diff options
Diffstat (limited to 'phpBB/includes')
-rw-r--r-- | phpBB/includes/acp/acp_ban.php | 14 | ||||
-rw-r--r-- | phpBB/includes/acp/acp_language.php | 11 | ||||
-rw-r--r-- | phpBB/includes/functions_module.php | 2 | ||||
-rw-r--r-- | phpBB/includes/functions_transfer.php | 6 | ||||
-rw-r--r-- | phpBB/includes/functions_upload.php | 4 | ||||
-rw-r--r-- | phpBB/includes/functions_user.php | 3 | ||||
-rw-r--r-- | phpBB/includes/mcp/mcp_ban.php | 14 | ||||
-rw-r--r-- | phpBB/includes/ucp/ucp_zebra.php | 261 |
8 files changed, 177 insertions, 138 deletions
diff --git a/phpBB/includes/acp/acp_ban.php b/phpBB/includes/acp/acp_ban.php index d28319c731..bd05cf7b1c 100644 --- a/phpBB/includes/acp/acp_ban.php +++ b/phpBB/includes/acp/acp_ban.php @@ -40,17 +40,23 @@ class acp_ban $ban_reason = request_var('banreason', '', true); $ban_give_reason = request_var('bangivereason', '', true); - user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reason, $ban_give_reason); + if ($ban) + { + user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reason, $ban_give_reason); - trigger_error($user->lang['BAN_UPDATE_SUCCESSFUL'] . adm_back_link($this->u_action)); + trigger_error($user->lang['BAN_UPDATE_SUCCESSFUL'] . adm_back_link($this->u_action)); + } } else if ($unbansubmit) { $ban = request_var('unban', array('')); - user_unban($mode, $ban); + if ($ban) + { + user_unban($mode, $ban); - trigger_error($user->lang['BAN_UPDATE_SUCCESSFUL'] . adm_back_link($this->u_action)); + trigger_error($user->lang['BAN_UPDATE_SUCCESSFUL'] . adm_back_link($this->u_action)); + } } // Define language vars diff --git a/phpBB/includes/acp/acp_language.php b/phpBB/includes/acp/acp_language.php index 153c200aeb..5064e1848f 100644 --- a/phpBB/includes/acp/acp_language.php +++ b/phpBB/includes/acp/acp_language.php @@ -320,7 +320,16 @@ class acp_language } $transfer->rename($lang_path . $file, $lang_path . $file . '.bak'); - $transfer->copy_file('store/' . $lang_path . $file, $lang_path . $file); + $result = $transfer->copy_file('store/' . $lang_path . $file, $lang_path . $file); + + if ($result === false) + { + // If failed, try to rename again and print error out... + $transfer->rename($lang_path . $file . '.bak', $lang_path . $file); + + trigger_error($user->lang['UPLOAD_FAILED'] . adm_back_link($this->u_action . '&action=details&id=' . $lang_id . '&language_file=' . urlencode($selected_lang_file)), E_USER_WARNING); + } + $transfer->close_session(); // Remove from storage folder diff --git a/phpBB/includes/functions_module.php b/phpBB/includes/functions_module.php index 1ad543c298..d45358327f 100644 --- a/phpBB/includes/functions_module.php +++ b/phpBB/includes/functions_module.php @@ -445,7 +445,7 @@ class p_master } // Add url_extra parameter to u_action url - if ($this->module_ary[$this->active_module_row_id]['url_extra']) + if (!empty($this->module_ary) && $this->active_module !== false && $this->module_ary[$this->active_module_row_id]['url_extra']) { $this->module->u_action .= $this->module_ary[$this->active_module_row_id]['url_extra']; } diff --git a/phpBB/includes/functions_transfer.php b/phpBB/includes/functions_transfer.php index 8c00f2b1dd..883c9a7177 100644 --- a/phpBB/includes/functions_transfer.php +++ b/phpBB/includes/functions_transfer.php @@ -32,8 +32,8 @@ class transfer { global $phpbb_root_path; - $this->file_perms = 644; - $this->dir_perms = 777; + $this->file_perms = '0644'; + $this->dir_perms = '0777'; // We use the store directory as temporary path to circumvent open basedir restrictions $this->tmp_path = $phpbb_root_path . 'store/'; @@ -382,7 +382,7 @@ class ftp extends transfer } else { - $chmod_cmd = 'CHMOD 0' . $perms . ' ' . $file; + $chmod_cmd = 'CHMOD ' . $perms . ' ' . $file; $err = $this->_site($chmod_cmd); } diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index e28c7fa64f..33556e1893 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -50,8 +50,8 @@ class filespec $this->filename = $upload_ary['tmp_name']; $this->filesize = $upload_ary['size']; - $this->realname = $this->uploadname = trim(htmlspecialchars(basename($upload_ary['name']))); - $this->mimetype = $upload_ary['type']; + $name = trim(htmlspecialchars(basename($upload_ary['name']))); + $this->realname = $this->uploadname = (STRIP) ? stripslashes($name) : $name; // Opera adds the name to the mime type $this->mimetype = (strpos($this->mimetype, '; name') !== false) ? str_replace(strstr($this->mimetype, '; name'), '', $this->mimetype) : $this->mimetype; diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 7cceda0dd2..e9297d490f 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -825,6 +825,9 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas AND ban_exclude = $ban_exclude"; $result = $db->sql_query($sql); + // Reset $sql_where, because we use it later... + $sql_where = ''; + if ($row = $db->sql_fetchrow($result)) { $banlist_ary_tmp = array(); diff --git a/phpBB/includes/mcp/mcp_ban.php b/phpBB/includes/mcp/mcp_ban.php index 5a7240143a..aea2466888 100644 --- a/phpBB/includes/mcp/mcp_ban.php +++ b/phpBB/includes/mcp/mcp_ban.php @@ -43,17 +43,23 @@ class mcp_ban $ban_reason = request_var('banreason', '', true); $ban_give_reason = request_var('bangivereason', '', true); - user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reason, $ban_give_reason); + if ($ban) + { + user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reason, $ban_give_reason); - trigger_error($user->lang['BAN_UPDATE_SUCCESSFUL'] . '<br /><br /><a href="' . $this->u_action . '">« ' . $user->lang['BACK_TO_PREV'] . '</a>'); + trigger_error($user->lang['BAN_UPDATE_SUCCESSFUL'] . '<br /><br /><a href="' . $this->u_action . '">« ' . $user->lang['BACK_TO_PREV'] . '</a>'); + } } else if ($unbansubmit) { $ban = request_var('unban', array('')); - user_unban($mode, $ban); + if ($ban) + { + user_unban($mode, $ban); - trigger_error($user->lang['BAN_UPDATE_SUCCESSFUL'] . '<br /><br /><a href="' . $this->u_action . '">« ' . $user->lang['BACK_TO_PREV'] . '</a>'); + trigger_error($user->lang['BAN_UPDATE_SUCCESSFUL'] . '<br /><br /><a href="' . $this->u_action . '">« ' . $user->lang['BACK_TO_PREV'] . '</a>'); + } } // Ban length options diff --git a/phpBB/includes/ucp/ucp_zebra.php b/phpBB/includes/ucp/ucp_zebra.php index a3155870d8..3c9abfe5b4 100644 --- a/phpBB/includes/ucp/ucp_zebra.php +++ b/phpBB/includes/ucp/ucp_zebra.php @@ -40,159 +40,174 @@ class ucp_zebra $data[$var] = request_var($var, $default, true); } - if ($data['add']) + if (!empty($data['add']) || sizeof($data['usernames'])) { - $data['add'] = array_map('trim', array_map('utf8_clean_string', explode("\n", $data['add']))); - - // Do these name/s exist on a list already? If so, ignore ... we could be - // 'nice' and automatically handle names added to one list present on - // the other (by removing the existing one) ... but I have a feeling this - // may lead to complaints - $sql = 'SELECT z.*, u.username, u.username_clean - FROM ' . ZEBRA_TABLE . ' z, ' . USERS_TABLE . ' u - WHERE z.user_id = ' . $user->data['user_id'] . ' - AND u.user_id = z.zebra_id'; - $result = $db->sql_query($sql); - - $friends = $foes = array(); - while ($row = $db->sql_fetchrow($result)) + if (confirm_box(true)) { - if ($row['friend']) + if ($data['add']) { - $friends[] = utf8_clean_string($row['username']); - } - else - { - $foes[] = utf8_clean_string($row['username']); - } - } - $db->sql_freeresult($result); - - // remove friends from the username array - $n = sizeof($data['add']); - $data['add'] = array_diff($data['add'], $friends); - - if (sizeof($data['add']) < $n && $mode == 'foes') - { - $error[] = $user->lang['NOT_ADDED_FOES_FRIENDS']; - } - - // remove foes from the username array - $n = sizeof($data['add']); - $data['add'] = array_diff($data['add'], $foes); - - if (sizeof($data['add']) < $n && $mode == 'friends') - { - $error[] = $user->lang['NOT_ADDED_FRIENDS_FOES']; - } + $data['add'] = array_map('trim', array_map('utf8_clean_string', explode("\n", $data['add']))); + + // Do these name/s exist on a list already? If so, ignore ... we could be + // 'nice' and automatically handle names added to one list present on + // the other (by removing the existing one) ... but I have a feeling this + // may lead to complaints + $sql = 'SELECT z.*, u.username, u.username_clean + FROM ' . ZEBRA_TABLE . ' z, ' . USERS_TABLE . ' u + WHERE z.user_id = ' . $user->data['user_id'] . ' + AND u.user_id = z.zebra_id'; + $result = $db->sql_query($sql); + + $friends = $foes = array(); + while ($row = $db->sql_fetchrow($result)) + { + if ($row['friend']) + { + $friends[] = utf8_clean_string($row['username']); + } + else + { + $foes[] = utf8_clean_string($row['username']); + } + } + $db->sql_freeresult($result); - // remove the user himself from the username array - $n = sizeof($data['add']); - $data['add'] = array_diff($data['add'], array(utf8_clean_string($user->data['username']))); + // remove friends from the username array + $n = sizeof($data['add']); + $data['add'] = array_diff($data['add'], $friends); - if (sizeof($data['add']) < $n) - { - $error[] = $user->lang['NOT_ADDED_' . $l_mode . '_SELF']; - } + if (sizeof($data['add']) < $n && $mode == 'foes') + { + $error[] = $user->lang['NOT_ADDED_FOES_FRIENDS']; + } - unset($friends, $foes, $n); + // remove foes from the username array + $n = sizeof($data['add']); + $data['add'] = array_diff($data['add'], $foes); - if (sizeof($data['add'])) - { - $sql = 'SELECT user_id, user_type - FROM ' . USERS_TABLE . ' - WHERE ' . $db->sql_in_set('username_clean', $data['add']) . ' - AND user_type <> ' . USER_INACTIVE; - $result = $db->sql_query($sql); - - $user_id_ary = array(); - while ($row = $db->sql_fetchrow($result)) - { - if ($row['user_id'] != ANONYMOUS && $row['user_type'] != USER_IGNORE) + if (sizeof($data['add']) < $n && $mode == 'friends') { - $user_id_ary[] = $row['user_id']; + $error[] = $user->lang['NOT_ADDED_FRIENDS_FOES']; } - else + + // remove the user himself from the username array + $n = sizeof($data['add']); + $data['add'] = array_diff($data['add'], array(utf8_clean_string($user->data['username']))); + + if (sizeof($data['add']) < $n) { - $error[] = $user->lang['NOT_ADDED_' . $l_mode . '_ANONYMOUS']; + $error[] = $user->lang['NOT_ADDED_' . $l_mode . '_SELF']; } - } - $db->sql_freeresult($result); - if (sizeof($user_id_ary)) - { - // Remove users from foe list if they are admins or moderators - if ($mode == 'foes') + unset($friends, $foes, $n); + + if (sizeof($data['add'])) { - $perms = array(); - foreach ($auth->acl_get_list($user_id_ary, array('a_', 'm_')) as $forum_id => $forum_ary) + $sql = 'SELECT user_id, user_type + FROM ' . USERS_TABLE . ' + WHERE ' . $db->sql_in_set('username_clean', $data['add']) . ' + AND user_type <> ' . USER_INACTIVE; + $result = $db->sql_query($sql); + + $user_id_ary = array(); + while ($row = $db->sql_fetchrow($result)) { - foreach ($forum_ary as $auth_option => $user_ary) + if ($row['user_id'] != ANONYMOUS && $row['user_type'] != USER_IGNORE) { - $perms = array_merge($perms, $user_ary); + $user_id_ary[] = $row['user_id']; + } + else + { + $error[] = $user->lang['NOT_ADDED_' . $l_mode . '_ANONYMOUS']; } } + $db->sql_freeresult($result); - $perms = array_unique($perms); - - if (sizeof($perms)) + if (sizeof($user_id_ary)) { - $error[] = $user->lang['NOT_ADDED_FOES_MOD_ADMIN']; - } + // Remove users from foe list if they are admins or moderators + if ($mode == 'foes') + { + $perms = array(); + foreach ($auth->acl_get_list($user_id_ary, array('a_', 'm_')) as $forum_id => $forum_ary) + { + foreach ($forum_ary as $auth_option => $user_ary) + { + $perms = array_merge($perms, $user_ary); + } + } + + $perms = array_unique($perms); + + if (sizeof($perms)) + { + $error[] = $user->lang['NOT_ADDED_FOES_MOD_ADMIN']; + } + + // This may not be right ... it may yield true when perms equate to deny + $user_id_ary = array_diff($user_id_ary, $perms); + unset($perms); + } - // This may not be right ... it may yield true when perms equate to deny - $user_id_ary = array_diff($user_id_ary, $perms); - unset($perms); - } + if (sizeof($user_id_ary)) + { + $sql_mode = ($mode == 'friends') ? 'friend' : 'foe'; - if (sizeof($user_id_ary)) - { - $sql_mode = ($mode == 'friends') ? 'friend' : 'foe'; + $sql_ary = array(); + foreach ($user_id_ary as $zebra_id) + { + $sql_ary[] = array( + 'user_id' => $user->data['user_id'], + 'zebra_id' => (int) $zebra_id, + $sql_mode => 1 + ); + } - $sql_ary = array(); - foreach ($user_id_ary as $zebra_id) + $db->sql_multi_insert(ZEBRA_TABLE, $sql_ary); + + $updated = true; + } + unset($user_id_ary); + } + else if (!sizeof($error)) { - $sql_ary[] = array( - 'user_id' => $user->data['user_id'], - 'zebra_id' => (int) $zebra_id, - $sql_mode => 1 - ); + $error[] = $user->lang['USER_NOT_FOUND_OR_INACTIVE']; } - - $db->sql_multi_insert(ZEBRA_TABLE, $sql_ary); - - $updated = true; } - unset($user_id_ary); } - else if (!sizeof($error)) + else if (sizeof($data['usernames'])) { - $error[] = $user->lang['USER_NOT_FOUND_OR_INACTIVE']; - } - } - } - else if (sizeof($data['usernames'])) - { - // Force integer values - $data['usernames'] = array_map('intval', $data['usernames']); + // Force integer values + $data['usernames'] = array_map('intval', $data['usernames']); - $sql = 'DELETE FROM ' . ZEBRA_TABLE . ' - WHERE user_id = ' . $user->data['user_id'] . ' - AND ' . $db->sql_in_set('zebra_id', $data['usernames']); - $db->sql_query($sql); + $sql = 'DELETE FROM ' . ZEBRA_TABLE . ' + WHERE user_id = ' . $user->data['user_id'] . ' + AND ' . $db->sql_in_set('zebra_id', $data['usernames']); + $db->sql_query($sql); - $updated = true; - } + $updated = true; + } - if ($updated) - { - meta_refresh(3, $this->u_action); - $message = $user->lang[$l_mode . '_UPDATED'] . '<br />' . implode('<br />', $error) . ((sizeof($error)) ? '<br />' : '') . '<br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); - trigger_error($message); - } - else - { - $template->assign_var('ERROR', implode('<br />', $error)); + if ($updated) + { + meta_refresh(3, $this->u_action); + $message = $user->lang[$l_mode . '_UPDATED'] . '<br />' . implode('<br />', $error) . ((sizeof($error)) ? '<br />' : '') . '<br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); + trigger_error($message); + } + else + { + $template->assign_var('ERROR', implode('<br />', $error)); + } + } + else + { + confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( + 'mode' => $mode, + 'submit' => true, + 'usernames' => $data['usernames'], + 'add' => $data['add'])) + ); + } } } |