aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes')
-rw-r--r--phpBB/includes/acp/acp_groups.php12
-rw-r--r--phpBB/includes/db/migration/tool/module.php5
-rw-r--r--phpBB/includes/functions_posting.php57
-rw-r--r--phpBB/includes/search/fulltext_mysql.php11
-rw-r--r--phpBB/includes/ucp/ucp_groups.php17
5 files changed, 61 insertions, 41 deletions
diff --git a/phpBB/includes/acp/acp_groups.php b/phpBB/includes/acp/acp_groups.php
index c740ff7ddc..847ccfb3cc 100644
--- a/phpBB/includes/acp/acp_groups.php
+++ b/phpBB/includes/acp/acp_groups.php
@@ -87,6 +87,11 @@ class acp_groups
case 'approve':
case 'demote':
case 'promote':
+ if (!check_form_key($form_key))
+ {
+ trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+ }
+
if (!$group_id)
{
trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action), E_USER_WARNING);
@@ -259,6 +264,11 @@ class acp_groups
break;
case 'addusers':
+ if (!check_form_key($form_key))
+ {
+ trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+ }
+
if (!$group_id)
{
trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action), E_USER_WARNING);
@@ -920,10 +930,12 @@ class acp_groups
case 'set_config_teampage':
$config->set('teampage_forums', $request->variable('teampage_forums', 0));
$config->set('teampage_memberships', $request->variable('teampage_memberships', 0));
+ trigger_error($user->lang['CONFIG_UPDATED'] . adm_back_link($this->u_action));
break;
case 'set_config_legend':
$config->set('legend_sort_groupname', $request->variable('legend_sort_groupname', 0));
+ trigger_error($user->lang['CONFIG_UPDATED'] . adm_back_link($this->u_action));
break;
}
}
diff --git a/phpBB/includes/db/migration/tool/module.php b/phpBB/includes/db/migration/tool/module.php
index ec683d36af..ac4d2c9bd7 100644
--- a/phpBB/includes/db/migration/tool/module.php
+++ b/phpBB/includes/db/migration/tool/module.php
@@ -209,9 +209,6 @@ class phpbb_db_migration_tool_module implements phpbb_db_migration_tool_interfac
}
// The "manual" way
- $module_log_name = ((isset($this->user->lang[$data['module_langname']])) ? $this->user->lang[$data['module_langname']] : $data['module_langname']);
- add_log('admin', 'LOG_MODULE_ADD', $module_log_name);
-
if (!is_numeric($parent))
{
$sql = 'SELECT module_id
@@ -267,6 +264,8 @@ class phpbb_db_migration_tool_module implements phpbb_db_migration_tool_interfac
else
{
// Success
+ $module_log_name = ((isset($this->user->lang[$data['module_langname']])) ? $this->user->lang[$data['module_langname']] : $data['module_langname']);
+ add_log('admin', 'LOG_MODULE_ADD', $module_log_name);
// Move the module if requested above/below an existing one
if (isset($data['before']) && $data['before'])
diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php
index baef7bcda5..b9b518ad32 100644
--- a/phpBB/includes/functions_posting.php
+++ b/phpBB/includes/functions_posting.php
@@ -403,14 +403,7 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage
$upload->set_disallowed_content(explode('|', $config['mime_triggers']));
}
- if (!$local)
- {
- $filedata['post_attach'] = ($upload->is_valid($form_name)) ? true : false;
- }
- else
- {
- $filedata['post_attach'] = true;
- }
+ $filedata['post_attach'] = $local || $upload->is_valid($form_name);
if (!$filedata['post_attach'])
{
@@ -429,30 +422,18 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage
return $filedata;
}
- $cat_id = (isset($extensions[$file->get('extension')]['display_cat'])) ? $extensions[$file->get('extension')]['display_cat'] : ATTACHMENT_CATEGORY_NONE;
-
- // Make sure the image category only holds valid images...
- if ($cat_id == ATTACHMENT_CATEGORY_IMAGE && !$file->is_image())
- {
- $file->remove();
-
- // If this error occurs a user tried to exploit an IE Bug by renaming extensions
- // Since the image category is displaying content inline we need to catch this.
- trigger_error($user->lang['ATTACHED_IMAGE_NOT_IMAGE']);
- }
-
- // Do we have to create a thumbnail?
- $filedata['thumbnail'] = ($cat_id == ATTACHMENT_CATEGORY_IMAGE && $config['img_create_thumbnail']) ? 1 : 0;
-
- // Check Image Size, if it is an image
- if (!$auth->acl_get('a_') && !$auth->acl_get('m_', $forum_id) && $cat_id == ATTACHMENT_CATEGORY_IMAGE)
- {
- $file->upload->set_allowed_dimensions(0, 0, $config['img_max_width'], $config['img_max_height']);
- }
+ // Whether the uploaded file is in the image category
+ $is_image = (isset($extensions[$file->get('extension')]['display_cat'])) ? $extensions[$file->get('extension')]['display_cat'] == ATTACHMENT_CATEGORY_IMAGE : false;
- // Admins and mods are allowed to exceed the allowed filesize
if (!$auth->acl_get('a_') && !$auth->acl_get('m_', $forum_id))
{
+ // Check Image Size, if it is an image
+ if ($is_image)
+ {
+ $file->upload->set_allowed_dimensions(0, 0, $config['img_max_width'], $config['img_max_height']);
+ }
+
+ // Admins and mods are allowed to exceed the allowed filesize
if (!empty($extensions[$file->get('extension')]['max_filesize']))
{
$allowed_filesize = $extensions[$file->get('extension')]['max_filesize'];
@@ -467,10 +448,12 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage
$file->clean_filename('unique', $user->data['user_id'] . '_');
- // Are we uploading an image *and* this image being within the image category? Only then perform additional image checks.
- $no_image = ($cat_id == ATTACHMENT_CATEGORY_IMAGE) ? false : true;
+ // Are we uploading an image *and* this image being within the image category?
+ // Only then perform additional image checks.
+ $file->move_file($config['upload_path'], false, !$is_image);
- $file->move_file($config['upload_path'], false, $no_image);
+ // Do we have to create a thumbnail?
+ $filedata['thumbnail'] = ($is_image && $config['img_create_thumbnail']) ? 1 : 0;
if (sizeof($file->error))
{
@@ -481,6 +464,16 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage
return $filedata;
}
+ // Make sure the image category only holds valid images...
+ if ($is_image && !$file->is_image())
+ {
+ $file->remove();
+
+ // If this error occurs a user tried to exploit an IE Bug by renaming extensions
+ // Since the image category is displaying content inline we need to catch this.
+ trigger_error($user->lang['ATTACHED_IMAGE_NOT_IMAGE']);
+ }
+
$filedata['filesize'] = $file->get('filesize');
$filedata['mimetype'] = $file->get('mimetype');
$filedata['extension'] = $file->get('extension');
diff --git a/phpBB/includes/search/fulltext_mysql.php b/phpBB/includes/search/fulltext_mysql.php
index adaf025730..aa493c3281 100644
--- a/phpBB/includes/search/fulltext_mysql.php
+++ b/phpBB/includes/search/fulltext_mysql.php
@@ -163,9 +163,16 @@ class phpbb_search_fulltext_mysql extends phpbb_search_base
$engine = $info['Type'];
}
- if ($engine != 'MyISAM')
+ $fulltext_supported =
+ $engine === 'MyISAM' ||
+ // FULLTEXT is supported on InnoDB since MySQL 5.6.4 according to
+ // http://dev.mysql.com/doc/refman/5.6/en/innodb-storage-engine.html
+ $engine === 'InnoDB' &&
+ phpbb_version_compare($this->db->sql_server_info(true), '5.6.4', '>=');
+
+ if (!$fulltext_supported)
{
- return $this->user->lang['FULLTEXT_MYSQL_NOT_MYISAM'];
+ return $this->user->lang['FULLTEXT_MYSQL_NOT_SUPPORTED'];
}
$sql = 'SHOW VARIABLES
diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php
index efc88e6e37..af08533a7d 100644
--- a/phpBB/includes/ucp/ucp_groups.php
+++ b/phpBB/includes/ucp/ucp_groups.php
@@ -416,9 +416,11 @@ class ucp_groups
if ($group_id)
{
- $sql = 'SELECT *
- FROM ' . GROUPS_TABLE . "
- WHERE group_id = $group_id";
+ $sql = 'SELECT g.*, t.teampage_position AS group_teampage
+ FROM ' . GROUPS_TABLE . ' g
+ LEFT JOIN ' . TEAMPAGE_TABLE . ' t
+ ON (t.group_id = g.group_id)
+ WHERE g.group_id = ' . $group_id;
$result = $db->sql_query($sql);
$group_row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
@@ -514,6 +516,8 @@ class ucp_groups
'receive_pm' => isset($_REQUEST['group_receive_pm']) ? 1 : 0,
'message_limit' => request_var('group_message_limit', 0),
'max_recipients'=> request_var('group_max_recipients', 0),
+ 'legend' => $group_row['group_legend'],
+ 'teampage' => $group_row['group_teampage'],
);
if ($config['allow_avatar'])
@@ -569,6 +573,9 @@ class ucp_groups
// Only set the rank, colour, etc. if it's changed or if we're adding a new
// group. This prevents existing group members being updated if no changes
// were made.
+ // However there are some attributes that need to be set everytime,
+ // otherwise the group gets removed from the feature.
+ $set_attributes = array('legend', 'teampage');
$group_attributes = array();
$test_variables = array(
@@ -580,13 +587,14 @@ class ucp_groups
'avatar_height' => 'int',
'receive_pm' => 'int',
'legend' => 'int',
+ 'teampage' => 'int',
'message_limit' => 'int',
'max_recipients'=> 'int',
);
foreach ($test_variables as $test => $type)
{
- if (isset($submit_ary[$test]) && ($action == 'add' || $group_row['group_' . $test] != $submit_ary[$test] || isset($group_attributes['group_avatar']) && strpos($test, 'avatar') === 0))
+ if (isset($submit_ary[$test]) && ($action == 'add' || $group_row['group_' . $test] != $submit_ary[$test] || isset($group_attributes['group_avatar']) && strpos($test, 'avatar') === 0 || in_array($test, $set_attributes)))
{
settype($submit_ary[$test], $type);
$group_attributes['group_' . $test] = $group_row['group_' . $test] = $submit_ary[$test];
@@ -596,6 +604,7 @@ class ucp_groups
if (!($error = group_create($group_id, $group_type, $group_name, $group_desc, $group_attributes, $allow_desc_bbcode, $allow_desc_urls, $allow_desc_smilies)))
{
$cache->destroy('sql', GROUPS_TABLE);
+ $cache->destroy('sql', TEAMPAGE_TABLE);
$message = ($action == 'edit') ? 'GROUP_UPDATED' : 'GROUP_CREATED';
trigger_error($user->lang[$message] . $return_page);
generated by cgit v1.2.1 (git 2.21.0) at 2025-10-14 00:36:59 +0000