diff options
| author | Henry Sudhof <kellanved@phpbb.com> | 2007-07-13 11:58:12 +0000 |
|---|---|---|
| committer | Henry Sudhof <kellanved@phpbb.com> | 2007-07-13 11:58:12 +0000 |
| commit | c764ab621f86b56874545e75988723c0bf645b8c (patch) | |
| tree | 8d2899e4553ca52e7f27ddaf98d1b2db3d1bbde0 | |
| parent | 6ed00ffdd14a87a21d24c9300a2a8e4d48455e12 (diff) | |
| download | forums-c764ab621f86b56874545e75988723c0bf645b8c.tar forums-c764ab621f86b56874545e75988723c0bf645b8c.tar.gz forums-c764ab621f86b56874545e75988723c0bf645b8c.tar.bz2 forums-c764ab621f86b56874545e75988723c0bf645b8c.tar.xz forums-c764ab621f86b56874545e75988723c0bf645b8c.zip | |
#13331
#13329
Adding more checks - although it is really redundant by now. We can't guard against variable misuse.
git-svn-id: file:///svn/phpbb/trunk@7879 89ea8834-ac86-4346-8a33-228a782c2dd0
| -rw-r--r-- | phpBB/docs/CHANGELOG.html | 1 | ||||
| -rw-r--r-- | phpBB/includes/session.php | 22 |
2 files changed, 13 insertions, 10 deletions
diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index 157535ec7b..e303020fd0 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -222,6 +222,7 @@ p a { <li>[Fix] Display php information page with the correct direction (Bug #12557)</li> <li>[Fix] Increased the number of style objects (styles, templates, themes and imagesets) possible from 127 to 65535 for MySQL (Bug #13179)</li> <li>[Fix] Although theoretically impossible in our code, removed the chance of trying to open a file that does not exist (Bug #13327)</li> + <li>[Fix] Although theoretically impossible in our code, changed the handling of non-existent language files.(Bug #13329, Bug #13331)</li> </ul> diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 9a98f442d4..1956695e3a 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -303,7 +303,8 @@ class session $this->data['is_registered'] = ($this->data['user_id'] != ANONYMOUS && ($this->data['user_type'] == USER_NORMAL || $this->data['user_type'] == USER_FOUNDER)) ? true : false; $this->data['is_bot'] = (!$this->data['is_registered'] && $this->data['user_id'] != ANONYMOUS) ? true : false; - + $this->data['user_lang'] = basename($this->data['user_lang']); + return true; } } @@ -1208,8 +1209,8 @@ class user extends session if ($this->data['user_id'] != ANONYMOUS) { - $this->lang_name = (file_exists($phpbb_root_path . 'language/' . $this->data['user_lang'] . "/common.$phpEx")) ? $this->data['user_lang'] : $config['default_lang']; - $this->lang_path = $phpbb_root_path . 'language/' . basename($this->lang_name) . '/'; + $this->lang_name = (file_exists($phpbb_root_path . 'language/' . $this->data['user_lang'] . "/common.$phpEx")) ? $this->data['user_lang'] : basename($config['default_lang']); + $this->lang_path = $phpbb_root_path . 'language/' . $this->lang_name . '/'; $this->date_format = $this->data['user_dateformat']; $this->timezone = $this->data['user_timezone'] * 3600; @@ -1217,8 +1218,8 @@ class user extends session } else { - $this->lang_name = $config['default_lang']; - $this->lang_path = $phpbb_root_path . 'language/' . basename($this->lang_name) . '/'; + $this->lang_name = basename($config['default_lang']); + $this->lang_path = $phpbb_root_path . 'language/' . $this->lang_name . '/'; $this->date_format = $config['default_dateformat']; $this->timezone = $config['board_timezone'] * 3600; $this->dst = $config['board_dst'] * 3600; @@ -1261,12 +1262,13 @@ class user extends session } */ } - + // We include common language file here to not load it every time a custom language file is included $lang = &$this->lang; - if ((include $this->lang_path . "common.$phpEx") === false) + + if ((@include $this->lang_path . "common.$phpEx") === false) { - die("Language file " . $this->lang_path . "common.$phpEx" . " couldn't be opened."); + die('Language file ' . $this->lang_name . "/common.$phpEx" . " couldn't be opened."); } $this->add_lang($lang_set); @@ -1645,9 +1647,9 @@ class user extends session $language_filename = $this->lang_path . (($use_help) ? 'help_' : '') . $lang_file . '.' . $phpEx; } - if ((include($language_filename)) === false) + if ((@include $language_filename) === false) { - trigger_error("Language file $language_filename couldn't be opened.", E_USER_ERROR); + trigger_error('Language file ' . basename($language_filename) . ' couldn\'t be opened.', E_USER_ERROR); } } else if ($use_db) |