diff options
Diffstat (limited to 'phpBB/phpbb')
41 files changed, 602 insertions, 96 deletions
diff --git a/phpBB/phpbb/auth/provider/oauth/oauth.php b/phpBB/phpbb/auth/provider/oauth/oauth.php index 8809a0c6b4..1a3083d42e 100644 --- a/phpBB/phpbb/auth/provider/oauth/oauth.php +++ b/phpBB/phpbb/auth/provider/oauth/oauth.php @@ -191,7 +191,7 @@ class oauth extends \phpbb\auth\provider\base return $provider->login($username, $password); } - // Requst the name of the OAuth service + // Request the name of the OAuth service $service_name_original = $this->request->variable('oauth_service', '', false); $service_name = 'auth.provider.oauth.service.' . strtolower($service_name_original); if ($service_name_original === '' || !array_key_exists($service_name, $this->service_providers)) @@ -221,24 +221,33 @@ class oauth extends \phpbb\auth\provider\base 'provider' => $service_name_original, 'oauth_provider_id' => $unique_id ); + $sql = 'SELECT user_id FROM ' . $this->auth_provider_oauth_token_account_assoc . ' WHERE ' . $this->db->sql_build_array('SELECT', $data); $result = $this->db->sql_query($sql); $row = $this->db->sql_fetchrow($result); $this->db->sql_freeresult($result); + $redirect_data = array( + 'auth_provider' => 'oauth', + 'login_link_oauth_service' => $service_name_original, + ); + /** * Event is triggered before check if provider is already associated with an account * * @event core.oauth_login_after_check_if_provider_id_has_match - * @var array row User row - * @var array data Provider data - * @var \OAuth\Common\Service\ServiceInterface service OAuth service + * @var array row User row + * @var array data Provider data + * @var array redirect_data Data to be appended to the redirect url + * @var \OAuth\Common\Service\ServiceInterface service OAuth service * @since 3.2.3-RC1 + * @changed 3.2.6-RC1 Added redirect_data */ $vars = array( 'row', 'data', + 'redirect_data', 'service', ); extract($this->dispatcher->trigger_event('core.oauth_login_after_check_if_provider_id_has_match', compact($vars))); @@ -250,15 +259,12 @@ class oauth extends \phpbb\auth\provider\base 'status' => LOGIN_SUCCESS_LINK_PROFILE, 'error_msg' => 'LOGIN_OAUTH_ACCOUNT_NOT_LINKED', 'user_row' => array(), - 'redirect_data' => array( - 'auth_provider' => 'oauth', - 'login_link_oauth_service' => $service_name_original, - ), + 'redirect_data' => $redirect_data, ); } // Retrieve the user's account - $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type, user_login_attempts + $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_ip, user_type, user_login_attempts FROM ' . $this->users_table . ' WHERE user_id = ' . (int) $row['user_id']; $result = $this->db->sql_query($sql); @@ -270,11 +276,36 @@ class oauth extends \phpbb\auth\provider\base throw new \Exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_ENTRY'); } + /** + * Check if the user is banned. + * The fourth parameter, return, has to be true, + * otherwise the OAuth login is still called and + * an uncaught exception is thrown as there is no + * token stored in the database. + */ + $ban = $this->user->check_ban($row['user_id'], $row['user_ip'], $row['user_email'], true); + if (!empty($ban)) + { + $till_date = !empty($ban['ban_end']) ? $this->user->format_date($ban['ban_end']) : ''; + $message = !empty($ban['ban_end']) ? 'BOARD_BAN_TIME' : 'BOARD_BAN_PERM'; + + $contact_link = phpbb_get_board_contact_link($this->config, $this->phpbb_root_path, $this->php_ext); + $message = $this->user->lang($message, $till_date, '<a href="' . $contact_link . '">', '</a>'); + $message .= !empty($ban['ban_give_reason']) ? '<br /><br />' . $this->user->lang('BOARD_BAN_REASON', $ban['ban_give_reason']) : ''; + $message .= !empty($ban['ban_triggered_by']) ? '<br /><br /><em>' . $this->user->lang('BAN_TRIGGERED_BY_' . strtoupper($ban['ban_triggered_by'])) . '</em>' : ''; + + return array( + 'status' => LOGIN_BREAK, + 'error_msg' => $message, + 'user_row' => $row, + ); + } + // Update token storage to store the user_id $storage->set_user_id($row['user_id']); /** - * Event is triggered after user is successfuly logged in via OAuth. + * Event is triggered after user is successfully logged in via OAuth. * * @event core.auth_oauth_login_after * @var array row User row @@ -392,7 +423,7 @@ class oauth extends \phpbb\auth\provider\base if ($credentials['key'] && $credentials['secret']) { $actual_name = str_replace('auth.provider.oauth.service.', '', $service_name); - $redirect_url = build_url(false) . '&login=external&oauth_service=' . $actual_name; + $redirect_url = generate_board_url() . '/ucp.' . $this->php_ext . '?mode=login&login=external&oauth_service=' . $actual_name; $login_data['BLOCK_VARS'][$service_name] = array( 'REDIRECT_URL' => redirect($redirect_url, true), 'SERVICE_NAME' => $this->user->lang['AUTH_PROVIDER_OAUTH_SERVICE_' . strtoupper($actual_name)], @@ -674,6 +705,7 @@ class oauth extends \phpbb\auth\provider\base 'oauth_service' => $actual_name, ), + 'SERVICE_ID' => $actual_name, 'SERVICE_NAME' => $this->user->lang['AUTH_PROVIDER_OAUTH_SERVICE_' . strtoupper($actual_name)], 'UNIQUE_ID' => (isset($oauth_user_ids[$actual_name])) ? $oauth_user_ids[$actual_name] : null, ); @@ -707,7 +739,7 @@ class oauth extends \phpbb\auth\provider\base AND user_id = " . (int) $user_id; $this->db->sql_query($sql); - // Clear all tokens belonging to the user on this servce + // Clear all tokens belonging to the user on this service $service_name = 'auth.provider.oauth.service.' . strtolower($link_data['oauth_service']); $storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table, $this->auth_provider_oauth_state_table); $storage->clearToken($service_name); diff --git a/phpBB/phpbb/auth/provider/provider_interface.php b/phpBB/phpbb/auth/provider/provider_interface.php index 35e0f559a1..463324ff46 100644 --- a/phpBB/phpbb/auth/provider/provider_interface.php +++ b/phpBB/phpbb/auth/provider/provider_interface.php @@ -71,9 +71,10 @@ interface provider_interface * options with whatever configuraton values are passed to it as an array. * It then returns the name of the acp file related to this authentication * provider. - * @param array $new_config Contains the new configuration values that - * have been set in acp_board. - * @return array|null Returns null if not implemented or an array with + * + * @param \phpbb\config\config $new_config Contains the new configuration values + * that have been set in acp_board. + * @return array|null Returns null if not implemented or an array with * the template file name and an array of the vars * that the template needs that must conform to the * following example: diff --git a/phpBB/phpbb/avatar/driver/upload.php b/phpBB/phpbb/avatar/driver/upload.php index 77b44754ac..a012bb15b6 100644 --- a/phpBB/phpbb/avatar/driver/upload.php +++ b/phpBB/phpbb/avatar/driver/upload.php @@ -148,7 +148,8 @@ class upload extends \phpbb\avatar\driver\driver // Do not allow specifying the port (see RFC 3986) or IP addresses // remote_upload() will do its own check for allowed filetypes - if (preg_match('@^(http|https|ftp)://[^/:?#]+:[0-9]+[/:?#]@i', $url) || + if (!preg_match('#^(http|https|ftp)://(?:(.*?\.)*?[a-z0-9\-]+?\.[a-z]{2,4}|(?:\d{1,3}\.){3,5}\d{1,3}):?([0-9]*?).*?\.('. implode('|', $this->allowed_extensions) . ')$#i', $url) || + preg_match('@^(http|https|ftp)://[^/:?#]+:[0-9]+[/:?#]@i', $url) || preg_match('#^(http|https|ftp)://(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])#i', $url) || preg_match('#^(http|https|ftp)://(?:(?:(?:[\dA-F]{1,4}:){6}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:::(?:[\dA-F]{1,4}:){0,5}(?:[\dA-F]{1,4}(?::[\dA-F]{1,4})?|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:):(?:[\dA-F]{1,4}:){4}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,2}:(?:[\dA-F]{1,4}:){3}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,3}:(?:[\dA-F]{1,4}:){2}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,4}:(?:[\dA-F]{1,4}:)(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,5}:(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,6}:[\dA-F]{1,4})|(?:(?:[\dA-F]{1,4}:){1,7}:)|(?:::))#i', $url)) { diff --git a/phpBB/phpbb/avatar/manager.php b/phpBB/phpbb/avatar/manager.php index 6d9604db04..a909a91042 100644 --- a/phpBB/phpbb/avatar/manager.php +++ b/phpBB/phpbb/avatar/manager.php @@ -271,7 +271,7 @@ class manager $config_name = $driver->get_config_name(); return array( - 'allow_avatar_' . $config_name => array('lang' => 'ALLOW_' . strtoupper(str_replace('\\', '_', $config_name)), 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), + 'allow_avatar_' . $config_name => array('lang' => 'ALLOW_' . strtoupper(str_replace('\\', '_', $config_name)), 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), ); } diff --git a/phpBB/phpbb/captcha/plugins/gd.php b/phpBB/phpbb/captcha/plugins/gd.php index 831e5bcfdf..6d3c9bb3d2 100644 --- a/phpBB/phpbb/captcha/plugins/gd.php +++ b/phpBB/phpbb/captcha/plugins/gd.php @@ -51,7 +51,7 @@ class gd extends captcha_abstract return 'CAPTCHA_GD'; } - function acp_page($id, &$module) + function acp_page($id, $module) { global $user, $template, $phpbb_log, $request; global $config; diff --git a/phpBB/phpbb/captcha/plugins/gd_wave.php b/phpBB/phpbb/captcha/plugins/gd_wave.php index bde46f8815..4ac26ed2b7 100644 --- a/phpBB/phpbb/captcha/plugins/gd_wave.php +++ b/phpBB/phpbb/captcha/plugins/gd_wave.php @@ -33,7 +33,7 @@ class gd_wave extends captcha_abstract return '\\phpbb\\captcha\\gd_wave'; } - function acp_page($id, &$module) + function acp_page($id, $module) { global $user; diff --git a/phpBB/phpbb/captcha/plugins/nogd.php b/phpBB/phpbb/captcha/plugins/nogd.php index 6845e5935c..da67cd2bf4 100644 --- a/phpBB/phpbb/captcha/plugins/nogd.php +++ b/phpBB/phpbb/captcha/plugins/nogd.php @@ -33,7 +33,7 @@ class nogd extends captcha_abstract return '\\phpbb\\captcha\\non_gd'; } - function acp_page($id, &$module) + function acp_page($id, $module) { global $user; diff --git a/phpBB/phpbb/captcha/plugins/qa.php b/phpBB/phpbb/captcha/plugins/qa.php index 7797212ac9..966b8d32f2 100644 --- a/phpBB/phpbb/captcha/plugins/qa.php +++ b/phpBB/phpbb/captcha/plugins/qa.php @@ -21,7 +21,7 @@ class qa { var $confirm_id; var $answer; - var $question_ids; + var $question_ids = []; var $question_text; var $question_lang; var $question_strict; @@ -107,8 +107,7 @@ class qa $sql = 'SELECT q.question_id, q.lang_iso FROM ' . $this->table_captcha_questions . ' q, ' . $this->table_captcha_answers . ' a - WHERE q.question_id = a.question_id - GROUP BY lang_iso'; + WHERE q.question_id = a.question_id'; $result = $db->sql_query($sql, 7200); while ($row = $db->sql_fetchrow($result)) @@ -638,7 +637,7 @@ class qa /** * API function - The ACP backend, this marks the end of the easy methods */ - function acp_page($id, &$module) + function acp_page($id, $module) { global $config, $request, $phpbb_log, $template, $user; @@ -776,7 +775,7 @@ class qa /** * This handles the list overview */ - function acp_question_list(&$module) + function acp_question_list($module) { global $db, $template; diff --git a/phpBB/phpbb/captcha/plugins/recaptcha.php b/phpBB/phpbb/captcha/plugins/recaptcha.php index 152709a9ea..b7c0b5f5e2 100644 --- a/phpBB/phpbb/captcha/plugins/recaptcha.php +++ b/phpBB/phpbb/captcha/plugins/recaptcha.php @@ -66,7 +66,7 @@ class recaptcha extends captcha_abstract throw new \Exception('No generator class given.'); } - function acp_page($id, &$module) + function acp_page($id, $module) { global $config, $template, $user, $phpbb_log, $request; diff --git a/phpBB/phpbb/console/command/thumbnail/delete.php b/phpBB/phpbb/console/command/thumbnail/delete.php index 9f2ee822be..7b95c20cf2 100644 --- a/phpBB/phpbb/console/command/thumbnail/delete.php +++ b/phpBB/phpbb/console/command/thumbnail/delete.php @@ -19,6 +19,11 @@ use Symfony\Component\Console\Style\SymfonyStyle; class delete extends \phpbb\console\command\command { /** + * @var \phpbb\config\config + */ + protected $config; + + /** * @var \phpbb\db\driver\driver_interface */ protected $db; @@ -32,12 +37,14 @@ class delete extends \phpbb\console\command\command /** * Constructor * + * @param \config\config $config The config * @param \phpbb\user $user The user object (used to get language information) * @param \phpbb\db\driver\driver_interface $db Database connection * @param string $phpbb_root_path Root path */ - public function __construct(\phpbb\user $user, \phpbb\db\driver\driver_interface $db, $phpbb_root_path) + public function __construct(\phpbb\config\config $config, \phpbb\user $user, \phpbb\db\driver\driver_interface $db, $phpbb_root_path) { + $this->config = $config; $this->db = $db; $this->phpbb_root_path = $phpbb_root_path; @@ -101,7 +108,7 @@ class delete extends \phpbb\console\command\command $return = 0; while ($row = $this->db->sql_fetchrow($result)) { - $thumbnail_path = $this->phpbb_root_path . 'files/thumb_' . $row['physical_filename']; + $thumbnail_path = $this->phpbb_root_path . $this->config['upload_path'] . '/thumb_' . $row['physical_filename']; if (@unlink($thumbnail_path)) { diff --git a/phpBB/phpbb/console/command/thumbnail/generate.php b/phpBB/phpbb/console/command/thumbnail/generate.php index 64f7555336..1f6582b17b 100644 --- a/phpBB/phpbb/console/command/thumbnail/generate.php +++ b/phpBB/phpbb/console/command/thumbnail/generate.php @@ -20,6 +20,11 @@ use Symfony\Component\Console\Style\SymfonyStyle; class generate extends \phpbb\console\command\command { /** + * @var \phpbb\config\config + */ + protected $config; + + /** * @var \phpbb\db\driver\driver_interface */ protected $db; @@ -45,14 +50,16 @@ class generate extends \phpbb\console\command\command /** * Constructor * + * @param \config\config $config The config * @param \phpbb\user $user The user object (used to get language information) * @param \phpbb\db\driver\driver_interface $db Database connection * @param \phpbb\cache\service $cache The cache service * @param string $phpbb_root_path Root path * @param string $php_ext PHP extension */ - public function __construct(\phpbb\user $user, \phpbb\db\driver\driver_interface $db, \phpbb\cache\service $cache, $phpbb_root_path, $php_ext) + public function __construct(\phpbb\config\config $config, \phpbb\user $user, \phpbb\db\driver\driver_interface $db, \phpbb\cache\service $cache, $phpbb_root_path, $php_ext) { + $this->config = $config; $this->db = $db; $this->cache = $cache; $this->phpbb_root_path = $phpbb_root_path; @@ -126,8 +133,8 @@ class generate extends \phpbb\console\command\command { if (isset($extensions[$row['extension']]['display_cat']) && $extensions[$row['extension']]['display_cat'] == ATTACHMENT_CATEGORY_IMAGE) { - $source = $this->phpbb_root_path . 'files/' . $row['physical_filename']; - $destination = $this->phpbb_root_path . 'files/thumb_' . $row['physical_filename']; + $source = $this->phpbb_root_path . $this->config['upload_path'] . '/' . $row['physical_filename']; + $destination = $this->phpbb_root_path . $this->config['upload_path'] . '/thumb_' . $row['physical_filename']; if (create_thumbnail($source, $destination, $row['mimetype'])) { diff --git a/phpBB/phpbb/db/migration/data/v30x/release_3_0_8_rc1.php b/phpBB/phpbb/db/migration/data/v30x/release_3_0_8_rc1.php index c018adab46..836cb4577a 100644 --- a/phpBB/phpbb/db/migration/data/v30x/release_3_0_8_rc1.php +++ b/phpBB/phpbb/db/migration/data/v30x/release_3_0_8_rc1.php @@ -58,9 +58,14 @@ class release_3_0_8_rc1 extends \phpbb\db\migration\migration $result = $this->db->sql_query($sql); $extension_groups_updated = array(); - while ($lang_dir = $this->db->sql_fetchfield('lang_dir')) + while ($row = $this->db->sql_fetchrow($result)) { - $lang_dir = basename($lang_dir); + if (empty($row['lang_dir'])) + { + continue; + } + + $lang_dir = basename($row['lang_dir']); // The language strings we need are either in language/.../acp/attachments.php // in the update package if we're updating to 3.0.8-RC1 or later, diff --git a/phpBB/phpbb/db/migration/data/v32x/disable_remote_avatar.php b/phpBB/phpbb/db/migration/data/v32x/disable_remote_avatar.php new file mode 100644 index 0000000000..b08833fad4 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v32x/disable_remote_avatar.php @@ -0,0 +1,34 @@ +<?php +/** + * + * This file is part of the phpBB Forum Software package. + * + * @copyright (c) phpBB Limited <https://www.phpbb.com> + * @license GNU General Public License, version 2 (GPL-2.0) + * + * For full copyright and license information, please see + * the docs/CREDITS.txt file. + * + */ + +namespace phpbb\db\migration\data\v32x; + +use phpbb\db\migration\migration; + +class disable_remote_avatar extends migration +{ + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v32x\v325', + ); + } + + public function update_data() + { + return array( + array('config.update', array('allow_avatar_remote', '0')), + array('config.update', array('allow_avatar_remote_upload', '0')), + ); + } +} diff --git a/phpBB/phpbb/db/migration/data/v32x/jquery_update.php b/phpBB/phpbb/db/migration/data/v32x/jquery_update.php new file mode 100644 index 0000000000..6dc58ec638 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v32x/jquery_update.php @@ -0,0 +1,37 @@ +<?php +/** + * + * This file is part of the phpBB Forum Software package. + * + * @copyright (c) phpBB Limited <https://www.phpbb.com> + * @license GNU General Public License, version 2 (GPL-2.0) + * + * For full copyright and license information, please see + * the docs/CREDITS.txt file. + * + */ + +namespace phpbb\db\migration\data\v32x; + +class jquery_update extends \phpbb\db\migration\migration +{ + public function effectively_installed() + { + return $this->config['load_jquery_url'] === '//ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js'; + } + + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v32x\v325rc1', + ); + } + + public function update_data() + { + return array( + array('config.update', array('load_jquery_url', '//ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js')), + ); + } + +} diff --git a/phpBB/phpbb/db/migration/data/v32x/smtp_dynamic_data.php b/phpBB/phpbb/db/migration/data/v32x/smtp_dynamic_data.php new file mode 100644 index 0000000000..aeaa3e8979 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v32x/smtp_dynamic_data.php @@ -0,0 +1,42 @@ +<?php +/** + * + * This file is part of the phpBB Forum Software package. + * + * @copyright (c) phpBB Limited <https://www.phpbb.com> + * @license GNU General Public License, version 2 (GPL-2.0) + * + * For full copyright and license information, please see + * the docs/CREDITS.txt file. + * + */ + +namespace phpbb\db\migration\data\v32x; + +class smtp_dynamic_data extends \phpbb\db\migration\migration +{ + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v32x\v326rc1', + ); + } + + public function update_data() + { + return array( + array('custom', array(array($this, 'set_smtp_dynamic'))), + ); + } + + public function set_smtp_dynamic() + { + $smtp_auth_entries = [ + 'smtp_password', + 'smtp_username', + ]; + $this->sql_query('UPDATE ' . CONFIG_TABLE . ' + SET is_dynamic = 1 + WHERE ' . $this->db->sql_in_set('config_name', $smtp_auth_entries)); + } +} diff --git a/phpBB/phpbb/db/migration/data/v32x/timezone_p3.php b/phpBB/phpbb/db/migration/data/v32x/timezone_p3.php new file mode 100644 index 0000000000..433f62ace9 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v32x/timezone_p3.php @@ -0,0 +1,29 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v32x; + +class timezone_p3 extends \phpbb\db\migration\migration +{ + static public function depends_on() + { + return array('\phpbb\db\migration\data\v310\timezone'); + } + + public function update_data() + { + return array( + array('config.remove', array('board_dst')), + ); + } +} diff --git a/phpBB/phpbb/db/migration/data/v32x/v325.php b/phpBB/phpbb/db/migration/data/v32x/v325.php new file mode 100644 index 0000000000..59de4916df --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v32x/v325.php @@ -0,0 +1,38 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v32x; + +class v325 extends \phpbb\db\migration\migration +{ + public function effectively_installed() + { + return phpbb_version_compare($this->config['version'], '3.2.5', '>='); + } + + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v32x\v325rc1', + '\phpbb\db\migration\data\v32x\jquery_update', + ); + + } + + public function update_data() + { + return array( + array('config.update', array('version', '3.2.5')), + ); + } +} diff --git a/phpBB/phpbb/db/migration/data/v32x/v325rc1.php b/phpBB/phpbb/db/migration/data/v32x/v325rc1.php new file mode 100644 index 0000000000..2d0de0a432 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v32x/v325rc1.php @@ -0,0 +1,36 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v32x; + +class v325rc1 extends \phpbb\db\migration\migration +{ + public function effectively_installed() + { + return phpbb_version_compare($this->config['version'], '3.2.5-RC1', '>='); + } + + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v32x\v324', + ); + } + + public function update_data() + { + return array( + array('config.update', array('version', '3.2.5-RC1')), + ); + } +} diff --git a/phpBB/phpbb/db/migration/data/v32x/v326.php b/phpBB/phpbb/db/migration/data/v32x/v326.php new file mode 100644 index 0000000000..2d511b9ed8 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v32x/v326.php @@ -0,0 +1,39 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v32x; + +class v326 extends \phpbb\db\migration\migration +{ + public function effectively_installed() + { + return phpbb_version_compare($this->config['version'], '3.2.6', '>='); + } + + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v32x\v326rc1', + '\phpbb\db\migration\data\v32x\disable_remote_avatar', + '\phpbb\db\migration\data\v32x\smtp_dynamic_data', + ); + + } + + public function update_data() + { + return array( + array('config.update', array('version', '3.2.6')), + ); + } +} diff --git a/phpBB/phpbb/db/migration/data/v32x/v326rc1.php b/phpBB/phpbb/db/migration/data/v32x/v326rc1.php new file mode 100644 index 0000000000..092700d3db --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v32x/v326rc1.php @@ -0,0 +1,37 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v32x; + +class v326rc1 extends \phpbb\db\migration\migration +{ + public function effectively_installed() + { + return phpbb_version_compare($this->config['version'], '3.2.6-RC1', '>='); + } + + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v32x\v325', + ); + + } + + public function update_data() + { + return array( + array('config.update', array('version', '3.2.6-RC1')), + ); + } +} diff --git a/phpBB/phpbb/db/migration/data/v32x/v327.php b/phpBB/phpbb/db/migration/data/v32x/v327.php new file mode 100644 index 0000000000..f9ea11f4b9 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v32x/v327.php @@ -0,0 +1,37 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v32x; + +class v327 extends \phpbb\db\migration\migration +{ + public function effectively_installed() + { + return phpbb_version_compare($this->config['version'], '3.2.7', '>='); + } + + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v32x\v327rc1', + ); + + } + + public function update_data() + { + return array( + array('config.update', array('version', '3.2.7')), + ); + } +} diff --git a/phpBB/phpbb/db/migration/data/v32x/v327rc1.php b/phpBB/phpbb/db/migration/data/v32x/v327rc1.php new file mode 100644 index 0000000000..c8169105af --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v32x/v327rc1.php @@ -0,0 +1,36 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v32x; + +class v327rc1 extends \phpbb\db\migration\migration +{ + public function effectively_installed() + { + return phpbb_version_compare($this->config['version'], '3.2.7-RC1', '>='); + } + + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v32x\v326', + ); + } + + public function update_data() + { + return array( + array('config.update', array('version', '3.2.7-RC1')), + ); + } +} diff --git a/phpBB/phpbb/db/tools/tools.php b/phpBB/phpbb/db/tools/tools.php index d21d34b8a9..c3352a1f66 100644 --- a/phpBB/phpbb/db/tools/tools.php +++ b/phpBB/phpbb/db/tools/tools.php @@ -576,7 +576,7 @@ class tools implements tools_interface { foreach ($indexes as $index_name) { - if (!$this->sql_index_exists($table, $index_name)) + if (!$this->sql_index_exists($table, $index_name) && !$this->sql_unique_index_exists($table, $index_name)) { continue; } diff --git a/phpBB/phpbb/event/md_exporter.php b/phpBB/phpbb/event/md_exporter.php index 085b20c234..1a2d7c989e 100644 --- a/phpBB/phpbb/event/md_exporter.php +++ b/phpBB/phpbb/event/md_exporter.php @@ -143,6 +143,8 @@ class md_exporter list($event_name, $details) = explode("\n===\n", $event, 2); $this->validate_event_name($event_name); + $sorted_events = [$this->current_event, $event_name]; + natsort($sorted_events); $this->current_event = $event_name; if (isset($this->events[$this->current_event])) @@ -150,6 +152,12 @@ class md_exporter throw new \LogicException("The event '{$this->current_event}' is defined multiple times"); } + // Use array_values() to get actual first element and check against natural order + if (array_values($sorted_events)[0] === $event_name) + { + throw new \LogicException("The event '{$sorted_events[1]}' should be defined before '{$sorted_events[0]}'"); + } + if (($this->filter == 'adm' && strpos($this->current_event, 'acp_') !== 0) || ($this->filter == 'styles' && strpos($this->current_event, 'acp_') === 0)) { @@ -381,9 +389,16 @@ class md_exporter $files = explode("\n + ", $file_details); foreach ($files as $file) { + if (!preg_match('#^([^ ]+)( \([0-9]+\))?$#', $file)) + { + throw new \LogicException("Invalid event instances for file '{$file}' found for event '{$this->current_event}'", 1); + } + + list($file) = explode(" ", $file); + if (!file_exists($this->path . $file) || substr($file, -5) !== '.html') { - throw new \LogicException("Invalid file '{$file}' not found for event '{$this->current_event}'", 1); + throw new \LogicException("Invalid file '{$file}' not found for event '{$this->current_event}'", 2); } if (($this->filter !== 'adm') && strpos($file, 'styles/prosilver/template/') === 0) @@ -396,7 +411,7 @@ class md_exporter } else { - throw new \LogicException("Invalid file '{$file}' not found for event '{$this->current_event}'", 2); + throw new \LogicException("Invalid file '{$file}' not found for event '{$this->current_event}'", 3); } $this->events_by_file[$file][] = $this->current_event; @@ -416,7 +431,7 @@ class md_exporter } else { - throw new \LogicException("Invalid file list found for event '{$this->current_event}'", 2); + throw new \LogicException("Invalid file list found for event '{$this->current_event}'", 1); } return $files_list; diff --git a/phpBB/phpbb/files/upload.php b/phpBB/phpbb/files/upload.php index a9bf74094d..50e15c9844 100644 --- a/phpBB/phpbb/files/upload.php +++ b/phpBB/phpbb/files/upload.php @@ -261,7 +261,7 @@ class upload * * @param filespec $file Instance of filespec class */ - public function common_checks(&$file) + public function common_checks($file) { // Filesize is too big or it's 0 if it was larger than the maxsize in the upload form if ($this->max_filesize && ($file->get('filesize') > $this->max_filesize || $file->get('filesize') == 0)) @@ -297,7 +297,7 @@ class upload * * @return bool True if extension is allowed, false if not */ - public function valid_extension(&$file) + public function valid_extension($file) { return (in_array($file->get('extension'), $this->allowed_extensions)) ? true : false; } @@ -310,7 +310,7 @@ class upload * @return bool True if dimensions are valid or no constraints set, false * if not */ - public function valid_dimensions(&$file) + public function valid_dimensions($file) { if (!$this->max_width && !$this->max_height && !$this->min_width && !$this->min_height) { @@ -350,7 +350,7 @@ class upload * * @return bool True if content is valid, false if not */ - public function valid_content(&$file) + public function valid_content($file) { return ($file->check_content($this->disallowed_content)); } diff --git a/phpBB/phpbb/install/helper/config.php b/phpBB/phpbb/install/helper/config.php index fad6749019..7eb0ae3b05 100644 --- a/phpBB/phpbb/install/helper/config.php +++ b/phpBB/phpbb/install/helper/config.php @@ -330,6 +330,8 @@ class config fwrite($fp, $file_content); fclose($fp); + // Enforce 0600 permission for install config + $this->filesystem->chmod([$this->install_config_file], 0600); } /** diff --git a/phpBB/phpbb/install/module/obtain_data/task/obtain_database_data.php b/phpBB/phpbb/install/module/obtain_data/task/obtain_database_data.php index dc7b060746..6ec1e612b9 100644 --- a/phpBB/phpbb/install/module/obtain_data/task/obtain_database_data.php +++ b/phpBB/phpbb/install/module/obtain_data/task/obtain_database_data.php @@ -78,10 +78,10 @@ class obtain_database_data extends \phpbb\install\task_base implements \phpbb\in $dbms = $this->io_handler->get_input('dbms', ''); $dbhost = $this->io_handler->get_input('dbhost', '', true); $dbport = $this->io_handler->get_input('dbport', ''); - $dbuser = $this->io_handler->get_input('dbuser', ''); - $dbpasswd = $this->io_handler->get_raw_input('dbpasswd', ''); - $dbname = $this->io_handler->get_input('dbname', ''); - $table_prefix = $this->io_handler->get_input('table_prefix', ''); + $dbuser = $this->io_handler->get_input('dbuser', '', true); + $dbpasswd = $this->io_handler->get_raw_input('dbpasswd', '', true); + $dbname = $this->io_handler->get_input('dbname', '', true); + $table_prefix = $this->io_handler->get_input('table_prefix', '', true); // Check database data $user_data_vaild = $this->check_database_data($dbms, $dbhost, $dbport, $dbuser, $dbpasswd, $dbname, $table_prefix); diff --git a/phpBB/phpbb/install/module/obtain_data/task/obtain_email_data.php b/phpBB/phpbb/install/module/obtain_data/task/obtain_email_data.php index e8a9c971b7..7cd0d7bf23 100644 --- a/phpBB/phpbb/install/module/obtain_data/task/obtain_email_data.php +++ b/phpBB/phpbb/install/module/obtain_data/task/obtain_email_data.php @@ -50,11 +50,11 @@ class obtain_email_data extends \phpbb\install\task_base implements \phpbb\insta // E-mail data $email_enable = $this->io_handler->get_input('email_enable', true); $smtp_delivery = $this->io_handler->get_input('smtp_delivery', ''); - $smtp_host = $this->io_handler->get_input('smtp_host', ''); + $smtp_host = $this->io_handler->get_input('smtp_host', '', true); $smtp_port = $this->io_handler->get_input('smtp_port', ''); $smtp_auth = $this->io_handler->get_input('smtp_auth', ''); - $smtp_user = $this->io_handler->get_input('smtp_user', ''); - $smtp_passwd = $this->io_handler->get_input('smtp_pass', ''); + $smtp_user = $this->io_handler->get_input('smtp_user', '', true); + $smtp_passwd = $this->io_handler->get_input('smtp_pass', '', true); $auth_methods = array('PLAIN', 'LOGIN', 'CRAM-MD5', 'DIGEST-MD5', 'POP-BEFORE-SMTP'); diff --git a/phpBB/phpbb/install/module/obtain_data/task/obtain_server_data.php b/phpBB/phpbb/install/module/obtain_data/task/obtain_server_data.php index 1ef70eae08..5096ce284e 100644 --- a/phpBB/phpbb/install/module/obtain_data/task/obtain_server_data.php +++ b/phpBB/phpbb/install/module/obtain_data/task/obtain_server_data.php @@ -79,9 +79,9 @@ class obtain_server_data extends \phpbb\install\task_base implements \phpbb\inst $cookie_secure = $this->io_handler->get_input('cookie_secure', $cookie_secure); $server_protocol = $this->io_handler->get_input('server_protocol', $server_protocol); $force_server_vars = $this->io_handler->get_input('force_server_vars', 0); - $server_name = $this->io_handler->get_input('server_name', $server_name); + $server_name = $this->io_handler->get_input('server_name', $server_name, true); $server_port = $this->io_handler->get_input('server_port', $server_port); - $script_path = $this->io_handler->get_input('script_path', $script_path); + $script_path = $this->io_handler->get_input('script_path', $script_path, true); // Clean up script path if ($script_path !== '/') diff --git a/phpBB/phpbb/install/module/obtain_data/task/obtain_update_ftp_data.php b/phpBB/phpbb/install/module/obtain_data/task/obtain_update_ftp_data.php index f31472fc58..3c17576c13 100644 --- a/phpBB/phpbb/install/module/obtain_data/task/obtain_update_ftp_data.php +++ b/phpBB/phpbb/install/module/obtain_data/task/obtain_update_ftp_data.php @@ -85,10 +85,10 @@ class obtain_update_ftp_data extends task_base $method = $methods[0]; } - $ftp_host = $this->iohandler->get_input('ftp_host', ''); - $ftp_user = $this->iohandler->get_input('ftp_user', ''); - $ftp_pass = htmlspecialchars_decode($this->iohandler->get_input('ftp_pass', '')); - $ftp_path = $this->iohandler->get_input('ftp_path', ''); + $ftp_host = $this->iohandler->get_input('ftp_host', '', true); + $ftp_user = $this->iohandler->get_input('ftp_user', '', true); + $ftp_pass = htmlspecialchars_decode($this->iohandler->get_input('ftp_pass', '', true)); + $ftp_path = $this->iohandler->get_input('ftp_path', '', true); $ftp_port = $this->iohandler->get_input('ftp_port', 21); $ftp_time = $this->iohandler->get_input('ftp_timeout', 10); diff --git a/phpBB/phpbb/message/admin_form.php b/phpBB/phpbb/message/admin_form.php index 96b8d3499e..ae1c1d8614 100644 --- a/phpBB/phpbb/message/admin_form.php +++ b/phpBB/phpbb/message/admin_form.php @@ -22,6 +22,9 @@ class admin_form extends form /** @var \phpbb\config\db_text */ protected $config_text; + /** @var \phpbb\event\dispatcher_interface */ + protected $dispatcher; + /** @var string */ protected $subject; /** @var string */ @@ -37,13 +40,15 @@ class admin_form extends form * @param \phpbb\config\db_text $config_text * @param \phpbb\db\driver\driver_interface $db * @param \phpbb\user $user + * @param \phpbb\event\dispatcher_interface $dispatcher * @param string $phpbb_root_path * @param string $phpEx */ - public function __construct(\phpbb\auth\auth $auth, \phpbb\config\config $config, \phpbb\config\db_text $config_text, \phpbb\db\driver\driver_interface $db, \phpbb\user $user, $phpbb_root_path, $phpEx) + public function __construct(\phpbb\auth\auth $auth, \phpbb\config\config $config, \phpbb\config\db_text $config_text, \phpbb\db\driver\driver_interface $db, \phpbb\user $user, \phpbb\event\dispatcher_interface $dispatcher, $phpbb_root_path, $phpEx) { parent::__construct($auth, $config, $db, $user, $phpbb_root_path, $phpEx); $this->config_text = $config_text; + $this->dispatcher = $dispatcher; } /** @@ -91,6 +96,29 @@ class admin_form extends form $this->errors[] = $this->user->lang['EMPTY_MESSAGE_EMAIL']; } + $subject = $this->subject; + $body = $this->body; + $errors = $this->errors; + + /** + * You can use this event to modify subject and/or body and add new errors. + * + * @event core.message_admin_form_submit_before + * @var string subject Message subject + * @var string body Message body + * @var array errors Form errors + * @since 3.2.6-RC1 + */ + $vars = [ + 'subject', + 'body', + 'errors', + ]; + extract($this->dispatcher->trigger_event('core.message_admin_form_submit_before', compact($vars))); + $this->subject = $subject; + $this->body = $body; + $this->errors = $errors; + if ($this->user->data['is_registered']) { $this->message->set_sender_from_user($this->user); diff --git a/phpBB/phpbb/notification/method/email.php b/phpBB/phpbb/notification/method/email.php index 56dd1e9367..6376d13dc7 100644 --- a/phpBB/phpbb/notification/method/email.php +++ b/phpBB/phpbb/notification/method/email.php @@ -65,7 +65,7 @@ class email extends \phpbb\notification\method\messenger_base */ public function is_available(type_interface $notification_type = null) { - return parent::is_available($notification_type) && $this->config['email_enable'] && $this->user->data['user_email']; + return parent::is_available($notification_type) && $this->config['email_enable'] && !empty($this->user->data['user_email']); } /** diff --git a/phpBB/phpbb/notification/type/report_pm.php b/phpBB/phpbb/notification/type/report_pm.php index 7e53ffb3ca..444f98270d 100644 --- a/phpBB/phpbb/notification/type/report_pm.php +++ b/phpBB/phpbb/notification/type/report_pm.php @@ -142,13 +142,16 @@ class report_pm extends \phpbb\notification\type\pm */ public function get_email_template_variables() { - $user_data = $this->user_loader->get_user($this->get_data('reporter_id')); + $user_data = $this->user_loader->get_user($this->get_data('from_user_id')); return array( 'AUTHOR_NAME' => htmlspecialchars_decode($user_data['username']), 'SUBJECT' => htmlspecialchars_decode(censor_text($this->get_data('message_subject'))), - 'U_VIEW_REPORT' => generate_board_url() . "mcp.{$this->php_ext}?r={$this->item_parent_id}&i=pm_reports&mode=pm_report_details", + /** @deprecated 3.2.6-RC1 (to be removed in 4.0.0) use {SUBJECT} instead in report_pm.txt */ + 'TOPIC_TITLE' => htmlspecialchars_decode(censor_text($this->get_data('message_subject'))), + + 'U_VIEW_REPORT' => generate_board_url() . "/mcp.{$this->php_ext}?r={$this->item_parent_id}&i=pm_reports&mode=pm_report_details", ); } @@ -236,8 +239,10 @@ class report_pm extends \phpbb\notification\type\pm */ public function users_to_query() { - return array($this->get_data('reporter_id')); - } + return array( + $this->get_data('from_user_id'), + $this->get_data('reporter_id'), + ); } /** * {@inheritdoc} diff --git a/phpBB/phpbb/pagination.php b/phpBB/phpbb/pagination.php index 40af5eda6b..a7086f6691 100644 --- a/phpBB/phpbb/pagination.php +++ b/phpBB/phpbb/pagination.php @@ -46,7 +46,7 @@ class pagination /** * Generate a pagination link based on the url and the page information * - * @param string $base_url is url prepended to all links generated within the function + * @param string|array $base_url is url prepended to all links generated within the function * If you use page numbers inside your controller route, base_url should contains a placeholder (%d) * for the page. Also be sure to specify the pagination path information into the start_name argument * @param string $on_page is the page for which we want to generate the link @@ -69,7 +69,7 @@ class pagination * set $generate_page_link_override to the new URL value * * @event core.pagination_generate_page_link - * @var string base_url is url prepended to all links generated within the function + * @var string|array base_url is url prepended to all links generated within the function * If you use page numbers inside your controller route, base_url should contains a placeholder (%d) * for the page. Also be sure to specify the pagination path information into the start_name argument * @var string on_page is the page for which we want to generate the link @@ -120,7 +120,7 @@ class pagination * Generate template rendered pagination * Allows full control of rendering of pagination with the template * - * @param string $base_url is url prepended to all links generated within the function + * @param string|array $base_url is url prepended to all links generated within the function * If you use page numbers inside your controller route, base_url should contains a placeholder (%d) * for the page. Also be sure to specify the pagination path information into the start_name argument * @param string $block_var_name is the name assigned to the pagination data block within the template (example: <!-- BEGIN pagination -->) @@ -132,7 +132,7 @@ class pagination * @param int $start the item which should be considered currently active, used to determine the page we're on * @param bool $reverse_count determines whether we weight display of the list towards the start (false) or end (true) of the list * @param bool $ignore_on_page decides whether we enable an active (unlinked) item, used primarily for embedded lists - * @return null + * @return void */ public function generate_template_pagination($base_url, $block_var_name, $start_name, $num_items, $per_page, $start = 1, $reverse_count = false, $ignore_on_page = false) { diff --git a/phpBB/phpbb/search/fulltext_mysql.php b/phpBB/phpbb/search/fulltext_mysql.php index 137ed7433d..1105d0892f 100644 --- a/phpBB/phpbb/search/fulltext_mysql.php +++ b/phpBB/phpbb/search/fulltext_mysql.php @@ -188,7 +188,7 @@ class fulltext_mysql extends \phpbb\search\base } $sql = 'SHOW VARIABLES - LIKE \'ft\_%\''; + LIKE \'%ft\_%\''; $result = $this->db->sql_query($sql); $mysql_info = array(); @@ -198,8 +198,16 @@ class fulltext_mysql extends \phpbb\search\base } $this->db->sql_freeresult($result); - $this->config->set('fulltext_mysql_max_word_len', $mysql_info['ft_max_word_len']); - $this->config->set('fulltext_mysql_min_word_len', $mysql_info['ft_min_word_len']); + if ($engine === 'MyISAM') + { + $this->config->set('fulltext_mysql_max_word_len', $mysql_info['ft_max_word_len']); + $this->config->set('fulltext_mysql_min_word_len', $mysql_info['ft_min_word_len']); + } + else if ($engine === 'InnoDB') + { + $this->config->set('fulltext_mysql_max_word_len', $mysql_info['innodb_ft_max_token_size']); + $this->config->set('fulltext_mysql_min_word_len', $mysql_info['innodb_ft_min_token_size']); + } return false; } diff --git a/phpBB/phpbb/search/fulltext_native.php b/phpBB/phpbb/search/fulltext_native.php index 4172e2cc4f..c83de75eed 100644 --- a/phpBB/phpbb/search/fulltext_native.php +++ b/phpBB/phpbb/search/fulltext_native.php @@ -190,7 +190,7 @@ class fulltext_native extends \phpbb\search\base */ public function split_keywords($keywords, $terms) { - $tokens = '+-|()*'; + $tokens = '+-|()* '; $keywords = trim($this->cleanup($keywords, $tokens)); @@ -224,12 +224,10 @@ class fulltext_native extends \phpbb\search\base $keywords[$i] = '|'; break; case '*': - if ($i === 0 || ($keywords[$i - 1] !== '*' && strcspn($keywords[$i - 1], $tokens) === 0)) + // $i can never be 0 here since $open_bracket is initialised to false + if (strpos($tokens, $keywords[$i - 1]) !== false && ($i + 1 === $n || strpos($tokens, $keywords[$i + 1]) !== false)) { - if ($i === $n - 1 || ($keywords[$i + 1] !== '*' && strcspn($keywords[$i + 1], $tokens) === 0)) - { - $keywords = substr($keywords, 0, $i) . substr($keywords, $i + 1); - } + $keywords[$i] = '|'; } break; } @@ -264,7 +262,7 @@ class fulltext_native extends \phpbb\search\base } } - if ($open_bracket) + if ($open_bracket !== false) { $keywords .= ')'; } @@ -307,6 +305,20 @@ class fulltext_native extends \phpbb\search\base } } + // Remove non trailing wildcards from each word to prevent a full table scan (it's now using the database index) + $match = '#\*(?!$|\s)#'; + $replace = '$1'; + $keywords = preg_replace($match, $replace, $keywords); + + // Only allow one wildcard in the search query to limit the database load + $match = '#\*#'; + $replace = '$1'; + $count_wildcards = substr_count($keywords, '*'); + + // Reverse the string to remove all wildcards except the first one + $keywords = strrev(preg_replace($match, $replace, strrev($keywords), $count_wildcards - 1)); + unset($count_wildcards); + // set the search_query which is shown to the user $this->search_query = $keywords; @@ -409,8 +421,16 @@ class fulltext_native extends \phpbb\search\base { if (strpos($word_part, '*') !== false) { - $id_words[] = '\'' . $this->db->sql_escape(str_replace('*', '%', $word_part)) . '\''; - $non_common_words[] = $word_part; + $len = utf8_strlen(str_replace('*', '', $word_part)); + if ($len >= $this->word_length['min'] && $len <= $this->word_length['max']) + { + $id_words[] = '\'' . $this->db->sql_escape(str_replace('*', '%', $word_part)) . '\''; + $non_common_words[] = $word_part; + } + else + { + $this->common_words[] = $word_part; + } } else if (isset($words[$word_part])) { diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php index 80934dc411..31f32af7c4 100644 --- a/phpBB/phpbb/session.php +++ b/phpBB/phpbb/session.php @@ -1299,7 +1299,12 @@ class session trigger_error($message); } - return ($banned && $ban_row['ban_give_reason']) ? $ban_row['ban_give_reason'] : $banned; + if (!empty($ban_row)) + { + $ban_row['ban_triggered_by'] = $ban_triggered_by; + } + + return ($banned && $ban_row) ? $ban_row : $banned; } /** diff --git a/phpBB/phpbb/template/context.php b/phpBB/phpbb/template/context.php index 2ba6d185ad..202e29ce00 100644 --- a/phpBB/phpbb/template/context.php +++ b/phpBB/phpbb/template/context.php @@ -201,7 +201,8 @@ class context $pos = strpos($blocks[$i], '['); $name = ($pos !== false) ? substr($blocks[$i], 0, $pos) : $blocks[$i]; $block = &$block[$name]; - $index = (!$pos || strpos($blocks[$i], '[]') === $pos) ? (count($block) - 1) : (min((int) substr($blocks[$i], $pos + 1, -1), count($block) - 1)); + $block_count = empty($block) ? 0 : count($block) - 1; + $index = (!$pos || strpos($blocks[$i], '[]') === $pos) ? $block_count : (min((int) substr($blocks[$i], $pos + 1, -1), $block_count)); $block = &$block[$index]; } diff --git a/phpBB/phpbb/textformatter/s9e/factory.php b/phpBB/phpbb/textformatter/s9e/factory.php index c0bbc7b0e8..6191b9a315 100644 --- a/phpBB/phpbb/textformatter/s9e/factory.php +++ b/phpBB/phpbb/textformatter/s9e/factory.php @@ -354,6 +354,14 @@ class factory implements \phpbb\textformatter\cache_interface // Load the Emoji plugin and modify its tag's template to obey viewsmilies $tag = $configurator->Emoji->getTag(); + $tag->template = '<xsl:choose> + <xsl:when test="@tseq"> + <img alt="{.}" class="emoji" draggable="false" src="//twemoji.maxcdn.com/2/svg/{@tseq}.svg"/> + </xsl:when> + <xsl:otherwise> + <img alt="{.}" class="emoji" draggable="false" src="https://cdn.jsdelivr.net/gh/s9e/emoji-assets-twemoji@11.2/dist/svgz/{@seq}.svgz"/> + </xsl:otherwise> + </xsl:choose>'; $tag->template = '<xsl:choose><xsl:when test="$S_VIEWSMILIES">' . str_replace('class="emoji"', 'class="emoji smilies"', $tag->template) . '</xsl:when><xsl:otherwise><xsl:value-of select="."/></xsl:otherwise></xsl:choose>'; /** diff --git a/phpBB/phpbb/textformatter/s9e/link_helper.php b/phpBB/phpbb/textformatter/s9e/link_helper.php index 0f44603dec..483794a83e 100644 --- a/phpBB/phpbb/textformatter/s9e/link_helper.php +++ b/phpBB/phpbb/textformatter/s9e/link_helper.php @@ -23,14 +23,16 @@ class link_helper * * @param \s9e\TextFormatter\Parser\Tag $tag LINK_TEXT tag * @param \s9e\TextFormatter\Parser $parser Parser - * @return bool Whether the tag is valid + * @return void */ public function cleanup_tag(\s9e\TextFormatter\Parser\Tag $tag, \s9e\TextFormatter\Parser $parser) { // Invalidate if the content of the tag matches the text attribute $text = substr($parser->getText(), $tag->getPos(), $tag->getLen()); - - return ($text !== $tag->getAttribute('text')); + if ($text === $tag->getAttribute('text')) + { + $tag->invalidate(); + } } /** @@ -40,7 +42,7 @@ class link_helper * * @param \s9e\TextFormatter\Parser\Tag $tag URL tag (start tag) * @param \s9e\TextFormatter\Parser $parser Parser - * @return bool Always true to indicate that the tag is valid + * @return void */ public function generate_link_text_tag(\s9e\TextFormatter\Parser\Tag $tag, \s9e\TextFormatter\Parser $parser) { @@ -49,7 +51,7 @@ class link_helper // the [url] BBCode when its content is used for the URL if (!$tag->getEndTag() || !$this->should_shorten($tag, $parser->getText())) { - return true; + return; } // Capture the text between the start tag and its end tag @@ -58,10 +60,10 @@ class link_helper $length = $end - $start; $text = substr($parser->getText(), $start, $length); - // Create a tag that consumes the link's text - $parser->addSelfClosingTag('LINK_TEXT', $start, $length)->setAttribute('text', $text); - - return true; + // Create a tag that consumes the link's text and make it depends on this tag + $link_text_tag = $parser->addSelfClosingTag('LINK_TEXT', $start, $length); + $link_text_tag->setAttribute('text', $text); + $tag->cascadeInvalidationTo($link_text_tag); } /** @@ -84,7 +86,7 @@ class link_helper * * @param \s9e\TextFormatter\Parser\Tag $tag LINK_TEXT tag * @param string $board_url Forum's root URL (with trailing slash) - * @return bool Always true to indicate that the tag is valid + * @return void */ public function truncate_local_url(\s9e\TextFormatter\Parser\Tag $tag, $board_url) { @@ -93,15 +95,13 @@ class link_helper { $tag->setAttribute('text', substr($text, strlen($board_url))); } - - return true; } /** * Truncate the replacement text set in a LINK_TEXT tag * * @param \s9e\TextFormatter\Parser\Tag $tag LINK_TEXT tag - * @return bool Always true to indicate that the tag is valid + * @return void */ public function truncate_text(\s9e\TextFormatter\Parser\Tag $tag) { @@ -109,10 +109,7 @@ class link_helper if (utf8_strlen($text) > 55) { $text = utf8_substr($text, 0, 39) . ' ... ' . utf8_substr($text, -10); + $tag->setAttribute('text', $text); } - - $tag->setAttribute('text', $text); - - return true; } } diff --git a/phpBB/phpbb/user.php b/phpBB/phpbb/user.php index ca0e5872e4..7363290e11 100644 --- a/phpBB/phpbb/user.php +++ b/phpBB/phpbb/user.php @@ -343,7 +343,7 @@ class user extends \phpbb\session } // Is board disabled and user not an admin or moderator? - if ($config['board_disable'] && !defined('IN_LOGIN') && !defined('SKIP_CHECK_DISABLED') && !$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) + if ($config['board_disable'] && !defined('IN_INSTALL') && !defined('IN_LOGIN') && !defined('SKIP_CHECK_DISABLED') && !$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) { if ($this->data['is_bot']) { |