ok... i hope i haven't messed too much with the code and everything is still working.

Changes: - Ascraeus now uses constants for the phpbb root path and the php extension. This ensures more security for external applications and modifications (no more overwriting of root path and extension possible through insecure mods and register globals enabled) as well as no more globalizing needed. - A second change implemented here is an additional short-hand-notation for append_sid(). It is allowed to omit the root path and extension now (for example calling append_sid('memberlist')) - in this case the root path and extension get added automatically. The hook is called after these are added. git-svn-id: file:///svn/phpbb/trunk@8572 89ea8834-ac86-4346-8a33-228a782c2dd0
author: Meik Sievertsen <acydburn@phpbb.com> 2008-05-29 12:25:56 +0000
committer: Meik Sievertsen <acydburn@phpbb.com> 2008-05-29 12:25:56 +0000
commit: 2f4a618900e2c3b6ea14c68cbeb5897cd2ac1a04 (patch)
tree: 3b7ea329bf35eab5ddab9b0b5eb790e45e283a5c /phpBB/style.php
parent: 91b4fe1868ca2c4d81111943f781e3cfd0262ef2 (diff)
download: forums-2f4a618900e2c3b6ea14c68cbeb5897cd2ac1a04.tar
forums-2f4a618900e2c3b6ea14c68cbeb5897cd2ac1a04.tar.gz
forums-2f4a618900e2c3b6ea14c68cbeb5897cd2ac1a04.tar.bz2
forums-2f4a618900e2c3b6ea14c68cbeb5897cd2ac1a04.tar.xz
forums-2f4a618900e2c3b6ea14c68cbeb5897cd2ac1a04.zip
1 files changed, 169 insertions, 214 deletions
diff --git a/phpBB/style.php b/phpBB/style.php
index cd9f8bd9d7..3ee1726554 100644
--- a/phpBB/style.php
+++ b/phpBB/style.php
@@ -12,36 +12,8 @@
 * @ignore
 */
 define('IN_PHPBB', true);
-$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
-$phpEx = substr(strrchr(__FILE__, '.'), 1);
-
-// Report all errors, except notices
-error_reporting(E_ALL ^ E_NOTICE);
-date_default_timezone_set('UTC');
-
-require($phpbb_root_path . 'config.' . $phpEx);
-
-if (!defined('PHPBB_INSTALLED') || empty($dbms) || empty($acm_type))
-{
-	exit;
-}
-
-if (version_compare(PHP_VERSION, '6.0.0-dev', '<'))
-{
-	set_magic_quotes_runtime(0);
-}
-
-// Load Extensions
-if (!empty($load_extensions))
-{
-	$load_extensions = explode(',', $load_extensions);
-
-	foreach ($load_extensions as $extension)
-	{
-		@dl(trim($extension));
-	}
-}
-
+if (!defined('PHPBB_ROOT_PATH')) define('PHPBB_ROOT_PATH', './');
+if (!defined('PHP_EXT')) define('PHP_EXT', substr(strrchr(__FILE__, '.'), 1));
 
 $sid = (isset($_GET['sid']) && !is_array($_GET['sid'])) ? htmlspecialchars($_GET['sid']) : '';
 $id = (isset($_GET['id'])) ? intval($_GET['id']) : 0;
@@ -56,240 +28,223 @@ if (strspn($sid, 'abcdefABCDEF0123456789') !== strlen($sid))
 // happen to have a current session it will output nothing. We will also cache the
 // resulting CSS data for five minutes ... anything to reduce the load on the SQL
 // server a little
-if ($id)
+if (!$id)
 {
-	// Include files
-	require($phpbb_root_path . 'includes/acm/acm_' . $acm_type . '.' . $phpEx);
-	require($phpbb_root_path . 'includes/cache.' . $phpEx);
-	require($phpbb_root_path . 'includes/db/' . $dbms . '.' . $phpEx);
-	require($phpbb_root_path . 'includes/constants.' . $phpEx);
+	exit;
+}
 
-	$db = new $sql_db();
-	$cache = new acm();
+include(PHPBB_ROOT_PATH . 'common.' . PHP_EXT);
 
-	// Connect to DB
-	if (!@$db->sql_connect($dbhost, $dbuser, $dbpasswd, $dbname, $dbport, false, false))
-	{
-		exit;
-	}
-	unset($dbpasswd);
+$user = false;
 
-	$config = cache::obtain_config();
-	$user = false;
+if ($sid)
+{
+	$sql = 'SELECT u.user_id, u.user_lang
+		FROM ' . SESSIONS_TABLE . ' s, ' . USERS_TABLE . " u
+		WHERE s.session_id = '" . $db->sql_escape($sid) . "'
+			AND s.session_user_id = u.user_id";
+	$result = $db->sql_query($sql);
+	$user = $db->sql_fetchrow($result);
+	$db->sql_freeresult($result);
+}
 
-	if ($sid)
-	{
-		$sql = 'SELECT u.user_id, u.user_lang
-			FROM ' . SESSIONS_TABLE . ' s, ' . USERS_TABLE . " u
-			WHERE s.session_id = '" . $db->sql_escape($sid) . "'
-				AND s.session_user_id = u.user_id";
-		$result = $db->sql_query($sql);
-		$user = $db->sql_fetchrow($result);
-		$db->sql_freeresult($result);
-	}
+$recompile = $config['load_tplcompile'];
+if (!$user)
+{
+	$id			= $config['default_style'];
+	$recompile	= false;
+	$user		= array('user_id' => ANONYMOUS);
+}
 
-	$recompile = $config['load_tplcompile'];
-	if (!$user)
-	{
-		$id			= $config['default_style'];
-		$recompile	= false;
-		$user		= array('user_id' => ANONYMOUS);
-	}
+$sql = 'SELECT s.style_id, c.theme_id, c.theme_data, c.theme_path, c.theme_name, c.theme_mtime, i.*, t.template_path
+	FROM ' . STYLES_TABLE . ' s, ' . STYLES_TEMPLATE_TABLE . ' t, ' . STYLES_THEME_TABLE . ' c, ' . STYLES_IMAGESET_TABLE . ' i
+	WHERE s.style_id = ' . $id . '
+		AND t.template_id = s.template_id
+		AND c.theme_id = s.theme_id
+		AND i.imageset_id = s.imageset_id';
+$result = $db->sql_query($sql, 300);
+$theme = $db->sql_fetchrow($result);
+$db->sql_freeresult($result);
+
+if (!$theme)
+{
+	garbage_collection();
+	exit_handler();
+}
 
-	$sql = 'SELECT s.style_id, c.theme_id, c.theme_data, c.theme_path, c.theme_name, c.theme_mtime, i.*, t.template_path
-		FROM ' . STYLES_TABLE . ' s, ' . STYLES_TEMPLATE_TABLE . ' t, ' . STYLES_THEME_TABLE . ' c, ' . STYLES_IMAGESET_TABLE . ' i
-		WHERE s.style_id = ' . $id . '
-			AND t.template_id = s.template_id
-			AND c.theme_id = s.theme_id
-			AND i.imageset_id = s.imageset_id';
-	$result = $db->sql_query($sql, 300);
-	$theme = $db->sql_fetchrow($result);
-	$db->sql_freeresult($result);
+if ($user['user_id'] == ANONYMOUS)
+{
+	$user['user_lang'] = $config['default_lang'];
+}
 
-	if (!$theme)
-	{
-		exit;
-	}
+$user_image_lang = (file_exists(PHPBB_ROOT_PATH . 'styles/' . $theme['imageset_path'] . '/imageset/' . $user['user_lang'])) ? $user['user_lang'] : $config['default_lang'];
 
-	if ($user['user_id'] == ANONYMOUS)
-	{
-		$user['user_lang'] = $config['default_lang'];
-	}
+$sql = 'SELECT *
+	FROM ' . STYLES_IMAGESET_DATA_TABLE . '
+	WHERE imageset_id = ' . $theme['imageset_id'] . "
+	AND image_filename <> '' 
+	AND image_lang IN ('" . $db->sql_escape($user_image_lang) . "', '')";
+$result = $db->sql_query($sql, 3600);
 
-	$user_image_lang = (file_exists($phpbb_root_path . 'styles/' . $theme['imageset_path'] . '/imageset/' . $user['user_lang'])) ? $user['user_lang'] : $config['default_lang'];
+$img_array = array();
+while ($row = $db->sql_fetchrow($result))
+{
+	$img_array[$row['image_name']] = $row;
+}
+$db->sql_freeresult($result);
 
-	$sql = 'SELECT *
-		FROM ' . STYLES_IMAGESET_DATA_TABLE . '
-		WHERE imageset_id = ' . $theme['imageset_id'] . "
-		AND image_filename <> '' 
-		AND image_lang IN ('" . $db->sql_escape($user_image_lang) . "', '')";
-	$result = $db->sql_query($sql, 3600);
+// gzip_compression
+if ($config['gzip_compress'])
+{
+	// IE6 is not able to compress the style (do not ask us why!)
+	$browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? strtolower(htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT'])) : '';
 
-	$img_array = array();
-	while ($row = $db->sql_fetchrow($result))
+	if ($browser && strpos($browser, 'msie 6.0') === false && @extension_loaded('zlib') && !headers_sent())
 	{
-		$img_array[$row['image_name']] = $row;
+		ob_start('ob_gzhandler');
 	}
-	$db->sql_freeresult($result);
-
-	// gzip_compression
-	if ($config['gzip_compress'])
-	{
-		// IE6 is not able to compress the style (do not ask us why!)
-		$browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? strtolower(htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT'])) : '';
+}
 
-		if ($browser && strpos($browser, 'msie 6.0') === false && @extension_loaded('zlib') && !headers_sent())
-		{
-			ob_start('ob_gzhandler');
-		}
-	}
+// Expire time of seven days if not recached
+$expire_time = 7 * 86400;
+$recache = false;
 
-	// Expire time of seven days if not recached
-	$expire_time = 7 * 86400;
-	$recache = false;
+// Re-cache stylesheet data if necessary
+if ($recompile || empty($theme['theme_data']))
+{
+	$recache = (empty($theme['theme_data'])) ? true : false;
+	$update_time = time();
 
-	// Re-cache stylesheet data if necessary
-	if ($recompile || empty($theme['theme_data']))
+	// We test for stylesheet.css because it is faster and most likely the only file changed on common themes
+	if (!$recache && $theme['theme_mtime'] < @filemtime(PHPBB_ROOT_PATH . 'styles/' . $theme['theme_path'] . '/theme/stylesheet.css'))
 	{
-		$recache = (empty($theme['theme_data'])) ? true : false;
-		$update_time = time();
+		$recache = true;
+		$update_time = @filemtime(PHPBB_ROOT_PATH . 'styles/' . $theme['theme_path'] . '/theme/stylesheet.css');
+	}
+	else if (!$recache)
+	{
+		$last_change = $theme['theme_mtime'];
+		$dir = @opendir(PHPBB_ROOT_PATH . "styles/{$theme['theme_path']}/theme");
 
-		// We test for stylesheet.css because it is faster and most likely the only file changed on common themes
-		if (!$recache && $theme['theme_mtime'] < @filemtime("{$phpbb_root_path}styles/" . $theme['theme_path'] . '/theme/stylesheet.css'))
-		{
-			$recache = true;
-			$update_time = @filemtime("{$phpbb_root_path}styles/" . $theme['theme_path'] . '/theme/stylesheet.css');
-		}
-		else if (!$recache)
+		if ($dir)
 		{
-			$last_change = $theme['theme_mtime'];
-			$dir = @opendir("{$phpbb_root_path}styles/{$theme['theme_path']}/theme");
-
-			if ($dir)
+			while (($entry = readdir($dir)) !== false)
 			{
-				while (($entry = readdir($dir)) !== false)
+				if (substr(strrchr($entry, '.'), 1) == 'css' && $last_change < @filemtime(PHPBB_ROOT_PATH . "styles/{$theme['theme_path']}/theme/{$entry}"))
 				{
-					if (substr(strrchr($entry, '.'), 1) == 'css' && $last_change < @filemtime("{$phpbb_root_path}styles/{$theme['theme_path']}/theme/{$entry}"))
-					{
-						$recache = true;
-						break;
-					}
+					$recache = true;
+					break;
 				}
-				closedir($dir);
 			}
+			closedir($dir);
 		}
 	}
+}
 
-	if ($recache)
+if ($recache)
+{
+	if (!class_exists('acp_styles'))
 	{
-		if (!class_exists('acp_styles'))
-		{
-			include($phpbb_root_path . 'includes/acp/acp_styles.' . $phpEx);
-		}
+		include(PHPBB_ROOT_PATH . 'includes/acp/acp_styles.' . PHP_EXT);
+	}
 
-		$theme['theme_data'] = acp_styles::db_theme_data($theme);
-		$theme['theme_mtime'] = $update_time;
+	$theme['theme_data'] = acp_styles::db_theme_data($theme);
+	$theme['theme_mtime'] = $update_time;
 
-		// Save CSS contents
-		$sql_ary = array(
-			'theme_mtime'	=> $theme['theme_mtime'],
-			'theme_data'	=> $theme['theme_data']
-		);
+	// Save CSS contents
+	$sql_ary = array(
+		'theme_mtime'	=> $theme['theme_mtime'],
+		'theme_data'	=> $theme['theme_data']
+	);
 
-		// @TODO: rewrite with the new param db functions
-		$sql = 'UPDATE ' . STYLES_THEME_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
-			WHERE theme_id = {$theme['theme_id']}";
-		$db->sql_query($sql);
+	// @TODO: rewrite with the new param db functions
+	$sql = 'UPDATE ' . STYLES_THEME_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
+		WHERE theme_id = {$theme['theme_id']}";
+	$db->sql_query($sql);
 
-		$cache->destroy('sql', STYLES_THEME_TABLE);
-	}
+	$cache->destroy('sql', STYLES_THEME_TABLE);
+}
 
-	// Only set the expire time if the theme changed data is older than 30 minutes - to cope with changes from the ACP
-	if ($recache || $theme['theme_mtime'] > (time() - 1800))
-	{
-		header('Expires: 0');
-	}
-	else
-	{
-		header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time() + $expire_time));
-	}
+// Only set the expire time if the theme changed data is older than 30 minutes - to cope with changes from the ACP
+if ($recache || $theme['theme_mtime'] > (time() - 1800))
+{
+	header('Expires: 0');
+}
+else
+{
+	header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time() + $expire_time));
+}
 
-	header('Content-type: text/css; charset=UTF-8');
+header('Content-type: text/css; charset=UTF-8');
 
-	// Parse Theme Data
-	$replace = array(
-		'{T_THEME_PATH}'			=> "{$phpbb_root_path}styles/" . $theme['theme_path'] . '/theme',
-		'{T_TEMPLATE_PATH}'			=> "{$phpbb_root_path}styles/" . $theme['template_path'] . '/template',
-		'{T_IMAGESET_PATH}'			=> "{$phpbb_root_path}styles/" . $theme['imageset_path'] . '/imageset',
-		'{T_IMAGESET_LANG_PATH}'	=> "{$phpbb_root_path}styles/" . $theme['imageset_path'] . '/imageset/' . $user_image_lang,
-		'{T_STYLESHEET_NAME}'		=> $theme['theme_name'],
-		'{S_USER_LANG}'				=> $user['user_lang']
-	);
+// Parse Theme Data
+$replace = array(
+	'{T_THEME_PATH}'			=> PHPBB_ROOT_PATH . 'styles/' . $theme['theme_path'] . '/theme',
+	'{T_TEMPLATE_PATH}'			=> PHPBB_ROOT_PATH . 'styles/' . $theme['template_path'] . '/template',
+	'{T_IMAGESET_PATH}'			=> PHPBB_ROOT_PATH . 'styles/' . $theme['imageset_path'] . '/imageset',
+	'{T_IMAGESET_LANG_PATH}'	=> PHPBB_ROOT_PATH . 'styles/' . $theme['imageset_path'] . '/imageset/' . $user_image_lang,
+	'{T_STYLESHEET_NAME}'		=> $theme['theme_name'],
+	'{S_USER_LANG}'				=> $user['user_lang']
+);
 
-	$theme['theme_data'] = str_replace(array_keys($replace), array_values($replace), $theme['theme_data']);
+$theme['theme_data'] = str_replace(array_keys($replace), array_values($replace), $theme['theme_data']);
 
-	$matches = array();
-	preg_match_all('#\{IMG_([A-Za-z0-9_]*?)_(WIDTH|HEIGHT|SRC)\}#', $theme['theme_data'], $matches);
+$matches = array();
+preg_match_all('#\{IMG_([A-Za-z0-9_]*?)_(WIDTH|HEIGHT|SRC)\}#', $theme['theme_data'], $matches);
 
-	$imgs = $find = $replace = array();
-	if (isset($matches[0]) && sizeof($matches[0]))
+$imgs = $find = $replace = array();
+if (isset($matches[0]) && sizeof($matches[0]))
+{
+	foreach ($matches[1] as $i => $img)
 	{
-		foreach ($matches[1] as $i => $img)
-		{
-			$img = strtolower($img);
-			$find[] = $matches[0][$i];
-
-			if (!isset($img_array[$img]))
-			{
-				$replace[] = '';
-				continue;
-			}
+		$img = strtolower($img);
+		$find[] = $matches[0][$i];
 
-			if (!isset($imgs[$img]))
-			{
-				$img_data = &$img_array[$img];
-				$imgsrc = ($img_data['image_lang'] ? $img_data['image_lang'] . '/' : '') . $img_data['image_filename'];
-				$imgs[$img] = array(
-					'src'		=> $phpbb_root_path . 'styles/' . $theme['imageset_path'] . '/imageset/' . $imgsrc,
-					'width'		=> $img_data['image_width'],
-					'height'	=> $img_data['image_height'],
-				);
-			}
+		if (!isset($img_array[$img]))
+		{
+			$replace[] = '';
+			continue;
+		}
 
-			switch ($matches[2][$i])
-			{
-				case 'SRC':
-					$replace[] = $imgs[$img]['src'];
-				break;
-				
-				case 'WIDTH':
-					$replace[] = $imgs[$img]['width'];
-				break;
-	
-				case 'HEIGHT':
-					$replace[] = $imgs[$img]['height'];
-				break;
-
-				default:
-					continue;
-			}
+		if (!isset($imgs[$img]))
+		{
+			$img_data = &$img_array[$img];
+			$imgsrc = ($img_data['image_lang'] ? $img_data['image_lang'] . '/' : '') . $img_data['image_filename'];
+			$imgs[$img] = array(
+				'src'		=> PHPBB_ROOT_PATH . 'styles/' . $theme['imageset_path'] . '/imageset/' . $imgsrc,
+				'width'		=> $img_data['image_width'],
+				'height'	=> $img_data['image_height'],
+			);
 		}
 
-		if (sizeof($find))
+		switch ($matches[2][$i])
 		{
-			$theme['theme_data'] = str_replace($find, $replace, $theme['theme_data']);
+			case 'SRC':
+				$replace[] = $imgs[$img]['src'];
+			break;
+			
+			case 'WIDTH':
+				$replace[] = $imgs[$img]['width'];
+			break;
+
+			case 'HEIGHT':
+				$replace[] = $imgs[$img]['height'];
+			break;
+
+			default:
+				continue;
 		}
 	}
 
-	echo $theme['theme_data'];
-
-	if (!empty($cache))
+	if (sizeof($find))
 	{
-		$cache->unload();
+		$theme['theme_data'] = str_replace($find, $replace, $theme['theme_data']);
 	}
-	$db->sql_close();
 }
 
-exit;
+echo $theme['theme_data'];
+
+garbage_collection();
+exit_handler();
 
 ?>
 \ No newline at end of file
author	Meik Sievertsen <acydburn@phpbb.com>	2008-05-29 12:25:56 +0000
committer	Meik Sievertsen <acydburn@phpbb.com>	2008-05-29 12:25:56 +0000
commit	2f4a618900e2c3b6ea14c68cbeb5897cd2ac1a04 (patch)
tree	3b7ea329bf35eab5ddab9b0b5eb790e45e283a5c /phpBB/style.php
parent	91b4fe1868ca2c4d81111943f781e3cfd0262ef2 (diff)
download	forums-2f4a618900e2c3b6ea14c68cbeb5897cd2ac1a04.tar forums-2f4a618900e2c3b6ea14c68cbeb5897cd2ac1a04.tar.gz forums-2f4a618900e2c3b6ea14c68cbeb5897cd2ac1a04.tar.bz2 forums-2f4a618900e2c3b6ea14c68cbeb5897cd2ac1a04.tar.xz forums-2f4a618900e2c3b6ea14c68cbeb5897cd2ac1a04.zip