makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-27 21:58:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

- fix htmlspecialchars handling in search (search backends get specialchared input, and should return specialchared output), current backends strip entities anyway [includes Bug #8156]

Browse source 
- allow cancelling search index creation/removal
- custom CSS class name input too short [Bug #8328]
- give an error message if a password wasn't convertable (special characters in non-standard encoding)
- moved still_on_time to functions.php, used by acp_search and converter, might be useful for MODs (or complex cron scripts)
- do not allow empty passwords on login
- add sids to local URLs in posts (this was a really terrible bug to fix ;-)) [Bug #7892]
- ignore invalid HTTP_X_FORWARDED_FOR headers (just use REMOTE_ADDR if invalid) [Bug #8314]
- changed forum listing code on search page and acp_attachments [Bug #6658]
- search indexing uses still_on_time(), smaller batch size (1000) and meta_refresh() instead of redirect(), this should solve a few problems [Bugs #8034, #8270]
- made password requirement language strings clearer
- ALPHA is not meant to be alphanumric [Bug #7764]
- display bug in firefox on linux making the pagination wrap on search results page (caused by  )


git-svn-id: file:///svn/phpbb/trunk@7076 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Nils Adermann 2007-02-25 22:09:53 +00:00
parent 424a520d0e
commit b66e0fcd34
16 changed files with 281 additions and 195 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
phpBB/adm/style/acp_search.html
View file

@ -80,14 +80,20 @@
<h1>{L_ACP_SEARCH_INDEX}</h1>
<p>{L_ACP_SEARCH_INDEX_EXPLAIN}</p>
<!-- IF S_CONTINUE_INDEXING -->
<a href="{U_CONTINUE_INDEXING}" onclick="popup_progress_bar('{S_CONTINUE_INDEXING}');">{L_CONTINUE}</a>
<p>{L_CONTINUE_EXPLAIN}</p>
<form id="acp_search_continue" method="post" action="{U_CONTINUE_INDEXING}">
<fieldset class="submit-buttons">
<legend>{L_SUBMIT}</legend>
<input class="button1" type="submit" id="continue" name="continue" value="{L_CONTINUE}" onclick="popup_progress_bar('{S_CONTINUE_INDEXING}');" />&nbsp;
<input class="button2" type="submit" id="cancel" name="cancel" value="{L_CANCEL}" />
</fieldset>
</form>
<!-- ELSE -->
<p>{L_ACP_SEARCH_INDEX_EXPLAIN}</p>
<!-- BEGIN backend -->
<!-- IF backend.S_STATS -->

2
phpBB/adm/style/acp_styles.html
View file

@ -367,7 +367,7 @@
<legend>{L_CUSTOM_CLASS}</legend>
<dl>
<dt><label for="custom_class">{L_CSS_CLASS_NAME}:</label></dt>
<dd><input id="custom_class" name="custom_class" type="text" value="" maxlength="40" size="40" /></dd>
<dd><input id="custom_class" name="custom_class" type="text" value="" maxlength="200" size="40" /></dd>
</dl>
<p class="quick">

8
phpBB/includes/acp/acp_attachments.php
View file

@ -766,6 +766,8 @@ class acp_attachments
if ($row['left_id'] > $cat_right)
{
// make sure we don't forget anything
$s_forum_id_options .= $holding;
$holding = '';
}
@ -781,6 +783,12 @@ class acp_attachments
$holding = '';
}
}
if ($holding)
{
$s_forum_id_options .= $holding;
}
$db->sql_freeresult($result);
unset($padding_store);

60
phpBB/includes/acp/acp_search.php
View file

@ -8,6 +8,16 @@
*
*/
/**
* @ignore
*/
if (!defined('IN_PHPBB'))
{
exit;
}
// make sure, a start time is saved
still_on_time();
/**
* @package acp
*/
@ -17,7 +27,7 @@ class acp_search
var $state;
var $search;
var $max_post_id;
var $batch_size = 5000;
var $batch_size = 1000;
function main($id, $mode)
{
@ -210,6 +220,13 @@ class acp_search
}
$this->state = explode(',', $config['search_indexing_state']);
if (isset($_POST['cancel']))
{
$action = '';
$this->state = array();
$this->save_state();
}
if ($action)
{
switch ($action)
@ -246,16 +263,15 @@ class acp_search
$action = &$this->state[1];
@set_time_limit(0);
$this->max_post_id = $this->get_max_post_id();
$post_counter = (isset($this->state[2])) ? $this->state[2] : 0;
$this->state[2] = &$post_counter;
$this->save_state();
if ($action == 'delete')
switch ($action)
{
case 'delete':
if (method_exists($this->search, 'delete_index'))
{
// pass a reference to myself so the $search object can make use of save_state() and attributes
@ -267,6 +283,8 @@ class acp_search
}
}
else
{
while (still_on_time() && $post_counter <= $this->max_post_id)
{
$sql = 'SELECT post_id, poster_id, forum_id
FROM ' . POSTS_TABLE . '
@ -274,7 +292,7 @@ class acp_search
AND post_id < ' . (int) ($post_counter + $this->batch_size);
$result = $db->sql_query($sql);
$ids = $posters = array();
$ids = $posters = $forum_ids = array();
while ($row = $db->sql_fetchrow($result))
{
$ids[] = $row['post_id'];
@ -292,10 +310,12 @@ class acp_search
// save the current state
$this->save_state();
}
if ($post_counter <= $this->max_post_id)
{
redirect($this->u_action . '&amp;action=delete');
meta_refresh(1, $this->u_action . '&amp;action=delete&amp;skip_rows=' . $post_counter);
trigger_error(sprintf($user->lang['SEARCH_INDEX_DELETE_REDIRECT'], $post_counter));
}
}
@ -305,12 +325,12 @@ class acp_search
$this->save_state();
trigger_error($user->lang['SEARCH_INDEX_REMOVED'] . adm_back_link($this->u_action) . $this->close_popup_js());
}
else
{
break;
case 'create':
if (method_exists($this->search, 'create_index'))
{
// pass a reference to myself so the $search object can make use of save_state() and attributes
// pass a reference to acp_search so the $search object can make use of save_state() and attributes
if ($error = $this->search->create_index($this, append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&mode=$mode&action=create", false)))
{
$this->state = array('');
@ -330,6 +350,8 @@ class acp_search
}
$db->sql_freeresult($result);
while (still_on_time() && $post_counter <= $this->max_post_id)
{
$sql = 'SELECT post_id, post_subject, post_text, poster_id, forum_id
FROM ' . POSTS_TABLE . '
WHERE post_id >= ' . (int) ($post_counter + 1) . '
@ -351,10 +373,12 @@ class acp_search
// save the current state
$this->save_state();
}
if ($post_counter <= $this->max_post_id)
{
redirect($this->u_action . '&amp;action=create');
meta_refresh(1, $this->u_action . '&amp;action=create&amp;skip_rows=' . $post_counter);
trigger_error(sprintf($user->lang['SEARCH_INDEX_CREATE_REDIRECT'], $post_counter));
}
}
@ -364,6 +388,7 @@ class acp_search
$this->save_state();
trigger_error($user->lang['SEARCH_INDEX_CREATED'] . adm_back_link($this->u_action) . $this->close_popup_js());
break;
}
}
@ -469,14 +494,11 @@ class acp_search
function close_popup_js()
{
/**
* @todo remove Javascript
*/
return '<script type="text/javascript">
<!--
close_waitscreen = 1;
//-->
</script>';
return "<script type=\"text/javascript\">\n" .
"<!--\n" .
" close_waitscreen = 1;\n" .
"//-->\n" .
"</script>\n";
}
function get_search_types()

29
phpBB/includes/auth/auth_db.php
View file

@ -103,9 +103,18 @@ function login_db(&$username, &$password)
$password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format;
$password_new_format = '';
set_var($password_new_format, $password_old_format, 'string');
set_var($password_new_format, stripslashes($password_old_format), 'string');
if ($password == $password_new_format && md5($password_old_format) == $row['user_password'])
if ($password == $password_new_format)
{
if (!function_exists('utf8_to_cp1252'))
{
global $phpbb_root_path, $phpEx;
include($phpbb_root_path . 'includes/utf/data/recode_basic.' . $phpEx);
}
// cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding
if (md5($password_old_format) == $row['user_password'] || utf8_to_cp1252(md5($password_old_format)) == $row['user_password'])
{
// Update the password in the users table to the new format and remove user_pass_convert flag
$sql = 'UPDATE ' . USERS_TABLE . '
@ -117,6 +126,22 @@ function login_db(&$username, &$password)
$row['user_pass_convert'] = 0;
$row['user_password'] = md5($password_new_format);
}
else if (preg_match('/[\x80-\xFF]/', $password_old_format))
{
// Although we weren't able to convert this password we have to
// increase login attempt count to make sure this cannot be exploited
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_login_attempts = user_login_attempts + 1
WHERE user_id = ' . $row['user_id'];
$db->sql_query($sql);
return array(
'status' => LOGIN_ERROR_PASSWORD_CONVERT,
'error_msg' => 'LOGIN_ERROR_PASSWORD_CONVERT',
'user_row' => $row,
);
}
}
}
// Check password ...

1
phpBB/includes/constants.php
View file

@ -48,6 +48,7 @@ define('LOGIN_ERROR_PASSWORD', 11);
define('LOGIN_ERROR_ACTIVE', 12);
define('LOGIN_ERROR_ATTEMPTS', 13);
define('LOGIN_ERROR_EXTERNAL_AUTH', 14);
define('LOGIN_ERROR_PASSWORD_CONVERT', 15);
// Group settings
define('GROUP_OPEN', 0);

61
phpBB/includes/functions.php
View file

@ -174,6 +174,41 @@ function unique_id($extra = 'c')
return substr($val, 4, 16);
}
/**
* Determine whether we are approaching the maximum execution time. Should be called once
* at the beginning of the script in which it's used.
* @return bool Either true if the maximum execution time is nearly reached, or false
* if some time is still left.
*/
function still_on_time()
{
static $max_execution_time, $start_time;
$time = explode(' ', microtime());
$current_time = $time[0] + $time[1];
if (empty($max_execution_time))
{
$max_execution_time = (function_exists('ini_get')) ? (int) ini_get('max_execution_time') : (int) get_cfg_var('max_execution_time');
// If zero, then set to something higher to not let the user catch the ten seconds barrier.
if ($max_execution_time === 0)
{
$max_execution_time = 65;
}
$max_execution_time = min(max(10, ($max_execution_time - 15)), 50);
// For debugging purposes
// $max_execution_time = 10;
global $starttime;
$start_time = (empty($starttime)) ? $current_time : $starttime;
}
return (ceil($current_time - $start_time) < $max_execution_time) ? true : false;
}
/**
* Generate sort selection fields
*/
@ -1868,6 +1903,12 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
trigger_error('NO_AUTH_ADMIN_USER_DIFFER');
}
// do not allow empty password
if (!$password)
{
trigger_error('NO_PASSWORD_SUPPLIED');
}
// If authentication is successful we redirect user to previous page
$result = $auth->login($username, $password, $autologin, $viewonline, $admin);
@ -1955,6 +1996,16 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
break;
case LOGIN_ERROR_PASSWORD_CONVERT:
$err = sprintf(
$user->lang[$result['error_msg']],
($config['email_enable']) ? '<a href="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=sendpassword') . '">' : '',
($config['email_enable']) ? '</a>' : '',
($config['board_contact']) ? '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">' : '',
($config['board_contact']) ? '</a>' : ''
);
break;
// Username, password, etc...
default:
$err = $user->lang[$result['error_msg']];
@ -1964,6 +2015,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
{
$err = (!$config['board_contact']) ? sprintf($user->lang[$result['error_msg']], '', '') : sprintf($user->lang[$result['error_msg']], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>');
}
break;
}
}
@ -2254,7 +2306,7 @@ function decode_message(&$message, $bbcode_uid = '')
$message = str_replace($match, $replace, $message);
$match = get_preg_expression('bbcode_htm');
$replace = array('\1', '\2', '\1', '', '');
$replace = array('\1', '\1', '\2', '\1', '', '');
$message = preg_replace($match, $replace, $message);
}
@ -2272,7 +2324,7 @@ function strip_bbcode(&$text, $uid = '')
$text = preg_replace("#\[\/?[a-z0-9\*\+\-]+(?:=.*?)?(?::[a-z])?(\:?$uid)\]#", ' ', $text);
$match = get_preg_expression('bbcode_htm');
$replace = array('\1', '\2', '\1', '', '');
$replace = array('\1', '\1', '\2', '\1', '', '');
$text = preg_replace($match, $replace, $text);
}
@ -2399,7 +2451,7 @@ function make_clickable($text, $server_url = false)
// relative urls for this board
$magic_url_match[] = '#(^|[\n\t (])(' . preg_quote($server_url, '#') . ')/(' . get_preg_expression('relative_url_inline') . ')#ie';
$magic_url_replace[] = "'\$1<!-- l --><a href=\"\$2/' . preg_replace('/(&amp;|\?)sid=[0-9a-f]{32}/', '\\\\1', '\$3') . '\">' . ((strlen('\$3')) ? preg_replace('/(&amp;|\?)sid=[0-9a-f]{32}/', '\\\\1', '\$3') : '\$2/') . '</a><!-- l -->'";
$magic_url_replace[] = "'\$1<!-- l --><a href=\"' . append_sid('\$2/' . preg_replace('/(&amp;|\?)sid=[0-9a-f]{32}$/', '', preg_replace('/(&amp;|\?)sid=[0-9a-f]{32}&amp;/', '\\\\1', '\$3'))) . '\">' . ((strlen('\$3')) ? preg_replace('/(&amp;|\?)sid=[0-9a-f]{32}$/', '', preg_replace('/(&amp;|\?)sid=[0-9a-f]{32}&amp;/', '\\\\1', '\$3')) : '\$2/') . '</a><!-- l -->'";
// matches a xxxx://aaaaa.bbb.cccc. ...
$magic_url_match[] = '#(^|[\n\t (])(' . get_preg_expression('url_inline') . ')#ie';
@ -3027,7 +3079,8 @@ function get_preg_expression($mode)
case 'bbcode_htm':
return array(
'#<!\-\- e \-\-><a href="mailto:(.*?)">.*?</a><!\-\- e \-\->#',
'#<!\-\- ([lmw]) \-\-><a href="(.*?)">.*?</a><!\-\- \1 \-\->#',
'#<!\-\- l \-\-><a href="(.*?)(?:(&amp;|\?)sid=[0-9a-f]{32})?">.*?</a><!\-\- l \-\->#',
'#<!\-\- ([mw]) \-\-><a href="(.*?)">.*?</a><!\-\- \1 \-\->#',
'#<!\-\- s(.*?) \-\-><img src="\{SMILIES_PATH\}\/.*? \/><!\-\- s\1 \-\->#',
'#<!\-\- .*? \-\->#s',
'#<.*?>#s',

32
phpBB/includes/functions_convert.php
View file

@ -17,38 +17,6 @@ define('DEFAULT_AVATAR_Y', 80);
// Global functions - all functions can be used by convertors
/**
* Determine whether we are approaching the maximum execution time
*/
function still_on_time()
{
static $max_execution_time, $start_time;
$time = explode(' ', microtime());
$current_time = $time[0] + $time[1];
if (empty($max_execution_time))
{
$max_execution_time = (function_exists('ini_get')) ? (int) ini_get('max_execution_time') : (int) get_cfg_var('max_execution_time');
// If zero, then set to something higher to not let the user catch the ten seconds barrier.
if ($max_execution_time === 0)
{
$max_execution_time = 65;
}
$max_execution_time = min(max(10, ($max_execution_time - 15)), 50);
// For debugging purposes
// $max_execution_time = 10;
global $starttime;
$start_time = (empty($starttime)) ? $current_time : $starttime;
}
return (ceil($current_time - $start_time) < $max_execution_time) ? true : false;
}
// SIMPLE FUNCTIONS
/**

8
phpBB/includes/message_parser.php
View file

@ -366,9 +366,9 @@ class bbcode_firstpass extends bbcode
// Additionally, magic url parsing should go after parsing bbcodes, but for safety those are stripped out too...
$htm_match = get_preg_expression('bbcode_htm');
// $htm_match[3] = '/&#([0-9]+);/';
unset($htm_match[3], $htm_match[4]);
unset($htm_match[4], $htm_match[5]);
$htm_replace = array('\1', '\2', '\1'); //, '&amp;#\1;');
$htm_replace = array('\1', '\1', '\2', '\1'); //, '&amp;#\1;');
$out = '';
@ -848,7 +848,9 @@ class bbcode_firstpass extends bbcode
// Is this a link to somewhere inside this board? If so then remove the session id from the url
if (strpos($url, generate_board_url()) !== false && strpos($url, 'sid=') !== false)
{
$url = preg_replace('/(&amp;|\?)sid=[0-9a-f]{32}/', '\1', $url);
$url = preg_replace('/(&amp;|\?)sid=[0-9a-f]{32}&amp;/', '\1', $url);
$url = preg_replace('/(&amp;|\?)sid=[0-9a-f]{32}$/', '', $url);
$url = append_sid($url);
}
return ($var1) ? '[url=' . $this->bbcode_specialchars($url) . ':' . $this->bbcode_uid . ']' . $var2 . '[/url:' . $this->bbcode_uid . ']' : '[url:' . $this->bbcode_uid . ']' . $this->bbcode_specialchars($url) . '[/url:' . $this->bbcode_uid . ']';

11
phpBB/includes/session.php
View file

@ -168,14 +168,9 @@ class session
// check IPv4 first, the IPv6 is hopefully only going to be used very seldomly
if (!empty($ip) && !preg_match($ipv4, $ip) && !preg_match($ipv6, $ip))
{
if (!defined('DEBUG_EXTRA'))
{
trigger_error('Hacking attempt!');
}
else
{
trigger_error('Invalid HTTP_X_FORWARDED_FOR header detected: ' . htmlspecialchars($this->forwarded_for));
}
// contains invalid data, don't use the forwarded for header
$this->forwarded_for = '';
break;
}
}
}

4
phpBB/language/en/acp/board.php
View file

@ -203,8 +203,8 @@ $lang = array_merge($lang, array(
'PASSWORD_LENGTH_EXPLAIN' => 'Minimum and maximum number of characters in passwords.',
'REG_LIMIT' => 'Registration attempts',
'REG_LIMIT_EXPLAIN' => 'Number of attempts users can make at the confirmation code before being locked out that session.',
'USERNAME_ALPHA_ONLY' => 'Alphanumeric only',
'USERNAME_ALPHA_SPACERS' => 'Alphanumeric and spacers',
'USERNAME_ALPHA_ONLY' => 'Letters only',
'USERNAME_ALPHA_SPACERS' => 'Letters and spacers',
'USERNAME_ASCII' => 'ASCII (no international unicode)',
'USERNAME_LETTER_NUM' => 'Any letter and number',
'USERNAME_LETTER_NUM_SPACERS' => 'Any letter, number, and spacer',

8
phpBB/language/en/acp/search.php
View file

@ -37,10 +37,10 @@ $lang = array_merge($lang, array(
'COMMON_WORD_THRESHOLD' => 'Common word threshold',
'COMMON_WORD_THRESHOLD_EXPLAIN' => 'Words which are contained in a greater percentage of all posts will be regarded as common. Common words are ignored in search queries. Set to zero to disable. Only takes effect if there are more than 100 posts.',
'CONFIRM_SEARCH_BACKEND' => 'Are you sure you wish to switch to a different search backend? After changing the search backend you will have to create an index for the new search backend. If you dont plan on switching back to the old search backend you can also delete the old backends index in order to free system resources.',
'CONTINUE_DELETING_INDEX' => 'Continue previous index deleting process',
'CONTINUE_DELETING_INDEX_EXPLAIN' => 'An index deleting process has been started. In order to access the search index page again you need to complete it first.',
'CONTINUE_DELETING_INDEX' => 'Continue previous index removal process',
'CONTINUE_DELETING_INDEX_EXPLAIN' => 'An index removal process has been started. In order to access the search index page you will have to complete it or cancel it.',
'CONTINUE_INDEXING' => 'Continue previous indexing process',
'CONTINUE_INDEXING_EXPLAIN' => 'An indexing process has been started. In order to access the search index page again you need to complete it first.',
'CONTINUE_INDEXING_EXPLAIN' => 'An indexing process has been started. In order to access the search index page you will have to complete it or cancel it.',
'CREATE_INDEX' => 'Create index',
'DELETE_INDEX' => 'Delete index',
@ -76,6 +76,8 @@ $lang = array_merge($lang, array(
'SEARCH_GUEST_INTERVAL' => 'Guest search flood interval',
'SEARCH_GUEST_INTERVAL_EXPLAIN' => 'Number of seconds guests must wait between searches. If one guest searches all others have to wait until the time interval passed.',
'SEARCH_INDEX_CREATE_REDIRECT' => 'All posts up to post id %d have been indexed.<br />Indexing in progress ...',
'SEARCH_INDEX_DELETE_REDIRECT' => 'All posts up to post id %d have been removed from the search index.<br /> Deleting in progress ...',
'SEARCH_INDEX_CREATED' => 'Successfully indexed all posts in the board database.',
'SEARCH_INDEX_REMOVED' => 'Successfully deleted the search index for this backend.',
'SEARCH_INTERVAL' => 'User search flood interval',

1
phpBB/language/en/common.php
View file

@ -276,6 +276,7 @@ $lang = array_merge($lang, array(
'LOGIN_ERROR_ATTEMPTS' => 'You exceeded the maximum allowed number of login attempts. In addition to your username and password you now also have to enter the confirm code from the image you see below.',
'LOGIN_ERROR_EXTERNAL_AUTH_APACHE' => 'You have not been authenticated by Apache.',
'LOGIN_ERROR_PASSWORD' => 'You have specified an incorrect password. Please check your password and try again. If you continue to have problems please contact the %sBoard Administrator%s.',
'LOGIN_ERROR_PASSWORD_CONVERT' => 'It was not possible to convert your password when updating this bulletin boards software. Please %srequest a new password%s. If you continue to have problems please contact the %sBoard Administrator%s.',
'LOGIN_ERROR_USERNAME' => 'You have specified an incorrect username. Please check your username and try again. If you continue to have problems please contact the %sBoard Administrator%s.',
'LOGIN_FORUM' => 'To view or post in this forum you must enter its password.',
'LOGIN_INFO' => 'In order to login you must be registered. Registering takes only a few seconds but gives you increased capabilities. The board administrator may also grant additional permissions to registered users. Before you login please ensure you are familiar with our terms of use and related policies. Please ensure you read any forum rules as you navigate around the board.',

5
phpBB/language/en/ucp.php
View file

@ -293,6 +293,7 @@ $lang = array_merge($lang, array(
'NO_NEW_FOLDER_NAME' => 'You have to specify a new folder name',
'NO_NEWER_PM' => 'No newer messages',
'NO_OLDER_PM' => 'No older messages',
'NO_PASSWORD_SUPPLIED' => 'You cannot login without a password.',
'NO_RECIPIENT' => 'No recipient defined',
'NO_RULES_DEFINED' => 'No rules defined',
'NO_SAVED_DRAFTS' => 'No drafts saved',
@ -300,10 +301,10 @@ $lang = array_merge($lang, array(
'NO_WATCHED_FORUMS' => 'You are not watching any forums.',
'NO_WATCHED_TOPICS' => 'You are not watching any topics.',
'PASS_TYPE_ALPHA_EXPLAIN' => 'Password must be between %1$d and %2$d chars long and must contain alphanumerics',
'PASS_TYPE_ALPHA_EXPLAIN' => 'Password must be between %1$d and %2$d chars long, must be mixed case and must contain numbers',
'PASS_TYPE_ANY_EXPLAIN' => 'Must be between %1$d and %2$d characters.',
'PASS_TYPE_CASE_EXPLAIN' => 'Password must be between %1$d and %2$d chars long and must be mixed case',
'PASS_TYPE_SYMBOL_EXPLAIN' => 'Password must be between %1$d and %2$d chars long and must contain symbols',
'PASS_TYPE_SYMBOL_EXPLAIN' => 'Password must be between %1$d and %2$d chars long, must be mixed case, must contain numbers and must contain symbols',
'PASSWORD' => 'Password',
'PASSWORD_ACTIVATED' => 'Your new password has been activated',
'PASSWORD_UPDATED' => 'Your password has been sent successfully to your original email address.',

14
phpBB/search.php
View file

@ -234,7 +234,7 @@ if ($keywords || $author || $author_id || $search_id || $submit)
$correct_query = $search->split_keywords($keywords, $search_terms);
if (!$correct_query || (empty($search->search_query) && !sizeof($author_id_ary) && !$search_id))
{
$ignored = (sizeof($search->common_words)) ? sprintf($user->lang['IGNORED_TERMS_EXPLAIN'], htmlspecialchars(implode(' ', $search->common_words), ENT_COMPAT, 'UTF-8')) . '<br />' : '';
$ignored = (sizeof($search->common_words)) ? sprintf($user->lang['IGNORED_TERMS_EXPLAIN'], implode(' ', $search->common_words)) . '<br />' : '';
trigger_error($ignored . sprintf($user->lang['NO_KEYWORDS'], $search->word_length['min'], $search->word_length['max']));
}
}
@ -453,8 +453,8 @@ if ($keywords || $author || $author_id || $search_id || $submit)
}
// define some vars for urls
$hilit = htmlspecialchars(implode('|', explode(' ', preg_replace('#\s+#u', ' ', str_replace(array('+', '-', '|', '(', ')'), ' ', $keywords)))));
$u_hilit = urlencode($keywords);
$hilit = implode('|', explode(' ', preg_replace('#\s+#u', ' ', str_replace(array('+', '-', '|', '(', ')'), ' ', $keywords))));
$u_hilit = urlencode(htmlspecialchars_decode($keywords));
$u_show_results = ($show_results != 'posts') ? '&amp;sr=' . $show_results : '';
$u_search_forum = implode('&amp;fid%5B%5D=', $search_forum);
@ -472,8 +472,8 @@ if ($keywords || $author || $author_id || $search_id || $submit)
$template->assign_vars(array(
'SEARCH_TITLE' => $l_search_title,
'SEARCH_MATCHES' => $l_search_matches,
'SEARCH_WORDS' => preg_replace('#&amp;(\#[0-9]+;)#', '&$1', htmlspecialchars($search->search_query)),
'IGNORED_WORDS' => (sizeof($search->common_words)) ? htmlspecialchars(implode(' ', $search->common_words)) : '',
'SEARCH_WORDS' => $search->search_query,
'IGNORED_WORDS' => (sizeof($search->common_words)) ? implode(' ', $search->common_words) : '',
'PAGINATION' => generate_pagination($u_search, $total_match_count, $per_page, $start),
'PAGE_NUMBER' => on_page($total_match_count, $per_page, $start),
'TOTAL_MATCHES' => $total_match_count,
@ -960,6 +960,8 @@ while ($row = $db->sql_fetchrow($result))
if ($row['left_id'] > $cat_right)
{
// make sure we don't forget anything
$s_forums .= $holding;
$holding = '';
}
@ -1040,7 +1042,7 @@ $result = $db->sql_query_limit($sql, 5);
while ($row = $db->sql_fetchrow($result))
{
$keywords = htmlspecialchars($row['search_keywords'], ENT_COMPAT, 'UTF-8');
$keywords = $row['search_keywords'];
$template->assign_block_vars('recentsearch', array(
'KEYWORDS' => $keywords,

2
phpBB/styles/subSilver/template/pagination.html
View file

@ -1 +1 @@
<!-- IF PAGINATION --><b><a href="#" onclick="jumpto(); return false;" title="{L_JUMP_TO_PAGE}">{L_GOTO_PAGE}</a> <!-- IF PREVIOUS_PAGE --><a href="{PREVIOUS_PAGE}">{L_PREVIOUS}</a>&nbsp;&nbsp;<!-- ENDIF -->{PAGINATION}<!-- IF NEXT_PAGE -->&nbsp;&nbsp;<a href="{NEXT_PAGE}">{L_NEXT}</a><!-- ENDIF --></b><!-- ENDIF -->
<!-- IF PAGINATION --><b><a href="#" onclick="jumpto(); return false;" title="{L_JUMP_TO_PAGE}">{L_GOTO_PAGE}</a> <!-- IF PREVIOUS_PAGE --><a href="{PREVIOUS_PAGE}">{L_PREVIOUS}</a>&nbsp;&nbsp;<!-- ENDIF -->{PAGINATION}<!-- IF NEXT_PAGE --> &nbsp;<a href="{NEXT_PAGE}">{L_NEXT}</a><!-- ENDIF --></b><!-- ENDIF -->