diff options
Diffstat (limited to 'phpBB/includes')
| -rw-r--r-- | phpBB/includes/acp/acp_styles.php | 21 | ||||
| -rw-r--r-- | phpBB/includes/config/db_text.php | 163 | ||||
| -rw-r--r-- | phpBB/includes/db/migration/data/310/config_db_text.php | 45 | ||||
| -rw-r--r-- | phpBB/includes/db/migrator.php | 6 | ||||
| -rw-r--r-- | phpBB/includes/functions.php | 8 | ||||
| -rw-r--r-- | phpBB/includes/notification/method/jabber.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/notification/type/post.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/notification/type/topic.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/template/filter.php | 13 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_register.php | 1 |
10 files changed, 250 insertions, 13 deletions
diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php index 266495972b..094d84de40 100644 --- a/phpBB/includes/acp/acp_styles.php +++ b/phpBB/includes/acp/acp_styles.php @@ -68,13 +68,20 @@ class acp_styles $action = $this->request->variable('action', ''); $post_actions = array('install', 'activate', 'deactivate', 'uninstall'); + + if ($action && in_array($action, $post_actions) && !check_link_hash($request->variable('hash', ''), $action)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + foreach ($post_actions as $key) { - if (isset($_POST[$key])) + if ($this->request->is_set_post($key)) { $action = $key; } } + if ($action != '') { $this->s_hidden_fields['action'] = $action; @@ -921,21 +928,23 @@ class acp_styles 'L_ACTION' => $this->user->lang['DETAILS'] ); - // Activate + // Activate/Deactive + $action_name = ($style['style_active'] ? 'de' : '') . 'activate'; + $actions[] = array( - 'U_ACTION' => $this->u_action . '&action=' . ($style['style_active'] ? 'de' : '') . 'activate&id=' . $style['style_id'], + 'U_ACTION' => $this->u_action . '&action=' . $action_name . '&hash=' . generate_link_hash($action_name) . '&id=' . $style['style_id'], 'L_ACTION' => $this->user->lang['STYLE_' . ($style['style_active'] ? 'DE' : '') . 'ACTIVATE'] ); /* // Export $actions[] = array( - 'U_ACTION' => $this->u_action . '&action=export&id=' . $style['style_id'], + 'U_ACTION' => $this->u_action . '&action=export&hash=' . generate_link_hash('export') . '&id=' . $style['style_id'], 'L_ACTION' => $this->user->lang['EXPORT'] ); */ // Uninstall $actions[] = array( - 'U_ACTION' => $this->u_action . '&action=uninstall&id=' . $style['style_id'], + 'U_ACTION' => $this->u_action . '&action=uninstall&hash=' . generate_link_hash('uninstall') . '&id=' . $style['style_id'], 'L_ACTION' => $this->user->lang['STYLE_UNINSTALL'] ); @@ -957,7 +966,7 @@ class acp_styles else { $actions[] = array( - 'U_ACTION' => $this->u_action . '&action=install&dir=' . urlencode($style['style_path']), + 'U_ACTION' => $this->u_action . '&action=install&hash=' . generate_link_hash('install') . '&dir=' . urlencode($style['style_path']), 'L_ACTION' => $this->user->lang['INSTALL_STYLE'] ); } diff --git a/phpBB/includes/config/db_text.php b/phpBB/includes/config/db_text.php new file mode 100644 index 0000000000..b365cb5c77 --- /dev/null +++ b/phpBB/includes/config/db_text.php @@ -0,0 +1,163 @@ +<?php +/** +* +* @package phpBB3 +* @copyright (c) 2013 phpBB Group +* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 +* +*/ + +/** +* @ignore +*/ +if (!defined('IN_PHPBB')) +{ + exit; +} + +/** +* Manages configuration options with an arbitrary length value stored in a TEXT +* column. In constrast to class phpbb_config_db, values are never cached and +* prefetched, but every get operation sends a query to the database. +* +* @package phpBB3 +*/ +class phpbb_config_db_text +{ + /** + * Database connection + * @var phpbb_db_driver + */ + protected $db; + + /** + * Name of the database table used. + * @var string + */ + protected $table; + + /** + * @param phpbb_db_driver $db Database connection + * @param string $table Table name + */ + public function __construct(phpbb_db_driver $db, $table) + { + $this->db = $db; + $this->table = $this->db->sql_escape($table); + } + + /** + * Sets the configuration option with the name $key to $value. + * + * @param string $key The configuration option's name + * @param string $value New configuration value + * + * @return null + */ + public function set($key, $value) + { + $this->set_array(array($key => $value)); + } + + /** + * Gets the configuration value for the name $key. + * + * @param string $key The configuration option's name + * + * @return string|null String result on success + * null if there is no such option + */ + public function get($key) + { + $map = $this->get_array(array($key)); + + return isset($map[$key]) ? $map[$key] : null; + } + + /** + * Removes the configuration option with the name $key. + * + * @param string $key The configuration option's name + * + * @return null + */ + public function delete($key) + { + $this->delete_array(array($key)); + } + + /** + * Mass set configuration options: Receives an associative array, + * treats array keys as configuration option names and associated + * array values as their configuration option values. + * + * @param array $map Map from configuration names to values + * + * @return null + */ + public function set_array(array $map) + { + $this->db->sql_transaction('begin'); + + foreach ($map as $key => $value) + { + $sql = 'UPDATE ' . $this->table . " + SET config_value = '" . $this->db->sql_escape($value) . "' + WHERE config_name = '" . $this->db->sql_escape($key) . "'"; + $result = $this->db->sql_query($sql); + + if (!$this->db->sql_affectedrows($result)) + { + $sql = 'INSERT INTO ' . $this->table . ' ' . $this->db->sql_build_array('INSERT', array( + 'config_name' => $key, + 'config_value' => $value, + )); + $this->db->sql_query($sql); + } + } + + $this->db->sql_transaction('commit'); + } + + /** + * Mass get configuration options: Receives a set of configuration + * option names and returns the result as a key => value map where + * array keys are configuration option names and array values are + * associated config option values. + * + * @param array $keys Set of configuration option names + * + * @return array Map from configuration names to values + */ + public function get_array(array $keys) + { + $sql = 'SELECT * + FROM ' . $this->table . ' + WHERE ' . $this->db->sql_in_set('config_name', $keys, false, true); + $result = $this->db->sql_query($sql); + + $map = array(); + while ($row = $this->db->sql_fetchrow($result)) + { + $map[$row['config_name']] = $row['config_value']; + } + $this->db->sql_freeresult($result); + + return $map; + } + + /** + * Mass delete configuration options. + * + * @param array $keys Set of configuration option names + * + * @return null + */ + public function delete_array(array $keys) + { + $sql = 'DELETE + FROM ' . $this->table . ' + WHERE ' . $this->db->sql_in_set('config_name', $keys, false, true); + $result = $this->db->sql_query($sql); + } +} diff --git a/phpBB/includes/db/migration/data/310/config_db_text.php b/phpBB/includes/db/migration/data/310/config_db_text.php new file mode 100644 index 0000000000..89f211adda --- /dev/null +++ b/phpBB/includes/db/migration/data/310/config_db_text.php @@ -0,0 +1,45 @@ +<?php +/** +* +* @package migration +* @copyright (c) 2013 phpBB Group +* @license http://opensource.org/licenses/gpl-license.php GNU Public License v2 +* +*/ + +class phpbb_db_migration_data_310_config_db_text extends phpbb_db_migration +{ + public function effectively_installed() + { + return $this->db_tools->sql_table_exists($this->table_prefix . 'config_text'); + } + + static public function depends_on() + { + return array('phpbb_db_migration_data_30x_3_0_11'); + } + + public function update_schema() + { + return array( + 'add_tables' => array( + $this->table_prefix . 'config_text' => array( + 'COLUMNS' => array( + 'config_name' => array('VCHAR', ''), + 'config_value' => array('MTEXT', ''), + ), + 'PRIMARY_KEY' => 'config_name', + ), + ), + ); + } + + public function revert_schema() + { + return array( + 'drop_tables' => array( + $this->table_prefix . 'config_text', + ), + ); + } +} diff --git a/phpBB/includes/db/migrator.php b/phpBB/includes/db/migrator.php index 9d7cede95b..ca3ffc8043 100644 --- a/phpBB/includes/db/migrator.php +++ b/phpBB/includes/db/migrator.php @@ -362,6 +362,12 @@ class phpbb_db_migrator { $state = ($state) ? unserialize($state) : false; + // reverse order of steps if reverting + if ($revert === true) + { + $steps = array_reverse($steps); + } + foreach ($steps as $step_identifier => $step) { $last_result = false; diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index c0fd3918dc..98a2c0db79 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -3158,8 +3158,9 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo 'YES_VALUE' => $user->lang['YES'], 'S_CONFIRM_ACTION' => $u_action, - 'S_HIDDEN_FIELDS' => $hidden . $s_hidden_fields) - ); + 'S_HIDDEN_FIELDS' => $hidden . $s_hidden_fields, + 'S_AJAX_REQUEST' => $request->is_ajax(), + )); $sql = 'UPDATE ' . USERS_TABLE . " SET user_last_confirm_key = '" . $db->sql_escape($confirm_key) . "' WHERE user_id = " . $user->data['user_id']; @@ -3171,8 +3172,9 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo $u_action .= '&confirm_uid=' . $user->data['user_id'] . '&sess=' . $user->session_id . '&sid=' . $user->session_id; $json_response = new phpbb_json_response; $json_response->send(array( + 'MESSAGE_BODY' => $template->assign_display('body'), 'MESSAGE_TITLE' => (!isset($user->lang[$title])) ? $user->lang['CONFIRM'] : $user->lang[$title], - 'MESSAGE_TEXT' => (!isset($user->lang[$title . '_CONFIRM'])) ? $title : $user->lang[$title . '_CONFIRM'], + 'MESSAGE_TEXT' => (!isset($user->lang[$title . '_CONFIRM'])) ? $title : $user->lang[$title . '_CONFIRM'], 'YES_VALUE' => $user->lang['YES'], 'S_CONFIRM_ACTION' => str_replace('&', '&', $u_action), //inefficient, rewrite whole function diff --git a/phpBB/includes/notification/method/jabber.php b/phpBB/includes/notification/method/jabber.php index e3eb571fbc..863846b8a5 100644 --- a/phpBB/includes/notification/method/jabber.php +++ b/phpBB/includes/notification/method/jabber.php @@ -53,7 +53,7 @@ class phpbb_notification_method_jabber extends phpbb_notification_method_email */ public function is_available() { - return ($this->global_available() && $this->user->data['jabber']); + return ($this->global_available() && $this->user->data['user_jabber']); } /** diff --git a/phpBB/includes/notification/type/post.php b/phpBB/includes/notification/type/post.php index ddfa720e5e..d8ffdea81d 100644 --- a/phpBB/includes/notification/type/post.php +++ b/phpBB/includes/notification/type/post.php @@ -216,7 +216,7 @@ class phpbb_notification_type_post extends phpbb_notification_type_base } else { - $username = $this->user_loader->get_username($this->get_data('poster_id'), 'no_profile'); + $username = $this->user_loader->get_username($this->get_data('poster_id'), 'username'); } return array( diff --git a/phpBB/includes/notification/type/topic.php b/phpBB/includes/notification/type/topic.php index 2549b29409..22436d3fb1 100644 --- a/phpBB/includes/notification/type/topic.php +++ b/phpBB/includes/notification/type/topic.php @@ -178,7 +178,7 @@ class phpbb_notification_type_topic extends phpbb_notification_type_base } else { - $username = $this->user_loader->get_username($this->get_data('poster_id'), 'no_profile'); + $username = $this->user_loader->get_username($this->get_data('poster_id'), 'username'); } return array( diff --git a/phpBB/includes/template/filter.php b/phpBB/includes/template/filter.php index f73ad28ba1..9e8ad2fef0 100644 --- a/phpBB/includes/template/filter.php +++ b/phpBB/includes/template/filter.php @@ -843,7 +843,18 @@ class phpbb_template_filter extends php_user_filter return 'unset(' . (($match[1]) ? $this->generate_block_data_ref(substr($match[1], 0, -1), true, true) . '[\'' . $match[2] . '\']' : '$_tpldata[\'DEFINE\'][\'.\'][\'' . $match[2] . '\']') . ');'; } - $parsed_statement = implode(' ', $this->compile_expression($match[3])); + /* + * Define tags that contain template variables (enclosed in curly brackets) + * need to be treated differently. + */ + if (substr($match[3], 1, 1) == '{' && substr($match[3], -2, 1) == '}') + { + $parsed_statement = implode(' ', $this->compile_expression(substr($match[3], 2, -2))); + } + else + { + $parsed_statement = implode(' ', $this->compile_expression($match[3])); + } return (($match[1]) ? $this->generate_block_data_ref(substr($match[1], 0, -1), true, true) . '[\'' . $match[2] . '\']' : '$_tpldata[\'DEFINE\'][\'.\'][\'' . $match[2] . '\']') . ' = ' . $parsed_statement . ';'; } diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php index c57aec00a0..1de38fddb7 100644 --- a/phpBB/includes/ucp/ucp_register.php +++ b/phpBB/includes/ucp/ucp_register.php @@ -457,6 +457,7 @@ class ucp_register 'S_LANG_OPTIONS' => language_select($data['lang']), 'S_TZ_OPTIONS' => $timezone_selects['tz_select'], 'S_TZ_DATE_OPTIONS' => $timezone_selects['tz_dates'], + 'S_TZ_PRESELECT' => !$submit, 'S_CONFIRM_REFRESH' => ($config['enable_confirm'] && $config['confirm_refresh']) ? true : false, 'S_REGISTRATION' => true, 'S_COPPA' => $coppa, |