 		{
 			$current_increment = ' + ' . $step;
@@ -110,7 +113,7 @@ class database_handler
 
 		$sql = 'UPDATE ' . PORTAL_MODULES_TABLE . '
 				SET module_order = module_order' . $other_increment . '
-				WHERE module_order = ' . (int) ($module_data['module_order'] + ($direction * $step)) . '
+				WHERE module_order = ' . ($module_data['module_order'] + ($direction * $step)) . '
 					AND module_column = ' . (int) $module_data['module_column'];
 		$this->db->sql_query($sql);
 		$updated = (bool) $this->db->sql_affectedrows();
@@ -136,20 +139,20 @@ class database_handler
 	{
 		$sql = 'UPDATE ' . PORTAL_MODULES_TABLE . '
 				SET module_order = module_order + 1
-				WHERE module_order >= ' . $module_data['module_order'] . '
-					AND module_column = ' . ($module_data['module_column'] + $move_action);
+				WHERE module_order >= ' . (int) $module_data['module_order'] . '
+					AND module_column = ' . (int) ($module_data['module_column'] + $move_action);
 		$this->db->sql_query($sql);
 		$updated = $this->db->sql_affectedrows();
 
 		$sql = 'UPDATE ' . PORTAL_MODULES_TABLE . '
-				SET module_column = ' . ($module_data['module_column'] + $move_action) . '
+				SET module_column = ' . (int) ($module_data['module_column'] + $move_action) . '
 				WHERE module_id = ' . (int) $module_id;
 		$this->db->sql_query($sql);
 
 		$sql = 'UPDATE ' . PORTAL_MODULES_TABLE . '
 				SET module_order = module_order - 1
-				WHERE module_order >= ' . $module_data['module_order'] . '
-				AND module_column = ' . $module_data['module_column'];
+				WHERE module_order >= ' . (int) $module_data['module_order'] . '
+				AND module_column = ' . (int) $module_data['module_column'];
 		$this->db->sql_query($sql);
 
 		// the module that needs to moved is in the last row
@@ -157,13 +160,13 @@ class database_handler
 		{
 			$sql = 'SELECT MAX(module_order) as new_order
 						FROM ' . PORTAL_MODULES_TABLE . '
-						WHERE module_order < ' . $module_data['module_order'] . '
+						WHERE module_order < ' . (int) $module_data['module_order'] . '
 						AND module_column = ' . (int) ($module_data['module_column'] + $move_action);
 			$this->db->sql_query($sql);
 			$new_order = $this->db->sql_fetchfield('new_order') + 1;
 
 			$sql = 'UPDATE ' . PORTAL_MODULES_TABLE . '
-					SET module_order = ' . $new_order . '
+					SET module_order = ' . (int) $new_order . '
 					WHERE module_id = ' . (int) $module_id;
 			$this->db->sql_query($sql);
 		}

portal/modules/manager.php

@@ -348,8 +348,8 @@ class manager
 
 				$sql = 'UPDATE ' . PORTAL_MODULES_TABLE . '
 					SET module_order = module_order - 1
-					WHERE module_column = ' . $module_data['module_column'] . '
-						AND module_order > ' . $module_data['module_order'];
+					WHERE module_column = ' . (int) $module_data['module_column'] . '
+						AND module_order > ' . (int) $module_data['module_order'];
 				$this->db->sql_query($sql);
 
 				$this->cache->purge(); // make sure we don't get errors after re-adding a module
@@ -393,6 +393,6 @@ class manager
 	 */
 	public function get_module_link($mode, $module_id)
 	{
-		return preg_replace(array('/i=[0-9]+/', '/mode=[a-zA-Z0-9_]+/'), array('i=%5C' . str_replace('\\', '%5C', $this->acp_class), 'mode=' . $mode), $this->u_action) . (($module_id) ? '&module_id=' . $module_id : '');
+		return preg_replace(array('/i=[0-9]+/', '/mode=[a-zA-Z0-9_]+/'), array('i=-' . str_replace('\\', '-', $this->acp_class), 'mode=' . $mode), $this->u_action) . (($module_id) ? '&module_id=' . $module_id : '');
 	}
 }

tests/unit/portal/modules_manager_confirm_box_test.php

@@ -134,7 +134,7 @@ class modules_manager_confirm_box_test extends \board3\portal\tests\testframewor
 		$this->assertNull($this->modules_manager->reset_module(15, 'barfoo', 6, array()));
 		$this->assertEquals(array(
 			'seconds'	=> 3,
-			'link'		=> 'adm/index.php?i=%5Cfoo%5Cbar&mode=config&module_id=6',
+			'link'		=> 'adm/index.php?i=-foo-bar&mode=config&module_id=6',
 		), self::$meta_refresh);
 		$this->assertEquals(phpbb_acp_move_module_test::$error_type, E_USER_NOTICE);
 		$this->assertEquals(phpbb_acp_move_module_test::$error, 'adm/index.php?i=15&mode=foobar&module_id=6');

tests/unit/portal/modules_manager_test.php

@@ -128,7 +128,7 @@ class board3_portal_modules_manager_test extends \board3\portal\tests\testframew
 	public function test_get_module_link()
 	{
 		$this->modules_manager->set_acp_class('foo\bar')->set_u_action('index.php?i=25&mode=barfoo');
-		$this->assertEquals('index.php?i=%5Cfoo%5Cbar&mode=test&module_id=5', $this->modules_manager->get_module_link('test', 5));
+		$this->assertEquals('index.php?i=-foo-bar&mode=test&module_id=5', $this->modules_manager->get_module_link('test', 5));
 	}
 
 	public function test_handle_ajax_request()