diff options
Diffstat (limited to 'phpBB/includes')
27 files changed, 417 insertions, 99 deletions
diff --git a/phpBB/includes/acp/acp_attachments.php b/phpBB/includes/acp/acp_attachments.php index 2873b48fa4..67fba1094d 100644 --- a/phpBB/includes/acp/acp_attachments.php +++ b/phpBB/includes/acp/acp_attachments.php @@ -153,7 +153,7 @@ class acp_attachments 'img_create_thumbnail' => array('lang' => 'CREATE_THUMBNAIL', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'img_max_thumb_width' => array('lang' => 'MAX_THUMB_WIDTH', 'validate' => 'int:0:999999999999999', 'type' => 'number:0:999999999999999', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']), 'img_min_thumb_filesize' => array('lang' => 'MIN_THUMB_FILESIZE', 'validate' => 'int:0:999999999999999', 'type' => 'number:0:999999999999999', 'explain' => true, 'append' => ' ' . $user->lang['BYTES']), - 'img_imagick' => array('lang' => 'IMAGICK_PATH', 'validate' => 'path', 'type' => 'text:20:200', 'explain' => true, 'append' => ' <span>[ <a href="' . $this->u_action . '&action=imgmagick">' . $user->lang['SEARCH_IMAGICK'] . '</a> ]</span>'), + 'img_imagick' => array('lang' => 'IMAGICK_PATH', 'validate' => 'absolute_path', 'type' => 'text:20:200', 'explain' => true, 'append' => ' <span>[ <a href="' . $this->u_action . '&action=imgmagick">' . $user->lang['SEARCH_IMAGICK'] . '</a> ]</span>'), 'img_max' => array('lang' => 'MAX_IMAGE_SIZE', 'validate' => 'int:0:9999', 'type' => 'dimension:0:9999', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']), 'img_link' => array('lang' => 'IMAGE_LINK_SIZE', 'validate' => 'int:0:9999', 'type' => 'dimension:0:9999', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']), ) diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index 63e2647f02..a41a53226f 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -514,7 +514,8 @@ class acp_board if ($config_name == 'guest_style') { - if (isset($cfg_array[$config_name])) { + if (isset($cfg_array[$config_name])) + { $this->guest_style_set($cfg_array[$config_name]); } continue; diff --git a/phpBB/includes/acp/acp_database.php b/phpBB/includes/acp/acp_database.php index 0c52f82459..c5aebf011d 100644 --- a/phpBB/includes/acp/acp_database.php +++ b/phpBB/includes/acp/acp_database.php @@ -1173,6 +1173,7 @@ class postgres_extractor extends base_extractor $this->flush($sql_data . ";\n"); } } + $db->sql_freeresult($result); $sql_data = '-- Table: ' . $table_name . "\n"; $sql_data .= "DROP TABLE $table_name;\n"; diff --git a/phpBB/includes/acp/acp_extensions.php b/phpBB/includes/acp/acp_extensions.php index 89fdc8b863..0c9bc0deab 100644 --- a/phpBB/includes/acp/acp_extensions.php +++ b/phpBB/includes/acp/acp_extensions.php @@ -174,11 +174,6 @@ class acp_extensions trigger_error($user->lang['EXTENSION_NOT_ENABLEABLE'] . adm_back_link($this->u_action), E_USER_WARNING); } - if ($phpbb_extension_manager->is_enabled($ext_name)) - { - redirect($this->u_action); - } - try { while ($phpbb_extension_manager->enable_step($ext_name)) diff --git a/phpBB/includes/acp/acp_prune.php b/phpBB/includes/acp/acp_prune.php index 59f15c4890..6eb213fd7a 100644 --- a/phpBB/includes/acp/acp_prune.php +++ b/phpBB/includes/acp/acp_prune.php @@ -507,7 +507,7 @@ class acp_prune AND ug.user_id <> ' . ANONYMOUS . ' AND u.user_type <> ' . USER_FOUNDER . ' AND ug.user_pending = 0 ' . - ((!empty($user_ids)) ? 'AND ' . $db->sql_in_set('ug.user_id', $user_ids) : '') . ' + ((!empty($user_ids)) ? ' AND ' . $db->sql_in_set('ug.user_id', $user_ids) : '') . ' AND u.user_id = ug.user_id'; $result = $db->sql_query($sql); @@ -533,7 +533,7 @@ class acp_prune FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . ' u WHERE u.user_id <> ' . ANONYMOUS . ' AND u.user_type <> ' . USER_FOUNDER . - ((!empty($user_ids)) ? 'AND ' . $db->sql_in_set('p.poster_id', $user_ids) : '') . ' + ((!empty($user_ids)) ? ' AND ' . $db->sql_in_set('p.poster_id', $user_ids) : '') . ' AND ' . $db->sql_in_set('p.post_visibility', array(ITEM_UNAPPROVED, ITEM_REAPPROVE)) . ' AND u.user_id = p.poster_id GROUP BY p.poster_id diff --git a/phpBB/includes/acp/acp_search.php b/phpBB/includes/acp/acp_search.php index eddc6871f8..9ff999567a 100644 --- a/phpBB/includes/acp/acp_search.php +++ b/phpBB/includes/acp/acp_search.php @@ -449,7 +449,6 @@ class acp_search $search = null; $error = false; - $search_options = ''; foreach ($search_types as $type) { if ($this->init_search($type, $search, $error) || !method_exists($search, 'index_created')) diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index 3c957a7093..8c17fb6311 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -1414,6 +1414,18 @@ class acp_users $error[] = 'FORM_INVALID'; } + /** + * Validate profile data in ACP before submitting to the database + * + * @event core.acp_users_profile_validate + * @var bool submit Flag indicating if submit button has been pressed + * @var array data Array with user profile data + * @var array error Array with the form errors + * @since 3.1.4-RC1 + */ + $vars = array('submit', 'data', 'error'); + extract($phpbb_dispatcher->trigger_event('core.acp_users_profile_validate', compact($vars))); + if (!sizeof($error)) { $sql_ary = array( @@ -1429,9 +1441,10 @@ class acp_users * @var array data Array with user profile data * @var int user_id The user id * @var array user_row Array with the full user data + * @var array sql_ary Array with sql data * @since 3.1.4-RC1 */ - $vars = array('cp_data', 'data', 'user_id', 'user_row'); + $vars = array('cp_data', 'data', 'user_id', 'user_row', 'sql_ary'); extract($phpbb_dispatcher->trigger_event('core.acp_users_profile_modify_sql_ary', compact($vars))); $sql = 'UPDATE ' . USERS_TABLE . ' diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index 321a87b4b0..c53d976615 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -28,7 +28,7 @@ if (!defined('IN_PHPBB')) */ // phpBB Version -define('PHPBB_VERSION', '3.1.4-dev'); +define('PHPBB_VERSION', '3.1.5-dev'); // QA-related // define('PHPBB_QA', 1); diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 940484a0ea..d460497669 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2309,7 +2309,7 @@ function redirect($url, $return = false, $disable_cd_check = false) // Attention: only able to redirect within the same domain if $disable_cd_check is false (yourdomain.com -> www.yourdomain.com will not work) if (!$disable_cd_check && $url_parts['host'] !== $user->host) { - $url = generate_board_url(); + trigger_error('INSECURE_REDIRECT', E_USER_ERROR); } } else if ($url[0] == '/') @@ -2347,7 +2347,7 @@ function redirect($url, $return = false, $disable_cd_check = false) // Clean URL and check if we go outside the forum directory $url = $phpbb_path_helper->clean_url($url); - if (!$disable_cd_check && strpos($url, generate_board_url(true)) === false) + if (!$disable_cd_check && strpos($url, generate_board_url(true) . '/') !== 0) { trigger_error('INSECURE_REDIRECT', E_USER_ERROR); } @@ -2389,7 +2389,7 @@ function redirect($url, $return = false, $disable_cd_check = false) } // Redirect via an HTML form for PITA webservers - if (@preg_match('#Microsoft|WebSTAR|Xitami#', getenv('SERVER_SOFTWARE'))) + if (@preg_match('#WebSTAR|Xitami#', getenv('SERVER_SOFTWARE'))) { header('Refresh: 0; URL=' . $url); @@ -2544,13 +2544,19 @@ function phpbb_request_http_version() { global $request; + $version = ''; if ($request && $request->server('SERVER_PROTOCOL')) { - return $request->server('SERVER_PROTOCOL'); + $version = $request->server('SERVER_PROTOCOL'); } else if (isset($_SERVER['SERVER_PROTOCOL'])) { - return $_SERVER['SERVER_PROTOCOL']; + $version = $_SERVER['SERVER_PROTOCOL']; + } + + if (!empty($version) && is_string($version) && preg_match('#^HTTP/[0-9]\.[0-9]$#', $version)) + { + return $version; } return 'HTTP/1.0'; @@ -2920,19 +2926,6 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa // Special cases... determine switch ($result['status']) { - case LOGIN_ERROR_ATTEMPTS: - - $captcha = $phpbb_container->get('captcha.factory')->get_instance($config['captcha_plugin']); - $captcha->init(CONFIRM_LOGIN); - // $captcha->reset(); - - $template->assign_vars(array( - 'CAPTCHA_TEMPLATE' => $captcha->get_template(), - )); - - $err = $user->lang[$result['error_msg']]; - break; - case LOGIN_ERROR_PASSWORD_CONVERT: $err = sprintf( $user->lang[$result['error_msg']], @@ -2943,6 +2936,17 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa ); break; + case LOGIN_ERROR_ATTEMPTS: + + $captcha = $phpbb_container->get('captcha.factory')->get_instance($config['captcha_plugin']); + $captcha->init(CONFIRM_LOGIN); + // $captcha->reset(); + + $template->assign_vars(array( + 'CAPTCHA_TEMPLATE' => $captcha->get_template(), + )); + // no break; + // Username, password, etc... default: $err = $user->lang[$result['error_msg']]; @@ -3347,7 +3351,7 @@ function get_preg_expression($mode) case 'email': // Regex written by James Watts and Francisco Jose Martin Moreno // http://fightingforalostcause.net/misc/2006/compare-email-regex.php - return '([\w\!\#$\%\&\'\*\+\-\/\=\?\^\`{\|\}\~]+\.)*(?:[\w\!\#$\%\'\*\+\-\/\=\?\^\`{\|\}\~]|&)+@((((([a-z0-9]{1}[a-z0-9\-]{0,62}[a-z0-9]{1})|[a-z])\.)+[a-z]{2,63})|(\d{1,3}\.){3}\d{1,3}(\:\d{1,5})?)'; + return '((?:[\w\!\#$\%\&\'\*\+\-\/\=\?\^\`{\|\}\~]+\.)*(?:[\w\!\#$\%\'\*\+\-\/\=\?\^\`{\|\}\~]|&)+)@((((([a-z0-9]{1}[a-z0-9\-]{0,62}[a-z0-9]{1})|[a-z])\.)+[a-z]{2,63})|(\d{1,3}\.){3}\d{1,3}(\:\d{1,5})?)'; break; case 'bbcode_htm': @@ -4247,9 +4251,10 @@ function obtain_users_online($item_id = 0, $item = 'forum') */ function obtain_users_online_string($online_users, $item_id = 0, $item = 'forum') { - global $config, $db, $user, $auth; + global $config, $db, $user, $auth, $phpbb_dispatcher; - $user_online_link = $online_userlist = ''; + $guests_online = $hidden_online = $l_online_users = $online_userlist = $visible_online = ''; + $user_online_link = $rowset = array(); // Need caps version of $item for language-strings $item_caps = strtoupper($item); @@ -4259,9 +4264,28 @@ function obtain_users_online_string($online_users, $item_id = 0, $item = 'forum' FROM ' . USERS_TABLE . ' WHERE ' . $db->sql_in_set('user_id', $online_users['online_users']) . ' ORDER BY username_clean ASC'; + + /** + * Modify SQL query to obtain online users data + * + * @event core.obtain_users_online_string_sql + * @var array online_users Array with online users data + * from obtain_users_online() + * @var int item_id Restrict online users to item id + * @var string item Restrict online users to a certain + * session item, e.g. forum for + * session_forum_id + * @var string sql SQL query to obtain users online data + * @since 3.1.4-RC1 + */ + $vars = array('online_users', 'item_id', 'item', 'sql'); + extract($phpbb_dispatcher->trigger_event('core.obtain_users_online_string_sql', compact($vars))); + $result = $db->sql_query($sql); + $rowset = $db->sql_fetchrowset($result); + $db->sql_freeresult($result); - while ($row = $db->sql_fetchrow($result)) + foreach ($rowset as $row) { // User is logged in and therefore not a guest if ($row['user_id'] != ANONYMOUS) @@ -4273,13 +4297,12 @@ function obtain_users_online_string($online_users, $item_id = 0, $item = 'forum' if (!isset($online_users['hidden_users'][$row['user_id']]) || $auth->acl_get('u_viewonline')) { - $user_online_link = get_username_string(($row['user_type'] <> USER_IGNORE) ? 'full' : 'no_profile', $row['user_id'], $row['username'], $row['user_colour']); - $online_userlist .= ($online_userlist != '') ? ', ' . $user_online_link : $user_online_link; + $user_online_link[$row['user_id']] = get_username_string(($row['user_type'] <> USER_IGNORE) ? 'full' : 'no_profile', $row['user_id'], $row['username'], $row['user_colour']); } } } - $db->sql_freeresult($result); } + $online_userlist = implode(', ', $user_online_link); if (!$online_userlist) { @@ -4312,6 +4335,33 @@ function obtain_users_online_string($online_users, $item_id = 0, $item = 'forum' $l_online_users = $user->lang('ONLINE_USERS_TOTAL', (int) $online_users['total_online'], $visible_online, $hidden_online); } + /** + * Modify online userlist data + * + * @event core.obtain_users_online_string_modify + * @var array online_users Array with online users data + * from obtain_users_online() + * @var int item_id Restrict online users to item id + * @var string item Restrict online users to a certain + * session item, e.g. forum for + * session_forum_id + * @var array rowset Array with online users data + * @var array user_online_link Array with online users items (usernames) + * @var string online_userlist String containing users online list + * @var string l_online_users String with total online users count info + * @since 3.1.4-RC1 + */ + $vars = array( + 'online_users', + 'item_id', + 'item', + 'rowset', + 'user_online_link', + 'online_userlist', + 'l_online_users', + ); + extract($phpbb_dispatcher->trigger_event('core.obtain_users_online_string_modify', compact($vars))); + return array( 'online_userlist' => $online_userlist, 'l_online_users' => $l_online_users, diff --git a/phpBB/includes/functions_acp.php b/phpBB/includes/functions_acp.php index e30c6da505..a53a54368e 100644 --- a/phpBB/includes/functions_acp.php +++ b/phpBB/includes/functions_acp.php @@ -550,6 +550,9 @@ function validate_config_vars($config_vars, &$cfg_array, &$error) $cfg_array[$config_name] = trim($destination); + // Absolute file path + case 'absolute_path': + case 'absolute_path_writable': // Path being relative (still prefixed by phpbb_root_path), but with the ability to escape the root dir... case 'path': case 'wpath': @@ -568,20 +571,22 @@ function validate_config_vars($config_vars, &$cfg_array, &$error) break; } - if (!file_exists($phpbb_root_path . $cfg_array[$config_name])) + $path = in_array($config_definition['validate'], array('wpath', 'path', 'rpath', 'rwpath')) ? $phpbb_root_path . $cfg_array[$config_name] : $cfg_array[$config_name]; + + if (!file_exists($path)) { $error[] = sprintf($user->lang['DIRECTORY_DOES_NOT_EXIST'], $cfg_array[$config_name]); } - if (file_exists($phpbb_root_path . $cfg_array[$config_name]) && !is_dir($phpbb_root_path . $cfg_array[$config_name])) + if (file_exists($path) && !is_dir($path)) { $error[] = sprintf($user->lang['DIRECTORY_NOT_DIR'], $cfg_array[$config_name]); } // Check if the path is writable - if ($config_definition['validate'] == 'wpath' || $config_definition['validate'] == 'rwpath') + if ($config_definition['validate'] == 'wpath' || $config_definition['validate'] == 'rwpath' || $config_definition['validate'] === 'absolute_path_writable') { - if (file_exists($phpbb_root_path . $cfg_array[$config_name]) && !phpbb_is_writable($phpbb_root_path . $cfg_array[$config_name])) + if (file_exists($path) && !phpbb_is_writable($path)) { $error[] = sprintf($user->lang['DIRECTORY_NOT_WRITABLE'], $cfg_array[$config_name]); } diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php index b016659541..79f9db2f3f 100644 --- a/phpBB/includes/functions_admin.php +++ b/phpBB/includes/functions_admin.php @@ -618,7 +618,7 @@ function move_posts($post_ids, $topic_id, $auto_sync = true) */ function delete_topics($where_type, $where_ids, $auto_sync = true, $post_count_sync = true, $call_delete_posts = true) { - global $db, $config, $phpbb_container; + global $db, $config, $phpbb_container, $phpbb_dispatcher; $approved_topics = 0; $forum_ids = $topic_ids = array(); @@ -672,6 +672,20 @@ function delete_topics($where_type, $where_ids, $auto_sync = true, $post_count_s $table_ary = array(BOOKMARKS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, POLL_VOTES_TABLE, POLL_OPTIONS_TABLE, TOPICS_WATCH_TABLE, TOPICS_TABLE); + /** + * Perform additional actions before topic(s) deletion + * + * @event core.delete_topics_before_query + * @var array table_ary Array of tables from which all rows will be deleted that hold a topic_id occuring in topic_ids + * @var array topic_ids Array of topic ids to delete + * @since 3.1.4-RC1 + */ + $vars = array( + 'table_ary', + 'topic_ids', + ); + extract($phpbb_dispatcher->trigger_event('core.delete_topics_before_query', compact($vars))); + foreach ($table_ary as $table) { $sql = "DELETE FROM $table @@ -680,6 +694,18 @@ function delete_topics($where_type, $where_ids, $auto_sync = true, $post_count_s } unset($table_ary); + /** + * Perform additional actions after topic(s) deletion + * + * @event core.delete_topics_after_query + * @var array topic_ids Array of topic ids that were deleted + * @since 3.1.4-RC1 + */ + $vars = array( + 'topic_ids', + ); + extract($phpbb_dispatcher->trigger_event('core.delete_topics_after_query', compact($vars))); + $moved_topic_ids = array(); // update the other forums diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php index 31cf43e599..5888a6160d 100644 --- a/phpBB/includes/functions_display.php +++ b/phpBB/includes/functions_display.php @@ -375,6 +375,28 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod get_moderators($forum_moderators, $forum_ids_moderator); } + /** + * Event to perform additional actions before the forum list is being generated + * + * @event core.display_forums_before + * @var array active_forum_ary Array with forum data to display active topics + * @var bool display_moderators Flag indicating if we display forum moderators + * @var array forum_moderators Array with forum moderators list + * @var array forum_rows Data array of all forums we display + * @var bool return_moderators Flag indicating if moderators list should be returned + * @var array root_data Array with the root forum data + * @since 3.1.4-RC1 + */ + $vars = array( + 'active_forum_ary', + 'display_moderators', + 'forum_moderators', + 'forum_rows', + 'return_moderators', + 'root_data', + ); + extract($phpbb_dispatcher->trigger_event('core.display_forums_before', compact($vars))); + // Used to tell whatever we have to create a dummy category or not. $last_catless = true; foreach ($forum_rows as $row) @@ -710,13 +732,15 @@ function generate_forum_rules(&$forum_data) function generate_forum_nav(&$forum_data) { global $db, $user, $template, $auth, $config; - global $phpEx, $phpbb_root_path; + global $phpEx, $phpbb_root_path, $phpbb_dispatcher; if (!$auth->acl_get('f_list', $forum_data['forum_id'])) { return; } + $navlinks = $navlinks_parents = $forum_template_data = array(); + // Get forum parents $forum_parents = get_forum_parents($forum_data); @@ -735,35 +759,59 @@ function generate_forum_nav(&$forum_data) continue; } - $template->assign_block_vars('navlinks', array( + $navlinks_parents[] = array( 'S_IS_CAT' => ($parent_type == FORUM_CAT) ? true : false, 'S_IS_LINK' => ($parent_type == FORUM_LINK) ? true : false, 'S_IS_POST' => ($parent_type == FORUM_POST) ? true : false, 'FORUM_NAME' => $parent_name, 'FORUM_ID' => $parent_forum_id, 'MICRODATA' => $microdata_attr . '="' . $parent_forum_id . '"', - 'U_VIEW_FORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $parent_forum_id)) + 'U_VIEW_FORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $parent_forum_id), ); } } - $template->assign_block_vars('navlinks', array( + $navlinks = array( 'S_IS_CAT' => ($forum_data['forum_type'] == FORUM_CAT) ? true : false, 'S_IS_LINK' => ($forum_data['forum_type'] == FORUM_LINK) ? true : false, 'S_IS_POST' => ($forum_data['forum_type'] == FORUM_POST) ? true : false, 'FORUM_NAME' => $forum_data['forum_name'], 'FORUM_ID' => $forum_data['forum_id'], 'MICRODATA' => $microdata_attr . '="' . $forum_data['forum_id'] . '"', - 'U_VIEW_FORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_data['forum_id'])) + 'U_VIEW_FORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_data['forum_id']), ); - $template->assign_vars(array( + $forum_template_data = array( 'FORUM_ID' => $forum_data['forum_id'], 'FORUM_NAME' => $forum_data['forum_name'], 'FORUM_DESC' => generate_text_for_display($forum_data['forum_desc'], $forum_data['forum_desc_uid'], $forum_data['forum_desc_bitfield'], $forum_data['forum_desc_options']), 'S_ENABLE_FEEDS_FORUM' => ($config['feed_forum'] && $forum_data['forum_type'] == FORUM_POST && !phpbb_optionget(FORUM_OPTION_FEED_EXCLUDE, $forum_data['forum_options'])) ? true : false, - )); + ); + + /** + * Event to modify the navlinks text + * + * @event core.generate_forum_nav + * @var array forum_data Array with the forum data + * @var array forum_template_data Array with generic forum template data + * @var string microdata_attr The microdata attribute + * @var array navlinks_parents Array with the forum parents navlinks data + * @var array navlinks Array with the forum navlinks data + * @since 3.1.5-RC1 + */ + $vars = array( + 'forum_data', + 'forum_template_data', + 'microdata_attr', + 'navlinks_parents', + 'navlinks', + ); + extract($phpbb_dispatcher->trigger_event('core.generate_forum_nav', compact($vars))); + + $template->assign_block_vars_array('navlinks', $navlinks_parents); + $template->assign_block_vars('navlinks', $navlinks); + $template->assign_vars($forum_template_data); return; } diff --git a/phpBB/includes/functions_mcp.php b/phpBB/includes/functions_mcp.php index 811d49f1de..ed96dcf338 100644 --- a/phpBB/includes/functions_mcp.php +++ b/phpBB/includes/functions_mcp.php @@ -368,7 +368,7 @@ function phpbb_get_pm_data($pm_ids) */ function phpbb_mcp_sorting($mode, &$sort_days, &$sort_key, &$sort_dir, &$sort_by_sql, &$sort_order_sql, &$total, $forum_id = 0, $topic_id = 0, $where_sql = 'WHERE') { - global $db, $user, $auth, $template; + global $db, $user, $auth, $template, $phpbb_dispatcher; $sort_days = request_var('st', 0); $min_time = ($sort_days) ? time() - ($sort_days * 86400) : 0; @@ -553,6 +553,56 @@ function phpbb_mcp_sorting($mode, &$sort_days, &$sort_key, &$sort_dir, &$sort_by break; } + // Default total to -1 to allow editing by the event + $total = -1; + + /** + * This event allows you to control the SQL query used to get the total number + * of reports the user can access. + * + * This total is used for the pagination and for displaying the total number + * of reports to the user + * + * + * @event core.mcp_sorting_query_before + * @var string sql The current SQL search string + * @var string mode An id related to the module(s) the user is viewing + * @var string type Which kind of information is this being used for displaying. Posts, topics, etc... + * @var int forum_id The forum id of the posts the user is trying to access, if not 0 + * @var int topic_id The topic id of the posts the user is trying to access, if not 0 + * @var int sort_days The max age of the oldest report to be shown, in days + * @var string sort_key The way the user has decided to sort the data. + * The valid values must be in the keys of the sort_by_* variables + * @var string sort_dir Either 'd' for "DESC" or 'a' for 'ASC' in the SQL query + * @var int limit_days The possible max ages of the oldest report for the user to choose, in days. + * @var array sort_by_sql SQL text (values) for the possible names of the ways of sorting data (keys). + * @var array sort_by_text Language text (values) for the possible names of the ways of sorting data (keys). + * @var int min_time Integer with the minimum post time that the user is searching for + * @var int limit_time_sql Time limiting options used in the SQL query. + * @var int total The total number of reports that exist. Only set if you want to override the result + * @var string where_sql Extra information included in the WHERE clause. It must end with "WHERE" or "AND" or "OR". + * Set to "WHERE" and set total above -1 to override the total value + * @since 3.1.4-RC1 + */ + $vars = array( + 'sql', + 'mode', + 'type', + 'forum_id', + 'topic_id', + 'sort_days', + 'sort_key', + 'sort_dir', + 'limit_days', + 'sort_by_sql', + 'sort_by_text', + 'min_time', + 'limit_time_sql', + 'total', + 'where_sql', + ); + extract($phpbb_dispatcher->trigger_event('core.mcp_sorting_query_before', compact($vars))); + if (!isset($sort_by_sql[$sort_key])) { $sort_key = $default_key; @@ -584,7 +634,7 @@ function phpbb_mcp_sorting($mode, &$sort_days, &$sort_key, &$sort_dir, &$sort_by $total = (int) $db->sql_fetchfield('total'); $db->sql_freeresult($result); } - else + else if ($total < -1) { $total = -1; } diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index f3c49badfe..a06d6f4c35 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -1036,7 +1036,7 @@ function load_drafts($topic_id = 0, $forum_id = 0, $id = 0, $pm_action = '', $ms */ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id = 0, $show_quote_button = true) { - global $user, $auth, $db, $template, $bbcode, $cache; + global $user, $auth, $db, $template, $cache; global $config, $phpbb_root_path, $phpEx, $phpbb_container, $phpbb_dispatcher; $phpbb_content_visibility = $phpbb_container->get('content.visibility'); @@ -1094,13 +1094,11 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id $sql = $db->sql_build_query('SELECT', $sql_ary); $result = $db->sql_query($sql); - $bbcode_bitfield = ''; $rowset = array(); $has_attachments = false; while ($row = $db->sql_fetchrow($result)) { $rowset[$row['post_id']] = $row; - $bbcode_bitfield = $bbcode_bitfield | base64_decode($row['bbcode_bitfield']); if ($row['post_attachment']) { @@ -1109,13 +1107,6 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id } $db->sql_freeresult($result); - // Instantiate BBCode class - if (!isset($bbcode) && $bbcode_bitfield !== '') - { - include_once($phpbb_root_path . 'includes/bbcode.' . $phpEx); - $bbcode = new bbcode(base64_encode($bbcode_bitfield)); - } - // Grab extensions $extensions = $attachments = array(); if ($has_attachments && $auth->acl_get('u_download') && $auth->acl_get('f_download', $forum_id)) diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php index e693305246..8e1561b842 100644 --- a/phpBB/includes/functions_privmsgs.php +++ b/phpBB/includes/functions_privmsgs.php @@ -1957,7 +1957,7 @@ function submit_pm($mode, $subject, &$data, $put_in_outbox = true) */ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode = false) { - global $db, $user, $config, $template, $phpbb_root_path, $phpEx, $auth, $bbcode; + global $db, $user, $config, $template, $phpbb_root_path, $phpEx, $auth; // Select all receipts and the author from the pm we currently view, to only display their pm-history $sql = 'SELECT author_id, user_id @@ -2009,7 +2009,6 @@ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode $title = $row['message_subject']; $rowset = array(); - $bbcode_bitfield = ''; $folder_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm') . '&folder='; do @@ -2025,7 +2024,6 @@ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode else { $rowset[$row['msg_id']] = $row; - $bbcode_bitfield = $bbcode_bitfield | base64_decode($row['bbcode_bitfield']); } } while ($row = $db->sql_fetchrow($result)); @@ -2036,16 +2034,6 @@ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode return false; } - // Instantiate BBCode class - if ((empty($bbcode) || $bbcode === false) && $bbcode_bitfield !== '') - { - if (!class_exists('bbcode')) - { - include($phpbb_root_path . 'includes/bbcode.' . $phpEx); - } - $bbcode = new bbcode(base64_encode($bbcode_bitfield)); - } - $title = censor_text($title); $url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm'); diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index f179b2fd70..89bc31fa25 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -213,6 +213,8 @@ class filespec */ static public function get_extension($filename) { + $filename = utf8_basename($filename); + if (strpos($filename, '.') === false) { return ''; diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index acf5649ed5..9cd662027e 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -398,7 +398,7 @@ function user_add($user_row, $cp_data = false, $notifications_data = null) */ function user_delete($mode, $user_ids, $retain_username = true) { - global $cache, $config, $db, $user, $phpbb_dispatcher; + global $cache, $config, $db, $user, $phpbb_dispatcher, $phpbb_container; global $phpbb_root_path, $phpEx; $db->sql_transaction('begin'); @@ -672,6 +672,9 @@ function user_delete($mode, $user_ids, $retain_username = true) } phpbb_delete_users_pms($user_ids); + $phpbb_notifications = $phpbb_container->get('notification_manager'); + $phpbb_notifications->delete_notifications('notification.type.admin_activate_user', $user_ids); + $db->sql_transaction('commit'); /** diff --git a/phpBB/includes/mcp/mcp_front.php b/phpBB/includes/mcp/mcp_front.php index 500db55456..629b6fd275 100644 --- a/phpBB/includes/mcp/mcp_front.php +++ b/phpBB/includes/mcp/mcp_front.php @@ -41,10 +41,27 @@ function mcp_front_view($id, $mode, $action) if (!empty($forum_list)) { - $sql = 'SELECT COUNT(post_id) AS total - FROM ' . POSTS_TABLE . ' - WHERE ' . $db->sql_in_set('forum_id', $forum_list) . ' - AND ' . $db->sql_in_set('post_visibility', array(ITEM_UNAPPROVED, ITEM_REAPPROVE)); + $sql_ary = array( + 'SELECT' => 'COUNT(post_id) AS total', + 'FROM' => array( + POSTS_TABLE => 'p', + ), + 'WHERE' => $db->sql_in_set('p.forum_id', $forum_list) . ' + AND ' . $db->sql_in_set('p.post_visibility', array(ITEM_UNAPPROVED, ITEM_REAPPROVE)) + ); + + /** + * Allow altering the query to get the number of unapproved posts + * + * @event core.mcp_front_queue_unapproved_total_before + * @var int sql_ary Query to get the total number of unapproved posts + * @var array forum_list List of forums to look for unapproved posts + * @since 3.1.5-RC1 + */ + $vars = array('sql_ary', 'forum_list'); + extract($phpbb_dispatcher->trigger_event('core.mcp_front_queue_unapproved_total_before', compact($vars))); + + $sql = $db->sql_build_query('SELECT', $sql_ary); $result = $db->sql_query($sql); $total = (int) $db->sql_fetchfield('total'); $db->sql_freeresult($result); @@ -157,6 +174,18 @@ function mcp_front_view($id, $mode, $action) AND r.pm_id = 0 AND r.report_closed = 0 AND ' . $db->sql_in_set('p.forum_id', $forum_list); + + /** + * Alter sql query to count the number of reported posts + * + * @event core.mcp_front_reports_count_query_before + * @var int sql The query string used to get the number of reports that exist + * @var array forum_list List of forums that contain the posts + * @since 3.1.5-RC1 + */ + $vars = array('sql', 'forum_list'); + extract($phpbb_dispatcher->trigger_event('core.mcp_front_reports_count_query_before', compact($vars))); + $result = $db->sql_query($sql); $total = (int) $db->sql_fetchfield('total'); $db->sql_freeresult($result); diff --git a/phpBB/includes/mcp/mcp_main.php b/phpBB/includes/mcp/mcp_main.php index 1241b8bd0e..10f1a5b8c1 100644 --- a/phpBB/includes/mcp/mcp_main.php +++ b/phpBB/includes/mcp/mcp_main.php @@ -226,6 +226,31 @@ class mcp_main break; default: + if ($quickmod) + { + switch ($action) + { + case 'lock': + case 'unlock': + case 'make_announce': + case 'make_sticky': + case 'make_global': + case 'make_normal': + case 'make_onindex': + case 'move': + case 'fork': + case 'delete_topic': + trigger_error('TOPIC_NOT_EXIST'); + break; + + case 'lock_post': + case 'unlock_post': + case 'delete_post': + trigger_error('POST_NOT_EXIST'); + break; + } + } + trigger_error('NO_MODE', E_USER_ERROR); break; } diff --git a/phpBB/includes/mcp/mcp_reports.php b/phpBB/includes/mcp/mcp_reports.php index 804d48ea97..ccb54092b4 100644 --- a/phpBB/includes/mcp/mcp_reports.php +++ b/phpBB/includes/mcp/mcp_reports.php @@ -489,6 +489,7 @@ function close_report($report_id_list, $mode, $action, $pm = false) { $post_id_list[] = $row[$id_column]; } + $db->sql_freeresult($result); $post_id_list = array_unique($post_id_list); if ($pm) diff --git a/phpBB/includes/mcp/mcp_topic.php b/phpBB/includes/mcp/mcp_topic.php index 3a456169d5..8347830d0f 100644 --- a/phpBB/includes/mcp/mcp_topic.php +++ b/phpBB/includes/mcp/mcp_topic.php @@ -147,21 +147,13 @@ function mcp_topic_view($id, $mode, $action) $result = $db->sql_query_limit($sql, $posts_per_page, $start); $rowset = $post_id_list = array(); - $bbcode_bitfield = ''; while ($row = $db->sql_fetchrow($result)) { $rowset[] = $row; $post_id_list[] = $row['post_id']; - $bbcode_bitfield = $bbcode_bitfield | base64_decode($row['bbcode_bitfield']); } $db->sql_freeresult($result); - if ($bbcode_bitfield !== '') - { - include_once($phpbb_root_path . 'includes/bbcode.' . $phpEx); - $bbcode = new bbcode(base64_encode($bbcode_bitfield)); - } - $topic_tracking_info = array(); // Get topic tracking info @@ -267,6 +259,8 @@ function mcp_topic_view($id, $mode, $action) * @var int current_row_number Number of the post on this page * @var array post_row Template block array of the current post * @var array row Array with original post and user data + * @var array topic_info Array with topic data + * @var int total Total posts count * @since 3.1.4-RC1 */ $vars = array( @@ -278,6 +272,8 @@ function mcp_topic_view($id, $mode, $action) 'current_row_number', 'post_row', 'row', + 'topic_info', + 'total', ); extract($phpbb_dispatcher->trigger_event('core.mcp_topic_review_modify_row', compact($vars))); diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index 04a2726d22..63e027cd66 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -21,6 +21,19 @@ if (!defined('IN_PHPBB')) if (!class_exists('bbcode')) { + // The following lines are for extensions which include message_parser.php + // while $phpbb_root_path and $phpEx are out of the script scope + // which may lead to the 'Undefined variable' and 'failed to open stream' errors + if (!isset($phpbb_root_path)) + { + global $phpbb_root_path; + } + + if (!isset($phpEx)) + { + global $phpEx; + } + include($phpbb_root_path . 'includes/bbcode.' . $phpEx); } diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index f3b59186a6..51018e3a5d 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -90,6 +90,32 @@ function compose_pm($id, $mode, $action, $user_folders = array()) // we include the language file here $user->add_lang('viewtopic'); + /** + * Modify the default vars before composing a PM + * + * @event core.ucp_pm_compose_modify_data + * @var int msg_id post_id in the page request + * @var int to_user_id The id of whom the message is to + * @var int to_group_id The id of the group the message is to + * @var bool submit Whether the form has been submitted + * @var bool preview Whether the user is previewing the PM or not + * @var string action One of: post, reply, quote, forward, quotepost, edit, delete, smilies + * @var bool delete Whether the user is deleting the PM + * @var int reply_to_all Value of reply_to_all request variable. + * @since 3.1.4-RC1 + */ + $vars = array( + 'msg_id', + 'to_user_id', + 'to_group_id', + 'submit', + 'preview', + 'action', + 'delete', + 'reply_to_all', + ); + extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_modify_data', compact($vars))); + // Output PM_TO box if message composing if ($action != 'edit') { diff --git a/phpBB/includes/ucp/ucp_pm_viewmessage.php b/phpBB/includes/ucp/ucp_pm_viewmessage.php index 888c2e6825..d81c4ce7fe 100644 --- a/phpBB/includes/ucp/ucp_pm_viewmessage.php +++ b/phpBB/includes/ucp/ucp_pm_viewmessage.php @@ -53,15 +53,6 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) // Grab icons $icons = $cache->obtain_icons(); - $bbcode = false; - - // Instantiate BBCode if need be - if ($message_row['bbcode_bitfield']) - { - include($phpbb_root_path . 'includes/bbcode.' . $phpEx); - $bbcode = new bbcode($message_row['bbcode_bitfield']); - } - // Load the custom profile fields if ($config['load_cpf_pm']) { diff --git a/phpBB/includes/ucp/ucp_prefs.php b/phpBB/includes/ucp/ucp_prefs.php index 1d3fb19f67..3c274b53c7 100644 --- a/phpBB/includes/ucp/ucp_prefs.php +++ b/phpBB/includes/ucp/ucp_prefs.php @@ -69,7 +69,7 @@ class ucp_prefs * @var array data Array with current ucp options data * @var array error Array with list of errors * @since 3.1.0-a1 - * @changed 3.1.4-rc1 Added error variable to the event + * @changed 3.1.4-RC1 Added error variable to the event */ $vars = array('submit', 'data', 'error'); extract($phpbb_dispatcher->trigger_event('core.ucp_prefs_personal_data', compact($vars))); diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php index c1cdcf88ca..8d8d42e742 100644 --- a/phpBB/includes/ucp/ucp_profile.php +++ b/phpBB/includes/ucp/ucp_profile.php @@ -114,6 +114,18 @@ class ucp_profile $error[] = 'FORM_INVALID'; } + /** + * Validate user data on editing registration data in UCP + * + * @event core.ucp_profile_reg_details_validate + * @var array data Array with user profile data + * @var bool submit Flag indicating if submit button has been pressed + * @var array error Array of any generated errors + * @since 3.1.4-RC1 + */ + $vars = array('data', 'submit', 'error'); + extract($phpbb_dispatcher->trigger_event('core.ucp_profile_reg_details_validate', compact($vars))); + if (!sizeof($error)) { $sql_ary = array( @@ -353,6 +365,18 @@ class ucp_profile $error[] = 'FORM_INVALID'; } + /** + * Validate user data on editing profile in UCP + * + * @event core.ucp_profile_validate_profile_info + * @var array data Array with user profile data + * @var bool submit Flag indicating if submit button has been pressed + * @var array error Array of any generated errors + * @since 3.1.4-RC1 + */ + $vars = array('data', 'submit', 'error'); + extract($phpbb_dispatcher->trigger_event('core.ucp_profile_validate_profile_info', compact($vars))); + if (!sizeof($error)) { $data['notify'] = $user->data['user_notify_type']; @@ -380,9 +404,10 @@ class ucp_profile * @event core.ucp_profile_info_modify_sql_ary * @var array cp_data Array with the user custom profile fields data * @var array data Array with user profile data + * @var array sql_ary user options data we update * @since 3.1.4-RC1 */ - $vars = array('cp_data', 'data'); + $vars = array('cp_data', 'data', 'sql_ary'); extract($phpbb_dispatcher->trigger_event('core.ucp_profile_info_modify_sql_ary', compact($vars))); $sql = 'UPDATE ' . USERS_TABLE . ' diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php index 14f6a8bc02..0ee45b0706 100644 --- a/phpBB/includes/ucp/ucp_register.php +++ b/phpBB/includes/ucp/ucp_register.php @@ -30,7 +30,7 @@ class ucp_register function main($id, $mode) { global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx; - global $request, $phpbb_container; + global $request, $phpbb_container, $phpbb_dispatcher; // if ($config['require_activation'] == USER_ACTIVATION_DISABLE || @@ -197,6 +197,19 @@ class ucp_register 'lang' => basename(request_var('lang', $user->lang_name)), 'tz' => request_var('tz', $timezone), ); + /** + * Add UCP register data before they are assigned to the template or submitted + * + * To assign data to the template, use $template->assign_vars() + * + * @event core.ucp_register_data_before + * @var bool submit Do we display the form only + * or did the user press submit + * @var array data Array with current ucp registration data + * @since 3.1.4-RC1 + */ + $vars = array('submit', 'data'); + extract($phpbb_dispatcher->trigger_event('core.ucp_register_data_before', compact($vars))); // Check and initialize some variables if needed if ($submit) @@ -257,6 +270,19 @@ class ucp_register $error[] = $user->lang['NEW_PASSWORD_ERROR']; } } + /** + * Check UCP registration data after they are submitted + * + * @event core.ucp_register_data_after + * @var bool submit Do we display the form only + * or did the user press submit + * @var array data Array with current ucp registration data + * @var array cp_data Array with custom profile fields data + * @var array error Array with list of errors + * @since 3.1.4-RC1 + */ + $vars = array('submit', 'data', 'cp_data', 'error'); + extract($phpbb_dispatcher->trigger_event('core.ucp_register_data_after', compact($vars))); if (!sizeof($error)) { @@ -319,6 +345,20 @@ class ucp_register { $user_row['user_new'] = 1; } + /** + * Add into $user_row before user_add + * + * user_add allows adding more data into the users table + * + * @event core.ucp_register_user_row_after + * @var bool submit Do we display the form only + * or did the user press submit + * @var array cp_data Array with custom profile fields data + * @var array user_row Array with current ucp registration data + * @since 3.1.4-RC1 + */ + $vars = array('submit', 'cp_data', 'user_row'); + extract($phpbb_dispatcher->trigger_event('core.ucp_register_user_row_after', compact($vars))); // Register user... $user_id = user_add($user_row, $cp_data); |