+ $sql = 'SELECT *

+ $this->db->sql_query($sql);

+ if ($this->passwords_manager->check($password, $row['user_password'], $row))

+ 'error_msg' => 'LOGIN_ERROR_PASSWORD',

+ $result = $this->prefix_avatar_columns($prefix, self::$default_row);

+ $sql = 'UPDATE ' . $table . '

+ SET ' . $db->sql_build_array('UPDATE', $result) . '

+ WHERE ' . $prefix . 'id = ' . (int) $avatar_data['id'];

+ $db->sql_query($sql);

+

+ // Make sure we also delete this avatar from the users

+ if ($prefix === 'group_')

+ $result = $this->prefix_avatar_columns('user_', self::$default_row);

+

+ $sql = 'UPDATE ' . USERS_TABLE . '

+ SET ' . $db->sql_build_array('UPDATE', $result) . "

+ WHERE user_avatar = '" . $db->sql_escape($avatar_data['avatar']) . "'";

+ $db->sql_query($sql);

+ }

+ /**

+ * Prefix avatar columns

+ *

+ * @param string $prefix Column prefix

+ * @param array $data Column data

+ *

+ * @return array Column data with prefixed column names

+ */

+ public function prefix_avatar_columns($prefix, $data)

+ {

+ foreach ($data as $key => $value)

+ {

+ $data[$prefix . $key] = $value;

+ unset($data[$key]);

+ }

+

+ return $data;

+ /**

+ * Constructor

+ */

+ public function __construct()

+ $this->db->sql_query($sql);

+ if (!$this->db->sql_affectedrows() && isset($this->config[$key]))

+ /* @var \phpbb\request\request_interface */

+ protected $request;

+

+ * @param \phpbb\request\request_interface $request phpBB request object

+ public function __construct(\phpbb\template\template $template, \phpbb\user $user, \phpbb\config\config $config, \phpbb\controller\provider $provider, \phpbb\extension\manager $manager, \phpbb\symfony_request $symfony_request, \phpbb\request\request_interface $request, \phpbb\filesystem $filesystem, $phpbb_root_path, $php_ext)

+ $this->request = $request;

+ $base_url = $this->request->escape($this->filesystem->clean_path($base_url), true);

+ return generate_board_url(true) . $this->request->escape($this->symfony_request->getRequestUri(), true);

+ if (strpos($captcha_plugin, 'phpbb_captcha_') === 0)

+ $captcha_plugin = substr($captcha_plugin, strlen('phpbb_captcha_'));

+ }

+ else if (strpos($captcha_plugin, 'phpbb_') === 0)

+ {

+ $captcha_plugin = substr($captcha_plugin, strlen('phpbb_'));

+ (is_dir($this->phpbb_root_path . 'includes/captcha/plugins/') &&

+ !is_file($this->phpbb_root_path . "includes/captcha/plugins/{$this->config['captcha_plugin']}_plugin." . $this->php_ext)),

+ FROM ' . STYLES_TABLE . ' s, ' . $this->table_prefix . 'styles_template t, ' . $this->table_prefix . "styles_theme c

+<?php

+/**

+*

+* This file is part of the phpBB Forum Software package.

+*

+* @copyright (c) phpBB Limited <https://www.phpbb.com>

+* @license GNU General Public License, version 2 (GPL-2.0)

+*

+* For full copyright and license information, please see

+* the docs/CREDITS.txt file.

+*

+*/

+

+namespace phpbb\db\migration\data\v31x;

+

+class plupload_last_gc_dynamic extends \phpbb\db\migration\migration

+{

+ static public function depends_on()

+ {

+ return array('\phpbb\db\migration\data\v31x\v312');

+ }

+

+ public function update_data()

+ {

+ return array(

+ // Make plupload_last_gc dynamic.

+ array('config.remove', array('plupload_last_gc')),

+ array('config.add', array('plupload_last_gc', 0, 1)),

+ );

+ }

+}

+<?php

+/**

+*

+* This file is part of the phpBB Forum Software package.

+*

+* @copyright (c) phpBB Limited <https://www.phpbb.com>

+* @license GNU General Public License, version 2 (GPL-2.0)

+*

+* For full copyright and license information, please see

+* the docs/CREDITS.txt file.

+*

+*/

+

+namespace phpbb\db\migration\data\v31x;

+

+class profilefield_yahoo_update_url extends \phpbb\db\migration\migration

+{

+ static public function depends_on()

+ {

+ return array('\phpbb\db\migration\data\v31x\v312');

+ }

+

+ public function update_data()

+ {

+ return array(

+ array('custom', array(array($this, 'update_contact_url'))),

+ );

+ }

+

+ public function update_contact_url()

+ {

+ $sql = 'UPDATE ' . $this->table_prefix . "profile_fields

+ SET field_contact_url = 'ymsgr:sendim?%s'

+ WHERE field_name = 'phpbb_yahoo'

+ AND field_contact_url = 'http://edit.yahoo.com/config/send_webmesg?.target=%s&amp;.src=pg'";

+ $this->sql_query($sql);

+ }

+}

+<?php

+/**

+*

+* This file is part of the phpBB Forum Software package.

+*

+* @copyright (c) phpBB Limited <https://www.phpbb.com>

+* @license GNU General Public License, version 2 (GPL-2.0)

+*

+* For full copyright and license information, please see

+* the docs/CREDITS.txt file.

+*

+*/

+

+namespace phpbb\db\migration\data\v31x;

+

+class v312 extends \phpbb\db\migration\migration

+{

+ static public function depends_on()

+ {

+ return array(

+ '\phpbb\db\migration\data\v31x\v312rc1',

+ );

+ }

+

+ public function update_data()

+ {

+ return array(

+ array('config.update', array('version', '3.1.2')),

+ );

+ }

+}

+<?php

+/**

+*

+* This file is part of the phpBB Forum Software package.

+*

+* @copyright (c) phpBB Limited <https://www.phpbb.com>

+* @license GNU General Public License, version 2 (GPL-2.0)

+*

+* For full copyright and license information, please see

+* the docs/CREDITS.txt file.

+*

+*/

+

+namespace phpbb\db\migration\data\v31x;

+

+class v312rc1 extends \phpbb\db\migration\migration

+{

+ static public function depends_on()

+ {

+ return array(

+ '\phpbb\db\migration\data\v31x\v311',

+ '\phpbb\db\migration\data\v31x\m_softdelete_global',

+ );

+ }

+

+ public function update_data()

+ {

+ return array(

+ array('config.update', array('version', '3.1.2-RC1')),

+ );

+ }

+}

+ $this->user->add_lang('acp/modules');

+ $statements[] = 'ALTER TABLE ' . $table_name . ' ADD INDEX ' . $index_name . ' (' . implode(', ', $column) . ')';

+ array_walk_recursive($metadata, array($this, 'sanitize_json'));

+ * Sanitize input from JSON array using htmlspecialchars()

+ *

+ * @param mixed $value Value of array row

+ * @param string $key Key of array row

+ */

+ public function sanitize_json(&$value, $key)

+ {

+ $value = htmlspecialchars($value);

+ }

+

+ /**

+ 'META_NAME' => $this->metadata['name'],

+ 'META_TYPE' => $this->metadata['type'],

+ 'META_DESCRIPTION' => (isset($this->metadata['description'])) ? $this->metadata['description'] : '',

+ 'META_VERSION' => (isset($this->metadata['version'])) ? $this->metadata['version'] : '',

+ 'META_TIME' => (isset($this->metadata['time'])) ? $this->metadata['time'] : '',

+ 'META_LICENSE' => $this->metadata['license'],

+ 'META_REQUIRE_PHP' => (isset($this->metadata['require']['php'])) ? $this->metadata['require']['php'] : '',

+ 'META_REQUIRE_PHPBB' => (isset($this->metadata['extra']['soft-require']['phpbb/phpbb'])) ? $this->metadata['extra']['soft-require']['phpbb/phpbb'] : '',

+ 'META_DISPLAY_NAME' => (isset($this->metadata['extra']['display-name'])) ? $this->metadata['extra']['display-name'] : '',

+ 'AUTHOR_NAME' => $author['name'],

+ 'AUTHOR_ROLE' => (isset($author['role'])) ? $author['role'] : '',

+<?php

+/**

+*

+* This file is part of the phpBB Forum Software package.

+*

+* @copyright (c) phpBB Limited <https://www.phpbb.com>

+* @license GNU General Public License, version 2 (GPL-2.0)

+*

+* For full copyright and license information, please see

+* the docs/CREDITS.txt file.

+*

+*/

+

+namespace phpbb;

+

+class file_downloader

+{

+ /** @var string Error string */

+ protected $error_string = '';

+

+ /** @var int Error number */

+ protected $error_number = 0;

+

+ /**

+ * Retrieve contents from remotely stored file

+ *

+ * @param string $host File host

+ * @param string $directory Directory file is in

+ * @param string $filename Filename of file to retrieve

+ * @param int $port Port to connect to; default: 80

+ * @param int $timeout Connection timeout in seconds; default: 6

+ *

+ * @return mixed File data as string if file can be read and there is no

+ * timeout, false if there were errors or the connection timed out

+ *

+ * @throws \RuntimeException If data can't be retrieved and no error

+ * message is returned

+ */

+ public function get($host, $directory, $filename, $port = 80, $timeout = 6)

+ {

+ // Set default values for error variables

+ $this->error_number = 0;

+ $this->error_string = '';

+

+ if ($socket = @fsockopen($host, $port, $this->error_number, $this->error_string, $timeout))

+ {

+ @fputs($socket, "GET $directory/$filename HTTP/1.0\r\n");

+ @fputs($socket, "HOST: $host\r\n");

+ @fputs($socket, "Connection: close\r\n\r\n");

+

+ $timer_stop = time() + $timeout;

+ stream_set_timeout($socket, $timeout);

+

+ $file_info = '';

+ $get_info = false;

+

+ while (!@feof($socket))

+ {

+ if ($get_info)

+ {

+ $file_info .= @fread($socket, 1024);

+ }

+ else

+ {

+ $line = @fgets($socket, 1024);

+ if ($line == "\r\n")

+ {

+ $get_info = true;

+ }

+ else if (stripos($line, '404 not found') !== false)

+ {

+ throw new \RuntimeException(array('FILE_NOT_FOUND', $filename));

+ }

+ }

+

+ $stream_meta_data = stream_get_meta_data($socket);

+

+ if (!empty($stream_meta_data['timed_out']) || time() >= $timer_stop)

+ {

+ throw new \RuntimeException('FSOCK_TIMEOUT');

+ }

+ }

+ @fclose($socket);

+ }

+ else

+ {

+ if ($this->error_string)

+ {

+ $this->error_string = utf8_convert_message($this->error_string);

+ return false;

+ }

+ else

+ {

+ throw new \RuntimeException('FSOCK_DISABLED');

+ }

+ }

+

+ return $file_info;

+ }

+

+ /**

+ * Get error string

+ *

+ * @return string Error string

+ */

+ public function get_error_string()

+ {

+ return $this->error_string;

+ }

+

+ /**

+ * Get error number

+ *

+ * @return int Error number

+ */

+ public function get_error_number()

+ {

+ return $this->error_number;

+ }

+}

+ /**

+ * Allow modifying or execute extra final filter on log entries

+ *

+ * @event core.get_logs_after

+ * @var array log Array with all our log entries

+ * @var array topic_id_list Array of topic ids, for which we

+ * get the permission data

+ * @var array reportee_id_list Array of additional user IDs we

+ * get the username strings for

+ * @var string mode Mode of the entries we display

+ * @var bool count_logs Do we count all matching entries?

+ * @var int limit Limit the number of entries

+ * @var int offset Offset when fetching the entries

+ * @var mixed forum_id Limit entries to the forum_id,

+ * can also be an array of forum_ids

+ * @var int topic_id Limit entries to the topic_id

+ * @var int user_id Limit entries to the user_id

+ * @var int log_time Limit maximum age of log entries

+ * @var string sort_by SQL order option

+ * @var string keywords Will only return entries that have the

+ * keywords in log_operation or log_data

+ * @var string profile_url URL to the users profile

+ * @var int log_type The type of logs it was filtered

+ * @since 3.1.3-RC1

+ */

+ $vars = array(

+ 'log',

+ 'topic_id_list',

+ 'reportee_id_list',

+ 'mode',

+ 'count_logs',

+ 'limit',

+ 'offset',

+ 'forum_id',

+ 'topic_id',

+ 'user_id',

+ 'log_time',

+ 'sort_by',

+ 'keywords',

+ 'profile_url',

+ 'log_type',

+ );

+ extract($this->dispatcher->trigger_event('core.get_logs_after', compact($vars)));

+

+ $this->message->set_body($this->body);

+ (($item_parent_id !== false) ? ' AND ' . (is_array($item_parent_id) ? $this->db->sql_in_set('item_parent_id', $item_parent_id, false, true) : 'item_parent_id = ' . (int) $item_parent_id) : '') .

+ // We do not need to escape $path_info, $request_uri and $script_name because we can not find their content in the result.

+ // We need to escape $absolute_board_url because it can be partially concatenated to the result.

+ $absolute_board_url = $this->request->escape($this->symfony_request->getSchemeAndHttpHost() . $this->symfony_request->getBasePath(), true);

+

+ $absolute_board_url

+ while (($dir_position = strpos($absolute_board_url, $referer_dir)) !== 0)

+

+ // Just return phpbb_root_path if we reach the top directory

+ if ($referer_dir === '.')

+ {

+ return $this->phpbb_root_path;

+ }

+ $default_value = '';

+ $lang_fields = array(

+ 'l_lang_name',

+ 'l_lang_explain',

+ 'l_lang_default_value',

+ 'l_lang_options',

+ );

+

+ if (in_array($key, $lang_fields))

+ {

+ $default_value = array(0 => '');

+ }

+ return $this->request->variable($key, $default_value, true);

+ if ($key == 'l_lang_options' && $this->request->is_set($key))

+ return $this->variable($form_name, array('name' => 'none'), true, \phpbb\request\request_interface::FILES);

+

+ /**

+ * {@inheritdoc}

+ */

+ public function escape($var, $multibyte)

+ {

+ if (is_array($var))

+ {

+ $result = array();

+ foreach ($var as $key => $value)

+ {

+ $this->type_cast_helper->set_var($key, $key, gettype($key), $multibyte);

+ $result[$key] = $this->escape($value, $multibyte);

+ }

+ $var = $result;

+ }

+ else

+ {

+ $this->type_cast_helper->set_var($var, $var, 'string', $multibyte);

+ }

+

+ return $var;

+ }

+

+ /**

+ * Escape a string variable.

+ *

+ * @param mixed $value The contents to fill with

+ * @param bool $multibyte Indicates whether string values may contain UTF-8 characters.

+ * Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks.

+ * @return string|array

+ */

+ public function escape($value, $multibyte);

+ * Extract current session page

+ *

+ * @param string $root_path current root path (phpbb_root_path)

+ * @return array

+ */

+ $script_name = $request->escape($symfony_request->getScriptName(), true);

+ $args = $request->escape(explode('&', $symfony_request->getQueryString()), true);

+ $domain = (!$config['cookie_domain'] || $config['cookie_domain'] == '127.0.0.1' || strpos($config['cookie_domain'], '.') === false) ? '' : '; domain=' . $config['cookie_domain'];

+ global $config, $db, $phpbb_dispatcher;

+ /**

+ * Event to set custom ban type

+ *

+ * @event core.session_set_custom_ban

+ * @var bool return If $return is false this routine does not return on finding a banned user, it outputs a relevant message and stops execution

+ * @var bool banned Check if user already banned

+ * @var array|false ban_row Ban data

+ * @var string ban_triggered_by Method that caused ban, can be your custom method

+ * @since 3.1.3-RC1

+ */

+ $ban_row = isset($ban_row) ? $ban_row : false;

+ $vars = array('return', 'banned', 'ban_row', 'ban_triggered_by');

+ extract($phpbb_dispatcher->trigger_event('core.session_set_custom_ban', compact($vars)));

+

+/**

+ * WARNING: The Symfony request does not escape the input and should be used very carefully

+ * prefer the phpbb request as possible

+ */

+ if (defined('DEBUG'))

+ {

+ $this->twig->addExtension(new \Twig_Extension_Debug());

+ }

+

+ $theme_path = $path . 'theme/';

+ $is_valid_dir = false;

+ $is_valid_dir = true;

+ $paths[] = $template_path;

+ }

+ if (is_dir($theme_path))

+ {

+ $is_valid_dir = true;

+ $paths[] = $theme_path;

+ }

+

+ if ($is_valid_dir)

+ {

+ $ext_style_theme_path = $ext_style_path . 'theme/';

+ $ext_style_theme_path = $ext_style_path . 'theme/';

+ $ext_style_theme_path = $ext_style_path . 'theme/';

+ $ok = false;

+ $ok = true;

+ $paths[] = $ext_style_template_path;

+ }

+ if (is_dir($ext_style_theme_path))

+ {

+ $ok = true;

+ $paths[] = $ext_style_theme_path;

+ }

+

+ if ($ok)

+ {

+ /** @var \phpbb\file_downloader */

+ protected $file_downloader;

+

+ * @param \phpbb\file_downloader $file_downloader

+ public function __construct(\phpbb\cache\service $cache, \phpbb\config\config $config, \phpbb\file_downloader $file_downloader, \phpbb\user $user)

+ $this->file_downloader = $file_downloader;

+ try {

+ $info = $this->file_downloader->get($this->host, $this->path, $this->file);

+ }

+ catch (\RuntimeException $exception)

+ {

+ throw new \RuntimeException($this->user->lang($exception->getMessage()));

+ }

+ $error_string = $this->file_downloader->get_error_string();

+ if (!empty($error_string))

+ throw new \RuntimeException($error_string);

+ // Sanitize any data we retrieve from a server

+ if (!empty($info))

+ {

+ $json_sanitizer = function (&$value, $key) {

+ $type_cast_helper = new \phpbb\request\type_cast_helper();

+ $type_cast_helper->set_var($value, $value, gettype($value), true);

+ };

+ array_walk_recursive($info, $json_sanitizer);

+ }

+