diff options
| -rw-r--r-- | phpBB/docs/CHANGELOG.html | 3 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_language.php | 4 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_styles.php | 4 | ||||
| -rw-r--r-- | phpBB/includes/functions.php | 92 | ||||
| -rw-r--r-- | phpBB/includes/session.php | 2 |
5 files changed, 57 insertions, 48 deletions
diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index 08f8be32fd..a471ae0cf6 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -101,10 +101,13 @@ <li>[Fix] Minor language fixes. (Bug #54855)</li> <li>[Fix] Parsing urls in signatures properly uses config settings. (Bug #57105)</li> <li>[Fix] Allow multibyte keys in request_var(). (Bug #51555)</li> + <li>[Fix] Fix inclusion check for captcha garbage collection (Bug #59425)</li> <li>[Fix] Prevent wrong tar archive type detection. (Bug #12531)</li> <li>[Fix] Correct redirection after login to forum not in web root (Bug #58755)</li> <li>[Fix] Allow setting parent forums regardless of permission settings. (Bug #57415)</li> <li>[Fix] Redirect search engines that access pages with SIDs in the URL. (Bug #58025)</li> + <li>[Fix] Fix incorrect ampersand encoding in redirect parameter. (Bug #58465)</li> + <li>[Fix] Fix open_basedir issues when accessing styles- and language-management. (Bug #59135)</li> <li>[Feature] Support for Microsoft's Native SQL Server Driver for PHP (Bug #57055 - Patch by Chris Pucci at Microsoft)</li> <li>[Feature] The memcache acm plugin now supports multiple memcache servers.</li> </ul> diff --git a/phpBB/includes/acp/acp_language.php b/phpBB/includes/acp/acp_language.php index fedae6fe67..c2cb2f9c11 100644 --- a/phpBB/includes/acp/acp_language.php +++ b/phpBB/includes/acp/acp_language.php @@ -1120,12 +1120,12 @@ class acp_language { while (($file = readdir($dp)) !== false) { - if (!is_dir($phpbb_root_path . 'language/' . $file)) + if ($file[0] == '.' || !is_dir($phpbb_root_path . 'language/' . $file)) { continue; } - if ($file[0] != '.' && file_exists("{$phpbb_root_path}language/$file/iso.txt")) + if (file_exists("{$phpbb_root_path}language/$file/iso.txt")) { if (!in_array($file, $installed)) { diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php index d2a0f9210f..3310560c73 100644 --- a/phpBB/includes/acp/acp_styles.php +++ b/phpBB/includes/acp/acp_styles.php @@ -643,13 +643,13 @@ parse_css_file = {PARSE_CSS_FILE} { while (($file = readdir($dp)) !== false) { - if (!is_dir($phpbb_root_path . 'styles/' . $file)) + if ($file[0] == '.' || !is_dir($phpbb_root_path . 'styles/' . $file)) { continue; } $subpath = ($mode != 'style') ? "$mode/" : ''; - if ($file[0] != '.' && file_exists("{$phpbb_root_path}styles/$file/$subpath$mode.cfg")) + if (file_exists("{$phpbb_root_path}styles/$file/$subpath$mode.cfg")) { if ($cfg = file("{$phpbb_root_path}styles/$file/$subpath$mode.cfg")) { diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index ce1f5f5462..4f52c7c2ce 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2297,6 +2297,8 @@ function redirect($url, $return = false, $disable_cd_check = false) { global $db, $cache, $config, $user, $phpbb_root_path; + $failover_flag = false; + if (empty($user->lang)) { $user->add_lang('common'); @@ -2344,65 +2346,69 @@ function redirect($url, $return = false, $disable_cd_check = false) if (!file_exists($pathinfo['dirname'])) { // fallback to "last known user page" + // at least this way we know the user does not leave the phpBB root $url = generate_board_url() . '/' . $user->page['page']; - break; + $failover_flag = true; } } - // Is the uri pointing to the current directory? - if ($pathinfo['dirname'] == '.') + if (!$failover_flag) { - $url = str_replace('./', '', $url); - - // Strip / from the beginning - if ($url && substr($url, 0, 1) == '/') + // Is the uri pointing to the current directory? + if ($pathinfo['dirname'] == '.') { - $url = substr($url, 1); - } + $url = str_replace('./', '', $url); - if ($user->page['page_dir']) - { - $url = generate_board_url() . '/' . $user->page['page_dir'] . '/' . $url; + // Strip / from the beginning + if ($url && substr($url, 0, 1) == '/') + { + $url = substr($url, 1); + } + + if ($user->page['page_dir']) + { + $url = generate_board_url() . '/' . $user->page['page_dir'] . '/' . $url; + } + else + { + $url = generate_board_url() . '/' . $url; + } } else { - $url = generate_board_url() . '/' . $url; - } - } - else - { - // Used ./ before, but $phpbb_root_path is working better with urls within another root path - $root_dirs = explode('/', str_replace('\\', '/', phpbb_realpath($phpbb_root_path))); - $page_dirs = explode('/', str_replace('\\', '/', phpbb_realpath($pathinfo['dirname']))); - $intersection = array_intersect_assoc($root_dirs, $page_dirs); + // Used ./ before, but $phpbb_root_path is working better with urls within another root path + $root_dirs = explode('/', str_replace('\\', '/', phpbb_realpath($phpbb_root_path))); + $page_dirs = explode('/', str_replace('\\', '/', phpbb_realpath($pathinfo['dirname']))); + $intersection = array_intersect_assoc($root_dirs, $page_dirs); - $root_dirs = array_diff_assoc($root_dirs, $intersection); - $page_dirs = array_diff_assoc($page_dirs, $intersection); + $root_dirs = array_diff_assoc($root_dirs, $intersection); + $page_dirs = array_diff_assoc($page_dirs, $intersection); - $dir = str_repeat('../', sizeof($root_dirs)) . implode('/', $page_dirs); + $dir = str_repeat('../', sizeof($root_dirs)) . implode('/', $page_dirs); - // Strip / from the end - if ($dir && substr($dir, -1, 1) == '/') - { - $dir = substr($dir, 0, -1); - } + // Strip / from the end + if ($dir && substr($dir, -1, 1) == '/') + { + $dir = substr($dir, 0, -1); + } - // Strip / from the beginning - if ($dir && substr($dir, 0, 1) == '/') - { - $dir = substr($dir, 1); - } + // Strip / from the beginning + if ($dir && substr($dir, 0, 1) == '/') + { + $dir = substr($dir, 1); + } - $url = str_replace($pathinfo['dirname'] . '/', '', $url); + $url = str_replace($pathinfo['dirname'] . '/', '', $url); - // Strip / from the beginning - if (substr($url, 0, 1) == '/') - { - $url = substr($url, 1); - } + // Strip / from the beginning + if (substr($url, 0, 1) == '/') + { + $url = substr($url, 1); + } - $url = (!empty($dir) ? $dir . '/' : '') . $url; - $url = generate_board_url() . '/' . $url; + $url = (!empty($dir) ? $dir . '/' : '') . $url; + $url = generate_board_url() . '/' . $url; + } } } @@ -4251,7 +4257,7 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0 'S_TOPIC_ID' => $topic_id, 'S_LOGIN_ACTION' => ((!defined('ADMIN_START')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=login') : append_sid("index.$phpEx", false, true, $user->session_id)), - 'S_LOGIN_REDIRECT' => build_hidden_fields(array('redirect' => str_replace('&', '&', build_url()))), + 'S_LOGIN_REDIRECT' => build_hidden_fields(array('redirect' => build_url())), 'S_ENABLE_FEEDS' => ($config['feed_enable']) ? true : false, 'S_ENABLE_FEEDS_OVERALL' => ($config['feed_overall']) ? true : false, diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 8beb0161f9..0a01b4e73b 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -983,7 +983,7 @@ class session } // only called from CRON; should be a safe workaround until the infrastructure gets going - if (!class_exists('captcha_factory')) + if (!class_exists('phpbb_captcha_factory')) { include($phpbb_root_path . "includes/captcha/captcha_factory." . $phpEx); } |