aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes
diff options
context:
space:
mode:
authorMarc Alexander <admin@m-a-styles.de>2019-09-20 22:23:06 +0200
committerMarc Alexander <admin@m-a-styles.de>2019-09-20 22:23:06 +0200
commita7c02304a56e29c0fd4833626ec692a6babcb269 (patch)
tree8faf99cb5e786106c1c8ccfa5d2091e2759d2fb0 /phpBB/includes
parentd6139846607a4fe3a13d5863b3fa6a52b1fe3c10 (diff)
parentf0afccb173fb728b6c70a8bd86c4d8869043581a (diff)
downloadforums-a7c02304a56e29c0fd4833626ec692a6babcb269.tar
forums-a7c02304a56e29c0fd4833626ec692a6babcb269.tar.gz
forums-a7c02304a56e29c0fd4833626ec692a6babcb269.tar.bz2
forums-a7c02304a56e29c0fd4833626ec692a6babcb269.tar.xz
forums-a7c02304a56e29c0fd4833626ec692a6babcb269.zip
Merge branch '3.2.x' into 3.3.x
Diffstat (limited to 'phpBB/includes')
-rw-r--r--phpBB/includes/acp/acp_bbcodes.php12
-rw-r--r--phpBB/includes/acp/acp_prune.php1
-rw-r--r--phpBB/includes/functions_user.php5
-rw-r--r--phpBB/includes/message_parser.php29
-rw-r--r--phpBB/includes/ucp/ucp_pm_compose.php7
5 files changed, 44 insertions, 10 deletions
diff --git a/phpBB/includes/acp/acp_bbcodes.php b/phpBB/includes/acp/acp_bbcodes.php
index b59f9e3a39..5360ab0f7b 100644
--- a/phpBB/includes/acp/acp_bbcodes.php
+++ b/phpBB/includes/acp/acp_bbcodes.php
@@ -33,7 +33,6 @@ class acp_bbcodes
// Set up general vars
$action = $request->variable('action', '');
$bbcode_id = $request->variable('bbcode', 0);
- $submit = $request->is_set_post('submit');
$this->tpl_name = 'acp_bbcodes';
$this->page_title = 'ACP_BBCODES';
@@ -41,11 +40,6 @@ class acp_bbcodes
add_form_key($form_key);
- if ($submit && !check_form_key($form_key))
- {
- trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
- }
-
// Set up mode-specific vars
switch ($action)
{
@@ -179,6 +173,12 @@ class acp_bbcodes
extract($phpbb_dispatcher->trigger_event('core.acp_bbcodes_modify_create', compact($vars)));
$warn_text = preg_match('%<[^>]*\{text[\d]*\}[^>]*>%i', $bbcode_tpl);
+
+ if (!$warn_text && !check_form_key($form_key))
+ {
+ trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+ }
+
if (!$warn_text || confirm_box(true))
{
$data = $this->build_regexp($bbcode_match, $bbcode_tpl);
diff --git a/phpBB/includes/acp/acp_prune.php b/phpBB/includes/acp/acp_prune.php
index 3eee4f7922..c5f7789de8 100644
--- a/phpBB/includes/acp/acp_prune.php
+++ b/phpBB/includes/acp/acp_prune.php
@@ -537,6 +537,7 @@ class acp_prune
AND ug.user_id <> ' . ANONYMOUS . '
AND u.user_type <> ' . USER_FOUNDER . '
AND ug.user_pending = 0
+ AND ug.group_leader = 0
AND u.user_id = ug.user_id
' . (!empty($user_ids) ? ' AND ' . $db->sql_in_set('ug.user_id', $user_ids) : '');
$result = $db->sql_query($sql);
diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php
index 3bf4aa16b7..e0b6a9d0c6 100644
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@@ -1945,9 +1945,10 @@ function validate_user_email($email, $allowed_email = false)
return $validate_email;
}
- if (($ban = $user->check_ban(false, false, $email, true)) !== false)
+ $ban = $user->check_ban(false, false, $email, true);
+ if (!empty($ban))
{
- return ($ban === true) ? 'EMAIL_BANNED' : (!empty($ban['ban_give_reason']) ? $ban['ban_give_reason'] : $ban);
+ return !empty($ban['ban_give_reason']) ? $ban['ban_give_reason'] : 'EMAIL_BANNED';
}
if (!$config['allow_emailreuse'])
diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php
index 0b79cca864..e1c28223dc 100644
--- a/phpBB/includes/message_parser.php
+++ b/phpBB/includes/message_parser.php
@@ -1525,6 +1525,35 @@ class parse_message extends bbcode_firstpass
}
/**
+ * Check attachment form token depending on submit type
+ *
+ * @param \phpbb\language\language $language Language
+ * @param \phpbb\request\request_interface $request Request
+ * @param string $form_name Form name for checking form key
+ *
+ * @return bool True if form token is not needed or valid, false if needed and invalid
+ */
+ function check_attachment_form_token(\phpbb\language\language $language, \phpbb\request\request_interface $request, $form_name)
+ {
+ $add_file = $request->is_set_post('add_file');
+ $delete_file = $request->is_set_post('delete_file');
+
+ if (($add_file || $delete_file) && !check_form_key($form_name))
+ {
+ $this->warn_msg[] = $language->lang('FORM_INVALID');
+
+ if ($request->is_ajax() && $this->plupload)
+ {
+ $this->plupload->emit_error(-400, 'FORM_INVALID');
+ }
+
+ return false;
+ }
+
+ return true;
+ }
+
+ /**
* Parse Attachments
*/
function parse_attachments($form_name, $mode, $forum_id, $submit, $preview, $refresh, $is_message = false)
diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php
index cb45112b01..06baa279a5 100644
--- a/phpBB/includes/ucp/ucp_pm_compose.php
+++ b/phpBB/includes/ucp/ucp_pm_compose.php
@@ -26,7 +26,7 @@ if (!defined('IN_PHPBB'))
function compose_pm($id, $mode, $action, $user_folders = array())
{
global $template, $db, $auth, $user, $cache;
- global $phpbb_root_path, $phpEx, $config;
+ global $phpbb_root_path, $phpEx, $config, $language;
global $request, $phpbb_dispatcher, $phpbb_container;
// Damn php and globals - i know, this is horrible
@@ -799,7 +799,10 @@ function compose_pm($id, $mode, $action, $user_folders = array())
extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_modify_parse_before', compact($vars)));
// Parse Attachments - before checksum is calculated
- $message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true);
+ if ($message_parser->check_attachment_form_token($language, $request, 'ucp_pm_compose'))
+ {
+ $message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true);
+ }
if (count($message_parser->warn_msg) && !($remove_u || $remove_g || $add_to || $add_bcc))
{
generated by cgit v1.2.1 (git 2.21.0) at 2025-05-12 22:00:25 +0000