diff options
Diffstat (limited to 'phpBB/includes/functions.php')
| -rw-r--r-- | phpBB/includes/functions.php | 390 | 
1 files changed, 290 insertions, 100 deletions
| diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 561a9906c4..5914831539 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -175,8 +175,13 @@ function set_config_count($config_name, $increment, $is_dynamic = false)  	switch ($db->sql_layer)  	{  		case 'firebird': +			// Precision must be from 1 to 18 +			$sql_update = 'CAST(CAST(config_value as DECIMAL(18, 0)) + ' . (int) $increment . ' as VARCHAR(255))'; +		break; +  		case 'postgres': -			$sql_update = 'CAST(CAST(config_value as DECIMAL(255, 0)) + ' . (int) $increment . ' as VARCHAR(255))'; +			// Need to cast to text first for PostgreSQL 7.x +			$sql_update = 'CAST(CAST(config_value::text as DECIMAL(255, 0)) + ' . (int) $increment . ' as VARCHAR(255))';  		break;  		// MySQL, SQlite, mssql, mssql_odbc, oracle @@ -236,8 +241,8 @@ function unique_id($extra = 'c')  	if ($dss_seeded !== true && ($config['rand_seed_last_update'] < time() - rand(1,10)))  	{ -		set_config('rand_seed', $config['rand_seed'], true);  		set_config('rand_seed_last_update', time(), true); +		set_config('rand_seed', $config['rand_seed'], true);  		$dss_seeded = true;  	} @@ -245,6 +250,43 @@ function unique_id($extra = 'c')  }  /** +* Wrapper for mt_rand() which allows swapping $min and $max parameters. +* +* PHP does not allow us to swap the order of the arguments for mt_rand() anymore. +* (since PHP 5.3.4, see http://bugs.php.net/46587) +* +* @param int $min		Lowest value to be returned +* @param int $max		Highest value to be returned +* +* @return int			Random integer between $min and $max (or $max and $min) +*/ +function phpbb_mt_rand($min, $max) +{ +	return ($min > $max) ? mt_rand($max, $min) : mt_rand($min, $max); +} + +/** +* Wrapper for getdate() which returns the equivalent array for UTC timestamps. +* +* @param int $time		Unix timestamp (optional) +* +* @return array			Returns an associative array of information related to the timestamp. +*						See http://www.php.net/manual/en/function.getdate.php +*/ +function phpbb_gmgetdate($time = false) +{ +	if ($time === false) +	{ +		$time = time(); +	} + +	// getdate() interprets timestamps in local time. +	// What follows uses the fact that getdate() and +	// date('Z') balance each other out. +	return getdate($time - date('Z')); +} + +/**  * Return formatted string for filesizes  *  * @param int	$value			filesize in bytes @@ -512,7 +554,7 @@ function _hash_crypt_private($password, $setting, &$itoa64)  	$output = '*';  	// Check for correct hash -	if (substr($setting, 0, 3) != '$H$') +	if (substr($setting, 0, 3) != '$H$' && substr($setting, 0, 3) != '$P$')  	{  		return $output;  	} @@ -578,6 +620,34 @@ function phpbb_email_hash($email)  }  /** +* Wrapper for version_compare() that allows using uppercase A and B +* for alpha and beta releases. +* +* See http://www.php.net/manual/en/function.version-compare.php +* +* @param string $version1		First version number +* @param string $version2		Second version number +* @param string $operator		Comparison operator (optional) +* +* @return mixed					Boolean (true, false) if comparison operator is specified. +*								Integer (-1, 0, 1) otherwise. +*/ +function phpbb_version_compare($version1, $version2, $operator = null) +{ +	$version1 = strtolower($version1); +	$version2 = strtolower($version2); + +	if (is_null($operator)) +	{ +		return version_compare($version1, $version2); +	} +	else +	{ +		return version_compare($version1, $version2, $operator); +	} +} + +/**  * Global function for chmodding directories and files for internal use  *  * This function determines owner and group whom the file belongs to and user and group of PHP and then set safest possible file permissions. @@ -1698,7 +1768,7 @@ function get_unread_topics($user_id = false, $sql_extra = '', $sql_sort = '', $s  	if ($config['load_db_lastread'] && $user->data['is_registered'])  	{  		// Get list of the unread topics -		$last_mark = $user->data['user_lastmark']; +		$last_mark = (int) $user->data['user_lastmark'];  		$sql_array = array(  			'SELECT'		=> 't.topic_id, t.topic_last_post_time, tt.mark_time as topic_mark_time, ft.mark_time as forum_mark_time', @@ -1717,10 +1787,11 @@ function get_unread_topics($user_id = false, $sql_extra = '', $sql_sort = '', $s  			),  			'WHERE'			=> " +				 t.topic_last_post_time > $last_mark AND  				(  				(tt.mark_time IS NOT NULL AND t.topic_last_post_time > tt.mark_time) OR  				(tt.mark_time IS NULL AND ft.mark_time IS NOT NULL AND t.topic_last_post_time > ft.mark_time) OR -				(tt.mark_time IS NULL AND ft.mark_time IS NULL AND t.topic_last_post_time > $last_mark) +				(tt.mark_time IS NULL AND ft.mark_time IS NULL)  				)  				$sql_extra  				$sql_sort", @@ -1809,7 +1880,7 @@ function get_unread_topics($user_id = false, $sql_extra = '', $sql_sort = '', $s  */  function update_forum_tracking_info($forum_id, $forum_last_post_time, $f_mark_time = false, $mark_time_forum = false)  { -	global $db, $tracking_topics, $user, $config; +	global $db, $tracking_topics, $user, $config, $auth;  	// Determine the users last forum mark time if not given.  	if ($mark_time_forum === false) @@ -1832,6 +1903,10 @@ function update_forum_tracking_info($forum_id, $forum_last_post_time, $f_mark_ti  		}  	} +	// Handle update of unapproved topics info. +	// Only update for moderators having m_approve permission for the forum. +	$sql_update_unapproved = ($auth->acl_get('m_approve', $forum_id)) ? '': 'AND t.topic_approved = 1'; +  	// Check the forum for any left unread topics.  	// If there are none, we mark the forum as read.  	if ($config['load_db_lastread'] && $user->data['is_registered']) @@ -1843,13 +1918,17 @@ function update_forum_tracking_info($forum_id, $forum_last_post_time, $f_mark_ti  		}  		else  		{ -			$sql = 'SELECT t.forum_id FROM ' . TOPICS_TABLE . ' t -				LEFT JOIN ' . TOPICS_TRACK_TABLE . ' tt ON (tt.topic_id = t.topic_id AND tt.user_id = ' . $user->data['user_id'] . ') +			$sql = 'SELECT t.forum_id +				FROM ' . TOPICS_TABLE . ' t +				LEFT JOIN ' . TOPICS_TRACK_TABLE . ' tt +					ON (tt.topic_id = t.topic_id +						AND tt.user_id = ' . $user->data['user_id'] . ')  				WHERE t.forum_id = ' . $forum_id . '  					AND t.topic_last_post_time > ' . $mark_time_forum . ' -					AND t.topic_moved_id = 0 -					AND (tt.topic_id IS NULL OR tt.mark_time < t.topic_last_post_time) -				GROUP BY t.forum_id'; +					AND t.topic_moved_id = 0 ' . +					$sql_update_unapproved . ' +					AND (tt.topic_id IS NULL +						OR tt.mark_time < t.topic_last_post_time)';  			$result = $db->sql_query_limit($sql, 1);  			$row = $db->sql_fetchrow($result);  			$db->sql_freeresult($result); @@ -1867,11 +1946,12 @@ function update_forum_tracking_info($forum_id, $forum_last_post_time, $f_mark_ti  		}  		else  		{ -			$sql = 'SELECT topic_id -				FROM ' . TOPICS_TABLE . ' -				WHERE forum_id = ' . $forum_id . ' -					AND topic_last_post_time > ' . $mark_time_forum . ' -					AND topic_moved_id = 0'; +			$sql = 'SELECT t.topic_id +				FROM ' . TOPICS_TABLE . ' t +				WHERE t.forum_id = ' . $forum_id . ' +					AND t.topic_last_post_time > ' . $mark_time_forum . ' +					AND t.topic_moved_id = 0 ' . +					$sql_update_unapproved;  			$result = $db->sql_query($sql);  			$check_forum = $tracking_topics['tf'][$forum_id]; @@ -2056,7 +2136,7 @@ function generate_pagination($base_url, $num_items, $per_page, $start_item, $add  		$start_cnt = min(max(1, $on_page - 4), $total_pages - 5);  		$end_cnt = max(min($total_pages, $on_page + 4), 6); -		$page_string .= ($start_cnt > 1) ? ' ... ' : $seperator; +		$page_string .= ($start_cnt > 1) ? '<span class="page-dots"> ... </span>' : $seperator;  		for ($i = $start_cnt + 1; $i < $end_cnt; $i++)  		{ @@ -2067,7 +2147,7 @@ function generate_pagination($base_url, $num_items, $per_page, $start_item, $add  			}  		} -		$page_string .= ($end_cnt < $total_pages) ? ' ... ' : $seperator; +		$page_string .= ($end_cnt < $total_pages) ? '<span class="page-dots"> ... </span>' : $seperator;  	}  	else  	{ @@ -2154,6 +2234,12 @@ function append_sid($url, $params = false, $is_amp = true, $session_id = false)  {  	global $_SID, $_EXTRA_URL, $phpbb_hook; +	if ($params === '' || (is_array($params) && empty($params))) +	{ +		// Do not append the ? if the param-list is empty anyway. +		$params = false; +	} +  	// Developers using the hook function need to globalise the $_SID and $_EXTRA_URL on their own and also handle it appropriately.  	// They could mimic most of what is within this function  	if (!empty($phpbb_hook) && $phpbb_hook->call_hook(__FUNCTION__, $url, $params, $is_amp, $session_id)) @@ -2248,7 +2334,10 @@ function append_sid($url, $params = false, $is_amp = true, $session_id = false)  /**  * Generate board url (example: http://www.example.com/phpBB) +*  * @param bool $without_script_path if set to true the script path gets not appended (example: http://www.example.com) +* +* @return string the generated board url  */  function generate_board_url($without_script_path = false)  { @@ -2353,12 +2442,12 @@ function redirect($url, $return = false, $disable_cd_check = false)  		// Relative uri  		$pathinfo = pathinfo($url); -		if (!$disable_cd_check && !file_exists($pathinfo['dirname'])) +		if (!$disable_cd_check && !file_exists($pathinfo['dirname'] . '/'))  		{  			$url = str_replace('../', '', $url);  			$pathinfo = pathinfo($url); -			if (!file_exists($pathinfo['dirname'])) +			if (!file_exists($pathinfo['dirname'] . '/'))  			{  				// fallback to "last known user page"  				// at least this way we know the user does not leave the phpBB root @@ -2630,9 +2719,9 @@ function send_status_line($code, $message)  	}  	else  	{ -		if (isset($_SERVER['HTTP_VERSION'])) +		if (!empty($_SERVER['SERVER_PROTOCOL']))  		{ -			$version = $_SERVER['HTTP_VERSION']; +			$version = $_SERVER['SERVER_PROTOCOL'];  		}  		else  		{ @@ -3236,6 +3325,11 @@ function parse_cfg_file($filename, $lines = false)  		$parsed_items[$key] = $value;  	} +	 +	if (isset($parsed_items['inherit_from']) && isset($parsed_items['name']) && $parsed_items['inherit_from'] == $parsed_items['name']) +	{ +		unset($parsed_items['inherit_from']); +	}  	return $parsed_items;  } @@ -3307,61 +3401,44 @@ function add_log()  }  /** -* Return a nicely formatted backtrace (parts from the php manual by diz at ysagoon dot com) +* Return a nicely formatted backtrace. +* +* Turns the array returned by debug_backtrace() into HTML markup. +* Also filters out absolute paths to phpBB root. +* +* @return string	HTML markup  */  function get_backtrace()  { -	global $phpbb_root_path; -  	$output = '<div style="font-family: monospace;">';  	$backtrace = debug_backtrace(); -	$path = phpbb_realpath($phpbb_root_path); -	foreach ($backtrace as $number => $trace) -	{ -		// We skip the first one, because it only shows this file/function -		if ($number == 0) -		{ -			continue; -		} +	// We skip the first one, because it only shows this file/function +	unset($backtrace[0]); +	foreach ($backtrace as $trace) +	{  		// Strip the current directory from path -		if (empty($trace['file'])) -		{ -			$trace['file'] = ''; -		} -		else -		{ -			$trace['file'] = str_replace(array($path, '\\'), array('', '/'), $trace['file']); -			$trace['file'] = substr($trace['file'], 1); -		} -		$args = array(); +		$trace['file'] = (empty($trace['file'])) ? '(not given by php)' : htmlspecialchars(phpbb_filter_root_path($trace['file'])); +		$trace['line'] = (empty($trace['line'])) ? '(not given by php)' : $trace['line']; -		// If include/require/include_once is not called, do not show arguments - they may contain sensible information -		if (!in_array($trace['function'], array('include', 'require', 'include_once'))) -		{ -			unset($trace['args']); -		} -		else +		// Only show function arguments for include etc. +		// Other parameters may contain sensible information +		$argument = ''; +		if (!empty($trace['args'][0]) && in_array($trace['function'], array('include', 'require', 'include_once', 'require_once')))  		{ -			// Path... -			if (!empty($trace['args'][0])) -			{ -				$argument = htmlspecialchars($trace['args'][0]); -				$argument = str_replace(array($path, '\\'), array('', '/'), $argument); -				$argument = substr($argument, 1); -				$args[] = "'{$argument}'"; -			} +			$argument = htmlspecialchars(phpbb_filter_root_path($trace['args'][0]));  		}  		$trace['class'] = (!isset($trace['class'])) ? '' : $trace['class'];  		$trace['type'] = (!isset($trace['type'])) ? '' : $trace['type'];  		$output .= '<br />'; -		$output .= '<b>FILE:</b> ' . htmlspecialchars($trace['file']) . '<br />'; +		$output .= '<b>FILE:</b> ' . $trace['file'] . '<br />';  		$output .= '<b>LINE:</b> ' . ((!empty($trace['line'])) ? $trace['line'] : '') . '<br />'; -		$output .= '<b>CALL:</b> ' . htmlspecialchars($trace['class'] . $trace['type'] . $trace['function']) . '(' . ((sizeof($args)) ? implode(', ', $args) : '') . ')<br />'; +		$output .= '<b>CALL:</b> ' . htmlspecialchars($trace['class'] . $trace['type'] . $trace['function']); +		$output .= '(' . (($argument !== '') ? "'$argument'" : '') . ')<br />';  	}  	$output .= '</div>';  	return $output; @@ -3379,7 +3456,7 @@ function get_preg_expression($mode)  		case 'email':  			// Regex written by James Watts and Francisco Jose Martin Moreno  			// http://fightingforalostcause.net/misc/2006/compare-email-regex.php -			return '([\w\!\#$\%\&\'\*\+\-\/\=\?\^\`{\|\}\~]+\.)*(?:[\w\!\#$\%\'\*\+\-\/\=\?\^\`{\|\}\~]|&)+@((((([a-z0-9]{1}[a-z0-9\-]{0,62}[a-z0-9]{1})|[a-z])\.)+[a-z]{2,6})|(\d{1,3}\.){3}\d{1,3}(\:\d{1,5})?)'; +			return '([\w\!\#$\%\&\'\*\+\-\/\=\?\^\`{\|\}\~]+\.)*(?:[\w\!\#$\%\'\*\+\-\/\=\?\^\`{\|\}\~]|&)+@((((([a-z0-9]{1}[a-z0-9\-]{0,62}[a-z0-9]{1})|[a-z])\.)+[a-z]{2,63})|(\d{1,3}\.){3}\d{1,3}(\:\d{1,5})?)';  		break;  		case 'bbcode_htm': @@ -3423,12 +3500,58 @@ function get_preg_expression($mode)  			$inline = ($mode == 'relative_url') ? ')' : '';  			return "(?:[a-z0-9\-._~!$&'($inline*+,;=:@|]+|%[\dA-F]{2})*(?:/(?:[a-z0-9\-._~!$&'($inline*+,;=:@|]+|%[\dA-F]{2})*)*(?:\?(?:[a-z0-9\-._~!$&'($inline*+,;=:@/?|]+|%[\dA-F]{2})*)?(?:\#(?:[a-z0-9\-._~!$&'($inline*+,;=:@/?|]+|%[\dA-F]{2})*)?";  		break; + +		case 'table_prefix': +			return '#^[a-zA-Z][a-zA-Z0-9_]*$#'; +		break;  	}  	return '';  }  /** +* Generate regexp for naughty words censoring +* Depends on whether installed PHP version supports unicode properties +* +* @param string	$word			word template to be replaced +* @param bool	$use_unicode	whether or not to take advantage of PCRE supporting unicode +* +* @return string $preg_expr		regex to use with word censor +*/ +function get_censor_preg_expression($word, $use_unicode = true) +{ +	static $unicode_support = null; + +	// Check whether PHP version supports unicode properties +	if (is_null($unicode_support)) +	{ +		$unicode_support = ((version_compare(PHP_VERSION, '5.1.0', '>=') || (version_compare(PHP_VERSION, '5.0.0-dev', '<=') && version_compare(PHP_VERSION, '4.4.0', '>='))) && @preg_match('/\p{L}/u', 'a') !== false) ? true : false; +	} + +	// Unescape the asterisk to simplify further conversions +	$word = str_replace('\*', '*', preg_quote($word, '#')); + +	if ($use_unicode && $unicode_support) +	{ +		// Replace asterisk(s) inside the pattern, at the start and at the end of it with regexes +		$word = preg_replace(array('#(?<=[\p{Nd}\p{L}_])\*+(?=[\p{Nd}\p{L}_])#iu', '#^\*+#', '#\*+$#'), array('([\x20]*?|[\p{Nd}\p{L}_-]*?)', '[\p{Nd}\p{L}_-]*?', '[\p{Nd}\p{L}_-]*?'), $word); + +		// Generate the final substitution +		$preg_expr = '#(?<![\p{Nd}\p{L}_-])(' . $word . ')(?![\p{Nd}\p{L}_-])#iu'; +	} +	else +	{ +		// Replace the asterisk inside the pattern, at the start and at the end of it with regexes +		$word = preg_replace(array('#(?<=\S)\*+(?=\S)#iu', '#^\*+#', '#\*+$#'), array('(\x20*?\S*?)', '\S*?', '\S*?'), $word); + +		// Generate the final substitution +		$preg_expr = '#(?<!\S)(' . $word . ')(?!\S)#iu'; +	} + +	return $preg_expr; +} + +/**  * Returns the first block of the specified IPv6 address and as many additional  * ones as specified in the length paramater.  * If length is zero, then an empty string is returned. @@ -3501,7 +3624,7 @@ function phpbb_checkdnsrr($host, $type = 'MX')  	// but until 5.3.3 it only works for MX records  	// See: http://bugs.php.net/bug.php?id=51844 -	// Call checkdnsrr() if  +	// Call checkdnsrr() if  	// we're looking for an MX record or  	// we're not on Windows or  	// we're running a PHP version where #51844 has been fixed @@ -3521,7 +3644,7 @@ function phpbb_checkdnsrr($host, $type = 'MX')  	// dns_get_record() is available since PHP 5; since PHP 5.3 also on Windows,  	// but on Windows it does not work reliable for AAAA records before PHP 5.3.1 -	// Call dns_get_record() if  +	// Call dns_get_record() if  	// we're not looking for an AAAA record or  	// we're not on Windows or  	// we're running a PHP version where AAAA lookups work reliable @@ -3551,7 +3674,7 @@ function phpbb_checkdnsrr($host, $type = 'MX')  		foreach ($resultset as $result)  		{  			if ( -				isset($result['host']) && $result['host'] == $host &&  +				isset($result['host']) && $result['host'] == $host &&  				isset($result['type']) && $result['type'] == $type  			)  			{ @@ -3613,10 +3736,19 @@ function phpbb_checkdnsrr($host, $type = 'MX')  					{  						return true;  					} +				break;  				default: -				case 'A':  				case 'AAAA': +					// AAAA records returned by nslookup on Windows XP/2003 have this format. +					// Later Windows versions use the A record format below for AAAA records. +					if (stripos($line, "$host AAAA IPv6 address") === 0) +					{ +						return true; +					} +				// No break + +				case 'A':  					if (!empty($host_matches))  					{  						// Second line @@ -3685,25 +3817,10 @@ function msg_handler($errno, $msg_text, $errfile, $errline)  			if (strpos($errfile, 'cache') === false && strpos($errfile, 'template.') === false)  			{ -				// flush the content, else we get a white page if output buffering is on -				if ((int) @ini_get('output_buffering') === 1 || strtolower(@ini_get('output_buffering')) === 'on') -				{ -					@ob_flush(); -				} - -				// Another quick fix for those having gzip compression enabled, but do not flush if the coder wants to catch "something". ;) -				if (!empty($config['gzip_compress'])) -				{ -					if (@extension_loaded('zlib') && !headers_sent() && !ob_get_level()) -					{ -						@ob_flush(); -					} -				} - -				// remove complete path to installation, with the risk of changing backslashes meant to be there -				$errfile = str_replace(array(phpbb_realpath($phpbb_root_path), '\\'), array('', '/'), $errfile); -				$msg_text = str_replace(array(phpbb_realpath($phpbb_root_path), '\\'), array('', '/'), $msg_text); -				echo '<b>[phpBB Debug] PHP Notice</b>: in file <b>' . $errfile . '</b> on line <b>' . $errline . '</b>: <b>' . $msg_text . '</b><br />' . "\n"; +				$errfile = phpbb_filter_root_path($errfile); +				$msg_text = phpbb_filter_root_path($msg_text); +				$error_name = ($errno === E_WARNING) ? 'PHP Warning' : 'PHP Notice'; +				echo '<b>[phpBB Debug] ' . $error_name . '</b>: in file <b>' . $errfile . '</b> on line <b>' . $errline . '</b>: <b>' . $msg_text . '</b><br />' . "\n";  				// we are writing an image - the user won't see the debug, so let's place it in the log  				if (defined('IMAGE_OUTPUT') || defined('IN_CRON')) @@ -3744,11 +3861,23 @@ function msg_handler($errno, $msg_text, $errfile, $errline)  				}  			} +			$log_text = $msg_text; +			$backtrace = get_backtrace(); +			if ($backtrace) +			{ +				$log_text .= '<br /><br />BACKTRACE<br />' . $backtrace; +			} + +			if (defined('IN_INSTALL') || defined('DEBUG_EXTRA') || isset($auth) && $auth->acl_get('a_')) +			{ +				$msg_text = $log_text; +			} +  			if ((defined('DEBUG') || defined('IN_CRON') || defined('IMAGE_OUTPUT')) && isset($db))  			{  				// let's avoid loops  				$db->sql_return_on_error(true); -				add_log('critical', 'LOG_GENERAL_ERROR', $msg_title, $msg_text); +				add_log('critical', 'LOG_GENERAL_ERROR', $msg_title, $log_text);  				$db->sql_return_on_error(false);  			} @@ -3792,7 +3921,7 @@ function msg_handler($errno, $msg_text, $errfile, $errline)  			echo '	</div>';  			echo '	</div>';  			echo '	<div id="page-footer">'; -			echo '		Powered by phpBB © 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a>'; +			echo '		Powered by <a href="http://www.phpbb.com/">phpBB</a>® Forum Software © phpBB Group';  			echo '	</div>';  			echo '</div>';  			echo '</body>'; @@ -3880,6 +4009,29 @@ function msg_handler($errno, $msg_text, $errfile, $errline)  }  /** +* Removes absolute path to phpBB root directory from error messages +* and converts backslashes to forward slashes. +* +* @param string $errfile	Absolute file path +*							(e.g. /var/www/phpbb3/phpBB/includes/functions.php) +*							Please note that if $errfile is outside of the phpBB root, +*							the root path will not be found and can not be filtered. +* @return string			Relative file path +*							(e.g. /includes/functions.php) +*/ +function phpbb_filter_root_path($errfile) +{ +	static $root_path; + +	if (empty($root_path)) +	{ +		$root_path = phpbb_realpath(dirname(__FILE__) . '/../'); +	} + +	return str_replace(array($root_path, '\\'), array('[ROOT]', '/'), $errfile); +} + +/**  * Queries the session table to get information about online guests  * @param int $item_id Limits the search to the item with this id  * @param string $item The name of the item which is stored in the session table as session_{$item}_id @@ -4208,7 +4360,7 @@ function phpbb_http_login($param)  	if (!is_null($username) && is_null($password) && strpos($username, 'Basic ') === 0)  	{  		list($username, $password) = explode(':', base64_decode(substr($username, 6)), 2); -    } +	}  	if (!is_null($username) && !is_null($password))  	{ @@ -4246,7 +4398,7 @@ function phpbb_http_login($param)  */  function page_header($page_title = '', $display_online_list = true, $item_id = 0, $item = 'forum')  { -	global $db, $config, $template, $SID, $_SID, $user, $auth, $phpEx, $phpbb_root_path; +	global $db, $config, $template, $SID, $_SID, $_EXTRA_URL, $user, $auth, $phpEx, $phpbb_root_path;  	if (defined('HEADER_INC'))  	{ @@ -4258,7 +4410,21 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0  	// gzip_compression  	if ($config['gzip_compress'])  	{ -		if (@extension_loaded('zlib') && !headers_sent()) +		// to avoid partially compressed output resulting in blank pages in +		// the browser or error messages, compression is disabled in a few cases: +		// +		// 1) if headers have already been sent, this indicates plaintext output +		//    has been started so further content must not be compressed +		// 2) the length of the current output buffer is non-zero. This means +		//    there is already some uncompressed content in this output buffer +		//    so further output must not be compressed +		// 3) if more than one level of output buffering is used because we +		//    cannot test all output buffer level content lengths. One level +		//    could be caused by php.ini output_buffering. Anything +		//    beyond that is manual, so the code wrapping phpBB in output buffering +		//    can easily compress the output itself. +		// +		if (@extension_loaded('zlib') && !headers_sent() && ob_get_level() <= 1 && ob_get_length() == 0)  		{  			ob_start('ob_gzhandler');  		} @@ -4379,6 +4545,21 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0  		$user_lang = substr($user_lang, 0, strpos($user_lang, '-x-'));  	} +	$s_search_hidden_fields = array(); +	if ($_SID) +	{ +		$s_search_hidden_fields['sid'] = $_SID; +	} + +	if (!empty($_EXTRA_URL)) +	{ +		foreach ($_EXTRA_URL as $url_param) +		{ +			$url_param = explode('=', $url_param, 2); +			$s_search_hidden_fields[$url_param[0]] = $url_param[1]; +		} +	} +  	// The following assigns all _common_ variables that may be used at any point in a template.  	$template->assign_vars(array(  		'SITENAME'						=> $config['sitename'], @@ -4468,11 +4649,13 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0  		'S_LOAD_UNREADS'			=> ($config['load_unreads_search'] && ($config['load_anon_lastread'] || $user->data['is_registered'])) ? true : false, -		'T_THEME_PATH'			=> "{$web_path}styles/" . $user->theme['theme_path'] . '/theme', -		'T_TEMPLATE_PATH'		=> "{$web_path}styles/" . $user->theme['template_path'] . '/template', -		'T_SUPER_TEMPLATE_PATH'	=> (isset($user->theme['template_inherit_path']) && $user->theme['template_inherit_path']) ? "{$web_path}styles/" . $user->theme['template_inherit_path'] . '/template' : "{$web_path}styles/" . $user->theme['template_path'] . '/template', -		'T_IMAGESET_PATH'		=> "{$web_path}styles/" . $user->theme['imageset_path'] . '/imageset', -		'T_IMAGESET_LANG_PATH'	=> "{$web_path}styles/" . $user->theme['imageset_path'] . '/imageset/' . $user->data['user_lang'], +		'S_SEARCH_HIDDEN_FIELDS'	=> build_hidden_fields($s_search_hidden_fields), + +		'T_THEME_PATH'			=> "{$web_path}styles/" . rawurlencode($user->theme['theme_path']) . '/theme', +		'T_TEMPLATE_PATH'		=> "{$web_path}styles/" . rawurlencode($user->theme['template_path']) . '/template', +		'T_SUPER_TEMPLATE_PATH'	=> (isset($user->theme['template_inherit_path']) && $user->theme['template_inherit_path']) ? "{$web_path}styles/" . rawurlencode($user->theme['template_inherit_path']) . '/template' : "{$web_path}styles/" . rawurlencode($user->theme['template_path']) . '/template', +		'T_IMAGESET_PATH'		=> "{$web_path}styles/" . rawurlencode($user->theme['imageset_path']) . '/imageset', +		'T_IMAGESET_LANG_PATH'	=> "{$web_path}styles/" . rawurlencode($user->theme['imageset_path']) . '/imageset/' . $user->lang_name,  		'T_IMAGES_PATH'			=> "{$web_path}images/",  		'T_SMILIES_PATH'		=> "{$web_path}{$config['smilies_path']}/",  		'T_AVATAR_PATH'			=> "{$web_path}{$config['avatar_path']}/", @@ -4480,13 +4663,13 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0  		'T_ICONS_PATH'			=> "{$web_path}{$config['icons_path']}/",  		'T_RANKS_PATH'			=> "{$web_path}{$config['ranks_path']}/",  		'T_UPLOAD_PATH'			=> "{$web_path}{$config['upload_path']}/", -		'T_STYLESHEET_LINK'		=> (!$user->theme['theme_storedb']) ? "{$web_path}styles/" . $user->theme['theme_path'] . '/theme/stylesheet.css' : append_sid("{$phpbb_root_path}style.$phpEx", 'id=' . $user->theme['style_id'] . '&lang=' . $user->data['user_lang']), +		'T_STYLESHEET_LINK'		=> (!$user->theme['theme_storedb']) ? "{$web_path}styles/" . rawurlencode($user->theme['theme_path']) . '/theme/stylesheet.css' : append_sid("{$phpbb_root_path}style.$phpEx", 'id=' . $user->theme['style_id'] . '&lang=' . $user->lang_name),  		'T_STYLESHEET_NAME'		=> $user->theme['theme_name'], -		'T_THEME_NAME'			=> $user->theme['theme_path'], -		'T_TEMPLATE_NAME'		=> $user->theme['template_path'], -		'T_SUPER_TEMPLATE_NAME'	=> (isset($user->theme['template_inherit_path']) && $user->theme['template_inherit_path']) ? $user->theme['template_inherit_path'] : $user->theme['template_path'], -		'T_IMAGESET_NAME'		=> $user->theme['imageset_path'], +		'T_THEME_NAME'			=> rawurlencode($user->theme['theme_path']), +		'T_TEMPLATE_NAME'		=> rawurlencode($user->theme['template_path']), +		'T_SUPER_TEMPLATE_NAME'	=> rawurlencode((isset($user->theme['template_inherit_path']) && $user->theme['template_inherit_path']) ? $user->theme['template_inherit_path'] : $user->theme['template_path']), +		'T_IMAGESET_NAME'		=> rawurlencode($user->theme['imageset_path']),  		'T_IMAGESET_LANG_NAME'	=> $user->data['user_lang'],  		'T_IMAGES'				=> 'images',  		'T_SMILIES'				=> $config['smilies_path'], @@ -4508,6 +4691,12 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0  	header('Expires: 0');  	header('Pragma: no-cache'); +	if (!empty($user->data['is_bot'])) +	{ +		// Let reverse proxies know we detected a bot. +		header('X-PHPBB-IS-BOT: yes'); +	} +  	return;  } @@ -4552,13 +4741,14 @@ function page_footer($run_cron = true)  	$template->assign_vars(array(  		'DEBUG_OUTPUT'			=> (defined('DEBUG')) ? $debug_output : '',  		'TRANSLATION_INFO'		=> (!empty($user->lang['TRANSLATION_INFO'])) ? $user->lang['TRANSLATION_INFO'] : '', +		'CREDIT_LINE'			=> $user->lang('POWERED_BY', '<a href="http://www.phpbb.com/">phpBB</a>® Forum Software © phpBB Group'),  		'U_ACP' => ($auth->acl_get('a_') && !empty($user->data['is_registered'])) ? append_sid("{$phpbb_root_path}adm/index.$phpEx", false, true, $user->session_id) : '')  	);  	// Call cron-type script  	$call_cron = false; -	if (!defined('IN_CRON') && $run_cron && !$config['board_disable']) +	if (!defined('IN_CRON') && $run_cron && !$config['board_disable'] && !$user->data['is_bot'])  	{  		$call_cron = true;  		$time_now = (!empty($user->time_now) && is_int($user->time_now)) ? $user->time_now : time(); @@ -4662,7 +4852,7 @@ function exit_handler()  	}  	// As a pre-caution... some setups display a blank page if the flush() is not there. -	(empty($config['gzip_compress'])) ? @flush() : @ob_flush(); +	(ob_get_level() > 0) ? @ob_flush() : @flush();  	exit;  } | 
