diff options
30 files changed, 295 insertions, 385 deletions
diff --git a/phpBB/download/file.php b/phpBB/download/file.php index a521f413ed..984de2165f 100644 --- a/phpBB/download/file.php +++ b/phpBB/download/file.php @@ -139,11 +139,7 @@ if (isset($_GET['avatar'])) include($phpbb_root_path . 'common.' . $phpEx); require($phpbb_root_path . 'includes/functions_download' . '.' . $phpEx); -$download_id = request_var('id', 0); -$topic_id = $request->variable('topic_id', 0); -$post_id = $request->variable('post_id', 0); -$msg_id = $request->variable('msg_id', 0); -$archive = $request->variable('archive', '.tar'); +$attach_id = request_var('id', 0); $mode = request_var('mode', ''); $thumbnail = request_var('t', false); @@ -158,27 +154,7 @@ if (!$config['allow_attachments'] && !$config['allow_pm_attach']) trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED'); } -if ($download_id) -{ - // Attachment id (only 1 attachment) - $sql_where = 'attach_id = ' . $download_id; -} -else if ($msg_id) -{ - // Private message id (multiple attachments) - $sql_where = 'is_orphan = 0 AND in_message = 1 AND post_msg_id = ' . $msg_id; -} -else if ($post_id) -{ - // Post id (multiple attachments) - $sql_where = 'is_orphan = 0 AND in_message = 0 AND post_msg_id = ' . $post_id; -} -else if ($topic_id) -{ - // Topic id (multiple attachments) - $sql_where = 'is_orphan = 0 AND topic_id = ' . $topic_id; -} -else +if (!$attach_id) { send_status_line(404, 'Not Found'); trigger_error('NO_ATTACHMENT_SELECTED'); @@ -186,25 +162,12 @@ else $sql = 'SELECT attach_id, post_msg_id, topic_id, in_message, poster_id, is_orphan, physical_filename, real_filename, extension, mimetype, filesize, filetime FROM ' . ATTACHMENTS_TABLE . " - WHERE $sql_where"; + WHERE attach_id = $attach_id"; $result = $db->sql_query($sql); - -$attachments = $attachment_ids = array(); -while ($row = $db->sql_fetchrow($result)) -{ - $attachment_id = (int) $row['attach_id']; - - $row['physical_filename'] = utf8_basename($row['physical_filename']); - - $attachment_ids[$attachment_id] = $attachment_id; - $attachments[$attachment_id] = $row; -} +$attachment = $db->sql_fetchrow($result); $db->sql_freeresult($result); -// Make $attachment the first of the attachments we fetched. -$attachment = current($attachments); - -if (empty($attachments)) +if (!$attachment) { send_status_line(404, 'Not Found'); trigger_error('ERROR_NO_ATTACHMENT'); @@ -214,9 +177,9 @@ else if (!download_allowed()) send_status_line(403, 'Forbidden'); trigger_error($user->lang['LINKAGE_FORBIDDEN']); } -else if ($download_id) +else { - // sizeof($attachments) == 1 + $attachment['physical_filename'] = utf8_basename($attachment['physical_filename']); if (!$attachment['in_message'] && !$config['allow_attachments'] || $attachment['in_message'] && !$config['allow_pm_attach']) { @@ -323,142 +286,3 @@ else if ($download_id) } } } -else -{ - // sizeof($attachments) >= 1 - if ($attachment['in_message']) - { - phpbb_download_handle_pm_auth($db, $auth, $user->data['user_id'], $attachment['post_msg_id']); - } - else - { - phpbb_download_handle_forum_auth($db, $auth, $attachment['topic_id']); - } - - if (!class_exists('compress')) - { - require $phpbb_root_path . 'includes/functions_compress.' . $phpEx; - } - - if (!in_array($archive, compress::methods())) - { - $archive = '.tar'; - } - - $post_visibility = array(); - if ($msg_id) - { - $sql = 'SELECT message_subject AS attach_subject - FROM ' . PRIVMSGS_TABLE . " - WHERE msg_id = $msg_id"; - } - else if ($post_id) - { - $sql = 'SELECT post_subject AS attach_subject, forum_id, post_visibility - FROM ' . POSTS_TABLE . " - WHERE post_id = $post_id"; - } - else - { - $sql = 'SELECT post_id, post_visibility - FROM ' . POSTS_TABLE . " - WHERE topic_id = $topic_id - AND post_attachment = 1"; - $result = $db->sql_query($sql); - while ($row = $db->sql_fetchrow($result)) - { - $post_visibility[(int) $row['post_id']] = (int) $row['post_visibility']; - } - $db->sql_freeresult($result); - - $sql = 'SELECT topic_title AS attach_subject, forum_id - FROM ' . TOPICS_TABLE . " - WHERE topic_id = $topic_id"; - } - - $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); - - if (empty($row)) - { - send_status_line(404, 'Not Found'); - trigger_error('ERROR_NO_ATTACHMENT'); - } - - $clean_name = phpbb_download_clean_filename($row['attach_subject']); - $suffix = '_' . (($msg_id) ? 'm' . $msg_id : (($post_id) ? 'p' . $post_id : 't' . $topic_id)) . '_' . $clean_name; - $archive_name = 'attachments' . $suffix; - - $store_name = 'att_' . time() . '_' . unique_id(); - $archive_path = "{$phpbb_root_path}store/{$store_name}{$archive}"; - - if ($archive === '.zip') - { - $compress = new compress_zip('w', $archive_path); - } - else - { - $compress = new compress_tar('w', $archive_path, $archive); - } - - $extensions = array(); - $files_added = 0; - $forum_id = ($attachment['in_message']) ? false : (int) $row['forum_id']; - $disallowed_extension = array(); - - foreach ($attachments as $attach) - { - if (!extension_allowed($forum_id, $attach['extension'], $extensions)) - { - $disallowed_extension[$attach['extension']] = $attach['extension']; - continue; - } - - if ($post_id && $row['post_visibility'] != ITEM_APPROVED && !$auth->acl_get('m_approve', $forum_id)) - { - // Attachment of a soft deleted post and the user is not allowed to see the post - continue; - } - - if ($topic_id && (!isset($post_visibility[$attach['post_msg_id']]) || $post_visibility[$attach['post_msg_id']] != ITEM_APPROVED) && !$auth->acl_get('m_approve', $forum_id)) - { - // Attachment of a soft deleted post and the user is not allowed to see the post - continue; - } - - $prefix = ''; - if ($topic_id) - { - $prefix = $attach['post_msg_id'] . '_'; - } - - $compress->add_custom_file("{$phpbb_root_path}files/{$attach['physical_filename']}", "{$prefix}{$attach['real_filename']}"); - $files_added++; - } - - $compress->close(); - - if ($files_added) - { - phpbb_increment_downloads($db, $attachment_ids); - $compress->download($store_name, $archive_name); - } - - unlink($archive_path); - - if (!$files_added && !empty($disallowed_extension)) - { - // None of the attachments had a valid extension - $disallowed_extension = implode($user->lang['COMMA_SEPARATOR'], $disallowed_extension); - send_status_line(403, 'Forbidden'); - trigger_error($user->lang('EXTENSION_DISABLED_AFTER_POSTING', $disallowed_extension)); - } - else if (!$files_added) - { - send_status_line(404, 'Not Found'); - trigger_error('ERROR_NO_ATTACHMENT'); - } - - file_gc(); -} diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 4318b20b97..bd0a5795b1 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -5095,9 +5095,10 @@ function phpbb_check_and_display_sql_report(\phpbb\request\request_interface $re * @param \phpbb\config\config $config Config object * @param \phpbb\auth\auth $auth Auth object * @param \phpbb\user $user User object +* @param \phpbb\event\dispatcher_interface $phpbb_dispatcher Event dispatcher * @return string */ -function phpbb_generate_debug_output(phpbb\db\driver\driver_interface $db, \phpbb\config\config $config, \phpbb\auth\auth $auth, \phpbb\user $user) +function phpbb_generate_debug_output(\phpbb\db\driver\driver_interface $db, \phpbb\config\config $config, \phpbb\auth\auth $auth, \phpbb\user $user, \phpbb\event\dispatcher_interface $phpbb_dispatcher) { $debug_info = array(); @@ -5136,6 +5137,17 @@ function phpbb_generate_debug_output(phpbb\db\driver\driver_interface $db, \phpb } } + /** + * Modify debug output information + * + * @event core.phpbb_generate_debug_output + * @var array debug_info Array of strings with debug information + * + * @since 3.1.0-RC3 + */ + $vars = array('debug_info'); + extract($phpbb_dispatcher->trigger_event('core.phpbb_generate_debug_output', compact($vars))); + return implode(' | ', $debug_info); } @@ -5174,7 +5186,7 @@ function page_footer($run_cron = true, $display_template = true, $exit_handler = phpbb_check_and_display_sql_report($request, $auth, $db); $template->assign_vars(array( - 'DEBUG_OUTPUT' => phpbb_generate_debug_output($db, $config, $auth, $user), + 'DEBUG_OUTPUT' => phpbb_generate_debug_output($db, $config, $auth, $user, $phpbb_dispatcher), 'TRANSLATION_INFO' => (!empty($user->lang['TRANSLATION_INFO'])) ? $user->lang['TRANSLATION_INFO'] : '', 'CREDIT_LINE' => $user->lang('POWERED_BY', '<a href="https://www.phpbb.com/">phpBB</a>® Forum Software © phpBB Limited'), diff --git a/phpBB/includes/functions_acp.php b/phpBB/includes/functions_acp.php index abf726581d..dc3d745d53 100644 --- a/phpBB/includes/functions_acp.php +++ b/phpBB/includes/functions_acp.php @@ -149,7 +149,7 @@ function adm_page_footer($copyright_html = true) phpbb_check_and_display_sql_report($request, $auth, $db); $template->assign_vars(array( - 'DEBUG_OUTPUT' => phpbb_generate_debug_output($db, $config, $auth, $user), + 'DEBUG_OUTPUT' => phpbb_generate_debug_output($db, $config, $auth, $user, $phpbb_dispatcher), 'TRANSLATION_INFO' => (!empty($user->lang['TRANSLATION_INFO'])) ? $user->lang['TRANSLATION_INFO'] : '', 'S_COPYRIGHT_HTML' => $copyright_html, 'CREDIT_LINE' => $user->lang('POWERED_BY', '<a href="https://www.phpbb.com/">phpBB</a>® Forum Software © phpBB Limited'), diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php index 62f218cf60..78137d075b 100644 --- a/phpBB/includes/functions_display.php +++ b/phpBB/includes/functions_display.php @@ -1421,44 +1421,6 @@ function get_user_rank($user_rank, $user_posts, &$rank_title, &$rank_img, &$rank } /** -* Generate a list of archive types available for compressing attachments -* -* @param string $param_key Either topic_id or post_id -* @param string $param_val The value of the topic or post id -* @param string $phpbb_root_path The root path of the phpBB installation -* @param string $phpEx The PHP file extension -* -* @return array Array containing the link and the type of compression -*/ -function phpbb_gen_download_links($param_key, $param_val, $phpbb_root_path, $phpEx) -{ - if (!class_exists('compress')) - { - require $phpbb_root_path . 'includes/functions_compress.' . $phpEx; - } - - $methods = compress::methods(); - // Sort by preferred type. - $methods = array_intersect(array('.zip', '.tar.bz2', '.tar.gz', '.tar'), $methods); - $links = array(); - - foreach ($methods as $method) - { - $exploded = explode('.', $method); - $type = array_pop($exploded); - $params = array('archive' => $method); - $params[$param_key] = $param_val; - - $links[] = array( - 'LINK' => append_sid("{$phpbb_root_path}download/file.$phpEx", $params), - 'TYPE' => $type, - ); - } - - return $links; -} - -/** * Prepare profile data */ function phpbb_show_profile($data, $user_notes_enabled = false, $warn_user_enabled = false) diff --git a/phpBB/includes/functions_download.php b/phpBB/includes/functions_download.php index 7a7efd5b34..4ff3994f4c 100644 --- a/phpBB/includes/functions_download.php +++ b/phpBB/includes/functions_download.php @@ -718,27 +718,6 @@ function phpbb_download_check_pm_auth($db, $user_id, $msg_id) } /** -* Cleans a filename of any characters that could potentially cause a problem on -* a user's filesystem. -* -* @param string $filename The filename to clean -* -* @return string The cleaned filename -*/ -function phpbb_download_clean_filename($filename) -{ - $bad_chars = array("'", "\\", ' ', '/', ':', '*', '?', '"', '<', '>', '|'); - - // rawurlencode to convert any potentially 'bad' characters that we missed - $filename = rawurlencode(str_replace($bad_chars, '_', $filename)); - - // Turn the %xx entities created by rawurlencode to _ - $filename = preg_replace("/%(\w{2})/", '_', $filename); - - return $filename; -} - -/** * Check if the browser is internet explorer version 7+ * * @param string $user_agent User agent HTTP header diff --git a/phpBB/includes/ucp/ucp_pm_viewmessage.php b/phpBB/includes/ucp/ucp_pm_viewmessage.php index 94383b935f..d5a1dbae87 100644 --- a/phpBB/includes/ucp/ucp_pm_viewmessage.php +++ b/phpBB/includes/ucp/ucp_pm_viewmessage.php @@ -250,7 +250,6 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) 'U_PM_ACTION' => $url . '&mode=compose&f=' . $folder_id . '&p=' . $message_row['msg_id'], 'S_HAS_ATTACHMENTS' => (sizeof($attachments)) ? true : false, - 'S_HAS_MULTIPLE_ATTACHMENTS' => (sizeof($attachments) > 1), 'S_DISPLAY_NOTICE' => $display_notice && $message_row['message_attachment'], 'S_AUTHOR_DELETED' => ($author_id == ANONYMOUS) ? true : false, 'S_SPECIAL_FOLDER' => in_array($folder_id, array(PRIVMSGS_NO_BOX, PRIVMSGS_OUTBOX)), @@ -339,12 +338,6 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) // Display not already displayed Attachments for this post, we already parsed them. ;) if (isset($attachments) && sizeof($attachments)) { - $methods = phpbb_gen_download_links('msg_id', $msg_id, $phpbb_root_path, $phpEx); - foreach ($methods as $method) - { - $template->assign_block_vars('dl_method', $method); - } - foreach ($attachments as $attachment) { $template->assign_block_vars('attachment', array( diff --git a/phpBB/install/schemas/schema.json b/phpBB/install/schemas/schema.json index 1a9b9b62b7..4e014c77ed 100644 --- a/phpBB/install/schemas/schema.json +++ b/phpBB/install/schemas/schema.json @@ -2711,8 +2711,9 @@ 0 ], "topic_first_poster_name": [ - "VCHAR_UNI", - "" + "VCHAR_UNI:255", + "", + "true_sort" ], "topic_first_poster_colour": [ "VCHAR:6", diff --git a/phpBB/language/en/common.php b/phpBB/language/en/common.php index a58aec43cd..4ce69e0b85 100644 --- a/phpBB/language/en/common.php +++ b/phpBB/language/en/common.php @@ -191,8 +191,6 @@ $lang = array_merge($lang, array( 'DISPLAY_MESSAGES' => 'Display messages from previous', 'DISPLAY_POSTS' => 'Display posts from previous', 'DISPLAY_TOPICS' => 'Display topics from previous', - 'DOWNLOAD_ALL' => 'Download all', - 'DOWNLOAD_ALL_ATTACHMENTS' => 'Download all attachments', 'DOWNLOADED' => 'Downloaded', 'DOWNLOADING_FILE' => 'Downloading file', 'DOWNLOAD_COUNTS' => array( diff --git a/phpBB/phpbb/db/driver/driver.php b/phpBB/phpbb/db/driver/driver.php index 3e9110d8bc..9fc04d47a1 100644 --- a/phpBB/phpbb/db/driver/driver.php +++ b/phpBB/phpbb/db/driver/driver.php @@ -372,6 +372,17 @@ abstract class driver implements driver_interface /** * {@inheritDoc} */ + function sql_not_like_expression($expression) + { + $expression = utf8_str_replace(array('_', '%'), array("\_", "\%"), $expression); + $expression = utf8_str_replace(array(chr(0) . "\_", chr(0) . "\%"), array('_', '%'), $expression); + + return $this->_sql_not_like_expression('NOT LIKE \'' . $this->sql_escape($expression) . '\''); + } + + /** + * {@inheritDoc} + */ public function sql_case($condition, $action_true, $action_false = false) { $sql_case = 'CASE WHEN ' . $condition; diff --git a/phpBB/phpbb/db/driver/driver_interface.php b/phpBB/phpbb/db/driver/driver_interface.php index 6722d059a5..8b487c5d42 100644 --- a/phpBB/phpbb/db/driver/driver_interface.php +++ b/phpBB/phpbb/db/driver/driver_interface.php @@ -419,6 +419,16 @@ interface driver_interface public function sql_like_expression($expression); /** + * Correctly adjust NOT LIKE expression for special characters + * Some DBMS are handling them in a different way + * + * @param string $expression The expression to use. Every wildcard is + * escaped, except $this->any_char and $this->one_char + * @return string A SQL statement like: "NOT LIKE 'bertie_%'" + */ + public function sql_not_like_expression($expression); + + /** * Explain queries * * @param string $mode Available modes: display, start, stop, diff --git a/phpBB/phpbb/db/driver/factory.php b/phpBB/phpbb/db/driver/factory.php index f0fa18051b..fb3a826254 100644 --- a/phpBB/phpbb/db/driver/factory.php +++ b/phpBB/phpbb/db/driver/factory.php @@ -420,6 +420,14 @@ class factory implements driver_interface /** * {@inheritdoc} */ + public function sql_not_like_expression($expression) + { + return $this->get_driver()->sql_not_like_expression($expression); + } + + /** + * {@inheritdoc} + */ public function sql_report($mode, $query = '') { return $this->get_driver()->sql_report($mode, $query); diff --git a/phpBB/phpbb/db/driver/mssql.php b/phpBB/phpbb/db/driver/mssql.php index 268463a151..f9ea884ce2 100644 --- a/phpBB/phpbb/db/driver/mssql.php +++ b/phpBB/phpbb/db/driver/mssql.php @@ -351,6 +351,15 @@ class mssql extends \phpbb\db\driver\driver } /** + * Build NOT LIKE expression + * @access private + */ + function _sql_not_like_expression($expression) + { + return $expression . " ESCAPE '\\'"; + } + + /** * return sql error array * @access private */ diff --git a/phpBB/phpbb/db/driver/mssql_base.php b/phpBB/phpbb/db/driver/mssql_base.php index e7101903b8..514df9eaca 100644 --- a/phpBB/phpbb/db/driver/mssql_base.php +++ b/phpBB/phpbb/db/driver/mssql_base.php @@ -52,6 +52,15 @@ abstract class mssql_base extends \phpbb\db\driver\driver } /** + * Build NOT LIKE expression + * @access private + */ + function _sql_not_like_expression($expression) + { + return $expression . " ESCAPE '\\'"; + } + + /** * Build db-specific query data * @access private */ diff --git a/phpBB/phpbb/db/driver/mysql_base.php b/phpBB/phpbb/db/driver/mysql_base.php index e7c9b63f20..5e0b359134 100644 --- a/phpBB/phpbb/db/driver/mysql_base.php +++ b/phpBB/phpbb/db/driver/mysql_base.php @@ -112,6 +112,15 @@ abstract class mysql_base extends \phpbb\db\driver\driver } /** + * Build NOT LIKE expression + * @access private + */ + function _sql_not_like_expression($expression) + { + return $expression; + } + + /** * Build db-specific query data * @access private */ diff --git a/phpBB/phpbb/db/driver/oracle.php b/phpBB/phpbb/db/driver/oracle.php index d1a186f1ba..6dcab5dd7d 100644 --- a/phpBB/phpbb/db/driver/oracle.php +++ b/phpBB/phpbb/db/driver/oracle.php @@ -645,6 +645,15 @@ class oracle extends \phpbb\db\driver\driver return $expression . " ESCAPE '\\'"; } + /** + * Build NOT LIKE expression + * @access private + */ + function _sql_not_like_expression($expression) + { + return $expression . " ESCAPE '\\'"; + } + function _sql_custom_build($stage, $data) { return $data; diff --git a/phpBB/phpbb/db/driver/postgres.php b/phpBB/phpbb/db/driver/postgres.php index 83e9fa51f6..a3b9aa4c6b 100644 --- a/phpBB/phpbb/db/driver/postgres.php +++ b/phpBB/phpbb/db/driver/postgres.php @@ -371,6 +371,15 @@ class postgres extends \phpbb\db\driver\driver } /** + * Build NOT LIKE expression + * @access private + */ + function _sql_not_like_expression($expression) + { + return $expression; + } + + /** * {@inheritDoc} */ function cast_expr_to_bigint($expression) diff --git a/phpBB/phpbb/db/driver/sqlite.php b/phpBB/phpbb/db/driver/sqlite.php index 2112e5ba2f..d5da0e2438 100644 --- a/phpBB/phpbb/db/driver/sqlite.php +++ b/phpBB/phpbb/db/driver/sqlite.php @@ -277,7 +277,7 @@ class sqlite extends \phpbb\db\driver\driver */ function sql_like_expression($expression) { - // Unlike LIKE, GLOB is case sensitive (unfortunatly). SQLite users need to live with it! + // Unlike LIKE, GLOB is unfortunately case sensitive. // We only catch * and ? here, not the character map possible on file globbing. $expression = str_replace(array(chr(0) . '_', chr(0) . '%'), array(chr(0) . '?', chr(0) . '*'), $expression); @@ -288,6 +288,23 @@ class sqlite extends \phpbb\db\driver\driver } /** + * {@inheritDoc} + * + * For SQLite an underscore is a not-known character... + */ + function sql_not_like_expression($expression) + { + // Unlike NOT LIKE, NOT GLOB is unfortunately case sensitive. + // We only catch * and ? here, not the character map possible on file globbing. + $expression = str_replace(array(chr(0) . '_', chr(0) . '%'), array(chr(0) . '?', chr(0) . '*'), $expression); + + $expression = str_replace(array('?', '*'), array("\?", "\*"), $expression); + $expression = str_replace(array(chr(0) . "\?", chr(0) . "\*"), array('?', '*'), $expression); + + return 'NOT GLOB \'' . $this->sql_escape($expression) . '\''; + } + + /** * return sql error array * @access private */ diff --git a/phpBB/phpbb/db/driver/sqlite3.php b/phpBB/phpbb/db/driver/sqlite3.php index 0922229e0a..4e3e0d3329 100644 --- a/phpBB/phpbb/db/driver/sqlite3.php +++ b/phpBB/phpbb/db/driver/sqlite3.php @@ -260,11 +260,11 @@ class sqlite3 extends \phpbb\db\driver\driver /** * {@inheritDoc} * - * For SQLite an underscore is a not-known character... + * For SQLite an underscore is an unknown character. */ public function sql_like_expression($expression) { - // Unlike LIKE, GLOB is case sensitive (unfortunatly). SQLite users need to live with it! + // Unlike LIKE, GLOB is unfortunately case sensitive. // We only catch * and ? here, not the character map possible on file globbing. $expression = str_replace(array(chr(0) . '_', chr(0) . '%'), array(chr(0) . '?', chr(0) . '*'), $expression); @@ -275,6 +275,23 @@ class sqlite3 extends \phpbb\db\driver\driver } /** + * {@inheritDoc} + * + * For SQLite an underscore is an unknown character. + */ + public function sql_not_like_expression($expression) + { + // Unlike NOT LIKE, NOT GLOB is unfortunately case sensitive + // We only catch * and ? here, not the character map possible on file globbing. + $expression = str_replace(array(chr(0) . '_', chr(0) . '%'), array(chr(0) . '?', chr(0) . '*'), $expression); + + $expression = str_replace(array('?', '*'), array("\?", "\*"), $expression); + $expression = str_replace(array(chr(0) . "\?", chr(0) . "\*"), array('?', '*'), $expression); + + return 'NOT GLOB \'' . $this->sql_escape($expression) . '\''; + } + + /** * return sql error array * * @return array diff --git a/phpBB/phpbb/db/migration/data/v310/topic_sort_username.php b/phpBB/phpbb/db/migration/data/v310/topic_sort_username.php new file mode 100644 index 0000000000..527da20590 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v310/topic_sort_username.php @@ -0,0 +1,44 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v310; + +class topic_sort_username extends \phpbb\db\migration\migration +{ + static public function depends_on() + { + return array('\phpbb\db\migration\data\v310\dev'); + } + + public function update_schema() + { + return array( + 'change_columns' => array( + $this->table_prefix . 'topics' => array( + 'topic_first_poster_name' => array('VCHAR_UNI:255', '', 'true_sort'), + ), + ), + ); + } + + public function revert_schema() + { + return array( + 'change_columns' => array( + $this->table_prefix . 'topics' => array( + 'topic_first_poster_name' => array('VCHAR_UNI:255', ''), + ), + ), + ); + } +} diff --git a/phpBB/phpbb/profilefields/type/type_googleplus.php b/phpBB/phpbb/profilefields/type/type_googleplus.php index 887baa3de1..e6729b1935 100644 --- a/phpBB/phpbb/profilefields/type/type_googleplus.php +++ b/phpBB/phpbb/profilefields/type/type_googleplus.php @@ -40,7 +40,7 @@ class type_googleplus extends type_string 'field_length' => 20, 'field_minlen' => 3, 'field_maxlen' => 255, - 'field_validation' => '[\w]+', + 'field_validation' => '(?:(?!\.{2,})([^<>=+]))+', 'field_novalue' => '', 'field_default_value' => '', ); diff --git a/phpBB/styles/prosilver/template/ajax.js b/phpBB/styles/prosilver/template/ajax.js index 649a384418..63efe5f8ae 100644 --- a/phpBB/styles/prosilver/template/ajax.js +++ b/phpBB/styles/prosilver/template/ajax.js @@ -134,6 +134,11 @@ phpbb.markNotifications = function(el, unreadCount) { if (!unreadCount) { $('#mark_all_notifications').remove(); } + + // Update page title + $('title').text( + (unreadCount ? '(' + unreadCount + ')' : '') + $('title').text().replace(/(\(([0-9])\))/, '') + ); }; // This callback finds the post from the delete link, and removes it. diff --git a/phpBB/styles/prosilver/template/ucp_pm_viewmessage.html b/phpBB/styles/prosilver/template/ucp_pm_viewmessage.html index 62993e9b4e..941541c582 100644 --- a/phpBB/styles/prosilver/template/ucp_pm_viewmessage.html +++ b/phpBB/styles/prosilver/template/ucp_pm_viewmessage.html @@ -113,16 +113,6 @@ <dl class="attachbox"> <dt> {L_ATTACHMENTS} - <!-- IF S_HAS_MULTIPLE_ATTACHMENTS --> - <div class="dl_links"> - <strong>{L_DOWNLOAD_ALL}{L_COLON}</strong> - <ul> - <!-- BEGIN dl_method --> - <li>[ <a href="{dl_method.LINK}">{dl_method.TYPE}</a> ]</li> - <!-- END dl_method --> - </ul> - </div> - <!-- ENDIF --> </dt> <!-- BEGIN attachment --> <dd>{attachment.DISPLAY_ATTACHMENT}</dd> diff --git a/phpBB/styles/prosilver/template/viewtopic_body.html b/phpBB/styles/prosilver/template/viewtopic_body.html index 810c30ed15..ac9c9a362a 100644 --- a/phpBB/styles/prosilver/template/viewtopic_body.html +++ b/phpBB/styles/prosilver/template/viewtopic_body.html @@ -278,16 +278,6 @@ <dl class="attachbox"> <dt> {L_ATTACHMENTS} - <!-- IF postrow.S_MULTIPLE_ATTACHMENTS --> - <div class="dl_links"> - <strong>{L_DOWNLOAD_ALL}{L_COLON}</strong> - <ul> - <!-- BEGIN dl_method --> - <li>[ <a href="{postrow.dl_method.LINK}">{postrow.dl_method.TYPE}</a> ]</li> - <!-- END dl_method --> - </ul> - </div> - <!-- ENDIF --> </dt> <!-- BEGIN attachment --> <dd>{postrow.attachment.DISPLAY_ATTACHMENT}</dd> diff --git a/phpBB/styles/prosilver/template/viewtopic_topic_tools.html b/phpBB/styles/prosilver/template/viewtopic_topic_tools.html index 2a34ebd446..83904bf63d 100644 --- a/phpBB/styles/prosilver/template/viewtopic_topic_tools.html +++ b/phpBB/styles/prosilver/template/viewtopic_topic_tools.html @@ -18,18 +18,6 @@ <!-- IF U_BUMP_TOPIC --><li class="small-icon icon-bump"><a href="{U_BUMP_TOPIC}" title="{L_BUMP_TOPIC}" data-ajax="true">{L_BUMP_TOPIC}</a></li><!-- ENDIF --> <!-- IF U_EMAIL_TOPIC --><li class="small-icon icon-sendemail"><a href="{U_EMAIL_TOPIC}" title="{L_EMAIL_TOPIC}">{L_EMAIL_TOPIC}</a></li><!-- ENDIF --> <!-- IF U_PRINT_TOPIC --><li class="small-icon icon-print"><a href="{U_PRINT_TOPIC}" title="{L_PRINT_TOPIC}" accesskey="p">{L_PRINT_TOPIC}</a></li><!-- ENDIF --> - <!-- IF S_HAS_ATTACHMENTS --> - <li class="small-icon icon-download"> - <a class="dropdown-toggle-submenu" href="{U_DOWNLOAD_ALL_ATTACHMENTS}" title="{L_DOWNLOAD_ALL_ATTACHMENTS}">{L_DOWNLOAD_ALL_ATTACHMENTS}</a> - <ul class="dropdown-submenu hidden"> - <li> - <!-- BEGIN dl_method --> - <a href="{dl_method.LINK}">{dl_method.TYPE}</a><!-- IF not dl_method.S_LAST_ROW --> • <!-- ENDIF --> - <!-- END dl_method --> - </li> - </ul> - </li> - <!-- ENDIF --> <!-- EVENT viewtopic_topic_tools_after --> </ul> </div> diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index 50481302e6..8d7ab5323d 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -1392,17 +1392,6 @@ if (sizeof($attach_list)) } } -$methods = phpbb_gen_download_links('topic_id', $topic_id, $phpbb_root_path, $phpEx); -foreach ($methods as $method) -{ - $template->assign_block_vars('dl_method', $method); -} - -$template->assign_vars(array( - 'S_HAS_ATTACHMENTS' => $topic_data['topic_attachment'], - 'U_DOWNLOAD_ALL_ATTACHMENTS' => $methods[0]['LINK'], -)); - // Instantiate BBCode if need be if ($bbcode_bitfield !== '') { @@ -1420,6 +1409,7 @@ $i_total = sizeof($rowset) - 1; $prev_post_id = ''; $template->assign_vars(array( + 'S_HAS_ATTACHMENTS' => $topic_data['topic_attachment'], 'S_NUM_POSTS' => sizeof($post_list)) ); @@ -1918,12 +1908,6 @@ for ($i = 0, $end = sizeof($post_list); $i < $end; ++$i) 'DISPLAY_ATTACHMENT' => $attachment) ); } - - $methods = phpbb_gen_download_links('post_id', $row['post_id'], $phpbb_root_path, $phpEx); - foreach ($methods as $method) - { - $template->assign_block_vars('postrow.dl_method', $method); - } } $current_row_number = $i; diff --git a/tests/dbal/select_test.php b/tests/dbal/select_test.php index e480716a49..b7074552ba 100644 --- a/tests/dbal/select_test.php +++ b/tests/dbal/select_test.php @@ -233,6 +233,66 @@ class phpbb_dbal_select_test extends phpbb_database_test_case $db->sql_freeresult($result); } + public function not_like_expression_data() + { + // * = any_char; # = one_char + return array( + array('barfoo', array( + array('username_clean' => 'foobar'), + array('username_clean' => 'bertie') + )), + array('bar', array( + array('username_clean' => 'barfoo'), + array('username_clean' => 'foobar'), + array('username_clean' => 'bertie'), + )), + array('bar*', array( + array('username_clean' => 'foobar'), + array('username_clean' => 'bertie')) + ), + array('*bar*', array(array('username_clean' => 'bertie'))), + array('b*r', array( + array('username_clean' => 'barfoo'), + array('username_clean' => 'foobar'), + array('username_clean' => 'bertie') + )), + array('b*e', array( + array('username_clean' => 'barfoo'), + array('username_clean' => 'foobar') + )), + array('#b*e', array( + array('username_clean' => 'barfoo'), + array('username_clean' => 'foobar'), + array('username_clean' => 'bertie') + )), + array('b####e', array( + array('username_clean' => 'barfoo'), + array('username_clean' => 'foobar') + )), + ); + } + + /** + * @dataProvider not_like_expression_data + */ + public function test_not_like_expression($like_expression, $expected) + { + $db = $this->new_dbal(); + + $like_expression = str_replace('*', $db->get_any_char(), $like_expression); + $like_expression = str_replace('#', $db->get_one_char(), $like_expression); + $where = ($like_expression) ? 'username_clean ' . $db->sql_not_like_expression($like_expression) : ''; + + $result = $db->sql_query('SELECT username_clean + FROM phpbb_users + ' . (($where) ? ' WHERE ' . $where : '') . ' + ORDER BY user_id ASC'); + + $this->assertEquals($expected, $db->sql_fetchrowset($result)); + + $db->sql_freeresult($result); + } + public function in_set_data() { return array( diff --git a/tests/di/create_container_test.php b/tests/di/create_container_test.php index 559c0b122c..4ae6017989 100644 --- a/tests/di/create_container_test.php +++ b/tests/di/create_container_test.php @@ -191,6 +191,10 @@ namespace phpbb\db\driver { } + function sql_not_like_expression($expression) + { + } + function sql_fetchrowset($query_id = false) { return array( diff --git a/tests/functional/download_test.php b/tests/functional/download_test.php index 6a6df14c81..4e4995c21e 100644 --- a/tests/functional/download_test.php +++ b/tests/functional/download_test.php @@ -80,20 +80,6 @@ class phpbb_functional_download_test extends phpbb_functional_test_case 'attachments' => true, )); - // Download topic archive as guest - $crawler = self::request('GET', "download/file.php?archive=.zip&topic_id={$this->data['topics']['Download Topic #1']}", array(), false); - self::assert_response_status_code(200); - $content = self::$client->getResponse()->getContent(); - $finfo = new finfo(FILEINFO_MIME_TYPE); - self::assertEquals('application/zip', $finfo->buffer($content)); - - // Download post archive as guest - $crawler = self::request('GET', "download/file.php?archive=.zip&post_id={$this->data['posts']['Re: Download Topic #1-#2']}", array(), false); - self::assert_response_status_code(200); - $content = self::$client->getResponse()->getContent(); - $finfo = new finfo(FILEINFO_MIME_TYPE); - self::assertEquals('application/zip', $finfo->buffer($content)); - // Download attachment as guest $crawler = self::request('GET', "download/file.php?id={$this->data['attachments'][$this->data['posts']['Re: Download Topic #1-#2']]}", array(), false); self::assert_response_status_code(200); @@ -147,18 +133,6 @@ class phpbb_functional_download_test extends phpbb_functional_test_case )); $this->add_lang('viewtopic'); - // Download topic archive as guest: still works - $crawler = self::request('GET', "download/file.php?archive=.zip&topic_id={$this->data['topics']['Download Topic #1']}", array(), false); - self::assert_response_status_code(200); - $content = self::$client->getResponse()->getContent(); - $finfo = new finfo(FILEINFO_MIME_TYPE); - self::assertEquals('application/zip', $finfo->buffer($content)); - - // No download post archive as guest - $crawler = self::request('GET', "download/file.php?archive=.zip&post_id={$this->data['posts']['Re: Download Topic #1-#2']}", array(), false); - self::assert_response_html(404); - $this->assertContainsLang('ERROR_NO_ATTACHMENT', $crawler->filter('#message')->text()); - // No download attachment as guest $crawler = self::request('GET', "download/file.php?id={$this->data['attachments'][$this->data['posts']['Re: Download Topic #1-#2']]}", array(), false); self::assert_response_html(404); @@ -167,20 +141,6 @@ class phpbb_functional_download_test extends phpbb_functional_test_case // Login as admin and try again, should work now. $this->login(); - // Download topic archive as admin - $crawler = self::request('GET', "download/file.php?archive=.zip&topic_id={$this->data['topics']['Download Topic #1']}", array(), false); - self::assert_response_status_code(200); - $content = self::$client->getResponse()->getContent(); - $finfo = new finfo(FILEINFO_MIME_TYPE); - self::assertEquals('application/zip', $finfo->buffer($content)); - - // Download post archive as admin - $crawler = self::request('GET', "download/file.php?archive=.zip&post_id={$this->data['posts']['Re: Download Topic #1-#2']}", array(), false); - self::assert_response_status_code(200); - $content = self::$client->getResponse()->getContent(); - $finfo = new finfo(FILEINFO_MIME_TYPE); - self::assertEquals('application/zip', $finfo->buffer($content)); - // Download attachment as admin $crawler = self::request('GET', "download/file.php?id={$this->data['attachments'][$this->data['posts']['Re: Download Topic #1-#2']]}", array(), false); self::assert_response_status_code(200); @@ -235,16 +195,6 @@ class phpbb_functional_download_test extends phpbb_functional_test_case )); $this->add_lang('viewtopic'); - // Download topic archive as guest: still works - $crawler = self::request('GET', "download/file.php?archive=.zip&topic_id={$this->data['topics']['Download Topic #1']}", array(), false); - self::assert_response_html(404); - $this->assertContainsLang('ERROR_NO_ATTACHMENT', $crawler->filter('#message')->text()); - - // No download post archive as guest - $crawler = self::request('GET', "download/file.php?archive=.zip&post_id={$this->data['posts']['Re: Download Topic #1-#2']}", array(), false); - self::assert_response_html(404); - $this->assertContainsLang('ERROR_NO_ATTACHMENT', $crawler->filter('#message')->text()); - // No download attachment as guest $crawler = self::request('GET', "download/file.php?id={$this->data['attachments'][$this->data['posts']['Re: Download Topic #1-#2']]}", array(), false); self::assert_response_html(404); @@ -253,20 +203,6 @@ class phpbb_functional_download_test extends phpbb_functional_test_case // Login as admin and try again, should work now. $this->login(); - // Download topic archive as admin - $crawler = self::request('GET', "download/file.php?archive=.zip&topic_id={$this->data['topics']['Download Topic #1']}", array(), false); - self::assert_response_status_code(200); - $content = self::$client->getResponse()->getContent(); - $finfo = new finfo(FILEINFO_MIME_TYPE); - self::assertEquals('application/zip', $finfo->buffer($content)); - - // Download post archive as admin - $crawler = self::request('GET', "download/file.php?archive=.zip&post_id={$this->data['posts']['Re: Download Topic #1-#2']}", array(), false); - self::assert_response_status_code(200); - $content = self::$client->getResponse()->getContent(); - $finfo = new finfo(FILEINFO_MIME_TYPE); - self::assertEquals('application/zip', $finfo->buffer($content)); - // Download attachment as admin $crawler = self::request('GET', "download/file.php?id={$this->data['attachments'][$this->data['posts']['Re: Download Topic #1-#2']]}", array(), false); self::assert_response_status_code(200); diff --git a/tests/profilefields/type_googleplus_test.php b/tests/profilefields/type_googleplus_test.php index fdbdd86553..3e0af36a73 100644 --- a/tests/profilefields/type_googleplus_test.php +++ b/tests/profilefields/type_googleplus_test.php @@ -11,8 +11,27 @@ * */ +require_once __DIR__ . '/../../phpBB/includes/utf/utf_tools.php'; + class phpbb_profilefield_type_googleplus_test extends phpbb_test_case { + protected $field; + + public function setUp() + { + parent::setUp(); + + $user = new \phpbb\user(); + $user->add_lang('ucp'); + $request = $this->getMock('\phpbb\request\request'); + $template = $this->getMock('\phpbb\template\template'); + + $this->field = new \phpbb\profilefields\type\type_googleplus( + $request, + $template, + $user + ); + } public function get_profile_contact_value_data() { return array( @@ -36,16 +55,6 @@ class phpbb_profilefield_type_googleplus_test extends phpbb_test_case */ public function test_get_profile_contact_value($value, $field_options, $expected, $description) { - $user = $this->getMock('\phpbb\user'); - $request = $this->getMock('\phpbb\request\request'); - $template = $this->getMock('\phpbb\template\template'); - - $field = new \phpbb\profilefields\type\type_googleplus( - $request, - $template, - $user - ); - $default_field_options = array( 'field_type' => '\phpbb\profilefields\type\type_googleplus', 'field_name' => 'field', @@ -57,6 +66,29 @@ class phpbb_profilefield_type_googleplus_test extends phpbb_test_case ); $field_options = array_merge($default_field_options, $field_options); - $this->assertSame($expected, $field->get_profile_contact_value($value, $field_options), $description); + $this->assertSame($expected, $this->field->get_profile_contact_value($value, $field_options), $description); + } + + public function data_validate_googleplus() + { + return array( + array('foobar', false), + array('2342340929304', false), + array('foo<bar', 'The field “googleplus” has invalid characters.'), + array('klkd.klkl', false), + array('kl+', 'The field “googleplus” has invalid characters.'), + array('foo=bar', 'The field “googleplus” has invalid characters.'), + array('..foo', 'The field “googleplus” has invalid characters.'), + array('foo..bar', 'The field “googleplus” has invalid characters.'), + ); + } + + /** + * @dataProvider data_validate_googleplus + */ + public function test_validate_googleplus($input, $expected) + { + $field_data = array_merge(array('lang_name' => 'googleplus'), $this->field->get_default_option_values()); + $this->assertSame($expected, $this->field->validate_string_profile_field('string', $input, $field_data)); } } diff --git a/tests/test_framework/phpbb_functional_test_case.php b/tests/test_framework/phpbb_functional_test_case.php index 80e6293ff9..c131754d23 100644 --- a/tests/test_framework/phpbb_functional_test_case.php +++ b/tests/test_framework/phpbb_functional_test_case.php @@ -294,7 +294,7 @@ class phpbb_functional_test_case extends phpbb_test_case $parseURL = parse_url(self::$config['phpbb_functional_url']); - $crawler = self::request('GET', 'install/index.php?mode=install'); + $crawler = self::request('GET', 'install/index.php?mode=install&language=en'); self::assertContains('Welcome to Installation', $crawler->filter('#main')->text()); $form = $crawler->selectButton('submit')->form(); |