diff options
38 files changed, 290 insertions, 60 deletions
diff --git a/phpBB/adm/style/acp_ban.html b/phpBB/adm/style/acp_ban.html index 539e8032dd..cf44f4aaa7 100644 --- a/phpBB/adm/style/acp_ban.html +++ b/phpBB/adm/style/acp_ban.html @@ -31,9 +31,9 @@ function display_details(option) { - document.getElementById('acp_unban').unbangivereason.value = ban_give_reason[option]; - document.getElementById('acp_unban').unbanreason.value = ban_reason[option]; - document.getElementById('acp_unban').unbanlength.value = ban_length[option]; + document.getElementById('acp_unban').unbangivereason.innerHTML = ban_give_reason[option]; + document.getElementById('acp_unban').unbanreason.innerHTML = ban_reason[option]; + document.getElementById('acp_unban').unbanlength.innerHTML = ban_length[option]; } // ]]> diff --git a/phpBB/docs/coding-guidelines.html b/phpBB/docs/coding-guidelines.html index 7f747e09e2..1978a0a307 100644 --- a/phpBB/docs/coding-guidelines.html +++ b/phpBB/docs/coding-guidelines.html @@ -288,7 +288,7 @@ PHPBB_QA (Set board to QA-Mode, which means the updater also c <div class="content"> - <p>Please note that these Guidelines applies to all php, html, javascript and css files.</p> + <p>Please note that these guidelines apply to all php, html, javascript and css files.</p> <a name="namingvars"></a><h3>2.i. Variable/Function Naming</h3> diff --git a/phpBB/docs/nginx.conf.sample b/phpBB/docs/nginx.conf.sample new file mode 100644 index 0000000000..a22a126ff4 --- /dev/null +++ b/phpBB/docs/nginx.conf.sample @@ -0,0 +1,70 @@ +# Sample nginx configuration file for phpBB. +# Global settings have been removed, copy them +# from your system's nginx.conf. +# Tested with nginx 0.8.35. + +http { + # Compression - requires gzip and gzip static modules. + gzip on; + gzip_static on; + gzip_vary on; + gzip_http_version 1.1; + gzip_min_length 700; + gzip_comp_level 6; + gzip_disable "MSIE [1-6]\."; + + # Catch-all server for requests to invalid hosts. + # Also catches vulnerability scanners probing IP addresses. + # Should be first. + server { + listen 80; + server_name bogus; + return 444; + root /var/empty; + } + + # If you have domains with and without www prefix, + # redirect one to the other. + server { + listen 80; + server_name myforums.com; + rewrite ^(.*)$ http://www.myforums.com$1 permanent; + } + + # The actual board domain. + server { + listen 80; + server_name www.myforums.com; + + root /path/to/phpbb; + + location / { + # phpbb uses index.htm + index index.php index.html index.htm; + } + + # Deny access to internal phpbb files. + location ~ /(config\.php|common\.php|includes|cache|files|store|images/avatars/upload) { + deny all; + } + + # Pass the php scripts to fastcgi server specified in upstream declaration. + location ~ \.php$ { + fastcgi_pass php; + # Necessary for php. + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + # Unmodified fastcgi_params from nginx distribution. + include fastcgi_params; + } + + # Deny access to version control system directories. + location ~ /\.svn|/\.git { + deny all; + } + } + + # If running php as fastcgi, specify php upstream. + upstream php { + server unix:/tmp/php.sock; + } +} diff --git a/phpBB/includes/acp/acp_ban.php b/phpBB/includes/acp/acp_ban.php index 3198376584..a7ea57b753 100644 --- a/phpBB/includes/acp/acp_ban.php +++ b/phpBB/includes/acp/acp_ban.php @@ -224,7 +224,7 @@ class acp_ban $template->assign_block_vars('ban_reason', array( 'BAN_ID' => $ban_id, 'REASON' => $reason, - 'A_REASON' => addslashes(htmlspecialchars_decode($reason)), + 'A_REASON' => addslashes($reason), )); } } @@ -236,7 +236,7 @@ class acp_ban $template->assign_block_vars('ban_give_reason', array( 'BAN_ID' => $ban_id, 'REASON' => $reason, - 'A_REASON' => addslashes(htmlspecialchars_decode($reason)), + 'A_REASON' => addslashes($reason), )); } } diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index 7680d8996c..927e72010e 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -58,7 +58,7 @@ class acp_board 'board_disable_msg' => false, 'default_lang' => array('lang' => 'DEFAULT_LANGUAGE', 'validate' => 'lang', 'type' => 'select', 'function' => 'language_select', 'params' => array('{CONFIG_VALUE}'), 'explain' => false), 'default_dateformat' => array('lang' => 'DEFAULT_DATE_FORMAT', 'validate' => 'string', 'type' => 'custom', 'method' => 'dateformat_select', 'explain' => true), - 'board_timezone' => array('lang' => 'SYSTEM_TIMEZONE', 'validate' => 'string', 'type' => 'select', 'function' => 'tz_select', 'params' => array('{CONFIG_VALUE}', 1), 'explain' => false), + 'board_timezone' => array('lang' => 'SYSTEM_TIMEZONE', 'validate' => 'string', 'type' => 'select', 'function' => 'tz_select', 'params' => array('{CONFIG_VALUE}', 1), 'explain' => true), 'board_dst' => array('lang' => 'SYSTEM_DST', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), 'default_style' => array('lang' => 'DEFAULT_STYLE', 'validate' => 'int', 'type' => 'select', 'function' => 'style_select', 'params' => array('{CONFIG_VALUE}', false), 'explain' => false), 'override_user_style' => array('lang' => 'OVERRIDE_STYLE', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), diff --git a/phpBB/includes/acp/acp_forums.php b/phpBB/includes/acp/acp_forums.php index 6261f866bb..f2f1bd80e2 100644 --- a/phpBB/includes/acp/acp_forums.php +++ b/phpBB/includes/acp/acp_forums.php @@ -983,7 +983,7 @@ class acp_forums if (!$row) { - trigger_error($user->lang['PARENT_NOT_EXIST'] . adm_back_link($this->u_action . '&' . $this->parent_id), E_USER_WARNING); + trigger_error($user->lang['PARENT_NOT_EXIST'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING); } if ($row['forum_type'] == FORUM_LINK) diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index 7914edd056..1f10893781 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -231,6 +231,11 @@ class acp_users trigger_error($user->lang['CANNOT_BAN_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } + if ($user_id == ANONYMOUS) + { + trigger_error($user->lang['CANNOT_BAN_ANONYMOUS'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); + } + if ($user_row['user_type'] == USER_FOUNDER) { trigger_error($user->lang['CANNOT_BAN_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); @@ -1706,7 +1711,7 @@ class acp_users trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } - if (avatar_process_user($error, $user_row)) + if (avatar_process_user($error, $user_row, $can_upload)) { trigger_error($user->lang['USER_AVATAR_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_row['user_id'])); } diff --git a/phpBB/includes/acp/info/acp_board.php b/phpBB/includes/acp/info/acp_board.php index 58b650650c..3e18f55940 100644 --- a/phpBB/includes/acp/info/acp_board.php +++ b/phpBB/includes/acp/info/acp_board.php @@ -24,7 +24,7 @@ class acp_board_info 'features' => array('title' => 'ACP_BOARD_FEATURES', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION')), 'avatar' => array('title' => 'ACP_AVATAR_SETTINGS', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION')), 'message' => array('title' => 'ACP_MESSAGE_SETTINGS', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION', 'ACP_MESSAGES')), - 'post' => array('title' => 'ACP_POST_SETTINGS', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION')), + 'post' => array('title' => 'ACP_POST_SETTINGS', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION', 'ACP_MESSAGES')), 'signature' => array('title' => 'ACP_SIGNATURE_SETTINGS', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION')), 'feed' => array('title' => 'ACP_FEED_SETTINGS', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION')), 'registration' => array('title' => 'ACP_REGISTER_SETTINGS', 'auth' => 'acl_a_board', 'cat' => array('ACP_BOARD_CONFIGURATION')), diff --git a/phpBB/includes/db/firebird.php b/phpBB/includes/db/firebird.php index e554b0f2fb..6f60dd5dad 100644 --- a/phpBB/includes/db/firebird.php +++ b/phpBB/includes/db/firebird.php @@ -63,10 +63,19 @@ class dbal_firebird extends dbal /** * Version information about used database * @param bool $raw if true, only return the fetched sql_server_version + * @param bool $use_cache forced to false for Interbase * @return string sql server version */ - function sql_server_info($raw = false) + function sql_server_info($raw = false, $use_cache = true) { + /** + * force $use_cache false. I didn't research why the caching code there is no caching code + * but I assume its because the IB extension provides a direct method to access it + * without a query. + */ + + $use_cache = false; + if ($this->service_handle !== false && function_exists('ibase_server_info')) { return @ibase_server_info($this->service_handle, IBASE_SVC_SERVER_VERSION); diff --git a/phpBB/includes/db/mssql.php b/phpBB/includes/db/mssql.php index 7134574691..6899a73902 100644 --- a/phpBB/includes/db/mssql.php +++ b/phpBB/includes/db/mssql.php @@ -65,13 +65,14 @@ class dbal_mssql extends dbal /** * Version information about used database * @param bool $raw if true, only return the fetched sql_server_version + * @param bool $use_cache If true, it is safe to retrieve the value from the cache * @return string sql server version */ - function sql_server_info($raw = false) + function sql_server_info($raw = false, $use_cache = true) { global $cache; - if (empty($cache) || ($this->sql_server_version = $cache->get('mssql_version')) === false) + if (!$use_cache || empty($cache) || ($this->sql_server_version = $cache->get('mssql_version')) === false) { $result_id = @mssql_query("SELECT SERVERPROPERTY('productversion'), SERVERPROPERTY('productlevel'), SERVERPROPERTY('edition')", $this->db_connect_id); @@ -84,7 +85,7 @@ class dbal_mssql extends dbal $this->sql_server_version = ($row) ? trim(implode(' ', $row)) : 0; - if (!empty($cache)) + if (!empty($cache) && $use_cache) { $cache->put('mssql_version', $this->sql_server_version); } diff --git a/phpBB/includes/db/mssql_odbc.php b/phpBB/includes/db/mssql_odbc.php index 14c4831010..75a080b1b7 100644 --- a/phpBB/includes/db/mssql_odbc.php +++ b/phpBB/includes/db/mssql_odbc.php @@ -76,13 +76,14 @@ class dbal_mssql_odbc extends dbal /** * Version information about used database * @param bool $raw if true, only return the fetched sql_server_version + * @param bool $use_cache If true, it is safe to retrieve the value from the cache * @return string sql server version */ - function sql_server_info($raw = false) + function sql_server_info($raw = false, $use_cache = true) { global $cache; - if (empty($cache) || ($this->sql_server_version = $cache->get('mssqlodbc_version')) === false) + if (!$use_cache || empty($cache) || ($this->sql_server_version = $cache->get('mssqlodbc_version')) === false) { $result_id = @odbc_exec($this->db_connect_id, "SELECT SERVERPROPERTY('productversion'), SERVERPROPERTY('productlevel'), SERVERPROPERTY('edition')"); @@ -95,7 +96,7 @@ class dbal_mssql_odbc extends dbal $this->sql_server_version = ($row) ? trim(implode(' ', $row)) : 0; - if (!empty($cache)) + if (!empty($cache) && $use_cache) { $cache->put('mssqlodbc_version', $this->sql_server_version); } diff --git a/phpBB/includes/db/mssqlnative.php b/phpBB/includes/db/mssqlnative.php index 08ee70907c..98e22d4412 100644 --- a/phpBB/includes/db/mssqlnative.php +++ b/phpBB/includes/db/mssqlnative.php @@ -232,18 +232,19 @@ class dbal_mssqlnative extends dbal /** * Version information about used database * @param bool $raw if true, only return the fetched sql_server_version + * @param bool $use_cache If true, it is safe to retrieve the value from the cache * @return string sql server version */ - function sql_server_info($raw = false) + function sql_server_info($raw = false, $use_cache = true) { global $cache; - if (empty($cache) || ($this->sql_server_version = $cache->get('mssql_version')) === false) + if (!$use_cache || empty($cache) || ($this->sql_server_version = $cache->get('mssql_version')) === false) { $arr_server_info = sqlsrv_server_info($this->db_connect_id); $this->sql_server_version = $arr_server_info['SQLServerVersion']; - if (!empty($cache)) + if (!empty($cache) && $use_cache) { $cache->put('mssql_version', $this->sql_server_version); } diff --git a/phpBB/includes/db/mysql.php b/phpBB/includes/db/mysql.php index 0487dfa6d2..1e24c79577 100644 --- a/phpBB/includes/db/mysql.php +++ b/phpBB/includes/db/mysql.php @@ -96,13 +96,14 @@ class dbal_mysql extends dbal /** * Version information about used database * @param bool $raw if true, only return the fetched sql_server_version + * @param bool $use_cache If true, it is safe to retrieve the value from the cache * @return string sql server version */ - function sql_server_info($raw = false) + function sql_server_info($raw = false, $use_cache = true) { global $cache; - if (empty($cache) || ($this->sql_server_version = $cache->get('mysql_version')) === false) + if (!$use_cache || empty($cache) || ($this->sql_server_version = $cache->get('mysql_version')) === false) { $result = @mysql_query('SELECT VERSION() AS version', $this->db_connect_id); $row = @mysql_fetch_assoc($result); @@ -110,7 +111,7 @@ class dbal_mysql extends dbal $this->sql_server_version = $row['version']; - if (!empty($cache)) + if (!empty($cache) && $use_cache) { $cache->put('mysql_version', $this->sql_server_version); } diff --git a/phpBB/includes/db/mysqli.php b/phpBB/includes/db/mysqli.php index f0e58fd148..862d62f4ba 100644 --- a/phpBB/includes/db/mysqli.php +++ b/phpBB/includes/db/mysqli.php @@ -80,14 +80,14 @@ class dbal_mysqli extends dbal /** * Version information about used database - * @param bool $raw if true, only return the fetched sql_server_version + * @param bool $use_cache If true, it is safe to retrieve the value from the cache * @return string sql server version */ - function sql_server_info($raw = false) + function sql_server_info($raw = false, $use_cache = true) { global $cache; - if (empty($cache) || ($this->sql_server_version = $cache->get('mysqli_version')) === false) + if (!$use_cache || empty($cache) || ($this->sql_server_version = $cache->get('mysqli_version')) === false) { $result = @mysqli_query($this->db_connect_id, 'SELECT VERSION() AS version'); $row = @mysqli_fetch_assoc($result); @@ -95,7 +95,7 @@ class dbal_mysqli extends dbal $this->sql_server_version = $row['version']; - if (!empty($cache)) + if (!empty($cache) && $use_cache) { $cache->put('mysqli_version', $this->sql_server_version); } diff --git a/phpBB/includes/db/oracle.php b/phpBB/includes/db/oracle.php index 5a9b18abf0..c8a9a5f604 100644 --- a/phpBB/includes/db/oracle.php +++ b/phpBB/includes/db/oracle.php @@ -56,10 +56,18 @@ class dbal_oracle extends dbal /** * Version information about used database * @param bool $raw if true, only return the fetched sql_server_version + * @param bool $use_cache forced to false for Oracle * @return string sql server version */ - function sql_server_info($raw = false) + function sql_server_info($raw = false, $use_cache = true) { + /** + * force $use_cache false. I didn't research why the caching code below is commented out + * but I assume its because the Oracle extension provides a direct method to access it + * without a query. + */ + + $use_cache = false; /* global $cache; diff --git a/phpBB/includes/db/postgres.php b/phpBB/includes/db/postgres.php index 2a885f1d04..4360c790a1 100644 --- a/phpBB/includes/db/postgres.php +++ b/phpBB/includes/db/postgres.php @@ -108,13 +108,14 @@ class dbal_postgres extends dbal /** * Version information about used database * @param bool $raw if true, only return the fetched sql_server_version + * @param bool $use_cache If true, it is safe to retrieve the value from the cache * @return string sql server version */ - function sql_server_info($raw = false) + function sql_server_info($raw = false, $use_cache = true) { global $cache; - if (empty($cache) || ($this->sql_server_version = $cache->get('pgsql_version')) === false) + if (!$use_cache || empty($cache) || ($this->sql_server_version = $cache->get('pgsql_version')) === false) { $query_id = @pg_query($this->db_connect_id, 'SELECT VERSION() AS version'); $row = @pg_fetch_assoc($query_id, null); @@ -122,7 +123,7 @@ class dbal_postgres extends dbal $this->sql_server_version = (!empty($row['version'])) ? trim(substr($row['version'], 10)) : 0; - if (!empty($cache)) + if (!empty($cache) && $use_cache) { $cache->put('pgsql_version', $this->sql_server_version); } diff --git a/phpBB/includes/db/sqlite.php b/phpBB/includes/db/sqlite.php index 288f6e0992..8de72fd394 100644 --- a/phpBB/includes/db/sqlite.php +++ b/phpBB/includes/db/sqlite.php @@ -50,19 +50,24 @@ class dbal_sqlite extends dbal /** * Version information about used database * @param bool $raw if true, only return the fetched sql_server_version + * @param bool $use_cache if true, it is safe to retrieve the stored value from the cache * @return string sql server version */ - function sql_server_info($raw = false) + function sql_server_info($raw = false, $use_cache = true) { global $cache; - if (empty($cache) || ($this->sql_server_version = $cache->get('sqlite_version')) === false) + if (!$use_cache || empty($cache) || ($this->sql_server_version = $cache->get('sqlite_version')) === false) { $result = @sqlite_query('SELECT sqlite_version() AS version', $this->db_connect_id); $row = @sqlite_fetch_array($result, SQLITE_ASSOC); $this->sql_server_version = (!empty($row['version'])) ? $row['version'] : 0; - $cache->put('sqlite_version', $this->sql_server_version); + + if (!empty($cache) && $use_cache) + { + $cache->put('sqlite_version', $this->sql_server_version); + } } return ($raw) ? $this->sql_server_version : 'SQLite ' . $this->sql_server_version; diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 3f097f171f..9c74a524ee 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -4318,7 +4318,7 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0 'T_ICONS_PATH' => "{$web_path}{$config['icons_path']}/", 'T_RANKS_PATH' => "{$web_path}{$config['ranks_path']}/", 'T_UPLOAD_PATH' => "{$web_path}{$config['upload_path']}/", - 'T_STYLESHEET_LINK' => (!$user->theme['theme_storedb']) ? "{$web_path}styles/" . $user->theme['theme_path'] . '/theme/stylesheet.css' : append_sid("{$phpbb_root_path}style.$phpEx", 'id=' . $user->theme['style_id'] . '&lang=' . $user->data['user_lang'], true, $user->session_id), + 'T_STYLESHEET_LINK' => (!$user->theme['theme_storedb']) ? "{$web_path}styles/" . $user->theme['theme_path'] . '/theme/stylesheet.css' : append_sid("{$phpbb_root_path}style.$phpEx", 'id=' . $user->theme['style_id'] . '&lang=' . $user->data['user_lang']), 'T_STYLESHEET_NAME' => $user->theme['theme_name'], 'T_THEME_NAME' => $user->theme['theme_path'], diff --git a/phpBB/includes/functions_convert.php b/phpBB/includes/functions_convert.php index 0fdae9b274..c035fd3739 100644 --- a/phpBB/includes/functions_convert.php +++ b/phpBB/includes/functions_convert.php @@ -1025,6 +1025,9 @@ function set_user_options() 'bbcode' => array('bit' => 8, 'default' => 1), 'smilies' => array('bit' => 9, 'default' => 1), 'popuppm' => array('bit' => 10, 'default' => 0), + 'sig_bbcode' => array('bit' => 15, 'default' => 1), + 'sig_smilies' => array('bit' => 16, 'default' => 1), + 'sig_links' => array('bit' => 17, 'default' => 1), ); $option_field = 0; diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 271542efdd..6f6d7526b7 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -528,7 +528,7 @@ function user_delete($mode, $user_id, $post_username = false) $db->sql_transaction('begin'); - $table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE, PROFILE_FIELDS_DATA_TABLE, MODERATOR_CACHE_TABLE, DRAFTS_TABLE, BOOKMARKS_TABLE, SESSIONS_KEYS_TABLE); + $table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE, PROFILE_FIELDS_DATA_TABLE, MODERATOR_CACHE_TABLE, DRAFTS_TABLE, BOOKMARKS_TABLE, SESSIONS_KEYS_TABLE, PRIVMSGS_FOLDER_TABLE, PRIVMSGS_RULES_TABLE); foreach ($table_ary as $table) { @@ -837,14 +837,15 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas FROM ' . USERS_TABLE . ' WHERE ' . $db->sql_in_set('username_clean', $sql_usernames); - // Do not allow banning yourself + // Do not allow banning yourself, the guest account, or founders. + $non_bannable = array($user->data['user_id'], ANONYMOUS); if (sizeof($founder)) { - $sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), array($user->data['user_id'])), true); + $sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), $non_bannable), true); } else { - $sql .= ' AND user_id <> ' . $user->data['user_id']; + $sql .= ' AND ' . $db->sql_in_set('user_id', $non_bannable, true); } $result = $db->sql_query($sql); @@ -2284,7 +2285,7 @@ function avatar_get_dimensions($avatar, $avatar_type, &$error, $current_x = 0, $ /** * Uploading/Changing user avatar */ -function avatar_process_user(&$error, $custom_userdata = false) +function avatar_process_user(&$error, $custom_userdata = false, $can_upload = null) { global $config, $phpbb_root_path, $auth, $user, $db; @@ -2323,7 +2324,10 @@ function avatar_process_user(&$error, $custom_userdata = false) $avatar_select = basename(request_var('avatar_select', '')); // Can we upload? - $can_upload = ($config['allow_avatar_upload'] && file_exists($phpbb_root_path . $config['avatar_path']) && @is_writable($phpbb_root_path . $config['avatar_path']) && $change_avatar && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on')) ? true : false; + if (is_null($can_upload)) + { + $can_upload = ($config['allow_avatar_upload'] && file_exists($phpbb_root_path . $config['avatar_path']) && @is_writable($phpbb_root_path . $config['avatar_path']) && $change_avatar && (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on')) ? true : false; + } if ((!empty($_FILES['uploadfile']['name']) || $data['uploadurl']) && $can_upload) { diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 0a01b4e73b..e157053e61 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -2134,9 +2134,9 @@ class user extends session // Zone offset $zone_offset = $this->timezone + $this->dst; - // Show date <= 1 hour ago as 'xx min ago' + // Show date <= 1 hour ago as 'xx min ago' but not greater than 60 seconds in the future // A small tolerence is given for times in the future but in the same minute are displayed as '< than a minute ago' - if ($delta <= 3600 && ($delta >= -5 || (($now / 60) % 60) == (($gmepoch / 60) % 60)) && $date_cache[$format]['is_short'] !== false && !$forcedate && isset($this->lang['datetime']['AGO'])) + if ($delta <= 3600 && $delta > -60 && ($delta >= -5 || (($now / 60) % 60) == (($gmepoch / 60) % 60)) && $date_cache[$format]['is_short'] !== false && !$forcedate && isset($this->lang['datetime']['AGO'])) { return $this->lang(array('datetime', 'AGO'), max(0, (int) floor($delta / 60))); } diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php index f4f4abad4a..363a4803b6 100644 --- a/phpBB/includes/ucp/ucp_profile.php +++ b/phpBB/includes/ucp/ucp_profile.php @@ -572,7 +572,7 @@ class ucp_profile { if (check_form_key('ucp_avatar')) { - if (avatar_process_user($error)) + if (avatar_process_user($error, false, $can_upload)) { meta_refresh(3, $this->u_action); $message = $user->lang['PROFILE_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); diff --git a/phpBB/install/database_update.php b/phpBB/install/database_update.php index 47d261dc46..83bbbf4577 100644 --- a/phpBB/install/database_update.php +++ b/phpBB/install/database_update.php @@ -685,7 +685,6 @@ function _add_modules($modules_to_install) WHERE module_class = '" . $db->sql_escape($module_data['class']) . "' AND parent_id = {$parent_id} AND left_id BETWEEN {$first_left_id} AND {$module_row['left_id']} - GROUP BY left_id ORDER BY left_id"; $result = $db->sql_query($sql); $steps = (int) $db->sql_fetchfield('num_modules'); @@ -1684,6 +1683,71 @@ function change_database_data(&$no_updates, $version) } $db->sql_freeresult($result); + // Install modules + $modules_to_install = array( + 'post' => array( + 'base' => 'board', + 'class' => 'acp', + 'title' => 'ACP_POST_SETTINGS', + 'auth' => 'acl_a_board', + 'cat' => 'ACP_MESSAGES', + 'after' => array('message', 'ACP_MESSAGE_SETTINGS') + ), + ); + + _add_modules($modules_to_install); + + // add Bing Bot + $sql = 'SELECT group_id, group_colour + FROM ' . GROUPS_TABLE . " + WHERE group_name = 'BOTS'"; + $result = $db->sql_query($sql); + $group_row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + if (!$group_row) + { + // default fallback, should never get here + $group_row['group_id'] = 6; + $group_row['group_colour'] = '9E8DA7'; + } + + if (!function_exists('user_add')) + { + include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + } + + $bot_name = 'Bing [Bot]'; + $bot_agent = 'bingbot/'; + $bot_ip = ''; + + $user_row = array( + 'user_type' => USER_IGNORE, + 'group_id' => $group_row['group_id'], + 'username' => $bot_name, + 'user_regdate' => time(), + 'user_password' => '', + 'user_colour' => $group_row['group_colour'], + 'user_email' => '', + 'user_lang' => $config['default_lang'], + 'user_style' => $config['default_style'], + 'user_timezone' => 0, + 'user_dateformat' => $config['default_dateformat'], + 'user_allow_massemail' => 0, + ); + + $user_id = user_add($user_row); + + $sql = 'INSERT INTO ' . BOTS_TABLE . ' ' . $db->sql_build_array('INSERT', array( + 'bot_active' => 1, + 'bot_name' => (string) $bot_name, + 'user_id' => (int) $user_id, + 'bot_agent' => (string) $bot_agent, + 'bot_ip' => (string) $bot_ip, + )); + + _sql($sql, $errored, $error_ary); + // end Bing Bot addition $no_updates = false; break; diff --git a/phpBB/install/install_convert.php b/phpBB/install/install_convert.php index 06c3a8b4a6..8c3ffd61a8 100644 --- a/phpBB/install/install_convert.php +++ b/phpBB/install/install_convert.php @@ -685,7 +685,7 @@ class install_convert extends module // Thanks MySQL, for silently converting... case 'mysql': case 'mysql4': - if (version_compare($src_db->sql_server_info(true), '4.1.3', '>=')) + if (version_compare($src_db->sql_server_info(true, false), '4.1.3', '>=')) { $convert->mysql_convert = true; } diff --git a/phpBB/install/install_install.php b/phpBB/install/install_install.php index f4989b5bd7..4c22db07b2 100644 --- a/phpBB/install/install_install.php +++ b/phpBB/install/install_install.php @@ -2108,6 +2108,7 @@ class install_install extends module 'Alta Vista [Bot]' => array('Scooter/', ''), 'Ask Jeeves [Bot]' => array('Ask Jeeves', ''), 'Baidu [Spider]' => array('Baiduspider+(', ''), + 'Bing [Bot]' => array('bingbot/', ''), 'Exabot [Bot]' => array('Exabot/', ''), 'FAST Enterprise [Crawler]' => array('FAST Enterprise Crawler', ''), 'FAST WebCrawler [Crawler]' => array('FAST-WebCrawler/', ''), diff --git a/phpBB/language/en/acp/board.php b/phpBB/language/en/acp/board.php index 52389d85b9..80db81653d 100644 --- a/phpBB/language/en/acp/board.php +++ b/phpBB/language/en/acp/board.php @@ -50,7 +50,8 @@ $lang = array_merge($lang, array( 'SITE_DESC' => 'Site description', 'SITE_NAME' => 'Site name', 'SYSTEM_DST' => 'Enable Summer Time/<abbr title="Daylight Saving Time">DST</abbr>', - 'SYSTEM_TIMEZONE' => 'System timezone', + 'SYSTEM_TIMEZONE' => 'Guest timezone', + 'SYSTEM_TIMEZONE_EXPLAIN' => 'Timezone to use for displaying times to users who are not logged in (guests, bots). Logged in users set their timezone during registration and can change it in user control panel.', 'WARNINGS_EXPIRE' => 'Warning duration', 'WARNINGS_EXPIRE_EXPLAIN' => 'Number of days that will elapse before the warning will automatically expire from a user’s record.', )); diff --git a/phpBB/language/en/acp/users.php b/phpBB/language/en/acp/users.php index 8d9bf0d486..eda9659795 100644 --- a/phpBB/language/en/acp/users.php +++ b/phpBB/language/en/acp/users.php @@ -42,6 +42,7 @@ $lang = array_merge($lang, array( 'BAN_ALREADY_ENTERED' => 'The ban had been previously entered successfully. The ban list has not been updated.', 'BAN_SUCCESSFUL' => 'Ban entered successfully.', + 'CANNOT_BAN_ANONYMOUS' => 'You are not allowed to ban the anonymous account. Permissions for anonymous users can be set under the Permissions tab.', 'CANNOT_BAN_FOUNDER' => 'You are not allowed to ban founder accounts.', 'CANNOT_BAN_YOURSELF' => 'You are not allowed to ban yourself.', 'CANNOT_DEACTIVATE_BOT' => 'You are not allowed to deactivate bot accounts. Please deactivate the bot within the bots page instead.', diff --git a/phpBB/style.php b/phpBB/style.php index fa77815670..8ca1751391 100644 --- a/phpBB/style.php +++ b/phpBB/style.php @@ -45,15 +45,8 @@ if (!empty($load_extensions) && function_exists('dl')) } } - -$sid = (isset($_GET['sid']) && !is_array($_GET['sid'])) ? htmlspecialchars($_GET['sid']) : ''; $id = (isset($_GET['id'])) ? intval($_GET['id']) : 0; -if (strspn($sid, 'abcdefABCDEF0123456789') !== strlen($sid)) -{ - $sid = ''; -} - // This is a simple script to grab and output the requested CSS data stored in the DB // We include a session_id check to try and limit 3rd party linking ... unless they // happen to have a current session it will output nothing. We will also cache the @@ -81,6 +74,20 @@ if ($id) $config = $cache->obtain_config(); $user = false; + // try to get a session ID from REQUEST array + $sid = request_var('sid', ''); + + if (!$sid) + { + // if that failed, then look in the cookies + $sid = request_var($config['cookie_name'] . '_sid', '', false, true); + } + + if (strspn($sid, 'abcdefABCDEF0123456789') !== strlen($sid)) + { + $sid = ''; + } + if ($sid) { $sql = 'SELECT u.user_id, u.user_lang diff --git a/phpBB/styles/prosilver/template/editor.js b/phpBB/styles/prosilver/template/editor.js index c4c3483766..ddc862bb8c 100644 --- a/phpBB/styles/prosilver/template/editor.js +++ b/phpBB/styles/prosilver/template/editor.js @@ -200,6 +200,12 @@ function addquote(post_id, username, l_wrote) var theSelection = ''; var divarea = false; + if (l_wrote === undefined) + { + // Backwards compatibility + l_wrote = 'wrote'; + } + if (document.all) { divarea = document.all[message_name]; diff --git a/phpBB/styles/prosilver/template/posting_topic_review.html b/phpBB/styles/prosilver/template/posting_topic_review.html index 879e6bb7fc..a05f057e21 100644 --- a/phpBB/styles/prosilver/template/posting_topic_review.html +++ b/phpBB/styles/prosilver/template/posting_topic_review.html @@ -24,7 +24,7 @@ <div class="postbody" id="pr{topic_review_row.POST_ID}"> <!-- IF topic_review_row.POSTER_QUOTE and topic_review_row.DECODED_MESSAGE --> <ul class="profile-icons"> - <li class="quote-icon"><a href="#postingbox" onclick="addquote({topic_review_row.POST_ID}, '{topic_review_row.POSTER_QUOTE}', '{L_WROTE}');" title="{L_QUOTE} {topic_review_row.POST_AUTHOR}"><span>{L_QUOTE} {topic_review_row.POST_AUTHOR}</span></a></li> + <li class="quote-icon"><a href="#postingbox" onclick="addquote({topic_review_row.POST_ID}, '{topic_review_row.POSTER_QUOTE}', '{LA_WROTE}');" title="{L_QUOTE} {topic_review_row.POST_AUTHOR}"><span>{L_QUOTE} {topic_review_row.POST_AUTHOR}</span></a></li> </ul> <!-- ENDIF --> <!-- IF topic_review_row.U_MCP_DETAILS --><div class="right-box"><a href="{topic_review_row.U_MCP_DETAILS}">{L_POST_DETAILS}</a></div><!-- ENDIF --> diff --git a/phpBB/styles/prosilver/template/ucp_pm_history.html b/phpBB/styles/prosilver/template/ucp_pm_history.html index 32b8072082..c555e90640 100644 --- a/phpBB/styles/prosilver/template/ucp_pm_history.html +++ b/phpBB/styles/prosilver/template/ucp_pm_history.html @@ -17,7 +17,7 @@ <div class="postbody" id="pr{history_row.MSG_ID}"> <!-- IF history_row.U_QUOTE or history_row.MESSAGE_AUTHOR_QUOTE --> <ul class="profile-icons"> - <li class="quote-icon"><a <!-- IF history_row.U_QUOTE -->href="{history_row.U_QUOTE}"<!-- ELSE -->href="#postingbox" onclick="addquote({history_row.MSG_ID}, '{history_row.MESSAGE_AUTHOR_QUOTE}', '{L_WROTE}');"<!-- ENDIF --> title="{L_QUOTE} {history_row.MESSAGE_AUTHOR}"><span>{L_QUOTE} {history_row.MESSAGE_AUTHOR}</span></a></li> + <li class="quote-icon"><a <!-- IF history_row.U_QUOTE -->href="{history_row.U_QUOTE}"<!-- ELSE -->href="#postingbox" onclick="addquote({history_row.MSG_ID}, '{history_row.MESSAGE_AUTHOR_QUOTE}', '{LA_WROTE}');"<!-- ENDIF --> title="{L_QUOTE} {history_row.MESSAGE_AUTHOR}"><span>{L_QUOTE} {history_row.MESSAGE_AUTHOR}</span></a></li> </ul> <!-- ENDIF --> diff --git a/phpBB/styles/subsilver2/template/attachment.html b/phpBB/styles/subsilver2/template/attachment.html index d54994fe67..833bd4d55f 100644 --- a/phpBB/styles/subsilver2/template/attachment.html +++ b/phpBB/styles/subsilver2/template/attachment.html @@ -58,13 +58,13 @@ <!-- ELSEIF _file.S_FLASH_FILE --> <object classid="clsid:D27CDB6E-AE6D-11CF-96B8-444553540000" codebase="http://active.macromedia.com/flash2/cabs/swflash.cab#version=5,0,0,0" width="{_file.WIDTH}" height="{_file.HEIGHT}"> - <param name="movie" value="{_file.U_DOWNLOAD_LINK}" /> + <param name="movie" value="{_file.U_VIEW_LINK}" /> <param name="play" value="true" /> <param name="loop" value="true" /> <param name="quality" value="high" /> <param name="allowScriptAccess" value="never" /> <param name="allowNetworking" value="internal" /> - <embed src="{_file.U_DOWNLOAD_LINK}" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash" width="{_file.WIDTH}" height="{_file.HEIGHT}" play="true" loop="true" quality="high" allowscriptaccess="never" allownetworking="internal"></embed> + <embed src="{_file.U_VIEW_LINK}" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash" width="{_file.WIDTH}" height="{_file.HEIGHT}" play="true" loop="true" quality="high" allowscriptaccess="never" allownetworking="internal"></embed> </object> <!-- ELSEIF _file.S_QUICKTIME_FILE --> <object id="qtstream_{_file.ATTACH_ID}" classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" codebase="http://www.apple.com/qtactivex/qtplugin.cab#version=6,0,2,0" width="0" height="16"> diff --git a/phpBB/styles/subsilver2/template/editor.js b/phpBB/styles/subsilver2/template/editor.js index 54bd3450d0..e340bc74b5 100644 --- a/phpBB/styles/subsilver2/template/editor.js +++ b/phpBB/styles/subsilver2/template/editor.js @@ -202,6 +202,12 @@ function addquote(post_id, username, l_wrote) var theSelection = ''; var divarea = false; + if (l_wrote === undefined) + { + // Backwards compatibility + l_wrote = 'wrote'; + } + if (document.all) { divarea = document.all[message_name]; diff --git a/phpBB/styles/subsilver2/template/posting_buttons.html b/phpBB/styles/subsilver2/template/posting_buttons.html index 0aab79b7aa..2fff9c1991 100644 --- a/phpBB/styles/subsilver2/template/posting_buttons.html +++ b/phpBB/styles/subsilver2/template/posting_buttons.html @@ -19,6 +19,7 @@ o: '{LA_BBCODE_O_HELP}', p: '{LA_BBCODE_P_HELP}', w: '{LA_BBCODE_W_HELP}', + a: '{LA_BBCODE_A_HELP}', s: '{LA_BBCODE_S_HELP}', f: '{LA_BBCODE_F_HELP}', e: '{LA_BBCODE_E_HELP}', diff --git a/phpBB/styles/subsilver2/template/posting_topic_review.html b/phpBB/styles/subsilver2/template/posting_topic_review.html index 5456ad09b6..54bbf6e553 100644 --- a/phpBB/styles/subsilver2/template/posting_topic_review.html +++ b/phpBB/styles/subsilver2/template/posting_topic_review.html @@ -36,7 +36,7 @@ <td> </td> <td class="gensmall" valign="middle" nowrap="nowrap"><b>{L_POST_SUBJECT}:</b> </td> <td class="gensmall" width="100%" valign="middle">{topic_review_row.POST_SUBJECT}</td> - <td valign="top" nowrap="nowrap"> <!-- IF topic_review_row.POSTER_QUOTE and topic_review_row.DECODED_MESSAGE --><a href="#" onclick="addquote({topic_review_row.POST_ID},'{topic_review_row.POSTER_QUOTE}', '{L_WROTE}'); return false;">{QUOTE_IMG}</a><!-- ENDIF --></td> + <td valign="top" nowrap="nowrap"> <!-- IF topic_review_row.POSTER_QUOTE and topic_review_row.DECODED_MESSAGE --><a href="#" onclick="addquote({topic_review_row.POST_ID},'{topic_review_row.POSTER_QUOTE}', '{LA_WROTE}'); return false;">{QUOTE_IMG}</a><!-- ENDIF --></td> </tr> </table> </td> diff --git a/phpBB/styles/subsilver2/template/ucp_pm_history.html b/phpBB/styles/subsilver2/template/ucp_pm_history.html index d11822cc39..53391b30c9 100644 --- a/phpBB/styles/subsilver2/template/ucp_pm_history.html +++ b/phpBB/styles/subsilver2/template/ucp_pm_history.html @@ -59,7 +59,7 @@ <!-- IF history_row.S_ROW_COUNT is even --><tr class="row1"><!-- ELSE --><tr class="row2"><!-- ENDIF --> <td class="gensmall"><a href="{history_row.U_VIEW_MESSAGE}">{L_VIEW_PM}</a></td> - <td><div class="gensmall" style="float: {S_CONTENT_FLOW_BEGIN};"> <!-- IF history_row.U_PROFILE --><a href="{history_row.U_PROFILE}">{PROFILE_IMG}</a> <!-- ENDIF --> <!-- IF history_row.U_EMAIL --><a href="{history_row.U_EMAIL}">{EMAIL_IMG}</a> <!-- ENDIF --> </div> <div class="gensmall" style="float: {S_CONTENT_FLOW_END};"><!-- IF history_row.U_QUOTE or history_row.MESSAGE_AUTHOR_QUOTE --><a <!-- IF history_row.U_QUOTE -->href="{history_row.U_QUOTE}"<!-- ELSE -->href="#" onclick="addquote({history_row.MSG_ID}, '{history_row.MESSAGE_AUTHOR_QUOTE}', '{L_WROTE}'); return false;"<!-- ENDIF -->>{QUOTE_IMG}</a> <!-- ENDIF --> <!-- IF history_row.U_POST_REPLY_PM --><a href="{history_row.U_POST_REPLY_PM}">{REPLY_IMG}</a><!-- ENDIF --> </div></td> + <td><div class="gensmall" style="float: {S_CONTENT_FLOW_BEGIN};"> <!-- IF history_row.U_PROFILE --><a href="{history_row.U_PROFILE}">{PROFILE_IMG}</a> <!-- ENDIF --> <!-- IF history_row.U_EMAIL --><a href="{history_row.U_EMAIL}">{EMAIL_IMG}</a> <!-- ENDIF --> </div> <div class="gensmall" style="float: {S_CONTENT_FLOW_END};"><!-- IF history_row.U_QUOTE or history_row.MESSAGE_AUTHOR_QUOTE --><a <!-- IF history_row.U_QUOTE -->href="{history_row.U_QUOTE}"<!-- ELSE -->href="#" onclick="addquote({history_row.MSG_ID}, '{history_row.MESSAGE_AUTHOR_QUOTE}', '{LA_WROTE}'); return false;"<!-- ENDIF -->>{QUOTE_IMG}</a> <!-- ENDIF --> <!-- IF history_row.U_POST_REPLY_PM --><a href="{history_row.U_POST_REPLY_PM}">{REPLY_IMG}</a><!-- ENDIF --> </div></td> </tr> <tr> <td class="spacer" colspan="2"><img src="images/spacer.gif" alt="" width="1" height="1" /></td> diff --git a/phpBB/viewforum.php b/phpBB/viewforum.php index d18508ccbc..5f33b7565f 100644 --- a/phpBB/viewforum.php +++ b/phpBB/viewforum.php @@ -508,6 +508,7 @@ if (sizeof($shadow_topic_list)) 'topic_moved_id' => $rowset[$orig_topic_id]['topic_moved_id'], 'topic_status' => $rowset[$orig_topic_id]['topic_status'], 'topic_type' => $rowset[$orig_topic_id]['topic_type'], + 'topic_title' => $rowset[$orig_topic_id]['topic_title'], )); // Shadow topics are never reported diff --git a/tests/RUNNING_TESTS.txt b/tests/RUNNING_TESTS.txt new file mode 100644 index 0000000000..f1b40f71ad --- /dev/null +++ b/tests/RUNNING_TESTS.txt @@ -0,0 +1,33 @@ +Running Tests +------------- + +Prerequisites +------------- + +PHPUnit +======= + +phpBB unit tests use PHPUnit framework. Version 3.3 or better is required +to run the tests. PHPUnit prefers to be installed via PEAR; refer to +http://www.phpunit.de/ for more information. + +PHP extensions +============== + +Unit tests use several PHP extensions that board code does not use. Currently +the following PHP extensions must be installed and enabled to run unit tests: + +- ctype + +Running +------- + +Once the prerequisites are installed, run the tests from tests directory: + +$ phpunit all_tests.php + +More Information +---------------- + +Further information is available on phpbb wiki: +http://wiki.phpbb.com/display/DEV/Unit+Tests |