diff options
| author | Maat <maat-pub@mageia.biz> | 2020-05-08 18:29:30 +0200 |
|---|---|---|
| committer | Maat <maat-pub@mageia.biz> | 2020-05-08 21:36:04 +0200 |
| commit | 36bc1870f21fac04736a1049c1d5b8e127d729f4 (patch) | |
| tree | 9d102331eeaf1ef3cd23e656320d7c08e65757ed /phpBB/includes/acp/acp_modules.php | |
| parent | 8875d385d0579b451dac4d9bda465172b4f69ee0 (diff) | |
| parent | 149375253685b3a38996f63015a74b7a0f53aa14 (diff) | |
| download | forums-36bc1870f21fac04736a1049c1d5b8e127d729f4.tar forums-36bc1870f21fac04736a1049c1d5b8e127d729f4.tar.gz forums-36bc1870f21fac04736a1049c1d5b8e127d729f4.tar.bz2 forums-36bc1870f21fac04736a1049c1d5b8e127d729f4.tar.xz forums-36bc1870f21fac04736a1049c1d5b8e127d729f4.zip | |
Merge remote-tracking branch 'upstream/prep-release-3.1.11'
Diffstat (limited to 'phpBB/includes/acp/acp_modules.php')
| -rw-r--r-- | phpBB/includes/acp/acp_modules.php | 198 |
1 files changed, 120 insertions, 78 deletions
diff --git a/phpBB/includes/acp/acp_modules.php b/phpBB/includes/acp/acp_modules.php index 75bc5766a9..9d14614417 100644 --- a/phpBB/includes/acp/acp_modules.php +++ b/phpBB/includes/acp/acp_modules.php @@ -1,10 +1,13 @@ <?php /** * -* @package acp -* @version $Id$ -* @copyright (c) 2005 phpBB Group -* @license http://opensource.org/licenses/gpl-license.php GNU Public License +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. * */ @@ -26,9 +29,6 @@ if (!defined('IN_PHPBB')) * - category disabled */ -/** -* @package acp -*/ class acp_modules { var $module_class = ''; @@ -37,7 +37,7 @@ class acp_modules function main($id, $mode) { - global $db, $user, $auth, $template, $module; + global $db, $user, $auth, $template, $module, $request; global $config, $phpbb_admin_path, $phpbb_root_path, $phpEx; // Set a global define for modules we might include (the author is able to prevent execution of code by checking this constant) @@ -46,6 +46,9 @@ class acp_modules $user->add_lang('acp/modules'); $this->tpl_name = 'acp_modules'; + $form_key = 'acp_modules'; + add_form_key($form_key); + // module class $this->module_class = $mode; @@ -111,7 +114,7 @@ class acp_modules } break; - + case 'enable': case 'disable': if (!$module_id) @@ -119,6 +122,11 @@ class acp_modules trigger_error($user->lang['NO_MODULE_ID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING); } + if (!check_link_hash($request->variable('hash', ''), 'acp_modules')) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING); + } + $sql = 'SELECT * FROM ' . MODULES_TABLE . " WHERE module_class = '" . $db->sql_escape($this->module_class) . "' @@ -150,6 +158,11 @@ class acp_modules trigger_error($user->lang['NO_MODULE_ID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING); } + if (!check_link_hash($request->variable('hash', ''), 'acp_modules')) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING); + } + $sql = 'SELECT * FROM ' . MODULES_TABLE . " WHERE module_class = '" . $db->sql_escape($this->module_class) . "' @@ -170,7 +183,15 @@ class acp_modules add_log('admin', 'LOG_MODULE_' . strtoupper($action), $this->lang_name($row['module_langname']), $move_module_name); $this->remove_cache_file(); } - + + if ($request->is_ajax()) + { + $json_response = new \phpbb\json_response; + $json_response->send(array( + 'success' => ($move_module_name !== false), + )); + } + break; case 'quickadd': @@ -207,7 +228,7 @@ class acp_modules if (!sizeof($errors)) { $this->remove_cache_file(); - + trigger_error($user->lang['MODULE_ADDED'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id)); } } @@ -231,7 +252,7 @@ class acp_modules { trigger_error($user->lang['NO_MODULE_ID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING); } - + $module_row = $this->get_module_row($module_id); // no break @@ -250,7 +271,7 @@ class acp_modules 'module_auth' => '', ); } - + $module_data = array(); $module_data['module_basename'] = request_var('module_basename', (string) $module_row['module_basename']); @@ -265,6 +286,11 @@ class acp_modules if ($submit) { + if (!check_form_key($form_key)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING); + } + if (!$module_data['module_langname']) { trigger_error($user->lang['NO_MODULE_LANGNAME'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING); @@ -295,7 +321,7 @@ class acp_modules if (!sizeof($errors)) { $this->remove_cache_file(); - + trigger_error((($action == 'add') ? $user->lang['MODULE_ADDED'] : $user->lang['MODULE_EDITED']) . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id)); } } @@ -316,7 +342,7 @@ class acp_modules } // Name options - $s_name_options .= '<option value="' . $option . '"' . (($option == $module_data['module_basename']) ? ' selected="selected"' : '') . '>' . $this->lang_name($values['title']) . ' [' . $this->module_class . '_' . $option . ']</option>'; + $s_name_options .= '<option value="' . $option . '"' . (($option == $module_data['module_basename']) ? ' selected="selected"' : '') . '>' . $this->lang_name($values['title']) . ' [' . $option . ']</option>'; $template->assign_block_vars('m_names', array('NAME' => $option, 'A_NAME' => addslashes($option))); @@ -327,7 +353,7 @@ class acp_modules { $s_mode_options .= '<option value="' . $m_mode . '"' . (($m_mode == $module_data['module_mode']) ? ' selected="selected"' : '') . '>' . $this->lang_name($m_values['title']) . '</option>'; } - + $template->assign_block_vars('m_names.modes', array( 'OPTION' => $m_mode, 'VALUE' => $this->lang_name($m_values['title']), @@ -336,7 +362,7 @@ class acp_modules ); } } - + $s_cat_option = '<option value="0"' . (($module_data['parent_id'] == 0) ? ' selected="selected"' : '') . '>' . $user->lang['NO_PARENT'] . '</option>'; $template->assign_vars(array_merge(array( @@ -349,7 +375,7 @@ class acp_modules 'U_EDIT_ACTION' => $this->u_action . '&parent_id=' . $this->parent_id, 'L_TITLE' => $user->lang[strtoupper($action) . '_MODULE'], - + 'MODULENAME' => $this->lang_name($module_data['module_langname']), 'ACTION' => $action, 'MODULE_ID' => $module_id, @@ -374,6 +400,16 @@ class acp_modules // Default management page if (sizeof($errors)) { + if ($request->is_ajax()) + { + $json_response = new \phpbb\json_response; + $json_response->send(array( + 'MESSAGE_TITLE' => $user->lang('ERROR'), + 'MESSAGE_TEXT' => implode('<br />', $errors), + 'SUCCESS' => false, + )); + } + $template->assign_vars(array( 'S_ERROR' => true, 'ERROR_MSG' => implode('<br />', $errors)) @@ -442,12 +478,12 @@ class acp_modules 'S_ACP_MODULE_MANAGEMENT' => ($this->module_class == 'acp' && ($row['module_basename'] == 'modules' || $row['module_langname'] == 'ACP_MODULE_MANAGEMENT')) ? true : false, 'U_MODULE' => $this->u_action . '&parent_id=' . $row['module_id'], - 'U_MOVE_UP' => $url . '&action=move_up', - 'U_MOVE_DOWN' => $url . '&action=move_down', + 'U_MOVE_UP' => $url . '&action=move_up&hash=' . generate_link_hash('acp_modules'), + 'U_MOVE_DOWN' => $url . '&action=move_down&hash=' . generate_link_hash('acp_modules'), 'U_EDIT' => $url . '&action=edit', 'U_DELETE' => $url . '&action=delete', - 'U_ENABLE' => $url . '&action=enable', - 'U_DISABLE' => $url . '&action=disable') + 'U_ENABLE' => $url . '&action=enable&hash=' . generate_link_hash('acp_modules'), + 'U_DISABLE' => $url . '&action=disable&hash=' . generate_link_hash('acp_modules')) ); } while ($row = $db->sql_fetchrow($result)); @@ -466,8 +502,8 @@ class acp_modules 'U_EDIT' => $url . '&action=edit', 'U_DELETE' => $url . '&action=delete', - 'U_ENABLE' => $url . '&action=enable', - 'U_DISABLE' => $url . '&action=disable') + 'U_ENABLE' => $url . '&action=enable&hash=' . generate_link_hash('acp_modules'), + 'U_DISABLE' => $url . '&action=disable&hash=' . generate_link_hash('acp_modules')) ); } $db->sql_freeresult($result); @@ -480,7 +516,7 @@ class acp_modules foreach ($module_infos as $option => $values) { // Name options - $s_install_options .= '<optgroup label="' . $this->lang_name($values['title']) . ' [' . $this->module_class . '_' . $option . ']">'; + $s_install_options .= '<optgroup label="' . $this->lang_name($values['title']) . ' [' . $option . ']">'; // Build module modes foreach ($values['modes'] as $m_mode => $m_values) @@ -516,7 +552,7 @@ class acp_modules $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); - + if (!$row) { trigger_error($user->lang['NO_MODULE'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING); @@ -524,72 +560,79 @@ class acp_modules return $row; } - + /** * Get available module information from module files + * + * @param string $module + * @param bool|string $module_class + * @param bool $use_all_available Use all available instead of just all + * enabled extensions + * @return array */ - function get_module_infos($module = '', $module_class = false) + function get_module_infos($module = '', $module_class = false, $use_all_available = false) { - global $phpbb_root_path, $phpEx; - + global $phpbb_extension_manager, $phpbb_root_path, $phpEx; + $module_class = ($module_class === false) ? $this->module_class : $module_class; $directory = $phpbb_root_path . 'includes/' . $module_class . '/info/'; $fileinfo = array(); - if (!$module) - { - $dh = @opendir($directory); + $finder = $phpbb_extension_manager->get_finder($use_all_available); + + $modules = $finder + ->extension_suffix('_module') + ->extension_directory("/$module_class") + ->core_path("includes/$module_class/info/") + ->core_prefix($module_class . '_') + ->get_classes(true); - if (!$dh) + foreach ($modules as $cur_module) + { + // Skip entries we do not need if we know the module we are + // looking for + if ($module && strpos(str_replace('\\', '_', $cur_module), $module) === false && $module !== $cur_module) { - return $fileinfo; + continue; } - while (($file = readdir($dh)) !== false) - { - // Is module? - if (preg_match('/^' . $module_class . '_.+\.' . $phpEx . '$/', $file)) - { - $class = str_replace(".$phpEx", '', $file) . '_info'; + $info_class = preg_replace('/_module$/', '_info', $cur_module); - if (!class_exists($class)) - { - include($directory . $file); - } + // If the class does not exist it might be following the old + // format. phpbb_acp_info_acp_foo needs to be turned into + // acp_foo_info and the respective file has to be included + // manually because it does not support auto loading + $old_info_class_file = str_replace("phpbb_{$module_class}_info_", '', $cur_module); + $old_info_class = $old_info_class_file . '_info'; - // Get module title tag - if (class_exists($class)) - { - $c_class = new $class(); - $module_info = $c_class->module(); - $fileinfo[str_replace($module_class . '_', '', $module_info['filename'])] = $module_info; - } - } + if (class_exists($old_info_class)) + { + $info_class = $old_info_class; } - closedir($dh); - - ksort($fileinfo); - } - else - { - $filename = $module_class . '_' . basename($module); - $class = $module_class . '_' . basename($module) . '_info'; - - if (!class_exists($class)) + else if (!class_exists($info_class)) { - include($directory . $filename . '.' . $phpEx); + $info_class = $old_info_class; + // need to check class exists again because previous checks triggered autoloading + if (!class_exists($info_class) && file_exists($directory . $old_info_class_file . '.' . $phpEx)) + { + include($directory . $old_info_class_file . '.' . $phpEx); + } } - // Get module title tag - if (class_exists($class)) + if (class_exists($info_class)) { - $c_class = new $class(); - $module_info = $c_class->module(); - $fileinfo[str_replace($module_class . '_', '', $module_info['filename'])] = $module_info; + $info = new $info_class(); + $module_info = $info->module(); + + $main_class = (isset($module_info['filename'])) ? $module_info['filename'] : $cur_module; + + $fileinfo[$main_class] = $module_info; } } - + + ksort($fileinfo); + return $fileinfo; } @@ -717,15 +760,15 @@ class acp_modules */ function remove_cache_file() { - global $cache; + global $phpbb_container; // Sanitise for future path use, it's escaped as appropriate for queries $p_class = str_replace(array('.', '/', '\\'), '', basename($this->module_class)); - - $cache->destroy('_modules_' . $p_class); + + $phpbb_container->get('cache.driver')->destroy('_modules_' . $p_class); // Additionally remove sql cache - $cache->destroy('sql', MODULES_TABLE); + $phpbb_container->get('cache.driver')->destroy('sql', MODULES_TABLE); } /** @@ -741,7 +784,8 @@ class acp_modules /** * Update/Add module * - * @param bool $run_inline if set to true errors will be returned and no logs being written + * @param array &$module_data The module data + * @param bool $run_inline if set to true errors will be returned and no logs being written */ function update_module_data(&$module_data, $run_inline = false) { @@ -862,7 +906,7 @@ class acp_modules $diff = sizeof($moved_modules) * 2; $moved_ids = array(); - for ($i = 0; $i < sizeof($moved_modules); ++$i) + for ($i = 0, $size = sizeof($moved_modules); $i < $size; ++$i) { $moved_ids[] = $moved_modules[$i]['module_id']; } @@ -1061,5 +1105,3 @@ class acp_modules return $this->lang_name($target['module_langname']); } } - -?>
\ No newline at end of file |