diff options
Diffstat (limited to 'phpBB/includes')
| -rw-r--r-- | phpBB/includes/acp/acp_attachments.php | 24 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_board.php | 1 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_prune.php | 1 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_styles.php | 33 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_users.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/constants.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/functions.php | 68 | ||||
| -rw-r--r-- | phpBB/includes/functions_acp.php | 3 | ||||
| -rw-r--r-- | phpBB/includes/functions_content.php | 3 | ||||
| -rw-r--r-- | phpBB/includes/functions_messenger.php | 12 | ||||
| -rw-r--r-- | phpBB/includes/functions_posting.php | 5 | ||||
| -rw-r--r-- | phpBB/includes/functions_privmsgs.php | 57 | ||||
| -rw-r--r-- | phpBB/includes/functions_user.php | 15 | ||||
| -rw-r--r-- | phpBB/includes/mcp/mcp_main.php | 16 | ||||
| -rw-r--r-- | phpBB/includes/mcp/mcp_topic.php | 32 | ||||
| -rw-r--r-- | phpBB/includes/message_parser.php | 29 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_pm_compose.php | 17 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_profile.php | 3 |
18 files changed, 242 insertions, 81 deletions
diff --git a/phpBB/includes/acp/acp_attachments.php b/phpBB/includes/acp/acp_attachments.php index a7035f38b7..94e3660de8 100644 --- a/phpBB/includes/acp/acp_attachments.php +++ b/phpBB/includes/acp/acp_attachments.php @@ -27,6 +27,9 @@ class acp_attachments /** @var \phpbb\config\config */ protected $config; + /** @var \phpbb\language\language */ + protected $language; + /** @var ContainerBuilder */ protected $phpbb_container; @@ -54,6 +57,7 @@ class acp_attachments $this->id = $id; $this->db = $db; $this->config = $config; + $this->language = $phpbb_container->get('language'); $this->template = $template; $this->user = $user; $this->phpbb_container = $phpbb_container; @@ -128,7 +132,7 @@ class acp_attachments $s_assigned_groups = array(); while ($row = $db->sql_fetchrow($result)) { - $row['group_name'] = (isset($user->lang['EXT_GROUP_' . $row['group_name']])) ? $user->lang['EXT_GROUP_' . $row['group_name']] : $row['group_name']; + $row['group_name'] = $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) : $row['group_name']; $s_assigned_groups[$row['cat_id']][] = $row['group_name']; } $db->sql_freeresult($result); @@ -573,7 +577,7 @@ class acp_attachments $group_id = $db->sql_nextid(); } - $group_name = (isset($user->lang['EXT_GROUP_' . $group_name])) ? $user->lang['EXT_GROUP_' . $group_name] : $group_name; + $group_name = $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($group_name)) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($group_name)) : $group_name; $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_EXTGROUP_' . strtoupper($action), false, array($group_name)); } @@ -875,7 +879,7 @@ class acp_attachments 'U_EDIT' => $this->u_action . "&action=edit&g={$row['group_id']}", 'U_DELETE' => $this->u_action . "&action=delete&g={$row['group_id']}", - 'GROUP_NAME' => (isset($user->lang['EXT_GROUP_' . $row['group_name']])) ? $user->lang['EXT_GROUP_' . $row['group_name']] : $row['group_name'], + 'GROUP_NAME' => $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) : $row['group_name'], 'CATEGORY' => $cat_lang[$row['cat_id']], ) ); @@ -1240,23 +1244,15 @@ class acp_attachments $display_cat = isset($extensions[$row['extension']]['display_cat']) ? $extensions[$row['extension']]['display_cat'] : ATTACHMENT_CATEGORY_NONE; $l_downloaded_viewed = ($display_cat == ATTACHMENT_CATEGORY_NONE) ? 'DOWNLOAD_COUNTS' : 'VIEWED_COUNTS'; - // Capitalises the group name and checks if its key exists in the language file - $up_group_name = utf8_strtoupper($extensions[$row['extension']]['group_name']); - $ext_group_name = (!empty($up_group_name)) ? (isset($user->lang['EXT_GROUP_' . $up_group_name]) ? $user->lang['EXT_GROUP_' . $up_group_name] : '') : ''; - $template->assign_block_vars('attachments', array( 'ATTACHMENT_POSTER' => get_username_string('full', (int) $row['poster_id'], (string) $row['username'], (string) $row['user_colour'], (string) $row['username']), 'FILESIZE' => get_formatted_filesize((int) $row['filesize']), 'FILETIME' => $user->format_date((int) $row['filetime']), - 'REAL_FILENAME' => (!$row['in_message']) ? utf8_basename((string) $row['real_filename']) : '', - 'PHYSICAL_FILENAME' => utf8_basename((string) $row['physical_filename']), - 'EXT_GROUP_NAME' => $ext_group_name, + 'REAL_FILENAME' => utf8_basename((string) $row['real_filename']), + 'EXT_GROUP_NAME' => $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($extensions[$row['extension']]['group_name'])) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($extensions[$row['extension']]['group_name'])) : $extensions[$row['extension']]['group_name'], 'COMMENT' => $comment, 'TOPIC_TITLE' => (!$row['in_message']) ? (string) $row['topic_title'] : '', 'ATTACH_ID' => (int) $row['attach_id'], - 'POST_ID' => (int) $row['post_msg_id'], - 'TOPIC_ID' => (int) $row['topic_id'], - 'POST_IDS' => (!empty($post_ids[$row['attach_id']])) ? (int) $post_ids[$row['attach_id']] : '', 'L_DOWNLOAD_COUNT' => $user->lang($l_downloaded_viewed, (int) $row['download_count']), @@ -1438,7 +1434,7 @@ class acp_attachments $group_name = array(); while ($row = $db->sql_fetchrow($result)) { - $row['group_name'] = (isset($user->lang['EXT_GROUP_' . $row['group_name']])) ? $user->lang['EXT_GROUP_' . $row['group_name']] : $row['group_name']; + $row['group_name'] = $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) : $row['group_name']; $group_name[] = $row; } $db->sql_freeresult($result); diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index e348c769bd..0730b4e285 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -450,6 +450,7 @@ class acp_board 'email_enable' => array('lang' => 'ENABLE_EMAIL', 'validate' => 'bool', 'type' => 'radio:enabled_disabled', 'explain' => true), 'board_email_form' => array('lang' => 'BOARD_EMAIL_FORM', 'validate' => 'bool', 'type' => 'radio:enabled_disabled', 'explain' => true), 'email_package_size' => array('lang' => 'EMAIL_PACKAGE_SIZE', 'validate' => 'int:0', 'type' => 'number:0:99999', 'explain' => true), + 'email_max_chunk_size' => array('lang' => 'EMAIL_MAX_CHUNK_SIZE', 'validate' => 'int:1:99999', 'type' => 'number:1:99999', 'explain' => true), 'board_contact' => array('lang' => 'CONTACT_EMAIL', 'validate' => 'email', 'type' => 'email:25:100', 'explain' => true), 'board_contact_name' => array('lang' => 'CONTACT_EMAIL_NAME', 'validate' => 'string', 'type' => 'text:25:50', 'explain' => true), 'board_email' => array('lang' => 'ADMIN_EMAIL', 'validate' => 'email', 'type' => 'email:25:100', 'explain' => true), diff --git a/phpBB/includes/acp/acp_prune.php b/phpBB/includes/acp/acp_prune.php index 3eee4f7922..c5f7789de8 100644 --- a/phpBB/includes/acp/acp_prune.php +++ b/phpBB/includes/acp/acp_prune.php @@ -537,6 +537,7 @@ class acp_prune AND ug.user_id <> ' . ANONYMOUS . ' AND u.user_type <> ' . USER_FOUNDER . ' AND ug.user_pending = 0 + AND ug.group_leader = 0 AND u.user_id = ug.user_id ' . (!empty($user_ids) ? ' AND ' . $db->sql_in_set('ug.user_id', $user_ids) : ''); $result = $db->sql_query($sql); diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php index 1bf5a3c6a8..87c8d88f52 100644 --- a/phpBB/includes/acp/acp_styles.php +++ b/phpBB/includes/acp/acp_styles.php @@ -259,6 +259,19 @@ class acp_styles // Get list of styles to uninstall $ids = $this->request_vars('id', 0, true); + // Don't remove prosilver, you can still deactivate it. + $sql = 'SELECT style_id + FROM ' . STYLES_TABLE . " + WHERE style_name = '" . $this->db->sql_escape('prosilver') . "'"; + $result = $this->db->sql_query($sql); + $prosilver_id = (int) $this->db->sql_fetchfield('style_id'); + $this->db->sql_freeresult($result); + + if ($prosilver_id && in_array($prosilver_id, $ids)) + { + trigger_error($this->user->lang('UNINSTALL_PROSILVER') . adm_back_link($this->u_action), E_USER_WARNING); + } + // Check if confirmation box was submitted if (confirm_box(true)) { @@ -998,11 +1011,14 @@ class acp_styles 'L_ACTION' => $this->user->lang['EXPORT'] ); */ - // Uninstall - $actions[] = array( - 'U_ACTION' => $this->u_action . '&action=uninstall&hash=' . generate_link_hash('uninstall') . '&id=' . $style['style_id'], - 'L_ACTION' => $this->user->lang['STYLE_UNINSTALL'] - ); + if ($style['style_name'] !== 'prosilver') + { + // Uninstall + $actions[] = array( + 'U_ACTION' => $this->u_action . '&action=uninstall&hash=' . generate_link_hash('uninstall') . '&id=' . $style['style_id'], + 'L_ACTION' => $this->user->lang['STYLE_UNINSTALL'] + ); + } // Preview $actions[] = array( @@ -1123,7 +1139,14 @@ class acp_styles */ protected function read_style_cfg($dir) { + // This should never happen, we give them a red warning because of its relevance. + if (!file_exists($this->styles_path . $dir . '/style.cfg')) + { + trigger_error($this->user->lang('NO_STYLE_CFG', $dir), E_USER_WARNING); + } + static $required = array('name', 'phpbb_version', 'copyright'); + $cfg = parse_cfg_file($this->styles_path . $dir . '/style.cfg'); // Check if it is a valid file diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index 2d1eaadfae..fd4b5e8c24 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -855,7 +855,7 @@ class acp_users $check_ary += array( 'username' => array( array('string', false, $config['min_name_chars'], $config['max_name_chars']), - array('username', $user_row['username']) + array('username', $user_row['username'], true) ), ); } diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index 89d056f2e1..fedd297895 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -28,7 +28,7 @@ if (!defined('IN_PHPBB')) */ // phpBB Version -@define('PHPBB_VERSION', '3.2.8-dev'); +@define('PHPBB_VERSION', '3.2.8-RC1'); // QA-related // define('PHPBB_QA', 1); diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 5234c3472d..c9f589c174 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1843,27 +1843,6 @@ function redirect($url, $return = false, $disable_cd_check = false) garbage_collection(); } - // Redirect via an HTML form for PITA webservers - if (@preg_match('#WebSTAR|Xitami#', getenv('SERVER_SOFTWARE'))) - { - header('Refresh: 0; URL=' . $url); - - echo '<!DOCTYPE html>'; - echo '<html dir="' . $user->lang['DIRECTION'] . '" lang="' . $user->lang['USER_LANG'] . '">'; - echo '<head>'; - echo '<meta charset="utf-8">'; - echo '<meta http-equiv="X-UA-Compatible" content="IE=edge">'; - echo '<meta http-equiv="refresh" content="0; url=' . str_replace('&', '&', $url) . '" />'; - echo '<title>' . $user->lang['REDIRECT'] . '</title>'; - echo '</head>'; - echo '<body>'; - echo '<div style="text-align: center;">' . sprintf($user->lang['URL_REDIRECT'], '<a href="' . str_replace('&', '&', $url) . '">', '</a>') . '</div>'; - echo '</body>'; - echo '</html>'; - - exit; - } - // Behave as per HTTP/1.1 spec for others header('Location: ' . $url); exit; @@ -2158,7 +2137,7 @@ function check_form_key($form_name, $timespan = false) function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_body.html', $u_action = '') { global $user, $template, $db, $request; - global $config, $language, $phpbb_path_helper; + global $config, $language, $phpbb_path_helper, $phpbb_dispatcher; if (isset($_POST['cancel'])) { @@ -2255,8 +2234,7 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo if ($request->is_ajax()) { $u_action .= '&confirm_uid=' . $user->data['user_id'] . '&sess=' . $user->session_id . '&sid=' . $user->session_id; - $json_response = new \phpbb\json_response; - $json_response->send(array( + $data = array( 'MESSAGE_BODY' => $template->assign_display('body'), 'MESSAGE_TITLE' => $confirm_title, 'MESSAGE_TEXT' => $confirm_text, @@ -2264,7 +2242,28 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo 'YES_VALUE' => $language->lang('YES'), 'S_CONFIRM_ACTION' => str_replace('&', '&', $u_action), //inefficient, rewrite whole function 'S_HIDDEN_FIELDS' => $hidden . $s_hidden_fields - )); + ); + + /** + * This event allows an extension to modify the ajax output of confirm box. + * + * @event core.confirm_box_ajax_before + * @var string u_action Action of the form + * @var array data Data to be sent + * @var string hidden Hidden fields generated by caller + * @var string s_hidden_fields Hidden fields generated by this function + * @since 3.2.8-RC1 + */ + $vars = array( + 'u_action', + 'data', + 'hidden', + 's_hidden_fields', + ); + extract($phpbb_dispatcher->trigger_event('core.confirm_box_ajax_before', compact($vars))); + + $json_response = new \phpbb\json_response; + $json_response->send($data); } if (defined('IN_ADMIN') && isset($user->data['session_admin']) && $user->data['session_admin']) @@ -2365,7 +2364,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa } // Check form key - if ($password && !check_form_key($form_name)) + if ($password && !defined('IN_CHECK_BAN') && !check_form_key($form_name)) { $result = array( 'status' => false, @@ -2527,9 +2526,6 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa )); } - // Add form token for login box - add_form_key($form_name, '_LOGIN'); - $s_hidden_fields = build_hidden_fields($s_hidden_fields); $login_box_template_data = array( @@ -2664,9 +2660,6 @@ function login_forum_box($forum_data) page_header($user->lang['LOGIN']); - // Add form token for login box - add_form_key('login', '_LOGIN'); - $template->assign_vars(array( 'FORUM_NAME' => isset($forum_data['forum_name']) ? $forum_data['forum_name'] : '', 'S_LOGIN_ACTION' => build_url(array('f')), @@ -4132,9 +4125,9 @@ function phpbb_get_user_avatar($user_row, $alt = 'USER_AVATAR', $ignore_config = * * @return string Avatar html */ -function phpbb_get_group_avatar($user_row, $alt = 'GROUP_AVATAR', $ignore_config = false, $lazy = false) +function phpbb_get_group_avatar($group_row, $alt = 'GROUP_AVATAR', $ignore_config = false, $lazy = false) { - $row = \phpbb\avatar\manager::clean_row($user_row, 'group'); + $row = \phpbb\avatar\manager::clean_row($group_row, 'group'); return phpbb_get_avatar($row, $alt, $ignore_config, $lazy); } @@ -4440,6 +4433,10 @@ function page_header($page_title = '', $display_online_list = false, $item_id = $notification_mark_hash = generate_link_hash('mark_all_notifications_read'); $s_login_redirect = build_hidden_fields(array('redirect' => $phpbb_path_helper->remove_web_root_path(build_url()))); + + // Add form token for login box, in case page is presenting a login form. + add_form_key('login', '_LOGIN'); + /** * Workaround for missing template variable in pre phpBB 3.2.6 styles. * @deprecated 3.2.7 (To be removed: 3.3.0-a1) @@ -4592,12 +4589,13 @@ function page_header($page_title = '', $display_online_list = false, $item_id = if ($send_headers) { - // An array of http headers that phpbb will set. The following event may override these. + // An array of http headers that phpBB will set. The following event may override these. $http_headers += array( // application/xhtml+xml not used because of IE 'Content-type' => 'text/html; charset=UTF-8', 'Cache-Control' => 'private, no-cache="set-cookie"', 'Expires' => gmdate('D, d M Y H:i:s', time()) . ' GMT', + 'Referrer-Policy' => 'strict-origin-when-cross-origin', ); if (!empty($user->data['is_bot'])) { diff --git a/phpBB/includes/functions_acp.php b/phpBB/includes/functions_acp.php index dd326c3db6..a2014a7d5b 100644 --- a/phpBB/includes/functions_acp.php +++ b/phpBB/includes/functions_acp.php @@ -112,12 +112,13 @@ function adm_page_header($page_title) 'CONTAINER_EXCEPTION' => $phpbb_container->hasParameter('container_exception') ? $phpbb_container->getParameter('container_exception') : false, )); - // An array of http headers that phpbb will set. The following event may override these. + // An array of http headers that phpBB will set. The following event may override these. $http_headers = array( // application/xhtml+xml not used because of IE 'Content-type' => 'text/html; charset=UTF-8', 'Cache-Control' => 'private, no-cache="set-cookie"', 'Expires' => gmdate('D, d M Y H:i:s', time()) . ' GMT', + 'Referrer-Policy' => 'strict-origin-when-cross-origin', ); /** diff --git a/phpBB/includes/functions_content.php b/phpBB/includes/functions_content.php index a15a03f966..2542be5e02 100644 --- a/phpBB/includes/functions_content.php +++ b/phpBB/includes/functions_content.php @@ -1482,6 +1482,8 @@ function truncate_string($string, $max_length = 60, $max_store_length = 255, $al * Get username details for placing into templates. * This function caches all modes on first call, except for no_profile and anonymous user - determined by $user_id. * +* @html Username spans and links +* * @param string $mode Can be profile (for getting an url to the profile), username (for obtaining the username), colour (for obtaining the user colour), full (for obtaining a html string representing a coloured link to the users profile) or no_profile (the same as full but forcing no profile link) * @param int $user_id The users id * @param string $username The users name @@ -1501,6 +1503,7 @@ function get_username_string($mode, $user_id, $username, $username_colour = '', { global $phpbb_root_path, $phpEx; + /** @html Username spans and links for usage in the template */ $_profile_cache['base_url'] = append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u={USER_ID}'); $_profile_cache['tpl_noprofile'] = '<span class="username">{USERNAME}</span>'; $_profile_cache['tpl_noprofile_colour'] = '<span style="color: {USERNAME_COLOUR};" class="username-coloured">{USERNAME}</span>'; diff --git a/phpBB/includes/functions_messenger.php b/phpBB/includes/functions_messenger.php index f44bcc6fb7..7f8238e1bf 100644 --- a/phpBB/includes/functions_messenger.php +++ b/phpBB/includes/functions_messenger.php @@ -1581,6 +1581,14 @@ class smtp_class */ protected function starttls() { + global $config; + + // allow SMTPS (what was used by phpBB 3.0) if hostname is prefixed with tls:// or ssl:// + if (strpos($config['smtp_host'], 'tls://') === 0 || strpos($config['smtp_host'], 'ssl://') === 0) + { + return true; + } + if (!function_exists('stream_socket_enable_crypto')) { return false; @@ -1603,7 +1611,9 @@ class smtp_class if (socket_set_blocking($this->socket, 1)) { - $result = stream_socket_enable_crypto($this->socket, true, STREAM_CRYPTO_METHOD_TLS_CLIENT); + // https://secure.php.net/manual/en/function.stream-socket-enable-crypto.php#119122 + $crypto = (phpbb_version_compare(PHP_VERSION, '5.6.7', '<')) ? STREAM_CRYPTO_METHOD_TLS_CLIENT : STREAM_CRYPTO_METHOD_SSLv23_CLIENT; + $result = stream_socket_enable_crypto($this->socket, true, $crypto); socket_set_blocking($this->socket, (int) $stream_meta['blocked']); } diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index c5a7400ddf..2cce77e092 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -2079,6 +2079,11 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll_ary, &$data continue; } + if (preg_match('/[\x{10000}-\x{10FFFF}]/u', $attach_row['attach_comment'])) + { + trigger_error('ATTACH_COMMENT_NO_EMOJIS'); + } + if (!$attach_row['is_orphan']) { // update entry in db if attachment already stored in db and filespace diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php index a7a4b050fe..f07512d623 100644 --- a/phpBB/includes/functions_privmsgs.php +++ b/phpBB/includes/functions_privmsgs.php @@ -1966,7 +1966,7 @@ function submit_pm($mode, $subject, &$data_ary, $put_in_outbox = true) */ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode = false) { - global $db, $user, $template, $phpbb_root_path, $phpEx, $auth; + global $db, $user, $template, $phpbb_root_path, $phpEx, $auth, $phpbb_dispatcher; // Select all receipts and the author from the pm we currently view, to only display their pm-history $sql = 'SELECT author_id, user_id @@ -1985,9 +1985,7 @@ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode $recipients = array_unique($recipients); // Get History Messages (could be newer) - $sql = 'SELECT t.*, p.*, u.* - FROM ' . PRIVMSGS_TABLE . ' p, ' . PRIVMSGS_TO_TABLE . ' t, ' . USERS_TABLE . ' u - WHERE t.msg_id = p.msg_id + $sql_where = 't.msg_id = p.msg_id AND p.author_id = u.user_id AND t.folder_id NOT IN (' . PRIVMSGS_NO_BOX . ', ' . PRIVMSGS_HOLD_BOX . ') AND ' . $db->sql_in_set('t.author_id', $recipients, false, true) . " @@ -1998,13 +1996,37 @@ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode if (!$message_row['root_level']) { - $sql .= " AND (p.root_level = $msg_id OR (p.root_level = 0 AND p.msg_id = $msg_id))"; + $sql_where .= " AND (p.root_level = $msg_id OR (p.root_level = 0 AND p.msg_id = $msg_id))"; } else { - $sql .= " AND (p.root_level = " . $message_row['root_level'] . ' OR p.msg_id = ' . $message_row['root_level'] . ')'; + $sql_where .= " AND (p.root_level = " . $message_row['root_level'] . ' OR p.msg_id = ' . $message_row['root_level'] . ')'; } - $sql .= ' ORDER BY p.message_time DESC'; + + $sql_ary = array( + 'SELECT' => 't.*, p.*, u.*', + 'FROM' => array( + PRIVMSGS_TABLE => 'p', + PRIVMSGS_TO_TABLE => 't', + USERS_TABLE => 'u' + ), + 'LEFT_JOIN' => array(), + 'WHERE' => $sql_where, + 'ORDER_BY' => 'p.message_time DESC', + ); + + /** + * Event to modify the SQL query before the message history in private message is queried + * + * @event core.message_history_modify_sql_ary + * @var array sql_ary The SQL array to get the data of the message history in private message + * @since 3.2.8-RC1 + */ + $vars = array('sql_ary'); + extract($phpbb_dispatcher->trigger_event('core.message_history_modify_sql_ary', compact($vars))); + + $sql = $db->sql_build_query('SELECT', $sql_ary); + unset($sql_ary); $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); @@ -2087,7 +2109,7 @@ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode $previous_history_pm = $prev_id; } - $template->assign_block_vars('history_row', array( + $template_vars = array( 'MESSAGE_AUTHOR_QUOTE' => (($decoded_message) ? addslashes(get_username_string('username', $author_id, $row['username'], $row['user_colour'], $row['username'])) : ''), 'MESSAGE_AUTHOR_FULL' => get_username_string('full', $author_id, $row['username'], $row['user_colour'], $row['username']), 'MESSAGE_AUTHOR_COLOUR' => get_username_string('colour', $author_id, $row['username'], $row['user_colour'], $row['username']), @@ -2109,8 +2131,25 @@ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode 'USER_ID' => $row['user_id'], 'U_VIEW_MESSAGE' => "$url&f=$folder_id&p=" . $row['msg_id'], 'U_QUOTE' => (!$in_post_mode && $auth->acl_get('u_sendpm') && $author_id != ANONYMOUS) ? "$url&mode=compose&action=quote&f=" . $folder_id . "&p=" . $row['msg_id'] : '', - 'U_POST_REPLY_PM' => ($author_id != $user->data['user_id'] && $author_id != ANONYMOUS && $auth->acl_get('u_sendpm')) ? "$url&mode=compose&action=reply&f=$folder_id&p=" . $row['msg_id'] : '') + 'U_POST_REPLY_PM' => ($author_id != $user->data['user_id'] && $author_id != ANONYMOUS && $auth->acl_get('u_sendpm')) ? "$url&mode=compose&action=reply&f=$folder_id&p=" . $row['msg_id'] : '' + ); + + /** + * Modify the template vars for displaying the message history in private message + * + * @event core.message_history_modify_template_vars + * @var array template_vars Array containing the query + * @var array row Array containing the action user row + * @since 3.2.8-RC1 + */ + $vars = array( + 'template_vars', + 'row', ); + extract($phpbb_dispatcher->trigger_event('core.message_history_modify_template_vars', compact($vars))); + + $template->assign_block_vars('history_row', $template_vars); + unset($rowset[$i]); $prev_id = $id; } diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index fb9241d4aa..3bf4aa16b7 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1732,7 +1732,7 @@ function phpbb_validate_timezone($timezone) * @return mixed Either false if validation succeeded or a string which will be * used as the error message (with the variable name appended) */ -function validate_username($username, $allowed_username = false) +function validate_username($username, $allowed_username = false, $allow_all_names = false) { global $config, $db, $user, $cache; @@ -1815,13 +1815,16 @@ function validate_username($username, $allowed_username = false) return 'USERNAME_TAKEN'; } - $bad_usernames = $cache->obtain_disallowed_usernames(); - - foreach ($bad_usernames as $bad_username) + if (!$allow_all_names) { - if (preg_match('#^' . $bad_username . '$#', $clean_username)) + $bad_usernames = $cache->obtain_disallowed_usernames(); + + foreach ($bad_usernames as $bad_username) { - return 'USERNAME_DISALLOWED'; + if (preg_match('#^' . $bad_username . '$#', $clean_username)) + { + return 'USERNAME_DISALLOWED'; + } } } diff --git a/phpBB/includes/mcp/mcp_main.php b/phpBB/includes/mcp/mcp_main.php index 4bd783b279..744eaebd7d 100644 --- a/phpBB/includes/mcp/mcp_main.php +++ b/phpBB/includes/mcp/mcp_main.php @@ -41,6 +41,22 @@ class mcp_main $quickmod = ($mode == 'quickmod') ? true : false; + /** + * Event to perform additional actions before an MCP action is executed. + * + * @event core.mcp_main_before + * @var string action The action that is about to be performed + * @var string mode The mode in which the MCP is accessed, e.g. front, forum_view, topic_view, post_details, quickmod + * @var boolean quickmod Whether or not the action is performed via QuickMod + * @since 3.2.8-RC1 + */ + $vars = [ + 'action', + 'mode', + 'quickmod', + ]; + extract($phpbb_dispatcher->trigger_event('core.mcp_main_before', compact($vars))); + switch ($action) { case 'lock': diff --git a/phpBB/includes/mcp/mcp_topic.php b/phpBB/includes/mcp/mcp_topic.php index 68a65aafdd..83ad56f3e4 100644 --- a/phpBB/includes/mcp/mcp_topic.php +++ b/phpBB/includes/mcp/mcp_topic.php @@ -142,14 +142,36 @@ function mcp_topic_view($id, $mode, $action) } $start = $pagination->validate_start($start, $posts_per_page, $total); - $sql = 'SELECT u.username, u.username_clean, u.user_colour, p.* - FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . ' u - WHERE ' . (($action == 'reports') ? 'p.post_reported = 1 AND ' : '') . ' + $sql_where = (($action == 'reports') ? 'p.post_reported = 1 AND ' : '') . ' p.topic_id = ' . $topic_id . ' AND ' . $phpbb_content_visibility->get_visibility_sql('post', $topic_info['forum_id'], 'p.') . ' AND p.poster_id = u.user_id ' . - $limit_time_sql . ' - ORDER BY ' . $sort_order_sql; + $limit_time_sql; + + $sql_ary = array( + 'SELECT' => 'u.username, u.username_clean, u.user_colour, p.*', + 'FROM' => array( + POSTS_TABLE => 'p', + USERS_TABLE => 'u' + ), + 'LEFT_JOIN' => array(), + 'WHERE' => $sql_where, + 'ORDER_BY' => $sort_order_sql, + ); + + /** + * Event to modify the SQL query before the MCP topic review posts is queried + * + * @event core.mcp_topic_modify_sql_ary + * @var array sql_ary The SQL array to get the data of the MCP topic review posts + * @since 3.2.8-RC1 + */ + $vars = array('sql_ary'); + extract($phpbb_dispatcher->trigger_event('core.mcp_topic_modify_sql_ary', compact($vars))); + + $sql = $db->sql_build_query('SELECT', $sql_ary); + unset($sql_ary); + $result = $db->sql_query_limit($sql, $posts_per_page, $start); $rowset = $post_id_list = array(); diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index 0b79cca864..e1c28223dc 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -1525,6 +1525,35 @@ class parse_message extends bbcode_firstpass } /** + * Check attachment form token depending on submit type + * + * @param \phpbb\language\language $language Language + * @param \phpbb\request\request_interface $request Request + * @param string $form_name Form name for checking form key + * + * @return bool True if form token is not needed or valid, false if needed and invalid + */ + function check_attachment_form_token(\phpbb\language\language $language, \phpbb\request\request_interface $request, $form_name) + { + $add_file = $request->is_set_post('add_file'); + $delete_file = $request->is_set_post('delete_file'); + + if (($add_file || $delete_file) && !check_form_key($form_name)) + { + $this->warn_msg[] = $language->lang('FORM_INVALID'); + + if ($request->is_ajax() && $this->plupload) + { + $this->plupload->emit_error(-400, 'FORM_INVALID'); + } + + return false; + } + + return true; + } + + /** * Parse Attachments */ function parse_attachments($form_name, $mode, $forum_id, $submit, $preview, $refresh, $is_message = false) diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index 543db4f889..06baa279a5 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -26,7 +26,7 @@ if (!defined('IN_PHPBB')) function compose_pm($id, $mode, $action, $user_folders = array()) { global $template, $db, $auth, $user, $cache; - global $phpbb_root_path, $phpEx, $config; + global $phpbb_root_path, $phpEx, $config, $language; global $request, $phpbb_dispatcher, $phpbb_container; // Damn php and globals - i know, this is horrible @@ -799,7 +799,10 @@ function compose_pm($id, $mode, $action, $user_folders = array()) extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_modify_parse_before', compact($vars))); // Parse Attachments - before checksum is calculated - $message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true); + if ($message_parser->check_attachment_form_token($language, $request, 'ucp_pm_compose')) + { + $message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true); + } if (count($message_parser->warn_msg) && !($remove_u || $remove_g || $add_to || $add_bcc)) { @@ -1007,6 +1010,16 @@ function compose_pm($id, $mode, $action, $user_folders = array()) if (($action == 'reply' || $action == 'quote' || $action == 'quotepost') && !$preview && !$refresh) { $message_subject = ((!preg_match('/^Re:/', $message_subject)) ? 'Re: ' : '') . censor_text($message_subject); + + /** + * This event allows you to modify the PM subject of the PM being quoted + * + * @event core.pm_modify_message_subject + * @var string message_subject String with the PM subject already censored. + * @since 3.2.8-RC1 + */ + $vars = array('message_subject'); + extract($phpbb_dispatcher->trigger_event('core.pm_modify_message_subject', compact($vars))); } if ($action == 'forward' && !$preview && !$refresh && !$submit) diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php index 9a1284083f..36ab3d0463 100644 --- a/phpBB/includes/ucp/ucp_profile.php +++ b/phpBB/includes/ucp/ucp_profile.php @@ -133,7 +133,6 @@ class ucp_profile 'user_email' => ($auth->acl_get('u_chgemail')) ? $data['email'] : $user->data['user_email'], 'user_email_hash' => ($auth->acl_get('u_chgemail')) ? phpbb_email_hash($data['email']) : $user->data['user_email_hash'], 'user_password' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? $passwords_manager->hash($data['new_password']) : $user->data['user_password'], - 'user_passchg' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? time() : 0, ); if ($auth->acl_get('u_chgname') && $config['allow_namechange'] && $data['username'] != $user->data['username']) @@ -147,6 +146,8 @@ class ucp_profile if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && !$passwords_manager->check($data['new_password'], $user->data['user_password'])) { + $sql_ary['user_passchg'] = time(); + $user->reset_login_keys(); $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_NEW_PASSWORD', false, array( 'reportee_id' => $user->data['user_id'], |