diff options
Diffstat (limited to 'phpBB')
69 files changed, 560 insertions, 205 deletions
diff --git a/phpBB/adm/style/acp_attachments.html b/phpBB/adm/style/acp_attachments.html index 6129d6a1a5..7a66f170ac 100644 --- a/phpBB/adm/style/acp_attachments.html +++ b/phpBB/adm/style/acp_attachments.html @@ -110,7 +110,7 @@ <!-- ELSEIF S_EXTENSION_GROUPS --> <!-- IF S_EDIT_GROUP --> - <script type="text/javascript" defer="defer"> + <script> // <![CDATA[ function update_image(newimage) { diff --git a/phpBB/adm/style/acp_ban.html b/phpBB/adm/style/acp_ban.html index f2249941a5..d0eab75ad8 100644 --- a/phpBB/adm/style/acp_ban.html +++ b/phpBB/adm/style/acp_ban.html @@ -8,7 +8,7 @@ <p>{L_EXPLAIN}</p> -<script type="text/javascript"> +<script> // <![CDATA[ var ban_length = new Array(); diff --git a/phpBB/adm/style/acp_contact.html b/phpBB/adm/style/acp_contact.html index 828fd4b659..d63fd08a3a 100644 --- a/phpBB/adm/style/acp_contact.html +++ b/phpBB/adm/style/acp_contact.html @@ -1,6 +1,6 @@ <!-- INCLUDE overall_header.html --> -<script type="text/javascript"> +<script> // <![CDATA[ var form_name = 'acp_contact'; diff --git a/phpBB/adm/style/acp_database.html b/phpBB/adm/style/acp_database.html index cc0b57b411..d3433a8aa6 100644 --- a/phpBB/adm/style/acp_database.html +++ b/phpBB/adm/style/acp_database.html @@ -35,7 +35,7 @@ <p>{L_ACP_BACKUP_EXPLAIN}</p> - <script type="text/javascript"> + <script> // <![CDATA[ function selector(bool) diff --git a/phpBB/adm/style/acp_forums.html b/phpBB/adm/style/acp_forums.html index 965438ff67..20bcd2e9f9 100644 --- a/phpBB/adm/style/acp_forums.html +++ b/phpBB/adm/style/acp_forums.html @@ -4,7 +4,7 @@ <!-- IF S_EDIT_FORUM --> - <script type="text/javascript"> + <script> // <![CDATA[ /** * Handle displaying/hiding several options based on the forum type @@ -405,7 +405,7 @@ <!-- ELSEIF S_CONTINUE_SYNC --> - <script type="text/javascript"> + <script> // <![CDATA[ var close_waitscreen = 0; // no scrollbars... @@ -421,7 +421,7 @@ <!-- ELSE --> - <script type="text/javascript"> + <script> // <![CDATA[ /** * Popup search progress bar @@ -447,7 +447,7 @@ <!-- ENDIF --> <!-- IF S_RESYNCED --> - <script type="text/javascript"> + <script> // <![CDATA[ var close_waitscreen = 1; // ]]> diff --git a/phpBB/adm/style/acp_groups.html b/phpBB/adm/style/acp_groups.html index d0096370d9..723a190899 100644 --- a/phpBB/adm/style/acp_groups.html +++ b/phpBB/adm/style/acp_groups.html @@ -36,10 +36,12 @@ <dl> <dt><label for="group_type">{L_GROUP_TYPE}{L_COLON}</label><br /><span>{L_GROUP_TYPE_EXPLAIN}</span></dt> <dd> + {% EVENT acp_group_types_prepend %} <label><input name="group_type" type="radio" class="radio" id="group_type" value="{GROUP_TYPE_FREE}"{GROUP_FREE} /> {L_GROUP_OPEN}</label> <label><input name="group_type" type="radio" class="radio" value="{GROUP_TYPE_OPEN}"{GROUP_OPEN} /> {L_GROUP_REQUEST}</label> <label><input name="group_type" type="radio" class="radio" value="{GROUP_TYPE_CLOSED}"{GROUP_CLOSED} /> {L_GROUP_CLOSED}</label> <label><input name="group_type" type="radio" class="radio" value="{GROUP_TYPE_HIDDEN}"{GROUP_HIDDEN} /> {L_GROUP_HIDDEN}</label> + {% EVENT acp_group_types_append %} </dd> </dl> <!-- ELSE --> diff --git a/phpBB/adm/style/acp_icons.html b/phpBB/adm/style/acp_icons.html index 5493cbde0a..45fe7f8ebc 100644 --- a/phpBB/adm/style/acp_icons.html +++ b/phpBB/adm/style/acp_icons.html @@ -4,7 +4,7 @@ <!-- IF S_EDIT --> - <script type="text/javascript" defer="defer"> + <script> // <![CDATA[ <!-- IF S_ADD_CODE --> diff --git a/phpBB/adm/style/acp_modules.html b/phpBB/adm/style/acp_modules.html index 3c97706e6a..f4040daaed 100644 --- a/phpBB/adm/style/acp_modules.html +++ b/phpBB/adm/style/acp_modules.html @@ -4,7 +4,7 @@ <!-- IF S_EDIT_MODULE --> - <script type="text/javascript"> + <script> // <![CDATA[ function display_options(value) { diff --git a/phpBB/adm/style/acp_permission_roles.html b/phpBB/adm/style/acp_permission_roles.html index b3137f134c..670d5e14c0 100644 --- a/phpBB/adm/style/acp_permission_roles.html +++ b/phpBB/adm/style/acp_permission_roles.html @@ -4,7 +4,7 @@ <!-- IF S_EDIT --> - <script type="text/javascript"> + <script> // <![CDATA[ var active_pmask = '0'; var active_fmask = '0'; @@ -20,7 +20,7 @@ // ]]> </script> - <script type="text/javascript" src="style/permissions.js"></script> + <script src="style/permissions.js"></script> <a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">« {L_BACK}</a> diff --git a/phpBB/adm/style/acp_posting_buttons.html b/phpBB/adm/style/acp_posting_buttons.html index c3c42f8e82..614d6fae40 100644 --- a/phpBB/adm/style/acp_posting_buttons.html +++ b/phpBB/adm/style/acp_posting_buttons.html @@ -1,31 +1,10 @@ -<script type="text/javascript"> +<script> // <![CDATA[ // Define the bbCode tags var bbcode = new Array(); var bbtags = new Array('[b]','[/b]','[i]','[/i]','[u]','[/u]','[quote]','[/quote]','[code]','[/code]','[list]','[/list]','[list=]','[/list]','[img]','[/img]','[url]','[/url]','[flash=]', '[/flash]','[size=]','[/size]'<!-- BEGIN custom_tags -->, {custom_tags.BBCODE_NAME}<!-- END custom_tags -->); - // Helpline messages - var help_line = { - b: '{LA_BBCODE_B_HELP}', - i: '{LA_BBCODE_I_HELP}', - u: '{LA_BBCODE_U_HELP}', - q: '{LA_BBCODE_Q_HELP}', - c: '{LA_BBCODE_C_HELP}', - l: '{LA_BBCODE_L_HELP}', - o: '{LA_BBCODE_O_HELP}', - p: '{LA_BBCODE_P_HELP}', - w: '{LA_BBCODE_W_HELP}', - a: '{LA_BBCODE_A_HELP}', - s: '{LA_BBCODE_S_HELP}', - f: '{LA_BBCODE_F_HELP}', - y: '{LA_BBCODE_Y_HELP}', - d: '{LA_BBCODE_D_HELP}' - <!-- BEGIN custom_tags --> - ,cb_{custom_tags.BBCODE_ID}{L_COLON} '{custom_tags.A_BBCODE_HELPLINE}' - <!-- END custom_tags --> - } - // ]]> </script> @@ -65,7 +44,7 @@ </select> <!-- EVENT acp_posting_buttons_custom_tags_before --> <!-- BEGIN custom_tags --> - <input type="button" class="button2" name="addbbcode{custom_tags.BBCODE_ID}" value="{custom_tags.BBCODE_TAG}" onclick="bbstyle({custom_tags.BBCODE_ID})" title="{custom_tags.BBCODE_HELPLINE}" /> + <input type="button" class="button2" name="addbbcode{custom_tags.BBCODE_ID}" value="{custom_tags.BBCODE_TAG}" onclick="bbstyle({custom_tags.BBCODE_ID})" title="{{ custom_tags.BBCODE_HELPLINE|e('html_attr') }}" /> <!-- END custom_tags --> </div> <!-- EVENT acp_posting_buttons_after --> diff --git a/phpBB/adm/style/acp_ranks.html b/phpBB/adm/style/acp_ranks.html index e67c9acd80..d373657114 100644 --- a/phpBB/adm/style/acp_ranks.html +++ b/phpBB/adm/style/acp_ranks.html @@ -6,7 +6,7 @@ <a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">« {L_BACK}</a> - <script type="text/javascript"> + <script> // <![CDATA[ function update_image(newimage) { diff --git a/phpBB/adm/style/acp_search.html b/phpBB/adm/style/acp_search.html index f7ad3c5e89..99620058dc 100644 --- a/phpBB/adm/style/acp_search.html +++ b/phpBB/adm/style/acp_search.html @@ -69,7 +69,7 @@ <!-- ELSEIF S_INDEX --> - <script type="text/javascript"> + <script> // <![CDATA[ /** * Popup search progress bar diff --git a/phpBB/adm/style/acp_users_overview.html b/phpBB/adm/style/acp_users_overview.html index 506101c3f7..2af669a41f 100644 --- a/phpBB/adm/style/acp_users_overview.html +++ b/phpBB/adm/style/acp_users_overview.html @@ -79,7 +79,7 @@ <!-- IF not S_USER_FOUNDER or S_FOUNDER --> - <script type="text/javascript"> + <script> // <![CDATA[ function display_reason(option) diff --git a/phpBB/adm/style/acp_users_prefs.html b/phpBB/adm/style/acp_users_prefs.html index 484c5b3976..358f3d5248 100644 --- a/phpBB/adm/style/acp_users_prefs.html +++ b/phpBB/adm/style/acp_users_prefs.html @@ -1,4 +1,4 @@ -<script type="text/javascript"> +<script> // <![CDATA[ var default_dateformat = '{A_DEFAULT_DATEFORMAT}'; // ]]> diff --git a/phpBB/adm/style/acp_users_signature.html b/phpBB/adm/style/acp_users_signature.html index c7ec5cc0eb..180c24c96d 100644 --- a/phpBB/adm/style/acp_users_signature.html +++ b/phpBB/adm/style/acp_users_signature.html @@ -1,4 +1,4 @@ -<script type="text/javascript"> +<script> // <![CDATA[ var form_name = 'user_signature'; diff --git a/phpBB/adm/style/installer_footer.html b/phpBB/adm/style/installer_footer.html index 54e6951a12..8b3b04d8a5 100644 --- a/phpBB/adm/style/installer_footer.html +++ b/phpBB/adm/style/installer_footer.html @@ -13,7 +13,7 @@ </div> </div> -<script type="text/javascript"> +<script> <!-- installLang = { title: '{LA_TIMEOUT_DETECTED_TITLE}', @@ -22,9 +22,9 @@ installLang = { //--> </script> -<script type="text/javascript" src="{T_JQUERY_LINK}"></script> -<!-- IF S_ALLOW_CDN --><script type="text/javascript">window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery.min.js">\x3C/script>');</script><!-- ENDIF --> -<script type="text/javascript" src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script> +<script src="{T_JQUERY_LINK}"></script> +<!-- IF S_ALLOW_CDN --><script>window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery.min.js">\x3C/script>');</script><!-- ENDIF --> +<script src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script> <!-- INCLUDEJS admin.js --> {$SCRIPTS} diff --git a/phpBB/adm/style/overall_footer.html b/phpBB/adm/style/overall_footer.html index 8745286d64..3ab633e04b 100644 --- a/phpBB/adm/style/overall_footer.html +++ b/phpBB/adm/style/overall_footer.html @@ -33,9 +33,9 @@ </div> </div> -<script type="text/javascript" src="{T_JQUERY_LINK}"></script> -<!-- IF S_ALLOW_CDN --><script type="text/javascript">window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery.min.js?assets_version={T_ASSETS_VERSION}">\x3C/script>');</script><!-- ENDIF --> -<script type="text/javascript" src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script> +<script src="{T_JQUERY_LINK}"></script> +<!-- IF S_ALLOW_CDN --><script>window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery.min.js?assets_version={T_ASSETS_VERSION}">\x3C/script>');</script><!-- ENDIF --> +<script src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script> <!-- INCLUDEJS ajax.js --> <!-- INCLUDEJS admin.js --> diff --git a/phpBB/adm/style/overall_header.html b/phpBB/adm/style/overall_header.html index 8279ac34dc..fa361d6016 100644 --- a/phpBB/adm/style/overall_header.html +++ b/phpBB/adm/style/overall_header.html @@ -10,7 +10,7 @@ <link href="{T_FONT_AWESOME_LINK}" rel="stylesheet"> <link href="style/admin.css?assets_version={T_ASSETS_VERSION}" rel="stylesheet" type="text/css" media="screen" /> -<script type="text/javascript"> +<script> // <![CDATA[ var jump_page = '{LA_JUMP_PAGE}{L_COLON}'; var on_page = '{CURRENT_PAGE}'; diff --git a/phpBB/adm/style/permission_mask.html b/phpBB/adm/style/permission_mask.html index c556664b8c..26aa5e098f 100644 --- a/phpBB/adm/style/permission_mask.html +++ b/phpBB/adm/style/permission_mask.html @@ -1,5 +1,5 @@ -<script type="text/javascript"> +<script> // <![CDATA[ var active_pmask = '0'; var active_fmask = '0'; @@ -9,12 +9,14 @@ var role_options = new Array(); + var no_role_assigned = "{LA_NO_ROLE_ASSIGNED}"; + <!-- IF S_ROLE_JS_ARRAY --> {S_ROLE_JS_ARRAY} <!-- ENDIF --> // ]]> </script> -<script type="text/javascript" src="style/permissions.js"></script> +<script src="style/permissions.js"></script> <!-- BEGIN p_mask --> <div class="clearfix"></div> diff --git a/phpBB/adm/style/permissions.js b/phpBB/adm/style/permissions.js index 9178adab50..af8e21ad51 100644 --- a/phpBB/adm/style/permissions.js +++ b/phpBB/adm/style/permissions.js @@ -279,6 +279,10 @@ function reset_role(id) { } t.options[0].selected = true; + + var parent = t.parentNode; + parent.querySelector('span.dropdown-trigger').innerText = no_role_assigned; + parent.querySelector('input[data-name^=role]').value = '0'; } /** diff --git a/phpBB/adm/style/progress_bar.html b/phpBB/adm/style/progress_bar.html index 1822675c15..1e58257ff0 100644 --- a/phpBB/adm/style/progress_bar.html +++ b/phpBB/adm/style/progress_bar.html @@ -1,6 +1,6 @@ <!-- INCLUDE simple_header.html --> -<script type="text/javascript"> +<script> // <![CDATA[ /** * Close previously opened popup @@ -31,7 +31,7 @@ <p>{L_PROGRESS_EXPLAIN}</p> </div> -<script type="text/javascript"> +<script> // <![CDATA[ close_popup(); // ]]> diff --git a/phpBB/adm/style/simple_footer.html b/phpBB/adm/style/simple_footer.html index 08ee0a739f..4b54b83373 100644 --- a/phpBB/adm/style/simple_footer.html +++ b/phpBB/adm/style/simple_footer.html @@ -16,9 +16,9 @@ </div> -<script type="text/javascript" src="{T_JQUERY_LINK}"></script> -<!-- IF S_ALLOW_CDN --><script type="text/javascript">window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery.min.js?assets_version={T_ASSETS_VERSION}">\x3C/script>');</script><!-- ENDIF --> -<script type="text/javascript" src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script> +<script src="{T_JQUERY_LINK}"></script> +<!-- IF S_ALLOW_CDN --><script>window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery.min.js?assets_version={T_ASSETS_VERSION}">\x3C/script>');</script><!-- ENDIF --> +<script src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script> <!-- EVENT acp_simple_footer_after --> {$SCRIPTS} diff --git a/phpBB/adm/style/simple_header.html b/phpBB/adm/style/simple_header.html index 439645a211..a8a32bf768 100644 --- a/phpBB/adm/style/simple_header.html +++ b/phpBB/adm/style/simple_header.html @@ -9,7 +9,7 @@ <link href="style/admin.css?assets_version={T_ASSETS_VERSION}" rel="stylesheet" type="text/css" media="screen" /> -<script type="text/javascript"> +<script> // <![CDATA[ var jump_page = '{LA_JUMP_PAGE}{L_COLON}'; var on_page = '{CURRENT_PAGE}'; diff --git a/phpBB/assets/javascript/editor.js b/phpBB/assets/javascript/editor.js index 23244f5a40..24cbc09f58 100644 --- a/phpBB/assets/javascript/editor.js +++ b/phpBB/assets/javascript/editor.js @@ -18,16 +18,9 @@ var is_win = ((clientPC.indexOf('win') !== -1) || (clientPC.indexOf('16bit') !== var baseHeight; /** -* Shows the help messages in the helpline window -*/ -function helpline(help) { - document.forms[form_name].helpbox.value = help_line[help]; -} - -/** * Fix a bug involving the TextRange object. From * http://www.frostjedi.com/terra/scripts/demo/caretBug.html -*/ +*/ function initInsertions() { var doc; @@ -104,8 +97,8 @@ function bbfontstyle(bbopen, bbclose) { } // IE else if (document.selection) { - var range = textarea.createTextRange(); - range.move("character", new_pos); + var range = textarea.createTextRange(); + range.move("character", new_pos); range.select(); storeCaret(textarea); } diff --git a/phpBB/assets/javascript/plupload.js b/phpBB/assets/javascript/plupload.js index fab1ca6d7c..8c52aae819 100644 --- a/phpBB/assets/javascript/plupload.js +++ b/phpBB/assets/javascript/plupload.js @@ -90,6 +90,12 @@ phpbb.plupload.getSerializedData = function() { obj['attachment_data[' + i + '][' + key + ']'] = datum[key]; } } + + // Insert form data + var $pluploadForm = $(phpbb.plupload.config.form_hook).first(); + obj.creation_time = $pluploadForm.find('input[type=hidden][name="creation_time"]').val(); + obj.form_token = $pluploadForm.find('input[type=hidden][name="form_token"]').val(); + return obj; }; @@ -264,6 +270,17 @@ phpbb.plupload.deleteFile = function(row, attachId) { return; } + + // Handle errors while deleting file + if (typeof response.error !== 'undefined') { + phpbb.alert(phpbb.plupload.lang.ERROR, response.error.message); + + // We will have to assume that the deletion failed. So leave the file status as uploaded. + row.find('.file-status').toggleClass('file-uploaded'); + + return; + } + phpbb.plupload.update(response, 'removal', index); // Check if the user can upload files now if he had reached the max files limit. phpbb.plupload.handleMaxFilesReached(); @@ -446,6 +463,44 @@ phpbb.plupload.fileError = function(file, error) { phpbb.plupload.uploader = new plupload.Uploader(phpbb.plupload.config); phpbb.plupload.initialize(); +/** + * Add a file filter to check for max file sizes per mime type. + */ +plupload.addFileFilter('mime_types_max_file_size', function(types, file, callback) { + if (file.size !== 'undefined') { + $(types).each(function(i, type) { + let extensions = [], + extsArray = type.extensions.split(','); + + $(extsArray).each(function(i, extension) { + /^\s*\*\s*$/.test(extension) ? extensions.push("\\.*") : extensions.push("\\." + extension.replace(new RegExp("[" + "/^$.*+?|()[]{}\\".replace(/./g, "\\$&") + "]", "g"), "\\$&")); + }); + + let regex = new RegExp("(" + extensions.join("|") + ")$", "i"); + + if (regex.test(file.name)) { + if (type.max_file_size !== 'undefined' && type.max_file_size) { + if (file.size > type.max_file_size) { + phpbb.plupload.uploader.trigger('Error', { + code: plupload.FILE_SIZE_ERROR, + message: plupload.translate('File size error.'), + file: file + }); + + callback(false); + } else { + callback(true); + } + } else { + callback(true); + } + + return false; + } + }); + } +}); + var $fileList = $('#file-list'); /** diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index dc68e62f49..06cdb37b56 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -50,6 +50,7 @@ <ol> <li><a href="#changelog">Changelog</a> <ul> + <li><a href="#v328rc1">Changes since 3.2.8-RC1</a></li> <li><a href="#v327">Changes since 3.2.7</a></li> <li><a href="#v326">Changes since 3.2.6</a></li> <li><a href="#v326rc1">Changes since 3.2.6-RC1</a></li> @@ -139,6 +140,28 @@ <div class="inner"> <div class="content"> + <a name="v328rc1"></a><h3>Changes since 3.2.8-RC1</h3> + <h4>Bug</h4> + <ul> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15467">PHPBB3-15467</a>] - Permission settings do not take affect when set using All YES/NO/NEVER</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16123">PHPBB3-16123</a>] - PHP error (Array to string conversion) on new user registration if email address is banned and " Reason shown to the banned" is empty</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16136">PHPBB3-16136</a>] - Missing word in 'AUTH_PROVIDER_OAUTH_ERROR_ALREADY_LINKED' </li> + </ul> + <h4>Improvement</h4> + <ul> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16134">PHPBB3-16134</a>] - Exclude group leaders on group member purge</li> + </ul> + <h4>Security Issue</h4> + <ul> + <li>[SECURITY-243] - CSS injection via BBCode tag</li> + <li>[SECURITY-244] - Missing form token check when handling attachments</li> + <li>[SECURITY-246] - Missing form token check when managing BBCodes</li> + </ul> + <h4>Hardening</h4> + <ul> + <li>[SECURITY-247] - Disable MySQLi local infile to prevent local file inclusion</li> + </ul> + <a name="v327"></a><h3>Changes since 3.2.7</h3> <h4>Bug</h4> <ul> @@ -193,7 +216,6 @@ <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16078">PHPBB3-16078</a>] - Use chrome webdriver for UI tests</li> <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16089">PHPBB3-16089</a>] - Add core.confirm_box_ajax_before</li> <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16097">PHPBB3-16097</a>] - Add core.viewtopic_gen_sort_selects_before</li> - <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16101">PHPBB3-16101</a>] - Add Referrer-Policy header</li> <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16102">PHPBB3-16102</a>] - Add core.posting_modify_post_subject</li> <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16103">PHPBB3-16103</a>] - Add core.pm_modify_message_subject</li> <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16106">PHPBB3-16106</a>] - Add core.mcp_main_before</li> @@ -212,6 +234,10 @@ <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16112">PHPBB3-16112</a>] - Update composer dependencies to latest</li> <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16119">PHPBB3-16119</a>] - The text input for poll question has a too high maxlength attribute</li> </ul> + <h4>Hardening</h4> + <ul> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16101">PHPBB3-16101</a>] - Add Referrer-Policy header</li> + </ul> <a name="v326"></a><h3>Changes since 3.2.6</h3> <h4>Bug</h4> diff --git a/phpBB/docs/CREDITS.txt b/phpBB/docs/CREDITS.txt index 90e9a31127..596f4545fa 100644 --- a/phpBB/docs/CREDITS.txt +++ b/phpBB/docs/CREDITS.txt @@ -1,7 +1,7 @@ /** * -* phpBB © Copyright phpBB Limited 2003-2016 -* http://www.phpbb.com +* phpBB © Copyright phpBB Limited 2003-2019 +* https://www.phpbb.com * * phpBB is free software. You can redistribute it and/or modify it * under the terms of the GNU General Public License, version 2 (GPL-2.0) @@ -27,7 +27,6 @@ phpBB Developers: bantu (Andreas Fischer) Derky (Derk Ruitenbeek) Elsensee (Oliver Schramm) Hanakin (Michael Miday) - MichaelC (Michael Cullum) Nicofuma (Tristan Darricau) rubencm (RubĂ©n Calvo) @@ -63,6 +62,7 @@ phpBB Developers: A_Jelly_Doughnut (Josh Woody) [01/2010 - 11/2010] igorw (Igor Wiedler) [08/2010 - 02/2013] imkingdavid (David King) [11/2012 - 06/2014] kellanved (Henry Sudhof) [04/2007 - 03/2011] + MichaelC (Michael Cullum) [11/2017 - 09/2019] nickvergessen (Joas Schilling)[04/2010 - 12/2015] Oleg (Oleg Pudeyev) [01/2011 - 05/2013] prototech (Cesar Gallegos) [01/2014 - 12/2016] diff --git a/phpBB/docs/events.md b/phpBB/docs/events.md index 467b03e8f3..bfe26b4951 100644 --- a/phpBB/docs/events.md +++ b/phpBB/docs/events.md @@ -172,6 +172,18 @@ acp_group_options_before * Since: 3.1.0-b4 * Purpose: Add additional options to group settings (before GROUP_FOUNDER_MANAGE) +acp_group_types_append +=== +* Location: adm/style/acp_groups.html +* Since: 3.2.9-RC1 +* Purpose: Add additional group type options to group settings (append the list) + +acp_group_types_prepend +=== +* Location: adm/style/acp_groups.html +* Since: 3.2.9-RC1 +* Purpose: Add additional group type options to group settings (prepend the list) + acp_groups_find_username_append === * Location: adm/style/acp_groups.html @@ -2634,6 +2646,13 @@ ucp_profile_profile_info_before * Since: 3.1.4-RC1 * Purpose: Add options in profile page fieldset - before jabber field. +ucp_profile_profile_info_birthday_label_append +=== +* Locations: + + styles/prosilver/template/ucp_profile_profile_info.html +* Since: 3.2.9-RC1 +* Purpose: Add more text to birthday label, such as required asterisk + ucp_profile_register_details_after === * Locations: diff --git a/phpBB/includes/acp/acp_bbcodes.php b/phpBB/includes/acp/acp_bbcodes.php index 1f7374a07f..bd8df6a63b 100644 --- a/phpBB/includes/acp/acp_bbcodes.php +++ b/phpBB/includes/acp/acp_bbcodes.php @@ -33,7 +33,6 @@ class acp_bbcodes // Set up general vars $action = $request->variable('action', ''); $bbcode_id = $request->variable('bbcode', 0); - $submit = $request->is_set_post('submit'); $this->tpl_name = 'acp_bbcodes'; $this->page_title = 'ACP_BBCODES'; @@ -41,11 +40,6 @@ class acp_bbcodes add_form_key($form_key); - if ($submit && !check_form_key($form_key)) - { - trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); - } - // Set up mode-specific vars switch ($action) { @@ -179,6 +173,12 @@ class acp_bbcodes extract($phpbb_dispatcher->trigger_event('core.acp_bbcodes_modify_create', compact($vars))); $warn_text = preg_match('%<[^>]*\{text[\d]*\}[^>]*>%i', $bbcode_tpl); + + if (!$warn_text && !check_form_key($form_key)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + if (!$warn_text || confirm_box(true)) { $data = $this->build_regexp($bbcode_match, $bbcode_tpl); @@ -211,11 +211,6 @@ class acp_bbcodes $test = $data['bbcode_tag']; } - if (!preg_match('%\\[' . $test . '[^]]*].*?\\[/' . $test . ']%s', $bbcode_match)) - { - trigger_error($user->lang['BBCODE_OPEN_ENDED_TAG'] . adm_back_link($this->u_action), E_USER_WARNING); - } - if (strlen($data['bbcode_tag']) > 16) { trigger_error($user->lang['BBCODE_TAG_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING); diff --git a/phpBB/includes/acp/acp_forums.php b/phpBB/includes/acp/acp_forums.php index cb0593b14a..22c775b7c3 100644 --- a/phpBB/includes/acp/acp_forums.php +++ b/phpBB/includes/acp/acp_forums.php @@ -986,10 +986,20 @@ class acp_forums $errors[] = $user->lang['FORUM_NAME_EMPTY']; } - // No Emojis + /** + * Replace Emojis and other 4bit UTF-8 chars not allowed by MySql to UCR / NCR. + * Using their Numeric Character Reference's Hexadecimal notation. + */ + $forum_data_ary['forum_name'] = utf8_encode_ucr($forum_data_ary['forum_name']); + + /** + * This should never happen again. + * Leaving the fallback here just in case there will be the need of it. + */ if (preg_match_all('/[\x{10000}-\x{10FFFF}]/u', $forum_data_ary['forum_name'], $matches)) { $character_list = implode('<br>', $matches[0]); + $errors[] = $user->lang('FORUM_NAME_EMOJI', $character_list); } @@ -1423,8 +1433,8 @@ class acp_forums * This event may be triggered, when a forum is deleted * * @event core.acp_manage_forums_move_children - * @var int from_id If of the current parent forum - * @var int to_id If of the new parent forum + * @var int from_id Id of the current parent forum + * @var int to_id Id of the new parent forum * @var array errors Array of errors, should be strings and not * language key. * @since 3.1.0-a1 @@ -1529,8 +1539,8 @@ class acp_forums * Event when we move content from one forum to another * * @event core.acp_manage_forums_move_content - * @var int from_id If of the current parent forum - * @var int to_id If of the new parent forum + * @var int from_id Id of the current parent forum + * @var int to_id Id of the new parent forum * @var bool sync Shall we sync the "to"-forum's data * @var array errors Array of errors, should be strings and not * language key. If this array is not empty, @@ -1576,6 +1586,19 @@ class acp_forums $db->sql_query($sql); } + /** + * Event when content has been moved from one forum to another + * + * @event core.acp_manage_forums_move_content_after + * @var int from_id Id of the current parent forum + * @var int to_id Id of the new parent forum + * @var bool sync Shall we sync the "to"-forum's data + * + * @since 3.2.9-RC1 + */ + $vars = array('from_id', 'to_id', 'sync'); + extract($phpbb_dispatcher->trigger_event('core.acp_manage_forums_move_content_after', compact($vars))); + if ($sync) { // Delete ghost topics that link back to the same forum then resync counters diff --git a/phpBB/includes/acp/acp_prune.php b/phpBB/includes/acp/acp_prune.php index 3eee4f7922..c5f7789de8 100644 --- a/phpBB/includes/acp/acp_prune.php +++ b/phpBB/includes/acp/acp_prune.php @@ -537,6 +537,7 @@ class acp_prune AND ug.user_id <> ' . ANONYMOUS . ' AND u.user_type <> ' . USER_FOUNDER . ' AND ug.user_pending = 0 + AND ug.group_leader = 0 AND u.user_id = ug.user_id ' . (!empty($user_ids) ? ' AND ' . $db->sql_in_set('ug.user_id', $user_ids) : ''); $result = $db->sql_query($sql); diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php index c19d48b0be..cc82fdbda3 100644 --- a/phpBB/includes/functions_admin.php +++ b/phpBB/includes/functions_admin.php @@ -543,6 +543,20 @@ function move_topics($topic_ids, $forum_id, $auto_sync = true) $topic_ids = array($topic_ids); } + /** + * Perform additional actions before topics move + * + * @event core.move_topics_before + * @var array topic_ids Array of the moved topic ids + * @var string forum_id The forum id from where the topics are moved + * @since 3.2.9-RC1 + */ + $vars = array( + 'topic_ids', + 'forum_id', + ); + extract($phpbb_dispatcher->trigger_event('core.move_topics_before', compact($vars))); + $sql = 'DELETE FROM ' . TOPICS_TABLE . ' WHERE ' . $db->sql_in_set('topic_moved_id', $topic_ids) . ' AND forum_id = ' . $forum_id; @@ -593,6 +607,22 @@ function move_topics($topic_ids, $forum_id, $auto_sync = true) } unset($table_ary); + /** + * Perform additional actions after topics move + * + * @event core.move_topics_after + * @var array topic_ids Array of the moved topic ids + * @var string forum_id The forum id from where the topics were moved + * @var array forum_ids Array of the forums where the topics were moved (includes also forum_id) + * @since 3.2.9-RC1 + */ + $vars = array( + 'topic_ids', + 'forum_id', + 'forum_ids', + ); + extract($phpbb_dispatcher->trigger_event('core.move_topics_after', compact($vars))); + if ($auto_sync) { sync('forum', 'forum_id', $forum_ids, true, true); diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php index 3a2f4a7249..e4adce14fc 100644 --- a/phpBB/includes/functions_display.php +++ b/phpBB/includes/functions_display.php @@ -70,7 +70,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod $data = array( 'NO_UNREAD_POSTS' => $user->lang['NO_UNREAD_POSTS'], 'UNREAD_POSTS' => $user->lang['UNREAD_POSTS'], - 'U_MARK_FORUMS' => ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}index.$phpEx", 'hash=' . generate_link_hash('global') . '&mark=forums&mark_time=' . time()) : '', + 'U_MARK_FORUMS' => ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}index.$phpEx", 'hash=' . generate_link_hash('global') . '&mark=forums&mark_time=' . time(), false) : '', 'MESSAGE_TITLE' => $user->lang['INFORMATION'], 'MESSAGE_TEXT' => $user->lang['FORUMS_MARKED'] ); @@ -355,7 +355,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod $data = array( 'NO_UNREAD_POSTS' => $user->lang['NO_UNREAD_POSTS'], 'UNREAD_POSTS' => $user->lang['UNREAD_POSTS'], - 'U_MARK_FORUMS' => ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'hash=' . generate_link_hash('global') . '&f=' . $root_data['forum_id'] . '&mark=forums&mark_time=' . time()) : '', + 'U_MARK_FORUMS' => ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'hash=' . generate_link_hash('global') . '&f=' . $root_data['forum_id'] . '&mark=forums&mark_time=' . time(), false) : '', 'MESSAGE_TITLE' => $user->lang['INFORMATION'], 'MESSAGE_TEXT' => $user->lang['FORUMS_MARKED'] ); @@ -548,11 +548,12 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod $last_post_subject = $last_post_subject_truncated = ''; } $last_post_time = $user->format_date($row['forum_last_post_time']); + $last_post_time_rfc3339 = gmdate(DATE_RFC3339, $row['forum_last_post_time']); $last_post_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id_last_post'] . '&p=' . $row['forum_last_post_id']) . '#p' . $row['forum_last_post_id']; } else { - $last_post_subject = $last_post_time = $last_post_url = $last_post_subject_truncated = ''; + $last_post_subject = $last_post_time = $last_post_time_rfc3339 = $last_post_url = $last_post_subject_truncated = ''; } // Output moderator listing ... if applicable @@ -623,6 +624,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod 'LAST_POST_SUBJECT' => $last_post_subject, 'LAST_POST_SUBJECT_TRUNCATED' => $last_post_subject_truncated, 'LAST_POST_TIME' => $last_post_time, + 'LAST_POST_TIME_RFC3339'=> $last_post_time_rfc3339, 'LAST_POSTER' => get_username_string('username', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']), 'LAST_POSTER_COLOUR' => get_username_string('colour', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']), 'LAST_POSTER_FULL' => get_username_string('full', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']), @@ -1118,7 +1120,6 @@ function display_custom_bbcodes() 'BBCODE_TAG' => $row['bbcode_tag'], 'BBCODE_TAG_CLEAN' => str_replace('=', '-', $row['bbcode_tag']), 'BBCODE_HELPLINE' => $row['bbcode_helpline'], - 'A_BBCODE_HELPLINE' => str_replace(array('&', '"', "'", '<', '>'), array('&', '"', "\'", '<', '>'), $row['bbcode_helpline']), ); /** diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index 2cce77e092..1956f65666 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -52,9 +52,29 @@ function generate_smilies($mode, $forum_id) page_header($user->lang['SMILIES']); - $sql = 'SELECT COUNT(smiley_id) AS item_count - FROM ' . SMILIES_TABLE . ' - GROUP BY smiley_url'; + $sql_ary = [ + 'SELECT' => 'COUNT(s.smiley_id) AS item_count', + 'FROM' => [ + SMILIES_TABLE => 's', + ], + 'GROUP_BY' => 's.smiley_url', + ]; + + /** + * Modify SQL query that fetches the total number of smilies in window mode + * + * @event core.generate_smilies_count_sql_before + * @var int forum_id Forum where smilies are generated + * @var array sql_ary Array with the SQL query + * @since 3.2.9-RC1 + */ + $vars = [ + 'forum_id', + 'sql_ary', + ]; + extract($phpbb_dispatcher->trigger_event('core.generate_smilies_count_sql_before', compact($vars))); + + $sql = $db->sql_build_query('SELECT', $sql_ary); $result = $db->sql_query($sql, 3600); $smiley_count = 0; @@ -114,6 +134,22 @@ function generate_smilies($mode, $forum_id) } $db->sql_freeresult($result); + /** + * Modify smilies before they are assigned to the template + * + * @event core.generate_smilies_modify_rowset + * @var string mode Smiley mode, either window or inline + * @var int forum_id Forum where smilies are generated + * @var array smilies Smiley rows fetched from the database + * @since 3.2.9-RC1 + */ + $vars = [ + 'mode', + 'forum_id', + 'smilies', + ]; + extract($phpbb_dispatcher->trigger_event('core.generate_smilies_modify_rowset', compact($vars))); + if (count($smilies)) { $root_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? generate_board_url() . '/' : $phpbb_path_helper->get_web_root_path(); diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 3bf4aa16b7..e0b6a9d0c6 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1945,9 +1945,10 @@ function validate_user_email($email, $allowed_email = false) return $validate_email; } - if (($ban = $user->check_ban(false, false, $email, true)) !== false) + $ban = $user->check_ban(false, false, $email, true); + if (!empty($ban)) { - return ($ban === true) ? 'EMAIL_BANNED' : (!empty($ban['ban_give_reason']) ? $ban['ban_give_reason'] : $ban); + return !empty($ban['ban_give_reason']) ? $ban['ban_give_reason'] : 'EMAIL_BANNED'; } if (!$config['allow_emailreuse']) diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index 0b79cca864..e1c28223dc 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -1525,6 +1525,35 @@ class parse_message extends bbcode_firstpass } /** + * Check attachment form token depending on submit type + * + * @param \phpbb\language\language $language Language + * @param \phpbb\request\request_interface $request Request + * @param string $form_name Form name for checking form key + * + * @return bool True if form token is not needed or valid, false if needed and invalid + */ + function check_attachment_form_token(\phpbb\language\language $language, \phpbb\request\request_interface $request, $form_name) + { + $add_file = $request->is_set_post('add_file'); + $delete_file = $request->is_set_post('delete_file'); + + if (($add_file || $delete_file) && !check_form_key($form_name)) + { + $this->warn_msg[] = $language->lang('FORM_INVALID'); + + if ($request->is_ajax() && $this->plupload) + { + $this->plupload->emit_error(-400, 'FORM_INVALID'); + } + + return false; + } + + return true; + } + + /** * Parse Attachments */ function parse_attachments($form_name, $mode, $forum_id, $submit, $preview, $refresh, $is_message = false) diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index cb45112b01..06baa279a5 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -26,7 +26,7 @@ if (!defined('IN_PHPBB')) function compose_pm($id, $mode, $action, $user_folders = array()) { global $template, $db, $auth, $user, $cache; - global $phpbb_root_path, $phpEx, $config; + global $phpbb_root_path, $phpEx, $config, $language; global $request, $phpbb_dispatcher, $phpbb_container; // Damn php and globals - i know, this is horrible @@ -799,7 +799,10 @@ function compose_pm($id, $mode, $action, $user_folders = array()) extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_modify_parse_before', compact($vars))); // Parse Attachments - before checksum is calculated - $message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true); + if ($message_parser->check_attachment_form_token($language, $request, 'ucp_pm_compose')) + { + $message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true); + } if (count($message_parser->warn_msg) && !($remove_u || $remove_g || $add_to || $add_bcc)) { diff --git a/phpBB/includes/utf/utf_tools.php b/phpBB/includes/utf/utf_tools.php index 89de454427..bb155aeae5 100644 --- a/phpBB/includes/utf/utf_tools.php +++ b/phpBB/includes/utf/utf_tools.php @@ -418,24 +418,43 @@ function utf8_recode($string, $encoding) } /** -* Replace all UTF-8 chars that are not in ASCII with their NCR -* -* @param string $text UTF-8 string in NFC -* @return string ASCII string using NCRs for non-ASCII chars -*/ + * Replace some special UTF-8 chars that are not in ASCII with their UCR. + * using their Numeric Character Reference's Hexadecimal notation. + * + * Doesn't interfere with Japanese or Cyrillic etc. + * Unicode character visualization will depend on the character support + * of your web browser and the fonts installed on your system. + * + * @see https://en.wikibooks.org/wiki/Unicode/Character_reference/1F000-1FFFF + * + * @param string $text UTF-8 string in NFC + * @return string ASCII string using NCR for non-ASCII chars + */ +function utf8_encode_ucr($text) +{ + return preg_replace_callback('/[\\xF0-\\xF4].../', 'utf8_encode_ncr_callback', $text); +} + +/** + * Replace all UTF-8 chars that are not in ASCII with their NCR + * using their Numeric Character Reference's Hexadecimal notation. + * + * @param string $text UTF-8 string in NFC + * @return string ASCII string using NCRs for non-ASCII chars + */ function utf8_encode_ncr($text) { return preg_replace_callback('#[\\xC2-\\xF4][\\x80-\\xBF]{1,3}#', 'utf8_encode_ncr_callback', $text); } /** -* Callback used in encode_ncr() -* -* Takes a UTF-8 char and replaces it with its NCR. Attention, $m is an array -* -* @param array $m 0-based numerically indexed array passed by preg_replace_callback() -* @return string A HTML NCR if the character is valid, or the original string otherwise -*/ + * Callback used in utf8_encode_ncr() and utf8_encode_ucr() + * + * Takes a UTF-8 char and replaces it with its NCR. Attention, $m is an array + * + * @param array $m 0-based numerically indexed array passed by preg_replace_callback() + * @return string A HTML NCR if the character is valid, or the original string otherwise + */ function utf8_encode_ncr_callback($m) { return '&#' . utf8_ord($m[0]) . ';'; diff --git a/phpBB/install/phpbbcli.php b/phpBB/install/phpbbcli.php index 7659b13f56..ddf17fa5f6 100755 --- a/phpBB/install/phpbbcli.php +++ b/phpBB/install/phpbbcli.php @@ -23,7 +23,7 @@ if (php_sapi_name() !== 'cli') define('IN_PHPBB', true); define('IN_INSTALL', true); define('PHPBB_ENVIRONMENT', 'production'); -define('PHPBB_VERSION', '3.2.8-RC1'); +define('PHPBB_VERSION', '3.2.8'); $phpbb_root_path = __DIR__ . '/../'; $phpEx = substr(strrchr(__FILE__, '.'), 1); diff --git a/phpBB/language/en/acp/posting.php b/phpBB/language/en/acp/posting.php index 119ad2d7e9..1667aa6011 100644 --- a/phpBB/language/en/acp/posting.php +++ b/phpBB/language/en/acp/posting.php @@ -56,7 +56,6 @@ $lang = array_merge($lang, array( 'BBCODE_INVALID_TAG_NAME' => 'The BBCode tag name that you selected already exists.', 'BBCODE_INVALID' => 'Your BBCode is constructed in an invalid form.', - 'BBCODE_OPEN_ENDED_TAG' => 'Your custom BBCode must contain both an opening and a closing tag.', 'BBCODE_TAG' => 'Tag', 'BBCODE_TAG_TOO_LONG' => 'The tag name you selected is too long.', 'BBCODE_TAG_DEF_TOO_LONG' => 'The tag definition that you have entered is too long, please shorten your tag definition.', @@ -78,13 +77,13 @@ $lang = array_merge($lang, array( 'TOO_MANY_BBCODES' => 'You cannot create any more BBCodes. Please remove one or more BBCodes then try again.', 'tokens' => array( - 'TEXT' => 'Any text, including foreign characters, numbers, etc… You should not use this token in HTML tags. Instead try to use IDENTIFIER, INTTEXT or SIMPLETEXT.', + 'TEXT' => 'Any text, including foreign characters, numbers, etc…', 'SIMPLETEXT' => 'Characters from the latin alphabet (A-Z), numbers, spaces, commas, dots, minus, plus, hyphen and underscore', 'INTTEXT' => 'Unicode letter characters, numbers, spaces, commas, dots, minus, plus, hyphen, underscore and whitespaces.', 'IDENTIFIER' => 'Characters from the latin alphabet (A-Z), numbers, hyphen and underscore', 'NUMBER' => 'Any series of digits', 'EMAIL' => 'A valid email address', - 'URL' => 'A valid URL using any protocol (http, ftp, etc… cannot be used for javascript exploits). If none is given, “http://” is prefixed to the string.', + 'URL' => 'A valid URL using any allowed protocol (http, ftp, etc… cannot be used for javascript exploits). If none is given, “http://” is prefixed to the string.', 'LOCAL_URL' => 'A local URL. The URL must be relative to the topic page and cannot contain a server name or protocol, as links are prefixed with “%s”', 'RELATIVE_URL' => 'A relative URL. You can use this to match parts of a URL, but be careful: a full URL is a valid relative URL. When you want to use relative URLs of your board, use the LOCAL_URL token.', 'COLOR' => 'A HTML colour, can be either in the numeric form <samp>#FF1234</samp> or a <a href="http://www.w3.org/TR/CSS21/syndata.html#value-def-color">CSS colour keyword</a> such as <samp>fuchsia</samp> or <samp>InactiveBorder</samp>', diff --git a/phpBB/language/en/common.php b/phpBB/language/en/common.php index 8df8fc630b..3ba63746c8 100644 --- a/phpBB/language/en/common.php +++ b/phpBB/language/en/common.php @@ -91,7 +91,7 @@ $lang = array_merge($lang, array( 'ATTACHED_IMAGE_NOT_IMAGE' => 'The image file you tried to attach is invalid.', 'AUTHOR' => 'Author', 'AUTH_NO_PROFILE_CREATED' => 'The creation of a user profile was unsuccessful.', - 'AUTH_PROVIDER_OAUTH_ERROR_ALREADY_LINKED' => 'The account is already linked with other user.', + 'AUTH_PROVIDER_OAUTH_ERROR_ALREADY_LINKED' => 'This external service is already associated with another board account.', 'AUTH_PROVIDER_OAUTH_ERROR_INVALID_ENTRY' => 'Invalid database entry.', 'AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE' => 'Invalid service type provided to OAuth service handler.', 'AUTH_PROVIDER_OAUTH_ERROR_SERVICE_NOT_CREATED' => 'OAuth service not created', @@ -519,7 +519,7 @@ $lang = array_merge($lang, array( 'NO_POSTS_TIME_FRAME' => 'No posts exist inside this topic for the selected time frame.', 'NO_FEED_ENABLED' => 'Feeds are not available on this board.', 'NO_FEED' => 'The requested feed is not available.', - 'NO_STYLE_DATA' => 'Could not get style data', + 'NO_STYLE_DATA' => 'Could not get style data for user_style %s and set for user_id %s', 'NO_STYLE_CFG' => 'Could not get the style configuration file for: %s', 'NO_SUBJECT' => 'No subject specified', // Used for posts having no subject defined but displayed within management pages. 'NO_SUCH_SEARCH_MODULE' => 'The specified search backend doesn’t exist.', diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index ce7159c150..1343bd7c60 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -1675,7 +1675,7 @@ switch ($mode) } // do we need to display contact fields as such - $use_contact_fields = false; + $use_contact_fields = true; /** * Modify list of users before member row is created diff --git a/phpBB/phpbb/auth/provider/oauth/oauth.php b/phpBB/phpbb/auth/provider/oauth/oauth.php index 0d94acfbca..e3f8394bba 100644 --- a/phpBB/phpbb/auth/provider/oauth/oauth.php +++ b/phpBB/phpbb/auth/provider/oauth/oauth.php @@ -216,10 +216,15 @@ class oauth extends \phpbb\auth\provider\base $this->service_providers[$service_name]->set_external_service_provider($service); $unique_id = $this->service_providers[$service_name]->perform_auth_login(); - // Check to see if this provider is already assosciated with an account + /** + * Check to see if this provider is already associated with an account. + * + * Enforcing a data type to make data contains strings and not integers, + * so values are quoted in the SQL WHERE statement. + */ $data = array( - 'provider' => $service_name_original, - 'oauth_provider_id' => $unique_id + 'provider' => (string) $service_name_original, + 'oauth_provider_id' => (string) $unique_id ); $sql = 'SELECT user_id FROM ' . $this->auth_provider_oauth_token_account_assoc . ' diff --git a/phpBB/phpbb/db/driver/mysqli.php b/phpBB/phpbb/db/driver/mysqli.php index d43e201526..b429ad97aa 100644 --- a/phpBB/phpbb/db/driver/mysqli.php +++ b/phpBB/phpbb/db/driver/mysqli.php @@ -68,6 +68,9 @@ class mysqli extends \phpbb\db\driver\mysql_base if ($this->db_connect_id && $this->dbname != '') { + // Disable loading local files on client side + @mysqli_options($this->db_connect_id, MYSQLI_OPT_LOCAL_INFILE, false); + @mysqli_query($this->db_connect_id, "SET NAMES 'utf8'"); // enforce strict mode on databases that support it diff --git a/phpBB/phpbb/db/migration/data/v32x/v328.php b/phpBB/phpbb/db/migration/data/v32x/v328.php new file mode 100644 index 0000000000..28ff2c7033 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v32x/v328.php @@ -0,0 +1,36 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v32x; + +class v328 extends \phpbb\db\migration\migration +{ + public function effectively_installed() + { + return phpbb_version_compare($this->config['version'], '3.2.8', '>='); + } + + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v32x\v328rc1', + ); + } + + public function update_data() + { + return array( + array('config.update', array('version', '3.2.8')), + ); + } +} diff --git a/phpBB/phpbb/filesystem/filesystem.php b/phpBB/phpbb/filesystem/filesystem.php index bfafdf5ddd..c5be284d8c 100644 --- a/phpBB/phpbb/filesystem/filesystem.php +++ b/phpBB/phpbb/filesystem/filesystem.php @@ -835,7 +835,7 @@ class filesystem implements filesystem_interface $current_path = $resolved_path . '/' . $path_part; // Resolve symlinks - if (is_link($current_path)) + if (@is_link($current_path)) { if (!function_exists('readlink')) { @@ -872,12 +872,12 @@ class filesystem implements filesystem_interface $resolved_path = false; } - else if (is_dir($current_path . '/')) + else if (@is_dir($current_path . '/')) { $resolved[] = $path_part; $resolved_path = $current_path; } - else if (is_file($current_path)) + else if (@is_file($current_path)) { $resolved[] = $path_part; $resolved_path = $current_path; diff --git a/phpBB/phpbb/message/form.php b/phpBB/phpbb/message/form.php index 63bada91ff..6573a04f8b 100644 --- a/phpBB/phpbb/message/form.php +++ b/phpBB/phpbb/message/form.php @@ -136,7 +136,7 @@ abstract class form { if (!check_form_key('memberlist_email')) { - $this->errors[] = 'FORM_INVALID'; + $this->errors[] = $this->user->lang('FORM_INVALID'); } if (!count($this->errors)) diff --git a/phpBB/phpbb/plupload/plupload.php b/phpBB/phpbb/plupload/plupload.php index eb698fb35d..5a5b8a1874 100644 --- a/phpBB/phpbb/plupload/plupload.php +++ b/phpBB/phpbb/plupload/plupload.php @@ -216,38 +216,36 @@ class plupload } /** - * Looks at the list of allowed extensions and generates a string - * appropriate for use in configuring plupload with - * - * @param \phpbb\cache\service $cache - * @param string $forum_id The ID of the forum - * - * @return string - */ + * Looks at the list of allowed extensions and generates a string + * appropriate for use in configuring plupload with + * + * @param \phpbb\cache\service $cache Cache service object + * @param string $forum_id The forum identifier + * + * @return string + */ public function generate_filter_string(\phpbb\cache\service $cache, $forum_id) { + $groups = []; + $filters = []; + $attach_extensions = $cache->obtain_attach_extensions($forum_id); unset($attach_extensions['_allowed_']); - $groups = array(); // Re-arrange the extension array to $groups[$group_name][] foreach ($attach_extensions as $extension => $extension_info) { - if (!isset($groups[$extension_info['group_name']])) - { - $groups[$extension_info['group_name']] = array(); - } - - $groups[$extension_info['group_name']][] = $extension; + $groups[$extension_info['group_name']]['extensions'][] = $extension; + $groups[$extension_info['group_name']]['max_file_size'] = (int) $extension_info['max_filesize']; } - $filters = array(); - foreach ($groups as $group => $extensions) + foreach ($groups as $group => $group_info) { $filters[] = sprintf( - "{title: '%s', extensions: '%s'}", + "{title: '%s', extensions: '%s', max_file_size: %s}", addslashes(ucfirst(strtolower($group))), - addslashes(implode(',', $extensions)) + addslashes(implode(',', $group_info['extensions'])), + $group_info['max_file_size'] ); } @@ -276,22 +274,37 @@ class plupload } /** - * Checks various php.ini values and the maximum file size to determine - * the maximum size chunks a file can be split up into for upload - * - * @return int - */ + * Checks various php.ini values to determine the maximum chunk + * size a file should be split into for upload. + * + * The intention is to calculate a value which reflects whatever + * the most restrictive limit is set to. And to then set the chunk + * size to half that value, to ensure any required transfer overhead + * and POST data remains well within the limit. Or, if all of the + * limits are set to unlimited, the chunk size will also be unlimited. + * + * @return int + * + * @access public + */ public function get_chunk_size() { - $max = min( + $max = 0; + + $limits = [ + $this->php_ini->getBytes('memory_limit'), $this->php_ini->getBytes('upload_max_filesize'), $this->php_ini->getBytes('post_max_size'), - max(1, $this->php_ini->getBytes('memory_limit')), - $this->config['max_filesize'] - ); + ]; + + foreach ($limits as $limit_type) + { + if ($limit_type > 0) + { + $max = ($max !== 0) ? min($limit_type, $max) : $limit_type; + } + } - // Use half of the maximum possible to leave plenty of room for other - // POST data. return floor($max / 2); } diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php index 31f32af7c4..cc5a1b8f8f 100644 --- a/phpBB/phpbb/session.php +++ b/phpBB/phpbb/session.php @@ -1077,7 +1077,7 @@ class session */ function set_cookie($name, $cookiedata, $cookietime, $httponly = true) { - global $config; + global $config, $phpbb_dispatcher; // If headers are already set, we just return if (headers_sent()) @@ -1085,6 +1085,32 @@ class session return; } + $disable_cookie = false; + /** + * Event to modify or disable setting cookies + * + * @event core.set_cookie + * @var bool disable_cookie Set to true to disable setting this cookie + * @var string name Name of the cookie + * @var string cookiedata The data to hold within the cookie + * @var int cookietime The expiration time as UNIX timestamp + * @var bool httponly Use HttpOnly? + * @since 3.2.9-RC1 + */ + $vars = array( + 'disable_cookie', + 'name', + 'cookiedata', + 'cookietime', + 'httponly', + ); + extract($phpbb_dispatcher->trigger_event('core.set_cookie', compact($vars))); + + if ($disable_cookie) + { + return; + } + $name_data = rawurlencode($config['cookie_name'] . '_' . $name) . '=' . rawurlencode($cookiedata); $expire = gmdate('D, d-M-Y H:i:s \\G\\M\\T', $cookietime); $domain = (!$config['cookie_domain'] || $config['cookie_domain'] == '127.0.0.1' || strpos($config['cookie_domain'], '.') === false) ? '' : '; domain=' . $config['cookie_domain']; diff --git a/phpBB/phpbb/textformatter/s9e/factory.php b/phpBB/phpbb/textformatter/s9e/factory.php index 6191b9a315..dca1c78d40 100644 --- a/phpBB/phpbb/textformatter/s9e/factory.php +++ b/phpBB/phpbb/textformatter/s9e/factory.php @@ -110,7 +110,7 @@ class factory implements \phpbb\textformatter\cache_interface 'i' => '<span style="font-style: italic"><xsl:apply-templates/></span>', 'u' => '<span style="text-decoration: underline"><xsl:apply-templates/></span>', 'img' => '<img src="{IMAGEURL}" class="postimage" alt="{L_IMAGE}"/>', - 'size' => '<span style="font-size: {FONTSIZE}%; line-height: normal"><xsl:apply-templates/></span>', + 'size' => '<span><xsl:attribute name="style"><xsl:text>font-size: </xsl:text><xsl:value-of select="substring(@size, 1, 4)"/><xsl:text>%; line-height: normal</xsl:text></xsl:attribute><xsl:apply-templates/></span>', 'color' => '<span style="color: {COLOR}"><xsl:apply-templates/></span>', 'email' => '<a> <xsl:attribute name="href"> diff --git a/phpBB/phpbb/textformatter/s9e/parser.php b/phpBB/phpbb/textformatter/s9e/parser.php index 3698dca224..a36fc63141 100644 --- a/phpBB/phpbb/textformatter/s9e/parser.php +++ b/phpBB/phpbb/textformatter/s9e/parser.php @@ -342,7 +342,7 @@ class parser implements \phpbb\textformatter\parser_interface return false; } - if ($size < 1) + if ($size < 1 || !is_numeric($size)) { return false; } diff --git a/phpBB/phpbb/user.php b/phpBB/phpbb/user.php index 7363290e11..9817e40edb 100644 --- a/phpBB/phpbb/user.php +++ b/phpBB/phpbb/user.php @@ -281,9 +281,43 @@ class user extends \phpbb\session $db->sql_freeresult($result); } + // Fallback to board's default style if (!$this->style) { - trigger_error('NO_STYLE_DATA', E_USER_ERROR); + // Verify default style exists in the database + $sql = 'SELECT style_id + FROM ' . STYLES_TABLE . ' + WHERE style_id = ' . (int) $config['default_style']; + $result = $db->sql_query($sql); + $style_id = (int) $db->sql_fetchfield('style_id'); + $db->sql_freeresult($result); + + if ($style_id > 0) + { + $db->sql_transaction('begin'); + + // Update $user row + $sql = 'SELECT * + FROM ' . STYLES_TABLE . ' + WHERE style_id = ' . (int) $config['default_style']; + $result = $db->sql_query($sql); + $this->style = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + // Update user style preference + $sql = 'UPDATE ' . USERS_TABLE . ' + SET user_style = ' . (int) $style_id . ' + WHERE user_id = ' . (int) $this->data['user_id']; + $db->sql_query($sql); + + $db->sql_transaction('commit'); + } + } + + // This should never happen + if (!$this->style) + { + trigger_error($this->language->lang('NO_STYLE_DATA', $this->data['user_style'], $this->data['user_id']), E_USER_ERROR); } // Now parse the cfg file and cache it diff --git a/phpBB/posting.php b/phpBB/posting.php index 11237bf050..5bba052a6a 100644 --- a/phpBB/posting.php +++ b/phpBB/posting.php @@ -974,7 +974,10 @@ if ($submit || $preview || $refresh) } // Parse Attachments - before checksum is calculated - $message_parser->parse_attachments('fileupload', $mode, $forum_id, $submit, $preview, $refresh); + if ($message_parser->check_attachment_form_token($language, $request, 'posting')) + { + $message_parser->parse_attachments('fileupload', $mode, $forum_id, $submit, $preview, $refresh); + } /** * This event allows you to modify message text before parsing diff --git a/phpBB/search.php b/phpBB/search.php index 97a8f320d4..64f6041371 100644 --- a/phpBB/search.php +++ b/phpBB/search.php @@ -1093,9 +1093,12 @@ if ($keywords || $author || $author_id || $search_id || $submit) 'TOPIC_AUTHOR_COLOUR' => get_username_string('colour', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']), 'TOPIC_AUTHOR_FULL' => get_username_string('full', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']), 'FIRST_POST_TIME' => $user->format_date($row['topic_time']), + 'FIRST_POST_TIME_RFC3339' => gmdate(DATE_RFC3339, $row['topic_time']), 'LAST_POST_SUBJECT' => $row['topic_last_post_subject'], 'LAST_POST_TIME' => $user->format_date($row['topic_last_post_time']), + 'LAST_POST_TIME_RFC3339' => gmdate(DATE_RFC3339, $row['topic_last_post_time']), 'LAST_VIEW_TIME' => $user->format_date($row['topic_last_view_time']), + 'LAST_VIEW_TIME_RFC3339' => gmdate(DATE_RFC3339, $row['topic_last_view_time']), 'LAST_POST_AUTHOR' => get_username_string('username', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), 'LAST_POST_AUTHOR_COLOUR' => get_username_string('colour', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), 'LAST_POST_AUTHOR_FULL' => get_username_string('full', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), diff --git a/phpBB/styles/prosilver/template/forumlist_body.html b/phpBB/styles/prosilver/template/forumlist_body.html index 8250a1fd07..4932860f8c 100644 --- a/phpBB/styles/prosilver/template/forumlist_body.html +++ b/phpBB/styles/prosilver/template/forumlist_body.html @@ -101,7 +101,7 @@ <i class="icon fa-external-link-square fa-fw icon-lightgray icon-md" aria-hidden="true"></i><span class="sr-only">{L_VIEW_LATEST_POST}</span> </a> <!-- ENDIF --> - <br />{forumrow.LAST_POST_TIME} + <br /><time datetime="{forumrow.LAST_POST_TIME_RFC3339}">{forumrow.LAST_POST_TIME}</time> <!-- ELSE --> {% if forumrow.U_UNAPPROVED_TOPICS %} {{ lang('TOPIC_UNAPPROVED_FORUM', forumrow.TOPICS) }} diff --git a/phpBB/styles/prosilver/template/mcp_topic.html b/phpBB/styles/prosilver/template/mcp_topic.html index 090e24041e..889cab8b83 100644 --- a/phpBB/styles/prosilver/template/mcp_topic.html +++ b/phpBB/styles/prosilver/template/mcp_topic.html @@ -118,7 +118,7 @@ <!-- EVENT mcp_topic_postrow_post_details_before --> <p class="author"> - <a href="#pr{postrow.POST_ID}" title="{postrow.MINI_POST}"> + <a href="{postrow.U_MINI_POST}" title="{postrow.MINI_POST}"> <i class="icon fa-file fa-fw icon-lightgray icon-tiny" aria-hidden="true"></i><span class="sr-only">{postrow.MINI_POST}</span> </a> {L_POSTED} {postrow.POST_DATE} {L_POST_BY_AUTHOR} {% EVENT mcp_topic_post_author_full_prepend %}<strong>{postrow.POST_AUTHOR_FULL}</strong>{% EVENT mcp_topic_post_author_full_append %}<!-- IF postrow.U_MCP_DETAILS --> [ <a href="{postrow.U_MCP_DETAILS}">{L_POST_DETAILS}</a> ]<!-- ENDIF --> </p> diff --git a/phpBB/styles/prosilver/template/memberlist_body.html b/phpBB/styles/prosilver/template/memberlist_body.html index 5f03ad99cc..b8ff092372 100644 --- a/phpBB/styles/prosilver/template/memberlist_body.html +++ b/phpBB/styles/prosilver/template/memberlist_body.html @@ -28,8 +28,13 @@ <p> <!-- IF AVATAR_IMG -->{AVATAR_IMG}<!-- ENDIF --> {% EVENT memberlist_body_group_rank_before %} - <!-- IF RANK_IMG -->{RANK_IMG}<!-- ENDIF --> - <!-- IF GROUP_RANK -->{GROUP_RANK}<!-- ENDIF --> + {% if RANK_IMG %}{{ RANK_IMG }}{% endif %} + {% if GROUP_RANK %} + {% if not RANK_IMG %} + {{ lang('GROUP_RANK') ~ lang('COLON') }} + {% endif %} + {{ GROUP_RANK }} + {% endif %} {% EVENT memberlist_body_group_rank_after %} </p> <!-- ELSE --> @@ -120,7 +125,13 @@ <tr class="<!-- IF memberrow.S_ROW_COUNT is even -->bg1<!-- ELSE -->bg2<!-- ENDIF --><!-- IF memberrow.S_INACTIVE --> inactive<!-- ENDIF -->"> <td><span class="rank-img"><!-- EVENT memberlist_body_rank_prepend --><!-- IF memberrow.RANK_IMG -->{memberrow.RANK_IMG}<!-- ELSE -->{memberrow.RANK_TITLE}<!-- ENDIF --><!-- EVENT memberlist_body_rank_append --></span><!-- IF S_IN_SEARCH_POPUP and not S_SELECT_SINGLE --><input type="checkbox" name="user" value="{memberrow.USERNAME}" /> <!-- ENDIF --><!-- EVENT memberlist_body_username_prepend -->{memberrow.USERNAME_FULL}<!-- IF memberrow.S_INACTIVE --> ({L_INACTIVE})<!-- ENDIF --><!-- EVENT memberlist_body_username_append --><!-- IF S_IN_SEARCH_POPUP --><br />[ <a href="#" onclick="insert_single_user('#results', '{memberrow.A_USERNAME}'); return false;">{L_SELECT}</a> ]<!-- ENDIF --></td> <td class="posts"><!-- IF memberrow.POSTS and S_DISPLAY_SEARCH --><a href="{memberrow.U_SEARCH_USER}" title="{L_SEARCH_USER_POSTS}">{memberrow.POSTS}</a><!-- ELSE -->{memberrow.POSTS}<!-- ENDIF --></td> - <td class="info"><!-- BEGIN custom_fields --><div>{memberrow.custom_fields.PROFILE_FIELD_VALUE}</div><!-- BEGINELSE --> <!-- END custom_fields --></td> + <td class="info"> + {%- for field in memberrow.custom_fields -%} + <div>{% if field.S_PROFILE_CONTACT %}<a href="{{ field.PROFILE_FIELD_CONTACT }}">{% endif %}{{ field.PROFILE_FIELD_VALUE }}{% if field.S_PROFILE_CONTACT %}</a>{% endif %}</div> + {%- else -%} + + {%- endfor -%} + </td> <td>{memberrow.JOINED}</td> <!-- IF S_VIEWONLINE --><td>{memberrow.LAST_ACTIVE} </td><!-- ENDIF --> {% EVENT memberlist_body_memberrow_after %} diff --git a/phpBB/styles/prosilver/template/navbar_header.html b/phpBB/styles/prosilver/template/navbar_header.html index dc29285922..77f5dae0c0 100644 --- a/phpBB/styles/prosilver/template/navbar_header.html +++ b/phpBB/styles/prosilver/template/navbar_header.html @@ -160,7 +160,7 @@ </li> <!-- ENDIF --> <!-- EVENT navbar_header_user_profile_append --> - <!-- ELSE --> + <!-- ELSE IF not S_IS_BOT --> <li class="rightside" data-skip-responsive="true"> <a href="{U_LOGIN_LOGOUT}" title="{L_LOGIN_LOGOUT}" accesskey="x" role="menuitem"> <i class="icon fa-power-off fa-fw" aria-hidden="true"></i><span>{L_LOGIN_LOGOUT}</span> @@ -183,14 +183,14 @@ <!-- EVENT overall_header_breadcrumbs_before --> <li class="breadcrumbs" itemscope itemtype="http://schema.org/BreadcrumbList"> <!-- IF U_SITE_HOME --> - <span class="crumb" {$MICRODATA}><a href="{U_SITE_HOME}" itemtype="https://schema.org/Thing" itemprop="item" data-navbar-reference="home"><i class="icon fa-home fa-fw" aria-hidden="true"></i><span itemprop="name">{L_SITE_HOME}</span></a><meta itemprop="position" content="{{ navlink_position }}{% set navlink_position = navlink_position + 1 %}" /></span> + <span class="crumb" {$MICRODATA}><a href="{U_SITE_HOME}" itemtype="https://schema.org/Thing" itemscope itemprop="item" data-navbar-reference="home"><i class="icon fa-home fa-fw" aria-hidden="true"></i><span itemprop="name">{L_SITE_HOME}</span></a><meta itemprop="position" content="{{ navlink_position }}{% set navlink_position = navlink_position + 1 %}" /></span> <!-- ENDIF --> <!-- EVENT overall_header_breadcrumb_prepend --> - <span class="crumb" {$MICRODATA}><a href="{U_INDEX}" itemtype="https://schema.org/Thing" itemprop="item" accesskey="h" data-navbar-reference="index"><!-- IF not U_SITE_HOME --><i class="icon fa-home fa-fw"></i><!-- ENDIF --><span itemprop="name">{L_INDEX}</span></a><meta itemprop="position" content="{{ navlink_position }}{% set navlink_position = navlink_position + 1 %}" /></span> + <span class="crumb" {$MICRODATA}><a href="{U_INDEX}" itemtype="https://schema.org/Thing" itemscope itemprop="item" accesskey="h" data-navbar-reference="index"><!-- IF not U_SITE_HOME --><i class="icon fa-home fa-fw"></i><!-- ENDIF --><span itemprop="name">{L_INDEX}</span></a><meta itemprop="position" content="{{ navlink_position }}{% set navlink_position = navlink_position + 1 %}" /></span> <!-- BEGIN navlinks --> <!-- EVENT overall_header_navlink_prepend --> - <span class="crumb" {$MICRODATA}<!-- IF navlinks.MICRODATA --> {navlinks.MICRODATA}<!-- ENDIF -->><a href="{navlinks.U_VIEW_FORUM}" itemtype="https://schema.org/Thing" itemprop="item"><span itemprop="name">{navlinks.FORUM_NAME}</span></a><meta itemprop="position" content="{{ navlink_position }}{% set navlink_position = navlink_position + 1 %}" /></span> + <span class="crumb" {$MICRODATA}<!-- IF navlinks.MICRODATA --> {navlinks.MICRODATA}<!-- ENDIF -->><a href="{navlinks.U_VIEW_FORUM}" itemtype="https://schema.org/Thing" itemscope itemprop="item"><span itemprop="name">{navlinks.FORUM_NAME}</span></a><meta itemprop="position" content="{{ navlink_position }}{% set navlink_position = navlink_position + 1 %}" /></span> <!-- EVENT overall_header_navlink_append --> <!-- END navlinks --> <!-- EVENT overall_header_breadcrumb_append --> diff --git a/phpBB/styles/prosilver/template/overall_footer.html b/phpBB/styles/prosilver/template/overall_footer.html index bdff1a0c05..cd245decc4 100644 --- a/phpBB/styles/prosilver/template/overall_footer.html +++ b/phpBB/styles/prosilver/template/overall_footer.html @@ -17,7 +17,7 @@ </p> <!-- ENDIF --> <!-- EVENT overall_footer_copyright_append --> - <p class="footer-row"> + <p class="footer-row" role="menu"> <a class="footer-link" href="{{ U_PRIVACY }}" title="{{ lang('PRIVACY_LINK') }}" role="menuitem"> <span class="footer-link-text">{{ lang('PRIVACY_LINK') }}</span> </a> diff --git a/phpBB/styles/prosilver/template/plupload.html b/phpBB/styles/prosilver/template/plupload.html index 1eb84372e8..9425b7d769 100644 --- a/phpBB/styles/prosilver/template/plupload.html +++ b/phpBB/styles/prosilver/template/plupload.html @@ -45,7 +45,14 @@ phpbb.plupload = { max_file_size: '{FILESIZE}b', chunk_size: '{CHUNK_SIZE}b', unique_names: true, - filters: [{FILTERS}], + filters: { + mime_types: [ + {FILTERS} + ], + mime_types_max_file_size: [ + {FILTERS} + ], + }, {S_RESIZE} headers: {'X-PHPBB-USING-PLUPLOAD': '1', 'X-Requested-With': 'XMLHttpRequest'}, file_data_name: 'fileupload', @@ -57,6 +64,7 @@ phpbb.plupload = { lang: { ERROR: '{LA_ERROR}', TOO_MANY_ATTACHMENTS: '{LA_TOO_MANY_ATTACHMENTS}', + FORM_INVALID: '{LA_FORM_INVALID}', }, order: '{ATTACH_ORDER}', maxFiles: {MAX_ATTACHMENTS}, diff --git a/phpBB/styles/prosilver/template/posting_buttons.html b/phpBB/styles/prosilver/template/posting_buttons.html index 122afdf978..cb305eee4b 100644 --- a/phpBB/styles/prosilver/template/posting_buttons.html +++ b/phpBB/styles/prosilver/template/posting_buttons.html @@ -10,27 +10,6 @@ var bbtags = new Array('[b]','[/b]','[i]','[/i]','[u]','[/u]','[quote]','[/quote]','[code]','[/code]','[list]','[/list]','[list=]','[/list]','[img]','[/img]','[url]','[/url]','[flash=]', '[/flash]','[size=]','[/size]'<!-- BEGIN custom_tags -->, {custom_tags.BBCODE_NAME}<!-- END custom_tags -->); var imageTag = false; - // Helpline messages - var help_line = { - b: '{LA_BBCODE_B_HELP}', - i: '{LA_BBCODE_I_HELP}', - u: '{LA_BBCODE_U_HELP}', - q: '{LA_BBCODE_Q_HELP}', - c: '{LA_BBCODE_C_HELP}', - l: '{LA_BBCODE_L_HELP}', - o: '{LA_BBCODE_O_HELP}', - p: '{LA_BBCODE_P_HELP}', - w: '{LA_BBCODE_W_HELP}', - a: '{LA_BBCODE_A_HELP}', - s: '{LA_BBCODE_S_HELP}', - f: '{LA_BBCODE_F_HELP}', - y: '{LA_BBCODE_Y_HELP}', - d: '{LA_BBCODE_D_HELP}' - <!-- BEGIN custom_tags --> - ,cb_{custom_tags.BBCODE_ID}: '{custom_tags.A_BBCODE_HELPLINE}' - <!-- END custom_tags --> - } - function change_palette() { phpbb.toggleDisplay('colour_palette'); @@ -117,7 +96,7 @@ <!-- EVENT posting_editor_buttons_custom_tags_before --> <!-- BEGIN custom_tags --> - <button type="button" class="button button-secondary bbcode-{custom_tags.BBCODE_TAG_CLEAN}" name="addbbcode{custom_tags.BBCODE_ID}" value="{custom_tags.BBCODE_TAG}" onclick="bbstyle({custom_tags.BBCODE_ID})" title="{custom_tags.BBCODE_HELPLINE}"> + <button type="button" class="button button-secondary bbcode-{custom_tags.BBCODE_TAG_CLEAN}" name="addbbcode{custom_tags.BBCODE_ID}" value="{custom_tags.BBCODE_TAG}" onclick="bbstyle({custom_tags.BBCODE_ID})" title="{{ custom_tags.BBCODE_HELPLINE|e('html_attr') }}"> {custom_tags.BBCODE_TAG} </button> <!-- END custom_tags --> diff --git a/phpBB/styles/prosilver/template/posting_review.html b/phpBB/styles/prosilver/template/posting_review.html index 033a88485e..e5d285e7bf 100644 --- a/phpBB/styles/prosilver/template/posting_review.html +++ b/phpBB/styles/prosilver/template/posting_review.html @@ -13,7 +13,7 @@ <!-- ENDIF --> <div class="postbody" id="ppr{post_review_row.POST_ID}"> - <h3><a href="#ppr{post_review_row.POST_ID}">{post_review_row.POST_SUBJECT}</a></h3> + <h3><a href="{post_review_row.U_MINI_POST}">{post_review_row.POST_SUBJECT}</a></h3> <p class="author"> <!-- IF S_IS_BOT --> <span><i class="icon fa-file fa-fw icon-lightgray icon-md" aria-hidden="true"></i><span class="sr-only">{post_review_row.MINI_POST}</span></span> diff --git a/phpBB/styles/prosilver/template/posting_topic_review.html b/phpBB/styles/prosilver/template/posting_topic_review.html index 8faece3447..209dadf327 100644 --- a/phpBB/styles/prosilver/template/posting_topic_review.html +++ b/phpBB/styles/prosilver/template/posting_topic_review.html @@ -24,7 +24,7 @@ <!-- ENDIF --> <div class="postbody" id="pr{topic_review_row.POST_ID}"> - <h3><a href="#pr{topic_review_row.POST_ID}">{topic_review_row.POST_SUBJECT}</a></h3> + <h3><a href="{topic_review_row.U_MINI_POST}">{topic_review_row.POST_SUBJECT}</a></h3> <!-- IF (topic_review_row.POSTER_QUOTE and topic_review_row.DECODED_MESSAGE) or topic_review_row.U_MCP_DETAILS --> <ul class="post-buttons"> diff --git a/phpBB/styles/prosilver/template/search_results.html b/phpBB/styles/prosilver/template/search_results.html index 391afa4d7f..9ee13a4224 100644 --- a/phpBB/styles/prosilver/template/search_results.html +++ b/phpBB/styles/prosilver/template/search_results.html @@ -108,7 +108,7 @@ <!-- IF not S_IS_BOT --> <div class="responsive-show" style="display: none;"> - {L_LAST_POST} {L_POST_BY_AUTHOR} <!-- EVENT search_results_last_post_author_username_prepend -->{searchresults.LAST_POST_AUTHOR_FULL}<!-- EVENT search_results_last_post_author_username_append --> « <a href="{searchresults.U_LAST_POST}" title="{L_GOTO_LAST_POST}">{searchresults.LAST_POST_TIME}</a> + {L_LAST_POST} {L_POST_BY_AUTHOR} <!-- EVENT search_results_last_post_author_username_prepend -->{searchresults.LAST_POST_AUTHOR_FULL}<!-- EVENT search_results_last_post_author_username_append --> « <a href="{searchresults.U_LAST_POST}" title="{L_GOTO_LAST_POST}"><time datetime="{searchresults.LAST_POST_TIME_RFC3339}">{searchresults.LAST_POST_TIME}</time></a> <br />{L_POSTED} {L_IN} <a href="{searchresults.U_VIEW_FORUM}">{searchresults.FORUM_TITLE}</a> </div> <!-- IF searchresults.TOPIC_REPLIES --><span class="responsive-show left-box" style="display: none;">{L_REPLIES}{L_COLON} <strong>{searchresults.TOPIC_REPLIES}</strong></span><!-- ENDIF --> @@ -118,7 +118,7 @@ <!-- IF searchresults.S_HAS_POLL --><i class="icon fa-bar-chart fa-fw" aria-hidden="true"></i><!-- ENDIF --> <!-- IF searchresults.ATTACH_ICON_IMG --><i class="icon fa-paperclip fa-fw" aria-hidden="true"></i><!-- ENDIF --> {% EVENT topiclist_row_topic_by_author_before %} - {L_POST_BY_AUTHOR} <!-- EVENT search_results_topic_author_username_prepend -->{searchresults.TOPIC_AUTHOR_FULL}<!-- EVENT search_results_topic_author_username_append --> » {searchresults.FIRST_POST_TIME} » {L_IN} <a href="{searchresults.U_VIEW_FORUM}">{searchresults.FORUM_TITLE}</a> + {L_POST_BY_AUTHOR} <!-- EVENT search_results_topic_author_username_prepend -->{searchresults.TOPIC_AUTHOR_FULL}<!-- EVENT search_results_topic_author_username_append --> » <time datetime="{searchresults.FIRST_POST_TIME_RFC3339}">{searchresults.FIRST_POST_TIME}</time> » {L_IN} <a href="{searchresults.U_VIEW_FORUM}">{searchresults.FORUM_TITLE}</a> {% EVENT topiclist_row_topic_by_author_after %} </div> @@ -150,7 +150,7 @@ <i class="icon fa-external-link-square fa-fw icon-lightgray icon-md" aria-hidden="true"></i><span class="sr-only">{VIEW_LATEST_POST}</span> </a> <!-- ENDIF --> - <br />{searchresults.LAST_POST_TIME} + <br /><time datetime="{searchresults.LAST_POST_TIME_RFC3339}">{searchresults.LAST_POST_TIME}</time> </span> </dd> </dl> diff --git a/phpBB/styles/prosilver/template/ucp_profile_profile_info.html b/phpBB/styles/prosilver/template/ucp_profile_profile_info.html index 69eda8c42c..ac0cd153c2 100644 --- a/phpBB/styles/prosilver/template/ucp_profile_profile_info.html +++ b/phpBB/styles/prosilver/template/ucp_profile_profile_info.html @@ -13,7 +13,7 @@ <!-- EVENT ucp_profile_profile_info_before --> <!-- IF S_BIRTHDAYS_ENABLED --> <dl> - <dt><label for="bday_day">{L_BIRTHDAY}{L_COLON}</label><br /><span>{L_BIRTHDAY_EXPLAIN}</span></dt> + <dt><label for="bday_day">{L_BIRTHDAY}{L_COLON}{% EVENT ucp_profile_profile_info_birthday_label_append %}</label><br /><span>{L_BIRTHDAY_EXPLAIN}</span></dt> <dd> <label for="bday_day">{L_DAY}{L_COLON} <select name="bday_day" id="bday_day">{S_BIRTHDAY_DAY_OPTIONS}</select></label> <label for="bday_month">{L_MONTH}{L_COLON} <select name="bday_month" id="bday_month">{S_BIRTHDAY_MONTH_OPTIONS}</select></label> diff --git a/phpBB/styles/prosilver/template/viewforum_body.html b/phpBB/styles/prosilver/template/viewforum_body.html index 1827738019..40beb784d7 100644 --- a/phpBB/styles/prosilver/template/viewforum_body.html +++ b/phpBB/styles/prosilver/template/viewforum_body.html @@ -187,7 +187,7 @@ <!-- IF not S_IS_BOT --> <div class="responsive-show" style="display: none;"> - {L_LAST_POST} {L_POST_BY_AUTHOR} <!-- EVENT viewforum_body_last_post_author_username_prepend -->{topicrow.LAST_POST_AUTHOR_FULL}<!-- EVENT viewforum_body_last_post_author_username_append --> « <a href="{topicrow.U_LAST_POST}" title="{L_GOTO_LAST_POST}">{topicrow.LAST_POST_TIME}</a> + {L_LAST_POST} {L_POST_BY_AUTHOR} <!-- EVENT viewforum_body_last_post_author_username_prepend -->{topicrow.LAST_POST_AUTHOR_FULL}<!-- EVENT viewforum_body_last_post_author_username_append --> « <a href="{topicrow.U_LAST_POST}" title="{L_GOTO_LAST_POST}"><time datetime="{topicrow.LAST_POST_TIME_RFC3339}">{topicrow.LAST_POST_TIME}</time></a> <!-- IF topicrow.S_POST_GLOBAL and FORUM_ID != topicrow.FORUM_ID --><br />{L_POSTED} {L_IN} <a href="{topicrow.U_VIEW_FORUM}">{topicrow.FORUM_NAME}</a><!-- ENDIF --> </div> <!-- IF topicrow.REPLIES --> @@ -199,7 +199,7 @@ <!-- IF topicrow.S_HAS_POLL --><i class="icon fa-bar-chart fa-fw" aria-hidden="true"></i><!-- ENDIF --> <!-- IF topicrow.ATTACH_ICON_IMG --><i class="icon fa-paperclip fa-fw" aria-hidden="true"></i><!-- ENDIF --> {% EVENT topiclist_row_topic_by_author_before %} - {L_POST_BY_AUTHOR} <!-- EVENT viewforum_body_topic_author_username_prepend -->{topicrow.TOPIC_AUTHOR_FULL}<!-- EVENT viewforum_body_topic_author_username_append --> » {topicrow.FIRST_POST_TIME} + {L_POST_BY_AUTHOR} <!-- EVENT viewforum_body_topic_author_username_prepend -->{topicrow.TOPIC_AUTHOR_FULL}<!-- EVENT viewforum_body_topic_author_username_append --> » <time datetime="{topicrow.FIRST_POST_TIME_RFC3339}">{topicrow.FIRST_POST_TIME}</time> {% EVENT topiclist_row_topic_by_author_after %} <!-- IF topicrow.S_POST_GLOBAL and FORUM_ID != topicrow.FORUM_ID --> » {L_IN} <a href="{topicrow.U_VIEW_FORUM}">{topicrow.FORUM_NAME}</a><!-- ENDIF --> </div> @@ -232,7 +232,7 @@ <i class="icon fa-external-link-square fa-fw icon-lightgray icon-md" aria-hidden="true"></i><span class="sr-only">{VIEW_LATEST_POST}</span> </a> <!-- ENDIF --> - <br />{topicrow.LAST_POST_TIME} + <br /><time datetime="{topicrow.LAST_POST_TIME_RFC3339}">{topicrow.LAST_POST_TIME}</time> </span> </dd> </dl> diff --git a/phpBB/styles/prosilver/template/viewtopic_body.html b/phpBB/styles/prosilver/template/viewtopic_body.html index 8d7e26f099..9bfa07e52b 100644 --- a/phpBB/styles/prosilver/template/viewtopic_body.html +++ b/phpBB/styles/prosilver/template/viewtopic_body.html @@ -224,7 +224,7 @@ <div id="post_content{postrow.POST_ID}"<!-- IF postrow.S_POST_HIDDEN --> style="display: none;"<!-- ENDIF -->> <!-- EVENT viewtopic_body_post_subject_before --> - <h3 <!-- IF postrow.S_FIRST_ROW -->class="first"<!-- ENDIF -->><!-- IF postrow.POST_ICON_IMG --><img src="{T_ICONS_PATH}{postrow.POST_ICON_IMG}" width="{postrow.POST_ICON_IMG_WIDTH}" height="{postrow.POST_ICON_IMG_HEIGHT}" alt="{postrow.POST_ICON_IMG_ALT}" title="{postrow.POST_ICON_IMG_ALT}" /> <!-- ENDIF --><a href="#p{postrow.POST_ID}">{postrow.POST_SUBJECT}</a></h3> + <h3 <!-- IF postrow.S_FIRST_ROW -->class="first"<!-- ENDIF -->><!-- IF postrow.POST_ICON_IMG --><img src="{T_ICONS_PATH}{postrow.POST_ICON_IMG}" width="{postrow.POST_ICON_IMG_WIDTH}" height="{postrow.POST_ICON_IMG_HEIGHT}" alt="{postrow.POST_ICON_IMG_ALT}" title="{postrow.POST_ICON_IMG_ALT}" /> <!-- ENDIF --><a href="{postrow.U_MINI_POST}">{postrow.POST_SUBJECT}</a></h3> <!-- DEFINE $SHOW_POST_BUTTONS = (postrow.U_EDIT or postrow.U_DELETE or postrow.U_REPORT or postrow.U_WARN or postrow.U_INFO or postrow.U_QUOTE) --> <!-- EVENT viewtopic_body_post_buttons_list_before --> @@ -289,7 +289,7 @@ <i class="icon fa-file fa-fw <!-- IF postrow.S_UNREAD_POST -->icon-red<!-- ELSE -->icon-lightgray<!-- ENDIF --> icon-md" aria-hidden="true"></i><span class="sr-only">{postrow.MINI_POST}</span> </a> <!-- ENDIF --> - <span class="responsive-hide">{L_POST_BY_AUTHOR} <strong>{postrow.POST_AUTHOR_FULL}</strong> » </span>{postrow.POST_DATE} + <span class="responsive-hide">{L_POST_BY_AUTHOR} <strong>{postrow.POST_AUTHOR_FULL}</strong> » </span><time datetime="{postrow.POST_DATE_RFC3339}">{postrow.POST_DATE}</time> </p> <!-- EVENT viewtopic_body_postrow_post_details_after --> diff --git a/phpBB/viewforum.php b/phpBB/viewforum.php index 72c96e2d2d..4691512cbd 100644 --- a/phpBB/viewforum.php +++ b/phpBB/viewforum.php @@ -222,7 +222,7 @@ if ($mark_read == 'topics') $data = array( 'NO_UNREAD_POSTS' => $user->lang['NO_UNREAD_POSTS'], 'UNREAD_POSTS' => $user->lang['UNREAD_POSTS'], - 'U_MARK_TOPICS' => ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'hash=' . generate_link_hash('global') . "&f=$forum_id&mark=topics&mark_time=" . time()) : '', + 'U_MARK_TOPICS' => ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'hash=' . generate_link_hash('global') . "&f=$forum_id&mark=topics&mark_time=" . time(), false) : '', 'MESSAGE_TITLE' => $user->lang['INFORMATION'], 'MESSAGE_TEXT' => $user->lang['TOPICS_MARKED'] ); @@ -933,9 +933,12 @@ if (count($topic_list)) 'TOPIC_AUTHOR_COLOUR' => get_username_string('colour', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']), 'TOPIC_AUTHOR_FULL' => get_username_string('full', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']), 'FIRST_POST_TIME' => $user->format_date($row['topic_time']), + 'FIRST_POST_TIME_RFC3339' => gmdate(DATE_RFC3339, $row['topic_time']), 'LAST_POST_SUBJECT' => censor_text($row['topic_last_post_subject']), 'LAST_POST_TIME' => $user->format_date($row['topic_last_post_time']), + 'LAST_POST_TIME_RFC3339' => gmdate(DATE_RFC3339, $row['topic_last_post_time']), 'LAST_VIEW_TIME' => $user->format_date($row['topic_last_view_time']), + 'LAST_VIEW_TIME_RFC3339' => gmdate(DATE_RFC3339, $row['topic_last_view_time']), 'LAST_POST_AUTHOR' => get_username_string('username', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), 'LAST_POST_AUTHOR_COLOUR' => get_username_string('colour', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), 'LAST_POST_AUTHOR_FULL' => get_username_string('full', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index 0c2be8c52e..4e502538c8 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -2044,6 +2044,7 @@ for ($i = 0, $end = count($post_list); $i < $end; ++$i) 'CONTACT_USER' => $user_cache[$poster_id]['contact_user'], 'POST_DATE' => $user->format_date($row['post_time'], false, ($view == 'print') ? true : false), + 'POST_DATE_RFC3339' => gmdate(DATE_RFC3339, $row['post_time']), 'POST_SUBJECT' => $row['post_subject'], 'MESSAGE' => $message, 'SIGNATURE' => ($row['enable_sig']) ? $user_cache[$poster_id]['sig'] : '', @@ -2359,12 +2360,25 @@ if ($s_can_vote || $s_quick_reply) ($s_notify) ? $qr_hidden_fields['notify'] = 1 : true; ($topic_data['topic_status'] == ITEM_LOCKED) ? $qr_hidden_fields['lock_topic'] = 1 : true; - $template->assign_vars(array( + $tpl_ary = [ 'S_QUICK_REPLY' => true, 'U_QR_ACTION' => append_sid("{$phpbb_root_path}posting.$phpEx", "mode=reply&f=$forum_id&t=$topic_id"), 'QR_HIDDEN_FIELDS' => build_hidden_fields($qr_hidden_fields), 'SUBJECT' => 'Re: ' . censor_text($topic_data['topic_title']), - )); + ]; + + /** + * Event after the quick-reply has been setup + * + * @event core.viewtopic_modify_quick_reply_template_vars + * @var array tpl_ary Array with template data + * @var array topic_data Array with topic data + * @since 3.2.9-RC1 + */ + $vars = ['tpl_ary', 'topic_data']; + extract($phpbb_dispatcher->trigger_event('core.viewtopic_modify_quick_reply_template_vars', compact($vars))); + + $template->assign_vars($tpl_ary); } } // now I have the urge to wash my hands :( |