aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes')
-rw-r--r--phpBB/includes/acp/acp_extensions.php17
-rw-r--r--phpBB/includes/acp/acp_groups.php2
-rw-r--r--phpBB/includes/acp/acp_users.php2
-rw-r--r--phpBB/includes/functions_display.php4
-rw-r--r--phpBB/includes/functions_install.php48
-rw-r--r--phpBB/includes/ucp/ucp_groups.php2
-rw-r--r--phpBB/includes/ucp/ucp_profile.php2
7 files changed, 65 insertions, 12 deletions
diff --git a/phpBB/includes/acp/acp_extensions.php b/phpBB/includes/acp/acp_extensions.php
index c5c17cb559..c21c9f4e9d 100644
--- a/phpBB/includes/acp/acp_extensions.php
+++ b/phpBB/includes/acp/acp_extensions.php
@@ -55,6 +55,11 @@ class acp_extensions
$ext_name = '';
}
+ if (in_array($action, array('enable', 'disable', 'delete_data')) && !check_link_hash($request->variable('hash', ''), $action . '.' . $ext_name))
+ {
+ trigger_error('FORM_INVALID', E_USER_WARNING);
+ }
+
// If they've specified an extension, let's load the metadata manager and validate it.
if ($ext_name)
{
@@ -98,7 +103,7 @@ class acp_extensions
$template->assign_vars(array(
'PRE' => true,
'L_CONFIRM_MESSAGE' => $this->user->lang('EXTENSION_ENABLE_CONFIRM', $md_manager->get_metadata('display-name')),
- 'U_ENABLE' => $this->u_action . '&action=enable&ext_name=' . urlencode($ext_name),
+ 'U_ENABLE' => $this->u_action . '&action=enable&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('enable.' . $ext_name),
));
break;
@@ -117,7 +122,7 @@ class acp_extensions
{
$template->assign_var('S_NEXT_STEP', true);
- meta_refresh(0, $this->u_action . '&action=enable&ext_name=' . urlencode($ext_name));
+ meta_refresh(0, $this->u_action . '&action=enable&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('enable.' . $ext_name));
}
}
}
@@ -144,7 +149,7 @@ class acp_extensions
$template->assign_vars(array(
'PRE' => true,
'L_CONFIRM_MESSAGE' => $this->user->lang('EXTENSION_DISABLE_CONFIRM', $md_manager->get_metadata('display-name')),
- 'U_DISABLE' => $this->u_action . '&action=disable&ext_name=' . urlencode($ext_name),
+ 'U_DISABLE' => $this->u_action . '&action=disable&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('disable.' . $ext_name),
));
break;
@@ -156,7 +161,7 @@ class acp_extensions
{
$template->assign_var('S_NEXT_STEP', true);
- meta_refresh(0, $this->u_action . '&action=disable&ext_name=' . urlencode($ext_name));
+ meta_refresh(0, $this->u_action . '&action=disable&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('disable.' . $ext_name));
}
}
@@ -177,7 +182,7 @@ class acp_extensions
$template->assign_vars(array(
'PRE' => true,
'L_CONFIRM_MESSAGE' => $this->user->lang('EXTENSION_DELETE_DATA_CONFIRM', $md_manager->get_metadata('display-name')),
- 'U_PURGE' => $this->u_action . '&action=delete_data&ext_name=' . urlencode($ext_name),
+ 'U_PURGE' => $this->u_action . '&action=delete_data&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('delete_data.' . $ext_name),
));
break;
@@ -191,7 +196,7 @@ class acp_extensions
{
$template->assign_var('S_NEXT_STEP', true);
- meta_refresh(0, $this->u_action . '&action=delete_data&ext_name=' . urlencode($ext_name));
+ meta_refresh(0, $this->u_action . '&action=delete_data&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('delete_data.' . $ext_name));
}
}
}
diff --git a/phpBB/includes/acp/acp_groups.php b/phpBB/includes/acp/acp_groups.php
index ad29a5521b..8f417e753c 100644
--- a/phpBB/includes/acp/acp_groups.php
+++ b/phpBB/includes/acp/acp_groups.php
@@ -324,7 +324,7 @@ class acp_groups
$avatar_drivers = $phpbb_avatar_manager->get_enabled_drivers();
// This is normalised data, without the group_ prefix
- $avatar_data = \phpbb\avatar\manager::clean_row($group_row);
+ $avatar_data = \phpbb\avatar\manager::clean_row($group_row, 'group');
}
diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php
index fd9c17f171..6b86cb4a5a 100644
--- a/phpBB/includes/acp/acp_users.php
+++ b/phpBB/includes/acp/acp_users.php
@@ -1745,7 +1745,7 @@ class acp_users
$avatar_drivers = $phpbb_avatar_manager->get_enabled_drivers();
// This is normalised data, without the user_ prefix
- $avatar_data = \phpbb\avatar\manager::clean_row($user_row);
+ $avatar_data = \phpbb\avatar\manager::clean_row($user_row, 'user');
if ($submit)
{
diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php
index c6ab5df90f..f03e4c01d0 100644
--- a/phpBB/includes/functions_display.php
+++ b/phpBB/includes/functions_display.php
@@ -1352,7 +1352,7 @@ function get_user_rank($user_rank, $user_posts, &$rank_title, &$rank_img, &$rank
*/
function phpbb_get_user_avatar($user_row, $alt = 'USER_AVATAR', $ignore_config = false)
{
- $row = \phpbb\avatar\manager::clean_row($user_row);
+ $row = \phpbb\avatar\manager::clean_row($user_row, 'user');
return phpbb_get_avatar($row, $alt, $ignore_config);
}
@@ -1367,7 +1367,7 @@ function phpbb_get_user_avatar($user_row, $alt = 'USER_AVATAR', $ignore_config =
*/
function phpbb_get_group_avatar($user_row, $alt = 'GROUP_AVATAR', $ignore_config = false)
{
- $row = \phpbb\avatar\manager::clean_row($user_row);
+ $row = \phpbb\avatar\manager::clean_row($user_row, 'group');
return phpbb_get_avatar($row, $alt, $ignore_config);
}
diff --git a/phpBB/includes/functions_install.php b/phpBB/includes/functions_install.php
index 1be6e49471..deb304b838 100644
--- a/phpBB/includes/functions_install.php
+++ b/phpBB/includes/functions_install.php
@@ -533,3 +533,51 @@ function phpbb_create_config_file_data($data, $dbms, $debug = false, $debug_test
return $config_data;
}
+
+/**
+* Check whether a file should be ignored on update
+*
+* We ignore new files in some circumstances:
+* 1. The file is a language file, but the language is not installed
+* 2. The file is a style file, but the style is not installed
+* 3. The file is a style language file, but the language is not installed
+*
+* @param string $phpbb_root_path phpBB root path
+* @param string $file File including path from phpbb root
+* @return bool Should we ignore the new file or add it to the board?
+*/
+function phpbb_ignore_new_file_on_update($phpbb_root_path, $file)
+{
+ $ignore_new_file = false;
+
+ // We ignore new files in some circumstances:
+ // 1. The file is a language file, but the language is not installed
+ if (!$ignore_new_file && strpos($file, 'language/') === 0)
+ {
+ list($language_dir, $language_iso) = explode('/', $file);
+ $ignore_new_file = !file_exists($phpbb_root_path . $language_dir . '/' . $language_iso);
+ }
+
+ // 2. The file is a style file, but the style is not installed
+ if (!$ignore_new_file && strpos($file, 'styles/') === 0)
+ {
+ list($styles_dir, $style_name) = explode('/', $file);
+ $ignore_new_file = !file_exists($phpbb_root_path . $styles_dir . '/' . $style_name);
+ }
+
+ // 3. The file is a style language file, but the language is not installed
+ if (!$ignore_new_file && strpos($file, 'styles/') === 0)
+ {
+ $dirs = explode('/', $file);
+ if (sizeof($dirs) >= 5)
+ {
+ list($styles_dir, $style_name, $template_component, $language_iso) = explode('/', $file);
+ if ($template_component == 'theme' && $language_iso !== 'images')
+ {
+ $ignore_new_file = !file_exists($phpbb_root_path . 'language/' . $language_iso);
+ }
+ }
+ }
+
+ return $ignore_new_file;
+}
diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php
index a75d2e9bfc..32b27b55b4 100644
--- a/phpBB/includes/ucp/ucp_groups.php
+++ b/phpBB/includes/ucp/ucp_groups.php
@@ -465,7 +465,7 @@ class ucp_groups
$avatar_drivers = $phpbb_avatar_manager->get_enabled_drivers();
// This is normalised data, without the group_ prefix
- $avatar_data = \phpbb\avatar\manager::clean_row($group_row);
+ $avatar_data = \phpbb\avatar\manager::clean_row($group_row, 'group');
}
// Did we submit?
diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php
index 3f58ce20b4..f7c6aca9e8 100644
--- a/phpBB/includes/ucp/ucp_profile.php
+++ b/phpBB/includes/ucp/ucp_profile.php
@@ -567,7 +567,7 @@ class ucp_profile
$avatar_drivers = $phpbb_avatar_manager->get_enabled_drivers();
// This is normalised data, without the user_ prefix
- $avatar_data = \phpbb\avatar\manager::clean_row($user->data);
+ $avatar_data = \phpbb\avatar\manager::clean_row($user->data, 'user');
if ($submit)
{
generated by cgit v1.2.1 (git 2.21.0) at 2025-08-16 10:57:27 +0000