makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 14:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

- auto sync attachment topic flag [Bug #2949]

Browse source 
- corrected paths for templates stored in the db and filenames displayed in the template editor [Bug #3662]
- removed some useless language strings [Bug #3648]
- corrected escaping of usernames and passwords in auth modules [Bug #3696], added ldap_escape


git-svn-id: file:///svn/phpbb/trunk@6266 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Nils Adermann 2006-08-12 01:58:58 +00:00
parent b5a6291fa5
commit b1ef984526
6 changed files with 32 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
phpBB/includes/acp/acp_styles.php
View file

@ -2355,7 +2355,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
// heck of a lot of data ... // heck of a lot of data ...
$sql_ary = array( $sql_ary = array(
'template_id' => $style_id, 'template_id' => $style_id,
'template_filename' => "$template_path$pathfile$file", 'template_filename' => "$pathfile$file",
'template_included' => (isset($includes[$file])) ? implode(':', $includes[$file]) . ':' : '', 'template_included' => (isset($includes[$file])) ? implode(':', $includes[$file]) . ':' : '',
'template_mtime' => filemtime("{$phpbb_root_path}styles/$template_path$pathfile$file"), 'template_mtime' => filemtime("{$phpbb_root_path}styles/$template_path$pathfile$file"),
'template_data' => file_get_contents("{$phpbb_root_path}styles/$template_path$pathfile$file"), 'template_data' => file_get_contents("{$phpbb_root_path}styles/$template_path$pathfile$file"),

13
phpBB/includes/auth/auth_apache.php
View file

@ -121,6 +121,9 @@ function autologin_apache()
if (!empty($php_auth_user) && !empty($php_auth_pw)) if (!empty($php_auth_user) && !empty($php_auth_pw))
{ {
set_var($php_auth_user, $php_auth_user, 'string');
set_var($php_auth_pw, $php_auth_pw, 'string');
$sql = 'SELECT * $sql = 'SELECT *
FROM ' . USERS_TABLE . " FROM ' . USERS_TABLE . "
WHERE username = '" . $db->sql_escape($php_auth_user) . "'"; WHERE username = '" . $db->sql_escape($php_auth_user) . "'";
@ -190,7 +193,15 @@ function user_row_apache($username, $password)
*/ */
function validate_session_apache(&$user) function validate_session_apache(&$user)
{ {
return (isset($_SERVER['PHP_AUTH_USER']) && ($_SERVER['PHP_AUTH_USER'] === $user['username'])) ? true : false; if (!isset($_SERVER['PHP_AUTH_USER']))
{
return false;
}
$php_auth_user = '';
set_var($php_auth_user, $_SERVER['PHP_AUTH_USER'], 'string');
return ($php_auth_user === $user['username']) ? true : false;
} }
?> ?>

25
phpBB/includes/auth/auth_ldap.php
View file

@ -38,7 +38,7 @@ function init_ldap()
$search = @ldap_search( $search = @ldap_search(
$ldap, $ldap,
$config['ldap_base_dn'], $config['ldap_base_dn'],
'(' . $config['ldap_uid'] . '=' . $user->data['username'] . ')', '(' . $config['ldap_uid'] . '=' . ldap_escape(html_entity_decode($user->data['username'])) . ')',
(empty($config['ldap_email'])) ? array($config['ldap_uid']) : array($config['ldap_uid'], $config['ldap_email']), (empty($config['ldap_email'])) ? array($config['ldap_uid']) : array($config['ldap_uid'], $config['ldap_email']),
0, 0,
1 1
@ -53,19 +53,20 @@ function init_ldap()
@ldap_close($ldap); @ldap_close($ldap);
if (!is_array($result) || sizeof($result) < 2)
{
return sprintf($user->lang['LDAP_NO_IDENTITY'], $user->data['username']);
}
if (!empty($config['ldap_email']) && !isset($result[0][$config['ldap_email']])) if (!empty($config['ldap_email']) && !isset($result[0][$config['ldap_email']]))
{ {
return $user->lang['LDAP_NO_EMAIL']; return $user->lang['LDAP_NO_EMAIL'];
} }
if (is_array($result) && sizeof($result) > 1)
{
return false; return false;
} }
return sprintf($user->lang['LDAP_NO_IDENTITY'], $user->data['username']);
}
/** /**
* Login function * Login function
*/ */
@ -97,7 +98,7 @@ function login_ldap(&$username, &$password)
$search = @ldap_search( $search = @ldap_search(
$ldap, $ldap,
$config['ldap_base_dn'], $config['ldap_base_dn'],
'(' . $config['ldap_uid'] . '=' . $username . ')', '(' . $config['ldap_uid'] . '=' . ldap_escape(html_entity_decode($username)) . ')',
(empty($config['ldap_email'])) ? array($config['ldap_uid']) : array($config['ldap_uid'], $config['ldap_email']), (empty($config['ldap_email'])) ? array($config['ldap_uid']) : array($config['ldap_uid'], $config['ldap_email']),
0, 0,
1 1
@ -107,7 +108,7 @@ function login_ldap(&$username, &$password)
if (is_array($ldap_result) && sizeof($ldap_result) > 1) if (is_array($ldap_result) && sizeof($ldap_result) > 1)
{ {
if (@ldap_bind($ldap, $ldap_result[0]['dn'], $password)) if (@ldap_bind($ldap, $ldap_result[0]['dn'], html_entity_decode($password)))
{ {
@ldap_close($ldap); @ldap_close($ldap);
@ -198,6 +199,14 @@ function login_ldap(&$username, &$password)
); );
} }
/**
* Escapes an LDAP AttributeValue
*/
function ldap_escape($string)
{
return str_replace(array('*', '\\', '(', ')'), array('\\*', '\\\\', '\\(', '\\)'), $string);
}
/** /**
* This function is used to output any required fields in the authentication * This function is used to output any required fields in the authentication
* admin panel. It also defines any required configuration table fields. * admin panel. It also defines any required configuration table fields.

1
phpBB/includes/functions_admin.php
View file

@ -465,6 +465,7 @@ function move_posts($post_ids, $topic_id, $auto_sync = true)
$forum_ids[] = $forum_row['forum_id']; $forum_ids[] = $forum_row['forum_id'];
sync('topic_reported', 'topic_id', $topic_ids); sync('topic_reported', 'topic_id', $topic_ids);
sync('topic_attachment', 'topic_id', $topic_ids);
sync('topic', 'topic_id', $topic_ids, true); sync('topic', 'topic_id', $topic_ids, true);
sync('forum', 'forum_id', $forum_ids, true); sync('forum', 'forum_id', $forum_ids, true);
} }

3
phpBB/language/en/mcp.php
View file

@ -172,9 +172,6 @@ $lang = array_merge($lang, array(
'MCP_QUEUE_UNAPPROVED_TOPICS' => 'Topics awaiting approval', 'MCP_QUEUE_UNAPPROVED_TOPICS' => 'Topics awaiting approval',
'MCP_QUEUE_UNAPPROVED_TOPICS_EXPLAIN' => 'This is a list of all topics which require approving before they will be visible to users', 'MCP_QUEUE_UNAPPROVED_TOPICS_EXPLAIN' => 'This is a list of all topics which require approving before they will be visible to users',
'MCP_VIEW_ALL' => 'View all (%s)',
'MCP_VIEW_LOGS' => 'View logs',
'MCP_VIEW_RECENT' => 'View recent (%s)',
'MCP_VIEW_USER' => 'View warnings for a specific user', 'MCP_VIEW_USER' => 'View warnings for a specific user',
'MCP_WARN' => 'Warnings', 'MCP_WARN' => 'Warnings',

2
phpBB/language/en/ucp.php
View file

@ -409,7 +409,6 @@ $lang = array_merge($lang, array(
'UCP_REGISTER_DISABLE' => 'Creating a new account is currently not possible.', 'UCP_REGISTER_DISABLE' => 'Creating a new account is currently not possible.',
'UCP_REMIND' => 'Send password', 'UCP_REMIND' => 'Send password',
'UCP_RESEND' => 'Send activation email', 'UCP_RESEND' => 'Send activation email',
'UCP_WATCHED' => 'Watched items',
'UCP_WELCOME' => 'Welcome to the User Control Panel. From here you can monitor, view and update your profile, preferences, subscribed forums and topics. You can also send messages to other users (if permitted). Please ensure you read any announcements before continuing.', 'UCP_WELCOME' => 'Welcome to the User Control Panel. From here you can monitor, view and update your profile, preferences, subscribed forums and topics. You can also send messages to other users (if permitted). Please ensure you read any announcements before continuing.',
'UCP_YIM' => 'Yahoo Messenger', 'UCP_YIM' => 'Yahoo Messenger',
'UCP_ZEBRA' => 'Friends and Foes', 'UCP_ZEBRA' => 'Friends and Foes',
@ -486,7 +485,6 @@ $lang = array_merge($lang, array(
'IS_GROUP' => 'is in usergroup', 'IS_GROUP' => 'is in usergroup',
'ANSWERED' => 'answered', 'ANSWERED' => 'answered',
'FORWARDED' => 'forwarded', 'FORWARDED' => 'forwarded',
'REPORTED' => 'reported',
'TO_GROUP' => 'to my default usergroup', 'TO_GROUP' => 'to my default usergroup',
'TO_ME' => 'to me' 'TO_ME' => 'to me'
), ),