From a7794b765cb16589155a53ebdd4cda1120c565ab Mon Sep 17 00:00:00 2001 From: omniError Date: Sun, 13 Jul 2014 14:01:50 -0500 Subject: [PATCH 1/4] [ticket/12831] Optn to prevent setting HTTP headers https://tracker.phpbb.com/browse/PHPBB3-12831 PHPBB3-12831 --- phpBB/includes/functions.php | 31 ++++++++++++++++++++----------- phpBB/includes/functions_acp.php | 29 ++++++++++++++++++++++++----- 2 files changed, 44 insertions(+), 16 deletions(-) diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 158bf1cbc0..e9f3ce59bd 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -5030,6 +5030,9 @@ function page_header($page_title = '', $display_online_list = false, $item_id = 'SITE_LOGO_IMG' => $user->img('site_logo'), )); + // A listener can set this variable to `false` when it wants to prevent setting of headers + $page_header_set_headers = true; + /** * Execute code and/or overwrite _common_ template variables after they have been assigned. * @@ -5040,23 +5043,29 @@ function page_header($page_title = '', $display_online_list = false, $item_id = * session item, e.g. forum for * session_forum_id * @var int item_id Restrict online users to item id + * @var bool page_header_set_headers Set to false if phpBB should not + * set HTTP headers (since you have + * set them elsewhere). * * @since 3.1.0-b3 */ - $vars = array('page_title', 'display_online_list', 'item_id', 'item'); + $vars = array('page_title', 'display_online_list', 'item_id', 'item', 'page_header_set_headers'); extract($phpbb_dispatcher->trigger_event('core.page_header_after', compact($vars))); - // application/xhtml+xml not used because of IE - header('Content-type: text/html; charset=UTF-8'); - - header('Cache-Control: private, no-cache="set-cookie"'); - header('Expires: 0'); - header('Pragma: no-cache'); - - if (!empty($user->data['is_bot'])) + if ($page_header_set_headers) { - // Let reverse proxies know we detected a bot. - header('X-PHPBB-IS-BOT: yes'); + // application/xhtml+xml not used because of IE + header('Content-type: text/html; charset=UTF-8'); + + header('Cache-Control: private, no-cache="set-cookie"'); + header('Expires: 0'); + header('Pragma: no-cache'); + + if (!empty($user->data['is_bot'])) + { + // Let reverse proxies know we detected a bot. + header('X-PHPBB-IS-BOT: yes'); + } } return; diff --git a/phpBB/includes/functions_acp.php b/phpBB/includes/functions_acp.php index 8453da6e6e..ce020fbdf1 100644 --- a/phpBB/includes/functions_acp.php +++ b/phpBB/includes/functions_acp.php @@ -107,12 +107,31 @@ function adm_page_header($page_title) 'S_CONTENT_FLOW_END' => ($user->lang['DIRECTION'] == 'ltr') ? 'right' : 'left', )); - // application/xhtml+xml not used because of IE - header('Content-type: text/html; charset=UTF-8'); + // A listener can set this variable to `false` when it wants to prevent setting of headers + $adm_page_header_set_headers = true; - header('Cache-Control: private, no-cache="set-cookie"'); - header('Expires: 0'); - header('Pragma: no-cache'); + /** + * Execute code and/or overwrite _common_ template variables after they have been assigned. + * + * @event core.adm_page_header_after + * @var string page_title Page title + * @var bool adm_page_header_set_headers Set to false if phpBB should not + * set HTTP headers (useful for integrators). + * + * @since 3.1.0-RC3 + */ + $vars = array('page_title', 'adm_page_header_set_headers'); + extract($phpbb_dispatcher->trigger_event('core.adm_page_header_after', compact($vars))); + + if ($adm_page_header_set_headers) + { + // application/xhtml+xml not used because of IE + header('Content-type: text/html; charset=UTF-8'); + + header('Cache-Control: private, no-cache="set-cookie"'); + header('Expires: 0'); + header('Pragma: no-cache'); + } return; } From 8989f6f8783a9d53e7b4dd33c4f64997af5824e2 Mon Sep 17 00:00:00 2001 From: omniError Date: Sat, 9 Aug 2014 14:40:18 -0500 Subject: [PATCH 2/4] [ticket/12831] reimplemented headers as array https://tracker.phpbb.com/browse/PHPBB3-12831 PHPBB3-12831 --- phpBB/includes/functions.php | 35 ++++++++++++++++---------------- phpBB/includes/functions_acp.php | 27 +++++++++++++----------- 2 files changed, 33 insertions(+), 29 deletions(-) diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index e9f3ce59bd..2104bd515a 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -5030,8 +5030,19 @@ function page_header($page_title = '', $display_online_list = false, $item_id = 'SITE_LOGO_IMG' => $user->img('site_logo'), )); - // A listener can set this variable to `false` when it wants to prevent setting of headers - $page_header_set_headers = true; + // An array of http headers that phpbb will set. The following event may override these. + $http_headers = array( + // application/xhtml+xml not used because of IE + 'Content-type' => 'text/html; charset=UTF-8', + 'Cache-Control' => 'private, no-cache="set-cookie"', + 'Expires' => '0', + 'Pragma' => 'no-cache', + ); + if (!empty($user->data['is_bot'])) + { + // Let reverse proxies know we detected a bot. + $http_headers['X-PHPBB-IS-BOT'] = 'yes'; + } /** * Execute code and/or overwrite _common_ template variables after they have been assigned. @@ -5043,28 +5054,18 @@ function page_header($page_title = '', $display_online_list = false, $item_id = * session item, e.g. forum for * session_forum_id * @var int item_id Restrict online users to item id - * @var bool page_header_set_headers Set to false if phpBB should not - * set HTTP headers (since you have - * set them elsewhere). + * @var array http_headers HTTP headers that should be set by phpbb * * @since 3.1.0-b3 */ - $vars = array('page_title', 'display_online_list', 'item_id', 'item', 'page_header_set_headers'); + $vars = array('page_title', 'display_online_list', 'item_id', 'item', 'http_headers'); extract($phpbb_dispatcher->trigger_event('core.page_header_after', compact($vars))); - if ($page_header_set_headers) + if (is_array($http_headers)) { - // application/xhtml+xml not used because of IE - header('Content-type: text/html; charset=UTF-8'); - - header('Cache-Control: private, no-cache="set-cookie"'); - header('Expires: 0'); - header('Pragma: no-cache'); - - if (!empty($user->data['is_bot'])) + foreach ($http_headers as $hname => $hval) { - // Let reverse proxies know we detected a bot. - header('X-PHPBB-IS-BOT: yes'); + header((string) $hname.': '.(string) $hval); } } diff --git a/phpBB/includes/functions_acp.php b/phpBB/includes/functions_acp.php index ce020fbdf1..8780f8e1eb 100644 --- a/phpBB/includes/functions_acp.php +++ b/phpBB/includes/functions_acp.php @@ -107,30 +107,33 @@ function adm_page_header($page_title) 'S_CONTENT_FLOW_END' => ($user->lang['DIRECTION'] == 'ltr') ? 'right' : 'left', )); - // A listener can set this variable to `false` when it wants to prevent setting of headers - $adm_page_header_set_headers = true; + // An array of http headers that phpbb will set. The following event may override these. + $http_headers = array( + // application/xhtml+xml not used because of IE + 'Content-type' => 'text/html; charset=UTF-8', + 'Cache-Control' => 'private, no-cache="set-cookie"', + 'Expires' => '0', + 'Pragma' => 'no-cache', + ); /** * Execute code and/or overwrite _common_ template variables after they have been assigned. * * @event core.adm_page_header_after * @var string page_title Page title - * @var bool adm_page_header_set_headers Set to false if phpBB should not - * set HTTP headers (useful for integrators). + * @var array http_headers HTTP headers that should be set by phpbb * * @since 3.1.0-RC3 */ - $vars = array('page_title', 'adm_page_header_set_headers'); + $vars = array('page_title', 'http_headers'); extract($phpbb_dispatcher->trigger_event('core.adm_page_header_after', compact($vars))); - if ($adm_page_header_set_headers) + if (is_array($http_headers)) { - // application/xhtml+xml not used because of IE - header('Content-type: text/html; charset=UTF-8'); - - header('Cache-Control: private, no-cache="set-cookie"'); - header('Expires: 0'); - header('Pragma: no-cache'); + foreach ($http_headers as $hname => $hval) + { + header((string) $hname.': '.(string) $hval); + } } return; From 7e4c3fde01b23f1c9d7d14d31d021b6a3d4a7def Mon Sep 17 00:00:00 2001 From: omniError Date: Sat, 9 Aug 2014 18:48:26 -0500 Subject: [PATCH 3/4] [ticket/12831] simplified code, upd event block https://tracker.phpbb.com/browse/PHPBB3-12831 PHPBB3-12831 --- phpBB/includes/functions.php | 9 +++------ phpBB/includes/functions_acp.php | 9 +++------ 2 files changed, 6 insertions(+), 12 deletions(-) diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 2104bd515a..b6fcb7ef10 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -5054,19 +5054,16 @@ function page_header($page_title = '', $display_online_list = false, $item_id = * session item, e.g. forum for * session_forum_id * @var int item_id Restrict online users to item id - * @var array http_headers HTTP headers that should be set by phpbb + * @var array http_headers HTTP headers that should be set by phpbb * * @since 3.1.0-b3 */ $vars = array('page_title', 'display_online_list', 'item_id', 'item', 'http_headers'); extract($phpbb_dispatcher->trigger_event('core.page_header_after', compact($vars))); - if (is_array($http_headers)) + foreach ($http_headers as $hname => $hval) { - foreach ($http_headers as $hname => $hval) - { - header((string) $hname.': '.(string) $hval); - } + header((string) $hname.': '.(string) $hval); } return; diff --git a/phpBB/includes/functions_acp.php b/phpBB/includes/functions_acp.php index 8780f8e1eb..b40f14fa5c 100644 --- a/phpBB/includes/functions_acp.php +++ b/phpBB/includes/functions_acp.php @@ -121,19 +121,16 @@ function adm_page_header($page_title) * * @event core.adm_page_header_after * @var string page_title Page title - * @var array http_headers HTTP headers that should be set by phpbb + * @var array http_headers HTTP headers that should be set by phpbb * * @since 3.1.0-RC3 */ $vars = array('page_title', 'http_headers'); extract($phpbb_dispatcher->trigger_event('core.adm_page_header_after', compact($vars))); - if (is_array($http_headers)) + foreach ($http_headers as $hname => $hval) { - foreach ($http_headers as $hname => $hval) - { - header((string) $hname.': '.(string) $hval); - } + header((string) $hname.': '.(string) $hval); } return; From 71d39ab7d5bdf28f75b00eb5bf683011973c2c07 Mon Sep 17 00:00:00 2001 From: omniError Date: Sat, 9 Aug 2014 20:24:03 -0500 Subject: [PATCH 4/4] [ticket/12831] fix CS https://tracker.phpbb.com/browse/PHPBB3-12831 PHPBB3-12831 --- phpBB/includes/functions.php | 4 ++-- phpBB/includes/functions_acp.php | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index b6fcb7ef10..ced3b36cbe 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -5054,7 +5054,7 @@ function page_header($page_title = '', $display_online_list = false, $item_id = * session item, e.g. forum for * session_forum_id * @var int item_id Restrict online users to item id - * @var array http_headers HTTP headers that should be set by phpbb + * @var array http_headers HTTP headers that should be set by phpbb * * @since 3.1.0-b3 */ @@ -5063,7 +5063,7 @@ function page_header($page_title = '', $display_online_list = false, $item_id = foreach ($http_headers as $hname => $hval) { - header((string) $hname.': '.(string) $hval); + header((string) $hname . ': ' . (string) $hval); } return; diff --git a/phpBB/includes/functions_acp.php b/phpBB/includes/functions_acp.php index b40f14fa5c..6b2b0000d1 100644 --- a/phpBB/includes/functions_acp.php +++ b/phpBB/includes/functions_acp.php @@ -130,7 +130,7 @@ function adm_page_header($page_title) foreach ($http_headers as $hname => $hval) { - header((string) $hname.': '.(string) $hval); + header((string) $hname . ': ' . (string) $hval); } return;