diff options
Diffstat (limited to 'phpBB/includes/functions.php')
| -rw-r--r-- | phpBB/includes/functions.php | 49 |
1 files changed, 26 insertions, 23 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index df613682a7..cf4e64451f 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1989,6 +1989,9 @@ function tracking_unserialize($string, $max_depth = 3) * @param mixed $params String or array of additional url parameters * @param bool $is_amp Is url using & (true) or & (false) * @param string $session_id Possibility to use a custom session id instead of the global one +* @param bool $is_route Is url generated by a route. +* +* @return string The corrected url. * * Examples: * <code> @@ -1999,7 +2002,7 @@ function tracking_unserialize($string, $max_depth = 3) * </code> * */ -function append_sid($url, $params = false, $is_amp = true, $session_id = false) +function append_sid($url, $params = false, $is_amp = true, $session_id = false, $is_route = false) { global $_SID, $_EXTRA_URL, $phpbb_hook, $phpbb_path_helper; global $phpbb_dispatcher; @@ -2011,7 +2014,7 @@ function append_sid($url, $params = false, $is_amp = true, $session_id = false) } // Update the root path with the correct relative web path - if ($phpbb_path_helper instanceof \phpbb\path_helper) + if (!$is_route && $phpbb_path_helper instanceof \phpbb\path_helper) { $url = $phpbb_path_helper->update_web_root_path($url); } @@ -2037,9 +2040,10 @@ function append_sid($url, $params = false, $is_amp = true, $session_id = false) * the global one (false) * @var bool|string append_sid_overwrite Overwrite function (string * URL) or not (false) + * @var bool is_route Is url generated by a route. * @since 3.1.0-a1 */ - $vars = array('url', 'params', 'is_amp', 'session_id', 'append_sid_overwrite'); + $vars = array('url', 'params', 'is_amp', 'session_id', 'append_sid_overwrite', 'is_route'); extract($phpbb_dispatcher->trigger_event('core.append_sid', compact($vars))); if ($append_sid_overwrite) @@ -2576,15 +2580,17 @@ function add_form_key($form_name) } /** -* Check the form key. Required for all altering actions not secured by confirm_box -* @param string $form_name The name of the form; has to match the name used in add_form_key, otherwise no restrictions apply -* @param int $timespan The maximum acceptable age for a submitted form in seconds. Defaults to the config setting. -* @param string $return_page The address for the return link -* @param bool $trigger If true, the function will triger an error when encountering an invalid form -*/ -function check_form_key($form_name, $timespan = false, $return_page = '', $trigger = false) + * Check the form key. Required for all altering actions not secured by confirm_box + * + * @param string $form_name The name of the form; has to match the name used + * in add_form_key, otherwise no restrictions apply + * @param int $timespan The maximum acceptable age for a submitted form + * in seconds. Defaults to the config setting. + * @return bool True, if the form key was valid, false otherwise + */ +function check_form_key($form_name, $timespan = false) { - global $config, $user; + global $config, $request, $user; if ($timespan === false) { @@ -2592,10 +2598,10 @@ function check_form_key($form_name, $timespan = false, $return_page = '', $trigg $timespan = ($config['form_token_lifetime'] == -1) ? -1 : max(30, $config['form_token_lifetime']); } - if (isset($_POST['creation_time']) && isset($_POST['form_token'])) + if ($request->is_set_post('creation_time') && $request->is_set_post('form_token')) { - $creation_time = abs(request_var('creation_time', 0)); - $token = request_var('form_token', ''); + $creation_time = abs($request->variable('creation_time', 0)); + $token = $request->variable('form_token', ''); $diff = time() - $creation_time; @@ -2612,11 +2618,6 @@ function check_form_key($form_name, $timespan = false, $return_page = '', $trigg } } - if ($trigger) - { - trigger_error($user->lang['FORM_INVALID'] . $return_page); - } - return false; } @@ -2832,8 +2833,6 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa if ($result['status'] == LOGIN_SUCCESS) { $redirect = request_var('redirect', "{$phpbb_root_path}index.$phpEx"); - $message = ($l_success) ? $l_success : $user->lang['LOGIN_REDIRECT']; - $l_redirect = ($admin) ? $user->lang['PROCEED_TO_ACP'] : (($redirect === "{$phpbb_root_path}index.$phpEx" || $redirect === "index.$phpEx") ? $user->lang['RETURN_INDEX'] : $user->lang['RETURN_PAGE']); // append/replace SID (may change during the session for AOL users) $redirect = reapply_sid($redirect); @@ -3318,6 +3317,11 @@ function get_preg_expression($mode) case 'table_prefix': return '#^[a-zA-Z][a-zA-Z0-9_]*$#'; break; + + // Matches the predecing dot + case 'path_remove_dot_trailing_slash': + return '#^(?:(\.)?)+(?:(.+)?)+(?:([\\/\\\])$)#'; + break; } return ''; @@ -5063,8 +5067,7 @@ function page_header($page_title = '', $display_online_list = false, $item_id = // application/xhtml+xml not used because of IE 'Content-type' => 'text/html; charset=UTF-8', 'Cache-Control' => 'private, no-cache="set-cookie"', - 'Expires' => '0', - 'Pragma' => 'no-cache', + 'Expires' => gmdate('D, d M Y H:i:s', time()) . ' GMT', ); if (!empty($user->data['is_bot'])) { |