From 7525c49d454e1ff4a156709ea9ecc1dc0b28dd6e Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Thu, 26 Sep 2013 15:34:44 +0200 Subject: [ticket/11852] Split filesystem and path_helper into 2 classes PHPBB3-11852 --- phpBB/includes/functions.php | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) (limited to 'phpBB/includes/functions.php') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index b3e50847fd..28c03534ea 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1056,31 +1056,32 @@ else */ function phpbb_clean_path($path) { - global $phpbb_container; + global $phpbb_path_helper, $phpbb_container; - if ($phpbb_container) + if (!$phpbb_path_helper && $phpbb_container) { - $phpbb_filesystem = $phpbb_container->get('filesystem'); + $phpbb_path_helper = $phpbb_container->get('path_helper'); } - else + else if (!$phpbb_path_helper) { // The container is not yet loaded, use a new instance - if (!class_exists('\phpbb\filesystem')) + if (!class_exists('\phpbb\path_helper')) { global $phpbb_root_path, $phpEx; - require($phpbb_root_path . 'includes/filesystem.' . $phpEx); + require($phpbb_root_path . 'phpbb/path_helper.' . $phpEx); } - $phpbb_filesystem = new phpbb\filesystem( + $phpbb_path_helper = new phpbb\path_helper( new phpbb\symfony_request( new phpbb\request\request() ), + new phpbb\filesystem(), $phpbb_root_path, $phpEx ); } - return $phpbb_filesystem->clean_path($path); + return $phpbb_path_helper->clean_path($path); } // functions used for building option fields @@ -2445,7 +2446,7 @@ function phpbb_on_page($template, $user, $base_url, $num_items, $per_page, $star */ function append_sid($url, $params = false, $is_amp = true, $session_id = false) { - global $_SID, $_EXTRA_URL, $phpbb_hook, $phpbb_filesystem; + global $_SID, $_EXTRA_URL, $phpbb_hook, $phpbb_path_helper; global $phpbb_dispatcher; if ($params === '' || (is_array($params) && empty($params))) @@ -2455,9 +2456,9 @@ function append_sid($url, $params = false, $is_amp = true, $session_id = false) } // Update the root path with the correct relative web path - if ($phpbb_filesystem instanceof \phpbb\filesystem) + if ($phpbb_path_helper instanceof \phpbb\path_helper) { - $url = $phpbb_filesystem->update_web_root_path($url); + $url = $phpbb_path_helper->update_web_root_path($url); } $append_sid_overwrite = false; @@ -5276,8 +5277,8 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0 // This path is sent with the base template paths in the assign_vars() // call below. We need to correct it in case we are accessing from a // controller because the web paths will be incorrect otherwise. - $phpbb_filesystem = $phpbb_container->get('filesystem'); - $corrected_path = $phpbb_filesystem->get_web_root_path(); + $phpbb_path_helper = $phpbb_container->get('path_helper'); + $corrected_path = $phpbb_path_helper->get_web_root_path(); $web_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? $board_url : $corrected_path; // Send a proper content-language to the output -- cgit v1.2.1 From cba28c39ad63920c05241f59ce7e1ad6b47039df Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Fri, 27 Sep 2013 01:18:28 +0200 Subject: [ticket/11873] Do not hash very large passwords in order to safe resources. PHPBB3-11873 --- phpBB/includes/functions.php | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'phpBB/includes/functions.php') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index b2b12c1445..eef4ade4e7 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -502,6 +502,13 @@ function phpbb_hash($password) */ function phpbb_check_hash($password, $hash) { + if (strlen($password) > 4096) + { + // If the password is too huge, we will simply reject it + // and not let the server try to hash it. + return false; + } + $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; if (strlen($hash) == 34) { -- cgit v1.2.1