diff options
29 files changed, 520 insertions, 197 deletions
diff --git a/phpBB/adm/style/acp_styles.html b/phpBB/adm/style/acp_styles.html index cb4361dd6f..098cc723d9 100644 --- a/phpBB/adm/style/acp_styles.html +++ b/phpBB/adm/style/acp_styles.html @@ -22,6 +22,21 @@ <dt><label for="new_id">{L_REPLACE}:</label><br /><span>{L_REPLACE_EXPLAIN}</span></dt> <dd><select id="new_id" name="new_id">{S_REPLACE_OPTIONS}</select></dd> </dl> + <!-- IF S_DELETE_STYLE --> + <hr /> + <dl> + <dt><label for="new_template_id">{L_DELETE_TEMPLATE}:</label><br /><span>{L_REPLACE_TEMPLATE_EXPLAIN}</span></dt> + <dd><select id="new_template_id" name="new_template_id">{S_REPLACE_TEMPLATE_OPTIONS}</select></dd> + </dl> + <dl> + <dt><label for="new_theme_id">{L_DELETE_THEME}:</label><br /><span>{L_REPLACE_THEME_EXPLAIN}</span></dt> + <dd><select id="new_theme_id" name="new_theme_id">{S_REPLACE_THEME_OPTIONS}</select></dd> + </dl> + <dl> + <dt><label for="new_imageset_id">{L_DELETE_IMAGESET}:</label><br /><span>{L_REPLACE_IMAGESET_EXPLAIN}</span></dt> + <dd><select id="new_imageset_id" name="new_imageset_id">{S_REPLACE_IMAGESET_OPTIONS}</select></dd> + </dl> + <!-- ENDIF --> <p class="quick"> <input class="button1" type="submit" name="update" value="{L_DELETE}" /> diff --git a/phpBB/develop/create_schema_files.php b/phpBB/develop/create_schema_files.php index 0515d801f2..87670722aa 100644 --- a/phpBB/develop/create_schema_files.php +++ b/phpBB/develop/create_schema_files.php @@ -926,7 +926,7 @@ function get_schema_struct() $schema_data['phpbb_bbcodes'] = array( 'COLUMNS' => array( - 'bbcode_id' => array('TINT:3', 0), + 'bbcode_id' => array('USINT', 0), 'bbcode_tag' => array('VCHAR:16', ''), 'bbcode_helpline' => array('VCHAR_UNI', ''), 'display_on_posting' => array('BOOL', 0), diff --git a/phpBB/develop/mysql_upgrader.php b/phpBB/develop/mysql_upgrader.php index 57230339e8..70c8173a32 100644 --- a/phpBB/develop/mysql_upgrader.php +++ b/phpBB/develop/mysql_upgrader.php @@ -21,6 +21,7 @@ die("Please read the first lines of this script for instructions on how to enable it"); define('IN_PHPBB', true); +$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './'; $phpEx = substr(strrchr(__FILE__, '.'), 1); include($phpbb_root_path . 'common.' . $phpEx); @@ -414,7 +415,7 @@ function get_schema_struct() $schema_data['phpbb_bbcodes'] = array( 'COLUMNS' => array( - 'bbcode_id' => array('TINT:3', 0), + 'bbcode_id' => array('USINT', 0), 'bbcode_tag' => array('VCHAR:16', ''), 'bbcode_helpline' => array('VCHAR_UNI', ''), 'display_on_posting' => array('BOOL', 0), diff --git a/phpBB/download/file.php b/phpBB/download/file.php index f5a766dd57..e1ec835b9b 100644 --- a/phpBB/download/file.php +++ b/phpBB/download/file.php @@ -125,11 +125,13 @@ $user->setup('viewtopic'); if (!$download_id) { + send_status_line(404, 'Not Found'); trigger_error('NO_ATTACHMENT_SELECTED'); } if (!$config['allow_attachments'] && !$config['allow_pm_attach']) { + send_status_line(404, 'Not Found'); trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED'); } @@ -142,11 +144,13 @@ $db->sql_freeresult($result); if (!$attachment) { + send_status_line(404, 'Not Found'); trigger_error('ERROR_NO_ATTACHMENT'); } if ((!$attachment['in_message'] && !$config['allow_attachments']) || ($attachment['in_message'] && !$config['allow_pm_attach'])) { + send_status_line(404, 'Not Found'); trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED'); } @@ -159,6 +163,7 @@ if ($attachment['is_orphan']) if (!$own_attachment || ($attachment['in_message'] && !$auth->acl_get('u_pm_download')) || (!$attachment['in_message'] && !$auth->acl_get('u_download'))) { + send_status_line(404, 'Not Found'); trigger_error('ERROR_NO_ATTACHMENT'); } @@ -191,6 +196,7 @@ else } else { + send_status_line(403, 'Forbidden'); trigger_error('SORRY_AUTH_VIEW_ATTACH'); } } @@ -231,6 +237,7 @@ else $extensions = array(); if (!extension_allowed($row['forum_id'], $attachment['extension'], $extensions)) { + send_status_line(404, 'Forbidden'); trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension'])); } } @@ -253,6 +260,7 @@ $db->sql_freeresult($result); if (!$attachment) { + send_status_line(404, 'Not Found'); trigger_error('ERROR_NO_ATTACHMENT'); } @@ -295,6 +303,7 @@ else // This presenting method should no longer be used if (!@is_dir($phpbb_root_path . $config['upload_path'])) { + send_status_line(500, 'Internal Server Error'); trigger_error($user->lang['PHYSICAL_DOWNLOAD_NOT_POSSIBLE']); } @@ -419,6 +428,7 @@ function send_file_to_browser($attachment, $upload_dir, $category) if (!@file_exists($filename)) { + send_status_line(404, 'Not Found'); trigger_error($user->lang['ERROR_NO_ATTACHMENT'] . '<br /><br />' . sprintf($user->lang['FILE_NOT_FOUND_404'], $filename)); } @@ -445,9 +455,11 @@ function send_file_to_browser($attachment, $upload_dir, $category) // PHP track_errors setting On? if (!empty($php_errormsg)) { + send_status_line(500, 'Internal Server Error'); trigger_error($user->lang['UNABLE_TO_DELIVER_FILE'] . '<br />' . sprintf($user->lang['TRACKED_PHP_ERROR'], $php_errormsg)); } + send_status_line(500, 'Internal Server Error'); trigger_error('UNABLE_TO_DELIVER_FILE'); } diff --git a/phpBB/includes/acp/acp_bbcodes.php b/phpBB/includes/acp/acp_bbcodes.php index 2b706394c4..0644b38eb1 100644 --- a/phpBB/includes/acp/acp_bbcodes.php +++ b/phpBB/includes/acp/acp_bbcodes.php @@ -213,7 +213,7 @@ class acp_bbcodes $bbcode_id = NUM_CORE_BBCODES + 1; } - if ($bbcode_id > 1511) + if ($bbcode_id > BBCODE_LIMIT) { trigger_error($user->lang['TOO_MANY_BBCODES'] . adm_back_link($this->u_action), E_USER_WARNING); } diff --git a/phpBB/includes/acp/acp_main.php b/phpBB/includes/acp/acp_main.php index b8712b2a3d..60cebe3c08 100644 --- a/phpBB/includes/acp/acp_main.php +++ b/phpBB/includes/acp/acp_main.php @@ -529,7 +529,7 @@ class acp_main ); $log_data = array(); - $log_count = 0; + $log_count = false; if ($auth->acl_get('a_viewlogs')) { diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php index 2ccc728031..0f157ceff3 100644 --- a/phpBB/includes/acp/acp_styles.php +++ b/phpBB/includes/acp/acp_styles.php @@ -1587,23 +1587,23 @@ parse_css_file = {PARSE_CSS_FILE} { case 'style': $sql_from = STYLES_TABLE; - $sql_select = 'style_name'; + $sql_select = 'style_id, style_name, template_id, theme_id, imageset_id'; $sql_where = 'AND style_active = 1'; break; case 'template': $sql_from = STYLES_TEMPLATE_TABLE; - $sql_select = 'template_name, template_path, template_storedb'; + $sql_select = 'template_id, template_name, template_path, template_storedb'; break; case 'theme': $sql_from = STYLES_THEME_TABLE; - $sql_select = 'theme_name, theme_path, theme_storedb'; + $sql_select = 'theme_id, theme_name, theme_path, theme_storedb'; break; case 'imageset': $sql_from = STYLES_IMAGESET_TABLE; - $sql_select = 'imageset_name, imageset_path'; + $sql_select = 'imageset_id, imageset_name, imageset_path'; break; } @@ -1633,37 +1633,14 @@ parse_css_file = {PARSE_CSS_FILE} trigger_error($user->lang['NO_' . $l_prefix] . adm_back_link($this->u_action), E_USER_WARNING); } - $sql = "SELECT {$mode}_id, {$mode}_name - FROM $sql_from - WHERE {$mode}_id <> $style_id - $sql_where - ORDER BY {$mode}_name ASC"; - $result = $db->sql_query($sql); - - $s_options = ''; - - if ($row = $db->sql_fetchrow($result)) - { - do - { - $s_options .= '<option value="' . $row[$mode . '_id'] . '">' . $row[$mode . '_name'] . '</option>'; - } - while ($row = $db->sql_fetchrow($result)); - } - else - { - trigger_error($user->lang['ONLY_' . $l_prefix] . adm_back_link($this->u_action), E_USER_WARNING); - } - $db->sql_freeresult($result); - if ($update) { - $sql = "DELETE FROM $sql_from - WHERE {$mode}_id = $style_id"; - $db->sql_query($sql); - if ($mode == 'style') { + $sql = "DELETE FROM $sql_from + WHERE {$mode}_id = $style_id"; + $db->sql_query($sql); + $sql = 'UPDATE ' . USERS_TABLE . " SET user_style = $new_id WHERE user_style = $style_id"; @@ -1678,19 +1655,19 @@ parse_css_file = {PARSE_CSS_FILE} { set_config('default_style', $new_id); } + + // Remove the components + $components = array('template', 'theme', 'imageset'); + foreach ($components as $component) + { + $new_id = request_var('new_' . $component . '_id', 0); + $component_id = $style_row[$component . '_id']; + $this->remove_component($component, $component_id, $new_id, $style_id); + } } else { - if ($mode == 'imageset') - { - $sql = 'DELETE FROM ' . STYLES_IMAGESET_DATA_TABLE . " - WHERE imageset_id = $style_id"; - $db->sql_query($sql); - } - $sql = 'UPDATE ' . STYLES_TABLE . " - SET {$mode}_id = $new_id - WHERE {$mode}_id = $style_id"; - $db->sql_query($sql); + $this->remove_component($mode, $style_id, $new_id); } $cache->destroy('sql', STYLES_TABLE); @@ -1700,11 +1677,12 @@ parse_css_file = {PARSE_CSS_FILE} trigger_error($user->lang[$message] . adm_back_link($this->u_action)); } + $this->display_component_options($mode, $style_row[$mode . '_id'], $style_row); + $this->page_title = 'DELETE_' . $l_prefix; $template->assign_vars(array( 'S_DELETE' => true, - 'S_REPLACE_OPTIONS' => $s_options, 'L_TITLE' => $user->lang[$this->page_title], 'L_EXPLAIN' => $user->lang[$this->page_title . '_EXPLAIN'], @@ -1718,6 +1696,202 @@ parse_css_file = {PARSE_CSS_FILE} 'NAME' => $style_row[$mode . '_name'], ) ); + + if ($mode == 'style') + { + $template->assign_vars(array( + 'S_DELETE_STYLE' => true, + )); + } + } + + /** + * Remove template/theme/imageset entry from the database + */ + function remove_component($component, $component_id, $new_id, $style_id = false) + { + global $db; + + if (($new_id == 0) || ($component === 'template' && ($conflicts = $this->check_inheritance($component, $component_id)))) + { + // We can not delete the template, as the user wants to keep the component or an other template is inheriting from this one. + return; + } + + $component_in_use = array(); + if ($component != 'style') + { + $component_in_use = $this->component_in_use($component, $component_id, $style_id); + } + + if (($new_id == -1) && !empty($component_in_use)) + { + // We can not delete the component, as it is still in use + return; + } + + if ($component == 'imageset') + { + $sql = 'DELETE FROM ' . STYLES_IMAGESET_DATA_TABLE . " + WHERE imageset_id = $component_id"; + $db->sql_query($sql); + } + + switch ($component) + { + case 'template': + $sql_from = STYLES_TEMPLATE_TABLE; + break; + + case 'theme': + $sql_from = STYLES_THEME_TABLE; + break; + + case 'imageset': + $sql_from = STYLES_IMAGESET_TABLE;; + break; + } + + $sql = "DELETE FROM $sql_from + WHERE {$component}_id = $component_id"; + $db->sql_query($sql); + + $sql = 'UPDATE ' . STYLES_TABLE . " + SET {$component}_id = $new_id + WHERE {$component}_id = $component_id"; + $db->sql_query($sql); + } + + /** + * Display the options which can be used to replace a style/template/theme/imageset + */ + function display_component_options($component, $component_id, $style_row = false, $style_id = false) + { + global $db, $template, $user; + + $component_in_use = array(); + if ($component != 'style') + { + $component_in_use = $this->component_in_use($component, $component_id, $style_id); + } + + $sql_where = ''; + switch ($component) + { + case 'style': + $sql_from = STYLES_TABLE; + $sql_where = 'WHERE style_active = 1'; + break; + + case 'template': + $sql_from = STYLES_TEMPLATE_TABLE; + $sql_where = 'WHERE template_inherits_id <> ' . $component_id; + break; + + case 'theme': + $sql_from = STYLES_THEME_TABLE; + break; + + case 'imageset': + $sql_from = STYLES_IMAGESET_TABLE; + break; + } + + $s_options = ''; + if (($component != 'style') && empty($component_in_use)) + { + $sql = "SELECT {$component}_id, {$component}_name + FROM $sql_from + WHERE {$component}_id = {$component_id}"; + $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + $s_options .= '<option value="-1" selected="selected">' . $user->lang['DELETE_' . strtoupper($component)] . '</option>'; + $s_options .= '<option value="0">' . sprintf($user->lang['KEEP_' . strtoupper($component)], $row[$component . '_name']) . '</option>'; + } + else + { + $sql = "SELECT {$component}_id, {$component}_name + FROM $sql_from + $sql_where + ORDER BY {$component}_name ASC"; + $result = $db->sql_query($sql); + + $s_keep_option = $s_options = ''; + while ($row = $db->sql_fetchrow($result)) + { + if ($row[$component . '_id'] != $component_id) + { + $s_options .= '<option value="' . $row[$component . '_id'] . '">' . sprintf($user->lang['REPLACE_WITH_OPTION'], $row[$component . '_name']) . '</option>'; + } + else if ($component != 'style') + { + $s_keep_option = '<option value="0" selected="selected">' . sprintf($user->lang['KEEP_' . strtoupper($component)], $row[$component . '_name']) . '</option>'; + } + } + $db->sql_freeresult($result); + $s_options = $s_keep_option . $s_options; + } + + if (!$style_row) + { + $template->assign_var('S_REPLACE_' . strtoupper($component) . '_OPTIONS', $s_options); + } + else + { + $template->assign_var('S_REPLACE_OPTIONS', $s_options); + if ($component == 'style') + { + $components = array('template', 'theme', 'imageset'); + foreach ($components as $component) + { + $this->display_component_options($component, $style_row[$component . '_id'], false, $component_id, true); + } + } + } + } + + /** + * Check whether the component is still used by another style or component + */ + function component_in_use($component, $component_id, $style_id = false) + { + global $db; + + $component_in_use = array(); + + if ($style_id) + { + $sql = 'SELECT style_id, style_name + FROM ' . STYLES_TABLE . " + WHERE {$component}_id = {$component_id} + AND style_id <> {$style_id} + ORDER BY style_name ASC"; + } + else + { + $sql = 'SELECT style_id, style_name + FROM ' . STYLES_TABLE . " + WHERE {$component}_id = {$component_id} + ORDER BY style_name ASC"; + } + $result = $db->sql_query($sql); + while ($row = $db->sql_fetchrow($result)) + { + $component_in_use[] = $row['style_name']; + } + $db->sql_freeresult($result); + + if ($component === 'template' && ($conflicts = $this->check_inheritance($component, $component_id))) + { + foreach ($conflicts as $temp_id => $conflict_data) + { + $component_in_use[] = $conflict_data['template_name']; + } + } + + return $component_in_use; } /** diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index 90440f74b8..ea34eb8e81 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -173,6 +173,9 @@ define('BBCODE_UID_LEN', 8); // Number of core BBCodes define('NUM_CORE_BBCODES', 12); +// BBCode hard limit +define('BBCODE_LIMIT', 1511); + // Smiley hard limit define('SMILEY_LIMIT', 1000); diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php index 2aa12adb2e..cb0cf34e69 100644 --- a/phpBB/includes/functions_admin.php +++ b/phpBB/includes/functions_admin.php @@ -2506,6 +2506,7 @@ function cache_moderators() /** * View log +* If $log_count is set to false, we will skip counting all entries in the database. */ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id = 0, $topic_id = 0, $user_id = 0, $limit_days = 0, $sort_by = 'l.log_time DESC', $keywords = '') { @@ -2761,16 +2762,19 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id } } - $sql = 'SELECT COUNT(l.log_id) AS total_entries - FROM ' . LOG_TABLE . ' l, ' . USERS_TABLE . " u - WHERE l.log_type = $log_type - AND l.user_id = u.user_id - AND l.log_time >= $limit_days - $sql_keywords - $sql_forum"; - $result = $db->sql_query($sql); - $log_count = (int) $db->sql_fetchfield('total_entries'); - $db->sql_freeresult($result); + if ($log_count !== false) + { + $sql = 'SELECT COUNT(l.log_id) AS total_entries + FROM ' . LOG_TABLE . ' l, ' . USERS_TABLE . " u + WHERE l.log_type = $log_type + AND l.user_id = u.user_id + AND l.log_time >= $limit_days + $sql_keywords + $sql_forum"; + $result = $db->sql_query($sql); + $log_count = (int) $db->sql_fetchfield('total_entries'); + $db->sql_freeresult($result); + } return; } diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index 72331a73c6..271039f415 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -1479,7 +1479,7 @@ function delete_post($forum_id, $topic_id, $post_id, &$data) break; case 'delete_first_post': - $sql = 'SELECT p.post_id, p.poster_id, p.post_username, u.username, u.user_colour + $sql = 'SELECT p.post_id, p.poster_id, p.post_time, p.post_username, u.username, u.user_colour FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . " u WHERE p.topic_id = $topic_id AND p.poster_id = u.user_id @@ -1493,7 +1493,7 @@ function delete_post($forum_id, $topic_id, $post_id, &$data) $sql_data[FORUMS_TABLE] = ($data['post_approved']) ? 'forum_posts = forum_posts - 1' : ''; } - $sql_data[TOPICS_TABLE] = 'topic_poster = ' . intval($row['poster_id']) . ', topic_first_post_id = ' . intval($row['post_id']) . ", topic_first_poster_colour = '" . $db->sql_escape($row['user_colour']) . "', topic_first_poster_name = '" . (($row['poster_id'] == ANONYMOUS) ? $db->sql_escape($row['post_username']) : $db->sql_escape($row['username'])) . "'"; + $sql_data[TOPICS_TABLE] = 'topic_poster = ' . intval($row['poster_id']) . ', topic_first_post_id = ' . intval($row['post_id']) . ", topic_first_poster_colour = '" . $db->sql_escape($row['user_colour']) . "', topic_first_poster_name = '" . (($row['poster_id'] == ANONYMOUS) ? $db->sql_escape($row['post_username']) : $db->sql_escape($row['username'])) . "', topic_time = " . (int) $row['post_time']; // Decrementing topic_replies here is fine because this case only happens if there is more than one post within the topic - basically removing one "reply" $sql_data[TOPICS_TABLE] .= ', topic_replies_real = topic_replies_real - 1' . (($data['post_approved']) ? ', topic_replies = topic_replies - 1' : ''); diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 90341cd926..0420aa70ab 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -482,44 +482,6 @@ function user_delete($mode, $user_id, $post_username = false) include($phpbb_root_path . 'includes/functions_admin.' . $phpEx); } - $sql = 'SELECT topic_id, COUNT(post_id) AS total_posts - FROM ' . POSTS_TABLE . " - WHERE poster_id = $user_id - GROUP BY topic_id"; - $result = $db->sql_query($sql); - - $topic_id_ary = array(); - while ($row = $db->sql_fetchrow($result)) - { - $topic_id_ary[$row['topic_id']] = $row['total_posts']; - } - $db->sql_freeresult($result); - - if (sizeof($topic_id_ary)) - { - $sql = 'SELECT topic_id, topic_replies, topic_replies_real - FROM ' . TOPICS_TABLE . ' - WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary)); - $result = $db->sql_query($sql); - - $del_topic_ary = array(); - while ($row = $db->sql_fetchrow($result)) - { - if (max($row['topic_replies'], $row['topic_replies_real']) + 1 == $topic_id_ary[$row['topic_id']]) - { - $del_topic_ary[] = $row['topic_id']; - } - } - $db->sql_freeresult($result); - - if (sizeof($del_topic_ary)) - { - $sql = 'DELETE FROM ' . TOPICS_TABLE . ' - WHERE ' . $db->sql_in_set('topic_id', $del_topic_ary); - $db->sql_query($sql); - } - } - // Delete posts, attachments, etc. delete_posts('poster_id', $user_id); diff --git a/phpBB/includes/mcp/mcp_front.php b/phpBB/includes/mcp/mcp_front.php index 50e14b9336..af262baa29 100644 --- a/phpBB/includes/mcp/mcp_front.php +++ b/phpBB/includes/mcp/mcp_front.php @@ -350,7 +350,7 @@ function mcp_front_view($id, $mode, $action) // Add forum_id 0 for global announcements $forum_list[] = 0; - $log_count = 0; + $log_count = false; $log = array(); view_log('mod', $log, $log_count, 5, 0, $forum_list); diff --git a/phpBB/includes/mcp/mcp_post.php b/phpBB/includes/mcp/mcp_post.php index 7098b4bbce..de7f3e63ee 100644 --- a/phpBB/includes/mcp/mcp_post.php +++ b/phpBB/includes/mcp/mcp_post.php @@ -227,10 +227,10 @@ function mcp_post_details($id, $mode, $action) // Get User Notes $log_data = array(); - $log_count = 0; + $log_count = false; view_log('user', $log_data, $log_count, $config['posts_per_page'], 0, 0, 0, $post_info['user_id']); - if ($log_count) + if (!empty($log_data)) { $template->assign_var('S_USER_NOTES', true); diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 1dc854caf2..d803f8d799 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -583,6 +583,13 @@ class session $bot = false; } + // Bot user, if they have a SID in the Request URI we need to get rid of it + // otherwise they'll index this page with the SID, duplicate content oh my! + if ($bot && isset($_GET['sid'])) + { + redirect(build_url(array('sid'))); + } + // If no data was returned one or more of the following occurred: // Key didn't match one in the DB // User does not exist @@ -619,12 +626,6 @@ class session } else { - // Bot user, if they have a SID in the Request URI we need to get rid of it - // otherwise they'll index this page with the SID, duplicate content oh my! - if (isset($_GET['sid'])) - { - redirect(build_url(array('sid'))); - } $this->data['session_last_visit'] = $this->time_now; } diff --git a/phpBB/install/database_update.php b/phpBB/install/database_update.php index 4d3d51923b..01048520d2 100644 --- a/phpBB/install/database_update.php +++ b/phpBB/install/database_update.php @@ -227,7 +227,7 @@ if (empty($config['dbms_version'])) set_config('dbms_version', $db->sql_server_info(true)); } -// Firebird update from Firebord 2.0 to 2.1+ required? +// Firebird update from Firebird 2.0 to 2.1+ required? if ($db->sql_layer == 'firebird') { // We do not trust any PHP5 function enabled, we will simply test for a function new in 2.1 @@ -916,8 +916,15 @@ function database_update_info() '3.0.7-PL1' => array(), // No changes from 3.0.8-RC1 to 3.0.8 '3.0.8-RC1' => array(), - // No changes from 3.0.8 to 3.0.9-RC1 - '3.0.8' => array(), + + // Changes from 3.0.8 to 3.0.9-RC1 + '3.0.8' => array( + 'change_columns' => array( + BBCODES_TABLE => array( + 'bbcode_id' => array('USINT', 0), + ), + ), + ), ); } diff --git a/phpBB/install/schemas/mysql_40_schema.sql b/phpBB/install/schemas/mysql_40_schema.sql index 19b1b4f0f7..eeaec4ccf6 100644 --- a/phpBB/install/schemas/mysql_40_schema.sql +++ b/phpBB/install/schemas/mysql_40_schema.sql @@ -110,7 +110,7 @@ CREATE TABLE phpbb_banlist ( # Table: 'phpbb_bbcodes' CREATE TABLE phpbb_bbcodes ( - bbcode_id tinyint(3) DEFAULT '0' NOT NULL, + bbcode_id smallint(4) UNSIGNED DEFAULT '0' NOT NULL, bbcode_tag varbinary(16) DEFAULT '' NOT NULL, bbcode_helpline blob NOT NULL, display_on_posting tinyint(1) UNSIGNED DEFAULT '0' NOT NULL, diff --git a/phpBB/install/schemas/mysql_41_schema.sql b/phpBB/install/schemas/mysql_41_schema.sql index 3b70630a9e..3a3b4ab2fd 100644 --- a/phpBB/install/schemas/mysql_41_schema.sql +++ b/phpBB/install/schemas/mysql_41_schema.sql @@ -110,7 +110,7 @@ CREATE TABLE phpbb_banlist ( # Table: 'phpbb_bbcodes' CREATE TABLE phpbb_bbcodes ( - bbcode_id tinyint(3) DEFAULT '0' NOT NULL, + bbcode_id smallint(4) UNSIGNED DEFAULT '0' NOT NULL, bbcode_tag varchar(16) DEFAULT '' NOT NULL, bbcode_helpline varchar(255) DEFAULT '' NOT NULL, display_on_posting tinyint(1) UNSIGNED DEFAULT '0' NOT NULL, diff --git a/phpBB/install/schemas/oracle_schema.sql b/phpBB/install/schemas/oracle_schema.sql index d577fce46c..9c25af2512 100644 --- a/phpBB/install/schemas/oracle_schema.sql +++ b/phpBB/install/schemas/oracle_schema.sql @@ -254,7 +254,7 @@ END; Table: 'phpbb_bbcodes' */ CREATE TABLE phpbb_bbcodes ( - bbcode_id number(3) DEFAULT '0' NOT NULL, + bbcode_id number(4) DEFAULT '0' NOT NULL, bbcode_tag varchar2(16) DEFAULT '' , bbcode_helpline varchar2(765) DEFAULT '' , display_on_posting number(1) DEFAULT '0' NOT NULL, diff --git a/phpBB/install/schemas/postgres_schema.sql b/phpBB/install/schemas/postgres_schema.sql index 50b3979adb..a2d4dc3e0b 100644 --- a/phpBB/install/schemas/postgres_schema.sql +++ b/phpBB/install/schemas/postgres_schema.sql @@ -213,7 +213,7 @@ CREATE INDEX phpbb_banlist_ban_ip ON phpbb_banlist (ban_ip, ban_exclude); Table: 'phpbb_bbcodes' */ CREATE TABLE phpbb_bbcodes ( - bbcode_id INT2 DEFAULT '0' NOT NULL, + bbcode_id INT2 DEFAULT '0' NOT NULL CHECK (bbcode_id >= 0), bbcode_tag varchar(16) DEFAULT '' NOT NULL, bbcode_helpline varchar(255) DEFAULT '' NOT NULL, display_on_posting INT2 DEFAULT '0' NOT NULL CHECK (display_on_posting >= 0), diff --git a/phpBB/install/schemas/sqlite_schema.sql b/phpBB/install/schemas/sqlite_schema.sql index 7ee821d395..8661bb7578 100644 --- a/phpBB/install/schemas/sqlite_schema.sql +++ b/phpBB/install/schemas/sqlite_schema.sql @@ -108,7 +108,7 @@ CREATE INDEX phpbb_banlist_ban_ip ON phpbb_banlist (ban_ip, ban_exclude); # Table: 'phpbb_bbcodes' CREATE TABLE phpbb_bbcodes ( - bbcode_id tinyint(3) NOT NULL DEFAULT '0', + bbcode_id INTEGER UNSIGNED NOT NULL DEFAULT '0', bbcode_tag varchar(16) NOT NULL DEFAULT '', bbcode_helpline varchar(255) NOT NULL DEFAULT '', display_on_posting INTEGER UNSIGNED NOT NULL DEFAULT '0', diff --git a/phpBB/language/en/acp/styles.php b/phpBB/language/en/acp/styles.php index f161a7e6e6..8f65b3ef5f 100644 --- a/phpBB/language/en/acp/styles.php +++ b/phpBB/language/en/acp/styles.php @@ -78,7 +78,7 @@ $lang = array_merge($lang, array( 'DELETE_IMAGESET' => 'Delete imageset', 'DELETE_IMAGESET_EXPLAIN' => 'Here you can remove the selected imageset from the database. Please note that there is no undo capability. It is recommended that you first export your set for possible future use.', 'DELETE_STYLE' => 'Delete style', - 'DELETE_STYLE_EXPLAIN' => 'Here you can remove the selected style. You cannot remove all the style elements from here. These must be deleted individually via their respective forms. Take care when deleting styles, there is no undo facility.', + 'DELETE_STYLE_EXPLAIN' => 'Here you can remove the selected style. Take care in deleting styles, there is no undo capability.', 'DELETE_TEMPLATE' => 'Delete template', 'DELETE_TEMPLATE_EXPLAIN' => 'Here you can remove the selected template set from the database. Please note that there is no undo capability. It is recommended that you first export your set for possible future use.', 'DELETE_THEME' => 'Delete theme', @@ -285,11 +285,14 @@ $lang = array_merge($lang, array( 'INSTALLED_TEMPLATE' => 'Installed templates', 'INSTALLED_THEME' => 'Installed themes', + 'KEEP_IMAGESET' => 'Keep "%s" imageset', + 'KEEP_TEMPLATE' => 'Keep "%s" template', + 'KEEP_THEME' => 'Keep "%s" theme', + 'LINE_SPACING' => 'Line spacing', 'LOCALISED_IMAGES' => 'Localised', 'LOCATION_DISABLED_EXPLAIN' => 'This setting is inherited and cannot be changed.', - 'NO_CLASS' => 'Cannot find class in stylesheet.', 'NO_IMAGESET' => 'Cannot find imageset on filesystem.', 'NO_IMAGE' => 'No image', @@ -322,6 +325,7 @@ $lang = array_merge($lang, array( 'REPLACE_TEMPLATE_EXPLAIN' => 'This template set will replace the one you are deleting in any styles that use it.', 'REPLACE_THEME' => 'Replace theme with', 'REPLACE_THEME_EXPLAIN' => 'This theme will replace the one you are deleting in any styles that use it.', + 'REPLACE_WITH_OPTION' => 'Replace with "%s"', 'REQUIRES_IMAGESET' => 'This style requires the %s imageset to be installed.', 'REQUIRES_TEMPLATE' => 'This style requires the %s template set to be installed.', 'REQUIRES_THEME' => 'This style requires the %s theme to be installed.', diff --git a/phpBB/styles/prosilver/template/mcp_post.html b/phpBB/styles/prosilver/template/mcp_post.html index 04e24cd1f9..9d4997e576 100644 --- a/phpBB/styles/prosilver/template/mcp_post.html +++ b/phpBB/styles/prosilver/template/mcp_post.html @@ -72,8 +72,8 @@ <form method="post" id="mcp_approve" action="{U_APPROVE_ACTION}"> <p class="rules"> - <input class="button1" type="submit" value="{L_APPROVE}" name="action[approve]" /> - <input class="button2" type="submit" value="{L_DISAPPROVE}" name="action[disapprove]" /> + <input class="button2" type="submit" value="{L_DISAPPROVE}" name="action[disapprove]" /> + <input class="button1" type="submit" value="{L_APPROVE}" name="action[approve]" /> <input type="hidden" name="post_id_list[]" value="{POST_ID}" /> {S_FORM_TOKEN} </p> diff --git a/phpBB/styles/prosilver/theme/colours.css b/phpBB/styles/prosilver/theme/colours.css index 3f215def72..f7747ba73c 100644 --- a/phpBB/styles/prosilver/theme/colours.css +++ b/phpBB/styles/prosilver/theme/colours.css @@ -652,7 +652,7 @@ fieldset.polls dd div { } .online { - background-image: url("{T_IMAGESET_LANG_PATH}/icon_user_online.gif"); + background-image: url("{IMG_ICON_USER_ONLINE_SRC}"); } /* diff --git a/tests/mock/session_testable.php b/tests/mock/session_testable.php index 0d4642d372..47089cb94b 100644 --- a/tests/mock/session_testable.php +++ b/tests/mock/session_testable.php @@ -10,6 +10,13 @@ require_once dirname(__FILE__) . '/../../phpBB/includes/functions.php'; require_once dirname(__FILE__) . '/../../phpBB/includes/session.php'; +/** +* Extends the session class to overwrite the setting of cookies. +* +* The session class directly writes cookie headers making it impossible to +* test it without warnings about sent headers. This class only stores cookie +* data for later verification. +*/ class phpbb_mock_session_testable extends session { private $_cookies = array(); diff --git a/tests/session/continue_test.php b/tests/session/continue_test.php index ac682e06ac..06b03f5780 100644 --- a/tests/session/continue_test.php +++ b/tests/session/continue_test.php @@ -2,13 +2,13 @@ /** * * @package testing -* @copyright (c) 2008 phpBB Group +* @copyright (c) 2011 phpBB Group * @license http://opensource.org/licenses/gpl-license.php GNU Public License * */ require_once dirname(__FILE__) . '/../mock/cache.php'; -require_once dirname(__FILE__) . '/../mock/session_testable.php'; +require_once dirname(__FILE__) . '/testable_factory.php'; class phpbb_session_continue_test extends phpbb_database_test_case { @@ -22,16 +22,16 @@ class phpbb_session_continue_test extends phpbb_database_test_case global $_SID; return array( array( - 'bar_session', '4', 'user agent', + 'bar_session', '4', 'user agent', '127.0.0.1', array( array('session_id' => 'anon_session', 'session_user_id' => 1), array('session_id' => 'bar_session', 'session_user_id' => 4) ), array(), - 'Check if no new session was created', + 'If a request comes with a valid session id with matching user agent and IP, no new session should be created.', ), array( - 'anon_session', '4', 'user agent', + 'anon_session', '4', 'user agent', '127.0.0.1', array( array('session_id' => 'bar_session', 'session_user_id' => 4), array('session_id' => null, 'session_user_id' => 1) // use generated SID @@ -41,7 +41,7 @@ class phpbb_session_continue_test extends phpbb_database_test_case 'k' => array(null, null), 'sid' => array($_SID, null), ), - 'Check if an anonymous new session was created', + 'If a request comes with a valid session id and IP but different user id and user agent, a new anonymous session is created and the session matching the supplied session id is deleted.', ), ); } @@ -49,29 +49,25 @@ class phpbb_session_continue_test extends phpbb_database_test_case /** * @dataProvider session_begin_attempts */ - public function test_session_begin_valid_session($session_id, $user_id, $user_agent, $expected_sessions, $expected_cookies, $message) + public function test_session_begin_valid_session($session_id, $user_id, $user_agent, $ip, $expected_sessions, $expected_cookies, $message) { - $this->markTestIncomplete('Test needs to be fixed'); - - $session = new phpbb_mock_session_testable; - $session->page = array('page' => 'page', 'forum' => 0); - - // set up all the global variables used in session_create - global $SID, $_SID, $db, $config, $cache; - - $config = $this->get_config(); $db = $this->new_dbal(); - $cache_data = array( - '_bots' => array(), - ); - $cache = new phpbb_mock_cache; - $SID = $_SID = null; + $session_factory = new phpbb_session_testable_factory; + $session_factory->set_cookies(array( + '_sid' => $session_id, + '_u' => $user_id, + )); + $session_factory->merge_config_data(array( + 'session_length' => time(), // need to do this to allow sessions started at time 0 + )); + $session_factory->merge_server_data(array( + 'HTTP_USER_AGENT' => $user_agent, + 'REMOTE_ADDR' => $ip, + )); - $_COOKIE['_sid'] = $session_id; - $_COOKIE['_u'] = $user_id; - $_SERVER['HTTP_USER_AGENT'] = $user_agent; + $session = $session_factory->get_session($db); + $session->page = array('page' => 'page', 'forum' => 0); - $config['session_length'] = time(); // need to do this to allow sessions started at time 0 $session->session_begin(); $sql = 'SELECT session_id, session_user_id @@ -94,26 +90,7 @@ class phpbb_session_continue_test extends phpbb_database_test_case $session->check_cookies($this, $expected_cookies); - $cache->check($this, $cache_data); - } - static public function get_config() - { - return array( - 'allow_autologin' => false, - 'auth_method' => 'db', - 'forwarded_for_check' => true, - 'active_sessions' => 0, // disable - 'rand_seed' => 'foo', - 'rand_seed_last_update' => 0, - 'max_autologin_time' => 0, - 'session_length' => 100, - 'form_token_lifetime' => 100, - 'cookie_name' => '', - 'limit_load' => 0, - 'limit_search_load' => 0, - 'ip_check' => 3, - 'browser_check' => 1, - ); + $session_factory->check($this); } } diff --git a/tests/session/fixtures/sessions_empty.xml b/tests/session/fixtures/sessions_empty.xml index 66fa585b18..f94337314e 100644 --- a/tests/session/fixtures/sessions_empty.xml +++ b/tests/session/fixtures/sessions_empty.xml @@ -16,4 +16,10 @@ <value>bar</value> </row> </table> + <table name="phpbb_sessions"> + <column>session_id</column> + <column>session_user_id</column> + <column>session_ip</column> + <column>session_browser</column> + </table> </dataset> diff --git a/tests/session/init_test.php b/tests/session/init_test.php index ccb0554409..1181fab636 100644 --- a/tests/session/init_test.php +++ b/tests/session/init_test.php @@ -2,13 +2,13 @@ /** * * @package testing -* @copyright (c) 2008 phpBB Group +* @copyright (c) 2011 phpBB Group * @license http://opensource.org/licenses/gpl-license.php GNU Public License * */ require_once dirname(__FILE__) . '/../mock/cache.php'; -require_once dirname(__FILE__) . '/../mock/session_testable.php'; +require_once dirname(__FILE__) . '/testable_factory.php'; class phpbb_session_init_test extends phpbb_database_test_case { @@ -21,21 +21,11 @@ class phpbb_session_init_test extends phpbb_database_test_case public function test_login_session_create() { - $this->markTestIncomplete('Test fails when run as part of the test suite'); - - $session = new phpbb_mock_session_testable; - $session->page = array('page' => 'page', 'forum' => 0); - - // set up all the global variables used in session_create - global $SID, $_SID, $db, $config, $cache; - - $config = $this->get_config(); $db = $this->new_dbal(); - $cache_data = array( - '_bots' => array(), - ); - $cache = new phpbb_mock_cache; - $SID = $_SID = null; + $session_factory = new phpbb_session_testable_factory; + + $session = $session_factory->get_session($db); + $session->page = array('page' => 'page', 'forum' => 0); $session->session_create(3); @@ -48,30 +38,19 @@ class phpbb_session_init_test extends phpbb_database_test_case 'Check if exacly one session for user id 3 was created' ); - $cookie_expire = $session->time_now + (($config['max_autologin_time']) ? 86400 * (int) $config['max_autologin_time'] : 31536000); + $cookie_expire = $session->time_now + 31536000; // default is one year $session->check_cookies($this, array( 'u' => array(null, $cookie_expire), 'k' => array(null, $cookie_expire), - 'sid' => array($_SID, $cookie_expire), + 'sid' => array($session->session_id, $cookie_expire), )); - $cache->check($this, $cache_data); - } + global $SID, $_SID; + $this->assertEquals($session->session_id, $_SID); + $this->assertEquals('?sid=' . $session->session_id, $SID); - static public function get_config() - { - return array( - 'allow_autologin' => false, - 'auth_method' => 'db', - 'forwarded_for_check' => true, - 'active_sessions' => 0, // disable - 'rand_seed' => 'foo', - 'rand_seed_last_update' => 0, - 'max_autologin_time' => 0, - 'session_length' => 100, - 'form_token_lifetime' => 100, - ); + $session_factory->check($this); } } diff --git a/tests/session/testable_factory.php b/tests/session/testable_factory.php new file mode 100644 index 0000000000..f3ef19a257 --- /dev/null +++ b/tests/session/testable_factory.php @@ -0,0 +1,171 @@ +<?php +/** +* +* @package testing +* @copyright (c) 2011 phpBB Group +* @license http://opensource.org/licenses/gpl-license.php GNU Public License +* +*/ + +require_once dirname(__FILE__) . '/../mock/session_testable.php'; + +/** +* This class exists to setup an instance of phpbb's session class for testing. +* +* The session class has rather complex dependencies, so in order to make its +* tests more * understandable and to make its dependencies more visible this +* factory class sets up all the necessary global state & variable contents. +*/ +class phpbb_session_testable_factory +{ + protected $config_data; + protected $cache_data; + protected $cookies; + + protected $config; + protected $cache; + + /** + * Initialises the factory with a set of default config and cache values. + */ + public function __construct() + { + // default configuration values + $this->config_data = array( + 'allow_autologin' => false, + 'auth_method' => 'db', + 'forwarded_for_check' => true, + 'active_sessions' => 0, // disable + 'rand_seed' => 'foo', + 'rand_seed_last_update' => 0, + 'max_autologin_time' => 0, + 'session_length' => 100, + 'form_token_lifetime' => 100, + 'cookie_name' => '', + 'limit_load' => 0, + 'limit_search_load' => 0, + 'ip_check' => 3, + 'browser_check' => 1, + ); + + $this->cache_data = array( + '_bots' => array(), + ); + + $this->cookies = array(); + + $this->server_data = $_SERVER; + } + + /** + * Retrieve the configured session class instance + * + * @param dbal $dbal The database connection to use for session data + * @return phpbb_mock_session_testable A session instance + */ + public function get_session(dbal $dbal) + { + // set up all the global variables used by session + global $SID, $_SID, $db, $config, $cache; + + $config = $this->config = $this->get_config_data(); + $db = $dbal; + + $cache = $this->cache = new phpbb_mock_cache($this->get_cache_data()); + $SID = $_SID = null; + + $_COOKIE = $this->cookies; + $_SERVER = $this->server_data; + + $session = new phpbb_mock_session_testable; + return $session; + } + + /** + * Set the cookies which should be present in the request data. + * + * @param array $cookies The cookie data, structured like $_COOKIE contents. + */ + public function set_cookies(array $cookies) + { + $this->cookies = $cookies; + } + + /** + * Check if the cache used for the generated session contains correct data. + * + * @param PHPUnit_Framework_Assert $test The test case to call assert methods + * on + */ + public function check(PHPUnit_Framework_Assert $test) + { + $this->cache->check($test, $this->get_cache_data()); + } + + /** + * Merge config data with the current config data to be supplied to session. + * + * New values overwrite new ones. + * + * @param array $config_data The config data to merge with previous data + */ + public function merge_config_data(array $config_data) + { + $this->config_data = array_merge($this->config_data, $config_data); + } + + /** + * Retrieve the entire config data to be passed to the session. + * + * @return array Configuration + */ + public function get_config_data() + { + return $this->config_data; + } + + /** + * Merge the cache contents with more data. + * + * New values overwrite old ones. + * + * @param array $cache_data The additional cache data + */ + public function merge_cache_data(array $cache_data) + { + $this->cache_data = array_merge($this->cache_data, $cache_data); + } + + /** + * Retrieve the entire cache data to be passed to the session. + * + * @return array Cache contents + */ + public function get_cache_data() + { + return $this->cache_data; + } + + /** + * Merge the current server info ($_SERVER) with more data. + * + * New values overwrite old ones. + * + * @param array $server_data The additional server variables + */ + public function merge_server_data($server_data) + { + return $this->server_data = array_merge($this->server_data, $server_data); + } + + /** + * Retrieve all server variables to be passed to the session. + * + * @return array Server variables + */ + public function get_server_data() + { + return $this->server_data; + } +} + diff --git a/tests/test_framework/phpbb_database_test_connection_manager.php b/tests/test_framework/phpbb_database_test_connection_manager.php index 6c06857fbc..a7559e2183 100644 --- a/tests/test_framework/phpbb_database_test_connection_manager.php +++ b/tests/test_framework/phpbb_database_test_connection_manager.php @@ -123,7 +123,7 @@ class phpbb_database_test_connection_manager try { - $this->pdo->exec('DROP DATABASE ' . $config['dbname']); + $this->pdo->exec('DROP DATABASE ' . $this->config['dbname']); } catch (PDOException $e) { |