albertlast / SMF2.1

Sources/QueryString.php

Indentation +1 added lines, -1 removed lines

@@ -429,7 +429,7 @@
 */
 function matchIPtoCIDR($ip_address, $cidr_address)
 {
-    list ($cidr_network, $cidr_subnetmask) = preg_split('/', $cidr_address);
+	list ($cidr_network, $cidr_subnetmask) = preg_split('/', $cidr_address);
 	
 	//v6?
 	if ((strpos($cidr_network, ':') !== false))

Spacing +1 added lines, -1 removed lines

@@ -454,7 +454,7 @@
 			break;
 		}
 		$binMask = str_pad($binMask, 32, '0');
-		$binMask = pack("H*" , $binMask);
+		$binMask = pack("H*", $binMask);
 
 		return ($ip_address & $binMask) == $cidr_network;
 	}

Braces +187 added lines, -133 removed lines

@@ -14,8 +14,9 @@ 
  * @version 2.1 Beta 4
  */
 
-if (!defined('SMF'))
+if (!defined('SMF')) {
 	die('No direct access...');
+}
 
 /**
  * Clean the request variables - add html entities to GET and slashes if magic_quotes_gpc is Off.
@@ -44,22 +45,26 @@ 
 	unset($GLOBALS['HTTP_POST_FILES'], $GLOBALS['HTTP_POST_FILES']);
 
 	// These keys shouldn't be set...ever.
-	if (isset($_REQUEST['GLOBALS']) || isset($_COOKIE['GLOBALS']))
-		die('Invalid request variable.');
+	if (isset($_REQUEST['GLOBALS']) || isset($_COOKIE['GLOBALS'])) {
+			die('Invalid request variable.');
+	}
 
 	// Same goes for numeric keys.
-	foreach (array_merge(array_keys($_POST), array_keys($_GET), array_keys($_FILES)) as $key)
-		if (is_numeric($key))
+	foreach (array_merge(array_keys($_POST), array_keys($_GET), array_keys($_FILES)) as $key) {
+			if (is_numeric($key))
 			die('Numeric request keys are invalid.');
+	}
 
 	// Numeric keys in cookies are less of a problem. Just unset those.
-	foreach ($_COOKIE as $key => $value)
-		if (is_numeric($key))
+	foreach ($_COOKIE as $key => $value) {
+			if (is_numeric($key))
 			unset($_COOKIE[$key]);
+	}
 
 	// Get the correct query string.  It may be in an environment variable...
-	if (!isset($_SERVER['QUERY_STRING']))
-		$_SERVER['QUERY_STRING'] = getenv('QUERY_STRING');
+	if (!isset($_SERVER['QUERY_STRING'])) {
+			$_SERVER['QUERY_STRING'] = getenv('QUERY_STRING');
+	}
 
 	// It seems that sticking a URL after the query string is mighty common, well, it's evil - don't.
 	if (strpos($_SERVER['QUERY_STRING'], 'http') === 0)
@@ -83,13 +88,14 @@ 
 		parse_str(preg_replace('/&(\w+)(?=&|$)/', '&$1=', strtr($_SERVER['QUERY_STRING'], array(';?' => '&', ';' => '&', '%00' => '', "\0" => ''))), $_GET);
 
 		// Magic quotes still applies with parse_str - so clean it up.
-		if (function_exists('get_magic_quotes_gpc') && @get_magic_quotes_gpc() != 0 && empty($modSettings['integrate_magic_quotes']))
-			$_GET = $removeMagicQuoteFunction($_GET);
-	}
-	elseif (strpos(ini_get('arg_separator.input'), ';') !== false)
+		if (function_exists('get_magic_quotes_gpc') && @get_magic_quotes_gpc() != 0 && empty($modSettings['integrate_magic_quotes'])) {
+					$_GET = $removeMagicQuoteFunction($_GET);
+		}
+	} elseif (strpos(ini_get('arg_separator.input'), ';') !== false)
 	{
-		if (function_exists('get_magic_quotes_gpc') && @get_magic_quotes_gpc() != 0 && empty($modSettings['integrate_magic_quotes']))
-			$_GET = $removeMagicQuoteFunction($_GET);
+		if (function_exists('get_magic_quotes_gpc') && @get_magic_quotes_gpc() != 0 && empty($modSettings['integrate_magic_quotes'])) {
+					$_GET = $removeMagicQuoteFunction($_GET);
+		}
 
 		// Search engines will send action=profile%3Bu=1, which confuses PHP.
 		foreach ($_GET as $k => $v)
@@ -102,8 +108,9 @@ 
 				for ($i = 1, $n = count($temp); $i < $n; $i++)
 				{
 					@list ($key, $val) = @explode('=', $temp[$i], 2);
-					if (!isset($_GET[$key]))
-						$_GET[$key] = $val;
+					if (!isset($_GET[$key])) {
+											$_GET[$key] = $val;
+					}
 				}
 			}
 
@@ -120,18 +127,20 @@ 
 	if (!empty($_SERVER['REQUEST_URI']))
 	{
 		// Remove the .html, assuming there is one.
-		if (substr($_SERVER['REQUEST_URI'], strrpos($_SERVER['REQUEST_URI'], '.'), 4) == '.htm')
-			$request = substr($_SERVER['REQUEST_URI'], 0, strrpos($_SERVER['REQUEST_URI'], '.'));
-		else
-			$request = $_SERVER['REQUEST_URI'];
+		if (substr($_SERVER['REQUEST_URI'], strrpos($_SERVER['REQUEST_URI'], '.'), 4) == '.htm') {
+					$request = substr($_SERVER['REQUEST_URI'], 0, strrpos($_SERVER['REQUEST_URI'], '.'));
+		} else {
+					$request = $_SERVER['REQUEST_URI'];
+		}
 
 		// @todo smflib.
 		// Replace 'index.php/a,b,c/d/e,f' with 'a=b,c&d=&e=f' and parse it into $_GET.
 		if (strpos($request, basename($scripturl) . '/') !== false)
 		{
 			parse_str(substr(preg_replace('/&(\w+)(?=&|$)/', '&$1=', strtr(preg_replace('~/([^,/]+),~', '/$1=', substr($request, strpos($request, basename($scripturl)) + strlen(basename($scripturl)))), '/', '&')), 1), $temp);
-			if (function_exists('get_magic_quotes_gpc') && @get_magic_quotes_gpc() != 0 && empty($modSettings['integrate_magic_quotes']))
-				$temp = $removeMagicQuoteFunction($temp);
+			if (function_exists('get_magic_quotes_gpc') && @get_magic_quotes_gpc() != 0 && empty($modSettings['integrate_magic_quotes'])) {
+							$temp = $removeMagicQuoteFunction($temp);
+			}
 			$_GET += $temp;
 		}
 	}
@@ -142,9 +151,10 @@ 
 		$_ENV = $removeMagicQuoteFunction($_ENV);
 		$_POST = $removeMagicQuoteFunction($_POST);
 		$_COOKIE = $removeMagicQuoteFunction($_COOKIE);
-		foreach ($_FILES as $k => $dummy)
-			if (isset($_FILES[$k]['name']))
+		foreach ($_FILES as $k => $dummy) {
+					if (isset($_FILES[$k]['name']))
 				$_FILES[$k]['name'] = $removeMagicQuoteFunction($_FILES[$k]['name']);
+		}
 	}
 
 	// Add entities to GET.  This is kinda like the slashes on everything else.
@@ -160,11 +170,13 @@ 
 		$_REQUEST['board'] = (string) $_REQUEST['board'];
 
 		// If there's a slash in it, we've got a start value! (old, compatible links.)
-		if (strpos($_REQUEST['board'], '/') !== false)
-			list ($_REQUEST['board'], $_REQUEST['start']) = explode('/', $_REQUEST['board']);
+		if (strpos($_REQUEST['board'], '/') !== false) {
+					list ($_REQUEST['board'], $_REQUEST['start']) = explode('/', $_REQUEST['board']);
+		}
 		// Same idea, but dots.  This is the currently used format - ?board=1.0...
-		elseif (strpos($_REQUEST['board'], '.') !== false)
-			list ($_REQUEST['board'], $_REQUEST['start']) = explode('.', $_REQUEST['board']);
+		elseif (strpos($_REQUEST['board'], '.') !== false) {
+					list ($_REQUEST['board'], $_REQUEST['start']) = explode('.', $_REQUEST['board']);
+		}
 		// Now make absolutely sure it's a number.
 		$board = (int) $_REQUEST['board'];
 		$_REQUEST['start'] = isset($_REQUEST['start']) ? (int) $_REQUEST['start'] : 0;
@@ -173,12 +185,14 @@ 
 		$_GET['board'] = $board;
 	}
 	// Well, $board is going to be a number no matter what.
-	else
-		$board = 0;
+	else {
+			$board = 0;
+	}
 
 	// If there's a threadid, it's probably an old YaBB SE link.  Flow with it.
-	if (isset($_REQUEST['threadid']) && !isset($_REQUEST['topic']))
-		$_REQUEST['topic'] = $_REQUEST['threadid'];
+	if (isset($_REQUEST['threadid']) && !isset($_REQUEST['topic'])) {
+			$_REQUEST['topic'] = $_REQUEST['threadid'];
+	}
 
 	// We've got topic!
 	if (isset($_REQUEST['topic']))
@@ -187,11 +201,13 @@ 
 		$_REQUEST['topic'] = (string) $_REQUEST['topic'];
 
 		// Slash means old, beta style, formatting.  That's okay though, the link should still work.
-		if (strpos($_REQUEST['topic'], '/') !== false)
-			list ($_REQUEST['topic'], $_REQUEST['start']) = explode('/', $_REQUEST['topic']);
+		if (strpos($_REQUEST['topic'], '/') !== false) {
+					list ($_REQUEST['topic'], $_REQUEST['start']) = explode('/', $_REQUEST['topic']);
+		}
 		// Dots are useful and fun ;).  This is ?topic=1.15.
-		elseif (strpos($_REQUEST['topic'], '.') !== false)
-			list ($_REQUEST['topic'], $_REQUEST['start']) = explode('.', $_REQUEST['topic']);
+		elseif (strpos($_REQUEST['topic'], '.') !== false) {
+					list ($_REQUEST['topic'], $_REQUEST['start']) = explode('.', $_REQUEST['topic']);
+		}
 
 		// Topic should always be an integer
 		$topic = $_GET['topic'] = $_REQUEST['topic'] = (int) $_REQUEST['topic'];
@@ -225,21 +241,25 @@ 
 			$_REQUEST['start'] = $timestamp === 0 ? 0 : 'from' . $timestamp;
 		}
 		// ... or something invalid, in which case we reset it to 0.
-		else
-			$_REQUEST['start'] = 0;
+		else {
+					$_REQUEST['start'] = 0;
+		}
+	} else {
+			$topic = 0;
 	}
-	else
-		$topic = 0;
 
 	// There should be a $_REQUEST['start'], some at least.  If you need to default to other than 0, use $_GET['start'].
-	if (empty($_REQUEST['start']) || $_REQUEST['start'] < 0 || (int) $_REQUEST['start'] > 2147473647)
-		$_REQUEST['start'] = 0;
+	if (empty($_REQUEST['start']) || $_REQUEST['start'] < 0 || (int) $_REQUEST['start'] > 2147473647) {
+			$_REQUEST['start'] = 0;
+	}
 
 	// The action needs to be a string and not an array or anything else
-	if (isset($_REQUEST['action']))
-		$_REQUEST['action'] = (string) $_REQUEST['action'];
-	if (isset($_GET['action']))
-		$_GET['action'] = (string) $_GET['action'];
+	if (isset($_REQUEST['action'])) {
+			$_REQUEST['action'] = (string) $_REQUEST['action'];
+	}
+	if (isset($_GET['action'])) {
+			$_GET['action'] = (string) $_GET['action'];
+	}
 
 	// Some mail providers like to encode semicolons in activation URLs...
 	if (!empty($_REQUEST['action']) && substr($_SERVER['QUERY_STRING'], 0, 18) == 'action=activate%3b')
@@ -265,29 +285,33 @@ 
 	$_SERVER['BAN_CHECK_IP'] = $_SERVER['REMOTE_ADDR'];
 
 	// If we haven't specified how to handle Reverse Proxy IP headers, lets do what we always used to do.
-	if (!isset($modSettings['proxy_ip_header']))
-		$modSettings['proxy_ip_header'] = 'autodetect';
+	if (!isset($modSettings['proxy_ip_header'])) {
+			$modSettings['proxy_ip_header'] = 'autodetect';
+	}
 
 	// Which headers are we going to check for Reverse Proxy IP headers?
-	if ($modSettings['proxy_ip_header'] == 'disabled')
-		$reverseIPheaders = array();
-	elseif ($modSettings['proxy_ip_header'] == 'autodetect')
-		$reverseIPheaders = array('HTTP_X_FORWARDED_FOR', 'HTTP_CLIENT_IP');
-	else
-		$reverseIPheaders = array($modSettings['proxy_ip_header']);
+	if ($modSettings['proxy_ip_header'] == 'disabled') {
+			$reverseIPheaders = array();
+	} elseif ($modSettings['proxy_ip_header'] == 'autodetect') {
+			$reverseIPheaders = array('HTTP_X_FORWARDED_FOR', 'HTTP_CLIENT_IP');
+	} else {
+			$reverseIPheaders = array($modSettings['proxy_ip_header']);
+	}
 
 	// Find the user's IP address. (but don't let it give you 'unknown'!)
 	foreach ($reverseIPheaders as $proxyIPheader)
 	{
 		// Ignore if this is not set.
-		if (!isset($_SERVER[$proxyIPheader]))
-			continue;
+		if (!isset($_SERVER[$proxyIPheader])) {
+					continue;
+		}
 
 		if (!empty($modSettings['proxy_ip_servers']))
 		{
-			foreach (explode(',', $modSettings['proxy_ip_servers']) as $proxy)
-				if ($proxy == $_SERVER['REMOTE_ADDR'] || matchIPtoCIDR($_SERVER['REMOTE_ADDR'], $proxy))
+			foreach (explode(',', $modSettings['proxy_ip_servers']) as $proxy) {
+							if ($proxy == $_SERVER['REMOTE_ADDR'] || matchIPtoCIDR($_SERVER['REMOTE_ADDR'], $proxy))
 					continue;
+			}
 		}
 
 		// If there are commas, get the last one.. probably.
@@ -307,8 +331,9 @@ 
 
 						// Just incase we have a legacy IPv4 address.
 						// @ TODO: Convert to IPv6.
-						if (preg_match('~^((([1]?\d)?\d|2[0-4]\d|25[0-5])\.){3}(([1]?\d)?\d|2[0-4]\d|25[0-5])$~', $_SERVER[$proxyIPheader]) === 0)
-							continue;
+						if (preg_match('~^((([1]?\d)?\d|2[0-4]\d|25[0-5])\.){3}(([1]?\d)?\d|2[0-4]\d|25[0-5])$~', $_SERVER[$proxyIPheader]) === 0) {
+													continue;
+						}
 					}
 
 					continue;
@@ -320,36 +345,40 @@ 
 			}
 		}
 		// Otherwise just use the only one.
-		elseif (preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown|::1|fe80::|fc00::)~', $_SERVER[$proxyIPheader]) == 0 || preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown|::1|fe80::|fc00::)~', $_SERVER['REMOTE_ADDR']) != 0)
-			$_SERVER['BAN_CHECK_IP'] = $_SERVER[$proxyIPheader];
-		elseif (!isValidIPv6($_SERVER[$proxyIPheader]) || preg_match('~::ffff:\d+\.\d+\.\d+\.\d+~', $_SERVER[$proxyIPheader]) !== 0)
+		elseif (preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown|::1|fe80::|fc00::)~', $_SERVER[$proxyIPheader]) == 0 || preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown|::1|fe80::|fc00::)~', $_SERVER['REMOTE_ADDR']) != 0) {
+					$_SERVER['BAN_CHECK_IP'] = $_SERVER[$proxyIPheader];
+		} elseif (!isValidIPv6($_SERVER[$proxyIPheader]) || preg_match('~::ffff:\d+\.\d+\.\d+\.\d+~', $_SERVER[$proxyIPheader]) !== 0)
 		{
 			$_SERVER[$proxyIPheader] = preg_replace('~^::ffff:(\d+\.\d+\.\d+\.\d+)~', '\1', $_SERVER[$proxyIPheader]);
 
 			// Just incase we have a legacy IPv4 address.
 			// @ TODO: Convert to IPv6.
-			if (preg_match('~^((([1]?\d)?\d|2[0-4]\d|25[0-5])\.){3}(([1]?\d)?\d|2[0-4]\d|25[0-5])$~', $_SERVER[$proxyIPheader]) === 0)
-				continue;
+			if (preg_match('~^((([1]?\d)?\d|2[0-4]\d|25[0-5])\.){3}(([1]?\d)?\d|2[0-4]\d|25[0-5])$~', $_SERVER[$proxyIPheader]) === 0) {
+							continue;
+			}
 		}
 	}
 
 	// Make sure we know the URL of the current request.
-	if (empty($_SERVER['REQUEST_URI']))
-		$_SERVER['REQUEST_URL'] = $scripturl . (!empty($_SERVER['QUERY_STRING']) ? '?' . $_SERVER['QUERY_STRING'] : '');
-	elseif (preg_match('~^([^/]+//[^/]+)~', $scripturl, $match) == 1)
-		$_SERVER['REQUEST_URL'] = $match[1] . $_SERVER['REQUEST_URI'];
-	else
-		$_SERVER['REQUEST_URL'] = $_SERVER['REQUEST_URI'];
+	if (empty($_SERVER['REQUEST_URI'])) {
+			$_SERVER['REQUEST_URL'] = $scripturl . (!empty($_SERVER['QUERY_STRING']) ? '?' . $_SERVER['QUERY_STRING'] : '');
+	} elseif (preg_match('~^([^/]+//[^/]+)~', $scripturl, $match) == 1) {
+			$_SERVER['REQUEST_URL'] = $match[1] . $_SERVER['REQUEST_URI'];
+	} else {
+			$_SERVER['REQUEST_URL'] = $_SERVER['REQUEST_URI'];
+	}
 
 	// And make sure HTTP_USER_AGENT is set.
 	$_SERVER['HTTP_USER_AGENT'] = isset($_SERVER['HTTP_USER_AGENT']) ? (isset($smcFunc['htmlspecialchars']) ? $smcFunc['htmlspecialchars']($smcFunc['db_unescape_string']($_SERVER['HTTP_USER_AGENT']), ENT_QUOTES) : htmlspecialchars($smcFunc['db_unescape_string']($_SERVER['HTTP_USER_AGENT']), ENT_QUOTES)) : '';
 
 	// Some final checking.
-	if (!isValidIP($_SERVER['BAN_CHECK_IP']))
-		$_SERVER['BAN_CHECK_IP'] = '';
-	if ($_SERVER['REMOTE_ADDR'] == 'unknown')
-		$_SERVER['REMOTE_ADDR'] = '';
-}
+	if (!isValidIP($_SERVER['BAN_CHECK_IP'])) {
+			$_SERVER['BAN_CHECK_IP'] = '';
+	}
+	if ($_SERVER['REMOTE_ADDR'] == 'unknown') {
+			$_SERVER['REMOTE_ADDR'] = '';
+	}
+	}
 
 /**
  * Validates a IPv6 address. returns true if it is ipv6.
@@ -360,8 +389,9 @@ 
 function isValidIPv6($ip)
 {
 	//looking for :
-	if (strpos($ip, ':') === false)
-		return false;
+	if (strpos($ip, ':') === false) {
+			return false;
+	}
 
 	//check valid address
 	return filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6);
@@ -379,8 +409,9 @@ 
 	static $converted = array();
 
 	// Check if we have done this already.
-	if (isset($converted[$addr]))
-		return $converted[$addr];
+	if (isset($converted[$addr])) {
+			return $converted[$addr];
+	}
 
 	// Check if there are segments missing, insert if necessary.
 	if (strpos($addr, '::') !== false)
@@ -390,18 +421,20 @@ 
 		$part[1] = explode(':', $part[1]);
 		$missing = array();
 
-		for ($i = 0; $i < (8 - (count($part[0]) + count($part[1]))); $i++)
-			array_push($missing, '0000');
+		for ($i = 0; $i < (8 - (count($part[0]) + count($part[1]))); $i++) {
+					array_push($missing, '0000');
+		}
 
 		$part = array_merge($part[0], $missing, $part[1]);
+	} else {
+			$part = explode(':', $addr);
 	}
-	else
-		$part = explode(':', $addr);
 
 	// Pad each segment until it has 4 digits.
-	foreach ($part as &$p)
-		while (strlen($p) < 4)
+	foreach ($part as &$p) {
+			while (strlen($p) < 4)
 			$p = '0' . $p;
+	}
 
 	unset($p);
 
@@ -412,11 +445,12 @@ 
 	$converted[$addr] = $result;
 
 	// Quick check to make sure the length is as expected.
-	if (!$strict_check || strlen($result) == 39)
-		return $result;
-	else
-		return false;
-}
+	if (!$strict_check || strlen($result) == 39) {
+			return $result;
+	} else {
+			return false;
+	}
+	}
 
 
 /**
@@ -434,8 +468,9 @@ 
 	//v6?
 	if ((strpos($cidr_network, ':') !== false))
 	{
-		if (!filter_var($ip_address, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) || !filter_var($cidr_network, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6))
-				return false;
+		if (!filter_var($ip_address, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) || !filter_var($cidr_network, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
+						return false;
+		}
 
 		$ip_address = inet_pton($ip_address);
 		$cidr_network = inet_pton($cidr_network);
@@ -457,10 +492,10 @@ 
 		$binMask = pack("H*" , $binMask);
 
 		return ($ip_address & $binMask) == $cidr_network;
+	} else {
+			return (ip2long($ip_address) & (~((1 << (32 - $cidr_subnetmask)) - 1))) == ip2long($cidr_network);
+	}
 	}
-	else
-		return (ip2long($ip_address) & (~((1 << (32 - $cidr_subnetmask)) - 1))) == ip2long($cidr_network);
-}
 
 /**
  * Adds slashes to the array/variable.
@@ -476,15 +511,17 @@ 
 {
 	global $smcFunc;
 
-	if (!is_array($var))
-		return $smcFunc['db_escape_string']($var);
+	if (!is_array($var)) {
+			return $smcFunc['db_escape_string']($var);
+	}
 
 	// Reindex the array with slashes.
 	$new_var = array();
 
 	// Add slashes to every element, even the indexes!
-	foreach ($var as $k => $v)
-		$new_var[$smcFunc['db_escape_string']($k)] = escapestring__recursive($v);
+	foreach ($var as $k => $v) {
+			$new_var[$smcFunc['db_escape_string']($k)] = escapestring__recursive($v);
+	}
 
 	return $new_var;
 }
@@ -504,12 +541,14 @@ 
 {
 	global $smcFunc;
 
-	if (!is_array($var))
-		return isset($smcFunc['htmlspecialchars']) ? $smcFunc['htmlspecialchars']($var, ENT_QUOTES) : htmlspecialchars($var, ENT_QUOTES);
+	if (!is_array($var)) {
+			return isset($smcFunc['htmlspecialchars']) ? $smcFunc['htmlspecialchars']($var, ENT_QUOTES) : htmlspecialchars($var, ENT_QUOTES);
+	}
 
 	// Add the htmlspecialchars to every element.
-	foreach ($var as $k => $v)
-		$var[$k] = $level > 25 ? null : htmlspecialchars__recursive($v, $level + 1);
+	foreach ($var as $k => $v) {
+			$var[$k] = $level > 25 ? null : htmlspecialchars__recursive($v, $level + 1);
+	}
 
 	return $var;
 }
@@ -527,15 +566,17 @@ 
  */
 function urldecode__recursive($var, $level = 0)
 {
-	if (!is_array($var))
-		return urldecode($var);
+	if (!is_array($var)) {
+			return urldecode($var);
+	}
 
 	// Reindex the array...
 	$new_var = array();
 
 	// Add the htmlspecialchars to every element.
-	foreach ($var as $k => $v)
-		$new_var[urldecode($k)] = $level > 25 ? null : urldecode__recursive($v, $level + 1);
+	foreach ($var as $k => $v) {
+			$new_var[urldecode($k)] = $level > 25 ? null : urldecode__recursive($v, $level + 1);
+	}
 
 	return $new_var;
 }
@@ -553,15 +594,17 @@ 
 {
 	global $smcFunc;
 
-	if (!is_array($var))
-		return $smcFunc['db_unescape_string']($var);
+	if (!is_array($var)) {
+			return $smcFunc['db_unescape_string']($var);
+	}
 
 	// Reindex the array without slashes, this time.
 	$new_var = array();
 
 	// Strip the slashes from every element.
-	foreach ($var as $k => $v)
-		$new_var[$smcFunc['db_unescape_string']($k)] = unescapestring__recursive($v);
+	foreach ($var as $k => $v) {
+			$new_var[$smcFunc['db_unescape_string']($k)] = unescapestring__recursive($v);
+	}
 
 	return $new_var;
 }
@@ -579,15 +622,17 @@ 
  */
 function stripslashes__recursive($var, $level = 0)
 {
-	if (!is_array($var))
-		return stripslashes($var);
+	if (!is_array($var)) {
+			return stripslashes($var);
+	}
 
 	// Reindex the array without slashes, this time.
 	$new_var = array();
 
 	// Strip the slashes from every element.
-	foreach ($var as $k => $v)
-		$new_var[stripslashes($k)] = $level > 25 ? null : stripslashes__recursive($v, $level + 1);
+	foreach ($var as $k => $v) {
+			$new_var[stripslashes($k)] = $level > 25 ? null : stripslashes__recursive($v, $level + 1);
+	}
 
 	return $new_var;
 }
@@ -608,12 +653,14 @@ 
 	global $smcFunc;
 
 	// Remove spaces (32), tabs (9), returns (13, 10, and 11), nulls (0), and hard spaces. (160)
-	if (!is_array($var))
-		return isset($smcFunc) ? $smcFunc['htmltrim']($var) : trim($var, ' ' . "\t\n\r\x0B" . '\0' . "\xA0");
+	if (!is_array($var)) {
+			return isset($smcFunc) ? $smcFunc['htmltrim']($var) : trim($var, ' ' . "\t\n\r\x0B" . '\0' . "\xA0");
+	}
 
 	// Go through all the elements and remove the whitespace.
-	foreach ($var as $k => $v)
-		$var[$k] = $level > 25 ? null : htmltrim__recursive($v, $level + 1);
+	foreach ($var as $k => $v) {
+			$var[$k] = $level > 25 ? null : htmltrim__recursive($v, $level + 1);
+	}
 
 	return $var;
 }
@@ -678,30 +725,37 @@ 
 	global $scripturl, $modSettings, $context;
 
 	// If $scripturl is set to nothing, or the SID is not defined (SSI?) just quit.
-	if ($scripturl == '' || !defined('SID'))
-		return $buffer;
+	if ($scripturl == '' || !defined('SID')) {
+			return $buffer;
+	}
 
 	// Do nothing if the session is cookied, or they are a crawler - guests are caught by redirectexit().  This doesn't work below PHP 4.3.0, because it makes the output buffer bigger.
 	// @todo smflib
-	if (empty($_COOKIE) && SID != '' && !isBrowser('possibly_robot'))
-		$buffer = preg_replace('/(?<!<link rel="canonical" href=)"' . preg_quote($scripturl, '/') . '(?!\?' . preg_quote(SID, '/') . ')\\??/', '"' . $scripturl . '?' . SID . '&amp;', $buffer);
+	if (empty($_COOKIE) && SID != '' && !isBrowser('possibly_robot')) {
+			$buffer = preg_replace('/(?<!<link rel="canonical" href=)"' . preg_quote($scripturl, '/') . '(?!\?' . preg_quote(SID, '/') . ')\\??/', '"' . $scripturl . '?' . SID . '&amp;', $buffer);
+	}
 	// Debugging templates, are we?
-	elseif (isset($_GET['debug']))
-		$buffer = preg_replace('/(?<!<link rel="canonical" href=)"' . preg_quote($scripturl, '/') . '\\??/', '"' . $scripturl . '?debug;', $buffer);
+	elseif (isset($_GET['debug'])) {
+			$buffer = preg_replace('/(?<!<link rel="canonical" href=)"' . preg_quote($scripturl, '/') . '\\??/', '"' . $scripturl . '?debug;', $buffer);
+	}
 
 	// This should work even in 4.2.x, just not CGI without cgi.fix_pathinfo.
 	if (!empty($modSettings['queryless_urls']) && (!$context['server']['is_cgi'] || ini_get('cgi.fix_pathinfo') == 1 || @get_cfg_var('cgi.fix_pathinfo') == 1) && ($context['server']['is_apache'] || $context['server']['is_lighttpd'] || $context['server']['is_litespeed']))
 	{
 		// Let's do something special for session ids!
-		if (defined('SID') && SID != '')
-			$buffer = preg_replace_callback('~"' . preg_quote($scripturl, '~') . '\?(?:' . SID . '(?:;|&|&amp;))((?:board|topic)=[^#"]+?)(#[^"]*?)?"~', function($m)
+		if (defined('SID') && SID != '') {
+					$buffer = preg_replace_callback('~"' . preg_quote($scripturl, '~') . '\?(?:' . SID . '(?:;|&|&amp;))((?:board|topic)=[^#"]+?)(#[^"]*?)?"~', function($m)
 			{
-				global $scripturl; return '"' . $scripturl . "/" . strtr("$m[1]", '&;=', '//,') . ".html?" . SID . (isset($m[2]) ? $m[2] : "") . '"';
+				global $scripturl;
+		}
+		return '"' . $scripturl . "/" . strtr("$m[1]", '&;=', '//,') . ".html?" . SID . (isset($m[2]) ? $m[2] : "") . '"';
 			}, $buffer);
-		else
-			$buffer = preg_replace_callback('~"' . preg_quote($scripturl, '~') . '\?((?:board|topic)=[^#"]+?)(#[^"]*?)?"~', function($m)
+		else {
+					$buffer = preg_replace_callback('~"' . preg_quote($scripturl, '~') . '\?((?:board|topic)=[^#"]+?)(#[^"]*?)?"~', function($m)
 			{
-				global $scripturl; return '"' . $scripturl . '/' . strtr("$m[1]", '&;=', '//,') . '.html' . (isset($m[2]) ? $m[2] : "") . '"';
+				global $scripturl;
+		}
+		return '"' . $scripturl . '/' . strtr("$m[1]", '&;=', '//,') . '.html' . (isset($m[2]) ? $m[2] : "") . '"';
 			}, $buffer);
 	}