Merge branch 'develop' of https://github.com/phpbb/phpbb into ticket/11997

Conflicts: tests/functional/fixtures/ext/foo/bar/config/services.yml
author: Marc Alexander <admin@m-a-styles.de> 2013-12-07 13:32:19 +0100
committer: Marc Alexander <admin@m-a-styles.de> 2013-12-07 13:32:19 +0100
commit: 47ea6bc9e61c71f6d54df848b6c61ace052d9e2a (patch)
tree: 9a4181d1c3c2d045abc1575634480d2ab5b1a634 /phpBB/includes/acp
parent: f32a30eecacba212850a11b7b4740d0a69bd49de (diff)
parent: 71169de8230812f2d05b87bfba42331e04663b81 (diff)
download: forums-47ea6bc9e61c71f6d54df848b6c61ace052d9e2a.tar
forums-47ea6bc9e61c71f6d54df848b6c61ace052d9e2a.tar.gz
forums-47ea6bc9e61c71f6d54df848b6c61ace052d9e2a.tar.bz2
forums-47ea6bc9e61c71f6d54df848b6c61ace052d9e2a.tar.xz
forums-47ea6bc9e61c71f6d54df848b6c61ace052d9e2a.zip
4 files changed, 73 insertions, 44 deletions
diff --git a/phpBB/includes/acp/acp_extensions.php b/phpBB/includes/acp/acp_extensions.php
index c5c17cb559..c21c9f4e9d 100644
--- a/phpBB/includes/acp/acp_extensions.php
+++ b/phpBB/includes/acp/acp_extensions.php
@@ -55,6 +55,11 @@ class acp_extensions
 			$ext_name = '';
 		}
 
+		if (in_array($action, array('enable', 'disable', 'delete_data')) && !check_link_hash($request->variable('hash', ''), $action . '.' . $ext_name))
+		{
+			trigger_error('FORM_INVALID', E_USER_WARNING);
+		}
+
 		// If they've specified an extension, let's load the metadata manager and validate it.
 		if ($ext_name)
 		{
@@ -98,7 +103,7 @@ class acp_extensions
 				$template->assign_vars(array(
 					'PRE'				=> true,
 					'L_CONFIRM_MESSAGE'	=> $this->user->lang('EXTENSION_ENABLE_CONFIRM', $md_manager->get_metadata('display-name')),
-					'U_ENABLE'			=> $this->u_action . '&amp;action=enable&amp;ext_name=' . urlencode($ext_name),
+					'U_ENABLE'			=> $this->u_action . '&amp;action=enable&amp;ext_name=' . urlencode($ext_name) . '&amp;hash=' . generate_link_hash('enable.' . $ext_name),
 				));
 			break;
 
@@ -117,7 +122,7 @@ class acp_extensions
 						{
 							$template->assign_var('S_NEXT_STEP', true);
 
-							meta_refresh(0, $this->u_action . '&amp;action=enable&amp;ext_name=' . urlencode($ext_name));
+							meta_refresh(0, $this->u_action . '&amp;action=enable&amp;ext_name=' . urlencode($ext_name) . '&amp;hash=' . generate_link_hash('enable.' . $ext_name));
 						}
 					}
 				}
@@ -144,7 +149,7 @@ class acp_extensions
 				$template->assign_vars(array(
 					'PRE'				=> true,
 					'L_CONFIRM_MESSAGE'	=> $this->user->lang('EXTENSION_DISABLE_CONFIRM', $md_manager->get_metadata('display-name')),
-					'U_DISABLE'			=> $this->u_action . '&amp;action=disable&amp;ext_name=' . urlencode($ext_name),
+					'U_DISABLE'			=> $this->u_action . '&amp;action=disable&amp;ext_name=' . urlencode($ext_name) . '&amp;hash=' . generate_link_hash('disable.' . $ext_name),
 				));
 			break;
 
@@ -156,7 +161,7 @@ class acp_extensions
 					{
 						$template->assign_var('S_NEXT_STEP', true);
 
-						meta_refresh(0, $this->u_action . '&amp;action=disable&amp;ext_name=' . urlencode($ext_name));
+						meta_refresh(0, $this->u_action . '&amp;action=disable&amp;ext_name=' . urlencode($ext_name) . '&amp;hash=' . generate_link_hash('disable.' . $ext_name));
 					}
 				}
 
@@ -177,7 +182,7 @@ class acp_extensions
 				$template->assign_vars(array(
 					'PRE'				=> true,
 					'L_CONFIRM_MESSAGE'	=> $this->user->lang('EXTENSION_DELETE_DATA_CONFIRM', $md_manager->get_metadata('display-name')),
-					'U_PURGE'			=> $this->u_action . '&amp;action=delete_data&amp;ext_name=' . urlencode($ext_name),
+					'U_PURGE'			=> $this->u_action . '&amp;action=delete_data&amp;ext_name=' . urlencode($ext_name) . '&amp;hash=' . generate_link_hash('delete_data.' . $ext_name),
 				));
 			break;
 
@@ -191,7 +196,7 @@ class acp_extensions
 						{
 							$template->assign_var('S_NEXT_STEP', true);
 
-							meta_refresh(0, $this->u_action . '&amp;action=delete_data&amp;ext_name=' . urlencode($ext_name));
+							meta_refresh(0, $this->u_action . '&amp;action=delete_data&amp;ext_name=' . urlencode($ext_name) . '&amp;hash=' . generate_link_hash('delete_data.' . $ext_name));
 						}
 					}
 				}
diff --git a/phpBB/includes/acp/acp_groups.php b/phpBB/includes/acp/acp_groups.php
index ad29a5521b..b36ea1a8d8 100644
--- a/phpBB/includes/acp/acp_groups.php
+++ b/phpBB/includes/acp/acp_groups.php
@@ -324,7 +324,11 @@ class acp_groups
 					$avatar_drivers = $phpbb_avatar_manager->get_enabled_drivers();
 
 					// This is normalised data, without the group_ prefix
-					$avatar_data = \phpbb\avatar\manager::clean_row($group_row);
+					$avatar_data = \phpbb\avatar\manager::clean_row($group_row, 'group');
+					if (!isset($avatar_data['id']))
+					{
+						$avatar_data['id'] = 'g' . $group_id;
+					}
 				}
 
 
@@ -379,7 +383,7 @@ class acp_groups
 						}
 						else
 						{
-							$driver = $phpbb_avatar_manager->get_driver($user->data['user_avatar_type']);
+							$driver = $phpbb_avatar_manager->get_driver($avatar_data['avatar_type']);
 							if ($driver)
 							{
 								$driver->delete($avatar_data);
@@ -657,7 +661,6 @@ class acp_groups
 					'GROUP_HIDDEN'		=> $type_hidden,
 
 					'U_BACK'			=> $u_back,
-					'U_SWATCH'			=> append_sid("{$phpbb_admin_path}swatch.$phpEx", 'form=settings&amp;name=group_colour'),
 					'U_ACTION'			=> "{$this->u_action}&amp;action=$action&amp;g=$group_id",
 					'L_AVATAR_EXPLAIN'	=> phpbb_avatar_explanation_string(),
 				));
diff --git a/phpBB/includes/acp/acp_prune.php b/phpBB/includes/acp/acp_prune.php
index 4234ec1505..5d9080b55b 100644
--- a/phpBB/includes/acp/acp_prune.php
+++ b/phpBB/includes/acp/acp_prune.php
@@ -331,23 +331,30 @@ class acp_prune
 			$s_find_active_time .= '<option value="' . $key . '">' . $value . '</option>';
 		}
 
-		$s_group_list = '<option value="0"></option>';
 		$sql = 'SELECT group_id, group_name
 			FROM ' . GROUPS_TABLE . '
 			WHERE group_type <> ' . GROUP_SPECIAL . '
 			ORDER BY group_name ASC';
 		$result = $db->sql_query($sql);
 
+		$s_group_list = '';
 		while ($row = $db->sql_fetchrow($result))
 		{
 			$s_group_list .= '<option value="' . $row['group_id'] . '">' . $row['group_name'] . '</option>';
 		}
 		$db->sql_freeresult($result);
 
+		if ($s_group_list)
+		{
+			// Only prepend the "All groups" option if there are groups,
+			// otherwise we don't want to display this option at all.
+			$s_group_list = '<option value="0">' . $user->lang['PRUNE_USERS_GROUP_NONE'] . '</option>' . $s_group_list;
+		}
+
 		$template->assign_vars(array(
 			'U_ACTION'			=> $this->u_action,
 			'S_ACTIVE_OPTIONS'	=> $s_find_active_time,
-			'S_GROUP_LIST'      => $s_group_list,
+			'S_GROUP_LIST'		=> $s_group_list,
 			'S_COUNT_OPTIONS'	=> $s_find_count,
 			'U_FIND_USERNAME'	=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&amp;form=acp_prune&amp;field=users'),
 		));
@@ -358,12 +365,12 @@ class acp_prune
 	*/
 	function get_prune_users(&$user_ids, &$usernames)
 	{
-		global $user, $db;
+		global $user, $db, $request;
 
 		$users_by_name = request_var('users', '', true);
 		$users_by_id = request_var('user_ids', array(0));
 		$group_id = request_var('group_id', 0);
-		$posts_on_queue = request_var('posts_on_queue', 0);
+		$posts_on_queue = (trim($request->variable('posts_on_queue', '')) === '') ? false : $request->variable('posts_on_queue', 0);
 
 		if ($users_by_name)
 		{
@@ -450,8 +457,8 @@ class acp_prune
 			}
 		}
 
-		// Protect the admin, do not prune if no options are given...
-		if (!$where_sql)
+		// If no search criteria were provided, go no further.
+		if (!$where_sql && !$group_id && $posts_on_queue === false)
 		{
 			return;
 		}
@@ -468,34 +475,40 @@ class acp_prune
 		}
 		$db->sql_freeresult($result);
 
-		// Do not prune founder members
-		$sql = 'SELECT user_id, username
-			FROM ' . USERS_TABLE . '
-			WHERE user_id <> ' . ANONYMOUS . '
-				AND user_type <> ' . USER_FOUNDER . "
-			$where_sql";
-		$result = $db->sql_query($sql);
+		// Protect the admin, do not prune if no options are given...
+		if ($where_sql)
+		{
+			// Do not prune founder members
+			$sql = 'SELECT user_id, username
+				FROM ' . USERS_TABLE . '
+				WHERE user_id <> ' . ANONYMOUS . '
+					AND user_type <> ' . USER_FOUNDER . "
+				$where_sql";
+			$result = $db->sql_query($sql);
 
-		$user_ids = $usernames = array();
+			$user_ids = $usernames = array();
 
-		while ($row = $db->sql_fetchrow($result))
-		{
-			// Do not prune bots and the user currently pruning.
-			if ($row['user_id'] != $user->data['user_id'] && !in_array($row['user_id'], $bot_ids))
+			while ($row = $db->sql_fetchrow($result))
 			{
-				$user_ids[] = $row['user_id'];
-				$usernames[$row['user_id']] = $row['username'];
+				// Do not prune bots and the user currently pruning.
+				if ($row['user_id'] != $user->data['user_id'] && !in_array($row['user_id'], $bot_ids))
+				{
+					$user_ids[] = $row['user_id'];
+					$usernames[$row['user_id']] = $row['username'];
+				}
 			}
+			$db->sql_freeresult($result);
 		}
-		$db->sql_freeresult($result);
 
 		if ($group_id)
 		{
 			$sql = 'SELECT u.user_id, u.username
 				FROM ' . USER_GROUP_TABLE . ' ug, ' . USERS_TABLE . ' u
 				WHERE ug.group_id = ' . (int) $group_id . '
-					AND ug.user_pending = 0
-					AND ' . $db->sql_in_set('ug.user_id', $user_ids, false, true) . '
+					AND ug.user_id <> ' . ANONYMOUS . '
+					AND u.user_type <> ' . USER_FOUNDER . '
+					AND ug.user_pending = 0 ' .
+					((!empty($user_ids)) ? 'AND ' . $db->sql_in_set('ug.user_id', $user_ids) : '') . '
 					AND u.user_id = ug.user_id';
 			$result = $db->sql_query($sql);
 
@@ -505,28 +518,39 @@ class acp_prune
 			$user_ids = $usernames = array();
 			while ($row = $db->sql_fetchrow($result))
 			{
-				$user_ids[] = $row['user_id'];
-				$usernames[$row['user_id']] = $row['username'];
+				// Do not prune bots and the user currently pruning.
+				if ($row['user_id'] != $user->data['user_id'] && !in_array($row['user_id'], $bot_ids))
+				{
+					$user_ids[] = $row['user_id'];
+					$usernames[$row['user_id']] = $row['username'];
+				}
 			}
 			$db->sql_freeresult($result);
 		}
 
-		if ($posts_on_queue)
+		if ($posts_on_queue !== false)
 		{
 			$sql = 'SELECT u.user_id, u.username, COUNT(p.post_id) AS queue_posts
 				FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . ' u
-				WHERE ' . $db->sql_in_set('p.poster_id', $user_ids, false, true) . '
+				WHERE u.user_id <> ' . ANONYMOUS . '
+					AND u.user_type <> ' . USER_FOUNDER .
+					((!empty($user_ids)) ? 'AND ' . $db->sql_in_set('p.poster_id', $user_ids) : '') . '
+					AND p.post_visibility = ' . ITEM_UNAPPROVED . '
 					AND u.user_id = p.poster_id
 				GROUP BY p.poster_id
 				HAVING queue_posts ' . $key_match[$queue_select] . ' ' . $posts_on_queue;
-			$result = $db->sql_query($result);
+			$result = $db->sql_query($sql);
 
 			// same intersection logic as the above group ID portion
 			$user_ids = $usernames = array();
 			while ($row = $db->sql_fetchrow($result))
 			{
-				$user_ids[] = $row['user_id'];
-				$usernames[$row['user_id']] = $row['username'];
+				// Do not prune bots and the user currently pruning.
+				if ($row['user_id'] != $user->data['user_id'] && !in_array($row['user_id'], $bot_ids))
+				{
+					$user_ids[] = $row['user_id'];
+					$usernames[$row['user_id']] = $row['username'];
+				}
 			}
 			$db->sql_freeresult($result);
 		}
diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php
index fd9c17f171..1a7bc2d186 100644
--- a/phpBB/includes/acp/acp_users.php
+++ b/phpBB/includes/acp/acp_users.php
@@ -1512,7 +1512,6 @@ class acp_users
 					'hideonline'		=> request_var('hideonline', !$user_row['user_allow_viewonline']),
 					'notifymethod'		=> request_var('notifymethod', $user_row['user_notify_type']),
 					'notifypm'			=> request_var('notifypm', $user_row['user_notify_pm']),
-					'popuppm'			=> request_var('popuppm', $this->optionget($user_row, 'popuppm')),
 					'allowpm'			=> request_var('allowpm', $user_row['user_allow_pm']),
 
 					'topic_sk'			=> request_var('topic_sk', ($user_row['user_topic_sortby_type']) ? $user_row['user_topic_sortby_type'] : 't'),
@@ -1556,7 +1555,6 @@ class acp_users
 
 					if (!sizeof($error))
 					{
-						$this->optionset($user_row, 'popuppm', $data['popuppm']);
 						$this->optionset($user_row, 'viewimg', $data['view_images']);
 						$this->optionset($user_row, 'viewflash', $data['view_flash']);
 						$this->optionset($user_row, 'viewsmilies', $data['view_smilies']);
@@ -1699,7 +1697,6 @@ class acp_users
 					'NOTIFY_IM'			=> ($data['notifymethod'] == NOTIFY_IM) ? true : false,
 					'NOTIFY_BOTH'		=> ($data['notifymethod'] == NOTIFY_BOTH) ? true : false,
 					'NOTIFY_PM'			=> $data['notifypm'],
-					'POPUP_PM'			=> $data['popuppm'],
 					'BBCODE'			=> $data['bbcode'],
 					'SMILIES'			=> $data['smilies'],
 					'ATTACH_SIG'		=> $data['sig'],
@@ -1745,7 +1742,7 @@ class acp_users
 					$avatar_drivers = $phpbb_avatar_manager->get_enabled_drivers();
 
 					// This is normalised data, without the user_ prefix
-					$avatar_data = \phpbb\avatar\manager::clean_row($user_row);
+					$avatar_data = \phpbb\avatar\manager::clean_row($user_row, 'user');
 
 					if ($submit)
 					{
@@ -1778,7 +1775,7 @@ class acp_users
 							}
 							else
 							{
-								$driver = $phpbb_avatar_manager->get_driver($user->data['user_avatar_type']);
+								$driver = $phpbb_avatar_manager->get_driver($avatar_data['avatar_type']);
 								if ($driver)
 								{
 									$driver->delete($avatar_data);
author	Marc Alexander <admin@m-a-styles.de>	2013-12-07 13:32:19 +0100
committer	Marc Alexander <admin@m-a-styles.de>	2013-12-07 13:32:19 +0100
commit	47ea6bc9e61c71f6d54df848b6c61ace052d9e2a (patch)
tree	9a4181d1c3c2d045abc1575634480d2ab5b1a634 /phpBB/includes/acp
parent	f32a30eecacba212850a11b7b4740d0a69bd49de (diff)
parent	71169de8230812f2d05b87bfba42331e04663b81 (diff)
download	forums-47ea6bc9e61c71f6d54df848b6c61ace052d9e2a.tar forums-47ea6bc9e61c71f6d54df848b6c61ace052d9e2a.tar.gz forums-47ea6bc9e61c71f6d54df848b6c61ace052d9e2a.tar.bz2 forums-47ea6bc9e61c71f6d54df848b6c61ace052d9e2a.tar.xz forums-47ea6bc9e61c71f6d54df848b6c61ace052d9e2a.zip