diff options
Diffstat (limited to 'phpBB/includes')
85 files changed, 3363 insertions, 1116 deletions
| diff --git a/phpBB/includes/acm/acm_file.php b/phpBB/includes/acm/acm_file.php index 5c1876d006..524a28561e 100644 --- a/phpBB/includes/acm/acm_file.php +++ b/phpBB/includes/acm/acm_file.php @@ -88,11 +88,11 @@ class acm  			if (!phpbb_is_writable($this->cache_dir))  			{  				// We need to use die() here, because else we may encounter an infinite loop (the message handler calls $cache->unload()) -				die($this->cache_dir . ' is NOT writable.'); +				die('Fatal: ' . $this->cache_dir . ' is NOT writable.');  				exit;  			} -			die('Not able to open ' . $this->cache_dir . 'data_global.' . $phpEx); +			die('Fatal: Not able to open ' . $this->cache_dir . 'data_global.' . $phpEx);  			exit;  		} diff --git a/phpBB/includes/acm/acm_redis.php b/phpBB/includes/acm/acm_redis.php new file mode 100644 index 0000000000..41533eaacb --- /dev/null +++ b/phpBB/includes/acm/acm_redis.php @@ -0,0 +1,145 @@ +<?php +/** +* +* @package acm +* @copyright (c) 2011 phpBB Group +* @license http://opensource.org/licenses/gpl-license.php GNU Public License +* +*/ + +/** +* @ignore +*/ +if (!defined('IN_PHPBB')) +{ +	exit; +} + +// Include the abstract base +if (!class_exists('acm_memory')) +{ +	require("{$phpbb_root_path}includes/acm/acm_memory.$phpEx"); +} + +if (!defined('PHPBB_ACM_REDIS_PORT')) +{ +	define('PHPBB_ACM_REDIS_PORT', 6379); +} + +if (!defined('PHPBB_ACM_REDIS_HOST')) +{ +	define('PHPBB_ACM_REDIS_HOST', 'localhost'); +} + +/** +* ACM for Redis +* +* Compatible with the php extension phpredis available +* at https://github.com/nicolasff/phpredis +* +* @package acm +*/ +class acm extends acm_memory +{ +	var $extension = 'redis'; + +	var $redis; + +	function acm() +	{ +		// Call the parent constructor +		parent::acm_memory(); + +		$this->redis = new Redis(); +		$this->redis->connect(PHPBB_ACM_REDIS_HOST, PHPBB_ACM_REDIS_PORT); + +		if (defined('PHPBB_ACM_REDIS_PASSWORD')) +		{ +			if (!$this->redis->auth(PHPBB_ACM_REDIS_PASSWORD)) +			{ +				global $acm_type; + +				trigger_error("Incorrect password for the ACM module $acm_type.", E_USER_ERROR); +			} +		} + +		$this->redis->setOption(Redis::OPT_SERIALIZER, Redis::SERIALIZER_PHP); +		$this->redis->setOption(Redis::OPT_PREFIX, $this->key_prefix); + +		if (defined('PHPBB_ACM_REDIS_DB')) +		{ +			if (!$this->redis->select(PHPBB_ACM_REDIS_DB)) +			{ +				global $acm_type; + +				trigger_error("Incorrect database for the ACM module $acm_type.", E_USER_ERROR); +			} +		} +	} + +	/** +	* Unload the cache resources +	* +	* @return void +	*/ +	function unload() +	{ +		parent::unload(); + +		$this->redis->close(); +	} + +	/** +	* Purge cache data +	* +	* @return void +	*/ +	function purge() +	{ +		$this->redis->flushDB(); + +		parent::purge(); +	} + +	/** +	* Fetch an item from the cache +	* +	* @access protected +	* @param string $var Cache key +	* @return mixed Cached data +	*/ +	function _read($var) +	{ +		return $this->redis->get($var); +	} + +	/** +	* Store data in the cache +	* +	* @access protected +	* @param string $var Cache key +	* @param mixed $data Data to store +	* @param int $ttl Time-to-live of cached data +	* @return bool True if the operation succeeded +	*/ +	function _write($var, $data, $ttl = 2592000) +	{ +		return $this->redis->setex($var, $ttl, $data); +	} + +	/** +	* Remove an item from the cache +	* +	* @access protected +	* @param string $var Cache key +	* @return bool True if the operation succeeded +	*/ +	function _delete($var) +	{ +		if ($this->redis->delete($var) > 0) +		{ +			return true; +		} +		return false; +	} +} diff --git a/phpBB/includes/acm/acm_wincache.php b/phpBB/includes/acm/acm_wincache.php new file mode 100644 index 0000000000..0501ab74c5 --- /dev/null +++ b/phpBB/includes/acm/acm_wincache.php @@ -0,0 +1,84 @@ +<?php +/** +* +* @package acm +* @copyright (c) 2010 phpBB Group +* @license http://opensource.org/licenses/gpl-license.php GNU Public License +* +*/ + +/** +* @ignore +*/ +if (!defined('IN_PHPBB')) +{ +	exit; +} + +// Include the abstract base +if (!class_exists('acm_memory')) +{ +	require("{$phpbb_root_path}includes/acm/acm_memory.$phpEx"); +} + +/** +* ACM for WinCache +* @package acm +*/ +class acm extends acm_memory +{ +	var $extension = 'wincache'; + +	/** +	* Purge cache data +	* +	* @return void +	*/ +	function purge() +	{ +		wincache_ucache_clear(); + +		parent::purge(); +	} + +	/** +	* Fetch an item from the cache +	* +	* @access protected +	* @param string $var Cache key +	* @return mixed Cached data +	*/ +	function _read($var) +	{ +		$success = false; +		$result = wincache_ucache_get($this->key_prefix . $var, $success); + +		return ($success) ? $result : false; +	} + +	/** +	* Store data in the cache +	* +	* @access protected +	* @param string $var Cache key +	* @param mixed $data Data to store +	* @param int $ttl Time-to-live of cached data +	* @return bool True if the operation succeeded +	*/ +	function _write($var, $data, $ttl = 2592000) +	{ +		return wincache_ucache_set($this->key_prefix . $var, $data, $ttl); +	} + +	/** +	* Remove an item from the cache +	* +	* @access protected +	* @param string $var Cache key +	* @return bool True if the operation succeeded +	*/ +	function _delete($var) +	{ +		return wincache_ucache_delete($this->key_prefix . $var); +	} +} diff --git a/phpBB/includes/acp/acp_ban.php b/phpBB/includes/acp/acp_ban.php index a7ea57b753..f8af1b86e1 100644 --- a/phpBB/includes/acp/acp_ban.php +++ b/phpBB/includes/acp/acp_ban.php @@ -175,12 +175,21 @@ class acp_ban  		}  		$result = $db->sql_query($sql); -		$banned_options = ''; +		$banned_options = $excluded_options = array();  		$ban_length = $ban_reasons = $ban_give_reasons = array();  		while ($row = $db->sql_fetchrow($result))  		{ -			$banned_options .= '<option' . (($row['ban_exclude']) ? ' class="sep"' : '') . ' value="' . $row['ban_id'] . '">' . $row[$field] . '</option>'; +			$option = '<option value="' . $row['ban_id'] . '">' . $row[$field] . '</option>'; + +			if ($row['ban_exclude']) +			{ +				$excluded_options[] = $option; +			} +			else +			{ +				$banned_options[] = $option; +			}  			$time_length = ($row['ban_end']) ? ($row['ban_end'] - $row['ban_start']) / 60 : 0; @@ -241,11 +250,26 @@ class acp_ban  			}  		} +		$options = ''; +		if ($excluded_options) +		{ +			$options .= '<optgroup label="' . $user->lang['OPTIONS_EXCLUDED'] . '">'; +			$options .= implode('', $excluded_options); +			$options .= '</optgroup>'; +		} + +		if ($banned_options) +		{ +			$options .= '<optgroup label="' . $user->lang['OPTIONS_BANNED'] . '">'; +			$options .= implode('', $banned_options); +			$options .= '</optgroup>'; +		} +  		$template->assign_vars(array(  			'S_BAN_END_OPTIONS'	=> $ban_end_options, -			'S_BANNED_OPTIONS'	=> ($banned_options) ? true : false, -			'BANNED_OPTIONS'	=> $banned_options) -		); +			'S_BANNED_OPTIONS'	=> ($banned_options || $excluded_options) ? true : false, +			'BANNED_OPTIONS'	=> $options, +		));  	}  } diff --git a/phpBB/includes/acp/acp_bbcodes.php b/phpBB/includes/acp/acp_bbcodes.php index 2b706394c4..0644b38eb1 100644 --- a/phpBB/includes/acp/acp_bbcodes.php +++ b/phpBB/includes/acp/acp_bbcodes.php @@ -213,7 +213,7 @@ class acp_bbcodes  							$bbcode_id = NUM_CORE_BBCODES + 1;  						} -						if ($bbcode_id > 1511) +						if ($bbcode_id > BBCODE_LIMIT)  						{  							trigger_error($user->lang['TOO_MANY_BBCODES'] . adm_back_link($this->u_action), E_USER_WARNING);  						} diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index a5e80e1f6d..f437dca8f9 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -188,7 +188,7 @@ class acp_board  						'hot_threshold'			=> array('lang' => 'HOT_THRESHOLD',			'validate' => 'int:0',		'type' => 'text:3:4', 'explain' => true),  						'max_poll_options'		=> array('lang' => 'MAX_POLL_OPTIONS',		'validate' => 'int:2:127',	'type' => 'text:4:4', 'explain' => false),  						'max_post_chars'		=> array('lang' => 'CHAR_LIMIT',			'validate' => 'int:0',		'type' => 'text:4:6', 'explain' => true), -						'min_post_chars'		=> array('lang' => 'MIN_CHAR_LIMIT',		'validate' => 'int:0',		'type' => 'text:4:6', 'explain' => true), +						'min_post_chars'		=> array('lang' => 'MIN_CHAR_LIMIT',		'validate' => 'int:1',		'type' => 'text:4:6', 'explain' => true),  						'max_post_smilies'		=> array('lang' => 'SMILIES_LIMIT',			'validate' => 'int:0',		'type' => 'text:4:4', 'explain' => true),  						'max_post_urls'			=> array('lang' => 'MAX_POST_URLS',			'validate' => 'int:0',		'type' => 'text:5:4', 'explain' => true),  						'max_post_font_size'	=> array('lang' => 'MAX_POST_FONT_SIZE',	'validate' => 'int:0',		'type' => 'text:5:4', 'explain' => true, 'append' => ' %'), @@ -234,7 +234,7 @@ class acp_board  						'max_name_chars'		=> array('lang' => 'USERNAME_LENGTH', 'validate' => 'int:8:180', 'type' => false, 'method' => false, 'explain' => false,),  						'max_pass_chars'		=> array('lang' => 'PASSWORD_LENGTH', 'validate' => 'int:8:255', 'type' => false, 'method' => false, 'explain' => false,), -						'require_activation'	=> array('lang' => 'ACC_ACTIVATION',	'validate' => 'int',	'type' => 'custom', 'method' => 'select_acc_activation', 'explain' => true), +						'require_activation'	=> array('lang' => 'ACC_ACTIVATION',	'validate' => 'int',	'type' => 'select', 'method' => 'select_acc_activation', 'explain' => true),  						'new_member_post_limit'	=> array('lang' => 'NEW_MEMBER_POST_LIMIT', 'validate' => 'int:0:255', 'type' => 'text:4:4', 'explain' => true, 'append' => ' ' . $user->lang['POSTS']),  						'new_member_group_default'=> array('lang' => 'NEW_MEMBER_GROUP_DEFAULT', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),  						'min_name_chars'		=> array('lang' => 'USERNAME_LENGTH',	'validate' => 'int:1',	'type' => 'custom:5:180', 'method' => 'username_length', 'explain' => true), @@ -383,9 +383,14 @@ class acp_board  						'referer_validation'	=> array('lang' => 'REFERER_VALID',		'validate' => 'int:0:3','type' => 'custom', 'method' => 'select_ref_check', 'explain' => true),  						'check_dnsbl'			=> array('lang' => 'CHECK_DNSBL',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),  						'email_check_mx'		=> array('lang' => 'EMAIL_CHECK_MX',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true), +						'max_pass_chars'		=> array('lang' => 'PASSWORD_LENGTH', 'validate' => 'int:8:255', 'type' => false, 'method' => false, 'explain' => false,), +						'min_pass_chars'		=> array('lang' => 'PASSWORD_LENGTH',	'validate' => 'int:1',	'type' => 'custom', 'method' => 'password_length', 'explain' => true),  						'pass_complex'			=> array('lang' => 'PASSWORD_TYPE',			'validate' => 'string',	'type' => 'select', 'method' => 'select_password_chars', 'explain' => true),  						'chg_passforce'			=> array('lang' => 'FORCE_PASS_CHANGE',		'validate' => 'int:0',	'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']),  						'max_login_attempts'	=> array('lang' => 'MAX_LOGIN_ATTEMPTS',	'validate' => 'int:0',	'type' => 'text:3:3', 'explain' => true), +						'ip_login_limit_max'	=> array('lang' => 'IP_LOGIN_LIMIT_MAX',	'validate' => 'int:0',	'type' => 'text:3:3', 'explain' => true), +						'ip_login_limit_time'	=> array('lang' => 'IP_LOGIN_LIMIT_TIME',	'validate' => 'int:0',	'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']), +						'ip_login_limit_use_forwarded'	=> array('lang' => 'IP_LOGIN_LIMIT_USE_FORWARDED',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),  						'tpl_allow_php'			=> array('lang' => 'TPL_ALLOW_PHP',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),  						'form_token_lifetime'	=> array('lang' => 'FORM_TIME_MAX',			'validate' => 'int:-1',	'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),  						'form_token_sid_guests'	=> array('lang' => 'FORM_SID_GUESTS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true), @@ -765,17 +770,28 @@ class acp_board  	/**  	* Select account activation method  	*/ -	function select_acc_activation($value, $key = '') +	function select_acc_activation($selected_value, $value)  	{  		global $user, $config; -		$radio_ary = array(USER_ACTIVATION_DISABLE => 'ACC_DISABLE', USER_ACTIVATION_NONE => 'ACC_NONE'); +		$act_ary = array( +		  'ACC_DISABLE' => USER_ACTIVATION_DISABLE, +		  'ACC_NONE' => USER_ACTIVATION_NONE, +		);  		if ($config['email_enable'])  		{ -			$radio_ary += array(USER_ACTIVATION_SELF => 'ACC_USER', USER_ACTIVATION_ADMIN => 'ACC_ADMIN'); +			$act_ary['ACC_USER'] = USER_ACTIVATION_SELF; +			$act_ary['ACC_ADMIN'] = USER_ACTIVATION_ADMIN; +		}		 +		$act_options = ''; + +		foreach ($act_ary as $key => $value) +		{ +			$selected = ($selected_value == $value) ? ' selected="selected"' : ''; +			$act_options .= '<option value="' . $value . '"' . $selected . '>' . $user->lang[$key] . '</option>';  		} -		return h_radio('config[require_activation]', $radio_ary, $value, $key); +		return $act_options;  	}  	/** diff --git a/phpBB/includes/acp/acp_captcha.php b/phpBB/includes/acp/acp_captcha.php index 1893eed14f..469a367bba 100644 --- a/phpBB/includes/acp/acp_captcha.php +++ b/phpBB/includes/acp/acp_captcha.php @@ -96,7 +96,7 @@ class acp_captcha  			}  			else if ($submit)  			{ -				trigger_error($user->lang['FORM_INVALID'] . adm_back_link(), E_USER_WARNING); +				trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);  			}  			else  			{ diff --git a/phpBB/includes/acp/acp_database.php b/phpBB/includes/acp/acp_database.php index 193dd001c0..758cd10434 100644 --- a/phpBB/includes/acp/acp_database.php +++ b/phpBB/includes/acp/acp_database.php @@ -21,6 +21,7 @@ if (!defined('IN_PHPBB'))  */  class acp_database  { +	var $db_tools;  	var $u_action;  	function main($id, $mode) @@ -28,6 +29,12 @@ class acp_database  		global $cache, $db, $user, $auth, $template, $table_prefix;  		global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx; +		if (!class_exists('phpbb_db_tools')) +		{ +			require($phpbb_root_path . 'includes/db/db_tools.' . $phpEx); +		} +		$this->db_tools = new phpbb_db_tools($db); +  		$user->add_lang('acp/database');  		$this->tpl_name = 'acp_database'; @@ -50,7 +57,7 @@ class acp_database  				{  					case 'download':  						$type	= request_var('type', ''); -						$table	= request_var('table', array('')); +						$table	= array_intersect($this->db_tools->sql_list_tables(), request_var('table', array('')));  						$format	= request_var('method', '');  						$where	= request_var('where', ''); @@ -173,8 +180,7 @@ class acp_database  					break;  					default: -						include($phpbb_root_path . 'includes/functions_install.' . $phpEx); -						$tables = get_tables($db); +						$tables = $this->db_tools->sql_list_tables();  						asort($tables);  						foreach ($tables as $table_name)  						{ @@ -221,6 +227,7 @@ class acp_database  					case 'submit':  						$delete = request_var('delete', '');  						$file = request_var('file', ''); +						$download = request_var('download', '');  						if (!preg_match('#^backup_\d{10,}_[a-z\d]{16}\.(sql(?:\.(?:gz|bz2))?)$#', $file, $matches))  						{ @@ -247,10 +254,8 @@ class acp_database  								confirm_box(false, $user->lang['DELETE_SELECTED_BACKUP'], build_hidden_fields(array('delete' => $delete, 'file' => $file)));  							}  						} -						else +						else if ($download || confirm_box(true))  						{ -							$download = request_var('download', ''); -  							if ($download)  							{  								$name = $matches[0]; @@ -411,6 +416,10 @@ class acp_database  							trigger_error($user->lang['RESTORE_SUCCESS'] . adm_back_link($this->u_action));  							break;  						} +						else if (!$download) +						{ +							confirm_box(false, $user->lang['RESTORE_SELECTED_BACKUP'], build_hidden_fields(array('file' => $file))); +						}  					default:  						$methods = array('sql'); diff --git a/phpBB/includes/acp/acp_disallow.php b/phpBB/includes/acp/acp_disallow.php index 9549955cc8..e2176b7bcd 100644 --- a/phpBB/includes/acp/acp_disallow.php +++ b/phpBB/includes/acp/acp_disallow.php @@ -56,6 +56,18 @@ class acp_disallow  				trigger_error($user->lang['NO_USERNAME_SPECIFIED'] . adm_back_link($this->u_action), E_USER_WARNING);  			} +			$sql = 'SELECT disallow_id +				FROM ' . DISALLOW_TABLE . " +				WHERE disallow_username = '" . $db->sql_escape($disallowed_user) . "'"; +			$result = $db->sql_query($sql); +			$row = $db->sql_fetchrow($result); +			$db->sql_freeresult($result); + +			if ($row) +			{ +				trigger_error($user->lang['DISALLOWED_ALREADY'] . adm_back_link($this->u_action), E_USER_WARNING); +			} +  			$sql = 'INSERT INTO ' . DISALLOW_TABLE . ' ' . $db->sql_build_array('INSERT', array('disallow_username' => $disallowed_user));  			$db->sql_query($sql); diff --git a/phpBB/includes/acp/acp_email.php b/phpBB/includes/acp/acp_email.php index 350693a630..df0d44c0c5 100644 --- a/phpBB/includes/acp/acp_email.php +++ b/phpBB/includes/acp/acp_email.php @@ -82,23 +82,48 @@ class acp_email  				{  					if ($group_id)  					{ -						$sql = 'SELECT u.user_email, u.username, u.username_clean, u.user_lang, u.user_jabber, u.user_notify_type -							FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . ' ug -							WHERE ug.group_id = ' . $group_id . ' +						$sql_ary = array( +							'SELECT'	=> 'u.user_email, u.username, u.username_clean, u.user_lang, u.user_jabber, u.user_notify_type', +							'FROM'		=> array( +								USERS_TABLE			=> 'u', +								USER_GROUP_TABLE	=> 'ug', +							), +							'WHERE'		=> 'ug.group_id = ' . $group_id . '  								AND ug.user_pending = 0  								AND u.user_id = ug.user_id  								AND u.user_allow_massemail = 1 -								AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ') -							ORDER BY u.user_lang, u.user_notify_type'; +								AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')', +							'ORDER_BY'	=> 'u.user_lang, u.user_notify_type', +						);  					}  					else  					{ -						$sql = 'SELECT username, username_clean, user_email, user_jabber, user_notify_type, user_lang -							FROM ' . USERS_TABLE . ' -							WHERE user_allow_massemail = 1 -								AND user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ') -							ORDER BY user_lang, user_notify_type'; +						$sql_ary = array( +							'SELECT'	=> 'u.username, u.username_clean, u.user_email, u.user_jabber, u.user_lang, u.user_notify_type', +							'FROM'		=> array( +								USERS_TABLE	=> 'u', +							), +							'WHERE'		=> 'u.user_allow_massemail = 1 +								AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')', +							'ORDER_BY'	=> 'u.user_lang, u.user_notify_type', +						);  					} + +					// Mail banned or not +					if (!isset($_REQUEST['mail_banned_flag'])) +					{ +						$sql_ary['WHERE'] .= ' AND (b.ban_id IS NULL +						        OR b.ban_exclude = 1)'; +						$sql_ary['LEFT_JOIN'] = array( +							array( +								'FROM'	=> array( +									BANLIST_TABLE	=> 'b', +								), +								'ON'	=> 'u.user_id = b.ban_userid', +							), +						); +					} +					$sql = $db->sql_build_query('SELECT', $sql_ary);  				}  				$result = $db->sql_query($sql);  				$row = $db->sql_fetchrow($result); @@ -111,8 +136,9 @@ class acp_email  				$i = $j = 0; -				// Send with BCC, no more than 50 recipients for one mail (to not exceed the limit) -				$max_chunk_size = 50; +				// Send with BCC +				// Maximum number of bcc recipients +				$max_chunk_size = (int) $config['email_max_chunk_size'];  				$email_list = array();  				$old_lang = $row['user_lang'];  				$old_notify_type = $row['user_notify_type']; @@ -169,10 +195,7 @@ class acp_email  					$messenger->template('admin_send_email', $used_lang); -					$messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']); -					$messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']); -					$messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']); -					$messenger->headers('X-AntiAbuse: User IP - ' . $user->ip); +					$messenger->anti_abuse_headers($config, $user);  					$messenger->subject(htmlspecialchars_decode($subject));  					$messenger->set_mail_priority($priority); diff --git a/phpBB/includes/acp/acp_forums.php b/phpBB/includes/acp/acp_forums.php index 4d9b9f01e0..50e12a0f15 100644 --- a/phpBB/includes/acp/acp_forums.php +++ b/phpBB/includes/acp/acp_forums.php @@ -212,15 +212,11 @@ class acp_forums  						$message = ($action == 'add') ? $user->lang['FORUM_CREATED'] : $user->lang['FORUM_UPDATED']; -						// Redirect to permissions -						if ($auth->acl_get('a_fauth') && !$copied_permissions) -						{ -							$message .= '<br /><br />' . sprintf($user->lang['REDIRECT_ACL'], '<a href="' . append_sid("{$phpbb_admin_path}index.$phpEx", 'i=permissions' . $acl_url) . '">', '</a>'); -						} -  						// redirect directly to permission settings screen if authed  						if ($action == 'add' && !$copied_permissions && $auth->acl_get('a_fauth'))  						{ +							$message .= '<br /><br />' . sprintf($user->lang['REDIRECT_ACL'], '<a href="' . append_sid("{$phpbb_admin_path}index.$phpEx", 'i=permissions' . $acl_url) . '">', '</a>'); +  							meta_refresh(4, append_sid("{$phpbb_admin_path}index.$phpEx", 'i=permissions' . $acl_url));  						} @@ -875,7 +871,7 @@ class acp_forums  		$errors = array(); -		if (!$forum_data['forum_name']) +		if ($forum_data['forum_name'] == '')  		{  			$errors[] = $user->lang['FORUM_NAME_EMPTY'];  		} diff --git a/phpBB/includes/acp/acp_icons.php b/phpBB/includes/acp/acp_icons.php index 3d64a2acda..24f6cbbcbf 100644 --- a/phpBB/includes/acp/acp_icons.php +++ b/phpBB/includes/acp/acp_icons.php @@ -394,6 +394,10 @@ class acp_icons  					{  						// skip images where add wasn't checked  					} +					else if (!file_exists($phpbb_root_path . $img_path . '/' . $image)) +					{ +						$errors[$image] = 'SMILIE_NO_FILE'; +					}  					else  					{  						if ($image_width[$image] == 0 || $image_height[$image] == 0) diff --git a/phpBB/includes/acp/acp_inactive.php b/phpBB/includes/acp/acp_inactive.php index 1a12c4967c..f3f332d707 100644 --- a/phpBB/includes/acp/acp_inactive.php +++ b/phpBB/includes/acp/acp_inactive.php @@ -118,10 +118,7 @@ class acp_inactive  								$messenger->to($row['user_email'], $row['username']); -								$messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']); -								$messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']); -								$messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']); -								$messenger->headers('X-AntiAbuse: User IP - ' . $user->ip); +								$messenger->anti_abuse_headers($config, $user);  								$messenger->assign_vars(array(  									'USERNAME'	=> htmlspecialchars_decode($row['username'])) @@ -209,10 +206,7 @@ class acp_inactive  							$messenger->to($row['user_email'], $row['username']);  							$messenger->im($row['user_jabber'], $row['username']); -							$messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']); -							$messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']); -							$messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']); -							$messenger->headers('X-AntiAbuse: User IP - ' . $user->ip); +							$messenger->anti_abuse_headers($config, $user);  							$messenger->assign_vars(array(  								'USERNAME'		=> htmlspecialchars_decode($row['username']), @@ -301,7 +295,7 @@ class acp_inactive  			'PAGINATION'	=> generate_pagination($this->u_action . "&$u_sort_param&users_per_page=$per_page", $inactive_count, $per_page, $start, true),  			'USERS_PER_PAGE'	=> $per_page, -			'U_ACTION'		=> $this->u_action . '&start=' . $start, +			'U_ACTION'		=> $this->u_action . "&$u_sort_param&users_per_page=$per_page&start=$start",  		));  		$this->tpl_name = 'acp_inactive'; diff --git a/phpBB/includes/acp/acp_language.php b/phpBB/includes/acp/acp_language.php index c2cb2f9c11..d560cdd0c5 100644 --- a/phpBB/includes/acp/acp_language.php +++ b/phpBB/includes/acp/acp_language.php @@ -919,6 +919,9 @@ class acp_language  				$default_lang_id = (int) $db->sql_fetchfield('lang_id');  				$db->sql_freeresult($result); +				// We want to notify the admin that custom profile fields need to be updated for the new language. +				$notify_cpf_update = false; +  				// From the mysql documentation:  				// Prior to MySQL 4.0.14, the target table of the INSERT statement cannot appear in the FROM clause of the SELECT part of the query. This limitation is lifted in 4.0.14.  				// Due to this we stay on the safe side if we do the insertion "the manual way" @@ -932,6 +935,7 @@ class acp_language  				{  					$row['lang_id'] = $lang_id;  					$db->sql_query('INSERT INTO ' . PROFILE_LANG_TABLE . ' ' . $db->sql_build_array('INSERT', $row)); +					$notify_cpf_update = true;  				}  				$db->sql_freeresult($result); @@ -944,12 +948,15 @@ class acp_language  				{  					$row['lang_id'] = $lang_id;  					$db->sql_query('INSERT INTO ' . PROFILE_FIELDS_LANG_TABLE . ' ' . $db->sql_build_array('INSERT', $row)); +					$notify_cpf_update = true;  				}  				$db->sql_freeresult($result);  				add_log('admin', 'LOG_LANGUAGE_PACK_INSTALLED', $lang_pack['name']); -				trigger_error(sprintf($user->lang['LANGUAGE_PACK_INSTALLED'], $lang_pack['name']) . adm_back_link($this->u_action)); +				$message = sprintf($user->lang['LANGUAGE_PACK_INSTALLED'], $lang_pack['name']); +				$message .= ($notify_cpf_update) ? '<br /><br />' . $user->lang['LANGUAGE_PACK_CPF_UPDATE'] : ''; +				trigger_error($message . adm_back_link($this->u_action));  			break; @@ -1055,14 +1062,14 @@ class acp_language  				$iso_src .= htmlspecialchars_decode($row['lang_author']);  				$compress->add_data($iso_src, 'language/' . $row['lang_iso'] . '/iso.txt'); -				// index.html files -				$compress->add_data('', 'language/' . $row['lang_iso'] . '/index.html'); -				$compress->add_data('', 'language/' . $row['lang_iso'] . '/email/index.html'); -				$compress->add_data('', 'language/' . $row['lang_iso'] . '/acp/index.html'); +				// index.htm files +				$compress->add_data('', 'language/' . $row['lang_iso'] . '/index.htm'); +				$compress->add_data('', 'language/' . $row['lang_iso'] . '/email/index.htm'); +				$compress->add_data('', 'language/' . $row['lang_iso'] . '/acp/index.htm');  				if (sizeof($mod_files))  				{ -					$compress->add_data('', 'language/' . $row['lang_iso'] . '/mods/index.html'); +					$compress->add_data('', 'language/' . $row['lang_iso'] . '/mods/index.htm');  				}  				$compress->close(); @@ -1217,7 +1224,7 @@ $lang = array_merge($lang, array(  ';  		// Language files in language root directory -		$this->main_files = array("common.$phpEx", "groups.$phpEx", "install.$phpEx", "mcp.$phpEx", "memberlist.$phpEx", "posting.$phpEx", "search.$phpEx", "ucp.$phpEx", "viewforum.$phpEx", "viewtopic.$phpEx", "help_bbcode.$phpEx", "help_faq.$phpEx"); +		$this->main_files = array("captcha_qa.$phpEx", "captcha_recaptcha.$phpEx", "common.$phpEx", "groups.$phpEx", "install.$phpEx", "mcp.$phpEx", "memberlist.$phpEx", "posting.$phpEx", "search.$phpEx", "ucp.$phpEx", "viewforum.$phpEx", "viewtopic.$phpEx", "help_bbcode.$phpEx", "help_faq.$phpEx");  	}  	/** diff --git a/phpBB/includes/acp/acp_logs.php b/phpBB/includes/acp/acp_logs.php index 0f4f78fcdd..2fc86e325f 100644 --- a/phpBB/includes/acp/acp_logs.php +++ b/phpBB/includes/acp/acp_logs.php @@ -127,12 +127,12 @@ class acp_logs  		// Grab log data  		$log_data = array();  		$log_count = 0; -		view_log($mode, $log_data, $log_count, $config['topics_per_page'], $start, $forum_id, 0, 0, $sql_where, $sql_sort, $keywords); +		$start = view_log($mode, $log_data, $log_count, $config['topics_per_page'], $start, $forum_id, 0, 0, $sql_where, $sql_sort, $keywords);  		$template->assign_vars(array(  			'L_TITLE'		=> $l_title,  			'L_EXPLAIN'		=> $l_title_explain, -			'U_ACTION'		=> $this->u_action, +			'U_ACTION'		=> $this->u_action . "&$u_sort_param$keywords_param&start=$start",  			'S_ON_PAGE'		=> on_page($log_count, $config['topics_per_page'], $start),  			'PAGINATION'	=> generate_pagination($this->u_action . "&$u_sort_param$keywords_param", $log_count, $config['topics_per_page'], $start, true), diff --git a/phpBB/includes/acp/acp_main.php b/phpBB/includes/acp/acp_main.php index b8712b2a3d..cffe296651 100644 --- a/phpBB/includes/acp/acp_main.php +++ b/phpBB/includes/acp/acp_main.php @@ -201,7 +201,7 @@ class acp_main  						// No maximum post id? :o  						if (!$max_post_id)  						{ -							$sql = 'SELECT MAX(post_id) +							$sql = 'SELECT MAX(post_id) as max_post_id  								FROM ' . POSTS_TABLE;  							$result = $db->sql_query($sql);  							$max_post_id = (int) $db->sql_fetchfield('max_post_id'); @@ -398,11 +398,11 @@ class acp_main  		// Version check  		$user->add_lang('install'); -		if ($auth->acl_get('a_server') && version_compare(PHP_VERSION, '5.2.0', '<')) +		if ($auth->acl_get('a_server') && version_compare(PHP_VERSION, '5.3.2', '<'))  		{  			$template->assign_vars(array(  				'S_PHP_VERSION_OLD'	=> true, -				'L_PHP_VERSION_OLD'	=> sprintf($user->lang['PHP_VERSION_OLD'], '<a href="http://www.phpbb.com/community/viewtopic.php?f=14&t=1958605">', '</a>'), +				'L_PHP_VERSION_OLD'	=> sprintf($user->lang['PHP_VERSION_OLD'], '<a href="http://www.phpbb.com/community/viewtopic.php?f=14&t=2152375">', '</a>'),  			));  		} @@ -415,11 +415,8 @@ class acp_main  		{  			$latest_version_info = explode("\n", $latest_version_info); -			$latest_version = str_replace('rc', 'RC', strtolower(trim($latest_version_info[0]))); -			$current_version = str_replace('rc', 'RC', strtolower($config['version'])); -  			$template->assign_vars(array( -				'S_VERSION_UP_TO_DATE'	=> version_compare($current_version, $latest_version, '<') ? false : true, +				'S_VERSION_UP_TO_DATE'	=> phpbb_version_compare(trim($latest_version_info[0]), $config['version'], '<='),  			));  		} @@ -521,7 +518,7 @@ class acp_main  			'U_ADMIN_LOG'		=> append_sid("{$phpbb_admin_path}index.$phpEx", 'i=logs&mode=admin'),  			'U_INACTIVE_USERS'	=> append_sid("{$phpbb_admin_path}index.$phpEx", 'i=inactive&mode=list'),  			'U_VERSIONCHECK'	=> append_sid("{$phpbb_admin_path}index.$phpEx", 'i=update&mode=version_check'), -			'U_VERSIONCHECK_FORCE'	=> append_sid("{$phpbb_admin_path}index.$phpEx", 'i=1&versioncheck_force=1'), +			'U_VERSIONCHECK_FORCE'	=> append_sid("{$phpbb_admin_path}index.$phpEx", 'versioncheck_force=1'),  			'S_ACTION_OPTIONS'	=> ($auth->acl_get('a_board')) ? true : false,  			'S_FOUNDER'			=> ($user->data['user_type'] == USER_FOUNDER) ? true : false, @@ -529,7 +526,7 @@ class acp_main  		);  		$log_data = array(); -		$log_count = 0; +		$log_count = false;  		if ($auth->acl_get('a_viewlogs'))  		{ @@ -603,6 +600,17 @@ class acp_main  			$template->assign_var('S_WRITABLE_CONFIG', (bool) (@fileperms($phpbb_root_path . 'config.' . $phpEx) & 0x0002));  		} +		if (extension_loaded('mbstring')) +		{ +			$template->assign_vars(array( +				'S_MBSTRING_LOADED'						=> true, +				'S_MBSTRING_FUNC_OVERLOAD_FAIL'			=> (intval(@ini_get('mbstring.func_overload')) & (MB_OVERLOAD_MAIL | MB_OVERLOAD_STRING)), +				'S_MBSTRING_ENCODING_TRANSLATION_FAIL'	=> (@ini_get('mbstring.encoding_translation') != 0), +				'S_MBSTRING_HTTP_INPUT_FAIL'			=> (@ini_get('mbstring.http_input') != 'pass'), +				'S_MBSTRING_HTTP_OUTPUT_FAIL'			=> (@ini_get('mbstring.http_output') != 'pass'), +			)); +		} +  		// Fill dbms version if not yet filled  		if (empty($config['dbms_version']))  		{ diff --git a/phpBB/includes/acp/acp_php_info.php b/phpBB/includes/acp/acp_php_info.php index 0499095004..7dd345971a 100644 --- a/phpBB/includes/acp/acp_php_info.php +++ b/phpBB/includes/acp/acp_php_info.php @@ -67,6 +67,9 @@ class acp_php_info  		$output = preg_replace('#<img border="0"#i', '<img', $output);  		$output = str_replace(array('class="e"', 'class="v"', 'class="h"', '<hr />', '<font', '</font>'), array('class="row1"', 'class="row2"', '', '', '<span', '</span>'), $output); +		// Fix invalid anchor names (eg "module_Zend Optimizer") +		$output = preg_replace_callback('#<a name="([^"]+)">#', array($this, 'remove_spaces'), $output); +  		if (empty($output))  		{  			trigger_error('NO_PHPINFO_AVAILABLE', E_USER_WARNING); @@ -79,6 +82,11 @@ class acp_php_info  		$template->assign_var('PHPINFO', $output);  	} +	 +	function remove_spaces($matches) +	{ +		return '<a name="' . str_replace(' ', '_', $matches[1]) . '">'; +	}  }  ?>
\ No newline at end of file diff --git a/phpBB/includes/acp/acp_profile.php b/phpBB/includes/acp/acp_profile.php index 2288a0728b..a591474fce 100644 --- a/phpBB/includes/acp/acp_profile.php +++ b/phpBB/includes/acp/acp_profile.php @@ -504,15 +504,38 @@ class acp_profile  							}  						}  					} -					/* else if ($field_type == FIELD_BOOL && $key == 'field_default_value') +					else if ($field_type == FIELD_BOOL && $key == 'field_default_value')  					{ -						// Get the number of options if this key is 'field_maxlen' -						$var = request_var('field_default_value', 0); -					}*/ +						// 'field_length' == 1 defines radio buttons. Possible values are 1 or 2 only. +						// 'field_length' == 2 defines checkbox. Possible values are 0 or 1 only. +						// If we switch the type on step 2, we have to adjust field value. +						// 1 is a common value for the checkbox and radio buttons. + +						// Adjust unchecked checkbox value. +						// If we return or save settings from 2nd/3rd page +						// and the checkbox is unchecked, set the value to 0. +						if (isset($_REQUEST['step']) && !isset($_REQUEST[$key])) +						{ +							$var = 0; +						} + +						// If we switch to the checkbox type but former radio buttons value was 2, +						// which is not the case for the checkbox, set it to 0 (unchecked). +						if ($cp->vars['field_length'] == 2 && $var == 2) +						{ +							$var = 0; +						} +						// If we switch to the radio buttons but the former checkbox value was 0, +						// which is not the case for the radio buttons, set it to 0. +						else if ($cp->vars['field_length'] == 1 && $var == 0) +						{ +							$var = 2; +						} +					}  					else if ($field_type == FIELD_INT && $key == 'field_default_value')  					{  						// Permit an empty string -						if (request_var('field_default_value', '') === '') +						if ($action == 'create' && request_var('field_default_value', '') === '')  						{  							$var = '';  						} @@ -676,6 +699,10 @@ class acp_profile  						{  							$_new_key_ary[$key] = utf8_normalize_nfc(request_var($key, array(array('')), true));  						} +						else if ($field_type == FIELD_BOOL && $key == 'field_default_value') +						{ +							$_new_key_ary[$key] =  request_var($key, $cp->vars[$key]); +						}  						else  						{  							if (!isset($_REQUEST[$key])) diff --git a/phpBB/includes/acp/acp_ranks.php b/phpBB/includes/acp/acp_ranks.php index fcfef2a61e..ea057cd84c 100644 --- a/phpBB/includes/acp/acp_ranks.php +++ b/phpBB/includes/acp/acp_ranks.php @@ -52,7 +52,7 @@ class acp_ranks  				}  				$rank_title = utf8_normalize_nfc(request_var('title', '', true));  				$special_rank = request_var('special_rank', 0); -				$min_posts = ($special_rank) ? 0 : request_var('min_posts', 0); +				$min_posts = ($special_rank) ? 0 : max(0, request_var('min_posts', 0));  				$rank_image = request_var('rank_image', '');  				// The rank image has to be a jpg, gif or png @@ -199,7 +199,7 @@ class acp_ranks  					'RANK_TITLE'		=> (isset($ranks['rank_title'])) ? $ranks['rank_title'] : '',  					'S_FILENAME_LIST'	=> $filename_list,  					'RANK_IMAGE'		=> ($edit_img) ? $phpbb_root_path . $config['ranks_path'] . '/' . $edit_img : $phpbb_admin_path . 'images/spacer.gif', -					'S_SPECIAL_RANK'	=> (!isset($ranks['rank_special']) || $ranks['rank_special']) ? true : false, +					'S_SPECIAL_RANK'	=> (isset($ranks['rank_special']) && $ranks['rank_special']) ? true : false,  					'MIN_POSTS'			=> (isset($ranks['rank_min']) && !$ranks['rank_special']) ? $ranks['rank_min'] : 0)  				); diff --git a/phpBB/includes/acp/acp_search.php b/phpBB/includes/acp/acp_search.php index 930c8d2a26..0cd67b1c34 100644 --- a/phpBB/includes/acp/acp_search.php +++ b/phpBB/includes/acp/acp_search.php @@ -392,7 +392,18 @@ class acp_search  									AND post_id <= ' . (int) ($post_counter + $this->batch_size);  							$result = $db->sql_query($sql); -							while ($row = $db->sql_fetchrow($result)) +							$buffer = $db->sql_buffer_nested_transactions(); + +							if ($buffer) +							{ +								$rows = $db->sql_fetchrowset($result); +								$rows[] = false; // indicate end of array for while loop below + +								$db->sql_freeresult($result); +							} + +							$i = 0; +							while ($row = ($buffer ? $rows[$i++] : $db->sql_fetchrow($result)))  							{  								// Indexing enabled for this forum or global announcement?  								// Global announcements get indexed by default. @@ -402,7 +413,10 @@ class acp_search  								}  								$row_count++;  							} -							$db->sql_freeresult($result); +							if (!$buffer) +							{ +								$db->sql_freeresult($result); +							}  							$post_counter += $this->batch_size;  						} diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php index 2ccc728031..47cd02bca7 100644 --- a/phpBB/includes/acp/acp_styles.php +++ b/phpBB/includes/acp/acp_styles.php @@ -99,11 +99,11 @@ parse_css_file = {PARSE_CSS_FILE}  		$this->template_cfg .= '  # Some configuration options -# -# You can use this function to inherit templates from another template. -# The template of the given name has to be installed. -# Templates cannot inherit from inheriting templates. -#'; +# Template inheritance +# See http://blog.phpbb.com/2008/07/31/templating-just-got-easier/ +# Set value to empty or this template name to ignore template inheritance. +inherit_from = {INHERIT_FROM} +';  		$this->imageset_keys = array(  			'logos' => array( @@ -510,6 +510,7 @@ parse_css_file = {PARSE_CSS_FILE}  							$db->sql_transaction('commit');  							$cache->destroy('sql', STYLES_IMAGESET_DATA_TABLE); +							$cache->destroy('imageset_site_logo_md5');  							add_log('admin', 'LOG_IMAGESET_REFRESHED', $imageset_row['imageset_name']);  							trigger_error($user->lang['IMAGESET_REFRESHED'] . adm_back_link($this->u_action)); @@ -539,12 +540,14 @@ parse_css_file = {PARSE_CSS_FILE}  		global $user, $template, $db, $config, $phpbb_root_path, $phpEx;  		$sql_from = ''; +		$sql_sort = 'LOWER(' . $mode . '_name)';  		$style_count = array();  		switch ($mode)  		{  			case 'style':  				$sql_from = STYLES_TABLE; +				$sql_sort = 'style_active DESC, ' . $sql_sort;  				$sql = 'SELECT user_style, COUNT(user_style) AS style_count  					FROM ' . USERS_TABLE . ' @@ -570,6 +573,9 @@ parse_css_file = {PARSE_CSS_FILE}  			case 'imageset':  				$sql_from = STYLES_IMAGESET_TABLE;  			break; +			 +			default: +				trigger_error($user->lang['NO_MODE'] . adm_back_link($this->u_action), E_USER_WARNING);  		}  		$l_prefix = strtoupper($mode); @@ -593,7 +599,8 @@ parse_css_file = {PARSE_CSS_FILE}  		);  		$sql = "SELECT * -			FROM $sql_from"; +			FROM $sql_from +			ORDER BY $sql_sort ASC";  		$result = $db->sql_query($sql);  		$installed = array(); @@ -629,6 +636,8 @@ parse_css_file = {PARSE_CSS_FILE}  				'NAME'					=> $row[$mode . '_name'],  				'STYLE_COUNT'			=> ($mode == 'style' && isset($style_count[$row['style_id']])) ? $style_count[$row['style_id']] : 0, + +				'S_INACTIVE'			=> ($mode == 'style' && !$row['style_active']) ? true : false,  				)  			);  		} @@ -658,7 +667,9 @@ parse_css_file = {PARSE_CSS_FILE}  						if ($name && !in_array($name, $installed))  						{ -							$new_ary[] = array( +							// The array key is used for sorting later on. +							// $file is appended because $name doesn't have to be unique. +							$new_ary[$name . $file] = array(  								'path'		=> $file,  								'name'		=> $name,  								'copyright'	=> $items['copyright'], @@ -674,6 +685,8 @@ parse_css_file = {PARSE_CSS_FILE}  		if (sizeof($new_ary))  		{ +			ksort($new_ary); +  			foreach ($new_ary as $cfg)  			{  				$template->assign_block_vars('uninstalled', array( @@ -716,7 +729,7 @@ parse_css_file = {PARSE_CSS_FILE}  		$save_changes	= (isset($_POST['save'])) ? true : false;  		// make sure template_file path doesn't go upwards -		$template_file = str_replace('..', '.', $template_file); +		$template_file = preg_replace('#\.{2,}#', '.', $template_file);  		// Retrieve some information about the template  		$sql = 'SELECT template_storedb, template_path, template_name @@ -1587,23 +1600,23 @@ parse_css_file = {PARSE_CSS_FILE}  		{  			case 'style':  				$sql_from = STYLES_TABLE; -				$sql_select = 'style_name'; +				$sql_select = 'style_id, style_name, template_id, theme_id, imageset_id';  				$sql_where = 'AND style_active = 1';  			break;  			case 'template':  				$sql_from = STYLES_TEMPLATE_TABLE; -				$sql_select = 'template_name, template_path, template_storedb'; +				$sql_select = 'template_id, template_name, template_path, template_storedb';  			break;  			case 'theme':  				$sql_from = STYLES_THEME_TABLE; -				$sql_select = 'theme_name, theme_path, theme_storedb'; +				$sql_select = 'theme_id, theme_name, theme_path, theme_storedb';  			break;  			case 'imageset':  				$sql_from = STYLES_IMAGESET_TABLE; -				$sql_select = 'imageset_name, imageset_path'; +				$sql_select = 'imageset_id, imageset_name, imageset_path';  			break;  		} @@ -1633,37 +1646,21 @@ parse_css_file = {PARSE_CSS_FILE}  			trigger_error($user->lang['NO_' . $l_prefix] . adm_back_link($this->u_action), E_USER_WARNING);  		} -		$sql = "SELECT {$mode}_id, {$mode}_name -			FROM $sql_from -			WHERE {$mode}_id <> $style_id -			$sql_where -			ORDER BY {$mode}_name ASC"; -		$result = $db->sql_query($sql); +		$s_only_component = $this->display_component_options($mode, $style_row[$mode . '_id'], $style_row); -		$s_options = ''; - -		if ($row = $db->sql_fetchrow($result)) -		{ -			do -			{ -				$s_options .= '<option value="' . $row[$mode . '_id'] . '">' . $row[$mode . '_name'] . '</option>'; -			} -			while ($row = $db->sql_fetchrow($result)); -		} -		else +		if ($s_only_component)  		{  			trigger_error($user->lang['ONLY_' . $l_prefix] . adm_back_link($this->u_action), E_USER_WARNING);  		} -		$db->sql_freeresult($result);  		if ($update)  		{ -			$sql = "DELETE FROM $sql_from -				WHERE {$mode}_id = $style_id"; -			$db->sql_query($sql); -  			if ($mode == 'style')  			{ +				$sql = "DELETE FROM $sql_from +					WHERE {$mode}_id = $style_id"; +				$db->sql_query($sql); +  				$sql = 'UPDATE ' . USERS_TABLE . "  					SET user_style = $new_id  					WHERE user_style = $style_id"; @@ -1678,19 +1675,19 @@ parse_css_file = {PARSE_CSS_FILE}  				{  					set_config('default_style', $new_id);  				} + +				// Remove the components +				$components = array('template', 'theme', 'imageset'); +				foreach ($components as $component) +				{ +					$new_id = request_var('new_' . $component . '_id', 0); +					$component_id = $style_row[$component . '_id']; +					$this->remove_component($component, $component_id, $new_id, $style_id); +				}  			}  			else  			{ -				if ($mode == 'imageset') -				{ -					$sql = 'DELETE FROM ' . STYLES_IMAGESET_DATA_TABLE . " -						WHERE imageset_id = $style_id"; -					$db->sql_query($sql); -				} -				$sql = 'UPDATE ' . STYLES_TABLE . " -					SET {$mode}_id = $new_id -					WHERE {$mode}_id = $style_id"; -				$db->sql_query($sql); +				$this->remove_component($mode, $style_id, $new_id);  			}  			$cache->destroy('sql', STYLES_TABLE); @@ -1704,7 +1701,6 @@ parse_css_file = {PARSE_CSS_FILE}  		$template->assign_vars(array(  			'S_DELETE'			=> true, -			'S_REPLACE_OPTIONS'	=> $s_options,  			'L_TITLE'			=> $user->lang[$this->page_title],  			'L_EXPLAIN'			=> $user->lang[$this->page_title . '_EXPLAIN'], @@ -1718,6 +1714,211 @@ parse_css_file = {PARSE_CSS_FILE}  			'NAME'			=> $style_row[$mode . '_name'],  			)  		); + +		if ($mode == 'style') +		{ +			$template->assign_vars(array( +				'S_DELETE_STYLE'		=> true, +			)); +		} +	} + +	/** +	* Remove template/theme/imageset entry from the database +	*/ +	function remove_component($component, $component_id, $new_id, $style_id = false) +	{ +		global $db; + +		if (($new_id == 0) || ($component === 'template' && ($conflicts = $this->check_inheritance($component, $component_id)))) +		{ +			// We can not delete the template, as the user wants to keep the component or an other template is inheriting from this one. +			return; +		} + +		$component_in_use = array(); +		if ($component != 'style') +		{ +			$component_in_use = $this->component_in_use($component, $component_id, $style_id); +		} + +		if (($new_id == -1) && !empty($component_in_use)) +		{ +			// We can not delete the component, as it is still in use +			return; +		} + +		if ($component == 'imageset') +		{ +			$sql = 'DELETE FROM ' . STYLES_IMAGESET_DATA_TABLE . " +				WHERE imageset_id = $component_id"; +			$db->sql_query($sql); +		} + +		switch ($component) +		{ +			case 'template': +				$sql_from = STYLES_TEMPLATE_TABLE; +			break; + +			case 'theme': +				$sql_from = STYLES_THEME_TABLE; +			break; + +			case 'imageset': +				$sql_from = STYLES_IMAGESET_TABLE;; +			break; +		} + +		$sql = "DELETE FROM $sql_from +			WHERE {$component}_id = $component_id"; +		$db->sql_query($sql); + +		$sql = 'UPDATE ' . STYLES_TABLE . " +			SET {$component}_id = $new_id +			WHERE {$component}_id = $component_id"; +		$db->sql_query($sql); +	} + +	/** +	* Display the options which can be used to replace a style/template/theme/imageset +	* +	* @return boolean Returns true if the component is the only component and can not be deleted. +	*/ +	function display_component_options($component, $component_id, $style_row = false, $style_id = false) +	{ +		global $db, $template, $user; + +		$is_only_component = true; +		$component_in_use = array(); +		if ($component != 'style') +		{ +			$component_in_use = $this->component_in_use($component, $component_id, $style_id); +		} + +		$sql_where = ''; +		switch ($component) +		{ +			case 'style': +				$sql_from = STYLES_TABLE; +				$sql_where = 'WHERE style_active = 1'; +			break; + +			case 'template': +				$sql_from = STYLES_TEMPLATE_TABLE; +				$sql_where = 'WHERE template_inherits_id <> ' . $component_id; +			break; + +			case 'theme': +				$sql_from = STYLES_THEME_TABLE; +			break; + +			case 'imageset': +				$sql_from = STYLES_IMAGESET_TABLE; +			break; +		} + +		$s_options = ''; +		if (($component != 'style') && empty($component_in_use)) +		{ +			// If it is not in use, there must be another component +			$is_only_component = false; + +			$sql = "SELECT {$component}_id, {$component}_name +				FROM $sql_from +				WHERE {$component}_id = {$component_id}"; +			$result = $db->sql_query($sql); +			$row = $db->sql_fetchrow($result); +			$db->sql_freeresult($result); + +			$s_options .= '<option value="-1" selected="selected">' . $user->lang['DELETE_' . strtoupper($component)] . '</option>'; +			$s_options .= '<option value="0">' . sprintf($user->lang['KEEP_' . strtoupper($component)], $row[$component . '_name']) . '</option>'; +		} +		else +		{ +			$sql = "SELECT {$component}_id, {$component}_name +				FROM $sql_from +				$sql_where +				ORDER BY {$component}_name ASC"; +			$result = $db->sql_query($sql); + +			$s_keep_option = $s_options = ''; +			while ($row = $db->sql_fetchrow($result)) +			{ +				if ($row[$component . '_id'] != $component_id) +				{ +					$is_only_component = false; +					$s_options .= '<option value="' . $row[$component . '_id'] . '">' . sprintf($user->lang['REPLACE_WITH_OPTION'], $row[$component . '_name']) . '</option>'; +				} +				else if ($component != 'style') +				{ +					$s_keep_option = '<option value="0" selected="selected">' . sprintf($user->lang['KEEP_' . strtoupper($component)], $row[$component . '_name']) . '</option>'; +				} +			} +			$db->sql_freeresult($result); +			$s_options = $s_keep_option . $s_options; +		} + +		if (!$style_row) +		{ +			$template->assign_var('S_REPLACE_' . strtoupper($component) . '_OPTIONS', $s_options); +		} +		else +		{ +			$template->assign_var('S_REPLACE_OPTIONS', $s_options); +			if ($component == 'style') +			{ +				$components = array('template', 'theme', 'imageset'); +				foreach ($components as $component) +				{ +					$this->display_component_options($component, $style_row[$component . '_id'], false, $component_id, true); +				} +			} +		} + +		return $is_only_component; +	} + +	/** +	* Check whether the component is still used by another style or component +	*/ +	function component_in_use($component, $component_id, $style_id = false) +	{ +		global $db; + +		$component_in_use = array(); + +		if ($style_id) +		{ +			$sql = 'SELECT style_id, style_name +				FROM ' . STYLES_TABLE . " +				WHERE {$component}_id = {$component_id} +					AND style_id <> {$style_id} +				ORDER BY style_name ASC"; +		} +		else +		{ +			$sql = 'SELECT style_id, style_name +				FROM ' . STYLES_TABLE . " +				WHERE {$component}_id = {$component_id} +				ORDER BY style_name ASC"; +		} +		$result = $db->sql_query($sql); +		while ($row = $db->sql_fetchrow($result)) +		{ +			$component_in_use[] = $row['style_name']; +		} +		$db->sql_freeresult($result); + +		if ($component === 'template' && ($conflicts = $this->check_inheritance($component, $component_id))) +		{ +			foreach ($conflicts as $temp_id => $conflict_data) +			{ +				$component_in_use[] = $conflict_data['template_name']; +			} +		} + +		return $component_in_use;  	}  	/** @@ -1850,9 +2051,7 @@ parse_css_file = {PARSE_CSS_FILE}  			// Export template core code  			if ($mode == 'template' || $inc_template)  			{ -				$template_cfg = str_replace(array('{MODE}', '{NAME}', '{COPYRIGHT}', '{VERSION}'), array($mode, $style_row['template_name'], $style_row['template_copyright'], $config['version']), $this->template_cfg); - -				$use_template_name = ''; +				$use_template_name = $style_row['template_name'];  				// Add the inherit from variable, depending on it's use...  				if ($style_row['template_inherits_id']) @@ -1866,7 +2065,8 @@ parse_css_file = {PARSE_CSS_FILE}  					$db->sql_freeresult($result);  				} -				$template_cfg .= ($use_template_name) ? "\ninherit_from = $use_template_name" : "\n#inherit_from = "; +				$template_cfg = str_replace(array('{MODE}', '{NAME}', '{COPYRIGHT}', '{VERSION}', '{INHERIT_FROM}'), array($mode, $style_row['template_name'], $style_row['template_copyright'], $config['version'], $use_template_name), $this->template_cfg); +  				$template_cfg .= "\n\nbbcode_bitfield = {$style_row['bbcode_bitfield']}";  				$data[] = array( diff --git a/phpBB/includes/acp/acp_update.php b/phpBB/includes/acp/acp_update.php index b0ce8f1084..7e3d1a1024 100644 --- a/phpBB/includes/acp/acp_update.php +++ b/phpBB/includes/acp/acp_update.php @@ -37,7 +37,7 @@ class acp_update  		$errstr = '';  		$errno = 0; -		$info = obtain_latest_version_info(request_var('versioncheck_force', false), true); +		$info = obtain_latest_version_info(request_var('versioncheck_force', false));  		if ($info === false)  		{ @@ -69,12 +69,9 @@ class acp_update  		$current_version = (!empty($version_update_from)) ? $version_update_from : $config['version']; -		$up_to_date_automatic = (version_compare(str_replace('rc', 'RC', strtolower($current_version)), str_replace('rc', 'RC', strtolower($latest_version)), '<')) ? false : true; -		$up_to_date = (version_compare(str_replace('rc', 'RC', strtolower($config['version'])), str_replace('rc', 'RC', strtolower($latest_version)), '<')) ? false : true; -  		$template->assign_vars(array( -			'S_UP_TO_DATE'		=> $up_to_date, -			'S_UP_TO_DATE_AUTO'	=> $up_to_date_automatic, +			'S_UP_TO_DATE'		=> phpbb_version_compare($latest_version, $config['version'], '<='), +			'S_UP_TO_DATE_AUTO'	=> phpbb_version_compare($latest_version, $current_version, '<='),  			'S_VERSION_CHECK'	=> true,  			'U_ACTION'			=> $this->u_action,  			'U_VERSIONCHECK_FORCE' => append_sid($this->u_action . '&versioncheck_force=1'), diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index 6be0760be0..70e08f79f2 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -348,10 +348,7 @@ class acp_users  								$messenger->to($user_row['user_email'], $user_row['username']); -								$messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']); -								$messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']); -								$messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']); -								$messenger->headers('X-AntiAbuse: User IP - ' . $user->ip); +								$messenger->anti_abuse_headers($config, $user);  								$messenger->assign_vars(array(  									'WELCOME_MSG'	=> htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])), @@ -406,10 +403,7 @@ class acp_users  									$messenger->to($user_row['user_email'], $user_row['username']); -									$messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']); -									$messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']); -									$messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']); -									$messenger->headers('X-AntiAbuse: User IP - ' . $user->ip); +									$messenger->anti_abuse_headers($config, $user);  									$messenger->assign_vars(array(  										'USERNAME'	=> htmlspecialchars_decode($user_row['username'])) @@ -818,7 +812,7 @@ class acp_users  					// Which updates do we need to do?  					$update_username = ($user_row['username'] != $data['username']) ? $data['username'] : false; -					$update_password = ($data['new_password'] && !phpbb_check_hash($user_row['user_password'], $data['new_password'])) ? true : false; +					$update_password = ($data['new_password'] && !phpbb_check_hash($data['new_password'], $user_row['user_password'])) ? true : false;  					$update_email = ($data['email'] != $user_row['user_email']) ? $data['email'] : false;  					if (!sizeof($error)) @@ -1015,6 +1009,13 @@ class acp_users  				$user_row['posts_in_queue'] = (int) $db->sql_fetchfield('posts_in_queue');  				$db->sql_freeresult($result); +				$sql = 'SELECT post_id +					FROM ' . POSTS_TABLE . ' +					WHERE poster_id = '. $user_id; +				$result = $db->sql_query_limit($sql, 1); +				$user_row['user_has_posts'] = (bool) $db->sql_fetchfield('post_id'); +				$db->sql_freeresult($result); +  				$template->assign_vars(array(  					'L_NAME_CHARS_EXPLAIN'		=> sprintf($user->lang[$config['allow_name_chars'] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']),  					'L_CHANGE_PASSWORD_EXPLAIN'	=> sprintf($user->lang[$config['pass_complex'] . '_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']), @@ -1042,6 +1043,7 @@ class acp_users  					'USER_EMAIL'		=> $user_row['user_email'],  					'USER_WARNINGS'		=> $user_row['user_warnings'],  					'USER_POSTS'		=> $user_row['user_posts'], +					'USER_HAS_POSTS'	=> $user_row['user_has_posts'],  					'USER_INACTIVE_REASON'	=> $inactive_reason,  				)); @@ -1124,7 +1126,7 @@ class acp_users  				// Grab log data  				$log_data = array();  				$log_count = 0; -				view_log('user', $log_data, $log_count, $config['topics_per_page'], $start, 0, 0, $user_id, $sql_where, $sql_sort); +				$start = view_log('user', $log_data, $log_count, $config['topics_per_page'], $start, 0, 0, $user_id, $sql_where, $sql_sort);  				$template->assign_vars(array(  					'S_FEEDBACK'	=> true, @@ -2345,47 +2347,62 @@ class acp_users  	}  	/** -	* Optionset replacement for this module based on $user->optionset +	* Set option bit field for user options in a user row array. +	* +	* Optionset replacement for this module based on $user->optionset. +	* +	* @param array $user_row Row from the users table. +	* @param int $key Option key, as defined in $user->keyoptions property. +	* @param bool $value True to set the option, false to clear the option. +	* @param int $data Current bit field value, or false to use $user_row['user_options'] +	* @return int|bool If $data is false, the bit field is modified and +	*                  written back to $user_row['user_options'], and +	*                  return value is true if the bit field changed and +	*                  false otherwise. If $data is not false, the new +	*                  bitfield value is returned.  	*/  	function optionset(&$user_row, $key, $value, $data = false)  	{  		global $user; -		$var = ($data) ? $data : $user_row['user_options']; +		$var = ($data !== false) ? $data : $user_row['user_options']; -		if ($value && !($var & 1 << $user->keyoptions[$key])) -		{ -			$var += 1 << $user->keyoptions[$key]; -		} -		else if (!$value && ($var & 1 << $user->keyoptions[$key])) -		{ -			$var -= 1 << $user->keyoptions[$key]; -		} -		else -		{ -			return ($data) ? $var : false; -		} +		$new_var = phpbb_optionset($user->keyoptions[$key], $value, $var); -		if (!$data) +		if ($data === false)  		{ -			$user_row['user_options'] = $var; -			return true; +			if ($new_var != $var) +			{ +				$user_row['user_options'] = $new_var; +				return true; +			} +			else +			{ +				return false; +			}  		}  		else  		{ -			return $var; +			return $new_var;  		}  	}  	/** -	* Optionget replacement for this module based on $user->optionget +	* Get option bit field from user options in a user row array. +	* +	* Optionget replacement for this module based on $user->optionget. +	* +	* @param array $user_row Row from the users table. +	* @param int $key option key, as defined in $user->keyoptions property. +	* @param int $data bit field value to use, or false to use $user_row['user_options'] +	* @return bool true if the option is set in the bit field, false otherwise  	*/  	function optionget(&$user_row, $key, $data = false)  	{  		global $user; -		$var = ($data) ? $data : $user_row['user_options']; -		return ($var & 1 << $user->keyoptions[$key]) ? true : false; +		$var = ($data !== false) ? $data : $user_row['user_options']; +		return phpbb_optionget($user->keyoptions[$key], $var);  	}  } diff --git a/phpBB/includes/acp/acp_words.php b/phpBB/includes/acp/acp_words.php index 1cb9545967..88c5bbe592 100644 --- a/phpBB/includes/acp/acp_words.php +++ b/phpBB/includes/acp/acp_words.php @@ -95,6 +95,9 @@ class acp_words  					trigger_error($user->lang['ENTER_WORD'] . adm_back_link($this->u_action), E_USER_WARNING);  				} +				// Replace multiple consecutive asterisks with single one as those are not needed +				$word = preg_replace('#\*{2,}#', '*', $word); +  				$sql_ary = array(  					'word'			=> $word,  					'replacement'	=> $replacement diff --git a/phpBB/includes/auth.php b/phpBB/includes/auth.php index 02819f9e78..0585921426 100644 --- a/phpBB/includes/auth.php +++ b/phpBB/includes/auth.php @@ -109,6 +109,7 @@ class auth  	*/  	function _fill_acl($user_permissions)  	{ +		$seq_cache = array();  		$this->acl = array();  		$user_permissions = explode("\n", $user_permissions); @@ -125,8 +126,17 @@ class auth  				while ($subseq = substr($seq, $i, 6))  				{ +					if (isset($seq_cache[$subseq])) +					{ +						$converted = $seq_cache[$subseq]; +					} +					else +					{ +						$converted = $seq_cache[$subseq] = str_pad(base_convert($subseq, 36, 2), 31, 0, STR_PAD_LEFT); +					} +  					// We put the original bitstring into the acl array -					$this->acl[$f] .= str_pad(base_convert($subseq, 36, 2), 31, 0, STR_PAD_LEFT); +					$this->acl[$f] .= $converted;  					$i += 6;  				}  			} @@ -339,6 +349,14 @@ class auth  	/**  	* Get permission listing based on user_id/options/forum_ids +	* +	* Be careful when using this function with permissions a_, m_, u_ and f_ ! +	* It may not work correctly. When a user group grants an a_* permission, +	* e.g. a_foo, but the user's a_foo permission is set to "Never", then +	* the user does not in fact have the a_ permission. +	* But the user will still be listed as having the a_ permission. +	* +	* For more information see: http://tracker.phpbb.com/browse/PHPBB3-10252  	*/  	function acl_get_list($user_id = false, $opts = false, $forum_id = false)  	{ @@ -898,7 +916,7 @@ class auth  		$method = 'login_' . $method;  		if (function_exists($method))  		{ -			$login = $method($username, $password); +			$login = $method($username, $password, $user->ip, $user->browser, $user->forwarded_for);  			// If the auth module wants us to create an empty profile do so and then treat the status as LOGIN_SUCCESS  			if ($login['status'] == LOGIN_SUCCESS_CREATE_PROFILE) diff --git a/phpBB/includes/auth/auth_db.php b/phpBB/includes/auth/auth_db.php index e04a6307e9..1c6cdf7832 100644 --- a/phpBB/includes/auth/auth_db.php +++ b/phpBB/includes/auth/auth_db.php @@ -23,8 +23,21 @@ if (!defined('IN_PHPBB'))  /**  * Login function +* +* @param string $username +* @param string $password +* @param string $ip			IP address the login is taking place from. Used to +*							limit the number of login attempts per IP address. +* @param string $browser	The user agent used to login +* @param string $forwarded_for X_FORWARDED_FOR header sent with login request +* @return array				A associative array of the format +*							array( +*								'status' => status constant +*								'error_msg' => string +*								'user_row' => array +*							)  */ -function login_db(&$username, &$password) +function login_db($username, $password, $ip = '', $browser = '', $forwarded_for = '')  {  	global $db, $config; @@ -47,22 +60,71 @@ function login_db(&$username, &$password)  		);  	} +	$username_clean = utf8_clean_string($username); +  	$sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts  		FROM ' . USERS_TABLE . " -		WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; +		WHERE username_clean = '" . $db->sql_escape($username_clean) . "'";  	$result = $db->sql_query($sql);  	$row = $db->sql_fetchrow($result);  	$db->sql_freeresult($result); +	if (($ip && !$config['ip_login_limit_use_forwarded']) || +		($forwarded_for && $config['ip_login_limit_use_forwarded'])) +	{ +		$sql = 'SELECT COUNT(*) AS attempts +			FROM ' . LOGIN_ATTEMPT_TABLE . ' +			WHERE attempt_time > ' . (time() - (int) $config['ip_login_limit_time']); +		if ($config['ip_login_limit_use_forwarded']) +		{ +			$sql .= " AND attempt_forwarded_for = '" . $db->sql_escape($forwarded_for) . "'"; +		} +		else +		{ +			$sql .= " AND attempt_ip = '" . $db->sql_escape($ip) . "' "; +		} + +		$result = $db->sql_query($sql); +		$attempts = (int) $db->sql_fetchfield('attempts'); +		$db->sql_freeresult($result); + +		$attempt_data = array( +			'attempt_ip'			=> $ip, +			'attempt_browser'		=> trim(substr($browser, 0, 149)), +			'attempt_forwarded_for'	=> $forwarded_for, +			'attempt_time'			=> time(), +			'user_id'				=> ($row) ? (int) $row['user_id'] : 0, +			'username'				=> $username, +			'username_clean'		=> $username_clean, +		); +		$sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $db->sql_build_array('INSERT', $attempt_data); +		$result = $db->sql_query($sql); +	} +	else +	{ +		$attempts = 0; +	} +  	if (!$row)  	{ +		if ($config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max']) +		{ +			return array( +				'status'		=> LOGIN_ERROR_ATTEMPTS, +				'error_msg'		=> 'LOGIN_ERROR_ATTEMPTS', +				'user_row'		=> array('user_id' => ANONYMOUS), +			); +		} +  		return array(  			'status'	=> LOGIN_ERROR_USERNAME,  			'error_msg'	=> 'LOGIN_ERROR_USERNAME',  			'user_row'	=> array('user_id' => ANONYMOUS),  		);  	} -	$show_captcha = $config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts']; + +	$show_captcha = ($config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts']) || +		($config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max']);  	// If there are too much login attempts, we need to check for an confirm image  	// Every auth module is able to define what to do by itself... @@ -90,7 +152,7 @@ function login_db(&$username, &$password)  		{  			$captcha->reset();  		} -		 +  	}  	// If the password convert flag is set we need to convert it @@ -101,7 +163,7 @@ function login_db(&$username, &$password)  		$password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format;  		$password_new_format = ''; -		set_var($password_new_format, stripslashes($password_old_format), 'string'); +		set_var($password_new_format, stripslashes($password_old_format), 'string', true);  		if ($password == $password_new_format)  		{ @@ -165,6 +227,10 @@ function login_db(&$username, &$password)  			$row['user_password'] = $hash;  		} +		$sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . ' +			WHERE user_id = ' . $row['user_id']; +		$db->sql_query($sql); +  		if ($row['user_login_attempts'] != 0)  		{  			// Successful, reset login attempts (the user passed all stages) @@ -207,4 +273,4 @@ function login_db(&$username, &$password)  	);  } -?>
\ No newline at end of file +?> diff --git a/phpBB/includes/auth/auth_ldap.php b/phpBB/includes/auth/auth_ldap.php index 33413094ef..47bc706664 100644 --- a/phpBB/includes/auth/auth_ldap.php +++ b/phpBB/includes/auth/auth_ldap.php @@ -162,7 +162,11 @@ function login_ldap(&$username, &$password)  	{  		if (!@ldap_bind($ldap, htmlspecialchars_decode($config['ldap_user']), htmlspecialchars_decode($config['ldap_password'])))  		{ -			return $user->lang['LDAP_NO_SERVER_CONNECTION']; +			return array( +				'status'		=> LOGIN_ERROR_EXTERNAL_AUTH, +				'error_msg'		=> 'LDAP_NO_SERVER_CONNECTION', +				'user_row'		=> array('user_id' => ANONYMOUS), +			);  		}  	} @@ -341,7 +345,7 @@ function acp_ldap(&$new)  	</dl>  	<dl>  		<dt><label for="ldap_password">' . $user->lang['LDAP_PASSWORD'] . ':</label><br /><span>' . $user->lang['LDAP_PASSWORD_EXPLAIN'] . '</span></dt> -		<dd><input type="password" id="ldap_password" size="40" name="config[ldap_password]" value="' . $new['ldap_password'] . '" /></dd> +		<dd><input type="password" id="ldap_password" size="40" name="config[ldap_password]" value="' . $new['ldap_password'] . '" autocomplete="off" /></dd>  	</dl>  	'; diff --git a/phpBB/includes/bbcode.php b/phpBB/includes/bbcode.php index d77bb3c4a7..9356e3e9b4 100644 --- a/phpBB/includes/bbcode.php +++ b/phpBB/includes/bbcode.php @@ -584,6 +584,13 @@ class bbcode  				$code = str_replace("\t", '   ', $code);  				$code = str_replace('  ', '  ', $code);  				$code = str_replace('  ', '  ', $code); +				$code = str_replace("\n ", "\n ", $code); + +				// keep space at the beginning +				if (!empty($code) && $code[0] == ' ') +				{ +					$code = ' ' . substr($code, 1); +				}  				// remove newline at the beginning  				if (!empty($code) && $code[0] == "\n") diff --git a/phpBB/includes/cache.php b/phpBB/includes/cache.php index b50fab4ca2..612adcca4f 100644 --- a/phpBB/includes/cache.php +++ b/phpBB/includes/cache.php @@ -82,26 +82,9 @@ class cache extends acm  			$result = $db->sql_query($sql);  			$censors = array(); -			$unicode = ((version_compare(PHP_VERSION, '5.1.0', '>=') || (version_compare(PHP_VERSION, '5.0.0-dev', '<=') && version_compare(PHP_VERSION, '4.4.0', '>='))) && @preg_match('/\p{L}/u', 'a') !== false) ? true : false; -  			while ($row = $db->sql_fetchrow($result))  			{ -				if ($unicode) -				{ -					// Unescape the asterisk to simplify further conversions -					$row['word'] = str_replace('\*', '*', preg_quote($row['word'], '#')); -					 -					// Replace the asterisk inside the pattern, at the start and at the end of it with regexes -					$row['word'] = preg_replace(array('#(?<=[\p{Nd}\p{L}_])\*(?=[\p{Nd}\p{L}_])#iu', '#^\*#', '#\*$#'), array('([\x20]*?|[\p{Nd}\p{L}_-]*?)', '[\p{Nd}\p{L}_-]*?', '[\p{Nd}\p{L}_-]*?'), $row['word']); - -					// Generate the final substitution -					$censors['match'][] = '#(?<![\p{Nd}\p{L}_-])(' . $row['word'] . ')(?![\p{Nd}\p{L}_-])#iu'; -				} -				else -				{ -					$censors['match'][] = '#(?<!\S)(' . str_replace('\*', '\S*?', preg_quote($row['word'], '#')) . ')(?!\S)#iu'; -				} - +				$censors['match'][] = get_censor_preg_expression($row['word']);  				$censors['replace'][] = $row['replacement'];  			}  			$db->sql_freeresult($result); diff --git a/phpBB/includes/captcha/captcha_gd.php b/phpBB/includes/captcha/captcha_gd.php index 96e39af85b..ecdad43978 100644 --- a/phpBB/includes/captcha/captcha_gd.php +++ b/phpBB/includes/captcha/captcha_gd.php @@ -77,7 +77,7 @@ class captcha  		{  			$denom = ($code_len - $i);  			$denom = max(1.3, $denom); -			$offset[$i] = mt_rand(0, (1.5 * $width_avail) / $denom); +			$offset[$i] = phpbb_mt_rand(0, (int) round((1.5 * $width_avail) / $denom));  			$width_avail -= $offset[$i];  		} @@ -112,7 +112,7 @@ class captcha  			$noise_bitmaps = $this->captcha_noise_bg_bitmaps();  			for ($i = 0; $i < $code_len; ++$i)  			{ -				$noise[$i] = new char_cube3d($noise_bitmaps, mt_rand(1, count($noise_bitmaps['data']))); +				$noise[$i] = new char_cube3d($noise_bitmaps, mt_rand(1, sizeof($noise_bitmaps['data'])));  				list($min, $max) = $noise[$i]->range();  				//$box = $noise[$i]->dimensions($sizes[$i]); @@ -1669,32 +1669,32 @@ class captcha  			'height'	=> 15,  			'data'		=> array( -			'A' =>	$chars['A'][mt_rand(0, min(count($chars['A']), $config['captcha_gd_fonts']) -1)], -			'B' =>	$chars['B'][mt_rand(0, min(count($chars['B']), $config['captcha_gd_fonts']) -1)], -			'C' =>	$chars['C'][mt_rand(0, min(count($chars['C']), $config['captcha_gd_fonts']) -1)], -			'D' =>	$chars['D'][mt_rand(0, min(count($chars['D']), $config['captcha_gd_fonts']) -1)], -			'E' =>	$chars['E'][mt_rand(0, min(count($chars['E']), $config['captcha_gd_fonts']) -1)], -			'F' =>	$chars['F'][mt_rand(0, min(count($chars['F']), $config['captcha_gd_fonts']) -1)], -			'G' =>	$chars['G'][mt_rand(0, min(count($chars['G']), $config['captcha_gd_fonts']) -1)], -			'H' =>	$chars['H'][mt_rand(0, min(count($chars['H']), $config['captcha_gd_fonts']) -1)], -			'I' =>	$chars['I'][mt_rand(0, min(count($chars['I']), $config['captcha_gd_fonts']) -1)], -			'J' =>	$chars['J'][mt_rand(0, min(count($chars['J']), $config['captcha_gd_fonts']) -1)], -			'K' =>	$chars['K'][mt_rand(0, min(count($chars['K']), $config['captcha_gd_fonts']) -1)], -			'L' =>	$chars['L'][mt_rand(0, min(count($chars['L']), $config['captcha_gd_fonts']) -1)], -			'M' =>	$chars['M'][mt_rand(0, min(count($chars['M']), $config['captcha_gd_fonts']) -1)],   -			'N' =>	$chars['N'][mt_rand(0, min(count($chars['N']), $config['captcha_gd_fonts']) -1)], -			'O' =>	$chars['O'][mt_rand(0, min(count($chars['O']), $config['captcha_gd_fonts']) -1)], -			'P' =>	$chars['P'][mt_rand(0, min(count($chars['P']), $config['captcha_gd_fonts']) -1)], -			'Q' =>	$chars['Q'][mt_rand(0, min(count($chars['Q']), $config['captcha_gd_fonts']) -1)], -			'R' =>	$chars['R'][mt_rand(0, min(count($chars['R']), $config['captcha_gd_fonts']) -1)], -			'S' =>	$chars['S'][mt_rand(0, min(count($chars['S']), $config['captcha_gd_fonts']) -1)], -			'T' =>	$chars['T'][mt_rand(0, min(count($chars['T']), $config['captcha_gd_fonts']) -1)], -			'U' =>	$chars['U'][mt_rand(0, min(count($chars['U']), $config['captcha_gd_fonts']) -1)], -			'V' =>	$chars['V'][mt_rand(0, min(count($chars['V']), $config['captcha_gd_fonts']) -1)], -			'W' =>	$chars['W'][mt_rand(0, min(count($chars['W']), $config['captcha_gd_fonts']) -1)], -			'X' =>	$chars['X'][mt_rand(0, min(count($chars['X']), $config['captcha_gd_fonts']) -1)], -			'Y' =>	$chars['Y'][mt_rand(0, min(count($chars['Y']), $config['captcha_gd_fonts']) -1)], -			'Z' =>	$chars['Z'][mt_rand(0, min(count($chars['Z']), $config['captcha_gd_fonts']) -1)], +			'A' =>	$chars['A'][mt_rand(0, min(sizeof($chars['A']), $config['captcha_gd_fonts']) -1)], +			'B' =>	$chars['B'][mt_rand(0, min(sizeof($chars['B']), $config['captcha_gd_fonts']) -1)], +			'C' =>	$chars['C'][mt_rand(0, min(sizeof($chars['C']), $config['captcha_gd_fonts']) -1)], +			'D' =>	$chars['D'][mt_rand(0, min(sizeof($chars['D']), $config['captcha_gd_fonts']) -1)], +			'E' =>	$chars['E'][mt_rand(0, min(sizeof($chars['E']), $config['captcha_gd_fonts']) -1)], +			'F' =>	$chars['F'][mt_rand(0, min(sizeof($chars['F']), $config['captcha_gd_fonts']) -1)], +			'G' =>	$chars['G'][mt_rand(0, min(sizeof($chars['G']), $config['captcha_gd_fonts']) -1)], +			'H' =>	$chars['H'][mt_rand(0, min(sizeof($chars['H']), $config['captcha_gd_fonts']) -1)], +			'I' =>	$chars['I'][mt_rand(0, min(sizeof($chars['I']), $config['captcha_gd_fonts']) -1)], +			'J' =>	$chars['J'][mt_rand(0, min(sizeof($chars['J']), $config['captcha_gd_fonts']) -1)], +			'K' =>	$chars['K'][mt_rand(0, min(sizeof($chars['K']), $config['captcha_gd_fonts']) -1)], +			'L' =>	$chars['L'][mt_rand(0, min(sizeof($chars['L']), $config['captcha_gd_fonts']) -1)], +			'M' =>	$chars['M'][mt_rand(0, min(sizeof($chars['M']), $config['captcha_gd_fonts']) -1)],   +			'N' =>	$chars['N'][mt_rand(0, min(sizeof($chars['N']), $config['captcha_gd_fonts']) -1)], +			'O' =>	$chars['O'][mt_rand(0, min(sizeof($chars['O']), $config['captcha_gd_fonts']) -1)], +			'P' =>	$chars['P'][mt_rand(0, min(sizeof($chars['P']), $config['captcha_gd_fonts']) -1)], +			'Q' =>	$chars['Q'][mt_rand(0, min(sizeof($chars['Q']), $config['captcha_gd_fonts']) -1)], +			'R' =>	$chars['R'][mt_rand(0, min(sizeof($chars['R']), $config['captcha_gd_fonts']) -1)], +			'S' =>	$chars['S'][mt_rand(0, min(sizeof($chars['S']), $config['captcha_gd_fonts']) -1)], +			'T' =>	$chars['T'][mt_rand(0, min(sizeof($chars['T']), $config['captcha_gd_fonts']) -1)], +			'U' =>	$chars['U'][mt_rand(0, min(sizeof($chars['U']), $config['captcha_gd_fonts']) -1)], +			'V' =>	$chars['V'][mt_rand(0, min(sizeof($chars['V']), $config['captcha_gd_fonts']) -1)], +			'W' =>	$chars['W'][mt_rand(0, min(sizeof($chars['W']), $config['captcha_gd_fonts']) -1)], +			'X' =>	$chars['X'][mt_rand(0, min(sizeof($chars['X']), $config['captcha_gd_fonts']) -1)], +			'Y' =>	$chars['Y'][mt_rand(0, min(sizeof($chars['Y']), $config['captcha_gd_fonts']) -1)], +			'Z' =>	$chars['Z'][mt_rand(0, min(sizeof($chars['Z']), $config['captcha_gd_fonts']) -1)],  			'1' => array(  				array(0,0,0,1,1,0,0,0,0), diff --git a/phpBB/includes/captcha/captcha_gd_wave.php b/phpBB/includes/captcha/captcha_gd_wave.php index f706c98d43..27422513d9 100644 --- a/phpBB/includes/captcha/captcha_gd_wave.php +++ b/phpBB/includes/captcha/captcha_gd_wave.php @@ -62,8 +62,8 @@ class captcha  				'y' => mt_rand(10, 17)  			),  			'lower_left'	=> array( -				'x' => mt_rand($img_x - 5, $img_x - 45), -				'y' => mt_rand($img_y - 0, $img_y - 15) +				'x' => mt_rand($img_x - 45, $img_x - 5), +				'y' => mt_rand($img_y - 15, $img_y - 0),  			),  		); diff --git a/phpBB/includes/captcha/plugins/phpbb_captcha_qa_plugin.php b/phpBB/includes/captcha/plugins/phpbb_captcha_qa_plugin.php index 49a64b9339..45f76bd676 100644 --- a/phpBB/includes/captcha/plugins/phpbb_captcha_qa_plugin.php +++ b/phpBB/includes/captcha/plugins/phpbb_captcha_qa_plugin.php @@ -319,7 +319,7 @@ class phpbb_captcha_qa  					),  					'PRIMARY_KEY'		=> 'question_id',  					'KEYS'				=> array( -						'lang_iso'			=> array('INDEX', 'lang_iso'), +						'lang'			=> array('INDEX', 'lang_iso'),  					),  				),  				CAPTCHA_ANSWERS_TABLE		=> array ( @@ -328,7 +328,7 @@ class phpbb_captcha_qa  						'answer_text'	=> array('STEXT_UNI', ''),  					),  					'KEYS'				=> array( -						'question_id'			=> array('INDEX', 'question_id'), +						'qid'			=> array('INDEX', 'question_id'),  					),  				),  				CAPTCHA_QA_CONFIRM_TABLE		=> array ( diff --git a/phpBB/includes/captcha/plugins/phpbb_recaptcha_plugin.php b/phpBB/includes/captcha/plugins/phpbb_recaptcha_plugin.php index ea171dbe2c..0b0270f568 100644 --- a/phpBB/includes/captcha/plugins/phpbb_recaptcha_plugin.php +++ b/phpBB/includes/captcha/plugins/phpbb_recaptcha_plugin.php @@ -27,9 +27,14 @@ if (!class_exists('phpbb_default_captcha'))  */  class phpbb_recaptcha extends phpbb_default_captcha  { -	var $recaptcha_server = 'http://api.recaptcha.net'; -	var $recaptcha_server_secure = 'https://api-secure.recaptcha.net'; // class constants :( -	var $recaptcha_verify_server = 'api-verify.recaptcha.net'; +	var $recaptcha_server = 'http://www.google.com/recaptcha/api'; +	var $recaptcha_server_secure = 'https://www.google.com/recaptcha/api'; // class constants :( + +	// We are opening a socket to port 80 of this host and send +	// the POST request asking for verification to the path specified here. +	var $recaptcha_verify_server = 'www.google.com'; +	var $recaptcha_verify_path = '/recaptcha/api/verify'; +  	var $challenge;  	var $response; @@ -296,7 +301,7 @@ class phpbb_recaptcha extends phpbb_default_captcha  			return $user->lang['RECAPTCHA_INCORRECT'];  		} -		$response = $this->_recaptcha_http_post($this->recaptcha_verify_server, '/verify', +		$response = $this->_recaptcha_http_post($this->recaptcha_verify_server, $this->recaptcha_verify_path,  			array(  				'privatekey'	=> $config['recaptcha_privkey'],  				'remoteip'		=> $user->ip, diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index af2a6ebd24..5b72d89795 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -25,7 +25,7 @@ if (!defined('IN_PHPBB'))  */  // phpBB Version -define('PHPBB_VERSION', '3.0.8'); +define('PHPBB_VERSION', '3.0.11-RC1');  // QA-related  // define('PHPBB_QA', 1); @@ -173,6 +173,9 @@ define('BBCODE_UID_LEN', 8);  // Number of core BBCodes  define('NUM_CORE_BBCODES', 12); +// BBCode hard limit +define('BBCODE_LIMIT', 1511); +  // Smiley hard limit  define('SMILEY_LIMIT', 1000); @@ -233,6 +236,7 @@ define('GROUPS_TABLE',				$table_prefix . 'groups');  define('ICONS_TABLE',				$table_prefix . 'icons');  define('LANG_TABLE',				$table_prefix . 'lang');  define('LOG_TABLE',					$table_prefix . 'log'); +define('LOGIN_ATTEMPT_TABLE',		$table_prefix . 'login_attempts');  define('MODERATOR_CACHE_TABLE',		$table_prefix . 'moderator_cache');  define('MODULES_TABLE',				$table_prefix . 'modules');  define('POLL_OPTIONS_TABLE',		$table_prefix . 'poll_options'); @@ -275,4 +279,4 @@ define('ZEBRA_TABLE',				$table_prefix . 'zebra');  // Additional tables -?>
\ No newline at end of file +?> diff --git a/phpBB/includes/db/db_tools.php b/phpBB/includes/db/db_tools.php index f4b181c6ad..c6dd23e6bd 100644 --- a/phpBB/includes/db/db_tools.php +++ b/phpBB/includes/db/db_tools.php @@ -348,6 +348,66 @@ class phpbb_db_tools  	}  	/** +	* Gets a list of tables in the database. +	* +	* @return array		Array of table names  (all lower case) +	*/ +	function sql_list_tables() +	{ +		switch ($this->db->sql_layer) +		{ +			case 'mysql': +			case 'mysql4': +			case 'mysqli': +				$sql = 'SHOW TABLES'; +			break; + +			case 'sqlite': +				$sql = 'SELECT name +					FROM sqlite_master +					WHERE type = "table"'; +			break; + +			case 'mssql': +			case 'mssql_odbc': +			case 'mssqlnative': +				$sql = "SELECT name +					FROM sysobjects +					WHERE type='U'"; +			break; + +			case 'postgres': +				$sql = 'SELECT relname +					FROM pg_stat_user_tables'; +			break; + +			case 'firebird': +				$sql = 'SELECT rdb$relation_name +					FROM rdb$relations +					WHERE rdb$view_source is null +						AND rdb$system_flag = 0'; +			break; + +			case 'oracle': +				$sql = 'SELECT table_name +					FROM USER_TABLES'; +			break; +		} + +		$result = $this->db->sql_query($sql); + +		$tables = array(); +		while ($row = $this->db->sql_fetchrow($result)) +		{ +			$name = current($row); +			$tables[$name] = $name; +		} +		$this->db->sql_freeresult($result); + +		return $tables; +	} + +	/**  	* Check if table exists  	*  	* @@ -417,6 +477,11 @@ class phpbb_db_tools  			// here lies an array, filled with information compiled on the column's data  			$prepared_column = $this->sql_prepare_column_data($table_name, $column_name, $column_data); +			if (isset($prepared_column['auto_increment']) && strlen($column_name) > 26) // "${column_name}_gen" +			{ +				trigger_error("Index name '${column_name}_gen' on table '$table_name' is too long. The maximum auto increment column length is 26 characters.", E_USER_ERROR); +			} +  			// here we add the definition of the new column to the list of columns  			switch ($this->sql_layer)  			{ @@ -538,7 +603,7 @@ class phpbb_db_tools  			break;  			case 'oracle': -				$table_sql .= "\n);"; +				$table_sql .= "\n)";  				$statements[] = $table_sql;  				// do we need to add a sequence and a tigger for auto incrementing columns? @@ -556,7 +621,7 @@ class phpbb_db_tools  					$trigger .= "BEGIN\n";  					$trigger .= "\tSELECT {$table_name}_seq.nextval\n";  					$trigger .= "\tINTO :new.{$create_sequence}\n"; -					$trigger .= "\tFROM dual\n"; +					$trigger .= "\tFROM dual;\n";  					$trigger .= "END;";  					$statements[] = $trigger; @@ -566,7 +631,13 @@ class phpbb_db_tools  			case 'firebird':  				if ($create_sequence)  				{ -					$statements[] = "CREATE SEQUENCE {$table_name}_seq;"; +					$statements[] = "CREATE GENERATOR {$table_name}_gen;"; +					$statements[] = "SET GENERATOR {$table_name}_gen TO 0;"; + +					$trigger = "CREATE TRIGGER t_$table_name FOR $table_name\n"; +					$trigger .= "BEFORE INSERT\nAS\nBEGIN\n"; +					$trigger .= "\tNEW.{$create_sequence} = GEN_ID({$table_name}_gen, 1);\nEND;"; +					$statements[] = $trigger;  				}  			break;  		} @@ -638,6 +709,36 @@ class phpbb_db_tools  			$sqlite = true;  		} +		// Drop tables? +		if (!empty($schema_changes['drop_tables'])) +		{ +			foreach ($schema_changes['drop_tables'] as $table) +			{ +				// only drop table if it exists +				if ($this->sql_table_exists($table)) +				{ +					$result = $this->sql_table_drop($table); +					if ($this->return_statements) +					{ +						$statements = array_merge($statements, $result); +					} +				} +			} +		} + +		// Add tables? +		if (!empty($schema_changes['add_tables'])) +		{ +			foreach ($schema_changes['add_tables'] as $table => $table_data) +			{ +				$result = $this->sql_create_table($table, $table_data); +				if ($this->return_statements) +				{ +					$statements = array_merge($statements, $result); +				} +			} +		} +  		// Change columns?  		if (!empty($schema_changes['change_columns']))  		{ @@ -681,10 +782,12 @@ class phpbb_db_tools  			{  				foreach ($columns as $column_name => $column_data)  				{ -					// Only add the column if it does not exist yet, else change it (to be consistent) +					// Only add the column if it does not exist yet  					if ($column_exists = $this->sql_column_exists($table, $column_name))  					{ -						$result = $this->sql_column_change($table, $column_name, $column_data, true); +						continue; +						// This is commented out here because it can take tremendous time on updates +//						$result = $this->sql_column_change($table, $column_name, $column_data, true);  					}  					else  					{ @@ -695,7 +798,8 @@ class phpbb_db_tools  					{  						if ($column_exists)  						{ -							$sqlite_data[$table]['change_columns'][] = $result; +							continue; +//							$sqlite_data[$table]['change_columns'][] = $result;  						}  						else  						{ @@ -717,6 +821,11 @@ class phpbb_db_tools  			{  				foreach ($indexes as $index_name)  				{ +					if (!$this->sql_index_exists($table, $index_name)) +					{ +						continue; +					} +  					$result = $this->sql_index_drop($table, $index_name);  					if ($this->return_statements) @@ -777,6 +886,11 @@ class phpbb_db_tools  			{  				foreach ($index_array as $index_name => $column)  				{ +					if ($this->sql_unique_index_exists($table, $index_name)) +					{ +						continue; +					} +  					$result = $this->sql_create_unique_index($table, $index_name, $column);  					if ($this->return_statements) @@ -794,6 +908,11 @@ class phpbb_db_tools  			{  				foreach ($index_array as $index_name => $column)  				{ +					if ($this->sql_index_exists($table, $index_name)) +					{ +						continue; +					} +  					$result = $this->sql_create_index($table, $index_name, $column);  					if ($this->return_statements) @@ -952,34 +1071,21 @@ class phpbb_db_tools  	}  	/** -	* Check if a specified column exist +	* Gets a list of columns of a table.  	* -	* @param string	$table			Table to check the column at -	* @param string	$column_name	The column to check +	* @param string $table		Table name  	* -	* @return bool True if column exists, else false +	* @return array				Array of column names (all lower case)  	*/ -	function sql_column_exists($table, $column_name) +	function sql_list_columns($table)  	{ +		$columns = array(); +  		switch ($this->sql_layer)  		{  			case 'mysql_40':  			case 'mysql_41': -  				$sql = "SHOW COLUMNS FROM $table"; -				$result = $this->db->sql_query($sql); - -				while ($row = $this->db->sql_fetchrow($result)) -				{ -					// lower case just in case -					if (strtolower($row['Field']) == $column_name) -					{ -						$this->db->sql_freeresult($result); -						return true; -					} -				} -				$this->db->sql_freeresult($result); -				return false;  			break;  			// PostgreSQL has a way of doing this in a much simpler way but would @@ -990,19 +1096,6 @@ class phpbb_db_tools  					WHERE c.relname = '{$table}'  						AND a.attnum > 0  						AND a.attrelid = c.oid"; -				$result = $this->db->sql_query($sql); -				while ($row = $this->db->sql_fetchrow($result)) -				{ -					// lower case just in case -					if (strtolower($row['attname']) == $column_name) -					{ -						$this->db->sql_freeresult($result); -						return true; -					} -				} -				$this->db->sql_freeresult($result); - -				return false;  			break;  			// same deal with PostgreSQL, we must perform more complex operations than @@ -1013,62 +1106,26 @@ class phpbb_db_tools  					FROM syscolumns c  					LEFT JOIN sysobjects o ON c.id = o.id  					WHERE o.name = '{$table}'"; -				$result = $this->db->sql_query($sql); -				while ($row = $this->db->sql_fetchrow($result)) -				{ -					// lower case just in case -					if (strtolower($row['name']) == $column_name) -					{ -						$this->db->sql_freeresult($result); -						return true; -					} -				} -				$this->db->sql_freeresult($result); -				return false;  			break;  			case 'oracle':  				$sql = "SELECT column_name  					FROM user_tab_columns  					WHERE LOWER(table_name) = '" . strtolower($table) . "'"; -				$result = $this->db->sql_query($sql); -				while ($row = $this->db->sql_fetchrow($result)) -				{ -					// lower case just in case -					if (strtolower($row['column_name']) == $column_name) -					{ -						$this->db->sql_freeresult($result); -						return true; -					} -				} -				$this->db->sql_freeresult($result); -				return false;  			break;  			case 'firebird':  				$sql = "SELECT RDB\$FIELD_NAME as FNAME  					FROM RDB\$RELATION_FIELDS  					WHERE RDB\$RELATION_NAME = '" . strtoupper($table) . "'"; -				$result = $this->db->sql_query($sql); -				while ($row = $this->db->sql_fetchrow($result)) -				{ -					// lower case just in case -					if (strtolower($row['fname']) == $column_name) -					{ -						$this->db->sql_freeresult($result); -						return true; -					} -				} -				$this->db->sql_freeresult($result); -				return false;  			break; -			// ugh, SQLite  			case 'sqlite':  				$sql = "SELECT sql  					FROM sqlite_master  					WHERE type = 'table'  						AND name = '{$table}'"; +  				$result = $this->db->sql_query($sql);  				if (!$result) @@ -1092,14 +1149,269 @@ class phpbb_db_tools  						continue;  					} -					if (strtolower($entities[0]) == $column_name) +					$column = strtolower($entities[0]); +					$columns[$column] = $column; +				} + +				return $columns; +			break; +		} + +		$result = $this->db->sql_query($sql); + +		while ($row = $this->db->sql_fetchrow($result)) +		{ +			$column = strtolower(current($row)); +			$columns[$column] = $column; +		} +		$this->db->sql_freeresult($result); + +		return $columns; +	} + +	/** +	* Check whether a specified column exist in a table +	* +	* @param string	$table			Table to check +	* @param string	$column_name	Column to check +	* +	* @return bool		True if column exists, false otherwise +	*/ +	function sql_column_exists($table, $column_name) +	{ +		$columns = $this->sql_list_columns($table); + +		return isset($columns[$column_name]); +	} + +	/** +	* Check if a specified index exists in table. Does not return PRIMARY KEY and UNIQUE indexes. +	* +	* @param string	$table_name		Table to check the index at +	* @param string	$index_name		The index name to check +	* +	* @return bool True if index exists, else false +	*/ +	function sql_index_exists($table_name, $index_name) +	{ +		if ($this->sql_layer == 'mssql' || $this->sql_layer == 'mssqlnative') +		{ +			$sql = "EXEC sp_statistics '$table_name'"; +			$result = $this->db->sql_query($sql); + +			while ($row = $this->db->sql_fetchrow($result)) +			{ +				if ($row['TYPE'] == 3) +				{ +					if (strtolower($row['INDEX_NAME']) == strtolower($index_name))  					{ +						$this->db->sql_freeresult($result);  						return true;  					}  				} -				return false; +			} +			$this->db->sql_freeresult($result); + +			return false; +		} + +		switch ($this->sql_layer) +		{ +			case 'firebird': +				$sql = "SELECT LOWER(RDB\$INDEX_NAME) as index_name +					FROM RDB\$INDICES +					WHERE RDB\$RELATION_NAME = '" . strtoupper($table_name) . "' +						AND RDB\$UNIQUE_FLAG IS NULL +						AND RDB\$FOREIGN_KEY IS NULL"; +				$col = 'index_name'; +			break; + +			case 'postgres': +				$sql = "SELECT ic.relname as index_name +					FROM pg_class bc, pg_class ic, pg_index i +					WHERE (bc.oid = i.indrelid) +						AND (ic.oid = i.indexrelid) +						AND (bc.relname = '" . $table_name . "') +						AND (i.indisunique != 't') +						AND (i.indisprimary != 't')"; +				$col = 'index_name'; +			break; + +			case 'mysql_40': +			case 'mysql_41': +				$sql = 'SHOW KEYS +					FROM ' . $table_name; +				$col = 'Key_name';  			break; + +			case 'oracle': +				$sql = "SELECT index_name +					FROM user_indexes +					WHERE table_name = '" . strtoupper($table_name) . "' +						AND generated = 'N' +						AND uniqueness = 'NONUNIQUE'"; +				$col = 'index_name'; +			break; + +			case 'sqlite': +				$sql = "PRAGMA index_list('" . $table_name . "');"; +				$col = 'name'; +			break; +		} + +		$result = $this->db->sql_query($sql); +		while ($row = $this->db->sql_fetchrow($result)) +		{ +			if (($this->sql_layer == 'mysql_40' || $this->sql_layer == 'mysql_41') && !$row['Non_unique']) +			{ +				continue; +			} + +			// These DBMS prefix index name with the table name +			switch ($this->sql_layer) +			{ +				case 'firebird': +				case 'oracle': +				case 'postgres': +				case 'sqlite': +					$row[$col] = substr($row[$col], strlen($table_name) + 1); +				break; +			} + +			if (strtolower($row[$col]) == strtolower($index_name)) +			{ +				$this->db->sql_freeresult($result); +				return true; +			}  		} +		$this->db->sql_freeresult($result); + +		return false; +	} + +	/** +	* Check if a specified index exists in table. Does not return PRIMARY KEY and UNIQUE indexes. +	* +	* @param string	$table_name		Table to check the index at +	* @param string	$index_name		The index name to check +	* +	* @return bool True if index exists, else false +	*/ +	function sql_unique_index_exists($table_name, $index_name) +	{ +		if ($this->sql_layer == 'mssql' || $this->sql_layer == 'mssqlnative') +		{ +			$sql = "EXEC sp_statistics '$table_name'"; +			$result = $this->db->sql_query($sql); + +			while ($row = $this->db->sql_fetchrow($result)) +			{ +				// Usually NON_UNIQUE is the column we want to check, but we allow for both +				if ($row['TYPE'] == 3) +				{ +					if (strtolower($row['INDEX_NAME']) == strtolower($index_name)) +					{ +						$this->db->sql_freeresult($result); +						return true; +					} +				} +			} +			$this->db->sql_freeresult($result); +			return false; +		} + +		switch ($this->sql_layer) +		{ +			case 'firebird': +				$sql = "SELECT LOWER(RDB\$INDEX_NAME) as index_name +					FROM RDB\$INDICES +					WHERE RDB\$RELATION_NAME = '" . strtoupper($table_name) . "' +						AND RDB\$UNIQUE_FLAG IS NOT NULL +						AND RDB\$FOREIGN_KEY IS NULL"; +				$col = 'index_name'; +			break; + +			case 'postgres': +				$sql = "SELECT ic.relname as index_name, i.indisunique +					FROM pg_class bc, pg_class ic, pg_index i +					WHERE (bc.oid = i.indrelid) +						AND (ic.oid = i.indexrelid) +						AND (bc.relname = '" . $table_name . "') +						AND (i.indisprimary != 't')"; +				$col = 'index_name'; +			break; + +			case 'mysql_40': +			case 'mysql_41': +				$sql = 'SHOW KEYS +					FROM ' . $table_name; +				$col = 'Key_name'; +			break; + +			case 'oracle': +				$sql = "SELECT index_name, table_owner +					FROM user_indexes +					WHERE table_name = '" . strtoupper($table_name) . "' +						AND generated = 'N' +						AND uniqueness = 'UNIQUE'"; +				$col = 'index_name'; +			break; + +			case 'sqlite': +				$sql = "PRAGMA index_list('" . $table_name . "');"; +				$col = 'name'; +			break; +		} + +		$result = $this->db->sql_query($sql); +		while ($row = $this->db->sql_fetchrow($result)) +		{ +			if (($this->sql_layer == 'mysql_40' || $this->sql_layer == 'mysql_41') && ($row['Non_unique'] || $row[$col] == 'PRIMARY')) +			{ +				continue; +			} + +			if ($this->sql_layer == 'sqlite' && !$row['unique']) +			{ +				continue; +			} + +			if ($this->sql_layer == 'postgres' && $row['indisunique'] != 't') +			{ +				continue; +			} + +			// These DBMS prefix index name with the table name +			switch ($this->sql_layer) +			{ +				case 'oracle': +					// Two cases here... prefixed with U_[table_owner] and not prefixed with table_name +					if (strpos($row[$col], 'U_') === 0) +					{ +						$row[$col] = substr($row[$col], strlen('U_' . $row['table_owner']) + 1); +					} +					else if (strpos($row[$col], strtoupper($table_name)) === 0) +					{ +						$row[$col] = substr($row[$col], strlen($table_name) + 1); +					} +				break; + +				case 'firebird': +				case 'postgres': +				case 'sqlite': +					$row[$col] = substr($row[$col], strlen($table_name) + 1); +				break; +			} + +			if (strtolower($row[$col]) == strtolower($index_name)) +			{ +				$this->db->sql_freeresult($result); +				return true; +			} +		} +		$this->db->sql_freeresult($result); + +		return false;  	}  	/** @@ -1139,6 +1451,11 @@ class phpbb_db_tools  	*/  	function sql_prepare_column_data($table_name, $column_name, $column_data)  	{ +		if (strlen($column_name) > 30) +		{ +			trigger_error("Column name '$column_name' on table '$table_name' is too long. The maximum is 30 characters.", E_USER_ERROR); +		} +  		// Get type  		if (strpos($column_data[0], ':') !== false)  		{ @@ -1371,24 +1688,29 @@ class phpbb_db_tools  		switch ($this->sql_layer)  		{  			case 'firebird': +				// Does not support AFTER statement, only POSITION (and there you need the column position)  				$statements[] = 'ALTER TABLE ' . $table_name . ' ADD "' . strtoupper($column_name) . '" ' . $column_data['column_type_sql'];  			break;  			case 'mssql':  			case 'mssqlnative': +				// Does not support AFTER, only through temporary table  				$statements[] = 'ALTER TABLE [' . $table_name . '] ADD [' . $column_name . '] ' . $column_data['column_type_sql_default'];  			break;  			case 'mysql_40':  			case 'mysql_41': -				$statements[] = 'ALTER TABLE `' . $table_name . '` ADD COLUMN `' . $column_name . '` ' . $column_data['column_type_sql']; +				$after = (!empty($column_data['after'])) ? ' AFTER ' . $column_data['after'] : ''; +				$statements[] = 'ALTER TABLE `' . $table_name . '` ADD COLUMN `' . $column_name . '` ' . $column_data['column_type_sql'] . $after;  			break;  			case 'oracle': +				// Does not support AFTER, only through temporary table  				$statements[] = 'ALTER TABLE ' . $table_name . ' ADD ' . $column_name . ' ' . $column_data['column_type_sql'];  			break;  			case 'postgres': +				// Does not support AFTER, only through temporary table  				if (version_compare($this->db->sql_server_info(true), '8.0', '>='))  				{  					$statements[] = 'ALTER TABLE ' . $table_name . ' ADD COLUMN "' . $column_name . '" ' . $column_data['column_type_sql']; @@ -1506,7 +1828,7 @@ class phpbb_db_tools  			break;  			case 'oracle': -				$statements[] = 'ALTER TABLE ' . $table_name . ' DROP ' . $column_name; +				$statements[] = 'ALTER TABLE ' . $table_name . ' DROP COLUMN ' . $column_name;  			break;  			case 'postgres': @@ -1657,6 +1979,7 @@ class phpbb_db_tools  					$statements[] = "DROP SEQUENCE {$row['referenced_name']}";  				}  				$this->db->sql_freeresult($result); +			break;  			case 'postgres':  				// PGSQL does not "tightly" bind sequences and tables, we must guess... @@ -1774,6 +2097,13 @@ class phpbb_db_tools  	{  		$statements = array(); +		$table_prefix = substr(CONFIG_TABLE, 0, -6); // strlen(config) +		if (strlen($table_name . $index_name) - strlen($table_prefix) > 24) +		{ +			$max_length = strlen($table_prefix) + 24; +			trigger_error("Index name '{$table_name}_$index_name' on table '$table_name' is too long. The maximum is $max_length characters.", E_USER_ERROR); +		} +  		switch ($this->sql_layer)  		{  			case 'firebird': @@ -1785,7 +2115,7 @@ class phpbb_db_tools  			case 'mysql_40':  			case 'mysql_41': -				$statements[] = 'CREATE UNIQUE INDEX ' . $index_name . ' ON ' . $table_name . '(' . implode(', ', $column) . ')'; +				$statements[] = 'ALTER TABLE ' . $table_name . ' ADD UNIQUE INDEX ' . $index_name . '(' . implode(', ', $column) . ')';  			break;  			case 'mssql': @@ -1804,6 +2134,13 @@ class phpbb_db_tools  	{  		$statements = array(); +		$table_prefix = substr(CONFIG_TABLE, 0, -6); // strlen(config) +		if (strlen($table_name . $index_name) - strlen($table_prefix) > 24) +		{ +			$max_length = strlen($table_prefix) + 24; +			trigger_error("Index name '{$table_name}_$index_name' on table '$table_name' is too long. The maximum is $max_length characters.", E_USER_ERROR); +		} +  		// remove index length unless MySQL4  		if ('mysql_40' != $this->sql_layer)  		{ @@ -1831,7 +2168,7 @@ class phpbb_db_tools  				}  			// no break  			case 'mysql_41': -				$statements[] = 'CREATE INDEX ' . $index_name . ' ON ' . $table_name . '(' . implode(', ', $column) . ')'; +				$statements[] = 'ALTER TABLE ' . $table_name . ' ADD INDEX ' . $index_name . '(' . implode(', ', $column) . ')';  			break;  			case 'mssql': @@ -1957,6 +2294,7 @@ class phpbb_db_tools  				}  				else  				{ +					// TODO: try to change pkey without removing trigger, generator or constraints. ATM this query may fail.  					$statements[] = 'ALTER TABLE ' . $table_name . ' ALTER COLUMN "' . strtoupper($column_name) . '" TYPE ' . ' ' . $column_data['column_type_sql_type'];  				}  			break; diff --git a/phpBB/includes/db/dbal.php b/phpBB/includes/db/dbal.php index eeddf1f41b..9cc337955b 100644 --- a/phpBB/includes/db/dbal.php +++ b/phpBB/includes/db/dbal.php @@ -195,6 +195,49 @@ class dbal  	}  	/** +	* Seek to given row number +	* rownum is zero-based +	*/ +	function sql_rowseek($rownum, &$query_id) +	{ +		global $cache; + +		if ($query_id === false) +		{ +			$query_id = $this->query_result; +		} + +		if (isset($cache->sql_rowset[$query_id])) +		{ +			return $cache->sql_rowseek($rownum, $query_id); +		} + +		if ($query_id === false) +		{ +			return false; +		} + +		$this->sql_freeresult($query_id); +		$query_id = $this->sql_query($this->last_query_text); + +		if ($query_id === false) +		{ +			return false; +		} + +		// We do not fetch the row for rownum == 0 because then the next resultset would be the second row +		for ($i = 0; $i < $rownum; $i++) +		{ +			if (!$this->sql_fetchrow($query_id)) +			{ +				return false; +			} +		} + +		return true; +	} + +	/**  	* Fetch field  	* if rownum is false, the current row is used, else it is pointing to the row (zero-based)  	*/ @@ -242,6 +285,16 @@ class dbal  	}  	/** +	* Returns whether results of a query need to be buffered to run a transaction while iterating over them. +	* +	* @return bool Whether buffering is required. +	*/ +	function sql_buffer_nested_transactions() +	{ +		return false; +	} + +	/**  	* SQL Transaction  	* @access private  	*/ @@ -448,6 +501,18 @@ class dbal  	}  	/** +	* Run LOWER() on DB column of type text (i.e. neither varchar nor char). +	* +	* @param string $column_name	The column name to use +	* +	* @return string				A SQL statement like "LOWER($column_name)" +	*/ +	function sql_lower_text($column_name) +	{ +		return "LOWER($column_name)"; +	} + +	/**  	* Run more than one insert statement.  	*  	* @param string $table table name to run the statements on @@ -599,7 +664,7 @@ class dbal  					}  				} -				$sql .= $this->_sql_custom_build('FROM', implode(', ', $table_array)); +				$sql .= $this->_sql_custom_build('FROM', implode(' CROSS JOIN ', $table_array));  				if (!empty($array['LEFT_JOIN']))  				{ @@ -652,12 +717,7 @@ class dbal  			// The DEBUG_EXTRA constant is for development only!  			if ((isset($auth) && $auth->acl_get('a_')) || defined('IN_INSTALL') || defined('DEBUG_EXTRA'))  			{ -				// Print out a nice backtrace... -				$backtrace = get_backtrace(); -  				$message .= ($sql) ? '<br /><br />SQL<br /><br />' . htmlspecialchars($sql) : ''; -				$message .= ($backtrace) ? '<br /><br />BACKTRACE<br />' . $backtrace : ''; -				$message .= '<br />';  			}  			else  			{ @@ -767,7 +827,7 @@ class dbal  							</div>  						</div>  						<div id="page-footer"> -							Powered by phpBB © 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a> +							Powered by <a href="http://www.phpbb.com/">phpBB</a>® Forum Software © phpBB Group  						</div>  					</div>  					</body> @@ -895,6 +955,41 @@ class dbal  		return true;  	} + +	/** +	* Gets the estimated number of rows in a specified table. +	* +	* @param string $table_name		Table name +	* +	* @return string				Number of rows in $table_name. +	*								Prefixed with ~ if estimated (otherwise exact). +	* +	* @access public +	*/ +	function get_estimated_row_count($table_name) +	{ +		return $this->get_row_count($table_name); +	} + +	/** +	* Gets the exact number of rows in a specified table. +	* +	* @param string $table_name		Table name +	* +	* @return string				Exact number of rows in $table_name. +	* +	* @access public +	*/ +	function get_row_count($table_name) +	{ +		$sql = 'SELECT COUNT(*) AS rows_total +			FROM ' . $this->sql_escape($table_name); +		$result = $this->sql_query($sql); +		$rows_total = $this->sql_fetchfield('rows_total'); +		$this->sql_freeresult($result); + +		return $rows_total; +	}  }  /** diff --git a/phpBB/includes/db/firebird.php b/phpBB/includes/db/firebird.php index 6f60dd5dad..7072c58ac0 100644 --- a/phpBB/includes/db/firebird.php +++ b/phpBB/includes/db/firebird.php @@ -28,6 +28,7 @@ class dbal_firebird extends dbal  	var $last_query_text = '';  	var $service_handle = false;  	var $affected_rows = 0; +	var $connect_error = '';  	/**  	* Connect to server @@ -53,9 +54,35 @@ class dbal_firebird extends dbal  			$use_database = $this->server . ':' . $this->dbname;  		} -		$this->db_connect_id = ($this->persistency) ? @ibase_pconnect($use_database, $this->user, $sqlpassword, false, false, 3) : @ibase_connect($use_database, $this->user, $sqlpassword, false, false, 3); +		if ($this->persistency) +		{ +			if (!function_exists('ibase_pconnect')) +			{ +				$this->connect_error = 'ibase_pconnect function does not exist, is interbase extension installed?'; +				return $this->sql_error(''); +			} +			$this->db_connect_id = @ibase_pconnect($use_database, $this->user, $sqlpassword, false, false, 3); +		} +		else +		{ +			if (!function_exists('ibase_connect')) +			{ +				$this->connect_error = 'ibase_connect function does not exist, is interbase extension installed?'; +				return $this->sql_error(''); +			} +			$this->db_connect_id = @ibase_connect($use_database, $this->user, $sqlpassword, false, false, 3); +		} -		$this->service_handle = (function_exists('ibase_service_attach') && $this->server) ? @ibase_service_attach($this->server, $this->user, $sqlpassword) : false; +		// Do not call ibase_service_attach if connection failed, +		// otherwise error message from ibase_(p)connect call will be clobbered. +		if ($this->db_connect_id && function_exists('ibase_service_attach') && $this->server) +		{ +			$this->service_handle = @ibase_service_attach($this->server, $this->user, $sqlpassword); +		} +		else +		{ +			$this->service_handle = false; +		}  		return ($this->db_connect_id) ? $this->db_connect_id : $this->sql_error('');  	} @@ -333,49 +360,6 @@ class dbal_firebird extends dbal  	}  	/** -	* Seek to given row number -	* rownum is zero-based -	*/ -	function sql_rowseek($rownum, &$query_id) -	{ -		global $cache; - -		if ($query_id === false) -		{ -			$query_id = $this->query_result; -		} - -		if (isset($cache->sql_rowset[$query_id])) -		{ -			return $cache->sql_rowseek($rownum, $query_id); -		} - -		if ($query_id === false) -		{ -			return; -		} - -		$this->sql_freeresult($query_id); -		$query_id = $this->sql_query($this->last_query_text); - -		if ($query_id === false) -		{ -			return false; -		} - -		// We do not fetch the row for rownum == 0 because then the next resultset would be the second row -		for ($i = 0; $i < $rownum; $i++) -		{ -			if (!$this->sql_fetchrow($query_id)) -			{ -				return false; -			} -		} - -		return true; -	} - -	/**  	* Get last inserted id after insert statement  	*/  	function sql_nextid() @@ -471,8 +455,24 @@ class dbal_firebird extends dbal  	*/  	function _sql_error()  	{ +		// Need special handling here because ibase_errmsg returns +		// connection errors, however if the interbase extension +		// is not installed then ibase_errmsg does not exist and +		// we cannot call it. +		if (function_exists('ibase_errmsg')) +		{ +			$msg = @ibase_errmsg(); +			if (!$msg) +			{ +				$msg = $this->connect_error; +			} +		} +		else +		{ +			$msg = $this->connect_error; +		}  		return array( -			'message'	=> @ibase_errmsg(), +			'message'	=> $msg,  			'code'		=> (@function_exists('ibase_errcode') ? @ibase_errcode() : '')  		);  	} diff --git a/phpBB/includes/db/mssql.php b/phpBB/includes/db/mssql.php index 6899a73902..b7178593dc 100644 --- a/phpBB/includes/db/mssql.php +++ b/phpBB/includes/db/mssql.php @@ -333,6 +333,14 @@ class dbal_mssql extends dbal  	}  	/** +	* {@inheritDoc} +	*/ +	function sql_lower_text($column_name) +	{ +		return "LOWER(SUBSTRING($column_name, 1, DATALENGTH($column_name)))"; +	} + +	/**  	* Build LIKE expression  	* @access private  	*/ diff --git a/phpBB/includes/db/mssql_odbc.php b/phpBB/includes/db/mssql_odbc.php index 75a080b1b7..2ecc42cadf 100644 --- a/phpBB/includes/db/mssql_odbc.php +++ b/phpBB/includes/db/mssql_odbc.php @@ -256,49 +256,6 @@ class dbal_mssql_odbc extends dbal  	}  	/** -	* Seek to given row number -	* rownum is zero-based -	*/ -	function sql_rowseek($rownum, &$query_id) -	{ -		global $cache; - -		if ($query_id === false) -		{ -			$query_id = $this->query_result; -		} - -		if (isset($cache->sql_rowset[$query_id])) -		{ -			return $cache->sql_rowseek($rownum, $query_id); -		} - -		if ($query_id === false) -		{ -			return false; -		} - -		$this->sql_freeresult($query_id); -		$query_id = $this->sql_query($this->last_query_text); - -		if ($query_id === false) -		{ -			return false; -		} - -		// We do not fetch the row for rownum == 0 because then the next resultset would be the second row -		for ($i = 0; $i < $rownum; $i++) -		{ -			if (!$this->sql_fetchrow($query_id)) -			{ -				return false; -			} -		} - -		return true; -	} - -	/**  	* Get last inserted id after insert statement  	*/  	function sql_nextid() @@ -354,6 +311,14 @@ class dbal_mssql_odbc extends dbal  	}  	/** +	* {@inheritDoc} +	*/ +	function sql_lower_text($column_name) +	{ +		return "LOWER(SUBSTRING($column_name, 1, DATALENGTH($column_name)))"; +	} + +	/**  	* Build LIKE expression  	* @access private  	*/ diff --git a/phpBB/includes/db/mssqlnative.php b/phpBB/includes/db/mssqlnative.php index 7ed4146f27..c91cc188b0 100644 --- a/phpBB/includes/db/mssqlnative.php +++ b/phpBB/includes/db/mssqlnative.php @@ -50,7 +50,7 @@ class result_mssqlnative  			}  		} -		$this->m_row_count = count($this->m_rows); +		$this->m_row_count = sizeof($this->m_rows);  	}  	private function array_to_obj($array, &$obj) @@ -259,6 +259,14 @@ class dbal_mssqlnative extends dbal  	}  	/** +	* {@inheritDoc} +	*/ +	function sql_buffer_nested_transactions() +	{ +		return true; +	} + +	/**  	* SQL Transaction  	* @access private  	*/ @@ -388,7 +396,7 @@ class dbal_mssqlnative extends dbal  	*/  	function sql_affectedrows()  	{ -		return ($this->db_connect_id) ? @sqlsrv_rows_affected($this->db_connect_id) : false; +		return (!empty($this->query_result)) ? @sqlsrv_rows_affected($this->query_result) : false;  	}  	/** @@ -432,24 +440,6 @@ class dbal_mssqlnative extends dbal  	}  	/** -	* Seek to given row number -	* rownum is zero-based -	*/ -	function sql_rowseek($rownum, &$query_id) -	{ -		global $cache; - -		if (isset($cache->sql_rowset[$query_id])) -		{ -			return $cache->sql_rowseek($rownum, $query_id); -		} - -		$seek = new result_mssqlnative($query_id); -		$row = $seek->seek($rownum); -		return ($row = $seek->fetch()) ? $row : false; -	} - -	/**  	* Get last inserted id after insert statement  	*/  	function sql_nextid() @@ -503,6 +493,14 @@ class dbal_mssqlnative extends dbal  	}  	/** +	* {@inheritDoc} +	*/ +	function sql_lower_text($column_name) +	{ +		return "LOWER(SUBSTRING($column_name, 1, DATALENGTH($column_name)))"; +	} + +	/**  	* Build LIKE expression  	* @access private  	*/ @@ -628,7 +626,7 @@ class dbal_mssqlnative extends dbal  			return false;  		}  	} -	 +  	/**  	* Allows setting mssqlnative specific query options passed to sqlsrv_query as 4th parameter.  	*/ diff --git a/phpBB/includes/db/mysql.php b/phpBB/includes/db/mysql.php index 1e24c79577..1ccb785150 100644 --- a/phpBB/includes/db/mysql.php +++ b/phpBB/includes/db/mysql.php @@ -319,6 +319,76 @@ class dbal_mysql extends dbal  	}  	/** +	* Gets the estimated number of rows in a specified table. +	* +	* @param string $table_name		Table name +	* +	* @return string				Number of rows in $table_name. +	*								Prefixed with ~ if estimated (otherwise exact). +	* +	* @access public +	*/ +	function get_estimated_row_count($table_name) +	{ +		$table_status = $this->get_table_status($table_name); + +		if (isset($table_status['Engine'])) +		{ +			if ($table_status['Engine'] === 'MyISAM') +			{ +				return $table_status['Rows']; +			} +			else if ($table_status['Engine'] === 'InnoDB' && $table_status['Rows'] > 100000) +			{ +				return '~' . $table_status['Rows']; +			} +		} + +		return parent::get_row_count($table_name); +	} + +	/** +	* Gets the exact number of rows in a specified table. +	* +	* @param string $table_name		Table name +	* +	* @return string				Exact number of rows in $table_name. +	* +	* @access public +	*/ +	function get_row_count($table_name) +	{ +		$table_status = $this->get_table_status($table_name); + +		if (isset($table_status['Engine']) && $table_status['Engine'] === 'MyISAM') +		{ +			return $table_status['Rows']; +		} + +		return parent::get_row_count($table_name); +	} + +	/** +	* Gets some information about the specified table. +	* +	* @param string $table_name		Table name +	* +	* @return array +	* +	* @access protected +	*/ +	function get_table_status($table_name) +	{ +		$sql = "SHOW TABLE STATUS +			LIKE '" . $this->sql_escape($table_name) . "'"; +		$result = $this->sql_query($sql); +		$table_status = $this->sql_fetchrow($result); +		$this->sql_freeresult($result); + +		return $table_status; +	} + +	/**  	* Build LIKE expression  	* @access private  	*/ diff --git a/phpBB/includes/db/mysqli.php b/phpBB/includes/db/mysqli.php index 862d62f4ba..a311b8cda6 100644 --- a/phpBB/includes/db/mysqli.php +++ b/phpBB/includes/db/mysqli.php @@ -33,14 +33,33 @@ class dbal_mysqli extends dbal  	*/  	function sql_connect($sqlserver, $sqluser, $sqlpassword, $database, $port = false, $persistency = false , $new_link = false)  	{ -		$this->persistency = $persistency; +		// Mysqli extension supports persistent connection since PHP 5.3.0 +		$this->persistency = (version_compare(PHP_VERSION, '5.3.0', '>=')) ? $persistency : false;  		$this->user = $sqluser; -		$this->server = $sqlserver; + +		// If persistent connection, set dbhost to localhost when empty and prepend it with 'p:' prefix +		$this->server = ($this->persistency) ? 'p:' . (($sqlserver) ? $sqlserver : 'localhost') : $sqlserver; +  		$this->dbname = $database;  		$port = (!$port) ? NULL : $port; -		// Persistant connections not supported by the mysqli extension? -		$this->db_connect_id = @mysqli_connect($this->server, $this->user, $sqlpassword, $this->dbname, $port); +		// If port is set and it is not numeric, most likely mysqli socket is set. +		// Try to map it to the $socket parameter. +		$socket = NULL; +		if ($port) +		{ +			if (is_numeric($port)) +			{ +				$port = (int) $port; +			} +			else +			{ +				$socket = $port; +				$port = NULL; +			} +		} + +		$this->db_connect_id = @mysqli_connect($this->server, $this->user, $sqlpassword, $this->dbname, $port, $socket);  		if ($this->db_connect_id && $this->dbname != '')  		{ @@ -230,7 +249,13 @@ class dbal_mysqli extends dbal  			return $cache->sql_fetchrow($query_id);  		} -		return ($query_id !== false) ? @mysqli_fetch_assoc($query_id) : false; +		if ($query_id !== false) +		{ +			$result = @mysqli_fetch_assoc($query_id); +			return $result !== null ? $result : false; +		} + +		return false;  	}  	/** @@ -291,6 +316,76 @@ class dbal_mysqli extends dbal  	}  	/** +	* Gets the estimated number of rows in a specified table. +	* +	* @param string $table_name		Table name +	* +	* @return string				Number of rows in $table_name. +	*								Prefixed with ~ if estimated (otherwise exact). +	* +	* @access public +	*/ +	function get_estimated_row_count($table_name) +	{ +		$table_status = $this->get_table_status($table_name); + +		if (isset($table_status['Engine'])) +		{ +			if ($table_status['Engine'] === 'MyISAM') +			{ +				return $table_status['Rows']; +			} +			else if ($table_status['Engine'] === 'InnoDB' && $table_status['Rows'] > 100000) +			{ +				return '~' . $table_status['Rows']; +			} +		} + +		return parent::get_row_count($table_name); +	} + +	/** +	* Gets the exact number of rows in a specified table. +	* +	* @param string $table_name		Table name +	* +	* @return string				Exact number of rows in $table_name. +	* +	* @access public +	*/ +	function get_row_count($table_name) +	{ +		$table_status = $this->get_table_status($table_name); + +		if (isset($table_status['Engine']) && $table_status['Engine'] === 'MyISAM') +		{ +			return $table_status['Rows']; +		} + +		return parent::get_row_count($table_name); +	} + +	/** +	* Gets some information about the specified table. +	* +	* @param string $table_name		Table name +	* +	* @return array +	* +	* @access protected +	*/ +	function get_table_status($table_name) +	{ +		$sql = "SHOW TABLE STATUS +			LIKE '" . $this->sql_escape($table_name) . "'"; +		$result = $this->sql_query($sql); +		$table_status = $this->sql_fetchrow($result); +		$this->sql_freeresult($result); + +		return $table_status; +	} + +	/**  	* Build LIKE expression  	* @access private  	*/ diff --git a/phpBB/includes/db/oracle.php b/phpBB/includes/db/oracle.php index c8a9a5f604..62b36aa8bf 100644 --- a/phpBB/includes/db/oracle.php +++ b/phpBB/includes/db/oracle.php @@ -269,11 +269,12 @@ class dbal_oracle extends dbal  						{  							$cols = explode(', ', $regs[2]); +							preg_match_all('/\'(?:[^\']++|\'\')*+\'|[\d-.]+/', $regs[3], $vals, PREG_PATTERN_ORDER); +  /*						The code inside this comment block breaks clob handling, but does allow the  						database restore script to work.  If you want to allow no posts longer than 4KB  						and/or need the db restore script, uncomment this. -							preg_match_all('/\'(?:[^\']++|\'\')*+\'|[\d-.]+/', $regs[3], $vals, PREG_PATTERN_ORDER);  							if (sizeof($cols) !== sizeof($vals))  							{ diff --git a/phpBB/includes/db/postgres.php b/phpBB/includes/db/postgres.php index 4360c790a1..bb116e0763 100644 --- a/phpBB/includes/db/postgres.php +++ b/phpBB/includes/db/postgres.php @@ -18,6 +18,11 @@ if (!defined('IN_PHPBB'))  include_once($phpbb_root_path . 'includes/db/dbal.' . $phpEx); +if (!class_exists('phpbb_error_collector')) +{ +	include($phpbb_root_path . 'includes/error_collector.' . $phpEx); +} +  /**  * PostgreSQL Database Abstraction Layer  * Minimum Requirement is Version 7.3+ @@ -26,6 +31,7 @@ include_once($phpbb_root_path . 'includes/db/dbal.' . $phpEx);  class dbal_postgres extends dbal  {  	var $last_query_text = ''; +	var $connect_error = '';  	/**  	* Connect to server @@ -81,13 +87,29 @@ class dbal_postgres extends dbal  		if ($this->persistency)  		{ +			if (!function_exists('pg_pconnect')) +			{ +				$this->connect_error = 'pg_pconnect function does not exist, is pgsql extension installed?'; +				return $this->sql_error(''); +			} +			$collector = new phpbb_error_collector; +			$collector->install();  			$this->db_connect_id = (!$new_link) ? @pg_pconnect($connect_string) : @pg_pconnect($connect_string, PGSQL_CONNECT_FORCE_NEW);  		}  		else  		{ +			if (!function_exists('pg_connect')) +			{ +				$this->connect_error = 'pg_connect function does not exist, is pgsql extension installed?'; +				return $this->sql_error(''); +			} +			$collector = new phpbb_error_collector; +			$collector->install();  			$this->db_connect_id = (!$new_link) ? @pg_connect($connect_string) : @pg_connect($connect_string, PGSQL_CONNECT_FORCE_NEW);  		} +		$collector->uninstall(); +  		if ($this->db_connect_id)  		{  			if (version_compare($this->sql_server_info(true), '8.2', '>=')) @@ -102,6 +124,7 @@ class dbal_postgres extends dbal  			return $this->db_connect_id;  		} +		$this->connect_error = $collector->format_errors();  		return $this->sql_error('');  	} @@ -371,8 +394,19 @@ class dbal_postgres extends dbal  	*/  	function _sql_error()  	{ +		// pg_last_error only works when there is an established connection. +		// Connection errors have to be tracked by us manually. +		if ($this->db_connect_id) +		{ +			$message = @pg_last_error($this->db_connect_id); +		} +		else +		{ +			$message = $this->connect_error; +		} +  		return array( -			'message'	=> (!$this->db_connect_id) ? @pg_last_error() : @pg_last_error($this->db_connect_id), +			'message'	=> $message,  			'code'		=> ''  		);  	} diff --git a/phpBB/includes/error_collector.php b/phpBB/includes/error_collector.php new file mode 100644 index 0000000000..3c0a89a1f3 --- /dev/null +++ b/phpBB/includes/error_collector.php @@ -0,0 +1,63 @@ +<?php +/** +* +* @package phpBB +* @version $Id$ +* @copyright (c) 2011 phpBB Group +* @license http://opensource.org/licenses/gpl-license.php GNU Public License +* +*/ + +/** +* @ignore +*/ +if (!defined('IN_PHPBB')) +{ +	exit; +} + +class phpbb_error_collector +{ +	var $errors; + +	function phpbb_error_collector() +	{ +		$this->errors = array(); +	} + +	function install() +	{ +		set_error_handler(array(&$this, 'error_handler')); +	} + +	function uninstall() +	{ +		restore_error_handler(); +	} + +	function error_handler($errno, $msg_text, $errfile, $errline) +	{ +		$this->errors[] = array($errno, $msg_text, $errfile, $errline); +	} + +	function format_errors() +	{ +		$text = ''; +		foreach ($this->errors as $error) +		{ +			if (!empty($text)) +			{ +				$text .= "<br />\n"; +			} + +			list($errno, $msg_text, $errfile, $errline) = $error; + +			// Prevent leakage of local path to phpBB install +			$errfile = phpbb_filter_root_path($errfile); + +			$text .= "Errno $errno: $msg_text at $errfile line $errline"; +		} + +		return $text; +	} +} diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 561a9906c4..5914831539 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -175,8 +175,13 @@ function set_config_count($config_name, $increment, $is_dynamic = false)  	switch ($db->sql_layer)  	{  		case 'firebird': +			// Precision must be from 1 to 18 +			$sql_update = 'CAST(CAST(config_value as DECIMAL(18, 0)) + ' . (int) $increment . ' as VARCHAR(255))'; +		break; +  		case 'postgres': -			$sql_update = 'CAST(CAST(config_value as DECIMAL(255, 0)) + ' . (int) $increment . ' as VARCHAR(255))'; +			// Need to cast to text first for PostgreSQL 7.x +			$sql_update = 'CAST(CAST(config_value::text as DECIMAL(255, 0)) + ' . (int) $increment . ' as VARCHAR(255))';  		break;  		// MySQL, SQlite, mssql, mssql_odbc, oracle @@ -236,8 +241,8 @@ function unique_id($extra = 'c')  	if ($dss_seeded !== true && ($config['rand_seed_last_update'] < time() - rand(1,10)))  	{ -		set_config('rand_seed', $config['rand_seed'], true);  		set_config('rand_seed_last_update', time(), true); +		set_config('rand_seed', $config['rand_seed'], true);  		$dss_seeded = true;  	} @@ -245,6 +250,43 @@ function unique_id($extra = 'c')  }  /** +* Wrapper for mt_rand() which allows swapping $min and $max parameters. +* +* PHP does not allow us to swap the order of the arguments for mt_rand() anymore. +* (since PHP 5.3.4, see http://bugs.php.net/46587) +* +* @param int $min		Lowest value to be returned +* @param int $max		Highest value to be returned +* +* @return int			Random integer between $min and $max (or $max and $min) +*/ +function phpbb_mt_rand($min, $max) +{ +	return ($min > $max) ? mt_rand($max, $min) : mt_rand($min, $max); +} + +/** +* Wrapper for getdate() which returns the equivalent array for UTC timestamps. +* +* @param int $time		Unix timestamp (optional) +* +* @return array			Returns an associative array of information related to the timestamp. +*						See http://www.php.net/manual/en/function.getdate.php +*/ +function phpbb_gmgetdate($time = false) +{ +	if ($time === false) +	{ +		$time = time(); +	} + +	// getdate() interprets timestamps in local time. +	// What follows uses the fact that getdate() and +	// date('Z') balance each other out. +	return getdate($time - date('Z')); +} + +/**  * Return formatted string for filesizes  *  * @param int	$value			filesize in bytes @@ -512,7 +554,7 @@ function _hash_crypt_private($password, $setting, &$itoa64)  	$output = '*';  	// Check for correct hash -	if (substr($setting, 0, 3) != '$H$') +	if (substr($setting, 0, 3) != '$H$' && substr($setting, 0, 3) != '$P$')  	{  		return $output;  	} @@ -578,6 +620,34 @@ function phpbb_email_hash($email)  }  /** +* Wrapper for version_compare() that allows using uppercase A and B +* for alpha and beta releases. +* +* See http://www.php.net/manual/en/function.version-compare.php +* +* @param string $version1		First version number +* @param string $version2		Second version number +* @param string $operator		Comparison operator (optional) +* +* @return mixed					Boolean (true, false) if comparison operator is specified. +*								Integer (-1, 0, 1) otherwise. +*/ +function phpbb_version_compare($version1, $version2, $operator = null) +{ +	$version1 = strtolower($version1); +	$version2 = strtolower($version2); + +	if (is_null($operator)) +	{ +		return version_compare($version1, $version2); +	} +	else +	{ +		return version_compare($version1, $version2, $operator); +	} +} + +/**  * Global function for chmodding directories and files for internal use  *  * This function determines owner and group whom the file belongs to and user and group of PHP and then set safest possible file permissions. @@ -1698,7 +1768,7 @@ function get_unread_topics($user_id = false, $sql_extra = '', $sql_sort = '', $s  	if ($config['load_db_lastread'] && $user->data['is_registered'])  	{  		// Get list of the unread topics -		$last_mark = $user->data['user_lastmark']; +		$last_mark = (int) $user->data['user_lastmark'];  		$sql_array = array(  			'SELECT'		=> 't.topic_id, t.topic_last_post_time, tt.mark_time as topic_mark_time, ft.mark_time as forum_mark_time', @@ -1717,10 +1787,11 @@ function get_unread_topics($user_id = false, $sql_extra = '', $sql_sort = '', $s  			),  			'WHERE'			=> " +				 t.topic_last_post_time > $last_mark AND  				(  				(tt.mark_time IS NOT NULL AND t.topic_last_post_time > tt.mark_time) OR  				(tt.mark_time IS NULL AND ft.mark_time IS NOT NULL AND t.topic_last_post_time > ft.mark_time) OR -				(tt.mark_time IS NULL AND ft.mark_time IS NULL AND t.topic_last_post_time > $last_mark) +				(tt.mark_time IS NULL AND ft.mark_time IS NULL)  				)  				$sql_extra  				$sql_sort", @@ -1809,7 +1880,7 @@ function get_unread_topics($user_id = false, $sql_extra = '', $sql_sort = '', $s  */  function update_forum_tracking_info($forum_id, $forum_last_post_time, $f_mark_time = false, $mark_time_forum = false)  { -	global $db, $tracking_topics, $user, $config; +	global $db, $tracking_topics, $user, $config, $auth;  	// Determine the users last forum mark time if not given.  	if ($mark_time_forum === false) @@ -1832,6 +1903,10 @@ function update_forum_tracking_info($forum_id, $forum_last_post_time, $f_mark_ti  		}  	} +	// Handle update of unapproved topics info. +	// Only update for moderators having m_approve permission for the forum. +	$sql_update_unapproved = ($auth->acl_get('m_approve', $forum_id)) ? '': 'AND t.topic_approved = 1'; +  	// Check the forum for any left unread topics.  	// If there are none, we mark the forum as read.  	if ($config['load_db_lastread'] && $user->data['is_registered']) @@ -1843,13 +1918,17 @@ function update_forum_tracking_info($forum_id, $forum_last_post_time, $f_mark_ti  		}  		else  		{ -			$sql = 'SELECT t.forum_id FROM ' . TOPICS_TABLE . ' t -				LEFT JOIN ' . TOPICS_TRACK_TABLE . ' tt ON (tt.topic_id = t.topic_id AND tt.user_id = ' . $user->data['user_id'] . ') +			$sql = 'SELECT t.forum_id +				FROM ' . TOPICS_TABLE . ' t +				LEFT JOIN ' . TOPICS_TRACK_TABLE . ' tt +					ON (tt.topic_id = t.topic_id +						AND tt.user_id = ' . $user->data['user_id'] . ')  				WHERE t.forum_id = ' . $forum_id . '  					AND t.topic_last_post_time > ' . $mark_time_forum . ' -					AND t.topic_moved_id = 0 -					AND (tt.topic_id IS NULL OR tt.mark_time < t.topic_last_post_time) -				GROUP BY t.forum_id'; +					AND t.topic_moved_id = 0 ' . +					$sql_update_unapproved . ' +					AND (tt.topic_id IS NULL +						OR tt.mark_time < t.topic_last_post_time)';  			$result = $db->sql_query_limit($sql, 1);  			$row = $db->sql_fetchrow($result);  			$db->sql_freeresult($result); @@ -1867,11 +1946,12 @@ function update_forum_tracking_info($forum_id, $forum_last_post_time, $f_mark_ti  		}  		else  		{ -			$sql = 'SELECT topic_id -				FROM ' . TOPICS_TABLE . ' -				WHERE forum_id = ' . $forum_id . ' -					AND topic_last_post_time > ' . $mark_time_forum . ' -					AND topic_moved_id = 0'; +			$sql = 'SELECT t.topic_id +				FROM ' . TOPICS_TABLE . ' t +				WHERE t.forum_id = ' . $forum_id . ' +					AND t.topic_last_post_time > ' . $mark_time_forum . ' +					AND t.topic_moved_id = 0 ' . +					$sql_update_unapproved;  			$result = $db->sql_query($sql);  			$check_forum = $tracking_topics['tf'][$forum_id]; @@ -2056,7 +2136,7 @@ function generate_pagination($base_url, $num_items, $per_page, $start_item, $add  		$start_cnt = min(max(1, $on_page - 4), $total_pages - 5);  		$end_cnt = max(min($total_pages, $on_page + 4), 6); -		$page_string .= ($start_cnt > 1) ? ' ... ' : $seperator; +		$page_string .= ($start_cnt > 1) ? '<span class="page-dots"> ... </span>' : $seperator;  		for ($i = $start_cnt + 1; $i < $end_cnt; $i++)  		{ @@ -2067,7 +2147,7 @@ function generate_pagination($base_url, $num_items, $per_page, $start_item, $add  			}  		} -		$page_string .= ($end_cnt < $total_pages) ? ' ... ' : $seperator; +		$page_string .= ($end_cnt < $total_pages) ? '<span class="page-dots"> ... </span>' : $seperator;  	}  	else  	{ @@ -2154,6 +2234,12 @@ function append_sid($url, $params = false, $is_amp = true, $session_id = false)  {  	global $_SID, $_EXTRA_URL, $phpbb_hook; +	if ($params === '' || (is_array($params) && empty($params))) +	{ +		// Do not append the ? if the param-list is empty anyway. +		$params = false; +	} +  	// Developers using the hook function need to globalise the $_SID and $_EXTRA_URL on their own and also handle it appropriately.  	// They could mimic most of what is within this function  	if (!empty($phpbb_hook) && $phpbb_hook->call_hook(__FUNCTION__, $url, $params, $is_amp, $session_id)) @@ -2248,7 +2334,10 @@ function append_sid($url, $params = false, $is_amp = true, $session_id = false)  /**  * Generate board url (example: http://www.example.com/phpBB) +*  * @param bool $without_script_path if set to true the script path gets not appended (example: http://www.example.com) +* +* @return string the generated board url  */  function generate_board_url($without_script_path = false)  { @@ -2353,12 +2442,12 @@ function redirect($url, $return = false, $disable_cd_check = false)  		// Relative uri  		$pathinfo = pathinfo($url); -		if (!$disable_cd_check && !file_exists($pathinfo['dirname'])) +		if (!$disable_cd_check && !file_exists($pathinfo['dirname'] . '/'))  		{  			$url = str_replace('../', '', $url);  			$pathinfo = pathinfo($url); -			if (!file_exists($pathinfo['dirname'])) +			if (!file_exists($pathinfo['dirname'] . '/'))  			{  				// fallback to "last known user page"  				// at least this way we know the user does not leave the phpBB root @@ -2630,9 +2719,9 @@ function send_status_line($code, $message)  	}  	else  	{ -		if (isset($_SERVER['HTTP_VERSION'])) +		if (!empty($_SERVER['SERVER_PROTOCOL']))  		{ -			$version = $_SERVER['HTTP_VERSION']; +			$version = $_SERVER['SERVER_PROTOCOL'];  		}  		else  		{ @@ -3236,6 +3325,11 @@ function parse_cfg_file($filename, $lines = false)  		$parsed_items[$key] = $value;  	} +	 +	if (isset($parsed_items['inherit_from']) && isset($parsed_items['name']) && $parsed_items['inherit_from'] == $parsed_items['name']) +	{ +		unset($parsed_items['inherit_from']); +	}  	return $parsed_items;  } @@ -3307,61 +3401,44 @@ function add_log()  }  /** -* Return a nicely formatted backtrace (parts from the php manual by diz at ysagoon dot com) +* Return a nicely formatted backtrace. +* +* Turns the array returned by debug_backtrace() into HTML markup. +* Also filters out absolute paths to phpBB root. +* +* @return string	HTML markup  */  function get_backtrace()  { -	global $phpbb_root_path; -  	$output = '<div style="font-family: monospace;">';  	$backtrace = debug_backtrace(); -	$path = phpbb_realpath($phpbb_root_path); -	foreach ($backtrace as $number => $trace) -	{ -		// We skip the first one, because it only shows this file/function -		if ($number == 0) -		{ -			continue; -		} +	// We skip the first one, because it only shows this file/function +	unset($backtrace[0]); +	foreach ($backtrace as $trace) +	{  		// Strip the current directory from path -		if (empty($trace['file'])) -		{ -			$trace['file'] = ''; -		} -		else -		{ -			$trace['file'] = str_replace(array($path, '\\'), array('', '/'), $trace['file']); -			$trace['file'] = substr($trace['file'], 1); -		} -		$args = array(); +		$trace['file'] = (empty($trace['file'])) ? '(not given by php)' : htmlspecialchars(phpbb_filter_root_path($trace['file'])); +		$trace['line'] = (empty($trace['line'])) ? '(not given by php)' : $trace['line']; -		// If include/require/include_once is not called, do not show arguments - they may contain sensible information -		if (!in_array($trace['function'], array('include', 'require', 'include_once'))) -		{ -			unset($trace['args']); -		} -		else +		// Only show function arguments for include etc. +		// Other parameters may contain sensible information +		$argument = ''; +		if (!empty($trace['args'][0]) && in_array($trace['function'], array('include', 'require', 'include_once', 'require_once')))  		{ -			// Path... -			if (!empty($trace['args'][0])) -			{ -				$argument = htmlspecialchars($trace['args'][0]); -				$argument = str_replace(array($path, '\\'), array('', '/'), $argument); -				$argument = substr($argument, 1); -				$args[] = "'{$argument}'"; -			} +			$argument = htmlspecialchars(phpbb_filter_root_path($trace['args'][0]));  		}  		$trace['class'] = (!isset($trace['class'])) ? '' : $trace['class'];  		$trace['type'] = (!isset($trace['type'])) ? '' : $trace['type'];  		$output .= '<br />'; -		$output .= '<b>FILE:</b> ' . htmlspecialchars($trace['file']) . '<br />'; +		$output .= '<b>FILE:</b> ' . $trace['file'] . '<br />';  		$output .= '<b>LINE:</b> ' . ((!empty($trace['line'])) ? $trace['line'] : '') . '<br />'; -		$output .= '<b>CALL:</b> ' . htmlspecialchars($trace['class'] . $trace['type'] . $trace['function']) . '(' . ((sizeof($args)) ? implode(', ', $args) : '') . ')<br />'; +		$output .= '<b>CALL:</b> ' . htmlspecialchars($trace['class'] . $trace['type'] . $trace['function']); +		$output .= '(' . (($argument !== '') ? "'$argument'" : '') . ')<br />';  	}  	$output .= '</div>';  	return $output; @@ -3379,7 +3456,7 @@ function get_preg_expression($mode)  		case 'email':  			// Regex written by James Watts and Francisco Jose Martin Moreno  			// http://fightingforalostcause.net/misc/2006/compare-email-regex.php -			return '([\w\!\#$\%\&\'\*\+\-\/\=\?\^\`{\|\}\~]+\.)*(?:[\w\!\#$\%\'\*\+\-\/\=\?\^\`{\|\}\~]|&)+@((((([a-z0-9]{1}[a-z0-9\-]{0,62}[a-z0-9]{1})|[a-z])\.)+[a-z]{2,6})|(\d{1,3}\.){3}\d{1,3}(\:\d{1,5})?)'; +			return '([\w\!\#$\%\&\'\*\+\-\/\=\?\^\`{\|\}\~]+\.)*(?:[\w\!\#$\%\'\*\+\-\/\=\?\^\`{\|\}\~]|&)+@((((([a-z0-9]{1}[a-z0-9\-]{0,62}[a-z0-9]{1})|[a-z])\.)+[a-z]{2,63})|(\d{1,3}\.){3}\d{1,3}(\:\d{1,5})?)';  		break;  		case 'bbcode_htm': @@ -3423,12 +3500,58 @@ function get_preg_expression($mode)  			$inline = ($mode == 'relative_url') ? ')' : '';  			return "(?:[a-z0-9\-._~!$&'($inline*+,;=:@|]+|%[\dA-F]{2})*(?:/(?:[a-z0-9\-._~!$&'($inline*+,;=:@|]+|%[\dA-F]{2})*)*(?:\?(?:[a-z0-9\-._~!$&'($inline*+,;=:@/?|]+|%[\dA-F]{2})*)?(?:\#(?:[a-z0-9\-._~!$&'($inline*+,;=:@/?|]+|%[\dA-F]{2})*)?";  		break; + +		case 'table_prefix': +			return '#^[a-zA-Z][a-zA-Z0-9_]*$#'; +		break;  	}  	return '';  }  /** +* Generate regexp for naughty words censoring +* Depends on whether installed PHP version supports unicode properties +* +* @param string	$word			word template to be replaced +* @param bool	$use_unicode	whether or not to take advantage of PCRE supporting unicode +* +* @return string $preg_expr		regex to use with word censor +*/ +function get_censor_preg_expression($word, $use_unicode = true) +{ +	static $unicode_support = null; + +	// Check whether PHP version supports unicode properties +	if (is_null($unicode_support)) +	{ +		$unicode_support = ((version_compare(PHP_VERSION, '5.1.0', '>=') || (version_compare(PHP_VERSION, '5.0.0-dev', '<=') && version_compare(PHP_VERSION, '4.4.0', '>='))) && @preg_match('/\p{L}/u', 'a') !== false) ? true : false; +	} + +	// Unescape the asterisk to simplify further conversions +	$word = str_replace('\*', '*', preg_quote($word, '#')); + +	if ($use_unicode && $unicode_support) +	{ +		// Replace asterisk(s) inside the pattern, at the start and at the end of it with regexes +		$word = preg_replace(array('#(?<=[\p{Nd}\p{L}_])\*+(?=[\p{Nd}\p{L}_])#iu', '#^\*+#', '#\*+$#'), array('([\x20]*?|[\p{Nd}\p{L}_-]*?)', '[\p{Nd}\p{L}_-]*?', '[\p{Nd}\p{L}_-]*?'), $word); + +		// Generate the final substitution +		$preg_expr = '#(?<![\p{Nd}\p{L}_-])(' . $word . ')(?![\p{Nd}\p{L}_-])#iu'; +	} +	else +	{ +		// Replace the asterisk inside the pattern, at the start and at the end of it with regexes +		$word = preg_replace(array('#(?<=\S)\*+(?=\S)#iu', '#^\*+#', '#\*+$#'), array('(\x20*?\S*?)', '\S*?', '\S*?'), $word); + +		// Generate the final substitution +		$preg_expr = '#(?<!\S)(' . $word . ')(?!\S)#iu'; +	} + +	return $preg_expr; +} + +/**  * Returns the first block of the specified IPv6 address and as many additional  * ones as specified in the length paramater.  * If length is zero, then an empty string is returned. @@ -3501,7 +3624,7 @@ function phpbb_checkdnsrr($host, $type = 'MX')  	// but until 5.3.3 it only works for MX records  	// See: http://bugs.php.net/bug.php?id=51844 -	// Call checkdnsrr() if  +	// Call checkdnsrr() if  	// we're looking for an MX record or  	// we're not on Windows or  	// we're running a PHP version where #51844 has been fixed @@ -3521,7 +3644,7 @@ function phpbb_checkdnsrr($host, $type = 'MX')  	// dns_get_record() is available since PHP 5; since PHP 5.3 also on Windows,  	// but on Windows it does not work reliable for AAAA records before PHP 5.3.1 -	// Call dns_get_record() if  +	// Call dns_get_record() if  	// we're not looking for an AAAA record or  	// we're not on Windows or  	// we're running a PHP version where AAAA lookups work reliable @@ -3551,7 +3674,7 @@ function phpbb_checkdnsrr($host, $type = 'MX')  		foreach ($resultset as $result)  		{  			if ( -				isset($result['host']) && $result['host'] == $host &&  +				isset($result['host']) && $result['host'] == $host &&  				isset($result['type']) && $result['type'] == $type  			)  			{ @@ -3613,10 +3736,19 @@ function phpbb_checkdnsrr($host, $type = 'MX')  					{  						return true;  					} +				break;  				default: -				case 'A':  				case 'AAAA': +					// AAAA records returned by nslookup on Windows XP/2003 have this format. +					// Later Windows versions use the A record format below for AAAA records. +					if (stripos($line, "$host AAAA IPv6 address") === 0) +					{ +						return true; +					} +				// No break + +				case 'A':  					if (!empty($host_matches))  					{  						// Second line @@ -3685,25 +3817,10 @@ function msg_handler($errno, $msg_text, $errfile, $errline)  			if (strpos($errfile, 'cache') === false && strpos($errfile, 'template.') === false)  			{ -				// flush the content, else we get a white page if output buffering is on -				if ((int) @ini_get('output_buffering') === 1 || strtolower(@ini_get('output_buffering')) === 'on') -				{ -					@ob_flush(); -				} - -				// Another quick fix for those having gzip compression enabled, but do not flush if the coder wants to catch "something". ;) -				if (!empty($config['gzip_compress'])) -				{ -					if (@extension_loaded('zlib') && !headers_sent() && !ob_get_level()) -					{ -						@ob_flush(); -					} -				} - -				// remove complete path to installation, with the risk of changing backslashes meant to be there -				$errfile = str_replace(array(phpbb_realpath($phpbb_root_path), '\\'), array('', '/'), $errfile); -				$msg_text = str_replace(array(phpbb_realpath($phpbb_root_path), '\\'), array('', '/'), $msg_text); -				echo '<b>[phpBB Debug] PHP Notice</b>: in file <b>' . $errfile . '</b> on line <b>' . $errline . '</b>: <b>' . $msg_text . '</b><br />' . "\n"; +				$errfile = phpbb_filter_root_path($errfile); +				$msg_text = phpbb_filter_root_path($msg_text); +				$error_name = ($errno === E_WARNING) ? 'PHP Warning' : 'PHP Notice'; +				echo '<b>[phpBB Debug] ' . $error_name . '</b>: in file <b>' . $errfile . '</b> on line <b>' . $errline . '</b>: <b>' . $msg_text . '</b><br />' . "\n";  				// we are writing an image - the user won't see the debug, so let's place it in the log  				if (defined('IMAGE_OUTPUT') || defined('IN_CRON')) @@ -3744,11 +3861,23 @@ function msg_handler($errno, $msg_text, $errfile, $errline)  				}  			} +			$log_text = $msg_text; +			$backtrace = get_backtrace(); +			if ($backtrace) +			{ +				$log_text .= '<br /><br />BACKTRACE<br />' . $backtrace; +			} + +			if (defined('IN_INSTALL') || defined('DEBUG_EXTRA') || isset($auth) && $auth->acl_get('a_')) +			{ +				$msg_text = $log_text; +			} +  			if ((defined('DEBUG') || defined('IN_CRON') || defined('IMAGE_OUTPUT')) && isset($db))  			{  				// let's avoid loops  				$db->sql_return_on_error(true); -				add_log('critical', 'LOG_GENERAL_ERROR', $msg_title, $msg_text); +				add_log('critical', 'LOG_GENERAL_ERROR', $msg_title, $log_text);  				$db->sql_return_on_error(false);  			} @@ -3792,7 +3921,7 @@ function msg_handler($errno, $msg_text, $errfile, $errline)  			echo '	</div>';  			echo '	</div>';  			echo '	<div id="page-footer">'; -			echo '		Powered by phpBB © 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a>'; +			echo '		Powered by <a href="http://www.phpbb.com/">phpBB</a>® Forum Software © phpBB Group';  			echo '	</div>';  			echo '</div>';  			echo '</body>'; @@ -3880,6 +4009,29 @@ function msg_handler($errno, $msg_text, $errfile, $errline)  }  /** +* Removes absolute path to phpBB root directory from error messages +* and converts backslashes to forward slashes. +* +* @param string $errfile	Absolute file path +*							(e.g. /var/www/phpbb3/phpBB/includes/functions.php) +*							Please note that if $errfile is outside of the phpBB root, +*							the root path will not be found and can not be filtered. +* @return string			Relative file path +*							(e.g. /includes/functions.php) +*/ +function phpbb_filter_root_path($errfile) +{ +	static $root_path; + +	if (empty($root_path)) +	{ +		$root_path = phpbb_realpath(dirname(__FILE__) . '/../'); +	} + +	return str_replace(array($root_path, '\\'), array('[ROOT]', '/'), $errfile); +} + +/**  * Queries the session table to get information about online guests  * @param int $item_id Limits the search to the item with this id  * @param string $item The name of the item which is stored in the session table as session_{$item}_id @@ -4208,7 +4360,7 @@ function phpbb_http_login($param)  	if (!is_null($username) && is_null($password) && strpos($username, 'Basic ') === 0)  	{  		list($username, $password) = explode(':', base64_decode(substr($username, 6)), 2); -    } +	}  	if (!is_null($username) && !is_null($password))  	{ @@ -4246,7 +4398,7 @@ function phpbb_http_login($param)  */  function page_header($page_title = '', $display_online_list = true, $item_id = 0, $item = 'forum')  { -	global $db, $config, $template, $SID, $_SID, $user, $auth, $phpEx, $phpbb_root_path; +	global $db, $config, $template, $SID, $_SID, $_EXTRA_URL, $user, $auth, $phpEx, $phpbb_root_path;  	if (defined('HEADER_INC'))  	{ @@ -4258,7 +4410,21 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0  	// gzip_compression  	if ($config['gzip_compress'])  	{ -		if (@extension_loaded('zlib') && !headers_sent()) +		// to avoid partially compressed output resulting in blank pages in +		// the browser or error messages, compression is disabled in a few cases: +		// +		// 1) if headers have already been sent, this indicates plaintext output +		//    has been started so further content must not be compressed +		// 2) the length of the current output buffer is non-zero. This means +		//    there is already some uncompressed content in this output buffer +		//    so further output must not be compressed +		// 3) if more than one level of output buffering is used because we +		//    cannot test all output buffer level content lengths. One level +		//    could be caused by php.ini output_buffering. Anything +		//    beyond that is manual, so the code wrapping phpBB in output buffering +		//    can easily compress the output itself. +		// +		if (@extension_loaded('zlib') && !headers_sent() && ob_get_level() <= 1 && ob_get_length() == 0)  		{  			ob_start('ob_gzhandler');  		} @@ -4379,6 +4545,21 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0  		$user_lang = substr($user_lang, 0, strpos($user_lang, '-x-'));  	} +	$s_search_hidden_fields = array(); +	if ($_SID) +	{ +		$s_search_hidden_fields['sid'] = $_SID; +	} + +	if (!empty($_EXTRA_URL)) +	{ +		foreach ($_EXTRA_URL as $url_param) +		{ +			$url_param = explode('=', $url_param, 2); +			$s_search_hidden_fields[$url_param[0]] = $url_param[1]; +		} +	} +  	// The following assigns all _common_ variables that may be used at any point in a template.  	$template->assign_vars(array(  		'SITENAME'						=> $config['sitename'], @@ -4468,11 +4649,13 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0  		'S_LOAD_UNREADS'			=> ($config['load_unreads_search'] && ($config['load_anon_lastread'] || $user->data['is_registered'])) ? true : false, -		'T_THEME_PATH'			=> "{$web_path}styles/" . $user->theme['theme_path'] . '/theme', -		'T_TEMPLATE_PATH'		=> "{$web_path}styles/" . $user->theme['template_path'] . '/template', -		'T_SUPER_TEMPLATE_PATH'	=> (isset($user->theme['template_inherit_path']) && $user->theme['template_inherit_path']) ? "{$web_path}styles/" . $user->theme['template_inherit_path'] . '/template' : "{$web_path}styles/" . $user->theme['template_path'] . '/template', -		'T_IMAGESET_PATH'		=> "{$web_path}styles/" . $user->theme['imageset_path'] . '/imageset', -		'T_IMAGESET_LANG_PATH'	=> "{$web_path}styles/" . $user->theme['imageset_path'] . '/imageset/' . $user->data['user_lang'], +		'S_SEARCH_HIDDEN_FIELDS'	=> build_hidden_fields($s_search_hidden_fields), + +		'T_THEME_PATH'			=> "{$web_path}styles/" . rawurlencode($user->theme['theme_path']) . '/theme', +		'T_TEMPLATE_PATH'		=> "{$web_path}styles/" . rawurlencode($user->theme['template_path']) . '/template', +		'T_SUPER_TEMPLATE_PATH'	=> (isset($user->theme['template_inherit_path']) && $user->theme['template_inherit_path']) ? "{$web_path}styles/" . rawurlencode($user->theme['template_inherit_path']) . '/template' : "{$web_path}styles/" . rawurlencode($user->theme['template_path']) . '/template', +		'T_IMAGESET_PATH'		=> "{$web_path}styles/" . rawurlencode($user->theme['imageset_path']) . '/imageset', +		'T_IMAGESET_LANG_PATH'	=> "{$web_path}styles/" . rawurlencode($user->theme['imageset_path']) . '/imageset/' . $user->lang_name,  		'T_IMAGES_PATH'			=> "{$web_path}images/",  		'T_SMILIES_PATH'		=> "{$web_path}{$config['smilies_path']}/",  		'T_AVATAR_PATH'			=> "{$web_path}{$config['avatar_path']}/", @@ -4480,13 +4663,13 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0  		'T_ICONS_PATH'			=> "{$web_path}{$config['icons_path']}/",  		'T_RANKS_PATH'			=> "{$web_path}{$config['ranks_path']}/",  		'T_UPLOAD_PATH'			=> "{$web_path}{$config['upload_path']}/", -		'T_STYLESHEET_LINK'		=> (!$user->theme['theme_storedb']) ? "{$web_path}styles/" . $user->theme['theme_path'] . '/theme/stylesheet.css' : append_sid("{$phpbb_root_path}style.$phpEx", 'id=' . $user->theme['style_id'] . '&lang=' . $user->data['user_lang']), +		'T_STYLESHEET_LINK'		=> (!$user->theme['theme_storedb']) ? "{$web_path}styles/" . rawurlencode($user->theme['theme_path']) . '/theme/stylesheet.css' : append_sid("{$phpbb_root_path}style.$phpEx", 'id=' . $user->theme['style_id'] . '&lang=' . $user->lang_name),  		'T_STYLESHEET_NAME'		=> $user->theme['theme_name'], -		'T_THEME_NAME'			=> $user->theme['theme_path'], -		'T_TEMPLATE_NAME'		=> $user->theme['template_path'], -		'T_SUPER_TEMPLATE_NAME'	=> (isset($user->theme['template_inherit_path']) && $user->theme['template_inherit_path']) ? $user->theme['template_inherit_path'] : $user->theme['template_path'], -		'T_IMAGESET_NAME'		=> $user->theme['imageset_path'], +		'T_THEME_NAME'			=> rawurlencode($user->theme['theme_path']), +		'T_TEMPLATE_NAME'		=> rawurlencode($user->theme['template_path']), +		'T_SUPER_TEMPLATE_NAME'	=> rawurlencode((isset($user->theme['template_inherit_path']) && $user->theme['template_inherit_path']) ? $user->theme['template_inherit_path'] : $user->theme['template_path']), +		'T_IMAGESET_NAME'		=> rawurlencode($user->theme['imageset_path']),  		'T_IMAGESET_LANG_NAME'	=> $user->data['user_lang'],  		'T_IMAGES'				=> 'images',  		'T_SMILIES'				=> $config['smilies_path'], @@ -4508,6 +4691,12 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0  	header('Expires: 0');  	header('Pragma: no-cache'); +	if (!empty($user->data['is_bot'])) +	{ +		// Let reverse proxies know we detected a bot. +		header('X-PHPBB-IS-BOT: yes'); +	} +  	return;  } @@ -4552,13 +4741,14 @@ function page_footer($run_cron = true)  	$template->assign_vars(array(  		'DEBUG_OUTPUT'			=> (defined('DEBUG')) ? $debug_output : '',  		'TRANSLATION_INFO'		=> (!empty($user->lang['TRANSLATION_INFO'])) ? $user->lang['TRANSLATION_INFO'] : '', +		'CREDIT_LINE'			=> $user->lang('POWERED_BY', '<a href="http://www.phpbb.com/">phpBB</a>® Forum Software © phpBB Group'),  		'U_ACP' => ($auth->acl_get('a_') && !empty($user->data['is_registered'])) ? append_sid("{$phpbb_root_path}adm/index.$phpEx", false, true, $user->session_id) : '')  	);  	// Call cron-type script  	$call_cron = false; -	if (!defined('IN_CRON') && $run_cron && !$config['board_disable']) +	if (!defined('IN_CRON') && $run_cron && !$config['board_disable'] && !$user->data['is_bot'])  	{  		$call_cron = true;  		$time_now = (!empty($user->time_now) && is_int($user->time_now)) ? $user->time_now : time(); @@ -4662,7 +4852,7 @@ function exit_handler()  	}  	// As a pre-caution... some setups display a blank page if the flush() is not there. -	(empty($config['gzip_compress'])) ? @flush() : @ob_flush(); +	(ob_get_level() > 0) ? @ob_flush() : @flush();  	exit;  } diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php index 2aa12adb2e..204fa9a43d 100644 --- a/phpBB/includes/functions_admin.php +++ b/phpBB/includes/functions_admin.php @@ -2294,41 +2294,6 @@ function auto_prune($forum_id, $prune_mode, $prune_flags, $prune_days, $prune_fr  }  /** -* remove_comments will strip the sql comment lines out of an uploaded sql file -* specifically for mssql and postgres type files in the install.... -*/ -function remove_comments(&$output) -{ -	$lines = explode("\n", $output); -	$output = ''; - -	// try to keep mem. use down -	$linecount = sizeof($lines); - -	$in_comment = false; -	for ($i = 0; $i < $linecount; $i++) -	{ -		if (trim($lines[$i]) == '/*') -		{ -			$in_comment = true; -		} - -		if (!$in_comment) -		{ -			$output .= $lines[$i] . "\n"; -		} - -		if (trim($lines[$i]) == '*/') -		{ -			$in_comment = false; -		} -	} - -	unset($lines); -	return $output; -} - -/**  * Cache moderators, called whenever permissions are changed via admin_permissions. Changes of username  * and group names must be carried through for the moderators table  */ @@ -2506,6 +2471,7 @@ function cache_moderators()  /**  * View log +* If $log_count is set to false, we will skip counting all entries in the database.  */  function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id = 0, $topic_id = 0, $user_id = 0, $limit_days = 0, $sort_by = 'l.log_time DESC', $keywords = '')  { @@ -2591,7 +2557,37 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id  		{  			$sql_keywords .= $db->sql_in_set('l.log_operation', $operations) . ' OR ';  		} -		$sql_keywords .= 'LOWER(l.log_data) ' . implode(' OR LOWER(l.log_data) ', $keywords) . ')'; +		$sql_lower = $db->sql_lower_text('l.log_data'); +		$sql_keywords .= "$sql_lower " . implode(" OR $sql_lower ", $keywords) . ')'; +	} + +	if ($log_count !== false) +	{ +		$sql = 'SELECT COUNT(l.log_id) AS total_entries +			FROM ' . LOG_TABLE . ' l, ' . USERS_TABLE . " u +			WHERE l.log_type = $log_type +				AND l.user_id = u.user_id +				AND l.log_time >= $limit_days +				$sql_keywords +				$sql_forum"; +		$result = $db->sql_query($sql); +		$log_count = (int) $db->sql_fetchfield('total_entries'); +		$db->sql_freeresult($result); +	} + +	// $log_count may be false here if false was passed in for it, +	// because in this case we did not run the COUNT() query above. +	// If we ran the COUNT() query and it returned zero rows, return; +	// otherwise query for logs below. +	if ($log_count === 0) +	{ +		// Save the queries, because there are no logs to display +		return 0; +	} + +	if ($offset >= $log_count) +	{ +		$offset = ($offset - $limit < 0) ? 0 : $offset - $limit;  	}  	$sql = "SELECT l.*, u.username, u.username_clean, u.user_colour @@ -2761,18 +2757,7 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id  		}  	} -	$sql = 'SELECT COUNT(l.log_id) AS total_entries -		FROM ' . LOG_TABLE . ' l, ' . USERS_TABLE . " u -		WHERE l.log_type = $log_type -			AND l.user_id = u.user_id -			AND l.log_time >= $limit_days -			$sql_keywords -			$sql_forum"; -	$result = $db->sql_query($sql); -	$log_count = (int) $db->sql_fetchfield('total_entries'); -	$db->sql_freeresult($result); - -	return; +	return $offset;  }  /** @@ -2904,6 +2889,12 @@ function view_inactive_users(&$users, &$user_count, $limit = 0, $offset = 0, $li  	$user_count = (int) $db->sql_fetchfield('user_count');  	$db->sql_freeresult($result); +	if ($user_count == 0) +	{ +		// Save the queries, because there are no users to display +		return 0; +	} +  	if ($offset >= $user_count)  	{  		$offset = ($offset - $limit < 0) ? 0 : $offset - $limit; @@ -3109,7 +3100,7 @@ function get_database_size()  /**  * Retrieve contents from remotely stored file  */ -function get_remote_file($host, $directory, $filename, &$errstr, &$errno, $port = 80, $timeout = 10) +function get_remote_file($host, $directory, $filename, &$errstr, &$errno, $port = 80, $timeout = 6)  {  	global $user; @@ -3119,6 +3110,9 @@ function get_remote_file($host, $directory, $filename, &$errstr, &$errno, $port  		@fputs($fsock, "HOST: $host\r\n");  		@fputs($fsock, "Connection: close\r\n\r\n"); +		$timer_stop = time() + $timeout; +		stream_set_timeout($fsock, $timeout); +  		$file_info = '';  		$get_info = false; @@ -3141,6 +3135,14 @@ function get_remote_file($host, $directory, $filename, &$errstr, &$errno, $port  					return false;  				}  			} + +			$stream_meta_data = stream_get_meta_data($fsock); + +			if (!empty($stream_meta_data['timed_out']) || time() >= $timer_stop) +			{ +				$errstr = $user->lang['FSOCK_TIMEOUT']; +				return false; +			}  		}  		@fclose($fsock);  	} diff --git a/phpBB/includes/functions_content.php b/phpBB/includes/functions_content.php index faff9dd0de..b7650ecd6a 100644 --- a/phpBB/includes/functions_content.php +++ b/phpBB/includes/functions_content.php @@ -1107,7 +1107,7 @@ function extension_allowed($forum_id, $extension, &$extensions)  * @param int $max_length Maximum length of string (multibyte character count as 1 char / Html entity count as 1 char)  * @param int $max_store_length Maximum character length of string (multibyte character count as 1 char / Html entity count as entity chars).  * @param bool $allow_reply Allow Re: in front of string  -* 	NOTE: This parameter can cause undesired behavior (returning strings longer than $max_store_legnth) and is deprecated.  +* 	NOTE: This parameter can cause undesired behavior (returning strings longer than $max_store_length) and is deprecated.   * @param string $append String to be appended  */  function truncate_string($string, $max_length = 60, $max_store_length = 255, $allow_reply = false, $append = '') diff --git a/phpBB/includes/functions_convert.php b/phpBB/includes/functions_convert.php index 9e26043b39..3b26f417e9 100644 --- a/phpBB/includes/functions_convert.php +++ b/phpBB/includes/functions_convert.php @@ -424,7 +424,8 @@ function import_avatar_gallery($gallery_name = '', $subdirs_as_galleries = false  	$relative_path = empty($convert->convertor['source_path_absolute']); -	if (empty($convert->convertor['avatar_gallery_path'])) +	// check for trailing slash +	if (rtrim($convert->convertor['avatar_gallery_path'], '/') === '')  	{  		$convert->p_master->error(sprintf($user->lang['CONV_ERROR_NO_GALLERY_PATH'], 'import_avatar_gallery()'), __LINE__, __FILE__);  	} @@ -588,7 +589,8 @@ function import_attachment($source, $use_target = false)  	global $convert, $phpbb_root_path, $config, $user; -	if (empty($convert->convertor['upload_path'])) +	// check for trailing slash +	if (rtrim($convert->convertor['upload_path'], '/') === '')  	{  		$convert->p_master->error(sprintf($user->lang['CONV_ERROR_NO_UPLOAD_DIR'], 'import_attachment()'), __LINE__, __FILE__);  	} @@ -647,7 +649,8 @@ function import_smiley($source, $use_target = false)  	global $convert, $phpbb_root_path, $config, $user; -	if (!isset($convert->convertor['smilies_path'])) +	// check for trailing slash +	if (rtrim($convert->convertor['smilies_path'], '/') === '')  	{  		$convert->p_master->error(sprintf($user->lang['CONV_ERROR_NO_SMILIES_PATH'], 'import_smiley()'), __LINE__, __FILE__);  	} @@ -667,7 +670,8 @@ function import_avatar($source, $use_target = false, $user_id = false)  	global $convert, $phpbb_root_path, $config, $user; -	if (!isset($convert->convertor['avatar_path'])) +	// check for trailing slash +	if (rtrim($convert->convertor['avatar_path'], '/') === '')  	{  		$convert->p_master->error(sprintf($user->lang['CONV_ERROR_NO_AVATAR_PATH'], 'import_avatar()'), __LINE__, __FILE__);  	} @@ -1816,6 +1820,7 @@ function add_bots()  		'Alta Vista [Bot]'			=> array('Scooter/', ''),  		'Ask Jeeves [Bot]'			=> array('Ask Jeeves', ''),  		'Baidu [Spider]'			=> array('Baiduspider+(', ''), +		'Bing [Bot]'				=> array('bingbot/', ''),  		'Exabot [Bot]'				=> array('Exabot/', ''),  		'FAST Enterprise [Crawler]'	=> array('FAST Enterprise Crawler', ''),  		'FAST WebCrawler [Crawler]'	=> array('FAST-WebCrawler/', ''), diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php index 2de7e1b169..ee7048638d 100644 --- a/phpBB/includes/functions_display.php +++ b/phpBB/includes/functions_display.php @@ -51,6 +51,27 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod  		$sql_where = 'left_id > ' . $root_data['left_id'] . ' AND left_id < ' . $root_data['right_id'];  	} +	// Handle marking everything read +	if ($mark_read == 'all') +	{ +		$redirect = build_url(array('mark', 'hash')); +		meta_refresh(3, $redirect); + +		if (check_link_hash(request_var('hash', ''), 'global')) +		{ +			markread('all'); + +			trigger_error( +				$user->lang['FORUMS_MARKED'] . '<br /><br />' . +				sprintf($user->lang['RETURN_INDEX'], '<a href="' . $redirect . '">', '</a>') +			); +		} +		else +		{ +			trigger_error(sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>')); +		} +	} +  	// Display list of active topics for this category?  	$show_active = (isset($root_data['forum_flags']) && ($root_data['forum_flags'] & FORUM_FLAG_ACTIVE_TOPICS)) ? true : false; @@ -120,13 +141,14 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod  		$forum_id = $row['forum_id'];  		// Mark forums read? -		if ($mark_read == 'forums' || $mark_read == 'all') +		if ($mark_read == 'forums')  		{  			if ($auth->acl_get('f_list', $forum_id))  			{  				$forum_ids[] = $forum_id; -				continue;  			} + +			continue;  		}  		// Category with no members @@ -152,8 +174,6 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod  			continue;  		} -		$forum_ids[] = $forum_id; -  		if ($config['load_db_lastread'] && $user->data['is_registered'])  		{  			$forum_tracking_info[$forum_id] = (!empty($row['mark_time'])) ? $row['mark_time'] : $user->data['user_lastmark']; @@ -255,24 +275,16 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod  	$db->sql_freeresult($result);  	// Handle marking posts -	if ($mark_read == 'forums' || $mark_read == 'all') +	if ($mark_read == 'forums')  	{  		$redirect = build_url(array('mark', 'hash'));  		$token = request_var('hash', '');  		if (check_link_hash($token, 'global'))  		{ -			if ($mark_read == 'all') -			{ -				markread('all'); -				$message = sprintf($user->lang['RETURN_INDEX'], '<a href="' . $redirect . '">', '</a>'); -			} -			else -			{ -				// Add 0 to forums array to mark global announcements correctly -				$forum_ids[] = 0; -				markread('topics', $forum_ids); -				$message = sprintf($user->lang['RETURN_FORUM'], '<a href="' . $redirect . '">', '</a>'); -			} +			// Add 0 to forums array to mark global announcements correctly +			$forum_ids[] = 0; +			markread('topics', $forum_ids); +			$message = sprintf($user->lang['RETURN_FORUM'], '<a href="' . $redirect . '">', '</a>');  			meta_refresh(3, $redirect);  			trigger_error($user->lang['FORUMS_MARKED'] . '<br /><br />' . $message);  		} @@ -453,10 +465,11 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod  			'S_NO_CAT'			=> $catless && !$last_catless,  			'S_IS_LINK'			=> ($row['forum_type'] == FORUM_LINK) ? true : false,  			'S_UNREAD_FORUM'	=> $forum_unread, +			'S_AUTH_READ'		=> $auth->acl_get('f_read', $row['forum_id']),  			'S_LOCKED_FORUM'	=> ($row['forum_status'] == ITEM_LOCKED) ? true : false,  			'S_LIST_SUBFORUMS'	=> ($row['display_subforum_list']) ? true : false,  			'S_SUBFORUMS'		=> (sizeof($subforums_list)) ? true : false, -			'S_FEED_ENABLED'	=> ($config['feed_forum'] && !phpbb_optionget(FORUM_OPTION_FEED_EXCLUDE, $row['forum_options'])) ? true : false, +			'S_FEED_ENABLED'	=> ($config['feed_forum'] && !phpbb_optionget(FORUM_OPTION_FEED_EXCLUDE, $row['forum_options']) && $row['forum_type'] == FORUM_POST) ? true : false,  			'FORUM_ID'				=> $row['forum_id'],  			'FORUM_NAME'			=> $row['forum_name'], @@ -477,7 +490,6 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod  			'SUBFORUMS'				=> $s_subforums_list,  			'L_SUBFORUM_STR'		=> $l_subforums, -			'L_FORUM_FOLDER_ALT'	=> $folder_alt,  			'L_MODERATOR_STR'		=> $l_moderator,  			'U_UNAPPROVED_TOPICS'	=> ($row['forum_id_unapproved_topics']) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&mode=unapproved_topics&f=' . $row['forum_id_unapproved_topics']) : '', @@ -663,7 +675,7 @@ function topic_generate_pagination($replies, $url)  			$pagination .= '<a href="' . $url . ($j == 0 ? '' : '&start=' . $j) . '">' . $times . '</a>';  			if ($times == 1 && $total_pages > 5)  			{ -				$pagination .= ' ... '; +				$pagination .= '<span class="page-dots"> ... </span>';  				// Display the last three pages  				$times = $total_pages - 3; @@ -997,13 +1009,17 @@ function display_user_activity(&$userdata)  	}  	// Obtain active topic +	// We need to exclude passworded forums here so we do not leak the topic title +	$forum_ary_topic = array_unique(array_merge($forum_ary, $user->get_passworded_forums())); +	$forum_sql_topic = (!empty($forum_ary_topic)) ? 'AND ' . $db->sql_in_set('forum_id', $forum_ary_topic, true) : ''; +  	$sql = 'SELECT topic_id, COUNT(post_id) AS num_posts  		FROM ' . POSTS_TABLE . '  		WHERE poster_id = ' . $userdata['user_id'] . "  			AND post_postcount = 1  			AND (post_approved = 1  				$sql_m_approve) -			$forum_sql +			$forum_sql_topic  		GROUP BY topic_id  		ORDER BY num_posts DESC";  	$result = $db->sql_query_limit($sql, 1); @@ -1059,7 +1075,7 @@ function display_user_activity(&$userdata)  /**  * Topic and forum watching common code  */ -function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id, $notify_status = 'unset', $start = 0) +function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id, $notify_status = 'unset', $start = 0, $item_title = '')  {  	global $template, $db, $user, $phpEx, $start, $phpbb_root_path; @@ -1068,6 +1084,7 @@ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id,  	$match_id = ($mode == 'forum') ? $forum_id : $topic_id;  	$u_url = "uid={$user->data['user_id']}";  	$u_url .= ($mode == 'forum') ? '&f' : '&f=' . $forum_id . '&t'; +	$is_watching = 0;  	// Is user watching this thread?  	if ($user_id != ANONYMOUS) @@ -1092,28 +1109,51 @@ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id,  			if (isset($_GET['unwatch']))  			{  				$uid = request_var('uid', 0); -				if ($uid != $user_id) -				{ -					$redirect_url = append_sid("{$phpbb_root_path}view$mode.$phpEx", "$u_url=$match_id&start=$start"); -					$message = $user->lang['ERR_UNWATCHING'] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>'); -					trigger_error($message); -				} -				if ($_GET['unwatch'] == $mode) +				$token = request_var('hash', ''); + +				if ($token && check_link_hash($token, "{$mode}_$match_id") || confirm_box(true))  				{ -					$is_watching = 0; +					if ($uid != $user_id || $_GET['unwatch'] != $mode) +					{ +						$redirect_url = append_sid("{$phpbb_root_path}view$mode.$phpEx", "$u_url=$match_id&start=$start"); +						$message = $user->lang['ERR_UNWATCHING'] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>'); +						trigger_error($message); +					}  					$sql = 'DELETE FROM ' . $table_sql . "  						WHERE $where_sql = $match_id  							AND user_id = $user_id";  					$db->sql_query($sql); -				} - -				$redirect_url = append_sid("{$phpbb_root_path}view$mode.$phpEx", "$u_url=$match_id&start=$start"); -				meta_refresh(3, $redirect_url); +					$redirect_url = append_sid("{$phpbb_root_path}view$mode.$phpEx", "$u_url=$match_id&start=$start"); +					$message = $user->lang['NOT_WATCHING_' . strtoupper($mode)] . '<br /><br />'; +					$message .= sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>'); +					meta_refresh(3, $redirect_url); +					trigger_error($message); +				} +				else +				{ +					$s_hidden_fields = array( +						'uid'		=> $user->data['user_id'], +						'unwatch'	=> $mode, +						'start'		=> $start, +						'f'			=> $forum_id, +					); +					if ($mode != 'forum') +					{ +						$s_hidden_fields['t'] = $topic_id; +					} -				$message = $user->lang['NOT_WATCHING_' . strtoupper($mode)] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>'); -				trigger_error($message); +					if ($item_title == '') +					{ +						$confirm_box_message = 'UNWATCH_' . strtoupper($mode); +					} +					else +					{ +						$confirm_box_message = $user->lang('UNWATCH_' . strtoupper($mode) . '_DETAILED', $item_title); +					} +					confirm_box(false, $confirm_box_message, build_hidden_fields($s_hidden_fields)); +				}  			}  			else  			{ @@ -1133,26 +1173,45 @@ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id,  		{  			if (isset($_GET['watch']))  			{ +				$uid = request_var('uid', 0);  				$token = request_var('hash', ''); -				$redirect_url = append_sid("{$phpbb_root_path}view$mode.$phpEx", "$u_url=$match_id&start=$start"); -				if ($_GET['watch'] == $mode && check_link_hash($token, "{$mode}_$match_id")) +				if ($token && check_link_hash($token, "{$mode}_$match_id") || confirm_box(true))  				{ +					if ($uid != $user_id || $_GET['watch'] != $mode) +					{ +						$redirect_url = append_sid("{$phpbb_root_path}view$mode.$phpEx", "$u_url=$match_id&start=$start"); +						$message = $user->lang['ERR_WATCHING'] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>'); +						trigger_error($message); +					} +  					$is_watching = true;  					$sql = 'INSERT INTO ' . $table_sql . " (user_id, $where_sql, notify_status)  						VALUES ($user_id, $match_id, " . NOTIFY_YES . ')';  					$db->sql_query($sql); + +					$redirect_url = append_sid("{$phpbb_root_path}view$mode.$phpEx", "$u_url=$match_id&start=$start");  					$message = $user->lang['ARE_WATCHING_' . strtoupper($mode)] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>'); +					meta_refresh(3, $redirect_url); +					trigger_error($message);  				}  				else  				{ -					$message = $user->lang['ERR_WATCHING'] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>'); -				} - -				meta_refresh(3, $redirect_url); +					$s_hidden_fields = array( +						'uid'		=> $user->data['user_id'], +						'watch'		=> $mode, +						'start'		=> $start, +						'f'			=> $forum_id, +					); +					if ($mode != 'forum') +					{ +						$s_hidden_fields['t'] = $topic_id; +					} -				trigger_error($message); +					$confirm_box_message = (($item_title == '') ? 'WATCH_' . strtoupper($mode) : $user->lang('WATCH_' . strtoupper($mode) . '_DETAILED', $item_title)); +					confirm_box(false, $confirm_box_message, build_hidden_fields($s_hidden_fields)); +				}  			}  			else  			{ @@ -1162,7 +1221,7 @@ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id,  	}  	else  	{ -		if (isset($_GET['unwatch']) && $_GET['unwatch'] == $mode) +		if ((isset($_GET['unwatch']) && $_GET['unwatch'] == $mode) || (isset($_GET['watch']) && $_GET['watch'] == $mode))  		{  			login_box();  		} diff --git a/phpBB/includes/functions_install.php b/phpBB/includes/functions_install.php index 992e8d6bb0..9e9c48ff58 100644 --- a/phpBB/includes/functions_install.php +++ b/phpBB/includes/functions_install.php @@ -50,7 +50,6 @@ function get_available_dbms($dbms = false, $return_unavailable = false, $only_20  			'SCHEMA'		=> 'firebird',  			'MODULE'		=> 'interbase',  			'DELIM'			=> ';;', -			'COMMENTS'		=> 'remove_remarks',  			'DRIVER'		=> 'firebird',  			'AVAILABLE'		=> true,  			'2.0.x'			=> false, @@ -60,7 +59,6 @@ function get_available_dbms($dbms = false, $return_unavailable = false, $only_20  			'SCHEMA'		=> 'mysql_41',  			'MODULE'		=> 'mysqli',  			'DELIM'			=> ';', -			'COMMENTS'		=> 'remove_remarks',  			'DRIVER'		=> 'mysqli',  			'AVAILABLE'		=> true,  			'2.0.x'			=> true, @@ -70,7 +68,6 @@ function get_available_dbms($dbms = false, $return_unavailable = false, $only_20  			'SCHEMA'		=> 'mysql',  			'MODULE'		=> 'mysql',  			'DELIM'			=> ';', -			'COMMENTS'		=> 'remove_remarks',  			'DRIVER'		=> 'mysql',  			'AVAILABLE'		=> true,  			'2.0.x'			=> true, @@ -80,7 +77,6 @@ function get_available_dbms($dbms = false, $return_unavailable = false, $only_20  			'SCHEMA'		=> 'mssql',  			'MODULE'		=> 'mssql',  			'DELIM'			=> 'GO', -			'COMMENTS'		=> 'remove_comments',  			'DRIVER'		=> 'mssql',  			'AVAILABLE'		=> true,  			'2.0.x'			=> true, @@ -90,7 +86,6 @@ function get_available_dbms($dbms = false, $return_unavailable = false, $only_20  			'SCHEMA'		=> 'mssql',  			'MODULE'		=> 'odbc',  			'DELIM'			=> 'GO', -			'COMMENTS'		=> 'remove_comments',  			'DRIVER'		=> 'mssql_odbc',  			'AVAILABLE'		=> true,  			'2.0.x'			=> true, @@ -100,7 +95,6 @@ function get_available_dbms($dbms = false, $return_unavailable = false, $only_20  			'SCHEMA'		=> 'mssql',  			'MODULE'		=> 'sqlsrv',  			'DELIM'			=> 'GO', -			'COMMENTS'		=> 'remove_comments',  			'DRIVER'		=> 'mssqlnative',  			'AVAILABLE'		=> true,  			'2.0.x'			=> false, @@ -110,7 +104,6 @@ function get_available_dbms($dbms = false, $return_unavailable = false, $only_20  			'SCHEMA'		=> 'oracle',  			'MODULE'		=> 'oci8',  			'DELIM'			=> '/', -			'COMMENTS'		=> 'remove_comments',  			'DRIVER'		=> 'oracle',  			'AVAILABLE'		=> true,  			'2.0.x'			=> false, @@ -120,7 +113,6 @@ function get_available_dbms($dbms = false, $return_unavailable = false, $only_20  			'SCHEMA'		=> 'postgres',  			'MODULE'		=> 'pgsql',  			'DELIM'			=> ';', -			'COMMENTS'		=> 'remove_comments',  			'DRIVER'		=> 'postgres',  			'AVAILABLE'		=> true,  			'2.0.x'			=> true, @@ -130,7 +122,6 @@ function get_available_dbms($dbms = false, $return_unavailable = false, $only_20  			'SCHEMA'		=> 'sqlite',  			'MODULE'		=> 'sqlite',  			'DELIM'			=> ';', -			'COMMENTS'		=> 'remove_remarks',  			'DRIVER'		=> 'sqlite',  			'AVAILABLE'		=> true,  			'2.0.x'			=> false, @@ -211,61 +202,20 @@ function dbms_select($default = '', $only_20x_options = false)  /**  * Get tables of a database +* +* @deprecated  */ -function get_tables($db) +function get_tables(&$db)  { -	switch ($db->sql_layer) +	if (!class_exists('phpbb_db_tools'))  	{ -		case 'mysql': -		case 'mysql4': -		case 'mysqli': -			$sql = 'SHOW TABLES'; -		break; - -		case 'sqlite': -			$sql = 'SELECT name -				FROM sqlite_master -				WHERE type = "table"'; -		break; - -		case 'mssql': -		case 'mssql_odbc': -		case 'mssqlnative': -			$sql = "SELECT name -				FROM sysobjects -				WHERE type='U'"; -		break; - -		case 'postgres': -			$sql = 'SELECT relname -				FROM pg_stat_user_tables'; -		break; - -		case 'firebird': -			$sql = 'SELECT rdb$relation_name -				FROM rdb$relations -				WHERE rdb$view_source is null -					AND rdb$system_flag = 0'; -		break; - -		case 'oracle': -			$sql = 'SELECT table_name -				FROM USER_TABLES'; -		break; +		global $phpbb_root_path, $phpEx; +		require($phpbb_root_path . 'includes/db/db_tools.' . $phpEx);  	} -	$result = $db->sql_query($sql); +	$db_tools = new phpbb_db_tools($db); -	$tables = array(); - -	while ($row = $db->sql_fetchrow($result)) -	{ -		$tables[] = current($row); -	} - -	$db->sql_freeresult($result); - -	return $tables; +	return $db_tools->sql_list_tables();  }  /** @@ -514,11 +464,17 @@ function connect_check_db($error_connect, &$error, $dbms_details, $table_prefix,  }  /** -* remove_remarks will strip the sql comment lines out of an uploaded sql file +* Removes comments from schema files  */ -function remove_remarks(&$sql) +function remove_comments($sql)  { +	// Remove /* */ comments (http://ostermiller.org/findcomment.html) +	$sql = preg_replace('#/\*(.|[\r\n])*?\*/#', "\n", $sql); + +	// Remove # style comments  	$sql = preg_replace('/\n{2,}/', "\n", preg_replace('/^#.*$/m', "\n", $sql)); + +	return $sql;  }  /** @@ -556,4 +512,54 @@ function adjust_language_keys_callback($matches)  	}  } +/** +* Creates the output to be stored in a phpBB config.php file +* +* @param	array	$data Array containing the database connection information +* @param	string	$dbms The name of the DBAL class to use +* @param	array	$load_extensions Array of additional extensions that should be loaded +* @param	bool	$debug If the debug constants should be enabled by default or not +* +* @return	string	The output to write to the file +*/ +function phpbb_create_config_file_data($data, $dbms, $load_extensions, $debug = false) +{ +	$load_extensions = implode(',', $load_extensions); + +	$config_data = "<?php\n"; +	$config_data .= "// phpBB 3.0.x auto-generated configuration file\n// Do not change anything in this file!\n"; + +	$config_data_array = array( +		'dbms'			=> $dbms, +		'dbhost'		=> $data['dbhost'], +		'dbport'		=> $data['dbport'], +		'dbname'		=> $data['dbname'], +		'dbuser'		=> $data['dbuser'], +		'dbpasswd'		=> htmlspecialchars_decode($data['dbpasswd']), +		'table_prefix'	=> $data['table_prefix'], +		'acm_type'		=> 'file', +		'load_extensions'	=> $load_extensions, +	); + +	foreach ($config_data_array as $key => $value) +	{ +		$config_data .= "\${$key} = '" . str_replace("'", "\\'", str_replace('\\', '\\\\', $value)) . "';\n"; +	} + +	$config_data .= "\n@define('PHPBB_INSTALLED', true);\n"; + +	if ($debug) +	{ +		$config_data .= "@define('DEBUG', true);\n"; +		$config_data .= "@define('DEBUG_EXTRA', true);\n"; +	} +	else +	{ +		$config_data .= "// @define('DEBUG', true);\n"; +		$config_data .= "// @define('DEBUG_EXTRA', true);\n"; +	} + +	return $config_data; +} +  ?>
\ No newline at end of file diff --git a/phpBB/includes/functions_messenger.php b/phpBB/includes/functions_messenger.php index b5c87094c0..6549693333 100644 --- a/phpBB/includes/functions_messenger.php +++ b/phpBB/includes/functions_messenger.php @@ -163,6 +163,22 @@ class messenger  	}  	/** +	* Adds X-AntiAbuse headers +	* +	* @param array $config		Configuration array +	* @param user $user			A user object +	* +	* @return null +	*/ +	function anti_abuse_headers($config, $user) +	{ +		$this->headers('X-AntiAbuse: Board servername - ' . mail_encode($config['server_name'])); +		$this->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']); +		$this->headers('X-AntiAbuse: Username - ' . mail_encode($user->data['username'])); +		$this->headers('X-AntiAbuse: User IP - ' . $user->ip); +	} + +	/**  	* Set the email priority  	*/  	function set_mail_priority($priority = MAIL_NORMAL_PRIORITY) @@ -552,7 +568,7 @@ class messenger  		if (!$use_queue)  		{  			include_once($phpbb_root_path . 'includes/functions_jabber.' . $phpEx); -			$this->jabber = new jabber($config['jab_host'], $config['jab_port'], $config['jab_username'], $config['jab_password'], $config['jab_use_ssl']); +			$this->jabber = new jabber($config['jab_host'], $config['jab_port'], $config['jab_username'], htmlspecialchars_decode($config['jab_password']), $config['jab_use_ssl']);  			if (!$this->jabber->connect())  			{ @@ -753,7 +769,7 @@ class queue  					}  					include_once($phpbb_root_path . 'includes/functions_jabber.' . $phpEx); -					$this->jabber = new jabber($config['jab_host'], $config['jab_port'], $config['jab_username'], $config['jab_password'], $config['jab_use_ssl']); +					$this->jabber = new jabber($config['jab_host'], $config['jab_port'], $config['jab_username'], htmlspecialchars_decode($config['jab_password']), $config['jab_use_ssl']);  					if (!$this->jabber->connect())  					{ @@ -975,9 +991,16 @@ function smtpmail($addresses, $subject, $message, &$err_msg, $headers = false)  	$smtp->add_backtrace('Connecting to ' . $config['smtp_host'] . ':' . $config['smtp_port']);  	// Ok we have error checked as much as we can to this point let's get on it already. -	ob_start(); +	if (!class_exists('phpbb_error_collector')) +	{ +		global $phpbb_root_path, $phpEx; +		include($phpbb_root_path . 'includes/error_collector.' . $phpEx); +	} +	$collector = new phpbb_error_collector; +	$collector->install();  	$smtp->socket = fsockopen($config['smtp_host'], $config['smtp_port'], $errno, $errstr, 20); -	$error_contents = ob_get_clean(); +	$collector->uninstall(); +	$error_contents = $collector->format_errors();  	if (!$smtp->socket)  	{ @@ -999,7 +1022,7 @@ function smtpmail($addresses, $subject, $message, &$err_msg, $headers = false)  	}  	// Let me in. This function handles the complete authentication process -	if ($err_msg = $smtp->log_into_server($config['smtp_host'], $config['smtp_username'], $config['smtp_password'], $config['smtp_auth_method'])) +	if ($err_msg = $smtp->log_into_server($config['smtp_host'], $config['smtp_username'], htmlspecialchars_decode($config['smtp_password']), $config['smtp_auth_method']))  	{  		$smtp->close_session($err_msg);  		return false; @@ -1608,18 +1631,27 @@ function mail_encode($str, $eol = "\r\n")  */  function phpbb_mail($to, $subject, $msg, $headers, $eol, &$err_msg)  { -	global $config; +	global $config, $phpbb_root_path, $phpEx;  	// We use the EOL character for the OS here because the PHP mail function does not correctly transform line endings. On Windows SMTP is used (SMTP is \r\n), on UNIX a command is used...  	// Reference: http://bugs.php.net/bug.php?id=15841  	$headers = implode($eol, $headers); -	ob_start(); +	if (!class_exists('phpbb_error_collector')) +	{ +		include($phpbb_root_path . 'includes/error_collector.' . $phpEx); +	} + +	$collector = new phpbb_error_collector; +	$collector->install(); +  	// On some PHP Versions mail() *may* fail if there are newlines within the subject.  	// Newlines are used as a delimiter for lines in mail_encode() according to RFC 2045 section 6.8.  	// Because PHP can't decide what is wanted we revert back to the non-RFC-compliant way of separating by one space (Use '' as parameter to mail_encode() results in SPACE used)  	$result = $config['email_function_name']($to, mail_encode($subject, ''), wordwrap(utf8_wordwrap($msg), 997, "\n", true), $headers); -	$err_msg = ob_get_clean(); + +	$collector->uninstall(); +	$err_msg = $collector->format_errors();  	return $result;  } diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index 6fd87db663..68b6199cf5 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -388,7 +388,7 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage  	include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);  	$upload = new fileupload(); -	if ($config['check_attachment_content']) +	if ($config['check_attachment_content'] && isset($config['mime_triggers']))  	{  		$upload->set_disallowed_content(explode('|', $config['mime_triggers']));  	} @@ -497,7 +497,14 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage  	{  		if ($free_space <= $file->get('filesize'))  		{ -			$filedata['error'][] = $user->lang['ATTACH_QUOTA_REACHED']; +			if ($auth->acl_get('a_')) +			{ +				$filedata['error'][] = $user->lang['ATTACH_DISK_FULL']; +			} +			else +			{ +				$filedata['error'][] = $user->lang['ATTACH_QUOTA_REACHED']; +			}  			$filedata['post_attach'] = false;  			$file->remove(); @@ -1180,36 +1187,32 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id  	$topic_title = ($topic_notification) ? $topic_title : $subject;  	$topic_title = censor_text($topic_title); -	// Get banned User ID's -	$sql = 'SELECT ban_userid -		FROM ' . BANLIST_TABLE . ' -		WHERE ban_userid <> 0 -			AND ban_exclude <> 1'; -	$result = $db->sql_query($sql); - -	$sql_ignore_users = ANONYMOUS . ', ' . $user->data['user_id']; -	while ($row = $db->sql_fetchrow($result)) +	// Exclude guests, current user and banned users from notifications +	if (!function_exists('phpbb_get_banned_user_ids'))  	{ -		$sql_ignore_users .= ', ' . (int) $row['ban_userid']; +		include($phpbb_root_path . 'includes/functions_user.' . $phpEx);  	} -	$db->sql_freeresult($result); +	$sql_ignore_users = phpbb_get_banned_user_ids(); +	$sql_ignore_users[ANONYMOUS] = ANONYMOUS; +	$sql_ignore_users[$user->data['user_id']] = $user->data['user_id'];  	$notify_rows = array();  	// -- get forum_userids	|| topic_userids  	$sql = 'SELECT u.user_id, u.username, u.user_email, u.user_lang, u.user_notify_type, u.user_jabber  		FROM ' . (($topic_notification) ? TOPICS_WATCH_TABLE : FORUMS_WATCH_TABLE) . ' w, ' . USERS_TABLE . ' u -		WHERE w.' . (($topic_notification) ? 'topic_id' : 'forum_id') . ' = ' . (($topic_notification) ? $topic_id : $forum_id) . " -			AND w.user_id NOT IN ($sql_ignore_users) -			AND w.notify_status = " . NOTIFY_YES . ' +		WHERE w.' . (($topic_notification) ? 'topic_id' : 'forum_id') . ' = ' . (($topic_notification) ? $topic_id : $forum_id) . ' +			AND ' . $db->sql_in_set('w.user_id', $sql_ignore_users, true) . ' +			AND w.notify_status = ' . NOTIFY_YES . '  			AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')  			AND u.user_id = w.user_id';  	$result = $db->sql_query($sql);  	while ($row = $db->sql_fetchrow($result))  	{ -		$notify_rows[$row['user_id']] = array( -			'user_id'		=> $row['user_id'], +		$notify_user_id = (int) $row['user_id']; +		$notify_rows[$notify_user_id] = array( +			'user_id'		=> $notify_user_id,  			'username'		=> $row['username'],  			'user_email'	=> $row['user_email'],  			'user_jabber'	=> $row['user_jabber'], @@ -1219,30 +1222,29 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id  			'method'		=> $row['user_notify_type'],  			'allowed'		=> false  		); + +		// Add users who have been already notified to ignore list +		$sql_ignore_users[$notify_user_id] = $notify_user_id;  	}  	$db->sql_freeresult($result);  	// forum notification is sent to those not already receiving topic notifications  	if ($topic_notification)  	{ -		if (sizeof($notify_rows)) -		{ -			$sql_ignore_users .= ', ' . implode(', ', array_keys($notify_rows)); -		} -  		$sql = 'SELECT u.user_id, u.username, u.user_email, u.user_lang, u.user_notify_type, u.user_jabber  			FROM ' . FORUMS_WATCH_TABLE . ' fw, ' . USERS_TABLE . " u  			WHERE fw.forum_id = $forum_id -				AND fw.user_id NOT IN ($sql_ignore_users) -				AND fw.notify_status = " . NOTIFY_YES . ' +				AND " . $db->sql_in_set('fw.user_id', $sql_ignore_users, true) . ' +				AND fw.notify_status = ' . NOTIFY_YES . '  				AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')  				AND u.user_id = fw.user_id';  		$result = $db->sql_query($sql);  		while ($row = $db->sql_fetchrow($result))  		{ -			$notify_rows[$row['user_id']] = array( -				'user_id'		=> $row['user_id'], +			$notify_user_id = (int) $row['user_id']; +			$notify_rows[$notify_user_id] = array( +				'user_id'		=> $notify_user_id,  				'username'		=> $row['username'],  				'user_email'	=> $row['user_email'],  				'user_jabber'	=> $row['user_jabber'], @@ -1273,7 +1275,6 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id  		}  	} -  	// Now, we have to do a little step before really sending, we need to distinguish our users a little bit. ;)  	$msg_users = $delete_ids = $update_notification = array();  	foreach ($notify_rows as $user_id => $row) @@ -1286,6 +1287,20 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id  		{  			$msg_users[] = $row;  			$update_notification[$row['notify_type']][] = $row['user_id']; + +			/* +			* We also update the forums watch table for this user when we are +			* sending out a topic notification to prevent sending out another +			* notification in case this user is also subscribed to the forum +			* this topic was posted in. +			* Since an UPDATE query is used, this has no effect on users only +			* subscribed to the topic (i.e. no row is created) and should not +			* be a performance issue. +			*/ +			if ($row['notify_type'] === 'topic') +			{ +				$update_notification['forum'][] = $row['user_id']; +			}  		}  	}  	unset($notify_rows); @@ -1479,7 +1494,7 @@ function delete_post($forum_id, $topic_id, $post_id, &$data)  		break;  		case 'delete_first_post': -			$sql = 'SELECT p.post_id, p.poster_id, p.post_username, u.username, u.user_colour +			$sql = 'SELECT p.post_id, p.poster_id, p.post_time, p.post_username, u.username, u.user_colour  				FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . " u  				WHERE p.topic_id = $topic_id  					AND p.poster_id = u.user_id @@ -1493,7 +1508,7 @@ function delete_post($forum_id, $topic_id, $post_id, &$data)  				$sql_data[FORUMS_TABLE] = ($data['post_approved']) ? 'forum_posts = forum_posts - 1' : '';  			} -			$sql_data[TOPICS_TABLE] = 'topic_poster = ' . intval($row['poster_id']) . ', topic_first_post_id = ' . intval($row['post_id']) . ", topic_first_poster_colour = '" . $db->sql_escape($row['user_colour']) . "', topic_first_poster_name = '" . (($row['poster_id'] == ANONYMOUS) ? $db->sql_escape($row['post_username']) : $db->sql_escape($row['username'])) . "'"; +			$sql_data[TOPICS_TABLE] = 'topic_poster = ' . intval($row['poster_id']) . ', topic_first_post_id = ' . intval($row['post_id']) . ", topic_first_poster_colour = '" . $db->sql_escape($row['user_colour']) . "', topic_first_poster_name = '" . (($row['poster_id'] == ANONYMOUS) ? $db->sql_escape($row['post_username']) : $db->sql_escape($row['username'])) . "', topic_time = " . (int) $row['post_time'];  			// Decrementing topic_replies here is fine because this case only happens if there is more than one post within the topic - basically removing one "reply"  			$sql_data[TOPICS_TABLE] .= ', topic_replies_real = topic_replies_real - 1' . (($data['post_approved']) ? ', topic_replies = topic_replies - 1' : ''); @@ -1870,9 +1885,9 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u  		case 'edit_topic':  		case 'edit_first_post': -			if (isset($poll['poll_options']) && !empty($poll['poll_options'])) +			if (isset($poll['poll_options']))  			{ -				$poll_start = ($poll['poll_start']) ? $poll['poll_start'] : $current_time; +				$poll_start = ($poll['poll_start'] || empty($poll['poll_options'])) ? $poll['poll_start'] : $current_time;  				$poll_length = $poll['poll_length'] * 86400;  				if ($poll_length < 0)  				{ @@ -2075,11 +2090,11 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u  	}  	// Update Poll Tables -	if (isset($poll['poll_options']) && !empty($poll['poll_options'])) +	if (isset($poll['poll_options']))  	{  		$cur_poll_options = array(); -		if ($poll['poll_start'] && $mode == 'edit') +		if ($mode == 'edit')  		{  			$sql = 'SELECT *  				FROM ' . POLL_OPTIONS_TABLE . ' @@ -2611,4 +2626,106 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u  	return $url;  } +/** +* Handle topic bumping +* @param int $forum_id The ID of the forum the topic is being bumped belongs to +* @param int $topic_id The ID of the topic is being bumping +* @param array $post_data Passes some topic parameters: +*				- 'topic_title' +*				- 'topic_last_post_id' +*				- 'topic_last_poster_id' +*				- 'topic_last_post_subject' +*				- 'topic_last_poster_name' +*				- 'topic_last_poster_colour' +* @param int $bump_time The time at which topic was bumped, usually it is a current time as obtained via time().  +* @return string An URL to the bumped topic, example: ./viewtopic.php?forum_id=1&topic_id=2&p=3#p3 +*/ +function phpbb_bump_topic($forum_id, $topic_id, $post_data, $bump_time = false) +{ +	global $config, $db, $user, $phpEx, $phpbb_root_path; + +	if ($bump_time === false) +	{ +		$bump_time = time(); +	} + +	// Begin bumping +	$db->sql_transaction('begin'); + +	// Update the topic's last post post_time +	$sql = 'UPDATE ' . POSTS_TABLE . " +		SET post_time = $bump_time +		WHERE post_id = {$post_data['topic_last_post_id']} +			AND topic_id = $topic_id"; +	$db->sql_query($sql); + +	// Sync the topic's last post time, the rest of the topic's last post data isn't changed +	$sql = 'UPDATE ' . TOPICS_TABLE . " +		SET topic_last_post_time = $bump_time, +			topic_bumped = 1, +			topic_bumper = " . $user->data['user_id'] . " +		WHERE topic_id = $topic_id"; +	$db->sql_query($sql); + +	// Update the forum's last post info +	$sql = 'UPDATE ' . FORUMS_TABLE . " +		SET forum_last_post_id = " . $post_data['topic_last_post_id'] . ", +			forum_last_poster_id = " . $post_data['topic_last_poster_id'] . ", +			forum_last_post_subject = '" . $db->sql_escape($post_data['topic_last_post_subject']) . "', +			forum_last_post_time = $bump_time, +			forum_last_poster_name = '" . $db->sql_escape($post_data['topic_last_poster_name']) . "', +			forum_last_poster_colour = '" . $db->sql_escape($post_data['topic_last_poster_colour']) . "' +		WHERE forum_id = $forum_id"; +	$db->sql_query($sql); + +	// Update bumper's time of the last posting to prevent flood +	$sql = 'UPDATE ' . USERS_TABLE . " +		SET user_lastpost_time = $bump_time +		WHERE user_id = " . $user->data['user_id']; +	$db->sql_query($sql); + +	$db->sql_transaction('commit'); + +	// Mark this topic as posted to +	markread('post', $forum_id, $topic_id, $bump_time); + +	// Mark this topic as read +	markread('topic', $forum_id, $topic_id, $bump_time); + +	// Update forum tracking info +	if ($config['load_db_lastread'] && $user->data['is_registered']) +	{ +		$sql = 'SELECT mark_time +			FROM ' . FORUMS_TRACK_TABLE . ' +			WHERE user_id = ' . $user->data['user_id'] . ' +				AND forum_id = ' . $forum_id; +		$result = $db->sql_query($sql); +		$f_mark_time = (int) $db->sql_fetchfield('mark_time'); +		$db->sql_freeresult($result); +	} +	else if ($config['load_anon_lastread'] || $user->data['is_registered']) +	{ +		$f_mark_time = false; +	} + +	if (($config['load_db_lastread'] && $user->data['is_registered']) || $config['load_anon_lastread'] || $user->data['is_registered']) +	{ +		// Update forum info +		$sql = 'SELECT forum_last_post_time +			FROM ' . FORUMS_TABLE . ' +			WHERE forum_id = ' . $forum_id; +		$result = $db->sql_query($sql); +		$forum_last_post_time = (int) $db->sql_fetchfield('forum_last_post_time'); +		$db->sql_freeresult($result); + +		update_forum_tracking_info($forum_id, $forum_last_post_time, $f_mark_time, false); +	} + +	add_log('mod', $forum_id, $topic_id, 'LOG_BUMP_TOPIC', $post_data['topic_title']); + +	$url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&t=$topic_id&p={$post_data['topic_last_post_id']}") . "#p{$post_data['topic_last_post_id']}"; + +	return $url; +} +  ?>
\ No newline at end of file diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php index 4c34bc92ca..261ed45727 100644 --- a/phpBB/includes/functions_privmsgs.php +++ b/phpBB/includes/functions_privmsgs.php @@ -1084,6 +1084,166 @@ function delete_pm($user_id, $msg_ids, $folder_id)  }  /** +* Delete all PM(s) for a given user and delete the ones without references +* +* @param	int		$user_id	ID of the user whose private messages we want to delete +* +* @return	boolean		False if there were no pms found, true otherwise. +*/ +function phpbb_delete_user_pms($user_id) +{ +	global $db, $user, $phpbb_root_path, $phpEx; + +	$user_id = (int) $user_id; + +	if (!$user_id) +	{ +		return false; +	} + +	// Get PM Information for later deleting +	// The two queries where split, so we can use our indexes +	// Part 1: get PMs the user received +	$sql = 'SELECT msg_id, author_id, folder_id, pm_unread, pm_new +		FROM ' . PRIVMSGS_TO_TABLE . ' +		WHERE user_id = ' . $user_id; +	$result = $db->sql_query($sql); + +	$undelivered_msg = $undelivered_user = $delete_ids = array(); +	while ($row = $db->sql_fetchrow($result)) +	{ +		if ($row['author_id'] == $user_id && $row['folder_id'] == PRIVMSGS_NO_BOX) +		{ +			// Undelivered messages +			$undelivered_msg[] = $row['msg_id']; + +			if (isset($undelivered_user[$row['user_id']])) +			{ +				++$undelivered_user[$row['user_id']]; +			} +			else +			{ +				$undelivered_user[$row['user_id']] = 1; +			} +		} + +		$delete_ids[(int) $row['msg_id']] = (int) $row['msg_id']; +	} +	$db->sql_freeresult($result); + +	// Part 2: get PMs the user sent +	$sql = 'SELECT msg_id, author_id, folder_id, pm_unread, pm_new +		FROM ' . PRIVMSGS_TO_TABLE . ' +		WHERE author_id = ' . $user_id . ' +				AND folder_id = ' . PRIVMSGS_NO_BOX; +	$result = $db->sql_query($sql); + +	while ($row = $db->sql_fetchrow($result)) +	{ +		if ($row['author_id'] == $user_id && $row['folder_id'] == PRIVMSGS_NO_BOX) +		{ +			// Undelivered messages +			$undelivered_msg[] = $row['msg_id']; + +			if (isset($undelivered_user[$row['user_id']])) +			{ +				++$undelivered_user[$row['user_id']]; +			} +			else +			{ +				$undelivered_user[$row['user_id']] = 1; +			} +		} + +		$delete_ids[(int) $row['msg_id']] = (int) $row['msg_id']; +	} +	$db->sql_freeresult($result); + +	if (empty($delete_ids)) +	{ +		return false; +	} + +	$db->sql_transaction('begin'); + +	if (sizeof($undelivered_msg)) +	{ +		$sql = 'DELETE FROM ' . PRIVMSGS_TABLE . ' +			WHERE ' . $db->sql_in_set('msg_id', $undelivered_msg); +		$db->sql_query($sql); +	} + +	// Reset the user´s pm count to 0 +	if (isset($undelivered_user[$user_id])) +	{ +		$sql = 'UPDATE ' . USERS_TABLE . ' +			SET user_new_privmsg = 0, +				user_unread_privmsg = 0 +			WHERE user_id = ' . $user_id; +		$db->sql_query($sql); +		unset($undelivered_user[$user_id]); +	} + +	foreach ($undelivered_user as $_user_id => $count) +	{ +		$sql = 'UPDATE ' . USERS_TABLE . ' +			SET user_new_privmsg = user_new_privmsg - ' . $count . ', +				user_unread_privmsg = user_unread_privmsg - ' . $count . ' +			WHERE user_id = ' . $_user_id; +		$db->sql_query($sql); +	} + +	// Delete private message data +	$sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . " +		WHERE user_id = $user_id +			AND " . $db->sql_in_set('msg_id', $delete_ids); +	$db->sql_query($sql); + +	// Now we have to check which messages we can delete completely +	$sql = 'SELECT msg_id +		FROM ' . PRIVMSGS_TO_TABLE . ' +		WHERE ' . $db->sql_in_set('msg_id', $delete_ids); +	$result = $db->sql_query($sql); + +	while ($row = $db->sql_fetchrow($result)) +	{ +		unset($delete_ids[$row['msg_id']]); +	} +	$db->sql_freeresult($result); + +	if (!empty($delete_ids)) +	{ +		// Check if there are any attachments we need to remove +		if (!function_exists('delete_attachments')) +		{ +			include($phpbb_root_path . 'includes/functions_admin.' . $phpEx); +		} + +		delete_attachments('message', $delete_ids, false); + +		$sql = 'DELETE FROM ' . PRIVMSGS_TABLE . ' +			WHERE ' . $db->sql_in_set('msg_id', $delete_ids); +		$db->sql_query($sql); +	} + +	// Set the remaining author id to anonymous +	// This way users are still able to read messages from users being removed +	$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . ' +		SET author_id = ' . ANONYMOUS . ' +		WHERE author_id = ' . $user_id; +	$db->sql_query($sql); + +	$sql = 'UPDATE ' . PRIVMSGS_TABLE . ' +		SET author_id = ' . ANONYMOUS . ' +		WHERE author_id = ' . $user_id; +	$db->sql_query($sql); + +	$db->sql_transaction('commit'); + +	return true; +} + +/**  * Rebuild message header  */  function rebuild_header($check_ary) @@ -1362,12 +1522,6 @@ function submit_pm($mode, $subject, &$data, $put_in_outbox = true)  			while ($row = $db->sql_fetchrow($result))  			{ -				// Additionally, do not include the sender if he is in the group he wants to send to. ;) -				if ($row['user_id'] === $user->data['user_id']) -				{ -					continue; -				} -  				$field = ($data['address_list']['g'][$row['group_id']] == 'to') ? 'to' : 'bcc';  				$recipients[$row['user_id']] = $field;  			} @@ -1607,7 +1761,7 @@ function submit_pm($mode, $subject, &$data, $put_in_outbox = true)  	// Send Notifications  	if ($mode != 'edit')  	{ -		pm_notification($mode, $data['from_username'], $recipients, $subject, $data['message']); +		pm_notification($mode, $data['from_username'], $recipients, $subject, $data['message'], $data['msg_id']);  	}  	return $data['msg_id']; @@ -1616,12 +1770,13 @@ function submit_pm($mode, $subject, &$data, $put_in_outbox = true)  /**  * PM Notification  */ -function pm_notification($mode, $author, $recipients, $subject, $message) +function pm_notification($mode, $author, $recipients, $subject, $message, $msg_id)  {  	global $db, $user, $config, $phpbb_root_path, $phpEx, $auth;  	$subject = censor_text($subject); +	// Exclude guests, current user and banned users from notifications  	unset($recipients[ANONYMOUS], $recipients[$user->data['user_id']]);  	if (!sizeof($recipients)) @@ -1629,18 +1784,12 @@ function pm_notification($mode, $author, $recipients, $subject, $message)  		return;  	} -	// Get banned User ID's -	$sql = 'SELECT ban_userid -		FROM ' . BANLIST_TABLE . ' -		WHERE ' . $db->sql_in_set('ban_userid', array_map('intval', array_keys($recipients))) . ' -			AND ban_exclude = 0'; -	$result = $db->sql_query($sql); - -	while ($row = $db->sql_fetchrow($result)) +	if (!function_exists('phpbb_get_banned_user_ids'))  	{ -		unset($recipients[$row['ban_userid']]); +		include($phpbb_root_path . 'includes/functions_user.' . $phpEx);  	} -	$db->sql_freeresult($result); +	$banned_users = phpbb_get_banned_user_ids(array_keys($recipients)); +	$recipients = array_diff(array_keys($recipients), $banned_users);  	if (!sizeof($recipients))  	{ @@ -1649,7 +1798,7 @@ function pm_notification($mode, $author, $recipients, $subject, $message)  	$sql = 'SELECT user_id, username, user_email, user_lang, user_notify_pm, user_notify_type, user_jabber  		FROM ' . USERS_TABLE . ' -		WHERE ' . $db->sql_in_set('user_id', array_map('intval', array_keys($recipients))); +		WHERE ' . $db->sql_in_set('user_id', $recipients);  	$result = $db->sql_query($sql);  	$msg_list_ary = array(); @@ -1688,8 +1837,9 @@ function pm_notification($mode, $author, $recipients, $subject, $message)  			'AUTHOR_NAME'	=> htmlspecialchars_decode($author),  			'USERNAME'		=> htmlspecialchars_decode($addr['name']), -			'U_INBOX'		=> generate_board_url() . "/ucp.$phpEx?i=pm&folder=inbox") -		); +			'U_INBOX'			=> generate_board_url() . "/ucp.$phpEx?i=pm&folder=inbox", +			'U_VIEW_MESSAGE'	=> generate_board_url() . "/ucp.$phpEx?i=pm&mode=view&p=$msg_id", +		));  		$messenger->send($addr['method']);  	} diff --git a/phpBB/includes/functions_profile_fields.php b/phpBB/includes/functions_profile_fields.php index 78fe049f40..16c193c15a 100644 --- a/phpBB/includes/functions_profile_fields.php +++ b/phpBB/includes/functions_profile_fields.php @@ -149,7 +149,18 @@ class custom_profile  			case FIELD_DROPDOWN:  				$field_value = (int) $field_value; -			 + +				// retrieve option lang data if necessary +				if (!isset($this->options_lang[$field_data['field_id']]) || !isset($this->options_lang[$field_data['field_id']][$field_data['lang_id']]) || !sizeof($this->options_lang[$file_data['field_id']][$field_data['lang_id']])) +				{ +					$this->get_option_lang($field_data['field_id'], $field_data['lang_id'], FIELD_DROPDOWN, false); +				} + +				if (!isset($this->options_lang[$field_data['field_id']][$field_data['lang_id']][$field_value])) +				{ +					return 'FIELD_INVALID_VALUE'; +				} +  				if ($field_value == $field_data['field_novalue'] && $field_data['field_required'])  				{  					return 'FIELD_REQUIRED'; @@ -302,6 +313,7 @@ class custom_profile  				switch ($cp_result)  				{  					case 'FIELD_INVALID_DATE': +					case 'FIELD_INVALID_VALUE':  					case 'FIELD_REQUIRED':  						$error = sprintf($user->lang[$cp_result], $row['lang_name']);  					break; @@ -559,7 +571,12 @@ class custom_profile  					$this->get_option_lang($field_id, $lang_id, FIELD_DROPDOWN, false);  				} -				if ($value == $ident_ary['data']['field_novalue']) +				// If a dropdown field is required, users +				// cannot choose the "no value" option. +				// They must choose one of the other options. +				// Therefore, here we treat a value equal to +				// the "no value" as a lack of value, i.e. NULL. +				if ($value == $ident_ary['data']['field_novalue'] && $ident_ary['data']['field_required'])  				{  					return NULL;  				} @@ -613,10 +630,10 @@ class custom_profile  		$profile_row['field_ident'] = (isset($profile_row['var_name'])) ? $profile_row['var_name'] : 'pf_' . $profile_row['field_ident'];  		$user_ident = $profile_row['field_ident']; -		// checkbox - only testing for isset +		// checkbox - set the value to "true" if it has been set to 1  		if ($profile_row['field_type'] == FIELD_BOOL && $profile_row['field_length'] == 2)  		{ -			$value = (isset($_REQUEST[$profile_row['field_ident']])) ? true : ((!isset($user->profile_fields[$user_ident]) || $preview) ? $default_value : $user->profile_fields[$user_ident]); +			$value = (isset($_REQUEST[$profile_row['field_ident']]) && request_var($profile_row['field_ident'], $default_value) == 1) ? true : ((!isset($user->profile_fields[$user_ident]) || $preview) ? $default_value : $user->profile_fields[$user_ident]);  		}  		else if ($profile_row['field_type'] == FIELD_INT)  		{ diff --git a/phpBB/includes/functions_template.php b/phpBB/includes/functions_template.php index 1d3a4d74f8..8636dfe010 100644 --- a/phpBB/includes/functions_template.php +++ b/phpBB/includes/functions_template.php @@ -322,7 +322,7 @@ class template_compile  		// Is the designer wanting to call another loop in a loop?  		if (strpos($tag_args, '!') === 0)  		{ -			// Count the number if ! occurrences (not allowed in vars) +			// Count the number of ! occurrences (not allowed in vars)  			$no_nesting = substr_count($tag_args, '!');  			$tag_args = substr($tag_args, $no_nesting);  		} diff --git a/phpBB/includes/functions_transfer.php b/phpBB/includes/functions_transfer.php index 046abede8e..5ab7a87efd 100644 --- a/phpBB/includes/functions_transfer.php +++ b/phpBB/includes/functions_transfer.php @@ -808,23 +808,56 @@ class ftp_fsock extends transfer  	*/  	function _open_data_connection()  	{ -		$this->_send_command('PASV', '', false); - -		if (!$ip_port = $this->_check_command(true)) +		// Try to find out whether we have a IPv4 or IPv6 (control) connection +		if (function_exists('stream_socket_get_name'))  		{ -			return false; +			$socket_name = stream_socket_get_name($this->connection, true); +			$server_ip = substr($socket_name, 0, strrpos($socket_name, ':'));  		} -		// open the connection to start sending the file -		if (!preg_match('#[0-9]{1,3},[0-9]{1,3},[0-9]{1,3},[0-9]{1,3},[0-9]+,[0-9]+#', $ip_port, $temp)) +		if (!isset($server_ip) || preg_match(get_preg_expression('ipv4'), $server_ip))  		{ -			// bad ip and port -			return false; +			// Passive mode +			$this->_send_command('PASV', '', false); + +			if (!$ip_port = $this->_check_command(true)) +			{ +				return false; +			} + +			// open the connection to start sending the file +			if (!preg_match('#[0-9]{1,3},[0-9]{1,3},[0-9]{1,3},[0-9]{1,3},[0-9]+,[0-9]+#', $ip_port, $temp)) +			{ +				// bad ip and port +				return false; +			} + +			$temp = explode(',', $temp[0]); +			$server_ip = $temp[0] . '.' . $temp[1] . '.' . $temp[2] . '.' . $temp[3]; +			$server_port = $temp[4] * 256 + $temp[5]; +		} +		else +		{ +			// Extended Passive Mode - RFC2428 +			$this->_send_command('EPSV', '', false); + +			if (!$epsv_response = $this->_check_command(true)) +			{ +				return false; +			} + +			// Response looks like "229 Entering Extended Passive Mode (|||12345|)" +			// where 12345 is the tcp port for the data connection +			if (!preg_match('#\(\|\|\|([0-9]+)\|\)#', $epsv_response, $match)) +			{ +				return false; +			} +			$server_port = (int) $match[1]; + +			// fsockopen expects IPv6 address in square brackets +			$server_ip = "[$server_ip]";  		} -		$temp = explode(',', $temp[0]); -		$server_ip = $temp[0] . '.' . $temp[1] . '.' . $temp[2] . '.' . $temp[3]; -		$server_port = $temp[4] * 256 + $temp[5];  		$errno = 0;  		$errstr = ''; diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index 7f09cc1640..73ac1df2d2 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -458,7 +458,7 @@ class fileerror extends filespec  class fileupload  {  	var $allowed_extensions = array(); -	var $disallowed_content = array(); +	var $disallowed_content = array('body', 'head', 'html', 'img', 'plaintext', 'a href', 'pre', 'script', 'table', 'title');   	var $max_filesize = 0;  	var $min_width = 0;  	var $min_height = 0; @@ -539,7 +539,7 @@ class fileupload  	{  		if ($disallowed_content !== false && is_array($disallowed_content))  		{ -			$this->disallowed_content = $disallowed_content; +			$this->disallowed_content = array_diff($disallowed_content, array(''));  		}  	} @@ -751,6 +751,31 @@ class fileupload  		$filename = $url['path'];  		$filesize = 0; +		$remote_max_filesize = $this->max_filesize; +		if (!$remote_max_filesize) +		{ +			$max_filesize = @ini_get('upload_max_filesize'); + +			if (!empty($max_filesize)) +			{ +				$unit = strtolower(substr($max_filesize, -1, 1)); +				$remote_max_filesize = (int) $max_filesize; + +				switch ($unit) +				{ +					case 'g': +						$remote_max_filesize *= 1024; +					// no break +					case 'm': +						$remote_max_filesize *= 1024; +					// no break +					case 'k': +						$remote_max_filesize *= 1024; +					// no break +				} +			} +		} +  		$errno = 0;  		$errstr = ''; @@ -779,9 +804,9 @@ class fileupload  				$block = @fread($fsock, 1024);  				$filesize += strlen($block); -				if ($this->max_filesize && $filesize > $this->max_filesize) +				if ($remote_max_filesize && $filesize > $remote_max_filesize)  				{ -					$max_filesize = get_formatted_filesize($this->max_filesize, false); +					$max_filesize = get_formatted_filesize($remote_max_filesize, false);  					$file = new fileerror(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit']));  					return $file; @@ -807,9 +832,9 @@ class fileupload  					{  						$length = (int) str_replace('content-length: ', '', strtolower($line)); -						if ($length && $length > $this->max_filesize) +						if ($remote_max_filesize && $length && $length > $remote_max_filesize)  						{ -							$max_filesize = get_formatted_filesize($this->max_filesize, false); +							$max_filesize = get_formatted_filesize($remote_max_filesize, false);  							$file = new fileerror(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit']));  							return $file; diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 3f4203c554..7a79e6276f 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -485,44 +485,6 @@ function user_delete($mode, $user_id, $post_username = false)  				include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);  			} -			$sql = 'SELECT topic_id, COUNT(post_id) AS total_posts -				FROM ' . POSTS_TABLE . " -				WHERE poster_id = $user_id -				GROUP BY topic_id"; -			$result = $db->sql_query($sql); - -			$topic_id_ary = array(); -			while ($row = $db->sql_fetchrow($result)) -			{ -				$topic_id_ary[$row['topic_id']] = $row['total_posts']; -			} -			$db->sql_freeresult($result); - -			if (sizeof($topic_id_ary)) -			{ -				$sql = 'SELECT topic_id, topic_replies, topic_replies_real -					FROM ' . TOPICS_TABLE . ' -					WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary)); -				$result = $db->sql_query($sql); - -				$del_topic_ary = array(); -				while ($row = $db->sql_fetchrow($result)) -				{ -					if (max($row['topic_replies'], $row['topic_replies_real']) + 1 == $topic_id_ary[$row['topic_id']]) -					{ -						$del_topic_ary[] = $row['topic_id']; -					} -				} -				$db->sql_freeresult($result); - -				if (sizeof($del_topic_ary)) -				{ -					$sql = 'DELETE FROM ' . TOPICS_TABLE . ' -						WHERE ' . $db->sql_in_set('topic_id', $del_topic_ary); -					$db->sql_query($sql); -				} -			} -  			// Delete posts, attachments, etc.  			delete_posts('poster_id', $user_id); @@ -569,62 +531,12 @@ function user_delete($mode, $user_id, $post_username = false)  		WHERE session_user_id = ' . $user_id;  	$db->sql_query($sql); -	// Remove any undelivered mails... -	$sql = 'SELECT msg_id, user_id -		FROM ' . PRIVMSGS_TO_TABLE . ' -		WHERE author_id = ' . $user_id . ' -			AND folder_id = ' . PRIVMSGS_NO_BOX; -	$result = $db->sql_query($sql); - -	$undelivered_msg = $undelivered_user = array(); -	while ($row = $db->sql_fetchrow($result)) +	// Clean the private messages tables from the user +	if (!function_exists('phpbb_delete_user_pms'))  	{ -		$undelivered_msg[] = $row['msg_id']; -		$undelivered_user[$row['user_id']][] = true; -	} -	$db->sql_freeresult($result); - -	if (sizeof($undelivered_msg)) -	{ -		$sql = 'DELETE FROM ' . PRIVMSGS_TABLE . ' -			WHERE ' . $db->sql_in_set('msg_id', $undelivered_msg); -		$db->sql_query($sql); -	} - -	$sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . ' -		WHERE author_id = ' . $user_id . ' -			AND folder_id = ' . PRIVMSGS_NO_BOX; -	$db->sql_query($sql); - -	// Delete all to-information -	$sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . ' -		WHERE user_id = ' . $user_id; -	$db->sql_query($sql); - -	// Set the remaining author id to anonymous - this way users are still able to read messages from users being removed -	$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . ' -		SET author_id = ' . ANONYMOUS . ' -		WHERE author_id = ' . $user_id; -	$db->sql_query($sql); - -	$sql = 'UPDATE ' . PRIVMSGS_TABLE . ' -		SET author_id = ' . ANONYMOUS . ' -		WHERE author_id = ' . $user_id; -	$db->sql_query($sql); - -	foreach ($undelivered_user as $_user_id => $ary) -	{ -		if ($_user_id == $user_id) -		{ -			continue; -		} - -		$sql = 'UPDATE ' . USERS_TABLE . ' -			SET user_new_privmsg = user_new_privmsg - ' . sizeof($ary) . ', -				user_unread_privmsg = user_unread_privmsg - ' . sizeof($ary) . ' -			WHERE user_id = ' . $_user_id; -		$db->sql_query($sql); +		include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx);  	} +	phpbb_delete_user_pms($user_id);  	$db->sql_transaction('commit'); @@ -774,7 +686,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas  			}  			else  			{ -				trigger_error('LENGTH_BAN_INVALID'); +				trigger_error('LENGTH_BAN_INVALID', E_USER_WARNING);  			}  		}  	} @@ -834,7 +746,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas  			// Make sure we have been given someone to ban  			if (!sizeof($sql_usernames))  			{ -				trigger_error('NO_USER_SPECIFIED'); +				trigger_error('NO_USER_SPECIFIED', E_USER_WARNING);  			}  			$sql = 'SELECT user_id @@ -865,7 +777,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas  			else  			{  				$db->sql_freeresult($result); -				trigger_error('NO_USERS'); +				trigger_error('NO_USERS', E_USER_WARNING);  			}  			$db->sql_freeresult($result);  		break; @@ -967,7 +879,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas  				if (empty($banlist_ary))  				{ -					trigger_error('NO_IPS_DEFINED'); +					trigger_error('NO_IPS_DEFINED', E_USER_WARNING);  				}  			}  		break; @@ -995,12 +907,12 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas  			if (sizeof($ban_list) == 0)  			{ -				trigger_error('NO_EMAILS_DEFINED'); +				trigger_error('NO_EMAILS_DEFINED', E_USER_WARNING);  			}  		break;  		default: -			trigger_error('NO_MODE'); +			trigger_error('NO_MODE', E_USER_WARNING);  		break;  	} @@ -1463,6 +1375,31 @@ function validate_match($string, $optional = false, $match = '')  }  /** +* Validate Language Pack ISO Name +* +* Tests whether a language name is valid and installed +* +* @param string $lang_iso	The language string to test +* +* @return bool|string		Either false if validation succeeded or +*							a string which will be used as the error message +*							(with the variable name appended) +*/ +function validate_language_iso_name($lang_iso) +{ +	global $db; + +	$sql = 'SELECT lang_id +		FROM ' . LANG_TABLE . " +		WHERE lang_iso = '" . $db->sql_escape($lang_iso) . "'"; +	$result = $db->sql_query($sql); +	$lang_id = (int) $db->sql_fetchfield('lang_id'); +	$db->sql_freeresult($result); + +	return ($lang_id) ? false : 'WRONG_DATA'; +} + +/**  * Check to see if the username has been taken, or if it is disallowed.  * Also checks if it includes the " character, which we don't allow in usernames.  * Used for registering, changing names, and posting anonymously with a username @@ -1621,8 +1558,9 @@ function validate_password($password)  {  	global $config, $db, $user; -	if (!$password) +	if ($password === '' || $config['pass_complex'] === 'PASS_TYPE_ANY')  	{ +		// Password empty or no password complexity required.  		return false;  	} @@ -1633,7 +1571,6 @@ function validate_password($password)  	{  		$upp = '\p{Lu}';  		$low = '\p{Ll}'; -		$let = '\p{L}';  		$num = '\p{N}';  		$sym = '[^\p{Lu}\p{Ll}\p{N}]';  		$pcre = true; @@ -1643,7 +1580,6 @@ function validate_password($password)  		mb_regex_encoding('UTF-8');  		$upp = '[[:upper:]]';  		$low = '[[:lower:]]'; -		$let = '[[:lower:][:upper:]]';  		$num = '[[:digit:]]';  		$sym = '[^[:upper:][:lower:][:digit:]]';  		$mbstring = true; @@ -1652,7 +1588,6 @@ function validate_password($password)  	{  		$upp = '[A-Z]';  		$low = '[a-z]'; -		$let = '[a-zA-Z]';  		$num = '[0-9]';  		$sym = '[^A-Za-z0-9]';  		$pcre = true; @@ -1662,22 +1597,22 @@ function validate_password($password)  	switch ($config['pass_complex'])  	{ -		case 'PASS_TYPE_CASE': -			$chars[] = $low; -			$chars[] = $upp; -		break; +		// No break statements below ... +		// We require strong passwords in case pass_complex is not set or is invalid +		default: + +		// Require mixed case letters, numbers and symbols +		case 'PASS_TYPE_SYMBOL': +			$chars[] = $sym; +		// Require mixed case letters and numbers  		case 'PASS_TYPE_ALPHA': -			$chars[] = $let;  			$chars[] = $num; -		break; -		case 'PASS_TYPE_SYMBOL': +		// Require mixed case letters +		case 'PASS_TYPE_CASE':  			$chars[] = $low;  			$chars[] = $upp; -			$chars[] = $num; -			$chars[] = $sym; -		break;  	}  	if ($pcre) @@ -1967,6 +1902,27 @@ function validate_jabber($jid)  }  /** +* Verifies whether a style ID corresponds to an active style. +* +* @param int $style_id The style_id of a style which should be checked if activated or not. +* @return boolean +*/ +function phpbb_style_is_active($style_id) +{ +	global $db; + +	$sql = 'SELECT style_active +		FROM ' . STYLES_TABLE . ' +		WHERE style_id = '. (int) $style_id; +	$result = $db->sql_query($sql); + +	$style_is_active = (bool) $db->sql_fetchfield('style_active'); +	$db->sql_freeresult($result); + +	return $style_is_active; +} + +/**  * Remove avatar  */  function avatar_delete($mode, $row, $clean_db = false) @@ -2083,7 +2039,7 @@ function avatar_upload($data, &$error)  	// Init upload class  	include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx); -	$upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], explode('|', $config['mime_triggers'])); +	$upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], (isset($config['mime_triggers']) ? explode('|', $config['mime_triggers']) : false));  	if (!empty($_FILES['uploadfile']['name']))  	{ @@ -3605,4 +3561,37 @@ function remove_newly_registered($user_id, $user_data = false)  	return $user_data['group_id'];  } +/** +* Gets user ids of currently banned registered users. +* +* @param array $user_ids Array of users' ids to check for banning, +*						leave empty to get complete list of banned ids +* @return array	Array of banned users' ids if any, empty array otherwise +*/ +function phpbb_get_banned_user_ids($user_ids = array()) +{ +	global $db; + +	$sql_user_ids = (!empty($user_ids)) ? $db->sql_in_set('ban_userid', $user_ids) : 'ban_userid <> 0'; + +	// Get banned User ID's +	// Ignore stale bans which were not wiped yet +	$banned_ids_list = array(); +	$sql = 'SELECT ban_userid +		FROM ' . BANLIST_TABLE . " +		WHERE $sql_user_ids +			AND ban_exclude <> 1 +			AND (ban_end > " . time() . ' +				OR ban_end = 0)'; +	$result = $db->sql_query($sql); +	while ($row = $db->sql_fetchrow($result)) +	{ +		$user_id = (int) $row['ban_userid']; +		$banned_ids_list[$user_id] = $user_id; +	} +	$db->sql_freeresult($result); + +	return $banned_ids_list; +} +  ?> diff --git a/phpBB/includes/mcp/mcp_front.php b/phpBB/includes/mcp/mcp_front.php index 50e14b9336..af262baa29 100644 --- a/phpBB/includes/mcp/mcp_front.php +++ b/phpBB/includes/mcp/mcp_front.php @@ -350,7 +350,7 @@ function mcp_front_view($id, $mode, $action)  			// Add forum_id 0 for global announcements  			$forum_list[] = 0; -			$log_count = 0; +			$log_count = false;  			$log = array();  			view_log('mod', $log, $log_count, 5, 0, $forum_list); diff --git a/phpBB/includes/mcp/mcp_logs.php b/phpBB/includes/mcp/mcp_logs.php index 6da810a489..73ff72c177 100644 --- a/phpBB/includes/mcp/mcp_logs.php +++ b/phpBB/includes/mcp/mcp_logs.php @@ -170,7 +170,7 @@ class mcp_logs  		// Grab log data  		$log_data = array();  		$log_count = 0; -		view_log('mod', $log_data, $log_count, $config['topics_per_page'], $start, $forum_list, $topic_id, 0, $sql_where, $sql_sort, $keywords); +		$start = view_log('mod', $log_data, $log_count, $config['topics_per_page'], $start, $forum_list, $topic_id, 0, $sql_where, $sql_sort, $keywords);  		$template->assign_vars(array(  			'PAGE_NUMBER'		=> on_page($log_count, $config['topics_per_page'], $start), @@ -179,7 +179,7 @@ class mcp_logs  			'L_TITLE'			=> $user->lang['MCP_LOGS'], -			'U_POST_ACTION'			=> $this->u_action, +			'U_POST_ACTION'			=> $this->u_action . "&$u_sort_param$keywords_param&start=$start",  			'S_CLEAR_ALLOWED'		=> ($auth->acl_get('a_clearlogs')) ? true : false,  			'S_SELECT_SORT_DIR'		=> $s_sort_dir,  			'S_SELECT_SORT_KEY'		=> $s_sort_key, diff --git a/phpBB/includes/mcp/mcp_main.php b/phpBB/includes/mcp/mcp_main.php index d5551f5114..ffede11d37 100644 --- a/phpBB/includes/mcp/mcp_main.php +++ b/phpBB/includes/mcp/mcp_main.php @@ -286,14 +286,6 @@ function change_topic_type($action, $topic_ids)  {  	global $auth, $user, $db, $phpEx, $phpbb_root_path; -	// For changing topic types, we only allow operations in one forum. -	$forum_id = check_ids($topic_ids, TOPICS_TABLE, 'topic_id', array('f_announce', 'f_sticky', 'm_'), true); - -	if ($forum_id === false) -	{ -		return; -	} -  	switch ($action)  	{  		case 'make_announce': @@ -316,11 +308,18 @@ function change_topic_type($action, $topic_ids)  		default:  			$new_topic_type = POST_NORMAL; -			$check_acl = ''; +			$check_acl = false;  			$l_new_type = (sizeof($topic_ids) == 1) ? 'MCP_MAKE_NORMAL' : 'MCP_MAKE_NORMALS';  		break;  	} +	$forum_id = check_ids($topic_ids, TOPICS_TABLE, 'topic_id', $check_acl, true); + +	if ($forum_id === false) +	{ +		return; +	} +  	$redirect = request_var('redirect', build_url(array('action', 'quickmod')));  	$s_hidden_fields = array( @@ -1048,37 +1047,38 @@ function mcp_fork_topic($topic_ids)  		$total_posts = 0;  		$new_topic_id_list = array(); -		if ($topic_data['enable_indexing']) -		{ -			// Select the search method and do some additional checks to ensure it can actually be utilised -			$search_type = basename($config['search_type']); -			if (!file_exists($phpbb_root_path . 'includes/search/' . $search_type . '.' . $phpEx)) +		foreach ($topic_data as $topic_id => $topic_row) +		{ +			if (!isset($search_type) && $topic_row['enable_indexing'])  			{ -				trigger_error('NO_SUCH_SEARCH_MODULE'); -			} +				// Select the search method and do some additional checks to ensure it can actually be utilised +				$search_type = basename($config['search_type']); -			if (!class_exists($search_type)) -			{ -				include("{$phpbb_root_path}includes/search/$search_type.$phpEx"); -			} +				if (!file_exists($phpbb_root_path . 'includes/search/' . $search_type . '.' . $phpEx)) +				{ +					trigger_error('NO_SUCH_SEARCH_MODULE'); +				} -			$error = false; -			$search = new $search_type($error); -			$search_mode = 'post'; +				if (!class_exists($search_type)) +				{ +					include("{$phpbb_root_path}includes/search/$search_type.$phpEx"); +				} -			if ($error) +				$error = false; +				$search = new $search_type($error); +				$search_mode = 'post'; + +				if ($error) +				{ +					trigger_error($error); +				} +			} +			else if (!isset($search_type) && !$topic_row['enable_indexing'])  			{ -				trigger_error($error); +				$search_type = false;  			} -		} -		else -		{ -			$search_type = false; -		} -		foreach ($topic_data as $topic_id => $topic_row) -		{  			$sql_ary = array(  				'forum_id'					=> (int) $to_forum_id,  				'icon_id'					=> (int) $topic_row['icon_id'], @@ -1187,9 +1187,9 @@ function mcp_fork_topic($topic_ids)  				// Copy whether the topic is dotted  				markread('post', $to_forum_id, $new_topic_id, 0, $row['poster_id']); -				if ($search_type) +				if (!empty($search_type))  				{ -					$search->index($search_mode, $sql_ary['post_id'], $sql_ary['post_text'], $sql_ary['post_subject'], $sql_ary['poster_id'], ($topic_row['topic_type'] == POST_GLOBAL) ? 0 : $to_forum_id); +					$search->index($search_mode, $new_post_id, $sql_ary['post_text'], $sql_ary['post_subject'], $sql_ary['poster_id'], ($topic_row['topic_type'] == POST_GLOBAL) ? 0 : $to_forum_id);  					$search_mode = 'reply'; // After one we index replies  				} diff --git a/phpBB/includes/mcp/mcp_notes.php b/phpBB/includes/mcp/mcp_notes.php index c684eb6f52..02a89c0251 100644 --- a/phpBB/includes/mcp/mcp_notes.php +++ b/phpBB/includes/mcp/mcp_notes.php @@ -198,7 +198,7 @@ class mcp_notes  		$log_data = array();  		$log_count = 0; -		view_log('user', $log_data, $log_count, $config['topics_per_page'], $start, 0, 0, $user_id, $sql_where, $sql_sort, $keywords); +		$start = view_log('user', $log_data, $log_count, $config['topics_per_page'], $start, 0, 0, $user_id, $sql_where, $sql_sort, $keywords);  		if ($log_count)  		{ diff --git a/phpBB/includes/mcp/mcp_post.php b/phpBB/includes/mcp/mcp_post.php index 7098b4bbce..ba45037a18 100644 --- a/phpBB/includes/mcp/mcp_post.php +++ b/phpBB/includes/mcp/mcp_post.php @@ -227,10 +227,10 @@ function mcp_post_details($id, $mode, $action)  	// Get User Notes  	$log_data = array(); -	$log_count = 0; +	$log_count = false;  	view_log('user', $log_data, $log_count, $config['posts_per_page'], 0, 0, 0, $post_info['user_id']); -	if ($log_count) +	if (!empty($log_data))  	{  		$template->assign_var('S_USER_NOTES', true); @@ -246,7 +246,7 @@ function mcp_post_details($id, $mode, $action)  	}  	// Get Reports -	if ($auth->acl_get('m_', $post_info['forum_id'])) +	if ($auth->acl_get('m_report', $post_info['forum_id']))  	{  		$sql = 'SELECT r.*, re.*, u.user_id, u.username  			FROM ' . REPORTS_TABLE . ' r, ' . USERS_TABLE . ' u, ' . REPORTS_REASONS_TABLE . " re diff --git a/phpBB/includes/mcp/mcp_queue.php b/phpBB/includes/mcp/mcp_queue.php index c419da5574..764461fa53 100644 --- a/phpBB/includes/mcp/mcp_queue.php +++ b/phpBB/includes/mcp/mcp_queue.php @@ -216,6 +216,7 @@ class mcp_queue  					'POST_IP'				=> $post_info['poster_ip'],  					'POST_IPADDR'			=> ($auth->acl_get('m_info', $post_info['forum_id']) && request_var('lookup', '')) ? @gethostbyaddr($post_info['poster_ip']) : '',  					'POST_ID'				=> $post_info['post_id'], +					'S_FIRST_POST'			=> ($post_info['topic_first_post_id'] == $post_id),  					'U_LOOKUP_IP'			=> ($auth->acl_get('m_info', $post_info['forum_id'])) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&mode=approve_details&f=' . $post_info['forum_id'] . '&p=' . $post_id . '&lookup=' . $post_info['poster_ip']) . '#ip' : '',  				)); @@ -778,6 +779,8 @@ function disapprove_post($post_id_list, $id, $mode)  		if (!$row || (!$reason && strtolower($row['reason_title']) == 'other'))  		{  			$additional_msg = $user->lang['NO_REASON_DISAPPROVAL']; +			unset($_REQUEST['confirm_key']); +			unset($_POST['confirm_key']);  			unset($_POST['confirm']);  		}  		else diff --git a/phpBB/includes/mcp/mcp_reports.php b/phpBB/includes/mcp/mcp_reports.php index 39d9fbd4af..def5422be2 100644 --- a/phpBB/includes/mcp/mcp_reports.php +++ b/phpBB/includes/mcp/mcp_reports.php @@ -148,6 +148,7 @@ class mcp_reports  				$message = bbcode_nl2br($message);  				$message = smiley_text($message); +				$report['report_text'] = make_clickable(bbcode_nl2br($report['report_text']));  				if ($post_info['post_attachment'] && $auth->acl_get('u_download') && $auth->acl_get('f_download', $post_info['forum_id']))  				{ diff --git a/phpBB/includes/mcp/mcp_topic.php b/phpBB/includes/mcp/mcp_topic.php index 76cd9beb92..7d4edaf362 100644 --- a/phpBB/includes/mcp/mcp_topic.php +++ b/phpBB/includes/mcp/mcp_topic.php @@ -50,6 +50,16 @@ function mcp_topic_view($id, $mode, $action)  	$submitted_id_list	= request_var('post_ids', array(0));  	$checked_ids = $post_id_list = request_var('post_id_list', array(0)); +	// Resync Topic? +	if ($action == 'resync') +	{ +		if (!function_exists('mcp_resync_topics')) +		{ +			include($phpbb_root_path . 'includes/mcp/mcp_forum.' . $phpEx); +		} +		mcp_resync_topics(array($topic_id)); +	} +  	// Split Topic?  	if ($action == 'split_all' || $action == 'split_beyond')  	{ @@ -239,8 +249,8 @@ function mcp_topic_view($id, $mode, $action)  			'MINI_POST_IMG'			=> ($post_unread) ? $user->img('icon_post_target_unread', 'UNREAD_POST') : $user->img('icon_post_target', 'POST'), -			'S_POST_REPORTED'	=> ($row['post_reported']) ? true : false, -			'S_POST_UNAPPROVED'	=> ($row['post_approved']) ? false : true, +			'S_POST_REPORTED'	=> ($row['post_reported'] && $auth->acl_get('m_report', $topic_info['forum_id'])), +			'S_POST_UNAPPROVED'	=> (!$row['post_approved'] && $auth->acl_get('m_approve', $topic_info['forum_id'])),  			'S_CHECKED'			=> (($submitted_id_list && !in_array(intval($row['post_id']), $submitted_id_list)) || in_array(intval($row['post_id']), $checked_ids)) ? true : false,  			'S_HAS_ATTACHMENTS'	=> (!empty($attachments[$row['post_id']])) ? true : false, @@ -320,6 +330,7 @@ function mcp_topic_view($id, $mode, $action)  		'S_CAN_APPROVE'		=> ($has_unapproved_posts && $auth->acl_get('m_approve', $topic_info['forum_id'])) ? true : false,  		'S_CAN_LOCK'		=> ($auth->acl_get('m_lock', $topic_info['forum_id'])) ? true : false,  		'S_CAN_REPORT'		=> ($auth->acl_get('m_report', $topic_info['forum_id'])) ? true : false, +		'S_CAN_SYNC'		=> $auth->acl_get('m_', $topic_info['forum_id']),  		'S_REPORT_VIEW'		=> ($action == 'reports') ? true : false,  		'S_MERGE_VIEW'		=> ($action == 'merge') ? true : false,  		'S_SPLIT_VIEW'		=> ($action == 'split') ? true : false, diff --git a/phpBB/includes/mcp/mcp_warn.php b/phpBB/includes/mcp/mcp_warn.php index 63e5b19155..1016204ff8 100644 --- a/phpBB/includes/mcp/mcp_warn.php +++ b/phpBB/includes/mcp/mcp_warn.php @@ -308,7 +308,7 @@ class mcp_warn  			include($phpbb_root_path . 'includes/functions_display.' . $phpEx);  		} -		$rank_title = $rank_img = ''; +		get_user_rank($user_row['user_rank'], $user_row['user_posts'], $rank_title, $rank_img, $rank_img_src);  		$avatar_img = get_user_avatar($user_row['user_avatar'], $user_row['user_avatar_type'], $user_row['user_avatar_width'], $user_row['user_avatar_height']);  		$template->assign_vars(array( @@ -413,7 +413,7 @@ class mcp_warn  			include($phpbb_root_path . 'includes/functions_display.' . $phpEx);  		} -		$rank_title = $rank_img = ''; +		get_user_rank($user_row['user_rank'], $user_row['user_posts'], $rank_title, $rank_img, $rank_img_src);  		$avatar_img = get_user_avatar($user_row['user_avatar'], $user_row['user_avatar_type'], $user_row['user_avatar_width'], $user_row['user_avatar_height']);  		// OK, they didn't submit a warning so lets build the page for them to do so diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index b2d0b6c566..a134fab5d3 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -102,27 +102,29 @@ class bbcode_firstpass extends bbcode  	/**  	* Init bbcode data for later parsing  	*/ -	function bbcode_init() +	function bbcode_init($allow_custom_bbcode = true)  	{  		static $rowset;  		// This array holds all bbcode data. BBCodes will be processed in this  		// order, so it is important to keep [code] in first position and  		// [quote] in second position. +		// To parse multiline URL we enable dotall option setting only for URL text +		// but not for link itself, thus [url][/url] is not affected.  		$this->bbcodes = array( -			'code'			=> array('bbcode_id' => 8,	'regexp' => array('#\[code(?:=([a-z]+))?\](.+\[/code\])#ise' => "\$this->bbcode_code('\$1', '\$2')")), -			'quote'			=> array('bbcode_id' => 0,	'regexp' => array('#\[quote(?:="(.*?)")?\](.+)\[/quote\]#ise' => "\$this->bbcode_quote('\$0')")), -			'attachment'	=> array('bbcode_id' => 12,	'regexp' => array('#\[attachment=([0-9]+)\](.*?)\[/attachment\]#ise' => "\$this->bbcode_attachment('\$1', '\$2')")), -			'b'				=> array('bbcode_id' => 1,	'regexp' => array('#\[b\](.*?)\[/b\]#ise' => "\$this->bbcode_strong('\$1')")), -			'i'				=> array('bbcode_id' => 2,	'regexp' => array('#\[i\](.*?)\[/i\]#ise' => "\$this->bbcode_italic('\$1')")), -			'url'			=> array('bbcode_id' => 3,	'regexp' => array('#\[url(=(.*))?\](.*)\[/url\]#iUe' => "\$this->validate_url('\$2', '\$3')")), -			'img'			=> array('bbcode_id' => 4,	'regexp' => array('#\[img\](.*)\[/img\]#iUe' => "\$this->bbcode_img('\$1')")), -			'size'			=> array('bbcode_id' => 5,	'regexp' => array('#\[size=([\-\+]?\d+)\](.*?)\[/size\]#ise' => "\$this->bbcode_size('\$1', '\$2')")), -			'color'			=> array('bbcode_id' => 6,	'regexp' => array('!\[color=(#[0-9a-f]{3}|#[0-9a-f]{6}|[a-z\-]+)\](.*?)\[/color\]!ise' => "\$this->bbcode_color('\$1', '\$2')")), -			'u'				=> array('bbcode_id' => 7,	'regexp' => array('#\[u\](.*?)\[/u\]#ise' => "\$this->bbcode_underline('\$1')")), -			'list'			=> array('bbcode_id' => 9,	'regexp' => array('#\[list(?:=(?:[a-z0-9]|disc|circle|square))?].*\[/list]#ise' => "\$this->bbcode_parse_list('\$0')")), -			'email'			=> array('bbcode_id' => 10,	'regexp' => array('#\[email=?(.*?)?\](.*?)\[/email\]#ise' => "\$this->validate_email('\$1', '\$2')")), -			'flash'			=> array('bbcode_id' => 11,	'regexp' => array('#\[flash=([0-9]+),([0-9]+)\](.*?)\[/flash\]#ie' => "\$this->bbcode_flash('\$1', '\$2', '\$3')")) +			'code'			=> array('bbcode_id' => 8,	'regexp' => array('#\[code(?:=([a-z]+))?\](.+\[/code\])#uise' => "\$this->bbcode_code('\$1', '\$2')")), +			'quote'			=> array('bbcode_id' => 0,	'regexp' => array('#\[quote(?:="(.*?)")?\](.+)\[/quote\]#uise' => "\$this->bbcode_quote('\$0')")), +			'attachment'	=> array('bbcode_id' => 12,	'regexp' => array('#\[attachment=([0-9]+)\](.*?)\[/attachment\]#uise' => "\$this->bbcode_attachment('\$1', '\$2')")), +			'b'				=> array('bbcode_id' => 1,	'regexp' => array('#\[b\](.*?)\[/b\]#uise' => "\$this->bbcode_strong('\$1')")), +			'i'				=> array('bbcode_id' => 2,	'regexp' => array('#\[i\](.*?)\[/i\]#uise' => "\$this->bbcode_italic('\$1')")), +			'url'			=> array('bbcode_id' => 3,	'regexp' => array('#\[url(=(.*))?\](?(1)((?s).*(?-s))|(.*))\[/url\]#uiUe' => "\$this->validate_url('\$2', ('\$3') ? '\$3' : '\$4')")), +			'img'			=> array('bbcode_id' => 4,	'regexp' => array('#\[img\](.*)\[/img\]#uiUe' => "\$this->bbcode_img('\$1')")), +			'size'			=> array('bbcode_id' => 5,	'regexp' => array('#\[size=([\-\+]?\d+)\](.*?)\[/size\]#uise' => "\$this->bbcode_size('\$1', '\$2')")), +			'color'			=> array('bbcode_id' => 6,	'regexp' => array('!\[color=(#[0-9a-f]{3}|#[0-9a-f]{6}|[a-z\-]+)\](.*?)\[/color\]!uise' => "\$this->bbcode_color('\$1', '\$2')")), +			'u'				=> array('bbcode_id' => 7,	'regexp' => array('#\[u\](.*?)\[/u\]#uise' => "\$this->bbcode_underline('\$1')")), +			'list'			=> array('bbcode_id' => 9,	'regexp' => array('#\[list(?:=(?:[a-z0-9]|disc|circle|square))?].*\[/list]#uise' => "\$this->bbcode_parse_list('\$0')")), +			'email'			=> array('bbcode_id' => 10,	'regexp' => array('#\[email=?(.*?)?\](.*?)\[/email\]#uise' => "\$this->validate_email('\$1', '\$2')")), +			'flash'			=> array('bbcode_id' => 11,	'regexp' => array('#\[flash=([0-9]+),([0-9]+)\](.*?)\[/flash\]#uie' => "\$this->bbcode_flash('\$1', '\$2', '\$3')"))  		);  		// Zero the parsed items array @@ -133,6 +135,11 @@ class bbcode_firstpass extends bbcode  			$this->parsed_items[$tag] = 0;  		} +		if (!$allow_custom_bbcode) +		{ +			return; +		} +  		if (!is_array($rowset))  		{  			global $db; @@ -1332,7 +1339,9 @@ class parse_message extends bbcode_firstpass  		{  			if ($max_smilies)  			{ -				$num_matches = preg_match_all('#(?<=^|[\n .])(?:' . implode('|', $match) . ')(?![^<>]*>)#', $this->message, $matches); +				// 'u' modifier has been added to correctly parse smilies within unicode strings +				// For details: http://tracker.phpbb.com/browse/PHPBB3-10117 +				$num_matches = preg_match_all('#(?<=^|[\n .])(?:' . implode('|', $match) . ')(?![^<>]*>)#u', $this->message, $matches);  				unset($matches);  				if ($num_matches !== false && $num_matches > $max_smilies) @@ -1343,7 +1352,10 @@ class parse_message extends bbcode_firstpass  			}  			// Make sure the delimiter # is added in front and at the end of every element within $match -			$this->message = trim(preg_replace(explode(chr(0), '#(?<=^|[\n .])' . implode('(?![^<>]*>)#' . chr(0) . '#(?<=^|[\n .])', $match) . '(?![^<>]*>)#'), $replace, $this->message)); +			// 'u' modifier has been added to correctly parse smilies within unicode strings +			// For details: http://tracker.phpbb.com/browse/PHPBB3-10117 + +			$this->message = trim(preg_replace(explode(chr(0), '#(?<=^|[\n .])' . implode('(?![^<>]*>)#u' . chr(0) . '#(?<=^|[\n .])', $match) . '(?![^<>]*>)#u'), $replace, $this->message));  		}  	} diff --git a/phpBB/includes/search/fulltext_mysql.php b/phpBB/includes/search/fulltext_mysql.php index 29cdd8ee9a..779ec1d216 100644 --- a/phpBB/includes/search/fulltext_mysql.php +++ b/phpBB/includes/search/fulltext_mysql.php @@ -707,7 +707,7 @@ class fulltext_mysql extends search_backend  	*/  	function index_remove($post_ids, $author_ids, $forum_ids)  	{ -		$this->destroy_cache(array(), $author_ids); +		$this->destroy_cache(array(), array_unique($author_ids));  	}  	/** @@ -896,11 +896,7 @@ class fulltext_mysql extends search_backend  		}  		$db->sql_freeresult($result); -		$sql = 'SELECT COUNT(post_id) as total_posts -			FROM ' . POSTS_TABLE; -		$result = $db->sql_query($sql); -		$this->stats['total_posts'] = (int) $db->sql_fetchfield('total_posts'); -		$db->sql_freeresult($result); +		$this->stats['total_posts'] = empty($this->stats) ? 0 : $db->get_estimated_row_count(POSTS_TABLE);  	}  	/** diff --git a/phpBB/includes/search/fulltext_native.php b/phpBB/includes/search/fulltext_native.php index 727e3aaffb..dc961f3c8a 100644 --- a/phpBB/includes/search/fulltext_native.php +++ b/phpBB/includes/search/fulltext_native.php @@ -1334,7 +1334,7 @@ class fulltext_native extends search_backend  			$db->sql_query($sql);  		} -		$this->destroy_cache(array_unique($word_texts), $author_ids); +		$this->destroy_cache(array_unique($word_texts), array_unique($author_ids));  	}  	/** @@ -1461,17 +1461,8 @@ class fulltext_native extends search_backend  	{  		global $db; -		$sql = 'SELECT COUNT(*) as total_words -			FROM ' . SEARCH_WORDLIST_TABLE; -		$result = $db->sql_query($sql); -		$this->stats['total_words'] = (int) $db->sql_fetchfield('total_words'); -		$db->sql_freeresult($result); - -		$sql = 'SELECT COUNT(*) as total_matches -			FROM ' . SEARCH_WORDMATCH_TABLE; -		$result = $db->sql_query($sql); -		$this->stats['total_matches'] = (int) $db->sql_fetchfield('total_matches'); -		$db->sql_freeresult($result); +		$this->stats['total_words']		= $db->get_estimated_row_count(SEARCH_WORDLIST_TABLE); +		$this->stats['total_matches']	= $db->get_estimated_row_count(SEARCH_WORDMATCH_TABLE);  	}  	/** diff --git a/phpBB/includes/search/search.php b/phpBB/includes/search/search.php index 2f20d11495..df7c8a0892 100644 --- a/phpBB/includes/search/search.php +++ b/phpBB/includes/search/search.php @@ -295,7 +295,7 @@ class search_backend  			$sql_where = '';  			foreach ($authors as $author)  			{ -				$sql_where .= (($sql_where) ? ' OR ' : '') . 'search_authors LIKE \'% ' . (int) $author . ' %\''; +				$sql_where .= (($sql_where) ? ' OR ' : '') . 'search_authors ' . $db->sql_like_expression($db->any_char . ' ' . (int) $author . ' ' . $db->any_char);  			}  			$sql = 'SELECT search_key diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 5f5b39fe27..496c12a0d1 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -221,7 +221,7 @@ class session  		// if the forwarded for header shall be checked we have to validate its contents  		if ($config['forwarded_for_check'])  		{ -			$this->forwarded_for = preg_replace('#[ ]{2,}#', ' ', str_replace(array(',', ' '), ' ', $this->forwarded_for)); +			$this->forwarded_for = preg_replace('# {2,}#', ' ', str_replace(',', ' ', $this->forwarded_for));  			// split the list of IPs  			$ips = explode(' ', $this->forwarded_for); @@ -267,37 +267,42 @@ class session  		// Why no forwarded_for et al? Well, too easily spoofed. With the results of my recent requests  		// it's pretty clear that in the majority of cases you'll at least be left with a proxy/cache ip. -		$this->ip = (!empty($_SERVER['REMOTE_ADDR'])) ? htmlspecialchars((string) $_SERVER['REMOTE_ADDR']) : ''; -		$this->ip = preg_replace('#[ ]{2,}#', ' ', str_replace(array(',', ' '), ' ', $this->ip)); +		$this->ip = (!empty($_SERVER['REMOTE_ADDR'])) ? (string) $_SERVER['REMOTE_ADDR'] : ''; +		$this->ip = preg_replace('# {2,}#', ' ', str_replace(',', ' ', $this->ip));  		// split the list of IPs -		$ips = explode(' ', $this->ip); +		$ips = explode(' ', trim($this->ip));  		// Default IP if REMOTE_ADDR is invalid  		$this->ip = '127.0.0.1';  		foreach ($ips as $ip)  		{ -			// check IPv4 first, the IPv6 is hopefully only going to be used very seldomly -			if (!empty($ip) && !preg_match(get_preg_expression('ipv4'), $ip) && !preg_match(get_preg_expression('ipv6'), $ip)) +			if (preg_match(get_preg_expression('ipv4'), $ip))  			{ -				// Just break -				break; +				$this->ip = $ip;  			} - -			// Quick check for IPv4-mapped address in IPv6 -			if (stripos($ip, '::ffff:') === 0) +			else if (preg_match(get_preg_expression('ipv6'), $ip))  			{ -				$ipv4 = substr($ip, 7); - -				if (preg_match(get_preg_expression('ipv4'), $ipv4)) +				// Quick check for IPv4-mapped address in IPv6 +				if (stripos($ip, '::ffff:') === 0)  				{ -					$ip = $ipv4; +					$ipv4 = substr($ip, 7); + +					if (preg_match(get_preg_expression('ipv4'), $ipv4)) +					{ +						$ip = $ipv4; +					}  				} -			} -			// Use the last in chain -			$this->ip = $ip; +				$this->ip = $ip; +			} +			else +			{ +				// We want to use the last valid address in the chain +				// Leave foreach loop when address is invalid +				break; +			}  		}  		$this->load = false; @@ -317,8 +322,15 @@ class session  			}  		} -		// Is session_id is set or session_id is set and matches the url param if required -		if (!empty($this->session_id) && (!defined('NEED_SID') || (isset($_GET['sid']) && $this->session_id === $_GET['sid']))) +		// if no session id is set, redirect to index.php +		if (defined('NEED_SID') && (!isset($_GET['sid']) || $this->session_id !== $_GET['sid'])) +		{ +			send_status_line(401, 'Not authorized'); +			redirect(append_sid("{$phpbb_root_path}index.$phpEx")); +		} + +		// if session id is set +		if (!empty($this->session_id))  		{  			$sql = 'SELECT u.*, s.*  				FROM ' . SESSIONS_TABLE . ' s, ' . USERS_TABLE . " u @@ -583,6 +595,14 @@ class session  			$bot = false;  		} +		// Bot user, if they have a SID in the Request URI we need to get rid of it +		// otherwise they'll index this page with the SID, duplicate content oh my! +		if ($bot && isset($_GET['sid'])) +		{ +			send_status_line(301, 'Moved Permanently'); +			redirect(build_url(array('sid'))); +		} +  		// If no data was returned one or more of the following occurred:  		// Key didn't match one in the DB  		// User does not exist @@ -619,12 +639,6 @@ class session  		}  		else  		{ -			// Bot user, if they have a SID in the Request URI we need to get rid of it -			// otherwise they'll index this page with the SID, duplicate content oh my! -			if (isset($_GET['sid'])) -			{ -				redirect(build_url(array('sid'))); -			}  			$this->data['session_last_visit'] = $this->time_now;  		} @@ -999,6 +1013,10 @@ class session  				include($phpbb_root_path . "includes/captcha/captcha_factory." . $phpEx);  			}  			phpbb_captcha_factory::garbage_collect($config['captcha_plugin']); + +			$sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . ' +				WHERE attempt_time < ' . (time() - (int) $config['ip_login_limit_time']); +			$db->sql_query($sql);  		}  		return; @@ -1237,6 +1255,12 @@ class session  			$ip = $this->ip;  		} +		// Neither Spamhaus nor Spamcop supports IPv6 addresses. +		if (strpos($ip, ':') !== false) +		{ +			return false; +		} +  		$dnsbl_check = array(  			'sbl.spamhaus.org'	=> 'http://www.spamhaus.org/query/bl?ip=',  		); @@ -1490,7 +1514,6 @@ class user extends session  	// Able to add new options (up to id 31)  	var $keyoptions = array('viewimg' => 0, 'viewflash' => 1, 'viewsmilies' => 2, 'viewsigs' => 3, 'viewavatars' => 4, 'viewcensors' => 5, 'attachsig' => 6, 'bbcode' => 8, 'smilies' => 9, 'popuppm' => 10, 'sig_bbcode' => 15, 'sig_smilies' => 16, 'sig_links' => 17); -	var $keyvalues = array();  	/**  	* Constructor to set the lang path @@ -1966,6 +1989,7 @@ class user extends session  					$key_found = $num;  				} +				break;  			}  		} @@ -2254,9 +2278,44 @@ class user extends session  			// Use URL if told so  			$root_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? generate_board_url() . '/' : $phpbb_root_path; -			$img_data['src'] = $root_path . 'styles/' . rawurlencode($this->theme['imageset_path']) . '/imageset/' . ($this->img_array[$img]['image_lang'] ? $this->img_array[$img]['image_lang'] .'/' : '') . $this->img_array[$img]['image_filename']; +			$path = 'styles/' . rawurlencode($this->theme['imageset_path']) . '/imageset/' . ($this->img_array[$img]['image_lang'] ? $this->img_array[$img]['image_lang'] .'/' : '') . $this->img_array[$img]['image_filename']; + +			$img_data['src'] = $root_path . $path;  			$img_data['width'] = $this->img_array[$img]['image_width'];  			$img_data['height'] = $this->img_array[$img]['image_height']; + +			// We overwrite the width and height to the phpbb logo's width +			// and height here if the contents of the site_logo file are +			// really equal to the phpbb_logo +			// This allows us to change the dimensions of the phpbb_logo without +			// modifying the imageset.cfg and causing a conflict for everyone +			// who modified it for their custom logo on updating +			if ($img == 'site_logo' && file_exists($phpbb_root_path . $path)) +			{ +				global $cache; + +				$img_file_hashes = $cache->get('imageset_site_logo_md5'); + +				if ($img_file_hashes === false) +				{ +					$img_file_hashes = array(); +				} + +				$key = $this->theme['imageset_path'] . '::' . $this->img_array[$img]['image_lang']; +				if (!isset($img_file_hashes[$key])) +				{ +					$img_file_hashes[$key] = md5(file_get_contents($phpbb_root_path . $path)); +					$cache->put('imageset_site_logo_md5', $img_file_hashes); +				} + +				$phpbb_logo_hash = '0c461a32cd3621643105f0d02a772c10'; + +				if ($phpbb_logo_hash == $img_file_hashes[$key]) +				{ +					$img_data['width'] = '149'; +					$img_data['height'] = '52'; +				} +			}  		}  		$alt = (!empty($this->lang[$alt])) ? $this->lang[$alt] : $alt; @@ -2284,47 +2343,51 @@ class user extends session  	}  	/** -	* Get option bit field from user options +	* Get option bit field from user options. +	* +	* @param int $key option key, as defined in $keyoptions property. +	* @param int $data bit field value to use, or false to use $this->data['user_options'] +	* @return bool true if the option is set in the bit field, false otherwise  	*/  	function optionget($key, $data = false)  	{ -		if (!isset($this->keyvalues[$key])) -		{ -			$var = ($data) ? $data : $this->data['user_options']; -			$this->keyvalues[$key] = ($var & 1 << $this->keyoptions[$key]) ? true : false; -		} - -		return $this->keyvalues[$key]; +		$var = ($data !== false) ? $data : $this->data['user_options']; +		return phpbb_optionget($this->keyoptions[$key], $var);  	}  	/** -	* Set option bit field for user options +	* Set option bit field for user options. +	* +	* @param int $key Option key, as defined in $keyoptions property. +	* @param bool $value True to set the option, false to clear the option. +	* @param int $data Current bit field value, or false to use $this->data['user_options'] +	* @return int|bool If $data is false, the bit field is modified and +	*                  written back to $this->data['user_options'], and +	*                  return value is true if the bit field changed and +	*                  false otherwise. If $data is not false, the new +	*                  bitfield value is returned.  	*/  	function optionset($key, $value, $data = false)  	{ -		$var = ($data) ? $data : $this->data['user_options']; +		$var = ($data !== false) ? $data : $this->data['user_options']; -		if ($value && !($var & 1 << $this->keyoptions[$key])) -		{ -			$var += 1 << $this->keyoptions[$key]; -		} -		else if (!$value && ($var & 1 << $this->keyoptions[$key])) -		{ -			$var -= 1 << $this->keyoptions[$key]; -		} -		else -		{ -			return ($data) ? $var : false; -		} +		$new_var = phpbb_optionset($this->keyoptions[$key], $value, $var); -		if (!$data) +		if ($data === false)  		{ -			$this->data['user_options'] = $var; -			return true; +			if ($new_var != $var) +			{ +				$this->data['user_options'] = $new_var; +				return true; +			} +			else +			{ +				return false; +			}  		}  		else  		{ -			return $var; +			return $new_var;  		}  	} @@ -2357,6 +2420,39 @@ class user extends session  		return true;  	} + +	/** +	* Returns all password protected forum ids the user is currently NOT authenticated for. +	* +	* @return array		Array of forum ids +	* @access public +	*/ +	function get_passworded_forums() +	{ +		global $db; + +		$sql = 'SELECT f.forum_id, fa.user_id +			FROM ' . FORUMS_TABLE . ' f +			LEFT JOIN ' . FORUMS_ACCESS_TABLE . " fa +				ON (fa.forum_id = f.forum_id +					AND fa.session_id = '" . $db->sql_escape($this->session_id) . "') +			WHERE f.forum_password <> ''"; +		$result = $db->sql_query($sql); + +		$forum_ids = array(); +		while ($row = $db->sql_fetchrow($result)) +		{ +			$forum_id = (int) $row['forum_id']; + +			if ($row['user_id'] != $this->data['user_id']) +			{ +				$forum_ids[$forum_id] = $forum_id; +			} +		} +		$db->sql_freeresult($result); + +		return $forum_ids; +	}  }  ?>
\ No newline at end of file diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php new file mode 100644 index 0000000000..cf216a65db --- /dev/null +++ b/phpBB/includes/startup.php @@ -0,0 +1,166 @@ +<?php +/** +* +* @package phpBB3 +* @copyright (c) 2011 phpBB Group +* @license http://opensource.org/licenses/gpl-license.php GNU Public License +* +*/ + +/** +*/ +if (!defined('IN_PHPBB')) +{ +	exit; +} + +// Report all errors, except notices and deprecation messages +if (!defined('E_DEPRECATED')) +{ +	define('E_DEPRECATED', 8192); +} +$level = E_ALL & ~E_NOTICE & ~E_DEPRECATED; +if (version_compare(PHP_VERSION, '5.4.0-dev', '>=')) +{ +	// PHP 5.4 adds E_STRICT to E_ALL. +	// Our utf8 normalizer triggers E_STRICT output on PHP 5.4. +	// Unfortunately it cannot be made E_STRICT-clean while +	// continuing to work on PHP 4. +	// Therefore, in phpBB 3.0.x we disable E_STRICT on PHP 5.4+, +	// while phpBB 3.1 will fix utf8 normalizer. +	// E_STRICT is defined starting with PHP 5 +	if (!defined('E_STRICT')) +	{ +		define('E_STRICT', 2048); +	} +	$level &= ~E_STRICT; +} +error_reporting($level); + +/* +* Remove variables created by register_globals from the global scope +* Thanks to Matt Kavanagh +*/ +function deregister_globals() +{ +	$not_unset = array( +		'GLOBALS'	=> true, +		'_GET'		=> true, +		'_POST'		=> true, +		'_COOKIE'	=> true, +		'_REQUEST'	=> true, +		'_SERVER'	=> true, +		'_SESSION'	=> true, +		'_ENV'		=> true, +		'_FILES'	=> true, +		'phpEx'		=> true, +		'phpbb_root_path'	=> true +	); + +	// Not only will array_merge and array_keys give a warning if +	// a parameter is not an array, array_merge will actually fail. +	// So we check if _SESSION has been initialised. +	if (!isset($_SESSION) || !is_array($_SESSION)) +	{ +		$_SESSION = array(); +	} + +	// Merge all into one extremely huge array; unset this later +	$input = array_merge( +		array_keys($_GET), +		array_keys($_POST), +		array_keys($_COOKIE), +		array_keys($_SERVER), +		array_keys($_SESSION), +		array_keys($_ENV), +		array_keys($_FILES) +	); + +	foreach ($input as $varname) +	{ +		if (isset($not_unset[$varname])) +		{ +			// Hacking attempt. No point in continuing unless it's a COOKIE (so a cookie called GLOBALS doesn't lock users out completely) +			if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS'])) +			{ +				exit; +			} +			else +			{ +				$cookie = &$_COOKIE; +				while (isset($cookie['GLOBALS'])) +				{ +					if (!is_array($cookie['GLOBALS'])) +					{ +						break; +					} + +					foreach ($cookie['GLOBALS'] as $registered_var => $value) +					{ +						if (!isset($not_unset[$registered_var])) +						{ +							unset($GLOBALS[$registered_var]); +						} +					} +					$cookie = &$cookie['GLOBALS']; +				} +			} +		} + +		unset($GLOBALS[$varname]); +	} + +	unset($input); +} + +// Register globals and magic quotes have been dropped in PHP 5.4 +if (version_compare(PHP_VERSION, '5.4.0-dev', '>=')) +{ +	/** +	* @ignore +	*/ +	define('STRIP', false); +} +else +{ +	@set_magic_quotes_runtime(0); + +	// Be paranoid with passed vars +	if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on' || !function_exists('ini_get')) +	{ +		deregister_globals(); +	} + +	define('STRIP', (get_magic_quotes_gpc()) ? true : false); +} + +// Prevent date/time functions from throwing E_WARNING on PHP 5.3 by setting a default timezone +if (function_exists('date_default_timezone_set') && function_exists('date_default_timezone_get')) +{ +	// For PHP 5.1.0 the date/time functions have been rewritten +	// and setting a timezone is required prior to calling any date/time function. + +	// Since PHP 5.2.0 calls to date/time functions without having a timezone set +	// result in E_STRICT errors being thrown. +	// Note: We already exclude E_STRICT errors +	// (to be exact: they are not included in E_ALL in PHP 5.2) + +	// In PHP 5.3.0 the error level has been raised to E_WARNING which causes problems +	// because we show E_WARNING errors and do not set a default timezone. +	// This is because we have our own timezone handling and work in UTC only anyway. + +	// So what we basically want to do is set our timezone to UTC, +	// but we don't know what other scripts (such as bridges) are involved, +	// so we check whether a timezone is already set by calling date_default_timezone_get(). + +	// Unfortunately, date_default_timezone_get() itself might throw E_WARNING +	// if no timezone has been set, so we have to keep it quiet with @. + +	// date_default_timezone_get() tries to guess the correct timezone first +	// and then falls back to UTC when everything fails. +	// We just set the timezone to whatever date_default_timezone_get() returns. +	date_default_timezone_set(@date_default_timezone_get()); +} + +$starttime = explode(' ', microtime()); +$starttime = $starttime[1] + $starttime[0]; diff --git a/phpBB/includes/template.php b/phpBB/includes/template.php index f1c8094a9b..9ac395344f 100644 --- a/phpBB/includes/template.php +++ b/phpBB/includes/template.php @@ -205,7 +205,7 @@ class template  	{  		global $user, $phpbb_hook; -		if (!empty($phpbb_hook) && $phpbb_hook->call_hook(array(__CLASS__, __FUNCTION__), $handle, $include_once)) +		if (!empty($phpbb_hook) && $phpbb_hook->call_hook(array(__CLASS__, __FUNCTION__), $handle, $include_once, $this))  		{  			if ($phpbb_hook->hook_return(array(__CLASS__, __FUNCTION__)))  			{ @@ -276,7 +276,7 @@ class template  		$this->files_template[$handle] = (isset($user->theme['template_id'])) ? $user->theme['template_id'] : 0;  		$recompile = false; -		if (!file_exists($filename) || @filesize($filename) === 0) +		if (!file_exists($filename) || @filesize($filename) === 0 || defined('DEBUG_EXTRA'))  		{  			$recompile = true;  		} diff --git a/phpBB/includes/ucp/ucp_activate.php b/phpBB/includes/ucp/ucp_activate.php index 8debaabf31..82c1937919 100644 --- a/phpBB/includes/ucp/ucp_activate.php +++ b/phpBB/includes/ucp/ucp_activate.php @@ -98,6 +98,13 @@ class ucp_activate  				SET user_actkey = ''  				WHERE user_id = {$user_row['user_id']}";  			$db->sql_query($sql); + +			// Create the correct logs +			add_log('user', $user_row['user_id'], 'LOG_USER_ACTIVE_USER'); +			if ($auth->acl_get('a_user')) +			{ +				add_log('admin', 'LOG_USER_ACTIVE', $user_row['username']); +			}  		}  		if ($config['require_activation'] == USER_ACTIVATION_ADMIN && !$update_password) @@ -110,10 +117,7 @@ class ucp_activate  			$messenger->to($user_row['user_email'], $user_row['username']); -			$messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']); -			$messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']); -			$messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']); -			$messenger->headers('X-AntiAbuse: User IP - ' . $user->ip); +			$messenger->anti_abuse_headers($config, $user);  			$messenger->assign_vars(array(  				'USERNAME'	=> htmlspecialchars_decode($user_row['username'])) diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php index 1c055a4823..d62dbb1866 100644 --- a/phpBB/includes/ucp/ucp_groups.php +++ b/phpBB/includes/ucp/ucp_groups.php @@ -193,47 +193,43 @@ class ucp_groups  								if ($group_row[$group_id]['group_type'] == GROUP_FREE)  								{  									group_user_add($group_id, $user->data['user_id']); - -									$email_template = 'group_added';  								}  								else  								{  									group_user_add($group_id, $user->data['user_id'], false, false, false, 0, 1); -									$email_template = 'group_request'; -								} +									include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); +									$messenger = new messenger(); -								include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); -								$messenger = new messenger(); +									$sql = 'SELECT u.username, u.username_clean, u.user_email, u.user_notify_type, u.user_jabber, u.user_lang +										FROM ' . USER_GROUP_TABLE . ' ug, ' . USERS_TABLE . " u +										WHERE ug.user_id = u.user_id +											AND ug.group_leader = 1 +											AND ug.group_id = $group_id"; +									$result = $db->sql_query($sql); -								$sql = 'SELECT u.username, u.username_clean, u.user_email, u.user_notify_type, u.user_jabber, u.user_lang -									FROM ' . USER_GROUP_TABLE . ' ug, ' . USERS_TABLE . ' u -									WHERE ug.user_id = u.user_id -										AND ' . (($group_row[$group_id]['group_type'] == GROUP_FREE) ? "ug.user_id = {$user->data['user_id']}" : 'ug.group_leader = 1') . " -										AND ug.group_id = $group_id"; -								$result = $db->sql_query($sql); +									while ($row = $db->sql_fetchrow($result)) +									{ +										$messenger->template('group_request', $row['user_lang']); -								while ($row = $db->sql_fetchrow($result)) -								{ -									$messenger->template($email_template, $row['user_lang']); +										$messenger->to($row['user_email'], $row['username']); +										$messenger->im($row['user_jabber'], $row['username']); -									$messenger->to($row['user_email'], $row['username']); -									$messenger->im($row['user_jabber'], $row['username']); +										$messenger->assign_vars(array( +											'USERNAME'			=> htmlspecialchars_decode($row['username']), +											'GROUP_NAME'		=> htmlspecialchars_decode($group_row[$group_id]['group_name']), +											'REQUEST_USERNAME'	=> $user->data['username'], -									$messenger->assign_vars(array( -										'USERNAME'			=> htmlspecialchars_decode($row['username']), -										'GROUP_NAME'		=> htmlspecialchars_decode($group_row[$group_id]['group_name']), -										'REQUEST_USERNAME'	=> $user->data['username'], +											'U_PENDING'		=> generate_board_url() . "/ucp.$phpEx?i=groups&mode=manage&action=list&g=$group_id", +											'U_GROUP'		=> generate_board_url() . "/memberlist.$phpEx?mode=group&g=$group_id") +										); -										'U_PENDING'		=> generate_board_url() . "/ucp.$phpEx?i=groups&mode=manage&action=list&g=$group_id", -										'U_GROUP'		=> generate_board_url() . "/memberlist.$phpEx?mode=group&g=$group_id") -									); +										$messenger->send($row['user_notify_type']); +									} +									$db->sql_freeresult($result); -									$messenger->send($row['user_notify_type']); +									$messenger->save_queue();  								} -								$db->sql_freeresult($result); - -								$messenger->save_queue();  								add_log('user', $user->data['user_id'], 'LOG_USER_GROUP_JOIN' . (($group_row[$group_id]['group_type'] == GROUP_FREE) ? '' : '_PENDING'), $group_row[$group_id]['group_name']); diff --git a/phpBB/includes/ucp/ucp_pm.php b/phpBB/includes/ucp/ucp_pm.php index e1c51170db..447b6ebe87 100644 --- a/phpBB/includes/ucp/ucp_pm.php +++ b/phpBB/includes/ucp/ucp_pm.php @@ -115,7 +115,7 @@ class ucp_pm  			case 'compose':  				$action = request_var('action', 'post'); -				get_folder($user->data['user_id']); +				$user_folders = get_folder($user->data['user_id']);  				if (!$auth->acl_get('u_sendpm'))  				{ @@ -130,7 +130,7 @@ class ucp_pm  				}  				include($phpbb_root_path . 'includes/ucp/ucp_pm_compose.' . $phpEx); -				compose_pm($id, $mode, $action); +				compose_pm($id, $mode, $action, $user_folders);  				$tpl_file = 'posting_body';  			break; @@ -243,7 +243,7 @@ class ucp_pm  				$num_not_moved = $num_removed = 0;  				$release = request_var('release', 0); -				if ($user->data['user_new_privmsg'] && $action == 'view_folder') +				if ($user->data['user_new_privmsg'] && ($action == 'view_folder' || $action == 'view_message'))  				{  					$return = place_pm_into_folder($global_privmsgs_rules, $release);  					$num_not_moved = $return['not_moved']; diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index b596e72c41..05243e3d7a 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -20,7 +20,7 @@ if (!defined('IN_PHPBB'))  * Compose private message  * Called from ucp_pm with mode == 'compose'  */ -function compose_pm($id, $mode, $action) +function compose_pm($id, $mode, $action, $user_folders = array())  {  	global $template, $db, $auth, $user;  	global $phpbb_root_path, $phpEx, $config; @@ -135,6 +135,7 @@ function compose_pm($id, $mode, $action)  	}  	$sql = ''; +	$folder_id = 0;  	// What is all this following SQL for? Well, we need to know  	// some basic information in all cases before we do anything. @@ -398,7 +399,7 @@ function compose_pm($id, $mode, $action)  	unset($message_text);  	$s_action = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=$id&mode=$mode&action=$action", true, $user->session_id); -	$s_action .= ($msg_id) ? "&p=$msg_id" : ''; +	$s_action .= (($folder_id) ? "&f=$folder_id" : '') . (($msg_id) ? "&p=$msg_id" : '');  	// Delete triggered ?  	if ($action == 'delete') @@ -741,10 +742,30 @@ function compose_pm($id, $mode, $action)  			$msg_id = submit_pm($action, $subject, $pm_data);  			$return_message_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&mode=view&p=' . $msg_id); -			$return_folder_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&folder=outbox'); -			meta_refresh(3, $return_message_url); +			$inbox_folder_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&folder=inbox'); +			$outbox_folder_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&folder=outbox'); + +			$folder_url = ''; +			if (($folder_id > 0) && isset($user_folders[$folder_id])) +			{ +				$folder_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&folder=' . $folder_id); +			} + +			$return_box_url = ($action === 'post' || $action === 'edit') ? $outbox_folder_url : $inbox_folder_url; +			$return_box_lang = ($action === 'post' || $action === 'edit') ? 'PM_OUTBOX' : 'PM_INBOX'; + -			$message = $user->lang['MESSAGE_STORED'] . '<br /><br />' . sprintf($user->lang['VIEW_PRIVATE_MESSAGE'], '<a href="' . $return_message_url . '">', '</a>') . '<br /><br />' . sprintf($user->lang['CLICK_RETURN_FOLDER'], '<a href="' . $return_folder_url . '">', '</a>', $user->lang['PM_OUTBOX']); +			$message = $user->lang['MESSAGE_STORED'] . '<br /><br />' . sprintf($user->lang['VIEW_PRIVATE_MESSAGE'], '<a href="' . $return_message_url . '">', '</a>'); + +			$last_click_type = 'CLICK_RETURN_FOLDER'; +			if ($folder_url) +			{ +				$message .= '<br /><br />' . sprintf($user->lang['CLICK_RETURN_FOLDER'], '<a href="' . $folder_url . '">', '</a>', $user_folders[$folder_id]['folder_name']); +				$last_click_type = 'CLICK_GOTO_FOLDER'; +			} +			$message .= '<br /><br />' . sprintf($user->lang[$last_click_type], '<a href="' . $return_box_url . '">', '</a>', $user->lang[$return_box_lang]); + +			meta_refresh(3, $return_message_url);  			trigger_error($message);  		} diff --git a/phpBB/includes/ucp/ucp_pm_viewfolder.php b/phpBB/includes/ucp/ucp_pm_viewfolder.php index 6b7172ca2b..bd7bf89854 100644 --- a/phpBB/includes/ucp/ucp_pm_viewfolder.php +++ b/phpBB/includes/ucp/ucp_pm_viewfolder.php @@ -169,6 +169,7 @@ function view_folder($id, $mode, $folder_id, $folder)  					'PM_IMG'			=> ($row_indicator) ? $user->img('pm_' . $row_indicator, '') : '',  					'ATTACH_ICON_IMG'	=> ($auth->acl_get('u_pm_download') && $row['message_attachment'] && $config['allow_pm_attach']) ? $user->img('icon_topic_attach', $user->lang['TOTAL_ATTACHMENTS']) : '', +					'S_PM_UNREAD'		=> ($row['pm_unread']) ? true : false,  					'S_PM_DELETED'		=> ($row['pm_deleted']) ? true : false,  					'S_PM_REPORTED'		=> (isset($row['report_id'])) ? true : false,  					'S_AUTHOR_DELETED'	=> ($row['author_id'] == ANONYMOUS) ? true : false, diff --git a/phpBB/includes/ucp/ucp_pm_viewmessage.php b/phpBB/includes/ucp/ucp_pm_viewmessage.php index 16700c490c..82a095dd9c 100644 --- a/phpBB/includes/ucp/ucp_pm_viewmessage.php +++ b/phpBB/includes/ucp/ucp_pm_viewmessage.php @@ -172,6 +172,8 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row)  	// Number of "to" recipients  	$num_recipients = (int) preg_match_all('/:?(u|g)_([0-9]+):?/', $message_row['to_address'], $match); +	$bbcode_status	= ($config['allow_bbcode'] && $config['auth_bbcode_pm'] && $auth->acl_get('u_pm_bbcode')) ? true : false; +  	$template->assign_vars(array(  		'MESSAGE_AUTHOR_FULL'		=> get_username_string('full', $author_id, $user_info['username'], $user_info['user_colour'], $user_info['username']),  		'MESSAGE_AUTHOR_COLOUR'		=> get_username_string('colour', $author_id, $user_info['username'], $user_info['user_colour'], $user_info['username']), @@ -206,7 +208,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row)  		'U_PM'			=> ($config['allow_privmsg'] && $auth->acl_get('u_sendpm') && ($user_info['user_allow_pm'] || $auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_'))) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&mode=compose&u=' . $author_id) : '',  		'U_WWW'			=> (!empty($user_info['user_website'])) ? $user_info['user_website'] : '', -		'U_ICQ'			=> ($user_info['user_icq']) ? 'http://www.icq.com/people/webmsg.php?to=' . urlencode($user_info['user_icq']) : '', +		'U_ICQ'			=> ($user_info['user_icq']) ? 'http://www.icq.com/people/' . urlencode($user_info['user_icq']) . '/' : '',  		'U_AIM'			=> ($user_info['user_aim'] && $auth->acl_get('u_sendim')) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=contact&action=aim&u=' . $author_id) : '',  		'U_YIM'			=> ($user_info['user_yim']) ? 'http://edit.yahoo.com/config/send_webmesg?.target=' . urlencode($user_info['user_yim']) . '&.src=pg' : '',  		'U_MSN'			=> ($user_info['user_msnm'] && $auth->acl_get('u_sendim')) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=contact&action=msnm&u=' . $author_id) : '', @@ -229,6 +231,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row)  		'S_AUTHOR_DELETED'	=> ($author_id == ANONYMOUS) ? true : false,  		'S_SPECIAL_FOLDER'	=> in_array($folder_id, array(PRIVMSGS_NO_BOX, PRIVMSGS_OUTBOX)),  		'S_PM_RECIPIENTS'	=> $num_recipients, +		'S_BBCODE_ALLOWED'	=> ($bbcode_status) ? 1 : 0,  		'U_PRINT_PM'		=> ($config['print_pm'] && $auth->acl_get('u_pm_printpm')) ? "$url&f=$folder_id&p=" . $message_row['msg_id'] . "&view=print" : '',  		'U_FORWARD_PM'		=> ($config['forward_pm'] && $auth->acl_get('u_sendpm') && $auth->acl_get('u_pm_forward')) ? "$url&mode=compose&action=forward&f=$folder_id&p=" . $message_row['msg_id'] : '') diff --git a/phpBB/includes/ucp/ucp_prefs.php b/phpBB/includes/ucp/ucp_prefs.php index cc8565e69d..17d7d23f02 100644 --- a/phpBB/includes/ucp/ucp_prefs.php +++ b/phpBB/includes/ucp/ucp_prefs.php @@ -61,11 +61,18 @@ class ucp_prefs  				if ($submit)  				{ -					$data['style'] = ($config['override_user_style']) ? $config['default_style'] : $data['style']; +					if ($config['override_user_style']) +					{ +						$data['style'] = (int) $config['default_style']; +					} +					else if (!phpbb_style_is_active($data['style'])) +					{ +						$data['style'] = (int) $user->data['user_style']; +					}  					$error = validate_data($data, array(  						'dateformat'	=> array('string', false, 1, 30), -						'lang'			=> array('match', false, '#^[a-z0-9_\-]{2,}$#i'), +						'lang'			=> array('language_iso_name'),  						'tz'			=> array('num', false, -14, 14),  					)); diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php index c099e3b3fa..d35d13b6c1 100644 --- a/phpBB/includes/ucp/ucp_profile.php +++ b/phpBB/includes/ucp/ucp_profile.php @@ -78,14 +78,14 @@ class ucp_profile  					$error = validate_data($data, $check_ary); -					if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && $data['password_confirm'] != $data['new_password']) +					if ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email'] && $data['email_confirm'] != $data['email'])  					{ -						$error[] = 'NEW_PASSWORD_ERROR'; +						$error[] = ($data['email_confirm']) ? 'NEW_EMAIL_ERROR' : 'NEW_EMAIL_CONFIRM_EMPTY';  					} -					if (($data['new_password'] || ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email']) || ($data['username'] != $user->data['username'] && $auth->acl_get('u_chgname') && $config['allow_namechange'])) && !phpbb_check_hash($data['cur_password'], $user->data['user_password'])) +					if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && $data['password_confirm'] != $data['new_password'])  					{ -						$error[] = 'CUR_PASSWORD_ERROR'; +						$error[] = ($data['password_confirm']) ? 'NEW_PASSWORD_ERROR' : 'NEW_PASSWORD_CONFIRM_EMPTY';  					}  					// Only check the new password against the previous password if there have been no errors @@ -94,9 +94,9 @@ class ucp_profile  						$error[] = 'SAME_PASSWORD_ERROR';  					} -					if ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email'] && $data['email_confirm'] != $data['email']) +					if (!phpbb_check_hash($data['cur_password'], $user->data['user_password']))  					{ -						$error[] = 'NEW_EMAIL_ERROR'; +						$error[] = ($data['cur_password']) ? 'CUR_PASSWORD_ERROR' : 'CUR_PASSWORD_EMPTY';  					}  					if (!check_form_key('ucp_reg_details')) @@ -150,10 +150,7 @@ class ucp_profile  							$messenger->to($data['email'], $data['username']); -							$messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']); -							$messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']); -							$messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']); -							$messenger->headers('X-AntiAbuse: User IP - ' . $user->ip); +							$messenger->anti_abuse_headers($config, $user);  							$messenger->assign_vars(array(  								'USERNAME'		=> htmlspecialchars_decode($data['username']), diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php index 7fd99da55a..6ad3a55589 100644 --- a/phpBB/includes/ucp/ucp_register.php +++ b/phpBB/includes/ucp/ucp_register.php @@ -56,7 +56,7 @@ class ucp_register  		{  			$use_lang = ($change_lang) ? basename($change_lang) : basename($user_lang); -			if (file_exists($user->lang_path . $use_lang . '/')) +			if (!validate_language_iso_name($use_lang))  			{  				if ($change_lang)  				{ @@ -155,8 +155,8 @@ class ucp_register  			$this->tpl_name = 'ucp_agreement';  			return;  		} -		 -		 + +  		// The CAPTCHA kicks in here. We can't help that the information gets lost on language change.   		if ($config['enable_confirm'])  		{ @@ -165,24 +165,8 @@ class ucp_register  			$captcha->init(CONFIRM_REG);  		} -		// Try to manually determine the timezone and adjust the dst if the server date/time complies with the default setting +/- 1 -		$timezone = date('Z') / 3600; -		$is_dst = date('I'); - -		if ($config['board_timezone'] == $timezone || $config['board_timezone'] == ($timezone - 1)) -		{ -			$timezone = ($is_dst) ? $timezone - 1 : $timezone; - -			if (!isset($user->lang['tz_zones'][(string) $timezone])) -			{ -				$timezone = $config['board_timezone']; -			} -		} -		else -		{ -			$is_dst = $config['board_dst']; -			$timezone = $config['board_timezone']; -		} +		$is_dst = $config['board_dst']; +		$timezone = $config['board_timezone'];  		$data = array(  			'username'			=> utf8_normalize_nfc(request_var('username', '', true)), @@ -210,7 +194,7 @@ class ucp_register  					array('email')),  				'email_confirm'		=> array('string', false, 6, 60),  				'tz'				=> array('num', false, -14, 14), -				'lang'				=> array('match', false, '#^[a-z_\-]{2,}$#i'), +				'lang'				=> array('language_iso_name'),  			));  			if (!check_form_key('ucp_register')) @@ -366,10 +350,7 @@ class ucp_register  					$messenger->to($data['email'], $data['username']); -					$messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']); -					$messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']); -					$messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']); -					$messenger->headers('X-AntiAbuse: User IP - ' . $user->ip); +					$messenger->anti_abuse_headers($config, $user);  					$messenger->assign_vars(array(  						'WELCOME_MSG'	=> htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])), diff --git a/phpBB/includes/ucp/ucp_resend.php b/phpBB/includes/ucp/ucp_resend.php index 39e9be24a1..4d181dba49 100644 --- a/phpBB/includes/ucp/ucp_resend.php +++ b/phpBB/includes/ucp/ucp_resend.php @@ -94,10 +94,7 @@ class ucp_resend  				$messenger->template(($coppa) ? 'coppa_resend_inactive' : 'user_resend_inactive', $user_row['user_lang']);  				$messenger->to($user_row['user_email'], $user_row['username']); -				$messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']); -				$messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']); -				$messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']); -				$messenger->headers('X-AntiAbuse: User IP - ' . $user->ip); +				$messenger->anti_abuse_headers($config, $user);  				$messenger->assign_vars(array(  					'WELCOME_MSG'	=> htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])), @@ -133,10 +130,7 @@ class ucp_resend  					$messenger->to($row['user_email'], $row['username']);  					$messenger->im($row['user_jabber'], $row['username']); -					$messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']); -					$messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']); -					$messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']); -					$messenger->headers('X-AntiAbuse: User IP - ' . $user->ip); +					$messenger->anti_abuse_headers($config, $user);  					$messenger->assign_vars(array(  						'USERNAME'			=> htmlspecialchars_decode($user_row['username']), | 
