ok... i hope i haven't messed too much with the code and everything is still working.

Changes: - Ascraeus now uses constants for the phpbb root path and the php extension. This ensures more security for external applications and modifications (no more overwriting of root path and extension possible through insecure mods and register globals enabled) as well as no more globalizing needed. - A second change implemented here is an additional short-hand-notation for append_sid(). It is allowed to omit the root path and extension now (for example calling append_sid('memberlist')) - in this case the root path and extension get added automatically. The hook is called after these are added. git-svn-id: file:///svn/phpbb/trunk@8572 89ea8834-ac86-4346-8a33-228a782c2dd0
author: Meik Sievertsen <acydburn@phpbb.com> 2008-05-29 12:25:56 +0000
committer: Meik Sievertsen <acydburn@phpbb.com> 2008-05-29 12:25:56 +0000
commit: 2f4a618900e2c3b6ea14c68cbeb5897cd2ac1a04 (patch)
tree: 3b7ea329bf35eab5ddab9b0b5eb790e45e283a5c /phpBB/adm
parent: 91b4fe1868ca2c4d81111943f781e3cfd0262ef2 (diff)
download: forums-2f4a618900e2c3b6ea14c68cbeb5897cd2ac1a04.tar
forums-2f4a618900e2c3b6ea14c68cbeb5897cd2ac1a04.tar.gz
forums-2f4a618900e2c3b6ea14c68cbeb5897cd2ac1a04.tar.bz2
forums-2f4a618900e2c3b6ea14c68cbeb5897cd2ac1a04.tar.xz
forums-2f4a618900e2c3b6ea14c68cbeb5897cd2ac1a04.zip
2 files changed, 47 insertions, 46 deletions
diff --git a/phpBB/adm/index.php b/phpBB/adm/index.php
index 358e5a4bf2..50f1cc715f 100644
--- a/phpBB/adm/index.php
+++ b/phpBB/adm/index.php
@@ -15,11 +15,11 @@ define('ADMIN_START', true);
 define('NEED_SID', true);
 
 // Include files
-$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './../';
-$phpEx = substr(strrchr(__FILE__, '.'), 1);
-require($phpbb_root_path . 'common.' . $phpEx);
-require($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
-require($phpbb_root_path . 'includes/functions_module.' . $phpEx);
+if (!defined('PHPBB_ROOT_PATH')) define('PHPBB_ROOT_PATH', './../');
+if (!defined('PHP_EXT')) define('PHP_EXT', substr(strrchr(__FILE__, '.'), 1));
+include(PHPBB_ROOT_PATH . 'common.' . PHP_EXT);
+require(PHPBB_ROOT_PATH . 'includes/functions_admin.' . PHP_EXT);
+require(PHPBB_ROOT_PATH . 'includes/functions_module.' . PHP_EXT);
 
 // Start session management
 $user->session_begin();
@@ -42,7 +42,7 @@ if (!$auth->acl_get('a_'))
 
 // We define the admin variables now, because the user is now able to use the admin related features...
 define('IN_ADMIN', true);
-$phpbb_admin_path = (defined('PHPBB_ADMIN_PATH')) ? PHPBB_ADMIN_PATH : './';
+if (!defined('PHPBB_ADMIN_PATH')) define('PHPBB_ADMIN_PATH', './');
 
 // Some oft used variables
 $safe_mode		= (@ini_get('safe_mode') == '1' || @strtolower(ini_get('safe_mode')) === 'on') ? true : false;
@@ -51,8 +51,8 @@ $module_id		= request_var('i', '');
 $mode			= request_var('mode', '');
 
 // Set custom template for admin area
-$template->set_custom_template($phpbb_admin_path . 'style', 'admin');
-$template->assign_var('T_TEMPLATE_PATH', $phpbb_admin_path . 'style');
+$template->set_custom_template(PHPBB_ADMIN_PATH . 'style', 'admin');
+$template->assign_var('T_TEMPLATE_PATH', PHPBB_ADMIN_PATH . 'style');
 
 // the acp template is never stored in the database
 $user->theme['template_storedb'] = false;
@@ -68,7 +68,7 @@ $module->set_active($module_id, $mode);
 
 // Assign data to the template engine for the list of modules
 // We do this before loading the active module for correct menu display in trigger_error
-$module->assign_tpl_vars(append_sid("{$phpbb_admin_path}index.$phpEx"));
+$module->assign_tpl_vars(append_sid('index'));
 
 // Load and execute the relevant module
 $module->load_active();
@@ -88,7 +88,7 @@ adm_page_footer();
 function adm_page_header($page_title)
 {
 	global $config, $db, $user, $template;
-	global $phpbb_root_path, $phpbb_admin_path, $phpEx, $SID, $_SID;
+	global $SID, $_SID;
 
 	if (defined('HEADER_INC'))
 	{
@@ -113,30 +113,30 @@ function adm_page_header($page_title)
 		'SID'					=> $SID,
 		'_SID'					=> $_SID,
 		'SESSION_ID'			=> $user->session_id,
-		'ROOT_PATH'				=> $phpbb_admin_path,
-
-		'U_LOGOUT'				=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=logout'),
-		'U_ADM_INDEX'			=> append_sid("{$phpbb_admin_path}index.$phpEx"),
-		'U_INDEX'				=> append_sid("{$phpbb_root_path}index.$phpEx"),
-
-		'T_IMAGES_PATH'			=> "{$phpbb_root_path}images/",
-		'T_SMILIES_PATH'		=> "{$phpbb_root_path}{$config['smilies_path']}/",
-		'T_AVATAR_PATH'			=> "{$phpbb_root_path}{$config['avatar_path']}/",
-		'T_AVATAR_GALLERY_PATH'	=> "{$phpbb_root_path}{$config['avatar_gallery_path']}/",
-		'T_ICONS_PATH'			=> "{$phpbb_root_path}{$config['icons_path']}/",
-		'T_RANKS_PATH'			=> "{$phpbb_root_path}{$config['ranks_path']}/",
-		'T_UPLOAD_PATH'			=> "{$phpbb_root_path}{$config['upload_path']}/",
-
-		'ICON_MOVE_UP'				=> '<img src="' . $phpbb_admin_path . 'images/icon_up.gif" alt="' . $user->lang['MOVE_UP'] . '" title="' . $user->lang['MOVE_UP'] . '" />',
-		'ICON_MOVE_UP_DISABLED'		=> '<img src="' . $phpbb_admin_path . 'images/icon_up_disabled.gif" alt="' . $user->lang['MOVE_UP'] . '" title="' . $user->lang['MOVE_UP'] . '" />',
-		'ICON_MOVE_DOWN'			=> '<img src="' . $phpbb_admin_path . 'images/icon_down.gif" alt="' . $user->lang['MOVE_DOWN'] . '" title="' . $user->lang['MOVE_DOWN'] . '" />',
-		'ICON_MOVE_DOWN_DISABLED'	=> '<img src="' . $phpbb_admin_path . 'images/icon_down_disabled.gif" alt="' . $user->lang['MOVE_DOWN'] . '" title="' . $user->lang['MOVE_DOWN'] . '" />',		
-		'ICON_EDIT'					=> '<img src="' . $phpbb_admin_path . 'images/icon_edit.gif" alt="' . $user->lang['EDIT'] . '" title="' . $user->lang['EDIT'] . '" />',
-		'ICON_EDIT_DISABLED'		=> '<img src="' . $phpbb_admin_path . 'images/icon_edit_disabled.gif" alt="' . $user->lang['EDIT'] . '" title="' . $user->lang['EDIT'] . '" />',
-		'ICON_DELETE'				=> '<img src="' . $phpbb_admin_path . 'images/icon_delete.gif" alt="' . $user->lang['DELETE'] . '" title="' . $user->lang['DELETE'] . '" />',
-		'ICON_DELETE_DISABLED'		=> '<img src="' . $phpbb_admin_path . 'images/icon_delete_disabled.gif" alt="' . $user->lang['DELETE'] . '" title="' . $user->lang['DELETE'] . '" />',
-		'ICON_SYNC'					=> '<img src="' . $phpbb_admin_path . 'images/icon_sync.gif" alt="' . $user->lang['RESYNC'] . '" title="' . $user->lang['RESYNC'] . '" />',
-		'ICON_SYNC_DISABLED'		=> '<img src="' . $phpbb_admin_path . 'images/icon_sync_disabled.gif" alt="' . $user->lang['RESYNC'] . '" title="' . $user->lang['RESYNC'] . '" />',
+		'ROOT_PATH'				=> PHPBB_ADMIN_PATH,
+
+		'U_LOGOUT'				=> append_sid('ucp', 'mode=logout'),
+		'U_ADM_INDEX'			=> append_sid(PHPBB_ADMIN_PATH . 'index.' . PHP_EXT),
+		'U_INDEX'				=> append_sid('index'),
+
+		'T_IMAGES_PATH'			=> PHPBB_ROOT_PATH . 'images/',
+		'T_SMILIES_PATH'		=> PHPBB_ROOT_PATH . $config['smilies_path'] . '/',
+		'T_AVATAR_PATH'			=> PHPBB_ROOT_PATH . $config['avatar_path'] . '/',
+		'T_AVATAR_GALLERY_PATH'	=> PHPBB_ROOT_PATH . $config['avatar_gallery_path'] . '/',
+		'T_ICONS_PATH'			=> PHPBB_ROOT_PATH . $config['icons_path'] . '/',
+		'T_RANKS_PATH'			=> PHPBB_ROOT_PATH . $config['ranks_path'] . '/',
+		'T_UPLOAD_PATH'			=> PHPBB_ROOT_PATH . $config['upload_path'] . '/',
+
+		'ICON_MOVE_UP'				=> '<img src="' . PHPBB_ADMIN_PATH . 'images/icon_up.gif" alt="' . $user->lang['MOVE_UP'] . '" title="' . $user->lang['MOVE_UP'] . '" />',
+		'ICON_MOVE_UP_DISABLED'		=> '<img src="' . PHPBB_ADMIN_PATH . 'images/icon_up_disabled.gif" alt="' . $user->lang['MOVE_UP'] . '" title="' . $user->lang['MOVE_UP'] . '" />',
+		'ICON_MOVE_DOWN'			=> '<img src="' . PHPBB_ADMIN_PATH . 'images/icon_down.gif" alt="' . $user->lang['MOVE_DOWN'] . '" title="' . $user->lang['MOVE_DOWN'] . '" />',
+		'ICON_MOVE_DOWN_DISABLED'	=> '<img src="' . PHPBB_ADMIN_PATH . 'images/icon_down_disabled.gif" alt="' . $user->lang['MOVE_DOWN'] . '" title="' . $user->lang['MOVE_DOWN'] . '" />',		
+		'ICON_EDIT'					=> '<img src="' . PHPBB_ADMIN_PATH . 'images/icon_edit.gif" alt="' . $user->lang['EDIT'] . '" title="' . $user->lang['EDIT'] . '" />',
+		'ICON_EDIT_DISABLED'		=> '<img src="' . PHPBB_ADMIN_PATH . 'images/icon_edit_disabled.gif" alt="' . $user->lang['EDIT'] . '" title="' . $user->lang['EDIT'] . '" />',
+		'ICON_DELETE'				=> '<img src="' . PHPBB_ADMIN_PATH . 'images/icon_delete.gif" alt="' . $user->lang['DELETE'] . '" title="' . $user->lang['DELETE'] . '" />',
+		'ICON_DELETE_DISABLED'		=> '<img src="' . PHPBB_ADMIN_PATH . 'images/icon_delete_disabled.gif" alt="' . $user->lang['DELETE'] . '" title="' . $user->lang['DELETE'] . '" />',
+		'ICON_SYNC'					=> '<img src="' . PHPBB_ADMIN_PATH . 'images/icon_sync.gif" alt="' . $user->lang['RESYNC'] . '" title="' . $user->lang['RESYNC'] . '" />',
+		'ICON_SYNC_DISABLED'		=> '<img src="' . PHPBB_ADMIN_PATH . 'images/icon_sync_disabled.gif" alt="' . $user->lang['RESYNC'] . '" title="' . $user->lang['RESYNC'] . '" />',
 
 		'S_USER_LANG'			=> $user->lang['USER_LANG'],
 		'S_CONTENT_DIRECTION'	=> $user->lang['DIRECTION'],
@@ -161,7 +161,7 @@ function adm_page_header($page_title)
 function adm_page_footer($copyright_html = true)
 {
 	global $db, $config, $template, $user, $auth, $cache;
-	global $starttime, $phpbb_root_path, $phpbb_admin_path, $phpEx;
+	global $starttime;
 
 	// Output page creation time
 	if (defined('DEBUG'))
@@ -372,7 +372,8 @@ function build_cfg_template($tpl_type, $key, &$new, $config_key, $vars)
 */
 function validate_config_vars($config_vars, &$cfg_array, &$error)
 {
-	global $phpbb_root_path, $user;
+	global $user;
+
 	$type	= 0;
 	$min	= 1;
 	$max	= 2;
@@ -465,13 +466,13 @@ function validate_config_vars($config_vars, &$cfg_array, &$error)
 
 				$cfg_array[$config_name] = basename($cfg_array[$config_name]);
 
-				if (!file_exists($phpbb_root_path . 'language/' . $cfg_array[$config_name] . '/'))
+				if (!file_exists(PHPBB_ROOT_PATH . 'language/' . $cfg_array[$config_name] . '/'))
 				{
 					$error[] = $user->lang['WRONG_DATA_LANG'];
 				}
 			break;
 
-			// Relative path (appended $phpbb_root_path)
+			// Relative path (appended PHPBB_ROOT_PATH)
 			case 'rpath':
 			case 'rwpath':
 				if (!$cfg_array[$config_name])
@@ -513,12 +514,12 @@ function validate_config_vars($config_vars, &$cfg_array, &$error)
 					break;
 				}
 
-				if (!file_exists($phpbb_root_path . $cfg_array[$config_name]))
+				if (!file_exists(PHPBB_ROOT_PATH . $cfg_array[$config_name]))
 				{
 					$error[] = sprintf($user->lang['DIRECTORY_DOES_NOT_EXIST'], $cfg_array[$config_name]);
 				}
 
-				if (file_exists($phpbb_root_path . $cfg_array[$config_name]) && !is_dir($phpbb_root_path . $cfg_array[$config_name]))
+				if (file_exists(PHPBB_ROOT_PATH . $cfg_array[$config_name]) && !is_dir(PHPBB_ROOT_PATH . $cfg_array[$config_name]))
 				{
 					$error[] = sprintf($user->lang['DIRECTORY_NOT_DIR'], $cfg_array[$config_name]);
 				}
@@ -526,7 +527,7 @@ function validate_config_vars($config_vars, &$cfg_array, &$error)
 				// Check if the path is writable
 				if ($config_definition['validate'] == 'wpath' || $config_definition['validate'] == 'rwpath')
 				{
-					if (file_exists($phpbb_root_path . $cfg_array[$config_name]) && !@is_writable($phpbb_root_path . $cfg_array[$config_name]))
+					if (file_exists(PHPBB_ROOT_PATH . $cfg_array[$config_name]) && !@is_writable(PHPBB_ROOT_PATH . $cfg_array[$config_name]))
 					{
 						$error[] = sprintf($user->lang['DIRECTORY_NOT_WRITABLE'], $cfg_array[$config_name]);
 					}
diff --git a/phpBB/adm/swatch.php b/phpBB/adm/swatch.php
index e372c16b9b..7ee6d7d0c0 100644
--- a/phpBB/adm/swatch.php
+++ b/phpBB/adm/swatch.php
@@ -13,9 +13,9 @@
 */
 define('IN_PHPBB', true);
 define('ADMIN_START', true);
-$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './../';
-$phpEx = substr(strrchr(__FILE__, '.'), 1);
-include($phpbb_root_path . 'common.' . $phpEx);
+if (!defined('PHPBB_ROOT_PATH')) define('PHPBB_ROOT_PATH', './../');
+if (!defined('PHP_EXT')) define('PHP_EXT', substr(strrchr(__FILE__, '.'), 1));
+include(PHPBB_ROOT_PATH . 'common.' . PHP_EXT);
 
 // Start session management
 $user->session_begin(false);
@@ -23,7 +23,7 @@ $auth->acl($user->data);
 $user->setup();
 
 // Set custom template for admin area
-$template->set_custom_template($phpbb_root_path . 'adm/style', 'admin');
+$template->set_custom_template(PHPBB_ROOT_PATH . CONFIG_ADM_FOLDER . '/style', 'admin');
 
 $template->set_filenames(array(
 	'body' => 'colour_swatch.html')
@@ -39,7 +39,7 @@ $name = (!preg_match('/^[a-z0-9_-]+$/i', $name)) ? '' : $name;
 $template->assign_vars(array(
 	'OPENER'		=> $form,
 	'NAME'			=> $name,
-	'T_IMAGES_PATH'	=> "{$phpbb_root_path}images/",
+	'T_IMAGES_PATH'	=> PHPBB_ROOT_PATH . 'images/',
 
 	'S_USER_LANG'			=> $user->lang['USER_LANG'],
 	'S_CONTENT_DIRECTION'	=> $user->lang['DIRECTION'],
author	Meik Sievertsen <acydburn@phpbb.com>	2008-05-29 12:25:56 +0000
committer	Meik Sievertsen <acydburn@phpbb.com>	2008-05-29 12:25:56 +0000
commit	2f4a618900e2c3b6ea14c68cbeb5897cd2ac1a04 (patch)
tree	3b7ea329bf35eab5ddab9b0b5eb790e45e283a5c /phpBB/adm
parent	91b4fe1868ca2c4d81111943f781e3cfd0262ef2 (diff)
download	forums-2f4a618900e2c3b6ea14c68cbeb5897cd2ac1a04.tar forums-2f4a618900e2c3b6ea14c68cbeb5897cd2ac1a04.tar.gz forums-2f4a618900e2c3b6ea14c68cbeb5897cd2ac1a04.tar.bz2 forums-2f4a618900e2c3b6ea14c68cbeb5897cd2ac1a04.tar.xz forums-2f4a618900e2c3b6ea14c68cbeb5897cd2ac1a04.zip