aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes')
-rw-r--r--phpBB/includes/acp/acp_php_info.php8
-rw-r--r--phpBB/includes/bbcode.php7
-rw-r--r--phpBB/includes/db/db_tools.php20
-rw-r--r--phpBB/includes/functions.php22
-rw-r--r--phpBB/includes/functions_content.php2
-rw-r--r--phpBB/includes/functions_display.php52
-rw-r--r--phpBB/includes/functions_transfer.php55
-rw-r--r--phpBB/includes/session.php33
8 files changed, 160 insertions, 39 deletions
diff --git a/phpBB/includes/acp/acp_php_info.php b/phpBB/includes/acp/acp_php_info.php
index 0499095004..7dd345971a 100644
--- a/phpBB/includes/acp/acp_php_info.php
+++ b/phpBB/includes/acp/acp_php_info.php
@@ -67,6 +67,9 @@ class acp_php_info
$output = preg_replace('#<img border="0"#i', '<img', $output);
$output = str_replace(array('class="e"', 'class="v"', 'class="h"', '<hr />', '<font', '</font>'), array('class="row1"', 'class="row2"', '', '', '<span', '</span>'), $output);
+ // Fix invalid anchor names (eg "module_Zend Optimizer")
+ $output = preg_replace_callback('#<a name="([^"]+)">#', array($this, 'remove_spaces'), $output);
+
if (empty($output))
{
trigger_error('NO_PHPINFO_AVAILABLE', E_USER_WARNING);
@@ -79,6 +82,11 @@ class acp_php_info
$template->assign_var('PHPINFO', $output);
}
+
+ function remove_spaces($matches)
+ {
+ return '<a name="' . str_replace(' ', '_', $matches[1]) . '">';
+ }
}
?> \ No newline at end of file
diff --git a/phpBB/includes/bbcode.php b/phpBB/includes/bbcode.php
index d77bb3c4a7..9356e3e9b4 100644
--- a/phpBB/includes/bbcode.php
+++ b/phpBB/includes/bbcode.php
@@ -584,6 +584,13 @@ class bbcode
$code = str_replace("\t", '&nbsp; &nbsp;', $code);
$code = str_replace(' ', '&nbsp; ', $code);
$code = str_replace(' ', ' &nbsp;', $code);
+ $code = str_replace("\n ", "\n&nbsp;", $code);
+
+ // keep space at the beginning
+ if (!empty($code) && $code[0] == ' ')
+ {
+ $code = '&nbsp;' . substr($code, 1);
+ }
// remove newline at the beginning
if (!empty($code) && $code[0] == "\n")
diff --git a/phpBB/includes/db/db_tools.php b/phpBB/includes/db/db_tools.php
index d23323a5b1..10ca6c0a1f 100644
--- a/phpBB/includes/db/db_tools.php
+++ b/phpBB/includes/db/db_tools.php
@@ -649,6 +649,23 @@ class phpbb_db_tools
$sqlite = true;
}
+ // Drop tables?
+ if (!empty($schema_changes['drop_tables']))
+ {
+ foreach ($schema_changes['drop_tables'] as $table)
+ {
+ // only drop table if it exists
+ if ($this->sql_table_exists($table))
+ {
+ $result = $this->sql_table_drop($table);
+ if ($this->return_statements)
+ {
+ $statements = array_merge($statements, $result);
+ }
+ }
+ }
+ }
+
// Add tables?
if (!empty($schema_changes['add_tables']))
{
@@ -1788,7 +1805,7 @@ class phpbb_db_tools
break;
case 'oracle':
- $statements[] = 'ALTER TABLE ' . $table_name . ' DROP ' . $column_name;
+ $statements[] = 'ALTER TABLE ' . $table_name . ' DROP COLUMN ' . $column_name;
break;
case 'postgres':
@@ -1939,6 +1956,7 @@ class phpbb_db_tools
$statements[] = "DROP SEQUENCE {$row['referenced_name']}";
}
$this->db->sql_freeresult($result);
+ break;
case 'postgres':
// PGSQL does not "tightly" bind sequences and tables, we must guess...
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 1a5be3091c..628f8ee123 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -629,8 +629,8 @@ function phpbb_email_hash($email)
* @param string $version2 Second version number
* @param string $operator Comparison operator (optional)
*
-* @return mixed Integer (-1, 0, 1) if comparison operator is specified.
-* Boolean (true, false) otherwise.
+* @return mixed Boolean (true, false) if comparison operator is specified.
+* Integer (-1, 0, 1) otherwise.
*/
function phpbb_version_compare($version1, $version2, $operator = null)
{
@@ -2225,6 +2225,12 @@ function append_sid($url, $params = false, $is_amp = true, $session_id = false)
{
global $_SID, $_EXTRA_URL, $phpbb_hook;
+ if ($params === '' || (is_array($params) && empty($params)))
+ {
+ // Do not append the ? if the param-list is empty anyway.
+ $params = false;
+ }
+
// Developers using the hook function need to globalise the $_SID and $_EXTRA_URL on their own and also handle it appropriately.
// They could mimic most of what is within this function
if (!empty($phpbb_hook) && $phpbb_hook->call_hook(__FUNCTION__, $url, $params, $is_amp, $session_id))
@@ -2708,12 +2714,6 @@ function send_status_line($code, $message)
{
$version = $_SERVER['SERVER_PROTOCOL'];
}
- else if (!empty($_SERVER['HTTP_VERSION']))
- {
- // I cannot remember where I got this from.
- // This code path may never be reachable in reality.
- $version = $_SERVER['HTTP_VERSION'];
- }
else
{
$version = 'HTTP/1.0';
@@ -4647,6 +4647,12 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0
header('Expires: 0');
header('Pragma: no-cache');
+ if (!empty($user->data['is_bot']))
+ {
+ // Let reverse proxies know we detected a bot.
+ header('X-PHPBB-IS-BOT: yes');
+ }
+
return;
}
diff --git a/phpBB/includes/functions_content.php b/phpBB/includes/functions_content.php
index faff9dd0de..b7650ecd6a 100644
--- a/phpBB/includes/functions_content.php
+++ b/phpBB/includes/functions_content.php
@@ -1107,7 +1107,7 @@ function extension_allowed($forum_id, $extension, &$extensions)
* @param int $max_length Maximum length of string (multibyte character count as 1 char / Html entity count as 1 char)
* @param int $max_store_length Maximum character length of string (multibyte character count as 1 char / Html entity count as entity chars).
* @param bool $allow_reply Allow Re: in front of string
-* NOTE: This parameter can cause undesired behavior (returning strings longer than $max_store_legnth) and is deprecated.
+* NOTE: This parameter can cause undesired behavior (returning strings longer than $max_store_length) and is deprecated.
* @param string $append String to be appended
*/
function truncate_string($string, $max_length = 60, $max_store_length = 255, $allow_reply = false, $append = '')
diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php
index 7982b9908d..14d0c44dcf 100644
--- a/phpBB/includes/functions_display.php
+++ b/phpBB/includes/functions_display.php
@@ -51,6 +51,27 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
$sql_where = 'left_id > ' . $root_data['left_id'] . ' AND left_id < ' . $root_data['right_id'];
}
+ // Handle marking everything read
+ if ($mark_read == 'all')
+ {
+ $redirect = build_url(array('mark', 'hash'));
+ meta_refresh(3, $redirect);
+
+ if (check_link_hash(request_var('hash', ''), 'global'))
+ {
+ markread('all');
+
+ trigger_error(
+ $user->lang['FORUMS_MARKED'] . '<br /><br />' .
+ sprintf($user->lang['RETURN_INDEX'], '<a href="' . $redirect . '">', '</a>')
+ );
+ }
+ else
+ {
+ trigger_error(sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>'));
+ }
+ }
+
// Display list of active topics for this category?
$show_active = (isset($root_data['forum_flags']) && ($root_data['forum_flags'] & FORUM_FLAG_ACTIVE_TOPICS)) ? true : false;
@@ -120,13 +141,14 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
$forum_id = $row['forum_id'];
// Mark forums read?
- if ($mark_read == 'forums' || $mark_read == 'all')
+ if ($mark_read == 'forums')
{
if ($auth->acl_get('f_list', $forum_id))
{
$forum_ids[] = $forum_id;
- continue;
}
+
+ continue;
}
// Category with no members
@@ -152,8 +174,6 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
continue;
}
- $forum_ids[] = $forum_id;
-
if ($config['load_db_lastread'] && $user->data['is_registered'])
{
$forum_tracking_info[$forum_id] = (!empty($row['mark_time'])) ? $row['mark_time'] : $user->data['user_lastmark'];
@@ -255,24 +275,16 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
$db->sql_freeresult($result);
// Handle marking posts
- if ($mark_read == 'forums' || $mark_read == 'all')
+ if ($mark_read == 'forums')
{
$redirect = build_url(array('mark', 'hash'));
$token = request_var('hash', '');
if (check_link_hash($token, 'global'))
{
- if ($mark_read == 'all')
- {
- markread('all');
- $message = sprintf($user->lang['RETURN_INDEX'], '<a href="' . $redirect . '">', '</a>');
- }
- else
- {
- // Add 0 to forums array to mark global announcements correctly
- $forum_ids[] = 0;
- markread('topics', $forum_ids);
- $message = sprintf($user->lang['RETURN_FORUM'], '<a href="' . $redirect . '">', '</a>');
- }
+ // Add 0 to forums array to mark global announcements correctly
+ $forum_ids[] = 0;
+ markread('topics', $forum_ids);
+ $message = sprintf($user->lang['RETURN_FORUM'], '<a href="' . $redirect . '">', '</a>');
meta_refresh(3, $redirect);
trigger_error($user->lang['FORUMS_MARKED'] . '<br /><br />' . $message);
}
@@ -996,13 +1008,17 @@ function display_user_activity(&$userdata)
}
// Obtain active topic
+ // We need to exclude passworded forums here so we do not leak the topic title
+ $forum_ary_topic = array_unique(array_merge($forum_ary, $user->get_passworded_forums()));
+ $forum_sql_topic = (!empty($forum_ary_topic)) ? 'AND ' . $db->sql_in_set('forum_id', $forum_ary_topic, true) : '';
+
$sql = 'SELECT topic_id, COUNT(post_id) AS num_posts
FROM ' . POSTS_TABLE . '
WHERE poster_id = ' . $userdata['user_id'] . "
AND post_postcount = 1
AND (post_approved = 1
$sql_m_approve)
- $forum_sql
+ $forum_sql_topic
GROUP BY topic_id
ORDER BY num_posts DESC";
$result = $db->sql_query_limit($sql, 1);
diff --git a/phpBB/includes/functions_transfer.php b/phpBB/includes/functions_transfer.php
index 046abede8e..5ab7a87efd 100644
--- a/phpBB/includes/functions_transfer.php
+++ b/phpBB/includes/functions_transfer.php
@@ -808,23 +808,56 @@ class ftp_fsock extends transfer
*/
function _open_data_connection()
{
- $this->_send_command('PASV', '', false);
-
- if (!$ip_port = $this->_check_command(true))
+ // Try to find out whether we have a IPv4 or IPv6 (control) connection
+ if (function_exists('stream_socket_get_name'))
{
- return false;
+ $socket_name = stream_socket_get_name($this->connection, true);
+ $server_ip = substr($socket_name, 0, strrpos($socket_name, ':'));
}
- // open the connection to start sending the file
- if (!preg_match('#[0-9]{1,3},[0-9]{1,3},[0-9]{1,3},[0-9]{1,3},[0-9]+,[0-9]+#', $ip_port, $temp))
+ if (!isset($server_ip) || preg_match(get_preg_expression('ipv4'), $server_ip))
{
- // bad ip and port
- return false;
+ // Passive mode
+ $this->_send_command('PASV', '', false);
+
+ if (!$ip_port = $this->_check_command(true))
+ {
+ return false;
+ }
+
+ // open the connection to start sending the file
+ if (!preg_match('#[0-9]{1,3},[0-9]{1,3},[0-9]{1,3},[0-9]{1,3},[0-9]+,[0-9]+#', $ip_port, $temp))
+ {
+ // bad ip and port
+ return false;
+ }
+
+ $temp = explode(',', $temp[0]);
+ $server_ip = $temp[0] . '.' . $temp[1] . '.' . $temp[2] . '.' . $temp[3];
+ $server_port = $temp[4] * 256 + $temp[5];
+ }
+ else
+ {
+ // Extended Passive Mode - RFC2428
+ $this->_send_command('EPSV', '', false);
+
+ if (!$epsv_response = $this->_check_command(true))
+ {
+ return false;
+ }
+
+ // Response looks like "229 Entering Extended Passive Mode (|||12345|)"
+ // where 12345 is the tcp port for the data connection
+ if (!preg_match('#\(\|\|\|([0-9]+)\|\)#', $epsv_response, $match))
+ {
+ return false;
+ }
+ $server_port = (int) $match[1];
+
+ // fsockopen expects IPv6 address in square brackets
+ $server_ip = "[$server_ip]";
}
- $temp = explode(',', $temp[0]);
- $server_ip = $temp[0] . '.' . $temp[1] . '.' . $temp[2] . '.' . $temp[3];
- $server_port = $temp[4] * 256 + $temp[5];
$errno = 0;
$errstr = '';
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php
index e9e706e2b8..caadcbafaa 100644
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@@ -2410,6 +2410,39 @@ class user extends session
return true;
}
+
+ /**
+ * Returns all password protected forum ids the user is currently NOT authenticated for.
+ *
+ * @return array Array of forum ids
+ * @access public
+ */
+ function get_passworded_forums()
+ {
+ global $db;
+
+ $sql = 'SELECT f.forum_id, fa.user_id
+ FROM ' . FORUMS_TABLE . ' f
+ LEFT JOIN ' . FORUMS_ACCESS_TABLE . " fa
+ ON (fa.forum_id = f.forum_id
+ AND fa.session_id = '" . $db->sql_escape($this->session_id) . "')
+ WHERE f.forum_password <> ''";
+ $result = $db->sql_query($sql);
+
+ $forum_ids = array();
+ while ($row = $db->sql_fetchrow($result))
+ {
+ $forum_id = (int) $row['forum_id'];
+
+ if ($row['user_id'] != $this->data['user_id'])
+ {
+ $forum_ids[$forum_id] = $forum_id;
+ }
+ }
+ $db->sql_freeresult($result);
+
+ return $forum_ids;
+ }
}
?> \ No newline at end of file
generated by cgit v1.2.1 (git 2.21.0) at 2025-07-31 06:35:36 +0000