diff options
Diffstat (limited to 'phpBB/includes/functions.php')
| -rw-r--r-- | phpBB/includes/functions.php | 337 |
1 files changed, 19 insertions, 318 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 667aa2df19..d2d5b503a2 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2516,11 +2516,14 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa $s_hidden_fields = build_hidden_fields($s_hidden_fields); + /** @var \phpbb\controller\helper $controller_helper */ + $controller_helper = $phpbb_container->get('controller.helper'); + $login_box_template_data = array( 'LOGIN_ERROR' => $err, 'LOGIN_EXPLAIN' => $l_explain, - 'U_SEND_PASSWORD' => ($config['email_enable']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=sendpassword') : '', + 'U_SEND_PASSWORD' => ($config['email_enable']) ? $controller_helper->route('phpbb_ucp_forgot_password_controller') : '', 'U_RESEND_ACTIVATION' => ($config['require_activation'] == USER_ACTIVATION_SELF && $config['email_enable']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=resend_act') : '', 'U_TERMS_USE' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=terms'), 'U_PRIVACY' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=privacy'), @@ -2848,10 +2851,13 @@ function get_preg_expression($mode) // Whoa these look impressive! // The code to generate the following two regular expressions which match valid IPv4/IPv6 addresses // can be found in the develop directory + + // @deprecated case 'ipv4': return '#^(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])$#'; break; + // @deprecated case 'ipv6': return '#^(?:(?:(?:[\dA-F]{1,4}:){6}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:::(?:[\dA-F]{1,4}:){0,5}(?:[\dA-F]{1,4}(?::[\dA-F]{1,4})?|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:):(?:[\dA-F]{1,4}:){4}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,2}:(?:[\dA-F]{1,4}:){3}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,3}:(?:[\dA-F]{1,4}:){2}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,4}:(?:[\dA-F]{1,4}:)(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,5}:(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,6}:[\dA-F]{1,4})|(?:(?:[\dA-F]{1,4}:){1,7}:)|(?:::))$#i'; break; @@ -2977,331 +2983,26 @@ function short_ipv6($ip, $length) * @return mixed false if specified address is not valid, * string otherwise */ -function phpbb_ip_normalise($address) -{ - $address = trim($address); - - if (empty($address) || !is_string($address)) - { - return false; - } - - if (preg_match(get_preg_expression('ipv4'), $address)) - { - return $address; - } - - return phpbb_inet_ntop(phpbb_inet_pton($address)); -} - -/** -* Wrapper for inet_ntop() -* -* Converts a packed internet address to a human readable representation -* inet_ntop() is supported by PHP since 5.1.0, since 5.3.0 also on Windows. -* -* @param string $in_addr A 32bit IPv4, or 128bit IPv6 address. -* -* @return mixed false on failure, -* string otherwise -*/ -function phpbb_inet_ntop($in_addr) -{ - $in_addr = bin2hex($in_addr); - - switch (strlen($in_addr)) - { - case 8: - return implode('.', array_map('hexdec', str_split($in_addr, 2))); - - case 32: - if (substr($in_addr, 0, 24) === '00000000000000000000ffff') - { - return phpbb_inet_ntop(pack('H*', substr($in_addr, 24))); - } - - $parts = str_split($in_addr, 4); - $parts = preg_replace('/^0+(?!$)/', '', $parts); - $ret = implode(':', $parts); - - $matches = array(); - preg_match_all('/(?<=:|^)(?::?0){2,}/', $ret, $matches, PREG_OFFSET_CAPTURE); - $matches = $matches[0]; - - if (empty($matches)) - { - return $ret; - } - - $longest_match = ''; - $longest_match_offset = 0; - foreach ($matches as $match) - { - if (strlen($match[0]) > strlen($longest_match)) - { - $longest_match = $match[0]; - $longest_match_offset = $match[1]; - } - } - - $ret = substr_replace($ret, '', $longest_match_offset, strlen($longest_match)); - - if ($longest_match_offset == strlen($ret)) - { - $ret .= ':'; - } - - if ($longest_match_offset == 0) - { - $ret = ':' . $ret; - } - - return $ret; - - default: - return false; - } -} - -/** -* Wrapper for inet_pton() -* -* Converts a human readable IP address to its packed in_addr representation -* inet_pton() is supported by PHP since 5.1.0, since 5.3.0 also on Windows. -* -* @param string $address A human readable IPv4 or IPv6 address. -* -* @return mixed false if address is invalid, -* in_addr representation of the given address otherwise (string) -*/ -function phpbb_inet_pton($address) -{ - $ret = ''; - if (preg_match(get_preg_expression('ipv4'), $address)) - { - foreach (explode('.', $address) as $part) - { - $ret .= ($part <= 0xF ? '0' : '') . dechex($part); - } - - return pack('H*', $ret); - } - - if (preg_match(get_preg_expression('ipv6'), $address)) - { - $parts = explode(':', $address); - $missing_parts = 8 - count($parts) + 1; - - if (substr($address, 0, 2) === '::') - { - ++$missing_parts; - } - - if (substr($address, -2) === '::') - { - ++$missing_parts; - } - - $embedded_ipv4 = false; - $last_part = end($parts); - - if (preg_match(get_preg_expression('ipv4'), $last_part)) - { - $parts[count($parts) - 1] = ''; - $last_part = phpbb_inet_pton($last_part); - $embedded_ipv4 = true; - --$missing_parts; - } - - foreach ($parts as $i => $part) - { - if (strlen($part)) - { - $ret .= str_pad($part, 4, '0', STR_PAD_LEFT); - } - else if ($i && $i < count($parts) - 1) - { - $ret .= str_repeat('0000', $missing_parts); - } - } - - $ret = pack('H*', $ret); - - if ($embedded_ipv4) - { - $ret .= $last_part; - } - - return $ret; - } - - return false; -} - -/** -* Wrapper for php's checkdnsrr function. -* -* @param string $host Fully-Qualified Domain Name -* @param string $type Resource record type to lookup -* Supported types are: MX (default), A, AAAA, NS, TXT, CNAME -* Other types may work or may not work -* -* @return mixed true if entry found, -* false if entry not found, -* null if this function is not supported by this environment -* -* Since null can also be returned, you probably want to compare the result -* with === true or === false, -*/ -function phpbb_checkdnsrr($host, $type = 'MX') +function phpbb_ip_normalise(string $address) { - // The dot indicates to search the DNS root (helps those having DNS prefixes on the same domain) - if (substr($host, -1) == '.') - { - $host_fqdn = $host; - $host = substr($host, 0, -1); - } - else - { - $host_fqdn = $host . '.'; - } - // $host has format some.host.example.com - // $host_fqdn has format some.host.example.com. + $ip_normalised = false; - // If we're looking for an A record we can use gethostbyname() - if ($type == 'A' && function_exists('gethostbyname')) + if (filter_var($address, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) { - return (@gethostbyname($host_fqdn) == $host_fqdn) ? false : true; - } - - if (function_exists('checkdnsrr')) - { - return checkdnsrr($host_fqdn, $type); - } - - if (function_exists('dns_get_record')) - { - // dns_get_record() expects an integer as second parameter - // We have to convert the string $type to the corresponding integer constant. - $type_constant = 'DNS_' . $type; - $type_param = (defined($type_constant)) ? constant($type_constant) : DNS_ANY; - - // dns_get_record() might throw E_WARNING and return false for records that do not exist - $resultset = @dns_get_record($host_fqdn, $type_param); - - if (empty($resultset) || !is_array($resultset)) - { - return false; - } - else if ($type_param == DNS_ANY) - { - // $resultset is a non-empty array - return true; - } - - foreach ($resultset as $result) - { - if ( - isset($result['host']) && $result['host'] == $host && - isset($result['type']) && $result['type'] == $type - ) - { - return true; - } - } - - return false; + $ip_normalised = $address; } - - // If we're on Windows we can still try to call nslookup via exec() as a last resort - if (DIRECTORY_SEPARATOR == '\\' && function_exists('exec')) + else if (filter_var($address, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) { - @exec('nslookup -type=' . escapeshellarg($type) . ' ' . escapeshellarg($host_fqdn), $output); - - // If output is empty, the nslookup failed - if (empty($output)) - { - return NULL; - } + $ip_normalised = inet_ntop(inet_pton($address)); - foreach ($output as $line) + // If is ipv4 + if (stripos($ip_normalised, '::ffff:') === 0) { - $line = trim($line); - - if (empty($line)) - { - continue; - } - - // Squash tabs and multiple whitespaces to a single whitespace. - $line = preg_replace('/\s+/', ' ', $line); - - switch ($type) - { - case 'MX': - if (stripos($line, "$host MX") === 0) - { - return true; - } - break; - - case 'NS': - if (stripos($line, "$host nameserver") === 0) - { - return true; - } - break; - - case 'TXT': - if (stripos($line, "$host text") === 0) - { - return true; - } - break; - - case 'CNAME': - if (stripos($line, "$host canonical name") === 0) - { - return true; - } - break; - - default: - case 'AAAA': - // AAAA records returned by nslookup on Windows XP/2003 have this format. - // Later Windows versions use the A record format below for AAAA records. - if (stripos($line, "$host AAAA IPv6 address") === 0) - { - return true; - } - // No break - - case 'A': - if (!empty($host_matches)) - { - // Second line - if (stripos($line, "Address: ") === 0) - { - return true; - } - else - { - $host_matches = false; - } - } - else if (stripos($line, "Name: $host") === 0) - { - // First line - $host_matches = true; - } - break; - } + $ip_normalised = substr($ip_normalised, 7); } - - return false; } - return NULL; + return $ip_normalised; } // Handler, header and footer @@ -3392,7 +3093,7 @@ function msg_handler($errno, $msg_text, $errfile, $errline) $log_text .= '<br /><br />BACKTRACE<br />' . $backtrace; } - if (defined('IN_INSTALL') || $phpbb_container->getParameter('debug.show_errors') || isset($auth) && $auth->acl_get('a_')) + if (defined('IN_INSTALL') || ($phpbb_container != null && $phpbb_container->getParameter('debug.show_errors')) || isset($auth) && $auth->acl_get('a_')) { $msg_text = $log_text; @@ -4556,7 +4257,7 @@ function page_header($page_title = '', $display_online_list = false, $item_id = 'T_STYLESHEET_LINK' => "{$web_path}styles/" . rawurlencode($user->style['style_path']) . '/theme/stylesheet.css?assets_version=' . $config['assets_version'], 'T_STYLESHEET_LANG_LINK'=> "{$web_path}styles/" . rawurlencode($user->style['style_path']) . '/theme/' . $user->lang_name . '/stylesheet.css?assets_version=' . $config['assets_version'], 'T_FONT_AWESOME_LINK' => !empty($config['allow_cdn']) && !empty($config['load_font_awesome_url']) ? $config['load_font_awesome_url'] : "{$web_path}assets/css/font-awesome.min.css?assets_version=" . $config['assets_version'], - 'T_JQUERY_LINK' => !empty($config['allow_cdn']) && !empty($config['load_jquery_url']) ? $config['load_jquery_url'] : "{$web_path}assets/javascript/jquery.min.js?assets_version=" . $config['assets_version'], + 'T_JQUERY_LINK' => !empty($config['allow_cdn']) && !empty($config['load_jquery_url']) ? $config['load_jquery_url'] : "{$web_path}assets/javascript/jquery-3.4.1.min.js?assets_version=" . $config['assets_version'], 'S_ALLOW_CDN' => !empty($config['allow_cdn']), 'S_COOKIE_NOTICE' => !empty($config['cookie_notice']), |