diff options
Diffstat (limited to 'phpBB/includes')
| -rw-r--r-- | phpBB/includes/acp/acp_ban.php | 4 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_board.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_captcha.php | 4 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_forums.php | 17 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_php_info.php | 4 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_prune.php | 8 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_users.php | 40 | ||||
| -rw-r--r-- | phpBB/includes/acp/info/acp_board.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/auth/auth_ldap.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/constants.php | 4 | ||||
| -rw-r--r-- | phpBB/includes/db/oracle.php | 5 | ||||
| -rw-r--r-- | phpBB/includes/db/postgres.php | 5 | ||||
| -rw-r--r-- | phpBB/includes/functions.php | 57 | ||||
| -rw-r--r-- | phpBB/includes/functions_admin.php | 8 | ||||
| -rw-r--r-- | phpBB/includes/functions_convert.php | 3 | ||||
| -rw-r--r-- | phpBB/includes/functions_display.php | 13 | ||||
| -rw-r--r-- | phpBB/includes/functions_posting.php | 20 | ||||
| -rw-r--r-- | phpBB/includes/functions_user.php | 17 | ||||
| -rw-r--r-- | phpBB/includes/session.php | 4 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_pm_viewfolder.php | 26 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_profile.php | 2 |
21 files changed, 178 insertions, 69 deletions
diff --git a/phpBB/includes/acp/acp_ban.php b/phpBB/includes/acp/acp_ban.php index 3198376584..a7ea57b753 100644 --- a/phpBB/includes/acp/acp_ban.php +++ b/phpBB/includes/acp/acp_ban.php @@ -224,7 +224,7 @@ class acp_ban $template->assign_block_vars('ban_reason', array( 'BAN_ID' => $ban_id, 'REASON' => $reason, - 'A_REASON' => addslashes(htmlspecialchars_decode($reason)), + 'A_REASON' => addslashes($reason), )); } } @@ -236,7 +236,7 @@ class acp_ban $template->assign_block_vars('ban_give_reason', array( 'BAN_ID' => $ban_id, 'REASON' => $reason, - 'A_REASON' => addslashes(htmlspecialchars_decode($reason)), + 'A_REASON' => addslashes($reason), )); } } diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index 7680d8996c..927e72010e 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -58,7 +58,7 @@ class acp_board 'board_disable_msg' => false, 'default_lang' => array('lang' => 'DEFAULT_LANGUAGE', 'validate' => 'lang', 'type' => 'select', 'function' => 'language_select', 'params' => array('{CONFIG_VALUE}'), 'explain' => false), 'default_dateformat' => array('lang' => 'DEFAULT_DATE_FORMAT', 'validate' => 'string', 'type' => 'custom', 'method' => 'dateformat_select', 'explain' => true), - 'board_timezone' => array('lang' => 'SYSTEM_TIMEZONE', 'validate' => 'string', 'type' => 'select', 'function' => 'tz_select', 'params' => array('{CONFIG_VALUE}', 1), 'explain' => false), + 'board_timezone' => array('lang' => 'SYSTEM_TIMEZONE', 'validate' => 'string', 'type' => 'select', 'function' => 'tz_select', 'params' => array('{CONFIG_VALUE}', 1), 'explain' => true), 'board_dst' => array('lang' => 'SYSTEM_DST', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), 'default_style' => array('lang' => 'DEFAULT_STYLE', 'validate' => 'int', 'type' => 'select', 'function' => 'style_select', 'params' => array('{CONFIG_VALUE}', false), 'explain' => false), 'override_user_style' => array('lang' => 'OVERRIDE_STYLE', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), diff --git a/phpBB/includes/acp/acp_captcha.php b/phpBB/includes/acp/acp_captcha.php index 56a57e319c..1893eed14f 100644 --- a/phpBB/includes/acp/acp_captcha.php +++ b/phpBB/includes/acp/acp_captcha.php @@ -89,14 +89,14 @@ class acp_captcha } else { - trigger_error($user->lang['CAPTCHA_UNAVAILABLE'] . adm_back_link($this->u_action)); + trigger_error($user->lang['CAPTCHA_UNAVAILABLE'] . adm_back_link($this->u_action), E_USER_WARNING); } } trigger_error($user->lang['CONFIG_UPDATED'] . adm_back_link($this->u_action)); } else if ($submit) { - trigger_error($user->lang['FORM_INVALID'] . adm_back_link()); + trigger_error($user->lang['FORM_INVALID'] . adm_back_link(), E_USER_WARNING); } else { diff --git a/phpBB/includes/acp/acp_forums.php b/phpBB/includes/acp/acp_forums.php index 54bf905374..f2f1bd80e2 100644 --- a/phpBB/includes/acp/acp_forums.php +++ b/phpBB/includes/acp/acp_forums.php @@ -169,7 +169,7 @@ class acp_forums $forum_data['forum_status'] = ITEM_UNLOCKED; } - $forum_data['show_active'] = ($forum_data['forum_type'] == FORUM_POST) ? request_var('display_recent', true) : request_var('display_active', true); + $forum_data['show_active'] = ($forum_data['forum_type'] == FORUM_POST) ? request_var('display_recent', true) : request_var('display_active', false); // Get data for forum rules if specified... if ($forum_data['forum_rules']) @@ -190,12 +190,14 @@ class acp_forums $forum_perm_from = request_var('forum_perm_from', 0); $cache->destroy('sql', FORUMS_TABLE); + $copied_permissions = false; // Copy permissions? if ($forum_perm_from && $forum_perm_from != $forum_data['forum_id'] && ($action != 'edit' || empty($forum_id) || ($auth->acl_get('a_fauth') && $auth->acl_get('a_authusers') && $auth->acl_get('a_authgroups') && $auth->acl_get('a_mauth')))) { copy_forum_permissions($forum_perm_from, $forum_data['forum_id'], ($action == 'edit') ? true : false); cache_moderators(); + $copied_permissions = true; } /* Commented out because of questionable UI workflow - re-visit for 3.0.7 else if (!$this->parent_id && $action != 'edit' && $auth->acl_get('a_fauth') && $auth->acl_get('a_authusers') && $auth->acl_get('a_authgroups') && $auth->acl_get('a_mauth')) @@ -211,13 +213,13 @@ class acp_forums $message = ($action == 'add') ? $user->lang['FORUM_CREATED'] : $user->lang['FORUM_UPDATED']; // Redirect to permissions - if ($auth->acl_get('a_fauth')) + if ($auth->acl_get('a_fauth') && !$copied_permissions) { $message .= '<br /><br />' . sprintf($user->lang['REDIRECT_ACL'], '<a href="' . append_sid("{$phpbb_admin_path}index.$phpEx", 'i=permissions' . $acl_url) . '">', '</a>'); } // redirect directly to permission settings screen if authed - if ($action == 'add' && !$forum_perm_from && $auth->acl_get('a_fauth')) + if ($action == 'add' && !$copied_permissions && $auth->acl_get('a_fauth')) { meta_refresh(4, append_sid("{$phpbb_admin_path}index.$phpEx", 'i=permissions' . $acl_url)); } @@ -407,7 +409,7 @@ class acp_forums $exclude_forums[] = $row['forum_id']; } - $parents_list = make_forum_select($forum_data['parent_id'], $exclude_forums, true, false, false); + $parents_list = make_forum_select($forum_data['parent_id'], $exclude_forums, false, false, false); $forum_data['forum_password_confirm'] = $forum_data['forum_password']; } @@ -416,7 +418,7 @@ class acp_forums $this->page_title = 'CREATE_FORUM'; $forum_id = $this->parent_id; - $parents_list = make_forum_select($this->parent_id, false, true, false, false); + $parents_list = make_forum_select($this->parent_id, false, false, false, false); // Fill forum data with default values if (!$update) @@ -639,7 +641,8 @@ class acp_forums 'S_PRUNE_OLD_POLLS' => ($forum_data['forum_flags'] & FORUM_FLAG_PRUNE_POLL) ? true : false, 'S_PRUNE_ANNOUNCE' => ($forum_data['forum_flags'] & FORUM_FLAG_PRUNE_ANNOUNCE) ? true : false, 'S_PRUNE_STICKY' => ($forum_data['forum_flags'] & FORUM_FLAG_PRUNE_STICKY) ? true : false, - 'S_DISPLAY_ACTIVE_TOPICS' => ($forum_data['forum_flags'] & FORUM_FLAG_ACTIVE_TOPICS) ? true : false, + 'S_DISPLAY_ACTIVE_TOPICS' => ($forum_data['forum_type'] == FORUM_POST) ? ($forum_data['forum_flags'] & FORUM_FLAG_ACTIVE_TOPICS) : true, + 'S_ENABLE_ACTIVE_TOPICS' => ($forum_data['forum_type'] == FORUM_CAT) ? ($forum_data['forum_flags'] & FORUM_FLAG_ACTIVE_TOPICS) : false, 'S_ENABLE_POST_REVIEW' => ($forum_data['forum_flags'] & FORUM_FLAG_POST_REVIEW) ? true : false, 'S_ENABLE_QUICK_REPLY' => ($forum_data['forum_flags'] & FORUM_FLAG_QUICK_REPLY) ? true : false, 'S_CAN_COPY_PERMISSIONS' => ($action != 'edit' || empty($forum_id) || ($auth->acl_get('a_fauth') && $auth->acl_get('a_authusers') && $auth->acl_get('a_authgroups') && $auth->acl_get('a_mauth'))) ? true : false, @@ -980,7 +983,7 @@ class acp_forums if (!$row) { - trigger_error($user->lang['PARENT_NOT_EXIST'] . adm_back_link($this->u_action . '&' . $this->parent_id), E_USER_WARNING); + trigger_error($user->lang['PARENT_NOT_EXIST'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING); } if ($row['forum_type'] == FORUM_LINK) diff --git a/phpBB/includes/acp/acp_php_info.php b/phpBB/includes/acp/acp_php_info.php index 9935c0466e..0499095004 100644 --- a/phpBB/includes/acp/acp_php_info.php +++ b/phpBB/includes/acp/acp_php_info.php @@ -35,9 +35,9 @@ class acp_php_info $this->tpl_name = 'acp_php_info'; $this->page_title = 'ACP_PHP_INFO'; - + ob_start(); - @phpinfo(INFO_GENERAL | INFO_CONFIGURATION | INFO_MODULES | INFO_VARIABLES); + phpinfo(INFO_GENERAL | INFO_CONFIGURATION | INFO_MODULES | INFO_VARIABLES); $phpinfo = ob_get_clean(); $phpinfo = trim($phpinfo); diff --git a/phpBB/includes/acp/acp_prune.php b/phpBB/includes/acp/acp_prune.php index 7eeb37133f..ffe20f86f5 100644 --- a/phpBB/includes/acp/acp_prune.php +++ b/phpBB/includes/acp/acp_prune.php @@ -315,8 +315,8 @@ class acp_prune 'mode' => $mode, 'prune' => 1, - 'users' => request_var('users', '', true), - 'username' => request_var('username', '', true), + 'users' => utf8_normalize_nfc(request_var('users', '', true)), + 'username' => utf8_normalize_nfc(request_var('username', '', true)), 'email' => request_var('email', ''), 'joined_select' => request_var('joined_select', ''), 'joined' => request_var('joined', ''), @@ -369,7 +369,7 @@ class acp_prune { global $user, $db; - $users = request_var('users', '', true); + $users = utf8_normalize_nfc(request_var('users', '', true)); if ($users) { @@ -378,7 +378,7 @@ class acp_prune } else { - $username = request_var('username', '', true); + $username = utf8_normalize_nfc(request_var('username', '', true)); $email = request_var('email', ''); $joined_select = request_var('joined_select', 'lt'); diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index bd64f1e89e..1f10893781 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -191,24 +191,31 @@ class acp_users trigger_error($user->lang['CANNOT_REMOVE_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } - if (confirm_box(true)) + if ($delete_type) { - user_delete($delete_type, $user_id, $user_row['username']); + if (confirm_box(true)) + { + user_delete($delete_type, $user_id, $user_row['username']); - add_log('admin', 'LOG_USER_DELETED', $user_row['username']); - trigger_error($user->lang['USER_DELETED'] . adm_back_link($this->u_action)); + add_log('admin', 'LOG_USER_DELETED', $user_row['username']); + trigger_error($user->lang['USER_DELETED'] . adm_back_link($this->u_action)); + } + else + { + confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( + 'u' => $user_id, + 'i' => $id, + 'mode' => $mode, + 'action' => $action, + 'update' => true, + 'delete' => 1, + 'delete_type' => $delete_type)) + ); + } } else { - confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( - 'u' => $user_id, - 'i' => $id, - 'mode' => $mode, - 'action' => $action, - 'update' => true, - 'delete' => 1, - 'delete_type' => $delete_type)) - ); + trigger_error($user->lang['NO_MODE'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } } @@ -224,6 +231,11 @@ class acp_users trigger_error($user->lang['CANNOT_BAN_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } + if ($user_id == ANONYMOUS) + { + trigger_error($user->lang['CANNOT_BAN_ANONYMOUS'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); + } + if ($user_row['user_type'] == USER_FOUNDER) { trigger_error($user->lang['CANNOT_BAN_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); @@ -1699,7 +1711,7 @@ class acp_users trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } - if (avatar_process_user($error, $user_row)) + if (avatar_process_user($error, $user_row, $can_upload)) { trigger_error($user->lang['USER_AVATAR_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_row['user_id'])); } diff --git a/phpBB/includes/acp/info/acp_board.php b/phpBB/includes/acp/info/acp_board.php index 58b650650c..3e18f55940 100644 --- a/phpBB/includes/acp/info/acp_board.php +++ b/phpBB/includes/acp/info/acp_board.php @@ -24,7 +24,7 @@ class acp_board_info 'features' => array('title' => 'ACP_BOARD_FEATURES', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION')), 'avatar' => array('title' => 'ACP_AVATAR_SETTINGS', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION')), 'message' => array('title' => 'ACP_MESSAGE_SETTINGS', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION', 'ACP_MESSAGES')), - 'post' => array('title' => 'ACP_POST_SETTINGS', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION')), + 'post' => array('title' => 'ACP_POST_SETTINGS', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION', 'ACP_MESSAGES')), 'signature' => array('title' => 'ACP_SIGNATURE_SETTINGS', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION')), 'feed' => array('title' => 'ACP_FEED_SETTINGS', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION')), 'registration' => array('title' => 'ACP_REGISTER_SETTINGS', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION')), diff --git a/phpBB/includes/auth/auth_ldap.php b/phpBB/includes/auth/auth_ldap.php index a6092baba5..e8c957aaa3 100644 --- a/phpBB/includes/auth/auth_ldap.php +++ b/phpBB/includes/auth/auth_ldap.php @@ -74,7 +74,7 @@ function init_ldap() if ($search === false) { - return $user->lang['LDAP_NO_SERVER_CONNECTION']; + return $user->lang['LDAP_SEARCH_FAILED']; } $result = @ldap_get_entries($ldap, $search); diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index 8d31eaba7f..ff572869e2 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -117,6 +117,10 @@ define('NOTIFY_EMAIL', 0); define('NOTIFY_IM', 1); define('NOTIFY_BOTH', 2); +// Notify status +define('NOTIFY_YES', 0); +define('NOTIFY_NO', 1); + // Email Priority Settings define('MAIL_LOW_PRIORITY', 4); define('MAIL_NORMAL_PRIORITY', 3); diff --git a/phpBB/includes/db/oracle.php b/phpBB/includes/db/oracle.php index 25df029ea3..c8a9a5f604 100644 --- a/phpBB/includes/db/oracle.php +++ b/phpBB/includes/db/oracle.php @@ -269,6 +269,10 @@ class dbal_oracle extends dbal { $cols = explode(', ', $regs[2]); +/* The code inside this comment block breaks clob handling, but does allow the + database restore script to work. If you want to allow no posts longer than 4KB + and/or need the db restore script, uncomment this. + preg_match_all('/\'(?:[^\']++|\'\')*+\'|[\d-.]+/', $regs[3], $vals, PREG_PATTERN_ORDER); if (sizeof($cols) !== sizeof($vals)) @@ -318,6 +322,7 @@ class dbal_oracle extends dbal $vals = array(0 => $vals); } +*/ $inserts = $vals[0]; unset($vals); diff --git a/phpBB/includes/db/postgres.php b/phpBB/includes/db/postgres.php index 079419ff20..4360c790a1 100644 --- a/phpBB/includes/db/postgres.php +++ b/phpBB/includes/db/postgres.php @@ -46,7 +46,10 @@ class dbal_postgres extends dbal if ($sqlserver) { - if (strpos($sqlserver, ':') !== false) + // $sqlserver can carry a port separated by : for compatibility reasons + // If $sqlserver has more than one : it's probably an IPv6 address. + // In this case we only allow passing a port via the $port variable. + if (substr_count($sqlserver, ':') === 1) { list($sqlserver, $port) = explode(':', $sqlserver); } diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 36f5093e1f..9c74a524ee 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1660,10 +1660,11 @@ function get_complete_topic_tracking($forum_id, $topic_ids, $global_announce_lis * @param string $sql_extra Extra WHERE SQL statement * @param string $sql_sort ORDER BY SQL sorting statement * @param string $sql_limit Limits the size of unread topics list, 0 for unlimited query +* @param string $sql_limit_offset Sets the offset of the first row to search, 0 to search from the start * * @return array[int][int] Topic ids as keys, mark_time of topic as value */ -function get_unread_topics($user_id = false, $sql_extra = '', $sql_sort = '', $sql_limit = 1001) +function get_unread_topics($user_id = false, $sql_extra = '', $sql_sort = '', $sql_limit = 1001, $sql_limit_offset = 0) { global $config, $db, $user; @@ -1709,7 +1710,7 @@ function get_unread_topics($user_id = false, $sql_extra = '', $sql_sort = '', $s ); $sql = $db->sql_build_query('SELECT', $sql_array); - $result = $db->sql_query_limit($sql, $sql_limit); + $result = $db->sql_query_limit($sql, $sql_limit, $sql_limit_offset); while ($row = $db->sql_fetchrow($result)) { @@ -1742,7 +1743,7 @@ function get_unread_topics($user_id = false, $sql_extra = '', $sql_sort = '', $s WHERE t.topic_last_post_time > ' . $user_lastmark . " $sql_extra $sql_sort"; - $result = $db->sql_query_limit($sql, $sql_limit); + $result = $db->sql_query_limit($sql, $sql_limit, $sql_limit_offset); while ($row = $db->sql_fetchrow($result)) { @@ -2578,6 +2579,47 @@ function meta_refresh($time, $url, $disable_cd_check = false) return $url; } +/** +* Outputs correct status line header. +* +* Depending on php sapi one of the two following forms is used: +* +* Status: 404 Not Found +* +* HTTP/1.x 404 Not Found +* +* HTTP version is taken from HTTP_VERSION environment variable, +* and defaults to 1.0. +* +* Sample usage: +* +* send_status_line(404, 'Not Found'); +* +* @param int $code HTTP status code +* @param string $message Message for the status code +* @return void +*/ +function send_status_line($code, $message) +{ + if (substr(strtolower(@php_sapi_name()), 0, 3) === 'cgi') + { + // in theory, we shouldn't need that due to php doing it. Reality offers a differing opinion, though + header("Status: $code $message", true, $code); + } + else + { + if (isset($_SERVER['HTTP_VERSION'])) + { + $version = $_SERVER['HTTP_VERSION']; + } + else + { + $version = 'HTTP/1.0'; + } + header("$version $code $message", true, $code); + } +} + //Form validation @@ -3335,7 +3377,7 @@ function get_preg_expression($mode) break; case 'ipv6': - return '#^(?:(?:(?:[\dA-F]{1,4}:){6}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:::(?:[\dA-F]{1,4}:){5}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:):(?:[\dA-F]{1,4}:){4}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,2}:(?:[\dA-F]{1,4}:){3}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,3}:(?:[\dA-F]{1,4}:){2}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,4}:(?:[\dA-F]{1,4}:)(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,5}:(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,6}:[\dA-F]{1,4})|(?:(?:[\dA-F]{1,4}:){1,7}:))$#i'; + return '#^(?:(?:(?:[\dA-F]{1,4}:){6}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:::(?:[\dA-F]{1,4}:){0,5}(?:[\dA-F]{1,4}(?::[\dA-F]{1,4})?|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:):(?:[\dA-F]{1,4}:){4}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,2}:(?:[\dA-F]{1,4}:){3}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,3}:(?:[\dA-F]{1,4}:){2}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,4}:(?:[\dA-F]{1,4}:)(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,5}:(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,6}:[\dA-F]{1,4})|(?:(?:[\dA-F]{1,4}:){1,7}:)|(?:::))$#i'; break; case 'url': @@ -3621,6 +3663,11 @@ function msg_handler($errno, $msg_text, $errfile, $errline) $user->setup(); } + if ($msg_text == 'ERROR_NO_ATTACHMENT' || $msg_text == 'NO_FORUM' || $msg_text == 'NO_TOPIC' || $msg_text == 'NO_USER') + { + send_status_line(404, 'Not Found'); + } + $msg_text = (!empty($user->lang[$msg_text])) ? $user->lang[$msg_text] : $msg_text; $msg_title = (!isset($msg_title)) ? $user->lang['INFORMATION'] : ((!empty($user->lang[$msg_title])) ? $user->lang[$msg_title] : $msg_title); @@ -4271,7 +4318,7 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0 'T_ICONS_PATH' => "{$web_path}{$config['icons_path']}/", 'T_RANKS_PATH' => "{$web_path}{$config['ranks_path']}/", 'T_UPLOAD_PATH' => "{$web_path}{$config['upload_path']}/", - 'T_STYLESHEET_LINK' => (!$user->theme['theme_storedb']) ? "{$web_path}styles/" . $user->theme['theme_path'] . '/theme/stylesheet.css' : append_sid("{$phpbb_root_path}style.$phpEx", 'id=' . $user->theme['style_id'] . '&lang=' . $user->data['user_lang'], true, $user->session_id), + 'T_STYLESHEET_LINK' => (!$user->theme['theme_storedb']) ? "{$web_path}styles/" . $user->theme['theme_path'] . '/theme/stylesheet.css' : append_sid("{$phpbb_root_path}style.$phpEx", 'id=' . $user->theme['style_id'] . '&lang=' . $user->data['user_lang']), 'T_STYLESHEET_NAME' => $user->theme['theme_name'], 'T_THEME_NAME' => $user->theme['theme_path'], diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php index 93244be55c..4cd2962e3b 100644 --- a/phpBB/includes/functions_admin.php +++ b/phpBB/includes/functions_admin.php @@ -96,16 +96,12 @@ function make_forum_select($select_id = false, $ignore_id = false, $ignore_acl = $right = $row['right_id']; $disabled = false; - if (!$ignore_acl && $auth->acl_get('f_list', $row['forum_id'])) + if (!$ignore_acl && $auth->acl_gets(array('f_list', 'a_forum', 'a_forumadd', 'a_forumdel'), $row['forum_id'])) { if ($only_acl_post && !$auth->acl_get('f_post', $row['forum_id']) || (!$auth->acl_get('m_approve', $row['forum_id']) && !$auth->acl_get('f_noapprove', $row['forum_id']))) { $disabled = true; } - else if (!$only_acl_post && !$auth->acl_gets(array('f_list', 'a_forum', 'a_forumadd', 'a_forumdel'), $row['forum_id'])) - { - $disabled = true; - } } else if (!$ignore_acl) { @@ -675,7 +671,7 @@ function delete_topics($where_type, $where_ids, $auto_sync = true, $post_count_s $db->sql_transaction('begin'); - $table_ary = array(TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, POLL_VOTES_TABLE, POLL_OPTIONS_TABLE, TOPICS_WATCH_TABLE, TOPICS_TABLE); + $table_ary = array(BOOKMARKS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, POLL_VOTES_TABLE, POLL_OPTIONS_TABLE, TOPICS_WATCH_TABLE, TOPICS_TABLE); foreach ($table_ary as $table) { diff --git a/phpBB/includes/functions_convert.php b/phpBB/includes/functions_convert.php index 0fdae9b274..c035fd3739 100644 --- a/phpBB/includes/functions_convert.php +++ b/phpBB/includes/functions_convert.php @@ -1025,6 +1025,9 @@ function set_user_options() 'bbcode' => array('bit' => 8, 'default' => 1), 'smilies' => array('bit' => 9, 'default' => 1), 'popuppm' => array('bit' => 10, 'default' => 0), + 'sig_bbcode' => array('bit' => 15, 'default' => 1), + 'sig_smilies' => array('bit' => 16, 'default' => 1), + 'sig_links' => array('bit' => 17, 'default' => 1), ); $option_field = 0; diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php index ea77551fc4..5e6239b070 100644 --- a/phpBB/includes/functions_display.php +++ b/phpBB/includes/functions_display.php @@ -969,11 +969,16 @@ function display_user_activity(&$userdata) $forum_ary = array_unique($forum_ary); $forum_sql = (sizeof($forum_ary)) ? 'AND ' . $db->sql_in_set('forum_id', $forum_ary, true) : ''; + $fid_m_approve = $auth->acl_getf('m_approve', true); + $sql_m_approve = (!empty($fid_m_approve)) ? 'OR ' . $db->sql_in_set('forum_id', array_keys($fid_m_approve)) : ''; + // Obtain active forum $sql = 'SELECT forum_id, COUNT(post_id) AS num_posts FROM ' . POSTS_TABLE . ' WHERE poster_id = ' . $userdata['user_id'] . " AND post_postcount = 1 + AND (post_approved = 1 + $sql_m_approve) $forum_sql GROUP BY forum_id ORDER BY num_posts DESC"; @@ -996,6 +1001,8 @@ function display_user_activity(&$userdata) FROM ' . POSTS_TABLE . ' WHERE poster_id = ' . $userdata['user_id'] . " AND post_postcount = 1 + AND (post_approved = 1 + $sql_m_approve) $forum_sql GROUP BY topic_id ORDER BY num_posts DESC"; @@ -1112,10 +1119,10 @@ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id, { $is_watching = true; - if ($notify_status) + if ($notify_status != NOTIFY_YES) { $sql = 'UPDATE ' . $table_sql . " - SET notify_status = 0 + SET notify_status = " . NOTIFY_YES . " WHERE $where_sql = $match_id AND user_id = $user_id"; $db->sql_query($sql); @@ -1134,7 +1141,7 @@ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id, $is_watching = true; $sql = 'INSERT INTO ' . $table_sql . " (user_id, $where_sql, notify_status) - VALUES ($user_id, $match_id, 0)"; + VALUES ($user_id, $match_id, " . NOTIFY_YES . ')'; $db->sql_query($sql); $message = $user->lang['ARE_WATCHING_' . strtoupper($mode)] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>'); } diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index 21c5fe7aca..f6f90575d4 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -348,7 +348,7 @@ function posting_gen_topic_types($forum_id, $cur_topic_type = POST_NORMAL) { $topic_type_array = array_merge(array(0 => array( 'VALUE' => POST_NORMAL, - 'S_CHECKED' => ($topic_type == POST_NORMAL) ? ' checked="checked"' : '', + 'S_CHECKED' => ($cur_topic_type == POST_NORMAL) ? ' checked="checked"' : '', 'L_TOPIC_TYPE' => $user->lang['POST_NORMAL'])), $topic_type_array @@ -1146,7 +1146,7 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id } } - unset($rowset[$i]); + unset($rowset[$post_list[$i]]); } if ($mode == 'topic_review') @@ -1201,8 +1201,8 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id FROM ' . (($topic_notification) ? TOPICS_WATCH_TABLE : FORUMS_WATCH_TABLE) . ' w, ' . USERS_TABLE . ' u WHERE w.' . (($topic_notification) ? 'topic_id' : 'forum_id') . ' = ' . (($topic_notification) ? $topic_id : $forum_id) . " AND w.user_id NOT IN ($sql_ignore_users) - AND w.notify_status = 0 - AND u.user_type IN (" . USER_NORMAL . ', ' . USER_FOUNDER . ') + AND w.notify_status = " . NOTIFY_YES . ' + AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ') AND u.user_id = w.user_id'; $result = $db->sql_query($sql); @@ -1234,8 +1234,8 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id FROM ' . FORUMS_WATCH_TABLE . ' fw, ' . USERS_TABLE . " u WHERE fw.forum_id = $forum_id AND fw.user_id NOT IN ($sql_ignore_users) - AND fw.notify_status = 0 - AND u.user_type IN (" . USER_NORMAL . ', ' . USER_FOUNDER . ') + AND fw.notify_status = " . NOTIFY_YES . ' + AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ') AND u.user_id = fw.user_id'; $result = $db->sql_query($sql); @@ -1344,8 +1344,8 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id if (!empty($update_notification['topic'])) { - $sql = 'UPDATE ' . TOPICS_WATCH_TABLE . " - SET notify_status = 1 + $sql = 'UPDATE ' . TOPICS_WATCH_TABLE . ' + SET notify_status = ' . NOTIFY_NO . " WHERE topic_id = $topic_id AND " . $db->sql_in_set('user_id', $update_notification['topic']); $db->sql_query($sql); @@ -1353,8 +1353,8 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id if (!empty($update_notification['forum'])) { - $sql = 'UPDATE ' . FORUMS_WATCH_TABLE . " - SET notify_status = 1 + $sql = 'UPDATE ' . FORUMS_WATCH_TABLE . ' + SET notify_status = ' . NOTIFY_NO . " WHERE forum_id = $forum_id AND " . $db->sql_in_set('user_id', $update_notification['forum']); $db->sql_query($sql); diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 21e82030ee..6f6d7526b7 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -297,6 +297,7 @@ function user_add($user_row, $cp_data = false) if ($config['new_member_group_default']) { group_user_add($add_group_id, $user_id, false, false, true); + $user_row['group_id'] = $add_group_id; } else { @@ -527,7 +528,7 @@ function user_delete($mode, $user_id, $post_username = false) $db->sql_transaction('begin'); - $table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE, PROFILE_FIELDS_DATA_TABLE, MODERATOR_CACHE_TABLE, DRAFTS_TABLE, BOOKMARKS_TABLE, SESSIONS_KEYS_TABLE); + $table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE, PROFILE_FIELDS_DATA_TABLE, MODERATOR_CACHE_TABLE, DRAFTS_TABLE, BOOKMARKS_TABLE, SESSIONS_KEYS_TABLE, PRIVMSGS_FOLDER_TABLE, PRIVMSGS_RULES_TABLE); foreach ($table_ary as $table) { @@ -836,14 +837,15 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas FROM ' . USERS_TABLE . ' WHERE ' . $db->sql_in_set('username_clean', $sql_usernames); - // Do not allow banning yourself + // Do not allow banning yourself, the guest account, or founders. + $non_bannable = array($user->data['user_id'], ANONYMOUS); if (sizeof($founder)) { - $sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), array($user->data['user_id'])), true); + $sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), $non_bannable), true); } else { - $sql .= ' AND user_id <> ' . $user->data['user_id']; + $sql .= ' AND ' . $db->sql_in_set('user_id', $non_bannable, true); } $result = $db->sql_query($sql); @@ -2283,7 +2285,7 @@ function avatar_get_dimensions($avatar, $avatar_type, &$error, $current_x = 0, $ /** * Uploading/Changing user avatar */ -function avatar_process_user(&$error, $custom_userdata = false) +function avatar_process_user(&$error, $custom_userdata = false, $can_upload = null) { global $config, $phpbb_root_path, $auth, $user, $db; @@ -2322,7 +2324,10 @@ function avatar_process_user(&$error, $custom_userdata = false) $avatar_select = basename(request_var('avatar_select', '')); // Can we upload? - $can_upload = ($config['allow_avatar_upload'] && file_exists($phpbb_root_path . $config['avatar_path']) && @is_writable($phpbb_root_path . $config['avatar_path']) && $change_avatar && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on')) ? true : false; + if (is_null($can_upload)) + { + $can_upload = ($config['allow_avatar_upload'] && file_exists($phpbb_root_path . $config['avatar_path']) && @is_writable($phpbb_root_path . $config['avatar_path']) && $change_avatar && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on')) ? true : false; + } if ((!empty($_FILES['uploadfile']['name']) || $data['uploadurl']) && $can_upload) { diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 0a01b4e73b..e157053e61 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -2134,9 +2134,9 @@ class user extends session // Zone offset $zone_offset = $this->timezone + $this->dst; - // Show date <= 1 hour ago as 'xx min ago' + // Show date <= 1 hour ago as 'xx min ago' but not greater than 60 seconds in the future // A small tolerence is given for times in the future but in the same minute are displayed as '< than a minute ago' - if ($delta <= 3600 && ($delta >= -5 || (($now / 60) % 60) == (($gmepoch / 60) % 60)) && $date_cache[$format]['is_short'] !== false && !$forcedate && isset($this->lang['datetime']['AGO'])) + if ($delta <= 3600 && $delta > -60 && ($delta >= -5 || (($now / 60) % 60) == (($gmepoch / 60) % 60)) && $date_cache[$format]['is_short'] !== false && !$forcedate && isset($this->lang['datetime']['AGO'])) { return $this->lang(array('datetime', 'AGO'), max(0, (int) floor($delta / 60))); } diff --git a/phpBB/includes/ucp/ucp_pm_viewfolder.php b/phpBB/includes/ucp/ucp_pm_viewfolder.php index 665dd2c83f..6b7172ca2b 100644 --- a/phpBB/includes/ucp/ucp_pm_viewfolder.php +++ b/phpBB/includes/ucp/ucp_pm_viewfolder.php @@ -170,10 +170,12 @@ function view_folder($id, $mode, $folder_id, $folder) 'ATTACH_ICON_IMG' => ($auth->acl_get('u_pm_download') && $row['message_attachment'] && $config['allow_pm_attach']) ? $user->img('icon_topic_attach', $user->lang['TOTAL_ATTACHMENTS']) : '', 'S_PM_DELETED' => ($row['pm_deleted']) ? true : false, + 'S_PM_REPORTED' => (isset($row['report_id'])) ? true : false, 'S_AUTHOR_DELETED' => ($row['author_id'] == ANONYMOUS) ? true : false, 'U_VIEW_PM' => ($row['pm_deleted']) ? '' : $view_message_url, 'U_REMOVE_PM' => ($row['pm_deleted']) ? $remove_message_url : '', + 'U_MCP_REPORT' => (isset($row['report_id'])) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=pm_reports&mode=pm_report_details&r=' . $row['report_id']) : '', 'RECIPIENTS' => ($folder_id == PRIVMSGS_OUTBOX || $folder_id == PRIVMSGS_SENTBOX) ? implode(', ', $address_list[$message_id]) : '') ); } @@ -183,6 +185,7 @@ function view_folder($id, $mode, $folder_id, $folder) 'S_SHOW_RECIPIENTS' => ($folder_id == PRIVMSGS_OUTBOX || $folder_id == PRIVMSGS_SENTBOX) ? true : false, 'S_SHOW_COLOUR_LEGEND' => true, + 'REPORTED_IMG' => $user->img('icon_topic_reported', 'PM_REPORTED'), 'S_PM_ICONS' => ($config['enable_pm_icons']) ? true : false) ); } @@ -502,7 +505,7 @@ function get_pm_from($folder_id, $folder, $user_id) $sql_sort_order = $sort_by_sql[$sort_key] . ' ' . $direction; } - $sql = 'SELECT t.*, p.root_level, p.message_time, p.message_subject, p.icon_id, p.to_address, p.message_attachment, p.bcc_address, u.username, u.username_clean, u.user_colour + $sql = 'SELECT t.*, p.root_level, p.message_time, p.message_subject, p.icon_id, p.to_address, p.message_attachment, p.bcc_address, u.username, u.username_clean, u.user_colour, p.message_reported FROM ' . PRIVMSGS_TO_TABLE . ' t, ' . PRIVMSGS_TABLE . ' p, ' . USERS_TABLE . " u WHERE t.user_id = $user_id AND p.author_id = u.user_id @@ -512,13 +515,34 @@ function get_pm_from($folder_id, $folder, $user_id) ORDER BY $sql_sort_order"; $result = $db->sql_query_limit($sql, $sql_limit, $sql_start); + $pm_reported = array(); while ($row = $db->sql_fetchrow($result)) { $rowset[$row['msg_id']] = $row; $pm_list[] = $row['msg_id']; + if ($row['message_reported']) + { + $pm_reported[] = $row['msg_id']; + } } $db->sql_freeresult($result); + // Fetch the report_ids, if there are any reported pms. + if (!empty($pm_reported) && $auth->acl_getf_global('m_report')) + { + $sql = 'SELECT pm_id, report_id + FROM ' . REPORTS_TABLE . ' + WHERE report_closed = 0 + AND ' . $db->sql_in_set('pm_id', $pm_reported); + $result = $db->sql_query($sql); + + while ($row = $db->sql_fetchrow($result)) + { + $rowset[$row['pm_id']]['report_id'] = $row['report_id']; + } + $db->sql_freeresult($result); + } + $pm_list = ($store_reverse) ? array_reverse($pm_list) : $pm_list; return array( diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php index f4f4abad4a..363a4803b6 100644 --- a/phpBB/includes/ucp/ucp_profile.php +++ b/phpBB/includes/ucp/ucp_profile.php @@ -572,7 +572,7 @@ class ucp_profile { if (check_form_key('ucp_avatar')) { - if (avatar_process_user($error)) + if (avatar_process_user($error, false, $can_upload)) { meta_refresh(3, $this->u_action); $message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); |