aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes')
-rw-r--r--phpBB/includes/acp/acp_database.php8
-rw-r--r--phpBB/includes/acp/acp_forums.php24
-rw-r--r--phpBB/includes/acp/acp_icons.php18
-rw-r--r--phpBB/includes/acp/acp_language.php7
-rw-r--r--phpBB/includes/acp/acp_modules.php30
-rw-r--r--phpBB/includes/acp/acp_permission_roles.php9
-rw-r--r--phpBB/includes/acp/acp_profile.php29
-rw-r--r--phpBB/includes/acp/acp_reasons.php9
-rw-r--r--phpBB/includes/acp/acp_search.php18
-rw-r--r--phpBB/includes/functions_admin.php24
-rw-r--r--phpBB/includes/functions_content.php22
-rw-r--r--phpBB/includes/functions_download.php2
-rw-r--r--phpBB/includes/functions_user.php48
-rw-r--r--phpBB/includes/mcp/mcp_forum.php2
-rw-r--r--phpBB/includes/mcp/mcp_main.php18
-rw-r--r--phpBB/includes/ucp/ucp_main.php129
16 files changed, 345 insertions, 52 deletions
diff --git a/phpBB/includes/acp/acp_database.php b/phpBB/includes/acp/acp_database.php
index 9666ac5b6e..16655ff4cb 100644
--- a/phpBB/includes/acp/acp_database.php
+++ b/phpBB/includes/acp/acp_database.php
@@ -39,6 +39,14 @@ class acp_database
$action = request_var('action', '');
$submit = (isset($_POST['submit'])) ? true : false;
+ $form_key = 'acp_database';
+ add_form_key($form_key);
+
+ if ($submit && !check_form_key($form_key))
+ {
+ trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+ }
+
$template->assign_vars(array(
'MODE' => $mode
));
diff --git a/phpBB/includes/acp/acp_forums.php b/phpBB/includes/acp/acp_forums.php
index 98273f06d9..1e69a4ad20 100644
--- a/phpBB/includes/acp/acp_forums.php
+++ b/phpBB/includes/acp/acp_forums.php
@@ -842,9 +842,26 @@ class acp_forums
ORDER BY left_id";
$result = $db->sql_query($sql);
- if ($row = $db->sql_fetchrow($result))
+ $rowset = array();
+ while ($row = $db->sql_fetchrow($result))
+ {
+ $rowset[(int) $row['forum_id']] = $row;
+ }
+ $db->sql_freeresult($result);
+
+ /**
+ * Modify the forum list data
+ *
+ * @event core.acp_manage_forums_modify_forum_list
+ * @var array rowset Array with the forums list data
+ * @since 3.1.10-RC1
+ */
+ $vars = array('rowset');
+ extract($phpbb_dispatcher->trigger_event('core.acp_manage_forums_modify_forum_list', compact($vars)));
+
+ if (!empty($rowset))
{
- do
+ foreach ($rowset as $row)
{
$forum_type = $row['forum_type'];
@@ -888,7 +905,6 @@ class acp_forums
'U_SYNC' => $url . '&action=sync')
);
}
- while ($row = $db->sql_fetchrow($result));
}
else if ($this->parent_id)
{
@@ -904,7 +920,7 @@ class acp_forums
'U_SYNC' => $url . '&action=sync')
);
}
- $db->sql_freeresult($result);
+ unset($rowset);
$template->assign_vars(array(
'ERROR_MSG' => (sizeof($errors)) ? implode('<br />', $errors) : '',
diff --git a/phpBB/includes/acp/acp_icons.php b/phpBB/includes/acp/acp_icons.php
index 9265415dd1..e9bc02d88b 100644
--- a/phpBB/includes/acp/acp_icons.php
+++ b/phpBB/includes/acp/acp_icons.php
@@ -40,6 +40,15 @@ class acp_icons
$action = (isset($_POST['edit'])) ? 'edit' : $action;
$action = (isset($_POST['import'])) ? 'import' : $action;
$icon_id = request_var('id', 0);
+ $submit = $request->is_set_post('submit', false);
+
+ $form_key = 'acp_icons';
+ add_form_key($form_key);
+
+ if ($submit && !check_form_key($form_key))
+ {
+ trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+ }
$mode = ($mode == 'smilies') ? 'smilies' : 'icons';
@@ -811,6 +820,11 @@ class acp_icons
case 'move_up':
case 'move_down':
+ if (!check_link_hash($request->variable('hash', ''), 'acp_icons'))
+ {
+ trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+ }
+
// Get current order id...
$sql = "SELECT {$fields}_order as current_order
FROM $table
@@ -928,8 +942,8 @@ class acp_icons
'EMOTION' => (isset($row['emotion'])) ? $row['emotion'] : '',
'U_EDIT' => $this->u_action . '&amp;action=edit&amp;id=' . $row[$fields . '_id'],
'U_DELETE' => $this->u_action . '&amp;action=delete&amp;id=' . $row[$fields . '_id'],
- 'U_MOVE_UP' => $this->u_action . '&amp;action=move_up&amp;id=' . $row[$fields . '_id'] . '&amp;start=' . $pagination_start,
- 'U_MOVE_DOWN' => $this->u_action . '&amp;action=move_down&amp;id=' . $row[$fields . '_id'] . '&amp;start=' . $pagination_start,
+ 'U_MOVE_UP' => $this->u_action . '&amp;action=move_up&amp;id=' . $row[$fields . '_id'] . '&amp;start=' . $pagination_start . '&amp;hash=' . generate_link_hash('acp_icons'),
+ 'U_MOVE_DOWN' => $this->u_action . '&amp;action=move_down&amp;id=' . $row[$fields . '_id'] . '&amp;start=' . $pagination_start . '&amp;hash=' . generate_link_hash('acp_icons'),
));
if (!$spacer && !$row['display_on_posting'])
diff --git a/phpBB/includes/acp/acp_language.php b/phpBB/includes/acp/acp_language.php
index 3888a411f0..bddc2be9cb 100644
--- a/phpBB/includes/acp/acp_language.php
+++ b/phpBB/includes/acp/acp_language.php
@@ -244,6 +244,11 @@ class acp_language
break;
case 'install':
+ if (!check_link_hash($request->variable('hash', ''), 'acp_language'))
+ {
+ trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+ }
+
$lang_iso = request_var('iso', '');
$lang_iso = basename($lang_iso);
@@ -423,7 +428,7 @@ class acp_language
'ISO' => htmlspecialchars($lang_ary['iso']),
'LOCAL_NAME' => htmlspecialchars($lang_ary['local_name'], ENT_COMPAT, 'UTF-8'),
'NAME' => htmlspecialchars($lang_ary['name'], ENT_COMPAT, 'UTF-8'),
- 'U_INSTALL' => $this->u_action . '&amp;action=install&amp;iso=' . urlencode($lang_ary['iso']))
+ 'U_INSTALL' => $this->u_action . '&amp;action=install&amp;iso=' . urlencode($lang_ary['iso']) . '&amp;hash=' . generate_link_hash('acp_language'))
);
}
}
diff --git a/phpBB/includes/acp/acp_modules.php b/phpBB/includes/acp/acp_modules.php
index 55ea26b9d3..9d14614417 100644
--- a/phpBB/includes/acp/acp_modules.php
+++ b/phpBB/includes/acp/acp_modules.php
@@ -46,6 +46,9 @@ class acp_modules
$user->add_lang('acp/modules');
$this->tpl_name = 'acp_modules';
+ $form_key = 'acp_modules';
+ add_form_key($form_key);
+
// module class
$this->module_class = $mode;
@@ -119,6 +122,11 @@ class acp_modules
trigger_error($user->lang['NO_MODULE_ID'] . adm_back_link($this->u_action . '&amp;parent_id=' . $this->parent_id), E_USER_WARNING);
}
+ if (!check_link_hash($request->variable('hash', ''), 'acp_modules'))
+ {
+ trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&amp;parent_id=' . $this->parent_id), E_USER_WARNING);
+ }
+
$sql = 'SELECT *
FROM ' . MODULES_TABLE . "
WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
@@ -150,6 +158,11 @@ class acp_modules
trigger_error($user->lang['NO_MODULE_ID'] . adm_back_link($this->u_action . '&amp;parent_id=' . $this->parent_id), E_USER_WARNING);
}
+ if (!check_link_hash($request->variable('hash', ''), 'acp_modules'))
+ {
+ trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&amp;parent_id=' . $this->parent_id), E_USER_WARNING);
+ }
+
$sql = 'SELECT *
FROM ' . MODULES_TABLE . "
WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
@@ -273,6 +286,11 @@ class acp_modules
if ($submit)
{
+ if (!check_form_key($form_key))
+ {
+ trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&amp;parent_id=' . $this->parent_id), E_USER_WARNING);
+ }
+
if (!$module_data['module_langname'])
{
trigger_error($user->lang['NO_MODULE_LANGNAME'] . adm_back_link($this->u_action . '&amp;parent_id=' . $this->parent_id), E_USER_WARNING);
@@ -460,12 +478,12 @@ class acp_modules
'S_ACP_MODULE_MANAGEMENT' => ($this->module_class == 'acp' && ($row['module_basename'] == 'modules' || $row['module_langname'] == 'ACP_MODULE_MANAGEMENT')) ? true : false,
'U_MODULE' => $this->u_action . '&amp;parent_id=' . $row['module_id'],
- 'U_MOVE_UP' => $url . '&amp;action=move_up',
- 'U_MOVE_DOWN' => $url . '&amp;action=move_down',
+ 'U_MOVE_UP' => $url . '&amp;action=move_up&amp;hash=' . generate_link_hash('acp_modules'),
+ 'U_MOVE_DOWN' => $url . '&amp;action=move_down&amp;hash=' . generate_link_hash('acp_modules'),
'U_EDIT' => $url . '&amp;action=edit',
'U_DELETE' => $url . '&amp;action=delete',
- 'U_ENABLE' => $url . '&amp;action=enable',
- 'U_DISABLE' => $url . '&amp;action=disable')
+ 'U_ENABLE' => $url . '&amp;action=enable&amp;hash=' . generate_link_hash('acp_modules'),
+ 'U_DISABLE' => $url . '&amp;action=disable&amp;hash=' . generate_link_hash('acp_modules'))
);
}
while ($row = $db->sql_fetchrow($result));
@@ -484,8 +502,8 @@ class acp_modules
'U_EDIT' => $url . '&amp;action=edit',
'U_DELETE' => $url . '&amp;action=delete',
- 'U_ENABLE' => $url . '&amp;action=enable',
- 'U_DISABLE' => $url . '&amp;action=disable')
+ 'U_ENABLE' => $url . '&amp;action=enable&amp;hash=' . generate_link_hash('acp_modules'),
+ 'U_DISABLE' => $url . '&amp;action=disable&amp;hash=' . generate_link_hash('acp_modules'))
);
}
$db->sql_freeresult($result);
diff --git a/phpBB/includes/acp/acp_permission_roles.php b/phpBB/includes/acp/acp_permission_roles.php
index be4ab4676a..0796b36fef 100644
--- a/phpBB/includes/acp/acp_permission_roles.php
+++ b/phpBB/includes/acp/acp_permission_roles.php
@@ -366,6 +366,11 @@ class acp_permission_roles
case 'move_up':
case 'move_down':
+ if (!check_link_hash($request->variable('hash', ''), 'acp_permission_roles'))
+ {
+ trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+ }
+
$sql = 'SELECT role_order
FROM ' . ACL_ROLES_TABLE . "
WHERE role_id = $role_id";
@@ -440,8 +445,8 @@ class acp_permission_roles
'U_EDIT' => $this->u_action . '&amp;action=edit&amp;role_id=' . $row['role_id'],
'U_REMOVE' => $this->u_action . '&amp;action=remove&amp;role_id=' . $row['role_id'],
- 'U_MOVE_UP' => $this->u_action . '&amp;action=move_up&amp;role_id=' . $row['role_id'],
- 'U_MOVE_DOWN' => $this->u_action . '&amp;action=move_down&amp;role_id=' . $row['role_id'],
+ 'U_MOVE_UP' => $this->u_action . '&amp;action=move_up&amp;role_id=' . $row['role_id'] . '&amp;hash=' . generate_link_hash('acp_permission_roles'),
+ 'U_MOVE_DOWN' => $this->u_action . '&amp;action=move_down&amp;role_id=' . $row['role_id'] . '&amp;hash=' . generate_link_hash('acp_permission_roles'),
'U_DISPLAY_ITEMS' => ($row['role_id'] == $display_item) ? '' : $this->u_action . '&amp;display_item=' . $row['role_id'] . '#assigned_to')
);
diff --git a/phpBB/includes/acp/acp_profile.php b/phpBB/includes/acp/acp_profile.php
index 8c7691538c..485f849f51 100644
--- a/phpBB/includes/acp/acp_profile.php
+++ b/phpBB/includes/acp/acp_profile.php
@@ -53,6 +53,9 @@ class acp_profile
$error = array();
$s_hidden_fields = '';
+ $form_key = 'acp_profile';
+ add_form_key($form_key);
+
if (!$field_id && in_array($action, array('delete','activate', 'deactivate', 'move_up', 'move_down', 'edit')))
{
trigger_error($user->lang['NO_FIELD_ID'] . adm_back_link($this->u_action), E_USER_WARNING);
@@ -161,6 +164,11 @@ class acp_profile
case 'activate':
+ if (!check_link_hash($request->variable('hash', ''), 'acp_profile'))
+ {
+ trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+ }
+
$sql = 'SELECT lang_id
FROM ' . LANG_TABLE . "
WHERE lang_iso = '" . $db->sql_escape($config['default_lang']) . "'";
@@ -201,6 +209,11 @@ class acp_profile
case 'deactivate':
+ if (!check_link_hash($request->variable('hash', ''), 'acp_profile'))
+ {
+ trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+ }
+
$sql = 'UPDATE ' . PROFILE_FIELDS_TABLE . "
SET field_active = 0
WHERE field_id = $field_id";
@@ -230,6 +243,11 @@ class acp_profile
case 'move_up':
case 'move_down':
+ if (!check_link_hash($request->variable('hash', ''), 'acp_profile'))
+ {
+ trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+ }
+
$sql = 'SELECT field_order
FROM ' . PROFILE_FIELDS_TABLE . "
WHERE field_id = $field_id";
@@ -579,6 +597,11 @@ class acp_profile
if (!sizeof($error))
{
+ if (!check_form_key($form_key))
+ {
+ trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+ }
+
if (($step == 3 && (sizeof($this->lang_defs['iso']) == 1 || $save)) || ($action == 'edit' && $save))
{
$this->save_profile_field($cp, $field_type, $action);
@@ -735,12 +758,12 @@ class acp_profile
'FIELD_TYPE' => $profile_field->get_name(),
'L_ACTIVATE_DEACTIVATE' => $user->lang[$active_lang],
- 'U_ACTIVATE_DEACTIVATE' => $this->u_action . "&amp;action=$active_value&amp;field_id=$id",
+ 'U_ACTIVATE_DEACTIVATE' => $this->u_action . "&amp;action=$active_value&amp;field_id=$id" . '&amp;hash=' . generate_link_hash('acp_profile'),
'U_EDIT' => $this->u_action . "&amp;action=edit&amp;field_id=$id",
'U_TRANSLATE' => $this->u_action . "&amp;action=edit&amp;field_id=$id&amp;step=3",
'U_DELETE' => $this->u_action . "&amp;action=delete&amp;field_id=$id",
- 'U_MOVE_UP' => $this->u_action . "&amp;action=move_up&amp;field_id=$id",
- 'U_MOVE_DOWN' => $this->u_action . "&amp;action=move_down&amp;field_id=$id",
+ 'U_MOVE_UP' => $this->u_action . "&amp;action=move_up&amp;field_id=$id" . '&amp;hash=' . generate_link_hash('acp_profile'),
+ 'U_MOVE_DOWN' => $this->u_action . "&amp;action=move_down&amp;field_id=$id" . '&amp;hash=' . generate_link_hash('acp_profile'),
'S_NEED_EDIT' => $s_need_edit)
);
diff --git a/phpBB/includes/acp/acp_reasons.php b/phpBB/includes/acp/acp_reasons.php
index 3d7ccf422c..bd40a88138 100644
--- a/phpBB/includes/acp/acp_reasons.php
+++ b/phpBB/includes/acp/acp_reasons.php
@@ -282,6 +282,11 @@ class acp_reasons
case 'move_up':
case 'move_down':
+ if (!check_link_hash($request->variable('hash', ''), 'acp_reasons'))
+ {
+ trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+ }
+
$sql = 'SELECT reason_order
FROM ' . REPORTS_REASONS_TABLE . "
WHERE reason_id = $reason_id";
@@ -383,8 +388,8 @@ class acp_reasons
'U_EDIT' => $this->u_action . '&amp;action=edit&amp;id=' . $row['reason_id'],
'U_DELETE' => (!$other_reason) ? $this->u_action . '&amp;action=delete&amp;id=' . $row['reason_id'] : '',
- 'U_MOVE_UP' => $this->u_action . '&amp;action=move_up&amp;id=' . $row['reason_id'],
- 'U_MOVE_DOWN' => $this->u_action . '&amp;action=move_down&amp;id=' . $row['reason_id'])
+ 'U_MOVE_UP' => $this->u_action . '&amp;action=move_up&amp;id=' . $row['reason_id'] . '&amp;hash=' . generate_link_hash('acp_reasons'),
+ 'U_MOVE_DOWN' => $this->u_action . '&amp;action=move_down&amp;id=' . $row['reason_id'] . '&amp;hash=' . generate_link_hash('acp_reasons'))
);
}
$db->sql_freeresult($result);
diff --git a/phpBB/includes/acp/acp_search.php b/phpBB/includes/acp/acp_search.php
index abb8301507..f15a75e9a1 100644
--- a/phpBB/includes/acp/acp_search.php
+++ b/phpBB/includes/acp/acp_search.php
@@ -54,6 +54,13 @@ class acp_search
global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
$submit = (isset($_POST['submit'])) ? true : false;
+ $form_key = 'acp_search';
+ add_form_key($form_key);
+
+ if ($submit && !check_form_key($form_key))
+ {
+ trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+ }
$search_types = $this->get_search_types();
@@ -232,7 +239,7 @@ class acp_search
function index($id, $mode)
{
- global $db, $user, $auth, $template, $cache;
+ global $db, $user, $auth, $template, $cache, $request;
global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
$action = request_var('action', '');
@@ -244,6 +251,15 @@ class acp_search
$this->state = array();
$this->save_state();
}
+ $submit = $request->is_set_post('submit', false);
+
+ $form_key = 'acp_search';
+ add_form_key($form_key);
+
+ if (!check_form_key($form_key) && in_array($action, array('delete', 'create')))
+ {
+ trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+ }
if ($action)
{
diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php
index 9c543eaac6..1dc246ec33 100644
--- a/phpBB/includes/functions_admin.php
+++ b/phpBB/includes/functions_admin.php
@@ -65,7 +65,7 @@ function recalc_nested_sets(&$new_id, $pkey, $table, $parent_id = 0, $where = ar
*/
function make_forum_select($select_id = false, $ignore_id = false, $ignore_acl = false, $ignore_nonpost = false, $ignore_emptycat = true, $only_acl_post = false, $return_array = false)
{
- global $db, $user, $auth;
+ global $db, $user, $auth, $phpbb_dispatcher;
// This query is identical to the jumpbox one
$sql = 'SELECT forum_id, forum_name, parent_id, forum_type, forum_flags, forum_options, left_id, right_id
@@ -73,16 +73,33 @@ function make_forum_select($select_id = false, $ignore_id = false, $ignore_acl =
ORDER BY left_id ASC';
$result = $db->sql_query($sql, 600);
+ $rowset = array();
+ while ($row = $db->sql_fetchrow($result))
+ {
+ $rowset[(int) $row['forum_id']] = $row;
+ }
+ $db->sql_freeresult($result);
+
$right = 0;
$padding_store = array('0' => '');
$padding = '';
$forum_list = ($return_array) ? array() : '';
+ /**
+ * Modify the forum list data
+ *
+ * @event core.make_forum_select_modify_forum_list
+ * @var array rowset Array with the forums list data
+ * @since 3.1.10-RC1
+ */
+ $vars = array('rowset');
+ extract($phpbb_dispatcher->trigger_event('core.make_forum_select_modify_forum_list', compact($vars)));
+
// Sometimes it could happen that forums will be displayed here not be displayed within the index page
// This is the result of forums not displayed at index, having list permissions and a parent of a forum with no permissions.
// If this happens, the padding could be "broken"
- while ($row = $db->sql_fetchrow($result))
+ foreach ($rowset as $row)
{
if ($row['left_id'] < $right)
{
@@ -133,8 +150,7 @@ function make_forum_select($select_id = false, $ignore_id = false, $ignore_acl =
$forum_list .= '<option value="' . $row['forum_id'] . '"' . (($disabled) ? ' disabled="disabled" class="disabled-option"' : $selected) . '>' . $padding . $row['forum_name'] . '</option>';
}
}
- $db->sql_freeresult($result);
- unset($padding_store);
+ unset($padding_store, $rowset);
return $forum_list;
}
diff --git a/phpBB/includes/functions_content.php b/phpBB/includes/functions_content.php
index 87dd306e8a..8e60804d6e 100644
--- a/phpBB/includes/functions_content.php
+++ b/phpBB/includes/functions_content.php
@@ -163,16 +163,33 @@ function make_jumpbox($action, $forum_id = false, $select_all = false, $acl_list
ORDER BY left_id ASC';
$result = $db->sql_query($sql, 600);
+ $rowset = array();
+ while ($row = $db->sql_fetchrow($result))
+ {
+ $rowset[(int) $row['forum_id']] = $row;
+ }
+ $db->sql_freeresult($result);
+
$right = $padding = 0;
$padding_store = array('0' => 0);
$display_jumpbox = false;
$iteration = 0;
+ /**
+ * Modify the jumpbox forum list data
+ *
+ * @event core.make_jumpbox_modify_forum_list
+ * @var array rowset Array with the forums list data
+ * @since 3.1.10-RC1
+ */
+ $vars = array('rowset');
+ extract($phpbb_dispatcher->trigger_event('core.make_jumpbox_modify_forum_list', compact($vars)));
+
// Sometimes it could happen that forums will be displayed here not be displayed within the index page
// This is the result of forums not displayed at index, having list permissions and a parent of a forum with no permissions.
// If this happens, the padding could be "broken"
- while ($row = $db->sql_fetchrow($result))
+ foreach ($rowset as $row)
{
if ($row['left_id'] < $right)
{
@@ -254,8 +271,7 @@ function make_jumpbox($action, $forum_id = false, $select_all = false, $acl_list
}
$iteration++;
}
- $db->sql_freeresult($result);
- unset($padding_store);
+ unset($padding_store, $rowset);
$url_parts = $phpbb_path_helper->get_url_parts($action);
diff --git a/phpBB/includes/functions_download.php b/phpBB/includes/functions_download.php
index 2c6f62227c..c571de579e 100644
--- a/phpBB/includes/functions_download.php
+++ b/phpBB/includes/functions_download.php
@@ -284,7 +284,7 @@ function header_filename($file)
// There be dragons here.
// Not many follows the RFC...
- if (strpos($user_agent, 'MSIE') !== false || strpos($user_agent, 'Safari') !== false || strpos($user_agent, 'Konqueror') !== false)
+ if (strpos($user_agent, 'MSIE') !== false || strpos($user_agent, 'Konqueror') !== false)
{
return "filename=" . rawurlencode($file);
}
diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php
index bfdd1badc3..b82abe0c5e 100644
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@@ -119,19 +119,29 @@ function user_update_name($old_name, $new_name)
global $config, $db, $cache, $phpbb_dispatcher;
$update_ary = array(
- FORUMS_TABLE => array('forum_last_poster_name'),
- MODERATOR_CACHE_TABLE => array('username'),
- POSTS_TABLE => array('post_username'),
- TOPICS_TABLE => array('topic_first_poster_name', 'topic_last_poster_name'),
+ FORUMS_TABLE => array(
+ 'forum_last_poster_id' => 'forum_last_poster_name',
+ ),
+ MODERATOR_CACHE_TABLE => array(
+ 'user_id' => 'username',
+ ),
+ POSTS_TABLE => array(
+ 'poster_id' => 'post_username',
+ ),
+ TOPICS_TABLE => array(
+ 'topic_poster' => 'topic_first_poster_name',
+ 'topic_last_poster_id' => 'topic_last_poster_name',
+ ),
);
foreach ($update_ary as $table => $field_ary)
{
- foreach ($field_ary as $field)
+ foreach ($field_ary as $id_field => $name_field)
{
$sql = "UPDATE $table
- SET $field = '" . $db->sql_escape($new_name) . "'
- WHERE $field = '" . $db->sql_escape($old_name) . "'";
+ SET $name_field = '" . $db->sql_escape($new_name) . "'
+ WHERE $name_field = '" . $db->sql_escape($old_name) . "'
+ AND $id_field <> " . ANONYMOUS;
$db->sql_query($sql);
}
}
@@ -3076,7 +3086,7 @@ function remove_default_rank($group_id, $user_ids)
*/
function group_user_attributes($action, $group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $group_attributes = false)
{
- global $db, $auth, $phpbb_root_path, $phpEx, $config, $phpbb_container;
+ global $db, $auth, $phpbb_root_path, $phpEx, $config, $phpbb_container, $phpbb_dispatcher;
// We need both username and user_id info
$result = user_get_id_name($user_id_ary, $username_ary);
@@ -3207,6 +3217,28 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna
break;
}
+ /**
+ * Event to perform additional actions on setting user group attributes
+ *
+ * @event core.user_set_group_attributes
+ * @var int group_id ID of the group
+ * @var string group_name Name of the group
+ * @var array user_id_ary IDs of the users to set group attributes
+ * @var array username_ary Names of the users to set group attributes
+ * @var array group_attributes Group attributes which were changed
+ * @var string action Action to perform over the group members
+ * @since 3.1.10-RC1
+ */
+ $vars = array(
+ 'group_id',
+ 'group_name',
+ 'user_id_ary',
+ 'username_ary',
+ 'group_attributes',
+ 'action',
+ );
+ extract($phpbb_dispatcher->trigger_event('core.user_set_group_attributes', compact($vars)));
+
// Clear permissions cache of relevant users
$auth->acl_clear_prefetch($user_id_ary);
diff --git a/phpBB/includes/mcp/mcp_forum.php b/phpBB/includes/mcp/mcp_forum.php
index 6faf0de35b..9573ecbe0d 100644
--- a/phpBB/includes/mcp/mcp_forum.php
+++ b/phpBB/includes/mcp/mcp_forum.php
@@ -273,7 +273,7 @@ function mcp_forum_view($id, $mode, $action, $forum_info)
'TOPIC_ICON_IMG_WIDTH' => (!empty($icons[$row['icon_id']])) ? $icons[$row['icon_id']]['width'] : '',
'TOPIC_ICON_IMG_HEIGHT' => (!empty($icons[$row['icon_id']])) ? $icons[$row['icon_id']]['height'] : '',
'UNAPPROVED_IMG' => ($topic_unapproved || $posts_unapproved) ? $user->img('icon_topic_unapproved', ($topic_unapproved) ? 'TOPIC_UNAPPROVED' : 'POSTS_UNAPPROVED') : '',
- 'DELETED_IMG' => ($topic_deleted) ? $user->img('icon_topic_deleted', 'POSTS_DELETED') : '',
+ 'DELETED_IMG' => ($topic_deleted) ? $user->img('icon_topic_deleted', 'TOPIC_DELETED') : '',
'TOPIC_AUTHOR' => get_username_string('username', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']),
'TOPIC_AUTHOR_COLOUR' => get_username_string('colour', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']),
diff --git a/phpBB/includes/mcp/mcp_main.php b/phpBB/includes/mcp/mcp_main.php
index d0908a0d8b..b2441aed1b 100644
--- a/phpBB/includes/mcp/mcp_main.php
+++ b/phpBB/includes/mcp/mcp_main.php
@@ -877,11 +877,12 @@ function mcp_delete_topic($topic_ids, $is_soft = false, $soft_delete_reason = ''
}
$template->assign_vars(array(
- 'S_SHADOW_TOPICS' => $only_shadow,
- 'S_SOFTDELETED' => $only_softdeleted,
- 'S_TOPIC_MODE' => true,
- 'S_ALLOWED_DELETE' => $auth->acl_get('m_delete', $forum_id),
- 'S_ALLOWED_SOFTDELETE' => $auth->acl_get('m_softdelete', $forum_id),
+ 'S_SHADOW_TOPICS' => $only_shadow,
+ 'S_SOFTDELETED' => $only_softdeleted,
+ 'S_TOPIC_MODE' => true,
+ 'S_ALLOWED_DELETE' => $auth->acl_get('m_delete', $forum_id),
+ 'S_ALLOWED_SOFTDELETE' => $auth->acl_get('m_softdelete', $forum_id),
+ 'DELETE_TOPIC_PERMANENTLY_EXPLAIN' => $user->lang('DELETE_TOPIC_PERMANENTLY', sizeof($topic_ids)),
));
$l_confirm = (sizeof($topic_ids) == 1) ? 'DELETE_TOPIC' : 'DELETE_TOPICS';
@@ -1116,9 +1117,10 @@ function mcp_delete_post($post_ids, $is_soft = false, $soft_delete_reason = '',
}
$template->assign_vars(array(
- 'S_SOFTDELETED' => $only_softdeleted,
- 'S_ALLOWED_DELETE' => $auth->acl_get('m_delete', $forum_id),
- 'S_ALLOWED_SOFTDELETE' => $auth->acl_get('m_softdelete', $forum_id),
+ 'S_SOFTDELETED' => $only_softdeleted,
+ 'S_ALLOWED_DELETE' => $auth->acl_get('m_delete', $forum_id),
+ 'S_ALLOWED_SOFTDELETE' => $auth->acl_get('m_softdelete', $forum_id),
+ 'DELETE_POST_PERMANENTLY_EXPLAIN' => $user->lang('DELETE_POST_PERMANENTLY', sizeof($post_ids)),
));
$l_confirm = (sizeof($post_ids) == 1) ? 'DELETE_POST' : 'DELETE_POSTS';
diff --git a/phpBB/includes/ucp/ucp_main.php b/phpBB/includes/ucp/ucp_main.php
index a1624e78ec..8584a9a0fd 100644
--- a/phpBB/includes/ucp/ucp_main.php
+++ b/phpBB/includes/ucp/ucp_main.php
@@ -35,7 +35,7 @@ class ucp_main
function main($id, $mode)
{
- global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx;
+ global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx, $phpbb_dispatcher;
global $request;
switch ($mode)
@@ -215,6 +215,14 @@ class ucp_main
$unwatch = (isset($_POST['unwatch'])) ? true : false;
+ /**
+ * Read and potentially modify the post data used to remove subscriptions to forums/topics
+ *
+ * @event core.ucp_main_subscribed_post_data
+ * @since 3.1.10-RC1
+ */
+ $phpbb_dispatcher->dispatch('core.ucp_main_subscribed_post_data');
+
if ($unwatch)
{
if (check_form_key('ucp_front_subscribed'))
@@ -300,6 +308,20 @@ class ucp_main
$tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array();
}
+ /**
+ * Modify the query used to retrieve a list of subscribed forums
+ *
+ * @event core.ucp_main_subscribed_forums_modify_query
+ * @var array sql_array The subscribed forums query
+ * @var array forbidden_forums The list of forbidden forums
+ * @since 3.1.10-RC1
+ */
+ $vars = array(
+ 'sql_array',
+ 'forbidden_forums',
+ );
+ extract($phpbb_dispatcher->trigger_event('core.ucp_main_subscribed_forums_modify_query', compact($vars)));
+
$sql = $db->sql_build_query('SELECT', $sql_array);
$result = $db->sql_query($sql);
@@ -341,7 +363,7 @@ class ucp_main
$last_post_time = $last_post_url = '';
}
- $template->assign_block_vars('forumrow', array(
+ $template_vars = array(
'FORUM_ID' => $forum_id,
'FORUM_IMG_STYLE' => $folder_image,
'FORUM_FOLDER_IMG' => $user->img($folder_image, $folder_alt),
@@ -360,8 +382,36 @@ class ucp_main
'S_UNREAD_FORUM' => $unread_forum,
'U_LAST_POST' => $last_post_url,
- 'U_VIEWFORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']))
+ 'U_VIEWFORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id'])
+ );
+
+ /**
+ * Add template variables to a subscribed forum row.
+ *
+ * @event core.ucp_main_subscribed_forum_modify_template_vars
+ * @var array template_vars Array containing the template variables for the row
+ * @var array row Array containing the subscribed forum row data
+ * @var int forum_id Forum ID
+ * @var string folder_image Folder image
+ * @var string folder_alt Alt text for the folder image
+ * @var bool unread_forum Whether the forum has unread content or not
+ * @var string last_post_time The time of the most recent post, expressed as a formatted date string
+ * @var string last_post_url The URL of the most recent post in the forum
+ * @since 3.1.10-RC1
+ */
+ $vars = array(
+ 'template_vars',
+ 'row',
+ 'forum_id',
+ 'folder_image',
+ 'folder_alt',
+ 'unread_forum',
+ 'last_post_time',
+ 'last_post_url',
);
+ extract($phpbb_dispatcher->trigger_event('core.ucp_main_subscribed_forum_modify_template_vars', compact($vars)));
+
+ $template->assign_block_vars('forumrow', $template_vars);
}
$db->sql_freeresult($result);
}
@@ -643,7 +693,7 @@ class ucp_main
*/
function assign_topiclist($mode = 'subscribed', $forbidden_forum_ary = array())
{
- global $user, $db, $template, $config, $cache, $auth, $phpbb_root_path, $phpEx, $phpbb_container;
+ global $user, $db, $template, $config, $cache, $auth, $phpbb_root_path, $phpEx, $phpbb_container, $request, $phpbb_dispatcher;
$table = ($mode == 'subscribed') ? TOPICS_WATCH_TABLE : BOOKMARKS_TABLE;
$start = request_var('start', 0);
@@ -664,6 +714,23 @@ class ucp_main
AND i.user_id = ' . $user->data['user_id'] . '
AND ' . $db->sql_in_set('t.forum_id', $forbidden_forum_ary, true, true),
);
+
+ /**
+ * Modify the query used to retrieve the count of subscribed/bookmarked topics
+ *
+ * @event core.ucp_main_topiclist_count_modify_query
+ * @var array sql_array The subscribed/bookmarked topics query
+ * @var array forbidden_forum_ary The list of forbidden forums
+ * @var string mode The type of topic list ('subscribed' or 'bookmarks')
+ * @since 3.1.10-RC1
+ */
+ $vars = array(
+ 'sql_array',
+ 'forbidden_forum_ary',
+ 'mode',
+ );
+ extract($phpbb_dispatcher->trigger_event('core.ucp_main_topiclist_count_modify_query', compact($vars)));
+
$sql = $db->sql_build_query('SELECT', $sql_array);
$result = $db->sql_query($sql);
$topics_count = (int) $db->sql_fetchfield('topics_count');
@@ -732,6 +799,22 @@ class ucp_main
$sql_array['SELECT'] .= ', tp.topic_posted';
}
+ /**
+ * Modify the query used to retrieve the list of subscribed/bookmarked topics
+ *
+ * @event core.ucp_main_topiclist_modify_query
+ * @var array sql_array The subscribed/bookmarked topics query
+ * @var array forbidden_forum_ary The list of forbidden forums
+ * @var string mode The type of topic list ('subscribed' or 'bookmarks')
+ * @since 3.1.10-RC1
+ */
+ $vars = array(
+ 'sql_array',
+ 'forbidden_forum_ary',
+ 'mode',
+ );
+ extract($phpbb_dispatcher->trigger_event('core.ucp_main_topiclist_modify_query', compact($vars)));
+
$sql = $db->sql_build_query('SELECT', $sql_array);
$result = $db->sql_query_limit($sql, $config['topics_per_page'], $start);
@@ -796,7 +879,7 @@ class ucp_main
$view_topic_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", $view_topic_url_params);
// Send vars to template
- $template->assign_block_vars('topicrow', array(
+ $template_vars = array(
'FORUM_ID' => $forum_id,
'TOPIC_ID' => $topic_id,
'FIRST_POST_TIME' => $user->format_date($row['topic_time']),
@@ -838,7 +921,41 @@ class ucp_main
'U_LAST_POST' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", $view_topic_url_params . '&amp;p=' . $row['topic_last_post_id']) . '#p' . $row['topic_last_post_id'],
'U_VIEW_TOPIC' => $view_topic_url,
'U_VIEW_FORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id),
- ));
+ );
+
+ /**
+ * Add template variables to a subscribed/bookmarked topic row.
+ *
+ * @event core.ucp_main_topiclist_topic_modify_template_vars
+ * @var array template_vars Array containing the template variables for the row
+ * @var array row Array containing the subscribed/bookmarked topic row data
+ * @var int forum_id ID of the forum containing the topic
+ * @var int topic_id Topic ID
+ * @var int replies Number of replies in the topic
+ * @var string topic_type Topic type
+ * @var string folder_img Folder image
+ * @var string folder_alt Alt text for the folder image
+ * @var array icons Array containing topic icons
+ * @var bool unread_topic Whether the topic has unread content or not
+ * @var string view_topic_url The URL of the topic
+ * @since 3.1.10-RC1
+ */
+ $vars = array(
+ 'template_vars',
+ 'row',
+ 'forum_id',
+ 'topic_id',
+ 'replies',
+ 'topic_type',
+ 'folder_img',
+ 'folder_alt',
+ 'icons',
+ 'unread_topic',
+ 'view_topic_url',
+ );
+ extract($phpbb_dispatcher->trigger_event('core.ucp_main_topiclist_topic_modify_template_vars', compact($vars)));
+
+ $template->assign_block_vars('topicrow', $template_vars);
$pagination->generate_template_pagination(append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id'] . "&amp;t=$topic_id"), 'topicrow.pagination', 'start', $replies + 1, $config['posts_per_page'], 1, true, true);
}