makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 14:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge commit 'release-3.0.3-RC1'

Browse source
This commit is contained in:
Nils Adermann 2010-03-02 01:05:39 +01:00
commit 25052e1f67
173 changed files with 3339 additions and 1182 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
phpBB/adm/style/acp_ban.html
View file

@ -97,11 +97,11 @@
</dl>
<dl>
<dt><label for="unbanreason">{L_BAN_REASON}:</label></dt>
<dd><input style="border: 0;" type="text" class="text full" disabled="disabled" name="unbanreason" id="unbanreason" /></dd>
<dd><textarea style="border: 0;" class="text full" disabled="disabled" name="unbanreason" id="unbanreason" rows="5" cols="80">&nbsp;</textarea></dd>
</dl>
<dl>
<dt><label for="unbangivereason">{L_BAN_GIVE_REASON}:</label></dt>
<dd><input style="border: 0;" type="text" class="text full" disabled="disabled" name="unbangivereason" id="unbangivereason" /></dd>
<dd><textarea style="border: 0;" class="text full" disabled="disabled" name="unbangivereason" id="unbangivereason" rows="5" cols="80">&nbsp;</textarea></dd>
</dl>
<p class="submit-buttons">

4
phpBB/adm/style/acp_groups.html
View file

@ -74,6 +74,10 @@
<dt><label for="group_message_limit">{L_GROUP_MESSAGE_LIMIT}:</label><br /><span>{L_GROUP_MESSAGE_LIMIT_EXPLAIN}</span></dt>
<dd><input name="group_message_limit" type="text" id="group_message_limit" maxlength="4" size="4" value="{GROUP_MESSAGE_LIMIT}" /></dd>
</dl>
<dl>
<dt><label for="group_max_recipients">{L_GROUP_MAX_RECIPIENTS}:</label><br /><span>{L_GROUP_MAX_RECIPIENTS_EXPLAIN}</span></dt>
<dd><input name="group_max_recipients" type="text" id="group_max_recipients" maxlength="10" size="4" value="{GROUP_MAX_RECIPIENTS}" /></dd>
</dl>
<dl>
<dt><label for="group_colour">{L_GROUP_COLOR}:</label><br /><span>{L_GROUP_COLOR_EXPLAIN}</span></dt>
<dd><input name="group_colour" type="text" id="group_colour" value="{GROUP_COLOUR}" size="6" maxlength="6" />&nbsp;&nbsp;<span>[ <a href="{U_SWATCH}" onclick="popup(this.href, 636, 150, '_swatch'); return false">{L_COLOUR_SWATCH}</a> ]</span></dd>

7
phpBB/adm/style/acp_main.html
View file

@ -21,6 +21,13 @@
</div>
<!-- ENDIF -->
<!-- IF S_WRITABLE_CONFIG -->
<div class="errorbox">
<h3>{L_WARNING}</h3>
<p>{L_WRITABLE_CONFIG}</p>
</div>
<!-- ENDIF -->
<table cellspacing="1">
<caption>{L_FORUM_STATS}</caption>
<col class="col1" /><col class="col2" /><col class="col1" /><col class="col2" />

26
phpBB/adm/style/acp_styles.html
View file

@ -261,11 +261,11 @@
<!-- ELSEIF S_CACHE -->
<a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a>
<h1>{L_TEMPLATE_CACHE}</h1>
<p>{L_TEMPLATE_CACHE_EXPLAIN}</p>
<form name="acp_styles" method="post" action="{U_ACTION}">
<fieldset class="tabulated">
<legend>{L_TEMPLATE_CACHE}</legend>
@ -283,7 +283,7 @@
<tbody>
<!-- BEGIN file -->
<!-- IF file.S_ROW_COUNT is even --><tr class="row1"><!-- ELSE --><tr class="row2"><!-- ENDIF -->
<td><a href="{file.U_VIEWSOURCE}" onclick="popup(this.href, 750, 550, '_source'); return false;">{file.FILENAME}</a></td>
<td><a href="{file.U_VIEWSOURCE}" onclick="popup(this.href, 750, 550, '_source'); return false;">{file.FILENAME_PATH}</a></td>
<td>{file.FILESIZE}</td>
<td>{file.CACHED}</td>
<td>{file.MODIFIED}</td>
@ -361,7 +361,7 @@
</p>
</fieldset>
</form>
<!-- ELSEIF S_FRONTEND -->
@ -461,6 +461,12 @@
<dt><label for="copyright">{L_COPYRIGHT}:</label></dt>
<dd><!-- IF S_INSTALL --><b id="copyright">{COPYRIGHT}</b><!-- ELSE --><input type="text" id="copyright" name="copyright" value="{COPYRIGHT}" /><!-- ENDIF --></dd>
</dl>
<!-- IF S_SUPERTEMPLATE -->
<dl>
<dt><label for="inheriting">{L_INHERITING_FROM}:</label></dt>
<dd><b id="inheriting">{S_SUPERTEMPLATE}</b></dd>
</dl>
<!-- ENDIF -->
<!-- IF S_STYLE and not S_BASIS -->
<dl>
<dt><label for="template_id">{L_STYLE_TEMPLATE}:</label></dt>
@ -475,11 +481,11 @@
<dd><!-- IF S_INSTALL --><b id="imageset_id">{IMAGESET_NAME}</b><!-- ELSE --><select id="imageset_id" name="imageset_id">{S_IMAGESET_OPTIONS}</select><!-- ENDIF --></dd>
</dl>
<!-- ENDIF -->
<!-- IF S_TEMPLATE or S_THEME -->
<!-- IF (S_TEMPLATE or S_THEME) and (S_LOCATION or not S_INSTALL) -->
<dl>
<dt><label for="store_db">{L_LOCATION}:</label><br /><span>{L_LOCATION_EXPLAIN}</span></dt>
<dd><label><input type="radio" class="radio" name="store_db" value="0"<!-- IF not S_STORE_DB --> id="store_db" checked="checked"<!-- ENDIF --> /> {L_STORE_FILESYSTEM}</label>
<label><input type="radio" class="radio" name="store_db" value="1"<!-- IF S_STORE_DB --> id="store_db" checked="checked"<!-- ENDIF --> /> {L_STORE_DATABASE}</label></dd>
<dt><label for="store_db">{L_LOCATION}:</label><br /><span><!-- IF S_STORE_DB_DISABLED -->{L_LOCATION_DISABLED_EXPLAIN}<!-- ELSE -->{L_LOCATION_EXPLAIN}<!-- ENDIF --></span></dt>
<dd><label><input type="radio" class="radio" name="store_db" value="0"<!-- IF not S_STORE_DB --> id="store_db" checked="checked"<!-- ENDIF --> <!-- IF S_STORE_DB_DISABLED -->disabled="disabled" <!-- ENDIF --> />{L_STORE_FILESYSTEM}</label>
<label><input type="radio" class="radio" name="store_db" value="1"<!-- IF S_STORE_DB --> id="store_db" checked="checked"<!-- ENDIF --> <!-- IF S_STORE_DB_DISABLED -->disabled="disabled" <!-- ENDIF -->/> {L_STORE_DATABASE}</label></dd>
</dl>
<!-- ENDIF -->
<!-- IF S_STYLE -->
@ -507,7 +513,7 @@
<input class="button1" type="submit" name="update" value="{L_SUBMIT}" />
{S_FORM_TOKEN}
</fieldset>
</form>
<!-- ENDIF -->

4
phpBB/adm/style/acp_users.html
View file

@ -197,7 +197,7 @@
<a href="#" onclick="jumpto(); return false;" title="{L_JUMP_TO_PAGE}">{S_ON_PAGE}</a> &bull; <span>{PAGINATION}</span>
</div>
<!-- ENDIF -->
<fieldset class="quick">
<input class="button2" type="submit" name="delmarked" value="{L_DELETE_MARKED}" />
<p class="small"><a href="#" onclick="marklist('user_attachments', 'mark', true);">{L_MARK_ALL}</a> &bull; <a href="#" onclick="marklist('user_attachments', 'mark', false);">{L_UNMARK_ALL}</a></p>
@ -215,7 +215,7 @@
<form id="select_forum" method="post" action="{U_ACTION}">
<fieldset class="quick" style="text-align: left;">
{L_SELECT_FORUM}: <select name="f">{S_FORUM_OPTIONS}</select>
{L_SELECT_FORUM}: <select name="f">{S_FORUM_OPTIONS}</select>
<input class="button2" type="submit" value="{L_GO}" name="select" />
{S_FORM_TOKEN}
</fieldset>

4
phpBB/adm/style/acp_users_overview.html
View file

@ -30,7 +30,7 @@
</dl>
<dl>
<dt><label>{L_POSTS}:</label></dt>
<dd><strong>{USER_POSTS}</strong></dd>
<dd><strong>{USER_POSTS}</strong><!-- IF POSTS_IN_QUEUE and U_MCP_QUEUE --> (<a href="{U_MCP_QUEUE}">{L_POSTS_IN_QUEUE}</a>)<!-- ELSEIF POSTS_IN_QUEUE --> ({L_POSTS_IN_QUEUE})<!-- ENDIF --></dd>
</dl>
<dl>
<dt><label>{L_WARNINGS}:</label></dt>
@ -138,7 +138,7 @@
</p>
</fieldset>
</form>
<!-- ENDIF -->

9
phpBB/adm/style/admin.css
View file

@ -1333,18 +1333,21 @@ fieldset.permissions .permissions-switch {
fieldset.permissions .padding {
}
.permissions-switch {
margin-top: -6px;
font-size: .9em;
}
.permissions-switch a {
text-decoration: underline;
font-size: 0.90em;
}
.permissions-reset {
margin-top: -6px;
padding-bottom: 10px;
}
.permissions-reset a {
font-size: .8em;
font-size: .85em;
}
/* Tabbed menu */

17
phpBB/adm/style/install_update.html
View file

@ -186,7 +186,7 @@
<p>{L_NO_UPDATE_FILES_EXPLAIN}</p><br />
<strong>{NO_UPDATE_FILES}</strong>
</div>
<!-- ENDIF -->
@ -226,7 +226,7 @@
<!-- IF files.S_CUSTOM -->
<dd style="margin-left: 60%;"><label><input type="checkbox" name="no_update[]" value="{files.FILENAME}" class="radio" /> {L_DO_NOT_UPDATE}</label></dd>
<!-- ENDIF -->
<!-- IF files.STATUS eq 'modified' -->
</dl>
<dl>
@ -295,7 +295,7 @@
<p>{L_UPDATE_METHOD_EXPLAIN}</p>
<fieldset class="submit-buttons">
<input class="button1" type="submit" name="ftp_upload" value="{L_FTP_UPDATE_METHOD}" />&nbsp; &nbsp;<input class="button1" type="submit" name="download" value="{L_DOWNLOAD_UPDATE_METHOD}" />
<input class="button1" type="submit" name="ftp_upload" value="{L_FTP_UPDATE_METHOD}" />&nbsp; &nbsp;<input class="button1" type="submit" name="download" value="{L_DOWNLOAD_UPDATE_METHOD_BUTTON}" />
</fieldset>
</form>
@ -360,9 +360,18 @@
<p>{L_CONNECTION_SUCCESS}</p>
</div>
<!-- ELSEIF S_CONNECTION_FAILED -->
<div class="successbox">
<p>{L_TRY_DOWNLOAD_METHOD}</p>
<fieldset class="quick">
<input class="button1" type="submit" name="download" value="{L_TRY_DOWNLOAD_METHOD_BUTTON}" />
</fieldset>
</div>
<div class="errorbox">
<p>{L_CONNECTION_FAILED}<br />{ERROR_MSG}</p>
</div>
<!-- ENDIF -->
<fieldset>
@ -378,7 +387,7 @@
</dl>
<!-- END data -->
</fieldset>
<fieldset class="submit-buttons">
{S_HIDDEN_FIELDS}
<input class="button2" type="submit" name="check_again" value="{L_BACK}" />

2
phpBB/adm/style/overall_header.html
View file

@ -185,7 +185,7 @@ function switch_menu()
<a id="toggle-handle" accesskey="m" title="{L_MENU_TOGGLE}" onclick="switch_menu(); return false;" href="#"></a></div>
<!-- ENDIF -->
<div id="menu">
<p>{L_LOGGED_IN_AS}<br /><strong>{USERNAME}</strong> [&nbsp;<a href="{U_LOGOUT}">{L_LOGOUT}</a>&nbsp;][&nbsp;<a href="{U_ADM_LOGOUT}">{L_ADM_LOGOUT}</a>&nbsp;]</p>
<p>{L_LOGGED_IN_AS}<br /><strong>{USERNAME}</strong> [&nbsp;<a href="{U_LOGOUT}">{L_LOGOUT}</a>&nbsp;][&nbsp;<a href="{U_ADM_LOGOUT}">{L_ADM_LOGOUT}</a>&nbsp;]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</p>
<ul>
<!-- BEGIN l_block1 -->
<!-- IF l_block1.S_SELECTED -->

2
phpBB/adm/style/permission_mask.html
View file

@ -68,7 +68,7 @@
<!-- ELSE -->
<li class="permissions-preset-custom<!-- IF p_mask.S_FIRST_ROW and p_mask.f_mask.S_FIRST_ROW and p_mask.f_mask.category.S_FIRST_ROW --> activetab<!-- ENDIF -->" id="tab{p_mask.S_ROW_COUNT}{p_mask.f_mask.S_ROW_COUNT}{p_mask.f_mask.category.S_ROW_COUNT}">
<!-- ENDIF -->
<a href="#" onclick="swap_options('{p_mask.S_ROW_COUNT}', '{p_mask.f_mask.S_ROW_COUNT}', '{p_mask.f_mask.category.S_ROW_COUNT}', false<!-- IF p_mask.S_VIEW -->, true<!-- ENDIF -->); return false;"><span class="tabbg"><span class="colour"></span>{category.CAT_NAME}</span></a></li>
<a href="#" onclick="swap_options('{p_mask.S_ROW_COUNT}', '{p_mask.f_mask.S_ROW_COUNT}', '{p_mask.f_mask.category.S_ROW_COUNT}', false<!-- IF p_mask.S_VIEW -->, true<!-- ENDIF -->); return false;"><span class="tabbg"><span class="colour"></span>{p_mask.f_mask.category.CAT_NAME}</span></a></li>
<!-- END category -->
</ul>
</div>

2
phpBB/common.php
View file

@ -103,7 +103,7 @@ if (version_compare(PHP_VERSION, '6.0.0-dev', '>='))
}
else
{
set_magic_quotes_runtime(0);
@set_magic_quotes_runtime(0);
// Be paranoid with passed vars
if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on' || !function_exists('ini_get'))

3
phpBB/develop/create_schema_files.php
View file

@ -1140,6 +1140,7 @@ function get_schema_struct()
'group_sig_chars' => array('UINT', 0),
'group_receive_pm' => array('BOOL', 0),
'group_message_limit' => array('UINT', 0),
'group_max_recipients' => array('UINT', 0),
'group_legend' => array('BOOL', 1),
),
'PRIMARY_KEY' => 'group_id',
@ -1608,6 +1609,8 @@ function get_schema_struct()
'template_path' => array('VCHAR:100', ''),
'bbcode_bitfield' => array('VCHAR:255', 'kNg='),
'template_storedb' => array('BOOL', 0),
'template_inherits_id' => array('UINT:4', 0),
'template_inherit_path' => array('VCHAR', ''),
),
'PRIMARY_KEY' => 'template_id',
'KEYS' => array(

20
phpBB/develop/mysql_upgrader.php
View file

@ -477,7 +477,7 @@ function get_schema_struct()
'topic_id' => array('UINT', 0),
'forum_id' => array('UINT', 0),
'save_time' => array('TIMESTAMP', 0),
'draft_subject' => array('XSTEXT_UNI', ''),
'draft_subject' => array('STEXT_UNI', ''),
'draft_message' => array('MTEXT_UNI', ''),
),
'PRIMARY_KEY' => 'draft_id',
@ -539,11 +539,12 @@ function get_schema_struct()
'forum_topics_real' => array('UINT', 0),
'forum_last_post_id' => array('UINT', 0),
'forum_last_poster_id' => array('UINT', 0),
'forum_last_post_subject' => array('XSTEXT_UNI', ''),
'forum_last_post_subject' => array('STEXT_UNI', ''),
'forum_last_post_time' => array('TIMESTAMP', 0),
'forum_last_poster_name'=> array('VCHAR_UNI', ''),
'forum_last_poster_colour'=> array('VCHAR:6', ''),
'forum_flags' => array('TINT:4', 32),
'display_subforum_list' => array('BOOL', 1),
'display_on_index' => array('BOOL', 1),
'enable_indexing' => array('BOOL', 1),
'enable_icons' => array('BOOL', 1),
@ -611,11 +612,12 @@ function get_schema_struct()
'group_sig_chars' => array('UINT', 0),
'group_receive_pm' => array('BOOL', 0),
'group_message_limit' => array('UINT', 0),
'group_max_recipients' => array('UINT', 0),
'group_legend' => array('BOOL', 1),
),
'PRIMARY_KEY' => 'group_id',
'KEYS' => array(
'group_legend' => array('INDEX', 'group_legend'),
'group_legend_name' => array('INDEX', array('group_legend', 'group_name')),
),
);
@ -752,8 +754,8 @@ function get_schema_struct()
'enable_magic_url' => array('BOOL', 1),
'enable_sig' => array('BOOL', 1),
'post_username' => array('VCHAR_UNI:255', ''),
'post_subject' => array('XSTEXT_UNI', '', 'true_sort'),
'post_text' => array('MTEXT_UNI', '', ($GLOBALS['mysql_indexer']) ? 'true_sort' : 'no_sort'),
'post_subject' => array('STEXT_UNI', '', 'true_sort'),
'post_text' => array('MTEXT_UNI', ''),
'post_checksum' => array('VCHAR:32', ''),
'post_attachment' => array('BOOL', 0),
'bbcode_bitfield' => array('VCHAR:255', ''),
@ -788,7 +790,7 @@ function get_schema_struct()
'enable_smilies' => array('BOOL', 1),
'enable_magic_url' => array('BOOL', 1),
'enable_sig' => array('BOOL', 1),
'message_subject' => array('XSTEXT_UNI', ''),
'message_subject' => array('STEXT_UNI', ''),
'message_text' => array('MTEXT_UNI', ''),
'message_edit_reason' => array('STEXT_UNI', ''),
'message_edit_user' => array('UINT', 0),
@ -991,6 +993,7 @@ function get_schema_struct()
'COLUMNS' => array(
'session_id' => array('CHAR:32', ''),
'session_user_id' => array('UINT', 0),
'session_forum_id' => array('UINT', 0),
'session_last_visit' => array('TIMESTAMP', 0),
'session_start' => array('TIMESTAMP', 0),
'session_time' => array('TIMESTAMP', 0),
@ -1006,6 +1009,7 @@ function get_schema_struct()
'KEYS' => array(
'session_time' => array('INDEX', 'session_time'),
'session_user_id' => array('INDEX', 'session_user_id'),
'session_fid' => array('INDEX', 'session_forum_id'),
),
);
@ -1151,7 +1155,7 @@ function get_schema_struct()
'topic_attachment' => array('BOOL', 0),
'topic_approved' => array('BOOL', 1),
'topic_reported' => array('BOOL', 0),
'topic_title' => array('XSTEXT_UNI', '', 'true_sort'),
'topic_title' => array('STEXT_UNI', '', 'true_sort'),
'topic_poster' => array('UINT', 0),
'topic_time' => array('TIMESTAMP', 0),
'topic_time_limit' => array('TIMESTAMP', 0),
@ -1167,7 +1171,7 @@ function get_schema_struct()
'topic_last_poster_id' => array('UINT', 0),
'topic_last_poster_name' => array('VCHAR_UNI', ''),
'topic_last_poster_colour' => array('VCHAR:6', ''),
'topic_last_post_subject' => array('XSTEXT_UNI', ''),
'topic_last_post_subject' => array('STEXT_UNI', ''),
'topic_last_post_time' => array('TIMESTAMP', 0),
'topic_last_view_time' => array('TIMESTAMP', 0),
'topic_moved_id' => array('UINT', 0),

119
phpBB/docs/CHANGELOG.html
View file

@ -53,6 +53,7 @@
<ol>
<li><a href="#changelog">Changelog</a>
<ol style="list-style-type: lower-roman;">
<li><a href="#v302">Changes since 3.0.2</a></li>
<li><a href="#v301">Changes since 3.0.1</a></li>
<li><a href="#v300">Changes since 3.0.0</a></li>
<li><a href="#v30rc8">Changes since RC-8</a></li>
@ -82,7 +83,105 @@
<div class="content">
<a name="v301"></a><h3>1.i. Changes since 3.0.1</h3>
<a name="v302"></a><h3>1.i. Changes since 3.0.2</h3>
<ul>
<li>[Fix] Correctly set topic starter if first post in topic removed (Bug #30575 - Patch by blueray2048)</li>
<li>[Fix] Delete avatar files (Bug #29985).</li>
<li>[Fix] Preserve selection in the MCP. (Bug #31265).</li>
<li>[Fix] Added VST - Venezuela Standard Time (Bug #30545).</li>
<li>[Fix] Close DB connections in file.php.</li>
<li>[Fix] Correctly return results for nested cached queries (Bug #31445 - Patch by faw).</li>
<li>[Fix] Allow export of PM pages greater one. (#33155)</li>
<li>[Fix] Display coloured username of last poster in list of subscribed forums (prosilver).</li>
<li>[Fix] Added missing UCP language string <em>NO_AUTH_READ_HOLD_MESSAGE</em>.</li>
<li>[Fix] Do not jump back to page 1 when hiding member search in memberlist. (Bug #32515)</li>
<li>[Fix] Correctly limit input of the users location to 100 characters in the UCP and ACP. (Bug #32655)</li>
<li>[Fix] Sync reports when using the move all users posts tool in the ACP. (Bug #31165)</li>
<li>[Fix] Extra slash is included in the redirect url when redirecting to the forum root directory. (Bug #33605)</li>
<li>[Fix] Remove reported flag from shadow topics when closing reports. (Bug #19765)</li>
<li>[Fix] Do not show non indexed forums on the search page if they contain no subforums. (Bug #33125)</li>
<li>[Fix] Stop search bots incrementing topic views. (Bug #32675 - Patch by eviL&lt;3)</li>
<li>[Fix] Use correct link for post author search. (Bug #32595)</li>
<li>[Fix] Do not decrease topics counter when deleting shadow topics. (Bug #26495)</li>
<li>[Fix] Send localised disapproval reasons in the recipients local language. (Bug #31645)</li>
<li>[Fix] Language typos/fixes. (Bugs #27625, #30755, #34185, #32795)</li>
<li>[Fix] Added missing terms parameter to search pagination. (Bug #34085)</li>
<li>[Fix] Wrong table order in query obtaining posts if post id given.</li>
<li>[Fix] Do not display reported topic icon for shadow topics. (Bug #13970)</li>
<li>[Fix] Display popular topic based on posts within topic instead of replies within topic. (Bug #16099)</li>
<li>[Fix] Expand shown ban reason in unban screen to fully show long entries. (Bug #16234)</li>
<li>[Fix] Preserve alpha transparency for created thumbnails. (Bug #16575)</li>
<li>[Fix] Use correct port delimiter for MSSQL connections in windows. (Bug #16615)</li>
<li>[Fix] Do not allow setting forums parent to the forum itself. (Bug #18855)</li>
<li>[Fix] Display assigned rank/avatar for guests. (Bug #19155)</li>
<li>[Fix] Set secure cookie for style switcher if required. (Bug #19625)</li>
<li>[Fix] Fix native full text search on postgresql while using excluding keyword matches. (Bug #19195)</li>
<li>[Fix] Pass S_SEARCH_ACTION through append_sid() in search.php. (Bug #21585)</li>
<li>[Fix] Correctly delete message attachments. (Bug #23755)</li>
<li>[Fix] Correctly handle unread status of subforums (that are not shown on the index) of forums that are shown on the index. (Bug #14589)</li>
<li>[Fix] Stop users from deleting posts after the edit time has passed or they have been locked. (Bug #19115)</li>
<li>[Fix] Split posts target forum requires 'f_post' now instead of 'm_split'. (Bug #31015)</li>
<li>[Fix] Duplicate log messages for deleting a topic ('LOG_TOPIC_DELETED' has been deprecated in favour of 'LOG_DELETE_TOPIC').</li>
<li>[Fix] Use a distinct log message for shadow topic deletions to differentiate between normal topic deletions. (Bug #34635)</li>
<li>[Fix] Fix problems with styles using an underscore within the filename. (Bug #34315)</li>
<li>[Fix] Better return links when deleting topics through the MCP. (Bug #34655)</li>
<li>[Fix] Add quoting support to PM history when composing a reply. (Bug #34285)</li>
<li>[Fix] Use phpBB 3.1.x method for storing cached data to prevent PHP bug with our usage of var_export(). (Thanks to Techie-Micheal and HoL for pointing out possible problems)</li>
<li>[Fix] Check users pm preferences for pm's sent to groups. (Bug #33245)</li>
<li>[Fix] Do not allow password reminders if u_passchg permission is not given. (Bug #14806)</li>
<li>[Fix] Implemented strict check for cached user permissions and existing ACL options. This fix makes sure cached permissions are valid, even if they got already cached.</li>
<li>[Fix] Do not show link to user/group profiles if user has no permission to view the linked page and gets a denied message anyway. (Bug #15088)</li>
<li>[Fix] Do not display last post link and sort display options for search engines. (Bug #15088)</li>
<li>[Fix] Make sure users still get notifications if they set to only be notified by Jabber, but Jabber service disabled. (Bug #29715 - Patch by Paul)</li>
<li>[Fix] Don't show forum subscription link on categories. (Bug #34895)</li>
<li>[Fix] Display a message if no topics or forums are selected when unsubscribing. (Bug #34855)</li>
<li>[Fix] Mark/unmark all links in UCP now select/unselect both subscribed topics and forums.</li>
<li>[Fix] Increase board topic counter when splitting topics. (Bug #32125)</li>
<li>[Fix] Display profile icons when viewing a topic, or PM when only the jabber icon is to be visible. (Bug #34755)</li>
<li>[Fix] Do not send PMs with warnings if the user cannot read PMs or they are disabled. (Bug #30815)</li>
<li>[Fix] Correctly convert Niels' Birthday MOD to the date format used in phpBB3. (Bug #32895)</li>
<li>[Fix] Parse BBCode lists of type square, circle and disc. (Bug #35295)</li>
<li>[Fix] Round the displayed percentages in polls. (Bug #32375)</li>
<li>[Fix] Disable mass e-mail when e-mail is disabled. (Bug #27385)</li>
<li>[Fix] Display coloured poster username of queued posts displayed on the front of the MCP.</li>
<li>[Fix] Moderators can only see reports/queue/logs from forums they can actually read. (Bug #31085)</li>
<li>[Fix] Correctly display topic when start parameter is equal to the number of posts.</li>
<li>[Fix] Correctly display topic in MCP when start parameter is equal to or greater than the number of posts. (Bug #30525)</li>
<li>[Change] No longer allow the direct use of MULTI_INSERT in sql_build_array. sql_multi_insert() must be used.</li>
<li>[Change] Display warning in ACP if config.php file is left writable.</li>
<li>[Change] More restrictive chmod to new files being created. (phpbb_chmod() function mostly by faw)</li>
<li>[Change] Set headers to allow browsers to better cache attachments (Mylek pointed this out)</li>
<li>[Change] Hide parameters if they equal the default in viewforum/viewtopic (Bug #31185)</li>
<li>[Change] Various improvements to group listings (Bugs #32155, #32145, #32085, #26675, #26265)</li>
<li>[Change] Set headers for IE 8 in file.php</li>
<li>[Change] Do not count queued posts to user_posts.</li>
<li>[Change] Allow setting birth year to current year.</li>
<li>[Change] Do not use the topics posted table when performing an egosearch.</li>
<li>[Change] Log the forum name that topics are moved into.</li>
<li>[Change] Automatically add users/groups to the PM recipient list, if entered or selected.</li>
<li>[Change] Reply to PM now includes all previous recipients and not only the original sender.</li>
<li>[Change] Make topic selection for merge less confusing by removing unneeded controls. (Bug #21925)</li>
<li>[Change] MCP topic view checkboxes now default to unchecked.</li>
<li>[Change] Adjust language key <em>SPLIT_AFTER</em> to make the action clearer.</li>
<li>[Change] Add links to the post and forum when viewing a report from the MCP. (Bugs #33795, #33805)</li>
<li>[Change] Remove NUL-Bytes directly in request_var() for strings and within the custom DBAL sql_escape() functions (MSSQL, Firebird, Oracle) (reported by AdhostMikeSw)</li>
<li>[Feature] Allow limited inheritance for template sets.</li>
<li>[Feature] Allow hard disabling of the template editor.</li>
<li>[Feature] Allow setting custom language path through $user-&gt;set_custom_lang_path(). $user-&gt;lang_path now also do not include the user language, but only the path.</li>
<li>[Feature] Ability to define nullar/singular/plural language entries</li>
<li>[Feature] Ability to mimic sprintf() calls with $user-&gt;lang() with the ability to correctly assign nullar/singular/plural language entries.</li>
<li>[Feature] Added the possibility to force user posts put in queue if post count is lower than an admin defined value. Guest posting is not affected by this setting.</li>
<li>[Feature] Added 'max_recipients' setting for private messages. This setting allows admins to define the maximum number of recipients per private message with a board-wide setting and a group-specific setting.</li>
<li>[Feature] Added new permission setting for sending private messages to groups. Now there are two permissions to define sending private messages to multiple recipients and private messages to groups.</li>
<li>[Feature] Allow specific connection to different server for jabber functionality by providing a valid JID as username. This also allows the use of talk.google.com as jabber server with gmail.com JIDs. (Bug #14989)</li>
<li>[Sec Precaution] Stricter validation of the HTTP_HOST header (Thanks to Techie-Micheal et al for pointing out possible issues in derived code)</li>
</ul>
<a name="v301"></a><h3>1.ii. Changes since 3.0.1</h3>
<ul>
<li>[Fix] Ability to set permissions on non-mysql dbms (Bug #24955)</li>
@ -130,7 +229,7 @@
<li>[Sec] Only allow urls gone through redirect() being used within login_box(). (thanks nookieman)</li>
</ul>
<a name="v300"></a><h3>1.ii. Changes since 3.0.0</h3>
<a name="v300"></a><h3>1.iii. Changes since 3.0.0</h3>
<ul>
<li>[Change] Validate birthdays (Bug #15004)</li>
@ -201,7 +300,7 @@
<li>[Fix] Find and display colliding usernames correctly when converting from one database to another (Bug #23925)</li>
</ul>
<a name="v30rc8"></a><h3>1.iii. Changes since 3.0.RC8</h3>
<a name="v30rc8"></a><h3>1.iv. Changes since 3.0.RC8</h3>
<ul>
<li>[Fix] Cleaned usernames contain only single spaces, so &quot;a_name&quot; and &quot;a__name&quot; are treated as the same name (Bug #15634)</li>
@ -210,7 +309,7 @@
<li>[Fix] Call garbage_collection() within database updater to correctly close connections (affects Oracle for example)</li>
</ul>
<a name="v30rc7"></a><h3>1.iv. Changes since 3.0.RC7</h3>
<a name="v30rc7"></a><h3>1.v. Changes since 3.0.RC7</h3>
<ul>
<li>[Fix] Fixed MSSQL related bug in the update system</li>
@ -245,7 +344,7 @@
<li>[Fix] No duplication of active topics (Bug #15474)</li>
</ul>
<a name="v30rc6"></a><h3>1.v. Changes since 3.0.RC6</h3>
<a name="v30rc6"></a><h3>1.vi. Changes since 3.0.RC6</h3>
<ul>
<li>[Fix] Submitting language changes using acp_language (Bug #14736)</li>
@ -255,7 +354,7 @@
<li>[Fix] Able to request new password (Bug #14743)</li>
</ul>
<a name="v30rc5"></a><h3>1.vi. Changes since 3.0.RC5</h3>
<a name="v30rc5"></a><h3>1.vii. Changes since 3.0.RC5</h3>
<ul>
<li>[Feature] Removing constant PHPBB_EMBEDDED in favor of using an exit_handler(); the constant was meant to achive this more or less.</li>
@ -318,7 +417,7 @@
<li>[Sec] New password hashing mechanism for storing passwords (#i42)</li>
</ul>
<a name="v30rc4"></a><h3>1.vii. Changes since 3.0.RC4</h3>
<a name="v30rc4"></a><h3>1.viii. Changes since 3.0.RC4</h3>
<ul>
<li>[Fix] MySQL, PostgreSQL and SQLite related database fixes (Bug #13862)</li>
@ -369,7 +468,7 @@
<li>[Fix] odbc_autocommit causing existing result sets to be dropped (Bug #14182)</li>
</ul>
<a name="v30rc3"></a><h3>1.viii. Changes since 3.0.RC3</h3>
<a name="v30rc3"></a><h3>1.ix. Changes since 3.0.RC3</h3>
<ul>
<li>[Fix] Fixing some subsilver2 and prosilver style issues</li>
@ -478,7 +577,7 @@
</ul>
<a name="v30rc2"></a><h3>1.ix. Changes since 3.0.RC2</h3>
<a name="v30rc2"></a><h3>1.x. Changes since 3.0.RC2</h3>
<ul>
<li>[Fix] Re-allow searching within the memberlist</li>
@ -524,7 +623,7 @@
</ul>
<a name="v30rc1"></a><h3>1.x. Changes since 3.0.RC1</h3>
<a name="v30rc1"></a><h3>1.xi. Changes since 3.0.RC1</h3>
<ul>
<li>[Fix] (X)HTML issues within the templates (Bug #11255, #11255)</li>

10
phpBB/docs/INSTALL.html
View file

@ -273,7 +273,7 @@
<p>This package is meant for those wanting to only replace changed files from a previous version to the latest version. This package normally contains the changed files from up to five previous versions.</p>
<p>This package contains a number of archives, each contains the files changed from a given release to the latest version. You should select the appropriate archive for your current version, e.g. if you currently have <samp>3.0.1</samp> you should select the phpBB-3.0.1_to_3.0.2.zip/tar.gz file.</p>
<p>This package contains a number of archives, each contains the files changed from a given release to the latest version. You should select the appropriate archive for your current version, e.g. if you currently have <samp>3.0.2</samp> you should select the phpBB-3.0.2_to_3.0.3.zip/tar.gz file.</p>
<p>The directory structure has been preserved enabling you (if you wish) to simply upload the contents of the archive to the appropriate location on your server, i.e. simply overwrite the existing files with the new versions. Do not forget that if you have installed any MODs these files will overwrite the originals possibly destroying them in the process. You will need to re-add MODs to any affected file before uploading.</p>
@ -285,7 +285,7 @@
<p>The patch file is one solution for those with many Modifications (MODs) or other changes who do not want to re-add them back to all the changed files if they use the method explained above. To use this you will need command line access to a standard UNIX type <strong>patch</strong> application. If you do not have access to such an application but still want to use this update approach, we strongly recommend the <a href="#update_auto">Automatic update package</a> explained below. It is also the preferred update method.</p>
<p>A number of patch files are provided to allow you to update from previous stable releases. Select the correct patch, e.g. if your current version is 3.0.1 you need the phpBB-3.0.1_to_3.0.2.patch file. Place the correct patch in the parent directory containing the phpBB3 core files (i.e. index.php, viewforum.php, etc.). With this done you should run the following command: <strong>patch -cl -d [PHPBB DIRECTORY] -p1 &lt; [PATCH NAME]</strong> (where PHPBB DIRECTORY is the directory name your phpBB Installation resides in, for example phpBB3, and where PATCH NAME is the relevant filename of the selected patch file). This should complete quickly, hopefully without any HUNK FAILED comments.</p>
<p>A number of patch files are provided to allow you to update from previous stable releases. Select the correct patch, e.g. if your current version is 3.0.2 you need the phpBB-3.0.2_to_3.0.3.patch file. Place the correct patch in the parent directory containing the phpBB3 core files (i.e. index.php, viewforum.php, etc.). With this done you should run the following command: <strong>patch -cl -d [PHPBB DIRECTORY] -p1 &lt; [PATCH NAME]</strong> (where PHPBB DIRECTORY is the directory name your phpBB Installation resides in, for example phpBB3, and where PATCH NAME is the relevant filename of the selected patch file). This should complete quickly, hopefully without any HUNK FAILED comments.</p>
<p>If you do get failures you should look at using the <a href="#update_files">Changed files only</a> package to replace the files which failed to patch, please note that you will need to manually re-add any Modifications (MODs) to these particular files. Alternatively if you know how you can examine the .rej files to determine what failed where and make manual adjustments to the relevant source.</p>
@ -295,7 +295,7 @@
<p>This update method is the preferred method for updating. This package allows detecting changed files automatically and merges changes if needed.</p>
<p>The automatic update package is holding - contrary to the others - only the update informations for updating the last released version to the latest available version. These package is meant for use with the automatic update tool.</p>
<p>The automatic update package contains - contrary to the others - only the information required to update the previous release version to the latest available version. These packages are meant for use with the automatic update tool.</p>
<p>To perform the update, either follow the instructions from the <code>Administration Control Panel-&gt;System</code> Tab - this should point out that you are running an outdated version and will guide you through the update - or follow the instructions listed below.</p>
@ -371,9 +371,9 @@
<p><strong>Path to your former board</strong> The converter expects the relative path to your old board's files. So, - for instance - if the old board is located at <code>http://www.yourdomain.com/forum</code> and the phpBB3 installation is located at <code>http://www.yourdomain.com/phpBB3</code>, then the correct value would be <code>../forum</code>. Note that the webserver user must be able to access the source installation's files.</p>
<p><strong>Missing images</strong> If your default board language's language pack does not include all images, then some images might be missing in your installation. Always use a complete language pack as default language.</p>
<p><strong>Missing images</strong> If your default board language's language pack does not include all images, then some images might be missing in your installation. Always use a complete language pack as default language.</p>
<p><strong>Smilies</strong> During the conversion you might see warnings about image files where the copying failed. That can happen if the old board's smilies have the same file names as those on the new board. Copy those files manually after the conversion, if you want to continue using the old smilies.</p>
<p><strong>Smilies</strong> During the conversion you might see warnings about image files where the copying failed. That can happen if the old board's smilies have the same file names as those on the new board. Copy those files manually after the conversion, if you want to continue using the old smilies.</p>
</div>

96
phpBB/docs/coding-guidelines.html
View file

@ -69,7 +69,15 @@
</ol>
</li>
<li><a href="#styling">Styling</a></li>
<li><a href="#templating">Templating</a></li>
<ol style="list-style-type: lower-roman;">
<li><a href="#cfgfiles">Style Config Files</a></li>
<li><a href="#genstyling">General Styling Rules</a></li>
</ol></li>
<li><a href="#templating">Templating</a>
<ol style="list-style-type: lower-roman;">
<li><a href="#templates">General Templating</a></li>
<li><a href="#inheritance">Template Inheritance</a></li>
</ol></li>
<li><a href="#charsets">Character Sets and Encodings</a></li>
<li><a href="#translation">Translation (<abbr title="Internationalisation">i18n</abbr>/<abbr title="Localisation">L10n</abbr>) Guidelines</a>
<ol style="list-style-type: lower-roman;">
@ -188,8 +196,7 @@ class ...
<li><code>/includes/db/firebird.php</code><br />Firebird/Interbase Database Abstraction Layer</li>
<li><code>/includes/db/msssql.php</code><br />MSSQL Database Abstraction Layer</li>
<li><code>/includes/db/mssql_odbc.php</code><br />MSSQL ODBC Database Abstraction Layer for MSSQL</li>
<li><code>/includes/db/mysql.php</code><br />MySQL Database Abstraction Layer for MySQL 3.x/4.0.x</li>
<li><code>/includes/db/mysql4.php</code><br />MySQL4 Database Abstraction Layer for MySQL 4.1.x/5.x</li>
<li><code>/includes/db/mysql.php</code><br />MySQL Database Abstraction Layer for MySQL 3.x/4.0.x/4.1.x/5.x
<li><code>/includes/db/mysqli.php</code><br />MySQLi Database Abstraction Layer</li>
<li><code>/includes/db/oracle.php</code><br />Oracle Database Abstraction Layer</li>
<li><code>/includes/db/postgres.php</code><br />PostgreSQL Database Abstraction Layer</li>
@ -518,7 +525,7 @@ switch ($mode)
break;
default:
// Always assume that the case got not catched
// Always assume that a case was not caught
break;
}
</pre></div>
@ -541,7 +548,7 @@ switch ($mode)
default:
// Always assume that the case got not catched
// Always assume that a case was not caught
break;
}
@ -569,7 +576,7 @@ switch ($mode)
default:
// Always assume that the case got not catched
// Always assume that a case was not caught
break;
}
@ -690,7 +697,29 @@ $sql = 'UPDATE ' . SOME_TABLE . '
$db-&gt;sql_query($sql);
</pre></div>
<p>The <code>$db-&gt;sql_build_array()</code> function supports the following modes: <code>INSERT</code> (example above), <code>INSERT_SELECT</code> (building query for <code>INSERT INTO table (...) SELECT value, column ...</code> statements), <code>MULTI_INSERT</code> (for returning extended inserts), <code>UPDATE</code> (example above) and <code>SELECT</code> (for building WHERE statement [AND logic]).</p>
<p>The <code>$db-&gt;sql_build_array()</code> function supports the following modes: <code>INSERT</code> (example above), <code>INSERT_SELECT</code> (building query for <code>INSERT INTO table (...) SELECT value, column ...</code> statements), <code>UPDATE</code> (example above) and <code>SELECT</code> (for building WHERE statement [AND logic]).</p>
<h4>sql_multi_insert():</h4>
<p>If you want to insert multiple statements at once, please use the separate <code>sql_multi_insert()</code> method. An example:</p>
<div class="codebox"><pre>
$sql_ary = array();
$sql_ary[] = array(
'somedata' =&gt; $my_string_1,
'otherdata' =&gt; $an_int_1,
'moredata' =&gt; $another_int_1,
);
$sql_ary[] = array(
'somedata' =&gt; $my_string_2,
'otherdata' =&gt; $an_int_2,
'moredata' =&gt; $another_int_2,
);
$db->sql_multi_insert(SOME_TABLE, $sql_ary);
</pre></div>
<h4>sql_in_set():</h4>
@ -973,8 +1002,18 @@ append_sid(&quot;{$phpbb_root_path}memberlist.$phpEx&quot;, 'mode=group&amp;amp;
<div class="inner"><span class="corners-top"><span></span></span>
<div class="content">
<h4>General things</h4>
<a name="cfgfiles"></a><h3>3.i. Style Config Files</h3>
<p>Style cfg files are simple name-value lists with the information necessary for installing a style. Similar cfg files exist for templates, themes and imagesets. These follow the same principle and will not be introduced individually. Styles can use installed components by using the required_theme/required_template/required_imageset entries. The important part of the style configuration file is assigning an unique name.</p>
<div class="codebox"><pre>
# General Information about this style
name = prosilver_duplicate
copyright = &copy; phpBB Group, 2007
version = 3.0.3
required_template = prosilver
required_theme = prosilver
required_imageset = prosilver
</pre></div>
<a name="genstyling"></a><h3>3.2. General Styling Rules</h3>
<p>Templates should be produced in a consistent manner. Where appropriate they should be based off an existing copy, e.g. index, viewforum or viewtopic (the combination of which implement a range of conditional and variable forms). Please also note that the intendation and coding guidelines also apply to templates where possible.</p>
<p>The outer table class <code>forumline</code> has gone and is replaced with <code>tablebg</code>.</p>
@ -1041,6 +1080,7 @@ append_sid(&quot;{$phpbb_root_path}memberlist.$phpEx&quot;, 'mode=group&amp;amp;
<div class="inner"><span class="corners-top"><span></span></span>
<div class="content">
<a name="templates"></a><h3>4.i. General Templating</h3>
<h4>File naming</h4>
<p>Firstly templates now take the suffix &quot;.html&quot; rather than &quot;.tpl&quot;. This was done simply to make the lifes of some people easier wrt syntax highlighting, etc.</p>
@ -1429,6 +1469,29 @@ div
&lt;/fieldset&gt
&lt;/form&gt
</pre></div><br />
<a name="inheritance"></a><h3>4.ii. Template Inheritance</h3>
<p>When basing a new template on an existing one, it is not necessary to provide all template files. By declaring the template to be &quot;<strong>inheriting</strong>&quot; in the template configuration file.</p>
<p>The limitation on this is that the base style has to be installed and complete, meaning that it is not itself inheriting.</p>
<p>The effect of doing so is that the template engine will use the files in the new template where they exist, but fall back to files in the base template otherwise. Declaring a style to be inheriting also causes it to use some of the configuration settings of the base style, notably database storage.</p>
<p>We strongly encourage the use of inheritance for styles based on the bundled styles, as it will ease the update procedure.</p>
<div class="codebox"><pre>
# General Information about this template
name = inherits
copyright = &copy; phpBB Group, 2007
version = 3.0.3
# Defining a different template bitfield
template_bitfield = lNg=
# Are we inheriting?
inherit_from = prosilver
</pre></div>
</div>
<div class="back2top"><a href="#wrap" class="top">Back to Top</a></div>
@ -2195,6 +2258,21 @@ if (utf8_case_fold_nfc($string1) == utf8_case_fold_nfc($string2))
<div class="content">
<h3>Revision 8732</h3>
<ul>
<li>Added cfg files.</li>
<li>Added template <a href="#inheritance">inheritance</a>.</li>
</ul>
<h3>Revision 8596+</h3>
<ul>
<li>Removed sql_build_array('MULTI_INSERT'... statements.</li>
<li>Added sql_multi_insert() explanation.</li>
</ul>
<h3>Revision 1.31</h3>
<ul>

201
phpBB/download/file.php
View file

@ -15,6 +15,20 @@ define('IN_PHPBB', true);
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './../';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
// Thank you sun.
if (isset($_SERVER['CONTENT_TYPE']))
{
if ($_SERVER['CONTENT_TYPE'] === 'application/x-java-archive')
{
exit;
}
}
else if (isset($_SERVER['HTTP_USER_AGENT']) && strpos($_SERVER['HTTP_USER_AGENT'], 'Java') !== false)
{
exit;
}
if (isset($_GET['avatar']))
{
require($phpbb_root_path . 'config.' . $phpEx);
@ -45,6 +59,8 @@ if (isset($_GET['avatar']))
$config = $cache->obtain_config();
$filename = $_GET['avatar'];
$avatar_group = false;
$exit = false;
if ($filename[0] === 'g')
{
$avatar_group = true;
@ -55,75 +71,37 @@ if (isset($_GET['avatar']))
if (strpos($filename, '.') == false)
{
header('HTTP/1.0 403 Forbidden');
if (!empty($cache))
{
$cache->unload();
}
$db->sql_close();
exit;
$exit = true;
}
$ext = substr(strrchr($filename, '.'), 1);
$stamp = (int) substr(stristr($filename, '_'), 1);
$filename = (int) $filename;
// let's see if we have to send the file at all
$last_load = isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? strtotime(trim($_SERVER['HTTP_IF_MODIFIED_SINCE'])) : false;
if (strpos(strtolower($browser), 'msie 6.0') === false)
if (!$exit)
{
if ($last_load !== false && $last_load <= $stamp)
$ext = substr(strrchr($filename, '.'), 1);
$stamp = (int) substr(stristr($filename, '_'), 1);
$filename = (int) $filename;
$exit = set_modified_headers($stamp, $browser);
}
if (!$exit && !in_array($ext, array('png', 'gif', 'jpg', 'jpeg')))
{
// no way such an avatar could exist. They are not following the rules, stop the show.
header("HTTP/1.0 403 Forbidden");
$exit = true;
}
if (!$exit)
{
if (!$filename)
{
if (@php_sapi_name() === 'CGI')
{
header('Status: 304 Not Modified', true, 304);
}
else
{
header('HTTP/1.0 304 Not Modified', true, 304);
}
// seems that we need those too ... browsers
header('Pragma: public');
header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time() + 31536000));
exit();
// no way such an avatar could exist. They are not following the rules, stop the show.
header("HTTP/1.0 403 Forbidden");
}
else
{
header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $stamp) . ' GMT');
send_avatar_to_browser(($avatar_group ? 'g' : '') . $filename . '.' . $ext, $browser);
}
}
if (!in_array($ext, array('png', 'gif', 'jpg', 'jpeg')))
{
// no way such an avatar could exist. They are not following the rules, stop the show.
header("HTTP/1.0 403 Forbidden");
if (!empty($cache))
{
$cache->unload();
}
$db->sql_close();
exit;
}
if (!$filename)
{
// no way such an avatar could exist. They are not following the rules, stop the show.
header("HTTP/1.0 403 Forbidden");
if (!empty($cache))
{
$cache->unload();
}
$db->sql_close();
exit;
}
send_avatar_to_browser(($avatar_group ? 'g' : '') . $filename . '.' . $ext, $browser);
if (!empty($cache))
{
$cache->unload();
}
$db->sql_close();
exit;
file_gc();
}
// implicit else: we are not in avatar mode
@ -148,7 +126,7 @@ if (!$config['allow_attachments'] && !$config['allow_pm_attach'])
trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
}
$sql = 'SELECT attach_id, in_message, post_msg_id, extension, is_orphan, poster_id
$sql = 'SELECT attach_id, in_message, post_msg_id, extension, is_orphan, poster_id, filetime
FROM ' . ATTACHMENTS_TABLE . "
WHERE attach_id = $download_id";
$result = $db->sql_query_limit($sql, 1);
@ -259,7 +237,7 @@ if (!download_allowed())
$download_mode = (int) $extensions[$attachment['extension']]['download_mode'];
// Fetching filename here to prevent sniffing of filename
$sql = 'SELECT attach_id, is_orphan, in_message, post_msg_id, extension, physical_filename, real_filename, mimetype
$sql = 'SELECT attach_id, is_orphan, in_message, post_msg_id, extension, physical_filename, real_filename, mimetype, filetime
FROM ' . ATTACHMENTS_TABLE . "
WHERE attach_id = $download_id";
$result = $db->sql_query_limit($sql, 1);
@ -297,7 +275,7 @@ else if (($display_cat == ATTACHMENT_CATEGORY_NONE || $display_cat == ATTACHMENT
$db->sql_query($sql);
}
if ($display_cat == ATTACHMENT_CATEGORY_IMAGE && $mode === 'view' && (strpos($attachment['mimetype'], 'image') === 0) && strpos(strtolower($user->browser), 'msie') !== false)
if ($display_cat == ATTACHMENT_CATEGORY_IMAGE && $mode === 'view' && (strpos($attachment['mimetype'], 'image') === 0) && ((strpos(strtolower($user->browser), 'msie') !== false) && (strpos(strtolower($user->browser), 'msie 8.0') === false)))
{
wrap_img_in_html(append_sid($phpbb_root_path . 'download/file.' . $phpEx, 'id=' . $attachment['attach_id']), $attachment['real_filename']);
}
@ -313,12 +291,12 @@ else
}
redirect($phpbb_root_path . $config['upload_path'] . '/' . $attachment['physical_filename']);
exit;
file_gc();
}
else
{
send_file_to_browser($attachment, $config['upload_path'], $display_cat);
exit;
file_gc();
}
}
@ -354,7 +332,7 @@ function send_avatar_to_browser($file, $browser)
$image_data = @getimagesize($file_path);
header('Content-Type: ' . image_type_to_mime_type($image_data[2]));
if (strpos(strtolower($browser), 'msie') !== false)
if (strpos(strtolower($browser), 'msie') !== false && strpos(strtolower($browser), 'msie 8.0') === false)
{
header('Content-Disposition: attachment; ' . header_filename($file));
@ -379,7 +357,7 @@ function send_avatar_to_browser($file, $browser)
header("Content-Length: $size");
}
if (@readfile($file_path) === false)
if (@readfile($file_path) == false)
{
$fp = @fopen($file_path, 'rb');
@ -484,9 +462,10 @@ function send_file_to_browser($attachment, $upload_dir, $category)
*/
// Send out the Headers. Do not set Content-Disposition to inline please, it is a security measure for users using the Internet Explorer.
header('Content-Type: ' . $attachment['mimetype']);
$is_ie8 = (strpos(strtolower($user->browser), 'msie 8.0') !== false);
header('Content-Type: ' . $attachment['mimetype'] . (($is_ie8) ? '; authoritative=true;' : ''));
if (empty($user->browser) || (strpos(strtolower($user->browser), 'msie') !== false))
if (empty($user->browser) || (!$is_ie8 && (strpos(strtolower($user->browser), 'msie') !== false)))
{
header('Content-Disposition: attachment; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));
if (empty($user->browser) || (strpos(strtolower($user->browser), 'msie 6.0') !== false))
@ -497,6 +476,10 @@ function send_file_to_browser($attachment, $upload_dir, $category)
else
{
header('Content-Disposition: ' . ((strpos($attachment['mimetype'], 'image') === 0) ? 'inline' : 'attachment') . '; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));
if ($is_ie8 && (strpos($attachment['mimetype'], 'image') !== 0))
{
header('X-Download-Options: noopen');
}
}
if ($size)
@ -504,26 +487,32 @@ function send_file_to_browser($attachment, $upload_dir, $category)
header("Content-Length: $size");
}
// Try to deliver in chunks
@set_time_limit(0);
// Close the db connection before sending the file
$db->sql_close();
$fp = @fopen($filename, 'rb');
if ($fp !== false)
if (!set_modified_headers($attachment['filetime'], $user->browser))
{
while (!feof($fp))
// Try to deliver in chunks
@set_time_limit(0);
$fp = @fopen($filename, 'rb');
if ($fp !== false)
{
echo fread($fp, 8192);
while (!feof($fp))
{
echo fread($fp, 8192);
}
fclose($fp);
}
else
{
@readfile($filename);
}
fclose($fp);
}
else
{
@readfile($filename);
}
flush();
exit;
flush();
}
file_gc();
}
/**
@ -655,4 +644,48 @@ function download_allowed()
return $allowed;
}
/**
* Check if the browser has the file already and set the appropriate headers-
* @returns false if a resend is in order.
*/
function set_modified_headers($stamp, $browser)
{
// let's see if we have to send the file at all
$last_load = isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? strtotime(trim($_SERVER['HTTP_IF_MODIFIED_SINCE'])) : false;
if ((strpos(strtolower($browser), 'msie 6.0') === false) && (strpos(strtolower($browser), 'msie 8.0') === false))
{
if ($last_load !== false && $last_load <= $stamp)
{
if (@php_sapi_name() === 'CGI')
{
header('Status: 304 Not Modified', true, 304);
}
else
{
header('HTTP/1.0 304 Not Modified', true, 304);
}
// seems that we need those too ... browsers
header('Pragma: public');
header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time() + 31536000));
return true;
}
else
{
header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $stamp) . ' GMT');
}
}
return false;
}
function file_gc()
{
global $cache, $db;
if (!empty($cache))
{
$cache->unload();
}
$db->sql_close();
exit;
}
?>

14
phpBB/includes/acm/acm_file.php
View file

@ -93,7 +93,7 @@ class acm
@flock($fp, LOCK_UN);
fclose($fp);
@chmod($this->cache_dir . 'data_global.' . $phpEx, 0666);
phpbb_chmod($this->cache_dir . 'data_global.' . $phpEx, CHMOD_WRITE);
}
else
{
@ -154,7 +154,7 @@ class acm
}
}
}
set_config('cache_last_gc', time(), true);
}
@ -193,11 +193,11 @@ class acm
if ($fp = @fopen($this->cache_dir . "data{$var_name}.$phpEx", 'wb'))
{
@flock($fp, LOCK_EX);
fwrite($fp, "<?php\n\$expired = (time() > " . (time() + $ttl) . ") ? true : false;\nif (\$expired) { return; }\n\n\$data = " . var_export($var, true) . ";\n?>");
fwrite($fp, "<?php\n\$expired = (time() > " . (time() + $ttl) . ") ? true : false;\nif (\$expired) { return; }\n\n\$data = unserialize(" . var_export(serialize($var), true) . ");\n\n?>");
@flock($fp, LOCK_UN);
fclose($fp);
@chmod($this->cache_dir . "data{$var_name}.$phpEx", 0666);
phpbb_chmod($this->cache_dir . "data{$var_name}.$phpEx", CHMOD_WRITE);
}
}
else
@ -412,11 +412,11 @@ class acm
$file = "<?php\n\n/* " . str_replace('*/', '*\/', $query) . " */\n";
$file .= "\n\$expired = (time() > " . (time() + $ttl) . ") ? true : false;\nif (\$expired) { return; }\n";
fwrite($fp, $file . "\n\$this->sql_rowset[\$query_id] = " . var_export($this->sql_rowset[$query_id], true) . ";\n?>");
fwrite($fp, $file . "\n\$this->sql_rowset[\$query_id] = unserialize(" . var_export(serialize($this->sql_rowset[$query_id]), true) . ");\n\n?>");
@flock($fp, LOCK_UN);
fclose($fp);
@chmod($filename, 0666);
phpbb_chmod($filename, CHMOD_WRITE);
$query_result = $query_id;
}
@ -491,7 +491,7 @@ class acm
*/
function remove_file($filename, $check = false)
{
if ($check && !@is_writeable($this->cache_dir))
if ($check && !@is_writable($this->cache_dir))
{
// E_USER_ERROR - not using language entry - intended.
trigger_error('Unable to remove files within ' . $this->cache_dir . '. Please check directory permissions.', E_USER_ERROR);

10
phpBB/includes/acp/acp_attachments.php
View file

@ -279,7 +279,7 @@ class acp_attachments
{
$l_explain = (isset($user->lang[$vars['lang'] . '_EXPLAIN'])) ? $user->lang[$vars['lang'] . '_EXPLAIN'] : '';
}
$content = build_cfg_template($type, $config_key, $this->new_config, $config_key, $vars);
if (empty($content))
{
@ -765,6 +765,8 @@ class acp_attachments
$s_forum_id_options = '';
/** @todo use in-built function **/
$sql = 'SELECT forum_id, forum_name, parent_id, forum_type, left_id, right_id
FROM ' . FORUMS_TABLE . '
ORDER BY left_id ASC';
@ -795,7 +797,7 @@ class acp_attachments
}
else if ($row['left_id'] > $right + 1)
{
$padding = $padding_store[$row['parent_id']];
$padding = empty($padding_store[$row['parent_id']]) ? '' : $padding_store[$row['parent_id']];
}
$right = $row['right_id'];
@ -1168,7 +1170,7 @@ class acp_attachments
$location .= '/';
}
if (@is_readable($location . 'mogrify' . $exe) && @filesize($location . 'mogrify' . $exe) > 3000)
if (@file_exists($location) && @is_readable($location . 'mogrify' . $exe) && @filesize($location . 'mogrify' . $exe) > 3000)
{
$imagick = str_replace('\\', '/', $location);
continue;
@ -1196,7 +1198,7 @@ class acp_attachments
if (!file_exists($phpbb_root_path . $upload_dir))
{
@mkdir($phpbb_root_path . $upload_dir, 0777);
@chmod($phpbb_root_path . $upload_dir, 0777);
phpbb_chmod($phpbb_root_path . $upload_dir, CHMOD_READ | CHMOD_WRITE);
}
}

6
phpBB/includes/acp/acp_bbcodes.php
View file

@ -168,6 +168,12 @@ class acp_bbcodes
{
trigger_error($user->lang['BBCODE_TAG_DEF_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);
}
if (strlen($bbcode_helpline) > 255)
{
trigger_error($user->lang['BBCODE_HELPLINE_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);
}
$sql_ary = array(
'bbcode_tag' => $data['bbcode_tag'],

13
phpBB/includes/acp/acp_board.php
View file

@ -131,6 +131,7 @@ class acp_board
'pm_max_msgs' => array('lang' => 'BOXES_LIMIT', 'validate' => 'int:0', 'type' => 'text:4:4', 'explain' => true),
'full_folder_action' => array('lang' => 'FULL_FOLDER_ACTION', 'validate' => 'int', 'type' => 'select', 'method' => 'full_folder_select', 'explain' => true),
'pm_edit_time' => array('lang' => 'PM_EDIT_TIME', 'validate' => 'int:0', 'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']),
'pm_max_recipients' => array('lang' => 'PM_MAX_RECIPIENTS', 'validate' => 'int:0', 'type' => 'text:5:5', 'explain' => true),
'legend2' => 'GENERAL_OPTIONS',
'allow_mass_pm' => array('lang' => 'ALLOW_MASS_PM', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false),
@ -163,6 +164,8 @@ class acp_board
'enable_post_confirm' => array('lang' => 'VISUAL_CONFIRM_POST', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
'legend2' => 'POSTING',
'enable_queue_trigger' => array('lang' => 'ENABLE_QUEUE_TRIGGER', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
'queue_trigger_posts' => array('lang' => 'QUEUE_TRIGGER_POSTS', 'validate' => 'int:0:250', 'type' => 'text:4:4', 'explain' => true),
'bump_type' => false,
'edit_time' => array('lang' => 'EDIT_TIME', 'validate' => 'int:0', 'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['MINUTES']),
'display_last_edited' => array('lang' => 'DISPLAY_LAST_EDITED', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
@ -557,14 +560,14 @@ class acp_board
{
$l_explain = (isset($user->lang[$vars['lang'] . '_EXPLAIN'])) ? $user->lang[$vars['lang'] . '_EXPLAIN'] : '';
}
$content = build_cfg_template($type, $config_key, $this->new_config, $config_key, $vars);
if (empty($content))
{
continue;
}
$template->assign_block_vars('options', array(
'KEY' => $config_key,
'TITLE' => (isset($user->lang[$vars['lang']])) ? $user->lang[$vars['lang']] : $vars['lang'],
@ -677,7 +680,7 @@ class acp_board
return h_radio('config[ip_check]', $radio_ary, $value, $key);
}
/**
* Select referer validation
*/
@ -687,7 +690,7 @@ class acp_board
return h_radio('config[referer_validation]', $radio_ary, $value, $key);
}
/**
* Select account activation method
*/

6
phpBB/includes/acp/acp_captcha.php
View file

@ -80,7 +80,11 @@ class acp_captcha
$captcha_vars = array_keys($captcha_vars);
foreach ($captcha_vars as $captcha_var)
{
set_config($captcha_var, request_var($captcha_var, 0));
$value = request_var($captcha_var, 0);
if ($value >= 0)
{
set_config($captcha_var, $value);
}
}
trigger_error($user->lang['CONFIG_UPDATED'] . adm_back_link($this->u_action));
}

2
phpBB/includes/acp/acp_database.php
View file

@ -620,7 +620,7 @@ class mysql_extractor extends base_extractor
if ($new_extract === null)
{
if ($db->sql_layer === 'mysqli' || version_compare($db->mysql_version, '3.23.20', '>='))
if ($db->sql_layer === 'mysqli' || version_compare($db->sql_server_info(true), '3.23.20', '>='))
{
$new_extract = true;
}

23
phpBB/includes/acp/acp_forums.php
View file

@ -154,8 +154,11 @@ class acp_forums
if ($forum_data['forum_type'] == FORUM_LINK)
{
$forum_data['display_on_index'] = request_var('link_display_on_index', false);
}
// Linked forums are not able to be locked...
// Linked forums and categories are not able to be locked...
if ($forum_data['forum_type'] == FORUM_LINK || $forum_data['forum_type'] == FORUM_CAT)
{
$forum_data['forum_status'] = ITEM_UNLOCKED;
}
@ -922,10 +925,9 @@ class acp_forums
$range_test_ary = array(
array('lang' => 'FORUM_TOPICS_PAGE', 'value' => $forum_data['forum_topics_per_page'], 'column_type' => 'TINT:0'),
);
validate_range($range_test_ary, $errors);
// Set forum flags
// 1 = link tracking
// 2 = prune old polls
@ -1206,7 +1208,14 @@ class acp_forums
if ($row['parent_id'] != $forum_data_sql['parent_id'])
{
$errors = $this->move_forum($forum_data_sql['forum_id'], $forum_data_sql['parent_id']);
if ($row['forum_id'] != $forum_data_sql['parent_id'])
{
$errors = $this->move_forum($forum_data_sql['forum_id'], $forum_data_sql['parent_id']);
}
else
{
$forum_data_sql['parent_id'] = $row['parent_id'];
}
}
if (sizeof($errors))
@ -1647,7 +1656,8 @@ class acp_forums
$sql = 'SELECT poster_id
FROM ' . POSTS_TABLE . '
WHERE forum_id = ' . $forum_id . '
AND post_postcount = 1';
AND post_postcount = 1
AND post_approved = 1';
$result = $db->sql_query($sql);
$post_counts = array();
@ -1768,6 +1778,7 @@ class acp_forums
WHERE user_id = ' . $poster_id . '
AND user_posts < ' . $substract;
$db->sql_query($sql);
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_posts = user_posts - ' . $substract . '
WHERE user_id = ' . $poster_id . '
@ -1811,7 +1822,7 @@ class acp_forums
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
set_config('upload_dir_size', (int) $row['stat'], true);
set_config('upload_dir_size', (float) $row['stat'], true);
return array();
}

4
phpBB/includes/acp/acp_groups.php
View file

@ -303,6 +303,7 @@ class acp_groups
'receive_pm' => isset($_REQUEST['group_receive_pm']) ? 1 : 0,
'legend' => isset($_REQUEST['group_legend']) ? 1 : 0,
'message_limit' => request_var('group_message_limit', 0),
'max_recipients' => request_var('group_max_recipients', 0),
'founder_manage' => 0,
);
@ -395,7 +396,7 @@ class acp_groups
// were made.
$group_attributes = array();
$test_variables = array('rank', 'colour', 'avatar', 'avatar_type', 'avatar_width', 'avatar_height', 'receive_pm', 'legend', 'message_limit', 'founder_manage');
$test_variables = array('rank', 'colour', 'avatar', 'avatar_type', 'avatar_width', 'avatar_height', 'receive_pm', 'legend', 'message_limit', 'max_recipients', 'founder_manage');
foreach ($test_variables as $test)
{
if (isset($submit_ary[$test]) && ($action == 'add' || $group_row['group_' . $test] != $submit_ary[$test]))
@ -555,6 +556,7 @@ class acp_groups
'GROUP_FOUNDER_MANAGE' => (isset($group_row['group_founder_manage']) && $group_row['group_founder_manage']) ? ' checked="checked"' : '',
'GROUP_LEGEND' => (isset($group_row['group_legend']) && $group_row['group_legend']) ? ' checked="checked"' : '',
'GROUP_MESSAGE_LIMIT' => (isset($group_row['group_message_limit'])) ? $group_row['group_message_limit'] : 0,
'GROUP_MAX_RECIPIENTS' => (isset($group_row['group_max_recipients'])) ? $group_row['group_max_recipients'] : 0,
'GROUP_COLOUR' => (isset($group_row['group_colour'])) ? $group_row['group_colour'] : '',

12
phpBB/includes/acp/acp_icons.php
View file

@ -73,6 +73,13 @@ class acp_icons
foreach ($imglist as $path => $img_ary)
{
if (empty($img_ary))
{
continue;
}
asort($img_ary, SORT_STRING);
foreach ($img_ary as $img)
{
$img_size = getimagesize($phpbb_root_path . $img_path . '/' . $path . $img);
@ -99,6 +106,11 @@ class acp_icons
}
}
closedir($dir);
if (!empty($_paks))
{
asort($_paks, SORT_STRING);
}
}
}

13
phpBB/includes/acp/acp_jabber.php
View file

@ -85,6 +85,19 @@ class acp_jabber
$jabber->disconnect();
}
else
{
// This feature is disabled.
// We update the user table to be sure all users that have IM as notify type are set to both as notify type
$sql_ary = array(
'user_notify_type' => NOTIFY_BOTH,
);
$sql = 'UPDATE ' . USERS_TABLE . '
SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
WHERE user_notify_type = ' . NOTIFY_IM;
$db->sql_query($sql);
}
set_config('jab_enable', $jab_enable);
set_config('jab_host', $jab_host);

28
phpBB/includes/acp/acp_language.php
View file

@ -181,7 +181,7 @@ class acp_language
case 'submit_file':
case 'download_file':
case 'upload_data':
if (!$submit || !check_form_key($form_name))
{
trigger_error($user->lang['FORM_INVALID']. adm_back_link($this->u_action), E_USER_WARNING);
@ -261,16 +261,16 @@ class acp_language
if (!$safe_mode)
{
$mkdir_ary = array('language', 'language/' . $row['lang_iso']);
if ($this->language_directory)
{
$mkdir_ary[] = 'language/' . $row['lang_iso'] . '/' . $this->language_directory;
}
foreach ($mkdir_ary as $dir)
{
$dir = $phpbb_root_path . 'store/' . $dir;
if (!is_dir($dir))
{
if (!@mkdir($dir, 0777))
@ -316,7 +316,7 @@ class acp_language
}
$entry = "\tarray(\n";
foreach ($value as $_key => $_value)
{
$entry .= "\t\t" . (int) $_key . "\t=> '" . $this->prepare_lang_entry($_value) . "',\n";
@ -433,7 +433,7 @@ class acp_language
{
trigger_error($user->lang['NO_LANG_ID'] . adm_back_link($this->u_action), E_USER_WARNING);
}
$this->page_title = 'LANGUAGE_PACK_DETAILS';
$sql = 'SELECT *
@ -442,7 +442,7 @@ class acp_language
$result = $db->sql_query($sql);
$lang_entries = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$lang_iso = $lang_entries['lang_iso'];
$missing_vars = $missing_files = array();
@ -488,7 +488,7 @@ class acp_language
trigger_error($user->lang['WRONG_LANGUAGE_FILE'] . adm_back_link($this->u_action . '&amp;action=details&amp;id=' . $lang_id), E_USER_WARNING);
}
}
if (isset($_POST['remove_store']))
{
$store_filename = $this->get_filename($lang_iso, $this->language_directory, $this->language_file, true, true);
@ -532,7 +532,7 @@ class acp_language
if (file_exists($phpbb_root_path . $this->get_filename($lang_iso, '', $file)))
{
$missing_vars[$file] = $this->compare_language_files($config['default_lang'], $lang_iso, '', $file);
if (sizeof($missing_vars[$file]))
{
$is_missing_var = true;
@ -550,7 +550,7 @@ class acp_language
if (file_exists($phpbb_root_path . $this->get_filename($lang_iso, 'acp', $file)))
{
$missing_vars['acp/' . $file] = $this->compare_language_files($config['default_lang'], $lang_iso, 'acp', $file);
if (sizeof($missing_vars['acp/' . $file]))
{
$is_missing_var = true;
@ -569,7 +569,7 @@ class acp_language
if (file_exists($phpbb_root_path . $this->get_filename($lang_iso, 'mods', $file)))
{
$missing_vars['mods/' . $file] = $this->compare_language_files($config['default_lang'], $lang_iso, 'mods', $file);
if (sizeof($missing_vars['mods/' . $file]))
{
$is_missing_var = true;
@ -581,7 +581,7 @@ class acp_language
}
}
}
// More missing files... for example email templates?
foreach ($email_files as $file)
{
@ -1046,7 +1046,7 @@ class acp_language
$compress->add_data('', 'language/' . $row['lang_iso'] . '/index.html');
$compress->add_data('', 'language/' . $row['lang_iso'] . '/email/index.html');
$compress->add_data('', 'language/' . $row['lang_iso'] . '/acp/index.html');
if (sizeof($mod_files))
{
$compress->add_data('', 'language/' . $row['lang_iso'] . '/mods/index.html');
@ -1208,7 +1208,7 @@ $lang = array_merge($lang, array(
function get_filename($lang_iso, $directory, $filename, $check_store = false, $only_return_filename = false)
{
global $phpbb_root_path, $safe_mode;
$check_filename = "language/$lang_iso/" . (($directory) ? $directory . '/' : '') . $filename;
if ($check_store)

57
phpBB/includes/acp/acp_main.php
View file

@ -166,9 +166,9 @@ class acp_main
FROM ' . ATTACHMENTS_TABLE . '
WHERE is_orphan = 0';
$result = $db->sql_query($sql);
set_config('upload_dir_size', (int) $db->sql_fetchfield('stat'), true);
set_config('upload_dir_size', (float) $db->sql_fetchfield('stat'), true);
$db->sql_freeresult($result);
if (!function_exists('update_last_username'))
{
include($phpbb_root_path . "includes/functions_user.$phpEx");
@ -184,22 +184,44 @@ class acp_main
trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING);
}
$sql = 'SELECT COUNT(p.post_id) AS num_posts, u.user_id
FROM ' . USERS_TABLE . ' u
LEFT JOIN ' . POSTS_TABLE . ' p ON (u.user_id = p.poster_id AND p.post_postcount = 1)
GROUP BY u.user_id';
$result = $db->sql_query($sql);
// Resync post counts
$start = 0;
$step = ($config['num_posts']) ? (max((int) ($config['num_posts'] / 5), 20000)) : 20000;
while ($row = $db->sql_fetchrow($result))
$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_posts = 0');
do
{
$db->sql_query('UPDATE ' . USERS_TABLE . " SET user_posts = {$row['num_posts']} WHERE user_id = {$row['user_id']}");
$sql = 'SELECT COUNT(post_id) AS num_posts, poster_id
FROM ' . POSTS_TABLE . '
WHERE post_id BETWEEN ' . ($start + 1) . ' AND ' . ($start + $step) . '
AND post_postcount = 1 AND post_approved = 1
GROUP BY poster_id';
$result = $db->sql_query($sql);
if ($row = $db->sql_fetchrow($result))
{
do
{
$sql = 'UPDATE ' . USERS_TABLE . " SET user_posts = user_posts + {$row['num_posts']} WHERE user_id = {$row['poster_id']}";
$db->sql_query($sql);
}
while ($row = $db->sql_fetchrow($result));
$start += $step;
}
else
{
$start = 0;
}
$db->sql_freeresult($result);
}
$db->sql_freeresult($result);
while ($start);
add_log('admin', 'LOG_RESYNC_POSTCOUNTS');
break;
case 'date':
if (!$auth->acl_get('a_board'))
{
@ -209,7 +231,7 @@ class acp_main
set_config('board_startdate', time() - 1);
add_log('admin', 'LOG_RESET_DATE');
break;
case 'db_track':
switch ($db->sql_layer)
{
@ -231,7 +253,7 @@ class acp_main
FROM ' . FORUMS_TABLE . '
WHERE forum_type <> ' . FORUM_CAT;
$result = $db->sql_query($sql);
$forum_ids = array();
while ($row = $db->sql_fetchrow($result))
{
@ -281,7 +303,7 @@ class acp_main
$db->sql_multi_insert(TOPICS_POSTED_TABLE, $sql_ary);
}
}
add_log('admin', 'LOG_RESYNC_POST_MARKING');
break;
@ -320,7 +342,7 @@ class acp_main
$files_per_day = sprintf('%.2f', $total_files / $boarddays);
$upload_dir_size = get_formatted_filesize($config['upload_dir_size']);
$avatar_dir_size = 0;
if ($avatar_dir = @opendir($phpbb_root_path . $config['avatar_path']))
@ -463,6 +485,11 @@ class acp_main
$template->assign_var('S_REMOVE_INSTALL', true);
}
if (file_exists($phpbb_root_path . 'config.' . $phpEx) && is_writable($phpbb_root_path . 'config.' . $phpEx))
{
$template->assign_var('S_WRITABLE_CONFIG', true);
}
$this->tpl_name = 'acp_main';
$this->page_title = 'ACP_MAIN';
}

6
phpBB/includes/acp/acp_permissions.php
View file

@ -369,8 +369,8 @@ class acp_permissions
$template->assign_vars(array(
'S_SELECT_GROUP' => true,
'S_GROUP_OPTIONS' => group_select_options(false, false, (($user->data['user_type'] == USER_FOUNDER) ? false : 0)))
);
'S_GROUP_OPTIONS' => group_select_options(false, false, false), // Show all groups
));
break;
@ -415,7 +415,7 @@ class acp_permissions
'S_SELECT_USERGROUP_VIEW' => ($victim == 'usergroup_view') ? true : false,
'S_DEFINED_USER_OPTIONS' => $items['user_ids_options'],
'S_DEFINED_GROUP_OPTIONS' => $items['group_ids_options'],
'S_ADD_GROUP_OPTIONS' => group_select_options(false, $items['group_ids'], (($user->data['user_type'] == USER_FOUNDER) ? false : 0)),
'S_ADD_GROUP_OPTIONS' => group_select_options(false, $items['group_ids'], false), // Show all groups
'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&amp;form=add_user&amp;field=username&amp;select_single=true'),
));

576
phpBB/includes/acp/acp_styles.php
View file

@ -93,6 +93,15 @@ version = {VERSION}
parse_css_file = {PARSE_CSS_FILE}
';
$this->template_cfg .= '
# Some configuration options
#
# You can use this function to inherit templates from another template.
# The template of the given name has to be installed.
# Templates cannot inherit from inheriting templates.
#';
$this->imageset_keys = array(
'logos' => array(
'site_logo',
@ -670,6 +679,11 @@ parse_css_file = {PARSE_CSS_FILE}
{
global $phpbb_root_path, $phpEx, $config, $db, $cache, $user, $template, $safe_mode;
if (defined('DISABLE_ACP_EDITOR'))
{
trigger_error($user->lang['EDITOR_DISABLED'] . adm_back_link($this->u_action));
}
$this->page_title = 'EDIT_TEMPLATE';
$filelist = $filelist_cats = array();
@ -682,7 +696,7 @@ parse_css_file = {PARSE_CSS_FILE}
// make sure template_file path doesn't go upwards
$template_file = str_replace('..', '.', $template_file);
// Retrieve some information about the template
$sql = 'SELECT template_storedb, template_path, template_name
FROM ' . STYLES_TEMPLATE_TABLE . "
@ -695,7 +709,7 @@ parse_css_file = {PARSE_CSS_FILE}
{
trigger_error($user->lang['NO_TEMPLATE'] . adm_back_link($this->u_action), E_USER_WARNING);
}
if ($save_changes && !check_form_key('acp_styles'))
{
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
@ -729,13 +743,14 @@ parse_css_file = {PARSE_CSS_FILE}
// If it's not stored in the db yet, then update the template setting and store all template files in the db
if (!$template_info['template_storedb'])
{
$sql = 'UPDATE ' . STYLES_TEMPLATE_TABLE . '
SET template_storedb = 1
WHERE template_id = ' . $template_id;
$db->sql_query($sql);
$filelist = filelist("{$phpbb_root_path}styles/{$template_info['template_path']}/template", '', 'html');
$this->store_templates('insert', $template_id, $template_info['template_path'], $filelist);
if ($this->get_super('template', $template_id))
{
$this->store_in_db('template', $super['template_id']);
}
else
{
$this->store_in_db('template', $template_id);
}
add_log('admin', 'LOG_TEMPLATE_EDIT_DETAILS', $template_info['template_name']);
$additional .= '<br />' . $user->lang['EDIT_TEMPLATE_STORED_DB'];
@ -923,7 +938,7 @@ parse_css_file = {PARSE_CSS_FILE}
trigger_error($user->lang['TEMPLATE_CACHE_CLEARED'] . adm_back_link($this->u_action . "&amp;action=cache&amp;id=$template_id"));
}
$cache_prefix = 'tpl_' . $template_row['template_path'];
$cache_prefix = 'tpl_' . str_replace('_', '-', $template_row['template_path']);
// Someone wants to see the cached source ... so we'll highlight it,
// add line numbers and indent it appropriately. This could be nasty
@ -975,17 +990,30 @@ parse_css_file = {PARSE_CSS_FILE}
$filemtime = array();
if ($template_row['template_storedb'])
{
$sql = 'SELECT template_filename, template_mtime
FROM ' . STYLES_TEMPLATE_DATA_TABLE . "
WHERE template_id = $template_id";
$result = $db->sql_query($sql);
$filemtime = array();
while ($row = $db->sql_fetchrow($result))
$ids = array();
if (isset($template_row['template_inherits_id']) && $template_row['template_inherits_id'])
{
$filemtime[$row['template_filename']] = $row['template_mtime'];
$ids[] = $template_row['template_inherits_id'];
}
$ids[] = $template_row['template_id'];
$filemtime = array();
$file_template_db = array();
foreach ($ids as $id)
{
$sql = 'SELECT template_filename, template_mtime
FROM ' . STYLES_TEMPLATE_DATA_TABLE . "
WHERE template_id = $id";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
$filemtime[$row['template_filename']] = $row['template_mtime'];
$file_template_db[$row['template_filename']] = $id;
}
$db->sql_freeresult($result);
}
$db->sql_freeresult($result);
}
// Get a list of cached template files and then retrieve additional information about them
@ -994,12 +1022,12 @@ parse_css_file = {PARSE_CSS_FILE}
foreach ($file_ary as $file)
{
$file = str_replace('/', '.', $file);
// perform some dirty guessing to get the path right.
// We assume that three dots in a row were '../'
$tpl_file = str_replace('.', '/', $file);
$tpl_file = str_replace('///', '../', $tpl_file);
$filename = "{$cache_prefix}_$file.html.$phpEx";
if (!file_exists("{$phpbb_root_path}cache/$filename"))
@ -1007,13 +1035,38 @@ parse_css_file = {PARSE_CSS_FILE}
continue;
}
$file_tpl = "{$phpbb_root_path}styles/{$template_row['template_path']}/template/$tpl_file.html";
$inherited = false;
if (isset($template_row['template_inherits_id']) && $template_row['template_inherits_id'])
{
if (!$template_row['template_storedb'])
{
if (!file_exists($file_tpl))
{
$file_tpl = "{$phpbb_root_path}styles/{$template_row['template_inherit_path']}/template/$tpl_file.html";
$inherited = true;
}
}
else
{
if ($file_template_db[$file . '.html'] == $template_row['template_inherits_id'])
{
$file_tpl = "{$phpbb_root_path}styles/{$template_row['template_inherit_path']}/template/$tpl_file.html";
$inherited = true;
}
}
}
$template->assign_block_vars('file', array(
'U_VIEWSOURCE' => $this->u_action . "&amp;action=cache&amp;id=$template_id&amp;source=$file",
'CACHED' => $user->format_date(filemtime("{$phpbb_root_path}cache/$filename")),
'FILENAME' => $file,
'FILENAME_PATH' => $file_tpl,
'FILESIZE' => sprintf('%.1f ' . $user->lang['KIB'], filesize("{$phpbb_root_path}cache/$filename") / 1024),
'MODIFIED' => $user->format_date((!$template_row['template_storedb']) ? filemtime("{$phpbb_root_path}styles/{$template_row['template_path']}/template/$tpl_file.html") : $filemtime[$file . '.html']))
'MODIFIED' => $user->format_date((!$template_row['template_storedb']) ? filemtime($file_tpl) : $filemtime[$file . '.html']))
);
}
unset($filemtime);
@ -1048,7 +1101,7 @@ parse_css_file = {PARSE_CSS_FILE}
// make sure theme_file path doesn't go upwards
$theme_file = str_replace('..', '.', $theme_file);
// Retrieve some information about the theme
$sql = 'SELECT theme_storedb, theme_path, theme_name, theme_data
FROM ' . STYLES_THEME_TABLE . "
@ -1229,7 +1282,7 @@ parse_css_file = {PARSE_CSS_FILE}
$imgsize = request_var('imgsize', false);
$imgwidth = request_var('imgwidth', 0);
$imgheight = request_var('imgheight', 0);
$imgname = preg_replace('#[^a-z0-9\-+_]#i', '', $imgname);
$imgpath = str_replace('..', '.', $imgpath);
@ -1517,6 +1570,18 @@ parse_css_file = {PARSE_CSS_FILE}
break;
}
if ($mode === 'template' && ($conflicts = $this->check_inheritance($mode, $style_id)))
{
$l_type = strtoupper($mode);
$msg = $user->lang[$l_type . '_DELETE_DEPENDENT'];
foreach ($conflicts as $id => $values)
{
$msg .= '<br />' . $values['template_name'];
}
trigger_error($msg . adm_back_link($this->u_action), E_USER_WARNING);
}
$l_prefix = strtoupper($mode);
$sql = "SELECT $sql_select
@ -1717,7 +1782,7 @@ parse_css_file = {PARSE_CSS_FILE}
trigger_error($user->lang['NO_' . $l_prefix] . adm_back_link($this->u_action), E_USER_WARNING);
}
$var_ary = array('style_id', 'style_name', 'style_copyright', 'template_id', 'template_name', 'template_path', 'template_copyright', 'template_storedb', 'bbcode_bitfield', 'theme_id', 'theme_name', 'theme_path', 'theme_copyright', 'theme_storedb', 'theme_mtime', 'theme_data', 'imageset_id', 'imageset_name', 'imageset_path', 'imageset_copyright');
$var_ary = array('style_id', 'style_name', 'style_copyright', 'template_id', 'template_name', 'template_path', 'template_copyright', 'template_storedb', 'template_inherits_id', 'bbcode_bitfield', 'theme_id', 'theme_name', 'theme_path', 'theme_copyright', 'theme_storedb', 'theme_mtime', 'theme_data', 'imageset_id', 'imageset_name', 'imageset_path', 'imageset_copyright');
foreach ($var_ary as $var)
{
@ -1749,7 +1814,23 @@ parse_css_file = {PARSE_CSS_FILE}
if ($mode == 'template' || $inc_template)
{
$template_cfg = str_replace(array('{MODE}', '{NAME}', '{COPYRIGHT}', '{VERSION}'), array($mode, $style_row['template_name'], $style_row['template_copyright'], $config['version']), $this->template_cfg);
$template_cfg .= "\nbbcode_bitfield = {$style_row['bbcode_bitfield']}";
$use_template_name = '';
// Add the inherit from variable, depending on it's use...
if ($style_row['template_inherits_id'])
{
// Get the template name
$sql = 'SELECT template_name
FROM ' . STYLES_TEMPLATE_TABLE . '
WHERE template_id = ' . (int) $style_row['template_inherits_id'];
$result = $db->sql_query($sql);
$use_template_name = (string) $db->sql_fetchfield('template_name');
$db->sql_freeresult($result);
}
$template_cfg .= ($use_template_name) ? "\ninherit_from = $use_template_name" : "\n#inherit_from = ";
$template_cfg .= "\n\nbbcode_bitfield = {$style_row['bbcode_bitfield']}";
$data[] = array(
'src' => $template_cfg,
@ -2095,6 +2176,14 @@ parse_css_file = {PARSE_CSS_FILE}
$style_default = request_var('style_default', 0);
$store_db = request_var('store_db', 0);
$sql = "SELECT {$mode}_id
FROM $sql_from
WHERE {$mode}_id <> $style_id
AND {$mode}_name = '" . $db->sql_escape(strtolower($name)) . "'";
$result = $db->sql_query($sql);
$conflict = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($mode == 'style' && (!$template_id || !$theme_id || !$imageset_id))
{
$error[] = $user->lang['STYLE_ERR_NO_IDS'];
@ -2105,7 +2194,7 @@ parse_css_file = {PARSE_CSS_FILE}
$error[] = $user->lang['DEACTIVATE_DEFAULT'];
}
if (!$name)
if (!$name || $conflict)
{
$error[] = $user->lang[$l_type . '_ERR_STYLE_NAME'];
}
@ -2132,7 +2221,7 @@ parse_css_file = {PARSE_CSS_FILE}
}
}
}
if (!sizeof($error))
{
// Check length settings
@ -2218,51 +2307,38 @@ parse_css_file = {PARSE_CSS_FILE}
if ($style_row['template_storedb'] != $store_db)
{
if (!$store_db && !$safe_mode && @is_writable("{$phpbb_root_path}styles/{$style_row['template_path']}/template"))
if ($super = $this->get_super($mode, $style_row['template_id']))
{
$sql = 'SELECT *
FROM ' . STYLES_TEMPLATE_DATA_TABLE . "
WHERE template_id = $style_id";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
$error[] = (sprintf($user->lang["{$l_type}_INHERITS"], $super['template_name']));
$sql_ary = array();
}
else
{
if (!$store_db && !$safe_mode && @is_writable("{$phpbb_root_path}styles/{$style_row['template_path']}/template"))
{
if (!($fp = @fopen("{$phpbb_root_path}styles/{$style_row['template_path']}/template/" . $row['template_filename'], 'wb')))
$err = $this->store_in_fs('template', $style_row['template_id']);
if ($err)
{
$store_db = 1;
$error[] = $user->lang['EDIT_TEMPLATE_STORED_DB'];
break;
$error += $err;
}
fwrite($fp, $row['template_data']);
fclose($fp);
}
$db->sql_freeresult($result);
if (!$store_db)
else if ($store_db)
{
$this->store_in_db('template', $style_row['template_id']);
}
else
{
// We no longer store within the db, but are also not able to update the file structure
// Since the admin want to switch this, we adhere to his decision. But we also need to remove the cache
$sql = 'DELETE FROM ' . STYLES_TEMPLATE_DATA_TABLE . "
WHERE template_id = $style_id";
$db->sql_query($sql);
}
}
else if ($store_db)
{
$filelist = filelist("{$phpbb_root_path}styles/{$style_row['template_path']}/template", '', 'html');
$this->store_templates('insert', $style_id, $style_row['template_path'], $filelist);
}
else
{
// We no longer store within the db, but are also not able to update the file structure
// Since the admin want to switch this, we adhere to his decision. But we also need to remove the cache
$sql = 'DELETE FROM ' . STYLES_TEMPLATE_DATA_TABLE . "
WHERE template_id = $style_id";
$db->sql_query($sql);
}
$sql_ary += array(
'template_storedb' => $store_db,
);
$sql_ary += array(
'template_storedb' => $store_db,
);
}
}
break;
}
@ -2313,6 +2389,16 @@ parse_css_file = {PARSE_CSS_FILE}
}
}
if ($mode == 'template')
{
$super = array();
if (isset($style_row[$mode . '_inherits_id']) && $style_row['template_inherits_id'])
{
$super = $this->get_super($mode, $style_row['template_id']);
}
}
$this->page_title = 'EDIT_DETAILS_' . $l_type;
$template->assign_vars(array(
@ -2323,8 +2409,10 @@ parse_css_file = {PARSE_CSS_FILE}
'S_THEME' => ($mode == 'theme') ? true : false,
'S_IMAGESET' => ($mode == 'imageset') ? true : false,
'S_STORE_DB' => (isset($style_row[$mode . '_storedb'])) ? $style_row[$mode . '_storedb'] : 0,
'S_STORE_DB_DISABLED' => (isset($style_row[$mode . '_inherits_id'])) ? $style_row[$mode . '_inherits_id'] : 0,
'S_STYLE_ACTIVE' => (isset($style_row['style_active'])) ? $style_row['style_active'] : 0,
'S_STYLE_DEFAULT' => (isset($style_row['style_default'])) ? $style_row['style_default'] : 0,
'S_SUPERTEMPLATE' => (isset($style_row[$mode . '_inherits_id']) && $style_row[$mode . '_inherits_id']) ? $super['template_name'] : 0,
'S_TEMPLATE_OPTIONS' => ($mode == 'style') ? $template_options : '',
'S_THEME_OPTIONS' => ($mode == 'style') ? $theme_options : '',
@ -2363,6 +2451,10 @@ parse_css_file = {PARSE_CSS_FILE}
{
$content = '';
}
if (defined('DEBUG'))
{
$content = "/* BEGIN @include $filename */ \n $content \n /* END @include $filename */ \n";
}
return $content;
}
@ -2487,7 +2579,7 @@ parse_css_file = {PARSE_CSS_FILE}
{
global $phpbb_root_path, $phpEx, $user;
$cache_prefix = 'tpl_' . $template_path;
$cache_prefix = 'tpl_' . str_replace('_', '-', $template_path);
if (!($dp = @opendir("{$phpbb_root_path}cache")))
{
@ -2523,7 +2615,7 @@ parse_css_file = {PARSE_CSS_FILE}
{
global $phpbb_root_path, $phpEx, $user;
$cache_prefix = 'tpl_' . $template_row['template_path'];
$cache_prefix = 'tpl_' . str_replace('_', '-', $template_row['template_path']);
if (!$file_ary || !is_array($file_ary))
{
@ -2624,6 +2716,23 @@ parse_css_file = {PARSE_CSS_FILE}
{
$style_row[$element . '_name'] = $reqd_template;
}
// Merge other information to installcfg... if present
$cfg_file = $phpbb_root_path . 'styles/' . $install_path . '/' . $element . '/' . $element . '.cfg';
if (file_exists($cfg_file))
{
$cfg_contents = parse_cfg_file($cfg_file);
// Merge only specific things. We may need them later.
foreach (array('inherit_from', 'parse_css_file') as $key)
{
if (!empty($cfg_contents[$key]) && !isset($installcfg[$key]))
{
$installcfg[$key] = $cfg_contents[$key];
}
}
}
}
break;
@ -2682,8 +2791,10 @@ parse_css_file = {PARSE_CSS_FILE}
'S_DETAILS' => true,
'S_INSTALL' => true,
'S_ERROR_MSG' => (sizeof($error)) ? true : false,
'S_LOCATION' => (isset($installcfg['inherit_from']) && $installcfg['inherit_from']) ? false : true,
'S_STYLE' => ($mode == 'style') ? true : false,
'S_TEMPLATE' => ($mode == 'template') ? true : false,
'S_SUPERTEMPLATE' => (isset($installcfg['inherit_from'])) ? $installcfg['inherit_from'] : '',
'S_THEME' => ($mode == 'theme') ? true : false,
'S_STORE_DB' => (isset($style_row[$mode . '_storedb'])) ? $style_row[$mode . '_storedb'] : 0,
@ -3034,6 +3145,9 @@ parse_css_file = {PARSE_CSS_FILE}
{
global $phpbb_root_path, $db, $user;
// we parse the cfg here (again)
$cfg_data = parse_cfg_file("$root_path$mode/$mode.cfg");
switch ($mode)
{
case 'template':
@ -3075,6 +3189,7 @@ parse_css_file = {PARSE_CSS_FILE}
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($row)
{
// If it exist, we just use the style on installation
@ -3087,6 +3202,34 @@ parse_css_file = {PARSE_CSS_FILE}
$error[] = $user->lang[$l_type . '_ERR_NAME_EXIST'];
}
if (isset($cfg_data['inherit_from']) && $cfg_data['inherit_from'])
{
$sql = "SELECT {$mode}_id, {$mode}_name, {$mode}_path, {$mode}_storedb
FROM $sql_from
WHERE {$mode}_name = '" . $db->sql_escape(strtolower($cfg_data['inherit_from'])) . "'
AND {$mode}_inherits_id = 0";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$row)
{
$error[] = sprintf($user->lang[$l_type . '_ERR_REQUIRED_OR_INCOMPLETE'], $cfg_data['inherit_from']);
}
else
{
$inherit_id = $row["{$mode}_id"];
$inherit_path = $row["{$mode}_path"];
$cfg_data['store_db'] = $row["{$mode}_storedb"];
$store_db = $row["{$mode}_storedb"];
}
}
else
{
$inherit_id = 0;
$inherit_path = '';
}
if (sizeof($error))
{
return false;
@ -3102,8 +3245,6 @@ parse_css_file = {PARSE_CSS_FILE}
{
case 'template':
// We check if the template author defined a different bitfield
$cfg_data = parse_cfg_file("$root_path$mode/template.cfg");
if (!empty($cfg_data['template_bitfield']))
{
$sql_ary['bbcode_bitfield'] = $cfg_data['template_bitfield'];
@ -3115,15 +3256,21 @@ parse_css_file = {PARSE_CSS_FILE}
// We set a pre-defined bitfield here which we may use further in 3.2
$sql_ary += array(
'template_storedb' => $store_db
'template_storedb' => $store_db,
);
if (isset($cfg_data['inherit_from']) && $cfg_data['inherit_from'])
{
$sql_ary += array(
'template_inherits_id' => $inherit_id,
'template_inherit_path' => $inherit_path,
);
}
break;
case 'theme':
// We are only interested in the theme configuration for now
$theme_cfg = parse_cfg_file("{$phpbb_root_path}styles/$path/theme/theme.cfg");
if (isset($theme_cfg['parse_css_file']) && $theme_cfg['parse_css_file'])
if (isset($cfg_data['parse_css_file']) && $cfg_data['parse_css_file'])
{
$store_db = 1;
}
@ -3263,6 +3410,297 @@ parse_css_file = {PARSE_CSS_FILE}
return $store_db;
}
/**
* Checks downwards dependencies
*
* @access public
* @param string $mode The element type to check - only template is supported
* @param int $id The template id
* @returns false if no component inherits, array with name, path and id for each subtemplate otherwise
*/
function check_inheritance($mode, $id)
{
global $db;
$l_type = strtoupper($mode);
switch ($mode)
{
case 'template':
$sql_from = STYLES_TEMPLATE_TABLE;
break;
case 'theme':
$sql_from = STYLES_THEME_TABLE;
break;
case 'imageset':
$sql_from = STYLES_IMAGESET_TABLE;
break;
}
$sql = "SELECT {$mode}_id, {$mode}_name, {$mode}_path
FROM $sql_from
WHERE {$mode}_inherits_id = " . (int) $id;
$result = $db->sql_query($sql);
$names = array();
while ($row = $db->sql_fetchrow($result))
{
$names[$row["{$mode}_id"]] = array(
"{$mode}_id" => $row["{$mode}_id"],
"{$mode}_name" => $row["{$mode}_name"],
"{$mode}_path" => $row["{$mode}_path"],
);
}
$db->sql_freeresult($result);
if (sizeof($names))
{
return $names;
}
else
{
return false;
}
}
/**
* Checks upwards dependencies
*
* @access public
* @param string $mode The element type to check - only template is supported
* @param int $id The template id
* @returns false if the component does not inherit, array with name, path and id otherwise
*/
function get_super($mode, $id)
{
global $db;
$l_type = strtoupper($mode);
switch ($mode)
{
case 'template':
$sql_from = STYLES_TEMPLATE_TABLE;
break;
case 'theme':
$sql_from = STYLES_THEME_TABLE;
break;
case 'imageset':
$sql_from = STYLES_IMAGESET_TABLE;
break;
}
$sql = "SELECT {$mode}_inherits_id
FROM $sql_from
WHERE {$mode}_id = " . (int) $id;
$result = $db->sql_query_limit($sql, 1);
if ($row = $db->sql_fetchrow($result))
{
$db->sql_freeresult($result);
}
else
{
return false;
}
$super_id = $row["{$mode}_inherits_id"];
$sql = "SELECT {$mode}_id, {$mode}_name, {$mode}_path
FROM $sql_from
WHERE {$mode}_id = " . (int) $super_id;
$result = $db->sql_query_limit($sql, 1);
if ($row = $db->sql_fetchrow($result))
{
$db->sql_freeresult($result);
return $row;
}
return false;
}
/**
* Moves a template set and its subtemplates to the database
*
* @access public
* @param string $mode The component to move - only template is supported
* @param int $id The template id
*/
function store_in_db($mode, $id)
{
global $db, $user;
$error = array();
$l_type = strtoupper($mode);
if ($super = $this->get_super($mode, $id))
{
$error[] = (sprintf($user->lang["{$l_type}_INHERITS"], $super['template_name']));
return $error;
}
$sql = "SELECT {$mode}_id, {$mode}_name, {$mode}_path
FROM " . STYLES_TEMPLATE_TABLE . '
WHERE template_id = ' . (int) $id;
$result = $db->sql_query_limit($sql, 1);
if ($row = $db->sql_fetchrow($result))
{
$db->sql_freeresult($result);
$subs = $this->check_inheritance($mode, $id);
$this->_store_in_db($mode, $id, $row["{$mode}_path"]);
if ($subs && sizeof($subs))
{
foreach ($subs as $sub_id => $sub)
{
if ($err = $this->_store_in_db($mode, $sub["{$mode}_id"], $sub["{$mode}_path"]))
{
$error[] = $err;
}
}
}
}
if (sizeof($error))
{
return $error;
}
return false;
}
/**
* Moves a template set to the database
*
* @access private
* @param string $mode The component to move - only template is supported
* @param int $id The template id
* @param string $path TThe path to the template files
*/
function _store_in_db($mode, $id, $path)
{
global $phpbb_root_path, $db;
$filelist = filelist("{$phpbb_root_path}styles/{$path}/template", '', 'html');
$this->store_templates('insert', $id, $path, $filelist);
// Okay, we do the query here -shouldn't be triggered often.
$sql = 'UPDATE ' . STYLES_TEMPLATE_TABLE . '
SET template_storedb = 1
WHERE template_id = ' . $id;
$db->sql_query($sql);
}
/**
* Moves a template set and its subtemplates to the filesystem
*
* @access public
* @param string $mode The component to move - only template is supported
* @param int $id The template id
*/
function store_in_fs($mode, $id)
{
global $db, $user;
$error = array();
$l_type = strtoupper($mode);
if ($super = $this->get_super($mode, $id))
{
$error[] = (sprintf($user->lang["{$l_type}_INHERITS"], $super['template_name']));
return($error);
}
$sql = "SELECT {$mode}_id, {$mode}_name, {$mode}_path
FROM " . STYLES_TEMPLATE_TABLE . '
WHERE template_id = ' . (int) $id;
$result = $db->sql_query_limit($sql, 1);
if ($row = $db->sql_fetchrow($result))
{
$db->sql_freeresult($result);
if (!sizeof($error))
{
$subs = $this->check_inheritance($mode, $id);
$this->_store_in_fs($mode, $id, $row["{$mode}_path"]);
if ($subs && sizeof($subs))
{
foreach ($subs as $sub_id => $sub)
{
$this->_store_in_fs($mode, $sub["{$mode}_id"], $sub["{$mode}_path"]);
}
}
}
if (sizeof($error))
{
$this->store_in_db($id, $mode);
return $error;
}
}
return false;
}
/**
* Moves a template set to the filesystem
*
* @access private
* @param string $mode The component to move - only template is supported
* @param int $id The template id
* @param string $path The path to the template
*/
function _store_in_fs($mode, $id, $path)
{
global $phpbb_root_path, $db, $user, $safe_mode;
$store_db = 0;
$error = array();
if (!$safe_mode && @is_writable("{$phpbb_root_path}styles/{$path}/template"))
{
$sql = 'SELECT *
FROM ' . STYLES_TEMPLATE_DATA_TABLE . "
WHERE template_id = $id";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
if (!($fp = @fopen("{$phpbb_root_path}styles/{$path}/template/" . $row['template_filename'], 'wb')))
{
$store_db = 1;
$error[] = $user->lang['EDIT_TEMPLATE_STORED_DB'];
break;
}
fwrite($fp, $row['template_data']);
fclose($fp);
}
$db->sql_freeresult($result);
if (!$store_db)
{
$sql = 'DELETE FROM ' . STYLES_TEMPLATE_DATA_TABLE . "
WHERE template_id = $id";
$db->sql_query($sql);
}
}
if (sizeof($error))
{
return $error;
}
$sql = 'UPDATE ' . STYLES_TEMPLATE_TABLE . '
SET template_storedb = 0
WHERE template_id = ' . $id;
$db->sql_query($sql);
return false;
}
}
?>

16
phpBB/includes/acp/acp_users.php
View file

@ -634,7 +634,7 @@ class acp_users
if (sizeof($topic_id_ary))
{
sync('reported', 'topic_id', $topic_id_ary);
sync('topic_reported', 'topic_id', $topic_id_ary);
sync('topic', 'topic_id', $topic_id_ary);
}
@ -891,9 +891,19 @@ class acp_users
}
}
// Posts in Queue
$sql = 'SELECT COUNT(post_id) as posts_in_queue
FROM ' . POSTS_TABLE . '
WHERE poster_id = ' . $user_id . '
AND post_approved = 0';
$result = $db->sql_query($sql);
$user_row['posts_in_queue'] = (int) $db->sql_fetchfield('posts_in_queue');
$db->sql_freeresult($result);
$template->assign_vars(array(
'L_NAME_CHARS_EXPLAIN' => sprintf($user->lang[$config['allow_name_chars'] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']),
'L_CHANGE_PASSWORD_EXPLAIN' => sprintf($user->lang[$config['pass_complex'] . '_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']),
'L_POSTS_IN_QUEUE' => $user->lang('NUM_POSTS_IN_QUEUE', $user_row['posts_in_queue']),
'S_FOUNDER' => ($user->data['user_type'] == USER_FOUNDER) ? true : false,
'S_OVERVIEW' => true,
@ -905,9 +915,11 @@ class acp_users
'U_SHOW_IP' => $this->u_action . "&amp;u=$user_id&amp;ip=" . (($ip == 'ip') ? 'hostname' : 'ip'),
'U_WHOIS' => $this->u_action . "&amp;action=whois&amp;user_ip={$user_row['user_ip']}",
'U_MCP_QUEUE' => ($auth->acl_getf_global('m_approve')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue', true, $user->session_id) : '',
'U_SWITCH_PERMISSIONS' => ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_row['user_id']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", "mode=switch_perm&amp;u={$user_row['user_id']}") : '',
'POSTS_IN_QUEUE' => $user_row['posts_in_queue'],
'USER' => $user_row['username'],
'USER_REGISTERED' => $user->format_date($user_row['user_regdate']),
'REGISTERED_IP' => ($ip == 'hostname') ? gethostbyaddr($user_row['user_ip']) : $user_row['user_ip'],
@ -1081,7 +1093,7 @@ class acp_users
'website' => array(
array('string', true, 12, 255),
array('match', true, '#^http[s]?://(.*?\.)*?[a-z0-9\-]+\.[a-z]{2,4}#i')),
'location' => array('string', true, 2, 255),
'location' => array('string', true, 2, 100),
'occupation' => array('string', true, 2, 500),
'interests' => array('string', true, 2, 500),
'bday_day' => array('num', true, 1, 31),

2
phpBB/includes/acp/info/acp_email.php
View file

@ -20,7 +20,7 @@ class acp_email_info
'title' => 'ACP_MASS_EMAIL',
'version' => '1.0.0',
'modes' => array(
'email' => array('title' => 'ACP_MASS_EMAIL', 'auth' => 'acl_a_email', 'cat' => array('ACP_GENERAL_TASKS')),
'email' => array('title' => 'ACP_MASS_EMAIL', 'auth' => 'acl_a_email && cfg_email_enable', 'cat' => array('ACP_GENERAL_TASKS')),
),
);
}

55
phpBB/includes/auth.php
View file

@ -71,7 +71,46 @@ class auth
$this->acl_cache($userdata);
}
$user_permissions = explode("\n", $userdata['user_permissions']);
// Fill ACL array
$this->_fill_acl($userdata['user_permissions']);
// Verify bitstring length with options provided...
$renew = false;
$global_length = sizeof($this->acl_options['global']);
$local_length = sizeof($this->acl_options['local']);
// Specify comparing length (bitstring is padded to 31 bits)
$global_length = ($global_length % 31) ? ($global_length - ($global_length % 31) + 31) : $global_length;
$local_length = ($local_length % 31) ? ($local_length - ($local_length % 31) + 31) : $local_length;
// You thought we are finished now? Noooo... now compare them.
foreach ($this->acl as $forum_id => $bitstring)
{
if (($forum_id && strlen($bitstring) != $local_length) || (!$forum_id && strlen($bitstring) != $global_length))
{
$renew = true;
break;
}
}
// If a bitstring within the list does not match the options, we have a user with incorrect permissions set and need to renew them
if ($renew)
{
$this->acl_cache($userdata);
$this->_fill_acl($userdata['user_permissions']);
}
return;
}
/**
* Fill ACL array with relevant bitstrings from user_permissions column
* @access private
*/
function _fill_acl($user_permissions)
{
$this->acl = array();
$user_permissions = explode("\n", $user_permissions);
foreach ($user_permissions as $f => $seq)
{
@ -92,8 +131,6 @@ class auth
}
}
}
return;
}
/**
@ -169,7 +206,7 @@ class auth
$sql = 'SELECT forum_id
FROM ' . FORUMS_TABLE;
if (sizeof($this->acl))
{
$sql .= ' WHERE ' . $db->sql_in_set('forum_id', array_keys($this->acl), true);
@ -184,7 +221,7 @@ class auth
$db->sql_freeresult($result);
}
}
if (isset($this->acl_options['local'][$opt]))
{
foreach ($this->acl as $f => $bitstring)
@ -418,7 +455,7 @@ class auth
// The line number indicates the id, therefore we have to add empty lines for those ids not present
$hold_str .= str_repeat("\n", $f - $last_f);
// Convert bitstring for storage - we do not use binary/bytes because PHP's string functions are not fully binary safe
for ($i = 0, $bit_length = strlen($bitstring); $i < $bit_length; $i += 31)
{
@ -549,7 +586,7 @@ class auth
// Now the role settings - user-specific
$sql_ary[] = 'SELECT a.user_id, a.forum_id, r.auth_option_id, r.auth_setting, r.auth_option_id' . $sql_opts_select . '
FROM ' . ACL_USERS_TABLE . ' a, ' . ACL_ROLES_DATA_TABLE . ' r' . $sql_opts_from . '
WHERE a.auth_role_id = r.role_id ' .
WHERE a.auth_role_id = r.role_id ' .
(($sql_opts_from) ? 'AND r.auth_option_id = ao.auth_option_id ' : '') .
(($sql_user) ? 'AND a.' . $sql_user : '') . "
$sql_forum
@ -607,7 +644,7 @@ class auth
if ($row['auth_setting'] == ACL_NEVER)
{
$flag = substr($option, 0, strpos($option, '_') + 1);
if (isset($hold_ary[$row['user_id']][$row['forum_id']][$flag]) && $hold_ary[$row['user_id']][$row['forum_id']][$flag] == ACL_YES)
{
unset($hold_ary[$row['user_id']][$row['forum_id']][$flag]);
@ -827,7 +864,7 @@ class auth
{
$flag = substr($this->acl_options['option'][$option_id], 0, strpos($this->acl_options['option'][$option_id], '_') + 1);
$flag = (int) $this->acl_options['id'][$flag];
if (isset($hold_ary[$flag]) && $hold_ary[$flag] == ACL_YES)
{
unset($hold_ary[$flag]);

15
phpBB/includes/bbcode.php
View file

@ -134,10 +134,21 @@ class bbcode
{
$this->template_bitfield = new bitfield($user->theme['bbcode_bitfield']);
$this->template_filename = $phpbb_root_path . 'styles/' . $user->theme['template_path'] . '/template/bbcode.html';
if (!@file_exists($this->template_filename))
{
trigger_error('The file ' . $this->template_filename . ' is missing.', E_USER_ERROR);
if (isset($user->theme['template_inherits_id']) && $user->theme['template_inherits_id'])
{
$this->template_filename = $phpbb_root_path . 'styles/' . $user->theme['template_inherit_path'] . '/template/bbcode.html';
if (!@file_exists($this->template_filename))
{
trigger_error('The file ' . $this->template_filename . ' is missing.', E_USER_ERROR);
}
}
else
{
trigger_error('The file ' . $this->template_filename . ' is missing.', E_USER_ERROR);
}
}
}

10
phpBB/includes/cache.php
View file

@ -63,7 +63,7 @@ class cache extends acm
$this->put('config', $cached_config);
}
return $config;
}
@ -103,7 +103,7 @@ class cache extends acm
if (($icons = $this->get('_icons')) === false)
{
global $db;
// Topic icons
$sql = 'SELECT *
FROM ' . ICONS_TABLE . '
@ -134,7 +134,7 @@ class cache extends acm
if (($ranks = $this->get('_ranks')) === false)
{
global $db;
$sql = 'SELECT *
FROM ' . RANKS_TABLE . '
ORDER BY rank_min DESC';
@ -284,7 +284,7 @@ class cache extends acm
if (($bots = $this->get('_bots')) === false)
{
global $db;
switch ($db->sql_layer)
{
case 'mssql':
@ -321,7 +321,7 @@ class cache extends acm
$this->put('_bots', $bots);
}
return $bots;
}

8
phpBB/includes/constants.php
View file

@ -24,6 +24,9 @@ if (!defined('IN_PHPBB'))
* PHPBB_ADMIN_PATH
*/
// phpBB Version
define('PHPBB_VERSION', '3.0.3-RC1');
// QA-related
// define('PHPBB_QA', 1);
@ -176,6 +179,11 @@ define('REFERER_VALIDATE_NONE', 0);
define('REFERER_VALIDATE_HOST', 1);
define('REFERER_VALIDATE_PATH', 2);
// phpbb_chmod() permissions
@define('CHMOD_ALL', 7);
@define('CHMOD_READ', 4);
@define('CHMOD_WRITE', 2);
@define('CHMOD_EXECUTE', 1);
// Additional constants
define('VOTE_CONVERTED', 127);

6
phpBB/includes/db/db_tools.php
View file

@ -265,7 +265,7 @@ class phpbb_db_tools
break;
case 'mysql4':
if (version_compare($this->db->mysql_version, '4.1.3', '>='))
if (version_compare($this->db->sql_server_info(true), '4.1.3', '>='))
{
$this->sql_layer = 'mysql_41';
}
@ -593,7 +593,7 @@ class phpbb_db_tools
/**
* Private method for performing sql statements (either execute them or return them)
* @private
* @access private
*/
function _sql_run_sql($statements)
{
@ -624,7 +624,7 @@ class phpbb_db_tools
/**
* Function to prepare some column information for better usage
* @private
* @access private
*/
function sql_prepare_column_data($table_name, $column_name, $column_data)
{

76
phpBB/includes/db/dbal.php
View file

@ -34,7 +34,7 @@ class dbal
var $query_hold = '';
var $html_hold = '';
var $sql_report = '';
var $persistency = false;
var $user = '';
var $server = '';
@ -47,7 +47,7 @@ class dbal
var $sql_error_sql = '';
// Holding the error information - only populated if sql_error_triggered is set
var $sql_error_returned = array();
// Holding transaction count
var $transactions = 0;
@ -65,6 +65,11 @@ class dbal
var $any_char;
var $one_char;
/**
* Exact version of the DBAL, directly queried
*/
var $sql_server_version = false;
/**
* Constructor
*/
@ -137,8 +142,14 @@ class dbal
{
$this->sql_freeresult($query_id);
}
return $this->_sql_close();
// Connection closed correctly. Set db_connect_id to false to prevent errors
if ($result = $this->_sql_close())
{
$this->db_connect_id = false;
}
return $result;
}
/**
@ -179,7 +190,7 @@ class dbal
return $result;
}
return false;
}
@ -300,7 +311,7 @@ class dbal
* Build sql statement from array for insert/update/select statements
*
* Idea for this from Ikonboard
* Possible query values: INSERT, INSERT_SELECT, MULTI_INSERT, UPDATE, SELECT
* Possible query values: INSERT, INSERT_SELECT, UPDATE, SELECT
*
*/
function sql_build_array($query, $assoc_ary = false)
@ -333,24 +344,7 @@ class dbal
}
else if ($query == 'MULTI_INSERT')
{
$ary = array();
foreach ($assoc_ary as $id => $sql_ary)
{
// If by accident the sql array is only one-dimensional we build a normal insert statement
if (!is_array($sql_ary))
{
return $this->sql_build_array('INSERT', $assoc_ary);
}
$values = array();
foreach ($sql_ary as $key => $var)
{
$values[] = $this->_sql_validate_value($var);
}
$ary[] = '(' . implode(', ', $values) . ')';
}
$query = ' (' . implode(', ', array_keys($assoc_ary[0])) . ') VALUES ' . implode(', ', $ary);
trigger_error('The MULTI_INSERT query value is no longer supported. Please use sql_multi_insert() instead.', E_USER_ERROR);
}
else if ($query == 'UPDATE' || $query == 'SELECT')
{
@ -435,7 +429,25 @@ class dbal
if ($this->multi_insert)
{
$this->sql_query('INSERT INTO ' . $table . ' ' . $this->sql_build_array('MULTI_INSERT', $sql_ary));
$ary = array();
foreach ($sql_ary as $id => $_sql_ary)
{
// If by accident the sql array is only one-dimensional we build a normal insert statement
if (!is_array($_sql_ary))
{
$this->sql_query('INSERT INTO ' . $table . ' ' . $this->sql_build_array('INSERT', $sql_ary));
return true;
}
$values = array();
foreach ($_sql_ary as $key => $var)
{
$values[] = $this->_sql_validate_value($var);
}
$ary[] = '(' . implode(', ', $values) . ')';
}
$this->sql_query('INSERT INTO ' . $table . ' ' . ' (' . implode(', ', array_keys($sql_ary[0])) . ') VALUES ' . implode(', ', $ary));
}
else
{
@ -700,7 +712,7 @@ class dbal
</tr>
</tbody>
</table>
' . $this->html_hold . '
<p style="text-align: center;">
@ -728,24 +740,24 @@ class dbal
case 'start':
$this->query_hold = $query;
$this->html_hold = '';
$this->_sql_report($mode, $query);
$this->curtime = explode(' ', microtime());
$this->curtime = $this->curtime[0] + $this->curtime[1];
break;
case 'add_select_row':
$html_table = func_get_arg(2);
$row = func_get_arg(3);
if (!$html_table && sizeof($row))
{
$html_table = true;
$this->html_hold .= '<table cellspacing="1"><tr>';
foreach (array_keys($row) as $val)
{
$this->html_hold .= '<th>' . (($val) ? ucwords(str_replace('_', ' ', $val)) : '&nbsp;') . '</th>';
@ -761,7 +773,7 @@ class dbal
$this->html_hold .= '<td class="' . $class . '">' . (($val) ? $val : '&nbsp;') . '</td>';
}
$this->html_hold .= '</tr>';
return $html_table;
break;
@ -792,7 +804,7 @@ class dbal
break;
default:
$this->_sql_report($mode, $query);
break;

30
phpBB/includes/db/firebird.php
View file

@ -37,26 +37,42 @@ class dbal_firebird extends dbal
$this->persistency = $persistency;
$this->user = $sqluser;
$this->server = $sqlserver . (($port) ? ':' . $port : '');
$this->dbname = $database;
$this->dbname = str_replace('\\', '/', $database);
$this->db_connect_id = ($this->persistency) ? @ibase_pconnect($this->server . ':' . $this->dbname, $this->user, $sqlpassword, false, false, 3) : @ibase_connect($this->server . ':' . $this->dbname, $this->user, $sqlpassword, false, false, 3);
// There are three possibilities to connect to an interbase db
if (!$this->server)
{
$use_database = $this->dbname;
}
else if (strpos($this->server, '//') === 0)
{
$use_database = $this->server . $this->dbname;
}
else
{
$use_database = $this->server . ':' . $this->dbname;
}
$this->service_handle = (function_exists('ibase_service_attach')) ? @ibase_service_attach($this->server, $this->user, $sqlpassword) : false;
$this->db_connect_id = ($this->persistency) ? @ibase_pconnect($use_database, $this->user, $sqlpassword, false, false, 3) : @ibase_connect($use_database, $this->user, $sqlpassword, false, false, 3);
$this->service_handle = (function_exists('ibase_service_attach') && $this->server) ? @ibase_service_attach($this->server, $this->user, $sqlpassword) : false;
return ($this->db_connect_id) ? $this->db_connect_id : $this->sql_error('');
}
/**
* Version information about used database
* @param bool $raw if true, only return the fetched sql_server_version
* @return string sql server version
*/
function sql_server_info()
function sql_server_info($raw = false)
{
if ($this->service_handle !== false && function_exists('ibase_server_info'))
{
return @ibase_server_info($this->service_handle, IBASE_SVC_SERVER_VERSION);
}
return 'Firebird/Interbase';
return ($raw) ? '2.0' : 'Firebird/Interbase';
}
/**
@ -238,7 +254,7 @@ class dbal_firebird extends dbal
return false;
}
return ($this->query_result) ? $this->query_result : false;
return $this->query_result;
}
/**
@ -409,7 +425,7 @@ class dbal_firebird extends dbal
*/
function sql_escape($msg)
{
return str_replace("'", "''", $msg);
return str_replace(array("'", "\0"), array("''", ''), $msg);
}
/**

40
phpBB/includes/db/mssql.php
View file

@ -32,9 +32,11 @@ class dbal_mssql extends dbal
{
$this->persistency = $persistency;
$this->user = $sqluser;
$this->server = $sqlserver . (($port) ? ':' . $port : '');
$this->dbname = $database;
$port_delimiter = (defined('PHP_OS') && substr(PHP_OS, 0, 3) === 'WIN') ? ',' : ':';
$this->server = $sqlserver . (($port) ? $port_delimiter . $port : '');
@ini_set('mssql.charset', 'UTF-8');
@ini_set('mssql.textlimit', 2147483647);
@ini_set('mssql.textsize', 2147483647);
@ -62,24 +64,38 @@ class dbal_mssql extends dbal
/**
* Version information about used database
* @param bool $raw if true, only return the fetched sql_server_version
* @return string sql server version
*/
function sql_server_info()
function sql_server_info($raw = false)
{
$result_id = @mssql_query("SELECT SERVERPROPERTY('productversion'), SERVERPROPERTY('productlevel'), SERVERPROPERTY('edition')", $this->db_connect_id);
global $cache;
$row = false;
if ($result_id)
if (empty($cache) || ($this->sql_server_version = $cache->get('mssql_version')) === false)
{
$row = @mssql_fetch_assoc($result_id);
@mssql_free_result($result_id);
$result_id = @mssql_query("SELECT SERVERPROPERTY('productversion'), SERVERPROPERTY('productlevel'), SERVERPROPERTY('edition')", $this->db_connect_id);
$row = false;
if ($result_id)
{
$row = @mssql_fetch_assoc($result_id);
@mssql_free_result($result_id);
}
$this->sql_server_version = ($row) ? trim(implode(' ', $row)) : 0;
if (!empty($cache))
{
$cache->put('mssql_version', $this->sql_server_version);
}
}
if ($row)
if ($raw)
{
return 'MSSQL<br />' . implode(' ', $row);
return $this->sql_server_version;
}
return 'MSSQL';
return ($this->sql_server_version) ? 'MSSQL<br />' . $this->sql_server_version : 'MSSQL';
}
/**
@ -162,7 +178,7 @@ class dbal_mssql extends dbal
return false;
}
return ($this->query_result) ? $this->query_result : false;
return $this->query_result;
}
/**
@ -312,7 +328,7 @@ class dbal_mssql extends dbal
*/
function sql_escape($msg)
{
return str_replace("'", "''", $msg);
return str_replace(array("'", "\0"), array("''", ''), $msg);
}
/**

40
phpBB/includes/db/mssql_odbc.php
View file

@ -40,9 +40,11 @@ class dbal_mssql_odbc extends dbal
{
$this->persistency = $persistency;
$this->user = $sqluser;
$this->server = $sqlserver . (($port) ? ':' . $port : '');
$this->dbname = $database;
$port_delimiter = (defined('PHP_OS') && substr(PHP_OS, 0, 3) === 'WIN') ? ',' : ':';
$this->server = $sqlserver . (($port) ? $port_delimiter . $port : '');
$max_size = @ini_get('odbc.defaultlrl');
if (!empty($max_size))
{
@ -73,24 +75,38 @@ class dbal_mssql_odbc extends dbal
/**
* Version information about used database
* @param bool $raw if true, only return the fetched sql_server_version
* @return string sql server version
*/
function sql_server_info()
function sql_server_info($raw = false)
{
$result_id = @odbc_exec($this->db_connect_id, "SELECT SERVERPROPERTY('productversion'), SERVERPROPERTY('productlevel'), SERVERPROPERTY('edition')");
global $cache;
$row = false;
if ($result_id)
if (empty($cache) || ($this->sql_server_version = $cache->get('mssqlodbc_version')) === false)
{
$row = @odbc_fetch_array($result_id);
@odbc_free_result($result_id);
$result_id = @odbc_exec($this->db_connect_id, "SELECT SERVERPROPERTY('productversion'), SERVERPROPERTY('productlevel'), SERVERPROPERTY('edition')");
$row = false;
if ($result_id)
{
$row = @odbc_fetch_array($result_id);
@odbc_free_result($result_id);
}
$this->sql_server_version = ($row) ? trim(implode(' ', $row)) : 0;
if (!empty($cache))
{
$cache->put('mssqlodbc_version', $this->sql_server_version);
}
}
if ($row)
if ($raw)
{
return 'MSSQL (ODBC)<br />' . implode(' ', $row);
return $this->sql_server_version;
}
return 'MSSQL (ODBC)';
return ($this->sql_server_version) ? 'MSSQL (ODBC)<br />' . $this->sql_server_version : 'MSSQL (ODBC)';
}
/**
@ -174,7 +190,7 @@ class dbal_mssql_odbc extends dbal
return false;
}
return ($this->query_result) ? $this->query_result : false;
return $this->query_result;
}
/**
@ -333,7 +349,7 @@ class dbal_mssql_odbc extends dbal
*/
function sql_escape($msg)
{
return str_replace("'", "''", $msg);
return str_replace(array("'", "\0"), array("''", ''), $msg);
}
/**

42
phpBB/includes/db/mysql.php
View file

@ -29,7 +29,6 @@ include_once($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
*/
class dbal_mysql extends dbal
{
var $mysql_version;
var $multi_insert = true;
/**
@ -52,13 +51,12 @@ class dbal_mysql extends dbal
if (@mysql_select_db($this->dbname, $this->db_connect_id))
{
// Determine what version we are using and if it natively supports UNICODE
$this->mysql_version = mysql_get_server_info($this->db_connect_id);
if (version_compare($this->mysql_version, '4.1.3', '>='))
if (version_compare($this->sql_server_info(true), '4.1.3', '>='))
{
@mysql_query("SET NAMES 'utf8'", $this->db_connect_id);
// enforce strict mode on databases that support it
if (version_compare($this->mysql_version, '5.0.2', '>='))
if (version_compare($this->sql_server_info(true), '5.0.2', '>='))
{
$result = @mysql_query('SELECT @@session.sql_mode AS sql_mode', $this->db_connect_id);
$row = @mysql_fetch_assoc($result);
@ -83,7 +81,7 @@ class dbal_mysql extends dbal
@mysql_query("SET SESSION sql_mode='{$mode}'", $this->db_connect_id);
}
}
else if (version_compare($this->mysql_version, '4.0.0', '<'))
else if (version_compare($this->sql_server_info(true), '4.0.0', '<'))
{
$this->sql_layer = 'mysql';
}
@ -97,10 +95,28 @@ class dbal_mysql extends dbal
/**
* Version information about used database
* @param bool $raw if true, only return the fetched sql_server_version
* @return string sql server version
*/
function sql_server_info()
function sql_server_info($raw = false)
{
return 'MySQL ' . $this->mysql_version;
global $cache;
if (empty($cache) || ($this->sql_server_version = $cache->get('mysql_version')) === false)
{
$result = @mysql_query('SELECT VERSION() AS version', $this->db_connect_id);
$row = @mysql_fetch_assoc($result);
@mysql_free_result($result);
$this->sql_server_version = $row['version'];
if (!empty($cache))
{
$cache->put('mysql_version', $this->sql_server_version);
}
}
return ($raw) ? $this->sql_server_version : 'MySQL ' . $this->sql_server_version;
}
/**
@ -183,7 +199,7 @@ class dbal_mysql extends dbal
return false;
}
return ($this->query_result) ? $this->query_result : false;
return $this->query_result;
}
/**
@ -367,13 +383,9 @@ class dbal_mysql extends dbal
if ($test_prof === null)
{
$test_prof = false;
if (strpos($this->mysql_version, 'community') !== false)
if (version_compare($this->sql_server_info(true), '5.0.37', '>=') && version_compare($this->sql_server_info(true), '5.1', '<'))
{
$ver = substr($this->mysql_version, 0, strpos($this->mysql_version, '-'));
if (version_compare($ver, '5.0.37', '>=') && version_compare($ver, '5.1', '<'))
{
$test_prof = true;
}
$test_prof = true;
}
}

28
phpBB/includes/db/mysqli.php
View file

@ -45,12 +45,14 @@ class dbal_mysqli extends dbal
if ($this->db_connect_id && $this->dbname != '')
{
@mysqli_query($this->db_connect_id, "SET NAMES 'utf8'");
// enforce strict mode on databases that support it
if (mysqli_get_server_version($this->db_connect_id) >= 50002)
if (version_compare($this->sql_server_info(true), '5.0.2', '>='))
{
$result = @mysqli_query($this->db_connect_id, 'SELECT @@session.sql_mode AS sql_mode');
$row = @mysqli_fetch_assoc($result);
@mysqli_free_result($result);
$modes = array_map('trim', explode(',', $row['sql_mode']));
// TRADITIONAL includes STRICT_ALL_TABLES and STRICT_TRANS_TABLES
@ -78,10 +80,28 @@ class dbal_mysqli extends dbal
/**
* Version information about used database
* @param bool $raw if true, only return the fetched sql_server_version
* @return string sql server version
*/
function sql_server_info()
function sql_server_info($raw = false)
{
return 'MySQL(i) ' . @mysqli_get_server_info($this->db_connect_id);
global $cache;
if (empty($cache) || ($this->sql_server_version = $cache->get('mysqli_version')) === false)
{
$result = @mysqli_query($this->db_connect_id, 'SELECT VERSION() AS version');
$row = @mysqli_fetch_assoc($result);
@mysqli_free_result($result);
$this->sql_server_version = $row['version'];
if (!empty($cache))
{
$cache->put('mysqli_version', $this->sql_server_version);
}
}
return ($raw) ? $this->sql_server_version : 'MySQL(i) ' . $this->sql_server_version;
}
/**
@ -163,7 +183,7 @@ class dbal_mysqli extends dbal
return false;
}
return ($this->query_result) ? $this->query_result : false;
return $this->query_result;
}
/**

29
phpBB/includes/db/oracle.php
View file

@ -55,10 +55,31 @@ class dbal_oracle extends dbal
/**
* Version information about used database
* @param bool $raw if true, only return the fetched sql_server_version
* @return string sql server version
*/
function sql_server_info()
function sql_server_info($raw = false)
{
return @ociserverversion($this->db_connect_id);
/*
global $cache;
if (empty($cache) || ($this->sql_server_version = $cache->get('oracle_version')) === false)
{
$result = @ociparse($this->db_connect_id, 'SELECT * FROM v$version WHERE banner LIKE \'Oracle%\'');
@ociexecute($result, OCI_DEFAULT);
@ocicommit($this->db_connect_id);
$row = array();
@ocifetchinto($result, $row, OCI_ASSOC + OCI_RETURN_NULLS);
@ocifreestatement($result);
$this->sql_server_version = trim($row['BANNER']);
$cache->put('oracle_version', $this->sql_server_version);
}
*/
$this->sql_server_version = @ociserverversion($this->db_connect_id);
return $this->sql_server_version;
}
/**
@ -355,7 +376,7 @@ class dbal_oracle extends dbal
return false;
}
return ($this->query_result) ? $this->query_result : false;
return $this->query_result;
}
/**
@ -530,7 +551,7 @@ class dbal_oracle extends dbal
*/
function sql_escape($msg)
{
return str_replace("'", "''", $msg);
return str_replace(array("'", "\0"), array("''", ''), $msg);
}
/**

44
phpBB/includes/db/postgres.php
View file

@ -26,7 +26,6 @@ include_once($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
class dbal_postgres extends dbal
{
var $last_query_text = '';
var $pgsql_version;
/**
* Connect to server
@ -81,24 +80,7 @@ class dbal_postgres extends dbal
if ($this->db_connect_id)
{
// determine what version of PostgreSQL is running, we can be more efficient if they are running 8.2+
if (version_compare(PHP_VERSION, '5.0.0', '>='))
{
$this->pgsql_version = @pg_parameter_status($this->db_connect_id, 'server_version');
}
else
{
$query_id = @pg_query($this->db_connect_id, 'SELECT VERSION()');
$row = @pg_fetch_assoc($query_id, null);
@pg_free_result($query_id);
if (!empty($row['version']))
{
$this->pgsql_version = substr($row['version'], 10);
}
}
if (!empty($this->pgsql_version) && $this->pgsql_version[0] >= '8' && $this->pgsql_version[2] >= '2')
if (version_compare($this->sql_server_info(true), '8.2', '>='))
{
$this->multi_insert = true;
}
@ -115,10 +97,28 @@ class dbal_postgres extends dbal
/**
* Version information about used database
* @param bool $raw if true, only return the fetched sql_server_version
* @return string sql server version
*/
function sql_server_info()
function sql_server_info($raw = false)
{
return 'PostgreSQL ' . $this->pgsql_version;
global $cache;
if (empty($cache) || ($this->sql_server_version = $cache->get('pgsql_version')) === false)
{
$query_id = @pg_query($this->db_connect_id, 'SELECT VERSION() AS version');
$row = @pg_fetch_assoc($query_id, null);
@pg_free_result($query_id);
$this->sql_server_version = (!empty($row['version'])) ? trim(substr($row['version'], 10)) : 0;
if (!empty($cache))
{
$cache->put('pgsql_version', $this->sql_server_version);
}
}
return ($raw) ? $this->sql_server_version : 'PostgreSQL ' . $this->sql_server_version;
}
/**
@ -202,7 +202,7 @@ class dbal_postgres extends dbal
return false;
}
return ($this->query_result) ? $this->query_result : false;
return $this->query_result;
}
/**

21
phpBB/includes/db/sqlite.php
View file

@ -41,18 +41,31 @@ class dbal_sqlite extends dbal
if ($this->db_connect_id)
{
@sqlite_query('PRAGMA short_column_names = 1', $this->db_connect_id);
// @sqlite_query('PRAGMA encoding = "UTF-8"', $this->db_connect_id);
}
return ($this->db_connect_id) ? true : array('message' => $error);
}
/**
* Version information about used database
* @param bool $raw if true, only return the fetched sql_server_version
* @return string sql server version
*/
function sql_server_info()
function sql_server_info($raw = false)
{
return 'SQLite ' . @sqlite_libversion();
global $cache;
if (empty($cache) || ($this->sql_server_version = $cache->get('sqlite_version')) === false)
{
$result = @sqlite_query('SELECT sqlite_version() AS version', $this->db_connect_id);
$row = @sqlite_fetch_array($result, SQLITE_ASSOC);
$this->sql_server_version = (!empty($row['version'])) ? $row['version'] : 0;
$cache->put('sqlite_version', $this->sql_server_version);
}
return ($raw) ? $this->sql_server_version : 'SQLite ' . $this->sql_server_version;
}
/**
@ -135,7 +148,7 @@ class dbal_sqlite extends dbal
return false;
}
return ($this->query_result) ? $this->query_result : false;
return $this->query_result;
}
/**

27
phpBB/includes/diff/diff.php
View file

@ -17,7 +17,7 @@ if (!defined('IN_PHPBB'))
}
/**
* Code from pear.php.net, Text_Diff-0.2.1 (beta) package
* Code from pear.php.net, Text_Diff-1.0.0 package
* http://pear.php.net/package/Text_Diff/
*
* Modified by phpBB Group to meet our coding standards
@ -26,6 +26,9 @@ if (!defined('IN_PHPBB'))
* General API for generating and formatting diffs - the differences between
* two sequences of strings.
*
* Copyright 2004 Geoffrey T. Dairiki <dairiki@dairiki.org>
* Copyright 2004-2008 The Horde Project (http://www.horde.org/)
*
* @package diff
* @author Geoffrey T. Dairiki <dairiki@dairiki.org>
*/
@ -45,7 +48,7 @@ class diff
*/
function diff(&$from_content, &$to_content, $preserve_cr = true)
{
$diff_engine = &new diff_engine();
$diff_engine = new diff_engine();
$this->_edits = $diff_engine->diff($from_content, $to_content, $preserve_cr);
}
@ -62,7 +65,7 @@ class diff
*
* Example:
* <code>
* $diff = &new diff($lines1, $lines2);
* $diff = new diff($lines1, $lines2);
* $rev = $diff->reverse();
* </code>
*
@ -285,7 +288,7 @@ class diff_op
var $orig;
var $final;
function reverse()
function &reverse()
{
trigger_error('[diff] Abstract method', E_USER_ERROR);
}
@ -321,7 +324,7 @@ class diff_op_copy extends diff_op
function &reverse()
{
$reverse = &new diff_op_copy($this->final, $this->orig);
$reverse = new diff_op_copy($this->final, $this->orig);
return $reverse;
}
}
@ -342,7 +345,7 @@ class diff_op_delete extends diff_op
function &reverse()
{
$reverse = &new diff_op_add($this->orig);
$reverse = new diff_op_add($this->orig);
return $reverse;
}
}
@ -363,7 +366,7 @@ class diff_op_add extends diff_op
function &reverse()
{
$reverse = &new diff_op_delete($this->final);
$reverse = new diff_op_delete($this->final);
return $reverse;
}
}
@ -384,7 +387,7 @@ class diff_op_change extends diff_op
function &reverse()
{
$reverse = &new diff_op_change($this->final, $this->orig);
$reverse = new diff_op_change($this->final, $this->orig);
return $reverse;
}
}
@ -413,7 +416,7 @@ class diff3 extends diff
*/
function diff3(&$orig, &$final1, &$final2)
{
$diff_engine = &new diff_engine();
$diff_engine = new diff_engine();
$diff_1 = $diff_engine->diff($orig, $final1);
$diff_2 = $diff_engine->diff($orig, $final2);
@ -548,7 +551,7 @@ class diff3 extends diff
function _diff3(&$edits1, &$edits2)
{
$edits = array();
$bb = &new diff3_block_builder();
$bb = new diff3_block_builder();
$e1 = current($edits1);
$e2 = current($edits2);
@ -565,7 +568,7 @@ class diff3 extends diff
}
$ncopy = min($e1->norig(), $e2->norig());
$edits[] = &new diff3_op_copy(array_slice($e1->orig, 0, $ncopy));
$edits[] = new diff3_op_copy(array_slice($e1->orig, 0, $ncopy));
if ($e1->norig() > $ncopy)
{
@ -759,7 +762,7 @@ class diff3_block_builder
}
else
{
$edit = &new diff3_op($this->orig, $this->final1, $this->final2);
$edit = new diff3_op($this->orig, $this->final1, $this->final2);
$this->_init();
return $edit;
}

28
phpBB/includes/diff/engine.php
View file

@ -17,21 +17,20 @@ if (!defined('IN_PHPBB'))
}
/**
* Code from pear.php.net, Text_Diff-0.2.1 (beta) package
* http://pear.php.net/package/Text_Diff/
* Code from pear.php.net, Text_Diff-1.0.0 package
* http://pear.php.net/package/Text_Diff/ (native engine)
*
* Modified by phpBB Group to meet our coding standards
* and being able to integrate into phpBB
*
* Class used internally by Diff to actually compute the diffs. This class is
* implemented using native PHP code.
* Class used internally by Text_Diff to actually compute the diffs. This
* class is implemented using native PHP code.
*
* The algorithm used here is mostly lifted from the perl module
* Algorithm::Diff (version 1.06) by Ned Konz, which is available at:
* http://www.perl.com/CPAN/authors/id/N/NE/NEDKONZ/Algorithm-Diff-1.06.zip
*
* More ideas are taken from:
* http://www.ics.uci.edu/~eppstein/161/960229.html
* More ideas are taken from: http://www.ics.uci.edu/~eppstein/161/960229.html
*
* Some ideas (and a bit of code) are taken from analyze.c, of GNU
* diffutils-2.7, which can be found at:
@ -41,6 +40,8 @@ if (!defined('IN_PHPBB'))
* Geoffrey T. Dairiki <dairiki@dairiki.org>. The original PHP version of this
* code was written by him, and is used/adapted with his permission.
*
* Copyright 2004-2008 The Horde Project (http://www.horde.org/)
*
* @author Geoffrey T. Dairiki <dairiki@dairiki.org>
* @package diff
*
@ -159,7 +160,7 @@ class diff_engine
if ($copy)
{
$edits[] = &new diff_op_copy($copy);
$edits[] = new diff_op_copy($copy);
}
// Find deletes & adds.
@ -177,15 +178,15 @@ class diff_engine
if ($delete && $add)
{
$edits[] = &new diff_op_change($delete, $add);
$edits[] = new diff_op_change($delete, $add);
}
else if ($delete)
{
$edits[] = &new diff_op_delete($delete);
$edits[] = new diff_op_delete($delete);
}
else if ($add)
{
$edits[] = &new diff_op_add($add);
$edits[] = new diff_op_add($add);
}
}
@ -251,7 +252,7 @@ class diff_engine
}
}
$x1 = $xoff + (int)(($numer + ($xlim-$xoff)*$chunk) / $nchunks);
$x1 = $xoff + (int)(($numer + ($xlim - $xoff) * $chunk) / $nchunks);
for (; $x < $x1; $x++)
{
@ -262,7 +263,8 @@ class diff_engine
}
$matches = $ymatches[$line];
foreach ($matches as $y)
reset($matches);
while (list(, $y) = each($matches))
{
if (empty($this->in_seq[$y]))
{
@ -273,7 +275,7 @@ class diff_engine
}
// no reset() here
while (list($junk, $y) = each($matches))
while (list(, $y) = each($matches))
{
if ($y > $this->seq[$k - 1])
{

32
phpBB/includes/diff/renderer.php
View file

@ -17,7 +17,7 @@ if (!defined('IN_PHPBB'))
}
/**
* Code from pear.php.net, Text_Diff-0.2.1 (beta) package
* Code from pear.php.net, Text_Diff-1.0.0 package
* http://pear.php.net/package/Text_Diff/
*
* Modified by phpBB Group to meet our coding standards
@ -28,6 +28,8 @@ if (!defined('IN_PHPBB'))
* This class renders the diff in classic diff format. It is intended that
* this class be customized via inheritance, to obtain fancier outputs.
*
* Copyright 2004-2008 The Horde Project (http://www.horde.org/)
*
* @package diff
*/
class diff_renderer
@ -105,7 +107,7 @@ class diff_renderer
unset($diff3);
$diff = &new diff($diff_1, $diff_2);
$diff = new diff($diff_1, $diff_2);
}
$nlead = $this->_leading_context_lines;
@ -116,33 +118,41 @@ class diff_renderer
foreach ($diffs as $i => $edit)
{
// If these are unchanged (copied) lines, and we want to keep leading or trailing context lines, extract them from the copy block.
if (is_a($edit, 'diff_op_copy'))
{
// Do we have any diff blocks yet?
if (is_array($block))
{
// How many lines to keep as context from the copy block.
$keep = ($i == sizeof($diffs) - 1) ? $ntrail : $nlead + $ntrail;
if (sizeof($edit->orig) <= $keep)
{
// We have less lines in the block than we want for context => keep the whole block.
$block[] = $edit;
}
else
{
if ($ntrail)
{
// Create a new block with as many lines as we need for the trailing context.
$context = array_slice($edit->orig, 0, $ntrail);
$block[] = &new diff_op_copy($context);
$block[] = new diff_op_copy($context);
}
$output .= $this->_block($x0, $ntrail + $xi - $x0, $y0, $ntrail + $yi - $y0, $block);
$block = false;
}
}
// Keep the copy block as the context for the next block.
$context = $edit->orig;
}
else
{
// Don't we have any diff blocks yet?
if (!is_array($block))
{
// Extract context lines from the preceding copy block.
$context = array_slice($context, sizeof($context) - $nlead);
$x0 = $xi - sizeof($context);
$y0 = $yi - sizeof($context);
@ -150,7 +160,7 @@ class diff_renderer
if ($context)
{
$block[] = &new diff_op_copy($context);
$block[] = new diff_op_copy($context);
}
}
$block[] = $edit;
@ -219,6 +229,16 @@ class diff_renderer
$ybeg .= ',' . ($ybeg + $ylen - 1);
}
// this matches the GNU Diff behaviour
if ($xlen && !$ylen)
{
$ybeg--;
}
else if (!$xlen)
{
$xbeg--;
}
return $xbeg . ($xlen ? ($ylen ? 'c' : 'd') : 'a') . $ybeg;
}
@ -449,11 +469,11 @@ class diff_renderer_inline extends diff_renderer
$splitted_text_1 = $this->_split_on_words($text1, $nl);
$splitted_text_2 = $this->_split_on_words($text2, $nl);
$diff = &new diff($splitted_text_1, $splitted_text_2);
$diff = new diff($splitted_text_1, $splitted_text_2);
unset($splitted_text_1, $splitted_text_2);
// Get the diff in inline format.
$renderer = &new diff_renderer_inline(array_merge($this->get_params(), array('split_level' => 'words')));
$renderer = new diff_renderer_inline(array_merge($this->get_params(), array('split_level' => 'words')));
// Run the diff and get the output.
return str_replace($nl, "\n", $renderer->render($diff)) . "\n";

222
phpBB/includes/functions.php
View file

@ -32,7 +32,7 @@ function set_var(&$result, $var, $type, $multibyte = false)
if ($type == 'string')
{
$result = trim(htmlspecialchars(str_replace(array("\r\n", "\r"), array("\n", "\n"), $result), ENT_COMPAT, 'UTF-8'));
$result = trim(htmlspecialchars(str_replace(array("\r\n", "\r", "\0"), array("\n", "\n", ''), $result), ENT_COMPAT, 'UTF-8'));
if (!empty($result))
{
@ -320,6 +320,11 @@ function phpbb_hash($password)
/**
* Check for correct password
*
* @param string $password The password in plain text
* @param string $hash The stored password hash
*
* @return bool Returns true if the password is correct, false if not.
*/
function phpbb_check_hash($password, $hash)
{
@ -454,6 +459,142 @@ function _hash_crypt_private($password, $setting, &$itoa64)
return $output;
}
/**
* Global function for chmodding directories and files for internal use
* This function determines owner and group whom the file belongs to and user and group of PHP and then set safest possible file permissions.
* The function determines owner and group from common.php file and sets the same to the provided file.
* The function uses bit fields to build the permissions.
* The function sets the appropiate execute bit on directories.
*
* Supported constants representing bit fields are:
*
* CHMOD_ALL - all permissions (7)
* CHMOD_READ - read permission (4)
* CHMOD_WRITE - write permission (2)
* CHMOD_EXECUTE - execute permission (1)
*
* NOTE: The function uses POSIX extension and fileowner()/filegroup() functions. If any of them is disabled, this function tries to build proper permissions, by calling is_readable() and is_writable() functions.
*
* @param $filename The file/directory to be chmodded
* @param $perms Permissions to set
* @return true on success, otherwise false
*
* @author faw, phpBB Group
*/
function phpbb_chmod($filename, $perms = CHMOD_READ)
{
// Return if the file no longer exists.
if (!file_exists($filename))
{
return false;
}
if (!function_exists('fileowner') || !function_exists('filegroup'))
{
$file_uid = $file_gid = false;
$common_php_owner = $common_php_group = false;
}
else
{
global $phpbb_root_path, $phpEx;
// Determine owner/group of common.php file and the filename we want to change here
$common_php_owner = fileowner($phpbb_root_path . 'common.' . $phpEx);
$common_php_group = filegroup($phpbb_root_path . 'common.' . $phpEx);
$file_uid = fileowner($filename);
$file_gid = filegroup($filename);
// Try to set the owner to the same common.php has
if ($common_php_owner !== $file_uid && $common_php_owner !== false && $file_uid !== false)
{
// Will most likely not work
if (@chown($filename, $common_php_owner));
{
$file_uid = fileowner($filename);
}
}
// Try to set the group to the same common.php has
if ($common_php_group !== $file_gid && $common_php_group !== false && $file_gid !== false)
{
if (@chgrp($filename, $common_php_group));
{
$file_gid = filegroup($filename);
}
}
}
// And the owner and the groups PHP is running under.
$php_uid = (function_exists('posix_getuid')) ? @posix_getuid() : false;
$php_gids = (function_exists('posix_getgroups')) ? @posix_getgroups() : false;
// Who is PHP?
if ($file_uid === false || $file_gid === false || $php_uid === false || $php_gids === false)
{
$php = null;
}
else if ($file_uid == $php_uid /* && $common_php_owner !== false && $common_php_owner === $file_uid*/)
{
$php = 'owner';
}
else if (in_array($file_gid, $php_gids))
{
$php = 'group';
}
else
{
$php = 'other';
}
// Owner always has read/write permission
$owner = CHMOD_READ | CHMOD_WRITE;
if (is_dir($filename))
{
$owner |= CHMOD_EXECUTE;
// Only add execute bit to the permission if the dir needs to be readable
if ($perms & CHMOD_READ)
{
$perms |= CHMOD_EXECUTE;
}
}
switch ($php)
{
case null:
case 'owner':
$result = @chmod($filename, ($owner << 6) + (0 << 3) + (0 << 0));
if (!is_null($php) || (is_readable($filename) && is_writable($filename)))
{
break;
}
case 'group':
$result = @chmod($filename, ($owner << 6) + ($perms << 3) + (0 << 0));
if (!is_null($php) || ((!($perms & CHMOD_READ) || is_readable($filename)) && (!($perms & CHMOD_WRITE) || is_writable($filename))))
{
break;
}
case 'other':
$result = @chmod($filename, ($owner << 6) + ($perms << 3) + ($perms << 0));
if (!is_null($php) || ((!($perms & CHMOD_READ) || is_readable($filename)) && (!($perms & CHMOD_WRITE) || is_writable($filename))))
{
break;
}
default:
return false;
break;
}
return $result;
}
// Compatibility functions
if (!function_exists('array_combine'))
@ -1766,6 +1907,7 @@ function generate_board_url($without_script_path = false)
$script_path = $config['script_path'];
$url = $server_protocol . $server_name;
$cookie_secure = $config['cookie_secure'];
}
else
{
@ -1776,7 +1918,7 @@ function generate_board_url($without_script_path = false)
$script_path = $user->page['root_script_path'];
}
if ($server_port && (($config['cookie_secure'] && $server_port <> 443) || (!$config['cookie_secure'] && $server_port <> 80)))
if ($server_port && (($cookie_secure && $server_port <> 443) || (!$cookie_secure && $server_port <> 80)))
{
// HTTP HOST can carry a port number (we fetch $user->host, but for old versions this may be true)
if (strpos($server_name, ':') === false)
@ -1902,7 +2044,7 @@ function redirect($url, $return = false, $disable_cd_check = false)
$url = substr($url, 1);
}
$url = $dir . '/' . $url;
$url = (!empty($dir) ? $dir . '/' : '') . $url;
$url = generate_board_url() . '/' . $url;
}
}
@ -2066,6 +2208,37 @@ function meta_refresh($time, $url)
//Form validation
/**
* Add a secret hash for use in links/GET requests
* @param string $link_name The name of the link; has to match the name used in check_link_hash, otherwise no restrictions apply
* @return string the hash
*/
function generate_link_hash($link_name)
{
global $user;
if (!isset($user->data["hash_$link_name"]))
{
$user->data["hash_$link_name"] = substr(sha1($user->data['user_form_salt'] . $link_name), 0, 8);
}
return $user->data["hash_$link_name"];
}
/**
* checks a link hash - for GET requests
* @param string $token the submitted token
* @param string $link_name The name of the link
* @return boolean true if all is fine
*/
function check_link_hash($token, $link_name)
{
return $token === generate_link_hash($link_name);
}
/**
* Add a secret token to the form (requires the S_FORM_TOKEN template variable)
* @param string $form_name The name of the form; has to match the name used in check_form_key, otherwise no restrictions apply
@ -2073,16 +2246,18 @@ function meta_refresh($time, $url)
function add_form_key($form_name)
{
global $config, $template, $user;
$now = time();
$token_sid = ($user->data['user_id'] == ANONYMOUS && !empty($config['form_token_sid_guests'])) ? $user->session_id : '';
$token = sha1($now . $user->data['user_form_salt'] . $form_name . $token_sid);
$s_fields = build_hidden_fields(array(
'creation_time' => $now,
'form_token' => $token,
'creation_time' => $now,
'form_token' => $token,
));
$template->assign_vars(array(
'S_FORM_TOKEN' => $s_fields,
'S_FORM_TOKEN' => $s_fields,
));
}
@ -2108,23 +2283,26 @@ function check_form_key($form_name, $timespan = false, $return_page = '', $trigg
$creation_time = abs(request_var('creation_time', 0));
$token = request_var('form_token', '');
$diff = (time() - $creation_time);
$diff = time() - $creation_time;
if (($diff <= $timespan) || $timespan === -1)
// If creation_time and the time() now is zero we can assume it was not a human doing this (the check for if ($diff)...
if ($diff && ($diff <= $timespan || $timespan === -1))
{
$token_sid = ($user->data['user_id'] == ANONYMOUS && !empty($config['form_token_sid_guests'])) ? $user->session_id : '';
$key = sha1($creation_time . $user->data['user_form_salt'] . $form_name . $token_sid);
if ($key === $token)
{
return true;
}
}
}
if ($trigger)
{
trigger_error($user->lang['FORM_INVALID'] . $return_page);
}
return false;
}
@ -2960,7 +3138,7 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
}
// Another quick fix for those having gzip compression enabled, but do not flush if the coder wants to catch "something". ;)
if ($config['gzip_compress'])
if (!empty($config['gzip_compress']))
{
if (@extension_loaded('zlib') && !headers_sent() && !ob_get_level())
{
@ -3050,6 +3228,9 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
echo '</html>';
exit_handler();
// On a fatal error (and E_USER_ERROR *is* fatal) we never want other scripts to continue and force an exit here.
exit;
break;
case E_USER_WARNING:
@ -3409,7 +3590,7 @@ function page_header($page_title = '', $display_online_list = true)
$s_privmsg_new = false;
// Obtain number of new private messages if user is logged in
if (isset($user->data['is_registered']) && $user->data['is_registered'])
if (!empty($user->data['is_registered']))
{
if ($user->data['user_new_privmsg'])
{
@ -3500,14 +3681,14 @@ function page_header($page_title = '', $display_online_list = true)
'U_SEARCH_UNANSWERED' => append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=unanswered'),
'U_SEARCH_ACTIVE_TOPICS'=> append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=active_topics'),
'U_DELETE_COOKIES' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=delete_cookies'),
'U_TEAM' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=leaders'),
'U_TEAM' => ($user->data['user_id'] != ANONYMOUS && !$auth->acl_get('u_viewprofile')) ? '' : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=leaders'),
'U_RESTORE_PERMISSIONS' => ($user->data['user_perm_from'] && $auth->acl_get('a_switchperm')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=restore_perm') : '',
'S_USER_LOGGED_IN' => ($user->data['user_id'] != ANONYMOUS) ? true : false,
'S_AUTOLOGIN_ENABLED' => ($config['allow_autologin']) ? true : false,
'S_BOARD_DISABLED' => ($config['board_disable']) ? true : false,
'S_REGISTERED_USER' => $user->data['is_registered'],
'S_IS_BOT' => $user->data['is_bot'],
'S_REGISTERED_USER' => (!empty($user->data['is_registered'])) ? true : false,
'S_IS_BOT' => (!empty($user->data['is_bot'])) ? true : false,
'S_USER_PM_POPUP' => $user->optionget('popuppm'),
'S_USER_LANG' => $user_lang,
'S_USER_BROWSER' => (isset($user->data['session_browser'])) ? $user->data['session_browser'] : $user->lang['UNKNOWN_BROWSER'],
@ -3519,13 +3700,14 @@ function page_header($page_title = '', $display_online_list = true)
'S_TIMEZONE' => ($user->data['user_dst'] || ($user->data['user_id'] == ANONYMOUS && $config['board_dst'])) ? sprintf($user->lang['ALL_TIMES'], $user->lang['tz'][$tz], $user->lang['tz']['dst']) : sprintf($user->lang['ALL_TIMES'], $user->lang['tz'][$tz], ''),
'S_DISPLAY_ONLINE_LIST' => ($l_online_time) ? 1 : 0,
'S_DISPLAY_SEARCH' => (!$config['load_search']) ? 0 : (isset($auth) ? ($auth->acl_get('u_search') && $auth->acl_getf_global('f_search')) : 1),
'S_DISPLAY_PM' => ($config['allow_privmsg'] && $user->data['is_registered'] && ($auth->acl_get('u_readpm') || $auth->acl_get('u_sendpm'))) ? true : false,
'S_DISPLAY_PM' => ($config['allow_privmsg'] && !empty($user->data['is_registered']) && ($auth->acl_get('u_readpm') || $auth->acl_get('u_sendpm'))) ? true : false,
'S_DISPLAY_MEMBERLIST' => (isset($auth)) ? $auth->acl_get('u_viewprofile') : 0,
'S_NEW_PM' => ($s_privmsg_new) ? 1 : 0,
'S_REGISTER_ENABLED' => ($config['require_activation'] != USER_ACTIVATION_DISABLE) ? true : false,
'T_THEME_PATH' => "{$phpbb_root_path}styles/" . $user->theme['theme_path'] . '/theme',
'T_TEMPLATE_PATH' => "{$phpbb_root_path}styles/" . $user->theme['template_path'] . '/template',
'T_SUPER_TEMPLATE_PATH' => (isset($user->theme['template_inherit_path'])) ? "{$phpbb_root_path}styles/" . $user->theme['template_inherit_path'] . '/template' : '',
'T_IMAGESET_PATH' => "{$phpbb_root_path}styles/" . $user->theme['imageset_path'] . '/imageset',
'T_IMAGESET_LANG_PATH' => "{$phpbb_root_path}styles/" . $user->theme['imageset_path'] . '/imageset/' . $user->data['user_lang'],
'T_IMAGES_PATH' => "{$phpbb_root_path}images/",
@ -3538,8 +3720,10 @@ function page_header($page_title = '', $display_online_list = true)
'T_STYLESHEET_LINK' => (!$user->theme['theme_storedb']) ? "{$phpbb_root_path}styles/" . $user->theme['theme_path'] . '/theme/stylesheet.css' : "{$phpbb_root_path}style.$phpEx?sid=$user->session_id&amp;id=" . $user->theme['style_id'] . '&amp;lang=' . $user->data['user_lang'],
'T_STYLESHEET_NAME' => $user->theme['theme_name'],
'SITE_LOGO_IMG' => $user->img('site_logo'))
);
'SITE_LOGO_IMG' => $user->img('site_logo'),
'A_COOKIE_SETTINGS' => addslashes('; path=' . $config['cookie_path'] . ((!$config['cookie_domain'] || $config['cookie_domain'] == 'localhost' || $config['cookie_domain'] == '127.0.0.1') ? '' : '; domain=' . $config['cookie_domain']) . ((!$config['cookie_secure']) ? '' : '; secure')),
));
// application/xhtml+xml not used because of IE
header('Content-type: text/html; charset=UTF-8');
@ -3593,7 +3777,7 @@ function page_footer($run_cron = true)
'DEBUG_OUTPUT' => (defined('DEBUG')) ? $debug_output : '',
'TRANSLATION_INFO' => (!empty($user->lang['TRANSLATION_INFO'])) ? $user->lang['TRANSLATION_INFO'] : '',
'U_ACP' => ($auth->acl_get('a_') && $user->data['is_registered']) ? append_sid("{$phpbb_root_path}adm/index.$phpEx", false, true, $user->session_id) : '')
'U_ACP' => ($auth->acl_get('a_') && !empty($user->data['is_registered'])) ? append_sid("{$phpbb_root_path}adm/index.$phpEx", false, true, $user->session_id) : '')
);
// Call cron-type script
@ -3682,7 +3866,7 @@ function exit_handler()
}
// As a pre-caution... some setups display a blank page if the flush() is not there.
(!$config['gzip_compress']) ? @flush() : @ob_flush();
(empty($config['gzip_compress'])) ? @flush() : @ob_flush();
exit;
}

255
phpBB/includes/functions_admin.php
View file

@ -97,7 +97,7 @@ function recalc_btree($sql_id, $sql_table, $module_class = '')
$item_data['left_id'] = $row['right_id'] + 1;
$item_data['right_id'] = $row['right_id'] + 2;
}
$sql = "UPDATE $sql_table
SET left_id = {$item_data['left_id']}, right_id = {$item_data['right_id']}
WHERE $sql_id = " . $item_data[$sql_id];
@ -551,7 +551,7 @@ function delete_topics($where_type, $where_ids, $auto_sync = true, $post_count_s
'posts' => ($call_delete_posts) ? delete_posts($where_type, $where_ids, false, true, $post_count_sync, false) : 0,
);
$sql = 'SELECT topic_id, forum_id, topic_approved
$sql = 'SELECT topic_id, forum_id, topic_approved, topic_moved_id
FROM ' . TOPICS_TABLE . '
WHERE ' . $where_clause;
$result = $db->sql_query($sql);
@ -561,7 +561,7 @@ function delete_topics($where_type, $where_ids, $auto_sync = true, $post_count_s
$forum_ids[] = $row['forum_id'];
$topic_ids[] = $row['topic_id'];
if ($row['topic_approved'])
if ($row['topic_approved'] && !$row['topic_moved_id'])
{
$approved_topics++;
}
@ -670,7 +670,7 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync =
$topic_ids[] = $row['topic_id'];
$forum_ids[] = $row['forum_id'];
if ($row['post_postcount'] && $post_count_sync)
if ($row['post_postcount'] && $post_count_sync && $row['post_approved'])
{
$post_counts[$row['poster_id']] = (!empty($post_counts[$row['poster_id']])) ? $post_counts[$row['poster_id']] + 1 : 1;
}
@ -709,6 +709,7 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync =
WHERE user_id = ' . $poster_id . '
AND user_posts < ' . $substract;
$db->sql_query($sql);
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_posts = user_posts - ' . $substract . '
WHERE user_id = ' . $poster_id . '
@ -790,8 +791,8 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync =
/**
* Delete Attachments
*
* @param string $mode can be: post|topic|attach|user
* @param mixed $ids can be: post_ids, topic_ids, attach_ids, user_ids
* @param string $mode can be: post|message|topic|attach|user
* @param mixed $ids can be: post_ids, message_ids, topic_ids, attach_ids, user_ids
* @param bool $resync set this to false if you are deleting posts or topics
*/
function delete_attachments($mode, $ids, $resync = true)
@ -813,42 +814,55 @@ function delete_attachments($mode, $ids, $resync = true)
return false;
}
$sql_id = ($mode == 'user') ? 'poster_id' : (($mode == 'post') ? 'post_msg_id' : (($mode == 'topic') ? 'topic_id' : 'attach_id'));
$post_ids = $topic_ids = $physical = array();
// Collect post and topics ids for later use
if ($mode == 'attach' || $mode == 'user' || ($mode == 'topic' && $resync))
switch ($mode)
{
$sql = 'SELECT post_msg_id as post_id, topic_id, physical_filename, thumbnail, filesize
case 'post':
case 'message':
$sql_id = 'post_msg_id';
break;
case 'topic':
$sql_id = 'topic_id';
break;
case 'user':
$sql_id = 'poster_id';
break;
case 'attach':
default:
$sql_id = 'attach_id';
$mode = 'attach';
break;
}
$post_ids = $message_ids = $topic_ids = $physical = array();
// Collect post and topic ids for later use if we need to touch remaining entries (if resync is enabled)
$sql = 'SELECT post_msg_id, topic_id, in_message, physical_filename, thumbnail, filesize, is_orphan
FROM ' . ATTACHMENTS_TABLE . '
WHERE ' . $db->sql_in_set($sql_id, $ids);
$result = $db->sql_query($sql);
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
$post_ids[] = $row['post_id'];
$topic_ids[] = $row['topic_id'];
$physical[] = array('filename' => $row['physical_filename'], 'thumbnail' => $row['thumbnail'], 'filesize' => $row['filesize']);
}
$db->sql_freeresult($result);
}
if ($mode == 'post')
while ($row = $db->sql_fetchrow($result))
{
$sql = 'SELECT topic_id, physical_filename, thumbnail, filesize
FROM ' . ATTACHMENTS_TABLE . '
WHERE ' . $db->sql_in_set('post_msg_id', $ids) . '
AND in_message = 0';
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
// We only need to store post/message/topic ids if resync is enabled and the file is not orphaned
if ($resync && !$row['is_orphan'])
{
$topic_ids[] = $row['topic_id'];
$physical[] = array('filename' => $row['physical_filename'], 'thumbnail' => $row['thumbnail'], 'filesize' => $row['filesize']);
if (!$row['in_message'])
{
$post_ids[] = $row['post_msg_id'];
$topic_ids[] = $row['topic_id'];
}
else
{
$message_ids[] = $row['post_msg_id'];
}
}
$db->sql_freeresult($result);
$physical[] = array('filename' => $row['physical_filename'], 'thumbnail' => $row['thumbnail'], 'filesize' => $row['filesize'], 'is_orphan' => $row['is_orphan']);
}
$db->sql_freeresult($result);
// Delete attachments
$sql = 'DELETE FROM ' . ATTACHMENTS_TABLE . '
@ -865,8 +879,9 @@ function delete_attachments($mode, $ids, $resync = true)
$space_removed = $files_removed = 0;
foreach ($physical as $file_ary)
{
if (phpbb_unlink($file_ary['filename'], 'file', true))
if (phpbb_unlink($file_ary['filename'], 'file', true) && !$file_ary['is_orphan'])
{
// Only non-orphaned files count to the file size
$space_removed += $file_ary['filesize'];
$files_removed++;
}
@ -876,122 +891,72 @@ function delete_attachments($mode, $ids, $resync = true)
phpbb_unlink($file_ary['filename'], 'thumbnail', true);
}
}
set_config('upload_dir_size', $config['upload_dir_size'] - $space_removed, true);
set_config('num_files', $config['num_files'] - $files_removed, true);
if ($mode == 'topic' && !$resync)
if ($space_removed || $files_removed)
{
set_config('upload_dir_size', $config['upload_dir_size'] - $space_removed, true);
set_config('num_files', $config['num_files'] - $files_removed, true);
}
// If we do not resync, we do not need to adjust any message, post, topic or user entries
if (!$resync)
{
return $num_deleted;
}
if ($mode == 'post')
{
$post_ids = $ids;
}
// No more use for the original ids
unset($ids);
// Now, we need to resync posts, messages, topics. We go through every one of them
$post_ids = array_unique($post_ids);
$message_ids = array_unique($message_ids);
$topic_ids = array_unique($topic_ids);
// Update post indicators
// Update post indicators for posts now no longer having attachments
if (sizeof($post_ids))
{
if ($mode == 'post' || $mode == 'topic')
{
$sql = 'UPDATE ' . POSTS_TABLE . '
SET post_attachment = 0
WHERE ' . $db->sql_in_set('post_id', $post_ids);
$db->sql_query($sql);
}
if ($mode == 'user' || $mode == 'attach')
{
$remaining = array();
$sql = 'SELECT post_msg_id
FROM ' . ATTACHMENTS_TABLE . '
WHERE ' . $db->sql_in_set('post_msg_id', $post_ids) . '
AND in_message = 0';
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
$remaining[] = $row['post_msg_id'];
}
$db->sql_freeresult($result);
$unset_ids = array_diff($post_ids, $remaining);
if (sizeof($unset_ids))
{
$sql = 'UPDATE ' . POSTS_TABLE . '
SET post_attachment = 0
WHERE ' . $db->sql_in_set('post_id', $unset_ids);
$db->sql_query($sql);
}
$remaining = array();
$sql = 'SELECT post_msg_id
FROM ' . ATTACHMENTS_TABLE . '
WHERE ' . $db->sql_in_set('post_msg_id', $post_ids) . '
AND in_message = 1';
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
$remaining[] = $row['post_msg_id'];
}
$db->sql_freeresult($result);
$unset_ids = array_diff($post_ids, $remaining);
if (sizeof($unset_ids))
{
$sql = 'UPDATE ' . PRIVMSGS_TABLE . '
SET message_attachment = 0
WHERE ' . $db->sql_in_set('msg_id', $unset_ids);
$db->sql_query($sql);
}
}
$sql = 'UPDATE ' . POSTS_TABLE . '
SET post_attachment = 0
WHERE ' . $db->sql_in_set('post_id', $post_ids);
$db->sql_query($sql);
}
// Update message table if messages are affected
if (sizeof($message_ids))
{
$sql = 'UPDATE ' . PRIVMSGS_TABLE . '
SET message_attachment = 0
WHERE ' . $db->sql_in_set('msg_id', $message_ids);
$db->sql_query($sql);
}
// Now update the topics. This is a bit trickier, because there could be posts still having attachments within the topic
if (sizeof($topic_ids))
{
// Update topic indicator
if ($mode == 'topic')
// Just check which topics are still having an assigned attachment not orphaned by querying the attachments table (much less entries expected)
$sql = 'SELECT topic_id
FROM ' . ATTACHMENTS_TABLE . '
WHERE ' . $db->sql_in_set('topic_id', $topic_ids) . '
AND is_orphan = 0';
$result = $db->sql_query($sql);
$remaining_ids = array();
while ($row = $db->sql_fetchrow($result))
{
$remaining_ids[] = $row['topic_id'];
}
$db->sql_freeresult($result);
// Now only unset those ids remaining
$topic_ids = array_diff($topic_ids, $remaining_ids);
if (sizeof($topic_ids))
{
$sql = 'UPDATE ' . TOPICS_TABLE . '
SET topic_attachment = 0
WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
$db->sql_query($sql);
}
if ($mode == 'post' || $mode == 'user' || $mode == 'attach')
{
$remaining = array();
$sql = 'SELECT topic_id
FROM ' . ATTACHMENTS_TABLE . '
WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
$remaining[] = $row['topic_id'];
}
$db->sql_freeresult($result);
$unset_ids = array_diff($topic_ids, $remaining);
if (sizeof($unset_ids))
{
$sql = 'UPDATE ' . TOPICS_TABLE . '
SET topic_attachment = 0
WHERE ' . $db->sql_in_set('topic_id', $unset_ids);
$db->sql_query($sql);
}
}
}
return $num_deleted;
@ -1015,7 +980,7 @@ function delete_topic_shadows($max_age, $forum_id = '', $auto_sync = true)
. $where;
$db->sql_query($sql);
break;
default:
$sql = 'SELECT t.topic_id
FROM ' . TOPICS_TABLE . ' t, ' . TOPICS_TABLE . ' t2
@ -1213,7 +1178,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
AND t1.forum_id = t2.forum_id";
$db->sql_query($sql);
break;
default:
$sql = 'SELECT t1.topic_id
FROM ' .TOPICS_TABLE . ' t1, ' . TOPICS_TABLE . " t2
@ -2369,7 +2334,7 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id
$log_type = LOG_USERS;
$sql_forum = 'AND l.reportee_id = ' . (int) $user_id;
break;
case 'users':
$log_type = LOG_USERS;
$sql_forum = '';
@ -2379,7 +2344,7 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id
$log_type = LOG_CRITICAL;
$sql_forum = '';
break;
default:
return;
}
@ -2433,8 +2398,14 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id
if (isset($user->lang[$row['log_operation']]))
{
// We supress the warning about inappropriate number of passed parameters here due to possible changes within LOG strings from one version to another.
$log[$i]['action'] = @vsprintf($log[$i]['action'], $log_data_ary);
// Check if there are more occurrences of % than arguments, if there are we fill out the arguments array
// It doesn't matter if we add more arguments than placeholders
if (substr_count($log[$i]['action'], '%') - sizeof($log_data_ary))
{
$log_data_ary = array_merge($log_data_ary, array_fill(0, substr_count($log[$i]['action'], '%') - sizeof($log_data_ary), ''));
}
$log[$i]['action'] = vsprintf($log[$i]['action'], $log_data_ary);
// If within the admin panel we do not censor text out
if (defined('IN_ADMIN'))
@ -2615,7 +2586,7 @@ function update_foes($group_id = false, $user_id = false)
{
case 'mysqli':
case 'mysql4':
$sql = 'DELETE ' . (($db->sql_layer === 'mysqli' || version_compare($db->mysql_version, '4.1', '>=')) ? 'z.*' : ZEBRA_TABLE) . '
$sql = 'DELETE ' . (($db->sql_layer === 'mysqli' || version_compare($db->sql_server_info(true), '4.1', '>=')) ? 'z.*' : ZEBRA_TABLE) . '
FROM ' . ZEBRA_TABLE . ' z, ' . USER_GROUP_TABLE . ' ug
WHERE z.zebra_id = ug.user_id
AND z.foe = 1
@ -2637,7 +2608,7 @@ function update_foes($group_id = false, $user_id = false)
$db->sql_freeresult($result);
if (sizeof($users))
{
{
$sql = 'DELETE FROM ' . ZEBRA_TABLE . '
WHERE ' . $db->sql_in_set('zebra_id', $users) . '
AND foe = 1';
@ -2717,7 +2688,7 @@ function view_inactive_users(&$users, &$user_count, $limit = 0, $offset = 0, $li
$row['inactive_reason'] = $user->lang['INACTIVE_REASON_REMIND'];
break;
}
$users[] = $row;
}
@ -2897,7 +2868,7 @@ function get_remote_file($host, $directory, $filename, &$errstr, &$errno, $port
@fputs($fsock, "GET $directory/$filename HTTP/1.1\r\n");
@fputs($fsock, "HOST: $host\r\n");
@fputs($fsock, "Connection: close\r\n\r\n");
$file_info = '';
$get_info = false;
@ -2936,7 +2907,7 @@ function get_remote_file($host, $directory, $filename, &$errstr, &$errno, $port
return false;
}
}
return $file_info;
}
@ -2972,7 +2943,7 @@ function tidy_warnings()
$sql = 'DELETE FROM ' . WARNINGS_TABLE . '
WHERE ' . $db->sql_in_set('warning_id', $warning_list);
$db->sql_query($sql);
foreach ($user_list as $user_id => $value)
{
$sql = 'UPDATE ' . USERS_TABLE . " SET user_warnings = user_warnings - $value
@ -3034,7 +3005,7 @@ function add_permission_language()
// Now search in acp and mods folder for permissions_ files.
foreach (array('acp/', 'mods/') as $path)
{
$dh = @opendir($user->lang_path . $path);
$dh = @opendir($user->lang_path . $user->lang_name . '/' . $path);
if ($dh)
{

10
phpBB/includes/functions_compress.php
View file

@ -228,7 +228,7 @@ class compress_zip extends compress
{
trigger_error("Could not create directory $folder");
}
@chmod($str, 0777);
phpbb_chmod($str, CHMOD_READ | CHMOD_WRITE);
}
}
}
@ -257,7 +257,7 @@ class compress_zip extends compress
{
trigger_error("Could not create directory $folder");
}
@chmod($str, 0777);
phpbb_chmod($str, CHMOD_READ | CHMOD_WRITE);
}
}
}
@ -544,7 +544,7 @@ class compress_tar extends compress
{
trigger_error("Could not create directory $folder");
}
@chmod($str, 0777);
phpbb_chmod($str, CHMOD_READ | CHMOD_WRITE);
}
}
}
@ -571,7 +571,7 @@ class compress_tar extends compress
{
trigger_error("Could not create directory $folder");
}
@chmod($str, 0777);
phpbb_chmod($str, CHMOD_READ | CHMOD_WRITE);
}
}
@ -580,7 +580,7 @@ class compress_tar extends compress
{
trigger_error("Couldn't create file $filename");
}
@chmod($target_filename, 0777);
phpbb_chmod($target_filename, CHMOD_READ);
// Grab the file contents
fwrite($fp, ($filesize) ? $fzread($this->fp, ($filesize + 511) &~ 511) : '', $filesize);

89
phpBB/includes/functions_content.php
View file

@ -41,57 +41,66 @@ if (!defined('IN_PHPBB'))
/**
* Generate sort selection fields
*/
function gen_sort_selects(&$limit_days, &$sort_by_text, &$sort_days, &$sort_key, &$sort_dir, &$s_limit_days, &$s_sort_key, &$s_sort_dir, &$u_sort_param)
function gen_sort_selects(&$limit_days, &$sort_by_text, &$sort_days, &$sort_key, &$sort_dir, &$s_limit_days, &$s_sort_key, &$s_sort_dir, &$u_sort_param, $def_st = false, $def_sk = false, $def_sd = false)
{
global $user;
$sort_dir_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']);
// Check if the key is selectable. If not, we reset to the first key found.
// This ensures the values are always valid.
if (!isset($limit_days[$sort_days]))
{
@reset($limit_days);
$sort_days = key($limit_days);
}
$sorts = array(
'st' => array(
'key' => 'sort_days',
'default' => $def_st,
'options' => $limit_days,
'output' => &$s_limit_days,
),
if (!isset($sort_by_text[$sort_key]))
{
@reset($sort_by_text);
$sort_key = key($sort_by_text);
}
'sk' => array(
'key' => 'sort_key',
'default' => $def_sk,
'options' => $sort_by_text,
'output' => &$s_sort_key,
),
if (!isset($sort_dir_text[$sort_dir]))
{
@reset($sort_dir_text);
$sort_dir = key($sort_dir_text);
}
'sd' => array(
'key' => 'sort_dir',
'default' => $def_sd,
'options' => $sort_dir_text,
'output' => &$s_sort_dir,
),
);
$u_sort_param = '';
$s_limit_days = '<select name="st" id="st">';
foreach ($limit_days as $day => $text)
foreach ($sorts as $name => $sort_ary)
{
$selected = ($sort_days == $day) ? ' selected="selected"' : '';
$s_limit_days .= '<option value="' . $day . '"' . $selected . '>' . $text . '</option>';
}
$s_limit_days .= '</select>';
$key = $sort_ary['key'];
$selected = $$sort_ary['key'];
$s_sort_key = '<select name="sk" id="sk">';
foreach ($sort_by_text as $key => $text)
{
$selected = ($sort_key == $key) ? ' selected="selected"' : '';
$s_sort_key .= '<option value="' . $key . '"' . $selected . '>' . $text . '</option>';
}
$s_sort_key .= '</select>';
// Check if the key is selectable. If not, we reset to the default or first key found.
// This ensures the values are always valid. We also set $sort_dir/sort_key/etc. to the
// correct value, else the protection is void. ;)
if (!isset($sort_ary['options'][$selected]))
{
if ($sort_ary['default'] !== false)
{
$selected = $$key = $sort_ary['default'];
}
else
{
@reset($sort_ary['options']);
$selected = $$key = key($sort_ary['options']);
}
}
$s_sort_dir = '<select name="sd" id="sd">';
foreach ($sort_dir_text as $key => $value)
{
$selected = ($sort_dir == $key) ? ' selected="selected"' : '';
$s_sort_dir .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>';
}
$s_sort_dir .= '</select>';
$sort_ary['output'] = '<select name="' . $name . '" id="' . $name . '">';
foreach ($sort_ary['options'] as $option => $text)
{
$sort_ary['output'] .= '<option value="' . $option . '"' . (($selected == $option) ? ' selected="selected"' : '') . '>' . $text . '</option>';
}
$sort_ary['output'] .= '</select>';
$u_sort_param = "st=$sort_days&amp;sk=$sort_key&amp;sd=$sort_dir";
$u_sort_param .= ($selected !== $sort_ary['default']) ? ((strlen($u_sort_param)) ? '&amp;' : '') . "{$name}={$selected}" : '';
}
return;
}
@ -239,7 +248,7 @@ function bump_topic_allowed($forum_id, $topic_bumped, $last_post_time, $topic_po
function get_context($text, $words, $length = 400)
{
// first replace all whitespaces with single spaces
$text = preg_replace('/ +/', ' ', strtr($text, "\t\n\r\x0C ", ' '), $text);
$text = preg_replace('/ +/', ' ', strtr($text, "\t\n\r\x0C ", ' '));
$word_indizes = array();
if (sizeof($words))

3
phpBB/includes/functions_convert.php
View file

@ -1744,6 +1744,7 @@ function sync_post_count($offset, $limit)
$sql = 'SELECT COUNT(post_id) AS num_posts, poster_id
FROM ' . POSTS_TABLE . '
WHERE post_postcount = 1
AND post_approved = 1
GROUP BY poster_id
ORDER BY poster_id';
$result = $db->sql_query_limit($sql, $limit, $offset);
@ -1951,7 +1952,7 @@ function update_dynamic_config()
FROM ' . ATTACHMENTS_TABLE . '
WHERE is_orphan = 0';
$result = $db->sql_query($sql);
set_config('upload_dir_size', (int) $db->sql_fetchfield('stat'), true);
set_config('upload_dir_size', (float) $db->sql_fetchfield('stat'), true);
$db->sql_freeresult($result);
/**

94
phpBB/includes/functions_display.php
View file

@ -205,6 +205,12 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
$subforums[$parent_id][$forum_id]['display'] = ($row['display_on_index']) ? true : false;
$subforums[$parent_id][$forum_id]['name'] = $row['forum_name'];
$subforums[$parent_id][$forum_id]['orig_forum_last_post_time'] = $row['forum_last_post_time'];
$subforums[$parent_id][$forum_id]['children'] = array();
if (isset($subforums[$parent_id][$row['parent_id']]) && !$row['display_on_index'])
{
$subforums[$parent_id][$row['parent_id']]['children'][] = $forum_id;
}
$forum_rows[$parent_id]['forum_topics'] += $row['forum_topics'];
@ -231,23 +237,30 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
// Handle marking posts
if ($mark_read == 'forums' || $mark_read == 'all')
{
$redirect = build_url('mark');
if ($mark_read == 'all')
$redirect = build_url('mark', 'hash');
$token = request_var('hash', '');
if (check_link_hash($token, 'global'))
{
markread('all');
$message = sprintf($user->lang['RETURN_INDEX'], '<a href="' . $redirect . '">', '</a>');
if ($mark_read == 'all')
{
markread('all');
$message = sprintf($user->lang['RETURN_INDEX'], '<a href="' . $redirect . '">', '</a>');
}
else
{
markread('topics', $forum_ids);
$message = sprintf($user->lang['RETURN_FORUM'], '<a href="' . $redirect . '">', '</a>');
}
meta_refresh(3, $redirect);
trigger_error($user->lang['FORUMS_MARKED'] . '<br /><br />' . $message);
}
else
{
markread('topics', $forum_ids);
$message = sprintf($user->lang['RETURN_FORUM'], '<a href="' . $redirect . '">', '</a>');
$message = sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>');
meta_refresh(3, $redirect);
trigger_error($message);
}
meta_refresh(3, $redirect);
trigger_error($user->lang['FORUMS_MARKED'] . '<br /><br />' . $message);
}
// Grab moderators ... if necessary
@ -297,6 +310,19 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
{
$subforum_unread = (isset($forum_tracking_info[$subforum_id]) && $subforum_row['orig_forum_last_post_time'] > $forum_tracking_info[$subforum_id]) ? true : false;
if (!$subforum_unread && !empty($subforum_row['children']))
{
foreach ($subforum_row['children'] as $child_id)
{
if (isset($forum_tracking_info[$child_id]) && $subforums[$forum_id][$child_id]['orig_forum_last_post_time'] > $forum_tracking_info[$child_id])
{
// Once we found an unread child forum, we can drop out of this loop
$subforum_unread = true;
break;
}
}
}
if ($subforum_row['display'] && $subforum_row['name'])
{
$subforums_list[] = array(
@ -444,7 +470,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
}
$template->assign_vars(array(
'U_MARK_FORUMS' => ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $root_data['forum_id'] . '&amp;mark=forums') : '',
'U_MARK_FORUMS' => ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'hash=' . generate_link_hash('global') . '&amp;f=' . $root_data['forum_id'] . '&amp;mark=forums') : '',
'S_HAS_SUBFORUM' => ($visible_forums) ? true : false,
'L_SUBFORUM' => ($visible_forums == 1) ? $user->lang['SUBFORUM'] : $user->lang['SUBFORUMS'],
'LAST_POST_IMG' => $user->img('icon_topic_latest', 'VIEW_LATEST_POST'))
@ -630,7 +656,7 @@ function topic_generate_pagination($replies, $url)
*/
function get_moderators(&$forum_moderators, $forum_id = false)
{
global $config, $template, $db, $phpbb_root_path, $phpEx;
global $config, $template, $db, $phpbb_root_path, $phpEx, $user, $auth;
// Have we disabled the display of moderators? If so, then return
// from whence we came ...
@ -689,7 +715,16 @@ function get_moderators(&$forum_moderators, $forum_id = false)
}
else
{
$forum_moderators[$row['forum_id']][] = '<a' . (($row['group_colour']) ? ' style="color:#' . $row['group_colour'] . ';"' : '') . ' href="' . append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=group&amp;g=' . $row['group_id']) . '">' . (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</a>';
$group_name = (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']);
if ($user->data['user_id'] != ANONYMOUS && !$auth->acl_get('u_viewprofile'))
{
$forum_moderators[$row['forum_id']][] = '<span' . (($row['group_colour']) ? ' style="color:#' . $row['group_colour'] . ';"' : '') . '>' . $group_name . '</span>';
}
else
{
$forum_moderators[$row['forum_id']][] = '<a' . (($row['group_colour']) ? ' style="color:#' . $row['group_colour'] . ';"' : '') . ' href="' . append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=group&amp;g=' . $row['group_id']) . '">' . $group_name . '</a>';
}
}
}
$db->sql_freeresult($result);
@ -772,7 +807,8 @@ function topic_status(&$topic_row, $replies, $unread_topic, &$folder_img, &$fold
$folder = 'topic_read';
$folder_new = 'topic_unread';
if ($config['hot_threshold'] && $replies >= $config['hot_threshold'] && $topic_row['topic_status'] != ITEM_LOCKED)
// Hot topic threshold is for posts in a topic, which is replies + the first post. ;)
if ($config['hot_threshold'] && ($replies + 1) >= $config['hot_threshold'] && $topic_row['topic_status'] != ITEM_LOCKED)
{
$folder .= '_hot';
$folder_new .= '_hot';
@ -988,8 +1024,8 @@ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id,
$table_sql = ($mode == 'forum') ? FORUMS_WATCH_TABLE : TOPICS_WATCH_TABLE;
$where_sql = ($mode == 'forum') ? 'forum_id' : 'topic_id';
$match_id = ($mode == 'forum') ? $forum_id : $topic_id;
$u_url = ($mode == 'forum') ? 'f' : 'f=' . $forum_id . '&amp;t';
$u_url = "uid={$user->data['user_id']}";
$u_url .= ($mode == 'forum') ? '&amp;f' : '&amp;f=' . $forum_id . '&amp;t';
// Is user watching this thread?
if ($user_id != ANONYMOUS)
@ -1010,8 +1046,16 @@ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id,
if (!is_null($notify_status) && $notify_status !== '')
{
if (isset($_GET['unwatch']))
{
$uid = request_var('uid', 0);
if ($uid != $user_id)
{
$redirect_url = append_sid("{$phpbb_root_path}view$mode.$phpEx", "$u_url=$match_id&amp;start=$start");
$message = $user->lang['ERR_UNWATCHING'] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>');
trigger_error($message);
}
if ($_GET['unwatch'] == $mode)
{
$is_watching = 0;
@ -1047,19 +1091,25 @@ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id,
{
if (isset($_GET['watch']))
{
if ($_GET['watch'] == $mode)
$token = request_var('hash', '');
$redirect_url = append_sid("{$phpbb_root_path}view$mode.$phpEx", "$u_url=$match_id&amp;start=$start");
if ($_GET['watch'] == $mode && check_link_hash($token, "{$mode}_$match_id"))
{
$is_watching = true;
$sql = 'INSERT INTO ' . $table_sql . " (user_id, $where_sql, notify_status)
VALUES ($user_id, $match_id, 0)";
$db->sql_query($sql);
$message = $user->lang['ARE_WATCHING_' . strtoupper($mode)] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>');
}
else
{
$message = $user->lang['ERR_WATCHING'] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>');
}
$redirect_url = append_sid("{$phpbb_root_path}view$mode.$phpEx", "$u_url=$match_id&amp;start=$start");
meta_refresh(3, $redirect_url);
$message = $user->lang['ARE_WATCHING_' . strtoupper($mode)] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>');
trigger_error($message);
}
else
@ -1083,7 +1133,7 @@ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id,
if ($can_watch)
{
$s_watching['link'] = append_sid("{$phpbb_root_path}view$mode.$phpEx", "$u_url=$match_id&amp;" . (($is_watching) ? 'unwatch' : 'watch') . "=$mode&amp;start=$start");
$s_watching['link'] = append_sid("{$phpbb_root_path}view$mode.$phpEx", "$u_url=$match_id&amp;" . (($is_watching) ? 'unwatch' : 'watch') . "=$mode&amp;start=$start&amp;hash=" . generate_link_hash("{$mode}_$match_id"));
$s_watching['title'] = $user->lang[(($is_watching) ? 'STOP' : 'START') . '_WATCHING_' . strtoupper($mode)];
$s_watching['is_watching'] = $is_watching;
}
@ -1169,7 +1219,7 @@ function get_user_avatar($avatar, $avatar_type, $avatar_width, $avatar_height, $
}
$avatar_img .= $avatar;
return '<img src="' . $avatar_img . '" width="' . $avatar_width . '" height="' . $avatar_height . '" alt="' . ((!empty($user->lang[$alt])) ? $user->lang[$alt] : $alt) . '" />';
return '<img src="' . (str_replace(' ', '%20', $avatar_img)) . '" width="' . $avatar_width . '" height="' . $avatar_height . '" alt="' . ((!empty($user->lang[$alt])) ? $user->lang[$alt] : $alt) . '" />';
}
?>

38
phpBB/includes/functions_jabber.php
View file

@ -20,7 +20,7 @@ if (!defined('IN_PHPBB'))
*
* Jabber class from Flyspray project
*
* @version class.jabber2.php 1488 2007-11-25
* @version class.jabber2.php 1595 2008-09-19 (0.9.9)
* @copyright 2006 Flyspray.org
* @author Florian Schmitz (floele)
*
@ -35,6 +35,7 @@ class jabber
var $timeout = 10;
var $server;
var $connect_server;
var $port;
var $username;
var $password;
@ -50,9 +51,23 @@ class jabber
*/
function jabber($server, $port, $username, $password, $use_ssl = false)
{
$this->server = ($server) ? $server : 'localhost';
$this->connect_server = ($server) ? $server : 'localhost';
$this->port = ($port) ? $port : 5222;
$this->username = $username;
// Get the server and the username
if (strpos($username, '@') === false)
{
$this->server = $this->connect_server;
$this->username = $username;
}
else
{
$jid = explode('@', $username, 2);
$this->username = $jid[0];
$this->server = $jid[1];
}
$this->password = $password;
$this->use_ssl = ($use_ssl && $this->can_use_ssl()) ? true : false;
@ -123,7 +138,7 @@ class jabber
$this->session['ssl'] = $this->use_ssl;
if ($this->open_socket($this->server, $this->port, $this->use_ssl))
if ($this->open_socket($this->connect_server, $this->port, $this->use_ssl))
{
$this->send("<?xml version='1.0' encoding='UTF-8' ?" . ">\n");
$this->send("<stream:stream to='{$this->server}' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>\n");
@ -399,13 +414,11 @@ class jabber
$second_time = isset($this->session['id']);
$this->session['id'] = $xml['stream:stream'][0]['@']['id'];
/** Currently commented out due to problems with some jabber server - reason unknown
if ($second_time)
{
// If we are here for the second time after TLS, we need to continue logging in
$this->login();
return;
}*/
return $this->login();
}
// go on with authentication?
if (isset($this->features['stream:features'][0]['#']['bind']) || !empty($this->session['tls']))
@ -501,14 +514,7 @@ class jabber
}
// better generate a cnonce, maybe it's needed
$str = '';
mt_srand((double)microtime()*10000000);
for ($i = 0; $i < 32; $i++)
{
$str .= chr(mt_rand(0, 255));
}
$decoded['cnonce'] = base64_encode($str);
$decoded['cnonce'] = base64_encode(md5(uniqid(mt_rand(), true)));
// second challenge?
if (isset($decoded['rspauth']))

26
phpBB/includes/functions_messenger.php
View file

@ -562,7 +562,7 @@ class queue
$fp = @fopen($this->cache_file . '.lock', 'wb');
fclose($fp);
@chmod($this->cache_file . '.lock', 0666);
@chmod($this->cache_file . '.lock', 0777);
include($this->cache_file);
@ -683,21 +683,21 @@ class queue
break;
}
}
if (!sizeof($this->queue_data))
{
@unlink($this->cache_file);
}
else
{
if ($fp = @fopen($this->cache_file, 'w'))
if ($fp = @fopen($this->cache_file, 'wb'))
{
@flock($fp, LOCK_EX);
fwrite($fp, "<?php\n\$this->queue_data = " . var_export($this->queue_data, true) . ";\n?>");
fwrite($fp, "<?php\n\$this->queue_data = unserialize(" . var_export(serialize($this->queue_data), true) . ");\n\n?>");
@flock($fp, LOCK_UN);
fclose($fp);
@chmod($this->cache_file, 0666);
phpbb_chmod($this->cache_file, CHMOD_WRITE);
}
}
@ -713,11 +713,11 @@ class queue
{
return;
}
if (file_exists($this->cache_file))
{
include($this->cache_file);
foreach ($this->queue_data as $object => $data_ary)
{
if (isset($this->data[$object]) && sizeof($this->data[$object]))
@ -734,11 +734,11 @@ class queue
if ($fp = @fopen($this->cache_file, 'w'))
{
@flock($fp, LOCK_EX);
fwrite($fp, "<?php\n\$this->queue_data = " . var_export($this->data, true) . ";\n?>");
fwrite($fp, "<?php\n\$this->queue_data = unserialize(" . var_export(serialize($this->data), true) . ");\n\n?>");
@flock($fp, LOCK_UN);
fclose($fp);
@chmod($this->cache_file, 0666);
phpbb_chmod($this->cache_file, CHMOD_WRITE);
}
}
}
@ -1047,7 +1047,7 @@ class smtp_class
$err_msg .= $message;
}
}
/**
* Log into server and get possible auth codes if neccessary
*/
@ -1108,7 +1108,7 @@ class smtp_class
return false;
}
// If EHLO fails, we try HELO
// If EHLO fails, we try HELO
$this->server_send("HELO {$local_host}");
if ($err_msg = $this->server_parse('250', __LINE__))
{
@ -1129,7 +1129,7 @@ class smtp_class
{
return false;
}
if (!isset($this->commands['AUTH']))
{
return (isset($user->lang['SMTP_NO_AUTH_SUPPORT'])) ? $user->lang['SMTP_NO_AUTH_SUPPORT'] : 'SMTP server does not support authentication';
@ -1290,7 +1290,7 @@ class smtp_class
}
$md5_challenge = base64_decode($this->responses[0]);
// Parse the md5 challenge - from AUTH_SASL (PEAR)
$tokens = array();
while (preg_match('/^([a-z-]+)=("[^"]+(?<!\\\)"|[^,]+)/i', $md5_challenge, $matches))

4
phpBB/includes/functions_module.php
View file

@ -818,11 +818,11 @@ class p_master
{
global $user, $phpEx;
if (file_exists($user->lang_path . 'mods'))
if (file_exists($user->lang_path . $user->lang_name . '/mods'))
{
$add_files = array();
$dir = @opendir($user->lang_path . 'mods');
$dir = @opendir($user->lang_path . $user->lang_name . '/mods');
if ($dir)
{

88
phpBB/includes/functions_posting.php
View file

@ -688,6 +688,10 @@ function create_thumbnail($source, $destination, $mimetype)
return false;
}
// Preserve alpha transparency (png for example)
@imagealphablending($new_image, false);
@imagesavealpha($new_image, true);
imagecopyresampled($new_image, $image, 0, 0, 0, 0, $new_width, $new_height, $width, $height);
}
@ -729,7 +733,7 @@ function create_thumbnail($source, $destination, $mimetype)
return false;
}
@chmod($destination, 0666);
phpbb_chmod($destination, CHMOD_READ | CHMOD_WRITE);
return true;
}
@ -761,20 +765,20 @@ function posting_gen_inline_attachments(&$attachment_data)
/**
* Generate inline attachment entry
*/
function posting_gen_attachment_entry($attachment_data, &$filename_data)
function posting_gen_attachment_entry($attachment_data, &$filename_data, $show_attach_box = true)
{
global $template, $config, $phpbb_root_path, $phpEx, $user;
global $template, $config, $phpbb_root_path, $phpEx, $user, $auth;
// Some default template variables
$template->assign_vars(array(
'S_SHOW_ATTACH_BOX' => true)
);
'S_SHOW_ATTACH_BOX' => $show_attach_box,
'S_HAS_ATTACHMENTS' => sizeof($attachment_data),
'FILESIZE' => $config['max_filesize'],
'FILE_COMMENT' => (isset($filename_data['filecomment'])) ? $filename_data['filecomment'] : '',
));
if (sizeof($attachment_data))
{
$template->assign_vars(array(
'S_HAS_ATTACHMENTS' => true)
);
// We display the posted attachments within the desired order.
($config['display_order']) ? krsort($attachment_data) : ksort($attachment_data);
@ -804,11 +808,6 @@ function posting_gen_attachment_entry($attachment_data, &$filename_data)
}
}
$template->assign_vars(array(
'FILE_COMMENT' => $filename_data['filecomment'],
'FILESIZE' => $config['max_filesize'])
);
return sizeof($attachment_data);
}
@ -1251,6 +1250,7 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
$msg_list_ary[$row['template']][$pos]['jabber'] = $row['user_jabber'];
$msg_list_ary[$row['template']][$pos]['name'] = $row['username'];
$msg_list_ary[$row['template']][$pos]['lang'] = $row['user_lang'];
$msg_list_ary[$row['template']][$pos]['user_id']= $row['user_id'];
}
unset($msg_users);
@ -1271,8 +1271,8 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
'U_FORUM' => generate_board_url() . "/viewforum.$phpEx?f=$forum_id",
'U_TOPIC' => generate_board_url() . "/viewtopic.$phpEx?f=$forum_id&t=$topic_id",
'U_NEWEST_POST' => generate_board_url() . "/viewtopic.$phpEx?f=$forum_id&t=$topic_id&p=$post_id&e=$post_id",
'U_STOP_WATCHING_TOPIC' => generate_board_url() . "/viewtopic.$phpEx?f=$forum_id&t=$topic_id&unwatch=topic",
'U_STOP_WATCHING_FORUM' => generate_board_url() . "/viewforum.$phpEx?f=$forum_id&unwatch=forum",
'U_STOP_WATCHING_TOPIC' => generate_board_url() . "/viewtopic.$phpEx?uid={$addr['user_id']}&f=$forum_id&t=$topic_id&unwatch=topic",
'U_STOP_WATCHING_FORUM' => generate_board_url() . "/viewforum.$phpEx?uid={$addr['user_id']}&f=$forum_id&unwatch=forum",
));
$messenger->send($addr['method']);
@ -1437,7 +1437,7 @@ function delete_post($forum_id, $topic_id, $post_id, &$data)
$sql_data[FORUMS_TABLE] = ($data['post_approved']) ? 'forum_posts = forum_posts - 1' : '';
}
$sql_data[TOPICS_TABLE] = 'topic_first_post_id = ' . intval($row['post_id']) . ", topic_first_poster_colour = '" . $db->sql_escape($row['user_colour']) . "', topic_first_poster_name = '" . (($row['poster_id'] == ANONYMOUS) ? $db->sql_escape($row['post_username']) : $db->sql_escape($row['username'])) . "'";
$sql_data[TOPICS_TABLE] = 'topic_poster = ' . intval($row['poster_id']) . ', topic_first_post_id = ' . intval($row['post_id']) . ", topic_first_poster_colour = '" . $db->sql_escape($row['user_colour']) . "', topic_first_poster_name = '" . (($row['poster_id'] == ANONYMOUS) ? $db->sql_escape($row['post_username']) : $db->sql_escape($row['username'])) . "'";
// Decrementing topic_replies here is fine because this case only happens if there is more than one post within the topic - basically removing one "reply"
$sql_data[TOPICS_TABLE] .= ', topic_replies_real = topic_replies_real - 1' . (($data['post_approved']) ? ', topic_replies = topic_replies - 1' : '');
@ -1604,10 +1604,18 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
$data['post_approved'] = $topic_row['post_approved'];
}
// This variable indicates if the user is able to post or put into the queue - it is used later for all code decisions regarding approval
$post_approval = 1;
// Check the permissions for post approval, as well as the queue trigger where users are put on approval with a post count lower than specified. Moderators are not affected.
if (($config['enable_queue_trigger'] && $user->data['user_posts'] < $config['queue_trigger_posts'] && !$auth->acl_get('m_approve', $data['forum_id'])) || !$auth->acl_get('f_noapprove', $data['forum_id']))
{
$post_approval = 0;
}
// Start the transaction here
$db->sql_transaction('begin');
// Collect Information
switch ($post_mode)
{
@ -1619,7 +1627,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
'icon_id' => $data['icon_id'],
'poster_ip' => $user->ip,
'post_time' => $current_time,
'post_approved' => (!$auth->acl_get('f_noapprove', $data['forum_id']) && !$auth->acl_get('m_approve', $data['forum_id'])) ? 0 : 1,
'post_approved' => $post_approval,
'enable_bbcode' => $data['enable_bbcode'],
'enable_smilies' => $data['enable_smilies'],
'enable_magic_url' => $data['enable_urls'],
@ -1685,7 +1693,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
'forum_id' => ($topic_type == POST_GLOBAL) ? 0 : $data['forum_id'],
'poster_id' => $data['poster_id'],
'icon_id' => $data['icon_id'],
'post_approved' => (!$auth->acl_get('f_noapprove', $data['forum_id']) && !$auth->acl_get('m_approve', $data['forum_id'])) ? 0 : $data['post_approved'],
'post_approved' => (!$post_approval) ? 0 : $data['post_approved'],
'enable_bbcode' => $data['enable_bbcode'],
'enable_smilies' => $data['enable_smilies'],
'enable_magic_url' => $data['enable_urls'],
@ -1719,7 +1727,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
'topic_time' => $current_time,
'forum_id' => ($topic_type == POST_GLOBAL) ? 0 : $data['forum_id'],
'icon_id' => $data['icon_id'],
'topic_approved' => (!$auth->acl_get('f_noapprove', $data['forum_id']) && !$auth->acl_get('m_approve', $data['forum_id'])) ? 0 : 1,
'topic_approved' => $post_approval,
'topic_title' => $subject,
'topic_first_poster_name' => (!$user->data['is_registered'] && $username) ? $username : (($user->data['user_id'] != ANONYMOUS) ? $user->data['username'] : ''),
'topic_first_poster_colour' => $user->data['user_colour'],
@ -1739,24 +1747,23 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
);
}
$sql_data[USERS_TABLE]['stat'][] = "user_lastpost_time = $current_time" . (($auth->acl_get('f_postcount', $data['forum_id'])) ? ', user_posts = user_posts + 1' : '');
$sql_data[USERS_TABLE]['stat'][] = "user_lastpost_time = $current_time" . (($auth->acl_get('f_postcount', $data['forum_id']) && $post_approval) ? ', user_posts = user_posts + 1' : '');
if ($topic_type != POST_GLOBAL)
{
if ($auth->acl_get('f_noapprove', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id']))
if ($post_approval)
{
$sql_data[FORUMS_TABLE]['stat'][] = 'forum_posts = forum_posts + 1';
}
$sql_data[FORUMS_TABLE]['stat'][] = 'forum_topics_real = forum_topics_real + 1' . (($auth->acl_get('f_noapprove', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id'])) ? ', forum_topics = forum_topics + 1' : '');
$sql_data[FORUMS_TABLE]['stat'][] = 'forum_topics_real = forum_topics_real + 1' . (($post_approval) ? ', forum_topics = forum_topics + 1' : '');
}
break;
case 'reply':
$sql_data[TOPICS_TABLE]['stat'][] = 'topic_replies_real = topic_replies_real + 1, topic_bumped = 0, topic_bumper = 0' . (($auth->acl_get('f_noapprove', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id'])) ? ', topic_replies = topic_replies + 1' : '') . ((!empty($data['attachment_data']) || (isset($data['topic_attachment']) && $data['topic_attachment'])) ? ', topic_attachment = 1' : '');
$sql_data[TOPICS_TABLE]['stat'][] = 'topic_replies_real = topic_replies_real + 1, topic_bumped = 0, topic_bumper = 0' . (($post_approval) ? ', topic_replies = topic_replies + 1' : '') . ((!empty($data['attachment_data']) || (isset($data['topic_attachment']) && $data['topic_attachment'])) ? ', topic_attachment = 1' : '');
$sql_data[USERS_TABLE]['stat'][] = "user_lastpost_time = $current_time" . (($auth->acl_get('f_postcount', $data['forum_id']) && $post_approval) ? ', user_posts = user_posts + 1' : '');
$sql_data[USERS_TABLE]['stat'][] = "user_lastpost_time = $current_time" . (($auth->acl_get('f_postcount', $data['forum_id'])) ? ', user_posts = user_posts + 1' : '');
if (($auth->acl_get('f_noapprove', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id'])) && $topic_type != POST_GLOBAL)
if ($post_approval && $topic_type != POST_GLOBAL)
{
$sql_data[FORUMS_TABLE]['stat'][] = 'forum_posts = forum_posts + 1';
}
@ -1768,7 +1775,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
$sql_data[TOPICS_TABLE]['sql'] = array(
'forum_id' => ($topic_type == POST_GLOBAL) ? 0 : $data['forum_id'],
'icon_id' => $data['icon_id'],
'topic_approved' => (!$auth->acl_get('f_noapprove', $data['forum_id']) && !$auth->acl_get('m_approve', $data['forum_id'])) ? 0 : $data['topic_approved'],
'topic_approved' => (!$post_approval) ? 0 : $data['topic_approved'],
'topic_title' => $subject,
'topic_first_poster_name' => $username,
'topic_type' => $topic_type,
@ -1783,7 +1790,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
);
// Correctly set back the topic replies and forum posts... only if the topic was approved before and now gets disapproved
if (!$auth->acl_get('f_noapprove', $data['forum_id']) && !$auth->acl_get('m_approve', $data['forum_id']) && $data['topic_approved'])
if (!$post_approval && $data['topic_approved'])
{
// Do we need to grab some topic informations?
if (!sizeof($topic_row))
@ -1805,6 +1812,12 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
set_config('num_topics', $config['num_topics'] - 1, true);
set_config('num_posts', $config['num_posts'] - ($topic_row['topic_replies'] + 1), true);
// Only decrement this post, since this is the one non-approved now
if ($auth->acl_get('f_postcount', $data['forum_id']))
{
$sql_data[USERS_TABLE]['stat'][] = 'user_posts = user_posts - 1';
}
}
break;
@ -1813,12 +1826,17 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
case 'edit_last_post':
// Correctly set back the topic replies and forum posts... but only if the post was approved before.
if (!$auth->acl_get('f_noapprove', $data['forum_id']) && !$auth->acl_get('m_approve', $data['forum_id']) && $data['post_approved'])
if (!$post_approval && $data['post_approved'])
{
$sql_data[TOPICS_TABLE]['stat'][] = 'topic_replies = topic_replies - 1';
$sql_data[FORUMS_TABLE]['stat'][] = 'forum_posts = forum_posts - 1';
set_config('num_posts', $config['num_posts'] - 1, true);
if ($auth->acl_get('f_postcount', $data['forum_id']))
{
$sql_data[USERS_TABLE]['stat'][] = 'user_posts = user_posts - 1';
}
}
break;
@ -2294,7 +2312,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
}
// Update total post count, do not consider moderated posts/topics
if ($auth->acl_get('f_noapprove', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id']))
if ($post_approval)
{
if ($post_mode == 'post')
{
@ -2309,7 +2327,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
}
// Update forum stats
$where_sql = array(POSTS_TABLE => 'post_id = ' . $data['post_id'], TOPICS_TABLE => 'topic_id = ' . $data['topic_id'], FORUMS_TABLE => 'forum_id = ' . $data['forum_id'], USERS_TABLE => 'user_id = ' . $user->data['user_id']);
$where_sql = array(POSTS_TABLE => 'post_id = ' . $data['post_id'], TOPICS_TABLE => 'topic_id = ' . $data['topic_id'], FORUMS_TABLE => 'forum_id = ' . $data['forum_id'], USERS_TABLE => 'user_id = ' . $poster_id);
foreach ($sql_data as $table => $update_ary)
{
@ -2426,14 +2444,14 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
}
// Send Notifications
if ($mode != 'edit' && $mode != 'delete' && ($auth->acl_get('f_noapprove', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id'])))
if ($mode != 'edit' && $mode != 'delete' && $post_approval)
{
user_notification($mode, $subject, $data['topic_title'], $data['forum_name'], $data['forum_id'], $data['topic_id'], $data['post_id']);
}
$params = $add_anchor = '';
if ($auth->acl_get('f_noapprove', $data['forum_id']) || $auth->acl_get('m_approve', $data['forum_id']))
if ($post_approval)
{
$params .= '&amp;t=' . $data['topic_id'];

41
phpBB/includes/functions_privmsgs.php
View file

@ -930,7 +930,7 @@ function handle_mark_actions($user_id, $mark_action)
*/
function delete_pm($user_id, $msg_ids, $folder_id)
{
global $db, $user;
global $db, $user, $phpbb_root_path, $phpEx;
$user_id = (int) $user_id;
$folder_id = (int) $folder_id;
@ -979,6 +979,8 @@ function delete_pm($user_id, $msg_ids, $folder_id)
return false;
}
$db->sql_transaction('begin');
// if no one has read the message yet (meaning it is in users outbox)
// then mark the message as deleted...
if ($folder_id == PRIVMSGS_OUTBOX)
@ -1056,11 +1058,21 @@ function delete_pm($user_id, $msg_ids, $folder_id)
if (sizeof($delete_ids))
{
// Check if there are any attachments we need to remove
if (!function_exists('delete_attachments'))
{
include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
}
delete_attachments('message', $delete_ids, false);
$sql = 'DELETE FROM ' . PRIVMSGS_TABLE . '
WHERE ' . $db->sql_in_set('msg_id', $delete_ids);
$db->sql_query($sql);
}
$db->sql_transaction('commit');
return true;
}
@ -1329,12 +1341,17 @@ function submit_pm($mode, $subject, &$data, $put_in_outbox = true)
if (isset($data['address_list']['g']) && sizeof($data['address_list']['g']))
{
// We need to check the PM status of group members (do they want to receive PM's?)
// Only check if not a moderator or admin, since they are allowed to override this user setting
$sql_allow_pm = (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) ? ' AND u.user_allow_pm = 1' : '';
$sql = 'SELECT u.user_type, ug.group_id, ug.user_id
FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . ' ug
WHERE ' . $db->sql_in_set('ug.group_id', array_keys($data['address_list']['g'])) . '
AND ug.user_pending = 0
AND u.user_id = ug.user_id
AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')';
AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')' .
$sql_allow_pm;
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@ -1756,6 +1773,16 @@ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode
$message = censor_text($message);
$decoded_message = false;
if ($in_post_mode && $auth->acl_get('u_sendpm') && $author_id != ANONYMOUS && $author_id != $user->data['user_id'])
{
$decoded_message = $message;
decode_message($decoded_message, $row['bbcode_uid']);
$decoded_message = bbcode_nl2br($decoded_message);
}
if ($row['bbcode_bitfield'])
{
$bbcode->bbcode_second_pass($message, $row['bbcode_uid'], $row['bbcode_bitfield']);
@ -1774,15 +1801,17 @@ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode
}
$template->assign_block_vars('history_row', array(
'MESSAGE_AUTHOR_QUOTE' => (($decoded_message) ? addslashes(get_username_string('username', $author_id, $row['username'], $row['user_colour'], $row['username'])) : ''),
'MESSAGE_AUTHOR_FULL' => get_username_string('full', $author_id, $row['username'], $row['user_colour'], $row['username']),
'MESSAGE_AUTHOR_COLOUR' => get_username_string('colour', $author_id, $row['username'], $row['user_colour'], $row['username']),
'MESSAGE_AUTHOR' => get_username_string('username', $author_id, $row['username'], $row['user_colour'], $row['username']),
'U_MESSAGE_AUTHOR' => get_username_string('profile', $author_id, $row['username'], $row['user_colour'], $row['username']),
'SUBJECT' => $subject,
'SENT_DATE' => $user->format_date($row['message_time']),
'MESSAGE' => $message,
'FOLDER' => implode(', ', $row['folder']),
'SUBJECT' => $subject,
'SENT_DATE' => $user->format_date($row['message_time']),
'MESSAGE' => $message,
'FOLDER' => implode(', ', $row['folder']),
'DECODED_MESSAGE' => $decoded_message,
'S_CURRENT_MSG' => ($row['msg_id'] == $msg_id),
'S_AUTHOR_DELETED' => ($author_id == ANONYMOUS) ? true : false,

19
phpBB/includes/functions_template.php
View file

@ -50,7 +50,7 @@ class template_compile
{
$this->template = &$template;
}
/**
* Load template source from file
* @access private
@ -74,7 +74,7 @@ class template_compile
global $db, $user;
$sql_ary = array(
'template_id' => $user->theme['template_id'],
'template_id' => $this->template->files_template[$handle],
'template_filename' => $this->template->filename[$handle],
'template_included' => '',
'template_mtime' => time(),
@ -264,8 +264,8 @@ class template_compile
}
// Handle remaining varrefs
$text_blocks = preg_replace('#\{([a-z0-9\-_]*)\}#is', "<?php echo (isset(\$this->_rootref['\\1'])) ? \$this->_rootref['\\1'] : ''; ?>", $text_blocks);
$text_blocks = preg_replace('#\{\$([a-z0-9\-_]*)\}#is', "<?php echo (isset(\$this->_tpldata['DEFINE']['.']['\\1'])) ? \$this->_tpldata['DEFINE']['.']['\\1'] : ''; ?>", $text_blocks);
$text_blocks = preg_replace('#\{([a-z0-9\-_]+)\}#is', "<?php echo (isset(\$this->_rootref['\\1'])) ? \$this->_rootref['\\1'] : ''; ?>", $text_blocks);
$text_blocks = preg_replace('#\{\$([a-z0-9\-_]+)\}#is', "<?php echo (isset(\$this->_tpldata['DEFINE']['.']['\\1'])) ? \$this->_tpldata['DEFINE']['.']['\\1'] : ''; ?>", $text_blocks);
return;
}
@ -515,11 +515,20 @@ class template_compile
}
$token = "sizeof($varref)";
}
else if (!empty($token))
{
$token = '(' . $token . ')';
}
break;
}
}
// If there are no valid tokens left or only control/compare characters left, we do skip this statement
if (!sizeof($tokens) || str_replace(array(' ', '=', '!', '<', '>', '&', '|', '%', '(', ')'), '', implode('', $tokens)) == '')
{
$tokens = array('false');
}
return (($elseif) ? '} else if (' : 'if (') . (implode(' ', $tokens) . ') { ');
}
@ -746,7 +755,7 @@ class template_compile
@flock($fp, LOCK_UN);
@fclose($fp);
@chmod($filename, 0666);
phpbb_chmod($filename, CHMOD_WRITE);
}
return;

25
phpBB/includes/functions_upload.php
View file

@ -121,9 +121,9 @@ class filespec
case 'avatar':
$this->extension = strtolower($this->extension);
$this->realname = $prefix . $user_id . '.' . $this->extension;
break;
case 'unique_ext':
default:
$this->realname = $prefix . md5(unique_id()) . '.' . $this->extension;
@ -228,8 +228,8 @@ class filespec
{
return @filesize($filename);
}
/**
* Check the first 256 bytes for forbidden content
*/
@ -239,7 +239,7 @@ class filespec
{
return true;
}
$fp = @fopen($this->filename, 'rb');
if ($fp !== false)
@ -263,10 +263,11 @@ class filespec
*
* @param string $destination_path Destination path, for example $config['avatar_path']
* @param bool $overwrite If set to true, an already existing file will be overwritten
* @param octal $chmod Permission mask for chmodding the file after a successful move
* @param string $chmod Permission mask for chmodding the file after a successful move. The mode entered here reflects the mode defined by {@link phpbb_chmod()}
*
* @access public
*/
function move_file($destination, $overwrite = false, $skip_image_check = false, $chmod = 0666)
function move_file($destination, $overwrite = false, $skip_image_check = false, $chmod = false)
{
global $user, $phpbb_root_path;
@ -275,6 +276,8 @@ class filespec
return false;
}
$chmod = ($chmod === false) ? CHMOD_READ | CHMOD_WRITE : $chmod;
// We need to trust the admin in specifying valid upload directories and an attacker not being able to overwrite it...
$this->destination_path = $phpbb_root_path . $destination;
@ -345,7 +348,7 @@ class filespec
break;
}
@chmod($this->destination_file, $chmod);
phpbb_chmod($this->destination_file, $chmod);
}
// Try to get real filesize from destination folder
@ -416,7 +419,7 @@ class filespec
{
$size_lang = ($this->upload->max_filesize >= 1048576) ? $user->lang['MIB'] : (($this->upload->max_filesize >= 1024) ? $user->lang['KIB'] : $user->lang['BYTES'] );
$max_filesize = get_formatted_filesize($this->upload->max_filesize, false);
$this->error[] = sprintf($user->lang[$this->upload->error_prefix . 'WRONG_FILESIZE'], $max_filesize, $size_lang);
return false;
@ -528,7 +531,7 @@ class fileupload
$this->max_filesize = (int) $max_filesize;
}
}
/**
* Set disallowed strings
*/
@ -872,7 +875,7 @@ class fileupload
{
$file->error[] = sprintf($user->lang[$this->error_prefix . 'DISALLOWED_EXTENSION'], $file->get('extension'));
}
// MIME Sniffing
if (!$this->valid_content($file))
{

51
phpBB/includes/functions_user.php
View file

@ -147,7 +147,7 @@ function user_update_name($old_name, $new_name)
*
* @param mixed $user_row An array containing the following keys (and the appropriate values): username, group_id (the group to place the user in), user_email and the user_type(usually 0). Additional entries not overridden by defaults will be forwarded.
* @param string $cp_data custom profile fields, see custom_profile::build_insert_sql_array
* @return: the new user's ID.
* @return the new user's ID.
*/
function user_add($user_row, $cp_data = false)
{
@ -315,8 +315,6 @@ function user_delete($mode, $user_id, $post_username = false)
return false;
}
$db->sql_transaction('begin');
// Before we begin, we will remove the reports the user issued.
$sql = 'SELECT r.post_id, p.topic_id
FROM ' . REPORTS_TABLE . ' r, ' . POSTS_TABLE . ' p
@ -385,6 +383,8 @@ function user_delete($mode, $user_id, $post_username = false)
{
case 'retain':
$db->sql_transaction('begin');
if ($post_username === false)
{
$post_username = $user->lang['GUEST'];
@ -432,6 +432,9 @@ function user_delete($mode, $user_id, $post_username = false)
$db->sql_query($sql);
}
}
$db->sql_transaction('commit');
break;
case 'remove':
@ -485,6 +488,8 @@ function user_delete($mode, $user_id, $post_username = false)
break;
}
$db->sql_transaction('begin');
$table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE, PROFILE_FIELDS_DATA_TABLE, MODERATOR_CACHE_TABLE, DRAFTS_TABLE, BOOKMARKS_TABLE);
foreach ($table_ary as $table)
@ -553,6 +558,8 @@ function user_delete($mode, $user_id, $post_username = false)
$db->sql_query($sql);
}
$db->sql_transaction('commit');
// Reset newest user info if appropriate
if ($config['newest_user_id'] == $user_id)
{
@ -565,8 +572,6 @@ function user_delete($mode, $user_id, $post_username = false)
set_config('num_users', $config['num_users'] - 1, true);
}
$db->sql_transaction('commit');
return false;
}
@ -934,7 +939,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
$sql = "SELECT $type
FROM " . BANLIST_TABLE . "
WHERE $sql_where
AND ban_exclude = $ban_exclude";
AND ban_exclude = " . (int) $ban_exclude;
$result = $db->sql_query($sql);
// Reset $sql_where, because we use it later...
@ -2297,22 +2302,29 @@ function avatar_process_user(&$error, $custom_userdata = false)
// Do we actually have any data to update?
if (sizeof($sql_ary))
{
$ext_new = $ext_old = '';
if (isset($sql_ary['user_avatar']))
{
$userdata = ($custom_userdata === false) ? $user->data : $custom_userdata;
$ext_new = (empty($sql_ary['user_avatar'])) ? '' : substr(strrchr($sql_ary['user_avatar'], '.'), 1);
$ext_old = (empty($userdata['user_avatar'])) ? '' : substr(strrchr($userdata['user_avatar'], '.'), 1);
if ($userdata['user_avatar_type'] == AVATAR_UPLOAD)
{
// Delete old avatar if present
if ((!empty($userdata['user_avatar']) && empty($sql_ary['user_avatar']))
|| ( !empty($userdata['user_avatar']) && !empty($sql_ary['user_avatar']) && $ext_new !== $ext_old))
{
avatar_delete('user', $userdata);
}
}
}
$sql = 'UPDATE ' . USERS_TABLE . '
SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
WHERE user_id = ' . (($custom_userdata === false) ? $user->data['user_id'] : $custom_userdata['user_id']);
$db->sql_query($sql);
if (isset($sql_ary['user_avatar']))
{
$userdata = ($custom_userdata === false) ? $user->data : $custom_userdata;
// Delete old avatar if present
if ((!empty($userdata['user_avatar']) && empty($sql_ary['user_avatar']) && $userdata['user_avatar_type'] == AVATAR_UPLOAD)
|| ( !empty($userdata['user_avatar']) && !empty($sql_ary['user_avatar']) && $userdata['user_avatar_type'] == AVATAR_UPLOAD && $sql_ary['user_avatar_type'] != AVATAR_UPLOAD))
{
avatar_delete('user', $userdata);
}
}
}
}
@ -2343,12 +2355,13 @@ function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow
'group_receive_pm' => 'int',
'group_legend' => 'int',
'group_message_limit' => 'int',
'group_max_recipients' => 'int',
'group_founder_manage' => 'int',
);
// Those are group-only attributes
$group_only_ary = array('group_receive_pm', 'group_legend', 'group_message_limit', 'group_founder_manage');
$group_only_ary = array('group_receive_pm', 'group_legend', 'group_message_limit', 'group_max_recipients', 'group_founder_manage');
// Check data. Limit group name length.
if (!utf8_strlen($name) || utf8_strlen($name) > 60)
@ -3080,7 +3093,7 @@ function group_validate_groupname($group_id, $group_name)
/**
* Set users default group
*
* @private
* @access private
*/
function group_set_user_default($group_id, $user_id_ary, $group_attributes = false, $update_listing = false)
{

2
phpBB/includes/mcp/mcp_forum.php
View file

@ -246,7 +246,7 @@ function mcp_forum_view($id, $mode, $action, $forum_info)
'LAST_POST_SUBJECT' => $row['topic_last_post_subject'],
'LAST_VIEW_TIME' => $user->format_date($row['topic_last_view_time']),
'S_TOPIC_REPORTED' => (!empty($row['topic_reported']) && $auth->acl_get('m_report', $row['forum_id'])) ? true : false,
'S_TOPIC_REPORTED' => (!empty($row['topic_reported']) && empty($row['topic_moved_id']) && $auth->acl_get('m_report', $row['forum_id'])) ? true : false,
'S_TOPIC_UNAPPROVED' => $topic_unapproved,
'S_POSTS_UNAPPROVED' => $posts_unapproved,
'S_UNREAD_TOPIC' => $unread_topic,

15
phpBB/includes/mcp/mcp_front.php
View file

@ -27,7 +27,7 @@ function mcp_front_view($id, $mode, $action)
// Latest 5 unapproved
if ($module->loaded('queue'))
{
$forum_list = get_forum_list('m_approve');
$forum_list = array_values(array_intersect(get_forum_list('f_read'), get_forum_list('m_approve')));
$post_list = array();
$forum_names = array();
@ -81,7 +81,7 @@ function mcp_front_view($id, $mode, $action)
if ($total)
{
$sql = 'SELECT p.post_id, p.post_subject, p.post_time, p.poster_id, p.post_username, u.username, u.username_clean, t.topic_id, t.topic_title, t.topic_first_post_id, p.forum_id
$sql = 'SELECT p.post_id, p.post_subject, p.post_time, p.poster_id, p.post_username, u.username, u.username_clean, u.user_colour, t.topic_id, t.topic_title, t.topic_first_post_id, p.forum_id
FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . USERS_TABLE . ' u
WHERE ' . $db->sql_in_set('p.post_id', $post_list) . '
AND t.topic_id = p.topic_id
@ -103,12 +103,15 @@ function mcp_front_view($id, $mode, $action)
'U_MCP_TOPIC' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main&amp;mode=topic_view&amp;f=' . $row['forum_id'] . '&amp;t=' . $row['topic_id']),
'U_FORUM' => (!$global_topic) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']) : '',
'U_TOPIC' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id'] . '&amp;t=' . $row['topic_id']),
'U_AUTHOR' => ($row['poster_id'] == ANONYMOUS) ? '' : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&amp;u=' . $row['poster_id']),
'AUTHOR_FULL' => get_username_string('full', $row['poster_id'], $row['username'], $row['user_colour']),
'AUTHOR' => get_username_string('username', $row['poster_id'], $row['username'], $row['user_colour']),
'AUTHOR_COLOUR' => get_username_string('colour', $row['poster_id'], $row['username'], $row['user_colour']),
'U_AUTHOR' => get_username_string('profile', $row['poster_id'], $row['username'], $row['user_colour']),
'FORUM_NAME' => (!$global_topic) ? $forum_names[$row['forum_id']] : $user->lang['GLOBAL_ANNOUNCEMENT'],
'POST_ID' => $row['post_id'],
'TOPIC_TITLE' => $row['topic_title'],
'AUTHOR' => ($row['poster_id'] == ANONYMOUS) ? (($row['post_username']) ? $row['post_username'] : $user->lang['GUEST']) : $row['username'],
'SUBJECT' => ($row['post_subject']) ? $row['post_subject'] : $user->lang['NO_SUBJECT'],
'POST_TIME' => $user->format_date($row['post_time']))
);
@ -140,7 +143,7 @@ function mcp_front_view($id, $mode, $action)
// Latest 5 reported
if ($module->loaded('reports'))
{
$forum_list = get_forum_list('m_report');
$forum_list = array_values(array_intersect(get_forum_list('f_read'), get_forum_list('m_report')));
$template->assign_var('S_SHOW_REPORTS', (!empty($forum_list)) ? true : false);
@ -243,7 +246,7 @@ function mcp_front_view($id, $mode, $action)
// Latest 5 logs
if ($module->loaded('logs'))
{
$forum_list = get_forum_list('m_');
$forum_list = array_values(array_intersect(get_forum_list('f_read'), get_forum_list('m_')));
if (!empty($forum_list))
{

2
phpBB/includes/mcp/mcp_logs.php
View file

@ -63,7 +63,7 @@ class mcp_logs
$this->tpl_name = 'mcp_logs';
$this->page_title = 'MCP_LOGS';
$forum_list = get_forum_list('m_');
$forum_list = array_values(array_intersect(get_forum_list('f_read'), get_forum_list('m_')));
$forum_list[] = 0;
$forum_id = $topic_id = 0;

26
phpBB/includes/mcp/mcp_main.php
View file

@ -641,7 +641,7 @@ function mcp_move_topic($topic_ids)
{
// Get the list of forums to resync, add a log entry
$forum_ids[] = $row['forum_id'];
add_log('mod', $to_forum_id, $topic_id, 'LOG_MOVE', $row['forum_name']);
add_log('mod', $to_forum_id, $topic_id, 'LOG_MOVE', $row['forum_name'], $forum_data['forum_name']);
// If we have moved a global announcement, we need to correct the topic type
if ($row['topic_type'] == POST_GLOBAL)
@ -659,8 +659,8 @@ function mcp_move_topic($topic_ids)
'forum_id' => (int) $row['forum_id'],
'icon_id' => (int) $row['icon_id'],
'topic_attachment' => (int) $row['topic_attachment'],
'topic_approved' => 1,
'topic_reported' => (int) $row['topic_reported'],
'topic_approved' => 1, // a shadow topic is always approved
'topic_reported' => 0, // a shadow topic is never reported
'topic_title' => (string) $row['topic_title'],
'topic_poster' => (int) $row['topic_poster'],
'topic_time' => (int) $row['topic_time'],
@ -781,7 +781,7 @@ function mcp_delete_topic($topic_ids)
foreach ($data as $topic_id => $row)
{
add_log('mod', $row['forum_id'], 0, 'LOG_TOPIC_DELETED', $row['topic_title']);
add_log('mod', $row['forum_id'], $topic_id, 'LOG_DELETE_' . ($row['topic_moved_id'] ? 'SHADOW_' : '') . 'TOPIC', $row['topic_title']);
}
$return = delete_topics('topic_id', $topic_ids);
@ -791,8 +791,17 @@ function mcp_delete_topic($topic_ids)
confirm_box(false, (sizeof($topic_ids) == 1) ? 'DELETE_TOPIC' : 'DELETE_TOPICS', $s_hidden_fields);
}
$redirect = request_var('redirect', "index.$phpEx");
$redirect = reapply_sid($redirect);
if (!isset($_REQUEST['quickmod']))
{
$redirect = request_var('redirect', "index.$phpEx");
$redirect = reapply_sid($redirect);
$redirect_message = 'PAGE';
}
else
{
$redirect = append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id);
$redirect_message = 'FORUM';
}
if (!$success_msg)
{
@ -800,9 +809,8 @@ function mcp_delete_topic($topic_ids)
}
else
{
$redirect_url = append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id);
meta_refresh(3, $redirect_url);
trigger_error($user->lang[$success_msg] . '<br /><br />' . sprintf($user->lang['RETURN_FORUM'], '<a href="' . $redirect_url . '">', '</a>'));
meta_refresh(3, $redirect);
trigger_error($user->lang[$success_msg] . '<br /><br />' . sprintf($user->lang['RETURN_' . $redirect_message], '<a href="' . $redirect . '">', '</a>'));
}
}

8
phpBB/includes/mcp/mcp_post.php
View file

@ -415,8 +415,8 @@ function change_poster(&$post_info, $userdata)
sync('forum', 'forum_id', $post_info['forum_id'], false, false);
}
// Adjust post counts
if ($post_info['post_postcount'])
// Adjust post counts... only if the post is approved (else, it was not added the users post count anyway)
if ($post_info['post_postcount'] && $post_info['post_approved'])
{
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_posts = user_posts - 1
@ -470,11 +470,11 @@ function change_poster(&$post_info, $userdata)
if (file_exists($phpbb_root_path . 'includes/search/' . $search_type . '.' . $phpEx))
{
require("{$phpbb_root_path}includes/search/$search_type.$phpEx");
// We do some additional checks in the module to ensure it can actually be utilised
$error = false;
$search = new $search_type($error);
if (!$error && method_exists($search, 'destroy_cache'))
{
$search->destroy_cache(array(), array($post_info['user_id'], $userdata['user_id']));

78
phpBB/includes/mcp/mcp_queue.php
View file

@ -242,6 +242,17 @@ class mcp_queue
}
$forum_list_approve = get_forum_list('m_approve', false, true);
$forum_list_read = array_flip(get_forum_list('f_read', true, true)); // Flipped so we can isset() the forum IDs
// Remove forums we cannot read
foreach ($forum_list_approve as $k => $forum_data)
{
if (!isset($forum_list_read[$forum_data['forum_id']]))
{
unset($forum_list_approve[$k]);
}
}
unset($forum_list_read);
if (!$forum_id)
{
@ -481,6 +492,7 @@ function approve_post($post_id_list, $id, $mode)
$total_topics = $total_posts = 0;
$forum_topics_posts = $topic_approve_sql = $topic_replies_sql = $post_approve_sql = $topic_id_list = $forum_id_list = $approve_log = array();
$user_posts_sql = array();
$update_forum_information = false;
@ -493,6 +505,9 @@ function approve_post($post_id_list, $id, $mode)
$forum_id_list[$post_data['forum_id']] = 1;
}
// User post update (we do not care about topic or post, since user posts are strictly connected to posts
$user_posts_sql[$post_data['poster_id']] = (empty($user_posts_sql[$post_data['poster_id']])) ? 1 : $user_posts_sql[$post_data['poster_id']] + 1;
// Topic or Post. ;)
if ($post_data['topic_first_post_id'] == $post_id)
{
@ -612,6 +627,25 @@ function approve_post($post_id_list, $id, $mode)
}
}
if (sizeof($user_posts_sql))
{
// Try to minimize the query count by merging users with the same post count additions
$user_posts_update = array();
foreach ($user_posts_sql as $user_id => $user_posts)
{
$user_posts_update[$user_posts][] = $user_id;
}
foreach ($user_posts_update as $user_posts => $user_id_ary)
{
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_posts = user_posts + ' . $user_posts . '
WHERE ' . $db->sql_in_set('user_id', $user_id_ary);
$db->sql_query($sql);
}
}
if ($total_topics)
{
set_config('num_topics', $config['num_topics'] + $total_topics, true);
@ -793,6 +827,13 @@ function disapprove_post($post_id_list, $id, $mode)
// If the reason is defined within the language file, we will use the localized version, else just use the database entry...
$disapprove_reason = (strtolower($row['reason_title']) != 'other') ? ((isset($user->lang['report_reasons']['DESCRIPTION'][strtoupper($row['reason_title'])])) ? $user->lang['report_reasons']['DESCRIPTION'][strtoupper($row['reason_title'])] : $row['reason_description']) : '';
$disapprove_reason .= ($reason) ? "\n\n" . $reason : '';
if (isset($user->lang['report_reasons']['DESCRIPTION'][strtoupper($row['reason_title'])]))
{
$disapprove_reason_lang = strtoupper($row['reason_title']);
}
$email_disapprove_reason = $disapprove_reason;
}
}
@ -912,6 +953,8 @@ function disapprove_post($post_id_list, $id, $mode)
// Notify Poster?
if ($notify_poster)
{
$lang_reasons = array();
foreach ($post_info as $post_id => $post_data)
{
if ($post_data['poster_id'] == ANONYMOUS)
@ -919,6 +962,35 @@ function disapprove_post($post_id_list, $id, $mode)
continue;
}
if (isset($disapprove_reason_lang))
{
// Okay we need to get the reason from the posters language
if (!isset($lang_reasons[$post_data['user_lang']]))
{
// Assign the current users translation as the default, this is not ideal but getting the board default adds another layer of complexity.
$lang_reasons[$post_data['user_lang']] = $user->lang['report_reasons']['DESCRIPTION'][$disapprove_reason_lang];
// Only load up the language pack if the language is different to the current one
if ($post_data['user_lang'] != $user->lang_name && file_exists($phpbb_root_path . '/language/' . $post_data['user_lang'] . '/mcp.' . $phpEx))
{
// Load up the language pack
$lang = array();
@include($phpbb_root_path . '/language/' . $post_data['user_lang'] . '/mcp.' . $phpEx);
// If we find the reason in this language pack use it
if (isset($lang['report_reasons']['DESCRIPTION'][$disapprove_reason_lang]))
{
$lang_reasons[$post_data['user_lang']] = $lang['report_reasons']['DESCRIPTION'][$disapprove_reason_lang];
}
unset($lang); // Free memory
}
}
$email_disapprove_reason = $lang_reasons[$post_data['user_lang']];
$email_disapprove_reason .= ($reason) ? "\n\n" . $reason : '';
}
$email_template = ($post_data['post_id'] == $post_data['topic_first_post_id'] && $post_data['post_id'] == $post_data['topic_last_post_id']) ? 'topic_disapproved' : 'post_disapproved';
$messenger->template($email_template, $post_data['user_lang']);
@ -928,15 +1000,17 @@ function disapprove_post($post_id_list, $id, $mode)
$messenger->assign_vars(array(
'USERNAME' => htmlspecialchars_decode($post_data['username']),
'REASON' => htmlspecialchars_decode($disapprove_reason),
'REASON' => htmlspecialchars_decode($email_disapprove_reason),
'POST_SUBJECT' => htmlspecialchars_decode(censor_text($post_data['post_subject'])),
'TOPIC_TITLE' => htmlspecialchars_decode(censor_text($post_data['topic_title'])))
);
$messenger->send($post_data['user_notify_type']);
}
unset($lang_reasons);
}
unset($post_info, $disapprove_reason);
unset($post_info, $disapprove_reason, $email_disapprove_reason, $disapprove_reason_lang);
$messenger->save_queue();

19
phpBB/includes/mcp/mcp_reports.php
View file

@ -65,7 +65,7 @@ class mcp_reports
{
case 'report_details':
$user->add_lang('posting');
$user->add_lang(array('posting', 'viewforum', 'viewtopic'));
$post_id = request_var('p', 0);
@ -200,6 +200,7 @@ class mcp_reports
'U_MCP_USER_NOTES' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&amp;mode=user_notes&amp;u=' . $post_info['user_id']),
'U_MCP_WARN_REPORTER' => ($auth->acl_get('m_warn')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=warn&amp;mode=warn_user&amp;u=' . $report['user_id']) : '',
'U_MCP_WARN_USER' => ($auth->acl_get('m_warn')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=warn&amp;mode=warn_user&amp;u=' . $post_info['user_id']) : '',
'U_VIEW_FORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $post_info['forum_id']),
'U_VIEW_POST' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $post_info['forum_id'] . '&amp;p=' . $post_info['post_id'] . '#p' . $post_info['post_id']),
'U_VIEW_TOPIC' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $post_info['forum_id'] . '&amp;t=' . $post_info['topic_id']),
@ -245,6 +246,17 @@ class mcp_reports
$forum_info = array();
$forum_list_reports = get_forum_list('m_report', false, true);
$forum_list_read = array_flip(get_forum_list('f_read', true, true)); // Flipped so we can isset() the forum IDs
// Remove forums we cannot read
foreach ($forum_list_reports as $k => $forum_data)
{
if (!isset($forum_list_read[$forum_data['forum_id']]))
{
unset($forum_list_reports[$k]);
}
}
unset($forum_list_read);
if ($topic_id && $forum_id)
{
@ -555,7 +567,8 @@ function close_report($report_id_list, $mode, $action)
{
$sql = 'UPDATE ' . TOPICS_TABLE . '
SET topic_reported = 0
WHERE ' . $db->sql_in_set('topic_id', $close_report_topics);
WHERE ' . $db->sql_in_set('topic_id', $close_report_topics) . '
OR ' . $db->sql_in_set('topic_moved_id', $close_report_topics);
$db->sql_query($sql);
}
}
@ -634,7 +647,7 @@ function close_report($report_id_list, $mode, $action)
$return_topic = '';
if (sizeof($topic_ids == 1))
{
$return_topic = sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . current($topic_ids) . 'f=' . current($forum_ids)) . '">', '</a>') . '<br /><br />';
$return_topic = sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . current($topic_ids) . '&amp;f=' . current($forum_ids)) . '">', '</a>') . '<br /><br />';
}
trigger_error($user->lang[$success_msg] . '<br /><br />' . $return_forum . $return_topic . sprintf($user->lang['RETURN_PAGE'], "<a href=\"$redirect\">", '</a>'));

24
phpBB/includes/mcp/mcp_topic.php
View file

@ -46,8 +46,9 @@ function mcp_topic_view($id, $mode, $action)
$forum_id = request_var('f', 0);
$to_topic_id = request_var('to_topic_id', 0);
$to_forum_id = request_var('to_forum_id', 0);
$post_id_list = request_var('post_id_list', array(0));
$sort = isset($_POST['sort']) ? true : false;
$submitted_id_list = request_var('post_ids', array(0));
$checked_ids = $post_id_list = request_var('post_id_list', array(0));
// Split Topic?
if ($action == 'split_all' || $action == 'split_beyond')
@ -113,11 +114,18 @@ function mcp_topic_view($id, $mode, $action)
{
$posts_per_page = $total;
}
if (!empty($sort_days_old) && $sort_days_old != $sort_days)
if ((!empty($sort_days_old) && $sort_days_old != $sort_days) || $total <= $posts_per_page)
{
$start = 0;
}
// Make sure $start is set to the last page if it exceeds the amount
if ($start < 0 || $start >= $total)
{
$start = ($start < 0) ? 0 : floor(($total - 1) / $posts_per_page) * $posts_per_page;
}
$sql = 'SELECT u.username, u.username_clean, u.user_colour, p.*
FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . ' u
WHERE ' . (($action == 'reports') ? 'p.post_reported = 1 AND ' : '') . '
@ -226,7 +234,7 @@ function mcp_topic_view($id, $mode, $action)
'S_POST_REPORTED' => ($row['post_reported']) ? true : false,
'S_POST_UNAPPROVED' => ($row['post_approved']) ? false : true,
'S_CHECKED' => ($post_id_list && in_array(intval($row['post_id']), $post_id_list)) ? true : false,
'S_CHECKED' => (($submitted_id_list && !in_array(intval($row['post_id']), $submitted_id_list)) || in_array(intval($row['post_id']), $checked_ids)) ? true : false,
'S_HAS_ATTACHMENTS' => (!empty($attachments[$row['post_id']])) ? true : false,
'U_POST_DETAILS' => "$url&amp;i=$id&amp;p={$row['post_id']}&amp;mode=post_details" . (($forum_id) ? "&amp;f=$forum_id" : ''),
@ -279,6 +287,7 @@ function mcp_topic_view($id, $mode, $action)
$s_hidden_fields = build_hidden_fields(array(
'st_old' => $sort_days,
'post_ids' => $post_id_list,
));
$template->assign_vars(array(
@ -328,7 +337,7 @@ function mcp_topic_view($id, $mode, $action)
*/
function split_topic($action, $topic_id, $to_forum_id, $subject)
{
global $db, $template, $user, $phpEx, $phpbb_root_path, $auth;
global $db, $template, $user, $phpEx, $phpbb_root_path, $auth, $config;
$post_id_list = request_var('post_id_list', array(0));
$forum_id = request_var('forum_id', 0);
@ -370,11 +379,11 @@ function split_topic($action, $topic_id, $to_forum_id, $subject)
return;
}
$forum_info = get_forum_data(array($to_forum_id), 'm_split');
$forum_info = get_forum_data(array($to_forum_id), 'f_post');
if (!sizeof($forum_info))
{
$template->assign_var('MESSAGE', $user->lang['NOT_MODERATOR']);
$template->assign_var('MESSAGE', $user->lang['USER_CANNOT_POST']);
return;
}
@ -491,6 +500,9 @@ function split_topic($action, $topic_id, $to_forum_id, $subject)
$success_msg = 'TOPIC_SPLIT_SUCCESS';
// Update forum statistics
set_config('num_topics', $config['num_topics'] + 1, true);
// Link back to both topics
$return_link = sprintf($user->lang['RETURN_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $post_info['forum_id'] . '&amp;t=' . $post_info['topic_id']) . '">', '</a>') . '<br /><br />' . sprintf($user->lang['RETURN_NEW_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $to_forum_id . '&amp;t=' . $to_topic_id) . '">', '</a>');
}

42
phpBB/includes/mcp/mcp_warn.php
View file

@ -249,6 +249,25 @@ class mcp_warn
$this->u_action .= "&amp;f=$forum_id&amp;p=$post_id";
}
// Check if can send a notification
if ($config['allow_privmsg'])
{
$auth2 = new auth();
$auth2->acl($user_row);
$s_can_notify = ($auth2->acl_get('u_readpm')) ? true : false;
unset($auth2);
}
else
{
$s_can_notify = false;
}
// Prevent against clever people
if ($notify && !$s_can_notify)
{
$notify = false;
}
if ($warning && $action == 'add_warning')
{
if (check_form_key('mcp_warn'))
@ -307,6 +326,8 @@ class mcp_warn
'RANK_IMG' => $rank_img,
'L_WARNING_POST_DEFAULT' => sprintf($user->lang['WARNING_POST_DEFAULT'], generate_board_url() . "/viewtopic.$phpEx?f=$forum_id&amp;p=$post_id#p$post_id"),
'S_CAN_NOTIFY' => $s_can_notify,
));
}
@ -351,6 +372,25 @@ class mcp_warn
$this->u_action .= "&amp;u=$user_id";
}
// Check if can send a notification
if ($config['allow_privmsg'])
{
$auth2 = new auth();
$auth2->acl($user_row);
$s_can_notify = ($auth2->acl_get('u_readpm')) ? true : false;
unset($auth2);
}
else
{
$s_can_notify = false;
}
// Prevent against clever people
if ($notify && !$s_can_notify)
{
$notify = false;
}
if ($warning && $action == 'add_warning')
{
if (check_form_key('mcp_warn'))
@ -389,6 +429,8 @@ class mcp_warn
'AVATAR_IMG' => $avatar_img,
'RANK_IMG' => $rank_img,
'S_CAN_NOTIFY' => $s_can_notify,
));
return $user_id;

6
phpBB/includes/message_parser.php
View file

@ -391,7 +391,7 @@ class bbcode_firstpass extends bbcode
/**
* Parse code text from code tag
* @private
* @access private
*/
function bbcode_parse_code($stx, &$code)
{
@ -604,10 +604,10 @@ class bbcode_firstpass extends bbcode
$out .= array_pop($list_end_tags) . ']';
$tok = '[';
}
else if (preg_match('#^list(=[0-9a-z])?$#i', $buffer, $m))
else if (preg_match('#^list(=[0-9a-z]+)?$#i', $buffer, $m))
{
// sub-list, add a closing tag
if (empty($m[1]) || preg_match('/^(?:disc|square|circle)$/i', $m[1]))
if (empty($m[1]) || preg_match('/^=(?:disc|square|circle)$/i', $m[1]))
{
array_push($list_end_tags, '/list:u:' . $this->bbcode_uid);
}

4
phpBB/includes/search/fulltext_mysql.php
View file

@ -704,7 +704,7 @@ class fulltext_mysql extends search_backend
if (!isset($this->stats['post_subject']))
{
if ($db->sql_layer == 'mysqli' || version_compare($db->mysql_version, '4.1.3', '>='))
if ($db->sql_layer == 'mysqli' || version_compare($db->sql_server_info(true), '4.1.3', '>='))
{
//$alter[] = 'MODIFY post_subject varchar(100) COLLATE utf8_unicode_ci DEFAULT \'\' NOT NULL';
}
@ -717,7 +717,7 @@ class fulltext_mysql extends search_backend
if (!isset($this->stats['post_text']))
{
if ($db->sql_layer == 'mysqli' || version_compare($db->mysql_version, '4.1.3', '>='))
if ($db->sql_layer == 'mysqli' || version_compare($db->sql_server_info(true), '4.1.3', '>='))
{
$alter[] = 'MODIFY post_text mediumtext COLLATE utf8_unicode_ci NOT NULL';
}

7
phpBB/includes/search/fulltext_native.php
View file

@ -447,11 +447,12 @@ class fulltext_native extends search_backend
'FROM' => array(
SEARCH_WORDMATCH_TABLE => array(),
SEARCH_WORDLIST_TABLE => array(),
POSTS_TABLE => 'p'
),
'LEFT_JOIN' => array()
'LEFT_JOIN' => array(array(
'FROM' => array(POSTS_TABLE => 'p'),
'ON' => 'm0.post_id = p.post_id',
)),
);
$sql_where[] = 'm0.post_id = p.post_id';
$title_match = '';
$group_by = true;

8
phpBB/includes/search/search.php
View file

@ -52,10 +52,10 @@ class search_backend
$words = array();
if (file_exists("{$user->lang_path}/search_ignore_words.$phpEx"))
if (file_exists("{$user->lang_path}{$user->lang_name}/search_ignore_words.$phpEx"))
{
// include the file containing ignore words
include("{$user->lang_path}/search_ignore_words.$phpEx");
include("{$user->lang_path}{$user->lang_name}/search_ignore_words.$phpEx");
}
$this->ignore_words = $words;
@ -74,10 +74,10 @@ class search_backend
$synonyms = array();
if (file_exists("{$user->lang_path}/search_synonyms.$phpEx"))
if (file_exists("{$user->lang_path}{$user->lang_name}/search_synonyms.$phpEx"))
{
// include the file containing synonyms
include("{$user->lang_path}/search_synonyms.$phpEx");
include("{$user->lang_path}{$user->lang_name}/search_synonyms.$phpEx");
}
$this->match_synonym = array_keys($synonyms);

195
phpBB/includes/session.php
View file

@ -73,7 +73,7 @@ class session
continue;
}
$use_args[str_replace($find, $replace, $key)] = str_replace($find, $replace, $argument);
$use_args[] = str_replace($find, $replace, $argument);
}
unset($args);
@ -136,6 +136,60 @@ class session
return $page_array;
}
/**
* Get valid hostname/port. HTTP_HOST is used, SERVER_NAME if HTTP_HOST not present.
*/
function extract_current_hostname()
{
global $config;
// Get hostname
$host = (!empty($_SERVER['HTTP_HOST'])) ? $_SERVER['HTTP_HOST'] : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
// Should be a string and lowered
$host = (string) strtolower($host);
// If host is equal the cookie domain or the server name (if config is set), then we assume it is valid
if ((isset($config['cookie_domain']) && $host === $config['cookie_domain']) || (isset($config['server_name']) && $host === $config['server_name']))
{
return $host;
}
// Is the host actually a IP? If so, we use the IP... (IPv4)
if (long2ip(ip2long($host)) === $host)
{
return $host;
}
// Now return the hostname (this also removes any port definition). The http:// is prepended to construct a valid URL, hosts never have a scheme assigned
$host = @parse_url('http://' . $host);
$host = (!empty($host['host'])) ? $host['host'] : '';
// Remove any portions not removed by parse_url (#)
$host = str_replace('#', '', $host);
// If, by any means, the host is now empty, we will use a "best approach" way to guess one
if (empty($host))
{
if (!empty($config['server_name']))
{
$host = $config['server_name'];
}
else if (!empty($config['cookie_domain']))
{
$host = (strpos($config['cookie_domain'], '.') === 0) ? substr($config['cookie_domain'], 1) : $config['cookie_domain'];
}
else
{
// Set to OS hostname or localhost
$host = (function_exists('php_uname')) ? php_uname('n') : 'localhost';
}
}
// It may be still no valid host, but for sure only a hostname (we may further expand on the cookie domain... if set)
return $host;
}
/**
* Start session management
*
@ -160,14 +214,8 @@ class session
$this->browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : '';
$this->referer = (!empty($_SERVER['HTTP_REFERER'])) ? htmlspecialchars((string) $_SERVER['HTTP_REFERER']) : '';
$this->forwarded_for = (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? (string) $_SERVER['HTTP_X_FORWARDED_FOR'] : '';
$this->host = (!empty($_SERVER['HTTP_HOST'])) ? (string) strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
// Since HTTP_HOST may carry a port definition, we need to remove it here...
if (strpos($this->host, ':') !== false)
{
$this->host = substr($this->host, 0, strpos($this->host, ':'));
}
$this->host = $this->extract_current_hostname();
$this->page = $this->extract_current_page($phpbb_root_path);
// if the forwarded for header shall be checked we have to validate its contents
@ -1156,7 +1204,6 @@ class session
}
$dnsbl_check = array(
'list.dsbl.org' => 'http://dsbl.org/listing?',
'sbl-xbl.spamhaus.org' => 'http://www.spamhaus.org/query/bl?ip=',
);
@ -1322,7 +1369,7 @@ class session
function validate_referer($check_script_path = false)
{
// no referer - nothing to validate, user's fault for turning it off (we only check on POST; so meta can't be the reason)
if (empty($this->referer) || empty($this->host) )
if (empty($this->referer) || empty($this->host))
{
return true;
}
@ -1330,7 +1377,7 @@ class session
$host = htmlspecialchars($this->host);
$ref = substr($this->referer, strpos($this->referer, '://') + 3);
if (!(stripos($ref , $host) === 0))
if (!(stripos($ref, $host) === 0))
{
return false;
}
@ -1382,7 +1429,7 @@ class user extends session
var $timezone;
var $dst;
var $lang_name;
var $lang_name = false;
var $lang_id = false;
var $lang_path;
var $img_lang;
@ -1392,6 +1439,32 @@ class user extends session
var $keyoptions = array('viewimg' => 0, 'viewflash' => 1, 'viewsmilies' => 2, 'viewsigs' => 3, 'viewavatars' => 4, 'viewcensors' => 5, 'attachsig' => 6, 'bbcode' => 8, 'smilies' => 9, 'popuppm' => 10);
var $keyvalues = array();
/**
* Constructor to set the lang path
*/
function user()
{
global $phpbb_root_path;
$this->lang_path = $phpbb_root_path . 'language/';
}
/**
* Function to set custom language path (able to use directory outside of phpBB)
*
* @param string $lang_path New language path used.
* @access public
*/
function set_custom_lang_path($lang_path)
{
$this->lang_path = $lang_path;
if (substr($this->lang_path, -1) != '/')
{
$this->lang_path .= '/';
}
}
/**
* Setup basic user-specific items (style, language, ...)
*/
@ -1401,8 +1474,7 @@ class user extends session
if ($this->data['user_id'] != ANONYMOUS)
{
$this->lang_name = (file_exists($phpbb_root_path . 'language/' . $this->data['user_lang'] . "/common.$phpEx")) ? $this->data['user_lang'] : basename($config['default_lang']);
$this->lang_path = $phpbb_root_path . 'language/' . $this->lang_name . '/';
$this->lang_name = (file_exists($this->lang_path . $this->data['user_lang'] . "/common.$phpEx")) ? $this->data['user_lang'] : basename($config['default_lang']);
$this->date_format = $this->data['user_dateformat'];
$this->timezone = $this->data['user_timezone'] * 3600;
@ -1411,7 +1483,6 @@ class user extends session
else
{
$this->lang_name = basename($config['default_lang']);
$this->lang_path = $phpbb_root_path . 'language/' . $this->lang_name . '/';
$this->date_format = $config['default_dateformat'];
$this->timezone = $config['board_timezone'] * 3600;
$this->dst = $config['board_dst'] * 3600;
@ -1431,10 +1502,9 @@ class user extends session
$accept_lang = substr($accept_lang, 0, 2) . '_' . strtoupper(substr($accept_lang, 3, 2));
$accept_lang = basename($accept_lang);
if (file_exists($phpbb_root_path . 'language/' . $accept_lang . "/common.$phpEx"))
if (file_exists($this->lang_path . $accept_lang . "/common.$phpEx"))
{
$this->lang_name = $config['default_lang'] = $accept_lang;
$this->lang_path = $phpbb_root_path . 'language/' . $accept_lang . '/';
break;
}
else
@ -1443,10 +1513,9 @@ class user extends session
$accept_lang = substr($accept_lang, 0, 2);
$accept_lang = basename($accept_lang);
if (file_exists($phpbb_root_path . 'language/' . $accept_lang . "/common.$phpEx"))
if (file_exists($this->lang_path . $accept_lang . "/common.$phpEx"))
{
$this->lang_name = $config['default_lang'] = $accept_lang;
$this->lang_path = $phpbb_root_path . 'language/' . $accept_lang . '/';
break;
}
}
@ -1458,9 +1527,9 @@ class user extends session
// We include common language file here to not load it every time a custom language file is included
$lang = &$this->lang;
if ((@include $this->lang_path . "common.$phpEx") === false)
if ((@include $this->lang_path . $this->lang_name . "/common.$phpEx") === false)
{
die('Language file ' . $this->lang_name . "/common.$phpEx" . " couldn't be opened.");
die('Language file ' . $this->lang_path . $this->lang_name . "/common.$phpEx" . " couldn't be opened.");
}
$this->add_lang($lang_set);
@ -1480,7 +1549,7 @@ class user extends session
$style = ($style) ? $style : ((!$config['override_user_style']) ? $this->data['user_style'] : $config['default_style']);
}
$sql = 'SELECT s.style_id, t.template_storedb, t.template_path, t.template_id, t.bbcode_bitfield, c.theme_path, c.theme_name, c.theme_storedb, c.theme_id, i.imageset_path, i.imageset_id, i.imageset_name
$sql = 'SELECT s.style_id, t.template_storedb, t.template_path, t.template_id, t.bbcode_bitfield, t.template_inherits_id, t.template_inherit_path, c.theme_path, c.theme_name, c.theme_storedb, c.theme_id, i.imageset_path, i.imageset_id, i.imageset_name
FROM ' . STYLES_TABLE . ' s, ' . STYLES_TEMPLATE_TABLE . ' t, ' . STYLES_THEME_TABLE . ' c, ' . STYLES_IMAGESET_TABLE . " i
WHERE s.style_id = $style
AND t.template_id = s.template_id
@ -1769,6 +1838,72 @@ class user extends session
return;
}
/**
* More advanced language substitution
* Function to mimic sprintf() with the possibility of using phpBB's language system to substitute nullar/singular/plural forms.
* Params are the language key and the parameters to be substituted.
* This function/functionality is inspired by SHS` and Ashe.
*
* Example call: <samp>$user->lang('NUM_POSTS_IN_QUEUE', 1);</samp>
*/
function lang()
{
$args = func_get_args();
$key = $args[0];
// Return if language string does not exist
if (!isset($this->lang[$key]) || (!is_string($this->lang[$key]) && !is_array($this->lang[$key])))
{
return $key;
}
// If the language entry is a string, we simply mimic sprintf() behaviour
if (is_string($this->lang[$key]))
{
if (sizeof($args) == 1)
{
return $this->lang[$key];
}
// Replace key with language entry and simply pass along...
$args[0] = $this->lang[$key];
return call_user_func_array('sprintf', $args);
}
// It is an array... now handle different nullar/singular/plural forms
$key_found = false;
// We now get the first number passed and will select the key based upon this number
for ($i = 1, $num_args = sizeof($args); $i < $num_args; $i++)
{
if (is_int($args[$i]))
{
$numbers = array_keys($this->lang[$key]);
foreach ($numbers as $num)
{
if ($num > $args[$i])
{
break;
}
$key_found = $num;
}
}
}
// Ok, let's check if the key was found, else use the last entry (because it is mostly the plural form)
if ($key_found === false)
{
$numbers = array_keys($this->lang[$key]);
$key_found = end($numbers);
}
// Use the language string we determined and pass it to sprintf()
$args[0] = $this->lang[$key][$key_found];
return call_user_func_array('sprintf', $args);
}
/**
* Add Language Items - use_db and use_help are assigned where needed (only use them to force inclusion)
*
@ -1830,12 +1965,11 @@ class user extends session
{
global $phpEx;
// Make sure the language path is set (if the user setup did not happen it is not set)
if (!$this->lang_path)
// Make sure the language name is set (if the user setup did not happen it is not set)
if (!$this->lang_name)
{
global $phpbb_root_path, $config;
$this->lang_path = $phpbb_root_path . 'language/' . basename($config['default_lang']) . '/';
global $config;
$this->lang_name = basename($config['default_lang']);
}
// $lang == $this->lang
@ -1845,16 +1979,16 @@ class user extends session
{
if ($use_help && strpos($lang_file, '/') !== false)
{
$language_filename = $this->lang_path . substr($lang_file, 0, stripos($lang_file, '/') + 1) . 'help_' . substr($lang_file, stripos($lang_file, '/') + 1) . '.' . $phpEx;
$language_filename = $this->lang_path . $this->lang_name . '/' . substr($lang_file, 0, stripos($lang_file, '/') + 1) . 'help_' . substr($lang_file, stripos($lang_file, '/') + 1) . '.' . $phpEx;
}
else
{
$language_filename = $this->lang_path . (($use_help) ? 'help_' : '') . $lang_file . '.' . $phpEx;
$language_filename = $this->lang_path . $this->lang_name . '/' . (($use_help) ? 'help_' : '') . $lang_file . '.' . $phpEx;
}
if ((@include $language_filename) === false)
{
trigger_error('Language file ' . basename($language_filename) . ' couldn\'t be opened.', E_USER_ERROR);
trigger_error('Language file ' . $language_filename . ' couldn\'t be opened.', E_USER_ERROR);
}
}
else if ($use_db)
@ -1962,6 +2096,7 @@ class user extends session
/**
* Specify/Get image
* $suffix is no longer used - we know it. ;) It is there for backward compatibility.
*/
function img($img, $alt = '', $width = false, $suffix = '', $type = 'full_tag')
{

135
phpBB/includes/template.php
View file

@ -36,6 +36,9 @@ class template
var $cachepath = '';
var $files = array();
var $filename = array();
var $files_inherit = array();
var $files_template = array();
var $inherit_root = '';
// this will hash handle names to the compiled/uncompiled code for that handle.
var $compiled_code = array();
@ -51,7 +54,12 @@ class template
if (file_exists($phpbb_root_path . 'styles/' . $user->theme['template_path'] . '/template'))
{
$this->root = $phpbb_root_path . 'styles/' . $user->theme['template_path'] . '/template';
$this->cachepath = $phpbb_root_path . 'cache/tpl_' . $user->theme['template_path'] . '_';
$this->cachepath = $phpbb_root_path . 'cache/tpl_' . str_replace('_', '-', $user->theme['template_path']) . '_';
if ($user->theme['template_inherits_id'])
{
$this->inherit_root = $phpbb_root_path . 'styles/' . $user->theme['template_inherit_path'] . '/template';
}
}
else
{
@ -72,7 +80,7 @@ class template
global $phpbb_root_path;
$this->root = $template_path;
$this->cachepath = $phpbb_root_path . 'cache/ctpl_' . $template_name . '_';
$this->cachepath = $phpbb_root_path . 'cache/ctpl_' . str_replace('_', '-', $template_name) . '_';
return true;
}
@ -88,7 +96,6 @@ class template
{
return false;
}
foreach ($filename_array as $handle => $filename)
{
if (empty($filename))
@ -98,8 +105,13 @@ class template
$this->filename[$handle] = $filename;
$this->files[$handle] = $this->root . '/' . $filename;
if ($this->inherit_root)
{
$this->files_inherit[$handle] = $this->inherit_root . '/' . $filename;
}
}
return true;
}
@ -197,7 +209,7 @@ class template
return true;
}
/**
* Load a compiled template if possible, if not, recompile it
* @access private
@ -207,9 +219,24 @@ class template
global $user, $phpEx, $config;
$filename = $this->cachepath . str_replace('/', '.', $this->filename[$handle]) . '.' . $phpEx;
$recompile = (($config['load_tplcompile'] && @filemtime($filename) < filemtime($this->files[$handle])) || !file_exists($filename) || @filesize($filename) === 0) ? true : false;
$this->files_template[$handle] = $user->theme['template_id'];
$recompile = false;
if (!file_exists($filename) || @filesize($filename) === 0)
{
$recompile = true;
}
else if ($config['load_tplcompile'])
{
// No way around it: we need to check inheritance here
if ($user->theme['template_inherits_id'] && !file_exists($this->files[$handle]))
{
$this->files[$handle] = $this->files_inherit[$handle];
$this->files_template[$handle] = $user->theme['template_inherits_id'];
}
$recompile = (@filemtime($filename) < filemtime($this->files[$handle])) ? true : false;
}
// Recompile page if the original template is newer, otherwise load the compiled version
if (!$recompile)
{
@ -222,7 +249,14 @@ class template
{
include($phpbb_root_path . 'includes/functions_template.' . $phpEx);
}
// Inheritance - we point to another template file for this one. Equality is also used for store_db
if (isset($user->theme['template_inherits_id']) && $user->theme['template_inherits_id'] && !file_exists($this->files[$handle]))
{
$this->files[$handle] = $this->files_inherit[$handle];
$this->files_template[$handle] = $user->theme['template_inherits_id'];
}
$compile = new template_compile($this);
// If we don't have a file assigned to this handle, die.
@ -240,28 +274,70 @@ class template
if (isset($user->theme['template_storedb']) && $user->theme['template_storedb'])
{
$sql = 'SELECT *
$rows = array();
$ids = array();
// Inheritance
if (isset($user->theme['template_inherits_id']) && $user->theme['template_inherits_id'])
{
$ids[] = $user->theme['template_inherits_id'];
}
$ids[] = $user->theme['template_id'];
foreach ($ids as $id)
{
$sql = 'SELECT *
FROM ' . STYLES_TEMPLATE_DATA_TABLE . '
WHERE template_id = ' . $user->theme['template_id'] . "
WHERE template_id = ' . $id . "
AND (template_filename = '" . $db->sql_escape($this->filename[$handle]) . "'
OR template_included " . $db->sql_like_expression($db->any_char . $this->filename[$handle] . ':' . $db->any_char) . ')';
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
if ($row)
{
do
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
if ($row['template_mtime'] < filemtime($phpbb_root_path . 'styles/' . $user->theme['template_path'] . '/template/' . $row['template_filename']))
$rows[$row['template_filename']] = $row;
}
$db->sql_freeresult($result);
}
if (sizeof($rows))
{
foreach ($rows as $row)
{
$file = $this->root . '/' . $row['template_filename'];
$force_reload = false;
if ($row['template_id'] != $user->theme['template_id'])
{
// make sure that we are not overlooking a file not in the db yet
if (isset($user->theme['template_inherits_id']) && $user->theme['template_inherits_id'] && !file_exists($file))
{
$file = $this->inherit_root . '/' . $row['template_filename'];
$this->files[$row['template_filename']] = $file;
$this->files_inherit[$row['template_filename']] = $file;
$this->files_template[$row['template_filename']] = $user->theme['template_inherits_id'];
}
else if (isset($user->theme['template_inherits_id']) && $user->theme['template_inherits_id'])
{
// Ok, we have a situation. There is a file in the subtemplate, but nothing in the DB. We have to fix that.
$force_reload = true;
$this->files_template[$row['template_filename']] = $user->theme['template_inherits_id'];
}
}
else
{
$this->files_template[$row['template_filename']] = $user->theme['template_id'];
}
if ($force_reload || $row['template_mtime'] < filemtime($file))
{
if ($row['template_filename'] == $this->filename[$handle])
{
$compile->_tpl_load_file($handle);
$compile->_tpl_load_file($handle, true);
}
else
{
$this->files[$row['template_filename']] = $this->root . '/' . $row['template_filename'];
$compile->_tpl_load_file($row['template_filename']);
$this->files[$row['template_filename']] = $file;
$this->filename[$row['template_filename']] = $row['template_filename'];
$compile->_tpl_load_file($row['template_filename'], true);
unset($this->compiled_code[$row['template_filename']]);
unset($this->files[$row['template_filename']]);
unset($this->filename[$row['template_filename']]);
@ -284,15 +360,22 @@ class template
}
}
}
while ($row = $db->sql_fetchrow($result));
}
else
{
$file = $this->root . '/' . $row['template_filename'];
if (isset($user->theme['template_inherits_id']) && $user->theme['template_inherits_id'] && !file_exists($file))
{
$file = $this->inherit_root . '/' . $row['template_filename'];
$this->files[$row['template_filename']] = $file;
$this->files_inherit[$row['template_filename']] = $file;
$this->files_template[$row['template_filename']] = $user->theme['template_inherits_id'];
}
// Try to load from filesystem and instruct to insert into the styles table...
$compile->_tpl_load_file($handle, true);
return false;
}
$db->sql_freeresult($result);
return false;
}
@ -512,8 +595,12 @@ class template
$handle = $filename;
$this->filename[$handle] = $filename;
$this->files[$handle] = $this->root . '/' . $filename;
if ($this->inherit_root)
{
$this->files_inherit[$handle] = $this->inherit_root . '/' . $filename;
}
$filename = $this->_tpl_load($handle);
$filename = $this->_tpl_load($handle);
if ($include)
{

1
phpBB/includes/ucp/ucp_activate.php
View file

@ -65,6 +65,7 @@ class ucp_activate
'user_password' => $user_row['user_newpasswd'],
'user_newpasswd' => '',
'user_pass_convert' => 0,
'user_login_attempts' => 0,
);
$sql = 'UPDATE ' . USERS_TABLE . '

59
phpBB/includes/ucp/ucp_groups.php
View file

@ -221,8 +221,9 @@ class ucp_groups
$messenger->im($row['user_jabber'], $row['username']);
$messenger->assign_vars(array(
'USERNAME' => htmlspecialchars_decode($row['username']),
'GROUP_NAME' => htmlspecialchars_decode($group_row[$group_id]['group_name']),
'USERNAME' => htmlspecialchars_decode($row['username']),
'GROUP_NAME' => htmlspecialchars_decode($group_row[$group_id]['group_name']),
'REQUEST_USERNAME' => $user->data['username'],
'U_PENDING' => generate_board_url() . "/ucp.$phpEx?i=groups&mode=manage&action=list&g=$group_id",
'U_GROUP' => generate_board_url() . "/memberlist.$phpEx?mode=group&g=$group_id")
@ -434,6 +435,23 @@ class ucp_groups
{
trigger_error($user->lang['NOT_ALLOWED_MANAGE_GROUP'] . $return_page, E_USER_WARNING);
}
$group_name = $group_row['group_name'];
$group_type = $group_row['group_type'];
$avatar_img = (!empty($group_row['group_avatar'])) ? get_user_avatar($group_row['group_avatar'], $group_row['group_avatar_type'], $group_row['group_avatar_width'], $group_row['group_avatar_height'], 'GROUP_AVATAR') : '<img src="' . $phpbb_root_path . 'adm/images/no_avatar.gif" alt="" />';
$template->assign_vars(array(
'GROUP_NAME' => ($group_type == GROUP_SPECIAL) ? $user->lang['G_' . $group_name] : $group_name,
'GROUP_INTERNAL_NAME' => $group_name,
'GROUP_COLOUR' => (isset($group_row['group_colour'])) ? $group_row['group_colour'] : '',
'GROUP_DESC_DISP' => generate_text_for_display($group_row['group_desc'], $group_row['group_desc_uid'], $group_row['group_desc_bitfield'], $group_row['group_desc_options']),
'GROUP_TYPE' => $group_row['group_type'],
'AVATAR' => $avatar_img,
'AVATAR_IMAGE' => $avatar_img,
'AVATAR_WIDTH' => (isset($group_row['group_avatar_width'])) ? $group_row['group_avatar_width'] : '',
'AVATAR_HEIGHT' => (isset($group_row['group_avatar_height'])) ? $group_row['group_avatar_height'] : '',
));
}
switch ($action)
@ -487,7 +505,8 @@ class ucp_groups
'colour' => request_var('group_colour', ''),
'rank' => request_var('group_rank', 0),
'receive_pm' => isset($_REQUEST['group_receive_pm']) ? 1 : 0,
'message_limit' => request_var('group_message_limit', 0)
'message_limit' => request_var('group_message_limit', 0),
'max_recipients'=> request_var('group_max_recipients', 0),
);
$data['uploadurl'] = request_var('uploadurl', '');
@ -585,7 +604,7 @@ class ucp_groups
// were made.
$group_attributes = array();
$test_variables = array('rank', 'colour', 'avatar', 'avatar_type', 'avatar_width', 'avatar_height');
$test_variables = array('rank', 'colour', 'avatar', 'avatar_type', 'avatar_width', 'avatar_height', 'receive_pm', 'legend', 'message_limit', 'max_recipients');
foreach ($test_variables as $test)
{
if ($action == 'add' || (isset($submit_ary[$test]) && $group_row['group_' . $test] != $submit_ary[$test]))
@ -629,9 +648,7 @@ class ucp_groups
}
else
{
$group_name = $group_row['group_name'];
$group_desc_data = generate_text_for_edit($group_row['group_desc'], $group_row['group_desc_uid'], $group_row['group_desc_options']);
$group_type = $group_row['group_type'];
$group_rank = $group_row['group_rank'];
}
@ -654,8 +671,6 @@ class ucp_groups
$type_closed = ($group_type == GROUP_CLOSED) ? ' checked="checked"' : '';
$type_hidden = ($group_type == GROUP_HIDDEN) ? ' checked="checked"' : '';
$avatar_img = (!empty($group_row['group_avatar'])) ? get_user_avatar($group_row['group_avatar'], $group_row['group_avatar_type'], $group_row['group_avatar_width'], $group_row['group_avatar_height'], 'GROUP_AVATAR') : '<img src="' . $phpbb_root_path . 'adm/images/no_avatar.gif" alt="" />';
$display_gallery = (isset($_POST['display_gallery'])) ? true : false;
if ($config['allow_avatar_local'] && $display_gallery)
@ -665,7 +680,6 @@ class ucp_groups
$avatars_enabled = ($can_upload || ($config['allow_avatar_local'] || $config['allow_avatar_remote'])) ? true : false;
$template->assign_vars(array(
'S_EDIT' => true,
'S_INCLUDE_SWATCH' => true,
@ -678,23 +692,17 @@ class ucp_groups
'S_IN_GALLERY' => ($config['allow_avatar_local'] && $display_gallery) ? true : false,
'ERROR_MSG' => (sizeof($error)) ? implode('<br />', $error) : '',
'GROUP_NAME' => ($group_type == GROUP_SPECIAL) ? $user->lang['G_' . $group_name] : $group_name,
'GROUP_INTERNAL_NAME' => $group_name,
'GROUP_DESC' => $group_desc_data['text'],
'GROUP_RECEIVE_PM' => (isset($group_row['group_receive_pm']) && $group_row['group_receive_pm']) ? ' checked="checked"' : '',
'GROUP_MESSAGE_LIMIT' => (isset($group_row['group_message_limit'])) ? $group_row['group_message_limit'] : 0,
'GROUP_COLOUR' => (isset($group_row['group_colour'])) ? $group_row['group_colour'] : '',
'GROUP_MAX_RECIPIENTS' => (isset($group_row['group_max_recipients'])) ? $group_row['group_max_recipients'] : 0,
'GROUP_DESC' => $group_desc_data['text'],
'S_DESC_BBCODE_CHECKED' => $group_desc_data['allow_bbcode'],
'S_DESC_URLS_CHECKED' => $group_desc_data['allow_urls'],
'S_DESC_SMILIES_CHECKED'=> $group_desc_data['allow_smilies'],
'S_RANK_OPTIONS' => $rank_options,
'AVATAR' => $avatar_img,
'AVATAR_IMAGE' => $avatar_img,
'AVATAR_MAX_FILESIZE' => $config['avatar_filesize'],
'AVATAR_WIDTH' => (isset($group_row['group_avatar_width'])) ? $group_row['group_avatar_width'] : '',
'AVATAR_HEIGHT' => (isset($group_row['group_avatar_height'])) ? $group_row['group_avatar_height'] : '',
'GROUP_TYPE_FREE' => GROUP_FREE,
'GROUP_TYPE_OPEN' => GROUP_OPEN,
@ -741,7 +749,7 @@ class ucp_groups
WHERE ug.group_id = $group_id
AND u.user_id = ug.user_id
AND ug.group_leader = 1
ORDER BY ug.group_leader DESC, ug.user_pending ASC, u.username_clean";
ORDER BY ug.user_pending DESC, u.username_clean";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@ -774,10 +782,11 @@ class ucp_groups
WHERE ug.group_id = $group_id
AND u.user_id = ug.user_id
AND ug.group_leader = 0
ORDER BY ug.group_leader DESC, ug.user_pending ASC, u.username_clean";
ORDER BY ug.user_pending DESC, u.username_clean";
$result = $db->sql_query_limit($sql, $config['topics_per_page'], $start);
$pending = false;
$approved = false;
while ($row = $db->sql_fetchrow($result))
{
@ -786,9 +795,19 @@ class ucp_groups
$template->assign_block_vars('member', array(
'S_PENDING' => true)
);
$template->assign_var('S_PENDING_SET', true);
$pending = true;
}
else if (!$row['user_pending'] && !$approved)
{
$template->assign_block_vars('member', array(
'S_APPROVED' => true)
);
$template->assign_var('S_APPROVED_SET', true);
$approved = true;
}
$template->assign_block_vars('member', array(
'USERNAME' => $row['username'],

5
phpBB/includes/ucp/ucp_main.php
View file

@ -237,7 +237,10 @@ class ucp_main
$l_unwatch .= '_TOPICS';
}
$msg = $user->lang['UNWATCHED' . $l_unwatch];
}
else
{
$msg = $user->lang['NO_WATCHED_SELECTED'];
}
}
else

143
phpBB/includes/ucp/ucp_pm_compose.php
View file

@ -25,6 +25,10 @@ function compose_pm($id, $mode, $action)
global $template, $db, $auth, $user;
global $phpbb_root_path, $phpEx, $config;
// Damn php and globals - i know, this is horrible
// Needed for handle_message_list_actions()
global $refresh, $submit, $preview;
include($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
include($phpbb_root_path . 'includes/message_parser.' . $phpEx);
@ -45,6 +49,11 @@ function compose_pm($id, $mode, $action)
// Do NOT use request_var or specialchars here
$address_list = isset($_REQUEST['address_list']) ? $_REQUEST['address_list'] : array();
if (!is_array($address_list))
{
$address_list = array();
}
$submit = (isset($_POST['post'])) ? true : false;
$preview = (isset($_POST['preview'])) ? true : false;
$save = (isset($_POST['save'])) ? true : false;
@ -79,7 +88,8 @@ function compose_pm($id, $mode, $action)
// Output PM_TO box if message composing
if ($action != 'edit')
{
if ($config['allow_mass_pm'] && $auth->acl_get('u_masspm'))
// Add groups to PM box
if ($config['allow_mass_pm'] && $auth->acl_get('u_masspm_group'))
{
$sql = 'SELECT g.group_id, g.group_name, g.group_type
FROM ' . GROUPS_TABLE . ' g';
@ -112,7 +122,7 @@ function compose_pm($id, $mode, $action)
$template->assign_vars(array(
'S_SHOW_PM_BOX' => true,
'S_ALLOW_MASS_PM' => ($config['allow_mass_pm'] && $auth->acl_get('u_masspm')) ? true : false,
'S_GROUP_OPTIONS' => ($config['allow_mass_pm'] && $auth->acl_get('u_masspm')) ? $group_options : '',
'S_GROUP_OPTIONS' => ($config['allow_mass_pm'] && $auth->acl_get('u_masspm_group')) ? $group_options : '',
'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=searchuser&amp;form=postform&amp;field=username_list&amp;select_single=$select_single"),
));
}
@ -281,7 +291,24 @@ function compose_pm($id, $mode, $action)
if (($action == 'reply' || $action == 'quote' || $action == 'quotepost') && !sizeof($address_list) && !$refresh && !$submit && !$preview)
{
$address_list = array('u' => array($post['author_id'] => 'to'));
if ($action == 'quotepost')
{
$address_list = array('u' => array($post['author_id'] => 'to'));
}
else
{
// We try to include every previously listed member from the TO Header
$address_list = rebuild_header(array('to' => $post['to_address']));
// Add the author (if he is already listed then this is no shame (it will be overwritten))
$address_list['u'][$post['author_id']] = 'to';
// Now, make sure the user itself is not listed. ;)
if (isset($address_list['u'][$user->data['user_id']]))
{
unset($address_list['u'][$user->data['user_id']]);
}
}
}
else if ($action == 'edit' && !sizeof($address_list) && !$refresh && !$submit && !$preview)
{
@ -315,7 +342,7 @@ function compose_pm($id, $mode, $action)
$check_value = 0;
}
if (($to_group_id || isset($address_list['g'])) && (!$config['allow_mass_pm'] || !$auth->acl_get('u_masspm')))
if (($to_group_id || isset($address_list['g'])) && (!$config['allow_mass_pm'] || !$auth->acl_get('u_masspm_group')))
{
trigger_error('NO_AUTH_GROUP_MESSAGE');
}
@ -380,14 +407,58 @@ function compose_pm($id, $mode, $action)
redirect(append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;mode=view&amp;action=view_message&amp;p=' . $msg_id));
}
// Get maximum number of allowed recipients
$sql = 'SELECT MAX(g.group_max_recipients) as max_recipients
FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . ' ug
WHERE ug.user_id = ' . $user->data['user_id'] . '
AND ug.user_pending = 0
AND ug.group_id = g.group_id';
$result = $db->sql_query($sql);
$max_recipients = (int) $db->sql_fetchfield('max_recipients');
$db->sql_freeresult($result);
$max_recipients = (!$max_recipients) ? $config['pm_max_recipients'] : $max_recipients;
// If this is a quote/reply "to all"... we may increase the max_recpients to the number of original recipients
if (($action == 'reply' || $action == 'quote') && $max_recipients)
{
// We try to include every previously listed member from the TO Header
$list = rebuild_header(array('to' => $post['to_address']));
$list = $list['u'];
$list[$post['author_id']] = 'to';
if (isset($list[$user->data['user_id']]))
{
unset($list[$user->data['user_id']]);
}
$max_recipients = ($max_recipients < sizeof($list)) ? sizeof($list) : $max_recipients;
unset($list);
}
// Handle User/Group adding/removing
handle_message_list_actions($address_list, $error, $remove_u, $remove_g, $add_to, $add_bcc);
// Check for too many recipients
// Check mass pm to group permission
if ((!$config['allow_mass_pm'] || !$auth->acl_get('u_masspm_group')) && !empty($address_list['g']))
{
$address_list = array();
$error[] = $user->lang['NO_AUTH_GROUP_MESSAGE'];
}
// Check mass pm to users permission
if ((!$config['allow_mass_pm'] || !$auth->acl_get('u_masspm')) && num_recipients($address_list) > 1)
{
$address_list = get_recipient_pos($address_list, 1);
$error[] = $user->lang['TOO_MANY_RECIPIENTS'];
$address_list = get_recipients($address_list, 1);
$error[] = $user->lang('TOO_MANY_RECIPIENTS', 1);
}
// Check for too many recipients
if (!empty($address_list['u']) && $max_recipients && sizeof($address_list['u']) > $max_recipients)
{
$address_list = get_recipients($address_list, $max_recipients);
$error[] = $user->lang('TOO_MANY_RECIPIENTS', $max_recipients);
}
// Always check if the submitted attachment data is valid and belongs to the user.
@ -762,7 +833,7 @@ function compose_pm($id, $mode, $action)
$forward_text[] = sprintf($user->lang['FWD_FROM'], $quote_username_text);
$forward_text[] = sprintf($user->lang['FWD_TO'], implode(', ', $fwd_to_field['to']));
$message_parser->message = implode("\n", $forward_text) . "\n\n[quote=\"{$quote_username}\"]\n" . censor_text(trim($message_parser->message)) . "\n[/quote]";
$message_parser->message = implode("\n", $forward_text) . "\n\n[quote=&quot;{$quote_username}&quot;]\n" . censor_text(trim($message_parser->message)) . "\n[/quote]";
$message_subject = ((!preg_match('/^Fwd:/', $message_subject)) ? 'Fwd: ' : '') . censor_text($message_subject);
}
@ -932,7 +1003,7 @@ function compose_pm($id, $mode, $action)
$s_hidden_fields .= (isset($check_value)) ? '<input type="hidden" name="status_switch" value="' . $check_value . '" />' : '';
$s_hidden_fields .= ($draft_id || isset($_REQUEST['draft_loaded'])) ? '<input type="hidden" name="draft_loaded" value="' . ((isset($_REQUEST['draft_loaded'])) ? intval($_REQUEST['draft_loaded']) : $draft_id) . '" />' : '';
$form_enctype = (@ini_get('file_uploads') == '0' || strtolower(@ini_get('file_uploads')) == 'off' || @ini_get('file_uploads') == '0' || !$config['allow_pm_attach'] || !$auth->acl_get('u_pm_attach')) ? '' : ' enctype="multipart/form-data"';
$form_enctype = (@ini_get('file_uploads') == '0' || strtolower(@ini_get('file_uploads')) == 'off' || !$config['allow_pm_attach'] || !$auth->acl_get('u_pm_attach')) ? '' : ' enctype="multipart/form-data"';
// Start assigning vars for main posting page ...
$template->assign_vars(array(
@ -949,6 +1020,7 @@ function compose_pm($id, $mode, $action)
'URL_STATUS' => ($url_status) ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'],
'MINI_POST_IMG' => $user->img('icon_post_target', $user->lang['PM']),
'ERROR' => (sizeof($error)) ? implode('<br />', $error) : '',
'MAX_RECIPIENTS' => ($config['allow_mass_pm'] && ($auth->acl_get('u_masspm') || $auth->acl_get('u_masspm_group'))) ? $max_recipients : 0,
'S_COMPOSE_PM' => true,
'S_EDIT_POST' => ($action == 'edit'),
@ -982,11 +1054,11 @@ function compose_pm($id, $mode, $action)
// Build custom bbcodes array
display_custom_bbcodes();
// Show attachment box for adding attachments if true
$allowed = ($auth->acl_get('u_pm_attach') && $config['allow_pm_attach'] && $form_enctype);
// Attachment entry
if ($auth->acl_get('u_pm_attach') && $config['allow_pm_attach'] && $form_enctype)
{
posting_gen_attachment_entry($attachment_data, $filename_data);
}
posting_gen_attachment_entry($attachment_data, $filename_data, $allowed);
// Message History
if ($action == 'reply' || $action == 'quote' || $action == 'forward')
@ -1027,14 +1099,33 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove
}
}
// Add Selected Groups
$group_list = request_var('group_list', array(0));
// Build usernames to add
$usernames = (isset($_REQUEST['username'])) ? array(request_var('username', '', true)) : array();
$username_list = request_var('username_list', '', true);
if ($username_list)
{
$usernames = array_merge($usernames, explode("\n", $username_list));
}
// If add to or add bcc not pressed, users could still have usernames listed they want to add...
if (!$add_to && !$add_bcc && (sizeof($group_list) || sizeof($usernames)))
{
$add_to = true;
global $refresh, $submit, $preview;
$refresh = $preview = true;
$submit = false;
}
// Add User/Group [TO]
if ($add_to || $add_bcc)
{
$type = ($add_to) ? 'to' : 'bcc';
// Add Selected Groups
$group_list = request_var('group_list', array(0));
if (sizeof($group_list))
{
foreach ($group_list as $group_id)
@ -1046,14 +1137,6 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove
// User ID's to add...
$user_id_ary = array();
// Build usernames to add
$usernames = (isset($_REQUEST['username'])) ? array(request_var('username', '', true)) : array();
$username_list = request_var('username_list', '', true);
if ($username_list)
{
$usernames = array_merge($usernames, explode("\n", $username_list));
}
// Reveal the correct user_ids
if (sizeof($usernames))
{
@ -1068,7 +1151,7 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove
}
// Add Friends if specified
$friend_list = (is_array($_REQUEST['add_' . $type])) ? array_map('intval', array_keys($_REQUEST['add_' . $type])) : array();
$friend_list = (isset($_REQUEST['add_' . $type]) && is_array($_REQUEST['add_' . $type])) ? array_map('intval', array_keys($_REQUEST['add_' . $type])) : array();
$user_id_ary = array_merge($user_id_ary, $friend_list);
foreach ($user_id_ary as $user_id)
@ -1144,22 +1227,22 @@ function num_recipients($address_list)
}
/**
* Get recipient at position 'pos'
* Get number of 'num_recipients' recipients from first position
*/
function get_recipient_pos($address_list, $position = 1)
function get_recipients($address_list, $num_recipients = 1)
{
$recipient = array();
$count = 1;
$count = 0;
foreach ($address_list as $field => $adr_ary)
{
foreach ($adr_ary as $id => $type)
{
if ($count == $position)
if ($count >= $num_recipients)
{
$recipient[$field][$id] = $type;
break 2;
}
$recipient[$field][$id] = $type;
$count++;
}
}

6
phpBB/includes/ucp/ucp_pm_viewfolder.php
View file

@ -511,9 +511,9 @@ function get_pm_from($folder_id, $folder, $user_id)
'S_SELECT_SORT_DAYS' => $s_limit_days,
'S_TOPIC_ICONS' => ($config['enable_pm_icons']) ? true : false,
'U_POST_NEW_TOPIC' => ($auth->acl_get('u_sendpm')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;mode=compose') : '',
'S_PM_ACTION' => append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&amp;mode=view&amp;action=view_folder&amp;f=$folder_id"))
);
'U_POST_NEW_TOPIC' => ($auth->acl_get('u_sendpm')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;mode=compose') : '',
'S_PM_ACTION' => append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&amp;mode=view&amp;action=view_folder&amp;f=$folder_id" . (($start !== 0) ? "&amp;start=$start" : '')),
));
// Grab all pm data
$rowset = $pm_list = array();

8
phpBB/includes/ucp/ucp_prefs.php
View file

@ -53,6 +53,12 @@ class ucp_prefs
'allowpm' => request_var('allowpm', (bool) $user->data['user_allow_pm']),
);
if ($data['notifymethod'] == NOTIFY_IM && (!$config['jab_enable'] || !$user->data['user_jabber'] || !@extension_loaded('xml')))
{
// Jabber isnt enabled, or no jabber field filled in. Update the users table to be sure its correct.
$data['notifymethod'] = NOTIFY_BOTH;
}
if ($submit)
{
$data['style'] = ($config['override_user_style']) ? $config['default_style'] : $data['style'];
@ -294,7 +300,7 @@ class ucp_prefs
'bbcode' => request_var('bbcode', $user->optionget('bbcode')),
'smilies' => request_var('smilies', $user->optionget('smilies')),
'sig' => request_var('sig', $user->optionget('attachsig')),
'notify' => request_var('notify', $user->data['user_notify']),
'notify' => request_var('notify', (bool) $user->data['user_notify']),
);
add_form_key('ucp_prefs_post');

22
phpBB/includes/ucp/ucp_profile.php
View file

@ -315,7 +315,7 @@ class ucp_profile
'website' => array(
array('string', true, 12, 255),
array('match', true, '#^http[s]?://(.*?\.)*?[a-z0-9\-]+\.[a-z]{2,4}#i')),
'location' => array('string', true, 2, 255),
'location' => array('string', true, 2, 100),
'occupation' => array('string', true, 2, 500),
'interests' => array('string', true, 2, 500),
);
@ -347,6 +347,15 @@ class ucp_profile
if (!sizeof($error))
{
$data['notify'] = $user->data['user_notify_type'];
if (!$config['jab_enable'] || !$data['jabber'] || !@extension_loaded('xml'))
{
// User has not filled in a jabber address (Or one of the modules is disabled or jabber is disabled)
// Disable notify by Jabber now for this user.
$data['notify'] = NOTIFY_BOTH;
}
$sql_ary = array(
'user_icq' => $data['icq'],
'user_aim' => $data['aim'],
@ -357,6 +366,7 @@ class ucp_profile
'user_from' => $data['location'],
'user_occ' => $data['occupation'],
'user_interests'=> $data['interests'],
'user_notify_type' => $data['notify'],
);
if ($config['allow_birthdays'])
@ -418,7 +428,7 @@ class ucp_profile
$now = getdate();
$s_birthday_year_options = '<option value="0"' . ((!$data['bday_year']) ? ' selected="selected"' : '') . '>--</option>';
for ($i = $now['year'] - 100; $i < $now['year']; $i++)
for ($i = $now['year'] - 100; $i <= $now['year']; $i++)
{
$selected = ($i == $data['bday_year']) ? ' selected="selected"' : '';
$s_birthday_year_options .= "<option value=\"$i\"$selected>$i</option>";
@ -460,7 +470,7 @@ class ucp_profile
{
trigger_error('NO_AUTH_SIGNATURE');
}
include($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
@ -589,9 +599,9 @@ class ucp_profile
'ERROR' => (sizeof($error)) ? implode('<br />', $error) : '',
'AVATAR' => get_user_avatar($user->data['user_avatar'], $user->data['user_avatar_type'], $user->data['user_avatar_width'], $user->data['user_avatar_height']),
'AVATAR_SIZE' => $config['avatar_filesize'],
'U_GALLERY' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=profile&amp;mode=avatar&amp;display_gallery=1'),
'S_FORM_ENCTYPE' => ($can_upload) ? ' enctype="multipart/form-data"' : '',
'L_AVATAR_EXPLAIN' => sprintf($user->lang['AVATAR_EXPLAIN'], $config['avatar_max_width'], $config['avatar_max_height'], $config['avatar_filesize'] / 1024),
@ -604,7 +614,7 @@ class ucp_profile
else
{
$avatars_enabled = ($can_upload || ($auth->acl_get('u_chgavatar') && ($config['allow_avatar_local'] || $config['allow_avatar_remote']))) ? true : false;
$template->assign_vars(array(
'AVATAR_WIDTH' => request_var('width', $user->data['user_avatar_width']),
'AVATAR_HEIGHT' => request_var('height', $user->data['user_avatar_height']),

7
phpBB/includes/ucp/ucp_register.php
View file

@ -43,7 +43,7 @@ class ucp_register
$submit = (isset($_POST['submit'])) ? true : false;
$change_lang = request_var('change_lang', '');
$user_lang = request_var('lang', $user->lang_name);
if ($agreed)
{
add_form_key('ucp_register');
@ -58,7 +58,7 @@ class ucp_register
{
$use_lang = ($change_lang) ? basename($change_lang) : basename($user_lang);
if (file_exists($phpbb_root_path . 'language/' . $use_lang . '/'))
if (file_exists($user->lang_path . $use_lang . '/'))
{
if ($change_lang)
{
@ -69,7 +69,6 @@ class ucp_register
}
$user->lang_name = $lang = $use_lang;
$user->lang_path = $phpbb_root_path . 'language/' . $lang . '/';
$user->lang = array();
$user->add_lang(array('common', 'ucp'));
}
@ -471,7 +470,7 @@ class ucp_register
if (!$change_lang || !$confirm_id)
{
$user->confirm_gc(CONFIRM_REG);
$sql = 'SELECT COUNT(session_id) AS attempts
FROM ' . CONFIRM_TABLE . "
WHERE session_id = '" . $db->sql_escape($user->session_id) . "'

11
phpBB/includes/ucp/ucp_remind.php
View file

@ -36,7 +36,7 @@ class ucp_remind
if ($submit)
{
$sql = 'SELECT user_id, username, user_email, user_jabber, user_notify_type, user_type, user_lang, user_inactive_reason
$sql = 'SELECT user_id, username, user_permissions, user_email, user_jabber, user_notify_type, user_type, user_lang, user_inactive_reason
FROM ' . USERS_TABLE . "
WHERE user_email = '" . $db->sql_escape($email) . "'
AND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
@ -66,6 +66,15 @@ class ucp_remind
}
}
// Check users permissions
$auth2 = new auth();
$auth2->acl($user_row);
if (!$auth2->acl_get('u_chgpasswd'))
{
trigger_error('NO_AUTH_PASSWORD_REMINDER');
}
$server_url = generate_board_url();
$key_len = 54 - strlen($server_url);

13
phpBB/index.php
View file

@ -60,22 +60,25 @@ else
}
$result = $db->sql_query($sql);
$legend = '';
$legend = array();
while ($row = $db->sql_fetchrow($result))
{
$colour_text = ($row['group_colour']) ? ' style="color:#' . $row['group_colour'] . '"' : '';
$group_name = ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name'];
if ($row['group_name'] == 'BOTS')
if ($row['group_name'] == 'BOTS' || ($user->data['user_id'] != ANONYMOUS && !$auth->acl_get('u_viewprofile')))
{
$legend .= (($legend != '') ? ', ' : '') . '<span' . $colour_text . '>' . $user->lang['G_BOTS'] . '</span>';
$legend[] = '<span' . $colour_text . '>' . $group_name . '</span>';
}
else
{
$legend .= (($legend != '') ? ', ' : '') . '<a' . $colour_text . ' href="' . append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=group&amp;g=' . $row['group_id']) . '">' . (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</a>';
$legend[] = '<a' . $colour_text . ' href="' . append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=group&amp;g=' . $row['group_id']) . '">' . $group_name . '</a>';
}
}
$db->sql_freeresult($result);
$legend = implode(', ', $legend);
// Generate birthday list if required ...
$birthday_list = '';
if ($config['load_birthdays'] && $config['allow_birthdays'])
@ -117,7 +120,7 @@ $template->assign_vars(array(
'S_LOGIN_ACTION' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=login'),
'S_DISPLAY_BIRTHDAY_LIST' => ($config['load_birthdays']) ? true : false,
'U_MARK_FORUMS' => ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}index.$phpEx", 'mark=forums') : '',
'U_MARK_FORUMS' => ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}index.$phpEx", 'hash=' . generate_link_hash('global') . '&amp;mark=forums') : '',
'U_MCP' => ($auth->acl_get('m_') || $auth->acl_getf_global('m_')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main&amp;mode=front', true, $user->session_id) : '')
);

2
phpBB/install/convertors/convert_phpbb20.php
View file

@ -32,7 +32,7 @@ unset($dbpasswd);
$convertor_data = array(
'forum_name' => 'phpBB 2.0.x',
'version' => '1.0.2',
'phpbb_version' => '3.0.2',
'phpbb_version' => '3.0.3',
'author' => '<a href="http://www.phpbb.com/">phpBB Group</a>',
'dbms' => $dbms,
'dbhost' => $dbhost,

4
phpBB/install/convertors/functions_phpbb20.php
View file

@ -461,7 +461,7 @@ function phpbb_get_birthday($birthday = '')
}
// The birthday mod from niels is using this code to transform to day/month/year
return gmdate('d-m-Y', $birthday * 86400 + 1);
return sprintf('%2d-%2d-%4d', gmdate('n', $birthday * 86400 + 1), gmdate('j', $birthday * 86400 + 1), gmdate('Y', $birthday * 86400 + 1));
}
}
@ -1710,7 +1710,7 @@ function phpbb_check_username_collisions()
break;
case 'mysql4':
if (version_compare($db->mysql_version, '4.1.3', '>='))
if (version_compare($db->sql_server_info(true), '4.1.3', '>='))
{
$map_dbms = 'mysql_41';
}

121
phpBB/install/database_update.php
View file

@ -8,7 +8,7 @@
*
*/
$updates_to_version = '3.0.2';
$updates_to_version = '3.0.3-RC1';
// Return if we "just include it" to find out for which version the database update is responsible for
if (defined('IN_PHPBB') && defined('IN_INSTALL'))
@ -531,6 +531,20 @@ $database_update_info = array(
),
// No changes from 3.0.2-RC2 to 3.0.2
'3.0.2-RC2' => array(),
// Changes from 3.0.2 to 3.0.3-RC1
'3.0.2' => array(
// Add the following columns
'add_columns' => array(
STYLES_TEMPLATE_TABLE => array(
'template_inherits_id' => array('UINT:4', 0),
'template_inherit_path' => array('VCHAR', ''),
),
GROUPS_TABLE => array(
'group_max_recipients' => array('UINT', 0),
),
),
),
);
// Determine mapping database type
@ -541,7 +555,7 @@ switch ($db->sql_layer)
break;
case 'mysql4':
if (version_compare($db->mysql_version, '4.1.3', '>='))
if (version_compare($db->sql_server_info(true), '4.1.3', '>='))
{
$map_dbms = 'mysql_41';
}
@ -1402,7 +1416,7 @@ if (function_exists('exit_handler'))
*/
function change_database_data(&$no_updates, $version)
{
global $db, $map_dbms, $errored, $error_ary, $config, $phpbb_root_path;
global $db, $map_dbms, $errored, $error_ary, $config, $phpbb_root_path, $phpEx;
switch ($version)
{
@ -1820,6 +1834,107 @@ function change_database_data(&$no_updates, $version)
// No changes from 3.0.2-RC2 to 3.0.2
case '3.0.2-RC2':
break;
// Changes from 3.0.2 to 3.0.3-RC1
case '3.0.2':
set_config('enable_queue_trigger', '0');
set_config('queue_trigger_posts', '3');
set_config('pm_max_recipients', '0');
// Set maximum number of recipients for the registered users, bots, guests group
$sql = 'UPDATE ' . GROUPS_TABLE . ' SET group_max_recipients = 5
WHERE ' . $db->sql_in_set('group_name', array('GUESTS', 'REGISTERED', 'REGISTERED_COPPA', 'BOTS'));
_sql($sql, $errored, $error_ary);
// Not prefilling yet
set_config('dbms_version', '');
// Add new permission u_masspm_group and duplicate settings from u_masspm
include_once($phpbb_root_path . 'includes/acp/auth.' . $phpEx);
$auth_admin = new auth_admin();
// Only add the new permission if it does not already exist
if (empty($auth_admin->acl_options['id']['u_masspm_group']))
{
$auth_admin->acl_add_option(array('global' => array('u_masspm_group')));
// Now the tricky part, filling the permission
$old_id = $auth_admin->acl_options['id']['u_masspm'];
$new_id = $auth_admin->acl_options['id']['u_masspm_group'];
$tables = array(ACL_GROUPS_TABLE, ACL_ROLES_DATA_TABLE, ACL_USERS_TABLE);
foreach ($tables as $table)
{
$sql = 'SELECT *
FROM ' . $table . '
WHERE auth_option_id = ' . $old_id;
$result = _sql($sql, $errored, $error_ary);
$sql_ary = array();
while ($row = $db->sql_fetchrow($result))
{
$row['auth_option_id'] = $new_id;
$sql_ary[] = $row;
}
$db->sql_freeresult($result);
if (sizeof($sql_ary))
{
$db->sql_multi_insert($table, $sql_ary);
}
}
// Remove any old permission entries
$auth_admin->acl_clear_prefetch();
}
/**
* Do not resync post counts here. An admin may do this later from the ACP
$start = 0;
$step = ($config['num_posts']) ? (max((int) ($config['num_posts'] / 5), 20000)) : 20000;
$sql = 'UPDATE ' . USERS_TABLE . ' SET user_posts = 0';
_sql($sql, $errored, $error_ary);
do
{
$sql = 'SELECT COUNT(post_id) AS num_posts, poster_id
FROM ' . POSTS_TABLE . '
WHERE post_id BETWEEN ' . ($start + 1) . ' AND ' . ($start + $step) . '
AND post_postcount = 1 AND post_approved = 1
GROUP BY poster_id';
$result = _sql($sql, $errored, $error_ary);
if ($row = $db->sql_fetchrow($result))
{
do
{
$sql = 'UPDATE ' . USERS_TABLE . " SET user_posts = user_posts + {$row['num_posts']} WHERE user_id = {$row['poster_id']}";
_sql($sql, $errored, $error_ary);
}
while ($row = $db->sql_fetchrow($result));
$start += $step;
}
else
{
$start = 0;
}
$db->sql_freeresult($result);
}
while ($start);
*/
$sql = 'UPDATE ' . MODULES_TABLE . '
SET module_auth = \'acl_a_email && cfg_email_enable\'
WHERE module_class = \'acp\'
AND module_basename = \'email\'';
_sql($sql, $errored, $error_ary);
$no_updates = false;
break;
}
}

15
phpBB/install/index.php
View file

@ -108,7 +108,7 @@ if (version_compare(PHP_VERSION, '6.0.0-dev', '>='))
}
else
{
set_magic_quotes_runtime(0);
@set_magic_quotes_runtime(0);
// Be paranoid with passed vars
if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on')
@ -230,6 +230,14 @@ include($phpbb_root_path . 'language/' . $language . '/acp/board.' . $phpEx);
include($phpbb_root_path . 'language/' . $language . '/install.' . $phpEx);
include($phpbb_root_path . 'language/' . $language . '/posting.' . $phpEx);
// usually we would need every single constant here - and it would be consistent. For 3.0.x, use a dirty hack... :(
// Define needed constants
define('CHMOD_ALL', 7);
define('CHMOD_READ', 4);
define('CHMOD_WRITE', 2);
define('CHMOD_EXECUTE', 1);
$mode = request_var('mode', 'overview');
$sub = request_var('sub', '');
@ -336,11 +344,6 @@ class module
foreach ($module as $row)
{
// Check any module pre-reqs
if ($row['module_reqs'] != '')
{
}
// Module order not specified or module already assigned at this position?
if (!isset($row['module_order']) || isset($this->module_ary[$row['module_order']]))
{

2
phpBB/install/install_convert.php
View file

@ -685,7 +685,7 @@ class install_convert extends module
// Thanks MySQL, for silently converting...
case 'mysql':
case 'mysql4':
if (version_compare($src_db->mysql_version, '4.1.3', '>='))
if (version_compare($src_db->sql_server_info(true), '4.1.3', '>='))
{
$convert->mysql_convert = true;
}

32
phpBB/install/install_install.php
View file

@ -398,7 +398,7 @@ class install_install extends module
$location .= '/';
}
if (@is_readable($location . 'mogrify' . $exe) && @filesize($location . 'mogrify' . $exe) > 3000)
if (@file_exists($location) && @is_readable($location . 'mogrify' . $exe) && @filesize($location . 'mogrify' . $exe) > 3000)
{
$img_imagick = str_replace('\\', '/', $location);
continue;
@ -438,16 +438,13 @@ class install_install extends module
if (!file_exists($phpbb_root_path . $dir))
{
@mkdir($phpbb_root_path . $dir, 0777);
@chmod($phpbb_root_path . $dir, 0777);
phpbb_chmod($phpbb_root_path . $dir, CHMOD_READ | CHMOD_WRITE);
}
// Now really check
if (file_exists($phpbb_root_path . $dir) && is_dir($phpbb_root_path . $dir))
{
if (!@is_writable($phpbb_root_path . $dir))
{
@chmod($phpbb_root_path . $dir, 0777);
}
phpbb_chmod($phpbb_root_path . $dir, CHMOD_READ | CHMOD_WRITE);
$exists = true;
}
@ -877,7 +874,7 @@ class install_install extends module
}
@fclose($fp);
@chmod($phpbb_root_path . 'cache/install_lock', 0666);
@chmod($phpbb_root_path . 'cache/install_lock', 0777);
$load_extensions = implode(',', $load_extensions);
@ -930,7 +927,8 @@ class install_install extends module
if ($written)
{
@chmod($phpbb_root_path . 'config.' . $phpEx, 0644);
// We may revert back to chmod() if we see problems with users not able to change their config.php file directly
phpbb_chmod($phpbb_root_path . 'config.' . $phpEx, CHMOD_READ);
}
}
@ -1120,6 +1118,7 @@ class install_install extends module
// HTTP_HOST is having the correct browser url in most cases...
$server_name = (!empty($_SERVER['HTTP_HOST'])) ? strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
$referer = (!empty($_SERVER['HTTP_REFERER'])) ? strtolower($_SERVER['HTTP_REFERER']) : getenv('HTTP_REFERER');
// HTTP HOST can carry a port number...
if (strpos($server_name, ':') !== false)
@ -1159,7 +1158,7 @@ class install_install extends module
// If mysql is chosen, we need to adjust the schema filename slightly to reflect the correct version. ;)
if ($data['dbms'] == 'mysql')
{
if (version_compare($db->mysql_version, '4.1.3', '>='))
if (version_compare($db->sql_server_info(true), '4.1.3', '>='))
{
$available_dbms[$data['dbms']]['SCHEMA'] .= '_41';
}
@ -1365,6 +1364,10 @@ class install_install extends module
'UPDATE ' . $data['table_prefix'] . "forums
SET forum_last_post_time = $current_time",
'UPDATE ' . $data['table_prefix'] . "config
SET config_value = '" . $db->sql_escape($db->sql_server_info(true)) . "'
WHERE config_name = 'dbms_version'",
);
if (@extension_loaded('gd') || can_load_dll('gd'))
@ -1374,6 +1377,15 @@ class install_install extends module
WHERE config_name = 'captcha_gd'";
}
$ref = substr($referer, strpos($referer, '://') + 3);
if (!(stripos($ref, $server_name) === 0))
{
$sql_ary[] = 'UPDATE ' . $data['table_prefix'] . "config
SET config_value = '0'
WHERE config_name = 'referer_validation'";
}
// We set a (semi-)unique cookie name to bypass login issues related to the cookie name.
$cookie_name = 'phpbb3_';
$rand_str = md5(mt_rand());
@ -1478,7 +1490,7 @@ class install_install extends module
include_once($phpbb_root_path . 'includes/acp/acp_modules.' . $phpEx);
$_module = &new acp_modules();
$_module = new acp_modules();
$module_classes = array('acp', 'mcp', 'ucp');
// Add categories

25
phpBB/install/install_update.php
View file

@ -896,8 +896,9 @@ class install_update extends module
'S_FTP_UPLOAD' => true,
'UPLOAD_METHOD' => $method,
'U_ACTION' => append_sid($this->p_master->module_url, "mode=$mode&amp;sub=update_files"),
'S_HIDDEN_FIELDS' => $s_hidden_fields)
);
'U_DOWNLOAD_METHOD' => append_sid($this->p_master->module_url, "mode=$mode&amp;sub=update_files&amp;download=1"),
'S_HIDDEN_FIELDS' => $s_hidden_fields,
));
return;
}
@ -1106,7 +1107,7 @@ class install_update extends module
'file2' => ($option == MERGE_NEW_FILE) ? implode("\n", $diff->merged_new_output()) : implode("\n", $diff->merged_orig_output()),
);
$diff = &new diff($tmp['file1'], $tmp['file2']);
$diff = new diff($tmp['file1'], $tmp['file2']);
unset($tmp);
@ -1183,7 +1184,7 @@ class install_update extends module
trigger_error('Chosen diff mode is not supported', E_USER_ERROR);
}
$renderer = &new $render_class();
$renderer = new $render_class();
$template->assign_vars(array(
'DIFF_CONTENT' => $renderer->get_diff_content($diff),
@ -1346,7 +1347,7 @@ class install_update extends module
);
// We need to diff the contents here to make sure the file is really the one we expect
$diff = &new diff($tmp['file1'], $tmp['file2'], false);
$diff = new diff($tmp['file1'], $tmp['file2'], false);
$empty = $diff->is_empty();
unset($tmp, $diff);
@ -1381,7 +1382,7 @@ class install_update extends module
);
// We need to diff the contents here to make sure the file is really the one we expect
$diff = &new diff($tmp['file1'], $tmp['file2'], false);
$diff = new diff($tmp['file1'], $tmp['file2'], false);
$empty_1 = $diff->is_empty();
unset($tmp, $diff);
@ -1392,7 +1393,7 @@ class install_update extends module
);
// We need to diff the contents here to make sure the file is really the one we expect
$diff = &new diff($tmp['file1'], $tmp['file2'], false);
$diff = new diff($tmp['file1'], $tmp['file2'], false);
$empty_2 = $diff->is_empty();
unset($tmp, $diff);
@ -1428,7 +1429,7 @@ class install_update extends module
'file3' => file_get_contents($this->new_location . $original_file),
);
$diff = &new diff3($tmp['file1'], $tmp['file2'], $tmp['file3'], false);
$diff = new diff3($tmp['file1'], $tmp['file2'], $tmp['file3'], false);
unset($tmp);
@ -1442,7 +1443,7 @@ class install_update extends module
'file2' => implode("\n", $diff->merged_orig_output()),
);
$diff = &new diff($tmp['file1'], $tmp['file2'], false);
$diff = new diff($tmp['file1'], $tmp['file2'], false);
$empty = $diff->is_empty();
if ($empty)
@ -1465,7 +1466,7 @@ class install_update extends module
);
// now compare the merged output with the original file to see if the modified file is up to date
$diff = &new diff($tmp['file1'], $tmp['file2'], false);
$diff = new diff($tmp['file1'], $tmp['file2'], false);
$empty = $diff->is_empty();
if ($empty)
@ -1634,11 +1635,11 @@ class install_update extends module
$file3 = array_shift($args);
$tmp['file3'] = (!empty($file3) && is_string($file3)) ? file_get_contents($file3) : $file3;
$diff = &new diff3($tmp['file1'], $tmp['file2'], $tmp['file3']);
$diff = new diff3($tmp['file1'], $tmp['file2'], $tmp['file3']);
}
else
{
$diff = &new diff($tmp['file1'], $tmp['file2']);
$diff = new diff($tmp['file1'], $tmp['file2']);
}
unset($tmp);

5
phpBB/install/schemas/firebird_schema.sql
View file

@ -440,6 +440,7 @@ CREATE TABLE phpbb_groups (
group_sig_chars INTEGER DEFAULT 0 NOT NULL,
group_receive_pm INTEGER DEFAULT 0 NOT NULL,
group_message_limit INTEGER DEFAULT 0 NOT NULL,
group_max_recipients INTEGER DEFAULT 0 NOT NULL,
group_legend INTEGER DEFAULT 1 NOT NULL
);;
@ -1076,7 +1077,9 @@ CREATE TABLE phpbb_styles_template (
template_copyright VARCHAR(255) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE,
template_path VARCHAR(100) CHARACTER SET NONE DEFAULT '' NOT NULL,
bbcode_bitfield VARCHAR(255) CHARACTER SET NONE DEFAULT 'kNg=' NOT NULL,
template_storedb INTEGER DEFAULT 0 NOT NULL
template_storedb INTEGER DEFAULT 0 NOT NULL,
template_inherits_id INTEGER DEFAULT 0 NOT NULL,
template_inherit_path VARCHAR(255) CHARACTER SET NONE DEFAULT '' NOT NULL
);;
ALTER TABLE phpbb_styles_template ADD PRIMARY KEY (template_id);;

5
phpBB/install/schemas/mssql_schema.sql
View file

@ -545,6 +545,7 @@ CREATE TABLE [phpbb_groups] (
[group_sig_chars] [int] DEFAULT (0) NOT NULL ,
[group_receive_pm] [int] DEFAULT (0) NOT NULL ,
[group_message_limit] [int] DEFAULT (0) NOT NULL ,
[group_max_recipients] [int] DEFAULT (0) NOT NULL ,
[group_legend] [int] DEFAULT (1) NOT NULL
) ON [PRIMARY]
GO
@ -1295,7 +1296,9 @@ CREATE TABLE [phpbb_styles_template] (
[template_copyright] [varchar] (255) DEFAULT ('') NOT NULL ,
[template_path] [varchar] (100) DEFAULT ('') NOT NULL ,
[bbcode_bitfield] [varchar] (255) DEFAULT ('kNg=') NOT NULL ,
[template_storedb] [int] DEFAULT (0) NOT NULL
[template_storedb] [int] DEFAULT (0) NOT NULL ,
[template_inherits_id] [int] DEFAULT (0) NOT NULL ,
[template_inherit_path] [varchar] (255) DEFAULT ('') NOT NULL
) ON [PRIMARY]
GO

3
phpBB/install/schemas/mysql_40_schema.sql
View file

@ -312,6 +312,7 @@ CREATE TABLE phpbb_groups (
group_sig_chars mediumint(8) UNSIGNED DEFAULT '0' NOT NULL,
group_receive_pm tinyint(1) UNSIGNED DEFAULT '0' NOT NULL,
group_message_limit mediumint(8) UNSIGNED DEFAULT '0' NOT NULL,
group_max_recipients mediumint(8) UNSIGNED DEFAULT '0' NOT NULL,
group_legend tinyint(1) UNSIGNED DEFAULT '1' NOT NULL,
PRIMARY KEY (group_id),
KEY group_legend_name (group_legend, group_name(255))
@ -739,6 +740,8 @@ CREATE TABLE phpbb_styles_template (
template_path varbinary(100) DEFAULT '' NOT NULL,
bbcode_bitfield varbinary(255) DEFAULT 'kNg=' NOT NULL,
template_storedb tinyint(1) UNSIGNED DEFAULT '0' NOT NULL,
template_inherits_id int(4) UNSIGNED DEFAULT '0' NOT NULL,
template_inherit_path varbinary(255) DEFAULT '' NOT NULL,
PRIMARY KEY (template_id),
UNIQUE tmplte_nm (template_name(255))
);

3
phpBB/install/schemas/mysql_41_schema.sql
View file

@ -312,6 +312,7 @@ CREATE TABLE phpbb_groups (
group_sig_chars mediumint(8) UNSIGNED DEFAULT '0' NOT NULL,
group_receive_pm tinyint(1) UNSIGNED DEFAULT '0' NOT NULL,
group_message_limit mediumint(8) UNSIGNED DEFAULT '0' NOT NULL,
group_max_recipients mediumint(8) UNSIGNED DEFAULT '0' NOT NULL,
group_legend tinyint(1) UNSIGNED DEFAULT '1' NOT NULL,
PRIMARY KEY (group_id),
KEY group_legend_name (group_legend, group_name)
@ -739,6 +740,8 @@ CREATE TABLE phpbb_styles_template (
template_path varchar(100) DEFAULT '' NOT NULL,
bbcode_bitfield varchar(255) DEFAULT 'kNg=' NOT NULL,
template_storedb tinyint(1) UNSIGNED DEFAULT '0' NOT NULL,
template_inherits_id int(4) UNSIGNED DEFAULT '0' NOT NULL,
template_inherit_path varchar(255) DEFAULT '' NOT NULL,
PRIMARY KEY (template_id),
UNIQUE tmplte_nm (template_name)
) CHARACTER SET `utf8` COLLATE `utf8_bin`;

Some files were not shown because too many files have changed in this diff Show more