aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes')
-rw-r--r--phpBB/includes/acp/acp_database.php12
-rw-r--r--phpBB/includes/acp/acp_styles.php2
-rw-r--r--phpBB/includes/acp/acp_users.php8
-rw-r--r--phpBB/includes/bbcode.php2
-rw-r--r--phpBB/includes/cache/service.php55
-rw-r--r--phpBB/includes/db/dbal.php12
-rw-r--r--phpBB/includes/db/mssql.php8
-rw-r--r--phpBB/includes/db/mssql_odbc.php8
-rw-r--r--phpBB/includes/db/mssqlnative.php8
-rw-r--r--phpBB/includes/functions.php32
-rw-r--r--phpBB/includes/functions_admin.php3
-rw-r--r--phpBB/includes/functions_display.php2
-rw-r--r--phpBB/includes/functions_privmsgs.php6
-rw-r--r--phpBB/includes/functions_upload.php33
-rw-r--r--phpBB/includes/php/ini.php175
-rw-r--r--phpBB/includes/session.php12
-rw-r--r--phpBB/includes/style/style.php8
-rw-r--r--phpBB/includes/template/filter.php4
-rw-r--r--phpBB/includes/template/template.php7
-rw-r--r--phpBB/includes/ucp/info/ucp_profile.php1
-rw-r--r--phpBB/includes/ucp/ucp_profile.php54
-rw-r--r--phpBB/includes/user.php21
22 files changed, 392 insertions, 81 deletions
diff --git a/phpBB/includes/acp/acp_database.php b/phpBB/includes/acp/acp_database.php
index e66fd850c6..ebcbd28a87 100644
--- a/phpBB/includes/acp/acp_database.php
+++ b/phpBB/includes/acp/acp_database.php
@@ -20,6 +20,7 @@ if (!defined('IN_PHPBB'))
*/
class acp_database
{
+ var $db_tools;
var $u_action;
function main($id, $mode)
@@ -27,6 +28,12 @@ class acp_database
global $cache, $db, $user, $auth, $template, $table_prefix;
global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
+ if (!class_exists('phpbb_db_tools'))
+ {
+ require($phpbb_root_path . 'includes/db/db_tools.' . $phpEx);
+ }
+ $this->db_tools = new phpbb_db_tools($db);
+
$user->add_lang('acp/database');
$this->tpl_name = 'acp_database';
@@ -49,7 +56,7 @@ class acp_database
{
case 'download':
$type = request_var('type', '');
- $table = request_var('table', array(''));
+ $table = array_intersect($this->db_tools->sql_list_tables(), request_var('table', array('')));
$format = request_var('method', '');
$where = request_var('where', '');
@@ -172,8 +179,7 @@ class acp_database
break;
default:
- include($phpbb_root_path . 'includes/functions_install.' . $phpEx);
- $tables = get_tables($db);
+ $tables = $this->db_tools->sql_list_tables();
asort($tables);
foreach ($tables as $table_name)
{
diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php
index de1f678e38..943bfe6a6f 100644
--- a/phpBB/includes/acp/acp_styles.php
+++ b/phpBB/includes/acp/acp_styles.php
@@ -21,7 +21,7 @@ if (!defined('IN_PHPBB'))
class acp_styles
{
public $u_action;
-
+
protected $u_base_action;
protected $s_hidden_fields;
protected $mode;
diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php
index 44717452e8..17687b05c7 100644
--- a/phpBB/includes/acp/acp_users.php
+++ b/phpBB/includes/acp/acp_users.php
@@ -1001,6 +1001,13 @@ class acp_users
$user_row['posts_in_queue'] = (int) $db->sql_fetchfield('posts_in_queue');
$db->sql_freeresult($result);
+ $sql = 'SELECT post_id
+ FROM ' . POSTS_TABLE . '
+ WHERE poster_id = '. $user_id;
+ $result = $db->sql_query_limit($sql, 1);
+ $user_row['user_has_posts'] = (bool) $db->sql_fetchfield('post_id');
+ $db->sql_freeresult($result);
+
$template->assign_vars(array(
'L_NAME_CHARS_EXPLAIN' => $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_name_chars']), $user->lang('CHARACTERS', (int) $config['max_name_chars'])),
'L_CHANGE_PASSWORD_EXPLAIN' => $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars']), $user->lang('CHARACTERS', (int) $config['max_pass_chars'])),
@@ -1028,6 +1035,7 @@ class acp_users
'USER_EMAIL' => $user_row['user_email'],
'USER_WARNINGS' => $user_row['user_warnings'],
'USER_POSTS' => $user_row['user_posts'],
+ 'USER_HAS_POSTS' => $user_row['user_has_posts'],
'USER_INACTIVE_REASON' => $inactive_reason,
));
diff --git a/phpBB/includes/bbcode.php b/phpBB/includes/bbcode.php
index fde917e5b1..444446e9c3 100644
--- a/phpBB/includes/bbcode.php
+++ b/phpBB/includes/bbcode.php
@@ -130,7 +130,7 @@ class bbcode
if (empty($this->template_filename))
{
- $this->template_bitfield = new bitfield($user->theme['bbcode_bitfield']);
+ $this->template_bitfield = new bitfield($user->style['bbcode_bitfield']);
$style_resource_locator = new phpbb_style_resource_locator();
$style_path_provider = new phpbb_style_extension_path_provider($phpbb_extension_manager, new phpbb_style_path_provider());
diff --git a/phpBB/includes/cache/service.php b/phpBB/includes/cache/service.php
index aa225ade69..37f32aa753 100644
--- a/phpBB/includes/cache/service.php
+++ b/phpBB/includes/cache/service.php
@@ -321,50 +321,39 @@ class phpbb_cache_service
/**
* Obtain cfg file data
*/
- function obtain_cfg_items($theme)
+ function obtain_cfg_items($style)
{
global $config, $phpbb_root_path;
- $parsed_items = array(
- 'theme' => array(),
- 'template' => array(),
- 'imageset' => array()
- );
+ $parsed_array = $this->driver->get('_cfg_' . $style['style_path']);
- foreach ($parsed_items as $key => $parsed_array)
+ if ($parsed_array === false)
{
- $parsed_array = $this->driver->get('_cfg_' . $key . '_' . $theme[$key . '_path']);
-
- if ($parsed_array === false)
- {
- $parsed_array = array();
- }
+ $parsed_array = array();
+ }
- $reparse = false;
- $filename = $phpbb_root_path . 'styles/' . $theme[$key . '_path'] . '/' . $key . '/' . $key . '.cfg';
+ $reparse = false;
+ $filename = $phpbb_root_path . 'styles/' . $style['style_path'] . '/style.cfg';
- if (!file_exists($filename))
- {
- continue;
- }
+ if (!file_exists($filename))
+ {
+ continue;
+ }
- if (!isset($parsed_array['filetime']) || (($config['load_tplcompile'] && @filemtime($filename) > $parsed_array['filetime'])))
- {
- $reparse = true;
- }
+ if (!isset($parsed_array['filetime']) || (($config['load_tplcompile'] && @filemtime($filename) > $parsed_array['filetime'])))
+ {
+ $reparse = true;
+ }
- // Re-parse cfg file
- if ($reparse)
- {
- $parsed_array = parse_cfg_file($filename);
- $parsed_array['filetime'] = @filemtime($filename);
+ // Re-parse cfg file
+ if ($reparse)
+ {
+ $parsed_array = parse_cfg_file($filename);
+ $parsed_array['filetime'] = @filemtime($filename);
- $this->driver->put('_cfg_' . $key . '_' . $theme[$key . '_path'], $parsed_array);
- }
- $parsed_items[$key] = $parsed_array;
+ $this->driver->put('_cfg_' . $style['style_path'], $parsed_array);
}
-
- return $parsed_items;
+ return $parsed_array;
}
/**
diff --git a/phpBB/includes/db/dbal.php b/phpBB/includes/db/dbal.php
index db469ed969..cf54d455f7 100644
--- a/phpBB/includes/db/dbal.php
+++ b/phpBB/includes/db/dbal.php
@@ -522,6 +522,18 @@ class dbal
}
/**
+ * Run LOWER() on DB column of type text (i.e. neither varchar nor char).
+ *
+ * @param string $column_name The column name to use
+ *
+ * @return string A SQL statement like "LOWER($column_name)"
+ */
+ function sql_lower_text($column_name)
+ {
+ return "LOWER($column_name)";
+ }
+
+ /**
* Run more than one insert statement.
*
* @param string $table table name to run the statements on
diff --git a/phpBB/includes/db/mssql.php b/phpBB/includes/db/mssql.php
index fd11dbad3c..abeabc389f 100644
--- a/phpBB/includes/db/mssql.php
+++ b/phpBB/includes/db/mssql.php
@@ -325,6 +325,14 @@ class dbal_mssql extends dbal
}
/**
+ * {@inheritDoc}
+ */
+ function sql_lower_text($column_name)
+ {
+ return "LOWER(SUBSTRING($column_name, 1, DATALENGTH($column_name)))";
+ }
+
+ /**
* Build LIKE expression
* @access private
*/
diff --git a/phpBB/includes/db/mssql_odbc.php b/phpBB/includes/db/mssql_odbc.php
index 7ead00cece..6e24f4e9e8 100644
--- a/phpBB/includes/db/mssql_odbc.php
+++ b/phpBB/includes/db/mssql_odbc.php
@@ -310,6 +310,14 @@ class dbal_mssql_odbc extends dbal
}
/**
+ * {@inheritDoc}
+ */
+ function sql_lower_text($column_name)
+ {
+ return "LOWER(SUBSTRING($column_name, 1, DATALENGTH($column_name)))";
+ }
+
+ /**
* Build LIKE expression
* @access private
*/
diff --git a/phpBB/includes/db/mssqlnative.php b/phpBB/includes/db/mssqlnative.php
index 8aac032135..8a4503f111 100644
--- a/phpBB/includes/db/mssqlnative.php
+++ b/phpBB/includes/db/mssqlnative.php
@@ -492,6 +492,14 @@ class dbal_mssqlnative extends dbal
}
/**
+ * {@inheritDoc}
+ */
+ function sql_lower_text($column_name)
+ {
+ return "LOWER(SUBSTRING($column_name, 1, DATALENGTH($column_name)))";
+ }
+
+ /**
* Build LIKE expression
* @access private
*/
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 0eb0b9c26f..e40df93194 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -3250,7 +3250,7 @@ function get_preg_expression($mode)
case 'email':
// Regex written by James Watts and Francisco Jose Martin Moreno
// http://fightingforalostcause.net/misc/2006/compare-email-regex.php
- return '([\w\!\#$\%\&\'\*\+\-\/\=\?\^\`{\|\}\~]+\.)*(?:[\w\!\#$\%\'\*\+\-\/\=\?\^\`{\|\}\~]|&)+@((((([a-z0-9]{1}[a-z0-9\-]{0,62}[a-z0-9]{1})|[a-z])\.)+[a-z]{2,6})|(\d{1,3}\.){3}\d{1,3}(\:\d{1,5})?)';
+ return '([\w\!\#$\%\&\'\*\+\-\/\=\?\^\`{\|\}\~]+\.)*(?:[\w\!\#$\%\'\*\+\-\/\=\?\^\`{\|\}\~]|&)+@((((([a-z0-9]{1}[a-z0-9\-]{0,62}[a-z0-9]{1})|[a-z])\.)+[a-z]{2,63})|(\d{1,3}\.){3}\d{1,3}(\:\d{1,5})?)';
break;
case 'bbcode_htm':
@@ -4772,9 +4772,9 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0
'T_ASSETS_VERSION' => $config['assets_version'],
'T_ASSETS_PATH' => "{$web_path}assets",
- 'T_THEME_PATH' => "{$web_path}styles/" . rawurlencode($user->theme['style_path']) . '/theme',
- 'T_TEMPLATE_PATH' => "{$web_path}styles/" . rawurlencode($user->theme['style_path']) . '/template',
- 'T_SUPER_TEMPLATE_PATH' => "{$web_path}styles/" . rawurlencode($user->theme['style_path']) . '/template',
+ 'T_THEME_PATH' => "{$web_path}styles/" . rawurlencode($user->style['style_path']) . '/theme',
+ 'T_TEMPLATE_PATH' => "{$web_path}styles/" . rawurlencode($user->style['style_path']) . '/template',
+ 'T_SUPER_TEMPLATE_PATH' => "{$web_path}styles/" . rawurlencode($user->style['style_path']) . '/template',
'T_IMAGES_PATH' => "{$web_path}images/",
'T_SMILIES_PATH' => "{$web_path}{$config['smilies_path']}/",
'T_AVATAR_PATH' => "{$web_path}{$config['avatar_path']}/",
@@ -4782,16 +4782,15 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0
'T_ICONS_PATH' => "{$web_path}{$config['icons_path']}/",
'T_RANKS_PATH' => "{$web_path}{$config['ranks_path']}/",
'T_UPLOAD_PATH' => "{$web_path}{$config['upload_path']}/",
- 'T_STYLESHEET_LINK' => "{$web_path}styles/" . rawurlencode($user->theme['style_path']) . '/theme/stylesheet.css?assets_version=' . $config['assets_version'],
- 'T_STYLESHEET_LANG_LINK' => "{$web_path}styles/" . rawurlencode($user->theme['style_path']) . '/theme/' . $user->lang_name . '/stylesheet.css?assets_version=' . $config['assets_version'],
- 'T_STYLESHEET_NAME' => $user->theme['style_name'],
+ 'T_STYLESHEET_LINK' => "{$web_path}styles/" . rawurlencode($user->style['style_path']) . '/theme/stylesheet.css?assets_version=' . $config['assets_version'],
+ 'T_STYLESHEET_LANG_LINK' => "{$web_path}styles/" . rawurlencode($user->style['style_path']) . '/theme/' . $user->lang_name . '/stylesheet.css?assets_version=' . $config['assets_version'],
'T_JQUERY_LINK' => ($config['load_jquery_cdn'] && !empty($config['load_jquery_url'])) ? $config['load_jquery_url'] : "{$web_path}assets/javascript/jquery.js?assets_version=" . $config['assets_version'],
'S_JQUERY_FALLBACK' => ($config['load_jquery_cdn']) ? true : false,
- 'T_THEME_NAME' => rawurlencode($user->theme['style_path']),
+ 'T_THEME_NAME' => rawurlencode($user->style['style_path']),
'T_THEME_LANG_NAME' => $user->data['user_lang'],
- 'T_TEMPLATE_NAME' => $user->theme['style_path'],
- 'T_SUPER_TEMPLATE_NAME' => rawurlencode((isset($user->theme['style_parent_tree']) && $user->theme['style_parent_tree']) ? $user->theme['style_parent_tree'] : $user->theme['style_path']),
+ 'T_TEMPLATE_NAME' => $user->style['style_path'],
+ 'T_SUPER_TEMPLATE_NAME' => rawurlencode((isset($user->style['style_parent_tree']) && $user->style['style_parent_tree']) ? $user->style['style_parent_tree'] : $user->style['style_path']),
'T_IMAGES' => 'images',
'T_SMILIES' => $config['smilies_path'],
'T_AVATAR' => $config['avatar_path'],
@@ -4987,3 +4986,16 @@ function phpbb_pcre_utf8_support()
}
return $utf8_pcre_properties;
}
+
+/**
+* Casts a numeric string $input to an appropriate numeric type (i.e. integer or float)
+*
+* @param string $input A numeric string.
+*
+* @return int|float Integer $input if $input fits integer,
+* float $input otherwise.
+*/
+function phpbb_to_numeric($input)
+{
+ return ($input > PHP_INT_MAX) ? (float) $input : (int) $input;
+}
diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php
index 9798e514c1..5d19cd7adb 100644
--- a/phpBB/includes/functions_admin.php
+++ b/phpBB/includes/functions_admin.php
@@ -2556,7 +2556,8 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id
{
$sql_keywords .= $db->sql_in_set('l.log_operation', $operations) . ' OR ';
}
- $sql_keywords .= 'LOWER(l.log_data) ' . implode(' OR LOWER(l.log_data) ', $keywords) . ')';
+ $sql_lower = $db->sql_lower_text('l.log_data');
+ $sql_keywords .= "$sql_lower " . implode(" OR $sql_lower ", $keywords) . ')';
}
if ($log_count !== false)
diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php
index 0c5b80c609..1f45d5e8e1 100644
--- a/phpBB/includes/functions_display.php
+++ b/phpBB/includes/functions_display.php
@@ -403,7 +403,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
}
else
{
- $last_post_subject = $last_post_time = $last_post_url = '';
+ $last_post_subject = $last_post_time = $last_post_url = $last_post_subject_truncated = '';
}
// Output moderator listing ... if applicable
diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php
index 96e27303ee..8542e3ab0a 100644
--- a/phpBB/includes/functions_privmsgs.php
+++ b/phpBB/includes/functions_privmsgs.php
@@ -1566,12 +1566,6 @@ function submit_pm($mode, $subject, &$data, $put_in_outbox = true)
while ($row = $db->sql_fetchrow($result))
{
- // Additionally, do not include the sender if he is in the group he wants to send to. ;)
- if ($row['user_id'] === $user->data['user_id'])
- {
- continue;
- }
-
$field = ($data['address_list']['g'][$row['group_id']] == 'to') ? 'to' : 'bcc';
$recipients[$row['user_id']] = $field;
}
diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php
index 71fe627ac8..f70e20e616 100644
--- a/phpBB/includes/functions_upload.php
+++ b/phpBB/includes/functions_upload.php
@@ -756,6 +756,31 @@ class fileupload
$filename = $url['path'];
$filesize = 0;
+ $remote_max_filesize = $this->max_filesize;
+ if (!$remote_max_filesize)
+ {
+ $max_filesize = @ini_get('upload_max_filesize');
+
+ if (!empty($max_filesize))
+ {
+ $unit = strtolower(substr($max_filesize, -1, 1));
+ $remote_max_filesize = (int) $max_filesize;
+
+ switch ($unit)
+ {
+ case 'g':
+ $remote_max_filesize *= 1024;
+ // no break
+ case 'm':
+ $remote_max_filesize *= 1024;
+ // no break
+ case 'k':
+ $remote_max_filesize *= 1024;
+ // no break
+ }
+ }
+ }
+
$errno = 0;
$errstr = '';
@@ -784,9 +809,9 @@ class fileupload
$block = @fread($fsock, 1024);
$filesize += strlen($block);
- if ($this->max_filesize && $filesize > $this->max_filesize)
+ if ($remote_max_filesize && $filesize > $remote_max_filesize)
{
- $max_filesize = get_formatted_filesize($this->max_filesize, false);
+ $max_filesize = get_formatted_filesize($remote_max_filesize, false);
$file = new fileerror(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit']));
return $file;
@@ -812,9 +837,9 @@ class fileupload
{
$length = (int) str_replace('content-length: ', '', strtolower($line));
- if ($length && $length > $this->max_filesize)
+ if ($remote_max_filesize && $length && $length > $remote_max_filesize)
{
- $max_filesize = get_formatted_filesize($this->max_filesize, false);
+ $max_filesize = get_formatted_filesize($remote_max_filesize, false);
$file = new fileerror(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit']));
return $file;
diff --git a/phpBB/includes/php/ini.php b/phpBB/includes/php/ini.php
new file mode 100644
index 0000000000..17e8c54a57
--- /dev/null
+++ b/phpBB/includes/php/ini.php
@@ -0,0 +1,175 @@
+<?php
+/**
+*
+* @package phpBB
+* @copyright (c) 2011 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+ exit;
+}
+
+/**
+* Wrapper class for ini_get function.
+*
+* Provides easier handling of the different interpretations of ini values.
+*
+* @package phpBB
+*/
+class phpbb_php_ini
+{
+ /**
+ * Simple wrapper for ini_get()
+ * See http://php.net/manual/en/function.ini-get.php
+ *
+ * @param string $varname The configuration option name.
+ * @return bool|string False if configuration option does not exist,
+ * the configuration option value (string) otherwise.
+ */
+ public function get($varname)
+ {
+ return ini_get($varname);
+ }
+
+ /**
+ * Gets the configuration option value as a trimmed string.
+ *
+ * @param string $varname The configuration option name.
+ * @return bool|string False if configuration option does not exist,
+ * the configuration option value (string) otherwise.
+ */
+ public function get_string($varname)
+ {
+ $value = $this->get($varname);
+
+ if ($value === false)
+ {
+ return false;
+ }
+
+ return trim($value);
+ }
+
+ /**
+ * Gets configuration option value as a boolean.
+ * Interprets the string value 'off' as false.
+ *
+ * @param string $varname The configuration option name.
+ * @return bool False if configuration option does not exist.
+ * False if configuration option is disabled.
+ * True otherwise.
+ */
+ public function get_bool($varname)
+ {
+ $value = $this->get_string($varname);
+
+ if (empty($value) || strtolower($value) == 'off')
+ {
+ return false;
+ }
+
+ return true;
+ }
+
+ /**
+ * Gets configuration option value as an integer.
+ *
+ * @param string $varname The configuration option name.
+ * @return bool|int False if configuration option does not exist,
+ * false if configuration option value is not numeric,
+ * the configuration option value (integer) otherwise.
+ */
+ public function get_int($varname)
+ {
+ $value = $this->get_string($varname);
+
+ if (!is_numeric($value))
+ {
+ return false;
+ }
+
+ return (int) $value;
+ }
+
+ /**
+ * Gets configuration option value as a float.
+ *
+ * @param string $varname The configuration option name.
+ * @return bool|float False if configuration option does not exist,
+ * false if configuration option value is not numeric,
+ * the configuration option value (float) otherwise.
+ */
+ public function get_float($varname)
+ {
+ $value = $this->get_string($varname);
+
+ if (!is_numeric($value))
+ {
+ return false;
+ }
+
+ return (float) $value;
+ }
+
+ /**
+ * Gets configuration option value in bytes.
+ * Converts strings like '128M' to bytes (integer or float).
+ *
+ * @param string $varname The configuration option name.
+ * @return bool|int|float False if configuration option does not exist,
+ * false if configuration option value is not well-formed,
+ * the configuration option value otherwise.
+ */
+ public function get_bytes($varname)
+ {
+ $value = $this->get_string($varname);
+
+ if ($value === false)
+ {
+ return false;
+ }
+
+ if (is_numeric($value))
+ {
+ // Already in bytes.
+ return phpbb_to_numeric($value);
+ }
+ else if (strlen($value) < 2)
+ {
+ // Single character.
+ return false;
+ }
+ else if (strlen($value) < 3 && $value[0] === '-')
+ {
+ // Two characters but the first one is a minus.
+ return false;
+ }
+
+ $value_lower = strtolower($value);
+ $value_numeric = phpbb_to_numeric($value);
+
+ switch ($value_lower[strlen($value_lower) - 1])
+ {
+ case 'g':
+ $value_numeric *= 1024;
+ case 'm':
+ $value_numeric *= 1024;
+ case 'k':
+ $value_numeric *= 1024;
+ break;
+
+ default:
+ // It's not already in bytes (and thus numeric)
+ // and does not carry a unit.
+ return false;
+ }
+
+ return $value_numeric;
+ }
+}
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php
index bcdff54457..257ffb07f6 100644
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@@ -342,8 +342,16 @@ class phpbb_session
}
}
- // Is session_id is set or session_id is set and matches the url param if required
- if (!empty($this->session_id) && (!defined('NEED_SID') || (isset($_GET['sid']) && $this->session_id === request_var('sid', ''))))
+ // if no session id is set, redirect to index.php
+ $session_id = $request->variable('sid', '');
+ if (defined('NEED_SID') && (empty($session_id) || $this->session_id !== $session_id))
+ {
+ send_status_line(401, 'Not authorized');
+ redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
+ }
+
+ // if session id is set
+ if (!empty($this->session_id))
{
$sql = 'SELECT u.*, s.*
FROM ' . SESSIONS_TABLE . ' s, ' . USERS_TABLE . " u
diff --git a/phpBB/includes/style/style.php b/phpBB/includes/style/style.php
index 3f470015f6..22e0f1d67a 100644
--- a/phpBB/includes/style/style.php
+++ b/phpBB/includes/style/style.php
@@ -89,9 +89,9 @@ class phpbb_style
*/
public function set_style()
{
- $style_name = $this->user->theme['style_path'];
- $style_dirs = ($this->user->theme['style_parent_id']) ? array_reverse(explode('/', $this->user->theme['style_parent_tree'])) : array();
- $paths = array($this->get_style_path($style_name));
+ $style_path = $this->user->style['style_path'];
+ $style_dirs = ($this->user->style['style_parent_id']) ? array_reverse(explode('/', $this->user->style['style_parent_tree'])) : array();
+ $paths = array($this->get_style_path($style_path));
foreach ($style_dirs as $dir)
{
$paths[] = $this->get_style_path($dir);
@@ -100,7 +100,7 @@ class phpbb_style
// Add 'all' path, used as last fallback path by hooks and extensions
$paths[] = $this->get_style_path('all');
- return $this->set_custom_style($style_name, $paths);
+ return $this->set_custom_style($style_path, $paths);
}
/**
diff --git a/phpBB/includes/template/filter.php b/phpBB/includes/template/filter.php
index 4a2593b757..ad2e35de6a 100644
--- a/phpBB/includes/template/filter.php
+++ b/phpBB/includes/template/filter.php
@@ -905,12 +905,12 @@ class phpbb_template_filter extends php_user_filter
if (substr($filename, 0, strlen($this->phpbb_root_path)) != $this->phpbb_root_path)
{
// Absolute path, include as is
- return ' $_template->_js_include(\'' . addslashes($filename) . '\', false); ';
+ return ' $_template->_js_include(\'' . addslashes($filename) . '\', false, false); ';
}
// Relative path, remove root path from it
$filename = substr($filename, strlen($this->phpbb_root_path));
- return ' global $phpbb_root_path; $_template->_js_include($phpbb_root_path . \'' . addslashes($filename) . '\', false); ';
+ return ' $_template->_js_include(\'' . addslashes($filename) . '\', false, true); ';
}
/**
diff --git a/phpBB/includes/template/template.php b/phpBB/includes/template/template.php
index e6512c8417..8ab3c44be3 100644
--- a/phpBB/includes/template/template.php
+++ b/phpBB/includes/template/template.php
@@ -496,14 +496,19 @@ class phpbb_template
*
* @param string $file file name
* @param bool $locate True if file needs to be located
+ * @param bool $relative True if path is relative to phpBB root directory. Ignored if $locate == true
*/
- public function _js_include($file, $locate = false)
+ public function _js_include($file, $locate = false, $relative = false)
{
// Locate file
if ($locate)
{
$file = $this->locator->get_first_file_location(array($file), true, true);
}
+ else if ($relative)
+ {
+ $file = $this->phpbb_root_path . $file;
+ }
$file .= (strpos($file, '?') === false) ? '?' : '&';
$file .= 'assets_version=' . $this->config['assets_version'];
diff --git a/phpBB/includes/ucp/info/ucp_profile.php b/phpBB/includes/ucp/info/ucp_profile.php
index 09c0318de9..968538a178 100644
--- a/phpBB/includes/ucp/info/ucp_profile.php
+++ b/phpBB/includes/ucp/info/ucp_profile.php
@@ -23,6 +23,7 @@ class ucp_profile_info
'signature' => array('title' => 'UCP_PROFILE_SIGNATURE', 'auth' => '', 'cat' => array('UCP_PROFILE')),
'avatar' => array('title' => 'UCP_PROFILE_AVATAR', 'auth' => 'cfg_allow_avatar && (cfg_allow_avatar_local || cfg_allow_avatar_remote || cfg_allow_avatar_upload || cfg_allow_avatar_remote_upload)', 'cat' => array('UCP_PROFILE')),
'reg_details' => array('title' => 'UCP_PROFILE_REG_DETAILS', 'auth' => '', 'cat' => array('UCP_PROFILE')),
+ 'autologin_keys'=> array('title' => 'UCP_PROFILE_AUTOLOGIN_KEYS', 'auth' => '', 'cat' => array('UCP_PROFILE')),
),
);
}
diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php
index 9d81503f0a..2ac82fb52f 100644
--- a/phpBB/includes/ucp/ucp_profile.php
+++ b/phpBB/includes/ucp/ucp_profile.php
@@ -618,6 +618,60 @@ class ucp_profile
}
break;
+
+ case 'autologin_keys':
+
+ add_form_key('ucp_autologin_keys');
+
+ if ($submit)
+ {
+ $keys = request_var('keys', array(''));
+
+ if (!check_form_key('ucp_autologin_keys'))
+ {
+ $error[] = 'FORM_INVALID';
+ }
+
+ if (!sizeof($error))
+ {
+ if (!empty($keys))
+ {
+ $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . '
+ WHERE user_id = ' . (int) $user->data['user_id'] . '
+ AND ' . $db->sql_in_set('key_id', $keys) ;
+
+ $db->sql_query($sql);
+
+ meta_refresh(3, $this->u_action);
+ $message = $user->lang['AUTOLOGIN_SESSION_KEYS_DELETED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
+ trigger_error($message);
+ }
+ }
+
+ // Replace "error" strings with their real, localised form
+ $error = array_map(array($user, 'lang'), $error);
+ }
+
+ $sql = 'SELECT key_id, last_ip, last_login
+ FROM ' . SESSIONS_KEYS_TABLE . '
+ WHERE user_id = ' . (int) $user->data['user_id'];
+
+ $result = $db->sql_query($sql);
+
+ while ($row = $db->sql_fetchrow($result))
+ {
+ $template->assign_block_vars('sessions', array(
+ 'errors' => $error,
+
+ 'KEY' => $row['key_id'],
+ 'IP' => $row['last_ip'],
+ 'LOGIN_TIME' => $user->format_date($row['last_login']),
+ ));
+ }
+
+ $db->sql_freeresult($result);
+
+ break;
}
$template->assign_vars(array(
diff --git a/phpBB/includes/user.php b/phpBB/includes/user.php
index ce9c804f23..cf9e6b9994 100644
--- a/phpBB/includes/user.php
+++ b/phpBB/includes/user.php
@@ -27,7 +27,7 @@ class phpbb_user extends phpbb_session
{
var $lang = array();
var $help = array();
- var $theme = array();
+ var $style = array();
var $date_format;
var $timezone;
var $dst;
@@ -159,11 +159,11 @@ class phpbb_user extends phpbb_session
FROM ' . STYLES_TABLE . " s
WHERE s.style_id = $style_id";
$result = $db->sql_query($sql, 3600);
- $this->theme = $db->sql_fetchrow($result);
+ $this->style = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
// User has wrong style
- if (!$this->theme && $style_id == $this->data['user_style'])
+ if (!$this->style && $style_id == $this->data['user_style'])
{
$style_id = $this->data['user_style'] = $config['default_style'];
@@ -176,20 +176,17 @@ class phpbb_user extends phpbb_session
FROM ' . STYLES_TABLE . " s
WHERE s.style_id = $style_id";
$result = $db->sql_query($sql, 3600);
- $this->theme = $db->sql_fetchrow($result);
+ $this->style = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
}
- if (!$this->theme)
+ if (!$this->style)
{
trigger_error('Could not get style data', E_USER_ERROR);
}
// Now parse the cfg file and cache it
- $parsed_items = $cache->obtain_cfg_items($this->theme);
-
- // We are only interested in the theme configuration for now
- $parsed_items = $parsed_items['theme'];
+ $parsed_items = $cache->obtain_cfg_items($this->style);
$check_for = array(
'pagination_sep' => (string) ', '
@@ -197,12 +194,12 @@ class phpbb_user extends phpbb_session
foreach ($check_for as $key => $default_value)
{
- $this->theme[$key] = (isset($parsed_items[$key])) ? $parsed_items[$key] : $default_value;
- settype($this->theme[$key], gettype($default_value));
+ $this->style[$key] = (isset($parsed_items[$key])) ? $parsed_items[$key] : $default_value;
+ settype($this->style[$key], gettype($default_value));
if (is_string($default_value))
{
- $this->theme[$key] = htmlspecialchars($this->theme[$key]);
+ $this->style[$key] = htmlspecialchars($this->style[$key]);
}
}
generated by cgit v1.2.1 (git 2.21.0) at 2025-09-15 09:14:19 +0000