diff options
Diffstat (limited to 'phpBB/includes/functions.php')
| -rw-r--r-- | phpBB/includes/functions.php | 28 |
1 files changed, 19 insertions, 9 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 03cd235f86..4d962db308 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2344,7 +2344,7 @@ function reapply_sid($url) */ function build_url($strip_vars = false) { - global $user, $phpbb_root_path; + global $config, $user, $phpEx, $phpbb_root_path; $page = $user->page['page']; @@ -2357,6 +2357,12 @@ function build_url($strip_vars = false) // URL if ($url_parts === false || empty($url_parts['scheme']) || empty($url_parts['host'])) { + // Remove 'app.php/' from the page, when rewrite is enabled + if ($config['enable_mod_rewrite'] && strpos($page, 'app.' . $phpEx . '/') === 0) + { + $page = substr($page, strlen('app.' . $phpEx . '/')); + } + $page = $phpbb_root_path . $page; } @@ -2673,7 +2679,7 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo } else { - page_header(((!isset($user->lang[$title])) ? $user->lang['CONFIRM'] : $user->lang[$title]), false); + page_header((!isset($user->lang[$title])) ? $user->lang['CONFIRM'] : $user->lang[$title]); } $template->set_filenames(array( @@ -2950,7 +2956,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa 'PASSWORD_CREDENTIAL' => ($admin) ? 'password_' . $credential : 'password', )); - page_header($user->lang['LOGIN'], false); + page_header($user->lang['LOGIN']); $template->set_filenames(array( 'body' => 'login_body.html') @@ -3026,7 +3032,7 @@ function login_forum_box($forum_data) $template->assign_var('LOGIN_ERROR', $user->lang['WRONG_PASSWORD']); } - page_header($user->lang['LOGIN'], false); + page_header($user->lang['LOGIN']); $template->assign_vars(array( 'FORUM_NAME' => isset($forum_data['forum_name']) ? $forum_data['forum_name'] : '', @@ -3117,7 +3123,7 @@ function parse_cfg_file($filename, $lines = false) } // Determine first occurrence, since in values the equal sign is allowed - $key = strtolower(trim(substr($line, 0, $delim_pos))); + $key = htmlspecialchars(strtolower(trim(substr($line, 0, $delim_pos)))); $value = trim(substr($line, $delim_pos + 1)); if (in_array($value, array('off', 'false', '0'))) @@ -3134,7 +3140,11 @@ function parse_cfg_file($filename, $lines = false) } else if (($value[0] == "'" && $value[sizeof($value) - 1] == "'") || ($value[0] == '"' && $value[sizeof($value) - 1] == '"')) { - $value = substr($value, 1, sizeof($value)-2); + $value = htmlspecialchars(substr($value, 1, sizeof($value)-2)); + } + else + { + $value = htmlspecialchars($value); } $parsed_items[$key] = $value; @@ -3935,7 +3945,7 @@ function msg_handler($errno, $msg_text, $errfile, $errline) } else { - page_header($msg_title, false); + page_header($msg_title); } } @@ -4612,7 +4622,7 @@ function phpbb_build_hidden_fields_for_query_params($request, $exclude = null) /** * Generate page header */ -function page_header($page_title = '', $display_online_list = true, $item_id = 0, $item = 'forum') +function page_header($page_title = '', $display_online_list = false, $item_id = 0, $item = 'forum') { global $db, $config, $template, $SID, $_SID, $_EXTRA_URL, $user, $auth, $phpEx, $phpbb_root_path; global $phpbb_dispatcher, $request, $phpbb_container, $phpbb_admin_path; @@ -4902,7 +4912,7 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0 'S_TOPIC_ID' => $topic_id, 'S_LOGIN_ACTION' => ((!defined('ADMIN_START')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=login') : append_sid("{$phpbb_admin_path}index.$phpEx", false, true, $user->session_id)), - 'S_LOGIN_REDIRECT' => build_hidden_fields(array('redirect' => build_url())), + 'S_LOGIN_REDIRECT' => build_hidden_fields(array('redirect' => $phpbb_path_helper->remove_web_root_path(build_url()))), 'S_ENABLE_FEEDS' => ($config['feed_enable']) ? true : false, 'S_ENABLE_FEEDS_OVERALL' => ($config['feed_overall']) ? true : false, |