diff options
| -rw-r--r-- | .gitignore | 2 | ||||
| -rw-r--r-- | build/webpi/parameters.xml | 4 | ||||
| -rwxr-xr-x | git-tools/hooks/pre-commit | 9 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_attachments.php | 9 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_board.php | 4 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_database.php | 1 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_forums.php | 7 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_profile.php | 1 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_reasons.php | 1 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_users.php | 29 | ||||
| -rw-r--r-- | phpBB/includes/db/postgres.php | 9 | ||||
| -rw-r--r-- | phpBB/includes/functions.php | 23 | ||||
| -rw-r--r-- | phpBB/includes/functions_profile_fields.php | 1 | ||||
| -rw-r--r-- | phpBB/includes/functions_upload.php | 25 | ||||
| -rw-r--r-- | phpBB/includes/message_parser.php | 2 | ||||
| -rw-r--r-- | phpBB/install/database_update.php | 41 | ||||
| -rw-r--r-- | phpBB/language/en/acp/attachments.php | 12 | ||||
| -rw-r--r-- | phpBB/language/en/install.php | 12 | ||||
| -rw-r--r-- | phpBB/search.php | 1 | ||||
| -rw-r--r-- | phpBB/web.config | 27 |
20 files changed, 177 insertions, 43 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000000..3e0f454e0c --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +phpBB/cache/*.php +*~
\ No newline at end of file diff --git a/build/webpi/parameters.xml b/build/webpi/parameters.xml index 770cabf95b..994247e48e 100644 --- a/build/webpi/parameters.xml +++ b/build/webpi/parameters.xml @@ -116,12 +116,12 @@ <parameter name="Database Password" - description="Password for your phpBB database. (Minimum 4 characters)" + description="Password for your phpBB database. (Must be at least 8 characters, contain at least one lower case letter, one upper case letter and one digit)" tags="New, Password,SQL, DbUserPassword"> <parameterValidation type = "RegularExpression" - validationString = "^.{4,}$" /> + validationString = "^.*(?=.{8,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).*$" /> <parameterEntry type="TextFile" diff --git a/git-tools/hooks/pre-commit b/git-tools/hooks/pre-commit index 23ab8d6cdb..9719b91746 100755 --- a/git-tools/hooks/pre-commit +++ b/git-tools/hooks/pre-commit @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/bin/sh # # A hook to disallow php syntax errors to be committed # by running php -l (lint) on them. It requires php-cli @@ -27,7 +27,10 @@ fi error=0 errors="" -IFS=$'\n' +# dash does not support $'\n': +# http://forum.soft32.com/linux2/Bug-409179-DASH-Settings-IFS-work-properly-ftopict70039.html +IFS=' +' # get a list of staged files for line in $(git diff-index --cached --full-index $against) do @@ -59,7 +62,7 @@ do then error=1 # Swap back in correct filenames - errors+=${result//in - on/"$filename"} + errors=$(echo "$errors"; echo "$result" |sed -e "s@in - on@in $filename on@g") fi done unset IFS diff --git a/phpBB/includes/acp/acp_attachments.php b/phpBB/includes/acp/acp_attachments.php index 25e51814c4..980558c830 100644 --- a/phpBB/includes/acp/acp_attachments.php +++ b/phpBB/includes/acp/acp_attachments.php @@ -90,6 +90,7 @@ class acp_attachments $s_assigned_groups = array(); while ($row = $db->sql_fetchrow($result)) { + $row['group_name'] = (isset($user->lang['EXT_GROUP_' . $row['group_name']])) ? $user->lang['EXT_GROUP_' . $row['group_name']] : $row['group_name']; $s_assigned_groups[$row['cat_id']][] = $row['group_name']; } $db->sql_freeresult($result); @@ -494,6 +495,10 @@ class acp_attachments $sql = 'SELECT group_id FROM ' . EXTENSION_GROUPS_TABLE . " WHERE LOWER(group_name) = '" . $db->sql_escape(utf8_strtolower($new_group_name)) . "'"; + if ($group_id) + { + $sql .= ' AND group_id <> ' . $group_id; + } $result = $db->sql_query($sql); if ($db->sql_fetchrow($result)) @@ -551,6 +556,7 @@ class acp_attachments $group_id = $db->sql_nextid(); } + $group_name = (isset($user->lang['EXT_GROUP_' . $group_name])) ? $user->lang['EXT_GROUP_' . $group_name] : $group_name; add_log('admin', 'LOG_ATTACH_EXTGROUP_' . strtoupper($action), $group_name); } @@ -858,7 +864,7 @@ class acp_attachments 'U_EDIT' => $this->u_action . "&action=edit&g={$row['group_id']}", 'U_DELETE' => $this->u_action . "&action=delete&g={$row['group_id']}", - 'GROUP_NAME' => $row['group_name'], + 'GROUP_NAME' => (isset($user->lang['EXT_GROUP_' . $row['group_name']])) ? $user->lang['EXT_GROUP_' . $row['group_name']] : $row['group_name'], 'CATEGORY' => $cat_lang[$row['cat_id']], ) ); @@ -1118,6 +1124,7 @@ class acp_attachments $group_name = array(); while ($row = $db->sql_fetchrow($result)) { + $row['group_name'] = (isset($user->lang['EXT_GROUP_' . $row['group_name']])) ? $user->lang['EXT_GROUP_' . $row['group_name']] : $row['group_name']; $group_name[] = $row; } $db->sql_freeresult($result); diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index a5feac1902..7680d8996c 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -888,8 +888,8 @@ class acp_board $old_tz = $user->timezone; $old_dst = $user->dst; - $user->timezone = $config['board_timezone']; - $user->dst = $config['board_dst']; + $user->timezone = $config['board_timezone'] * 3600; + $user->dst = $config['board_dst'] * 3600; $dateformat_options = ''; diff --git a/phpBB/includes/acp/acp_database.php b/phpBB/includes/acp/acp_database.php index abfad2b90b..0582d6204e 100644 --- a/phpBB/includes/acp/acp_database.php +++ b/phpBB/includes/acp/acp_database.php @@ -394,6 +394,7 @@ class acp_database case 'mssql': case 'mssql_odbc': + case 'mssqlnative': while (($sql = $fgetd($fp, "GO\n", $read, $seek, $eof)) !== false) { $db->sql_query($sql); diff --git a/phpBB/includes/acp/acp_forums.php b/phpBB/includes/acp/acp_forums.php index 5a5adc57ae..54bf905374 100644 --- a/phpBB/includes/acp/acp_forums.php +++ b/phpBB/includes/acp/acp_forums.php @@ -1705,6 +1705,9 @@ class acp_forums ) ); + // Amount of rows we select and delete in one iteration. + $batch_size = 500; + foreach ($tables_ary as $field => $tables) { $start = 0; @@ -1714,7 +1717,7 @@ class acp_forums $sql = "SELECT $field FROM " . POSTS_TABLE . ' WHERE forum_id = ' . $forum_id; - $result = $db->sql_query_limit($sql, 500, $start); + $result = $db->sql_query_limit($sql, $batch_size, $start); $ids = array(); while ($row = $db->sql_fetchrow($result)) @@ -1733,7 +1736,7 @@ class acp_forums } } } - while ($row); + while (sizeof($ids) == $batch_size); } unset($ids); diff --git a/phpBB/includes/acp/acp_profile.php b/phpBB/includes/acp/acp_profile.php index fc08c7e8e8..2288a0728b 100644 --- a/phpBB/includes/acp/acp_profile.php +++ b/phpBB/includes/acp/acp_profile.php @@ -1480,6 +1480,7 @@ class acp_profile case 'mssql': case 'mssql_odbc': + case 'mssqlnative': // We are defining the biggest common value, because of the possibility to edit the min/max values of each field. $sql = 'ALTER TABLE [' . PROFILE_FIELDS_DATA_TABLE . "] ADD [$field_ident] "; diff --git a/phpBB/includes/acp/acp_reasons.php b/phpBB/includes/acp/acp_reasons.php index 8d7bc88769..dbc9fcb6cc 100644 --- a/phpBB/includes/acp/acp_reasons.php +++ b/phpBB/includes/acp/acp_reasons.php @@ -233,6 +233,7 @@ class acp_reasons // Standard? What's that? case 'mssql': case 'mssql_odbc': + case 'mssqlnative': // Change the reports using this reason to 'other' $sql = "DECLARE @ptrval binary(16) diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index 4905840e02..bd64f1e89e 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -105,7 +105,7 @@ class acp_users LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id) WHERE u.user_id = ' . $user_id . ' ORDER BY s.session_time DESC'; - $result = $db->sql_query($sql); + $result = $db->sql_query_limit($sql, 1); $user_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); @@ -1550,6 +1550,31 @@ class acp_users WHERE user_id = $user_id"; $db->sql_query($sql); + // Check if user has an active session + if ($user_row['session_id']) + { + // We'll update the session if user_allow_viewonline has changed and the user is a bot + // Or if it's a regular user and the admin set it to hide the session + if ($user_row['user_allow_viewonline'] != $sql_ary['user_allow_viewonline'] && $user_row['user_type'] == USER_IGNORE + || $user_row['user_allow_viewonline'] && !$sql_ary['user_allow_viewonline']) + { + // We also need to check if the user has the permission to cloak. + $user_auth = new auth(); + $user_auth->acl($user_row); + + $session_sql_ary = array( + 'session_viewonline' => ($user_auth->acl_get('u_hideonline')) ? $sql_ary['user_allow_viewonline'] : true, + ); + + $sql = 'UPDATE ' . SESSIONS_TABLE . ' + SET ' . $db->sql_build_array('UPDATE', $session_sql_ary) . " + WHERE session_user_id = $user_id"; + $db->sql_query($sql); + + unset($user_auth); + } + } + trigger_error($user->lang['USER_PREFS_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); } @@ -2084,7 +2109,7 @@ class acp_users LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id) WHERE u.user_id = ' . $user_id . ' ORDER BY s.session_time DESC'; - $result = $db->sql_query($sql); + $result = $db->sql_query_limit($sql, 1); $user_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); } diff --git a/phpBB/includes/db/postgres.php b/phpBB/includes/db/postgres.php index d117e8c948..b3139b3d79 100644 --- a/phpBB/includes/db/postgres.php +++ b/phpBB/includes/db/postgres.php @@ -76,7 +76,14 @@ class dbal_postgres extends dbal $this->persistency = $persistency; - $this->db_connect_id = ($this->persistency) ? @pg_pconnect($connect_string, $new_link) : @pg_connect($connect_string, $new_link); + if ($this->persistency) + { + $this->db_connect_id = (!$new_link) ? @pg_pconnect($connect_string) : @pg_pconnect($connect_string, PGSQL_CONNECT_FORCE_NEW); + } + else + { + $this->db_connect_id = (!$new_link) ? @pg_connect($connect_string) : @pg_connect($connect_string, PGSQL_CONNECT_FORCE_NEW); + } if ($this->db_connect_id) { diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 4f52c7c2ce..36f5093e1f 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -175,11 +175,8 @@ function set_config_count($config_name, $increment, $is_dynamic = false) switch ($db->sql_layer) { case 'firebird': - $sql_update = 'CAST(CAST(config_value as integer) + ' . (int) $increment . ' as VARCHAR(255))'; - break; - case 'postgres': - $sql_update = 'int4(config_value) + ' . (int) $increment; + $sql_update = 'CAST(CAST(config_value as DECIMAL(255, 0)) + ' . (int) $increment . ' as VARCHAR(255))'; break; // MySQL, SQlite, mssql, mssql_odbc, oracle @@ -3409,13 +3406,14 @@ function phpbb_checkdnsrr($host, $type = '') { $type = (!$type) ? 'MX' : $type; - if (DIRECTORY_SEPARATOR == '\\') + // Call checkdnsrr() if available. This is also the case on Windows with PHP 5.3 or later. + if (function_exists('checkdnsrr')) + { + // The dot indicates to search the DNS root (helps those having DNS prefixes on the same domain) + return checkdnsrr($host . '.', $type); + } + else if (DIRECTORY_SEPARATOR == '\\' && function_exists('exec')) { - if (!function_exists('exec')) - { - return NULL; - } - // @exec('nslookup -retry=1 -timout=1 -type=' . escapeshellarg($type) . ' ' . escapeshellarg($host), $output); @exec('nslookup -type=' . escapeshellarg($type) . ' ' . escapeshellarg($host) . '.', $output); @@ -3441,11 +3439,6 @@ function phpbb_checkdnsrr($host, $type = '') return false; } - else if (function_exists('checkdnsrr')) - { - // The dot indicates to search the DNS root (helps those having DNS prefixes on the same domain) - return (checkdnsrr($host . '.', $type)) ? true : false; - } return NULL; } diff --git a/phpBB/includes/functions_profile_fields.php b/phpBB/includes/functions_profile_fields.php index 61e3587158..fa1cc98e10 100644 --- a/phpBB/includes/functions_profile_fields.php +++ b/phpBB/includes/functions_profile_fields.php @@ -366,6 +366,7 @@ class custom_profile case 'sqlite': case 'mssql': case 'mssql_odbc': + case 'mssqlnative': $right_delim = ']'; $left_delim = '['; break; diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index 054af29045..51fed45ebd 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -775,7 +775,18 @@ class fileupload { if ($get_info) { - $data .= @fread($fsock, 1024); + $block = @fread($fsock, 1024); + $filesize += strlen($block); + + if ($this->max_filesize && $filesize > $this->max_filesize) + { + $max_filesize = get_formatted_filesize($this->max_filesize, false); + + $file = new fileerror(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit'])); + return $file; + } + + $data .= $block; } else { @@ -791,6 +802,18 @@ class fileupload { $upload_ary['type'] = rtrim(str_replace('content-type: ', '', strtolower($line))); } + else if ($this->max_filesize && stripos($line, 'content-length: ') !== false) + { + $length = (int) str_replace('content-length: ', '', strtolower($line)); + + if ($length && $length > $this->max_filesize) + { + $max_filesize = get_formatted_filesize($this->max_filesize, false); + + $file = new fileerror(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit'])); + return $file; + } + } else if (stripos($line, '404 not found') !== false) { $file = new fileerror($user->lang[$this->error_prefix . 'URL_NOT_FOUND']); diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index 50aad8588a..952b55cc8c 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -300,7 +300,7 @@ class bbcode_firstpass extends bbcode if ($config['max_' . $this->mode . '_img_height'] || $config['max_' . $this->mode . '_img_width']) { - $stats = @getimagesize($in); + $stats = @getimagesize(htmlspecialchars_decode($in)); if ($stats === false) { diff --git a/phpBB/install/database_update.php b/phpBB/install/database_update.php index 7af0c86314..47d261dc46 100644 --- a/phpBB/install/database_update.php +++ b/phpBB/install/database_update.php @@ -913,6 +913,8 @@ function database_update_info() '3.0.7-RC2' => array(), // No changes from 3.0.7 to 3.0.7-PL1 '3.0.7' => array(), + // No changes from 3.0.7-PL1 to 3.0.8-RC1 + '3.0.7-PL1' => array(), ); } @@ -923,7 +925,7 @@ function database_update_info() *****************************************************************************/ function change_database_data(&$no_updates, $version) { - global $db, $errored, $error_ary, $config, $phpbb_root_path, $phpEx; + global $db, $errored, $error_ary, $config, $phpbb_root_path, $phpEx, $user; switch ($version) { @@ -1648,6 +1650,43 @@ function change_database_data(&$no_updates, $version) // No changes from 3.0.7 to 3.0.7-PL1 case '3.0.7': break; + + // Changes from 3.0.7-PL1 to 3.0.8-RC1 + case '3.0.7-PL1': + $user->add_lang('acp/attachments'); + $extension_groups = array( + $user->lang['EXT_GROUP_ARCHIVES'] => 'ARCHIVES', + $user->lang['EXT_GROUP_DOCUMENTS'] => 'DOCUMENTS', + $user->lang['EXT_GROUP_DOWNLOADABLE_FILES'] => 'DOWNLOADABLE_FILES', + $user->lang['EXT_GROUP_FLASH_FILES'] => 'FLASH_FILES', + $user->lang['EXT_GROUP_IMAGES'] => 'IMAGES', + $user->lang['EXT_GROUP_PLAIN_TEXT'] => 'PLAIN_TEXT', + $user->lang['EXT_GROUP_QUICKTIME_MEDIA'] => 'QUICKTIME_MEDIA', + $user->lang['EXT_GROUP_REAL_MEDIA'] => 'REAL_MEDIA', + $user->lang['EXT_GROUP_WINDOWS_MEDIA'] => 'WINDOWS_MEDIA', + ); + + $sql = 'SELECT group_id, group_name + FROM ' . EXTENSION_GROUPS_TABLE; + $result = $db->sql_query($sql); + + while ($row = $db->sql_fetchrow($result)) + { + if (isset($extension_groups[$row['group_name']])) + { + $sql_ary = array( + 'group_name' => $extension_groups[$row['group_name']], + ); + $sql = 'UPDATE ' . EXTENSION_GROUPS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' + WHERE group_id = ' . (int) $row['group_id']; + _sql($sql, $errored, $error_ary); + } + } + $db->sql_freeresult($result); + + + $no_updates = false; + break; } } diff --git a/phpBB/language/en/acp/attachments.php b/phpBB/language/en/acp/attachments.php index f6369b6739..1821b8c867 100644 --- a/phpBB/language/en/acp/attachments.php +++ b/phpBB/language/en/acp/attachments.php @@ -85,7 +85,7 @@ $lang = array_merge($lang, array( 'DISPLAY_INLINED_EXPLAIN' => 'If set to No image attachments will show as a link.', 'DISPLAY_ORDER' => 'Attachment display order', 'DISPLAY_ORDER_EXPLAIN' => 'Display attachments ordered by time.', - + 'EDIT_EXTENSION_GROUP' => 'Edit extension group', 'EXCLUDE_ENTERED_IP' => 'Enable this to exclude the entered IP/hostname.', 'EXCLUDE_FROM_ALLOWED_IP' => 'Exclude IP from allowed IPs/hostnames', @@ -97,6 +97,16 @@ $lang = array_merge($lang, array( 'EXTENSION_GROUP_DELETED' => 'Extension group successfully deleted.', 'EXTENSION_GROUP_EXIST' => 'The extension group %s already exists.', + 'EXT_GROUP_ARCHIVES' => 'Archives', + 'EXT_GROUP_DOCUMENTS' => 'Documents', + 'EXT_GROUP_DOWNLOADABLE_FILES' => 'Downloadable Files', + 'EXT_GROUP_FLASH_FILES' => 'Flash Files', + 'EXT_GROUP_IMAGES' => 'Images', + 'EXT_GROUP_PLAIN_TEXT' => 'Plain Text', + 'EXT_GROUP_QUICKTIME_MEDIA' => 'Quicktime Media', + 'EXT_GROUP_REAL_MEDIA' => 'Real Media', + 'EXT_GROUP_WINDOWS_MEDIA' => 'Windows Media', + 'GO_TO_EXTENSIONS' => 'Go to extension management screen', 'GROUP_NAME' => 'Group name', diff --git a/phpBB/language/en/install.php b/phpBB/language/en/install.php index 1c27e2f40d..4e58de8d90 100644 --- a/phpBB/language/en/install.php +++ b/phpBB/language/en/install.php @@ -128,7 +128,7 @@ $lang = array_merge($lang, array( 'DB_ERR_QUERY_FIRST_TABLE' => 'Error while executing <var>query_first</var>, %s (“%s”).', 'DB_ERR_SELECT' => 'Error while running <code>SELECT</code> query.', 'DB_HOST' => 'Database server hostname or DSN', - 'DB_HOST_EXPLAIN' => 'DSN stands for Data Source Name and is relevant only for ODBC installs.', + 'DB_HOST_EXPLAIN' => 'DSN stands for Data Source Name and is relevant only for ODBC installs. On PostgreSQL, use localhost to connect to the local server via UNIX domain socket and 127.0.0.1 to connect via TCP.', 'DB_NAME' => 'Database name', 'DB_PASSWORD' => 'Database password', 'DB_PORT' => 'Database server port', @@ -586,16 +586,6 @@ $lang = array_merge($lang, array( 'DEFAULT_INSTALL_POST' => 'This is an example post in your phpBB3 installation. Everything seems to be working. You may delete this post if you like and continue to set up your board. During the installation process your first category and your first forum are assigned an appropriate set of permissions for the predefined usergroups administrators, bots, global moderators, guests, registered users and registered COPPA users. If you also choose to delete your first category and your first forum, do not forget to assign permissions for all these usergroups for all new categories and forums you create. It is recommended to rename your first category and your first forum and copy permissions from these while creating new categories and forums. Have fun!', - 'EXT_GROUP_ARCHIVES' => 'Archives', - 'EXT_GROUP_DOCUMENTS' => 'Documents', - 'EXT_GROUP_DOWNLOADABLE_FILES' => 'Downloadable Files', - 'EXT_GROUP_FLASH_FILES' => 'Flash Files', - 'EXT_GROUP_IMAGES' => 'Images', - 'EXT_GROUP_PLAIN_TEXT' => 'Plain Text', - 'EXT_GROUP_QUICKTIME_MEDIA' => 'Quicktime Media', - 'EXT_GROUP_REAL_MEDIA' => 'Real Media', - 'EXT_GROUP_WINDOWS_MEDIA' => 'Windows Media', - 'FORUMS_FIRST_CATEGORY' => 'Your first category', 'FORUMS_TEST_FORUM_DESC' => 'Description of your first forum.', 'FORUMS_TEST_FORUM_TITLE' => 'Your first forum', diff --git a/phpBB/search.php b/phpBB/search.php index ab2221a96e..7a9ab82f93 100644 --- a/phpBB/search.php +++ b/phpBB/search.php @@ -1155,6 +1155,7 @@ if ($auth->acl_get('a_search')) case 'mssql': case 'mssql_odbc': + case 'mssqlnative': $sql = 'SELECT search_time, search_keywords FROM ' . SEARCH_RESULTS_TABLE . ' WHERE DATALENGTH(search_keywords) > 0 diff --git a/phpBB/web.config b/phpBB/web.config new file mode 100644 index 0000000000..128fe3c98f --- /dev/null +++ b/phpBB/web.config @@ -0,0 +1,27 @@ +<?xml version="1.0" encoding="UTF-8"?> +<configuration> + <system.webServer> + <security> + <requestFiltering> + <hiddenSegments> + <add segment="cache" /> + <add segment="files" /> + <add segment="store" /> + <add segment="config.php" /> + <add segment="common.php" /> + </hiddenSegments> + </requestFiltering> + </security> + </system.webServer> + <location path="images/avatars"> + <system.webServer> + <security> + <requestFiltering> + <hiddenSegments> + <add segment="upload" /> + </hiddenSegments> + </requestFiltering> + </security> + </system.webServer> + </location> +</configuration> |