diff options
Diffstat (limited to 'phpBB/includes')
| -rw-r--r-- | phpBB/includes/acp/acp_board.php | 4 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_groups.php | 113 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_update.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/functions.php | 28 | ||||
| -rw-r--r-- | phpBB/includes/functions_admin.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/functions_messenger.php | 24 | ||||
| -rw-r--r-- | phpBB/includes/functions_user.php | 27 | ||||
| -rw-r--r-- | phpBB/includes/session.php | 7 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_groups.php | 7 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_pm_compose.php | 11 |
10 files changed, 167 insertions, 58 deletions
diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index f437dca8f9..ebbf66657e 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -408,8 +408,8 @@ class acp_board 'board_email_form' => array('lang' => 'BOARD_EMAIL_FORM', 'validate' => 'bool', 'type' => 'radio:enabled_disabled', 'explain' => true), 'email_function_name' => array('lang' => 'EMAIL_FUNCTION_NAME', 'validate' => 'string', 'type' => 'text:20:50', 'explain' => true), 'email_package_size' => array('lang' => 'EMAIL_PACKAGE_SIZE', 'validate' => 'int:0', 'type' => 'text:5:5', 'explain' => true), - 'board_contact' => array('lang' => 'CONTACT_EMAIL', 'validate' => 'string', 'type' => 'text:25:100', 'explain' => true), - 'board_email' => array('lang' => 'ADMIN_EMAIL', 'validate' => 'string', 'type' => 'text:25:100', 'explain' => true), + 'board_contact' => array('lang' => 'CONTACT_EMAIL', 'validate' => 'email', 'type' => 'text:25:100', 'explain' => true), + 'board_email' => array('lang' => 'ADMIN_EMAIL', 'validate' => 'email', 'type' => 'text:25:100', 'explain' => true), 'board_email_sig' => array('lang' => 'EMAIL_SIG', 'validate' => 'string', 'type' => 'textarea:5:30', 'explain' => true), 'board_hide_emails' => array('lang' => 'BOARD_HIDE_EMAILS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), diff --git a/phpBB/includes/acp/acp_groups.php b/phpBB/includes/acp/acp_groups.php index 486616c33d..9b9ea38e07 100644 --- a/phpBB/includes/acp/acp_groups.php +++ b/phpBB/includes/acp/acp_groups.php @@ -80,6 +80,11 @@ class acp_groups case 'approve': case 'demote': case 'promote': + if (!check_form_key($form_key)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + if (!$group_id) { trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action), E_USER_WARNING); @@ -120,48 +125,64 @@ class acp_groups { trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action), E_USER_WARNING); } + else if (empty($mark_ary)) + { + trigger_error($user->lang['NO_USERS'] . adm_back_link($this->u_action . '&action=list&g=' . $group_id), E_USER_WARNING); + } if (confirm_box(true)) { $group_name = ($group_row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $group_row['group_name']] : $group_row['group_name']; + group_user_attributes('default', $group_id, $mark_ary, false, $group_name, $group_row); + trigger_error($user->lang['GROUP_DEFS_UPDATED'] . adm_back_link($this->u_action . '&action=list&g=' . $group_id)); + } + else + { + confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( + 'mark' => $mark_ary, + 'g' => $group_id, + 'i' => $id, + 'mode' => $mode, + 'action' => $action)) + ); + } + break; - if (!sizeof($mark_ary)) - { - $start = 0; + case 'set_default_on_all': + if (confirm_box(true)) + { + $group_name = ($group_row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $group_row['group_name']] : $group_row['group_name']; + + $start = 0; - do + do + { + $sql = 'SELECT user_id + FROM ' . USER_GROUP_TABLE . " + WHERE group_id = $group_id + ORDER BY user_id"; + $result = $db->sql_query_limit($sql, 200, $start); + + $mark_ary = array(); + if ($row = $db->sql_fetchrow($result)) { - $sql = 'SELECT user_id - FROM ' . USER_GROUP_TABLE . " - WHERE group_id = $group_id - ORDER BY user_id"; - $result = $db->sql_query_limit($sql, 200, $start); - - $mark_ary = array(); - if ($row = $db->sql_fetchrow($result)) + do { - do - { - $mark_ary[] = $row['user_id']; - } - while ($row = $db->sql_fetchrow($result)); + $mark_ary[] = $row['user_id']; + } + while ($row = $db->sql_fetchrow($result)); - group_user_attributes('default', $group_id, $mark_ary, false, $group_name, $group_row); + group_user_attributes('default', $group_id, $mark_ary, false, $group_name, $group_row); - $start = (sizeof($mark_ary) < 200) ? 0 : $start + 200; - } - else - { - $start = 0; - } - $db->sql_freeresult($result); + $start = (sizeof($mark_ary) < 200) ? 0 : $start + 200; } - while ($start); - } - else - { - group_user_attributes('default', $group_id, $mark_ary, false, $group_name, $group_row); + else + { + $start = 0; + } + $db->sql_freeresult($result); } + while ($start); trigger_error($user->lang['GROUP_DEFS_UPDATED'] . adm_back_link($this->u_action . '&action=list&g=' . $group_id)); } @@ -175,10 +196,13 @@ class acp_groups 'action' => $action)) ); } - break; case 'deleteusers': + if (empty($mark_ary)) + { + trigger_error($user->lang['NO_USERS'] . adm_back_link($this->u_action . '&action=list&g=' . $group_id), E_USER_WARNING); + } case 'delete': if (!$group_id) { @@ -233,6 +257,11 @@ class acp_groups break; case 'addusers': + if (!check_form_key($form_key)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + if (!$group_id) { trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action), E_USER_WARNING); @@ -394,13 +423,21 @@ class acp_groups } } - // Validate the length of "Maximum number of allowed recipients per private message" setting. - // We use 16777215 as a maximum because it matches MySQL unsigned mediumint maximum value - // which is the lowest amongst DBMSes supported by phpBB3 - if ($max_recipients_error = validate_data($submit_ary, array('max_recipients' => array('num', false, 0, 16777215)))) + /* + * Validate the length of "Maximum number of allowed recipients per + * private message" setting. We use 16777215 as a maximum because it matches + * MySQL unsigned mediumint maximum value which is the lowest amongst DBMSes + * supported by phpBB3. Also validate the submitted colour value. + */ + $validation_checks = array( + 'max_recipients' => array('num', false, 0, 16777215), + 'colour' => array('hex_colour', true), + ); + + if ($validation_error = validate_data($submit_ary, $validation_checks)) { // Replace "error" string with its real, localised form - $error = array_merge($error, array_map(array(&$user, 'lang'), $max_recipients_error)); + $error = array_merge($error, array_map(array(&$user, 'lang'), $validation_error)); } if (!sizeof($error)) @@ -683,7 +720,7 @@ class acp_groups 'U_ACTION' => $this->u_action . "&g=$group_id", 'U_BACK' => $this->u_action, 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=list&field=usernames'), - 'U_DEFAULT_ALL' => "{$this->u_action}&action=default&g=$group_id", + 'U_DEFAULT_ALL' => "{$this->u_action}&action=set_default_on_all&g=$group_id", )); // Grab the members @@ -795,4 +832,4 @@ class acp_groups } } -?>
\ No newline at end of file +?> diff --git a/phpBB/includes/acp/acp_update.php b/phpBB/includes/acp/acp_update.php index 7e3d1a1024..5d3e9abcea 100644 --- a/phpBB/includes/acp/acp_update.php +++ b/phpBB/includes/acp/acp_update.php @@ -39,7 +39,7 @@ class acp_update $info = obtain_latest_version_info(request_var('versioncheck_force', false)); - if ($info === false) + if (empty($info)) { trigger_error('VERSIONCHECK_FAIL', E_USER_WARNING); } diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 571c863839..b2b12c1445 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -137,7 +137,18 @@ function request_var($var_name, $default, $multibyte = false, $cookie = false) } /** -* Set config value. Creates missing config entry. +* Sets a configuration option's value. +* +* Please note that this function does not update the is_dynamic value for +* an already existing config option. +* +* @param string $config_name The configuration option's name +* @param string $config_value New configuration value +* @param bool $is_dynamic Whether this variable should be cached (false) or +* if it changes too frequently (true) to be +* efficiently cached. +* +* @return null */ function set_config($config_name, $config_value, $is_dynamic = false) { @@ -166,7 +177,15 @@ function set_config($config_name, $config_value, $is_dynamic = false) } /** -* Set dynamic config value with arithmetic operation. +* Increments an integer config value directly in the database. +* +* @param string $config_name The configuration option's name +* @param int $increment Amount to increment by +* @param bool $is_dynamic Whether this variable should be cached (false) or +* if it changes too frequently (true) to be +* efficiently cached. +* +* @return null */ function set_config_count($config_name, $increment, $is_dynamic = false) { @@ -986,7 +1005,7 @@ if (!function_exists('stripos')) */ function is_absolute($path) { - return ($path[0] == '/' || (DIRECTORY_SEPARATOR == '\\' && preg_match('#^[a-z]:[/\\\]#i', $path))) ? true : false; + return (isset($path[0]) && $path[0] == '/' || preg_match('#^[a-z]:[/\\\]#i', $path)) ? true : false; } /** @@ -2721,7 +2740,7 @@ function meta_refresh($time, $url, $disable_cd_check = false) // For XHTML compatibility we change back & to & $template->assign_vars(array( - 'META' => '<meta http-equiv="refresh" content="' . $time . ';url=' . $url . '" />') + 'META' => '<meta http-equiv="refresh" content="' . $time . '; url=' . $url . '" />') ); return $url; @@ -3253,6 +3272,7 @@ function login_forum_box($forum_data) page_header($user->lang['LOGIN'], false); $template->assign_vars(array( + 'FORUM_NAME' => isset($forum_data['forum_name']) ? $forum_data['forum_name'] : '', 'S_LOGIN_ACTION' => build_url(array('f')), 'S_HIDDEN_FIELDS' => build_hidden_fields(array('f' => $forum_data['forum_id']))) ); diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php index 190185cfcf..a9d1db24a5 100644 --- a/phpBB/includes/functions_admin.php +++ b/phpBB/includes/functions_admin.php @@ -3319,7 +3319,7 @@ function obtain_latest_version_info($force_update = false, $warn_fail = false, $ $info = get_remote_file('version.phpbb.com', '/phpbb', ((defined('PHPBB_QA')) ? '30x_qa.txt' : '30x.txt'), $errstr, $errno); - if ($info === false) + if (empty($info)) { $cache->destroy('versioncheck'); if ($warn_fail) diff --git a/phpBB/includes/functions_messenger.php b/phpBB/includes/functions_messenger.php index e837811c86..db2dea33e8 100644 --- a/phpBB/includes/functions_messenger.php +++ b/phpBB/includes/functions_messenger.php @@ -390,6 +390,28 @@ class messenger } /** + * Generates a valid message id to be used in emails + * + * @return string message id + */ + function generate_message_id() + { + global $config; + + $domain = 'phpbb.generated'; + if ($config['server_name']) + { + $domain = $config['server_name']; + } + else if (!empty($_SERVER['SERVER_NAME'])) + { + $domain = $_SERVER['SERVER_NAME']; + } + + return md5(unique_id(time())) . '@' . $domain; + } + + /** * Return email header */ function build_header($to, $cc, $bcc) @@ -415,7 +437,7 @@ class messenger $headers[] = 'Return-Path: <' . $config['board_email'] . '>'; $headers[] = 'Sender: <' . $config['board_email'] . '>'; $headers[] = 'MIME-Version: 1.0'; - $headers[] = 'Message-ID: <' . md5(unique_id(time())) . '@' . $config['server_name'] . '>'; + $headers[] = 'Message-ID: <' . $this->generate_message_id() . '>'; $headers[] = 'Date: ' . date('r', time()); $headers[] = 'Content-Type: text/plain; charset=UTF-8'; // format=flowed $headers[] = 'Content-Transfer-Encoding: 8bit'; // 7bit diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 5a6a0b4a05..2b26c6787c 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1247,8 +1247,9 @@ function validate_data($data, $val_ary) { $function = array_shift($validate); array_unshift($validate, $data[$var]); + $function_prefix = (function_exists('phpbb_validate_' . $function)) ? 'phpbb_validate_' : 'validate_'; - if ($result = call_user_func_array('validate_' . $function, $validate)) + if ($result = call_user_func_array($function_prefix . $function, $validate)) { // Since errors are checked later for their language file existence, we need to make sure custom errors are not adjusted. $error[] = (empty($user->lang[$result . '_' . strtoupper($var)])) ? $result : $result . '_' . strtoupper($var); @@ -1899,6 +1900,30 @@ function validate_jabber($jid) } /** +* Validate hex colour value +* +* @param string $colour The hex colour value +* @param bool $optional Whether the colour value is optional. True if an empty +* string will be accepted as correct input, false if not. +* @return bool|string Error message if colour value is incorrect, false if it +* fits the hex colour code +*/ +function phpbb_validate_hex_colour($colour, $optional = false) +{ + if ($colour === '') + { + return (($optional) ? false : 'WRONG_DATA'); + } + + if (!preg_match('/^([0-9a-fA-F]{6}|[0-9a-fA-F]{3})$/', $colour)) + { + return 'WRONG_DATA'; + } + + return false; +} + +/** * Verifies whether a style ID corresponds to an active style. * * @param int $style_id The style_id of a style which should be checked if activated or not. diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 496c12a0d1..fe5357f32e 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -325,7 +325,7 @@ class session // if no session id is set, redirect to index.php if (defined('NEED_SID') && (!isset($_GET['sid']) || $this->session_id !== $_GET['sid'])) { - send_status_line(401, 'Not authorized'); + send_status_line(401, 'Unauthorized'); redirect(append_sid("{$phpbb_root_path}index.$phpEx")); } @@ -1661,7 +1661,7 @@ class user extends session if (!$this->theme) { - trigger_error('Could not get style data', E_USER_ERROR); + trigger_error('NO_STYLE_DATA', E_USER_ERROR); } // Now parse the cfg file and cache it @@ -2156,7 +2156,8 @@ class user extends session 'is_short' => strpos($format, '|'), 'format_short' => substr($format, 0, strpos($format, '|')) . '||' . substr(strrchr($format, '|'), 1), 'format_long' => str_replace('|', '', $format), - 'lang' => $this->lang['datetime'], + // Filter out values that are not strings (e.g. arrays) for strtr(). + 'lang' => array_filter($this->lang['datetime'], 'is_string'), ); // Short representation of month in format? Some languages use different terms for the long and short format of May diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php index d62dbb1866..9365913541 100644 --- a/phpBB/includes/ucp/ucp_groups.php +++ b/phpBB/includes/ucp/ucp_groups.php @@ -595,6 +595,13 @@ class ucp_groups $error[] = $user->lang['FORM_INVALID']; } + // Validate submitted colour value + if ($colour_error = validate_data($submit_ary, array('colour' => array('hex_colour', true)))) + { + // Replace "error" string with its real, localised form + $error = array_merge($error, array_map(array(&$user, 'lang'), $colour_error)); + } + if (!sizeof($error)) { // Only set the rank, colour, etc. if it's changed or if we're adding a new diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index 8e82188aff..d7509a1072 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -271,19 +271,16 @@ function compose_pm($id, $mode, $action, $user_folders = array()) // Passworded forum? if ($post['forum_id']) { - $sql = 'SELECT forum_password + $sql = 'SELECT forum_id, forum_name, forum_password FROM ' . FORUMS_TABLE . ' WHERE forum_id = ' . (int) $post['forum_id']; $result = $db->sql_query($sql); - $forum_password = (string) $db->sql_fetchfield('forum_password'); + $forum_data = $db->sql_fetchrow($result); $db->sql_freeresult($result); - if ($forum_password) + if (!empty($forum_data['forum_password'])) { - login_forum_box(array( - 'forum_id' => $post['forum_id'], - 'forum_password' => $forum_password, - )); + login_forum_box($forum_data); } } } |