From e68f2f7b0a55fa31eb7ce5baf844dca40f11abea Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Fri, 29 Jul 2011 09:47:44 +0000 Subject: [PATCH] Added BACKSLASH to prevent massive escaping --- inc/extensions/ext-nickname.php | 31 +++---- inc/extensions/ext-sql_patches.php | 26 +++++- inc/filters.php | 122 +++++++++++++++------------ inc/libs/security_functions.php | 5 +- inc/modules/member/what-nickname.php | 26 ++++-- 5 files changed, 129 insertions(+), 81 deletions(-) diff --git a/inc/extensions/ext-nickname.php b/inc/extensions/ext-nickname.php index 137d4f8f7b..2f8d6fa860 100644 --- a/inc/extensions/ext-nickname.php +++ b/inc/extensions/ext-nickname.php @@ -41,10 +41,10 @@ if (!defined('__SECURITY')) { } // END - if // Version number -setThisExtensionVersion('0.2.0'); +setThisExtensionVersion('0.2.1'); // Version history array (add more with , '0.0.1' and so on) -setExtensionVersionHistory(array('0.0.0', '0.0.1', '0.0.2', '0.0.3', '0.0.4', '0.0.5', '0.0.6', '0.0.7', '0.0.8', '0.0.9', '0.1.0', '0.1.1', '0.1.2', '0.1.3', '0.1.4', '0.1.5', '0.1.6', '0.1.7', '0.1.8', '0.1.9', '0.2.0')); +setExtensionVersionHistory(array('0.0.0', '0.0.1', '0.0.2', '0.0.3', '0.0.4', '0.0.5', '0.0.6', '0.0.7', '0.0.8', '0.0.9', '0.1.0', '0.1.1', '0.1.2', '0.1.3', '0.1.4', '0.1.5', '0.1.6', '0.1.7', '0.1.8', '0.1.9', '0.2.0', '0.2.1')); switch (getExtensionMode()) { case 'register': // Do stuff when installation is running @@ -58,7 +58,6 @@ switch (getExtensionMode()) { // SQL commands to run addExtensionSql("DELETE LOW_PRIORITY FROM `{?_MYSQL_PREFIX?}_member_menu` WHERE `what`='nickname' LIMIT 1"); addExtensionSql("DELETE LOW_PRIORITY FROM `{?_MYSQL_PREFIX?}_admin_menu` WHERE `what` IN ('config_nickname','list_nickname') LIMIT 2"); - addDropTableSql('nickname_history'); break; case 'activate': // Do stuff when admin activates this extension @@ -172,27 +171,25 @@ switch (getExtensionMode()) { case '0.1.9': // SQL queries for v0.1.9 addAdminMenuSql('user','list_nickname','Nickname-Historie','Listet alle verwendeten Nicknames der Mitglieder auf.', 12); - addDropTableSql('nickname_history'); - addCreateTableSql('nickname_history', " -`id` BIGINT(20) UNSIGNED NOT NULL AUTO_INCREMENT, -`userid` BIGINT(20) UNSIGNED NOT NULL DEFAULT 0, -`nickname` VARCHAR(255) NOT NULL DEFAULT '', -`added` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, -`last_used` TIMESTAMP NULL DEFAULT NULL, -PRIMARY KEY (`id`), -INDEX `userid` (`userid`), -INDEX (`last_used` DESC)", - 'History of used nicknames'); // Update notes (these will be set as task text!) - setExtensionUpdateNotes("Historie eingegebener Nicknames hinzugefügt. Mitglied kann auf bereits verwendeter zurückgreifen und Liste selbst löschen."); + setExtensionUpdateNotes("Menuüpunkt für Nickname-History hinzugefügt."); break; case '0.2.0': // SQL queries for v0.2.0 - addExtensionSql("ALTER TABLE `{?_MYSQL_PREFIX?}_nickname_history` CHANGE `last_used` `last_used` TIMESTAMP NULL DEFAULT NULL"); + // Update notes (these will be set as task text!) + setExtensionUpdateNotes("Ungütiges Update (wegen Verallgemeinerung der nickname_history-Tabelle."); + break; + + case '0.2.1': // SQL queries for v0.2.1 + // Remove this deprecated table + addDropTableSql('nickname_history'); + + // This update depends on ext-sql_patches update! + addExtensionDependency('sql_patches'); // Update notes (these will be set as task text!) - setExtensionUpdateNotes("Ausgangswert ist nicht mehr 0000-00-00 00:00:00, sondern NULL."); + setExtensionUpdateNotes("Diese Tabelle kann in ext-sql_patches allgemeiner formuliert werden."); break; } // END - switch break; diff --git a/inc/extensions/ext-sql_patches.php b/inc/extensions/ext-sql_patches.php index cddc3da159..e869cf0904 100644 --- a/inc/extensions/ext-sql_patches.php +++ b/inc/extensions/ext-sql_patches.php @@ -41,10 +41,10 @@ if (!defined('__SECURITY')) { } // END - if // Version number -setThisExtensionVersion('0.8.3'); +setThisExtensionVersion('0.8.4'); // Version history array (add more with , '0.0.1' and so on) -setExtensionVersionHistory(array('0.0.0', '0.0.1', '0.0.2', '0.0.3', '0.0.4', '0.0.5', '0.0.6', '0.0.7', '0.0.8', '0.0.9', '0.1.0', '0.1.1', '0.1.2', '0.1.3', '0.1.4', '0.1.5', '0.1.6', '0.1.7', '0.1.8', '0.1.9', '0.2.0', '0.2.1', '0.2.2', '0.2.3', '0.2.4', '0.2.5', '0.2.6', '0.2.7', '0.2.8', '0.2.9', '0.3.0', '0.3.1', '0.3.2', '0.3.3', '0.3.4', '0.3.5', '0.3.6', '0.3.7', '0.3.8', '0.3.9', '0.4.0', '0.4.1', '0.4.2', '0.4.3', '0.4.4', '0.4.5', '0.4.6', '0.4.7', '0.4.8', '0.4.9', '0.5.0', '0.5.1', '0.5.2', '0.5.3', '0.5.4', '0.5.5', '0.5.6', '0.5.7', '0.5.8', '0.5.9', '0.6.0', '0.6.1', '0.6.2', '0.6.3', '0.6.4', '0.6.4', '0.6.5', '0.6.6', '0.6.7', '0.6.8', '0.6.9', '0.7.0', '0.7.1', '0.7.2', '0.7.3', '0.7.4', '0.7.5', '0.7.6', '0.7.7', '0.7.8', '0.7.9', '0.8.0', '0.8.1', '0.8.2', '0.8.3')); +setExtensionVersionHistory(array('0.0.0', '0.0.1', '0.0.2', '0.0.3', '0.0.4', '0.0.5', '0.0.6', '0.0.7', '0.0.8', '0.0.9', '0.1.0', '0.1.1', '0.1.2', '0.1.3', '0.1.4', '0.1.5', '0.1.6', '0.1.7', '0.1.8', '0.1.9', '0.2.0', '0.2.1', '0.2.2', '0.2.3', '0.2.4', '0.2.5', '0.2.6', '0.2.7', '0.2.8', '0.2.9', '0.3.0', '0.3.1', '0.3.2', '0.3.3', '0.3.4', '0.3.5', '0.3.6', '0.3.7', '0.3.8', '0.3.9', '0.4.0', '0.4.1', '0.4.2', '0.4.3', '0.4.4', '0.4.5', '0.4.6', '0.4.7', '0.4.8', '0.4.9', '0.5.0', '0.5.1', '0.5.2', '0.5.3', '0.5.4', '0.5.5', '0.5.6', '0.5.7', '0.5.8', '0.5.9', '0.6.0', '0.6.1', '0.6.2', '0.6.3', '0.6.4', '0.6.4', '0.6.5', '0.6.6', '0.6.7', '0.6.8', '0.6.9', '0.7.0', '0.7.1', '0.7.2', '0.7.3', '0.7.4', '0.7.5', '0.7.6', '0.7.7', '0.7.8', '0.7.9', '0.8.0', '0.8.1', '0.8.2', '0.8.3', '0.8.4')); // Keep this extension always active! setExtensionAlwaysActive('Y'); @@ -97,6 +97,7 @@ IN ( // Unregister filter unregisterFilter(__FUNCTION__, __LINE__, 'member_login_check', 'RESET_USER_LOGIN_FAILURE', true, isExtensionDryRun()); + unregisterFilter(__FUNCTION__, __LINE__, 'add_history_entry', 'ADD_HISTORY_ENTRY', true, isExtensionDryRun()); break; case 'activate': // Do stuff when admin activates this extension @@ -848,6 +849,27 @@ INDEX (`subject`)", // Update notes (these will be set as task text!) setExtensionUpdateNotes("Es kann nun die "Home"-Seite in index.php angezeigt werden, anstelle der Weiterleitung."); break; + + case '0.8.4': // SQL queries for v0.8.4 + addDropTableSql('history'); + addCreateTableSql('history', " +`history_id` BIGINT(20) UNSIGNED NOT NULL AUTO_INCREMENT, +`history_subject` VARCHAR(255) NOT NULL DEFAULT 'GENERIC', +`history_userid` BIGINT(20) UNSIGNED NOT NULL DEFAULT 0, +`history_value` VARCHAR(255) NOT NULL DEFAULT '', +`history_added` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, +`history_last_used` TIMESTAMP NULL DEFAULT NULL, +PRIMARY KEY (`history_id`), +INDEX `userid` (`history_userid`), +INDEX (`history_last_used` DESC)", + 'History of used data'); + + // Register filter + registerFilter('add_history_entry', 'ADD_HISTORY_ENTRY', false, true, isExtensionDryRun()); + + // Update notes (these will be set as task text!) + setExtensionUpdateNotes("Allgemeine Historie-Tabelle hinzugefügt."); + break; } // END - switch break; diff --git a/inc/filters.php b/inc/filters.php index 2b241f52d6..c24ca0c736 100644 --- a/inc/filters.php +++ b/inc/filters.php @@ -132,15 +132,15 @@ function FILTER_FLUSH_FILTERS () { } // Filter for calling the handler for login failures -function FILTER_CALL_HANDLER_LOGIN_FAILTURES ($data) { +function FILTER_CALL_HANDLER_LOGIN_FAILTURES ($filterData) { // Init content - $content = $data; + $content = $filterData; // Handle failed logins here if not in guest - //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'type=' . $data['type'] . ',action=' . getAction() . ',what=' . getWhat() . ',level=' . $data['access_level']); - if ((($data['type'] == 'what') || ($data['type'] == 'action') && ((!isWhatSet()) || (getWhat() == 'overview') || (getWhat() == getIndexHome()))) && ($data['access_level'] != 'guest') && ((isExtensionInstalledAndNewer('sql_patches', '0.4.7')) || (isExtensionInstalledAndNewer('admins', '0.7.6')))) { + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'type=' . $filterData['type'] . ',action=' . getAction() . ',what=' . getWhat() . ',level=' . $filterData['access_level']); + if ((($filterData['type'] == 'what') || ($filterData['type'] == 'action') && ((!isWhatSet()) || (getWhat() == 'overview') || (getWhat() == getIndexHome()))) && ($filterData['access_level'] != 'guest') && ((isExtensionInstalledAndNewer('sql_patches', '0.4.7')) || (isExtensionInstalledAndNewer('admins', '0.7.6')))) { // Handle failure - $content['content'] .= handleLoginFailures($data['access_level']); + $content['content'] .= handleLoginFailures($filterData['access_level']); } // END - if // Return the content @@ -163,58 +163,58 @@ function FILTER_REDIRECT_TO_LOGOUT_SQL_PATCHES () { } // Filter for auto-activation of a extension -function FILTER_AUTO_ACTIVATE_EXTENSION ($data) { +function FILTER_AUTO_ACTIVATE_EXTENSION ($filterData) { // Debug message - //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'ext_name=' . $data['ext_name'] . ',isThisExtensionAlwaysActive()=' . intval(isThisExtensionAlwaysActive())); + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'ext_name=' . $filterData['ext_name'] . ',isThisExtensionAlwaysActive()=' . intval(isThisExtensionAlwaysActive())); // Is this extension always activated? if (isThisExtensionAlwaysActive()) { // Then activate the extension - doActivateExtension($data['ext_name']); + doActivateExtension($filterData['ext_name']); } // END - if // Return the data - return $data; + return $filterData; } // Filter for solving task given task -function FILTER_SOLVE_TASK ($data) { +function FILTER_SOLVE_TASK ($filterData) { // Don't solve anything if no admin! if (!isAdmin()) { - return $data; + return $filterData; } // END - if // Is this a direct task id or array element task_id is found? - if (is_int($data)) { + if (is_int($filterData)) { // Then solve it... - adminSolveTask($data); - } elseif ((is_array($data)) && (isset($data['task_id']))) { + adminSolveTask($filterData); + } elseif ((is_array($filterData)) && (isset($filterData['task_id']))) { // Solve it... - adminSolveTask($data['task_id']); + adminSolveTask($filterData['task_id']); } else { // Not detectable! - debug_report_bug(__FUNCTION__, __LINE__, sprintf("Cannot resolve task. data[%s]=
%s
", gettype($data), print_r($data, true))); + debug_report_bug(__FUNCTION__, __LINE__, sprintf("Cannot resolve task. data[%s]=
%s
", gettype($filterData), print_r($filterData, true))); } // Return the data - return $data; + return $filterData; } // Filter to load include files -function FILTER_LOAD_INCLUDES ($pool) { +function FILTER_LOAD_INCLUDES ($filterData) { // Is it null? - if (is_null($pool)) { + if (is_null($filterData)) { // This should not happen! debug_report_bug(__FUNCTION__, __LINE__, 'pool is null.'); } // END - if // Is the pool an array and 'pool' set? - if ((is_array($pool)) && (isset($pool['pool']))) { + if ((is_array($filterData)) && (isset($filterData['pool']))) { // Then use it as pool - $realPool = $pool['pool']; + $realPool = $filterData['pool']; } else { // Default is $data as inclusion list - $realPool = $pool; + $realPool = $filterData; } // Get inc pool @@ -239,17 +239,17 @@ function FILTER_LOAD_INCLUDES ($pool) { } // END - if // Continue with processing - return $pool; + return $filterData; } // Filter for running SQL commands -function FILTER_RUN_SQLS ($data) { +function FILTER_RUN_SQLS ($filterData) { // Debug message //* DEBUG: */ die('getSqls()=
'.print_r(getSqls(), true).'
ext_update_depends=
'.print_r($GLOBALS['ext_update_depends'], true).'
'); //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, '- Entered!'); // Is the array there? - if ((isSqlsValid()) && ((!isset($data['dry_run'])) || ($data['dry_run'] == false))) { + if ((isSqlsValid()) && ((!isset($filterData['dry_run'])) || ($filterData['dry_run'] == false))) { // Run SQL commands //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, '- Found ' . countSqls() . ' queries to run.'); foreach (getSqls() as $mode=>$sqls) { @@ -262,8 +262,8 @@ function FILTER_RUN_SQLS ($data) { $sql = trim($sql); // Is 'enable_codes' not set? Then set it to true - if (!isset($data['enable_codes'])) { - $data['enable_codes'] = true; + if (!isset($filterData['enable_codes'])) { + $filterData['enable_codes'] = true; } // END - if // Is there still a query left? @@ -271,12 +271,12 @@ function FILTER_RUN_SQLS ($data) { // Do we have an "ALTER TABLE" command? if (substr(strtolower($sql), 0, 11) == 'alter table') { // Analyse the alteration command - //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'Alterting table: ' . $sql . ',enable_codes=' . intval($data['enable_codes'])); - SQL_ALTER_TABLE($sql, __FUNCTION__, __LINE__, $data['enable_codes']); + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'Alterting table: ' . $sql . ',enable_codes=' . intval($filterData['enable_codes'])); + SQL_ALTER_TABLE($sql, __FUNCTION__, __LINE__, $filterData['enable_codes']); } else { // Run regular SQL command - //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'Running regular query: ' . $sql . ',enable_codes=' . intval($data['enable_codes'])); - SQL_QUERY($sql, __FUNCTION__, __LINE__, $data['enable_codes']); + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'Running regular query: ' . $sql . ',enable_codes=' . intval($filterData['enable_codes'])); + SQL_QUERY($sql, __FUNCTION__, __LINE__, $filterData['enable_codes']); } } // END - if } // END - foreach @@ -355,7 +355,7 @@ function FILTER_INIT_RANDOMIZER () { } // Filter for removing updates -function FILTER_REMOVE_UPDATES ($data) { +function FILTER_REMOVE_UPDATES ($filterData) { // Init removal list initExtensionRemovalList(); @@ -378,7 +378,7 @@ function FILTER_REMOVE_UPDATES ($data) { } // END - if // Return data - return $data; + return $filterData; } // Determines username for current user state @@ -469,10 +469,10 @@ function FILTER_COMPILE_CONFIG ($code, $compiled = false) { } // Filter for compiling expression code -function FILTER_COMPILE_EXPRESSION_CODE ($code) { +function FILTER_COMPILE_EXPRESSION_CODE ($filterData) { // Compile {%cmd,callback,extraFunction=some_value%} to get expression code snippets // See switch() command below for supported commands - preg_match_all('/\{%(([a-zA-Z0-9-_,]+)(=([^\}]+)){0,1})*%\}/', $code, $matches); + preg_match_all('/\{%(([a-zA-Z0-9-_,]+)(=([^\}]+)){0,1})*%\}/', $filterData, $matches); //* DEBUG: */ debugOutput(__FUNCTION__.'['.__LINE__.']:
'.print_r($matches, true).'
'); // Default is from outputHtml() @@ -527,7 +527,7 @@ function FILTER_COMPILE_EXPRESSION_CODE ($code) { 'matches' => $matches, 'key' => $key, 'mode' => getScriptOutputMode(), - 'code' => $code, + 'code' => $filterData, 'callback' => $callback, 'extra_func' => $extraFunction, 'extra_func2' => $extraFunction2, @@ -536,7 +536,7 @@ function FILTER_COMPILE_EXPRESSION_CODE ($code) { // Call it //* DEBUG: */ debugOutput(__FUNCTION__ . '[' . __LINE__ . ']: function=' . $commandFunction); - $code = call_user_func($commandFunction, $data); + $filterData = call_user_func($commandFunction, $data); } else { // Unsupported command detected logDebugMessage(__FUNCTION__, __LINE__, 'Command cmd=' . $cmd . ', callback=' . $callback . ', extra=' . $extraFunction . ' is unsupported.'); @@ -546,12 +546,12 @@ function FILTER_COMPILE_EXPRESSION_CODE ($code) { // Do we have non-HTML mode? if (!isHtmlOutputMode()) { - $code = decodeEntities($code); + $filterData = decodeEntities($filterData); } // END - if // Return compiled code - //* DEBUG: */ debugOutput(__FUNCTION__.'['.__LINE__.']:
'.($code).'
'); - return $code; + //* DEBUG: */ debugOutput(__FUNCTION__.'['.__LINE__.']:
'.($filterData).'
'); + return $filterData; } // Runs some generic filter update steps @@ -1016,18 +1016,18 @@ LIMIT 1", } // Try to login the admin by setting some session/cookie variables -function FILTER_DO_LOGIN_ADMIN ($data) { +function FILTER_DO_LOGIN_ADMIN ($filterData) { // Now set all session variables and store the result for later processing $GLOBALS['admin_login_success'] = (( - setAdminMd5(encodeHashForCookie($data['pass_hash'])) + setAdminMd5(encodeHashForCookie($filterData['pass_hash'])) ) && ( - setAdminId($data['id']) + setAdminId($filterData['id']) ) && ( setAdminLast(time()) )); // Return the data for further processing - return $data; + return $filterData; } // Filter for loading page header, this should be ran first! @@ -1085,21 +1085,21 @@ function FILTER_SET_CURRENT_DATE () { } // Filter for marking extension as installed -function FILTER_EXTENSION_MARK_INSTALLED ($data) { +function FILTER_EXTENSION_MARK_INSTALLED ($filterData) { // Mark it as installed - $GLOBALS['ext_is_installed'][$data['ext_name']] = true; + $GLOBALS['ext_is_installed'][$filterData['ext_name']] = true; } // Filter for generating mails links for 'pool' mails -function FILTER_GENERATE_POOL_MAIL_LINKS ($data) { +function FILTER_GENERATE_POOL_MAIL_LINKS ($filterData) { // Is type 'mid'? - if ($data['type'] == 'mid') { + if ($filterData['type'] == 'mid') { // Load template - $data['__output'] .= loadTemplate('admin_links_' . strtolower($data['mail_status']) . '_pool_mail', true, $data); + $filterData['__output'] .= loadTemplate('admin_links_' . strtolower($filterData['mail_status']) . '_pool_mail', true, $filterData); } // END - if // Return data - return $data; + return $filterData; } // Filter to activate exchange @@ -1128,18 +1128,32 @@ function FILTER_ACTIVATE_EXCHANGE () { } // Filter to handle configuration -function FILTER_HANDLE_HOME_IN_INDEX_SETTING ($data) { +function FILTER_HANDLE_HOME_IN_INDEX_SETTING ($filterData) { // Is ext-sql_patches up-to-date? if ((isExtensionInstalledAndNewer('sql_patches', '0.8.3')) && (isDisplayHomeInIndexEnabled())) { // Is 'search' as same as 'index_home'? - if ($data['search'] == getIndexHome()) { + if ($filterData['search'] == getIndexHome()) { // Then set 'content' to link to index.php - $data['content'] = $data['prefix'] . '' . getTitleFromMenu($data['access_level'], $data['search'], $data['type'], $data['add']) . ''; + $filterData['content'] = $filterData['prefix'] . '' . getTitleFromMenu($filterData['access_level'], $filterData['search'], $filterData['type'], $filterData['add']) . ''; } // END - if } // END - if // Return data - return $data; + return $filterData; +} + +// Filter to add history entry +function FILTER_ADD_HISTORY_ENTRY ($filterData) { + // Add the entry + SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_history` (`history_subject`,`history_userid`,`history_value`) VALUES('%s',%s,'%s')", + $filterData, + __FUNCTION__, __LINE__); + + // Remember insert id for other filters + $filterData['history_id'] = SQL_INSERT_ID(); + + // Return data + return $filterData; } // [EOF] diff --git a/inc/libs/security_functions.php b/inc/libs/security_functions.php index df3d5686b0..993b5dadb3 100644 --- a/inc/libs/security_functions.php +++ b/inc/libs/security_functions.php @@ -163,7 +163,7 @@ if (!isset($_POST)) { // Generate arrays which holds the relevante chars to replace $GLOBALS['security_chars'] = array( // The chars we are looking for... - 'from' => array('/', '.', "'", '$', '(', ')', '{--', '--}', '{?', '?}', '%', ';', '[', ']', ':', '--'), + 'from' => array('/', '.', "'", '$', '(', ')', '{--', '--}', '{?', '?}', '%', ';', '[', ']', ':', '--', "\\"), // ... and we will replace to. 'to' => array( '{SLASH}', @@ -181,7 +181,8 @@ $GLOBALS['security_chars'] = array( '{OPEN_INDEX}', '{CLOSE_INDEX}', '{DBL_DOT}', - '{COMMENT}' + '{COMMENT}', + '{BACKSLASH}' ), ); diff --git a/inc/modules/member/what-nickname.php b/inc/modules/member/what-nickname.php index 58c3db924a..c8aa1b0d90 100644 --- a/inc/modules/member/what-nickname.php +++ b/inc/modules/member/what-nickname.php @@ -64,21 +64,35 @@ if (isFormSent()) { } // END - if if ($isValid === true) { + // Nickname already in use which is the default + $content = '{--MEMBER_NICKNAME_ALREADY_IN_USE--}'; + // Look for nickname in database (we only need just one entry so don't worry about the "LIMIT 1" !) $result = SQL_QUERY_ESC("SELECT `userid` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `nickname`='%s' AND `userid` != %s LIMIT 1", array(postRequestParameter('nickname'), getMemberId()), __FILE__, __LINE__); + + // Is it not in use? if (SQL_HASZERONUMS($result)) { // Nickname not in use, so set it now SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_user_data` SET `nickname`='%s' WHERE `userid`=%s LIMIT 1", array(postRequestParameter('nickname'), getMemberId()), __FILE__, __LINE__); + + // Prepare array + $filterData = array( + 'history_subject' => 'NICKNAME_CHANGED', + 'history_userid' => getMemberId(), + 'history_value' => postRequestParameter('nickname') + ); + + // Run filter chain + runFilterChain('add_history_entry', $filterData); + + // Change message $content = '{--MEMBER_NICKNAME_SAVED--}'; - } else { - // Free result - SQL_FREERESULT($result); + } // END - if - // Nickname already in use! - $content = '{--MEMBER_NICKNAME_ALREADY_IN_USE--}'; - } + // Free result + SQL_FREERESULT($result); // Load template displayMessage($content); -- 2.39.5