aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes')
-rw-r--r--phpBB/includes/acp/acp_attachments.php6
-rw-r--r--phpBB/includes/acp/acp_board.php10
-rw-r--r--phpBB/includes/acp/acp_database.php2
-rw-r--r--phpBB/includes/acp/acp_forums.php7
-rw-r--r--phpBB/includes/acp/acp_update.php16
-rw-r--r--phpBB/includes/constants.php2
-rw-r--r--phpBB/includes/functions.php37
-rw-r--r--phpBB/includes/functions_acp.php12
-rw-r--r--phpBB/includes/functions_download.php4
-rw-r--r--phpBB/includes/functions_messenger.php19
-rw-r--r--phpBB/includes/functions_posting.php25
-rw-r--r--phpBB/includes/functions_privmsgs.php2
-rw-r--r--phpBB/includes/mcp/mcp_ban.php2
-rw-r--r--phpBB/includes/mcp/mcp_main.php2
-rw-r--r--phpBB/includes/ucp/ucp_attachments.php30
-rw-r--r--phpBB/includes/ucp/ucp_pm_viewfolder.php4
16 files changed, 143 insertions, 37 deletions
diff --git a/phpBB/includes/acp/acp_attachments.php b/phpBB/includes/acp/acp_attachments.php
index 5b1db5c31b..a7035f38b7 100644
--- a/phpBB/includes/acp/acp_attachments.php
+++ b/phpBB/includes/acp/acp_attachments.php
@@ -1240,13 +1240,17 @@ class acp_attachments
$display_cat = isset($extensions[$row['extension']]['display_cat']) ? $extensions[$row['extension']]['display_cat'] : ATTACHMENT_CATEGORY_NONE;
$l_downloaded_viewed = ($display_cat == ATTACHMENT_CATEGORY_NONE) ? 'DOWNLOAD_COUNTS' : 'VIEWED_COUNTS';
+ // Capitalises the group name and checks if its key exists in the language file
+ $up_group_name = utf8_strtoupper($extensions[$row['extension']]['group_name']);
+ $ext_group_name = (!empty($up_group_name)) ? (isset($user->lang['EXT_GROUP_' . $up_group_name]) ? $user->lang['EXT_GROUP_' . $up_group_name] : '') : '';
+
$template->assign_block_vars('attachments', array(
'ATTACHMENT_POSTER' => get_username_string('full', (int) $row['poster_id'], (string) $row['username'], (string) $row['user_colour'], (string) $row['username']),
'FILESIZE' => get_formatted_filesize((int) $row['filesize']),
'FILETIME' => $user->format_date((int) $row['filetime']),
'REAL_FILENAME' => (!$row['in_message']) ? utf8_basename((string) $row['real_filename']) : '',
'PHYSICAL_FILENAME' => utf8_basename((string) $row['physical_filename']),
- 'EXT_GROUP_NAME' => (!empty($extensions[$row['extension']]['group_name'])) ? $user->lang['EXT_GROUP_' . $extensions[$row['extension']]['group_name']] : '',
+ 'EXT_GROUP_NAME' => $ext_group_name,
'COMMENT' => $comment,
'TOPIC_TITLE' => (!$row['in_message']) ? (string) $row['topic_title'] : '',
'ATTACH_ID' => (int) $row['attach_id'],
diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php
index f89f5535eb..e348c769bd 100644
--- a/phpBB/includes/acp/acp_board.php
+++ b/phpBB/includes/acp/acp_board.php
@@ -30,10 +30,13 @@ class acp_board
function main($id, $mode)
{
- global $user, $template, $request;
+ global $user, $template, $request, $language;
global $config, $phpbb_root_path, $phpEx;
global $cache, $phpbb_container, $phpbb_dispatcher, $phpbb_log;
+ /** @var \phpbb\language\language $language Language object */
+ $language = $phpbb_container->get('language');
+
$user->add_lang('acp/board');
$submit = (isset($_POST['submit']) || isset($_POST['allow_quick_reply_enable'])) ? true : false;
@@ -56,7 +59,7 @@ class acp_board
'legend1' => 'ACP_BOARD_SETTINGS',
'sitename' => array('lang' => 'SITE_NAME', 'validate' => 'string', 'type' => 'text:40:255', 'explain' => false),
'site_desc' => array('lang' => 'SITE_DESC', 'validate' => 'string', 'type' => 'text:40:255', 'explain' => false),
- 'site_home_url' => array('lang' => 'SITE_HOME_URL', 'validate' => 'string', 'type' => 'url:40:255', 'explain' => true),
+ 'site_home_url' => array('lang' => 'SITE_HOME_URL', 'validate' => 'url', 'type' => 'url:40:255', 'explain' => true),
'site_home_text' => array('lang' => 'SITE_HOME_TEXT', 'validate' => 'string', 'type' => 'text:40:255', 'explain' => true),
'board_index_text' => array('lang' => 'BOARD_INDEX_TEXT', 'validate' => 'string', 'type' => 'text:40:255', 'explain' => true),
'board_disable' => array('lang' => 'DISABLE_BOARD', 'validate' => 'bool', 'type' => 'custom', 'method' => 'board_disable', 'explain' => true),
@@ -122,6 +125,7 @@ class acp_board
$avatar_vars = array();
foreach ($avatar_drivers as $current_driver)
{
+ /** @var \phpbb\avatar\driver\driver_interface $driver */
$driver = $phpbb_avatar_manager->get_driver($current_driver, false);
/*
@@ -730,7 +734,7 @@ class acp_board
$template->assign_block_vars('options', array(
'KEY' => $config_key,
'TITLE' => (isset($user->lang[$vars['lang']])) ? $user->lang[$vars['lang']] : $vars['lang'],
- 'S_EXPLAIN' => $vars['explain'],
+ 'S_EXPLAIN' => $vars['explain'] && !empty($l_explain),
'TITLE_EXPLAIN' => $l_explain,
'CONTENT' => $content,
)
diff --git a/phpBB/includes/acp/acp_database.php b/phpBB/includes/acp/acp_database.php
index 05f2b98524..c33c2e4d6f 100644
--- a/phpBB/includes/acp/acp_database.php
+++ b/phpBB/includes/acp/acp_database.php
@@ -216,7 +216,7 @@ class acp_database
}
else if (confirm_box(true))
{
- switch ($backup_info['extensions'])
+ switch ($backup_info['extension'])
{
case 'sql':
$fp = fopen($backup_info['file_name'], 'rb');
diff --git a/phpBB/includes/acp/acp_forums.php b/phpBB/includes/acp/acp_forums.php
index be5a7a2f26..cb0593b14a 100644
--- a/phpBB/includes/acp/acp_forums.php
+++ b/phpBB/includes/acp/acp_forums.php
@@ -986,6 +986,13 @@ class acp_forums
$errors[] = $user->lang['FORUM_NAME_EMPTY'];
}
+ // No Emojis
+ if (preg_match_all('/[\x{10000}-\x{10FFFF}]/u', $forum_data_ary['forum_name'], $matches))
+ {
+ $character_list = implode('<br>', $matches[0]);
+ $errors[] = $user->lang('FORUM_NAME_EMOJI', $character_list);
+ }
+
if (utf8_strlen($forum_data_ary['forum_desc']) > 4000)
{
$errors[] = $user->lang['FORUM_DESC_TOO_LONG'];
diff --git a/phpBB/includes/acp/acp_update.php b/phpBB/includes/acp/acp_update.php
index 9124a59ef2..fa3afa6ce3 100644
--- a/phpBB/includes/acp/acp_update.php
+++ b/phpBB/includes/acp/acp_update.php
@@ -59,17 +59,19 @@ class acp_update
$update_link = $phpbb_root_path . 'install/app.' . $phpEx;
- $template->assign_vars(array(
- 'S_UP_TO_DATE' => empty($updates_available),
- 'U_ACTION' => $this->u_action,
- 'U_VERSIONCHECK_FORCE' => append_sid($this->u_action . '&amp;versioncheck_force=1'),
+ $template_ary = [
+ 'S_UP_TO_DATE' => empty($updates_available),
+ 'U_ACTION' => $this->u_action,
+ 'U_VERSIONCHECK_FORCE' => append_sid($this->u_action . '&amp;versioncheck_force=1'),
- 'CURRENT_VERSION' => $config['version'],
+ 'CURRENT_VERSION' => $config['version'],
- 'UPDATE_INSTRUCTIONS' => sprintf($user->lang['UPDATE_INSTRUCTIONS'], $update_link),
+ 'UPDATE_INSTRUCTIONS' => $user->lang('UPDATE_INSTRUCTIONS', $update_link),
'S_VERSION_UPGRADEABLE' => !empty($upgrades_available),
'UPGRADE_INSTRUCTIONS' => !empty($upgrades_available) ? $user->lang('UPGRADE_INSTRUCTIONS', $upgrades_available['current'], $upgrades_available['announcement']) : false,
- ));
+ ];
+
+ $template->assign_vars($template_ary);
// Incomplete update?
if (phpbb_version_compare($config['version'], PHPBB_VERSION, '<'))
diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php
index d80f348ac5..89d056f2e1 100644
--- a/phpBB/includes/constants.php
+++ b/phpBB/includes/constants.php
@@ -28,7 +28,7 @@ if (!defined('IN_PHPBB'))
*/
// phpBB Version
-@define('PHPBB_VERSION', '3.2.6-dev');
+@define('PHPBB_VERSION', '3.2.8-dev');
// QA-related
// define('PHPBB_QA', 1);
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 24f251601f..5234c3472d 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -2288,6 +2288,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
global $request, $phpbb_container, $phpbb_dispatcher, $phpbb_log;
$err = '';
+ $form_name = 'login';
// Make sure user->setup() has been called
if (!$user->is_setup())
@@ -2363,8 +2364,19 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
trigger_error('NO_AUTH_ADMIN_USER_DIFFER');
}
- // If authentication is successful we redirect user to previous page
- $result = $auth->login($username, $password, $autologin, $viewonline, $admin);
+ // Check form key
+ if ($password && !check_form_key($form_name))
+ {
+ $result = array(
+ 'status' => false,
+ 'error_msg' => 'FORM_INVALID',
+ );
+ }
+ else
+ {
+ // If authentication is successful we redirect user to previous page
+ $result = $auth->login($username, $password, $autologin, $viewonline, $admin);
+ }
// If admin authentication and login, we will log if it was a success or not...
// We also break the operation on the first non-success login - it could be argued that the user already knows
@@ -2515,6 +2527,9 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
));
}
+ // Add form token for login box
+ add_form_key($form_name, '_LOGIN');
+
$s_hidden_fields = build_hidden_fields($s_hidden_fields);
$login_box_template_data = array(
@@ -2649,6 +2664,9 @@ function login_forum_box($forum_data)
page_header($user->lang['LOGIN']);
+ // Add form token for login box
+ add_form_key('login', '_LOGIN');
+
$template->assign_vars(array(
'FORUM_NAME' => isset($forum_data['forum_name']) ? $forum_data['forum_name'] : '',
'S_LOGIN_ACTION' => build_url(array('f')),
@@ -4421,6 +4439,19 @@ function page_header($page_title = '', $display_online_list = false, $item_id =
$controller_helper = $phpbb_container->get('controller.helper');
$notification_mark_hash = generate_link_hash('mark_all_notifications_read');
+ $s_login_redirect = build_hidden_fields(array('redirect' => $phpbb_path_helper->remove_web_root_path(build_url())));
+ /**
+ * Workaround for missing template variable in pre phpBB 3.2.6 styles.
+ * @deprecated 3.2.7 (To be removed: 3.3.0-a1)
+ */
+ $form_token_login = $template->retrieve_var('S_FORM_TOKEN_LOGIN');
+ if (!empty($form_token_login))
+ {
+ $s_login_redirect .= $form_token_login;
+ // Remove S_FORM_TOKEN_LOGIN as it's already appended to S_LOGIN_REDIRECT
+ $template->assign_var('S_FORM_TOKEN_LOGIN', '');
+ }
+
// The following assigns all _common_ variables that may be used at any point in a template.
$template->assign_vars(array(
'SITENAME' => $config['sitename'],
@@ -4510,7 +4541,7 @@ function page_header($page_title = '', $display_online_list = false, $item_id =
'S_TOPIC_ID' => $topic_id,
'S_LOGIN_ACTION' => ((!defined('ADMIN_START')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=login') : append_sid("{$phpbb_admin_path}index.$phpEx", false, true, $user->session_id)),
- 'S_LOGIN_REDIRECT' => build_hidden_fields(array('redirect' => $phpbb_path_helper->remove_web_root_path(build_url()))),
+ 'S_LOGIN_REDIRECT' => $s_login_redirect,
'S_ENABLE_FEEDS' => ($config['feed_enable']) ? true : false,
'S_ENABLE_FEEDS_OVERALL' => ($config['feed_overall']) ? true : false,
diff --git a/phpBB/includes/functions_acp.php b/phpBB/includes/functions_acp.php
index 9b7491305c..dd326c3db6 100644
--- a/phpBB/includes/functions_acp.php
+++ b/phpBB/includes/functions_acp.php
@@ -419,7 +419,7 @@ function build_cfg_template($tpl_type, $key, &$new_ary, $config_key, $vars)
*/
function validate_config_vars($config_vars, &$cfg_array, &$error)
{
- global $phpbb_root_path, $user, $phpbb_dispatcher, $phpbb_filesystem;
+ global $phpbb_root_path, $user, $phpbb_dispatcher, $phpbb_filesystem, $language;
$type = 0;
$min = 1;
@@ -442,6 +442,16 @@ function validate_config_vars($config_vars, &$cfg_array, &$error)
// Validate a bit. ;) (0 = type, 1 = min, 2= max)
switch ($validator[$type])
{
+ case 'url':
+ $cfg_array[$config_name] = trim($cfg_array[$config_name]);
+
+ if (!empty($cfg_array[$config_name]) && !preg_match('#^' . get_preg_expression('url') . '$#iu', $cfg_array[$config_name]))
+ {
+ $error[] = $language->lang('URL_INVALID', $language->lang($config_definition['lang']));
+ }
+
+ // no break here
+
case 'string':
$length = utf8_strlen($cfg_array[$config_name]);
diff --git a/phpBB/includes/functions_download.php b/phpBB/includes/functions_download.php
index 7be12baa13..1f409be58c 100644
--- a/phpBB/includes/functions_download.php
+++ b/phpBB/includes/functions_download.php
@@ -196,7 +196,7 @@ function send_file_to_browser($attachment, $upload_dir, $category)
}
// Now the tricky part... let's dance
- header('Cache-Control: public');
+ header('Cache-Control: private');
// Send out the Headers. Do not set Content-Disposition to inline please, it is a security measure for users using the Internet Explorer.
header('Content-Type: ' . $attachment['mimetype']);
@@ -451,7 +451,7 @@ function set_modified_headers($stamp, $browser)
{
send_status_line(304, 'Not Modified');
// seems that we need those too ... browsers
- header('Cache-Control: public');
+ header('Cache-Control: private');
header('Expires: ' . gmdate('D, d M Y H:i:s', time() + 31536000) . ' GMT');
return true;
}
diff --git a/phpBB/includes/functions_messenger.php b/phpBB/includes/functions_messenger.php
index 4f0d40031d..7f8238e1bf 100644
--- a/phpBB/includes/functions_messenger.php
+++ b/phpBB/includes/functions_messenger.php
@@ -181,10 +181,9 @@ class messenger
/**
* Adds X-AntiAbuse headers
*
- * @param array $config Configuration array
- * @param user $user A user object
- *
- * @return null
+ * @param \phpbb\config\config $config Config object
+ * @param \phpbb\user $user User object
+ * @return void
*/
function anti_abuse_headers($config, $user)
{
@@ -1582,6 +1581,14 @@ class smtp_class
*/
protected function starttls()
{
+ global $config;
+
+ // allow SMTPS (what was used by phpBB 3.0) if hostname is prefixed with tls:// or ssl://
+ if (strpos($config['smtp_host'], 'tls://') === 0 || strpos($config['smtp_host'], 'ssl://') === 0)
+ {
+ return true;
+ }
+
if (!function_exists('stream_socket_enable_crypto'))
{
return false;
@@ -1604,7 +1611,9 @@ class smtp_class
if (socket_set_blocking($this->socket, 1))
{
- $result = stream_socket_enable_crypto($this->socket, true, STREAM_CRYPTO_METHOD_TLS_CLIENT);
+ // https://secure.php.net/manual/en/function.stream-socket-enable-crypto.php#119122
+ $crypto = (phpbb_version_compare(PHP_VERSION, '5.6.7', '<')) ? STREAM_CRYPTO_METHOD_TLS_CLIENT : STREAM_CRYPTO_METHOD_SSLv23_CLIENT;
+ $result = stream_socket_enable_crypto($this->socket, true, $crypto);
socket_set_blocking($this->socket, (int) $stream_meta['blocked']);
}
diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php
index 3640f543d9..c5a7400ddf 100644
--- a/phpBB/includes/functions_posting.php
+++ b/phpBB/includes/functions_posting.php
@@ -978,6 +978,30 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id
AND u.user_id = p.poster_id',
);
+ /**
+ * Event to modify the SQL query for topic reviews
+ *
+ * @event core.topic_review_modify_sql_ary
+ * @var int topic_id The topic ID that is being reviewed
+ * @var int forum_id The topic's forum ID
+ * @var string mode The topic review mode
+ * @var int cur_post_id Post offset ID
+ * @var bool show_quote_button Flag indicating if the quote button should be displayed
+ * @var array post_list Array with the post IDs
+ * @var array sql_ary Array with the SQL query
+ * @since 3.2.8-RC1
+ */
+ $vars = array(
+ 'topic_id',
+ 'forum_id',
+ 'mode',
+ 'cur_post_id',
+ 'show_quote_button',
+ 'post_list',
+ 'sql_ary',
+ );
+ extract($phpbb_dispatcher->trigger_event('core.topic_review_modify_sql_ary', compact($vars)));
+
$sql = $db->sql_build_query('SELECT', $sql_ary);
$result = $db->sql_query($sql);
@@ -1284,6 +1308,7 @@ function delete_post($forum_id, $topic_id, $post_id, &$data, $is_soft = false, $
delete_topics('topic_id', array($topic_id), false);
$phpbb_content_visibility->remove_topic_from_statistic($data, $sql_data);
+ $config->increment('num_posts', -1, false);
$update_sql = update_post_information('forum', $forum_id, true);
if (count($update_sql))
diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php
index 444bf2c7e0..a7a4b050fe 100644
--- a/phpBB/includes/functions_privmsgs.php
+++ b/phpBB/includes/functions_privmsgs.php
@@ -490,7 +490,7 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
'bcc' => explode(':', $row['bcc_address']),
'friend' => (isset($zebra[$row['author_id']])) ? $zebra[$row['author_id']]['friend'] : 0,
'foe' => (isset($zebra[$row['author_id']])) ? $zebra[$row['author_id']]['foe'] : 0,
- 'user_in_group' => array($user->data['group_id']),
+ 'user_in_group' => $user->data['group_id'],
'author_in_group' => array())
);
diff --git a/phpBB/includes/mcp/mcp_ban.php b/phpBB/includes/mcp/mcp_ban.php
index 8797f06db8..6f748f5433 100644
--- a/phpBB/includes/mcp/mcp_ban.php
+++ b/phpBB/includes/mcp/mcp_ban.php
@@ -269,7 +269,7 @@ class mcp_ban
}
else if ($post_id)
{
- $post_info = phpbb_get_post_data($post_id, 'm_ban');
+ $post_info = phpbb_get_post_data(array($post_id), 'm_ban');
if (count($post_info) && !empty($post_info[$post_id]))
{
diff --git a/phpBB/includes/mcp/mcp_main.php b/phpBB/includes/mcp/mcp_main.php
index c3e3ade160..4bd783b279 100644
--- a/phpBB/includes/mcp/mcp_main.php
+++ b/phpBB/includes/mcp/mcp_main.php
@@ -378,7 +378,7 @@ function lock_unlock($action, $ids)
*/
function change_topic_type($action, $topic_ids)
{
- global $user, $db, $request, $phpbb_log;
+ global $user, $db, $request, $phpbb_log, $phpbb_dispatcher;
switch ($action)
{
diff --git a/phpBB/includes/ucp/ucp_attachments.php b/phpBB/includes/ucp/ucp_attachments.php
index c1b623cd71..7808fed325 100644
--- a/phpBB/includes/ucp/ucp_attachments.php
+++ b/phpBB/includes/ucp/ucp_attachments.php
@@ -29,7 +29,7 @@ class ucp_attachments
function main($id, $mode)
{
- global $template, $user, $db, $config, $phpEx, $phpbb_root_path, $phpbb_container, $request;
+ global $template, $user, $db, $config, $phpEx, $phpbb_root_path, $phpbb_container, $request, $auth;
$start = $request->variable('start', 0);
$sort_key = $request->variable('sk', 'a');
@@ -41,16 +41,27 @@ class ucp_attachments
if ($delete && count($delete_ids))
{
// Validate $delete_ids...
- $sql = 'SELECT attach_id
- FROM ' . ATTACHMENTS_TABLE . '
- WHERE poster_id = ' . $user->data['user_id'] . '
- AND is_orphan = 0
- AND ' . $db->sql_in_set('attach_id', $delete_ids);
+ $sql = 'SELECT a.attach_id, p.post_edit_locked, t.topic_status, f.forum_id, f.forum_status
+ FROM ' . ATTACHMENTS_TABLE . ' a
+ LEFT JOIN ' . POSTS_TABLE . ' p
+ ON (a.post_msg_id = p.post_id AND a.in_message = 0)
+ LEFT JOIN ' . TOPICS_TABLE . ' t
+ ON (t.topic_id = p.topic_id AND a.in_message = 0)
+ LEFT JOIN ' . FORUMS_TABLE . ' f
+ ON (f.forum_id = t.forum_id AND a.in_message = 0)
+ WHERE a.poster_id = ' . $user->data['user_id'] . '
+ AND a.is_orphan = 0
+ AND ' . $db->sql_in_set('a.attach_id', $delete_ids);
$result = $db->sql_query($sql);
$delete_ids = array();
while ($row = $db->sql_fetchrow($result))
{
+ if (!$auth->acl_get('m_edit', $row['forum_id']) && ($row['forum_status'] == ITEM_LOCKED || $row['topic_status'] == ITEM_LOCKED || $row['post_edit_locked']))
+ {
+ continue;
+ }
+
$delete_ids[] = $row['attach_id'];
}
$db->sql_freeresult($result);
@@ -124,10 +135,12 @@ class ucp_attachments
$pagination = $phpbb_container->get('pagination');
$start = $pagination->validate_start($start, $config['topics_per_page'], $num_attachments);
- $sql = 'SELECT a.*, t.topic_title, p.message_subject as message_title
+ $sql = 'SELECT a.*, t.topic_title, pr.message_subject as message_title, p.post_edit_locked, t.topic_status, f.forum_id, f.forum_status
FROM ' . ATTACHMENTS_TABLE . ' a
+ LEFT JOIN ' . POSTS_TABLE . ' p ON (a.post_msg_id = p.post_id AND a.in_message = 0)
LEFT JOIN ' . TOPICS_TABLE . ' t ON (a.topic_id = t.topic_id AND a.in_message = 0)
- LEFT JOIN ' . PRIVMSGS_TABLE . ' p ON (a.post_msg_id = p.msg_id AND a.in_message = 1)
+ LEFT JOIN ' . FORUMS_TABLE . ' f ON (f.forum_id = t.forum_id AND a.in_message = 0)
+ LEFT JOIN ' . PRIVMSGS_TABLE . ' pr ON (a.post_msg_id = pr.msg_id AND a.in_message = 1)
WHERE a.poster_id = ' . $user->data['user_id'] . "
AND a.is_orphan = 0
ORDER BY $order_by";
@@ -164,6 +177,7 @@ class ucp_attachments
'TOPIC_ID' => $row['topic_id'],
'S_IN_MESSAGE' => $row['in_message'],
+ 'S_LOCKED' => !$row['in_message'] && !$auth->acl_get('m_edit', $row['forum_id']) && ($row['forum_status'] == ITEM_LOCKED || $row['topic_status'] == ITEM_LOCKED || $row['post_edit_locked']),
'U_VIEW_ATTACHMENT' => append_sid("{$phpbb_root_path}download/file.$phpEx", 'id=' . $row['attach_id']),
'U_VIEW_TOPIC' => $view_topic)
diff --git a/phpBB/includes/ucp/ucp_pm_viewfolder.php b/phpBB/includes/ucp/ucp_pm_viewfolder.php
index a0b535d683..09e7bf4d7c 100644
--- a/phpBB/includes/ucp/ucp_pm_viewfolder.php
+++ b/phpBB/includes/ucp/ucp_pm_viewfolder.php
@@ -138,9 +138,9 @@ function view_folder($id, $mode, $folder_id, $folder)
$row_indicator = '';
foreach ($color_rows as $var)
{
- if (($var != 'friend' && $var != 'foe' && $row['pm_' . $var])
+ if (($var !== 'friend' && $var !== 'foe' && $row[($var === 'message_reported') ? $var : "pm_{$var}"])
||
- (($var == 'friend' || $var == 'foe') && isset(${$var}[$row['author_id']]) && ${$var}[$row['author_id']]))
+ (($var === 'friend' || $var === 'foe') && isset(${$var}[$row['author_id']]) && ${$var}[$row['author_id']]))
{
$row_indicator = $var;
break;
generated by cgit v1.2.1 (git 2.21.0) at 2025-06-08 20:18:44 +0000