Misc

* don't cache playlists
 * don't cache new custom profiles
 * forgot to sanitize and use param from js

includes/ajaxHandler/profile.class.php

@@ -14,6 +14,7 @@ class AjaxProfile extends AjaxHandler
         'size'       => [FILTER_SANITIZE_STRING, 0xC], // FILTER_FLAG_STRIP_LOW | *_HIGH
         'guild'      => [FILTER_CALLBACK,        ['options' => 'AjaxHandler::checkEmptySet']],
         'arena-team' => [FILTER_CALLBACK,        ['options' => 'AjaxHandler::checkEmptySet']],
+        'user'       => [FILTER_CALLBACK,        ['options' => 'AjaxProfile::checkUser']]
     );
 
     protected $_post        = array(
@@ -714,6 +715,13 @@ class AjaxProfile extends AjaxHandler
         return null;
     }
 
+    protected function checkUser($val)
+    {
+        if (User::isValidName($val))
+            return $val
+
+        return null;
+    }
 }
 
 ?>

pages/profile.php

@@ -29,6 +29,9 @@ class ProfilePage extends GenericPage
 
     public function __construct($pageCall, $pageParam)
     {
+        if (!CFG_PROFILER_ENABLE)
+            $this->error();
+
         $params = array_map('urldecode', explode('.', $pageParam));
         if ($params[0])
             $params[0] = Profiler::urlize($params[0]);
@@ -106,6 +109,8 @@ class ProfilePage extends GenericPage
         }
         else if (($params && $params[0]) || !isset($_GET['new']))
             $this->notFound();
+        else if (isset($_GET['new']))
+            $this->mode = CACHE_TYPE_NONE;
     }
 
     protected function generateContent()

pages/sound.php

@@ -31,6 +31,7 @@ class SoundPage extends GenericPage
             $this->cat           = 1000;
             $this->articleUrl    = 'sound&playlist';
             $this->hasComContent = false;
+            $this->mode          = CACHE_TYPE_NONE;
         }
         // regular case
         else