makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-08 04:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/10572] Unguarded includes in acp files

Browse source 
PHPBB3-10572
This commit is contained in:
Richard McGirr 2015-04-19 08:07:45 -04:00 committed by RMcGirr83
parent 1164cc38a2
commit d003b53922
15 changed files with 132 additions and 36 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
phpBB/includes/acp/acp_attachments.php
View file

@ -106,7 +106,10 @@ class acp_attachments
{
case 'attach':
include_once($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
if (!function_exists('get_supported_image_types'))
{
include($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
}
$sql = 'SELECT group_name, cat_id
FROM ' . EXTENSION_GROUPS_TABLE . '

5
phpBB/includes/acp/acp_ban.php
View file

@ -28,7 +28,10 @@ class acp_ban
global $user, $template, $request, $phpbb_dispatcher;
global $phpbb_root_path, $phpEx;
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
if (!function_exists('user_ban'))
{
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
}
$bansubmit = $request->is_set_post('bansubmit');
$unbansubmit = $request->is_set_post('unbansubmit');

6
phpBB/includes/acp/acp_bots.php
View file

@ -141,7 +141,11 @@ class acp_bots
case 'edit':
case 'add':
include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
if (!function_exists('user_update_name'))
{
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
}
$bot_row = array(
'bot_name' => utf8_normalize_nfc(request_var('bot_name', '', true)),

4
phpBB/includes/acp/acp_disallow.php
View file

@ -26,9 +26,7 @@ class acp_disallow
function main($id, $mode)
{
global $db, $user, $auth, $template, $cache;
global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
global $config, $phpbb_admin_path;
$user->add_lang('acp/posting');

11
phpBB/includes/acp/acp_email.php
View file

@ -189,8 +189,15 @@ class acp_email
$db->sql_freeresult($result);
// Send the messages
include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
if (!class_exists('messenger'))
{
include($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
}
if (!function_exists('get_group_name'))
{
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
}
$messenger = new messenger($use_queue);
$errored = false;

10
phpBB/includes/acp/acp_groups.php
View file

@ -42,7 +42,10 @@ class acp_groups
return;
}
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
if (!function_exists('group_user_attributes'))
{
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
}
// Check and set some common vars
$action = (isset($_POST['add'])) ? 'add' : ((isset($_POST['addusers'])) ? 'addusers' : request_var('action', ''));
@ -295,7 +298,10 @@ class acp_groups
case 'edit':
case 'add':
include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
if (!function_exists('display_forums'))
{
include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
}
$data = $submit_ary = array();

15
phpBB/includes/acp/acp_inactive.php
View file

@ -34,7 +34,10 @@ class acp_inactive
global $config, $db, $user, $auth, $template, $phpbb_container;
global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix;
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
if (!function_exists('user_active_flip'))
{
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
}
$user->add_lang('memberlist');
@ -109,7 +112,10 @@ class acp_inactive
if ($config['require_activation'] == USER_ACTIVATION_ADMIN && !empty($inactive_users))
{
include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
if (!class_exists('messenger'))
{
include($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
}
$messenger = new messenger(false);
@ -196,7 +202,10 @@ class acp_inactive
if ($row = $db->sql_fetchrow($result))
{
// Send the messages
include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
if (!class_exists('messenger'))
{
include($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
}
$messenger = new messenger();
$usernames = $user_ids = array();

5
phpBB/includes/acp/acp_jabber.php
View file

@ -34,7 +34,10 @@ class acp_jabber
$user->add_lang('acp/board');
include_once($phpbb_root_path . 'includes/functions_jabber.' . $phpEx);
if (!class_exists('jabber'))
{
include($phpbb_root_path . 'includes/functions_jabber.' . $phpEx);
}
$action = request_var('action', '');
$submit = (isset($_POST['submit'])) ? true : false;

5
phpBB/includes/acp/acp_language.php
View file

@ -34,7 +34,10 @@ class acp_language
global $config, $db, $user, $template;
global $phpbb_root_path, $phpEx, $request;
include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
if (!function_exists('validate_language_iso_name'))
{
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
}
// Check and set some common vars
$action = (isset($_POST['update_details'])) ? 'update_details' : '';

11
phpBB/includes/acp/acp_permission_roles.php
View file

@ -30,8 +30,15 @@ class acp_permission_roles
global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
global $request;
include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
include_once($phpbb_root_path . 'includes/acp/auth.' . $phpEx);
if (!function_exists('user_get_id_name'))
{
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
}
if (!class_exists('auth_admin'))
{
include($phpbb_root_path . 'includes/acp/auth.' . $phpEx);
}
$this->auth_admin = new auth_admin();

11
phpBB/includes/acp/acp_permissions.php
View file

@ -30,8 +30,15 @@ class acp_permissions
global $db, $user, $auth, $template, $cache, $phpbb_container;
global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
include_once($phpbb_root_path . 'includes/acp/auth.' . $phpEx);
if (!function_exists('user_get_id_name'))
{
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
}
if (!class_exists('auth_admin'))
{
include($phpbb_root_path . 'includes/acp/auth.' . $phpEx);
}
$this->permissions = $phpbb_container->get('acl.permissions');

11
phpBB/includes/acp/acp_profile.php
View file

@ -33,8 +33,15 @@ class acp_profile
global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix;
global $request, $phpbb_container, $phpbb_dispatcher;
include($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
if (!function_exists('generate_smilies'))
{
include($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
}
if (!function_exists('user_get_id_name'))
{
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
}
$user->add_lang(array('ucp', 'acp/profile'));
$this->tpl_name = 'acp_profile';

6
phpBB/includes/acp/acp_prune.php
View file

@ -28,7 +28,11 @@ class acp_prune
global $user, $phpEx, $phpbb_admin_path, $phpbb_root_path;
$user->add_lang('acp/prune');
include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
if (!function_exists('user_active_flip'))
{
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
}
switch ($mode)
{

5
phpBB/includes/acp/acp_send_statistics.php
View file

@ -27,7 +27,10 @@ class acp_send_statistics
{
global $config, $template, $phpbb_admin_path, $phpbb_root_path, $phpEx;
include($phpbb_root_path . 'includes/questionnaire/questionnaire.' . $phpEx);
if (!class_exists('phpbb_questionnaire_data_collector'))
{
include($phpbb_root_path . 'includes/questionnaire/questionnaire.' . $phpEx);
}
$collect_url = "https://www.phpbb.com/stats/receive_stats.php";

58
phpBB/includes/acp/acp_users.php
View file

@ -57,7 +57,10 @@ class acp_users
// Whois (special case)
if ($action == 'whois')
{
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
if (!function_exists('user_get_id_name'))
{
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
}
$this->page_title = 'WHOIS';
$this->tpl_name = 'simple_body';
@ -170,7 +173,10 @@ class acp_users
{
case 'overview':
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
if (!function_exists('user_get_id_name'))
{
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
}
$user->add_lang('acp/ban');
@ -354,7 +360,10 @@ class acp_users
if ($config['email_enable'])
{
include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
if (!class_exists('messenger'))
{
include($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
}
$server_url = generate_board_url();
@ -437,7 +446,10 @@ class acp_users
$phpbb_notifications = $phpbb_container->get('notification_manager');
$phpbb_notifications->delete_notifications('notification.type.admin_activate_user', $user_row['user_id']);
include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
if (!class_exists('messenger'))
{
include($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
}
$messenger = new messenger(false);
@ -1361,7 +1373,10 @@ class acp_users
case 'profile':
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
if (!function_exists('user_get_id_name'))
{
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
}
$cp = $phpbb_container->get('profilefields.manager');
@ -1520,7 +1535,10 @@ class acp_users
case 'prefs':
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
if (!function_exists('user_get_id_name'))
{
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
}
$data = array(
'dateformat' => utf8_normalize_nfc(request_var('dateformat', $user_row['user_dateformat'], true)),
@ -1790,8 +1808,6 @@ class acp_users
case 'avatar':
include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
$avatars_enabled = false;
if ($config['allow_avatar'])
@ -1946,8 +1962,15 @@ class acp_users
case 'sig':
include_once($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
include_once($phpbb_root_path . 'includes/functions_display.' . $phpEx);
if (!function_exists('generate_smilies'))
{
include($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
}
if (!function_exists('display_custom_bbcodes'))
{
include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
}
$enable_bbcode = ($config['allow_sig_bbcode']) ? (bool) $this->optionget($user_row, 'sig_bbcode') : false;
$enable_smilies = ($config['allow_sig_smilies']) ? (bool) $this->optionget($user_row, 'sig_smilies') : false;
@ -1958,7 +1981,10 @@ class acp_users
if ($submit || $preview)
{
include_once($phpbb_root_path . 'includes/message_parser.' . $phpEx);
if (!class_exists('messenger'))
{
include($phpbb_root_path . 'includes/message_parser.' . $phpEx);
}
$enable_bbcode = ($config['allow_sig_bbcode']) ? ((request_var('disable_bbcode', false)) ? false : true) : false;
$enable_smilies = ($config['allow_sig_smilies']) ? ((request_var('disable_smilies', false)) ? false : true) : false;
@ -2199,7 +2225,10 @@ class acp_users
case 'groups':
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
if (!function_exists('group_user_attributes'))
{
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
}
$user->add_lang(array('groups', 'acp/groups'));
$group_id = request_var('g', 0);
@ -2415,7 +2444,10 @@ class acp_users
case 'perm':
include_once($phpbb_root_path . 'includes/acp/auth.' . $phpEx);
if (!class_exists('auth_admin'))
{
include($phpbb_root_path . 'includes/acp/auth.' . $phpEx);
}
$auth_admin = new auth_admin();