some further fixes

- re-introduce grabbing random number from /dev/urandom


git-svn-id: file:///svn/phpbb/trunk@8241 89ea8834-ac86-4346-8a33-228a782c2dd0

phpBB/docs/CHANGELOG.html

@@ -100,9 +100,11 @@
 		<li>[Change] Do not assign converted votes to the first option in a vote.</li>
 		<li>[Fix] Use correct RFC 2822 date format in emails (Bug #15042)</li>
 		<li>[Fix] Require founder status for some actions on founder-only groups (Bug #15119)</li>
-		<li>[Fix] Allow changing the "now" option of date CPFs (Bug #15111)</li>
+		<li>[Fix] Allow changing the &quot;now&quot; option of date CPFs (Bug #15111)</li>
 		<li>[Change] Some improvements to the caching of avatars</li>
-
+		<li>[Change] Set template recompilation to be disabled by default. All mod and style authors and all those who want to modify their styles should enabled it after installation.</li>
+		<li>[Change] Disable debug mode. All mod and style authors should enable DEBUG and DEBUG_EXTRA.</li>
+		<li>[Fix] Check error reporting level for all error level. This fixes a problem for hosts having manipulated the error handler. (Bug #14831)</li>
 	</ul>
 
 	<a name="v30rc6"></a><h3>1.ii. Changes since 3.0.RC6</h3>

phpBB/includes/acp/acp_inactive.php

@@ -167,7 +167,7 @@ class acp_inactive
 					if ($row = $db->sql_fetchrow($result))
 					{
 						// Send the messages
-						include_once($phpbb_root_path . 'includes/functions_messenger.'.$phpEx);
+						include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
 
 						$messenger = new messenger();
 						$usernames = array();

phpBB/includes/functions.php

@@ -270,13 +270,24 @@ function phpbb_hash($password)
 	$random = '';
 	$count = 6;
 
-	for ($i = 0; $i < $count; $i += 16)
+	if (($fh = @fopen('/dev/urandom', 'rb')))
 	{
-		$random_state = md5(unique_id() . $random_state);
-		$random .= pack('H*', md5($random_state));
+		$random = fread($fh, $count);
+		fclose($fh);
 	}
-	$random = substr($random, 0, $count);
 
+	if (strlen($random) < $count)
+	{
+		$random = '';
+
+		for ($i = 0; $i < $count; $i += 16)
+		{
+			$random_state = md5(unique_id() . $random_state);
+			$random .= pack('H*', md5($random_state));
+		}
+		$random = substr($random, 0, $count);
+	}
+	
 	$hash = _hash_crypt_private($password, _hash_gensalt_private($random, $itoa64), $itoa64);
 
 	if (strlen($hash) == 34)
@@ -2867,6 +2878,12 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
 	global $cache, $db, $auth, $template, $config, $user;
 	global $phpEx, $phpbb_root_path, $msg_title, $msg_long_text;
 
+	// Do not display notices if we suppress them via @
+	if (error_reporting() == 0)
+	{
+		return;
+	}
+
 	// Message handler is stripping text. In case we need it, we are possible to define long text...
 	if (isset($msg_long_text) && $msg_long_text && !$msg_text)
 	{
@@ -2879,9 +2896,8 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
 		case E_WARNING:
 
 			// Check the error reporting level and return if the error level does not match
-			// Additionally do not display notices if we suppress them via @
 			// If DEBUG is defined the default level is E_ALL
-			if (($errno & ((defined('DEBUG') && error_reporting()) ? E_ALL : error_reporting())) == 0)
+			if (($errno & ((defined('DEBUG')) ? E_ALL : error_reporting())) == 0)
 			{
 				return;
 			}

phpBB/includes/functions_messenger.php

@@ -165,12 +165,7 @@ class messenger
 
 			if (!file_exists($tpl_file))
 			{
-				$tpl_file = "{$phpbb_root_path}language/$template_lang/email/$template_file.txt";
-
-				if (!file_exists($tpl_file))
-				{
-					trigger_error("Could not find email template file [ $tpl_file ]", E_USER_ERROR);
-				}
+				trigger_error("Could not find email template file [ $tpl_file ]", E_USER_ERROR);
 			}
 
 			if (($data = @file_get_contents($tpl_file)) === false)
@@ -607,7 +602,7 @@ class queue
 						continue 2;
 					}
 
-					include_once($phpbb_root_path . 'includes/functions_jabber.'.$phpEx);
+					include_once($phpbb_root_path . 'includes/functions_jabber.' . $phpEx);
 					$this->jabber = new jabber($config['jab_host'], $config['jab_port'], $config['jab_username'], $config['jab_password'], $config['jab_use_ssl']);
 
 					if (!$this->jabber->connect())

phpBB/includes/functions_posting.php

@@ -1227,7 +1227,7 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
 	// Now, we are able to really send out notifications
 	if (sizeof($msg_users))
 	{
-		include_once($phpbb_root_path . 'includes/functions_messenger.'.$phpEx);
+		include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
 		$messenger = new messenger();
 
 		$msg_list_ary = array();

phpBB/includes/ucp/ucp_pm_compose.php

@@ -732,7 +732,7 @@ function compose_pm($id, $mode, $action)
 		{
 			$message_link = '';
 		}
-		$message_parser->message = $message_link . '[quote="' . $quote_username . '"]' . censor_text(trim($message_parser->message)) . "[/quote]\n";
+		$message_parser->message = $message_link . '[quote="' . $quote_username . '"]' . censor_text(trim($message_parser->message)) . "[/quote]\n";
 	}
 
 	if (($action == 'reply' || $action == 'quote' || $action == 'quotepost') && !$preview && !$refresh)

phpBB/language/en/install.php

@@ -380,7 +380,7 @@ $lang = array_merge($lang, array(
 	'COLLECTING_FILE_DIFFS'			=> 'Collecting file differences',
 	'COMPLETE_LOGIN_TO_BOARD'		=> 'You should now <a href="../ucp.php?mode=login">login to your board</a> and check if everything is working fine. Do not forget to delete, rename or move your install directory!',
 	'CONTINUE_UPDATE_NOW'			=> 'Continue the update process now',
-	'CURRENT_FILE'					=> 'Current original file',
+	'CURRENT_FILE'					=> 'Begin of current original file',
 	'CURRENT_VERSION'				=> 'Current version',
 
 	'DATABASE_TYPE'						=> 'Database type',
@@ -390,7 +390,7 @@ $lang = array_merge($lang, array(
 	'DESTINATION'						=> 'Destination file',
 	'DIFF_INLINE'						=> 'Inline',
 	'DIFF_RAW'							=> 'Raw unified diff',
-	'DIFF_SEP_EXPLAIN'					=> 'End of current file / Begin of new updated file',
+	'DIFF_SEP_EXPLAIN'					=> 'End of current original file / Begin of new updated file',
 	'DIFF_SIDE_BY_SIDE'					=> 'Side by Side',
 	'DIFF_UNIFIED'						=> 'Unified diff',
 	'DO_NOT_UPDATE'						=> 'Do not update this file',
@@ -447,7 +447,7 @@ $lang = array_merge($lang, array(
 	'MERGING_FILES'				=> 'Merging differences',
 	'MERGING_FILES_EXPLAIN'		=> 'Currently collecting final file changes.<br /><br />Please wait until phpBB has completed all operations on changed files.',
 
-	'NEW_FILE'						=> 'New updated file',
+	'NEW_FILE'						=> 'End of new updated file',
 	'NEW_USERNAME'					=> 'New username',
 	'NO_AUTH_UPDATE'				=> 'Not authorised to update',
 	'NO_ERRORS'						=> 'No errors',

phpBB/posting.php

@@ -1131,7 +1131,7 @@ $message_parser->decode_message($post_data['bbcode_uid']);
 
 if ($mode == 'quote' && !$submit && !$preview && !$refresh)
 {
-	$message_parser->message = '[quote="' . $post_data['quote_username'] . '"]' . censor_text(trim($message_parser->message)) . "[/quote]\n";
+	$message_parser->message = '[quote="' . $post_data['quote_username'] . '"]' . censor_text(trim($message_parser->message)) . "[/quote]\n";
 }
 
 if (($mode == 'reply' || $mode == 'quote') && !$submit && !$preview && !$refresh)

phpBB/viewforum.php

@@ -14,7 +14,7 @@
 define('IN_PHPBB', true);
 $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);
-include($phpbb_root_path . 'common.'.$phpEx);
+include($phpbb_root_path . 'common.' . $phpEx);
 include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
 
 // Start session