makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-29 06:38:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

- fix security issue in download.php

Browse source 
- fixing some phpdocumentor warnings/errors
- adjust pop-before-smtp "auth" (nowadays no one should rely on it)
- add backtrace for smtp email errors if DEBUG_EXTRA is enabled


git-svn-id: file:///svn/phpbb/trunk@6352 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen 2006-09-04 20:35:46 +00:00
parent 8c567e8c68
commit 8ab85ebdb0
6 changed files with 106 additions and 39 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
phpBB/download.php
View file

@ -133,7 +133,7 @@ if ($thumbnail)
{ {
$attachment['physical_filename'] = 'thumb_' . $attachment['physical_filename']; $attachment['physical_filename'] = 'thumb_' . $attachment['physical_filename'];
} }
else if ($display_cat == ATTACHMENT_CATEGORY_NONE) else if ($display_cat == ATTACHMENT_CATEGORY_NONE || $display_cat == ATTACHMENT_CATEGORY_IMAGE)
{ {
// Update download count // Update download count
$sql = 'UPDATE ' . ATTACHMENTS_TABLE . ' $sql = 'UPDATE ' . ATTACHMENTS_TABLE . '
@ -210,9 +210,9 @@ function send_file_to_browser($attachment, $upload_dir, $category)
// lighttpd has core support for it. An apache2 module is available at http://celebnamer.celebworld.ws/stuff/mod_xsendfile/ // lighttpd has core support for it. An apache2 module is available at http://celebnamer.celebworld.ws/stuff/mod_xsendfile/
header('X-Sendfile: ' . $filename); header('X-Sendfile: ' . $filename);
// Send out the Headers // Send out the Headers. Do not set Content-Disposition to inline please, it is a security measure for users using the Internet Explorer.
header('Content-Type: ' . $attachment['mimetype'] . '; name="' . $attachment['real_filename'] . '"'); header('Content-Type: ' . $attachment['mimetype'] . '; name="' . $attachment['real_filename'] . '"');
header('Content-Disposition: inline; filename="' . $attachment['real_filename'] . '"'); header('Content-Disposition: attachment; filename="' . $attachment['real_filename'] . '"');
if ($size) if ($size)
{ {

1
phpBB/includes/captcha/captcha_non_gd.php
View file

@ -11,6 +11,7 @@
/** /**
* Main non-gd captcha class * Main non-gd captcha class
* @ignore
* @package VC * @package VC
*/ */
class captcha class captcha

3
phpBB/includes/functions.php
View file

@ -402,7 +402,7 @@ if (!function_exists('realpath'))
*/ */
function is_absolute($path) function is_absolute($path)
{ {
return ($path[0] == '/' || (substr(PHP_OS, 0, 3) == 'WIN' && preg_match('#^[a-z]:/#i', $path))) ? true : false; return ($path[0] == '/' || (substr(PHP_OS, 0, 3) == 'WIN' && preg_match('#^[a-z]:/#i', $path))) ? true : false;
} }
/** /**
@ -3302,6 +3302,7 @@ function garbage_collection()
} }
/** /**
* @package phpBB3
*/ */
class bitfield class bitfield
{ {

125
phpBB/includes/functions_messenger.php
View file

@ -790,10 +790,13 @@ function smtpmail($addresses, $subject, $message, &$err_msg, $encoding, $headers
$mail_rcpt = $mail_to = $mail_cc = array(); $mail_rcpt = $mail_to = $mail_cc = array();
// Build correct addresses for RCPT TO command and the client side display (TO, CC) // Build correct addresses for RCPT TO command and the client side display (TO, CC)
foreach ($addresses['to'] as $which_ary) if (isset($addresses['to']) && sizeof($addresses['to']))
{ {
$mail_to[] = ($which_ary['name'] != '') ? mail_encode(trim($which_ary['name']), $encoding) . ' <' . trim($which_ary['email']) . '>' : '<' . trim($which_ary['email']) . '>'; foreach ($addresses['to'] as $which_ary)
$mail_rcpt['to'][] = '<' . trim($which_ary['email']) . '>'; {
$mail_to[] = ($which_ary['name'] != '') ? mail_encode(trim($which_ary['name']), $encoding) . ' <' . trim($which_ary['email']) . '>' : '<' . trim($which_ary['email']) . '>';
$mail_rcpt['to'][] = '<' . trim($which_ary['email']) . '>';
}
} }
if (isset($addresses['bcc']) && sizeof($addresses['bcc'])) if (isset($addresses['bcc']) && sizeof($addresses['bcc']))
@ -813,11 +816,13 @@ function smtpmail($addresses, $subject, $message, &$err_msg, $encoding, $headers
} }
} }
$smtp = new smtp_class; $smtp = new smtp_class();
$errno = 0; $errno = 0;
$errstr = ''; $errstr = '';
$smtp->add_backtrace('Connecting to ' . $config['smtp_host'] . ':' . $config['smtp_port']);
// Ok we have error checked as much as we can to this point let's get on it already. // Ok we have error checked as much as we can to this point let's get on it already.
if (!$smtp->socket = @fsockopen($config['smtp_host'], $config['smtp_port'], $errno, $errstr, 20)) if (!$smtp->socket = @fsockopen($config['smtp_host'], $config['smtp_port'], $errno, $errstr, 20))
{ {
@ -828,14 +833,14 @@ function smtpmail($addresses, $subject, $message, &$err_msg, $encoding, $headers
// Wait for reply // Wait for reply
if ($err_msg = $smtp->server_parse('220', __LINE__)) if ($err_msg = $smtp->server_parse('220', __LINE__))
{ {
$smtp->close_session(); $smtp->close_session($err_msg);
return false; return false;
} }
// Let me in. This function handles the complete authentication process // Let me in. This function handles the complete authentication process
if ($err_msg = $smtp->log_into_server($config['smtp_host'], $config['smtp_username'], $config['smtp_password'], $config['smtp_auth_method'])) if ($err_msg = $smtp->log_into_server($config['smtp_host'], $config['smtp_username'], $config['smtp_password'], $config['smtp_auth_method']))
{ {
$smtp->close_session(); $smtp->close_session($err_msg);
return false; return false;
} }
@ -844,7 +849,7 @@ function smtpmail($addresses, $subject, $message, &$err_msg, $encoding, $headers
$smtp->server_send('MAIL FROM:<' . $config['board_email'] . '>'); $smtp->server_send('MAIL FROM:<' . $config['board_email'] . '>');
if ($err_msg = $smtp->server_parse('250', __LINE__)) if ($err_msg = $smtp->server_parse('250', __LINE__))
{ {
$smtp->close_session(); $smtp->close_session($err_msg);
return false; return false;
} }
@ -867,7 +872,7 @@ function smtpmail($addresses, $subject, $message, &$err_msg, $encoding, $headers
// We continue... if users are not resolved we do not care // We continue... if users are not resolved we do not care
if ($smtp->numeric_response_code != 550) if ($smtp->numeric_response_code != 550)
{ {
$smtp->close_session(); $smtp->close_session($err_msg);
return false; return false;
} }
} }
@ -885,7 +890,7 @@ function smtpmail($addresses, $subject, $message, &$err_msg, $encoding, $headers
$user->session_begin(); $user->session_begin();
$err_msg .= '<br /><br />'; $err_msg .= '<br /><br />';
$err_msg .= (isset($user->lang['INVALID_EMAIL_LOG'])) ? sprintf($user->lang['INVALID_EMAIL_LOG'], htmlspecialchars($mail_to_address)) : '<strong>' . htmlspecialchars($mail_to_address) . '</strong> possibly an invalid email address?'; $err_msg .= (isset($user->lang['INVALID_EMAIL_LOG'])) ? sprintf($user->lang['INVALID_EMAIL_LOG'], htmlspecialchars($mail_to_address)) : '<strong>' . htmlspecialchars($mail_to_address) . '</strong> possibly an invalid email address?';
$smtp->close_session(); $smtp->close_session($err_msg);
return false; return false;
} }
@ -895,7 +900,7 @@ function smtpmail($addresses, $subject, $message, &$err_msg, $encoding, $headers
// This is the last response code we look for until the end of the message. // This is the last response code we look for until the end of the message.
if ($err_msg = $smtp->server_parse('354', __LINE__)) if ($err_msg = $smtp->server_parse('354', __LINE__))
{ {
$smtp->close_session(); $smtp->close_session($err_msg);
return false; return false;
} }
@ -922,13 +927,13 @@ function smtpmail($addresses, $subject, $message, &$err_msg, $encoding, $headers
$smtp->server_send('.'); $smtp->server_send('.');
if ($err_msg = $smtp->server_parse('250', __LINE__)) if ($err_msg = $smtp->server_parse('250', __LINE__))
{ {
$smtp->close_session(); $smtp->close_session($err_msg);
return false; return false;
} }
// Now tell the server we are done and close the socket... // Now tell the server we are done and close the socket...
$smtp->server_send('QUIT'); $smtp->server_send('QUIT');
$smtp->close_session(); $smtp->close_session($err_msg);
return true; return true;
} }
@ -947,13 +952,38 @@ class smtp_class
var $commands = array(); var $commands = array();
var $numeric_response_code = 0; var $numeric_response_code = 0;
var $backtrace = false;
var $backtrace_log = array();
function smtp_class()
{
if (defined('DEBUG_EXTRA'))
{
$this->backtrace = true;
$this->backtrace_log = array();
}
}
/**
* Add backtrace message for debugging
*/
function add_backtrace($message)
{
if ($this->backtrace)
{
$this->backtrace_log[] = $message;
}
}
/** /**
* Send command to smtp server * Send command to smtp server
*/ */
function server_send($command) function server_send($command, $private_info = false)
{ {
fputs($this->socket, $command . "\r\n"); fputs($this->socket, $command . "\r\n");
(!$private_info) ? $this->add_backtrace("# $command") : $this->add_backtrace('# Ommitting sensitive Informations');
// We could put additional code here // We could put additional code here
} }
@ -976,6 +1006,8 @@ class smtp_class
} }
$this->responses[] = substr(rtrim($this->server_response), 4); $this->responses[] = substr(rtrim($this->server_response), 4);
$this->numeric_response_code = (int) substr($this->server_response, 0, 3); $this->numeric_response_code = (int) substr($this->server_response, 0, 3);
$this->add_backtrace("LINE: $line <- {$this->server_response}");
} }
if (!(substr($this->server_response, 0, 3) == $response)) if (!(substr($this->server_response, 0, 3) == $response))
@ -990,9 +1022,15 @@ class smtp_class
/** /**
* Close session * Close session
*/ */
function close_session() function close_session(&$err_msg)
{ {
fclose($this->socket); fclose($this->socket);
if ($this->backtrace)
{
$message = '<h1>Backtrace</h1><p>' . implode('<br />', array_map('htmlspecialchars', $this->backtrace_log)) . '</p>';
$err_msg .= $message;
}
} }
/** /**
@ -1008,10 +1046,37 @@ class smtp_class
// If we are authenticating through pop-before-smtp, we // If we are authenticating through pop-before-smtp, we
// have to login ones before we get authenticated // have to login ones before we get authenticated
// NOTE: on some configurations the time between an update of the auth database takes so
// long that the first email send does not work. This is not a biggie on a live board (only
// the install mail will most likely fail) - but on a dynamic ip connection this might produce
// severe problems and is not fixable!
if ($default_auth_method == 'POP-BEFORE-SMTP' && $username && $password) if ($default_auth_method == 'POP-BEFORE-SMTP' && $username && $password)
{ {
global $config;
$errno = 0;
$errstr = '';
$this->server_send("QUIT");
fclose($this->socket);
$result = $this->pop_before_smtp($hostname, $username, $password); $result = $this->pop_before_smtp($hostname, $username, $password);
$username = $password = $default_auth_method = ''; $username = $password = $default_auth_method = '';
// We need to close the previous session, else the server is not
// able to get our ip for matching...
if (!$this->socket = @fsockopen($config['smtp_host'], $config['smtp_port'], $errno, $errstr, 10))
{
$err_msg = (isset($user->lang['NO_CONNECT_TO_SMTP_HOST'])) ? sprintf($user->lang['NO_CONNECT_TO_SMTP_HOST'], $errno, $errstr) : "Could not connect to smtp host : $errno : $errstr";
return $err_msg;
}
// Wait for reply
if ($err_msg = $this->server_parse('220', __LINE__))
{
$this->close_session($err_msg);
return $err_msg;
}
} }
// Try EHLO first // Try EHLO first
@ -1090,32 +1155,26 @@ class smtp_class
{ {
global $user; global $user;
$old_socket = $this->socket; if (!$this->socket = @fsockopen($hostname, 110, $errno, $errstr, 10))
if (!$this->socket = fsockopen($hostname, 110, $errno, $errstr, 20))
{ {
$this->socket = $old_socket;
return (isset($user->lang['NO_CONNECT_TO_SMTP_HOST'])) ? sprintf($user->lang['NO_CONNECT_TO_SMTP_HOST'], $errno, $errstr) : "Could not connect to smtp host : $errno : $errstr"; return (isset($user->lang['NO_CONNECT_TO_SMTP_HOST'])) ? sprintf($user->lang['NO_CONNECT_TO_SMTP_HOST'], $errno, $errstr) : "Could not connect to smtp host : $errno : $errstr";
} }
$this->server_parse('0', __LINE__); $this->server_send("USER $username", true);
if (substr($this->server_response, 0, 3) == '+OK') if ($err_msg = $this->server_parse('+OK', __LINE__))
{ {
fputs($this->socket, "USER $username\r\n"); return $err_msg;
fputs($this->socket, "PASS $password\r\n");
} }
else
$this->server_send("PASS $password", true);
if ($err_msg = $this->server_parse('+OK', __LINE__))
{ {
$this->socket = $old_socket; return $err_msg;
return $this->responses[0];
} }
$this->server_send('QUIT'); $this->server_send('QUIT');
$this->server_parse('0', __LINE__);
fclose($this->socket); fclose($this->socket);
$this->socket = $old_socket;
return false; return false;
} }
@ -1131,7 +1190,7 @@ class smtp_class
} }
$base64_method_plain = base64_encode("\0" . $username . "\0" . $password); $base64_method_plain = base64_encode("\0" . $username . "\0" . $password);
$this->server_send($base64_method_plain); $this->server_send($base64_method_plain, true);
if ($err_msg = $this->server_parse('235', __LINE__)) if ($err_msg = $this->server_parse('235', __LINE__))
{ {
return $err_msg; return $err_msg;
@ -1151,13 +1210,13 @@ class smtp_class
return ($this->numeric_response_code == 503) ? false : $err_msg; return ($this->numeric_response_code == 503) ? false : $err_msg;
} }
$this->server_send(base64_encode($username)); $this->server_send(base64_encode($username), true);
if ($err_msg = $this->server_parse('334', __LINE__)) if ($err_msg = $this->server_parse('334', __LINE__))
{ {
return $err_msg; return $err_msg;
} }
$this->server_send(base64_encode($password)); $this->server_send(base64_encode($password), true);
if ($err_msg = $this->server_parse('235', __LINE__)) if ($err_msg = $this->server_parse('235', __LINE__))
{ {
return $err_msg; return $err_msg;
@ -1183,7 +1242,7 @@ class smtp_class
$base64_method_cram_md5 = base64_encode($username . ' ' . $md5_digest); $base64_method_cram_md5 = base64_encode($username . ' ' . $md5_digest);
$this->server_send($base64_method_cram_md5); $this->server_send($base64_method_cram_md5, true);
if ($err_msg = $this->server_parse('235', __LINE__)) if ($err_msg = $this->server_parse('235', __LINE__))
{ {
return $err_msg; return $err_msg;
@ -1287,7 +1346,7 @@ class smtp_class
} }
$base64_method_digest_md5 = base64_encode($input_string); $base64_method_digest_md5 = base64_encode($input_string);
$this->server_send($base64_method_digest_md5); $this->server_send($base64_method_digest_md5, true);
if ($err_msg = $this->server_parse('334', __LINE__)) if ($err_msg = $this->server_parse('334', __LINE__))
{ {
return $err_msg; return $err_msg;

7
phpBB/includes/functions_user.php
View file

@ -601,9 +601,14 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
FROM ' . USERS_TABLE . ' FROM ' . USERS_TABLE . '
WHERE ' . $db->sql_in_set('LOWER(username)', $sql_usernames); WHERE ' . $db->sql_in_set('LOWER(username)', $sql_usernames);
// Do not allow banning yourself
if (sizeof($founder)) if (sizeof($founder))
{ {
$sql .= ' AND ' . $db->sql_in_set('user_id', array_keys($founder), true); $sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), array($user->data['user_id'])), true);
}
else
{
$sql .= ' AND user_id <> ' . $user->data['user_id'];
} }
$result = $db->sql_query($sql); $result = $db->sql_query($sql);

1
phpBB/includes/utf/utf_normalizer.php
View file

@ -43,6 +43,7 @@ if (function_exists('utf8_normalize'))
* utf_normalizer class for the utfnormal extension * utf_normalizer class for the utfnormal extension
* *
* @ignore * @ignore
* @package phpBB3
*/ */
class utf_normalizer class utf_normalizer
{ {