diff --git a/CHANGELOG b/CHANGELOG
index ab2ecfa..c451dd4 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,6 @@
+Allow making file upload member-only
+Added required tag to captcha input
+
Version 1.23.7 - Feb. 24, 2019
Support V3 hidden services
Fixed filtermodkick setting
diff --git a/chat.php b/chat.php
index 2961e8f..c438f42 100644
--- a/chat.php
+++ b/chat.php
@@ -222,10 +222,10 @@ function route_setup(){
if(!valid_admin()){
send_alogin();
}
- $C['bool_settings']=['suguests', 'imgembed', 'timestamps', 'trackip', 'memkick', 'forceredirect', 'incognito', 'sendmail', 'modfallback', 'disablepm', 'eninbox', 'enablegreeting', 'sortupdown', 'hidechatters', 'enfileupload', 'personalnotes', 'filtermodkick'];
+ $C['bool_settings']=['suguests', 'imgembed', 'timestamps', 'trackip', 'memkick', 'forceredirect', 'incognito', 'sendmail', 'modfallback', 'disablepm', 'eninbox', 'enablegreeting', 'sortupdown', 'hidechatters', 'personalnotes', 'filtermodkick'];
$C['colour_settings']=['colbg', 'coltxt'];
$C['msg_settings']=['msgenter', 'msgexit', 'msgmemreg', 'msgsureg', 'msgkick', 'msgmultikick', 'msgallkick', 'msgclean', 'msgsendall', 'msgsendmem', 'msgsendmod', 'msgsendadm', 'msgsendprv', 'msgattache'];
- $C['number_settings']=['memberexpire', 'guestexpire', 'kickpenalty', 'entrywait', 'captchatime', 'messageexpire', 'messagelimit', 'maxmessage', 'maxname', 'minpass', 'defaultrefresh', 'numnotes', 'maxuploadsize'];
+ $C['number_settings']=['memberexpire', 'guestexpire', 'kickpenalty', 'entrywait', 'captchatime', 'messageexpire', 'messagelimit', 'maxmessage', 'maxname', 'minpass', 'defaultrefresh', 'numnotes', 'maxuploadsize', 'enfileupload'];
$C['textarea_settings']=['rulestxt', 'css', 'disabletext'];
$C['text_settings']=['dateformat', 'captchachars', 'redirect', 'chatname', 'mailsender', 'mailreceiver', 'nickregex', 'passregex', 'externalcss'];
$C['settings']=array_merge(['guestaccess', 'englobalpass', 'globalpass', 'captcha', 'dismemcaptcha', 'topic', 'guestreg', 'defaulttz'], $C['bool_settings'], $C['colour_settings'], $C['msg_settings'], $C['number_settings'], $C['textarea_settings'], $C['text_settings']); // All settings in the database
@@ -499,7 +499,7 @@ function send_captcha(){
imagegif($im);
imagedestroy($im);
echo base64_encode(ob_get_clean()).'">';
- echo '| '.hidden('challenge', $randid).' | ';
+ echo ''.hidden('challenge', $randid).' | ';
}
function send_setup($C){
@@ -1766,7 +1766,7 @@ function send_post($rejected=''){
}
}
echo '';
- if(get_setting('enfileupload')){
+ if(get_setting('enfileupload')>0 && get_setting('enfileupload')<=$U['status']){
if(!$disablepm && ($U['status']>=5 || ($U['status']>=3 && get_count_mods()==0 && get_setting('memkick')))){
echo '';
}
@@ -2910,7 +2910,7 @@ function validate_input(){
$message=apply_filter($message, $poststatus, $U['nickname']);
$message=create_hotlinks($message);
$message=apply_linkfilter($message);
- if(isset($_FILES['file']) && get_setting('enfileupload')){
+ if(isset($_FILES['file']) && get_setting('enfileupload')>0 && get_setting('enfileupload')<=$U['status']){
if($_FILES['file']['error']===UPLOAD_ERR_OK && $_FILES['file']['size']<=(1024*get_setting('maxuploadsize'))){
$hash=sha1_file($_FILES['file']['tmp_name']);
$name=htmlspecialchars($_FILES['file']['name']);