diff options
Diffstat (limited to 'phpBB/includes')
59 files changed, 1652 insertions, 381 deletions
diff --git a/phpBB/includes/acp/acp_attachments.php b/phpBB/includes/acp/acp_attachments.php index 67fba1094d..e4650455c4 100644 --- a/phpBB/includes/acp/acp_attachments.php +++ b/phpBB/includes/acp/acp_attachments.php @@ -42,7 +42,7 @@ class acp_attachments function main($id, $mode) { - global $db, $user, $auth, $template, $cache, $phpbb_container; + global $db, $user, $auth, $template, $cache, $phpbb_container, $phpbb_dispatcher; global $config, $phpbb_admin_path, $phpbb_root_path, $phpEx; $this->id = $id; @@ -106,7 +106,10 @@ class acp_attachments { case 'attach': - include_once($phpbb_root_path . 'includes/functions_posting.' . $phpEx); + if (!function_exists('get_supported_image_types')) + { + include($phpbb_root_path . 'includes/functions_posting.' . $phpEx); + } $sql = 'SELECT group_name, cat_id FROM ' . EXTENSION_GROUPS_TABLE . ' @@ -159,6 +162,18 @@ class acp_attachments ) ); + /** + * Event to add and/or modify acp_attachement configurations + * + * @event core.acp_attachments_config_edit_add + * @var array display_vars Array of config values to display and process + * @var string mode Mode of the config page we are displaying + * @var boolean submit Do we display the form or process the submission + * @since 3.1.11-RC1 + */ + $vars = array('display_vars', 'mode', 'submit'); + extract($phpbb_dispatcher->trigger_event('core.acp_attachments_config_edit_add', compact($vars))); + $this->new_config = $config; $cfg_array = (isset($_REQUEST['config'])) ? request_var('config', array('' => '')) : $this->new_config; $error = array(); @@ -1423,7 +1438,7 @@ class acp_attachments $row['group_name'] = $user->lang['NOT_ASSIGNED']; $group_name[] = $row; - for ($i = 0; $i < sizeof($group_name); $i++) + for ($i = 0, $groups_size = sizeof($group_name); $i < $groups_size; $i++) { if ($default_group === false) { @@ -1732,8 +1747,8 @@ class acp_attachments $size_var = $filesize['si_identifier']; $value = $filesize['value']; - // size="8" and maxlength="15" attributes as a fallback for browsers that do not support type="number" yet. - return '<input type="number" id="' . $key . '" size="8" maxlength="15" min="0" name="config[' . $key . ']" value="' . $value . '" /> <select name="' . $key . '">' . size_select_options($size_var) . '</select>'; + // size and maxlength must not be specified for input of type number + return '<input type="number" id="' . $key . '" min="0" max="999999999999999" step="any" name="config[' . $key . ']" value="' . $value . '" /> <select name="' . $key . '">' . size_select_options($size_var) . '</select>'; } /** diff --git a/phpBB/includes/acp/acp_ban.php b/phpBB/includes/acp/acp_ban.php index b555f46a94..286bc92813 100644 --- a/phpBB/includes/acp/acp_ban.php +++ b/phpBB/includes/acp/acp_ban.php @@ -28,7 +28,10 @@ class acp_ban global $user, $template, $request, $phpbb_dispatcher; global $phpbb_root_path, $phpEx; - include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + if (!function_exists('user_ban')) + { + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + } $bansubmit = $request->is_set_post('bansubmit'); $unbansubmit = $request->is_set_post('unbansubmit'); diff --git a/phpBB/includes/acp/acp_bbcodes.php b/phpBB/includes/acp/acp_bbcodes.php index e245eea069..c98be241e9 100644 --- a/phpBB/includes/acp/acp_bbcodes.php +++ b/phpBB/includes/acp/acp_bbcodes.php @@ -33,6 +33,7 @@ class acp_bbcodes // Set up general vars $action = request_var('action', ''); $bbcode_id = request_var('bbcode', 0); + $submit = $request->is_set_post('submit'); $this->tpl_name = 'acp_bbcodes'; $this->page_title = 'ACP_BBCODES'; @@ -40,6 +41,11 @@ class acp_bbcodes add_form_key($form_key); + if ($submit && !check_form_key($form_key)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + // Set up mode-specific vars switch ($action) { @@ -364,7 +370,7 @@ class acp_bbcodes * * @event core.acp_bbcodes_display_form * @var string action Type of the action: modify|create - * @var string sql_ary The SQL array to get custom bbcode data + * @var array sql_ary The SQL array to get custom bbcode data * @var array template_data Array with form template data * @var string u_action The u_action link * @since 3.1.0-a3 diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index 4a1c74fd77..c8f6f426c6 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -449,7 +449,7 @@ class acp_board 'legend2' => 'SMTP_SETTINGS', 'smtp_delivery' => array('lang' => 'USE_SMTP', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), - 'smtp_host' => array('lang' => 'SMTP_SERVER', 'validate' => 'string', 'type' => 'text:25:50', 'explain' => false), + 'smtp_host' => array('lang' => 'SMTP_SERVER', 'validate' => 'string', 'type' => 'text:25:50', 'explain' => true), 'smtp_port' => array('lang' => 'SMTP_PORT', 'validate' => 'int:0:99999', 'type' => 'number:0:99999', 'explain' => true), 'smtp_auth_method' => array('lang' => 'SMTP_AUTH_METHOD', 'validate' => 'string', 'type' => 'select', 'method' => 'mail_auth_select', 'explain' => true), 'smtp_username' => array('lang' => 'SMTP_USERNAME', 'validate' => 'string', 'type' => 'text:25:255', 'explain' => true), @@ -842,7 +842,7 @@ class acp_board { global $user; - return '<input id="' . $key . '" type="number" size="3" maxlength="3" min="1" max="999" name="config[min_name_chars]" value="' . $value . '" /> ' . $user->lang['MIN_CHARS'] . ' <input type="number" size="3" maxlength="3" min="8" max="180" name="config[max_name_chars]" value="' . $this->new_config['max_name_chars'] . '" /> ' . $user->lang['MAX_CHARS']; + return '<input id="' . $key . '" type="number" min="1" max="999" name="config[min_name_chars]" value="' . $value . '" /> ' . $user->lang['MIN_CHARS'] . ' <input type="number" min="8" max="180" name="config[max_name_chars]" value="' . $this->new_config['max_name_chars'] . '" /> ' . $user->lang['MAX_CHARS']; } /** @@ -870,7 +870,7 @@ class acp_board { global $user; - return '<input id="' . $key . '" type="number" size="3" maxlength="3" min="1" max="999" name="config[min_pass_chars]" value="' . $value . '" /> ' . $user->lang['MIN_CHARS'] . ' <input type="number" size="3" maxlength="3" min="8" max="255" name="config[max_pass_chars]" value="' . $this->new_config['max_pass_chars'] . '" /> ' . $user->lang['MAX_CHARS']; + return '<input id="' . $key . '" type="number" min="1" max="999" name="config[min_pass_chars]" value="' . $value . '" /> ' . $user->lang['MIN_CHARS'] . ' <input type="number" min="8" max="255" name="config[max_pass_chars]" value="' . $this->new_config['max_pass_chars'] . '" /> ' . $user->lang['MAX_CHARS']; } /** @@ -1017,7 +1017,7 @@ class acp_board $user->timezone = $old_tz; return "<select name=\"dateoptions\" id=\"dateoptions\" onchange=\"if (this.value == 'custom') { document.getElementById('" . addslashes($key) . "').value = '" . addslashes($value) . "'; } else { document.getElementById('" . addslashes($key) . "').value = this.value; }\">$dateformat_options</select> - <input type=\"text\" name=\"config[$key]\" id=\"$key\" value=\"$value\" maxlength=\"30\" />"; + <input type=\"text\" name=\"config[$key]\" id=\"$key\" value=\"$value\" maxlength=\"64\" />"; } /** diff --git a/phpBB/includes/acp/acp_bots.php b/phpBB/includes/acp/acp_bots.php index 1ea320e674..2188b90729 100644 --- a/phpBB/includes/acp/acp_bots.php +++ b/phpBB/includes/acp/acp_bots.php @@ -141,7 +141,11 @@ class acp_bots case 'edit': case 'add': - include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx); + + if (!function_exists('user_update_name')) + { + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + } $bot_row = array( 'bot_name' => utf8_normalize_nfc(request_var('bot_name', '', true)), diff --git a/phpBB/includes/acp/acp_captcha.php b/phpBB/includes/acp/acp_captcha.php index fa8d8fb6a9..92d5e1dda6 100644 --- a/phpBB/includes/acp/acp_captcha.php +++ b/phpBB/includes/acp/acp_captcha.php @@ -25,7 +25,7 @@ class acp_captcha function main($id, $mode) { - global $db, $user, $auth, $template; + global $request, $user, $auth, $template; global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx, $phpbb_container; $user->add_lang('acp/board'); @@ -52,11 +52,36 @@ class acp_captcha else { $config_vars = array( - 'enable_confirm' => array('tpl' => 'REG_ENABLE', 'default' => false), - 'enable_post_confirm' => array('tpl' => 'POST_ENABLE', 'default' => false), - 'confirm_refresh' => array('tpl' => 'CONFIRM_REFRESH', 'default' => false), - 'max_reg_attempts' => array('tpl' => 'REG_LIMIT', 'default' => 0), - 'max_login_attempts' => array('tpl' => 'MAX_LOGIN_ATTEMPTS', 'default' => 0), + 'enable_confirm' => array( + 'tpl' => 'REG_ENABLE', + 'default' => false, + 'validate' => 'bool', + 'lang' => 'VISUAL_CONFIRM_REG', + ), + 'enable_post_confirm' => array( + 'tpl' => 'POST_ENABLE', + 'default' => false, + 'validate' => 'bool', + 'lang' => 'VISUAL_CONFIRM_POST', + ), + 'confirm_refresh' => array( + 'tpl' => 'CONFIRM_REFRESH', + 'default' => false, + 'validate' => 'bool', + 'lang' => 'VISUAL_CONFIRM_REFRESH', + ), + 'max_reg_attempts' => array( + 'tpl' => 'REG_LIMIT', + 'default' => 0, + 'validate' => 'int:0:99999', + 'lang' => 'REG_LIMIT', + ), + 'max_login_attempts' => array( + 'tpl' => 'MAX_LOGIN_ATTEMPTS', + 'default' => 0, + 'validate' => 'int:0:99999', + 'lang' => 'MAX_LOGIN_ATTEMPTS', + ), ); $this->tpl_name = 'acp_captcha'; @@ -65,12 +90,31 @@ class acp_captcha add_form_key($form_key); $submit = request_var('main_submit', false); + $error = $cfg_array = array(); - if ($submit && check_form_key($form_key)) + if ($submit) { foreach ($config_vars as $config_var => $options) { - set_config($config_var, request_var($config_var, $options['default'])); + $cfg_array[$config_var] = $request->variable($config_var, $options['default']); + } + validate_config_vars($config_vars, $cfg_array, $error); + + if (!check_form_key($form_key)) + { + $error[] = $user->lang['FORM_INVALID']; + } + if ($error) + { + $submit = false; + } + } + + if ($submit) + { + foreach ($cfg_array as $key => $value) + { + $config->set($key, $value); } if ($selected !== $config['captcha_plugin']) @@ -94,10 +138,6 @@ class acp_captcha } trigger_error($user->lang['CONFIG_UPDATED'] . adm_back_link($this->u_action)); } - else if ($submit) - { - trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); - } else { $captcha_select = ''; @@ -124,6 +164,7 @@ class acp_captcha 'CAPTCHA_PREVIEW_TPL' => $demo_captcha->get_demo_template($id), 'S_CAPTCHA_HAS_CONFIG' => $demo_captcha->has_config(), 'CAPTCHA_SELECT' => $captcha_select, + 'ERROR_MSG' => implode('<br />', $error), 'U_ACTION' => $this->u_action, )); diff --git a/phpBB/includes/acp/acp_database.php b/phpBB/includes/acp/acp_database.php index 9666ac5b6e..dd0599e06a 100644 --- a/phpBB/includes/acp/acp_database.php +++ b/phpBB/includes/acp/acp_database.php @@ -39,6 +39,9 @@ class acp_database $action = request_var('action', ''); $submit = (isset($_POST['submit'])) ? true : false; + $form_key = 'acp_database'; + add_form_key($form_key); + $template->assign_vars(array( 'MODE' => $mode )); @@ -62,6 +65,11 @@ class acp_database trigger_error($user->lang['TABLE_SELECT_ERROR'] . adm_back_link($this->u_action), E_USER_WARNING); } + if (!check_form_key($form_key)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + $store = $download = $structure = $schema_data = false; if ($where == 'store_and_download' || $where == 'store') diff --git a/phpBB/includes/acp/acp_disallow.php b/phpBB/includes/acp/acp_disallow.php index 4c8f3cc65b..5b12013708 100644 --- a/phpBB/includes/acp/acp_disallow.php +++ b/phpBB/includes/acp/acp_disallow.php @@ -26,9 +26,7 @@ class acp_disallow function main($id, $mode) { global $db, $user, $auth, $template, $cache; - global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx; - - include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + global $config, $phpbb_admin_path; $user->add_lang('acp/posting'); diff --git a/phpBB/includes/acp/acp_email.php b/phpBB/includes/acp/acp_email.php index fda9d50779..917d02318e 100644 --- a/phpBB/includes/acp/acp_email.php +++ b/phpBB/includes/acp/acp_email.php @@ -189,8 +189,15 @@ class acp_email $db->sql_freeresult($result); // Send the messages - include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); - include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx); + if (!class_exists('messenger')) + { + include($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); + } + + if (!function_exists('get_group_name')) + { + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + } $messenger = new messenger($use_queue); $errored = false; diff --git a/phpBB/includes/acp/acp_extensions.php b/phpBB/includes/acp/acp_extensions.php index 193483050c..5a2ded91e2 100644 --- a/phpBB/includes/acp/acp_extensions.php +++ b/phpBB/includes/acp/acp_extensions.php @@ -34,7 +34,7 @@ class acp_extensions function main() { // Start the page - global $config, $user, $template, $request, $phpbb_extension_manager, $db, $phpbb_root_path, $phpEx, $phpbb_log, $cache; + global $config, $user, $template, $request, $phpbb_extension_manager, $db, $phpbb_root_path, $phpEx, $phpbb_log, $cache, $phpbb_dispatcher; $this->db = $db; $this->config = $config; @@ -43,6 +43,7 @@ class acp_extensions $this->cache = $cache; $this->request = $request; $this->log = $phpbb_log; + $this->phpbb_dispatcher = $phpbb_dispatcher; $user->add_lang(array('install', 'acp/extensions', 'migrator')); @@ -55,6 +56,21 @@ class acp_extensions $safe_time_limit = (ini_get('max_execution_time') / 2); $start_time = time(); + /** + * Event to run a specific action on extension + * + * @event core.acp_extensions_run_action + * @var string action Action to run + * @var string u_action Url we are at + * @var string ext_name Extension name from request + * @var int safe_time_limit Safe limit of execution time + * @var int start_time Start time + * @since 3.1.11-RC1 + */ + $u_action = $this->u_action; + $vars = array('action', 'u_action', 'ext_name', 'safe_time_limit', 'start_time'); + extract($this->phpbb_dispatcher->trigger_event('core.acp_extensions_run_action', compact($vars))); + // Cancel action if ($request->is_set_post('cancel')) { @@ -121,8 +137,6 @@ class acp_extensions 'U_ACTION' => $this->u_action, )); - add_form_key('version_check_settings'); - $this->tpl_name = 'acp_ext_list'; break; @@ -369,6 +383,7 @@ class acp_extensions foreach ($enabled_extension_meta_data as $name => $block_vars) { + $block_vars['NAME'] = $name; $block_vars['U_DETAILS'] = $this->u_action . '&action=details&ext_name=' . urlencode($name); $this->template->assign_block_vars('enabled', $block_vars); @@ -425,6 +440,7 @@ class acp_extensions foreach ($disabled_extension_meta_data as $name => $block_vars) { + $block_vars['NAME'] = $name; $block_vars['U_DETAILS'] = $this->u_action . '&action=details&ext_name=' . urlencode($name); $this->template->assign_block_vars('disabled', $block_vars); @@ -484,6 +500,7 @@ class acp_extensions foreach ($available_extension_meta_data as $name => $block_vars) { + $block_vars['NAME'] = $name; $block_vars['U_DETAILS'] = $this->u_action . '&action=details&ext_name=' . urlencode($name); $this->template->assign_block_vars('disabled', $block_vars); @@ -534,7 +551,7 @@ class acp_extensions $version_helper = new \phpbb\version_helper($this->cache, $this->config, new \phpbb\file_downloader(), $this->user); $version_helper->set_current_version($meta['version']); - $version_helper->set_file_location($version_check['host'], $version_check['directory'], $version_check['filename']); + $version_helper->set_file_location($version_check['host'], $version_check['directory'], $version_check['filename'], isset($version_check['ssl']) ? $version_check['ssl'] : false); $version_helper->force_stability($this->config['extension_force_unstable'] ? 'unstable' : null); return $updates = $version_helper->get_suggested_updates($force_update, $force_cache); diff --git a/phpBB/includes/acp/acp_forums.php b/phpBB/includes/acp/acp_forums.php index 7e664c6263..1e69a4ad20 100644 --- a/phpBB/includes/acp/acp_forums.php +++ b/phpBB/includes/acp/acp_forums.php @@ -842,9 +842,26 @@ class acp_forums ORDER BY left_id"; $result = $db->sql_query($sql); - if ($row = $db->sql_fetchrow($result)) + $rowset = array(); + while ($row = $db->sql_fetchrow($result)) + { + $rowset[(int) $row['forum_id']] = $row; + } + $db->sql_freeresult($result); + + /** + * Modify the forum list data + * + * @event core.acp_manage_forums_modify_forum_list + * @var array rowset Array with the forums list data + * @since 3.1.10-RC1 + */ + $vars = array('rowset'); + extract($phpbb_dispatcher->trigger_event('core.acp_manage_forums_modify_forum_list', compact($vars))); + + if (!empty($rowset)) { - do + foreach ($rowset as $row) { $forum_type = $row['forum_type']; @@ -888,7 +905,6 @@ class acp_forums 'U_SYNC' => $url . '&action=sync') ); } - while ($row = $db->sql_fetchrow($result)); } else if ($this->parent_id) { @@ -904,7 +920,7 @@ class acp_forums 'U_SYNC' => $url . '&action=sync') ); } - $db->sql_freeresult($result); + unset($rowset); $template->assign_vars(array( 'ERROR_MSG' => (sizeof($errors)) ? implode('<br />', $errors) : '', @@ -1411,7 +1427,7 @@ class acp_forums $diff = sizeof($moved_forums) * 2; $moved_ids = array(); - for ($i = 0; $i < sizeof($moved_forums); ++$i) + for ($i = 0, $size = sizeof($moved_forums); $i < $size; ++$i) { $moved_ids[] = $moved_forums[$i]['forum_id']; } diff --git a/phpBB/includes/acp/acp_groups.php b/phpBB/includes/acp/acp_groups.php index edfada1bf1..0352f6a242 100644 --- a/phpBB/includes/acp/acp_groups.php +++ b/phpBB/includes/acp/acp_groups.php @@ -42,7 +42,10 @@ class acp_groups return; } - include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + if (!function_exists('group_user_attributes')) + { + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + } // Check and set some common vars $action = (isset($_POST['add'])) ? 'add' : ((isset($_POST['addusers'])) ? 'addusers' : request_var('action', '')); @@ -295,7 +298,10 @@ class acp_groups case 'edit': case 'add': - include($phpbb_root_path . 'includes/functions_display.' . $phpEx); + if (!function_exists('display_forums')) + { + include($phpbb_root_path . 'includes/functions_display.' . $phpEx); + } $data = $submit_ary = array(); @@ -318,9 +324,11 @@ class acp_groups $avatar_data = null; $avatar_error = array(); + /** @var \phpbb\avatar\manager $phpbb_avatar_manager */ + $phpbb_avatar_manager = $phpbb_container->get('avatar.manager'); + if ($config['allow_avatar']) { - $phpbb_avatar_manager = $phpbb_container->get('avatar.manager'); $avatar_drivers = $phpbb_avatar_manager->get_enabled_drivers(); // This is normalised data, without the group_ prefix @@ -661,14 +669,21 @@ class acp_groups $avatars_enabled = false; $selected_driver = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', $avatar_data['avatar_type'])); + // Assign min and max values before generating avatar driver html + $template->assign_vars(array( + 'AVATAR_MIN_WIDTH' => $config['avatar_min_width'], + 'AVATAR_MAX_WIDTH' => $config['avatar_max_width'], + 'AVATAR_MIN_HEIGHT' => $config['avatar_min_height'], + 'AVATAR_MAX_HEIGHT' => $config['avatar_max_height'], + )); + foreach ($avatar_drivers as $current_driver) { $driver = $phpbb_avatar_manager->get_driver($current_driver); $avatars_enabled = true; - $config_name = $phpbb_avatar_manager->get_driver_config_name($driver); $template->set_filenames(array( - 'avatar' => "acp_avatar_options_{$config_name}.html", + 'avatar' => $driver->get_acp_template_name(), )); if ($driver->prepare_form($request, $template, $user, $avatar_data, $avatar_error)) diff --git a/phpBB/includes/acp/acp_icons.php b/phpBB/includes/acp/acp_icons.php index 9265415dd1..a0ea7dc9b1 100644 --- a/phpBB/includes/acp/acp_icons.php +++ b/phpBB/includes/acp/acp_icons.php @@ -40,6 +40,10 @@ class acp_icons $action = (isset($_POST['edit'])) ? 'edit' : $action; $action = (isset($_POST['import'])) ? 'import' : $action; $icon_id = request_var('id', 0); + $submit = $request->is_set_post('submit', false); + + $form_key = 'acp_icons'; + add_form_key($form_key); $mode = ($mode == 'smilies') ? 'smilies' : 'icons'; @@ -325,6 +329,11 @@ class acp_icons case 'create': case 'modify': + if (!check_form_key($form_key)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + // Get items to create/modify $images = (isset($_POST['image'])) ? array_keys(request_var('image', array('' => 0))) : array(); @@ -513,6 +522,11 @@ class acp_icons { $order = 0; + if (!check_form_key($form_key)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + if (!($pak_ary = @file($phpbb_root_path . $img_path . '/' . $pak))) { trigger_error($user->lang['PAK_FILE_NOT_READABLE'] . adm_back_link($this->u_action), E_USER_WARNING); @@ -698,7 +712,7 @@ class acp_icons $template->assign_vars(array( 'MESSAGE_TITLE' => $user->lang['EXPORT_' . $lang], - 'MESSAGE_TEXT' => sprintf($user->lang['EXPORT_' . $lang . '_EXPLAIN'], '<a href="' . $this->u_action . '&action=send">', '</a>'), + 'MESSAGE_TEXT' => sprintf($user->lang['EXPORT_' . $lang . '_EXPLAIN'], '<a href="' . $this->u_action . '&action=send&hash=' . generate_link_hash('acp_icons') . '">', '</a>'), 'S_USER_NOTICE' => true, ) @@ -710,6 +724,11 @@ class acp_icons case 'send': + if (!check_link_hash($request->variable('hash', ''), 'acp_icons')) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + $sql = "SELECT * FROM $table ORDER BY {$fields}_order"; @@ -811,6 +830,11 @@ class acp_icons case 'move_up': case 'move_down': + if (!check_link_hash($request->variable('hash', ''), 'acp_icons')) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + // Get current order id... $sql = "SELECT {$fields}_order as current_order FROM $table @@ -928,8 +952,8 @@ class acp_icons 'EMOTION' => (isset($row['emotion'])) ? $row['emotion'] : '', 'U_EDIT' => $this->u_action . '&action=edit&id=' . $row[$fields . '_id'], 'U_DELETE' => $this->u_action . '&action=delete&id=' . $row[$fields . '_id'], - 'U_MOVE_UP' => $this->u_action . '&action=move_up&id=' . $row[$fields . '_id'] . '&start=' . $pagination_start, - 'U_MOVE_DOWN' => $this->u_action . '&action=move_down&id=' . $row[$fields . '_id'] . '&start=' . $pagination_start, + 'U_MOVE_UP' => $this->u_action . '&action=move_up&id=' . $row[$fields . '_id'] . '&start=' . $pagination_start . '&hash=' . generate_link_hash('acp_icons'), + 'U_MOVE_DOWN' => $this->u_action . '&action=move_down&id=' . $row[$fields . '_id'] . '&start=' . $pagination_start . '&hash=' . generate_link_hash('acp_icons'), )); if (!$spacer && !$row['display_on_posting']) diff --git a/phpBB/includes/acp/acp_inactive.php b/phpBB/includes/acp/acp_inactive.php index e96c42de05..76c7a1b277 100644 --- a/phpBB/includes/acp/acp_inactive.php +++ b/phpBB/includes/acp/acp_inactive.php @@ -34,7 +34,10 @@ class acp_inactive global $config, $db, $user, $auth, $template, $phpbb_container; global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix; - include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + if (!function_exists('user_active_flip')) + { + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + } $user->add_lang('memberlist'); @@ -109,7 +112,10 @@ class acp_inactive if ($config['require_activation'] == USER_ACTIVATION_ADMIN && !empty($inactive_users)) { - include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); + if (!class_exists('messenger')) + { + include($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); + } $messenger = new messenger(false); @@ -196,7 +202,10 @@ class acp_inactive if ($row = $db->sql_fetchrow($result)) { // Send the messages - include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); + if (!class_exists('messenger')) + { + include($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); + } $messenger = new messenger(); $usernames = $user_ids = array(); @@ -271,9 +280,10 @@ class acp_inactive 'REMINDED_EXPLAIN' => $user->lang('USER_LAST_REMINDED', (int) $row['user_reminded'], $user->format_date($row['user_reminded_time'])), - 'USERNAME_FULL' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour'], false, append_sid("{$phpbb_admin_path}index.$phpEx", 'i=users&mode=overview')), + 'USERNAME_FULL' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour'], false, append_sid("{$phpbb_admin_path}index.$phpEx", 'i=users&mode=overview&redirect=acp_inactive')), 'USERNAME' => get_username_string('username', $row['user_id'], $row['username'], $row['user_colour']), 'USER_COLOR' => get_username_string('colour', $row['user_id'], $row['username'], $row['user_colour']), + 'USER_EMAIL' => $row['user_email'], 'U_USER_ADMIN' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=users&mode=overview&u={$row['user_id']}"), 'U_SEARCH_USER' => ($auth->acl_get('u_search')) ? append_sid("{$phpbb_root_path}search.$phpEx", "author_id={$row['user_id']}&sr=posts") : '', diff --git a/phpBB/includes/acp/acp_jabber.php b/phpBB/includes/acp/acp_jabber.php index 284543acd3..a482b41e1d 100644 --- a/phpBB/includes/acp/acp_jabber.php +++ b/phpBB/includes/acp/acp_jabber.php @@ -34,7 +34,10 @@ class acp_jabber $user->add_lang('acp/board'); - include_once($phpbb_root_path . 'includes/functions_jabber.' . $phpEx); + if (!class_exists('jabber')) + { + include($phpbb_root_path . 'includes/functions_jabber.' . $phpEx); + } $action = request_var('action', ''); $submit = (isset($_POST['submit'])) ? true : false; diff --git a/phpBB/includes/acp/acp_language.php b/phpBB/includes/acp/acp_language.php index 60e338ae7c..bddc2be9cb 100644 --- a/phpBB/includes/acp/acp_language.php +++ b/phpBB/includes/acp/acp_language.php @@ -34,7 +34,10 @@ class acp_language global $config, $db, $user, $template; global $phpbb_root_path, $phpEx, $request; - include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx); + if (!function_exists('validate_language_iso_name')) + { + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + } // Check and set some common vars $action = (isset($_POST['update_details'])) ? 'update_details' : ''; @@ -241,6 +244,11 @@ class acp_language break; case 'install': + if (!check_link_hash($request->variable('hash', ''), 'acp_language')) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + $lang_iso = request_var('iso', ''); $lang_iso = basename($lang_iso); @@ -420,7 +428,7 @@ class acp_language 'ISO' => htmlspecialchars($lang_ary['iso']), 'LOCAL_NAME' => htmlspecialchars($lang_ary['local_name'], ENT_COMPAT, 'UTF-8'), 'NAME' => htmlspecialchars($lang_ary['name'], ENT_COMPAT, 'UTF-8'), - 'U_INSTALL' => $this->u_action . '&action=install&iso=' . urlencode($lang_ary['iso'])) + 'U_INSTALL' => $this->u_action . '&action=install&iso=' . urlencode($lang_ary['iso']) . '&hash=' . generate_link_hash('acp_language')) ); } } diff --git a/phpBB/includes/acp/acp_main.php b/phpBB/includes/acp/acp_main.php index f6d728ffed..848cafeb67 100644 --- a/phpBB/includes/acp/acp_main.php +++ b/phpBB/includes/acp/acp_main.php @@ -429,20 +429,34 @@ class acp_main )); } - $version_helper = $phpbb_container->get('version_helper'); - try + if ($auth->acl_get('a_board')) { - $recheck = $request->variable('versioncheck_force', false); - $updates_available = $version_helper->get_suggested_updates($recheck); + $version_helper = $phpbb_container->get('version_helper'); + try + { + $recheck = $request->variable('versioncheck_force', false); + $updates_available = $version_helper->get_suggested_updates($recheck); - $template->assign_var('S_VERSION_UP_TO_DATE', empty($updates_available)); + $template->assign_var('S_VERSION_UP_TO_DATE', empty($updates_available)); + } + catch (\RuntimeException $e) + { + $template->assign_vars(array( + 'S_VERSIONCHECK_FAIL' => true, + 'VERSIONCHECK_FAIL_REASON' => ($e->getMessage() !== $user->lang('VERSIONCHECK_FAIL')) ? $e->getMessage() : '', + )); + } } - catch (\RuntimeException $e) + else { - $template->assign_vars(array( - 'S_VERSIONCHECK_FAIL' => true, - 'VERSIONCHECK_FAIL_REASON' => ($e->getMessage() !== $user->lang('VERSIONCHECK_FAIL')) ? $e->getMessage() : '', - )); + // We set this template var to true, to not display an outdated version notice. + $template->assign_var('S_VERSION_UP_TO_DATE', true); + } + + // Incomplete update? + if (phpbb_version_compare($config['version'], PHPBB_VERSION, '<')) + { + $template->assign_var('S_UPDATE_INCOMPLETE', true); } /** @@ -553,6 +567,7 @@ class acp_main 'U_VERSIONCHECK' => append_sid("{$phpbb_admin_path}index.$phpEx", 'i=update&mode=version_check'), 'U_VERSIONCHECK_FORCE' => append_sid("{$phpbb_admin_path}index.$phpEx", 'versioncheck_force=1'), + 'S_VERSIONCHECK' => ($auth->acl_get('a_board')) ? true : false, 'S_ACTION_OPTIONS' => ($auth->acl_get('a_board')) ? true : false, 'S_FOUNDER' => ($user->data['user_type'] == USER_FOUNDER) ? true : false, ) diff --git a/phpBB/includes/acp/acp_modules.php b/phpBB/includes/acp/acp_modules.php index ea6b388328..9d14614417 100644 --- a/phpBB/includes/acp/acp_modules.php +++ b/phpBB/includes/acp/acp_modules.php @@ -46,6 +46,9 @@ class acp_modules $user->add_lang('acp/modules'); $this->tpl_name = 'acp_modules'; + $form_key = 'acp_modules'; + add_form_key($form_key); + // module class $this->module_class = $mode; @@ -119,6 +122,11 @@ class acp_modules trigger_error($user->lang['NO_MODULE_ID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING); } + if (!check_link_hash($request->variable('hash', ''), 'acp_modules')) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING); + } + $sql = 'SELECT * FROM ' . MODULES_TABLE . " WHERE module_class = '" . $db->sql_escape($this->module_class) . "' @@ -150,6 +158,11 @@ class acp_modules trigger_error($user->lang['NO_MODULE_ID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING); } + if (!check_link_hash($request->variable('hash', ''), 'acp_modules')) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING); + } + $sql = 'SELECT * FROM ' . MODULES_TABLE . " WHERE module_class = '" . $db->sql_escape($this->module_class) . "' @@ -273,6 +286,11 @@ class acp_modules if ($submit) { + if (!check_form_key($form_key)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING); + } + if (!$module_data['module_langname']) { trigger_error($user->lang['NO_MODULE_LANGNAME'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING); @@ -460,12 +478,12 @@ class acp_modules 'S_ACP_MODULE_MANAGEMENT' => ($this->module_class == 'acp' && ($row['module_basename'] == 'modules' || $row['module_langname'] == 'ACP_MODULE_MANAGEMENT')) ? true : false, 'U_MODULE' => $this->u_action . '&parent_id=' . $row['module_id'], - 'U_MOVE_UP' => $url . '&action=move_up', - 'U_MOVE_DOWN' => $url . '&action=move_down', + 'U_MOVE_UP' => $url . '&action=move_up&hash=' . generate_link_hash('acp_modules'), + 'U_MOVE_DOWN' => $url . '&action=move_down&hash=' . generate_link_hash('acp_modules'), 'U_EDIT' => $url . '&action=edit', 'U_DELETE' => $url . '&action=delete', - 'U_ENABLE' => $url . '&action=enable', - 'U_DISABLE' => $url . '&action=disable') + 'U_ENABLE' => $url . '&action=enable&hash=' . generate_link_hash('acp_modules'), + 'U_DISABLE' => $url . '&action=disable&hash=' . generate_link_hash('acp_modules')) ); } while ($row = $db->sql_fetchrow($result)); @@ -484,8 +502,8 @@ class acp_modules 'U_EDIT' => $url . '&action=edit', 'U_DELETE' => $url . '&action=delete', - 'U_ENABLE' => $url . '&action=enable', - 'U_DISABLE' => $url . '&action=disable') + 'U_ENABLE' => $url . '&action=enable&hash=' . generate_link_hash('acp_modules'), + 'U_DISABLE' => $url . '&action=disable&hash=' . generate_link_hash('acp_modules')) ); } $db->sql_freeresult($result); @@ -888,7 +906,7 @@ class acp_modules $diff = sizeof($moved_modules) * 2; $moved_ids = array(); - for ($i = 0; $i < sizeof($moved_modules); ++$i) + for ($i = 0, $size = sizeof($moved_modules); $i < $size; ++$i) { $moved_ids[] = $moved_modules[$i]['module_id']; } diff --git a/phpBB/includes/acp/acp_permission_roles.php b/phpBB/includes/acp/acp_permission_roles.php index cd3616208d..0796b36fef 100644 --- a/phpBB/includes/acp/acp_permission_roles.php +++ b/phpBB/includes/acp/acp_permission_roles.php @@ -30,8 +30,15 @@ class acp_permission_roles global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx; global $request; - include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx); - include_once($phpbb_root_path . 'includes/acp/auth.' . $phpEx); + if (!function_exists('user_get_id_name')) + { + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + } + + if (!class_exists('auth_admin')) + { + include($phpbb_root_path . 'includes/acp/auth.' . $phpEx); + } $this->auth_admin = new auth_admin(); @@ -359,6 +366,11 @@ class acp_permission_roles case 'move_up': case 'move_down': + if (!check_link_hash($request->variable('hash', ''), 'acp_permission_roles')) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + $sql = 'SELECT role_order FROM ' . ACL_ROLES_TABLE . " WHERE role_id = $role_id"; @@ -433,8 +445,8 @@ class acp_permission_roles 'U_EDIT' => $this->u_action . '&action=edit&role_id=' . $row['role_id'], 'U_REMOVE' => $this->u_action . '&action=remove&role_id=' . $row['role_id'], - 'U_MOVE_UP' => $this->u_action . '&action=move_up&role_id=' . $row['role_id'], - 'U_MOVE_DOWN' => $this->u_action . '&action=move_down&role_id=' . $row['role_id'], + 'U_MOVE_UP' => $this->u_action . '&action=move_up&role_id=' . $row['role_id'] . '&hash=' . generate_link_hash('acp_permission_roles'), + 'U_MOVE_DOWN' => $this->u_action . '&action=move_down&role_id=' . $row['role_id'] . '&hash=' . generate_link_hash('acp_permission_roles'), 'U_DISPLAY_ITEMS' => ($row['role_id'] == $display_item) ? '' : $this->u_action . '&display_item=' . $row['role_id'] . '#assigned_to') ); diff --git a/phpBB/includes/acp/acp_permissions.php b/phpBB/includes/acp/acp_permissions.php index cb408e304f..660afb4e93 100644 --- a/phpBB/includes/acp/acp_permissions.php +++ b/phpBB/includes/acp/acp_permissions.php @@ -30,8 +30,15 @@ class acp_permissions global $db, $user, $auth, $template, $cache, $phpbb_container; global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx; - include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx); - include_once($phpbb_root_path . 'includes/acp/auth.' . $phpEx); + if (!function_exists('user_get_id_name')) + { + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + } + + if (!class_exists('auth_admin')) + { + include($phpbb_root_path . 'includes/acp/auth.' . $phpEx); + } $this->permissions = $phpbb_container->get('acl.permissions'); diff --git a/phpBB/includes/acp/acp_profile.php b/phpBB/includes/acp/acp_profile.php index 43668b8ad5..2012d3c513 100644 --- a/phpBB/includes/acp/acp_profile.php +++ b/phpBB/includes/acp/acp_profile.php @@ -33,8 +33,15 @@ class acp_profile global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix; global $request, $phpbb_container, $phpbb_dispatcher; - include($phpbb_root_path . 'includes/functions_posting.' . $phpEx); - include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + if (!function_exists('generate_smilies')) + { + include($phpbb_root_path . 'includes/functions_posting.' . $phpEx); + } + + if (!function_exists('user_get_id_name')) + { + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + } $user->add_lang(array('ucp', 'acp/profile')); $this->tpl_name = 'acp_profile'; @@ -46,6 +53,9 @@ class acp_profile $error = array(); $s_hidden_fields = ''; + $form_key = 'acp_profile'; + add_form_key($form_key); + if (!$field_id && in_array($action, array('delete','activate', 'deactivate', 'move_up', 'move_down', 'edit'))) { trigger_error($user->lang['NO_FIELD_ID'] . adm_back_link($this->u_action), E_USER_WARNING); @@ -154,6 +164,11 @@ class acp_profile case 'activate': + if (!check_link_hash($request->variable('hash', ''), 'acp_profile')) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + $sql = 'SELECT lang_id FROM ' . LANG_TABLE . " WHERE lang_iso = '" . $db->sql_escape($config['default_lang']) . "'"; @@ -194,6 +209,11 @@ class acp_profile case 'deactivate': + if (!check_link_hash($request->variable('hash', ''), 'acp_profile')) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + $sql = 'UPDATE ' . PROFILE_FIELDS_TABLE . " SET field_active = 0 WHERE field_id = $field_id"; @@ -223,6 +243,11 @@ class acp_profile case 'move_up': case 'move_down': + if (!check_link_hash($request->variable('hash', ''), 'acp_profile')) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + $sql = 'SELECT field_order FROM ' . PROFILE_FIELDS_TABLE . " WHERE field_id = $field_id"; @@ -537,13 +562,14 @@ class acp_profile } } - $step = (isset($_REQUEST['next'])) ? $step + 1 : ((isset($_REQUEST['prev'])) ? $step - 1 : $step); - if (sizeof($error)) { - $step--; $submit = false; } + else + { + $step = (isset($_REQUEST['next'])) ? $step + 1 : ((isset($_REQUEST['prev'])) ? $step - 1 : $step); + } // Build up the specific hidden fields foreach ($exclude as $num => $key_ary) @@ -561,7 +587,7 @@ class acp_profile $var = $profile_field->prepare_hidden_fields($step, $key, $action, $field_data); if ($var !== null) { - $_new_key_ary[$key] = $profile_field->prepare_hidden_fields($step, $key, $action, $field_data); + $_new_key_ary[$key] = $var; } } $cp->vars = $field_data; @@ -571,12 +597,13 @@ class acp_profile if (!sizeof($error)) { - if ($step == 3 && (sizeof($this->lang_defs['iso']) == 1 || $save)) - { - $this->save_profile_field($cp, $field_type, $action); - } - else if ($action == 'edit' && $save) + if (($step == 3 && (sizeof($this->lang_defs['iso']) == 1 || $save)) || ($action == 'edit' && $save)) { + if (!check_form_key($form_key)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + $this->save_profile_field($cp, $field_type, $action); } } @@ -731,12 +758,12 @@ class acp_profile 'FIELD_TYPE' => $profile_field->get_name(), 'L_ACTIVATE_DEACTIVATE' => $user->lang[$active_lang], - 'U_ACTIVATE_DEACTIVATE' => $this->u_action . "&action=$active_value&field_id=$id", + 'U_ACTIVATE_DEACTIVATE' => $this->u_action . "&action=$active_value&field_id=$id" . '&hash=' . generate_link_hash('acp_profile'), 'U_EDIT' => $this->u_action . "&action=edit&field_id=$id", 'U_TRANSLATE' => $this->u_action . "&action=edit&field_id=$id&step=3", 'U_DELETE' => $this->u_action . "&action=delete&field_id=$id", - 'U_MOVE_UP' => $this->u_action . "&action=move_up&field_id=$id", - 'U_MOVE_DOWN' => $this->u_action . "&action=move_down&field_id=$id", + 'U_MOVE_UP' => $this->u_action . "&action=move_up&field_id=$id" . '&hash=' . generate_link_hash('acp_profile'), + 'U_MOVE_DOWN' => $this->u_action . "&action=move_down&field_id=$id" . '&hash=' . generate_link_hash('acp_profile'), 'S_NEED_EDIT' => $s_need_edit) ); diff --git a/phpBB/includes/acp/acp_prune.php b/phpBB/includes/acp/acp_prune.php index e17399e3d9..98d9caabdd 100644 --- a/phpBB/includes/acp/acp_prune.php +++ b/phpBB/includes/acp/acp_prune.php @@ -28,7 +28,11 @@ class acp_prune global $user, $phpEx, $phpbb_admin_path, $phpbb_root_path; $user->add_lang('acp/prune'); - include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx); + + if (!function_exists('user_active_flip')) + { + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + } switch ($mode) { diff --git a/phpBB/includes/acp/acp_reasons.php b/phpBB/includes/acp/acp_reasons.php index 3d7ccf422c..bd40a88138 100644 --- a/phpBB/includes/acp/acp_reasons.php +++ b/phpBB/includes/acp/acp_reasons.php @@ -282,6 +282,11 @@ class acp_reasons case 'move_up': case 'move_down': + if (!check_link_hash($request->variable('hash', ''), 'acp_reasons')) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + $sql = 'SELECT reason_order FROM ' . REPORTS_REASONS_TABLE . " WHERE reason_id = $reason_id"; @@ -383,8 +388,8 @@ class acp_reasons 'U_EDIT' => $this->u_action . '&action=edit&id=' . $row['reason_id'], 'U_DELETE' => (!$other_reason) ? $this->u_action . '&action=delete&id=' . $row['reason_id'] : '', - 'U_MOVE_UP' => $this->u_action . '&action=move_up&id=' . $row['reason_id'], - 'U_MOVE_DOWN' => $this->u_action . '&action=move_down&id=' . $row['reason_id']) + 'U_MOVE_UP' => $this->u_action . '&action=move_up&id=' . $row['reason_id'] . '&hash=' . generate_link_hash('acp_reasons'), + 'U_MOVE_DOWN' => $this->u_action . '&action=move_down&id=' . $row['reason_id'] . '&hash=' . generate_link_hash('acp_reasons')) ); } $db->sql_freeresult($result); diff --git a/phpBB/includes/acp/acp_search.php b/phpBB/includes/acp/acp_search.php index abb8301507..cc1e5df084 100644 --- a/phpBB/includes/acp/acp_search.php +++ b/phpBB/includes/acp/acp_search.php @@ -50,11 +50,16 @@ class acp_search function settings($id, $mode) { - global $db, $user, $auth, $template, $cache; + global $db, $user, $auth, $template, $cache, $request; global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx; $submit = (isset($_POST['submit'])) ? true : false; + if ($submit && !check_link_hash($request->variable('hash', ''), 'acp_search')) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + $search_types = $this->get_search_types(); $settings = array( @@ -226,13 +231,13 @@ class acp_search 'S_YES_SEARCH' => (bool) $config['load_search'], 'S_SETTINGS' => true, - 'U_ACTION' => $this->u_action) + 'U_ACTION' => $this->u_action . '&hash=' . generate_link_hash('acp_search')) ); } function index($id, $mode) { - global $db, $user, $auth, $template, $cache; + global $db, $user, $auth, $template, $cache, $request; global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx; $action = request_var('action', ''); @@ -244,6 +249,12 @@ class acp_search $this->state = array(); $this->save_state(); } + $submit = $request->is_set_post('submit', false); + + if (!check_link_hash($request->variable('hash', ''), 'acp_search') && in_array($action, array('create', 'delete'))) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } if ($action) { @@ -294,7 +305,7 @@ class acp_search if (method_exists($this->search, 'delete_index')) { // pass a reference to myself so the $search object can make use of save_state() and attributes - if ($error = $this->search->delete_index($this, append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&mode=$mode&action=delete", false))) + if ($error = $this->search->delete_index($this, append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&mode=$mode&action=delete&hash=" . generate_link_hash('acp_search'), false))) { $this->state = array(''); $this->save_state(); @@ -339,7 +350,7 @@ class acp_search $mtime = explode(' ', microtime()); $totaltime = $mtime[0] + $mtime[1] - $starttime; $rows_per_second = $row_count / $totaltime; - meta_refresh(1, append_sid($this->u_action . '&action=delete&skip_rows=' . $post_counter)); + meta_refresh(1, append_sid($this->u_action . '&action=delete&skip_rows=' . $post_counter . '&hash=' . generate_link_hash('acp_search'))); trigger_error($user->lang('SEARCH_INDEX_DELETE_REDIRECT', (int) $row_count, $post_counter, $rows_per_second)); } } @@ -429,7 +440,7 @@ class acp_search $mtime = explode(' ', microtime()); $totaltime = $mtime[0] + $mtime[1] - $starttime; $rows_per_second = $row_count / $totaltime; - meta_refresh(1, append_sid($this->u_action . '&action=create&skip_rows=' . $post_counter)); + meta_refresh(1, append_sid($this->u_action . '&action=create&skip_rows=' . $post_counter . '&hash=' . generate_link_hash('acp_search'))); trigger_error($user->lang('SEARCH_INDEX_CREATE_REDIRECT', (int) $row_count, $post_counter) . $user->lang('SEARCH_INDEX_CREATE_REDIRECT_RATE', $rows_per_second)); } } @@ -508,7 +519,7 @@ class acp_search $template->assign_vars(array( 'S_INDEX' => true, - 'U_ACTION' => $this->u_action, + 'U_ACTION' => $this->u_action . '&hash=' . generate_link_hash('acp_search'), 'U_PROGRESS_BAR' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&mode=$mode&action=progress_bar"), 'UA_PROGRESS_BAR' => addslashes(append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&mode=$mode&action=progress_bar")), )); @@ -517,7 +528,7 @@ class acp_search { $template->assign_vars(array( 'S_CONTINUE_INDEXING' => $this->state[1], - 'U_CONTINUE_INDEXING' => $this->u_action . '&action=' . $this->state[1], + 'U_CONTINUE_INDEXING' => $this->u_action . '&action=' . $this->state[1] . '&hash=' . generate_link_hash('acp_search'), 'L_CONTINUE' => ($this->state[1] == 'create') ? $user->lang['CONTINUE_INDEXING'] : $user->lang['CONTINUE_DELETING_INDEX'], 'L_CONTINUE_EXPLAIN' => ($this->state[1] == 'create') ? $user->lang['CONTINUE_INDEXING_EXPLAIN'] : $user->lang['CONTINUE_DELETING_INDEX_EXPLAIN']) ); diff --git a/phpBB/includes/acp/acp_send_statistics.php b/phpBB/includes/acp/acp_send_statistics.php index d178be2fb0..7c9e9cf78e 100644 --- a/phpBB/includes/acp/acp_send_statistics.php +++ b/phpBB/includes/acp/acp_send_statistics.php @@ -27,7 +27,10 @@ class acp_send_statistics { global $config, $template, $phpbb_admin_path, $phpbb_root_path, $phpEx; - include($phpbb_root_path . 'includes/questionnaire/questionnaire.' . $phpEx); + if (!class_exists('phpbb_questionnaire_data_collector')) + { + include($phpbb_root_path . 'includes/questionnaire/questionnaire.' . $phpEx); + } $collect_url = "https://www.phpbb.com/stats/receive_stats.php"; diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php index a36a6c1ecd..5181b87ecb 100644 --- a/phpBB/includes/acp/acp_styles.php +++ b/phpBB/includes/acp/acp_styles.php @@ -56,9 +56,12 @@ class acp_styles /** @var string */ protected $php_ext; + /** @var \phpbb\event\dispatcher_interface */ + protected $dispatcher; + public function main($id, $mode) { - global $db, $user, $phpbb_admin_path, $phpbb_root_path, $phpEx, $template, $request, $cache, $auth, $config; + global $db, $user, $phpbb_admin_path, $phpbb_root_path, $phpEx, $template, $request, $cache, $auth, $config, $phpbb_dispatcher; $this->db = $db; $this->user = $user; @@ -69,6 +72,7 @@ class acp_styles $this->config = $config; $this->phpbb_root_path = $phpbb_root_path; $this->php_ext = $phpEx; + $this->dispatcher = $phpbb_dispatcher; $this->default_style = $config['default_style']; $this->styles_path = $this->phpbb_root_path . $this->styles_path_absolute . '/'; @@ -118,6 +122,18 @@ class acp_styles ) ); + /** + * Run code before ACP styles action execution + * + * @event core.acp_styles_action_before + * @var int id Module ID + * @var string mode Active module + * @var string action Module that should be run + * @since 3.1.7-RC1 + */ + $vars = array('id', 'mode', 'action'); + extract($this->dispatcher->trigger_event('core.acp_styles_action_before', compact($vars))); + // Execute actions switch ($action) { diff --git a/phpBB/includes/acp/acp_update.php b/phpBB/includes/acp/acp_update.php index 0167a06dbb..529f0f2185 100644 --- a/phpBB/includes/acp/acp_update.php +++ b/phpBB/includes/acp/acp_update.php @@ -62,5 +62,17 @@ class acp_update 'UPDATE_INSTRUCTIONS' => sprintf($user->lang['UPDATE_INSTRUCTIONS'], $update_link), )); + + // Incomplete update? + if (phpbb_version_compare($config['version'], PHPBB_VERSION, '<')) + { + $database_update_link = append_sid($phpbb_root_path . 'install/database_update.' . $phpEx); + + $template->assign_vars(array( + 'S_UPDATE_INCOMPLETE' => true, + 'FILES_VERSION' => PHPBB_VERSION, + 'INCOMPLETE_INSTRUCTIONS' => $user->lang('UPDATE_INCOMPLETE_EXPLAIN', $database_update_link), + )); + } } } diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index 8c17fb6311..008cc02471 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -44,6 +44,11 @@ class acp_users $user_id = request_var('u', 0); $action = request_var('action', ''); + // Get referer to redirect user to the appropriate page after delete action + $redirect = request_var('redirect', ''); + $redirect_tag = "redirect=$redirect"; + $redirect_url = append_sid("{$phpbb_admin_path}index.$phpEx", "i=$redirect"); + $submit = (isset($_POST['update']) && !isset($_POST['cancel'])) ? true : false; $form_name = 'acp_users'; @@ -52,7 +57,10 @@ class acp_users // Whois (special case) if ($action == 'whois') { - include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + if (!function_exists('user_get_id_name')) + { + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + } $this->page_title = 'WHOIS'; $this->tpl_name = 'simple_body'; @@ -146,9 +154,9 @@ class acp_users } $template->assign_vars(array( - 'U_BACK' => $this->u_action, + 'U_BACK' => (empty($redirect)) ? $this->u_action : $redirect_url, 'U_MODE_SELECT' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&u=$user_id"), - 'U_ACTION' => $this->u_action . '&u=' . $user_id, + 'U_ACTION' => $this->u_action . '&u=' . $user_id . ((empty($redirect)) ? '' : '&' . $redirect_tag), 'S_FORM_OPTIONS' => $s_form_options, 'MANAGED_USERNAME' => $user_row['username']) ); @@ -165,7 +173,10 @@ class acp_users { case 'overview': - include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + if (!function_exists('user_get_id_name')) + { + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + } $user->add_lang('acp/ban'); @@ -221,19 +232,30 @@ class acp_users user_delete($delete_type, $user_id, $user_row['username']); add_log('admin', 'LOG_USER_DELETED', $user_row['username']); - trigger_error($user->lang['USER_DELETED'] . adm_back_link($this->u_action)); + trigger_error($user->lang['USER_DELETED'] . adm_back_link( + (empty($redirect)) ? $this->u_action : $redirect_url + ) + ); } else { - confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( + $delete_confirm_hidden_fields = array( 'u' => $user_id, 'i' => $id, 'mode' => $mode, 'action' => $action, 'update' => true, 'delete' => 1, - 'delete_type' => $delete_type)) + 'delete_type' => $delete_type, ); + + // Checks if the redirection page is specified + if (!empty($redirect)) + { + $delete_confirm_hidden_fields['redirect'] = $redirect; + } + + confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields($delete_confirm_hidden_fields)); } } else @@ -338,7 +360,10 @@ class acp_users if ($config['email_enable']) { - include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); + if (!class_exists('messenger')) + { + include($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); + } $server_url = generate_board_url(); @@ -348,11 +373,6 @@ class acp_users if ($user_row['user_type'] == USER_NORMAL) { user_active_flip('deactivate', $user_id, INACTIVE_REMIND); - - $sql = 'UPDATE ' . USERS_TABLE . " - SET user_actkey = '" . $db->sql_escape($user_actkey) . "' - WHERE user_id = $user_id"; - $db->sql_query($sql); } else { @@ -361,8 +381,18 @@ class acp_users FROM ' . USERS_TABLE . ' WHERE user_id = ' . $user_id; $result = $db->sql_query($sql); - $user_actkey = (string) $db->sql_fetchfield('user_actkey'); + $user_activation_key = (string) $db->sql_fetchfield('user_actkey'); $db->sql_freeresult($result); + + $user_actkey = empty($user_activation_key) ? $user_actkey : $user_activation_key; + } + + if ($user_row['user_type'] == USER_NORMAL || empty($user_activation_key)) + { + $sql = 'UPDATE ' . USERS_TABLE . " + SET user_actkey = '" . $db->sql_escape($user_actkey) . "' + WHERE user_id = $user_id"; + $db->sql_query($sql); } $messenger = new messenger(false); @@ -421,7 +451,10 @@ class acp_users $phpbb_notifications = $phpbb_container->get('notification_manager'); $phpbb_notifications->delete_notifications('notification.type.admin_activate_user', $user_row['user_id']); - include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); + if (!class_exists('messenger')) + { + include($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); + } $messenger = new messenger(false); @@ -1345,7 +1378,10 @@ class acp_users case 'profile': - include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + if (!function_exists('user_get_id_name')) + { + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + } $cp = $phpbb_container->get('profilefields.manager'); @@ -1504,7 +1540,10 @@ class acp_users case 'prefs': - include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + if (!function_exists('user_get_id_name')) + { + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + } $data = array( 'dateformat' => utf8_normalize_nfc(request_var('dateformat', $user_row['user_dateformat'], true)), @@ -1553,7 +1592,7 @@ class acp_users if ($submit) { $error = validate_data($data, array( - 'dateformat' => array('string', false, 1, 30), + 'dateformat' => array('string', false, 1, 64), 'lang' => array('match', false, '#^[a-z_\-]{2,}$#i'), 'tz' => array('timezone'), @@ -1774,13 +1813,12 @@ class acp_users case 'avatar': - include($phpbb_root_path . 'includes/functions_display.' . $phpEx); - $avatars_enabled = false; + /** @var \phpbb\avatar\manager $phpbb_avatar_manager */ + $phpbb_avatar_manager = $phpbb_container->get('avatar.manager'); if ($config['allow_avatar']) { - $phpbb_avatar_manager = $phpbb_container->get('avatar.manager'); $avatar_drivers = $phpbb_avatar_manager->get_enabled_drivers(); // This is normalised data, without the user_ prefix @@ -1841,14 +1879,21 @@ class acp_users $selected_driver = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', $user_row['user_avatar_type'])); + // Assign min and max values before generating avatar driver html + $template->assign_vars(array( + 'AVATAR_MIN_WIDTH' => $config['avatar_min_width'], + 'AVATAR_MAX_WIDTH' => $config['avatar_max_width'], + 'AVATAR_MIN_HEIGHT' => $config['avatar_min_height'], + 'AVATAR_MAX_HEIGHT' => $config['avatar_max_height'], + )); + foreach ($avatar_drivers as $current_driver) { $driver = $phpbb_avatar_manager->get_driver($current_driver); $avatars_enabled = true; - $config_name = $phpbb_avatar_manager->get_driver_config_name($driver); $template->set_filenames(array( - 'avatar' => "acp_avatar_options_{$config_name}.html", + 'avatar' => $driver->get_acp_template_name(), )); if ($driver->prepare_form($request, $template, $user, $avatar_data, $error)) @@ -1868,8 +1913,12 @@ class acp_users } } - // Replace "error" strings with their real, localised form - $error = $phpbb_avatar_manager->localize_errors($user, $error); + // Avatar manager is not initialized if avatars are disabled + if (isset($phpbb_avatar_manager)) + { + // Replace "error" strings with their real, localised form + $error = $phpbb_avatar_manager->localize_errors($user, $error); + } $avatar = phpbb_get_user_avatar($user_row, 'USER_AVATAR', true); @@ -1930,8 +1979,15 @@ class acp_users case 'sig': - include_once($phpbb_root_path . 'includes/functions_posting.' . $phpEx); - include_once($phpbb_root_path . 'includes/functions_display.' . $phpEx); + if (!function_exists('generate_smilies')) + { + include($phpbb_root_path . 'includes/functions_posting.' . $phpEx); + } + + if (!function_exists('display_custom_bbcodes')) + { + include($phpbb_root_path . 'includes/functions_display.' . $phpEx); + } $enable_bbcode = ($config['allow_sig_bbcode']) ? (bool) $this->optionget($user_row, 'sig_bbcode') : false; $enable_smilies = ($config['allow_sig_smilies']) ? (bool) $this->optionget($user_row, 'sig_smilies') : false; @@ -1942,7 +1998,10 @@ class acp_users if ($submit || $preview) { - include_once($phpbb_root_path . 'includes/message_parser.' . $phpEx); + if (!class_exists('messenger')) + { + include($phpbb_root_path . 'includes/message_parser.' . $phpEx); + } $enable_bbcode = ($config['allow_sig_bbcode']) ? ((request_var('disable_bbcode', false)) ? false : true) : false; $enable_smilies = ($config['allow_sig_smilies']) ? ((request_var('disable_smilies', false)) ? false : true) : false; @@ -2183,7 +2242,10 @@ class acp_users case 'groups': - include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + if (!function_exists('group_user_attributes')) + { + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + } $user->add_lang(array('groups', 'acp/groups')); $group_id = request_var('g', 0); @@ -2217,6 +2279,12 @@ class acp_users { trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } + + if (!check_link_hash($request->variable('hash', ''), 'acp_users')) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + group_user_attributes($action, $group_id, $user_id); if ($action == 'default') @@ -2374,8 +2442,8 @@ class acp_users { $template->assign_block_vars('group', array( 'U_EDIT_GROUP' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=groups&mode=manage&action=edit&u=$user_id&g={$data['group_id']}&back_link=acp_users_groups"), - 'U_DEFAULT' => $this->u_action . "&action=default&u=$user_id&g=" . $data['group_id'], - 'U_DEMOTE_PROMOTE' => $this->u_action . '&action=' . (($data['group_leader']) ? 'demote' : 'promote') . "&u=$user_id&g=" . $data['group_id'], + 'U_DEFAULT' => $this->u_action . "&action=default&u=$user_id&g=" . $data['group_id'] . '&hash=' . generate_link_hash('acp_users'), + 'U_DEMOTE_PROMOTE' => $this->u_action . '&action=' . (($data['group_leader']) ? 'demote' : 'promote') . "&u=$user_id&g=" . $data['group_id'] . '&hash=' . generate_link_hash('acp_users'), 'U_DELETE' => $this->u_action . "&action=delete&u=$user_id&g=" . $data['group_id'], 'U_APPROVE' => ($group_type == 'pending') ? $this->u_action . "&action=approve&u=$user_id&g=" . $data['group_id'] : '', @@ -2399,7 +2467,10 @@ class acp_users case 'perm': - include_once($phpbb_root_path . 'includes/acp/auth.' . $phpEx); + if (!class_exists('auth_admin')) + { + include($phpbb_root_path . 'includes/acp/auth.' . $phpEx); + } $auth_admin = new auth_admin(); diff --git a/phpBB/includes/acp/auth.php b/phpBB/includes/acp/auth.php index 905e981cdc..52c45499b2 100644 --- a/phpBB/includes/acp/auth.php +++ b/phpBB/includes/acp/auth.php @@ -1113,6 +1113,11 @@ class auth_admin extends \phpbb\auth\auth @reset($category_array); while (list($cat, $cat_array) = each($category_array)) { + if (!$phpbb_permissions->category_defined($cat)) + { + continue; + } + $template->assign_block_vars($tpl_cat, array( 'S_YES' => ($cat_array['S_YES'] && !$cat_array['S_NEVER'] && !$cat_array['S_NO']) ? true : false, 'S_NEVER' => ($cat_array['S_NEVER'] && !$cat_array['S_YES'] && !$cat_array['S_NO']) ? true : false, @@ -1139,6 +1144,11 @@ class auth_admin extends \phpbb\auth\auth @reset($cat_array['permissions']); while (list($permission, $allowed) = each($cat_array['permissions'])) { + if (!$phpbb_permissions->permission_defined($permission)) + { + continue; + } + if ($s_view) { $template->assign_block_vars($tpl_cat . '.' . $tpl_mask, array( diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index 62e5fe7a0a..23839e3d9a 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -28,7 +28,7 @@ if (!defined('IN_PHPBB')) */ // phpBB Version -define('PHPBB_VERSION', '3.1.6-dev'); +define('PHPBB_VERSION', '3.1.10'); // QA-related // define('PHPBB_QA', 1); diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index fff55d993e..a152d9b620 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2233,7 +2233,6 @@ function generate_board_url($without_script_path = false) global $config, $user, $request; $server_name = $user->host; - $server_port = $request->server('SERVER_PORT', 0); // Forcing server vars is the only way to specify/override the protocol if ($config['force_server_vars'] || !$server_name) @@ -2248,6 +2247,13 @@ function generate_board_url($without_script_path = false) } else { + $server_port = $request->server('SERVER_PORT', 0); + $forwarded_proto = $request->server('HTTP_X_FORWARDED_PROTO'); + + if (!empty($forwarded_proto) && $forwarded_proto === 'https') + { + $server_port = 443; + } // Do not rely on cookie_secure, users seem to think that it means a secured cookie instead of an encrypted connection $cookie_secure = $request->is_secure() ? 1 : 0; $url = (($cookie_secure) ? 'https://' : 'http://') . $server_name; @@ -2401,6 +2407,7 @@ function redirect($url, $return = false, $disable_cd_check = false) echo '<html dir="' . $user->lang['DIRECTION'] . '" lang="' . $user->lang['USER_LANG'] . '">'; echo '<head>'; echo '<meta charset="utf-8">'; + echo '<meta http-equiv="X-UA-Compatible" content="IE=edge">'; echo '<meta http-equiv="refresh" content="0; url=' . str_replace('&', '&', $url) . '" />'; echo '<title>' . $user->lang['REDIRECT'] . '</title>'; echo '</head>'; @@ -2602,8 +2609,9 @@ function check_link_hash($token, $link_name) /** * Add a secret token to the form (requires the S_FORM_TOKEN template variable) * @param string $form_name The name of the form; has to match the name used in check_form_key, otherwise no restrictions apply +* @param string $template_variable_suffix A string that is appended to the name of the template variable to which the form elements are assigned */ -function add_form_key($form_name) +function add_form_key($form_name, $template_variable_suffix = '') { global $config, $template, $user, $phpbb_dispatcher; @@ -2620,13 +2628,15 @@ function add_form_key($form_name) * Perform additional actions on creation of the form token * * @event core.add_form_key - * @var string form_name The form name - * @var int now Current time timestamp - * @var string s_fields Generated hidden fields - * @var string token Form token - * @var string token_sid User session ID + * @var string form_name The form name + * @var int now Current time timestamp + * @var string s_fields Generated hidden fields + * @var string token Form token + * @var string token_sid User session ID + * @var string template_variable_suffix The string that is appended to template variable name * * @since 3.1.0-RC3 + * @changed 3.1.11-RC1 Added template_variable_suffix */ $vars = array( 'form_name', @@ -2634,12 +2644,11 @@ function add_form_key($form_name) 's_fields', 'token', 'token_sid', + 'template_variable_suffix', ); extract($phpbb_dispatcher->trigger_event('core.add_form_key', compact($vars))); - $template->assign_vars(array( - 'S_FORM_TOKEN' => $s_fields, - )); + $template->assign_var('S_FORM_TOKEN' . $template_variable_suffix, $s_fields); } /** @@ -2821,6 +2830,21 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa $user->setup(); } + /** + * This event allows an extension to modify the login process + * + * @event core.login_box_before + * @var string redirect Redirect string + * @var string l_explain Explain language string + * @var string l_success Success language string + * @var bool admin Is admin? + * @var bool s_display Display full login form? + * @var string err Error string + * @since 3.1.9-RC1 + */ + $vars = array('redirect', 'l_explain', 'l_success', 'admin', 's_display', 'err'); + extract($phpbb_dispatcher->trigger_event('core.login_box_before', compact($vars))); + // Print out error if user tries to authenticate as an administrator without having the privileges... if ($admin && !$auth->acl_get('a_')) { @@ -2833,7 +2857,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa trigger_error('NO_AUTH_ADMIN'); } - if ($request->is_set_post('login') || ($request->is_set('login') && $request->variable('login', '') == 'external')) + if (empty($err) && ($request->is_set_post('login') || ($request->is_set('login') && $request->variable('login', '') == 'external'))) { // Get credential if ($admin) @@ -2902,11 +2926,11 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa * * @event core.login_box_redirect * @var string redirect Redirect string - * @var boolean admin Is admin? - * @var bool return If true, do not redirect but return the sanitized URL. + * @var bool admin Is admin? * @since 3.1.0-RC5 + * @changed 3.1.9-RC1 Removed undefined return variable */ - $vars = array('redirect', 'admin', 'return'); + $vars = array('redirect', 'admin'); extract($phpbb_dispatcher->trigger_event('core.login_box_redirect', compact($vars))); // append/replace SID (may change during the session for AOL users) @@ -3982,6 +4006,7 @@ function msg_handler($errno, $msg_text, $errfile, $errline) echo '<html dir="ltr">'; echo '<head>'; echo '<meta charset="utf-8">'; + echo '<meta http-equiv="X-UA-Compatible" content="IE=edge">'; echo '<title>' . $msg_title . '</title>'; echo '<style type="text/css">' . "\n" . '/* <![CDATA[ */' . "\n"; echo '* { margin: 0; padding: 0; } html { font-size: 100%; height: 100%; margin-bottom: 1px; background-color: #E4EDF0; } body { font-family: "Lucida Grande", Verdana, Helvetica, Arial, sans-serif; color: #536482; background: #E4EDF0; font-size: 62.5%; margin: 0; } '; @@ -4264,10 +4289,14 @@ function obtain_users_online_string($online_users, $item_id = 0, $item = 'forum' if (sizeof($online_users['online_users'])) { - $sql = 'SELECT username, username_clean, user_id, user_type, user_allow_viewonline, user_colour - FROM ' . USERS_TABLE . ' - WHERE ' . $db->sql_in_set('user_id', $online_users['online_users']) . ' - ORDER BY username_clean ASC'; + $sql_ary = array( + 'SELECT' => 'u.username, u.username_clean, u.user_id, u.user_type, u.user_allow_viewonline, u.user_colour', + 'FROM' => array( + USERS_TABLE => 'u', + ), + 'WHERE' => $db->sql_in_set('u.user_id', $online_users['online_users']), + 'ORDER_BY' => 'u.username_clean ASC', + ); /** * Modify SQL query to obtain online users data @@ -4279,13 +4308,14 @@ function obtain_users_online_string($online_users, $item_id = 0, $item = 'forum' * @var string item Restrict online users to a certain * session item, e.g. forum for * session_forum_id - * @var string sql SQL query to obtain users online data + * @var array sql_ary SQL query array to obtain users online data * @since 3.1.4-RC1 + * @changed 3.1.7-RC1 Change sql query into array and adjust var accordingly. Allows extension authors the ability to adjust the sql_ary. */ - $vars = array('online_users', 'item_id', 'item', 'sql'); + $vars = array('online_users', 'item_id', 'item', 'sql_ary'); extract($phpbb_dispatcher->trigger_event('core.obtain_users_online_string_sql', compact($vars))); - $result = $db->sql_query($sql); + $result = $db->sql_query($db->sql_build_query('SELECT', $sql_ary)); $rowset = $db->sql_fetchrowset($result); $db->sql_freeresult($result); @@ -4299,13 +4329,37 @@ function obtain_users_online_string($online_users, $item_id = 0, $item = 'forum' $row['username'] = '<em>' . $row['username'] . '</em>'; } - if (!isset($online_users['hidden_users'][$row['user_id']]) || $auth->acl_get('u_viewonline')) + if (!isset($online_users['hidden_users'][$row['user_id']]) || $auth->acl_get('u_viewonline') || $row['user_id'] === $user->data['user_id']) { $user_online_link[$row['user_id']] = get_username_string(($row['user_type'] <> USER_IGNORE) ? 'full' : 'no_profile', $row['user_id'], $row['username'], $row['user_colour']); } } } } + + /** + * Modify online userlist data + * + * @event core.obtain_users_online_string_before_modify + * @var array online_users Array with online users data + * from obtain_users_online() + * @var int item_id Restrict online users to item id + * @var string item Restrict online users to a certain + * session item, e.g. forum for + * session_forum_id + * @var array rowset Array with online users data + * @var array user_online_link Array with online users items (usernames) + * @since 3.1.10-RC1 + */ + $vars = array( + 'online_users', + 'item_id', + 'item', + 'rowset', + 'user_online_link', + ); + extract($phpbb_dispatcher->trigger_event('core.obtain_users_online_string_before_modify', compact($vars))); + $online_userlist = implode(', ', $user_online_link); if (!$online_userlist) @@ -4837,7 +4891,7 @@ function phpbb_get_avatar($row, $alt, $ignore_config = false, $lazy = false) ); $phpbb_avatar_manager = $phpbb_container->get('avatar.manager'); - $driver = $phpbb_avatar_manager->get_driver($row['avatar_type'], $ignore_config); + $driver = $phpbb_avatar_manager->get_driver($row['avatar_type'], !$ignore_config); $html = ''; if ($driver) @@ -4848,7 +4902,7 @@ function phpbb_get_avatar($row, $alt, $ignore_config = false, $lazy = false) return $html; } - $avatar_data = $driver->get_data($row, $ignore_config); + $avatar_data = $driver->get_data($row); } else { @@ -4904,7 +4958,7 @@ function phpbb_get_avatar($row, $alt, $ignore_config = false, $lazy = false) /** * Generate page header */ -function page_header($page_title = '', $display_online_list = false, $item_id = 0, $item = 'forum') +function page_header($page_title = '', $display_online_list = false, $item_id = 0, $item = 'forum', $send_headers = true) { global $db, $config, $template, $SID, $_SID, $_EXTRA_URL, $user, $auth, $phpEx, $phpbb_root_path; global $phpbb_dispatcher, $request, $phpbb_container, $phpbb_admin_path; @@ -4964,6 +5018,8 @@ function page_header($page_title = '', $display_online_list = false, $item_id = } } + $user->update_session_infos(); + // Generate logged in/logged out status if ($user->data['user_id'] != ANONYMOUS) { @@ -5242,17 +5298,22 @@ function page_header($page_title = '', $display_online_list = false, $item_id = 'SITE_LOGO_IMG' => $user->img('site_logo'), )); - // An array of http headers that phpbb will set. The following event may override these. - $http_headers = array( - // application/xhtml+xml not used because of IE - 'Content-type' => 'text/html; charset=UTF-8', - 'Cache-Control' => 'private, no-cache="set-cookie"', - 'Expires' => gmdate('D, d M Y H:i:s', time()) . ' GMT', - ); - if (!empty($user->data['is_bot'])) + $http_headers = array(); + + if ($send_headers) { - // Let reverse proxies know we detected a bot. - $http_headers['X-PHPBB-IS-BOT'] = 'yes'; + // An array of http headers that phpbb will set. The following event may override these. + $http_headers += array( + // application/xhtml+xml not used because of IE + 'Content-type' => 'text/html; charset=UTF-8', + 'Cache-Control' => 'private, no-cache="set-cookie"', + 'Expires' => gmdate('D, d M Y H:i:s', time()) . ' GMT', + ); + if (!empty($user->data['is_bot'])) + { + // Let reverse proxies know we detected a bot. + $http_headers['X-PHPBB-IS-BOT'] = 'yes'; + } } /** diff --git a/phpBB/includes/functions_acp.php b/phpBB/includes/functions_acp.php index d566336d26..c4afb39ff0 100644 --- a/phpBB/includes/functions_acp.php +++ b/phpBB/includes/functions_acp.php @@ -55,6 +55,8 @@ function adm_page_header($page_title) return; } + $user->update_session_infos(); + // gzip_compression if ($config['gzip_compress']) { @@ -254,46 +256,49 @@ function build_cfg_template($tpl_type, $key, &$new, $config_key, $vars) case 'text': case 'url': case 'email': - case 'color': - case 'date': - case 'time': - case 'datetime': - case 'datetime-local': - case 'month': - case 'range': - case 'search': case 'tel': - case 'week': + case 'search': + // maxlength and size are only valid for these types and will be + // ignored for other input types. $size = (int) $tpl_type[1]; $maxlength = (int) $tpl_type[2]; $tpl = '<input id="' . $key . '" type="' . $tpl_type[0] . '"' . (($size) ? ' size="' . $size . '"' : '') . ' maxlength="' . (($maxlength) ? $maxlength : 255) . '" name="' . $name . '" value="' . $new[$config_key] . '"' . (($tpl_type[0] === 'password') ? ' autocomplete="off"' : '') . ' />'; break; + case 'color': + case 'datetime': + case 'datetime-local': + case 'month': + case 'week': + $tpl = '<input id="' . $key . '" type="' . $tpl_type[0] . '" name="' . $name . '" value="' . $new[$config_key] . '" />'; + break; + + case 'date': + case 'time': case 'number': - $min = $max = $maxlength = ''; + case 'range': + $max = ''; $min = ( isset($tpl_type[1]) ) ? (int) $tpl_type[1] : false; if ( isset($tpl_type[2]) ) { $max = (int) $tpl_type[2]; - $maxlength = strlen( (string) $max ); } - $tpl = '<input id="' . $key . '" type="number" maxlength="' . (( $maxlength != '' ) ? $maxlength : 255) . '"' . (( $min != '' ) ? ' min="' . $min . '"' : '') . (( $max != '' ) ? ' max="' . $max . '"' : '') . ' name="' . $name . '" value="' . $new[$config_key] . '" />'; + $tpl = '<input id="' . $key . '" type="' . $tpl_type[0] . '"' . (( $min != '' ) ? ' min="' . $min . '"' : '') . (( $max != '' ) ? ' max="' . $max . '"' : '') . ' name="' . $name . '" value="' . $new[$config_key] . '" />'; break; case 'dimension': - $min = $max = $maxlength = $size = ''; + $max = ''; $min = (int) $tpl_type[1]; if ( isset($tpl_type[2]) ) { $max = (int) $tpl_type[2]; - $size = $maxlength = strlen( (string) $max ); } - $tpl = '<input id="' . $key . '" type="number"' . (( $size != '' ) ? ' size="' . $size . '"' : '') . ' maxlength="' . (($maxlength != '') ? $maxlength : 255) . '"' . (( $min !== '' ) ? ' min="' . $min . '"' : '') . (( $max != '' ) ? ' max="' . $max . '"' : '') . ' name="config[' . $config_key . '_width]" value="' . $new[$config_key . '_width'] . '" /> x <input type="number"' . (( $size != '' ) ? ' size="' . $size . '"' : '') . ' maxlength="' . (($maxlength != '') ? $maxlength : 255) . '"' . (( $min !== '' ) ? ' min="' . $min . '"' : '') . (( $max != '' ) ? ' max="' . $max . '"' : '') . ' name="config[' . $config_key . '_height]" value="' . $new[$config_key . '_height'] . '" />'; + $tpl = '<input id="' . $key . '" type="number"' . (( $min !== '' ) ? ' min="' . $min . '"' : '') . (( $max != '' ) ? ' max="' . $max . '"' : '') . ' name="config[' . $config_key . '_width]" value="' . $new[$config_key . '_width'] . '" /> x <input type="number"' . (( $min !== '' ) ? ' min="' . $min . '"' : '') . (( $max != '' ) ? ' max="' . $max . '"' : '') . ' name="config[' . $config_key . '_height]" value="' . $new[$config_key . '_height'] . '" />'; break; case 'textarea': diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php index afd3dce730..1dc246ec33 100644 --- a/phpBB/includes/functions_admin.php +++ b/phpBB/includes/functions_admin.php @@ -65,7 +65,7 @@ function recalc_nested_sets(&$new_id, $pkey, $table, $parent_id = 0, $where = ar */ function make_forum_select($select_id = false, $ignore_id = false, $ignore_acl = false, $ignore_nonpost = false, $ignore_emptycat = true, $only_acl_post = false, $return_array = false) { - global $db, $user, $auth; + global $db, $user, $auth, $phpbb_dispatcher; // This query is identical to the jumpbox one $sql = 'SELECT forum_id, forum_name, parent_id, forum_type, forum_flags, forum_options, left_id, right_id @@ -73,16 +73,33 @@ function make_forum_select($select_id = false, $ignore_id = false, $ignore_acl = ORDER BY left_id ASC'; $result = $db->sql_query($sql, 600); + $rowset = array(); + while ($row = $db->sql_fetchrow($result)) + { + $rowset[(int) $row['forum_id']] = $row; + } + $db->sql_freeresult($result); + $right = 0; $padding_store = array('0' => ''); $padding = ''; $forum_list = ($return_array) ? array() : ''; + /** + * Modify the forum list data + * + * @event core.make_forum_select_modify_forum_list + * @var array rowset Array with the forums list data + * @since 3.1.10-RC1 + */ + $vars = array('rowset'); + extract($phpbb_dispatcher->trigger_event('core.make_forum_select_modify_forum_list', compact($vars))); + // Sometimes it could happen that forums will be displayed here not be displayed within the index page // This is the result of forums not displayed at index, having list permissions and a parent of a forum with no permissions. // If this happens, the padding could be "broken" - while ($row = $db->sql_fetchrow($result)) + foreach ($rowset as $row) { if ($row['left_id'] < $right) { @@ -133,8 +150,7 @@ function make_forum_select($select_id = false, $ignore_id = false, $ignore_acl = $forum_list .= '<option value="' . $row['forum_id'] . '"' . (($disabled) ? ' disabled="disabled" class="disabled-option"' : $selected) . '>' . $padding . $row['forum_name'] . '</option>'; } } - $db->sql_freeresult($result); - unset($padding_store); + unset($padding_store, $rowset); return $forum_list; } @@ -201,7 +217,7 @@ function group_select_options($group_id, $exclude_ids = false, $manage_founder = */ function get_forum_list($acl_list = 'f_list', $id_only = true, $postable_only = false, $no_cache = false) { - global $db, $auth; + global $db, $auth, $phpbb_dispatcher; static $forum_rows; if (!isset($forum_rows)) @@ -256,6 +272,16 @@ function get_forum_list($acl_list = 'f_list', $id_only = true, $postable_only = } } + /** + * Modify the forum list data + * + * @event core.get_forum_list_modify_data + * @var array rowset Array with the forum list data + * @since 3.1.10-RC1 + */ + $vars = array('rowset'); + extract($phpbb_dispatcher->trigger_event('core.get_forum_list_modify_data', compact($vars))); + return $rowset; } @@ -576,7 +602,7 @@ function move_topics($topic_ids, $forum_id, $auto_sync = true) */ function move_posts($post_ids, $topic_id, $auto_sync = true) { - global $db; + global $db, $phpbb_dispatcher; if (!is_array($post_ids)) { @@ -610,6 +636,28 @@ function move_posts($post_ids, $topic_id, $auto_sync = true) trigger_error('NO_TOPIC'); } + /** + * Perform additional actions before moving posts + * + * @event core.move_posts_before + * @var array post_ids Array of post ids to move + * @var string topic_id The topic id the posts are moved to + * @var bool auto_sync Whether or not to perform auto sync + * @var array forum_ids Array of the forum ids the posts are moved from + * @var array topic_ids Array of the topic ids the posts are moved from + * @var array forum_row Array with the forum id of the topic the posts are moved to + * @since 3.1.7-RC1 + */ + $vars = array( + 'post_ids', + 'topic_id', + 'auto_sync', + 'forum_ids', + 'topic_ids', + 'forum_row', + ); + extract($phpbb_dispatcher->trigger_event('core.move_posts_before', compact($vars))); + $sql = 'UPDATE ' . POSTS_TABLE . ' SET forum_id = ' . (int) $forum_row['forum_id'] . ", topic_id = $topic_id WHERE " . $db->sql_in_set('post_id', $post_ids); @@ -620,6 +668,28 @@ function move_posts($post_ids, $topic_id, $auto_sync = true) WHERE " . $db->sql_in_set('post_msg_id', $post_ids); $db->sql_query($sql); + /** + * Perform additional actions after moving posts + * + * @event core.move_posts_after + * @var array post_ids Array of the moved post ids + * @var string topic_id The topic id the posts are moved to + * @var bool auto_sync Whether or not to perform auto sync + * @var array forum_ids Array of the forum ids the posts are moved from + * @var array topic_ids Array of the topic ids the posts are moved from + * @var array forum_row Array with the forum id of the topic the posts are moved to + * @since 3.1.7-RC1 + */ + $vars = array( + 'post_ids', + 'topic_id', + 'auto_sync', + 'forum_ids', + 'topic_ids', + 'forum_row', + ); + extract($phpbb_dispatcher->trigger_event('core.move_posts_after', compact($vars))); + if ($auto_sync) { $forum_ids[] = (int) $forum_row['forum_id']; @@ -785,6 +855,7 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync = 'notification.type.quote', 'notification.type.approve_post', 'notification.type.post_in_queue', + 'notification.type.report_post', ); /** @@ -886,6 +957,32 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync = $table_ary = array(POSTS_TABLE, REPORTS_TABLE); + /** + * Perform additional actions during post(s) deletion before running the queries + * + * @event core.delete_posts_in_transaction_before + * @var array post_ids Array with deleted posts' ids + * @var array poster_ids Array with deleted posts' author ids + * @var array topic_ids Array with deleted posts' topic ids + * @var array forum_ids Array with deleted posts' forum ids + * @var string where_type Variable containing posts deletion mode + * @var mixed where_ids Array or comma separated list of post ids to delete + * @var array delete_notifications_types Array with notifications types to delete + * @var array table_ary Array with table names to delete data from + * @since 3.1.7-RC1 + */ + $vars = array( + 'post_ids', + 'poster_ids', + 'topic_ids', + 'forum_ids', + 'where_type', + 'where_ids', + 'delete_notifications_types', + 'table_ary', + ); + extract($phpbb_dispatcher->trigger_event('core.delete_posts_in_transaction_before', compact($vars))); + foreach ($table_ary as $table) { $sql = "DELETE FROM $table @@ -1042,7 +1139,7 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync = */ function delete_attachments($mode, $ids, $resync = true) { - global $db, $config; + global $db, $config, $phpbb_dispatcher; // 0 is as bad as an empty array if (empty($ids)) @@ -1087,6 +1184,24 @@ function delete_attachments($mode, $ids, $resync = true) $post_ids = $message_ids = $topic_ids = $physical = array(); + /** + * Perform additional actions before collecting data for attachment(s) deletion + * + * @event core.delete_attachments_collect_data_before + * @var string mode Variable containing attachments deletion mode, can be: post|message|topic|attach|user + * @var mixed ids Array or comma separated list of ids corresponding to the mode + * @var bool resync Flag indicating if posts/messages/topics should be synchronized + * @var string sql_id The field name to collect/delete data for depending on the mode + * @since 3.1.7-RC1 + */ + $vars = array( + 'mode', + 'ids', + 'resync', + 'sql_id', + ); + extract($phpbb_dispatcher->trigger_event('core.delete_attachments_collect_data_before', compact($vars))); + // Collect post and topic ids for later use if we need to touch remaining entries (if resync is enabled) $sql = 'SELECT post_msg_id, topic_id, in_message, physical_filename, thumbnail, filesize, is_orphan FROM ' . ATTACHMENTS_TABLE . ' @@ -1116,6 +1231,32 @@ function delete_attachments($mode, $ids, $resync = true) } $db->sql_freeresult($result); + /** + * Perform additional actions before attachment(s) deletion + * + * @event core.delete_attachments_before + * @var string mode Variable containing attachments deletion mode, can be: post|message|topic|attach|user + * @var mixed ids Array or comma separated list of ids corresponding to the mode + * @var bool resync Flag indicating if posts/messages/topics should be synchronized + * @var string sql_id The field name to collect/delete data for depending on the mode + * @var array post_ids Array with post ids for deleted attachment(s) + * @var array topic_ids Array with topic ids for deleted attachment(s) + * @var array message_ids Array with private message ids for deleted attachment(s) + * @var array physical Array with deleted attachment(s) physical file(s) data + * @since 3.1.7-RC1 + */ + $vars = array( + 'mode', + 'ids', + 'resync', + 'sql_id', + 'post_ids', + 'topic_ids', + 'message_ids', + 'physical', + ); + extract($phpbb_dispatcher->trigger_event('core.delete_attachments_before', compact($vars))); + // Delete attachments $sql = 'DELETE FROM ' . ATTACHMENTS_TABLE . ' WHERE ' . $db->sql_in_set($sql_id, $ids); @@ -1125,6 +1266,34 @@ function delete_attachments($mode, $ids, $resync = true) $db->sql_query($sql); $num_deleted = $db->sql_affectedrows(); + /** + * Perform additional actions after attachment(s) deletion from the database + * + * @event core.delete_attachments_from_database_after + * @var string mode Variable containing attachments deletion mode, can be: post|message|topic|attach|user + * @var mixed ids Array or comma separated list of ids corresponding to the mode + * @var bool resync Flag indicating if posts/messages/topics should be synchronized + * @var string sql_id The field name to collect/delete data for depending on the mode + * @var array post_ids Array with post ids for deleted attachment(s) + * @var array topic_ids Array with topic ids for deleted attachment(s) + * @var array message_ids Array with private message ids for deleted attachment(s) + * @var array physical Array with deleted attachment(s) physical file(s) data + * @var int num_deleted The number of deleted attachment(s) from the database + * @since 3.1.7-RC1 + */ + $vars = array( + 'mode', + 'ids', + 'resync', + 'sql_id', + 'post_ids', + 'topic_ids', + 'message_ids', + 'physical', + 'num_deleted', + ); + extract($phpbb_dispatcher->trigger_event('core.delete_attachments_from_database_after', compact($vars))); + if (!$num_deleted) { return 0; @@ -1147,6 +1316,38 @@ function delete_attachments($mode, $ids, $resync = true) } } + /** + * Perform additional actions after attachment(s) deletion from the filesystem + * + * @event core.delete_attachments_from_filesystem_after + * @var string mode Variable containing attachments deletion mode, can be: post|message|topic|attach|user + * @var mixed ids Array or comma separated list of ids corresponding to the mode + * @var bool resync Flag indicating if posts/messages/topics should be synchronized + * @var string sql_id The field name to collect/delete data for depending on the mode + * @var array post_ids Array with post ids for deleted attachment(s) + * @var array topic_ids Array with topic ids for deleted attachment(s) + * @var array message_ids Array with private message ids for deleted attachment(s) + * @var array physical Array with deleted attachment(s) physical file(s) data + * @var int num_deleted The number of deleted attachment(s) from the database + * @var int space_removed The size of deleted files(s) from the filesystem + * @var int files_removed The number of deleted file(s) from the filesystem + * @since 3.1.7-RC1 + */ + $vars = array( + 'mode', + 'ids', + 'resync', + 'sql_id', + 'post_ids', + 'topic_ids', + 'message_ids', + 'physical', + 'num_deleted', + 'space_removed', + 'files_removed', + ); + extract($phpbb_dispatcher->trigger_event('core.delete_attachments_from_filesystem_after', compact($vars))); + if ($space_removed || $files_removed) { set_config_count('upload_dir_size', $space_removed * (-1), true); @@ -2356,7 +2557,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, /** * Prune function */ -function prune($forum_id, $prune_mode, $prune_date, $prune_flags = 0, $auto_sync = true) +function prune($forum_id, $prune_mode, $prune_date, $prune_flags = 0, $auto_sync = true, $prune_limit = 0) { global $db, $phpbb_dispatcher; @@ -2408,9 +2609,19 @@ function prune($forum_id, $prune_mode, $prune_date, $prune_flags = 0, $auto_sync * @var int prune_flags The prune flags * @var bool auto_sync Whether or not to perform auto sync * @var string sql_and SQL text appended to where clause + * @var int prune_limit The prune limit * @since 3.1.3-RC1 + * @changed 3.1.10-RC1 Added prune_limit */ - $vars = array('forum_id', 'prune_mode', 'prune_date', 'prune_flags', 'auto_sync', 'sql_and'); + $vars = array( + 'forum_id', + 'prune_mode', + 'prune_date', + 'prune_flags', + 'auto_sync', + 'sql_and', + 'prune_limit', + ); extract($phpbb_dispatcher->trigger_event('core.prune_sql', compact($vars))); $sql = 'SELECT topic_id @@ -2418,7 +2629,7 @@ function prune($forum_id, $prune_mode, $prune_date, $prune_flags = 0, $auto_sync WHERE ' . $db->sql_in_set('forum_id', $forum_id) . " AND poll_start = 0 $sql_and"; - $result = $db->sql_query($sql); + $result = $db->sql_query_limit($sql, $prune_limit); $topic_list = array(); while ($row = $db->sql_fetchrow($result)) @@ -2435,7 +2646,7 @@ function prune($forum_id, $prune_mode, $prune_date, $prune_flags = 0, $auto_sync AND poll_start > 0 AND poll_last_vote < $prune_date $sql_and"; - $result = $db->sql_query($sql); + $result = $db->sql_query_limit($sql, $prune_limit); while ($row = $db->sql_fetchrow($result)) { @@ -2468,12 +2679,15 @@ function auto_prune($forum_id, $prune_mode, $prune_flags, $prune_days, $prune_fr $prune_date = time() - ($prune_days * 86400); $next_prune = time() + ($prune_freq * 86400); - prune($forum_id, $prune_mode, $prune_date, $prune_flags, true); + $result = prune($forum_id, $prune_mode, $prune_date, $prune_flags, true, 300); - $sql = 'UPDATE ' . FORUMS_TABLE . " - SET prune_next = $next_prune - WHERE forum_id = $forum_id"; - $db->sql_query($sql); + if ($result['topics'] == 0 && $result['posts'] == 0) + { + $sql = 'UPDATE ' . FORUMS_TABLE . " + SET prune_next = $next_prune + WHERE forum_id = $forum_id"; + $db->sql_query($sql); + } add_log('admin', 'LOG_AUTO_PRUNE', $row['forum_name']); } @@ -2926,9 +3140,9 @@ function get_database_size() { $version = $row['mysql_version']; - if (preg_match('#(3\.23|[45]\.)#', $version)) + if (preg_match('#(3\.23|[45]\.|10\.[0-9]\.[0-9]{1,2}-+Maria)#', $version)) { - $db_name = (preg_match('#^(?:3\.23\.(?:[6-9]|[1-9]{2}))|[45]\.#', $version)) ? "`{$db->get_db_name()}`" : $db->get_db_name(); + $db_name = (preg_match('#^(?:3\.23\.(?:[6-9]|[1-9]{2}))|[45]\.|10\.[0-9]\.[0-9]{1,2}-+Maria#', $version)) ? "`{$db->get_db_name()}`" : $db->get_db_name(); $sql = 'SHOW TABLE STATUS FROM ' . $db_name; @@ -2937,7 +3151,7 @@ function get_database_size() $database_size = 0; while ($row = $db->sql_fetchrow($result)) { - if ((isset($row['Type']) && $row['Type'] != 'MRG_MyISAM') || (isset($row['Engine']) && ($row['Engine'] == 'MyISAM' || $row['Engine'] == 'InnoDB'))) + if ((isset($row['Type']) && $row['Type'] != 'MRG_MyISAM') || (isset($row['Engine']) && ($row['Engine'] == 'MyISAM' || $row['Engine'] == 'InnoDB' || $row['Engine'] == 'Aria'))) { if ($table_prefix != '') { @@ -3145,18 +3359,47 @@ function tidy_database() */ function add_permission_language() { - global $user, $phpEx, $phpbb_extension_manager; + global $config, $user, $phpEx, $phpbb_extension_manager; // add permission language files from extensions $finder = $phpbb_extension_manager->get_finder(); - $lang_files = $finder + // We grab the language files from the default, English and user's language. + // So we can fall back to the other files like we do when using add_lang() + $default_lang_files = $english_lang_files = $user_lang_files = array(); + + // Search for board default language if it's not the user language + if ($config['default_lang'] != $user->lang_name) + { + $default_lang_files = $finder + ->prefix('permissions_') + ->suffix(".$phpEx") + ->core_path('language/' . basename($config['default_lang']) . '/') + ->extension_directory('/language/' . basename($config['default_lang'])) + ->find(); + } + + // Search for english, if its not the default or user language + if ($config['default_lang'] != 'en' && $user->lang_name != 'en') + { + $english_lang_files = $finder + ->prefix('permissions_') + ->suffix(".$phpEx") + ->core_path('language/en/') + ->extension_directory('/language/en') + ->find(); + } + + // Find files in the user's language + $user_lang_files = $finder ->prefix('permissions_') ->suffix(".$phpEx") ->core_path('language/' . $user->lang_name . '/') ->extension_directory('/language/' . $user->lang_name) ->find(); + $lang_files = array_merge($english_lang_files, $default_lang_files, $user_lang_files); + foreach ($lang_files as $lang_file => $ext_name) { if ($ext_name === '/') diff --git a/phpBB/includes/functions_content.php b/phpBB/includes/functions_content.php index 6f861b8607..8e60804d6e 100644 --- a/phpBB/includes/functions_content.php +++ b/phpBB/includes/functions_content.php @@ -47,7 +47,7 @@ if (!defined('IN_PHPBB')) */ function gen_sort_selects(&$limit_days, &$sort_by_text, &$sort_days, &$sort_key, &$sort_dir, &$s_limit_days, &$s_sort_key, &$s_sort_dir, &$u_sort_param, $def_st = false, $def_sk = false, $def_sd = false) { - global $user; + global $user, $phpbb_dispatcher; $sort_dir_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']); @@ -106,6 +106,42 @@ function gen_sort_selects(&$limit_days, &$sort_by_text, &$sort_days, &$sort_key, $u_sort_param .= ($selected !== $sort_ary['default']) ? ((strlen($u_sort_param)) ? '&' : '') . "{$name}={$selected}" : ''; } + /** + * Run code before generated sort selects are returned + * + * @event core.gen_sort_selects_after + * @var int limit_days Days limit + * @var array sort_by_text Sort by text options + * @var int sort_days Sort by days flag + * @var string sort_key Sort key + * @var string sort_dir Sort dir + * @var string s_limit_days String of days limit + * @var string s_sort_key String of sort key + * @var string s_sort_dir String of sort dir + * @var string u_sort_param Sort URL params + * @var bool def_st Default sort days + * @var bool def_sk Default sort key + * @var bool def_sd Default sort dir + * @var array sorts Sorts + * @since 3.1.9-RC1 + */ + $vars = array( + 'limit_days', + 'sort_by_text', + 'sort_days', + 'sort_key', + 'sort_dir', + 's_limit_days', + 's_sort_key', + 's_sort_dir', + 'u_sort_param', + 'def_st', + 'def_sk', + 'def_sd', + 'sorts', + ); + extract($phpbb_dispatcher->trigger_event('core.gen_sort_selects_after', compact($vars))); + return; } @@ -114,7 +150,7 @@ function gen_sort_selects(&$limit_days, &$sort_by_text, &$sort_days, &$sort_key, */ function make_jumpbox($action, $forum_id = false, $select_all = false, $acl_list = false, $force_display = false) { - global $config, $auth, $template, $user, $db, $phpbb_path_helper; + global $config, $auth, $template, $user, $db, $phpbb_path_helper, $phpbb_dispatcher; // We only return if the jumpbox is not forced to be displayed (in case it is needed for functionality) if (!$config['load_jumpbox'] && $force_display === false) @@ -127,16 +163,33 @@ function make_jumpbox($action, $forum_id = false, $select_all = false, $acl_list ORDER BY left_id ASC'; $result = $db->sql_query($sql, 600); + $rowset = array(); + while ($row = $db->sql_fetchrow($result)) + { + $rowset[(int) $row['forum_id']] = $row; + } + $db->sql_freeresult($result); + $right = $padding = 0; $padding_store = array('0' => 0); $display_jumpbox = false; $iteration = 0; + /** + * Modify the jumpbox forum list data + * + * @event core.make_jumpbox_modify_forum_list + * @var array rowset Array with the forums list data + * @since 3.1.10-RC1 + */ + $vars = array('rowset'); + extract($phpbb_dispatcher->trigger_event('core.make_jumpbox_modify_forum_list', compact($vars))); + // Sometimes it could happen that forums will be displayed here not be displayed within the index page // This is the result of forums not displayed at index, having list permissions and a parent of a forum with no permissions. // If this happens, the padding could be "broken" - while ($row = $db->sql_fetchrow($result)) + foreach ($rowset as $row) { if ($row['left_id'] < $right) { @@ -169,20 +222,21 @@ function make_jumpbox($action, $forum_id = false, $select_all = false, $acl_list continue; } + $tpl_ary = array(); if (!$display_jumpbox) { - $template->assign_block_vars('jumpbox_forums', array( + $tpl_ary[] = array( 'FORUM_ID' => ($select_all) ? 0 : -1, 'FORUM_NAME' => ($select_all) ? $user->lang['ALL_FORUMS'] : $user->lang['SELECT_FORUM'], 'S_FORUM_COUNT' => $iteration, 'LINK' => $phpbb_path_helper->append_url_params($action, array('f' => $forum_id)), - )); + ); $iteration++; $display_jumpbox = true; } - $template->assign_block_vars('jumpbox_forums', array( + $tpl_ary[] = array( 'FORUM_ID' => $row['forum_id'], 'FORUM_NAME' => $row['forum_name'], 'SELECTED' => ($row['forum_id'] == $forum_id) ? ' selected="selected"' : '', @@ -191,7 +245,25 @@ function make_jumpbox($action, $forum_id = false, $select_all = false, $acl_list 'S_IS_LINK' => ($row['forum_type'] == FORUM_LINK) ? true : false, 'S_IS_POST' => ($row['forum_type'] == FORUM_POST) ? true : false, 'LINK' => $phpbb_path_helper->append_url_params($action, array('f' => $row['forum_id'])), - )); + ); + + /** + * Modify the jumpbox before it is assigned to the template + * + * @event core.make_jumpbox_modify_tpl_ary + * @var array row The data of the forum + * @var array tpl_ary Template data of the forum + * @since 3.1.10-RC1 + */ + $vars = array( + 'row', + 'tpl_ary', + ); + extract($phpbb_dispatcher->trigger_event('core.make_jumpbox_modify_tpl_ary', compact($vars))); + + $template->assign_block_vars_array('jumpbox_forums', $tpl_ary); + + unset($tpl_ary); for ($i = 0; $i < $padding; $i++) { @@ -199,8 +271,7 @@ function make_jumpbox($action, $forum_id = false, $select_all = false, $acl_list } $iteration++; } - $db->sql_freeresult($result); - unset($padding_store); + unset($padding_store, $rowset); $url_parts = $phpbb_path_helper->get_url_parts($action); @@ -392,7 +463,7 @@ function phpbb_clean_search_string($search_string) */ function decode_message(&$message, $bbcode_uid = '') { - global $config; + global $config, $phpbb_dispatcher; if ($bbcode_uid) { @@ -405,12 +476,38 @@ function decode_message(&$message, $bbcode_uid = '') $replace = array("\n"); } + /** + * Use this event to modify the message before it is decoded + * + * @event core.decode_message_before + * @var string message_text The message content + * @var string bbcode_uid The message BBCode UID + * @since 3.1.9-RC1 + */ + $message_text = $message; + $vars = array('message_text', 'bbcode_uid'); + extract($phpbb_dispatcher->trigger_event('core.decode_message_before', compact($vars))); + $message = $message_text; + $message = str_replace($match, $replace, $message); $match = get_preg_expression('bbcode_htm'); $replace = array('\1', '\1', '\2', '\1', '', ''); $message = preg_replace($match, $replace, $message); + + /** + * Use this event to modify the message after it is decoded + * + * @event core.decode_message_after + * @var string message_text The message content + * @var string bbcode_uid The message BBCode UID + * @since 3.1.9-RC1 + */ + $message_text = $message; + $vars = array('message_text', 'bbcode_uid'); + extract($phpbb_dispatcher->trigger_event('core.decode_message_after', compact($vars))); + $message = $message_text; } /** @@ -974,17 +1071,8 @@ function parse_attachments($forum_id, &$message, &$attachments, &$update_count, unset($new_attachment_data); } - // Sort correctly - if ($config['display_order']) - { - // Ascending sort - krsort($attachments); - } - else - { - // Descending sort - ksort($attachments); - } + // Make sure attachments are properly ordered + ksort($attachments); foreach ($attachments as $attachment) { @@ -1223,8 +1311,6 @@ function parse_attachments($forum_id, &$message, &$attachments, &$update_count, $attachments = $compiled_attachments; unset($compiled_attachments); - $tpl_size = sizeof($attachments); - $unset_tpl = array(); preg_match_all('#<!\-\- ia([0-9]+) \-\->(.*?)<!\-\- ia\1 \-\->#', $message, $matches, PREG_PATTERN_ORDER); @@ -1232,8 +1318,7 @@ function parse_attachments($forum_id, &$message, &$attachments, &$update_count, $replace = array(); foreach ($matches[0] as $num => $capture) { - // Flip index if we are displaying the reverse way - $index = ($config['display_order']) ? ($tpl_size-($matches[1][$num] + 1)) : $matches[1][$num]; + $index = $matches[1][$num]; $replace['from'][] = $matches[0][$num]; $replace['to'][] = (isset($attachments[$index])) ? $attachments[$index] : sprintf($user->lang['MISSING_INLINE_ATTACHMENT'], $matches[2][array_search($index, $matches[1])]); @@ -1248,6 +1333,18 @@ function parse_attachments($forum_id, &$message, &$attachments, &$update_count, $unset_tpl = array_unique($unset_tpl); + // Sort correctly + if ($config['display_order']) + { + // Ascending sort + krsort($attachments); + } + else + { + // Descending sort + ksort($attachments); + } + // Needed to let not display the inlined attachments at the end of the post again foreach ($unset_tpl as $index) { diff --git a/phpBB/includes/functions_convert.php b/phpBB/includes/functions_convert.php index b380273f0c..da4820134d 100644 --- a/phpBB/includes/functions_convert.php +++ b/phpBB/includes/functions_convert.php @@ -479,7 +479,7 @@ function import_avatar_gallery($gallery_name = '', $subdirs_as_galleries = false $dir->close(); } - for ($i = 0; $i < sizeof($dirlist); ++$i) + for ($i = 0, $end = sizeof($dirlist); $i < $end; ++$i) { $dir = $dirlist[$i]; @@ -1427,7 +1427,7 @@ function get_path($src_path, $src_url, $test_file) $path_array = array(); $phpbb_parts = explode('/', $script_path); - for ($i = 0; $i < sizeof($url_parts); ++$i) + for ($i = 0, $end = sizeof($url_parts); $i < $end; ++$i) { if ($i < sizeof($phpbb_parts[$i]) && $url_parts[$i] == $phpbb_parts[$i]) { @@ -1437,7 +1437,7 @@ function get_path($src_path, $src_url, $test_file) else { $path = ''; - for ($j = $i; $j < sizeof($phpbb_parts); ++$j) + for ($j = $i, $end2 = sizeof($phpbb_parts); $j < $end2; ++$j) { $path .= '../'; } @@ -2269,7 +2269,7 @@ function convert_bbcode($message, $convert_size = true, $extended_bbcodes = fals "\n\n" ); - for ($i = 0; $i < sizeof($str_from); ++$i) + for ($i = 0, $end = sizeof($str_from); $i < $end; ++$i) { $origx[] = '#\\' . str_replace(']', '\\]', $str_from[$i]) . '#is'; $replx[] = $str_to[$i]; @@ -2278,7 +2278,7 @@ function convert_bbcode($message, $convert_size = true, $extended_bbcodes = fals if (preg_match_all('#\[email=([^\]]+)\](.*?)\[/email\]#i', $message, $m)) { - for ($i = 0; $i < sizeof($m[1]); ++$i) + for ($i = 0, $end = sizeof($m[1]); $i < $end; ++$i) { if ($m[1][$i] == $m[2][$i]) { @@ -2339,7 +2339,7 @@ function copy_file($src, $trg, $overwrite = false, $die_on_failure = true, $sour $parts = explode('/', $trg); unset($parts[sizeof($parts) - 1]); - for ($i = 0; $i < sizeof($parts); ++$i) + for ($i = 0, $end = sizeof($parts); $i < $end; ++$i) { $path .= $parts[$i] . '/'; @@ -2436,7 +2436,7 @@ function copy_dir($src, $trg, $copy_subdirs = true, $overwrite = false, $die_on_ if ($copy_subdirs) { - for ($i = 0; $i < sizeof($dirlist); ++$i) + for ($i = 0, $end = sizeof($dirlist); $i < $end; ++$i) { $dir = $dirlist[$i]; @@ -2471,7 +2471,7 @@ function copy_dir($src, $trg, $copy_subdirs = true, $overwrite = false, $die_on_ $convert->p_master->error(sprintf($str, implode('<br />', $bad_dirs)), __LINE__, __FILE__); } - for ($i = 0; $i < sizeof($filelist); ++$i) + for ($i = 0, $end = sizeof($filelist); $i < $end; ++$i) { copy_file($src . $filelist[$i], $trg . $filelist[$i], $overwrite, $die_on_failure, $source_relative_path); } diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php index 8aee80ba34..4881dde6f5 100644 --- a/phpBB/includes/functions_display.php +++ b/phpBB/includes/functions_display.php @@ -1496,7 +1496,7 @@ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id, * @param array $user_data the current stored users data * @param int $user_posts the users number of posts * -* @return array An associative array containing the rank title (title), the rank image source (img) and the rank image as full img tag (img) +* @return array An associative array containing the rank title (title), the rank image as full img tag (img) and the rank image source (img_src) * * Note: since we do not want to break backwards-compatibility, this function will only properly assign ranks to guests if you call it for them with user_posts == false */ diff --git a/phpBB/includes/functions_download.php b/phpBB/includes/functions_download.php index 254e65ae3d..c571de579e 100644 --- a/phpBB/includes/functions_download.php +++ b/phpBB/includes/functions_download.php @@ -108,6 +108,7 @@ function wrap_img_in_html($src, $title) echo '<html>'; echo '<head>'; echo '<meta charset="utf-8">'; + echo '<meta http-equiv="X-UA-Compatible" content="IE=edge">'; echo '<title>' . $title . '</title>'; echo '</head>'; echo '<body>'; @@ -165,7 +166,7 @@ function send_file_to_browser($attachment, $upload_dir, $category) } // Make sure the database record for the filesize is correct - if ($size > 0 && $size != $attachment['filesize']) + if ($size > 0 && $size != $attachment['filesize'] && strpos($attachment['physical_filename'], 'thumb_') === false) { // Update database record $sql = 'UPDATE ' . ATTACHMENTS_TABLE . ' @@ -283,7 +284,7 @@ function header_filename($file) // There be dragons here. // Not many follows the RFC... - if (strpos($user_agent, 'MSIE') !== false || strpos($user_agent, 'Safari') !== false || strpos($user_agent, 'Konqueror') !== false) + if (strpos($user_agent, 'MSIE') !== false || strpos($user_agent, 'Konqueror') !== false) { return "filename=" . rawurlencode($file); } @@ -412,7 +413,7 @@ function set_modified_headers($stamp, $browser) global $request; // let's see if we have to send the file at all - $last_load = $request->header('Modified-Since') ? strtotime(trim($request->header('Modified-Since'))) : false; + $last_load = $request->header('If-Modified-Since') ? strtotime(trim($request->header('If-Modified-Since'))) : false; if (strpos(strtolower($browser), 'msie 6.0') === false && !phpbb_is_greater_ie_version($browser, 7)) { diff --git a/phpBB/includes/functions_mcp.php b/phpBB/includes/functions_mcp.php index ed96dcf338..1e08864bdc 100644 --- a/phpBB/includes/functions_mcp.php +++ b/phpBB/includes/functions_mcp.php @@ -388,7 +388,7 @@ function phpbb_mcp_sorting($mode, &$sort_days, &$sort_key, &$sort_dir, &$sort_by if (!$auth->acl_get('m_approve', $forum_id)) { - $sql .= 'AND topic_visibility = ' . ITEM_APPROVED; + $sql .= ' AND topic_visibility = ' . ITEM_APPROVED; } break; @@ -404,7 +404,7 @@ function phpbb_mcp_sorting($mode, &$sort_days, &$sort_key, &$sort_dir, &$sort_by if (!$auth->acl_get('m_approve', $forum_id)) { - $sql .= 'AND post_visibility = ' . ITEM_APPROVED; + $sql .= ' AND post_visibility = ' . ITEM_APPROVED; } break; diff --git a/phpBB/includes/functions_messenger.php b/phpBB/includes/functions_messenger.php index fbac3e6f1d..9b3ca14101 100644 --- a/phpBB/includes/functions_messenger.php +++ b/phpBB/includes/functions_messenger.php @@ -210,10 +210,12 @@ class messenger /** * Set email template to use */ - function template($template_file, $template_lang = '', $template_path = '') + function template($template_file, $template_lang = '', $template_path = '', $template_dir_prefix = '') { global $config, $phpbb_root_path, $phpEx, $user, $phpbb_extension_manager; + $template_dir_prefix = (!$template_dir_prefix || $template_dir_prefix[0] === '/') ? $template_dir_prefix : '/' . $template_dir_prefix; + $this->setup_template(); if (!trim($template_file)) @@ -229,10 +231,17 @@ class messenger $template_lang = basename($config['default_lang']); } + $ext_template_paths = array( + array( + 'name' => $template_lang . '_email', + 'ext_path' => 'language/' . $template_lang . '/email' . $template_dir_prefix, + ), + ); + if ($template_path) { $template_paths = array( - $template_path, + $template_path . $template_dir_prefix, ); } else @@ -241,26 +250,41 @@ class messenger $template_path .= $template_lang . '/email'; $template_paths = array( - $template_path, + $template_path . $template_dir_prefix, ); + $board_language = basename($config['default_lang']); + // we can only specify default language fallback when the path is not a custom one for which we // do not know the default language alternative - if ($template_lang !== basename($config['default_lang'])) + if ($template_lang !== $board_language) + { + $fallback_template_path = (!empty($user->lang_path)) ? $user->lang_path : $phpbb_root_path . 'language/'; + $fallback_template_path .= $board_language . '/email'; + + $template_paths[] = $fallback_template_path . $template_dir_prefix; + + $ext_template_paths[] = array( + 'name' => $board_language . '_email', + 'ext_path' => 'language/' . $board_language . '/email' . $template_dir_prefix, + ); + } + // If everything fails just fall back to en template + if ($template_lang !== 'en' && $board_language !== 'en') { $fallback_template_path = (!empty($user->lang_path)) ? $user->lang_path : $phpbb_root_path . 'language/'; - $fallback_template_path .= basename($config['default_lang']) . '/email'; + $fallback_template_path .= 'en/email'; - $template_paths[] = $fallback_template_path; + $template_paths[] = $fallback_template_path . $template_dir_prefix; + + $ext_template_paths[] = array( + 'name' => 'en_email', + 'ext_path' => 'language/en/email' . $template_dir_prefix, + ); } } - $this->set_template_paths(array( - array( - 'name' => $template_lang . '_email', - 'ext_path' => 'language/' . $template_lang . '/email' - ), - ), $template_paths); + $this->set_template_paths($ext_template_paths, $template_paths); $this->template->set_filenames(array( 'body' => $template_file . '.txt', @@ -859,6 +883,11 @@ class queue fwrite($fp, "<?php\nif (!defined('IN_PHPBB')) exit;\n\$this->queue_data = unserialize(" . var_export(serialize($this->queue_data), true) . ");\n\n?>"); fclose($fp); + if (function_exists('opcache_invalidate')) + { + @opcache_invalidate($this->cache_file); + } + phpbb_chmod($this->cache_file, CHMOD_READ | CHMOD_WRITE); } } @@ -901,7 +930,14 @@ class queue fwrite($fp, "<?php\nif (!defined('IN_PHPBB')) exit;\n\$this->queue_data = unserialize(" . var_export(serialize($this->data), true) . ");\n\n?>"); fclose($fp); + if (function_exists('opcache_invalidate')) + { + @opcache_invalidate($this->cache_file); + } + phpbb_chmod($this->cache_file, CHMOD_READ | CHMOD_WRITE); + + $this->data = array(); } $lock->release(); diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index ca8baecff8..4a4d2de0fe 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -310,6 +310,7 @@ function posting_gen_topic_icons($mode, $icon_id) { $template->assign_block_vars('topic_icon', array( 'ICON_ID' => $id, + 'ICON_NAME' => $data['img'], 'ICON_IMG' => $root_path . $config['icons_path'] . '/' . $data['img'], 'ICON_WIDTH' => $data['width'], 'ICON_HEIGHT' => $data['height'], @@ -701,7 +702,7 @@ function create_thumbnail($source, $destination, $mimetype) $used_imagick = false; - // Only use imagemagick if defined and the passthru function not disabled + // Only use ImageMagick if defined and the passthru function not disabled if ($config['img_imagick'] && function_exists('passthru')) { if (substr($config['img_imagick'], -1) !== '/') @@ -1073,7 +1074,7 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id } $sql_ary = array( - 'SELECT' => 'u.username, u.user_id, u.user_colour, p.*, z.friend, z.foe', + 'SELECT' => 'u.username, u.user_id, u.user_colour, p.*, z.friend, z.foe, uu.username as post_delete_username, uu.user_colour as post_delete_user_colour', 'FROM' => array( USERS_TABLE => 'u', @@ -1085,6 +1086,10 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id 'FROM' => array(ZEBRA_TABLE => 'z'), 'ON' => 'z.user_id = ' . $user->data['user_id'] . ' AND z.zebra_id = p.poster_id', ), + array( + 'FROM' => array(USERS_TABLE => 'uu'), + 'ON' => 'uu.user_id = p.post_delete_user', + ), ), 'WHERE' => $db->sql_in_set('p.post_id', $post_list) . ' @@ -1128,6 +1133,32 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id $db->sql_freeresult($result); } + /** + * Event to modify the posts list for topic reviews + * + * @event core.topic_review_modify_post_list + * @var array attachments Array with the post attachments data + * @var int cur_post_id Post offset ID + * @var int forum_id The topic's forum ID + * @var string mode The topic review mode + * @var array post_list Array with the post IDs + * @var array rowset Array with the posts data + * @var bool show_quote_button Flag indicating if the quote button should be displayed + * @var int topic_id The topic ID that is being reviewed + * @since 3.1.9-RC1 + */ + $vars = array( + 'attachments', + 'cur_post_id', + 'forum_id', + 'mode', + 'post_list', + 'rowset', + 'show_quote_button', + 'topic_id', + ); + extract($phpbb_dispatcher->trigger_event('core.topic_review_modify_post_list', compact($vars))); + for ($i = 0, $end = sizeof($post_list); $i < $end; ++$i) { // A non-existing rowset only happens if there was no user present for the entered poster_id @@ -1167,6 +1198,31 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id $post_anchor = ($mode == 'post_review') ? 'ppr' . $row['post_id'] : 'pr' . $row['post_id']; $u_show_post = append_sid($phpbb_root_path . 'viewtopic.' . $phpEx, "f=$forum_id&t=$topic_id&p={$row['post_id']}&view=show#p{$row['post_id']}"); + $l_deleted_message = ''; + if ($row['post_visibility'] == ITEM_DELETED) + { + $display_postername = get_username_string('full', $poster_id, $row['username'], $row['user_colour'], $row['post_username']); + + // User having deleted the post also being the post author? + if (!$row['post_delete_user'] || $row['post_delete_user'] == $poster_id) + { + $display_username = $display_postername; + } + else + { + $display_username = get_username_string('full', $row['post_delete_user'], $row['post_delete_username'], $row['post_delete_user_colour']); + } + + if ($row['post_delete_reason']) + { + $l_deleted_message = $user->lang('POST_DELETED_BY_REASON', $display_postername, $display_username, $user->format_date($row['post_delete_time'], false, true), $row['post_delete_reason']); + } + else + { + $l_deleted_message = $user->lang('POST_DELETED_BY', $display_postername, $display_username, $user->format_date($row['post_delete_time'], false, true)); + } + } + $post_row = array( 'POST_AUTHOR_FULL' => get_username_string('full', $poster_id, $row['username'], $row['user_colour'], $row['post_username']), 'POST_AUTHOR_COLOUR' => get_username_string('colour', $poster_id, $row['username'], $row['user_colour'], $row['post_username']), @@ -1177,6 +1233,8 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id 'S_FRIEND' => ($row['friend']) ? true : false, 'S_IGNORE_POST' => ($row['foe']) ? true : false, 'L_IGNORE_POST' => ($row['foe']) ? sprintf($user->lang['POST_BY_FOE'], get_username_string('full', $poster_id, $row['username'], $row['user_colour'], $row['post_username']), "<a href=\"{$u_show_post}\" onclick=\"phpbb.toggleDisplay('{$post_anchor}', 1); return false;\">", '</a>') : '', + 'S_POST_DELETED' => ($row['post_visibility'] == ITEM_DELETED) ? true : false, + 'L_DELETE_POST' => $l_deleted_message, 'POST_SUBJECT' => $post_subject, 'MINI_POST_IMG' => $user->img('icon_post_target', $user->lang['POST']), @@ -1609,6 +1667,10 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u break; } } + else if (isset($data['post_visibility']) && $data['post_visibility'] !== false) + { + $post_visibility = $data['post_visibility']; + } // MODs/Extensions are able to force any visibility on posts if (isset($data['force_approved_state'])) @@ -2402,7 +2464,9 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u $params = $add_anchor = ''; - if ($post_visibility == ITEM_APPROVED) + if ($post_visibility == ITEM_APPROVED || + ($auth->acl_get('m_softdelete', $data['forum_id']) && $post_visibility == ITEM_DELETED) || + ($auth->acl_get('m_approve', $data['forum_id']) && in_array($post_visibility, array(ITEM_UNAPPROVED, ITEM_REAPPROVE)))) { $params .= '&t=' . $data['topic_id']; diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php index 8e1561b842..1639eb1a4c 100644 --- a/phpBB/includes/functions_privmsgs.php +++ b/phpBB/includes/functions_privmsgs.php @@ -1594,7 +1594,7 @@ function get_folder_status($folder_id, $folder) 'percent' => ($user->data['message_limit']) ? (($user->data['message_limit'] > 0) ? floor(($folder['num_messages'] / $user->data['message_limit']) * 100) : 100) : 0, ); - $return['message'] = $user->lang('FOLDER_STATUS_MSG', $user->lang('MESSAGES_COUNT', (int) $return['max']), $return['cur'], $return['percent']); + $return['message'] = $user->lang('FOLDER_STATUS_MSG', $user->lang('MESSAGES_COUNT', (int) $return['max']), (int) $return['cur'], $return['percent']); return $return; } diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index 89bc31fa25..1aac0e803c 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -776,9 +776,18 @@ class fileupload $url = parse_url($upload_url); + $default_port = 80; + $hostname = $url['host']; + + if ($url['scheme'] == 'https') + { + $default_port = 443; + $hostname = 'tls://' . $url['host']; + } + $host = $url['host']; $path = $url['path']; - $port = (!empty($url['port'])) ? (int) $url['port'] : 80; + $port = (!empty($url['port'])) ? (int) $url['port'] : $default_port; $upload_ary['type'] = 'application/octet-stream'; @@ -818,7 +827,7 @@ class fileupload $errno = 0; $errstr = ''; - if (!($fsock = @fsockopen($host, $port, $errno, $errstr))) + if (!($fsock = @fsockopen($hostname, $port, $errno, $errstr))) { $file = new fileerror($user->lang[$this->error_prefix . 'NOT_UPLOADED']); return $file; @@ -919,7 +928,7 @@ class fileupload return $file; } - $tmp_path = (!@ini_get('safe_mode') || strtolower(@ini_get('safe_mode')) == 'off') ? false : $phpbb_root_path . 'cache'; + $tmp_path = (!@ini_get('safe_mode') || strtolower(@ini_get('safe_mode')) == 'off') ? sys_get_temp_dir() : $phpbb_root_path . 'cache'; $filename = tempnam($tmp_path, unique_id() . '-'); if (!($fp = @fopen($filename, 'wb'))) diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index c46653db9e..b82abe0c5e 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -119,19 +119,29 @@ function user_update_name($old_name, $new_name) global $config, $db, $cache, $phpbb_dispatcher; $update_ary = array( - FORUMS_TABLE => array('forum_last_poster_name'), - MODERATOR_CACHE_TABLE => array('username'), - POSTS_TABLE => array('post_username'), - TOPICS_TABLE => array('topic_first_poster_name', 'topic_last_poster_name'), + FORUMS_TABLE => array( + 'forum_last_poster_id' => 'forum_last_poster_name', + ), + MODERATOR_CACHE_TABLE => array( + 'user_id' => 'username', + ), + POSTS_TABLE => array( + 'poster_id' => 'post_username', + ), + TOPICS_TABLE => array( + 'topic_poster' => 'topic_first_poster_name', + 'topic_last_poster_id' => 'topic_last_poster_name', + ), ); foreach ($update_ary as $table => $field_ary) { - foreach ($field_ary as $field) + foreach ($field_ary as $id_field => $name_field) { $sql = "UPDATE $table - SET $field = '" . $db->sql_escape($new_name) . "' - WHERE $field = '" . $db->sql_escape($old_name) . "'"; + SET $name_field = '" . $db->sql_escape($new_name) . "' + WHERE $name_field = '" . $db->sql_escape($old_name) . "' + AND $id_field <> " . ANONYMOUS; $db->sql_query($sql); } } @@ -2698,7 +2708,7 @@ function group_delete($group_id, $group_name = false) */ function group_user_add($group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $default = false, $leader = 0, $pending = 0, $group_attributes = false) { - global $db, $auth, $phpbb_container; + global $db, $auth, $phpbb_container, $phpbb_dispatcher; // We need both username and user_id info $result = user_get_id_name($user_id_ary, $username_ary); @@ -2775,6 +2785,26 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false, // Clear permissions cache of relevant users $auth->acl_clear_prefetch($user_id_ary); + /** + * Event after users are added to a group + * + * @event core.group_add_user_after + * @var int group_id ID of the group to which users are added + * @var string group_name Name of the group + * @var array user_id_ary IDs of the users which are added + * @var array username_ary names of the users which are added + * @var int pending Pending setting, 1 if user(s) added are pending + * @since 3.1.7-RC1 + */ + $vars = array( + 'group_id', + 'group_name', + 'user_id_ary', + 'username_ary', + 'pending', + ); + extract($phpbb_dispatcher->trigger_event('core.group_add_user_after', compact($vars))); + if (!$group_name) { $group_name = get_group_name($group_id); @@ -2811,7 +2841,7 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false, * * @return false if no errors occurred, else the user lang string for the relevant error, for example 'NO_USER' */ -function group_user_del($group_id, $user_id_ary = false, $username_ary = false, $group_name = false) +function group_user_del($group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $log_action = true) { global $db, $auth, $config, $phpbb_dispatcher, $phpbb_container; @@ -2933,16 +2963,32 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false, // Clear permissions cache of relevant users $auth->acl_clear_prefetch($user_id_ary); - if (!$group_name) + /** + * Event after users are removed from a group + * + * @event core.group_delete_user_after + * @var int group_id ID of the group from which users are deleted + * @var string group_name Name of the group + * @var array user_id_ary IDs of the users which are removed + * @var array username_ary names of the users which are removed + * @since 3.1.7-RC1 + */ + $vars = array('group_id', 'group_name', 'user_id_ary', 'username_ary'); + extract($phpbb_dispatcher->trigger_event('core.group_delete_user_after', compact($vars))); + + if ($log_action) { - $group_name = get_group_name($group_id); - } + if (!$group_name) + { + $group_name = get_group_name($group_id); + } - $log = 'LOG_GROUP_REMOVE'; + $log = 'LOG_GROUP_REMOVE'; - if ($group_name) - { - add_log('admin', $log, $group_name, implode(', ', $username_ary)); + if ($group_name) + { + add_log('admin', $log, $group_name, implode(', ', $username_ary)); + } } group_update_listings($group_id); @@ -3040,7 +3086,7 @@ function remove_default_rank($group_id, $user_ids) */ function group_user_attributes($action, $group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $group_attributes = false) { - global $db, $auth, $phpbb_root_path, $phpEx, $config, $phpbb_container; + global $db, $auth, $phpbb_root_path, $phpEx, $config, $phpbb_container, $phpbb_dispatcher; // We need both username and user_id info $result = user_get_id_name($user_id_ary, $username_ary); @@ -3171,6 +3217,28 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna break; } + /** + * Event to perform additional actions on setting user group attributes + * + * @event core.user_set_group_attributes + * @var int group_id ID of the group + * @var string group_name Name of the group + * @var array user_id_ary IDs of the users to set group attributes + * @var array username_ary Names of the users to set group attributes + * @var array group_attributes Group attributes which were changed + * @var string action Action to perform over the group members + * @since 3.1.10-RC1 + */ + $vars = array( + 'group_id', + 'group_name', + 'user_id_ary', + 'username_ary', + 'group_attributes', + 'action', + ); + extract($phpbb_dispatcher->trigger_event('core.user_set_group_attributes', compact($vars))); + // Clear permissions cache of relevant users $auth->acl_clear_prefetch($user_id_ary); @@ -3586,8 +3654,8 @@ function remove_newly_registered($user_id, $user_data = false) } // We need to call group_user_del here, because this function makes sure everything is correctly changed. - // A downside for a call within the session handler is that the language is not set up yet - so no log entry - group_user_del($group_id, $user_id); + // Force function to not log the removal of users from newly registered users group + group_user_del($group_id, $user_id, false, false, false); // Set user_new to 0 to let this not be triggered again $sql = 'UPDATE ' . USERS_TABLE . ' diff --git a/phpBB/includes/mcp/info/mcp_pm_reports.php b/phpBB/includes/mcp/info/mcp_pm_reports.php index 8670b71084..c80f3b86a3 100644 --- a/phpBB/includes/mcp/info/mcp_pm_reports.php +++ b/phpBB/includes/mcp/info/mcp_pm_reports.php @@ -20,9 +20,9 @@ class mcp_pm_reports_info 'title' => 'MCP_PM_REPORTS', 'version' => '1.0.0', 'modes' => array( - 'pm_reports' => array('title' => 'MCP_PM_REPORTS_OPEN', 'auth' => 'aclf_m_report', 'cat' => array('MCP_REPORTS')), - 'pm_reports_closed' => array('title' => 'MCP_PM_REPORTS_CLOSED', 'auth' => 'aclf_m_report', 'cat' => array('MCP_REPORTS')), - 'pm_report_details' => array('title' => 'MCP_PM_REPORT_DETAILS', 'auth' => 'aclf_m_report', 'cat' => array('MCP_REPORTS')), + 'pm_reports' => array('title' => 'MCP_PM_REPORTS_OPEN', 'auth' => 'acl_m_pm_report', 'cat' => array('MCP_REPORTS')), + 'pm_reports_closed' => array('title' => 'MCP_PM_REPORTS_CLOSED', 'auth' => 'acl_m_pm_report', 'cat' => array('MCP_REPORTS')), + 'pm_report_details' => array('title' => 'MCP_PM_REPORT_DETAILS', 'auth' => 'acl_m_pm_report', 'cat' => array('MCP_REPORTS')), ), ); } diff --git a/phpBB/includes/mcp/mcp_forum.php b/phpBB/includes/mcp/mcp_forum.php index 157134b09e..e4c0640ec7 100644 --- a/phpBB/includes/mcp/mcp_forum.php +++ b/phpBB/includes/mcp/mcp_forum.php @@ -35,15 +35,6 @@ function mcp_forum_view($id, $mode, $action, $forum_info) // merge_topic is the quickmod action, merge_topics is the mcp_forum action, and merge_select is the mcp_topic action $merge_select = ($action == 'merge_select' || $action == 'merge_topic' || $action == 'merge_topics') ? true : false; - if ($merge_select) - { - // Fixes a "bug" that makes forum_view use the same ordering as topic_view - $request->overwrite('sk', null); - $request->overwrite('sd', null); - $request->overwrite('sk', null, \phpbb\request\request_interface::POST); - $request->overwrite('sd', null, \phpbb\request\request_interface::POST); - } - $forum_id = $forum_info['forum_id']; $start = request_var('start', 0); $topic_id_list = request_var('topic_id_list', array(0)); @@ -282,7 +273,7 @@ function mcp_forum_view($id, $mode, $action, $forum_info) 'TOPIC_ICON_IMG_WIDTH' => (!empty($icons[$row['icon_id']])) ? $icons[$row['icon_id']]['width'] : '', 'TOPIC_ICON_IMG_HEIGHT' => (!empty($icons[$row['icon_id']])) ? $icons[$row['icon_id']]['height'] : '', 'UNAPPROVED_IMG' => ($topic_unapproved || $posts_unapproved) ? $user->img('icon_topic_unapproved', ($topic_unapproved) ? 'TOPIC_UNAPPROVED' : 'POSTS_UNAPPROVED') : '', - 'DELETED_IMG' => ($topic_deleted) ? $user->img('icon_topic_deleted', 'POSTS_DELETED') : '', + 'DELETED_IMG' => ($topic_deleted) ? $user->img('icon_topic_deleted', 'TOPIC_DELETED') : '', 'TOPIC_AUTHOR' => get_username_string('username', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']), 'TOPIC_AUTHOR_COLOUR' => get_username_string('colour', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']), @@ -405,7 +396,7 @@ function mcp_resync_topics($topic_ids) */ function merge_topics($forum_id, $topic_ids, $to_topic_id) { - global $db, $template, $user, $phpEx, $phpbb_root_path, $auth; + global $db, $template, $user, $phpEx, $phpbb_root_path, $auth, $phpbb_dispatcher; if (!sizeof($topic_ids)) { @@ -420,21 +411,23 @@ function merge_topics($forum_id, $topic_ids, $to_topic_id) $sync_topics = array_merge($topic_ids, array($to_topic_id)); - $topic_data = phpbb_get_topic_data($sync_topics, 'm_merge'); + $all_topic_data = phpbb_get_topic_data($sync_topics, 'm_merge'); - if (!sizeof($topic_data) || empty($topic_data[$to_topic_id])) + if (!sizeof($all_topic_data) || empty($all_topic_data[$to_topic_id])) { $template->assign_var('MESSAGE', $user->lang['NO_FINAL_TOPIC_SELECTED']); return; } $sync_forums = array(); - foreach ($topic_data as $data) + $topic_views = 0; + foreach ($all_topic_data as $data) { $sync_forums[$data['forum_id']] = $data['forum_id']; + $topic_views = max($topic_views, $data['topic_views']); } - $topic_data = $topic_data[$to_topic_id]; + $to_topic_data = $all_topic_data[$to_topic_id]; $post_id_list = request_var('post_id_list', array(0)); $start = request_var('start', 0); @@ -482,10 +475,16 @@ function merge_topics($forum_id, $topic_ids, $to_topic_id) if (confirm_box(true)) { - $to_forum_id = $topic_data['forum_id']; + $to_forum_id = $to_topic_data['forum_id']; move_posts($post_id_list, $to_topic_id, false); - add_log('mod', $to_forum_id, $to_topic_id, 'LOG_MERGE', $topic_data['topic_title']); + add_log('mod', $to_forum_id, $to_topic_id, 'LOG_MERGE', $to_topic_data['topic_title']); + + // Update topic views count + $sql = 'UPDATE ' . TOPICS_TABLE . ' + SET topic_views = ' . $topic_views . ' + WHERE topic_id = ' . $to_topic_id; + $db->sql_query($sql); // Message and return links $success_msg = 'POSTS_MERGED_SUCCESS'; @@ -512,6 +511,20 @@ function merge_topics($forum_id, $topic_ids, $to_topic_id) $redirect = request_var('redirect', "{$phpbb_root_path}viewtopic.$phpEx?f=$to_forum_id&t=$to_topic_id"); $redirect = reapply_sid($redirect); + /** + * Perform additional actions after merging topics. + * + * @event core.mcp_forum_merge_topics_after + * @var array all_topic_data The data from all topics involved in the merge + * @var int to_topic_id The ID of the topic into which the rest are merged + * @since 3.1.11-RC1 + */ + $vars = array( + 'all_topic_data', + 'to_topic_id', + ); + extract($phpbb_dispatcher->trigger_event('core.mcp_forum_merge_topics_after', compact($vars))); + meta_refresh(3, $redirect); trigger_error($user->lang[$success_msg] . '<br /><br />' . $return_link); } diff --git a/phpBB/includes/mcp/mcp_front.php b/phpBB/includes/mcp/mcp_front.php index 629b6fd275..5d8aa18c16 100644 --- a/phpBB/includes/mcp/mcp_front.php +++ b/phpBB/includes/mcp/mcp_front.php @@ -54,8 +54,8 @@ function mcp_front_view($id, $mode, $action) * Allow altering the query to get the number of unapproved posts * * @event core.mcp_front_queue_unapproved_total_before - * @var int sql_ary Query to get the total number of unapproved posts - * @var array forum_list List of forums to look for unapproved posts + * @var array sql_ary Query array to get the total number of unapproved posts + * @var array forum_list List of forums to look for unapproved posts * @since 3.1.5-RC1 */ $vars = array('sql_ary', 'forum_list'); @@ -179,7 +179,7 @@ function mcp_front_view($id, $mode, $action) * Alter sql query to count the number of reported posts * * @event core.mcp_front_reports_count_query_before - * @var int sql The query string used to get the number of reports that exist + * @var string sql The query string used to get the number of reports that exist * @var array forum_list List of forums that contain the posts * @since 3.1.5-RC1 */ @@ -226,8 +226,8 @@ function mcp_front_view($id, $mode, $action) * Alter sql query to get latest reported posts * * @event core.mcp_front_reports_listing_query_before - * @var int sql_ary Associative array with the query to be executed - * @var array forum_list List of forums that contain the posts + * @var array sql_ary Associative array with the query to be executed + * @var array forum_list List of forums that contain the posts * @since 3.1.0-RC3 */ $vars = array('sql_ary', 'forum_list'); @@ -274,7 +274,7 @@ function mcp_front_view($id, $mode, $action) } // Latest 5 reported PMs - if ($module->loaded('pm_reports') && $auth->acl_getf_global('m_report')) + if ($module->loaded('pm_reports') && $auth->acl_get('m_pm_report')) { $template->assign_var('S_SHOW_PM_REPORTS', true); $user->add_lang(array('ucp')); diff --git a/phpBB/includes/mcp/mcp_main.php b/phpBB/includes/mcp/mcp_main.php index fc28968101..b2441aed1b 100644 --- a/phpBB/includes/mcp/mcp_main.php +++ b/phpBB/includes/mcp/mcp_main.php @@ -262,7 +262,7 @@ class mcp_main */ function lock_unlock($action, $ids) { - global $auth, $user, $db, $phpEx, $phpbb_root_path, $request; + global $auth, $user, $db, $phpEx, $phpbb_root_path, $request, $phpbb_dispatcher; if ($action == 'lock' || $action == 'unlock') { @@ -322,6 +322,22 @@ function lock_unlock($action, $ids) add_log('mod', $row['forum_id'], $row['topic_id'], 'LOG_' . strtoupper($action), $row['topic_title']); } + /** + * Perform additional actions after locking/unlocking posts/topics + * + * @event core.mcp_lock_unlock_after + * @var string action Variable containing the action we perform on the posts/topics ('lock', 'unlock', 'lock_post' or 'unlock_post') + * @var array ids Array containing the post/topic IDs that have been locked/unlocked + * @var array data Array containing posts/topics data + * @since 3.1.7-RC1 + */ + $vars = array( + 'action', + 'ids', + 'data', + ); + extract($phpbb_dispatcher->trigger_event('core.mcp_lock_unlock_after', compact($vars))); + $success_msg = $l_prefix . ((sizeof($ids) == 1) ? '' : 'S') . '_' . (($action == 'lock' || $action == 'lock_post') ? 'LOCKED' : 'UNLOCKED') . '_SUCCESS'; meta_refresh(2, $redirect); @@ -861,11 +877,12 @@ function mcp_delete_topic($topic_ids, $is_soft = false, $soft_delete_reason = '' } $template->assign_vars(array( - 'S_SHADOW_TOPICS' => $only_shadow, - 'S_SOFTDELETED' => $only_softdeleted, - 'S_TOPIC_MODE' => true, - 'S_ALLOWED_DELETE' => $auth->acl_get('m_delete', $forum_id), - 'S_ALLOWED_SOFTDELETE' => $auth->acl_get('m_softdelete', $forum_id), + 'S_SHADOW_TOPICS' => $only_shadow, + 'S_SOFTDELETED' => $only_softdeleted, + 'S_TOPIC_MODE' => true, + 'S_ALLOWED_DELETE' => $auth->acl_get('m_delete', $forum_id), + 'S_ALLOWED_SOFTDELETE' => $auth->acl_get('m_softdelete', $forum_id), + 'DELETE_TOPIC_PERMANENTLY_EXPLAIN' => $user->lang('DELETE_TOPIC_PERMANENTLY', sizeof($topic_ids)), )); $l_confirm = (sizeof($topic_ids) == 1) ? 'DELETE_TOPIC' : 'DELETE_TOPICS'; @@ -1100,9 +1117,10 @@ function mcp_delete_post($post_ids, $is_soft = false, $soft_delete_reason = '', } $template->assign_vars(array( - 'S_SOFTDELETED' => $only_softdeleted, - 'S_ALLOWED_DELETE' => $auth->acl_get('m_delete', $forum_id), - 'S_ALLOWED_SOFTDELETE' => $auth->acl_get('m_softdelete', $forum_id), + 'S_SOFTDELETED' => $only_softdeleted, + 'S_ALLOWED_DELETE' => $auth->acl_get('m_delete', $forum_id), + 'S_ALLOWED_SOFTDELETE' => $auth->acl_get('m_softdelete', $forum_id), + 'DELETE_POST_PERMANENTLY_EXPLAIN' => $user->lang('DELETE_POST_PERMANENTLY', sizeof($post_ids)), )); $l_confirm = (sizeof($post_ids) == 1) ? 'DELETE_POST' : 'DELETE_POSTS'; diff --git a/phpBB/includes/mcp/mcp_post.php b/phpBB/includes/mcp/mcp_post.php index 7a93f73228..2dcfcd608b 100644 --- a/phpBB/includes/mcp/mcp_post.php +++ b/phpBB/includes/mcp/mcp_post.php @@ -549,16 +549,6 @@ function change_poster(&$post_info, $userdata) $from_username = $post_info['username']; $to_username = $userdata['username']; - // Renew post info - $post_info = phpbb_get_post_data(array($post_id), false, true); - - if (!sizeof($post_info)) - { - trigger_error('POST_NOT_EXIST'); - } - - $post_info = $post_info[$post_id]; - /** * This event allows you to perform additional tasks after changing a post's poster * @@ -566,10 +556,21 @@ function change_poster(&$post_info, $userdata) * @var array userdata Information on a post's new poster * @var array post_info Information on the affected post * @since 3.1.6-RC1 + * @changed 3.1.7-RC1 Change location to prevent post_info from being set to the new post information */ $vars = array('userdata', 'post_info'); extract($phpbb_dispatcher->trigger_event('core.mcp_change_poster_after', compact($vars))); + // Renew post info + $post_info = phpbb_get_post_data(array($post_id), false, true); + + if (!sizeof($post_info)) + { + trigger_error('POST_NOT_EXIST'); + } + + $post_info = $post_info[$post_id]; + // Now add log entry add_log('mod', $post_info['forum_id'], $post_info['topic_id'], 'LOG_MCP_CHANGE_POSTER', $post_info['topic_title'], $from_username, $to_username); } diff --git a/phpBB/includes/mcp/mcp_queue.php b/phpBB/includes/mcp/mcp_queue.php index 5fde63ecb4..3567e545f0 100644 --- a/phpBB/includes/mcp/mcp_queue.php +++ b/phpBB/includes/mcp/mcp_queue.php @@ -72,6 +72,7 @@ class mcp_queue case 'delete': $post_id_list = $request->variable('post_id_list', array(0)); $topic_id_list = $request->variable('topic_id_list', array(0)); + $delete_reason = $request->variable('delete_reason', '', true); if (!empty($post_id_list)) { @@ -80,7 +81,7 @@ class mcp_queue global $phpbb_root_path, $phpEx; include($phpbb_root_path . 'includes/mcp/mcp_main.' . $phpEx); } - mcp_delete_post($post_id_list, false, '', $action); + mcp_delete_post($post_id_list, false, $delete_reason, $action); } else if (!empty($topic_id_list)) { @@ -89,7 +90,7 @@ class mcp_queue global $phpbb_root_path, $phpEx; include($phpbb_root_path . 'includes/mcp/mcp_main.' . $phpEx); } - mcp_delete_topic($topic_id_list, false, '', $action); + mcp_delete_topic($topic_id_list, false, $delete_reason, $action); } else { @@ -283,6 +284,7 @@ class mcp_queue $template->assign_vars(array( 'S_MCP_QUEUE' => true, 'U_APPROVE_ACTION' => append_sid("{$phpbb_root_path}mcp.$phpEx", "i=queue&p=$post_id&f=$forum_id"), + 'S_CAN_DELETE_POST' => $auth->acl_get('m_delete', $post_info['forum_id']), 'S_CAN_VIEWIP' => $auth->acl_get('m_info', $post_info['forum_id']), 'S_POST_REPORTED' => $post_info['post_reported'], 'S_POST_UNAPPROVED' => $post_info['post_visibility'] == ITEM_UNAPPROVED || $post_info['post_visibility'] == ITEM_REAPPROVE, @@ -1130,6 +1132,11 @@ class mcp_queue // Build a list of posts to be disapproved and get the related topics real replies count foreach ($post_info as $post_id => $post_data) { + if ($mode === 'unapproved_topics' && $post_data['post_visibility'] == ITEM_APPROVED) + { + continue; + } + $post_disapprove_list[$post_id] = $post_data['topic_id']; if (!isset($topic_posts_unapproved[$post_data['topic_id']])) { @@ -1139,6 +1146,12 @@ class mcp_queue $topic_posts_unapproved[$post_data['topic_id']]++; } + // Do not try to disapprove if no posts are selected + if (empty($post_disapprove_list)) + { + trigger_error('NO_POST_SELECTED'); + } + // Now we build the log array foreach ($post_disapprove_list as $post_id => $topic_id) { @@ -1240,7 +1253,7 @@ class mcp_queue continue; } - $post_data['disapprove_reason'] = ''; + $post_data['disapprove_reason'] = $disapprove_reason; if (isset($disapprove_reason_lang)) { // Okay we need to get the reason from the posters language diff --git a/phpBB/includes/mcp/mcp_reports.php b/phpBB/includes/mcp/mcp_reports.php index fa2fed842f..6bb606a990 100644 --- a/phpBB/includes/mcp/mcp_reports.php +++ b/phpBB/includes/mcp/mcp_reports.php @@ -95,7 +95,7 @@ class mcp_reports * * @event core.mcp_reports_report_details_query_before * @var array sql_ary The array in the format of the query builder with the query - * @var mixed forum_id The forum_id, the number in the f GET parameter + * @var int forum_id The forum_id, the number in the f GET parameter * @var int post_id The post_id of the report being viewed (if 0, it is meaningless) * @var int report_id The report_id of the report being viewed * @since 3.1.5-RC1 @@ -118,10 +118,10 @@ class mcp_reports * * @event core.mcp_reports_report_details_query_after * @var array sql_ary The array in the format of the query builder with the query that had been executted - * @var mixed forum_id The forum_id, the number in the f GET parameter + * @var int forum_id The forum_id, the number in the f GET parameter * @var int post_id The post_id of the report being viewed (if 0, it is meaningless) * @var int report_id The report_id of the report being viewed - * @var int report The query's resulting row. + * @var array report The query's resulting row. * @since 3.1.5-RC1 */ $vars = array( diff --git a/phpBB/includes/mcp/mcp_topic.php b/phpBB/includes/mcp/mcp_topic.php index 8347830d0f..2217f8fdeb 100644 --- a/phpBB/includes/mcp/mcp_topic.php +++ b/phpBB/includes/mcp/mcp_topic.php @@ -194,6 +194,30 @@ function mcp_topic_view($id, $mode, $action) } } + /** + * Event to modify the post data for the MCP topic review before assigning the posts + * + * @event core.mcp_topic_modify_post_data + * @var array attachments List of attachments post_id => array of attachments + * @var int forum_id The forum ID we are currently in + * @var int id ID of the tab we are displaying + * @var string mode Mode of the MCP page we are displaying + * @var array post_id_list Array with post ids we are going to display + * @var array rowset Array with the posts data + * @var int topic_id The topic ID we are currently reviewing + * @since 3.1.7-RC1 + */ + $vars = array( + 'attachments', + 'forum_id', + 'id', + 'mode', + 'post_id_list', + 'rowset', + 'topic_id', + ); + extract($phpbb_dispatcher->trigger_event('core.mcp_topic_modify_post_data', compact($vars))); + foreach ($rowset as $i => $row) { $message = $row['post_text']; diff --git a/phpBB/includes/mcp/mcp_warn.php b/phpBB/includes/mcp/mcp_warn.php index d724b8703b..33c898ffc2 100644 --- a/phpBB/includes/mcp/mcp_warn.php +++ b/phpBB/includes/mcp/mcp_warn.php @@ -530,12 +530,28 @@ function add_warning($user_row, $warning, $send_pm = true, $post_id = 0) include_once($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx); include_once($phpbb_root_path . 'includes/message_parser.' . $phpEx); - $user_row['user_lang'] = (file_exists($phpbb_root_path . 'language/' . $user_row['user_lang'] . "/mcp.$phpEx")) ? $user_row['user_lang'] : $config['default_lang']; - include($phpbb_root_path . 'language/' . basename($user_row['user_lang']) . "/mcp.$phpEx"); + // Attempt to translate warning to language of user being warned if user's language differs from issuer's language + if ($user_row['user_lang'] != $user->lang_name) + { + $lang = array(); + + $user_row['user_lang'] = (file_exists($phpbb_root_path . 'language/' . basename($user_row['user_lang']) . "/mcp." . $phpEx)) ? $user_row['user_lang'] : $config['default_lang']; + include($phpbb_root_path . 'language/' . basename($user_row['user_lang']) . "/mcp." . $phpEx); + + $warn_pm_subject = $lang['WARNING_PM_SUBJECT']; + $warn_pm_body = sprintf($lang['WARNING_PM_BODY'], $warning); + + unset($lang); + } + else + { + $warn_pm_subject = $user->lang('WARNING_PM_SUBJECT'); + $warn_pm_body = $user->lang('WARNING_PM_BODY', $warning); + } $message_parser = new parse_message(); - $message_parser->message = $user->lang('WARNING_PM_BODY', $warning); + $message_parser->message = $warn_pm_body; $message_parser->parse(true, true, true, false, false, true, true); $pm_data = array( @@ -553,7 +569,7 @@ function add_warning($user_row, $warning, $send_pm = true, $post_id = 0) 'address_list' => array('u' => array($user_row['user_id'] => 'to')), ); - submit_pm('post', $user->lang('WARNING_PM_SUBJECT'), $pm_data, false); + submit_pm('post', $warn_pm_subject, $pm_data, false); } add_log('admin', 'LOG_USER_WARNING', $user_row['username']); diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index e63f6b822b..16b65fb83e 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -1822,7 +1822,7 @@ class parse_message extends bbcode_firstpass $this->message = $poll['poll_title']; $this->bbcode_bitfield = $bbcode_bitfield; - $poll['poll_options'] = explode("\n", trim($poll['poll_option_text'])); + $poll['poll_options'] = preg_split('/\s*?\n\s*/', trim($poll['poll_option_text'])); $poll['poll_options_size'] = sizeof($poll['poll_options']); if (!$poll['poll_title'] && $poll['poll_options_size']) diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php index b9606945b4..86a8226d5b 100644 --- a/phpBB/includes/ucp/ucp_groups.php +++ b/phpBB/includes/ucp/ucp_groups.php @@ -462,9 +462,11 @@ class ucp_groups $avatar_data = null; $avatar_error = array(); + /** @var \phpbb\avatar\manager $phpbb_avatar_manager */ + $phpbb_avatar_manager = $phpbb_container->get('avatar.manager'); + if ($config['allow_avatar']) { - $phpbb_avatar_manager = $phpbb_container->get('avatar.manager'); $avatar_drivers = $phpbb_avatar_manager->get_enabled_drivers(); // This is normalised data, without the group_ prefix @@ -649,6 +651,14 @@ class ucp_groups $avatars_enabled = false; $selected_driver = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', $avatar_data['avatar_type'])); + // Assign min and max values before generating avatar driver html + $template->assign_vars(array( + 'AVATAR_MIN_WIDTH' => $config['avatar_min_width'], + 'AVATAR_MAX_WIDTH' => $config['avatar_max_width'], + 'AVATAR_MIN_HEIGHT' => $config['avatar_min_height'], + 'AVATAR_MAX_HEIGHT' => $config['avatar_max_height'], + )); + foreach ($avatar_drivers as $current_driver) { $driver = $phpbb_avatar_manager->get_driver($current_driver); diff --git a/phpBB/includes/ucp/ucp_main.php b/phpBB/includes/ucp/ucp_main.php index a1624e78ec..8584a9a0fd 100644 --- a/phpBB/includes/ucp/ucp_main.php +++ b/phpBB/includes/ucp/ucp_main.php @@ -35,7 +35,7 @@ class ucp_main function main($id, $mode) { - global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx; + global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx, $phpbb_dispatcher; global $request; switch ($mode) @@ -215,6 +215,14 @@ class ucp_main $unwatch = (isset($_POST['unwatch'])) ? true : false; + /** + * Read and potentially modify the post data used to remove subscriptions to forums/topics + * + * @event core.ucp_main_subscribed_post_data + * @since 3.1.10-RC1 + */ + $phpbb_dispatcher->dispatch('core.ucp_main_subscribed_post_data'); + if ($unwatch) { if (check_form_key('ucp_front_subscribed')) @@ -300,6 +308,20 @@ class ucp_main $tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array(); } + /** + * Modify the query used to retrieve a list of subscribed forums + * + * @event core.ucp_main_subscribed_forums_modify_query + * @var array sql_array The subscribed forums query + * @var array forbidden_forums The list of forbidden forums + * @since 3.1.10-RC1 + */ + $vars = array( + 'sql_array', + 'forbidden_forums', + ); + extract($phpbb_dispatcher->trigger_event('core.ucp_main_subscribed_forums_modify_query', compact($vars))); + $sql = $db->sql_build_query('SELECT', $sql_array); $result = $db->sql_query($sql); @@ -341,7 +363,7 @@ class ucp_main $last_post_time = $last_post_url = ''; } - $template->assign_block_vars('forumrow', array( + $template_vars = array( 'FORUM_ID' => $forum_id, 'FORUM_IMG_STYLE' => $folder_image, 'FORUM_FOLDER_IMG' => $user->img($folder_image, $folder_alt), @@ -360,8 +382,36 @@ class ucp_main 'S_UNREAD_FORUM' => $unread_forum, 'U_LAST_POST' => $last_post_url, - 'U_VIEWFORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id'])) + 'U_VIEWFORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']) + ); + + /** + * Add template variables to a subscribed forum row. + * + * @event core.ucp_main_subscribed_forum_modify_template_vars + * @var array template_vars Array containing the template variables for the row + * @var array row Array containing the subscribed forum row data + * @var int forum_id Forum ID + * @var string folder_image Folder image + * @var string folder_alt Alt text for the folder image + * @var bool unread_forum Whether the forum has unread content or not + * @var string last_post_time The time of the most recent post, expressed as a formatted date string + * @var string last_post_url The URL of the most recent post in the forum + * @since 3.1.10-RC1 + */ + $vars = array( + 'template_vars', + 'row', + 'forum_id', + 'folder_image', + 'folder_alt', + 'unread_forum', + 'last_post_time', + 'last_post_url', ); + extract($phpbb_dispatcher->trigger_event('core.ucp_main_subscribed_forum_modify_template_vars', compact($vars))); + + $template->assign_block_vars('forumrow', $template_vars); } $db->sql_freeresult($result); } @@ -643,7 +693,7 @@ class ucp_main */ function assign_topiclist($mode = 'subscribed', $forbidden_forum_ary = array()) { - global $user, $db, $template, $config, $cache, $auth, $phpbb_root_path, $phpEx, $phpbb_container; + global $user, $db, $template, $config, $cache, $auth, $phpbb_root_path, $phpEx, $phpbb_container, $request, $phpbb_dispatcher; $table = ($mode == 'subscribed') ? TOPICS_WATCH_TABLE : BOOKMARKS_TABLE; $start = request_var('start', 0); @@ -664,6 +714,23 @@ class ucp_main AND i.user_id = ' . $user->data['user_id'] . ' AND ' . $db->sql_in_set('t.forum_id', $forbidden_forum_ary, true, true), ); + + /** + * Modify the query used to retrieve the count of subscribed/bookmarked topics + * + * @event core.ucp_main_topiclist_count_modify_query + * @var array sql_array The subscribed/bookmarked topics query + * @var array forbidden_forum_ary The list of forbidden forums + * @var string mode The type of topic list ('subscribed' or 'bookmarks') + * @since 3.1.10-RC1 + */ + $vars = array( + 'sql_array', + 'forbidden_forum_ary', + 'mode', + ); + extract($phpbb_dispatcher->trigger_event('core.ucp_main_topiclist_count_modify_query', compact($vars))); + $sql = $db->sql_build_query('SELECT', $sql_array); $result = $db->sql_query($sql); $topics_count = (int) $db->sql_fetchfield('topics_count'); @@ -732,6 +799,22 @@ class ucp_main $sql_array['SELECT'] .= ', tp.topic_posted'; } + /** + * Modify the query used to retrieve the list of subscribed/bookmarked topics + * + * @event core.ucp_main_topiclist_modify_query + * @var array sql_array The subscribed/bookmarked topics query + * @var array forbidden_forum_ary The list of forbidden forums + * @var string mode The type of topic list ('subscribed' or 'bookmarks') + * @since 3.1.10-RC1 + */ + $vars = array( + 'sql_array', + 'forbidden_forum_ary', + 'mode', + ); + extract($phpbb_dispatcher->trigger_event('core.ucp_main_topiclist_modify_query', compact($vars))); + $sql = $db->sql_build_query('SELECT', $sql_array); $result = $db->sql_query_limit($sql, $config['topics_per_page'], $start); @@ -796,7 +879,7 @@ class ucp_main $view_topic_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", $view_topic_url_params); // Send vars to template - $template->assign_block_vars('topicrow', array( + $template_vars = array( 'FORUM_ID' => $forum_id, 'TOPIC_ID' => $topic_id, 'FIRST_POST_TIME' => $user->format_date($row['topic_time']), @@ -838,7 +921,41 @@ class ucp_main 'U_LAST_POST' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", $view_topic_url_params . '&p=' . $row['topic_last_post_id']) . '#p' . $row['topic_last_post_id'], 'U_VIEW_TOPIC' => $view_topic_url, 'U_VIEW_FORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id), - )); + ); + + /** + * Add template variables to a subscribed/bookmarked topic row. + * + * @event core.ucp_main_topiclist_topic_modify_template_vars + * @var array template_vars Array containing the template variables for the row + * @var array row Array containing the subscribed/bookmarked topic row data + * @var int forum_id ID of the forum containing the topic + * @var int topic_id Topic ID + * @var int replies Number of replies in the topic + * @var string topic_type Topic type + * @var string folder_img Folder image + * @var string folder_alt Alt text for the folder image + * @var array icons Array containing topic icons + * @var bool unread_topic Whether the topic has unread content or not + * @var string view_topic_url The URL of the topic + * @since 3.1.10-RC1 + */ + $vars = array( + 'template_vars', + 'row', + 'forum_id', + 'topic_id', + 'replies', + 'topic_type', + 'folder_img', + 'folder_alt', + 'icons', + 'unread_topic', + 'view_topic_url', + ); + extract($phpbb_dispatcher->trigger_event('core.ucp_main_topiclist_topic_modify_template_vars', compact($vars))); + + $template->assign_block_vars('topicrow', $template_vars); $pagination->generate_template_pagination(append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id'] . "&t=$topic_id"), 'topicrow.pagination', 'start', $replies + 1, $config['posts_per_page'], 1, true, true); } diff --git a/phpBB/includes/ucp/ucp_pm.php b/phpBB/includes/ucp/ucp_pm.php index 425a56cf6c..f026cd3eb3 100644 --- a/phpBB/includes/ucp/ucp_pm.php +++ b/phpBB/includes/ucp/ucp_pm.php @@ -92,7 +92,7 @@ class ucp_pm $user_folders = get_folder($user->data['user_id']); - if (!$auth->acl_get('u_sendpm')) + if ($action != 'delete' && !$auth->acl_get('u_sendpm')) { // trigger_error('NO_AUTH_SEND_MESSAGE'); $template->assign_vars(array( diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index 8b7d42e9c9..d365e8b489 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -154,7 +154,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) 'S_SHOW_PM_BOX' => true, 'S_ALLOW_MASS_PM' => ($config['allow_mass_pm'] && $auth->acl_get('u_masspm')) ? true : false, 'S_GROUP_OPTIONS' => ($config['allow_mass_pm'] && $auth->acl_get('u_masspm_group')) ? $group_options : '', - 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=searchuser&form=postform&field=username_list&select_single=$select_single"), + 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=searchuser&form=postform&field=username_list&select_single=" . (int) $select_single), )); } @@ -751,6 +751,34 @@ function compose_pm($id, $mode, $action, $user_folders = array()) $enable_urls = (isset($_POST['disable_magic_url'])) ? 0 : 1; $enable_sig = (!$config['allow_sig'] ||!$config['allow_sig_pm']) ? false : ((isset($_POST['attach_sig'])) ? true : false); + /** + * Modify private message + * + * @event core.ucp_pm_compose_modify_parse_before + * @var bool enable_bbcode Whether or not bbcode is enabled + * @var bool enable_smilies Whether or not smilies are enabled + * @var bool enable_urls Whether or not urls are enabled + * @var bool enable_sig Whether or not signature is enabled + * @var string subject PM subject text + * @var object message_parser The message parser object + * @var bool submit Whether or not the form has been sumitted + * @var bool preview Whether or not the signature is being previewed + * @var array error Any error strings + * @since 3.1.10-RC1 + */ + $vars = array( + 'enable_bbcode', + 'enable_smilies', + 'enable_urls', + 'enable_sig', + 'subject', + 'message_parser', + 'submit', + 'preview', + 'error', + ); + extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_modify_parse_before', compact($vars))); + if ($submit) { $status_switch = (($enable_bbcode+1) << 8) + (($enable_smilies+1) << 4) + (($enable_urls+1) << 2) + (($enable_sig+1) << 1); diff --git a/phpBB/includes/ucp/ucp_prefs.php b/phpBB/includes/ucp/ucp_prefs.php index 3c274b53c7..e63e9b4c08 100644 --- a/phpBB/includes/ucp/ucp_prefs.php +++ b/phpBB/includes/ucp/ucp_prefs.php @@ -86,7 +86,7 @@ class ucp_prefs } $error = array_merge(validate_data($data, array( - 'dateformat' => array('string', false, 1, 30), + 'dateformat' => array('string', false, 1, 64), 'lang' => array('language_iso_name'), 'tz' => array('timezone'), )), $error); @@ -368,6 +368,49 @@ class ucp_prefs ${'s_sort_' . $sort_option . '_dir'} .= '</select>'; } + /** + * Run code before view form is displayed + * + * @event core.ucp_prefs_view_after + * @var bool submit Do we display the form only + * or did the user press submit + * @var array data Array with current ucp options data + * @var array sort_dir_text Array with sort dir language strings + * @var array limit_topic_days Topic ordering options + * @var array sort_by_topic_text Topic ordering language strings + * @var array sort_by_topic_sql Topic ordering sql + * @var array limit_post_days Post ordering options + * @var array sort_by_post_text Post ordering language strings + * @var array sort_by_post_sql Post ordering sql + * @var array _options Sort options + * @var string s_limit_topic_days Sort limit topic by days select box + * @var string s_sort_topic_key Sort topic key select box + * @var string s_sort_topic_dir Sort topic dir select box + * @var string s_limit_post_days Sort limit post by days select box + * @var string s_sort_post_key Sort post key select box + * @var string s_sort_post_dir Sort post dir select box + * @since 3.1.8-RC1 + */ + $vars = array( + 'submit', + 'data', + 'sort_dir_text', + 'limit_topic_days', + 'sort_by_topic_text', + 'sort_by_topic_sql', + 'limit_post_days', + 'sort_by_post_text', + 'sort_by_post_sql', + '_options', + 's_limit_topic_days', + 's_sort_topic_key', + 's_sort_topic_dir', + 's_limit_post_days', + 's_sort_post_key', + 's_sort_post_dir', + ); + extract($phpbb_dispatcher->trigger_event('core.ucp_prefs_view_after', compact($vars))); + $template->assign_vars(array( 'ERROR' => (sizeof($error)) ? implode('<br />', $error) : '', diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php index 8d8d42e742..0be1930f1a 100644 --- a/phpBB/includes/ucp/ucp_profile.php +++ b/phpBB/includes/ucp/ucp_profile.php @@ -183,37 +183,12 @@ class ucp_profile if ($config['require_activation'] == USER_ACTIVATION_ADMIN) { - // Grab an array of user_id's with a_user permissions ... these users can activate a user - $admin_ary = $auth->acl_get_list(false, 'a_user', false); - $admin_ary = (!empty($admin_ary[0]['a_user'])) ? $admin_ary[0]['a_user'] : array(); - - // Also include founders - $where_sql = ' WHERE user_type = ' . USER_FOUNDER; - - if (sizeof($admin_ary)) - { - $where_sql .= ' OR ' . $db->sql_in_set('user_id', $admin_ary); - } - - $sql = 'SELECT user_id, username, user_email, user_lang, user_jabber, user_notify_type - FROM ' . USERS_TABLE . ' ' . - $where_sql; - $result = $db->sql_query($sql); - - while ($row = $db->sql_fetchrow($result)) - { - $messenger->template('admin_activate', $row['user_lang']); - $messenger->set_addresses($row); - - $messenger->assign_vars(array( - 'USERNAME' => htmlspecialchars_decode($data['username']), - 'U_USER_DETAILS' => "$server_url/memberlist.$phpEx?mode=viewprofile&u={$user->data['user_id']}", - 'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user->data['user_id']}&k=$user_actkey") - ); - - $messenger->send($row['user_notify_type']); - } - $db->sql_freeresult($result); + $notifications_manager = $phpbb_container->get('notification_manager'); + $notifications_manager->add_notifications('notification.type.admin_activate_user', array( + 'user_id' => $user->data['user_id'], + 'user_actkey' => $user_actkey, + 'user_regdate' => time(), // Notification time + )); } user_active_flip('deactivate', $user->data['user_id'], INACTIVE_PROFILE); @@ -504,6 +479,32 @@ class ucp_profile { $message_parser = new parse_message($signature); + /** + * Modify user signature on editing profile in UCP + * + * @event core.ucp_profile_modify_signature + * @var bool enable_bbcode Whether or not bbcode is enabled + * @var bool enable_smilies Whether or not smilies are enabled + * @var bool enable_urls Whether or not urls are enabled + * @var string signature Users signature text + * @var object message_parser The message parser object + * @var array error Any error strings + * @var bool submit Whether or not the form has been sumitted + * @var bool preview Whether or not the signature is being previewed + * @since 3.1.10-RC1 + */ + $vars = array( + 'enable_bbcode', + 'enable_smilies', + 'enable_urls', + 'signature', + 'message_parser', + 'error', + 'submit', + 'preview', + ); + extract($phpbb_dispatcher->trigger_event('core.ucp_profile_modify_signature', compact($vars))); + // Allowing Quote BBCode $message_parser->parse($enable_bbcode, $enable_urls, $enable_smilies, $config['allow_sig_img'], $config['allow_sig_flash'], true, $config['allow_sig_links'], true, 'sig'); @@ -530,6 +531,16 @@ class ucp_profile 'user_sig_bbcode_bitfield' => $message_parser->bbcode_bitfield ); + /** + * Modify user registration data before submitting it to the database + * + * @event core.ucp_profile_modify_signature_sql_ary + * @var array sql_ary Array with user signature data to submit to the database + * @since 3.1.10-RC1 + */ + $vars = array('sql_ary'); + extract($phpbb_dispatcher->trigger_event('core.ucp_profile_modify_signature_sql_ary', compact($vars))); + $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' WHERE user_id = ' . $user->data['user_id']; @@ -663,6 +674,13 @@ class ucp_profile $selected_driver = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', $user->data['user_avatar_type'])); + $template->assign_vars(array( + 'AVATAR_MIN_WIDTH' => $config['avatar_min_width'], + 'AVATAR_MAX_WIDTH' => $config['avatar_max_width'], + 'AVATAR_MIN_HEIGHT' => $config['avatar_min_height'], + 'AVATAR_MAX_HEIGHT' => $config['avatar_max_height'], + )); + foreach ($avatar_drivers as $current_driver) { $driver = $phpbb_avatar_manager->get_driver($current_driver); |