diff options
Diffstat (limited to 'phpBB/includes')
| -rw-r--r-- | phpBB/includes/acp/acp_bbcodes.php | 12 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_board.php | 1 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_database.php | 10 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_extensions.php | 36 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_prune.php | 1 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_styles.php | 33 | ||||
| -rw-r--r-- | phpBB/includes/functions.php | 10 | ||||
| -rw-r--r-- | phpBB/includes/functions_admin.php | 30 | ||||
| -rw-r--r-- | phpBB/includes/functions_display.php | 5 | ||||
| -rw-r--r-- | phpBB/includes/functions_posting.php | 5 | ||||
| -rw-r--r-- | phpBB/includes/functions_privmsgs.php | 34 | ||||
| -rw-r--r-- | phpBB/includes/functions_user.php | 5 | ||||
| -rw-r--r-- | phpBB/includes/mcp/mcp_topic.php | 32 | ||||
| -rw-r--r-- | phpBB/includes/message_parser.php | 29 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_pm_compose.php | 7 |
15 files changed, 201 insertions, 49 deletions
diff --git a/phpBB/includes/acp/acp_bbcodes.php b/phpBB/includes/acp/acp_bbcodes.php index b59f9e3a39..5360ab0f7b 100644 --- a/phpBB/includes/acp/acp_bbcodes.php +++ b/phpBB/includes/acp/acp_bbcodes.php @@ -33,7 +33,6 @@ class acp_bbcodes // Set up general vars $action = $request->variable('action', ''); $bbcode_id = $request->variable('bbcode', 0); - $submit = $request->is_set_post('submit'); $this->tpl_name = 'acp_bbcodes'; $this->page_title = 'ACP_BBCODES'; @@ -41,11 +40,6 @@ class acp_bbcodes add_form_key($form_key); - if ($submit && !check_form_key($form_key)) - { - trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); - } - // Set up mode-specific vars switch ($action) { @@ -179,6 +173,12 @@ class acp_bbcodes extract($phpbb_dispatcher->trigger_event('core.acp_bbcodes_modify_create', compact($vars))); $warn_text = preg_match('%<[^>]*\{text[\d]*\}[^>]*>%i', $bbcode_tpl); + + if (!$warn_text && !check_form_key($form_key)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + if (!$warn_text || confirm_box(true)) { $data = $this->build_regexp($bbcode_match, $bbcode_tpl); diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index 083bd5adac..7cbd0903bd 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -441,6 +441,7 @@ class acp_board 'email_enable' => array('lang' => 'ENABLE_EMAIL', 'validate' => 'bool', 'type' => 'radio:enabled_disabled', 'explain' => true), 'board_email_form' => array('lang' => 'BOARD_EMAIL_FORM', 'validate' => 'bool', 'type' => 'radio:enabled_disabled', 'explain' => true), 'email_package_size' => array('lang' => 'EMAIL_PACKAGE_SIZE', 'validate' => 'int:0', 'type' => 'number:0:99999', 'explain' => true), + 'email_max_chunk_size' => array('lang' => 'EMAIL_MAX_CHUNK_SIZE', 'validate' => 'int:1:99999', 'type' => 'number:1:99999', 'explain' => true), 'board_contact' => array('lang' => 'CONTACT_EMAIL', 'validate' => 'email', 'type' => 'email:25:100', 'explain' => true), 'board_contact_name' => array('lang' => 'CONTACT_EMAIL_NAME', 'validate' => 'string', 'type' => 'text:25:50', 'explain' => true), 'board_email' => array('lang' => 'ADMIN_EMAIL', 'validate' => 'email', 'type' => 'email:25:100', 'explain' => true), diff --git a/phpBB/includes/acp/acp_database.php b/phpBB/includes/acp/acp_database.php index c33c2e4d6f..677fce7217 100644 --- a/phpBB/includes/acp/acp_database.php +++ b/phpBB/includes/acp/acp_database.php @@ -58,7 +58,6 @@ class acp_database $type = $request->variable('type', ''); $table = array_intersect($this->db_tools->sql_list_tables(), $request->variable('table', array(''))); $format = $request->variable('method', ''); - $where = $request->variable('where', ''); if (!count($table)) { @@ -70,12 +69,9 @@ class acp_database trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); } - $store = $structure = $schema_data = false; - - if ($where == 'store') - { - $store = true; - } + $store = true; + $structure = false; + $schema_data = false; if ($type == 'full' || $type == 'structure') { diff --git a/phpBB/includes/acp/acp_extensions.php b/phpBB/includes/acp/acp_extensions.php index 2929de3c4f..6ac70ce3a8 100644 --- a/phpBB/includes/acp/acp_extensions.php +++ b/phpBB/includes/acp/acp_extensions.php @@ -172,10 +172,8 @@ class acp_extensions } $extension = $this->ext_manager->get_extension($ext_name); - if (!$extension->is_enableable()) - { - trigger_error($this->user->lang['EXTENSION_NOT_ENABLEABLE'] . adm_back_link($this->u_action), E_USER_WARNING); - } + + $this->check_is_enableable($extension); if ($this->ext_manager->is_enabled($ext_name)) { @@ -209,10 +207,8 @@ class acp_extensions } $extension = $this->ext_manager->get_extension($ext_name); - if (!$extension->is_enableable()) - { - trigger_error($this->user->lang['EXTENSION_NOT_ENABLEABLE'] . adm_back_link($this->u_action), E_USER_WARNING); - } + + $this->check_is_enableable($extension); try { @@ -727,4 +723,28 @@ class acp_extensions )); } } + + /** + * Checks whether the extension can be enabled. Triggers error if not. + * Error message can be set by the extension. + * + * @param \phpbb\extension\extension_interface $extension Extension to check + */ + protected function check_is_enableable(\phpbb\extension\extension_interface $extension) + { + $message = $extension->is_enableable(); + if ($message !== true) + { + if (empty($message)) + { + $message = $this->user->lang('EXTENSION_NOT_ENABLEABLE'); + } + else if (is_array($message)) + { + $message = implode('<br>', $message); + } + + trigger_error($message . adm_back_link($this->u_action), E_USER_WARNING); + } + } } diff --git a/phpBB/includes/acp/acp_prune.php b/phpBB/includes/acp/acp_prune.php index 3eee4f7922..c5f7789de8 100644 --- a/phpBB/includes/acp/acp_prune.php +++ b/phpBB/includes/acp/acp_prune.php @@ -537,6 +537,7 @@ class acp_prune AND ug.user_id <> ' . ANONYMOUS . ' AND u.user_type <> ' . USER_FOUNDER . ' AND ug.user_pending = 0 + AND ug.group_leader = 0 AND u.user_id = ug.user_id ' . (!empty($user_ids) ? ' AND ' . $db->sql_in_set('ug.user_id', $user_ids) : ''); $result = $db->sql_query($sql); diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php index 1bf5a3c6a8..87c8d88f52 100644 --- a/phpBB/includes/acp/acp_styles.php +++ b/phpBB/includes/acp/acp_styles.php @@ -259,6 +259,19 @@ class acp_styles // Get list of styles to uninstall $ids = $this->request_vars('id', 0, true); + // Don't remove prosilver, you can still deactivate it. + $sql = 'SELECT style_id + FROM ' . STYLES_TABLE . " + WHERE style_name = '" . $this->db->sql_escape('prosilver') . "'"; + $result = $this->db->sql_query($sql); + $prosilver_id = (int) $this->db->sql_fetchfield('style_id'); + $this->db->sql_freeresult($result); + + if ($prosilver_id && in_array($prosilver_id, $ids)) + { + trigger_error($this->user->lang('UNINSTALL_PROSILVER') . adm_back_link($this->u_action), E_USER_WARNING); + } + // Check if confirmation box was submitted if (confirm_box(true)) { @@ -998,11 +1011,14 @@ class acp_styles 'L_ACTION' => $this->user->lang['EXPORT'] ); */ - // Uninstall - $actions[] = array( - 'U_ACTION' => $this->u_action . '&action=uninstall&hash=' . generate_link_hash('uninstall') . '&id=' . $style['style_id'], - 'L_ACTION' => $this->user->lang['STYLE_UNINSTALL'] - ); + if ($style['style_name'] !== 'prosilver') + { + // Uninstall + $actions[] = array( + 'U_ACTION' => $this->u_action . '&action=uninstall&hash=' . generate_link_hash('uninstall') . '&id=' . $style['style_id'], + 'L_ACTION' => $this->user->lang['STYLE_UNINSTALL'] + ); + } // Preview $actions[] = array( @@ -1123,7 +1139,14 @@ class acp_styles */ protected function read_style_cfg($dir) { + // This should never happen, we give them a red warning because of its relevance. + if (!file_exists($this->styles_path . $dir . '/style.cfg')) + { + trigger_error($this->user->lang('NO_STYLE_CFG', $dir), E_USER_WARNING); + } + static $required = array('name', 'phpbb_version', 'copyright'); + $cfg = parse_cfg_file($this->styles_path . $dir . '/style.cfg'); // Check if it is a valid file diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index e8f8b0ff46..e1f6fa3d1b 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2514,9 +2514,6 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa )); } - // Add form token for login box - add_form_key($form_name, '_LOGIN'); - $s_hidden_fields = build_hidden_fields($s_hidden_fields); /** @var \phpbb\controller\helper $controller_helper */ @@ -2654,9 +2651,6 @@ function login_forum_box($forum_data) page_header($user->lang['LOGIN']); - // Add form token for login box - add_form_key('login', '_LOGIN'); - $template->assign_vars(array( 'FORUM_NAME' => isset($forum_data['forum_name']) ? $forum_data['forum_name'] : '', 'S_LOGIN_ACTION' => build_url(array('f')), @@ -4432,6 +4426,10 @@ function page_header($page_title = '', $display_online_list = false, $item_id = $notification_mark_hash = generate_link_hash('mark_all_notifications_read'); $s_login_redirect = build_hidden_fields(array('redirect' => $phpbb_path_helper->remove_web_root_path(build_url()))); + + // Add form token for login box, in case page is presenting a login form. + add_form_key('login', '_LOGIN'); + /** * Workaround for missing template variable in pre phpBB 3.2.6 styles. * @deprecated 3.2.7 (To be removed: 3.3.0-a1) diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php index 1f3fe1c8e8..ce5f0812aa 100644 --- a/phpBB/includes/functions_admin.php +++ b/phpBB/includes/functions_admin.php @@ -543,6 +543,20 @@ function move_topics($topic_ids, $forum_id, $auto_sync = true) $topic_ids = array($topic_ids); } + /** + * Perform additional actions before topics move + * + * @event core.move_topics_before + * @var array topic_ids Array of the moved topic ids + * @var string forum_id The forum id from where the topics are moved + * @since 3.2.9-RC1 + */ + $vars = array( + 'topic_ids', + 'forum_id', + ); + extract($phpbb_dispatcher->trigger_event('core.move_topics_before', compact($vars))); + $sql = 'DELETE FROM ' . TOPICS_TABLE . ' WHERE ' . $db->sql_in_set('topic_moved_id', $topic_ids) . ' AND forum_id = ' . $forum_id; @@ -593,6 +607,22 @@ function move_topics($topic_ids, $forum_id, $auto_sync = true) } unset($table_ary); + /** + * Perform additional actions after topics move + * + * @event core.move_topics_after + * @var array topic_ids Array of the moved topic ids + * @var string forum_id The forum id from where the topics were moved + * @var array forum_ids Array of the forums where the topics were moved (includes also forum_id) + * @since 3.2.9-RC1 + */ + $vars = array( + 'topic_ids', + 'forum_id', + 'forum_ids', + ); + extract($phpbb_dispatcher->trigger_event('core.move_topics_after', compact($vars))); + if ($auto_sync) { sync('forum', 'forum_id', $forum_ids, true, true); diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php index 7fa32ce217..2d9aaba6e8 100644 --- a/phpBB/includes/functions_display.php +++ b/phpBB/includes/functions_display.php @@ -547,11 +547,12 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod $last_post_subject = $last_post_subject_truncated = ''; } $last_post_time = $user->format_date($row['forum_last_post_time']); + $last_post_time_rfc3339 = gmdate(DATE_RFC3339, $row['forum_last_post_time']); $last_post_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id_last_post'] . '&p=' . $row['forum_last_post_id']) . '#p' . $row['forum_last_post_id']; } else { - $last_post_subject = $last_post_time = $last_post_url = $last_post_subject_truncated = ''; + $last_post_subject = $last_post_time = $last_post_time_rfc3339 = $last_post_url = $last_post_subject_truncated = ''; } // Output moderator listing ... if applicable @@ -622,6 +623,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod 'LAST_POST_SUBJECT' => $last_post_subject, 'LAST_POST_SUBJECT_TRUNCATED' => $last_post_subject_truncated, 'LAST_POST_TIME' => $last_post_time, + 'LAST_POST_TIME_RFC3339'=> $last_post_time_rfc3339, 'LAST_POSTER' => get_username_string('username', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']), 'LAST_POSTER_COLOUR' => get_username_string('colour', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']), 'LAST_POSTER_FULL' => get_username_string('full', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']), @@ -1117,7 +1119,6 @@ function display_custom_bbcodes() 'BBCODE_TAG' => $row['bbcode_tag'], 'BBCODE_TAG_CLEAN' => str_replace('=', '-', $row['bbcode_tag']), 'BBCODE_HELPLINE' => $row['bbcode_helpline'], - 'A_BBCODE_HELPLINE' => str_replace(array('&', '"', "'", '<', '>'), array('&', '"', "\'", '<', '>'), $row['bbcode_helpline']), ); /** diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index cf511ec247..d150845952 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -2045,6 +2045,11 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll_ary, &$data continue; } + if (preg_match('/[\x{10000}-\x{10FFFF}]/u', $attach_row['attach_comment'])) + { + trigger_error('ATTACH_COMMENT_NO_EMOJIS'); + } + if (!$attach_row['is_orphan']) { // update entry in db if attachment already stored in db and filespace diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php index baadf5bdee..f07512d623 100644 --- a/phpBB/includes/functions_privmsgs.php +++ b/phpBB/includes/functions_privmsgs.php @@ -1985,9 +1985,7 @@ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode $recipients = array_unique($recipients); // Get History Messages (could be newer) - $sql = 'SELECT t.*, p.*, u.* - FROM ' . PRIVMSGS_TABLE . ' p, ' . PRIVMSGS_TO_TABLE . ' t, ' . USERS_TABLE . ' u - WHERE t.msg_id = p.msg_id + $sql_where = 't.msg_id = p.msg_id AND p.author_id = u.user_id AND t.folder_id NOT IN (' . PRIVMSGS_NO_BOX . ', ' . PRIVMSGS_HOLD_BOX . ') AND ' . $db->sql_in_set('t.author_id', $recipients, false, true) . " @@ -1998,13 +1996,37 @@ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode if (!$message_row['root_level']) { - $sql .= " AND (p.root_level = $msg_id OR (p.root_level = 0 AND p.msg_id = $msg_id))"; + $sql_where .= " AND (p.root_level = $msg_id OR (p.root_level = 0 AND p.msg_id = $msg_id))"; } else { - $sql .= " AND (p.root_level = " . $message_row['root_level'] . ' OR p.msg_id = ' . $message_row['root_level'] . ')'; + $sql_where .= " AND (p.root_level = " . $message_row['root_level'] . ' OR p.msg_id = ' . $message_row['root_level'] . ')'; } - $sql .= ' ORDER BY p.message_time DESC'; + + $sql_ary = array( + 'SELECT' => 't.*, p.*, u.*', + 'FROM' => array( + PRIVMSGS_TABLE => 'p', + PRIVMSGS_TO_TABLE => 't', + USERS_TABLE => 'u' + ), + 'LEFT_JOIN' => array(), + 'WHERE' => $sql_where, + 'ORDER_BY' => 'p.message_time DESC', + ); + + /** + * Event to modify the SQL query before the message history in private message is queried + * + * @event core.message_history_modify_sql_ary + * @var array sql_ary The SQL array to get the data of the message history in private message + * @since 3.2.8-RC1 + */ + $vars = array('sql_ary'); + extract($phpbb_dispatcher->trigger_event('core.message_history_modify_sql_ary', compact($vars))); + + $sql = $db->sql_build_query('SELECT', $sql_ary); + unset($sql_ary); $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 3bf4aa16b7..e0b6a9d0c6 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1945,9 +1945,10 @@ function validate_user_email($email, $allowed_email = false) return $validate_email; } - if (($ban = $user->check_ban(false, false, $email, true)) !== false) + $ban = $user->check_ban(false, false, $email, true); + if (!empty($ban)) { - return ($ban === true) ? 'EMAIL_BANNED' : (!empty($ban['ban_give_reason']) ? $ban['ban_give_reason'] : $ban); + return !empty($ban['ban_give_reason']) ? $ban['ban_give_reason'] : 'EMAIL_BANNED'; } if (!$config['allow_emailreuse']) diff --git a/phpBB/includes/mcp/mcp_topic.php b/phpBB/includes/mcp/mcp_topic.php index 68a65aafdd..83ad56f3e4 100644 --- a/phpBB/includes/mcp/mcp_topic.php +++ b/phpBB/includes/mcp/mcp_topic.php @@ -142,14 +142,36 @@ function mcp_topic_view($id, $mode, $action) } $start = $pagination->validate_start($start, $posts_per_page, $total); - $sql = 'SELECT u.username, u.username_clean, u.user_colour, p.* - FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . ' u - WHERE ' . (($action == 'reports') ? 'p.post_reported = 1 AND ' : '') . ' + $sql_where = (($action == 'reports') ? 'p.post_reported = 1 AND ' : '') . ' p.topic_id = ' . $topic_id . ' AND ' . $phpbb_content_visibility->get_visibility_sql('post', $topic_info['forum_id'], 'p.') . ' AND p.poster_id = u.user_id ' . - $limit_time_sql . ' - ORDER BY ' . $sort_order_sql; + $limit_time_sql; + + $sql_ary = array( + 'SELECT' => 'u.username, u.username_clean, u.user_colour, p.*', + 'FROM' => array( + POSTS_TABLE => 'p', + USERS_TABLE => 'u' + ), + 'LEFT_JOIN' => array(), + 'WHERE' => $sql_where, + 'ORDER_BY' => $sort_order_sql, + ); + + /** + * Event to modify the SQL query before the MCP topic review posts is queried + * + * @event core.mcp_topic_modify_sql_ary + * @var array sql_ary The SQL array to get the data of the MCP topic review posts + * @since 3.2.8-RC1 + */ + $vars = array('sql_ary'); + extract($phpbb_dispatcher->trigger_event('core.mcp_topic_modify_sql_ary', compact($vars))); + + $sql = $db->sql_build_query('SELECT', $sql_ary); + unset($sql_ary); + $result = $db->sql_query_limit($sql, $posts_per_page, $start); $rowset = $post_id_list = array(); diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index 0b79cca864..e1c28223dc 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -1525,6 +1525,35 @@ class parse_message extends bbcode_firstpass } /** + * Check attachment form token depending on submit type + * + * @param \phpbb\language\language $language Language + * @param \phpbb\request\request_interface $request Request + * @param string $form_name Form name for checking form key + * + * @return bool True if form token is not needed or valid, false if needed and invalid + */ + function check_attachment_form_token(\phpbb\language\language $language, \phpbb\request\request_interface $request, $form_name) + { + $add_file = $request->is_set_post('add_file'); + $delete_file = $request->is_set_post('delete_file'); + + if (($add_file || $delete_file) && !check_form_key($form_name)) + { + $this->warn_msg[] = $language->lang('FORM_INVALID'); + + if ($request->is_ajax() && $this->plupload) + { + $this->plupload->emit_error(-400, 'FORM_INVALID'); + } + + return false; + } + + return true; + } + + /** * Parse Attachments */ function parse_attachments($form_name, $mode, $forum_id, $submit, $preview, $refresh, $is_message = false) diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index cb45112b01..06baa279a5 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -26,7 +26,7 @@ if (!defined('IN_PHPBB')) function compose_pm($id, $mode, $action, $user_folders = array()) { global $template, $db, $auth, $user, $cache; - global $phpbb_root_path, $phpEx, $config; + global $phpbb_root_path, $phpEx, $config, $language; global $request, $phpbb_dispatcher, $phpbb_container; // Damn php and globals - i know, this is horrible @@ -799,7 +799,10 @@ function compose_pm($id, $mode, $action, $user_folders = array()) extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_modify_parse_before', compact($vars))); // Parse Attachments - before checksum is calculated - $message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true); + if ($message_parser->check_attachment_form_token($language, $request, 'ucp_pm_compose')) + { + $message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true); + } if (count($message_parser->warn_msg) && !($remove_u || $remove_g || $add_to || $add_bcc)) { |