makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-27 21:58:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge commit 'release-3.0.1-RC1'

Browse source
This commit is contained in:
Nils Adermann 2010-03-02 01:05:38 +01:00
commit 0434ccf303
156 changed files with 2140 additions and 1370 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

101
phpBB/adm/index.php
View file

@ -45,8 +45,8 @@ define('IN_ADMIN', true);
$phpbb_admin_path = (defined('PHPBB_ADMIN_PATH')) ? PHPBB_ADMIN_PATH : './';
// Some oft used variables
$safe_mode = (@ini_get('safe_mode') || @strtolower(ini_get('safe_mode')) == 'on') ? true : false;
$file_uploads = (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on') ? true : false;
$safe_mode = (@ini_get('safe_mode') == '1' || @strtolower(ini_get('safe_mode')) === 'on') ? true : false;
$file_uploads = (@ini_get('file_uploads') == '1' || strtolower(@ini_get('file_uploads')) === 'on') ? true : false;
$module_id = request_var('i', '');
$mode = request_var('mode', '');
@ -184,7 +184,7 @@ function adm_page_footer($copyright_html = true)
{
global $base_memory_usage;
$memory_usage -= $base_memory_usage;
$memory_usage = ($memory_usage >= 1048576) ? round((round($memory_usage / 1048576 * 100) / 100), 2) . ' ' . $user->lang['MB'] : (($memory_usage >= 1024) ? round((round($memory_usage / 1024 * 100) / 100), 2) . ' ' . $user->lang['KB'] : $memory_usage . ' ' . $user->lang['BYTES']);
$memory_usage = get_formatted_filesize($memory_usage);
$debug_output .= ' | Memory Usage: ' . $memory_usage;
}
@ -367,11 +367,15 @@ function build_cfg_template($tpl_type, $key, &$new, $config_key, $vars)
}
/**
* Going through a config array and validate values, writing errors to $error.
* Going through a config array and validate values, writing errors to $error. The validation method accepts parameters separated by ':' for string and int.
* The first parameter defines the type to be used, the second the lower bound and the third the upper bound. Only the type is required.
*/
function validate_config_vars($config_vars, &$cfg_array, &$error)
{
global $phpbb_root_path, $user;
$type = 0;
$min = 1;
$max = 2;
foreach ($config_vars as $config_name => $config_definition)
{
@ -385,15 +389,42 @@ function validate_config_vars($config_vars, &$cfg_array, &$error)
continue;
}
// Validate a bit. ;) String is already checked through request_var(), therefore we do not check this again
switch ($config_definition['validate'])
$validator = explode(':', $config_definition['validate']);
// Validate a bit. ;) (0 = type, 1 = min, 2= max)
switch ($validator[$type])
{
case 'string':
$length = strlen($cfg_array[$config_name]);
// the column is a VARCHAR
$validator[$max] = (isset($validator[$max])) ? min(255, $validator[$max]) : 255;
if (isset($validator[$min]) && $length < $validator[$min])
{
$error[] = sprintf($user->lang['SETTING_TOO_SHORT'], $user->lang[$config_definition['lang']], $validator[$min]);
}
else if (isset($validator[$max]) && $length > $validator[2])
{
$error[] = sprintf($user->lang['SETTING_TOO_LONG'], $user->lang[$config_definition['lang']], $validator[$max]);
}
break;
case 'bool':
$cfg_array[$config_name] = ($cfg_array[$config_name]) ? 1 : 0;
break;
case 'int':
$cfg_array[$config_name] = (int) $cfg_array[$config_name];
if (isset($validator[$min]) && $cfg_array[$config_name] < $validator[$min])
{
$error[] = sprintf($user->lang['SETTING_TOO_LOW'], $user->lang[$config_definition['lang']], $validator[$min]);
}
else if (isset($validator[$max]) && $cfg_array[$config_name] > $validator[$max])
{
$error[] = sprintf($user->lang['SETTING_TOO_BIG'], $user->lang[$config_definition['lang']], $validator[$max]);
}
break;
// Absolute path
@ -508,4 +539,62 @@ function validate_config_vars($config_vars, &$cfg_array, &$error)
return;
}
/**
* Checks whatever or not a variable is OK for use in the Database
* param mixed $value_ary An array of the form array(array('lang' => ..., 'value' => ..., 'column_type' =>))'
* param mixed $error The error array
*/
function validate_range($value_ary, &$error)
{
global $user;
$column_types = array(
'BOOL' => array('php_type' => 'int', 'min' => 0, 'max' => 1),
'USINT' => array('php_type' => 'int', 'min' => 0, 'max' => 65535),
'UINT' => array('php_type' => 'int', 'min' => 0, 'max' => (int) 0x7fffffff),
'INT' => array('php_type' => 'int', 'min' => (int) 0x80000000, 'max' => (int) 0x7fffffff),
'TINT' => array('php_type' => 'int', 'min' => -128, 'max' => 127),
'VCHAR' => array('php_type' => 'string', 'min' => 0, 'max' => 255),
);
foreach ($value_ary as $value)
{
$column = explode(':', $value['column_type']);
$max = $min = 0;
$type = 0;
if (!isset($column_types[$column[0]]))
{
continue;
}
else
{
$type = $column_types[$column[0]];
}
switch ($type['php_type'])
{
case 'string' :
$max = (isset($column[1])) ? min($column[1],$type['max']) : $type['max'];
if (strlen($value['value']) > $max)
{
$error[] = sprintf($user->lang['SETTING_TOO_LONG'], $user->lang[$value['lang']], $max);
}
break;
case 'int':
$min = (isset($column[1])) ? max($column[1],$type['min']) : $type['min'];
$max = (isset($column[2])) ? min($column[2],$type['max']) : $type['max'];
if ($value['value'] < $min)
{
$error[] = sprintf($user->lang['SETTING_TOO_LOW'], $user->lang[$value['lang']], $min);
}
else if ($value['value'] > $max)
{
$error[] = sprintf($user->lang['SETTING_TOO_BIG'], $user->lang[$value['lang']], $max);
}
break;
}
}
}
?>

6
phpBB/adm/style/acp_attachments.html
View file

@ -122,11 +122,11 @@
{
if (newimage == 'no_image')
{
document.image_upload_icon.src = "{PHPBB_ROOT_PATH}images/spacer.gif";
document.getElementById('image_upload_icon').src = "{PHPBB_ROOT_PATH}images/spacer.gif";
}
else
{
document.image_upload_icon.src = "{PHPBB_ROOT_PATH}{IMG_PATH}/" + newimage;
document.getElementById('image_upload_icon').src = "{PHPBB_ROOT_PATH}{IMG_PATH}/" + newimage;
}
}
@ -192,7 +192,7 @@
<dd><select name="upload_icon" id="upload_icon" onchange="update_image(this.options[selectedIndex].value);">
<option value="no_image"<!-- IF S_NO_IMAGE --> selected="selected"<!-- ENDIF -->>{L_NO_IMAGE}</option>{S_FILENAME_LIST}
</select></dd>
<dd>&nbsp;<img <!-- IF S_NO_IMAGE -->src="{PHPBB_ROOT_PATH}images/spacer.gif"<!-- ELSE -->src="{UPLOAD_ICON_SRC}"<!-- ENDIF --> name="image_upload_icon" alt="" title="" />&nbsp;</dd>
<dd>&nbsp;<img <!-- IF S_NO_IMAGE -->src="{PHPBB_ROOT_PATH}images/spacer.gif"<!-- ELSE -->src="{UPLOAD_ICON_SRC}"<!-- ENDIF --> id="image_upload_icon" alt="" title="" />&nbsp;</dd>
</dl>
<dl>
<dt><label for="extgroup_filesize">{L_MAX_EXTGROUP_FILESIZE}:</label></dt>

4
phpBB/adm/style/acp_bbcodes.html
View file

@ -103,6 +103,10 @@
<td style="text-align: center;">{bbcodes.BBCODE_TAG}</td>
<td style="text-align: right; width: 40px;"><a href="{bbcodes.U_EDIT}">{ICON_EDIT}</a> <a href="{bbcodes.U_DELETE}">{ICON_DELETE}</a></td>
</tr>
<!-- BEGINELSE -->
<tr class="row3">
<td colspan="2">{L_ACP_NO_ITEMS}</td>
</tr>
<!-- END bbcodes -->
</tbody>
</table>

10
phpBB/adm/style/acp_database.html
View file

@ -7,6 +7,7 @@
<p>{L_ACP_RESTORE_EXPLAIN}</p>
<!-- IF .files -->
<form id="acp_backup" method="post" action="{U_ACTION}">
<fieldset>
@ -16,16 +17,19 @@
<dd><select id="file" name="file" size="10"><!-- BEGIN files --><option value="{files.FILE}"<!-- IF files.S_LAST_ROW --> selected="selected"<!-- ENDIF -->>{files.NAME}</option><!-- END files --></select></dd>
</dl>
<!-- IF .files -->
<p class="submit-buttons">
<input class="button1" type="submit" id="submit" name="submit" value="{L_START_RESTORE}" />&nbsp;
<input class="button2" type="submit" id="delete" name="delete" value="{L_DELETE_BACKUP}" />&nbsp;
<input class="button2" type="submit" id="download" name="download" value="{L_DOWNLOAD_BACKUP}" />
</p>
<!-- ENDIF -->
{S_FORM_TOKEN}
</fieldset>
</form>
<!-- ELSE -->
<div class="errorbox">
<p>{L_ACP_NO_ITEMS}</p>
</div>
<!-- ENDIF -->
<!-- ELSE -->
<h1>{L_ACP_BACKUP}</h1>
@ -77,7 +81,7 @@
<option value="{tables.TABLE}">{tables.TABLE}</option>
<!-- END tables -->
</select></dd>
<dd><a href="#" onclick="selector(true)">{L_SELECT_ALL}</a> :: <a href="#" onclick="selector(false)">{L_DESELECT_ALL}</a></dd>
<dd><a href="#" onclick="selector(true); return false;">{L_SELECT_ALL}</a> :: <a href="#" onclick="selector(false); return false;">{L_DESELECT_ALL}</a></dd>
</dl>
<p class="submit-buttons">

7
phpBB/adm/style/acp_forums.html
View file

@ -202,6 +202,11 @@
<dt><label for="forum_status">{L_FORUM_STATUS}:</label></dt>
<dd><select id="forum_status" name="forum_status">{S_STATUS_OPTIONS}</select></dd>
</dl>
<dl>
<dt><label for="display_subforum_list">{L_LIST_SUBFORUMS}:</label><br /><span>{L_LIST_SUBFORUMS_EXPLAIN}</span></dt>
<dd><label><input type="radio" class="radio" name="display_subforum_list" value="1"<!-- IF S_DISPLAY_SUBFORUM_LIST --> id="display_subforum_list" checked="checked"<!-- ENDIF --> /> {L_YES}</label>
<label><input type="radio" class="radio" name="display_subforum_list" value="0"<!-- IF not S_DISPLAY_SUBFORUM_LIST --> id="display_subforum_list" checked="checked"<!-- ENDIF --> /> {L_NO}</label></dd>
</dl>
<dl>
<dt><label for="display_on_index">{L_LIST_INDEX}:</label><br /><span>{L_LIST_INDEX_EXPLAIN}</span></dt>
<dd><label><input type="radio" class="radio" name="display_on_index" value="1"<!-- IF S_DISPLAY_ON_INDEX --> id="display_on_index" checked="checked"<!-- ENDIF --> /> {L_YES}</label>
@ -445,7 +450,7 @@
<!-- IF forums.S_FIRST_ROW && not forums.S_LAST_ROW -->
{ICON_MOVE_UP_DISABLED}
<a href="{forums.U_MOVE_DOWN}">{ICON_MOVE_DOWN}</a>
<!-- ELSEIF not forums.S_FIRST_ROW && not forums.S_LAST_ROW-->
<!-- ELSEIF not forums.S_FIRST_ROW && not forums.S_LAST_ROW -->
<a href="{forums.U_MOVE_UP}">{ICON_MOVE_UP}</a>
<a href="{forums.U_MOVE_DOWN}">{ICON_MOVE_DOWN}</a>
<!-- ELSEIF forums.S_LAST_ROW && not forums.S_FIRST_ROW -->

20
phpBB/adm/style/acp_icons.html
View file

@ -43,19 +43,19 @@
function toggle_select(icon, display, select)
{
var disp = document.getElementById('order_disp[' + icon + ']');
var nodisp = document.getElementById('order_no_disp[' + icon + ']');
var disp = document.getElementById('order_disp_' + select);
var nodisp = document.getElementById('order_no_disp_' + select);
disp.disabled = !display;
nodisp.disabled = display;
if (display)
{
document.getElementById(select).selectedIndex = 0;
document.getElementById('order_' + select).selectedIndex = 0;
nodisp.className = 'disabled-options';
disp.className = '';
}
else
{
document.getElementById(select).selectedIndex = {S_ORDER_LIST_DISPLAY_COUNT};
document.getElementById('order_' + select).selectedIndex = {S_ORDER_LIST_DISPLAY_COUNT};
disp.className = 'disabled-options';
nodisp.className = '';
}
@ -111,15 +111,15 @@
<td><input class="text post" type="text" size="3" name="width[{items.IMG}]" value="{items.WIDTH}" /></td>
<td><input class="text post" type="text" size="3" name="height[{items.IMG}]" value="{items.HEIGHT}" /></td>
<td>
<input type="checkbox" class="radio" name="display_on_posting[{items.IMG}]"{items.POSTING_CHECKED} onclick="toggle_select('{items.A_IMG}', this.checked, 'order[{items.A_IMG}]');"/>
<input type="checkbox" class="radio" name="display_on_posting[{items.IMG}]"{items.POSTING_CHECKED} onclick="toggle_select('{items.A_IMG}', this.checked, '{items.S_ROW_COUNT}');"/>
<!-- IF items.S_ID -->
<input type="hidden" name="id[{items.IMG}]" value="{items.ID}" />
<!-- ENDIF -->
</td>
<!-- IF ID or S_ADD -->
<td><select id="order[{items.IMG}]" name="order[{items.IMG}]">
<optgroup id="order_disp[{items.IMG}]" label="{L_DISPLAY_POSTING}" <!-- IF not items.POSTING_CHECKED -->disabled="disabled" class="disabled-options" <!-- ENDIF -->>{S_ORDER_LIST_DISPLAY}</optgroup>
<optgroup id="order_no_disp[{items.IMG}]" label="{L_DISPLAY_POSTING_NO}" <!-- IF items.POSTING_CHECKED -->disabled="disabled" class="disabled-options" <!-- ENDIF -->>{S_ORDER_LIST_UNDISPLAY}</optgroup>
<td><select id="order_{items.S_ROW_COUNT}" name="order[{items.IMG}]">
<optgroup id="order_disp_{items.S_ROW_COUNT}" label="{L_DISPLAY_POSTING}" <!-- IF not items.POSTING_CHECKED -->disabled="disabled" class="disabled-options" <!-- ENDIF -->>{S_ORDER_LIST_DISPLAY}</optgroup>
<optgroup id="order_no_disp_{items.S_ROW_COUNT}" label="{L_DISPLAY_POSTING_NO}" <!-- IF items.POSTING_CHECKED -->disabled="disabled" class="disabled-options" <!-- ENDIF -->>{S_ORDER_LIST_UNDISPLAY}</optgroup>
</select></td>
<!-- ENDIF -->
<!-- IF S_ADD -->
@ -248,6 +248,10 @@
&nbsp;<a href="{items.U_EDIT}">{ICON_EDIT}</a> <a href="{items.U_DELETE}">{ICON_DELETE}</a>
</td>
</tr>
<!-- BEGINELSE -->
<tr class="row3">
<td colspan="{COLSPAN}">{L_ACP_NO_ITEMS}</td>
</tr>
<!-- END items -->
</tbody>
</table>

2
phpBB/adm/style/acp_language.html
View file

@ -121,9 +121,11 @@
<!--[if lt IE 8]>
<style type="text/css">
/* <![CDATA[ */
input.langvalue, textarea.langvalue {
width: 450px;
}
/* ]]> */
</style>
<![endif]-->

15
phpBB/adm/style/acp_permission_roles.html
View file

@ -28,11 +28,11 @@
<p>{L_EXPLAIN}</p>
<form id="acp_roles" method="post" action="{U_ACTION}">
<br />
<a href="#acl">&raquo; {L_SET_ROLE_PERMISSIONS}</a>
<form id="acp_roles" method="post" action="{U_ACTION}">
<fieldset>
<legend>{L_ROLE_DETAILS}</legend>
<dl>
@ -46,6 +46,7 @@
<p class="quick">
<input type="submit" class="button1" name="submit" value="{L_SUBMIT}" />
{S_FORM_TOKEN}
</p>
</fieldset>
@ -57,11 +58,15 @@
<!-- ENDIF -->
<p>
<a name="acl"></a>
<a href="#maincontent">&raquo; {L_BACK_TO_TOP}</a><br />
<br /><br />
</p>
<h1>{L_ACL_TYPE}</h1>
<fieldset class="perm nolegend">
@ -107,9 +112,9 @@
<!-- IF auth.mask.S_ROW_COUNT is even --><tr class="row4"><!-- ELSE --><tr class="row3"><!-- ENDIF -->
<th class="permissions-name<!-- IF auth.mask.S_ROW_COUNT is even --> row4<!-- ELSE --> row3<!-- ENDIF -->">{auth.mask.PERMISSION}</th>
<td class="permissions-yes"><label for="{auth.mask.FIELD_NAME}_y"><input onchange="set_colours('00{auth.S_ROW_COUNT}', false)" id="setting[{auth.mask.FIELD_NAME}]_y" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_YES --> checked="checked"<!-- ENDIF --> value="1" /></label></td>
<td class="permissions-no"><label for="{auth.mask.FIELD_NAME}_u"><input onchange="set_colours('00{auth.S_ROW_COUNT}', false)" id="setting[{auth.mask.FIELD_NAME}]_u" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_NO --> checked="checked"<!-- ENDIF --> value="-1" /></label></td>
<td class="permissions-never"><label for="{auth.mask.FIELD_NAME}_n"><input onchange="set_colours('00{auth.S_ROW_COUNT}', false)" id="setting[{auth.mask.FIELD_NAME}]_n" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_NEVER --> checked="checked"<!-- ENDIF --> value="0" /></label></td>
<td class="permissions-yes"><label for="setting_{auth.mask.FIELD_NAME}_y"><input onchange="set_colours('00{auth.S_ROW_COUNT}', false)" id="setting_{auth.mask.FIELD_NAME}_y" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_YES --> checked="checked"<!-- ENDIF --> value="1" /></label></td>
<td class="permissions-no"><label for="setting_{auth.mask.FIELD_NAME}_u"><input onchange="set_colours('00{auth.S_ROW_COUNT}', false)" id="setting_{auth.mask.FIELD_NAME}_u" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_NO --> checked="checked"<!-- ENDIF --> value="-1" /></label></td>
<td class="permissions-never"><label for="setting_{auth.mask.FIELD_NAME}_n"><input onchange="set_colours('00{auth.S_ROW_COUNT}', false)" id="setting_{auth.mask.FIELD_NAME}_n" name="setting[{auth.mask.FIELD_NAME}]" class="radio" type="radio"<!-- IF auth.mask.S_NEVER --> checked="checked"<!-- ENDIF --> value="0" /></label></td>
</tr>
<!-- END mask -->
</tbody>

2
phpBB/adm/style/acp_prune_forums.html
View file

@ -44,7 +44,7 @@
<p>{L_LOOK_UP_FORUMS_EXPLAIN}</p>
<dl>
<dt><label for="forum">{L_LOOK_UP_FORUM}:</label></dt>
<dd><select name="f[]" multiple="multiple" size="10">{S_FORUM_OPTIONS}</select></dd>
<dd><select id="forum" name="f[]" multiple="multiple" size="10">{S_FORUM_OPTIONS}</select></dd>
<dd><label><input type="checkbox" class="radio" name="all_forums" value="1" /> {L_ALL_FORUMS}</label></dd>
</dl>

2
phpBB/adm/style/acp_styles.html
View file

@ -459,7 +459,7 @@
</dl>
<dl>
<dt><label for="copyright">{L_COPYRIGHT}:</label></dt>
<dd><!-- IF S_INSTALL --><b id="name">{COPYRIGHT}</b><!-- ELSE --><input type="text" id="copyright" name="copyright" value="{COPYRIGHT}" /><!-- ENDIF --></dd>
<dd><!-- IF S_INSTALL --><b id="copyright">{COPYRIGHT}</b><!-- ELSE --><input type="text" id="copyright" name="copyright" value="{COPYRIGHT}" /><!-- ENDIF --></dd>
</dl>
<!-- IF S_STYLE and not S_BASIS -->
<dl>

4
phpBB/adm/style/acp_words.html
View file

@ -62,6 +62,10 @@
<td style="text-align: center;">{words.REPLACEMENT}</td>
<td>&nbsp;<a href="{words.U_EDIT}">{ICON_EDIT}</a>&nbsp;&nbsp;<a href="{words.U_DELETE}">{ICON_DELETE}</a>&nbsp;</td>
</tr>
<!-- BEGINELSE -->
<tr class="row3">
<td colspan="3">{L_ACP_NO_ITEMS}</td>
</tr>
<!-- END words -->
</tbody>
</table>

4
phpBB/adm/style/colour_swatch.html
View file

@ -8,7 +8,7 @@
<title>{L_COLOUR_SWATCH}</title>
<style type="text/css">
<!--
/* <![CDATA[ */
body {
background-color: #404040;
color: #fff;
@ -29,7 +29,7 @@
img {
border: 0;
}
//-->
/* ]]> */
</style>
</head>

4
phpBB/adm/style/install_update_diff.html
View file

@ -32,7 +32,7 @@ function resize_panel()
</script>
<style type="text/css">
<!--
/* <![CDATA[ */
#main {
font-size: 1em;
@ -198,7 +198,7 @@ table.hrdiff caption span {
<!-- ENDIF -->
//-->
/* ]]> */
</style>
</head>

6
phpBB/common.php
View file

@ -131,7 +131,7 @@ if (!defined('PHPBB_INSTALLED'))
// Redirect the user to the installer
// We have to generate a full HTTP/1.1 header here since we can't guarantee to have any of the information
// available as used by the redirect function
$server_name = (!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME');
$server_name = (!empty($_SERVER['HTTP_HOST'])) ? strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
$server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT');
$secure = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 1 : 0;
@ -149,9 +149,13 @@ if (!defined('PHPBB_INSTALLED'))
$url = (($secure) ? 'https://' : 'http://') . $server_name;
if ($server_port && (($secure && $server_port <> 443) || (!$secure && $server_port <> 80)))
{
// HTTP HOST can carry a port number...
if (strpos($server_name, ':') === false)
{
$url .= ':' . $server_port;
}
}
$url .= $script_path;
header('Location: ' . $url);

5
phpBB/develop/create_schema_files.php
View file

@ -1072,6 +1072,7 @@ function get_schema_struct()
'forum_last_poster_name'=> array('VCHAR_UNI', ''),
'forum_last_poster_colour'=> array('VCHAR:6', ''),
'forum_flags' => array('TINT:4', 32),
'display_subforum_list' => array('BOOL', 1),
'display_on_index' => array('BOOL', 1),
'enable_indexing' => array('BOOL', 1),
'enable_icons' => array('BOOL', 1),
@ -1143,7 +1144,7 @@ function get_schema_struct()
),
'PRIMARY_KEY' => 'group_id',
'KEYS' => array(
'group_legend' => array('INDEX', 'group_legend'),
'group_legend_name' => array('INDEX', array('group_legend', 'group_name')),
),
);
@ -1519,6 +1520,7 @@ function get_schema_struct()
'COLUMNS' => array(
'session_id' => array('CHAR:32', ''),
'session_user_id' => array('UINT', 0),
'session_forum_id' => array('UINT', 0),
'session_last_visit' => array('TIMESTAMP', 0),
'session_start' => array('TIMESTAMP', 0),
'session_time' => array('TIMESTAMP', 0),
@ -1534,6 +1536,7 @@ function get_schema_struct()
'KEYS' => array(
'session_time' => array('INDEX', 'session_time'),
'session_user_id' => array('INDEX', 'session_user_id'),
'session_forum_id' => array('INDEX', 'session_forum_id'),
),
);

70
phpBB/docs/CHANGELOG.html
View file

@ -53,6 +53,7 @@
<ol>
<li><a href="#changelog">Changelog</a>
<ol style="list-style-type: lower-roman;">
<li><a href="#v300">Changes since 3.0.0</a></li>
<li><a href="#v30rc8">Changes since RC-8</a></li>
<li><a href="#v30rc7">Changes since RC-7</a></li>
<li><a href="#v30rc6">Changes since RC-6</a></li>
@ -80,6 +81,75 @@
<div class="content">
<a name="v300"></a><h3>1.i. Changes since 3.0.0</h3>
<ul>
<li>[Change] Validate birthdays (Bug #15004)</li>
<li>[Fix] Allow correct avatar caching for CGI installations. (thanks wildbill)</li>
<li>[Fix] Fix disabling of word censor, now possible again</li>
<li>[Fix] Allow single quotes in db password to be stored within config.php in installer</li>
<li>[Fix] Correctly quote db password for re-display in installer (Bug #16695 / thanks to m313 for reporting too - #s17235)</li>
<li>[Fix] Correctly handle empty imageset entries (Bug #16865)</li>
<li>[Fix] Correctly check empty subjects/messages (Bug #17915)</li>
<li>[Change] Do not check usernames against word censor list. Disallowed usernames is already checked and word censor belong to posts. (Bug #17745)</li>
<li>[Fix] Additionally include non-postable forums for moderators forums shown within the teams list. (Bug #17265)</li>
<li>[Change] Sped up viewforum considerably (also goes towards mcp_forum)</li>
<li>[Fix] Do not split topic list for topics being promoted to announcements after been moved to another forum (Bug #18635)</li>
<li>[Fix] Allow editing usernames within database_update on username cleanup (Bug #18415)</li>
<li>[Fix] Fixing wrong sync() calls if moving all posts by a member in ACP (Bug #18385)</li>
<li>[Fix] Check entered imagemagick path for trailing slash (Bug #18205)</li>
<li>[Fix] Use proper title on index for new/unread posts (Bug #13101) - patch provided by Pyramide</li>
<li>[Fix] Allow calls to $user->set_cookie() define no cookie time for setting session cookies (Bug #18025)</li>
<li>[Fix] Stricter checks on smilie packs (Bug #19675)</li>
<li>[Fix] Gracefully return from cancelling pm drafts (Bug #19675)</li>
<li>[Fix] Possible login problems with IE7 if browser check is activated (Bug #20135)</li>
<li>[Fix] Fix possible database transaction errors if code returns on error and rollback happened (Bug #17025)</li>
<li>[Change] Allow numbers in permission names for modifications, as well as uppercase letters for the request_ part (Bug #20125)</li>
<li>[Fix] Use HTTP_HOST in favor of SERVER_NAME for determining server url for redirection and installation (Bug #19955)</li>
<li>[Fix] Removing s_watching_img from watch_topic_forum() function (Bug #20445)</li>
<li>[Fix] Changing order for post review if more than one post affected (Bug #15249)</li>
<li>[Fix] Language typos/fixes (Bug #20425, #15719, #15429, #14669, #13479, #20795, #21095, #21405, #21715, #21725, #21755, #21865, #15689)</li>
<li>[Fix] Style/Template fixes (Bug #20065, #19405, #19205, #15028, #14934, #14821, #14752, #14497, #13707, #14738, #19725)</li>
<li>[Fix] Tiny code fixes (Bug #20165, #20025, #19795, #14804)</li>
<li>[Fix] Prepend phpbb_root_path to ranks path for displaying ranks (Bug #19075)</li>
<li>[Fix] Allow forum notifications if topic notifications are disabled but forum notifications enabled (Bug #14765)</li>
<li>[Fix] Fixing realpath issues for provider returning the passed value instead of disabling it. This fixes issues with confirm boxes for those hosted on Network Solutions for example. (Bug #20435)</li>
<li>[Fix] Try to sort last active date on memberlist correctly at least on current page (Bug #18665)</li>
<li>[Fix] Handle generation of form tokens when maximum time is set to -1</li>
<li>[Fix] Correctly delete unapproved posts without deleting the topic (Bug #15120)</li>
<li>[Fix] Respect signature permissions in posting (Bug #16029)</li>
<li>[Fix] Users allowed to resign only from open and freely open groups (Bug #19355)</li>
<li>[Fix] Assign a last viewed date to converted topics (Bug #16565)</li>
<li>[Fix] Many minor and/or cosmetic fixes (Including, but not limited to: #21315, #18575, #18435, #21215)</li>
<li>[Feature] New option to hide the entire list of subforums on listforums</li>
<li>[Fix] Custom BBCode {EMAIL}-Token usage (Bug #21155)</li>
<li>[Fix] Do not rely on parameter returned by unlink() for verifying cache directory write permission (Bug #19565)</li>
<li>[Change] Use correct string for filesize (MiB instead of MB for example)</li>
<li>[Change] Remove left join for query used to retrieve already assigned users and groups within permission panel (Bug #20235)</li>
<li>[Fix] Correctly return sole whitespaces if used with BBCodes (Bug #19535)</li>
<li>[Fix] Quote bbcode parsing adding too much closing tags on special conditions (Bug #20735)</li>
<li>[Change] Added sanity checks to various ACP settings</li>
<li>[Change] Removed minimum form times</li>
<li>[Fix] Check topics_per_page value in acp_forums (Bug #15539)</li>
<li>[Fix] Custom profile fields with date type should be timezone independend (Bug #15003)</li>
<li>[Fix] Fixing some XHTML errors/warnings within the ACP (Bug #22875)</li>
<li>[Fix] Warnings if poll title/options exceed maximum characters per post (Bug #22865)</li>
<li>[Fix] Do not allow selecting non-authorized groups within memberlist by adjusting URL (Bug #22805 - patch provided by ToonArmy)</li>
<li>[Fix] Correctly specify &quot;close report action&quot; (Bug #22685)</li>
<li>[Fix] Display &quot;empty password error&quot; within the login box instead of issuing a general error (Bug #22525)</li>
<li>[Fix] Clean up who is online code in page_header (Bug #22715, thanks HighwayofLife)</li>
<li>[Fix] Pertain select single link on memberlist (Bug #23235 - patch provided by Schumi)</li>
<li>[Fix] Allow &amp; and | in local part of email addresses (Bug #22995)</li>
<li>[Fix] Do not error out if php_uname function disabled / Authenticating on SMTP Server (Bug #22235 - patch by HoL)</li>
<li>[Fix] Correctly obtain to be ignored users within topic/forum notification (Bug #21795 - patch provided by dr.death)</li>
<li>[Fix] Correctly update board statistics for attaching orphaned files to existing posts (Bug #20185)</li>
<li>[Fix] Do not detect the board URL as a link twice in posts (Bug #19215)</li>
<li>[Fix] Set correct error reporting in style.php to avoid blank pages after CSS changes (Bug #23885)</li>
<li>[Fix] If pruning users based on last activity, do not include users never logged in before (Bug #18105)</li>
<li>[Sec] Only allow searching by email address in memberlist for users having the a_user permission (reported by evil&lt;3)</li>
<li>[Sec] Limit private message attachments to be viewable only by the recipient(s)/sender (Report #s23535) - reported by AlleyKat</li>
</ul>
<a name="v30rc8"></a><h3>1.i. Changes since 3.0.RC8</h3>
<ul>

6
phpBB/docs/INSTALL.html
View file

@ -281,9 +281,9 @@
<a name="update_patch"></a><h3>4.iii. Patch file</h3>
<p>The patch file package is for those wanting to update through the patch application, and being compfortable with it.</p>
<p>The patch file package is for those wanting to update through the patch application, and being comfortable with it.</p>
<p>The patch file is one solution for those with many Modifications (MODs) or other changes who do not want to re-add them back to all the changed files if they use the method explained above. To use this you will need command line access to a standard UNIX type <strong>patch</strong> application. If you do not have access to such an application but still want to use this update approach, we strongly recommend the <a href="update_auto">Automatic update package</a> explained below. It is also the preferred update method.</p>
<p>The patch file is one solution for those with many Modifications (MODs) or other changes who do not want to re-add them back to all the changed files if they use the method explained above. To use this you will need command line access to a standard UNIX type <strong>patch</strong> application. If you do not have access to such an application but still want to use this update approach, we strongly recommend the <a href="#update_auto">Automatic update package</a> explained below. It is also the preferred update method.</p>
<p>A number of patch files are provided to allow you to update from previous stable releases. Select the correct patch, e.g. if your current version is 3.0.0 you need the phpBB-3.0.0_to_3.0.1.patch file. Place the correct patch in the parent directory containing the phpBB3 core files (i.e. index.php, viewforum.php, etc.). With this done you should run the following command: <strong>patch -cl -d [PHPBB DIRECTORY] -p1 &lt; [PATCH NAME]</strong> (where PHPBB DIRECTORY is the directory name your phpBB Installation resides in, for example phpBB3, and where PATCH NAME is the relevant filename of the selected patch file). This should complete quickly, hopefully without any HUNK FAILED comments.</p>
@ -369,7 +369,7 @@
<p><strong>Password conversion</strong> Due to the utf-8 based handling of passwords in phpBB3, it is not always possible to transfer all passwords. For passwords "lost in translation" the easiest workaround is to use the "forgotten password" function.</p>
<p><strong>Path to your former board</strong> The converter expects the relative path to your old board's files. So, -for instance - if the new board is located at <code>http://www.yourdomain.com/forum</code> and the phpBB3 is located at <code>http://www.yourdomain.com/phpBB3</code>, then the correct value would be <code>../forum</code>. Note that the webserver user must be able to access the source installation's files.</p>
<p><strong>Path to your former board</strong> The converter expects the relative path to your old board's files. So, - for instance - if the old board is located at <code>http://www.yourdomain.com/forum</code> and the phpBB3 installation is located at <code>http://www.yourdomain.com/phpBB3</code>, then the correct value would be <code>../forum</code>. Note that the webserver user must be able to access the source installation's files.</p>
<p><strong>Missing images</strong> If your default board language's language pack does not include all images, then some images might be missing in your installation. Always use a complete language pack as default language.</p>

4
phpBB/docs/coding-guidelines.html
View file

@ -110,7 +110,7 @@
<p>If entered with tabs (replace the {TAB}) both equal signs need to be on the same column.</p>
<h3>Linefeeds:</h3>
<p>Ensure that your editor is saving files in the UNIX format. This means lines are terminated with a newline, not with a CR/LF combo as they are on Win32, or whatever the Mac uses. Any decent editor should be able to do this, but it might not always be the default. Know your editor. If you want advice on Windows text editors, just ask one of the developers. Some of them do their editing on Win32.</p>
<p>Ensure that your editor is saving files in the UNIX (LF) line ending format. This means that lines are terminated with a newline, not with Windows Line endings (CR/LF combo) as they are on Win32 or Classic Mac (CR) Line endings. Any decent editor should be able to do this, but it might not always be the default setting. Know your editor. If you want advice for an editor for your Operating System, just ask one of the developers. Some of them do their editing on Win32.
<a name="fileheader"></a><h3>1.ii. File Header</h3>
@ -1059,7 +1059,7 @@ append_sid(&quot;{$phpbb_root_path}memberlist.$phpEx&quot;, 'mode=group&amp;amp;
<span class="comment">&lt;!-- END loopname --&gt;</span>
</pre></div>
<p>A bit later loops will be explained further. To not irretate you we will explain conditionals as well as other statements first.</p>
<p>A bit later loops will be explained further. To not irritate you we will explain conditionals as well as other statements first.</p>
<h4>Including files</h4>
<p>Something that existed in 2.0.x which no longer exists in 3.0.x is the ability to assign a template to a variable. This was used (for example) to output the jumpbox. Instead (perhaps better, perhaps not but certainly more flexible) we now have INCLUDE. This takes the simple form:</p>

4
phpBB/docs/hook_system.html
View file

@ -14,7 +14,7 @@
<title>phpBB3 &bull; Hook System</title>
<style type="text/css">
<!--
/* <![CDATA[ */
/*
The original "prosilver" theme for phpBB3
@ -309,7 +309,7 @@ a:active { color: #368AD2; }
margin-left: 25px;
}
//-->
/* ]]> */
</style>
</head>

42
phpBB/download/file.php
View file

@ -48,7 +48,7 @@ if (isset($_GET['avatar']))
// '==' is not a bug - . as the first char is as bad as no dot at all
if (strpos($filename, '.') == false)
{
header('HTTP/1.0 403 forbidden');
header('HTTP/1.0 403 Forbidden');
if (!empty($cache))
{
$cache->unload();
@ -67,7 +67,14 @@ if (isset($_GET['avatar']))
{
if ($last_load !== false && $last_load <= $stamp)
{
header('Not Modified', true, 304);
if (@php_sapi_name() === 'CGI')
{
header('Status: 304 Not Modified', true, 304);
}
else
{
header('HTTP/1.0 304 Not Modified', true, 304);
}
// seems that we need those too ... browsers
header('Pragma: public');
header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time() + 31536000));
@ -82,7 +89,7 @@ if (isset($_GET['avatar']))
if (!in_array($ext, array('png', 'gif', 'jpg', 'jpeg')))
{
// no way such an avatar could exist. They are not following the rules, stop the show.
header("HTTP/1.0 403 forbidden");
header("HTTP/1.0 403 Forbidden");
if (!empty($cache))
{
$cache->unload();
@ -94,7 +101,7 @@ if (isset($_GET['avatar']))
if (!$filename)
{
// no way such an avatar could exist. They are not following the rules, stop the show.
header("HTTP/1.0 403 forbidden");
header("HTTP/1.0 403 Forbidden");
if (!empty($cache))
{
$cache->unload();
@ -201,8 +208,32 @@ else
$row['forum_id'] = false;
if (!$auth->acl_get('u_pm_download'))
{
header('HTTP/1.0 403 Forbidden');
trigger_error('SORRY_AUTH_VIEW_ATTACH');
}
// Check if the attachment is within the users scope...
$sql = 'SELECT user_id, author_id
FROM ' . PRIVMSGS_TO_TABLE . '
WHERE msg_id = ' . $attachment['post_msg_id'];
$result = $db->sql_query($sql);
$allowed = false;
while ($user_row = $db->sql_fetchrow($result))
{
if ($user->data['user_id'] == $user_row['user_id'] || $user->data['user_id'] == $user_row['author_id'])
{
$allowed = true;
break;
}
}
$db->sql_freeresult($result);
if (!$allowed)
{
header('HTTP/1.0 403 Forbidden');
trigger_error('ERROR_NO_ATTACHMENT');
}
}
// disallowed?
@ -215,6 +246,7 @@ else
if (!download_allowed())
{
header('HTTP/1.0 403 Forbidden');
trigger_error($user->lang['LINKAGE_FORBIDDEN']);
}
@ -551,7 +583,7 @@ function download_allowed()
}
// Check for own server...
$server_name = (!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME');
$server_name = $user->host;
// Forcing server vars is the only way to specify/override the protocol
if ($config['force_server_vars'] || !$server_name)

BIN
phpBB/images/smilies/icon_arrow.gif
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 170 B

After

Width:  |  Height:  |  Size: 407 B

BIN
phpBB/images/smilies/icon_cool.gif
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 172 B

After

Width:  |  Height:  |  Size: 408 B

BIN
phpBB/images/smilies/icon_cry.gif
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 498 B

After

Width:  |  Height:  |  Size: 1.6 KiB

BIN
phpBB/images/smilies/icon_e_biggrin.gif
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 413 B

After

Width:  |  Height:  |  Size: 627 B

BIN
phpBB/images/smilies/icon_e_confused.gif
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 410 B

After

Width:  |  Height:  |  Size: 628 B

BIN
phpBB/images/smilies/icon_e_geek.gif
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 410 B

After

Width:  |  Height:  |  Size: 623 B

BIN
phpBB/images/smilies/icon_e_sad.gif
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 420 B

After

Width:  |  Height:  |  Size: 628 B

BIN
phpBB/images/smilies/icon_e_smile.gif
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 416 B

After

Width:  |  Height:  |  Size: 630 B

BIN
phpBB/images/smilies/icon_e_surprised.gif
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 427 B

After

Width:  |  Height:  |  Size: 415 B

BIN
phpBB/images/smilies/icon_e_ugeek.gif
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 422 B

After

Width:  |  Height:  |  Size: 631 B

BIN
phpBB/images/smilies/icon_e_wink.gif
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 413 B

After

Width:  |  Height:  |  Size: 630 B

BIN
phpBB/images/smilies/icon_eek.gif
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 170 B

After

Width:  |  Height:  |  Size: 619 B

BIN
phpBB/images/smilies/icon_evil.gif
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 236 B

After

Width:  |  Height:  |  Size: 648 B

BIN
phpBB/images/smilies/icon_exclaim.gif
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 236 B

After

Width:  |  Height:  |  Size: 632 B

BIN
phpBB/images/smilies/icon_idea.gif
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 176 B

After

Width:  |  Height:  |  Size: 411 B

BIN
phpBB/images/smilies/icon_lol.gif
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 336 B

After

Width:  |  Height:  |  Size: 707 B

BIN
phpBB/images/smilies/icon_mad.gif
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 174 B

After

Width:  |  Height:  |  Size: 646 B

BIN
phpBB/images/smilies/icon_mrgreen.gif
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 349 B

After

Width:  |  Height:  |  Size: 608 B

BIN
phpBB/images/smilies/icon_neutral.gif
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 171 B

After

Width:  |  Height:  |  Size: 621 B

BIN
phpBB/images/smilies/icon_question.gif
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 248 B

After

Width:  |  Height:  |  Size: 643 B

BIN
phpBB/images/smilies/icon_razz.gif
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 176 B

After

Width:  |  Height:  |  Size: 645 B

BIN
phpBB/images/smilies/icon_redface.gif
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 650 B

After

Width:  |  Height:  |  Size: 2.9 KiB

BIN
phpBB/images/smilies/icon_rolleyes.gif
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 485 B

After

Width:  |  Height:  |  Size: 1.1 KiB

BIN
phpBB/images/smilies/icon_twisted.gif
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 238 B

After

Width:  |  Height:  |  Size: 636 B

10
phpBB/includes/acm/acm_file.php
View file

@ -312,7 +312,7 @@ class acm
if ($var_name[0] == '_')
{
$this->remove_file($this->cache_dir . 'data' . $var_name . ".$phpEx");
$this->remove_file($this->cache_dir . 'data' . $var_name . ".$phpEx", true);
}
else if (isset($this->vars[$var_name]))
{
@ -375,7 +375,7 @@ class acm
}
else if ($expired)
{
$this->remove_file($this->cache_dir . 'sql_' . md5($query) . ".$phpEx");
$this->remove_file($this->cache_dir . 'sql_' . md5($query) . ".$phpEx", true);
return false;
}
@ -489,13 +489,15 @@ class acm
/**
* Removes/unlinks file
*/
function remove_file($filename)
function remove_file($filename, $check = false)
{
if (!@unlink($filename))
if ($check && !@is_writeable($this->cache_dir))
{
// E_USER_ERROR - not using language entry - intended.
trigger_error('Unable to remove files within ' . $this->cache_dir . '. Please check directory permissions.', E_USER_ERROR);
}
return @unlink($filename);
}
}

39
phpBB/includes/acp/acp_attachments.php
View file

@ -152,7 +152,7 @@ class acp_attachments
if (in_array($config_name, array('attachment_quota', 'max_filesize', 'max_filesize_pm')))
{
$size_var = request_var($config_name, '');
$this->new_config[$config_name] = $config_value = ($size_var == 'kb') ? round($config_value * 1024) : (($size_var == 'mb') ? round($config_value * 1048576) : $config_value);
$this->new_config[$config_name] = $config_value = ($size_var == 'kb') ? ($config_value << 10) : (($size_var == 'mb') ? ($config_value << 20) : $config_value);
}
if ($submit)
@ -184,8 +184,19 @@ class acp_attachments
}
// We strip eventually manual added convert program, we only want the patch
if ($this->new_config['img_imagick'])
{
// Change path separator
$this->new_config['img_imagick'] = str_replace('\\', '/', $this->new_config['img_imagick']);
$this->new_config['img_imagick'] = str_replace(array('convert', '.exe'), array('', ''), $this->new_config['img_imagick']);
// Check for trailing slash
if (substr($this->new_config['img_imagick'], -1) !== '/')
{
$this->new_config['img_imagick'] .= '/';
}
}
$supported_types = get_supported_image_types();
// Check Thumbnail Support
@ -489,7 +500,7 @@ class acp_attachments
$allowed_forums = request_var('allowed_forums', array(0));
$allow_in_pm = (isset($_POST['allow_in_pm'])) ? true : false;
$max_filesize = request_var('max_filesize', 0);
$max_filesize = ($size_select == 'kb') ? round($max_filesize * 1024) : (($size_select == 'mb') ? round($max_filesize * 1048576) : $max_filesize);
$max_filesize = ($size_select == 'kb') ? ($max_filesize << 10) : (($size_select == 'mb') ? ($max_filesize << 20) : $max_filesize);
$allow_group = (isset($_POST['allow_group'])) ? true : false;
if ($max_filesize == $config['max_filesize'])
@ -662,8 +673,7 @@ class acp_attachments
}
$size_format = ($ext_group_row['max_filesize'] >= 1048576) ? 'mb' : (($ext_group_row['max_filesize'] >= 1024) ? 'kb' : 'b');
$ext_group_row['max_filesize'] = ($ext_group_row['max_filesize'] >= 1048576) ? round($ext_group_row['max_filesize'] / 1048576 * 100) / 100 : (($ext_group_row['max_filesize'] >= 1024) ? round($ext_group_row['max_filesize'] / 1024 * 100) / 100 : $ext_group_row['max_filesize']);
$ext_group_row['max_filesize'] = get_formatted_filesize($ext_group_row['max_filesize'], false);
$img_path = $config['upload_icons_path'];
@ -889,7 +899,7 @@ class acp_attachments
$upload_list = array();
foreach ($add_files as $attach_id)
{
if (!in_array($attach_id, array_keys($delete_files)) && !empty($post_ids[$attach_id]))
if (!isset($delete_files[$attach_id]) && !empty($post_ids[$attach_id]))
{
$upload_list[$attach_id] = $post_ids[$attach_id];
}
@ -930,6 +940,7 @@ class acp_attachments
AND is_orphan = 1';
$result = $db->sql_query($sql);
$files_added = $space_taken = 0;
while ($row = $db->sql_fetchrow($result))
{
$post_row = $post_info[$upload_list[$row['attach_id']]];
@ -969,9 +980,18 @@ class acp_attachments
WHERE topic_id = ' . $post_row['topic_id'];
$db->sql_query($sql);
$space_taken += $row['filesize'];
$files_added++;
add_log('admin', 'LOG_ATTACH_FILEUPLOAD', $post_row['post_id'], $row['real_filename']);
}
$db->sql_freeresult($result);
if ($files_added)
{
set_config('upload_dir_size', $config['upload_dir_size'] + $space_taken, true);
set_config('num_files', $config['num_files'] + $files_added, true);
}
}
}
@ -989,11 +1009,8 @@ class acp_attachments
while ($row = $db->sql_fetchrow($result))
{
$size_lang = ($row['filesize'] >= 1048576) ? $user->lang['MB'] : (($row['filesize'] >= 1024) ? $user->lang['KB'] : $user->lang['BYTES']);
$row['filesize'] = ($row['filesize'] >= 1048576) ? round((round($row['filesize'] / 1048576 * 100) / 100), 2) : (($row['filesize'] >= 1024) ? round((round($row['filesize'] / 1024 * 100) / 100), 2) : $row['filesize']);
$template->assign_block_vars('orphan', array(
'FILESIZE' => $row['filesize'] . ' ' . $size_lang,
'FILESIZE' => get_formatted_filesize($row['filesize']),
'FILETIME' => $user->format_date($row['filetime']),
'REAL_FILENAME' => basename($row['real_filename']),
'PHYSICAL_FILENAME' => basename($row['physical_filename']),
@ -1134,7 +1151,7 @@ class acp_attachments
foreach ($locations as $location)
{
// The path might not end properly, fudge it
if (substr($location, -1, 1) !== '/')
if (substr($location, -1) !== '/')
{
$location .= '/';
}
@ -1399,7 +1416,7 @@ class acp_attachments
{
// Determine size var and adjust the value accordingly
$size_var = ($value >= 1048576) ? 'mb' : (($value >= 1024) ? 'kb' : 'b');
$value = ($value >= 1048576) ? round($value / 1048576 * 100) / 100 : (($value >= 1024) ? round($value / 1024 * 100) / 100 : $value);
$value = get_formatted_filesize($value, false);
return '<input type="text" id="' . $key . '" size="8" maxlength="15" name="config[' . $key . ']" value="' . $value . '" /> <select name="' . $key . '">' . size_select_options($size_var) . '</select>';
}

4
phpBB/includes/acp/acp_bbcodes.php
View file

@ -312,7 +312,7 @@ class acp_bbcodes
'!(' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('relative_url')) . ')!e' => "\$this->bbcode_specialchars('$1')"
),
'EMAIL' => array(
'!([a-z0-9]+[a-z0-9\-\._]*@(?:(?:[0-9]{1,3}\.){3,5}[0-9]{1,3}|[a-z0-9]+[a-z0-9\-\._]*\.[a-z]+))!i' => "\$this->bbcode_specialchars('$1')"
'!(' . get_preg_expression('email') . ')!ie' => "\$this->bbcode_specialchars('$1')"
),
'TEXT' => array(
'!(.*?)!es' => "str_replace(array(\"\\r\\n\", '\\\"', '\\'', '(', ')'), array(\"\\n\", '\"', '&#39;', '&#40;', '&#41;'), trim('\$1'))"
@ -334,7 +334,7 @@ class acp_bbcodes
$sp_tokens = array(
'URL' => '(?i)((?:' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('url')) . ')|(?:' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('www_url')) . '))(?-i)',
'LOCAL_URL' => '(?i)(' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('relative_url')) . ')(?-i)',
'EMAIL' => '([a-zA-Z0-9]+[a-zA-Z0-9\-\._]*@(?:(?:[0-9]{1,3}\.){3,5}[0-9]{1,3}|[a-zA-Z0-9]+[a-zA-Z0-9\-\._]*\.[a-zA-Z]+))',
'EMAIL' => '(' . get_preg_expression('email') . ')',
'TEXT' => '(.*?)',
'SIMPLETEXT' => '([a-zA-Z0-9-+.,_ ]+)',
'IDENTIFIER' => '([a-zA-Z0-9-_]+)',

98
phpBB/includes/acp/acp_board.php
View file

@ -107,9 +107,9 @@ class acp_board
'allow_avatar_local' => array('lang' => 'ALLOW_LOCAL', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false),
'allow_avatar_remote' => array('lang' => 'ALLOW_REMOTE', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
'allow_avatar_upload' => array('lang' => 'ALLOW_UPLOAD', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false),
'avatar_filesize' => array('lang' => 'MAX_FILESIZE', 'validate' => 'int', 'type' => 'text:4:10', 'explain' => true, 'append' => ' ' . $user->lang['BYTES']),
'avatar_min' => array('lang' => 'MIN_AVATAR_SIZE', 'validate' => 'int', 'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
'avatar_max' => array('lang' => 'MAX_AVATAR_SIZE', 'validate' => 'int', 'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
'avatar_filesize' => array('lang' => 'MAX_FILESIZE', 'validate' => 'int:0', 'type' => 'text:4:10', 'explain' => true, 'append' => ' ' . $user->lang['BYTES']),
'avatar_min' => array('lang' => 'MIN_AVATAR_SIZE', 'validate' => 'int:0', 'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
'avatar_max' => array('lang' => 'MAX_AVATAR_SIZE', 'validate' => 'int:0', 'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
'avatar_path' => array('lang' => 'AVATAR_STORAGE_PATH', 'validate' => 'rwpath', 'type' => 'text:20:255', 'explain' => true),
'avatar_gallery_path' => array('lang' => 'AVATAR_GALLERY_PATH', 'validate' => 'rpath', 'type' => 'text:20:255', 'explain' => true)
)
@ -123,10 +123,10 @@ class acp_board
'vars' => array(
'legend1' => 'GENERAL_SETTINGS',
'allow_privmsg' => array('lang' => 'BOARD_PM', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
'pm_max_boxes' => array('lang' => 'BOXES_MAX', 'validate' => 'int', 'type' => 'text:4:4', 'explain' => true),
'pm_max_msgs' => array('lang' => 'BOXES_LIMIT', 'validate' => 'int', 'type' => 'text:4:4', 'explain' => true),
'pm_max_boxes' => array('lang' => 'BOXES_MAX', 'validate' => 'int:0', 'type' => 'text:4:4', 'explain' => true),
'pm_max_msgs' => array('lang' => 'BOXES_LIMIT', 'validate' => 'int:0', 'type' => 'text:4:4', 'explain' => true),
'full_folder_action' => array('lang' => 'FULL_FOLDER_ACTION', 'validate' => 'int', 'type' => 'select', 'method' => 'full_folder_select', 'explain' => true),
'pm_edit_time' => array('lang' => 'PM_EDIT_TIME', 'validate' => 'int', 'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']),
'pm_edit_time' => array('lang' => 'PM_EDIT_TIME', 'validate' => 'int:0', 'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']),
'legend2' => 'GENERAL_OPTIONS',
'allow_mass_pm' => array('lang' => 'ALLOW_MASS_PM', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false),
@ -160,21 +160,21 @@ class acp_board
'legend2' => 'POSTING',
'bump_type' => false,
'edit_time' => array('lang' => 'EDIT_TIME', 'validate' => 'int', 'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']),
'edit_time' => array('lang' => 'EDIT_TIME', 'validate' => 'int:0', 'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']),
'display_last_edited' => array('lang' => 'DISPLAY_LAST_EDITED', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
'flood_interval' => array('lang' => 'FLOOD_INTERVAL', 'validate' => 'int', 'type' => 'text:3:10', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
'bump_interval' => array('lang' => 'BUMP_INTERVAL', 'validate' => 'int', 'type' => 'custom', 'method' => 'bump_interval', 'explain' => true),
'topics_per_page' => array('lang' => 'TOPICS_PER_PAGE', 'validate' => 'int', 'type' => 'text:3:4', 'explain' => false),
'posts_per_page' => array('lang' => 'POSTS_PER_PAGE', 'validate' => 'int', 'type' => 'text:3:4', 'explain' => false),
'hot_threshold' => array('lang' => 'HOT_THRESHOLD', 'validate' => 'int', 'type' => 'text:3:4', 'explain' => true),
'max_poll_options' => array('lang' => 'MAX_POLL_OPTIONS', 'validate' => 'int', 'type' => 'text:4:4', 'explain' => false),
'max_post_chars' => array('lang' => 'CHAR_LIMIT', 'validate' => 'int', 'type' => 'text:4:6', 'explain' => true),
'max_post_smilies' => array('lang' => 'SMILIES_LIMIT', 'validate' => 'int', 'type' => 'text:4:4', 'explain' => true),
'max_post_urls' => array('lang' => 'MAX_POST_URLS', 'validate' => 'int', 'type' => 'text:5:4', 'explain' => true),
'max_post_font_size' => array('lang' => 'MAX_POST_FONT_SIZE', 'validate' => 'int', 'type' => 'text:5:4', 'explain' => true, 'append' => ' %'),
'max_quote_depth' => array('lang' => 'QUOTE_DEPTH_LIMIT', 'validate' => 'int', 'type' => 'text:4:4', 'explain' => true),
'max_post_img_width' => array('lang' => 'MAX_POST_IMG_WIDTH', 'validate' => 'int', 'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
'max_post_img_height' => array('lang' => 'MAX_POST_IMG_HEIGHT', 'validate' => 'int', 'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
'flood_interval' => array('lang' => 'FLOOD_INTERVAL', 'validate' => 'int:0', 'type' => 'text:3:10', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
'bump_interval' => array('lang' => 'BUMP_INTERVAL', 'validate' => 'int:0', 'type' => 'custom', 'method' => 'bump_interval', 'explain' => true),
'topics_per_page' => array('lang' => 'TOPICS_PER_PAGE', 'validate' => 'int:1', 'type' => 'text:3:4', 'explain' => false),
'posts_per_page' => array('lang' => 'POSTS_PER_PAGE', 'validate' => 'int:1', 'type' => 'text:3:4', 'explain' => false),
'hot_threshold' => array('lang' => 'HOT_THRESHOLD', 'validate' => 'int:0', 'type' => 'text:3:4', 'explain' => true),
'max_poll_options' => array('lang' => 'MAX_POLL_OPTIONS', 'validate' => 'int:0', 'type' => 'text:4:4', 'explain' => false),
'max_post_chars' => array('lang' => 'CHAR_LIMIT', 'validate' => 'int:0', 'type' => 'text:4:6', 'explain' => true),
'max_post_smilies' => array('lang' => 'SMILIES_LIMIT', 'validate' => 'int:0', 'type' => 'text:4:4', 'explain' => true),
'max_post_urls' => array('lang' => 'MAX_POST_URLS', 'validate' => 'int:0', 'type' => 'text:5:4', 'explain' => true),
'max_post_font_size' => array('lang' => 'MAX_POST_FONT_SIZE', 'validate' => 'int:0', 'type' => 'text:5:4', 'explain' => true, 'append' => ' %'),
'max_quote_depth' => array('lang' => 'QUOTE_DEPTH_LIMIT', 'validate' => 'int:0', 'type' => 'text:4:4', 'explain' => true),
'max_post_img_width' => array('lang' => 'MAX_POST_IMG_WIDTH', 'validate' => 'int:0', 'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
'max_post_img_height' => array('lang' => 'MAX_POST_IMG_HEIGHT', 'validate' => 'int:0', 'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
)
);
break;
@ -192,12 +192,12 @@ class acp_board
'allow_sig_links' => array('lang' => 'ALLOW_SIG_LINKS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
'legend2' => 'GENERAL_SETTINGS',
'max_sig_chars' => array('lang' => 'MAX_SIG_LENGTH', 'validate' => 'int', 'type' => 'text:5:4', 'explain' => true),
'max_sig_urls' => array('lang' => 'MAX_SIG_URLS', 'validate' => 'int', 'type' => 'text:5:4', 'explain' => true),
'max_sig_font_size' => array('lang' => 'MAX_SIG_FONT_SIZE', 'validate' => 'int', 'type' => 'text:5:4', 'explain' => true, 'append' => ' %'),
'max_sig_smilies' => array('lang' => 'MAX_SIG_SMILIES', 'validate' => 'int', 'type' => 'text:5:4', 'explain' => true),
'max_sig_img_width' => array('lang' => 'MAX_SIG_IMG_WIDTH', 'validate' => 'int', 'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
'max_sig_img_height' => array('lang' => 'MAX_SIG_IMG_HEIGHT', 'validate' => 'int', 'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
'max_sig_chars' => array('lang' => 'MAX_SIG_LENGTH', 'validate' => 'int:0', 'type' => 'text:5:4', 'explain' => true),
'max_sig_urls' => array('lang' => 'MAX_SIG_URLS', 'validate' => 'int:0', 'type' => 'text:5:4', 'explain' => true),
'max_sig_font_size' => array('lang' => 'MAX_SIG_FONT_SIZE', 'validate' => 'int:0', 'type' => 'text:5:4', 'explain' => true, 'append' => ' %'),
'max_sig_smilies' => array('lang' => 'MAX_SIG_SMILIES', 'validate' => 'int:0', 'type' => 'text:5:4', 'explain' => true),
'max_sig_img_width' => array('lang' => 'MAX_SIG_IMG_WIDTH', 'validate' => 'int:0', 'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
'max_sig_img_height' => array('lang' => 'MAX_SIG_IMG_HEIGHT', 'validate' => 'int:0', 'type' => 'text:5:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
)
);
break;
@ -207,24 +207,22 @@ class acp_board
'title' => 'ACP_REGISTER_SETTINGS',
'vars' => array(
'legend1' => 'GENERAL_SETTINGS',
'max_name_chars' => false,
'max_pass_chars' => false,
'max_name_chars' => array('lang' => 'USERNAME_LENGTH', 'validate' => 'int:8:180', 'type' => false, 'method' => false, 'explain' => false,),
'max_pass_chars' => array('lang' => 'PASSWORD_LENGTH', 'validate' => 'int:8:255', 'type' => false, 'method' => false, 'explain' => false,),
'require_activation' => array('lang' => 'ACC_ACTIVATION', 'validate' => 'int', 'type' => 'custom', 'method' => 'select_acc_activation', 'explain' => true),
'min_name_chars' => array('lang' => 'USERNAME_LENGTH', 'validate' => 'int', 'type' => 'custom', 'method' => 'username_length', 'explain' => true),
'min_pass_chars' => array('lang' => 'PASSWORD_LENGTH', 'validate' => 'int', 'type' => 'custom', 'method' => 'password_length', 'explain' => true),
'min_name_chars' => array('lang' => 'USERNAME_LENGTH', 'validate' => 'int:1', 'type' => 'custom:5:180', 'method' => 'username_length', 'explain' => true),
'min_pass_chars' => array('lang' => 'PASSWORD_LENGTH', 'validate' => 'int:1', 'type' => 'custom', 'method' => 'password_length', 'explain' => true),
'allow_name_chars' => array('lang' => 'USERNAME_CHARS', 'validate' => 'string', 'type' => 'select', 'method' => 'select_username_chars', 'explain' => true),
'pass_complex' => array('lang' => 'PASSWORD_TYPE', 'validate' => 'string', 'type' => 'select', 'method' => 'select_password_chars', 'explain' => true),
'chg_passforce' => array('lang' => 'FORCE_PASS_CHANGE', 'validate' => 'int', 'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']),
'chg_passforce' => array('lang' => 'FORCE_PASS_CHANGE', 'validate' => 'int:0', 'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']),
'legend2' => 'GENERAL_OPTIONS',
'allow_namechange' => array('lang' => 'ALLOW_NAME_CHANGE', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false),
'allow_emailreuse' => array('lang' => 'ALLOW_EMAIL_REUSE', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
'enable_confirm' => array('lang' => 'VISUAL_CONFIRM_REG', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
'max_login_attempts' => array('lang' => 'MAX_LOGIN_ATTEMPTS', 'validate' => 'int', 'type' => 'text:3:3', 'explain' => true),
'max_reg_attempts' => array('lang' => 'REG_LIMIT', 'validate' => 'int', 'type' => 'text:4:4', 'explain' => true),
'min_time_reg' => array('lang' => 'MIN_TIME_REG', 'validate' => 'int', 'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
'min_time_terms' => array('lang' => 'MIN_TIME_TERMS', 'validate' => 'int', 'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
'max_login_attempts' => array('lang' => 'MAX_LOGIN_ATTEMPTS', 'validate' => 'int:0', 'type' => 'text:3:3', 'explain' => true),
'max_reg_attempts' => array('lang' => 'REG_LIMIT', 'validate' => 'int:0', 'type' => 'text:4:4', 'explain' => true),
'legend3' => 'COPPA',
'coppa_enable' => array('lang' => 'ENABLE_COPPA', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
@ -253,9 +251,9 @@ class acp_board
'vars' => array(
'legend1' => 'GENERAL_SETTINGS',
'limit_load' => array('lang' => 'LIMIT_LOAD', 'validate' => 'string', 'type' => 'text:4:4', 'explain' => true),
'session_length' => array('lang' => 'SESSION_LENGTH', 'validate' => 'int', 'type' => 'text:5:10', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
'active_sessions' => array('lang' => 'LIMIT_SESSIONS', 'validate' => 'int', 'type' => 'text:4:4', 'explain' => true),
'load_online_time' => array('lang' => 'ONLINE_LENGTH', 'validate' => 'int', 'type' => 'text:4:3', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']),
'session_length' => array('lang' => 'SESSION_LENGTH', 'validate' => 'int:60', 'type' => 'text:5:10', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
'active_sessions' => array('lang' => 'LIMIT_SESSIONS', 'validate' => 'int:0', 'type' => 'text:4:4', 'explain' => true),
'load_online_time' => array('lang' => 'ONLINE_LENGTH', 'validate' => 'int:0', 'type' => 'text:4:3', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']),
'legend2' => 'GENERAL_OPTIONS',
'load_db_track' => array('lang' => 'YES_POST_MARKING', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
@ -305,7 +303,7 @@ class acp_board
'force_server_vars' => array('lang' => 'FORCE_SERVER_VARS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
'server_protocol' => array('lang' => 'SERVER_PROTOCOL', 'validate' => 'string', 'type' => 'text:10:10', 'explain' => true),
'server_name' => array('lang' => 'SERVER_NAME', 'validate' => 'string', 'type' => 'text:40:255', 'explain' => true),
'server_port' => array('lang' => 'SERVER_PORT', 'validate' => 'int', 'type' => 'text:5:5', 'explain' => true),
'server_port' => array('lang' => 'SERVER_PORT', 'validate' => 'int:0', 'type' => 'text:5:5', 'explain' => true),
'script_path' => array('lang' => 'SCRIPT_PATH', 'validate' => 'script_path', 'type' => 'text::255', 'explain' => true),
)
);
@ -317,18 +315,17 @@ class acp_board
'vars' => array(
'legend1' => 'ACP_SECURITY_SETTINGS',
'allow_autologin' => array('lang' => 'ALLOW_AUTOLOGIN', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
'max_autologin_time' => array('lang' => 'AUTOLOGIN_LENGTH', 'validate' => 'int', 'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']),
'max_autologin_time' => array('lang' => 'AUTOLOGIN_LENGTH', 'validate' => 'int:0', 'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']),
'ip_check' => array('lang' => 'IP_VALID', 'validate' => 'int', 'type' => 'custom', 'method' => 'select_ip_check', 'explain' => true),
'browser_check' => array('lang' => 'BROWSER_VALID', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
'forwarded_for_check' => array('lang' => 'FORWARDED_FOR_VALID', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
'check_dnsbl' => array('lang' => 'CHECK_DNSBL', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
'email_check_mx' => array('lang' => 'EMAIL_CHECK_MX', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
'pass_complex' => array('lang' => 'PASSWORD_TYPE', 'validate' => 'string', 'type' => 'select', 'method' => 'select_password_chars', 'explain' => true),
'chg_passforce' => array('lang' => 'FORCE_PASS_CHANGE', 'validate' => 'int', 'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']),
'max_login_attempts' => array('lang' => 'MAX_LOGIN_ATTEMPTS', 'validate' => 'int', 'type' => 'text:3:3', 'explain' => true),
'chg_passforce' => array('lang' => 'FORCE_PASS_CHANGE', 'validate' => 'int:0', 'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']),
'max_login_attempts' => array('lang' => 'MAX_LOGIN_ATTEMPTS', 'validate' => 'int:0', 'type' => 'text:3:3', 'explain' => true),
'tpl_allow_php' => array('lang' => 'TPL_ALLOW_PHP', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
'form_token_lifetime' => array('lang' => 'FORM_TIME_MAX', 'validate' => 'int', 'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
'form_token_mintime' => array('lang' => 'FORM_TIME_MIN', 'validate' => 'int', 'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
'form_token_lifetime' => array('lang' => 'FORM_TIME_MAX', 'validate' => 'int:-1', 'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
'form_token_sid_guests' => array('lang' => 'FORM_SID_GUESTS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
)
@ -343,7 +340,7 @@ class acp_board
'email_enable' => array('lang' => 'ENABLE_EMAIL', 'validate' => 'bool', 'type' => 'radio:enabled_disabled', 'explain' => true),
'board_email_form' => array('lang' => 'BOARD_EMAIL_FORM', 'validate' => 'bool', 'type' => 'radio:enabled_disabled', 'explain' => true),
'email_function_name' => array('lang' => 'EMAIL_FUNCTION_NAME', 'validate' => 'string', 'type' => 'text:20:50', 'explain' => true),
'email_package_size' => array('lang' => 'EMAIL_PACKAGE_SIZE', 'validate' => 'int', 'type' => 'text:5:5', 'explain' => true),
'email_package_size' => array('lang' => 'EMAIL_PACKAGE_SIZE', 'validate' => 'int:0', 'type' => 'text:5:5', 'explain' => true),
'board_contact' => array('lang' => 'CONTACT_EMAIL', 'validate' => 'string', 'type' => 'text:25:100', 'explain' => true),
'board_email' => array('lang' => 'ADMIN_EMAIL', 'validate' => 'string', 'type' => 'text:25:100', 'explain' => true),
'board_email_sig' => array('lang' => 'EMAIL_SIG', 'validate' => 'string', 'type' => 'textarea:5:30', 'explain' => true),
@ -352,7 +349,7 @@ class acp_board
'legend2' => 'SMTP_SETTINGS',
'smtp_delivery' => array('lang' => 'USE_SMTP', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
'smtp_host' => array('lang' => 'SMTP_SERVER', 'validate' => 'string', 'type' => 'text:25:50', 'explain' => false),
'smtp_port' => array('lang' => 'SMTP_PORT', 'validate' => 'int', 'type' => 'text:4:5', 'explain' => true),
'smtp_port' => array('lang' => 'SMTP_PORT', 'validate' => 'int:0', 'type' => 'text:4:5', 'explain' => true),
'smtp_auth_method' => array('lang' => 'SMTP_AUTH_METHOD', 'validate' => 'string', 'type' => 'select', 'method' => 'mail_auth_select', 'explain' => true),
'smtp_username' => array('lang' => 'SMTP_USERNAME', 'validate' => 'string', 'type' => 'text:25:255', 'explain' => true),
'smtp_password' => array('lang' => 'SMTP_PASSWORD', 'validate' => 'string', 'type' => 'password:25:255', 'explain' => true)
@ -556,6 +553,13 @@ class acp_board
$l_explain = (isset($user->lang[$vars['lang'] . '_EXPLAIN'])) ? $user->lang[$vars['lang'] . '_EXPLAIN'] : '';
}
$content = build_cfg_template($type, $config_key, $this->new_config, $config_key, $vars);
if (empty($content))
{
continue;
}
$template->assign_block_vars('options', array(
'KEY' => $config_key,
'TITLE' => (isset($user->lang[$vars['lang']])) ? $user->lang[$vars['lang']] : $vars['lang'],
@ -795,7 +799,7 @@ class acp_board
}
$dateformat_options .= '<option value="custom"';
if (!in_array($value, array_keys($user->lang['dateformats'])))
if (!isset($user->lang['dateformats'][$value]))
{
$dateformat_options .= ' selected="selected"';
}

10
phpBB/includes/acp/acp_forums.php
View file

@ -132,6 +132,7 @@ class acp_forums
'forum_rules_link' => request_var('forum_rules_link', ''),
'forum_image' => request_var('forum_image', ''),
'forum_style' => request_var('forum_style', 0),
'display_subforum_list' => request_var('display_subforum_list', false),
'display_on_index' => request_var('display_on_index', false),
'forum_topics_per_page' => request_var('topics_per_page', 0),
'enable_indexing' => request_var('enable_indexing', true),
@ -471,6 +472,7 @@ class acp_forums
'forum_rules_link' => '',
'forum_image' => '',
'forum_style' => 0,
'display_subforum_list' => true,
'display_on_index' => false,
'forum_topics_per_page' => 0,
'enable_indexing' => true,
@ -670,6 +672,7 @@ class acp_forums
'S_FORUM_CAT' => ($forum_data['forum_type'] == FORUM_CAT) ? true : false,
'S_ENABLE_INDEXING' => ($forum_data['enable_indexing']) ? true : false,
'S_TOPIC_ICONS' => ($forum_data['enable_icons']) ? true : false,
'S_DISPLAY_SUBFORUM_LIST' => ($forum_data['display_subforum_list']) ? true : false,
'S_DISPLAY_ON_INDEX' => ($forum_data['display_on_index']) ? true : false,
'S_PRUNE_ENABLE' => ($forum_data['enable_prune']) ? true : false,
'S_FORUM_LINK_TRACK' => ($forum_data['forum_flags'] & FORUM_FLAG_LINK_TRACK) ? true : false,
@ -916,6 +919,13 @@ class acp_forums
$errors[] = $user->lang['FORUM_DATA_NEGATIVE'];
}
$range_test_ary = array(
array('lang' => 'FORUM_TOPICS_PAGE', 'value' => $forum_data['forum_topics_per_page'], 'column_type' => 'TINT:0'),
);
validate_range($range_test_ary, $errors);
// Set forum flags
// 1 = link tracking
// 2 = prune old polls

20
phpBB/includes/acp/acp_icons.php
View file

@ -337,11 +337,16 @@ class acp_icons
}
$icons_updated = 0;
$errors = array();
foreach ($images as $image)
{
if (($mode == 'smilies' && ($image_emotion[$image] == '' || $image_code[$image] == '')) ||
($action == 'create' && !isset($image_add[$image])))
if ($mode == 'smilies' && ($image_emotion[$image] == '' || $image_code[$image] == ''))
{
$errors[$image] = 'SMILIE_NO_' . (($image_emotion[$image] == '') ? 'EMOTION' : 'CODE');
}
else if ($action == 'create' && !isset($image_add[$image]))
{
// skip images where add wasn't checked
}
else
{
@ -431,13 +436,18 @@ class acp_icons
default:
$suc_lang = $lang;
}
$errormsgs = '<br />';
foreach ($errors as $img => $error)
{
$errormsgs .= '<br />' . sprintf($user->lang[$error], $img);
}
if ($action == 'modify')
{
trigger_error($user->lang[$suc_lang . '_EDITED'] . adm_back_link($this->u_action), $level);
trigger_error($user->lang[$suc_lang . '_EDITED'] . $errormsgs . adm_back_link($this->u_action), $level);
}
else
{
trigger_error($user->lang[$suc_lang . '_ADDED'] . adm_back_link($this->u_action), $level);
trigger_error($user->lang[$suc_lang . '_ADDED'] . $errormsgs .adm_back_link($this->u_action), $level);
}
break;
@ -462,7 +472,7 @@ class acp_icons
if (preg_match_all("#'(.*?)', ?#", $pak_entry, $data))
{
if ((sizeof($data[1]) != 4 && $mode == 'icons') ||
(sizeof($data[1]) != 6 && $mode == 'smilies'))
((sizeof($data[1]) != 6 || (empty($data[1][4]) || empty($data[1][5]))) && $mode == 'smilies' ))
{
trigger_error($user->lang['WRONG_PAK_TYPE'] . adm_back_link($this->u_action), E_USER_WARNING);
}

9
phpBB/includes/acp/acp_main.php
View file

@ -310,7 +310,7 @@ class acp_main
$users_per_day = sprintf('%.2f', $total_users / $boarddays);
$files_per_day = sprintf('%.2f', $total_files / $boarddays);
$upload_dir_size = ($config['upload_dir_size'] >= 1048576) ? sprintf('%.2f ' . $user->lang['MB'], ($config['upload_dir_size'] / 1048576)) : (($config['upload_dir_size'] >= 1024) ? sprintf('%.2f ' . $user->lang['KB'], ($config['upload_dir_size'] / 1024)) : sprintf('%.2f ' . $user->lang['BYTES'], $config['upload_dir_size']));
$upload_dir_size = get_formatted_filesize($config['upload_dir_size']);
$avatar_dir_size = 0;
@ -325,10 +325,7 @@ class acp_main
}
closedir($avatar_dir);
// This bit of code translates the avatar directory size into human readable format
// Borrowed the code from the PHP.net annoted manual, origanally written by:
// Jesse (jesse@jess.on.ca)
$avatar_dir_size = ($avatar_dir_size >= 1048576) ? sprintf('%.2f ' . $user->lang['MB'], ($avatar_dir_size / 1048576)) : (($avatar_dir_size >= 1024) ? sprintf('%.2f ' . $user->lang['KB'], ($avatar_dir_size / 1024)) : sprintf('%.2f ' . $user->lang['BYTES'], $avatar_dir_size));
$avatar_dir_size = get_formatted_filesize($avatar_dir_size);
}
else
{
@ -392,7 +389,7 @@ class acp_main
'DATABASE_INFO' => $db->sql_server_info(),
'BOARD_VERSION' => $config['version'],
'U_ACTION' => append_sid("{$phpbb_admin_path}index.$phpEx"),
'U_ACTION' => $this->u_action,
'U_ADMIN_LOG' => append_sid("{$phpbb_admin_path}index.$phpEx", 'i=logs&amp;mode=admin'),
'U_INACTIVE_USERS' => append_sid("{$phpbb_admin_path}index.$phpEx", 'i=inactive&amp;mode=list'),

95
phpBB/includes/acp/acp_permissions.php
View file

@ -48,7 +48,7 @@ class acp_permissions
$this->tpl_name = 'permission_trace';
if ($user_id && isset($auth_admin->option_ids[$permission]) && $auth->acl_get('a_viewauth'))
if ($user_id && isset($auth_admin->acl_options['id'][$permission]) && $auth->acl_get('a_viewauth'))
{
$this->page_title = sprintf($user->lang['TRACE_PERMISSION'], $user->lang['acl_' . $permission]['lang']);
$this->permission_trace($user_id, $forum_id, $permission);
@ -124,7 +124,7 @@ class acp_permissions
$forum_id = array();
while ($row = $db->sql_fetchrow($result))
{
$forum_id[] = $row['forum_id'];
$forum_id[] = (int) $row['forum_id'];
}
$db->sql_freeresult($result);
}
@ -133,7 +133,7 @@ class acp_permissions
$forum_id = array();
foreach (get_forum_branch($subforum_id, 'children') as $row)
{
$forum_id[] = $row['forum_id'];
$forum_id[] = (int) $row['forum_id'];
}
}
@ -598,7 +598,7 @@ class acp_permissions
$ids = array();
while ($row = $db->sql_fetchrow($result))
{
$ids[] = $row[$sql_id];
$ids[] = (int) $row[$sql_id];
}
$db->sql_freeresult($result);
}
@ -1117,31 +1117,51 @@ class acp_permissions
global $db, $user;
$sql_forum_id = ($permission_scope == 'global') ? 'AND a.forum_id = 0' : ((sizeof($forum_id)) ? 'AND ' . $db->sql_in_set('a.forum_id', $forum_id) : 'AND a.forum_id <> 0');
$sql_permission_option = ' AND o.auth_option ' . $db->sql_like_expression($permission_type . $db->any_char);
$sql = $db->sql_build_query('SELECT_DISTINCT', array(
'SELECT' => 'u.username, u.username_clean, u.user_regdate, u.user_id',
// Permission options are only able to be a permission set... therefore we will pre-fetch the possible options and also the possible roles
$option_ids = $role_ids = array();
'FROM' => array(
USERS_TABLE => 'u',
ACL_OPTIONS_TABLE => 'o',
ACL_USERS_TABLE => 'a'
),
$sql = 'SELECT auth_option_id
FROM ' . ACL_OPTIONS_TABLE . '
WHERE auth_option ' . $db->sql_like_expression($permission_type . $db->any_char);
$result = $db->sql_query($sql);
'LEFT_JOIN' => array(
array(
'FROM' => array(ACL_ROLES_DATA_TABLE => 'r'),
'ON' => 'a.auth_role_id = r.role_id'
)
),
while ($row = $db->sql_fetchrow($result))
{
$option_ids[] = (int) $row['auth_option_id'];
}
$db->sql_freeresult($result);
'WHERE' => "(a.auth_option_id = o.auth_option_id OR r.auth_option_id = o.auth_option_id)
$sql_permission_option
if (sizeof($option_ids))
{
$sql = 'SELECT DISTINCT role_id
FROM ' . ACL_ROLES_DATA_TABLE . '
WHERE ' . $db->sql_in_set('auth_option_id', $option_ids);
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
$role_ids[] = (int) $row['role_id'];
}
$db->sql_freeresult($result);
}
if (sizeof($option_ids) && sizeof($role_ids))
{
$sql_where = 'AND (' . $db->sql_in_set('a.auth_option_id', $option_ids) . ' OR ' . $db->sql_in_set('a.auth_role_id', $role_ids) . ')';
}
else
{
$sql_where = 'AND ' . $db->sql_in_set('a.auth_option_id', $option_ids);
}
// Not ideal, due to the filesort, non-use of indexes, etc.
$sql = 'SELECT DISTINCT u.user_id, u.username
FROM ' . USERS_TABLE . ' u, ' . ACL_USERS_TABLE . " a
WHERE u.user_id = a.user_id
$sql_forum_id
AND u.user_id = a.user_id",
'ORDER_BY' => 'u.username_clean, u.user_regdate ASC'
));
$sql_where
ORDER BY u.username_clean, u.user_regdate ASC";
$result = $db->sql_query($sql);
$s_defined_user_options = '';
@ -1153,29 +1173,12 @@ class acp_permissions
}
$db->sql_freeresult($result);
$sql = $db->sql_build_query('SELECT_DISTINCT', array(
'SELECT' => 'g.group_type, g.group_name, g.group_id',
'FROM' => array(
GROUPS_TABLE => 'g',
ACL_OPTIONS_TABLE => 'o',
ACL_GROUPS_TABLE => 'a'
),
'LEFT_JOIN' => array(
array(
'FROM' => array(ACL_ROLES_DATA_TABLE => 'r'),
'ON' => 'a.auth_role_id = r.role_id'
)
),
'WHERE' => "(a.auth_option_id = o.auth_option_id OR r.auth_option_id = o.auth_option_id)
$sql_permission_option
$sql = 'SELECT DISTINCT g.group_type, g.group_name, g.group_id
FROM ' . GROUPS_TABLE . ' g, ' . ACL_GROUPS_TABLE . " a
WHERE g.group_id = a.group_id
$sql_forum_id
AND g.group_id = a.group_id",
'ORDER_BY' => 'g.group_type DESC, g.group_name ASC'
));
$sql_where
ORDER BY g.group_type DESC, g.group_name ASC";
$result = $db->sql_query($sql);
$s_defined_group_options = '';

10
phpBB/includes/acp/acp_prune.php
View file

@ -405,7 +405,15 @@ class acp_prune
$where_sql .= ($email) ? ' AND user_email ' . $db->sql_like_expression(str_replace('*', $db->any_char, $email)) . ' ' : '';
$where_sql .= (sizeof($joined)) ? " AND user_regdate " . $key_match[$joined_select] . ' ' . gmmktime(0, 0, 0, (int) $joined[1], (int) $joined[2], (int) $joined[0]) : '';
$where_sql .= ($count !== '') ? " AND user_posts " . $key_match[$count_select] . ' ' . (int) $count . ' ' : '';
$where_sql .= (sizeof($active)) ? " AND user_lastvisit " . $key_match[$active_select] . " " . gmmktime(0, 0, 0, (int) $active[1], (int) $active[2], (int) $active[0]) : '';
if (sizeof($active) && $active_select != 'lt')
{
$where_sql .= ' AND user_lastvisit ' . $key_match[$active_select] . ' ' . gmmktime(0, 0, 0, (int) $active[1], (int) $active[2], (int) $active[0]);
}
else if (sizeof($active))
{
$where_sql .= ' AND (user_lastvisit > 0 AND user_lastvisit < ' . gmmktime(0, 0, 0, (int) $active[1], (int) $active[2], (int) $active[0]) . ')';
}
}
// Protect the admin, do not prune if no options are given...

24
phpBB/includes/acp/acp_search.php
View file

@ -183,6 +183,26 @@ class acp_search
}
}
$search = null;
$error = false;
if (!$this->init_search($config['search_type'], $search, $error))
{
if ($updated)
{
if (method_exists($search, 'config_updated'))
{
if ($search->config_updated())
{
trigger_error($error . adm_back_link($this->u_action), E_USER_WARNING);
}
}
}
}
else
{
trigger_error($error . adm_back_link($this->u_action), E_USER_WARNING);
}
trigger_error($user->lang['CONFIG_UPDATED'] . $extra_message . adm_back_link($this->u_action));
}
unset($cfg_array);
@ -518,9 +538,9 @@ class acp_search
function close_popup_js()
{
return "<script type=\"text/javascript\">\n" .
"<!--\n" .
"// <![CDATA[\n" .
" close_waitscreen = 1;\n" .
"//-->\n" .
"// ]]>\n" .
"</script>\n";
}

2
phpBB/includes/acp/acp_styles.php
View file

@ -1003,7 +1003,7 @@ parse_css_file = {PARSE_CSS_FILE}
'CACHED' => $user->format_date(filemtime("{$phpbb_root_path}cache/$filename")),
'FILENAME' => $file,
'FILESIZE' => sprintf('%.1f KB', filesize("{$phpbb_root_path}cache/$filename") / 1024),
'FILESIZE' => sprintf('%.1f ' . $user->lang['KIB'], filesize("{$phpbb_root_path}cache/$filename") / 1024),
'MODIFIED' => $user->format_date((!$template_row['template_storedb']) ? filemtime("{$phpbb_root_path}styles/{$template_row['template_path']}/template/$tpl_file.html") : $filemtime[$file . '.html']))
);
}

11
phpBB/includes/acp/acp_users.php
View file

@ -630,7 +630,7 @@ class acp_users
}
$forum_id_ary = array_unique($forum_id_ary);
$topic_id_ary = array_unique(array_merge($topic_id_ary, $new_topic_id_ary));
$topic_id_ary = array_unique(array_merge(array_keys($topic_id_ary), $new_topic_id_ary));
if (sizeof($topic_id_ary))
{
@ -1063,6 +1063,8 @@ class acp_users
$data['bday_day'] = request_var('bday_day', $data['bday_day']);
$data['bday_month'] = request_var('bday_month', $data['bday_month']);
$data['bday_year'] = request_var('bday_year', $data['bday_year']);
$data['user_birthday'] = sprintf('%2d-%2d-%4d', $data['bday_day'], $data['bday_month'], $data['bday_year']);
if ($submit)
{
@ -1085,6 +1087,7 @@ class acp_users
'bday_day' => array('num', true, 1, 31),
'bday_month' => array('num', true, 1, 12),
'bday_year' => array('num', true, 1901, gmdate('Y', time())),
'user_birthday' => array('date', true),
));
// validate custom profile fields
@ -1111,7 +1114,7 @@ class acp_users
'user_from' => $data['location'],
'user_occ' => $data['occupation'],
'user_interests'=> $data['interests'],
'user_birthday' => sprintf('%2d-%2d-%4d', $data['bday_day'], $data['bday_month'], $data['bday_year']),
'user_birthday' => $data['user_birthday'],
);
$sql = 'UPDATE ' . USERS_TABLE . '
@ -1344,7 +1347,7 @@ class acp_users
$s_custom = false;
$dateformat_options .= '<option value="custom"';
if (!in_array($data['dateformat'], array_keys($user->lang['dateformats'])))
if (!isset($user->lang['dateformats'][$data['dateformat']]))
{
$dateformat_options .= ' selected="selected"';
$s_custom = true;
@ -1744,7 +1747,7 @@ class acp_users
'REAL_FILENAME' => $row['real_filename'],
'COMMENT' => nl2br($row['attach_comment']),
'EXTENSION' => $row['extension'],
'SIZE' => ($row['filesize'] >= 1048576) ? ($row['filesize'] >> 20) . ' ' . $user->lang['MB'] : (($row['filesize'] >= 1024) ? ($row['filesize'] >> 10) . ' ' . $user->lang['KB'] : $row['filesize'] . ' ' . $user->lang['BYTES']),
'SIZE' => get_formatted_filesize($row['filesize']),
'DOWNLOAD_COUNT' => $row['download_count'],
'POST_TIME' => $user->format_date($row['filetime']),
'TOPIC_TITLE' => ($row['in_message']) ? $row['message_title'] : $row['topic_title'],

48
phpBB/includes/acp/auth.php
View file

@ -22,8 +22,6 @@ if (!defined('IN_PHPBB'))
*/
class auth_admin extends auth
{
var $option_ids = array();
/**
* Init auth settings
*/
@ -33,7 +31,7 @@ class auth_admin extends auth
if (($this->acl_options = $cache->get('_acl_options')) === false)
{
$sql = 'SELECT auth_option, is_global, is_local
$sql = 'SELECT auth_option_id, auth_option, is_global, is_local
FROM ' . ACL_OPTIONS_TABLE . '
ORDER BY auth_option_id';
$result = $db->sql_query($sql);
@ -51,25 +49,14 @@ class auth_admin extends auth
{
$this->acl_options['local'][$row['auth_option']] = $local++;
}
$this->acl_options['id'][$row['auth_option']] = (int) $row['auth_option_id'];
$this->acl_options['option'][(int) $row['auth_option_id']] = $row['auth_option'];
}
$db->sql_freeresult($result);
$cache->put('_acl_options', $this->acl_options);
}
if (!sizeof($this->option_ids))
{
$sql = 'SELECT auth_option_id, auth_option
FROM ' . ACL_OPTIONS_TABLE;
$result = $db->sql_query($sql);
$this->option_ids = array();
while ($row = $db->sql_fetchrow($result))
{
$this->option_ids[$row['auth_option']] = $row['auth_option_id'];
}
$db->sql_freeresult($result);
}
}
/**
@ -126,7 +113,7 @@ class auth_admin extends auth
while ($row = $db->sql_fetchrow($result))
{
$forum_ids[] = $row['forum_id'];
$forum_ids[] = (int) $row['forum_id'];
}
$db->sql_freeresult($result);
}
@ -778,6 +765,10 @@ class auth_admin extends auth
$cache->destroy('_acl_options');
$this->acl_clear_prefetch();
// Because we just changed the options and also purged the options cache, we instantly update/regenerate it for later calls to succeed.
$this->acl_options = array();
$this->auth_admin();
return true;
}
@ -813,7 +804,7 @@ class auth_admin extends auth
$flag = substr($flag, 0, strpos($flag, '_') + 1);
// This ID (the any-flag) is set if one or more permissions are true...
$any_option_id = (int) $this->option_ids[$flag];
$any_option_id = (int) $this->acl_options['id'][$flag];
// Remove any-flag from auth ary
if (isset($auth[$flag]))
@ -825,7 +816,7 @@ class auth_admin extends auth
$auth_option_ids = array((int)$any_option_id);
foreach ($auth as $auth_option => $auth_setting)
{
$auth_option_ids[] = (int) $this->option_ids[$auth_option];
$auth_option_ids[] = (int) $this->acl_options['id'][$auth_option];
}
$sql = "DELETE FROM $table
@ -888,7 +879,7 @@ class auth_admin extends auth
{
foreach ($auth as $auth_option => $setting)
{
$auth_option_id = (int) $this->option_ids[$auth_option];
$auth_option_id = (int) $this->acl_options['id'][$auth_option];
if ($setting != ACL_NO)
{
@ -944,7 +935,7 @@ class auth_admin extends auth
$sql_ary = array();
foreach ($auth as $auth_option => $setting)
{
$auth_option_id = (int) $this->option_ids[$auth_option];
$auth_option_id = (int) $this->acl_options['id'][$auth_option];
if ($setting != ACL_NO)
{
@ -961,7 +952,7 @@ class auth_admin extends auth
{
$sql_ary[] = array(
'role_id' => (int) $role_id,
'auth_option_id' => (int) $this->option_ids[$flag],
'auth_option_id' => (int) $this->acl_options['id'][$flag],
'auth_setting' => ACL_NEVER
);
}
@ -1238,12 +1229,7 @@ class auth_admin extends auth
return false;
}
$hold_ary = $this->acl_raw_data($from_user_id, false, false);
if (isset($hold_ary[$from_user_id]))
{
$hold_ary = $hold_ary[$from_user_id];
}
$hold_ary = $this->acl_raw_data_single_user($from_user_id);
// Key 0 in $hold_ary are global options, all others are forum_ids
@ -1252,12 +1238,12 @@ class auth_admin extends auth
{
if (strpos($opt, 'a_') === 0)
{
$hold_ary[0][$opt] = ACL_NEVER;
$hold_ary[0][$this->acl_options['id'][$opt]] = ACL_NEVER;
}
}
// Force a_switchperm to be allowed
$hold_ary[0]['a_switchperm'] = ACL_YES;
$hold_ary[0][$this->acl_options['id']['a_switchperm']] = ACL_YES;
$user_permissions = $this->build_bitstring($hold_ary);

450
phpBB/includes/auth.php
View file

@ -39,7 +39,7 @@ class auth
if (($this->acl_options = $cache->get('_acl_options')) === false)
{
$sql = 'SELECT auth_option, is_global, is_local
$sql = 'SELECT auth_option_id, auth_option, is_global, is_local
FROM ' . ACL_OPTIONS_TABLE . '
ORDER BY auth_option_id';
$result = $db->sql_query($sql);
@ -57,6 +57,9 @@ class auth
{
$this->acl_options['local'][$row['auth_option']] = $local++;
}
$this->acl_options['id'][$row['auth_option']] = (int) $row['auth_option_id'];
$this->acl_options['option'][(int) $row['auth_option_id']] = $row['auth_option'];
}
$db->sql_freeresult($result);
@ -301,8 +304,15 @@ class auth
* Get permission listing based on user_id/options/forum_ids
*/
function acl_get_list($user_id = false, $opts = false, $forum_id = false)
{
if ($user_id !== false && !is_array($user_id) && $opts === false && $forum_id === false)
{
$hold_ary = array($user_id => $this->acl_raw_data_single_user($user_id));
}
else
{
$hold_ary = $this->acl_raw_data($user_id, $opts, $forum_id);
}
$auth_ary = array();
foreach ($hold_ary as $user_id => $forum_ary)
@ -332,12 +342,7 @@ class auth
// Empty user_permissions
$userdata['user_permissions'] = '';
$hold_ary = $this->acl_raw_data($userdata['user_id'], false, false);
if (isset($hold_ary[$userdata['user_id']]))
{
$hold_ary = $hold_ary[$userdata['user_id']];
}
$hold_ary = $this->acl_raw_data_single_user($userdata['user_id']);
// Key 0 in $hold_ary are global options, all others are forum_ids
@ -348,42 +353,11 @@ class auth
{
if (strpos($opt, 'a_') === 0)
{
$hold_ary[0][$opt] = ACL_YES;
$hold_ary[0][$this->acl_options['id'][$opt]] = ACL_YES;
}
}
}
// Sometimes, it can happen $hold_ary holding forums which do not exist.
// Since this function is not called that often (we are caching the data) we check for this inconsistency.
$sql = 'SELECT forum_id
FROM ' . FORUMS_TABLE . '
WHERE ' . $db->sql_in_set('forum_id', array_keys($hold_ary), false, true);
$result = $db->sql_query($sql);
$forum_ids = (isset($hold_ary[0])) ? array(0) : array();
while ($row = $db->sql_fetchrow($result))
{
$forum_ids[] = $row['forum_id'];
}
$db->sql_freeresult($result);
// Now determine forums which do not exist and remove the unneeded information (for modding purposes it is clearly the wrong place. ;))
$missing_forums = array_diff(array_keys($hold_ary), $forum_ids);
if (sizeof($missing_forums))
{
foreach ($missing_forums as $forum_id)
{
unset($hold_ary[$forum_id]);
}
$sql = 'DELETE FROM ' . ACL_GROUPS_TABLE . ' WHERE ' . $db->sql_in_set('forum_id', $missing_forums);
$db->sql_query($sql);
$sql = 'DELETE FROM ' . ACL_USERS_TABLE . ' WHERE ' . $db->sql_in_set('forum_id', $missing_forums);
$db->sql_query($sql);
}
$hold_str = $this->build_bitstring($hold_ary);
if ($hold_str)
@ -420,15 +394,15 @@ class auth
$bitstring = array();
foreach ($this->acl_options[$ary_key] as $opt => $id)
{
if (isset($auth_ary[$opt]))
if (isset($auth_ary[$this->acl_options['id'][$opt]]))
{
$bitstring[$id] = $auth_ary[$opt];
$bitstring[$id] = $auth_ary[$this->acl_options['id'][$opt]];
$option_key = substr($opt, 0, strpos($opt, '_') + 1);
// If one option is allowed, the global permission for this option has to be allowed too
// example: if the user has the a_ permission this means he has one or more a_* permissions
if ($auth_ary[$opt] == ACL_YES && (!isset($bitstring[$this->acl_options[$ary_key][$option_key]]) || $bitstring[$this->acl_options[$ary_key][$option_key]] == ACL_NEVER))
if ($auth_ary[$this->acl_options['id'][$opt]] == ACL_YES && (!isset($bitstring[$this->acl_options[$ary_key][$option_key]]) || $bitstring[$this->acl_options[$ary_key][$option_key]] == ACL_NEVER))
{
$bitstring[$this->acl_options[$ary_key][$option_key]] = ACL_YES;
}
@ -466,8 +440,31 @@ class auth
*/
function acl_clear_prefetch($user_id = false)
{
global $db;
global $db, $cache;
// Rebuild options cache
$cache->destroy('_role_cache');
$sql = 'SELECT *
FROM ' . ACL_ROLES_DATA_TABLE . '
ORDER BY role_id ASC';
$result = $db->sql_query($sql);
$this->role_cache = array();
while ($row = $db->sql_fetchrow($result))
{
$this->role_cache[$row['role_id']][$row['auth_option_id']] = (int) $row['auth_setting'];
}
$db->sql_freeresult($result);
foreach ($this->role_cache as $role_id => $role_options)
{
$this->role_cache[$role_id] = serialize($role_options);
}
$cache->put('_role_cache', $this->role_cache);
// Now empty user permissions
$where_sql = '';
if ($user_id !== false)
@ -528,103 +525,35 @@ class auth
$sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? 'user_id = ' . (int) $user_id : $db->sql_in_set('user_id', array_map('intval', $user_id))) : '';
$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? 'AND a.forum_id = ' . (int) $forum_id : 'AND ' . $db->sql_in_set('a.forum_id', array_map('intval', $forum_id))) : '';
$sql_opts = '';
$sql_opts = $sql_opts_select = $sql_opts_from = '';
$hold_ary = array();
if ($opts !== false)
{
$sql_opts_select = ', ao.auth_option';
$sql_opts_from = ', ' . ACL_OPTIONS_TABLE . ' ao';
$this->build_auth_option_statement('ao.auth_option', $opts, $sql_opts);
}
$hold_ary = array();
$sql_ary = array();
// First grab user settings ... each user has only one setting for each
// option ... so we shouldn't need any ACL_NEVER checks ... he says ...
// Grab assigned roles...
$sql = $db->sql_build_query('SELECT', array(
'SELECT' => 'ao.auth_option, a.auth_role_id, r.auth_setting as role_auth_setting, a.user_id, a.forum_id, a.auth_setting',
'FROM' => array(
ACL_OPTIONS_TABLE => 'ao',
ACL_USERS_TABLE => 'a'
),
'LEFT_JOIN' => array(
array(
'FROM' => array(ACL_ROLES_DATA_TABLE => 'r'),
'ON' => 'a.auth_role_id = r.role_id'
)
),
'WHERE' => '(ao.auth_option_id = a.auth_option_id OR ao.auth_option_id = r.auth_option_id)
' . (($sql_user) ? 'AND a.' . $sql_user : '') . "
// Grab non-role settings - user-specific
$sql_ary[] = 'SELECT a.user_id, a.forum_id, a.auth_setting, a.auth_option_id' . $sql_opts_select . '
FROM ' . ACL_USERS_TABLE . ' a' . $sql_opts_from . '
WHERE a.auth_role_id = 0 ' .
(($sql_opts_from) ? 'AND a.auth_option_id = ao.auth_option_id ' : '') .
(($sql_user) ? 'AND a.' . $sql_user : '') . "
$sql_forum
$sql_opts",
));
$result = $db->sql_query($sql);
$sql_opts";
while ($row = $db->sql_fetchrow($result))
{
$setting = ($row['auth_role_id']) ? $row['role_auth_setting'] : $row['auth_setting'];
$hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] = $setting;
}
$db->sql_freeresult($result);
// Now grab group settings ... ACL_NEVER overrides ACL_YES so act appropriatley
$sql_ary[] = $db->sql_build_query('SELECT', array(
'SELECT' => 'ug.user_id, ao.auth_option, a.forum_id, a.auth_setting, a.auth_role_id, r.auth_setting as role_auth_setting',
'FROM' => array(
USER_GROUP_TABLE => 'ug',
ACL_OPTIONS_TABLE => 'ao',
ACL_GROUPS_TABLE => 'a'
),
'LEFT_JOIN' => array(
array(
'FROM' => array(ACL_ROLES_DATA_TABLE => 'r'),
'ON' => 'a.auth_role_id = r.role_id'
)
),
'WHERE' => 'ao.auth_option_id = a.auth_option_id
AND a.group_id = ug.group_id
AND ug.user_pending = 0
' . (($sql_user) ? 'AND ug.' . $sql_user : '') . "
// Now the role settings - user-specific
$sql_ary[] = 'SELECT a.user_id, a.forum_id, r.auth_option_id, r.auth_setting, r.auth_option_id' . $sql_opts_select . '
FROM ' . ACL_USERS_TABLE . ' a, ' . ACL_ROLES_DATA_TABLE . ' r' . $sql_opts_from . '
WHERE a.auth_role_id = r.role_id ' .
(($sql_opts_from) ? 'AND r.auth_option_id = ao.auth_option_id ' : '') .
(($sql_user) ? 'AND a.' . $sql_user : '') . "
$sql_forum
$sql_opts"
));
$sql_ary[] = $db->sql_build_query('SELECT', array(
'SELECT' => 'ug.user_id, a.forum_id, a.auth_setting, a.auth_role_id, r.auth_setting as role_auth_setting, ao.auth_option' ,
'FROM' => array(
ACL_OPTIONS_TABLE => 'ao'
),
'LEFT_JOIN' => array(
array(
'FROM' => array(ACL_ROLES_DATA_TABLE => 'r'),
'ON' => 'r.auth_option_id = ao.auth_option_id'
),
array(
'FROM' => array(ACL_GROUPS_TABLE => 'a'),
'ON' => 'a.auth_role_id = r.role_id'
),
array(
'FROM' => array(USER_GROUP_TABLE => 'ug'),
'ON' => 'ug.group_id = a.group_id'
)
),
'WHERE' => 'ug.user_pending = 0
' . (($sql_user) ? 'AND ug.' . $sql_user : '') . "
$sql_forum
$sql_opts"
));
$sql_opts";
foreach ($sql_ary as $sql)
{
@ -632,24 +561,62 @@ class auth
while ($row = $db->sql_fetchrow($result))
{
if (!isset($hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']]) || (isset($hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']]) && $hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] != ACL_NEVER))
{
$setting = ($row['auth_role_id']) ? $row['role_auth_setting'] : $row['auth_setting'];
$hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] = $setting;
$option = ($sql_opts_select) ? $row['auth_option'] : $this->acl_options['option'][$row['auth_option_id']];
$hold_ary[$row['user_id']][$row['forum_id']][$option] = $row['auth_setting'];
}
$db->sql_freeresult($result);
}
// Check for existence of ACL_YES if an option got set to ACL_NEVER
if ($setting == ACL_NEVER)
$sql_ary = array();
// Now grab group settings - non-role specific...
$sql_ary[] = 'SELECT ug.user_id, a.forum_id, a.auth_setting, a.auth_option_id' . $sql_opts_select . '
FROM ' . ACL_GROUPS_TABLE . ' a, ' . USER_GROUP_TABLE . ' ug' . $sql_opts_from . '
WHERE a.auth_role_id = 0 ' .
(($sql_opts_from) ? 'AND a.auth_option_id = ao.auth_option_id ' : '') . '
AND a.group_id = ug.group_id
AND ug.user_pending = 0
' . (($sql_user) ? 'AND ug.' . $sql_user : '') . "
$sql_forum
$sql_opts";
// Now grab group settings - role specific...
$sql_ary[] = 'SELECT ug.user_id, a.forum_id, r.auth_setting, r.auth_option_id' . $sql_opts_select . '
FROM ' . ACL_GROUPS_TABLE . ' a, ' . USER_GROUP_TABLE . ' ug, ' . ACL_ROLES_DATA_TABLE . ' r' . $sql_opts_from . '
WHERE a.auth_role_id = r.role_id ' .
(($sql_opts_from) ? 'AND r.auth_option_id = ao.auth_option_id ' : '') . '
AND a.group_id = ug.group_id
AND ug.user_pending = 0
' . (($sql_user) ? 'AND ug.' . $sql_user : '') . "
$sql_forum
$sql_opts";
foreach ($sql_ary as $sql)
{
$flag = substr($row['auth_option'], 0, strpos($row['auth_option'], '_') + 1);
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
$option = ($sql_opts_select) ? $row['auth_option'] : $this->acl_options['option'][$row['auth_option_id']];
if (!isset($hold_ary[$row['user_id']][$row['forum_id']][$option]) || (isset($hold_ary[$row['user_id']][$row['forum_id']][$option]) && $hold_ary[$row['user_id']][$row['forum_id']][$option] != ACL_NEVER))
{
$hold_ary[$row['user_id']][$row['forum_id']][$option] = $row['auth_setting'];
// If we detect ACL_NEVER, we will unset the flag option (within building the bitstring it is correctly set again)
if ($row['auth_setting'] == ACL_NEVER)
{
$flag = substr($option, 0, strpos($option, '_') + 1);
if (isset($hold_ary[$row['user_id']][$row['forum_id']][$flag]) && $hold_ary[$row['user_id']][$row['forum_id']][$flag] == ACL_YES)
{
unset($hold_ary[$row['user_id']][$row['forum_id']][$flag]);
if (in_array(ACL_YES, $hold_ary[$row['user_id']][$row['forum_id']]))
/* if (in_array(ACL_YES, $hold_ary[$row['user_id']][$row['forum_id']]))
{
$hold_ary[$row['user_id']][$row['forum_id']][$flag] = ACL_YES;
}
*/
}
}
}
@ -671,45 +638,43 @@ class auth
$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? 'AND a.forum_id = ' . (int) $forum_id : 'AND ' . $db->sql_in_set('a.forum_id', array_map('intval', $forum_id))) : '';
$sql_opts = '';
$hold_ary = $sql_ary = array();
if ($opts !== false)
{
$this->build_auth_option_statement('ao.auth_option', $opts, $sql_opts);
}
$hold_ary = array();
// Grab user settings...
$sql = $db->sql_build_query('SELECT', array(
'SELECT' => 'ao.auth_option, a.auth_role_id, r.auth_setting as role_auth_setting, a.user_id, a.forum_id, a.auth_setting',
'FROM' => array(
ACL_OPTIONS_TABLE => 'ao',
ACL_USERS_TABLE => 'a'
),
'LEFT_JOIN' => array(
array(
'FROM' => array(ACL_ROLES_DATA_TABLE => 'r'),
'ON' => 'a.auth_role_id = r.role_id'
),
),
'WHERE' => '(ao.auth_option_id = a.auth_option_id OR ao.auth_option_id = r.auth_option_id)
' . (($sql_user) ? 'AND a.' . $sql_user : '') . "
// Grab user settings - non-role specific...
$sql_ary[] = 'SELECT a.user_id, a.forum_id, a.auth_setting, a.auth_option_id, ao.auth_option
FROM ' . ACL_USERS_TABLE . ' a, ' . ACL_OPTIONS_TABLE . ' ao
WHERE a.auth_role_id = 0
AND a.auth_option_id = ao.auth_option_id ' .
(($sql_user) ? 'AND a.' . $sql_user : '') . "
$sql_forum
$sql_opts",
$sql_opts
ORDER BY a.forum_id, ao.auth_option";
'ORDER_BY' => 'a.forum_id, ao.auth_option'
));
// Now the role settings - user-specific
$sql_ary[] = 'SELECT a.user_id, a.forum_id, r.auth_option_id, r.auth_setting, r.auth_option_id, ao.auth_option
FROM ' . ACL_USERS_TABLE . ' a, ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . ' ao
WHERE a.auth_role_id = r.role_id
AND r.auth_option_id = ao.auth_option_id ' .
(($sql_user) ? 'AND a.' . $sql_user : '') . "
$sql_forum
$sql_opts
ORDER BY a.forum_id, ao.auth_option";
foreach ($sql_ary as $sql)
{
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
$setting = ($row['auth_role_id']) ? $row['role_auth_setting'] : $row['auth_setting'];
$hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] = $setting;
$hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] = $row['auth_setting'];
}
$db->sql_freeresult($result);
}
return $hold_ary;
}
@ -725,49 +690,158 @@ class auth
$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? 'AND a.forum_id = ' . (int) $forum_id : 'AND ' . $db->sql_in_set('a.forum_id', array_map('intval', $forum_id))) : '';
$sql_opts = '';
$hold_ary = $sql_ary = array();
if ($opts !== false)
{
$this->build_auth_option_statement('ao.auth_option', $opts, $sql_opts);
}
$hold_ary = array();
// Grab group settings...
$sql = $db->sql_build_query('SELECT', array(
'SELECT' => 'a.group_id, ao.auth_option, a.forum_id, a.auth_setting, a.auth_role_id, r.auth_setting as role_auth_setting',
'FROM' => array(
ACL_OPTIONS_TABLE => 'ao',
ACL_GROUPS_TABLE => 'a'
),
'LEFT_JOIN' => array(
array(
'FROM' => array(ACL_ROLES_DATA_TABLE => 'r'),
'ON' => 'a.auth_role_id = r.role_id'
),
),
'WHERE' => '(ao.auth_option_id = a.auth_option_id OR ao.auth_option_id = r.auth_option_id)
' . (($sql_group) ? 'AND a.' . $sql_group : '') . "
// Grab group settings - non-role specific...
$sql_ary[] = 'SELECT a.group_id, a.forum_id, a.auth_setting, a.auth_option_id, ao.auth_option
FROM ' . ACL_GROUPS_TABLE . ' a, ' . ACL_OPTIONS_TABLE . ' ao
WHERE a.auth_role_id = 0
AND a.auth_option_id = ao.auth_option_id ' .
(($sql_group) ? 'AND a.' . $sql_group : '') . "
$sql_forum
$sql_opts",
$sql_opts
ORDER BY a.forum_id, ao.auth_option";
'ORDER_BY' => 'a.forum_id, ao.auth_option'
));
// Now grab group settings - role specific...
$sql_ary[] = 'SELECT a.group_id, a.forum_id, r.auth_setting, r.auth_option_id, ao.auth_option
FROM ' . ACL_GROUPS_TABLE . ' a, ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . ' ao
WHERE a.auth_role_id = r.role_id
AND r.auth_option_id = ao.auth_option_id ' .
(($sql_group) ? 'AND a.' . $sql_group : '') . "
$sql_forum
$sql_opts
ORDER BY a.forum_id, ao.auth_option";
foreach ($sql_ary as $sql)
{
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
$setting = ($row['auth_role_id']) ? $row['role_auth_setting'] : $row['auth_setting'];
$hold_ary[$row['group_id']][$row['forum_id']][$row['auth_option']] = $setting;
$hold_ary[$row['group_id']][$row['forum_id']][$row['auth_option']] = $row['auth_setting'];
}
$db->sql_freeresult($result);
}
return $hold_ary;
}
/**
* Get raw acl data based on user for caching user_permissions
* This function returns the same data as acl_raw_data(), but without the user id as the first key within the array.
*/
function acl_raw_data_single_user($user_id)
{
global $db, $cache;
// Check if the role-cache is there
if (($this->role_cache = $cache->get('_role_cache')) === false)
{
$this->role_cache = array();
// We pre-fetch roles
$sql = 'SELECT *
FROM ' . ACL_ROLES_DATA_TABLE . '
ORDER BY role_id ASC';
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
$this->role_cache[$row['role_id']][$row['auth_option_id']] = (int) $row['auth_setting'];
}
$db->sql_freeresult($result);
foreach ($this->role_cache as $role_id => $role_options)
{
$this->role_cache[$role_id] = serialize($role_options);
}
$cache->put('_role_cache', $this->role_cache);
}
$hold_ary = array();
// Grab user-specific permission settings
$sql = 'SELECT forum_id, auth_option_id, auth_role_id, auth_setting
FROM ' . ACL_USERS_TABLE . '
WHERE user_id = ' . $user_id;
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
// If a role is assigned, assign all options included within this role. Else, only set this one option.
if ($row['auth_role_id'])
{
$hold_ary[$row['forum_id']] = (empty($hold_ary[$row['forum_id']])) ? unserialize($this->role_cache[$row['auth_role_id']]) : $hold_ary[$row['forum_id']] + unserialize($this->role_cache[$row['auth_role_id']]);
}
else
{
$hold_ary[$row['forum_id']][$row['auth_option_id']] = $row['auth_setting'];
}
}
$db->sql_freeresult($result);
// Now grab group-specific permission settings
$sql = 'SELECT a.forum_id, a.auth_option_id, a.auth_role_id, a.auth_setting
FROM ' . ACL_GROUPS_TABLE . ' a, ' . USER_GROUP_TABLE . ' ug
WHERE a.group_id = ug.group_id
AND ug.user_pending = 0
AND ug.user_id = ' . $user_id;
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
if (!$row['auth_role_id'])
{
$this->_set_group_hold_ary($hold_ary[$row['forum_id']], $row['auth_option_id'], $row['auth_setting']);
}
else
{
foreach (unserialize($this->role_cache[$row['auth_role_id']]) as $option_id => $setting)
{
$this->_set_group_hold_ary($hold_ary[$row['forum_id']], $option_id, $setting);
}
}
}
$db->sql_freeresult($result);
return $hold_ary;
}
/**
* Private function snippet for setting a specific piece of the hold_ary
*/
function _set_group_hold_ary(&$hold_ary, $option_id, $setting)
{
if (!isset($hold_ary[$option_id]) || (isset($hold_ary[$option_id]) && $hold_ary[$option_id] != ACL_NEVER))
{
$hold_ary[$option_id] = $setting;
// If we detect ACL_NEVER, we will unset the flag option (within building the bitstring it is correctly set again)
if ($setting == ACL_NEVER)
{
$flag = substr($this->acl_options['option'][$option_id], 0, strpos($this->acl_options['option'][$option_id], '_') + 1);
$flag = (int) $this->acl_options['id'][$flag];
if (isset($hold_ary[$flag]) && $hold_ary[$flag] == ACL_YES)
{
unset($hold_ary[$flag]);
/* This is uncommented, because i suspect this being slightly wrong due to mixed permission classes being possible
if (in_array(ACL_YES, $hold_ary))
{
$hold_ary[$flag] = ACL_YES;
}*/
}
}
}
}
/**
* Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
*/

12
phpBB/includes/auth/auth_apache.php
View file

@ -48,8 +48,18 @@ function login_apache(&$username, &$password)
if (!$password)
{
return array(
'status' => LOGIN_BREAK,
'status' => LOGIN_ERROR_PASSWORD,
'error_msg' => 'NO_PASSWORD_SUPPLIED',
'user_row' => array('user_id' => ANONYMOUS),
);
}
if (!$username)
{
return array(
'status' => LOGIN_ERROR_USERNAME,
'error_msg' => 'LOGIN_ERROR_USERNAME',
'user_row' => array('user_id' => ANONYMOUS),
);
}

12
phpBB/includes/auth/auth_db.php
View file

@ -32,8 +32,18 @@ function login_db(&$username, &$password)
if (!$password)
{
return array(
'status' => LOGIN_BREAK,
'status' => LOGIN_ERROR_PASSWORD,
'error_msg' => 'NO_PASSWORD_SUPPLIED',
'user_row' => array('user_id' => ANONYMOUS),
);
}
if (!$username)
{
return array(
'status' => LOGIN_ERROR_USERNAME,
'error_msg' => 'LOGIN_ERROR_USERNAME',
'user_row' => array('user_id' => ANONYMOUS),
);
}

12
phpBB/includes/auth/auth_ldap.php
View file

@ -104,8 +104,18 @@ function login_ldap(&$username, &$password)
if (!$password)
{
return array(
'status' => LOGIN_BREAK,
'status' => LOGIN_ERROR_PASSWORD,
'error_msg' => 'NO_PASSWORD_SUPPLIED',
'user_row' => array('user_id' => ANONYMOUS),
);
}
if (!$username)
{
return array(
'status' => LOGIN_ERROR_USERNAME,
'error_msg' => 'LOGIN_ERROR_USERNAME',
'user_row' => array('user_id' => ANONYMOUS),
);
}

2
phpBB/includes/constants.php
View file

@ -173,7 +173,7 @@ define('FIELD_DATE', 6);
// Additional constants
define('VOTE_CONVERTED', 9999);
define('VOTE_CONVERTED', 127);
// Table names
define('ACL_GROUPS_TABLE', $table_prefix . 'acl_groups');

15
phpBB/includes/db/dbal.php
View file

@ -45,6 +45,8 @@ class dbal
// Holding the last sql query on sql error
var $sql_error_sql = '';
// Holding the error information - only populated if sql_error_triggered is set
var $sql_error_returned = array();
// Holding transaction count
var $transactions = 0;
@ -262,6 +264,13 @@ class dbal
return true;
}
// Check if there is a transaction (no transaction can happen if there was an error, with a combined rollback and error returning enabled)
// This implies we have transaction always set for autocommit db's
if (!$this->transaction)
{
return false;
}
$result = $this->_sql_transaction('commit');
if (!$result)
@ -537,11 +546,11 @@ class dbal
$this->sql_error_triggered = true;
$this->sql_error_sql = $sql;
$error = $this->_sql_error();
$this->sql_error_returned = $this->_sql_error();
if (!$this->return_on_error)
{
$message = 'SQL ERROR [ ' . $this->sql_layer . ' ]<br /><br />' . $error['message'] . ' [' . $error['code'] . ']';
$message = 'SQL ERROR [ ' . $this->sql_layer . ' ]<br /><br />' . $this->sql_error_returned['message'] . ' [' . $this->sql_error_returned['code'] . ']';
// Show complete SQL error and path to administrators only
// Additionally show complete error on installation or if extended debug mode is enabled
@ -598,7 +607,7 @@ class dbal
$this->sql_transaction('rollback');
}
return $error;
return $this->sql_error_returned;
}
/**

2
phpBB/includes/diff/renderer.php
View file

@ -603,7 +603,7 @@ class diff_renderer_side_by_side extends diff_renderer
// Iterate through every header block of changes
foreach ($this->lines as $header)
{
$output .= '<tr><th>Line ' . $header['oldline'] . '</th><th>' . $user->lang['LINE'] . ' ' . $header['newline'] . '</th></tr>';
$output .= '<tr><th>' . $user->lang['LINE'] . ' ' . $header['oldline'] . '</th><th>' . $user->lang['LINE'] . ' ' . $header['newline'] . '</th></tr>';
// Each header block consists of a number of changes (add, remove, change).
$current_context = '';

468
phpBB/includes/functions.php
View file

@ -198,6 +198,26 @@ function unique_id($extra = 'c')
return substr($val, 4, 16);
}
/**
* Return formatted string for filesizes
*/
function get_formatted_filesize($bytes, $add_size_lang = true)
{
global $user;
if ($bytes >= pow(2, 20))
{
return ($add_size_lang) ? round($bytes / 1024 / 1024, 2) . ' ' . $user->lang['MIB'] : round($bytes / 1024 / 1024, 2);
}
if ($bytes >= pow(2, 10))
{
return ($add_size_lang) ? round($bytes / 1024, 2) . ' ' . $user->lang['KIB'] : round($bytes / 1024, 2);
}
return ($add_size_lang) ? ($bytes) . ' ' . $user->lang['BYTES'] : ($bytes);
}
/**
* Determine whether we are approaching the maximum execution time. Should be called once
* at the beginning of the script in which it's used.
@ -523,27 +543,25 @@ if (!function_exists('stripos'))
}
}
if (!function_exists('realpath'))
/**
* Checks if a path ($path) is absolute or relative
*
* @param string $path Path to check absoluteness of
* @return boolean
*/
function is_absolute($path)
{
/**
* Checks if a path ($path) is absolute or relative
*
* @param string $path Path to check absoluteness of
* @return boolean
*/
function is_absolute($path)
{
return ($path[0] == '/' || (DIRECTORY_SEPARATOR == '\\' && preg_match('#^[a-z]:/#i', $path))) ? true : false;
}
}
/**
* @author Chris Smith <chris@project-minerva.org>
* @copyright 2006 Project Minerva Team
* @param string $path The path which we should attempt to resolve.
* @return mixed
*/
function phpbb_realpath($path)
{
/**
* @author Chris Smith <chris@project-minerva.org>
* @copyright 2006 Project Minerva Team
* @param string $path The path which we should attempt to resolve.
* @return mixed
*/
function phpbb_own_realpath($path)
{
// Now to perform funky shizzle
// Switch to use UNIX slashes
@ -691,9 +709,9 @@ if (!function_exists('realpath'))
}
return $resolved; // We got here, in the end!
}
}
else
if (!function_exists('realpath'))
{
/**
* A wrapper for realpath
@ -701,15 +719,32 @@ else
*/
function phpbb_realpath($path)
{
$path = realpath($path);
// Check for DIRECTORY_SEPARATOR at the end (and remove it!)
if (substr($path, -1) == DIRECTORY_SEPARATOR)
return phpbb_own_realpath($path);
}
}
else
{
/**
* A wrapper for realpath
*/
function phpbb_realpath($path)
{
return substr($path, 0, -1);
$realpath = realpath($path);
// Strangely there are provider not disabling realpath but returning strange values. :o
// We at least try to cope with them.
if ($realpath === $path || $realpath === false)
{
return phpbb_own_realpath($path);
}
return $path;
// Check for DIRECTORY_SEPARATOR at the end (and remove it!)
if (substr($realpath, -1) == DIRECTORY_SEPARATOR)
{
$realpath = substr($realpath, 0, -1);
}
return $realpath;
}
}
@ -1359,7 +1394,7 @@ function update_forum_tracking_info($forum_id, $forum_last_post_time, $f_mark_ti
while ($row = $db->sql_fetchrow($result))
{
if (!in_array(base_convert($row['topic_id'], 10, 36), array_keys($check_forum)))
if (!isset($check_forum[base_convert($row['topic_id'], 10, 36)]))
{
$unread = true;
break;
@ -1719,7 +1754,7 @@ function generate_board_url($without_script_path = false)
{
global $config, $user;
$server_name = (!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME');
$server_name = $user->host;
$server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT');
// Forcing server vars is the only way to specify/override the protocol
@ -1742,9 +1777,13 @@ function generate_board_url($without_script_path = false)
}
if ($server_port && (($config['cookie_secure'] && $server_port <> 443) || (!$config['cookie_secure'] && $server_port <> 80)))
{
// HTTP HOST can carry a port number...
if (strpos($server_name, ':') === false)
{
$url .= ':' . $server_port;
}
}
if (!$without_script_path)
{
@ -2041,9 +2080,8 @@ function add_form_key($form_name)
* @param int $timespan The maximum acceptable age for a submitted form in seconds. Defaults to the config setting.
* @param string $return_page The address for the return link
* @param bool $trigger If true, the function will triger an error when encountering an invalid form
* @param int $minimum_time The minimum acceptable age for a submitted form in seconds
*/
function check_form_key($form_name, $timespan = false, $return_page = '', $trigger = false, $minimum_time = false)
function check_form_key($form_name, $timespan = false, $return_page = '', $trigger = false)
{
global $config, $user;
@ -2052,10 +2090,6 @@ function check_form_key($form_name, $timespan = false, $return_page = '', $trigg
// we enforce a minimum value of half a minute here.
$timespan = ($config['form_token_lifetime'] == -1) ? -1 : max(30, $config['form_token_lifetime']);
}
if ($minimum_time === false)
{
$minimum_time = (int) $config['form_token_mintime'];
}
if (isset($_POST['creation_time']) && isset($_POST['form_token']))
{
@ -2064,7 +2098,7 @@ function check_form_key($form_name, $timespan = false, $return_page = '', $trigg
$diff = (time() - $creation_time);
if (($diff >= $minimum_time) && (($diff <= $timespan) || $timespan == -1))
if (($diff <= $timespan) || $timespan === -1)
{
$token_sid = ($user->data['user_id'] == ANONYMOUS && !empty($config['form_token_sid_guests'])) ? $user->session_id : '';
@ -2304,7 +2338,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
// Something failed, determine what...
if ($result['status'] == LOGIN_BREAK)
{
trigger_error($result['error_msg'], E_USER_ERROR);
trigger_error($result['error_msg']);
}
// Special cases... determine
@ -2419,7 +2453,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
'PASSWORD_CREDENTIAL' => ($admin) ? 'password_' . $credential : 'password',
));
page_header($user->lang['LOGIN']);
page_header($user->lang['LOGIN'], false);
$template->set_filenames(array(
'body' => 'login_body.html')
@ -2737,7 +2771,7 @@ function get_preg_expression($mode)
switch ($mode)
{
case 'email':
return '[a-z0-9&\'\.\-_\+]+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*[a-z]+';
return '(?:[a-z0-9\'\.\-_\+\|]|&amp;)+@[a-z0-9\-]+\.(?:[a-z0-9\-]+\.)*[a-z]+';
break;
case 'bbcode_htm':
@ -2962,14 +2996,14 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
echo '<head>';
echo '<meta http-equiv="content-type" content="text/html; charset=utf-8" />';
echo '<title>' . $msg_title . '</title>';
echo '<style type="text/css">' . "\n" . '<!--' . "\n";
echo '<style type="text/css">' . "\n" . '/* <![CDATA[ */' . "\n";
echo '* { margin: 0; padding: 0; } html { font-size: 100%; height: 100%; margin-bottom: 1px; background-color: #E4EDF0; } body { font-family: "Lucida Grande", Verdana, Helvetica, Arial, sans-serif; color: #536482; background: #E4EDF0; font-size: 62.5%; margin: 0; } ';
echo 'a:link, a:active, a:visited { color: #006699; text-decoration: none; } a:hover { color: #DD6900; text-decoration: underline; } ';
echo '#wrap { padding: 0 20px 15px 20px; min-width: 615px; } #page-header { text-align: right; height: 40px; } #page-footer { clear: both; font-size: 1em; text-align: center; } ';
echo '.panel { margin: 4px 0; background-color: #FFFFFF; border: solid 1px #A9B8C2; } ';
echo '#errorpage #page-header a { font-weight: bold; line-height: 6em; } #errorpage #content { padding: 10px; } #errorpage #content h1 { line-height: 1.2em; margin-bottom: 0; color: #DF075C; } ';
echo '#errorpage #content div { margin-top: 20px; margin-bottom: 5px; border-bottom: 1px solid #CCCCCC; padding-bottom: 5px; color: #333333; font: bold 1.2em "Lucida Grande", Arial, Helvetica, sans-serif; text-decoration: none; line-height: 120%; text-align: left; } ';
echo "\n" . '//-->' . "\n";
echo "\n" . '/* ]]> */' . "\n";
echo '</style>';
echo '</head>';
echo '<body id="errorpage">';
@ -3064,6 +3098,209 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
return false;
}
/**
* Queries the session table to get information about online guests
* @param int $forum_id Limits the search to the forum with this id
* @return int The number of active distinct guest sessions
*/
function obtain_guest_count($forum_id = 0)
{
global $db, $config;
if ($forum_id)
{
$reading_sql = ' AND s.session_forum_id = ' . (int) $forum_id;
}
else
{
$reading_sql = '';
}
$time = (time() - (intval($config['load_online_time']) * 60));
// Get number of online guests
if ($db->sql_layer === 'sqlite')
{
$sql = 'SELECT COUNT(session_ip) as num_guests
FROM (
SELECT DISTINCT s.session_ip
FROM ' . SESSIONS_TABLE . ' s
WHERE s.session_user_id = ' . ANONYMOUS . '
AND s.session_time >= ' . ($time - ((int) ($time % 60))) .
$reading_sql .
')';
}
else
{
$sql = 'SELECT COUNT(DISTINCT s.session_ip) as num_guests
FROM ' . SESSIONS_TABLE . ' s
WHERE s.session_user_id = ' . ANONYMOUS . '
AND s.session_time >= ' . ($time - ((int) ($time % 60))) .
$reading_sql;
}
$result = $db->sql_query($sql, 60);
$guests_online = (int) $db->sql_fetchfield('num_guests');
$db->sql_freeresult($result);
return $guests_online;
}
/**
* Queries the session table to get information about online users
* @param int $forum_id Limits the search to the forum with this id
* @return array An array containing the ids of online, hidden and visible users, as well as statistical info
*/
function obtain_users_online($forum_id = 0)
{
global $db, $config, $user;
$reading_sql = '';
if ($forum_id !== 0)
{
$reading_sql = ' AND s.session_forum_id = ' . (int) $forum_id;
}
$online_users = array(
'online_users' => array(),
'hidden_users' => array(),
'total_online' => 0,
'visible_online' => 0,
'hidden_online' => 0,
'guests_online' => 0,
);
if ($config['load_online_guests'])
{
$online_users['guests_online'] = obtain_guest_count($forum_id);
}
// a little discrete magic to cache this for 30 seconds
$time = (time() - (intval($config['load_online_time']) * 60));
$sql = 'SELECT s.session_user_id, s.session_ip, s.session_viewonline
FROM ' . SESSIONS_TABLE . ' s
WHERE s.session_time >= ' . ($time - ((int) ($time % 30))) .
$reading_sql .
' AND s.session_user_id <> ' . ANONYMOUS;
$result = $db->sql_query($sql, 30);
while ($row = $db->sql_fetchrow($result))
{
// Skip multiple sessions for one user
if (!isset($online_users['online_users'][$row['session_user_id']]))
{
$online_users['online_users'][$row['session_user_id']] = (int) $row['session_user_id'];
if ($row['session_viewonline'])
{
$online_users['visible_online']++;
}
else
{
$online_users['hidden_users'][$row['session_user_id']] = (int) $row['session_user_id'];
$online_users['hidden_online']++;
}
}
}
$online_users['total_online'] = $online_users['guests_online'] + $online_users['visible_online'] + $online_users['hidden_online'];
$db->sql_freeresult($result);
return $online_users;
}
/**
* Uses the result of obtain_users_online to generate a localized, readable representation.
* @param mixed $online_users result of obtain_users_online - array with user_id lists for total, hidden and visible users, and statistics
* @param int $forum_id Indicate that the data is limited to one forum and not global.
* @return array An array containing the string for output to the template
*/
function obtain_users_online_string($online_users, $forum_id = 0)
{
global $db, $user, $auth;
$user_online_link = $online_userlist = '';
if (sizeof($online_users['online_users']))
{
$sql = 'SELECT username, username_clean, user_id, user_type, user_allow_viewonline, user_colour
FROM ' . USERS_TABLE . '
WHERE ' . $db->sql_in_set('user_id', $online_users['online_users']) . '
ORDER BY username_clean ASC';
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
// User is logged in and therefore not a guest
if ($row['user_id'] != ANONYMOUS)
{
if (isset($online_users['hidden_users'][$row['user_id']]))
{
$row['username'] = '<em>' . $row['username'] . '</em>';
}
if (!isset($online_users['hidden_users'][$row['user_id']]) || $auth->acl_get('u_viewonline'))
{
$user_online_link = get_username_string(($row['user_type'] <> USER_IGNORE) ? 'full' : 'no_profile', $row['user_id'], $row['username'], $row['user_colour']);
$online_userlist .= ($online_userlist != '') ? ', ' . $user_online_link : $user_online_link;
}
}
}
$db->sql_freeresult($result);
}
if (!$online_userlist)
{
$online_userlist = $user->lang['NO_ONLINE_USERS'];
}
if ($forum_id === 0)
{
$online_userlist = $user->lang['REGISTERED_USERS'] . ' ' . $online_userlist;
}
else
{
$l_online = ($online_users['guests_online'] === 1) ? $user->lang['BROWSING_FORUM_GUEST'] : $user->lang['BROWSING_FORUM_GUESTS'];
$online_userlist = sprintf($l_online, $online_userlist, $online_users['guests_online']);
}
// Build online listing
$vars_online = array(
'ONLINE' => array('total_online', 'l_t_user_s'),
'REG' => array('visible_online', 'l_r_user_s'),
'HIDDEN' => array('hidden_online', 'l_h_user_s'),
'GUEST' => array('guests_online', 'l_g_user_s')
);
foreach ($vars_online as $l_prefix => $var_ary)
{
switch ($online_users[$var_ary[0]])
{
case 0:
${$var_ary[1]} = $user->lang[$l_prefix . '_USERS_ZERO_TOTAL'];
break;
case 1:
${$var_ary[1]} = $user->lang[$l_prefix . '_USER_TOTAL'];
break;
default:
${$var_ary[1]} = $user->lang[$l_prefix . '_USERS_TOTAL'];
break;
}
}
unset($vars_online);
$l_online_users = sprintf($l_t_user_s, $online_users['total_online']);
$l_online_users .= sprintf($l_r_user_s, $online_users['visible_online']);
$l_online_users .= sprintf($l_h_user_s, $online_users['hidden_online']);
$l_online_users .= sprintf($l_g_user_s, $online_users['guests_online']);
return array(
'online_userlist' => $online_userlist,
'l_online_users' => $l_online_users,
);
}
/**
* Generate page header
*/
@ -3106,109 +3343,15 @@ function page_header($page_title = '', $display_online_list = true)
$l_online_users = $online_userlist = $l_online_record = '';
if ($config['load_online'] && $config['load_online_time'] && $display_online_list)
{
$logged_visible_online = $logged_hidden_online = $guests_online = $prev_user_id = 0;
$prev_session_ip = $reading_sql = '';
if (!empty($_REQUEST['f']))
{
$f = request_var('f', 0);
$f = max($f, 0);
$online_users = obtain_users_online($f);
$user_online_strings = obtain_users_online_string($online_users, $f);
$reading_sql = ' AND s.session_page ' . $db->sql_like_expression("{$db->any_char}_f_={$f}x{$db->any_char}");
}
// Get number of online guests
if (!$config['load_online_guests'])
{
if ($db->sql_layer === 'sqlite')
{
$sql = 'SELECT COUNT(session_ip) as num_guests
FROM (
SELECT DISTINCT s.session_ip
FROM ' . SESSIONS_TABLE . ' s
WHERE s.session_user_id = ' . ANONYMOUS . '
AND s.session_time >= ' . (time() - ($config['load_online_time'] * 60)) .
$reading_sql .
')';
}
else
{
$sql = 'SELECT COUNT(DISTINCT s.session_ip) as num_guests
FROM ' . SESSIONS_TABLE . ' s
WHERE s.session_user_id = ' . ANONYMOUS . '
AND s.session_time >= ' . (time() - ($config['load_online_time'] * 60)) .
$reading_sql;
}
$result = $db->sql_query($sql);
$guests_online = (int) $db->sql_fetchfield('num_guests');
$db->sql_freeresult($result);
}
$sql = 'SELECT u.username, u.username_clean, u.user_id, u.user_type, u.user_allow_viewonline, u.user_colour, s.session_ip, s.session_viewonline
FROM ' . USERS_TABLE . ' u, ' . SESSIONS_TABLE . ' s
WHERE s.session_time >= ' . (time() - (intval($config['load_online_time']) * 60)) .
$reading_sql .
((!$config['load_online_guests']) ? ' AND s.session_user_id <> ' . ANONYMOUS : '') . '
AND u.user_id = s.session_user_id
ORDER BY u.username_clean ASC, s.session_ip ASC';
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
// User is logged in and therefore not a guest
if ($row['user_id'] != ANONYMOUS)
{
// Skip multiple sessions for one user
if ($row['user_id'] != $prev_user_id)
{
if ($row['session_viewonline'])
{
$logged_visible_online++;
}
else
{
$row['username'] = '<em>' . $row['username'] . '</em>';
$logged_hidden_online++;
}
if (($row['session_viewonline']) || $auth->acl_get('u_viewonline'))
{
$user_online_link = get_username_string(($row['user_type'] <> USER_IGNORE) ? 'full' : 'no_profile', $row['user_id'], $row['username'], $row['user_colour']);
$online_userlist .= ($online_userlist != '') ? ', ' . $user_online_link : $user_online_link;
}
}
$prev_user_id = $row['user_id'];
}
else
{
// Skip multiple sessions for one user
if ($row['session_ip'] != $prev_session_ip)
{
$guests_online++;
}
}
$prev_session_ip = $row['session_ip'];
}
$db->sql_freeresult($result);
if (!$online_userlist)
{
$online_userlist = $user->lang['NO_ONLINE_USERS'];
}
if (empty($_REQUEST['f']))
{
$online_userlist = $user->lang['REGISTERED_USERS'] . ' ' . $online_userlist;
}
else
{
$l_online = ($guests_online == 1) ? $user->lang['BROWSING_FORUM_GUEST'] : $user->lang['BROWSING_FORUM_GUESTS'];
$online_userlist = sprintf($l_online, $online_userlist, $guests_online);
}
$total_online_users = $logged_visible_online + $logged_hidden_online + $guests_online;
$l_online_users = $user_online_strings['l_online_users'];
$online_userlist = $user_online_strings['online_userlist'];
$total_online_users = $online_users['total_online'];
if ($total_online_users > $config['record_online_users'])
{
@ -3216,38 +3359,6 @@ function page_header($page_title = '', $display_online_list = true)
set_config('record_online_date', time(), true);
}
// Build online listing
$vars_online = array(
'ONLINE' => array('total_online_users', 'l_t_user_s'),
'REG' => array('logged_visible_online', 'l_r_user_s'),
'HIDDEN' => array('logged_hidden_online', 'l_h_user_s'),
'GUEST' => array('guests_online', 'l_g_user_s')
);
foreach ($vars_online as $l_prefix => $var_ary)
{
switch (${$var_ary[0]})
{
case 0:
${$var_ary[1]} = $user->lang[$l_prefix . '_USERS_ZERO_TOTAL'];
break;
case 1:
${$var_ary[1]} = $user->lang[$l_prefix . '_USER_TOTAL'];
break;
default:
${$var_ary[1]} = $user->lang[$l_prefix . '_USERS_TOTAL'];
break;
}
}
unset($vars_online);
$l_online_users = sprintf($l_t_user_s, $total_online_users);
$l_online_users .= sprintf($l_r_user_s, $logged_visible_online);
$l_online_users .= sprintf($l_h_user_s, $logged_hidden_online);
$l_online_users .= sprintf($l_g_user_s, $guests_online);
$l_online_record = sprintf($user->lang['RECORD_ONLINE_USERS'], $config['record_online_users'], $user->format_date($config['record_online_date']));
$l_online_time = ($config['load_online_time'] == 1) ? 'VIEW_ONLINE_TIME' : 'VIEW_ONLINE_TIMES';
@ -3301,6 +3412,13 @@ function page_header($page_title = '', $display_online_list = true)
// Which timezone?
$tz = ($user->data['user_id'] != ANONYMOUS) ? strval(doubleval($user->data['user_timezone'])) : strval(doubleval($config['board_timezone']));
// Send a proper content-language to the output
$user_lang = $user->lang['USER_LANG'];
if (strpos($user_lang, '-x-') !== false)
{
$user_lang = substr($user_lang, 0, strpos($user_lang, '-x-'));
}
// The following assigns all _common_ variables that may be used at any point in a template.
$template->assign_vars(array(
'SITENAME' => $config['sitename'],
@ -3333,7 +3451,6 @@ function page_header($page_title = '', $display_online_list = true)
'U_POPUP_PM' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;mode=popup'),
'UA_POPUP_PM' => addslashes(append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;mode=popup')),
'U_MEMBERLIST' => append_sid("{$phpbb_root_path}memberlist.$phpEx"),
'U_MEMBERSLIST' => append_sid("{$phpbb_root_path}memberlist.$phpEx"),
'U_VIEWONLINE' => ($auth->acl_gets('u_viewprofile', 'a_user', 'a_useradd', 'a_userdel')) ? append_sid("{$phpbb_root_path}viewonline.$phpEx") : '',
'U_LOGIN_LOGOUT' => $u_login_logout,
'U_INDEX' => append_sid("{$phpbb_root_path}index.$phpEx"),
@ -3356,7 +3473,7 @@ function page_header($page_title = '', $display_online_list = true)
'S_REGISTERED_USER' => $user->data['is_registered'],
'S_IS_BOT' => $user->data['is_bot'],
'S_USER_PM_POPUP' => $user->optionget('popuppm'),
'S_USER_LANG' => $user->lang['USER_LANG'],
'S_USER_LANG' => $user_lang,
'S_USER_BROWSER' => (isset($user->data['session_browser'])) ? $user->data['session_browser'] : $user->lang['UNKNOWN_BROWSER'],
'S_USERNAME' => $user->data['username'],
'S_CONTENT_DIRECTION' => $user->lang['DIRECTION'],
@ -3369,6 +3486,7 @@ function page_header($page_title = '', $display_online_list = true)
'S_DISPLAY_PM' => ($config['allow_privmsg'] && $user->data['is_registered'] && ($auth->acl_get('u_readpm') || $auth->acl_get('u_sendpm'))) ? true : false,
'S_DISPLAY_MEMBERLIST' => (isset($auth)) ? $auth->acl_get('u_viewprofile') : 0,
'S_NEW_PM' => ($s_privmsg_new) ? 1 : 0,
'S_REGISTER_ENABLED' => ($config['require_activation'] != USER_ACTIVATION_DISABLE) ? true : false,
'T_THEME_PATH' => "{$phpbb_root_path}styles/" . $user->theme['theme_path'] . '/theme',
'T_TEMPLATE_PATH' => "{$phpbb_root_path}styles/" . $user->theme['template_path'] . '/template',
@ -3425,7 +3543,7 @@ function page_footer($run_cron = true)
{
global $base_memory_usage;
$memory_usage -= $base_memory_usage;
$memory_usage = ($memory_usage >= 1048576) ? round((round($memory_usage / 1048576 * 100) / 100), 2) . ' ' . $user->lang['MB'] : (($memory_usage >= 1024) ? round((round($memory_usage / 1024 * 100) / 100), 2) . ' ' . $user->lang['KB'] : $memory_usage . ' ' . $user->lang['BYTES']);
$memory_usage = get_formatted_filesize($memory_usage);
$debug_output .= ' | Memory Usage: ' . $memory_usage;
}

34
phpBB/includes/functions_admin.php
View file

@ -196,7 +196,7 @@ function size_select_options($size_compare)
{
global $user;
$size_types_text = array($user->lang['BYTES'], $user->lang['KB'], $user->lang['MB']);
$size_types_text = array($user->lang['BYTES'], $user->lang['KIB'], $user->lang['MIB']);
$size_types = array('b', 'kb', 'mb');
$s_size_options = '';
@ -2878,14 +2878,7 @@ function get_database_size()
break;
}
if ($database_size !== false)
{
$database_size = ($database_size >= 1048576) ? sprintf('%.2f ' . $user->lang['MB'], ($database_size / 1048576)) : (($database_size >= 1024) ? sprintf('%.2f ' . $user->lang['KB'], ($database_size / 1024)) : sprintf('%.2f ' . $user->lang['BYTES'], $database_size));
}
else
{
$database_size = $user->lang['NOT_AVAILABLE'];
}
$database_size = ($database_size !== false) ? get_formatted_filesize($database_size) : $user->lang['NOT_AVAILABLE'];
return $database_size;
}
@ -2998,6 +2991,29 @@ function tidy_database()
{
global $db;
// Here we check permission consistency
// Sometimes, it can happen permission tables having forums listed which do not exist
$sql = 'SELECT forum_id
FROM ' . FORUMS_TABLE;
$result = $db->sql_query($sql);
$forum_ids = array(0);
while ($row = $db->sql_fetchrow($result))
{
$forum_ids[] = $row['forum_id'];
}
$db->sql_freeresult($result);
// Delete those rows from the acl tables not having listed the forums above
$sql = 'DELETE FROM ' . ACL_GROUPS_TABLE . '
WHERE ' . $db->sql_in_set('forum_id', $forum_ids, true);
$db->sql_query($sql);
$sql = 'DELETE FROM ' . ACL_USERS_TABLE . '
WHERE ' . $db->sql_in_set('forum_id', $forum_ids, true);
$db->sql_query($sql);
set_config('database_last_gc', time(), true);
}

42
phpBB/includes/functions_content.php
View file

@ -67,7 +67,7 @@ function gen_sort_selects(&$limit_days, &$sort_by_text, &$sort_days, &$sort_key,
$sort_dir = key($sort_dir_text);
}
$s_limit_days = '<select name="st">';
$s_limit_days = '<select name="st" id="st">';
foreach ($limit_days as $day => $text)
{
$selected = ($sort_days == $day) ? ' selected="selected"' : '';
@ -75,7 +75,7 @@ function gen_sort_selects(&$limit_days, &$sort_by_text, &$sort_days, &$sort_key,
}
$s_limit_days .= '</select>';
$s_sort_key = '<select name="sk">';
$s_sort_key = '<select name="sk" id="sk">';
foreach ($sort_by_text as $key => $text)
{
$selected = ($sort_key == $key) ? ' selected="selected"' : '';
@ -83,7 +83,7 @@ function gen_sort_selects(&$limit_days, &$sort_by_text, &$sort_days, &$sort_key,
}
$s_sort_key .= '</select>';
$s_sort_dir = '<select name="sd">';
$s_sort_dir = '<select name="sd" id="sd">';
foreach ($sort_dir_text as $key => $value)
{
$selected = ($sort_dir == $key) ? ' selected="selected"' : '';
@ -492,6 +492,7 @@ function generate_text_for_edit($text, $uid, $flags)
*/
function make_clickable_callback($type, $whitespace, $url, $relative_url, $class)
{
$orig_url = $url . $relative_url;
$append = '';
$url = htmlspecialchars_decode($url);
$relative_url = htmlspecialchars_decode($relative_url);
@ -558,29 +559,39 @@ function make_clickable_callback($type, $whitespace, $url, $relative_url, $class
break;
}
$short_url = (strlen($url) > 55) ? substr($url, 0, 39) . ' ... ' . substr($url, -10) : $url;
switch ($type)
{
case MAGIC_URL_LOCAL:
$tag = 'l';
$relative_url = preg_replace('/[&?]sid=[0-9a-f]{32}$/', '', preg_replace('/([&?])sid=[0-9a-f]{32}&/', '$1', $relative_url));
$url = $url . '/' . $relative_url;
$text = ($relative_url) ? $relative_url : $url;
$text = $relative_url;
// this url goes to http://domain.tld/path/to/board/ which
// would result in an empty link if treated as local so
// don't touch it and let MAGIC_URL_FULL take care of it.
if (!$relative_url)
{
return $orig_url . '/'; // slash is taken away by relative url pattern
}
break;
case MAGIC_URL_FULL:
$tag = 'm';
$text = (strlen($url) > 55) ? substr($url, 0, 39) . ' ... ' . substr($url, -10) : $url;
$text = $short_url;
break;
case MAGIC_URL_WWW:
$tag = 'w';
$url = 'http://' . $url;
$text = (strlen($url) > 55) ? substr($url, 0, 39) . ' ... ' . substr($url, -10) : $url;
$text = $short_url;
break;
case MAGIC_URL_EMAIL:
$tag = 'e';
$text = (strlen($url) > 55) ? substr($url, 0, 39) . ' ... ' . substr($url, -10) : $url;
$text = $short_url;
$url = 'mailto:' . $url;
break;
}
@ -647,13 +658,22 @@ function make_clickable($text, $server_url = false, $class = 'postlink')
function censor_text($text)
{
static $censors;
global $cache;
// We moved the word censor checks in here because we call this function quite often - and then only need to do the check once
if (!isset($censors) || !is_array($censors))
{
// obtain_word_list is taking care of the users censor option and the board-wide option
global $config, $user, $auth, $cache;
// We check here if the user is having viewing censors disabled (and also allowed to do so).
if (!$user->optionget('viewcensors') && $config['allow_nocensors'] && $auth->acl_get('u_chgcensors'))
{
$censors = array();
}
else
{
$censors = $cache->obtain_word_list();
}
}
if (sizeof($censors))
{
@ -813,8 +833,8 @@ function parse_attachments($forum_id, &$message, &$attachments, &$update_count,
}
$filesize = $attachment['filesize'];
$size_lang = ($filesize >= 1048576) ? $user->lang['MB'] : ( ($filesize >= 1024) ? $user->lang['KB'] : $user->lang['BYTES'] );
$filesize = ($filesize >= 1048576) ? round((round($filesize / 1048576 * 100) / 100), 2) : (($filesize >= 1024) ? round((round($filesize / 1024 * 100) / 100), 2) : $filesize);
$size_lang = ($filesize >= 1048576) ? $user->lang['MIB'] : (($filesize >= 1024) ? $user->lang['KIB'] : $user->lang['BYTES']);
$filesize = get_formatted_filesize($filesize, false);
$comment = bbcode_nl2br(censor_text($attachment['attach_comment']));

2
phpBB/includes/functions_convert.php
View file

@ -1282,7 +1282,7 @@ function restore_config($schema)
// Most are...
if (is_string($config_value))
{
$config_value = utf8_htmlspecialchars($config_value);
$config_value = truncate_string(utf8_htmlspecialchars($config_value), 255, false);
}
set_config($config_name, $config_value);

16
phpBB/includes/functions_display.php
View file

@ -371,7 +371,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
$s_subforums_list = array();
foreach ($subforums_list as $subforum)
{
$s_subforums_list[] = '<a href="' . $subforum['link'] . '" class="subforum ' . (($subforum['unread']) ? 'unread' : 'read') . '">' . $subforum['name'] . '</a>';
$s_subforums_list[] = '<a href="' . $subforum['link'] . '" class="subforum ' . (($subforum['unread']) ? 'unread' : 'read') . '" title="' . (($subforum['unread']) ? $user->lang['NEW_POSTS'] : $user->lang['NO_NEW_POSTS']) . '">' . $subforum['name'] . '</a>';
}
$s_subforums_list = (string) implode(', ', $s_subforums_list);
$catless = ($row['parent_id'] == $root_data['forum_id']) ? true : false;
@ -400,6 +400,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
'S_IS_LINK' => ($row['forum_type'] == FORUM_LINK) ? true : false,
'S_UNREAD_FORUM' => $forum_unread,
'S_LOCKED_FORUM' => ($row['forum_status'] == ITEM_LOCKED) ? true : false,
'S_LIST_SUBFORUMS' => ($row['display_subforum_list']) ? true : false,
'S_SUBFORUMS' => (sizeof($subforums_list)) ? true : false,
'FORUM_ID' => $row['forum_id'],
@ -409,6 +410,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
$l_post_click_count => $post_click_count,
'FORUM_FOLDER_IMG' => $user->img($folder_image, $folder_alt),
'FORUM_FOLDER_IMG_SRC' => $user->img($folder_image, $folder_alt, false, '', 'src'),
'FORUM_FOLDER_IMG_ALT' => isset($user->lang[$folder_alt]) ? $user->lang[$folder_alt] : '',
'FORUM_IMAGE' => ($row['forum_image']) ? '<img src="' . $phpbb_root_path . $row['forum_image'] . '" alt="' . $user->lang[$folder_alt] . '" />' : '',
'FORUM_IMAGE_SRC' => ($row['forum_image']) ? $phpbb_root_path . $row['forum_image'] : '',
'LAST_POST_SUBJECT' => censor_text($last_post_subject),
@ -979,7 +981,7 @@ function display_user_activity(&$userdata)
/**
* Topic and forum watching common code
*/
function watch_topic_forum($mode, &$s_watching, &$s_watching_img, $user_id, $forum_id, $topic_id, $notify_status = 'unset', $start = 0)
function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id, $notify_status = 'unset', $start = 0)
{
global $template, $db, $user, $phpEx, $start, $phpbb_root_path;
@ -1101,7 +1103,7 @@ function watch_topic_forum($mode, &$s_watching, &$s_watching_img, $user_id, $for
*/
function get_user_rank($user_rank, $user_posts, &$rank_title, &$rank_img, &$rank_img_src)
{
global $ranks, $config;
global $ranks, $config, $phpbb_root_path;
if (empty($ranks))
{
@ -1112,8 +1114,8 @@ function get_user_rank($user_rank, $user_posts, &$rank_title, &$rank_img, &$rank
if (!empty($user_rank))
{
$rank_title = (isset($ranks['special'][$user_rank]['rank_title'])) ? $ranks['special'][$user_rank]['rank_title'] : '';
$rank_img = (!empty($ranks['special'][$user_rank]['rank_image'])) ? '<img src="' . $config['ranks_path'] . '/' . $ranks['special'][$user_rank]['rank_image'] . '" alt="' . $ranks['special'][$user_rank]['rank_title'] . '" title="' . $ranks['special'][$user_rank]['rank_title'] . '" />' : '';
$rank_img_src = (!empty($ranks['special'][$user_rank]['rank_image'])) ? $config['ranks_path'] . '/' . $ranks['special'][$user_rank]['rank_image'] : '';
$rank_img = (!empty($ranks['special'][$user_rank]['rank_image'])) ? '<img src="' . $phpbb_root_path . $config['ranks_path'] . '/' . $ranks['special'][$user_rank]['rank_image'] . '" alt="' . $ranks['special'][$user_rank]['rank_title'] . '" title="' . $ranks['special'][$user_rank]['rank_title'] . '" />' : '';
$rank_img_src = (!empty($ranks['special'][$user_rank]['rank_image'])) ? $phpbb_root_path . $config['ranks_path'] . '/' . $ranks['special'][$user_rank]['rank_image'] : '';
}
else
{
@ -1124,8 +1126,8 @@ function get_user_rank($user_rank, $user_posts, &$rank_title, &$rank_img, &$rank
if ($user_posts >= $rank['rank_min'])
{
$rank_title = $rank['rank_title'];
$rank_img = (!empty($rank['rank_image'])) ? '<img src="' . $config['ranks_path'] . '/' . $rank['rank_image'] . '" alt="' . $rank['rank_title'] . '" title="' . $rank['rank_title'] . '" />' : '';
$rank_img_src = (!empty($rank['rank_image'])) ? $config['ranks_path'] . '/' . $rank['rank_image'] : '';
$rank_img = (!empty($rank['rank_image'])) ? '<img src="' . $phpbb_root_path . $config['ranks_path'] . '/' . $rank['rank_image'] . '" alt="' . $rank['rank_title'] . '" title="' . $rank['rank_title'] . '" />' : '';
$rank_img_src = (!empty($rank['rank_image'])) ? $phpbb_root_path . $config['ranks_path'] . '/' . $rank['rank_image'] : '';
break;
}
}

20
phpBB/includes/functions_jabber.php
View file

@ -20,11 +20,11 @@ if (!defined('IN_PHPBB'))
*
* Jabber class from Flyspray project
*
* @version class.jabber2.php 1306 2007-06-21
* @version class.jabber2.php 1488 2007-11-25
* @copyright 2006 Flyspray.org
* @author Florian Schmitz (floele)
*
* Modified by Acyd Burn
* Only slightly modified by Acyd Burn
*
* @package phpBB3
*/
@ -286,7 +286,7 @@ class jabber
$read = trim(fread($this->connection, 4096));
$data .= $read;
}
while (time() <= $start + $timeout && ($wait || $data == '' || $read != '' || (substr(rtrim($data), -1) != '>')));
while (time() <= $start + $timeout && !feof($this->connection) && ($wait || $data == '' || $read != '' || (substr(rtrim($data), -1) != '>')));
if ($data != '')
{
@ -385,7 +385,6 @@ class jabber
{
case 'stream:stream':
// Connection initialised (or after authentication). Not much to do here...
$this->session['id'] = $xml['stream:stream'][0]['@']['id'];
if (isset($xml['stream:stream'][0]['#']['stream:features']))
{
@ -397,6 +396,16 @@ class jabber
$this->features = $this->listen();
}
$second_time = isset($this->session['id']);
$this->session['id'] = $xml['stream:stream'][0]['@']['id'];
if ($second_time)
{
// If we are here for the second time after TLS, we need to continue logging in
$this->login();
return;
}
// go on with authentication?
if (isset($this->features['stream:features'][0]['#']['bind']) || !empty($this->session['tls']))
{
@ -519,9 +528,10 @@ class jabber
'response' => $this->encrypt_password(array_merge($decoded, array('nc' => '00000001'))),
'charset' => 'utf-8',
'nc' => '00000001',
'qop' => 'auth', // only auth being supported
);
foreach (array('nonce', 'qop', 'digest-uri', 'realm', 'cnonce') as $key)
foreach (array('nonce', 'digest-uri', 'realm', 'cnonce') as $key)
{
if (isset($decoded[$key]))
{

5
phpBB/includes/functions_messenger.php
View file

@ -1056,8 +1056,7 @@ class smtp_class
global $user;
$err_msg = '';
$local_host = php_uname('n');
$local_host = (empty($local_host)) ? 'localhost' : $local_host;
$local_host = (function_exists('php_uname')) ? php_uname('n') : $user->host;
// If we are authenticating through pop-before-smtp, we
// have to login ones before we get authenticated
@ -1332,7 +1331,7 @@ class smtp_class
// Realm
if (empty($tokens['realm']))
{
$tokens['realm'] = php_uname('n');
$tokens['realm'] = (function_exists('php_uname')) ? php_uname('n') : $user->host;
}
// Maxbuf

10
phpBB/includes/functions_module.php
View file

@ -309,7 +309,7 @@ class p_master
break;
default:
if (!preg_match('#(?:acl_([a-z_]+)(,\$id)?)|(?:\$id)|(?:aclf_([a-z_]+))|(?:cfg_([a-z_]+))|(?:request_([a-z_]+))#', $token))
if (!preg_match('#(?:acl_([a-z0-9_]+)(,\$id)?)|(?:\$id)|(?:aclf_([a-z0-9_]+))|(?:cfg_([a-z0-9_]+))|(?:request_([a-zA-Z0-9_]+))#', $token))
{
$token = '';
}
@ -325,7 +325,7 @@ class p_master
$forum_id = ($forum_id === false) ? $this->acl_forum_id : $forum_id;
$is_auth = false;
eval('$is_auth = (int) (' . preg_replace(array('#acl_([a-z_]+)(,\$id)?#', '#\$id#', '#aclf_([a-z_]+)#', '#cfg_([a-z_]+)#', '#request_([a-z_]+)#'), array('(int) $auth->acl_get(\'\\1\'\\2)', '(int) $forum_id', '(int) $auth->acl_getf_global(\'\\1\')', '(int) $config[\'\\1\']', '!empty($_REQUEST[\'\\1\'])'), $module_auth) . ');');
eval('$is_auth = (int) (' . preg_replace(array('#acl_([a-z0-9_]+)(,\$id)?#', '#\$id#', '#aclf_([a-z0-9_]+)#', '#cfg_([a-z0-9_]+)#', '#request_([a-zA-Z0-9_]+)#'), array('(int) $auth->acl_get(\'\\1\'\\2)', '(int) $forum_id', '(int) $auth->acl_getf_global(\'\\1\')', '(int) $config[\'\\1\']', '!empty($_REQUEST[\'\\1\'])'), $module_auth) . ');');
return $is_auth;
}
@ -677,7 +677,7 @@ class p_master
}
// Select first id we can get
if (!$current_id && (in_array($item_ary['id'], array_keys($this->module_cache['parents'])) || $item_ary['id'] == $this->p_id))
if (!$current_id && (isset($this->module_cache['parents'][$item_ary['id']]) || $item_ary['id'] == $this->p_id))
{
$current_id = $item_ary['id'];
}
@ -710,7 +710,7 @@ class p_master
$tpl_ary = array(
'L_TITLE' => $item_ary['lang'],
'S_SELECTED' => (in_array($item_ary['id'], array_keys($this->module_cache['parents'])) || $item_ary['id'] == $this->p_id) ? true : false,
'S_SELECTED' => (isset($this->module_cache['parents'][$item_ary['id']]) || $item_ary['id'] == $this->p_id) ? true : false,
'U_TITLE' => $u_title
);
@ -719,7 +719,7 @@ class p_master
$tpl_ary = array(
'L_TITLE' => $item_ary['lang'],
'S_SELECTED' => (in_array($item_ary['id'], array_keys($this->module_cache['parents'])) || $item_ary['id'] == $this->p_id) ? true : false,
'S_SELECTED' => (isset($this->module_cache['parents'][$item_ary['id']]) || $item_ary['id'] == $this->p_id) ? true : false,
'U_TITLE' => $u_title
);

37
phpBB/includes/functions_posting.php
View file

@ -618,6 +618,11 @@ function create_thumbnail($source, $destination, $mimetype)
// Only use imagemagick if defined and the passthru function not disabled
if ($config['img_imagick'] && function_exists('passthru'))
{
if (substr($config['img_imagick'], -1) !== '/')
{
$config['img_imagick'] .= '/';
}
@passthru(escapeshellcmd($config['img_imagick']) . 'convert' . ((defined('PHP_OS') && preg_match('#^win#i', PHP_OS)) ? '.exe' : '') . ' -quality 85 -antialias -sample ' . $new_width . 'x' . $new_height . ' "' . str_replace('\\', '/', $source) . '" +profile "*" "' . str_replace('\\', '/', $destination) . '"');
if (file_exists($destination))
@ -934,7 +939,8 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id
WHERE p.topic_id = $topic_id
" . ((!$auth->acl_get('m_approve', $forum_id)) ? 'AND p.post_approved = 1' : '') . '
' . (($mode == 'post_review') ? " AND p.post_id > $cur_post_id" : '') . '
ORDER BY p.post_time DESC';
ORDER BY p.post_time ';
$sql .= ($mode == 'post_review') ? 'ASC' : 'DESC';
$result = $db->sql_query_limit($sql, $config['posts_per_page']);
$post_list = array();
@ -1105,7 +1111,7 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
trigger_error('WRONG_NOTIFICATION_MODE');
}
if (!$config['allow_topic_notify'])
if (($topic_notification && !$config['allow_topic_notify']) || ($forum_notification && !$config['allow_forum_notify']))
{
return;
}
@ -1115,16 +1121,15 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
// Get banned User ID's
$sql = 'SELECT ban_userid
FROM ' . BANLIST_TABLE;
FROM ' . BANLIST_TABLE . '
WHERE ban_userid <> 0
AND ban_exclude <> 1';
$result = $db->sql_query($sql);
$sql_ignore_users = ANONYMOUS . ', ' . $user->data['user_id'];
while ($row = $db->sql_fetchrow($result))
{
if (isset($row['ban_userid']))
{
$sql_ignore_users .= ', ' . $row['ban_userid'];
}
$sql_ignore_users .= ', ' . (int) $row['ban_userid'];
}
$db->sql_freeresult($result);
@ -1326,9 +1331,21 @@ function delete_post($forum_id, $topic_id, $post_id, &$data)
global $config, $phpEx, $phpbb_root_path;
// Specify our post mode
$post_mode = ($data['topic_first_post_id'] == $data['topic_last_post_id']) ? 'delete_topic' : (($data['topic_first_post_id'] == $post_id) ? 'delete_first_post' : (($data['topic_last_post_id'] == $post_id) ? 'delete_last_post' : 'delete'));
$post_mode = 'delete';
if (($data['topic_first_post_id'] === $data['topic_last_post_id']) && $data['topic_replies_real'] == 0)
{
$post_mode = 'delete_topic';
}
else if ($data['topic_first_post_id'] == $post_id)
{
$post_mode = 'delete_first_post';
}
else if ($data['topic_last_post_id'] == $post_id)
{
$post_mode = 'delete_last_post';
}
$sql_data = array();
$next_post_id = 0;
$next_post_id = false;
include_once($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
@ -2013,7 +2030,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
foreach ($data['attachment_data'] as $pos => $attach_row)
{
if ($attach_row['is_orphan'] && !in_array($attach_row['attach_id'], array_keys($orphan_rows)))
if ($attach_row['is_orphan'] && !isset($orphan_rows[$attach_row['attach_id']]))
{
continue;
}

4
phpBB/includes/functions_privmsgs.php
View file

@ -606,7 +606,7 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
unset($sql_folder);
if (in_array(PRIVMSGS_INBOX, array_keys($move_into_folder)))
if (isset($move_into_folder[PRIVMSGS_INBOX]))
{
$sql = 'SELECT COUNT(msg_id) as num_messages
FROM ' . PRIVMSGS_TO_TABLE . "
@ -1506,7 +1506,7 @@ function submit_pm($mode, $subject, &$data, $put_in_outbox = true)
foreach ($data['attachment_data'] as $pos => $attach_row)
{
if ($attach_row['is_orphan'] && !in_array($attach_row['attach_id'], array_keys($orphan_rows)))
if ($attach_row['is_orphan'] && !isset($orphan_rows[$attach_row['attach_id']]))
{
continue;
}

15
phpBB/includes/functions_profile_fields.php
View file

@ -488,7 +488,8 @@ class custom_profile
else if ($day && $month && $year)
{
global $user;
return $user->format_date(mktime(0, 0, 0, $month, $day, $year), $user->lang['DATE_FORMAT'], true);
// d/m/y 00:00 GMT isn't necessarily on the same d/m/y in the user's timezone, so add the timezone seconds
return $user->format_date(gmmktime(0, 0, 0, $month, $day, $year) + $user->timezone + $user->dst, $user->lang['DATE_FORMAT'], true);
}
return $value;
@ -666,7 +667,7 @@ class custom_profile
}
$profile_row['s_year_options'] = '<option value="0"' . ((!$year) ? ' selected="selected"' : '') . '>--</option>';
for ($i = $now['year'] - 100; $i <= $now['year']; $i++)
for ($i = $now['year'] - 100; $i <= $now['year'] + 100; $i++)
{
$profile_row['s_year_options'] .= '<option value="' . $i . '"' . (($i == $year) ? ' selected="selected"' : '') . ">$i</option>";
}
@ -871,13 +872,13 @@ class custom_profile
}
else
{
$var = request_var($var_name, $profile_row['field_default_value']);
$var = request_var($var_name, (int) $profile_row['field_default_value']);
}
break;
case FIELD_STRING:
case FIELD_TEXT:
$var = utf8_normalize_nfc(request_var($var_name, $profile_row['field_default_value'], true));
$var = utf8_normalize_nfc(request_var($var_name, (string) $profile_row['field_default_value'], true));
break;
case FIELD_INT:
@ -887,10 +888,14 @@ class custom_profile
}
else
{
$var = request_var($var_name, $profile_row['field_default_value']);
$var = request_var($var_name, (int) $profile_row['field_default_value']);
}
break;
case FIELD_DROPDOWN:
$var = request_var($var_name, (int) $profile_row['field_default_value']);
break;
default:
$var = request_var($var_name, $profile_row['field_default_value']);
break;

12
phpBB/includes/functions_upload.php
View file

@ -386,8 +386,8 @@ class filespec
// Filesize is too big or it's 0 if it was larger than the maxsize in the upload form
if ($this->upload->max_filesize && ($this->get('filesize') > $this->upload->max_filesize || $this->filesize == 0))
{
$size_lang = ($this->upload->max_filesize >= 1048576) ? $user->lang['MB'] : (($this->upload->max_filesize >= 1024) ? $user->lang['KB'] : $user->lang['BYTES'] );
$max_filesize = ($this->upload->max_filesize >= 1048576) ? round($this->upload->max_filesize / 1048576 * 100) / 100 : (($this->upload->max_filesize >= 1024) ? round($this->upload->max_filesize / 1024 * 100) / 100 : $this->upload->max_filesize);
$size_lang = ($this->upload->max_filesize >= 1048576) ? $user->lang['MIB'] : (($this->upload->max_filesize >= 1024) ? $user->lang['KIB'] : $user->lang['BYTES'] );
$max_filesize = get_formatted_filesize($this->upload->max_filesize, false);
$this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'WRONG_FILESIZE'], $max_filesize, $size_lang);
@ -777,8 +777,8 @@ class fileupload
break;
case 2:
$size_lang = ($this->max_filesize >= 1048576) ? $user->lang['MB'] : (($this->max_filesize >= 1024) ? $user->lang['KB'] : $user->lang['BYTES'] );
$max_filesize = ($this->max_filesize >= 1048576) ? round($this->max_filesize / 1048576 * 100) / 100 : (($this->max_filesize >= 1024) ? round($this->max_filesize / 1024 * 100) / 100 : $this->max_filesize);
$size_lang = ($this->max_filesize >= 1048576) ? $user->lang['MIB'] : (($this->max_filesize >= 1024) ? $user->lang['KIB'] : $user->lang['BYTES']);
$max_filesize = get_formatted_filesize($this->max_filesize, false);
$error = sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize, $size_lang);
break;
@ -813,8 +813,8 @@ class fileupload
// Filesize is too big or it's 0 if it was larger than the maxsize in the upload form
if ($this->max_filesize && ($file->get('filesize') > $this->max_filesize || $file->get('filesize') == 0))
{
$size_lang = ($this->max_filesize >= 1048576) ? $user->lang['MB'] : (($this->max_filesize >= 1024) ? $user->lang['KB'] : $user->lang['BYTES'] );
$max_filesize = ($this->max_filesize >= 1048576) ? round($this->max_filesize / 1048576 * 100) / 100 : (($this->max_filesize >= 1024) ? round($this->max_filesize / 1024 * 100) / 100 : $this->max_filesize);
$size_lang = ($this->max_filesize >= 1048576) ? $user->lang['MIB'] : (($this->max_filesize >= 1024) ? $user->lang['KIB'] : $user->lang['BYTES']);
$max_filesize = get_formatted_filesize($this->max_filesize, false);
$file->error[] = sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize, $size_lang);
}

68
phpBB/includes/functions_user.php
View file

@ -137,10 +137,17 @@ function user_update_name($old_name, $new_name)
{
set_config('newest_username', $new_name, true);
}
// Because some tables/caches use username-specific data we need to purge this here.
$cache->destroy('sql', MODERATOR_CACHE_TABLE);
}
/**
* Add User
* Adds an user
*
* @param mixed $user_row An array containing the following keys (and the appropriate values): username, group_id (the group to place the user in), user_email and the user_type(usually 0). Additional entries not overridden by defaults will be forwarded.
* @param string $cp_data custom profile fields, see custom_profile::build_insert_sql_array
* @return: the new user's ID.
*/
function user_add($user_row, $cp_data = false)
{
@ -278,7 +285,7 @@ function user_add($user_row, $cp_data = false)
$sql = 'SELECT group_colour
FROM ' . GROUPS_TABLE . '
WHERE group_id = ' . $user_row['group_id'];
WHERE group_id = ' . (int) $user_row['group_id'];
$result = $db->sql_query_limit($sql, 1);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
@ -1260,6 +1267,45 @@ function validate_num($num, $optional = false, $min = 0, $max = 1E99)
return false;
}
/**
* Validate Date
* @param String $string a date in the dd-mm-yyyy format
* @return boolean
*/
function validate_date($date_string, $optional = false)
{
$date = explode('-', $date_string);
if ((empty($date) || sizeof($date) != 3) && $optional)
{
return false;
}
else if ($optional)
{
for ($field = 0; $field <= 1; $field++)
{
$date[$field] = (int) $date[$field];
if (empty($date[$field]))
{
$date[$field] = 1;
}
}
$date[2] = (int) $date[2];
// assume an arbitrary leap year
if (empty($date[2]))
{
$date[2] = 1980;
}
}
if (sizeof($date) != 3 || !checkdate($date[1], $date[0], $date[2]))
{
return 'INVALID';
}
return false;
}
/**
* Validate Match
*
@ -1433,20 +1479,6 @@ function validate_username($username, $allowed_username = false)
}
}
$sql = 'SELECT word
FROM ' . WORDS_TABLE;
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
if (preg_match('#(' . str_replace('\*', '.*?', preg_quote($row['word'], '#')) . ')#i', $username))
{
$db->sql_freeresult($result);
return 'USERNAME_DISALLOWED';
}
}
$db->sql_freeresult($result);
return false;
}
@ -3088,7 +3120,7 @@ function group_set_user_default($group_id, $user_id_ary, $group_attributes = fal
}
// Before we update the user attributes, we will make a list of those having now the group avatar assigned
if (in_array('user_avatar', array_keys($sql_ary)))
if (isset($sql_ary['user_avatar']))
{
// Ok, get the original avatar data from users having an uploaded one (we need to remove these from the filesystem)
$sql = 'SELECT user_id, group_id, user_avatar
@ -3114,7 +3146,7 @@ function group_set_user_default($group_id, $user_id_ary, $group_attributes = fal
WHERE ' . $db->sql_in_set('user_id', $user_id_ary);
$db->sql_query($sql);
if (in_array('user_colour', array_keys($sql_ary)))
if (isset($sql_ary['user_colour']))
{
// Update any cached colour information for these users
$sql = 'UPDATE ' . FORUMS_TABLE . " SET forum_last_poster_colour = '" . $db->sql_escape($sql_ary['user_colour']) . "'

21
phpBB/includes/mcp/mcp_forum.php
View file

@ -146,8 +146,8 @@ function mcp_forum_view($id, $mode, $action, $forum_info)
$read_tracking_join = $read_tracking_select = '';
}
$sql = "SELECT t.*$read_tracking_select
FROM " . TOPICS_TABLE . " t $read_tracking_join
$sql = "SELECT t.topic_id
FROM " . TOPICS_TABLE . " t
WHERE t.forum_id IN($forum_id, 0)
" . (($auth->acl_get('m_approve', $forum_id)) ? '' : 'AND t.topic_approved = 1') . "
$limit_time_sql
@ -155,10 +155,21 @@ function mcp_forum_view($id, $mode, $action, $forum_info)
$result = $db->sql_query_limit($sql, $topics_per_page, $start);
$topic_list = $topic_tracking_info = array();
while ($row = $db->sql_fetchrow($result))
{
$topic_list[] = $row['topic_id'];
}
$db->sql_freeresult($result);
$sql = "SELECT t.*$read_tracking_select
FROM " . TOPICS_TABLE . " t $read_tracking_join
WHERE " . $db->sql_in_set('t.topic_id', $topic_list);
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
$topic_rows[$row['topic_id']] = $row;
$topic_list[] = $row['topic_id'];
}
$db->sql_freeresult($result);
@ -181,10 +192,12 @@ function mcp_forum_view($id, $mode, $action, $forum_info)
}
}
foreach ($topic_rows as $topic_id => $row)
foreach ($topic_list as $topic_id)
{
$topic_title = '';
$row = &$topic_rows[$topic_id];
$replies = ($auth->acl_get('m_approve', $forum_id)) ? $row['topic_replies_real'] : $row['topic_replies'];
if ($row['topic_status'] == ITEM_MOVED)

2
phpBB/includes/mcp/mcp_reports.php
View file

@ -186,7 +186,7 @@ class mcp_reports
$template->assign_vars(array(
'S_MCP_REPORT' => true,
'S_CLOSE_ACTION' => $this->u_action . '&amp;p=' . $post_id . '&amp;f=' . $forum_id,
'S_CLOSE_ACTION' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports&amp;mode=report_details&amp;f=' . $post_info['forum_id'] . '&amp;p=' . $post_id),
'S_CAN_VIEWIP' => $auth->acl_get('m_info', $post_info['forum_id']),
'S_POST_REPORTED' => $post_info['post_reported'],
'S_POST_UNAPPROVED' => !$post_info['post_approved'],

45
phpBB/includes/message_parser.php
View file

@ -198,7 +198,7 @@ class bbcode_firstpass extends bbcode
if (!$this->check_bbcode('size', $in))
{
return '';
return $in;
}
if ($config['max_' . $this->mode . '_font_size'] && $config['max_' . $this->mode . '_font_size'] < $stx)
@ -224,7 +224,7 @@ class bbcode_firstpass extends bbcode
{
if (!$this->check_bbcode('color', $in))
{
return '';
return $in;
}
return '[color=' . $stx . ':' . $this->bbcode_uid . ']' . $in . '[/color:' . $this->bbcode_uid . ']';
@ -237,7 +237,7 @@ class bbcode_firstpass extends bbcode
{
if (!$this->check_bbcode('u', $in))
{
return '';
return $in;
}
return '[u:' . $this->bbcode_uid . ']' . $in . '[/u:' . $this->bbcode_uid . ']';
@ -250,7 +250,7 @@ class bbcode_firstpass extends bbcode
{
if (!$this->check_bbcode('b', $in))
{
return '';
return $in;
}
return '[b:' . $this->bbcode_uid . ']' . $in . '[/b:' . $this->bbcode_uid . ']';
@ -263,7 +263,7 @@ class bbcode_firstpass extends bbcode
{
if (!$this->check_bbcode('i', $in))
{
return '';
return $in;
}
return '[i:' . $this->bbcode_uid . ']' . $in . '[/i:' . $this->bbcode_uid . ']';
@ -278,7 +278,7 @@ class bbcode_firstpass extends bbcode
if (!$this->check_bbcode('img', $in))
{
return '';
return $in;
}
$in = trim($in);
@ -340,7 +340,7 @@ class bbcode_firstpass extends bbcode
if (!$this->check_bbcode('flash', $in))
{
return '';
return $in;
}
$in = trim($in);
@ -377,7 +377,7 @@ class bbcode_firstpass extends bbcode
{
if (!$this->check_bbcode('attachment', $in))
{
return '';
return $in;
}
return '[attachment=' . $stx . ':' . $this->bbcode_uid . ']<!-- ia' . $stx . ' -->' . trim($in) . '<!-- ia' . $stx . ' -->[/attachment:' . $this->bbcode_uid . ']';
@ -457,7 +457,7 @@ class bbcode_firstpass extends bbcode
{
if (!$this->check_bbcode('code', $in))
{
return '';
return $in;
}
// We remove the hardcoded elements from the code block here because it is not used in code blocks
@ -550,7 +550,7 @@ class bbcode_firstpass extends bbcode
{
if (!$this->check_bbcode('list', $in))
{
return '';
return $in;
}
// $tok holds characters to stop at. Since the string starts with a '[' we'll get everything up to the first ']' which should be the opening [list] tag
@ -684,7 +684,8 @@ class bbcode_firstpass extends bbcode
* #14667 - [quote]test[/quote] test ] and [ test [quote]test[/quote] (correct: parsed)
* #14770 - [quote="["]test[/quote] (correct: parsed)
* [quote="[i]test[/i]"]test[/quote] (correct: parsed)
* [quote="[quote]test[/quote]"]test[/quote] (correct: NOT parsed)
* [quote="[quote]test[/quote]"]test[/quote] (correct: parsed - Username displayed as [quote]test[/quote])
* #20735 - [quote]test[/[/b]quote] test [/quote][/quote] test - (correct: quoted: "test[/[/b]quote] test" / non-quoted: "[/quote] test" - also failed if layout distorted)
*/
$in = str_replace("\r\n", "\n", str_replace('\"', '"', trim($in)));
@ -737,7 +738,7 @@ class bbcode_firstpass extends bbcode
$out .= ' ';
}*/
}
else if (preg_match('#^quote(?:=&quot;(.*?)&quot;)?$#is', $buffer, $m))
else if (preg_match('#^quote(?:=&quot;(.*?)&quot;)?$#is', $buffer, $m) && substr($out, -1, 1) == '[')
{
$this->parsed_items['quote']++;
@ -913,9 +914,14 @@ class bbcode_firstpass extends bbcode
$url = ($var1) ? $var1 : $var2;
if (!$url || ($var1 && !$var2))
if ($var1 && !$var2)
{
return '';
$var2 = $var1;
}
if (!$url)
{
return '[url' . (($var1) ? '=' . $var1 : '') . ']' . $var2 . '[/url]';
}
$valid = false;
@ -978,7 +984,7 @@ class bbcode_firstpass extends bbcode
// Is the user trying to link to a php file in this domain and script path?
if (strpos($url, ".{$phpEx}") !== false && strpos($url, $check_path) !== false)
{
$server_name = (!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME');
$server_name = $user->host;
// Forcing server vars is the only way to specify/override the protocol
if ($config['force_server_vars'] || !$server_name)
@ -1083,15 +1089,15 @@ class parse_message extends bbcode_firstpass
if ((!$msg_len && $mode !== 'sig') || $config['max_' . $mode . '_chars'] && $msg_len > $config['max_' . $mode . '_chars'])
{
$this->warn_msg[] = (!$msg_len) ? $user->lang['TOO_FEW_CHARS'] : sprintf($user->lang['TOO_MANY_CHARS_' . strtoupper($mode)], $msg_len, $config['max_' . $mode . '_chars']);
return $this->warn_msg;
return (!$update_this_message) ? $return_message : $this->warn_msg;
}
}
// Check for "empty" message
if ($mode !== 'sig' && !utf8_clean_string($this->message))
if ($mode !== 'sig' && utf8_clean_string($this->message) === '')
{
$this->warn_msg[] = $user->lang['TOO_FEW_CHARS'];
return $this->warn_msg;
return (!$update_this_message) ? $return_message : $this->warn_msg;
}
// Prepare BBcode (just prepares some tags for better parsing)
@ -1140,7 +1146,7 @@ class parse_message extends bbcode_firstpass
if ($config['max_' . $mode . '_urls'] && $num_urls > $config['max_' . $mode . '_urls'])
{
$this->warn_msg[] = sprintf($user->lang['TOO_MANY_URLS'], $config['max_' . $mode . '_urls']);
return $this->warn_msg;
return (!$update_this_message) ? $return_message : $this->warn_msg;
}
if (!$update_this_message)
@ -1597,7 +1603,6 @@ class parse_message extends bbcode_firstpass
$this->message = $poll['poll_option_text'];
$bbcode_bitfield = $this->bbcode_bitfield;
$poll['poll_option_text'] = $this->parse($poll['enable_bbcode'], ($config['allow_post_links']) ? $poll['enable_urls'] : false, $poll['enable_smilies'], $poll['img_status'], false, false, $config['allow_post_links'], false);
$bbcode_bitfield = base64_encode(base64_decode($bbcode_bitfield) | base64_decode($this->bbcode_bitfield));

43
phpBB/includes/session.php
View file

@ -129,7 +129,8 @@ class session
'script_path' => str_replace(' ', '%20', htmlspecialchars($script_path)),
'root_script_path' => str_replace(' ', '%20', htmlspecialchars($root_script_path)),
'page' => $page
'page' => $page,
'forum' => (isset($_REQUEST['f']) && $_REQUEST['f'] > 0) ? (int) $_REQUEST['f'] : 0,
);
return $page_array;
@ -158,7 +159,7 @@ class session
$this->update_session_page = $update_session_page;
$this->browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : '';
$this->forwarded_for = (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? (string) $_SERVER['HTTP_X_FORWARDED_FOR'] : '';
$this->host = (!empty($_SERVER['HTTP_HOST'])) ? (string) $_SERVER['HTTP_HOST'] : 'localhost';
$this->host = (!empty($_SERVER['HTTP_HOST'])) ? (string) strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
$this->page = $this->extract_current_page($phpbb_root_path);
// if the forwarded for header shall be checked we have to validate its contents
@ -179,9 +180,10 @@ class session
}
}
}
// Add forum to the page for tracking online users - also adding a "x" to the end to properly identify the number
$this->page['page'] .= (isset($_REQUEST['f'])) ? ((strpos($this->page['page'], '?') !== false) ? '&' : '?') . '_f_=' . (int) $_REQUEST['f'] . 'x' : '';
else
{
$this->forwarded_for = '';
}
if (isset($_COOKIE[$config['cookie_name'] . '_sid']) || isset($_COOKIE[$config['cookie_name'] . '_u']))
{
@ -256,8 +258,8 @@ class session
$u_ip = implode('.', array_slice(explode('.', $this->ip), 0, $config['ip_check']));
}
$s_browser = ($config['browser_check']) ? strtolower(substr($this->data['session_browser'], 0, 149)) : '';
$u_browser = ($config['browser_check']) ? strtolower(substr($this->browser, 0, 149)) : '';
$s_browser = ($config['browser_check']) ? trim(strtolower(substr($this->data['session_browser'], 0, 149))) : '';
$u_browser = ($config['browser_check']) ? trim(strtolower(substr($this->browser, 0, 149))) : '';
$s_forwarded_for = ($config['forwarded_for_check']) ? substr($this->data['session_forwarded_for'], 0, 254) : '';
$u_forwarded_for = ($config['forwarded_for_check']) ? substr($this->forwarded_for, 0, 254) : '';
@ -306,6 +308,7 @@ class session
if ($this->update_session_page)
{
$sql_ary['session_page'] = substr($this->page['page'], 0, 199);
$sql_ary['session_forum_id'] = $this->page['forum'];
}
$sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
@ -526,8 +529,8 @@ class session
$u_ip = implode('.', array_slice(explode('.', $this->ip), 0, $config['ip_check']));
}
$s_browser = ($config['browser_check']) ? strtolower(substr($this->data['session_browser'], 0, 149)) : '';
$u_browser = ($config['browser_check']) ? strtolower(substr($this->browser, 0, 149)) : '';
$s_browser = ($config['browser_check']) ? trim(strtolower(substr($this->data['session_browser'], 0, 149))) : '';
$u_browser = ($config['browser_check']) ? trim(strtolower(substr($this->browser, 0, 149))) : '';
$s_forwarded_for = ($config['forwarded_for_check']) ? substr($this->data['session_forwarded_for'], 0, 254) : '';
$u_forwarded_for = ($config['forwarded_for_check']) ? substr($this->forwarded_for, 0, 254) : '';
@ -546,6 +549,7 @@ class session
if ($this->update_session_page)
{
$sql_ary['session_page'] = substr($this->page['page'], 0, 199);
$sql_ary['session_forum_id'] = $this->page['forum'];
}
$sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
@ -579,7 +583,7 @@ class session
'session_start' => (int) $this->time_now,
'session_last_visit' => (int) $this->data['session_last_visit'],
'session_time' => (int) $this->time_now,
'session_browser' => (string) substr($this->browser, 0, 149),
'session_browser' => (string) trim(substr($this->browser, 0, 149)),
'session_forwarded_for' => (string) $this->forwarded_for,
'session_ip' => (string) $this->ip,
'session_autologin' => ($session_autologin) ? 1 : 0,
@ -590,6 +594,7 @@ class session
if ($this->update_session_page)
{
$sql_ary['session_page'] = (string) substr($this->page['page'], 0, 199);
$sql_ary['session_forum_id'] = $this->page['forum'];
}
$db->sql_return_on_error(true);
@ -604,6 +609,8 @@ class session
// Limit new sessions in 1 minute period (if required)
if (empty($this->data['session_time']) && $config['active_sessions'])
{
// $db->sql_return_on_error(false);
$sql = 'SELECT COUNT(session_id) AS sessions
FROM ' . SESSIONS_TABLE . '
WHERE session_time >= ' . ($this->time_now - 60);
@ -619,10 +626,15 @@ class session
}
}
// Since we re-create the session id here, the inserted row must be unique. Therefore, we display potential errors.
// Commented out because it will not allow forums to update correctly
// $db->sql_return_on_error(false);
$this->session_id = $this->data['session_id'] = md5(unique_id());
$sql_ary['session_id'] = (string) $this->session_id;
$sql_ary['session_page'] = (string) substr($this->page['page'], 0, 199);
$sql_ary['session_forum_id'] = $this->page['forum'];
$sql = 'INSERT INTO ' . SESSIONS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
$db->sql_query($sql);
@ -653,7 +665,7 @@ class session
$sql = 'SELECT COUNT(session_id) AS sessions
FROM ' . SESSIONS_TABLE . '
WHERE session_user_id = ' . (int) $this->data['user_id'] . '
AND session_time >= ' . ($this->time_now - $config['form_token_lifetime']);
AND session_time >= ' . (int) ($this->time_now - (max($config['session_length'], $config['form_token_lifetime'])));
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
@ -872,7 +884,11 @@ class session
/**
* Sets a cookie
*
* Sets a cookie of the given name with the specified data for the given length of time.
* Sets a cookie of the given name with the specified data for the given length of time. If no time is specified, a session cookie will be set.
*
* @param string $name Name of the cookie, will be automatically prefixed with the phpBB cookie name. track becomes [cookie_name]_track then.
* @param string $cookiedata The data to hold within the cookie
* @param int $cookietime The expiration time as UNIX timestamp. If 0 is provided, a session cookie is set.
*/
function set_cookie($name, $cookiedata, $cookietime)
{
@ -882,7 +898,7 @@ class session
$expire = gmdate('D, d-M-Y H:i:s \\G\\M\\T', $cookietime);
$domain = (!$config['cookie_domain'] || $config['cookie_domain'] == 'localhost' || $config['cookie_domain'] == '127.0.0.1') ? '' : '; domain=' . $config['cookie_domain'];
header('Set-Cookie: ' . $name_data . '; expires=' . $expire . '; path=' . $config['cookie_path'] . $domain . ((!$config['cookie_secure']) ? '' : '; secure') . '; HttpOnly', false);
header('Set-Cookie: ' . $name_data . (($cookietime) ? '; expires=' . $expire : '') . '; path=' . $config['cookie_path'] . $domain . ((!$config['cookie_secure']) ? '' : '; secure') . '; HttpOnly', false);
}
/**
@ -1477,6 +1493,7 @@ class user extends session
$sql = 'SELECT image_name, image_filename, image_lang, image_height, image_width
FROM ' . STYLES_IMAGESET_DATA_TABLE . '
WHERE imageset_id = ' . $this->theme['imageset_id'] . "
AND image_filename <> ''
AND image_lang IN ('" . $db->sql_escape($this->img_lang) . "', '')";
$result = $db->sql_query($sql, 3600);

2
phpBB/includes/ucp/ucp_attachments.php
View file

@ -150,7 +150,7 @@ class ucp_attachments
'FILENAME' => $row['real_filename'],
'COMMENT' => bbcode_nl2br($row['attach_comment']),
'EXTENSION' => $row['extension'],
'SIZE' => ($row['filesize'] >= 1048576) ? ($row['filesize'] >> 20) . ' ' . $user->lang['MB'] : (($row['filesize'] >= 1024) ? ($row['filesize'] >> 10) . ' ' . $user->lang['KB'] : $row['filesize'] . ' ' . $user->lang['BYTES']),
'SIZE' => get_formatted_filesize($row['filesize']),
'DOWNLOAD_COUNT' => $row['download_count'],
'POST_TIME' => $user->format_date($row['filetime']),
'TOPIC_TITLE' => ($row['in_message']) ? $row['message_title'] : $row['topic_title'],

20
phpBB/includes/ucp/ucp_groups.php
View file

@ -127,6 +127,18 @@ class ucp_groups
}
list(, $row) = each($row);
$sql = 'SELECT group_type
FROM ' . GROUPS_TABLE . '
WHERE group_id = ' . $group_id;
$result = $db->sql_query($sql);
$group_type = (int) $db->sql_fetchfield('group_type');
$db->sql_freeresult($result);
if ($group_type != GROUP_OPEN && $group_type != GROUP_FREE)
{
trigger_error($user->lang['CANNOT_RESIGN_GROUP'] . $return_page);
}
if (confirm_box(true))
{
group_user_del($group_id, $user->data['user_id']);
@ -697,8 +709,8 @@ class ucp_groups
'U_SWATCH' => append_sid("{$phpbb_root_path}adm/swatch.$phpEx", 'form=ucp&amp;name=group_colour'),
'S_UCP_ACTION' => $this->u_action . "&amp;action=$action&amp;g=$group_id",
'L_AVATAR_EXPLAIN' => sprintf($user->lang['AVATAR_EXPLAIN'], $config['avatar_max_width'], $config['avatar_max_height'], round($config['avatar_filesize'] / 1024)))
);
'L_AVATAR_EXPLAIN' => sprintf($user->lang['AVATAR_EXPLAIN'], $config['avatar_max_width'], $config['avatar_max_height'], $config['avatar_filesize'] / 1024),
));
break;
@ -1002,6 +1014,8 @@ class ucp_groups
{
trigger_error($user->lang[$error] . $return_page);
}
trigger_error($user->lang['GROUP_USERS_ADDED'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $this->u_action . '&amp;action=list&amp;g=' . $group_id . '">', '</a>'));
}
else
{
@ -1016,7 +1030,7 @@ class ucp_groups
confirm_box(false, sprintf($user->lang['GROUP_CONFIRM_ADD_USER' . ((sizeof($name_ary) == 1) ? '' : 'S')], implode(', ', $name_ary)), build_hidden_fields($s_hidden_fields));
}
trigger_error($user->lang['GROUP_USERS_ADDED'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $this->u_action . '&amp;action=list&amp;g=' . $group_id . '">', '</a>'));
trigger_error($user->lang['NO_USERS_ADDED'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $this->u_action . '&amp;action=list&amp;g=' . $group_id . '">', '</a>'));
break;

2
phpBB/includes/ucp/ucp_pm.php
View file

@ -92,7 +92,7 @@ class ucp_pm
{
if ($user->data['user_new_privmsg'])
{
$l_new_message = ($user->data['user_new_privmsg'] == 1 ) ? $user->lang['YOU_NEW_PM'] : $user->lang['YOU_NEW_PMS'];
$l_new_message = ($user->data['user_new_privmsg'] == 1) ? $user->lang['YOU_NEW_PM'] : $user->lang['YOU_NEW_PMS'];
}
else
{

39
phpBB/includes/ucp/ucp_pm_compose.php
View file

@ -465,7 +465,8 @@ function compose_pm($id, $mode, $action)
'forum_id' => 0,
'save_time' => $current_time,
'draft_subject' => $subject,
'draft_message' => $message)
'draft_message' => $message
)
);
$db->sql_query($sql);
@ -488,18 +489,20 @@ function compose_pm($id, $mode, $action)
'g' => $to_group_id,
'p' => $msg_id)
);
$s_hidden_fields .= build_address_field($address_list);
confirm_box(false, 'SAVE_DRAFT', $s_hidden_fields);
}
}
else
{
if (!$subject || !utf8_clean_string($subject))
if (utf8_clean_string($subject) === '')
{
$error[] = $user->lang['EMPTY_MESSAGE_SUBJECT'];
}
if (!$message)
if (utf8_clean_string($message) === '')
{
$error[] = $user->lang['TOO_FEW_CHARS'];
}
@ -541,7 +544,7 @@ function compose_pm($id, $mode, $action)
if ($submit || $preview || $refresh)
{
if (!check_form_key('ucp_pm_compose'))
if (($submit || $preview) && !check_form_key('ucp_pm_compose'))
{
$error[] = $user->lang['FORM_INVALID'];
}
@ -600,7 +603,7 @@ function compose_pm($id, $mode, $action)
// Subject defined
if ($submit)
{
if (!$subject || !utf8_clean_string($subject))
if (utf8_clean_string($subject) === '')
{
$error[] = $user->lang['EMPTY_MESSAGE_SUBJECT'];
}
@ -888,14 +891,8 @@ function compose_pm($id, $mode, $action)
}
// Build hidden address list
$s_hidden_address_field = '';
foreach ($address_list as $type => $adr_ary)
{
foreach ($adr_ary as $id => $field)
{
$s_hidden_address_field .= '<input type="hidden" name="address_list[' . (($type == 'u') ? 'u' : 'g') . '][' . (int) $id . ']" value="' . (($field == 'to') ? 'to' : 'bcc') . '" />';
}
}
$s_hidden_address_field = build_address_field($address_list);
$bbcode_checked = (isset($enable_bbcode)) ? !$enable_bbcode : (($config['allow_bbcode'] && $auth->acl_get('u_pm_bbcode')) ? !$user->optionget('bbcode') : 1);
$smilies_checked = (isset($enable_smilies)) ? !$enable_smilies : (($config['allow_smilies'] && $auth->acl_get('u_pm_smilies')) ? !$user->optionget('smilies') : 1);
@ -1117,6 +1114,22 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove
}
}
/**
* Build the hidden field for the recipients. Needed, as the variable is not read via request_var.
*/
function build_address_field($address_list)
{
$s_hidden_address_field = '';
foreach ($address_list as $type => $adr_ary)
{
foreach ($adr_ary as $id => $field)
{
$s_hidden_address_field .= '<input type="hidden" name="address_list[' . (($type == 'u') ? 'u' : 'g') . '][' . (int) $id . ']" value="' . (($field == 'to') ? 'to' : 'bcc') . '" />';
}
}
return $s_hidden_address_field;
}
/**
* Return number of private message recipients
*/

2
phpBB/includes/ucp/ucp_prefs.php
View file

@ -114,7 +114,7 @@ class ucp_prefs
$s_custom = false;
$dateformat_options .= '<option value="custom"';
if (!in_array($data['dateformat'], array_keys($user->lang['dateformats'])))
if (!isset($user->lang['dateformats'][$data['dateformat']]))
{
$dateformat_options .= ' selected="selected"';
$s_custom = true;

8
phpBB/includes/ucp/ucp_profile.php
View file

@ -295,6 +295,7 @@ class ucp_profile
$data['bday_day'] = request_var('bday_day', $data['bday_day']);
$data['bday_month'] = request_var('bday_month', $data['bday_month']);
$data['bday_year'] = request_var('bday_year', $data['bday_year']);
$data['user_birthday'] = sprintf('%2d-%2d-%4d', $data['bday_day'], $data['bday_month'], $data['bday_year']);
}
add_form_key('ucp_profile_info');
@ -325,6 +326,7 @@ class ucp_profile
'bday_day' => array('num', true, 1, 31),
'bday_month' => array('num', true, 1, 12),
'bday_year' => array('num', true, 1901, gmdate('Y', time()) + 50),
'user_birthday' => array('date', true),
));
}
@ -359,7 +361,7 @@ class ucp_profile
if ($config['allow_birthdays'])
{
$sql_ary['user_birthday'] = sprintf('%2d-%2d-%4d', $data['bday_day'], $data['bday_month'], $data['bday_year']);
$sql_ary['user_birthday'] = $data['user_birthday'];
}
$sql = 'UPDATE ' . USERS_TABLE . '
@ -592,8 +594,8 @@ class ucp_profile
'S_FORM_ENCTYPE' => ($can_upload) ? ' enctype="multipart/form-data"' : '',
'L_AVATAR_EXPLAIN' => sprintf($user->lang['AVATAR_EXPLAIN'], $config['avatar_max_width'], $config['avatar_max_height'], round($config['avatar_filesize'] / 1024)),)
);
'L_AVATAR_EXPLAIN' => sprintf($user->lang['AVATAR_EXPLAIN'], $config['avatar_max_width'], $config['avatar_max_height'], $config['avatar_filesize'] / 1024),
));
if ($display_gallery && $auth->acl_get('u_chgavatar') && $config['allow_avatar_local'])
{

46
phpBB/includes/ucp/ucp_register.php
View file

@ -44,14 +44,6 @@ class ucp_register
$change_lang = request_var('change_lang', '');
$user_lang = request_var('lang', $user->lang_name);
// not so fast, buddy
if (($submit && !check_form_key('ucp_register', false, '', false, $config['min_time_reg']))
|| (!$submit && !check_form_key('ucp_register_terms', false, '', false, $config['min_time_terms'])))
{
$agreed = false;
}
if ($agreed)
{
add_form_key('ucp_register');
@ -92,7 +84,7 @@ class ucp_register
$error = $cp_data = $cp_error = array();
//
if (!$agreed || ($coppa === false && $config['coppa_enable']) || ($coppa && !$config['coppa_enable']))
{
$add_lang = ($change_lang) ? '&amp;change_lang=' . urlencode($change_lang) : '';
@ -103,12 +95,13 @@ class ucp_register
// If we change the language, we want to pass on some more possible parameter.
if ($change_lang)
{
// We do not include the password!
// We do not include the password
$s_hidden_fields = array_merge($s_hidden_fields, array(
'username' => utf8_normalize_nfc(request_var('username', '', true)),
'email' => strtolower(request_var('email', '')),
'email_confirm' => strtolower(request_var('email_confirm', '')),
'confirm_code' => request_var('confirm_code', ''),
'confirm_id' => request_var('confirm_id', ''),
'lang' => $user->lang_name,
'tz' => request_var('tz', (float) $config['board_timezone']),
));
@ -141,7 +134,6 @@ class ucp_register
'S_REGISTRATION' => true,
'S_HIDDEN_FIELDS' => build_hidden_fields($s_hidden_fields),
'S_UCP_ACTION' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register' . $add_lang . $add_coppa),
'S_TIME' => 1000 * ((int) $config['min_time_terms']),
)
);
}
@ -200,7 +192,10 @@ class ucp_register
'tz' => array('num', false, -14, 14),
'lang' => array('match', false, '#^[a-z_\-]{2,}$#i'),
));
if (!check_form_key('ucp_register'))
{
$error[] = $user->lang['FORM_INVALID'];
}
// Replace "error" strings with their real, localised form
$error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error);
@ -451,10 +446,29 @@ class ucp_register
$confirm_image = '';
// Visual Confirmation - Show images
if ($config['enable_confirm'])
{
if ($change_lang)
{
$str = '&amp;change_lang=' . $change_lang;
$sql = 'SELECT code
FROM ' . CONFIRM_TABLE . "
WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "'
AND session_id = '" . $db->sql_escape($user->session_id) . "'
AND confirm_type = " . CONFIRM_REG;
$result = $db->sql_query($sql);
if (!$row = $db->sql_fetchrow($result))
{
$confirm_id = '';
}
$db->sql_freeresult($result);
}
else
{
$str = '';
if (!$change_lang)
}
if (!$change_lang || !$confirm_id)
{
$user->confirm_gc(CONFIRM_REG);
@ -487,11 +501,6 @@ class ucp_register
);
$db->sql_query($sql);
}
else
{
$str .= '&amp;change_lang=' . $change_lang;
}
$confirm_image = '<img src="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=confirm&amp;id=' . $confirm_id . '&amp;type=' . CONFIRM_REG . $str) . '" alt="" title="" />';
$s_hidden_fields .= '<input type="hidden" name="confirm_id" value="' . $confirm_id . '" />';
}
@ -529,7 +538,6 @@ class ucp_register
'S_COPPA' => $coppa,
'S_HIDDEN_FIELDS' => $s_hidden_fields,
'S_UCP_ACTION' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register'),
'S_TIME' => 1000 * ((int) $config['min_time_reg']),
)
);

6
phpBB/install/convertors/convert_phpbb20.php
View file

@ -482,14 +482,16 @@ if (!$get_info)
array('topic_moved_id', 0, ''),
array('topic_type', 'topics.topic_type', 'phpbb_convert_topic_type'),
array('topic_first_post_id', 'topics.topic_first_post_id', ''),
array('topic_last_view_time', 'posts.post_time', ''),
array('poll_title', 'vote_desc.vote_text', array('function1' => 'null_to_str', 'function2' => 'phpbb_set_encoding', 'function3' => 'utf8_htmlspecialchars')),
array('poll_start', 'vote_desc.vote_start', 'null_to_zero'),
array('poll_length', 'vote_desc.vote_length', 'null_to_zero'),
array('poll_max_options', 1, ''),
array('poll_vote_change', 0, ''),
'left_join' => 'topics LEFT JOIN vote_desc ON topics.topic_id = vote_desc.topic_id AND topics.topic_vote = 1',
'left_join' => array ( 'topics LEFT JOIN vote_desc ON topics.topic_id = vote_desc.topic_id AND topics.topic_vote = 1',
'topics LEFT JOIN posts ON topics.topic_last_post_id = posts.post_id',
),
'where' => 'topics.topic_moved_id = 0',
),

2
phpBB/install/convertors/functions_phpbb20.php
View file

@ -455,7 +455,7 @@ function phpbb_get_birthday($birthday = '')
{
$birthday = (int) $birthday;
if (!$birthday || $birthday == 999999 || $birthday < 0)
if (!$birthday || $birthday == 999999 || ((version_compare(PHP_VERSION, '5.1.0') < 0) && $birthday < 0))
{
return ' 0- 0- 0';
}

58
phpBB/install/database_update.php
View file

@ -8,9 +8,9 @@
*
*/
$updates_to_version = '3.0.0';
$updates_to_version = '3.0.1-RC1';
// Return if we "just include it" to find out for which version the database update is responsuble for
// Return if we "just include it" to find out for which version the database update is responsible for
if (defined('IN_PHPBB') && defined('IN_INSTALL'))
{
return;
@ -473,6 +473,29 @@ $database_update_info = array(
),
),
),
// Changes from 3.0.0 to the next version
'3.0.0' => array(
// Add the following columns
'add_columns' => array(
FORUMS_TABLE => array(
'display_subforum_list' => array('BOOL', 1),
),
SESSIONS_TABLE => array(
'session_forum_id' => array('UINT', 0),
),
),
'add_index' => array(
SESSIONS_TABLE => array(
'session_forum_id' => array('session_forum_id'),
),
GROUPS_TABLE => array(
'group_legend_name' => array('group_legend', 'group_name'),
),
),
'drop_keys' => array(
GROUPS_TABLE => array('group_legend'),
),
),
);
// Determine mapping database type
@ -616,6 +639,9 @@ if (version_compare($current_version, '3.0.RC8', '<='))
$modify_users = request_var('modify_users', array(0 => ''));
$new_usernames = request_var('new_usernames', array(0 => ''), true);
// We need this file if someone wants to edit usernames.
include($phpbb_root_path . 'includes/utf/utf_normalizer.' . $phpEx);
if (!class_exists('utf_new_normalizer'))
{
if (!file_exists($phpbb_root_path . 'install/data/new_normalizer.' . $phpEx))
@ -1547,6 +1573,34 @@ if (version_compare($current_version, '3.0.RC5', '<='))
$no_updates = false;
}
if (version_compare($current_version, '3.0.0', '<='))
{
$sql = 'UPDATE ' . TOPICS_TABLE . "
SET topic_last_view_time = topic_last_post_time
WHERE topic_last_view_time = 0";
_sql($sql, $errored, $error_ary);
// Update smiley sizes
$smileys = array('icon_e_surprised.gif', 'icon_eek.gif', 'icon_cool.gif', 'icon_lol.gif', 'icon_mad.gif', 'icon_razz.gif', 'icon_redface.gif', 'icon_cry.gif', 'icon_evil.gif', 'icon_twisted.gif', 'icon_rolleyes.gif', 'icon_exclaim.gif', 'icon_question.gif', 'icon_idea.gif', 'icon_arrow.gif', 'icon_neutral.gif', 'icon_mrgreen.gif', 'icon_e_ugeek.gif');
foreach ($smileys as $smiley)
{
if (file_exists($phpbb_root_path . 'images/smilies/' . $smiley))
{
list($width, $height) = getimagesize($phpbb_root_path . 'images/smilies/' . $smiley);
$sql = 'UPDATE ' . SMILIES_TABLE . '
SET smiley_width = ' . $width . ', smiley_height = ' . $height . "
WHERE smiley_url = '" . $db->sql_escape($smiley) . "'";
_sql($sql, $errored, $error_ary);
}
}
// TODO: remove all form token min times
$no_updates = false;
}
_write_result($no_updates, $errored, $error_ary);
$error_ary = array();

7
phpBB/install/index.php
View file

@ -493,7 +493,8 @@ class module
*/
function redirect($page)
{
$server_name = (!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME');
// HTTP_HOST is having the correct browser url in most cases...
$server_name = (!empty($_SERVER['HTTP_HOST'])) ? strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
$server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT');
$secure = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 1 : 0;
@ -510,9 +511,13 @@ class module
$url = (($secure) ? 'https://' : 'http://') . $server_name;
if ($server_port && (($secure && $server_port <> 443) || (!$secure && $server_port <> 80)))
{
// HTTP HOST can carry a port number...
if (strpos($server_name, ':') === false)
{
$url .= ':' . $server_port;
}
}
$url .= $script_path . '/' . $page;
header('Location: ' . $url);

13
phpBB/install/install_convert.php
View file

@ -407,7 +407,7 @@ class install_convert extends module
$error = array();
if ($submit)
{
if (!file_exists('./../' . $forum_path . '/' . $test_file))
if (!@file_exists('./../' . $forum_path . '/' . $test_file))
{
$error[] = sprintf($lang['COULD_NOT_FIND_PATH'], $forum_path);
}
@ -422,8 +422,7 @@ class install_convert extends module
}
else
{
$src_dbpasswd = htmlspecialchars_decode($src_dbpasswd);
$connect_test = connect_check_db(true, $error, $available_dbms[$src_dbms], $src_table_prefix, $src_dbhost, $src_dbuser, $src_dbpasswd, $src_dbname, $src_dbport, true, ($src_dbms == $dbms) ? false : true, false);
$connect_test = connect_check_db(true, $error, $available_dbms[$src_dbms], $src_table_prefix, $src_dbhost, $src_dbuser, htmlspecialchars_decode($src_dbpasswd), $src_dbname, $src_dbport, true, ($src_dbms == $dbms) ? false : true, false);
}
// The forum prefix of the old and the new forum can only be the same if two different databases are used.
@ -443,7 +442,7 @@ class install_convert extends module
{
$sql_db = 'dbal_' . $src_dbms;
$src_db = new $sql_db();
$src_db->sql_connect($src_dbhost, $src_dbuser, $src_dbpasswd, $src_dbname, $src_dbport, false, true);
$src_db->sql_connect($src_dbhost, $src_dbuser, htmlspecialchars_decode($src_dbpasswd), $src_dbname, $src_dbport, false, true);
$same_db = false;
}
else
@ -666,7 +665,7 @@ class install_convert extends module
}
$sql_db = 'dbal_' . $convert->src_dbms;
$src_db = new $sql_db();
$src_db->sql_connect($convert->src_dbhost, $convert->src_dbuser, $convert->src_dbpasswd, $convert->src_dbname, $convert->src_dbport, false, true);
$src_db->sql_connect($convert->src_dbhost, $convert->src_dbuser, htmlspecialchars_decode($convert->src_dbpasswd), $convert->src_dbname, $convert->src_dbport, false, true);
$same_db = false;
}
else
@ -1219,7 +1218,7 @@ class install_convert extends module
$template->assign_block_vars('checks', array(
'TITLE' => "skip_rows = $skip_rows",
'RESULT' => $rows . ((defined('DEBUG_EXTRA') && function_exists('memory_get_usage')) ? ceil(memory_get_usage()/1024) . ' KB' : ''),
'RESULT' => $rows . ((defined('DEBUG_EXTRA') && function_exists('memory_get_usage')) ? ceil(memory_get_usage()/1024) . ' ' . $user->lang['KIB'] : ''),
));
$mtime = explode(' ', microtime());
@ -1490,7 +1489,7 @@ class install_convert extends module
sync('topic', 'range', 'topic_id BETWEEN ' . $sync_batch . ' AND ' . $end, true, true);
$template->assign_block_vars('checks', array(
'TITLE' => sprintf($user->lang['SYNC_TOPIC_ID'], $sync_batch, ($sync_batch + $batch_size)) . ((defined('DEBUG_EXTRA') && function_exists('memory_get_usage')) ? ' [' . ceil(memory_get_usage()/1024) . ' KB]' : ''),
'TITLE' => sprintf($user->lang['SYNC_TOPIC_ID'], $sync_batch, ($sync_batch + $batch_size)) . ((defined('DEBUG_EXTRA') && function_exists('memory_get_usage')) ? ' [' . ceil(memory_get_usage()/1024) . ' ' . $user->lang['KIB'] . ']' : ''),
'RESULT' => $user->lang['DONE'],
));

52
phpBB/install/install_install.php
View file

@ -151,7 +151,7 @@ class install_install extends module
// We also give feedback on whether we're running in safe mode
$result = '<strong style="color:green">' . $lang['YES'];
if (@ini_get('safe_mode') || strtolower(@ini_get('safe_mode')) == 'on')
if (@ini_get('safe_mode') == '1' || strtolower(@ini_get('safe_mode')) == 'on')
{
$result .= ', ' . $lang['PHP_SAFE_MODE'];
}
@ -551,7 +551,7 @@ class install_install extends module
}
else
{
$connect_test = connect_check_db(true, $error, $available_dbms[$data['dbms']], $data['table_prefix'], $data['dbhost'], $data['dbuser'], $data['dbpasswd'], $data['dbname'], $data['dbport']);
$connect_test = connect_check_db(true, $error, $available_dbms[$data['dbms']], $data['table_prefix'], $data['dbhost'], $data['dbuser'], htmlspecialchars_decode($data['dbpasswd']), $data['dbname'], $data['dbport']);
}
$template->assign_block_vars('checks', array(
@ -884,17 +884,26 @@ class install_install extends module
// Time to convert the data provided into a config file
$config_data = "<?php\n";
$config_data .= "// phpBB 3.0.x auto-generated configuration file\n// Do not change anything in this file!\n";
$config_data .= "\$dbms = '" . $available_dbms[$data['dbms']]['DRIVER'] . "';\n";
$config_data .= "\$dbhost = '{$data['dbhost']}';\n";
$config_data .= "\$dbport = '{$data['dbport']}';\n";
$config_data .= "\$dbname = '{$data['dbname']}';\n";
$config_data .= "\$dbuser = '{$data['dbuser']}';\n";
$config_data .= "\$dbpasswd = '{$data['dbpasswd']}';\n\n";
$config_data .= "\$table_prefix = '{$data['table_prefix']}';\n";
// $config_data .= "\$acm_type = '" . (($acm_type) ? $acm_type : 'file') . "';\n";
$config_data .= "\$acm_type = 'file';\n";
$config_data .= "\$load_extensions = '$load_extensions';\n\n";
$config_data .= "@define('PHPBB_INSTALLED', true);\n";
$config_data_array = array(
'dbms' => $available_dbms[$data['dbms']]['DRIVER'],
'dbhost' => $data['dbhost'],
'dbport' => $data['dbport'],
'dbname' => $data['dbname'],
'dbuser' => $data['dbuser'],
'dbpasswd' => htmlspecialchars_decode($data['dbpasswd']),
'table_prefix' => $data['table_prefix'],
'acm_type' => 'file',
'load_extensions' => $load_extensions,
);
foreach ($config_data_array as $key => $value)
{
$config_data .= "\${$key} = '" . str_replace("'", "\\'", str_replace('\\', '\\\\', $value)) . "';\n";
}
unset($config_data_array);
$config_data .= "\n@define('PHPBB_INSTALLED', true);\n";
$config_data .= "// @define('DEBUG', true);\n";
$config_data .= "// @define('DEBUG_EXTRA', true);\n";
$config_data .= '?' . '>'; // Done this to prevent highlighting editors getting confused!
@ -1009,8 +1018,11 @@ class install_install extends module
$s_hidden_fields = ($data['img_imagick']) ? '<input type="hidden" name="img_imagick" value="' . addslashes($data['img_imagick']) . '" />' : '';
$s_hidden_fields .= '<input type="hidden" name="language" value="' . $data['language'] . '" />';
// HTTP_HOST is having the correct browser url in most cases...
$server_name = (!empty($_SERVER['HTTP_HOST'])) ? strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
$data['email_enable'] = ($data['email_enable'] !== '') ? $data['email_enable'] : true;
$data['server_name'] = ($data['server_name'] !== '') ? $data['server_name'] : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
$data['server_name'] = ($data['server_name'] !== '') ? $data['server_name'] : $server_name;
$data['server_port'] = ($data['server_port'] !== '') ? $data['server_port'] : ((!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT'));
$data['server_protocol'] = ($data['server_protocol'] !== '') ? $data['server_protocol'] : ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 'https://' : 'http://');
$data['cookie_secure'] = ($data['cookie_secure'] !== '') ? $data['cookie_secure'] : ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? true : false);
@ -1100,7 +1112,9 @@ class install_install extends module
$this->p_master->redirect("index.$phpEx?mode=install");
}
$cookie_domain = ($data['server_name'] != '') ? $data['server_name'] : (!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME');
// HTTP_HOST is having the correct browser url in most cases...
$server_name = (!empty($_SERVER['HTTP_HOST'])) ? strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
$cookie_domain = ($data['server_name'] != '') ? $data['server_name'] : $server_name;
// Try to come up with the best solution for cookie domain...
if (strpos($cookie_domain, 'www.') === 0)
@ -1124,7 +1138,7 @@ class install_install extends module
// Instantiate the database
$db = new $sql_db();
$db->sql_connect($data['dbhost'], $data['dbuser'], $data['dbpasswd'], $data['dbname'], $data['dbport'], false, false);
$db->sql_connect($data['dbhost'], $data['dbuser'], htmlspecialchars_decode($data['dbpasswd']), $data['dbname'], $data['dbport'], false, false);
// NOTE: trigger_error does not work here.
$db->sql_return_on_error(true);
@ -1408,7 +1422,7 @@ class install_install extends module
// Instantiate the database
$db = new $sql_db();
$db->sql_connect($data['dbhost'], $data['dbuser'], $data['dbpasswd'], $data['dbname'], $data['dbport'], false, false);
$db->sql_connect($data['dbhost'], $data['dbuser'], htmlspecialchars_decode($data['dbpasswd']), $data['dbname'], $data['dbport'], false, false);
// NOTE: trigger_error does not work here.
$db->sql_return_on_error(true);
@ -1688,7 +1702,7 @@ class install_install extends module
if (is_dir($path) && file_exists($path . '/iso.txt'))
{
$lang_file = file("{$phpbb_root_path}language/$path/iso.txt");
$lang_file = file("$path/iso.txt");
$lang_pack = array(
'lang_iso' => basename($path),
@ -1948,7 +1962,7 @@ class install_install extends module
'dbhost' => request_var('dbhost', ''),
'dbport' => request_var('dbport', ''),
'dbuser' => request_var('dbuser', ''),
'dbpasswd' => htmlspecialchars_decode(request_var('dbpasswd', '', true)),
'dbpasswd' => request_var('dbpasswd', '', true),
'dbname' => request_var('dbname', ''),
'table_prefix' => request_var('table_prefix', ''),
'default_lang' => basename(request_var('default_lang', '')),

2
phpBB/install/install_update.php
View file

@ -1490,7 +1490,7 @@ class install_update extends module
return;
}
if (in_array($file, array_keys($this->update_info['custom'])))
if (isset($this->update_info['custom'][$file]))
{
foreach ($this->update_info['custom'][$file] as $_file)
{

5
phpBB/install/schemas/firebird_schema.sql
View file

@ -362,6 +362,7 @@ CREATE TABLE phpbb_forums (
forum_last_poster_name VARCHAR(255) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE,
forum_last_poster_colour VARCHAR(6) CHARACTER SET NONE DEFAULT '' NOT NULL,
forum_flags INTEGER DEFAULT 32 NOT NULL,
display_subforum_list INTEGER DEFAULT 1 NOT NULL,
display_on_index INTEGER DEFAULT 1 NOT NULL,
enable_indexing INTEGER DEFAULT 1 NOT NULL,
enable_icons INTEGER DEFAULT 1 NOT NULL,
@ -444,7 +445,7 @@ CREATE TABLE phpbb_groups (
ALTER TABLE phpbb_groups ADD PRIMARY KEY (group_id);;
CREATE INDEX phpbb_groups_group_legend ON phpbb_groups(group_legend);;
CREATE INDEX phpbb_groups_group_legend_name ON phpbb_groups(group_legend, group_name);;
CREATE GENERATOR phpbb_groups_gen;;
SET GENERATOR phpbb_groups_gen TO 0;;
@ -959,6 +960,7 @@ CREATE INDEX phpbb_search_wordmatch_post_id ON phpbb_search_wordmatch(post_id);;
CREATE TABLE phpbb_sessions (
session_id CHAR(32) CHARACTER SET NONE DEFAULT '' NOT NULL,
session_user_id INTEGER DEFAULT 0 NOT NULL,
session_forum_id INTEGER DEFAULT 0 NOT NULL,
session_last_visit INTEGER DEFAULT 0 NOT NULL,
session_start INTEGER DEFAULT 0 NOT NULL,
session_time INTEGER DEFAULT 0 NOT NULL,
@ -975,6 +977,7 @@ ALTER TABLE phpbb_sessions ADD PRIMARY KEY (session_id);;
CREATE INDEX phpbb_sessions_session_time ON phpbb_sessions(session_time);;
CREATE INDEX phpbb_sessions_session_user_id ON phpbb_sessions(session_user_id);;
CREATE INDEX phpbb_sessions_session_forum_id ON phpbb_sessions(session_forum_id);;
# Table: 'phpbb_sessions_keys'
CREATE TABLE phpbb_sessions_keys (

7
phpBB/install/schemas/mssql_schema.sql
View file

@ -438,6 +438,7 @@ CREATE TABLE [phpbb_forums] (
[forum_last_poster_name] [varchar] (255) DEFAULT ('') NOT NULL ,
[forum_last_poster_colour] [varchar] (6) DEFAULT ('') NOT NULL ,
[forum_flags] [int] DEFAULT (32) NOT NULL ,
[display_subforum_list] [int] DEFAULT (1) NOT NULL ,
[display_on_index] [int] DEFAULT (1) NOT NULL ,
[enable_indexing] [int] DEFAULT (1) NOT NULL ,
[enable_icons] [int] DEFAULT (1) NOT NULL ,
@ -555,7 +556,7 @@ ALTER TABLE [phpbb_groups] WITH NOCHECK ADD
) ON [PRIMARY]
GO
CREATE INDEX [group_legend] ON [phpbb_groups]([group_legend]) ON [PRIMARY]
CREATE INDEX [group_legend_name] ON [phpbb_groups]([group_legend], [group_name]) ON [PRIMARY]
GO
@ -1152,6 +1153,7 @@ GO
CREATE TABLE [phpbb_sessions] (
[session_id] [char] (32) DEFAULT ('') NOT NULL ,
[session_user_id] [int] DEFAULT (0) NOT NULL ,
[session_forum_id] [int] DEFAULT (0) NOT NULL ,
[session_last_visit] [int] DEFAULT (0) NOT NULL ,
[session_start] [int] DEFAULT (0) NOT NULL ,
[session_time] [int] DEFAULT (0) NOT NULL ,
@ -1178,6 +1180,9 @@ GO
CREATE INDEX [session_user_id] ON [phpbb_sessions]([session_user_id]) ON [PRIMARY]
GO
CREATE INDEX [session_forum_id] ON [phpbb_sessions]([session_forum_id]) ON [PRIMARY]
GO
/*
Table: 'phpbb_sessions_keys'

7
phpBB/install/schemas/mysql_40_schema.sql
View file

@ -248,6 +248,7 @@ CREATE TABLE phpbb_forums (
forum_last_poster_name blob NOT NULL,
forum_last_poster_colour varbinary(6) DEFAULT '' NOT NULL,
forum_flags tinyint(4) DEFAULT '32' NOT NULL,
display_subforum_list tinyint(1) UNSIGNED DEFAULT '1' NOT NULL,
display_on_index tinyint(1) UNSIGNED DEFAULT '1' NOT NULL,
enable_indexing tinyint(1) UNSIGNED DEFAULT '1' NOT NULL,
enable_icons tinyint(1) UNSIGNED DEFAULT '1' NOT NULL,
@ -313,7 +314,7 @@ CREATE TABLE phpbb_groups (
group_message_limit mediumint(8) UNSIGNED DEFAULT '0' NOT NULL,
group_legend tinyint(1) UNSIGNED DEFAULT '1' NOT NULL,
PRIMARY KEY (group_id),
KEY group_legend (group_legend)
KEY group_legend_name (group_legend, group_name(255))
);
@ -659,6 +660,7 @@ CREATE TABLE phpbb_search_wordmatch (
CREATE TABLE phpbb_sessions (
session_id binary(32) DEFAULT '' NOT NULL,
session_user_id mediumint(8) UNSIGNED DEFAULT '0' NOT NULL,
session_forum_id mediumint(8) UNSIGNED DEFAULT '0' NOT NULL,
session_last_visit int(11) UNSIGNED DEFAULT '0' NOT NULL,
session_start int(11) UNSIGNED DEFAULT '0' NOT NULL,
session_time int(11) UNSIGNED DEFAULT '0' NOT NULL,
@ -671,7 +673,8 @@ CREATE TABLE phpbb_sessions (
session_admin tinyint(1) UNSIGNED DEFAULT '0' NOT NULL,
PRIMARY KEY (session_id),
KEY session_time (session_time),
KEY session_user_id (session_user_id)
KEY session_user_id (session_user_id),
KEY session_forum_id (session_forum_id)
);

7
phpBB/install/schemas/mysql_41_schema.sql
View file

@ -248,6 +248,7 @@ CREATE TABLE phpbb_forums (
forum_last_poster_name varchar(255) DEFAULT '' NOT NULL,
forum_last_poster_colour varchar(6) DEFAULT '' NOT NULL,
forum_flags tinyint(4) DEFAULT '32' NOT NULL,
display_subforum_list tinyint(1) UNSIGNED DEFAULT '1' NOT NULL,
display_on_index tinyint(1) UNSIGNED DEFAULT '1' NOT NULL,
enable_indexing tinyint(1) UNSIGNED DEFAULT '1' NOT NULL,
enable_icons tinyint(1) UNSIGNED DEFAULT '1' NOT NULL,
@ -313,7 +314,7 @@ CREATE TABLE phpbb_groups (
group_message_limit mediumint(8) UNSIGNED DEFAULT '0' NOT NULL,
group_legend tinyint(1) UNSIGNED DEFAULT '1' NOT NULL,
PRIMARY KEY (group_id),
KEY group_legend (group_legend)
KEY group_legend_name (group_legend, group_name)
) CHARACTER SET `utf8` COLLATE `utf8_bin`;
@ -659,6 +660,7 @@ CREATE TABLE phpbb_search_wordmatch (
CREATE TABLE phpbb_sessions (
session_id char(32) DEFAULT '' NOT NULL,
session_user_id mediumint(8) UNSIGNED DEFAULT '0' NOT NULL,
session_forum_id mediumint(8) UNSIGNED DEFAULT '0' NOT NULL,
session_last_visit int(11) UNSIGNED DEFAULT '0' NOT NULL,
session_start int(11) UNSIGNED DEFAULT '0' NOT NULL,
session_time int(11) UNSIGNED DEFAULT '0' NOT NULL,
@ -671,7 +673,8 @@ CREATE TABLE phpbb_sessions (
session_admin tinyint(1) UNSIGNED DEFAULT '0' NOT NULL,
PRIMARY KEY (session_id),
KEY session_time (session_time),
KEY session_user_id (session_user_id)
KEY session_user_id (session_user_id),
KEY session_forum_id (session_forum_id)
) CHARACTER SET `utf8` COLLATE `utf8_bin`;

6
phpBB/install/schemas/oracle_schema.sql
View file

@ -505,6 +505,7 @@ CREATE TABLE phpbb_forums (
forum_last_poster_name varchar2(765) DEFAULT '' ,
forum_last_poster_colour varchar2(6) DEFAULT '' ,
forum_flags number(4) DEFAULT '32' NOT NULL,
display_subforum_list number(1) DEFAULT '1' NOT NULL,
display_on_index number(1) DEFAULT '1' NOT NULL,
enable_indexing number(1) DEFAULT '1' NOT NULL,
enable_icons number(1) DEFAULT '1' NOT NULL,
@ -606,7 +607,7 @@ CREATE TABLE phpbb_groups (
)
/
CREATE INDEX phpbb_groups_group_legend ON phpbb_groups (group_legend)
CREATE INDEX phpbb_groups_group_legend_name ON phpbb_groups (group_legend, group_name)
/
CREATE SEQUENCE phpbb_groups_seq
@ -1280,6 +1281,7 @@ CREATE INDEX phpbb_search_wordmatch_post_id ON phpbb_search_wordmatch (post_id)
CREATE TABLE phpbb_sessions (
session_id char(32) DEFAULT '' ,
session_user_id number(8) DEFAULT '0' NOT NULL,
session_forum_id number(8) DEFAULT '0' NOT NULL,
session_last_visit number(11) DEFAULT '0' NOT NULL,
session_start number(11) DEFAULT '0' NOT NULL,
session_time number(11) DEFAULT '0' NOT NULL,
@ -1298,6 +1300,8 @@ CREATE INDEX phpbb_sessions_session_time ON phpbb_sessions (session_time)
/
CREATE INDEX phpbb_sessions_session_user_id ON phpbb_sessions (session_user_id)
/
CREATE INDEX phpbb_sessions_session_forum_id ON phpbb_sessions (session_forum_id)
/
/*
Table: 'phpbb_sessions_keys'

Some files were not shown because too many files have changed in this diff Show more