diff --git a/phpBB/includes/bbcode.php b/phpBB/includes/bbcode.php index c31b63a403..e50011af03 100644 --- a/phpBB/includes/bbcode.php +++ b/phpBB/includes/bbcode.php @@ -221,8 +221,6 @@ class bbcode $db->sql_freeresult($result); } - // To perform custom second pass in extension, use $this->bbcode_second_pass_by_extension() - // method which accepts variable number of parameters foreach ($bbcode_ids as $bbcode_id) { switch ($bbcode_id) @@ -681,6 +679,8 @@ class bbcode * Accepts variable number of parameters * * @return mixed Second pass result + * + * @deprecated 3.2.10 (To be removed 4.0.0) */ function bbcode_second_pass_by_extension() { diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index eb120de7a4..12ac2adefc 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -3858,108 +3858,6 @@ function phpbb_optionset($bit, $set, $data) return $data; } -/** -* Login using http authenticate. -* -* @param array $param Parameter array, see $param_defaults array. -* -* @return null -*/ -function phpbb_http_login($param) -{ - global $auth, $user, $request; - global $config; - - $param_defaults = array( - 'auth_message' => '', - - 'autologin' => false, - 'viewonline' => true, - 'admin' => false, - ); - - // Overwrite default values with passed values - $param = array_merge($param_defaults, $param); - - // User is already logged in - // We will not overwrite his session - if (!empty($user->data['is_registered'])) - { - return; - } - - // $_SERVER keys to check - $username_keys = array( - 'PHP_AUTH_USER', - 'Authorization', - 'REMOTE_USER', 'REDIRECT_REMOTE_USER', - 'HTTP_AUTHORIZATION', 'REDIRECT_HTTP_AUTHORIZATION', - 'REMOTE_AUTHORIZATION', 'REDIRECT_REMOTE_AUTHORIZATION', - 'AUTH_USER', - ); - - $password_keys = array( - 'PHP_AUTH_PW', - 'REMOTE_PASSWORD', - 'AUTH_PASSWORD', - ); - - $username = null; - foreach ($username_keys as $k) - { - if ($request->is_set($k, \phpbb\request\request_interface::SERVER)) - { - $username = htmlspecialchars_decode($request->server($k)); - break; - } - } - - $password = null; - foreach ($password_keys as $k) - { - if ($request->is_set($k, \phpbb\request\request_interface::SERVER)) - { - $password = htmlspecialchars_decode($request->server($k)); - break; - } - } - - // Decode encoded information (IIS, CGI, FastCGI etc.) - if (!is_null($username) && is_null($password) && strpos($username, 'Basic ') === 0) - { - list($username, $password) = explode(':', base64_decode(substr($username, 6)), 2); - } - - if (!is_null($username) && !is_null($password)) - { - set_var($username, $username, 'string', true); - set_var($password, $password, 'string', true); - - $auth_result = $auth->login($username, $password, $param['autologin'], $param['viewonline'], $param['admin']); - - if ($auth_result['status'] == LOGIN_SUCCESS) - { - return; - } - else if ($auth_result['status'] == LOGIN_ERROR_ATTEMPTS) - { - send_status_line(401, 'Unauthorized'); - - trigger_error('NOT_AUTHORISED'); - } - } - - // Prepend sitename to auth_message - $param['auth_message'] = ($param['auth_message'] === '') ? $config['sitename'] : $config['sitename'] . ' - ' . $param['auth_message']; - - // We should probably filter out non-ASCII characters - RFC2616 - $param['auth_message'] = preg_replace('/[\x80-\xFF]/', '?', $param['auth_message']); - - header('WWW-Authenticate: Basic realm="' . $param['auth_message'] . '"'); - send_status_line(401, 'Unauthorized'); - - trigger_error('NOT_AUTHORISED'); -} /** * Escapes and quotes a string for use as an HTML/XML attribute value. diff --git a/phpBB/includes/functions_compatibility.php b/phpBB/includes/functions_compatibility.php index 7a23ceaf75..4112812dc6 100644 --- a/phpBB/includes/functions_compatibility.php +++ b/phpBB/includes/functions_compatibility.php @@ -517,7 +517,7 @@ function phpbb_pcre_utf8_support() * * @param string $phpbb_root_path Path to the phpbb root directory. * -* @deprecated 3.2.9 (To be removed 4.0.0) +* @deprecated 3.2.10 (To be removed 4.0.0) */ function phpbb_load_extensions_autoloaders($phpbb_root_path) { @@ -556,3 +556,159 @@ function set_var(&$result, $var, $type, $multibyte = false) $type_cast_helper = new \phpbb\request\type_cast_helper(); $type_cast_helper->set_var($result, $var, $type, $multibyte); } + + +/** +* Login using http authenticate. +* +* @param array $param Parameter array, see $param_defaults array. +* +* @return null +* +* @deprecated 3.2.10 (To be removed 4.0.0) +*/ +function phpbb_http_login($param) +{ + global $auth, $user, $request; + global $config; + + $param_defaults = array( + 'auth_message' => '', + + 'autologin' => false, + 'viewonline' => true, + 'admin' => false, + ); + + // Overwrite default values with passed values + $param = array_merge($param_defaults, $param); + + // User is already logged in + // We will not overwrite his session + if (!empty($user->data['is_registered'])) + { + return; + } + + // $_SERVER keys to check + $username_keys = array( + 'PHP_AUTH_USER', + 'Authorization', + 'REMOTE_USER', 'REDIRECT_REMOTE_USER', + 'HTTP_AUTHORIZATION', 'REDIRECT_HTTP_AUTHORIZATION', + 'REMOTE_AUTHORIZATION', 'REDIRECT_REMOTE_AUTHORIZATION', + 'AUTH_USER', + ); + + $password_keys = array( + 'PHP_AUTH_PW', + 'REMOTE_PASSWORD', + 'AUTH_PASSWORD', + ); + + $username = null; + foreach ($username_keys as $k) + { + if ($request->is_set($k, \phpbb\request\request_interface::SERVER)) + { + $username = htmlspecialchars_decode($request->server($k)); + break; + } + } + + $password = null; + foreach ($password_keys as $k) + { + if ($request->is_set($k, \phpbb\request\request_interface::SERVER)) + { + $password = htmlspecialchars_decode($request->server($k)); + break; + } + } + + // Decode encoded information (IIS, CGI, FastCGI etc.) + if (!is_null($username) && is_null($password) && strpos($username, 'Basic ') === 0) + { + list($username, $password) = explode(':', base64_decode(substr($username, 6)), 2); + } + + if (!is_null($username) && !is_null($password)) + { + set_var($username, $username, 'string', true); + set_var($password, $password, 'string', true); + + $auth_result = $auth->login($username, $password, $param['autologin'], $param['viewonline'], $param['admin']); + + if ($auth_result['status'] == LOGIN_SUCCESS) + { + return; + } + else if ($auth_result['status'] == LOGIN_ERROR_ATTEMPTS) + { + send_status_line(401, 'Unauthorized'); + + trigger_error('NOT_AUTHORISED'); + } + } + + // Prepend sitename to auth_message + $param['auth_message'] = ($param['auth_message'] === '') ? $config['sitename'] : $config['sitename'] . ' - ' . $param['auth_message']; + + // We should probably filter out non-ASCII characters - RFC2616 + $param['auth_message'] = preg_replace('/[\x80-\xFF]/', '?', $param['auth_message']); + + header('WWW-Authenticate: Basic realm="' . $param['auth_message'] . '"'); + send_status_line(401, 'Unauthorized'); + + trigger_error('NOT_AUTHORISED'); +} + +/** +* Converts query string (GET) parameters in request into hidden fields. +* +* Useful for forwarding GET parameters when submitting forms with GET method. +* +* It is possible to omit some of the GET parameters, which is useful if +* they are specified in the form being submitted. +* +* sid is always omitted. +* +* @param \phpbb\request\request $request Request object +* @param array $exclude A list of variable names that should not be forwarded +* @return string HTML with hidden fields +* +* @deprecated 3.2.10 (To be removed 4.0.0) +*/ +function phpbb_build_hidden_fields_for_query_params($request, $exclude = null) +{ + $names = $request->variable_names(\phpbb\request\request_interface::GET); + $hidden = ''; + foreach ($names as $name) + { + // Sessions are dealt with elsewhere, omit sid always + if ($name == 'sid') + { + continue; + } + + // Omit any additional parameters requested + if (!empty($exclude) && in_array($name, $exclude)) + { + continue; + } + + $escaped_name = phpbb_quoteattr($name); + + // Note: we might retrieve the variable from POST or cookies + // here. To avoid exposing cookies, skip variables that are + // overwritten somewhere other than GET entirely. + $value = $request->variable($name, '', true); + $get_value = $request->variable($name, '', true, \phpbb\request\request_interface::GET); + if ($value === $get_value) + { + $escaped_value = phpbb_quoteattr($value); + $hidden .= ""; + } + } + return $hidden; +} diff --git a/phpBB/phpbb/php/ini.php b/phpBB/phpbb/php/ini.php index 3a07fec5a8..24a5b5ecec 100644 --- a/phpBB/phpbb/php/ini.php +++ b/phpBB/phpbb/php/ini.php @@ -17,7 +17,7 @@ namespace phpbb\php; * Wrapper class for ini_get function. * * Provides easier handling of the different interpretations of ini values. -* @deprecated 3.2.9 (To be removed 4.0.0) +* @deprecated 3.2.10 (To be removed 4.0.0) */ class ini {