makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 06:08:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

- Fix some bugs

Browse source 
- fixed retrieving of permissions if the LIKE statement is used as well as proper supporting (needs testing on mssql)


git-svn-id: file:///svn/phpbb/trunk@6366 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen 2006-09-14 14:57:29 +00:00
parent 665adc1722
commit 79137c312c
11 changed files with 221 additions and 74 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
phpBB/includes/acp/acp_bots.php
View file

@ -143,7 +143,7 @@ class acp_bots
$bot_row['bot_ip'] = str_replace(' ', '', $bot_row['bot_ip']); $bot_row['bot_ip'] = str_replace(' ', '', $bot_row['bot_ip']);
// Make sure the admin is not adding a bot with an user agent similar to his one // Make sure the admin is not adding a bot with an user agent similar to his one
if ($bot_row['bot_agent'] && substr($user->data['session_browser'], 0, 149) === substr($bot_row['bot_agent']) if ($bot_row['bot_agent'] && substr($user->data['session_browser'], 0, 149) === substr($bot_row['bot_agent']))
{ {
$error[] = $user->lang['ERR_BOT_AGENT_MATCHES_UA']; $error[] = $user->lang['ERR_BOT_AGENT_MATCHES_UA'];
} }

8
phpBB/includes/acp/acp_groups.php
View file

@ -68,7 +68,7 @@ class acp_groups
} }
// Approve, demote or promote // Approve, demote or promote
group_user_attributes($action, $group_id, $mark_ary, false, ($group_id) ? $group_row['group_name'] : false); group_user_attributes($action, $group_id, $mark_ary, false, $group_row['group_name']);
switch ($action) switch ($action)
{ {
@ -85,6 +85,8 @@ class acp_groups
break; break;
} }
group_update_listing($group_id);
trigger_error($user->lang[$message] . adm_back_link($this->u_action . '&action=list&g=' . $group_id)); trigger_error($user->lang[$message] . adm_back_link($this->u_action . '&action=list&g=' . $group_id));
break; break;
@ -134,6 +136,8 @@ class acp_groups
group_user_attributes('default', $group_id, $mark_ary, false, $group_row['group_name'], $group_row); group_user_attributes('default', $group_id, $mark_ary, false, $group_row['group_name'], $group_row);
} }
group_update_listing($group_id);
trigger_error($user->lang['GROUP_DEFS_UPDATED'] . adm_back_link($this->u_action . '&action=list&g=' . $group_id)); trigger_error($user->lang['GROUP_DEFS_UPDATED'] . adm_back_link($this->u_action . '&action=list&g=' . $group_id));
} }
else else
@ -217,7 +221,7 @@ class acp_groups
trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&action=list&g=' . $group_id), E_USER_WARNING); trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&action=list&g=' . $group_id), E_USER_WARNING);
} }
$message = ($action == 'addleaders') ? 'GROUP_MODS_ADDED' : 'GROUP_USERS_ADDED'; $message = ($leader) ? 'GROUP_MODS_ADDED' : 'GROUP_USERS_ADDED';
trigger_error($user->lang[$message] . adm_back_link($this->u_action . '&action=list&g=' . $group_id)); trigger_error($user->lang[$message] . adm_back_link($this->u_action . '&action=list&g=' . $group_id));
break; break;

30
phpBB/includes/acp/acp_permissions.php
View file

@ -651,7 +651,7 @@ class acp_permissions
// Remove users who are now moderators or admins from everyones foes list // Remove users who are now moderators or admins from everyones foes list
if ($permission_type == 'm_' || $permission_type == 'a_') if ($permission_type == 'm_' || $permission_type == 'a_')
{ {
$this->update_foes(); update_foes();
} }
$this->log_action($mode, 'add', $permission_type, $ug_type, $ug_id, $forum_id); $this->log_action($mode, 'add', $permission_type, $ug_type, $ug_id, $forum_id);
@ -718,7 +718,7 @@ class acp_permissions
// Remove users who are now moderators or admins from everyones foes list // Remove users who are now moderators or admins from everyones foes list
if ($permission_type == 'm_' || $permission_type == 'a_') if ($permission_type == 'm_' || $permission_type == 'a_')
{ {
$this->update_foes(); update_foes();
} }
$this->log_action($mode, 'add', $permission_type, $ug_type, $ug_ids, $forum_ids); $this->log_action($mode, 'add', $permission_type, $ug_type, $ug_ids, $forum_ids);
@ -847,32 +847,6 @@ class acp_permissions
} }
} }
/**
* Update foes - remove moderators and administrators from foe lists...
*/
function update_foes()
{
global $db, $auth;
$perms = array();
foreach ($auth->acl_get_list(false, array('a_', 'm_'), false) as $forum_id => $forum_ary)
{
foreach ($forum_ary as $auth_option => $user_ary)
{
$perms = array_merge($perms, $user_ary);
}
}
if (sizeof($perms))
{
$sql = 'DELETE FROM ' . ZEBRA_TABLE . '
WHERE ' . $db->sql_in_set('zebra_id', array_unique($perms)) . '
AND foe = 1';
$db->sql_query($sql);
}
unset($perms);
}
/** /**
* Display a complete trace tree for the selected permission to determine where settings are set/unset * Display a complete trace tree for the selected permission to determine where settings are set/unset
*/ */

4
phpBB/includes/acp/auth.php
View file

@ -1009,7 +1009,9 @@ class auth_admin extends auth
// Get permission type // Get permission type
$sql = 'SELECT auth_option, auth_option_id $sql = 'SELECT auth_option, auth_option_id
FROM ' . ACL_OPTIONS_TABLE . " FROM ' . ACL_OPTIONS_TABLE . "
WHERE auth_option LIKE '" . $db->sql_escape($permission_type) . "%'"; WHERE auth_option LIKE '" . $db->sql_escape(str_replace('_', "\_", $permission_type)) . "%'";
$sql .= (SQL_LAYER == 'mssql' || SQL_LAYER == 'mssql_odbc') ? " ESCAPE '\\'" : '';
$result = $db->sql_query($sql); $result = $db->sql_query($sql);
$auth_id_ary = array(); $auth_id_ary = array();

105
phpBB/includes/auth.php
View file

@ -478,18 +478,11 @@ class auth
$sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? "user_id = $user_id" : $db->sql_in_set('user_id', $user_id)) : ''; $sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? "user_id = $user_id" : $db->sql_in_set('user_id', $user_id)) : '';
$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : ''; $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : '';
$sql_opts = ''; $sql_opts = $sql_escape = '';
if ($opts !== false) if ($opts !== false)
{ {
if (!is_array($opts)) $this->build_auth_option_statement('ao.auth_option', $opts, $sql_opts, $sql_escape);
{
$sql_opts = (strpos($opts, '%') !== false) ? "AND ao.auth_option LIKE '" . $db->sql_escape($opts) . "'" : "AND ao.auth_option = '" . $db->sql_escape($opts) . "'";
}
else
{
$sql_opts = 'AND ' . $db->sql_in_set('ao.auth_option', $opts);
}
} }
$hold_ary = array(); $hold_ary = array();
@ -519,7 +512,7 @@ class auth
'ORDER_BY' => 'a.forum_id, ao.auth_option' 'ORDER_BY' => 'a.forum_id, ao.auth_option'
)); ));
$result = $db->sql_query($sql); $result = $db->sql_query($sql . $sql_escape);
while ($row = $db->sql_fetchrow($result)) while ($row = $db->sql_fetchrow($result))
{ {
@ -595,18 +588,11 @@ class auth
$sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? "user_id = $user_id" : $db->sql_in_set('user_id', $user_id)) : ''; $sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? "user_id = $user_id" : $db->sql_in_set('user_id', $user_id)) : '';
$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : ''; $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : '';
$sql_opts = ''; $sql_opts = $sql_escape = '';
if ($opts !== false) if ($opts !== false)
{ {
if (!is_array($opts)) $this->build_auth_option_statement('ao.auth_option', $opts, $sql_opts, $sql_escape);
{
$sql_opts = (strpos($opts, '%') !== false) ? "AND ao.auth_option LIKE '" . $db->sql_escape($opts) . "'" : "AND ao.auth_option = '" . $db->sql_escape($opts) . "'";
}
else
{
$sql_opts = 'AND ' . $db->sql_in_set('ao.auth_option', $opts);
}
} }
$hold_ary = array(); $hold_ary = array();
@ -634,7 +620,7 @@ class auth
'ORDER_BY' => 'a.forum_id, ao.auth_option' 'ORDER_BY' => 'a.forum_id, ao.auth_option'
)); ));
$result = $db->sql_query($sql); $result = $db->sql_query($sql . $sql_escape);
while ($row = $db->sql_fetchrow($result)) while ($row = $db->sql_fetchrow($result))
{ {
@ -656,16 +642,11 @@ class auth
$sql_group = ($group_id !== false) ? ((!is_array($group_id)) ? "group_id = $group_id" : $db->sql_in_set('group_id', $group_id)) : ''; $sql_group = ($group_id !== false) ? ((!is_array($group_id)) ? "group_id = $group_id" : $db->sql_in_set('group_id', $group_id)) : '';
$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : ''; $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : '';
$sql_opts = $sql_escape = '';
if ($opts !== false) if ($opts !== false)
{ {
if (!is_array($opts)) $this->build_auth_option_statement('ao.auth_option', $opts, $sql_opts, $sql_escape);
{
$sql_opts = (strpos($opts, '%') !== false) ? "AND ao.auth_option LIKE '" . $db->sql_escape($opts) . "'" : "AND ao.auth_option = '" . $db->sql_escape($opts) . "'";
}
else
{
$sql_opts = 'AND ' . $db->sql_in_set('ao.auth_option', $opts);
}
} }
$hold_ary = array(); $hold_ary = array();
@ -693,7 +674,7 @@ class auth
'ORDER_BY' => 'a.forum_id, ao.auth_option' 'ORDER_BY' => 'a.forum_id, ao.auth_option'
)); ));
$result = $db->sql_query($sql); $result = $db->sql_query($sql . $sql_escape);
while ($row = $db->sql_fetchrow($result)) while ($row = $db->sql_fetchrow($result))
{ {
@ -781,6 +762,72 @@ class auth
trigger_error('Authentication method not found', E_USER_ERROR); trigger_error('Authentication method not found', E_USER_ERROR);
} }
/**
* Fill auth_option statement for later querying based on the supplied options
*/
function build_auth_option_statement($key, $auth_options, &$sql_opts, &$sql_escape)
{
global $db;
if (!is_array($auth_options))
{
if (strpos($auth_options, '%') !== false)
{
if (strpos($auth_options, '_') !== false)
{
$sql_opts = "AND $key LIKE '" . $db->sql_escape(str_replace('_', "\_", $auth_options)) . "'";
$sql_escape = (SQL_LAYER == 'mssql' || SQL_LAYER == 'mssql_odbc') ? " ESCAPE '\\'" : '';
}
else
{
$sql_opts = "AND $key LIKE '" . $db->sql_escape($auth_options) . "'";
}
}
else
{
$sql_opts = "AND $key = '" . $db->sql_escape($auth_options) . "'";
}
}
else
{
$is_like_expression = $is_underline = false;
foreach ($auth_options as $option)
{
if (strpos($option, '%') !== false)
{
$is_like_expression = true;
}
if (strpos($option, '_') !== false)
{
$is_underline = true;
}
}
if (!$is_like_expression)
{
$sql_opts = 'AND ' . $db->sql_in_set($key, $auth_options);
}
else
{
$sql = array();
foreach ($auth_options as $option)
{
$sql[] = $key . " LIKE '" . $db->sql_escape(str_replace('_', "\_", $option)) . "'";
}
$sql_opts = 'AND (' . implode(' OR ', $sql) . ')';
if ($is_underline)
{
$sql_escape = (SQL_LAYER == 'mssql' || SQL_LAYER == 'mssql_odbc') ? " ESCAPE '\\'" : '';
}
}
}
}
} }
?> ?>

26
phpBB/includes/functions_admin.php
View file

@ -2304,6 +2304,32 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id
return; return;
} }
/**
* Update foes - remove moderators and administrators from foe lists...
*/
function update_foes()
{
global $db, $auth;
$perms = array();
foreach ($auth->acl_get_list(false, array('a_', 'm_'), false) as $forum_id => $forum_ary)
{
foreach ($forum_ary as $auth_option => $user_ary)
{
$perms = array_merge($perms, $user_ary);
}
}
if (sizeof($perms))
{
$sql = 'DELETE FROM ' . ZEBRA_TABLE . '
WHERE ' . $db->sql_in_set('zebra_id', array_unique($perms)) . '
AND foe = 1';
$db->sql_query($sql);
}
unset($perms);
}
/** /**
* Lists warned users * Lists warned users
*/ */

68
phpBB/includes/functions_user.php
View file

@ -1673,6 +1673,8 @@ function group_delete($group_id, $group_name = false)
/** /**
* Add user(s) to group * Add user(s) to group
*
* @return false if no errors occurred, else the user lang string for the relevant error, for example 'NO_USER'
*/ */
function group_user_add($group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $default = false, $leader = 0, $pending = 0, $group_attributes = false) function group_user_add($group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $default = false, $leader = 0, $pending = 0, $group_attributes = false)
{ {
@ -1769,13 +1771,18 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false,
add_log('admin', $log, $group_name, implode(', ', $username_ary)); add_log('admin', $log, $group_name, implode(', ', $username_ary));
return ($leader) ? 'GROUP_LEADERS_ADDED' : 'GROUP_USERS_ADDED'; group_update_listings($group_id);
// Return false - no error
return false;
} }
/** /**
* Remove a user/s from a given group. When we remove users we update their * Remove a user/s from a given group. When we remove users we update their
* default group_id. We do this by examining which "special" groups they belong * default group_id. We do this by examining which "special" groups they belong
* to. The selection is made based on a reasonable priority system * to. The selection is made based on a reasonable priority system
*
* @return false if no errors occurred, else the user lang string for the relevant error, for example 'NO_USER'
*/ */
function group_user_del($group_id, $user_id_ary = false, $username_ary = false, $group_name = false) function group_user_del($group_id, $user_id_ary = false, $username_ary = false, $group_name = false)
{ {
@ -1885,7 +1892,8 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false,
add_log('admin', $log, $group_name, implode(', ', $username_ary)); add_log('admin', $log, $group_name, implode(', ', $username_ary));
return 'GROUP_USERS_REMOVE'; // Return false - no error
return false;
} }
/** /**
@ -2172,4 +2180,60 @@ function group_memberships($group_id_ary = false, $user_id_ary = false, $return_
return $return; return $return;
} }
/**
* Re-cache moderators and foes if group has a_ or m_ permissions
*/
function group_update_listings($group_id)
{
global $auth;
$hold_ary = $auth->acl_group_raw_data($group_id, array('a_', 'm_'));
if (!sizeof($hold_ary))
{
return;
}
$mod_permissions = $admin_permissions = false;
foreach ($hold_ary as $g_id => $forum_ary)
{
foreach ($forum_ary as $forum_id => $auth_ary)
{
foreach ($auth_ary as $auth_option => $setting)
{
if ($mod_permissions && $admin_permissions)
{
break 3;
}
if ($setting != ACL_YES)
{
continue;
}
if ($auth_option == 'm_')
{
$mod_permissions = true;
}
if ($auth_option == 'a_')
{
$admin_permissions = true;
}
}
}
}
if ($mod_permissions)
{
cache_moderators();
}
if ($mod_permissions || $admin_permissions)
{
update_foes();
}
}
?> ?>

2
phpBB/includes/template.php
View file

@ -43,7 +43,7 @@ class template
*/ */
function set_template() function set_template()
{ {
global $phpbb_root_path, $config, $user; global $phpbb_root_path, $user;
if (file_exists($phpbb_root_path . 'styles/' . $user->theme['template_path'] . '/template')) if (file_exists($phpbb_root_path . 'styles/' . $user->theme['template_path'] . '/template'))
{ {

21
phpBB/includes/ucp/ucp_register.php
View file

@ -37,12 +37,21 @@ class ucp_register
if ($change_lang) if ($change_lang)
{ {
$submit = false; $change_lang = basename($change_lang);
$lang = $change_lang;
$user->lang_name = $lang = $change_lang; if (file_exists($phpbb_root_path . 'language/' . $change_lang . '/'))
$user->lang_path = $phpbb_root_path . 'language/' . $lang . '/'; {
$user->lang = array(); $submit = false;
$user->add_lang(array('common', 'ucp'));
$user->lang_name = $lang = $change_lang;
$user->lang_path = $phpbb_root_path . 'language/' . $lang . '/';
$user->lang = array();
$user->add_lang(array('common', 'ucp'));
}
else
{
$change_lang = '';
}
} }
$cp = new custom_profile(); $cp = new custom_profile();

6
phpBB/index.php
View file

@ -83,9 +83,9 @@ $template->assign_vars(array(
'LEGEND' => $legend, 'LEGEND' => $legend,
'BIRTHDAY_LIST' => $birthday_list, 'BIRTHDAY_LIST' => $birthday_list,
'FORUM_IMG' => $user->img('forum_read', 'NO_NEW_POSTS'), 'FORUM_IMG' => $user->img('forum_read', 'NO_NEW_POSTS'),
'FORUM_NEW_IMG' => $user->img('forum_unread', 'NEW_POSTS'), 'FORUM_NEW_IMG' => $user->img('forum_unread', 'NEW_POSTS'),
'FORUM_LOCKED_IMG' => $user->img('forum_read_locked', 'NO_NEW_POSTS_LOCKED'), 'FORUM_LOCKED_IMG' => $user->img('forum_read_locked', 'NO_NEW_POSTS_LOCKED'),
'FORUM_NEW_LOCKED_IMG' => $user->img('forum_unread_locked', 'NO_NEW_POSTS_LOCKED'), 'FORUM_NEW_LOCKED_IMG' => $user->img('forum_unread_locked', 'NO_NEW_POSTS_LOCKED'),
'S_LOGIN_ACTION' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=login'), 'S_LOGIN_ACTION' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=login'),

23
phpBB/styles/subSilver/template/viewtopic_print.html
View file

@ -13,6 +13,10 @@ body {
font-size: 10pt; font-size: 10pt;
} }
img {
border: 0;
}
td { td {
font-family: Verdana,serif; font-family: Verdana,serif;
font-size: 10pt; font-size: 10pt;
@ -85,7 +89,24 @@ hr.sep {
<td><b>{postrow.POST_SUBJECT}</b></td> <td><b>{postrow.POST_SUBJECT}</b></td>
</tr> </tr>
<tr> <tr>
<td colspan="2"><hr class="sep" />{postrow.MESSAGE}</td> <td colspan="2"><hr class="sep" />{postrow.MESSAGE}
<!-- IF postrow.S_HAS_ATTACHMENTS -->
<br clear="all" /><br />
<table class="tablebg" width="100%" cellspacing="1">
<tr>
<td><b class="genmed">{L_ATTACHMENTS}: </b></td>
</tr>
<!-- BEGIN attachment -->
<tr>
<td>{postrow.attachment.DISPLAY_ATTACHMENT}</td>
</tr>
<!-- END attachment -->
</table>
<!-- ENDIF -->
</td>
</tr> </tr>
</table> </table>
<!-- END postrow --> <!-- END postrow -->