diff options
Diffstat (limited to 'phpBB/includes')
33 files changed, 440 insertions, 139 deletions
diff --git a/phpBB/includes/acm/acm_file.php b/phpBB/includes/acm/acm_file.php index 5a758aa2bb..5c1876d006 100644 --- a/phpBB/includes/acm/acm_file.php +++ b/phpBB/includes/acm/acm_file.php @@ -78,8 +78,14 @@ class acm if (!$this->_write('data_global')) { + if (!function_exists('phpbb_is_writable')) + { + global $phpbb_root_path; + include($phpbb_root_path . 'includes/functions.' . $phpEx); + } + // Now, this occurred how often? ... phew, just tell the user then... - if (!@is_writable($this->cache_dir)) + if (!phpbb_is_writable($this->cache_dir)) { // We need to use die() here, because else we may encounter an infinite loop (the message handler calls $cache->unload()) die($this->cache_dir . ' is NOT writable.'); @@ -707,7 +713,13 @@ class acm */ function remove_file($filename, $check = false) { - if ($check && !@is_writable($this->cache_dir)) + if (!function_exists('phpbb_is_writable')) + { + global $phpbb_root_path, $phpEx; + include($phpbb_root_path . 'includes/functions.' . $phpEx); + } + + if ($check && !phpbb_is_writable($this->cache_dir)) { // E_USER_ERROR - not using language entry - intended. trigger_error('Unable to remove files within ' . $this->cache_dir . '. Please check directory permissions.', E_USER_ERROR); diff --git a/phpBB/includes/acm/acm_memory.php b/phpBB/includes/acm/acm_memory.php index efbfd4dd62..2936ea0bae 100644 --- a/phpBB/includes/acm/acm_memory.php +++ b/phpBB/includes/acm/acm_memory.php @@ -407,7 +407,13 @@ class acm_memory */ function remove_file($filename, $check = false) { - if ($check && !@is_writable($this->cache_dir)) + if (!function_exists('phpbb_is_writable')) + { + global $phpbb_root_path, $phpEx; + include($phpbb_root_path . 'includes/functions.' . $phpEx); + } + + if ($check && !phpbb_is_writable($this->cache_dir)) { // E_USER_ERROR - not using language entry - intended. trigger_error('Unable to remove files within ' . $this->cache_dir . '. Please check directory permissions.', E_USER_ERROR); diff --git a/phpBB/includes/acp/acp_attachments.php b/phpBB/includes/acp/acp_attachments.php index 980558c830..fc5f44e14f 100644 --- a/phpBB/includes/acp/acp_attachments.php +++ b/phpBB/includes/acp/acp_attachments.php @@ -1222,7 +1222,7 @@ class acp_attachments return; } - if (!is_writable($phpbb_root_path . $upload_dir)) + if (!phpbb_is_writable($phpbb_root_path . $upload_dir)) { $error[] = sprintf($user->lang['NO_WRITE_UPLOAD'], $upload_dir); return; diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index 927e72010e..a5e80e1f6d 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -319,6 +319,7 @@ class acp_board 'load_online_guests' => array('lang' => 'YES_ONLINE_GUESTS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'load_onlinetrack' => array('lang' => 'YES_ONLINE_TRACK', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'load_birthdays' => array('lang' => 'YES_BIRTHDAYS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), + 'load_unreads_search' => array('lang' => 'YES_UNREAD_SEARCH', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), 'load_moderators' => array('lang' => 'YES_MODERATORS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), 'load_jumpbox' => array('lang' => 'YES_JUMPBOX', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), 'load_user_activity' => array('lang' => 'LOAD_USER_ACTIVITY', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), diff --git a/phpBB/includes/acp/acp_forums.php b/phpBB/includes/acp/acp_forums.php index f2f1bd80e2..4d9b9f01e0 100644 --- a/phpBB/includes/acp/acp_forums.php +++ b/phpBB/includes/acp/acp_forums.php @@ -1642,6 +1642,9 @@ class acp_forums delete_attachments('topic', $topic_ids, false); + // Delete shadow topics pointing to topics in this forum + delete_topic_shadows($forum_id); + // Before we remove anything we make sure we are able to adjust the post counts later. ;) $sql = 'SELECT poster_id FROM ' . POSTS_TABLE . ' diff --git a/phpBB/includes/acp/acp_groups.php b/phpBB/includes/acp/acp_groups.php index 3df61ff4e2..60512c67b8 100644 --- a/phpBB/includes/acp/acp_groups.php +++ b/phpBB/includes/acp/acp_groups.php @@ -49,7 +49,7 @@ class acp_groups // Clear some vars - $can_upload = (file_exists($phpbb_root_path . $config['avatar_path']) && @is_writable($phpbb_root_path . $config['avatar_path']) && $file_uploads) ? true : false; + $can_upload = (file_exists($phpbb_root_path . $config['avatar_path']) && phpbb_is_writable($phpbb_root_path . $config['avatar_path']) && $file_uploads) ? true : false; $group_row = array(); // Grab basic data for group, if group_id is set and exists diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php index 3310560c73..2ccc728031 100644 --- a/phpBB/includes/acp/acp_styles.php +++ b/phpBB/includes/acp/acp_styles.php @@ -748,7 +748,7 @@ parse_css_file = {PARSE_CSS_FILE} $additional = ''; // If the template is stored on the filesystem try to write the file else store it in the database - if (!$safe_mode && !$template_info['template_storedb'] && file_exists($file) && @is_writable($file)) + if (!$safe_mode && !$template_info['template_storedb'] && file_exists($file) && phpbb_is_writable($file)) { if (!($fp = @fopen($file, 'wb'))) { @@ -1155,7 +1155,7 @@ parse_css_file = {PARSE_CSS_FILE} $message = $user->lang['THEME_UPDATED']; // If the theme is stored on the filesystem try to write the file else store it in the database - if (!$safe_mode && !$theme_info['theme_storedb'] && file_exists($file) && @is_writable($file)) + if (!$safe_mode && !$theme_info['theme_storedb'] && file_exists($file) && phpbb_is_writable($file)) { if (!($fp = @fopen($file, 'wb'))) { @@ -2040,23 +2040,18 @@ parse_css_file = {PARSE_CSS_FILE} { case 'tar': $ext = '.tar'; - $mimetype = 'x-tar'; - $compress = 'compress_tar'; break; case 'zip': $ext = '.zip'; - $mimetype = 'zip'; break; case 'tar.gz': $ext = '.tar.gz'; - $mimetype = 'x-gzip'; break; case 'tar.bz2': $ext = '.tar.bz2'; - $mimetype = 'x-bzip2'; break; default: @@ -2246,7 +2241,7 @@ parse_css_file = {PARSE_CSS_FILE} { // a rather elaborate check we have to do here once to avoid trouble later $check = "{$phpbb_root_path}styles/" . $style_row["{$mode}_path"] . (($mode === 'theme') ? '/theme/stylesheet.css' : '/template'); - if (($style_row["{$mode}_storedb"] != $store_db) && !$store_db && ($safe_mode || !@is_writable($check))) + if (($style_row["{$mode}_storedb"] != $store_db) && !$store_db && ($safe_mode || !phpbb_is_writable($check))) { $error[] = $user->lang['EDIT_' . strtoupper($mode) . '_STORED_DB']; $store_db = 1; @@ -2326,7 +2321,7 @@ parse_css_file = {PARSE_CSS_FILE} { $theme_data = $this->db_theme_data($style_row); } - else if (!$store_db && !$safe_mode && @is_writable("{$phpbb_root_path}styles/{$style_row['theme_path']}/theme/stylesheet.css")) + else if (!$store_db && !$safe_mode && phpbb_is_writable("{$phpbb_root_path}styles/{$style_row['theme_path']}/theme/stylesheet.css")) { $store_db = 1; $theme_data = $style_row['theme_data']; @@ -2357,7 +2352,7 @@ parse_css_file = {PARSE_CSS_FILE} } else { - if (!$store_db && !$safe_mode && @is_writable("{$phpbb_root_path}styles/{$style_row['template_path']}/template")) + if (!$store_db && !$safe_mode && phpbb_is_writable("{$phpbb_root_path}styles/{$style_row['template_path']}/template")) { $err = $this->store_in_fs('template', $style_row['template_id']); if ($err) @@ -2531,13 +2526,21 @@ parse_css_file = {PARSE_CSS_FILE} // Match CSS imports $matches = array(); - preg_match_all('/@import url\(["\'](.*)["\']\);/i', $stylesheet, $matches); + preg_match_all('/@import url\((["\'])(.*)\1\);/i', $stylesheet, $matches); + + // remove commented stylesheets (very simple parser, allows only whitespace + // around an @import statement) + preg_match_all('#/\*\s*@import url\((["\'])(.*)\1\);\s\*/#i', $stylesheet, $commented); + $matches[2] = array_diff($matches[2], $commented[2]); if (sizeof($matches)) { foreach ($matches[0] as $idx => $match) { - $stylesheet = str_replace($match, acp_styles::load_css_file($theme_row['theme_path'], $matches[1][$idx]), $stylesheet); + if (isset($matches[2][$idx])) + { + $stylesheet = str_replace($match, acp_styles::load_css_file($theme_row['theme_path'], $matches[2][$idx]), $stylesheet); + } } } @@ -3728,7 +3731,7 @@ parse_css_file = {PARSE_CSS_FILE} $store_db = 0; $error = array(); - if (!$safe_mode && @is_writable("{$phpbb_root_path}styles/{$path}/template")) + if (!$safe_mode && phpbb_is_writable("{$phpbb_root_path}styles/{$path}/template")) { $sql = 'SELECT * FROM ' . STYLES_TEMPLATE_DATA_TABLE . " diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index 1f10893781..6be0760be0 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -319,10 +319,7 @@ class acp_users $server_url = generate_board_url(); - $user_actkey = gen_rand_string(10); - $key_len = 54 - (strlen($server_url)); - $key_len = ($key_len > 6) ? $key_len : 6; - $user_actkey = substr($user_actkey, 0, $key_len); + $user_actkey = gen_rand_string(mt_rand(6, 10)); $email_template = ($user_row['user_type'] == USER_NORMAL) ? 'user_reactivate_account' : 'user_resend_inactive'; if ($user_row['user_type'] == USER_NORMAL) @@ -1701,7 +1698,7 @@ class acp_users include($phpbb_root_path . 'includes/functions_display.' . $phpEx); include($phpbb_root_path . 'includes/functions_user.' . $phpEx); - $can_upload = (file_exists($phpbb_root_path . $config['avatar_path']) && @is_writable($phpbb_root_path . $config['avatar_path']) && $file_uploads) ? true : false; + $can_upload = (file_exists($phpbb_root_path . $config['avatar_path']) && phpbb_is_writable($phpbb_root_path . $config['avatar_path']) && $file_uploads) ? true : false; if ($submit) { diff --git a/phpBB/includes/cache.php b/phpBB/includes/cache.php index 6b1e078ca4..b50fab4ca2 100644 --- a/phpBB/includes/cache.php +++ b/phpBB/includes/cache.php @@ -88,7 +88,14 @@ class cache extends acm { if ($unicode) { - $censors['match'][] = '#(?<![\p{Nd}\p{L}_])(' . str_replace('\*', '[\p{Nd}\p{L}_]*?', preg_quote($row['word'], '#')) . ')(?![\p{Nd}\p{L}_])#iu'; + // Unescape the asterisk to simplify further conversions + $row['word'] = str_replace('\*', '*', preg_quote($row['word'], '#')); + + // Replace the asterisk inside the pattern, at the start and at the end of it with regexes + $row['word'] = preg_replace(array('#(?<=[\p{Nd}\p{L}_])\*(?=[\p{Nd}\p{L}_])#iu', '#^\*#', '#\*$#'), array('([\x20]*?|[\p{Nd}\p{L}_-]*?)', '[\p{Nd}\p{L}_-]*?', '[\p{Nd}\p{L}_-]*?'), $row['word']); + + // Generate the final substitution + $censors['match'][] = '#(?<![\p{Nd}\p{L}_-])(' . $row['word'] . ')(?![\p{Nd}\p{L}_-])#iu'; } else { diff --git a/phpBB/includes/captcha/plugins/captcha_abstract.php b/phpBB/includes/captcha/plugins/captcha_abstract.php index e7b8742b05..21cacd730c 100644 --- a/phpBB/includes/captcha/plugins/captcha_abstract.php +++ b/phpBB/includes/captcha/plugins/captcha_abstract.php @@ -59,7 +59,7 @@ class phpbb_default_captcha { global $user; - $this->code = gen_rand_string(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS)); + $this->code = gen_rand_string_friendly(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS)); $this->seed = hexdec(substr(unique_id(), 4, 10)); // compute $seed % 0x7fffffff @@ -235,7 +235,7 @@ class phpbb_default_captcha { global $db, $user; - $this->code = gen_rand_string(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS)); + $this->code = gen_rand_string_friendly(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS)); $this->confirm_id = md5(unique_id($user->ip)); $this->seed = hexdec(substr(unique_id(), 4, 10)); $this->solved = 0; @@ -259,7 +259,7 @@ class phpbb_default_captcha { global $db, $user; - $this->code = gen_rand_string(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS)); + $this->code = gen_rand_string_friendly(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS)); $this->seed = hexdec(substr(unique_id(), 4, 10)); $this->solved = 0; // compute $seed % 0x7fffffff @@ -281,7 +281,7 @@ class phpbb_default_captcha { global $db, $user; - $this->code = gen_rand_string(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS)); + $this->code = gen_rand_string_friendly(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS)); $this->seed = hexdec(substr(unique_id(), 4, 10)); $this->solved = 0; // compute $seed % 0x7fffffff diff --git a/phpBB/includes/db/db_tools.php b/phpBB/includes/db/db_tools.php index 819ef69c96..f4b181c6ad 100644 --- a/phpBB/includes/db/db_tools.php +++ b/phpBB/includes/db/db_tools.php @@ -611,7 +611,7 @@ class phpbb_db_tools * drop_columns: Removing/Dropping columns * add_primary_keys: adding primary keys * add_unique_index: adding an unique index - * add_index: adding an index + * add_index: adding an index (can be column:index_size if you need to provide size) * * The values are in this format: * {TABLE NAME} => array( @@ -1804,6 +1804,12 @@ class phpbb_db_tools { $statements = array(); + // remove index length unless MySQL4 + if ('mysql_40' != $this->sql_layer) + { + $column = preg_replace('#:.*$#', '', $column); + } + switch ($this->sql_layer) { case 'firebird': @@ -1814,6 +1820,16 @@ class phpbb_db_tools break; case 'mysql_40': + // add index size to definition as required by MySQL4 + foreach ($column as $i => $col) + { + if (false !== strpos($col, ':')) + { + list($col, $index_size) = explode(':', $col); + $column[$i] = "$col($index_size)"; + } + } + // no break case 'mysql_41': $statements[] = 'CREATE INDEX ' . $index_name . ' ON ' . $table_name . '(' . implode(', ', $column) . ')'; break; diff --git a/phpBB/includes/db/mssqlnative.php b/phpBB/includes/db/mssqlnative.php index 98e22d4412..44d5722e4f 100644 --- a/phpBB/includes/db/mssqlnative.php +++ b/phpBB/includes/db/mssqlnative.php @@ -503,6 +503,7 @@ class dbal_mssqlnative extends dbal { $errors = @sqlsrv_errors(SQLSRV_ERR_ERRORS); $error_message = ''; + $code = 0; if ($errors != null) { @@ -510,6 +511,7 @@ class dbal_mssqlnative extends dbal { $error_message .= "SQLSTATE: ".$error[ 'SQLSTATE']."\n"; $error_message .= "code: ".$error[ 'code']."\n"; + $code = $error['code']; $error_message .= "message: ".$error[ 'message']."\n"; } $this->last_error_result = $error_message; @@ -519,7 +521,11 @@ class dbal_mssqlnative extends dbal { $error = (isset($this->last_error_result) && $this->last_error_result) ? $this->last_error_result : array(); } - return $error; + + return array( + 'message' => $error, + 'code' => $code, + ); } /** diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index bc3d721de5..9aec98dce2 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -195,10 +195,27 @@ function set_config_count($config_name, $increment, $is_dynamic = false) /** * Generates an alphanumeric random string of given length +* +* @return string */ function gen_rand_string($num_chars = 8) { + // [a, z] + [0, 9] = 36 + return substr(strtoupper(base_convert(unique_id(), 16, 36)), 0, $num_chars); +} + +/** +* Generates a user-friendly alphanumeric random string of given length +* We remove 0 and O so users cannot confuse those in passwords etc. +* +* @return string +*/ +function gen_rand_string_friendly($num_chars = 8) +{ $rand_str = unique_id(); + + // Remove Z and Y from the base_convert(), replace 0 with Z and O with Y + // [a, z] + [0, 9] - {z, y} = [a, z] + [0, 9] - {0, o} = 34 $rand_str = str_replace(array('0', 'O'), array('Z', 'Y'), strtoupper(base_convert($rand_str, 16, 34))); return substr($rand_str, 0, $num_chars); @@ -701,7 +718,7 @@ function phpbb_chmod($filename, $perms = CHMOD_READ) clearstatcache(); - if (is_readable($filename) && is_writable($filename)) + if (is_readable($filename) && phpbb_is_writable($filename)) { break; } @@ -711,7 +728,7 @@ function phpbb_chmod($filename, $perms = CHMOD_READ) clearstatcache(); - if ((!($perms & CHMOD_READ) || is_readable($filename)) && (!($perms & CHMOD_WRITE) || is_writable($filename))) + if ((!($perms & CHMOD_READ) || is_readable($filename)) && (!($perms & CHMOD_WRITE) || phpbb_is_writable($filename))) { break; } @@ -721,7 +738,7 @@ function phpbb_chmod($filename, $perms = CHMOD_READ) clearstatcache(); - if ((!($perms & CHMOD_READ) || is_readable($filename)) && (!($perms & CHMOD_WRITE) || is_writable($filename))) + if ((!($perms & CHMOD_READ) || is_readable($filename)) && (!($perms & CHMOD_WRITE) || phpbb_is_writable($filename))) { break; } @@ -2519,6 +2536,11 @@ function build_url($strip_vars = false) $key = $arguments[0]; unset($arguments[0]); + if ($key === '') + { + continue; + } + $query[$key] = implode('=', $arguments); } @@ -3440,26 +3462,110 @@ function short_ipv6($ip, $length) /** * Wrapper for php's checkdnsrr function. * -* The windows failover is from the php manual -* Please make sure to check the return value for === true and === false, since NULL could -* be returned too. +* @param string $host Fully-Qualified Domain Name +* @param string $type Resource record type to lookup +* Supported types are: MX (default), A, AAAA, NS, TXT, CNAME +* Other types may work or may not work +* +* @return mixed true if entry found, +* false if entry not found, +* null if this function is not supported by this environment * -* @return true if entry found, false if not, NULL if this function is not supported by this environment +* Since null can also be returned, you probably want to compare the result +* with === true or === false, +* +* @author bantu */ -function phpbb_checkdnsrr($host, $type = '') +function phpbb_checkdnsrr($host, $type = 'MX') { - $type = (!$type) ? 'MX' : $type; + // The dot indicates to search the DNS root (helps those having DNS prefixes on the same domain) + if (substr($host, -1) == '.') + { + $host_fqdn = $host; + $host = substr($host, 0, -1); + } + else + { + $host_fqdn = $host . '.'; + } + // $host has format some.host.example.com + // $host_fqdn has format some.host.example.com. + + // If we're looking for an A record we can use gethostbyname() + if ($type == 'A' && function_exists('gethostbyname')) + { + return (@gethostbyname($host_fqdn) == $host_fqdn) ? false : true; + } + + // checkdnsrr() is available on Windows since PHP 5.3, + // but until 5.3.3 it only works for MX records + // See: http://bugs.php.net/bug.php?id=51844 - // Call checkdnsrr() if available. This is also the case on Windows with PHP 5.3 or later. - if (function_exists('checkdnsrr')) + // Call checkdnsrr() if + // we're looking for an MX record or + // we're not on Windows or + // we're running a PHP version where #51844 has been fixed + + // checkdnsrr() supports AAAA since 5.0.0 + // checkdnsrr() supports TXT since 5.2.4 + if ( + ($type == 'MX' || DIRECTORY_SEPARATOR != '\\' || version_compare(PHP_VERSION, '5.3.3', '>=')) && + ($type != 'AAAA' || version_compare(PHP_VERSION, '5.0.0', '>=')) && + ($type != 'TXT' || version_compare(PHP_VERSION, '5.2.4', '>=')) && + function_exists('checkdnsrr') + ) { - // The dot indicates to search the DNS root (helps those having DNS prefixes on the same domain) - return checkdnsrr($host . '.', $type); + return checkdnsrr($host_fqdn, $type); } - else if (DIRECTORY_SEPARATOR == '\\' && function_exists('exec')) + + // dns_get_record() is available since PHP 5; since PHP 5.3 also on Windows, + // but on Windows it does not work reliable for AAAA records before PHP 5.3.1 + + // Call dns_get_record() if + // we're not looking for an AAAA record or + // we're not on Windows or + // we're running a PHP version where AAAA lookups work reliable + if ( + ($type != 'AAAA' || DIRECTORY_SEPARATOR != '\\' || version_compare(PHP_VERSION, '5.3.1', '>=')) && + function_exists('dns_get_record') + ) { - // @exec('nslookup -retry=1 -timout=1 -type=' . escapeshellarg($type) . ' ' . escapeshellarg($host), $output); - @exec('nslookup -type=' . escapeshellarg($type) . ' ' . escapeshellarg($host) . '.', $output); + // dns_get_record() expects an integer as second parameter + // We have to convert the string $type to the corresponding integer constant. + $type_constant = 'DNS_' . $type; + $type_param = (defined($type_constant)) ? constant($type_constant) : DNS_ANY; + + // dns_get_record() might throw E_WARNING and return false for records that do not exist + $resultset = @dns_get_record($host_fqdn, $type_param); + + if (empty($resultset) || !is_array($resultset)) + { + return false; + } + else if ($type_param == DNS_ANY) + { + // $resultset is a non-empty array + return true; + } + + foreach ($resultset as $result) + { + if ( + isset($result['host']) && $result['host'] == $host && + isset($result['type']) && $result['type'] == $type + ) + { + return true; + } + } + + return false; + } + + // If we're on Windows we can still try to call nslookup via exec() as a last resort + if (DIRECTORY_SEPARATOR == '\\' && function_exists('exec')) + { + @exec('nslookup -type=' . escapeshellarg($type) . ' ' . escapeshellarg($host_fqdn), $output); // If output is empty, the nslookup failed if (empty($output)) @@ -3469,15 +3575,66 @@ function phpbb_checkdnsrr($host, $type = '') foreach ($output as $line) { - if (!trim($line)) + $line = trim($line); + + if (empty($line)) { continue; } - // Valid records begin with host name: - if (strpos($line, $host) === 0) + // Squash tabs and multiple whitespaces to a single whitespace. + $line = preg_replace('/\s+/', ' ', $line); + + switch ($type) { - return true; + case 'MX': + if (stripos($line, "$host MX") === 0) + { + return true; + } + break; + + case 'NS': + if (stripos($line, "$host nameserver") === 0) + { + return true; + } + break; + + case 'TXT': + if (stripos($line, "$host text") === 0) + { + return true; + } + break; + + case 'CNAME': + if (stripos($line, "$host canonical name") === 0) + { + return true; + } + + default: + case 'A': + case 'AAAA': + if (!empty($host_matches)) + { + // Second line + if (stripos($line, "Address: ") === 0) + { + return true; + } + else + { + $host_matches = false; + } + } + else if (stripos($line, "Name: $host") === 0) + { + // First line + $host_matches = true; + } + break; } } @@ -3596,7 +3753,7 @@ function msg_handler($errno, $msg_text, $errfile, $errline) } // Do not send 200 OK, but service unavailable on errors - header('HTTP/1.1 503 Service Unavailable'); + send_status_line(503, 'Service Unavailable'); garbage_collection(); @@ -4066,7 +4223,8 @@ function phpbb_http_login($param) } else if ($auth_result['status'] == LOGIN_ERROR_ATTEMPTS) { - header('HTTP/1.0 401 Unauthorized'); + send_status_line(401, 'Unauthorized'); + trigger_error('NOT_AUTHORISED'); } } @@ -4078,7 +4236,7 @@ function phpbb_http_login($param) $param['auth_message'] = preg_replace('/[\x80-\xFF]/', '?', $param['auth_message']); header('WWW-Authenticate: Basic realm="' . $param['auth_message'] . '"'); - header('HTTP/1.0 401 Unauthorized'); + send_status_line(401, 'Unauthorized'); trigger_error('NOT_AUTHORISED'); } @@ -4308,6 +4466,8 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0 'S_ENABLE_FEEDS_TOPICS_ACTIVE' => ($config['feed_topics_active']) ? true : false, 'S_ENABLE_FEEDS_NEWS' => ($s_feed_news) ? true : false, + 'S_LOAD_UNREADS' => ($config['load_unreads_search']) ? true : false, + 'T_THEME_PATH' => "{$web_path}styles/" . $user->theme['theme_path'] . '/theme', 'T_TEMPLATE_PATH' => "{$web_path}styles/" . $user->theme['template_path'] . '/template', 'T_SUPER_TEMPLATE_PATH' => (isset($user->theme['template_inherit_path']) && $user->theme['template_inherit_path']) ? "{$web_path}styles/" . $user->theme['template_inherit_path'] . '/template' : "{$web_path}styles/" . $user->theme['template_path'] . '/template', diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php index 89892feb30..3178d35c34 100644 --- a/phpBB/includes/functions_admin.php +++ b/phpBB/includes/functions_admin.php @@ -1125,53 +1125,65 @@ function delete_attachments($mode, $ids, $resync = true) } /** -* Remove topic shadows +* Deletes shadow topics pointing to a specified forum. +* +* @param int $forum_id The forum id +* @param string $sql_more Additional WHERE statement, e.g. t.topic_time < (time() - 1234) +* @param bool $auto_sync Will call sync() if this is true +* +* @return array Array with affected forums +* +* @author bantu */ -function delete_topic_shadows($max_age, $forum_id = '', $auto_sync = true) +function delete_topic_shadows($forum_id, $sql_more = '', $auto_sync = true) { - $where = (is_array($forum_id)) ? 'AND ' . $db->sql_in_set('t.forum_id', array_map('intval', $forum_id)) : (($forum_id) ? 'AND t.forum_id = ' . (int) $forum_id : ''); + global $db; - switch ($db->sql_layer) + if (!$forum_id) { - case 'mysql4': - case 'mysqli': - $sql = 'DELETE t.* - FROM ' . TOPICS_TABLE . ' t, ' . TOPICS_TABLE . ' t2 - WHERE t.topic_moved_id = t2.topic_id - AND t.topic_time < ' . (time() - $max_age) - . $where; - $db->sql_query($sql); - break; + // Nothing to do. + return; + } - default: - $sql = 'SELECT t.topic_id - FROM ' . TOPICS_TABLE . ' t, ' . TOPICS_TABLE . ' t2 - WHERE t.topic_moved_id = t2.topic_id - AND t.topic_time < ' . (time() - $max_age) - . $where; - $result = $db->sql_query($sql); + // Set of affected forums we have to resync + $sync_forum_ids = array(); - $topic_ids = array(); - while ($row = $db->sql_fetchrow($result)) - { - $topic_ids[] = $row['topic_id']; - } - $db->sql_freeresult($result); + // Amount of topics we select and delete at once. + $batch_size = 500; - if (sizeof($topic_ids)) - { - $sql = 'DELETE FROM ' . TOPICS_TABLE . ' - WHERE ' . $db->sql_in_set('topic_id', $topic_ids); - $db->sql_query($sql); - } - break; + do + { + $sql = 'SELECT t2.forum_id, t2.topic_id + FROM ' . TOPICS_TABLE . ' t2, ' . TOPICS_TABLE . ' t + WHERE t2.topic_moved_id = t.topic_id + AND t.forum_id = ' . (int) $forum_id . ' + ' . (($sql_more) ? 'AND ' . $sql_more : ''); + $result = $db->sql_query_limit($sql, $batch_size); + + $topic_ids = array(); + while ($row = $db->sql_fetchrow($result)) + { + $topic_ids[] = (int) $row['topic_id']; + + $sync_forum_ids[(int) $row['forum_id']] = (int) $row['forum_id']; + } + $db->sql_freeresult($result); + + if (!empty($topic_ids)) + { + $sql = 'DELETE FROM ' . TOPICS_TABLE . ' + WHERE ' . $db->sql_in_set('topic_id', $topic_ids); + $db->sql_query($sql); + } } + while (sizeof($topic_ids) == $batch_size); if ($auto_sync) { - $where_type = ($forum_id) ? 'forum_id' : ''; - sync('forum', $where_type, $forum_id, true, true); + sync('forum', 'forum_id', $sync_forum_ids, true, true); } + + return $sync_forum_ids; } /** diff --git a/phpBB/includes/functions_compress.php b/phpBB/includes/functions_compress.php index f422eaa8c1..455debd939 100644 --- a/phpBB/includes/functions_compress.php +++ b/phpBB/includes/functions_compress.php @@ -53,13 +53,18 @@ class compress $filelist = filelist("$phpbb_root_path$src", '', '*'); krsort($filelist); + /** + * Commented out, as adding the folders produces corrupted archives if ($src_path) { $this->data($src_path, '', true, stat("$phpbb_root_path$src")); } + */ foreach ($filelist as $path => $file_ary) { + /** + * Commented out, as adding the folders produces corrupted archives if ($path) { // Same as for src_path @@ -68,6 +73,7 @@ class compress $this->data("$src_path$path", '', true, stat("$phpbb_root_path$src$path")); } + */ foreach ($file_ary as $file) { diff --git a/phpBB/includes/functions_convert.php b/phpBB/includes/functions_convert.php index c035fd3739..9e26043b39 100644 --- a/phpBB/includes/functions_convert.php +++ b/phpBB/includes/functions_convert.php @@ -2306,7 +2306,7 @@ function copy_file($src, $trg, $overwrite = false, $die_on_failure = true, $sour } } - if (!is_writable($path)) + if (!phpbb_is_writable($path)) { @chmod($path, 0777); } @@ -2341,7 +2341,7 @@ function copy_dir($src, $trg, $copy_subdirs = true, $overwrite = false, $die_on_ @chmod($trg_path, 0777); } - if (!@is_writable($trg_path)) + if (!phpbb_is_writable($trg_path)) { $bad_dirs[] = path($config['script_path']) . $trg; } @@ -2408,7 +2408,7 @@ function copy_dir($src, $trg, $copy_subdirs = true, $overwrite = false, $die_on_ @chmod($trg_path . $dir, 0777); } - if (!@is_writable($trg_path . $dir)) + if (!phpbb_is_writable($trg_path . $dir)) { $bad_dirs[] = $trg . $dir; $bad_dirs[] = $trg_path . $dir; diff --git a/phpBB/includes/functions_messenger.php b/phpBB/includes/functions_messenger.php index 99883cd9ca..bb0d88ec1b 100644 --- a/phpBB/includes/functions_messenger.php +++ b/phpBB/includes/functions_messenger.php @@ -671,11 +671,18 @@ class queue $package_size = $data_ary['package_size']; $num_items = (!$package_size || sizeof($data_ary['data']) < $package_size) ? sizeof($data_ary['data']) : $package_size; + /* + * This code is commented out because it causes problems on some web hosts. + * The core problem is rather restrictive email sending limits. + * This code is nly useful if you have no such restrictions from the + * web host and the package size setting is wrong. + // If the amount of emails to be sent is way more than package_size than we need to increase it to prevent backlogs... if (sizeof($data_ary['data']) > $package_size * 2.5) { $num_items = sizeof($data_ary['data']); } + */ switch ($object) { diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index 919412dd67..6fd87db663 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -2537,7 +2537,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u if ($mode == 'post' || $mode == 'reply' || $mode == 'quote') { // Mark this topic as posted to - markread('post', $data['forum_id'], $data['topic_id'], $data['post_time']); + markread('post', $data['forum_id'], $data['topic_id']); } // Mark this topic as read diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php index 4fc5034f7b..4c34bc92ca 100644 --- a/phpBB/includes/functions_privmsgs.php +++ b/phpBB/includes/functions_privmsgs.php @@ -1380,6 +1380,9 @@ function submit_pm($mode, $subject, &$data, $put_in_outbox = true) } } + // First of all make sure the subject are having the correct length. + $subject = truncate_string($subject); + $db->sql_transaction('begin'); $sql = ''; @@ -1751,6 +1754,8 @@ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode return false; } + $title = $row['message_subject']; + $rowset = array(); $bbcode_bitfield = ''; $folder_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm') . '&folder='; @@ -1774,8 +1779,6 @@ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode while ($row = $db->sql_fetchrow($result)); $db->sql_freeresult($result); - $title = $row['message_subject']; - if (sizeof($rowset) == 1 && !$in_post_mode) { return false; diff --git a/phpBB/includes/functions_profile_fields.php b/phpBB/includes/functions_profile_fields.php index fa1cc98e10..3937cf9c21 100644 --- a/phpBB/includes/functions_profile_fields.php +++ b/phpBB/includes/functions_profile_fields.php @@ -543,8 +543,9 @@ class custom_profile else if ($day && $month && $year) { global $user; - // d/m/y 00:00 GMT isn't necessarily on the same d/m/y in the user's timezone, so add the timezone seconds - return $user->format_date(gmmktime(0, 0, 0, $month, $day, $year) + $user->timezone + $user->dst, $user->lang['DATE_FORMAT'], true); + // Date should display as the same date for every user regardless of timezone, so remove offset + // to compensate for the offset added by user::format_date() + return $user->format_date(gmmktime(0, 0, 0, $month, $day, $year) - ($user->timezone + $user->dst), $user->lang['DATE_FORMAT'], true); } return $value; diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index 51fed45ebd..7f09cc1640 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -58,8 +58,9 @@ class filespec $this->filename = $upload_ary['tmp_name']; $this->filesize = $upload_ary['size']; - $name = trim(utf8_htmlspecialchars(utf8_basename($upload_ary['name']))); - $this->realname = $this->uploadname = (STRIP) ? stripslashes($name) : $name; + $name = (STRIP) ? stripslashes($upload_ary['name']) : $upload_ary['name']; + $name = trim(utf8_htmlspecialchars(utf8_basename($name))); + $this->realname = $this->uploadname = $name; $this->mimetype = $upload_ary['type']; // Opera adds the name to the mime type diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 0b26f28864..f2c80705ba 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -766,7 +766,8 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas if (sizeof($ban_other) == 3 && ((int)$ban_other[0] < 9999) && (strlen($ban_other[0]) == 4) && (strlen($ban_other[1]) == 2) && (strlen($ban_other[2]) == 2)) { - $ban_end = max($current_time, gmmktime(0, 0, 0, (int)$ban_other[1], (int)$ban_other[2], (int)$ban_other[0])); + $time_offset = (isset($user->timezone) && isset($user->dst)) ? (int) $user->timezone + (int) $user->dst : 0; + $ban_end = max($current_time, gmmktime(0, 0, 0, (int)$ban_other[1], (int)$ban_other[2], (int)$ban_other[0]) - $time_offset); } else { @@ -1229,22 +1230,39 @@ function user_unban($mode, $ban) } /** -* Whois facility +* Internet Protocol Address Whois +* RFC3912: WHOIS Protocol Specification * -* @link http://tools.ietf.org/html/rfc3912 RFC3912: WHOIS Protocol Specification +* @param string $ip Ip address, either IPv4 or IPv6. +* +* @return string Empty string if not a valid ip address. +* Otherwise make_clickable()'ed whois result. */ function user_ipwhois($ip) { - $ipwhois = ''; + if (empty($ip)) + { + return ''; + } - // Check IP - // Only supporting IPv4 at the moment... - if (empty($ip) || !preg_match(get_preg_expression('ipv4'), $ip)) + if (preg_match(get_preg_expression('ipv4'), $ip)) + { + // IPv4 address + $whois_host = 'whois.arin.net.'; + } + else if (preg_match(get_preg_expression('ipv6'), $ip)) + { + // IPv6 address + $whois_host = 'whois.sixxs.net.'; + } + else { return ''; } - if (($fsk = @fsockopen('whois.arin.net', 43))) + $ipwhois = ''; + + if (($fsk = @fsockopen($whois_host, 43))) { // CRLF as per RFC3912 fputs($fsk, "$ip\r\n"); @@ -1257,7 +1275,7 @@ function user_ipwhois($ip) $match = array(); - // Test for referrals from ARIN to other whois databases, roll on rwhois + // Test for referrals from $whois_host to other whois databases, roll on rwhois if (preg_match('#ReferralServer: whois://(.+)#im', $ipwhois, $match)) { if (strpos($match[1], ':') !== false) @@ -1285,7 +1303,7 @@ function user_ipwhois($ip) @fclose($fsk); } - // Use the result from ARIN if we don't get any result here + // Use the result from $whois_host if we don't get any result here $ipwhois = (empty($buffer)) ? $ipwhois : $buffer; } @@ -2326,7 +2344,7 @@ function avatar_process_user(&$error, $custom_userdata = false, $can_upload = nu // Can we upload? if (is_null($can_upload)) { - $can_upload = ($config['allow_avatar_upload'] && file_exists($phpbb_root_path . $config['avatar_path']) && @is_writable($phpbb_root_path . $config['avatar_path']) && $change_avatar && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on')) ? true : false; + $can_upload = ($config['allow_avatar_upload'] && file_exists($phpbb_root_path . $config['avatar_path']) && phpbb_is_writable($phpbb_root_path . $config['avatar_path']) && $change_avatar && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on')) ? true : false; } if ((!empty($_FILES['uploadfile']['name']) || $data['uploadurl']) && $can_upload) diff --git a/phpBB/includes/mcp/mcp_main.php b/phpBB/includes/mcp/mcp_main.php index 80c3559649..d5551f5114 100644 --- a/phpBB/includes/mcp/mcp_main.php +++ b/phpBB/includes/mcp/mcp_main.php @@ -1048,6 +1048,35 @@ function mcp_fork_topic($topic_ids) $total_posts = 0; $new_topic_id_list = array(); + if ($topic_data['enable_indexing']) + { + // Select the search method and do some additional checks to ensure it can actually be utilised + $search_type = basename($config['search_type']); + + if (!file_exists($phpbb_root_path . 'includes/search/' . $search_type . '.' . $phpEx)) + { + trigger_error('NO_SUCH_SEARCH_MODULE'); + } + + if (!class_exists($search_type)) + { + include("{$phpbb_root_path}includes/search/$search_type.$phpEx"); + } + + $error = false; + $search = new $search_type($error); + $search_mode = 'post'; + + if ($error) + { + trigger_error($error); + } + } + else + { + $search_type = false; + } + foreach ($topic_data as $topic_id => $topic_row) { $sql_ary = array( @@ -1158,6 +1187,12 @@ function mcp_fork_topic($topic_ids) // Copy whether the topic is dotted markread('post', $to_forum_id, $new_topic_id, 0, $row['poster_id']); + if ($search_type) + { + $search->index($search_mode, $sql_ary['post_id'], $sql_ary['post_text'], $sql_ary['post_subject'], $sql_ary['poster_id'], ($topic_row['topic_type'] == POST_GLOBAL) ? 0 : $to_forum_id); + $search_mode = 'reply'; // After one we index replies + } + // Copy Attachments if ($row['post_attachment']) { diff --git a/phpBB/includes/mcp/mcp_post.php b/phpBB/includes/mcp/mcp_post.php index 1fbedbac4f..7098b4bbce 100644 --- a/phpBB/includes/mcp/mcp_post.php +++ b/phpBB/includes/mcp/mcp_post.php @@ -176,7 +176,7 @@ function mcp_post_details($id, $mode, $action) } $template->assign_vars(array( - 'U_MCP_ACTION' => "$url&i=main&quickmod=1", // Use this for mode paramaters + 'U_MCP_ACTION' => "$url&i=main&quickmod=1&mode=post_details", // Use this for mode paramaters 'U_POST_ACTION' => "$url&i=$id&mode=post_details", // Use this for action parameters 'U_APPROVE_ACTION' => append_sid("{$phpbb_root_path}mcp.$phpEx", "i=queue&p=$post_id&f={$post_info['forum_id']}"), diff --git a/phpBB/includes/mcp/mcp_queue.php b/phpBB/includes/mcp/mcp_queue.php index f84a8c5f07..c419da5574 100644 --- a/phpBB/includes/mcp/mcp_queue.php +++ b/phpBB/includes/mcp/mcp_queue.php @@ -428,7 +428,7 @@ class mcp_queue 'POST_ID' => $row['post_id'], 'FORUM_NAME' => (!$global_topic) ? $forum_names[$row['forum_id']] : $user->lang['GLOBAL_ANNOUNCEMENT'], - 'POST_SUBJECT' => $row['post_subject'], + 'POST_SUBJECT' => ($row['post_subject'] != '') ? $row['post_subject'] : $user->lang['NO_SUBJECT'], 'TOPIC_TITLE' => $row['topic_title'], 'POST_TIME' => $user->format_date($row['post_time'])) ); @@ -691,16 +691,19 @@ function approve_post($post_id_list, $id, $mode) { $show_notify = false; - foreach ($post_info as $post_data) + if ($config['email_enable'] || $config['jab_enable']) { - if ($post_data['poster_id'] == ANONYMOUS) - { - continue; - } - else + foreach ($post_info as $post_data) { - $show_notify = true; - break; + if ($post_data['poster_id'] == ANONYMOUS) + { + continue; + } + else + { + $show_notify = true; + break; + } } } diff --git a/phpBB/includes/search/fulltext_mysql.php b/phpBB/includes/search/fulltext_mysql.php index da3833754e..0be3a10e5f 100644 --- a/phpBB/includes/search/fulltext_mysql.php +++ b/phpBB/includes/search/fulltext_mysql.php @@ -122,7 +122,7 @@ class fulltext_mysql extends search_backend if ($terms == 'all') { - $match = array('#\sand\s#iu', '#\sor\s#iu', '#\snot\s#iu', '#\+#', '#-#', '#\|#'); + $match = array('#\sand\s#iu', '#\sor\s#iu', '#\snot\s#iu', '#(^|\s)\+#', '#(^|\s)-#', '#(^|\s)\|#'); $replace = array(' +', ' |', ' -', ' +', ' -', ' |'); $keywords = preg_replace($match, $replace, $keywords); diff --git a/phpBB/includes/search/fulltext_native.php b/phpBB/includes/search/fulltext_native.php index c89e92711e..727e3aaffb 100644 --- a/phpBB/includes/search/fulltext_native.php +++ b/phpBB/includes/search/fulltext_native.php @@ -83,7 +83,9 @@ class fulltext_native extends search_backend { global $db, $user, $config; - $keywords = trim($this->cleanup($keywords, '+-|()*')); + $tokens = '+-|()*'; + + $keywords = trim($this->cleanup($keywords, $tokens)); // allow word|word|word without brackets if ((strpos($keywords, ' ') === false) && (strpos($keywords, '|') !== false) && (strpos($keywords, '(') === false)) @@ -114,6 +116,15 @@ class fulltext_native extends search_backend case ' ': $keywords[$i] = '|'; break; + case '*': + if ($i === 0 || ($keywords[$i - 1] !== '*' && strcspn($keywords[$i - 1], $tokens) === 0)) + { + if ($i === $n - 1 || ($keywords[$i + 1] !== '*' && strcspn($keywords[$i + 1], $tokens) === 0)) + { + $keywords = substr($keywords, 0, $i) . substr($keywords, $i + 1); + } + } + break; } } else diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index e157053e61..aa2293c630 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -748,7 +748,7 @@ class session if ((int) $row['sessions'] > (int) $config['active_sessions']) { - header('HTTP/1.1 503 Service Unavailable'); + send_status_line(503, 'Service Unavailable'); trigger_error('BOARD_UNAVAILABLE'); } } @@ -1821,7 +1821,7 @@ class user extends session { if ($this->data['is_bot']) { - header('HTTP/1.1 503 Service Unavailable'); + send_status_line(503, 'Service Unavailable'); } $message = (!empty($config['board_disable_msg'])) ? $config['board_disable_msg'] : 'BOARD_DISABLE'; @@ -1831,7 +1831,7 @@ class user extends session // Is load exceeded? if ($config['limit_load'] && $this->load !== false) { - if ($this->load > floatval($config['limit_load']) && !defined('IN_LOGIN')) + if ($this->load > floatval($config['limit_load']) && !defined('IN_LOGIN') && !defined('IN_ADMIN')) { // Set board disabled to true to let the admins/mods get the proper notification $config['board_disable'] = '1'; @@ -1840,7 +1840,7 @@ class user extends session { if ($this->data['is_bot']) { - header('HTTP/1.1 503 Service Unavailable'); + send_status_line(503, 'Service Unavailable'); } trigger_error('BOARD_UNAVAILABLE'); } diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php index 423d9b718a..1c055a4823 100644 --- a/phpBB/includes/ucp/ucp_groups.php +++ b/phpBB/includes/ucp/ucp_groups.php @@ -490,7 +490,7 @@ class ucp_groups $avatar_select = basename(request_var('avatar_select', '')); $category = basename(request_var('category', '')); - $can_upload = (file_exists($phpbb_root_path . $config['avatar_path']) && @is_writable($phpbb_root_path . $config['avatar_path']) && $file_uploads) ? true : false; + $can_upload = (file_exists($phpbb_root_path . $config['avatar_path']) && phpbb_is_writable($phpbb_root_path . $config['avatar_path']) && $file_uploads) ? true : false; // Did we submit? if ($update) diff --git a/phpBB/includes/ucp/ucp_pm_viewmessage.php b/phpBB/includes/ucp/ucp_pm_viewmessage.php index 26968e1382..16700c490c 100644 --- a/phpBB/includes/ucp/ucp_pm_viewmessage.php +++ b/phpBB/includes/ucp/ucp_pm_viewmessage.php @@ -309,7 +309,7 @@ function get_user_information($user_id, $user_row) get_user_rank($user_row['user_rank'], $user_row['user_posts'], $user_row['rank_title'], $user_row['rank_image'], $user_row['rank_image_src']); - if (!empty($user_row['user_allow_viewemail']) || $auth->acl_get('a_email')) + if ((!empty($user_row['user_allow_viewemail']) && $auth->acl_get('u_sendemail')) || $auth->acl_get('a_email')) { $user_row['email'] = ($config['board_email_form'] && $config['email_enable']) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=email&u=$user_id") : ((($config['board_hide_emails'] && !$auth->acl_get('a_email')) || empty($user_row['user_email'])) ? '' : 'mailto:' . $user_row['user_email']); } diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php index 363a4803b6..c099e3b3fa 100644 --- a/phpBB/includes/ucp/ucp_profile.php +++ b/phpBB/includes/ucp/ucp_profile.php @@ -141,10 +141,7 @@ class ucp_profile $server_url = generate_board_url(); - $user_actkey = gen_rand_string(10); - $key_len = 54 - (strlen($server_url)); - $key_len = ($key_len > 6) ? $key_len : 6; - $user_actkey = substr($user_actkey, 0, $key_len); + $user_actkey = gen_rand_string(mt_rand(6, 10)); $messenger = new messenger(false); @@ -564,7 +561,7 @@ class ucp_profile $avatar_select = basename(request_var('avatar_select', '')); $category = basename(request_var('category', '')); - $can_upload = (file_exists($phpbb_root_path . $config['avatar_path']) && @is_writable($phpbb_root_path . $config['avatar_path']) && $auth->acl_get('u_chgavatar') && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on')) ? true : false; + $can_upload = (file_exists($phpbb_root_path . $config['avatar_path']) && phpbb_is_writable($phpbb_root_path . $config['avatar_path']) && $auth->acl_get('u_chgavatar') && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on')) ? true : false; add_form_key('ucp_avatar'); diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php index 9656a4a3af..7fd99da55a 100644 --- a/phpBB/includes/ucp/ucp_register.php +++ b/phpBB/includes/ucp/ucp_register.php @@ -286,11 +286,7 @@ class ucp_register $config['require_activation'] == USER_ACTIVATION_SELF || $config['require_activation'] == USER_ACTIVATION_ADMIN) && $config['email_enable']) { - $user_actkey = gen_rand_string(10); - $key_len = 54 - (strlen($server_url)); - $key_len = ($key_len < 6) ? 6 : $key_len; - $user_actkey = substr($user_actkey, 0, $key_len); - + $user_actkey = gen_rand_string(mt_rand(6, 10)); $user_type = USER_INACTIVE; $user_inactive_reason = INACTIVE_REGISTER; $user_inactive_time = time(); diff --git a/phpBB/includes/ucp/ucp_remind.php b/phpBB/includes/ucp/ucp_remind.php index f9b792de20..cb89ad99be 100644 --- a/phpBB/includes/ucp/ucp_remind.php +++ b/phpBB/includes/ucp/ucp_remind.php @@ -79,10 +79,10 @@ class ucp_remind // Make password at least 8 characters long, make it longer if admin wants to. // gen_rand_string() however has a limit of 12 or 13. - $user_password = gen_rand_string(max(8, rand((int) $config['min_pass_chars'], (int) $config['max_pass_chars']))); + $user_password = gen_rand_string_friendly(max(8, mt_rand((int) $config['min_pass_chars'], (int) $config['max_pass_chars']))); // For the activation key a random length between 6 and 10 will do. - $user_actkey = gen_rand_string(rand(6, 10)); + $user_actkey = gen_rand_string(mt_rand(6, 10)); $sql = 'UPDATE ' . USERS_TABLE . " SET user_newpasswd = '" . $db->sql_escape(phpbb_hash($user_password)) . "', user_actkey = '" . $db->sql_escape($user_actkey) . "' |