Completed
Push — release-2.1 ( f79ad2...e3cf37 )
by Mathias
15s queued 10s
created
Sources/QueryString.php 3 patches
Indentation   +1 added lines, -1 removed lines patch added patch discarded remove patch
@@ -429,7 +429,7 @@
 block discarded – undo
429 429
 */
430 430
 function matchIPtoCIDR($ip_address, $cidr_address)
431 431
 {
432
-    list ($cidr_network, $cidr_subnetmask) = preg_split('/', $cidr_address);
432
+	list ($cidr_network, $cidr_subnetmask) = preg_split('/', $cidr_address);
433 433
 	
434 434
 	//v6?
435 435
 	if ((strpos($cidr_network, ':') !== false))
Please login to merge, or discard this patch.
Spacing   +1 added lines, -1 removed lines patch added patch discarded remove patch
@@ -454,7 +454,7 @@
 block discarded – undo
454 454
 			break;
455 455
 		}
456 456
 		$binMask = str_pad($binMask, 32, '0');
457
-		$binMask = pack("H*" , $binMask);
457
+		$binMask = pack("H*", $binMask);
458 458
 
459 459
 		return ($ip_address & $binMask) == $cidr_network;
460 460
 	}
Please login to merge, or discard this patch.
Braces   +187 added lines, -133 removed lines patch added patch discarded remove patch
@@ -14,8 +14,9 @@  discard block
 block discarded – undo
14 14
  * @version 2.1 Beta 4
15 15
  */
16 16
 
17
-if (!defined('SMF'))
17
+if (!defined('SMF')) {
18 18
 	die('No direct access...');
19
+}
19 20
 
20 21
 /**
21 22
  * Clean the request variables - add html entities to GET and slashes if magic_quotes_gpc is Off.
@@ -44,22 +45,26 @@  discard block
 block discarded – undo
44 45
 	unset($GLOBALS['HTTP_POST_FILES'], $GLOBALS['HTTP_POST_FILES']);
45 46
 
46 47
 	// These keys shouldn't be set...ever.
47
-	if (isset($_REQUEST['GLOBALS']) || isset($_COOKIE['GLOBALS']))
48
-		die('Invalid request variable.');
48
+	if (isset($_REQUEST['GLOBALS']) || isset($_COOKIE['GLOBALS'])) {
49
+			die('Invalid request variable.');
50
+	}
49 51
 
50 52
 	// Same goes for numeric keys.
51
-	foreach (array_merge(array_keys($_POST), array_keys($_GET), array_keys($_FILES)) as $key)
52
-		if (is_numeric($key))
53
+	foreach (array_merge(array_keys($_POST), array_keys($_GET), array_keys($_FILES)) as $key) {
54
+			if (is_numeric($key))
53 55
 			die('Numeric request keys are invalid.');
56
+	}
54 57
 
55 58
 	// Numeric keys in cookies are less of a problem. Just unset those.
56
-	foreach ($_COOKIE as $key => $value)
57
-		if (is_numeric($key))
59
+	foreach ($_COOKIE as $key => $value) {
60
+			if (is_numeric($key))
58 61
 			unset($_COOKIE[$key]);
62
+	}
59 63
 
60 64
 	// Get the correct query string.  It may be in an environment variable...
61
-	if (!isset($_SERVER['QUERY_STRING']))
62
-		$_SERVER['QUERY_STRING'] = getenv('QUERY_STRING');
65
+	if (!isset($_SERVER['QUERY_STRING'])) {
66
+			$_SERVER['QUERY_STRING'] = getenv('QUERY_STRING');
67
+	}
63 68
 
64 69
 	// It seems that sticking a URL after the query string is mighty common, well, it's evil - don't.
65 70
 	if (strpos($_SERVER['QUERY_STRING'], 'http') === 0)
@@ -83,13 +88,14 @@  discard block
 block discarded – undo
83 88
 		parse_str(preg_replace('/&(\w+)(?=&|$)/', '&$1=', strtr($_SERVER['QUERY_STRING'], array(';?' => '&', ';' => '&', '%00' => '', "\0" => ''))), $_GET);
84 89
 
85 90
 		// Magic quotes still applies with parse_str - so clean it up.
86
-		if (function_exists('get_magic_quotes_gpc') && @get_magic_quotes_gpc() != 0 && empty($modSettings['integrate_magic_quotes']))
87
-			$_GET = $removeMagicQuoteFunction($_GET);
88
-	}
89
-	elseif (strpos(ini_get('arg_separator.input'), ';') !== false)
91
+		if (function_exists('get_magic_quotes_gpc') && @get_magic_quotes_gpc() != 0 && empty($modSettings['integrate_magic_quotes'])) {
92
+					$_GET = $removeMagicQuoteFunction($_GET);
93
+		}
94
+	} elseif (strpos(ini_get('arg_separator.input'), ';') !== false)
90 95
 	{
91
-		if (function_exists('get_magic_quotes_gpc') && @get_magic_quotes_gpc() != 0 && empty($modSettings['integrate_magic_quotes']))
92
-			$_GET = $removeMagicQuoteFunction($_GET);
96
+		if (function_exists('get_magic_quotes_gpc') && @get_magic_quotes_gpc() != 0 && empty($modSettings['integrate_magic_quotes'])) {
97
+					$_GET = $removeMagicQuoteFunction($_GET);
98
+		}
93 99
 
94 100
 		// Search engines will send action=profile%3Bu=1, which confuses PHP.
95 101
 		foreach ($_GET as $k => $v)
@@ -102,8 +108,9 @@  discard block
 block discarded – undo
102 108
 				for ($i = 1, $n = count($temp); $i < $n; $i++)
103 109
 				{
104 110
 					@list ($key, $val) = @explode('=', $temp[$i], 2);
105
-					if (!isset($_GET[$key]))
106
-						$_GET[$key] = $val;
111
+					if (!isset($_GET[$key])) {
112
+											$_GET[$key] = $val;
113
+					}
107 114
 				}
108 115
 			}
109 116
 
@@ -120,18 +127,20 @@  discard block
 block discarded – undo
120 127
 	if (!empty($_SERVER['REQUEST_URI']))
121 128
 	{
122 129
 		// Remove the .html, assuming there is one.
123
-		if (substr($_SERVER['REQUEST_URI'], strrpos($_SERVER['REQUEST_URI'], '.'), 4) == '.htm')
124
-			$request = substr($_SERVER['REQUEST_URI'], 0, strrpos($_SERVER['REQUEST_URI'], '.'));
125
-		else
126
-			$request = $_SERVER['REQUEST_URI'];
130
+		if (substr($_SERVER['REQUEST_URI'], strrpos($_SERVER['REQUEST_URI'], '.'), 4) == '.htm') {
131
+					$request = substr($_SERVER['REQUEST_URI'], 0, strrpos($_SERVER['REQUEST_URI'], '.'));
132
+		} else {
133
+					$request = $_SERVER['REQUEST_URI'];
134
+		}
127 135
 
128 136
 		// @todo smflib.
129 137
 		// Replace 'index.php/a,b,c/d/e,f' with 'a=b,c&d=&e=f' and parse it into $_GET.
130 138
 		if (strpos($request, basename($scripturl) . '/') !== false)
131 139
 		{
132 140
 			parse_str(substr(preg_replace('/&(\w+)(?=&|$)/', '&$1=', strtr(preg_replace('~/([^,/]+),~', '/$1=', substr($request, strpos($request, basename($scripturl)) + strlen(basename($scripturl)))), '/', '&')), 1), $temp);
133
-			if (function_exists('get_magic_quotes_gpc') && @get_magic_quotes_gpc() != 0 && empty($modSettings['integrate_magic_quotes']))
134
-				$temp = $removeMagicQuoteFunction($temp);
141
+			if (function_exists('get_magic_quotes_gpc') && @get_magic_quotes_gpc() != 0 && empty($modSettings['integrate_magic_quotes'])) {
142
+							$temp = $removeMagicQuoteFunction($temp);
143
+			}
135 144
 			$_GET += $temp;
136 145
 		}
137 146
 	}
@@ -142,9 +151,10 @@  discard block
 block discarded – undo
142 151
 		$_ENV = $removeMagicQuoteFunction($_ENV);
143 152
 		$_POST = $removeMagicQuoteFunction($_POST);
144 153
 		$_COOKIE = $removeMagicQuoteFunction($_COOKIE);
145
-		foreach ($_FILES as $k => $dummy)
146
-			if (isset($_FILES[$k]['name']))
154
+		foreach ($_FILES as $k => $dummy) {
155
+					if (isset($_FILES[$k]['name']))
147 156
 				$_FILES[$k]['name'] = $removeMagicQuoteFunction($_FILES[$k]['name']);
157
+		}
148 158
 	}
149 159
 
150 160
 	// Add entities to GET.  This is kinda like the slashes on everything else.
@@ -160,11 +170,13 @@  discard block
 block discarded – undo
160 170
 		$_REQUEST['board'] = (string) $_REQUEST['board'];
161 171
 
162 172
 		// If there's a slash in it, we've got a start value! (old, compatible links.)
163
-		if (strpos($_REQUEST['board'], '/') !== false)
164
-			list ($_REQUEST['board'], $_REQUEST['start']) = explode('/', $_REQUEST['board']);
173
+		if (strpos($_REQUEST['board'], '/') !== false) {
174
+					list ($_REQUEST['board'], $_REQUEST['start']) = explode('/', $_REQUEST['board']);
175
+		}
165 176
 		// Same idea, but dots.  This is the currently used format - ?board=1.0...
166
-		elseif (strpos($_REQUEST['board'], '.') !== false)
167
-			list ($_REQUEST['board'], $_REQUEST['start']) = explode('.', $_REQUEST['board']);
177
+		elseif (strpos($_REQUEST['board'], '.') !== false) {
178
+					list ($_REQUEST['board'], $_REQUEST['start']) = explode('.', $_REQUEST['board']);
179
+		}
168 180
 		// Now make absolutely sure it's a number.
169 181
 		$board = (int) $_REQUEST['board'];
170 182
 		$_REQUEST['start'] = isset($_REQUEST['start']) ? (int) $_REQUEST['start'] : 0;
@@ -173,12 +185,14 @@  discard block
 block discarded – undo
173 185
 		$_GET['board'] = $board;
174 186
 	}
175 187
 	// Well, $board is going to be a number no matter what.
176
-	else
177
-		$board = 0;
188
+	else {
189
+			$board = 0;
190
+	}
178 191
 
179 192
 	// If there's a threadid, it's probably an old YaBB SE link.  Flow with it.
180
-	if (isset($_REQUEST['threadid']) && !isset($_REQUEST['topic']))
181
-		$_REQUEST['topic'] = $_REQUEST['threadid'];
193
+	if (isset($_REQUEST['threadid']) && !isset($_REQUEST['topic'])) {
194
+			$_REQUEST['topic'] = $_REQUEST['threadid'];
195
+	}
182 196
 
183 197
 	// We've got topic!
184 198
 	if (isset($_REQUEST['topic']))
@@ -187,11 +201,13 @@  discard block
 block discarded – undo
187 201
 		$_REQUEST['topic'] = (string) $_REQUEST['topic'];
188 202
 
189 203
 		// Slash means old, beta style, formatting.  That's okay though, the link should still work.
190
-		if (strpos($_REQUEST['topic'], '/') !== false)
191
-			list ($_REQUEST['topic'], $_REQUEST['start']) = explode('/', $_REQUEST['topic']);
204
+		if (strpos($_REQUEST['topic'], '/') !== false) {
205
+					list ($_REQUEST['topic'], $_REQUEST['start']) = explode('/', $_REQUEST['topic']);
206
+		}
192 207
 		// Dots are useful and fun ;).  This is ?topic=1.15.
193
-		elseif (strpos($_REQUEST['topic'], '.') !== false)
194
-			list ($_REQUEST['topic'], $_REQUEST['start']) = explode('.', $_REQUEST['topic']);
208
+		elseif (strpos($_REQUEST['topic'], '.') !== false) {
209
+					list ($_REQUEST['topic'], $_REQUEST['start']) = explode('.', $_REQUEST['topic']);
210
+		}
195 211
 
196 212
 		// Topic should always be an integer
197 213
 		$topic = $_GET['topic'] = $_REQUEST['topic'] = (int) $_REQUEST['topic'];
@@ -225,21 +241,25 @@  discard block
 block discarded – undo
225 241
 			$_REQUEST['start'] = $timestamp === 0 ? 0 : 'from' . $timestamp;
226 242
 		}
227 243
 		// ... or something invalid, in which case we reset it to 0.
228
-		else
229
-			$_REQUEST['start'] = 0;
244
+		else {
245
+					$_REQUEST['start'] = 0;
246
+		}
247
+	} else {
248
+			$topic = 0;
230 249
 	}
231
-	else
232
-		$topic = 0;
233 250
 
234 251
 	// There should be a $_REQUEST['start'], some at least.  If you need to default to other than 0, use $_GET['start'].
235
-	if (empty($_REQUEST['start']) || $_REQUEST['start'] < 0 || (int) $_REQUEST['start'] > 2147473647)
236
-		$_REQUEST['start'] = 0;
252
+	if (empty($_REQUEST['start']) || $_REQUEST['start'] < 0 || (int) $_REQUEST['start'] > 2147473647) {
253
+			$_REQUEST['start'] = 0;
254
+	}
237 255
 
238 256
 	// The action needs to be a string and not an array or anything else
239
-	if (isset($_REQUEST['action']))
240
-		$_REQUEST['action'] = (string) $_REQUEST['action'];
241
-	if (isset($_GET['action']))
242
-		$_GET['action'] = (string) $_GET['action'];
257
+	if (isset($_REQUEST['action'])) {
258
+			$_REQUEST['action'] = (string) $_REQUEST['action'];
259
+	}
260
+	if (isset($_GET['action'])) {
261
+			$_GET['action'] = (string) $_GET['action'];
262
+	}
243 263
 
244 264
 	// Some mail providers like to encode semicolons in activation URLs...
245 265
 	if (!empty($_REQUEST['action']) && substr($_SERVER['QUERY_STRING'], 0, 18) == 'action=activate%3b')
@@ -265,29 +285,33 @@  discard block
 block discarded – undo
265 285
 	$_SERVER['BAN_CHECK_IP'] = $_SERVER['REMOTE_ADDR'];
266 286
 
267 287
 	// If we haven't specified how to handle Reverse Proxy IP headers, lets do what we always used to do.
268
-	if (!isset($modSettings['proxy_ip_header']))
269
-		$modSettings['proxy_ip_header'] = 'autodetect';
288
+	if (!isset($modSettings['proxy_ip_header'])) {
289
+			$modSettings['proxy_ip_header'] = 'autodetect';
290
+	}
270 291
 
271 292
 	// Which headers are we going to check for Reverse Proxy IP headers?
272
-	if ($modSettings['proxy_ip_header'] == 'disabled')
273
-		$reverseIPheaders = array();
274
-	elseif ($modSettings['proxy_ip_header'] == 'autodetect')
275
-		$reverseIPheaders = array('HTTP_X_FORWARDED_FOR', 'HTTP_CLIENT_IP');
276
-	else
277
-		$reverseIPheaders = array($modSettings['proxy_ip_header']);
293
+	if ($modSettings['proxy_ip_header'] == 'disabled') {
294
+			$reverseIPheaders = array();
295
+	} elseif ($modSettings['proxy_ip_header'] == 'autodetect') {
296
+			$reverseIPheaders = array('HTTP_X_FORWARDED_FOR', 'HTTP_CLIENT_IP');
297
+	} else {
298
+			$reverseIPheaders = array($modSettings['proxy_ip_header']);
299
+	}
278 300
 
279 301
 	// Find the user's IP address. (but don't let it give you 'unknown'!)
280 302
 	foreach ($reverseIPheaders as $proxyIPheader)
281 303
 	{
282 304
 		// Ignore if this is not set.
283
-		if (!isset($_SERVER[$proxyIPheader]))
284
-			continue;
305
+		if (!isset($_SERVER[$proxyIPheader])) {
306
+					continue;
307
+		}
285 308
 
286 309
 		if (!empty($modSettings['proxy_ip_servers']))
287 310
 		{
288
-			foreach (explode(',', $modSettings['proxy_ip_servers']) as $proxy)
289
-				if ($proxy == $_SERVER['REMOTE_ADDR'] || matchIPtoCIDR($_SERVER['REMOTE_ADDR'], $proxy))
311
+			foreach (explode(',', $modSettings['proxy_ip_servers']) as $proxy) {
312
+							if ($proxy == $_SERVER['REMOTE_ADDR'] || matchIPtoCIDR($_SERVER['REMOTE_ADDR'], $proxy))
290 313
 					continue;
314
+			}
291 315
 		}
292 316
 
293 317
 		// If there are commas, get the last one.. probably.
@@ -307,8 +331,9 @@  discard block
 block discarded – undo
307 331
 
308 332
 						// Just incase we have a legacy IPv4 address.
309 333
 						// @ TODO: Convert to IPv6.
310
-						if (preg_match('~^((([1]?\d)?\d|2[0-4]\d|25[0-5])\.){3}(([1]?\d)?\d|2[0-4]\d|25[0-5])$~', $_SERVER[$proxyIPheader]) === 0)
311
-							continue;
334
+						if (preg_match('~^((([1]?\d)?\d|2[0-4]\d|25[0-5])\.){3}(([1]?\d)?\d|2[0-4]\d|25[0-5])$~', $_SERVER[$proxyIPheader]) === 0) {
335
+													continue;
336
+						}
312 337
 					}
313 338
 
314 339
 					continue;
@@ -320,36 +345,40 @@  discard block
 block discarded – undo
320 345
 			}
321 346
 		}
322 347
 		// Otherwise just use the only one.
323
-		elseif (preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown|::1|fe80::|fc00::)~', $_SERVER[$proxyIPheader]) == 0 || preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown|::1|fe80::|fc00::)~', $_SERVER['REMOTE_ADDR']) != 0)
324
-			$_SERVER['BAN_CHECK_IP'] = $_SERVER[$proxyIPheader];
325
-		elseif (!isValidIPv6($_SERVER[$proxyIPheader]) || preg_match('~::ffff:\d+\.\d+\.\d+\.\d+~', $_SERVER[$proxyIPheader]) !== 0)
348
+		elseif (preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown|::1|fe80::|fc00::)~', $_SERVER[$proxyIPheader]) == 0 || preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown|::1|fe80::|fc00::)~', $_SERVER['REMOTE_ADDR']) != 0) {
349
+					$_SERVER['BAN_CHECK_IP'] = $_SERVER[$proxyIPheader];
350
+		} elseif (!isValidIPv6($_SERVER[$proxyIPheader]) || preg_match('~::ffff:\d+\.\d+\.\d+\.\d+~', $_SERVER[$proxyIPheader]) !== 0)
326 351
 		{
327 352
 			$_SERVER[$proxyIPheader] = preg_replace('~^::ffff:(\d+\.\d+\.\d+\.\d+)~', '\1', $_SERVER[$proxyIPheader]);
328 353
 
329 354
 			// Just incase we have a legacy IPv4 address.
330 355
 			// @ TODO: Convert to IPv6.
331
-			if (preg_match('~^((([1]?\d)?\d|2[0-4]\d|25[0-5])\.){3}(([1]?\d)?\d|2[0-4]\d|25[0-5])$~', $_SERVER[$proxyIPheader]) === 0)
332
-				continue;
356
+			if (preg_match('~^((([1]?\d)?\d|2[0-4]\d|25[0-5])\.){3}(([1]?\d)?\d|2[0-4]\d|25[0-5])$~', $_SERVER[$proxyIPheader]) === 0) {
357
+							continue;
358
+			}
333 359
 		}
334 360
 	}
335 361
 
336 362
 	// Make sure we know the URL of the current request.
337
-	if (empty($_SERVER['REQUEST_URI']))
338
-		$_SERVER['REQUEST_URL'] = $scripturl . (!empty($_SERVER['QUERY_STRING']) ? '?' . $_SERVER['QUERY_STRING'] : '');
339
-	elseif (preg_match('~^([^/]+//[^/]+)~', $scripturl, $match) == 1)
340
-		$_SERVER['REQUEST_URL'] = $match[1] . $_SERVER['REQUEST_URI'];
341
-	else
342
-		$_SERVER['REQUEST_URL'] = $_SERVER['REQUEST_URI'];
363
+	if (empty($_SERVER['REQUEST_URI'])) {
364
+			$_SERVER['REQUEST_URL'] = $scripturl . (!empty($_SERVER['QUERY_STRING']) ? '?' . $_SERVER['QUERY_STRING'] : '');
365
+	} elseif (preg_match('~^([^/]+//[^/]+)~', $scripturl, $match) == 1) {
366
+			$_SERVER['REQUEST_URL'] = $match[1] . $_SERVER['REQUEST_URI'];
367
+	} else {
368
+			$_SERVER['REQUEST_URL'] = $_SERVER['REQUEST_URI'];
369
+	}
343 370
 
344 371
 	// And make sure HTTP_USER_AGENT is set.
345 372
 	$_SERVER['HTTP_USER_AGENT'] = isset($_SERVER['HTTP_USER_AGENT']) ? (isset($smcFunc['htmlspecialchars']) ? $smcFunc['htmlspecialchars']($smcFunc['db_unescape_string']($_SERVER['HTTP_USER_AGENT']), ENT_QUOTES) : htmlspecialchars($smcFunc['db_unescape_string']($_SERVER['HTTP_USER_AGENT']), ENT_QUOTES)) : '';
346 373
 
347 374
 	// Some final checking.
348
-	if (!isValidIP($_SERVER['BAN_CHECK_IP']))
349
-		$_SERVER['BAN_CHECK_IP'] = '';
350
-	if ($_SERVER['REMOTE_ADDR'] == 'unknown')
351
-		$_SERVER['REMOTE_ADDR'] = '';
352
-}
375
+	if (!isValidIP($_SERVER['BAN_CHECK_IP'])) {
376
+			$_SERVER['BAN_CHECK_IP'] = '';
377
+	}
378
+	if ($_SERVER['REMOTE_ADDR'] == 'unknown') {
379
+			$_SERVER['REMOTE_ADDR'] = '';
380
+	}
381
+	}
353 382
 
354 383
 /**
355 384
  * Validates a IPv6 address. returns true if it is ipv6.
@@ -360,8 +389,9 @@  discard block
 block discarded – undo
360 389
 function isValidIPv6($ip)
361 390
 {
362 391
 	//looking for :
363
-	if (strpos($ip, ':') === false)
364
-		return false;
392
+	if (strpos($ip, ':') === false) {
393
+			return false;
394
+	}
365 395
 
366 396
 	//check valid address
367 397
 	return filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6);
@@ -379,8 +409,9 @@  discard block
 block discarded – undo
379 409
 	static $converted = array();
380 410
 
381 411
 	// Check if we have done this already.
382
-	if (isset($converted[$addr]))
383
-		return $converted[$addr];
412
+	if (isset($converted[$addr])) {
413
+			return $converted[$addr];
414
+	}
384 415
 
385 416
 	// Check if there are segments missing, insert if necessary.
386 417
 	if (strpos($addr, '::') !== false)
@@ -390,18 +421,20 @@  discard block
 block discarded – undo
390 421
 		$part[1] = explode(':', $part[1]);
391 422
 		$missing = array();
392 423
 
393
-		for ($i = 0; $i < (8 - (count($part[0]) + count($part[1]))); $i++)
394
-			array_push($missing, '0000');
424
+		for ($i = 0; $i < (8 - (count($part[0]) + count($part[1]))); $i++) {
425
+					array_push($missing, '0000');
426
+		}
395 427
 
396 428
 		$part = array_merge($part[0], $missing, $part[1]);
429
+	} else {
430
+			$part = explode(':', $addr);
397 431
 	}
398
-	else
399
-		$part = explode(':', $addr);
400 432
 
401 433
 	// Pad each segment until it has 4 digits.
402
-	foreach ($part as &$p)
403
-		while (strlen($p) < 4)
434
+	foreach ($part as &$p) {
435
+			while (strlen($p) < 4)
404 436
 			$p = '0' . $p;
437
+	}
405 438
 
406 439
 	unset($p);
407 440
 
@@ -412,11 +445,12 @@  discard block
 block discarded – undo
412 445
 	$converted[$addr] = $result;
413 446
 
414 447
 	// Quick check to make sure the length is as expected.
415
-	if (!$strict_check || strlen($result) == 39)
416
-		return $result;
417
-	else
418
-		return false;
419
-}
448
+	if (!$strict_check || strlen($result) == 39) {
449
+			return $result;
450
+	} else {
451
+			return false;
452
+	}
453
+	}
420 454
 
421 455
 
422 456
 /**
@@ -434,8 +468,9 @@  discard block
 block discarded – undo
434 468
 	//v6?
435 469
 	if ((strpos($cidr_network, ':') !== false))
436 470
 	{
437
-		if (!filter_var($ip_address, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) || !filter_var($cidr_network, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6))
438
-				return false;
471
+		if (!filter_var($ip_address, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) || !filter_var($cidr_network, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
472
+						return false;
473
+		}
439 474
 
440 475
 		$ip_address = inet_pton($ip_address);
441 476
 		$cidr_network = inet_pton($cidr_network);
@@ -457,10 +492,10 @@  discard block
 block discarded – undo
457 492
 		$binMask = pack("H*" , $binMask);
458 493
 
459 494
 		return ($ip_address & $binMask) == $cidr_network;
495
+	} else {
496
+			return (ip2long($ip_address) & (~((1 << (32 - $cidr_subnetmask)) - 1))) == ip2long($cidr_network);
497
+	}
460 498
 	}
461
-	else
462
-		return (ip2long($ip_address) & (~((1 << (32 - $cidr_subnetmask)) - 1))) == ip2long($cidr_network);
463
-}
464 499
 
465 500
 /**
466 501
  * Adds slashes to the array/variable.
@@ -476,15 +511,17 @@  discard block
 block discarded – undo
476 511
 {
477 512
 	global $smcFunc;
478 513
 
479
-	if (!is_array($var))
480
-		return $smcFunc['db_escape_string']($var);
514
+	if (!is_array($var)) {
515
+			return $smcFunc['db_escape_string']($var);
516
+	}
481 517
 
482 518
 	// Reindex the array with slashes.
483 519
 	$new_var = array();
484 520
 
485 521
 	// Add slashes to every element, even the indexes!
486
-	foreach ($var as $k => $v)
487
-		$new_var[$smcFunc['db_escape_string']($k)] = escapestring__recursive($v);
522
+	foreach ($var as $k => $v) {
523
+			$new_var[$smcFunc['db_escape_string']($k)] = escapestring__recursive($v);
524
+	}
488 525
 
489 526
 	return $new_var;
490 527
 }
@@ -504,12 +541,14 @@  discard block
 block discarded – undo
504 541
 {
505 542
 	global $smcFunc;
506 543
 
507
-	if (!is_array($var))
508
-		return isset($smcFunc['htmlspecialchars']) ? $smcFunc['htmlspecialchars']($var, ENT_QUOTES) : htmlspecialchars($var, ENT_QUOTES);
544
+	if (!is_array($var)) {
545
+			return isset($smcFunc['htmlspecialchars']) ? $smcFunc['htmlspecialchars']($var, ENT_QUOTES) : htmlspecialchars($var, ENT_QUOTES);
546
+	}
509 547
 
510 548
 	// Add the htmlspecialchars to every element.
511
-	foreach ($var as $k => $v)
512
-		$var[$k] = $level > 25 ? null : htmlspecialchars__recursive($v, $level + 1);
549
+	foreach ($var as $k => $v) {
550
+			$var[$k] = $level > 25 ? null : htmlspecialchars__recursive($v, $level + 1);
551
+	}
513 552
 
514 553
 	return $var;
515 554
 }
@@ -527,15 +566,17 @@  discard block
 block discarded – undo
527 566
  */
528 567
 function urldecode__recursive($var, $level = 0)
529 568
 {
530
-	if (!is_array($var))
531
-		return urldecode($var);
569
+	if (!is_array($var)) {
570
+			return urldecode($var);
571
+	}
532 572
 
533 573
 	// Reindex the array...
534 574
 	$new_var = array();
535 575
 
536 576
 	// Add the htmlspecialchars to every element.
537
-	foreach ($var as $k => $v)
538
-		$new_var[urldecode($k)] = $level > 25 ? null : urldecode__recursive($v, $level + 1);
577
+	foreach ($var as $k => $v) {
578
+			$new_var[urldecode($k)] = $level > 25 ? null : urldecode__recursive($v, $level + 1);
579
+	}
539 580
 
540 581
 	return $new_var;
541 582
 }
@@ -553,15 +594,17 @@  discard block
 block discarded – undo
553 594
 {
554 595
 	global $smcFunc;
555 596
 
556
-	if (!is_array($var))
557
-		return $smcFunc['db_unescape_string']($var);
597
+	if (!is_array($var)) {
598
+			return $smcFunc['db_unescape_string']($var);
599
+	}
558 600
 
559 601
 	// Reindex the array without slashes, this time.
560 602
 	$new_var = array();
561 603
 
562 604
 	// Strip the slashes from every element.
563
-	foreach ($var as $k => $v)
564
-		$new_var[$smcFunc['db_unescape_string']($k)] = unescapestring__recursive($v);
605
+	foreach ($var as $k => $v) {
606
+			$new_var[$smcFunc['db_unescape_string']($k)] = unescapestring__recursive($v);
607
+	}
565 608
 
566 609
 	return $new_var;
567 610
 }
@@ -579,15 +622,17 @@  discard block
 block discarded – undo
579 622
  */
580 623
 function stripslashes__recursive($var, $level = 0)
581 624
 {
582
-	if (!is_array($var))
583
-		return stripslashes($var);
625
+	if (!is_array($var)) {
626
+			return stripslashes($var);
627
+	}
584 628
 
585 629
 	// Reindex the array without slashes, this time.
586 630
 	$new_var = array();
587 631
 
588 632
 	// Strip the slashes from every element.
589
-	foreach ($var as $k => $v)
590
-		$new_var[stripslashes($k)] = $level > 25 ? null : stripslashes__recursive($v, $level + 1);
633
+	foreach ($var as $k => $v) {
634
+			$new_var[stripslashes($k)] = $level > 25 ? null : stripslashes__recursive($v, $level + 1);
635
+	}
591 636
 
592 637
 	return $new_var;
593 638
 }
@@ -608,12 +653,14 @@  discard block
 block discarded – undo
608 653
 	global $smcFunc;
609 654
 
610 655
 	// Remove spaces (32), tabs (9), returns (13, 10, and 11), nulls (0), and hard spaces. (160)
611
-	if (!is_array($var))
612
-		return isset($smcFunc) ? $smcFunc['htmltrim']($var) : trim($var, ' ' . "\t\n\r\x0B" . '\0' . "\xA0");
656
+	if (!is_array($var)) {
657
+			return isset($smcFunc) ? $smcFunc['htmltrim']($var) : trim($var, ' ' . "\t\n\r\x0B" . '\0' . "\xA0");
658
+	}
613 659
 
614 660
 	// Go through all the elements and remove the whitespace.
615
-	foreach ($var as $k => $v)
616
-		$var[$k] = $level > 25 ? null : htmltrim__recursive($v, $level + 1);
661
+	foreach ($var as $k => $v) {
662
+			$var[$k] = $level > 25 ? null : htmltrim__recursive($v, $level + 1);
663
+	}
617 664
 
618 665
 	return $var;
619 666
 }
@@ -678,30 +725,37 @@  discard block
 block discarded – undo
678 725
 	global $scripturl, $modSettings, $context;
679 726
 
680 727
 	// If $scripturl is set to nothing, or the SID is not defined (SSI?) just quit.
681
-	if ($scripturl == '' || !defined('SID'))
682
-		return $buffer;
728
+	if ($scripturl == '' || !defined('SID')) {
729
+			return $buffer;
730
+	}
683 731
 
684 732
 	// Do nothing if the session is cookied, or they are a crawler - guests are caught by redirectexit().  This doesn't work below PHP 4.3.0, because it makes the output buffer bigger.
685 733
 	// @todo smflib
686
-	if (empty($_COOKIE) && SID != '' && !isBrowser('possibly_robot'))
687
-		$buffer = preg_replace('/(?<!<link rel="canonical" href=)"' . preg_quote($scripturl, '/') . '(?!\?' . preg_quote(SID, '/') . ')\\??/', '"' . $scripturl . '?' . SID . '&amp;', $buffer);
734
+	if (empty($_COOKIE) && SID != '' && !isBrowser('possibly_robot')) {
735
+			$buffer = preg_replace('/(?<!<link rel="canonical" href=)"' . preg_quote($scripturl, '/') . '(?!\?' . preg_quote(SID, '/') . ')\\??/', '"' . $scripturl . '?' . SID . '&amp;', $buffer);
736
+	}
688 737
 	// Debugging templates, are we?
689
-	elseif (isset($_GET['debug']))
690
-		$buffer = preg_replace('/(?<!<link rel="canonical" href=)"' . preg_quote($scripturl, '/') . '\\??/', '"' . $scripturl . '?debug;', $buffer);
738
+	elseif (isset($_GET['debug'])) {
739
+			$buffer = preg_replace('/(?<!<link rel="canonical" href=)"' . preg_quote($scripturl, '/') . '\\??/', '"' . $scripturl . '?debug;', $buffer);
740
+	}
691 741
 
692 742
 	// This should work even in 4.2.x, just not CGI without cgi.fix_pathinfo.
693 743
 	if (!empty($modSettings['queryless_urls']) && (!$context['server']['is_cgi'] || ini_get('cgi.fix_pathinfo') == 1 || @get_cfg_var('cgi.fix_pathinfo') == 1) && ($context['server']['is_apache'] || $context['server']['is_lighttpd'] || $context['server']['is_litespeed']))
694 744
 	{
695 745
 		// Let's do something special for session ids!
696
-		if (defined('SID') && SID != '')
697
-			$buffer = preg_replace_callback('~"' . preg_quote($scripturl, '~') . '\?(?:' . SID . '(?:;|&|&amp;))((?:board|topic)=[^#"]+?)(#[^"]*?)?"~', function($m)
746
+		if (defined('SID') && SID != '') {
747
+					$buffer = preg_replace_callback('~"' . preg_quote($scripturl, '~') . '\?(?:' . SID . '(?:;|&|&amp;))((?:board|topic)=[^#"]+?)(#[^"]*?)?"~', function($m)
698 748
 			{
699
-				global $scripturl; return '"' . $scripturl . "/" . strtr("$m[1]", '&;=', '//,') . ".html?" . SID . (isset($m[2]) ? $m[2] : "") . '"';
749
+				global $scripturl;
750
+		}
751
+		return '"' . $scripturl . "/" . strtr("$m[1]", '&;=', '//,') . ".html?" . SID . (isset($m[2]) ? $m[2] : "") . '"';
700 752
 			}, $buffer);
701
-		else
702
-			$buffer = preg_replace_callback('~"' . preg_quote($scripturl, '~') . '\?((?:board|topic)=[^#"]+?)(#[^"]*?)?"~', function($m)
753
+		else {
754
+					$buffer = preg_replace_callback('~"' . preg_quote($scripturl, '~') . '\?((?:board|topic)=[^#"]+?)(#[^"]*?)?"~', function($m)
703 755
 			{
704
-				global $scripturl; return '"' . $scripturl . '/' . strtr("$m[1]", '&;=', '//,') . '.html' . (isset($m[2]) ? $m[2] : "") . '"';
756
+				global $scripturl;
757
+		}
758
+		return '"' . $scripturl . '/' . strtr("$m[1]", '&;=', '//,') . '.html' . (isset($m[2]) ? $m[2] : "") . '"';
705 759
 			}, $buffer);
706 760
 	}
707 761
 
Please login to merge, or discard this patch.