aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes')
-rw-r--r--phpBB/includes/acp/acp_database.php2
-rw-r--r--phpBB/includes/acp/acp_email.php28
-rw-r--r--phpBB/includes/acp/acp_extensions.php2
-rw-r--r--phpBB/includes/functions_admin.php65
-rw-r--r--phpBB/includes/functions_content.php10
-rw-r--r--phpBB/includes/functions_install.php2
-rw-r--r--phpBB/includes/mcp/mcp_logs.php2
-rw-r--r--phpBB/includes/message_parser.php12
-rw-r--r--phpBB/includes/startup.php28
9 files changed, 50 insertions, 101 deletions
diff --git a/phpBB/includes/acp/acp_database.php b/phpBB/includes/acp/acp_database.php
index 0c52f82459..7de108c88a 100644
--- a/phpBB/includes/acp/acp_database.php
+++ b/phpBB/includes/acp/acp_database.php
@@ -29,7 +29,7 @@ class acp_database
global $cache, $db, $user, $auth, $template, $table_prefix;
global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
- $this->db_tools = new \phpbb\db\tools($db);
+ $this->db_tools = new \phpbb\db\tools\tools($db);
$user->add_lang('acp/database');
diff --git a/phpBB/includes/acp/acp_email.php b/phpBB/includes/acp/acp_email.php
index fe55b36e67..4fefd6bec3 100644
--- a/phpBB/includes/acp/acp_email.php
+++ b/phpBB/includes/acp/acp_email.php
@@ -26,7 +26,7 @@ class acp_email
function main($id, $mode)
{
global $config, $db, $user, $auth, $template, $cache;
- global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix;
+ global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix, $phpbb_dispatcher;
$user->add_lang('acp/email');
$this->tpl_name = 'acp_email';
@@ -72,11 +72,15 @@ class acp_email
if ($usernames)
{
// If giving usernames the admin is able to email inactive users too...
- $sql = 'SELECT username, user_email, user_jabber, user_notify_type, user_lang
- FROM ' . USERS_TABLE . '
- WHERE ' . $db->sql_in_set('username_clean', array_map('utf8_clean_string', explode("\n", $usernames))) . '
- AND user_allow_massemail = 1
- ORDER BY user_lang, user_notify_type'; // , SUBSTRING(user_email FROM INSTR(user_email, '@'))
+ $sql_ary = array(
+ 'SELECT' => 'username, user_email, user_jabber, user_notify_type, user_lang',
+ 'FROM' => array(
+ USERS_TABLE => '',
+ ),
+ 'WHERE' => $db->sql_in_set('username_clean', array_map('utf8_clean_string', explode("\n", $usernames))) . '
+ AND user_allow_massemail = 1',
+ 'ORDER_BY' => 'user_lang, user_notify_type',
+ );
}
else
{
@@ -123,8 +127,18 @@ class acp_email
),
);
}
- $sql = $db->sql_build_query('SELECT', $sql_ary);
}
+ /**
+ * Modify sql query to change the list of users the email is sent to
+ *
+ * @event core.acp_email_modify_sql
+ * @var array sql_ary Array which is used to build the sql query
+ * @since 3.1.2-RC1
+ */
+ $vars = array('sql_ary');
+ extract($phpbb_dispatcher->trigger_event('core.acp_email_modify_sql', compact($vars)));
+
+ $sql = $db->sql_build_query('SELECT', $sql_ary);
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
diff --git a/phpBB/includes/acp/acp_extensions.php b/phpBB/includes/acp/acp_extensions.php
index 9bdd8eb458..89fdc8b863 100644
--- a/phpBB/includes/acp/acp_extensions.php
+++ b/phpBB/includes/acp/acp_extensions.php
@@ -537,7 +537,7 @@ class acp_extensions
$version_check = $meta['extra']['version-check'];
- $version_helper = new \phpbb\version_helper($this->cache, $this->config, $this->user);
+ $version_helper = new \phpbb\version_helper($this->cache, $this->config, new \phpbb\file_downloader(), $this->user);
$version_helper->set_current_version($meta['version']);
$version_helper->set_file_location($version_check['host'], $version_check['directory'], $version_check['filename']);
$version_helper->force_stability($this->config['extension_force_unstable'] ? 'unstable' : null);
diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php
index 5ddaf31cf5..0b9ea23fe7 100644
--- a/phpBB/includes/functions_admin.php
+++ b/phpBB/includes/functions_admin.php
@@ -2982,68 +2982,21 @@ function get_database_size()
/**
* Retrieve contents from remotely stored file
+*
+* @deprecated 3.1.2 Use file_downloader instead
*/
function get_remote_file($host, $directory, $filename, &$errstr, &$errno, $port = 80, $timeout = 6)
{
- global $user;
-
- if ($fsock = @fsockopen($host, $port, $errno, $errstr, $timeout))
- {
- @fputs($fsock, "GET $directory/$filename HTTP/1.0\r\n");
- @fputs($fsock, "HOST: $host\r\n");
- @fputs($fsock, "Connection: close\r\n\r\n");
+ global $phpbb_container;
- $timer_stop = time() + $timeout;
- stream_set_timeout($fsock, $timeout);
-
- $file_info = '';
- $get_info = false;
-
- while (!@feof($fsock))
- {
- if ($get_info)
- {
- $file_info .= @fread($fsock, 1024);
- }
- else
- {
- $line = @fgets($fsock, 1024);
- if ($line == "\r\n")
- {
- $get_info = true;
- }
- else if (stripos($line, '404 not found') !== false)
- {
- $errstr = $user->lang('FILE_NOT_FOUND', $filename);
- return false;
- }
- }
+ // Get file downloader and assign $errstr and $errno
+ $file_downloader = $phpbb_container->get('file_downloader');
- $stream_meta_data = stream_get_meta_data($fsock);
-
- if (!empty($stream_meta_data['timed_out']) || time() >= $timer_stop)
- {
- $errstr = $user->lang['FSOCK_TIMEOUT'];
- return false;
- }
- }
- @fclose($fsock);
- }
- else
- {
- if ($errstr)
- {
- $errstr = utf8_convert_message($errstr);
- return false;
- }
- else
- {
- $errstr = $user->lang['FSOCK_DISABLED'];
- return false;
- }
- }
+ $file_data = $file_downloader->get($host, $directory, $filename, $port, $timeout);
+ $errstr = $file_downloader->get_error_string();
+ $errno = $file_downloader->get_error_number();
- return $file_info;
+ return $file_data;
}
/*
diff --git a/phpBB/includes/functions_content.php b/phpBB/includes/functions_content.php
index 25ca50e8f1..87cf34bd9d 100644
--- a/phpBB/includes/functions_content.php
+++ b/phpBB/includes/functions_content.php
@@ -712,7 +712,7 @@ function make_clickable_callback($type, $whitespace, $url, $relative_url, $class
break;
}
- $short_url = (strlen($url) > 55) ? substr($url, 0, 39) . ' ... ' . substr($url, -10) : $url;
+ $short_url = (utf8_strlen($url) > 55) ? utf8_substr($url, 0, 39) . ' ... ' . utf8_substr($url, -10) : $url;
switch ($type)
{
@@ -788,28 +788,28 @@ function make_clickable($text, $server_url = false, $class = 'postlink')
// relative urls for this board
$magic_url_match_args[$server_url][] = array(
- '#(^|[\n\t (>.])(' . preg_quote($server_url, '#') . ')/(' . get_preg_expression('relative_url_inline') . ')#i',
+ '#(^|[\n\t (>.])(' . preg_quote($server_url, '#') . ')/(' . get_preg_expression('relative_url_inline') . ')#iu',
MAGIC_URL_LOCAL,
$local_class,
);
// matches a xxxx://aaaaa.bbb.cccc. ...
$magic_url_match_args[$server_url][] = array(
- '#(^|[\n\t (>.])(' . get_preg_expression('url_inline') . ')#i',
+ '#(^|[\n\t (>.])(' . get_preg_expression('url_inline') . ')#iu',
MAGIC_URL_FULL,
$class,
);
// matches a "www.xxxx.yyyy[/zzzz]" kinda lazy URL thing
$magic_url_match_args[$server_url][] = array(
- '#(^|[\n\t (>])(' . get_preg_expression('www_url_inline') . ')#i',
+ '#(^|[\n\t (>])(' . get_preg_expression('www_url_inline') . ')#iu',
MAGIC_URL_WWW,
$class,
);
// matches an email@domain type address at the start of a line, or after a space or after what might be a BBCode.
$magic_url_match_args[$server_url][] = array(
- '/(^|[\n\t (>])(' . get_preg_expression('email') . ')/i',
+ '/(^|[\n\t (>])(' . get_preg_expression('email') . ')/iu',
MAGIC_URL_EMAIL,
'',
);
diff --git a/phpBB/includes/functions_install.php b/phpBB/includes/functions_install.php
index a60ddd40c5..956e5a5180 100644
--- a/phpBB/includes/functions_install.php
+++ b/phpBB/includes/functions_install.php
@@ -188,7 +188,7 @@ function dbms_select($default = '', $only_20x_options = false)
*/
function get_tables(&$db)
{
- $db_tools = new \phpbb\db\tools($db);
+ $db_tools = new \phpbb\db\tools\tools($db);
return $db_tools->sql_list_tables();
}
diff --git a/phpBB/includes/mcp/mcp_logs.php b/phpBB/includes/mcp/mcp_logs.php
index 92dcdb5499..9c76f0df90 100644
--- a/phpBB/includes/mcp/mcp_logs.php
+++ b/phpBB/includes/mcp/mcp_logs.php
@@ -137,7 +137,7 @@ class mcp_logs
if ($mode == 'topic_logs')
{
- $conditions['topic_logs'] = $topic_id;
+ $conditions['topic_id'] = $topic_id;
}
$phpbb_log->delete('mod', $conditions);
diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php
index bc996cf275..12ef94c07a 100644
--- a/phpBB/includes/message_parser.php
+++ b/phpBB/includes/message_parser.php
@@ -313,7 +313,7 @@ class bbcode_firstpass extends bbcode
$in = str_replace(' ', '%20', $in);
// Checking urls
- if (!preg_match('#^' . get_preg_expression('url') . '$#i', $in) && !preg_match('#^' . get_preg_expression('www_url') . '$#i', $in))
+ if (!preg_match('#^' . get_preg_expression('url') . '$#i', $in) && !preg_match('#^' . get_preg_expression('www_url') . '$#iu', $in))
{
return '[img]' . $in . '[/img]';
}
@@ -381,8 +381,8 @@ class bbcode_firstpass extends bbcode
$in = str_replace(' ', '%20', $in);
// Make sure $in is a URL.
- if (!preg_match('#^' . get_preg_expression('url') . '$#i', $in) &&
- !preg_match('#^' . get_preg_expression('www_url') . '$#i', $in))
+ if (!preg_match('#^' . get_preg_expression('url') . '$#iu', $in) &&
+ !preg_match('#^' . get_preg_expression('www_url') . '$#iu', $in))
{
return '[flash=' . $width . ',' . $height . ']' . $in . '[/flash]';
}
@@ -973,9 +973,9 @@ class bbcode_firstpass extends bbcode
$url = str_replace(' ', '%20', $url);
// Checking urls
- if (preg_match('#^' . get_preg_expression('url') . '$#i', $url) ||
- preg_match('#^' . get_preg_expression('www_url') . '$#i', $url) ||
- preg_match('#^' . preg_quote(generate_board_url(), '#') . get_preg_expression('relative_url') . '$#i', $url))
+ if (preg_match('#^' . get_preg_expression('url') . '$#iu', $url) ||
+ preg_match('#^' . get_preg_expression('www_url') . '$#iu', $url) ||
+ preg_match('#^' . preg_quote(generate_board_url(), '#') . get_preg_expression('relative_url') . '$#iu', $url))
{
$valid = true;
}
diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php
index 50fcd11bee..2885c80541 100644
--- a/phpBB/includes/startup.php
+++ b/phpBB/includes/startup.php
@@ -69,31 +69,13 @@ function deregister_globals()
{
if (isset($not_unset[$varname]))
{
- // Hacking attempt. No point in continuing unless it's a COOKIE (so a cookie called GLOBALS doesn't lock users out completely)
- if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS']))
+ // Hacking attempt. No point in continuing.
+ if (isset($_COOKIE[$varname]))
{
- exit;
- }
- else
- {
- $cookie = &$_COOKIE;
- while (isset($cookie['GLOBALS']))
- {
- if (!is_array($cookie['GLOBALS']))
- {
- break;
- }
-
- foreach ($cookie['GLOBALS'] as $registered_var => $value)
- {
- if (!isset($not_unset[$registered_var]))
- {
- unset($GLOBALS[$registered_var]);
- }
- }
- $cookie = &$cookie['GLOBALS'];
- }
+ echo "Clear your cookies. ";
}
+ echo "Malicious variable name detected. Contact the administrator and ask them to disable register_globals.";
+ exit;
}
unset($GLOBALS[$varname]);
generated by cgit v1.2.1 (git 2.21.0) at 2025-10-17 23:46:45 +0000