diff options
Diffstat (limited to 'phpBB')
22 files changed, 181 insertions, 514 deletions
diff --git a/phpBB/adm/style/admin.css b/phpBB/adm/style/admin.css index 4f0a3312e4..d0f6583ce2 100644 --- a/phpBB/adm/style/admin.css +++ b/phpBB/adm/style/admin.css @@ -728,13 +728,6 @@ td { border-collapse: separate; } -@media only screen and (min-width: 1100px), only screen and (min-device-width: 1100px) { - .lside .table1 { - display: inline-table; - width: 49.7%; - } -} - .tabled { width: 25%; } diff --git a/phpBB/adm/style/permission_forum_copy.html b/phpBB/adm/style/permission_forum_copy.html index b1539aff12..0560648baf 100644 --- a/phpBB/adm/style/permission_forum_copy.html +++ b/phpBB/adm/style/permission_forum_copy.html @@ -4,7 +4,7 @@ <h1>{L_ACP_FORUM_PERMISSIONS_COPY}</h1> - {L_ACP_FORUM_PERMISSIONS_COPY_EXPLAIN} + <p>{L_ACP_FORUM_PERMISSIONS_COPY_EXPLAIN}</p> <form id="forum_perm_copy" method="post" action="{U_ACTION}"> diff --git a/phpBB/composer.json b/phpBB/composer.json index 99e8bb6231..c047c225a2 100644 --- a/phpBB/composer.json +++ b/phpBB/composer.json @@ -32,7 +32,6 @@ "guzzlehttp/guzzle": "~6.3", "lusitanian/oauth": "^0.8.1", "marc1706/fast-image-size": "^1.1", - "paragonie/random_compat": "^2.0", "patchwork/utf8": "^1.1", "s9e/text-formatter": "^2.0", "symfony/config": "~3.4", diff --git a/phpBB/composer.lock b/phpBB/composer.lock index b5d3e8edeb..e39d0ec865 100644 --- a/phpBB/composer.lock +++ b/phpBB/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "fa3c0c97c2a8c44e38ab6cbcbdb75e44", + "content-hash": "b31f688c19bfc55c9a6f4c388c885301", "packages": [ { "name": "bantu/ini-get-wrapper", @@ -335,7 +335,7 @@ "oauth", "security" ], - "time": "2016-07-12T22:15:00+00:00" + "time": "2018-02-14T22:37:14+00:00" }, { "name": "marc1706/fast-image-size", @@ -515,33 +515,29 @@ }, { "name": "paragonie/random_compat", - "version": "v2.0.18", + "version": "v9.99.99", "source": { "type": "git", "url": "https://github.com/paragonie/random_compat.git", - "reference": "0a58ef6e3146256cc3dc7cc393927bcc7d1b72db" + "reference": "84b4dfb120c6f9b4ff7b3685f9b8f1aa365a0c95" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/paragonie/random_compat/zipball/0a58ef6e3146256cc3dc7cc393927bcc7d1b72db", - "reference": "0a58ef6e3146256cc3dc7cc393927bcc7d1b72db", + "url": "https://api.github.com/repos/paragonie/random_compat/zipball/84b4dfb120c6f9b4ff7b3685f9b8f1aa365a0c95", + "reference": "84b4dfb120c6f9b4ff7b3685f9b8f1aa365a0c95", "shasum": "" }, "require": { - "php": ">=5.2.0" + "php": "^7" }, "require-dev": { - "phpunit/phpunit": "4.*|5.*" + "phpunit/phpunit": "4.*|5.*", + "vimeo/psalm": "^1" }, "suggest": { "ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes." }, "type": "library", - "autoload": { - "files": [ - "lib/random.php" - ] - }, "notification-url": "https://packagist.org/downloads/", "license": [ "MIT" @@ -560,7 +556,7 @@ "pseudorandom", "random" ], - "time": "2019-01-03T20:59:08+00:00" + "time": "2018-07-02T15:55:56+00:00" }, { "name": "patchwork/utf8", @@ -2897,8 +2893,8 @@ "authors": [ { "name": "Sebastian Bergmann", - "role": "lead", - "email": "sebastian@phpunit.de" + "email": "sebastian@phpunit.de", + "role": "lead" } ], "description": "Library that provides collection, processing, and rendering functionality for PHP code coverage information.", diff --git a/phpBB/develop/regex.php b/phpBB/develop/regex.php index 46b6fff701..77c6d5c0e6 100644 --- a/phpBB/develop/regex.php +++ b/phpBB/develop/regex.php @@ -8,46 +8,6 @@ // die("Please read the first lines of this script for instructions on how to enable it"); - -// IP regular expressions - -$dec_octet = '(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])'; -$h16 = '[\dA-F]{1,4}'; -$ipv4 = "(?:$dec_octet\.){3}$dec_octet"; -$ls32 = "(?:$h16:$h16|$ipv4)"; - -$ipv6_construct = array( - array(false, '', '{6}', $ls32), - array(false, '::', '{0,5}', "(?:$h16(?::$h16)?|$ipv4)"), - array('', ':', '{4}', $ls32), - array('{1,2}', ':', '{3}', $ls32), - array('{1,3}', ':', '{2}', $ls32), - array('{1,4}', ':', '', $ls32), - array('{1,5}', ':', false, $ls32), - array('{1,6}', ':', false, $h16), - array('{1,7}', ':', false, ''), - array(false, '::', false, '') -); - -$ipv6 = '(?:'; -foreach ($ipv6_construct as $ip_type) -{ - $ipv6 .= '(?:'; - if ($ip_type[0] !== false) - { - $ipv6 .= "(?:$h16:)" . $ip_type[0]; - } - $ipv6 .= $ip_type[1]; - if ($ip_type[2] !== false) - { - $ipv6 .= "(?:$h16:)" . $ip_type[2]; - } - $ipv6 .= $ip_type[3] . ')|'; -} -$ipv6 = substr($ipv6, 0, -1) . ')'; - -echo 'IPv4: ' . $ipv4 . "<br />\nIPv6: " . $ipv6 . "<br />\n"; - // URL regular expressions $pct_encoded = "%[\dA-F]{2}"; diff --git a/phpBB/develop/regex_idn.php b/phpBB/develop/regex_idn.php index 30373f8de3..24d1eb9196 100644 --- a/phpBB/develop/regex_idn.php +++ b/phpBB/develop/regex_idn.php @@ -8,45 +8,6 @@ // die("Please read the first lines of this script for instructions on how to enable it"); -// IP regular expressions - -$dec_octet = '(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])'; -$h16 = '[\dA-F]{1,4}'; -$ipv4 = "(?:$dec_octet\.){3}$dec_octet"; -$ls32 = "(?:$h16:$h16|$ipv4)"; - -$ipv6_construct = array( - array(false, '', '{6}', $ls32), - array(false, '::', '{0,5}', "(?:$h16(?::$h16)?|$ipv4)"), - array('', ':', '{4}', $ls32), - array('{1,2}', ':', '{3}', $ls32), - array('{1,3}', ':', '{2}', $ls32), - array('{1,4}', ':', '', $ls32), - array('{1,5}', ':', false, $ls32), - array('{1,6}', ':', false, $h16), - array('{1,7}', ':', false, ''), - array(false, '::', false, '') -); - -$ipv6 = '(?:'; -foreach ($ipv6_construct as $ip_type) -{ - $ipv6 .= '(?:'; - if ($ip_type[0] !== false) - { - $ipv6 .= "(?:$h16:)" . $ip_type[0]; - } - $ipv6 .= $ip_type[1]; - if ($ip_type[2] !== false) - { - $ipv6 .= "(?:$h16:)" . $ip_type[2]; - } - $ipv6 .= $ip_type[3] . ')|'; -} -$ipv6 = substr($ipv6, 0, -1) . ')'; - -echo 'IPv4: ' . $ipv4 . "<br /><br />\n\nIPv6: " . $ipv6 . "<br /><br />\n\n"; - // URL regular expressions /* IDN2008 characters derivation @@ -72,7 +33,7 @@ $no_hangul = '\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C */ $no_cdm = '\x{20D0}-\x{20FF}'; // \p{block=Combining_Diacritical_Marks_For_Symbols} $no_musical = '\x{1D100}-\x{1D1FF}'; // \p{block=Musical_Symbols} -$no_ancient_greek_musical = '\x{1D200}-\x{1D24F}'; // \p{block=Ancient_Greek_Musical_Notation} +$no_ancient_greek_musical = '\x{1D200}-\x{1D24F}'; // \p{block=Ancient_Greek_Musical_Notation} /* Remove certain exceptions: ** U+0640 ARABIC TATWEEL ** U+07FA NKO LAJANYALAN diff --git a/phpBB/includes/acp/acp_bbcodes.php b/phpBB/includes/acp/acp_bbcodes.php index 5360ab0f7b..a67f3c54f9 100644 --- a/phpBB/includes/acp/acp_bbcodes.php +++ b/phpBB/includes/acp/acp_bbcodes.php @@ -211,11 +211,6 @@ class acp_bbcodes $test = $data['bbcode_tag']; } - if (!preg_match('%\\[' . $test . '[^]]*].*?\\[/' . $test . ']%s', $bbcode_match)) - { - trigger_error($user->lang['BBCODE_OPEN_ENDED_TAG'] . adm_back_link($this->u_action), E_USER_WARNING); - } - if (strlen($data['bbcode_tag']) > 16) { trigger_error($user->lang['BBCODE_TAG_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING); diff --git a/phpBB/includes/acp/acp_forums.php b/phpBB/includes/acp/acp_forums.php index 9044cd0e97..572ae3692a 100644 --- a/phpBB/includes/acp/acp_forums.php +++ b/phpBB/includes/acp/acp_forums.php @@ -131,11 +131,11 @@ class acp_forums 'forum_rules_link' => $request->variable('forum_rules_link', ''), 'forum_image' => $request->variable('forum_image', ''), 'forum_style' => $request->variable('forum_style', 0), - 'display_subforum_list' => $request->variable('display_subforum_list', false), - 'display_on_index' => $request->variable('display_on_index', false), + 'display_subforum_list' => $request->variable('display_subforum_list', true), + 'display_on_index' => $request->variable('display_on_index', true), 'forum_topics_per_page' => $request->variable('topics_per_page', 0), 'enable_indexing' => $request->variable('enable_indexing', true), - 'enable_icons' => $request->variable('enable_icons', false), + 'enable_icons' => $request->variable('enable_icons', true), 'enable_prune' => $request->variable('enable_prune', false), 'enable_post_review' => $request->variable('enable_post_review', true), 'enable_quick_reply' => $request->variable('enable_quick_reply', false), @@ -454,10 +454,10 @@ class acp_forums 'forum_image' => '', 'forum_style' => 0, 'display_subforum_list' => true, - 'display_on_index' => false, + 'display_on_index' => true, 'forum_topics_per_page' => 0, 'enable_indexing' => true, - 'enable_icons' => false, + 'enable_icons' => true, 'enable_prune' => false, 'prune_days' => 7, 'prune_viewed' => 7, @@ -986,10 +986,20 @@ class acp_forums $errors[] = $user->lang['FORUM_NAME_EMPTY']; } - // No Emojis + /** + * Replace Emojis and other 4bit UTF-8 chars not allowed by MySql to UCR / NCR. + * Using their Numeric Character Reference's Hexadecimal notation. + */ + $forum_data_ary['forum_name'] = utf8_encode_ucr($forum_data_ary['forum_name']); + + /** + * This should never happen again. + * Leaving the fallback here just in case there will be the need of it. + */ if (preg_match_all('/[\x{10000}-\x{10FFFF}]/u', $forum_data_ary['forum_name'], $matches)) { $character_list = implode('<br>', $matches[0]); + $errors[] = $user->lang('FORUM_NAME_EMOJI', $character_list); } @@ -1423,8 +1433,8 @@ class acp_forums * This event may be triggered, when a forum is deleted * * @event core.acp_manage_forums_move_children - * @var int from_id If of the current parent forum - * @var int to_id If of the new parent forum + * @var int from_id Id of the current parent forum + * @var int to_id Id of the new parent forum * @var array errors Array of errors, should be strings and not * language key. * @since 3.1.0-a1 @@ -1529,8 +1539,8 @@ class acp_forums * Event when we move content from one forum to another * * @event core.acp_manage_forums_move_content - * @var int from_id If of the current parent forum - * @var int to_id If of the new parent forum + * @var int from_id Id of the current parent forum + * @var int to_id Id of the new parent forum * @var bool sync Shall we sync the "to"-forum's data * @var array errors Array of errors, should be strings and not * language key. If this array is not empty, @@ -1576,6 +1586,19 @@ class acp_forums $db->sql_query($sql); } + /** + * Event when content has been moved from one forum to another + * + * @event core.acp_manage_forums_move_content_after + * @var int from_id Id of the current parent forum + * @var int to_id Id of the new parent forum + * @var bool sync Shall we sync the "to"-forum's data + * + * @since 3.2.9-RC1 + */ + $vars = array('from_id', 'to_id', 'sync'); + extract($phpbb_dispatcher->trigger_event('core.acp_manage_forums_move_content_after', compact($vars))); + if ($sync) { // Delete ghost topics that link back to the same forum then resync counters diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 3227a21e26..d2d5b503a2 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2851,10 +2851,13 @@ function get_preg_expression($mode) // Whoa these look impressive! // The code to generate the following two regular expressions which match valid IPv4/IPv6 addresses // can be found in the develop directory + + // @deprecated case 'ipv4': return '#^(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])$#'; break; + // @deprecated case 'ipv6': return '#^(?:(?:(?:[\dA-F]{1,4}:){6}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:::(?:[\dA-F]{1,4}:){0,5}(?:[\dA-F]{1,4}(?::[\dA-F]{1,4})?|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:):(?:[\dA-F]{1,4}:){4}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,2}:(?:[\dA-F]{1,4}:){3}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,3}:(?:[\dA-F]{1,4}:){2}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,4}:(?:[\dA-F]{1,4}:)(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,5}:(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,6}:[\dA-F]{1,4})|(?:(?:[\dA-F]{1,4}:){1,7}:)|(?:::))$#i'; break; @@ -2980,331 +2983,26 @@ function short_ipv6($ip, $length) * @return mixed false if specified address is not valid, * string otherwise */ -function phpbb_ip_normalise($address) +function phpbb_ip_normalise(string $address) { - $address = trim($address); - - if (empty($address) || !is_string($address)) - { - return false; - } + $ip_normalised = false; - if (preg_match(get_preg_expression('ipv4'), $address)) + if (filter_var($address, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) { - return $address; + $ip_normalised = $address; } - - return phpbb_inet_ntop(phpbb_inet_pton($address)); -} - -/** -* Wrapper for inet_ntop() -* -* Converts a packed internet address to a human readable representation -* inet_ntop() is supported by PHP since 5.1.0, since 5.3.0 also on Windows. -* -* @param string $in_addr A 32bit IPv4, or 128bit IPv6 address. -* -* @return mixed false on failure, -* string otherwise -*/ -function phpbb_inet_ntop($in_addr) -{ - $in_addr = bin2hex($in_addr); - - switch (strlen($in_addr)) + else if (filter_var($address, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) { - case 8: - return implode('.', array_map('hexdec', str_split($in_addr, 2))); - - case 32: - if (substr($in_addr, 0, 24) === '00000000000000000000ffff') - { - return phpbb_inet_ntop(pack('H*', substr($in_addr, 24))); - } - - $parts = str_split($in_addr, 4); - $parts = preg_replace('/^0+(?!$)/', '', $parts); - $ret = implode(':', $parts); + $ip_normalised = inet_ntop(inet_pton($address)); - $matches = array(); - preg_match_all('/(?<=:|^)(?::?0){2,}/', $ret, $matches, PREG_OFFSET_CAPTURE); - $matches = $matches[0]; - - if (empty($matches)) - { - return $ret; - } - - $longest_match = ''; - $longest_match_offset = 0; - foreach ($matches as $match) - { - if (strlen($match[0]) > strlen($longest_match)) - { - $longest_match = $match[0]; - $longest_match_offset = $match[1]; - } - } - - $ret = substr_replace($ret, '', $longest_match_offset, strlen($longest_match)); - - if ($longest_match_offset == strlen($ret)) - { - $ret .= ':'; - } - - if ($longest_match_offset == 0) - { - $ret = ':' . $ret; - } - - return $ret; - - default: - return false; - } -} - -/** -* Wrapper for inet_pton() -* -* Converts a human readable IP address to its packed in_addr representation -* inet_pton() is supported by PHP since 5.1.0, since 5.3.0 also on Windows. -* -* @param string $address A human readable IPv4 or IPv6 address. -* -* @return mixed false if address is invalid, -* in_addr representation of the given address otherwise (string) -*/ -function phpbb_inet_pton($address) -{ - $ret = ''; - if (preg_match(get_preg_expression('ipv4'), $address)) - { - foreach (explode('.', $address) as $part) - { - $ret .= ($part <= 0xF ? '0' : '') . dechex($part); - } - - return pack('H*', $ret); - } - - if (preg_match(get_preg_expression('ipv6'), $address)) - { - $parts = explode(':', $address); - $missing_parts = 8 - count($parts) + 1; - - if (substr($address, 0, 2) === '::') + // If is ipv4 + if (stripos($ip_normalised, '::ffff:') === 0) { - ++$missing_parts; + $ip_normalised = substr($ip_normalised, 7); } - - if (substr($address, -2) === '::') - { - ++$missing_parts; - } - - $embedded_ipv4 = false; - $last_part = end($parts); - - if (preg_match(get_preg_expression('ipv4'), $last_part)) - { - $parts[count($parts) - 1] = ''; - $last_part = phpbb_inet_pton($last_part); - $embedded_ipv4 = true; - --$missing_parts; - } - - foreach ($parts as $i => $part) - { - if (strlen($part)) - { - $ret .= str_pad($part, 4, '0', STR_PAD_LEFT); - } - else if ($i && $i < count($parts) - 1) - { - $ret .= str_repeat('0000', $missing_parts); - } - } - - $ret = pack('H*', $ret); - - if ($embedded_ipv4) - { - $ret .= $last_part; - } - - return $ret; - } - - return false; -} - -/** -* Wrapper for php's checkdnsrr function. -* -* @param string $host Fully-Qualified Domain Name -* @param string $type Resource record type to lookup -* Supported types are: MX (default), A, AAAA, NS, TXT, CNAME -* Other types may work or may not work -* -* @return mixed true if entry found, -* false if entry not found, -* null if this function is not supported by this environment -* -* Since null can also be returned, you probably want to compare the result -* with === true or === false, -*/ -function phpbb_checkdnsrr($host, $type = 'MX') -{ - // The dot indicates to search the DNS root (helps those having DNS prefixes on the same domain) - if (substr($host, -1) == '.') - { - $host_fqdn = $host; - $host = substr($host, 0, -1); - } - else - { - $host_fqdn = $host . '.'; - } - // $host has format some.host.example.com - // $host_fqdn has format some.host.example.com. - - // If we're looking for an A record we can use gethostbyname() - if ($type == 'A' && function_exists('gethostbyname')) - { - return (@gethostbyname($host_fqdn) == $host_fqdn) ? false : true; - } - - if (function_exists('checkdnsrr')) - { - return checkdnsrr($host_fqdn, $type); - } - - if (function_exists('dns_get_record')) - { - // dns_get_record() expects an integer as second parameter - // We have to convert the string $type to the corresponding integer constant. - $type_constant = 'DNS_' . $type; - $type_param = (defined($type_constant)) ? constant($type_constant) : DNS_ANY; - - // dns_get_record() might throw E_WARNING and return false for records that do not exist - $resultset = @dns_get_record($host_fqdn, $type_param); - - if (empty($resultset) || !is_array($resultset)) - { - return false; - } - else if ($type_param == DNS_ANY) - { - // $resultset is a non-empty array - return true; - } - - foreach ($resultset as $result) - { - if ( - isset($result['host']) && $result['host'] == $host && - isset($result['type']) && $result['type'] == $type - ) - { - return true; - } - } - - return false; - } - - // If we're on Windows we can still try to call nslookup via exec() as a last resort - if (DIRECTORY_SEPARATOR == '\\' && function_exists('exec')) - { - @exec('nslookup -type=' . escapeshellarg($type) . ' ' . escapeshellarg($host_fqdn), $output); - - // If output is empty, the nslookup failed - if (empty($output)) - { - return NULL; - } - - foreach ($output as $line) - { - $line = trim($line); - - if (empty($line)) - { - continue; - } - - // Squash tabs and multiple whitespaces to a single whitespace. - $line = preg_replace('/\s+/', ' ', $line); - - switch ($type) - { - case 'MX': - if (stripos($line, "$host MX") === 0) - { - return true; - } - break; - - case 'NS': - if (stripos($line, "$host nameserver") === 0) - { - return true; - } - break; - - case 'TXT': - if (stripos($line, "$host text") === 0) - { - return true; - } - break; - - case 'CNAME': - if (stripos($line, "$host canonical name") === 0) - { - return true; - } - break; - - default: - case 'AAAA': - // AAAA records returned by nslookup on Windows XP/2003 have this format. - // Later Windows versions use the A record format below for AAAA records. - if (stripos($line, "$host AAAA IPv6 address") === 0) - { - return true; - } - // No break - - case 'A': - if (!empty($host_matches)) - { - // Second line - if (stripos($line, "Address: ") === 0) - { - return true; - } - else - { - $host_matches = false; - } - } - else if (stripos($line, "Name: $host") === 0) - { - // First line - $host_matches = true; - } - break; - } - } - - return false; } - return NULL; + return $ip_normalised; } // Handler, header and footer diff --git a/phpBB/includes/functions_compatibility.php b/phpBB/includes/functions_compatibility.php index b5b60e118e..2578290875 100644 --- a/phpBB/includes/functions_compatibility.php +++ b/phpBB/includes/functions_compatibility.php @@ -601,3 +601,61 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage return $file; } + +/** +* Wrapper for php's checkdnsrr function. +* +* @param string $host Fully-Qualified Domain Name +* @param string $type Resource record type to lookup +* Supported types are: MX (default), A, AAAA, NS, TXT, CNAME +* Other types may work or may not work +* +* @return mixed true if entry found, +* false if entry not found, +* null if this function is not supported by this environment +* +* Since null can also be returned, you probably want to compare the result +* with === true or === false, +* +* @deprecated 3.3.0-b2 (To be removed: 4.0.0) +*/ +function phpbb_checkdnsrr($host, $type = 'MX') +{ + return checkdnsrr($host, $type); +} + +/* + * Wrapper for inet_ntop() + * + * Converts a packed internet address to a human readable representation + * inet_ntop() is supported by PHP since 5.1.0, since 5.3.0 also on Windows. + * + * @param string $in_addr A 32bit IPv4, or 128bit IPv6 address. + * + * @return mixed false on failure, + * string otherwise + * + * @deprecated 3.3.0-b2 (To be removed: 4.0.0) + */ +function phpbb_inet_ntop($in_addr) +{ + return inet_ntop($in_addr); +} + +/** + * Wrapper for inet_pton() + * + * Converts a human readable IP address to its packed in_addr representation + * inet_pton() is supported by PHP since 5.1.0, since 5.3.0 also on Windows. + * + * @param string $address A human readable IPv4 or IPv6 address. + * + * @return mixed false if address is invalid, + * in_addr representation of the given address otherwise (string) + * + * @deprecated 3.3.0-b2 (To be removed: 4.0.0) + */ +function phpbb_inet_pton($address) +{ + return inet_pton($address); +} diff --git a/phpBB/includes/functions_transfer.php b/phpBB/includes/functions_transfer.php index 7427b89917..f0070b4b1e 100644 --- a/phpBB/includes/functions_transfer.php +++ b/phpBB/includes/functions_transfer.php @@ -810,7 +810,7 @@ class ftp_fsock extends transfer $server_ip = substr($socket_name, 0, strrpos($socket_name, ':')); } - if (!isset($server_ip) || preg_match(get_preg_expression('ipv4'), $server_ip)) + if (isset($server_ip) && filter_var($server_ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) // ipv4 { // Passive mode $this->_send_command('PASV', '', false); @@ -831,7 +831,7 @@ class ftp_fsock extends transfer $server_ip = $temp[0] . '.' . $temp[1] . '.' . $temp[2] . '.' . $temp[3]; $server_port = $temp[4] * 256 + $temp[5]; } - else + else // ipv6 { // Extended Passive Mode - RFC2428 $this->_send_command('EPSV', '', false); diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index e0b6a9d0c6..5c94a90d9d 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1455,12 +1455,7 @@ function user_unban($mode, $ban) */ function user_ipwhois($ip) { - if (empty($ip)) - { - return ''; - } - - if (!preg_match(get_preg_expression('ipv4'), $ip) && !preg_match(get_preg_expression('ipv6'), $ip)) + if (!filter_var($ip, FILTER_VALIDATE_IP)) { return ''; } @@ -1910,7 +1905,7 @@ function phpbb_validate_email($email, $config = null) { list(, $domain) = explode('@', $email); - if (phpbb_checkdnsrr($domain, 'A') === false && phpbb_checkdnsrr($domain, 'MX') === false) + if (checkdnsrr($domain, 'A') === false && checkdnsrr($domain, 'MX') === false) { return 'DOMAIN_NO_MX_RECORD'; } diff --git a/phpBB/includes/utf/utf_tools.php b/phpBB/includes/utf/utf_tools.php index 89de454427..bb155aeae5 100644 --- a/phpBB/includes/utf/utf_tools.php +++ b/phpBB/includes/utf/utf_tools.php @@ -418,24 +418,43 @@ function utf8_recode($string, $encoding) } /** -* Replace all UTF-8 chars that are not in ASCII with their NCR -* -* @param string $text UTF-8 string in NFC -* @return string ASCII string using NCRs for non-ASCII chars -*/ + * Replace some special UTF-8 chars that are not in ASCII with their UCR. + * using their Numeric Character Reference's Hexadecimal notation. + * + * Doesn't interfere with Japanese or Cyrillic etc. + * Unicode character visualization will depend on the character support + * of your web browser and the fonts installed on your system. + * + * @see https://en.wikibooks.org/wiki/Unicode/Character_reference/1F000-1FFFF + * + * @param string $text UTF-8 string in NFC + * @return string ASCII string using NCR for non-ASCII chars + */ +function utf8_encode_ucr($text) +{ + return preg_replace_callback('/[\\xF0-\\xF4].../', 'utf8_encode_ncr_callback', $text); +} + +/** + * Replace all UTF-8 chars that are not in ASCII with their NCR + * using their Numeric Character Reference's Hexadecimal notation. + * + * @param string $text UTF-8 string in NFC + * @return string ASCII string using NCRs for non-ASCII chars + */ function utf8_encode_ncr($text) { return preg_replace_callback('#[\\xC2-\\xF4][\\x80-\\xBF]{1,3}#', 'utf8_encode_ncr_callback', $text); } /** -* Callback used in encode_ncr() -* -* Takes a UTF-8 char and replaces it with its NCR. Attention, $m is an array -* -* @param array $m 0-based numerically indexed array passed by preg_replace_callback() -* @return string A HTML NCR if the character is valid, or the original string otherwise -*/ + * Callback used in utf8_encode_ncr() and utf8_encode_ucr() + * + * Takes a UTF-8 char and replaces it with its NCR. Attention, $m is an array + * + * @param array $m 0-based numerically indexed array passed by preg_replace_callback() + * @return string A HTML NCR if the character is valid, or the original string otherwise + */ function utf8_encode_ncr_callback($m) { return '&#' . utf8_ord($m[0]) . ';'; diff --git a/phpBB/install/schemas/schema_data.sql b/phpBB/install/schemas/schema_data.sql index df8b0ba4f2..97fc23f0bf 100644 --- a/phpBB/install/schemas/schema_data.sql +++ b/phpBB/install/schemas/schema_data.sql @@ -482,7 +482,7 @@ INSERT INTO phpbb_styles (style_name, style_copyright, style_active, style_path, # -- Forums INSERT INTO phpbb_forums (forum_name, forum_desc, left_id, right_id, parent_id, forum_type, forum_posts_approved, forum_posts_unapproved, forum_posts_softdeleted, forum_topics_approved, forum_topics_unapproved, forum_topics_softdeleted, forum_last_post_id, forum_last_poster_id, forum_last_poster_name, forum_last_poster_colour, forum_last_post_time, forum_link, forum_password, forum_image, forum_rules, forum_rules_link, forum_rules_uid, forum_desc_uid, prune_days, prune_viewed, forum_parents) VALUES ('{L_FORUMS_FIRST_CATEGORY}', '', 1, 4, 0, 0, 0, 0, 0, 0, 0, 0, 1, 2, 'Admin', 'AA0000', 972086460, '', '', '', '', '', '', '', 0, 0, ''); -INSERT INTO phpbb_forums (forum_name, forum_desc, left_id, right_id, parent_id, forum_type, forum_posts_approved, forum_posts_unapproved, forum_posts_softdeleted, forum_topics_approved, forum_topics_unapproved, forum_topics_softdeleted, forum_last_post_id, forum_last_poster_id, forum_last_poster_name, forum_last_poster_colour, forum_last_post_subject, forum_last_post_time, forum_link, forum_password, forum_image, forum_rules, forum_rules_link, forum_rules_uid, forum_desc_uid, prune_days, prune_viewed, forum_parents, forum_flags) VALUES ('{L_FORUMS_TEST_FORUM_TITLE}', '{L_FORUMS_TEST_FORUM_DESC}', 2, 3, 1, 1, 1, 0, 0, 1, 0, 0, 1, 2, 'Admin', 'AA0000', '{L_TOPICS_TOPIC_TITLE}', 972086460, '', '', '', '', '', '', '', 0, 0, '', 48); +INSERT INTO phpbb_forums (forum_name, forum_desc, left_id, right_id, parent_id, forum_type, forum_posts_approved, forum_posts_unapproved, forum_posts_softdeleted, forum_topics_approved, forum_topics_unapproved, forum_topics_softdeleted, forum_last_post_id, forum_last_poster_id, forum_last_poster_name, forum_last_poster_colour, forum_last_post_subject, forum_last_post_time, forum_link, forum_password, forum_image, forum_rules, forum_rules_link, forum_rules_uid, forum_desc_uid, prune_freq, prune_days, prune_viewed, forum_parents, forum_flags) VALUES ('{L_FORUMS_TEST_FORUM_TITLE}', '{L_FORUMS_TEST_FORUM_DESC}', 2, 3, 1, 1, 1, 0, 0, 1, 0, 0, 1, 2, 'Admin', 'AA0000', '{L_TOPICS_TOPIC_TITLE}', 972086460, '', '', '', '', '', '', '', 1, 7, 7, '', 48); # -- Users / Anonymous user INSERT INTO phpbb_users (user_type, group_id, username, username_clean, user_regdate, user_password, user_email, user_lang, user_style, user_rank, user_colour, user_posts, user_permissions, user_ip, user_birthday, user_lastpage, user_last_confirm_key, user_post_sortby_type, user_post_sortby_dir, user_topic_sortby_type, user_topic_sortby_dir, user_avatar, user_sig, user_sig_bbcode_uid, user_jabber, user_actkey, user_newpasswd, user_allow_massemail) VALUES (2, 1, 'Anonymous', 'anonymous', 0, '', '', 'en', 1, 0, '', 0, '', '', '', '', '', 't', 'a', 't', 'd', '', '', '', '', '', '', 0); diff --git a/phpBB/language/en/acp/posting.php b/phpBB/language/en/acp/posting.php index 1e1c5554e1..1667aa6011 100644 --- a/phpBB/language/en/acp/posting.php +++ b/phpBB/language/en/acp/posting.php @@ -56,7 +56,6 @@ $lang = array_merge($lang, array( 'BBCODE_INVALID_TAG_NAME' => 'The BBCode tag name that you selected already exists.', 'BBCODE_INVALID' => 'Your BBCode is constructed in an invalid form.', - 'BBCODE_OPEN_ENDED_TAG' => 'Your custom BBCode must contain both an opening and a closing tag.', 'BBCODE_TAG' => 'Tag', 'BBCODE_TAG_TOO_LONG' => 'The tag name you selected is too long.', 'BBCODE_TAG_DEF_TOO_LONG' => 'The tag definition that you have entered is too long, please shorten your tag definition.', diff --git a/phpBB/phpbb/auth/provider/oauth/oauth.php b/phpBB/phpbb/auth/provider/oauth/oauth.php index 0d94acfbca..e3f8394bba 100644 --- a/phpBB/phpbb/auth/provider/oauth/oauth.php +++ b/phpBB/phpbb/auth/provider/oauth/oauth.php @@ -216,10 +216,15 @@ class oauth extends \phpbb\auth\provider\base $this->service_providers[$service_name]->set_external_service_provider($service); $unique_id = $this->service_providers[$service_name]->perform_auth_login(); - // Check to see if this provider is already assosciated with an account + /** + * Check to see if this provider is already associated with an account. + * + * Enforcing a data type to make data contains strings and not integers, + * so values are quoted in the SQL WHERE statement. + */ $data = array( - 'provider' => $service_name_original, - 'oauth_provider_id' => $unique_id + 'provider' => (string) $service_name_original, + 'oauth_provider_id' => (string) $unique_id ); $sql = 'SELECT user_id FROM ' . $this->auth_provider_oauth_token_account_assoc . ' diff --git a/phpBB/phpbb/console/command/extension/enable.php b/phpBB/phpbb/console/command/extension/enable.php index f007009aa0..504b5546b3 100644 --- a/phpBB/phpbb/console/command/extension/enable.php +++ b/phpBB/phpbb/console/command/extension/enable.php @@ -46,9 +46,11 @@ class enable extends command $extension = $this->manager->get_extension($name); - if (!$extension->is_enableable()) + if (($enableable = $extension->is_enableable()) !== true) { - $io->error($this->user->lang('CLI_EXTENSION_NOT_ENABLEABLE', $name)); + $message = !empty($enableable) ? $enableable : $this->user->lang('CLI_EXTENSION_NOT_ENABLEABLE', $name); + $message = is_array($message) ? implode(PHP_EOL, $message) : $message; + $io->error($message); return 1; } @@ -69,10 +71,7 @@ class enable extends command } else { - $enableable = $this->manager->get_extension($name)->is_enableable(); - $message = !empty($enableable) ? $enableable : $this->user->lang('CLI_EXTENSION_ENABLE_FAILURE'); - $message = is_array($message) ? implode(PHP_EOL, $message) : $message; - $io->error($message, $name); + $io->error($this->user->lang('CLI_EXTENSION_ENABLE_FAILURE', $name)); return 1; } } diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php index 7624a67b05..7c76c08b73 100644 --- a/phpBB/phpbb/session.php +++ b/phpBB/phpbb/session.php @@ -250,8 +250,7 @@ class session $ips = explode(' ', $this->forwarded_for); foreach ($ips as $ip) { - // check IPv4 first, the IPv6 is hopefully only going to be used very seldom - if (!empty($ip) && !preg_match(get_preg_expression('ipv4'), $ip) && !preg_match(get_preg_expression('ipv6'), $ip)) + if (!filter_var($ip, FILTER_VALIDATE_IP)) { // contains invalid data, don't use the forwarded for header $this->forwarded_for = ''; @@ -311,49 +310,17 @@ class session foreach ($ips as $ip) { - if (function_exists('phpbb_ip_normalise')) - { - // Normalise IP address - $ip = phpbb_ip_normalise($ip); - - if (empty($ip)) - { - // IP address is invalid. - break; - } - - // IP address is valid. - $this->ip = $ip; + // Normalise IP address + $ip = phpbb_ip_normalise($ip); - // Skip legacy code. - continue; - } - - if (preg_match(get_preg_expression('ipv4'), $ip)) - { - $this->ip = $ip; - } - else if (preg_match(get_preg_expression('ipv6'), $ip)) + if ($ip === false) { - // Quick check for IPv4-mapped address in IPv6 - if (stripos($ip, '::ffff:') === 0) - { - $ipv4 = substr($ip, 7); - - if (preg_match(get_preg_expression('ipv4'), $ipv4)) - { - $ip = $ipv4; - } - } - - $this->ip = $ip; - } - else - { - // We want to use the last valid address in the chain - // Leave foreach loop when address is invalid + // IP address is invalid. break; } + + // IP address is valid. + $this->ip = $ip; } $this->load = false; @@ -1400,7 +1367,7 @@ class session foreach ($dnsbl_check as $dnsbl => $lookup) { - if (phpbb_checkdnsrr($reverse_ip . '.' . $dnsbl . '.', 'A') === true) + if (checkdnsrr($reverse_ip . '.' . $dnsbl . '.', 'A') === true) { $info = array($dnsbl, $lookup . $ip); } @@ -1444,7 +1411,7 @@ class session { // One problem here... the return parameter for the "windows" method is different from what // we expect... this may render this check useless... - if (phpbb_checkdnsrr($uri . '.multi.uribl.com.', 'A') === true) + if (checkdnsrr($uri . '.multi.uribl.com.', 'A') === true) { return true; } diff --git a/phpBB/styles/prosilver/template/mcp_topic.html b/phpBB/styles/prosilver/template/mcp_topic.html index 090e24041e..889cab8b83 100644 --- a/phpBB/styles/prosilver/template/mcp_topic.html +++ b/phpBB/styles/prosilver/template/mcp_topic.html @@ -118,7 +118,7 @@ <!-- EVENT mcp_topic_postrow_post_details_before --> <p class="author"> - <a href="#pr{postrow.POST_ID}" title="{postrow.MINI_POST}"> + <a href="{postrow.U_MINI_POST}" title="{postrow.MINI_POST}"> <i class="icon fa-file fa-fw icon-lightgray icon-tiny" aria-hidden="true"></i><span class="sr-only">{postrow.MINI_POST}</span> </a> {L_POSTED} {postrow.POST_DATE} {L_POST_BY_AUTHOR} {% EVENT mcp_topic_post_author_full_prepend %}<strong>{postrow.POST_AUTHOR_FULL}</strong>{% EVENT mcp_topic_post_author_full_append %}<!-- IF postrow.U_MCP_DETAILS --> [ <a href="{postrow.U_MCP_DETAILS}">{L_POST_DETAILS}</a> ]<!-- ENDIF --> </p> diff --git a/phpBB/styles/prosilver/template/posting_review.html b/phpBB/styles/prosilver/template/posting_review.html index 033a88485e..e5d285e7bf 100644 --- a/phpBB/styles/prosilver/template/posting_review.html +++ b/phpBB/styles/prosilver/template/posting_review.html @@ -13,7 +13,7 @@ <!-- ENDIF --> <div class="postbody" id="ppr{post_review_row.POST_ID}"> - <h3><a href="#ppr{post_review_row.POST_ID}">{post_review_row.POST_SUBJECT}</a></h3> + <h3><a href="{post_review_row.U_MINI_POST}">{post_review_row.POST_SUBJECT}</a></h3> <p class="author"> <!-- IF S_IS_BOT --> <span><i class="icon fa-file fa-fw icon-lightgray icon-md" aria-hidden="true"></i><span class="sr-only">{post_review_row.MINI_POST}</span></span> diff --git a/phpBB/styles/prosilver/template/posting_topic_review.html b/phpBB/styles/prosilver/template/posting_topic_review.html index 8faece3447..209dadf327 100644 --- a/phpBB/styles/prosilver/template/posting_topic_review.html +++ b/phpBB/styles/prosilver/template/posting_topic_review.html @@ -24,7 +24,7 @@ <!-- ENDIF --> <div class="postbody" id="pr{topic_review_row.POST_ID}"> - <h3><a href="#pr{topic_review_row.POST_ID}">{topic_review_row.POST_SUBJECT}</a></h3> + <h3><a href="{topic_review_row.U_MINI_POST}">{topic_review_row.POST_SUBJECT}</a></h3> <!-- IF (topic_review_row.POSTER_QUOTE and topic_review_row.DECODED_MESSAGE) or topic_review_row.U_MCP_DETAILS --> <ul class="post-buttons"> diff --git a/phpBB/styles/prosilver/template/viewtopic_body.html b/phpBB/styles/prosilver/template/viewtopic_body.html index f77b99dc29..9bfa07e52b 100644 --- a/phpBB/styles/prosilver/template/viewtopic_body.html +++ b/phpBB/styles/prosilver/template/viewtopic_body.html @@ -224,7 +224,7 @@ <div id="post_content{postrow.POST_ID}"<!-- IF postrow.S_POST_HIDDEN --> style="display: none;"<!-- ENDIF -->> <!-- EVENT viewtopic_body_post_subject_before --> - <h3 <!-- IF postrow.S_FIRST_ROW -->class="first"<!-- ENDIF -->><!-- IF postrow.POST_ICON_IMG --><img src="{T_ICONS_PATH}{postrow.POST_ICON_IMG}" width="{postrow.POST_ICON_IMG_WIDTH}" height="{postrow.POST_ICON_IMG_HEIGHT}" alt="{postrow.POST_ICON_IMG_ALT}" title="{postrow.POST_ICON_IMG_ALT}" /> <!-- ENDIF --><a href="#p{postrow.POST_ID}">{postrow.POST_SUBJECT}</a></h3> + <h3 <!-- IF postrow.S_FIRST_ROW -->class="first"<!-- ENDIF -->><!-- IF postrow.POST_ICON_IMG --><img src="{T_ICONS_PATH}{postrow.POST_ICON_IMG}" width="{postrow.POST_ICON_IMG_WIDTH}" height="{postrow.POST_ICON_IMG_HEIGHT}" alt="{postrow.POST_ICON_IMG_ALT}" title="{postrow.POST_ICON_IMG_ALT}" /> <!-- ENDIF --><a href="{postrow.U_MINI_POST}">{postrow.POST_SUBJECT}</a></h3> <!-- DEFINE $SHOW_POST_BUTTONS = (postrow.U_EDIT or postrow.U_DELETE or postrow.U_REPORT or postrow.U_WARN or postrow.U_INFO or postrow.U_QUOTE) --> <!-- EVENT viewtopic_body_post_buttons_list_before --> |