makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-17 08:48:53 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'prep-release-3.0.9'

Browse source 
* prep-release-3.0.9: (359 commits)
  [prep-release-3.0.9] Bumping version number for 3.0.9 final.
  [prep-release-3.0.9] Update Changelog for 3.0.9-RC4 release.
  [prep-release-3.0.9] Decreasing version for an RC4 release.
  [ticket/9859] Changing all phpBB footers to match the new credit line
  [ticket/9859] New footer copyright line with registered symbol
  [ticket/10250] The site_logo hash is different depending on imageset & language
  [ticket/10250] Destroy cached md5 hash of site_logo on refreshing an imageset
  [ticket/10250] Overwrite the site_logo width&height when the phpbb logo is used
  [ticket/10247] Remove attempt_id as primary key from database_update.php
  [ticket/10250] Added the new phpBB Logo with the Registered Trademark Symbol
  [ticket/10247] Use COUNT(*) instead of COUNT(attempt_id)
  [prep-release-3.0.9] Update Changelog for 3.0.9 release.
  [prep-release-3.0.9] Bumping version number for the final 3.0.9 release.
  [ticket/10247] Removing attempt_id column from the 3.0.8 to 3.0.9-RC1 updater.
  [ticket/10247] Add a db_tools test for the removal of a primary key column.
  [ticket/10247] Add empty data section to database update for RC4
  [ticket/10247] Remove unecessary attempt_id primary key column
  [prep-release-3.0.9] Bump database version to RC3 too.
  [prep-release-3.0.9] Update Changelog for 3.0.9-RC3 release.
  [prep-release-3.0.9] Bumping version number for 3.0.9-RC3.
  ...
This commit is contained in:
Andreas Fischer 2011-07-11 00:29:45 +02:00
commit c8da5ad9f4
228 changed files with 6140 additions and 2120 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.gitignore vendored
View file

@ -1,8 +1,12 @@
*~ *~
phpunit.xml
phpBB/cache/*.php phpBB/cache/*.php
phpBB/cache/queue.php.lock
phpBB/config.php phpBB/config.php
phpBB/files/* phpBB/files/*
phpBB/images/avatars/gallery/*
phpBB/images/avatars/upload/* phpBB/images/avatars/upload/*
phpBB/store/* phpBB/store/*
tests/phpbb_unit_tests.sqlite2 tests/phpbb_unit_tests.sqlite2
tests/test_config.php tests/test_config.php
tests/utf/data/*.txt

20
README.md Normal file
View file

@ -0,0 +1,20 @@
[![phpBB](http://www.phpbb.com/theme/images/logos/blue/160x52.png)](http://www.phpbb.com)
## ABOUT
phpBB is a free bulletin board written in PHP.
## COMMUNITY
Find support and lots more on [phpBB.com](http://www.phpbb.com)! Discuss the development on [area51](http://area51.phpbb.com/phpBB/index.php).
## CONTRIBUTE
1. [Create an account on phpBB.com](http://www.phpbb.com/community/ucp.php?mode=register)
2. [Create a ticket (unless there already is one)](http://tracker.phpbb.com/secure/CreateIssue!default.jspa)
3. [Read our Git Contribution Guidelines](http://wiki.phpbb.com/Git); if you're new to git, also read [the introduction guide](http://wiki.phpbb.com/display/DEV/Working+with+Git)
4. Send us a pull request
## LICENSE
[GNU General Public License v2](http://opensource.org/licenses/gpl-2.0.php)

38
build/build.xml
View file

@ -2,9 +2,9 @@
<project name="phpBB" description="The phpBB forum software" default="all" basedir="../"> <project name="phpBB" description="The phpBB forum software" default="all" basedir="../">
<!-- a few settings for the build --> <!-- a few settings for the build -->
<property name="newversion" value="3.0.8" /> <property name="newversion" value="3.0.9" />
<property name="prevversion" value="3.0.8-RC1" /> <property name="prevversion" value="3.0.8" />
<property name="olderversions" value="3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7-PL1" /> <property name="olderversions" value="3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.7-PL1, 3.0.9-RC1, 3.0.9-RC2, 3.0.9-RC3, 3.0.9-RC4" />
<!-- no configuration should be needed beyond this point --> <!-- no configuration should be needed beyond this point -->
<property name="oldversions" value="${olderversions}, ${prevversion}" /> <property name="oldversions" value="${olderversions}, ${prevversion}" />
@ -12,7 +12,8 @@
<!-- These are the main targets which you will probably want to use --> <!-- These are the main targets which you will probably want to use -->
<target name="package" depends="clean,prepare,create-package" /> <target name="package" depends="clean,prepare,create-package" />
<target name="all" depends="clean,prepare,test,create-package" /> <target name="all" depends="clean,prepare,test,docs,create-package" />
<target name="build" depends="clean,prepare,test,docs" />
<target name="prepare"> <target name="prepare">
<mkdir dir="build/logs" /> <mkdir dir="build/logs" />
@ -42,12 +43,11 @@
<delete dir="build/save" /> <delete dir="build/save" />
</target> </target>
<target name="test"> <target name="test" depends="clean,prepare">
<exec dir="tests" <exec dir="."
command="phpunit --log-junit ../build/logs/phpunit.xml command="phpunit --log-junit build/logs/phpunit.xml
--coverage-clover ../build/logs/clover.xml --coverage-clover build/logs/clover.xml
--coverage-html ../build/coverage --coverage-html build/coverage"
phpbb_all_tests all_tests.php"
passthru="true" /> passthru="true" />
@ -64,6 +64,18 @@
--> -->
</target> </target>
<target name="docs">
<!-- only works if you setup phpdoctor:
git clone https://github.com/peej/phpdoctor.git
and then create an executable phpdoctor in your path containing
#!/bin/sh
php -f /path/to/phpdoctor/phpdoc.php $@
-->
<exec dir="build"
command="phpdoctor phpdoc-phpbb.ini"
passthru="true" />
</target>
<target name="old-version-diffs"> <target name="old-version-diffs">
<foreach list="${oldversions}" param="version" target="old-version-diff" /> <foreach list="${oldversions}" param="version" target="old-version-diff" />
</target> </target>
@ -121,7 +133,7 @@
--> -->
<target name="export"> <target name="export">
<exec dir="phpBB" <exec dir="phpBB"
command="git archive ${revision} | tar -x -C ../${dir}" command="git archive ${revision} | tar -xf - -C ../${dir}"
checkreturn="true" /> checkreturn="true" />
<delete file="${dir}/config.php" /> <delete file="${dir}/config.php" />
<delete dir="${dir}/develop" /> <delete dir="${dir}/develop" />
@ -129,8 +141,8 @@
<echo msg="Setting permissions for checkout of ${revision} in ${dir}" /> <echo msg="Setting permissions for checkout of ${revision} in ${dir}" />
<!-- set permissions of all files to 644, directories to 755 --> <!-- set permissions of all files to 644, directories to 755 -->
<exec dir="${dir}" command="find -type f|xargs chmod 644" escape="false" /> <exec dir="${dir}" command="find . -type f|xargs chmod 644" escape="false" />
<exec dir="${dir}" command="find -type d|xargs chmod 755" escape="false" /> <exec dir="${dir}" command="find . -type d|xargs chmod 755" escape="false" />
<!-- set permissions of some directories to 777 --> <!-- set permissions of some directories to 777 -->
<chmod mode="0777" file="${dir}/cache" /> <chmod mode="0777" file="${dir}/cache" />
<chmod mode="0777" file="${dir}/store" /> <chmod mode="0777" file="${dir}/store" />

2
build/build_helper.php
View file

@ -177,7 +177,7 @@ class build_package
} }
// Is binary? // Is binary?
if (preg_match('/^Binary files ' . $package_name . '\/(.*) and [a-z0-9_-]+\/\1 differ/i', $line, $match)) if (preg_match('/^Binary files ' . $package_name . '\/(.*) and [a-z0-9._-]+\/\1 differ/i', $line, $match))
{ {
$binary[] = trim($match[1]); $binary[] = trim($match[1]);
} }

145
build/phpdoc-phpbb.ini Normal file
View file

@ -0,0 +1,145 @@
; Default configuration file for PHPDoctor
; This config file will cause PHPDoctor to generate API documentation of
; itself.
; PHPDoctor settings
; -----------------------------------------------------------------------------
; Names of files to parse. This can be a single filename, or a comma separated
; list of filenames. Wildcards are allowed.
files = "*.php"
; Names of files or directories to ignore. This can be a single filename, or a
; comma separated list of filenames. Wildcards are NOT allowed.
;ignore = "CVS, .svn, .git, _compiled"
ignore = templates_c/,*HTML/default/*,spec/,*config.php*,*CVS/,test_chora.php,testupdate/,cache/,store/,*proSilver/,develop/,includes/utf/data/,includes/captcha/fonts/,install/update/,install/update.new/,files/,*phpinfo.php*,*update_script.php*,*upgrade.php*,*convert.php*,install/converter/,language/de/,script/,*swatch.php*,*test.php*,*test2.php*,*install.php*,*functions_diff.php*,*acp_update.php*,acm_xcache.php
; The directory to look for files in, if not used the PHPDoctor will look in
; the current directory (the directory it is run from).
source_path = "../phpBB/"
; If you do not want PHPDoctor to look in each sub directory for files
; uncomment this line.
;subdirs = off
; Set how loud PHPDoctor is as it runs. Quiet mode suppresses all output other
; than warnings and errors. Verbose mode outputs additional messages during
; execution.
quiet = on
;verbose = on
; Select the doclet to use for generating output.
doclet = standard
;doclet = debug
; The directory to find the doclet in. Doclets control the HTML output of
; phpDoctor and can be modified to suit your needs. They are expected to be
; in a directory named after themselves at the location given.
;doclet_path = ./doclets
; Select the formatter to use for generating output.
;formatter = htmlStandardFormatter
; The directory to find the formatter in. Formatters convert textual markup
; for use by the doclet.
;formatter_path = ./formatters
; The directory to find taglets in. Taglets allow you to make PHPDoctor handle
; new tags and to alter the behavour of existing tags and their output.
;taglet_path = ./taglets
; If the code you are parsing does not use package tags or not all elements
; have package tags, use this setting to place unbound elements into a
; particular package.
default_package = "phpBB"
use_class_path_as_package = off
ignore_package_tags = off
; Specifies the name of a HTML file containing text for the overview
; documentation to be placed on the overview page. The path is relative to
; "source_path" unless an absolute path is given.
overview = ../README.md
; Package comments will be looked for in a file named package.html in the same
; directory as the first source file parsed in that package or in the directory
; given below. If package comments are placed in the directory given below then
; they should be named "<packageName>.html".
package_comment_dir = ./
; Parse out global variables and/or global constants?
;globals = off
;constants = off
; Generate documentation for all class members
;private = on
; Generate documentation for public and protected class members
;protected = on
; Generate documentation for only public class members
;public = on
; Use the PEAR compatible handling of the docblock first sentence
;pear_compat = on
; Standard doclet settings
; -----------------------------------------------------------------------------
; The directory to place generated documentation in. If the given path is
; relative to it will be relative to "source_path".
d = "../build/api/"
; Specifies the title to be placed in the HTML <title> tag.
windowtitle = "phpBB3"
; Specifies the title to be placed near the top of the overview summary file.
doctitle = "phpBB3 Sourcecode Documentation"
; Specifies the header text to be placed at the top of each output file. The
; header will be placed to the right of the upper navigation bar.
header = "phpBB3"
; Specifies the footer text to be placed at the bottom of each output file. The
; footer will be placed to the right of the lower navigation bar.
footer = "phpBB3"
; Specifies the text to be placed at the bottom of each output file. The text
; will be placed at the bottom of the page, below the lower navigation bar.
;bottom = "This document was generated by <a href="http://peej.github.com/phpdoctor/">PHPDoctor: The PHP Documentation Creator</a>"
; Create a class tree?
;tree = off
; Use GeSHi to include formatted source files in the documentation. PHPDoctor will look in the current doclet directory for a /geshi subdirectory. Unpack the GeSHi archive from http://qbnz.com/highlighter to get this directory - it will contain a php script and a subdirectory with formatting files.
include_source = off

41
git-tools/hooks/commit-msg
View file

@ -55,12 +55,24 @@ quit()
fi fi
} }
msg=$(grep -nE '.{81,}' "$1"); # Check for empty commit message
if ! grep -qv '^#' "$1"
then
# Commit message is empty (or contains only comments).
# Let git handle this.
# It will abort with a message like so:
#
# Aborting commit due to empty commit message.
exit 0
fi
msg=$(grep -v '^#' "$1" |grep -nE '.{81,}')
if [ $? -eq 0 ] if [ $? -eq 0 ]
then then
echo "The following lines are greater than 80 characters long:\n" >&2; echo "The following lines are greater than 80 characters long:" >&2;
echo $msg >&2; echo >&2
echo "$msg" >&2;
quit $ERR_LENGTH; quit $ERR_LENGTH;
fi fi
@ -107,7 +119,19 @@ do
case $expect in case $expect in
"header") "header")
err=$ERR_HEADER; err=$ERR_HEADER;
echo "$line" | grep -Eq "^\[(ticket/[0-9]+|feature/$branch_regex|task/$branch_regex)\] [A-Z].+$" echo "$line" | grep -Eq "^\[(ticket/[0-9]+|feature/$branch_regex|task/$branch_regex)\] .+$"
result=$?
if ! echo "$line" | grep -Eq "^\[(ticket/[0-9]+|feature/$branch_regex|task/$branch_regex)\] [A-Z].+$"
then
# Don't be too strict.
# Commits may be temporary, intended to be squashed later.
# Just issue a warning here.
echo "Warning: heading should be a sentence beginning with a capital letter." 1>&2
echo "You entered:" 1>&2
echo "$line" 1>&2
fi
# restore exit code
(exit $result)
;; ;;
"empty") "empty")
err=$ERR_EMPTY; err=$ERR_EMPTY;
@ -128,6 +152,10 @@ do
# Should not end up here # Should not end up here
false false
;; ;;
"possibly-eof")
# Allow empty and/or comment lines at the end
! tail -n +"$i" "$1" |grep -qvE '^($|#)'
;;
"comment") "comment")
echo "$line" | grep -Eq "^#"; echo "$line" | grep -Eq "^#";
;; ;;
@ -188,7 +216,7 @@ do
in_description=1; in_description=1;
;; ;;
"footer") "footer")
expecting="footer eof"; expecting="footer possibly-eof";
if [ "$tickets" = "" ] if [ "$tickets" = "" ]
then then
tickets="$line"; tickets="$line";
@ -199,6 +227,9 @@ do
"comment") "comment")
# Comments should expect the same thing again # Comments should expect the same thing again
;; ;;
"possibly-eof")
expecting="eof";
;;
*) *)
echo "Unrecognised token $expect" >&2; echo "Unrecognised token $expect" >&2;
quit 254; quit 254;

4
git-tools/hooks/prepare-commit-msg
View file

@ -35,8 +35,8 @@ then
# Branch is prefixed with 'ticket/', append ticket ID to message # Branch is prefixed with 'ticket/', append ticket ID to message
if [ "$branch" != "${branch##ticket/}" ]; if [ "$branch" != "${branch##ticket/}" ];
then then
tail="\n\nPHPBB3-${branch##ticket/}"; tail="$(printf "\n\nPHPBB3-${branch##ticket/}")";
fi fi
echo "[$branch]$tail $(cat "$1")" > "$1" echo "[$branch] $tail$(cat "$1")" > "$1"
fi fi

175
git-tools/merge.php Executable file
View file

@ -0,0 +1,175 @@
#!/usr/bin/env php
<?php
/**
*
* @package phpBB3
* @copyright (c) 2011 phpBB Group
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
*
*/
function show_usage()
{
$filename = basename(__FILE__);
echo "$filename merges a github pull request.\n";
echo "\n";
echo "Usage: [php] $filename -p pull_request_id [OPTIONS]\n";
echo "\n";
echo "Options:\n";
echo " -p pull_request_id The pull request id to be merged (mandatory)\n";
echo " -r remote Remote of upstream, defaults to 'upstream' (optional)\n";
echo " -d Outputs the commands instead of running them (optional)\n";
echo " -h This help text\n";
exit(2);
}
// Handle arguments
$opts = getopt('p:r:dh');
if (empty($opts) || isset($opts['h']))
{
show_usage();
}
$pull_id = get_arg($opts, 'p', '');
$remote = get_arg($opts, 'r', 'upstream');
$dry_run = !get_arg($opts, 'd', true);
try
{
exit(work($pull_id, $remote));
}
catch (RuntimeException $e)
{
echo $e->getMessage();
exit($e->getCode());
}
function work($pull_id, $remote)
{
// Get some basic data
$pull = get_pull('phpbb', 'phpbb3', $pull_id);
if (!$pull_id)
{
show_usage();
}
if ($pull['state'] != 'open')
{
throw new RuntimeException(sprintf("Error: pull request is closed\n",
$target_branch), 5);
}
$pull_user = $pull['head'][0];
$pull_branch = $pull['head'][1];
$target_branch = $pull['base'][1];
switch ($target_branch)
{
case 'develop-olympus':
run("git checkout develop-olympus");
run("git pull $remote develop-olympus");
add_remote($pull_user, 'phpbb3');
run("git fetch $pull_user");
run("git merge --no-ff $pull_user/$pull_branch");
run("phpunit");
run("git checkout develop");
run("git pull $remote develop");
run("git merge --no-ff develop-olympus");
run("phpunit");
break;
case 'develop':
run("git checkout develop");
run("git pull $remote develop");
add_remote($pull_user, 'phpbb3');
run("git fetch $pull_user");
run("git merge --no-ff $pull_user/$pull_branch");
run("phpunit");
break;
default:
throw new RuntimeException(sprintf("Error: pull request target branch '%s' is not a main branch\n",
$target_branch), 5);
break;
}
}
function add_remote($username, $repository, $pushable = false)
{
$url = get_repository_url($username, $repository, false);
run("git remote add $username $url", true);
if ($pushable)
{
$ssh_url = get_repository_url($username, $repository, true);
run("git remote set-url --push $username $ssh_url");
}
}
function get_repository_url($username, $repository, $ssh = false)
{
$url_base = ($ssh) ? 'git@github.com:' : 'git://github.com/';
return $url_base . $username . '/' . $repository . '.git';
}
function api_request($query)
{
$contents = file_get_contents("http://github.com/api/v2/json/$query");
if ($contents === false)
{
throw new RuntimeException("Error: failed to retrieve pull request data\n", 4);
}
return json_decode($contents);
}
function get_pull($username, $repository, $pull_id)
{
$request = api_request("pulls/$username/$repository/$pull_id");
$pull = $request->pull;
$pull_data = array(
'base' => array($pull->base->user->login, $pull->base->ref),
'head' => array($pull->head->user->login, $pull->head->ref),
'state' => $pull->state,
);
return $pull_data;
}
function get_arg($array, $index, $default)
{
return isset($array[$index]) ? $array[$index] : $default;
}
function run($cmd, $ignore_fail = false)
{
global $dry_run;
if (!empty($dry_run))
{
echo "$cmd\n";
}
else
{
passthru(escapeshellcmd($cmd), $status);
if ($status != 0 && !$ignore_fail)
{
throw new RuntimeException(sprintf("Error: command '%s' failed with status %s'\n",
$cmd, $status), 6);
}
}
}

248
git-tools/setup_github_network.php Executable file
View file

@ -0,0 +1,248 @@
#!/usr/bin/env php
<?php
/**
*
* @package phpBB3
* @copyright (c) 2011 phpBB Group
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
*
*/
function show_usage()
{
$filename = basename(__FILE__);
echo "$filename adds repositories of a github network as remotes to a local git repository.\n";
echo "\n";
echo "Usage: [php] $filename -s collaborators|organisation|contributors|network [OPTIONS]\n";
echo "\n";
echo "Scopes:\n";
echo " collaborators Repositories of people who have push access to the specified repository\n";
echo " contributors Repositories of people who have contributed to the specified repository\n";
echo " organisation Repositories of members of the organisation at github\n";
echo " network All repositories of the whole github network\n";
echo "\n";
echo "Options:\n";
echo " -s scope See description above (mandatory)\n";
echo " -u github_username Overwrites the github username (optional)\n";
echo " -r repository_name Overwrites the repository name (optional)\n";
echo " -m your_github_username Sets up ssh:// instead of git:// for pushable repositories (optional)\n";
echo " -d Outputs the commands instead of running them (optional)\n";
echo " -h This help text\n";
exit(1);
}
// Handle arguments
$opts = getopt('s:u:r:m:dh');
if (empty($opts) || isset($opts['h']))
{
show_usage();
}
$scope = get_arg($opts, 's', '');
$username = get_arg($opts, 'u', 'phpbb');
$repository = get_arg($opts, 'r', 'phpbb3');
$developer = get_arg($opts, 'm', '');
$dry_run = !get_arg($opts, 'd', true);
run(null, $dry_run);
exit(work($scope, $username, $repository, $developer));
function work($scope, $username, $repository, $developer)
{
// Get some basic data
$network = get_network($username, $repository);
$collaborators = get_collaborators($username, $repository);
if ($network === false || $collaborators === false)
{
echo "Error: failed to retrieve network or collaborators\n";
return 1;
}
switch ($scope)
{
case 'collaborators':
$remotes = array_intersect_key($network, $collaborators);
break;
case 'organisation':
$remotes = array_intersect_key($network, get_organisation_members($username));
break;
case 'contributors':
$remotes = array_intersect_key($network, get_contributors($username, $repository));
break;
case 'network':
$remotes = $network;
break;
default:
show_usage();
}
if (file_exists('.git'))
{
add_remote($username, $repository, isset($collaborators[$developer]));
}
else
{
clone_repository($username, $repository, isset($collaborators[$developer]));
}
// Add private security repository for developers
if ($username == 'phpbb' && $repository == 'phpbb3' && isset($collaborators[$developer]))
{
run("git remote add $username-security " . get_repository_url($username, "$repository-security", true));
}
// Skip blessed repository.
unset($remotes[$username]);
foreach ($remotes as $remote)
{
add_remote($remote['username'], $remote['repository'], $remote['username'] == $developer);
}
run('git remote update');
}
function clone_repository($username, $repository, $pushable = false)
{
$url = get_repository_url($username, $repository, false);
run("git clone $url ./ --origin $username");
if ($pushable)
{
$ssh_url = get_repository_url($username, $repository, true);
run("git remote set-url --push $username $ssh_url");
}
}
function add_remote($username, $repository, $pushable = false)
{
$url = get_repository_url($username, $repository, false);
run("git remote add $username $url");
if ($pushable)
{
$ssh_url = get_repository_url($username, $repository, true);
run("git remote set-url --push $username $ssh_url");
}
}
function get_repository_url($username, $repository, $ssh = false)
{
$url_base = ($ssh) ? 'git@github.com:' : 'git://github.com/';
return $url_base . $username . '/' . $repository . '.git';
}
function api_request($query)
{
$contents = file_get_contents("http://github.com/api/v2/json/$query");
if ($contents === false)
{
return false;
}
return json_decode($contents);
}
function get_contributors($username, $repository)
{
$request = api_request("repos/show/$username/$repository/contributors");
if ($request === false)
{
return false;
}
$usernames = array();
foreach ($request->contributors as $contributor)
{
$usernames[$contributor->login] = $contributor->login;
}
return $usernames;
}
function get_organisation_members($username)
{
$request = api_request("organizations/$username/public_members");
if ($request === false)
{
return false;
}
$usernames = array();
foreach ($request->users as $member)
{
$usernames[$member->login] = $member->login;
}
return $usernames;
}
function get_collaborators($username, $repository)
{
$request = api_request("repos/show/$username/$repository/collaborators");
if ($request === false)
{
return false;
}
$usernames = array();
foreach ($request->collaborators as $collaborator)
{
$usernames[$collaborator] = $collaborator;
}
return $usernames;
}
function get_network($username, $repository)
{
$request = api_request("repos/show/$username/$repository/network");
if ($request === false)
{
return false;
}
$usernames = array();
foreach ($request->network as $network)
{
$usernames[$network->owner] = array(
'username' => $network->owner,
'repository' => $network->name,
);
}
return $usernames;
}
function get_arg($array, $index, $default)
{
return isset($array[$index]) ? $array[$index] : $default;
}
function run($cmd, $dry = false)
{
static $dry_run;
if (is_null($cmd))
{
$dry_run = $dry;
}
else if (!empty($dry_run))
{
echo "$cmd\n";
}
else
{
passthru(escapeshellcmd($cmd));
}
}

16
phpBB/adm/index.php
View file

@ -237,7 +237,7 @@ function build_select($option_ary, $option_default = false)
/** /**
* Build radio fields in acp pages * Build radio fields in acp pages
*/ */
function h_radio($name, &$input_ary, $input_default = false, $id = false, $key = false) function h_radio($name, $input_ary, $input_default = false, $id = false, $key = false, $separator = '')
{ {
global $user; global $user;
@ -246,7 +246,7 @@ function h_radio($name, &$input_ary, $input_default = false, $id = false, $key =
foreach ($input_ary as $value => $title) foreach ($input_ary as $value => $title)
{ {
$selected = ($input_default !== false && $value == $input_default) ? ' checked="checked"' : ''; $selected = ($input_default !== false && $value == $input_default) ? ' checked="checked"' : '';
$html .= '<label><input type="radio" name="' . $name . '"' . (($id && !$id_assigned) ? ' id="' . $id . '"' : '') . ' value="' . $value . '"' . $selected . (($key) ? ' accesskey="' . $key . '"' : '') . ' class="radio" /> ' . $user->lang[$title] . '</label>'; $html .= '<label><input type="radio" name="' . $name . '"' . (($id && !$id_assigned) ? ' id="' . $id . '"' : '') . ' value="' . $value . '"' . $selected . (($key) ? ' accesskey="' . $key . '"' : '') . ' class="radio" /> ' . $user->lang[$title] . '</label>' . $separator;
$id_assigned = true; $id_assigned = true;
} }
@ -276,7 +276,7 @@ function build_cfg_template($tpl_type, $key, &$new, $config_key, $vars)
$size = (int) $tpl_type[1]; $size = (int) $tpl_type[1];
$maxlength = (int) $tpl_type[2]; $maxlength = (int) $tpl_type[2];
$tpl = '<input id="' . $key . '" type="' . $tpl_type[0] . '"' . (($size) ? ' size="' . $size . '"' : '') . ' maxlength="' . (($maxlength) ? $maxlength : 255) . '" name="' . $name . '" value="' . $new[$config_key] . '" />'; $tpl = '<input id="' . $key . '" type="' . $tpl_type[0] . '"' . (($size) ? ' size="' . $size . '"' : '') . ' maxlength="' . (($maxlength) ? $maxlength : 255) . '" name="' . $name . '" value="' . $new[$config_key] . '"' . (($tpl_type[0] === 'password') ? ' autocomplete="off"' : '') . ' />';
break; break;
case 'dimension': case 'dimension':
@ -402,7 +402,7 @@ function validate_config_vars($config_vars, &$cfg_array, &$error)
switch ($validator[$type]) switch ($validator[$type])
{ {
case 'string': case 'string':
$length = strlen($cfg_array[$config_name]); $length = utf8_strlen($cfg_array[$config_name]);
// the column is a VARCHAR // the column is a VARCHAR
$validator[$max] = (isset($validator[$max])) ? min(255, $validator[$max]) : 255; $validator[$max] = (isset($validator[$max])) ? min(255, $validator[$max]) : 255;
@ -573,7 +573,11 @@ function validate_range($value_ary, &$error)
'BOOL' => array('php_type' => 'int', 'min' => 0, 'max' => 1), 'BOOL' => array('php_type' => 'int', 'min' => 0, 'max' => 1),
'USINT' => array('php_type' => 'int', 'min' => 0, 'max' => 65535), 'USINT' => array('php_type' => 'int', 'min' => 0, 'max' => 65535),
'UINT' => array('php_type' => 'int', 'min' => 0, 'max' => (int) 0x7fffffff), 'UINT' => array('php_type' => 'int', 'min' => 0, 'max' => (int) 0x7fffffff),
'INT' => array('php_type' => 'int', 'min' => (int) 0x80000000, 'max' => (int) 0x7fffffff), // Do not use (int) 0x80000000 - it evaluates to different
// values on 32-bit and 64-bit systems.
// Apparently -2147483648 is a float on 32-bit systems,
// despite fitting in an int, thus explicit cast is needed.
'INT' => array('php_type' => 'int', 'min' => (int) -2147483648, 'max' => (int) 0x7fffffff),
'TINT' => array('php_type' => 'int', 'min' => -128, 'max' => 127), 'TINT' => array('php_type' => 'int', 'min' => -128, 'max' => 127),
'VCHAR' => array('php_type' => 'string', 'min' => 0, 'max' => 255), 'VCHAR' => array('php_type' => 'string', 'min' => 0, 'max' => 255),
@ -596,7 +600,7 @@ function validate_range($value_ary, &$error)
{ {
case 'string' : case 'string' :
$max = (isset($column[1])) ? min($column[1],$type['max']) : $type['max']; $max = (isset($column[1])) ? min($column[1],$type['max']) : $type['max'];
if (strlen($value['value']) > $max) if (utf8_strlen($value['value']) > $max)
{ {
$error[] = sprintf($user->lang['SETTING_TOO_LONG'], $user->lang[$value['lang']], $max); $error[] = sprintf($user->lang['SETTING_TOO_LONG'], $user->lang[$value['lang']], $max);
} }

2
phpBB/adm/style/acp_ban.html
View file

@ -33,7 +33,7 @@
{ {
document.getElementById('acp_unban').unbangivereason.innerHTML = ban_give_reason[option]; document.getElementById('acp_unban').unbangivereason.innerHTML = ban_give_reason[option];
document.getElementById('acp_unban').unbanreason.innerHTML = ban_reason[option]; document.getElementById('acp_unban').unbanreason.innerHTML = ban_reason[option];
document.getElementById('acp_unban').unbanlength.innerHTML = ban_length[option]; document.getElementById('acp_unban').unbanlength.value = ban_length[option];
} }
// ]]> // ]]>

4
phpBB/adm/style/acp_email.html
View file

@ -38,6 +38,10 @@
<dt><label for="priority">{L_MAIL_PRIORITY}:</label></dt> <dt><label for="priority">{L_MAIL_PRIORITY}:</label></dt>
<dd><select id="priority" name="mail_priority_flag">{S_PRIORITY_OPTIONS}</select></dd> <dd><select id="priority" name="mail_priority_flag">{S_PRIORITY_OPTIONS}</select></dd>
</dl> </dl>
<dl>
<dt><label for="banned">{L_MAIL_BANNED}:</label><br /><span>{L_MAIL_BANNED_EXPLAIN}</span></dt>
<dd><input id="banned" name="mail_banned_flag" type="checkbox" class="radio" /></dd>
</dl>
<dl> <dl>
<dt><label for="send">{L_SEND_IMMEDIATELY}:</label></dt> <dt><label for="send">{L_SEND_IMMEDIATELY}:</label></dt>
<dd><input id="send" type="checkbox" class="radio" name="send_immediately" checked="checked" /></dd> <dd><input id="send" type="checkbox" class="radio" name="send_immediately" checked="checked" /></dd>

18
phpBB/adm/style/acp_forums.html
View file

@ -58,7 +58,7 @@
/** /**
* Init the wanted display functionality if javascript is enabled. * Init the wanted display functionality if javascript is enabled.
* If javascript is not available, the user is still able to properly administrate. * If javascript is not available, the user is still able to properly administer.
*/ */
onload = function() onload = function()
{ {
@ -140,6 +140,12 @@
<dt><label for="parent">{L_FORUM_PARENT}:</label></dt> <dt><label for="parent">{L_FORUM_PARENT}:</label></dt>
<dd><select id="parent" name="forum_parent_id"><option value="0"<!-- IF not S_FORUM_PARENT_ID --> selected="selected"<!-- ENDIF -->>{L_NO_PARENT}</option>{S_PARENT_OPTIONS}</select></dd> <dd><select id="parent" name="forum_parent_id"><option value="0"<!-- IF not S_FORUM_PARENT_ID --> selected="selected"<!-- ENDIF -->>{L_NO_PARENT}</option>{S_PARENT_OPTIONS}</select></dd>
</dl> </dl>
<!-- IF S_CAN_COPY_PERMISSIONS -->
<dl>
<dt><label for="forum_perm_from">{L_COPY_PERMISSIONS}:</label><br /><span>{L_COPY_PERMISSIONS_EXPLAIN}</span></dt>
<dd><select id="forum_perm_from" name="forum_perm_from"><option value="0">{L_NO_PERMISSIONS}</option>{S_FORUM_OPTIONS}</select></dd>
</dl>
<!-- ENDIF -->
<dl> <dl>
<dt><label for="forum_name">{L_FORUM_NAME}:</label></dt> <dt><label for="forum_name">{L_FORUM_NAME}:</label></dt>
<dd><input class="text medium" type="text" id="forum_name" name="forum_name" value="{FORUM_NAME}" maxlength="255" /></dd> <dd><input class="text medium" type="text" id="forum_name" name="forum_name" value="{FORUM_NAME}" maxlength="255" /></dd>
@ -160,11 +166,11 @@
</dl> </dl>
<dl> <dl>
<dt><label for="forum_password">{L_FORUM_PASSWORD}:</label><br /><span>{L_FORUM_PASSWORD_EXPLAIN}</span></dt> <dt><label for="forum_password">{L_FORUM_PASSWORD}:</label><br /><span>{L_FORUM_PASSWORD_EXPLAIN}</span></dt>
<dd><input type="password" id="forum_password" name="forum_password" value="<!-- IF S_FORUM_PASSWORD_SET -->&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;<!-- ENDIF -->" /></dd> <dd><input type="password" id="forum_password" name="forum_password" value="<!-- IF S_FORUM_PASSWORD_SET -->&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;<!-- ENDIF -->" autocomplete="off" /></dd>
</dl> </dl>
<dl> <dl>
<dt><label for="forum_password_confirm">{L_FORUM_PASSWORD_CONFIRM}:</label><br /><span>{L_FORUM_PASSWORD_CONFIRM_EXPLAIN}</span></dt> <dt><label for="forum_password_confirm">{L_FORUM_PASSWORD_CONFIRM}:</label><br /><span>{L_FORUM_PASSWORD_CONFIRM_EXPLAIN}</span></dt>
<dd><input type="password" id="forum_password_confirm" name="forum_password_confirm" value="<!-- IF S_FORUM_PASSWORD_SET -->&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;<!-- ENDIF -->" /></dd> <dd><input type="password" id="forum_password_confirm" name="forum_password_confirm" value="<!-- IF S_FORUM_PASSWORD_SET -->&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;<!-- ENDIF -->" autocomplete="off" /></dd>
</dl> </dl>
<!-- IF S_FORUM_PASSWORD_SET --> <!-- IF S_FORUM_PASSWORD_SET -->
<dl> <dl>
@ -176,12 +182,6 @@
<dt><label for="forum_style">{L_FORUM_STYLE}:</label></dt> <dt><label for="forum_style">{L_FORUM_STYLE}:</label></dt>
<dd><select id="forum_style" name="forum_style"><option value="0">{L_DEFAULT_STYLE}</option>{S_STYLES_OPTIONS}</select></dd> <dd><select id="forum_style" name="forum_style"><option value="0">{L_DEFAULT_STYLE}</option>{S_STYLES_OPTIONS}</select></dd>
</dl> </dl>
<!-- IF S_CAN_COPY_PERMISSIONS -->
<dl>
<dt><label for="forum_perm_from">{L_COPY_PERMISSIONS}:</label><br /><span>{L_COPY_PERMISSIONS_EXPLAIN}</span></dt>
<dd><select id="forum_perm_from" name="forum_perm_from"><option value="0">{L_NO_PERMISSIONS}</option>{S_FORUM_OPTIONS}</select></dd>
</dl>
<!-- ENDIF -->
</fieldset> </fieldset>
<div id="forum_cat_options"> <div id="forum_cat_options">

4
phpBB/adm/style/acp_ranks.html
View file

@ -35,8 +35,8 @@
</dl> </dl>
<dl> <dl>
<dt><label for="special_rank">{L_RANK_SPECIAL}:</label></dt> <dt><label for="special_rank">{L_RANK_SPECIAL}:</label></dt>
<dd><label><input onchange="dE('posts', -1)" type="radio" class="radio" name="special_rank" value="1" id="special_rank"<!-- IF S_SPECIAL_RANK --> checked="checked"<!-- ENDIF --> />{L_YES}</label> <dd><label><input onclick="dE('posts', -1)" type="radio" class="radio" name="special_rank" value="1" id="special_rank"<!-- IF S_SPECIAL_RANK --> checked="checked"<!-- ENDIF --> />{L_YES}</label>
<label><input onchange="dE('posts', 1)" type="radio" class="radio" name="special_rank" value="0"<!-- IF not S_SPECIAL_RANK --> checked="checked"<!-- ENDIF --> /> {L_NO}</label></dd> <label><input onclick="dE('posts', 1)" type="radio" class="radio" name="special_rank" value="0"<!-- IF not S_SPECIAL_RANK --> checked="checked"<!-- ENDIF --> /> {L_NO}</label></dd>
</dl> </dl>
<!-- IF S_SPECIAL_RANK --><div id="posts" style="display: none;"><!-- ELSE --><div id="posts"><!-- ENDIF --> <!-- IF S_SPECIAL_RANK --><div id="posts" style="display: none;"><!-- ELSE --><div id="posts"><!-- ENDIF -->
<dl> <dl>

17
phpBB/adm/style/acp_styles.html
View file

@ -22,6 +22,21 @@
<dt><label for="new_id">{L_REPLACE}:</label><br /><span>{L_REPLACE_EXPLAIN}</span></dt> <dt><label for="new_id">{L_REPLACE}:</label><br /><span>{L_REPLACE_EXPLAIN}</span></dt>
<dd><select id="new_id" name="new_id">{S_REPLACE_OPTIONS}</select></dd> <dd><select id="new_id" name="new_id">{S_REPLACE_OPTIONS}</select></dd>
</dl> </dl>
<!-- IF S_DELETE_STYLE -->
<hr />
<dl>
<dt><label for="new_template_id">{L_DELETE_TEMPLATE}:</label><br /><span>{L_REPLACE_TEMPLATE_EXPLAIN}</span></dt>
<dd><select id="new_template_id" name="new_template_id">{S_REPLACE_TEMPLATE_OPTIONS}</select></dd>
</dl>
<dl>
<dt><label for="new_theme_id">{L_DELETE_THEME}:</label><br /><span>{L_REPLACE_THEME_EXPLAIN}</span></dt>
<dd><select id="new_theme_id" name="new_theme_id">{S_REPLACE_THEME_OPTIONS}</select></dd>
</dl>
<dl>
<dt><label for="new_imageset_id">{L_DELETE_IMAGESET}:</label><br /><span>{L_REPLACE_IMAGESET_EXPLAIN}</span></dt>
<dd><select id="new_imageset_id" name="new_imageset_id">{S_REPLACE_IMAGESET_OPTIONS}</select></dd>
</dl>
<!-- ENDIF -->
<p class="quick"> <p class="quick">
<input class="button1" type="submit" name="update" value="{L_DELETE}" /> <input class="button1" type="submit" name="update" value="{L_DELETE}" />
@ -77,7 +92,7 @@
/** /**
* Init the wanted display functionality if javascript is enabled. * Init the wanted display functionality if javascript is enabled.
* If javascript is not available, the user is still able to properly administrate. * If javascript is not available, the user is still able to properly administer.
*/ */
onload = function() onload = function()
{ {

8
phpBB/adm/style/acp_users_overview.html
View file

@ -43,19 +43,19 @@
</dl> </dl>
<dl> <dl>
<dt><label for="user_email">{L_EMAIL}:</label></dt> <dt><label for="user_email">{L_EMAIL}:</label></dt>
<dd><input class="text medium" type="text" id="user_email" name="user_email" value="{USER_EMAIL}" /></dd> <dd><input class="text medium" type="text" id="user_email" name="user_email" value="{USER_EMAIL}" autocomplete="off" /></dd>
</dl> </dl>
<dl> <dl>
<dt><label for="email_confirm">{L_CONFIRM_EMAIL}:</label><br /><span>{L_CONFIRM_EMAIL_EXPLAIN}</span></dt> <dt><label for="email_confirm">{L_CONFIRM_EMAIL}:</label><br /><span>{L_CONFIRM_EMAIL_EXPLAIN}</span></dt>
<dd><input class="text medium" type="text" id="email_confirm" name="email_confirm" value="" /></dd> <dd><input class="text medium" type="text" id="email_confirm" name="email_confirm" value="" autocomplete="off" /></dd>
</dl> </dl>
<dl> <dl>
<dt><label for="new_password">{L_NEW_PASSWORD}:</label><br /><span>{L_CHANGE_PASSWORD_EXPLAIN}</span></dt> <dt><label for="new_password">{L_NEW_PASSWORD}:</label><br /><span>{L_CHANGE_PASSWORD_EXPLAIN}</span></dt>
<dd><input type="password" id="new_password" name="new_password" value="" /></dd> <dd><input type="password" id="new_password" name="new_password" value="" autocomplete="off" /></dd>
</dl> </dl>
<dl> <dl>
<dt><label for="password_confirm">{L_CONFIRM_PASSWORD}:</label><br /><span>{L_CONFIRM_PASSWORD_EXPLAIN}</span></dt> <dt><label for="password_confirm">{L_CONFIRM_PASSWORD}:</label><br /><span>{L_CONFIRM_PASSWORD_EXPLAIN}</span></dt>
<dd><input type="password" id="password_confirm" name="password_confirm" value="" /></dd> <dd><input type="password" id="password_confirm" name="password_confirm" value="" autocomplete="off" /></dd>
</dl> </dl>
<p class="quick"> <p class="quick">

2
phpBB/adm/style/captcha_recaptcha.html
View file

@ -5,7 +5,7 @@
// <![CDATA[ // <![CDATA[
var RecaptchaOptions = { var RecaptchaOptions = {
lang : '{LA_RECAPTCHA_LANG}', lang : '{LA_RECAPTCHA_LANG}',
theme : 'clean', theme : 'clean'
}; };
// ]]> // ]]>
</script> </script>

13
phpBB/adm/style/install_footer.html
View file

@ -7,19 +7,8 @@
</div> </div>
</div> </div>
<!--
We request you retain the full copyright notice below including the link to www.phpbb.com.
This not only gives respect to the large amount of time given freely by the developers
but also helps build interest, traffic and use of phpBB. If you (honestly) cannot retain
the full copyright we ask you at least leave in place the "Powered by phpBB" line, with
"phpBB" linked to www.phpbb.com. If you refuse to include even this then support on our
forums may be affected.
The phpBB Group : 2006
// -->
<div id="page-footer"> <div id="page-footer">
Powered by phpBB &copy; 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a> Powered by <a href="http://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Group
</div> </div>
</div> </div>

13
phpBB/adm/style/overall_footer.html
View file

@ -7,20 +7,9 @@
</div> </div>
</div> </div>
<!--
We request you retain the full copyright notice below including the link to www.phpbb.com.
This not only gives respect to the large amount of time given freely by the developers
but also helps build interest, traffic and use of phpBB. If you (honestly) cannot retain
the full copyright we ask you at least leave in place the "Powered by phpBB" line, with
"phpBB" linked to www.phpbb.com. If you refuse to include even this then support on our
forums may be affected.
The phpBB Group : 2006
// -->
<div id="page-footer"> <div id="page-footer">
<!-- IF S_COPYRIGHT_HTML --> <!-- IF S_COPYRIGHT_HTML -->
Powered by phpBB &copy; 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a> Powered by <a href="http://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Group
<!-- IF TRANSLATION_INFO --><br />{TRANSLATION_INFO}<!-- ENDIF --> <!-- IF TRANSLATION_INFO --><br />{TRANSLATION_INFO}<!-- ENDIF -->
<!-- ENDIF --> <!-- ENDIF -->

13
phpBB/adm/style/simple_footer.html
View file

@ -2,21 +2,10 @@
<br /><br /> <br /><br />
</div> </div>
<!--
We request you retain the full copyright notice below including the link to www.phpbb.com.
This not only gives respect to the large amount of time given freely by the developers
but also helps build interest, traffic and use of phpBB. If you (honestly) cannot retain
the full copyright we ask you at least leave in place the "Powered by phpBB" line, with
"phpBB" linked to www.phpbb.com. If you refuse to include even this then support on our
forums may be affected.
The phpBB Group : 2006
// -->
<div id="page-footer"> <div id="page-footer">
<!-- IF S_COPYRIGHT_HTML --> <!-- IF S_COPYRIGHT_HTML -->
<br />Powered by phpBB &copy; 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a> <br />Powered by <a href="http://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Group
<!-- IF TRANSLATION_INFO --><br />{TRANSLATION_INFO}<!-- ENDIF --> <!-- IF TRANSLATION_INFO --><br />{TRANSLATION_INFO}<!-- ENDIF -->
<!-- ENDIF --> <!-- ENDIF -->

107
phpBB/common.php
View file

@ -16,112 +16,7 @@ if (!defined('IN_PHPBB'))
exit; exit;
} }
$starttime = explode(' ', microtime()); require($phpbb_root_path . 'includes/startup.' . $phpEx);
$starttime = $starttime[1] + $starttime[0];
// Report all errors, except notices and deprecation messages
if (!defined('E_DEPRECATED'))
{
define('E_DEPRECATED', 8192);
}
error_reporting(E_ALL ^ E_NOTICE ^ E_DEPRECATED);
/*
* Remove variables created by register_globals from the global scope
* Thanks to Matt Kavanagh
*/
function deregister_globals()
{
$not_unset = array(
'GLOBALS' => true,
'_GET' => true,
'_POST' => true,
'_COOKIE' => true,
'_REQUEST' => true,
'_SERVER' => true,
'_SESSION' => true,
'_ENV' => true,
'_FILES' => true,
'phpEx' => true,
'phpbb_root_path' => true
);
// Not only will array_merge and array_keys give a warning if
// a parameter is not an array, array_merge will actually fail.
// So we check if _SESSION has been initialised.
if (!isset($_SESSION) || !is_array($_SESSION))
{
$_SESSION = array();
}
// Merge all into one extremely huge array; unset this later
$input = array_merge(
array_keys($_GET),
array_keys($_POST),
array_keys($_COOKIE),
array_keys($_SERVER),
array_keys($_SESSION),
array_keys($_ENV),
array_keys($_FILES)
);
foreach ($input as $varname)
{
if (isset($not_unset[$varname]))
{
// Hacking attempt. No point in continuing unless it's a COOKIE
if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS']))
{
exit;
}
else
{
$cookie = &$_COOKIE;
while (isset($cookie['GLOBALS']))
{
foreach ($cookie['GLOBALS'] as $registered_var => $value)
{
if (!isset($not_unset[$registered_var]))
{
unset($GLOBALS[$registered_var]);
}
}
$cookie = &$cookie['GLOBALS'];
}
}
}
unset($GLOBALS[$varname]);
}
unset($input);
}
// If we are on PHP >= 6.0.0 we do not need some code
if (version_compare(PHP_VERSION, '6.0.0-dev', '>='))
{
/**
* @ignore
*/
define('STRIP', false);
}
else
{
@set_magic_quotes_runtime(0);
// Be paranoid with passed vars
if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on' || !function_exists('ini_get'))
{
deregister_globals();
}
define('STRIP', (get_magic_quotes_gpc()) ? true : false);
}
if (defined('IN_CRON'))
{
$phpbb_root_path = dirname(__FILE__) . DIRECTORY_SEPARATOR;
}
if (file_exists($phpbb_root_path . 'config.' . $phpEx)) if (file_exists($phpbb_root_path . 'config.' . $phpEx))
{ {

80
phpBB/cron.php
View file

@ -21,7 +21,6 @@ $user->session_begin(false);
$auth->acl($user->data); $auth->acl($user->data);
$cron_type = request_var('cron_type', ''); $cron_type = request_var('cron_type', '');
$use_shutdown_function = (@function_exists('register_shutdown_function')) ? true : false;
// Output transparent gif // Output transparent gif
header('Cache-Control: no-cache'); header('Cache-Control: no-cache');
@ -30,10 +29,9 @@ header('Content-length: 43');
echo base64_decode('R0lGODlhAQABAIAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw=='); echo base64_decode('R0lGODlhAQABAIAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==');
// test without flush ;) // Flush here to prevent browser from showing the page as loading while running cron.
// flush(); flush();
//
if (!isset($config['cron_lock'])) if (!isset($config['cron_lock']))
{ {
set_config('cron_lock', '0', true); set_config('cron_lock', '0', true);
@ -79,23 +77,10 @@ switch ($cron_type)
break; break;
} }
// A user reported using the mail() function while using shutdown does not work. We do not want to risk that.
if ($use_shutdown_function && !$config['smtp_delivery'])
{
$use_shutdown_function = false;
}
include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
$queue = new queue(); $queue = new queue();
if ($use_shutdown_function)
{
register_shutdown_function(array(&$queue, 'process'));
}
else
{
$queue->process(); $queue->process();
}
break; break;
@ -106,14 +91,7 @@ switch ($cron_type)
break; break;
} }
if ($use_shutdown_function)
{
register_shutdown_function(array(&$cache, 'tidy'));
}
else
{
$cache->tidy(); $cache->tidy();
}
break; break;
@ -138,14 +116,7 @@ switch ($cron_type)
break; break;
} }
if ($use_shutdown_function)
{
register_shutdown_function(array(&$search, 'tidy'));
}
else
{
$search->tidy(); $search->tidy();
}
break; break;
@ -158,14 +129,7 @@ switch ($cron_type)
include_once($phpbb_root_path . 'includes/functions_admin.' . $phpEx); include_once($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
if ($use_shutdown_function)
{
register_shutdown_function('tidy_warnings');
}
else
{
tidy_warnings(); tidy_warnings();
}
break; break;
@ -178,14 +142,7 @@ switch ($cron_type)
include_once($phpbb_root_path . 'includes/functions_admin.' . $phpEx); include_once($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
if ($use_shutdown_function)
{
register_shutdown_function('tidy_database');
}
else
{
tidy_database(); tidy_database();
}
break; break;
@ -196,14 +153,7 @@ switch ($cron_type)
break; break;
} }
if ($use_shutdown_function)
{
register_shutdown_function(array(&$user, 'session_gc'));
}
else
{
$user->session_gc(); $user->session_gc();
}
break; break;
@ -229,44 +179,22 @@ switch ($cron_type)
include_once($phpbb_root_path . 'includes/functions_admin.' . $phpEx); include_once($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
if ($row['prune_days']) if ($row['prune_days'])
{
if ($use_shutdown_function)
{
register_shutdown_function('auto_prune', $row['forum_id'], 'posted', $row['forum_flags'], $row['prune_days'], $row['prune_freq']);
}
else
{ {
auto_prune($row['forum_id'], 'posted', $row['forum_flags'], $row['prune_days'], $row['prune_freq']); auto_prune($row['forum_id'], 'posted', $row['forum_flags'], $row['prune_days'], $row['prune_freq']);
} }
}
if ($row['prune_viewed']) if ($row['prune_viewed'])
{
if ($use_shutdown_function)
{
register_shutdown_function('auto_prune', $row['forum_id'], 'viewed', $row['forum_flags'], $row['prune_viewed'], $row['prune_freq']);
}
else
{ {
auto_prune($row['forum_id'], 'viewed', $row['forum_flags'], $row['prune_viewed'], $row['prune_freq']); auto_prune($row['forum_id'], 'viewed', $row['forum_flags'], $row['prune_viewed'], $row['prune_freq']);
} }
} }
}
break; break;
} }
// Unloading cache and closing db after having done the dirty work. // Unloading cache and closing db after having done the dirty work.
if ($use_shutdown_function) unlock_cron();
{ garbage_collection();
register_shutdown_function('unlock_cron');
register_shutdown_function('garbage_collection');
}
else
{
unlock_cron();
garbage_collection();
}
exit; exit;

35
phpBB/develop/create_schema_files.php
View file

@ -329,6 +329,15 @@ foreach ($supported_dbms as $dbms)
// Write columns one by one... // Write columns one by one...
foreach ($table_data['COLUMNS'] as $column_name => $column_data) foreach ($table_data['COLUMNS'] as $column_name => $column_data)
{ {
if (strlen($column_name) > 30)
{
trigger_error("Column name '$column_name' on table '$table_name' is too long. The maximum is 30 characters.", E_USER_ERROR);
}
if (isset($column_data[2]) && $column_data[2] == 'auto_increment' && strlen($column_name) > 26) // "${column_name}_gen"
{
trigger_error("Index name '${column_name}_gen' on table '$table_name' is too long. The maximum is 30 characters.", E_USER_ERROR);
}
// Get type // Get type
if (strpos($column_data[0], ':') !== false) if (strpos($column_data[0], ':') !== false)
{ {
@ -632,6 +641,11 @@ foreach ($supported_dbms as $dbms)
$key_data[1] = array($key_data[1]); $key_data[1] = array($key_data[1]);
} }
if (strlen($table_name . $key_name) > 30)
{
trigger_error("Index name '${table_name}_$key_name' on table '$table_name' is too long. The maximum is 30 characters.", E_USER_ERROR);
}
switch ($dbms) switch ($dbms)
{ {
case 'mysql_40': case 'mysql_40':
@ -926,7 +940,7 @@ function get_schema_struct()
$schema_data['phpbb_bbcodes'] = array( $schema_data['phpbb_bbcodes'] = array(
'COLUMNS' => array( 'COLUMNS' => array(
'bbcode_id' => array('TINT:3', 0), 'bbcode_id' => array('USINT', 0),
'bbcode_tag' => array('VCHAR:16', ''), 'bbcode_tag' => array('VCHAR:16', ''),
'bbcode_helpline' => array('VCHAR_UNI', ''), 'bbcode_helpline' => array('VCHAR_UNI', ''),
'display_on_posting' => array('BOOL', 0), 'display_on_posting' => array('BOOL', 0),
@ -1207,6 +1221,24 @@ function get_schema_struct()
), ),
); );
$schema_data['phpbb_login_attempts'] = array(
'COLUMNS' => array(
'attempt_ip' => array('VCHAR:40', ''),
'attempt_browser' => array('VCHAR:150', ''),
'attempt_forwarded_for' => array('VCHAR:255', ''),
'attempt_time' => array('TIMESTAMP', 0),
'user_id' => array('UINT', 0),
'username' => array('VCHAR_UNI:255', 0),
'username_clean' => array('VCHAR_CI', 0),
),
'KEYS' => array(
'att_ip' => array('INDEX', array('attempt_ip', 'attempt_time')),
'att_for' => array('INDEX', array('attempt_forwarded_for', 'attempt_time')),
'att_time' => array('INDEX', array('attempt_time')),
'user_id' => array('INDEX', 'user_id'),
),
);
$schema_data['phpbb_moderator_cache'] = array( $schema_data['phpbb_moderator_cache'] = array(
'COLUMNS' => array( 'COLUMNS' => array(
'forum_id' => array('UINT', 0), 'forum_id' => array('UINT', 0),
@ -2047,4 +2079,3 @@ EOF;
echo 'done'; echo 'done';
?>

6
phpBB/develop/create_variable_overview.php
View file

@ -83,7 +83,7 @@ $html_skeleton .= '<br><br><a name="ref"></a><b>References: </b>{SEE_FILES}';
$html_skeleton .= ' $html_skeleton .= '
<br><br> <br><br>
<div class="copyright" align="center">Powered by phpBB 2.2 &copy; <a href="http://www.phpbb.com/" target="_phpbb" class="copyright">phpBB Group</a>, 2003</div> <div class="copyright" align="center">Powered by <a href="http://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Group</div>
<br clear="all" /></td> <br clear="all" /></td>
</tr> </tr>
@ -405,7 +405,7 @@ $html_data .= '<br><li><a href="./lang_index.html" class="gen">Appendix A: Langu
$html_data .= ' $html_data .= '
</ol><br><br> </ol><br><br>
<div class="copyright" align="center">Powered by phpBB 2.2 &copy; <a href="http://www.phpbb.com/" target="_phpbb" class="copyright">phpBB Group</a>, 2003</div> <div class="copyright" align="center">Powered by <a href="http://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Group</div>
<br clear="all" /></td> <br clear="all" /></td>
</tr> </tr>
@ -528,7 +528,7 @@ foreach ($lang_fp as $filepointer)
$html_data .= ' $html_data .= '
<br><br> <br><br>
<div class="copyright" align="center">Powered by phpBB 2.2 &copy; <a href="http://www.phpbb.com/" target="_phpbb" class="copyright">phpBB Group</a>, 2003</div> <div class="copyright" align="center">Powered by <a href="http://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Group</div>
<br clear="all" /></td> <br clear="all" /></td>
</tr> </tr>

5
phpBB/develop/mysql_upgrader.php
View file

@ -21,6 +21,7 @@
die("Please read the first lines of this script for instructions on how to enable it"); die("Please read the first lines of this script for instructions on how to enable it");
define('IN_PHPBB', true); define('IN_PHPBB', true);
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
$phpEx = substr(strrchr(__FILE__, '.'), 1); $phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx); include($phpbb_root_path . 'common.' . $phpEx);
@ -252,7 +253,7 @@ foreach ($schema_data as $table_name => $table_data)
// Do we now need to re-add the fulltext index? ;) // Do we now need to re-add the fulltext index? ;)
if ($table_name == ($prefix . 'posts') && $drop_index) if ($table_name == ($prefix . 'posts') && $drop_index)
{ {
echo "ALTER TABLE $table_name ADD FULLTEXT (post_subject), ADD FULLTEXT (post_text), ADD FULLTEXT post_content (post_subject, post_text){$newline}"; echo "ALTER TABLE $table_name ADD FULLTEXT (post_subject), ADD FULLTEXT (post_text), ADD FULLTEXT post_content (post_subject, post_text);{$newline}";
} }
} }
@ -414,7 +415,7 @@ function get_schema_struct()
$schema_data['phpbb_bbcodes'] = array( $schema_data['phpbb_bbcodes'] = array(
'COLUMNS' => array( 'COLUMNS' => array(
'bbcode_id' => array('TINT:3', 0), 'bbcode_id' => array('USINT', 0),
'bbcode_tag' => array('VCHAR:16', ''), 'bbcode_tag' => array('VCHAR:16', ''),
'bbcode_helpline' => array('VCHAR_UNI', ''), 'bbcode_helpline' => array('VCHAR_UNI', ''),
'display_on_posting' => array('BOOL', 0), 'display_on_posting' => array('BOOL', 0),

19
phpBB/docs/AUTHORS
View file

@ -1,6 +1,6 @@
/** /**
* *
* phpBB3 © Copyright 2000, 2002, 2005, 2007 phpBB Group * phpBB3 © Copyright phpBB Group
* http://www.phpbb.com * http://www.phpbb.com
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
@ -22,20 +22,17 @@ involved in phpBB.
phpBB Lead Developer: naderman (Nils Adermann) phpBB Lead Developer: naderman (Nils Adermann)
phpBB Developers: A_Jelly_Doughnut (Josh Woody) phpBB Developers: Acyd Burn (Meik Sievertsen) [Lead 09/2005 - 01/2010]
Acyd Burn (Meik Sievertsen) [Lead 09/2005 - 01/2010]
APTX (Marek A. R.)
bantu (Andreas Fischer) bantu (Andreas Fischer)
dhn (Dominik Dröscher) ckwalsh (Cullen Walsh)
igorw (Igor Wiedler) igorw (Igor Wiedler)
kellanved (Henry Sudhof) kellanved (Henry Sudhof)
nickvergessen (Joas Schilling) nickvergessen (Joas Schilling)
Oleg (Oleg Pudeyev)
rxu (Ruslan Uzdenov) rxu (Ruslan Uzdenov)
Terrafrost (Jim Wigginton)
ToonArmy (Chris Smith) ToonArmy (Chris Smith)
Contributions by: Brainy (Cullen Walsh) Contributions by: leviatan21 (Gabriel Vazquez)
leviatan21 (Gabriel Vazquez)
Raimon (Raimon Meuldijk) Raimon (Raimon Meuldijk)
Xore (Robert Hetzler) Xore (Robert Hetzler)
@ -47,10 +44,14 @@ phpBB Project Manager: theFinn (James Atkinson) [Founder - 04/2007]
phpBB Lead Developer: psoTFX (Paul S. Owen) [2001 - 09/2005] phpBB Lead Developer: psoTFX (Paul S. Owen) [2001 - 09/2005]
phpBB Developers: Ashe (Ludovic Arnaud) [10/2002 - 11/2003, 06/2006 - 10/2006] phpBB Developers: A_Jelly_Doughnut (Josh Woody) [01/2010 - 11/2010]
APTX (Marek A. Ruszczyński) [12/2007 - 04/2011]
Ashe (Ludovic Arnaud) [10/2002 - 11/2003, 06/2006 - 10/2006]
BartVB (Bart van Bragt) [11/2000 - 03/2006] BartVB (Bart van Bragt) [11/2000 - 03/2006]
DavidMJ (David M.) [12/2005 - 08/2009] DavidMJ (David M.) [12/2005 - 08/2009]
dhn (Dominik Dröscher) [05/2007 - 01/2011]
GrahamJE (Graham Eames) [09/2005 - 11/2006] GrahamJE (Graham Eames) [09/2005 - 11/2006]
TerraFrost (Jim Wigginton) [04/2009 - 01/2011]
Vic D'Elfant (Vic D'Elfant) [04/2007 - 04/2009] Vic D'Elfant (Vic D'Elfant) [04/2007 - 04/2009]
-- Copyrights -- -- Copyrights --

407
phpBB/docs/CHANGELOG.html
View file

@ -8,7 +8,7 @@
<meta http-equiv="imagetoolbar" content="no" /> <meta http-equiv="imagetoolbar" content="no" />
<meta name="resource-type" content="document" /> <meta name="resource-type" content="document" />
<meta name="distribution" content="global" /> <meta name="distribution" content="global" />
<meta name="copyright" content="2007 phpBB Group" /> <meta name="copyright" content="phpBB Group" />
<meta name="keywords" content="" /> <meta name="keywords" content="" />
<meta name="description" content="phpBB 3.0.x Changelog" /> <meta name="description" content="phpBB 3.0.x Changelog" />
<title>phpBB3 &bull; Changelog</title> <title>phpBB3 &bull; Changelog</title>
@ -53,6 +53,7 @@
<ol> <ol>
<li><a href="#changelog">Changelog</a> <li><a href="#changelog">Changelog</a>
<ol style="list-style-type: lower-roman;"> <ol style="list-style-type: lower-roman;">
<li><a href="#v308">Changes since 3.0.8</a></li>
<li><a href="#v307-PL1">Changes since 3.0.7-PL1</a></li> <li><a href="#v307-PL1">Changes since 3.0.7-PL1</a></li>
<li><a href="#v307">Changes since 3.0.7</a></li> <li><a href="#v307">Changes since 3.0.7</a></li>
<li><a href="#v306">Changes since 3.0.6</a></li> <li><a href="#v306">Changes since 3.0.6</a></li>
@ -89,7 +90,375 @@
<div class="content"> <div class="content">
<a name="v307-PL1"></a><h3>1.i. Changes since 3.0.7-PL1</h3> <a name="v308"></a><h3>1.i. Changes since 3.0.8</h3>
<h4> Bug
</h4>
<ul>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-217'>PHPBB3-217</a>] - Multiline [url] not Converted
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-6712'>PHPBB3-6712</a>] - Topic bumping does not create new topic icon on index
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-7057'>PHPBB3-7057</a>] - Quicksearch uses POST, thus the page expires!
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-7778'>PHPBB3-7778</a>] - Increase limit of custom BBcodes
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-7834'>PHPBB3-7834</a>] - Correctly update topic_time when deleting first post in topic
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-7888'>PHPBB3-7888</a>] - URL of search results page does not always contain all keywords of the search query
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-7941'>PHPBB3-7941</a>] - mistake in description of function generate_board_url
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-8138'>PHPBB3-8138</a>] - Browser autocompleton fills wrong fields in ACP
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-8736'>PHPBB3-8736</a>] - Honour ACP settings for min/max username length when posting as a guest.
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-8802'>PHPBB3-8802</a>] - Wrong confirmation text when clicking &quot;mark forums read&quot; in a category
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-8904'>PHPBB3-8904</a>] - Show numeric CPF default value when editing
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9166'>PHPBB3-9166</a>] - Subsilver and prosilver CSS elements out of order.
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9348'>PHPBB3-9348</a>] - Correctly encode default_dateformat when converting from phpBB2
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9575'>PHPBB3-9575</a>] - The word &quot;administrate&quot; is not correct.
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9630'>PHPBB3-9630</a>] - Naming inconsistency of Merging Posts / Topics in MCP
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9675'>PHPBB3-9675</a>] - Add option to delete template/theme/imageset when deleting style.
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9685'>PHPBB3-9685</a>] - Unable to create &quot;Fulltext native&quot; search index using the mssqlnative DBAL
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9751'>PHPBB3-9751</a>] - Password requirement &quot;Must contain letters and numbers&quot; is not working properly
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9764'>PHPBB3-9764</a>] - Empty value for CONFIG_TABLE config_name= &#39;mime_triggers&#39; causes functions_fileupload.php-&gt;fileupload-&gt;check_content() to be too restrictive
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9851'>PHPBB3-9851</a>] - &quot;Search new posts&quot; should require login
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9872'>PHPBB3-9872</a>] - Total topics isn&#39;t correct after I deleted a user
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9874'>PHPBB3-9874</a>] - view_log() performs unneeded count query over all log entries.
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9892'>PHPBB3-9892</a>] - Firebird index name length limit is not taken into account
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9905'>PHPBB3-9905</a>] - DSN field should include SQLite
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9908'>PHPBB3-9908</a>] - Send &quot;Moved Permanently&quot; before stripping off session ids for Bots.
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9910'>PHPBB3-9910</a>] - Javascript bug in Subsilver2 PMs
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9911'>PHPBB3-9911</a>] - Incorrect open/close field in Manage ranks ACP
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9913'>PHPBB3-9913</a>] - currunt should be current
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9915'>PHPBB3-9915</a>] - &quot;Length of ban:&quot; is not displayed in ACP
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9924'>PHPBB3-9924</a>] - $template-&gt;display hook does not pass $template instance
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9925'>PHPBB3-9925</a>] - prosilver logo margin bug in IE 6-7-8
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9928'>PHPBB3-9928</a>] - Do not link &quot;login to your board&quot; to the &quot;send statistics&quot; page after completed update.
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9930'>PHPBB3-9930</a>] - Redirect fails with open_basedir enabled
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9932'>PHPBB3-9932</a>] - The Bing bot is not added when converting.
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9933'>PHPBB3-9933</a>] - Wrong handling of consecutive multiple asterisks in word censor
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9934'>PHPBB3-9934</a>] - Mass Mail missing under the system tab on a fresh install
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9939'>PHPBB3-9939</a>] - JavaScript error in recaptcha ACP template
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9944'>PHPBB3-9944</a>] - Extension groups naming don&#39;t use users&#39; language in ACP
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9946'>PHPBB3-9946</a>] - $inserts empty in sql_query() for oracle
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9948'>PHPBB3-9948</a>] - Inline quicktime files won&#39;t display
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9949'>PHPBB3-9949</a>] - $user-&gt;lang() is not handling arguments as per documentation
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9950'>PHPBB3-9950</a>] - Problem with localized button images after uprading from 3.0.7-PL1 to 3.0.8
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9953'>PHPBB3-9953</a>] - Set focus to password on re-authentication
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9954'>PHPBB3-9954</a>] - u_masspm* permissions are forced to never for certain groups
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9961'>PHPBB3-9961</a>] - Inconsistent activation logs
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9966'>PHPBB3-9966</a>] - Language download in ACP creates index.html and misses captcha_*
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9970'>PHPBB3-9970</a>] - user_lang input not checked during registration
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9981'>PHPBB3-9981</a>] - Fix unit test dependencies on phpBB files
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9985'>PHPBB3-9985</a>] - 3D Wave CAPTCHA mt_rand() does not check order of min/max values
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9997'>PHPBB3-9997</a>] - Inconsistent approve/disapprove button order in modcp
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9999'>PHPBB3-9999</a>] - {forumrow.L_FORUM_FOLDER_ALT} and {SEARCH_IMG} only return a language key.
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10005'>PHPBB3-10005</a>] - users can register without custom profile field correctly entered
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10011'>PHPBB3-10011</a>] - __DIR__ in test suite renders it unusable on php &lt; 5.3
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10016'>PHPBB3-10016</a>] - set_config_count() fails on PostreSQL 7
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10020'>PHPBB3-10020</a>] - ACP function validate_range() fails partially on non-32-bit systems
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10021'>PHPBB3-10021</a>] - &quot;Find a member&quot; generates SQL error when large dates are entered
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10029'>PHPBB3-10029</a>] - No such thing as $_SERVER[&#39;HTTP_VERSION&#39;]
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10033'>PHPBB3-10033</a>] - &quot;Disallow usernames&quot; does not check already disallowed names
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10035'>PHPBB3-10035</a>] - ACP template edit feature allows to read any files on webserver and to upload/execute any script on it
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10036'>PHPBB3-10036</a>] - Use image from configuration file for displaying online-status.
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10038'>PHPBB3-10038</a>] - download/file.php uses $_GET value instead of function request_var()
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10039'>PHPBB3-10039</a>] - 2.x to 3.x conversion fails when using mssqlnative to connect to destination database
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10042'>PHPBB3-10042</a>] - GD captcha has invalid mt_rand calls
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10047'>PHPBB3-10047</a>] - Session ID always included in URL on posting.php
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10049'>PHPBB3-10049</a>] - Session test files are misnamed, session tests are not run
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10052'>PHPBB3-10052</a>] - Session tests are broken
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10056'>PHPBB3-10056</a>] - Firebird misspelled in database updater
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10058'>PHPBB3-10058</a>] - Root path is undefined in MySQL upgrader
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10059'>PHPBB3-10059</a>] - Consistent is misspelled twice
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10060'>PHPBB3-10060</a>] - Typo in tests database connection manager
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10068'>PHPBB3-10068</a>] - Firefox4 restrictions to :visited
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10078'>PHPBB3-10078</a>] - commit-msg hook prints \n on freebsd
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10081'>PHPBB3-10081</a>] - Cleanup Template Tests
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10084'>PHPBB3-10084</a>] - Add smilie errors out when image is missing
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10088'>PHPBB3-10088</a>] - Cache mock does not unset database versions other than mysqli
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10090'>PHPBB3-10090</a>] - cache/queue.php.lock isn&#39;t covered by .gitignore
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10092'>PHPBB3-10092</a>] - commit-msg hook aborts on overlength comment lines
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10096'>PHPBB3-10096</a>] - Wrong whitespace in functions.php
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10100'>PHPBB3-10100</a>] - Race condition in unique_id() on heavily busy database.
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10102'>PHPBB3-10102</a>] - member.S_PENDING_SET in styles/prosilver/template/ucp_groups_manage.html
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10104'>PHPBB3-10104</a>] - missing one intval() along with others already being there
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10109'>PHPBB3-10109</a>] - Errors while copying a topic
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10112'>PHPBB3-10112</a>] - Use of count() in captcha_gd.php and mssqlnative.php
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10115'>PHPBB3-10115</a>] - BBcodes not working if post contains about or more 55000 non-english symbols
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10117'>PHPBB3-10117</a>] - Big posts becomes empty if they have smilies on specified places.
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10121'>PHPBB3-10121</a>] - ICQ profile link leads to a webservice that is no longer active
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10123'>PHPBB3-10123</a>] - Inconsistent use of smilie/smiley
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10128'>PHPBB3-10128</a>] - Error message is on green background when trying to ban a nonexistent user
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10137'>PHPBB3-10137</a>] - Deleting an unintended space at the end of PHP_URL_FOPEN_SUPPORT_EXPLAIN
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10146'>PHPBB3-10146</a>] - Firebird cannot handle DECIMAL(255, 0)
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10147'>PHPBB3-10147</a>] - Typo in code comment in functions_template.php
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10149'>PHPBB3-10149</a>] - deregister_globals causes error when cookie called GLOBALS is set to scalar value
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10170'>PHPBB3-10170</a>] - reCAPTCHA address has changed
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10171'>PHPBB3-10171</a>] - Firefox4 displays grey pixels at PM message rows when message is neither marked nor replied
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10177'>PHPBB3-10177</a>] - phpBB package cannot be built with bsdtar
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10178'>PHPBB3-10178</a>] - build.xml does not specify path to find - breaks on FreeBSD
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10188'>PHPBB3-10188</a>] - Broken compressed output when errors/warnings are handled by phpbb and output_buffering is set to 4096 and phpbb gzip is enabled
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10191'>PHPBB3-10191</a>] - Duplicate output when output_handler is set in php.ini
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10192'>PHPBB3-10192</a>] - Missing semicolon in MySQL Upgrader
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10195'>PHPBB3-10195</a>] - Do not check DNS Blacklists if IPv6 address is passed to session::check_dnsbl().
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10198'>PHPBB3-10198</a>] - Function validate_config_vars() improperly validates multibyte strings
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10203'>PHPBB3-10203</a>] - Fix quotations and hyphen in language strings for PHPBB3-10067
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10204'>PHPBB3-10204</a>] - Package build tool does not detect binary file changes
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10206'>PHPBB3-10206</a>] - Normalization tests fail when unicode.org is not reachable
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10211'>PHPBB3-10211</a>] - Missing space on the recent PHPBB3-9992 changes
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10213'>PHPBB3-10213</a>] - IP limit index name too long on Oracle
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10214'>PHPBB3-10214</a>] - Cannot configure Q&amp;A on Oracle
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10218'>PHPBB3-10218</a>] - STRIP is not defined in style.php causing a notice to be thrown
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10219'>PHPBB3-10219</a>] - Inappropriate character in web.config file
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10220'>PHPBB3-10220</a>] - Logging in with Mobile Device triggers SQL error on *_login_attempts.
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10221'>PHPBB3-10221</a>] - Inconsistent usage of &quot;Seconds&quot; in ACP Settings
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-7729'>PHPBB3-7729</a>] - Prevent date/time functions from throwing E_WARNING on PHP 5.3 by setting a default timezone
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10188'>PHPBB3-10188</a>] - Broken compressed output when errors/warnings are handled by phpbb and output_buffering is set to 4096 and phpbb gzip is enabled
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10223'>PHPBB3-10223</a>] - Updater references startup.php from board path
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10228'>PHPBB3-10228</a>] - Typo in 3.0.9-RC1 user registration settings
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10229'>PHPBB3-10229</a>] - On languge/acp/styles.php &quot;%s&quot; should be &quot;%s&quot;
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10232'>PHPBB3-10232</a>] - Search within topic/forum searches all posts
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10233'>PHPBB3-10233</a>] - IE Emulation fix breaks posting layout when PMing
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10234'>PHPBB3-10234</a>] - msg_handler() reports E_WARNING as &quot;PHP Notice: &quot;
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10247'>PHPBB3-10247</a>] - mediumint(8) too small for phpbb_login_attempts.attempt_id
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10250'>PHPBB3-10250</a>] - phpBB Logo needs the Registered Trademark Symbol
</li>
</ul>
<h4> Improvement
</h4>
<ul>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9581'>PHPBB3-9581</a>] - Banned users get mass emails.
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9802'>PHPBB3-9802</a>] - Optimize session_begin REMOTE_ADDR validation
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9878'>PHPBB3-9878</a>] - Get rid of Internet Explorer 7 emulation
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9897'>PHPBB3-9897</a>] - Language typos in language/en/acp/board.php
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9922'>PHPBB3-9922</a>] - Posting URL in subsilver 2
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9937'>PHPBB3-9937</a>] - Feed Icon displays on Forum links
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9980'>PHPBB3-9980</a>] - URLs to javascript should be T_SUPER_TEMPLATE_PATH instead of T_TEMPLATE_PATH
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9989'>PHPBB3-9989</a>] - Skip PM popup in overall_header.html, if there are no new PMs.
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10007'>PHPBB3-10007</a>] - Add directive &#39;internal&#39; to blocked folders in nginx example configuration.
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10009'>PHPBB3-10009</a>] - Differentiate published/updated dates in Atom feed
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10014'>PHPBB3-10014</a>] - Make the error message when cache is not writable clearer
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10024'>PHPBB3-10024</a>] - Allow a Style to present Unread PM in different way than read PM
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10040'>PHPBB3-10040</a>] - Continuous integration on PHP 5.2
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10041'>PHPBB3-10041</a>] - download/file.php needs more use of send_status_line
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10044'>PHPBB3-10044</a>] - Setup github network improvements
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10057'>PHPBB3-10057</a>] - More informative reporting of errors when database connection fails for Firebird and PostgreSQL.
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10067'>PHPBB3-10067</a>] - ACP options for account activation are confusing when emails are turned off board-wide
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10069'>PHPBB3-10069</a>] - Improvements in sample nginx config file
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10072'>PHPBB3-10072</a>] - Send the post number to the template as it relates to it&#39;s position in the topic
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10101'>PHPBB3-10101</a>] - Compatibility with native phpass hashes
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10126'>PHPBB3-10126</a>] - Replace ^ with &amp;~ in error_reporting calls
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10141'>PHPBB3-10141</a>] - Performance improvement for $auth-&gt;_fill_acl()
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10145'>PHPBB3-10145</a>] - Ability to force recompilation of all templates on every page load
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10154'>PHPBB3-10154</a>] - Move &quot;copy permissions from&quot; to below &quot;parent&quot; in forum creation form
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10158'>PHPBB3-10158</a>] - Return link not really useful after sending a Private Message
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10186'>PHPBB3-10186</a>] - UCP signature panel displays when not authed for signatures
</li>
</ul>
<h4> New Feature
</h4>
<ul>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9942'>PHPBB3-9942</a>] - WinCache Caching Module
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9992'>PHPBB3-9992</a>] - Limit amount of failed login attempts per IP
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10110'>PHPBB3-10110</a>] - Redis caching module
</li>
</ul>
<h4> Task
</h4>
<ul>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9788'>PHPBB3-9788</a>] - Add README for GitHub
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9805'>PHPBB3-9805</a>] - Add a script for setting up git remotes for a github network
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9806'>PHPBB3-9806</a>] - Script for easy merging
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9824'>PHPBB3-9824</a>] - Git hook quirks
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9859'>PHPBB3-9859</a>] - Remove the years from visible copyright in the footer.
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9921'>PHPBB3-9921</a>] - Add sample configuration for lighttpd webserver
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9943'>PHPBB3-9943</a>] - Setup phpDocumentor API documentation generation
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9967'>PHPBB3-9967</a>] - Use phpunit.xml for test suite
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9987'>PHPBB3-9987</a>] - Enforce _test.php suffix for test files
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9990'>PHPBB3-9990</a>] - Integrate utf normalizer tests into test suite
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10043'>PHPBB3-10043</a>] - Refactor phpbb_database_test_case
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10046'>PHPBB3-10046</a>] - Getting rid of register_shutdown_function() in cron.php to prevent path disclosure (reported by lacton)
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10075'>PHPBB3-10075</a>] - Update docs/AUTHORS for 3.0.9-RC1 release
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10079'>PHPBB3-10079</a>] - Add gallery avatars to .gitignore.
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10082'>PHPBB3-10082</a>] - Fix Session Test Issues with CHAR vs. VARCHAR.
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10105'>PHPBB3-10105</a>] - Update AIM express link and &quot;Download Application&quot; links
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10107'>PHPBB3-10107</a>] - Improve docs for non-apache webserver configuration
</li>
</ul>
<h4> Sub-task
</h4>
<ul>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9732'>PHPBB3-9732</a>] - Cover session code extensively in tests
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9968'>PHPBB3-9968</a>] - Create unit test for word censor regular expression
</li>
<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9969'>PHPBB3-9969</a>] - Move word censor regular expression creation into separate function definition in functions.php
</li>
</ul>
<a name="v307-PL1"></a><h3>1.ii. Changes since 3.0.7-PL1</h3>
<h4> Security <h4> Security
</h4> </h4>
<ul> <ul>
@ -547,13 +916,13 @@
</ul> </ul>
<a name="v307"></a><h3>1.ii. Changes since 3.0.7</h3> <a name="v307"></a><h3>1.iii. Changes since 3.0.7</h3>
<ul> <ul>
<li>[Sec] Do not expose forum content of forums with ACL entries but no actual permission in ATOM Feeds. (Bug #58595)</li> <li>[Sec] Do not expose forum content of forums with ACL entries but no actual permission in ATOM Feeds. (Bug #58595)</li>
</ul> </ul>
<a name="v306"></a><h3>1.iii. Changes since 3.0.6</h3> <a name="v306"></a><h3>1.iv. Changes since 3.0.6</h3>
<ul> <ul>
<li>[Fix] Allow ban reason and length to be selected and copied in ACP and subsilver2 MCP. (Bug #51095)</li> <li>[Fix] Allow ban reason and length to be selected and copied in ACP and subsilver2 MCP. (Bug #51095)</li>
@ -657,7 +1026,7 @@
</ul> </ul>
<a name="v305"></a><h3>1.iv. Changes since 3.0.5</h3> <a name="v305"></a><h3>1.v. Changes since 3.0.5</h3>
<ul> <ul>
<li>[Fix] Allow whitespaces in avatar gallery names. (Bug #44955)</li> <li>[Fix] Allow whitespaces in avatar gallery names. (Bug #44955)</li>
@ -879,7 +1248,7 @@
<li>[Feature] Send anonymous statistical information to phpBB on installation and update (optional).</li> <li>[Feature] Send anonymous statistical information to phpBB on installation and update (optional).</li>
</ul> </ul>
<a name="v304"></a><h3>1.v. Changes since 3.0.4</h3> <a name="v304"></a><h3>1.vi. Changes since 3.0.4</h3>
<ul> <ul>
<li>[Fix] Delete user entry from ban list table upon user deletion (Bug #40015 - Patch by TerraFrost)</li> <li>[Fix] Delete user entry from ban list table upon user deletion (Bug #40015 - Patch by TerraFrost)</li>
@ -968,7 +1337,7 @@
<li>[Sec] Only use forum id supplied for posting if global announcement detected. (Reported by nickvergessen)</li> <li>[Sec] Only use forum id supplied for posting if global announcement detected. (Reported by nickvergessen)</li>
</ul> </ul>
<a name="v303"></a><h3>1.vi. Changes since 3.0.3</h3> <a name="v303"></a><h3>1.vii. Changes since 3.0.3</h3>
<ul> <ul>
<li>[Fix] Allow mixed-case template directories to be inherited (Bug #36725)</li> <li>[Fix] Allow mixed-case template directories to be inherited (Bug #36725)</li>
@ -1000,7 +1369,7 @@
<li>[Sec] Ask for forum password if post within passworded forum quoted in private message. (Reported by nickvergessen)</li> <li>[Sec] Ask for forum password if post within passworded forum quoted in private message. (Reported by nickvergessen)</li>
</ul> </ul>
<a name="v302"></a><h3>1.vii. Changes since 3.0.2</h3> <a name="v302"></a><h3>1.viii. Changes since 3.0.2</h3>
<ul> <ul>
<li>[Fix] Correctly set topic starter if first post in topic removed (Bug #30575 - Patch by blueray2048)</li> <li>[Fix] Correctly set topic starter if first post in topic removed (Bug #30575 - Patch by blueray2048)</li>
@ -1099,7 +1468,7 @@
<li>[Sec Precaution] Stricter validation of the HTTP_HOST header (Thanks to Techie-Micheal et al for pointing out possible issues in derived code)</li> <li>[Sec Precaution] Stricter validation of the HTTP_HOST header (Thanks to Techie-Micheal et al for pointing out possible issues in derived code)</li>
</ul> </ul>
<a name="v301"></a><h3>1.viii. Changes since 3.0.1</h3> <a name="v301"></a><h3>1.ix. Changes since 3.0.1</h3>
<ul> <ul>
<li>[Fix] Ability to set permissions on non-mysql dbms (Bug #24955)</li> <li>[Fix] Ability to set permissions on non-mysql dbms (Bug #24955)</li>
@ -1147,7 +1516,7 @@
<li>[Sec] Only allow urls gone through redirect() being used within login_box(). (thanks nookieman)</li> <li>[Sec] Only allow urls gone through redirect() being used within login_box(). (thanks nookieman)</li>
</ul> </ul>
<a name="v300"></a><h3>1.ix Changes since 3.0.0</h3> <a name="v300"></a><h3>1.x Changes since 3.0.0</h3>
<ul> <ul>
<li>[Change] Validate birthdays (Bug #15004)</li> <li>[Change] Validate birthdays (Bug #15004)</li>
@ -1218,7 +1587,7 @@
<li>[Fix] Find and display colliding usernames correctly when converting from one database to another (Bug #23925)</li> <li>[Fix] Find and display colliding usernames correctly when converting from one database to another (Bug #23925)</li>
</ul> </ul>
<a name="v30rc8"></a><h3>1.x. Changes since 3.0.RC8</h3> <a name="v30rc8"></a><h3>1.xi. Changes since 3.0.RC8</h3>
<ul> <ul>
<li>[Fix] Cleaned usernames contain only single spaces, so &quot;a_name&quot; and &quot;a__name&quot; are treated as the same name (Bug #15634)</li> <li>[Fix] Cleaned usernames contain only single spaces, so &quot;a_name&quot; and &quot;a__name&quot; are treated as the same name (Bug #15634)</li>
@ -1227,7 +1596,7 @@
<li>[Fix] Call garbage_collection() within database updater to correctly close connections (affects Oracle for example)</li> <li>[Fix] Call garbage_collection() within database updater to correctly close connections (affects Oracle for example)</li>
</ul> </ul>
<a name="v30rc7"></a><h3>1.xi. Changes since 3.0.RC7</h3> <a name="v30rc7"></a><h3>1.xii. Changes since 3.0.RC7</h3>
<ul> <ul>
<li>[Fix] Fixed MSSQL related bug in the update system</li> <li>[Fix] Fixed MSSQL related bug in the update system</li>
@ -1262,7 +1631,7 @@
<li>[Fix] No duplication of active topics (Bug #15474)</li> <li>[Fix] No duplication of active topics (Bug #15474)</li>
</ul> </ul>
<a name="v30rc6"></a><h3>1.xii. Changes since 3.0.RC6</h3> <a name="v30rc6"></a><h3>1.xiii. Changes since 3.0.RC6</h3>
<ul> <ul>
<li>[Fix] Submitting language changes using acp_language (Bug #14736)</li> <li>[Fix] Submitting language changes using acp_language (Bug #14736)</li>
@ -1272,7 +1641,7 @@
<li>[Fix] Able to request new password (Bug #14743)</li> <li>[Fix] Able to request new password (Bug #14743)</li>
</ul> </ul>
<a name="v30rc5"></a><h3>1.xiii. Changes since 3.0.RC5</h3> <a name="v30rc5"></a><h3>1.xiv. Changes since 3.0.RC5</h3>
<ul> <ul>
<li>[Feature] Removing constant PHPBB_EMBEDDED in favor of using an exit_handler(); the constant was meant to achive this more or less.</li> <li>[Feature] Removing constant PHPBB_EMBEDDED in favor of using an exit_handler(); the constant was meant to achive this more or less.</li>
@ -1335,7 +1704,7 @@
<li>[Sec] New password hashing mechanism for storing passwords (#i42)</li> <li>[Sec] New password hashing mechanism for storing passwords (#i42)</li>
</ul> </ul>
<a name="v30rc4"></a><h3>1.xiv. Changes since 3.0.RC4</h3> <a name="v30rc4"></a><h3>1.xv. Changes since 3.0.RC4</h3>
<ul> <ul>
<li>[Fix] MySQL, PostgreSQL and SQLite related database fixes (Bug #13862)</li> <li>[Fix] MySQL, PostgreSQL and SQLite related database fixes (Bug #13862)</li>
@ -1386,7 +1755,7 @@
<li>[Fix] odbc_autocommit causing existing result sets to be dropped (Bug #14182)</li> <li>[Fix] odbc_autocommit causing existing result sets to be dropped (Bug #14182)</li>
</ul> </ul>
<a name="v30rc3"></a><h3>1.xv. Changes since 3.0.RC3</h3> <a name="v30rc3"></a><h3>1.xvi. Changes since 3.0.RC3</h3>
<ul> <ul>
<li>[Fix] Fixing some subsilver2 and prosilver style issues</li> <li>[Fix] Fixing some subsilver2 and prosilver style issues</li>
@ -1495,7 +1864,7 @@
</ul> </ul>
<a name="v30rc2"></a><h3>1.xvi. Changes since 3.0.RC2</h3> <a name="v30rc2"></a><h3>1.xvii. Changes since 3.0.RC2</h3>
<ul> <ul>
<li>[Fix] Re-allow searching within the memberlist</li> <li>[Fix] Re-allow searching within the memberlist</li>
@ -1541,7 +1910,7 @@
</ul> </ul>
<a name="v30rc1"></a><h3>1.xvii. Changes since 3.0.RC1</h3> <a name="v30rc1"></a><h3>1.xviii. Changes since 3.0.RC1</h3>
<ul> <ul>
<li>[Fix] (X)HTML issues within the templates (Bug #11255, #11255)</li> <li>[Fix] (X)HTML issues within the templates (Bug #11255, #11255)</li>
@ -1676,7 +2045,7 @@
<div class="content"> <div class="content">
<p>This application is opensource software released under the <a href="http://opensource.org/licenses/gpl-license.php">GPL</a>. Please see source code and the docs directory for more details. This package and its contents are Copyright (c) 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a>, All Rights Reserved.</p> <p>This application is opensource software released under the <a href="http://opensource.org/licenses/gpl-license.php">GPL</a>. Please see source code and the docs directory for more details. This package and its contents are Copyright (c) <a href="http://www.phpbb.com/">phpBB Group</a>, All Rights Reserved.</p>
</div> </div>

4
phpBB/docs/FAQ.html
View file

@ -8,7 +8,7 @@
<meta http-equiv="imagetoolbar" content="no" /> <meta http-equiv="imagetoolbar" content="no" />
<meta name="resource-type" content="document" /> <meta name="resource-type" content="document" />
<meta name="distribution" content="global" /> <meta name="distribution" content="global" />
<meta name="copyright" content="2007 phpBB Group" /> <meta name="copyright" content="phpBB Group" />
<meta name="keywords" content="" /> <meta name="keywords" content="" />
<meta name="description" content="phpBB 3.0.x frequently asked questions" /> <meta name="description" content="phpBB 3.0.x frequently asked questions" />
<title>phpBB3 &bull; FAQ</title> <title>phpBB3 &bull; FAQ</title>
@ -328,7 +328,7 @@ I want to sue you because i think you host an illegal board!</h2>
<div class="content"> <div class="content">
<p>This application is opensource software released under the <a href="http://opensource.org/licenses/gpl-license.php">GPL</a>. Please see source code and the docs directory for more details. This package and its contents are Copyright (c) 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a>, All Rights Reserved.</p> <p>This application is opensource software released under the <a href="http://opensource.org/licenses/gpl-license.php">GPL</a>. Please see source code and the docs directory for more details. This package and its contents are Copyright (c) <a href="http://www.phpbb.com/">phpBB Group</a>, All Rights Reserved.</p>
</div> </div>

15
phpBB/docs/INSTALL.html
View file

@ -8,7 +8,7 @@
<meta http-equiv="imagetoolbar" content="no" /> <meta http-equiv="imagetoolbar" content="no" />
<meta name="resource-type" content="document" /> <meta name="resource-type" content="document" />
<meta name="distribution" content="global" /> <meta name="distribution" content="global" />
<meta name="copyright" content="2007 phpBB Group" /> <meta name="copyright" content="phpBB Group" />
<meta name="keywords" content="" /> <meta name="keywords" content="" />
<meta name="description" content="phpBB 3.0.x Installation, updating and conversion informations" /> <meta name="description" content="phpBB 3.0.x Installation, updating and conversion informations" />
<title>phpBB3 &bull; Install</title> <title>phpBB3 &bull; Install</title>
@ -79,6 +79,7 @@
<li><a href="#postinstall">Important (security related) post-Install tasks for all installation methods</a> <li><a href="#postinstall">Important (security related) post-Install tasks for all installation methods</a>
<ol style="list-style-type: lower-roman;"> <ol style="list-style-type: lower-roman;">
<li><a href="#avatars">Uploadable avatars</a></li> <li><a href="#avatars">Uploadable avatars</a></li>
<li><a href="#webserver_configuration">Webserver configuration</a></li>
</ol> </ol>
</li> </li>
<li><a href="#disclaimer">Disclaimer</a></li> <li><a href="#disclaimer">Disclaimer</a></li>
@ -273,7 +274,7 @@
<p>This package is meant for those wanting to only replace changed files from a previous version to the latest version. This package normally contains the changed files from up to five previous versions.</p> <p>This package is meant for those wanting to only replace changed files from a previous version to the latest version. This package normally contains the changed files from up to five previous versions.</p>
<p>This package contains a number of archives, each contains the files changed from a given release to the latest version. You should select the appropriate archive for your current version, e.g. if you currently have <samp>3.0.7-PL1</samp> you should select the phpBB-3.0.7-PL1_to_3.0.8.zip/tar.gz file.</p> <p>This package contains a number of archives, each contains the files changed from a given release to the latest version. You should select the appropriate archive for your current version, e.g. if you currently have <samp>3.0.8</samp> you should select the phpBB-3.0.8_to_3.0.9.zip/tar.gz file.</p>
<p>The directory structure has been preserved enabling you (if you wish) to simply upload the contents of the archive to the appropriate location on your server, i.e. simply overwrite the existing files with the new versions. Do not forget that if you have installed any MODs these files will overwrite the originals possibly destroying them in the process. You will need to re-add MODs to any affected file before uploading.</p> <p>The directory structure has been preserved enabling you (if you wish) to simply upload the contents of the archive to the appropriate location on your server, i.e. simply overwrite the existing files with the new versions. Do not forget that if you have installed any MODs these files will overwrite the originals possibly destroying them in the process. You will need to re-add MODs to any affected file before uploading.</p>
@ -285,7 +286,7 @@
<p>The patch file is one solution for those with many Modifications (MODs) or other changes who do not want to re-add them back to all the changed files if they use the method explained above. To use this you will need command line access to a standard UNIX type <strong>patch</strong> application. If you do not have access to such an application but still want to use this update approach, we strongly recommend the <a href="#update_auto">Automatic update package</a> explained below. It is also the recommended update method.</p> <p>The patch file is one solution for those with many Modifications (MODs) or other changes who do not want to re-add them back to all the changed files if they use the method explained above. To use this you will need command line access to a standard UNIX type <strong>patch</strong> application. If you do not have access to such an application but still want to use this update approach, we strongly recommend the <a href="#update_auto">Automatic update package</a> explained below. It is also the recommended update method.</p>
<p>A number of patch files are provided to allow you to update from previous stable releases. Select the correct patch, e.g. if your current version is 3.0.5 you need the phpBB-3.0.7-PL1_to_3.0.8.patch file. Place the correct patch in the parent directory containing the phpBB3 core files (i.e. index.php, viewforum.php, etc.). With this done you should run the following command: <strong>patch -cl -d [PHPBB DIRECTORY] -p1 &lt; [PATCH NAME]</strong> (where PHPBB DIRECTORY is the directory name your phpBB Installation resides in, for example phpBB3, and where PATCH NAME is the relevant filename of the selected patch file). This should complete quickly, hopefully without any HUNK FAILED comments.</p> <p>A number of patch files are provided to allow you to update from previous stable releases. Select the correct patch, e.g. if your current version is <samp>3.0.8</samp> you need the phpBB-3.0.8_to_3.0.9.patch file. Place the correct patch in the parent directory containing the phpBB3 core files (i.e. index.php, viewforum.php, etc.). With this done you should run the following command: <strong>patch -cl -d [PHPBB DIRECTORY] -p1 &lt; [PATCH NAME]</strong> (where PHPBB DIRECTORY is the directory name your phpBB Installation resides in, for example phpBB3, and where PATCH NAME is the relevant filename of the selected patch file). This should complete quickly, hopefully without any HUNK FAILED comments.</p>
<p>If you do get failures you should look at using the <a href="#update_files">Changed files only</a> package to replace the files which failed to patch, please note that you will need to manually re-add any Modifications (MODs) to these particular files. Alternatively if you know how you can examine the .rej files to determine what failed where and make manual adjustments to the relevant source.</p> <p>If you do get failures you should look at using the <a href="#update_files">Changed files only</a> package to replace the files which failed to patch, please note that you will need to manually re-add any Modifications (MODs) to these particular files. Alternatively if you know how you can examine the .rej files to determine what failed where and make manual adjustments to the relevant source.</p>
@ -408,6 +409,12 @@
<p>Please be aware that setting a directories permissions to global write access is a potential security issue. While it is unlikely that anything nasty will occur (such as all the avatars being deleted) there are always people out there to cause trouble. Therefore you should monitor this directory and if possible make regular backups.</p> <p>Please be aware that setting a directories permissions to global write access is a potential security issue. While it is unlikely that anything nasty will occur (such as all the avatars being deleted) there are always people out there to cause trouble. Therefore you should monitor this directory and if possible make regular backups.</p>
<a name="webserver_configuration"></a><h3>6.ii. Webserver configuration</h3>
<p>Depending on your web server you may have to configure your server to deny web access to the <code>cache/</code>, <code>files/</code>, <code>store/</code> and other directories. This is to prevent users from accessing sensitive files.</p>
<p>For <strong>apache</strong> there are <code>.htaccess</code> files already in place to do this for you. For other webservers you will have to adjust the configuration yourself. Sample files for <strong>nginx</strong> and <strong>lighttpd</strong> to help you get started may be found in docs directory.</p>
</div> </div>
<div class="back2top"><a href="#wrap" class="top">Back to Top</a></div> <div class="back2top"><a href="#wrap" class="top">Back to Top</a></div>
@ -424,7 +431,7 @@
<div class="content"> <div class="content">
<p>This application is opensource software released under the <a href="http://opensource.org/licenses/gpl-license.php">GPL</a>. Please see source code and the docs directory for more details. This package and its contents are Copyright (c) 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a>, All Rights Reserved.</p> <p>This application is opensource software released under the <a href="http://opensource.org/licenses/gpl-license.php">GPL</a>. Please see source code and the docs directory for more details. This package and its contents are Copyright (c) <a href="http://www.phpbb.com/">phpBB Group</a>, All Rights Reserved.</p>
</div> </div>

4
phpBB/docs/README.html
View file

@ -8,7 +8,7 @@
<meta http-equiv="imagetoolbar" content="no" /> <meta http-equiv="imagetoolbar" content="no" />
<meta name="resource-type" content="document" /> <meta name="resource-type" content="document" />
<meta name="distribution" content="global" /> <meta name="distribution" content="global" />
<meta name="copyright" content="2007 phpBB Group" /> <meta name="copyright" content="phpBB Group" />
<meta name="keywords" content="" /> <meta name="keywords" content="" />
<meta name="description" content="phpBB 3.0.x Readme" /> <meta name="description" content="phpBB 3.0.x Readme" />
<title>phpBB3 &bull; Readme</title> <title>phpBB3 &bull; Readme</title>
@ -339,7 +339,7 @@
<div class="content"> <div class="content">
<p>This application is opensource software released under the <a href="http://opensource.org/licenses/gpl-license.php">GPL</a>. Please see source code and the docs directory for more details. This package and its contents are Copyright (c) 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a>, All Rights Reserved.</p> <p>This application is opensource software released under the <a href="http://opensource.org/licenses/gpl-license.php">GPL</a>. Please see source code and the docs directory for more details. This package and its contents are Copyright (c) <a href="http://www.phpbb.com/">phpBB Group</a>, All Rights Reserved.</p>
</div> </div>

4
phpBB/docs/auth_api.html
View file

@ -8,7 +8,7 @@
<meta http-equiv="imagetoolbar" content="no" /> <meta http-equiv="imagetoolbar" content="no" />
<meta name="resource-type" content="document" /> <meta name="resource-type" content="document" />
<meta name="distribution" content="global" /> <meta name="distribution" content="global" />
<meta name="copyright" content="2007 phpBB Group" /> <meta name="copyright" content="phpBB Group" />
<meta name="keywords" content="" /> <meta name="keywords" content="" />
<meta name="description" content="This is an explanation of how to use the phpBB auth/acl API" /> <meta name="description" content="This is an explanation of how to use the phpBB auth/acl API" />
<title>phpBB3 &bull; Auth API</title> <title>phpBB3 &bull; Auth API</title>
@ -275,7 +275,7 @@ $auth_admin = new auth_admin();
<div class="content"> <div class="content">
<p>This application is opensource software released under the <a href="http://opensource.org/licenses/gpl-license.php">GPL</a>. Please see source code and the docs directory for more details. This package and its contents are Copyright (c) 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a>, All Rights Reserved.</p> <p>This application is opensource software released under the <a href="http://opensource.org/licenses/gpl-license.php">GPL</a>. Please see source code and the docs directory for more details. This package and its contents are Copyright (c) <a href="http://www.phpbb.com/">phpBB Group</a>, All Rights Reserved.</p>
</div> </div>

11
phpBB/docs/coding-guidelines.html
View file

@ -8,7 +8,7 @@
<meta http-equiv="imagetoolbar" content="no" /> <meta http-equiv="imagetoolbar" content="no" />
<meta name="resource-type" content="document" /> <meta name="resource-type" content="document" />
<meta name="distribution" content="global" /> <meta name="distribution" content="global" />
<meta name="copyright" content="2007 phpBB Group" /> <meta name="copyright" content="phpBB Group" />
<meta name="keywords" content="" /> <meta name="keywords" content="" />
<meta name="description" content="Olympus coding guidelines document" /> <meta name="description" content="Olympus coding guidelines document" />
<title>phpBB3 &bull; Coding Guidelines</title> <title>phpBB3 &bull; Coding Guidelines</title>
@ -240,6 +240,11 @@ PHPBB_ACM_MEMCACHE_PORT (overwrite memcached port, default is 11211)
PHPBB_ACM_MEMCACHE_COMPRESS (overwrite memcached compress setting, default is disabled) PHPBB_ACM_MEMCACHE_COMPRESS (overwrite memcached compress setting, default is disabled)
PHPBB_ACM_MEMCACHE_HOST (overwrite memcached host name, default is localhost) PHPBB_ACM_MEMCACHE_HOST (overwrite memcached host name, default is localhost)
PHPBB_ACM_REDIS_HOST (overwrite redis host name, default is localhost)
PHPBB_ACM_REDIS_PORT (overwrite redis port, default is 6379)
PHPBB_ACM_REDIS_PASSWORD (overwrite redis password, default is empty)
PHPBB_ACM_REDIS_DB (overwrite redis default database)
PHPBB_QA (Set board to QA-Mode, which means the updater also checks for RC-releases) PHPBB_QA (Set board to QA-Mode, which means the updater also checks for RC-releases)
</pre></div> </pre></div>
@ -1018,7 +1023,7 @@ append_sid(&quot;{$phpbb_root_path}memberlist.$phpEx&quot;, 'mode=group&amp;amp;
<h4>General function usage: </h4> <h4>General function usage: </h4>
<p>Some of these functions are only chosen over others because of personal preference and having no other benefit than to be consistant over the code.</p> <p>Some of these functions are only chosen over others because of personal preference and having no other benefit than to be consistent over the code.</p>
<ul> <ul>
<li> <li>
@ -2369,7 +2374,7 @@ if (utf8_case_fold_nfc($string1) == utf8_case_fold_nfc($string2))
<div class="content"> <div class="content">
<p>This application is opensource software released under the <a href="http://opensource.org/licenses/gpl-license.php">GPL</a>. Please see source code and the docs directory for more details. This package and its contents are Copyright (c) 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a>, All Rights Reserved.</p> <p>This application is opensource software released under the <a href="http://opensource.org/licenses/gpl-license.php">GPL</a>. Please see source code and the docs directory for more details. This package and its contents are Copyright (c) <a href="http://www.phpbb.com/">phpBB Group</a>, All Rights Reserved.</p>
</div> </div>

6
phpBB/docs/hook_system.html
View file

@ -8,7 +8,7 @@
<meta http-equiv="imagetoolbar" content="no" /> <meta http-equiv="imagetoolbar" content="no" />
<meta name="resource-type" content="document" /> <meta name="resource-type" content="document" />
<meta name="distribution" content="global" /> <meta name="distribution" content="global" />
<meta name="copyright" content="2007 phpBB Group" /> <meta name="copyright" content="phpBB Group" />
<meta name="keywords" content="" /> <meta name="keywords" content="" />
<meta name="description" content="Hook System explanation" /> <meta name="description" content="Hook System explanation" />
<title>phpBB3 &bull; Hook System</title> <title>phpBB3 &bull; Hook System</title>
@ -380,6 +380,8 @@ a:active { color: #368AD2; }
<code>$template-&gt;display($handle, $include_once = true);</code> which is called directly before outputting the (not-yet-compiled) template.<br /> <code>$template-&gt;display($handle, $include_once = true);</code> which is called directly before outputting the (not-yet-compiled) template.<br />
<code>exit_handler();</code> which is called at the very end of phpBB3's execution.</p> <code>exit_handler();</code> which is called at the very end of phpBB3's execution.</p>
<p>Please note: The <code>$template-&gt;display</code> hook takes a third <code>$template</code> argument, which is the template instance being used, which should be used instead of the global.</p>
<p>There are also valid external constants you may want to use if you embed phpBB3 into your application:</p> <p>There are also valid external constants you may want to use if you embed phpBB3 into your application:</p>
<div class="codebox"><pre> <div class="codebox"><pre>
@ -865,7 +867,7 @@ function phpbb_hook_register(&amp;$hook)
<div class="content"> <div class="content">
<p>This application is opensource software released under the <a href="http://opensource.org/licenses/gpl-license.php">GPL</a>. Please see source code and the docs directory for more details. This package and its contents are Copyright (c) 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a>, All Rights Reserved.</p> <p>This application is opensource software released under the <a href="http://opensource.org/licenses/gpl-license.php">GPL</a>. Please see source code and the docs directory for more details. This package and its contents are Copyright (c) <a href="http://www.phpbb.com/">phpBB Group</a>, All Rights Reserved.</p>
</div> </div>

60
phpBB/docs/lighttpd.sample.conf Normal file
View file

@ -0,0 +1,60 @@
# Sample lighttpd configuration file for phpBB.
# Global settings have been removed, copy them
# from your system's lighttpd.conf.
# Tested with lighttpd 1.4.26
# Load moules
server.modules += (
"mod_access",
"mod_fastcgi",
"mod_accesslog"
)
# If you have domains with and without www prefix,
# redirect one to the other.
$HTTP["host"] =~ "^(myforums\.com)$" {
url.redirect = (
".*" => "http://www.%1$0"
)
}
$HTTP["host"] == "www.myforums.com" {
server.name = "www.myforums.com"
server.document-root = "/path/to/phpbb"
server.dir-listing = "disable"
index-file.names = ( "index.php", "index.htm", "index.html" )
accesslog.filename = "/var/log/lighttpd/access-www.myforums.com.log"
# Deny access to internal phpbb files.
$HTTP["url"] =~ "^/(config\.php|common\.php|includes|cache|files|store|images/avatars/upload)" {
url.access-deny = ( "" )
}
# Deny access to version control system directories.
$HTTP["url"] =~ "/\.svn|/\.git" {
url.access-deny = ( "" )
}
# Deny access to apache configuration files.
$HTTP["url"] =~ "/\.htaccess|/\.htpasswd|/\.htgroups" {
url.access-deny = ( "" )
}
fastcgi.server = ( ".php" =>
((
"bin-path" => "/usr/bin/php-cgi",
"socket" => "/tmp/php.socket",
"max-procs" => 4,
"idle-timeout" => 30,
"bin-environment" => (
"PHP_FCGI_CHILDREN" => "10",
"PHP_FCGI_MAX_REQUESTS" => "10000"
),
"bin-copy-environment" => (
"PATH", "SHELL", "USER"
),
"broken-scriptfilename" => "enable"
))
)
}

31
phpBB/docs/nginx.conf.sample → phpBB/docs/nginx.sample.conf
View file

@ -10,14 +10,23 @@ http {
gzip_vary on; gzip_vary on;
gzip_http_version 1.1; gzip_http_version 1.1;
gzip_min_length 700; gzip_min_length 700;
# Compression levels over 6 do not give an appreciable improvement
# in compression ratio, but take more resources.
gzip_comp_level 6; gzip_comp_level 6;
gzip_disable "MSIE [1-6]\.";
# IE 6 and lower do not support gzip with Vary correctly.
gzip_disable "msie6";
# Before nginx 0.7.63:
#gzip_disable "MSIE [1-6]\.";
# Catch-all server for requests to invalid hosts. # Catch-all server for requests to invalid hosts.
# Also catches vulnerability scanners probing IP addresses. # Also catches vulnerability scanners probing IP addresses.
# Should be first.
server { server {
listen 80; # default specifies that this block is to be used when
# no other block matches.
listen 80 default;
server_name bogus; server_name bogus;
return 444; return 444;
root /var/empty; root /var/empty;
@ -26,14 +35,20 @@ http {
# If you have domains with and without www prefix, # If you have domains with and without www prefix,
# redirect one to the other. # redirect one to the other.
server { server {
listen 80; # Default port is 80.
#listen 80;
server_name myforums.com; server_name myforums.com;
rewrite ^(.*)$ http://www.myforums.com$1 permanent;
# A trick from http://wiki.nginx.org/Pitfalls#Taxing_Rewrites:
rewrite ^ http://www.myforums.com$request_uri permanent;
# Equivalent to:
#rewrite ^(.*)$ http://www.myforums.com$1 permanent;
} }
# The actual board domain. # The actual board domain.
server { server {
listen 80; #listen 80;
server_name www.myforums.com; server_name www.myforums.com;
root /path/to/phpbb; root /path/to/phpbb;
@ -46,6 +61,9 @@ http {
# Deny access to internal phpbb files. # Deny access to internal phpbb files.
location ~ /(config\.php|common\.php|includes|cache|files|store|images/avatars/upload) { location ~ /(config\.php|common\.php|includes|cache|files|store|images/avatars/upload) {
deny all; deny all;
# deny was ignored before 0.8.40 for connections over IPv6.
# Use internal directive to prohibit access on older versions.
internal;
} }
# Pass the php scripts to fastcgi server specified in upstream declaration. # Pass the php scripts to fastcgi server specified in upstream declaration.
@ -60,6 +78,7 @@ http {
# Deny access to version control system directories. # Deny access to version control system directories.
location ~ /\.svn|/\.git { location ~ /\.svn|/\.git {
deny all; deny all;
internal;
} }
} }

21
phpBB/download/file.php
View file

@ -31,12 +31,7 @@ else if (isset($_SERVER['HTTP_USER_AGENT']) && strpos($_SERVER['HTTP_USER_AGENT'
if (isset($_GET['avatar'])) if (isset($_GET['avatar']))
{ {
if (!defined('E_DEPRECATED')) require($phpbb_root_path . 'includes/startup.' . $phpEx);
{
define('E_DEPRECATED', 8192);
}
error_reporting(E_ALL ^ E_NOTICE ^ E_DEPRECATED);
require($phpbb_root_path . 'config.' . $phpEx); require($phpbb_root_path . 'config.' . $phpEx);
if (!defined('PHPBB_INSTALLED') || empty($dbms) || empty($acm_type)) if (!defined('PHPBB_INSTALLED') || empty($dbms) || empty($acm_type))
@ -64,7 +59,7 @@ if (isset($_GET['avatar']))
$browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : 'msie 6.0'; $browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : 'msie 6.0';
$config = $cache->obtain_config(); $config = $cache->obtain_config();
$filename = $_GET['avatar']; $filename = request_var('avatar', '');
$avatar_group = false; $avatar_group = false;
$exit = false; $exit = false;
@ -125,11 +120,13 @@ $user->setup('viewtopic');
if (!$download_id) if (!$download_id)
{ {
send_status_line(404, 'Not Found');
trigger_error('NO_ATTACHMENT_SELECTED'); trigger_error('NO_ATTACHMENT_SELECTED');
} }
if (!$config['allow_attachments'] && !$config['allow_pm_attach']) if (!$config['allow_attachments'] && !$config['allow_pm_attach'])
{ {
send_status_line(404, 'Not Found');
trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED'); trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
} }
@ -142,11 +139,13 @@ $db->sql_freeresult($result);
if (!$attachment) if (!$attachment)
{ {
send_status_line(404, 'Not Found');
trigger_error('ERROR_NO_ATTACHMENT'); trigger_error('ERROR_NO_ATTACHMENT');
} }
if ((!$attachment['in_message'] && !$config['allow_attachments']) || ($attachment['in_message'] && !$config['allow_pm_attach'])) if ((!$attachment['in_message'] && !$config['allow_attachments']) || ($attachment['in_message'] && !$config['allow_pm_attach']))
{ {
send_status_line(404, 'Not Found');
trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED'); trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
} }
@ -159,6 +158,7 @@ if ($attachment['is_orphan'])
if (!$own_attachment || ($attachment['in_message'] && !$auth->acl_get('u_pm_download')) || (!$attachment['in_message'] && !$auth->acl_get('u_download'))) if (!$own_attachment || ($attachment['in_message'] && !$auth->acl_get('u_pm_download')) || (!$attachment['in_message'] && !$auth->acl_get('u_download')))
{ {
send_status_line(404, 'Not Found');
trigger_error('ERROR_NO_ATTACHMENT'); trigger_error('ERROR_NO_ATTACHMENT');
} }
@ -191,6 +191,7 @@ else
} }
else else
{ {
send_status_line(403, 'Forbidden');
trigger_error('SORRY_AUTH_VIEW_ATTACH'); trigger_error('SORRY_AUTH_VIEW_ATTACH');
} }
} }
@ -231,6 +232,7 @@ else
$extensions = array(); $extensions = array();
if (!extension_allowed($row['forum_id'], $attachment['extension'], $extensions)) if (!extension_allowed($row['forum_id'], $attachment['extension'], $extensions))
{ {
send_status_line(404, 'Forbidden');
trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension'])); trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension']));
} }
} }
@ -253,6 +255,7 @@ $db->sql_freeresult($result);
if (!$attachment) if (!$attachment)
{ {
send_status_line(404, 'Not Found');
trigger_error('ERROR_NO_ATTACHMENT'); trigger_error('ERROR_NO_ATTACHMENT');
} }
@ -295,6 +298,7 @@ else
// This presenting method should no longer be used // This presenting method should no longer be used
if (!@is_dir($phpbb_root_path . $config['upload_path'])) if (!@is_dir($phpbb_root_path . $config['upload_path']))
{ {
send_status_line(500, 'Internal Server Error');
trigger_error($user->lang['PHYSICAL_DOWNLOAD_NOT_POSSIBLE']); trigger_error($user->lang['PHYSICAL_DOWNLOAD_NOT_POSSIBLE']);
} }
@ -419,6 +423,7 @@ function send_file_to_browser($attachment, $upload_dir, $category)
if (!@file_exists($filename)) if (!@file_exists($filename))
{ {
send_status_line(404, 'Not Found');
trigger_error($user->lang['ERROR_NO_ATTACHMENT'] . '<br /><br />' . sprintf($user->lang['FILE_NOT_FOUND_404'], $filename)); trigger_error($user->lang['ERROR_NO_ATTACHMENT'] . '<br /><br />' . sprintf($user->lang['FILE_NOT_FOUND_404'], $filename));
} }
@ -445,9 +450,11 @@ function send_file_to_browser($attachment, $upload_dir, $category)
// PHP track_errors setting On? // PHP track_errors setting On?
if (!empty($php_errormsg)) if (!empty($php_errormsg))
{ {
send_status_line(500, 'Internal Server Error');
trigger_error($user->lang['UNABLE_TO_DELIVER_FILE'] . '<br />' . sprintf($user->lang['TRACKED_PHP_ERROR'], $php_errormsg)); trigger_error($user->lang['UNABLE_TO_DELIVER_FILE'] . '<br />' . sprintf($user->lang['TRACKED_PHP_ERROR'], $php_errormsg));
} }
send_status_line(500, 'Internal Server Error');
trigger_error('UNABLE_TO_DELIVER_FILE'); trigger_error('UNABLE_TO_DELIVER_FILE');
} }

46
phpBB/feed.php
View file

@ -95,11 +95,13 @@ while ($row = $feed->get_item())
$title = (isset($row[$feed->get('title')]) && $row[$feed->get('title')] !== '') ? $row[$feed->get('title')] : ((isset($row[$feed->get('title2')])) ? $row[$feed->get('title2')] : ''); $title = (isset($row[$feed->get('title')]) && $row[$feed->get('title')] !== '') ? $row[$feed->get('title')] : ((isset($row[$feed->get('title2')])) ? $row[$feed->get('title2')] : '');
$item_time = (int) $row[$feed->get('date')]; $published = ($feed->get('published') !== NULL) ? (int) $row[$feed->get('published')] : 0;
$updated = ($feed->get('updated') !== NULL) ? (int) $row[$feed->get('updated')] : 0;
$item_row = array( $item_row = array(
'author' => ($feed->get('creator') !== NULL) ? $row[$feed->get('creator')] : '', 'author' => ($feed->get('creator') !== NULL) ? $row[$feed->get('creator')] : '',
'pubdate' => feed_format_date($item_time), 'published' => ($published > 0) ? feed_format_date($published) : '',
'updated' => ($updated > 0) ? feed_format_date($updated) : '',
'link' => '', 'link' => '',
'title' => censor_text($title), 'title' => censor_text($title),
'category' => ($config['feed_item_statistics'] && !empty($row['forum_id'])) ? $board_url . '/viewforum.' . $phpEx . '?f=' . $row['forum_id'] : '', 'category' => ($config['feed_item_statistics'] && !empty($row['forum_id'])) ? $board_url . '/viewforum.' . $phpEx . '?f=' . $row['forum_id'] : '',
@ -113,7 +115,7 @@ while ($row = $feed->get_item())
$item_vars[] = $item_row; $item_vars[] = $item_row;
$feed_updated_time = max($feed_updated_time, $item_time); $feed_updated_time = max($feed_updated_time, $published, $updated);
} }
// If we do not have any items at all, sending the current time is better than sending no time. // If we do not have any items at all, sending the current time is better than sending no time.
@ -192,7 +194,13 @@ foreach ($item_vars as $row)
echo '<author><name><![CDATA[' . $row['author'] . ']]></name></author>' . "\n"; echo '<author><name><![CDATA[' . $row['author'] . ']]></name></author>' . "\n";
} }
echo '<updated>' . $row['pubdate'] . '</updated>' . "\n"; echo '<updated>' . ((!empty($row['updated'])) ? $row['updated'] : $row['published']) . '</updated>' . "\n";
if (!empty($row['published']))
{
echo '<published>' . $row['published'] . '</published>' . "\n";
}
echo '<id>' . $row['link'] . '</id>' . "\n"; echo '<id>' . $row['link'] . '</id>' . "\n";
echo '<link href="' . $row['link'] . '"/>' . "\n"; echo '<link href="' . $row['link'] . '"/>' . "\n";
echo '<title type="html"><![CDATA[' . $row['title'] . ']]></title>' . "\n\n"; echo '<title type="html"><![CDATA[' . $row['title'] . ']]></title>' . "\n\n";
@ -675,7 +683,8 @@ class phpbb_feed_post_base extends phpbb_feed_base
$this->set('author_id', 'user_id'); $this->set('author_id', 'user_id');
$this->set('creator', 'username'); $this->set('creator', 'username');
$this->set('date', 'post_time'); $this->set('published', 'post_time');
$this->set('updated', 'post_edit_time');
$this->set('text', 'post_text'); $this->set('text', 'post_text');
$this->set('bitfield', 'bbcode_bitfield'); $this->set('bitfield', 'bbcode_bitfield');
@ -695,7 +704,7 @@ class phpbb_feed_post_base extends phpbb_feed_base
if ($config['feed_item_statistics']) if ($config['feed_item_statistics'])
{ {
$item_row['statistics'] = $user->lang['POSTED'] . ' ' . $user->lang['POST_BY_AUTHOR'] . ' ' . $this->user_viewprofile($row) $item_row['statistics'] = $user->lang['POSTED'] . ' ' . $user->lang['POST_BY_AUTHOR'] . ' ' . $this->user_viewprofile($row)
. ' ' . $this->separator_stats . ' ' . $user->format_date($row['post_time']) . ' ' . $this->separator_stats . ' ' . $user->format_date($row[$this->get('published')])
. (($this->is_moderator_approve_forum($row['forum_id']) && !$row['post_approved']) ? ' ' . $this->separator_stats . ' ' . $user->lang['POST_UNAPPROVED'] : ''); . (($this->is_moderator_approve_forum($row['forum_id']) && !$row['post_approved']) ? ' ' . $this->separator_stats . ' ' . $user->lang['POST_UNAPPROVED'] : '');
} }
} }
@ -717,7 +726,8 @@ class phpbb_feed_topic_base extends phpbb_feed_base
$this->set('author_id', 'topic_poster'); $this->set('author_id', 'topic_poster');
$this->set('creator', 'topic_first_poster_name'); $this->set('creator', 'topic_first_poster_name');
$this->set('date', 'topic_time'); $this->set('published', 'post_time');
$this->set('updated', 'post_edit_time');
$this->set('text', 'post_text'); $this->set('text', 'post_text');
$this->set('bitfield', 'bbcode_bitfield'); $this->set('bitfield', 'bbcode_bitfield');
@ -737,7 +747,7 @@ class phpbb_feed_topic_base extends phpbb_feed_base
if ($config['feed_item_statistics']) if ($config['feed_item_statistics'])
{ {
$item_row['statistics'] = $user->lang['POSTED'] . ' ' . $user->lang['POST_BY_AUTHOR'] . ' ' . $this->user_viewprofile($row) $item_row['statistics'] = $user->lang['POSTED'] . ' ' . $user->lang['POST_BY_AUTHOR'] . ' ' . $this->user_viewprofile($row)
. ' ' . $this->separator_stats . ' ' . $user->format_date($row[$this->get('date')]) . ' ' . $this->separator_stats . ' ' . $user->format_date($row[$this->get('published')])
. ' ' . $this->separator_stats . ' ' . $user->lang['REPLIES'] . ' ' . (($this->is_moderator_approve_forum($row['forum_id'])) ? $row['topic_replies_real'] : $row['topic_replies']) . ' ' . $this->separator_stats . ' ' . $user->lang['REPLIES'] . ' ' . (($this->is_moderator_approve_forum($row['forum_id'])) ? $row['topic_replies_real'] : $row['topic_replies'])
. ' ' . $this->separator_stats . ' ' . $user->lang['VIEWS'] . ' ' . $row['topic_views'] . ' ' . $this->separator_stats . ' ' . $user->lang['VIEWS'] . ' ' . $row['topic_views']
. (($this->is_moderator_approve_forum($row['forum_id']) && ($row['topic_replies_real'] != $row['topic_replies'])) ? ' ' . $this->separator_stats . ' ' . $user->lang['POSTS_UNAPPROVED'] : ''); . (($this->is_moderator_approve_forum($row['forum_id']) && ($row['topic_replies_real'] != $row['topic_replies'])) ? ' ' . $this->separator_stats . ' ' . $user->lang['POSTS_UNAPPROVED'] : '');
@ -800,7 +810,7 @@ class phpbb_feed_overall extends phpbb_feed_post_base
// Get the actual data // Get the actual data
$this->sql = array( $this->sql = array(
'SELECT' => 'f.forum_id, f.forum_name, ' . 'SELECT' => 'f.forum_id, f.forum_name, ' .
'p.post_id, p.topic_id, p.post_time, p.post_approved, p.post_subject, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url, ' . 'p.post_id, p.topic_id, p.post_time, p.post_edit_time, p.post_approved, p.post_subject, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url, ' .
'u.username, u.user_id', 'u.username, u.user_id',
'FROM' => array( 'FROM' => array(
USERS_TABLE => 'u', USERS_TABLE => 'u',
@ -932,7 +942,7 @@ class phpbb_feed_forum extends phpbb_feed_post_base
} }
$this->sql = array( $this->sql = array(
'SELECT' => 'p.post_id, p.topic_id, p.post_time, p.post_approved, p.post_subject, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url, ' . 'SELECT' => 'p.post_id, p.topic_id, p.post_time, p.post_edit_time, p.post_approved, p.post_subject, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url, ' .
'u.username, u.user_id', 'u.username, u.user_id',
'FROM' => array( 'FROM' => array(
POSTS_TABLE => 'p', POSTS_TABLE => 'p',
@ -1097,7 +1107,7 @@ class phpbb_feed_topic extends phpbb_feed_post_base
global $auth, $db; global $auth, $db;
$this->sql = array( $this->sql = array(
'SELECT' => 'p.post_id, p.post_time, p.post_approved, p.post_subject, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url, ' . 'SELECT' => 'p.post_id, p.post_time, p.post_edit_time, p.post_approved, p.post_subject, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url, ' .
'u.username, u.user_id', 'u.username, u.user_id',
'FROM' => array( 'FROM' => array(
POSTS_TABLE => 'p', POSTS_TABLE => 'p',
@ -1136,7 +1146,7 @@ class phpbb_feed_forums extends phpbb_feed_base
$this->set('text', 'forum_desc'); $this->set('text', 'forum_desc');
$this->set('bitfield', 'forum_desc_bitfield'); $this->set('bitfield', 'forum_desc_bitfield');
$this->set('bbcode_uid','forum_desc_uid'); $this->set('bbcode_uid','forum_desc_uid');
$this->set('date', 'forum_last_post_time'); $this->set('updated', 'forum_last_post_time');
$this->set('options', 'forum_desc_options'); $this->set('options', 'forum_desc_options');
} }
@ -1261,8 +1271,8 @@ class phpbb_feed_news extends phpbb_feed_topic_base
$this->sql = array( $this->sql = array(
'SELECT' => 'f.forum_id, f.forum_name, 'SELECT' => 'f.forum_id, f.forum_name,
t.topic_id, t.topic_title, t.topic_poster, t.topic_first_poster_name, t.topic_replies, t.topic_replies_real, t.topic_views, t.topic_time, t.topic_id, t.topic_title, t.topic_poster, t.topic_first_poster_name, t.topic_replies, t.topic_replies_real, t.topic_views, t.topic_time, t.topic_last_post_time,
p.post_id, p.post_time, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url', p.post_id, p.post_time, p.post_edit_time, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url',
'FROM' => array( 'FROM' => array(
TOPICS_TABLE => 't', TOPICS_TABLE => 't',
POSTS_TABLE => 'p', POSTS_TABLE => 'p',
@ -1334,8 +1344,8 @@ class phpbb_feed_topics extends phpbb_feed_topic_base
$this->sql = array( $this->sql = array(
'SELECT' => 'f.forum_id, f.forum_name, 'SELECT' => 'f.forum_id, f.forum_name,
t.topic_id, t.topic_title, t.topic_poster, t.topic_first_poster_name, t.topic_replies, t.topic_replies_real, t.topic_views, t.topic_time, t.topic_id, t.topic_title, t.topic_poster, t.topic_first_poster_name, t.topic_replies, t.topic_replies_real, t.topic_views, t.topic_time, t.topic_last_post_time,
p.post_id, p.post_time, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url', p.post_id, p.post_time, p.post_edit_time, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url',
'FROM' => array( 'FROM' => array(
TOPICS_TABLE => 't', TOPICS_TABLE => 't',
POSTS_TABLE => 'p', POSTS_TABLE => 'p',
@ -1381,8 +1391,6 @@ class phpbb_feed_topics_active extends phpbb_feed_topic_base
$this->set('author_id', 'topic_last_poster_id'); $this->set('author_id', 'topic_last_poster_id');
$this->set('creator', 'topic_last_poster_name'); $this->set('creator', 'topic_last_poster_name');
$this->set('date', 'topic_last_post_time');
$this->set('text', 'post_text');
} }
function get_sql() function get_sql()
@ -1434,7 +1442,7 @@ class phpbb_feed_topics_active extends phpbb_feed_topic_base
'SELECT' => 'f.forum_id, f.forum_name, 'SELECT' => 'f.forum_id, f.forum_name,
t.topic_id, t.topic_title, t.topic_replies, t.topic_replies_real, t.topic_views, t.topic_id, t.topic_title, t.topic_replies, t.topic_replies_real, t.topic_views,
t.topic_last_poster_id, t.topic_last_poster_name, t.topic_last_post_time, t.topic_last_poster_id, t.topic_last_poster_name, t.topic_last_post_time,
p.post_id, p.post_time, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url', p.post_id, p.post_time, p.post_edit_time, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url',
'FROM' => array( 'FROM' => array(
TOPICS_TABLE => 't', TOPICS_TABLE => 't',
POSTS_TABLE => 'p', POSTS_TABLE => 'p',

4
phpBB/includes/acm/acm_file.php
View file

@ -88,11 +88,11 @@ class acm
if (!phpbb_is_writable($this->cache_dir)) if (!phpbb_is_writable($this->cache_dir))
{ {
// We need to use die() here, because else we may encounter an infinite loop (the message handler calls $cache->unload()) // We need to use die() here, because else we may encounter an infinite loop (the message handler calls $cache->unload())
die($this->cache_dir . ' is NOT writable.'); die('Fatal: ' . $this->cache_dir . ' is NOT writable.');
exit; exit;
} }
die('Not able to open ' . $this->cache_dir . 'data_global.' . $phpEx); die('Fatal: Not able to open ' . $this->cache_dir . 'data_global.' . $phpEx);
exit; exit;
} }

145
phpBB/includes/acm/acm_redis.php Normal file
View file

@ -0,0 +1,145 @@
<?php
/**
*
* @package acm
* @copyright (c) 2011 phpBB Group
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
*
*/
/**
* @ignore
*/
if (!defined('IN_PHPBB'))
{
exit;
}
// Include the abstract base
if (!class_exists('acm_memory'))
{
require("{$phpbb_root_path}includes/acm/acm_memory.$phpEx");
}
if (!defined('PHPBB_ACM_REDIS_PORT'))
{
define('PHPBB_ACM_REDIS_PORT', 6379);
}
if (!defined('PHPBB_ACM_REDIS_HOST'))
{
define('PHPBB_ACM_REDIS_HOST', 'localhost');
}
/**
* ACM for Redis
*
* Compatible with the php extension phpredis available
* at https://github.com/nicolasff/phpredis
*
* @package acm
*/
class acm extends acm_memory
{
var $extension = 'redis';
var $redis;
function acm()
{
// Call the parent constructor
parent::acm_memory();
$this->redis = new Redis();
$this->redis->connect(PHPBB_ACM_REDIS_HOST, PHPBB_ACM_REDIS_PORT);
if (defined('PHPBB_ACM_REDIS_PASSWORD'))
{
if (!$this->redis->auth(PHPBB_ACM_REDIS_PASSWORD))
{
global $acm_type;
trigger_error("Incorrect password for the ACM module $acm_type.", E_USER_ERROR);
}
}
$this->redis->setOption(Redis::OPT_SERIALIZER, Redis::SERIALIZER_PHP);
$this->redis->setOption(Redis::OPT_PREFIX, $this->key_prefix);
if (defined('PHPBB_ACM_REDIS_DB'))
{
if (!$this->redis->select(PHPBB_ACM_REDIS_DB))
{
global $acm_type;
trigger_error("Incorrect database for the ACM module $acm_type.", E_USER_ERROR);
}
}
}
/**
* Unload the cache resources
*
* @return void
*/
function unload()
{
parent::unload();
$this->redis->close();
}
/**
* Purge cache data
*
* @return void
*/
function purge()
{
$this->redis->flushDB();
parent::purge();
}
/**
* Fetch an item from the cache
*
* @access protected
* @param string $var Cache key
* @return mixed Cached data
*/
function _read($var)
{
return $this->redis->get($var);
}
/**
* Store data in the cache
*
* @access protected
* @param string $var Cache key
* @param mixed $data Data to store
* @param int $ttl Time-to-live of cached data
* @return bool True if the operation succeeded
*/
function _write($var, $data, $ttl = 2592000)
{
return $this->redis->setex($var, $ttl, $data);
}
/**
* Remove an item from the cache
*
* @access protected
* @param string $var Cache key
* @return bool True if the operation succeeded
*/
function _delete($var)
{
if ($this->redis->delete($var) > 0)
{
return true;
}
return false;
}
}

84
phpBB/includes/acm/acm_wincache.php Normal file
View file

@ -0,0 +1,84 @@
<?php
/**
*
* @package acm
* @copyright (c) 2010 phpBB Group
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
*
*/
/**
* @ignore
*/
if (!defined('IN_PHPBB'))
{
exit;
}
// Include the abstract base
if (!class_exists('acm_memory'))
{
require("{$phpbb_root_path}includes/acm/acm_memory.$phpEx");
}
/**
* ACM for WinCache
* @package acm
*/
class acm extends acm_memory
{
var $extension = 'wincache';
/**
* Purge cache data
*
* @return void
*/
function purge()
{
wincache_ucache_clear();
parent::purge();
}
/**
* Fetch an item from the cache
*
* @access protected
* @param string $var Cache key
* @return mixed Cached data
*/
function _read($var)
{
$success = false;
$result = wincache_ucache_get($this->key_prefix . $var, $success);
return ($success) ? $result : false;
}
/**
* Store data in the cache
*
* @access protected
* @param string $var Cache key
* @param mixed $data Data to store
* @param int $ttl Time-to-live of cached data
* @return bool True if the operation succeeded
*/
function _write($var, $data, $ttl = 2592000)
{
return wincache_ucache_set($this->key_prefix . $var, $data, $ttl);
}
/**
* Remove an item from the cache
*
* @access protected
* @param string $var Cache key
* @return bool True if the operation succeeded
*/
function _delete($var)
{
return wincache_ucache_delete($this->key_prefix . $var);
}
}

2
phpBB/includes/acp/acp_bbcodes.php
View file

@ -213,7 +213,7 @@ class acp_bbcodes
$bbcode_id = NUM_CORE_BBCODES + 1; $bbcode_id = NUM_CORE_BBCODES + 1;
} }
if ($bbcode_id > 1511) if ($bbcode_id > BBCODE_LIMIT)
{ {
trigger_error($user->lang['TOO_MANY_BBCODES'] . adm_back_link($this->u_action), E_USER_WARNING); trigger_error($user->lang['TOO_MANY_BBCODES'] . adm_back_link($this->u_action), E_USER_WARNING);
} }

16
phpBB/includes/acp/acp_board.php
View file

@ -386,6 +386,9 @@ class acp_board
'pass_complex' => array('lang' => 'PASSWORD_TYPE', 'validate' => 'string', 'type' => 'select', 'method' => 'select_password_chars', 'explain' => true), 'pass_complex' => array('lang' => 'PASSWORD_TYPE', 'validate' => 'string', 'type' => 'select', 'method' => 'select_password_chars', 'explain' => true),
'chg_passforce' => array('lang' => 'FORCE_PASS_CHANGE', 'validate' => 'int:0', 'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']), 'chg_passforce' => array('lang' => 'FORCE_PASS_CHANGE', 'validate' => 'int:0', 'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']),
'max_login_attempts' => array('lang' => 'MAX_LOGIN_ATTEMPTS', 'validate' => 'int:0', 'type' => 'text:3:3', 'explain' => true), 'max_login_attempts' => array('lang' => 'MAX_LOGIN_ATTEMPTS', 'validate' => 'int:0', 'type' => 'text:3:3', 'explain' => true),
'ip_login_limit_max' => array('lang' => 'IP_LOGIN_LIMIT_MAX', 'validate' => 'int:0', 'type' => 'text:3:3', 'explain' => true),
'ip_login_limit_time' => array('lang' => 'IP_LOGIN_LIMIT_TIME', 'validate' => 'int:0', 'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
'ip_login_limit_use_forwarded' => array('lang' => 'IP_LOGIN_LIMIT_USE_FORWARDED', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
'tpl_allow_php' => array('lang' => 'TPL_ALLOW_PHP', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'tpl_allow_php' => array('lang' => 'TPL_ALLOW_PHP', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
'form_token_lifetime' => array('lang' => 'FORM_TIME_MAX', 'validate' => 'int:-1', 'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']), 'form_token_lifetime' => array('lang' => 'FORM_TIME_MAX', 'validate' => 'int:-1', 'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
'form_token_sid_guests' => array('lang' => 'FORM_SID_GUESTS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'form_token_sid_guests' => array('lang' => 'FORM_SID_GUESTS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
@ -769,13 +772,20 @@ class acp_board
{ {
global $user, $config; global $user, $config;
$radio_ary = array(USER_ACTIVATION_DISABLE => 'ACC_DISABLE', USER_ACTIVATION_NONE => 'ACC_NONE'); $radio_ary = array(
USER_ACTIVATION_DISABLE => 'ACC_DISABLE',
USER_ACTIVATION_NONE => 'ACC_NONE',
);
if ($config['email_enable']) if ($config['email_enable'])
{ {
$radio_ary += array(USER_ACTIVATION_SELF => 'ACC_USER', USER_ACTIVATION_ADMIN => 'ACC_ADMIN'); $radio_ary[USER_ACTIVATION_SELF] = 'ACC_USER';
$radio_ary[USER_ACTIVATION_ADMIN] = 'ACC_ADMIN';
} }
return h_radio('config[require_activation]', $radio_ary, $value, $key); $radio_text = h_radio('config[require_activation]', $radio_ary, $value, 'require_activation', $key, '<br />');
return $radio_text;
} }
/** /**

12
phpBB/includes/acp/acp_disallow.php
View file

@ -56,6 +56,18 @@ class acp_disallow
trigger_error($user->lang['NO_USERNAME_SPECIFIED'] . adm_back_link($this->u_action), E_USER_WARNING); trigger_error($user->lang['NO_USERNAME_SPECIFIED'] . adm_back_link($this->u_action), E_USER_WARNING);
} }
$sql = 'SELECT disallow_id
FROM ' . DISALLOW_TABLE . "
WHERE disallow_username = '" . $db->sql_escape($disallowed_user) . "'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($row)
{
trigger_error($user->lang['DISALLOWED_ALREADY'] . adm_back_link($this->u_action), E_USER_WARNING);
}
$sql = 'INSERT INTO ' . DISALLOW_TABLE . ' ' . $db->sql_build_array('INSERT', array('disallow_username' => $disallowed_user)); $sql = 'INSERT INTO ' . DISALLOW_TABLE . ' ' . $db->sql_build_array('INSERT', array('disallow_username' => $disallowed_user));
$db->sql_query($sql); $db->sql_query($sql);

45
phpBB/includes/acp/acp_email.php
View file

@ -82,23 +82,48 @@ class acp_email
{ {
if ($group_id) if ($group_id)
{ {
$sql = 'SELECT u.user_email, u.username, u.username_clean, u.user_lang, u.user_jabber, u.user_notify_type $sql_ary = array(
FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . ' ug 'SELECT' => 'u.user_email, u.username, u.username_clean, u.user_lang, u.user_jabber, u.user_notify_type',
WHERE ug.group_id = ' . $group_id . ' 'FROM' => array(
USERS_TABLE => 'u',
USER_GROUP_TABLE => 'ug',
),
'WHERE' => 'ug.group_id = ' . $group_id . '
AND ug.user_pending = 0 AND ug.user_pending = 0
AND u.user_id = ug.user_id AND u.user_id = ug.user_id
AND u.user_allow_massemail = 1 AND u.user_allow_massemail = 1
AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ') AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')',
ORDER BY u.user_lang, u.user_notify_type'; 'ORDER_BY' => 'u.user_lang, u.user_notify_type',
);
} }
else else
{ {
$sql = 'SELECT username, username_clean, user_email, user_jabber, user_notify_type, user_lang $sql_ary = array(
FROM ' . USERS_TABLE . ' 'SELECT' => 'u.username, u.username_clean, u.user_email, u.user_jabber, u.user_lang, u.user_notify_type',
WHERE user_allow_massemail = 1 'FROM' => array(
AND user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ') USERS_TABLE => 'u',
ORDER BY user_lang, user_notify_type'; ),
'WHERE' => 'u.user_allow_massemail = 1
AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')',
'ORDER_BY' => 'u.user_lang, u.user_notify_type',
);
} }
// Mail banned or not
if (!isset($_REQUEST['mail_banned_flag']))
{
$sql_ary['WHERE'] .= ' AND (b.ban_id IS NULL
OR b.ban_exclude = 1)';
$sql_ary['LEFT_JOIN'] = array(
array(
'FROM' => array(
BANLIST_TABLE => 'b',
),
'ON' => 'u.user_id = b.ban_userid',
),
);
}
$sql = $db->sql_build_query('SELECT', $sql_ary);
} }
$result = $db->sql_query($sql); $result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result); $row = $db->sql_fetchrow($result);

4
phpBB/includes/acp/acp_icons.php
View file

@ -394,6 +394,10 @@ class acp_icons
{ {
// skip images where add wasn't checked // skip images where add wasn't checked
} }
else if (!file_exists($phpbb_root_path . $img_path . '/' . $image))
{
$errors[$image] = 'SMILIE_NO_FILE';
}
else else
{ {
if ($image_width[$image] == 0 || $image_height[$image] == 0) if ($image_width[$image] == 0 || $image_height[$image] == 0)

12
phpBB/includes/acp/acp_language.php
View file

@ -1055,14 +1055,14 @@ class acp_language
$iso_src .= htmlspecialchars_decode($row['lang_author']); $iso_src .= htmlspecialchars_decode($row['lang_author']);
$compress->add_data($iso_src, 'language/' . $row['lang_iso'] . '/iso.txt'); $compress->add_data($iso_src, 'language/' . $row['lang_iso'] . '/iso.txt');
// index.html files // index.htm files
$compress->add_data('', 'language/' . $row['lang_iso'] . '/index.html'); $compress->add_data('', 'language/' . $row['lang_iso'] . '/index.htm');
$compress->add_data('', 'language/' . $row['lang_iso'] . '/email/index.html'); $compress->add_data('', 'language/' . $row['lang_iso'] . '/email/index.htm');
$compress->add_data('', 'language/' . $row['lang_iso'] . '/acp/index.html'); $compress->add_data('', 'language/' . $row['lang_iso'] . '/acp/index.htm');
if (sizeof($mod_files)) if (sizeof($mod_files))
{ {
$compress->add_data('', 'language/' . $row['lang_iso'] . '/mods/index.html'); $compress->add_data('', 'language/' . $row['lang_iso'] . '/mods/index.htm');
} }
$compress->close(); $compress->close();
@ -1217,7 +1217,7 @@ $lang = array_merge($lang, array(
'; ';
// Language files in language root directory // Language files in language root directory
$this->main_files = array("common.$phpEx", "groups.$phpEx", "install.$phpEx", "mcp.$phpEx", "memberlist.$phpEx", "posting.$phpEx", "search.$phpEx", "ucp.$phpEx", "viewforum.$phpEx", "viewtopic.$phpEx", "help_bbcode.$phpEx", "help_faq.$phpEx"); $this->main_files = array("captcha_qa.$phpEx", "captcha_recaptcha.$phpEx", "common.$phpEx", "groups.$phpEx", "install.$phpEx", "mcp.$phpEx", "memberlist.$phpEx", "posting.$phpEx", "search.$phpEx", "ucp.$phpEx", "viewforum.$phpEx", "viewtopic.$phpEx", "help_bbcode.$phpEx", "help_faq.$phpEx");
} }
/** /**

2
phpBB/includes/acp/acp_main.php
View file

@ -529,7 +529,7 @@ class acp_main
); );
$log_data = array(); $log_data = array();
$log_count = 0; $log_count = false;
if ($auth->acl_get('a_viewlogs')) if ($auth->acl_get('a_viewlogs'))
{ {

2
phpBB/includes/acp/acp_profile.php
View file

@ -512,7 +512,7 @@ class acp_profile
else if ($field_type == FIELD_INT && $key == 'field_default_value') else if ($field_type == FIELD_INT && $key == 'field_default_value')
{ {
// Permit an empty string // Permit an empty string
if (request_var('field_default_value', '') === '') if ($action == 'create' && request_var('field_default_value', '') === '')
{ {
$var = ''; $var = '';
} }

16
phpBB/includes/acp/acp_search.php
View file

@ -392,7 +392,18 @@ class acp_search
AND post_id <= ' . (int) ($post_counter + $this->batch_size); AND post_id <= ' . (int) ($post_counter + $this->batch_size);
$result = $db->sql_query($sql); $result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) $buffer = $db->sql_buffer_nested_transactions();
if ($buffer)
{
$rows = $db->sql_fetchrowset($result);
$rows[] = false; // indicate end of array for while loop below
$db->sql_freeresult($result);
}
$i = 0;
while ($row = ($buffer ? $rows[$i++] : $db->sql_fetchrow($result)))
{ {
// Indexing enabled for this forum or global announcement? // Indexing enabled for this forum or global announcement?
// Global announcements get indexed by default. // Global announcements get indexed by default.
@ -402,7 +413,10 @@ class acp_search
} }
$row_count++; $row_count++;
} }
if (!$buffer)
{
$db->sql_freeresult($result); $db->sql_freeresult($result);
}
$post_counter += $this->batch_size; $post_counter += $this->batch_size;
} }

257
phpBB/includes/acp/acp_styles.php
View file

@ -510,6 +510,7 @@ parse_css_file = {PARSE_CSS_FILE}
$db->sql_transaction('commit'); $db->sql_transaction('commit');
$cache->destroy('sql', STYLES_IMAGESET_DATA_TABLE); $cache->destroy('sql', STYLES_IMAGESET_DATA_TABLE);
$cache->destroy('imageset_site_logo_md5');
add_log('admin', 'LOG_IMAGESET_REFRESHED', $imageset_row['imageset_name']); add_log('admin', 'LOG_IMAGESET_REFRESHED', $imageset_row['imageset_name']);
trigger_error($user->lang['IMAGESET_REFRESHED'] . adm_back_link($this->u_action)); trigger_error($user->lang['IMAGESET_REFRESHED'] . adm_back_link($this->u_action));
@ -716,7 +717,7 @@ parse_css_file = {PARSE_CSS_FILE}
$save_changes = (isset($_POST['save'])) ? true : false; $save_changes = (isset($_POST['save'])) ? true : false;
// make sure template_file path doesn't go upwards // make sure template_file path doesn't go upwards
$template_file = str_replace('..', '.', $template_file); $template_file = preg_replace('#\.{2,}#', '.', $template_file);
// Retrieve some information about the template // Retrieve some information about the template
$sql = 'SELECT template_storedb, template_path, template_name $sql = 'SELECT template_storedb, template_path, template_name
@ -1587,23 +1588,23 @@ parse_css_file = {PARSE_CSS_FILE}
{ {
case 'style': case 'style':
$sql_from = STYLES_TABLE; $sql_from = STYLES_TABLE;
$sql_select = 'style_name'; $sql_select = 'style_id, style_name, template_id, theme_id, imageset_id';
$sql_where = 'AND style_active = 1'; $sql_where = 'AND style_active = 1';
break; break;
case 'template': case 'template':
$sql_from = STYLES_TEMPLATE_TABLE; $sql_from = STYLES_TEMPLATE_TABLE;
$sql_select = 'template_name, template_path, template_storedb'; $sql_select = 'template_id, template_name, template_path, template_storedb';
break; break;
case 'theme': case 'theme':
$sql_from = STYLES_THEME_TABLE; $sql_from = STYLES_THEME_TABLE;
$sql_select = 'theme_name, theme_path, theme_storedb'; $sql_select = 'theme_id, theme_name, theme_path, theme_storedb';
break; break;
case 'imageset': case 'imageset':
$sql_from = STYLES_IMAGESET_TABLE; $sql_from = STYLES_IMAGESET_TABLE;
$sql_select = 'imageset_name, imageset_path'; $sql_select = 'imageset_id, imageset_name, imageset_path';
break; break;
} }
@ -1633,37 +1634,14 @@ parse_css_file = {PARSE_CSS_FILE}
trigger_error($user->lang['NO_' . $l_prefix] . adm_back_link($this->u_action), E_USER_WARNING); trigger_error($user->lang['NO_' . $l_prefix] . adm_back_link($this->u_action), E_USER_WARNING);
} }
$sql = "SELECT {$mode}_id, {$mode}_name
FROM $sql_from
WHERE {$mode}_id <> $style_id
$sql_where
ORDER BY {$mode}_name ASC";
$result = $db->sql_query($sql);
$s_options = '';
if ($row = $db->sql_fetchrow($result))
{
do
{
$s_options .= '<option value="' . $row[$mode . '_id'] . '">' . $row[$mode . '_name'] . '</option>';
}
while ($row = $db->sql_fetchrow($result));
}
else
{
trigger_error($user->lang['ONLY_' . $l_prefix] . adm_back_link($this->u_action), E_USER_WARNING);
}
$db->sql_freeresult($result);
if ($update) if ($update)
{
if ($mode == 'style')
{ {
$sql = "DELETE FROM $sql_from $sql = "DELETE FROM $sql_from
WHERE {$mode}_id = $style_id"; WHERE {$mode}_id = $style_id";
$db->sql_query($sql); $db->sql_query($sql);
if ($mode == 'style')
{
$sql = 'UPDATE ' . USERS_TABLE . " $sql = 'UPDATE ' . USERS_TABLE . "
SET user_style = $new_id SET user_style = $new_id
WHERE user_style = $style_id"; WHERE user_style = $style_id";
@ -1678,19 +1656,19 @@ parse_css_file = {PARSE_CSS_FILE}
{ {
set_config('default_style', $new_id); set_config('default_style', $new_id);
} }
// Remove the components
$components = array('template', 'theme', 'imageset');
foreach ($components as $component)
{
$new_id = request_var('new_' . $component . '_id', 0);
$component_id = $style_row[$component . '_id'];
$this->remove_component($component, $component_id, $new_id, $style_id);
}
} }
else else
{ {
if ($mode == 'imageset') $this->remove_component($mode, $style_id, $new_id);
{
$sql = 'DELETE FROM ' . STYLES_IMAGESET_DATA_TABLE . "
WHERE imageset_id = $style_id";
$db->sql_query($sql);
}
$sql = 'UPDATE ' . STYLES_TABLE . "
SET {$mode}_id = $new_id
WHERE {$mode}_id = $style_id";
$db->sql_query($sql);
} }
$cache->destroy('sql', STYLES_TABLE); $cache->destroy('sql', STYLES_TABLE);
@ -1700,11 +1678,12 @@ parse_css_file = {PARSE_CSS_FILE}
trigger_error($user->lang[$message] . adm_back_link($this->u_action)); trigger_error($user->lang[$message] . adm_back_link($this->u_action));
} }
$this->display_component_options($mode, $style_row[$mode . '_id'], $style_row);
$this->page_title = 'DELETE_' . $l_prefix; $this->page_title = 'DELETE_' . $l_prefix;
$template->assign_vars(array( $template->assign_vars(array(
'S_DELETE' => true, 'S_DELETE' => true,
'S_REPLACE_OPTIONS' => $s_options,
'L_TITLE' => $user->lang[$this->page_title], 'L_TITLE' => $user->lang[$this->page_title],
'L_EXPLAIN' => $user->lang[$this->page_title . '_EXPLAIN'], 'L_EXPLAIN' => $user->lang[$this->page_title . '_EXPLAIN'],
@ -1718,6 +1697,202 @@ parse_css_file = {PARSE_CSS_FILE}
'NAME' => $style_row[$mode . '_name'], 'NAME' => $style_row[$mode . '_name'],
) )
); );
if ($mode == 'style')
{
$template->assign_vars(array(
'S_DELETE_STYLE' => true,
));
}
}
/**
* Remove template/theme/imageset entry from the database
*/
function remove_component($component, $component_id, $new_id, $style_id = false)
{
global $db;
if (($new_id == 0) || ($component === 'template' && ($conflicts = $this->check_inheritance($component, $component_id))))
{
// We can not delete the template, as the user wants to keep the component or an other template is inheriting from this one.
return;
}
$component_in_use = array();
if ($component != 'style')
{
$component_in_use = $this->component_in_use($component, $component_id, $style_id);
}
if (($new_id == -1) && !empty($component_in_use))
{
// We can not delete the component, as it is still in use
return;
}
if ($component == 'imageset')
{
$sql = 'DELETE FROM ' . STYLES_IMAGESET_DATA_TABLE . "
WHERE imageset_id = $component_id";
$db->sql_query($sql);
}
switch ($component)
{
case 'template':
$sql_from = STYLES_TEMPLATE_TABLE;
break;
case 'theme':
$sql_from = STYLES_THEME_TABLE;
break;
case 'imageset':
$sql_from = STYLES_IMAGESET_TABLE;;
break;
}
$sql = "DELETE FROM $sql_from
WHERE {$component}_id = $component_id";
$db->sql_query($sql);
$sql = 'UPDATE ' . STYLES_TABLE . "
SET {$component}_id = $new_id
WHERE {$component}_id = $component_id";
$db->sql_query($sql);
}
/**
* Display the options which can be used to replace a style/template/theme/imageset
*/
function display_component_options($component, $component_id, $style_row = false, $style_id = false)
{
global $db, $template, $user;
$component_in_use = array();
if ($component != 'style')
{
$component_in_use = $this->component_in_use($component, $component_id, $style_id);
}
$sql_where = '';
switch ($component)
{
case 'style':
$sql_from = STYLES_TABLE;
$sql_where = 'WHERE style_active = 1';
break;
case 'template':
$sql_from = STYLES_TEMPLATE_TABLE;
$sql_where = 'WHERE template_inherits_id <> ' . $component_id;
break;
case 'theme':
$sql_from = STYLES_THEME_TABLE;
break;
case 'imageset':
$sql_from = STYLES_IMAGESET_TABLE;
break;
}
$s_options = '';
if (($component != 'style') && empty($component_in_use))
{
$sql = "SELECT {$component}_id, {$component}_name
FROM $sql_from
WHERE {$component}_id = {$component_id}";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$s_options .= '<option value="-1" selected="selected">' . $user->lang['DELETE_' . strtoupper($component)] . '</option>';
$s_options .= '<option value="0">' . sprintf($user->lang['KEEP_' . strtoupper($component)], $row[$component . '_name']) . '</option>';
}
else
{
$sql = "SELECT {$component}_id, {$component}_name
FROM $sql_from
$sql_where
ORDER BY {$component}_name ASC";
$result = $db->sql_query($sql);
$s_keep_option = $s_options = '';
while ($row = $db->sql_fetchrow($result))
{
if ($row[$component . '_id'] != $component_id)
{
$s_options .= '<option value="' . $row[$component . '_id'] . '">' . sprintf($user->lang['REPLACE_WITH_OPTION'], $row[$component . '_name']) . '</option>';
}
else if ($component != 'style')
{
$s_keep_option = '<option value="0" selected="selected">' . sprintf($user->lang['KEEP_' . strtoupper($component)], $row[$component . '_name']) . '</option>';
}
}
$db->sql_freeresult($result);
$s_options = $s_keep_option . $s_options;
}
if (!$style_row)
{
$template->assign_var('S_REPLACE_' . strtoupper($component) . '_OPTIONS', $s_options);
}
else
{
$template->assign_var('S_REPLACE_OPTIONS', $s_options);
if ($component == 'style')
{
$components = array('template', 'theme', 'imageset');
foreach ($components as $component)
{
$this->display_component_options($component, $style_row[$component . '_id'], false, $component_id, true);
}
}
}
}
/**
* Check whether the component is still used by another style or component
*/
function component_in_use($component, $component_id, $style_id = false)
{
global $db;
$component_in_use = array();
if ($style_id)
{
$sql = 'SELECT style_id, style_name
FROM ' . STYLES_TABLE . "
WHERE {$component}_id = {$component_id}
AND style_id <> {$style_id}
ORDER BY style_name ASC";
}
else
{
$sql = 'SELECT style_id, style_name
FROM ' . STYLES_TABLE . "
WHERE {$component}_id = {$component_id}
ORDER BY style_name ASC";
}
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
$component_in_use[] = $row['style_name'];
}
$db->sql_freeresult($result);
if ($component === 'template' && ($conflicts = $this->check_inheritance($component, $component_id)))
{
foreach ($conflicts as $temp_id => $conflict_data)
{
$component_in_use[] = $conflict_data['template_name'];
}
}
return $component_in_use;
} }
/** /**

3
phpBB/includes/acp/acp_words.php
View file

@ -95,6 +95,9 @@ class acp_words
trigger_error($user->lang['ENTER_WORD'] . adm_back_link($this->u_action), E_USER_WARNING); trigger_error($user->lang['ENTER_WORD'] . adm_back_link($this->u_action), E_USER_WARNING);
} }
// Replace multiple consecutive asterisks with single one as those are not needed
$word = preg_replace('#\*{2,}#', '*', $word);
$sql_ary = array( $sql_ary = array(
'word' => $word, 'word' => $word,
'replacement' => $replacement 'replacement' => $replacement

14
phpBB/includes/auth.php
View file

@ -109,6 +109,7 @@ class auth
*/ */
function _fill_acl($user_permissions) function _fill_acl($user_permissions)
{ {
$seq_cache = array();
$this->acl = array(); $this->acl = array();
$user_permissions = explode("\n", $user_permissions); $user_permissions = explode("\n", $user_permissions);
@ -125,8 +126,17 @@ class auth
while ($subseq = substr($seq, $i, 6)) while ($subseq = substr($seq, $i, 6))
{ {
if (isset($seq_cache[$subseq]))
{
$converted = $seq_cache[$subseq];
}
else
{
$converted = $seq_cache[$subseq] = str_pad(base_convert($subseq, 36, 2), 31, 0, STR_PAD_LEFT);
}
// We put the original bitstring into the acl array // We put the original bitstring into the acl array
$this->acl[$f] .= str_pad(base_convert($subseq, 36, 2), 31, 0, STR_PAD_LEFT); $this->acl[$f] .= $converted;
$i += 6; $i += 6;
} }
} }
@ -898,7 +908,7 @@ class auth
$method = 'login_' . $method; $method = 'login_' . $method;
if (function_exists($method)) if (function_exists($method))
{ {
$login = $method($username, $password); $login = $method($username, $password, $user->ip, $user->browser, $user->forwarded_for);
// If the auth module wants us to create an empty profile do so and then treat the status as LOGIN_SUCCESS // If the auth module wants us to create an empty profile do so and then treat the status as LOGIN_SUCCESS
if ($login['status'] == LOGIN_SUCCESS_CREATE_PROFILE) if ($login['status'] == LOGIN_SUCCESS_CREATE_PROFILE)

63
phpBB/includes/auth/auth_db.php
View file

@ -23,8 +23,21 @@ if (!defined('IN_PHPBB'))
/** /**
* Login function * Login function
*
* @param string $username
* @param string $password
* @param string $ip IP address the login is taking place from. Used to
* limit the number of login attempts per IP address.
* @param string $browser The user agent used to login
* @param string $forwarded_for X_FORWARDED_FOR header sent with login request
* @return array A associative array of the format
* array(
* 'status' => status constant
* 'error_msg' => string
* 'user_row' => array
* )
*/ */
function login_db(&$username, &$password) function login_db($username, $password, $ip = '', $browser = '', $forwarded_for = '')
{ {
global $db, $config; global $db, $config;
@ -47,13 +60,51 @@ function login_db(&$username, &$password)
); );
} }
$username_clean = utf8_clean_string($username);
$sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts $sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
FROM ' . USERS_TABLE . " FROM ' . USERS_TABLE . "
WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; WHERE username_clean = '" . $db->sql_escape($username_clean) . "'";
$result = $db->sql_query($sql); $result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result); $row = $db->sql_fetchrow($result);
$db->sql_freeresult($result); $db->sql_freeresult($result);
if (($ip && !$config['ip_login_limit_use_forwarded']) ||
($forwarded_for && $config['ip_login_limit_use_forwarded']))
{
$sql = 'SELECT COUNT(*) AS attempts
FROM ' . LOGIN_ATTEMPT_TABLE . '
WHERE attempt_time > ' . (time() - (int) $config['ip_login_limit_time']);
if ($config['ip_login_limit_use_forwarded'])
{
$sql .= " AND attempt_forwarded_for = '" . $db->sql_escape($forwarded_for) . "'";
}
else
{
$sql .= " AND attempt_ip = '" . $db->sql_escape($ip) . "' ";
}
$result = $db->sql_query($sql);
$attempts = (int) $db->sql_fetchfield('attempts');
$db->sql_freeresult($result);
$attempt_data = array(
'attempt_ip' => $ip,
'attempt_browser' => trim(substr($browser, 0, 149)),
'attempt_forwarded_for' => $forwarded_for,
'attempt_time' => time(),
'user_id' => ($row) ? (int) $row['user_id'] : 0,
'username' => $username,
'username_clean' => $username_clean,
);
$sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $db->sql_build_array('INSERT', $attempt_data);
$result = $db->sql_query($sql);
}
else
{
$attempts = 0;
}
if (!$row) if (!$row)
{ {
return array( return array(
@ -62,7 +113,9 @@ function login_db(&$username, &$password)
'user_row' => array('user_id' => ANONYMOUS), 'user_row' => array('user_id' => ANONYMOUS),
); );
} }
$show_captcha = $config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts'];
$show_captcha = ($config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts']) ||
($config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max']);
// If there are too much login attempts, we need to check for an confirm image // If there are too much login attempts, we need to check for an confirm image
// Every auth module is able to define what to do by itself... // Every auth module is able to define what to do by itself...
@ -165,6 +218,10 @@ function login_db(&$username, &$password)
$row['user_password'] = $hash; $row['user_password'] = $hash;
} }
$sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . '
WHERE user_id = ' . $row['user_id'];
$db->sql_query($sql);
if ($row['user_login_attempts'] != 0) if ($row['user_login_attempts'] != 0)
{ {
// Successful, reset login attempts (the user passed all stages) // Successful, reset login attempts (the user passed all stages)

2
phpBB/includes/auth/auth_ldap.php
View file

@ -335,7 +335,7 @@ function acp_ldap(&$new)
</dl> </dl>
<dl> <dl>
<dt><label for="ldap_password">' . $user->lang['LDAP_PASSWORD'] . ':</label><br /><span>' . $user->lang['LDAP_PASSWORD_EXPLAIN'] . '</span></dt> <dt><label for="ldap_password">' . $user->lang['LDAP_PASSWORD'] . ':</label><br /><span>' . $user->lang['LDAP_PASSWORD_EXPLAIN'] . '</span></dt>
<dd><input type="password" id="ldap_password" size="40" name="config[ldap_password]" value="' . $new['ldap_password'] . '" /></dd> <dd><input type="password" id="ldap_password" size="40" name="config[ldap_password]" value="' . $new['ldap_password'] . '" autocomplete="off" /></dd>
</dl> </dl>
'; ';

19
phpBB/includes/cache.php
View file

@ -82,26 +82,9 @@ class cache extends acm
$result = $db->sql_query($sql); $result = $db->sql_query($sql);
$censors = array(); $censors = array();
$unicode = ((version_compare(PHP_VERSION, '5.1.0', '>=') || (version_compare(PHP_VERSION, '5.0.0-dev', '<=') && version_compare(PHP_VERSION, '4.4.0', '>='))) && @preg_match('/\p{L}/u', 'a') !== false) ? true : false;
while ($row = $db->sql_fetchrow($result)) while ($row = $db->sql_fetchrow($result))
{ {
if ($unicode) $censors['match'][] = get_censor_preg_expression($row['word']);
{
// Unescape the asterisk to simplify further conversions
$row['word'] = str_replace('\*', '*', preg_quote($row['word'], '#'));
// Replace the asterisk inside the pattern, at the start and at the end of it with regexes
$row['word'] = preg_replace(array('#(?<=[\p{Nd}\p{L}_])\*(?=[\p{Nd}\p{L}_])#iu', '#^\*#', '#\*$#'), array('([\x20]*?|[\p{Nd}\p{L}_-]*?)', '[\p{Nd}\p{L}_-]*?', '[\p{Nd}\p{L}_-]*?'), $row['word']);
// Generate the final substitution
$censors['match'][] = '#(?<![\p{Nd}\p{L}_-])(' . $row['word'] . ')(?![\p{Nd}\p{L}_-])#iu';
}
else
{
$censors['match'][] = '#(?<!\S)(' . str_replace('\*', '\S*?', preg_quote($row['word'], '#')) . ')(?!\S)#iu';
}
$censors['replace'][] = $row['replacement']; $censors['replace'][] = $row['replacement'];
} }
$db->sql_freeresult($result); $db->sql_freeresult($result);

56
phpBB/includes/captcha/captcha_gd.php
View file

@ -77,7 +77,7 @@ class captcha
{ {
$denom = ($code_len - $i); $denom = ($code_len - $i);
$denom = max(1.3, $denom); $denom = max(1.3, $denom);
$offset[$i] = mt_rand(0, (1.5 * $width_avail) / $denom); $offset[$i] = phpbb_mt_rand(0, (int) round((1.5 * $width_avail) / $denom));
$width_avail -= $offset[$i]; $width_avail -= $offset[$i];
} }
@ -112,7 +112,7 @@ class captcha
$noise_bitmaps = $this->captcha_noise_bg_bitmaps(); $noise_bitmaps = $this->captcha_noise_bg_bitmaps();
for ($i = 0; $i < $code_len; ++$i) for ($i = 0; $i < $code_len; ++$i)
{ {
$noise[$i] = new char_cube3d($noise_bitmaps, mt_rand(1, count($noise_bitmaps['data']))); $noise[$i] = new char_cube3d($noise_bitmaps, mt_rand(1, sizeof($noise_bitmaps['data'])));
list($min, $max) = $noise[$i]->range(); list($min, $max) = $noise[$i]->range();
//$box = $noise[$i]->dimensions($sizes[$i]); //$box = $noise[$i]->dimensions($sizes[$i]);
@ -1669,32 +1669,32 @@ class captcha
'height' => 15, 'height' => 15,
'data' => array( 'data' => array(
'A' => $chars['A'][mt_rand(0, min(count($chars['A']), $config['captcha_gd_fonts']) -1)], 'A' => $chars['A'][mt_rand(0, min(sizeof($chars['A']), $config['captcha_gd_fonts']) -1)],
'B' => $chars['B'][mt_rand(0, min(count($chars['B']), $config['captcha_gd_fonts']) -1)], 'B' => $chars['B'][mt_rand(0, min(sizeof($chars['B']), $config['captcha_gd_fonts']) -1)],
'C' => $chars['C'][mt_rand(0, min(count($chars['C']), $config['captcha_gd_fonts']) -1)], 'C' => $chars['C'][mt_rand(0, min(sizeof($chars['C']), $config['captcha_gd_fonts']) -1)],
'D' => $chars['D'][mt_rand(0, min(count($chars['D']), $config['captcha_gd_fonts']) -1)], 'D' => $chars['D'][mt_rand(0, min(sizeof($chars['D']), $config['captcha_gd_fonts']) -1)],
'E' => $chars['E'][mt_rand(0, min(count($chars['E']), $config['captcha_gd_fonts']) -1)], 'E' => $chars['E'][mt_rand(0, min(sizeof($chars['E']), $config['captcha_gd_fonts']) -1)],
'F' => $chars['F'][mt_rand(0, min(count($chars['F']), $config['captcha_gd_fonts']) -1)], 'F' => $chars['F'][mt_rand(0, min(sizeof($chars['F']), $config['captcha_gd_fonts']) -1)],
'G' => $chars['G'][mt_rand(0, min(count($chars['G']), $config['captcha_gd_fonts']) -1)], 'G' => $chars['G'][mt_rand(0, min(sizeof($chars['G']), $config['captcha_gd_fonts']) -1)],
'H' => $chars['H'][mt_rand(0, min(count($chars['H']), $config['captcha_gd_fonts']) -1)], 'H' => $chars['H'][mt_rand(0, min(sizeof($chars['H']), $config['captcha_gd_fonts']) -1)],
'I' => $chars['I'][mt_rand(0, min(count($chars['I']), $config['captcha_gd_fonts']) -1)], 'I' => $chars['I'][mt_rand(0, min(sizeof($chars['I']), $config['captcha_gd_fonts']) -1)],
'J' => $chars['J'][mt_rand(0, min(count($chars['J']), $config['captcha_gd_fonts']) -1)], 'J' => $chars['J'][mt_rand(0, min(sizeof($chars['J']), $config['captcha_gd_fonts']) -1)],
'K' => $chars['K'][mt_rand(0, min(count($chars['K']), $config['captcha_gd_fonts']) -1)], 'K' => $chars['K'][mt_rand(0, min(sizeof($chars['K']), $config['captcha_gd_fonts']) -1)],
'L' => $chars['L'][mt_rand(0, min(count($chars['L']), $config['captcha_gd_fonts']) -1)], 'L' => $chars['L'][mt_rand(0, min(sizeof($chars['L']), $config['captcha_gd_fonts']) -1)],
'M' => $chars['M'][mt_rand(0, min(count($chars['M']), $config['captcha_gd_fonts']) -1)], 'M' => $chars['M'][mt_rand(0, min(sizeof($chars['M']), $config['captcha_gd_fonts']) -1)],
'N' => $chars['N'][mt_rand(0, min(count($chars['N']), $config['captcha_gd_fonts']) -1)], 'N' => $chars['N'][mt_rand(0, min(sizeof($chars['N']), $config['captcha_gd_fonts']) -1)],
'O' => $chars['O'][mt_rand(0, min(count($chars['O']), $config['captcha_gd_fonts']) -1)], 'O' => $chars['O'][mt_rand(0, min(sizeof($chars['O']), $config['captcha_gd_fonts']) -1)],
'P' => $chars['P'][mt_rand(0, min(count($chars['P']), $config['captcha_gd_fonts']) -1)], 'P' => $chars['P'][mt_rand(0, min(sizeof($chars['P']), $config['captcha_gd_fonts']) -1)],
'Q' => $chars['Q'][mt_rand(0, min(count($chars['Q']), $config['captcha_gd_fonts']) -1)], 'Q' => $chars['Q'][mt_rand(0, min(sizeof($chars['Q']), $config['captcha_gd_fonts']) -1)],
'R' => $chars['R'][mt_rand(0, min(count($chars['R']), $config['captcha_gd_fonts']) -1)], 'R' => $chars['R'][mt_rand(0, min(sizeof($chars['R']), $config['captcha_gd_fonts']) -1)],
'S' => $chars['S'][mt_rand(0, min(count($chars['S']), $config['captcha_gd_fonts']) -1)], 'S' => $chars['S'][mt_rand(0, min(sizeof($chars['S']), $config['captcha_gd_fonts']) -1)],
'T' => $chars['T'][mt_rand(0, min(count($chars['T']), $config['captcha_gd_fonts']) -1)], 'T' => $chars['T'][mt_rand(0, min(sizeof($chars['T']), $config['captcha_gd_fonts']) -1)],
'U' => $chars['U'][mt_rand(0, min(count($chars['U']), $config['captcha_gd_fonts']) -1)], 'U' => $chars['U'][mt_rand(0, min(sizeof($chars['U']), $config['captcha_gd_fonts']) -1)],
'V' => $chars['V'][mt_rand(0, min(count($chars['V']), $config['captcha_gd_fonts']) -1)], 'V' => $chars['V'][mt_rand(0, min(sizeof($chars['V']), $config['captcha_gd_fonts']) -1)],
'W' => $chars['W'][mt_rand(0, min(count($chars['W']), $config['captcha_gd_fonts']) -1)], 'W' => $chars['W'][mt_rand(0, min(sizeof($chars['W']), $config['captcha_gd_fonts']) -1)],
'X' => $chars['X'][mt_rand(0, min(count($chars['X']), $config['captcha_gd_fonts']) -1)], 'X' => $chars['X'][mt_rand(0, min(sizeof($chars['X']), $config['captcha_gd_fonts']) -1)],
'Y' => $chars['Y'][mt_rand(0, min(count($chars['Y']), $config['captcha_gd_fonts']) -1)], 'Y' => $chars['Y'][mt_rand(0, min(sizeof($chars['Y']), $config['captcha_gd_fonts']) -1)],
'Z' => $chars['Z'][mt_rand(0, min(count($chars['Z']), $config['captcha_gd_fonts']) -1)], 'Z' => $chars['Z'][mt_rand(0, min(sizeof($chars['Z']), $config['captcha_gd_fonts']) -1)],
'1' => array( '1' => array(
array(0,0,0,1,1,0,0,0,0), array(0,0,0,1,1,0,0,0,0),

4
phpBB/includes/captcha/captcha_gd_wave.php
View file

@ -62,8 +62,8 @@ class captcha
'y' => mt_rand(10, 17) 'y' => mt_rand(10, 17)
), ),
'lower_left' => array( 'lower_left' => array(
'x' => mt_rand($img_x - 5, $img_x - 45), 'x' => mt_rand($img_x - 45, $img_x - 5),
'y' => mt_rand($img_y - 0, $img_y - 15) 'y' => mt_rand($img_y - 15, $img_y - 0),
), ),
); );

4
phpBB/includes/captcha/plugins/phpbb_captcha_qa_plugin.php
View file

@ -319,7 +319,7 @@ class phpbb_captcha_qa
), ),
'PRIMARY_KEY' => 'question_id', 'PRIMARY_KEY' => 'question_id',
'KEYS' => array( 'KEYS' => array(
'lang_iso' => array('INDEX', 'lang_iso'), 'lang' => array('INDEX', 'lang_iso'),
), ),
), ),
CAPTCHA_ANSWERS_TABLE => array ( CAPTCHA_ANSWERS_TABLE => array (
@ -328,7 +328,7 @@ class phpbb_captcha_qa
'answer_text' => array('STEXT_UNI', ''), 'answer_text' => array('STEXT_UNI', ''),
), ),
'KEYS' => array( 'KEYS' => array(
'question_id' => array('INDEX', 'question_id'), 'qid' => array('INDEX', 'question_id'),
), ),
), ),
CAPTCHA_QA_CONFIRM_TABLE => array ( CAPTCHA_QA_CONFIRM_TABLE => array (

13
phpBB/includes/captcha/plugins/phpbb_recaptcha_plugin.php
View file

@ -27,9 +27,14 @@ if (!class_exists('phpbb_default_captcha'))
*/ */
class phpbb_recaptcha extends phpbb_default_captcha class phpbb_recaptcha extends phpbb_default_captcha
{ {
var $recaptcha_server = 'http://api.recaptcha.net'; var $recaptcha_server = 'http://www.google.com/recaptcha/api';
var $recaptcha_server_secure = 'https://api-secure.recaptcha.net'; // class constants :( var $recaptcha_server_secure = 'https://www.google.com/recaptcha/api'; // class constants :(
var $recaptcha_verify_server = 'api-verify.recaptcha.net';
// We are opening a socket to port 80 of this host and send
// the POST request asking for verification to the path specified here.
var $recaptcha_verify_server = 'www.google.com';
var $recaptcha_verify_path = '/recaptcha/api/verify';
var $challenge; var $challenge;
var $response; var $response;
@ -296,7 +301,7 @@ class phpbb_recaptcha extends phpbb_default_captcha
return $user->lang['RECAPTCHA_INCORRECT']; return $user->lang['RECAPTCHA_INCORRECT'];
} }
$response = $this->_recaptcha_http_post($this->recaptcha_verify_server, '/verify', $response = $this->_recaptcha_http_post($this->recaptcha_verify_server, $this->recaptcha_verify_path,
array( array(
'privatekey' => $config['recaptcha_privkey'], 'privatekey' => $config['recaptcha_privkey'],
'remoteip' => $user->ip, 'remoteip' => $user->ip,

6
phpBB/includes/constants.php
View file

@ -25,7 +25,7 @@ if (!defined('IN_PHPBB'))
*/ */
// phpBB Version // phpBB Version
define('PHPBB_VERSION', '3.0.8'); define('PHPBB_VERSION', '3.0.9');
// QA-related // QA-related
// define('PHPBB_QA', 1); // define('PHPBB_QA', 1);
@ -173,6 +173,9 @@ define('BBCODE_UID_LEN', 8);
// Number of core BBCodes // Number of core BBCodes
define('NUM_CORE_BBCODES', 12); define('NUM_CORE_BBCODES', 12);
// BBCode hard limit
define('BBCODE_LIMIT', 1511);
// Smiley hard limit // Smiley hard limit
define('SMILEY_LIMIT', 1000); define('SMILEY_LIMIT', 1000);
@ -233,6 +236,7 @@ define('GROUPS_TABLE', $table_prefix . 'groups');
define('ICONS_TABLE', $table_prefix . 'icons'); define('ICONS_TABLE', $table_prefix . 'icons');
define('LANG_TABLE', $table_prefix . 'lang'); define('LANG_TABLE', $table_prefix . 'lang');
define('LOG_TABLE', $table_prefix . 'log'); define('LOG_TABLE', $table_prefix . 'log');
define('LOGIN_ATTEMPT_TABLE', $table_prefix . 'login_attempts');
define('MODERATOR_CACHE_TABLE', $table_prefix . 'moderator_cache'); define('MODERATOR_CACHE_TABLE', $table_prefix . 'moderator_cache');
define('MODULES_TABLE', $table_prefix . 'modules'); define('MODULES_TABLE', $table_prefix . 'modules');
define('POLL_OPTIONS_TABLE', $table_prefix . 'poll_options'); define('POLL_OPTIONS_TABLE', $table_prefix . 'poll_options');

311
phpBB/includes/db/db_tools.php
View file

@ -417,6 +417,11 @@ class phpbb_db_tools
// here lies an array, filled with information compiled on the column's data // here lies an array, filled with information compiled on the column's data
$prepared_column = $this->sql_prepare_column_data($table_name, $column_name, $column_data); $prepared_column = $this->sql_prepare_column_data($table_name, $column_name, $column_data);
if (isset($prepared_column['auto_increment']) && strlen($column_name) > 26) // "${column_name}_gen"
{
trigger_error("Index name '${column_name}_gen' on table '$table_name' is too long. The maximum auto increment column length is 26 characters.", E_USER_ERROR);
}
// here we add the definition of the new column to the list of columns // here we add the definition of the new column to the list of columns
switch ($this->sql_layer) switch ($this->sql_layer)
{ {
@ -538,7 +543,7 @@ class phpbb_db_tools
break; break;
case 'oracle': case 'oracle':
$table_sql .= "\n);"; $table_sql .= "\n)";
$statements[] = $table_sql; $statements[] = $table_sql;
// do we need to add a sequence and a tigger for auto incrementing columns? // do we need to add a sequence and a tigger for auto incrementing columns?
@ -556,7 +561,7 @@ class phpbb_db_tools
$trigger .= "BEGIN\n"; $trigger .= "BEGIN\n";
$trigger .= "\tSELECT {$table_name}_seq.nextval\n"; $trigger .= "\tSELECT {$table_name}_seq.nextval\n";
$trigger .= "\tINTO :new.{$create_sequence}\n"; $trigger .= "\tINTO :new.{$create_sequence}\n";
$trigger .= "\tFROM dual\n"; $trigger .= "\tFROM dual;\n";
$trigger .= "END;"; $trigger .= "END;";
$statements[] = $trigger; $statements[] = $trigger;
@ -566,7 +571,13 @@ class phpbb_db_tools
case 'firebird': case 'firebird':
if ($create_sequence) if ($create_sequence)
{ {
$statements[] = "CREATE SEQUENCE {$table_name}_seq;"; $statements[] = "CREATE GENERATOR {$table_name}_gen;";
$statements[] = "SET GENERATOR {$table_name}_gen TO 0;";
$trigger = "CREATE TRIGGER t_$table_name FOR $table_name\n";
$trigger .= "BEFORE INSERT\nAS\nBEGIN\n";
$trigger .= "\tNEW.{$create_sequence} = GEN_ID({$table_name}_gen, 1);\nEND;";
$statements[] = $trigger;
} }
break; break;
} }
@ -638,6 +649,19 @@ class phpbb_db_tools
$sqlite = true; $sqlite = true;
} }
// Add tables?
if (!empty($schema_changes['add_tables']))
{
foreach ($schema_changes['add_tables'] as $table => $table_data)
{
$result = $this->sql_create_table($table, $table_data);
if ($this->return_statements)
{
$statements = array_merge($statements, $result);
}
}
}
// Change columns? // Change columns?
if (!empty($schema_changes['change_columns'])) if (!empty($schema_changes['change_columns']))
{ {
@ -681,10 +705,12 @@ class phpbb_db_tools
{ {
foreach ($columns as $column_name => $column_data) foreach ($columns as $column_name => $column_data)
{ {
// Only add the column if it does not exist yet, else change it (to be consistent) // Only add the column if it does not exist yet
if ($column_exists = $this->sql_column_exists($table, $column_name)) if ($column_exists = $this->sql_column_exists($table, $column_name))
{ {
$result = $this->sql_column_change($table, $column_name, $column_data, true); continue;
// This is commented out here because it can take tremendous time on updates
// $result = $this->sql_column_change($table, $column_name, $column_data, true);
} }
else else
{ {
@ -695,7 +721,8 @@ class phpbb_db_tools
{ {
if ($column_exists) if ($column_exists)
{ {
$sqlite_data[$table]['change_columns'][] = $result; continue;
// $sqlite_data[$table]['change_columns'][] = $result;
} }
else else
{ {
@ -717,6 +744,11 @@ class phpbb_db_tools
{ {
foreach ($indexes as $index_name) foreach ($indexes as $index_name)
{ {
if (!$this->sql_index_exists($table, $index_name))
{
continue;
}
$result = $this->sql_index_drop($table, $index_name); $result = $this->sql_index_drop($table, $index_name);
if ($this->return_statements) if ($this->return_statements)
@ -777,6 +809,11 @@ class phpbb_db_tools
{ {
foreach ($index_array as $index_name => $column) foreach ($index_array as $index_name => $column)
{ {
if ($this->sql_unique_index_exists($table, $index_name))
{
continue;
}
$result = $this->sql_create_unique_index($table, $index_name, $column); $result = $this->sql_create_unique_index($table, $index_name, $column);
if ($this->return_statements) if ($this->return_statements)
@ -794,6 +831,11 @@ class phpbb_db_tools
{ {
foreach ($index_array as $index_name => $column) foreach ($index_array as $index_name => $column)
{ {
if ($this->sql_index_exists($table, $index_name))
{
continue;
}
$result = $this->sql_create_index($table, $index_name, $column); $result = $this->sql_create_index($table, $index_name, $column);
if ($this->return_statements) if ($this->return_statements)
@ -1102,6 +1144,236 @@ class phpbb_db_tools
} }
} }
/**
* Check if a specified index exists in table. Does not return PRIMARY KEY and UNIQUE indexes.
*
* @param string $table_name Table to check the index at
* @param string $index_name The index name to check
*
* @return bool True if index exists, else false
*/
function sql_index_exists($table_name, $index_name)
{
if ($this->sql_layer == 'mssql' || $this->sql_layer == 'mssqlnative')
{
$sql = "EXEC sp_statistics '$table_name'";
$result = $this->db->sql_query($sql);
while ($row = $this->db->sql_fetchrow($result))
{
if ($row['TYPE'] == 3)
{
if (strtolower($row['INDEX_NAME']) == strtolower($index_name))
{
$this->db->sql_freeresult($result);
return true;
}
}
}
$this->db->sql_freeresult($result);
return false;
}
switch ($this->sql_layer)
{
case 'firebird':
$sql = "SELECT LOWER(RDB\$INDEX_NAME) as index_name
FROM RDB\$INDICES
WHERE RDB\$RELATION_NAME = '" . strtoupper($table_name) . "'
AND RDB\$UNIQUE_FLAG IS NULL
AND RDB\$FOREIGN_KEY IS NULL";
$col = 'index_name';
break;
case 'postgres':
$sql = "SELECT ic.relname as index_name
FROM pg_class bc, pg_class ic, pg_index i
WHERE (bc.oid = i.indrelid)
AND (ic.oid = i.indexrelid)
AND (bc.relname = '" . $table_name . "')
AND (i.indisunique != 't')
AND (i.indisprimary != 't')";
$col = 'index_name';
break;
case 'mysql_40':
case 'mysql_41':
$sql = 'SHOW KEYS
FROM ' . $table_name;
$col = 'Key_name';
break;
case 'oracle':
$sql = "SELECT index_name
FROM user_indexes
WHERE table_name = '" . strtoupper($table_name) . "'
AND generated = 'N'
AND uniqueness = 'NONUNIQUE'";
$col = 'index_name';
break;
case 'sqlite':
$sql = "PRAGMA index_list('" . $table_name . "');";
$col = 'name';
break;
}
$result = $this->db->sql_query($sql);
while ($row = $this->db->sql_fetchrow($result))
{
if (($this->sql_layer == 'mysql_40' || $this->sql_layer == 'mysql_41') && !$row['Non_unique'])
{
continue;
}
// These DBMS prefix index name with the table name
switch ($this->sql_layer)
{
case 'firebird':
case 'oracle':
case 'postgres':
case 'sqlite':
$row[$col] = substr($row[$col], strlen($table_name) + 1);
break;
}
if (strtolower($row[$col]) == strtolower($index_name))
{
$this->db->sql_freeresult($result);
return true;
}
}
$this->db->sql_freeresult($result);
return false;
}
/**
* Check if a specified index exists in table. Does not return PRIMARY KEY and UNIQUE indexes.
*
* @param string $table_name Table to check the index at
* @param string $index_name The index name to check
*
* @return bool True if index exists, else false
*/
function sql_unique_index_exists($table_name, $index_name)
{
if ($this->sql_layer == 'mssql' || $this->sql_layer == 'mssqlnative')
{
$sql = "EXEC sp_statistics '$table_name'";
$result = $this->db->sql_query($sql);
while ($row = $this->db->sql_fetchrow($result))
{
// Usually NON_UNIQUE is the column we want to check, but we allow for both
if ($row['TYPE'] == 3)
{
if (strtolower($row['INDEX_NAME']) == strtolower($index_name))
{
$this->db->sql_freeresult($result);
return true;
}
}
}
$this->db->sql_freeresult($result);
return false;
}
switch ($this->sql_layer)
{
case 'firebird':
$sql = "SELECT LOWER(RDB\$INDEX_NAME) as index_name
FROM RDB\$INDICES
WHERE RDB\$RELATION_NAME = '" . strtoupper($table_name) . "'
AND RDB\$UNIQUE_FLAG IS NOT NULL
AND RDB\$FOREIGN_KEY IS NULL";
$col = 'index_name';
break;
case 'postgres':
$sql = "SELECT ic.relname as index_name, i.indisunique
FROM pg_class bc, pg_class ic, pg_index i
WHERE (bc.oid = i.indrelid)
AND (ic.oid = i.indexrelid)
AND (bc.relname = '" . $table_name . "')
AND (i.indisprimary != 't')";
$col = 'index_name';
break;
case 'mysql_40':
case 'mysql_41':
$sql = 'SHOW KEYS
FROM ' . $table_name;
$col = 'Key_name';
break;
case 'oracle':
$sql = "SELECT index_name, table_owner
FROM user_indexes
WHERE table_name = '" . strtoupper($table_name) . "'
AND generated = 'N'
AND uniqueness = 'UNIQUE'";
$col = 'index_name';
break;
case 'sqlite':
$sql = "PRAGMA index_list('" . $table_name . "');";
$col = 'name';
break;
}
$result = $this->db->sql_query($sql);
while ($row = $this->db->sql_fetchrow($result))
{
if (($this->sql_layer == 'mysql_40' || $this->sql_layer == 'mysql_41') && ($row['Non_unique'] || $row[$col] == 'PRIMARY'))
{
continue;
}
if ($this->sql_layer == 'sqlite' && !$row['unique'])
{
continue;
}
if ($this->sql_layer == 'postgres' && $row['indisunique'] != 't')
{
continue;
}
// These DBMS prefix index name with the table name
switch ($this->sql_layer)
{
case 'oracle':
// Two cases here... prefixed with U_[table_owner] and not prefixed with table_name
if (strpos($row[$col], 'U_') === 0)
{
$row[$col] = substr($row[$col], strlen('U_' . $row['table_owner']) + 1);
}
else if (strpos($row[$col], strtoupper($table_name)) === 0)
{
$row[$col] = substr($row[$col], strlen($table_name) + 1);
}
break;
case 'firebird':
case 'postgres':
case 'sqlite':
$row[$col] = substr($row[$col], strlen($table_name) + 1);
break;
}
if (strtolower($row[$col]) == strtolower($index_name))
{
$this->db->sql_freeresult($result);
return true;
}
}
$this->db->sql_freeresult($result);
return false;
}
/** /**
* Private method for performing sql statements (either execute them or return them) * Private method for performing sql statements (either execute them or return them)
* @access private * @access private
@ -1139,6 +1411,11 @@ class phpbb_db_tools
*/ */
function sql_prepare_column_data($table_name, $column_name, $column_data) function sql_prepare_column_data($table_name, $column_name, $column_data)
{ {
if (strlen($column_name) > 30)
{
trigger_error("Column name '$column_name' on table '$table_name' is too long. The maximum is 30 characters.", E_USER_ERROR);
}
// Get type // Get type
if (strpos($column_data[0], ':') !== false) if (strpos($column_data[0], ':') !== false)
{ {
@ -1371,24 +1648,29 @@ class phpbb_db_tools
switch ($this->sql_layer) switch ($this->sql_layer)
{ {
case 'firebird': case 'firebird':
// Does not support AFTER statement, only POSITION (and there you need the column position)
$statements[] = 'ALTER TABLE ' . $table_name . ' ADD "' . strtoupper($column_name) . '" ' . $column_data['column_type_sql']; $statements[] = 'ALTER TABLE ' . $table_name . ' ADD "' . strtoupper($column_name) . '" ' . $column_data['column_type_sql'];
break; break;
case 'mssql': case 'mssql':
case 'mssqlnative': case 'mssqlnative':
// Does not support AFTER, only through temporary table
$statements[] = 'ALTER TABLE [' . $table_name . '] ADD [' . $column_name . '] ' . $column_data['column_type_sql_default']; $statements[] = 'ALTER TABLE [' . $table_name . '] ADD [' . $column_name . '] ' . $column_data['column_type_sql_default'];
break; break;
case 'mysql_40': case 'mysql_40':
case 'mysql_41': case 'mysql_41':
$statements[] = 'ALTER TABLE `' . $table_name . '` ADD COLUMN `' . $column_name . '` ' . $column_data['column_type_sql']; $after = (!empty($column_data['after'])) ? ' AFTER ' . $column_data['after'] : '';
$statements[] = 'ALTER TABLE `' . $table_name . '` ADD COLUMN `' . $column_name . '` ' . $column_data['column_type_sql'] . $after;
break; break;
case 'oracle': case 'oracle':
// Does not support AFTER, only through temporary table
$statements[] = 'ALTER TABLE ' . $table_name . ' ADD ' . $column_name . ' ' . $column_data['column_type_sql']; $statements[] = 'ALTER TABLE ' . $table_name . ' ADD ' . $column_name . ' ' . $column_data['column_type_sql'];
break; break;
case 'postgres': case 'postgres':
// Does not support AFTER, only through temporary table
if (version_compare($this->db->sql_server_info(true), '8.0', '>=')) if (version_compare($this->db->sql_server_info(true), '8.0', '>='))
{ {
$statements[] = 'ALTER TABLE ' . $table_name . ' ADD COLUMN "' . $column_name . '" ' . $column_data['column_type_sql']; $statements[] = 'ALTER TABLE ' . $table_name . ' ADD COLUMN "' . $column_name . '" ' . $column_data['column_type_sql'];
@ -1774,6 +2056,13 @@ class phpbb_db_tools
{ {
$statements = array(); $statements = array();
$table_prefix = substr(CONFIG_TABLE, 0, -6); // strlen(config)
if (strlen($table_name . $index_name) - strlen($table_prefix) > 24)
{
$max_length = $table_prefix + 24;
trigger_error("Index name '{$table_name}_$index_name' on table '$table_name' is too long. The maximum is $max_length characters.", E_USER_ERROR);
}
switch ($this->sql_layer) switch ($this->sql_layer)
{ {
case 'firebird': case 'firebird':
@ -1804,6 +2093,13 @@ class phpbb_db_tools
{ {
$statements = array(); $statements = array();
$table_prefix = substr(CONFIG_TABLE, 0, -6); // strlen(config)
if (strlen($table_name . $index_name) - strlen($table_prefix) > 24)
{
$max_length = $table_prefix + 24;
trigger_error("Index name '{$table_name}_$index_name' on table '$table_name' is too long. The maximum is $max_length characters.", E_USER_ERROR);
}
// remove index length unless MySQL4 // remove index length unless MySQL4
if ('mysql_40' != $this->sql_layer) if ('mysql_40' != $this->sql_layer)
{ {
@ -1957,6 +2253,7 @@ class phpbb_db_tools
} }
else else
{ {
// TODO: try to change pkey without removing trigger, generator or constraints. ATM this query may fail.
$statements[] = 'ALTER TABLE ' . $table_name . ' ALTER COLUMN "' . strtoupper($column_name) . '" TYPE ' . ' ' . $column_data['column_type_sql_type']; $statements[] = 'ALTER TABLE ' . $table_name . ' ALTER COLUMN "' . strtoupper($column_name) . '" TYPE ' . ' ' . $column_data['column_type_sql_type'];
} }
break; break;

12
phpBB/includes/db/dbal.php
View file

@ -241,6 +241,16 @@ class dbal
return $this->_sql_like_expression('LIKE \'' . $this->sql_escape($expression) . '\''); return $this->_sql_like_expression('LIKE \'' . $this->sql_escape($expression) . '\'');
} }
/**
* Returns whether results of a query need to be buffered to run a transaction while iterating over them.
*
* @return bool Whether buffering is required.
*/
function sql_buffer_nested_transactions()
{
return false;
}
/** /**
* SQL Transaction * SQL Transaction
* @access private * @access private
@ -767,7 +777,7 @@ class dbal
</div> </div>
</div> </div>
<div id="page-footer"> <div id="page-footer">
Powered by phpBB &copy; 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a> Powered by <a href="http://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Group
</div> </div>
</div> </div>
</body> </body>

49
phpBB/includes/db/firebird.php
View file

@ -28,6 +28,7 @@ class dbal_firebird extends dbal
var $last_query_text = ''; var $last_query_text = '';
var $service_handle = false; var $service_handle = false;
var $affected_rows = 0; var $affected_rows = 0;
var $connect_error = '';
/** /**
* Connect to server * Connect to server
@ -53,9 +54,35 @@ class dbal_firebird extends dbal
$use_database = $this->server . ':' . $this->dbname; $use_database = $this->server . ':' . $this->dbname;
} }
$this->db_connect_id = ($this->persistency) ? @ibase_pconnect($use_database, $this->user, $sqlpassword, false, false, 3) : @ibase_connect($use_database, $this->user, $sqlpassword, false, false, 3); if ($this->persistency)
{
if (!function_exists('ibase_pconnect'))
{
$this->connect_error = 'ibase_pconnect function does not exist, is interbase extension installed?';
return $this->sql_error('');
}
$this->db_connect_id = @ibase_pconnect($use_database, $this->user, $sqlpassword, false, false, 3);
}
else
{
if (!function_exists('ibase_connect'))
{
$this->connect_error = 'ibase_connect function does not exist, is interbase extension installed?';
return $this->sql_error('');
}
$this->db_connect_id = @ibase_connect($use_database, $this->user, $sqlpassword, false, false, 3);
}
$this->service_handle = (function_exists('ibase_service_attach') && $this->server) ? @ibase_service_attach($this->server, $this->user, $sqlpassword) : false; // Do not call ibase_service_attach if connection failed,
// otherwise error message from ibase_(p)connect call will be clobbered.
if ($this->db_connect_id && function_exists('ibase_service_attach') && $this->server)
{
$this->service_handle = @ibase_service_attach($this->server, $this->user, $sqlpassword);
}
else
{
$this->service_handle = false;
}
return ($this->db_connect_id) ? $this->db_connect_id : $this->sql_error(''); return ($this->db_connect_id) ? $this->db_connect_id : $this->sql_error('');
} }
@ -471,8 +498,24 @@ class dbal_firebird extends dbal
*/ */
function _sql_error() function _sql_error()
{ {
// Need special handling here because ibase_errmsg returns
// connection errors, however if the interbase extension
// is not installed then ibase_errmsg does not exist and
// we cannot call it.
if (function_exists('ibase_errmsg'))
{
$msg = @ibase_errmsg();
if (!$msg)
{
$msg = $this->connect_error;
}
}
else
{
$msg = $this->connect_error;
}
return array( return array(
'message' => @ibase_errmsg(), 'message' => $msg,
'code' => (@function_exists('ibase_errcode') ? @ibase_errcode() : '') 'code' => (@function_exists('ibase_errcode') ? @ibase_errcode() : '')
); );
} }

10
phpBB/includes/db/mssqlnative.php
View file

@ -50,7 +50,7 @@ class result_mssqlnative
} }
} }
$this->m_row_count = count($this->m_rows); $this->m_row_count = sizeof($this->m_rows);
} }
private function array_to_obj($array, &$obj) private function array_to_obj($array, &$obj)
@ -258,6 +258,14 @@ class dbal_mssqlnative extends dbal
return ($this->sql_server_version) ? 'MSSQL<br />' . $this->sql_server_version : 'MSSQL'; return ($this->sql_server_version) ? 'MSSQL<br />' . $this->sql_server_version : 'MSSQL';
} }
/**
* {@inheritDoc}
*/
function sql_buffer_nested_transactions()
{
return true;
}
/** /**
* SQL Transaction * SQL Transaction
* @access private * @access private

3
phpBB/includes/db/oracle.php
View file

@ -269,11 +269,12 @@ class dbal_oracle extends dbal
{ {
$cols = explode(', ', $regs[2]); $cols = explode(', ', $regs[2]);
preg_match_all('/\'(?:[^\']++|\'\')*+\'|[\d-.]+/', $regs[3], $vals, PREG_PATTERN_ORDER);
/* The code inside this comment block breaks clob handling, but does allow the /* The code inside this comment block breaks clob handling, but does allow the
database restore script to work. If you want to allow no posts longer than 4KB database restore script to work. If you want to allow no posts longer than 4KB
and/or need the db restore script, uncomment this. and/or need the db restore script, uncomment this.
preg_match_all('/\'(?:[^\']++|\'\')*+\'|[\d-.]+/', $regs[3], $vals, PREG_PATTERN_ORDER);
if (sizeof($cols) !== sizeof($vals)) if (sizeof($cols) !== sizeof($vals))
{ {

36
phpBB/includes/db/postgres.php
View file

@ -18,6 +18,11 @@ if (!defined('IN_PHPBB'))
include_once($phpbb_root_path . 'includes/db/dbal.' . $phpEx); include_once($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
if (!class_exists('phpbb_error_collector'))
{
include($phpbb_root_path . 'includes/error_collector.' . $phpEx);
}
/** /**
* PostgreSQL Database Abstraction Layer * PostgreSQL Database Abstraction Layer
* Minimum Requirement is Version 7.3+ * Minimum Requirement is Version 7.3+
@ -26,6 +31,7 @@ include_once($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
class dbal_postgres extends dbal class dbal_postgres extends dbal
{ {
var $last_query_text = ''; var $last_query_text = '';
var $connect_error = '';
/** /**
* Connect to server * Connect to server
@ -81,13 +87,29 @@ class dbal_postgres extends dbal
if ($this->persistency) if ($this->persistency)
{ {
if (!function_exists('pg_pconnect'))
{
$this->connect_error = 'pg_pconnect function does not exist, is pgsql extension installed?';
return $this->sql_error('');
}
$collector = new phpbb_error_collector;
$collector->install();
$this->db_connect_id = (!$new_link) ? @pg_pconnect($connect_string) : @pg_pconnect($connect_string, PGSQL_CONNECT_FORCE_NEW); $this->db_connect_id = (!$new_link) ? @pg_pconnect($connect_string) : @pg_pconnect($connect_string, PGSQL_CONNECT_FORCE_NEW);
} }
else else
{ {
if (!function_exists('pg_connect'))
{
$this->connect_error = 'pg_connect function does not exist, is pgsql extension installed?';
return $this->sql_error('');
}
$collector = new phpbb_error_collector;
$collector->install();
$this->db_connect_id = (!$new_link) ? @pg_connect($connect_string) : @pg_connect($connect_string, PGSQL_CONNECT_FORCE_NEW); $this->db_connect_id = (!$new_link) ? @pg_connect($connect_string) : @pg_connect($connect_string, PGSQL_CONNECT_FORCE_NEW);
} }
$collector->uninstall();
if ($this->db_connect_id) if ($this->db_connect_id)
{ {
if (version_compare($this->sql_server_info(true), '8.2', '>=')) if (version_compare($this->sql_server_info(true), '8.2', '>='))
@ -102,6 +124,7 @@ class dbal_postgres extends dbal
return $this->db_connect_id; return $this->db_connect_id;
} }
$this->connect_error = $collector->format_errors();
return $this->sql_error(''); return $this->sql_error('');
} }
@ -371,8 +394,19 @@ class dbal_postgres extends dbal
*/ */
function _sql_error() function _sql_error()
{ {
// pg_last_error only works when there is an established connection.
// Connection errors have to be tracked by us manually.
if ($this->db_connect_id)
{
$message = @pg_last_error($this->db_connect_id);
}
else
{
$message = $this->connect_error;
}
return array( return array(
'message' => (!$this->db_connect_id) ? @pg_last_error() : @pg_last_error($this->db_connect_id), 'message' => $message,
'code' => '' 'code' => ''
); );
} }

61
phpBB/includes/error_collector.php Normal file
View file

@ -0,0 +1,61 @@
<?php
/**
*
* @package phpBB
* @version $Id$
* @copyright (c) 2011 phpBB Group
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
*
*/
/**
* @ignore
*/
if (!defined('IN_PHPBB'))
{
exit;
}
class phpbb_error_collector
{
var $errors;
function phpbb_error_collector()
{
$this->errors = array();
}
function install()
{
set_error_handler(array(&$this, 'error_handler'));
}
function uninstall()
{
restore_error_handler();
}
function error_handler($errno, $msg_text, $errfile, $errline)
{
$this->errors[] = array($errno, $msg_text, $errfile, $errline);
}
function format_errors()
{
$text = '';
foreach ($this->errors as $error)
{
if (!empty($text))
{
$text .= "<br />\n";
}
list($errno, $msg_text, $errfile, $errline) = $error;
$text .= "Errno $errno: $msg_text";
if (defined('DEBUG_EXTRA') || defined('IN_INSTALL'))
{
$text .= " at $errfile line $errline";
}
}
return $text;
}
}

141
phpBB/includes/functions.php
View file

@ -175,8 +175,13 @@ function set_config_count($config_name, $increment, $is_dynamic = false)
switch ($db->sql_layer) switch ($db->sql_layer)
{ {
case 'firebird': case 'firebird':
// Precision must be from 1 to 18
$sql_update = 'CAST(CAST(config_value as DECIMAL(18, 0)) + ' . (int) $increment . ' as VARCHAR(255))';
break;
case 'postgres': case 'postgres':
$sql_update = 'CAST(CAST(config_value as DECIMAL(255, 0)) + ' . (int) $increment . ' as VARCHAR(255))'; // Need to cast to text first for PostgreSQL 7.x
$sql_update = 'CAST(CAST(config_value::text as DECIMAL(255, 0)) + ' . (int) $increment . ' as VARCHAR(255))';
break; break;
// MySQL, SQlite, mssql, mssql_odbc, oracle // MySQL, SQlite, mssql, mssql_odbc, oracle
@ -236,14 +241,30 @@ function unique_id($extra = 'c')
if ($dss_seeded !== true && ($config['rand_seed_last_update'] < time() - rand(1,10))) if ($dss_seeded !== true && ($config['rand_seed_last_update'] < time() - rand(1,10)))
{ {
set_config('rand_seed', $config['rand_seed'], true);
set_config('rand_seed_last_update', time(), true); set_config('rand_seed_last_update', time(), true);
set_config('rand_seed', $config['rand_seed'], true);
$dss_seeded = true; $dss_seeded = true;
} }
return substr($val, 4, 16); return substr($val, 4, 16);
} }
/**
* Wrapper for mt_rand() which allows swapping $min and $max parameters.
*
* PHP does not allow us to swap the order of the arguments for mt_rand() anymore.
* (since PHP 5.3.4, see http://bugs.php.net/46587)
*
* @param int $min Lowest value to be returned
* @param int $max Highest value to be returned
*
* @return int Random integer between $min and $max (or $max and $min)
*/
function phpbb_mt_rand($min, $max)
{
return ($min > $max) ? mt_rand($max, $min) : mt_rand($min, $max);
}
/** /**
* Return formatted string for filesizes * Return formatted string for filesizes
* *
@ -512,7 +533,7 @@ function _hash_crypt_private($password, $setting, &$itoa64)
$output = '*'; $output = '*';
// Check for correct hash // Check for correct hash
if (substr($setting, 0, 3) != '$H$') if (substr($setting, 0, 3) != '$H$' && substr($setting, 0, 3) != '$P$')
{ {
return $output; return $output;
} }
@ -1698,7 +1719,7 @@ function get_unread_topics($user_id = false, $sql_extra = '', $sql_sort = '', $s
if ($config['load_db_lastread'] && $user->data['is_registered']) if ($config['load_db_lastread'] && $user->data['is_registered'])
{ {
// Get list of the unread topics // Get list of the unread topics
$last_mark = $user->data['user_lastmark']; $last_mark = (int) $user->data['user_lastmark'];
$sql_array = array( $sql_array = array(
'SELECT' => 't.topic_id, t.topic_last_post_time, tt.mark_time as topic_mark_time, ft.mark_time as forum_mark_time', 'SELECT' => 't.topic_id, t.topic_last_post_time, tt.mark_time as topic_mark_time, ft.mark_time as forum_mark_time',
@ -1717,10 +1738,11 @@ function get_unread_topics($user_id = false, $sql_extra = '', $sql_sort = '', $s
), ),
'WHERE' => " 'WHERE' => "
t.topic_last_post_time > $last_mark AND
( (
(tt.mark_time IS NOT NULL AND t.topic_last_post_time > tt.mark_time) OR (tt.mark_time IS NOT NULL AND t.topic_last_post_time > tt.mark_time) OR
(tt.mark_time IS NULL AND ft.mark_time IS NOT NULL AND t.topic_last_post_time > ft.mark_time) OR (tt.mark_time IS NULL AND ft.mark_time IS NOT NULL AND t.topic_last_post_time > ft.mark_time) OR
(tt.mark_time IS NULL AND ft.mark_time IS NULL AND t.topic_last_post_time > $last_mark) (tt.mark_time IS NULL AND ft.mark_time IS NULL)
) )
$sql_extra $sql_extra
$sql_sort", $sql_sort",
@ -2248,7 +2270,10 @@ function append_sid($url, $params = false, $is_amp = true, $session_id = false)
/** /**
* Generate board url (example: http://www.example.com/phpBB) * Generate board url (example: http://www.example.com/phpBB)
*
* @param bool $without_script_path if set to true the script path gets not appended (example: http://www.example.com) * @param bool $without_script_path if set to true the script path gets not appended (example: http://www.example.com)
*
* @return string the generated board url
*/ */
function generate_board_url($without_script_path = false) function generate_board_url($without_script_path = false)
{ {
@ -2353,12 +2378,12 @@ function redirect($url, $return = false, $disable_cd_check = false)
// Relative uri // Relative uri
$pathinfo = pathinfo($url); $pathinfo = pathinfo($url);
if (!$disable_cd_check && !file_exists($pathinfo['dirname'])) if (!$disable_cd_check && !file_exists($pathinfo['dirname'] . '/'))
{ {
$url = str_replace('../', '', $url); $url = str_replace('../', '', $url);
$pathinfo = pathinfo($url); $pathinfo = pathinfo($url);
if (!file_exists($pathinfo['dirname'])) if (!file_exists($pathinfo['dirname'] . '/'))
{ {
// fallback to "last known user page" // fallback to "last known user page"
// at least this way we know the user does not leave the phpBB root // at least this way we know the user does not leave the phpBB root
@ -2630,8 +2655,14 @@ function send_status_line($code, $message)
} }
else else
{ {
if (isset($_SERVER['HTTP_VERSION'])) if (!empty($_SERVER['SERVER_PROTOCOL']))
{ {
$version = $_SERVER['SERVER_PROTOCOL'];
}
else if (!empty($_SERVER['HTTP_VERSION']))
{
// I cannot remember where I got this from.
// This code path may never be reachable in reality.
$version = $_SERVER['HTTP_VERSION']; $version = $_SERVER['HTTP_VERSION'];
} }
else else
@ -3428,6 +3459,48 @@ function get_preg_expression($mode)
return ''; return '';
} }
/**
* Generate regexp for naughty words censoring
* Depends on whether installed PHP version supports unicode properties
*
* @param string $word word template to be replaced
* @param bool $use_unicode whether or not to take advantage of PCRE supporting unicode
*
* @return string $preg_expr regex to use with word censor
*/
function get_censor_preg_expression($word, $use_unicode = true)
{
static $unicode_support = null;
// Check whether PHP version supports unicode properties
if (is_null($unicode_support))
{
$unicode_support = ((version_compare(PHP_VERSION, '5.1.0', '>=') || (version_compare(PHP_VERSION, '5.0.0-dev', '<=') && version_compare(PHP_VERSION, '4.4.0', '>='))) && @preg_match('/\p{L}/u', 'a') !== false) ? true : false;
}
// Unescape the asterisk to simplify further conversions
$word = str_replace('\*', '*', preg_quote($word, '#'));
if ($use_unicode && $unicode_support)
{
// Replace asterisk(s) inside the pattern, at the start and at the end of it with regexes
$word = preg_replace(array('#(?<=[\p{Nd}\p{L}_])\*+(?=[\p{Nd}\p{L}_])#iu', '#^\*+#', '#\*+$#'), array('([\x20]*?|[\p{Nd}\p{L}_-]*?)', '[\p{Nd}\p{L}_-]*?', '[\p{Nd}\p{L}_-]*?'), $word);
// Generate the final substitution
$preg_expr = '#(?<![\p{Nd}\p{L}_-])(' . $word . ')(?![\p{Nd}\p{L}_-])#iu';
}
else
{
// Replace the asterisk inside the pattern, at the start and at the end of it with regexes
$word = preg_replace(array('#(?<=\S)\*+(?=\S)#iu', '#^\*+#', '#\*+$#'), array('(\x20*?\S*?)', '\S*?', '\S*?'), $word);
// Generate the final substitution
$preg_expr = '#(?<!\S)(' . $word . ')(?!\S)#iu';
}
return $preg_expr;
}
/** /**
* Returns the first block of the specified IPv6 address and as many additional * Returns the first block of the specified IPv6 address and as many additional
* ones as specified in the length paramater. * ones as specified in the length paramater.
@ -3685,25 +3758,11 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
if (strpos($errfile, 'cache') === false && strpos($errfile, 'template.') === false) if (strpos($errfile, 'cache') === false && strpos($errfile, 'template.') === false)
{ {
// flush the content, else we get a white page if output buffering is on
if ((int) @ini_get('output_buffering') === 1 || strtolower(@ini_get('output_buffering')) === 'on')
{
@ob_flush();
}
// Another quick fix for those having gzip compression enabled, but do not flush if the coder wants to catch "something". ;)
if (!empty($config['gzip_compress']))
{
if (@extension_loaded('zlib') && !headers_sent() && !ob_get_level())
{
@ob_flush();
}
}
// remove complete path to installation, with the risk of changing backslashes meant to be there // remove complete path to installation, with the risk of changing backslashes meant to be there
$errfile = str_replace(array(phpbb_realpath($phpbb_root_path), '\\'), array('', '/'), $errfile); $errfile = str_replace(array(phpbb_realpath($phpbb_root_path), '\\'), array('', '/'), $errfile);
$msg_text = str_replace(array(phpbb_realpath($phpbb_root_path), '\\'), array('', '/'), $msg_text); $msg_text = str_replace(array(phpbb_realpath($phpbb_root_path), '\\'), array('', '/'), $msg_text);
echo '<b>[phpBB Debug] PHP Notice</b>: in file <b>' . $errfile . '</b> on line <b>' . $errline . '</b>: <b>' . $msg_text . '</b><br />' . "\n"; $error_name = ($errno === E_WARNING) ? 'PHP Warning' : 'PHP Notice';
echo '<b>[phpBB Debug] ' . $error_name . '</b>: in file <b>' . $errfile . '</b> on line <b>' . $errline . '</b>: <b>' . $msg_text . '</b><br />' . "\n";
// we are writing an image - the user won't see the debug, so let's place it in the log // we are writing an image - the user won't see the debug, so let's place it in the log
if (defined('IMAGE_OUTPUT') || defined('IN_CRON')) if (defined('IMAGE_OUTPUT') || defined('IN_CRON'))
@ -3792,7 +3851,7 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
echo ' </div>'; echo ' </div>';
echo ' </div>'; echo ' </div>';
echo ' <div id="page-footer">'; echo ' <div id="page-footer">';
echo ' Powered by phpBB &copy; 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a>'; echo ' Powered by <a href="http://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Group';
echo ' </div>'; echo ' </div>';
echo '</div>'; echo '</div>';
echo '</body>'; echo '</body>';
@ -4258,7 +4317,21 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0
// gzip_compression // gzip_compression
if ($config['gzip_compress']) if ($config['gzip_compress'])
{ {
if (@extension_loaded('zlib') && !headers_sent()) // to avoid partially compressed output resulting in blank pages in
// the browser or error messages, compression is disabled in a few cases:
//
// 1) if headers have already been sent, this indicates plaintext output
// has been started so further content must not be compressed
// 2) the length of the current output buffer is non-zero. This means
// there is already some uncompressed content in this output buffer
// so further output must not be compressed
// 3) if more than one level of output buffering is used because we
// cannot test all output buffer level content lengths. One level
// could be caused by php.ini output_buffering. Anything
// beyond that is manual, so the code wrapping phpBB in output buffering
// can easily compress the output itself.
//
if (@extension_loaded('zlib') && !headers_sent() && ob_get_level() <= 1 && ob_get_length() == 0)
{ {
ob_start('ob_gzhandler'); ob_start('ob_gzhandler');
} }
@ -4379,6 +4452,12 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0
$user_lang = substr($user_lang, 0, strpos($user_lang, '-x-')); $user_lang = substr($user_lang, 0, strpos($user_lang, '-x-'));
} }
$s_search_hidden_fields = array();
if ($_SID)
{
$s_search_hidden_fields['sid'] = $_SID;
}
// The following assigns all _common_ variables that may be used at any point in a template. // The following assigns all _common_ variables that may be used at any point in a template.
$template->assign_vars(array( $template->assign_vars(array(
'SITENAME' => $config['sitename'], 'SITENAME' => $config['sitename'],
@ -4468,11 +4547,13 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0
'S_LOAD_UNREADS' => ($config['load_unreads_search'] && ($config['load_anon_lastread'] || $user->data['is_registered'])) ? true : false, 'S_LOAD_UNREADS' => ($config['load_unreads_search'] && ($config['load_anon_lastread'] || $user->data['is_registered'])) ? true : false,
'S_SEARCH_HIDDEN_FIELDS' => build_hidden_fields($s_search_hidden_fields),
'T_THEME_PATH' => "{$web_path}styles/" . $user->theme['theme_path'] . '/theme', 'T_THEME_PATH' => "{$web_path}styles/" . $user->theme['theme_path'] . '/theme',
'T_TEMPLATE_PATH' => "{$web_path}styles/" . $user->theme['template_path'] . '/template', 'T_TEMPLATE_PATH' => "{$web_path}styles/" . $user->theme['template_path'] . '/template',
'T_SUPER_TEMPLATE_PATH' => (isset($user->theme['template_inherit_path']) && $user->theme['template_inherit_path']) ? "{$web_path}styles/" . $user->theme['template_inherit_path'] . '/template' : "{$web_path}styles/" . $user->theme['template_path'] . '/template', 'T_SUPER_TEMPLATE_PATH' => (isset($user->theme['template_inherit_path']) && $user->theme['template_inherit_path']) ? "{$web_path}styles/" . $user->theme['template_inherit_path'] . '/template' : "{$web_path}styles/" . $user->theme['template_path'] . '/template',
'T_IMAGESET_PATH' => "{$web_path}styles/" . $user->theme['imageset_path'] . '/imageset', 'T_IMAGESET_PATH' => "{$web_path}styles/" . $user->theme['imageset_path'] . '/imageset',
'T_IMAGESET_LANG_PATH' => "{$web_path}styles/" . $user->theme['imageset_path'] . '/imageset/' . $user->data['user_lang'], 'T_IMAGESET_LANG_PATH' => "{$web_path}styles/" . $user->theme['imageset_path'] . '/imageset/' . $user->lang_name,
'T_IMAGES_PATH' => "{$web_path}images/", 'T_IMAGES_PATH' => "{$web_path}images/",
'T_SMILIES_PATH' => "{$web_path}{$config['smilies_path']}/", 'T_SMILIES_PATH' => "{$web_path}{$config['smilies_path']}/",
'T_AVATAR_PATH' => "{$web_path}{$config['avatar_path']}/", 'T_AVATAR_PATH' => "{$web_path}{$config['avatar_path']}/",
@ -4480,7 +4561,7 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0
'T_ICONS_PATH' => "{$web_path}{$config['icons_path']}/", 'T_ICONS_PATH' => "{$web_path}{$config['icons_path']}/",
'T_RANKS_PATH' => "{$web_path}{$config['ranks_path']}/", 'T_RANKS_PATH' => "{$web_path}{$config['ranks_path']}/",
'T_UPLOAD_PATH' => "{$web_path}{$config['upload_path']}/", 'T_UPLOAD_PATH' => "{$web_path}{$config['upload_path']}/",
'T_STYLESHEET_LINK' => (!$user->theme['theme_storedb']) ? "{$web_path}styles/" . $user->theme['theme_path'] . '/theme/stylesheet.css' : append_sid("{$phpbb_root_path}style.$phpEx", 'id=' . $user->theme['style_id'] . '&amp;lang=' . $user->data['user_lang']), 'T_STYLESHEET_LINK' => (!$user->theme['theme_storedb']) ? "{$web_path}styles/" . $user->theme['theme_path'] . '/theme/stylesheet.css' : append_sid("{$phpbb_root_path}style.$phpEx", 'id=' . $user->theme['style_id'] . '&amp;lang=' . $user->lang_name),
'T_STYLESHEET_NAME' => $user->theme['theme_name'], 'T_STYLESHEET_NAME' => $user->theme['theme_name'],
'T_THEME_NAME' => $user->theme['theme_path'], 'T_THEME_NAME' => $user->theme['theme_path'],
@ -4558,7 +4639,7 @@ function page_footer($run_cron = true)
// Call cron-type script // Call cron-type script
$call_cron = false; $call_cron = false;
if (!defined('IN_CRON') && $run_cron && !$config['board_disable']) if (!defined('IN_CRON') && $run_cron && !$config['board_disable'] && !$user->data['is_bot'])
{ {
$call_cron = true; $call_cron = true;
$time_now = (!empty($user->time_now) && is_int($user->time_now)) ? $user->time_now : time(); $time_now = (!empty($user->time_now) && is_int($user->time_now)) ? $user->time_now : time();
@ -4662,7 +4743,7 @@ function exit_handler()
} }
// As a pre-caution... some setups display a blank page if the flush() is not there. // As a pre-caution... some setups display a blank page if the flush() is not there.
(empty($config['gzip_compress'])) ? @flush() : @ob_flush(); (ob_get_level() > 0) ? @ob_flush() : @flush();
exit; exit;
} }

4
phpBB/includes/functions_admin.php
View file

@ -2506,6 +2506,7 @@ function cache_moderators()
/** /**
* View log * View log
* If $log_count is set to false, we will skip counting all entries in the database.
*/ */
function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id = 0, $topic_id = 0, $user_id = 0, $limit_days = 0, $sort_by = 'l.log_time DESC', $keywords = '') function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id = 0, $topic_id = 0, $user_id = 0, $limit_days = 0, $sort_by = 'l.log_time DESC', $keywords = '')
{ {
@ -2761,6 +2762,8 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id
} }
} }
if ($log_count !== false)
{
$sql = 'SELECT COUNT(l.log_id) AS total_entries $sql = 'SELECT COUNT(l.log_id) AS total_entries
FROM ' . LOG_TABLE . ' l, ' . USERS_TABLE . " u FROM ' . LOG_TABLE . ' l, ' . USERS_TABLE . " u
WHERE l.log_type = $log_type WHERE l.log_type = $log_type
@ -2771,6 +2774,7 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id
$result = $db->sql_query($sql); $result = $db->sql_query($sql);
$log_count = (int) $db->sql_fetchfield('total_entries'); $log_count = (int) $db->sql_fetchfield('total_entries');
$db->sql_freeresult($result); $db->sql_freeresult($result);
}
return; return;
} }

1
phpBB/includes/functions_convert.php
View file

@ -1816,6 +1816,7 @@ function add_bots()
'Alta Vista [Bot]' => array('Scooter/', ''), 'Alta Vista [Bot]' => array('Scooter/', ''),
'Ask Jeeves [Bot]' => array('Ask Jeeves', ''), 'Ask Jeeves [Bot]' => array('Ask Jeeves', ''),
'Baidu [Spider]' => array('Baiduspider+(', ''), 'Baidu [Spider]' => array('Baiduspider+(', ''),
'Bing [Bot]' => array('bingbot/', ''),
'Exabot [Bot]' => array('Exabot/', ''), 'Exabot [Bot]' => array('Exabot/', ''),
'FAST Enterprise [Crawler]' => array('FAST Enterprise Crawler', ''), 'FAST Enterprise [Crawler]' => array('FAST Enterprise Crawler', ''),
'FAST WebCrawler [Crawler]' => array('FAST-WebCrawler/', ''), 'FAST WebCrawler [Crawler]' => array('FAST-WebCrawler/', ''),

3
phpBB/includes/functions_display.php
View file

@ -456,7 +456,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
'S_LOCKED_FORUM' => ($row['forum_status'] == ITEM_LOCKED) ? true : false, 'S_LOCKED_FORUM' => ($row['forum_status'] == ITEM_LOCKED) ? true : false,
'S_LIST_SUBFORUMS' => ($row['display_subforum_list']) ? true : false, 'S_LIST_SUBFORUMS' => ($row['display_subforum_list']) ? true : false,
'S_SUBFORUMS' => (sizeof($subforums_list)) ? true : false, 'S_SUBFORUMS' => (sizeof($subforums_list)) ? true : false,
'S_FEED_ENABLED' => ($config['feed_forum'] && !phpbb_optionget(FORUM_OPTION_FEED_EXCLUDE, $row['forum_options'])) ? true : false, 'S_FEED_ENABLED' => ($config['feed_forum'] && !phpbb_optionget(FORUM_OPTION_FEED_EXCLUDE, $row['forum_options']) && $row['forum_type'] == FORUM_POST) ? true : false,
'FORUM_ID' => $row['forum_id'], 'FORUM_ID' => $row['forum_id'],
'FORUM_NAME' => $row['forum_name'], 'FORUM_NAME' => $row['forum_name'],
@ -477,7 +477,6 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
'SUBFORUMS' => $s_subforums_list, 'SUBFORUMS' => $s_subforums_list,
'L_SUBFORUM_STR' => $l_subforums, 'L_SUBFORUM_STR' => $l_subforums,
'L_FORUM_FOLDER_ALT' => $folder_alt,
'L_MODERATOR_STR' => $l_moderator, 'L_MODERATOR_STR' => $l_moderator,
'U_UNAPPROVED_TOPICS' => ($row['forum_id_unapproved_topics']) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&amp;mode=unapproved_topics&amp;f=' . $row['forum_id_unapproved_topics']) : '', 'U_UNAPPROVED_TOPICS' => ($row['forum_id_unapproved_topics']) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&amp;mode=unapproved_topics&amp;f=' . $row['forum_id_unapproved_topics']) : '',

108
phpBB/includes/functions_posting.php
View file

@ -388,7 +388,7 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage
include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx); include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
$upload = new fileupload(); $upload = new fileupload();
if ($config['check_attachment_content']) if ($config['check_attachment_content'] && isset($config['mime_triggers']))
{ {
$upload->set_disallowed_content(explode('|', $config['mime_triggers'])); $upload->set_disallowed_content(explode('|', $config['mime_triggers']));
} }
@ -1479,7 +1479,7 @@ function delete_post($forum_id, $topic_id, $post_id, &$data)
break; break;
case 'delete_first_post': case 'delete_first_post':
$sql = 'SELECT p.post_id, p.poster_id, p.post_username, u.username, u.user_colour $sql = 'SELECT p.post_id, p.poster_id, p.post_time, p.post_username, u.username, u.user_colour
FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . " u FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . " u
WHERE p.topic_id = $topic_id WHERE p.topic_id = $topic_id
AND p.poster_id = u.user_id AND p.poster_id = u.user_id
@ -1493,7 +1493,7 @@ function delete_post($forum_id, $topic_id, $post_id, &$data)
$sql_data[FORUMS_TABLE] = ($data['post_approved']) ? 'forum_posts = forum_posts - 1' : ''; $sql_data[FORUMS_TABLE] = ($data['post_approved']) ? 'forum_posts = forum_posts - 1' : '';
} }
$sql_data[TOPICS_TABLE] = 'topic_poster = ' . intval($row['poster_id']) . ', topic_first_post_id = ' . intval($row['post_id']) . ", topic_first_poster_colour = '" . $db->sql_escape($row['user_colour']) . "', topic_first_poster_name = '" . (($row['poster_id'] == ANONYMOUS) ? $db->sql_escape($row['post_username']) : $db->sql_escape($row['username'])) . "'"; $sql_data[TOPICS_TABLE] = 'topic_poster = ' . intval($row['poster_id']) . ', topic_first_post_id = ' . intval($row['post_id']) . ", topic_first_poster_colour = '" . $db->sql_escape($row['user_colour']) . "', topic_first_poster_name = '" . (($row['poster_id'] == ANONYMOUS) ? $db->sql_escape($row['post_username']) : $db->sql_escape($row['username'])) . "', topic_time = " . (int) $row['post_time'];
// Decrementing topic_replies here is fine because this case only happens if there is more than one post within the topic - basically removing one "reply" // Decrementing topic_replies here is fine because this case only happens if there is more than one post within the topic - basically removing one "reply"
$sql_data[TOPICS_TABLE] .= ', topic_replies_real = topic_replies_real - 1' . (($data['post_approved']) ? ', topic_replies = topic_replies - 1' : ''); $sql_data[TOPICS_TABLE] .= ', topic_replies_real = topic_replies_real - 1' . (($data['post_approved']) ? ', topic_replies = topic_replies - 1' : '');
@ -2611,4 +2611,106 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
return $url; return $url;
} }
/**
* Handle topic bumping
* @param int $forum_id The ID of the forum the topic is being bumped belongs to
* @param int $topic_id The ID of the topic is being bumping
* @param array $post_data Passes some topic parameters:
* - 'topic_title'
* - 'topic_last_post_id'
* - 'topic_last_poster_id'
* - 'topic_last_post_subject'
* - 'topic_last_poster_name'
* - 'topic_last_poster_colour'
* @param int $bump_time The time at which topic was bumped, usually it is a current time as obtained via time().
* @return string An URL to the bumped topic, example: ./viewtopic.php?forum_id=1&amptopic_id=2&ampp=3#p3
*/
function phpbb_bump_topic($forum_id, $topic_id, $post_data, $bump_time = false)
{
global $config, $db, $user, $phpEx, $phpbb_root_path;
if ($bump_time === false)
{
$bump_time = time();
}
// Begin bumping
$db->sql_transaction('begin');
// Update the topic's last post post_time
$sql = 'UPDATE ' . POSTS_TABLE . "
SET post_time = $bump_time
WHERE post_id = {$post_data['topic_last_post_id']}
AND topic_id = $topic_id";
$db->sql_query($sql);
// Sync the topic's last post time, the rest of the topic's last post data isn't changed
$sql = 'UPDATE ' . TOPICS_TABLE . "
SET topic_last_post_time = $bump_time,
topic_bumped = 1,
topic_bumper = " . $user->data['user_id'] . "
WHERE topic_id = $topic_id";
$db->sql_query($sql);
// Update the forum's last post info
$sql = 'UPDATE ' . FORUMS_TABLE . "
SET forum_last_post_id = " . $post_data['topic_last_post_id'] . ",
forum_last_poster_id = " . $post_data['topic_last_poster_id'] . ",
forum_last_post_subject = '" . $db->sql_escape($post_data['topic_last_post_subject']) . "',
forum_last_post_time = $bump_time,
forum_last_poster_name = '" . $db->sql_escape($post_data['topic_last_poster_name']) . "',
forum_last_poster_colour = '" . $db->sql_escape($post_data['topic_last_poster_colour']) . "'
WHERE forum_id = $forum_id";
$db->sql_query($sql);
// Update bumper's time of the last posting to prevent flood
$sql = 'UPDATE ' . USERS_TABLE . "
SET user_lastpost_time = $bump_time
WHERE user_id = " . $user->data['user_id'];
$db->sql_query($sql);
$db->sql_transaction('commit');
// Mark this topic as posted to
markread('post', $forum_id, $topic_id, $bump_time);
// Mark this topic as read
markread('topic', $forum_id, $topic_id, $bump_time);
// Update forum tracking info
if ($config['load_db_lastread'] && $user->data['is_registered'])
{
$sql = 'SELECT mark_time
FROM ' . FORUMS_TRACK_TABLE . '
WHERE user_id = ' . $user->data['user_id'] . '
AND forum_id = ' . $forum_id;
$result = $db->sql_query($sql);
$f_mark_time = (int) $db->sql_fetchfield('mark_time');
$db->sql_freeresult($result);
}
else if ($config['load_anon_lastread'] || $user->data['is_registered'])
{
$f_mark_time = false;
}
if (($config['load_db_lastread'] && $user->data['is_registered']) || $config['load_anon_lastread'] || $user->data['is_registered'])
{
// Update forum info
$sql = 'SELECT forum_last_post_time
FROM ' . FORUMS_TABLE . '
WHERE forum_id = ' . $forum_id;
$result = $db->sql_query($sql);
$forum_last_post_time = (int) $db->sql_fetchfield('forum_last_post_time');
$db->sql_freeresult($result);
update_forum_tracking_info($forum_id, $forum_last_post_time, $f_mark_time, false);
}
add_log('mod', $forum_id, $topic_id, 'LOG_BUMP_TOPIC', $post_data['topic_title']);
$url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&amp;t=$topic_id&amp;p={$post_data['topic_last_post_id']}") . "#p{$post_data['topic_last_post_id']}";
return $url;
}
?> ?>

12
phpBB/includes/functions_profile_fields.php
View file

@ -150,6 +150,17 @@ class custom_profile
case FIELD_DROPDOWN: case FIELD_DROPDOWN:
$field_value = (int) $field_value; $field_value = (int) $field_value;
// retrieve option lang data if necessary
if (!isset($this->options_lang[$field_data['field_id']]) || !isset($this->options_lang[$field_data['field_id']][$field_data['lang_id']]) || !sizeof($this->options_lang[$file_data['field_id']][$field_data['lang_id']]))
{
$this->get_option_lang($field_data['field_id'], $field_data['lang_id'], FIELD_DROPDOWN, false);
}
if (!isset($this->options_lang[$field_data['field_id']][$field_data['lang_id']][$field_value]))
{
return 'FIELD_INVALID_VALUE';
}
if ($field_value == $field_data['field_novalue'] && $field_data['field_required']) if ($field_value == $field_data['field_novalue'] && $field_data['field_required'])
{ {
return 'FIELD_REQUIRED'; return 'FIELD_REQUIRED';
@ -302,6 +313,7 @@ class custom_profile
switch ($cp_result) switch ($cp_result)
{ {
case 'FIELD_INVALID_DATE': case 'FIELD_INVALID_DATE':
case 'FIELD_INVALID_VALUE':
case 'FIELD_REQUIRED': case 'FIELD_REQUIRED':
$error = sprintf($user->lang[$cp_result], $row['lang_name']); $error = sprintf($user->lang[$cp_result], $row['lang_name']);
break; break;

2
phpBB/includes/functions_template.php
View file

@ -322,7 +322,7 @@ class template_compile
// Is the designer wanting to call another loop in a loop? // Is the designer wanting to call another loop in a loop?
if (strpos($tag_args, '!') === 0) if (strpos($tag_args, '!') === 0)
{ {
// Count the number if ! occurrences (not allowed in vars) // Count the number of ! occurrences (not allowed in vars)
$no_nesting = substr_count($tag_args, '!'); $no_nesting = substr_count($tag_args, '!');
$tag_args = substr($tag_args, $no_nesting); $tag_args = substr($tag_args, $no_nesting);
} }

4
phpBB/includes/functions_upload.php
View file

@ -458,7 +458,7 @@ class fileerror extends filespec
class fileupload class fileupload
{ {
var $allowed_extensions = array(); var $allowed_extensions = array();
var $disallowed_content = array(); var $disallowed_content = array('body', 'head', 'html', 'img', 'plaintext', 'a href', 'pre', 'script', 'table', 'title');
var $max_filesize = 0; var $max_filesize = 0;
var $min_width = 0; var $min_width = 0;
var $min_height = 0; var $min_height = 0;
@ -539,7 +539,7 @@ class fileupload
{ {
if ($disallowed_content !== false && is_array($disallowed_content)) if ($disallowed_content !== false && is_array($disallowed_content))
{ {
$this->disallowed_content = $disallowed_content; $this->disallowed_content = array_diff($disallowed_content, array(''));
} }
} }

109
phpBB/includes/functions_user.php
View file

@ -482,44 +482,6 @@ function user_delete($mode, $user_id, $post_username = false)
include($phpbb_root_path . 'includes/functions_admin.' . $phpEx); include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
} }
$sql = 'SELECT topic_id, COUNT(post_id) AS total_posts
FROM ' . POSTS_TABLE . "
WHERE poster_id = $user_id
GROUP BY topic_id";
$result = $db->sql_query($sql);
$topic_id_ary = array();
while ($row = $db->sql_fetchrow($result))
{
$topic_id_ary[$row['topic_id']] = $row['total_posts'];
}
$db->sql_freeresult($result);
if (sizeof($topic_id_ary))
{
$sql = 'SELECT topic_id, topic_replies, topic_replies_real
FROM ' . TOPICS_TABLE . '
WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary));
$result = $db->sql_query($sql);
$del_topic_ary = array();
while ($row = $db->sql_fetchrow($result))
{
if (max($row['topic_replies'], $row['topic_replies_real']) + 1 == $topic_id_ary[$row['topic_id']])
{
$del_topic_ary[] = $row['topic_id'];
}
}
$db->sql_freeresult($result);
if (sizeof($del_topic_ary))
{
$sql = 'DELETE FROM ' . TOPICS_TABLE . '
WHERE ' . $db->sql_in_set('topic_id', $del_topic_ary);
$db->sql_query($sql);
}
}
// Delete posts, attachments, etc. // Delete posts, attachments, etc.
delete_posts('poster_id', $user_id); delete_posts('poster_id', $user_id);
@ -771,7 +733,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
} }
else else
{ {
trigger_error('LENGTH_BAN_INVALID'); trigger_error('LENGTH_BAN_INVALID', E_USER_WARNING);
} }
} }
} }
@ -831,7 +793,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
// Make sure we have been given someone to ban // Make sure we have been given someone to ban
if (!sizeof($sql_usernames)) if (!sizeof($sql_usernames))
{ {
trigger_error('NO_USER_SPECIFIED'); trigger_error('NO_USER_SPECIFIED', E_USER_WARNING);
} }
$sql = 'SELECT user_id $sql = 'SELECT user_id
@ -862,7 +824,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
else else
{ {
$db->sql_freeresult($result); $db->sql_freeresult($result);
trigger_error('NO_USERS'); trigger_error('NO_USERS', E_USER_WARNING);
} }
$db->sql_freeresult($result); $db->sql_freeresult($result);
break; break;
@ -964,7 +926,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
if (empty($banlist_ary)) if (empty($banlist_ary))
{ {
trigger_error('NO_IPS_DEFINED'); trigger_error('NO_IPS_DEFINED', E_USER_WARNING);
} }
} }
break; break;
@ -992,12 +954,12 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
if (sizeof($ban_list) == 0) if (sizeof($ban_list) == 0)
{ {
trigger_error('NO_EMAILS_DEFINED'); trigger_error('NO_EMAILS_DEFINED', E_USER_WARNING);
} }
break; break;
default: default:
trigger_error('NO_MODE'); trigger_error('NO_MODE', E_USER_WARNING);
break; break;
} }
@ -1459,6 +1421,31 @@ function validate_match($string, $optional = false, $match = '')
return false; return false;
} }
/**
* Validate Language Pack ISO Name
*
* Tests whether a language name is valid and installed
*
* @param string $lang_iso The language string to test
*
* @return bool|string Either false if validation succeeded or
* a string which will be used as the error message
* (with the variable name appended)
*/
function validate_language_iso_name($lang_iso)
{
global $db;
$sql = 'SELECT lang_id
FROM ' . LANG_TABLE . "
WHERE lang_iso = '" . $db->sql_escape($lang_iso) . "'";
$result = $db->sql_query($sql);
$lang_id = (int) $db->sql_fetchfield('lang_id');
$db->sql_freeresult($result);
return ($lang_id) ? false : 'WRONG_DATA';
}
/** /**
* Check to see if the username has been taken, or if it is disallowed. * Check to see if the username has been taken, or if it is disallowed.
* Also checks if it includes the " character, which we don't allow in usernames. * Also checks if it includes the " character, which we don't allow in usernames.
@ -1618,8 +1605,9 @@ function validate_password($password)
{ {
global $config, $db, $user; global $config, $db, $user;
if (!$password) if ($password === '' || $config['pass_complex'] === 'PASS_TYPE_ANY')
{ {
// Password empty or no password complexity required.
return false; return false;
} }
@ -1630,7 +1618,6 @@ function validate_password($password)
{ {
$upp = '\p{Lu}'; $upp = '\p{Lu}';
$low = '\p{Ll}'; $low = '\p{Ll}';
$let = '\p{L}';
$num = '\p{N}'; $num = '\p{N}';
$sym = '[^\p{Lu}\p{Ll}\p{N}]'; $sym = '[^\p{Lu}\p{Ll}\p{N}]';
$pcre = true; $pcre = true;
@ -1640,7 +1627,6 @@ function validate_password($password)
mb_regex_encoding('UTF-8'); mb_regex_encoding('UTF-8');
$upp = '[[:upper:]]'; $upp = '[[:upper:]]';
$low = '[[:lower:]]'; $low = '[[:lower:]]';
$let = '[[:lower:][:upper:]]';
$num = '[[:digit:]]'; $num = '[[:digit:]]';
$sym = '[^[:upper:][:lower:][:digit:]]'; $sym = '[^[:upper:][:lower:][:digit:]]';
$mbstring = true; $mbstring = true;
@ -1649,7 +1635,6 @@ function validate_password($password)
{ {
$upp = '[A-Z]'; $upp = '[A-Z]';
$low = '[a-z]'; $low = '[a-z]';
$let = '[a-zA-Z]';
$num = '[0-9]'; $num = '[0-9]';
$sym = '[^A-Za-z0-9]'; $sym = '[^A-Za-z0-9]';
$pcre = true; $pcre = true;
@ -1659,22 +1644,22 @@ function validate_password($password)
switch ($config['pass_complex']) switch ($config['pass_complex'])
{ {
// No break statements below ...
// We require strong passwords in case pass_complex is not set or is invalid
default:
// Require mixed case letters, numbers and symbols
case 'PASS_TYPE_SYMBOL':
$chars[] = $sym;
// Require mixed case letters and numbers
case 'PASS_TYPE_ALPHA':
$chars[] = $num;
// Require mixed case letters
case 'PASS_TYPE_CASE': case 'PASS_TYPE_CASE':
$chars[] = $low; $chars[] = $low;
$chars[] = $upp; $chars[] = $upp;
break;
case 'PASS_TYPE_ALPHA':
$chars[] = $let;
$chars[] = $num;
break;
case 'PASS_TYPE_SYMBOL':
$chars[] = $low;
$chars[] = $upp;
$chars[] = $num;
$chars[] = $sym;
break;
} }
if ($pcre) if ($pcre)
@ -2080,7 +2065,7 @@ function avatar_upload($data, &$error)
// Init upload class // Init upload class
include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx); include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
$upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], explode('|', $config['mime_triggers'])); $upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], (isset($config['mime_triggers']) ? explode('|', $config['mime_triggers']) : false));
if (!empty($_FILES['uploadfile']['name'])) if (!empty($_FILES['uploadfile']['name']))
{ {

2
phpBB/includes/mcp/mcp_front.php
View file

@ -350,7 +350,7 @@ function mcp_front_view($id, $mode, $action)
// Add forum_id 0 for global announcements // Add forum_id 0 for global announcements
$forum_list[] = 0; $forum_list[] = 0;
$log_count = 0; $log_count = false;
$log = array(); $log = array();
view_log('mod', $log, $log_count, 5, 0, $forum_list); view_log('mod', $log, $log_count, 5, 0, $forum_list);

13
phpBB/includes/mcp/mcp_main.php
View file

@ -1048,7 +1048,10 @@ function mcp_fork_topic($topic_ids)
$total_posts = 0; $total_posts = 0;
$new_topic_id_list = array(); $new_topic_id_list = array();
if ($topic_data['enable_indexing'])
foreach ($topic_data as $topic_id => $topic_row)
{
if (!isset($search_type) && $topic_row['enable_indexing'])
{ {
// Select the search method and do some additional checks to ensure it can actually be utilised // Select the search method and do some additional checks to ensure it can actually be utilised
$search_type = basename($config['search_type']); $search_type = basename($config['search_type']);
@ -1072,13 +1075,11 @@ function mcp_fork_topic($topic_ids)
trigger_error($error); trigger_error($error);
} }
} }
else else if (!isset($search_type) && !$topic_row['enable_indexing'])
{ {
$search_type = false; $search_type = false;
} }
foreach ($topic_data as $topic_id => $topic_row)
{
$sql_ary = array( $sql_ary = array(
'forum_id' => (int) $to_forum_id, 'forum_id' => (int) $to_forum_id,
'icon_id' => (int) $topic_row['icon_id'], 'icon_id' => (int) $topic_row['icon_id'],
@ -1187,9 +1188,9 @@ function mcp_fork_topic($topic_ids)
// Copy whether the topic is dotted // Copy whether the topic is dotted
markread('post', $to_forum_id, $new_topic_id, 0, $row['poster_id']); markread('post', $to_forum_id, $new_topic_id, 0, $row['poster_id']);
if ($search_type) if (!empty($search_type))
{ {
$search->index($search_mode, $sql_ary['post_id'], $sql_ary['post_text'], $sql_ary['post_subject'], $sql_ary['poster_id'], ($topic_row['topic_type'] == POST_GLOBAL) ? 0 : $to_forum_id); $search->index($search_mode, $new_post_id, $sql_ary['post_text'], $sql_ary['post_subject'], $sql_ary['poster_id'], ($topic_row['topic_type'] == POST_GLOBAL) ? 0 : $to_forum_id);
$search_mode = 'reply'; // After one we index replies $search_mode = 'reply'; // After one we index replies
} }

4
phpBB/includes/mcp/mcp_post.php
View file

@ -227,10 +227,10 @@ function mcp_post_details($id, $mode, $action)
// Get User Notes // Get User Notes
$log_data = array(); $log_data = array();
$log_count = 0; $log_count = false;
view_log('user', $log_data, $log_count, $config['posts_per_page'], 0, 0, 0, $post_info['user_id']); view_log('user', $log_data, $log_count, $config['posts_per_page'], 0, 0, 0, $post_info['user_id']);
if ($log_count) if (!empty($log_data))
{ {
$template->assign_var('S_USER_NOTES', true); $template->assign_var('S_USER_NOTES', true);

44
phpBB/includes/message_parser.php
View file

@ -102,27 +102,29 @@ class bbcode_firstpass extends bbcode
/** /**
* Init bbcode data for later parsing * Init bbcode data for later parsing
*/ */
function bbcode_init() function bbcode_init($allow_custom_bbcode = true)
{ {
static $rowset; static $rowset;
// This array holds all bbcode data. BBCodes will be processed in this // This array holds all bbcode data. BBCodes will be processed in this
// order, so it is important to keep [code] in first position and // order, so it is important to keep [code] in first position and
// [quote] in second position. // [quote] in second position.
// To parse multiline URL we enable dotall option setting only for URL text
// but not for link itself, thus [url][/url] is not affected.
$this->bbcodes = array( $this->bbcodes = array(
'code' => array('bbcode_id' => 8, 'regexp' => array('#\[code(?:=([a-z]+))?\](.+\[/code\])#ise' => "\$this->bbcode_code('\$1', '\$2')")), 'code' => array('bbcode_id' => 8, 'regexp' => array('#\[code(?:=([a-z]+))?\](.+\[/code\])#uise' => "\$this->bbcode_code('\$1', '\$2')")),
'quote' => array('bbcode_id' => 0, 'regexp' => array('#\[quote(?:=&quot;(.*?)&quot;)?\](.+)\[/quote\]#ise' => "\$this->bbcode_quote('\$0')")), 'quote' => array('bbcode_id' => 0, 'regexp' => array('#\[quote(?:=&quot;(.*?)&quot;)?\](.+)\[/quote\]#uise' => "\$this->bbcode_quote('\$0')")),
'attachment' => array('bbcode_id' => 12, 'regexp' => array('#\[attachment=([0-9]+)\](.*?)\[/attachment\]#ise' => "\$this->bbcode_attachment('\$1', '\$2')")), 'attachment' => array('bbcode_id' => 12, 'regexp' => array('#\[attachment=([0-9]+)\](.*?)\[/attachment\]#uise' => "\$this->bbcode_attachment('\$1', '\$2')")),
'b' => array('bbcode_id' => 1, 'regexp' => array('#\[b\](.*?)\[/b\]#ise' => "\$this->bbcode_strong('\$1')")), 'b' => array('bbcode_id' => 1, 'regexp' => array('#\[b\](.*?)\[/b\]#uise' => "\$this->bbcode_strong('\$1')")),
'i' => array('bbcode_id' => 2, 'regexp' => array('#\[i\](.*?)\[/i\]#ise' => "\$this->bbcode_italic('\$1')")), 'i' => array('bbcode_id' => 2, 'regexp' => array('#\[i\](.*?)\[/i\]#uise' => "\$this->bbcode_italic('\$1')")),
'url' => array('bbcode_id' => 3, 'regexp' => array('#\[url(=(.*))?\](.*)\[/url\]#iUe' => "\$this->validate_url('\$2', '\$3')")), 'url' => array('bbcode_id' => 3, 'regexp' => array('#\[url(=(.*))?\](?(1)((?s).*(?-s))|(.*))\[/url\]#uiUe' => "\$this->validate_url('\$2', ('\$3') ? '\$3' : '\$4')")),
'img' => array('bbcode_id' => 4, 'regexp' => array('#\[img\](.*)\[/img\]#iUe' => "\$this->bbcode_img('\$1')")), 'img' => array('bbcode_id' => 4, 'regexp' => array('#\[img\](.*)\[/img\]#uiUe' => "\$this->bbcode_img('\$1')")),
'size' => array('bbcode_id' => 5, 'regexp' => array('#\[size=([\-\+]?\d+)\](.*?)\[/size\]#ise' => "\$this->bbcode_size('\$1', '\$2')")), 'size' => array('bbcode_id' => 5, 'regexp' => array('#\[size=([\-\+]?\d+)\](.*?)\[/size\]#uise' => "\$this->bbcode_size('\$1', '\$2')")),
'color' => array('bbcode_id' => 6, 'regexp' => array('!\[color=(#[0-9a-f]{3}|#[0-9a-f]{6}|[a-z\-]+)\](.*?)\[/color\]!ise' => "\$this->bbcode_color('\$1', '\$2')")), 'color' => array('bbcode_id' => 6, 'regexp' => array('!\[color=(#[0-9a-f]{3}|#[0-9a-f]{6}|[a-z\-]+)\](.*?)\[/color\]!uise' => "\$this->bbcode_color('\$1', '\$2')")),
'u' => array('bbcode_id' => 7, 'regexp' => array('#\[u\](.*?)\[/u\]#ise' => "\$this->bbcode_underline('\$1')")), 'u' => array('bbcode_id' => 7, 'regexp' => array('#\[u\](.*?)\[/u\]#uise' => "\$this->bbcode_underline('\$1')")),
'list' => array('bbcode_id' => 9, 'regexp' => array('#\[list(?:=(?:[a-z0-9]|disc|circle|square))?].*\[/list]#ise' => "\$this->bbcode_parse_list('\$0')")), 'list' => array('bbcode_id' => 9, 'regexp' => array('#\[list(?:=(?:[a-z0-9]|disc|circle|square))?].*\[/list]#uise' => "\$this->bbcode_parse_list('\$0')")),
'email' => array('bbcode_id' => 10, 'regexp' => array('#\[email=?(.*?)?\](.*?)\[/email\]#ise' => "\$this->validate_email('\$1', '\$2')")), 'email' => array('bbcode_id' => 10, 'regexp' => array('#\[email=?(.*?)?\](.*?)\[/email\]#uise' => "\$this->validate_email('\$1', '\$2')")),
'flash' => array('bbcode_id' => 11, 'regexp' => array('#\[flash=([0-9]+),([0-9]+)\](.*?)\[/flash\]#ie' => "\$this->bbcode_flash('\$1', '\$2', '\$3')")) 'flash' => array('bbcode_id' => 11, 'regexp' => array('#\[flash=([0-9]+),([0-9]+)\](.*?)\[/flash\]#uie' => "\$this->bbcode_flash('\$1', '\$2', '\$3')"))
); );
// Zero the parsed items array // Zero the parsed items array
@ -133,6 +135,11 @@ class bbcode_firstpass extends bbcode
$this->parsed_items[$tag] = 0; $this->parsed_items[$tag] = 0;
} }
if (!$allow_custom_bbcode)
{
return;
}
if (!is_array($rowset)) if (!is_array($rowset))
{ {
global $db; global $db;
@ -1332,7 +1339,9 @@ class parse_message extends bbcode_firstpass
{ {
if ($max_smilies) if ($max_smilies)
{ {
$num_matches = preg_match_all('#(?<=^|[\n .])(?:' . implode('|', $match) . ')(?![^<>]*>)#', $this->message, $matches); // 'u' modifier has been added to correctly parse smilies within unicode strings
// For details: http://tracker.phpbb.com/browse/PHPBB3-10117
$num_matches = preg_match_all('#(?<=^|[\n .])(?:' . implode('|', $match) . ')(?![^<>]*>)#u', $this->message, $matches);
unset($matches); unset($matches);
if ($num_matches !== false && $num_matches > $max_smilies) if ($num_matches !== false && $num_matches > $max_smilies)
@ -1343,7 +1352,10 @@ class parse_message extends bbcode_firstpass
} }
// Make sure the delimiter # is added in front and at the end of every element within $match // Make sure the delimiter # is added in front and at the end of every element within $match
$this->message = trim(preg_replace(explode(chr(0), '#(?<=^|[\n .])' . implode('(?![^<>]*>)#' . chr(0) . '#(?<=^|[\n .])', $match) . '(?![^<>]*>)#'), $replace, $this->message)); // 'u' modifier has been added to correctly parse smilies within unicode strings
// For details: http://tracker.phpbb.com/browse/PHPBB3-10117
$this->message = trim(preg_replace(explode(chr(0), '#(?<=^|[\n .])' . implode('(?![^<>]*>)#u' . chr(0) . '#(?<=^|[\n .])', $match) . '(?![^<>]*>)#u'), $replace, $this->message));
} }
} }

87
phpBB/includes/session.php
View file

@ -221,7 +221,7 @@ class session
// if the forwarded for header shall be checked we have to validate its contents // if the forwarded for header shall be checked we have to validate its contents
if ($config['forwarded_for_check']) if ($config['forwarded_for_check'])
{ {
$this->forwarded_for = preg_replace('#[ ]{2,}#', ' ', str_replace(array(',', ' '), ' ', $this->forwarded_for)); $this->forwarded_for = preg_replace('# {2,}#', ' ', str_replace(',', ' ', $this->forwarded_for));
// split the list of IPs // split the list of IPs
$ips = explode(' ', $this->forwarded_for); $ips = explode(' ', $this->forwarded_for);
@ -267,24 +267,23 @@ class session
// Why no forwarded_for et al? Well, too easily spoofed. With the results of my recent requests // Why no forwarded_for et al? Well, too easily spoofed. With the results of my recent requests
// it's pretty clear that in the majority of cases you'll at least be left with a proxy/cache ip. // it's pretty clear that in the majority of cases you'll at least be left with a proxy/cache ip.
$this->ip = (!empty($_SERVER['REMOTE_ADDR'])) ? htmlspecialchars((string) $_SERVER['REMOTE_ADDR']) : ''; $this->ip = (!empty($_SERVER['REMOTE_ADDR'])) ? (string) $_SERVER['REMOTE_ADDR'] : '';
$this->ip = preg_replace('#[ ]{2,}#', ' ', str_replace(array(',', ' '), ' ', $this->ip)); $this->ip = preg_replace('# {2,}#', ' ', str_replace(',', ' ', $this->ip));
// split the list of IPs // split the list of IPs
$ips = explode(' ', $this->ip); $ips = explode(' ', trim($this->ip));
// Default IP if REMOTE_ADDR is invalid // Default IP if REMOTE_ADDR is invalid
$this->ip = '127.0.0.1'; $this->ip = '127.0.0.1';
foreach ($ips as $ip) foreach ($ips as $ip)
{ {
// check IPv4 first, the IPv6 is hopefully only going to be used very seldomly if (preg_match(get_preg_expression('ipv4'), $ip))
if (!empty($ip) && !preg_match(get_preg_expression('ipv4'), $ip) && !preg_match(get_preg_expression('ipv6'), $ip))
{ {
// Just break $this->ip = $ip;
break;
} }
else if (preg_match(get_preg_expression('ipv6'), $ip))
{
// Quick check for IPv4-mapped address in IPv6 // Quick check for IPv4-mapped address in IPv6
if (stripos($ip, '::ffff:') === 0) if (stripos($ip, '::ffff:') === 0)
{ {
@ -296,9 +295,15 @@ class session
} }
} }
// Use the last in chain
$this->ip = $ip; $this->ip = $ip;
} }
else
{
// We want to use the last valid address in the chain
// Leave foreach loop when address is invalid
break;
}
}
$this->load = false; $this->load = false;
@ -583,6 +588,14 @@ class session
$bot = false; $bot = false;
} }
// Bot user, if they have a SID in the Request URI we need to get rid of it
// otherwise they'll index this page with the SID, duplicate content oh my!
if ($bot && isset($_GET['sid']))
{
send_status_line(301, 'Moved Permanently');
redirect(build_url(array('sid')));
}
// If no data was returned one or more of the following occurred: // If no data was returned one or more of the following occurred:
// Key didn't match one in the DB // Key didn't match one in the DB
// User does not exist // User does not exist
@ -619,12 +632,6 @@ class session
} }
else else
{ {
// Bot user, if they have a SID in the Request URI we need to get rid of it
// otherwise they'll index this page with the SID, duplicate content oh my!
if (isset($_GET['sid']))
{
redirect(build_url(array('sid')));
}
$this->data['session_last_visit'] = $this->time_now; $this->data['session_last_visit'] = $this->time_now;
} }
@ -999,6 +1006,10 @@ class session
include($phpbb_root_path . "includes/captcha/captcha_factory." . $phpEx); include($phpbb_root_path . "includes/captcha/captcha_factory." . $phpEx);
} }
phpbb_captcha_factory::garbage_collect($config['captcha_plugin']); phpbb_captcha_factory::garbage_collect($config['captcha_plugin']);
$sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . '
WHERE attempt_time < ' . (time() - (int) $config['ip_login_limit_time']);
$db->sql_query($sql);
} }
return; return;
@ -1237,6 +1248,12 @@ class session
$ip = $this->ip; $ip = $this->ip;
} }
// Neither Spamhaus nor Spamcop supports IPv6 addresses.
if (strpos($ip, ':') !== false)
{
return false;
}
$dnsbl_check = array( $dnsbl_check = array(
'sbl.spamhaus.org' => 'http://www.spamhaus.org/query/bl?ip=', 'sbl.spamhaus.org' => 'http://www.spamhaus.org/query/bl?ip=',
); );
@ -1966,6 +1983,7 @@ class user extends session
$key_found = $num; $key_found = $num;
} }
break;
} }
} }
@ -2254,9 +2272,44 @@ class user extends session
// Use URL if told so // Use URL if told so
$root_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? generate_board_url() . '/' : $phpbb_root_path; $root_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? generate_board_url() . '/' : $phpbb_root_path;
$img_data['src'] = $root_path . 'styles/' . rawurlencode($this->theme['imageset_path']) . '/imageset/' . ($this->img_array[$img]['image_lang'] ? $this->img_array[$img]['image_lang'] .'/' : '') . $this->img_array[$img]['image_filename']; $path = 'styles/' . rawurlencode($this->theme['imageset_path']) . '/imageset/' . ($this->img_array[$img]['image_lang'] ? $this->img_array[$img]['image_lang'] .'/' : '') . $this->img_array[$img]['image_filename'];
$img_data['src'] = $root_path . $path;
$img_data['width'] = $this->img_array[$img]['image_width']; $img_data['width'] = $this->img_array[$img]['image_width'];
$img_data['height'] = $this->img_array[$img]['image_height']; $img_data['height'] = $this->img_array[$img]['image_height'];
// We overwrite the width and height to the phpbb logo's width
// and height here if the contents of the site_logo file are
// really equal to the phpbb_logo
// This allows us to change the dimensions of the phpbb_logo without
// modifying the imageset.cfg and causing a conflict for everyone
// who modified it for their custom logo on updating
if ($img == 'site_logo' && file_exists($phpbb_root_path . $path))
{
global $cache;
$img_file_hashes = $cache->get('imageset_site_logo_md5');
if ($img_file_hashes === false)
{
$img_file_hashes = array();
}
$key = $this->theme['imageset_path'] . '::' . $this->img_array[$img]['image_lang'];
if (!isset($img_file_hashes[$key]))
{
$img_file_hashes[$key] = md5(file_get_contents($phpbb_root_path . $path));
$cache->put('imageset_site_logo_md5', $img_file_hashes);
}
$phpbb_logo_hash = '0c461a32cd3621643105f0d02a772c10';
if ($phpbb_logo_hash == $img_file_hashes[$key])
{
$img_data['width'] = '149';
$img_data['height'] = '52';
}
}
} }
$alt = (!empty($this->lang[$alt])) ? $this->lang[$alt] : $alt; $alt = (!empty($this->lang[$alt])) ? $this->lang[$alt] : $alt;

150
phpBB/includes/startup.php Normal file
View file

@ -0,0 +1,150 @@
<?php
/**
*
* @package phpBB3
* @copyright (c) 2011 phpBB Group
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
*
*/
/**
*/
if (!defined('IN_PHPBB'))
{
exit;
}
// Report all errors, except notices and deprecation messages
if (!defined('E_DEPRECATED'))
{
define('E_DEPRECATED', 8192);
}
error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED);
/*
* Remove variables created by register_globals from the global scope
* Thanks to Matt Kavanagh
*/
function deregister_globals()
{
$not_unset = array(
'GLOBALS' => true,
'_GET' => true,
'_POST' => true,
'_COOKIE' => true,
'_REQUEST' => true,
'_SERVER' => true,
'_SESSION' => true,
'_ENV' => true,
'_FILES' => true,
'phpEx' => true,
'phpbb_root_path' => true
);
// Not only will array_merge and array_keys give a warning if
// a parameter is not an array, array_merge will actually fail.
// So we check if _SESSION has been initialised.
if (!isset($_SESSION) || !is_array($_SESSION))
{
$_SESSION = array();
}
// Merge all into one extremely huge array; unset this later
$input = array_merge(
array_keys($_GET),
array_keys($_POST),
array_keys($_COOKIE),
array_keys($_SERVER),
array_keys($_SESSION),
array_keys($_ENV),
array_keys($_FILES)
);
foreach ($input as $varname)
{
if (isset($not_unset[$varname]))
{
// Hacking attempt. No point in continuing unless it's a COOKIE (so a cookie called GLOBALS doesn't lock users out completely)
if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS']))
{
exit;
}
else
{
$cookie = &$_COOKIE;
while (isset($cookie['GLOBALS']))
{
if (!is_array($cookie['GLOBALS']))
{
break;
}
foreach ($cookie['GLOBALS'] as $registered_var => $value)
{
if (!isset($not_unset[$registered_var]))
{
unset($GLOBALS[$registered_var]);
}
}
$cookie = &$cookie['GLOBALS'];
}
}
}
unset($GLOBALS[$varname]);
}
unset($input);
}
// If we are on PHP >= 6.0.0 we do not need some code
if (version_compare(PHP_VERSION, '6.0.0-dev', '>='))
{
/**
* @ignore
*/
define('STRIP', false);
}
else
{
@set_magic_quotes_runtime(0);
// Be paranoid with passed vars
if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on' || !function_exists('ini_get'))
{
deregister_globals();
}
define('STRIP', (get_magic_quotes_gpc()) ? true : false);
}
// Prevent date/time functions from throwing E_WARNING on PHP 5.3 by setting a default timezone
if (function_exists('date_default_timezone_set') && function_exists('date_default_timezone_get'))
{
// For PHP 5.1.0 the date/time functions have been rewritten
// and setting a timezone is required prior to calling any date/time function.
// Since PHP 5.2.0 calls to date/time functions without having a timezone set
// result in E_STRICT errors being thrown.
// Note: We already exclude E_STRICT errors
// (to be exact: they are not included in E_ALL in PHP 5.2)
// In PHP 5.3.0 the error level has been raised to E_WARNING which causes problems
// because we show E_WARNING errors and do not set a default timezone.
// This is because we have our own timezone handling and work in UTC only anyway.
// So what we basically want to do is set our timezone to UTC,
// but we don't know what other scripts (such as bridges) are involved,
// so we check whether a timezone is already set by calling date_default_timezone_get().
// Unfortunately, date_default_timezone_get() itself might throw E_WARNING
// if no timezone has been set, so we have to keep it quiet with @.
// date_default_timezone_get() tries to guess the correct timezone first
// and then falls back to UTC when everything fails.
// We just set the timezone to whatever date_default_timezone_get() returns.
date_default_timezone_set(@date_default_timezone_get());
}
$starttime = explode(' ', microtime());
$starttime = $starttime[1] + $starttime[0];

4
phpBB/includes/template.php
View file

@ -205,7 +205,7 @@ class template
{ {
global $user, $phpbb_hook; global $user, $phpbb_hook;
if (!empty($phpbb_hook) && $phpbb_hook->call_hook(array(__CLASS__, __FUNCTION__), $handle, $include_once)) if (!empty($phpbb_hook) && $phpbb_hook->call_hook(array(__CLASS__, __FUNCTION__), $handle, $include_once, $this))
{ {
if ($phpbb_hook->hook_return(array(__CLASS__, __FUNCTION__))) if ($phpbb_hook->hook_return(array(__CLASS__, __FUNCTION__)))
{ {
@ -276,7 +276,7 @@ class template
$this->files_template[$handle] = (isset($user->theme['template_id'])) ? $user->theme['template_id'] : 0; $this->files_template[$handle] = (isset($user->theme['template_id'])) ? $user->theme['template_id'] : 0;
$recompile = false; $recompile = false;
if (!file_exists($filename) || @filesize($filename) === 0) if (!file_exists($filename) || @filesize($filename) === 0 || defined('DEBUG_EXTRA'))
{ {
$recompile = true; $recompile = true;
} }

7
phpBB/includes/ucp/ucp_activate.php
View file

@ -98,6 +98,13 @@ class ucp_activate
SET user_actkey = '' SET user_actkey = ''
WHERE user_id = {$user_row['user_id']}"; WHERE user_id = {$user_row['user_id']}";
$db->sql_query($sql); $db->sql_query($sql);
// Create the correct logs
add_log('user', $user_row['user_id'], 'LOG_USER_ACTIVE_USER');
if ($auth->acl_get('a_user'))
{
add_log('admin', 'LOG_USER_ACTIVE', $user_row['username']);
}
} }
if ($config['require_activation'] == USER_ACTIVATION_ADMIN && !$update_password) if ($config['require_activation'] == USER_ACTIVATION_ADMIN && !$update_password)

4
phpBB/includes/ucp/ucp_pm.php
View file

@ -115,7 +115,7 @@ class ucp_pm
case 'compose': case 'compose':
$action = request_var('action', 'post'); $action = request_var('action', 'post');
get_folder($user->data['user_id']); $user_folders = get_folder($user->data['user_id']);
if (!$auth->acl_get('u_sendpm')) if (!$auth->acl_get('u_sendpm'))
{ {
@ -130,7 +130,7 @@ class ucp_pm
} }
include($phpbb_root_path . 'includes/ucp/ucp_pm_compose.' . $phpEx); include($phpbb_root_path . 'includes/ucp/ucp_pm_compose.' . $phpEx);
compose_pm($id, $mode, $action); compose_pm($id, $mode, $action, $user_folders);
$tpl_file = 'posting_body'; $tpl_file = 'posting_body';
break; break;

31
phpBB/includes/ucp/ucp_pm_compose.php
View file

@ -20,7 +20,7 @@ if (!defined('IN_PHPBB'))
* Compose private message * Compose private message
* Called from ucp_pm with mode == 'compose' * Called from ucp_pm with mode == 'compose'
*/ */
function compose_pm($id, $mode, $action) function compose_pm($id, $mode, $action, $user_folders = array())
{ {
global $template, $db, $auth, $user; global $template, $db, $auth, $user;
global $phpbb_root_path, $phpEx, $config; global $phpbb_root_path, $phpEx, $config;
@ -135,6 +135,7 @@ function compose_pm($id, $mode, $action)
} }
$sql = ''; $sql = '';
$folder_id = 0;
// What is all this following SQL for? Well, we need to know // What is all this following SQL for? Well, we need to know
// some basic information in all cases before we do anything. // some basic information in all cases before we do anything.
@ -398,7 +399,7 @@ function compose_pm($id, $mode, $action)
unset($message_text); unset($message_text);
$s_action = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=$id&amp;mode=$mode&amp;action=$action", true, $user->session_id); $s_action = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=$id&amp;mode=$mode&amp;action=$action", true, $user->session_id);
$s_action .= ($msg_id) ? "&amp;p=$msg_id" : ''; $s_action .= (($folder_id) ? "&amp;f=$folder_id" : '') . (($msg_id) ? "&amp;p=$msg_id" : '');
// Delete triggered ? // Delete triggered ?
if ($action == 'delete') if ($action == 'delete')
@ -741,10 +742,30 @@ function compose_pm($id, $mode, $action)
$msg_id = submit_pm($action, $subject, $pm_data); $msg_id = submit_pm($action, $subject, $pm_data);
$return_message_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;mode=view&amp;p=' . $msg_id); $return_message_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;mode=view&amp;p=' . $msg_id);
$return_folder_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;folder=outbox'); $inbox_folder_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;folder=inbox');
meta_refresh(3, $return_message_url); $outbox_folder_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;folder=outbox');
$message = $user->lang['MESSAGE_STORED'] . '<br /><br />' . sprintf($user->lang['VIEW_PRIVATE_MESSAGE'], '<a href="' . $return_message_url . '">', '</a>') . '<br /><br />' . sprintf($user->lang['CLICK_RETURN_FOLDER'], '<a href="' . $return_folder_url . '">', '</a>', $user->lang['PM_OUTBOX']); $folder_url = '';
if (($folder_id > 0) && isset($user_folders[$folder_id]))
{
$folder_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;folder=' . $folder_id);
}
$return_box_url = ($action === 'post' || $action === 'edit') ? $outbox_folder_url : $inbox_folder_url;
$return_box_lang = ($action === 'post' || $action === 'edit') ? 'PM_OUTBOX' : 'PM_INBOX';
$message = $user->lang['MESSAGE_STORED'] . '<br /><br />' . sprintf($user->lang['VIEW_PRIVATE_MESSAGE'], '<a href="' . $return_message_url . '">', '</a>');
$last_click_type = 'CLICK_RETURN_FOLDER';
if ($folder_url)
{
$message .= '<br /><br />' . sprintf($user->lang['CLICK_RETURN_FOLDER'], '<a href="' . $folder_url . '">', '</a>', $user_folders[$folder_id]['folder_name']);
$last_click_type = 'CLICK_GOTO_FOLDER';
}
$message .= '<br /><br />' . sprintf($user->lang[$last_click_type], '<a href="' . $return_box_url . '">', '</a>', $user->lang[$return_box_lang]);
meta_refresh(3, $return_message_url);
trigger_error($message); trigger_error($message);
} }

1
phpBB/includes/ucp/ucp_pm_viewfolder.php
View file

@ -169,6 +169,7 @@ function view_folder($id, $mode, $folder_id, $folder)
'PM_IMG' => ($row_indicator) ? $user->img('pm_' . $row_indicator, '') : '', 'PM_IMG' => ($row_indicator) ? $user->img('pm_' . $row_indicator, '') : '',
'ATTACH_ICON_IMG' => ($auth->acl_get('u_pm_download') && $row['message_attachment'] && $config['allow_pm_attach']) ? $user->img('icon_topic_attach', $user->lang['TOTAL_ATTACHMENTS']) : '', 'ATTACH_ICON_IMG' => ($auth->acl_get('u_pm_download') && $row['message_attachment'] && $config['allow_pm_attach']) ? $user->img('icon_topic_attach', $user->lang['TOTAL_ATTACHMENTS']) : '',
'S_PM_UNREAD' => ($row['pm_unread']) ? true : false,
'S_PM_DELETED' => ($row['pm_deleted']) ? true : false, 'S_PM_DELETED' => ($row['pm_deleted']) ? true : false,
'S_PM_REPORTED' => (isset($row['report_id'])) ? true : false, 'S_PM_REPORTED' => (isset($row['report_id'])) ? true : false,
'S_AUTHOR_DELETED' => ($row['author_id'] == ANONYMOUS) ? true : false, 'S_AUTHOR_DELETED' => ($row['author_id'] == ANONYMOUS) ? true : false,

5
phpBB/includes/ucp/ucp_pm_viewmessage.php
View file

@ -172,6 +172,8 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row)
// Number of "to" recipients // Number of "to" recipients
$num_recipients = (int) preg_match_all('/:?(u|g)_([0-9]+):?/', $message_row['to_address'], $match); $num_recipients = (int) preg_match_all('/:?(u|g)_([0-9]+):?/', $message_row['to_address'], $match);
$bbcode_status = ($config['allow_bbcode'] && $config['auth_bbcode_pm'] && $auth->acl_get('u_pm_bbcode')) ? true : false;
$template->assign_vars(array( $template->assign_vars(array(
'MESSAGE_AUTHOR_FULL' => get_username_string('full', $author_id, $user_info['username'], $user_info['user_colour'], $user_info['username']), 'MESSAGE_AUTHOR_FULL' => get_username_string('full', $author_id, $user_info['username'], $user_info['user_colour'], $user_info['username']),
'MESSAGE_AUTHOR_COLOUR' => get_username_string('colour', $author_id, $user_info['username'], $user_info['user_colour'], $user_info['username']), 'MESSAGE_AUTHOR_COLOUR' => get_username_string('colour', $author_id, $user_info['username'], $user_info['user_colour'], $user_info['username']),
@ -206,7 +208,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row)
'U_PM' => ($config['allow_privmsg'] && $auth->acl_get('u_sendpm') && ($user_info['user_allow_pm'] || $auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_'))) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;mode=compose&amp;u=' . $author_id) : '', 'U_PM' => ($config['allow_privmsg'] && $auth->acl_get('u_sendpm') && ($user_info['user_allow_pm'] || $auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_'))) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;mode=compose&amp;u=' . $author_id) : '',
'U_WWW' => (!empty($user_info['user_website'])) ? $user_info['user_website'] : '', 'U_WWW' => (!empty($user_info['user_website'])) ? $user_info['user_website'] : '',
'U_ICQ' => ($user_info['user_icq']) ? 'http://www.icq.com/people/webmsg.php?to=' . urlencode($user_info['user_icq']) : '', 'U_ICQ' => ($user_info['user_icq']) ? 'http://www.icq.com/people' . urlencode($user_info['user_icq']) . '/' : '',
'U_AIM' => ($user_info['user_aim'] && $auth->acl_get('u_sendim')) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=contact&amp;action=aim&amp;u=' . $author_id) : '', 'U_AIM' => ($user_info['user_aim'] && $auth->acl_get('u_sendim')) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=contact&amp;action=aim&amp;u=' . $author_id) : '',
'U_YIM' => ($user_info['user_yim']) ? 'http://edit.yahoo.com/config/send_webmesg?.target=' . urlencode($user_info['user_yim']) . '&amp;.src=pg' : '', 'U_YIM' => ($user_info['user_yim']) ? 'http://edit.yahoo.com/config/send_webmesg?.target=' . urlencode($user_info['user_yim']) . '&amp;.src=pg' : '',
'U_MSN' => ($user_info['user_msnm'] && $auth->acl_get('u_sendim')) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=contact&amp;action=msnm&amp;u=' . $author_id) : '', 'U_MSN' => ($user_info['user_msnm'] && $auth->acl_get('u_sendim')) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=contact&amp;action=msnm&amp;u=' . $author_id) : '',
@ -229,6 +231,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row)
'S_AUTHOR_DELETED' => ($author_id == ANONYMOUS) ? true : false, 'S_AUTHOR_DELETED' => ($author_id == ANONYMOUS) ? true : false,
'S_SPECIAL_FOLDER' => in_array($folder_id, array(PRIVMSGS_NO_BOX, PRIVMSGS_OUTBOX)), 'S_SPECIAL_FOLDER' => in_array($folder_id, array(PRIVMSGS_NO_BOX, PRIVMSGS_OUTBOX)),
'S_PM_RECIPIENTS' => $num_recipients, 'S_PM_RECIPIENTS' => $num_recipients,
'S_BBCODE_ALLOWED' => ($bbcode_status) ? 1 : 0,
'U_PRINT_PM' => ($config['print_pm'] && $auth->acl_get('u_pm_printpm')) ? "$url&amp;f=$folder_id&amp;p=" . $message_row['msg_id'] . "&amp;view=print" : '', 'U_PRINT_PM' => ($config['print_pm'] && $auth->acl_get('u_pm_printpm')) ? "$url&amp;f=$folder_id&amp;p=" . $message_row['msg_id'] . "&amp;view=print" : '',
'U_FORWARD_PM' => ($config['forward_pm'] && $auth->acl_get('u_sendpm') && $auth->acl_get('u_pm_forward')) ? "$url&amp;mode=compose&amp;action=forward&amp;f=$folder_id&amp;p=" . $message_row['msg_id'] : '') 'U_FORWARD_PM' => ($config['forward_pm'] && $auth->acl_get('u_sendpm') && $auth->acl_get('u_pm_forward')) ? "$url&amp;mode=compose&amp;action=forward&amp;f=$folder_id&amp;p=" . $message_row['msg_id'] : '')

2
phpBB/includes/ucp/ucp_prefs.php
View file

@ -65,7 +65,7 @@ class ucp_prefs
$error = validate_data($data, array( $error = validate_data($data, array(
'dateformat' => array('string', false, 1, 30), 'dateformat' => array('string', false, 1, 30),
'lang' => array('match', false, '#^[a-z0-9_\-]{2,}$#i'), 'lang' => array('language_iso_name'),
'tz' => array('num', false, -14, 14), 'tz' => array('num', false, -14, 14),
)); ));

4
phpBB/includes/ucp/ucp_register.php
View file

@ -56,7 +56,7 @@ class ucp_register
{ {
$use_lang = ($change_lang) ? basename($change_lang) : basename($user_lang); $use_lang = ($change_lang) ? basename($change_lang) : basename($user_lang);
if (file_exists($user->lang_path . $use_lang . '/')) if (!validate_language_iso_name($use_lang))
{ {
if ($change_lang) if ($change_lang)
{ {
@ -210,7 +210,7 @@ class ucp_register
array('email')), array('email')),
'email_confirm' => array('string', false, 6, 60), 'email_confirm' => array('string', false, 6, 60),
'tz' => array('num', false, -14, 14), 'tz' => array('num', false, -14, 14),
'lang' => array('match', false, '#^[a-z_\-]{2,}$#i'), 'lang' => array('language_iso_name'),
)); ));
if (!check_form_key('ucp_register')) if (!check_form_key('ucp_register'))

4
phpBB/install/convertors/convert_phpbb20.php
View file

@ -32,7 +32,7 @@ unset($dbpasswd);
$convertor_data = array( $convertor_data = array(
'forum_name' => 'phpBB 2.0.x', 'forum_name' => 'phpBB 2.0.x',
'version' => '1.0.3', 'version' => '1.0.3',
'phpbb_version' => '3.0.8', 'phpbb_version' => '3.0.9',
'author' => '<a href="http://www.phpbb.com/">phpBB Group</a>', 'author' => '<a href="http://www.phpbb.com/">phpBB Group</a>',
'dbms' => $dbms, 'dbms' => $dbms,
'dbhost' => $dbhost, 'dbhost' => $dbhost,
@ -134,7 +134,7 @@ $config_schema = array(
'avatar_filesize' => 'avatar_filesize', 'avatar_filesize' => 'avatar_filesize',
'avatar_max_width' => 'avatar_max_width', 'avatar_max_width' => 'avatar_max_width',
'avatar_max_height' => 'avatar_max_height', 'avatar_max_height' => 'avatar_max_height',
'default_dateformat' => 'default_dateformat', 'default_dateformat' => 'phpbb_set_encoding(default_dateformat)',
'board_timezone' => 'board_timezone', 'board_timezone' => 'board_timezone',
'allow_privmsg' => 'not(privmsg_disable)', 'allow_privmsg' => 'not(privmsg_disable)',
'gzip_compress' => 'gzip_compress', 'gzip_compress' => 'gzip_compress',

3
phpBB/install/convertors/functions_phpbb20.php
View file

@ -94,6 +94,7 @@ function phpbb_insert_forums()
{ {
case 'mssql': case 'mssql':
case 'mssql_odbc': case 'mssql_odbc':
case 'mssqlnative':
$db->sql_query('SET IDENTITY_INSERT ' . FORUMS_TABLE . ' ON'); $db->sql_query('SET IDENTITY_INSERT ' . FORUMS_TABLE . ' ON');
break; break;
} }
@ -291,6 +292,7 @@ function phpbb_insert_forums()
case 'mssql': case 'mssql':
case 'mssql_odbc': case 'mssql_odbc':
case 'mssqlnative':
$db->sql_query('SET IDENTITY_INSERT ' . FORUMS_TABLE . ' OFF'); $db->sql_query('SET IDENTITY_INSERT ' . FORUMS_TABLE . ' OFF');
break; break;
@ -1727,6 +1729,7 @@ function phpbb_create_userconv_table()
case 'mssql': case 'mssql':
case 'mssql_odbc': case 'mssql_odbc':
case 'mssqlnative':
$map_dbms = 'mssql'; $map_dbms = 'mssql';
break; break;

479
phpBB/install/database_update.php
View file

@ -8,17 +8,21 @@
* *
*/ */
$updates_to_version = '3.0.8'; define('UPDATES_TO_VERSION', '3.0.9');
// Enter any version to update from to test updates. The version within the db will not be updated. // Enter any version to update from to test updates. The version within the db will not be updated.
$debug_from_version = false; define('DEBUG_FROM_VERSION', false);
// Which oldest version does this updater support? // Which oldest version does this updater support?
$oldest_from_version = '3.0.0'; define('OLDEST_FROM_VERSION', '3.0.0');
// Return if we "just include it" to find out for which version the database update is responsible for // Return if we "just include it" to find out for which version the database update is responsible for
if (defined('IN_PHPBB') && defined('IN_INSTALL')) if (defined('IN_PHPBB') && defined('IN_INSTALL'))
{ {
$updates_to_version = UPDATES_TO_VERSION;
$debug_from_version = DEBUG_FROM_VERSION;
$oldest_from_version = OLDEST_FROM_VERSION;
return; return;
} }
@ -30,12 +34,32 @@ define('IN_INSTALL', true);
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './../'; $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './../';
$phpEx = substr(strrchr(__FILE__, '.'), 1); $phpEx = substr(strrchr(__FILE__, '.'), 1);
// Report all errors, except notices and deprecation messages if (!function_exists('phpbb_require_updated'))
if (!defined('E_DEPRECATED'))
{ {
define('E_DEPRECATED', 8192); function phpbb_require_updated($path, $optional = false)
{
global $phpbb_root_path;
$new_path = $phpbb_root_path . 'install/update/new/' . $path;
$old_path = $phpbb_root_path . $path;
if (file_exists($new_path))
{
require($new_path);
}
else if (!$optional || file_exists($old_path))
{
require($old_path);
}
}
} }
//error_reporting(E_ALL ^ E_NOTICE ^ E_DEPRECATED);
phpbb_require_updated('includes/startup.' . $phpEx);
$updates_to_version = UPDATES_TO_VERSION;
$debug_from_version = DEBUG_FROM_VERSION;
$oldest_from_version = OLDEST_FROM_VERSION;
error_reporting(E_ALL); error_reporting(E_ALL);
@set_time_limit(0); @set_time_limit(0);
@ -68,28 +92,18 @@ require($phpbb_root_path . 'includes/auth.' . $phpEx);
require($phpbb_root_path . 'includes/functions.' . $phpEx); require($phpbb_root_path . 'includes/functions.' . $phpEx);
if (file_exists($phpbb_root_path . 'includes/functions_content.' . $phpEx)) phpbb_require_updated('includes/functions_content.' . $phpEx, true);
{
require($phpbb_root_path . 'includes/functions_content.' . $phpEx);
}
require($phpbb_root_path . 'includes/functions_admin.' . $phpEx); require($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
require($phpbb_root_path . 'includes/constants.' . $phpEx); require($phpbb_root_path . 'includes/constants.' . $phpEx);
require($phpbb_root_path . 'includes/db/' . $dbms . '.' . $phpEx); require($phpbb_root_path . 'includes/db/' . $dbms . '.' . $phpEx);
require($phpbb_root_path . 'includes/utf/utf_tools.' . $phpEx); require($phpbb_root_path . 'includes/utf/utf_tools.' . $phpEx);
// If we are on PHP >= 6.0.0 we do not need some code // new table constants are separately defined here in case the updater is run
if (version_compare(PHP_VERSION, '6.0.0-dev', '>=')) // before the files are updated
if (!defined('LOGIN_ATTEMPT_TABLE'))
{ {
/** define('LOGIN_ATTEMPT_TABLE', $table_prefix . 'login_attempts');
* @ignore
*/
define('STRIP', false);
}
else
{
@set_magic_quotes_runtime(0);
define('STRIP', (get_magic_quotes_gpc()) ? true : false);
} }
$user = new user(); $user = new user();
@ -227,7 +241,7 @@ if (empty($config['dbms_version']))
set_config('dbms_version', $db->sql_server_info(true)); set_config('dbms_version', $db->sql_server_info(true));
} }
// Firebird update from Firebord 2.0 to 2.1+ required? // Firebird update from Firebird 2.0 to 2.1+ required?
if ($db->sql_layer == 'firebird') if ($db->sql_layer == 'firebird')
{ {
// We do not trust any PHP5 function enabled, we will simply test for a function new in 2.1 // We do not trust any PHP5 function enabled, we will simply test for a function new in 2.1
@ -511,7 +525,7 @@ function _print_footer()
</div> </div>
<div id="page-footer"> <div id="page-footer">
Powered by phpBB &copy; 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a> Powered by <a href="http://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Group
</div> </div>
</div> </div>
@ -534,6 +548,16 @@ function _sql($sql, &$errored, &$error_ary, $echo_dot = true)
$db->sql_return_on_error(true); $db->sql_return_on_error(true);
if ($sql === 'begin')
{
$result = $db->sql_transaction('begin');
}
else if ($sql === 'commit')
{
$result = $db->sql_transaction('commit');
}
else
{
$result = $db->sql_query($sql); $result = $db->sql_query($sql);
if ($db->sql_error_triggered) if ($db->sql_error_triggered)
{ {
@ -541,6 +565,7 @@ function _sql($sql, &$errored, &$error_ary, $echo_dot = true)
$error_ary['sql'][] = $db->sql_error_sql; $error_ary['sql'][] = $db->sql_error_sql;
$error_ary['error_code'][] = $db->sql_error_returned; $error_ary['error_code'][] = $db->sql_error_returned;
} }
}
$db->sql_return_on_error(false); $db->sql_return_on_error(false);
@ -916,6 +941,50 @@ function database_update_info()
'3.0.7-PL1' => array(), '3.0.7-PL1' => array(),
// No changes from 3.0.8-RC1 to 3.0.8 // No changes from 3.0.8-RC1 to 3.0.8
'3.0.8-RC1' => array(), '3.0.8-RC1' => array(),
// Changes from 3.0.8 to 3.0.9-RC1
'3.0.8' => array(
'add_tables' => array(
LOGIN_ATTEMPT_TABLE => array(
'COLUMNS' => array(
// this column was removed from the database updater
// after 3.0.9-RC3 was released. It might still exist
// in 3.0.9-RCX installations and has to be dropped in
// 3.0.10 after the db_tools class is capable of properly
// removing a primary key.
// 'attempt_id' => array('UINT', NULL, 'auto_increment'),
'attempt_ip' => array('VCHAR:40', ''),
'attempt_browser' => array('VCHAR:150', ''),
'attempt_forwarded_for' => array('VCHAR:255', ''),
'attempt_time' => array('TIMESTAMP', 0),
'user_id' => array('UINT', 0),
'username' => array('VCHAR_UNI:255', 0),
'username_clean' => array('VCHAR_CI', 0),
),
//'PRIMARY_KEY' => 'attempt_id',
'KEYS' => array(
'att_ip' => array('INDEX', array('attempt_ip', 'attempt_time')),
'att_for' => array('INDEX', array('attempt_forwarded_for', 'attempt_time')),
'att_time' => array('INDEX', array('attempt_time')),
'user_id' => array('INDEX', 'user_id'),
),
),
),
'change_columns' => array(
BBCODES_TABLE => array(
'bbcode_id' => array('USINT', 0),
),
),
),
// No changes from 3.0.9-RC1 to 3.0.9-RC2
'3.0.9-RC1' => array(),
// No changes from 3.0.9-RC2 to 3.0.9-RC3
'3.0.9-RC2' => array(),
// No changes from 3.0.9-RC3 to 3.0.9-RC4
'3.0.9-RC3' => array(),
// No changes from 3.0.9-RC4 to 3.0.9
'3.0.9-RC4' => array(),
/** @todo DROP LOGIN_ATTEMPT_TABLE.attempt_id in 3.0.10-RC1 */
); );
} }
@ -1858,6 +1927,71 @@ function change_database_data(&$no_updates, $version)
// No changes from 3.0.8-RC1 to 3.0.8 // No changes from 3.0.8-RC1 to 3.0.8
case '3.0.8-RC1': case '3.0.8-RC1':
break; break;
// Changes from 3.0.8 to 3.0.9-RC1
case '3.0.8':
set_config('ip_login_limit_max', '50');
set_config('ip_login_limit_time', '21600');
set_config('ip_login_limit_use_forwarded', '0');
// Update file extension group names to use language strings, again.
$sql = 'SELECT group_id, group_name
FROM ' . EXTENSION_GROUPS_TABLE . '
WHERE group_name ' . $db->sql_like_expression('EXT_GROUP_' . $db->any_char);
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
$sql_ary = array(
'group_name' => substr($row['group_name'], 10), // Strip off 'EXT_GROUP_'
);
$sql = 'UPDATE ' . EXTENSION_GROUPS_TABLE . '
SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
WHERE group_id = ' . $row['group_id'];
_sql($sql, $errored, $error_ary);
}
$db->sql_freeresult($result);
global $db_tools, $table_prefix;
// Recover from potentially broken Q&A CAPTCHA table on firebird
// Q&A CAPTCHA was uninstallable, so it's safe to remove these
// without data loss
if ($db_tools->sql_layer == 'firebird')
{
$tables = array(
$table_prefix . 'captcha_questions',
$table_prefix . 'captcha_answers',
$table_prefix . 'qa_confirm',
);
foreach ($tables as $table)
{
if ($db_tools->sql_table_exists($table))
{
$db_tools->sql_table_drop($table);
}
}
}
$no_updates = false;
break;
// No changes from 3.0.9-RC1 to 3.0.9-RC2
case '3.0.9-RC1':
break;
// No changes from 3.0.9-RC2 to 3.0.9-RC3
case '3.0.9-RC2':
break;
// No changes from 3.0.9-RC3 to 3.0.9-RC4
case '3.0.9-RC3':
break;
// No changes from 3.0.9-RC4 to 3.0.9
case '3.0.9-RC4':
break;
} }
} }
@ -2192,6 +2326,271 @@ class updater_db_tools
} }
} }
/**
* Check if table exists
*
*
* @param string $table_name The table name to check for
* @return bool true if table exists, else false
*/
function sql_table_exists($table_name)
{
$this->db->sql_return_on_error(true);
$result = $this->db->sql_query_limit('SELECT * FROM ' . $table_name, 1);
$this->db->sql_return_on_error(false);
if ($result)
{
$this->db->sql_freeresult($result);
return true;
}
return false;
}
/**
* Create SQL Table
*
* @param string $table_name The table name to create
* @param array $table_data Array containing table data.
* @return array Statements if $return_statements is true.
*/
function sql_create_table($table_name, $table_data)
{
// holds the DDL for a column
$columns = $statements = array();
if ($this->sql_table_exists($table_name))
{
return $this->_sql_run_sql($statements);
}
// Begin transaction
$statements[] = 'begin';
// Determine if we have created a PRIMARY KEY in the earliest
$primary_key_gen = false;
// Determine if the table must be created with TEXTIMAGE
$create_textimage = false;
// Determine if the table requires a sequence
$create_sequence = false;
// Begin table sql statement
switch ($this->sql_layer)
{
case 'mssql':
case 'mssqlnative':
$table_sql = 'CREATE TABLE [' . $table_name . '] (' . "\n";
break;
default:
$table_sql = 'CREATE TABLE ' . $table_name . ' (' . "\n";
break;
}
// Iterate through the columns to create a table
foreach ($table_data['COLUMNS'] as $column_name => $column_data)
{
// here lies an array, filled with information compiled on the column's data
$prepared_column = $this->sql_prepare_column_data($table_name, $column_name, $column_data);
if (isset($prepared_column['auto_increment']) && strlen($column_name) > 26) // "${column_name}_gen"
{
trigger_error("Index name '${column_name}_gen' on table '$table_name' is too long. The maximum auto increment column length is 26 characters.", E_USER_ERROR);
}
// here we add the definition of the new column to the list of columns
switch ($this->sql_layer)
{
case 'mssql':
case 'mssqlnative':
$columns[] = "\t [{$column_name}] " . $prepared_column['column_type_sql_default'];
break;
default:
$columns[] = "\t {$column_name} " . $prepared_column['column_type_sql'];
break;
}
// see if we have found a primary key set due to a column definition if we have found it, we can stop looking
if (!$primary_key_gen)
{
$primary_key_gen = isset($prepared_column['primary_key_set']) && $prepared_column['primary_key_set'];
}
// create textimage DDL based off of the existance of certain column types
if (!$create_textimage)
{
$create_textimage = isset($prepared_column['textimage']) && $prepared_column['textimage'];
}
// create sequence DDL based off of the existance of auto incrementing columns
if (!$create_sequence && isset($prepared_column['auto_increment']) && $prepared_column['auto_increment'])
{
$create_sequence = $column_name;
}
}
// this makes up all the columns in the create table statement
$table_sql .= implode(",\n", $columns);
// Close the table for two DBMS and add to the statements
switch ($this->sql_layer)
{
case 'firebird':
$table_sql .= "\n);";
$statements[] = $table_sql;
break;
case 'mssql':
case 'mssqlnative':
$table_sql .= "\n) ON [PRIMARY]" . (($create_textimage) ? ' TEXTIMAGE_ON [PRIMARY]' : '');
$statements[] = $table_sql;
break;
}
// we have yet to create a primary key for this table,
// this means that we can add the one we really wanted instead
if (!$primary_key_gen)
{
// Write primary key
if (isset($table_data['PRIMARY_KEY']))
{
if (!is_array($table_data['PRIMARY_KEY']))
{
$table_data['PRIMARY_KEY'] = array($table_data['PRIMARY_KEY']);
}
switch ($this->sql_layer)
{
case 'mysql_40':
case 'mysql_41':
case 'postgres':
case 'sqlite':
$table_sql .= ",\n\t PRIMARY KEY (" . implode(', ', $table_data['PRIMARY_KEY']) . ')';
break;
case 'firebird':
case 'mssql':
case 'mssqlnative':
// We need the data here
$old_return_statements = $this->return_statements;
$this->return_statements = true;
$primary_key_stmts = $this->sql_create_primary_key($table_name, $table_data['PRIMARY_KEY']);
foreach ($primary_key_stmts as $pk_stmt)
{
$statements[] = $pk_stmt;
}
$this->return_statements = $old_return_statements;
break;
case 'oracle':
$table_sql .= ",\n\t CONSTRAINT pk_{$table_name} PRIMARY KEY (" . implode(', ', $table_data['PRIMARY_KEY']) . ')';
break;
}
}
}
// close the table
switch ($this->sql_layer)
{
case 'mysql_41':
// make sure the table is in UTF-8 mode
$table_sql .= "\n) CHARACTER SET `utf8` COLLATE `utf8_bin`;";
$statements[] = $table_sql;
break;
case 'mysql_40':
case 'sqlite':
$table_sql .= "\n);";
$statements[] = $table_sql;
break;
case 'postgres':
// do we need to add a sequence for auto incrementing columns?
if ($create_sequence)
{
$statements[] = "CREATE SEQUENCE {$table_name}_seq;";
}
$table_sql .= "\n);";
$statements[] = $table_sql;
break;
case 'oracle':
$table_sql .= "\n)";
$statements[] = $table_sql;
// do we need to add a sequence and a tigger for auto incrementing columns?
if ($create_sequence)
{
// create the actual sequence
$statements[] = "CREATE SEQUENCE {$table_name}_seq";
// the trigger is the mechanism by which we increment the counter
$trigger = "CREATE OR REPLACE TRIGGER t_{$table_name}\n";
$trigger .= "BEFORE INSERT ON {$table_name}\n";
$trigger .= "FOR EACH ROW WHEN (\n";
$trigger .= "\tnew.{$create_sequence} IS NULL OR new.{$create_sequence} = 0\n";
$trigger .= ")\n";
$trigger .= "BEGIN\n";
$trigger .= "\tSELECT {$table_name}_seq.nextval\n";
$trigger .= "\tINTO :new.{$create_sequence}\n";
$trigger .= "\tFROM dual;\n";
$trigger .= "END;";
$statements[] = $trigger;
}
break;
case 'firebird':
if ($create_sequence)
{
$statements[] = "CREATE GENERATOR {$table_name}_gen;";
$statements[] = "SET GENERATOR {$table_name}_gen TO 0;";
$trigger = "CREATE TRIGGER t_$table_name FOR $table_name\n";
$trigger .= "BEFORE INSERT\nAS\nBEGIN\n";
$trigger .= "\tNEW.{$create_sequence} = GEN_ID({$table_name}_gen, 1);\nEND;";
$statements[] = $trigger;
}
break;
}
// Write Keys
if (isset($table_data['KEYS']))
{
foreach ($table_data['KEYS'] as $key_name => $key_data)
{
if (!is_array($key_data[1]))
{
$key_data[1] = array($key_data[1]);
}
$old_return_statements = $this->return_statements;
$this->return_statements = true;
$key_stmts = ($key_data[0] == 'UNIQUE') ? $this->sql_create_unique_index($table_name, $key_name, $key_data[1]) : $this->sql_create_index($table_name, $key_name, $key_data[1]);
foreach ($key_stmts as $key_stmt)
{
$statements[] = $key_stmt;
}
$this->return_statements = $old_return_statements;
}
}
// Commit Transaction
$statements[] = 'commit';
return $this->_sql_run_sql($statements);
}
/** /**
* Handle passed database update array. * Handle passed database update array.
* Expected structure... * Expected structure...
@ -2229,6 +2628,19 @@ class updater_db_tools
$sqlite = true; $sqlite = true;
} }
// Add tables?
if (!empty($schema_changes['add_tables']))
{
foreach ($schema_changes['add_tables'] as $table => $table_data)
{
$result = $this->sql_create_table($table, $table_data);
if ($this->return_statements)
{
$statements = array_merge($statements, $result);
}
}
}
// Change columns? // Change columns?
if (!empty($schema_changes['change_columns'])) if (!empty($schema_changes['change_columns']))
{ {
@ -2978,6 +3390,11 @@ class updater_db_tools
*/ */
function sql_prepare_column_data($table_name, $column_name, $column_data) function sql_prepare_column_data($table_name, $column_name, $column_data)
{ {
if (strlen($column_name) > 30)
{
trigger_error("Column name '$column_name' on table '$table_name' is too long. The maximum is 30 characters.", E_USER_ERROR);
}
// Get type // Get type
if (strpos($column_data[0], ':') !== false) if (strpos($column_data[0], ':') !== false)
{ {
@ -3551,6 +3968,13 @@ class updater_db_tools
{ {
$statements = array(); $statements = array();
$table_prefix = substr(CONFIG_TABLE, 0, -6); // strlen(config)
if (strlen($table_name . $index_name) - strlen($table_prefix) > 24)
{
$max_length = $table_prefix + 24;
trigger_error("Index name '{$table_name}_$index_name' on table '$table_name' is too long. The maximum is $max_length characters.", E_USER_ERROR);
}
switch ($this->sql_layer) switch ($this->sql_layer)
{ {
case 'firebird': case 'firebird':
@ -3581,6 +4005,13 @@ class updater_db_tools
{ {
$statements = array(); $statements = array();
$table_prefix = substr(CONFIG_TABLE, 0, -6); // strlen(config)
if (strlen($table_name . $index_name) - strlen($table_prefix) > 24)
{
$max_length = $table_prefix + 24;
trigger_error("Index name '{$table_name}_$index_name' on table '$table_name' is too long. The maximum is $max_length characters.", E_USER_ERROR);
}
// remove index length unless MySQL4 // remove index length unless MySQL4
if ('mysql_40' != $this->sql_layer) if ('mysql_40' != $this->sql_layer)
{ {

107
phpBB/install/index.php
View file

@ -18,110 +18,30 @@ define('IN_INSTALL', true);
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './../'; $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './../';
$phpEx = substr(strrchr(__FILE__, '.'), 1); $phpEx = substr(strrchr(__FILE__, '.'), 1);
// Report all errors, except notices and deprecation messages
if (!defined('E_DEPRECATED'))
{
define('E_DEPRECATED', 8192);
}
error_reporting(E_ALL ^ E_NOTICE ^ E_DEPRECATED);
// @todo Review this test and see if we can find out what it is which prevents PHP 4.2.x from even displaying the page with requirements on it // @todo Review this test and see if we can find out what it is which prevents PHP 4.2.x from even displaying the page with requirements on it
if (version_compare(PHP_VERSION, '4.3.3') < 0) if (version_compare(PHP_VERSION, '4.3.3') < 0)
{ {
die('You are running an unsupported PHP version. Please upgrade to PHP 4.3.3 or higher before trying to install phpBB 3.0'); die('You are running an unsupported PHP version. Please upgrade to PHP 4.3.3 or higher before trying to install phpBB 3.0');
} }
/* function phpbb_require_updated($path, $optional = false)
* Remove variables created by register_globals from the global scope
* Thanks to Matt Kavanagh
*/
function deregister_globals()
{ {
$not_unset = array( global $phpbb_root_path;
'GLOBALS' => true,
'_GET' => true,
'_POST' => true,
'_COOKIE' => true,
'_REQUEST' => true,
'_SERVER' => true,
'_SESSION' => true,
'_ENV' => true,
'_FILES' => true,
'phpEx' => true,
'phpbb_root_path' => true
);
// Not only will array_merge and array_keys give a warning if $new_path = $phpbb_root_path . 'install/update/new/' . $path;
// a parameter is not an array, array_merge will actually fail. $old_path = $phpbb_root_path . $path;
// So we check if _SESSION has been initialised.
if (!isset($_SESSION) || !is_array($_SESSION))
{
$_SESSION = array();
}
// Merge all into one extremely huge array; unset this later if (file_exists($new_path))
$input = array_merge(
array_keys($_GET),
array_keys($_POST),
array_keys($_COOKIE),
array_keys($_SERVER),
array_keys($_SESSION),
array_keys($_ENV),
array_keys($_FILES)
);
foreach ($input as $varname)
{ {
if (isset($not_unset[$varname])) require($new_path);
}
else if (!$optional || file_exists($old_path))
{ {
// Hacking attempt. No point in continuing unless it's a COOKIE require($old_path);
if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS']))
{
exit;
} }
else
{
$cookie = &$_COOKIE;
while (isset($cookie['GLOBALS']))
{
foreach ($cookie['GLOBALS'] as $registered_var => $value)
{
if (!isset($not_unset[$registered_var]))
{
unset($GLOBALS[$registered_var]);
}
}
$cookie = &$cookie['GLOBALS'];
}
}
}
unset($GLOBALS[$varname]);
}
unset($input);
} }
// If we are on PHP >= 6.0.0 we do not need some code phpbb_require_updated('includes/startup.' . $phpEx);
if (version_compare(PHP_VERSION, '6.0.0-dev', '>='))
{
/**
* @ignore
*/
define('STRIP', false);
}
else
{
@set_magic_quotes_runtime(0);
// Be paranoid with passed vars
if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on')
{
deregister_globals();
}
define('STRIP', (get_magic_quotes_gpc()) ? true : false);
}
// Try to override some limits - maybe it helps some... // Try to override some limits - maybe it helps some...
@set_time_limit(0); @set_time_limit(0);
@ -154,10 +74,7 @@ else
// Include essential scripts // Include essential scripts
require($phpbb_root_path . 'includes/functions.' . $phpEx); require($phpbb_root_path . 'includes/functions.' . $phpEx);
if (file_exists($phpbb_root_path . 'includes/functions_content.' . $phpEx)) phpbb_require_updated('includes/functions_content.' . $phpEx, true);
{
require($phpbb_root_path . 'includes/functions_content.' . $phpEx);
}
include($phpbb_root_path . 'includes/auth.' . $phpEx); include($phpbb_root_path . 'includes/auth.' . $phpEx);
include($phpbb_root_path . 'includes/session.' . $phpEx); include($phpbb_root_path . 'includes/session.' . $phpEx);
@ -652,7 +569,7 @@ class module
echo ' </div>'; echo ' </div>';
echo ' </div>'; echo ' </div>';
echo ' <div id="page-footer">'; echo ' <div id="page-footer">';
echo ' Powered by phpBB &copy; 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a>'; echo ' Powered by <a href="http://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Group';
echo ' </div>'; echo ' </div>';
echo '</div>'; echo '</div>';
echo '</body>'; echo '</body>';

2
phpBB/install/install_install.php
View file

@ -1882,7 +1882,7 @@ class install_install extends module
if (!$user_id) if (!$user_id)
{ {
// If we can't insert this user then continue to the next one to avoid inconsistant data // If we can't insert this user then continue to the next one to avoid inconsistent data
$this->p_master->db_error('Unable to insert bot into users table', $db->sql_error_sql, __LINE__, __FILE__, true); $this->p_master->db_error('Unable to insert bot into users table', $db->sql_error_sql, __LINE__, __FILE__, true);
continue; continue;
} }

18
phpBB/install/schemas/firebird_schema.sql
View file

@ -1,5 +1,5 @@
# #
# $Id$ # $Id: $
# #
@ -545,6 +545,22 @@ BEGIN
END;; END;;
# Table: 'phpbb_login_attempts'
CREATE TABLE phpbb_login_attempts (
attempt_ip VARCHAR(40) CHARACTER SET NONE DEFAULT '' NOT NULL,
attempt_browser VARCHAR(150) CHARACTER SET NONE DEFAULT '' NOT NULL,
attempt_forwarded_for VARCHAR(255) CHARACTER SET NONE DEFAULT '' NOT NULL,
attempt_time INTEGER DEFAULT 0 NOT NULL,
user_id INTEGER DEFAULT 0 NOT NULL,
username VARCHAR(255) CHARACTER SET UTF8 DEFAULT 0 NOT NULL COLLATE UNICODE,
username_clean VARCHAR(255) CHARACTER SET UTF8 DEFAULT 0 NOT NULL COLLATE UNICODE
);;
CREATE INDEX phpbb_login_attempts_att_ip ON phpbb_login_attempts(attempt_ip, attempt_time);;
CREATE INDEX phpbb_login_attempts_att_for ON phpbb_login_attempts(attempt_forwarded_for, attempt_time);;
CREATE INDEX phpbb_login_attempts_att_time ON phpbb_login_attempts(attempt_time);;
CREATE INDEX phpbb_login_attempts_user_id ON phpbb_login_attempts(user_id);;
# Table: 'phpbb_moderator_cache' # Table: 'phpbb_moderator_cache'
CREATE TABLE phpbb_moderator_cache ( CREATE TABLE phpbb_moderator_cache (
forum_id INTEGER DEFAULT 0 NOT NULL, forum_id INTEGER DEFAULT 0 NOT NULL,

30
phpBB/install/schemas/mssql_schema.sql
View file

@ -1,6 +1,6 @@
/* /*
$Id$ $Id: $
*/ */
@ -649,6 +649,33 @@ CREATE INDEX [user_id] ON [phpbb_log]([user_id]) ON [PRIMARY]
GO GO
/*
Table: 'phpbb_login_attempts'
*/
CREATE TABLE [phpbb_login_attempts] (
[attempt_ip] [varchar] (40) DEFAULT ('') NOT NULL ,
[attempt_browser] [varchar] (150) DEFAULT ('') NOT NULL ,
[attempt_forwarded_for] [varchar] (255) DEFAULT ('') NOT NULL ,
[attempt_time] [int] DEFAULT (0) NOT NULL ,
[user_id] [int] DEFAULT (0) NOT NULL ,
[username] [varchar] (255) DEFAULT (0) NOT NULL ,
[username_clean] [varchar] (255) DEFAULT (0) NOT NULL
) ON [PRIMARY]
GO
CREATE INDEX [att_ip] ON [phpbb_login_attempts]([attempt_ip], [attempt_time]) ON [PRIMARY]
GO
CREATE INDEX [att_for] ON [phpbb_login_attempts]([attempt_forwarded_for], [attempt_time]) ON [PRIMARY]
GO
CREATE INDEX [att_time] ON [phpbb_login_attempts]([attempt_time]) ON [PRIMARY]
GO
CREATE INDEX [user_id] ON [phpbb_login_attempts]([user_id]) ON [PRIMARY]
GO
/* /*
Table: 'phpbb_moderator_cache' Table: 'phpbb_moderator_cache'
*/ */
@ -1730,3 +1757,4 @@ ALTER TABLE [phpbb_zebra] WITH NOCHECK ADD
) ON [PRIMARY] ) ON [PRIMARY]
GO GO

20
phpBB/install/schemas/mysql_40_schema.sql
View file

@ -1,5 +1,5 @@
# #
# $Id$ # $Id: $
# #
# Table: 'phpbb_attachments' # Table: 'phpbb_attachments'
@ -110,7 +110,7 @@ CREATE TABLE phpbb_banlist (
# Table: 'phpbb_bbcodes' # Table: 'phpbb_bbcodes'
CREATE TABLE phpbb_bbcodes ( CREATE TABLE phpbb_bbcodes (
bbcode_id tinyint(3) DEFAULT '0' NOT NULL, bbcode_id smallint(4) UNSIGNED DEFAULT '0' NOT NULL,
bbcode_tag varbinary(16) DEFAULT '' NOT NULL, bbcode_tag varbinary(16) DEFAULT '' NOT NULL,
bbcode_helpline blob NOT NULL, bbcode_helpline blob NOT NULL,
display_on_posting tinyint(1) UNSIGNED DEFAULT '0' NOT NULL, display_on_posting tinyint(1) UNSIGNED DEFAULT '0' NOT NULL,
@ -369,6 +369,22 @@ CREATE TABLE phpbb_log (
); );
# Table: 'phpbb_login_attempts'
CREATE TABLE phpbb_login_attempts (
attempt_ip varbinary(40) DEFAULT '' NOT NULL,
attempt_browser varbinary(150) DEFAULT '' NOT NULL,
attempt_forwarded_for varbinary(255) DEFAULT '' NOT NULL,
attempt_time int(11) UNSIGNED DEFAULT '0' NOT NULL,
user_id mediumint(8) UNSIGNED DEFAULT '0' NOT NULL,
username blob NOT NULL,
username_clean blob NOT NULL,
KEY att_ip (attempt_ip, attempt_time),
KEY att_for (attempt_forwarded_for, attempt_time),
KEY att_time (attempt_time),
KEY user_id (user_id)
);
# Table: 'phpbb_moderator_cache' # Table: 'phpbb_moderator_cache'
CREATE TABLE phpbb_moderator_cache ( CREATE TABLE phpbb_moderator_cache (
forum_id mediumint(8) UNSIGNED DEFAULT '0' NOT NULL, forum_id mediumint(8) UNSIGNED DEFAULT '0' NOT NULL,

20
phpBB/install/schemas/mysql_41_schema.sql
View file

@ -1,5 +1,5 @@
# #
# $Id$ # $Id: $
# #
# Table: 'phpbb_attachments' # Table: 'phpbb_attachments'
@ -110,7 +110,7 @@ CREATE TABLE phpbb_banlist (
# Table: 'phpbb_bbcodes' # Table: 'phpbb_bbcodes'
CREATE TABLE phpbb_bbcodes ( CREATE TABLE phpbb_bbcodes (
bbcode_id tinyint(3) DEFAULT '0' NOT NULL, bbcode_id smallint(4) UNSIGNED DEFAULT '0' NOT NULL,
bbcode_tag varchar(16) DEFAULT '' NOT NULL, bbcode_tag varchar(16) DEFAULT '' NOT NULL,
bbcode_helpline varchar(255) DEFAULT '' NOT NULL, bbcode_helpline varchar(255) DEFAULT '' NOT NULL,
display_on_posting tinyint(1) UNSIGNED DEFAULT '0' NOT NULL, display_on_posting tinyint(1) UNSIGNED DEFAULT '0' NOT NULL,
@ -369,6 +369,22 @@ CREATE TABLE phpbb_log (
) CHARACTER SET `utf8` COLLATE `utf8_bin`; ) CHARACTER SET `utf8` COLLATE `utf8_bin`;
# Table: 'phpbb_login_attempts'
CREATE TABLE phpbb_login_attempts (
attempt_ip varchar(40) DEFAULT '' NOT NULL,
attempt_browser varchar(150) DEFAULT '' NOT NULL,
attempt_forwarded_for varchar(255) DEFAULT '' NOT NULL,
attempt_time int(11) UNSIGNED DEFAULT '0' NOT NULL,
user_id mediumint(8) UNSIGNED DEFAULT '0' NOT NULL,
username varchar(255) DEFAULT '0' NOT NULL,
username_clean varchar(255) DEFAULT '0' NOT NULL,
KEY att_ip (attempt_ip, attempt_time),
KEY att_for (attempt_forwarded_for, attempt_time),
KEY att_time (attempt_time),
KEY user_id (user_id)
) CHARACTER SET `utf8` COLLATE `utf8_bin`;
# Table: 'phpbb_moderator_cache' # Table: 'phpbb_moderator_cache'
CREATE TABLE phpbb_moderator_cache ( CREATE TABLE phpbb_moderator_cache (
forum_id mediumint(8) UNSIGNED DEFAULT '0' NOT NULL, forum_id mediumint(8) UNSIGNED DEFAULT '0' NOT NULL,

27
phpBB/install/schemas/oracle_schema.sql
View file

@ -1,6 +1,6 @@
/* /*
$Id$ $Id: $
*/ */
@ -254,7 +254,7 @@ END;
Table: 'phpbb_bbcodes' Table: 'phpbb_bbcodes'
*/ */
CREATE TABLE phpbb_bbcodes ( CREATE TABLE phpbb_bbcodes (
bbcode_id number(3) DEFAULT '0' NOT NULL, bbcode_id number(4) DEFAULT '0' NOT NULL,
bbcode_tag varchar2(16) DEFAULT '' , bbcode_tag varchar2(16) DEFAULT '' ,
bbcode_helpline varchar2(765) DEFAULT '' , bbcode_helpline varchar2(765) DEFAULT '' ,
display_on_posting number(1) DEFAULT '0' NOT NULL, display_on_posting number(1) DEFAULT '0' NOT NULL,
@ -740,6 +740,29 @@ END;
/ /
/*
Table: 'phpbb_login_attempts'
*/
CREATE TABLE phpbb_login_attempts (
attempt_ip varchar2(40) DEFAULT '' ,
attempt_browser varchar2(150) DEFAULT '' ,
attempt_forwarded_for varchar2(255) DEFAULT '' ,
attempt_time number(11) DEFAULT '0' NOT NULL,
user_id number(8) DEFAULT '0' NOT NULL,
username varchar2(765) DEFAULT '0' NOT NULL,
username_clean varchar2(255) DEFAULT '0' NOT NULL
)
/
CREATE INDEX phpbb_login_attempts_att_ip ON phpbb_login_attempts (attempt_ip, attempt_time)
/
CREATE INDEX phpbb_login_attempts_att_for ON phpbb_login_attempts (attempt_forwarded_for, attempt_time)
/
CREATE INDEX phpbb_login_attempts_att_time ON phpbb_login_attempts (attempt_time)
/
CREATE INDEX phpbb_login_attempts_user_id ON phpbb_login_attempts (user_id)
/
/* /*
Table: 'phpbb_moderator_cache' Table: 'phpbb_moderator_cache'
*/ */

Some files were not shown because too many files have changed in this diff Show more