diff options
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/includes/constants.php | 8 | ||||
| -rw-r--r-- | phpBB/includes/functions.php | 65 | ||||
| -rw-r--r-- | phpBB/includes/functions_content.php | 11 | ||||
| -rw-r--r-- | phpBB/includes/functions_user.php | 26 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_pm_compose.php | 84 | ||||
| -rw-r--r-- | phpBB/language/en/ucp.php | 1 | ||||
| -rw-r--r-- | phpBB/memberlist.php | 25 | ||||
| -rw-r--r-- | phpBB/phpbb/path_helper.php | 116 | ||||
| -rw-r--r-- | phpBB/viewtopic.php | 31 |
9 files changed, 281 insertions, 86 deletions
diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index a59b4a8add..66d2e4bd81 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -46,10 +46,10 @@ define('USER_INACTIVE', 1); define('USER_IGNORE', 2); define('USER_FOUNDER', 3); -define('INACTIVE_REGISTER', 1); -define('INACTIVE_PROFILE', 2); -define('INACTIVE_MANUAL', 3); -define('INACTIVE_REMIND', 4); +define('INACTIVE_REGISTER', 1); // Newly registered account +define('INACTIVE_PROFILE', 2); // Profile details changed +define('INACTIVE_MANUAL', 3); // Account deactivated by administrator +define('INACTIVE_REMIND', 4); // Forced user account reactivation // ACL define('ACL_NEVER', 0); diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 11cc36c294..786003a9ff 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2326,8 +2326,9 @@ function reapply_sid($url) */ function build_url($strip_vars = false) { - global $config, $user, $phpEx, $phpbb_root_path; + global $config, $user, $phpbb_path_helper; + $php_ext = $phpbb_path_helper->get_php_ext(); $page = $user->page['page']; // We need to be cautious here. @@ -2340,71 +2341,23 @@ function build_url($strip_vars = false) if ($url_parts === false || empty($url_parts['scheme']) || empty($url_parts['host'])) { // Remove 'app.php/' from the page, when rewrite is enabled - if ($config['enable_mod_rewrite'] && strpos($page, 'app.' . $phpEx . '/') === 0) + if ($config['enable_mod_rewrite'] && strpos($page, 'app.' . $php_ext . '/') === 0) { - $page = substr($page, strlen('app.' . $phpEx . '/')); + $page = substr($page, strlen('app.' . $php_ext . '/')); } - $page = $phpbb_root_path . $page; + $page = $phpbb_path_helper->get_phpbb_root_path() . $page; } // Append SID $redirect = append_sid($page, false, false); - // Add delimiter if not there... - if (strpos($redirect, '?') === false) + if ($strip_vars !== false) { - $redirect .= '?'; + $redirect = $phpbb_path_helper->strip_url_params($redirect, $strip_vars, false); } - // Strip vars... - if ($strip_vars !== false && strpos($redirect, '?') !== false) - { - if (!is_array($strip_vars)) - { - $strip_vars = array($strip_vars); - } - - $query = $_query = array(); - - $args = substr($redirect, strpos($redirect, '?') + 1); - $args = ($args) ? explode('&', $args) : array(); - $redirect = substr($redirect, 0, strpos($redirect, '?')); - - foreach ($args as $argument) - { - $arguments = explode('=', $argument); - $key = $arguments[0]; - unset($arguments[0]); - - if ($key === '') - { - continue; - } - - $query[$key] = implode('=', $arguments); - } - - // Strip the vars off - foreach ($strip_vars as $strip) - { - if (isset($query[$strip])) - { - unset($query[$strip]); - } - } - - // Glue the remaining parts together... already urlencoded - foreach ($query as $key => $value) - { - $_query[] = $key . '=' . $value; - } - $query = implode('&', $_query); - - $redirect .= ($query) ? '?' . $query : ''; - } - - return str_replace('&', '&', $redirect); + return $redirect . ((strpos($redirect, '?') === false) ? '?' : ''); } /** @@ -4902,7 +4855,6 @@ function page_header($page_title = '', $display_online_list = false, $item_id = } } - $hidden_fields_for_jumpbox = phpbb_build_hidden_fields_for_query_params($request, array('f')); $notification_mark_hash = generate_link_hash('mark_all_notifications_read'); // The following assigns all _common_ variables that may be used at any point in a template. @@ -4919,7 +4871,6 @@ function page_header($page_title = '', $display_online_list = false, $item_id = 'LOGGED_IN_USER_LIST' => $online_userlist, 'RECORD_USERS' => $l_online_record, 'PRIVATE_MESSAGE_COUNT' => (!empty($user->data['user_unread_privmsg'])) ? $user->data['user_unread_privmsg'] : 0, - 'HIDDEN_FIELDS_FOR_JUMPBOX' => $hidden_fields_for_jumpbox, 'UNREAD_NOTIFICATIONS_COUNT' => ($notifications !== false) ? $notifications['unread_count'] : '', 'NOTIFICATIONS_COUNT' => ($notifications !== false) ? $notifications['unread_count'] : '', diff --git a/phpBB/includes/functions_content.php b/phpBB/includes/functions_content.php index bb94967606..d56f02dd09 100644 --- a/phpBB/includes/functions_content.php +++ b/phpBB/includes/functions_content.php @@ -110,7 +110,7 @@ function gen_sort_selects(&$limit_days, &$sort_by_text, &$sort_days, &$sort_key, */ function make_jumpbox($action, $forum_id = false, $select_all = false, $acl_list = false, $force_display = false) { - global $config, $auth, $template, $user, $db; + global $config, $auth, $template, $user, $db, $phpbb_path_helper; // We only return if the jumpbox is not forced to be displayed (in case it is needed for functionality) if (!$config['load_jumpbox'] && $force_display === false) @@ -196,10 +196,13 @@ function make_jumpbox($action, $forum_id = false, $select_all = false, $acl_list $db->sql_freeresult($result); unset($padding_store); + $url_parts = $phpbb_path_helper->get_url_parts($action); + $template->assign_vars(array( - 'S_DISPLAY_JUMPBOX' => $display_jumpbox, - 'S_JUMPBOX_ACTION' => $action) - ); + 'S_DISPLAY_JUMPBOX' => $display_jumpbox, + 'S_JUMPBOX_ACTION' => $action, + 'HIDDEN_FIELDS_FOR_JUMPBOX' => build_hidden_fields($url_parts['params']), + )); return; } diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index dcc0d727a1..0dd1708c55 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -3455,9 +3455,12 @@ function remove_newly_registered($user_id, $user_data = false) * * @param array $user_ids Array of users' ids to check for banning, * leave empty to get complete list of banned ids +* @param bool|int $ban_end Bool True to get users currently banned +* Bool False to only get permanently banned users +* Int Unix timestamp to get users banned until that time * @return array Array of banned users' ids if any, empty array otherwise */ -function phpbb_get_banned_user_ids($user_ids = array()) +function phpbb_get_banned_user_ids($user_ids = array(), $ban_end = true) { global $db; @@ -3469,9 +3472,26 @@ function phpbb_get_banned_user_ids($user_ids = array()) $sql = 'SELECT ban_userid FROM ' . BANLIST_TABLE . " WHERE $sql_user_ids - AND ban_exclude <> 1 - AND (ban_end > " . time() . ' + AND ban_exclude <> 1"; + + if ($ban_end === true) + { + // Banned currently + $sql .= " AND (ban_end > " . time() . ' + OR ban_end = 0)'; + } + else if ($ban_end === false) + { + // Permanently banned + $sql .= " AND ban_end = 0"; + } + else + { + // Banned until a specified time + $sql .= " AND (ban_end > " . (int) $ban_end . ' OR ban_end = 0)'; + } + $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index e5a1c1b915..3219771c93 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -1226,29 +1226,81 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove // Check for disallowed recipients if (!empty($address_list['u'])) { - // We need to check their PM status (do they want to receive PM's?) - // Only check if not a moderator or admin, since they are allowed to override this user setting - if (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) + // Administrator deactivated users check and we need to check their + // PM status (do they want to receive PM's?) + // Only check PM status if not a moderator or admin, since they + // are allowed to override this user setting + $sql = 'SELECT user_id, user_allow_pm + FROM ' . USERS_TABLE . ' + WHERE ' . $db->sql_in_set('user_id', array_keys($address_list['u'])) . ' + AND (user_type = ' . USER_INACTIVE . ' + AND user_inactive_reason = ' . INACTIVE_MANUAL . ')'; + + $can_ignore_allow_pm = ($auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_')); + if (!$can_ignore_allow_pm) { - $sql = 'SELECT user_id - FROM ' . USERS_TABLE . ' - WHERE ' . $db->sql_in_set('user_id', array_keys($address_list['u'])) . ' - AND user_allow_pm = 0'; - $result = $db->sql_query($sql); + $sql .= ' OR user_allow_pm = 0'; + } - $removed = false; - while ($row = $db->sql_fetchrow($result)) + $result = $db->sql_query($sql); + + $removed_no_pm = $removed_no_permission = false; + while ($row = $db->sql_fetchrow($result)) + { + if (!$can_ignore_allow_pm && !$row['user_allow_pm']) { - $removed = true; - unset($address_list['u'][$row['user_id']]); + $removed_no_pm = true; } - $db->sql_freeresult($result); + else + { + $removed_no_permission = true; + } + + unset($address_list['u'][$row['user_id']]); + } + $db->sql_freeresult($result); - // print a notice about users not being added who do not want to receive pms - if ($removed) + // print a notice about users not being added who do not want to receive pms + if ($removed_no_pm) + { + $error[] = $user->lang['PM_USERS_REMOVED_NO_PM']; + } + + // print a notice about users not being added who do not have permission to receive PMs + if ($removed_no_permission) + { + $error[] = $user->lang['PM_USERS_REMOVED_NO_PERMISSION']; + } + + if (!sizeof(array_keys($address_list['u']))) + { + return; + } + + // Check if users have permission to read PMs + $can_read = $auth->acl_get_list(array_keys($address_list['u']), 'u_readpm'); + $can_read = (empty($can_read) || !isset($can_read[0]['u_readpm'])) ? array() : $can_read[0]['u_readpm']; + $cannot_read_list = array_diff(array_keys($address_list['u']), $can_read); + if (!empty($cannot_read_list)) + { + foreach ($cannot_read_list as $cannot_read) { - $error[] = $user->lang['PM_USERS_REMOVED_NO_PM']; + unset($address_list['u'][$cannot_read]); } + + $error[] = $user->lang['PM_USERS_REMOVED_NO_PERMISSION']; + } + + // Check if users are banned + $banned_user_list = phpbb_get_banned_user_ids(array_keys($address_list['u']), false); + if (!empty($banned_user_list)) + { + foreach ($banned_user_list as $banned_user) + { + unset($address_list['u'][$banned_user]); + } + + $error[] = $user->lang['PM_USERS_REMOVED_NO_PERMISSION']; } } } diff --git a/phpBB/language/en/ucp.php b/phpBB/language/en/ucp.php index 79d2b9fa3a..3419d34e7a 100644 --- a/phpBB/language/en/ucp.php +++ b/phpBB/language/en/ucp.php @@ -413,6 +413,7 @@ $lang = array_merge($lang, array( 'PM_SUBJECT' => 'Message subject', 'PM_TO' => 'Send to', 'PM_TOOLS' => 'Message tools', + 'PM_USERS_REMOVED_NO_PERMISSION' => 'Some users couldn’t be added as they do not have permission to read private messages.', 'PM_USERS_REMOVED_NO_PM' => 'Some users couldn’t be added as they have disabled private message receipt.', 'POST_EDIT_PM' => 'Edit message', 'POST_FORWARD_PM' => 'Forward message', diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index 63c8dc0c08..9c6b3d278f 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -1720,6 +1720,29 @@ function show_profile($data, $user_notes_enabled = false, $warn_user_enabled = f } } + if (!function_exists('phpbb_get_banned_user_ids')) + { + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + } + + // Can this user receive a Private Message? + $can_receive_pm = ( + // They must be a "normal" user + $data['user_type'] != USER_IGNORE && + + // They must not be deactivated by the administrator + ($data['user_type'] != USER_INACTIVE && $data['user_inactive_reason'] == INACTIVE_MANUAL) && + + // They must be able to read PMs + sizeof($auth->acl_get_list($user_id, 'u_readpm')) && + + // They must not be permanently banned + !sizeof(phpbb_get_banned_user_ids($user_id, false)) && + + // They must allow users to contact via PM + (($auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_')) || $data['user_allow_pm']) + ); + // Dump it out to the template $template_data = array( 'AGE' => $age, @@ -1748,7 +1771,7 @@ function show_profile($data, $user_notes_enabled = false, $warn_user_enabled = f 'U_SEARCH_USER' => ($auth->acl_get('u_search')) ? append_sid("{$phpbb_root_path}search.$phpEx", "author_id=$user_id&sr=posts") : '', 'U_NOTES' => ($user_notes_enabled && $auth->acl_getf_global('m_')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes&u=' . $user_id, true, $user->session_id) : '', 'U_WARN' => ($warn_user_enabled && $auth->acl_get('m_warn')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=warn&mode=warn_user&u=' . $user_id, true, $user->session_id) : '', - 'U_PM' => ($config['allow_privmsg'] && $auth->acl_get('u_sendpm') && ($data['user_allow_pm'] || $auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_'))) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&mode=compose&u=' . $user_id) : '', + 'U_PM' => ($config['allow_privmsg'] && $auth->acl_get('u_sendpm') && $can_receive_pm) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&mode=compose&u=' . $user_id) : '', 'U_EMAIL' => $email, 'U_JABBER' => ($data['user_jabber'] && $auth->acl_get('u_sendim')) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=contact&action=jabber&u=' . $user_id) : '', diff --git a/phpBB/phpbb/path_helper.php b/phpBB/phpbb/path_helper.php index fefef39c51..f92c2b72b2 100644 --- a/phpBB/phpbb/path_helper.php +++ b/phpBB/phpbb/path_helper.php @@ -216,4 +216,120 @@ class path_helper return $scheme . $this->filesystem->clean_path($path); } + + /** + * Glue URL parameters together + * + * @param array $params URL parameters in the form of array(name => value) + * @return string Returns the glued string, e.g. name1=value1&name2=value2 + */ + public function glue_url_params($params) + { + $_params = array(); + + foreach ($params as $key => $value) + { + $_params[] = $key . '=' . $value; + } + return implode('&', $_params); + } + + /** + * Get the base and parameters of a URL + * + * @param string $url URL to break apart + * @param bool $is_amp Is the parameter separator &. Defaults to true. + * @return array Returns the base and parameters in the form of array('base' => string, 'params' => array(name => value)) + */ + public function get_url_parts($url, $is_amp = true) + { + $separator = ($is_amp) ? '&' : '&'; + $params = array(); + + if (strpos($url, '?') !== false) + { + $base = substr($url, 0, strpos($url, '?')); + $args = substr($url, strlen($base) + 1); + $args = ($args) ? explode($separator, $args) : array(); + + foreach ($args as $argument) + { + if (empty($argument)) + { + continue; + } + list($key, $value) = explode('=', $argument, 2); + + if ($key === '') + { + continue; + } + + $params[$key] = $value; + } + } + else + { + $base = $url; + } + + return array( + 'base' => $base, + 'params' => $params, + ); + } + + /** + * Strip parameters from an already built URL. + * + * @param string $url URL to strip parameters from + * @param array|string $strip Parameters to strip. + * @param bool $is_amp Is the parameter separator &. Defaults to true. + * @return string Returns the new URL. + */ + public function strip_url_params($url, $strip, $is_amp = true) + { + $url_parts = $this->get_url_parts($url, $is_amp); + $params = $url_parts['params']; + + if (!is_array($strip)) + { + $strip = array($strip); + } + + if (!empty($params)) + { + // Strip the parameters off + foreach ($strip as $param) + { + unset($params[$param]); + } + } + + return $url_parts['base'] . (($params) ? '?' . $this->glue_url_params($params) : ''); + } + + /** + * Append parameters to an already built URL. + * + * @param string $url URL to append parameters to + * @param array $new_params Parameters to add in the form of array(name => value) + * @param string $is_amp Is the parameter separator &. Defaults to true. + * @return string Returns the new URL. + */ + public function append_url_params($url, $new_params, $is_amp = true) + { + $url_parts = $this->get_url_parts($url, $is_amp); + $params = array_merge($url_parts['params'], $new_params); + + // Move the sid to the end if it's set + if (isset($params['sid'])) + { + $sid = $params['sid']; + unset($params['sid']); + $params['sid'] = $sid; + } + + return $url_parts['base'] . (($params) ? '?' . $this->glue_url_params($params) : ''); + } } diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index 36d7533254..fc40dd65bb 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -16,6 +16,7 @@ $phpEx = substr(strrchr(__FILE__, '.'), 1); include($phpbb_root_path . 'common.' . $phpEx); include($phpbb_root_path . 'includes/functions_display.' . $phpEx); include($phpbb_root_path . 'includes/bbcode.' . $phpEx); +include($phpbb_root_path . 'includes/functions_user.' . $phpEx); // Start session management $user->session_begin(); @@ -1163,6 +1164,9 @@ while ($row = $db->sql_fetchrow($result)) $id_cache[] = $poster_id; $user_cache_data = array( + 'user_type' => $row['user_type'], + 'user_inactive_reason' => $row['user_inactive_reason'], + 'joined' => $user->format_date($row['user_regdate']), 'posts' => $row['user_posts'], 'warnings' => (isset($row['user_warnings'])) ? $row['user_warnings'] : 0, @@ -1374,6 +1378,13 @@ if ($bbcode_bitfield !== '') $bbcode = new bbcode(base64_encode($bbcode_bitfield)); } +// Get the list of users who can receive private messages +$can_receive_pm_list = $auth->acl_get_list(array_keys($user_cache), 'u_readpm'); +$can_receive_pm_list = (empty($can_receive_pm_list) || !isset($can_receive_pm_list[0]['u_readpm'])) ? array() : $can_receive_pm_list[0]['u_readpm']; + +// Get the list of permanently banned users +$permanently_banned_users = phpbb_get_banned_user_ids(array_keys($user_cache), false); + $i_total = sizeof($rowset) - 1; $prev_post_id = ''; @@ -1592,6 +1603,24 @@ for ($i = 0, $end = sizeof($post_list); $i < $end; ++$i) !$row['post_edit_locked'] ))); + // Can this user receive a Private Message? + $can_receive_pm = ( + // They must be a "normal" user + $user_cache[$poster_id]['user_type'] != USER_IGNORE && + + // They must not be deactivated by the administrator + ($user_cache[$poster_id]['user_type'] != USER_INACTIVE && $user_cache[$poster_id]['user_inactive_reason'] == INACTIVE_MANUAL) && + + // They must be able to read PMs + in_array($poster_id, $can_receive_pm_list) && + + // They must not be permanently banned + !in_array($poster_id, $permanently_banned_users) && + + // They must allow users to contact via PM + (($auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_')) || $data['user_allow_pm']) + ); + // $post_row = array( 'POST_AUTHOR_FULL' => ($poster_id != ANONYMOUS) ? $user_cache[$poster_id]['author_full'] : get_username_string('full', $poster_id, $row['username'], $row['user_colour'], $row['post_username']), @@ -1631,7 +1660,7 @@ for ($i = 0, $end = sizeof($post_list); $i < $end; ++$i) 'U_DELETE' => ($delete_allowed) ? append_sid("{$phpbb_root_path}posting.$phpEx", "mode=delete&f=$forum_id&p={$row['post_id']}") : '', 'U_SEARCH' => $user_cache[$poster_id]['search'], - 'U_PM' => ($poster_id != ANONYMOUS && $config['allow_privmsg'] && $auth->acl_get('u_sendpm') && ($user_cache[$poster_id]['allow_pm'] || $auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_'))) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&mode=compose&action=quotepost&p=' . $row['post_id']) : '', + 'U_PM' => ($config['allow_privmsg'] && $auth->acl_get('u_sendpm') && $can_receive_pm) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&mode=compose&action=quotepost&p=' . $row['post_id']) : '', 'U_EMAIL' => $user_cache[$poster_id]['email'], 'U_JABBER' => $user_cache[$poster_id]['jabber'], |