- auto sync attachment topic flag [Bug #2949]

- corrected paths for templates stored in the db and filenames displayed in the template editor [Bug #3662] - removed some useless language strings [Bug #3648] - corrected escaping of usernames and passwords in auth modules [Bug #3696], added ldap_escape git-svn-id: file:///svn/phpbb/trunk@6266 89ea8834-ac86-4346-8a33-228a782c2dd0
author: Nils Adermann <naderman@naderman.de> 2006-08-12 01:58:58 +0000
committer: Nils Adermann <naderman@naderman.de> 2006-08-12 01:58:58 +0000
commit: b1ef984526f462a2c2132ab34a039490bceeb836 (patch)
tree: 53ee825ff6a23fff4cfc5eede0fafc010c017089 /phpBB
parent: b5a6291fa5a3c57eeb6a5cbe0411bde2a239402d (diff)
download: forums-b1ef984526f462a2c2132ab34a039490bceeb836.tar
forums-b1ef984526f462a2c2132ab34a039490bceeb836.tar.gz
forums-b1ef984526f462a2c2132ab34a039490bceeb836.tar.bz2
forums-b1ef984526f462a2c2132ab34a039490bceeb836.tar.xz
forums-b1ef984526f462a2c2132ab34a039490bceeb836.zip
6 files changed, 31 insertions, 15 deletions
diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php
index 00789fceec..f5bb241e57 100644
--- a/phpBB/includes/acp/acp_styles.php
+++ b/phpBB/includes/acp/acp_styles.php
@@ -2355,7 +2355,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
 				// heck of a lot of data ...
 				$sql_ary = array(
 					'template_id'			=> $style_id,
-					'template_filename'		=> "$template_path$pathfile$file",
+					'template_filename'		=> "$pathfile$file",
 					'template_included'		=> (isset($includes[$file])) ? implode(':', $includes[$file]) . ':' : '',
 					'template_mtime'		=> filemtime("{$phpbb_root_path}styles/$template_path$pathfile$file"),
 					'template_data'			=> file_get_contents("{$phpbb_root_path}styles/$template_path$pathfile$file"),
diff --git a/phpBB/includes/auth/auth_apache.php b/phpBB/includes/auth/auth_apache.php
index 8556fb5707..3ee0f1347f 100644
--- a/phpBB/includes/auth/auth_apache.php
+++ b/phpBB/includes/auth/auth_apache.php
@@ -121,6 +121,9 @@ function autologin_apache()
 
 	if (!empty($php_auth_user) && !empty($php_auth_pw))
 	{
+		set_var($php_auth_user, $php_auth_user, 'string');
+		set_var($php_auth_pw, $php_auth_pw, 'string');
+
 		$sql = 'SELECT *
 			FROM ' . USERS_TABLE . "
 			WHERE username = '" . $db->sql_escape($php_auth_user) . "'";
@@ -190,7 +193,15 @@ function user_row_apache($username, $password)
 */
 function validate_session_apache(&$user)
 {
-	return (isset($_SERVER['PHP_AUTH_USER']) && ($_SERVER['PHP_AUTH_USER'] === $user['username'])) ? true : false;
+	if (!isset($_SERVER['PHP_AUTH_USER']))
+	{
+		return false;
+	}
+
+	$php_auth_user = '';
+	set_var($php_auth_user, $_SERVER['PHP_AUTH_USER'], 'string');
+
+	return ($php_auth_user === $user['username']) ? true : false;
 }
 
 ?>
 \ No newline at end of file
diff --git a/phpBB/includes/auth/auth_ldap.php b/phpBB/includes/auth/auth_ldap.php
index 25c90aeeeb..889f6d8661 100644
--- a/phpBB/includes/auth/auth_ldap.php
+++ b/phpBB/includes/auth/auth_ldap.php
@@ -38,7 +38,7 @@ function init_ldap()
 	$search = @ldap_search(
 		$ldap,
 		$config['ldap_base_dn'],
-		'(' . $config['ldap_uid'] . '=' . $user->data['username'] . ')',
+		'(' . $config['ldap_uid'] . '=' . ldap_escape(html_entity_decode($user->data['username'])) . ')',
 		(empty($config['ldap_email'])) ? array($config['ldap_uid']) : array($config['ldap_uid'], $config['ldap_email']),
 		0,
 		1
@@ -53,17 +53,18 @@ function init_ldap()
 
 	@ldap_close($ldap);
 
-	if (!empty($config['ldap_email']) && !isset($result[0][$config['ldap_email']]))
+
+	if (!is_array($result) || sizeof($result) < 2)
 	{
-		return $user->lang['LDAP_NO_EMAIL'];
+		return sprintf($user->lang['LDAP_NO_IDENTITY'], $user->data['username']);
 	}
 
-	if (is_array($result) && sizeof($result) > 1)
+	if (!empty($config['ldap_email']) && !isset($result[0][$config['ldap_email']]))
 	{
-		return false;
+		return $user->lang['LDAP_NO_EMAIL'];
 	}
 
-	return sprintf($user->lang['LDAP_NO_IDENTITY'], $user->data['username']);
+	return false;
 }
 
 /**
@@ -97,7 +98,7 @@ function login_ldap(&$username, &$password)
 	$search = @ldap_search(
 		$ldap,
 		$config['ldap_base_dn'],
-		'(' . $config['ldap_uid'] . '=' . $username . ')',
+		'(' . $config['ldap_uid'] . '=' . ldap_escape(html_entity_decode($username)) . ')',
 		(empty($config['ldap_email'])) ? array($config['ldap_uid']) : array($config['ldap_uid'], $config['ldap_email']),
 		0,
 		1
@@ -107,7 +108,7 @@ function login_ldap(&$username, &$password)
 
 	if (is_array($ldap_result) && sizeof($ldap_result) > 1)
 	{
-		if (@ldap_bind($ldap, $ldap_result[0]['dn'], $password))
+		if (@ldap_bind($ldap, $ldap_result[0]['dn'], html_entity_decode($password)))
 		{
 			@ldap_close($ldap);
 
@@ -199,6 +200,14 @@ function login_ldap(&$username, &$password)
 }
 
 /**
+* Escapes an LDAP AttributeValue
+*/
+function ldap_escape($string)
+{
+	return str_replace(array('*', '\\', '(', ')'), array('\\*', '\\\\', '\\(', '\\)'), $string);
+}
+
+/**
 * This function is used to output any required fields in the authentication
 * admin panel. It also defines any required configuration table fields.
 */
diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php
index 176d9b36c1..0eec9a5114 100644
--- a/phpBB/includes/functions_admin.php
+++ b/phpBB/includes/functions_admin.php
@@ -465,6 +465,7 @@ function move_posts($post_ids, $topic_id, $auto_sync = true)
 		$forum_ids[] = $forum_row['forum_id'];
 
 		sync('topic_reported', 'topic_id', $topic_ids);
+		sync('topic_attachment', 'topic_id', $topic_ids);
 		sync('topic', 'topic_id', $topic_ids, true);
 		sync('forum', 'forum_id', $forum_ids, true);
 	}
diff --git a/phpBB/language/en/mcp.php b/phpBB/language/en/mcp.php
index 5de6718550..294864c3d1 100644
--- a/phpBB/language/en/mcp.php
+++ b/phpBB/language/en/mcp.php
@@ -172,9 +172,6 @@ $lang = array_merge($lang, array(
 	'MCP_QUEUE_UNAPPROVED_TOPICS'			=> 'Topics awaiting approval',
 	'MCP_QUEUE_UNAPPROVED_TOPICS_EXPLAIN'	=> 'This is a list of all topics which require approving before they will be visible to users',
 
-	'MCP_VIEW_ALL'			=> 'View all (%s)',
-	'MCP_VIEW_LOGS'			=> 'View logs',
-	'MCP_VIEW_RECENT'		=> 'View recent (%s)',
 	'MCP_VIEW_USER'			=> 'View warnings for a specific user',
 
 	'MCP_WARN'				=> 'Warnings',
diff --git a/phpBB/language/en/ucp.php b/phpBB/language/en/ucp.php
index 12a0b2c3f2..d23049b1f3 100644
--- a/phpBB/language/en/ucp.php
+++ b/phpBB/language/en/ucp.php
@@ -409,7 +409,6 @@ $lang = array_merge($lang, array(
 	'UCP_REGISTER_DISABLE'			=> 'Creating a new account is currently not possible.',
 	'UCP_REMIND'					=> 'Send password',
 	'UCP_RESEND'					=> 'Send activation email',
-	'UCP_WATCHED'					=> 'Watched items',
 	'UCP_WELCOME'					=> 'Welcome to the User Control Panel. From here you can monitor, view and update your profile, preferences, subscribed forums and topics. You can also send messages to other users (if permitted). Please ensure you read any announcements before continuing.',
 	'UCP_YIM'						=> 'Yahoo Messenger',
 	'UCP_ZEBRA'						=> 'Friends and Foes',
@@ -486,7 +485,6 @@ $lang = array_merge($lang, array(
 		'IS_GROUP'		=> 'is in usergroup',
 		'ANSWERED'		=> 'answered',
 		'FORWARDED'		=> 'forwarded',
-		'REPORTED'		=> 'reported',
 		'TO_GROUP'		=> 'to my default usergroup',
 		'TO_ME'			=> 'to me'
 	),
author	Nils Adermann <naderman@naderman.de>	2006-08-12 01:58:58 +0000
committer	Nils Adermann <naderman@naderman.de>	2006-08-12 01:58:58 +0000
commit	b1ef984526f462a2c2132ab34a039490bceeb836 (patch)
tree	53ee825ff6a23fff4cfc5eede0fafc010c017089 /phpBB
parent	b5a6291fa5a3c57eeb6a5cbe0411bde2a239402d (diff)
download	forums-b1ef984526f462a2c2132ab34a039490bceeb836.tar forums-b1ef984526f462a2c2132ab34a039490bceeb836.tar.gz forums-b1ef984526f462a2c2132ab34a039490bceeb836.tar.bz2 forums-b1ef984526f462a2c2132ab34a039490bceeb836.tar.xz forums-b1ef984526f462a2c2132ab34a039490bceeb836.zip