diff options
Diffstat (limited to 'phpBB')
36 files changed, 289 insertions, 112 deletions
diff --git a/phpBB/adm/style/acp_posting_buttons.html b/phpBB/adm/style/acp_posting_buttons.html index c3c42f8e82..36fc285537 100644 --- a/phpBB/adm/style/acp_posting_buttons.html +++ b/phpBB/adm/style/acp_posting_buttons.html @@ -5,27 +5,6 @@ var bbcode = new Array(); var bbtags = new Array('[b]','[/b]','[i]','[/i]','[u]','[/u]','[quote]','[/quote]','[code]','[/code]','[list]','[/list]','[list=]','[/list]','[img]','[/img]','[url]','[/url]','[flash=]', '[/flash]','[size=]','[/size]'<!-- BEGIN custom_tags -->, {custom_tags.BBCODE_NAME}<!-- END custom_tags -->); - // Helpline messages - var help_line = { - b: '{LA_BBCODE_B_HELP}', - i: '{LA_BBCODE_I_HELP}', - u: '{LA_BBCODE_U_HELP}', - q: '{LA_BBCODE_Q_HELP}', - c: '{LA_BBCODE_C_HELP}', - l: '{LA_BBCODE_L_HELP}', - o: '{LA_BBCODE_O_HELP}', - p: '{LA_BBCODE_P_HELP}', - w: '{LA_BBCODE_W_HELP}', - a: '{LA_BBCODE_A_HELP}', - s: '{LA_BBCODE_S_HELP}', - f: '{LA_BBCODE_F_HELP}', - y: '{LA_BBCODE_Y_HELP}', - d: '{LA_BBCODE_D_HELP}' - <!-- BEGIN custom_tags --> - ,cb_{custom_tags.BBCODE_ID}{L_COLON} '{custom_tags.A_BBCODE_HELPLINE}' - <!-- END custom_tags --> - } - // ]]> </script> @@ -65,7 +44,7 @@ </select> <!-- EVENT acp_posting_buttons_custom_tags_before --> <!-- BEGIN custom_tags --> - <input type="button" class="button2" name="addbbcode{custom_tags.BBCODE_ID}" value="{custom_tags.BBCODE_TAG}" onclick="bbstyle({custom_tags.BBCODE_ID})" title="{custom_tags.BBCODE_HELPLINE}" /> + <input type="button" class="button2" name="addbbcode{custom_tags.BBCODE_ID}" value="{custom_tags.BBCODE_TAG}" onclick="bbstyle({custom_tags.BBCODE_ID})" title="{{ custom_tags.BBCODE_HELPLINE|e('html_attr') }}" /> <!-- END custom_tags --> </div> <!-- EVENT acp_posting_buttons_after --> diff --git a/phpBB/adm/style/permission_mask.html b/phpBB/adm/style/permission_mask.html index c556664b8c..23294d60df 100644 --- a/phpBB/adm/style/permission_mask.html +++ b/phpBB/adm/style/permission_mask.html @@ -9,6 +9,8 @@ var role_options = new Array(); + var no_role_assigned = "{LA_NO_ROLE_ASSIGNED}"; + <!-- IF S_ROLE_JS_ARRAY --> {S_ROLE_JS_ARRAY} <!-- ENDIF --> diff --git a/phpBB/adm/style/permissions.js b/phpBB/adm/style/permissions.js index 9178adab50..af8e21ad51 100644 --- a/phpBB/adm/style/permissions.js +++ b/phpBB/adm/style/permissions.js @@ -279,6 +279,10 @@ function reset_role(id) { } t.options[0].selected = true; + + var parent = t.parentNode; + parent.querySelector('span.dropdown-trigger').innerText = no_role_assigned; + parent.querySelector('input[data-name^=role]').value = '0'; } /** diff --git a/phpBB/assets/javascript/editor.js b/phpBB/assets/javascript/editor.js index 23244f5a40..24cbc09f58 100644 --- a/phpBB/assets/javascript/editor.js +++ b/phpBB/assets/javascript/editor.js @@ -18,16 +18,9 @@ var is_win = ((clientPC.indexOf('win') !== -1) || (clientPC.indexOf('16bit') !== var baseHeight; /** -* Shows the help messages in the helpline window -*/ -function helpline(help) { - document.forms[form_name].helpbox.value = help_line[help]; -} - -/** * Fix a bug involving the TextRange object. From * http://www.frostjedi.com/terra/scripts/demo/caretBug.html -*/ +*/ function initInsertions() { var doc; @@ -104,8 +97,8 @@ function bbfontstyle(bbopen, bbclose) { } // IE else if (document.selection) { - var range = textarea.createTextRange(); - range.move("character", new_pos); + var range = textarea.createTextRange(); + range.move("character", new_pos); range.select(); storeCaret(textarea); } diff --git a/phpBB/assets/javascript/plupload.js b/phpBB/assets/javascript/plupload.js index fab1ca6d7c..8c52aae819 100644 --- a/phpBB/assets/javascript/plupload.js +++ b/phpBB/assets/javascript/plupload.js @@ -90,6 +90,12 @@ phpbb.plupload.getSerializedData = function() { obj['attachment_data[' + i + '][' + key + ']'] = datum[key]; } } + + // Insert form data + var $pluploadForm = $(phpbb.plupload.config.form_hook).first(); + obj.creation_time = $pluploadForm.find('input[type=hidden][name="creation_time"]').val(); + obj.form_token = $pluploadForm.find('input[type=hidden][name="form_token"]').val(); + return obj; }; @@ -264,6 +270,17 @@ phpbb.plupload.deleteFile = function(row, attachId) { return; } + + // Handle errors while deleting file + if (typeof response.error !== 'undefined') { + phpbb.alert(phpbb.plupload.lang.ERROR, response.error.message); + + // We will have to assume that the deletion failed. So leave the file status as uploaded. + row.find('.file-status').toggleClass('file-uploaded'); + + return; + } + phpbb.plupload.update(response, 'removal', index); // Check if the user can upload files now if he had reached the max files limit. phpbb.plupload.handleMaxFilesReached(); @@ -446,6 +463,44 @@ phpbb.plupload.fileError = function(file, error) { phpbb.plupload.uploader = new plupload.Uploader(phpbb.plupload.config); phpbb.plupload.initialize(); +/** + * Add a file filter to check for max file sizes per mime type. + */ +plupload.addFileFilter('mime_types_max_file_size', function(types, file, callback) { + if (file.size !== 'undefined') { + $(types).each(function(i, type) { + let extensions = [], + extsArray = type.extensions.split(','); + + $(extsArray).each(function(i, extension) { + /^\s*\*\s*$/.test(extension) ? extensions.push("\\.*") : extensions.push("\\." + extension.replace(new RegExp("[" + "/^$.*+?|()[]{}\\".replace(/./g, "\\$&") + "]", "g"), "\\$&")); + }); + + let regex = new RegExp("(" + extensions.join("|") + ")$", "i"); + + if (regex.test(file.name)) { + if (type.max_file_size !== 'undefined' && type.max_file_size) { + if (file.size > type.max_file_size) { + phpbb.plupload.uploader.trigger('Error', { + code: plupload.FILE_SIZE_ERROR, + message: plupload.translate('File size error.'), + file: file + }); + + callback(false); + } else { + callback(true); + } + } else { + callback(true); + } + + return false; + } + }); + } +}); + var $fileList = $('#file-list'); /** diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index dc68e62f49..06cdb37b56 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -50,6 +50,7 @@ <ol> <li><a href="#changelog">Changelog</a> <ul> + <li><a href="#v328rc1">Changes since 3.2.8-RC1</a></li> <li><a href="#v327">Changes since 3.2.7</a></li> <li><a href="#v326">Changes since 3.2.6</a></li> <li><a href="#v326rc1">Changes since 3.2.6-RC1</a></li> @@ -139,6 +140,28 @@ <div class="inner"> <div class="content"> + <a name="v328rc1"></a><h3>Changes since 3.2.8-RC1</h3> + <h4>Bug</h4> + <ul> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15467">PHPBB3-15467</a>] - Permission settings do not take affect when set using All YES/NO/NEVER</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16123">PHPBB3-16123</a>] - PHP error (Array to string conversion) on new user registration if email address is banned and " Reason shown to the banned" is empty</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16136">PHPBB3-16136</a>] - Missing word in 'AUTH_PROVIDER_OAUTH_ERROR_ALREADY_LINKED' </li> + </ul> + <h4>Improvement</h4> + <ul> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16134">PHPBB3-16134</a>] - Exclude group leaders on group member purge</li> + </ul> + <h4>Security Issue</h4> + <ul> + <li>[SECURITY-243] - CSS injection via BBCode tag</li> + <li>[SECURITY-244] - Missing form token check when handling attachments</li> + <li>[SECURITY-246] - Missing form token check when managing BBCodes</li> + </ul> + <h4>Hardening</h4> + <ul> + <li>[SECURITY-247] - Disable MySQLi local infile to prevent local file inclusion</li> + </ul> + <a name="v327"></a><h3>Changes since 3.2.7</h3> <h4>Bug</h4> <ul> @@ -193,7 +216,6 @@ <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16078">PHPBB3-16078</a>] - Use chrome webdriver for UI tests</li> <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16089">PHPBB3-16089</a>] - Add core.confirm_box_ajax_before</li> <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16097">PHPBB3-16097</a>] - Add core.viewtopic_gen_sort_selects_before</li> - <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16101">PHPBB3-16101</a>] - Add Referrer-Policy header</li> <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16102">PHPBB3-16102</a>] - Add core.posting_modify_post_subject</li> <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16103">PHPBB3-16103</a>] - Add core.pm_modify_message_subject</li> <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16106">PHPBB3-16106</a>] - Add core.mcp_main_before</li> @@ -212,6 +234,10 @@ <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16112">PHPBB3-16112</a>] - Update composer dependencies to latest</li> <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16119">PHPBB3-16119</a>] - The text input for poll question has a too high maxlength attribute</li> </ul> + <h4>Hardening</h4> + <ul> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16101">PHPBB3-16101</a>] - Add Referrer-Policy header</li> + </ul> <a name="v326"></a><h3>Changes since 3.2.6</h3> <h4>Bug</h4> diff --git a/phpBB/docs/CREDITS.txt b/phpBB/docs/CREDITS.txt index 90e9a31127..596f4545fa 100644 --- a/phpBB/docs/CREDITS.txt +++ b/phpBB/docs/CREDITS.txt @@ -1,7 +1,7 @@ /** * -* phpBB © Copyright phpBB Limited 2003-2016 -* http://www.phpbb.com +* phpBB © Copyright phpBB Limited 2003-2019 +* https://www.phpbb.com * * phpBB is free software. You can redistribute it and/or modify it * under the terms of the GNU General Public License, version 2 (GPL-2.0) @@ -27,7 +27,6 @@ phpBB Developers: bantu (Andreas Fischer) Derky (Derk Ruitenbeek) Elsensee (Oliver Schramm) Hanakin (Michael Miday) - MichaelC (Michael Cullum) Nicofuma (Tristan Darricau) rubencm (Rubén Calvo) @@ -63,6 +62,7 @@ phpBB Developers: A_Jelly_Doughnut (Josh Woody) [01/2010 - 11/2010] igorw (Igor Wiedler) [08/2010 - 02/2013] imkingdavid (David King) [11/2012 - 06/2014] kellanved (Henry Sudhof) [04/2007 - 03/2011] + MichaelC (Michael Cullum) [11/2017 - 09/2019] nickvergessen (Joas Schilling)[04/2010 - 12/2015] Oleg (Oleg Pudeyev) [01/2011 - 05/2013] prototech (Cesar Gallegos) [01/2014 - 12/2016] diff --git a/phpBB/includes/acp/acp_bbcodes.php b/phpBB/includes/acp/acp_bbcodes.php index 1f7374a07f..56079061ce 100644 --- a/phpBB/includes/acp/acp_bbcodes.php +++ b/phpBB/includes/acp/acp_bbcodes.php @@ -33,7 +33,6 @@ class acp_bbcodes // Set up general vars $action = $request->variable('action', ''); $bbcode_id = $request->variable('bbcode', 0); - $submit = $request->is_set_post('submit'); $this->tpl_name = 'acp_bbcodes'; $this->page_title = 'ACP_BBCODES'; @@ -41,11 +40,6 @@ class acp_bbcodes add_form_key($form_key); - if ($submit && !check_form_key($form_key)) - { - trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); - } - // Set up mode-specific vars switch ($action) { @@ -179,6 +173,12 @@ class acp_bbcodes extract($phpbb_dispatcher->trigger_event('core.acp_bbcodes_modify_create', compact($vars))); $warn_text = preg_match('%<[^>]*\{text[\d]*\}[^>]*>%i', $bbcode_tpl); + + if (!$warn_text && !check_form_key($form_key)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + if (!$warn_text || confirm_box(true)) { $data = $this->build_regexp($bbcode_match, $bbcode_tpl); diff --git a/phpBB/includes/acp/acp_prune.php b/phpBB/includes/acp/acp_prune.php index 3eee4f7922..c5f7789de8 100644 --- a/phpBB/includes/acp/acp_prune.php +++ b/phpBB/includes/acp/acp_prune.php @@ -537,6 +537,7 @@ class acp_prune AND ug.user_id <> ' . ANONYMOUS . ' AND u.user_type <> ' . USER_FOUNDER . ' AND ug.user_pending = 0 + AND ug.group_leader = 0 AND u.user_id = ug.user_id ' . (!empty($user_ids) ? ' AND ' . $db->sql_in_set('ug.user_id', $user_ids) : ''); $result = $db->sql_query($sql); diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php index c19d48b0be..cc82fdbda3 100644 --- a/phpBB/includes/functions_admin.php +++ b/phpBB/includes/functions_admin.php @@ -543,6 +543,20 @@ function move_topics($topic_ids, $forum_id, $auto_sync = true) $topic_ids = array($topic_ids); } + /** + * Perform additional actions before topics move + * + * @event core.move_topics_before + * @var array topic_ids Array of the moved topic ids + * @var string forum_id The forum id from where the topics are moved + * @since 3.2.9-RC1 + */ + $vars = array( + 'topic_ids', + 'forum_id', + ); + extract($phpbb_dispatcher->trigger_event('core.move_topics_before', compact($vars))); + $sql = 'DELETE FROM ' . TOPICS_TABLE . ' WHERE ' . $db->sql_in_set('topic_moved_id', $topic_ids) . ' AND forum_id = ' . $forum_id; @@ -593,6 +607,22 @@ function move_topics($topic_ids, $forum_id, $auto_sync = true) } unset($table_ary); + /** + * Perform additional actions after topics move + * + * @event core.move_topics_after + * @var array topic_ids Array of the moved topic ids + * @var string forum_id The forum id from where the topics were moved + * @var array forum_ids Array of the forums where the topics were moved (includes also forum_id) + * @since 3.2.9-RC1 + */ + $vars = array( + 'topic_ids', + 'forum_id', + 'forum_ids', + ); + extract($phpbb_dispatcher->trigger_event('core.move_topics_after', compact($vars))); + if ($auto_sync) { sync('forum', 'forum_id', $forum_ids, true, true); diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php index 792467019f..ea42b1916d 100644 --- a/phpBB/includes/functions_display.php +++ b/phpBB/includes/functions_display.php @@ -547,11 +547,12 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod $last_post_subject = $last_post_subject_truncated = ''; } $last_post_time = $user->format_date($row['forum_last_post_time']); + $last_post_time_rfc3339 = gmdate(DATE_RFC3339, $row['forum_last_post_time']); $last_post_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id_last_post'] . '&p=' . $row['forum_last_post_id']) . '#p' . $row['forum_last_post_id']; } else { - $last_post_subject = $last_post_time = $last_post_url = $last_post_subject_truncated = ''; + $last_post_subject = $last_post_time = $last_post_time_rfc3339 = $last_post_url = $last_post_subject_truncated = ''; } // Output moderator listing ... if applicable @@ -622,6 +623,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod 'LAST_POST_SUBJECT' => $last_post_subject, 'LAST_POST_SUBJECT_TRUNCATED' => $last_post_subject_truncated, 'LAST_POST_TIME' => $last_post_time, + 'LAST_POST_TIME_RFC3339'=> $last_post_time_rfc3339, 'LAST_POSTER' => get_username_string('username', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']), 'LAST_POSTER_COLOUR' => get_username_string('colour', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']), 'LAST_POSTER_FULL' => get_username_string('full', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']), @@ -1117,7 +1119,6 @@ function display_custom_bbcodes() 'BBCODE_TAG' => $row['bbcode_tag'], 'BBCODE_TAG_CLEAN' => str_replace('=', '-', $row['bbcode_tag']), 'BBCODE_HELPLINE' => $row['bbcode_helpline'], - 'A_BBCODE_HELPLINE' => str_replace(array('&', '"', "'", '<', '>'), array('&', '"', "\'", '<', '>'), $row['bbcode_helpline']), ); /** diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 3bf4aa16b7..e0b6a9d0c6 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1945,9 +1945,10 @@ function validate_user_email($email, $allowed_email = false) return $validate_email; } - if (($ban = $user->check_ban(false, false, $email, true)) !== false) + $ban = $user->check_ban(false, false, $email, true); + if (!empty($ban)) { - return ($ban === true) ? 'EMAIL_BANNED' : (!empty($ban['ban_give_reason']) ? $ban['ban_give_reason'] : $ban); + return !empty($ban['ban_give_reason']) ? $ban['ban_give_reason'] : 'EMAIL_BANNED'; } if (!$config['allow_emailreuse']) diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index 0b79cca864..e1c28223dc 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -1525,6 +1525,35 @@ class parse_message extends bbcode_firstpass } /** + * Check attachment form token depending on submit type + * + * @param \phpbb\language\language $language Language + * @param \phpbb\request\request_interface $request Request + * @param string $form_name Form name for checking form key + * + * @return bool True if form token is not needed or valid, false if needed and invalid + */ + function check_attachment_form_token(\phpbb\language\language $language, \phpbb\request\request_interface $request, $form_name) + { + $add_file = $request->is_set_post('add_file'); + $delete_file = $request->is_set_post('delete_file'); + + if (($add_file || $delete_file) && !check_form_key($form_name)) + { + $this->warn_msg[] = $language->lang('FORM_INVALID'); + + if ($request->is_ajax() && $this->plupload) + { + $this->plupload->emit_error(-400, 'FORM_INVALID'); + } + + return false; + } + + return true; + } + + /** * Parse Attachments */ function parse_attachments($form_name, $mode, $forum_id, $submit, $preview, $refresh, $is_message = false) diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index cb45112b01..06baa279a5 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -26,7 +26,7 @@ if (!defined('IN_PHPBB')) function compose_pm($id, $mode, $action, $user_folders = array()) { global $template, $db, $auth, $user, $cache; - global $phpbb_root_path, $phpEx, $config; + global $phpbb_root_path, $phpEx, $config, $language; global $request, $phpbb_dispatcher, $phpbb_container; // Damn php and globals - i know, this is horrible @@ -799,7 +799,10 @@ function compose_pm($id, $mode, $action, $user_folders = array()) extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_modify_parse_before', compact($vars))); // Parse Attachments - before checksum is calculated - $message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true); + if ($message_parser->check_attachment_form_token($language, $request, 'ucp_pm_compose')) + { + $message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true); + } if (count($message_parser->warn_msg) && !($remove_u || $remove_g || $add_to || $add_bcc)) { diff --git a/phpBB/install/phpbbcli.php b/phpBB/install/phpbbcli.php index 7659b13f56..ddf17fa5f6 100755 --- a/phpBB/install/phpbbcli.php +++ b/phpBB/install/phpbbcli.php @@ -23,7 +23,7 @@ if (php_sapi_name() !== 'cli') define('IN_PHPBB', true); define('IN_INSTALL', true); define('PHPBB_ENVIRONMENT', 'production'); -define('PHPBB_VERSION', '3.2.8-RC1'); +define('PHPBB_VERSION', '3.2.8'); $phpbb_root_path = __DIR__ . '/../'; $phpEx = substr(strrchr(__FILE__, '.'), 1); diff --git a/phpBB/language/en/common.php b/phpBB/language/en/common.php index 8df8fc630b..68fe6523a2 100644 --- a/phpBB/language/en/common.php +++ b/phpBB/language/en/common.php @@ -91,7 +91,7 @@ $lang = array_merge($lang, array( 'ATTACHED_IMAGE_NOT_IMAGE' => 'The image file you tried to attach is invalid.', 'AUTHOR' => 'Author', 'AUTH_NO_PROFILE_CREATED' => 'The creation of a user profile was unsuccessful.', - 'AUTH_PROVIDER_OAUTH_ERROR_ALREADY_LINKED' => 'The account is already linked with other user.', + 'AUTH_PROVIDER_OAUTH_ERROR_ALREADY_LINKED' => 'This external service is already associated with another board account.', 'AUTH_PROVIDER_OAUTH_ERROR_INVALID_ENTRY' => 'Invalid database entry.', 'AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE' => 'Invalid service type provided to OAuth service handler.', 'AUTH_PROVIDER_OAUTH_ERROR_SERVICE_NOT_CREATED' => 'OAuth service not created', diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index ce7159c150..1343bd7c60 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -1675,7 +1675,7 @@ switch ($mode) } // do we need to display contact fields as such - $use_contact_fields = false; + $use_contact_fields = true; /** * Modify list of users before member row is created diff --git a/phpBB/phpbb/db/driver/mysqli.php b/phpBB/phpbb/db/driver/mysqli.php index d43e201526..b429ad97aa 100644 --- a/phpBB/phpbb/db/driver/mysqli.php +++ b/phpBB/phpbb/db/driver/mysqli.php @@ -68,6 +68,9 @@ class mysqli extends \phpbb\db\driver\mysql_base if ($this->db_connect_id && $this->dbname != '') { + // Disable loading local files on client side + @mysqli_options($this->db_connect_id, MYSQLI_OPT_LOCAL_INFILE, false); + @mysqli_query($this->db_connect_id, "SET NAMES 'utf8'"); // enforce strict mode on databases that support it diff --git a/phpBB/phpbb/db/migration/data/v32x/v328.php b/phpBB/phpbb/db/migration/data/v32x/v328.php new file mode 100644 index 0000000000..28ff2c7033 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v32x/v328.php @@ -0,0 +1,36 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v32x; + +class v328 extends \phpbb\db\migration\migration +{ + public function effectively_installed() + { + return phpbb_version_compare($this->config['version'], '3.2.8', '>='); + } + + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v32x\v328rc1', + ); + } + + public function update_data() + { + return array( + array('config.update', array('version', '3.2.8')), + ); + } +} diff --git a/phpBB/phpbb/filesystem/filesystem.php b/phpBB/phpbb/filesystem/filesystem.php index bfafdf5ddd..c5be284d8c 100644 --- a/phpBB/phpbb/filesystem/filesystem.php +++ b/phpBB/phpbb/filesystem/filesystem.php @@ -835,7 +835,7 @@ class filesystem implements filesystem_interface $current_path = $resolved_path . '/' . $path_part; // Resolve symlinks - if (is_link($current_path)) + if (@is_link($current_path)) { if (!function_exists('readlink')) { @@ -872,12 +872,12 @@ class filesystem implements filesystem_interface $resolved_path = false; } - else if (is_dir($current_path . '/')) + else if (@is_dir($current_path . '/')) { $resolved[] = $path_part; $resolved_path = $current_path; } - else if (is_file($current_path)) + else if (@is_file($current_path)) { $resolved[] = $path_part; $resolved_path = $current_path; diff --git a/phpBB/phpbb/message/form.php b/phpBB/phpbb/message/form.php index 63bada91ff..6573a04f8b 100644 --- a/phpBB/phpbb/message/form.php +++ b/phpBB/phpbb/message/form.php @@ -136,7 +136,7 @@ abstract class form { if (!check_form_key('memberlist_email')) { - $this->errors[] = 'FORM_INVALID'; + $this->errors[] = $this->user->lang('FORM_INVALID'); } if (!count($this->errors)) diff --git a/phpBB/phpbb/plupload/plupload.php b/phpBB/phpbb/plupload/plupload.php index eb698fb35d..9ad12b1082 100644 --- a/phpBB/phpbb/plupload/plupload.php +++ b/phpBB/phpbb/plupload/plupload.php @@ -216,38 +216,36 @@ class plupload } /** - * Looks at the list of allowed extensions and generates a string - * appropriate for use in configuring plupload with - * - * @param \phpbb\cache\service $cache - * @param string $forum_id The ID of the forum - * - * @return string - */ + * Looks at the list of allowed extensions and generates a string + * appropriate for use in configuring plupload with + * + * @param \phpbb\cache\service $cache Cache service object + * @param string $forum_id The forum identifier + * + * @return string + */ public function generate_filter_string(\phpbb\cache\service $cache, $forum_id) { + $groups = []; + $filters = []; + $attach_extensions = $cache->obtain_attach_extensions($forum_id); unset($attach_extensions['_allowed_']); - $groups = array(); // Re-arrange the extension array to $groups[$group_name][] foreach ($attach_extensions as $extension => $extension_info) { - if (!isset($groups[$extension_info['group_name']])) - { - $groups[$extension_info['group_name']] = array(); - } - - $groups[$extension_info['group_name']][] = $extension; + $groups[$extension_info['group_name']]['extensions'][] = $extension; + $groups[$extension_info['group_name']]['max_file_size'] = (int) $extension_info['max_filesize']; } - $filters = array(); - foreach ($groups as $group => $extensions) + foreach ($groups as $group => $group_info) { $filters[] = sprintf( - "{title: '%s', extensions: '%s'}", + "{title: '%s', extensions: '%s', max_file_size: %s}", addslashes(ucfirst(strtolower($group))), - addslashes(implode(',', $extensions)) + addslashes(implode(',', $group_info['extensions'])), + $group_info['max_file_size'] ); } diff --git a/phpBB/phpbb/textformatter/s9e/factory.php b/phpBB/phpbb/textformatter/s9e/factory.php index 6191b9a315..dca1c78d40 100644 --- a/phpBB/phpbb/textformatter/s9e/factory.php +++ b/phpBB/phpbb/textformatter/s9e/factory.php @@ -110,7 +110,7 @@ class factory implements \phpbb\textformatter\cache_interface 'i' => '<span style="font-style: italic"><xsl:apply-templates/></span>', 'u' => '<span style="text-decoration: underline"><xsl:apply-templates/></span>', 'img' => '<img src="{IMAGEURL}" class="postimage" alt="{L_IMAGE}"/>', - 'size' => '<span style="font-size: {FONTSIZE}%; line-height: normal"><xsl:apply-templates/></span>', + 'size' => '<span><xsl:attribute name="style"><xsl:text>font-size: </xsl:text><xsl:value-of select="substring(@size, 1, 4)"/><xsl:text>%; line-height: normal</xsl:text></xsl:attribute><xsl:apply-templates/></span>', 'color' => '<span style="color: {COLOR}"><xsl:apply-templates/></span>', 'email' => '<a> <xsl:attribute name="href"> diff --git a/phpBB/phpbb/textformatter/s9e/parser.php b/phpBB/phpbb/textformatter/s9e/parser.php index 3698dca224..a36fc63141 100644 --- a/phpBB/phpbb/textformatter/s9e/parser.php +++ b/phpBB/phpbb/textformatter/s9e/parser.php @@ -342,7 +342,7 @@ class parser implements \phpbb\textformatter\parser_interface return false; } - if ($size < 1) + if ($size < 1 || !is_numeric($size)) { return false; } diff --git a/phpBB/posting.php b/phpBB/posting.php index 5089448483..595d0f0c06 100644 --- a/phpBB/posting.php +++ b/phpBB/posting.php @@ -974,7 +974,10 @@ if ($submit || $preview || $refresh) } // Parse Attachments - before checksum is calculated - $message_parser->parse_attachments('fileupload', $mode, $forum_id, $submit, $preview, $refresh); + if ($message_parser->check_attachment_form_token($language, $request, 'posting')) + { + $message_parser->parse_attachments('fileupload', $mode, $forum_id, $submit, $preview, $refresh); + } /** * This event allows you to modify message text before parsing diff --git a/phpBB/search.php b/phpBB/search.php index 97a8f320d4..64f6041371 100644 --- a/phpBB/search.php +++ b/phpBB/search.php @@ -1093,9 +1093,12 @@ if ($keywords || $author || $author_id || $search_id || $submit) 'TOPIC_AUTHOR_COLOUR' => get_username_string('colour', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']), 'TOPIC_AUTHOR_FULL' => get_username_string('full', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']), 'FIRST_POST_TIME' => $user->format_date($row['topic_time']), + 'FIRST_POST_TIME_RFC3339' => gmdate(DATE_RFC3339, $row['topic_time']), 'LAST_POST_SUBJECT' => $row['topic_last_post_subject'], 'LAST_POST_TIME' => $user->format_date($row['topic_last_post_time']), + 'LAST_POST_TIME_RFC3339' => gmdate(DATE_RFC3339, $row['topic_last_post_time']), 'LAST_VIEW_TIME' => $user->format_date($row['topic_last_view_time']), + 'LAST_VIEW_TIME_RFC3339' => gmdate(DATE_RFC3339, $row['topic_last_view_time']), 'LAST_POST_AUTHOR' => get_username_string('username', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), 'LAST_POST_AUTHOR_COLOUR' => get_username_string('colour', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), 'LAST_POST_AUTHOR_FULL' => get_username_string('full', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), diff --git a/phpBB/styles/prosilver/template/forumlist_body.html b/phpBB/styles/prosilver/template/forumlist_body.html index 8250a1fd07..4932860f8c 100644 --- a/phpBB/styles/prosilver/template/forumlist_body.html +++ b/phpBB/styles/prosilver/template/forumlist_body.html @@ -101,7 +101,7 @@ <i class="icon fa-external-link-square fa-fw icon-lightgray icon-md" aria-hidden="true"></i><span class="sr-only">{L_VIEW_LATEST_POST}</span> </a> <!-- ENDIF --> - <br />{forumrow.LAST_POST_TIME} + <br /><time datetime="{forumrow.LAST_POST_TIME_RFC3339}">{forumrow.LAST_POST_TIME}</time> <!-- ELSE --> {% if forumrow.U_UNAPPROVED_TOPICS %} {{ lang('TOPIC_UNAPPROVED_FORUM', forumrow.TOPICS) }} diff --git a/phpBB/styles/prosilver/template/memberlist_body.html b/phpBB/styles/prosilver/template/memberlist_body.html index 5f03ad99cc..745f9a58a8 100644 --- a/phpBB/styles/prosilver/template/memberlist_body.html +++ b/phpBB/styles/prosilver/template/memberlist_body.html @@ -120,7 +120,13 @@ <tr class="<!-- IF memberrow.S_ROW_COUNT is even -->bg1<!-- ELSE -->bg2<!-- ENDIF --><!-- IF memberrow.S_INACTIVE --> inactive<!-- ENDIF -->"> <td><span class="rank-img"><!-- EVENT memberlist_body_rank_prepend --><!-- IF memberrow.RANK_IMG -->{memberrow.RANK_IMG}<!-- ELSE -->{memberrow.RANK_TITLE}<!-- ENDIF --><!-- EVENT memberlist_body_rank_append --></span><!-- IF S_IN_SEARCH_POPUP and not S_SELECT_SINGLE --><input type="checkbox" name="user" value="{memberrow.USERNAME}" /> <!-- ENDIF --><!-- EVENT memberlist_body_username_prepend -->{memberrow.USERNAME_FULL}<!-- IF memberrow.S_INACTIVE --> ({L_INACTIVE})<!-- ENDIF --><!-- EVENT memberlist_body_username_append --><!-- IF S_IN_SEARCH_POPUP --><br />[ <a href="#" onclick="insert_single_user('#results', '{memberrow.A_USERNAME}'); return false;">{L_SELECT}</a> ]<!-- ENDIF --></td> <td class="posts"><!-- IF memberrow.POSTS and S_DISPLAY_SEARCH --><a href="{memberrow.U_SEARCH_USER}" title="{L_SEARCH_USER_POSTS}">{memberrow.POSTS}</a><!-- ELSE -->{memberrow.POSTS}<!-- ENDIF --></td> - <td class="info"><!-- BEGIN custom_fields --><div>{memberrow.custom_fields.PROFILE_FIELD_VALUE}</div><!-- BEGINELSE --> <!-- END custom_fields --></td> + <td class="info"> + {%- for field in memberrow.custom_fields -%} + <div>{% if field.S_PROFILE_CONTACT %}<a href="{{ field.PROFILE_FIELD_CONTACT }}">{% endif %}{{ field.PROFILE_FIELD_VALUE }}{% if field.S_PROFILE_CONTACT %}</a>{% endif %}</div> + {%- else -%} + + {%- endfor -%} + </td> <td>{memberrow.JOINED}</td> <!-- IF S_VIEWONLINE --><td>{memberrow.LAST_ACTIVE} </td><!-- ENDIF --> {% EVENT memberlist_body_memberrow_after %} diff --git a/phpBB/styles/prosilver/template/navbar_header.html b/phpBB/styles/prosilver/template/navbar_header.html index dc29285922..d34123adfc 100644 --- a/phpBB/styles/prosilver/template/navbar_header.html +++ b/phpBB/styles/prosilver/template/navbar_header.html @@ -160,7 +160,7 @@ </li> <!-- ENDIF --> <!-- EVENT navbar_header_user_profile_append --> - <!-- ELSE --> + <!-- ELSE IF not S_IS_BOT --> <li class="rightside" data-skip-responsive="true"> <a href="{U_LOGIN_LOGOUT}" title="{L_LOGIN_LOGOUT}" accesskey="x" role="menuitem"> <i class="icon fa-power-off fa-fw" aria-hidden="true"></i><span>{L_LOGIN_LOGOUT}</span> diff --git a/phpBB/styles/prosilver/template/plupload.html b/phpBB/styles/prosilver/template/plupload.html index 1eb84372e8..9425b7d769 100644 --- a/phpBB/styles/prosilver/template/plupload.html +++ b/phpBB/styles/prosilver/template/plupload.html @@ -45,7 +45,14 @@ phpbb.plupload = { max_file_size: '{FILESIZE}b', chunk_size: '{CHUNK_SIZE}b', unique_names: true, - filters: [{FILTERS}], + filters: { + mime_types: [ + {FILTERS} + ], + mime_types_max_file_size: [ + {FILTERS} + ], + }, {S_RESIZE} headers: {'X-PHPBB-USING-PLUPLOAD': '1', 'X-Requested-With': 'XMLHttpRequest'}, file_data_name: 'fileupload', @@ -57,6 +64,7 @@ phpbb.plupload = { lang: { ERROR: '{LA_ERROR}', TOO_MANY_ATTACHMENTS: '{LA_TOO_MANY_ATTACHMENTS}', + FORM_INVALID: '{LA_FORM_INVALID}', }, order: '{ATTACH_ORDER}', maxFiles: {MAX_ATTACHMENTS}, diff --git a/phpBB/styles/prosilver/template/posting_buttons.html b/phpBB/styles/prosilver/template/posting_buttons.html index 122afdf978..cb305eee4b 100644 --- a/phpBB/styles/prosilver/template/posting_buttons.html +++ b/phpBB/styles/prosilver/template/posting_buttons.html @@ -10,27 +10,6 @@ var bbtags = new Array('[b]','[/b]','[i]','[/i]','[u]','[/u]','[quote]','[/quote]','[code]','[/code]','[list]','[/list]','[list=]','[/list]','[img]','[/img]','[url]','[/url]','[flash=]', '[/flash]','[size=]','[/size]'<!-- BEGIN custom_tags -->, {custom_tags.BBCODE_NAME}<!-- END custom_tags -->); var imageTag = false; - // Helpline messages - var help_line = { - b: '{LA_BBCODE_B_HELP}', - i: '{LA_BBCODE_I_HELP}', - u: '{LA_BBCODE_U_HELP}', - q: '{LA_BBCODE_Q_HELP}', - c: '{LA_BBCODE_C_HELP}', - l: '{LA_BBCODE_L_HELP}', - o: '{LA_BBCODE_O_HELP}', - p: '{LA_BBCODE_P_HELP}', - w: '{LA_BBCODE_W_HELP}', - a: '{LA_BBCODE_A_HELP}', - s: '{LA_BBCODE_S_HELP}', - f: '{LA_BBCODE_F_HELP}', - y: '{LA_BBCODE_Y_HELP}', - d: '{LA_BBCODE_D_HELP}' - <!-- BEGIN custom_tags --> - ,cb_{custom_tags.BBCODE_ID}: '{custom_tags.A_BBCODE_HELPLINE}' - <!-- END custom_tags --> - } - function change_palette() { phpbb.toggleDisplay('colour_palette'); @@ -117,7 +96,7 @@ <!-- EVENT posting_editor_buttons_custom_tags_before --> <!-- BEGIN custom_tags --> - <button type="button" class="button button-secondary bbcode-{custom_tags.BBCODE_TAG_CLEAN}" name="addbbcode{custom_tags.BBCODE_ID}" value="{custom_tags.BBCODE_TAG}" onclick="bbstyle({custom_tags.BBCODE_ID})" title="{custom_tags.BBCODE_HELPLINE}"> + <button type="button" class="button button-secondary bbcode-{custom_tags.BBCODE_TAG_CLEAN}" name="addbbcode{custom_tags.BBCODE_ID}" value="{custom_tags.BBCODE_TAG}" onclick="bbstyle({custom_tags.BBCODE_ID})" title="{{ custom_tags.BBCODE_HELPLINE|e('html_attr') }}"> {custom_tags.BBCODE_TAG} </button> <!-- END custom_tags --> diff --git a/phpBB/styles/prosilver/template/search_results.html b/phpBB/styles/prosilver/template/search_results.html index 391afa4d7f..9ee13a4224 100644 --- a/phpBB/styles/prosilver/template/search_results.html +++ b/phpBB/styles/prosilver/template/search_results.html @@ -108,7 +108,7 @@ <!-- IF not S_IS_BOT --> <div class="responsive-show" style="display: none;"> - {L_LAST_POST} {L_POST_BY_AUTHOR} <!-- EVENT search_results_last_post_author_username_prepend -->{searchresults.LAST_POST_AUTHOR_FULL}<!-- EVENT search_results_last_post_author_username_append --> « <a href="{searchresults.U_LAST_POST}" title="{L_GOTO_LAST_POST}">{searchresults.LAST_POST_TIME}</a> + {L_LAST_POST} {L_POST_BY_AUTHOR} <!-- EVENT search_results_last_post_author_username_prepend -->{searchresults.LAST_POST_AUTHOR_FULL}<!-- EVENT search_results_last_post_author_username_append --> « <a href="{searchresults.U_LAST_POST}" title="{L_GOTO_LAST_POST}"><time datetime="{searchresults.LAST_POST_TIME_RFC3339}">{searchresults.LAST_POST_TIME}</time></a> <br />{L_POSTED} {L_IN} <a href="{searchresults.U_VIEW_FORUM}">{searchresults.FORUM_TITLE}</a> </div> <!-- IF searchresults.TOPIC_REPLIES --><span class="responsive-show left-box" style="display: none;">{L_REPLIES}{L_COLON} <strong>{searchresults.TOPIC_REPLIES}</strong></span><!-- ENDIF --> @@ -118,7 +118,7 @@ <!-- IF searchresults.S_HAS_POLL --><i class="icon fa-bar-chart fa-fw" aria-hidden="true"></i><!-- ENDIF --> <!-- IF searchresults.ATTACH_ICON_IMG --><i class="icon fa-paperclip fa-fw" aria-hidden="true"></i><!-- ENDIF --> {% EVENT topiclist_row_topic_by_author_before %} - {L_POST_BY_AUTHOR} <!-- EVENT search_results_topic_author_username_prepend -->{searchresults.TOPIC_AUTHOR_FULL}<!-- EVENT search_results_topic_author_username_append --> » {searchresults.FIRST_POST_TIME} » {L_IN} <a href="{searchresults.U_VIEW_FORUM}">{searchresults.FORUM_TITLE}</a> + {L_POST_BY_AUTHOR} <!-- EVENT search_results_topic_author_username_prepend -->{searchresults.TOPIC_AUTHOR_FULL}<!-- EVENT search_results_topic_author_username_append --> » <time datetime="{searchresults.FIRST_POST_TIME_RFC3339}">{searchresults.FIRST_POST_TIME}</time> » {L_IN} <a href="{searchresults.U_VIEW_FORUM}">{searchresults.FORUM_TITLE}</a> {% EVENT topiclist_row_topic_by_author_after %} </div> @@ -150,7 +150,7 @@ <i class="icon fa-external-link-square fa-fw icon-lightgray icon-md" aria-hidden="true"></i><span class="sr-only">{VIEW_LATEST_POST}</span> </a> <!-- ENDIF --> - <br />{searchresults.LAST_POST_TIME} + <br /><time datetime="{searchresults.LAST_POST_TIME_RFC3339}">{searchresults.LAST_POST_TIME}</time> </span> </dd> </dl> diff --git a/phpBB/styles/prosilver/template/viewforum_body.html b/phpBB/styles/prosilver/template/viewforum_body.html index 1827738019..40beb784d7 100644 --- a/phpBB/styles/prosilver/template/viewforum_body.html +++ b/phpBB/styles/prosilver/template/viewforum_body.html @@ -187,7 +187,7 @@ <!-- IF not S_IS_BOT --> <div class="responsive-show" style="display: none;"> - {L_LAST_POST} {L_POST_BY_AUTHOR} <!-- EVENT viewforum_body_last_post_author_username_prepend -->{topicrow.LAST_POST_AUTHOR_FULL}<!-- EVENT viewforum_body_last_post_author_username_append --> « <a href="{topicrow.U_LAST_POST}" title="{L_GOTO_LAST_POST}">{topicrow.LAST_POST_TIME}</a> + {L_LAST_POST} {L_POST_BY_AUTHOR} <!-- EVENT viewforum_body_last_post_author_username_prepend -->{topicrow.LAST_POST_AUTHOR_FULL}<!-- EVENT viewforum_body_last_post_author_username_append --> « <a href="{topicrow.U_LAST_POST}" title="{L_GOTO_LAST_POST}"><time datetime="{topicrow.LAST_POST_TIME_RFC3339}">{topicrow.LAST_POST_TIME}</time></a> <!-- IF topicrow.S_POST_GLOBAL and FORUM_ID != topicrow.FORUM_ID --><br />{L_POSTED} {L_IN} <a href="{topicrow.U_VIEW_FORUM}">{topicrow.FORUM_NAME}</a><!-- ENDIF --> </div> <!-- IF topicrow.REPLIES --> @@ -199,7 +199,7 @@ <!-- IF topicrow.S_HAS_POLL --><i class="icon fa-bar-chart fa-fw" aria-hidden="true"></i><!-- ENDIF --> <!-- IF topicrow.ATTACH_ICON_IMG --><i class="icon fa-paperclip fa-fw" aria-hidden="true"></i><!-- ENDIF --> {% EVENT topiclist_row_topic_by_author_before %} - {L_POST_BY_AUTHOR} <!-- EVENT viewforum_body_topic_author_username_prepend -->{topicrow.TOPIC_AUTHOR_FULL}<!-- EVENT viewforum_body_topic_author_username_append --> » {topicrow.FIRST_POST_TIME} + {L_POST_BY_AUTHOR} <!-- EVENT viewforum_body_topic_author_username_prepend -->{topicrow.TOPIC_AUTHOR_FULL}<!-- EVENT viewforum_body_topic_author_username_append --> » <time datetime="{topicrow.FIRST_POST_TIME_RFC3339}">{topicrow.FIRST_POST_TIME}</time> {% EVENT topiclist_row_topic_by_author_after %} <!-- IF topicrow.S_POST_GLOBAL and FORUM_ID != topicrow.FORUM_ID --> » {L_IN} <a href="{topicrow.U_VIEW_FORUM}">{topicrow.FORUM_NAME}</a><!-- ENDIF --> </div> @@ -232,7 +232,7 @@ <i class="icon fa-external-link-square fa-fw icon-lightgray icon-md" aria-hidden="true"></i><span class="sr-only">{VIEW_LATEST_POST}</span> </a> <!-- ENDIF --> - <br />{topicrow.LAST_POST_TIME} + <br /><time datetime="{topicrow.LAST_POST_TIME_RFC3339}">{topicrow.LAST_POST_TIME}</time> </span> </dd> </dl> diff --git a/phpBB/styles/prosilver/template/viewtopic_body.html b/phpBB/styles/prosilver/template/viewtopic_body.html index 8d7e26f099..f77b99dc29 100644 --- a/phpBB/styles/prosilver/template/viewtopic_body.html +++ b/phpBB/styles/prosilver/template/viewtopic_body.html @@ -289,7 +289,7 @@ <i class="icon fa-file fa-fw <!-- IF postrow.S_UNREAD_POST -->icon-red<!-- ELSE -->icon-lightgray<!-- ENDIF --> icon-md" aria-hidden="true"></i><span class="sr-only">{postrow.MINI_POST}</span> </a> <!-- ENDIF --> - <span class="responsive-hide">{L_POST_BY_AUTHOR} <strong>{postrow.POST_AUTHOR_FULL}</strong> » </span>{postrow.POST_DATE} + <span class="responsive-hide">{L_POST_BY_AUTHOR} <strong>{postrow.POST_AUTHOR_FULL}</strong> » </span><time datetime="{postrow.POST_DATE_RFC3339}">{postrow.POST_DATE}</time> </p> <!-- EVENT viewtopic_body_postrow_post_details_after --> diff --git a/phpBB/viewforum.php b/phpBB/viewforum.php index 72c96e2d2d..0a5484cdf2 100644 --- a/phpBB/viewforum.php +++ b/phpBB/viewforum.php @@ -933,9 +933,12 @@ if (count($topic_list)) 'TOPIC_AUTHOR_COLOUR' => get_username_string('colour', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']), 'TOPIC_AUTHOR_FULL' => get_username_string('full', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']), 'FIRST_POST_TIME' => $user->format_date($row['topic_time']), + 'FIRST_POST_TIME_RFC3339' => gmdate(DATE_RFC3339, $row['topic_time']), 'LAST_POST_SUBJECT' => censor_text($row['topic_last_post_subject']), 'LAST_POST_TIME' => $user->format_date($row['topic_last_post_time']), + 'LAST_POST_TIME_RFC3339' => gmdate(DATE_RFC3339, $row['topic_last_post_time']), 'LAST_VIEW_TIME' => $user->format_date($row['topic_last_view_time']), + 'LAST_VIEW_TIME_RFC3339' => gmdate(DATE_RFC3339, $row['topic_last_view_time']), 'LAST_POST_AUTHOR' => get_username_string('username', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), 'LAST_POST_AUTHOR_COLOUR' => get_username_string('colour', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), 'LAST_POST_AUTHOR_FULL' => get_username_string('full', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index 0c2be8c52e..4e502538c8 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -2044,6 +2044,7 @@ for ($i = 0, $end = count($post_list); $i < $end; ++$i) 'CONTACT_USER' => $user_cache[$poster_id]['contact_user'], 'POST_DATE' => $user->format_date($row['post_time'], false, ($view == 'print') ? true : false), + 'POST_DATE_RFC3339' => gmdate(DATE_RFC3339, $row['post_time']), 'POST_SUBJECT' => $row['post_subject'], 'MESSAGE' => $message, 'SIGNATURE' => ($row['enable_sig']) ? $user_cache[$poster_id]['sig'] : '', @@ -2359,12 +2360,25 @@ if ($s_can_vote || $s_quick_reply) ($s_notify) ? $qr_hidden_fields['notify'] = 1 : true; ($topic_data['topic_status'] == ITEM_LOCKED) ? $qr_hidden_fields['lock_topic'] = 1 : true; - $template->assign_vars(array( + $tpl_ary = [ 'S_QUICK_REPLY' => true, 'U_QR_ACTION' => append_sid("{$phpbb_root_path}posting.$phpEx", "mode=reply&f=$forum_id&t=$topic_id"), 'QR_HIDDEN_FIELDS' => build_hidden_fields($qr_hidden_fields), 'SUBJECT' => 'Re: ' . censor_text($topic_data['topic_title']), - )); + ]; + + /** + * Event after the quick-reply has been setup + * + * @event core.viewtopic_modify_quick_reply_template_vars + * @var array tpl_ary Array with template data + * @var array topic_data Array with topic data + * @since 3.2.9-RC1 + */ + $vars = ['tpl_ary', 'topic_data']; + extract($phpbb_dispatcher->trigger_event('core.viewtopic_modify_quick_reply_template_vars', compact($vars))); + + $template->assign_vars($tpl_ary); } } // now I have the urge to wash my hands :( |