diff options
| author | Joas Schilling <nickvergessen@gmx.de> | 2012-12-14 18:45:04 +0100 |
|---|---|---|
| committer | Joas Schilling <nickvergessen@gmx.de> | 2012-12-14 18:45:04 +0100 |
| commit | be8140d79c3d8d34091ede40c056cd71fd4697b0 (patch) | |
| tree | 9a142497617c18cb239bd51e9869ee22d175f6b9 /phpBB/includes/functions.php | |
| parent | bd334d318fb61992cedfdb7ca1306ad670f392a4 (diff) | |
| parent | 6e25b4231e11b8d5a08c5de0b498fb27b8598809 (diff) | |
| download | forums-be8140d79c3d8d34091ede40c056cd71fd4697b0.tar forums-be8140d79c3d8d34091ede40c056cd71fd4697b0.tar.gz forums-be8140d79c3d8d34091ede40c056cd71fd4697b0.tar.bz2 forums-be8140d79c3d8d34091ede40c056cd71fd4697b0.tar.xz forums-be8140d79c3d8d34091ede40c056cd71fd4697b0.zip | |
Merge branch 'develop' of https://github.com/phpbb/phpbb3 into ticket/10714
* 'develop' of https://github.com/phpbb/phpbb3: (158 commits)
[ticket/11015] Move comment in the right place.
[ticket/11015] Correctly transform 'mysqli' etc. in phpbb_convert_30_dbms_to_31
[ticket/11015] Fix 3.0 to 3.1 dbms conversion for mysqli.
[ticket/11015] Change permission adding in database updater to new style.
[ticket/11015] Change more docblocks to phpbb_db_driver.
[ticket/11015] Installer still needs 3.0-style dbms name.
[ticket/11262] Add .lock in cache directory to .gitignore
[ticket/11015] Include functions.php because it is not always included.
[ticket/11265] Add assertions for board installation success.
[ticket/11263] Fix PHP Notice: Undefined variable: extension_manager
[ticket/11015] Convert database drivers to new spelling in post setup sync.
[ticket/11015] Convert connect test to the new syntax.
[ticket/11015] Restore whitespace to avoid conflict when merging develop.
[ticket/10975] Add a test for viewing a profile.
[ticket/10975] Test restricting by first character.
[ticket/10975] Avoid rewriting global config twice.
[ticket/10975] Test memberlist, not user creation.
[ticket/10975] Some quick tests to check the memberlist behaviour
[ticket/11162] Reformat.
[ticket/10491] Make recreate_database static.
...
Diffstat (limited to 'phpBB/includes/functions.php')
| -rw-r--r-- | phpBB/includes/functions.php | 146 |
1 files changed, 145 insertions, 1 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index d44555b7d2..cfa88257d8 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -4871,12 +4871,107 @@ function phpbb_http_login($param) } /** +* Escapes and quotes a string for use as an HTML/XML attribute value. +* +* This is a port of Python xml.sax.saxutils quoteattr. +* +* The function will attempt to choose a quote character in such a way as to +* avoid escaping quotes in the string. If this is not possible the string will +* be wrapped in double quotes and double quotes will be escaped. +* +* @param string $data The string to be escaped +* @param array $entities Associative array of additional entities to be escaped +* @return string Escaped and quoted string +*/ +function phpbb_quoteattr($data, $entities = null) +{ + $data = str_replace('&', '&', $data); + $data = str_replace('>', '>', $data); + $data = str_replace('<', '<', $data); + + $data = str_replace("\n", ' ', $data); + $data = str_replace("\r", ' ', $data); + $data = str_replace("\t", '	', $data); + + if (!empty($entities)) + { + $data = str_replace(array_keys($entities), array_values($entities), $data); + } + + if (strpos($data, '"') !== false) + { + if (strpos($data, "'") !== false) + { + $data = '"' . str_replace('"', '"', $data) . '"'; + } + else + { + $data = "'" . $data . "'"; + } + } + else + { + $data = '"' . $data . '"'; + } + + return $data; +} + +/** +* Converts query string (GET) parameters in request into hidden fields. +* +* Useful for forwarding GET parameters when submitting forms with GET method. +* +* It is possible to omit some of the GET parameters, which is useful if +* they are specified in the form being submitted. +* +* sid is always omitted. +* +* @param phpbb_request $request Request object +* @param array $exclude A list of variable names that should not be forwarded +* @return string HTML with hidden fields +*/ +function phpbb_build_hidden_fields_for_query_params($request, $exclude = null) +{ + $names = $request->variable_names(phpbb_request_interface::GET); + $hidden = ''; + foreach ($names as $name) + { + // Sessions are dealt with elsewhere, omit sid always + if ($name == 'sid') + { + continue; + } + + // Omit any additional parameters requested + if (!empty($exclude) && in_array($name, $exclude)) + { + continue; + } + + $escaped_name = phpbb_quoteattr($name); + + // Note: we might retrieve the variable from POST or cookies + // here. To avoid exposing cookies, skip variables that are + // overwritten somewhere other than GET entirely. + $value = $request->variable($name, '', true); + $get_value = $request->variable($name, '', true, phpbb_request_interface::GET); + if ($value === $get_value) + { + $escaped_value = phpbb_quoteattr($value); + $hidden .= "<input type='hidden' name=$escaped_name value=$escaped_value />"; + } + } + return $hidden; +} + +/** * Generate page header */ function page_header($page_title = '', $display_online_list = true, $item_id = 0, $item = 'forum') { global $db, $config, $template, $SID, $_SID, $_EXTRA_URL, $user, $auth, $phpEx, $phpbb_root_path; - global $phpbb_dispatcher; + global $phpbb_dispatcher, $request; if (defined('HEADER_INC')) { @@ -5065,6 +5160,8 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0 $timezone_name = $user->lang['timezones'][$timezone_name]; } + $hidden_fields_for_jumpbox = phpbb_build_hidden_fields_for_query_params($request, array('f')); + // The following assigns all _common_ variables that may be used at any point in a template. $template->assign_vars(array( 'SITENAME' => $config['sitename'], @@ -5079,6 +5176,7 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0 'RECORD_USERS' => $l_online_record, 'PRIVATE_MESSAGE_INFO' => $l_privmsgs_text, 'PRIVATE_MESSAGE_INFO_UNREAD' => $l_privmsgs_text_unread, + 'HIDDEN_FIELDS_FOR_JUMPBOX' => $hidden_fields_for_jumpbox, 'S_USER_NEW_PRIVMSG' => $user->data['user_new_privmsg'], 'S_USER_UNREAD_PRIVMSG' => $user->data['user_unread_privmsg'], @@ -5429,6 +5527,52 @@ function phpbb_to_numeric($input) } /** +* Convert either 3.0 dbms or 3.1 db driver class name to 3.1 db driver class name. +* +* If $dbms is a valid 3.1 db driver class name, returns it unchanged. +* Otherwise prepends phpbb_db_driver_ to the dbms to convert a 3.0 dbms +* to 3.1 db driver class name. +* +* @param string $dbms dbms parameter +* @return db driver class +*/ +function phpbb_convert_30_dbms_to_31($dbms) +{ + // Note: this check is done first because mysqli extension + // supplies a mysqli class, and class_exists($dbms) would return + // true for mysqli class. + // However, per the docblock any valid 3.1 driver name should be + // recognized by this function, and have priority over 3.0 dbms. + if (class_exists('phpbb_db_driver_' . $dbms)) + { + return 'phpbb_db_driver_' . $dbms; + } + + if (class_exists($dbms)) + { + // Additionally we could check that $dbms extends phpbb_db_driver. + // http://php.net/manual/en/class.reflectionclass.php + // Beware of possible performance issues: + // http://stackoverflow.com/questions/294582/php-5-reflection-api-performance + // We could check for interface implementation in all paths or + // only when we do not prepend phpbb_db_driver_. + + /* + $reflection = new \ReflectionClass($dbms); + + if ($reflection->isSubclassOf('phpbb_db_driver')) + { + return $dbms; + } + */ + + return $dbms; + } + + throw new \RuntimeException("You have specified an invalid dbms driver: $dbms"); +} + +/** * Create a Symfony Request object from phpbb_request object * * @param phpbb_request $request Request object |