* Disabled changing var names of locked profile fields

Chrissyx · Chrissyx · commit 7beb07cf0b2c · 2013-12-12T20:28:35.000Z
* Fixed and added more update routines for older TBB2s
* Fixed potential bug causing invalid vCards
diff --git a/modules/AdminProfileFields.class.php b/modules/AdminProfileFields.class.php
@@ -42,7 +42,7 @@ public function executeMe() {
 			case 'AddField':
 				$p = Functions::getSGValues($_POST['p'],array('fieldName','fieldRegexVerification','fieldLink','fieldData','fieldType','fieldVarName'),'');
 				$c = Functions::getSGValues($_POST['c'],array('fieldIsRequired','fieldShowRegistration','fieldShowMemberlist'),0);
-				
+
 				$errors = array();
 
 				if(!in_array($p['fieldType'],array(PROFILE_FIELD_TYPE_SELECTMULTI,PROFILE_FIELD_TYPE_SELECTSINGLE,PROFILE_FIELD_TYPE_TEXT,PROFILE_FIELD_TYPE_TEXTAREA)))
@@ -52,15 +52,15 @@ public function executeMe() {
 
 				if(isset($_GET['doit'])) {
 					$c = Functions::getSGValues($_POST['c'],array('fieldIsRequired','fieldShowRegistration','fieldShowMemberlist'),0);
-					
+
 					$this->modules['DB']->queryParams('SELECT "fieldID" FROM '.TBLPFX.'profile_fields WHERE "fieldVarName"=$1',array($p['fieldVarName']));
 					if(trim($p['fieldVarName']) == '' || $this->modules['DB']->numRows() > 0) $errors[] = $this->modules['Language']->getString('error_existing_field_variable_name');
 
 					if(count($errors) == 0) {
 						$fieldData = array();
 						if(trim($p['fieldData']) != '')
 							$fieldData = explode("\n",Functions::str_replace("\r",'',trim($p['fieldData'])));
-	
+
 	                    $this->modules['DB']->queryParams('
 	                        INSERT INTO
 	                            '.TBLPFX.'profile_fields
@@ -85,7 +85,7 @@ public function executeMe() {
 	                        $p['fieldLink'],
 	                        $p['fieldVarName']
 	                    ));
-	
+
 						Functions::myHeader(INDEXFILE.'?action=AdminProfileFields&'.MYSID);
 					}
 				}
@@ -105,11 +105,10 @@ public function executeMe() {
 
                 $this->modules['DB']->queryParams('SELECT * FROM '.TBLPFX.'profile_fields WHERE "fieldID"=$1', array($fieldID));
 				($this->modules['DB']->getAffectedRows() == 0) ? die('Cannot load data: profile field') : $fieldData = $this->modules['DB']->fetchArray();
-				//if($fieldData['fieldIsLocked'] == 1) die('Cannot edit field: locked field');
-				
+
 				$errors = array();
 
-				$p = Functions::getSGValues($_POST['p'],array('fieldName','fieldRegexVerification','fieldLink','fieldType','fieldVarName'),'',$fieldData);
+				$p = Functions::getSGValues($_POST['p'],array('fieldName','fieldRegexVerification','fieldLink','fieldType','fieldVarName','fieldIsLocked'),'',$fieldData);
 				$c = Functions::getSGValues($_POST['c'],array('fieldIsRequired','fieldShowRegistration','fieldShowMemberlist'),0,$fieldData);
 
 				$p['fieldData'] = isset($_POST['p']['fieldData']) ? $_POST['p']['fieldData'] : implode("\n",unserialize($fieldData['fieldData']));
@@ -124,12 +123,12 @@ public function executeMe() {
 
 					$this->modules['DB']->queryParams('SELECT "fieldID" FROM '.TBLPFX.'profile_fields WHERE "fieldVarName"=$1 AND "fieldID"<>$2',array($p['fieldVarName'],$fieldID));
 					if(trim($p['fieldVarName']) == '' || $this->modules['DB']->numRows() > 0) $errors[] = $this->modules['Language']->getString('error_existing_field_variable_name');
-					
+
 					if(count($errors) == 0) {
 						$fieldData = array();
 						if(trim($p['fieldData']) != '')
 							$fieldData = explode("\n",Functions::str_replace("\r",'',trim($p['fieldData'])));
-	
+
 	                    $this->modules['DB']->queryParams('
 	                        UPDATE
 	                            '.TBLPFX.'profile_fields
@@ -157,7 +156,7 @@ public function executeMe() {
 	                        $fieldID,
 	                        $p['fieldVarName']
 	                    ));
-	                    
+
 						Functions::myHeader(INDEXFILE.'?action=AdminProfileFields&'.MYSID);
 					}
 				}
diff --git a/modules/ViewProfile.class.php b/modules/ViewProfile.class.php
@@ -322,7 +322,7 @@ public function executeMe() {
 				while($curResult = $this->modules['DB']->fetchArray())
 					$fieldsData[$curResult['fieldVarName']] = $curResult;
 				//Start building the vCard
-				$vCard = "BEGIN:VCARD\nVERSION:3.0\nN:;;;;\nFN:" . ($fieldsData['realName'] ? $fieldsData['realName']['fieldValue'] : '') . "\nNICKNAME:" . $profileData['userNick'] . "\n" . (($profileData['userHideEmailAddress'] != '1') ? 'EMAIL;TYPE=internet:' . $profileData['userEmailAddress'] . "\n" : '') . 'URL:' . $fieldsData['homepage']['fieldValue'] . "\nCLASS:" . (($this->modules['Config']->getValue('guests_enter_board') != '1') ? 'PRIVATE' : 'PUBLIC') . "\nX-GENERATOR:Tritanium Bulletin Board 2\nEND:VCARD";
+				$vCard = "BEGIN:VCARD\nVERSION:3.0\nN:;;;;\nFN:" . (isset($fieldsData['realName']) ? $fieldsData['realName']['fieldValue'] : '') . "\nNICKNAME:" . $profileData['userNick'] . "\n" . (($profileData['userHideEmailAddress'] != '1') ? 'EMAIL;TYPE=internet:' . $profileData['userEmailAddress'] . "\n" : '') . 'URL:' . $fieldsData['homepage']['fieldValue'] . "\nCLASS:" . (($this->modules['Config']->getValue('guests_enter_board') != '1') ? 'PRIVATE' : 'PUBLIC') . "\nX-GENERATOR:Tritanium Bulletin Board 2\nEND:VCARD";
 				header('Content-Disposition: attachment; filename=' . $profileData['userNick'] . '.vcf');
 				header('Content-Length: ' . strlen($vCard));
 				header('Content-Type: text/x-vCard; charset=UTF-8; name=' . $profileData['userNick'] . '.vcf');
diff --git a/templates/std/templates/AdminProfileFieldsEditField.tpl b/templates/std/templates/AdminProfileFieldsEditField.tpl
@@ -12,7 +12,7 @@
 </tr>
 <tr>
  <td class="CellStd"><span class="FontNorm">{$modules.Language->getString('field_variable_name')}:</span><br/><span class="FontSmall">{$modules.Language->getString('field_variable_name_info')}</span></td>
- <td class="CellAlt"><input class="FormText" type="text" size="40" name="p[fieldVarName]" value="{$p.fieldVarName}"/></td>
+ <td class="CellAlt"><input class="FormText" type="text" size="40" name="p[fieldVarName]" value="{$p.fieldVarName}"{if $p.fieldIsLocked == 1} disabled="disabled"{/if}/></td>
 </tr>
 <tr>
  <td class="CellStd"><span class="FontNorm">{$modules.Language->getString('field_type')}:</span></td>
diff --git a/update/0.2.2.update b/update/0.2.2.update
@@ -42,17 +42,18 @@ $this->DB->query('
 		ADD "userAuthDownload" tinyint(1) unsigned NOT NULL default \'2\' AFTER "userAuthUpload"
 ');
 
+//Update configs
 $this->DB->queryParams('
     UPDATE
         '.TBLPFX.'config
     SET
         "configValue"=$1
     WHERE
-        "configName"=$2',
-array(
+        "configName"=$2
+',array(
     'std',
     'standard_tpl'
-);
+));
 
 $this->DB->queryParams('
 	INSERT INTO '.TBLPFX.'config SET
@@ -63,6 +64,7 @@ $this->DB->queryParams('
 	'1'
 ));
 
+//Update session locations
 $this->DB->query('
 	ALTER TABLE '.TBLPFX.'sessions
 		CHANGE "sessionLastLocation" "sessionLastLocation" VARCHAR(255) NOT NULL DEFAULT \'ForumIndex\'
@@ -74,12 +76,13 @@ $this->DB->queryParams('
     SET
         "sessionLastLocation"=$1
     WHERE
-        "sessionLastLocation"=$2',
-array(
+        "sessionLastLocation"=$2
+',array(
     'ForumIndex',
     'forumindex'
-);
+));
 
+//Update profile fields
 $this->DB->queryParams('
     UPDATE
         '.TBLPFX.'profile_fields
@@ -97,4 +100,15 @@ $this->DB->queryParams('
     'Homepage'
 ));
 
+$this->DB->queryParams('
+    UPDATE
+        '.TBLPFX.'profile_fields
+    SET
+        "fieldData"=$1
+    WHERE
+        "fieldData"=\'\'
+',array(
+    serialize(array())
+));
+
 $nextUpdateFile = '';
