1 files changed, 62 insertions, 24 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index e905375f4a..e1f96c0b1e 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -442,6 +442,13 @@ function phpbb_hash($password)
 */
 function phpbb_check_hash($password, $hash)
 {
+	if (strlen($password) > 4096)
+	{
+		// If the password is too huge, we will simply reject it
+		// and not let the server try to hash it.
+		return false;
+	}
+
 	$itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
 	if (strlen($hash) == 34)
 	{
@@ -1056,31 +1063,32 @@ else
 */
 function phpbb_clean_path($path)
 {
-	global $phpbb_container;
+	global $phpbb_path_helper, $phpbb_container;
 
-	if ($phpbb_container)
+	if (!$phpbb_path_helper && $phpbb_container)
 	{
-		$phpbb_filesystem = $phpbb_container->get('filesystem');
+		$phpbb_path_helper = $phpbb_container->get('path_helper');
 	}
-	else
+	else if (!$phpbb_path_helper)
 	{
 		// The container is not yet loaded, use a new instance
-		if (!class_exists('\phpbb\filesystem'))
+		if (!class_exists('\phpbb\path_helper'))
 		{
 			global $phpbb_root_path, $phpEx;
-			require($phpbb_root_path . 'includes/filesystem.' . $phpEx);
+			require($phpbb_root_path . 'phpbb/path_helper.' . $phpEx);
 		}
 
-		$phpbb_filesystem = new phpbb\filesystem(
+		$phpbb_path_helper = new phpbb\path_helper(
 			new phpbb\symfony_request(
 				new phpbb\request\request()
 			),
+			new phpbb\filesystem(),
 			$phpbb_root_path,
 			$phpEx
 		);
 	}
 
-	return $phpbb_filesystem->clean_path($path);
+	return $phpbb_path_helper->clean_path($path);
 }
 
 // functions used for building option fields
@@ -2205,6 +2213,32 @@ function tracking_unserialize($string, $max_depth = 3)
 }
 
 // Pagination functions
+/**
+* Generate a pagination link based on the url and the page information
+*
+* @param string $base_url is url prepended to all links generated within the function
+*							If you use page numbers inside your controller route, base_url should contains a placeholder (%d)
+*							for the page. Also be sure to specify the pagination path information into the start_name argument
+* @param string $on_page is the page for which we want to generate the link
+* @param string $start_name is the name of the parameter containing the first item of the given page (example: start=20)
+*							If you use page numbers inside your controller route, start name should be the string
+*							that should be removed for the first page (example: /page/%d)
+* @param int $per_page the number of items, posts, etc. to display per page, used to determine the number of pages to produce
+* @return URL for the requested page
+*/
+function phpbb_generate_page_link($base_url, $on_page, $start_name, $per_page)
+{
+
+	if (strpos($start_name, '%d') !== false)
+	{
+		return ($on_page > 1) ? sprintf($base_url, (int) $on_page) : str_replace($start_name, '', $base_url);
+	}
+	else
+	{
+		$url_delim = (strpos($base_url, '?') === false) ? '?' : ((strpos($base_url, '?') === strlen($base_url) - 1) ? '' : '&amp;');
+		return ($on_page > 1) ? $base_url . $url_delim . $start_name . '=' . (($on_page - 1) * $per_page) : $base_url;
+	}
+}
 
 /**
 * Generate template rendered pagination
@@ -2212,8 +2246,12 @@ function tracking_unserialize($string, $max_depth = 3)
 *
 * @param object $template the template object
 * @param string $base_url is url prepended to all links generated within the function
+*							If you use page numbers inside your controller route, base_url should contains a placeholder (%d)
+*							for the page. Also be sure to specify the pagination path information into the start_name argument
 * @param string $block_var_name is the name assigned to the pagination data block within the template (example: <!-- BEGIN pagination -->)
 * @param string $start_name is the name of the parameter containing the first item of the given page (example: start=20)
+*							If you use page numbers inside your controller route, start name should be the string
+*							that should be removed for the first page (example: /page/%d)
 * @param int $num_items the total number of items, posts, etc., used to determine the number of pages to produce
 * @param int $per_page the number of items, posts, etc. to display per page, used to determine the number of pages to produce
 * @param int $start_item the item which should be considered currently active, used to determine the page we're on
@@ -2233,7 +2271,6 @@ function phpbb_generate_template_pagination($template, $base_url, $block_var_nam
 	}
 
 	$on_page = floor($start_item / $per_page) + 1;
-	$url_delim = (strpos($base_url, '?') === false) ? '?' : ((strpos($base_url, '?') === strlen($base_url) - 1) ? '' : '&amp;');
 
 	if ($reverse_count)
 	{
@@ -2261,11 +2298,14 @@ function phpbb_generate_template_pagination($template, $base_url, $block_var_nam
 		$end_page = ($total_pages > 5) ? max(min($total_pages, $on_page + 3), 5) : $total_pages;
 	}
 
+	$u_previous_page = $u_next_page = '';
 	if ($on_page != 1)
 	{
+		$u_previous_page = phpbb_generate_page_link($base_url, $on_page - 1, $start_name, $per_page);
+
 		$template->assign_block_vars($block_var_name, array(
 			'PAGE_NUMBER'	=> '',
-			'PAGE_URL'		=> $base_url . $url_delim . $start_name . '=' . (($on_page - 2) * $per_page),
+			'PAGE_URL'		=> $u_previous_page,
 			'S_IS_CURRENT'	=> false,
 			'S_IS_PREV'		=> true,
 			'S_IS_NEXT'		=> false,
@@ -2279,15 +2319,13 @@ function phpbb_generate_template_pagination($template, $base_url, $block_var_nam
 	$at_page = 1;
 	do
 	{
-		$page_url = $base_url . (($at_page == 1) ? '' : $url_delim . $start_name . '=' . (($at_page - 1) * $per_page));
-
 		// We decide whether to display the ellipsis during the loop. The ellipsis is always
 		// displayed as either the second or penultimate item in the list. So are we at either
 		// of those points and of course do we even need to display it, i.e. is the list starting
 		// on at least page 3 and ending three pages before the final item.
 		$template->assign_block_vars($block_var_name, array(
 			'PAGE_NUMBER'	=> $at_page,
-			'PAGE_URL'		=> $page_url,
+			'PAGE_URL'		=> phpbb_generate_page_link($base_url, $at_page, $start_name, $per_page),
 			'S_IS_CURRENT'	=> (!$ignore_on_page && $at_page == $on_page),
 			'S_IS_NEXT'		=> false,
 			'S_IS_PREV'		=> false,
@@ -2317,9 +2355,11 @@ function phpbb_generate_template_pagination($template, $base_url, $block_var_nam
 
 	if ($on_page != $total_pages)
 	{
+		$u_next_page = phpbb_generate_page_link($base_url, $on_page + 1, $start_name, $per_page);
+
 		$template->assign_block_vars($block_var_name, array(
 			'PAGE_NUMBER'	=> '',
-			'PAGE_URL'		=> $base_url . $url_delim . $start_name . '=' . ($on_page * $per_page),
+			'PAGE_URL'		=> $u_next_page,
 			'S_IS_CURRENT'	=> false,
 			'S_IS_PREV'		=> false,
 			'S_IS_NEXT'		=> true,
@@ -2344,13 +2384,11 @@ function phpbb_generate_template_pagination($template, $base_url, $block_var_nam
 	}
 	$tpl_prefix = ($tpl_prefix == 'PAGINATION') ? '' : $tpl_prefix . '_';
 
-	$previous_page = ($on_page != 1) ? $base_url . $url_delim . $start_name . '=' . (($on_page - 2) * $per_page) : '';
-
 	$template_array = array(
 		$tpl_prefix . 'BASE_URL'		=> $base_url,
 		$tpl_prefix . 'PER_PAGE'		=> $per_page,
-		'U_' . $tpl_prefix . 'PREVIOUS_PAGE'	=> $previous_page,
-		'U_' . $tpl_prefix . 'NEXT_PAGE'		=> ($on_page != $total_pages) ? $base_url . $url_delim . $start_name . '=' . ($on_page * $per_page) : '',
+		'U_' . $tpl_prefix . 'PREVIOUS_PAGE'	=> ($on_page != 1) ? $u_previous_page : '',
+		'U_' . $tpl_prefix . 'NEXT_PAGE'		=> ($on_page != $total_pages) ? $u_next_page : '',
 		$tpl_prefix . 'TOTAL_PAGES'		=> $total_pages,
 		$tpl_prefix . 'CURRENT_PAGE'	=> $on_page,
 	);
@@ -2415,7 +2453,7 @@ function phpbb_on_page($template, $user, $base_url, $num_items, $per_page, $star
 */
 function append_sid($url, $params = false, $is_amp = true, $session_id = false)
 {
-	global $_SID, $_EXTRA_URL, $phpbb_hook, $phpbb_filesystem;
+	global $_SID, $_EXTRA_URL, $phpbb_hook, $phpbb_path_helper;
 	global $phpbb_dispatcher;
 
 	if ($params === '' || (is_array($params) && empty($params)))
@@ -2425,9 +2463,9 @@ function append_sid($url, $params = false, $is_amp = true, $session_id = false)
 	}
 
 	// Update the root path with the correct relative web path
-	if ($phpbb_filesystem instanceof \phpbb\filesystem)
+	if ($phpbb_path_helper instanceof \phpbb\path_helper)
 	{
-		$url = $phpbb_filesystem->update_web_root_path($url);
+		$url = $phpbb_path_helper->update_web_root_path($url);
 	}
 
 	$append_sid_overwrite = false;
@@ -5246,8 +5284,8 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0
 	// This path is sent with the base template paths in the assign_vars()
 	// call below. We need to correct it in case we are accessing from a
 	// controller because the web paths will be incorrect otherwise.
-	$phpbb_filesystem = $phpbb_container->get('filesystem');
-	$corrected_path = $phpbb_filesystem->get_web_root_path();
+	$phpbb_path_helper = $phpbb_container->get('path_helper');
+	$corrected_path = $phpbb_path_helper->get_web_root_path();
 	$web_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? $board_url : $corrected_path;
 
 	// Send a proper content-language to the output
@@ -5671,7 +5709,7 @@ function phpbb_to_numeric($input)
 * Convert either 3.0 dbms or 3.1 db driver class name to 3.1 db driver class name.
 *
 * If $dbms is a valid 3.1 db driver class name, returns it unchanged.
-* Otherwise prepends phpbb_db_driver_ to the dbms to convert a 3.0 dbms
+* Otherwise prepends phpbb\db\driver\ to the dbms to convert a 3.0 dbms
 * to 3.1 db driver class name.
 *
 * @param string $dbms dbms parameter