diff options
Diffstat (limited to 'phpBB/includes')
| -rw-r--r-- | phpBB/includes/functions.php | 5 | ||||
| -rw-r--r-- | phpBB/includes/functions_acp.php | 3 | ||||
| -rw-r--r-- | phpBB/includes/functions_posting.php | 5 | ||||
| -rw-r--r-- | phpBB/includes/functions_privmsgs.php | 34 |
4 files changed, 38 insertions, 9 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 2e2b2a01d8..605afda0bd 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2364,7 +2364,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa } // Check form key - if ($password && !check_form_key($form_name)) + if ($password && !defined('IN_CHECK_BAN') && !check_form_key($form_name)) { $result = array( 'status' => false, @@ -4591,12 +4591,13 @@ function page_header($page_title = '', $display_online_list = false, $item_id = if ($send_headers) { - // An array of http headers that phpbb will set. The following event may override these. + // An array of http headers that phpBB will set. The following event may override these. $http_headers += array( // application/xhtml+xml not used because of IE 'Content-type' => 'text/html; charset=UTF-8', 'Cache-Control' => 'private, no-cache="set-cookie"', 'Expires' => gmdate('D, d M Y H:i:s', time()) . ' GMT', + 'Referrer-Policy' => 'strict-origin-when-cross-origin', ); if (!empty($user->data['is_bot'])) { diff --git a/phpBB/includes/functions_acp.php b/phpBB/includes/functions_acp.php index dd326c3db6..a2014a7d5b 100644 --- a/phpBB/includes/functions_acp.php +++ b/phpBB/includes/functions_acp.php @@ -112,12 +112,13 @@ function adm_page_header($page_title) 'CONTAINER_EXCEPTION' => $phpbb_container->hasParameter('container_exception') ? $phpbb_container->getParameter('container_exception') : false, )); - // An array of http headers that phpbb will set. The following event may override these. + // An array of http headers that phpBB will set. The following event may override these. $http_headers = array( // application/xhtml+xml not used because of IE 'Content-type' => 'text/html; charset=UTF-8', 'Cache-Control' => 'private, no-cache="set-cookie"', 'Expires' => gmdate('D, d M Y H:i:s', time()) . ' GMT', + 'Referrer-Policy' => 'strict-origin-when-cross-origin', ); /** diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index c5a7400ddf..2cce77e092 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -2079,6 +2079,11 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll_ary, &$data continue; } + if (preg_match('/[\x{10000}-\x{10FFFF}]/u', $attach_row['attach_comment'])) + { + trigger_error('ATTACH_COMMENT_NO_EMOJIS'); + } + if (!$attach_row['is_orphan']) { // update entry in db if attachment already stored in db and filespace diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php index baadf5bdee..f07512d623 100644 --- a/phpBB/includes/functions_privmsgs.php +++ b/phpBB/includes/functions_privmsgs.php @@ -1985,9 +1985,7 @@ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode $recipients = array_unique($recipients); // Get History Messages (could be newer) - $sql = 'SELECT t.*, p.*, u.* - FROM ' . PRIVMSGS_TABLE . ' p, ' . PRIVMSGS_TO_TABLE . ' t, ' . USERS_TABLE . ' u - WHERE t.msg_id = p.msg_id + $sql_where = 't.msg_id = p.msg_id AND p.author_id = u.user_id AND t.folder_id NOT IN (' . PRIVMSGS_NO_BOX . ', ' . PRIVMSGS_HOLD_BOX . ') AND ' . $db->sql_in_set('t.author_id', $recipients, false, true) . " @@ -1998,13 +1996,37 @@ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode if (!$message_row['root_level']) { - $sql .= " AND (p.root_level = $msg_id OR (p.root_level = 0 AND p.msg_id = $msg_id))"; + $sql_where .= " AND (p.root_level = $msg_id OR (p.root_level = 0 AND p.msg_id = $msg_id))"; } else { - $sql .= " AND (p.root_level = " . $message_row['root_level'] . ' OR p.msg_id = ' . $message_row['root_level'] . ')'; + $sql_where .= " AND (p.root_level = " . $message_row['root_level'] . ' OR p.msg_id = ' . $message_row['root_level'] . ')'; } - $sql .= ' ORDER BY p.message_time DESC'; + + $sql_ary = array( + 'SELECT' => 't.*, p.*, u.*', + 'FROM' => array( + PRIVMSGS_TABLE => 'p', + PRIVMSGS_TO_TABLE => 't', + USERS_TABLE => 'u' + ), + 'LEFT_JOIN' => array(), + 'WHERE' => $sql_where, + 'ORDER_BY' => 'p.message_time DESC', + ); + + /** + * Event to modify the SQL query before the message history in private message is queried + * + * @event core.message_history_modify_sql_ary + * @var array sql_ary The SQL array to get the data of the message history in private message + * @since 3.2.8-RC1 + */ + $vars = array('sql_ary'); + extract($phpbb_dispatcher->trigger_event('core.message_history_modify_sql_ary', compact($vars))); + + $sql = $db->sql_build_query('SELECT', $sql_ary); + unset($sql_ary); $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); |