diff options
| author | Meik Sievertsen <acydburn@phpbb.com> | 2006-11-15 15:35:50 +0000 |
|---|---|---|
| committer | Meik Sievertsen <acydburn@phpbb.com> | 2006-11-15 15:35:50 +0000 |
| commit | 548cc2c10b56cc9e5c71c2f87356947939abe888 (patch) | |
| tree | 82a2ceac1eb474aad83281f5d5b4fe94b0ad4d92 /phpBB/includes | |
| parent | 979e36077fa6ae9bbee81bacaaef029aa13c6df0 (diff) | |
| download | forums-548cc2c10b56cc9e5c71c2f87356947939abe888.tar forums-548cc2c10b56cc9e5c71c2f87356947939abe888.tar.gz forums-548cc2c10b56cc9e5c71c2f87356947939abe888.tar.bz2 forums-548cc2c10b56cc9e5c71c2f87356947939abe888.tar.xz forums-548cc2c10b56cc9e5c71c2f87356947939abe888.zip | |
- fixes for the following bugs:
#5326
#5318
#5304
#5290
#5288
#5278
#5276
#5272
#5266
- also fixed the "Call-time pass-by-reference" bug #5252
- within this step changed the normalize calls to require references.
- added captcha size variables to the class scope (suggestion was posted at area51)
git-svn-id: file:///svn/phpbb/trunk@6584 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes')
22 files changed, 199 insertions, 189 deletions
diff --git a/phpBB/includes/acp/acp_bbcodes.php b/phpBB/includes/acp/acp_bbcodes.php index e4ea02ad4d..31bcdd2d16 100644 --- a/phpBB/includes/acp/acp_bbcodes.php +++ b/phpBB/includes/acp/acp_bbcodes.php @@ -76,7 +76,7 @@ class acp_bbcodes $bbcode_match = request_var('bbcode_match', ''); $bbcode_tpl = htmlspecialchars_decode(request_var('bbcode_tpl', '')); - $bbcode_helpline = request_var('bbcode_helpline', ''); + $bbcode_helpline = request_var('bbcode_helpline', '', true); break; } diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index 84cc8ddd1c..708a23230e 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -346,11 +346,7 @@ class acp_board } $this->new_config = $config; - $cfg_array = (isset($_REQUEST['config'])) ? request_var('config', array('' => ''), true) : $this->new_config; - if (isset($_REQUEST['config'])) - { - utf8_normalize_nfc(&$cfg_array); - } + $cfg_array = (isset($_REQUEST['config'])) ? utf8_normalize_nfc(request_var('config', array('' => ''), true)) : $this->new_config; $error = array(); // We validate the complete config if whished diff --git a/phpBB/includes/acp/acp_forums.php b/phpBB/includes/acp/acp_forums.php index 7f4dde7211..c505a3c4a2 100644 --- a/phpBB/includes/acp/acp_forums.php +++ b/phpBB/includes/acp/acp_forums.php @@ -615,8 +615,8 @@ class acp_forums $forum_data = $this->get_forum_info($forum_id); $subforums_id = array(); - $subforums = get_forum_branch($forum_id, 'children'); + foreach ($subforums as $row) { $subforums_id[] = $row['forum_id']; @@ -647,6 +647,7 @@ class acp_forums 'FORUM_NAME' => $forum_data['forum_name'], 'S_FORUM_POST' => ($forum_data['forum_type'] == FORUM_POST) ? true : false, + 'S_FORUM_LINK' => ($forum_data['forum_type'] == FORUM_LINK) ? true : false, 'S_HAS_SUBFORUMS' => ($forum_data['right_id'] - $forum_data['left_id'] > 1) ? true : false, 'S_FORUMS_LIST' => $forums_list, 'S_ERROR' => (sizeof($errors)) ? true : false, diff --git a/phpBB/includes/acp/acp_language.php b/phpBB/includes/acp/acp_language.php index 61310cff01..6c962d9405 100644 --- a/phpBB/includes/acp/acp_language.php +++ b/phpBB/includes/acp/acp_language.php @@ -107,11 +107,11 @@ class acp_language $hidden_data = build_hidden_fields(array( 'file' => $this->language_file, 'dir' => $this->language_directory, - 'method' => $method, - 'entry' => $_POST['entry']), - true + 'method' => $method) ); + $hidden_data .= build_hidden_fields(array('entry' => $_POST['entry']), true, STRIP); + $template->assign_vars(array( 'S_UPLOAD' => true, 'NAME' => $method, diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index 30c4e27b63..cb0da02317 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -983,15 +983,13 @@ class acp_users 'yim' => request_var('yim', $user_row['user_yim']), 'jabber' => request_var('jabber', $user_row['user_jabber']), 'website' => request_var('website', $user_row['user_website']), - 'location' => request_var('location', $user_row['user_from'], true), - 'occupation' => request_var('occupation', $user_row['user_occ'], true), - 'interests' => request_var('interests', $user_row['user_interests'], true), + 'location' => utf8_normalize_nfc(request_var('location', $user_row['user_from'], true)), + 'occupation' => utf8_normalize_nfc(request_var('occupation', $user_row['user_occ'], true)), + 'interests' => utf8_normalize_nfc(request_var('interests', $user_row['user_interests'], true)), 'bday_day' => 0, 'bday_month' => 0, 'bday_year' => 0, ); - - utf8_normalize_nfc(array(&$data['location'], &$data['occupation'], &$data['interests'])); if ($user_row['user_birthday']) { @@ -1551,10 +1549,8 @@ class acp_users $enable_bbcode = ($config['allow_sig_bbcode']) ? request_var('enable_bbcode', $this->optionget($user_row, 'bbcode')) : false; $enable_smilies = ($config['allow_sig_smilies']) ? request_var('enable_smilies', $this->optionget($user_row, 'smilies')) : false; $enable_urls = request_var('enable_urls', true); - $signature = request_var('signature', $user_row['user_sig'], true); - - utf8_normalize_nfc(&$signature); - + $signature = utf8_normalize_nfc(request_var('signature', $user_row['user_sig'], true)); + $preview = (isset($_POST['preview'])) ? true : false; if ($submit || $preview) diff --git a/phpBB/includes/acp/acp_words.php b/phpBB/includes/acp/acp_words.php index 8fe99b8c80..e087c4f8af 100644 --- a/phpBB/includes/acp/acp_words.php +++ b/phpBB/includes/acp/acp_words.php @@ -68,12 +68,10 @@ class acp_words break; case 'save': - $word_id = request_var('id', 0); - $word = request_var('word', '', true); - $replacement = request_var('replacement', '', true); + $word_id = request_var('id', 0); + $word = utf8_normalize_nfc(request_var('word', '', true)); + $replacement = utf8_normalize_nfc(request_var('replacement', '', true)); - utf8_normalize_nfc(array(&$word, &$replacement)); - if (!$word || !$replacement) { trigger_error($user->lang['ENTER_WORD'] . adm_back_link($this->u_action), E_USER_WARNING); diff --git a/phpBB/includes/captcha/captcha_gd.php b/phpBB/includes/captcha/captcha_gd.php index e249a46c04..10c61836a5 100644 --- a/phpBB/includes/captcha/captcha_gd.php +++ b/phpBB/includes/captcha/captcha_gd.php @@ -16,33 +16,18 @@ */ class captcha { + var $width = 360; + var $height = 96; + function execute($code) { global $config; $stats = gd_info(); - if (substr($stats['GD Version'], 0, 7) === 'bundled') - { - $bundled = true; - } - else - { - $bundled = false; - } + $bundled = (substr($stats['GD Version'], 0, 7) === 'bundled') ? true : false; preg_match('/[\\d.]+/', $stats['GD Version'], $version); - if (version_compare($version[0], '2.0.1', '>=')) - { - $gd_version = 2; - } - else - { - $gd_version = 1; - } - - // set dimension of image - $lx = 360; - $ly = 96; + $gd_version = (version_compare($version[0], '2.0.1', '>=')) ? 2 : 1; // create the image, stay compat with older versions of GD if ($gd_version === 2) @@ -56,7 +41,7 @@ class captcha $func2 = 'imagecolorclosest'; } - $image = $func1($lx, $ly); + $image = $func1($this->width, $this->height); if ($bundled) { @@ -65,7 +50,7 @@ class captcha // set background color $back = imagecolorallocate($image, mt_rand(224, 255), mt_rand(224, 255), mt_rand(224, 255)); - imagefilledrectangle($image, 0, 0, $lx, $ly, $back); + imagefilledrectangle($image, 0, 0, $this->width, $this->height, $back); // allocates the 216 websafe color palette to the image if ($gd_version === 1) @@ -82,7 +67,6 @@ class captcha } } - // fill with noise or grid if ($config['captcha_gd_noise']) { @@ -92,7 +76,7 @@ class captcha $size = mt_rand(8, 23); $angle = mt_rand(0, 360); $x = mt_rand(0, 360); - $y = mt_rand(0, (int)($ly - ($size / 5))); + $y = mt_rand(0, (int)($this->height - ($size / 5))); $color = $func2($image, mt_rand(160, 224), mt_rand(160, 224), mt_rand(160, 224)); $text = chr(mt_rand(45, 250)); imagettftext($image, $size, $angle, $x, $y, $color, $this->get_font(), $text); @@ -101,15 +85,16 @@ class captcha else { // generate grid - for ($i = 0; $i < $lx; $i += 13) + for ($i = 0; $i < $this->width; $i += 13) { $color = $func2($image, mt_rand(160, 224), mt_rand(160, 224), mt_rand(160, 224)); - imageline($image, $i, 0, $i, $ly, $color); + imageline($image, $i, 0, $i, $this->height, $color); } - for ($i = 0; $i < $ly; $i += 11) + + for ($i = 0; $i < $this->height; $i += 11) { $color = $func2($image, mt_rand(160, 224), mt_rand(160, 224), mt_rand(160, 224)); - imageline($image, 0, $i, $lx, $i, $color); + imageline($image, 0, $i, $this->width, $i, $color); } } @@ -120,7 +105,7 @@ class captcha $text = strtoupper($code[$i]); $angle = mt_rand(-30, 30); $size = mt_rand(20, 40); - $y = mt_rand((int)($size * 1.5), (int)($ly - ($size / 7))); + $y = mt_rand((int)($size * 1.5), (int)($this->height - ($size / 7))); $color = $func2($image, mt_rand(0, 127), mt_rand(0, 127), mt_rand(0, 127)); $shadow = $func2($image, mt_rand(127, 254), mt_rand(127, 254), mt_rand(127, 254)); diff --git a/phpBB/includes/captcha/captcha_non_gd.php b/phpBB/includes/captcha/captcha_non_gd.php index e4ab36f30b..41bd22868e 100644 --- a/phpBB/includes/captcha/captcha_non_gd.php +++ b/phpBB/includes/captcha/captcha_non_gd.php @@ -17,6 +17,8 @@ class captcha { var $filtered_pngs; + var $width = 320; + var $height = 50; /** * Define filtered pngs on init @@ -32,9 +34,7 @@ class captcha */ function execute($code) { - $total_width = 320; - $total_height = 50; - $img_height = 40; + $img_height = $this->height - 10; $img_width = 0; list($usec, $sec) = explode(' ', microtime()); @@ -45,7 +45,7 @@ class captcha for ($i = 0; $i < $code_len; $i++) { - $char = $code{$i}; + $char = $code[$i]; $width = mt_rand(0, 4); $raw_width = $this->filtered_pngs[$char]['width']; @@ -59,11 +59,11 @@ class captcha } } - $offset_x = mt_rand(0, $total_width - $img_width); - $offset_y = mt_rand(0, $total_height - $img_height); + $offset_x = mt_rand(0, $this->width - $img_width); + $offset_y = mt_rand(0, $this->height - $img_height); $image = ''; - for ($i = 0; $i < $total_height; $i++) + for ($i = 0; $i < $this->height; $i++) { $image .= chr(0); @@ -79,14 +79,14 @@ class captcha $image .= $this->randomise(substr($hold_chars[$code{$j}][$i - $offset_y - 1], 1), $char_widths[$j]); } - for ($j = $offset_x + $img_width; $j < $total_width; $j++) + for ($j = $offset_x + $img_width; $j < $this->width; $j++) { $image .= chr(mt_rand(140, 255)); } } else { - for ($j = 0; $j < $total_width; $j++) + for ($j = 0; $j < $this->width; $j++) { $image .= chr(mt_rand(140, 255)); } @@ -94,7 +94,7 @@ class captcha } unset($hold_chars); - $image = $this->create_png($image, $total_width, $total_height); + $image = $this->create_png($image, $this->width, $this->height); // Output image header('Content-Type: image/png'); diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 91a818d454..8119dc35f4 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -614,6 +614,10 @@ else if (!function_exists('htmlspecialchars_decode')) { + /** + * A wrapper for htmlspecialchars_decode + * @ignore + */ function htmlspecialchars_decode($string, $quote_style = ENT_COMPAT) { return strtr($string, array_flip(get_html_translation_table(HTML_SPECIALCHARS, $quote_style))); @@ -2493,14 +2497,14 @@ function extension_allowed($forum_id, $extension, &$extensions) /** * Little helper for the build_hidden_fields function */ -function _build_hidden_fields($key, $value, $specialchar) +function _build_hidden_fields($key, $value, $specialchar, $stripslashes) { $hidden_fields = ''; if (!is_array($value)) { - $key = ($specialchar) ? htmlspecialchars($key) : $key; - $value = ($specialchar) ? htmlspecialchars($value) : $value; + $value = ($stripslashes) ? stripslashes($value) : $value; + $value = ($specialchar) ? htmlspecialchars($value, ENT_COMPAT, 'UTF-8') : $value; $hidden_fields .= '<input type="hidden" name="' . $key . '" value="' . $value . '" />' . "\n"; } @@ -2508,7 +2512,10 @@ function _build_hidden_fields($key, $value, $specialchar) { foreach ($value as $_key => $_value) { - $hidden_fields .= _build_hidden_fields($key . '[' . $_key . ']', $_value, $specialchar); + $_key = ($stripslashes) ? stripslashes($_key) : $key; + $_key = ($specialchar) ? htmlspecialchars($_key, ENT_COMPAT, 'UTF-8') : $_key; + + $hidden_fields .= _build_hidden_fields($key . '[' . $_key . ']', $_value, $specialchar, $stripslashes); } } @@ -2517,14 +2524,23 @@ function _build_hidden_fields($key, $value, $specialchar) /** * Build simple hidden fields from array +* +* @param array $field_ary an array of values to build the hidden field from +* @param bool $specialchar if true, keys and values get specialchared +* @param bool $stripslashes if true, keys and values get stripslashed +* +* @return string the hidden fields */ -function build_hidden_fields($field_ary, $specialchar = false) +function build_hidden_fields($field_ary, $specialchar = false, $stripslashes = false) { $s_hidden_fields = ''; foreach ($field_ary as $name => $vars) { - $s_hidden_fields .= _build_hidden_fields($name, $vars, $specialchar); + $name = ($stripslashes) ? stripslashes($name) : $name; + $name = ($specialchar) ? htmlspecialchars($name, ENT_COMPAT, 'UTF-8') : $name; + + $s_hidden_fields .= _build_hidden_fields($name, $vars, $specialchar, $stripslashes); } return $s_hidden_fields; @@ -2773,6 +2789,12 @@ function phpbb_checkdnsrr($host, $type = '') @exec('nslookup -type=' . escapeshellarg($type) . ' ' . escapeshellarg($host), $output); + // If output is empty, the nslookup failed + if (empty($output)) + { + return NULL; + } + foreach ($output as $line) { if (!trim($line)) @@ -3344,7 +3366,8 @@ function page_footer($run_cron = true) } $template->assign_vars(array( - 'DEBUG_OUTPUT' => (defined('DEBUG')) ? $debug_output : '', + 'DEBUG_OUTPUT' => (defined('DEBUG')) ? $debug_output : '', + 'TRANSLATION_INFO' => (!empty($user->lang['TRANSLATION_INFO'])) ? $user->lang['TRANSLATION_INFO'] : '', 'U_ACP' => ($auth->acl_get('a_') && $user->data['is_registered']) ? append_sid("{$phpbb_root_path}adm/index.$phpEx", '', true, $user->session_id) : '') ); @@ -3385,7 +3408,7 @@ function page_footer($run_cron = true) if ($cron_type) { - $template->assign_var('RUN_CRON_TASK', '<img src="' . $phpbb_root_path . 'cron.' . $phpEx . '?cron_type=' . $cron_type . '" width="1" height="1" alt="cron" />'); + $template->assign_var('RUN_CRON_TASK', '<img src="' . append_sid($phpbb_root_path . 'cron.' . $phpEx, 'cron_type=' . $cron_type) . '" width="1" height="1" alt="cron" />'); } } diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php index c85802dafb..1655c56eec 100644 --- a/phpBB/includes/functions_admin.php +++ b/phpBB/includes/functions_admin.php @@ -482,6 +482,7 @@ function delete_topics($where_type, $where_ids, $auto_sync = true) { global $db, $config; + $approved_topics = 0; $forum_ids = $topic_ids = array(); if (is_array($where_ids)) @@ -502,7 +503,7 @@ function delete_topics($where_type, $where_ids, $auto_sync = true) 'posts' => delete_posts($where_type, $where_ids, false, true) ); - $sql = 'SELECT topic_id, forum_id + $sql = 'SELECT topic_id, forum_id, topic_approved FROM ' . TOPICS_TABLE . ' WHERE ' . $db->sql_in_set($where_type, $where_ids); $result = $db->sql_query($sql); @@ -511,6 +512,11 @@ function delete_topics($where_type, $where_ids, $auto_sync = true) { $forum_ids[] = $row['forum_id']; $topic_ids[] = $row['topic_id']; + + if ($row['topic_approved']) + { + $approved_topics++; + } } $db->sql_freeresult($result); @@ -545,7 +551,10 @@ function delete_topics($where_type, $where_ids, $auto_sync = true) sync('topic_reported', $where_type, $where_ids); } - set_config('num_topics', $config['num_topics'] - sizeof($return['topics']), true); + if ($approved_topics) + { + set_config('num_topics', $config['num_topics'] - $approved_topics, true); + } return $return; } @@ -571,9 +580,10 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync = return false; } + $approved_posts = 0; $post_ids = $topic_ids = $forum_ids = $post_counts = array(); - $sql = 'SELECT post_id, poster_id, post_postcount, topic_id, forum_id + $sql = 'SELECT post_id, poster_id, post_approved, post_postcount, topic_id, forum_id FROM ' . POSTS_TABLE . ' WHERE ' . $db->sql_in_set($where_type, array_map('intval', $where_ids)); $result = $db->sql_query($sql); @@ -589,6 +599,11 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync = { $post_counts[$row['poster_id']] = (!empty($post_counts[$row['poster_id']])) ? $post_counts[$row['poster_id']] + 1 : 1; } + + if ($row['post_approved']) + { + $approved_posts++; + } } $db->sql_freeresult($result); @@ -658,7 +673,10 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync = sync('forum', 'forum_id', $forum_ids, true); } - set_config('num_posts', $config['num_posts'] - sizeof($post_ids), true); + if ($approved_posts) + { + set_config('num_posts', $config['num_posts'] - $approved_posts, true); + } return sizeof($post_ids); } diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php index cb8f963528..a4b893468a 100644 --- a/phpBB/includes/functions_display.php +++ b/phpBB/includes/functions_display.php @@ -974,7 +974,7 @@ function display_custom_bbcodes() 'BBCODE_NAME' => "'[{$row['bbcode_tag']}]', '[/" . str_replace('=', '', $row['bbcode_tag']) . "]'", 'BBCODE_ID' => $num_predefined_bbcodes + ($i * 2), 'BBCODE_TAG' => $row['bbcode_tag'], - 'BBCODE_HELPLINE' => str_replace(array('&', '"', ''', '<', '>'), array('\&', '\"', '\\\'', '<', '>'), $row['bbcode_helpline'])) + 'BBCODE_HELPLINE' => str_replace(array('&', '"', "'", '<', '>'), array('\&', '\"', '\\\'', '<', '>'), $row['bbcode_helpline'])) ); $i++; diff --git a/phpBB/includes/functions_profile_fields.php b/phpBB/includes/functions_profile_fields.php index b35781e198..494288a600 100644 --- a/phpBB/includes/functions_profile_fields.php +++ b/phpBB/includes/functions_profile_fields.php @@ -579,7 +579,7 @@ class custom_profile if (gettype($value) == 'string') { - utf8_normalize_nfc(&$value); + $value = utf8_normalize_nfc($value); } } @@ -865,8 +865,7 @@ class custom_profile case FIELD_STRING: case FIELD_TEXT: - $var = request_var($var_name, $profile_row['field_default_value'], true); - utf8_normalize_nfc(&$var); + $var = utf8_normalize_nfc(request_var($var_name, $profile_row['field_default_value'], true)); break; case FIELD_INT: diff --git a/phpBB/includes/mcp/mcp_topic.php b/phpBB/includes/mcp/mcp_topic.php index 3b674139e9..8be1af41ff 100644 --- a/phpBB/includes/mcp/mcp_topic.php +++ b/phpBB/includes/mcp/mcp_topic.php @@ -32,14 +32,12 @@ function mcp_topic_view($id, $mode, $action) // Set up some vars $icon_id = request_var('icon', 0); - $subject = request_var('subject', '', true); + $subject = utf8_normalize_nfc(request_var('subject', '', true)); $start = request_var('start', 0); $to_topic_id = request_var('to_topic_id', 0); $to_forum_id = request_var('to_forum_id', 0); $post_id_list = request_var('post_id_list', array(0)); - utf8_normalize_nfc(&$subject); - // Split Topic? if ($action == 'split_all' || $action == 'split_beyond') { diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index 6538bd7721..6270da8986 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -88,8 +88,11 @@ class bbcode_firstpass extends bbcode { $in = str_replace("\r\n", "\n", $this->message); - $this->message = preg_replace(array('#\[quote(=".*?")?\]([^\n])#is', '#([^\n])\[\/quote\]#is'), array("[quote\\1]\n\\2", "\\1\n[/quote]"), $this->message); - $this->message = preg_replace(array('#\[quote(=".*?")?\]([^\n])#is', '#([^\n])\[\/quote\]#is'), array("[quote\\1]\n\\2", "\\1\n[/quote]"), $this->message); + // We strip newlines and spaces after and before quotes in quotes (trimming) + $this->message = preg_replace(array('#\[quote(=".*?")?\]([\s|\n]+)#is', '#([\s|\n]+)\[\/quote\]#is'), array("[quote\\1]", "[/quote]"), $this->message); + + // Now we add exactly one newline + $this->message = preg_replace(array('#\[quote(=".*?")?\]#is', '#\[\/quote\]#is'), array("[quote\\1]\n", "\n[/quote]"), $this->message); } // Add other checks which needs to be placed before actually parsing anything (be it bbcodes, smilies, urls...) @@ -600,7 +603,7 @@ class bbcode_firstpass extends bbcode $pos = strlen($in); for ($i = 0, $tok_len = strlen($tok); $i < $tok_len; ++$i) { - $tmp_pos = strpos($in, $tok{$i}); + $tmp_pos = strpos($in, $tok[$i]); if ($tmp_pos !== false && $tmp_pos < $pos) { $pos = $tmp_pos; @@ -608,7 +611,7 @@ class bbcode_firstpass extends bbcode } $buffer .= substr($in, 0, $pos); - $tok = $in{$pos}; + $tok = $in[$pos]; $in = substr($in, $pos + 1); if ($tok == ']') @@ -616,10 +619,15 @@ class bbcode_firstpass extends bbcode if ($buffer == '/quote' && sizeof($close_tags)) { // we have found a closing tag - // Add space at the end of the closing tag to allow following urls/smilies to be parsed correctly - $out .= array_pop($close_tags) . '] '; + $out .= array_pop($close_tags) . ']'; $tok = '['; $buffer = ''; + + // Add space at the end of the closing tag if not happened before to allow following urls/smilies to be parsed correctly + if (!$in || $in[0] !== ' ') + { + $out .= ' '; + } } else if (preg_match('#^quote(?:="(.*?)")?$#is', $buffer, $m)) { @@ -1138,8 +1146,7 @@ class parse_message extends bbcode_firstpass $error = array(); $num_attachments = sizeof($this->attachment_data); - $this->filename_data['filecomment'] = request_var('filecomment', '', true); - utf8_normalize_nfc(&$this->filename_data['filecomment']); + $this->filename_data['filecomment'] = utf8_normalize_nfc(request_var('filecomment', '', true)); $upload_file = (isset($_FILES[$form_name]) && $_FILES[$form_name]['name'] != 'none' && trim($_FILES[$form_name]['name'])) ? true : false; $add_file = (isset($_POST['add_file'])) ? true : false; @@ -1256,8 +1263,7 @@ class parse_message extends bbcode_firstpass { if ($edit_comment) { - $actual_comment_list = request_var('comment_list', array(''), true); - utf8_normalize_nfc(&$actual_comment_list); + $actual_comment_list = utf8_normalize_nfc(request_var('comment_list', array(''), true)); $edit_comment = request_var('edit_comment', array(0 => '')); $edit_comment = key($edit_comment); @@ -1322,8 +1328,7 @@ class parse_message extends bbcode_firstpass { global $user, $db, $phpbb_root_path, $phpEx, $config; - $this->filename_data['filecomment'] = request_var('filecomment', '', true); - utf8_normalize_nfc(&$this->filename_data['filecomment']); + $this->filename_data['filecomment'] = utf8_normalize_nfc(request_var('filecomment', '', true)); $attachment_data = (isset($_POST['attachment_data'])) ? $_POST['attachment_data'] : array(); $this->attachment_data = array(); diff --git a/phpBB/includes/search/fulltext_native.php b/phpBB/includes/search/fulltext_native.php index b47076228a..f0c2b18efb 100755 --- a/phpBB/includes/search/fulltext_native.php +++ b/phpBB/includes/search/fulltext_native.php @@ -1296,6 +1296,8 @@ class fulltext_native extends search_backend * @param string $allowed_chars String of special chars to allow * @param string $encoding Text encoding * @return string Cleaned up text, only alphanumeric chars are left + * + * @todo normalizer::cleanup being able to be used? */ function cleanup($text, $allowed_chars = null, $encoding = 'utf-8') { @@ -1303,9 +1305,7 @@ class fulltext_native extends search_backend static $conv = array(), $conv_loaded = array(); $words = $allow = array(); - /** - * Convert the text to UTF-8 - */ + // Convert the text to UTF-8 $encoding = strtolower($encoding); if ($encoding != 'utf-8') { @@ -1330,7 +1330,7 @@ class fulltext_native extends search_backend * If we use it more widely, an instance of that class should be held in a * a global variable instead */ - $text = utf_normalizer::nfc($text); + utf_normalizer::nfc($text); /** * The first thing we do is: diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index b69bcc5f44..21180bd9a5 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -450,7 +450,6 @@ class session $this->check_ban($this->data['user_id'], $this->ip); } - $this->data['is_registered'] = (!$bot && $this->data['user_id'] != ANONYMOUS && ($this->data['user_type'] == USER_NORMAL || $this->data['user_type'] == USER_FOUNDER)) ? true : false; $this->data['is_bot'] = ($bot) ? true : false; @@ -471,6 +470,8 @@ class session // Only update session DB a minute or so after last update or if page changes if ($this->time_now - $this->data['session_time'] > 60 || ($this->update_session_page && $this->data['session_page'] != $this->page['page'])) { + $this->data['session_time'] = $this->data['session_last_visit'] = $this->time_now; + $sql_ary = array('session_time' => $this->time_now, 'session_last_visit' => $this->time_now, 'session_admin' => 0); if ($this->update_session_page) @@ -481,6 +482,12 @@ class session $sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " WHERE session_id = '" . $db->sql_escape($this->session_id) . "'"; $db->sql_query($sql); + + // Update the last visit time + $sql = 'UPDATE ' . USERS_TABLE . ' + SET user_lastvisit = ' . (int) $this->data['session_time'] . ' + WHERE user_id = ' . (int) $this->data['user_id']; + $db->sql_query($sql); } $SID = '?sid='; diff --git a/phpBB/includes/ucp/ucp_main.php b/phpBB/includes/ucp/ucp_main.php index 67e1c4d155..1ef2eee30e 100644 --- a/phpBB/includes/ucp/ucp_main.php +++ b/phpBB/includes/ucp/ucp_main.php @@ -660,11 +660,9 @@ class ucp_main if ($submit && $edit) { - $draft_subject = request_var('subject', '', true); - $draft_message = request_var('message', '', true); + $draft_subject = utf8_normalize_nfc(request_var('subject', '', true)); + $draft_message = utf8_normalize_nfc(request_var('message', '', true)); - utf8_normalize_nfc(array(&$draft_subject, &$draft_message)); - if ($draft_message && $draft_subject) { $draft_row = array( diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index 98aa35117b..841cfdb886 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -396,12 +396,10 @@ function compose_pm($id, $mode, $action) // Save Draft if ($save && $auth->acl_get('u_savedrafts')) { - $subject = request_var('subject', '', true); + $subject = utf8_normalize_nfc(request_var('subject', '', true)); $subject = (!$subject && $action != 'post') ? $user->lang['NEW_MESSAGE'] : $subject; - $message = request_var('message', '', true); + $message = utf8_normalize_nfc(request_var('message', '', true)); - utf8_normalize_nfc(array(&$subject, &$message)); - if ($subject && $message) { if (confirm_box(true)) @@ -476,11 +474,9 @@ function compose_pm($id, $mode, $action) if ($submit || $preview || $refresh) { - $subject = request_var('subject', '', true); - $message_parser->message = request_var('message', '', true); + $subject = utf8_normalize_nfc(request_var('subject', '', true)); + $message_parser->message = utf8_normalize_nfc(request_var('message', '', true)); - utf8_normalize_nfc(array(&$subject, &$message_parser->message)); - $icon_id = request_var('icon', 0); $enable_bbcode = (!$bbcode_status || isset($_POST['disable_bbcode'])) ? false : true; diff --git a/phpBB/includes/ucp/ucp_pm_options.php b/phpBB/includes/ucp/ucp_pm_options.php index 9b86553569..9ce7f87740 100644 --- a/phpBB/includes/ucp/ucp_pm_options.php +++ b/phpBB/includes/ucp/ucp_pm_options.php @@ -247,12 +247,10 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit $rule_option = request_var('rule_option', 0); $cond_option = request_var('cond_option', ''); $action_option = explode('|', request_var('action_option', '')); - $rule_string = ($cond_option != 'none') ? request_var('rule_string', '', true) : ''; + $rule_string = ($cond_option != 'none') ? utf8_normalize_nfc(request_var('rule_string', '', true)) : ''; $rule_user_id = ($cond_option != 'none') ? request_var('rule_user_id', 0) : 0; $rule_group_id = ($cond_option != 'none') ? request_var('rule_group_id', 0) : 0; - utf8_normalize_nfc(&$rule_string); - $action = (int) $action_option[0]; $folder_id = (int) $action_option[1]; @@ -640,10 +638,8 @@ function define_cond_option($hardcoded, $cond_option, $rule_option, $global_rule switch ($condition) { case 'text': - $rule_string = request_var('rule_string', '', true); + $rule_string = utf8_normalize_nfc(request_var('rule_string', '', true)); - utf8_normalize_nfc(&$rule_string); - $template->assign_vars(array( 'S_TEXT_CONDITION' => true, 'CURRENT_STRING' => $rule_string, @@ -656,10 +652,8 @@ function define_cond_option($hardcoded, $cond_option, $rule_option, $global_rule case 'user': $rule_user_id = request_var('rule_user_id', 0); - $rule_string = request_var('rule_string', '', true); + $rule_string = utf8_normalize_nfc(request_var('rule_string', '', true)); - utf8_normalize_nfc(&$rule_string); - if ($rule_string && !$rule_user_id) { $sql = 'SELECT user_id @@ -701,10 +695,8 @@ function define_cond_option($hardcoded, $cond_option, $rule_option, $global_rule case 'group': $rule_group_id = request_var('rule_group_id', 0); - $rule_string = request_var('rule_string', '', true); + $rule_string = utf8_normalize_nfc(request_var('rule_string', '', true)); - utf8_normalize_nfc(&$rule_string); - $sql_and = ($auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel')) ? '<> ' . GROUP_SPECIAL : 'NOT IN (' . GROUP_SPECIAL . ', ' . GROUP_HIDDEN . ')'; $sql = 'SELECT group_id, group_name, group_type FROM ' . GROUPS_TABLE . " diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php index 840f63ff48..a6c1b638fa 100644 --- a/phpBB/includes/ucp/ucp_profile.php +++ b/phpBB/includes/ucp/ucp_profile.php @@ -250,16 +250,14 @@ class ucp_profile 'yim' => request_var('yim', $user->data['user_yim']), 'jabber' => request_var('jabber', $user->data['user_jabber']), 'website' => request_var('website', $user->data['user_website']), - 'location' => request_var('location', $user->data['user_from'], true), - 'occupation' => request_var('occupation', $user->data['user_occ'], true), - 'interests' => request_var('interests', $user->data['user_interests'], true), + 'location' => utf8_normalize_nfc(request_var('location', $user->data['user_from'], true)), + 'occupation' => utf8_normalize_nfc(request_var('occupation', $user->data['user_occ'], true)), + 'interests' => utf8_normalize_nfc(request_var('interests', $user->data['user_interests'], true)), 'bday_day' => 0, 'bday_month' => 0, 'bday_year' => 0, ); - utf8_normalize_nfc(array(&$data['location'], &$data['occupation'], &$data['interests'])); - if ($user->data['user_birthday']) { list($data['bday_day'], $data['bday_month'], $data['bday_year']) = explode('-', $user->data['user_birthday']); @@ -412,9 +410,7 @@ class ucp_profile $enable_bbcode = ($config['allow_sig_bbcode']) ? request_var('enable_bbcode', $user->optionget('bbcode')) : false; $enable_smilies = ($config['allow_sig_smilies']) ? request_var('enable_smilies', $user->optionget('smilies')) : false; $enable_urls = request_var('enable_urls', true); - $signature = request_var('signature', (string) $user->data['user_sig'], true); - - utf8_normalize_nfc(&$signature); + $signature = utf8_normalize_nfc(request_var('signature', (string) $user->data['user_sig'], true)); if ($submit || $preview) { diff --git a/phpBB/includes/utf/utf_normalizer.php b/phpBB/includes/utf/utf_normalizer.php index 0d1d74539a..62923ccbe4 100644 --- a/phpBB/includes/utf/utf_normalizer.php +++ b/phpBB/includes/utf/utf_normalizer.php @@ -67,10 +67,10 @@ class utf_normalizer * The ultimate convenience function! Clean up invalid UTF-8 sequences, * and convert to Normal Form C, canonical composition. * - * @param string $str The dirty string + * @param string &$str The dirty string * @return string The same string, all shiny and cleaned-up */ - function cleanup($str) + function cleanup(&$str) { // The string below is the list of all autorized characters, sorted by frequency in latin text $pos = strspn($str, "\x20\x65\x69\x61\x73\x6E\x74\x72\x6F\x6C\x75\x64\x5D\x5B\x63\x6D\x70\x27\x0A\x67\x7C\x68\x76\x2E\x66\x62\x2C\x3A\x3D\x2D\x71\x31\x30\x43\x32\x2A\x79\x78\x29\x28\x4C\x39\x41\x53\x2F\x50\x22\x45\x6A\x4D\x49\x6B\x33\x3E\x35\x54\x3C\x44\x34\x7D\x42\x7B\x38\x46\x77\x52\x36\x37\x55\x47\x4E\x3B\x4A\x7A\x56\x23\x48\x4F\x57\x5F\x26\x21\x4B\x3F\x58\x51\x25\x59\x5C\x09\x5A\x2B\x7E\x5E\x24\x40\x60\x7F\x0D"); @@ -79,7 +79,7 @@ class utf_normalizer if ($pos == $len) { // ASCII strings with no special chars return immediately - return $str; + return; } // Note: we do not check for $GLOBALS['utf_canonical_decomp']. It is assumed they are always loaded together @@ -91,23 +91,22 @@ class utf_normalizer // Replace any byte in the range 0x00..0x1F, except for \r, \n and \t // We replace those characters with a 0xFF byte, which is illegal in UTF-8 and will in turn be replaced with a UTF replacement char - return utf_normalizer::recompose( - strtr( - $str, - "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x0B\x0C\x0E\x0F\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F", - "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF" - ), - $pos, $len, $GLOBALS['utf_nfc_qc'], $GLOBALS['utf_canonical_decomp'] + $str = strtr( + $str, + "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x0B\x0C\x0E\x0F\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F", + "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF" ); + + $str = utf_normalizer::recompose($str, $pos, $len, $GLOBALS['utf_nfc_qc'], $GLOBALS['utf_canonical_decomp']); } /** * Validate and normalize a UTF string to NFC * - * @param string $str Unchecked UTF string + * @param string &$str Unchecked UTF string * @return string The string, validated and in normal form */ - function nfc($str) + function nfc(&$str) { $pos = strspn($str, UTF8_ASCII_RANGE); $len = strlen($str); @@ -115,7 +114,7 @@ class utf_normalizer if ($pos == $len) { // ASCII strings return immediately - return $str; + return; } if (!isset($GLOBALS['utf_nfc_qc'])) @@ -124,16 +123,16 @@ class utf_normalizer include($phpbb_root_path . 'includes/utf/data/utf_nfc_qc.' . $phpEx); } - return utf_normalizer::recompose($str, $pos, $len, $GLOBALS['utf_nfc_qc'], $GLOBALS['utf_canonical_decomp']); + $str = utf_normalizer::recompose($str, $pos, $len, $GLOBALS['utf_nfc_qc'], $GLOBALS['utf_canonical_decomp']); } /** * Validate and normalize a UTF string to NFKC * - * @param string $str Unchecked UTF string + * @param string &$str Unchecked UTF string * @return string The string, validated and in normal form */ - function nfkc($str) + function nfkc(&$str) { $pos = strspn($str, UTF8_ASCII_RANGE); $len = strlen($str); @@ -141,7 +140,7 @@ class utf_normalizer if ($pos == $len) { // ASCII strings return immediately - return $str; + return; } if (!isset($GLOBALS['utf_nfkc_qc'])) @@ -156,16 +155,16 @@ class utf_normalizer include($phpbb_root_path . 'includes/utf/data/utf_canonical_comp.' . $phpEx); } - return utf_normalizer::recompose($str, $pos, $len, $GLOBALS['utf_nfkc_qc'], $GLOBALS['utf_compatibility_decomp']); + $str = utf_normalizer::recompose($str, $pos, $len, $GLOBALS['utf_nfkc_qc'], $GLOBALS['utf_compatibility_decomp']); } /** * Validate and normalize a UTF string to NFD * - * @param string $str Unchecked UTF string + * @param string &$str Unchecked UTF string * @return string The string, validated and in normal form */ - function nfd($str) + function nfd(&$str) { $pos = strspn($str, UTF8_ASCII_RANGE); $len = strlen($str); @@ -173,7 +172,7 @@ class utf_normalizer if ($pos == $len) { // ASCII strings return immediately - return $str; + return; } if (!isset($GLOBALS['utf_canonical_decomp'])) @@ -182,16 +181,16 @@ class utf_normalizer include($phpbb_root_path . 'includes/utf/data/utf_canonical_decomp.' . $phpEx); } - return utf_normalizer::decompose($str, $pos, $len, $GLOBALS['utf_canonical_decomp']); + $str = utf_normalizer::decompose($str, $pos, $len, $GLOBALS['utf_canonical_decomp']); } /** * Validate and normalize a UTF string to NFKD * - * @param string $str Unchecked UTF string + * @param string &$str Unchecked UTF string * @return string The string, validated and in normal form */ - function nfkd($str) + function nfkd(&$str) { $pos = strspn($str, UTF8_ASCII_RANGE); $len = strlen($str); @@ -199,7 +198,7 @@ class utf_normalizer if ($pos == $len) { // ASCII strings return immediately - return $str; + return; } if (!isset($GLOBALS['utf_compatibility_decomp'])) @@ -208,7 +207,7 @@ class utf_normalizer include($phpbb_root_path . 'includes/utf/data/utf_compatibility_decomp.' . $phpEx); } - return utf_normalizer::decompose($str, $pos, $len, $GLOBALS['utf_compatibility_decomp']); + $str = utf_normalizer::decompose($str, $pos, $len, $GLOBALS['utf_compatibility_decomp']); } @@ -239,14 +238,7 @@ class utf_normalizer $tmp = ''; $i = $tmp_pos = $last_cc = 0; - if ($pos) - { - $buffer = array(++$i => $str[$pos - 1]); - } - else - { - $buffer = array(); - } + $buffer = ($pos) ? array(++$i => $str[$pos - 1]) : array(); // UTF char length array // This array is used to determine the length of a UTF character. @@ -325,6 +317,9 @@ class utf_normalizer { // Current char isn't well-formed or legal: either one or several trailing bytes are missing, or the Unicode char // has been encoded in a five- or six- byte sequence + /** + * @todo $trailing_bytes always == 5? + */ if ($utf_char[0] >= "\xF8") { if ($utf_char[0] < "\xF8") @@ -421,6 +416,9 @@ class utf_normalizer default: // Five- and six- byte sequences do not need being checked for here anymore + /** + * @todo $trailing_bytes always == 5? + */ if ($utf_char > UTF8_MAX) { // Out of the Unicode range @@ -1011,7 +1009,7 @@ class utf_normalizer ksort($utf_sort); } - foreach($utf_sort as $utf_chars) + foreach ($utf_sort as $utf_chars) { $tmp .= implode('', $utf_chars); } @@ -1365,17 +1363,17 @@ class utf_normalizer // LIndex can only range from 0 to 18, therefore it cannot influence the first two bytes of the L Jamo, which allows us to hardcode them (based on LBase). // // The same goes for VIndex, but for TIndex there's a catch: the value of the third byte could exceed 0xBF and we would have to increment the second byte - if ($tIndex = $idx % UNICODE_HANGUL_TCOUNT) + if ($t_index = $idx % UNICODE_HANGUL_TCOUNT) { - if ($tIndex < 25) + if ($t_index < 25) { $utf_char = "\xE1\x84\x00\xE1\x85\x00\xE1\x86\x00"; - $utf_char[8] = chr(0xA7 + $tIndex); + $utf_char[8] = chr(0xA7 + $t_index); } else { $utf_char = "\xE1\x84\x00\xE1\x85\x00\xE1\x87\x00"; - $utf_char[8] = chr(0x67 + $tIndex); + $utf_char[8] = chr(0x67 + $t_index); } } else @@ -1478,7 +1476,6 @@ class utf_normalizer } return $tmp; - } else if ($tmp_pos) { diff --git a/phpBB/includes/utf/utf_tools.php b/phpBB/includes/utf/utf_tools.php index b91fd51c20..b181023f57 100644 --- a/phpBB/includes/utf/utf_tools.php +++ b/phpBB/includes/utf/utf_tools.php @@ -933,30 +933,35 @@ function utf8_case_fold($text, $option = 'full') * A wrapper function for the normalizer which takes care of including the class if required and modifies the passed strings * to be in NFC (Normalization Form Composition). * -* @param mixed $strings Either an array of references to strings, a reference to an array of strings or a reference to a single string +* @param mixed $strings a string or an array of strings to normalize +* @return mixed the normalized content, preserving array keys if array given. */ function utf8_normalize_nfc($strings) { - if (!is_array($strings) || (sizeof($strings) > 0)) - { - if (!class_exists('utf_normalizer')) - { - global $phpbb_root_path, $phpEx; - include($phpbb_root_path . 'includes/utf/utf_normalizer.' . $phpEx); - } + if (empty($strings)) + { + return $strings; + } - if (is_array($strings)) - { - foreach ($strings as $key => $string) - { - $strings[$key] = utf_normalizer::nfc($strings[$key]); - } - } - else + if (!class_exists('utf_normalizer')) + { + global $phpbb_root_path, $phpEx; + include($phpbb_root_path . 'includes/utf/utf_normalizer.' . $phpEx); + } + + if (!is_array($strings)) + { + utf_normalizer::nfc($strings); + } + else if (is_array($strings)) + { + foreach ($strings as $key => $string) { - $strings = utf_normalizer::nfc($strings); + utf_normalizer::nfc($strings[$key]); } } + + return $strings; } /** @@ -982,7 +987,7 @@ function utf8_clean_string($text) include($phpbb_root_path . 'includes/utf/utf_normalizer.' . $phpEx); } - $text = utf_normalizer::nfc($text); + utf_normalizer::nfc($text); static $homographs = array( // cyrllic |