diff options
Diffstat (limited to 'phpBB/includes')
43 files changed, 722 insertions, 299 deletions
diff --git a/phpBB/includes/acp/acp_attachments.php b/phpBB/includes/acp/acp_attachments.php index 5b1db5c31b..94e3660de8 100644 --- a/phpBB/includes/acp/acp_attachments.php +++ b/phpBB/includes/acp/acp_attachments.php @@ -27,6 +27,9 @@ class acp_attachments /** @var \phpbb\config\config */ protected $config; + /** @var \phpbb\language\language */ + protected $language; + /** @var ContainerBuilder */ protected $phpbb_container; @@ -54,6 +57,7 @@ class acp_attachments $this->id = $id; $this->db = $db; $this->config = $config; + $this->language = $phpbb_container->get('language'); $this->template = $template; $this->user = $user; $this->phpbb_container = $phpbb_container; @@ -128,7 +132,7 @@ class acp_attachments $s_assigned_groups = array(); while ($row = $db->sql_fetchrow($result)) { - $row['group_name'] = (isset($user->lang['EXT_GROUP_' . $row['group_name']])) ? $user->lang['EXT_GROUP_' . $row['group_name']] : $row['group_name']; + $row['group_name'] = $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) : $row['group_name']; $s_assigned_groups[$row['cat_id']][] = $row['group_name']; } $db->sql_freeresult($result); @@ -573,7 +577,7 @@ class acp_attachments $group_id = $db->sql_nextid(); } - $group_name = (isset($user->lang['EXT_GROUP_' . $group_name])) ? $user->lang['EXT_GROUP_' . $group_name] : $group_name; + $group_name = $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($group_name)) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($group_name)) : $group_name; $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_EXTGROUP_' . strtoupper($action), false, array($group_name)); } @@ -875,7 +879,7 @@ class acp_attachments 'U_EDIT' => $this->u_action . "&action=edit&g={$row['group_id']}", 'U_DELETE' => $this->u_action . "&action=delete&g={$row['group_id']}", - 'GROUP_NAME' => (isset($user->lang['EXT_GROUP_' . $row['group_name']])) ? $user->lang['EXT_GROUP_' . $row['group_name']] : $row['group_name'], + 'GROUP_NAME' => $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) : $row['group_name'], 'CATEGORY' => $cat_lang[$row['cat_id']], ) ); @@ -1244,15 +1248,11 @@ class acp_attachments 'ATTACHMENT_POSTER' => get_username_string('full', (int) $row['poster_id'], (string) $row['username'], (string) $row['user_colour'], (string) $row['username']), 'FILESIZE' => get_formatted_filesize((int) $row['filesize']), 'FILETIME' => $user->format_date((int) $row['filetime']), - 'REAL_FILENAME' => (!$row['in_message']) ? utf8_basename((string) $row['real_filename']) : '', - 'PHYSICAL_FILENAME' => utf8_basename((string) $row['physical_filename']), - 'EXT_GROUP_NAME' => (!empty($extensions[$row['extension']]['group_name'])) ? $user->lang['EXT_GROUP_' . $extensions[$row['extension']]['group_name']] : '', + 'REAL_FILENAME' => utf8_basename((string) $row['real_filename']), + 'EXT_GROUP_NAME' => $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($extensions[$row['extension']]['group_name'])) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($extensions[$row['extension']]['group_name'])) : $extensions[$row['extension']]['group_name'], 'COMMENT' => $comment, 'TOPIC_TITLE' => (!$row['in_message']) ? (string) $row['topic_title'] : '', 'ATTACH_ID' => (int) $row['attach_id'], - 'POST_ID' => (int) $row['post_msg_id'], - 'TOPIC_ID' => (int) $row['topic_id'], - 'POST_IDS' => (!empty($post_ids[$row['attach_id']])) ? (int) $post_ids[$row['attach_id']] : '', 'L_DOWNLOAD_COUNT' => $user->lang($l_downloaded_viewed, (int) $row['download_count']), @@ -1434,7 +1434,7 @@ class acp_attachments $group_name = array(); while ($row = $db->sql_fetchrow($result)) { - $row['group_name'] = (isset($user->lang['EXT_GROUP_' . $row['group_name']])) ? $user->lang['EXT_GROUP_' . $row['group_name']] : $row['group_name']; + $row['group_name'] = $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) : $row['group_name']; $group_name[] = $row; } $db->sql_freeresult($result); diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index f89f5535eb..e348c769bd 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -30,10 +30,13 @@ class acp_board function main($id, $mode) { - global $user, $template, $request; + global $user, $template, $request, $language; global $config, $phpbb_root_path, $phpEx; global $cache, $phpbb_container, $phpbb_dispatcher, $phpbb_log; + /** @var \phpbb\language\language $language Language object */ + $language = $phpbb_container->get('language'); + $user->add_lang('acp/board'); $submit = (isset($_POST['submit']) || isset($_POST['allow_quick_reply_enable'])) ? true : false; @@ -56,7 +59,7 @@ class acp_board 'legend1' => 'ACP_BOARD_SETTINGS', 'sitename' => array('lang' => 'SITE_NAME', 'validate' => 'string', 'type' => 'text:40:255', 'explain' => false), 'site_desc' => array('lang' => 'SITE_DESC', 'validate' => 'string', 'type' => 'text:40:255', 'explain' => false), - 'site_home_url' => array('lang' => 'SITE_HOME_URL', 'validate' => 'string', 'type' => 'url:40:255', 'explain' => true), + 'site_home_url' => array('lang' => 'SITE_HOME_URL', 'validate' => 'url', 'type' => 'url:40:255', 'explain' => true), 'site_home_text' => array('lang' => 'SITE_HOME_TEXT', 'validate' => 'string', 'type' => 'text:40:255', 'explain' => true), 'board_index_text' => array('lang' => 'BOARD_INDEX_TEXT', 'validate' => 'string', 'type' => 'text:40:255', 'explain' => true), 'board_disable' => array('lang' => 'DISABLE_BOARD', 'validate' => 'bool', 'type' => 'custom', 'method' => 'board_disable', 'explain' => true), @@ -122,6 +125,7 @@ class acp_board $avatar_vars = array(); foreach ($avatar_drivers as $current_driver) { + /** @var \phpbb\avatar\driver\driver_interface $driver */ $driver = $phpbb_avatar_manager->get_driver($current_driver, false); /* @@ -730,7 +734,7 @@ class acp_board $template->assign_block_vars('options', array( 'KEY' => $config_key, 'TITLE' => (isset($user->lang[$vars['lang']])) ? $user->lang[$vars['lang']] : $vars['lang'], - 'S_EXPLAIN' => $vars['explain'], + 'S_EXPLAIN' => $vars['explain'] && !empty($l_explain), 'TITLE_EXPLAIN' => $l_explain, 'CONTENT' => $content, ) diff --git a/phpBB/includes/acp/acp_database.php b/phpBB/includes/acp/acp_database.php index 19c4f6e4f1..c33c2e4d6f 100644 --- a/phpBB/includes/acp/acp_database.php +++ b/phpBB/includes/acp/acp_database.php @@ -23,6 +23,7 @@ class acp_database { var $db_tools; var $u_action; + public $page_title; function main($id, $mode) { @@ -69,18 +70,13 @@ class acp_database trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); } - $store = $download = $structure = $schema_data = false; + $store = $structure = $schema_data = false; - if ($where == 'store_and_download' || $where == 'store') + if ($where == 'store') { $store = true; } - if ($where == 'store_and_download' || $where == 'download') - { - $download = true; - } - if ($type == 'full' || $type == 'structure') { $structure = true; @@ -98,8 +94,9 @@ class acp_database $filename = 'backup_' . $time . '_' . unique_id(); + /** @var phpbb\db\extractor\extractor_interface $extractor Database extractor */ $extractor = $phpbb_container->get('dbal.extractor'); - $extractor->init_extractor($format, $filename, $time, $download, $store); + $extractor->init_extractor($format, $filename, $time, false, $store); $extractor->write_start($table_prefix); @@ -145,11 +142,6 @@ class acp_database $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_DB_BACKUP'); - if ($download == true) - { - exit; - } - trigger_error($user->lang['BACKUP_SUCCESS'] . adm_back_link($this->u_action)); break; @@ -201,16 +193,10 @@ class acp_database case 'submit': $delete = $request->variable('delete', ''); $file = $request->variable('file', ''); - $download = $request->variable('download', ''); - if (!preg_match('#^backup_\d{10,}_(?:[a-z\d]{16}|[a-z\d]{32})\.(sql(?:\.(?:gz|bz2))?)$#i', $file, $matches)) - { - trigger_error($user->lang['BACKUP_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); - } + $backup_info = $this->get_backup_file($phpbb_root_path . 'store/', $file); - $file_name = $phpbb_root_path . 'store/' . $matches[0]; - - if (!file_exists($file_name) || !is_readable($file_name)) + if (empty($backup_info) || !is_readable($backup_info['file_name'])) { trigger_error($user->lang['BACKUP_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); } @@ -219,7 +205,7 @@ class acp_database { if (confirm_box(true)) { - unlink($file_name); + unlink($backup_info['file_name']); $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_DB_DELETE'); trigger_error($user->lang['BACKUP_DELETE'] . adm_back_link($this->u_action)); } @@ -228,50 +214,12 @@ class acp_database confirm_box(false, $user->lang['DELETE_SELECTED_BACKUP'], build_hidden_fields(array('delete' => $delete, 'file' => $file))); } } - else if ($download || confirm_box(true)) + else if (confirm_box(true)) { - if ($download) - { - $name = $matches[0]; - - switch ($matches[1]) - { - case 'sql': - $mimetype = 'text/x-sql'; - break; - case 'sql.bz2': - $mimetype = 'application/x-bzip2'; - break; - case 'sql.gz': - $mimetype = 'application/x-gzip'; - break; - } - - header('Cache-Control: private, no-cache'); - header("Content-Type: $mimetype; name=\"$name\""); - header("Content-disposition: attachment; filename=$name"); - - @set_time_limit(0); - - $fp = @fopen($file_name, 'rb'); - - if ($fp !== false) - { - while (!feof($fp)) - { - echo fread($fp, 8192); - } - fclose($fp); - } - - flush(); - exit; - } - - switch ($matches[1]) + switch ($backup_info['extension']) { case 'sql': - $fp = fopen($file_name, 'rb'); + $fp = fopen($backup_info['file_name'], 'rb'); $read = 'fread'; $seek = 'fseek'; $eof = 'feof'; @@ -280,7 +228,7 @@ class acp_database break; case 'sql.bz2': - $fp = bzopen($file_name, 'r'); + $fp = bzopen($backup_info['file_name'], 'r'); $read = 'bzread'; $seek = ''; $eof = 'feof'; @@ -289,13 +237,17 @@ class acp_database break; case 'sql.gz': - $fp = gzopen($file_name, 'rb'); + $fp = gzopen($backup_info['file_name'], 'rb'); $read = 'gzread'; $seek = 'gzseek'; $eof = 'gzeof'; $close = 'gzclose'; $fgetd = 'fgetd'; break; + + default: + trigger_error($user->lang['BACKUP_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + return; } switch ($db->get_sql_layer()) @@ -375,43 +327,13 @@ class acp_database trigger_error($user->lang['RESTORE_SUCCESS'] . adm_back_link($this->u_action)); break; } - else if (!$download) + else { confirm_box(false, $user->lang['RESTORE_SELECTED_BACKUP'], build_hidden_fields(array('file' => $file))); } default: - $methods = array('sql'); - $available_methods = array('sql.gz' => 'zlib', 'sql.bz2' => 'bz2'); - - foreach ($available_methods as $type => $module) - { - if (!@extension_loaded($module)) - { - continue; - } - $methods[] = $type; - } - - $dir = $phpbb_root_path . 'store/'; - $dh = @opendir($dir); - - $backup_files = array(); - - if ($dh) - { - while (($file = readdir($dh)) !== false) - { - if (preg_match('#^backup_(\d{10,})_(?:[a-z\d]{16}|[a-z\d]{32})\.(sql(?:\.(?:gz|bz2))?)$#i', $file, $matches)) - { - if (in_array($matches[2], $methods)) - { - $backup_files[(int) $matches[1]] = $file; - } - } - } - closedir($dh); - } + $backup_files = $this->get_file_list($phpbb_root_path . 'store/'); if (!empty($backup_files)) { @@ -420,8 +342,8 @@ class acp_database foreach ($backup_files as $name => $file) { $template->assign_block_vars('files', array( - 'FILE' => $file, - 'NAME' => $user->format_date($name, 'd-m-Y H:i:s', true), + 'FILE' => sha1($file), + 'NAME' => $user->format_date($name, 'd-m-Y H:i', true), 'SUPPORTED' => true, )); } @@ -435,6 +357,92 @@ class acp_database break; } } + + /** + * Get backup file from file hash + * + * @param string $directory Relative path to directory + * @param string $file_hash Hash of selected file + * + * @return array Backup file data or empty array if unable to find file + */ + protected function get_backup_file($directory, $file_hash) + { + $backup_data = []; + + $file_list = $this->get_file_list($directory); + $supported_extensions = $this->get_supported_extensions(); + + foreach ($file_list as $file) + { + preg_match('#^backup_(\d{10,})_(?:[a-z\d]{16}|[a-z\d]{32})\.(sql(?:\.(?:gz|bz2))?)$#i', $file, $matches); + if (sha1($file) === $file_hash && in_array($matches[2], $supported_extensions)) + { + $backup_data = [ + 'file_name' => $directory . $file, + 'extension' => $matches[2], + ]; + break; + } + } + + return $backup_data; + } + + /** + * Get backup file list for directory + * + * @param string $directory Relative path to backup directory + * + * @return array List of backup files in specified directory + */ + protected function get_file_list($directory) + { + $supported_extensions = $this->get_supported_extensions(); + + $dh = @opendir($directory); + + $backup_files = []; + + if ($dh) + { + while (($file = readdir($dh)) !== false) + { + if (preg_match('#^backup_(\d{10,})_(?:[a-z\d]{16}|[a-z\d]{32})\.(sql(?:\.(?:gz|bz2))?)$#i', $file, $matches)) + { + if (in_array($matches[2], $supported_extensions)) + { + $backup_files[(int) $matches[1]] = $file; + } + } + } + closedir($dh); + } + + return $backup_files; + } + + /** + * Get supported extensions for backup + * + * @return array List of supported extensions + */ + protected function get_supported_extensions() + { + $extensions = ['sql']; + $available_methods = ['sql.gz' => 'zlib', 'sql.bz2' => 'bz2']; + + foreach ($available_methods as $type => $module) + { + if (!@extension_loaded($module)) + { + continue; + } + $extensions[] = $type; + } + + return $extensions; + } } // get how much space we allow for a chunk of data, very similar to phpMyAdmin's way of doing things ;-) (hey, we only do this for MySQL anyway :P) diff --git a/phpBB/includes/acp/acp_forums.php b/phpBB/includes/acp/acp_forums.php index be5a7a2f26..cb0593b14a 100644 --- a/phpBB/includes/acp/acp_forums.php +++ b/phpBB/includes/acp/acp_forums.php @@ -986,6 +986,13 @@ class acp_forums $errors[] = $user->lang['FORUM_NAME_EMPTY']; } + // No Emojis + if (preg_match_all('/[\x{10000}-\x{10FFFF}]/u', $forum_data_ary['forum_name'], $matches)) + { + $character_list = implode('<br>', $matches[0]); + $errors[] = $user->lang('FORUM_NAME_EMOJI', $character_list); + } + if (utf8_strlen($forum_data_ary['forum_desc']) > 4000) { $errors[] = $user->lang['FORUM_DESC_TOO_LONG']; diff --git a/phpBB/includes/acp/acp_groups.php b/phpBB/includes/acp/acp_groups.php index 0e058213e0..7b1dc706db 100644 --- a/phpBB/includes/acp/acp_groups.php +++ b/phpBB/includes/acp/acp_groups.php @@ -29,6 +29,9 @@ class acp_groups global $phpbb_root_path, $phpbb_admin_path, $phpEx; global $request, $phpbb_container, $phpbb_dispatcher; + /** @var \phpbb\language\language $language Language object */ + $language = $phpbb_container->get('language'); + $user->add_lang('acp/groups'); $this->tpl_name = 'acp_groups'; $this->page_title = 'ACP_GROUPS_MANAGE'; @@ -293,7 +296,19 @@ class acp_groups // Add user/s to group if ($error = group_user_add($group_id, false, $name_ary, $group_name, $default, $leader, 0, $group_row)) { - trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&action=list&g=' . $group_id), E_USER_WARNING); + $display_message = $language->lang($error); + + if ($error == 'GROUP_USERS_INVALID') + { + // Find which users don't exist + $actual_name_ary = $name_ary; + $actual_user_id_ary = []; + user_get_id_name($actual_user_id_ary, $actual_name_ary, false, true); + + $display_message = $language->lang('GROUP_USERS_INVALID', implode($language->lang('COMMA_SEPARATOR'), array_udiff($name_ary, $actual_name_ary, 'strcasecmp'))); + } + + trigger_error($display_message . adm_back_link($this->u_action . '&action=list&g=' . $group_id), E_USER_WARNING); } $message = ($leader) ? 'GROUP_MODS_ADDED' : 'GROUP_USERS_ADDED'; diff --git a/phpBB/includes/acp/acp_inactive.php b/phpBB/includes/acp/acp_inactive.php index 66f0d2116c..4ee4cd4816 100644 --- a/phpBB/includes/acp/acp_inactive.php +++ b/phpBB/includes/acp/acp_inactive.php @@ -24,9 +24,9 @@ class acp_inactive var $u_action; var $p_master; - function __construct(&$p_master) + function __construct($p_master) { - $this->p_master = &$p_master; + $this->p_master = $p_master; } function main($id, $mode) diff --git a/phpBB/includes/acp/acp_permissions.php b/phpBB/includes/acp/acp_permissions.php index 8e05b95849..e683b1972e 100644 --- a/phpBB/includes/acp/acp_permissions.php +++ b/phpBB/includes/acp/acp_permissions.php @@ -676,7 +676,7 @@ class acp_permissions /** * Apply permissions */ - function set_permissions($mode, $permission_type, &$auth_admin, &$user_id, &$group_id) + function set_permissions($mode, $permission_type, $auth_admin, &$user_id, &$group_id) { global $db, $cache, $user, $auth; global $request; @@ -765,7 +765,7 @@ class acp_permissions /** * Apply all permissions */ - function set_all_permissions($mode, $permission_type, &$auth_admin, &$user_id, &$group_id) + function set_all_permissions($mode, $permission_type, $auth_admin, &$user_id, &$group_id) { global $db, $cache, $user, $auth; global $request; @@ -881,7 +881,7 @@ class acp_permissions /** * Remove permissions */ - function remove_permissions($mode, $permission_type, &$auth_admin, &$user_id, &$group_id, &$forum_id) + function remove_permissions($mode, $permission_type, $auth_admin, &$user_id, &$group_id, &$forum_id) { global $user, $db, $cache, $auth; diff --git a/phpBB/includes/acp/acp_profile.php b/phpBB/includes/acp/acp_profile.php index d89c200a1b..49da7d84a4 100644 --- a/phpBB/includes/acp/acp_profile.php +++ b/phpBB/includes/acp/acp_profile.php @@ -845,7 +845,7 @@ class acp_profile /** * Build all Language specific options */ - function build_language_options(&$cp, $field_type, $action = 'create') + function build_language_options($cp, $field_type, $action = 'create') { global $user, $config, $db, $request; @@ -942,7 +942,7 @@ class acp_profile /** * Save Profile Field */ - function save_profile_field(&$cp, $field_type, $action = 'create') + function save_profile_field($cp, $field_type, $action = 'create') { global $db, $config, $user, $phpbb_container, $phpbb_log, $request, $phpbb_dispatcher; diff --git a/phpBB/includes/acp/acp_update.php b/phpBB/includes/acp/acp_update.php index 9124a59ef2..fa3afa6ce3 100644 --- a/phpBB/includes/acp/acp_update.php +++ b/phpBB/includes/acp/acp_update.php @@ -59,17 +59,19 @@ class acp_update $update_link = $phpbb_root_path . 'install/app.' . $phpEx; - $template->assign_vars(array( - 'S_UP_TO_DATE' => empty($updates_available), - 'U_ACTION' => $this->u_action, - 'U_VERSIONCHECK_FORCE' => append_sid($this->u_action . '&versioncheck_force=1'), + $template_ary = [ + 'S_UP_TO_DATE' => empty($updates_available), + 'U_ACTION' => $this->u_action, + 'U_VERSIONCHECK_FORCE' => append_sid($this->u_action . '&versioncheck_force=1'), - 'CURRENT_VERSION' => $config['version'], + 'CURRENT_VERSION' => $config['version'], - 'UPDATE_INSTRUCTIONS' => sprintf($user->lang['UPDATE_INSTRUCTIONS'], $update_link), + 'UPDATE_INSTRUCTIONS' => $user->lang('UPDATE_INSTRUCTIONS', $update_link), 'S_VERSION_UPGRADEABLE' => !empty($upgrades_available), 'UPGRADE_INSTRUCTIONS' => !empty($upgrades_available) ? $user->lang('UPGRADE_INSTRUCTIONS', $upgrades_available['current'], $upgrades_available['announcement']) : false, - )); + ]; + + $template->assign_vars($template_ary); // Incomplete update? if (phpbb_version_compare($config['version'], PHPBB_VERSION, '<')) diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index b74fe535ee..fd4b5e8c24 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -24,9 +24,9 @@ class acp_users var $u_action; var $p_master; - function __construct(&$p_master) + function __construct($p_master) { - $this->p_master = &$p_master; + $this->p_master = $p_master; } function main($id, $mode) @@ -855,7 +855,7 @@ class acp_users $check_ary += array( 'username' => array( array('string', false, $config['min_name_chars'], $config['max_name_chars']), - array('username', $user_row['username']) + array('username', $user_row['username'], true) ), ); } diff --git a/phpBB/includes/compatibility_globals.php b/phpBB/includes/compatibility_globals.php index 0f403896a7..ad394e3782 100644 --- a/phpBB/includes/compatibility_globals.php +++ b/phpBB/includes/compatibility_globals.php @@ -29,7 +29,7 @@ function register_compatibility_globals() { global $phpbb_container; - global $cache, $phpbb_dispatcher, $request, $user, $auth, $db, $config, $phpbb_log; + global $cache, $phpbb_dispatcher, $request, $user, $auth, $db, $config, $language, $phpbb_log; global $symfony_request, $phpbb_filesystem, $phpbb_path_helper, $phpbb_extension_manager, $template; // set up caching @@ -48,6 +48,9 @@ function register_compatibility_globals() /* @var $user \phpbb\user */ $user = $phpbb_container->get('user'); + /* @var \phpbb\language\language $language */ + $language = $phpbb_container->get('language'); + /* @var $auth \phpbb\auth\auth */ $auth = $phpbb_container->get('auth'); diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index 70ceed1036..89d056f2e1 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -28,7 +28,7 @@ if (!defined('IN_PHPBB')) */ // phpBB Version -@define('PHPBB_VERSION', '3.2.5-dev'); +@define('PHPBB_VERSION', '3.2.8-dev'); // QA-related // define('PHPBB_QA', 1); diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index e3c3a19c96..2e2b2a01d8 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -680,8 +680,6 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $ } } } - - return; } else if ($mode == 'topics') { @@ -808,8 +806,6 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $ unset($tracking); } - - return; } else if ($mode == 'topic') { @@ -923,8 +919,6 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $ $user->set_cookie('track', tracking_serialize($tracking), $post_time + 31536000); $request->overwrite($config['cookie_name'] . '_track', tracking_serialize($tracking), \phpbb\request\request_interface::COOKIE); } - - return; } else if ($mode == 'post') { @@ -949,9 +943,28 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $ $db->sql_return_on_error(false); } - - return; } + + /** + * This event is used for performing actions directly after forums, + * topics or posts have been marked as read. + * + * @event core.markread_after + * @var string mode Variable containing marking mode value + * @var mixed forum_id Variable containing forum id, or false + * @var mixed topic_id Variable containing topic id, or false + * @var int post_time Variable containing post time + * @var int user_id Variable containing the user id + * @since 3.2.6-RC1 + */ + $vars = array( + 'mode', + 'forum_id', + 'topic_id', + 'post_time', + 'user_id', + ); + extract($phpbb_dispatcher->trigger_event('core.markread_after', compact($vars))); } /** @@ -1830,27 +1843,6 @@ function redirect($url, $return = false, $disable_cd_check = false) garbage_collection(); } - // Redirect via an HTML form for PITA webservers - if (@preg_match('#WebSTAR|Xitami#', getenv('SERVER_SOFTWARE'))) - { - header('Refresh: 0; URL=' . $url); - - echo '<!DOCTYPE html>'; - echo '<html dir="' . $user->lang['DIRECTION'] . '" lang="' . $user->lang['USER_LANG'] . '">'; - echo '<head>'; - echo '<meta charset="utf-8">'; - echo '<meta http-equiv="X-UA-Compatible" content="IE=edge">'; - echo '<meta http-equiv="refresh" content="0; url=' . str_replace('&', '&', $url) . '" />'; - echo '<title>' . $user->lang['REDIRECT'] . '</title>'; - echo '</head>'; - echo '<body>'; - echo '<div style="text-align: center;">' . sprintf($user->lang['URL_REDIRECT'], '<a href="' . str_replace('&', '&', $url) . '">', '</a>') . '</div>'; - echo '</body>'; - echo '</html>'; - - exit; - } - // Behave as per HTTP/1.1 spec for others header('Location: ' . $url); exit; @@ -2130,25 +2122,29 @@ function check_form_key($form_name, $timespan = false) /** * Build Confirm box * @param boolean $check True for checking if confirmed (without any additional parameters) and false for displaying the confirm box -* @param string $title Title/Message used for confirm box. +* @param string|array $title Title/Message used for confirm box. * message text is _CONFIRM appended to title. * If title cannot be found in user->lang a default one is displayed * If title_CONFIRM cannot be found in user->lang the text given is used. +* If title is an array, the first array value is used as explained per above, +* all other array values are sent as parameters to the language function. * @param string $hidden Hidden variables * @param string $html_body Template used for confirm box * @param string $u_action Custom form action +* +* @return bool True if confirmation was successful, false if not */ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_body.html', $u_action = '') { global $user, $template, $db, $request; - global $config, $phpbb_path_helper; + global $config, $language, $phpbb_path_helper, $phpbb_dispatcher; if (isset($_POST['cancel'])) { return false; } - $confirm = ($user->lang['YES'] === $request->variable('confirm', '', true, \phpbb\request\request_interface::POST)); + $confirm = ($language->lang('YES') === $request->variable('confirm', '', true, \phpbb\request\request_interface::POST)); if ($check && $confirm) { @@ -2182,13 +2178,27 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo // generate activation key $confirm_key = gen_rand_string(10); + // generate language strings + if (is_array($title)) + { + $key = array_shift($title); + $count = array_shift($title); + $confirm_title = $language->is_set($key) ? $language->lang($key, $count, $title) : $language->lang('CONFIRM'); + $confirm_text = $language->is_set($key . '_CONFIRM') ? $language->lang($key . '_CONFIRM', $count, $title) : $key; + } + else + { + $confirm_title = $language->is_set($title) ? $language->lang($title) : $language->lang('CONFIRM'); + $confirm_text = $language->is_set($title . '_CONFIRM') ? $language->lang($title . '_CONFIRM') : $title; + } + if (defined('IN_ADMIN') && isset($user->data['session_admin']) && $user->data['session_admin']) { - adm_page_header((!isset($user->lang[$title])) ? $user->lang['CONFIRM'] : $user->lang[$title]); + adm_page_header($confirm_title); } else { - page_header((!isset($user->lang[$title])) ? $user->lang['CONFIRM'] : $user->lang[$title]); + page_header($confirm_title); } $template->set_filenames(array( @@ -2208,10 +2218,10 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo $u_action .= ((strpos($u_action, '?') === false) ? '?' : '&') . 'confirm_key=' . $confirm_key; $template->assign_vars(array( - 'MESSAGE_TITLE' => (!isset($user->lang[$title])) ? $user->lang['CONFIRM'] : $user->lang($title, 1), - 'MESSAGE_TEXT' => (!isset($user->lang[$title . '_CONFIRM'])) ? $title : $user->lang[$title . '_CONFIRM'], + 'MESSAGE_TITLE' => $confirm_title, + 'MESSAGE_TEXT' => $confirm_text, - 'YES_VALUE' => $user->lang['YES'], + 'YES_VALUE' => $language->lang('YES'), 'S_CONFIRM_ACTION' => $u_action, 'S_HIDDEN_FIELDS' => $hidden . $s_hidden_fields, 'S_AJAX_REQUEST' => $request->is_ajax(), @@ -2224,16 +2234,36 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo if ($request->is_ajax()) { $u_action .= '&confirm_uid=' . $user->data['user_id'] . '&sess=' . $user->session_id . '&sid=' . $user->session_id; - $json_response = new \phpbb\json_response; - $json_response->send(array( + $data = array( 'MESSAGE_BODY' => $template->assign_display('body'), - 'MESSAGE_TITLE' => (!isset($user->lang[$title])) ? $user->lang['CONFIRM'] : $user->lang[$title], - 'MESSAGE_TEXT' => (!isset($user->lang[$title . '_CONFIRM'])) ? $title : $user->lang[$title . '_CONFIRM'], + 'MESSAGE_TITLE' => $confirm_title, + 'MESSAGE_TEXT' => $confirm_text, - 'YES_VALUE' => $user->lang['YES'], + 'YES_VALUE' => $language->lang('YES'), 'S_CONFIRM_ACTION' => str_replace('&', '&', $u_action), //inefficient, rewrite whole function 'S_HIDDEN_FIELDS' => $hidden . $s_hidden_fields - )); + ); + + /** + * This event allows an extension to modify the ajax output of confirm box. + * + * @event core.confirm_box_ajax_before + * @var string u_action Action of the form + * @var array data Data to be sent + * @var string hidden Hidden fields generated by caller + * @var string s_hidden_fields Hidden fields generated by this function + * @since 3.2.8-RC1 + */ + $vars = array( + 'u_action', + 'data', + 'hidden', + 's_hidden_fields', + ); + extract($phpbb_dispatcher->trigger_event('core.confirm_box_ajax_before', compact($vars))); + + $json_response = new \phpbb\json_response; + $json_response->send($data); } if (defined('IN_ADMIN') && isset($user->data['session_admin']) && $user->data['session_admin']) @@ -2244,6 +2274,8 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo { page_footer(); } + + exit; // unreachable, page_footer() above will call exit() } /** @@ -2255,6 +2287,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa global $request, $phpbb_container, $phpbb_dispatcher, $phpbb_log; $err = ''; + $form_name = 'login'; // Make sure user->setup() has been called if (!$user->is_setup()) @@ -2330,8 +2363,19 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa trigger_error('NO_AUTH_ADMIN_USER_DIFFER'); } - // If authentication is successful we redirect user to previous page - $result = $auth->login($username, $password, $autologin, $viewonline, $admin); + // Check form key + if ($password && !check_form_key($form_name)) + { + $result = array( + 'status' => false, + 'error_msg' => 'FORM_INVALID', + ); + } + else + { + // If authentication is successful we redirect user to previous page + $result = $auth->login($username, $password, $autologin, $viewonline, $admin); + } // If admin authentication and login, we will log if it was a success or not... // We also break the operation on the first non-success login - it could be argued that the user already knows @@ -2482,6 +2526,9 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa )); } + // Add form token for login box + add_form_key($form_name, '_LOGIN'); + $s_hidden_fields = build_hidden_fields($s_hidden_fields); $login_box_template_data = array( @@ -2616,6 +2663,9 @@ function login_forum_box($forum_data) page_header($user->lang['LOGIN']); + // Add form token for login box + add_form_key('login', '_LOGIN'); + $template->assign_vars(array( 'FORUM_NAME' => isset($forum_data['forum_name']) ? $forum_data['forum_name'] : '', 'S_LOGIN_ACTION' => build_url(array('f')), @@ -4388,6 +4438,19 @@ function page_header($page_title = '', $display_online_list = false, $item_id = $controller_helper = $phpbb_container->get('controller.helper'); $notification_mark_hash = generate_link_hash('mark_all_notifications_read'); + $s_login_redirect = build_hidden_fields(array('redirect' => $phpbb_path_helper->remove_web_root_path(build_url()))); + /** + * Workaround for missing template variable in pre phpBB 3.2.6 styles. + * @deprecated 3.2.7 (To be removed: 3.3.0-a1) + */ + $form_token_login = $template->retrieve_var('S_FORM_TOKEN_LOGIN'); + if (!empty($form_token_login)) + { + $s_login_redirect .= $form_token_login; + // Remove S_FORM_TOKEN_LOGIN as it's already appended to S_LOGIN_REDIRECT + $template->assign_var('S_FORM_TOKEN_LOGIN', ''); + } + // The following assigns all _common_ variables that may be used at any point in a template. $template->assign_vars(array( 'SITENAME' => $config['sitename'], @@ -4477,7 +4540,7 @@ function page_header($page_title = '', $display_online_list = false, $item_id = 'S_TOPIC_ID' => $topic_id, 'S_LOGIN_ACTION' => ((!defined('ADMIN_START')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=login') : append_sid("{$phpbb_admin_path}index.$phpEx", false, true, $user->session_id)), - 'S_LOGIN_REDIRECT' => build_hidden_fields(array('redirect' => $phpbb_path_helper->remove_web_root_path(build_url()))), + 'S_LOGIN_REDIRECT' => $s_login_redirect, 'S_ENABLE_FEEDS' => ($config['feed_enable']) ? true : false, 'S_ENABLE_FEEDS_OVERALL' => ($config['feed_overall']) ? true : false, diff --git a/phpBB/includes/functions_acp.php b/phpBB/includes/functions_acp.php index 9b7491305c..dd326c3db6 100644 --- a/phpBB/includes/functions_acp.php +++ b/phpBB/includes/functions_acp.php @@ -419,7 +419,7 @@ function build_cfg_template($tpl_type, $key, &$new_ary, $config_key, $vars) */ function validate_config_vars($config_vars, &$cfg_array, &$error) { - global $phpbb_root_path, $user, $phpbb_dispatcher, $phpbb_filesystem; + global $phpbb_root_path, $user, $phpbb_dispatcher, $phpbb_filesystem, $language; $type = 0; $min = 1; @@ -442,6 +442,16 @@ function validate_config_vars($config_vars, &$cfg_array, &$error) // Validate a bit. ;) (0 = type, 1 = min, 2= max) switch ($validator[$type]) { + case 'url': + $cfg_array[$config_name] = trim($cfg_array[$config_name]); + + if (!empty($cfg_array[$config_name]) && !preg_match('#^' . get_preg_expression('url') . '$#iu', $cfg_array[$config_name])) + { + $error[] = $language->lang('URL_INVALID', $language->lang($config_definition['lang'])); + } + + // no break here + case 'string': $length = utf8_strlen($cfg_array[$config_name]); diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php index 2fb83770fe..c19d48b0be 100644 --- a/phpBB/includes/functions_admin.php +++ b/phpBB/includes/functions_admin.php @@ -3042,6 +3042,8 @@ function tidy_database() } $db->sql_freeresult($result); + $db->sql_transaction('begin'); + // Delete those rows from the acl tables not having listed the forums above $sql = 'DELETE FROM ' . ACL_GROUPS_TABLE . ' WHERE ' . $db->sql_in_set('forum_id', $forum_ids, true); @@ -3051,6 +3053,8 @@ function tidy_database() WHERE ' . $db->sql_in_set('forum_id', $forum_ids, true); $db->sql_query($sql); + $db->sql_transaction('commit'); + $config->set('database_last_gc', time(), false); } diff --git a/phpBB/includes/functions_compatibility.php b/phpBB/includes/functions_compatibility.php index 4fe7e71117..e95fa40a58 100644 --- a/phpBB/includes/functions_compatibility.php +++ b/phpBB/includes/functions_compatibility.php @@ -391,7 +391,7 @@ function request_var($var_name, $default, $multibyte = false, $cookie = false, $ * * @deprecated 3.1.0 (To be removed: 3.3.0) */ -function get_tables(&$db) +function get_tables($db) { $db_tools_factory = new \phpbb\db\tools\factory(); $db_tools = $db_tools_factory->get($db); diff --git a/phpBB/includes/functions_content.php b/phpBB/includes/functions_content.php index 1840416efc..2542be5e02 100644 --- a/phpBB/includes/functions_content.php +++ b/phpBB/includes/functions_content.php @@ -1765,13 +1765,14 @@ class bitfield /** * Formats the quote according to the given BBCode status setting * - * @param bool $bbcode_status The status of the BBCode setting - * @param array $quote_attributes The attributes of the quoted post - * @param phpbb\textformatter\utils $text_formatter_utils Text formatter utilities - * @param parse_message $message_parser Message parser class - * @param string $message_link Link of the original quoted post + * @param phpbb\language\language $language Language class + * @param parse_message $message_parser Message parser class + * @param phpbb\textformatter\utils_interface $text_formatter_utils Text formatter utilities + * @param bool $bbcode_status The status of the BBCode setting + * @param array $quote_attributes The attributes of the quoted post + * @param string $message_link Link of the original quoted post */ -function phpbb_format_quote($bbcode_status, $quote_attributes, $text_formatter_utils, $message_parser, $message_link = '') +function phpbb_format_quote($language, $message_parser, $text_formatter_utils, $bbcode_status, $quote_attributes, $message_link = '') { if ($bbcode_status) { @@ -1797,7 +1798,7 @@ function phpbb_format_quote($bbcode_status, $quote_attributes, $text_formatter_u $message = $quote_string . $message; $message = str_replace("\n", "\n" . $quote_string, $message); - $message_parser->message = $quote_attributes['author'] . " " . $user->lang['WROTE'] . ":\n" . $message . "\n"; + $message_parser->message = $quote_attributes['author'] . " " . $language->lang('WROTE') . ":\n" . $message . "\n"; } if ($message_link) diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php index 4c1a90d5b5..792467019f 100644 --- a/phpBB/includes/functions_display.php +++ b/phpBB/includes/functions_display.php @@ -1241,6 +1241,7 @@ function display_user_activity(&$userdata_ary) } $userdata = $userdata_ary; + $show_user_activity = true; /** * Alter list of forums and topics to display as active * @@ -1248,9 +1249,11 @@ function display_user_activity(&$userdata_ary) * @var array userdata User's data * @var array active_f_row List of active forums * @var array active_t_row List of active posts + * @var bool show_user_activity Show user forum and topic activity * @since 3.1.0-RC3 + * @changed 3.2.5-RC1 Added show_user_activity into event */ - $vars = array('userdata', 'active_f_row', 'active_t_row'); + $vars = array('userdata', 'active_f_row', 'active_t_row', 'show_user_activity'); extract($phpbb_dispatcher->trigger_event('core.display_user_activity_modify_actives', compact($vars))); $userdata_ary = $userdata; unset($userdata); @@ -1287,7 +1290,7 @@ function display_user_activity(&$userdata_ary) 'ACTIVE_TOPIC_PCT' => sprintf($l_active_pct, $active_t_pct), 'U_ACTIVE_FORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $active_f_id), 'U_ACTIVE_TOPIC' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . $active_t_id), - 'S_SHOW_ACTIVITY' => true) + 'S_SHOW_ACTIVITY' => $show_user_activity) ); } diff --git a/phpBB/includes/functions_download.php b/phpBB/includes/functions_download.php index 7be12baa13..1f409be58c 100644 --- a/phpBB/includes/functions_download.php +++ b/phpBB/includes/functions_download.php @@ -196,7 +196,7 @@ function send_file_to_browser($attachment, $upload_dir, $category) } // Now the tricky part... let's dance - header('Cache-Control: public'); + header('Cache-Control: private'); // Send out the Headers. Do not set Content-Disposition to inline please, it is a security measure for users using the Internet Explorer. header('Content-Type: ' . $attachment['mimetype']); @@ -451,7 +451,7 @@ function set_modified_headers($stamp, $browser) { send_status_line(304, 'Not Modified'); // seems that we need those too ... browsers - header('Cache-Control: public'); + header('Cache-Control: private'); header('Expires: ' . gmdate('D, d M Y H:i:s', time() + 31536000) . ' GMT'); return true; } diff --git a/phpBB/includes/functions_mcp.php b/phpBB/includes/functions_mcp.php index d91993b23f..75e24618de 100644 --- a/phpBB/includes/functions_mcp.php +++ b/phpBB/includes/functions_mcp.php @@ -22,12 +22,12 @@ if (!defined('IN_PHPBB')) /** * Functions used to generate additional URL paramters */ -function phpbb_module__url($mode, &$module_row) +function phpbb_module__url($mode, $module_row) { return phpbb_extra_url(); } -function phpbb_module_notes_url($mode, &$module_row) +function phpbb_module_notes_url($mode, $module_row) { if ($mode == 'front') { @@ -38,7 +38,7 @@ function phpbb_module_notes_url($mode, &$module_row) return ($user_id) ? "&u=$user_id" : ''; } -function phpbb_module_warn_url($mode, &$module_row) +function phpbb_module_warn_url($mode, $module_row) { if ($mode == 'front' || $mode == 'list') { @@ -64,27 +64,27 @@ function phpbb_module_warn_url($mode, &$module_row) } } -function phpbb_module_main_url($mode, &$module_row) +function phpbb_module_main_url($mode, $module_row) { return phpbb_extra_url(); } -function phpbb_module_logs_url($mode, &$module_row) +function phpbb_module_logs_url($mode, $module_row) { return phpbb_extra_url(); } -function phpbb_module_ban_url($mode, &$module_row) +function phpbb_module_ban_url($mode, $module_row) { return phpbb_extra_url(); } -function phpbb_module_queue_url($mode, &$module_row) +function phpbb_module_queue_url($mode, $module_row) { return phpbb_extra_url(); } -function phpbb_module_reports_url($mode, &$module_row) +function phpbb_module_reports_url($mode, $module_row) { return phpbb_extra_url(); } diff --git a/phpBB/includes/functions_messenger.php b/phpBB/includes/functions_messenger.php index 4f0d40031d..7f8238e1bf 100644 --- a/phpBB/includes/functions_messenger.php +++ b/phpBB/includes/functions_messenger.php @@ -181,10 +181,9 @@ class messenger /** * Adds X-AntiAbuse headers * - * @param array $config Configuration array - * @param user $user A user object - * - * @return null + * @param \phpbb\config\config $config Config object + * @param \phpbb\user $user User object + * @return void */ function anti_abuse_headers($config, $user) { @@ -1582,6 +1581,14 @@ class smtp_class */ protected function starttls() { + global $config; + + // allow SMTPS (what was used by phpBB 3.0) if hostname is prefixed with tls:// or ssl:// + if (strpos($config['smtp_host'], 'tls://') === 0 || strpos($config['smtp_host'], 'ssl://') === 0) + { + return true; + } + if (!function_exists('stream_socket_enable_crypto')) { return false; @@ -1604,7 +1611,9 @@ class smtp_class if (socket_set_blocking($this->socket, 1)) { - $result = stream_socket_enable_crypto($this->socket, true, STREAM_CRYPTO_METHOD_TLS_CLIENT); + // https://secure.php.net/manual/en/function.stream-socket-enable-crypto.php#119122 + $crypto = (phpbb_version_compare(PHP_VERSION, '5.6.7', '<')) ? STREAM_CRYPTO_METHOD_TLS_CLIENT : STREAM_CRYPTO_METHOD_SSLv23_CLIENT; + $result = stream_socket_enable_crypto($this->socket, true, $crypto); socket_set_blocking($this->socket, (int) $stream_meta['blocked']); } diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index c7d691287c..c5a7400ddf 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -202,11 +202,13 @@ function update_post_information($type, $ids, $return_update_sql = false) if (count($ids) == 1) { - $sql = 'SELECT MAX(p.post_id) as last_post_id + $sql = 'SELECT p.post_id as last_post_id FROM ' . POSTS_TABLE . " p $topic_join WHERE " . $db->sql_in_set('p.' . $type . '_id', $ids) . " $topic_condition - AND p.post_visibility = " . ITEM_APPROVED; + AND p.post_visibility = " . ITEM_APPROVED . " + ORDER BY p.post_id DESC"; + $result = $db->sql_query_limit($sql, 1); } else { @@ -216,8 +218,8 @@ function update_post_information($type, $ids, $return_update_sql = false) $topic_condition AND p.post_visibility = " . ITEM_APPROVED . " GROUP BY p.{$type}_id"; + $result = $db->sql_query($sql); } - $result = $db->sql_query($sql); $last_post_ids = array(); while ($row = $db->sql_fetchrow($result)) @@ -976,6 +978,30 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id AND u.user_id = p.poster_id', ); + /** + * Event to modify the SQL query for topic reviews + * + * @event core.topic_review_modify_sql_ary + * @var int topic_id The topic ID that is being reviewed + * @var int forum_id The topic's forum ID + * @var string mode The topic review mode + * @var int cur_post_id Post offset ID + * @var bool show_quote_button Flag indicating if the quote button should be displayed + * @var array post_list Array with the post IDs + * @var array sql_ary Array with the SQL query + * @since 3.2.8-RC1 + */ + $vars = array( + 'topic_id', + 'forum_id', + 'mode', + 'cur_post_id', + 'show_quote_button', + 'post_list', + 'sql_ary', + ); + extract($phpbb_dispatcher->trigger_event('core.topic_review_modify_sql_ary', compact($vars))); + $sql = $db->sql_build_query('SELECT', $sql_ary); $result = $db->sql_query($sql); @@ -1282,6 +1308,7 @@ function delete_post($forum_id, $topic_id, $post_id, &$data, $is_soft = false, $ delete_topics('topic_id', array($topic_id), false); $phpbb_content_visibility->remove_topic_from_statistic($data, $sql_data); + $config->increment('num_posts', -1, false); $update_sql = update_post_information('forum', $forum_id, true); if (count($update_sql)) diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php index 444bf2c7e0..baadf5bdee 100644 --- a/phpBB/includes/functions_privmsgs.php +++ b/phpBB/includes/functions_privmsgs.php @@ -490,7 +490,7 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false) 'bcc' => explode(':', $row['bcc_address']), 'friend' => (isset($zebra[$row['author_id']])) ? $zebra[$row['author_id']]['friend'] : 0, 'foe' => (isset($zebra[$row['author_id']])) ? $zebra[$row['author_id']]['foe'] : 0, - 'user_in_group' => array($user->data['group_id']), + 'user_in_group' => $user->data['group_id'], 'author_in_group' => array()) ); @@ -1966,7 +1966,7 @@ function submit_pm($mode, $subject, &$data_ary, $put_in_outbox = true) */ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode = false) { - global $db, $user, $template, $phpbb_root_path, $phpEx, $auth; + global $db, $user, $template, $phpbb_root_path, $phpEx, $auth, $phpbb_dispatcher; // Select all receipts and the author from the pm we currently view, to only display their pm-history $sql = 'SELECT author_id, user_id @@ -2087,7 +2087,7 @@ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode $previous_history_pm = $prev_id; } - $template->assign_block_vars('history_row', array( + $template_vars = array( 'MESSAGE_AUTHOR_QUOTE' => (($decoded_message) ? addslashes(get_username_string('username', $author_id, $row['username'], $row['user_colour'], $row['username'])) : ''), 'MESSAGE_AUTHOR_FULL' => get_username_string('full', $author_id, $row['username'], $row['user_colour'], $row['username']), 'MESSAGE_AUTHOR_COLOUR' => get_username_string('colour', $author_id, $row['username'], $row['user_colour'], $row['username']), @@ -2109,8 +2109,25 @@ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode 'USER_ID' => $row['user_id'], 'U_VIEW_MESSAGE' => "$url&f=$folder_id&p=" . $row['msg_id'], 'U_QUOTE' => (!$in_post_mode && $auth->acl_get('u_sendpm') && $author_id != ANONYMOUS) ? "$url&mode=compose&action=quote&f=" . $folder_id . "&p=" . $row['msg_id'] : '', - 'U_POST_REPLY_PM' => ($author_id != $user->data['user_id'] && $author_id != ANONYMOUS && $auth->acl_get('u_sendpm')) ? "$url&mode=compose&action=reply&f=$folder_id&p=" . $row['msg_id'] : '') + 'U_POST_REPLY_PM' => ($author_id != $user->data['user_id'] && $author_id != ANONYMOUS && $auth->acl_get('u_sendpm')) ? "$url&mode=compose&action=reply&f=$folder_id&p=" . $row['msg_id'] : '' ); + + /** + * Modify the template vars for displaying the message history in private message + * + * @event core.message_history_modify_template_vars + * @var array template_vars Array containing the query + * @var array row Array containing the action user row + * @since 3.2.8-RC1 + */ + $vars = array( + 'template_vars', + 'row', + ); + extract($phpbb_dispatcher->trigger_event('core.message_history_modify_template_vars', compact($vars))); + + $template->assign_block_vars('history_row', $template_vars); + unset($rowset[$i]); $prev_id = $id; } diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index d019b867fa..3bf4aa16b7 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -26,8 +26,10 @@ if (!defined('IN_PHPBB')) * @param array &$user_id_ary The user ids to check or empty if usernames used * @param array &$username_ary The usernames to check or empty if user ids used * @param mixed $user_type Array of user types to check, false if not restricting by user type +* @param boolean $update_references If false, the supplied array is unset and appears unchanged from where it was called +* @return boolean|string Returns false on success, error string on failure */ -function user_get_id_name(&$user_id_ary, &$username_ary, $user_type = false) +function user_get_id_name(&$user_id_ary, &$username_ary, $user_type = false, $update_references = false) { global $db; @@ -50,7 +52,13 @@ function user_get_id_name(&$user_id_ary, &$username_ary, $user_type = false) } $sql_in = ($which_ary == 'user_id_ary') ? array_map('intval', ${$which_ary}) : array_map('utf8_clean_string', ${$which_ary}); - unset(${$which_ary}); + + // By unsetting the array here, the values passed in at the point user_get_id_name() was called will be retained. + // Otherwise, if we don't unset (as the array was passed by reference) the original array will be updated below. + if ($update_references === false) + { + unset(${$which_ary}); + } $user_id_ary = $username_ary = array(); @@ -666,8 +674,30 @@ function user_delete($mode, $user_ids, $retain_username = true) delete_posts('poster_id', $user_ids); } - $table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE, PROFILE_FIELDS_DATA_TABLE, MODERATOR_CACHE_TABLE, DRAFTS_TABLE, BOOKMARKS_TABLE, SESSIONS_KEYS_TABLE, PRIVMSGS_FOLDER_TABLE, PRIVMSGS_RULES_TABLE, $phpbb_container->getParameter('tables.auth_provider_oauth_token_storage'), $phpbb_container->getParameter('tables.auth_provider_oauth_states'), $phpbb_container->getParameter('tables.auth_provider_oauth_account_assoc')); - + $table_ary = [ + USERS_TABLE, + USER_GROUP_TABLE, + TOPICS_WATCH_TABLE, + FORUMS_WATCH_TABLE, + ACL_USERS_TABLE, + TOPICS_TRACK_TABLE, + TOPICS_POSTED_TABLE, + FORUMS_TRACK_TABLE, + PROFILE_FIELDS_DATA_TABLE, + MODERATOR_CACHE_TABLE, + DRAFTS_TABLE, + BOOKMARKS_TABLE, + SESSIONS_KEYS_TABLE, + PRIVMSGS_FOLDER_TABLE, + PRIVMSGS_RULES_TABLE, + $phpbb_container->getParameter('tables.auth_provider_oauth_token_storage'), + $phpbb_container->getParameter('tables.auth_provider_oauth_states'), + $phpbb_container->getParameter('tables.auth_provider_oauth_account_assoc'), + $phpbb_container->getParameter('tables.user_notifications') + ]; + + // Ignore errors on deleting from non-existent tables, e.g. when migrating + $db->sql_return_on_error(true); // Delete the miscellaneous (non-post) data for the user foreach ($table_ary as $table) { @@ -675,6 +705,7 @@ function user_delete($mode, $user_ids, $retain_username = true) WHERE " . $user_id_sql; $db->sql_query($sql); } + $db->sql_return_on_error(); $cache->destroy('sql', MODERATOR_CACHE_TABLE); @@ -1687,17 +1718,21 @@ function phpbb_validate_timezone($timezone) return (in_array($timezone, phpbb_get_timezone_identifiers($timezone))) ? false : 'TIMEZONE_INVALID'; } -/** -* Check to see if the username has been taken, or if it is disallowed. -* Also checks if it includes the " character, which we don't allow in usernames. -* Used for registering, changing names, and posting anonymously with a username -* -* @param string $username The username to check -* @param string $allowed_username An allowed username, default being $user->data['username'] -* -* @return mixed Either false if validation succeeded or a string which will be used as the error message (with the variable name appended) -*/ -function validate_username($username, $allowed_username = false) +/*** + * Validate Username + * + * Check to see if the username has been taken, or if it is disallowed. + * Also checks if it includes the " character or the 4-bytes Unicode ones + * (aka emojis) which we don't allow in usernames. + * Used for registering, changing names, and posting anonymously with a username + * + * @param string $username The username to check + * @param string $allowed_username An allowed username, default being $user->data['username'] + * + * @return mixed Either false if validation succeeded or a string which will be + * used as the error message (with the variable name appended) + */ +function validate_username($username, $allowed_username = false, $allow_all_names = false) { global $config, $db, $user, $cache; @@ -1709,6 +1744,14 @@ function validate_username($username, $allowed_username = false) return false; } + // The very first check is for + // out-of-bounds characters that are currently + // not supported by utf8_bin in MySQL + if (preg_match('/[\x{10000}-\x{10FFFF}]/u', $username)) + { + return 'INVALID_EMOJIS'; + } + // ... fast checks first. if (strpos($username, '"') !== false || strpos($username, '"') !== false || empty($clean_username)) { @@ -1772,13 +1815,16 @@ function validate_username($username, $allowed_username = false) return 'USERNAME_TAKEN'; } - $bad_usernames = $cache->obtain_disallowed_usernames(); - - foreach ($bad_usernames as $bad_username) + if (!$allow_all_names) { - if (preg_match('#^' . $bad_username . '$#', $clean_username)) + $bad_usernames = $cache->obtain_disallowed_usernames(); + + foreach ($bad_usernames as $bad_username) { - return 'USERNAME_DISALLOWED'; + if (preg_match('#^' . $bad_username . '$#', $clean_username)) + { + return 'USERNAME_DISALLOWED'; + } } } @@ -1899,9 +1945,9 @@ function validate_user_email($email, $allowed_email = false) return $validate_email; } - if (($ban_reason = $user->check_ban(false, false, $email, true)) !== false) + if (($ban = $user->check_ban(false, false, $email, true)) !== false) { - return ($ban_reason === true) ? 'EMAIL_BANNED' : $ban_reason; + return ($ban === true) ? 'EMAIL_BANNED' : (!empty($ban['ban_give_reason']) ? $ban['ban_give_reason'] : $ban); } if (!$config['allow_emailreuse']) @@ -2676,6 +2722,13 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false, return 'NO_USER'; } + // Because the item that gets passed into the previous function is unset, the reference is lost and our original + // array is retained - so we know there's a problem if there's a different number of ids to usernames now. + if (count($user_id_ary) != count($username_ary)) + { + return 'GROUP_USERS_INVALID'; + } + // Remove users who are already members of this group $sql = 'SELECT user_id, group_leader FROM ' . USER_GROUP_TABLE . ' diff --git a/phpBB/includes/mcp/mcp_ban.php b/phpBB/includes/mcp/mcp_ban.php index b878b1af0a..6f748f5433 100644 --- a/phpBB/includes/mcp/mcp_ban.php +++ b/phpBB/includes/mcp/mcp_ban.php @@ -34,7 +34,10 @@ class mcp_ban } // Include the admin banning interface... - include($phpbb_root_path . 'includes/acp/acp_ban.' . $phpEx); + if (!class_exists('acp_ban')) + { + include($phpbb_root_path . 'includes/acp/acp_ban.' . $phpEx); + } $bansubmit = $request->is_set_post('bansubmit'); $unbansubmit = $request->is_set_post('unbansubmit'); @@ -266,7 +269,7 @@ class mcp_ban } else if ($post_id) { - $post_info = phpbb_get_post_data($post_id, 'm_ban'); + $post_info = phpbb_get_post_data(array($post_id), 'm_ban'); if (count($post_info) && !empty($post_info[$post_id])) { diff --git a/phpBB/includes/mcp/mcp_front.php b/phpBB/includes/mcp/mcp_front.php index aeb716c1f9..918a98734b 100644 --- a/phpBB/includes/mcp/mcp_front.php +++ b/phpBB/includes/mcp/mcp_front.php @@ -290,7 +290,10 @@ function mcp_front_view($id, $mode, $action) if ($total) { - include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx); + if (!function_exists('get_recipient_strings')) + { + include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx); + } $sql_ary = array( 'SELECT' => 'r.report_id, r.report_time, p.msg_id, p.message_subject, p.message_time, p.to_address, p.bcc_address, p.message_attachment, u.username, u.username_clean, u.user_colour, u.user_id, u2.username as author_name, u2.username_clean as author_name_clean, u2.user_colour as author_colour, u2.user_id as author_id', diff --git a/phpBB/includes/mcp/mcp_logs.php b/phpBB/includes/mcp/mcp_logs.php index 049f24b262..79f9d35ebe 100644 --- a/phpBB/includes/mcp/mcp_logs.php +++ b/phpBB/includes/mcp/mcp_logs.php @@ -28,9 +28,9 @@ class mcp_logs var $u_action; var $p_master; - function __construct(&$p_master) + function __construct($p_master) { - $this->p_master = &$p_master; + $this->p_master = $p_master; } function main($id, $mode) diff --git a/phpBB/includes/mcp/mcp_main.php b/phpBB/includes/mcp/mcp_main.php index 196d2f995f..744eaebd7d 100644 --- a/phpBB/includes/mcp/mcp_main.php +++ b/phpBB/includes/mcp/mcp_main.php @@ -28,9 +28,9 @@ class mcp_main var $p_master; var $u_action; - function __construct(&$p_master) + function __construct($p_master) { - $this->p_master = &$p_master; + $this->p_master = $p_master; } function main($id, $mode) @@ -41,6 +41,22 @@ class mcp_main $quickmod = ($mode == 'quickmod') ? true : false; + /** + * Event to perform additional actions before an MCP action is executed. + * + * @event core.mcp_main_before + * @var string action The action that is about to be performed + * @var string mode The mode in which the MCP is accessed, e.g. front, forum_view, topic_view, post_details, quickmod + * @var boolean quickmod Whether or not the action is performed via QuickMod + * @since 3.2.8-RC1 + */ + $vars = [ + 'action', + 'mode', + 'quickmod', + ]; + extract($phpbb_dispatcher->trigger_event('core.mcp_main_before', compact($vars))); + switch ($action) { case 'lock': @@ -174,7 +190,10 @@ class mcp_main switch ($mode) { case 'front': - include($phpbb_root_path . 'includes/mcp/mcp_front.' . $phpEx); + if (!function_exists('mcp_front_view')) + { + include($phpbb_root_path . 'includes/mcp/mcp_front.' . $phpEx); + } $user->add_lang('acp/common'); @@ -185,7 +204,10 @@ class mcp_main break; case 'forum_view': - include($phpbb_root_path . 'includes/mcp/mcp_forum.' . $phpEx); + if (!function_exists('mcp_forum_view')) + { + include($phpbb_root_path . 'includes/mcp/mcp_forum.' . $phpEx); + } $user->add_lang('viewforum'); @@ -208,7 +230,10 @@ class mcp_main break; case 'topic_view': - include($phpbb_root_path . 'includes/mcp/mcp_topic.' . $phpEx); + if (!function_exists('mcp_topic_view')) + { + include($phpbb_root_path . 'includes/mcp/mcp_topic.' . $phpEx); + } mcp_topic_view($id, $mode, $action); @@ -217,7 +242,10 @@ class mcp_main break; case 'post_details': - include($phpbb_root_path . 'includes/mcp/mcp_post.' . $phpEx); + if (!function_exists('mcp_post_details')) + { + include($phpbb_root_path . 'includes/mcp/mcp_post.' . $phpEx); + } mcp_post_details($id, $mode, $action); @@ -366,7 +394,7 @@ function lock_unlock($action, $ids) */ function change_topic_type($action, $topic_ids) { - global $user, $db, $request, $phpbb_log; + global $user, $db, $request, $phpbb_log, $phpbb_dispatcher; switch ($action) { @@ -414,6 +442,25 @@ function change_topic_type($action, $topic_ids) if (confirm_box(true)) { + + /** + * Perform additional actions before changing topic(s) type + * + * @event core.mcp_change_topic_type_before + * @var int new_topic_type The candidated topic type. + * @var int forum_id The forum ID for the topic ID(s). + * @var array topic_ids Array containing the topic ID(s) that will be changed + * @since 3.2.6-RC1 + */ + $vars = array( + 'new_topic_type', + 'forum_id', + 'topic_ids', + ); + extract($phpbb_dispatcher->trigger_event('core.mcp_change_topic_type_before', compact($vars))); + + $db->sql_transaction('begin'); + $sql = 'UPDATE ' . TOPICS_TABLE . " SET topic_type = $new_topic_type WHERE " . $db->sql_in_set('topic_id', $topic_ids); @@ -425,13 +472,10 @@ function change_topic_type($action, $topic_ids) $sql = 'DELETE FROM ' . TOPICS_TABLE . ' WHERE ' . $db->sql_in_set('topic_moved_id', $topic_ids); $db->sql_query($sql); - - $sql = 'UPDATE ' . TOPICS_TABLE . " - SET topic_type = $new_topic_type - WHERE " . $db->sql_in_set('topic_id', $topic_ids); - $db->sql_query($sql); } + $db->sql_transaction('commit'); + $success_msg = (count($topic_ids) == 1) ? 'TOPIC_TYPE_CHANGED' : 'TOPICS_TYPE_CHANGED'; if (count($topic_ids)) @@ -448,6 +492,22 @@ function change_topic_type($action, $topic_ids) } } + /** + * Perform additional actions after changing topic types + * + * @event core.mcp_change_topic_type_after + * @var int new_topic_type The newly changed topic type. + * @var int forum_id The forum ID where the newly changed topic type belongs to. + * @var array topic_ids Array containing the topic IDs that have been changed + * @since 3.2.6-RC1 + */ + $vars = array( + 'new_topic_type', + 'forum_id', + 'topic_ids', + ); + extract($phpbb_dispatcher->trigger_event('core.mcp_change_topic_type_after', compact($vars))); + meta_refresh(2, $redirect); $message = $user->lang[$success_msg]; @@ -930,10 +990,11 @@ function mcp_delete_topic($topic_ids, $is_soft = false, $soft_delete_reason = '' 'DELETE_TOPIC_PERMANENTLY_EXPLAIN' => $user->lang('DELETE_TOPIC_PERMANENTLY', count($topic_ids)), )); - $l_confirm = (count($topic_ids) == 1) ? 'DELETE_TOPIC' : 'DELETE_TOPICS'; + $count = count($topic_ids); + $l_confirm = $count === 1 ? 'DELETE_TOPIC' : 'DELETE_TOPICS'; if ($only_softdeleted) { - $l_confirm .= '_PERMANENTLY'; + $l_confirm = array($l_confirm . '_PERMANENTLY', $count); $s_hidden_fields['delete_permanent'] = '1'; } else if ($only_shadow || !$auth->acl_get('m_softdelete', $forum_id)) @@ -1184,10 +1245,11 @@ function mcp_delete_post($post_ids, $is_soft = false, $soft_delete_reason = '', 'DELETE_POST_PERMANENTLY_EXPLAIN' => $user->lang('DELETE_POST_PERMANENTLY', count($post_ids)), )); - $l_confirm = (count($post_ids) == 1) ? 'DELETE_POST' : 'DELETE_POSTS'; + $count = count($post_ids); + $l_confirm = $count === 1 ? 'DELETE_POST' : 'DELETE_POSTS'; if ($only_softdeleted) { - $l_confirm .= '_PERMANENTLY'; + $l_confirm = array($l_confirm . '_PERMANENTLY', $count); $s_hidden_fields['delete_permanent'] = '1'; } else if (!$auth->acl_get('m_softdelete', $forum_id)) diff --git a/phpBB/includes/mcp/mcp_notes.php b/phpBB/includes/mcp/mcp_notes.php index 12b116e495..a4c2356a43 100644 --- a/phpBB/includes/mcp/mcp_notes.php +++ b/phpBB/includes/mcp/mcp_notes.php @@ -28,9 +28,9 @@ class mcp_notes var $p_master; var $u_action; - function __construct(&$p_master) + function __construct($p_master) { - $this->p_master = &$p_master; + $this->p_master = $p_master; } function main($id, $mode) diff --git a/phpBB/includes/mcp/mcp_pm_reports.php b/phpBB/includes/mcp/mcp_pm_reports.php index ba89733bfe..eecfe9cbc8 100644 --- a/phpBB/includes/mcp/mcp_pm_reports.php +++ b/phpBB/includes/mcp/mcp_pm_reports.php @@ -28,9 +28,9 @@ class mcp_pm_reports var $p_master; var $u_action; - function __construct(&$p_master) + function __construct($p_master) { - $this->p_master = &$p_master; + $this->p_master = $p_master; } function main($id, $mode) diff --git a/phpBB/includes/mcp/mcp_queue.php b/phpBB/includes/mcp/mcp_queue.php index a95c8fad44..dec583f6f4 100644 --- a/phpBB/includes/mcp/mcp_queue.php +++ b/phpBB/includes/mcp/mcp_queue.php @@ -28,9 +28,9 @@ class mcp_queue var $p_master; var $u_action; - public function __construct(&$p_master) + public function __construct($p_master) { - $this->p_master = &$p_master; + $this->p_master = $p_master; } public function main($id, $mode) diff --git a/phpBB/includes/mcp/mcp_reports.php b/phpBB/includes/mcp/mcp_reports.php index b4018184a7..4600257344 100644 --- a/phpBB/includes/mcp/mcp_reports.php +++ b/phpBB/includes/mcp/mcp_reports.php @@ -28,9 +28,9 @@ class mcp_reports var $p_master; var $u_action; - function __construct(&$p_master) + function __construct($p_master) { - $this->p_master = &$p_master; + $this->p_master = $p_master; } function main($id, $mode) diff --git a/phpBB/includes/mcp/mcp_topic.php b/phpBB/includes/mcp/mcp_topic.php index 9c63245982..68a65aafdd 100644 --- a/phpBB/includes/mcp/mcp_topic.php +++ b/phpBB/includes/mcp/mcp_topic.php @@ -93,7 +93,11 @@ function mcp_topic_view($id, $mode, $action) // Restore or pprove posts? if (($action == 'restore' || $action == 'approve') && $auth->acl_get('m_approve', $topic_info['forum_id'])) { - include($phpbb_root_path . 'includes/mcp/mcp_queue.' . $phpEx); + if (!class_exists('mcp_queue')) + { + include($phpbb_root_path . 'includes/mcp/mcp_queue.' . $phpEx); + } + include_once($phpbb_root_path . 'includes/functions_posting.' . $phpEx); include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); diff --git a/phpBB/includes/mcp/mcp_warn.php b/phpBB/includes/mcp/mcp_warn.php index 888069ef5d..df175133fc 100644 --- a/phpBB/includes/mcp/mcp_warn.php +++ b/phpBB/includes/mcp/mcp_warn.php @@ -28,9 +28,9 @@ class mcp_warn var $p_master; var $u_action; - function __construct(&$p_master) + function __construct($p_master) { - $this->p_master = &$p_master; + $this->p_master = $p_master; } function main($id, $mode) diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index c12f2ab1aa..0b79cca864 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -1587,6 +1587,16 @@ class parse_message extends bbcode_firstpass 'poster_id' => $user->data['user_id'], ); + /** + * Modify attachment sql array on submit + * + * @event core.modify_attachment_sql_ary_on_submit + * @var array sql_ary Array containing SQL data + * @since 3.2.6-RC1 + */ + $vars = array('sql_ary'); + extract($phpbb_dispatcher->trigger_event('core.modify_attachment_sql_ary_on_submit', compact($vars))); + $db->sql_query('INSERT INTO ' . ATTACHMENTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary)); $new_entry = array( @@ -1722,6 +1732,16 @@ class parse_message extends bbcode_firstpass 'poster_id' => $user->data['user_id'], ); + /** + * Modify attachment sql array on upload + * + * @event core.modify_attachment_sql_ary_on_upload + * @var array sql_ary Array containing SQL data + * @since 3.2.6-RC1 + */ + $vars = array('sql_ary'); + extract($phpbb_dispatcher->trigger_event('core.modify_attachment_sql_ary_on_upload', compact($vars))); + $db->sql_query('INSERT INTO ' . ATTACHMENTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary)); $new_entry = array( diff --git a/phpBB/includes/ucp/ucp_attachments.php b/phpBB/includes/ucp/ucp_attachments.php index c1b623cd71..7808fed325 100644 --- a/phpBB/includes/ucp/ucp_attachments.php +++ b/phpBB/includes/ucp/ucp_attachments.php @@ -29,7 +29,7 @@ class ucp_attachments function main($id, $mode) { - global $template, $user, $db, $config, $phpEx, $phpbb_root_path, $phpbb_container, $request; + global $template, $user, $db, $config, $phpEx, $phpbb_root_path, $phpbb_container, $request, $auth; $start = $request->variable('start', 0); $sort_key = $request->variable('sk', 'a'); @@ -41,16 +41,27 @@ class ucp_attachments if ($delete && count($delete_ids)) { // Validate $delete_ids... - $sql = 'SELECT attach_id - FROM ' . ATTACHMENTS_TABLE . ' - WHERE poster_id = ' . $user->data['user_id'] . ' - AND is_orphan = 0 - AND ' . $db->sql_in_set('attach_id', $delete_ids); + $sql = 'SELECT a.attach_id, p.post_edit_locked, t.topic_status, f.forum_id, f.forum_status + FROM ' . ATTACHMENTS_TABLE . ' a + LEFT JOIN ' . POSTS_TABLE . ' p + ON (a.post_msg_id = p.post_id AND a.in_message = 0) + LEFT JOIN ' . TOPICS_TABLE . ' t + ON (t.topic_id = p.topic_id AND a.in_message = 0) + LEFT JOIN ' . FORUMS_TABLE . ' f + ON (f.forum_id = t.forum_id AND a.in_message = 0) + WHERE a.poster_id = ' . $user->data['user_id'] . ' + AND a.is_orphan = 0 + AND ' . $db->sql_in_set('a.attach_id', $delete_ids); $result = $db->sql_query($sql); $delete_ids = array(); while ($row = $db->sql_fetchrow($result)) { + if (!$auth->acl_get('m_edit', $row['forum_id']) && ($row['forum_status'] == ITEM_LOCKED || $row['topic_status'] == ITEM_LOCKED || $row['post_edit_locked'])) + { + continue; + } + $delete_ids[] = $row['attach_id']; } $db->sql_freeresult($result); @@ -124,10 +135,12 @@ class ucp_attachments $pagination = $phpbb_container->get('pagination'); $start = $pagination->validate_start($start, $config['topics_per_page'], $num_attachments); - $sql = 'SELECT a.*, t.topic_title, p.message_subject as message_title + $sql = 'SELECT a.*, t.topic_title, pr.message_subject as message_title, p.post_edit_locked, t.topic_status, f.forum_id, f.forum_status FROM ' . ATTACHMENTS_TABLE . ' a + LEFT JOIN ' . POSTS_TABLE . ' p ON (a.post_msg_id = p.post_id AND a.in_message = 0) LEFT JOIN ' . TOPICS_TABLE . ' t ON (a.topic_id = t.topic_id AND a.in_message = 0) - LEFT JOIN ' . PRIVMSGS_TABLE . ' p ON (a.post_msg_id = p.msg_id AND a.in_message = 1) + LEFT JOIN ' . FORUMS_TABLE . ' f ON (f.forum_id = t.forum_id AND a.in_message = 0) + LEFT JOIN ' . PRIVMSGS_TABLE . ' pr ON (a.post_msg_id = pr.msg_id AND a.in_message = 1) WHERE a.poster_id = ' . $user->data['user_id'] . " AND a.is_orphan = 0 ORDER BY $order_by"; @@ -164,6 +177,7 @@ class ucp_attachments 'TOPIC_ID' => $row['topic_id'], 'S_IN_MESSAGE' => $row['in_message'], + 'S_LOCKED' => !$row['in_message'] && !$auth->acl_get('m_edit', $row['forum_id']) && ($row['forum_status'] == ITEM_LOCKED || $row['topic_status'] == ITEM_LOCKED || $row['post_edit_locked']), 'U_VIEW_ATTACHMENT' => append_sid("{$phpbb_root_path}download/file.$phpEx", 'id=' . $row['attach_id']), 'U_VIEW_TOPIC' => $view_topic) diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php index 1fb026167a..2423af86be 100644 --- a/phpBB/includes/ucp/ucp_groups.php +++ b/phpBB/includes/ucp/ucp_groups.php @@ -32,6 +32,9 @@ class ucp_groups global $db, $user, $auth, $cache, $template; global $request, $phpbb_container, $phpbb_log; + /** @var \phpbb\language\language $language Language object */ + $language = $phpbb_container->get('language'); + $user->add_lang('groups'); $return_page = '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $this->u_action . '">', '</a>'); @@ -396,7 +399,10 @@ class ucp_groups $action = (isset($_POST['addusers'])) ? 'addusers' : $request->variable('action', ''); $group_id = $request->variable('g', 0); - include($phpbb_root_path . 'includes/functions_display.' . $phpEx); + if (!function_exists('phpbb_get_user_rank')) + { + include($phpbb_root_path . 'includes/functions_display.' . $phpEx); + } add_form_key('ucp_groups'); @@ -1054,13 +1060,27 @@ class ucp_groups if (confirm_box(true)) { + $return_manage_page = '<br /><br />' . $language->lang('RETURN_PAGE', '<a href="' . $this->u_action . '&action=list&g=' . $group_id . '">', '</a>'); + // Add user/s to group if ($error = group_user_add($group_id, false, $name_ary, $group_name, $default, 0, 0, $group_row)) { - trigger_error($user->lang[$error] . $return_page); + $display_message = $language->lang($error); + + if ($error == 'GROUP_USERS_INVALID') + { + // Find which users don't exist + $actual_name_ary = $name_ary; + $actual_user_id_ary = []; + user_get_id_name($actual_user_id_ary, $actual_name_ary, false, true); + + $display_message = $language->lang('GROUP_USERS_INVALID', implode($language->lang('COMMA_SEPARATOR'), array_udiff($name_ary, $actual_name_ary, 'strcasecmp'))); + } + + trigger_error($display_message . $return_manage_page); } - trigger_error($user->lang['GROUP_USERS_ADDED'] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $this->u_action . '&action=list&g=' . $group_id . '">', '</a>')); + trigger_error($language->lang('GROUP_USERS_ADDED') . $return_manage_page); } else { diff --git a/phpBB/includes/ucp/ucp_main.php b/phpBB/includes/ucp/ucp_main.php index ec652a5e45..36f45f3f46 100644 --- a/phpBB/includes/ucp/ucp_main.php +++ b/phpBB/includes/ucp/ucp_main.php @@ -28,9 +28,9 @@ class ucp_main var $p_master; var $u_action; - function __construct(&$p_master) + function __construct($p_master) { - $this->p_master = &$p_master; + $this->p_master = $p_master; } function main($id, $mode) @@ -245,7 +245,10 @@ class ucp_main case 'subscribed': - include($phpbb_root_path . 'includes/functions_display.' . $phpEx); + if (!function_exists('topic_status')) + { + include($phpbb_root_path . 'includes/functions_display.' . $phpEx); + } $user->add_lang('viewforum'); @@ -481,7 +484,10 @@ class ucp_main break; } - include($phpbb_root_path . 'includes/functions_display.' . $phpEx); + if (!function_exists('topic_status')) + { + include($phpbb_root_path . 'includes/functions_display.' . $phpEx); + } $user->add_lang('viewforum'); diff --git a/phpBB/includes/ucp/ucp_pm.php b/phpBB/includes/ucp/ucp_pm.php index fa374c15c8..4d02620e89 100644 --- a/phpBB/includes/ucp/ucp_pm.php +++ b/phpBB/includes/ucp/ucp_pm.php @@ -82,7 +82,10 @@ class ucp_pm $mode = 'view'; } - include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx); + if (!function_exists('get_folder')) + { + include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx); + } switch ($mode) { @@ -104,7 +107,10 @@ class ucp_pm break; } - include($phpbb_root_path . 'includes/ucp/ucp_pm_compose.' . $phpEx); + if (!function_exists('compose_pm')) + { + include($phpbb_root_path . 'includes/ucp/ucp_pm_compose.' . $phpEx); + } compose_pm($id, $mode, $action, $user_folders); $tpl_file = 'posting_body'; @@ -114,7 +120,10 @@ class ucp_pm set_user_message_limit(); get_folder($user->data['user_id']); - include($phpbb_root_path . 'includes/ucp/ucp_pm_options.' . $phpEx); + if (!function_exists('message_options')) + { + include($phpbb_root_path . 'includes/ucp/ucp_pm_options.' . $phpEx); + } message_options($id, $mode, $global_privmsgs_rules, $global_rule_conditions); $tpl_file = 'ucp_pm_options'; @@ -125,8 +134,10 @@ class ucp_pm get_folder($user->data['user_id']); $this->p_name = 'pm'; - // Call another module... please do not try this at home... Hoochie Coochie Man - include($phpbb_root_path . 'includes/ucp/ucp_main.' . $phpEx); + if (!class_exists('ucp_main')) + { + include($phpbb_root_path . 'includes/ucp/ucp_main.' . $phpEx); + } $module = new ucp_main($this); $module->u_action = $this->u_action; @@ -375,7 +386,10 @@ class ucp_pm if ($action == 'view_folder') { - include($phpbb_root_path . 'includes/ucp/ucp_pm_viewfolder.' . $phpEx); + if (!function_exists('view_folder')) + { + include($phpbb_root_path . 'includes/ucp/ucp_pm_viewfolder.' . $phpEx); + } view_folder($id, $mode, $folder_id, $folder); $tpl_file = 'ucp_pm_viewfolder'; @@ -393,7 +407,10 @@ class ucp_pm trigger_error('NO_MESSAGE'); } - include($phpbb_root_path . 'includes/ucp/ucp_pm_viewmessage.' . $phpEx); + if (!function_exists('view_message')) + { + include($phpbb_root_path . 'includes/ucp/ucp_pm_viewmessage.' . $phpEx); + } view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row); $tpl_file = ($view == 'print') ? 'ucp_pm_viewmessage_print' : 'ucp_pm_viewmessage'; diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index bc59d8ca86..cb45112b01 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -33,9 +33,20 @@ function compose_pm($id, $mode, $action, $user_folders = array()) // Needed for handle_message_list_actions() global $refresh, $submit, $preview; - include($phpbb_root_path . 'includes/functions_posting.' . $phpEx); - include($phpbb_root_path . 'includes/functions_display.' . $phpEx); - include($phpbb_root_path . 'includes/message_parser.' . $phpEx); + if (!function_exists('generate_smilies')) + { + include($phpbb_root_path . 'includes/functions_posting.' . $phpEx); + } + + if (!function_exists('display_custom_bbcodes')) + { + include($phpbb_root_path . 'includes/functions_display.' . $phpEx); + } + + if (!class_exists('parse_message')) + { + include($phpbb_root_path . 'includes/message_parser.' . $phpEx); + } if (!$action) { @@ -986,12 +997,26 @@ function compose_pm($id, $mode, $action, $user_folders = array()) $quote_attributes['post_id'] = $post['msg_id']; } - phpbb_format_quote($bbcode_status, $quote_attributes, $phpbb_container->get('text_formatter.utils'), $message_parser, $message_link); + /** @var \phpbb\language\language $language */ + $language = $phpbb_container->get('language'); + /** @var \phpbb\textformatter\utils_interface $text_formatter_utils */ + $text_formatter_utils = $phpbb_container->get('text_formatter.utils'); + phpbb_format_quote($language, $message_parser, $text_formatter_utils, $bbcode_status, $quote_attributes, $message_link); } if (($action == 'reply' || $action == 'quote' || $action == 'quotepost') && !$preview && !$refresh) { $message_subject = ((!preg_match('/^Re:/', $message_subject)) ? 'Re: ' : '') . censor_text($message_subject); + + /** + * This event allows you to modify the PM subject of the PM being quoted + * + * @event core.pm_modify_message_subject + * @var string message_subject String with the PM subject already censored. + * @since 3.2.8-RC1 + */ + $vars = array('message_subject'); + extract($phpbb_dispatcher->trigger_event('core.pm_modify_message_subject', compact($vars))); } if ($action == 'forward' && !$preview && !$refresh && !$submit) @@ -1191,7 +1216,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) $controller_helper = $phpbb_container->get('controller.helper'); // Start assigning vars for main posting page ... - $template->assign_vars(array( + $template_ary = array( 'L_POST_A' => $page_title, 'L_ICON' => $user->lang['PM_ICON'], 'L_MESSAGE_BODY_EXPLAIN' => $user->lang('MESSAGE_BODY_EXPLAIN', (int) $config['max_post_chars']), @@ -1236,7 +1261,19 @@ function compose_pm($id, $mode, $action, $user_folders = array()) 'S_CLOSE_PROGRESS_WINDOW' => isset($_POST['add_file']), 'U_PROGRESS_BAR' => append_sid("{$phpbb_root_path}posting.$phpEx", 'f=0&mode=popup'), 'UA_PROGRESS_BAR' => addslashes(append_sid("{$phpbb_root_path}posting.$phpEx", 'f=0&mode=popup')), - )); + ); + + /** + * Modify the default template vars + * + * @event core.ucp_pm_compose_template + * @var array template_ary Template variables + * @since 3.2.6-RC1 + */ + $vars = array('template_ary'); + extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_template', compact($vars))); + + $template->assign_vars($template_ary); // Build custom bbcodes array display_custom_bbcodes(); diff --git a/phpBB/includes/ucp/ucp_pm_viewfolder.php b/phpBB/includes/ucp/ucp_pm_viewfolder.php index 2acc528b9f..09e7bf4d7c 100644 --- a/phpBB/includes/ucp/ucp_pm_viewfolder.php +++ b/phpBB/includes/ucp/ucp_pm_viewfolder.php @@ -39,7 +39,7 @@ function view_folder($id, $mode, $folder_id, $folder) // Grab icons $icons = $cache->obtain_icons(); - $color_rows = array('marked', 'replied'); + $color_rows = array('message_reported', 'marked', 'replied'); $_module = new p_master(); $_module->list_modules('ucp'); @@ -138,9 +138,9 @@ function view_folder($id, $mode, $folder_id, $folder) $row_indicator = ''; foreach ($color_rows as $var) { - if (($var != 'friend' && $var != 'foe' && $row['pm_' . $var]) + if (($var !== 'friend' && $var !== 'foe' && $row[($var === 'message_reported') ? $var : "pm_{$var}"]) || - (($var == 'friend' || $var == 'foe') && isset(${$var}[$row['author_id']]) && ${$var}[$row['author_id']])) + (($var === 'friend' || $var === 'foe') && isset(${$var}[$row['author_id']]) && ${$var}[$row['author_id']])) { $row_indicator = $var; break; diff --git a/phpBB/includes/ucp/ucp_pm_viewmessage.php b/phpBB/includes/ucp/ucp_pm_viewmessage.php index 5d7e32c8f3..7c0091ef47 100644 --- a/phpBB/includes/ucp/ucp_pm_viewmessage.php +++ b/phpBB/includes/ucp/ucp_pm_viewmessage.php @@ -296,7 +296,9 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) * @var array cp_row Array with senders custom profile field data * @var array msg_data Template array with message data * @var array user_info User data of the sender + * @var array attachments Attachments data * @since 3.2.2-RC1 + * @changed 3.2.5-RC1 Added attachments */ $vars = array( 'id', @@ -308,6 +310,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) 'cp_row', 'msg_data', 'user_info', + 'attachments', ); extract($phpbb_dispatcher->trigger_event('core.ucp_pm_view_message', compact($vars))); diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php index a36bf619f8..36ab3d0463 100644 --- a/phpBB/includes/ucp/ucp_profile.php +++ b/phpBB/includes/ucp/ucp_profile.php @@ -133,7 +133,6 @@ class ucp_profile 'user_email' => ($auth->acl_get('u_chgemail')) ? $data['email'] : $user->data['user_email'], 'user_email_hash' => ($auth->acl_get('u_chgemail')) ? phpbb_email_hash($data['email']) : $user->data['user_email_hash'], 'user_password' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? $passwords_manager->hash($data['new_password']) : $user->data['user_password'], - 'user_passchg' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? time() : 0, ); if ($auth->acl_get('u_chgname') && $config['allow_namechange'] && $data['username'] != $user->data['username']) @@ -147,6 +146,8 @@ class ucp_profile if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && !$passwords_manager->check($data['new_password'], $user->data['user_password'])) { + $sql_ary['user_passchg'] = time(); + $user->reset_login_keys(); $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_NEW_PASSWORD', false, array( 'reportee_id' => $user->data['user_id'], @@ -469,8 +470,15 @@ class ucp_profile trigger_error('NO_AUTH_SIGNATURE'); } - include($phpbb_root_path . 'includes/functions_posting.' . $phpEx); - include($phpbb_root_path . 'includes/functions_display.' . $phpEx); + if (!function_exists('generate_smilies')) + { + include($phpbb_root_path . 'includes/functions_posting.' . $phpEx); + } + + if (!function_exists('display_custom_bbcodes')) + { + include($phpbb_root_path . 'includes/functions_display.' . $phpEx); + } $preview = $request->is_set_post('preview'); |