diff options
Diffstat (limited to 'phpBB/includes')
| -rw-r--r-- | phpBB/includes/acp/acp_attachments.php | 24 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_users.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/functions.php | 55 | ||||
| -rw-r--r-- | phpBB/includes/functions_content.php | 3 | ||||
| -rw-r--r-- | phpBB/includes/functions_messenger.php | 12 | ||||
| -rw-r--r-- | phpBB/includes/functions_privmsgs.php | 23 | ||||
| -rw-r--r-- | phpBB/includes/functions_user.php | 15 | ||||
| -rw-r--r-- | phpBB/includes/mcp/mcp_main.php | 16 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_pm_compose.php | 10 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_profile.php | 3 |
10 files changed, 109 insertions, 54 deletions
diff --git a/phpBB/includes/acp/acp_attachments.php b/phpBB/includes/acp/acp_attachments.php index a7035f38b7..94e3660de8 100644 --- a/phpBB/includes/acp/acp_attachments.php +++ b/phpBB/includes/acp/acp_attachments.php @@ -27,6 +27,9 @@ class acp_attachments /** @var \phpbb\config\config */ protected $config; + /** @var \phpbb\language\language */ + protected $language; + /** @var ContainerBuilder */ protected $phpbb_container; @@ -54,6 +57,7 @@ class acp_attachments $this->id = $id; $this->db = $db; $this->config = $config; + $this->language = $phpbb_container->get('language'); $this->template = $template; $this->user = $user; $this->phpbb_container = $phpbb_container; @@ -128,7 +132,7 @@ class acp_attachments $s_assigned_groups = array(); while ($row = $db->sql_fetchrow($result)) { - $row['group_name'] = (isset($user->lang['EXT_GROUP_' . $row['group_name']])) ? $user->lang['EXT_GROUP_' . $row['group_name']] : $row['group_name']; + $row['group_name'] = $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) : $row['group_name']; $s_assigned_groups[$row['cat_id']][] = $row['group_name']; } $db->sql_freeresult($result); @@ -573,7 +577,7 @@ class acp_attachments $group_id = $db->sql_nextid(); } - $group_name = (isset($user->lang['EXT_GROUP_' . $group_name])) ? $user->lang['EXT_GROUP_' . $group_name] : $group_name; + $group_name = $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($group_name)) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($group_name)) : $group_name; $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_EXTGROUP_' . strtoupper($action), false, array($group_name)); } @@ -875,7 +879,7 @@ class acp_attachments 'U_EDIT' => $this->u_action . "&action=edit&g={$row['group_id']}", 'U_DELETE' => $this->u_action . "&action=delete&g={$row['group_id']}", - 'GROUP_NAME' => (isset($user->lang['EXT_GROUP_' . $row['group_name']])) ? $user->lang['EXT_GROUP_' . $row['group_name']] : $row['group_name'], + 'GROUP_NAME' => $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) : $row['group_name'], 'CATEGORY' => $cat_lang[$row['cat_id']], ) ); @@ -1240,23 +1244,15 @@ class acp_attachments $display_cat = isset($extensions[$row['extension']]['display_cat']) ? $extensions[$row['extension']]['display_cat'] : ATTACHMENT_CATEGORY_NONE; $l_downloaded_viewed = ($display_cat == ATTACHMENT_CATEGORY_NONE) ? 'DOWNLOAD_COUNTS' : 'VIEWED_COUNTS'; - // Capitalises the group name and checks if its key exists in the language file - $up_group_name = utf8_strtoupper($extensions[$row['extension']]['group_name']); - $ext_group_name = (!empty($up_group_name)) ? (isset($user->lang['EXT_GROUP_' . $up_group_name]) ? $user->lang['EXT_GROUP_' . $up_group_name] : '') : ''; - $template->assign_block_vars('attachments', array( 'ATTACHMENT_POSTER' => get_username_string('full', (int) $row['poster_id'], (string) $row['username'], (string) $row['user_colour'], (string) $row['username']), 'FILESIZE' => get_formatted_filesize((int) $row['filesize']), 'FILETIME' => $user->format_date((int) $row['filetime']), - 'REAL_FILENAME' => (!$row['in_message']) ? utf8_basename((string) $row['real_filename']) : '', - 'PHYSICAL_FILENAME' => utf8_basename((string) $row['physical_filename']), - 'EXT_GROUP_NAME' => $ext_group_name, + 'REAL_FILENAME' => utf8_basename((string) $row['real_filename']), + 'EXT_GROUP_NAME' => $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($extensions[$row['extension']]['group_name'])) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($extensions[$row['extension']]['group_name'])) : $extensions[$row['extension']]['group_name'], 'COMMENT' => $comment, 'TOPIC_TITLE' => (!$row['in_message']) ? (string) $row['topic_title'] : '', 'ATTACH_ID' => (int) $row['attach_id'], - 'POST_ID' => (int) $row['post_msg_id'], - 'TOPIC_ID' => (int) $row['topic_id'], - 'POST_IDS' => (!empty($post_ids[$row['attach_id']])) ? (int) $post_ids[$row['attach_id']] : '', 'L_DOWNLOAD_COUNT' => $user->lang($l_downloaded_viewed, (int) $row['download_count']), @@ -1438,7 +1434,7 @@ class acp_attachments $group_name = array(); while ($row = $db->sql_fetchrow($result)) { - $row['group_name'] = (isset($user->lang['EXT_GROUP_' . $row['group_name']])) ? $user->lang['EXT_GROUP_' . $row['group_name']] : $row['group_name']; + $row['group_name'] = $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) : $row['group_name']; $group_name[] = $row; } $db->sql_freeresult($result); diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index 2d1eaadfae..fd4b5e8c24 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -855,7 +855,7 @@ class acp_users $check_ary += array( 'username' => array( array('string', false, $config['min_name_chars'], $config['max_name_chars']), - array('username', $user_row['username']) + array('username', $user_row['username'], true) ), ); } diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 5234c3472d..47c4197d96 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1843,27 +1843,6 @@ function redirect($url, $return = false, $disable_cd_check = false) garbage_collection(); } - // Redirect via an HTML form for PITA webservers - if (@preg_match('#WebSTAR|Xitami#', getenv('SERVER_SOFTWARE'))) - { - header('Refresh: 0; URL=' . $url); - - echo '<!DOCTYPE html>'; - echo '<html dir="' . $user->lang['DIRECTION'] . '" lang="' . $user->lang['USER_LANG'] . '">'; - echo '<head>'; - echo '<meta charset="utf-8">'; - echo '<meta http-equiv="X-UA-Compatible" content="IE=edge">'; - echo '<meta http-equiv="refresh" content="0; url=' . str_replace('&', '&', $url) . '" />'; - echo '<title>' . $user->lang['REDIRECT'] . '</title>'; - echo '</head>'; - echo '<body>'; - echo '<div style="text-align: center;">' . sprintf($user->lang['URL_REDIRECT'], '<a href="' . str_replace('&', '&', $url) . '">', '</a>') . '</div>'; - echo '</body>'; - echo '</html>'; - - exit; - } - // Behave as per HTTP/1.1 spec for others header('Location: ' . $url); exit; @@ -2158,7 +2137,7 @@ function check_form_key($form_name, $timespan = false) function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_body.html', $u_action = '') { global $user, $template, $db, $request; - global $config, $language, $phpbb_path_helper; + global $config, $language, $phpbb_path_helper, $phpbb_dispatcher; if (isset($_POST['cancel'])) { @@ -2255,8 +2234,7 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo if ($request->is_ajax()) { $u_action .= '&confirm_uid=' . $user->data['user_id'] . '&sess=' . $user->session_id . '&sid=' . $user->session_id; - $json_response = new \phpbb\json_response; - $json_response->send(array( + $data = array( 'MESSAGE_BODY' => $template->assign_display('body'), 'MESSAGE_TITLE' => $confirm_title, 'MESSAGE_TEXT' => $confirm_text, @@ -2264,7 +2242,28 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo 'YES_VALUE' => $language->lang('YES'), 'S_CONFIRM_ACTION' => str_replace('&', '&', $u_action), //inefficient, rewrite whole function 'S_HIDDEN_FIELDS' => $hidden . $s_hidden_fields - )); + ); + + /** + * This event allows an extension to modify the ajax output of confirm box. + * + * @event core.confirm_box_ajax_before + * @var string u_action Action of the form + * @var array data Data to be sent + * @var string hidden Hidden fields generated by caller + * @var string s_hidden_fields Hidden fields generated by this function + * @since 3.2.8-RC1 + */ + $vars = array( + 'u_action', + 'data', + 'hidden', + 's_hidden_fields', + ); + extract($phpbb_dispatcher->trigger_event('core.confirm_box_ajax_before', compact($vars))); + + $json_response = new \phpbb\json_response; + $json_response->send($data); } if (defined('IN_ADMIN') && isset($user->data['session_admin']) && $user->data['session_admin']) @@ -2365,7 +2364,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa } // Check form key - if ($password && !check_form_key($form_name)) + if ($password && !defined('IN_CHECK_BAN') && !check_form_key($form_name)) { $result = array( 'status' => false, @@ -4132,9 +4131,9 @@ function phpbb_get_user_avatar($user_row, $alt = 'USER_AVATAR', $ignore_config = * * @return string Avatar html */ -function phpbb_get_group_avatar($user_row, $alt = 'GROUP_AVATAR', $ignore_config = false, $lazy = false) +function phpbb_get_group_avatar($group_row, $alt = 'GROUP_AVATAR', $ignore_config = false, $lazy = false) { - $row = \phpbb\avatar\manager::clean_row($user_row, 'group'); + $row = \phpbb\avatar\manager::clean_row($group_row, 'group'); return phpbb_get_avatar($row, $alt, $ignore_config, $lazy); } diff --git a/phpBB/includes/functions_content.php b/phpBB/includes/functions_content.php index a15a03f966..2542be5e02 100644 --- a/phpBB/includes/functions_content.php +++ b/phpBB/includes/functions_content.php @@ -1482,6 +1482,8 @@ function truncate_string($string, $max_length = 60, $max_store_length = 255, $al * Get username details for placing into templates. * This function caches all modes on first call, except for no_profile and anonymous user - determined by $user_id. * +* @html Username spans and links +* * @param string $mode Can be profile (for getting an url to the profile), username (for obtaining the username), colour (for obtaining the user colour), full (for obtaining a html string representing a coloured link to the users profile) or no_profile (the same as full but forcing no profile link) * @param int $user_id The users id * @param string $username The users name @@ -1501,6 +1503,7 @@ function get_username_string($mode, $user_id, $username, $username_colour = '', { global $phpbb_root_path, $phpEx; + /** @html Username spans and links for usage in the template */ $_profile_cache['base_url'] = append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&u={USER_ID}'); $_profile_cache['tpl_noprofile'] = '<span class="username">{USERNAME}</span>'; $_profile_cache['tpl_noprofile_colour'] = '<span style="color: {USERNAME_COLOUR};" class="username-coloured">{USERNAME}</span>'; diff --git a/phpBB/includes/functions_messenger.php b/phpBB/includes/functions_messenger.php index f44bcc6fb7..7f8238e1bf 100644 --- a/phpBB/includes/functions_messenger.php +++ b/phpBB/includes/functions_messenger.php @@ -1581,6 +1581,14 @@ class smtp_class */ protected function starttls() { + global $config; + + // allow SMTPS (what was used by phpBB 3.0) if hostname is prefixed with tls:// or ssl:// + if (strpos($config['smtp_host'], 'tls://') === 0 || strpos($config['smtp_host'], 'ssl://') === 0) + { + return true; + } + if (!function_exists('stream_socket_enable_crypto')) { return false; @@ -1603,7 +1611,9 @@ class smtp_class if (socket_set_blocking($this->socket, 1)) { - $result = stream_socket_enable_crypto($this->socket, true, STREAM_CRYPTO_METHOD_TLS_CLIENT); + // https://secure.php.net/manual/en/function.stream-socket-enable-crypto.php#119122 + $crypto = (phpbb_version_compare(PHP_VERSION, '5.6.7', '<')) ? STREAM_CRYPTO_METHOD_TLS_CLIENT : STREAM_CRYPTO_METHOD_SSLv23_CLIENT; + $result = stream_socket_enable_crypto($this->socket, true, $crypto); socket_set_blocking($this->socket, (int) $stream_meta['blocked']); } diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php index a7a4b050fe..baadf5bdee 100644 --- a/phpBB/includes/functions_privmsgs.php +++ b/phpBB/includes/functions_privmsgs.php @@ -1966,7 +1966,7 @@ function submit_pm($mode, $subject, &$data_ary, $put_in_outbox = true) */ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode = false) { - global $db, $user, $template, $phpbb_root_path, $phpEx, $auth; + global $db, $user, $template, $phpbb_root_path, $phpEx, $auth, $phpbb_dispatcher; // Select all receipts and the author from the pm we currently view, to only display their pm-history $sql = 'SELECT author_id, user_id @@ -2087,7 +2087,7 @@ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode $previous_history_pm = $prev_id; } - $template->assign_block_vars('history_row', array( + $template_vars = array( 'MESSAGE_AUTHOR_QUOTE' => (($decoded_message) ? addslashes(get_username_string('username', $author_id, $row['username'], $row['user_colour'], $row['username'])) : ''), 'MESSAGE_AUTHOR_FULL' => get_username_string('full', $author_id, $row['username'], $row['user_colour'], $row['username']), 'MESSAGE_AUTHOR_COLOUR' => get_username_string('colour', $author_id, $row['username'], $row['user_colour'], $row['username']), @@ -2109,8 +2109,25 @@ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode 'USER_ID' => $row['user_id'], 'U_VIEW_MESSAGE' => "$url&f=$folder_id&p=" . $row['msg_id'], 'U_QUOTE' => (!$in_post_mode && $auth->acl_get('u_sendpm') && $author_id != ANONYMOUS) ? "$url&mode=compose&action=quote&f=" . $folder_id . "&p=" . $row['msg_id'] : '', - 'U_POST_REPLY_PM' => ($author_id != $user->data['user_id'] && $author_id != ANONYMOUS && $auth->acl_get('u_sendpm')) ? "$url&mode=compose&action=reply&f=$folder_id&p=" . $row['msg_id'] : '') + 'U_POST_REPLY_PM' => ($author_id != $user->data['user_id'] && $author_id != ANONYMOUS && $auth->acl_get('u_sendpm')) ? "$url&mode=compose&action=reply&f=$folder_id&p=" . $row['msg_id'] : '' ); + + /** + * Modify the template vars for displaying the message history in private message + * + * @event core.message_history_modify_template_vars + * @var array template_vars Array containing the query + * @var array row Array containing the action user row + * @since 3.2.8-RC1 + */ + $vars = array( + 'template_vars', + 'row', + ); + extract($phpbb_dispatcher->trigger_event('core.message_history_modify_template_vars', compact($vars))); + + $template->assign_block_vars('history_row', $template_vars); + unset($rowset[$i]); $prev_id = $id; } diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index fb9241d4aa..3bf4aa16b7 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1732,7 +1732,7 @@ function phpbb_validate_timezone($timezone) * @return mixed Either false if validation succeeded or a string which will be * used as the error message (with the variable name appended) */ -function validate_username($username, $allowed_username = false) +function validate_username($username, $allowed_username = false, $allow_all_names = false) { global $config, $db, $user, $cache; @@ -1815,13 +1815,16 @@ function validate_username($username, $allowed_username = false) return 'USERNAME_TAKEN'; } - $bad_usernames = $cache->obtain_disallowed_usernames(); - - foreach ($bad_usernames as $bad_username) + if (!$allow_all_names) { - if (preg_match('#^' . $bad_username . '$#', $clean_username)) + $bad_usernames = $cache->obtain_disallowed_usernames(); + + foreach ($bad_usernames as $bad_username) { - return 'USERNAME_DISALLOWED'; + if (preg_match('#^' . $bad_username . '$#', $clean_username)) + { + return 'USERNAME_DISALLOWED'; + } } } diff --git a/phpBB/includes/mcp/mcp_main.php b/phpBB/includes/mcp/mcp_main.php index 4bd783b279..744eaebd7d 100644 --- a/phpBB/includes/mcp/mcp_main.php +++ b/phpBB/includes/mcp/mcp_main.php @@ -41,6 +41,22 @@ class mcp_main $quickmod = ($mode == 'quickmod') ? true : false; + /** + * Event to perform additional actions before an MCP action is executed. + * + * @event core.mcp_main_before + * @var string action The action that is about to be performed + * @var string mode The mode in which the MCP is accessed, e.g. front, forum_view, topic_view, post_details, quickmod + * @var boolean quickmod Whether or not the action is performed via QuickMod + * @since 3.2.8-RC1 + */ + $vars = [ + 'action', + 'mode', + 'quickmod', + ]; + extract($phpbb_dispatcher->trigger_event('core.mcp_main_before', compact($vars))); + switch ($action) { case 'lock': diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index 543db4f889..cb45112b01 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -1007,6 +1007,16 @@ function compose_pm($id, $mode, $action, $user_folders = array()) if (($action == 'reply' || $action == 'quote' || $action == 'quotepost') && !$preview && !$refresh) { $message_subject = ((!preg_match('/^Re:/', $message_subject)) ? 'Re: ' : '') . censor_text($message_subject); + + /** + * This event allows you to modify the PM subject of the PM being quoted + * + * @event core.pm_modify_message_subject + * @var string message_subject String with the PM subject already censored. + * @since 3.2.8-RC1 + */ + $vars = array('message_subject'); + extract($phpbb_dispatcher->trigger_event('core.pm_modify_message_subject', compact($vars))); } if ($action == 'forward' && !$preview && !$refresh && !$submit) diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php index 9a1284083f..36ab3d0463 100644 --- a/phpBB/includes/ucp/ucp_profile.php +++ b/phpBB/includes/ucp/ucp_profile.php @@ -133,7 +133,6 @@ class ucp_profile 'user_email' => ($auth->acl_get('u_chgemail')) ? $data['email'] : $user->data['user_email'], 'user_email_hash' => ($auth->acl_get('u_chgemail')) ? phpbb_email_hash($data['email']) : $user->data['user_email_hash'], 'user_password' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? $passwords_manager->hash($data['new_password']) : $user->data['user_password'], - 'user_passchg' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? time() : 0, ); if ($auth->acl_get('u_chgname') && $config['allow_namechange'] && $data['username'] != $user->data['username']) @@ -147,6 +146,8 @@ class ucp_profile if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && !$passwords_manager->check($data['new_password'], $user->data['user_password'])) { + $sql_ary['user_passchg'] = time(); + $user->reset_login_keys(); $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_NEW_PASSWORD', false, array( 'reportee_id' => $user->data['user_id'], |