From 74ae7d03391c4a836364a3e63881f6079837a8e4 Mon Sep 17 00:00:00 2001 From: Vjacheslav Trushkin Date: Thu, 1 Dec 2011 01:46:33 +0200 Subject: [PATCH 1/2] [ticket/10399] Correctly encoding template component urls (3.0) Correctly encoding template component urls PHPBB3-10399 --- phpBB/includes/functions.php | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index c2b099d48a..98a2b3028b 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -4612,11 +4612,11 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0 'S_SEARCH_HIDDEN_FIELDS' => build_hidden_fields($s_search_hidden_fields), - 'T_THEME_PATH' => "{$web_path}styles/" . $user->theme['theme_path'] . '/theme', - 'T_TEMPLATE_PATH' => "{$web_path}styles/" . $user->theme['template_path'] . '/template', - 'T_SUPER_TEMPLATE_PATH' => (isset($user->theme['template_inherit_path']) && $user->theme['template_inherit_path']) ? "{$web_path}styles/" . $user->theme['template_inherit_path'] . '/template' : "{$web_path}styles/" . $user->theme['template_path'] . '/template', - 'T_IMAGESET_PATH' => "{$web_path}styles/" . $user->theme['imageset_path'] . '/imageset', - 'T_IMAGESET_LANG_PATH' => "{$web_path}styles/" . $user->theme['imageset_path'] . '/imageset/' . $user->lang_name, + 'T_THEME_PATH' => "{$web_path}styles/" . rawurlencode($user->theme['theme_path']) . '/theme', + 'T_TEMPLATE_PATH' => "{$web_path}styles/" . rawurlencode($user->theme['template_path']) . '/template', + 'T_SUPER_TEMPLATE_PATH' => (isset($user->theme['template_inherit_path']) && $user->theme['template_inherit_path']) ? "{$web_path}styles/" . rawurlencode($user->theme['template_inherit_path']) . '/template' : "{$web_path}styles/" . rawurlencode($user->theme['template_path']) . '/template', + 'T_IMAGESET_PATH' => "{$web_path}styles/" . rawurlencode($user->theme['imageset_path']) . '/imageset', + 'T_IMAGESET_LANG_PATH' => "{$web_path}styles/" . rawurlencode($user->theme['imageset_path']) . '/imageset/' . $user->lang_name, 'T_IMAGES_PATH' => "{$web_path}images/", 'T_SMILIES_PATH' => "{$web_path}{$config['smilies_path']}/", 'T_AVATAR_PATH' => "{$web_path}{$config['avatar_path']}/", @@ -4624,13 +4624,13 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0 'T_ICONS_PATH' => "{$web_path}{$config['icons_path']}/", 'T_RANKS_PATH' => "{$web_path}{$config['ranks_path']}/", 'T_UPLOAD_PATH' => "{$web_path}{$config['upload_path']}/", - 'T_STYLESHEET_LINK' => (!$user->theme['theme_storedb']) ? "{$web_path}styles/" . $user->theme['theme_path'] . '/theme/stylesheet.css' : append_sid("{$phpbb_root_path}style.$phpEx", 'id=' . $user->theme['style_id'] . '&lang=' . $user->lang_name), + 'T_STYLESHEET_LINK' => (!$user->theme['theme_storedb']) ? "{$web_path}styles/" . rawurlencode($user->theme['theme_path']) . '/theme/stylesheet.css' : append_sid("{$phpbb_root_path}style.$phpEx", 'id=' . $user->theme['style_id'] . '&lang=' . $user->lang_name), 'T_STYLESHEET_NAME' => $user->theme['theme_name'], - 'T_THEME_NAME' => $user->theme['theme_path'], - 'T_TEMPLATE_NAME' => $user->theme['template_path'], - 'T_SUPER_TEMPLATE_NAME' => (isset($user->theme['template_inherit_path']) && $user->theme['template_inherit_path']) ? $user->theme['template_inherit_path'] : $user->theme['template_path'], - 'T_IMAGESET_NAME' => $user->theme['imageset_path'], + 'T_THEME_NAME' => rawurlencode($user->theme['theme_path']), + 'T_TEMPLATE_NAME' => rawurlencode($user->theme['template_path']), + 'T_SUPER_TEMPLATE_NAME' => rawurlencode((isset($user->theme['template_inherit_path']) && $user->theme['template_inherit_path']) ? $user->theme['template_inherit_path'] : $user->theme['template_path']), + 'T_IMAGESET_NAME' => rawurlencode($user->theme['imageset_path']), 'T_IMAGESET_LANG_NAME' => $user->data['user_lang'], 'T_IMAGES' => 'images', 'T_SMILIES' => $config['smilies_path'], From 1842323ca9a59b8cc34c1af43db6d703cf996d33 Mon Sep 17 00:00:00 2001 From: Vjacheslav Trushkin Date: Sun, 4 Dec 2011 11:43:55 +0200 Subject: [PATCH 2/2] [ticket/10399] Correctly encoding template component urls (3.0) Changes in style.php PHPBB3-10399 --- phpBB/style.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/phpBB/style.php b/phpBB/style.php index 916aa8ce5c..f1b41c6a85 100644 --- a/phpBB/style.php +++ b/phpBB/style.php @@ -216,10 +216,10 @@ if ($id) // Parse Theme Data $replace = array( - '{T_THEME_PATH}' => "{$phpbb_root_path}styles/" . $theme['theme_path'] . '/theme', - '{T_TEMPLATE_PATH}' => "{$phpbb_root_path}styles/" . $theme['template_path'] . '/template', - '{T_IMAGESET_PATH}' => "{$phpbb_root_path}styles/" . $theme['imageset_path'] . '/imageset', - '{T_IMAGESET_LANG_PATH}' => "{$phpbb_root_path}styles/" . $theme['imageset_path'] . '/imageset/' . $user_image_lang, + '{T_THEME_PATH}' => "{$phpbb_root_path}styles/" . rawurlencode($theme['theme_path']) . '/theme', + '{T_TEMPLATE_PATH}' => "{$phpbb_root_path}styles/" . rawurlencode($theme['template_path']) . '/template', + '{T_IMAGESET_PATH}' => "{$phpbb_root_path}styles/" . rawurlencode($theme['imageset_path']) . '/imageset', + '{T_IMAGESET_LANG_PATH}' => "{$phpbb_root_path}styles/" . rawurlencode($theme['imageset_path']) . '/imageset/' . $user_image_lang, '{T_STYLESHEET_NAME}' => $theme['theme_name'], '{S_USER_LANG}' => $user['user_lang'] ); @@ -248,7 +248,7 @@ if ($id) $img_data = &$img_array[$img]; $imgsrc = ($img_data['image_lang'] ? $img_data['image_lang'] . '/' : '') . $img_data['image_filename']; $imgs[$img] = array( - 'src' => $phpbb_root_path . 'styles/' . $theme['imageset_path'] . '/imageset/' . $imgsrc, + 'src' => $phpbb_root_path . 'styles/' . rawurlencode($theme['imageset_path']) . '/imageset/' . $imgsrc, 'width' => $img_data['image_width'], 'height' => $img_data['image_height'], );