diff options
Diffstat (limited to 'phpBB/includes/functions.php')
| -rw-r--r-- | phpBB/includes/functions.php | 155 |
1 files changed, 109 insertions, 46 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index e3c3a19c96..2e2b2a01d8 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -680,8 +680,6 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $ } } } - - return; } else if ($mode == 'topics') { @@ -808,8 +806,6 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $ unset($tracking); } - - return; } else if ($mode == 'topic') { @@ -923,8 +919,6 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $ $user->set_cookie('track', tracking_serialize($tracking), $post_time + 31536000); $request->overwrite($config['cookie_name'] . '_track', tracking_serialize($tracking), \phpbb\request\request_interface::COOKIE); } - - return; } else if ($mode == 'post') { @@ -949,9 +943,28 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $ $db->sql_return_on_error(false); } - - return; } + + /** + * This event is used for performing actions directly after forums, + * topics or posts have been marked as read. + * + * @event core.markread_after + * @var string mode Variable containing marking mode value + * @var mixed forum_id Variable containing forum id, or false + * @var mixed topic_id Variable containing topic id, or false + * @var int post_time Variable containing post time + * @var int user_id Variable containing the user id + * @since 3.2.6-RC1 + */ + $vars = array( + 'mode', + 'forum_id', + 'topic_id', + 'post_time', + 'user_id', + ); + extract($phpbb_dispatcher->trigger_event('core.markread_after', compact($vars))); } /** @@ -1830,27 +1843,6 @@ function redirect($url, $return = false, $disable_cd_check = false) garbage_collection(); } - // Redirect via an HTML form for PITA webservers - if (@preg_match('#WebSTAR|Xitami#', getenv('SERVER_SOFTWARE'))) - { - header('Refresh: 0; URL=' . $url); - - echo '<!DOCTYPE html>'; - echo '<html dir="' . $user->lang['DIRECTION'] . '" lang="' . $user->lang['USER_LANG'] . '">'; - echo '<head>'; - echo '<meta charset="utf-8">'; - echo '<meta http-equiv="X-UA-Compatible" content="IE=edge">'; - echo '<meta http-equiv="refresh" content="0; url=' . str_replace('&', '&', $url) . '" />'; - echo '<title>' . $user->lang['REDIRECT'] . '</title>'; - echo '</head>'; - echo '<body>'; - echo '<div style="text-align: center;">' . sprintf($user->lang['URL_REDIRECT'], '<a href="' . str_replace('&', '&', $url) . '">', '</a>') . '</div>'; - echo '</body>'; - echo '</html>'; - - exit; - } - // Behave as per HTTP/1.1 spec for others header('Location: ' . $url); exit; @@ -2130,25 +2122,29 @@ function check_form_key($form_name, $timespan = false) /** * Build Confirm box * @param boolean $check True for checking if confirmed (without any additional parameters) and false for displaying the confirm box -* @param string $title Title/Message used for confirm box. +* @param string|array $title Title/Message used for confirm box. * message text is _CONFIRM appended to title. * If title cannot be found in user->lang a default one is displayed * If title_CONFIRM cannot be found in user->lang the text given is used. +* If title is an array, the first array value is used as explained per above, +* all other array values are sent as parameters to the language function. * @param string $hidden Hidden variables * @param string $html_body Template used for confirm box * @param string $u_action Custom form action +* +* @return bool True if confirmation was successful, false if not */ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_body.html', $u_action = '') { global $user, $template, $db, $request; - global $config, $phpbb_path_helper; + global $config, $language, $phpbb_path_helper, $phpbb_dispatcher; if (isset($_POST['cancel'])) { return false; } - $confirm = ($user->lang['YES'] === $request->variable('confirm', '', true, \phpbb\request\request_interface::POST)); + $confirm = ($language->lang('YES') === $request->variable('confirm', '', true, \phpbb\request\request_interface::POST)); if ($check && $confirm) { @@ -2182,13 +2178,27 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo // generate activation key $confirm_key = gen_rand_string(10); + // generate language strings + if (is_array($title)) + { + $key = array_shift($title); + $count = array_shift($title); + $confirm_title = $language->is_set($key) ? $language->lang($key, $count, $title) : $language->lang('CONFIRM'); + $confirm_text = $language->is_set($key . '_CONFIRM') ? $language->lang($key . '_CONFIRM', $count, $title) : $key; + } + else + { + $confirm_title = $language->is_set($title) ? $language->lang($title) : $language->lang('CONFIRM'); + $confirm_text = $language->is_set($title . '_CONFIRM') ? $language->lang($title . '_CONFIRM') : $title; + } + if (defined('IN_ADMIN') && isset($user->data['session_admin']) && $user->data['session_admin']) { - adm_page_header((!isset($user->lang[$title])) ? $user->lang['CONFIRM'] : $user->lang[$title]); + adm_page_header($confirm_title); } else { - page_header((!isset($user->lang[$title])) ? $user->lang['CONFIRM'] : $user->lang[$title]); + page_header($confirm_title); } $template->set_filenames(array( @@ -2208,10 +2218,10 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo $u_action .= ((strpos($u_action, '?') === false) ? '?' : '&') . 'confirm_key=' . $confirm_key; $template->assign_vars(array( - 'MESSAGE_TITLE' => (!isset($user->lang[$title])) ? $user->lang['CONFIRM'] : $user->lang($title, 1), - 'MESSAGE_TEXT' => (!isset($user->lang[$title . '_CONFIRM'])) ? $title : $user->lang[$title . '_CONFIRM'], + 'MESSAGE_TITLE' => $confirm_title, + 'MESSAGE_TEXT' => $confirm_text, - 'YES_VALUE' => $user->lang['YES'], + 'YES_VALUE' => $language->lang('YES'), 'S_CONFIRM_ACTION' => $u_action, 'S_HIDDEN_FIELDS' => $hidden . $s_hidden_fields, 'S_AJAX_REQUEST' => $request->is_ajax(), @@ -2224,16 +2234,36 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo if ($request->is_ajax()) { $u_action .= '&confirm_uid=' . $user->data['user_id'] . '&sess=' . $user->session_id . '&sid=' . $user->session_id; - $json_response = new \phpbb\json_response; - $json_response->send(array( + $data = array( 'MESSAGE_BODY' => $template->assign_display('body'), - 'MESSAGE_TITLE' => (!isset($user->lang[$title])) ? $user->lang['CONFIRM'] : $user->lang[$title], - 'MESSAGE_TEXT' => (!isset($user->lang[$title . '_CONFIRM'])) ? $title : $user->lang[$title . '_CONFIRM'], + 'MESSAGE_TITLE' => $confirm_title, + 'MESSAGE_TEXT' => $confirm_text, - 'YES_VALUE' => $user->lang['YES'], + 'YES_VALUE' => $language->lang('YES'), 'S_CONFIRM_ACTION' => str_replace('&', '&', $u_action), //inefficient, rewrite whole function 'S_HIDDEN_FIELDS' => $hidden . $s_hidden_fields - )); + ); + + /** + * This event allows an extension to modify the ajax output of confirm box. + * + * @event core.confirm_box_ajax_before + * @var string u_action Action of the form + * @var array data Data to be sent + * @var string hidden Hidden fields generated by caller + * @var string s_hidden_fields Hidden fields generated by this function + * @since 3.2.8-RC1 + */ + $vars = array( + 'u_action', + 'data', + 'hidden', + 's_hidden_fields', + ); + extract($phpbb_dispatcher->trigger_event('core.confirm_box_ajax_before', compact($vars))); + + $json_response = new \phpbb\json_response; + $json_response->send($data); } if (defined('IN_ADMIN') && isset($user->data['session_admin']) && $user->data['session_admin']) @@ -2244,6 +2274,8 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo { page_footer(); } + + exit; // unreachable, page_footer() above will call exit() } /** @@ -2255,6 +2287,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa global $request, $phpbb_container, $phpbb_dispatcher, $phpbb_log; $err = ''; + $form_name = 'login'; // Make sure user->setup() has been called if (!$user->is_setup()) @@ -2330,8 +2363,19 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa trigger_error('NO_AUTH_ADMIN_USER_DIFFER'); } - // If authentication is successful we redirect user to previous page - $result = $auth->login($username, $password, $autologin, $viewonline, $admin); + // Check form key + if ($password && !check_form_key($form_name)) + { + $result = array( + 'status' => false, + 'error_msg' => 'FORM_INVALID', + ); + } + else + { + // If authentication is successful we redirect user to previous page + $result = $auth->login($username, $password, $autologin, $viewonline, $admin); + } // If admin authentication and login, we will log if it was a success or not... // We also break the operation on the first non-success login - it could be argued that the user already knows @@ -2482,6 +2526,9 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa )); } + // Add form token for login box + add_form_key($form_name, '_LOGIN'); + $s_hidden_fields = build_hidden_fields($s_hidden_fields); $login_box_template_data = array( @@ -2616,6 +2663,9 @@ function login_forum_box($forum_data) page_header($user->lang['LOGIN']); + // Add form token for login box + add_form_key('login', '_LOGIN'); + $template->assign_vars(array( 'FORUM_NAME' => isset($forum_data['forum_name']) ? $forum_data['forum_name'] : '', 'S_LOGIN_ACTION' => build_url(array('f')), @@ -4388,6 +4438,19 @@ function page_header($page_title = '', $display_online_list = false, $item_id = $controller_helper = $phpbb_container->get('controller.helper'); $notification_mark_hash = generate_link_hash('mark_all_notifications_read'); + $s_login_redirect = build_hidden_fields(array('redirect' => $phpbb_path_helper->remove_web_root_path(build_url()))); + /** + * Workaround for missing template variable in pre phpBB 3.2.6 styles. + * @deprecated 3.2.7 (To be removed: 3.3.0-a1) + */ + $form_token_login = $template->retrieve_var('S_FORM_TOKEN_LOGIN'); + if (!empty($form_token_login)) + { + $s_login_redirect .= $form_token_login; + // Remove S_FORM_TOKEN_LOGIN as it's already appended to S_LOGIN_REDIRECT + $template->assign_var('S_FORM_TOKEN_LOGIN', ''); + } + // The following assigns all _common_ variables that may be used at any point in a template. $template->assign_vars(array( 'SITENAME' => $config['sitename'], @@ -4477,7 +4540,7 @@ function page_header($page_title = '', $display_online_list = false, $item_id = 'S_TOPIC_ID' => $topic_id, 'S_LOGIN_ACTION' => ((!defined('ADMIN_START')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=login') : append_sid("{$phpbb_admin_path}index.$phpEx", false, true, $user->session_id)), - 'S_LOGIN_REDIRECT' => build_hidden_fields(array('redirect' => $phpbb_path_helper->remove_web_root_path(build_url()))), + 'S_LOGIN_REDIRECT' => $s_login_redirect, 'S_ENABLE_FEEDS' => ($config['feed_enable']) ? true : false, 'S_ENABLE_FEEDS_OVERALL' => ($config['feed_overall']) ? true : false, |