aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes')
-rw-r--r--phpBB/includes/acp/acp_bbcodes.php17
-rw-r--r--phpBB/includes/acp/acp_forums.php33
-rw-r--r--phpBB/includes/acp/acp_prune.php1
-rw-r--r--phpBB/includes/functions_admin.php30
-rw-r--r--phpBB/includes/functions_display.php9
-rw-r--r--phpBB/includes/functions_posting.php42
-rw-r--r--phpBB/includes/functions_user.php5
-rw-r--r--phpBB/includes/message_parser.php29
-rw-r--r--phpBB/includes/ucp/ucp_pm_compose.php7
-rw-r--r--phpBB/includes/utf/utf_tools.php43
10 files changed, 177 insertions, 39 deletions
diff --git a/phpBB/includes/acp/acp_bbcodes.php b/phpBB/includes/acp/acp_bbcodes.php
index 1f7374a07f..bd8df6a63b 100644
--- a/phpBB/includes/acp/acp_bbcodes.php
+++ b/phpBB/includes/acp/acp_bbcodes.php
@@ -33,7 +33,6 @@ class acp_bbcodes
// Set up general vars
$action = $request->variable('action', '');
$bbcode_id = $request->variable('bbcode', 0);
- $submit = $request->is_set_post('submit');
$this->tpl_name = 'acp_bbcodes';
$this->page_title = 'ACP_BBCODES';
@@ -41,11 +40,6 @@ class acp_bbcodes
add_form_key($form_key);
- if ($submit && !check_form_key($form_key))
- {
- trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
- }
-
// Set up mode-specific vars
switch ($action)
{
@@ -179,6 +173,12 @@ class acp_bbcodes
extract($phpbb_dispatcher->trigger_event('core.acp_bbcodes_modify_create', compact($vars)));
$warn_text = preg_match('%<[^>]*\{text[\d]*\}[^>]*>%i', $bbcode_tpl);
+
+ if (!$warn_text && !check_form_key($form_key))
+ {
+ trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+ }
+
if (!$warn_text || confirm_box(true))
{
$data = $this->build_regexp($bbcode_match, $bbcode_tpl);
@@ -211,11 +211,6 @@ class acp_bbcodes
$test = $data['bbcode_tag'];
}
- if (!preg_match('%\\[' . $test . '[^]]*].*?\\[/' . $test . ']%s', $bbcode_match))
- {
- trigger_error($user->lang['BBCODE_OPEN_ENDED_TAG'] . adm_back_link($this->u_action), E_USER_WARNING);
- }
-
if (strlen($data['bbcode_tag']) > 16)
{
trigger_error($user->lang['BBCODE_TAG_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);
diff --git a/phpBB/includes/acp/acp_forums.php b/phpBB/includes/acp/acp_forums.php
index cb0593b14a..22c775b7c3 100644
--- a/phpBB/includes/acp/acp_forums.php
+++ b/phpBB/includes/acp/acp_forums.php
@@ -986,10 +986,20 @@ class acp_forums
$errors[] = $user->lang['FORUM_NAME_EMPTY'];
}
- // No Emojis
+ /**
+ * Replace Emojis and other 4bit UTF-8 chars not allowed by MySql to UCR / NCR.
+ * Using their Numeric Character Reference's Hexadecimal notation.
+ */
+ $forum_data_ary['forum_name'] = utf8_encode_ucr($forum_data_ary['forum_name']);
+
+ /**
+ * This should never happen again.
+ * Leaving the fallback here just in case there will be the need of it.
+ */
if (preg_match_all('/[\x{10000}-\x{10FFFF}]/u', $forum_data_ary['forum_name'], $matches))
{
$character_list = implode('<br>', $matches[0]);
+
$errors[] = $user->lang('FORUM_NAME_EMOJI', $character_list);
}
@@ -1423,8 +1433,8 @@ class acp_forums
* This event may be triggered, when a forum is deleted
*
* @event core.acp_manage_forums_move_children
- * @var int from_id If of the current parent forum
- * @var int to_id If of the new parent forum
+ * @var int from_id Id of the current parent forum
+ * @var int to_id Id of the new parent forum
* @var array errors Array of errors, should be strings and not
* language key.
* @since 3.1.0-a1
@@ -1529,8 +1539,8 @@ class acp_forums
* Event when we move content from one forum to another
*
* @event core.acp_manage_forums_move_content
- * @var int from_id If of the current parent forum
- * @var int to_id If of the new parent forum
+ * @var int from_id Id of the current parent forum
+ * @var int to_id Id of the new parent forum
* @var bool sync Shall we sync the "to"-forum's data
* @var array errors Array of errors, should be strings and not
* language key. If this array is not empty,
@@ -1576,6 +1586,19 @@ class acp_forums
$db->sql_query($sql);
}
+ /**
+ * Event when content has been moved from one forum to another
+ *
+ * @event core.acp_manage_forums_move_content_after
+ * @var int from_id Id of the current parent forum
+ * @var int to_id Id of the new parent forum
+ * @var bool sync Shall we sync the "to"-forum's data
+ *
+ * @since 3.2.9-RC1
+ */
+ $vars = array('from_id', 'to_id', 'sync');
+ extract($phpbb_dispatcher->trigger_event('core.acp_manage_forums_move_content_after', compact($vars)));
+
if ($sync)
{
// Delete ghost topics that link back to the same forum then resync counters
diff --git a/phpBB/includes/acp/acp_prune.php b/phpBB/includes/acp/acp_prune.php
index 3eee4f7922..c5f7789de8 100644
--- a/phpBB/includes/acp/acp_prune.php
+++ b/phpBB/includes/acp/acp_prune.php
@@ -537,6 +537,7 @@ class acp_prune
AND ug.user_id <> ' . ANONYMOUS . '
AND u.user_type <> ' . USER_FOUNDER . '
AND ug.user_pending = 0
+ AND ug.group_leader = 0
AND u.user_id = ug.user_id
' . (!empty($user_ids) ? ' AND ' . $db->sql_in_set('ug.user_id', $user_ids) : '');
$result = $db->sql_query($sql);
diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php
index c19d48b0be..cc82fdbda3 100644
--- a/phpBB/includes/functions_admin.php
+++ b/phpBB/includes/functions_admin.php
@@ -543,6 +543,20 @@ function move_topics($topic_ids, $forum_id, $auto_sync = true)
$topic_ids = array($topic_ids);
}
+ /**
+ * Perform additional actions before topics move
+ *
+ * @event core.move_topics_before
+ * @var array topic_ids Array of the moved topic ids
+ * @var string forum_id The forum id from where the topics are moved
+ * @since 3.2.9-RC1
+ */
+ $vars = array(
+ 'topic_ids',
+ 'forum_id',
+ );
+ extract($phpbb_dispatcher->trigger_event('core.move_topics_before', compact($vars)));
+
$sql = 'DELETE FROM ' . TOPICS_TABLE . '
WHERE ' . $db->sql_in_set('topic_moved_id', $topic_ids) . '
AND forum_id = ' . $forum_id;
@@ -593,6 +607,22 @@ function move_topics($topic_ids, $forum_id, $auto_sync = true)
}
unset($table_ary);
+ /**
+ * Perform additional actions after topics move
+ *
+ * @event core.move_topics_after
+ * @var array topic_ids Array of the moved topic ids
+ * @var string forum_id The forum id from where the topics were moved
+ * @var array forum_ids Array of the forums where the topics were moved (includes also forum_id)
+ * @since 3.2.9-RC1
+ */
+ $vars = array(
+ 'topic_ids',
+ 'forum_id',
+ 'forum_ids',
+ );
+ extract($phpbb_dispatcher->trigger_event('core.move_topics_after', compact($vars)));
+
if ($auto_sync)
{
sync('forum', 'forum_id', $forum_ids, true, true);
diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php
index 3a2f4a7249..e4adce14fc 100644
--- a/phpBB/includes/functions_display.php
+++ b/phpBB/includes/functions_display.php
@@ -70,7 +70,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
$data = array(
'NO_UNREAD_POSTS' => $user->lang['NO_UNREAD_POSTS'],
'UNREAD_POSTS' => $user->lang['UNREAD_POSTS'],
- 'U_MARK_FORUMS' => ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}index.$phpEx", 'hash=' . generate_link_hash('global') . '&mark=forums&mark_time=' . time()) : '',
+ 'U_MARK_FORUMS' => ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}index.$phpEx", 'hash=' . generate_link_hash('global') . '&mark=forums&mark_time=' . time(), false) : '',
'MESSAGE_TITLE' => $user->lang['INFORMATION'],
'MESSAGE_TEXT' => $user->lang['FORUMS_MARKED']
);
@@ -355,7 +355,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
$data = array(
'NO_UNREAD_POSTS' => $user->lang['NO_UNREAD_POSTS'],
'UNREAD_POSTS' => $user->lang['UNREAD_POSTS'],
- 'U_MARK_FORUMS' => ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'hash=' . generate_link_hash('global') . '&f=' . $root_data['forum_id'] . '&mark=forums&mark_time=' . time()) : '',
+ 'U_MARK_FORUMS' => ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'hash=' . generate_link_hash('global') . '&f=' . $root_data['forum_id'] . '&mark=forums&mark_time=' . time(), false) : '',
'MESSAGE_TITLE' => $user->lang['INFORMATION'],
'MESSAGE_TEXT' => $user->lang['FORUMS_MARKED']
);
@@ -548,11 +548,12 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
$last_post_subject = $last_post_subject_truncated = '';
}
$last_post_time = $user->format_date($row['forum_last_post_time']);
+ $last_post_time_rfc3339 = gmdate(DATE_RFC3339, $row['forum_last_post_time']);
$last_post_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id_last_post'] . '&amp;p=' . $row['forum_last_post_id']) . '#p' . $row['forum_last_post_id'];
}
else
{
- $last_post_subject = $last_post_time = $last_post_url = $last_post_subject_truncated = '';
+ $last_post_subject = $last_post_time = $last_post_time_rfc3339 = $last_post_url = $last_post_subject_truncated = '';
}
// Output moderator listing ... if applicable
@@ -623,6 +624,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
'LAST_POST_SUBJECT' => $last_post_subject,
'LAST_POST_SUBJECT_TRUNCATED' => $last_post_subject_truncated,
'LAST_POST_TIME' => $last_post_time,
+ 'LAST_POST_TIME_RFC3339'=> $last_post_time_rfc3339,
'LAST_POSTER' => get_username_string('username', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']),
'LAST_POSTER_COLOUR' => get_username_string('colour', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']),
'LAST_POSTER_FULL' => get_username_string('full', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']),
@@ -1118,7 +1120,6 @@ function display_custom_bbcodes()
'BBCODE_TAG' => $row['bbcode_tag'],
'BBCODE_TAG_CLEAN' => str_replace('=', '-', $row['bbcode_tag']),
'BBCODE_HELPLINE' => $row['bbcode_helpline'],
- 'A_BBCODE_HELPLINE' => str_replace(array('&amp;', '&quot;', "'", '&lt;', '&gt;'), array('&', '"', "\'", '<', '>'), $row['bbcode_helpline']),
);
/**
diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php
index 2cce77e092..1956f65666 100644
--- a/phpBB/includes/functions_posting.php
+++ b/phpBB/includes/functions_posting.php
@@ -52,9 +52,29 @@ function generate_smilies($mode, $forum_id)
page_header($user->lang['SMILIES']);
- $sql = 'SELECT COUNT(smiley_id) AS item_count
- FROM ' . SMILIES_TABLE . '
- GROUP BY smiley_url';
+ $sql_ary = [
+ 'SELECT' => 'COUNT(s.smiley_id) AS item_count',
+ 'FROM' => [
+ SMILIES_TABLE => 's',
+ ],
+ 'GROUP_BY' => 's.smiley_url',
+ ];
+
+ /**
+ * Modify SQL query that fetches the total number of smilies in window mode
+ *
+ * @event core.generate_smilies_count_sql_before
+ * @var int forum_id Forum where smilies are generated
+ * @var array sql_ary Array with the SQL query
+ * @since 3.2.9-RC1
+ */
+ $vars = [
+ 'forum_id',
+ 'sql_ary',
+ ];
+ extract($phpbb_dispatcher->trigger_event('core.generate_smilies_count_sql_before', compact($vars)));
+
+ $sql = $db->sql_build_query('SELECT', $sql_ary);
$result = $db->sql_query($sql, 3600);
$smiley_count = 0;
@@ -114,6 +134,22 @@ function generate_smilies($mode, $forum_id)
}
$db->sql_freeresult($result);
+ /**
+ * Modify smilies before they are assigned to the template
+ *
+ * @event core.generate_smilies_modify_rowset
+ * @var string mode Smiley mode, either window or inline
+ * @var int forum_id Forum where smilies are generated
+ * @var array smilies Smiley rows fetched from the database
+ * @since 3.2.9-RC1
+ */
+ $vars = [
+ 'mode',
+ 'forum_id',
+ 'smilies',
+ ];
+ extract($phpbb_dispatcher->trigger_event('core.generate_smilies_modify_rowset', compact($vars)));
+
if (count($smilies))
{
$root_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? generate_board_url() . '/' : $phpbb_path_helper->get_web_root_path();
diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php
index 3bf4aa16b7..e0b6a9d0c6 100644
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@@ -1945,9 +1945,10 @@ function validate_user_email($email, $allowed_email = false)
return $validate_email;
}
- if (($ban = $user->check_ban(false, false, $email, true)) !== false)
+ $ban = $user->check_ban(false, false, $email, true);
+ if (!empty($ban))
{
- return ($ban === true) ? 'EMAIL_BANNED' : (!empty($ban['ban_give_reason']) ? $ban['ban_give_reason'] : $ban);
+ return !empty($ban['ban_give_reason']) ? $ban['ban_give_reason'] : 'EMAIL_BANNED';
}
if (!$config['allow_emailreuse'])
diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php
index 0b79cca864..e1c28223dc 100644
--- a/phpBB/includes/message_parser.php
+++ b/phpBB/includes/message_parser.php
@@ -1525,6 +1525,35 @@ class parse_message extends bbcode_firstpass
}
/**
+ * Check attachment form token depending on submit type
+ *
+ * @param \phpbb\language\language $language Language
+ * @param \phpbb\request\request_interface $request Request
+ * @param string $form_name Form name for checking form key
+ *
+ * @return bool True if form token is not needed or valid, false if needed and invalid
+ */
+ function check_attachment_form_token(\phpbb\language\language $language, \phpbb\request\request_interface $request, $form_name)
+ {
+ $add_file = $request->is_set_post('add_file');
+ $delete_file = $request->is_set_post('delete_file');
+
+ if (($add_file || $delete_file) && !check_form_key($form_name))
+ {
+ $this->warn_msg[] = $language->lang('FORM_INVALID');
+
+ if ($request->is_ajax() && $this->plupload)
+ {
+ $this->plupload->emit_error(-400, 'FORM_INVALID');
+ }
+
+ return false;
+ }
+
+ return true;
+ }
+
+ /**
* Parse Attachments
*/
function parse_attachments($form_name, $mode, $forum_id, $submit, $preview, $refresh, $is_message = false)
diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php
index cb45112b01..06baa279a5 100644
--- a/phpBB/includes/ucp/ucp_pm_compose.php
+++ b/phpBB/includes/ucp/ucp_pm_compose.php
@@ -26,7 +26,7 @@ if (!defined('IN_PHPBB'))
function compose_pm($id, $mode, $action, $user_folders = array())
{
global $template, $db, $auth, $user, $cache;
- global $phpbb_root_path, $phpEx, $config;
+ global $phpbb_root_path, $phpEx, $config, $language;
global $request, $phpbb_dispatcher, $phpbb_container;
// Damn php and globals - i know, this is horrible
@@ -799,7 +799,10 @@ function compose_pm($id, $mode, $action, $user_folders = array())
extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_modify_parse_before', compact($vars)));
// Parse Attachments - before checksum is calculated
- $message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true);
+ if ($message_parser->check_attachment_form_token($language, $request, 'ucp_pm_compose'))
+ {
+ $message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true);
+ }
if (count($message_parser->warn_msg) && !($remove_u || $remove_g || $add_to || $add_bcc))
{
diff --git a/phpBB/includes/utf/utf_tools.php b/phpBB/includes/utf/utf_tools.php
index 89de454427..bb155aeae5 100644
--- a/phpBB/includes/utf/utf_tools.php
+++ b/phpBB/includes/utf/utf_tools.php
@@ -418,24 +418,43 @@ function utf8_recode($string, $encoding)
}
/**
-* Replace all UTF-8 chars that are not in ASCII with their NCR
-*
-* @param string $text UTF-8 string in NFC
-* @return string ASCII string using NCRs for non-ASCII chars
-*/
+ * Replace some special UTF-8 chars that are not in ASCII with their UCR.
+ * using their Numeric Character Reference's Hexadecimal notation.
+ *
+ * Doesn't interfere with Japanese or Cyrillic etc.
+ * Unicode character visualization will depend on the character support
+ * of your web browser and the fonts installed on your system.
+ *
+ * @see https://en.wikibooks.org/wiki/Unicode/Character_reference/1F000-1FFFF
+ *
+ * @param string $text UTF-8 string in NFC
+ * @return string ASCII string using NCR for non-ASCII chars
+ */
+function utf8_encode_ucr($text)
+{
+ return preg_replace_callback('/[\\xF0-\\xF4].../', 'utf8_encode_ncr_callback', $text);
+}
+
+/**
+ * Replace all UTF-8 chars that are not in ASCII with their NCR
+ * using their Numeric Character Reference's Hexadecimal notation.
+ *
+ * @param string $text UTF-8 string in NFC
+ * @return string ASCII string using NCRs for non-ASCII chars
+ */
function utf8_encode_ncr($text)
{
return preg_replace_callback('#[\\xC2-\\xF4][\\x80-\\xBF]{1,3}#', 'utf8_encode_ncr_callback', $text);
}
/**
-* Callback used in encode_ncr()
-*
-* Takes a UTF-8 char and replaces it with its NCR. Attention, $m is an array
-*
-* @param array $m 0-based numerically indexed array passed by preg_replace_callback()
-* @return string A HTML NCR if the character is valid, or the original string otherwise
-*/
+ * Callback used in utf8_encode_ncr() and utf8_encode_ucr()
+ *
+ * Takes a UTF-8 char and replaces it with its NCR. Attention, $m is an array
+ *
+ * @param array $m 0-based numerically indexed array passed by preg_replace_callback()
+ * @return string A HTML NCR if the character is valid, or the original string otherwise
+ */
function utf8_encode_ncr_callback($m)
{
return '&#' . utf8_ord($m[0]) . ';';
generated by cgit v1.2.1 (git 2.21.0) at 2025-05-25 21:09:28 +0000