makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-27 21:58:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

try to normalize everything...

Browse source 
git-svn-id: file:///svn/phpbb/trunk@7920 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen 2007-07-22 20:11:45 +00:00
parent fcb0c89962
commit ec1da5b1fd
31 changed files with 300 additions and 272 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
phpBB/includes/acp/acp_attachments.php
View file

@ -441,7 +441,7 @@ class acp_attachments
$ext_row = array();
}
$group_name = request_var('group_name', '', true);
$group_name = utf8_normalize_nfc(request_var('group_name', '', true));
$new_group_name = ($action == 'add') ? $group_name : (($ext_row['group_name'] != $group_name) ? $group_name : '');
if (!$group_name)
@ -618,7 +618,7 @@ class acp_attachments
if ($action == 'add')
{
$ext_group_row = array(
'group_name' => request_var('group_name', '', true),
'group_name' => utf8_normalize_nfc(request_var('group_name', '', true)),
'cat_id' => 0,
'allow_group' => 1,
'allow_in_pm' => 1,

6
phpBB/includes/acp/acp_ban.php
View file

@ -33,12 +33,12 @@ class acp_ban
if ($bansubmit)
{
// Grab the list of entries
$ban = request_var('ban', '', true);
$ban = utf8_normalize_nfc(request_var('ban', '', true));
$ban_len = request_var('banlength', 0);
$ban_len_other = request_var('banlengthother', '');
$ban_exclude = request_var('banexclude', 0);
$ban_reason = request_var('banreason', '', true);
$ban_give_reason = request_var('bangivereason', '', true);
$ban_reason = utf8_normalize_nfc(request_var('banreason', '', true));
$ban_give_reason = utf8_normalize_nfc(request_var('bangivereason', '', true));
if ($ban)
{

4
phpBB/includes/acp/acp_bbcodes.php
View file

@ -75,8 +75,8 @@ class acp_bbcodes
$display_on_posting = request_var('display_on_posting', 0);
$bbcode_match = request_var('bbcode_match', '');
$bbcode_tpl = htmlspecialchars_decode(request_var('bbcode_tpl', '', true));
$bbcode_helpline = request_var('bbcode_helpline', '', true);
$bbcode_tpl = htmlspecialchars_decode(utf8_normalize_nfc(request_var('bbcode_tpl', '', true)));
$bbcode_helpline = utf8_normalize_nfc(request_var('bbcode_helpline', '', true));
break;
}

2
phpBB/includes/acp/acp_bots.php
View file

@ -129,7 +129,7 @@ class acp_bots
include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
$bot_row = array(
'bot_name' => request_var('bot_name', '', true),
'bot_name' => utf8_normalize_nfc(request_var('bot_name', '', true)),
'bot_agent' => request_var('bot_agent', ''),
'bot_ip' => request_var('bot_ip', ''),
'bot_active' => request_var('bot_active', true),

2
phpBB/includes/acp/acp_disallow.php
View file

@ -33,7 +33,7 @@ class acp_disallow
if ($disallow)
{
$disallowed_user = str_replace('*', '%', request_var('disallowed_user', '', true));
$disallowed_user = str_replace('*', '%', utf8_normalize_nfc(request_var('disallowed_user', '', true)));
if (!$disallowed_user)
{

6
phpBB/includes/acp/acp_email.php
View file

@ -30,8 +30,8 @@ class acp_email
$usernames = request_var('usernames', '', true);
$group_id = request_var('g', 0);
$subject = request_var('subject', '', true);
$message = request_var('message', '', true);
$subject = utf8_normalize_nfc(request_var('subject', '', true));
$message = utf8_normalize_nfc(request_var('message', '', true));
// Do the job ...
if ($submit)
@ -178,7 +178,7 @@ class acp_email
if ($usernames)
{
$usernames = explode("\n", $usernames);
add_log('admin', 'LOG_MASS_EMAIL', implode(', ', $usernames));
add_log('admin', 'LOG_MASS_EMAIL', implode(', ', utf8_normalize_nfc($usernames)));
}
else
{

8
phpBB/includes/acp/acp_forums.php
View file

@ -103,14 +103,14 @@ class acp_forums
'type_action' => request_var('type_action', ''),
'forum_status' => request_var('forum_status', ITEM_UNLOCKED),
'forum_parents' => '',
'forum_name' => request_var('forum_name', '', true),
'forum_name' => utf8_normalize_nfc(request_var('forum_name', '', true)),
'forum_link' => request_var('forum_link', ''),
'forum_link_track' => request_var('forum_link_track', false),
'forum_desc' => request_var('forum_desc', '', true),
'forum_desc' => utf8_normalize_nfc(request_var('forum_desc', '', true)),
'forum_desc_uid' => '',
'forum_desc_options' => 7,
'forum_desc_bitfield' => '',
'forum_rules' => request_var('forum_rules', '', true),
'forum_rules' => utf8_normalize_nfc(request_var('forum_rules', '', true)),
'forum_rules_uid' => '',
'forum_rules_options' => 7,
'forum_rules_bitfield' => '',
@ -445,7 +445,7 @@ class acp_forums
'parent_id' => $this->parent_id,
'forum_type' => FORUM_POST,
'forum_status' => ITEM_UNLOCKED,
'forum_name' => request_var('forum_name', '', true),
'forum_name' => utf8_normalize_nfc(request_var('forum_name', '', true)),
'forum_link' => '',
'forum_link_track' => false,
'forum_desc' => '',

6
phpBB/includes/acp/acp_groups.php
View file

@ -258,8 +258,8 @@ class acp_groups
// Did we submit?
if ($update)
{
$group_name = request_var('group_name', '', true);
$group_desc = request_var('group_desc', '', true);
$group_name = utf8_normalize_nfc(request_var('group_name', '', true));
$group_desc = utf8_normalize_nfc(request_var('group_desc', '', true));
$group_type = request_var('group_type', GROUP_FREE);
$allow_desc_bbcode = request_var('desc_parse_bbcode', false);
@ -450,7 +450,7 @@ class acp_groups
}
else if (!$group_id)
{
$group_name = request_var('group_name', '', true);
$group_name = utf8_normalize_nfc(request_var('group_name', '', true));
$group_desc_data = array(
'text' => '',
'allow_bbcode' => true,

8
phpBB/includes/acp/acp_icons.php
View file

@ -276,16 +276,16 @@ class acp_icons
$image_width = (isset($_POST['width'])) ? request_var('width', array('' => 0)) : array();
$image_height = (isset($_POST['height'])) ? request_var('height', array('' => 0)) : array();
$image_add = (isset($_POST['add_img'])) ? request_var('add_img', array('' => 0)) : array();
$image_emotion = request_var('emotion', array('' => ''), true);
$image_code = request_var('code', array('' => ''), true);
$image_emotion = utf8_normalize_nfc(request_var('emotion', array('' => ''), true));
$image_code = utf8_normalize_nfc(request_var('code', array('' => ''), true));
$image_display_on_posting = (isset($_POST['display_on_posting'])) ? request_var('display_on_posting', array('' => 0)) : array();
// Ok, add the relevant bits if we are adding new codes to existing emoticons...
if (!empty($_POST['add_additional_code']))
{
$add_image = request_var('add_image', '');
$add_code = request_var('add_code', '', true);
$add_emotion = request_var('add_emotion', '', true);
$add_code = utf8_normalize_nfc(request_var('add_code', '', true));
$add_emotion = utf8_normalize_nfc(request_var('add_emotion', '', true));
if ($add_image && $add_emotion && $add_code)
{

4
phpBB/includes/acp/acp_language.php
View file

@ -146,8 +146,8 @@ class acp_language
$sql_ary = array(
'lang_english_name' => request_var('lang_english_name', $row['lang_english_name']),
'lang_local_name' => request_var('lang_local_name', $row['lang_local_name'], true),
'lang_author' => request_var('lang_author', $row['lang_author'], true),
'lang_local_name' => utf8_normalize_nfc(request_var('lang_local_name', $row['lang_local_name'], true)),
'lang_author' => utf8_normalize_nfc(request_var('lang_author', $row['lang_author'], true)),
);
$db->sql_query('UPDATE ' . LANG_TABLE . '

4
phpBB/includes/acp/acp_modules.php
View file

@ -232,7 +232,7 @@ class acp_modules
'module_enabled' => 0,
'module_display' => 1,
'parent_id' => 0,
'module_langname' => request_var('module_langname', '', true),
'module_langname' => utf8_normalize_nfc(request_var('module_langname', '', true)),
'module_mode' => '',
'module_auth' => '',
);
@ -245,7 +245,7 @@ class acp_modules
$module_data['module_display'] = request_var('module_display', (int) $module_row['module_display']);
$module_data['parent_id'] = request_var('module_parent_id', (int) $module_row['parent_id']);
$module_data['module_class'] = $this->module_class;
$module_data['module_langname'] = request_var('module_langname', (string) $module_row['module_langname'], true);
$module_data['module_langname'] = utf8_normalize_nfc(request_var('module_langname', (string) $module_row['module_langname'], true));
$module_data['module_mode'] = request_var('module_mode', (string) $module_row['module_mode']);
$submit = (isset($_POST['submit'])) ? true : false;

8
phpBB/includes/acp/acp_permission_roles.php
View file

@ -134,8 +134,8 @@ class acp_permission_roles
case 'add':
$role_name = request_var('role_name', '', true);
$role_description = request_var('role_description', '', true);
$role_name = utf8_normalize_nfc(request_var('role_name', '', true));
$role_description = utf8_normalize_nfc(request_var('role_description', '', true));
$auth_settings = request_var('setting', array('' => 0));
if (!$role_name)
@ -214,8 +214,8 @@ class acp_permission_roles
$options_from = request_var('options_from', 0);
$role_row = array(
'role_name' => request_var('role_name', '', true),
'role_description' => request_var('role_description', '', true),
'role_name' => utf8_normalize_nfc(request_var('role_name', '', true)),
'role_description' => utf8_normalize_nfc(request_var('role_description', '', true)),
'role_type' => $permission_type,
);

42
phpBB/includes/acp/acp_profile.php
View file

@ -354,7 +354,7 @@ class acp_profile
'field_hide' => 0,
'field_no_view' => 0,
'field_show_on_reg' => 0,
'lang_name' => request_var('field_ident', '', true),
'lang_name' => utf8_normalize_nfc(request_var('field_ident', '', true)),
'lang_explain' => '',
'lang_default_value'=> '')
);
@ -382,9 +382,9 @@ class acp_profile
}
$cp->vars['field_ident'] = ($action == 'create' && $step == 1) ? utf8_clean_string(request_var('field_ident', $field_row['field_ident'], true)) : request_var('field_ident', $field_row['field_ident']);
$cp->vars['lang_name'] = request_var('lang_name', $field_row['lang_name'], true);
$cp->vars['lang_explain'] = request_var('lang_explain', $field_row['lang_explain'], true);
$cp->vars['lang_default_value'] = request_var('lang_default_value', $field_row['lang_default_value'], true);
$cp->vars['lang_name'] = utf8_normalize_nfc(request_var('lang_name', $field_row['lang_name'], true));
$cp->vars['lang_explain'] = utf8_normalize_nfc(request_var('lang_explain', $field_row['lang_explain'], true));
$cp->vars['lang_default_value'] = utf8_normalize_nfc(request_var('lang_default_value', $field_row['lang_default_value'], true));
// Field option...
if (isset($_REQUEST['field_option']))
@ -409,11 +409,11 @@ class acp_profile
// A boolean field expects an array as the lang options
if ($field_type == FIELD_BOOL)
{
$options = request_var('lang_options', array(''), true);
$options = utf8_normalize_nfc(request_var('lang_options', array(''), true));
}
else
{
$options = request_var('lang_options', '', true);
$options = utf8_normalize_nfc(request_var('lang_options', '', true));
}
// If the user has submitted a form with options (i.e. dropdown field)
@ -441,13 +441,13 @@ class acp_profile
// step 2
foreach ($exclude[2] as $key)
{
$var = request_var($key, $field_row[$key], true);
$var = utf8_normalize_nfc(request_var($key, $field_row[$key], true));
// Manipulate the intended variables a little bit if needed
if ($field_type == FIELD_DROPDOWN && $key == 'field_maxlen')
{
// Get the number of options if this key is 'field_maxlen'
$var = sizeof(explode("\n", request_var('lang_options', '', true)));
$var = sizeof(explode("\n", utf8_normalize_nfc(request_var('lang_options', '', true))));
}
else if ($field_type == FIELD_TEXT && $key == 'field_length')
{
@ -534,7 +534,7 @@ class acp_profile
foreach ($exclude[3] as $key)
{
$cp->vars[$key] = request_var($key, array(0 => ''), true);
$cp->vars[$key] = utf8_normalize_nfc(request_var($key, array(0 => ''), true));
if (!$cp->vars[$key] && $action == 'edit')
{
@ -542,7 +542,7 @@ class acp_profile
}
else if ($key == 'l_lang_options' && $field_type == FIELD_BOOL)
{
$cp->vars[$key] = request_var($key, array(0 => array('')), true);
$cp->vars[$key] = utf8_normalize_nfc(request_var($key, array(0 => array('')), true));
}
else if ($key == 'l_lang_options' && is_array($cp->vars[$key]))
{
@ -631,10 +631,10 @@ class acp_profile
$cp->vars['columns'] = request_var('columns', 0);
$_new_key_ary[$key] = $cp->vars['rows'] . '|' . $cp->vars['columns'];
}
if ($field_type == FIELD_BOOL && $key == 'l_lang_options' && isset($_REQUEST['l_lang_options']))
{
$_new_key_ary[$key] = request_var($key, array(array('')), true);
$_new_key_ary[$key] = utf8_normalize_nfc(request_var($key, array(array('')), true));
}
else
{
@ -644,7 +644,7 @@ class acp_profile
}
else
{
$_new_key_ary[$key] = (is_array($_REQUEST[$key])) ? request_var($key, array(''), true) : request_var($key, '', true);
$_new_key_ary[$key] = (is_array($_REQUEST[$key])) ? utf8_normalize_nfc(request_var($key, array(''), true)) : utf8_normalize_nfc(request_var($key, '', true));
}
}
}
@ -915,7 +915,7 @@ class acp_profile
$lang_options[$lang_id]['lang_iso'] = $lang_iso;
foreach ($options as $field => $field_type)
{
$value = ($action == 'create') ? request_var('l_' . $field, array(0 => ''), true) : $cp->vars['l_' . $field];
$value = ($action == 'create') ? utf8_normalize_nfc(request_var('l_' . $field, array(0 => ''), true)) : $cp->vars['l_' . $field];
if ($field == 'lang_options')
{
@ -1087,17 +1087,23 @@ class acp_profile
}
// These are always arrays because the key is the language id...
$cp->vars['l_lang_name'] = request_var('l_lang_name', array(0 => ''), true);
$cp->vars['l_lang_explain'] = request_var('l_lang_explain', array(0 => ''), true);
$cp->vars['l_lang_default_value'] = request_var('l_lang_default_value', array(0 => ''), true);
$cp->vars['l_lang_name'] = utf8_normalize_nfc(request_var('l_lang_name', array(0 => ''), true));
$cp->vars['l_lang_explain'] = utf8_normalize_nfc(request_var('l_lang_explain', array(0 => ''), true));
$cp->vars['l_lang_default_value'] = utf8_normalize_nfc(request_var('l_lang_default_value', array(0 => ''), true));
if ($field_type != FIELD_BOOL)
{
$cp->vars['l_lang_options'] = request_var('l_lang_options', array(0 => ''), true);
$cp->vars['l_lang_options'] = utf8_normalize_nfc(request_var('l_lang_options', array(0 => ''), true));
}
else
{
/**
* @todo check if this line is correct...
$cp->vars['l_lang_default_value'] = request_var('l_lang_default_value', array(0 => array('')), true);
*/
$cp->vars['l_lang_options'] = utf8_normalize_nfc(request_var('l_lang_options', array(0 => array('')), true));
}
if ($cp->vars['lang_options'])
{
if (!is_array($cp->vars['lang_options']))

2
phpBB/includes/acp/acp_ranks.php
View file

@ -35,7 +35,7 @@ class acp_ranks
{
case 'save':
$rank_title = request_var('title', '', true);
$rank_title = utf8_normalize_nfc(request_var('title', '', true));
$special_rank = request_var('special_rank', 0);
$min_posts = ($special_rank) ? 0 : request_var('min_posts', 0);
$rank_image = request_var('rank_image', '');

4
phpBB/includes/acp/acp_reasons.php
View file

@ -38,8 +38,8 @@ class acp_reasons
case 'edit':
$reason_row = array(
'reason_title' => request_var('reason_title', '', true),
'reason_description' => request_var('reason_description', '', true)
'reason_title' => utf8_normalize_nfc(request_var('reason_title', '', true)),
'reason_description' => utf8_normalize_nfc(request_var('reason_description', '', true)),
);
if ($submit)

12
phpBB/includes/acp/acp_styles.php
View file

@ -670,7 +670,7 @@ parse_css_file = {PARSE_CSS_FILE}
$_POST['template_data'] = (isset($_POST['template_data']) && !empty($_POST['template_data'])) ? str_replace(array("\r\n", "\r"), array("\n", "\n"), $_POST['template_data']) : '';
$template_data = (STRIP) ? stripslashes($_POST['template_data']) : $_POST['template_data'];
$template_file = request_var('template_file', '', true);
$template_file = utf8_normalize_nfc(request_var('template_file', '', true));
$text_rows = max(5, min(999, request_var('text_rows', 20)));
$save_changes = (isset($_POST['save'])) ? true : false;
@ -1025,7 +1025,7 @@ parse_css_file = {PARSE_CSS_FILE}
$_POST['template_data'] = (isset($_POST['template_data']) && !empty($_POST['template_data'])) ? str_replace(array("\r\n", "\r"), array("\n", "\n"), $_POST['template_data']) : '';
$theme_data = (STRIP) ? stripslashes($_POST['template_data']) : $_POST['template_data'];
$theme_file = request_var('template_file', '', true);
$theme_file = utf8_normalize_nfc(request_var('template_file', '', true));
$text_rows = max(5, min(999, request_var('text_rows', 20)));
$save_changes = (isset($_POST['save'])) ? true : false;
@ -2016,8 +2016,8 @@ parse_css_file = {PARSE_CSS_FILE}
if ($update)
{
$name = request_var('name', '', true);
$copyright = request_var('copyright', '', true);
$name = utf8_normalize_nfc(request_var('name', '', true));
$copyright = utf8_normalize_nfc(request_var('copyright', '', true));
$template_id = request_var('template_id', 0);
$theme_id = request_var('theme_id', 0);
@ -2652,8 +2652,8 @@ parse_css_file = {PARSE_CSS_FILE}
$error = array();
$style_row = array(
$mode . '_name' => request_var('name', '', true),
$mode . '_copyright' => request_var('copyright', '', true),
$mode . '_name' => utf8_normalize_nfc(request_var('name', '', true)),
$mode . '_copyright' => utf8_normalize_nfc(request_var('copyright', '', true)),
'template_id' => 0,
'theme_id' => 0,
'imageset_id' => 0,

27
phpBB/includes/acp/acp_users.php
View file

@ -30,11 +30,8 @@ class acp_users
$this->tpl_name = 'acp_users';
$this->page_title = 'ACP_USER_' . strtoupper($mode);
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
include($phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx);
$error = array();
$username = request_var('username', '', true);
$username = utf8_normalize_nfc(request_var('username', '', true));
$user_id = request_var('u', 0);
$action = request_var('action', '');
@ -43,6 +40,8 @@ class acp_users
// Whois (special case)
if ($action == 'whois')
{
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
$this->page_title = 'WHOIS';
$this->tpl_name = 'simple_body';
@ -148,6 +147,8 @@ class acp_users
{
case 'overview':
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
$user->add_lang('acp/ban');
$delete = request_var('delete', 0);
@ -248,8 +249,8 @@ class acp_users
break;
}
$ban_reason = request_var('ban_reason', $user->lang[$reason], true);
$ban_give_reason = request_var('ban_give_reason', '', true);
$ban_reason = utf8_normalize_nfc(request_var('ban_reason', $user->lang[$reason], true));
$ban_give_reason = utf8_normalize_nfc(request_var('ban_give_reason', '', true));
// Log not used at the moment, we simply utilize the ban function.
$result = user_ban(substr($action, 3), $ban, 0, 0, 0, $ban_reason, $ban_give_reason);
@ -598,7 +599,7 @@ class acp_users
// Handle registration info updates
$data = array(
'username' => request_var('user', $user_row['username'], true),
'username' => utf8_normalize_nfc(request_var('user', $user_row['username'], true)),
'user_founder' => request_var('user_founder', ($user_row['user_type'] == USER_FOUNDER) ? 1 : 0),
'email' => strtolower(request_var('user_email', $user_row['user_email'])),
'email_confirm' => strtolower(request_var('email_confirm', '')),
@ -867,7 +868,7 @@ class acp_users
$deletemark = (isset($_POST['delmarked'])) ? true : false;
$deleteall = (isset($_POST['delall'])) ? true : false;
$marked = request_var('mark', array(0));
$message = request_var('message', '', true);
$message = utf8_normalize_nfc(request_var('message', '', true));
// Sort keys
$sort_days = request_var('st', 0);
@ -952,6 +953,9 @@ class acp_users
case 'profile':
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
include($phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx);
$cp = new custom_profile();
$cp_data = $cp_error = array();
@ -1147,8 +1151,10 @@ class acp_users
case 'prefs':
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
$data = array(
'dateformat' => request_var('dateformat', $user_row['user_dateformat'], true),
'dateformat' => utf8_normalize_nfc(request_var('dateformat', $user_row['user_dateformat'], true)),
'lang' => basename(request_var('lang', $user_row['user_lang'])),
'tz' => request_var('tz', (float) $user_row['user_timezone']),
'style' => request_var('style', $user_row['user_style']),
@ -1352,6 +1358,7 @@ class acp_users
case 'avatar':
include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
$can_upload = (file_exists($phpbb_root_path . $config['avatar_path']) && @is_writable($phpbb_root_path . $config['avatar_path']) && $file_uploads) ? true : false;
@ -1652,6 +1659,8 @@ class acp_users
case 'groups':
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
$user->add_lang(array('groups', 'acp/groups'));
$group_id = request_var('g', 0);

10
phpBB/includes/mcp/mcp_ban.php
View file

@ -38,11 +38,17 @@ class mcp_ban
// Grab the list of entries
$ban = request_var('ban', '', ($mode === 'user') ? true : false);
if ($mode === 'user')
{
$ban = utf8_normalize_nfc($ban);
}
$ban_len = request_var('banlength', 0);
$ban_len_other = request_var('banlengthother', '');
$ban_exclude = request_var('banexclude', 0);
$ban_reason = request_var('banreason', '', true);
$ban_give_reason = request_var('bangivereason', '', true);
$ban_reason = utf8_normalize_nfc(request_var('banreason', '', true));
$ban_give_reason = utf8_normalize_nfc(request_var('bangivereason', '', true));
if ($ban)

2
phpBB/includes/mcp/mcp_notes.php
View file

@ -103,7 +103,7 @@ class mcp_notes
$deletemark = ($action == 'del_marked') ? true : false;
$deleteall = ($action == 'del_all') ? true : false;
$marked = request_var('marknote', array(0));
$usernote = request_var('usernote', '', true);
$usernote = utf8_normalize_nfc(request_var('usernote', '', true));
// Handle any actions
if (($deletemark || $deleteall) && $auth->acl_get('a_clearlogs'))

2
phpBB/includes/mcp/mcp_queue.php
View file

@ -734,7 +734,7 @@ function disapprove_post($post_id_list, $id, $mode)
}
$redirect = request_var('redirect', build_url(array('t', 'mode', '_f_', 'quickmod')) . '&mode=unapproved_topics');
$reason = request_var('reason', '', true);
$reason = utf8_normalize_nfc(request_var('reason', '', true));
$reason_id = request_var('reason_id', 0);
$success_msg = $additional_msg = '';

4
phpBB/includes/mcp/mcp_warn.php
View file

@ -191,7 +191,7 @@ class mcp_warn
$post_id = request_var('p', 0);
$forum_id = request_var('f', 0);
$notify = (isset($_REQUEST['notify_user'])) ? true : false;
$warning = request_var('warning', '', true);
$warning = utf8_normalize_nfc(request_var('warning', '', true));
$sql = 'SELECT u.*, p.*
FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . " u
@ -306,7 +306,7 @@ class mcp_warn
$user_id = request_var('u', 0);
$username = request_var('username', '', true);
$notify = (isset($_REQUEST['notify_user'])) ? true : false;
$warning = request_var('warning', '', true);
$warning = utf8_normalize_nfc(request_var('warning', '', true));
$sql_where = ($user_id) ? "user_id = $user_id" : "username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";

8
phpBB/includes/ucp/ucp_groups.php
View file

@ -454,8 +454,8 @@ class ucp_groups
// Did we submit?
if ($update)
{
$group_name = request_var('group_name', '', true);
$group_desc = request_var('group_desc', '', true);
$group_name = utf8_normalize_nfc(request_var('group_name', '', true));
$group_desc = utf8_normalize_nfc(request_var('group_desc', '', true));
$group_type = request_var('group_type', GROUP_FREE);
$allow_desc_bbcode = request_var('desc_parse_bbcode', false);
@ -591,7 +591,7 @@ class ucp_groups
}
else if (!$group_id)
{
$group_name = request_var('group_name', '', true);
$group_name = utf8_normalize_nfc(request_var('group_name', '', true));
$group_desc_data = array(
'text' => '',
'allow_bbcode' => true,
@ -951,7 +951,7 @@ class ucp_groups
$user->add_lang(array('acp/groups', 'acp/common'));
$names = request_var('usernames', '', true);
$names = utf8_normalize_nfc(request_var('usernames', '', true));
if (!$group_id)
{

4
phpBB/includes/ucp/ucp_pm_options.php
View file

@ -60,7 +60,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit
// Add Folder
if (isset($_POST['addfolder']))
{
$folder_name = request_var('foldername', '', true);
$folder_name = utf8_normalize_nfc(request_var('foldername', '', true));
if ($folder_name)
{
@ -104,7 +104,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit
// Rename folder
if (isset($_POST['rename_folder']))
{
$new_folder_name = request_var('new_folder_name', '', true);
$new_folder_name = utf8_normalize_nfc(request_var('new_folder_name', '', true));
$rename_folder_id= request_var('rename_folder_id', 0);
if (!$new_folder_name)

2
phpBB/includes/ucp/ucp_register.php
View file

@ -79,7 +79,7 @@ class ucp_register
{
// We do not include the password!
$s_hidden_fields = array_merge($s_hidden_fields, array(
'username' => request_var('username', '', true),
'username' => utf8_normalize_nfc(request_var('username', '', true)),
'email' => strtolower(request_var('email', '')),
'email_confirm' => strtolower(request_var('email_confirm', '')),
'confirm_code' => request_var('confirm_code', ''),

12
phpBB/includes/utf/utf_tools.php
View file

@ -1787,7 +1787,17 @@ function utf8_normalize_nfc($strings)
{
foreach ($strings as $key => $string)
{
utf_normalizer::nfc($strings[$key]);
if (is_array($string))
{
foreach ($string as $_key => $_string)
{
utf_normalizer::nfc($strings[$key][$_key]);
}
}
else
{
utf_normalizer::nfc($strings[$key]);
}
}
}

360
phpBB/install/install_install.php
View file

@ -540,10 +540,7 @@ class install_install extends module
$this->page_title = $lang['STAGE_DATABASE'];
// Obtain any submitted data
foreach ($this->request_vars as $var)
{
$$var = (in_array($var, array('admin_name', 'dbpasswd', 'admin_pass1', 'admin_pass2'))) ? request_var($var, '', true) : request_var($var, '');
}
$data = $this->get_submitted_data();
$connect_test = false;
$error = array();
@ -552,15 +549,14 @@ class install_install extends module
// Has the user opted to test the connection?
if (isset($_POST['testdb']))
{
if (!isset($available_dbms[$dbms]) || !$available_dbms[$dbms]['AVAILABLE'])
if (!isset($available_dbms[$data['dbms']]) || !$available_dbms[$data['dbms']]['AVAILABLE'])
{
$error['db'][] = $lang['INST_ERR_NO_DB'];
$connect_test = false;
}
else
{
$dbpasswd = htmlspecialchars_decode($dbpasswd);
$connect_test = connect_check_db(true, $error, $available_dbms[$dbms], $table_prefix, $dbhost, $dbuser, $dbpasswd, $dbname, $dbport);
$connect_test = connect_check_db(true, $error, $available_dbms[$data['dbms']], $data['table_prefix'], $data['dbhost'], $data['dbuser'], $data['dbpasswd'], $data['dbname'], $data['dbport']);
}
$template->assign_block_vars('checks', array(
@ -608,7 +604,7 @@ class install_install extends module
$available_dbms = &$available_dbms_temp;
// And now for the main part of this page
$table_prefix = (!empty($table_prefix) ? $table_prefix : 'phpbb_');
$data['table_prefix'] = (!empty($data['table_prefix']) ? $data['table_prefix'] : 'phpbb_');
foreach ($this->db_config_options as $config_key => $vars)
{
@ -635,15 +631,15 @@ class install_install extends module
'S_EXPLAIN' => $vars['explain'],
'S_LEGEND' => false,
'TITLE_EXPLAIN' => ($vars['explain']) ? $lang[$vars['lang'] . '_EXPLAIN'] : '',
'CONTENT' => $this->p_master->input_field($config_key, $vars['type'], $$config_key, $options),
'CONTENT' => $this->p_master->input_field($config_key, $vars['type'], $data[$config_key], $options),
)
);
}
}
// And finally where do we want to go next (well today is taken isn't it :P)
$s_hidden_fields = ($img_imagick) ? '<input type="hidden" name="img_imagick" value="' . addslashes($img_imagick) . '" />' : '';
$s_hidden_fields .= '<input type="hidden" name="language" value="' . $language . '" />';
$s_hidden_fields = ($data['img_imagick']) ? '<input type="hidden" name="img_imagick" value="' . addslashes($data['img_imagick']) . '" />' : '';
$s_hidden_fields .= '<input type="hidden" name="language" value="' . $data['language'] . '" />';
if ($connect_test)
{
foreach ($this->db_config_options as $config_key => $vars)
@ -652,7 +648,7 @@ class install_install extends module
{
continue;
}
$s_hidden_fields .= '<input type="hidden" name="' . $config_key . '" value="' . $$config_key . '" />';
$s_hidden_fields .= '<input type="hidden" name="' . $config_key . '" value="' . $data[$config_key] . '" />';
}
}
@ -678,69 +674,63 @@ class install_install extends module
$this->page_title = $lang['STAGE_ADMINISTRATOR'];
// Obtain any submitted data
foreach ($this->request_vars as $var)
{
$$var = (in_array($var, array('admin_name', 'dbpasswd', 'admin_pass1', 'admin_pass2'))) ? request_var($var, '', true) : request_var($var, '');
}
$data = $this->get_submitted_data();
if ($dbms == '')
if ($data['dbms'] == '')
{
// Someone's been silly and tried calling this page direct
// So we send them back to the start to do it again properly
$this->p_master->redirect("index.$phpEx?mode=install");
}
$s_hidden_fields = ($img_imagick) ? '<input type="hidden" name="img_imagick" value="' . addslashes($img_imagick) . '" />' : '';
$s_hidden_fields = ($data['img_imagick']) ? '<input type="hidden" name="img_imagick" value="' . addslashes($data['img_imagick']) . '" />' : '';
$passed = false;
$default_lang = ($default_lang !== '') ? $default_lang : $language;
$board_email1 = strtolower($board_email1);
$board_email2 = strtolower($board_email2);
$data['default_lang'] = ($data['default_lang'] !== '') ? $data['default_lang'] : $data['language'];
if (isset($_POST['check']))
{
$error = array();
// Check the entered email address and password
if ($admin_name == '' || $admin_pass1 == '' || $admin_pass2 == '' || $board_email1 == '' || $board_email2 == '')
if ($data['admin_name'] == '' || $data['admin_pass1'] == '' || $data['admin_pass2'] == '' || $data['board_email1'] == '' || $data['board_email2'] == '')
{
$error[] = $lang['INST_ERR_MISSING_DATA'];
}
if ($admin_pass1 != $admin_pass2 && $admin_pass1 != '')
if ($data['admin_pass1'] != $data['admin_pass2'] && $data['admin_pass1'] != '')
{
$error[] = $lang['INST_ERR_PASSWORD_MISMATCH'];
}
// Test against the default username rules
if ($admin_name != '' && utf8_strlen($admin_name) < 3)
if ($data['admin_name'] != '' && utf8_strlen($data['admin_name']) < 3)
{
$error[] = $lang['INST_ERR_USER_TOO_SHORT'];
}
if ($admin_name != '' && utf8_strlen($admin_name) > 20)
if ($data['admin_name'] != '' && utf8_strlen($data['admin_name']) > 20)
{
$error[] = $lang['INST_ERR_USER_TOO_LONG'];
}
// Test against the default password rules
if ($admin_pass1 != '' && utf8_strlen($admin_pass1) < 6)
if ($data['admin_pass1'] != '' && utf8_strlen($data['admin_pass1']) < 6)
{
$error[] = $lang['INST_ERR_PASSWORD_TOO_SHORT'];
}
if ($admin_pass1 != '' && utf8_strlen($admin_pass1) > 30)
if ($data['admin_pass1'] != '' && utf8_strlen($data['admin_pass1']) > 30)
{
$error[] = $lang['INST_ERR_PASSWORD_TOO_LONG'];
}
if ($board_email1 != $board_email2 && $board_email1 != '')
if ($data['board_email1'] != $data['board_email2'] && $data['board_email1'] != '')
{
$error[] = $lang['INST_ERR_EMAIL_MISMATCH'];
}
if ($board_email1 != '' && !preg_match('/^' . get_preg_expression('email') . '$/i', $board_email1))
if ($data['board_email1'] != '' && !preg_match('/^' . get_preg_expression('email') . '$/i', $data['board_email1']))
{
$error[] = $lang['INST_ERR_EMAIL_INVALID'];
}
@ -801,7 +791,7 @@ class install_install extends module
'S_EXPLAIN' => $vars['explain'],
'S_LEGEND' => false,
'TITLE_EXPLAIN' => ($vars['explain']) ? $lang[$vars['lang'] . '_EXPLAIN'] : '',
'CONTENT' => $this->p_master->input_field($config_key, $vars['type'], $$config_key, $options),
'CONTENT' => $this->p_master->input_field($config_key, $vars['type'], $data[$config_key], $options),
)
);
}
@ -814,12 +804,12 @@ class install_install extends module
{
continue;
}
$s_hidden_fields .= '<input type="hidden" name="' . $config_key . '" value="' . $$config_key . '" />';
$s_hidden_fields .= '<input type="hidden" name="' . $config_key . '" value="' . $data[$config_key] . '" />';
}
}
$s_hidden_fields .= ($img_imagick) ? '<input type="hidden" name="img_imagick" value="' . addslashes($img_imagick) . '" />' : '';
$s_hidden_fields .= '<input type="hidden" name="language" value="' . $language . '" />';
$s_hidden_fields .= ($data['img_imagick']) ? '<input type="hidden" name="img_imagick" value="' . addslashes($data['img_imagick']) . '" />' : '';
$s_hidden_fields .= '<input type="hidden" name="language" value="' . $data['language'] . '" />';
foreach ($this->db_config_options as $config_key => $vars)
{
@ -827,7 +817,7 @@ class install_install extends module
{
continue;
}
$s_hidden_fields .= '<input type="hidden" name="' . $config_key . '" value="' . $$config_key . '" />';
$s_hidden_fields .= '<input type="hidden" name="' . $config_key . '" value="' . $data[$config_key] . '" />';
}
$submit = $lang['NEXT_STEP'];
@ -852,26 +842,23 @@ class install_install extends module
$this->page_title = $lang['STAGE_CONFIG_FILE'];
// Obtain any submitted data
foreach ($this->request_vars as $var)
{
$$var = (in_array($var, array('admin_name', 'dbpasswd', 'admin_pass1', 'admin_pass2'))) ? request_var($var, '', true) : request_var($var, '');
}
$data = $this->get_submitted_data();
if ($dbms == '')
if ($data['dbms'] == '')
{
// Someone's been silly and tried calling this page direct
// So we send them back to the start to do it again properly
$this->p_master->redirect("index.$phpEx?mode=install");
}
$s_hidden_fields = ($img_imagick) ? '<input type="hidden" name="img_imagick" value="' . addslashes($img_imagick) . '" />' : '';
$s_hidden_fields .= '<input type="hidden" name="language" value="' . $language . '" />';
$s_hidden_fields = ($data['img_imagick']) ? '<input type="hidden" name="img_imagick" value="' . addslashes($data['img_imagick']) . '" />' : '';
$s_hidden_fields .= '<input type="hidden" name="language" value="' . $data['language'] . '" />';
$written = false;
// Create a list of any PHP modules we wish to have loaded
$load_extensions = array();
$available_dbms = get_available_dbms($dbms);
$check_exts = array_merge(array($available_dbms[$dbms]['MODULE']), $this->php_dlls_other);
$available_dbms = get_available_dbms($data['dbms']);
$check_exts = array_merge(array($available_dbms[$data['dbms']]['MODULE']), $this->php_dlls_other);
foreach ($check_exts as $dll)
{
@ -897,19 +884,18 @@ class install_install extends module
@chmod($phpbb_root_path . 'cache/install_lock', 0666);
$dbpasswd = htmlspecialchars_decode($dbpasswd);
$load_extensions = implode(',', $load_extensions);
// Time to convert the data provided into a config file
$config_data = "<?php\n";
$config_data .= "// phpBB 3.0.x auto-generated configuration file\n// Do not change anything in this file!\n";
$config_data .= "\$dbms = '" . $available_dbms[$dbms]['DRIVER'] . "';\n";
$config_data .= "\$dbhost = '$dbhost';\n";
$config_data .= "\$dbport = '$dbport';\n";
$config_data .= "\$dbname = '$dbname';\n";
$config_data .= "\$dbuser = '$dbuser';\n";
$config_data .= "\$dbpasswd = '$dbpasswd';\n\n";
$config_data .= "\$table_prefix = '$table_prefix';\n";
$config_data .= "\$dbms = '" . $available_dbms[$data['dbms']]['DRIVER'] . "';\n";
$config_data .= "\$dbhost = '{$data['dbhost']}';\n";
$config_data .= "\$dbport = '{$data['dbport']}';\n";
$config_data .= "\$dbname = '{$data['dbname']}';\n";
$config_data .= "\$dbuser = '{$data['dbuser']}';\n";
$config_data .= "\$dbpasswd = '{$data['dbpasswd']}';\n\n";
$config_data .= "\$table_prefix = '{$data['table_prefix']}';\n";
// $config_data .= "\$acm_type = '" . (($acm_type) ? $acm_type : 'file') . "';\n";
$config_data .= "\$acm_type = 'file';\n";
$config_data .= "\$load_extensions = '$load_extensions';\n\n";
@ -964,7 +950,7 @@ class install_install extends module
{
continue;
}
$s_hidden_fields .= '<input type="hidden" name="' . $config_key . '" value="' . $$config_key . '" />';
$s_hidden_fields .= '<input type="hidden" name="' . $config_key . '" value="' . $data[$config_key] . '" />';
}
if (!$written)
@ -1016,28 +1002,25 @@ class install_install extends module
$this->page_title = $lang['STAGE_ADVANCED'];
// Obtain any submitted data
foreach ($this->request_vars as $var)
{
$$var = (in_array($var, array('admin_name', 'dbpasswd', 'admin_pass1', 'admin_pass2'))) ? request_var($var, '', true) : request_var($var, '');
}
$data = $this->get_submitted_data();
if ($dbms == '')
if ($data['dbms'] == '')
{
// Someone's been silly and tried calling this page direct
// So we send them back to the start to do it again properly
$this->p_master->redirect("index.$phpEx?mode=install");
}
$s_hidden_fields = ($img_imagick) ? '<input type="hidden" name="img_imagick" value="' . addslashes($img_imagick) . '" />' : '';
$s_hidden_fields .= '<input type="hidden" name="language" value="' . $language . '" />';
$s_hidden_fields = ($data['img_imagick']) ? '<input type="hidden" name="img_imagick" value="' . addslashes($data['img_imagick']) . '" />' : '';
$s_hidden_fields .= '<input type="hidden" name="language" value="' . $data['language'] . '" />';
$email_enable = ($email_enable !== '') ? $email_enable : true;
$server_name = ($server_name !== '') ? $server_name : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
$server_port = ($server_port !== '') ? $server_port : ((!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT'));
$server_protocol = ($server_protocol !== '') ? $server_protocol : ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 'https://' : 'http://');
$cookie_secure = ($cookie_secure !== '') ? $cookie_secure : ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? true : false);
$data['email_enable'] = ($data['email_enable'] !== '') ? $data['email_enable'] : true;
$data['server_name'] = ($data['server_name'] !== '') ? $data['server_name'] : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
$data['server_port'] = ($data['server_port'] !== '') ? $data['server_port'] : ((!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT'));
$data['server_protocol'] = ($data['server_protocol'] !== '') ? $data['server_protocol'] : ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 'https://' : 'http://');
$data['cookie_secure'] = ($data['cookie_secure'] !== '') ? $data['cookie_secure'] : ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? true : false);
if ($script_path === '')
if ($data['script_path'] === '')
{
$name = (!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : getenv('PHP_SELF');
if (!$name)
@ -1047,7 +1030,7 @@ class install_install extends module
// Replace backslashes and doubled slashes (could happen on some proxy setups)
$name = str_replace(array('\\', '//', '/install'), '/', $name);
$script_path = trim(dirname($name));
$data['script_path'] = trim(dirname($name));
}
foreach ($this->advanced_config_options as $config_key => $vars)
@ -1075,7 +1058,7 @@ class install_install extends module
'S_EXPLAIN' => $vars['explain'],
'S_LEGEND' => false,
'TITLE_EXPLAIN' => ($vars['explain']) ? $lang[$vars['lang'] . '_EXPLAIN'] : '',
'CONTENT' => $this->p_master->input_field($config_key, $vars['type'], $$config_key, $options),
'CONTENT' => $this->p_master->input_field($config_key, $vars['type'], $data[$config_key], $options),
)
);
}
@ -1087,7 +1070,7 @@ class install_install extends module
{
continue;
}
$s_hidden_fields .= '<input type="hidden" name="' . $config_key . '" value="' . $$config_key . '" />';
$s_hidden_fields .= '<input type="hidden" name="' . $config_key . '" value="' . $data[$config_key] . '" />';
}
$submit = $lang['NEXT_STEP'];
@ -1113,19 +1096,16 @@ class install_install extends module
$s_hidden_fields = '';
// Obtain any submitted data
foreach ($this->request_vars as $var)
{
$$var = (in_array($var, array('admin_name', 'dbpasswd', 'admin_pass1', 'admin_pass2'))) ? request_var($var, '', true) : request_var($var, '');
}
$data = $this->get_submitted_data();
if ($dbms == '')
if ($data['dbms'] == '')
{
// Someone's been silly and tried calling this page direct
// So we send them back to the start to do it again properly
$this->p_master->redirect("index.$phpEx?mode=install");
}
$cookie_domain = ($server_name != '') ? $server_name : (!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME');
$cookie_domain = ($data['server_name'] != '') ? $data['server_name'] : (!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME');
// Try to come up with the best solution for cookie domain...
if (strpos($cookie_domain, 'www.') === 0)
@ -1134,45 +1114,43 @@ class install_install extends module
}
// If we get here and the extension isn't loaded it should be safe to just go ahead and load it
$available_dbms = get_available_dbms($dbms);
$dbpasswd = htmlspecialchars_decode($dbpasswd);
$available_dbms = get_available_dbms($data['dbms']);
// Load the appropriate database class if not already loaded
include($phpbb_root_path . 'includes/db/' . $available_dbms[$dbms]['DRIVER'] . '.' . $phpEx);
include($phpbb_root_path . 'includes/db/' . $available_dbms[$data['dbms']]['DRIVER'] . '.' . $phpEx);
// Instantiate the database
$sql_db = 'dbal_' . $available_dbms[$dbms]['DRIVER'];
$sql_db = 'dbal_' . $available_dbms[$data['dbms']]['DRIVER'];
$db = new $sql_db();
$db->sql_connect($dbhost, $dbuser, $dbpasswd, $dbname, $dbport, false, false);
$db->sql_connect($data['dbhost'], $data['dbuser'], $data['dbpasswd'], $data['dbname'], $data['dbport'], false, false);
// NOTE: trigger_error does not work here.
$db->sql_return_on_error(true);
// If mysql is chosen, we need to adjust the schema filename slightly to reflect the correct version. ;)
if ($dbms == 'mysql')
if ($data['dbms'] == 'mysql')
{
if (version_compare($db->mysql_version, '4.1.3', '>='))
{
$available_dbms[$dbms]['SCHEMA'] .= '_41';
$available_dbms[$data['dbms']]['SCHEMA'] .= '_41';
}
else
{
$available_dbms[$dbms]['SCHEMA'] .= '_40';
$available_dbms[$data['dbms']]['SCHEMA'] .= '_40';
}
}
// Ok we have the db info go ahead and read in the relevant schema
// and work on building the table
$dbms_schema = 'schemas/' . $available_dbms[$dbms]['SCHEMA'] . '_schema.sql';
$dbms_schema = 'schemas/' . $available_dbms[$data['dbms']]['SCHEMA'] . '_schema.sql';
// How should we treat this schema?
$remove_remarks = $available_dbms[$dbms]['COMMENTS'];
$delimiter = $available_dbms[$dbms]['DELIM'];
$remove_remarks = $available_dbms[$data['dbms']]['COMMENTS'];
$delimiter = $available_dbms[$data['dbms']]['DELIM'];
$sql_query = @file_get_contents($dbms_schema);
$sql_query = preg_replace('#phpbb_#i', $table_prefix, $sql_query);
$sql_query = preg_replace('#phpbb_#i', $data['table_prefix'], $sql_query);
$remove_remarks($sql_query);
@ -1193,7 +1171,7 @@ class install_install extends module
$sql_query = file_get_contents('schemas/schema_data.sql');
// Deal with any special comments
switch ($dbms)
switch ($data['dbms'])
{
case 'mssql':
case 'mssql_odbc':
@ -1206,7 +1184,7 @@ class install_install extends module
}
// Change prefix
$sql_query = preg_replace('#phpbb_#i', $table_prefix, $sql_query);
$sql_query = preg_replace('#phpbb_#i', $data['table_prefix'], $sql_query);
// Change language strings...
$sql_query = preg_replace_callback('#\{L_([A-Z0-9\-_]*)\}#s', 'adjust_language_keys_callback', $sql_query);
@ -1230,139 +1208,139 @@ class install_install extends module
$user_ip = (!empty($_SERVER['REMOTE_ADDR'])) ? htmlspecialchars($_SERVER['REMOTE_ADDR']) : '';
if ($script_path !== '/')
if ($data['script_path'] !== '/')
{
// Adjust destination path (no trailing slash)
if (substr($script_path, -1) == '/')
if (substr($data['script_path'], -1) == '/')
{
$script_path = substr($script_path, 0, -1);
$data['script_path'] = substr($data['script_path'], 0, -1);
}
$script_path = str_replace(array('../', './'), '', $script_path);
$data['script_path'] = str_replace(array('../', './'), '', $data['script_path']);
if ($script_path[0] != '/')
if ($data['script_path'][0] != '/')
{
$script_path = '/' . $script_path;
$data['script_path'] = '/' . $data['script_path'];
}
}
// Set default config and post data, this applies to all DB's
$sql_ary = array(
'INSERT INTO ' . $table_prefix . "config (config_name, config_value)
'INSERT INTO ' . $data['table_prefix'] . "config (config_name, config_value)
VALUES ('board_startdate', '$current_time')",
'INSERT INTO ' . $table_prefix . "config (config_name, config_value)
VALUES ('default_lang', '" . $db->sql_escape($default_lang) . "')",
'INSERT INTO ' . $data['table_prefix'] . "config (config_name, config_value)
VALUES ('default_lang', '" . $db->sql_escape($data['default_lang']) . "')",
'UPDATE ' . $table_prefix . "config
SET config_value = '" . $db->sql_escape($img_imagick) . "'
'UPDATE ' . $data['table_prefix'] . "config
SET config_value = '" . $db->sql_escape($data['img_imagick']) . "'
WHERE config_name = 'img_imagick'",
'UPDATE ' . $table_prefix . "config
SET config_value = '" . $db->sql_escape($server_name) . "'
'UPDATE ' . $data['table_prefix'] . "config
SET config_value = '" . $db->sql_escape($data['server_name']) . "'
WHERE config_name = 'server_name'",
'UPDATE ' . $table_prefix . "config
SET config_value = '" . $db->sql_escape($server_port) . "'
'UPDATE ' . $data['table_prefix'] . "config
SET config_value = '" . $db->sql_escape($data['server_port']) . "'
WHERE config_name = 'server_port'",
'UPDATE ' . $table_prefix . "config
SET config_value = '" . $db->sql_escape($board_email1) . "'
'UPDATE ' . $data['table_prefix'] . "config
SET config_value = '" . $db->sql_escape($data['board_email1']) . "'
WHERE config_name = 'board_email'",
'UPDATE ' . $table_prefix . "config
SET config_value = '" . $db->sql_escape($board_email1) . "'
'UPDATE ' . $data['table_prefix'] . "config
SET config_value = '" . $db->sql_escape($data['board_email1']) . "'
WHERE config_name = 'board_contact'",
'UPDATE ' . $table_prefix . "config
'UPDATE ' . $data['table_prefix'] . "config
SET config_value = '" . $db->sql_escape($cookie_domain) . "'
WHERE config_name = 'cookie_domain'",
'UPDATE ' . $table_prefix . "config
'UPDATE ' . $data['table_prefix'] . "config
SET config_value = '" . $db->sql_escape($lang['default_dateformat']) . "'
WHERE config_name = 'default_dateformat'",
'UPDATE ' . $table_prefix . "config
SET config_value = '" . $db->sql_escape($email_enable) . "'
'UPDATE ' . $data['table_prefix'] . "config
SET config_value = '" . $db->sql_escape($data['email_enable']) . "'
WHERE config_name = 'email_enable'",
'UPDATE ' . $table_prefix . "config
SET config_value = '" . $db->sql_escape($smtp_delivery) . "'
'UPDATE ' . $data['table_prefix'] . "config
SET config_value = '" . $db->sql_escape($data['smtp_delivery']) . "'
WHERE config_name = 'smtp_delivery'",
'UPDATE ' . $table_prefix . "config
SET config_value = '" . $db->sql_escape($smtp_host) . "'
'UPDATE ' . $data['table_prefix'] . "config
SET config_value = '" . $db->sql_escape($data['smtp_host']) . "'
WHERE config_name = 'smtp_host'",
'UPDATE ' . $table_prefix . "config
SET config_value = '" . $db->sql_escape($smtp_auth) . "'
'UPDATE ' . $data['table_prefix'] . "config
SET config_value = '" . $db->sql_escape($data['smtp_auth']) . "'
WHERE config_name = 'smtp_auth_method'",
'UPDATE ' . $table_prefix . "config
SET config_value = '" . $db->sql_escape($smtp_user) . "'
'UPDATE ' . $data['table_prefix'] . "config
SET config_value = '" . $db->sql_escape($data['smtp_user']) . "'
WHERE config_name = 'smtp_username'",
'UPDATE ' . $table_prefix . "config
SET config_value = '" . $db->sql_escape($smtp_pass) . "'
'UPDATE ' . $data['table_prefix'] . "config
SET config_value = '" . $db->sql_escape($data['smtp_pass']) . "'
WHERE config_name = 'smtp_password'",
'UPDATE ' . $table_prefix . "config
SET config_value = '" . $db->sql_escape($cookie_secure) . "'
'UPDATE ' . $data['table_prefix'] . "config
SET config_value = '" . $db->sql_escape($data['cookie_secure']) . "'
WHERE config_name = 'cookie_secure'",
'UPDATE ' . $table_prefix . "config
SET config_value = '" . $db->sql_escape($force_server_vars) . "'
'UPDATE ' . $data['table_prefix'] . "config
SET config_value = '" . $db->sql_escape($data['force_server_vars']) . "'
WHERE config_name = 'force_server_vars'",
'UPDATE ' . $table_prefix . "config
SET config_value = '" . $db->sql_escape($script_path) . "'
'UPDATE ' . $data['table_prefix'] . "config
SET config_value = '" . $db->sql_escape($data['script_path']) . "'
WHERE config_name = 'script_path'",
'UPDATE ' . $table_prefix . "config
SET config_value = '" . $db->sql_escape($server_protocol) . "'
'UPDATE ' . $data['table_prefix'] . "config
SET config_value = '" . $db->sql_escape($data['server_protocol']) . "'
WHERE config_name = 'server_protocol'",
'UPDATE ' . $table_prefix . "config
SET config_value = '" . $db->sql_escape($admin_name) . "'
'UPDATE ' . $data['table_prefix'] . "config
SET config_value = '" . $db->sql_escape($data['admin_name']) . "'
WHERE config_name = 'newest_username'",
'UPDATE ' . $table_prefix . "config
'UPDATE ' . $data['table_prefix'] . "config
SET config_value = '" . md5(mt_rand()) . "'
WHERE config_name = 'avatar_salt'",
'UPDATE ' . $table_prefix . "users
SET username = '" . $db->sql_escape($admin_name) . "', user_password='" . $db->sql_escape(md5($admin_pass1)) . "', user_ip = '" . $db->sql_escape($user_ip) . "', user_lang = '" . $db->sql_escape($default_lang) . "', user_email='" . $db->sql_escape($board_email1) . "', user_dateformat='" . $db->sql_escape($lang['default_dateformat']) . "', user_email_hash = " . (crc32($board_email1) . strlen($board_email1)) . ", username_clean = '" . $db->sql_escape(utf8_clean_string($admin_name)) . "'
'UPDATE ' . $data['table_prefix'] . "users
SET username = '" . $db->sql_escape($data['admin_name']) . "', user_password='" . $db->sql_escape(md5($data['admin_pass1'])) . "', user_ip = '" . $db->sql_escape($user_ip) . "', user_lang = '" . $db->sql_escape($data['default_lang']) . "', user_email='" . $db->sql_escape($data['board_email1']) . "', user_dateformat='" . $db->sql_escape($lang['default_dateformat']) . "', user_email_hash = " . (crc32($data['board_email1']) . strlen($data['board_email1'])) . ", username_clean = '" . $db->sql_escape(utf8_clean_string($data['admin_name'])) . "'
WHERE username = 'Admin'",
'UPDATE ' . $table_prefix . "moderator_cache
SET username = '" . $db->sql_escape($admin_name) . "'
'UPDATE ' . $data['table_prefix'] . "moderator_cache
SET username = '" . $db->sql_escape($data['admin_name']) . "'
WHERE username = 'Admin'",
'UPDATE ' . $table_prefix . "forums
SET forum_last_poster_name = '" . $db->sql_escape($admin_name) . "'
'UPDATE ' . $data['table_prefix'] . "forums
SET forum_last_poster_name = '" . $db->sql_escape($data['admin_name']) . "'
WHERE forum_last_poster_name = 'Admin'",
'UPDATE ' . $table_prefix . "topics
SET topic_first_poster_name = '" . $db->sql_escape($admin_name) . "', topic_last_poster_name = '" . $db->sql_escape($admin_name) . "'
'UPDATE ' . $data['table_prefix'] . "topics
SET topic_first_poster_name = '" . $db->sql_escape($data['admin_name']) . "', topic_last_poster_name = '" . $db->sql_escape($data['admin_name']) . "'
WHERE topic_first_poster_name = 'Admin'
OR topic_last_poster_name = 'Admin'",
'UPDATE ' . $table_prefix . "users
'UPDATE ' . $data['table_prefix'] . "users
SET user_regdate = $current_time",
'UPDATE ' . $table_prefix . "posts
'UPDATE ' . $data['table_prefix'] . "posts
SET post_time = $current_time, poster_ip = '" . $db->sql_escape($user_ip) . "'",
'UPDATE ' . $table_prefix . "topics
'UPDATE ' . $data['table_prefix'] . "topics
SET topic_time = $current_time, topic_last_post_time = $current_time",
'UPDATE ' . $table_prefix . "forums
'UPDATE ' . $data['table_prefix'] . "forums
SET forum_last_post_time = $current_time",
);
if (@extension_loaded('gd') || can_load_dll('gd'))
{
$sql_ary[] = 'UPDATE ' . $table_prefix . "config
$sql_ary[] = 'UPDATE ' . $data['table_prefix'] . "config
SET config_value = '1'
WHERE config_name = 'captcha_gd'";
}
@ -1374,7 +1352,7 @@ class install_install extends module
$rand_str = substr($rand_str, 0, 5);
$cookie_name .= strtolower($rand_str);
$sql_ary[] = 'UPDATE ' . $table_prefix . "config
$sql_ary[] = 'UPDATE ' . $data['table_prefix'] . "config
SET config_value = '" . $db->sql_escape($cookie_name) . "'
WHERE config_name = 'cookie_name'";
@ -1389,11 +1367,6 @@ class install_install extends module
}
}
foreach ($this->request_vars as $var)
{
$s_hidden_fields .= '<input type="hidden" name="' . $var . '" value="' . $$var . '" />';
}
$submit = $lang['NEXT_STEP'];
$url = $this->p_master->module_url . "?mode=$mode&amp;sub=final";
@ -1401,7 +1374,7 @@ class install_install extends module
$template->assign_vars(array(
'BODY' => $lang['STAGE_CREATE_TABLE_EXPLAIN'],
'L_SUBMIT' => $submit,
'S_HIDDEN' => $s_hidden_fields,
'S_HIDDEN' => build_hidden_fields($data),
'U_ACTION' => $url,
));
}
@ -1414,23 +1387,18 @@ class install_install extends module
global $db, $lang, $phpbb_root_path, $phpEx, $config;
// Obtain any submitted data
foreach ($this->request_vars as $var)
{
$$var = (in_array($var, array('admin_name', 'dbpasswd', 'admin_pass1', 'admin_pass2'))) ? request_var($var, '', true) : request_var($var, '');
}
$dbpasswd = htmlspecialchars_decode($dbpasswd);
$data = $this->get_submitted_data();
// If we get here and the extension isn't loaded it should be safe to just go ahead and load it
$available_dbms = get_available_dbms($dbms);
$available_dbms = get_available_dbms($data['dbms']);
// Load the appropriate database class if not already loaded
include($phpbb_root_path . 'includes/db/' . $available_dbms[$dbms]['DRIVER'] . '.' . $phpEx);
include($phpbb_root_path . 'includes/db/' . $available_dbms[$data['dbms']]['DRIVER'] . '.' . $phpEx);
// Instantiate the database
$sql_db = 'dbal_' . $available_dbms[$dbms]['DRIVER'];
$sql_db = 'dbal_' . $available_dbms[$data['dbms']]['DRIVER'];
$db = new $sql_db();
$db->sql_connect($dbhost, $dbuser, $dbpasswd, $dbname, $dbport, false, false);
$db->sql_connect($data['dbhost'], $data['dbuser'], $data['dbpasswd'], $data['dbname'], $data['dbport'], false, false);
// NOTE: trigger_error does not work here.
$db->sql_return_on_error(true);
@ -1807,10 +1775,7 @@ class install_install extends module
global $db, $lang, $phpbb_root_path, $phpEx, $config;
// Obtain any submitted data
foreach ($this->request_vars as $var)
{
$$var = (in_array($var, array('admin_name', 'dbpasswd', 'admin_pass1', 'admin_pass2'))) ? request_var($var, '', true) : request_var($var, '');
}
$data = $this->get_submitted_data();
// Fill the config array - it is needed by those functions we call
$sql = 'SELECT *
@ -1852,7 +1817,7 @@ class install_install extends module
'user_password' => '',
'user_colour' => '9E8DA7',
'user_email' => '',
'user_lang' => $default_lang,
'user_lang' => $data['default_lang'],
'user_style' => 1,
'user_timezone' => 0,
'user_dateformat' => $lang['default_dateformat'],
@ -1890,10 +1855,7 @@ class install_install extends module
$this->page_title = $lang['STAGE_FINAL'];
// Obtain any submitted data
foreach ($this->request_vars as $var)
{
$$var = (in_array($var, array('admin_name', 'dbpasswd', 'admin_pass1', 'admin_pass2'))) ? request_var($var, '', true) : request_var($var, '');
}
$data = $this->get_submitted_data();
// Load the basic configuration data
include_once($phpbb_root_path . 'includes/constants.' . $phpEx);
@ -1910,7 +1872,7 @@ class install_install extends module
$db->sql_freeresult($result);
$user->session_begin();
$auth->login($admin_name, $admin_pass1, false, true, true);
$auth->login($data['admin_name'], $data['admin_pass1'], false, true, true);
// OK, Now that we've reached this point we can be confident that everything
// is installed and working......I hope :)
@ -1923,9 +1885,9 @@ class install_install extends module
$messenger = new messenger(false);
$messenger->template('installed', $language);
$messenger->template('installed', $data['language']);
$messenger->to($board_email1, $admin_name);
$messenger->to($data['board_email1'], $data['admin_name']);
$messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']);
$messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']);
@ -1933,8 +1895,8 @@ class install_install extends module
$messenger->headers('X-AntiAbuse: User IP - ' . $user->ip);
$messenger->assign_vars(array(
'USERNAME' => htmlspecialchars_decode($admin_name),
'PASSWORD' => htmlspecialchars_decode($admin_pass1))
'USERNAME' => htmlspecialchars_decode($data['admin_name']),
'PASSWORD' => htmlspecialchars_decode($data['admin_pass1']))
);
$messenger->send(NOTIFY_EMAIL);
@ -1945,7 +1907,7 @@ class install_install extends module
$template->assign_vars(array(
'TITLE' => $lang['INSTALL_CONGRATS'],
'BODY' => sprintf($lang['INSTALL_CONGRATS_EXPLAIN'], $config['version'], append_sid($phpbb_root_path . 'install/index.' . $phpEx, 'mode=convert&amp;language=' . $language), '../docs/README.html'),
'BODY' => sprintf($lang['INSTALL_CONGRATS_EXPLAIN'], $config['version'], append_sid($phpbb_root_path . 'install/index.' . $phpEx, 'mode=convert&amp;language=' . $data['language']), '../docs/README.html'),
'L_SUBMIT' => $lang['INSTALL_LOGIN'],
'U_ACTION' => append_sid($phpbb_root_path . 'adm/index.' . $phpEx),
));
@ -1969,12 +1931,44 @@ class install_install extends module
return $s_smtp_auth_options;
}
/**
* The variables that we will be passing between pages
* Used to retrieve data quickly on each page
* Get submitted data
*/
var $request_vars = array('language', 'dbms', 'dbhost', 'dbport', 'dbuser', 'dbpasswd', 'dbname', 'table_prefix', 'default_lang', 'admin_name', 'admin_pass1', 'admin_pass2', 'board_email1', 'board_email2', 'img_imagick', 'ftp_path', 'ftp_user', 'ftp_pass', 'email_enable', 'smtp_delivery', 'smtp_host', 'smtp_auth', 'smtp_user', 'smtp_pass', 'cookie_secure', 'force_server_vars', 'server_protocol', 'server_name', 'server_port', 'script_path');
function get_submitted_data()
{
return array(
'language' => basename(request_var('language', '')),
'dbms' => request_var('dbms', ''),
'dbhost' => request_var('dbhost', ''),
'dbport' => request_var('dbport', ''),
'dbuser' => request_var('dbuser', ''),
'dbpasswd' => htmlspecialchars_decode(request_var('dbpasswd', '', true)),
'dbname' => request_var('dbname', ''),
'table_prefix' => request_var('table_prefix', ''),
'default_lang' => basename(request_var('default_lang', '')),
'admin_name' => utf8_normalize_nfc(request_var('admin_name', '', true)),
'admin_pass1' => request_var('admin_pass1', '', true),
'admin_pass2' => request_var('admin_pass2', '', true),
'board_email1' => strtolower(request_var('board_email1', '')),
'board_email2' => strtolower(request_var('board_email2', '')),
'img_imagick' => request_var('img_imagick', ''),
'ftp_path' => request_var('ftp_path', ''),
'ftp_user' => request_var('ftp_user', ''),
'ftp_pass' => request_var('ftp_pass', ''),
'email_enable' => request_var('email_enable', ''),
'smtp_delivery' => request_var('smtp_delivery', ''),
'smtp_host' => request_var('smtp_host', ''),
'smtp_auth' => request_var('smtp_auth', ''),
'smtp_user' => request_var('smtp_user', ''),
'smtp_pass' => request_var('smtp_pass', ''),
'cookie_secure' => request_var('cookie_secure', ''),
'force_server_vars' => request_var('force_server_vars', ''),
'server_protocol' => request_var('server_protocol', ''),
'server_name' => request_var('server_name', ''),
'server_port' => request_var('server_port', ''),
'script_path' => request_var('script_path', ''),
);
}
/**
* The information below will be used to build the input fields presented to the user

2
phpBB/mcp.php
View file

@ -78,7 +78,7 @@ $post_id = request_var('p', 0);
$topic_id = request_var('t', 0);
$forum_id = request_var('f', 0);
$user_id = request_var('u', 0);
$username = request_var('username', '', true);
$username = utf8_normalize_nfc(request_var('username', '', true));
if ($post_id)
{

8
phpBB/memberlist.php
View file

@ -332,7 +332,7 @@ switch ($mode)
include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
$subject = sprintf($user->lang['IM_JABBER_SUBJECT'], $user->data['username'], $config['server_name']);
$message = trim(request_var('message', '', true));
$message = utf8_normalize_nfc(request_var('message', '', true));
if (empty($message))
{
@ -698,11 +698,11 @@ switch ($mode)
$error = array();
$name = request_var('name', '', true);
$name = utf8_normalize_nfc(request_var('name', '', true));
$email = request_var('email', '');
$email_lang = request_var('lang', $config['default_lang']);
$subject = request_var('subject', '', true);
$message = request_var('message', '', true);
$subject = utf8_normalize_nfc(request_var('subject', '', true));
$message = utf8_normalize_nfc(request_var('message', '', true));
$cc = (isset($_POST['cc_email'])) ? true : false;
$submit = (isset($_POST['submit'])) ? true : false;

2
phpBB/posting.php
View file

@ -561,7 +561,7 @@ $solved_captcha = false;
if ($submit || $preview || $refresh)
{
$post_data['topic_cur_post_id'] = request_var('topic_cur_post_id', 0);
$post_data['post_subject'] = trim(utf8_normalize_nfc(request_var('subject', '', true)));
$post_data['post_subject'] = utf8_normalize_nfc(request_var('subject', '', true));
$message_parser->message = utf8_normalize_nfc(request_var('message', '', true));
$post_data['username'] = utf8_normalize_nfc(request_var('username', $post_data['username'], true));

4
phpBB/search.php
View file

@ -30,8 +30,8 @@ $topic_id = request_var('t', 0);
$view = request_var('view', '');
$submit = request_var('submit', false);
$keywords = request_var('keywords', '', true);
$add_keywords = request_var('add_keywords', '', true);
$keywords = utf8_normalize_nfc(request_var('keywords', '', true));
$add_keywords = utf8_normalize_nfc(request_var('add_keywords', '', true));
$author = request_var('author', '', true);
$author_id = request_var('author_id', 0);
$show_results = ($topic_id) ? 'posts' : request_var('sr', 'posts');

3
phpBB/viewtopic.php
View file

@ -37,6 +37,9 @@ $sort_dir = request_var('sd', ((!empty($user->data['user_post_sortby_dir'])) ? $
$update = request_var('update', false);
/**
* @todo normalize?
*/
$hilit_words = request_var('hilit', '', true);
// Do we have a topic or post id?