diff options
Diffstat (limited to 'phpBB/includes/acp')
29 files changed, 568 insertions, 120 deletions
diff --git a/phpBB/includes/acp/acp_attachments.php b/phpBB/includes/acp/acp_attachments.php index 67fba1094d..816387967a 100644 --- a/phpBB/includes/acp/acp_attachments.php +++ b/phpBB/includes/acp/acp_attachments.php @@ -106,7 +106,10 @@ class acp_attachments { case 'attach': - include_once($phpbb_root_path . 'includes/functions_posting.' . $phpEx); + if (!function_exists('get_supported_image_types')) + { + include($phpbb_root_path . 'includes/functions_posting.' . $phpEx); + } $sql = 'SELECT group_name, cat_id FROM ' . EXTENSION_GROUPS_TABLE . ' @@ -1423,7 +1426,7 @@ class acp_attachments $row['group_name'] = $user->lang['NOT_ASSIGNED']; $group_name[] = $row; - for ($i = 0; $i < sizeof($group_name); $i++) + for ($i = 0, $groups_size = sizeof($group_name); $i < $groups_size; $i++) { if ($default_group === false) { @@ -1732,8 +1735,8 @@ class acp_attachments $size_var = $filesize['si_identifier']; $value = $filesize['value']; - // size="8" and maxlength="15" attributes as a fallback for browsers that do not support type="number" yet. - return '<input type="number" id="' . $key . '" size="8" maxlength="15" min="0" name="config[' . $key . ']" value="' . $value . '" /> <select name="' . $key . '">' . size_select_options($size_var) . '</select>'; + // size and maxlength must not be specified for input of type number + return '<input type="number" id="' . $key . '" min="0" max="999999999999999" step="any" name="config[' . $key . ']" value="' . $value . '" /> <select name="' . $key . '">' . size_select_options($size_var) . '</select>'; } /** diff --git a/phpBB/includes/acp/acp_ban.php b/phpBB/includes/acp/acp_ban.php index b555f46a94..286bc92813 100644 --- a/phpBB/includes/acp/acp_ban.php +++ b/phpBB/includes/acp/acp_ban.php @@ -28,7 +28,10 @@ class acp_ban global $user, $template, $request, $phpbb_dispatcher; global $phpbb_root_path, $phpEx; - include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + if (!function_exists('user_ban')) + { + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + } $bansubmit = $request->is_set_post('bansubmit'); $unbansubmit = $request->is_set_post('unbansubmit'); diff --git a/phpBB/includes/acp/acp_bbcodes.php b/phpBB/includes/acp/acp_bbcodes.php index e245eea069..c98be241e9 100644 --- a/phpBB/includes/acp/acp_bbcodes.php +++ b/phpBB/includes/acp/acp_bbcodes.php @@ -33,6 +33,7 @@ class acp_bbcodes // Set up general vars $action = request_var('action', ''); $bbcode_id = request_var('bbcode', 0); + $submit = $request->is_set_post('submit'); $this->tpl_name = 'acp_bbcodes'; $this->page_title = 'ACP_BBCODES'; @@ -40,6 +41,11 @@ class acp_bbcodes add_form_key($form_key); + if ($submit && !check_form_key($form_key)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + // Set up mode-specific vars switch ($action) { @@ -364,7 +370,7 @@ class acp_bbcodes * * @event core.acp_bbcodes_display_form * @var string action Type of the action: modify|create - * @var string sql_ary The SQL array to get custom bbcode data + * @var array sql_ary The SQL array to get custom bbcode data * @var array template_data Array with form template data * @var string u_action The u_action link * @since 3.1.0-a3 diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index 4a1c74fd77..e004d2e81f 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -449,7 +449,7 @@ class acp_board 'legend2' => 'SMTP_SETTINGS', 'smtp_delivery' => array('lang' => 'USE_SMTP', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), - 'smtp_host' => array('lang' => 'SMTP_SERVER', 'validate' => 'string', 'type' => 'text:25:50', 'explain' => false), + 'smtp_host' => array('lang' => 'SMTP_SERVER', 'validate' => 'string', 'type' => 'text:25:50', 'explain' => true), 'smtp_port' => array('lang' => 'SMTP_PORT', 'validate' => 'int:0:99999', 'type' => 'number:0:99999', 'explain' => true), 'smtp_auth_method' => array('lang' => 'SMTP_AUTH_METHOD', 'validate' => 'string', 'type' => 'select', 'method' => 'mail_auth_select', 'explain' => true), 'smtp_username' => array('lang' => 'SMTP_USERNAME', 'validate' => 'string', 'type' => 'text:25:255', 'explain' => true), @@ -842,7 +842,7 @@ class acp_board { global $user; - return '<input id="' . $key . '" type="number" size="3" maxlength="3" min="1" max="999" name="config[min_name_chars]" value="' . $value . '" /> ' . $user->lang['MIN_CHARS'] . ' <input type="number" size="3" maxlength="3" min="8" max="180" name="config[max_name_chars]" value="' . $this->new_config['max_name_chars'] . '" /> ' . $user->lang['MAX_CHARS']; + return '<input id="' . $key . '" type="number" min="1" max="999" name="config[min_name_chars]" value="' . $value . '" /> ' . $user->lang['MIN_CHARS'] . ' <input type="number" min="8" max="180" name="config[max_name_chars]" value="' . $this->new_config['max_name_chars'] . '" /> ' . $user->lang['MAX_CHARS']; } /** @@ -870,7 +870,7 @@ class acp_board { global $user; - return '<input id="' . $key . '" type="number" size="3" maxlength="3" min="1" max="999" name="config[min_pass_chars]" value="' . $value . '" /> ' . $user->lang['MIN_CHARS'] . ' <input type="number" size="3" maxlength="3" min="8" max="255" name="config[max_pass_chars]" value="' . $this->new_config['max_pass_chars'] . '" /> ' . $user->lang['MAX_CHARS']; + return '<input id="' . $key . '" type="number" min="1" max="999" name="config[min_pass_chars]" value="' . $value . '" /> ' . $user->lang['MIN_CHARS'] . ' <input type="number" min="8" max="255" name="config[max_pass_chars]" value="' . $this->new_config['max_pass_chars'] . '" /> ' . $user->lang['MAX_CHARS']; } /** diff --git a/phpBB/includes/acp/acp_bots.php b/phpBB/includes/acp/acp_bots.php index 1ea320e674..2188b90729 100644 --- a/phpBB/includes/acp/acp_bots.php +++ b/phpBB/includes/acp/acp_bots.php @@ -141,7 +141,11 @@ class acp_bots case 'edit': case 'add': - include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx); + + if (!function_exists('user_update_name')) + { + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + } $bot_row = array( 'bot_name' => utf8_normalize_nfc(request_var('bot_name', '', true)), diff --git a/phpBB/includes/acp/acp_captcha.php b/phpBB/includes/acp/acp_captcha.php index fa8d8fb6a9..92d5e1dda6 100644 --- a/phpBB/includes/acp/acp_captcha.php +++ b/phpBB/includes/acp/acp_captcha.php @@ -25,7 +25,7 @@ class acp_captcha function main($id, $mode) { - global $db, $user, $auth, $template; + global $request, $user, $auth, $template; global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx, $phpbb_container; $user->add_lang('acp/board'); @@ -52,11 +52,36 @@ class acp_captcha else { $config_vars = array( - 'enable_confirm' => array('tpl' => 'REG_ENABLE', 'default' => false), - 'enable_post_confirm' => array('tpl' => 'POST_ENABLE', 'default' => false), - 'confirm_refresh' => array('tpl' => 'CONFIRM_REFRESH', 'default' => false), - 'max_reg_attempts' => array('tpl' => 'REG_LIMIT', 'default' => 0), - 'max_login_attempts' => array('tpl' => 'MAX_LOGIN_ATTEMPTS', 'default' => 0), + 'enable_confirm' => array( + 'tpl' => 'REG_ENABLE', + 'default' => false, + 'validate' => 'bool', + 'lang' => 'VISUAL_CONFIRM_REG', + ), + 'enable_post_confirm' => array( + 'tpl' => 'POST_ENABLE', + 'default' => false, + 'validate' => 'bool', + 'lang' => 'VISUAL_CONFIRM_POST', + ), + 'confirm_refresh' => array( + 'tpl' => 'CONFIRM_REFRESH', + 'default' => false, + 'validate' => 'bool', + 'lang' => 'VISUAL_CONFIRM_REFRESH', + ), + 'max_reg_attempts' => array( + 'tpl' => 'REG_LIMIT', + 'default' => 0, + 'validate' => 'int:0:99999', + 'lang' => 'REG_LIMIT', + ), + 'max_login_attempts' => array( + 'tpl' => 'MAX_LOGIN_ATTEMPTS', + 'default' => 0, + 'validate' => 'int:0:99999', + 'lang' => 'MAX_LOGIN_ATTEMPTS', + ), ); $this->tpl_name = 'acp_captcha'; @@ -65,12 +90,31 @@ class acp_captcha add_form_key($form_key); $submit = request_var('main_submit', false); + $error = $cfg_array = array(); - if ($submit && check_form_key($form_key)) + if ($submit) { foreach ($config_vars as $config_var => $options) { - set_config($config_var, request_var($config_var, $options['default'])); + $cfg_array[$config_var] = $request->variable($config_var, $options['default']); + } + validate_config_vars($config_vars, $cfg_array, $error); + + if (!check_form_key($form_key)) + { + $error[] = $user->lang['FORM_INVALID']; + } + if ($error) + { + $submit = false; + } + } + + if ($submit) + { + foreach ($cfg_array as $key => $value) + { + $config->set($key, $value); } if ($selected !== $config['captcha_plugin']) @@ -94,10 +138,6 @@ class acp_captcha } trigger_error($user->lang['CONFIG_UPDATED'] . adm_back_link($this->u_action)); } - else if ($submit) - { - trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); - } else { $captcha_select = ''; @@ -124,6 +164,7 @@ class acp_captcha 'CAPTCHA_PREVIEW_TPL' => $demo_captcha->get_demo_template($id), 'S_CAPTCHA_HAS_CONFIG' => $demo_captcha->has_config(), 'CAPTCHA_SELECT' => $captcha_select, + 'ERROR_MSG' => implode('<br />', $error), 'U_ACTION' => $this->u_action, )); diff --git a/phpBB/includes/acp/acp_database.php b/phpBB/includes/acp/acp_database.php index 9666ac5b6e..dd0599e06a 100644 --- a/phpBB/includes/acp/acp_database.php +++ b/phpBB/includes/acp/acp_database.php @@ -39,6 +39,9 @@ class acp_database $action = request_var('action', ''); $submit = (isset($_POST['submit'])) ? true : false; + $form_key = 'acp_database'; + add_form_key($form_key); + $template->assign_vars(array( 'MODE' => $mode )); @@ -62,6 +65,11 @@ class acp_database trigger_error($user->lang['TABLE_SELECT_ERROR'] . adm_back_link($this->u_action), E_USER_WARNING); } + if (!check_form_key($form_key)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + $store = $download = $structure = $schema_data = false; if ($where == 'store_and_download' || $where == 'store') diff --git a/phpBB/includes/acp/acp_disallow.php b/phpBB/includes/acp/acp_disallow.php index 4c8f3cc65b..5b12013708 100644 --- a/phpBB/includes/acp/acp_disallow.php +++ b/phpBB/includes/acp/acp_disallow.php @@ -26,9 +26,7 @@ class acp_disallow function main($id, $mode) { global $db, $user, $auth, $template, $cache; - global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx; - - include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + global $config, $phpbb_admin_path; $user->add_lang('acp/posting'); diff --git a/phpBB/includes/acp/acp_email.php b/phpBB/includes/acp/acp_email.php index fda9d50779..917d02318e 100644 --- a/phpBB/includes/acp/acp_email.php +++ b/phpBB/includes/acp/acp_email.php @@ -189,8 +189,15 @@ class acp_email $db->sql_freeresult($result); // Send the messages - include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); - include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx); + if (!class_exists('messenger')) + { + include($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); + } + + if (!function_exists('get_group_name')) + { + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + } $messenger = new messenger($use_queue); $errored = false; diff --git a/phpBB/includes/acp/acp_extensions.php b/phpBB/includes/acp/acp_extensions.php index 193483050c..f97711d69d 100644 --- a/phpBB/includes/acp/acp_extensions.php +++ b/phpBB/includes/acp/acp_extensions.php @@ -121,8 +121,6 @@ class acp_extensions 'U_ACTION' => $this->u_action, )); - add_form_key('version_check_settings'); - $this->tpl_name = 'acp_ext_list'; break; @@ -369,6 +367,7 @@ class acp_extensions foreach ($enabled_extension_meta_data as $name => $block_vars) { + $block_vars['NAME'] = $name; $block_vars['U_DETAILS'] = $this->u_action . '&action=details&ext_name=' . urlencode($name); $this->template->assign_block_vars('enabled', $block_vars); @@ -425,6 +424,7 @@ class acp_extensions foreach ($disabled_extension_meta_data as $name => $block_vars) { + $block_vars['NAME'] = $name; $block_vars['U_DETAILS'] = $this->u_action . '&action=details&ext_name=' . urlencode($name); $this->template->assign_block_vars('disabled', $block_vars); @@ -484,6 +484,7 @@ class acp_extensions foreach ($available_extension_meta_data as $name => $block_vars) { + $block_vars['NAME'] = $name; $block_vars['U_DETAILS'] = $this->u_action . '&action=details&ext_name=' . urlencode($name); $this->template->assign_block_vars('disabled', $block_vars); @@ -534,7 +535,7 @@ class acp_extensions $version_helper = new \phpbb\version_helper($this->cache, $this->config, new \phpbb\file_downloader(), $this->user); $version_helper->set_current_version($meta['version']); - $version_helper->set_file_location($version_check['host'], $version_check['directory'], $version_check['filename']); + $version_helper->set_file_location($version_check['host'], $version_check['directory'], $version_check['filename'], isset($version_check['ssl']) ? $version_check['ssl'] : false); $version_helper->force_stability($this->config['extension_force_unstable'] ? 'unstable' : null); return $updates = $version_helper->get_suggested_updates($force_update, $force_cache); diff --git a/phpBB/includes/acp/acp_forums.php b/phpBB/includes/acp/acp_forums.php index adf5de44f5..1e69a4ad20 100644 --- a/phpBB/includes/acp/acp_forums.php +++ b/phpBB/includes/acp/acp_forums.php @@ -842,9 +842,26 @@ class acp_forums ORDER BY left_id"; $result = $db->sql_query($sql); - if ($row = $db->sql_fetchrow($result)) + $rowset = array(); + while ($row = $db->sql_fetchrow($result)) { - do + $rowset[(int) $row['forum_id']] = $row; + } + $db->sql_freeresult($result); + + /** + * Modify the forum list data + * + * @event core.acp_manage_forums_modify_forum_list + * @var array rowset Array with the forums list data + * @since 3.1.10-RC1 + */ + $vars = array('rowset'); + extract($phpbb_dispatcher->trigger_event('core.acp_manage_forums_modify_forum_list', compact($vars))); + + if (!empty($rowset)) + { + foreach ($rowset as $row) { $forum_type = $row['forum_type']; @@ -888,7 +905,6 @@ class acp_forums 'U_SYNC' => $url . '&action=sync') ); } - while ($row = $db->sql_fetchrow($result)); } else if ($this->parent_id) { @@ -904,7 +920,7 @@ class acp_forums 'U_SYNC' => $url . '&action=sync') ); } - $db->sql_freeresult($result); + unset($rowset); $template->assign_vars(array( 'ERROR_MSG' => (sizeof($errors)) ? implode('<br />', $errors) : '', @@ -1411,7 +1427,7 @@ class acp_forums $diff = sizeof($moved_forums) * 2; $moved_ids = array(); - for ($i = 0; $i < sizeof($moved_forums); ++$i) + for ($i = 0, $size = sizeof($moved_forums); $i < $size; ++$i) { $moved_ids[] = $moved_forums[$i]['forum_id']; } @@ -1786,7 +1802,7 @@ class acp_forums */ function delete_forum_content($forum_id) { - global $db, $config, $phpbb_root_path, $phpEx; + global $db, $config, $phpbb_root_path, $phpEx, $phpbb_dispatcher; include_once($phpbb_root_path . 'includes/functions_posting.' . $phpEx); @@ -1918,6 +1934,24 @@ class acp_forums $table_ary = array(FORUMS_ACCESS_TABLE, FORUMS_TRACK_TABLE, FORUMS_WATCH_TABLE, LOG_TABLE, MODERATOR_CACHE_TABLE, POSTS_TABLE, TOPICS_TABLE, TOPICS_TRACK_TABLE); + /** + * Perform additional actions before forum content deletion + * + * @event core.delete_forum_content_before_query + * @var array table_ary Array of tables from which all rows will be deleted that hold the forum_id + * @var int forum_id the forum id + * @var array topic_ids Array of the topic ids from the forum to be deleted + * @var array post_counts Array of counts of posts in the forum, by poster_id + * @since 3.1.6-RC1 + */ + $vars = array( + 'table_ary', + 'forum_id', + 'topic_ids', + 'post_counts', + ); + extract($phpbb_dispatcher->trigger_event('core.delete_forum_content_before_query', compact($vars))); + foreach ($table_ary as $table) { $db->sql_query("DELETE FROM $table WHERE forum_id = $forum_id"); diff --git a/phpBB/includes/acp/acp_groups.php b/phpBB/includes/acp/acp_groups.php index edfada1bf1..0352f6a242 100644 --- a/phpBB/includes/acp/acp_groups.php +++ b/phpBB/includes/acp/acp_groups.php @@ -42,7 +42,10 @@ class acp_groups return; } - include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + if (!function_exists('group_user_attributes')) + { + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + } // Check and set some common vars $action = (isset($_POST['add'])) ? 'add' : ((isset($_POST['addusers'])) ? 'addusers' : request_var('action', '')); @@ -295,7 +298,10 @@ class acp_groups case 'edit': case 'add': - include($phpbb_root_path . 'includes/functions_display.' . $phpEx); + if (!function_exists('display_forums')) + { + include($phpbb_root_path . 'includes/functions_display.' . $phpEx); + } $data = $submit_ary = array(); @@ -318,9 +324,11 @@ class acp_groups $avatar_data = null; $avatar_error = array(); + /** @var \phpbb\avatar\manager $phpbb_avatar_manager */ + $phpbb_avatar_manager = $phpbb_container->get('avatar.manager'); + if ($config['allow_avatar']) { - $phpbb_avatar_manager = $phpbb_container->get('avatar.manager'); $avatar_drivers = $phpbb_avatar_manager->get_enabled_drivers(); // This is normalised data, without the group_ prefix @@ -661,14 +669,21 @@ class acp_groups $avatars_enabled = false; $selected_driver = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', $avatar_data['avatar_type'])); + // Assign min and max values before generating avatar driver html + $template->assign_vars(array( + 'AVATAR_MIN_WIDTH' => $config['avatar_min_width'], + 'AVATAR_MAX_WIDTH' => $config['avatar_max_width'], + 'AVATAR_MIN_HEIGHT' => $config['avatar_min_height'], + 'AVATAR_MAX_HEIGHT' => $config['avatar_max_height'], + )); + foreach ($avatar_drivers as $current_driver) { $driver = $phpbb_avatar_manager->get_driver($current_driver); $avatars_enabled = true; - $config_name = $phpbb_avatar_manager->get_driver_config_name($driver); $template->set_filenames(array( - 'avatar' => "acp_avatar_options_{$config_name}.html", + 'avatar' => $driver->get_acp_template_name(), )); if ($driver->prepare_form($request, $template, $user, $avatar_data, $avatar_error)) diff --git a/phpBB/includes/acp/acp_icons.php b/phpBB/includes/acp/acp_icons.php index 9265415dd1..a0ea7dc9b1 100644 --- a/phpBB/includes/acp/acp_icons.php +++ b/phpBB/includes/acp/acp_icons.php @@ -40,6 +40,10 @@ class acp_icons $action = (isset($_POST['edit'])) ? 'edit' : $action; $action = (isset($_POST['import'])) ? 'import' : $action; $icon_id = request_var('id', 0); + $submit = $request->is_set_post('submit', false); + + $form_key = 'acp_icons'; + add_form_key($form_key); $mode = ($mode == 'smilies') ? 'smilies' : 'icons'; @@ -325,6 +329,11 @@ class acp_icons case 'create': case 'modify': + if (!check_form_key($form_key)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + // Get items to create/modify $images = (isset($_POST['image'])) ? array_keys(request_var('image', array('' => 0))) : array(); @@ -513,6 +522,11 @@ class acp_icons { $order = 0; + if (!check_form_key($form_key)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + if (!($pak_ary = @file($phpbb_root_path . $img_path . '/' . $pak))) { trigger_error($user->lang['PAK_FILE_NOT_READABLE'] . adm_back_link($this->u_action), E_USER_WARNING); @@ -698,7 +712,7 @@ class acp_icons $template->assign_vars(array( 'MESSAGE_TITLE' => $user->lang['EXPORT_' . $lang], - 'MESSAGE_TEXT' => sprintf($user->lang['EXPORT_' . $lang . '_EXPLAIN'], '<a href="' . $this->u_action . '&action=send">', '</a>'), + 'MESSAGE_TEXT' => sprintf($user->lang['EXPORT_' . $lang . '_EXPLAIN'], '<a href="' . $this->u_action . '&action=send&hash=' . generate_link_hash('acp_icons') . '">', '</a>'), 'S_USER_NOTICE' => true, ) @@ -710,6 +724,11 @@ class acp_icons case 'send': + if (!check_link_hash($request->variable('hash', ''), 'acp_icons')) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + $sql = "SELECT * FROM $table ORDER BY {$fields}_order"; @@ -811,6 +830,11 @@ class acp_icons case 'move_up': case 'move_down': + if (!check_link_hash($request->variable('hash', ''), 'acp_icons')) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + // Get current order id... $sql = "SELECT {$fields}_order as current_order FROM $table @@ -928,8 +952,8 @@ class acp_icons 'EMOTION' => (isset($row['emotion'])) ? $row['emotion'] : '', 'U_EDIT' => $this->u_action . '&action=edit&id=' . $row[$fields . '_id'], 'U_DELETE' => $this->u_action . '&action=delete&id=' . $row[$fields . '_id'], - 'U_MOVE_UP' => $this->u_action . '&action=move_up&id=' . $row[$fields . '_id'] . '&start=' . $pagination_start, - 'U_MOVE_DOWN' => $this->u_action . '&action=move_down&id=' . $row[$fields . '_id'] . '&start=' . $pagination_start, + 'U_MOVE_UP' => $this->u_action . '&action=move_up&id=' . $row[$fields . '_id'] . '&start=' . $pagination_start . '&hash=' . generate_link_hash('acp_icons'), + 'U_MOVE_DOWN' => $this->u_action . '&action=move_down&id=' . $row[$fields . '_id'] . '&start=' . $pagination_start . '&hash=' . generate_link_hash('acp_icons'), )); if (!$spacer && !$row['display_on_posting']) diff --git a/phpBB/includes/acp/acp_inactive.php b/phpBB/includes/acp/acp_inactive.php index e96c42de05..76c7a1b277 100644 --- a/phpBB/includes/acp/acp_inactive.php +++ b/phpBB/includes/acp/acp_inactive.php @@ -34,7 +34,10 @@ class acp_inactive global $config, $db, $user, $auth, $template, $phpbb_container; global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix; - include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + if (!function_exists('user_active_flip')) + { + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + } $user->add_lang('memberlist'); @@ -109,7 +112,10 @@ class acp_inactive if ($config['require_activation'] == USER_ACTIVATION_ADMIN && !empty($inactive_users)) { - include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); + if (!class_exists('messenger')) + { + include($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); + } $messenger = new messenger(false); @@ -196,7 +202,10 @@ class acp_inactive if ($row = $db->sql_fetchrow($result)) { // Send the messages - include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); + if (!class_exists('messenger')) + { + include($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); + } $messenger = new messenger(); $usernames = $user_ids = array(); @@ -271,9 +280,10 @@ class acp_inactive 'REMINDED_EXPLAIN' => $user->lang('USER_LAST_REMINDED', (int) $row['user_reminded'], $user->format_date($row['user_reminded_time'])), - 'USERNAME_FULL' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour'], false, append_sid("{$phpbb_admin_path}index.$phpEx", 'i=users&mode=overview')), + 'USERNAME_FULL' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour'], false, append_sid("{$phpbb_admin_path}index.$phpEx", 'i=users&mode=overview&redirect=acp_inactive')), 'USERNAME' => get_username_string('username', $row['user_id'], $row['username'], $row['user_colour']), 'USER_COLOR' => get_username_string('colour', $row['user_id'], $row['username'], $row['user_colour']), + 'USER_EMAIL' => $row['user_email'], 'U_USER_ADMIN' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=users&mode=overview&u={$row['user_id']}"), 'U_SEARCH_USER' => ($auth->acl_get('u_search')) ? append_sid("{$phpbb_root_path}search.$phpEx", "author_id={$row['user_id']}&sr=posts") : '', diff --git a/phpBB/includes/acp/acp_jabber.php b/phpBB/includes/acp/acp_jabber.php index 284543acd3..a482b41e1d 100644 --- a/phpBB/includes/acp/acp_jabber.php +++ b/phpBB/includes/acp/acp_jabber.php @@ -34,7 +34,10 @@ class acp_jabber $user->add_lang('acp/board'); - include_once($phpbb_root_path . 'includes/functions_jabber.' . $phpEx); + if (!class_exists('jabber')) + { + include($phpbb_root_path . 'includes/functions_jabber.' . $phpEx); + } $action = request_var('action', ''); $submit = (isset($_POST['submit'])) ? true : false; diff --git a/phpBB/includes/acp/acp_language.php b/phpBB/includes/acp/acp_language.php index 60e338ae7c..bddc2be9cb 100644 --- a/phpBB/includes/acp/acp_language.php +++ b/phpBB/includes/acp/acp_language.php @@ -34,7 +34,10 @@ class acp_language global $config, $db, $user, $template; global $phpbb_root_path, $phpEx, $request; - include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx); + if (!function_exists('validate_language_iso_name')) + { + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + } // Check and set some common vars $action = (isset($_POST['update_details'])) ? 'update_details' : ''; @@ -241,6 +244,11 @@ class acp_language break; case 'install': + if (!check_link_hash($request->variable('hash', ''), 'acp_language')) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + $lang_iso = request_var('iso', ''); $lang_iso = basename($lang_iso); @@ -420,7 +428,7 @@ class acp_language 'ISO' => htmlspecialchars($lang_ary['iso']), 'LOCAL_NAME' => htmlspecialchars($lang_ary['local_name'], ENT_COMPAT, 'UTF-8'), 'NAME' => htmlspecialchars($lang_ary['name'], ENT_COMPAT, 'UTF-8'), - 'U_INSTALL' => $this->u_action . '&action=install&iso=' . urlencode($lang_ary['iso'])) + 'U_INSTALL' => $this->u_action . '&action=install&iso=' . urlencode($lang_ary['iso']) . '&hash=' . generate_link_hash('acp_language')) ); } } diff --git a/phpBB/includes/acp/acp_main.php b/phpBB/includes/acp/acp_main.php index f6d728ffed..848cafeb67 100644 --- a/phpBB/includes/acp/acp_main.php +++ b/phpBB/includes/acp/acp_main.php @@ -429,20 +429,34 @@ class acp_main )); } - $version_helper = $phpbb_container->get('version_helper'); - try + if ($auth->acl_get('a_board')) { - $recheck = $request->variable('versioncheck_force', false); - $updates_available = $version_helper->get_suggested_updates($recheck); + $version_helper = $phpbb_container->get('version_helper'); + try + { + $recheck = $request->variable('versioncheck_force', false); + $updates_available = $version_helper->get_suggested_updates($recheck); - $template->assign_var('S_VERSION_UP_TO_DATE', empty($updates_available)); + $template->assign_var('S_VERSION_UP_TO_DATE', empty($updates_available)); + } + catch (\RuntimeException $e) + { + $template->assign_vars(array( + 'S_VERSIONCHECK_FAIL' => true, + 'VERSIONCHECK_FAIL_REASON' => ($e->getMessage() !== $user->lang('VERSIONCHECK_FAIL')) ? $e->getMessage() : '', + )); + } } - catch (\RuntimeException $e) + else { - $template->assign_vars(array( - 'S_VERSIONCHECK_FAIL' => true, - 'VERSIONCHECK_FAIL_REASON' => ($e->getMessage() !== $user->lang('VERSIONCHECK_FAIL')) ? $e->getMessage() : '', - )); + // We set this template var to true, to not display an outdated version notice. + $template->assign_var('S_VERSION_UP_TO_DATE', true); + } + + // Incomplete update? + if (phpbb_version_compare($config['version'], PHPBB_VERSION, '<')) + { + $template->assign_var('S_UPDATE_INCOMPLETE', true); } /** @@ -553,6 +567,7 @@ class acp_main 'U_VERSIONCHECK' => append_sid("{$phpbb_admin_path}index.$phpEx", 'i=update&mode=version_check'), 'U_VERSIONCHECK_FORCE' => append_sid("{$phpbb_admin_path}index.$phpEx", 'versioncheck_force=1'), + 'S_VERSIONCHECK' => ($auth->acl_get('a_board')) ? true : false, 'S_ACTION_OPTIONS' => ($auth->acl_get('a_board')) ? true : false, 'S_FOUNDER' => ($user->data['user_type'] == USER_FOUNDER) ? true : false, ) diff --git a/phpBB/includes/acp/acp_modules.php b/phpBB/includes/acp/acp_modules.php index ea6b388328..9d14614417 100644 --- a/phpBB/includes/acp/acp_modules.php +++ b/phpBB/includes/acp/acp_modules.php @@ -46,6 +46,9 @@ class acp_modules $user->add_lang('acp/modules'); $this->tpl_name = 'acp_modules'; + $form_key = 'acp_modules'; + add_form_key($form_key); + // module class $this->module_class = $mode; @@ -119,6 +122,11 @@ class acp_modules trigger_error($user->lang['NO_MODULE_ID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING); } + if (!check_link_hash($request->variable('hash', ''), 'acp_modules')) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING); + } + $sql = 'SELECT * FROM ' . MODULES_TABLE . " WHERE module_class = '" . $db->sql_escape($this->module_class) . "' @@ -150,6 +158,11 @@ class acp_modules trigger_error($user->lang['NO_MODULE_ID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING); } + if (!check_link_hash($request->variable('hash', ''), 'acp_modules')) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING); + } + $sql = 'SELECT * FROM ' . MODULES_TABLE . " WHERE module_class = '" . $db->sql_escape($this->module_class) . "' @@ -273,6 +286,11 @@ class acp_modules if ($submit) { + if (!check_form_key($form_key)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING); + } + if (!$module_data['module_langname']) { trigger_error($user->lang['NO_MODULE_LANGNAME'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING); @@ -460,12 +478,12 @@ class acp_modules 'S_ACP_MODULE_MANAGEMENT' => ($this->module_class == 'acp' && ($row['module_basename'] == 'modules' || $row['module_langname'] == 'ACP_MODULE_MANAGEMENT')) ? true : false, 'U_MODULE' => $this->u_action . '&parent_id=' . $row['module_id'], - 'U_MOVE_UP' => $url . '&action=move_up', - 'U_MOVE_DOWN' => $url . '&action=move_down', + 'U_MOVE_UP' => $url . '&action=move_up&hash=' . generate_link_hash('acp_modules'), + 'U_MOVE_DOWN' => $url . '&action=move_down&hash=' . generate_link_hash('acp_modules'), 'U_EDIT' => $url . '&action=edit', 'U_DELETE' => $url . '&action=delete', - 'U_ENABLE' => $url . '&action=enable', - 'U_DISABLE' => $url . '&action=disable') + 'U_ENABLE' => $url . '&action=enable&hash=' . generate_link_hash('acp_modules'), + 'U_DISABLE' => $url . '&action=disable&hash=' . generate_link_hash('acp_modules')) ); } while ($row = $db->sql_fetchrow($result)); @@ -484,8 +502,8 @@ class acp_modules 'U_EDIT' => $url . '&action=edit', 'U_DELETE' => $url . '&action=delete', - 'U_ENABLE' => $url . '&action=enable', - 'U_DISABLE' => $url . '&action=disable') + 'U_ENABLE' => $url . '&action=enable&hash=' . generate_link_hash('acp_modules'), + 'U_DISABLE' => $url . '&action=disable&hash=' . generate_link_hash('acp_modules')) ); } $db->sql_freeresult($result); @@ -888,7 +906,7 @@ class acp_modules $diff = sizeof($moved_modules) * 2; $moved_ids = array(); - for ($i = 0; $i < sizeof($moved_modules); ++$i) + for ($i = 0, $size = sizeof($moved_modules); $i < $size; ++$i) { $moved_ids[] = $moved_modules[$i]['module_id']; } diff --git a/phpBB/includes/acp/acp_permission_roles.php b/phpBB/includes/acp/acp_permission_roles.php index cd3616208d..0796b36fef 100644 --- a/phpBB/includes/acp/acp_permission_roles.php +++ b/phpBB/includes/acp/acp_permission_roles.php @@ -30,8 +30,15 @@ class acp_permission_roles global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx; global $request; - include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx); - include_once($phpbb_root_path . 'includes/acp/auth.' . $phpEx); + if (!function_exists('user_get_id_name')) + { + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + } + + if (!class_exists('auth_admin')) + { + include($phpbb_root_path . 'includes/acp/auth.' . $phpEx); + } $this->auth_admin = new auth_admin(); @@ -359,6 +366,11 @@ class acp_permission_roles case 'move_up': case 'move_down': + if (!check_link_hash($request->variable('hash', ''), 'acp_permission_roles')) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + $sql = 'SELECT role_order FROM ' . ACL_ROLES_TABLE . " WHERE role_id = $role_id"; @@ -433,8 +445,8 @@ class acp_permission_roles 'U_EDIT' => $this->u_action . '&action=edit&role_id=' . $row['role_id'], 'U_REMOVE' => $this->u_action . '&action=remove&role_id=' . $row['role_id'], - 'U_MOVE_UP' => $this->u_action . '&action=move_up&role_id=' . $row['role_id'], - 'U_MOVE_DOWN' => $this->u_action . '&action=move_down&role_id=' . $row['role_id'], + 'U_MOVE_UP' => $this->u_action . '&action=move_up&role_id=' . $row['role_id'] . '&hash=' . generate_link_hash('acp_permission_roles'), + 'U_MOVE_DOWN' => $this->u_action . '&action=move_down&role_id=' . $row['role_id'] . '&hash=' . generate_link_hash('acp_permission_roles'), 'U_DISPLAY_ITEMS' => ($row['role_id'] == $display_item) ? '' : $this->u_action . '&display_item=' . $row['role_id'] . '#assigned_to') ); diff --git a/phpBB/includes/acp/acp_permissions.php b/phpBB/includes/acp/acp_permissions.php index cb408e304f..660afb4e93 100644 --- a/phpBB/includes/acp/acp_permissions.php +++ b/phpBB/includes/acp/acp_permissions.php @@ -30,8 +30,15 @@ class acp_permissions global $db, $user, $auth, $template, $cache, $phpbb_container; global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx; - include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx); - include_once($phpbb_root_path . 'includes/acp/auth.' . $phpEx); + if (!function_exists('user_get_id_name')) + { + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + } + + if (!class_exists('auth_admin')) + { + include($phpbb_root_path . 'includes/acp/auth.' . $phpEx); + } $this->permissions = $phpbb_container->get('acl.permissions'); diff --git a/phpBB/includes/acp/acp_profile.php b/phpBB/includes/acp/acp_profile.php index 97c1f62077..485f849f51 100644 --- a/phpBB/includes/acp/acp_profile.php +++ b/phpBB/includes/acp/acp_profile.php @@ -31,10 +31,17 @@ class acp_profile { global $config, $db, $user, $auth, $template, $cache; global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix; - global $request, $phpbb_container; + global $request, $phpbb_container, $phpbb_dispatcher; - include($phpbb_root_path . 'includes/functions_posting.' . $phpEx); - include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + if (!function_exists('generate_smilies')) + { + include($phpbb_root_path . 'includes/functions_posting.' . $phpEx); + } + + if (!function_exists('user_get_id_name')) + { + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + } $user->add_lang(array('ucp', 'acp/profile')); $this->tpl_name = 'acp_profile'; @@ -46,6 +53,9 @@ class acp_profile $error = array(); $s_hidden_fields = ''; + $form_key = 'acp_profile'; + add_form_key($form_key); + if (!$field_id && in_array($action, array('delete','activate', 'deactivate', 'move_up', 'move_down', 'edit'))) { trigger_error($user->lang['NO_FIELD_ID'] . adm_back_link($this->u_action), E_USER_WARNING); @@ -154,6 +164,11 @@ class acp_profile case 'activate': + if (!check_link_hash($request->variable('hash', ''), 'acp_profile')) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + $sql = 'SELECT lang_id FROM ' . LANG_TABLE . " WHERE lang_iso = '" . $db->sql_escape($config['default_lang']) . "'"; @@ -194,6 +209,11 @@ class acp_profile case 'deactivate': + if (!check_link_hash($request->variable('hash', ''), 'acp_profile')) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + $sql = 'UPDATE ' . PROFILE_FIELDS_TABLE . " SET field_active = 0 WHERE field_id = $field_id"; @@ -223,6 +243,11 @@ class acp_profile case 'move_up': case 'move_down': + if (!check_link_hash($request->variable('hash', ''), 'acp_profile')) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + $sql = 'SELECT field_order FROM ' . PROFILE_FIELDS_TABLE . " WHERE field_id = $field_id"; @@ -369,6 +394,32 @@ class acp_profile 'field_is_contact', ); + /** + * Event to add initialization for new profile field table fields + * + * @event core.acp_profile_create_edit_init + * @var string action create|edit + * @var int step Configuration step (1|2|3) + * @var bool submit Form has been submitted + * @var bool save Configuration should be saved + * @var string field_type Type of the field we are dealing with + * @var array field_row Array of data about the field + * @var array exclude Array of excluded fields by step + * @var array visibility_ary Array of fields that are visibility related + * @since 3.1.6-RC1 + */ + $vars = array( + 'action', + 'step', + 'submit', + 'save', + 'field_type', + 'field_row', + 'exclude', + 'visibility_ary', + ); + extract($phpbb_dispatcher->trigger_event('core.acp_profile_create_edit_init', compact($vars))); + $options = $profile_field->prepare_options_form($exclude, $visibility_ary); $cp->vars['field_ident'] = ($action == 'create' && $step == 1) ? utf8_clean_string(request_var('field_ident', $field_row['field_ident'], true)) : request_var('field_ident', $field_row['field_ident']); @@ -511,13 +562,14 @@ class acp_profile } } - $step = (isset($_REQUEST['next'])) ? $step + 1 : ((isset($_REQUEST['prev'])) ? $step - 1 : $step); - if (sizeof($error)) { - $step--; $submit = false; } + else + { + $step = (isset($_REQUEST['next'])) ? $step + 1 : ((isset($_REQUEST['prev'])) ? $step - 1 : $step); + } // Build up the specific hidden fields foreach ($exclude as $num => $key_ary) @@ -535,7 +587,7 @@ class acp_profile $var = $profile_field->prepare_hidden_fields($step, $key, $action, $field_data); if ($var !== null) { - $_new_key_ary[$key] = $profile_field->prepare_hidden_fields($step, $key, $action, $field_data); + $_new_key_ary[$key] = $var; } } $cp->vars = $field_data; @@ -545,11 +597,12 @@ class acp_profile if (!sizeof($error)) { - if ($step == 3 && (sizeof($this->lang_defs['iso']) == 1 || $save)) + if (!check_form_key($form_key)) { - $this->save_profile_field($cp, $field_type, $action); + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); } - else if ($action == 'edit' && $save) + + if (($step == 3 && (sizeof($this->lang_defs['iso']) == 1 || $save)) || ($action == 'edit' && $save)) { $this->save_profile_field($cp, $field_type, $action); } @@ -644,6 +697,33 @@ class acp_profile break; } + $field_data = $cp->vars; + /** + * Event to add template variables for new profile field table fields + * + * @event core.acp_profile_create_edit_after + * @var string action create|edit + * @var int step Configuration step (1|2|3) + * @var bool submit Form has been submitted + * @var bool save Configuration should be saved + * @var string field_type Type of the field we are dealing with + * @var array field_data Array of data about the field + * @var array s_hidden_fields Array of hidden fields in case this needs modification + * @var array options Array of options specific to this step + * @since 3.1.6-RC1 + */ + $vars = array( + 'action', + 'step', + 'submit', + 'save', + 'field_type', + 'field_data', + 's_hidden_fields', + 'options', + ); + extract($phpbb_dispatcher->trigger_event('core.acp_profile_create_edit_after', compact($vars))); + $template->assign_vars(array( 'S_HIDDEN_FIELDS' => $s_hidden_fields) ); @@ -678,12 +758,12 @@ class acp_profile 'FIELD_TYPE' => $profile_field->get_name(), 'L_ACTIVATE_DEACTIVATE' => $user->lang[$active_lang], - 'U_ACTIVATE_DEACTIVATE' => $this->u_action . "&action=$active_value&field_id=$id", + 'U_ACTIVATE_DEACTIVATE' => $this->u_action . "&action=$active_value&field_id=$id" . '&hash=' . generate_link_hash('acp_profile'), 'U_EDIT' => $this->u_action . "&action=edit&field_id=$id", 'U_TRANSLATE' => $this->u_action . "&action=edit&field_id=$id&step=3", 'U_DELETE' => $this->u_action . "&action=delete&field_id=$id", - 'U_MOVE_UP' => $this->u_action . "&action=move_up&field_id=$id", - 'U_MOVE_DOWN' => $this->u_action . "&action=move_down&field_id=$id", + 'U_MOVE_UP' => $this->u_action . "&action=move_up&field_id=$id" . '&hash=' . generate_link_hash('acp_profile'), + 'U_MOVE_DOWN' => $this->u_action . "&action=move_down&field_id=$id" . '&hash=' . generate_link_hash('acp_profile'), 'S_NEED_EDIT' => $s_need_edit) ); @@ -810,7 +890,7 @@ class acp_profile */ function save_profile_field(&$cp, $field_type, $action = 'create') { - global $db, $config, $user, $phpbb_container; + global $db, $config, $user, $phpbb_container, $phpbb_dispatcher; $field_id = request_var('field_id', 0); @@ -852,6 +932,25 @@ class acp_profile 'field_contact_url' => $cp->vars['field_contact_url'], ); + $field_data = $cp->vars; + /** + * Event to modify profile field configuration data before saving to database + * + * @event core.acp_profile_create_edit_save_before + * @var string action create|edit + * @var string field_type Type of the field we are dealing with + * @var array field_data Array of data about the field + * @var array profile_fields Array of fields to be sent to the database + * @since 3.1.6-RC1 + */ + $vars = array( + 'action', + 'field_type', + 'field_data', + 'profile_fields', + ); + extract($phpbb_dispatcher->trigger_event('core.acp_profile_create_edit_save_before', compact($vars))); + if ($action == 'create') { $profile_fields += array( diff --git a/phpBB/includes/acp/acp_prune.php b/phpBB/includes/acp/acp_prune.php index e17399e3d9..98d9caabdd 100644 --- a/phpBB/includes/acp/acp_prune.php +++ b/phpBB/includes/acp/acp_prune.php @@ -28,7 +28,11 @@ class acp_prune global $user, $phpEx, $phpbb_admin_path, $phpbb_root_path; $user->add_lang('acp/prune'); - include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx); + + if (!function_exists('user_active_flip')) + { + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + } switch ($mode) { diff --git a/phpBB/includes/acp/acp_reasons.php b/phpBB/includes/acp/acp_reasons.php index 3d7ccf422c..bd40a88138 100644 --- a/phpBB/includes/acp/acp_reasons.php +++ b/phpBB/includes/acp/acp_reasons.php @@ -282,6 +282,11 @@ class acp_reasons case 'move_up': case 'move_down': + if (!check_link_hash($request->variable('hash', ''), 'acp_reasons')) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + $sql = 'SELECT reason_order FROM ' . REPORTS_REASONS_TABLE . " WHERE reason_id = $reason_id"; @@ -383,8 +388,8 @@ class acp_reasons 'U_EDIT' => $this->u_action . '&action=edit&id=' . $row['reason_id'], 'U_DELETE' => (!$other_reason) ? $this->u_action . '&action=delete&id=' . $row['reason_id'] : '', - 'U_MOVE_UP' => $this->u_action . '&action=move_up&id=' . $row['reason_id'], - 'U_MOVE_DOWN' => $this->u_action . '&action=move_down&id=' . $row['reason_id']) + 'U_MOVE_UP' => $this->u_action . '&action=move_up&id=' . $row['reason_id'] . '&hash=' . generate_link_hash('acp_reasons'), + 'U_MOVE_DOWN' => $this->u_action . '&action=move_down&id=' . $row['reason_id'] . '&hash=' . generate_link_hash('acp_reasons')) ); } $db->sql_freeresult($result); diff --git a/phpBB/includes/acp/acp_search.php b/phpBB/includes/acp/acp_search.php index abb8301507..f15a75e9a1 100644 --- a/phpBB/includes/acp/acp_search.php +++ b/phpBB/includes/acp/acp_search.php @@ -54,6 +54,13 @@ class acp_search global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx; $submit = (isset($_POST['submit'])) ? true : false; + $form_key = 'acp_search'; + add_form_key($form_key); + + if ($submit && !check_form_key($form_key)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } $search_types = $this->get_search_types(); @@ -232,7 +239,7 @@ class acp_search function index($id, $mode) { - global $db, $user, $auth, $template, $cache; + global $db, $user, $auth, $template, $cache, $request; global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx; $action = request_var('action', ''); @@ -244,6 +251,15 @@ class acp_search $this->state = array(); $this->save_state(); } + $submit = $request->is_set_post('submit', false); + + $form_key = 'acp_search'; + add_form_key($form_key); + + if (!check_form_key($form_key) && in_array($action, array('delete', 'create'))) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } if ($action) { diff --git a/phpBB/includes/acp/acp_send_statistics.php b/phpBB/includes/acp/acp_send_statistics.php index d178be2fb0..7c9e9cf78e 100644 --- a/phpBB/includes/acp/acp_send_statistics.php +++ b/phpBB/includes/acp/acp_send_statistics.php @@ -27,7 +27,10 @@ class acp_send_statistics { global $config, $template, $phpbb_admin_path, $phpbb_root_path, $phpEx; - include($phpbb_root_path . 'includes/questionnaire/questionnaire.' . $phpEx); + if (!class_exists('phpbb_questionnaire_data_collector')) + { + include($phpbb_root_path . 'includes/questionnaire/questionnaire.' . $phpEx); + } $collect_url = "https://www.phpbb.com/stats/receive_stats.php"; diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php index a36a6c1ecd..5181b87ecb 100644 --- a/phpBB/includes/acp/acp_styles.php +++ b/phpBB/includes/acp/acp_styles.php @@ -56,9 +56,12 @@ class acp_styles /** @var string */ protected $php_ext; + /** @var \phpbb\event\dispatcher_interface */ + protected $dispatcher; + public function main($id, $mode) { - global $db, $user, $phpbb_admin_path, $phpbb_root_path, $phpEx, $template, $request, $cache, $auth, $config; + global $db, $user, $phpbb_admin_path, $phpbb_root_path, $phpEx, $template, $request, $cache, $auth, $config, $phpbb_dispatcher; $this->db = $db; $this->user = $user; @@ -69,6 +72,7 @@ class acp_styles $this->config = $config; $this->phpbb_root_path = $phpbb_root_path; $this->php_ext = $phpEx; + $this->dispatcher = $phpbb_dispatcher; $this->default_style = $config['default_style']; $this->styles_path = $this->phpbb_root_path . $this->styles_path_absolute . '/'; @@ -118,6 +122,18 @@ class acp_styles ) ); + /** + * Run code before ACP styles action execution + * + * @event core.acp_styles_action_before + * @var int id Module ID + * @var string mode Active module + * @var string action Module that should be run + * @since 3.1.7-RC1 + */ + $vars = array('id', 'mode', 'action'); + extract($this->dispatcher->trigger_event('core.acp_styles_action_before', compact($vars))); + // Execute actions switch ($action) { diff --git a/phpBB/includes/acp/acp_update.php b/phpBB/includes/acp/acp_update.php index 0167a06dbb..529f0f2185 100644 --- a/phpBB/includes/acp/acp_update.php +++ b/phpBB/includes/acp/acp_update.php @@ -62,5 +62,17 @@ class acp_update 'UPDATE_INSTRUCTIONS' => sprintf($user->lang['UPDATE_INSTRUCTIONS'], $update_link), )); + + // Incomplete update? + if (phpbb_version_compare($config['version'], PHPBB_VERSION, '<')) + { + $database_update_link = append_sid($phpbb_root_path . 'install/database_update.' . $phpEx); + + $template->assign_vars(array( + 'S_UPDATE_INCOMPLETE' => true, + 'FILES_VERSION' => PHPBB_VERSION, + 'INCOMPLETE_INSTRUCTIONS' => $user->lang('UPDATE_INCOMPLETE_EXPLAIN', $database_update_link), + )); + } } } diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index 8c17fb6311..1e453e88ad 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -44,6 +44,11 @@ class acp_users $user_id = request_var('u', 0); $action = request_var('action', ''); + // Get referer to redirect user to the appropriate page after delete action + $redirect = request_var('redirect', ''); + $redirect_tag = "redirect=$redirect"; + $redirect_url = append_sid("{$phpbb_admin_path}index.$phpEx", "i=$redirect"); + $submit = (isset($_POST['update']) && !isset($_POST['cancel'])) ? true : false; $form_name = 'acp_users'; @@ -52,7 +57,10 @@ class acp_users // Whois (special case) if ($action == 'whois') { - include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + if (!function_exists('user_get_id_name')) + { + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + } $this->page_title = 'WHOIS'; $this->tpl_name = 'simple_body'; @@ -146,9 +154,9 @@ class acp_users } $template->assign_vars(array( - 'U_BACK' => $this->u_action, + 'U_BACK' => (empty($redirect)) ? $this->u_action : $redirect_url, 'U_MODE_SELECT' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&u=$user_id"), - 'U_ACTION' => $this->u_action . '&u=' . $user_id, + 'U_ACTION' => $this->u_action . '&u=' . $user_id . ((empty($redirect)) ? '' : '&' . $redirect_tag), 'S_FORM_OPTIONS' => $s_form_options, 'MANAGED_USERNAME' => $user_row['username']) ); @@ -165,7 +173,10 @@ class acp_users { case 'overview': - include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + if (!function_exists('user_get_id_name')) + { + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + } $user->add_lang('acp/ban'); @@ -221,19 +232,30 @@ class acp_users user_delete($delete_type, $user_id, $user_row['username']); add_log('admin', 'LOG_USER_DELETED', $user_row['username']); - trigger_error($user->lang['USER_DELETED'] . adm_back_link($this->u_action)); + trigger_error($user->lang['USER_DELETED'] . adm_back_link( + (empty($redirect)) ? $this->u_action : $redirect_url + ) + ); } else { - confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( + $delete_confirm_hidden_fields = array( 'u' => $user_id, 'i' => $id, 'mode' => $mode, 'action' => $action, 'update' => true, 'delete' => 1, - 'delete_type' => $delete_type)) + 'delete_type' => $delete_type, ); + + // Checks if the redirection page is specified + if (!empty($redirect)) + { + $delete_confirm_hidden_fields['redirect'] = $redirect; + } + + confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields($delete_confirm_hidden_fields)); } } else @@ -338,7 +360,10 @@ class acp_users if ($config['email_enable']) { - include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); + if (!class_exists('messenger')) + { + include($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); + } $server_url = generate_board_url(); @@ -421,7 +446,10 @@ class acp_users $phpbb_notifications = $phpbb_container->get('notification_manager'); $phpbb_notifications->delete_notifications('notification.type.admin_activate_user', $user_row['user_id']); - include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); + if (!class_exists('messenger')) + { + include($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); + } $messenger = new messenger(false); @@ -1345,7 +1373,10 @@ class acp_users case 'profile': - include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + if (!function_exists('user_get_id_name')) + { + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + } $cp = $phpbb_container->get('profilefields.manager'); @@ -1504,7 +1535,10 @@ class acp_users case 'prefs': - include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + if (!function_exists('user_get_id_name')) + { + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + } $data = array( 'dateformat' => utf8_normalize_nfc(request_var('dateformat', $user_row['user_dateformat'], true)), @@ -1553,7 +1587,7 @@ class acp_users if ($submit) { $error = validate_data($data, array( - 'dateformat' => array('string', false, 1, 30), + 'dateformat' => array('string', false, 1, 64), 'lang' => array('match', false, '#^[a-z_\-]{2,}$#i'), 'tz' => array('timezone'), @@ -1774,13 +1808,12 @@ class acp_users case 'avatar': - include($phpbb_root_path . 'includes/functions_display.' . $phpEx); - $avatars_enabled = false; + /** @var \phpbb\avatar\manager $phpbb_avatar_manager */ + $phpbb_avatar_manager = $phpbb_container->get('avatar.manager'); if ($config['allow_avatar']) { - $phpbb_avatar_manager = $phpbb_container->get('avatar.manager'); $avatar_drivers = $phpbb_avatar_manager->get_enabled_drivers(); // This is normalised data, without the user_ prefix @@ -1841,14 +1874,21 @@ class acp_users $selected_driver = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', $user_row['user_avatar_type'])); + // Assign min and max values before generating avatar driver html + $template->assign_vars(array( + 'AVATAR_MIN_WIDTH' => $config['avatar_min_width'], + 'AVATAR_MAX_WIDTH' => $config['avatar_max_width'], + 'AVATAR_MIN_HEIGHT' => $config['avatar_min_height'], + 'AVATAR_MAX_HEIGHT' => $config['avatar_max_height'], + )); + foreach ($avatar_drivers as $current_driver) { $driver = $phpbb_avatar_manager->get_driver($current_driver); $avatars_enabled = true; - $config_name = $phpbb_avatar_manager->get_driver_config_name($driver); $template->set_filenames(array( - 'avatar' => "acp_avatar_options_{$config_name}.html", + 'avatar' => $driver->get_acp_template_name(), )); if ($driver->prepare_form($request, $template, $user, $avatar_data, $error)) @@ -1868,8 +1908,12 @@ class acp_users } } - // Replace "error" strings with their real, localised form - $error = $phpbb_avatar_manager->localize_errors($user, $error); + // Avatar manager is not initialized if avatars are disabled + if (isset($phpbb_avatar_manager)) + { + // Replace "error" strings with their real, localised form + $error = $phpbb_avatar_manager->localize_errors($user, $error); + } $avatar = phpbb_get_user_avatar($user_row, 'USER_AVATAR', true); @@ -1930,8 +1974,15 @@ class acp_users case 'sig': - include_once($phpbb_root_path . 'includes/functions_posting.' . $phpEx); - include_once($phpbb_root_path . 'includes/functions_display.' . $phpEx); + if (!function_exists('generate_smilies')) + { + include($phpbb_root_path . 'includes/functions_posting.' . $phpEx); + } + + if (!function_exists('display_custom_bbcodes')) + { + include($phpbb_root_path . 'includes/functions_display.' . $phpEx); + } $enable_bbcode = ($config['allow_sig_bbcode']) ? (bool) $this->optionget($user_row, 'sig_bbcode') : false; $enable_smilies = ($config['allow_sig_smilies']) ? (bool) $this->optionget($user_row, 'sig_smilies') : false; @@ -1942,7 +1993,10 @@ class acp_users if ($submit || $preview) { - include_once($phpbb_root_path . 'includes/message_parser.' . $phpEx); + if (!class_exists('messenger')) + { + include($phpbb_root_path . 'includes/message_parser.' . $phpEx); + } $enable_bbcode = ($config['allow_sig_bbcode']) ? ((request_var('disable_bbcode', false)) ? false : true) : false; $enable_smilies = ($config['allow_sig_smilies']) ? ((request_var('disable_smilies', false)) ? false : true) : false; @@ -2183,7 +2237,10 @@ class acp_users case 'groups': - include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + if (!function_exists('group_user_attributes')) + { + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + } $user->add_lang(array('groups', 'acp/groups')); $group_id = request_var('g', 0); @@ -2217,6 +2274,12 @@ class acp_users { trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } + + if (!check_link_hash($request->variable('hash', ''), 'acp_users')) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + group_user_attributes($action, $group_id, $user_id); if ($action == 'default') @@ -2374,8 +2437,8 @@ class acp_users { $template->assign_block_vars('group', array( 'U_EDIT_GROUP' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=groups&mode=manage&action=edit&u=$user_id&g={$data['group_id']}&back_link=acp_users_groups"), - 'U_DEFAULT' => $this->u_action . "&action=default&u=$user_id&g=" . $data['group_id'], - 'U_DEMOTE_PROMOTE' => $this->u_action . '&action=' . (($data['group_leader']) ? 'demote' : 'promote') . "&u=$user_id&g=" . $data['group_id'], + 'U_DEFAULT' => $this->u_action . "&action=default&u=$user_id&g=" . $data['group_id'] . '&hash=' . generate_link_hash('acp_users'), + 'U_DEMOTE_PROMOTE' => $this->u_action . '&action=' . (($data['group_leader']) ? 'demote' : 'promote') . "&u=$user_id&g=" . $data['group_id'] . '&hash=' . generate_link_hash('acp_users'), 'U_DELETE' => $this->u_action . "&action=delete&u=$user_id&g=" . $data['group_id'], 'U_APPROVE' => ($group_type == 'pending') ? $this->u_action . "&action=approve&u=$user_id&g=" . $data['group_id'] : '', @@ -2399,7 +2462,10 @@ class acp_users case 'perm': - include_once($phpbb_root_path . 'includes/acp/auth.' . $phpEx); + if (!class_exists('auth_admin')) + { + include($phpbb_root_path . 'includes/acp/auth.' . $phpEx); + } $auth_admin = new auth_admin(); diff --git a/phpBB/includes/acp/auth.php b/phpBB/includes/acp/auth.php index 905e981cdc..52c45499b2 100644 --- a/phpBB/includes/acp/auth.php +++ b/phpBB/includes/acp/auth.php @@ -1113,6 +1113,11 @@ class auth_admin extends \phpbb\auth\auth @reset($category_array); while (list($cat, $cat_array) = each($category_array)) { + if (!$phpbb_permissions->category_defined($cat)) + { + continue; + } + $template->assign_block_vars($tpl_cat, array( 'S_YES' => ($cat_array['S_YES'] && !$cat_array['S_NEVER'] && !$cat_array['S_NO']) ? true : false, 'S_NEVER' => ($cat_array['S_NEVER'] && !$cat_array['S_YES'] && !$cat_array['S_NO']) ? true : false, @@ -1139,6 +1144,11 @@ class auth_admin extends \phpbb\auth\auth @reset($cat_array['permissions']); while (list($permission, $allowed) = each($cat_array['permissions'])) { + if (!$phpbb_permissions->permission_defined($permission)) + { + continue; + } + if ($s_view) { $template->assign_block_vars($tpl_cat . '.' . $tpl_mask, array( |