diff options
| -rw-r--r-- | phpBB/includes/functions_privmsgs.php | 3 | ||||
| -rw-r--r-- | phpBB/phpbb/install/helper/iohandler/ajax_iohandler.php | 8 | ||||
| -rw-r--r-- | phpBB/phpbb/install/helper/iohandler/cli_iohandler.php | 14 | ||||
| -rw-r--r-- | phpBB/phpbb/install/helper/iohandler/iohandler_interface.php | 15 | ||||
| -rw-r--r-- | phpBB/phpbb/install/module/obtain_data/task/obtain_database_data.php | 2 | ||||
| -rw-r--r-- | phpBB/phpbb/request/request.php | 84 | ||||
| -rw-r--r-- | phpBB/phpbb/request/request_interface.php | 22 | ||||
| -rw-r--r-- | phpBB/styles/prosilver/template/jumpbox.html | 35 | ||||
| -rw-r--r-- | phpBB/styles/prosilver/theme/common.css | 4 | ||||
| -rw-r--r-- | tests/mock/request.php | 5 |
10 files changed, 137 insertions, 55 deletions
diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php index 7eb4f29109..a54d753787 100644 --- a/phpBB/includes/functions_privmsgs.php +++ b/phpBB/includes/functions_privmsgs.php @@ -889,7 +889,8 @@ function update_unread_status($unread, $msg_id, $user_id, $folder_id) SET pm_unread = 0 WHERE msg_id = $msg_id AND user_id = $user_id - AND folder_id = $folder_id"; + AND folder_id = $folder_id + AND pm_unread = 1"; $db->sql_query($sql); // If the message is already marked as read, we just skip the rest to avoid negative PM count diff --git a/phpBB/phpbb/install/helper/iohandler/ajax_iohandler.php b/phpBB/phpbb/install/helper/iohandler/ajax_iohandler.php index c168d26425..a40d457466 100644 --- a/phpBB/phpbb/install/helper/iohandler/ajax_iohandler.php +++ b/phpBB/phpbb/install/helper/iohandler/ajax_iohandler.php @@ -123,6 +123,14 @@ class ajax_iohandler extends iohandler_base /** * {@inheritdoc} */ + public function get_raw_input($name, $default) + { + return $this->request->raw_variable($name, $default); + } + + /** + * {@inheritdoc} + */ public function get_server_variable($name, $default = '') { return $this->request->server($name, $default); diff --git a/phpBB/phpbb/install/helper/iohandler/cli_iohandler.php b/phpBB/phpbb/install/helper/iohandler/cli_iohandler.php index 196cdcdaab..4117a3dfd3 100644 --- a/phpBB/phpbb/install/helper/iohandler/cli_iohandler.php +++ b/phpBB/phpbb/install/helper/iohandler/cli_iohandler.php @@ -74,6 +74,20 @@ class cli_iohandler extends iohandler_base return $result; } + /** + * {@inheritdoc} + */ + public function get_raw_input($name, $default) + { + return $this->get_input($name, $default, true); + } + + /** + * Set input variable + * + * @param string $name Name of input variable + * @param mixed $value Value of input variable + */ public function set_input($name, $value) { $this->input_values[$name] = $value; diff --git a/phpBB/phpbb/install/helper/iohandler/iohandler_interface.php b/phpBB/phpbb/install/helper/iohandler/iohandler_interface.php index f22f33d9cb..440748901c 100644 --- a/phpBB/phpbb/install/helper/iohandler/iohandler_interface.php +++ b/phpBB/phpbb/install/helper/iohandler/iohandler_interface.php @@ -39,9 +39,20 @@ interface iohandler_interface public function get_input($name, $default, $multibyte = false); /** + * Returns raw input variable + * + * @param string $name Name of the input variable to obtain + * @param mixed $default A default value that is returned if the variable was not set. + * This function will always return a value of the same type as the default. + * + * @return mixed Value of the raw input variable + */ + public function get_raw_input($name, $default); + + /** * Returns server variable * - * This function should work the same as request_interterface::server(). + * This function should work the same as request_interface::server(). * * @param string $name Name of the server variable * @param mixed $default Default value to return when the requested variable does not exist @@ -51,7 +62,7 @@ interface iohandler_interface public function get_server_variable($name, $default = ''); /** - * Wrapper function for request_interterface::header() + * Wrapper function for request_interface::header() * * @param string $name Name of the request header variable * @param mixed $default Default value to return when the requested variable does not exist diff --git a/phpBB/phpbb/install/module/obtain_data/task/obtain_database_data.php b/phpBB/phpbb/install/module/obtain_data/task/obtain_database_data.php index ce720dbf76..dc7b060746 100644 --- a/phpBB/phpbb/install/module/obtain_data/task/obtain_database_data.php +++ b/phpBB/phpbb/install/module/obtain_data/task/obtain_database_data.php @@ -79,7 +79,7 @@ class obtain_database_data extends \phpbb\install\task_base implements \phpbb\in $dbhost = $this->io_handler->get_input('dbhost', '', true); $dbport = $this->io_handler->get_input('dbport', ''); $dbuser = $this->io_handler->get_input('dbuser', ''); - $dbpasswd = $this->io_handler->get_input('dbpasswd', '', true); + $dbpasswd = $this->io_handler->get_raw_input('dbpasswd', ''); $dbname = $this->io_handler->get_input('dbname', ''); $table_prefix = $this->io_handler->get_input('table_prefix', ''); diff --git a/phpBB/phpbb/request/request.php b/phpBB/phpbb/request/request.php index 4cac6fbaea..92d4213180 100644 --- a/phpBB/phpbb/request/request.php +++ b/phpBB/phpbb/request/request.php @@ -225,6 +225,51 @@ class request implements \phpbb\request\request_interface } /** + * {@inheritdoc} + */ + public function raw_variable($var_name, $default, $super_global = \phpbb\request\request_interface::REQUEST) + { + $path = false; + + // deep direct access to multi dimensional arrays + if (is_array($var_name)) + { + $path = $var_name; + // make sure at least the variable name is specified + if (empty($path)) + { + return (is_array($default)) ? array() : $default; + } + // the variable name is the first element on the path + $var_name = array_shift($path); + } + + if (!isset($this->input[$super_global][$var_name])) + { + return (is_array($default)) ? array() : $default; + } + $var = $this->input[$super_global][$var_name]; + + if ($path) + { + // walk through the array structure and find the element we are looking for + foreach ($path as $key) + { + if (is_array($var) && isset($var[$key])) + { + $var = $var[$key]; + } + else + { + return (is_array($default)) ? array() : $default; + } + } + } + + return $var; + } + + /** * Shortcut method to retrieve SERVER variables. * * Also fall back to getenv(), some CGI setups may need it (probably not, but @@ -369,41 +414,14 @@ class request implements \phpbb\request\request_interface */ protected function _variable($var_name, $default, $multibyte = false, $super_global = \phpbb\request\request_interface::REQUEST, $trim = true) { - $path = false; - - // deep direct access to multi dimensional arrays - if (is_array($var_name)) - { - $path = $var_name; - // make sure at least the variable name is specified - if (empty($path)) - { - return (is_array($default)) ? array() : $default; - } - // the variable name is the first element on the path - $var_name = array_shift($path); - } + $var = $this->raw_variable($var_name, $default, $super_global); - if (!isset($this->input[$super_global][$var_name])) + // Return prematurely if raw variable is empty array or the same as + // the default. Using strict comparison to ensure that one can't + // prevent proper type checking on any input variable + if ($var === array() || $var === $default) { - return (is_array($default)) ? array() : $default; - } - $var = $this->input[$super_global][$var_name]; - - if ($path) - { - // walk through the array structure and find the element we are looking for - foreach ($path as $key) - { - if (is_array($var) && isset($var[$key])) - { - $var = $var[$key]; - } - else - { - return (is_array($default)) ? array() : $default; - } - } + return $var; } $this->type_cast_helper->recursive_set_var($var, $default, $multibyte, $trim); diff --git a/phpBB/phpbb/request/request_interface.php b/phpBB/phpbb/request/request_interface.php index 47b3b3a4ed..3bfa8bb424 100644 --- a/phpBB/phpbb/request/request_interface.php +++ b/phpBB/phpbb/request/request_interface.php @@ -65,6 +65,28 @@ interface request_interface public function variable($var_name, $default, $multibyte = false, $super_global = \phpbb\request\request_interface::REQUEST); /** + * Get a variable without trimming strings and without escaping. + * This method MUST NOT be used with queries. + * Same functionality as variable(), except does not run trim() on strings + * and does not escape input. + * This method should only be used when the raw input is needed without + * any escaping, i.e. for database password during the installation. + * + * @param string|array $var_name The form variable's name from which data shall be retrieved. + * If the value is an array this may be an array of indizes which will give + * direct access to a value at any depth. E.g. if the value of "var" is array(1 => "a") + * then specifying array("var", 1) as the name will return "a". + * @param mixed $default A default value that is returned if the variable was not set. + * This function will always return a value of the same type as the default. + * @param \phpbb\request\request_interface::POST|GET|REQUEST|COOKIE $super_global + * Specifies which super global should be used + * + * @return mixed The value of $_REQUEST[$var_name] run through {@link set_var set_var} to ensure that the type is the + * the same as that of $default. If the variable is not set $default is returned. + */ + public function raw_variable($var_name, $default, $super_global = \phpbb\request\request_interface::REQUEST); + + /** * Shortcut method to retrieve SERVER variables. * * @param string|array $var_name See \phpbb\request\request_interface::variable diff --git a/phpBB/styles/prosilver/template/jumpbox.html b/phpBB/styles/prosilver/template/jumpbox.html index 0c40e85783..724a963264 100644 --- a/phpBB/styles/prosilver/template/jumpbox.html +++ b/phpBB/styles/prosilver/template/jumpbox.html @@ -1,49 +1,50 @@ -<!-- IF S_VIEWTOPIC --> +<div class="action-bar actions-jump"> + <!-- IF S_VIEWTOPIC --> <p class="jumpbox-return"> <a href="{U_VIEW_FORUM}" class="left-box arrow-{S_CONTENT_FLOW_BEGIN}" accesskey="r"> <i class="icon fa-angle-{S_CONTENT_FLOW_BEGIN} fa-fw icon-black" aria-hidden="true"></i><span>{L_RETURN_TO_FORUM}</span> </a> </p> -<!-- ELSEIF S_VIEWFORUM --> + <!-- ELSEIF S_VIEWFORUM --> <p class="jumpbox-return"> <a href="{U_INDEX}" class="left-box arrow-{S_CONTENT_FLOW_BEGIN}" accesskey="r"> <i class="icon fa-angle-{S_CONTENT_FLOW_BEGIN} fa-fw icon-black" aria-hidden="true"></i><span>{L_RETURN_TO_INDEX}</span> </a> </p> -<!-- ELSEIF SEARCH_TOPIC --> + <!-- ELSEIF SEARCH_TOPIC --> <p class="jumpbox-return"> <a class="left-box arrow-{S_CONTENT_FLOW_BEGIN}" href="{U_SEARCH_TOPIC}" accesskey="r"> <i class="icon fa-angle-{S_CONTENT_FLOW_BEGIN} fa-fw icon-black" aria-hidden="true"></i><span>{L_RETURN_TO_TOPIC}</span> </a> </p> -<!-- ELSEIF S_SEARCH_ACTION --> + <!-- ELSEIF S_SEARCH_ACTION --> <p class="jumpbox-return"> <a class="left-box arrow-{S_CONTENT_FLOW_BEGIN}" href="{U_SEARCH}" title="{L_SEARCH_ADV}" accesskey="r"> <i class="icon fa-angle-{S_CONTENT_FLOW_BEGIN} fa-fw icon-black" aria-hidden="true"></i><span>{L_GO_TO_SEARCH_ADV}</span> </a> </p> -<!-- ENDIF --> - -<!-- IF S_DISPLAY_JUMPBOX --> + <!-- ENDIF --> + <!-- IF S_DISPLAY_JUMPBOX --> <div class="jumpbox dropdown-container dropdown-container-right<!-- IF not S_IN_MCP --> dropdown-up<!-- ENDIF --> dropdown-{S_CONTENT_FLOW_BEGIN} dropdown-button-control" id="jumpbox"> - <span title="<!-- IF S_IN_MCP and S_MERGE_SELECT -->{L_SELECT_TOPICS_FROM}<!-- ELSEIF S_IN_MCP -->{L_MODERATE_FORUM}<!-- ELSE -->{L_JUMP_TO}<!-- ENDIF -->" class="button button-secondary dropdown-trigger dropdown-select"> - <span><!-- IF S_IN_MCP and S_MERGE_SELECT -->{L_SELECT_TOPICS_FROM}<!-- ELSEIF S_IN_MCP -->{L_MODERATE_FORUM}<!-- ELSE -->{L_JUMP_TO}<!-- ENDIF --></span> - <span class="caret"><i class="icon fa-sort-down fa-fw" aria-hidden="true"></i></span> - </span> + <span title="<!-- IF S_IN_MCP and S_MERGE_SELECT -->{L_SELECT_TOPICS_FROM}<!-- ELSEIF S_IN_MCP -->{L_MODERATE_FORUM}<!-- ELSE -->{L_JUMP_TO}<!-- ENDIF -->" class="button button-secondary dropdown-trigger dropdown-select"> + <span><!-- IF S_IN_MCP and S_MERGE_SELECT -->{L_SELECT_TOPICS_FROM}<!-- ELSEIF S_IN_MCP -->{L_MODERATE_FORUM}<!-- ELSE -->{L_JUMP_TO}<!-- ENDIF --></span> + <span class="caret"><i class="icon fa-sort-down fa-fw" aria-hidden="true"></i></span> + </span> <div class="dropdown"> <div class="pointer"><div class="pointer-inner"></div></div> <ul class="dropdown-contents"> - <!-- BEGIN jumpbox_forums --> + <!-- BEGIN jumpbox_forums --> <!-- IF jumpbox_forums.FORUM_ID neq -1 --> - <li><a href="{jumpbox_forums.LINK}" class="<!-- IF jumpbox_forums.level -->jumpbox-sub-link<!-- ELSEIF jumpbox_forums.S_IS_CAT -->jumpbox-cat-link<!-- ELSE -->jumpbox-forum-link<!-- ENDIF -->"><!-- BEGIN level --><span class="spacer"></span><!-- END level --> <span><!-- IF jumpbox_forums.level --> ↳ <!-- ENDIF --> {jumpbox_forums.FORUM_NAME}</span></a></li> + <li><a href="{jumpbox_forums.LINK}" class="<!-- IF jumpbox_forums.level -->jumpbox-sub-link<!-- ELSEIF jumpbox_forums.S_IS_CAT -->jumpbox-cat-link<!-- ELSE -->jumpbox-forum-link<!-- ENDIF -->"><!-- BEGIN level --><span class="spacer"></span><!-- END level --> <span><!-- IF jumpbox_forums.level --> ↳ <!-- ENDIF --> {jumpbox_forums.FORUM_NAME}</span></a></li> <!-- ENDIF --> - <!-- END jumpbox_forums --> + <!-- END jumpbox_forums --> </ul> </div> </div> -<!-- ELSE --> - <br /><br /> -<!-- ENDIF --> + <!-- ELSE --> + </br></br> + <!-- ENDIF --> +</div> diff --git a/phpBB/styles/prosilver/theme/common.css b/phpBB/styles/prosilver/theme/common.css index 8368fc158c..ee585e6abf 100644 --- a/phpBB/styles/prosilver/theme/common.css +++ b/phpBB/styles/prosilver/theme/common.css @@ -88,7 +88,9 @@ p.right { } p.jumpbox-return { - margin-top: 1em; + margin-top: 10px; + margin-bottom: 0; + float: left; } b, strong { diff --git a/tests/mock/request.php b/tests/mock/request.php index e7217a94a9..6a32ba0cf1 100644 --- a/tests/mock/request.php +++ b/tests/mock/request.php @@ -34,6 +34,11 @@ class phpbb_mock_request implements \phpbb\request\request_interface $this->data[$super_global][$var_name] = $value; } + public function raw_variable($var_name, $default, $super_global = \phpbb\request\request_interface::REQUEST) + { + return $this->variable($var_name, $default, true, $super_global); + } + public function variable($var_name, $default, $multibyte = false, $super_global = \phpbb\request\request_interface::REQUEST) { return isset($this->data[$super_global][$var_name]) ? $this->data[$super_global][$var_name] : $default; |