aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes')
-rw-r--r--phpBB/includes/acp/acp_database.php1
-rw-r--r--phpBB/includes/constants.php2
-rw-r--r--phpBB/includes/functions.php16
-rw-r--r--phpBB/includes/functions_display.php40
-rw-r--r--phpBB/includes/functions_upload.php2
-rw-r--r--phpBB/includes/mcp/mcp_front.php37
-rw-r--r--phpBB/includes/mcp/mcp_main.php25
-rw-r--r--phpBB/includes/mcp/mcp_reports.php1
-rw-r--r--phpBB/includes/message_parser.php13
-rw-r--r--phpBB/includes/ucp/ucp_prefs.php2
10 files changed, 121 insertions, 18 deletions
diff --git a/phpBB/includes/acp/acp_database.php b/phpBB/includes/acp/acp_database.php
index 0c52f82459..c5aebf011d 100644
--- a/phpBB/includes/acp/acp_database.php
+++ b/phpBB/includes/acp/acp_database.php
@@ -1173,6 +1173,7 @@ class postgres_extractor extends base_extractor
$this->flush($sql_data . ";\n");
}
}
+ $db->sql_freeresult($result);
$sql_data = '-- Table: ' . $table_name . "\n";
$sql_data .= "DROP TABLE $table_name;\n";
diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php
index 321a87b4b0..c53d976615 100644
--- a/phpBB/includes/constants.php
+++ b/phpBB/includes/constants.php
@@ -28,7 +28,7 @@ if (!defined('IN_PHPBB'))
*/
// phpBB Version
-define('PHPBB_VERSION', '3.1.4-dev');
+define('PHPBB_VERSION', '3.1.5-dev');
// QA-related
// define('PHPBB_QA', 1);
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 573df9e55d..d460497669 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -2309,7 +2309,7 @@ function redirect($url, $return = false, $disable_cd_check = false)
// Attention: only able to redirect within the same domain if $disable_cd_check is false (yourdomain.com -> www.yourdomain.com will not work)
if (!$disable_cd_check && $url_parts['host'] !== $user->host)
{
- $url = generate_board_url();
+ trigger_error('INSECURE_REDIRECT', E_USER_ERROR);
}
}
else if ($url[0] == '/')
@@ -2347,7 +2347,7 @@ function redirect($url, $return = false, $disable_cd_check = false)
// Clean URL and check if we go outside the forum directory
$url = $phpbb_path_helper->clean_url($url);
- if (!$disable_cd_check && strpos($url, generate_board_url(true)) === false)
+ if (!$disable_cd_check && strpos($url, generate_board_url(true) . '/') !== 0)
{
trigger_error('INSECURE_REDIRECT', E_USER_ERROR);
}
@@ -2389,7 +2389,7 @@ function redirect($url, $return = false, $disable_cd_check = false)
}
// Redirect via an HTML form for PITA webservers
- if (@preg_match('#Microsoft|WebSTAR|Xitami#', getenv('SERVER_SOFTWARE')))
+ if (@preg_match('#WebSTAR|Xitami#', getenv('SERVER_SOFTWARE')))
{
header('Refresh: 0; URL=' . $url);
@@ -2544,13 +2544,19 @@ function phpbb_request_http_version()
{
global $request;
+ $version = '';
if ($request && $request->server('SERVER_PROTOCOL'))
{
- return $request->server('SERVER_PROTOCOL');
+ $version = $request->server('SERVER_PROTOCOL');
}
else if (isset($_SERVER['SERVER_PROTOCOL']))
{
- return $_SERVER['SERVER_PROTOCOL'];
+ $version = $_SERVER['SERVER_PROTOCOL'];
+ }
+
+ if (!empty($version) && is_string($version) && preg_match('#^HTTP/[0-9]\.[0-9]$#', $version))
+ {
+ return $version;
}
return 'HTTP/1.0';
diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php
index b62b514293..5888a6160d 100644
--- a/phpBB/includes/functions_display.php
+++ b/phpBB/includes/functions_display.php
@@ -732,13 +732,15 @@ function generate_forum_rules(&$forum_data)
function generate_forum_nav(&$forum_data)
{
global $db, $user, $template, $auth, $config;
- global $phpEx, $phpbb_root_path;
+ global $phpEx, $phpbb_root_path, $phpbb_dispatcher;
if (!$auth->acl_get('f_list', $forum_data['forum_id']))
{
return;
}
+ $navlinks = $navlinks_parents = $forum_template_data = array();
+
// Get forum parents
$forum_parents = get_forum_parents($forum_data);
@@ -757,35 +759,59 @@ function generate_forum_nav(&$forum_data)
continue;
}
- $template->assign_block_vars('navlinks', array(
+ $navlinks_parents[] = array(
'S_IS_CAT' => ($parent_type == FORUM_CAT) ? true : false,
'S_IS_LINK' => ($parent_type == FORUM_LINK) ? true : false,
'S_IS_POST' => ($parent_type == FORUM_POST) ? true : false,
'FORUM_NAME' => $parent_name,
'FORUM_ID' => $parent_forum_id,
'MICRODATA' => $microdata_attr . '="' . $parent_forum_id . '"',
- 'U_VIEW_FORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $parent_forum_id))
+ 'U_VIEW_FORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $parent_forum_id),
);
}
}
- $template->assign_block_vars('navlinks', array(
+ $navlinks = array(
'S_IS_CAT' => ($forum_data['forum_type'] == FORUM_CAT) ? true : false,
'S_IS_LINK' => ($forum_data['forum_type'] == FORUM_LINK) ? true : false,
'S_IS_POST' => ($forum_data['forum_type'] == FORUM_POST) ? true : false,
'FORUM_NAME' => $forum_data['forum_name'],
'FORUM_ID' => $forum_data['forum_id'],
'MICRODATA' => $microdata_attr . '="' . $forum_data['forum_id'] . '"',
- 'U_VIEW_FORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_data['forum_id']))
+ 'U_VIEW_FORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_data['forum_id']),
);
- $template->assign_vars(array(
+ $forum_template_data = array(
'FORUM_ID' => $forum_data['forum_id'],
'FORUM_NAME' => $forum_data['forum_name'],
'FORUM_DESC' => generate_text_for_display($forum_data['forum_desc'], $forum_data['forum_desc_uid'], $forum_data['forum_desc_bitfield'], $forum_data['forum_desc_options']),
'S_ENABLE_FEEDS_FORUM' => ($config['feed_forum'] && $forum_data['forum_type'] == FORUM_POST && !phpbb_optionget(FORUM_OPTION_FEED_EXCLUDE, $forum_data['forum_options'])) ? true : false,
- ));
+ );
+
+ /**
+ * Event to modify the navlinks text
+ *
+ * @event core.generate_forum_nav
+ * @var array forum_data Array with the forum data
+ * @var array forum_template_data Array with generic forum template data
+ * @var string microdata_attr The microdata attribute
+ * @var array navlinks_parents Array with the forum parents navlinks data
+ * @var array navlinks Array with the forum navlinks data
+ * @since 3.1.5-RC1
+ */
+ $vars = array(
+ 'forum_data',
+ 'forum_template_data',
+ 'microdata_attr',
+ 'navlinks_parents',
+ 'navlinks',
+ );
+ extract($phpbb_dispatcher->trigger_event('core.generate_forum_nav', compact($vars)));
+
+ $template->assign_block_vars_array('navlinks', $navlinks_parents);
+ $template->assign_block_vars('navlinks', $navlinks);
+ $template->assign_vars($forum_template_data);
return;
}
diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php
index f179b2fd70..89bc31fa25 100644
--- a/phpBB/includes/functions_upload.php
+++ b/phpBB/includes/functions_upload.php
@@ -213,6 +213,8 @@ class filespec
*/
static public function get_extension($filename)
{
+ $filename = utf8_basename($filename);
+
if (strpos($filename, '.') === false)
{
return '';
diff --git a/phpBB/includes/mcp/mcp_front.php b/phpBB/includes/mcp/mcp_front.php
index 500db55456..629b6fd275 100644
--- a/phpBB/includes/mcp/mcp_front.php
+++ b/phpBB/includes/mcp/mcp_front.php
@@ -41,10 +41,27 @@ function mcp_front_view($id, $mode, $action)
if (!empty($forum_list))
{
- $sql = 'SELECT COUNT(post_id) AS total
- FROM ' . POSTS_TABLE . '
- WHERE ' . $db->sql_in_set('forum_id', $forum_list) . '
- AND ' . $db->sql_in_set('post_visibility', array(ITEM_UNAPPROVED, ITEM_REAPPROVE));
+ $sql_ary = array(
+ 'SELECT' => 'COUNT(post_id) AS total',
+ 'FROM' => array(
+ POSTS_TABLE => 'p',
+ ),
+ 'WHERE' => $db->sql_in_set('p.forum_id', $forum_list) . '
+ AND ' . $db->sql_in_set('p.post_visibility', array(ITEM_UNAPPROVED, ITEM_REAPPROVE))
+ );
+
+ /**
+ * Allow altering the query to get the number of unapproved posts
+ *
+ * @event core.mcp_front_queue_unapproved_total_before
+ * @var int sql_ary Query to get the total number of unapproved posts
+ * @var array forum_list List of forums to look for unapproved posts
+ * @since 3.1.5-RC1
+ */
+ $vars = array('sql_ary', 'forum_list');
+ extract($phpbb_dispatcher->trigger_event('core.mcp_front_queue_unapproved_total_before', compact($vars)));
+
+ $sql = $db->sql_build_query('SELECT', $sql_ary);
$result = $db->sql_query($sql);
$total = (int) $db->sql_fetchfield('total');
$db->sql_freeresult($result);
@@ -157,6 +174,18 @@ function mcp_front_view($id, $mode, $action)
AND r.pm_id = 0
AND r.report_closed = 0
AND ' . $db->sql_in_set('p.forum_id', $forum_list);
+
+ /**
+ * Alter sql query to count the number of reported posts
+ *
+ * @event core.mcp_front_reports_count_query_before
+ * @var int sql The query string used to get the number of reports that exist
+ * @var array forum_list List of forums that contain the posts
+ * @since 3.1.5-RC1
+ */
+ $vars = array('sql', 'forum_list');
+ extract($phpbb_dispatcher->trigger_event('core.mcp_front_reports_count_query_before', compact($vars)));
+
$result = $db->sql_query($sql);
$total = (int) $db->sql_fetchfield('total');
$db->sql_freeresult($result);
diff --git a/phpBB/includes/mcp/mcp_main.php b/phpBB/includes/mcp/mcp_main.php
index 1241b8bd0e..10f1a5b8c1 100644
--- a/phpBB/includes/mcp/mcp_main.php
+++ b/phpBB/includes/mcp/mcp_main.php
@@ -226,6 +226,31 @@ class mcp_main
break;
default:
+ if ($quickmod)
+ {
+ switch ($action)
+ {
+ case 'lock':
+ case 'unlock':
+ case 'make_announce':
+ case 'make_sticky':
+ case 'make_global':
+ case 'make_normal':
+ case 'make_onindex':
+ case 'move':
+ case 'fork':
+ case 'delete_topic':
+ trigger_error('TOPIC_NOT_EXIST');
+ break;
+
+ case 'lock_post':
+ case 'unlock_post':
+ case 'delete_post':
+ trigger_error('POST_NOT_EXIST');
+ break;
+ }
+ }
+
trigger_error('NO_MODE', E_USER_ERROR);
break;
}
diff --git a/phpBB/includes/mcp/mcp_reports.php b/phpBB/includes/mcp/mcp_reports.php
index 804d48ea97..ccb54092b4 100644
--- a/phpBB/includes/mcp/mcp_reports.php
+++ b/phpBB/includes/mcp/mcp_reports.php
@@ -489,6 +489,7 @@ function close_report($report_id_list, $mode, $action, $pm = false)
{
$post_id_list[] = $row[$id_column];
}
+ $db->sql_freeresult($result);
$post_id_list = array_unique($post_id_list);
if ($pm)
diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php
index 04a2726d22..63e027cd66 100644
--- a/phpBB/includes/message_parser.php
+++ b/phpBB/includes/message_parser.php
@@ -21,6 +21,19 @@ if (!defined('IN_PHPBB'))
if (!class_exists('bbcode'))
{
+ // The following lines are for extensions which include message_parser.php
+ // while $phpbb_root_path and $phpEx are out of the script scope
+ // which may lead to the 'Undefined variable' and 'failed to open stream' errors
+ if (!isset($phpbb_root_path))
+ {
+ global $phpbb_root_path;
+ }
+
+ if (!isset($phpEx))
+ {
+ global $phpEx;
+ }
+
include($phpbb_root_path . 'includes/bbcode.' . $phpEx);
}
diff --git a/phpBB/includes/ucp/ucp_prefs.php b/phpBB/includes/ucp/ucp_prefs.php
index 1d3fb19f67..3c274b53c7 100644
--- a/phpBB/includes/ucp/ucp_prefs.php
+++ b/phpBB/includes/ucp/ucp_prefs.php
@@ -69,7 +69,7 @@ class ucp_prefs
* @var array data Array with current ucp options data
* @var array error Array with list of errors
* @since 3.1.0-a1
- * @changed 3.1.4-rc1 Added error variable to the event
+ * @changed 3.1.4-RC1 Added error variable to the event
*/
$vars = array('submit', 'data', 'error');
extract($phpbb_dispatcher->trigger_event('core.ucp_prefs_personal_data', compact($vars)));