aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes/functions.php
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes/functions.php')
-rw-r--r--phpBB/includes/functions.php100
1 files changed, 75 insertions, 25 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 940484a0ea..d460497669 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -2309,7 +2309,7 @@ function redirect($url, $return = false, $disable_cd_check = false)
// Attention: only able to redirect within the same domain if $disable_cd_check is false (yourdomain.com -> www.yourdomain.com will not work)
if (!$disable_cd_check && $url_parts['host'] !== $user->host)
{
- $url = generate_board_url();
+ trigger_error('INSECURE_REDIRECT', E_USER_ERROR);
}
}
else if ($url[0] == '/')
@@ -2347,7 +2347,7 @@ function redirect($url, $return = false, $disable_cd_check = false)
// Clean URL and check if we go outside the forum directory
$url = $phpbb_path_helper->clean_url($url);
- if (!$disable_cd_check && strpos($url, generate_board_url(true)) === false)
+ if (!$disable_cd_check && strpos($url, generate_board_url(true) . '/') !== 0)
{
trigger_error('INSECURE_REDIRECT', E_USER_ERROR);
}
@@ -2389,7 +2389,7 @@ function redirect($url, $return = false, $disable_cd_check = false)
}
// Redirect via an HTML form for PITA webservers
- if (@preg_match('#Microsoft|WebSTAR|Xitami#', getenv('SERVER_SOFTWARE')))
+ if (@preg_match('#WebSTAR|Xitami#', getenv('SERVER_SOFTWARE')))
{
header('Refresh: 0; URL=' . $url);
@@ -2544,13 +2544,19 @@ function phpbb_request_http_version()
{
global $request;
+ $version = '';
if ($request && $request->server('SERVER_PROTOCOL'))
{
- return $request->server('SERVER_PROTOCOL');
+ $version = $request->server('SERVER_PROTOCOL');
}
else if (isset($_SERVER['SERVER_PROTOCOL']))
{
- return $_SERVER['SERVER_PROTOCOL'];
+ $version = $_SERVER['SERVER_PROTOCOL'];
+ }
+
+ if (!empty($version) && is_string($version) && preg_match('#^HTTP/[0-9]\.[0-9]$#', $version))
+ {
+ return $version;
}
return 'HTTP/1.0';
@@ -2920,19 +2926,6 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
// Special cases... determine
switch ($result['status'])
{
- case LOGIN_ERROR_ATTEMPTS:
-
- $captcha = $phpbb_container->get('captcha.factory')->get_instance($config['captcha_plugin']);
- $captcha->init(CONFIRM_LOGIN);
- // $captcha->reset();
-
- $template->assign_vars(array(
- 'CAPTCHA_TEMPLATE' => $captcha->get_template(),
- ));
-
- $err = $user->lang[$result['error_msg']];
- break;
-
case LOGIN_ERROR_PASSWORD_CONVERT:
$err = sprintf(
$user->lang[$result['error_msg']],
@@ -2943,6 +2936,17 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
);
break;
+ case LOGIN_ERROR_ATTEMPTS:
+
+ $captcha = $phpbb_container->get('captcha.factory')->get_instance($config['captcha_plugin']);
+ $captcha->init(CONFIRM_LOGIN);
+ // $captcha->reset();
+
+ $template->assign_vars(array(
+ 'CAPTCHA_TEMPLATE' => $captcha->get_template(),
+ ));
+ // no break;
+
// Username, password, etc...
default:
$err = $user->lang[$result['error_msg']];
@@ -3347,7 +3351,7 @@ function get_preg_expression($mode)
case 'email':
// Regex written by James Watts and Francisco Jose Martin Moreno
// http://fightingforalostcause.net/misc/2006/compare-email-regex.php
- return '([\w\!\#$\%\&\'\*\+\-\/\=\?\^\`{\|\}\~]+\.)*(?:[\w\!\#$\%\'\*\+\-\/\=\?\^\`{\|\}\~]|&)+@((((([a-z0-9]{1}[a-z0-9\-]{0,62}[a-z0-9]{1})|[a-z])\.)+[a-z]{2,63})|(\d{1,3}\.){3}\d{1,3}(\:\d{1,5})?)';
+ return '((?:[\w\!\#$\%\&\'\*\+\-\/\=\?\^\`{\|\}\~]+\.)*(?:[\w\!\#$\%\'\*\+\-\/\=\?\^\`{\|\}\~]|&)+)@((((([a-z0-9]{1}[a-z0-9\-]{0,62}[a-z0-9]{1})|[a-z])\.)+[a-z]{2,63})|(\d{1,3}\.){3}\d{1,3}(\:\d{1,5})?)';
break;
case 'bbcode_htm':
@@ -4247,9 +4251,10 @@ function obtain_users_online($item_id = 0, $item = 'forum')
*/
function obtain_users_online_string($online_users, $item_id = 0, $item = 'forum')
{
- global $config, $db, $user, $auth;
+ global $config, $db, $user, $auth, $phpbb_dispatcher;
- $user_online_link = $online_userlist = '';
+ $guests_online = $hidden_online = $l_online_users = $online_userlist = $visible_online = '';
+ $user_online_link = $rowset = array();
// Need caps version of $item for language-strings
$item_caps = strtoupper($item);
@@ -4259,9 +4264,28 @@ function obtain_users_online_string($online_users, $item_id = 0, $item = 'forum'
FROM ' . USERS_TABLE . '
WHERE ' . $db->sql_in_set('user_id', $online_users['online_users']) . '
ORDER BY username_clean ASC';
+
+ /**
+ * Modify SQL query to obtain online users data
+ *
+ * @event core.obtain_users_online_string_sql
+ * @var array online_users Array with online users data
+ * from obtain_users_online()
+ * @var int item_id Restrict online users to item id
+ * @var string item Restrict online users to a certain
+ * session item, e.g. forum for
+ * session_forum_id
+ * @var string sql SQL query to obtain users online data
+ * @since 3.1.4-RC1
+ */
+ $vars = array('online_users', 'item_id', 'item', 'sql');
+ extract($phpbb_dispatcher->trigger_event('core.obtain_users_online_string_sql', compact($vars)));
+
$result = $db->sql_query($sql);
+ $rowset = $db->sql_fetchrowset($result);
+ $db->sql_freeresult($result);
- while ($row = $db->sql_fetchrow($result))
+ foreach ($rowset as $row)
{
// User is logged in and therefore not a guest
if ($row['user_id'] != ANONYMOUS)
@@ -4273,13 +4297,12 @@ function obtain_users_online_string($online_users, $item_id = 0, $item = 'forum'
if (!isset($online_users['hidden_users'][$row['user_id']]) || $auth->acl_get('u_viewonline'))
{
- $user_online_link = get_username_string(($row['user_type'] <> USER_IGNORE) ? 'full' : 'no_profile', $row['user_id'], $row['username'], $row['user_colour']);
- $online_userlist .= ($online_userlist != '') ? ', ' . $user_online_link : $user_online_link;
+ $user_online_link[$row['user_id']] = get_username_string(($row['user_type'] <> USER_IGNORE) ? 'full' : 'no_profile', $row['user_id'], $row['username'], $row['user_colour']);
}
}
}
- $db->sql_freeresult($result);
}
+ $online_userlist = implode(', ', $user_online_link);
if (!$online_userlist)
{
@@ -4312,6 +4335,33 @@ function obtain_users_online_string($online_users, $item_id = 0, $item = 'forum'
$l_online_users = $user->lang('ONLINE_USERS_TOTAL', (int) $online_users['total_online'], $visible_online, $hidden_online);
}
+ /**
+ * Modify online userlist data
+ *
+ * @event core.obtain_users_online_string_modify
+ * @var array online_users Array with online users data
+ * from obtain_users_online()
+ * @var int item_id Restrict online users to item id
+ * @var string item Restrict online users to a certain
+ * session item, e.g. forum for
+ * session_forum_id
+ * @var array rowset Array with online users data
+ * @var array user_online_link Array with online users items (usernames)
+ * @var string online_userlist String containing users online list
+ * @var string l_online_users String with total online users count info
+ * @since 3.1.4-RC1
+ */
+ $vars = array(
+ 'online_users',
+ 'item_id',
+ 'item',
+ 'rowset',
+ 'user_online_link',
+ 'online_userlist',
+ 'l_online_users',
+ );
+ extract($phpbb_dispatcher->trigger_event('core.obtain_users_online_string_modify', compact($vars)));
+
return array(
'online_userlist' => $online_userlist,
'l_online_users' => $l_online_users,
generated by cgit v1.2.1 (git 2.21.0) at 2025-07-29 14:08:22 +0000