diff options
24 files changed, 250 insertions, 425 deletions
diff --git a/phpBB/includes/db/firebird.php b/phpBB/includes/db/firebird.php index 2b3bcb251b..a31a7c3716 100644 --- a/phpBB/includes/db/firebird.php +++ b/phpBB/includes/db/firebird.php @@ -32,11 +32,10 @@ class sql_db { $this->persistency = $persistency; $this->user = $sqluser; - $this->password = $sqlpassword; $this->server = $sqlserver . (($port) ? ':' . $port : ''); $this->dbname = $database; - $this->db_connect_id = ($this->persistency) ? @ibase_pconnect($this->server . ':' . $this->dbname, $this->user, $this->password, false, false, 3) : @ibase_connect($this->server . ':' . $this->dbname, $this->user, $this->password, false, false, 3); + $this->db_connect_id = ($this->persistency) ? @ibase_pconnect($this->server . ':' . $this->dbname, $this->user, $sqlpassword, false, false, 3) : @ibase_connect($this->server . ':' . $this->dbname, $this->user, $sqlpassword, false, false, 3); return ($this->db_connect_id) ? $this->db_connect_id : $this->sql_error(''); } diff --git a/phpBB/includes/db/mssql-odbc.php b/phpBB/includes/db/mssql-odbc.php index f48e4b6428..847ae1d7a5 100644 --- a/phpBB/includes/db/mssql-odbc.php +++ b/phpBB/includes/db/mssql-odbc.php @@ -36,11 +36,10 @@ class sql_db { $this->persistency = $persistency; $this->user = $sqluser; - $this->password = $sqlpassword; $this->server = $sqlserver . (($port) ? ':' . $port : ''); $this->dbname = $database; - $this->db_connect_id = ($this->persistency) ? @odbc_pconnect($this->server, $this->user, $this->password) : @odbc_connect($this->server, $this->user, $this->password); + $this->db_connect_id = ($this->persistency) ? @odbc_pconnect($this->server, $this->user, $sqlpassword) : @odbc_connect($this->server, $this->user, $sqlpassword); return ($this->db_connect_id) ? $this->db_connect_id : $this->sql_error(''); } diff --git a/phpBB/includes/db/mssql.php b/phpBB/includes/db/mssql.php index c25eff0085..efb0d9c833 100644 --- a/phpBB/includes/db/mssql.php +++ b/phpBB/includes/db/mssql.php @@ -19,7 +19,7 @@ * ***************************************************************************/ -if(!defined("SQL_LAYER")) +if (!defined("SQL_LAYER")) { define("SQL_LAYER","mssql"); @@ -44,15 +44,14 @@ class sql_db { $this->persistency = $persistency; $this->user = $sqluser; - $this->password = $sqlpassword; $this->server = $sqlserver; $this->dbname = $database; - $this->db_connect_id = ($this->persistency) ? @mssql_pconnect($this->server, $this->user, $this->password) : @mssql_connect($this->server, $this->user, $this->password); + $this->db_connect_id = ($this->persistency) ? @mssql_pconnect($this->server, $this->user, $sqlpassword) : @mssql_connect($this->server, $this->user, $sqlpassword); - if($this->db_connect_id && $this->dbname != '') + if ($this->db_connect_id && $this->dbname != '') { - if(!@mssql_select_db($this->dbname, $this->db_connect_id)) + if (!@mssql_select_db($this->dbname, $this->db_connect_id)) { @mssql_close($this->db_connect_id); return false; @@ -77,12 +76,12 @@ class sql_db // function sql_close() { - if($this->db_connect_id) + if ($this->db_connect_id) { // // Commit any remaining transactions // - if($this->in_transaction) + if ($this->in_transaction) { @mssql_query("COMMIT", $this->db_connect_id); } @@ -132,11 +131,11 @@ class sql_db // returns something then there's a problem. This may well be a false assumption though // ... needs checking under Windows itself. // - if(preg_match("/^SELECT(.*?)(LIMIT ([0-9]+)[, ]*([0-9]+)*)?$/s", $query, $limits)) + if (preg_match("/^SELECT(.*?)(LIMIT ([0-9]+)[, ]*([0-9]+)*)?$/s", $query, $limits)) { $query = $limits[1]; - if(!empty($limits[2])) + if (!empty($limits[2])) { $row_offset = ($limits[4]) ? $limits[3] : ""; $num_rows = ($limits[4]) ? $limits[4] : $limits[3]; @@ -146,26 +145,26 @@ class sql_db $this->result = mssql_query("SELECT $query", $this->db_connect_id); - if($this->result) + if ($this->result) { $this->limit_offset[$this->result] = (!empty($row_offset)) ? $row_offset : 0; - if($row_offset > 0) + if ($row_offset > 0) { mssql_data_seek($this->result, $row_offset); } } } - else if(eregi("^INSERT ", $query)) + else if (eregi("^INSERT ", $query)) { - if(mssql_query($query, $this->db_connect_id)) + if (mssql_query($query, $this->db_connect_id)) { $this->result = time() + microtime(); $result_id = mssql_query("SELECT @@IDENTITY AS id, @@ROWCOUNT as affected", $this->db_connect_id); - if($result_id) + if ($result_id) { - if($row = mssql_fetch_array($result_id)) + if ($row = mssql_fetch_array($result_id)) { $this->next_id[$this->db_connect_id] = $row['id']; $this->affected_rows[$this->db_connect_id] = $row['affected']; @@ -175,14 +174,14 @@ class sql_db } else { - if(mssql_query($query, $this->db_connect_id)) + if (mssql_query($query, $this->db_connect_id)) { $this->result = time() + microtime(); $result_id = mssql_query("SELECT @@ROWCOUNT as affected", $this->db_connect_id); - if($result_id) + if ($result_id) { - if($row = mssql_fetch_array($result_id)) + if ($row = mssql_fetch_array($result_id)) { $this->affected_rows[$this->db_connect_id] = $row['affected']; } @@ -190,9 +189,9 @@ class sql_db } } - if(!$this->result) + if (!$this->result) { - if($this->in_transaction) + if ($this->in_transaction) { mssql_query("ROLLBACK", $this->db_connect_id); $this->in_transaction = FALSE; @@ -201,11 +200,11 @@ class sql_db return false; } - if($transaction == END_TRANSACTION && $this->in_transaction) + if ($transaction == END_TRANSACTION && $this->in_transaction) { $this->in_transaction = FALSE; - if(!@mssql_query("COMMIT", $this->db_connect_id)) + if (!@mssql_query("COMMIT", $this->db_connect_id)) { @mssql_query("ROLLBACK", $this->db_connect_id); return false; @@ -216,11 +215,11 @@ class sql_db } else { - if($transaction == END_TRANSACTION && $this->in_transaction ) + if ($transaction == END_TRANSACTION && $this->in_transaction) { $this->in_transaction = FALSE; - if(!@mssql_query("COMMIT", $this->db_connect_id)) + if (!@mssql_query("COMMIT", $this->db_connect_id)) { @mssql_query("ROLLBACK", $this->db_connect_id); return false; @@ -236,12 +235,12 @@ class sql_db // function sql_numrows($query_id = 0) { - if(!$query_id) + if (!$query_id) { $query_id = $this->result; } - if($query_id) + if ($query_id) { return (!empty($this->limit_offset[$query_id])) ? mssql_num_rows($query_id) - $this->limit_offset[$query_id] : @mssql_num_rows($query_id); } @@ -253,7 +252,7 @@ class sql_db function sql_numfields($query_id = 0) { - if(!$query_id) + if (!$query_id) { $query_id = $this->result; } @@ -263,7 +262,7 @@ class sql_db function sql_fieldname($offset, $query_id = 0) { - if(!$query_id) + if (!$query_id) { $query_id = $this->result; } @@ -273,7 +272,7 @@ class sql_db function sql_fieldtype($offset, $query_id = 0) { - if(!$query_id) + if (!$query_id) { $query_id = $this->result; } @@ -283,18 +282,18 @@ class sql_db function sql_fetchrow($query_id = 0) { - if(!$query_id) + if (!$query_id) { $query_id = $this->result; } - if($query_id) + if ($query_id) { empty($row); $row = mssql_fetch_array($query_id); - while(list($key, $value) = @each($row)) + foreach ($row as $key => $value) { $row[$key] = stripslashes($value); } @@ -309,19 +308,19 @@ class sql_db function sql_fetchrowset($query_id = 0) { - if(!$query_id) + if (!$query_id) { $query_id = $this->result; } - if($query_id) + if ($query_id) { $i = 0; - empty($rowset); + $rowset = array(); - while($row = mssql_fetch_array($query_id)) + while ($row = mssql_fetch_array($query_id)) { - while(list($key, $value) = @each($row)) + foreach ($row as $key => $value) { $rowset[$i][$key] = stripslashes($value); } @@ -338,16 +337,16 @@ class sql_db function sql_fetchfield($field, $row = -1, $query_id) { - if(!$query_id) + if (!$query_id) { $query_id = $this->result; } - if($query_id) + if ($query_id) { - if($row != -1) + if ($row != -1) { - if($this->limit_offset[$query_id] > 0) + if ($this->limit_offset[$query_id] > 0) { $result = (!empty($this->limit_offset[$query_id])) ? mssql_result($this->result, ($this->limit_offset[$query_id] + $row), $field) : false; } @@ -358,7 +357,7 @@ class sql_db } else { - if(empty($this->row[$query_id])) + if (empty($this->row[$query_id])) { $this->row[$query_id] = mssql_fetch_array($query_id); $result = stripslashes($this->row[$query_id][$field]); @@ -375,12 +374,12 @@ class sql_db function sql_rowseek($rownum, $query_id = 0) { - if(!$query_id) + if (!$query_id) { $query_id = $this->result; } - if($query_id) + if ($query_id) { return (!empty($this->limit_offset[$query_id])) ? mssql_data_seek($query_id, ($this->limit_offset[$query_id] + $rownum)) : mssql_data_seek($query_id, $rownum); } @@ -402,7 +401,7 @@ class sql_db function sql_freeresult($query_id = 0) { - if(!$query_id) + if (!$query_id) { $query_id = $this->result; } diff --git a/phpBB/includes/db/mysql.php b/phpBB/includes/db/mysql.php index aa9e6c1a39..e1780eb5e7 100644 --- a/phpBB/includes/db/mysql.php +++ b/phpBB/includes/db/mysql.php @@ -30,11 +30,10 @@ class sql_db { $this->persistency = $persistency; $this->user = $sqluser; - $this->password = $sqlpassword; $this->server = $sqlserver . (($port) ? ':' . $port : ''); $this->dbname = $database; - $this->db_connect_id = ($this->persistency) ? @mysql_pconnect($this->server, $this->user, $this->password) : @mysql_connect($this->server, $this->user, $this->password); + $this->db_connect_id = ($this->persistency) ? @mysql_pconnect($this->server, $this->user, $sqlpassword) : @mysql_connect($this->server, $this->user, $sqlpassword); if ($this->db_connect_id && $this->dbname != '') { diff --git a/phpBB/includes/db/mysql4.php b/phpBB/includes/db/mysql4.php index 22c876235b..5cf2757b60 100644 --- a/phpBB/includes/db/mysql4.php +++ b/phpBB/includes/db/mysql4.php @@ -32,11 +32,10 @@ class sql_db { $this->persistency = $persistency; $this->user = $sqluser; - $this->password = $sqlpassword; $this->server = $sqlserver . (($port) ? ':' . $port : ''); $this->dbname = $database; - $this->db_connect_id = ($this->persistency) ? @mysqli_pconnect($this->server, $this->user, $this->password) : @mysqli_connect($this->server, $this->user, $this->password); + $this->db_connect_id = ($this->persistency) ? @mysqli_pconnect($this->server, $this->user, $sqlpassword) : @mysqli_connect($this->server, $this->user, $sqlpassword); if ($this->db_connect_id && $this->dbname != '') { diff --git a/phpBB/includes/db/postgres.php b/phpBB/includes/db/postgres.php index 4eb7dd5a51..61994a4a32 100644 --- a/phpBB/includes/db/postgres.php +++ b/phpBB/includes/db/postgres.php @@ -268,7 +268,7 @@ class sql_db unset($this->row[$query_id]); $this->rownum[$query_id] = 0; - while($this->rowset = @pg_fetch_array($query_id, $this->rownum[$query_id], PGSQL_ASSOC)) + while ($this->rowset = @pg_fetch_array($query_id, $this->rownum[$query_id], PGSQL_ASSOC)) { $result[] = $this->rowset; $this->rownum[$query_id]++; diff --git a/phpBB/includes/db/sqlite.php b/phpBB/includes/db/sqlite.php index b34fded3cb..f28e0da69b 100644 --- a/phpBB/includes/db/sqlite.php +++ b/phpBB/includes/db/sqlite.php @@ -39,7 +39,6 @@ class sql_db { $this->persistency = $persistency; $this->user = $sqluser; - $this->password = $sqlpassword; $this->server = $sqlserver . (($port) ? ':' . $port : ''); $this->dbname = $database; @@ -301,15 +300,16 @@ class sql_db function sql_fetchrowset($query_id = 0) { - if(!$query_id) + if (!$query_id) { $query_id = $this->query_result; } - if($query_id) + + if ($query_id) { unset($this->rowset[$query_id]); unset($this->row[$query_id]); - while($this->rowset[$query_id] = @sqlite_fetch_array($query_id, @sqlite_ASSOC)) + while ($this->rowset[$query_id] = @sqlite_fetch_array($query_id, @sqlite_ASSOC)) { $result[] = $this->rowset[$query_id]; } @@ -323,12 +323,12 @@ class sql_db function sql_fetchfield($field, $rownum = -1, $query_id = 0) { - if(!$query_id) + if (!$query_id) { $query_id = $this->query_result; } - if($query_id) + if ($query_id) { return ($rownum > -1) ? ((@sqlite_seek($query_id, $rownum)) ? @sqlite_column($query_id, $field) : false) : @sqlite_column($query_id, $field); } diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index d887d76655..d4c4dee883 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -12,7 +12,7 @@ // ------------------------------------------------------------- -function set_var(&$result, $var, $type) +function set_var(&$result, $var, $type, $multibyte = false) { settype($var, $type); $result = $var; @@ -20,12 +20,16 @@ function set_var(&$result, $var, $type) if ($type == 'string') { $result = trim(htmlspecialchars(str_replace(array("\r\n", "\r", '\xFF'), array("\n", "\n", ' '), $result))); - $result = preg_replace("#\n{3,}#", "\n\n", $result); +// $result = preg_replace("#\n{3,}#", "\n\n", $result); $result = (STRIP) ? stripslashes($result) : $result; + if ($multibyte) + { + $result = preg_replace('#&(\#[0-9]+;)#', '&\1', $result); + } } } -function request_var($var_name, $default) +function request_var($var_name, $default, $multibyte = false) { if (!isset($_REQUEST[$var_name])) { @@ -44,18 +48,18 @@ function request_var($var_name, $default) { foreach ($v as $_k => $_v) { - set_var($var[$k][$_k], $_v, $type); + set_var($var[$k][$_k], $_v, $type, $multibyte); } } else { - set_var($var[$k], $v, $type); + set_var($var[$k], $v, $type, $multibyte); } } } else { - set_var($var, $var, $type); + set_var($var, $var, $type, $multibyte); } return $var; @@ -136,7 +140,7 @@ function generate_forum_rules(&$forum_data) $bbcode->bbcode_second_pass($forum_data['forum_rules'], $forum_data['forum_rules_bbcode_uid']); - $forum_data['forum_rules'] = smilie_text($forum_data['forum_rules'], !($forum_data['forum_rules_flags'] & 2)); + $forum_data['forum_rules'] = smiley_text($forum_data['forum_rules'], !($forum_data['forum_rules_flags'] & 2)); $forum_data['forum_rules'] = str_replace("\n", '<br />', censor_text($forum_data['forum_rules'])); unset($bbcode); } @@ -942,7 +946,7 @@ function obtain_ranks(&$ranks) } // Obtain allowed extensions -function obtain_attach_extensions(&$extensions) +function obtain_attach_extensions(&$extensions, $forum_id = false) { global $db, $cache; @@ -984,6 +988,40 @@ function obtain_attach_extensions(&$extensions) $cache->put('extensions', $extensions); } + if ($forum_id !== false) + { + $return = array(); + + foreach ($extensions['_allowed_'] as $extension => $check) + { + $allowed = false; + + if (is_array($check)) + { + // Check for private messaging + if (sizeof($check) == 1 && $check[0] == 0) + { + $allowed = true; + continue; + } + + $allowed = (!in_array($forum_id, $check)) ? false : true; + } + else + { + $allowed = ($forum_id == 0) ? false : true; + } + + if ($allowed) + { + $return['_allowed_'][$extension] = 0; + $return[$extension] = $extensions[$extension]; + } + } + + $extensions = $return; + } + return; } @@ -1313,12 +1351,12 @@ function censor_text($text) return $text; } -// Smilie processing -function smilie_text($text, $force_option = false) +// Smiley processing +function smiley_text($text, $force_option = false) { global $config, $user, $phpbb_root_path; - return ($force_option || !$config['allow_smilies'] || !$user->optionget('viewsmilies')) ? preg_replace('#<!\-\- s(.*?) \-\-><img src="\{SMILE_PATH\}\/.*? \/><!\-\- s\1 \-\->#', '\1', $text) : str_replace('<img src="{SMILE_PATH}', '<img src="' . $phpbb_root_path . $config['smilies_path'], $text); + return ($force_option || !$config['allow_smilies'] || !$user->optionget('viewsmilies')) ? preg_replace('#<!\-\- s(.*?) \-\-><img src="\{SMILIES_PATH\}\/.*? \/><!\-\- s\1 \-\->#', '\1', $text) : str_replace('<img src="{SMILIES_PATH}', '<img src="' . $phpbb_root_path . $config['smilies_path'], $text); } // Inline Attachment processing diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php index 03a89eca31..57643c8b98 100644 --- a/phpBB/includes/functions_admin.php +++ b/phpBB/includes/functions_admin.php @@ -677,16 +677,8 @@ function phpbb_unlink($filename, $mode = 'file') { global $config, $user, $phpbb_root_path; - $filename = ($mode == 'thumbnail') ? $phpbb_root_path . $config['upload_dir'] . '/thumb_' . basename($filename) : $phpbb_root_path . $config['upload_dir'] . '/' . basename($filename); - $deleted = @unlink($filename); - - if (file_exists($filename)) - { - $filesys = str_replace('/','\\', $filename); - $deleted = @system("del $filesys"); - } - - return $deleted; + $filename = ($mode == 'thumbnail') ? $phpbb_root_path . $config['upload_path'] . '/thumb_' . basename($filename) : $phpbb_root_path . $config['upload_path'] . '/' . basename($filename); + return @unlink($filename); } // All-encompasing sync function diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php index d1e7ebb325..e9cc61b5a6 100644 --- a/phpBB/includes/functions_display.php +++ b/phpBB/includes/functions_display.php @@ -98,7 +98,9 @@ function display_forums($root_data = '', $display_moderators = TRUE) $right_id = $row['right_id']; continue; } - + + + // Display active topics from this forum? if ($show_active && $row['forum_type'] == FORUM_POST && $auth->acl_get('f_read', $forum_id) && ($row['forum_flags'] & 16)) { @@ -213,6 +215,8 @@ function display_forums($root_data = '', $display_moderators = TRUE) $visible_forums++; $forum_id = $row['forum_id']; + $subforums_list = $l_subforums = ''; + // Generate list of subforums if we need to if (isset($subforums[$forum_id])) { @@ -254,9 +258,6 @@ function display_forums($root_data = '', $display_moderators = TRUE) $folder_image = 'forum_link'; break; } - - $subforums_list = ''; - $l_subforums = ''; } // Which folder should we display? @@ -535,8 +536,8 @@ function display_attachments($forum_id, $blockname, &$attachment_data, &$update_ { // Some basics... $attachment['extension'] = strtolower(trim($attachment['extension'])); - $filename = $phpbb_root_path . $config['upload_dir'] . '/' . basename($attachment['physical_filename']); - $thumbnail_filename = $phpbb_root_path . $config['upload_dir'] . '/thumb_' . basename($attachment['physical_filename']); + $filename = $phpbb_root_path . $config['upload_path'] . '/' . basename($attachment['physical_filename']); + $thumbnail_filename = $phpbb_root_path . $config['upload_path'] . '/thumb_' . basename($attachment['physical_filename']); $upload_image = ''; diff --git a/phpBB/includes/functions_messenger.php b/phpBB/includes/functions_messenger.php index 20acf11bf5..3dfc5897aa 100644 --- a/phpBB/includes/functions_messenger.php +++ b/phpBB/includes/functions_messenger.php @@ -830,6 +830,7 @@ function smtpmail($addresses, $subject, $message, &$err_msg, $encoding, $headers // SMTP Class // Auth Mechanisms originally taken from the AUTH Modules found within the PHP Extension and Application Repository (PEAR) +// See docs/AUTHORS for more details class smtp_class { var $server_response = ''; diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index 8e3851e86c..8d744cdcc9 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -35,7 +35,7 @@ function generate_smilies($mode, $forum_id) $user->setup('posting'); } - page_header($user->lang['EMOTICONS']); + page_header($user->lang['SMILIES']); $template->set_filenames(array( 'body' => 'posting_smilies.html') @@ -45,7 +45,7 @@ function generate_smilies($mode, $forum_id) $display_link = false; if ($mode == 'inline') { - $sql = 'SELECT smile_id + $sql = 'SELECT smiley_id FROM ' . SMILIES_TABLE . ' WHERE display_on_posting = 0'; $result = $db->sql_query_limit($sql, 1, 0, 3600); @@ -60,18 +60,18 @@ function generate_smilies($mode, $forum_id) $sql = 'SELECT * FROM ' . SMILIES_TABLE . (($mode == 'inline') ? ' WHERE display_on_posting = 1 ' : '') . ' - GROUP BY smile_url - ORDER BY smile_order'; + GROUP BY smiley_url + ORDER BY smiley_order'; $result = $db->sql_query($sql, 3600); while ($row = $db->sql_fetchrow($result)) { - $template->assign_block_vars('emoticon', array( + $template->assign_block_vars('smiley', array( 'SMILEY_CODE' => $row['code'], - 'SMILEY_IMG' => $phpbb_root_path . $config['smilies_path'] . '/' . $row['smile_url'], - 'SMILEY_WIDTH' => $row['smile_width'], - 'SMILEY_HEIGHT' => $row['smile_height'], - 'SMILEY_DESC' => $row['emoticon']) + 'SMILEY_IMG' => $phpbb_root_path . $config['smilies_path'] . '/' . $row['smiley_url'], + 'SMILEY_WIDTH' => $row['smiley_width'], + 'SMILEY_HEIGHT' => $row['smiley_height'], + 'SMILEY_DESC' => $row['smiley']) ); } $db->sql_freeresult($result); @@ -79,7 +79,7 @@ function generate_smilies($mode, $forum_id) if ($mode == 'inline' && $display_link) { $template->assign_vars(array( - 'S_SHOW_EMOTICON_LINK' => true, + 'S_SHOW_SMILEY_LINK' => true, 'U_MORE_SMILIES' => $phpbb_root_path . "posting.$phpEx$SID&mode=smilies&f=$forum_id") ); } @@ -134,226 +134,120 @@ function update_last_post_information($type, $id) } // Upload Attachment - filedata is generated here -function upload_attachment($forum_id, $filename, $local = false, $local_storage = '', $is_message = false) +function upload_attachment($form_name, $forum_id, $local = false, $local_storage = '', $is_message = false) { global $auth, $user, $config, $db, $phpbb_root_path; $filedata = array(); $filedata['error'] = array(); - $filedata['post_attach'] = ($filename) ? true : false; + + include_once($phpbb_root_path . 'includes/functions_upload.php'); + $upload = new fileupload(); + + $filedata['post_attach'] = ($upload->is_valid($form_name)) ? true : false; if (!$filedata['post_attach']) { return $filedata; } - $r_file = trim(basename($filename)); - $file = (!$local) ? $_FILES['fileupload']['tmp_name'] : $local_storage; - $filedata['mimetype'] = (!$local) ? $_FILES['fileupload']['type'] : 'application/octet-stream'; - - // Opera adds the name to the mime type - $filedata['mimetype'] = (strpos($filedata['mimetype'], '; name') !== false) ? str_replace(strstr($filedata['mimetype'], '; name'), '', $filedata['mimetype']) : $filedata['mimetype']; - $filedata['extension'] = array_pop(explode('.', strtolower($filename))); - $filedata['filesize'] = (!@filesize($file)) ? (int) $_FILES['size'] : @filesize($file); - $extensions = array(); - obtain_attach_extensions($extensions); - - // Check Extension - if (!extension_allowed($forum_id, $filedata['extension'], $extensions)) - { - $filedata['error'][] = sprintf($user->lang['DISALLOWED_EXTENSION'], $filedata['extension']); - $filedata['post_attach'] = false; - return $filedata; - } + obtain_attach_extensions($extensions, $forum_id); - $cfg = array(); - $cfg['max_filesize'] = ($is_message) ? $config['max_filesize_pm'] : $config['max_filesize']; + $upload->set_allowed_extensions(array_keys($extensions['_allowed_'])); - $allowed_filesize = ($extensions[$filedata['extension']]['max_filesize'] != 0) ? $extensions[$filedata['extension']]['max_filesize'] : $cfg['max_filesize']; - $cat_id = $extensions[$filedata['extension']]['display_cat']; - - // check Filename - if (preg_match("#[\\/:*?\"<>|]#i", $filename)) - { - $filedata['error'][] = sprintf($user->lang['INVALID_FILENAME'], $filename); - $filedata['post_attach'] = false; - return $filedata; - } - - // check php upload-size - if ($file == 'none') + if ($local) { - $filedata['error'][] = (@ini_get('upload_max_filesize') == '') ? $user->lang['ATTACHMENT_PHP_SIZE_NA'] : sprintf($user->lang['ATTACHMENT_PHP_SIZE_OVERRUN'], @ini_get('upload_max_filesize')); - $filedata['post_attach'] = false; - return $filedata; + $file = $upload->local_upload($local_storage); } - - $filedata['thumbnail'] = 0; - - // Prepare Values - $filedata['filetime'] = time(); - $filedata['filename'] = stripslashes($r_file); - - $filedata['destination_filename'] = strtolower($filedata['filename']); - $filedata['destination_filename'] = $user->data['user_id'] . '_' . $filedata['filetime'] . '.' . $filedata['extension']; - - $filedata['filename'] = str_replace("'", "\'", $filedata['filename']); - - // Do we have to create a thumbnail? - if ($cat_id == ATTACHMENT_CATEGORY_IMAGE && $config['img_create_thumbnail']) + else { - $filedata['thumbnail'] = 1; + $file = $upload->form_upload($form_name); } - // Descide the Upload method - $upload_mode = (@ini_get('open_basedir') || @ini_get('safe_mode')) ? 'move' : 'copy'; - $upload_mode = ($local) ? 'local' : $upload_mode; - - // Ok, upload the File - $result = move_uploaded_attachment($upload_mode, $file, $filedata); - - if ($result) + if ($file->init_error) { - $filedata['error'][] = $result; $filedata['post_attach'] = false; - return $filedata; } - $file = (!$local) ? $phpbb_root_path . $config['upload_dir'] . '/' . $filedata['destination_filename'] : $local_storage; + $cat_id = (isset($extensions[$file->get('extension')]['display_cat'])) ? $extensions[$file->get('extension')]['display_cat'] : ATTACHMENT_CATEGORY_NONE; - if (!$filedata['filesize']) - { - $filedata['filesize'] = @filesize($file); - } + // Do we have to create a thumbnail? + $filedata['thumbnail'] = ($cat_id == ATTACHMENT_CATEGORY_IMAGE && $config['img_create_thumbnail']) ? 1 : 0; // Check Image Size, if it is an image if (!$auth->acl_gets('m_', 'a_') && $cat_id == ATTACHMENT_CATEGORY_IMAGE) { - list($width, $height) = getimagesize($file); - - if ($width != 0 && $height != 0 && $config['img_max_width'] && $config['img_max_height']) - { - if ($width > $config['img_max_width'] || $height > $config['img_max_height']) - { - $filedata['error'][] = sprintf($user->lang['ERROR_IMAGESIZE'], $config['img_max_width'], $config['img_max_height']); - $filedata['post_attach'] = false; - - phpbb_unlink($filedata['destination_filename']); - phpbb_unlink($filedata['destination_filename'], 'thumbnail'); - - return $filedata; - } - } + $file->upload->set_allowed_dimensions(0, 0, $config['img_max_width'], $config['img_max_height']); } - // check Filesize - if ($allowed_filesize && $filedata['filesize'] > $allowed_filesize && !$auth->acl_gets('m_', 'a_')) + if (!$auth->acl_gets('a_', 'm_')) { - $size_lang = ($allowed_filesize >= 1048576) ? $user->lang['MB'] : ( ($allowed_filesize >= 1024) ? $user->lang['KB'] : $user->lang['BYTES'] ); - - $allowed_filesize = ($allowed_filesize >= 1048576) ? round($allowed_filesize / 1048576 * 100) / 100 : (($allowed_filesize >= 1024) ? round($allowed_filesize / 1024 * 100) / 100 : $allowed_filesize); - - $filedata['error'][] = sprintf($user->lang['ATTACHMENT_TOO_BIG'], $allowed_filesize, $size_lang); + $allowed_filesize = ($extensions[$file->get('extension')]['max_filesize'] != 0) ? $extensions[$file->get('extension')]['max_filesize'] : (($is_message) ? $config['max_filesize_pm'] : $config['max_filesize']); + $file->upload->set_max_filesize($allowed_filesize); + } + + $file->clean_filename('unique', $user->data['user_id'] . '_'); + $file->move_file($config['upload_path']); + + if (sizeof($file->error)) + { + $file->remove(); + $filedata['error'] = array_merge($filedata['error'], $file->error); $filedata['post_attach'] = false; - phpbb_unlink($filedata['destination_filename']); - phpbb_unlink($filedata['destination_filename'], 'thumbnail'); - return $filedata; } + $filedata['filesize'] = $file->get('filesize'); + $filedata['mimetype'] = $file->get('mimetype'); + $filedata['extension'] = $file->get('extension'); + $filedata['physical_filename'] = $file->get('realname'); + $filedata['real_filename'] = $file->get('uploadname'); + $filedata['filetime'] = time(); + // Check our complete quota if ($config['attachment_quota']) { - if ($config['upload_dir_size'] + $filedata['filesize'] > $config['attachment_quota']) + if ($config['upload_dir_size'] + $file->get('filesize') > $config['attachment_quota']) { $filedata['error'][] = $user->lang['ATTACH_QUOTA_REACHED']; $filedata['post_attach'] = false; - phpbb_unlink($filedata['destination_filename']); - phpbb_unlink($filedata['destination_filename'], 'thumbnail'); + $file->remove(); return $filedata; } } // TODO - Check Free Disk Space - need testing under windows - if ($free_space = disk_free_space($phpbb_root_path . $config['upload_dir'])) + if ($free_space = disk_free_space($phpbb_root_path . $config['upload_path'])) { - if ($free_space <= $filedata['filesize']) + if ($free_space <= $file->get('filesize')) { $filedata['error'][] = $user->lang['ATTACH_QUOTA_REACHED']; $filedata['post_attach'] = false; - phpbb_unlink($filedata['destination_filename']); - phpbb_unlink($filedata['destination_filename'], 'thumbnail'); + $file->remove(); return $filedata; } } - return $filedata; -} - -// Move/Upload File - could be used for Avatars too? -function move_uploaded_attachment($upload_mode, $source_filename, &$filedata) -{ - global $user, $config, $phpbb_root_path; - - $destination_filename = $filedata['destination_filename']; - $thumbnail = (isset($filedata['thumbnail'])) ? $filedata['thumbnail'] : false; - - switch ($upload_mode) - { - case 'copy': - if (!@copy($source_filename, $phpbb_root_path . $config['upload_dir'] . '/' . $destination_filename)) - { - if (!@move_uploaded_file($source_filename, $phpbb_root_path . $config['upload_dir'] . '/' . $destination_filename)) - { - return sprintf($user->lang['GENERAL_UPLOAD_ERROR'], $phpbb_root_path . $config['upload_dir'] . '/' . $destination_filename); - } - } - @chmod($phpbb_root_path . $config['upload_dir'] . '/' . $destination_filename, 0666); - break; - - case 'move': - if (!@move_uploaded_file($source_filename, $phpbb_root_path . $config['upload_dir'] . '/' . $destination_filename)) - { - if (!@copy($source_filename, $phpbb_root_path . $config['upload_dir'] . '/' . $destination_filename)) - { - return sprintf($user->lang['GENERAL_UPLOAD_ERROR'], $phpbb_root_path . $config['upload_dir'] . '/' . $destination_filename); - } - } - @chmod($phpbb_root_path . $config['upload_dir'] . '/' . $destination_filename, 0666); - break; - - case 'local': - if (!@copy($source_filename, $phpbb_root_path . $config['upload_dir'] . '/' . $destination_filename)) - { - return sprintf($user->lang['GENERAL_UPLOAD_ERROR'], $phpbb_root_path . $config['upload_dir'] . '/' . $destination_filename); - } - @chmod($phpbb_root_path . $config['upload_dir'] . '/' . $destination_filename, 0666); - @unlink($source_filename); - break; - } - + // Create Thumbnail if ($filedata['thumbnail']) { - $source = $phpbb_root_path . $config['upload_dir'] . '/' . $destination_filename; - $destination = $phpbb_root_path . $config['upload_dir'] . '/thumb_' . $destination_filename; + $source = $file->get('destination_file'); + $destination = $file->get('destination_path') . '/thumb_' . $file->get('realname'); - if (!create_thumbnail($source, $destination, $filedata['mimetype'])) + if (!create_thumbnail($source, $destination, $file->get('mimetype'))) { - if (!create_thumbnail($source_filename, 'thumb_' . $destination_filename, $filedata['mimetype'])) - { - $filedata['thumbnail'] = 0; - } + $filedata['thumbnail'] = 0; } } - return; + return $filedata; } // Calculate the needed size for Thumbnail @@ -434,13 +328,11 @@ function get_supported_image_types($type = false) } // Create Thumbnail -function create_thumbnail($source, $new_file, $mimetype) +function create_thumbnail($source, $destination, $mimetype) { global $config; - $source = realpath($source); $min_filesize = (int) $config['img_min_thumb_filesize']; - $img_filesize = (file_exists($source)) ? @filesize($source) : false; if (!$img_filesize || $img_filesize <= $min_filesize) @@ -461,8 +353,8 @@ function create_thumbnail($source, $new_file, $mimetype) if ($config['img_imagick']) { - passthru($config['img_imagick'] . 'convert' . ((defined('PHP_OS') && preg_match('#win#i', PHP_OS)) ? '.exe' : '') . ' -quality 85 -antialias -sample ' . $new_width . 'x' . $new_height . ' "' . str_replace('\\', '/', $source) . '" +profile "*" "' . str_replace('\\', '/', $new_file) . '"'); - if (file_exists($new_file)) + passthru($config['img_imagick'] . 'convert' . ((defined('PHP_OS') && preg_match('#win#i', PHP_OS)) ? '.exe' : '') . ' -quality 85 -antialias -sample ' . $new_width . 'x' . $new_height . ' "' . str_replace('\\', '/', $source) . '" +profile "*" "' . str_replace('\\', '/', $destination) . '"'); + if (file_exists($destination)) { $used_imagick = true; } @@ -504,16 +396,16 @@ function create_thumbnail($source, $new_file, $mimetype) switch ($type['format']) { case IMG_GIF: - imagegif($new_image, $new_file); + imagegif($new_image, $destination); break; case IMG_JPG: - imagejpeg($new_image, $new_file, 90); + imagejpeg($new_image, $destination, 90); break; case IMG_PNG: - imagepng($new_image, $new_file); + imagepng($new_image, $destination); break; case IMG_WBMP: - imagewbmp($new_image, $new_file); + imagewbmp($new_image, $destination); break; } @@ -521,12 +413,12 @@ function create_thumbnail($source, $new_file, $mimetype) } } - if (!file_exists($new_file)) + if (!file_exists($destination)) { return false; } - @chmod($new_file, 0666); + @chmod($destination, 0666); return true; } @@ -546,7 +438,7 @@ function decode_message(&$message, $bbcode_uid = '') '#<!\-\- m \-\-><a href="(.*?)" target="_blank">.*?</a><!\-\- m \-\->#', '#<!\-\- w \-\-><a href="http:\/\/(.*?)" target="_blank">.*?</a><!\-\- w \-\->#', '#<!\-\- l \-\-><a href="(.*?)">.*?</a><!\-\- l \-\->#', - '#<!\-\- s(.*?) \-\-><img src="\{SMILE_PATH\}\/.*? \/><!\-\- s\1 \-\->#', + '#<!\-\- s(.*?) \-\-><img src="\{SMILIES_PATH\}\/.*? \/><!\-\- s\1 \-\->#', '#<!\-\- h \-\-><(.*?)><!\-\- h \-\->#', '#<.*?>#s' ); @@ -699,7 +591,7 @@ function posting_gen_attachment_entry(&$attachment_data, &$filename_data) $hidden .= '<input type="hidden" name="attachment_data[' . $count . '][' . $key . ']" value="' . $value . '" />'; } - $download_link = (!$attach_row['attach_id']) ? $phpbb_root_path . $config['upload_dir'] . '/' . basename($attach_row['physical_filename']) : $phpbb_root_path . "download.$phpEx$SID&id=" . intval($attach_row['attach_id']); + $download_link = (!$attach_row['attach_id']) ? $phpbb_root_path . $config['upload_path'] . '/' . basename($attach_row['physical_filename']) : $phpbb_root_path . "download.$phpEx$SID&id=" . intval($attach_row['attach_id']); $template->assign_block_vars('attach_row', array( 'FILENAME' => basename($attach_row['real_filename']), @@ -718,8 +610,7 @@ function posting_gen_attachment_entry(&$attachment_data, &$filename_data) $template->assign_vars(array( 'FILE_COMMENT' => $filename_data['filecomment'], - 'FILESIZE' => $config['max_filesize'], - 'FILENAME' => $filename_data['filename']) + 'FILESIZE' => $config['max_filesize']) ); return sizeof($attachment_data); @@ -883,7 +774,7 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id $bbcode->bbcode_second_pass($message, $row['bbcode_uid'], $row['bbcode_bitfield']); } - $message = smilie_text($message, !$row['enable_smilies']); + $message = smiley_text($message, !$row['enable_smilies']); $post_subject = censor_text($post_subject); $message = censor_text($message); diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php index 640f9550aa..cd9160ec97 100644 --- a/phpBB/includes/functions_privmsgs.php +++ b/phpBB/includes/functions_privmsgs.php @@ -940,7 +940,8 @@ function write_pm_addresses($check_ary, $author_id, $plaintext = false) { $sql = 'SELECT user_id, username, user_colour FROM ' . USERS_TABLE . ' - WHERE user_id IN (' . implode(', ', $u) . ')'; + WHERE user_id IN (' . implode(', ', $u) . ') + AND user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')'; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) @@ -1159,7 +1160,7 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr 'message_text' => $data['message'], 'message_checksum' => $data['message_md5'], 'message_encoding' => $user->lang['ENCODING'], - 'message_attachment'=> (isset($data['filename_data']['physical_filename']) && sizeof($data['filename_data']['physical_filename'])) ? 1 : 0, + 'message_attachment'=> (isset($data['filename_data']) && sizeof($data['filename_data'])) ? 1 : 0, 'bbcode_bitfield' => $data['bbcode_bitfield'], 'bbcode_uid' => $data['bbcode_uid'], 'to_address' => implode(':', $to), @@ -1180,7 +1181,7 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr 'message_text' => $data['message'], 'message_checksum' => $data['message_md5'], 'message_encoding' => $user->lang['ENCODING'], - 'message_attachment'=> (sizeof($data['filename_data']['physical_filename'])) ? 1 : 0, + 'message_attachment'=> (isset($data['filename_data']) && sizeof($data['filename_data'])) ? 1 : 0, 'bbcode_bitfield' => $data['bbcode_bitfield'], 'bbcode_uid' => $data['bbcode_uid'] ); diff --git a/phpBB/includes/functions_profile_fields.php b/phpBB/includes/functions_profile_fields.php index 10af159bd1..5a3a20e549 100644 --- a/phpBB/includes/functions_profile_fields.php +++ b/phpBB/includes/functions_profile_fields.php @@ -376,7 +376,7 @@ class custom_profile { $bbcode = new bbcode($ident_ary['data']['bbcode_bitfield']); $bbcode->bbcode_second_pass($value, $ident_ary['data']['bbcode_uid'], $ident_ary['data']['bbcode_bitfield']); - $value = smilie_text($value); + $value = smiley_text($value); $value = censor_text($value); } return str_replace("\n", '<br />', $value); diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 076d617e6b..1a49b0a5a3 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -187,6 +187,7 @@ function user_delete($mode, $user_id) { $sql = 'SELECT user_id, username FROM ' . USERS_TABLE . ' + WHERE user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ') ORDER BY user_id DESC LIMIT 1'; $result = $db->sql_query($sql); @@ -262,6 +263,7 @@ function user_active_flip($user_id, $user_type, $user_actkey = false, $username { $sql_ary['user_actkey'] = $user_actkey; } + $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " WHERE user_id = $user_id"; $db->sql_query($sql); @@ -932,126 +934,29 @@ function avatar_upload($data, &$error) { global $phpbb_root_path, $config, $db, $user; + // Init upload class + include_once($phpbb_root_path . 'includes/functions_upload.php'); + $upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height']); + if (!empty($_FILES['uploadfile']['name'])) { - $filename = $_FILES['uploadfile']['tmp_name']; - $filesize = $_FILES['uploadfile']['size']; - $realname = $_FILES['uploadfile']['name']; - - // Filesize is too big or it's 0 if it was larger than the maxsize in the upload form - if ($filesize > $config['avatar_filesize'] || $filesize == 0) - { - $error[] = sprintf($user->lang['AVATAR_WRONG_FILESIZE'], $config['avatar_filesize']); - return false; - } - - if (file_exists($filename) && preg_match('#^(.*?)\.(jpg|jpeg|gif|png)$#i', $realname, $match)) - { - $realname = $match[1]; - $filetype = $match[2]; - $php_move = 'move_uploaded_file'; - } - else - { - $error[] = $user->lang['AVATAR_NOT_UPLOADED']; - return false; - } - } - else if (preg_match('#^(http://).*?\.(jpg|jpeg|gif|png)$#i', $data['uploadurl'], $match)) - { - if (empty($match[2])) - { - $error[] = $user->lang['AVATAR_URL_INVALID']; - return false; - } - - $url = parse_url($data['uploadurl']); - - $host = $url['host']; - $path = dirname($url['path']); - $port = (!empty($url['port'])) ? $url['port'] : 80; - $filetype = array_pop(explode('.', $url['path'])); - $realname = basename($url['path'], '.' . $filetype); - $filename = $url['path']; - $filesize = 0; - - if (!($fsock = @fsockopen($host, $port, $errno, $errstr))) - { - $error[] = $user->lang['AVATAR_NOT_UPLOADED']; - return false; - } - - fputs($fsock, 'GET /' . $filename . " HTTP/1.1\r\n"); - fputs($fsock, "HOST: " . $host . "\r\n"); - fputs($fsock, "Connection: close\r\n\r\n"); - - $avatar_data = ''; - while (!feof($fsock)) - { - $avatar_data .= fread($fsock, $config['avatar_filesize']); - } - @fclose($fsock); - $avatar_data = array_pop(explode("\r\n\r\n", $avatar_data)); - - if (empty($avatar_data)) - { -// TODO: The above code to fetch images doesn't work with quite a few servers. This part needs some changes.. - $error[] = $user->lang['AVATAR_NOT_UPLOADED'] . '<br />Please try uploading the file manually.'; - return false; - } - unset($url_ary); - - $tmp_path = (!@ini_get('safe_mode')) ? false : $phpbb_root_path . 'cache'; - $filename = tempnam($tmp_path, uniqid(rand()) . '-'); - - if (!($fp = @fopen($filename, 'wb'))) - { - $error[] = $user->lang['AVATAR_NOT_UPLOADED']; - return false; - } - $filesize = fwrite($fp, $avatar_data); - fclose($fp); - unset($avatar_data); - - if (!$filesize) - { - unlink($filename); - $error[] = $user->lang['AVATAR_NOT_UPLOADED']; - return false; - } - - $php_move = 'copy'; + $file = $upload->form_upload('uploadfile'); } - - list($width, $height) = getimagesize($filename); - - if ($width > $config['avatar_max_width'] || $height > $config['avatar_max_height'] || $width < $config['avatar_min_width'] || $height < $config['avatar_min_height'] || !$width || !$height) + else { - return sprintf($user->lang['AVATAR_WRONG_SIZE'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height']); + $file = $upload->remote_upload($data['uploadurl']); } - // Replace any chars which may cause us problems with _ - $bad_chars = array(' ', '/', ':', '*', '?', '"', '<', '>', '|'); - - $realfilename = $data['user_id'] . '_' . str_replace($bad_chars, '_', $realname) . '.' . $filetype; + $file->clean_filename('real', $user->data['user_id'] . '_'); + $file->move_file($config['avatar_path']); - if (!$php_move($filename, $phpbb_root_path . $config['avatar_path'] . '/' . $realfilename)) + if (sizeof($file->error)) { - @unlink($filename); - $error[] = $user->lang['AVATAR_NOT_UPLOADED']; - return false; + $file->remove(); + $error = array_merge($error, $file->error); } - @unlink($filename); - - $filesize = @filesize($phpbb_root_path . $config['avatar_path'] . "/$realfilename"); - if (!$filesize || $filesize > $config['avatar_filesize']) - { - @unlink($phpbb_root_path . $config['avatar_path'] . "/$realfilename"); - $error[] = sprintf($user->lang['AVATAR_WRONG_FILESIZE'], $config['avatar_filesize']); - return false; - } - - return array(AVATAR_UPLOAD, $realfilename, $width, $height); + + return array(AVATAR_UPLOAD, $file->get('realname'), $file->get('width'), $file->get('height')); } function avatar_gallery($category, &$error) diff --git a/phpBB/includes/mcp/mcp_post.php b/phpBB/includes/mcp/mcp_post.php index 8f657d92f2..cb853aaef6 100644 --- a/phpBB/includes/mcp/mcp_post.php +++ b/phpBB/includes/mcp/mcp_post.php @@ -169,7 +169,7 @@ function mcp_post_details($id, $mode, $action, $url) $bbcode = new bbcode($post_info['bbcode_bitfield']); $bbcode->bbcode_second_pass($message, $post_info['bbcode_uid'], $post_info['bbcode_bitfield']); } - $message = smilie_text($message); + $message = smiley_text($message); $template->assign_vars(array( 'U_MCP_ACTION' => "$url&i=main&quickmod=1", // Use this for mode paramaters diff --git a/phpBB/includes/mcp/mcp_queue.php b/phpBB/includes/mcp/mcp_queue.php index 93d1055924..1948a9bd49 100644 --- a/phpBB/includes/mcp/mcp_queue.php +++ b/phpBB/includes/mcp/mcp_queue.php @@ -89,7 +89,7 @@ class mcp_queue extends module $bbcode = new bbcode($post_info['bbcode_bitfield']); $bbcode->bbcode_second_pass($message, $post_info['bbcode_uid'], $post_info['bbcode_bitfield']); } - $message = smilie_text($message); + $message = smiley_text($message); $template->assign_vars(array( 'S_MCP_QUEUE' => true, diff --git a/phpBB/includes/mcp/mcp_topic.php b/phpBB/includes/mcp/mcp_topic.php index 683dd0776e..48677b63aa 100644 --- a/phpBB/includes/mcp/mcp_topic.php +++ b/phpBB/includes/mcp/mcp_topic.php @@ -119,7 +119,7 @@ function mcp_topic_view($id, $mode, $action, $url) $bbcode->bbcode_second_pass($message, $row['bbcode_uid'], $row['bbcode_bitfield']); } - $message = smilie_text($message); + $message = smiley_text($message); $message = str_replace("\n", '<br />', $message); $checked = ($post_id_list && in_array(intval($row['post_id']), $post_id_list)) ? 'checked="checked" ' : ''; diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index 069dde7f09..195368dc35 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -180,7 +180,7 @@ class bbcode_firstpass extends bbcode '#<!\-\- m \-\-><a href="(.*?)" target="_blank">.*?</a><!\-\- m \-\->#', '#<!\-\- w \-\-><a href="http:\/\/(.*?)" target="_blank">.*?</a><!\-\- w \-\->#', '#<!\-\- l \-\-><a href="(.*?)">.*?</a><!\-\- l \-\->#', - '#<!\-\- s(.*?) \-\-><img src="\{SMILE_PATH\}\/.*? \/><!\-\- s\1 \-\->#', + '#<!\-\- s(.*?) \-\-><img src="\{SMILIES_PATH\}\/.*? \/><!\-\- s\1 \-\->#', '#<!\-\- h \-\-><(.*?)><!\-\- h \-\->#', ); $htm_replace = array('\1', '\1', '\1', '\1', '\1', '<\1>'); @@ -677,10 +677,10 @@ class parse_message extends bbcode_firstpass $this->html($config['allow_html_tags']); } - // Parse Emoticons + // Parse smilies if ($allow_smilies) { - $this->emoticons($config['max_' . $mode . '_smilies']); + $this->smilies($config['max_' . $mode . '_smilies']); } $num_urls = 0; @@ -756,7 +756,7 @@ class parse_message extends bbcode_firstpass $this->bbcode_second_pass($this->message, $this->bbcode_uid); } - $this->message = smilie_text($this->message, !$allow_smilies); + $this->message = smiley_text($this->message, !$allow_smilies); // Replace naughty words such as farty pants $this->message = str_replace("\n", '<br />', censor_text($this->message)); @@ -851,8 +851,8 @@ class parse_message extends bbcode_firstpass $this->message = str_replace('<&lt;', '<', $this->message); } - // Parse Emoticons - function emoticons($max_smilies = 0) + // Parse Smilies + function smilies($max_smilies = 0) { global $db, $user, $phpbb_root_path; static $match; @@ -891,7 +891,7 @@ class parse_message extends bbcode_firstpass { // (assertion) $match[] = '#(?<=^|[\n ]|\.)' . preg_quote($row['code'], '#') . '#'; - $replace[] = '<!-- s' . $row['code'] . ' --><img src="{SMILE_PATH}/' . $row['smile_url'] . '" border="0" alt="' . $row['emoticon'] . '" title="' . $row['emoticon'] . '" /><!-- s' . $row['code'] . ' -->'; + $replace[] = '<!-- s' . $row['code'] . ' --><img src="{SMILIES_PATH}/' . $row['smiley_url'] . '" border="0" alt="' . $row['smiley'] . '" title="' . $row['smiley'] . '" /><!-- s' . $row['code'] . ' -->'; } while ($row = $db->sql_fetchrow($result)); } @@ -921,17 +921,16 @@ class parse_message extends bbcode_firstpass } // Parse Attachments - function parse_attachments($mode, $post_id, $submit, $preview, $refresh, $is_message = false) + function parse_attachments($form_name, $mode, $forum_id, $submit, $preview, $refresh, $is_message = false) { - global $config, $auth, $user, $forum_id; - global $_FILES, $_POST; + global $config, $auth, $user, $phpbb_root_path; $error = array(); $num_attachments = sizeof($this->attachment_data); - $this->filename_data['filecomment'] = preg_replace('#&(\#[0-9]+;)#', '&\1', request_var('filecomment', '')); - $this->filename_data['filename'] = (isset($_FILES['fileupload']) && $_FILES['fileupload']['name'] != 'none') ? trim($_FILES['fileupload']['name']) : ''; - + $this->filename_data['filecomment'] = request_var('filecomment', '', true); + $upload_file = (isset($_FILES[$form_name]) && $_FILES[$form_name]['name'] != 'none' && trim($_FILES[$form_name]['name'])) ? true : false; + $add_file = (isset($_POST['add_file'])); $delete_file = (isset($_POST['delete_file'])); $edit_comment = (isset($_POST['edit_comment'])); @@ -940,20 +939,22 @@ class parse_message extends bbcode_firstpass $cfg['max_attachments'] = ($is_message) ? $config['max_attachments_pm'] : $config['max_attachments']; $forum_id = ($is_message) ? 0 : $forum_id; - if ($submit && in_array($mode, array('post', 'reply', 'quote', 'edit')) && $this->filename_data['filename']) + include_once($phpbb_root_path . 'includes/functions_upload.php'); + $upload = new fileupload('ATTACHMENT_'); + + if ($submit && in_array($mode, array('post', 'reply', 'quote', 'edit')) && $upload_file) { if ($num_attachments < $cfg['max_attachments'] || $auth->acl_gets('m_', 'a_')) { - $filedata = upload_attachment($forum_id, $this->filename_data['filename'], false, '', $is_message); - + $filedata = upload_attachment($form_name, $forum_id, false, '', $is_message); $error = $filedata['error']; if ($filedata['post_attach'] && !sizeof($error)) { $new_entry = array( - 'physical_filename' => $filedata['destination_filename'], + 'physical_filename' => $filedata['physical_filename'], 'comment' => $this->filename_data['filecomment'], - 'real_filename' => $filedata['filename'], + 'real_filename' => $filedata['real_filename'], 'extension' => $filedata['extension'], 'mimetype' => $filedata['mimetype'], 'filesize' => $filedata['filesize'], @@ -1024,20 +1025,19 @@ class parse_message extends bbcode_firstpass } } - if (($add_file || $preview) && $this->filename_data['filename']) + if (($add_file || $preview) && $upload_file) { if ($num_attachments < $cfg['max_attachments'] || $auth->acl_gets('m_', 'a_')) { - $filedata = upload_attachment($forum_id, $this->filename_data['filename'], false, '', $is_message); - + $filedata = upload_attachment($form_name, $forum_id, false, '', $is_message); $error = array_merge($error, $filedata['error']); if (!sizeof($error)) { $new_entry = array( - 'physical_filename' => $filedata['destination_filename'], + 'physical_filename' => $filedata['physical_filename'], 'comment' => $this->filename_data['filecomment'], - 'real_filename' => $filedata['filename'], + 'real_filename' => $filedata['real_filename'], 'extension' => $filedata['extension'], 'mimetype' => $filedata['mimetype'], 'filesize' => $filedata['filesize'], @@ -1068,11 +1068,7 @@ class parse_message extends bbcode_firstpass // Get Attachment Data function get_submitted_attachment_data() { - global $_FILES, $_POST; - - $this->filename_data['filecomment'] = preg_replace('#&(\#[0-9]+;)#', '&\1', request_var('filecomment', '')); - $this->filename_data['filename'] = (isset($_FILES['fileupload']) && $_FILES['fileupload']['name'] != 'none') ? trim($_FILES['fileupload']['name']) : ''; - + $this->filename_data['filecomment'] = request_var('filecomment', '', true); $this->attachment_data = (isset($_POST['attachment_data'])) ? $_POST['attachment_data'] : array(); // diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 1edb49f031..d403fef745 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -490,7 +490,7 @@ class user extends session var $lang_path; var $img_lang; - var $keyoptions = array('viewimg' => 0, 'viewflash' => 1, 'viewsmilies' => 2, 'viewsigs' => 3, 'viewavatars' => 4, 'viewcensors' => 5, 'attachsig' => 6, 'html' => 7, 'bbcode' => 8, 'smile' => 9, 'popuppm' => 10, 'report_pm_notify' => 11); + var $keyoptions = array('viewimg' => 0, 'viewflash' => 1, 'viewsmilies' => 2, 'viewsigs' => 3, 'viewavatars' => 4, 'viewcensors' => 5, 'attachsig' => 6, 'html' => 7, 'bbcode' => 8, 'smilies' => 9, 'popuppm' => 10, 'report_pm_notify' => 11); var $keyvalues = array(); function setup($lang_set = false, $style = false) diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index aef5e0c9eb..10d6d6baae 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -296,7 +296,7 @@ function compose_pm($id, $mode, $action) if (!in_array($action, array('quote', 'edit', 'delete', 'forward'))) { $enable_sig = ($config['allow_sig'] && $auth->acl_get('u_sig') && $user->optionget('attachsig')); - $enable_smilies = ($config['allow_smilies'] && $auth->acl_get('u_pm_smilies') && $user->optionget('smile')); + $enable_smilies = ($config['allow_smilies'] && $auth->acl_get('u_pm_smilies') && $user->optionget('smilies')); $enable_bbcode = ($config['allow_bbcode'] && $auth->acl_get('u_pm_bbcode') && $user->optionget('bbcode')); $enable_urls = true; } @@ -424,7 +424,7 @@ function compose_pm($id, $mode, $action) } // Parse Attachments - before checksum is calculated - $message_parser->parse_attachments($action, $msg_id, $submit, $preview, $refresh, true); + $message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true); // Grab md5 'checksum' of new message $message_md5 = md5($message_parser->message); @@ -597,7 +597,7 @@ function compose_pm($id, $mode, $action) // MAIN PM PAGE BEGINS HERE - // Generate smilie listing + // Generate smiley listing generate_smilies('inline', 0); // Generate PM Icons @@ -684,7 +684,7 @@ function compose_pm($id, $mode, $action) $html_checked = (isset($enable_html)) ? !$enable_html : (($config['allow_html'] && $auth->acl_get('u_pm_html')) ? !$user->optionget('html') : 1); $bbcode_checked = (isset($enable_bbcode)) ? !$enable_bbcode : (($config['allow_bbcode'] && $auth->acl_get('u_pm_bbcode')) ? !$user->optionget('bbcode') : 1); - $smilies_checked = (isset($enable_smilies)) ? !$enable_smilies : (($config['allow_smilies'] && $auth->acl_get('u_pm_smilies')) ? !$user->optionget('smile') : 1); + $smilies_checked = (isset($enable_smilies)) ? !$enable_smilies : (($config['allow_smilies'] && $auth->acl_get('u_pm_smilies')) ? !$user->optionget('smilies') : 1); $urls_checked = (isset($enable_urls)) ? !$enable_urls : 0; $sig_checked = $enable_sig; diff --git a/phpBB/includes/ucp/ucp_pm_viewmessage.php b/phpBB/includes/ucp/ucp_pm_viewmessage.php index 8fb13a18ac..217e0a646b 100644 --- a/phpBB/includes/ucp/ucp_pm_viewmessage.php +++ b/phpBB/includes/ucp/ucp_pm_viewmessage.php @@ -62,7 +62,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) } // Always process smilies after parsing bbcodes - $message = smilie_text($message); + $message = smiley_text($message); // Replace naughty words such as farty pants $message_row['message_subject'] = censor_text($message_row['message_subject']); @@ -147,7 +147,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) $bbcode->bbcode_second_pass($signature, $user_info['user_sig_bbcode_uid'], $user_info['user_sig_bbcode_bitfield']); } - $signature = smilie_text($signature); + $signature = smiley_text($signature); $signature = str_replace("\n", '<br />', censor_text($signature)); } @@ -314,7 +314,7 @@ function message_history($msg_id, $user_id, $message_row, $folder) $bbcode->bbcode_second_pass($message, $row['bbcode_uid'], $row['bbcode_bitfield']); } - $message = smilie_text($message, !$row['enable_smilies']); + $message = smiley_text($message, !$row['enable_smilies']); $subject = censor_text($subject); $message = censor_text($message); @@ -421,7 +421,7 @@ function get_user_informations($user_id, $user_row) } else { - if(isset($ranks['normal'])) + if (isset($ranks['normal'])) { foreach ($ranks['normal'] as $rank) { diff --git a/phpBB/includes/ucp/ucp_prefs.php b/phpBB/includes/ucp/ucp_prefs.php index 2464df2164..e90b28c46d 100644 --- a/phpBB/includes/ucp/ucp_prefs.php +++ b/phpBB/includes/ucp/ucp_prefs.php @@ -347,7 +347,7 @@ class ucp_prefs extends module $user->optionset('bbcode', $bbcode); $user->optionset('html', $html); - $user->optionset('smile', $smilies); + $user->optionset('smilies', $smilies); $user->optionset('attachsig', $sig); if (!sizeof($error)) @@ -377,7 +377,7 @@ class ucp_prefs extends module $html = (isset($html)) ? $html : $user->optionget('html'); $html_yes = ($html) ? ' checked="checked"' : ''; $html_no = (!$html) ? ' checked="checked"' : ''; - $smilies = (isset($smilies)) ? $smilies : $user->optionget('smile'); + $smilies = (isset($smilies)) ? $smilies : $user->optionget('smilies'); $smilies_yes = ($smilies) ? ' checked="checked"' : ''; $smilies_no = (!$smilies) ? ' checked="checked"' : ''; $sig = (isset($sig)) ? $sig : $user->optionget('attachsig'); diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php index 034ba66c73..a558e4b2b2 100644 --- a/phpBB/includes/ucp/ucp_profile.php +++ b/phpBB/includes/ucp/ucp_profile.php @@ -380,7 +380,7 @@ class ucp_profile extends module $enable_html = ($config['allow_sig_html']) ? request_var('enable_html', false) : false; $enable_bbcode = ($config['allow_sig_bbcode']) ? request_var('enable_bbcode', $user->optionget('bbcode')) : false; - $enable_smilies = ($config['allow_sig_smilies']) ? request_var('enable_smilies', $user->optionget('smile')) : false; + $enable_smilies = ($config['allow_sig_smilies']) ? request_var('enable_smilies', $user->optionget('smilies')) : false; $enable_urls = request_var('enable_urls', true); $signature = request_var('signature', $user->data['user_sig']); @@ -462,6 +462,11 @@ class ucp_profile extends module $category = request_var('category', ''); $delete = (isset($_POST['delete'])) ? true : false; $avatarselect = request_var('avatarselect', ''); + $avatarselect = str_replace(array('../', '..\\', './', '.\\'), '', $avatarselect); + if ($avatarselect && ($avatarselect{0} == '/' || $avatarselect{0} == "\\")) + { + $avatarselect = ''; + } // Can we upload? $can_upload = ($config['allow_avatar_upload'] && file_exists($phpbb_root_path . $config['avatar_path']) && is_writeable($phpbb_root_path . $config['avatar_path']) && $auth->acl_get('u_chgavatar') && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on')) ? true : false; @@ -492,7 +497,7 @@ class ucp_profile extends module if (!sizeof($error)) { $data['user_id'] = $user->data['user_id']; - if ( (!empty($_FILES['uploadfile']['name']) || $data['uploadurl']) && $can_upload) + if ((!empty($_FILES['uploadfile']['name']) || $data['uploadurl']) && $can_upload) { list($type, $filename, $width, $height) = avatar_upload($data, $error); } |