diff options
Diffstat (limited to 'phpBB/phpbb')
32 files changed, 880 insertions, 90 deletions
diff --git a/phpBB/phpbb/auth/provider/oauth/oauth.php b/phpBB/phpbb/auth/provider/oauth/oauth.php index c7ebd1fb7f..e3f8394bba 100644 --- a/phpBB/phpbb/auth/provider/oauth/oauth.php +++ b/phpBB/phpbb/auth/provider/oauth/oauth.php @@ -191,7 +191,7 @@ class oauth extends \phpbb\auth\provider\base return $provider->login($username, $password); } - // Requst the name of the OAuth service + // Request the name of the OAuth service $service_name_original = $this->request->variable('oauth_service', '', false); $service_name = 'auth.provider.oauth.service.' . strtolower($service_name_original); if ($service_name_original === '' || !array_key_exists($service_name, $this->service_providers)) @@ -216,10 +216,15 @@ class oauth extends \phpbb\auth\provider\base $this->service_providers[$service_name]->set_external_service_provider($service); $unique_id = $this->service_providers[$service_name]->perform_auth_login(); - // Check to see if this provider is already assosciated with an account + /** + * Check to see if this provider is already associated with an account. + * + * Enforcing a data type to make data contains strings and not integers, + * so values are quoted in the SQL WHERE statement. + */ $data = array( - 'provider' => $service_name_original, - 'oauth_provider_id' => $unique_id + 'provider' => (string) $service_name_original, + 'oauth_provider_id' => (string) $unique_id ); $sql = 'SELECT user_id FROM ' . $this->auth_provider_oauth_token_account_assoc . ' @@ -264,7 +269,7 @@ class oauth extends \phpbb\auth\provider\base } // Retrieve the user's account - $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type, user_login_attempts + $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_ip, user_type, user_login_attempts FROM ' . $this->users_table . ' WHERE user_id = ' . (int) $row['user_id']; $result = $this->db->sql_query($sql); @@ -276,11 +281,36 @@ class oauth extends \phpbb\auth\provider\base throw new \Exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_ENTRY'); } + /** + * Check if the user is banned. + * The fourth parameter, return, has to be true, + * otherwise the OAuth login is still called and + * an uncaught exception is thrown as there is no + * token stored in the database. + */ + $ban = $this->user->check_ban($row['user_id'], $row['user_ip'], $row['user_email'], true); + if (!empty($ban)) + { + $till_date = !empty($ban['ban_end']) ? $this->user->format_date($ban['ban_end']) : ''; + $message = !empty($ban['ban_end']) ? 'BOARD_BAN_TIME' : 'BOARD_BAN_PERM'; + + $contact_link = phpbb_get_board_contact_link($this->config, $this->phpbb_root_path, $this->php_ext); + $message = $this->user->lang($message, $till_date, '<a href="' . $contact_link . '">', '</a>'); + $message .= !empty($ban['ban_give_reason']) ? '<br /><br />' . $this->user->lang('BOARD_BAN_REASON', $ban['ban_give_reason']) : ''; + $message .= !empty($ban['ban_triggered_by']) ? '<br /><br /><em>' . $this->user->lang('BAN_TRIGGERED_BY_' . strtoupper($ban['ban_triggered_by'])) . '</em>' : ''; + + return array( + 'status' => LOGIN_BREAK, + 'error_msg' => $message, + 'user_row' => $row, + ); + } + // Update token storage to store the user_id $storage->set_user_id($row['user_id']); /** - * Event is triggered after user is successfuly logged in via OAuth. + * Event is triggered after user is successfully logged in via OAuth. * * @event core.auth_oauth_login_after * @var array row User row @@ -398,7 +428,7 @@ class oauth extends \phpbb\auth\provider\base if ($credentials['key'] && $credentials['secret']) { $actual_name = str_replace('auth.provider.oauth.service.', '', $service_name); - $redirect_url = build_url(false) . '&login=external&oauth_service=' . $actual_name; + $redirect_url = generate_board_url() . '/ucp.' . $this->php_ext . '?mode=login&login=external&oauth_service=' . $actual_name; $login_data['BLOCK_VARS'][$service_name] = array( 'REDIRECT_URL' => redirect($redirect_url, true), 'SERVICE_NAME' => $this->user->lang['AUTH_PROVIDER_OAUTH_SERVICE_' . strtoupper($actual_name)], @@ -609,6 +639,21 @@ class oauth extends \phpbb\auth\provider\base */ protected function link_account_perform_link(array $data) { + // Check if the external account is already associated with other user + $sql = 'SELECT user_id + FROM ' . $this->auth_provider_oauth_token_account_assoc . " + WHERE provider = '" . $this->db->sql_escape($data['provider']) . "' + AND oauth_provider_id = '" . $this->db->sql_escape($data['oauth_provider_id']) . "'"; + $result = $this->db->sql_query($sql); + $row = $this->db->sql_fetchrow($result); + $this->db->sql_freeresult($result); + + if ($row) + { + trigger_error('AUTH_PROVIDER_OAUTH_ERROR_ALREADY_LINKED'); + } + + // Link account $sql = 'INSERT INTO ' . $this->auth_provider_oauth_token_account_assoc . ' ' . $this->db->sql_build_array('INSERT', $data); $this->db->sql_query($sql); @@ -714,7 +759,7 @@ class oauth extends \phpbb\auth\provider\base AND user_id = " . (int) $user_id; $this->db->sql_query($sql); - // Clear all tokens belonging to the user on this servce + // Clear all tokens belonging to the user on this service $service_name = 'auth.provider.oauth.service.' . strtolower($link_data['oauth_service']); $storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table, $this->auth_provider_oauth_state_table); $storage->clearToken($service_name); diff --git a/phpBB/phpbb/auth/provider/provider_interface.php b/phpBB/phpbb/auth/provider/provider_interface.php index 35e0f559a1..463324ff46 100644 --- a/phpBB/phpbb/auth/provider/provider_interface.php +++ b/phpBB/phpbb/auth/provider/provider_interface.php @@ -71,9 +71,10 @@ interface provider_interface * options with whatever configuraton values are passed to it as an array. * It then returns the name of the acp file related to this authentication * provider. - * @param array $new_config Contains the new configuration values that - * have been set in acp_board. - * @return array|null Returns null if not implemented or an array with + * + * @param \phpbb\config\config $new_config Contains the new configuration values + * that have been set in acp_board. + * @return array|null Returns null if not implemented or an array with * the template file name and an array of the vars * that the template needs that must conform to the * following example: diff --git a/phpBB/phpbb/avatar/driver/upload.php b/phpBB/phpbb/avatar/driver/upload.php index 77b44754ac..a012bb15b6 100644 --- a/phpBB/phpbb/avatar/driver/upload.php +++ b/phpBB/phpbb/avatar/driver/upload.php @@ -148,7 +148,8 @@ class upload extends \phpbb\avatar\driver\driver // Do not allow specifying the port (see RFC 3986) or IP addresses // remote_upload() will do its own check for allowed filetypes - if (preg_match('@^(http|https|ftp)://[^/:?#]+:[0-9]+[/:?#]@i', $url) || + if (!preg_match('#^(http|https|ftp)://(?:(.*?\.)*?[a-z0-9\-]+?\.[a-z]{2,4}|(?:\d{1,3}\.){3,5}\d{1,3}):?([0-9]*?).*?\.('. implode('|', $this->allowed_extensions) . ')$#i', $url) || + preg_match('@^(http|https|ftp)://[^/:?#]+:[0-9]+[/:?#]@i', $url) || preg_match('#^(http|https|ftp)://(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])#i', $url) || preg_match('#^(http|https|ftp)://(?:(?:(?:[\dA-F]{1,4}:){6}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:::(?:[\dA-F]{1,4}:){0,5}(?:[\dA-F]{1,4}(?::[\dA-F]{1,4})?|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:):(?:[\dA-F]{1,4}:){4}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,2}:(?:[\dA-F]{1,4}:){3}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,3}:(?:[\dA-F]{1,4}:){2}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,4}:(?:[\dA-F]{1,4}:)(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,5}:(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,6}:[\dA-F]{1,4})|(?:(?:[\dA-F]{1,4}:){1,7}:)|(?:::))#i', $url)) { diff --git a/phpBB/phpbb/avatar/manager.php b/phpBB/phpbb/avatar/manager.php index 6d9604db04..a909a91042 100644 --- a/phpBB/phpbb/avatar/manager.php +++ b/phpBB/phpbb/avatar/manager.php @@ -271,7 +271,7 @@ class manager $config_name = $driver->get_config_name(); return array( - 'allow_avatar_' . $config_name => array('lang' => 'ALLOW_' . strtoupper(str_replace('\\', '_', $config_name)), 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), + 'allow_avatar_' . $config_name => array('lang' => 'ALLOW_' . strtoupper(str_replace('\\', '_', $config_name)), 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), ); } diff --git a/phpBB/phpbb/captcha/plugins/qa.php b/phpBB/phpbb/captcha/plugins/qa.php index 70b3f72cc3..966b8d32f2 100644 --- a/phpBB/phpbb/captcha/plugins/qa.php +++ b/phpBB/phpbb/captcha/plugins/qa.php @@ -21,7 +21,7 @@ class qa { var $confirm_id; var $answer; - var $question_ids; + var $question_ids = []; var $question_text; var $question_lang; var $question_strict; diff --git a/phpBB/phpbb/db/driver/mysqli.php b/phpBB/phpbb/db/driver/mysqli.php index d43e201526..b429ad97aa 100644 --- a/phpBB/phpbb/db/driver/mysqli.php +++ b/phpBB/phpbb/db/driver/mysqli.php @@ -68,6 +68,9 @@ class mysqli extends \phpbb\db\driver\mysql_base if ($this->db_connect_id && $this->dbname != '') { + // Disable loading local files on client side + @mysqli_options($this->db_connect_id, MYSQLI_OPT_LOCAL_INFILE, false); + @mysqli_query($this->db_connect_id, "SET NAMES 'utf8'"); // enforce strict mode on databases that support it diff --git a/phpBB/phpbb/db/migration/data/v32x/disable_remote_avatar.php b/phpBB/phpbb/db/migration/data/v32x/disable_remote_avatar.php new file mode 100644 index 0000000000..b08833fad4 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v32x/disable_remote_avatar.php @@ -0,0 +1,34 @@ +<?php +/** + * + * This file is part of the phpBB Forum Software package. + * + * @copyright (c) phpBB Limited <https://www.phpbb.com> + * @license GNU General Public License, version 2 (GPL-2.0) + * + * For full copyright and license information, please see + * the docs/CREDITS.txt file. + * + */ + +namespace phpbb\db\migration\data\v32x; + +use phpbb\db\migration\migration; + +class disable_remote_avatar extends migration +{ + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v32x\v325', + ); + } + + public function update_data() + { + return array( + array('config.update', array('allow_avatar_remote', '0')), + array('config.update', array('allow_avatar_remote_upload', '0')), + ); + } +} diff --git a/phpBB/phpbb/db/migration/data/v32x/smtp_dynamic_data.php b/phpBB/phpbb/db/migration/data/v32x/smtp_dynamic_data.php new file mode 100644 index 0000000000..aeaa3e8979 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v32x/smtp_dynamic_data.php @@ -0,0 +1,42 @@ +<?php +/** + * + * This file is part of the phpBB Forum Software package. + * + * @copyright (c) phpBB Limited <https://www.phpbb.com> + * @license GNU General Public License, version 2 (GPL-2.0) + * + * For full copyright and license information, please see + * the docs/CREDITS.txt file. + * + */ + +namespace phpbb\db\migration\data\v32x; + +class smtp_dynamic_data extends \phpbb\db\migration\migration +{ + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v32x\v326rc1', + ); + } + + public function update_data() + { + return array( + array('custom', array(array($this, 'set_smtp_dynamic'))), + ); + } + + public function set_smtp_dynamic() + { + $smtp_auth_entries = [ + 'smtp_password', + 'smtp_username', + ]; + $this->sql_query('UPDATE ' . CONFIG_TABLE . ' + SET is_dynamic = 1 + WHERE ' . $this->db->sql_in_set('config_name', $smtp_auth_entries)); + } +} diff --git a/phpBB/phpbb/db/migration/data/v32x/timezone_p3.php b/phpBB/phpbb/db/migration/data/v32x/timezone_p3.php new file mode 100644 index 0000000000..433f62ace9 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v32x/timezone_p3.php @@ -0,0 +1,29 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v32x; + +class timezone_p3 extends \phpbb\db\migration\migration +{ + static public function depends_on() + { + return array('\phpbb\db\migration\data\v310\timezone'); + } + + public function update_data() + { + return array( + array('config.remove', array('board_dst')), + ); + } +} diff --git a/phpBB/phpbb/db/migration/data/v32x/v326.php b/phpBB/phpbb/db/migration/data/v32x/v326.php new file mode 100644 index 0000000000..2d511b9ed8 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v32x/v326.php @@ -0,0 +1,39 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v32x; + +class v326 extends \phpbb\db\migration\migration +{ + public function effectively_installed() + { + return phpbb_version_compare($this->config['version'], '3.2.6', '>='); + } + + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v32x\v326rc1', + '\phpbb\db\migration\data\v32x\disable_remote_avatar', + '\phpbb\db\migration\data\v32x\smtp_dynamic_data', + ); + + } + + public function update_data() + { + return array( + array('config.update', array('version', '3.2.6')), + ); + } +} diff --git a/phpBB/phpbb/db/migration/data/v32x/v326rc1.php b/phpBB/phpbb/db/migration/data/v32x/v326rc1.php new file mode 100644 index 0000000000..092700d3db --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v32x/v326rc1.php @@ -0,0 +1,37 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v32x; + +class v326rc1 extends \phpbb\db\migration\migration +{ + public function effectively_installed() + { + return phpbb_version_compare($this->config['version'], '3.2.6-RC1', '>='); + } + + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v32x\v325', + ); + + } + + public function update_data() + { + return array( + array('config.update', array('version', '3.2.6-RC1')), + ); + } +} diff --git a/phpBB/phpbb/db/migration/data/v32x/v327.php b/phpBB/phpbb/db/migration/data/v32x/v327.php new file mode 100644 index 0000000000..f9ea11f4b9 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v32x/v327.php @@ -0,0 +1,37 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v32x; + +class v327 extends \phpbb\db\migration\migration +{ + public function effectively_installed() + { + return phpbb_version_compare($this->config['version'], '3.2.7', '>='); + } + + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v32x\v327rc1', + ); + + } + + public function update_data() + { + return array( + array('config.update', array('version', '3.2.7')), + ); + } +} diff --git a/phpBB/phpbb/db/migration/data/v32x/v327rc1.php b/phpBB/phpbb/db/migration/data/v32x/v327rc1.php new file mode 100644 index 0000000000..c8169105af --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v32x/v327rc1.php @@ -0,0 +1,36 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v32x; + +class v327rc1 extends \phpbb\db\migration\migration +{ + public function effectively_installed() + { + return phpbb_version_compare($this->config['version'], '3.2.7-RC1', '>='); + } + + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v32x\v326', + ); + } + + public function update_data() + { + return array( + array('config.update', array('version', '3.2.7-RC1')), + ); + } +} diff --git a/phpBB/phpbb/db/migration/data/v32x/v328.php b/phpBB/phpbb/db/migration/data/v32x/v328.php new file mode 100644 index 0000000000..28ff2c7033 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v32x/v328.php @@ -0,0 +1,36 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v32x; + +class v328 extends \phpbb\db\migration\migration +{ + public function effectively_installed() + { + return phpbb_version_compare($this->config['version'], '3.2.8', '>='); + } + + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v32x\v328rc1', + ); + } + + public function update_data() + { + return array( + array('config.update', array('version', '3.2.8')), + ); + } +} diff --git a/phpBB/phpbb/db/migration/data/v32x/v328rc1.php b/phpBB/phpbb/db/migration/data/v32x/v328rc1.php new file mode 100644 index 0000000000..fa43cf33a7 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v32x/v328rc1.php @@ -0,0 +1,37 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v32x; + +class v328rc1 extends \phpbb\db\migration\migration +{ + public function effectively_installed() + { + return phpbb_version_compare($this->config['version'], '3.2.8-RC1', '>='); + } + + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v32x\timezone_p3', + '\phpbb\db\migration\data\v32x\v327', + ); + } + + public function update_data() + { + return array( + array('config.update', array('version', '3.2.8-RC1')), + ); + } +} diff --git a/phpBB/phpbb/db/tools/tools.php b/phpBB/phpbb/db/tools/tools.php index d21d34b8a9..c3352a1f66 100644 --- a/phpBB/phpbb/db/tools/tools.php +++ b/phpBB/phpbb/db/tools/tools.php @@ -576,7 +576,7 @@ class tools implements tools_interface { foreach ($indexes as $index_name) { - if (!$this->sql_index_exists($table, $index_name)) + if (!$this->sql_index_exists($table, $index_name) && !$this->sql_unique_index_exists($table, $index_name)) { continue; } diff --git a/phpBB/phpbb/event/md_exporter.php b/phpBB/phpbb/event/md_exporter.php index c3942bd7ce..1a2d7c989e 100644 --- a/phpBB/phpbb/event/md_exporter.php +++ b/phpBB/phpbb/event/md_exporter.php @@ -389,9 +389,16 @@ class md_exporter $files = explode("\n + ", $file_details); foreach ($files as $file) { + if (!preg_match('#^([^ ]+)( \([0-9]+\))?$#', $file)) + { + throw new \LogicException("Invalid event instances for file '{$file}' found for event '{$this->current_event}'", 1); + } + + list($file) = explode(" ", $file); + if (!file_exists($this->path . $file) || substr($file, -5) !== '.html') { - throw new \LogicException("Invalid file '{$file}' not found for event '{$this->current_event}'", 1); + throw new \LogicException("Invalid file '{$file}' not found for event '{$this->current_event}'", 2); } if (($this->filter !== 'adm') && strpos($file, 'styles/prosilver/template/') === 0) @@ -404,7 +411,7 @@ class md_exporter } else { - throw new \LogicException("Invalid file '{$file}' not found for event '{$this->current_event}'", 2); + throw new \LogicException("Invalid file '{$file}' not found for event '{$this->current_event}'", 3); } $this->events_by_file[$file][] = $this->current_event; @@ -424,7 +431,7 @@ class md_exporter } else { - throw new \LogicException("Invalid file list found for event '{$this->current_event}'", 2); + throw new \LogicException("Invalid file list found for event '{$this->current_event}'", 1); } return $files_list; diff --git a/phpBB/phpbb/filesystem/filesystem.php b/phpBB/phpbb/filesystem/filesystem.php index bfafdf5ddd..c5be284d8c 100644 --- a/phpBB/phpbb/filesystem/filesystem.php +++ b/phpBB/phpbb/filesystem/filesystem.php @@ -835,7 +835,7 @@ class filesystem implements filesystem_interface $current_path = $resolved_path . '/' . $path_part; // Resolve symlinks - if (is_link($current_path)) + if (@is_link($current_path)) { if (!function_exists('readlink')) { @@ -872,12 +872,12 @@ class filesystem implements filesystem_interface $resolved_path = false; } - else if (is_dir($current_path . '/')) + else if (@is_dir($current_path . '/')) { $resolved[] = $path_part; $resolved_path = $current_path; } - else if (is_file($current_path)) + else if (@is_file($current_path)) { $resolved[] = $path_part; $resolved_path = $current_path; diff --git a/phpBB/phpbb/group/helper.php b/phpBB/phpbb/group/helper.php index 5befddfc53..aa3876b325 100644 --- a/phpBB/phpbb/group/helper.php +++ b/phpBB/phpbb/group/helper.php @@ -13,19 +13,74 @@ namespace phpbb\group; +use phpbb\auth\auth; +use phpbb\cache\service as cache; +use phpbb\config\config; +use phpbb\language\language; +use phpbb\event\dispatcher_interface; +use phpbb\path_helper; +use phpbb\user; + class helper { - /** @var \phpbb\language\language */ + /** @var auth */ + protected $auth; + + /** @var cache */ + protected $cache; + + /** @var config */ + protected $config; + + /** @var language */ protected $language; + /** @var dispatcher_interface */ + protected $dispatcher; + + /** @var path_helper */ + protected $path_helper; + + /** @var user */ + protected $user; + + /** @var string phpBB root path */ + protected $phpbb_root_path; + + /** @var array Return templates for a group name string */ + protected $name_strings; + /** * Constructor * - * @param \phpbb\language\language $language Language object + * @param auth $auth Authentication object + * @param cache $cache Cache service object + * @param config $config Configuration object + * @param language $language Language object + * @param dispatcher_interface $dispatcher Event dispatcher object + * @param path_helper $path_helper Path helper object + * @param user $user User object */ - public function __construct(\phpbb\language\language $language) + public function __construct(auth $auth, cache $cache, config $config, language $language, dispatcher_interface $dispatcher, path_helper $path_helper, user $user) { + $this->auth = $auth; + $this->cache = $cache; + $this->config = $config; $this->language = $language; + $this->dispatcher = $dispatcher; + $this->path_helper = $path_helper; + $this->user = $user; + + $this->phpbb_root_path = $path_helper->get_phpbb_root_path(); + + /** @html Group name spans and links for usage in the template */ + $this->name_strings = array( + 'base_url' => "{$path_helper->get_phpbb_root_path()}memberlist.{$path_helper->get_php_ext()}?mode=group&g={GROUP_ID}", + 'tpl_noprofile' => '<span class="username">{GROUP_NAME}</span>', + 'tpl_noprofile_colour' => '<span class="username-coloured" style="color: {GROUP_COLOUR};">{GROUP_NAME}</span>', + 'tpl_profile' => '<a class="username" href="{PROFILE_URL}">{GROUP_NAME}</a>', + 'tpl_profile_colour' => '<a class="username-coloured" href="{PROFILE_URL}" style="color: {GROUP_COLOUR};">{GROUP_NAME}</a>', + ); } /** @@ -37,4 +92,203 @@ class helper { return $this->language->is_set('G_' . utf8_strtoupper($group_name)) ? $this->language->lang('G_' . utf8_strtoupper($group_name)) : $group_name; } + + /** + * Get group name details for placing into templates. + * + * @html Group name spans and links + * + * @param string $mode Profile (for getting an url to the profile), + * group_name (for obtaining the group name), + * colour (for obtaining the group colour), + * full (for obtaining a coloured group name link to the group's profile), + * no_profile (the same as full but forcing no profile link) + * @param int $group_id The group id + * @param string $group_name The group name + * @param string $group_colour The group colour + * @param mixed $custom_profile_url optional parameter to specify a profile url. The group id gets appended to this url as &g={group_id} + * + * @return string A string consisting of what is wanted based on $mode. + */ + public function get_name_string($mode, $group_id, $group_name, $group_colour = '', $custom_profile_url = false) + { + $s_is_bots = ($group_name === 'BOTS'); + + // This switch makes sure we only run code required for the mode + switch ($mode) + { + case 'full': + case 'no_profile': + case 'colour': + + // Build correct group colour + $group_colour = $group_colour ? '#' . $group_colour : ''; + + // Return colour + if ($mode === 'colour') + { + $group_name_string = $group_colour; + break; + } + + // no break; + + case 'group_name': + + // Build correct group name + $group_name = $this->get_name($group_name); + + // Return group name + if ($mode === 'group_name') + { + $group_name_string = $group_name; + break; + } + + // no break; + + case 'profile': + + // Build correct profile url - only show if not anonymous and permission to view profile if registered user + // For anonymous the link leads to a login page. + if ($group_id && !$s_is_bots && ($this->user->data['user_id'] == ANONYMOUS || $this->auth->acl_get('u_viewprofile'))) + { + $profile_url = ($custom_profile_url !== false) ? $custom_profile_url . '&g=' . (int) $group_id : str_replace(array('={GROUP_ID}', '=%7BGROUP_ID%7D'), '=' . (int) $group_id, append_sid($this->name_strings['base_url'])); + } + else + { + $profile_url = ''; + } + + // Return profile + if ($mode === 'profile') + { + $group_name_string = $profile_url; + break; + } + + // no break; + } + + if (!isset($group_name_string)) + { + if (($mode === 'full' && empty($profile_url)) || $mode === 'no_profile' || $s_is_bots) + { + $group_name_string = str_replace(array('{GROUP_COLOUR}', '{GROUP_NAME}'), array($group_colour, $group_name), (!$group_colour) ? $this->name_strings['tpl_noprofile'] : $this->name_strings['tpl_noprofile_colour']); + } + else + { + $group_name_string = str_replace(array('{PROFILE_URL}', '{GROUP_COLOUR}', '{GROUP_NAME}'), array($profile_url, $group_colour, $group_name), (!$group_colour) ? $this->name_strings['tpl_profile'] : $this->name_strings['tpl_profile_colour']); + } + } + + $name_strings = $this->name_strings; + + /** + * Use this event to change the output of the group name + * + * @event core.modify_group_name_string + * @var string mode profile|group_name|colour|full|no_profile + * @var int group_id The group identifier + * @var string group_name The group name + * @var string group_colour The group colour + * @var string custom_profile_url Optional parameter to specify a profile url. + * @var string group_name_string The string that has been generated + * @var array name_strings Array of original return templates + * @since 3.2.8-RC1 + */ + $vars = array( + 'mode', + 'group_id', + 'group_name', + 'group_colour', + 'custom_profile_url', + 'group_name_string', + 'name_strings', + ); + extract($this->dispatcher->trigger_event('core.modify_group_name_string', compact($vars))); + + return $group_name_string; + } + + /** + * Get group rank title and image + * + * @html Group rank image element + * + * @param array $group_data The current stored group data + * + * @return array An associative array containing the rank title (title), + * the rank image as full img tag (img) and the rank image source (img_src) + */ + public function get_rank($group_data) + { + $group_rank_data = array( + 'title' => null, + 'img' => null, + 'img_src' => null, + ); + + /** + * Preparing a group's rank before displaying + * + * @event core.get_group_rank_before + * @var array group_data Array with group's data + * @since 3.2.8-RC1 + */ + + $vars = array('group_data'); + extract($this->dispatcher->trigger_event('core.get_group_rank_before', compact($vars))); + + if (!empty($group_data['group_rank'])) + { + // Only obtain ranks if group rank is set + $ranks = $this->cache->obtain_ranks(); + + if (isset($ranks['special'][$group_data['group_rank']])) + { + $rank = $ranks['special'][$group_data['group_rank']]; + + $group_rank_data['title'] = $rank['rank_title']; + + $group_rank_data['img_src'] = (!empty($rank['rank_image'])) ? $this->path_helper->update_web_root_path($this->phpbb_root_path . $this->config['ranks_path'] . '/' . $rank['rank_image']) : ''; + + /** @html Group rank image element for usage in the template */ + $group_rank_data['img'] = (!empty($rank['rank_image'])) ? '<img src="' . $group_rank_data['img_src'] . '" alt="' . $rank['rank_title'] . '" title="' . $rank['rank_title'] . '" />' : ''; + } + } + + /** + * Modify a group's rank before displaying + * + * @event core.get_group_rank_after + * @var array group_data Array with group's data + * @var array group_rank_data Group rank data + * @since 3.2.8-RC1 + */ + + $vars = array( + 'group_data', + 'group_rank_data', + ); + extract($this->dispatcher->trigger_event('core.get_group_rank_after', compact($vars))); + + return $group_rank_data; + } + + /** + * Get group avatar. + * Wrapper function for phpbb_get_group_avatar() + * + * @param array $group_row Row from the groups table + * @param string $alt Optional language string for alt tag within image, can be a language key or text + * @param bool $ignore_config Ignores the config-setting, to be still able to view the avatar in the UCP + * @param bool $lazy If true, will be lazy loaded (requires JS) + * + * @return string Avatar html + */ + function get_avatar($group_row, $alt = 'GROUP_AVATAR', $ignore_config = false, $lazy = false) + { + return phpbb_get_group_avatar($group_row, $alt, $ignore_config, $lazy); + } } diff --git a/phpBB/phpbb/install/helper/config.php b/phpBB/phpbb/install/helper/config.php index fad6749019..7eb0ae3b05 100644 --- a/phpBB/phpbb/install/helper/config.php +++ b/phpBB/phpbb/install/helper/config.php @@ -330,6 +330,8 @@ class config fwrite($fp, $file_content); fclose($fp); + // Enforce 0600 permission for install config + $this->filesystem->chmod([$this->install_config_file], 0600); } /** diff --git a/phpBB/phpbb/message/form.php b/phpBB/phpbb/message/form.php index 63bada91ff..6573a04f8b 100644 --- a/phpBB/phpbb/message/form.php +++ b/phpBB/phpbb/message/form.php @@ -136,7 +136,7 @@ abstract class form { if (!check_form_key('memberlist_email')) { - $this->errors[] = 'FORM_INVALID'; + $this->errors[] = $this->user->lang('FORM_INVALID'); } if (!count($this->errors)) diff --git a/phpBB/phpbb/plupload/plupload.php b/phpBB/phpbb/plupload/plupload.php index eb698fb35d..5a5b8a1874 100644 --- a/phpBB/phpbb/plupload/plupload.php +++ b/phpBB/phpbb/plupload/plupload.php @@ -216,38 +216,36 @@ class plupload } /** - * Looks at the list of allowed extensions and generates a string - * appropriate for use in configuring plupload with - * - * @param \phpbb\cache\service $cache - * @param string $forum_id The ID of the forum - * - * @return string - */ + * Looks at the list of allowed extensions and generates a string + * appropriate for use in configuring plupload with + * + * @param \phpbb\cache\service $cache Cache service object + * @param string $forum_id The forum identifier + * + * @return string + */ public function generate_filter_string(\phpbb\cache\service $cache, $forum_id) { + $groups = []; + $filters = []; + $attach_extensions = $cache->obtain_attach_extensions($forum_id); unset($attach_extensions['_allowed_']); - $groups = array(); // Re-arrange the extension array to $groups[$group_name][] foreach ($attach_extensions as $extension => $extension_info) { - if (!isset($groups[$extension_info['group_name']])) - { - $groups[$extension_info['group_name']] = array(); - } - - $groups[$extension_info['group_name']][] = $extension; + $groups[$extension_info['group_name']]['extensions'][] = $extension; + $groups[$extension_info['group_name']]['max_file_size'] = (int) $extension_info['max_filesize']; } - $filters = array(); - foreach ($groups as $group => $extensions) + foreach ($groups as $group => $group_info) { $filters[] = sprintf( - "{title: '%s', extensions: '%s'}", + "{title: '%s', extensions: '%s', max_file_size: %s}", addslashes(ucfirst(strtolower($group))), - addslashes(implode(',', $extensions)) + addslashes(implode(',', $group_info['extensions'])), + $group_info['max_file_size'] ); } @@ -276,22 +274,37 @@ class plupload } /** - * Checks various php.ini values and the maximum file size to determine - * the maximum size chunks a file can be split up into for upload - * - * @return int - */ + * Checks various php.ini values to determine the maximum chunk + * size a file should be split into for upload. + * + * The intention is to calculate a value which reflects whatever + * the most restrictive limit is set to. And to then set the chunk + * size to half that value, to ensure any required transfer overhead + * and POST data remains well within the limit. Or, if all of the + * limits are set to unlimited, the chunk size will also be unlimited. + * + * @return int + * + * @access public + */ public function get_chunk_size() { - $max = min( + $max = 0; + + $limits = [ + $this->php_ini->getBytes('memory_limit'), $this->php_ini->getBytes('upload_max_filesize'), $this->php_ini->getBytes('post_max_size'), - max(1, $this->php_ini->getBytes('memory_limit')), - $this->config['max_filesize'] - ); + ]; + + foreach ($limits as $limit_type) + { + if ($limit_type > 0) + { + $max = ($max !== 0) ? min($limit_type, $max) : $limit_type; + } + } - // Use half of the maximum possible to leave plenty of room for other - // POST data. return floor($max / 2); } diff --git a/phpBB/phpbb/search/fulltext_mysql.php b/phpBB/phpbb/search/fulltext_mysql.php index 137ed7433d..1105d0892f 100644 --- a/phpBB/phpbb/search/fulltext_mysql.php +++ b/phpBB/phpbb/search/fulltext_mysql.php @@ -188,7 +188,7 @@ class fulltext_mysql extends \phpbb\search\base } $sql = 'SHOW VARIABLES - LIKE \'ft\_%\''; + LIKE \'%ft\_%\''; $result = $this->db->sql_query($sql); $mysql_info = array(); @@ -198,8 +198,16 @@ class fulltext_mysql extends \phpbb\search\base } $this->db->sql_freeresult($result); - $this->config->set('fulltext_mysql_max_word_len', $mysql_info['ft_max_word_len']); - $this->config->set('fulltext_mysql_min_word_len', $mysql_info['ft_min_word_len']); + if ($engine === 'MyISAM') + { + $this->config->set('fulltext_mysql_max_word_len', $mysql_info['ft_max_word_len']); + $this->config->set('fulltext_mysql_min_word_len', $mysql_info['ft_min_word_len']); + } + else if ($engine === 'InnoDB') + { + $this->config->set('fulltext_mysql_max_word_len', $mysql_info['innodb_ft_max_token_size']); + $this->config->set('fulltext_mysql_min_word_len', $mysql_info['innodb_ft_min_token_size']); + } return false; } diff --git a/phpBB/phpbb/search/fulltext_native.php b/phpBB/phpbb/search/fulltext_native.php index 4172e2cc4f..c83de75eed 100644 --- a/phpBB/phpbb/search/fulltext_native.php +++ b/phpBB/phpbb/search/fulltext_native.php @@ -190,7 +190,7 @@ class fulltext_native extends \phpbb\search\base */ public function split_keywords($keywords, $terms) { - $tokens = '+-|()*'; + $tokens = '+-|()* '; $keywords = trim($this->cleanup($keywords, $tokens)); @@ -224,12 +224,10 @@ class fulltext_native extends \phpbb\search\base $keywords[$i] = '|'; break; case '*': - if ($i === 0 || ($keywords[$i - 1] !== '*' && strcspn($keywords[$i - 1], $tokens) === 0)) + // $i can never be 0 here since $open_bracket is initialised to false + if (strpos($tokens, $keywords[$i - 1]) !== false && ($i + 1 === $n || strpos($tokens, $keywords[$i + 1]) !== false)) { - if ($i === $n - 1 || ($keywords[$i + 1] !== '*' && strcspn($keywords[$i + 1], $tokens) === 0)) - { - $keywords = substr($keywords, 0, $i) . substr($keywords, $i + 1); - } + $keywords[$i] = '|'; } break; } @@ -264,7 +262,7 @@ class fulltext_native extends \phpbb\search\base } } - if ($open_bracket) + if ($open_bracket !== false) { $keywords .= ')'; } @@ -307,6 +305,20 @@ class fulltext_native extends \phpbb\search\base } } + // Remove non trailing wildcards from each word to prevent a full table scan (it's now using the database index) + $match = '#\*(?!$|\s)#'; + $replace = '$1'; + $keywords = preg_replace($match, $replace, $keywords); + + // Only allow one wildcard in the search query to limit the database load + $match = '#\*#'; + $replace = '$1'; + $count_wildcards = substr_count($keywords, '*'); + + // Reverse the string to remove all wildcards except the first one + $keywords = strrev(preg_replace($match, $replace, strrev($keywords), $count_wildcards - 1)); + unset($count_wildcards); + // set the search_query which is shown to the user $this->search_query = $keywords; @@ -409,8 +421,16 @@ class fulltext_native extends \phpbb\search\base { if (strpos($word_part, '*') !== false) { - $id_words[] = '\'' . $this->db->sql_escape(str_replace('*', '%', $word_part)) . '\''; - $non_common_words[] = $word_part; + $len = utf8_strlen(str_replace('*', '', $word_part)); + if ($len >= $this->word_length['min'] && $len <= $this->word_length['max']) + { + $id_words[] = '\'' . $this->db->sql_escape(str_replace('*', '%', $word_part)) . '\''; + $non_common_words[] = $word_part; + } + else + { + $this->common_words[] = $word_part; + } } else if (isset($words[$word_part])) { diff --git a/phpBB/phpbb/search/fulltext_sphinx.php b/phpBB/phpbb/search/fulltext_sphinx.php index 2c2eb84dc7..e4617903c2 100644 --- a/phpBB/phpbb/search/fulltext_sphinx.php +++ b/phpBB/phpbb/search/fulltext_sphinx.php @@ -644,7 +644,7 @@ class fulltext_sphinx $this->sphinx->SetFilter('deleted', array(0)); - $this->sphinx->SetLimits((int) $start, (int) $per_page, SPHINX_MAX_MATCHES); + $this->sphinx->SetLimits((int) $start, (int) $per_page, max(SPHINX_MAX_MATCHES, (int) $start + $per_page)); $result = $this->sphinx->Query($search_query_prefix . $this->sphinx->EscapeString(str_replace('"', '"', $this->search_query)), $this->indexes); // Could be connection to localhost:9312 failed (errno=111, @@ -675,7 +675,7 @@ class fulltext_sphinx { $start = floor(($result_count - 1) / $per_page) * $per_page; - $this->sphinx->SetLimits((int) $start, (int) $per_page, SPHINX_MAX_MATCHES); + $this->sphinx->SetLimits((int) $start, (int) $per_page, max(SPHINX_MAX_MATCHES, (int) $start + $per_page)); $result = $this->sphinx->Query($search_query_prefix . $this->sphinx->EscapeString(str_replace('"', '"', $this->search_query)), $this->indexes); // Could be connection to localhost:9312 failed (errno=111, diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php index 80934dc411..cc5a1b8f8f 100644 --- a/phpBB/phpbb/session.php +++ b/phpBB/phpbb/session.php @@ -1077,7 +1077,7 @@ class session */ function set_cookie($name, $cookiedata, $cookietime, $httponly = true) { - global $config; + global $config, $phpbb_dispatcher; // If headers are already set, we just return if (headers_sent()) @@ -1085,6 +1085,32 @@ class session return; } + $disable_cookie = false; + /** + * Event to modify or disable setting cookies + * + * @event core.set_cookie + * @var bool disable_cookie Set to true to disable setting this cookie + * @var string name Name of the cookie + * @var string cookiedata The data to hold within the cookie + * @var int cookietime The expiration time as UNIX timestamp + * @var bool httponly Use HttpOnly? + * @since 3.2.9-RC1 + */ + $vars = array( + 'disable_cookie', + 'name', + 'cookiedata', + 'cookietime', + 'httponly', + ); + extract($phpbb_dispatcher->trigger_event('core.set_cookie', compact($vars))); + + if ($disable_cookie) + { + return; + } + $name_data = rawurlencode($config['cookie_name'] . '_' . $name) . '=' . rawurlencode($cookiedata); $expire = gmdate('D, d-M-Y H:i:s \\G\\M\\T', $cookietime); $domain = (!$config['cookie_domain'] || $config['cookie_domain'] == '127.0.0.1' || strpos($config['cookie_domain'], '.') === false) ? '' : '; domain=' . $config['cookie_domain']; @@ -1299,7 +1325,12 @@ class session trigger_error($message); } - return ($banned && $ban_row['ban_give_reason']) ? $ban_row['ban_give_reason'] : $banned; + if (!empty($ban_row)) + { + $ban_row['ban_triggered_by'] = $ban_triggered_by; + } + + return ($banned && $ban_row) ? $ban_row : $banned; } /** diff --git a/phpBB/phpbb/textformatter/s9e/bbcode_merger.php b/phpBB/phpbb/textformatter/s9e/bbcode_merger.php index a05ca3c2b8..264eb93782 100644 --- a/phpBB/phpbb/textformatter/s9e/bbcode_merger.php +++ b/phpBB/phpbb/textformatter/s9e/bbcode_merger.php @@ -50,7 +50,7 @@ class bbcode_merger $with = $this->create_bbcode($with); // Select the appropriate strategy for merging this BBCode - if ($this->is_content_bbcode($without, $with)) + if (!$this->is_optional_bbcode($without, $with) && $this->is_content_bbcode($without, $with)) { $merged = $this->merge_content_bbcode($without, $with); } @@ -107,12 +107,12 @@ class bbcode_merger /** * Test whether the two definitions form a "content"-style BBCode * - * Such BBCodes include the [URL] BBCode, which uses its text content as + * Such BBCodes include the [url] BBCode, which uses its text content as * attribute if none is provided * * @param array $without BBCode definition without an attribute * @param array $with BBCode definition with an attribute - * @return array Merged definition + * @return bool */ protected function is_content_bbcode(array $without, array $with) { @@ -123,6 +123,22 @@ class bbcode_merger } /** + * Test whether the two definitions form BBCode with an optional attribute + * + * @param array $without BBCode definition without an attribute + * @param array $with BBCode definition with an attribute + * @return bool + */ + protected function is_optional_bbcode(array $without, array $with) + { + // Remove the default attribute from the definition + $with['usage'] = preg_replace('(=[^\\]]++)', '', $with['usage']); + + // Test whether both definitions are the same, regardless of case + return strcasecmp($without['usage'], $with['usage']) === 0; + } + + /** * Merge the two BBCode definitions of a "content"-style BBCode * * @param array $without BBCode definition without an attribute @@ -131,7 +147,7 @@ class bbcode_merger */ protected function merge_content_bbcode(array $without, array $with) { - // Convert [X={X}] into [X={X;useContent}] + // Convert [x={X}] into [x={X;useContent}] $usage = preg_replace('(\\})', ';useContent}', $with['usage'], 1); // Use the template from the definition that uses an attribute @@ -143,7 +159,7 @@ class bbcode_merger /** * Merge the two BBCode definitions of a BBCode with an optional argument * - * Such BBCodes include the [QUOTE] BBCode, which takes an optional argument + * Such BBCodes include the [quote] BBCode, which takes an optional argument * but otherwise does not behave differently * * @param array $without BBCode definition without an attribute diff --git a/phpBB/phpbb/textformatter/s9e/factory.php b/phpBB/phpbb/textformatter/s9e/factory.php index 6191b9a315..f82c7b0771 100644 --- a/phpBB/phpbb/textformatter/s9e/factory.php +++ b/phpBB/phpbb/textformatter/s9e/factory.php @@ -89,6 +89,8 @@ class factory implements \phpbb\textformatter\cache_interface author={TEXT1;optional} post_id={UINT;optional} post_url={URL;optional;postFilter=#false} + msg_id={UINT;optional} + msg_url={URL;optional;postFilter=#false} profile_url={URL;optional;postFilter=#false} time={UINT;optional} url={URL;optional} @@ -110,7 +112,7 @@ class factory implements \phpbb\textformatter\cache_interface 'i' => '<span style="font-style: italic"><xsl:apply-templates/></span>', 'u' => '<span style="text-decoration: underline"><xsl:apply-templates/></span>', 'img' => '<img src="{IMAGEURL}" class="postimage" alt="{L_IMAGE}"/>', - 'size' => '<span style="font-size: {FONTSIZE}%; line-height: normal"><xsl:apply-templates/></span>', + 'size' => '<span><xsl:attribute name="style"><xsl:text>font-size: </xsl:text><xsl:value-of select="substring(@size, 1, 4)"/><xsl:text>%; line-height: normal</xsl:text></xsl:attribute><xsl:apply-templates/></span>', 'color' => '<span style="color: {COLOR}"><xsl:apply-templates/></span>', 'email' => '<a> <xsl:attribute name="href"> diff --git a/phpBB/phpbb/textformatter/s9e/link_helper.php b/phpBB/phpbb/textformatter/s9e/link_helper.php index 1e113b6449..1cd5dd2fa7 100644 --- a/phpBB/phpbb/textformatter/s9e/link_helper.php +++ b/phpBB/phpbb/textformatter/s9e/link_helper.php @@ -60,8 +60,10 @@ class link_helper $length = $end - $start; $text = substr($parser->getText(), $start, $length); - // Create a tag that consumes the link's text - $parser->addSelfClosingTag('LINK_TEXT', $start, $length)->setAttribute('text', $text); + // Create a tag that consumes the link's text and make it depends on this tag + $link_text_tag = $parser->addSelfClosingTag('LINK_TEXT', $start, $length, 10); + $link_text_tag->setAttribute('text', $text); + $tag->cascadeInvalidationTo($link_text_tag); } /** diff --git a/phpBB/phpbb/textformatter/s9e/parser.php b/phpBB/phpbb/textformatter/s9e/parser.php index 3698dca224..f7e4668980 100644 --- a/phpBB/phpbb/textformatter/s9e/parser.php +++ b/phpBB/phpbb/textformatter/s9e/parser.php @@ -15,6 +15,7 @@ namespace phpbb\textformatter\s9e; use s9e\TextFormatter\Parser\AttributeFilters\UrlFilter; use s9e\TextFormatter\Parser\Logger; +use s9e\TextFormatter\Parser\Tag; /** * s9e\TextFormatter\Parser adapter @@ -219,7 +220,7 @@ class parser implements \phpbb\textformatter\parser_interface { $errors[] = array($msg, $context['max_' . strtolower($m[1])]); } - else if ($msg === 'Tag is disabled') + else if ($msg === 'Tag is disabled' && $this->is_a_bbcode($context['tag'])) { $name = strtolower($context['tag']->getName()); $errors[] = array('UNAUTHORISED_BBCODE', '[' . $name . ']'); @@ -342,7 +343,7 @@ class parser implements \phpbb\textformatter\parser_interface return false; } - if ($size < 1) + if ($size < 1 || !is_numeric($size)) { return false; } @@ -396,4 +397,21 @@ class parser implements \phpbb\textformatter\parser_interface return $url; } + + /** + * Test whether given tag consumes text that looks like BBCode-styled markup + * + * @param Tag $tag Original tag + * @return bool + */ + protected function is_a_bbcode(Tag $tag) + { + if ($tag->getLen() < 3) + { + return false; + } + $markup = substr($this->parser->getText(), $tag->getPos(), $tag->getLen()); + + return (bool) preg_match('(^\\[\\w++.*?\\]$)s', $markup); + } } diff --git a/phpBB/phpbb/textformatter/s9e/quote_helper.php b/phpBB/phpbb/textformatter/s9e/quote_helper.php index 86c33c7591..3011ec88dc 100644 --- a/phpBB/phpbb/textformatter/s9e/quote_helper.php +++ b/phpBB/phpbb/textformatter/s9e/quote_helper.php @@ -21,6 +21,11 @@ class quote_helper protected $post_url; /** + * @var string Base URL for a private message link, uses {MSG_ID} as placeholder + */ + protected $msg_url; + + /** * @var string Base URL for a profile link, uses {USER_ID} as placeholder */ protected $profile_url; @@ -40,6 +45,7 @@ class quote_helper public function __construct(\phpbb\user $user, $root_path, $php_ext) { $this->post_url = append_sid($root_path . 'viewtopic.' . $php_ext, 'p={POST_ID}#p{POST_ID}', false); + $this->msg_url = append_sid($root_path . 'ucp.' . $php_ext, 'i=pm&mode=view&p={MSG_ID}', false); $this->profile_url = append_sid($root_path . 'memberlist.' . $php_ext, 'mode=viewprofile&u={USER_ID}', false); $this->user = $user; } @@ -52,26 +58,26 @@ class quote_helper */ public function inject_metadata($xml) { - $post_url = $this->post_url; - $profile_url = $this->profile_url; - $user = $this->user; - return \s9e\TextFormatter\Utils::replaceAttributes( $xml, 'QUOTE', - function ($attributes) use ($post_url, $profile_url, $user) + function ($attributes) { if (isset($attributes['post_id'])) { - $attributes['post_url'] = str_replace('{POST_ID}', $attributes['post_id'], $post_url); + $attributes['post_url'] = str_replace('{POST_ID}', $attributes['post_id'], $this->post_url); + } + if (isset($attributes['msg_id'])) + { + $attributes['msg_url'] = str_replace('{MSG_ID}', $attributes['msg_id'], $this->msg_url); } if (isset($attributes['time'])) { - $attributes['date'] = $user->format_date($attributes['time']); + $attributes['date'] = $this->user->format_date($attributes['time']); } if (isset($attributes['user_id'])) { - $attributes['profile_url'] = str_replace('{USER_ID}', $attributes['user_id'], $profile_url); + $attributes['profile_url'] = str_replace('{USER_ID}', $attributes['user_id'], $this->profile_url); } return $attributes; diff --git a/phpBB/phpbb/user.php b/phpBB/phpbb/user.php index 7363290e11..9817e40edb 100644 --- a/phpBB/phpbb/user.php +++ b/phpBB/phpbb/user.php @@ -281,9 +281,43 @@ class user extends \phpbb\session $db->sql_freeresult($result); } + // Fallback to board's default style if (!$this->style) { - trigger_error('NO_STYLE_DATA', E_USER_ERROR); + // Verify default style exists in the database + $sql = 'SELECT style_id + FROM ' . STYLES_TABLE . ' + WHERE style_id = ' . (int) $config['default_style']; + $result = $db->sql_query($sql); + $style_id = (int) $db->sql_fetchfield('style_id'); + $db->sql_freeresult($result); + + if ($style_id > 0) + { + $db->sql_transaction('begin'); + + // Update $user row + $sql = 'SELECT * + FROM ' . STYLES_TABLE . ' + WHERE style_id = ' . (int) $config['default_style']; + $result = $db->sql_query($sql); + $this->style = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + // Update user style preference + $sql = 'UPDATE ' . USERS_TABLE . ' + SET user_style = ' . (int) $style_id . ' + WHERE user_id = ' . (int) $this->data['user_id']; + $db->sql_query($sql); + + $db->sql_transaction('commit'); + } + } + + // This should never happen + if (!$this->style) + { + trigger_error($this->language->lang('NO_STYLE_DATA', $this->data['user_style'], $this->data['user_id']), E_USER_ERROR); } // Now parse the cfg file and cache it |