diff options
Diffstat (limited to 'phpBB/phpbb')
53 files changed, 1418 insertions, 582 deletions
diff --git a/phpBB/phpbb/auth/auth.php b/phpBB/phpbb/auth/auth.php index 38755ccf99..b59f0e60ec 100644 --- a/phpBB/phpbb/auth/auth.php +++ b/phpBB/phpbb/auth/auth.php @@ -927,11 +927,11 @@ class auth */ function login($username, $password, $autologin = false, $viewonline = 1, $admin = 0) { - global $config, $db, $user, $phpbb_root_path, $phpEx, $phpbb_container; + global $db, $user, $phpbb_root_path, $phpEx, $phpbb_container; - $method = trim(basename($config['auth_method'])); + $provider_collection = $phpbb_container->get('auth.provider_collection'); - $provider = $phpbb_container->get('auth.provider.' . $method); + $provider = $provider_collection->get_provider(); if ($provider) { $login = $provider->login($username, $password); diff --git a/phpBB/phpbb/auth/provider/apache.php b/phpBB/phpbb/auth/provider/apache.php index 9137a77210..aa5bf64335 100644 --- a/phpBB/phpbb/auth/provider/apache.php +++ b/phpBB/phpbb/auth/provider/apache.php @@ -137,7 +137,7 @@ class apache extends \phpbb\auth\provider\base return array( 'status' => LOGIN_SUCCESS_CREATE_PROFILE, 'error_msg' => false, - 'user_row' => user_row_apache($php_auth_user, $php_auth_pw), + 'user_row' => $this->user_row($php_auth_user, $php_auth_pw), ); } @@ -185,7 +185,7 @@ class apache extends \phpbb\auth\provider\base } // create the user if he does not exist yet - user_add(user_row_apache($php_auth_user, $php_auth_pw)); + user_add($this->user_row($php_auth_user, $php_auth_pw)); $sql = 'SELECT * FROM ' . USERS_TABLE . " diff --git a/phpBB/phpbb/auth/provider/db.php b/phpBB/phpbb/auth/provider/db.php index 722eeffa9a..d8c5fb72de 100644 --- a/phpBB/phpbb/auth/provider/db.php +++ b/phpBB/phpbb/auth/provider/db.php @@ -87,7 +87,7 @@ class db extends \phpbb\auth\provider\base $username_clean = utf8_clean_string($username); - $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type, user_login_attempts + $sql = 'SELECT * FROM ' . USERS_TABLE . " WHERE username_clean = '" . $this->db->sql_escape($username_clean) . "'"; $result = $this->db->sql_query($sql); @@ -123,7 +123,7 @@ class db extends \phpbb\auth\provider\base 'username_clean' => $username_clean, ); $sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $this->db->sql_build_array('INSERT', $attempt_data); - $result = $this->db->sql_query($sql); + $this->db->sql_query($sql); } else { @@ -175,7 +175,7 @@ class db extends \phpbb\auth\provider\base } // Check password ... - if ($this->passwords_manager->check($password, $row['user_password'])) + if ($this->passwords_manager->check($password, $row['user_password'], $row)) { // Check for old password hash... if ($this->passwords_manager->convert_flag || strlen($row['user_password']) == 32) @@ -232,7 +232,7 @@ class db extends \phpbb\auth\provider\base // Give status about wrong password... return array( 'status' => ($show_captcha) ? LOGIN_ERROR_ATTEMPTS : LOGIN_ERROR_PASSWORD, - 'error_msg' => ($show_captcha) ? 'LOGIN_ERROR_ATTEMPTS' : 'LOGIN_ERROR_PASSWORD', + 'error_msg' => 'LOGIN_ERROR_PASSWORD', 'user_row' => $row, ); } diff --git a/phpBB/phpbb/auth/provider_collection.php b/phpBB/phpbb/auth/provider_collection.php index a74a2135dc..8e7e9e2cc1 100644 --- a/phpBB/phpbb/auth/provider_collection.php +++ b/phpBB/phpbb/auth/provider_collection.php @@ -38,6 +38,7 @@ class provider_collection extends \phpbb\di\service_collection /** * Get an auth provider. * + * @param string $provider_name The name of the auth provider * @return object Default auth provider selected in config if it * does exist. Otherwise the standard db auth * provider. @@ -46,11 +47,12 @@ class provider_collection extends \phpbb\di\service_collection * auth provider exist. The db auth provider * should always exist in a phpBB installation. */ - public function get_provider() + public function get_provider($provider_name = '') { - if ($this->offsetExists('auth.provider.' . basename(trim($this->config['auth_method'])))) + $provider_name = ($provider_name !== '') ? $provider_name : basename(trim($this->config['auth_method'])); + if ($this->offsetExists('auth.provider.' . $provider_name)) { - return $this->offsetGet('auth.provider.' . basename(trim($this->config['auth_method']))); + return $this->offsetGet('auth.provider.' . $provider_name); } // Revert to db auth provider if selected method does not exist else if ($this->offsetExists('auth.provider.db')) diff --git a/phpBB/phpbb/avatar/manager.php b/phpBB/phpbb/avatar/manager.php index 42ae61a9a2..8d83152ed6 100644 --- a/phpBB/phpbb/avatar/manager.php +++ b/phpBB/phpbb/avatar/manager.php @@ -326,17 +326,41 @@ class manager $driver->delete($avatar_data); } - $result = self::$default_row; + $result = $this->prefix_avatar_columns($prefix, self::$default_row); - foreach ($result as $key => $value) + $sql = 'UPDATE ' . $table . ' + SET ' . $db->sql_build_array('UPDATE', $result) . ' + WHERE ' . $prefix . 'id = ' . (int) $avatar_data['id']; + $db->sql_query($sql); + + // Make sure we also delete this avatar from the users + if ($prefix === 'group_') { - $result[$prefix . $key] = $value; - unset($result[$key]); + $result = $this->prefix_avatar_columns('user_', self::$default_row); + + $sql = 'UPDATE ' . USERS_TABLE . ' + SET ' . $db->sql_build_array('UPDATE', $result) . " + WHERE user_avatar = '" . $db->sql_escape($avatar_data['avatar']) . "'"; + $db->sql_query($sql); } + } - $sql = 'UPDATE ' . $table . ' - SET ' . $db->sql_build_array('UPDATE', $result) . ' - WHERE ' . $prefix . 'id = ' . (int) $avatar_data['id']; - $db->sql_query($sql); + /** + * Prefix avatar columns + * + * @param string $prefix Column prefix + * @param array $data Column data + * + * @return array Column data with prefixed column names + */ + public function prefix_avatar_columns($prefix, $data) + { + foreach ($data as $key => $value) + { + $data[$prefix . $key] = $value; + unset($data[$key]); + } + + return $data; } } diff --git a/phpBB/phpbb/cache/driver/base.php b/phpBB/phpbb/cache/driver/base.php index 4c20ad916d..c83b928a12 100644 --- a/phpBB/phpbb/cache/driver/base.php +++ b/phpBB/phpbb/cache/driver/base.php @@ -50,6 +50,7 @@ abstract class base implements \phpbb\cache\driver\driver_interface } else if (strpos($filename, 'container_') === 0 || strpos($filename, 'url_matcher') === 0 || + strpos($filename, 'url_generator') === 0 || strpos($filename, 'sql_') === 0 || strpos($filename, 'data_') === 0) { @@ -90,14 +91,14 @@ abstract class base implements \phpbb\cache\driver\driver_interface { // Remove extra spaces and tabs $query = preg_replace('/[\n\r\s\t]+/', ' ', $query); + $query_id = md5($query); - if (($rowset = $this->_read('sql_' . md5($query))) === false) + if (($result = $this->_read('sql_' . $query_id)) === false) { return false; } - $query_id = sizeof($this->sql_rowset); - $this->sql_rowset[$query_id] = $rowset; + $this->sql_rowset[$query_id] = $result; $this->sql_row_pointer[$query_id] = 0; return $query_id; diff --git a/phpBB/phpbb/cache/driver/file.php b/phpBB/phpbb/cache/driver/file.php index fd5bce4515..114959c06c 100644 --- a/phpBB/phpbb/cache/driver/file.php +++ b/phpBB/phpbb/cache/driver/file.php @@ -27,8 +27,14 @@ class file extends \phpbb\cache\driver\base */ function __construct($cache_dir = null) { - global $phpbb_root_path; - $this->cache_dir = !is_null($cache_dir) ? $cache_dir : $phpbb_root_path . 'cache/'; + global $phpbb_root_path, $phpbb_container; + + $this->cache_dir = !is_null($cache_dir) ? $cache_dir : $phpbb_root_path . 'cache/' . $phpbb_container->getParameter('core.environment') . '/'; + + if (!is_dir($this->cache_dir)) + { + @mkdir($this->cache_dir, 0777, true); + } } /** @@ -305,7 +311,7 @@ class file extends \phpbb\cache\driver\base // Remove extra spaces and tabs $query = preg_replace('/[\n\r\s\t]+/', ' ', $query); - $query_id = sizeof($this->sql_rowset); + $query_id = md5($query); $this->sql_rowset[$query_id] = array(); $this->sql_row_pointer[$query_id] = 0; @@ -315,7 +321,7 @@ class file extends \phpbb\cache\driver\base } $db->sql_freeresult($query_result); - if ($this->_write('sql_' . md5($query), $this->sql_rowset[$query_id], $ttl + time(), $query)) + if ($this->_write('sql_' . $query_id, $this->sql_rowset[$query_id], $ttl + time(), $query)) { return $query_id; } diff --git a/phpBB/phpbb/cache/driver/memory.php b/phpBB/phpbb/cache/driver/memory.php index 0b0e323e3d..0cef9c3483 100644 --- a/phpBB/phpbb/cache/driver/memory.php +++ b/phpBB/phpbb/cache/driver/memory.php @@ -203,7 +203,7 @@ abstract class memory extends \phpbb\cache\driver\base { // Remove extra spaces and tabs $query = preg_replace('/[\n\r\s\t]+/', ' ', $query); - $hash = md5($query); + $query_id = md5($query); // determine which tables this query belongs to // Some queries use backticks, namely the get_database_size() query @@ -244,14 +244,13 @@ abstract class memory extends \phpbb\cache\driver\base $temp = array(); } - $temp[$hash] = true; + $temp[$query_id] = true; // This must never expire $this->_write('sql_' . $table_name, $temp, 0); } // store them in the right place - $query_id = sizeof($this->sql_rowset); $this->sql_rowset[$query_id] = array(); $this->sql_row_pointer[$query_id] = 0; @@ -261,7 +260,7 @@ abstract class memory extends \phpbb\cache\driver\base } $db->sql_freeresult($query_result); - $this->_write('sql_' . $hash, $this->sql_rowset[$query_id], $ttl); + $this->_write('sql_' . $query_id, $this->sql_rowset[$query_id], $ttl); return $query_id; } diff --git a/phpBB/phpbb/captcha/plugins/recaptcha.php b/phpBB/phpbb/captcha/plugins/recaptcha.php index ea446d7bc3..584f3afec1 100644 --- a/phpBB/phpbb/captcha/plugins/recaptcha.php +++ b/phpBB/phpbb/captcha/plugins/recaptcha.php @@ -26,8 +26,10 @@ class recaptcha extends captcha_abstract var $challenge; var $response; - // PHP4 Constructor - function phpbb_recaptcha() + /** + * Constructor + */ + public function __construct() { global $request; $this->recaptcha_server = $request->is_secure() ? $this->recaptcha_server_secure : $this->recaptcha_server; diff --git a/phpBB/phpbb/controller/helper.php b/phpBB/phpbb/controller/helper.php index 187e455d48..2bc8e6b9d0 100644 --- a/phpBB/phpbb/controller/helper.php +++ b/phpBB/phpbb/controller/helper.php @@ -14,7 +14,6 @@ namespace phpbb\controller; use Symfony\Component\HttpFoundation\Response; -use Symfony\Component\Routing\Generator\UrlGenerator; use Symfony\Component\Routing\Generator\UrlGeneratorInterface; use Symfony\Component\Routing\RequestContext; @@ -41,9 +40,18 @@ class helper */ protected $config; + /** + * phpBB router + * @var \phpbb\routing\router + */ + protected $router; + /* @var \phpbb\symfony_request */ protected $symfony_request; + /* @var \phpbb\request\request_interface */ + protected $request; + /** * @var \phpbb\filesystem The filesystem object */ @@ -67,24 +75,24 @@ class helper * @param \phpbb\template\template $template Template object * @param \phpbb\user $user User object * @param \phpbb\config\config $config Config object - * @param \phpbb\controller\provider $provider Path provider - * @param \phpbb\extension\manager $manager Extension manager object + * @param \phpbb\routing\router $router phpBB router * @param \phpbb\symfony_request $symfony_request Symfony Request object + * @param \phpbb\request\request_interface $request phpBB request object * @param \phpbb\filesystem $filesystem The filesystem object * @param string $phpbb_root_path phpBB root path * @param string $php_ext PHP file extension */ - public function __construct(\phpbb\template\template $template, \phpbb\user $user, \phpbb\config\config $config, \phpbb\controller\provider $provider, \phpbb\extension\manager $manager, \phpbb\symfony_request $symfony_request, \phpbb\filesystem $filesystem, $phpbb_root_path, $php_ext) + public function __construct(\phpbb\template\template $template, \phpbb\user $user, \phpbb\config\config $config, \phpbb\routing\router $router, \phpbb\symfony_request $symfony_request, \phpbb\request\request_interface $request, \phpbb\filesystem $filesystem, $phpbb_root_path, $php_ext) { $this->template = $template; $this->user = $user; $this->config = $config; + $this->router = $router; $this->symfony_request = $symfony_request; + $this->request = $request; $this->filesystem = $filesystem; $this->phpbb_root_path = $phpbb_root_path; $this->php_ext = $php_ext; - $provider->find_routing_files($manager->get_finder()); - $this->route_collection = $provider->find($phpbb_root_path)->get_routes(); } /** @@ -153,12 +161,12 @@ class helper } } - $base_url = $this->filesystem->clean_path($base_url); + $base_url = $this->request->escape($this->filesystem->clean_path($base_url), true); $context->setBaseUrl($base_url); - $url_generator = new UrlGenerator($this->route_collection, $context); - $route_url = $url_generator->generate($route, $params, $reference_type); + $this->router->setContext($context); + $route_url = $this->router->generate($route, $params, $reference_type); if ($is_amp) { @@ -197,6 +205,6 @@ class helper */ public function get_current_url() { - return generate_board_url(true) . $this->symfony_request->getRequestUri(); + return generate_board_url(true) . $this->request->escape($this->symfony_request->getRequestUri(), true); } } diff --git a/phpBB/phpbb/controller/provider.php b/phpBB/phpbb/controller/provider.php deleted file mode 100644 index 7e26848290..0000000000 --- a/phpBB/phpbb/controller/provider.php +++ /dev/null @@ -1,92 +0,0 @@ -<?php -/** -* -* This file is part of the phpBB Forum Software package. -* -* @copyright (c) phpBB Limited <https://www.phpbb.com> -* @license GNU General Public License, version 2 (GPL-2.0) -* -* For full copyright and license information, please see -* the docs/CREDITS.txt file. -* -*/ - -namespace phpbb\controller; - -use Symfony\Component\Routing\RouteCollection; -use Symfony\Component\Routing\Loader\YamlFileLoader; -use Symfony\Component\Config\FileLocator; - -/** -* Controller interface -*/ -class provider -{ - /** - * YAML file(s) containing route information - * @var array - */ - protected $routing_files; - - /** - * Collection of the routes in phpBB and all found extensions - * @var RouteCollection - */ - protected $routes; - - /** - * Construct method - * - * @param array $routing_files Array of strings containing paths - * to YAML files holding route information - */ - public function __construct($routing_files = array()) - { - $this->routing_files = $routing_files; - } - - /** - * Find the list of routing files - * - * @param \phpbb\finder $finder - * @return null - */ - public function find_routing_files(\phpbb\finder $finder) - { - // We hardcode the path to the core config directory - // because the finder cannot find it - $this->routing_files = array_merge($this->routing_files, array('config/routing.yml'), array_keys($finder - ->directory('/config') - ->suffix('routing.yml') - ->find() - )); - } - - /** - * Find a list of controllers - * - * @param string $base_path Base path to prepend to file paths - * @return provider - */ - public function find($base_path = '') - { - $this->routes = new RouteCollection; - foreach ($this->routing_files as $file_path) - { - $loader = new YamlFileLoader(new FileLocator(phpbb_realpath($base_path))); - $this->routes->addCollection($loader->load($file_path)); - } - - return $this; - } - - /** - * Get the list of routes - * - * @return RouteCollection Get the route collection - */ - public function get_routes() - { - return $this->routes; - } -} diff --git a/phpBB/phpbb/db/driver/driver.php b/phpBB/phpbb/db/driver/driver.php index 9fc04d47a1..8d360fc3e2 100644 --- a/phpBB/phpbb/db/driver/driver.php +++ b/phpBB/phpbb/db/driver/driver.php @@ -271,7 +271,7 @@ abstract class driver implements driver_interface $query_id = $this->query_result; } - if ($query_id !== false) + if ($query_id) { $result = array(); while ($row = $this->sql_fetchrow($query_id)) @@ -302,7 +302,7 @@ abstract class driver implements driver_interface return $cache->sql_rowseek($rownum, $query_id); } - if ($query_id === false) + if (!$query_id) { return false; } @@ -310,7 +310,7 @@ abstract class driver implements driver_interface $this->sql_freeresult($query_id); $query_id = $this->sql_query($this->last_query_text); - if ($query_id === false) + if (!$query_id) { return false; } @@ -339,7 +339,7 @@ abstract class driver implements driver_interface $query_id = $this->query_result; } - if ($query_id !== false) + if ($query_id) { if ($rownum !== false) { @@ -363,8 +363,8 @@ abstract class driver implements driver_interface */ function sql_like_expression($expression) { - $expression = utf8_str_replace(array('_', '%'), array("\_", "\%"), $expression); - $expression = utf8_str_replace(array(chr(0) . "\_", chr(0) . "\%"), array('_', '%'), $expression); + $expression = str_replace(array('_', '%'), array("\_", "\%"), $expression); + $expression = str_replace(array(chr(0) . "\_", chr(0) . "\%"), array('_', '%'), $expression); return $this->_sql_like_expression('LIKE \'' . $this->sql_escape($expression) . '\''); } @@ -374,8 +374,8 @@ abstract class driver implements driver_interface */ function sql_not_like_expression($expression) { - $expression = utf8_str_replace(array('_', '%'), array("\_", "\%"), $expression); - $expression = utf8_str_replace(array(chr(0) . "\_", chr(0) . "\%"), array('_', '%'), $expression); + $expression = str_replace(array('_', '%'), array("\_", "\%"), $expression); + $expression = str_replace(array(chr(0) . "\_", chr(0) . "\%"), array('_', '%'), $expression); return $this->_sql_not_like_expression('NOT LIKE \'' . $this->sql_escape($expression) . '\''); } diff --git a/phpBB/phpbb/db/driver/mssql.php b/phpBB/phpbb/db/driver/mssql.php index f9ea884ce2..dfdbfe15e6 100644 --- a/phpBB/phpbb/db/driver/mssql.php +++ b/phpBB/phpbb/db/driver/mssql.php @@ -71,8 +71,8 @@ class mssql extends \phpbb\db\driver\driver $row = false; if ($result_id) { - $row = @mssql_fetch_assoc($result_id); - @mssql_free_result($result_id); + $row = mssql_fetch_assoc($result_id); + mssql_free_result($result_id); } $this->sql_server_version = ($row) ? trim(implode(' ', $row)) : 0; @@ -161,12 +161,17 @@ class mssql extends \phpbb\db\driver\driver $this->sql_time += microtime(true) - $this->curtime; } + if (!$this->query_result) + { + return false; + } + if ($cache && $cache_ttl) { $this->open_queries[(int) $this->query_result] = $this->query_result; $this->query_result = $cache->sql_save($this, $query, $this->query_result, $cache_ttl); } - else if (strpos($query, 'SELECT') === 0 && $this->query_result) + else if (strpos($query, 'SELECT') === 0 && $this->query_result !== true) { $this->open_queries[(int) $this->query_result] = $this->query_result; } @@ -241,12 +246,12 @@ class mssql extends \phpbb\db\driver\driver return $cache->sql_fetchrow($query_id); } - if ($query_id === false) + if (!$query_id || $query_id === true) { return false; } - $row = @mssql_fetch_assoc($query_id); + $row = mssql_fetch_assoc($query_id); // I hope i am able to remove this later... hopefully only a PHP or MSSQL bug if ($row) @@ -272,12 +277,17 @@ class mssql extends \phpbb\db\driver\driver $query_id = $this->query_result; } + if ($query_id === true) + { + return false; + } + if ($cache && $cache->sql_exists($query_id)) { return $cache->sql_rowseek($rownum, $query_id); } - return ($query_id !== false) ? @mssql_data_seek($query_id, $rownum) : false; + return ($query_id) ? @mssql_data_seek($query_id, $rownum) : false; } /** @@ -288,12 +298,12 @@ class mssql extends \phpbb\db\driver\driver $result_id = @mssql_query('SELECT SCOPE_IDENTITY()', $this->db_connect_id); if ($result_id) { - if ($row = @mssql_fetch_assoc($result_id)) + if ($row = mssql_fetch_assoc($result_id)) { - @mssql_free_result($result_id); + mssql_free_result($result_id); return $row['computed']; } - @mssql_free_result($result_id); + mssql_free_result($result_id); } return false; @@ -311,6 +321,11 @@ class mssql extends \phpbb\db\driver\driver $query_id = $this->query_result; } + if ($query_id === true) + { + return false; + } + if ($cache && !is_object($query_id) && $cache->sql_exists($query_id)) { return $cache->sql_freeresult($query_id); @@ -319,7 +334,7 @@ class mssql extends \phpbb\db\driver\driver if (isset($this->open_queries[(int) $query_id])) { unset($this->open_queries[(int) $query_id]); - return @mssql_free_result($query_id); + return mssql_free_result($query_id); } return false; @@ -376,9 +391,9 @@ class mssql extends \phpbb\db\driver\driver $result_id = @mssql_query('SELECT @@ERROR as code', $this->db_connect_id); if ($result_id) { - $row = @mssql_fetch_assoc($result_id); + $row = mssql_fetch_assoc($result_id); $error['code'] = $row['code']; - @mssql_free_result($result_id); + mssql_free_result($result_id); } // Get full error message if possible @@ -389,12 +404,12 @@ class mssql extends \phpbb\db\driver\driver if ($result_id) { - $row = @mssql_fetch_assoc($result_id); + $row = mssql_fetch_assoc($result_id); if (!empty($row['message'])) { $error['message'] .= '<br />' . $row['message']; } - @mssql_free_result($result_id); + mssql_free_result($result_id); } } else @@ -440,13 +455,13 @@ class mssql extends \phpbb\db\driver\driver if ($result = @mssql_query($query, $this->db_connect_id)) { @mssql_next_result($result); - while ($row = @mssql_fetch_row($result)) + while ($row = mssql_fetch_row($result)) { $html_table = $this->sql_report('add_select_row', $query, $html_table, $row); } } @mssql_query('SET SHOWPLAN_TEXT OFF;', $this->db_connect_id); - @mssql_free_result($result); + mssql_free_result($result); if ($html_table) { @@ -459,11 +474,14 @@ class mssql extends \phpbb\db\driver\driver $endtime = $endtime[0] + $endtime[1]; $result = @mssql_query($query, $this->db_connect_id); - while ($void = @mssql_fetch_assoc($result)) + if ($result) { - // Take the time spent on parsing rows into account + while ($void = mssql_fetch_assoc($result)) + { + // Take the time spent on parsing rows into account + } + mssql_free_result($result); } - @mssql_free_result($result); $splittime = explode(' ', microtime()); $splittime = $splittime[0] + $splittime[1]; diff --git a/phpBB/phpbb/db/driver/mssql_odbc.php b/phpBB/phpbb/db/driver/mssql_odbc.php index 8e5d4c7a4c..9d9ad603e0 100644 --- a/phpBB/phpbb/db/driver/mssql_odbc.php +++ b/phpBB/phpbb/db/driver/mssql_odbc.php @@ -98,8 +98,8 @@ class mssql_odbc extends \phpbb\db\driver\mssql_base $row = false; if ($result_id) { - $row = @odbc_fetch_array($result_id); - @odbc_free_result($result_id); + $row = odbc_fetch_array($result_id); + odbc_free_result($result_id); } $this->sql_server_version = ($row) ? trim(implode(' ', $row)) : 0; @@ -181,12 +181,17 @@ class mssql_odbc extends \phpbb\db\driver\mssql_base $this->sql_time += microtime(true) - $this->curtime; } + if (!$this->query_result) + { + return false; + } + if ($cache && $cache_ttl) { $this->open_queries[(int) $this->query_result] = $this->query_result; $this->query_result = $cache->sql_save($this, $query, $this->query_result, $cache_ttl); } - else if (strpos($query, 'SELECT') === 0 && $this->query_result) + else if (strpos($query, 'SELECT') === 0) { $this->open_queries[(int) $this->query_result] = $this->query_result; } @@ -261,7 +266,7 @@ class mssql_odbc extends \phpbb\db\driver\mssql_base return $cache->sql_fetchrow($query_id); } - return ($query_id !== false) ? @odbc_fetch_array($query_id) : false; + return ($query_id) ? odbc_fetch_array($query_id) : false; } /** @@ -273,13 +278,13 @@ class mssql_odbc extends \phpbb\db\driver\mssql_base if ($result_id) { - if (@odbc_fetch_array($result_id)) + if (odbc_fetch_array($result_id)) { - $id = @odbc_result($result_id, 1); - @odbc_free_result($result_id); + $id = odbc_result($result_id, 1); + odbc_free_result($result_id); return $id; } - @odbc_free_result($result_id); + odbc_free_result($result_id); } return false; @@ -305,7 +310,7 @@ class mssql_odbc extends \phpbb\db\driver\mssql_base if (isset($this->open_queries[(int) $query_id])) { unset($this->open_queries[(int) $query_id]); - return @odbc_free_result($query_id); + return odbc_free_result($query_id); } return false; @@ -360,11 +365,14 @@ class mssql_odbc extends \phpbb\db\driver\mssql_base $endtime = $endtime[0] + $endtime[1]; $result = @odbc_exec($this->db_connect_id, $query); - while ($void = @odbc_fetch_array($result)) + if ($result) { - // Take the time spent on parsing rows into account + while ($void = odbc_fetch_array($result)) + { + // Take the time spent on parsing rows into account + } + odbc_free_result($result); } - @odbc_free_result($result); $splittime = explode(' ', microtime()); $splittime = $splittime[0] + $splittime[1]; diff --git a/phpBB/phpbb/db/driver/mssqlnative.php b/phpBB/phpbb/db/driver/mssqlnative.php index 46a9b3a477..50dce35baa 100644 --- a/phpBB/phpbb/db/driver/mssqlnative.php +++ b/phpBB/phpbb/db/driver/mssqlnative.php @@ -154,12 +154,17 @@ class mssqlnative extends \phpbb\db\driver\mssql_base $this->sql_time += microtime(true) - $this->curtime; } + if (!$this->query_result) + { + return false; + } + if ($cache && $cache_ttl) { $this->open_queries[(int) $this->query_result] = $this->query_result; $this->query_result = $cache->sql_save($this, $query, $this->query_result, $cache_ttl); } - else if (strpos($query, 'SELECT') === 0 && $this->query_result) + else if (strpos($query, 'SELECT') === 0) { $this->open_queries[(int) $this->query_result] = $this->query_result; } @@ -242,12 +247,12 @@ class mssqlnative extends \phpbb\db\driver\mssql_base return $cache->sql_fetchrow($query_id); } - if ($query_id === false) + if (!$query_id) { return false; } - $row = @sqlsrv_fetch_array($query_id, SQLSRV_FETCH_ASSOC); + $row = sqlsrv_fetch_array($query_id, SQLSRV_FETCH_ASSOC); if ($row) { @@ -272,11 +277,11 @@ class mssqlnative extends \phpbb\db\driver\mssql_base { $result_id = @sqlsrv_query($this->db_connect_id, 'SELECT @@IDENTITY'); - if ($result_id !== false) + if ($result_id) { - $row = @sqlsrv_fetch_array($result_id); + $row = sqlsrv_fetch_array($result_id); $id = $row[0]; - @sqlsrv_free_stmt($result_id); + sqlsrv_free_stmt($result_id); return $id; } else @@ -305,7 +310,7 @@ class mssqlnative extends \phpbb\db\driver\mssql_base if (isset($this->open_queries[(int) $query_id])) { unset($this->open_queries[(int) $query_id]); - return @sqlsrv_free_stmt($query_id); + return sqlsrv_free_stmt($query_id); } return false; @@ -378,14 +383,14 @@ class mssqlnative extends \phpbb\db\driver\mssql_base @sqlsrv_query($this->db_connect_id, 'SET SHOWPLAN_TEXT ON;'); if ($result = @sqlsrv_query($this->db_connect_id, $query)) { - @sqlsrv_next_result($result); - while ($row = @sqlsrv_fetch_array($result)) + sqlsrv_next_result($result); + while ($row = sqlsrv_fetch_array($result)) { $html_table = $this->sql_report('add_select_row', $query, $html_table, $row); } + sqlsrv_free_stmt($result); } @sqlsrv_query($this->db_connect_id, 'SET SHOWPLAN_TEXT OFF;'); - @sqlsrv_free_stmt($result); if ($html_table) { @@ -398,11 +403,14 @@ class mssqlnative extends \phpbb\db\driver\mssql_base $endtime = $endtime[0] + $endtime[1]; $result = @sqlsrv_query($this->db_connect_id, $query); - while ($void = @sqlsrv_fetch_array($result)) + if ($result) { - // Take the time spent on parsing rows into account + while ($void = sqlsrv_fetch_array($result)) + { + // Take the time spent on parsing rows into account + } + sqlsrv_free_stmt($result); } - @sqlsrv_free_stmt($result); $splittime = explode(' ', microtime()); $splittime = $splittime[0] + $splittime[1]; diff --git a/phpBB/phpbb/db/driver/mysql.php b/phpBB/phpbb/db/driver/mysql.php index e93c7239e8..a94e88b331 100644 --- a/phpBB/phpbb/db/driver/mysql.php +++ b/phpBB/phpbb/db/driver/mysql.php @@ -70,9 +70,16 @@ class mysql extends \phpbb\db\driver\mysql_base if (version_compare($this->sql_server_info(true), '5.0.2', '>=')) { $result = @mysql_query('SELECT @@session.sql_mode AS sql_mode', $this->db_connect_id); - $row = @mysql_fetch_assoc($result); - @mysql_free_result($result); - $modes = array_map('trim', explode(',', $row['sql_mode'])); + if ($result) + { + $row = mysql_fetch_assoc($result); + mysql_free_result($result); + $modes = array_map('trim', explode(',', $row['sql_mode'])); + } + else + { + $modes = array(); + } // TRADITIONAL includes STRICT_ALL_TABLES and STRICT_TRANS_TABLES if (!in_array('TRADITIONAL', $modes)) @@ -114,14 +121,17 @@ class mysql extends \phpbb\db\driver\mysql_base if (!$use_cache || empty($cache) || ($this->sql_server_version = $cache->get('mysql_version')) === false) { $result = @mysql_query('SELECT VERSION() AS version', $this->db_connect_id); - $row = @mysql_fetch_assoc($result); - @mysql_free_result($result); + if ($result) + { + $row = mysql_fetch_assoc($result); + mysql_free_result($result); - $this->sql_server_version = $row['version']; + $this->sql_server_version = $row['version']; - if (!empty($cache) && $use_cache) - { - $cache->put('mysql_version', $this->sql_server_version); + if (!empty($cache) && $use_cache) + { + $cache->put('mysql_version', $this->sql_server_version); + } } } @@ -190,12 +200,17 @@ class mysql extends \phpbb\db\driver\mysql_base $this->sql_time += microtime(true) - $this->curtime; } + if (!$this->query_result) + { + return false; + } + if ($cache && $cache_ttl) { $this->open_queries[(int) $this->query_result] = $this->query_result; $this->query_result = $cache->sql_save($this, $query, $this->query_result, $cache_ttl); } - else if (strpos($query, 'SELECT') === 0 && $this->query_result) + else if (strpos($query, 'SELECT') === 0) { $this->open_queries[(int) $this->query_result] = $this->query_result; } @@ -257,7 +272,7 @@ class mysql extends \phpbb\db\driver\mysql_base return $cache->sql_fetchrow($query_id); } - return ($query_id !== false) ? @mysql_fetch_assoc($query_id) : false; + return ($query_id) ? mysql_fetch_assoc($query_id) : false; } /** @@ -308,7 +323,7 @@ class mysql extends \phpbb\db\driver\mysql_base if (isset($this->open_queries[(int) $query_id])) { unset($this->open_queries[(int) $query_id]); - return @mysql_free_result($query_id); + return mysql_free_result($query_id); } return false; @@ -411,12 +426,12 @@ class mysql extends \phpbb\db\driver\mysql_base if ($result = @mysql_query("EXPLAIN $explain_query", $this->db_connect_id)) { - while ($row = @mysql_fetch_assoc($result)) + while ($row = mysql_fetch_assoc($result)) { $html_table = $this->sql_report('add_select_row', $query, $html_table, $row); } + mysql_free_result($result); } - @mysql_free_result($result); if ($html_table) { @@ -431,7 +446,7 @@ class mysql extends \phpbb\db\driver\mysql_base if ($result = @mysql_query('SHOW PROFILE ALL;', $this->db_connect_id)) { $this->html_hold .= '<br />'; - while ($row = @mysql_fetch_assoc($result)) + while ($row = mysql_fetch_assoc($result)) { // make <unknown> HTML safe if (!empty($row['Source_function'])) @@ -449,8 +464,8 @@ class mysql extends \phpbb\db\driver\mysql_base } $html_table = $this->sql_report('add_select_row', $query, $html_table, $row); } + mysql_free_result($result); } - @mysql_free_result($result); if ($html_table) { @@ -468,11 +483,14 @@ class mysql extends \phpbb\db\driver\mysql_base $endtime = $endtime[0] + $endtime[1]; $result = @mysql_query($query, $this->db_connect_id); - while ($void = @mysql_fetch_assoc($result)) + if ($result) { - // Take the time spent on parsing rows into account + while ($void = mysql_fetch_assoc($result)) + { + // Take the time spent on parsing rows into account + } + mysql_free_result($result); } - @mysql_free_result($result); $splittime = explode(' ', microtime()); $splittime = $splittime[0] + $splittime[1]; diff --git a/phpBB/phpbb/db/driver/mysqli.php b/phpBB/phpbb/db/driver/mysqli.php index 2ed08211ad..debc3cc523 100644 --- a/phpBB/phpbb/db/driver/mysqli.php +++ b/phpBB/phpbb/db/driver/mysqli.php @@ -75,9 +75,10 @@ class mysqli extends \phpbb\db\driver\mysql_base if (version_compare($this->sql_server_info(true), '5.0.2', '>=')) { $result = @mysqli_query($this->db_connect_id, 'SELECT @@session.sql_mode AS sql_mode'); - if ($result !== null) + if ($result) { - $row = @mysqli_fetch_assoc($result); + $row = mysqli_fetch_assoc($result); + mysqli_free_result($result); $modes = array_map('trim', explode(',', $row['sql_mode'])); } @@ -85,7 +86,6 @@ class mysqli extends \phpbb\db\driver\mysql_base { $modes = array(); } - @mysqli_free_result($result); // TRADITIONAL includes STRICT_ALL_TABLES and STRICT_TRANS_TABLES if (!in_array('TRADITIONAL', $modes)) @@ -120,9 +120,10 @@ class mysqli extends \phpbb\db\driver\mysql_base if (!$use_cache || empty($cache) || ($this->sql_server_version = $cache->get('mysqli_version')) === false) { $result = @mysqli_query($this->db_connect_id, 'SELECT VERSION() AS version'); - if ($result !== null) + if ($result) { - $row = @mysqli_fetch_assoc($result); + $row = mysqli_fetch_assoc($result); + mysqli_free_result($result); $this->sql_server_version = $row['version']; @@ -131,7 +132,6 @@ class mysqli extends \phpbb\db\driver\mysql_base $cache->put('mysqli_version', $this->sql_server_version); } } - @mysqli_free_result($result); } return ($raw) ? $this->sql_server_version : 'MySQL(i) ' . $this->sql_server_version; @@ -203,6 +203,11 @@ class mysqli extends \phpbb\db\driver\mysql_base $this->sql_time += microtime(true) - $this->curtime; } + if (!$this->query_result) + { + return false; + } + if ($cache && $cache_ttl) { $this->query_result = $cache->sql_save($this, $query, $this->query_result, $cache_ttl); @@ -246,9 +251,9 @@ class mysqli extends \phpbb\db\driver\mysql_base return $cache->sql_fetchrow($query_id); } - if ($query_id !== false && $query_id !== null) + if ($query_id) { - $result = @mysqli_fetch_assoc($query_id); + $result = mysqli_fetch_assoc($query_id); return $result !== null ? $result : false; } @@ -272,7 +277,7 @@ class mysqli extends \phpbb\db\driver\mysql_base return $cache->sql_rowseek($rownum, $query_id); } - return ($query_id !== false) ? @mysqli_data_seek($query_id, $rownum) : false; + return ($query_id) ? @mysqli_data_seek($query_id, $rownum) : false; } /** @@ -300,7 +305,17 @@ class mysqli extends \phpbb\db\driver\mysql_base return $cache->sql_freeresult($query_id); } - return @mysqli_free_result($query_id); + if (!$query_id) + { + return false; + } + + if ($query_id === true) + { + return true; + } + + return mysqli_free_result($query_id); } /** @@ -399,12 +414,12 @@ class mysqli extends \phpbb\db\driver\mysql_base if ($result = @mysqli_query($this->db_connect_id, "EXPLAIN $explain_query")) { - while ($row = @mysqli_fetch_assoc($result)) + while ($row = mysqli_fetch_assoc($result)) { $html_table = $this->sql_report('add_select_row', $query, $html_table, $row); } + mysqli_free_result($result); } - @mysqli_free_result($result); if ($html_table) { @@ -419,7 +434,7 @@ class mysqli extends \phpbb\db\driver\mysql_base if ($result = @mysqli_query($this->db_connect_id, 'SHOW PROFILE ALL;')) { $this->html_hold .= '<br />'; - while ($row = @mysqli_fetch_assoc($result)) + while ($row = mysqli_fetch_assoc($result)) { // make <unknown> HTML safe if (!empty($row['Source_function'])) @@ -437,8 +452,8 @@ class mysqli extends \phpbb\db\driver\mysql_base } $html_table = $this->sql_report('add_select_row', $query, $html_table, $row); } + mysqli_free_result($result); } - @mysqli_free_result($result); if ($html_table) { @@ -456,14 +471,14 @@ class mysqli extends \phpbb\db\driver\mysql_base $endtime = $endtime[0] + $endtime[1]; $result = @mysqli_query($this->db_connect_id, $query); - if ($result !== null) + if ($result) { - while ($void = @mysqli_fetch_assoc($result)) + while ($void = mysqli_fetch_assoc($result)) { // Take the time spent on parsing rows into account } + mysqli_free_result($result); } - @mysqli_free_result($result); $splittime = explode(' ', microtime()); $splittime = $splittime[0] + $splittime[1]; diff --git a/phpBB/phpbb/db/driver/oracle.php b/phpBB/phpbb/db/driver/oracle.php index 6dcab5dd7d..89e1b68aac 100644 --- a/phpBB/phpbb/db/driver/oracle.php +++ b/phpBB/phpbb/db/driver/oracle.php @@ -439,12 +439,17 @@ class oracle extends \phpbb\db\driver\driver $this->sql_time += microtime(true) - $this->curtime; } + if (!$this->query_result) + { + return false; + } + if ($cache && $cache_ttl) { $this->open_queries[(int) $this->query_result] = $this->query_result; $this->query_result = $cache->sql_save($this, $query, $this->query_result, $cache_ttl); } - else if (strpos($query, 'SELECT') === 0 && $this->query_result) + else if (strpos($query, 'SELECT') === 0) { $this->open_queries[(int) $this->query_result] = $this->query_result; } @@ -499,10 +504,10 @@ class oracle extends \phpbb\db\driver\driver return $cache->sql_fetchrow($query_id); } - if ($query_id !== false) + if ($query_id) { $row = array(); - $result = @ocifetchinto($query_id, $row, OCI_ASSOC + OCI_RETURN_NULLS); + $result = ocifetchinto($query_id, $row, OCI_ASSOC + OCI_RETURN_NULLS); if (!$result || !$row) { @@ -550,7 +555,7 @@ class oracle extends \phpbb\db\driver\driver return $cache->sql_rowseek($rownum, $query_id); } - if ($query_id === false) + if (!$query_id) { return false; } @@ -583,18 +588,24 @@ class oracle extends \phpbb\db\driver\driver { $query = 'SELECT ' . $tablename[1] . '_seq.currval FROM DUAL'; $stmt = @ociparse($this->db_connect_id, $query); - @ociexecute($stmt, OCI_DEFAULT); + if ($stmt) + { + $success = @ociexecute($stmt, OCI_DEFAULT); - $temp_result = @ocifetchinto($stmt, $temp_array, OCI_ASSOC + OCI_RETURN_NULLS); - @ocifreestatement($stmt); + if ($success) + { + $temp_result = ocifetchinto($stmt, $temp_array, OCI_ASSOC + OCI_RETURN_NULLS); + ocifreestatement($stmt); - if ($temp_result) - { - return $temp_array['CURRVAL']; - } - else - { - return false; + if ($temp_result) + { + return $temp_array['CURRVAL']; + } + else + { + return false; + } + } } } } @@ -622,7 +633,7 @@ class oracle extends \phpbb\db\driver\driver if (isset($this->open_queries[(int) $query_id])) { unset($this->open_queries[(int) $query_id]); - return @ocifreestatement($query_id); + return ocifreestatement($query_id); } return false; @@ -787,14 +798,20 @@ class oracle extends \phpbb\db\driver\driver $endtime = $endtime[0] + $endtime[1]; $result = @ociparse($this->db_connect_id, $query); - $success = @ociexecute($result, OCI_DEFAULT); - $row = array(); - - while (@ocifetchinto($result, $row, OCI_ASSOC + OCI_RETURN_NULLS)) + if ($result) { - // Take the time spent on parsing rows into account + $success = @ociexecute($result, OCI_DEFAULT); + if ($success) + { + $row = array(); + + while (ocifetchinto($result, $row, OCI_ASSOC + OCI_RETURN_NULLS)) + { + // Take the time spent on parsing rows into account + } + @ocifreestatement($result); + } } - @ocifreestatement($result); $splittime = explode(' ', microtime()); $splittime = $splittime[0] + $splittime[1]; diff --git a/phpBB/phpbb/db/driver/postgres.php b/phpBB/phpbb/db/driver/postgres.php index a3b9aa4c6b..44476612c3 100644 --- a/phpBB/phpbb/db/driver/postgres.php +++ b/phpBB/phpbb/db/driver/postgres.php @@ -123,14 +123,17 @@ class postgres extends \phpbb\db\driver\driver if (!$use_cache || empty($cache) || ($this->sql_server_version = $cache->get('pgsql_version')) === false) { $query_id = @pg_query($this->db_connect_id, 'SELECT VERSION() AS version'); - $row = @pg_fetch_assoc($query_id, null); - @pg_free_result($query_id); + if ($query_id) + { + $row = pg_fetch_assoc($query_id, null); + pg_free_result($query_id); - $this->sql_server_version = (!empty($row['version'])) ? trim(substr($row['version'], 10)) : 0; + $this->sql_server_version = (!empty($row['version'])) ? trim(substr($row['version'], 10)) : 0; - if (!empty($cache) && $use_cache) - { - $cache->put('pgsql_version', $this->sql_server_version); + if (!empty($cache) && $use_cache) + { + $cache->put('pgsql_version', $this->sql_server_version); + } } } @@ -200,12 +203,17 @@ class postgres extends \phpbb\db\driver\driver $this->sql_time += microtime(true) - $this->curtime; } + if (!$this->query_result) + { + return false; + } + if ($cache && $cache_ttl) { $this->open_queries[(int) $this->query_result] = $this->query_result; $this->query_result = $cache->sql_save($this, $query, $this->query_result, $cache_ttl); } - else if (strpos($query, 'SELECT') === 0 && $this->query_result) + else if (strpos($query, 'SELECT') === 0) { $this->open_queries[(int) $this->query_result] = $this->query_result; } @@ -275,7 +283,7 @@ class postgres extends \phpbb\db\driver\driver return $cache->sql_fetchrow($query_id); } - return ($query_id !== false) ? @pg_fetch_assoc($query_id, null) : false; + return ($query_id) ? pg_fetch_assoc($query_id, null) : false; } /** @@ -295,7 +303,7 @@ class postgres extends \phpbb\db\driver\driver return $cache->sql_rowseek($rownum, $query_id); } - return ($query_id !== false) ? @pg_result_seek($query_id, $rownum) : false; + return ($query_id) ? @pg_result_seek($query_id, $rownum) : false; } /** @@ -317,8 +325,8 @@ class postgres extends \phpbb\db\driver\driver return false; } - $temp_result = @pg_fetch_assoc($temp_q_id, null); - @pg_free_result($query_id); + $temp_result = pg_fetch_assoc($temp_q_id, null); + pg_free_result($query_id); return ($temp_result) ? $temp_result['last_value'] : false; } @@ -347,7 +355,7 @@ class postgres extends \phpbb\db\driver\driver if (isset($this->open_queries[(int) $query_id])) { unset($this->open_queries[(int) $query_id]); - return @pg_free_result($query_id); + return pg_free_result($query_id); } return false; @@ -453,12 +461,12 @@ class postgres extends \phpbb\db\driver\driver if ($result = @pg_query($this->db_connect_id, "EXPLAIN $explain_query")) { - while ($row = @pg_fetch_assoc($result, null)) + while ($row = pg_fetch_assoc($result, null)) { $html_table = $this->sql_report('add_select_row', $query, $html_table, $row); } + pg_free_result($result); } - @pg_free_result($result); if ($html_table) { @@ -473,11 +481,14 @@ class postgres extends \phpbb\db\driver\driver $endtime = $endtime[0] + $endtime[1]; $result = @pg_query($this->db_connect_id, $query); - while ($void = @pg_fetch_assoc($result, null)) + if ($result) { - // Take the time spent on parsing rows into account + while ($void = pg_fetch_assoc($result, null)) + { + // Take the time spent on parsing rows into account + } + pg_free_result($result); } - @pg_free_result($result); $splittime = explode(' ', microtime()); $splittime = $splittime[0] + $splittime[1]; diff --git a/phpBB/phpbb/db/driver/sqlite.php b/phpBB/phpbb/db/driver/sqlite.php index d5da0e2438..8e205ebb81 100644 --- a/phpBB/phpbb/db/driver/sqlite.php +++ b/phpBB/phpbb/db/driver/sqlite.php @@ -70,13 +70,16 @@ class sqlite extends \phpbb\db\driver\driver if (!$use_cache || empty($cache) || ($this->sql_server_version = $cache->get('sqlite_version')) === false) { $result = @sqlite_query('SELECT sqlite_version() AS version', $this->db_connect_id); - $row = @sqlite_fetch_array($result, SQLITE_ASSOC); + if ($result) + { + $row = sqlite_fetch_array($result, SQLITE_ASSOC); - $this->sql_server_version = (!empty($row['version'])) ? $row['version'] : 0; + $this->sql_server_version = (!empty($row['version'])) ? $row['version'] : 0; - if (!empty($cache) && $use_cache) - { - $cache->put('sqlite_version', $this->sql_server_version); + if (!empty($cache) && $use_cache) + { + $cache->put('sqlite_version', $this->sql_server_version); + } } } @@ -145,14 +148,14 @@ class sqlite extends \phpbb\db\driver\driver $this->sql_time += microtime(true) - $this->curtime; } - if ($cache && $cache_ttl) + if (!$this->query_result) { - $this->open_queries[(int) $this->query_result] = $this->query_result; - $this->query_result = $cache->sql_save($this, $query, $this->query_result, $cache_ttl); + return false; } - else if (strpos($query, 'SELECT') === 0 && $this->query_result) + + if ($cache && $cache_ttl) { - $this->open_queries[(int) $this->query_result] = $this->query_result; + $this->query_result = $cache->sql_save($this, $query, $this->query_result, $cache_ttl); } } else if (defined('DEBUG')) @@ -211,7 +214,7 @@ class sqlite extends \phpbb\db\driver\driver return $cache->sql_fetchrow($query_id); } - return ($query_id !== false) ? @sqlite_fetch_array($query_id, SQLITE_ASSOC) : false; + return ($query_id) ? sqlite_fetch_array($query_id, SQLITE_ASSOC) : false; } /** @@ -231,7 +234,7 @@ class sqlite extends \phpbb\db\driver\driver return $cache->sql_rowseek($rownum, $query_id); } - return ($query_id !== false) ? @sqlite_seek($query_id, $rownum) : false; + return ($query_id) ? @sqlite_seek($query_id, $rownum) : false; } /** @@ -362,9 +365,12 @@ class sqlite extends \phpbb\db\driver\driver $endtime = $endtime[0] + $endtime[1]; $result = @sqlite_query($query, $this->db_connect_id); - while ($void = @sqlite_fetch_array($result, SQLITE_ASSOC)) + if ($result) { - // Take the time spent on parsing rows into account + while ($void = sqlite_fetch_array($result, SQLITE_ASSOC)) + { + // Take the time spent on parsing rows into account + } } $splittime = explode(' ', microtime()); diff --git a/phpBB/phpbb/db/driver/sqlite3.php b/phpBB/phpbb/db/driver/sqlite3.php index 4e3e0d3329..f5c2dd225b 100644 --- a/phpBB/phpbb/db/driver/sqlite3.php +++ b/phpBB/phpbb/db/driver/sqlite3.php @@ -147,6 +147,11 @@ class sqlite3 extends \phpbb\db\driver\driver $this->sql_time += microtime(true) - $this->curtime; } + if (!$this->query_result) + { + return false; + } + if ($cache && $cache_ttl) { $this->query_result = $cache->sql_save($this, $query, $this->query_result, $cache_ttl); @@ -388,9 +393,12 @@ class sqlite3 extends \phpbb\db\driver\driver $endtime = $endtime[0] + $endtime[1]; $result = $this->dbo->query($query); - while ($void = $result->fetchArray(SQLITE3_ASSOC)) + if ($result) { - // Take the time spent on parsing rows into account + while ($void = $result->fetchArray(SQLITE3_ASSOC)) + { + // Take the time spent on parsing rows into account + } } $splittime = explode(' ', microtime()); diff --git a/phpBB/phpbb/db/migration/data/v310/captcha_plugins.php b/phpBB/phpbb/db/migration/data/v310/captcha_plugins.php index 13071e9891..328c08f1ec 100644 --- a/phpBB/phpbb/db/migration/data/v310/captcha_plugins.php +++ b/phpBB/phpbb/db/migration/data/v310/captcha_plugins.php @@ -25,9 +25,13 @@ class captcha_plugins extends \phpbb\db\migration\migration public function update_data() { $captcha_plugin = $this->config['captcha_plugin']; - if (strpos($this->config['captcha_plugin'], 'phpbb_captcha_') === 0) + if (strpos($captcha_plugin, 'phpbb_captcha_') === 0) { - $captcha_plugin = substr($this->config['captcha_plugin'], strlen('phpbb_captcha_')); + $captcha_plugin = substr($captcha_plugin, strlen('phpbb_captcha_')); + } + else if (strpos($captcha_plugin, 'phpbb_') === 0) + { + $captcha_plugin = substr($captcha_plugin, strlen('phpbb_')); } return array( diff --git a/phpBB/phpbb/db/migration/data/v310/reset_missing_captcha_plugin.php b/phpBB/phpbb/db/migration/data/v310/reset_missing_captcha_plugin.php index d5f9076196..8211457dc6 100644 --- a/phpBB/phpbb/db/migration/data/v310/reset_missing_captcha_plugin.php +++ b/phpBB/phpbb/db/migration/data/v310/reset_missing_captcha_plugin.php @@ -29,7 +29,8 @@ class reset_missing_captcha_plugin extends \phpbb\db\migration\migration { return array( array('if', array( - (!is_file($this->phpbb_root_path . "includes/captcha/plugins/{$this->config['captcha_plugin']}_plugin." . $this->php_ext)), + (is_dir($this->phpbb_root_path . 'includes/captcha/plugins/') && + !is_file($this->phpbb_root_path . "includes/captcha/plugins/{$this->config['captcha_plugin']}_plugin." . $this->php_ext)), array('config.update', array('captcha_plugin', 'phpbb_captcha_nogd')), )), ); diff --git a/phpBB/phpbb/db/migration/data/v31x/m_softdelete_global.php b/phpBB/phpbb/db/migration/data/v31x/m_softdelete_global.php new file mode 100644 index 0000000000..dd7e20e762 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v31x/m_softdelete_global.php @@ -0,0 +1,31 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v31x; + +class m_softdelete_global extends \phpbb\db\migration\migration +{ + static public function depends_on() + { + return array('\phpbb\db\migration\data\v31x\v311'); + } + + public function update_data() + { + return array( + // Make m_softdelete global. The add method will take care of updating + // it if it already exists. + array('permission.add', array('m_softdelete', true)), + ); + } +} diff --git a/phpBB/phpbb/db/migration/data/v31x/style_update.php b/phpBB/phpbb/db/migration/data/v31x/style_update.php new file mode 100644 index 0000000000..bb030bbe6d --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v31x/style_update.php @@ -0,0 +1,136 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v31x; + +class style_update extends \phpbb\db\migration\migration +{ + static public function depends_on() + { + return array('\phpbb\db\migration\data\v310\gold'); + } + + public function update_data() + { + return array( + array('custom', array(array($this, 'update_installed_styles'))), + ); + } + + public function update_installed_styles() + { + // Get all currently available styles + $styles = $this->find_style_dirs(); + $style_paths = $style_ids = array(); + + $sql = 'SELECT style_path, style_id + FROM ' . $this->table_prefix . 'styles'; + $result = $this->db->sql_query($sql); + while ($styles_row = $this->db->sql_fetchrow()) + { + if (in_array($styles_row['style_path'], $styles)) + { + $style_paths[] = $styles_row['style_path']; + $style_ids[] = $styles_row['style_id']; + } + } + $this->db->sql_freeresult($result); + + // Install prosilver if no style is available and prosilver can be installed + if (empty($style_paths) && in_array('prosilver', $styles)) + { + // Try to parse config file + $cfg = parse_cfg_file($this->phpbb_root_path . 'styles/prosilver/style.cfg'); + + // Stop running this if prosilver cfg file can't be read + if (empty($cfg)) + { + throw new \RuntimeException('No styles available and could not fall back to prosilver.'); + } + + $style = array( + 'style_name' => 'prosilver', + 'style_copyright' => '© phpBB Limited', + 'style_active' => 1, + 'style_path' => 'prosilver', + 'bbcode_bitfield' => 'kNg=', + 'style_parent_id' => 0, + 'style_parent_tree' => '', + ); + + // Add to database + $this->db->sql_transaction('begin'); + + $sql = 'INSERT INTO ' . $this->table_prefix . 'styles + ' . $this->db->sql_build_array('INSERT', $style); + $this->db->sql_query($sql); + + $style_id = $this->db->sql_nextid(); + $style_ids[] = $style_id; + + $this->db->sql_transaction('commit'); + + // Set prosilver to default style + $this->config->set('default_style', $style_id); + } + else if (empty($styles) && empty($available_styles)) + { + throw new \RuntimeException('No valid styles available'); + } + + // Make sure default style is available + if (!in_array($this->config['default_style'], $style_ids)) + { + $this->config->set('default_style', array_pop($style_ids)); + } + + // Reset users to default style if their user_style is nonexistent + $sql = 'UPDATE ' . $this->table_prefix . "users + SET user_style = {$this->config['default_style']} + WHERE " . $this->db->sql_in_set('user_style', $style_ids, true, true); + $this->db->sql_query($sql); + } + + /** + * Find all directories that have styles + * Copied from acp_styles + * + * @return array Directory names + */ + protected function find_style_dirs() + { + $styles = array(); + $styles_path = $this->phpbb_root_path . 'styles/'; + + $dp = @opendir($styles_path); + if ($dp) + { + while (($file = readdir($dp)) !== false) + { + $dir = $styles_path . $file; + if ($file[0] == '.' || !is_dir($dir)) + { + continue; + } + + if (file_exists("{$dir}/style.cfg")) + { + $styles[] = $file; + } + } + closedir($dp); + } + + return $styles; + } +} diff --git a/phpBB/phpbb/db/migration/data/v31x/v311.php b/phpBB/phpbb/db/migration/data/v31x/v311.php new file mode 100644 index 0000000000..00844dd4c0 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v31x/v311.php @@ -0,0 +1,32 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v31x; + +class v311 extends \phpbb\db\migration\migration +{ + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v310\gold', + '\phpbb\db\migration\data\v31x\style_update', + ); + } + + public function update_data() + { + return array( + array('config.update', array('version', '3.1.1')), + ); + } +} diff --git a/phpBB/phpbb/db/migrator.php b/phpBB/phpbb/db/migrator.php index 621a808a03..d03496eae3 100644 --- a/phpBB/phpbb/db/migrator.php +++ b/phpBB/phpbb/db/migrator.php @@ -59,6 +59,13 @@ class migrator protected $migrations = array(); /** + * Array of migrations that have been determined to be fulfillable + * + * @var array + */ + protected $fulfillable_migrations = array(); + + /** * 'name,' 'class,' and 'state' of the last migration run * * 'effectively_installed' set and set to true if the migration was effectively_installed @@ -653,7 +660,7 @@ class migrator */ public function unfulfillable($name) { - if (isset($this->migration_state[$name])) + if (isset($this->migration_state[$name]) || isset($this->fulfillable_migrations[$name])) { return false; } @@ -674,6 +681,7 @@ class migrator return $unfulfillable; } } + $this->fulfillable_migrations[$name] = true; return false; } diff --git a/phpBB/phpbb/db/tools.php b/phpBB/phpbb/db/tools.php index 0781d7425e..c8d25f23a2 100644 --- a/phpBB/phpbb/db/tools.php +++ b/phpBB/phpbb/db/tools.php @@ -2643,7 +2643,7 @@ class tools AND cols.id = ix.id WHERE ix.id = object_id('{$table_name}') AND cols.name = '{$column_name}' - AND INDEXPROPERTY(ix.id, ix.name, 'IsUnique') = " . ($unique) ? '1' : '0'; + AND INDEXPROPERTY(ix.id, ix.name, 'IsUnique') = " . ($unique ? '1' : '0'); } else { @@ -2657,7 +2657,7 @@ class tools AND cols.object_id = ix.object_id WHERE ix.object_id = object_id('{$table_name}') AND cols.name = '{$column_name}' - AND ix.is_unique = " . ($unique) ? '1' : '0'; + AND ix.is_unique = " . ($unique ? '1' : '0'); } break; diff --git a/phpBB/phpbb/di/container_builder.php b/phpBB/phpbb/di/container_builder.php index 638c13e86d..125ae28e9b 100644 --- a/phpBB/phpbb/di/container_builder.php +++ b/phpBB/phpbb/di/container_builder.php @@ -13,16 +13,25 @@ namespace phpbb\di; +use Symfony\Component\Config\ConfigCache; +use Symfony\Component\Config\FileLocator; use Symfony\Component\DependencyInjection\ContainerBuilder; use Symfony\Component\DependencyInjection\Dumper\PhpDumper; -use Symfony\Component\HttpKernel\DependencyInjection\RegisterListenersPass; +use Symfony\Component\DependencyInjection\Loader\YamlFileLoader; +use Symfony\Component\DependencyInjection\ParameterBag\ParameterBag; +use Symfony\Component\EventDispatcher\DependencyInjection\RegisterListenersPass; +use Symfony\Component\HttpKernel\DependencyInjection\MergeExtensionConfigurationPass; class container_builder { - /** @var string phpBB Root Path */ + /** + * @var string phpBB Root Path + */ protected $phpbb_root_path; - /** @var string php file extension */ + /** + * @var string php file extension + */ protected $php_ext; /** @@ -112,6 +121,11 @@ class container_builder protected $config_php_file; /** + * @var string + */ + protected $cache_dir; + + /** * Constructor * * @param \phpbb\config_php_file $config_php_file @@ -133,23 +147,30 @@ class container_builder public function get_container() { $container_filename = $this->get_container_filename(); - if (!defined('DEBUG_CONTAINER') && $this->dump_container && file_exists($container_filename)) + $config_cache = new ConfigCache($container_filename, defined('DEBUG')); + if ($this->dump_container && $config_cache->isFresh()) { require($container_filename); $this->container = new \phpbb_cache_container(); } else { - if ($this->config_path === null) - { - $this->config_path = $this->phpbb_root_path . 'config'; - } - $container_extensions = array(new \phpbb\di\extension\core($this->config_path)); + $container_extensions = array(new \phpbb\di\extension\core($this->get_config_path())); if ($this->use_extensions) { $installed_exts = $this->get_installed_extensions(); - $container_extensions[] = new \phpbb\di\extension\ext($installed_exts); + foreach ($installed_exts as $ext_name => $path) + { + $extension_class = '\\' . str_replace('/', '\\', $ext_name) . '\\di\\extension'; + + if (!class_exists($extension_class)) + { + $extension_class = '\phpbb\extension\di\extension_base'; + } + + $container_extensions[] = new $extension_class($ext_name, $path); + } } if ($this->inject_config) @@ -171,6 +192,9 @@ class container_builder } } + $loader = new YamlFileLoader($this->container, new FileLocator(phpbb_realpath($this->get_config_path()))); + $loader->load($this->container->getParameter('core.environment') . '/config.yml'); + $this->inject_custom_parameters(); if ($this->compile_container) @@ -178,9 +202,9 @@ class container_builder $this->container->compile(); } - if ($this->dump_container && !defined('DEBUG_CONTAINER')) + if ($this->dump_container) { - $this->dump_container($container_filename); + $this->dump_container($config_cache); } } @@ -267,6 +291,16 @@ class container_builder } /** + * Returns the path to the container configuration (default: root_path/config) + * + * @return string + */ + protected function get_config_path() + { + return $this->config_path ?: $this->phpbb_root_path . 'config'; + } + + /** * Set custom parameters to inject into the container. * * @param array $custom_parameters @@ -277,11 +311,31 @@ class container_builder } /** + * Set the path to the cache directory. + * + * @param string $cache_dir Path to the cache directory + */ + public function set_cache_dir($cache_dir) + { + $this->cache_dir = $cache_dir; + } + + /** + * Returns the path to the cache directory (default: root_path/cache/environment). + * + * @return string Path to the cache directory. + */ + protected function get_cache_dir() + { + return $this->cache_dir ?: $this->phpbb_root_path . 'cache/' . $this->get_environment() . '/'; + } + + /** * Dump the container to the disk. * - * @param string $container_filename The name of the file. + * @param ConfigCache $cache The config cache */ - protected function dump_container($container_filename) + protected function dump_container($cache) { $dumper = new PhpDumper($this->container); $cached_container_dump = $dumper->dump(array( @@ -289,7 +343,7 @@ class container_builder 'base_class' => 'Symfony\\Component\\DependencyInjection\\ContainerBuilder', )); - file_put_contents($container_filename, $cached_container_dump); + $cache->write($cached_container_dump, $this->container->getResources()); } /** @@ -362,34 +416,73 @@ class container_builder */ protected function create_container(array $extensions) { - $container = new ContainerBuilder(); + $container = new ContainerBuilder(new ParameterBag($this->get_core_parameters())); + + $extensions_alias = array(); foreach ($extensions as $extension) { $container->registerExtension($extension); - $container->loadFromExtension($extension->getAlias()); + $extensions_alias[] = $extension->getAlias(); + //$container->loadFromExtension($extension->getAlias()); } + $container->getCompilerPassConfig()->setMergePass(new MergeExtensionConfigurationPass($extensions_alias)); + return $container; } /** - * Inject the customs parameters into the container - */ + * Inject the customs parameters into the container + */ protected function inject_custom_parameters() { - if ($this->custom_parameters === null) + if ($this->custom_parameters !== null) { - $this->custom_parameters = array( - 'core.root_path' => $this->phpbb_root_path, - 'core.php_ext' => $this->php_ext, - ); + foreach ($this->custom_parameters as $key => $value) + { + $this->container->setParameter($key, $value); + } } + } - foreach ($this->custom_parameters as $key => $value) + /** + * Returns the core parameters. + * + * @return array An array of core parameters + */ + protected function get_core_parameters() + { + return array_merge( + array( + 'core.root_path' => $this->phpbb_root_path, + 'core.php_ext' => $this->php_ext, + 'core.environment' => $this->get_environment(), + 'core.debug' => DEBUG, + ), + $this->get_env_parameters() + ); + } + + /** + * Gets the environment parameters. + * + * Only the parameters starting with "PHPBB__" are considered. + * + * @return array An array of parameters + */ + protected function get_env_parameters() + { + $parameters = array(); + foreach ($_SERVER as $key => $value) { - $this->container->setParameter($key, $value); + if (0 === strpos($key, 'PHPBB__')) + { + $parameters[strtolower(str_replace('__', '.', substr($key, 9)))] = $value; + } } + + return $parameters; } /** @@ -400,6 +493,16 @@ class container_builder protected function get_container_filename() { $filename = str_replace(array('/', '.'), array('slash', 'dot'), $this->phpbb_root_path); - return $this->phpbb_root_path . 'cache/container_' . $filename . '.' . $this->php_ext; + return $this->get_cache_dir() . 'container_' . $filename . '.' . $this->php_ext; + } + + /** + * Return the name of the current environment. + * + * @return string + */ + protected function get_environment() + { + return PHPBB_ENVIRONMENT; } } diff --git a/phpBB/phpbb/di/extension/config.php b/phpBB/phpbb/di/extension/config.php index 27ebc94bae..7984a783df 100644 --- a/phpBB/phpbb/di/extension/config.php +++ b/phpBB/phpbb/di/extension/config.php @@ -39,16 +39,24 @@ class config extends Extension */ public function load(array $config, ContainerBuilder $container) { - $container->setParameter('core.adm_relative_path', ($this->config_php->get('phpbb_adm_relative_path') ? $this->config_php->get('phpbb_adm_relative_path') : 'adm/')); - $container->setParameter('core.table_prefix', $this->config_php->get('table_prefix')); - $container->setParameter('cache.driver.class', $this->convert_30_acm_type($this->config_php->get('acm_type'))); - $container->setParameter('dbal.driver.class', $this->config_php->convert_30_dbms_to_31($this->config_php->get('dbms'))); - $container->setParameter('dbal.dbhost', $this->config_php->get('dbhost')); - $container->setParameter('dbal.dbuser', $this->config_php->get('dbuser')); - $container->setParameter('dbal.dbpasswd', $this->config_php->get('dbpasswd')); - $container->setParameter('dbal.dbname', $this->config_php->get('dbname')); - $container->setParameter('dbal.dbport', $this->config_php->get('dbport')); - $container->setParameter('dbal.new_link', defined('PHPBB_DB_NEW_LINK') && PHPBB_DB_NEW_LINK); + $parameters = array( + 'core.adm_relative_path' => $this->config_php->get('phpbb_adm_relative_path') ? $this->config_php->get('phpbb_adm_relative_path') : 'adm/', + 'core.table_prefix' => $this->config_php->get('table_prefix'), + 'cache.driver.class' => $this->convert_30_acm_type($this->config_php->get('acm_type')), + 'dbal.driver.class' => $this->config_php->convert_30_dbms_to_31($this->config_php->get('dbms')), + 'dbal.dbhost' => $this->config_php->get('dbhost'), + 'dbal.dbuser' => $this->config_php->get('dbuser'), + 'dbal.dbpasswd' => $this->config_php->get('dbpasswd'), + 'dbal.dbname' => $this->config_php->get('dbname'), + 'dbal.dbport' => $this->config_php->get('dbport'), + 'dbal.new_link' => defined('PHPBB_DB_NEW_LINK') && PHPBB_DB_NEW_LINK, + ); + $parameter_bag = $container->getParameterBag(); + + foreach ($parameters as $parameter => $value) + { + $container->setParameter($parameter, $parameter_bag->escapeValue($value)); + } } /** diff --git a/phpBB/phpbb/di/extension/container_configuration.php b/phpBB/phpbb/di/extension/container_configuration.php new file mode 100644 index 0000000000..1f1c077472 --- /dev/null +++ b/phpBB/phpbb/di/extension/container_configuration.php @@ -0,0 +1,38 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\di\extension; + +use Symfony\Component\Config\Definition\Builder\TreeBuilder; +use Symfony\Component\Config\Definition\ConfigurationInterface; + +class container_configuration implements ConfigurationInterface +{ + + /** + * Generates the configuration tree builder. + * + * @return \Symfony\Component\Config\Definition\Builder\TreeBuilder The tree builder + */ + public function getConfigTreeBuilder() + { + $treeBuilder = new TreeBuilder(); + $rootNode = $treeBuilder->root('core'); + $rootNode + ->children() + ->booleanNode('require_dev_dependencies')->defaultValue(false)->end() + ->end() + ; + return $treeBuilder; + } +} diff --git a/phpBB/phpbb/di/extension/core.php b/phpBB/phpbb/di/extension/core.php index ca4fa5c082..72d46fb05b 100644 --- a/phpBB/phpbb/di/extension/core.php +++ b/phpBB/phpbb/di/extension/core.php @@ -13,10 +13,11 @@ namespace phpbb\di\extension; +use Symfony\Component\Config\FileLocator; +use Symfony\Component\Config\Resource\FileResource; use Symfony\Component\DependencyInjection\ContainerBuilder; -use Symfony\Component\HttpKernel\DependencyInjection\Extension; use Symfony\Component\DependencyInjection\Loader\YamlFileLoader; -use Symfony\Component\Config\FileLocator; +use Symfony\Component\HttpKernel\DependencyInjection\Extension; /** * Container core extension @@ -24,42 +25,68 @@ use Symfony\Component\Config\FileLocator; class core extends Extension { /** - * Config path - * @var string - */ + * Config path + * @var string + */ protected $config_path; /** - * Constructor - * - * @param string $config_path Config path - */ + * Constructor + * + * @param string $config_path Config path + */ public function __construct($config_path) { $this->config_path = $config_path; } /** - * Loads a specific configuration. - * - * @param array $config An array of configuration values - * @param ContainerBuilder $container A ContainerBuilder instance - * - * @throws \InvalidArgumentException When provided tag is not defined in this extension - */ - public function load(array $config, ContainerBuilder $container) + * Loads a specific configuration. + * + * @param array $configs An array of configuration values + * @param ContainerBuilder $container A ContainerBuilder instance + * + * @throws \InvalidArgumentException When provided tag is not defined in this extension + */ + public function load(array $configs, ContainerBuilder $container) { $loader = new YamlFileLoader($container, new FileLocator(phpbb_realpath($this->config_path))); - $loader->load('services.yml'); + $loader->load($container->getParameter('core.environment') . '/container/environment.yml'); + + $config = $this->getConfiguration($configs, $container); + $config = $this->processConfiguration($config, $configs); + + if ($config['require_dev_dependencies']) + { + if (!class_exists('Goutte\Client', true)) + { + trigger_error( + 'Composer development dependencies have not been set up for the ' . $container->getParameter('core.environment') . ' environment yet, run ' . + "'php ../composer.phar install --dev' from the phpBB directory to do so.", + E_USER_ERROR + ); + } + } + } + + /** + * {@inheritdoc} + */ + public function getConfiguration(array $config, ContainerBuilder $container) + { + $r = new \ReflectionClass('\phpbb\di\extension\container_configuration'); + $container->addResource(new FileResource($r->getFileName())); + + return new container_configuration(); } /** - * Returns the recommended alias to use in XML. - * - * This alias is also the mandatory prefix to use when using YAML. - * - * @return string The alias - */ + * Returns the recommended alias to use in XML. + * + * This alias is also the mandatory prefix to use when using YAML. + * + * @return string The alias + */ public function getAlias() { return 'core'; diff --git a/phpBB/phpbb/di/extension/ext.php b/phpBB/phpbb/di/extension/ext.php deleted file mode 100644 index 718c992d2e..0000000000 --- a/phpBB/phpbb/di/extension/ext.php +++ /dev/null @@ -1,67 +0,0 @@ -<?php -/** -* -* This file is part of the phpBB Forum Software package. -* -* @copyright (c) phpBB Limited <https://www.phpbb.com> -* @license GNU General Public License, version 2 (GPL-2.0) -* -* For full copyright and license information, please see -* the docs/CREDITS.txt file. -* -*/ - -namespace phpbb\di\extension; - -use Symfony\Component\DependencyInjection\ContainerBuilder; -use Symfony\Component\HttpKernel\DependencyInjection\Extension; -use Symfony\Component\DependencyInjection\Loader\YamlFileLoader; -use Symfony\Component\Config\FileLocator; - -/** -* Container ext extension -*/ -class ext extends Extension -{ - protected $paths = array(); - - public function __construct($enabled_extensions) - { - foreach ($enabled_extensions as $ext => $path) - { - $this->paths[] = $path; - } - } - - /** - * Loads a specific configuration. - * - * @param array $config An array of configuration values - * @param ContainerBuilder $container A ContainerBuilder instance - * - * @throws \InvalidArgumentException When provided tag is not defined in this extension - */ - public function load(array $config, ContainerBuilder $container) - { - foreach ($this->paths as $path) - { - if (file_exists($path . '/config/services.yml')) - { - $loader = new YamlFileLoader($container, new FileLocator(phpbb_realpath($path . '/config'))); - $loader->load('services.yml'); - } - } - } - - /** - * Returns the recommended alias to use in XML. - * - * This alias is also the mandatory prefix to use when using YAML. - * - * @return string The alias - */ - public function getAlias() - { - return 'ext'; - } -} diff --git a/phpBB/phpbb/event/kernel_request_subscriber.php b/phpBB/phpbb/event/kernel_request_subscriber.php deleted file mode 100644 index ee9f29a59d..0000000000 --- a/phpBB/phpbb/event/kernel_request_subscriber.php +++ /dev/null @@ -1,82 +0,0 @@ -<?php -/** -* -* This file is part of the phpBB Forum Software package. -* -* @copyright (c) phpBB Limited <https://www.phpbb.com> -* @license GNU General Public License, version 2 (GPL-2.0) -* -* For full copyright and license information, please see -* the docs/CREDITS.txt file. -* -*/ - -namespace phpbb\event; - -use Symfony\Component\EventDispatcher\EventSubscriberInterface; -use Symfony\Component\HttpKernel\KernelEvents; -use Symfony\Component\HttpKernel\Event\GetResponseEvent; -use Symfony\Component\HttpKernel\EventListener\RouterListener; -use Symfony\Component\Routing\RequestContext; - -class kernel_request_subscriber implements EventSubscriberInterface -{ - /** - * Extension manager object - * @var \phpbb\extension\manager - */ - protected $manager; - - /** - * PHP file extension - * @var string - */ - protected $php_ext; - - /** - * Root path - * @var string - */ - protected $root_path; - - /** - * Construct method - * - * @param \phpbb\extension\manager $manager Extension manager object - * @param string $root_path Root path - * @param string $php_ext PHP file extension - */ - public function __construct(\phpbb\extension\manager $manager, $root_path, $php_ext) - { - $this->root_path = $root_path; - $this->php_ext = $php_ext; - $this->manager = $manager; - } - - /** - * This listener is run when the KernelEvents::REQUEST event is triggered - * - * This is responsible for setting up the routing information - * - * @param GetResponseEvent $event - * @throws \BadMethodCallException - * @return null - */ - public function on_kernel_request(GetResponseEvent $event) - { - $request = $event->getRequest(); - $context = new RequestContext(); - $context->fromRequest($request); - - $matcher = phpbb_get_url_matcher($this->manager, $context, $this->root_path, $this->php_ext); - $router_listener = new RouterListener($matcher, $context); - $router_listener->onKernelRequest($event); - } - - public static function getSubscribedEvents() - { - return array( - KernelEvents::REQUEST => 'on_kernel_request', - ); - } -} diff --git a/phpBB/phpbb/event/md_exporter.php b/phpBB/phpbb/event/md_exporter.php index f7021875f3..84b10e79c1 100644 --- a/phpBB/phpbb/event/md_exporter.php +++ b/phpBB/phpbb/event/md_exporter.php @@ -89,7 +89,7 @@ class md_exporter { $this->crawl_eventsmd($md_file, 'styles'); - $styles = array('prosilver', 'subsilver2'); + $styles = array('prosilver'); foreach ($styles as $style) { $file_list = $this->get_recursive_file_list( @@ -179,7 +179,7 @@ class md_exporter { $wiki_page = '= Template Events =' . "\n"; $wiki_page .= '{| class="zebra sortable" cellspacing="0" cellpadding="5"' . "\n"; - $wiki_page .= '! Identifier !! Prosilver Placement (If applicable) !! Subsilver Placement (If applicable) !! Added in Release !! Explanation' . "\n"; + $wiki_page .= '! Identifier !! Prosilver Placement (If applicable) !! Added in Release !! Explanation' . "\n"; } foreach ($this->events as $event_name => $event) @@ -193,7 +193,7 @@ class md_exporter } else { - $wiki_page .= implode(', ', $event['files']['prosilver']) . ' || ' . implode(', ', $event['files']['subsilver2']); + $wiki_page .= implode(', ', $event['files']['prosilver']); } $wiki_page .= " || {$event['since']} || " . str_replace("\n", ' ', $event['description']) . "\n"; @@ -246,7 +246,6 @@ class md_exporter { $files_list = array( 'prosilver' => array(), - 'subsilver2' => array(), 'adm' => array(), ); @@ -266,10 +265,6 @@ class md_exporter { $files_list['prosilver'][] = substr($file, strlen('styles/prosilver/template/')); } - else if (($this->filter !== 'adm') && strpos($file, 'styles/subsilver2/template/') === 0) - { - $files_list['subsilver2'][] = substr($file, strlen('styles/subsilver2/template/')); - } else if (($this->filter === 'adm') && strpos($file, 'adm/style/') === 0) { $files_list['adm'][] = substr($file, strlen('adm/style/')); diff --git a/phpBB/phpbb/extension/di/extension_base.php b/phpBB/phpbb/extension/di/extension_base.php new file mode 100644 index 0000000000..30cc37dbb6 --- /dev/null +++ b/phpBB/phpbb/extension/di/extension_base.php @@ -0,0 +1,137 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\extension\di; + +use Symfony\Component\Config\FileLocator; +use Symfony\Component\Config\Resource\FileResource; +use Symfony\Component\DependencyInjection\ContainerBuilder; +use Symfony\Component\DependencyInjection\Loader\YamlFileLoader; +use Symfony\Component\HttpKernel\DependencyInjection\Extension; + +/** + * Container core extension + */ +class extension_base extends Extension +{ + /** + * Name of the extension (vendor/name) + * + * @var string + */ + protected $extension_name; + + /** + * Path to the extension. + * + * @var string + */ + protected $ext_path; + + /** + * Constructor + * + * @param string $extension_name Name of the extension (vendor/name) + * @param string $ext_path Path to the extension + */ + public function __construct($extension_name, $ext_path) + { + $this->extension_name = $extension_name; + $this->ext_path = $ext_path; + } + + /** + * Loads a specific configuration. + * + * @param array $configs An array of configuration values + * @param ContainerBuilder $container A ContainerBuilder instance + * + * @throws \InvalidArgumentException When provided tag is not defined in this extension + */ + public function load(array $configs, ContainerBuilder $container) + { + $this->load_services($container); + } + + /** + * Loads the services.yml file. + * + * @param ContainerBuilder $container A ContainerBuilder instance + */ + protected function load_services(ContainerBuilder $container) + { + $services_directory = false; + $services_file = false; + + if (file_exists($this->ext_path . 'config/' . $container->getParameter('core.environment') . '/container/environment.yml')) + { + $services_directory = $this->ext_path . 'config/' . $container->getParameter('core.environment') . '/container/'; + $services_file = 'environment.yml'; + } + else if (!is_dir($this->ext_path . 'config/' . $container->getParameter('core.environment'))) + { + if (file_exists($this->ext_path . 'config/default/container/environment.yml')) + { + $services_directory = $this->ext_path . 'config/default/container/'; + $services_file = 'environment.yml'; + } + else if (!is_dir($this->ext_path . 'config/default') && file_exists($this->ext_path . '/config/services.yml')) + { + $services_directory = $this->ext_path . 'config'; + $services_file = 'services.yml'; + } + } + + if ($services_directory && $services_file) + { + $loader = new YamlFileLoader($container, new FileLocator(phpbb_realpath($services_directory))); + $loader->load($services_file); + } + } + + /** + * {@inheritdoc} + */ + public function getConfiguration(array $config, ContainerBuilder $container) + { + $reflected = new \ReflectionClass($this); + $namespace = $reflected->getNamespaceName(); + + $class = $namespace . '\\di\configuration'; + if (class_exists($class)) + { + $r = new \ReflectionClass($class); + $container->addResource(new FileResource($r->getFileName())); + + if (!method_exists($class, '__construct')) + { + $configuration = new $class(); + + return $configuration; + } + } + + } + + /** + * Returns the recommended alias to use in XML. + * + * This alias is also the mandatory prefix to use when using YAML. + * + * @return string The alias + */ + public function getAlias() + { + return str_replace('/', '_', $this->extension_name); + } +} diff --git a/phpBB/phpbb/message/admin_form.php b/phpBB/phpbb/message/admin_form.php index 93db59880c..96b8d3499e 100644 --- a/phpBB/phpbb/message/admin_form.php +++ b/phpBB/phpbb/message/admin_form.php @@ -178,6 +178,7 @@ class admin_form extends form 'S_CONTACT_ADMIN' => true, 'S_CONTACT_FORM' => $this->config['contact_admin_form_enable'], 'S_IS_REGISTERED' => $this->user->data['is_registered'], + 'S_POST_ACTION' => append_sid($this->phpbb_root_path . 'memberlist.' . $this->phpEx, 'mode=contactadmin'), 'CONTACT_INFO' => $l_admin_info, 'MESSAGE' => $this->body, diff --git a/phpBB/phpbb/message/form.php b/phpBB/phpbb/message/form.php index 076b41dc07..21d4de0b4d 100644 --- a/phpBB/phpbb/message/form.php +++ b/phpBB/phpbb/message/form.php @@ -146,7 +146,7 @@ abstract class form WHERE user_id = ' . $this->user->data['user_id']; $this->db->sql_query($sql); - if ($this->cc_sender) + if ($this->cc_sender && $this->user->data['is_registered']) { $this->message->cc_sender(); } diff --git a/phpBB/phpbb/message/topic_form.php b/phpBB/phpbb/message/topic_form.php index 1e0f2a1945..174643bb81 100644 --- a/phpBB/phpbb/message/topic_form.php +++ b/phpBB/phpbb/message/topic_form.php @@ -117,7 +117,7 @@ class topic_form extends form 'TOPIC_NAME' => htmlspecialchars_decode($this->topic_row['topic_title']), 'U_TOPIC' => generate_board_url() . '/viewtopic.' . $this->phpEx . '?f=' . $this->topic_row['forum_id'] . '&t=' . $this->topic_id, )); - + $this->message->set_body($this->body); $this->message->add_recipient( $this->recipient_name, $this->recipient_address, diff --git a/phpBB/phpbb/notification/manager.php b/phpBB/phpbb/notification/manager.php index 971a53a16a..dd611e1dd1 100644 --- a/phpBB/phpbb/notification/manager.php +++ b/phpBB/phpbb/notification/manager.php @@ -292,7 +292,7 @@ class manager WHERE notification_time <= " . (int) $time . (($notification_type_name !== false) ? ' AND ' . (is_array($notification_type_name) ? $this->db->sql_in_set('notification_type_id', $this->get_notification_type_ids($notification_type_name)) : 'notification_type_id = ' . $this->get_notification_type_id($notification_type_name)) : '') . - (($item_parent_id !== false) ? ' AND ' . (is_array($item_parent_id) ? $this->db->sql_in_set('item_parent_id', $item_parent_id) : 'item_parent_id = ' . (int) $item_parent_id) : '') . + (($item_parent_id !== false) ? ' AND ' . (is_array($item_parent_id) ? $this->db->sql_in_set('item_parent_id', $item_parent_id, false, true) : 'item_parent_id = ' . (int) $item_parent_id) : '') . (($user_id !== false) ? ' AND ' . (is_array($user_id) ? $this->db->sql_in_set('user_id', $user_id) : 'user_id = ' . (int) $user_id) : ''); $this->db->sql_query($sql); } diff --git a/phpBB/phpbb/path_helper.php b/phpBB/phpbb/path_helper.php index 936564d8b6..4a446a5d9d 100644 --- a/phpBB/phpbb/path_helper.php +++ b/phpBB/phpbb/path_helper.php @@ -154,6 +154,7 @@ class path_helper return $this->web_root_path; } + // We do not need to escape $path_info, $request_uri and $script_name because we can not find their content in the result. // Path info (e.g. /foo/bar) $path_info = $this->filesystem->clean_path($this->symfony_request->getPathInfo()); @@ -203,9 +204,12 @@ class path_helper */ if ($this->request->is_ajax() && $this->symfony_request->get('_referer')) { + // We need to escape $absolute_board_url because it can be partially concatenated to the result. + $absolute_board_url = $this->request->escape($this->symfony_request->getSchemeAndHttpHost() . $this->symfony_request->getBasePath(), true); + $referer_web_root_path = $this->get_web_root_path_from_ajax_referer( $this->symfony_request->get('_referer'), - $this->symfony_request->getSchemeAndHttpHost() . $this->symfony_request->getBasePath() + $absolute_board_url ); return $this->web_root_path = $this->phpbb_root_path . $referer_web_root_path; } diff --git a/phpBB/phpbb/profilefields/type/type_base.php b/phpBB/phpbb/profilefields/type/type_base.php index 52f5d15511..9b4bada26d 100644 --- a/phpBB/phpbb/profilefields/type/type_base.php +++ b/phpBB/phpbb/profilefields/type/type_base.php @@ -158,7 +158,19 @@ abstract class type_base implements type_interface } else { - return $this->request->variable($key, '', true); + $default_value = ''; + $lang_fields = array( + 'l_lang_name', + 'l_lang_explain', + 'l_lang_default_value', + 'l_lang_options', + ); + + if (in_array($key, $lang_fields)) + { + $default_value = array(0 => ''); + } + return $this->request->variable($key, $default_value, true); } } diff --git a/phpBB/phpbb/profilefields/type/type_bool.php b/phpBB/phpbb/profilefields/type/type_bool.php index 0582722833..75934e3be7 100644 --- a/phpBB/phpbb/profilefields/type/type_bool.php +++ b/phpBB/phpbb/profilefields/type/type_bool.php @@ -352,7 +352,7 @@ class type_bool extends type_base } } - if ($step == 3 && ($field_data[$key] || $action != 'edit') && $key == 'l_lang_options') + if ($key == 'l_lang_options' && $this->request->is_set($key)) { $field_data[$key] = $this->request->variable($key, array(0 => array('')), true); diff --git a/phpBB/phpbb/request/request.php b/phpBB/phpbb/request/request.php index ea9854894c..f0f2f7e2a2 100644 --- a/phpBB/phpbb/request/request.php +++ b/phpBB/phpbb/request/request.php @@ -416,4 +416,27 @@ class request implements \phpbb\request\request_interface { return $this->input[$super_global]; } + + /** + * {@inheritdoc} + */ + public function escape($var, $multibyte) + { + if (is_array($var)) + { + $result = array(); + foreach ($var as $key => $value) + { + $this->type_cast_helper->set_var($key, $key, gettype($key), $multibyte); + $result[$key] = $this->escape($value, $multibyte); + } + $var = $result; + } + else + { + $this->type_cast_helper->set_var($var, $var, 'string', $multibyte); + } + + return $var; + } } diff --git a/phpBB/phpbb/request/request_interface.php b/phpBB/phpbb/request/request_interface.php index 3236f73990..47b3b3a4ed 100644 --- a/phpBB/phpbb/request/request_interface.php +++ b/phpBB/phpbb/request/request_interface.php @@ -142,4 +142,14 @@ interface request_interface * @return array The original array of the requested super global. */ public function get_super_global($super_global = \phpbb\request\request_interface::REQUEST); + + /** + * Escape a string variable. + * + * @param mixed $value The contents to fill with + * @param bool $multibyte Indicates whether string values may contain UTF-8 characters. + * Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks. + * @return string|array + */ + public function escape($value, $multibyte); } diff --git a/phpBB/phpbb/routing/router.php b/phpBB/phpbb/routing/router.php new file mode 100644 index 0000000000..1003708540 --- /dev/null +++ b/phpBB/phpbb/routing/router.php @@ -0,0 +1,329 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\routing; + +use Symfony\Component\Routing\Matcher\Dumper\PhpMatcherDumper; +use Symfony\Component\Routing\Generator\Dumper\PhpGeneratorDumper; +use Symfony\Component\Routing\Matcher\UrlMatcher; +use Symfony\Component\Routing\Generator\UrlGenerator; +use Symfony\Component\Routing\RequestContext; +use Symfony\Component\Routing\RouteCollection; +use Symfony\Component\Routing\RouterInterface; +use Symfony\Component\Routing\Loader\YamlFileLoader; +use Symfony\Component\Config\FileLocator; +use phpbb\extension\manager; + +/** + * Integration of all pieces of the routing system for easier use. + */ +class router implements RouterInterface +{ + /** + * Extension manager + * + * @var manager + */ + protected $extension_manager; + + /** + * phpBB root path + * + * @var string + */ + protected $phpbb_root_path; + + /** + * PHP file extensions + * + * @var string + */ + protected $php_ext; + + /** + * Name of the current environment + * + * @var string + */ + protected $environment; + + /** + * YAML file(s) containing route information + * + * @var array + */ + protected $routing_files; + + /** + * @var \Symfony\Component\Routing\Matcher\UrlMatcherInterface|null + */ + protected $matcher; + + /** + * @var \Symfony\Component\Routing\Generator\UrlGeneratorInterface|null + */ + protected $generator; + + /** + * @var RequestContext + */ + protected $context; + + /** + * @var RouteCollection|null + */ + protected $route_collection; + + /** + * Construct method + * + * @param manager $extension_manager Extension manager + * @param string $phpbb_root_path phpBB root path + * @param string $php_ext PHP file extension + * @param string $environment Name of the current environment + * @param array $routing_files Array of strings containing paths to YAML files holding route information + */ + public function __construct(manager $extension_manager, $phpbb_root_path, $php_ext, $environment, $routing_files = array()) + { + $this->extension_manager = $extension_manager; + $this->routing_files = $routing_files; + $this->phpbb_root_path = $phpbb_root_path; + $this->php_ext = $php_ext; + $this->environment = $environment; + $this->context = new RequestContext(); + } + + /** + * Find the list of routing files + * + * @param array $paths Array of paths where to look for routing files. + * @return router + */ + public function find_routing_files(array $paths) + { + $this->routing_files = array($this->phpbb_root_path . 'config/' . $this->environment . '/routing/environment.yml'); + foreach ($paths as $path) + { + if (file_exists($path . 'config/' . $this->environment . '/routing/environment.yml')) + { + $this->routing_files[] = $path . 'config/' . $this->environment . '/routing/environment.yml'; + } + else if (!is_dir($path . 'config/' . $this->environment)) + { + if (file_exists($path . 'config/default/routing/environment.yml')) + { + $this->routing_files[] = $path . 'config/default/routing/environment.yml'; + } + else if (!is_dir($path . 'config/default/routing') && file_exists($path . 'config/routing.yml')) + { + $this->routing_files[] = $path . 'config/routing.yml'; + } + } + } + + return $this; + } + + /** + * Find a list of controllers + * + * @param string $base_path Base path to prepend to file paths + * @return router + */ + public function find($base_path = '') + { + if ($this->route_collection === null || $this->route_collection->count() === 0) + { + $this->route_collection = new RouteCollection; + foreach ($this->routing_files as $file_path) + { + $loader = new YamlFileLoader(new FileLocator(phpbb_realpath($base_path))); + $this->route_collection->addCollection($loader->load($file_path)); + } + } + + return $this; + } + + /** + * Get the list of routes + * + * @return RouteCollection Get the route collection + */ + public function get_routes() + { + if ($this->route_collection == null || empty($this->routing_files)) + { + $this->find_routing_files($this->extension_manager->all_enabled()) + ->find($this->phpbb_root_path); + } + + return $this->route_collection; + } + + /** + * {@inheritdoc} + */ + public function getRouteCollection() + { + return $this->get_routes(); + } + + /** + * {@inheritdoc} + */ + public function setContext(RequestContext $context) + { + $this->context = $context; + + if ($this->matcher !== null) + { + $this->get_matcher()->setContext($context); + } + if ($this->generator !== null) + { + $this->get_generator()->setContext($context); + } + } + + /** + * {@inheritdoc} + */ + public function getContext() + { + return $this->context; + } + + /** + * {@inheritdoc} + */ + public function generate($name, $parameters = array(), $referenceType = self::ABSOLUTE_PATH) + { + return $this->get_generator()->generate($name, $parameters, $referenceType); + } + + /** + * {@inheritdoc} + */ + public function match($pathinfo) + { + return $this->get_matcher()->match($pathinfo); + } + + /** + * Gets the UrlMatcher instance associated with this Router. + * + * @return \Symfony\Component\Routing\Matcher\UrlMatcherInterface A UrlMatcherInterface instance + */ + public function get_matcher() + { + if ($this->matcher !== null) + { + return $this->matcher; + } + + if (defined('DEBUG')) + { + $this->create_new_url_matcher(); + } + else + { + $this->create_dumped_url_matcher(); + } + + return $this->matcher; + } + /** + * Creates a new dumped URL Matcher (dump it if necessary) + */ + protected function create_dumped_url_matcher() + { + if (!file_exists($this->phpbb_root_path . 'cache/url_matcher.' . $this->php_ext)) + { + $dumper = new PhpMatcherDumper($this->get_routes()); + + $options = array( + 'class' => 'phpbb_url_matcher', + ); + + $dump = $dumper->dump($options); + file_put_contents($this->phpbb_root_path . 'cache/url_matcher.' . $this->php_ext, $dump); + } + + require_once($this->phpbb_root_path . 'cache/url_matcher.' . $this->php_ext); + + $this->matcher = new phpbb_url_matcher($this->context); + } + + /** + * Creates a new URL Matcher + */ + protected function create_new_url_matcher() + { + $this->matcher = new UrlMatcher($this->get_routes(), $this->context); + } + + /** + * Gets the UrlGenerator instance associated with this Router. + * + * @return \Symfony\Component\Routing\Generator\UrlGeneratorInterface A UrlGeneratorInterface instance + */ + public function get_generator() + { + if ($this->generator !== null) + { + return $this->generator; + } + + if (defined('DEBUG')) + { + $this->create_new_url_generator(); + } + else + { + $this->create_dumped_url_generator(); + } + + return $this->generator; + } + + /** + * Creates a new dumped URL Generator (dump it if necessary) + */ + protected function create_dumped_url_generator() + { + if (!file_exists($this->phpbb_root_path . 'cache/url_generator.' . $this->php_ext)) + { + $dumper = new PhpGeneratorDumper($this->get_routes()); + + $options = array( + 'class' => 'phpbb_url_generator', + ); + + $dump = $dumper->dump($options); + file_put_contents($this->phpbb_root_path . 'cache/url_generator.' . $this->php_ext, $dump); + } + + require_once($this->phpbb_root_path . 'cache/url_generator.' . $this->php_ext); + + $this->generator = new phpbb_url_generator($this->context); + } + + /** + * Creates a new URL Generator + */ + protected function create_new_url_generator() + { + $this->generator = new UrlGenerator($this->get_routes(), $this->context); + } +} diff --git a/phpBB/phpbb/search/fulltext_native.php b/phpBB/phpbb/search/fulltext_native.php index 48b0f077c7..ea239c0b36 100644 --- a/phpBB/phpbb/search/fulltext_native.php +++ b/phpBB/phpbb/search/fulltext_native.php @@ -18,6 +18,13 @@ namespace phpbb\search; */ class fulltext_native extends \phpbb\search\base { + const UTF8_HANGUL_FIRST = "\xEA\xB0\x80"; + const UTF8_HANGUL_LAST = "\xED\x9E\xA3"; + const UTF8_CJK_FIRST = "\xE4\xB8\x80"; + const UTF8_CJK_LAST = "\xE9\xBE\xBB"; + const UTF8_CJK_B_FIRST = "\xF0\xA0\x80\x80"; + const UTF8_CJK_B_LAST = "\xF0\xAA\x9B\x96"; + /** * Associative array holding index stats * @var array @@ -93,7 +100,7 @@ class fulltext_native extends \phpbb\search\base protected $user; /** - * Initialises the fulltext_native search backend with min/max word length and makes sure the UTF-8 normalizer is loaded + * Initialises the fulltext_native search backend with min/max word length * * @param boolean|string &$error is passed by reference and should either be set to false on success or an error message on failure */ @@ -110,10 +117,6 @@ class fulltext_native extends \phpbb\search\base /** * Load the UTF tools */ - if (!class_exists('utf_normalizer')) - { - include($this->phpbb_root_path . 'includes/utf/utf_normalizer.' . $this->php_ext); - } if (!function_exists('utf8_decode_ncr')) { include($this->phpbb_root_path . 'includes/utf/utf_tools.' . $this->php_ext); @@ -848,7 +851,7 @@ class fulltext_native extends \phpbb\search\base $sql_calc = $this->db->sql_build_query('SELECT', $sql_array_copy); unset($sql_array_copy); - $this->db->sql_query($sql_calc); + $result = $this->db->sql_query($sql_calc); $this->db->sql_freeresult($result); $sql_count = 'SELECT FOUND_ROWS() as total_results'; @@ -1175,9 +1178,9 @@ class fulltext_native extends \phpbb\search\base * Note: this could be optimized. If the codepoint is lower than Hangul's range * we know that it will also be lower than CJK ranges */ - if ((strncmp($word, UTF8_HANGUL_FIRST, 3) < 0 || strncmp($word, UTF8_HANGUL_LAST, 3) > 0) - && (strncmp($word, UTF8_CJK_FIRST, 3) < 0 || strncmp($word, UTF8_CJK_LAST, 3) > 0) - && (strncmp($word, UTF8_CJK_B_FIRST, 4) < 0 || strncmp($word, UTF8_CJK_B_LAST, 4) > 0)) + if ((strncmp($word, self::UTF8_HANGUL_FIRST, 3) < 0 || strncmp($word, self::UTF8_HANGUL_LAST, 3) > 0) + && (strncmp($word, self::UTF8_CJK_FIRST, 3) < 0 || strncmp($word, self::UTF8_CJK_LAST, 3) > 0) + && (strncmp($word, self::UTF8_CJK_B_FIRST, 4) < 0 || strncmp($word, self::UTF8_CJK_B_LAST, 4) > 0)) { $word = strtok(' '); continue; @@ -1544,8 +1547,6 @@ class fulltext_native extends \phpbb\search\base * @param string $allowed_chars String of special chars to allow * @param string $encoding Text encoding * @return string Cleaned up text, only alphanumeric chars are left - * - * @todo \normalizer::cleanup being able to be used? */ protected function cleanup($text, $allowed_chars = null, $encoding = 'utf-8') { @@ -1572,12 +1573,9 @@ class fulltext_native extends \phpbb\search\base $text = htmlspecialchars_decode(utf8_decode_ncr($text), ENT_QUOTES); /** - * Load the UTF-8 normalizer - * - * If we use it more widely, an instance of that class should be held in a - * a global variable instead + * Normalize to NFC */ - \utf_normalizer::nfc($text); + $text = \Normalizer::normalize($text); /** * The first thing we do is: @@ -1670,9 +1668,9 @@ class fulltext_native extends \phpbb\search\base $utf_char = substr($text, $pos, $utf_len); $pos += $utf_len; - if (($utf_char >= UTF8_HANGUL_FIRST && $utf_char <= UTF8_HANGUL_LAST) - || ($utf_char >= UTF8_CJK_FIRST && $utf_char <= UTF8_CJK_LAST) - || ($utf_char >= UTF8_CJK_B_FIRST && $utf_char <= UTF8_CJK_B_LAST)) + if (($utf_char >= self::UTF8_HANGUL_FIRST && $utf_char <= self::UTF8_HANGUL_LAST) + || ($utf_char >= self::UTF8_CJK_FIRST && $utf_char <= self::UTF8_CJK_LAST) + || ($utf_char >= self::UTF8_CJK_B_FIRST && $utf_char <= self::UTF8_CJK_B_LAST)) { /** * All characters within these ranges are valid diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php index 477e91efd6..dc90d942c3 100644 --- a/phpBB/phpbb/session.php +++ b/phpBB/phpbb/session.php @@ -31,10 +31,11 @@ class session var $update_session_page = true; /** - * Extract current session page - * - * @param string $root_path current root path (phpbb_root_path) - */ + * Extract current session page + * + * @param string $root_path current root path (phpbb_root_path) + * @return array + */ static function extract_current_page($root_path) { global $request, $symfony_request, $phpbb_filesystem; @@ -42,8 +43,8 @@ class session $page_array = array(); // First of all, get the request uri... - $script_name = $symfony_request->getScriptName(); - $args = explode('&', $symfony_request->getQueryString()); + $script_name = $request->escape($symfony_request->getScriptName(), true); + $args = $request->escape(explode('&', $symfony_request->getQueryString()), true); // If we are unable to get the script name we use REQUEST_URI as a failover and note it within the page array for easier support... if (!$script_name) @@ -61,8 +62,8 @@ class session // Since some browser do not encode correctly we need to do this with some "special" characters... // " -> %22, ' => %27, < -> %3C, > -> %3E - $find = array('"', "'", '<', '>'); - $replace = array('%22', '%27', '%3C', '%3E'); + $find = array('"', "'", '<', '>', '"', '<', '>'); + $replace = array('%22', '%27', '%3C', '%3E', '%22', '%3C', '%3E'); foreach ($args as $key => $argument) { @@ -87,7 +88,7 @@ class session $symfony_request_path = $phpbb_filesystem->clean_path($symfony_request->getPathInfo()); if ($symfony_request_path !== '/') { - $page_name .= $symfony_request_path; + $page_name .= str_replace('%2F', '/', urlencode($symfony_request_path)); } // current directory within the phpBB root (for example: adm) diff --git a/phpBB/phpbb/symfony_request.php b/phpBB/phpbb/symfony_request.php index bf9ddec493..2931cae3cc 100644 --- a/phpBB/phpbb/symfony_request.php +++ b/phpBB/phpbb/symfony_request.php @@ -15,6 +15,10 @@ namespace phpbb; use Symfony\Component\HttpFoundation\Request; +/** + * WARNING: The Symfony request does not escape the input and should be used very carefully + * prefer the phpbb request as possible + */ class symfony_request extends Request { /** @@ -24,21 +28,12 @@ class symfony_request extends Request */ public function __construct(\phpbb\request\request_interface $phpbb_request) { - // This function is meant to sanitize the global input arrays - $sanitizer = function(&$value, $key) { - $type_cast_helper = new \phpbb\request\type_cast_helper(); - $type_cast_helper->set_var($value, $value, gettype($value), true); - }; - $get_parameters = $phpbb_request->get_super_global(\phpbb\request\request_interface::GET); $post_parameters = $phpbb_request->get_super_global(\phpbb\request\request_interface::POST); $server_parameters = $phpbb_request->get_super_global(\phpbb\request\request_interface::SERVER); $files_parameters = $phpbb_request->get_super_global(\phpbb\request\request_interface::FILES); $cookie_parameters = $phpbb_request->get_super_global(\phpbb\request\request_interface::COOKIE); - array_walk_recursive($get_parameters, $sanitizer); - array_walk_recursive($post_parameters, $sanitizer); - parent::__construct($get_parameters, $post_parameters, array(), $cookie_parameters, $files_parameters, $server_parameters); } } diff --git a/phpBB/phpbb/template/twig/environment.php b/phpBB/phpbb/template/twig/environment.php index 476ffd935e..0ba7a265e4 100644 --- a/phpBB/phpbb/template/twig/environment.php +++ b/phpBB/phpbb/template/twig/environment.php @@ -21,6 +21,9 @@ class environment extends \Twig_Environment /** @var \phpbb\path_helper */ protected $phpbb_path_helper; + /** @var \Symfony\Component\DependencyInjection\ContainerInterface */ + protected $container; + /** @var \phpbb\extension\manager */ protected $extension_manager; @@ -38,24 +41,49 @@ class environment extends \Twig_Environment * * @param \phpbb\config\config $phpbb_config The phpBB configuration * @param \phpbb\path_helper $path_helper phpBB path helper + * @param \Symfony\Component\DependencyInjection\ContainerInterface $container The dependency injection container + * @param string $cache_path The path to the cache directory * @param \phpbb\extension\manager $extension_manager phpBB extension manager * @param \Twig_LoaderInterface $loader Twig loader interface * @param array $options Array of options to pass to Twig */ - public function __construct($phpbb_config, \phpbb\path_helper $path_helper, \phpbb\extension\manager $extension_manager = null, \Twig_LoaderInterface $loader = null, $options = array()) + public function __construct($phpbb_config, \phpbb\path_helper $path_helper, \Symfony\Component\DependencyInjection\ContainerInterface $container, $cache_path, \phpbb\extension\manager $extension_manager = null, \Twig_LoaderInterface $loader = null, $options = array()) { $this->phpbb_config = $phpbb_config; $this->phpbb_path_helper = $path_helper; $this->extension_manager = $extension_manager; + $this->container = $container; $this->phpbb_root_path = $this->phpbb_path_helper->get_phpbb_root_path(); $this->web_root_path = $this->phpbb_path_helper->get_web_root_path(); + $options = array_merge(array( + 'cache' => (defined('IN_INSTALL')) ? false : $cache_path, + 'debug' => defined('DEBUG'), + 'auto_reload' => (bool) $this->phpbb_config['load_tplcompile'], + 'autoescape' => false, + ), $options); + return parent::__construct($loader, $options); } /** + * {@inheritdoc} + */ + public function getLexer() + { + if (null === $this->lexer) + { + $this->lexer = $this->container->get('template.twig.lexer'); + $this->lexer->set_environment($this); + } + + return $this->lexer; + } + + + /** * Get the list of enabled phpBB extensions * * Used in EVENT node diff --git a/phpBB/phpbb/template/twig/lexer.php b/phpBB/phpbb/template/twig/lexer.php index c5dc7273ba..a7848738bb 100644 --- a/phpBB/phpbb/template/twig/lexer.php +++ b/phpBB/phpbb/template/twig/lexer.php @@ -15,6 +15,11 @@ namespace phpbb\template\twig; class lexer extends \Twig_Lexer { + public function set_environment(\Twig_Environment $env) + { + $this->env = $env; + } + public function tokenize($code, $filename = null) { // Our phpBB tags diff --git a/phpBB/phpbb/template/twig/twig.php b/phpBB/phpbb/template/twig/twig.php index 4d9ca44007..4962d14aef 100644 --- a/phpBB/phpbb/template/twig/twig.php +++ b/phpBB/phpbb/template/twig/twig.php @@ -78,9 +78,12 @@ class twig extends \phpbb\template\base * @param \phpbb\config\config $config * @param \phpbb\user $user * @param \phpbb\template\context $context template context + * @param \phpbb\template\twig\environment $twig_environment + * @param string $cache_path + * @param array|\ArrayAccess $extensions * @param \phpbb\extension\manager $extension_manager extension manager, if null then template events will not be invoked */ - public function __construct(\phpbb\path_helper $path_helper, $config, $user, \phpbb\template\context $context, \phpbb\extension\manager $extension_manager = null) + public function __construct(\phpbb\path_helper $path_helper, $config, $user, \phpbb\template\context $context, \phpbb\template\twig\environment $twig_environment, $cache_path, $extensions = array(), \phpbb\extension\manager $extension_manager = null) { $this->path_helper = $path_helper; $this->phpbb_root_path = $path_helper->get_phpbb_root_path(); @@ -89,41 +92,14 @@ class twig extends \phpbb\template\base $this->user = $user; $this->context = $context; $this->extension_manager = $extension_manager; + $this->cachepath = $cache_path; + $this->twig = $twig_environment; - $this->cachepath = $this->phpbb_root_path . 'cache/twig/'; - - // Initiate the loader, __main__ namespace paths will be setup later in set_style_names() - $loader = new \phpbb\template\twig\loader(''); - - $this->twig = new \phpbb\template\twig\environment( - $this->config, - $this->path_helper, - $this->extension_manager, - $loader, - array( - 'cache' => (defined('IN_INSTALL')) ? false : $this->cachepath, - 'debug' => defined('DEBUG'), - 'auto_reload' => (bool) $this->config['load_tplcompile'], - 'autoescape' => false, - ) - ); - - $this->twig->addExtension( - new \phpbb\template\twig\extension( - $this->context, - $this->user - ) - ); - - if (defined('DEBUG')) + foreach ($extensions as $extension) { - $this->twig->addExtension(new \Twig_Extension_Debug()); + $this->twig->addExtension($extension); } - $lexer = new \phpbb\template\twig\lexer($this->twig); - - $this->twig->setLexer($lexer); - // Add admin namespace if ($this->path_helper->get_adm_relative_path() !== null && is_dir($this->phpbb_root_path . $this->path_helper->get_adm_relative_path() . 'style/')) { @@ -194,13 +170,24 @@ class twig extends \phpbb\template\base { $path = $this->phpbb_root_path . trim($directory, '/') . "/{$name}/"; $template_path = $path . 'template/'; + $theme_path = $path . 'theme/'; + $is_valid_dir = false; if (is_dir($template_path)) { + $is_valid_dir = true; + $paths[] = $template_path; + } + if (is_dir($theme_path)) + { + $is_valid_dir = true; + $paths[] = $theme_path; + } + + if ($is_valid_dir) + { // Add the base style directory as a safe directory $this->twig->getLoader()->addSafeDirectory($path); - - $paths[] = $template_path; } } } @@ -258,25 +245,38 @@ class twig extends \phpbb\template\base { $ext_style_template_path = $ext_path . $template_dir['ext_path']; $ext_style_path = dirname($ext_style_template_path); + $ext_style_theme_path = $ext_style_path . 'theme/'; } else { $ext_style_path = $ext_path . 'styles/' . $template_dir['name'] . '/'; $ext_style_template_path = $ext_style_path . 'template/'; + $ext_style_theme_path = $ext_style_path . 'theme/'; } } else { $ext_style_path = $ext_path . 'styles/' . $template_dir . '/'; $ext_style_template_path = $ext_style_path . 'template/'; + $ext_style_theme_path = $ext_style_path . 'theme/'; } + $ok = false; if (is_dir($ext_style_template_path)) { + $ok = true; + $paths[] = $ext_style_template_path; + } + if (is_dir($ext_style_theme_path)) + { + $ok = true; + $paths[] = $ext_style_theme_path; + } + + if ($ok) + { // Add the base style directory as a safe directory $this->twig->getLoader()->addSafeDirectory($ext_style_path); - - $paths[] = $ext_style_template_path; } } diff --git a/phpBB/phpbb/version_helper.php b/phpBB/phpbb/version_helper.php index 96386f6d04..c3c3602944 100644 --- a/phpBB/phpbb/version_helper.php +++ b/phpBB/phpbb/version_helper.php @@ -271,7 +271,7 @@ class version_helper { foreach ($branches as $branch => $branch_data) { - $info[$stability][$branch]['announcement'] = str_replace('&', '&', $branch_data['announcement']); + $info[$stability][$branch]['announcement'] = (!empty($branch_data['announcement'])) ? str_replace('&', '&', $branch_data['announcement']) : ''; } } |