diff options
-rwxr-xr-x | phpBB/develop/adjust_avatars.php | 26 | ||||
-rw-r--r-- | phpBB/includes/auth.php | 12 | ||||
-rw-r--r-- | phpBB/includes/functions_user.php | 26 | ||||
-rw-r--r-- | phpBB/install/database_update.php | 40 | ||||
-rw-r--r-- | phpBB/style.php | 7 | ||||
-rw-r--r-- | phpBB/styles/prosilver/theme/common.css | 1 | ||||
-rw-r--r-- | phpBB/styles/prosilver/theme/links.css | 1 |
7 files changed, 76 insertions, 37 deletions
diff --git a/phpBB/develop/adjust_avatars.php b/phpBB/develop/adjust_avatars.php index f2d46e9a52..5133ed8081 100755 --- a/phpBB/develop/adjust_avatars.php +++ b/phpBB/develop/adjust_avatars.php @@ -32,8 +32,8 @@ if (!isset($config['avatar_salt'])) // let's start with the users using a group_avatar. $sql = 'SELECT group_id, group_avatar - FROM ' . GROUPS_TABLE . - ' WHERE group_avatar_type = ' . AVATAR_UPLOAD; + FROM ' . GROUPS_TABLE . ' + WHERE group_avatar_type = ' . AVATAR_UPLOAD; // We'll skip these, so remember them $group_avatars = array(); @@ -44,21 +44,20 @@ $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { - $new_avatar_name = adjust_avatar($row['group_avatar'], 'g' . $row['group_id']); $group_avatars[] = $new_avatar_name; // failure is probably due to the avatar name already being adjusted - if ($new_avatar_name !== false) + if ($new_avatar_name !== false) { $sql = 'UPDATE ' . USERS_TABLE . " - SET user_avatar = '$new_avatar_name' - WHERE user_avatar = '{$row['group_avatar']}' + SET user_avatar = '" . $db->sql_escape($new_avatar_name) . "' + WHERE user_avatar = '" . $db->sql_escape($row['group_avatar']) . "' AND user_avatar_type = " . AVATAR_UPLOAD; $db->sql_query($sql); $sql = 'UPDATE ' . GROUPS_TABLE . " - SET group_avatar = '$new_avatar_name' + SET group_avatar = '" . $db->sql_escape($new_avatar_name) . "' WHERE group_id = {$row['group_id']}"; $db->sql_query($sql); } @@ -66,7 +65,7 @@ while ($row = $db->sql_fetchrow($result)) { echo '<br /> Failed updating group ' . $row['group_id'] . "\n"; } - + if ($echos > 200) { echo '<br />' . "\n"; @@ -84,21 +83,19 @@ $sql = 'SELECT user_id, username, user_avatar, user_avatar_type FROM ' . USERS_TABLE . ' WHERE user_avatar_type = ' . AVATAR_UPLOAD . ' AND ' . $db->sql_in_set('user_avatar', $group_avatars, true, true); - $result = $db->sql_query($sql); - + echo '<br /> Updating users' . "\n"; while ($row = $db->sql_fetchrow($result)) { - $new_avatar_name = adjust_avatar($row['user_avatar'], $row['user_id']); - + // failure is probably due to the avatar name already being adjusted - if ($new_avatar_name !== false) + if ($new_avatar_name !== false) { $sql = 'UPDATE ' . USERS_TABLE . " - SET user_avatar = '$new_avatar_name' + SET user_avatar = '" . $db->sql_escape($new_avatar_name) . "' WHERE user_id = {$row['user_id']}"; $db->sql_query($sql); } @@ -139,4 +136,5 @@ function adjust_avatar($old_name, $midfix) } return false; } + ?>
\ No newline at end of file diff --git a/phpBB/includes/auth.php b/phpBB/includes/auth.php index de1b669eba..3b05652a87 100644 --- a/phpBB/includes/auth.php +++ b/phpBB/includes/auth.php @@ -486,8 +486,8 @@ class auth { global $db; - $sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? "user_id = $user_id" : $db->sql_in_set('user_id', $user_id)) : ''; - $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : ''; + $sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? 'user_id = ' . (int) $user_id : $db->sql_in_set('user_id', array_map('intval', $user_id))) : ''; + $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? 'AND a.forum_id = ' . (int) $forum_id : 'AND ' . $db->sql_in_set('a.forum_id', array_map('intval', $forum_id))) : ''; $sql_opts = ''; @@ -628,8 +628,8 @@ class auth { global $db; - $sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? "user_id = $user_id" : $db->sql_in_set('user_id', $user_id)) : ''; - $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : ''; + $sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? 'user_id = ' . (int) $user_id : $db->sql_in_set('user_id', array_map('intval', $user_id))) : ''; + $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? 'AND a.forum_id = ' . (int) $forum_id : 'AND ' . $db->sql_in_set('a.forum_id', array_map('intval', $forum_id))) : ''; $sql_opts = ''; @@ -682,8 +682,8 @@ class auth { global $db; - $sql_group = ($group_id !== false) ? ((!is_array($group_id)) ? "group_id = $group_id" : $db->sql_in_set('group_id', $group_id)) : ''; - $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : ''; + $sql_group = ($group_id !== false) ? ((!is_array($group_id)) ? 'group_id = ' . (int) $group_id : $db->sql_in_set('group_id', array_map('intval', $group_id))) : ''; + $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? 'AND a.forum_id = ' . (int) $forum_id : 'AND ' . $db->sql_in_set('a.forum_id', array_map('intval', $forum_id))) : ''; $sql_opts = ''; diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 457e286840..69990a9524 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -2468,27 +2468,32 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna return true; } - /** * A small version of validate_username to check for a group name's existence. To be called directly. */ -function group_validate_groupname($group_id, $groupname) +function group_validate_groupname($group_id, $group_name) { global $config, $db; - $groupname = utf8_clean_string($groupname); + $group_name = utf8_clean_string($group_name); if (!empty($group_id)) { $sql = 'SELECT group_name - FROM ' . GROUPS_TABLE . ' - WHERE group_id = ' . (int)$group_id; + FROM ' . GROUPS_TABLE . ' + WHERE group_id = ' . (int) $group_id; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); - - $allowed_groupname = utf8_clean_string($row['group_name']); - if ($allowed_groupname == $groupname) + + if (!$row) + { + return false; + } + + $allowed_groupname = utf8_clean_string($row['group_name']); + + if ($allowed_groupname == $group_name) { return false; } @@ -2496,7 +2501,7 @@ function group_validate_groupname($group_id, $groupname) $sql = 'SELECT group_name FROM ' . GROUPS_TABLE . " - WHERE LOWER(group_name) = '" . $db->sql_escape(utf8_strtolower($groupname)) . "'"; + WHERE LOWER(group_name) = '" . $db->sql_escape(utf8_strtolower($group_name)) . "'"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); @@ -2505,11 +2510,10 @@ function group_validate_groupname($group_id, $groupname) { return 'GROUP_NAME_TAKEN'; } + return false; } - - /** * Set users default group * diff --git a/phpBB/install/database_update.php b/phpBB/install/database_update.php index 82faa022ad..287379fcd8 100644 --- a/phpBB/install/database_update.php +++ b/phpBB/install/database_update.php @@ -60,6 +60,20 @@ require($phpbb_root_path . 'includes/constants.' . $phpEx); require($phpbb_root_path . 'includes/db/' . $dbms . '.' . $phpEx); require($phpbb_root_path . 'includes/utf/utf_tools.' . $phpEx); +// If we are on PHP >= 6.0.0 we do not need some code +if (version_compare(PHP_VERSION, '6.0.0-dev', '>=')) +{ + /** + * @ignore + */ + define('STRIP', false); +} +else +{ + set_magic_quotes_runtime(0); + define('STRIP', (get_magic_quotes_gpc()) ? true : false); +} + $user = new user(); $cache = new cache(); $db = new $sql_db(); @@ -698,16 +712,19 @@ if (version_compare($current_version, '3.0.b5', '<=')) $db->sql_query('DELETE FROM ' . STYLES_IMAGESET_TABLE); $db->sql_query('DELETE FROM ' . STYLES_TEMPLATE_TABLE); $db->sql_query('DELETE FROM ' . STYLES_TABLE); - $db->sql_query('DELETE FROM ' . STYLES_IMAGESET_DATA_TABLE); $db->sql_query('DELETE FROM ' . STYLES_THEME_TABLE); + +// $db->sql_query('DELETE FROM ' . STYLES_IMAGESET_DATA_TABLE); break; default: $db->sql_query('TRUNCATE TABLE ' . STYLES_IMAGESET_TABLE); $db->sql_query('TRUNCATE TABLE ' . STYLES_TEMPLATE_TABLE); $db->sql_query('TRUNCATE TABLE ' . STYLES_TABLE); - $db->sql_query('TRUNCATE TABLE ' . STYLES_IMAGESET_DATA_TABLE); $db->sql_query('TRUNCATE TABLE ' . STYLES_THEME_TABLE); + +// This table does not exist, as well as the constant not exist... +// $db->sql_query('TRUNCATE TABLE ' . STYLES_IMAGESET_DATA_TABLE); break; } @@ -869,6 +886,8 @@ if (version_compare($current_version, '3.0.b5', '<=')) $data = "INSERT INTO phpbb_styles (style_name, style_copyright, style_active, template_id, theme_id, imageset_id) VALUES ('prosilver', '© phpBB Group', 1, 1, 1, 1); INSERT INTO phpbb_styles (style_name, style_copyright, style_active, template_id, theme_id, imageset_id) VALUES ('subsilver2', '© phpBB Group', 1, 2, 2, 2); + INSERT INTO phpbb_styles_imageset (imageset_name, imageset_copyright, imageset_path) VALUES ('prosilver', '© phpBB Group', 'prosilver'); + INSERT INTO phpbb_styles_imageset (imageset_name, imageset_copyright, imageset_path) VALUES ('subsilver2', '© phpBB Group', 'subsilver2'); INSERT INTO phpbb_styles_imageset_data (image_name, image_filename, image_lang, image_height, image_width, imageset_id) VALUES ('site_logo', 'site_logo.gif', '', 94, 170, 2); INSERT INTO phpbb_styles_imageset_data (image_name, image_filename, image_lang, image_height, image_width, imageset_id) VALUES ('upload_bar', 'upload_bar.gif', '', 16, 280, 2); INSERT INTO phpbb_styles_imageset_data (image_name, image_filename, image_lang, image_height, image_width, imageset_id) VALUES ('poll_left', 'poll_left.gif', '', 12, 4, 2); @@ -1089,10 +1108,23 @@ if (version_compare($current_version, '3.0.b5', '<=')) set_config('avatar_salt', md5(mt_rand())); - $sql = 'UPDATE ' . ACL_OPTIONS_TABLE . ' SET is_local = 0 WHERE auth_option = \'m_warn\''; + $sql = 'UPDATE ' . ACL_OPTIONS_TABLE . " + SET is_local = 0 + WHERE auth_option = 'm_warn'"; + $db->sql_query($sql); + + $cache->destroy('_acl_options'); + + $sql = 'UPDATE ' . MODULES_TABLE . ' + SET module_auth = \'acl_m_warn && acl_f_read,$id\' + WHERE module_basename = \'warn\' + AND module_mode = \'warn_post\' + AND module_class = \'mcp\''; $db->sql_query($sql); - $sql = 'UPDATE ' . MODULES_TABLE . ' SET module_auth = \'acl_m_warn && acl_f_read,$id\' WHERE module_basename = \'warn\' AND module_mode = \'warn_post\''; + $cache->destroy('_modules_mcp'); + + $sql = 'UPDATE ' . USERS_TABLE . " SET user_permissions = ''"; $db->sql_query($sql); $no_updates = false; diff --git a/phpBB/style.php b/phpBB/style.php index 84a2394744..38ffd5426b 100644 --- a/phpBB/style.php +++ b/phpBB/style.php @@ -128,9 +128,14 @@ if ($id && $sid) $db->sql_query($sql); $cache->destroy('sql', STYLES_THEME_TABLE); + + header('Expires: 0'); + } + else + { + header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time() + 3600)); } - header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time() + 3600)); header('Content-type: text/css'); // Parse Theme Data diff --git a/phpBB/styles/prosilver/theme/common.css b/phpBB/styles/prosilver/theme/common.css index f60fdec719..459e2cbc2a 100644 --- a/phpBB/styles/prosilver/theme/common.css +++ b/phpBB/styles/prosilver/theme/common.css @@ -128,7 +128,6 @@ p.right { float: left; width: auto; padding: 10px 13px 0 10px; - height: auto; } a#logo:hover { diff --git a/phpBB/styles/prosilver/theme/links.css b/phpBB/styles/prosilver/theme/links.css index a6418914a5..733a3cc8d3 100644 --- a/phpBB/styles/prosilver/theme/links.css +++ b/phpBB/styles/prosilver/theme/links.css @@ -73,6 +73,7 @@ a.topictitle:active { /* Post body links */ .postlink { + text-decoration: none; color: #d2d2d2; border-bottom: 1px solid #d2d2d2; padding-bottom: 0; |