diff --git a/phpBB/admin/admin_board.php b/phpBB/admin/admin_board.php
index 9983d51483..e2273c2877 100644
--- a/phpBB/admin/admin_board.php
+++ b/phpBB/admin/admin_board.php
@@ -47,6 +47,11 @@ else
$new[$config_name] = ( isset($HTTP_POST_VARS[$config_name]) ) ? $HTTP_POST_VARS[$config_name] : $default_config[$config_name];
+ if ($config_name == 'cookie_name')
+ {
+ $cookie_name = str_replace('.', '_', $new['cookie_name']);
+ }
+
if( isset($HTTP_POST_VARS['submit']) )
{
$sql = "UPDATE " . CONFIG_TABLE . " SET
diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html
index eb23edef55..c6595817b5 100644
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@@ -152,6 +152,11 @@ p,ul,td {font-size:10pt;}
Fixed continuing redirect issues for broken web servers, e.g. IIS+CGI PHP
Fixed inability to use ftp as a protocol for the [img] tag
Fixed incorrect handling of [img] tags containing %20 encoded spaces
+Added check for . within cookie_name, change to _ if present
+Added SHOW_ONLINE constant to limit "users online" code operation to index and viewforum
+Added "temporary" workaround for Apache2 + PHP module ignoring "private" cache header
+Added workaround for modcp IP lookup and links to Anonymous user profile
+Fixed broken bbcode parsing of quotes containing bbcode in the "username"
diff --git a/phpBB/includes/bbcode.php b/phpBB/includes/bbcode.php
index e074faa88a..45480e49a5 100644
--- a/phpBB/includes/bbcode.php
+++ b/phpBB/includes/bbcode.php
@@ -149,6 +149,14 @@ function bbencode_second_pass($text, $uid)
// [CODE] and [/CODE] for posting code (HTML, PHP, C etc etc) in your posts.
$text = bbencode_second_pass_code($text, $uid, $bbcode_tpl);
+ // [QUOTE] and [/QUOTE] for posting replies with quote, or just for quoting stuff.
+ $text = str_replace("[quote:$uid]", $bbcode_tpl['quote_open'], $text);
+ $text = str_replace("[/quote:$uid]", $bbcode_tpl['quote_close'], $text);
+
+ // New one liner to deal with opening quotes with usernames...
+ // replaces the two line version that I had here before..
+ $text = preg_replace("/\[quote:$uid=\"(.*?)\"\]/si", $bbcode_tpl['quote_username_open'], $text);
+
// [list] and [list=x] for (un)ordered lists.
// unordered lists
$text = str_replace("[list:$uid]", $bbcode_tpl['ulist_open'], $text);
@@ -168,14 +176,6 @@ function bbencode_second_pass($text, $uid)
$text = preg_replace("/\[size=([1-2]?[0-9]):$uid\]/si", $bbcode_tpl['size_open'], $text);
$text = str_replace("[/size:$uid]", $bbcode_tpl['size_close'], $text);
- // [QUOTE] and [/QUOTE] for posting replies with quote, or just for quoting stuff.
- $text = str_replace("[quote:$uid]", $bbcode_tpl['quote_open'], $text);
- $text = str_replace("[/quote:$uid]", $bbcode_tpl['quote_close'], $text);
-
- // New one liner to deal with opening quotes with usernames...
- // replaces the two line version that I had here before..
- $text = preg_replace("/\[quote:$uid=(?:\"?([^\"]*)\"?)\]/si", $bbcode_tpl['quote_username_open'], $text);
-
// [b] and [/b] for bolding text.
$text = str_replace("[b:$uid]", $bbcode_tpl['b_open'], $text);
$text = str_replace("[/b:$uid]", $bbcode_tpl['b_close'], $text);
diff --git a/phpBB/includes/page_header.php b/phpBB/includes/page_header.php
index 7ba0a31696..e0c000a6b4 100644
--- a/phpBB/includes/page_header.php
+++ b/phpBB/includes/page_header.php
@@ -87,166 +87,171 @@ $s_last_visit = ( $userdata['session_logged_in'] ) ? create_date($board_config['
// Get basic (usernames + totals) online
// situation
//
-$user_forum_sql = ( !empty($forum_id) ) ? "AND s.session_page = " . intval($forum_id) : '';
-$sql = "SELECT u.username, u.user_id, u.user_allow_viewonline, u.user_level, s.session_logged_in, s.session_ip
- FROM ".USERS_TABLE." u, ".SESSIONS_TABLE." s
- WHERE u.user_id = s.session_user_id
- AND s.session_time >= ".( time() - 300 ) . "
- $user_forum_sql
- ORDER BY u.username ASC, s.session_ip ASC";
-if( !($result = $db->sql_query($sql)) )
-{
- message_die(GENERAL_ERROR, 'Could not obtain user/online information', '', __LINE__, __FILE__, $sql);
-}
-
-$userlist_ary = array();
-$userlist_visible = array();
-
$logged_visible_online = 0;
$logged_hidden_online = 0;
$guests_online = 0;
$online_userlist = '';
-$prev_user_id = 0;
-$prev_user_ip = '';
-
-while( $row = $db->sql_fetchrow($result) )
+if (defined('SHOW_ONLINE'))
{
- // User is logged in and therefor not a guest
- if ( $row['session_logged_in'] )
+
+ $user_forum_sql = ( !empty($forum_id) ) ? "AND s.session_page = " . intval($forum_id) : '';
+ $sql = "SELECT u.username, u.user_id, u.user_allow_viewonline, u.user_level, s.session_logged_in, s.session_ip
+ FROM ".USERS_TABLE." u, ".SESSIONS_TABLE." s
+ WHERE u.user_id = s.session_user_id
+ AND s.session_time >= ".( time() - 300 ) . "
+ $user_forum_sql
+ ORDER BY u.username ASC, s.session_ip ASC";
+ if( !($result = $db->sql_query($sql)) )
{
- // Skip multiple sessions for one user
- if ( $row['user_id'] != $prev_user_id )
+ message_die(GENERAL_ERROR, 'Could not obtain user/online information', '', __LINE__, __FILE__, $sql);
+ }
+
+ $userlist_ary = array();
+ $userlist_visible = array();
+
+ $prev_user_id = 0;
+ $prev_user_ip = '';
+
+ while( $row = $db->sql_fetchrow($result) )
+ {
+ // User is logged in and therefor not a guest
+ if ( $row['session_logged_in'] )
{
- $style_color = '';
- if ( $row['user_level'] == ADMIN )
+ // Skip multiple sessions for one user
+ if ( $row['user_id'] != $prev_user_id )
{
- $row['username'] = '' . $row['username'] . '';
- $style_color = 'style="color:#' . $theme['fontcolor3'] . '"';
- }
- else if ( $row['user_level'] == MOD )
- {
- $row['username'] = '' . $row['username'] . '';
- $style_color = 'style="color:#' . $theme['fontcolor2'] . '"';
+ $style_color = '';
+ if ( $row['user_level'] == ADMIN )
+ {
+ $row['username'] = '' . $row['username'] . '';
+ $style_color = 'style="color:#' . $theme['fontcolor3'] . '"';
+ }
+ else if ( $row['user_level'] == MOD )
+ {
+ $row['username'] = '' . $row['username'] . '';
+ $style_color = 'style="color:#' . $theme['fontcolor2'] . '"';
+ }
+
+ if ( $row['user_allow_viewonline'] )
+ {
+ $user_online_link = '' . $row['username'] . '';
+ $logged_visible_online++;
+ }
+ else
+ {
+ $user_online_link = '' . $row['username'] . '';
+ $logged_hidden_online++;
+ }
+
+ if ( $row['user_allow_viewonline'] || $userdata['user_level'] == ADMIN )
+ {
+ $online_userlist .= ( $online_userlist != '' ) ? ', ' . $user_online_link : $user_online_link;
+ }
}
- if ( $row['user_allow_viewonline'] )
+ $prev_user_id = $row['user_id'];
+ }
+ else
+ {
+ // Skip multiple sessions for one user
+ if ( $row['session_ip'] != $prev_session_ip )
{
- $user_online_link = '' . $row['username'] . '';
- $logged_visible_online++;
- }
- else
- {
- $user_online_link = '' . $row['username'] . '';
- $logged_hidden_online++;
- }
-
- if ( $row['user_allow_viewonline'] || $userdata['user_level'] == ADMIN )
- {
- $online_userlist .= ( $online_userlist != '' ) ? ', ' . $user_online_link : $user_online_link;
+ $guests_online++;
}
}
- $prev_user_id = $row['user_id'];
+ $prev_session_ip = $row['session_ip'];
+ }
+ $db->sql_freeresult($result);
+
+ if ( empty($online_userlist) )
+ {
+ $online_userlist = $lang['None'];
+ }
+ $online_userlist = ( ( isset($forum_id) ) ? $lang['Browsing_forum'] : $lang['Registered_users'] ) . ' ' . $online_userlist;
+
+ $total_online_users = $logged_visible_online + $logged_hidden_online + $guests_online;
+
+ if ( $total_online_users > $board_config['record_online_users'])
+ {
+ $board_config['record_online_users'] = $total_online_users;
+ $board_config['record_online_date'] = time();
+
+ $sql = "UPDATE " . CONFIG_TABLE . "
+ SET config_value = '$total_online_users'
+ WHERE config_name = 'record_online_users'";
+ if ( !$db->sql_query($sql) )
+ {
+ message_die(GENERAL_ERROR, 'Could not update online user record (nr of users)', '', __LINE__, __FILE__, $sql);
+ }
+
+ $sql = "UPDATE " . CONFIG_TABLE . "
+ SET config_value = '" . $board_config['record_online_date'] . "'
+ WHERE config_name = 'record_online_date'";
+ if ( !$db->sql_query($sql) )
+ {
+ message_die(GENERAL_ERROR, 'Could not update online user record (date)', '', __LINE__, __FILE__, $sql);
+ }
+ }
+
+ if ( $total_online_users == 0 )
+ {
+ $l_t_user_s = $lang['Online_users_zero_total'];
+ }
+ else if ( $total_online_users == 1 )
+ {
+ $l_t_user_s = $lang['Online_user_total'];
}
else
{
- // Skip multiple sessions for one user
- if ( $row['session_ip'] != $prev_session_ip )
- {
- $guests_online++;
- }
+ $l_t_user_s = $lang['Online_users_total'];
}
- $prev_session_ip = $row['session_ip'];
-}
-
-if ( empty($online_userlist) )
-{
- $online_userlist = $lang['None'];
-}
-$online_userlist = ( ( isset($forum_id) ) ? $lang['Browsing_forum'] : $lang['Registered_users'] ) . ' ' . $online_userlist;
-
-$total_online_users = $logged_visible_online + $logged_hidden_online + $guests_online;
-
-if ( $total_online_users > $board_config['record_online_users'])
-{
- $board_config['record_online_users'] = $total_online_users;
- $board_config['record_online_date'] = time();
-
- $sql = "UPDATE " . CONFIG_TABLE . "
- SET config_value = '$total_online_users'
- WHERE config_name = 'record_online_users'";
- if ( !$db->sql_query($sql) )
+ if ( $logged_visible_online == 0 )
{
- message_die(GENERAL_ERROR, 'Could not update online user record (nr of users)', '', __LINE__, __FILE__, $sql);
+ $l_r_user_s = $lang['Reg_users_zero_total'];
}
-
- $sql = "UPDATE " . CONFIG_TABLE . "
- SET config_value = '" . $board_config['record_online_date'] . "'
- WHERE config_name = 'record_online_date'";
- if ( !$db->sql_query($sql) )
+ else if ( $logged_visible_online == 1 )
{
- message_die(GENERAL_ERROR, 'Could not update online user record (date)', '', __LINE__, __FILE__, $sql);
+ $l_r_user_s = $lang['Reg_user_total'];
+ }
+ else
+ {
+ $l_r_user_s = $lang['Reg_users_total'];
}
-}
-if ( $total_online_users == 0 )
-{
- $l_t_user_s = $lang['Online_users_zero_total'];
-}
-else if ( $total_online_users == 1 )
-{
- $l_t_user_s = $lang['Online_user_total'];
-}
-else
-{
- $l_t_user_s = $lang['Online_users_total'];
-}
+ if ( $logged_hidden_online == 0 )
+ {
+ $l_h_user_s = $lang['Hidden_users_zero_total'];
+ }
+ else if ( $logged_hidden_online == 1 )
+ {
+ $l_h_user_s = $lang['Hidden_user_total'];
+ }
+ else
+ {
+ $l_h_user_s = $lang['Hidden_users_total'];
+ }
-if ( $logged_visible_online == 0 )
-{
- $l_r_user_s = $lang['Reg_users_zero_total'];
-}
-else if ( $logged_visible_online == 1 )
-{
- $l_r_user_s = $lang['Reg_user_total'];
-}
-else
-{
- $l_r_user_s = $lang['Reg_users_total'];
-}
+ if ( $guests_online == 0 )
+ {
+ $l_g_user_s = $lang['Guest_users_zero_total'];
+ }
+ else if ( $guests_online == 1 )
+ {
+ $l_g_user_s = $lang['Guest_user_total'];
+ }
+ else
+ {
+ $l_g_user_s = $lang['Guest_users_total'];
+ }
-if ( $logged_hidden_online == 0 )
-{
- $l_h_user_s = $lang['Hidden_users_zero_total'];
+ $l_online_users = sprintf($l_t_user_s, $total_online_users);
+ $l_online_users .= sprintf($l_r_user_s, $logged_visible_online);
+ $l_online_users .= sprintf($l_h_user_s, $logged_hidden_online);
+ $l_online_users .= sprintf($l_g_user_s, $guests_online);
}
-else if ( $logged_hidden_online == 1 )
-{
- $l_h_user_s = $lang['Hidden_user_total'];
-}
-else
-{
- $l_h_user_s = $lang['Hidden_users_total'];
-}
-
-if ( $guests_online == 0 )
-{
- $l_g_user_s = $lang['Guest_users_zero_total'];
-}
-else if ( $guests_online == 1 )
-{
- $l_g_user_s = $lang['Guest_user_total'];
-}
-else
-{
- $l_g_user_s = $lang['Guest_users_total'];
-}
-
-$l_online_users = sprintf($l_t_user_s, $total_online_users);
-$l_online_users .= sprintf($l_r_user_s, $logged_visible_online);
-$l_online_users .= sprintf($l_h_user_s, $logged_hidden_online);
-$l_online_users .= sprintf($l_g_user_s, $guests_online);
//
// Obtain number of new private messages
@@ -448,10 +453,19 @@ else
}
}
-header ('Cache-Control: private, pre-check=0, post-check=0, max-age=0');
+// Work around for "current" Apache 2 + PHP module which seems to not
+// cope with private cache control setting
+if (!empty($HTTP_SERVER_VARS['SERVER_SOFTWARE']) && strstr($HTTP_SERVER_VARS['SERVER_SOFTWARE'], 'Apache/2'))
+{
+ header ('Cache-Control: no-cache, pre-check=0, post-check=0, max-age=0');
+}
+else
+{
+ header ('Cache-Control: private, pre-check=0, post-check=0, max-age=0');
+}
header ('Expires: ' . gmdate('D, d M Y H:i:s', time()) . ' GMT');
header ('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
$template->pparse('overall_header');
-?>
+?>
\ No newline at end of file
diff --git a/phpBB/index.php b/phpBB/index.php
index e5278bb1e3..2d5419594a 100644
--- a/phpBB/index.php
+++ b/phpBB/index.php
@@ -251,6 +251,7 @@ if( ( $total_categories = count($category_rows) ) )
//
// Start output of page
//
+ define('SHOW_ONLINE', true);
$page_title = $lang['Index'];
include($phpbb_root_path . 'includes/page_header.'.$phpEx);
diff --git a/phpBB/modcp.php b/phpBB/modcp.php
index 06fa2e25ad..314d8ccd3a 100644
--- a/phpBB/modcp.php
+++ b/phpBB/modcp.php
@@ -991,7 +991,7 @@ switch( $mode )
'POSTS' => $row['postings'] . ' ' . ( ( $row['postings'] == 1 ) ? $lang['Post'] : $lang['Posts'] ),
'L_SEARCH_POSTS' => sprintf($lang['Search_user_posts'], $username),
- 'U_PROFILE' => append_sid("profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=$id"),
+ 'U_PROFILE' => ($id == ANONYMOUS) ? "modcp.$phpEx?mode=ip&" . POST_POST_URL . "=" . $post_id . "&" . POST_TOPIC_URL . "=" . $topic_id . "&sid=" . $userdata['session_id'] : append_sid("profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=$id"),
'U_SEARCHPOSTS' => append_sid("search.$phpEx?search_author=" . urlencode($username) . "&showresults=topics"))
);
diff --git a/phpBB/viewforum.php b/phpBB/viewforum.php
index cab93bd930..ac5749c216 100644
--- a/phpBB/viewforum.php
+++ b/phpBB/viewforum.php
@@ -385,6 +385,7 @@ $nav_links['up'] = array(
//
// Dump out the page header and load viewforum template
//
+define('SHOW_ONLINE', true);
$page_title = $lang['View_forum'] . ' - ' . $forum_row['forum_name'];
include($phpbb_root_path . 'includes/page_header.'.$phpEx);
diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php
index 88264fe501..b202f76184 100644
--- a/phpBB/viewtopic.php
+++ b/phpBB/viewtopic.php
@@ -996,11 +996,11 @@ for($i = 0; $i < $total_posts; $i++)
if ( $is_auth['auth_mod'] )
{
- $temp_url = append_sid("modcp.$phpEx?mode=ip&" . POST_POST_URL . "=" . $postrow[$i]['post_id'] . "&" . POST_TOPIC_URL . "=" . $topic_id);
+ $temp_url = "modcp.$phpEx?mode=ip&" . POST_POST_URL . "=" . $postrow[$i]['post_id'] . "&" . POST_TOPIC_URL . "=" . $topic_id . "&sid=" . $userdata['session_id'];
$ip_img = '![' . $lang['View_IP'] . '](' . $images['icon_ip'] . ' "' . $lang['View_IP'] . '")
';
$ip = '' . $lang['View_IP'] . '';
- $temp_url = append_sid("posting.$phpEx?mode=delete&" . POST_POST_URL . "=" . $postrow[$i]['post_id']);
+ $temp_url = "posting.$phpEx?mode=delete&" . POST_POST_URL . "=" . $postrow[$i]['post_id'] . "&sid=" . $userdata['session_id'];
$delpost_img = '![' . $lang['Delete_post'] . '](' . $images['icon_delpost'] . ' "' . $lang['Delete_post'] . '")
';
$delpost = '' . $lang['Delete_post'] . '';
}
@@ -1011,7 +1011,7 @@ for($i = 0; $i < $total_posts; $i++)
if ( $userdata['user_id'] == $poster_id && $is_auth['auth_delete'] && $forum_topic_data['topic_last_post_id'] == $postrow[$i]['post_id'] )
{
- $temp_url = append_sid("posting.$phpEx?mode=delete&" . POST_POST_URL . "=" . $postrow[$i]['post_id']);
+ $temp_url = "posting.$phpEx?mode=delete&" . POST_POST_URL . "=" . $postrow[$i]['post_id'] . "&sid=" . $userdata['session_id'];
$delpost_img = '';
$delpost = '' . $lang['Delete_post'] . '';
}