$request->server() should not auto html-escape values. header() however should.
Also introduce some tests for this behaviour.
Thanks to nn- for catching this.
PHPBB3-9716
Extend the request class with helpers for reading server vars (server())
and HTTP request headers (header()). Refactor the existing code base
to make use of these helpers, make $_SERVER a deactivated super global.
Also introduce an is_ajax() method, which checks the X-Requested-With
header for the value 'XMLHttpRequest', which is sent by JavaScript
libraries, such as jQuery.
PHPBB3-9716
* develop-olympus:
[ticket/10250] The site_logo hash is different depending on imageset & language
[ticket/10250] Destroy cached md5 hash of site_logo on refreshing an imageset
[ticket/10250] Overwrite the site_logo width&height when the phpbb logo is used
[ticket/10250] Added the new phpBB Logo with the Registered Trademark Symbol
* prep-release-3.0.9:
[ticket/10250] The site_logo hash is different depending on imageset & language
[ticket/10250] Destroy cached md5 hash of site_logo on refreshing an imageset
[ticket/10250] Overwrite the site_logo width&height when the phpbb logo is used
[ticket/10250] Added the new phpBB Logo with the Registered Trademark Symbol
* naderman/ticket/10250:
[ticket/10250] The site_logo hash is different depending on imageset & language
[ticket/10250] Destroy cached md5 hash of site_logo on refreshing an imageset
[ticket/10250] Overwrite the site_logo width&height when the phpbb logo is used
[ticket/10250] Added the new phpBB Logo with the Registered Trademark Symbol
* develop-olympus:
[ticket/9859] Changing all phpBB footers to match the new credit line
[ticket/9859] New footer copyright line with registered symbol
* prep-release-3.0.9:
[ticket/9859] Changing all phpBB footers to match the new credit line
[ticket/9859] New footer copyright line with registered symbol
The new logo is slightly wider than the old logo. If we changed the size in the
imageset.cfg we would cause a conflict for everyone who replaced the logo with
their own and modified the size. Instead we overwrite the width and height in
the img() function in session.php only if its contents are that of the stock
phpbb logo.
PHPBB3-10250
When a non-fatal error occurs at the beginning of the script before any custom
error handler is set one of two situations can be encountered:
1) if the ini option output buffer is disabled:
- headers are sent to the http client
- the error message is output
2) if the ini option output_buffer is enabled or the script
is run within an ob_start()/ob_end() wrapper:
- the error message is written to the output buffer
Once the script reaches page_header() phpbb starts gzip compression if enabled.
This is done through ob_start with a ob_gzhandler as a callback. The
compression is skipped if headers have already been sent. In situation 1) the
error message sent in plain text comes with headers and this gzip compression
is skipped. The client receives a plaintext version of the page. However in
situation 2) headers have not been sent yet and the rest of the page will be
compressed. The result is a plaintext error message followed by compressed
output. The client does not understand this output resulting in either an
error message or simply a blank page in the browser.
In addition to the above situation this problem occurs with errors that are
triggered after the custom error handler is loaded. The problem has been
noticed before, and a workaround was found. The error handler would call
ob_flush() for particular configuration settings before outputting the error
message. This resulted in headers being sent when output buffering was enabled
thus disabling gzip compression for the rest of the page. The constraints under
which ob_flush() was called were lessened over time whenever a new case was
found that would trigger this problem. Eventually ob_flush() would be called
even when code causing an E_NOTICE was simply run within an ob_start/ob_end.
This makes it impossible to use output buffering to retrieve the content of an
error message without prohibiting the page from setting headers afterwards.
This commit removes all flushing in msg_handler completely and instead fixes
the problem for both errors before and after the error handler is registered.
GZIP compression is only enabled if there is at most one level of output
buffering (e.g. the output_buffer php.ini option is enabled) and if there has
not yet been any output in this buffer. This should avoid any partial output
compression.
PHPBB3-10188
* develop-olympus:
[ticket/10218] Prevent startime from being overwritten by deregister_globals()
[ticket/10218] Moving global deregistration, etc. to startup.php
Conflicts:
phpBB/install/database_update.php
* prep-release-3.0.9:
[ticket/10218] Prevent startime from being overwritten by deregister_globals()
[ticket/10218] Moving global deregistration, etc. to startup.php
Conflicts:
phpBB/install/database_update.php
* Marshalrusty/ticket/10218:
[ticket/10218] Prevent startime from being overwritten by deregister_globals()
[ticket/10218] Moving global deregistration, etc. to startup.php
Removes the semicolon at end of oracle CREATE TABLE queries and adds a
semicolon to the end of a SELECT query inside of the trigger for a new
table's auto increment column before the end keyword
PHPBB3-10214
* develop-olympus:
[ticket/9892] Correct copyright year
[ticket/9892] Remove incorrect use of camel case
[ticket/9892] Removing closing php tag from create_schema_files
[ticket/9892] Transaction support for database update sql execution function
[ticket/9892] count is a keyword in firebird, so renaming this alias
[ticket/9892] Q&A CAPTCHA did not work on firebird, so no need to change config
[ticket/9892] Shorten login_attempt key names to avoid firebird length problems
[ticket/9892] Drop Q&A CAPTCHA tables if left in inconsistent state
[ticket/9892] Adding a number of tests for db_tools
[ticket/9892] Table prefix lengths influence index lengths in db_tools
[ticket/9892] Shorten the index names on the q&a captcha
[ticket/9892] column & index name limits, firebird auto increment in db_tools
Conflicts:
phpBB/develop/create_schema_files.php
