From a607821ffb46e1d3c1accfa5f415f78bafef038c Mon Sep 17 00:00:00 2001
From: Tomasz Mlynski <devilshakerz@gmail.com>
Date: Thu, 15 Mar 2018 21:12:24 +0100
Subject: [PATCH] MyBB 1.8.15

---
 admin/modules/config/attachment_types.php |   2 +
 admin/modules/config/settings.php         |   2 +-
 admin/modules/config/warning.php          |   2 +-
 admin/modules/style/templates.php         |   8 +-
 admin/modules/tools/tasks.php             |  14 +-
 admin/modules/user/admin_permissions.php  |   7 +-
 admin/modules/user/group_promotions.php   |   4 +-
 forumdisplay.php                          |   1 +
 inc/functions_task.php                    |   8 +-
 member.php                                |   3 +
 moderation.php                            |   2 +
 search.php                                |   1 +
 showthread.php                            |   1 +
 usercp2.php                               | 518 +++++++++++-----------
 14 files changed, 306 insertions(+), 267 deletions(-)

diff --git a/admin/modules/config/attachment_types.php b/admin/modules/config/attachment_types.php
index 91f6459c62..5d761bd1b9 100644
--- a/admin/modules/config/attachment_types.php
+++ b/admin/modules/config/attachment_types.php
@@ -718,6 +718,8 @@
 			$icon = "off.png\" alt=\"({$lang->alt_disabled})\" title=\"{$lang->alt_disabled}";
 		}
 
+		$attachment_type['extension'] = htmlspecialchars_uni($attachment_type['extension']);
+
 		$table->construct_cell($attachment_type['icon'], array("width" => 1));
 		$table->construct_cell("<strong>.{$attachment_type['extension']}</strong>");
 		$table->construct_cell(htmlspecialchars_uni($attachment_type['mimetype']));
diff --git a/admin/modules/config/settings.php b/admin/modules/config/settings.php
index d86ba85020..2514ee50f8 100644
--- a/admin/modules/config/settings.php
+++ b/admin/modules/config/settings.php
@@ -1517,7 +1517,7 @@
 			{
 				$setting['description'] = $lang->$desc_lang;
 			}
-			$form_container->output_row(htmlspecialchars_uni($setting['title']), $setting['description'], $setting_code, '', array(), array('id' => 'row_'.$element_id));
+			$form_container->output_row(htmlspecialchars_uni($setting['title']), htmlspecialchars_uni($setting['description']), $setting_code, '', array(), array('id' => 'row_'.$element_id));
 		}
 		$form_container->end();
 
diff --git a/admin/modules/config/warning.php b/admin/modules/config/warning.php
index 1e4b911f24..8ef903b028 100644
--- a/admin/modules/config/warning.php
+++ b/admin/modules/config/warning.php
@@ -744,7 +744,7 @@ function checkAction(id)
 	while($type = $db->fetch_array($query))
 	{
 		$type['name'] = htmlspecialchars_uni($type['title']);
-		$table->construct_cell("<a href=\"index.php?module=config-warning&amp;action=edit_type&amp;tid={$type['tid']}\"><strong>{$type['title']}</strong></a>");
+		$table->construct_cell("<a href=\"index.php?module=config-warning&amp;action=edit_type&amp;tid={$type['tid']}\"><strong>{$type['name']}</strong></a>");
 		$table->construct_cell("{$type['points']}", array("class" => "align_center"));
 		$expiration = fetch_friendly_expiration($type['expirationtime']);
 		$lang_str = "expiration_".$expiration['period'];
diff --git a/admin/modules/style/templates.php b/admin/modules/style/templates.php
index a8d0f2017b..55d400fe32 100644
--- a/admin/modules/style/templates.php
+++ b/admin/modules/style/templates.php
@@ -102,7 +102,7 @@
 $query = $db->simple_select("templatesets", "*", "", array('order_by' => 'title', 'order_dir' => 'ASC'));
 while($template_set = $db->fetch_array($query))
 {
-	$template_sets[$template_set['sid']] = $template_set['title'];
+	$template_sets[$template_set['sid']] = htmlspecialchars_uni($template_set['title']);
 }
 
 $plugins->run_hooks("admin_style_templates");
@@ -157,7 +157,7 @@
 	$form = new Form("index.php?module=style-templates&amp;action=add_set", "post", "add_set");
 
 	$form_container = new FormContainer($lang->add_set);
-	$form_container->output_row($lang->title, "", $form->generate_text_box('title', $mybb->input['title'], array('id' => 'title')), 'title');
+	$form_container->output_row($lang->title, "", $form->generate_text_box('title', htmlspecialchars_uni($mybb->input['title']), array('id' => 'title')), 'title');
 	$form_container->end();
 
 	$buttons = array();
@@ -1335,7 +1335,7 @@
 	{
 		if(!$done_set[$sid])
 		{
-			$table->construct_header($templatesets[$sid]['title'], array("colspan" => 2));
+			$table->construct_header(htmlspecialchars_uni($templatesets[$sid]['title']), array("colspan" => 2));
 
 			$done_set[$sid] = 1;
 			++$count;
@@ -2004,6 +2004,8 @@ function sort_template_groups($a, $b)
 			$actions = $popup->fetch();
 		}
 
+		$set['title'] = htmlspecialchars_uni($set['title']);
+
 		$table->construct_cell("<strong><a href=\"index.php?module=style-templates&amp;sid={$set['sid']}\">{$set['title']}</a></strong><br /><small>{$used_by_note}</small>");
 		$table->construct_cell($actions, array("class" => "align_center"));
 		$table->construct_row();
diff --git a/admin/modules/tools/tasks.php b/admin/modules/tools/tasks.php
index fec2d44fa9..184c79432d 100644
--- a/admin/modules/tools/tasks.php
+++ b/admin/modules/tools/tasks.php
@@ -79,7 +79,10 @@ function check_time_values($value, $min, $max, $return_type)
 			$errors[] = $lang->error_missing_description;
 		}
 
-		if(!file_exists(MYBB_ROOT."inc/tasks/".$mybb->input['file'].".php"))
+		$file = $mybb->get_input('file');
+		$file = basename($file, '.php');
+
+		if(!file_exists(MYBB_ROOT."inc/tasks/".$file.".php"))
 		{
 			$errors[] = $lang->error_invalid_task_file;
 		}
@@ -126,7 +129,7 @@ function check_time_values($value, $min, $max, $return_type)
 			$new_task = array(
 				"title" => $db->escape_string($mybb->input['title']),
 				"description" => $db->escape_string($mybb->input['description']),
-				"file" => $db->escape_string($mybb->input['file']),
+				"file" => $db->escape_string($file),
 				"minute" => $db->escape_string($mybb->input['minute']),
 				"hour" => $db->escape_string($mybb->input['hour']),
 				"day" => $db->escape_string($mybb->input['day']),
@@ -271,7 +274,10 @@ function check_time_values($value, $min, $max, $return_type)
 			$errors[] = $lang->error_missing_description;
 		}
 
-		if(!file_exists(MYBB_ROOT."inc/tasks/".$mybb->input['file'].".php"))
+        $file = $mybb->get_input('file');
+        $file = basename($file, '.php');
+
+		if(!file_exists(MYBB_ROOT."inc/tasks/".$file.".php"))
 		{
 			$errors[] = $lang->error_invalid_task_file;
 		}
@@ -326,7 +332,7 @@ function check_time_values($value, $min, $max, $return_type)
 			$updated_task = array(
 				"title" => $db->escape_string($mybb->input['title']),
 				"description" => $db->escape_string($mybb->input['description']),
-				"file" => $db->escape_string($mybb->input['file']),
+				"file" => $db->escape_string($file),
 				"minute" => $db->escape_string($mybb->input['minute']),
 				"hour" => $db->escape_string($mybb->input['hour']),
 				"day" => $db->escape_string($mybb->input['day']),
diff --git a/admin/modules/user/admin_permissions.php b/admin/modules/user/admin_permissions.php
index a7c53800eb..6885a18035 100644
--- a/admin/modules/user/admin_permissions.php
+++ b/admin/modules/user/admin_permissions.php
@@ -339,6 +339,9 @@
 			$perm_type = "default";
 		}
 		$uid = -$group['gid'];
+
+		$group['title'] = htmlspecialchars_uni($group['title']);
+
 		$table->construct_cell("<div class=\"float_right\"><img src=\"styles/{$page->style}/images/icons/{$perm_type}.png\" title=\"{$lang->permissions_type_group}\" alt=\"{$perm_type}\" /></div><div><strong><a href=\"index.php?module=user-admin_permissions&amp;action=edit&amp;uid={$uid}\" title=\"{$lang->edit_group}\">{$group['title']}</a></strong><br /></div>");
 
 		if($group['permissions'] != "")
@@ -472,7 +475,7 @@
 			// Primary usergroup?
 			if($usergroups[$admin['usergroup']]['cancp'] == 1)
 			{
-				$usergroup_list[] = "<i>".$usergroups[$admin['usergroup']]['title']."</i>";
+				$usergroup_list[] = "<i>".htmlspecialchars_uni($usergroups[$admin['usergroup']]['title'])."</i>";
 			}
 
 			// Secondary usergroups?
@@ -483,7 +486,7 @@
 				{
 					if($usergroups[$gid]['cancp'] == 1)
 					{
-						$usergroup_list[] = $usergroups[$gid]['title'];
+						$usergroup_list[] = htmlspecialchars_uni($usergroups[$gid]['title']);
 					}
 				}
 			}
diff --git a/admin/modules/user/group_promotions.php b/admin/modules/user/group_promotions.php
index 01850a5858..557b9a5977 100644
--- a/admin/modules/user/group_promotions.php
+++ b/admin/modules/user/group_promotions.php
@@ -379,7 +379,7 @@
 	$query = $db->simple_select("usergroups", "gid, title", "gid != '1'", array('order_by' => 'title'));
 	while($usergroup = $db->fetch_array($query))
 	{
-		$options[(int)$usergroup['gid']] = $usergroup['title'];
+		$options[(int)$usergroup['gid']] = htmlspecialchars_uni($usergroup['title']);
 	}
 
 	$form_container->output_row($lang->orig_user_group." <em>*</em>", $lang->orig_user_group_desc, $form->generate_select_box('originalusergroup[]', $options, $mybb->input['originalusergroup'], array('id' => 'originalusergroup', 'multiple' => true, 'size' => 5)), 'originalusergroup');
@@ -603,7 +603,7 @@
 	$query = $db->simple_select("usergroups", "gid, title", "gid != '1'", array('order_by' => 'title'));
 	while($usergroup = $db->fetch_array($query))
 	{
-		$options[(int)$usergroup['gid']] = $usergroup['title'];
+		$options[(int)$usergroup['gid']] = htmlspecialchars_uni($usergroup['title']);
 	}
 
 	$form_container->output_row($lang->orig_user_group." <em>*</em>", $lang->orig_user_group_desc, $form->generate_select_box('originalusergroup[]', $options, $mybb->input['originalusergroup'], array('id' => 'originalusergroup', 'multiple' => true, 'size' => 5)), 'originalusergroup');
diff --git a/forumdisplay.php b/forumdisplay.php
index b42467d179..273bd02659 100644
--- a/forumdisplay.php
+++ b/forumdisplay.php
@@ -1394,6 +1394,7 @@
 
 			while($tool = $db->fetch_array($query))
 			{
+				$tool['name'] = htmlspecialchars_uni($tool['name']);
 				eval("\$customthreadtools .= \"".$templates->get("forumdisplay_inlinemoderation_custom_tool")."\";");
 			}
 
diff --git a/inc/functions_task.php b/inc/functions_task.php
index 17b0486a60..27518d206a 100644
--- a/inc/functions_task.php
+++ b/inc/functions_task.php
@@ -51,8 +51,10 @@ function run_task($tid=0)
 		$db->update_query("tasks", array("locked" => TIME_NOW), "tid='{$task['tid']}'");
 	}
 
+    $file = basename($task['file'], '.php');
+
 	// The task file does not exist
-	if(!file_exists(MYBB_ROOT."inc/tasks/{$task['file']}.php"))
+	if(!file_exists(MYBB_ROOT."inc/tasks/{$file}.php"))
 	{
 		if($task['logging'] == 1)
 		{
@@ -80,8 +82,8 @@ function run_task($tid=0)
 		// Update the nextrun time now, so if the task causes a fatal error, it doesn't get stuck first in the queue
 		$nextrun = fetch_next_run($task);
 		$db->update_query("tasks", array("nextrun" => $nextrun), "tid='{$task['tid']}'");
-
-		include_once MYBB_ROOT."inc/tasks/{$task['file']}.php";
+		
+		include_once MYBB_ROOT."inc/tasks/{$file}.php";
 		$function = "task_{$task['file']}";
 		if(function_exists($function))
 		{
diff --git a/member.php b/member.php
index 653ba5fc3b..c116f6626d 100644
--- a/member.php
+++ b/member.php
@@ -1219,6 +1219,9 @@
 			{
 				$question = $db->fetch_array($query);
 
+				$question['question'] = htmlspecialchars_uni($question['question']);
+				$question['sid'] = htmlspecialchars_uni($question['sid']);
+
 				$refresh = '';
 				// Total questions
 				$q = $db->simple_select('questions', 'COUNT(qid) as num', 'active=1');
diff --git a/moderation.php b/moderation.php
index dea491abcf..b1656e5186 100644
--- a/moderation.php
+++ b/moderation.php
@@ -3078,6 +3078,8 @@
 				exit;
 			}
 
+			$tool['name'] = htmlspecialchars_uni($tool['name']);
+
 			if($tool['type'] == 't' && $mybb->get_input('modtype') == 'inlinethread')
 			{
 				if($mybb->get_input('inlinetype') == 'search')
diff --git a/search.php b/search.php
index 142bc8dd96..cbca242233 100644
--- a/search.php
+++ b/search.php
@@ -707,6 +707,7 @@
 
 			while($tool = $db->fetch_array($query))
 			{
+				$tool['name'] = htmlspecialchars_uni($tool['name']);
 				eval("\$customthreadtools .= \"".$templates->get("search_results_threads_inlinemoderation_custom_tool")."\";");
 			}
 			// Build inline moderation dropdown
diff --git a/showthread.php b/showthread.php
index 3ef6d5930c..bf6fb54bb7 100644
--- a/showthread.php
+++ b/showthread.php
@@ -1325,6 +1325,7 @@
 
 			while($tool = $db->fetch_array($query))
 			{
+				$tool['name'] = htmlspecialchars_uni($tool['name']);
 				if($tool['type'] == 'p')
 				{
 					eval("\$customposttools .= \"".$templates->get("showthread_inlinemoderation_custom_tool")."\";");
diff --git a/usercp2.php b/usercp2.php
index 0925df697c..963dc8b6e2 100644
--- a/usercp2.php
+++ b/usercp2.php
@@ -1,251 +1,267 @@
-<?php
-/**
- * MyBB 1.8
- * Copyright 2014 MyBB Group, All Rights Reserved
- *
- * Website: http://www.mybb.com
- * License: http://www.mybb.com/about/license
- *
- */
-
-define("IN_MYBB", 1);
-define('THIS_SCRIPT', 'usercp2.php');
-define("ALLOWABLE_PAGE", "removesubscription,removesubscriptions");
-
-$templatelist = "usercp_nav_messenger,usercp_nav_profile,usercp_nav,usercp_addsubscription_thread,usercp_nav_messenger_tracking,usercp_nav_messenger_folder";
-$templatelist .= ",usercp_nav_home,usercp_nav_editsignature,usercp_nav_attachments,usercp_nav_changename,usercp_nav_messenger_compose,usercp_nav_misc";
-
-require_once "./global.php";
-require_once MYBB_ROOT."inc/functions_user.php";
-
-if($mybb->user['uid'] == 0)
-{
-	error_no_permission();
-}
-
-// Verify incoming POST request
-verify_post_check($mybb->get_input('my_post_key'));
-
-$lang->load("usercp");
-
-usercp_menu();
-
-$server_http_referer = htmlentities($_SERVER['HTTP_REFERER']);
-
-$plugins->run_hooks("usercp2_start");
-
-if($mybb->get_input('action') == "do_addsubscription" && $mybb->get_input('type') != "forum")
-{
-	$thread = get_thread($mybb->get_input('tid'));
-	if(!$thread)
-	{
-		error($lang->error_invalidthread);
-	}
-
-	// Is the currently logged in user a moderator of this forum?
-	$ismod = is_moderator($thread['fid']);
-
-	// Make sure we are looking at a real thread here.
-	if(($thread['visible'] != 1 && $ismod == false) || ($thread['visible'] > 1 && $ismod == true))
-	{
-		error($lang->error_invalidthread);
-	}
-
-	$forumpermissions = forum_permissions($thread['fid']);
-	if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid']))
-	{
-		error_no_permission();
-	}
-
-	$plugins->run_hooks("usercp2_do_addsubscription");
-
-	add_subscribed_thread($thread['tid'], $mybb->get_input('notification', MyBB::INPUT_INT));
-
-	if($mybb->get_input('referrer'))
-	{
-		$url = htmlspecialchars_uni($mybb->get_input('referrer'));
-	}
-	else
-	{
-		$url = get_thread_link($thread['tid']);
-	}
-	redirect($url, $lang->redirect_subscriptionadded);
-}
-elseif($mybb->get_input('action') == "addsubscription")
-{
-	if($mybb->get_input('type') == "forum")
-	{
-		$forum = get_forum($mybb->get_input('fid', MyBB::INPUT_INT));
-		if(!$forum)
-		{
-			error($lang->error_invalidforum);
-		}
-		$forumpermissions = forum_permissions($forum['fid']);
-		if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0)
-		{
-			error_no_permission();
-		}
-
-		$plugins->run_hooks("usercp2_addsubscription_forum");
-
-		add_subscribed_forum($forum['fid']);
-		if($server_http_referer)
-		{
-			$url = $server_http_referer;
-		}
-		else
-		{
-			$url = "index.php";
-		}
-		redirect($url, $lang->redirect_forumsubscriptionadded);
-	}
-	else
-	{
-		$thread  = get_thread($mybb->get_input('tid', MyBB::INPUT_INT));
-		if(!$thread)
-		{
-			error($lang->error_invalidthread);
-		}
-
-		// Is the currently logged in user a moderator of this forum?
-		$ismod = is_moderator($thread['fid']);
-
-		// Make sure we are looking at a real thread here.
-		if(($thread['visible'] != 1 && $ismod == false) || ($thread['visible'] > 1 && $ismod == true))
-		{
-			error($lang->error_invalidthread);
-		}
-
-		add_breadcrumb($lang->nav_subthreads, "usercp.php?action=subscriptions");
-		add_breadcrumb($lang->nav_addsubscription);
-
-		$forumpermissions = forum_permissions($thread['fid']);
-		if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid']))
-		{
-			error_no_permission();
-		}
-		$referrer = '';
-		if($server_http_referer)
-		{
-			$referrer = $server_http_referer;
-		}
-
-		require_once MYBB_ROOT."inc/class_parser.php";
-		$parser = new postParser;
-		$thread['subject'] = $parser->parse_badwords($thread['subject']);
-		$thread['subject'] = htmlspecialchars_uni($thread['subject']);
-		$lang->subscribe_to_thread = $lang->sprintf($lang->subscribe_to_thread, $thread['subject']);
-
-		$notification_none_checked = $notification_email_checked = $notification_pm_checked = '';
-		if($mybb->user['subscriptionmethod'] == 1 || $mybb->user['subscriptionmethod'] == 0)
-		{
-			$notification_none_checked = "checked=\"checked\"";
-		}
-		else if($mybb->user['subscriptionmethod'] == 2)
-		{
-			$notification_email_checked = "checked=\"checked\"";
-		}
-		else if($mybb->user['subscriptionmethod'] == 3)
-		{
-			$notification_pm_checked = "checked=\"checked\"";
-		}
-
-		$plugins->run_hooks("usercp2_addsubscription_thread");
-
-		eval("\$add_subscription = \"".$templates->get("usercp_addsubscription_thread")."\";");
-		output_page($add_subscription);
-		exit;
-	}
-}
-elseif($mybb->get_input('action') == "removesubscription")
-{
-	if($mybb->get_input('type') == "forum")
-	{
-		$forum = get_forum($mybb->get_input('fid', MyBB::INPUT_INT));
-		if(!$forum)
-		{
-			error($lang->error_invalidforum);
-		}
-
-		$plugins->run_hooks("usercp2_removesubscription_forum");
-
-		remove_subscribed_forum($forum['fid']);
-		if($server_http_referer)
-		{
-			$url = $server_http_referer;
-		}
-		else
-		{
-			$url = "usercp.php?action=forumsubscriptions";
-		}
-		redirect($url, $lang->redirect_forumsubscriptionremoved);
-	}
-	else
-	{
-		$thread = get_thread($mybb->get_input('tid', MyBB::INPUT_INT));
-		if(!$thread)
-		{
-			error($lang->error_invalidthread);
-		}
-
-		// Is the currently logged in user a moderator of this forum?
-		$ismod = is_moderator($thread['fid']);
-
-		// Make sure we are looking at a real thread here.
-		if(($thread['visible'] != 1 && $ismod == false) || ($thread['visible'] > 1 && $ismod == true))
-		{
-			error($lang->error_invalidthread);
-		}
-
-		$plugins->run_hooks("usercp2_removesubscription_thread");
-
-		remove_subscribed_thread($thread['tid']);
-		if($server_http_referer)
-		{
-			$url = $server_http_referer;
-		}
-		else
-		{
-			$url = "usercp.php?action=subscriptions";
-		}
-		redirect($url, $lang->redirect_subscriptionremoved);
-	}
-}
-elseif($mybb->get_input('action') == "removesubscriptions")
-{
-	if($mybb->get_input('type') == "forum")
-	{
-		$plugins->run_hooks("usercp2_removesubscriptions_forum");
-
-		$db->delete_query("forumsubscriptions", "uid='".$mybb->user['uid']."'");
-		if($server_http_referer)
-		{
-			$url = $server_http_referer;
-		}
-		else
-		{
-			$url = "usercp.php?action=forumsubscriptions";
-		}
-		redirect($url, $lang->redirect_forumsubscriptionsremoved);
-	}
-	else
-	{
-		$plugins->run_hooks("usercp2_removesubscriptions_thread");
-
-		$db->delete_query("threadsubscriptions", "uid='".$mybb->user['uid']."'");
-		if($server_http_referer)
-		{
-			$url = $server_http_referer;
-		}
-		else
-		{
-			$url = "usercp.php?action=subscriptions";
-		}
-		redirect($url, $lang->redirect_subscriptionsremoved);
-	}
-}
-else
-{
-	error($lang->error_invalidaction);
-}
-
+<?php
+/**
+ * MyBB 1.8
+ * Copyright 2014 MyBB Group, All Rights Reserved
+ *
+ * Website: http://www.mybb.com
+ * License: http://www.mybb.com/about/license
+ *
+ */
+
+define("IN_MYBB", 1);
+define('THIS_SCRIPT', 'usercp2.php');
+define("ALLOWABLE_PAGE", "removesubscription,removesubscriptions");
+
+$templatelist = "usercp_nav_messenger,usercp_nav_profile,usercp_nav,usercp_addsubscription_thread,forumdisplay_password,forumdisplay_password_wrongpass,usercp_nav_messenger_tracking,usercp_nav_messenger_folder";
+$templatelist .= ",usercp_nav_home,usercp_nav_editsignature,usercp_nav_attachments,usercp_nav_changename,usercp_nav_messenger_compose,usercp_nav_misc";
+
+require_once "./global.php";
+require_once MYBB_ROOT."inc/functions_user.php";
+
+if($mybb->user['uid'] == 0)
+{
+	error_no_permission();
+}
+
+// Verify incoming POST request
+verify_post_check($mybb->get_input('my_post_key'));
+
+$lang->load("usercp");
+
+usercp_menu();
+
+$server_http_referer = htmlentities($_SERVER['HTTP_REFERER']);
+
+$plugins->run_hooks("usercp2_start");
+
+if($mybb->get_input('action') == "do_addsubscription" && $mybb->get_input('type') != "forum")
+{
+	$thread = get_thread($mybb->get_input('tid'));
+	if(!$thread)
+	{
+		error($lang->error_invalidthread);
+	}
+
+	// Is the currently logged in user a moderator of this forum?
+	$ismod = is_moderator($thread['fid']);
+
+	// Make sure we are looking at a real thread here.
+	if(($thread['visible'] != 1 && $ismod == false) || ($thread['visible'] > 1 && $ismod == true))
+	{
+		error($lang->error_invalidthread);
+	}
+
+	$forumpermissions = forum_permissions($thread['fid']);
+	if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid']))
+	{
+		error_no_permission();
+	}
+
+	// check if the forum requires a password to view. If so, we need to show a form to the user
+	check_forum_password($thread['fid']);
+
+	$plugins->run_hooks("usercp2_do_addsubscription");
+
+	add_subscribed_thread($thread['tid'], $mybb->get_input('notification', MyBB::INPUT_INT));
+
+	if($mybb->get_input('referrer'))
+	{
+		$url = htmlspecialchars_uni($mybb->get_input('referrer'));
+	}
+	else
+	{
+		$url = get_thread_link($thread['tid']);
+	}
+	redirect($url, $lang->redirect_subscriptionadded);
+}
+elseif($mybb->get_input('action') == "addsubscription")
+{
+	if($mybb->get_input('type') == "forum")
+	{
+		$forum = get_forum($mybb->get_input('fid', MyBB::INPUT_INT));
+		if(!$forum)
+		{
+			error($lang->error_invalidforum);
+		}
+		$forumpermissions = forum_permissions($forum['fid']);
+		if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0)
+		{
+			error_no_permission();
+		}
+
+		// check if the forum requires a password to view. If so, we need to show a form to the user
+		check_forum_password($forum['fid']);
+
+		$plugins->run_hooks("usercp2_addsubscription_forum");
+
+		add_subscribed_forum($forum['fid']);
+		if($server_http_referer && $mybb->request_method != 'post')
+		{
+			$url = $server_http_referer;
+		}
+		else
+		{
+			$url = "index.php";
+		}
+		redirect($url, $lang->redirect_forumsubscriptionadded);
+	}
+	else
+	{
+		$thread  = get_thread($mybb->get_input('tid', MyBB::INPUT_INT));
+		if(!$thread)
+		{
+			error($lang->error_invalidthread);
+		}
+
+		// Is the currently logged in user a moderator of this forum?
+		$ismod = is_moderator($thread['fid']);
+
+		// Make sure we are looking at a real thread here.
+		if(($thread['visible'] != 1 && $ismod == false) || ($thread['visible'] > 1 && $ismod == true))
+		{
+			error($lang->error_invalidthread);
+		}
+
+		add_breadcrumb($lang->nav_subthreads, "usercp.php?action=subscriptions");
+		add_breadcrumb($lang->nav_addsubscription);
+
+		$forumpermissions = forum_permissions($thread['fid']);
+		if($forumpermissions['canview'] == 0 || $forumpermissions['canviewthreads'] == 0 || (isset($forumpermissions['canonlyviewownthreads']) && $forumpermissions['canonlyviewownthreads'] != 0 && $thread['uid'] != $mybb->user['uid']))
+		{
+			error_no_permission();
+		}
+
+		// check if the forum requires a password to view. If so, we need to show a form to the user
+		check_forum_password($thread['fid']);
+
+		$referrer = '';
+		if($server_http_referer)
+		{
+			$referrer = $server_http_referer;
+		}
+
+		require_once MYBB_ROOT."inc/class_parser.php";
+		$parser = new postParser;
+		$thread['subject'] = $parser->parse_badwords($thread['subject']);
+		$thread['subject'] = htmlspecialchars_uni($thread['subject']);
+		$lang->subscribe_to_thread = $lang->sprintf($lang->subscribe_to_thread, $thread['subject']);
+
+		$notification_none_checked = $notification_email_checked = $notification_pm_checked = '';
+		if($mybb->user['subscriptionmethod'] == 1 || $mybb->user['subscriptionmethod'] == 0)
+		{
+			$notification_none_checked = "checked=\"checked\"";
+		}
+		else if($mybb->user['subscriptionmethod'] == 2)
+		{
+			$notification_email_checked = "checked=\"checked\"";
+		}
+		else if($mybb->user['subscriptionmethod'] == 3)
+		{
+			$notification_pm_checked = "checked=\"checked\"";
+		}
+
+		$plugins->run_hooks("usercp2_addsubscription_thread");
+
+		eval("\$add_subscription = \"".$templates->get("usercp_addsubscription_thread")."\";");
+		output_page($add_subscription);
+		exit;
+	}
+}
+elseif($mybb->get_input('action') == "removesubscription")
+{
+	if($mybb->get_input('type') == "forum")
+	{
+		$forum = get_forum($mybb->get_input('fid', MyBB::INPUT_INT));
+		if(!$forum)
+		{
+			error($lang->error_invalidforum);
+		}
+
+		// check if the forum requires a password to view. If so, we need to show a form to the user
+		check_forum_password($forum['fid']);
+
+		$plugins->run_hooks("usercp2_removesubscription_forum");
+
+		remove_subscribed_forum($forum['fid']);
+		if($server_http_referer && $mybb->request_method != 'post')
+		{
+			$url = $server_http_referer;
+		}
+		else
+		{
+			$url = "usercp.php?action=forumsubscriptions";
+		}
+		redirect($url, $lang->redirect_forumsubscriptionremoved);
+	}
+	else
+	{
+		$thread = get_thread($mybb->get_input('tid', MyBB::INPUT_INT));
+		if(!$thread)
+		{
+			error($lang->error_invalidthread);
+		}
+
+		// Is the currently logged in user a moderator of this forum?
+		$ismod = is_moderator($thread['fid']);
+
+		// Make sure we are looking at a real thread here.
+		if(($thread['visible'] != 1 && $ismod == false) || ($thread['visible'] > 1 && $ismod == true))
+		{
+			error($lang->error_invalidthread);
+		}
+
+		// check if the forum requires a password to view. If so, we need to show a form to the user
+		check_forum_password($thread['fid']);
+
+		$plugins->run_hooks("usercp2_removesubscription_thread");
+
+		remove_subscribed_thread($thread['tid']);
+		if($server_http_referer && $mybb->request_method != 'post')
+		{
+			$url = $server_http_referer;
+		}
+		else
+		{
+			$url = "usercp.php?action=subscriptions";
+		}
+		redirect($url, $lang->redirect_subscriptionremoved);
+	}
+}
+elseif($mybb->get_input('action') == "removesubscriptions")
+{
+	if($mybb->get_input('type') == "forum")
+	{
+		$plugins->run_hooks("usercp2_removesubscriptions_forum");
+
+		$db->delete_query("forumsubscriptions", "uid='".$mybb->user['uid']."'");
+		if($server_http_referer)
+		{
+			$url = $server_http_referer;
+		}
+		else
+		{
+			$url = "usercp.php?action=forumsubscriptions";
+		}
+		redirect($url, $lang->redirect_forumsubscriptionsremoved);
+	}
+	else
+	{
+		$plugins->run_hooks("usercp2_removesubscriptions_thread");
+
+		$db->delete_query("threadsubscriptions", "uid='".$mybb->user['uid']."'");
+		if($server_http_referer)
+		{
+			$url = $server_http_referer;
+		}
+		else
+		{
+			$url = "usercp.php?action=subscriptions";
+		}
+		redirect($url, $lang->redirect_subscriptionsremoved);
+	}
+}
+else
+{
+	error($lang->error_invalidaction);
+}
+