aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes')
-rw-r--r--phpBB/includes/acp/acp_database.php12
-rw-r--r--phpBB/includes/acp/acp_styles.php6
-rw-r--r--phpBB/includes/acp/acp_users.php8
-rw-r--r--phpBB/includes/auth/auth_ldap.php6
-rw-r--r--phpBB/includes/db/dbal.php12
-rw-r--r--phpBB/includes/db/mssql.php8
-rw-r--r--phpBB/includes/db/mssql_odbc.php8
-rw-r--r--phpBB/includes/db/mssqlnative.php8
-rw-r--r--phpBB/includes/functions.php13
-rw-r--r--phpBB/includes/functions_admin.php3
-rw-r--r--phpBB/includes/functions_install.php2
-rw-r--r--phpBB/includes/functions_upload.php33
-rw-r--r--phpBB/includes/session.php11
13 files changed, 111 insertions, 19 deletions
diff --git a/phpBB/includes/acp/acp_database.php b/phpBB/includes/acp/acp_database.php
index 62bcd43a47..758cd10434 100644
--- a/phpBB/includes/acp/acp_database.php
+++ b/phpBB/includes/acp/acp_database.php
@@ -21,6 +21,7 @@ if (!defined('IN_PHPBB'))
*/
class acp_database
{
+ var $db_tools;
var $u_action;
function main($id, $mode)
@@ -28,6 +29,12 @@ class acp_database
global $cache, $db, $user, $auth, $template, $table_prefix;
global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
+ if (!class_exists('phpbb_db_tools'))
+ {
+ require($phpbb_root_path . 'includes/db/db_tools.' . $phpEx);
+ }
+ $this->db_tools = new phpbb_db_tools($db);
+
$user->add_lang('acp/database');
$this->tpl_name = 'acp_database';
@@ -50,7 +57,7 @@ class acp_database
{
case 'download':
$type = request_var('type', '');
- $table = request_var('table', array(''));
+ $table = array_intersect($this->db_tools->sql_list_tables(), request_var('table', array('')));
$format = request_var('method', '');
$where = request_var('where', '');
@@ -173,8 +180,7 @@ class acp_database
break;
default:
- include($phpbb_root_path . 'includes/functions_install.' . $phpEx);
- $tables = get_tables($db);
+ $tables = $this->db_tools->sql_list_tables();
asort($tables);
foreach ($tables as $table_name)
{
diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php
index d7b0484af8..47cd02bca7 100644
--- a/phpBB/includes/acp/acp_styles.php
+++ b/phpBB/includes/acp/acp_styles.php
@@ -667,7 +667,9 @@ inherit_from = {INHERIT_FROM}
if ($name && !in_array($name, $installed))
{
- $new_ary[] = array(
+ // The array key is used for sorting later on.
+ // $file is appended because $name doesn't have to be unique.
+ $new_ary[$name . $file] = array(
'path' => $file,
'name' => $name,
'copyright' => $items['copyright'],
@@ -683,6 +685,8 @@ inherit_from = {INHERIT_FROM}
if (sizeof($new_ary))
{
+ ksort($new_ary);
+
foreach ($new_ary as $cfg)
{
$template->assign_block_vars('uninstalled', array(
diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php
index 363c900edc..70e08f79f2 100644
--- a/phpBB/includes/acp/acp_users.php
+++ b/phpBB/includes/acp/acp_users.php
@@ -1009,6 +1009,13 @@ class acp_users
$user_row['posts_in_queue'] = (int) $db->sql_fetchfield('posts_in_queue');
$db->sql_freeresult($result);
+ $sql = 'SELECT post_id
+ FROM ' . POSTS_TABLE . '
+ WHERE poster_id = '. $user_id;
+ $result = $db->sql_query_limit($sql, 1);
+ $user_row['user_has_posts'] = (bool) $db->sql_fetchfield('post_id');
+ $db->sql_freeresult($result);
+
$template->assign_vars(array(
'L_NAME_CHARS_EXPLAIN' => sprintf($user->lang[$config['allow_name_chars'] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']),
'L_CHANGE_PASSWORD_EXPLAIN' => sprintf($user->lang[$config['pass_complex'] . '_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']),
@@ -1036,6 +1043,7 @@ class acp_users
'USER_EMAIL' => $user_row['user_email'],
'USER_WARNINGS' => $user_row['user_warnings'],
'USER_POSTS' => $user_row['user_posts'],
+ 'USER_HAS_POSTS' => $user_row['user_has_posts'],
'USER_INACTIVE_REASON' => $inactive_reason,
));
diff --git a/phpBB/includes/auth/auth_ldap.php b/phpBB/includes/auth/auth_ldap.php
index 5dfa74ddab..eebf147d48 100644
--- a/phpBB/includes/auth/auth_ldap.php
+++ b/phpBB/includes/auth/auth_ldap.php
@@ -156,7 +156,11 @@ function login_ldap(&$username, &$password)
{
if (!@ldap_bind($ldap, htmlspecialchars_decode($config['ldap_user']), htmlspecialchars_decode($config['ldap_password'])))
{
- return $user->lang['LDAP_NO_SERVER_CONNECTION'];
+ return array(
+ 'status' => LOGIN_ERROR_EXTERNAL_AUTH,
+ 'error_msg' => 'LDAP_NO_SERVER_CONNECTION',
+ 'user_row' => array('user_id' => ANONYMOUS),
+ );
}
}
diff --git a/phpBB/includes/db/dbal.php b/phpBB/includes/db/dbal.php
index 358df50402..9cc337955b 100644
--- a/phpBB/includes/db/dbal.php
+++ b/phpBB/includes/db/dbal.php
@@ -501,6 +501,18 @@ class dbal
}
/**
+ * Run LOWER() on DB column of type text (i.e. neither varchar nor char).
+ *
+ * @param string $column_name The column name to use
+ *
+ * @return string A SQL statement like "LOWER($column_name)"
+ */
+ function sql_lower_text($column_name)
+ {
+ return "LOWER($column_name)";
+ }
+
+ /**
* Run more than one insert statement.
*
* @param string $table table name to run the statements on
diff --git a/phpBB/includes/db/mssql.php b/phpBB/includes/db/mssql.php
index 6899a73902..b7178593dc 100644
--- a/phpBB/includes/db/mssql.php
+++ b/phpBB/includes/db/mssql.php
@@ -333,6 +333,14 @@ class dbal_mssql extends dbal
}
/**
+ * {@inheritDoc}
+ */
+ function sql_lower_text($column_name)
+ {
+ return "LOWER(SUBSTRING($column_name, 1, DATALENGTH($column_name)))";
+ }
+
+ /**
* Build LIKE expression
* @access private
*/
diff --git a/phpBB/includes/db/mssql_odbc.php b/phpBB/includes/db/mssql_odbc.php
index 34f7a87337..2ecc42cadf 100644
--- a/phpBB/includes/db/mssql_odbc.php
+++ b/phpBB/includes/db/mssql_odbc.php
@@ -311,6 +311,14 @@ class dbal_mssql_odbc extends dbal
}
/**
+ * {@inheritDoc}
+ */
+ function sql_lower_text($column_name)
+ {
+ return "LOWER(SUBSTRING($column_name, 1, DATALENGTH($column_name)))";
+ }
+
+ /**
* Build LIKE expression
* @access private
*/
diff --git a/phpBB/includes/db/mssqlnative.php b/phpBB/includes/db/mssqlnative.php
index 92ac9b1fb9..c91cc188b0 100644
--- a/phpBB/includes/db/mssqlnative.php
+++ b/phpBB/includes/db/mssqlnative.php
@@ -493,6 +493,14 @@ class dbal_mssqlnative extends dbal
}
/**
+ * {@inheritDoc}
+ */
+ function sql_lower_text($column_name)
+ {
+ return "LOWER(SUBSTRING($column_name, 1, DATALENGTH($column_name)))";
+ }
+
+ /**
* Build LIKE expression
* @access private
*/
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index ce80dc4a66..5914831539 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -1918,14 +1918,17 @@ function update_forum_tracking_info($forum_id, $forum_last_post_time, $f_mark_ti
}
else
{
- $sql = 'SELECT t.forum_id FROM ' . TOPICS_TABLE . ' t
- LEFT JOIN ' . TOPICS_TRACK_TABLE . ' tt ON (tt.topic_id = t.topic_id AND tt.user_id = ' . $user->data['user_id'] . ')
+ $sql = 'SELECT t.forum_id
+ FROM ' . TOPICS_TABLE . ' t
+ LEFT JOIN ' . TOPICS_TRACK_TABLE . ' tt
+ ON (tt.topic_id = t.topic_id
+ AND tt.user_id = ' . $user->data['user_id'] . ')
WHERE t.forum_id = ' . $forum_id . '
AND t.topic_last_post_time > ' . $mark_time_forum . '
AND t.topic_moved_id = 0 ' .
$sql_update_unapproved . '
- AND (tt.topic_id IS NULL OR tt.mark_time < t.topic_last_post_time)
- GROUP BY t.forum_id';
+ AND (tt.topic_id IS NULL
+ OR tt.mark_time < t.topic_last_post_time)';
$result = $db->sql_query_limit($sql, 1);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
@@ -3453,7 +3456,7 @@ function get_preg_expression($mode)
case 'email':
// Regex written by James Watts and Francisco Jose Martin Moreno
// http://fightingforalostcause.net/misc/2006/compare-email-regex.php
- return '([\w\!\#$\%\&\'\*\+\-\/\=\?\^\`{\|\}\~]+\.)*(?:[\w\!\#$\%\'\*\+\-\/\=\?\^\`{\|\}\~]|&amp;)+@((((([a-z0-9]{1}[a-z0-9\-]{0,62}[a-z0-9]{1})|[a-z])\.)+[a-z]{2,6})|(\d{1,3}\.){3}\d{1,3}(\:\d{1,5})?)';
+ return '([\w\!\#$\%\&\'\*\+\-\/\=\?\^\`{\|\}\~]+\.)*(?:[\w\!\#$\%\'\*\+\-\/\=\?\^\`{\|\}\~]|&amp;)+@((((([a-z0-9]{1}[a-z0-9\-]{0,62}[a-z0-9]{1})|[a-z])\.)+[a-z]{2,63})|(\d{1,3}\.){3}\d{1,3}(\:\d{1,5})?)';
break;
case 'bbcode_htm':
diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php
index 0e1a11b4aa..204fa9a43d 100644
--- a/phpBB/includes/functions_admin.php
+++ b/phpBB/includes/functions_admin.php
@@ -2557,7 +2557,8 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id
{
$sql_keywords .= $db->sql_in_set('l.log_operation', $operations) . ' OR ';
}
- $sql_keywords .= 'LOWER(l.log_data) ' . implode(' OR LOWER(l.log_data) ', $keywords) . ')';
+ $sql_lower = $db->sql_lower_text('l.log_data');
+ $sql_keywords .= "$sql_lower " . implode(" OR $sql_lower ", $keywords) . ')';
}
if ($log_count !== false)
diff --git a/phpBB/includes/functions_install.php b/phpBB/includes/functions_install.php
index 633b2755f0..9e9c48ff58 100644
--- a/phpBB/includes/functions_install.php
+++ b/phpBB/includes/functions_install.php
@@ -559,8 +559,6 @@ function phpbb_create_config_file_data($data, $dbms, $load_extensions, $debug =
$config_data .= "// @define('DEBUG_EXTRA', true);\n";
}
- $config_data .= '?' . '>'; // Done this to prevent highlighting editors getting confused!
-
return $config_data;
}
diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php
index d5bbd80242..73ac1df2d2 100644
--- a/phpBB/includes/functions_upload.php
+++ b/phpBB/includes/functions_upload.php
@@ -751,6 +751,31 @@ class fileupload
$filename = $url['path'];
$filesize = 0;
+ $remote_max_filesize = $this->max_filesize;
+ if (!$remote_max_filesize)
+ {
+ $max_filesize = @ini_get('upload_max_filesize');
+
+ if (!empty($max_filesize))
+ {
+ $unit = strtolower(substr($max_filesize, -1, 1));
+ $remote_max_filesize = (int) $max_filesize;
+
+ switch ($unit)
+ {
+ case 'g':
+ $remote_max_filesize *= 1024;
+ // no break
+ case 'm':
+ $remote_max_filesize *= 1024;
+ // no break
+ case 'k':
+ $remote_max_filesize *= 1024;
+ // no break
+ }
+ }
+ }
+
$errno = 0;
$errstr = '';
@@ -779,9 +804,9 @@ class fileupload
$block = @fread($fsock, 1024);
$filesize += strlen($block);
- if ($this->max_filesize && $filesize > $this->max_filesize)
+ if ($remote_max_filesize && $filesize > $remote_max_filesize)
{
- $max_filesize = get_formatted_filesize($this->max_filesize, false);
+ $max_filesize = get_formatted_filesize($remote_max_filesize, false);
$file = new fileerror(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit']));
return $file;
@@ -807,9 +832,9 @@ class fileupload
{
$length = (int) str_replace('content-length: ', '', strtolower($line));
- if ($length && $length > $this->max_filesize)
+ if ($remote_max_filesize && $length && $length > $remote_max_filesize)
{
- $max_filesize = get_formatted_filesize($this->max_filesize, false);
+ $max_filesize = get_formatted_filesize($remote_max_filesize, false);
$file = new fileerror(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit']));
return $file;
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php
index a894242a39..496c12a0d1 100644
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@@ -322,8 +322,15 @@ class session
}
}
- // Is session_id is set or session_id is set and matches the url param if required
- if (!empty($this->session_id) && (!defined('NEED_SID') || (isset($_GET['sid']) && $this->session_id === $_GET['sid'])))
+ // if no session id is set, redirect to index.php
+ if (defined('NEED_SID') && (!isset($_GET['sid']) || $this->session_id !== $_GET['sid']))
+ {
+ send_status_line(401, 'Not authorized');
+ redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
+ }
+
+ // if session id is set
+ if (!empty($this->session_id))
{
$sql = 'SELECT u.*, s.*
FROM ' . SESSIONS_TABLE . ' s, ' . USERS_TABLE . " u
generated by cgit v1.2.1 (git 2.21.0) at 2025-10-31 21:25:44 +0000