diff options
| author | Meik Sievertsen <acydburn@phpbb.com> | 2006-07-01 19:11:52 +0000 |
|---|---|---|
| committer | Meik Sievertsen <acydburn@phpbb.com> | 2006-07-01 19:11:52 +0000 |
| commit | 6df6eb0e601d459544b0cbcee063cf19c01bb37d (patch) | |
| tree | c99b89abfafe03c69d5e0852abda5f4c0b98f155 /phpBB/includes | |
| parent | 7ad5db1856f18edb5fb8e2cd784b1eb22d3dcbc1 (diff) | |
| download | forums-6df6eb0e601d459544b0cbcee063cf19c01bb37d.tar forums-6df6eb0e601d459544b0cbcee063cf19c01bb37d.tar.gz forums-6df6eb0e601d459544b0cbcee063cf19c01bb37d.tar.bz2 forums-6df6eb0e601d459544b0cbcee063cf19c01bb37d.tar.xz forums-6df6eb0e601d459544b0cbcee063cf19c01bb37d.zip | |
- add additional auth check to the permission roles modules
- added new function to return globally used expressions (get_preg_expression($mode)). This should be very helpful in getting wide spread similar checks (regular expressions) to one place reducing the risk of forgetting to change every location if you fix one. ;) We will add additional ones later, at the moment only the email check is retrieved...
- added "active module" var to the module class returning the current active module
- changed call to image magick
- add administrator to global moderators group by default
- extend auth_option column a little bit
- other bugfixes
git-svn-id: file:///svn/phpbb/trunk@6135 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes')
| -rw-r--r-- | phpBB/includes/acp/acp_attachments.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_main.php | 3 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_ranks.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_search.php | 3 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_users.php | 3 | ||||
| -rw-r--r-- | phpBB/includes/acp/info/acp_permission_roles.php | 8 | ||||
| -rw-r--r-- | phpBB/includes/functions.php | 38 | ||||
| -rw-r--r-- | phpBB/includes/functions_admin.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/functions_module.php | 82 | ||||
| -rw-r--r-- | phpBB/includes/functions_posting.php | 5 | ||||
| -rw-r--r-- | phpBB/includes/functions_template.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/functions_user.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/message_parser.php | 2 |
13 files changed, 93 insertions, 61 deletions
diff --git a/phpBB/includes/acp/acp_attachments.php b/phpBB/includes/acp/acp_attachments.php index 85480756ca..641ceac03e 100644 --- a/phpBB/includes/acp/acp_attachments.php +++ b/phpBB/includes/acp/acp_attachments.php @@ -701,7 +701,7 @@ class acp_attachments $sql = 'SELECT forum_id, forum_name, parent_id, forum_type, left_id, right_id FROM ' . FORUMS_TABLE . ' ORDER BY left_id ASC'; - $result = $db->sql_query($sql); + $result = $db->sql_query($sql, 600); $right = $cat_right = $padding_inc = 0; $padding = $forum_list = $holding = ''; diff --git a/phpBB/includes/acp/acp_main.php b/phpBB/includes/acp/acp_main.php index 0e1e4fe793..07aabc672a 100644 --- a/phpBB/includes/acp/acp_main.php +++ b/phpBB/includes/acp/acp_main.php @@ -439,7 +439,7 @@ class acp_main if ($auth->acl_get('a_user')) { - $sql = 'SELECT user_id, username, user_regdate + $sql = 'SELECT user_id, username, user_regdate, user_lastvisit FROM ' . USERS_TABLE . ' WHERE user_type = ' . USER_INACTIVE . ' ORDER BY user_regdate ASC'; @@ -449,6 +449,7 @@ class acp_main { $template->assign_block_vars('inactive', array( 'DATE' => $user->format_date($row['user_regdate']), + 'LAST_VISIT' => (!$row['user_lastvisit']) ? ' - ' : $user->format_date($row['user_lastvisit']), 'USER_ID' => $row['user_id'], 'USERNAME' => $row['username'], 'U_USER_ADMIN' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=users&mode=overview&u={$row['user_id']}")) diff --git a/phpBB/includes/acp/acp_ranks.php b/phpBB/includes/acp/acp_ranks.php index f5ec4bae30..793090076a 100644 --- a/phpBB/includes/acp/acp_ranks.php +++ b/phpBB/includes/acp/acp_ranks.php @@ -130,7 +130,7 @@ class acp_ranks { foreach ($img_ary as $img) { - $img = substr($path, 1) . (($path != '') ? '/' : '') . $img; + $img = $path . $img; if (!in_array($img, $existing_imgs) || $action == 'edit') { diff --git a/phpBB/includes/acp/acp_search.php b/phpBB/includes/acp/acp_search.php index cf2e8e0790..cafb3c795d 100644 --- a/phpBB/includes/acp/acp_search.php +++ b/phpBB/includes/acp/acp_search.php @@ -485,9 +485,6 @@ class acp_search { global $db; - /** - * @todo what is faster, doing a MAX() or an ORDER BY post_id and LIMIT 1? - */ $sql = 'SELECT MAX(post_id) as max_post_id FROM '. POSTS_TABLE; $result = $db->sql_query($sql); diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index dc3a32663e..1eef71b7a8 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -736,6 +736,9 @@ class acp_users user_update_name($user_row['username'], $update_username); } + // Let the users permissions being updated + $auth->acl_clear_prefetch($user_id); + add_log('admin', 'LOG_USER_USER_UPDATE', $data['username']); trigger_error($user->lang['USER_OVERVIEW_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); diff --git a/phpBB/includes/acp/info/acp_permission_roles.php b/phpBB/includes/acp/info/acp_permission_roles.php index 395e15193b..114d23f018 100644 --- a/phpBB/includes/acp/info/acp_permission_roles.php +++ b/phpBB/includes/acp/info/acp_permission_roles.php @@ -20,10 +20,10 @@ class acp_permission_roles_info 'title' => 'ACP_PERMISSION_ROLES', 'version' => '1.0.0', 'modes' => array( - 'admin_roles' => array('title' => 'ACP_ADMIN_ROLES', 'auth' => 'acl_a_roles', 'cat' => array('ACP_PERMISSION_ROLES')), - 'user_roles' => array('title' => 'ACP_USER_ROLES', 'auth' => 'acl_a_roles', 'cat' => array('ACP_PERMISSION_ROLES')), - 'mod_roles' => array('title' => 'ACP_MOD_ROLES', 'auth' => 'acl_a_roles', 'cat' => array('ACP_PERMISSION_ROLES')), - 'forum_roles' => array('title' => 'ACP_FORUM_ROLES', 'auth' => 'acl_a_roles', 'cat' => array('ACP_PERMISSION_ROLES')), + 'admin_roles' => array('title' => 'ACP_ADMIN_ROLES', 'auth' => 'acl_a_roles && acl_a_aauth', 'cat' => array('ACP_PERMISSION_ROLES')), + 'user_roles' => array('title' => 'ACP_USER_ROLES', 'auth' => 'acl_a_roles && acl_a_uauth', 'cat' => array('ACP_PERMISSION_ROLES')), + 'mod_roles' => array('title' => 'ACP_MOD_ROLES', 'auth' => 'acl_a_roles && acl_a_mauth', 'cat' => array('ACP_PERMISSION_ROLES')), + 'forum_roles' => array('title' => 'ACP_FORUM_ROLES', 'auth' => 'acl_a_roles && acl_a_fauth', 'cat' => array('ACP_PERMISSION_ROLES')), ), ); } diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 0ed9e924ea..4f62fa3100 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1515,7 +1515,11 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa if ($admin && !$auth->acl_get('a_')) { // Not authd - add_log('admin', 'LOG_ADMIN_AUTH_FAIL'); + // anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions + if ($user->data['is_registered']) + { + add_log('admin', 'LOG_ADMIN_AUTH_FAIL'); + } trigger_error('NO_AUTH_ADMIN'); } @@ -1548,7 +1552,12 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa } else { - add_log('admin', 'LOG_ADMIN_AUTH_FAIL'); + // Only log the failed attempt if a real user tried to. + // anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions + if ($user->data['is_registered']) + { + add_log('admin', 'LOG_ADMIN_AUTH_FAIL'); + } } } @@ -1566,12 +1575,6 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa trigger_error($message . '<br /><br />' . sprintf($l_redirect, '<a href="' . $redirect . '">', '</a>')); } - // The user wanted to re-authenticate, but something failed - log this - if ($admin) - { - add_log('admin', 'LOG_ADMIN_AUTH_FAIL'); - } - // Something failed, determine what... if ($result['status'] == LOGIN_BREAK) { @@ -1950,7 +1953,7 @@ function make_clickable($text, $server_url = false) $magic_url_replace[] = "'\$1<!-- w --><a href=\"http://\$2\" target=\"_blank\">' . ((strlen('\$2') > 55) ? substr(str_replace('&', '&', '\$2'), 0, 39) . ' ... ' . substr(str_replace('&', '&', '\$2'), -10) : '\$2') . '</a><!-- w -->'"; // matches an email@domain type address at the start of a line, or after a space or after what might be a BBCode. - $magic_url_match[] = '#(^|[\n ]|\()([a-z0-9&\-_.]+?@[\w\-]+\.(?:[\w\-\.]+\.)?[\w]+)#ie'; + $magic_url_match[] = '/(^|[\n ]|\()(' . get_preg_expression('email') . ')/ie'; $magic_url_replace[] = "'\$1<!-- e --><a href=\"mailto:\$2\">' . ((strlen('\$2') > 55) ? substr('\$2', 0, 39) . ' ... ' . substr('\$2', -10) : '\$2') . '</a><!-- e -->'"; } @@ -2254,6 +2257,23 @@ function get_backtrace() return $output; } +/** +* This function returns a regular expression pattern for commonly used expressions +* Use with / as delimiter +* mode can be: email| +*/ +function get_preg_expression($mode) +{ + switch ($mode) + { + case 'email': + return '[a-z0-9&\'\.\-_\+]+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*?[a-z]+'; + break; + } + + return ''; +} + // Handler, header and footer /** diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php index 6b480873c3..76d9f66a07 100644 --- a/phpBB/includes/functions_admin.php +++ b/phpBB/includes/functions_admin.php @@ -245,7 +245,7 @@ function get_forum_list($acl_list = 'f_list', $id_only = true, $postable_only = // This query is identical to the jumpbox one $expire_time = ($no_cache) ? 0 : 120; - $sql = 'SELECT forum_id, parent_id, forum_name, forum_type, left_id, right_id + $sql = 'SELECT forum_id, forum_name, parent_id, forum_type, left_id, right_id FROM ' . FORUMS_TABLE . ' ORDER BY left_id ASC'; $result = $db->sql_query($sql, $expire_time); diff --git a/phpBB/includes/functions_module.php b/phpBB/includes/functions_module.php index 0452be7067..3eaf4e86c0 100644 --- a/phpBB/includes/functions_module.php +++ b/phpBB/includes/functions_module.php @@ -20,8 +20,8 @@ class p_master var $p_mode; var $p_parent; + var $active_module = false; var $acl_forum_id = false; - var $module_ary = array(); /** @@ -239,6 +239,7 @@ class p_master function set_active($id = false, $mode = false) { $icat = false; + $this->active_module = false; if (request_var('icat', '')) { @@ -247,20 +248,20 @@ class p_master } $category = false; - foreach ($this->module_ary as $row_id => $itep_ary) + foreach ($this->module_ary as $row_id => $item_ary) { // If this is a module and it's selected, active // If this is a category and the module is the first within it, active // If this is a module and no mode selected, select first mode // If no category or module selected, go active for first module in first category if ( - (($itep_ary['name'] === $id || $itep_ary['id'] === (int) $id) && (($itep_ary['mode'] == $mode && !$itep_ary['cat']) || ($icat && $itep_ary['cat']))) || - ($itep_ary['parent'] === $category && !$itep_ary['cat'] && !$icat) || - (($itep_ary['name'] === $id || $itep_ary['id'] === (int) $id) && !$mode && !$itep_ary['cat']) || - (!$id && !$mode && !$itep_ary['cat']) + (($item_ary['name'] === $id || $item_ary['id'] === (int) $id) && (($item_ary['mode'] == $mode && !$item_ary['cat']) || ($icat && $item_ary['cat']))) || + ($item_ary['parent'] === $category && !$item_ary['cat'] && !$icat) || + (($item_ary['name'] === $id || $item_ary['id'] === (int) $id) && !$mode && !$item_ary['cat']) || + (!$id && !$mode && !$item_ary['cat']) ) { - if ($itep_ary['cat']) + if ($item_ary['cat']) { $id = $icat; $icat = false; @@ -268,20 +269,21 @@ class p_master continue; } - $this->p_id = $itep_ary['id']; - $this->p_parent = $itep_ary['parent']; - $this->p_name = $itep_ary['name']; - $this->p_mode = $itep_ary['mode']; - $this->p_left = $itep_ary['left']; - $this->p_right = $itep_ary['right']; + $this->p_id = $item_ary['id']; + $this->p_parent = $item_ary['parent']; + $this->p_name = $item_ary['name']; + $this->p_mode = $item_ary['mode']; + $this->p_left = $item_ary['left']; + $this->p_right = $item_ary['right']; $this->module_cache['parents'] = $this->module_cache['parents'][$this->p_id]; + $this->active_module = $item_ary['id']; break; } - else if (($itep_ary['cat'] && $itep_ary['id'] === (int) $id) || ($itep_ary['parent'] === $category && $itep_ary['cat'])) + else if (($item_ary['cat'] && $item_ary['id'] === (int) $id) || ($item_ary['parent'] === $category && $item_ary['cat'])) { - $category = $itep_ary['id']; + $category = $item_ary['id']; } } } @@ -298,6 +300,11 @@ class p_master $module_path = $phpbb_root_path . 'includes/' . $this->p_class; $icat = request_var('icat', ''); + if ($this->active_module === false) + { + trigger_error('Module not accessible', E_USER_ERROR); + } + if (!class_exists("{$this->p_class}_$this->p_name")) { if (!file_exists("$module_path/{$this->p_class}_$this->p_name.$phpEx")) @@ -464,10 +471,10 @@ class p_master // 1) In a linear fashion // 2) In a combined tabbed + linear fashion ... tabs for the categories // and a linear list for subcategories/items - foreach ($this->module_ary as $row_id => $itep_ary) + foreach ($this->module_ary as $row_id => $item_ary) { // Skip hidden modules - if (!$itep_ary['display']) + if (!$item_ary['display']) { continue; } @@ -475,7 +482,7 @@ class p_master // Skip branch if ($right_id !== false) { - if ($itep_ary['left'] < $right_id) + if ($item_ary['left'] < $right_id) { continue; } @@ -484,14 +491,14 @@ class p_master } // Category with no members on their way down (we have to check every level) - if (!$itep_ary['name']) + if (!$item_ary['name']) { $empty_category = true; // We go through the branch and look for an activated module foreach (array_slice($this->module_ary, $row_id + 1) as $temp_row) { - if ($temp_row['left'] > $itep_ary['left'] && $temp_row['left'] < $itep_ary['right']) + if ($temp_row['left'] > $item_ary['left'] && $temp_row['left'] < $item_ary['right']) { // Module there and displayed? if ($temp_row['name'] && $temp_row['display']) @@ -507,18 +514,18 @@ class p_master // Skip the branch if ($empty_category) { - $right_id = $itep_ary['right']; + $right_id = $item_ary['right']; continue; } } // Select first id we can get - if (!$current_id && (in_array($itep_ary['id'], array_keys($this->module_cache['parents'])) || $itep_ary['id'] == $this->p_id)) + if (!$current_id && (in_array($item_ary['id'], array_keys($this->module_cache['parents'])) || $item_ary['id'] == $this->p_id)) { - $current_id = $itep_ary['id']; + $current_id = $item_ary['id']; } - $depth = $itep_ary['depth']; + $depth = $item_ary['depth']; if ($depth > $current_depth) { @@ -534,30 +541,30 @@ class p_master } } - $u_title = $module_url . $delim . 'i=' . (($itep_ary['cat']) ? $itep_ary['id'] : $itep_ary['name'] . (($itep_ary['is_duplicate']) ? '&icat=' . $current_id : '') . '&mode=' . $itep_ary['mode']); - $u_title .= (!$itep_ary['cat'] && isset($itep_ary['url_extra'])) ? $itep_ary['url_extra'] : ''; + $u_title = $module_url . $delim . 'i=' . (($item_ary['cat']) ? $item_ary['id'] : $item_ary['name'] . (($item_ary['is_duplicate']) ? '&icat=' . $current_id : '') . '&mode=' . $item_ary['mode']); + $u_title .= (!$item_ary['cat'] && isset($item_ary['url_extra'])) ? $item_ary['url_extra'] : ''; // Only output a categories items if it's currently selected - if (!$depth || ($depth && (in_array($itep_ary['parent'], array_values($this->module_cache['parents'])) || $itep_ary['parent'] == $this->p_parent))) + if (!$depth || ($depth && (in_array($item_ary['parent'], array_values($this->module_cache['parents'])) || $item_ary['parent'] == $this->p_parent))) { $use_tabular_offset = (!$depth) ? 't_block1' : $tabular_offset; $tpl_ary = array( - 'L_TITLE' => $itep_ary['lang'], - 'S_SELECTED' => (in_array($itep_ary['id'], array_keys($this->module_cache['parents'])) || $itep_ary['id'] == $this->p_id) ? true : false, + 'L_TITLE' => $item_ary['lang'], + 'S_SELECTED' => (in_array($item_ary['id'], array_keys($this->module_cache['parents'])) || $item_ary['id'] == $this->p_id) ? true : false, 'U_TITLE' => $u_title ); - $template->assign_block_vars($use_tabular_offset, array_merge($tpl_ary, array_change_key_case($itep_ary, CASE_UPPER))); + $template->assign_block_vars($use_tabular_offset, array_merge($tpl_ary, array_change_key_case($item_ary, CASE_UPPER))); } $tpl_ary = array( - 'L_TITLE' => $itep_ary['lang'], - 'S_SELECTED' => (in_array($itep_ary['id'], array_keys($this->module_cache['parents'])) || $itep_ary['id'] == $this->p_id) ? true : false, + 'L_TITLE' => $item_ary['lang'], + 'S_SELECTED' => (in_array($item_ary['id'], array_keys($this->module_cache['parents'])) || $item_ary['id'] == $this->p_id) ? true : false, 'U_TITLE' => $u_title ); - $template->assign_block_vars($linear_offset, array_merge($tpl_ary, array_change_key_case($itep_ary, CASE_UPPER))); + $template->assign_block_vars($linear_offset, array_merge($tpl_ary, array_change_key_case($item_ary, CASE_UPPER))); $current_depth = $depth; } @@ -593,7 +600,10 @@ class p_master { $this->p_class = $class; $this->p_name = $name; - + + // Set active module to true instead of using the id + $this->active_module = true; + $this->load_active($mode); } @@ -633,9 +643,9 @@ class p_master */ function set_display($id, $mode = false, $display = true) { - foreach ($this->module_ary as $row_id => $itep_ary) + foreach ($this->module_ary as $row_id => $item_ary) { - if (($itep_ary['name'] === $id || $itep_ary['id'] === (int) $id) && (!$mode || $itep_ary['mode'] === $mode)) + if (($item_ary['name'] === $id || $item_ary['id'] === (int) $id) && (!$mode || $item_ary['mode'] === $mode)) { $this->module_ary[$row_id]['display'] = (int) $display; } diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index 127d7b2af4..70b568a5ed 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -521,9 +521,10 @@ function create_thumbnail($source, $destination, $mimetype) $used_imagick = false; - if ($config['img_imagick']) + // Only use imagemagick if defined and the passthru function not disabled + if ($config['img_imagick'] && function_exists('passthru')) { - passthru($config['img_imagick'] . 'convert' . ((defined('PHP_OS') && preg_match('#win#i', PHP_OS)) ? '.exe' : '') . ' -quality 85 -antialias -sample ' . $new_width . 'x' . $new_height . ' "' . str_replace('\\', '/', $source) . '" +profile "*" "' . str_replace('\\', '/', $destination) . '"'); + passthru(escapeshellcmd($config['img_imagick']) . 'convert' . ((defined('PHP_OS') && preg_match('#win#i', PHP_OS)) ? '.exe' : '') . ' -quality 85 -antialias -sample ' . $new_width . 'x' . $new_height . ' "' . str_replace('\\', '/', $source) . '" +profile "*" "' . str_replace('\\', '/', $destination) . '"'); if (file_exists($destination)) { $used_imagick = true; diff --git a/phpBB/includes/functions_template.php b/phpBB/includes/functions_template.php index 9b201871b1..f566cce1cd 100644 --- a/phpBB/includes/functions_template.php +++ b/phpBB/includes/functions_template.php @@ -464,7 +464,7 @@ class template_compile { preg_match('#^((?:[a-z0-9\-_]+\.)+)?\$(?=[A-Z])([A-Z0-9_\-]*)(?: = (\'?)([^\']*)(\'?))?$#', $tag_args, $match); - if (empty($match[2]) || (empty($match[4]) && $op)) + if (empty($match[2]) || (!isset($match[4]) && $op)) { return; } diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index efc352f259..3fb79ed5bb 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1095,7 +1095,7 @@ function validate_email($email) return false; } - if (!preg_match('#^[a-z0-9\.\-_\+]+?@(.*?\.)*?[a-z0-9\-_]+?\.[a-z]{2,4}$#i', $email)) + if (!preg_match('/^' . get_preg_expression('email') . '$/i', $email)) { return 'EMAIL_INVALID'; } diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index d74a58524f..85f99d349b 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -720,7 +720,7 @@ class bbcode_firstpass extends bbcode $validated = true; - if (!preg_match('!([a-z0-9]+[a-z0-9\-\._]*@(?:(?:[0-9]{1,3}\.){3,5}[0-9]{1,3}|[a-z0-9]+[a-z0-9\-\._]*\.[a-z]+))!i', $email)) + if (!preg_match('/^' . get_preg_expression('email') . '$/i', $email)) { $validated = false; } |