diff options
| author | Meik Sievertsen <acydburn@phpbb.com> | 2008-05-29 12:25:56 +0000 |
|---|---|---|
| committer | Meik Sievertsen <acydburn@phpbb.com> | 2008-05-29 12:25:56 +0000 |
| commit | 2f4a618900e2c3b6ea14c68cbeb5897cd2ac1a04 (patch) | |
| tree | 3b7ea329bf35eab5ddab9b0b5eb790e45e283a5c /phpBB/includes/functions_posting.php | |
| parent | 91b4fe1868ca2c4d81111943f781e3cfd0262ef2 (diff) | |
| download | forums-2f4a618900e2c3b6ea14c68cbeb5897cd2ac1a04.tar forums-2f4a618900e2c3b6ea14c68cbeb5897cd2ac1a04.tar.gz forums-2f4a618900e2c3b6ea14c68cbeb5897cd2ac1a04.tar.bz2 forums-2f4a618900e2c3b6ea14c68cbeb5897cd2ac1a04.tar.xz forums-2f4a618900e2c3b6ea14c68cbeb5897cd2ac1a04.zip | |
ok... i hope i haven't messed too much with the code and everything is still working.
Changes:
- Ascraeus now uses constants for the phpbb root path and the php extension. This ensures more security for external applications and modifications (no more overwriting of root path and extension possible through insecure mods and register globals enabled) as well as no more globalizing needed.
- A second change implemented here is an additional short-hand-notation for append_sid(). It is allowed to omit the root path and extension now (for example calling append_sid('memberlist')) - in this case the root path and extension get added automatically. The hook is called after these are added.
git-svn-id: file:///svn/phpbb/trunk@8572 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/functions_posting.php')
| -rw-r--r-- | phpBB/includes/functions_posting.php | 67 |
1 files changed, 31 insertions, 36 deletions
diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index 877ba8c912..df5609edf1 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -22,7 +22,6 @@ if (!defined('IN_PHPBB')) function generate_smilies($mode, $forum_id) { global $auth, $db, $user, $config, $template; - global $phpEx, $phpbb_root_path; if ($mode == 'window') { @@ -89,7 +88,7 @@ function generate_smilies($mode, $forum_id) $template->assign_block_vars('smiley', array( 'SMILEY_CODE' => $row['code'], 'A_SMILEY_CODE' => addslashes($row['code']), - 'SMILEY_IMG' => $phpbb_root_path . $config['smilies_path'] . '/' . $row['smiley_url'], + 'SMILEY_IMG' => PHPBB_ROOT_PATH . $config['smilies_path'] . '/' . $row['smiley_url'], 'SMILEY_WIDTH' => $row['smiley_width'], 'SMILEY_HEIGHT' => $row['smiley_height'], 'SMILEY_DESC' => $row['emotion']) @@ -101,7 +100,7 @@ function generate_smilies($mode, $forum_id) { $template->assign_vars(array( 'S_SHOW_SMILEY_LINK' => true, - 'U_MORE_SMILIES' => append_sid("{$phpbb_root_path}posting.$phpEx", 'mode=smilies&f=' . $forum_id)) + 'U_MORE_SMILIES' => append_sid('posting', 'mode=smilies&f=' . $forum_id)) ); } @@ -246,7 +245,7 @@ function update_post_information($type, $ids, $return_update_sql = false) */ function posting_gen_topic_icons($mode, $icon_id) { - global $phpbb_root_path, $config, $template, $cache; + global $config, $template, $cache; // Grab icons $icons = cache::obtain_icons(); @@ -264,7 +263,7 @@ function posting_gen_topic_icons($mode, $icon_id) { $template->assign_block_vars('topic_icon', array( 'ICON_ID' => $id, - 'ICON_IMG' => $phpbb_root_path . $config['icons_path'] . '/' . $data['img'], + 'ICON_IMG' => PHPBB_ROOT_PATH . $config['icons_path'] . '/' . $data['img'], 'ICON_WIDTH' => $data['width'], 'ICON_HEIGHT' => $data['height'], @@ -349,13 +348,12 @@ function posting_gen_topic_types($forum_id, $cur_topic_type = POST_NORMAL) function upload_attachment($form_name, $forum_id, $local = false, $local_storage = '', $is_message = false, $local_filedata = false) { global $auth, $user, $config, $db, $cache; - global $phpbb_root_path, $phpEx; $filedata = array( 'error' => array() ); - include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx); + include_once(PHPBB_ROOT_PATH . 'includes/functions_upload.' . PHP_EXT); $upload = new fileupload(); if ($config['check_attachment_content']) @@ -463,7 +461,7 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage } // Check free disk space - if ($free_space = @disk_free_space($phpbb_root_path . $config['upload_path'])) + if ($free_space = @disk_free_space(PHPBB_ROOT_PATH . $config['upload_path'])) { if ($free_space <= $file->get('filesize')) { @@ -763,7 +761,7 @@ function posting_gen_inline_attachments(&$attachment_data) */ function posting_gen_attachment_entry($attachment_data, &$filename_data) { - global $template, $config, $phpbb_root_path, $phpEx, $user; + global $template, $config, $user; $template->assign_vars(array( 'S_SHOW_ATTACH_BOX' => true) @@ -788,7 +786,7 @@ function posting_gen_attachment_entry($attachment_data, &$filename_data) $hidden .= '<input type="hidden" name="attachment_data[' . $count . '][' . $key . ']" value="' . $value . '" />'; } - $download_link = append_sid("{$phpbb_root_path}download/file.$phpEx", 'mode=view&id=' . (int) $attach_row['attach_id'], true, ($attach_row['is_orphan']) ? $user->session_id : false); + $download_link = append_sid('download/file', 'mode=view&id=' . (int) $attach_row['attach_id'], true, ($attach_row['is_orphan']) ? $user->session_id : false); $template->assign_block_vars('attach_row', array( 'FILENAME' => basename($attach_row['real_filename']), @@ -822,7 +820,6 @@ function posting_gen_attachment_entry($attachment_data, &$filename_data) function load_drafts($topic_id = 0, $forum_id = 0, $id = 0) { global $user, $db, $template, $auth; - global $phpbb_root_path, $phpEx; $topic_ids = $forum_ids = $draft_rows = array(); @@ -895,24 +892,24 @@ function load_drafts($topic_id = 0, $forum_id = 0, $id = 0) $topic_forum_id = ($topic_rows[$draft['topic_id']]['forum_id']) ? $topic_rows[$draft['topic_id']]['forum_id'] : $forum_id; $link_topic = true; - $view_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $topic_forum_id . '&t=' . $draft['topic_id']); + $view_url = append_sid('viewtopic', 'f=' . $topic_forum_id . '&t=' . $draft['topic_id']); $title = $topic_rows[$draft['topic_id']]['topic_title']; - $insert_url = append_sid("{$phpbb_root_path}posting.$phpEx", 'f=' . $topic_forum_id . '&t=' . $draft['topic_id'] . '&mode=reply&d=' . $draft['draft_id']); + $insert_url = append_sid('posting', 'f=' . $topic_forum_id . '&t=' . $draft['topic_id'] . '&mode=reply&d=' . $draft['draft_id']); } else if ($draft['forum_id'] && $auth->acl_get('f_read', $draft['forum_id'])) { $link_forum = true; - $view_url = append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $draft['forum_id']); + $view_url = append_sid('viewforum', 'f=' . $draft['forum_id']); $title = $draft['forum_name']; - $insert_url = append_sid("{$phpbb_root_path}posting.$phpEx", 'f=' . $draft['forum_id'] . '&mode=post&d=' . $draft['draft_id']); + $insert_url = append_sid('posting', 'f=' . $draft['forum_id'] . '&mode=post&d=' . $draft['draft_id']); } else { // Either display as PM draft if forum_id and topic_id are empty or if access to the forums has been denied afterwards... $link_pm = true; - $insert_url = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=$id&mode=compose&d={$draft['draft_id']}"); + $insert_url = append_sid('ucp', "i=$id&mode=compose&d={$draft['draft_id']}"); } $template->assign_block_vars('draftrow', array( @@ -936,8 +933,7 @@ function load_drafts($topic_id = 0, $forum_id = 0, $id = 0) */ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id = 0, $show_quote_button = true) { - global $user, $auth, $db, $template, $bbcode, $cache; - global $config, $phpbb_root_path, $phpEx; + global $user, $auth, $db, $template, $bbcode, $cache, $config; // Go ahead and pull all data for this topic $sql = 'SELECT p.post_id @@ -995,7 +991,7 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id // Instantiate BBCode class if (!isset($bbcode) && $bbcode_bitfield !== '') { - include_once($phpbb_root_path . 'includes/bbcode.' . $phpEx); + include_once(PHPBB_ROOT_PATH . 'includes/bbcode.' . PHP_EXT); $bbcode = new bbcode(base64_encode($bbcode_bitfield)); } @@ -1075,8 +1071,8 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id 'MESSAGE' => $message, 'DECODED_MESSAGE' => $decoded_message, 'POST_ID' => $row['post_id'], - 'U_MINI_POST' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'p=' . $row['post_id']) . '#p' . $row['post_id'], - 'U_MCP_DETAILS' => ($auth->acl_get('m_info', $forum_id)) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main&mode=post_details&f=' . $forum_id . '&p=' . $row['post_id'], true, $user->session_id) : '', + 'U_MINI_POST' => append_sid('viewtopic', 'p=' . $row['post_id']) . '#p' . $row['post_id'], + 'U_MCP_DETAILS' => ($auth->acl_get('m_info', $forum_id)) ? append_sid('mcp', 'i=main&mode=post_details&f=' . $forum_id . '&p=' . $row['post_id'], true, $user->session_id) : '', 'POSTER_QUOTE' => ($show_quote_button && $auth->acl_get('f_reply', $forum_id)) ? addslashes(get_username_string('username', $poster_id, $row['username'], $row['user_colour'], $row['post_username'])) : '') ); @@ -1107,7 +1103,7 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id */ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id, $topic_id, $post_id) { - global $db, $user, $config, $phpbb_root_path, $phpEx, $auth; + global $db, $user, $config, $auth; $topic_notification = ($mode == 'reply' || $mode == 'quote') ? true : false; $forum_notification = ($mode == 'post') ? true : false; @@ -1238,7 +1234,7 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id // Now, we are able to really send out notifications if (sizeof($msg_users)) { - include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); + include_once(PHPBB_ROOT_PATH . 'includes/functions_messenger.' . PHP_EXT); $messenger = new messenger(); $msg_list_ary = array(); @@ -1268,11 +1264,11 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id 'TOPIC_TITLE' => htmlspecialchars_decode($topic_title), 'FORUM_NAME' => htmlspecialchars_decode($forum_name), - 'U_FORUM' => generate_board_url() . "/viewforum.$phpEx?f=$forum_id", - 'U_TOPIC' => generate_board_url() . "/viewtopic.$phpEx?f=$forum_id&t=$topic_id", - 'U_NEWEST_POST' => generate_board_url() . "/viewtopic.$phpEx?f=$forum_id&t=$topic_id&p=$post_id&e=$post_id", - 'U_STOP_WATCHING_TOPIC' => generate_board_url() . "/viewtopic.$phpEx?f=$forum_id&t=$topic_id&unwatch=topic", - 'U_STOP_WATCHING_FORUM' => generate_board_url() . "/viewforum.$phpEx?f=$forum_id&unwatch=forum", + 'U_FORUM' => generate_board_url() . '/viewforum.' . PHP_EXT . "?f=$forum_id", + 'U_TOPIC' => generate_board_url() . '/viewtopic.' . PHP_EXT . "?f=$forum_id&t=$topic_id", + 'U_NEWEST_POST' => generate_board_url() . '/viewtopic.' . PHP_EXT . "?f=$forum_id&t=$topic_id&p=$post_id&e=$post_id", + 'U_STOP_WATCHING_TOPIC' => generate_board_url() . '/viewtopic.' . PHP_EXT . "?f=$forum_id&t=$topic_id&unwatch=topic", + 'U_STOP_WATCHING_FORUM' => generate_board_url() . '/viewforum.' . PHP_EXT . "?f=$forum_id&unwatch=forum", )); $messenger->send($addr['method']); @@ -1333,8 +1329,7 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id */ function delete_post($forum_id, $topic_id, $post_id, &$data) { - global $db, $user, $auth; - global $config, $phpEx, $phpbb_root_path; + global $db, $user, $auth, $config; // Specify our post mode $post_mode = 'delete'; @@ -1353,7 +1348,7 @@ function delete_post($forum_id, $topic_id, $post_id, &$data) $sql_data = array(); $next_post_id = false; - include_once($phpbb_root_path . 'includes/functions_admin.' . $phpEx); + include_once(PHPBB_ROOT_PATH . 'includes/functions_admin.' . PHP_EXT); $db->sql_transaction('begin'); @@ -1555,7 +1550,7 @@ function delete_post($forum_id, $topic_id, $post_id, &$data) */ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $update_message = true) { - global $db, $auth, $user, $config, $phpEx, $template, $phpbb_root_path; + global $db, $auth, $user, $config, $template; // We do not handle erasing posts here if ($mode == 'delete') @@ -2053,7 +2048,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u else { // insert attachment into db - if (!@file_exists($phpbb_root_path . $config['upload_path'] . '/' . basename($orphan_rows[$attach_row['attach_id']]['physical_filename']))) + if (!@file_exists(PHPBB_ROOT_PATH . $config['upload_path'] . '/' . basename($orphan_rows[$attach_row['attach_id']]['physical_filename']))) { continue; } @@ -2346,14 +2341,14 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u // Select the search method and do some additional checks to ensure it can actually be utilised $search_type = basename($config['search_type']); - if (!file_exists($phpbb_root_path . 'includes/search/' . $search_type . '.' . $phpEx)) + if (!file_exists(PHPBB_ROOT_PATH . 'includes/search/' . $search_type . '.' . PHP_EXT)) { trigger_error('NO_SUCH_SEARCH_MODULE'); } if (!class_exists($search_type)) { - include("{$phpbb_root_path}includes/search/$search_type.$phpEx"); + include(PHPBB_ROOT_PATH . "includes/search/$search_type." . PHP_EXT); } $error = false; @@ -2447,7 +2442,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u $params .= '&t=' . $data['topic_id']; } - $url = (!$params) ? "{$phpbb_root_path}viewforum.$phpEx" : "{$phpbb_root_path}viewtopic.$phpEx"; + $url = (!$params) ? 'viewforum' : 'viewtopic'; $url = append_sid($url, 'f=' . $data['forum_id'] . $params) . $add_anchor; return $url; |