diff options
Diffstat (limited to 'phpBB/includes')
30 files changed, 504 insertions, 997 deletions
diff --git a/phpBB/includes/acp/acp_attachments.php b/phpBB/includes/acp/acp_attachments.php index 94e3660de8..feeccbe853 100644 --- a/phpBB/includes/acp/acp_attachments.php +++ b/phpBB/includes/acp/acp_attachments.php @@ -610,7 +610,6 @@ class acp_attachments $cat_lang = array( ATTACHMENT_CATEGORY_NONE => $user->lang['NO_FILE_CAT'], ATTACHMENT_CATEGORY_IMAGE => $user->lang['CAT_IMAGES'], - ATTACHMENT_CATEGORY_FLASH => $user->lang['CAT_FLASH_FILES'], ); $group_id = $request->variable('g', 0); @@ -1385,7 +1384,6 @@ class acp_attachments $types = array( ATTACHMENT_CATEGORY_NONE => $user->lang['NO_FILE_CAT'], ATTACHMENT_CATEGORY_IMAGE => $user->lang['CAT_IMAGES'], - ATTACHMENT_CATEGORY_FLASH => $user->lang['CAT_FLASH_FILES'], ); if ($group_id) diff --git a/phpBB/includes/acp/acp_bbcodes.php b/phpBB/includes/acp/acp_bbcodes.php index bd8df6a63b..84dbbf02ba 100644 --- a/phpBB/includes/acp/acp_bbcodes.php +++ b/phpBB/includes/acp/acp_bbcodes.php @@ -157,7 +157,7 @@ class acp_bbcodes * @var string bbcode_tpl The bbcode HTML replacement string * @var string bbcode_helpline The bbcode help line string * @var array hidden_fields Array of hidden fields for use when - * submitting form when $warn_text is true + * submitting form when $warn_unsafe is true * @since 3.1.0-a3 */ $vars = array( @@ -172,14 +172,25 @@ class acp_bbcodes ); extract($phpbb_dispatcher->trigger_event('core.acp_bbcodes_modify_create', compact($vars))); - $warn_text = preg_match('%<[^>]*\{text[\d]*\}[^>]*>%i', $bbcode_tpl); + $acp_utils = $phpbb_container->get('text_formatter.acp_utils'); + $bbcode_info = $acp_utils->analyse_bbcode($bbcode_match, $bbcode_tpl); + $warn_unsafe = ($bbcode_info['status'] === $acp_utils::BBCODE_STATUS_UNSAFE); - if (!$warn_text && !check_form_key($form_key)) + if ($bbcode_info['status'] === $acp_utils::BBCODE_STATUS_INVALID_TEMPLATE) + { + trigger_error($user->lang['BBCODE_INVALID_TEMPLATE'] . adm_back_link($this->u_action), E_USER_WARNING); + } + if ($bbcode_info['status'] === $acp_utils::BBCODE_STATUS_INVALID_DEFINITION) + { + trigger_error($user->lang['BBCODE_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + + if (!$warn_unsafe && !check_form_key($form_key)) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); } - if (!$warn_text || confirm_box(true)) + if (!$warn_unsafe || confirm_box(true)) { $data = $this->build_regexp($bbcode_match, $bbcode_tpl); @@ -446,144 +457,7 @@ class acp_bbcodes function build_regexp(&$bbcode_match, &$bbcode_tpl) { $bbcode_match = trim($bbcode_match); - $bbcode_tpl = trim($bbcode_tpl); - - // Allow unicode characters for URL|LOCAL_URL|RELATIVE_URL|INTTEXT tokens - $utf8 = preg_match('/(URL|LOCAL_URL|RELATIVE_URL|INTTEXT)/', $bbcode_match); - - $fp_match = preg_quote($bbcode_match, '!'); - $fp_replace = preg_replace('#^\[(.*?)\]#', '[$1:$uid]', $bbcode_match); - $fp_replace = preg_replace('#\[/(.*?)\]$#', '[/$1:$uid]', $fp_replace); - - $sp_match = preg_quote($bbcode_match, '!'); - $sp_match = preg_replace('#^\\\\\[(.*?)\\\\\]#', '\[$1:$uid\]', $sp_match); - $sp_match = preg_replace('#\\\\\[/(.*?)\\\\\]$#', '\[/$1:$uid\]', $sp_match); - $sp_replace = $bbcode_tpl; - - // @todo Make sure to change this too if something changed in message parsing - $tokens = array( - 'URL' => array( - '!(?:(' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('url')) . ')|(' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('www_url')) . '))!ie' => "\$this->bbcode_specialchars(('\$1') ? '\$1' : 'http://\$2')" - ), - 'LOCAL_URL' => array( - '!(' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('relative_url')) . ')!e' => "\$this->bbcode_specialchars('$1')" - ), - 'RELATIVE_URL' => array( - '!(' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('relative_url')) . ')!e' => "\$this->bbcode_specialchars('$1')" - ), - 'EMAIL' => array( - '!(' . get_preg_expression('email') . ')!ie' => "\$this->bbcode_specialchars('$1')" - ), - 'TEXT' => array( - '!(.*?)!es' => "str_replace(array(\"\\r\\n\", '\\\"', '\\'', '(', ')'), array(\"\\n\", '\"', ''', '(', ')'), trim('\$1'))" - ), - 'SIMPLETEXT' => array( - '!([a-zA-Z0-9-+.,_ ]+)!' => "$1" - ), - 'INTTEXT' => array( - '!([\p{L}\p{N}\-+,_. ]+)!u' => "$1" - ), - 'IDENTIFIER' => array( - '!([a-zA-Z0-9-_]+)!' => "$1" - ), - 'COLOR' => array( - '!([a-z]+|#[0-9abcdef]+)!i' => '$1' - ), - 'NUMBER' => array( - '!([0-9]+)!' => '$1' - ) - ); - - $sp_tokens = array( - 'URL' => '(?i)((?:' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('url')) . ')|(?:' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('www_url')) . '))(?-i)', - 'LOCAL_URL' => '(?i)(' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('relative_url')) . ')(?-i)', - 'RELATIVE_URL' => '(?i)(' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('relative_url')) . ')(?-i)', - 'EMAIL' => '(' . get_preg_expression('email') . ')', - 'TEXT' => '(.*?)', - 'SIMPLETEXT' => '([a-zA-Z0-9-+.,_ ]+)', - 'INTTEXT' => '([\p{L}\p{N}\-+,_. ]+)', - 'IDENTIFIER' => '([a-zA-Z0-9-_]+)', - 'COLOR' => '([a-zA-Z]+|#[0-9abcdefABCDEF]+)', - 'NUMBER' => '([0-9]+)', - ); - - $pad = 0; - $modifiers = 'i'; - $modifiers .= ($utf8) ? 'u' : ''; - - if (preg_match_all('/\{(' . implode('|', array_keys($tokens)) . ')[0-9]*\}/i', $bbcode_match, $m)) - { - foreach ($m[0] as $n => $token) - { - $token_type = $m[1][$n]; - - reset($tokens[strtoupper($token_type)]); - list($match, $replace) = each($tokens[strtoupper($token_type)]); - - // Pad backreference numbers from tokens - if (preg_match_all('/(?<!\\\\)\$([0-9]+)/', $replace, $repad)) - { - $repad = $pad + count(array_unique($repad[0])); - $replace = preg_replace_callback('/(?<!\\\\)\$([0-9]+)/', function ($match) use ($pad) { - return '${' . ($match[1] + $pad) . '}'; - }, $replace); - $pad = $repad; - } - - // Obtain pattern modifiers to use and alter the regex accordingly - $regex = preg_replace('/!(.*)!([a-z]*)/', '$1', $match); - $regex_modifiers = preg_replace('/!(.*)!([a-z]*)/', '$2', $match); - - for ($i = 0, $size = strlen($regex_modifiers); $i < $size; ++$i) - { - if (strpos($modifiers, $regex_modifiers[$i]) === false) - { - $modifiers .= $regex_modifiers[$i]; - - if ($regex_modifiers[$i] == 'e') - { - $fp_replace = "'" . str_replace("'", "\\'", $fp_replace) . "'"; - } - } - - if ($regex_modifiers[$i] == 'e') - { - $replace = "'.$replace.'"; - } - } - - $fp_match = str_replace(preg_quote($token, '!'), $regex, $fp_match); - $fp_replace = str_replace($token, $replace, $fp_replace); - - $sp_match = str_replace(preg_quote($token, '!'), $sp_tokens[$token_type], $sp_match); - - // Prepend the board url to local relative links - $replace_prepend = ($token_type === 'LOCAL_URL') ? generate_board_url() . '/' : ''; - - $sp_replace = str_replace($token, $replace_prepend . '${' . ($n + 1) . '}', $sp_replace); - } - - $fp_match = '!' . $fp_match . '!' . $modifiers; - $sp_match = '!' . $sp_match . '!s' . (($utf8) ? 'u' : ''); - - if (strpos($fp_match, 'e') !== false) - { - $fp_replace = str_replace("'.'", '', $fp_replace); - $fp_replace = str_replace(".''.", '.', $fp_replace); - } - } - else - { - // No replacement is present, no need for a second-pass pattern replacement - // A simple str_replace will suffice - $fp_match = '!' . $fp_match . '!' . $modifiers; - $sp_match = $fp_replace; - $sp_replace = ''; - } - - // Lowercase tags $bbcode_tag = preg_replace('/.*?\[([a-z0-9_-]+).*/i', '$1', $bbcode_match); - $bbcode_search = preg_replace('/.*?\[([a-z0-9_-]+).*/i', '$1', $bbcode_match); if (!preg_match('/^[a-zA-Z0-9_-]+$/', $bbcode_tag)) { @@ -591,25 +465,13 @@ class acp_bbcodes trigger_error($user->lang['BBCODE_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); } - $fp_match = preg_replace_callback('#\[/?' . $bbcode_search . '#i', function ($match) { - return strtolower($match[0]); - }, $fp_match); - $fp_replace = preg_replace_callback('#\[/?' . $bbcode_search . '#i', function ($match) { - return strtolower($match[0]); - }, $fp_replace); - $sp_match = preg_replace_callback('#\[/?' . $bbcode_search . '#i', function ($match) { - return strtolower($match[0]); - }, $sp_match); - $sp_replace = preg_replace_callback('#\[/?' . $bbcode_search . '#i', function ($match) { - return strtolower($match[0]); - }, $sp_replace); - return array( 'bbcode_tag' => $bbcode_tag, - 'first_pass_match' => $fp_match, - 'first_pass_replace' => $fp_replace, - 'second_pass_match' => $sp_match, - 'second_pass_replace' => $sp_replace + 'first_pass_match' => '/(?!)/', + 'first_pass_replace' => '', + // Use a non-matching, valid regexp to effectively disable this BBCode + 'second_pass_match' => '/(?!)/', + 'second_pass_replace' => '' ); } } diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index 0730b4e285..cd72a8748a 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -85,34 +85,26 @@ class acp_board $display_vars = array( 'title' => 'ACP_BOARD_FEATURES', 'vars' => array( - 'legend1' => 'ACP_BOARD_FEATURES', - 'allow_privmsg' => array('lang' => 'BOARD_PM', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), - 'allow_topic_notify' => array('lang' => 'ALLOW_TOPIC_NOTIFY', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), - 'allow_forum_notify' => array('lang' => 'ALLOW_FORUM_NOTIFY', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), - 'allow_namechange' => array('lang' => 'ALLOW_NAME_CHANGE', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), - 'allow_attachments' => array('lang' => 'ALLOW_ATTACHMENTS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), - 'allow_pm_attach' => array('lang' => 'ALLOW_PM_ATTACHMENTS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), - 'allow_pm_report' => array('lang' => 'ALLOW_PM_REPORT', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), - 'allow_bbcode' => array('lang' => 'ALLOW_BBCODE', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), - 'allow_smilies' => array('lang' => 'ALLOW_SMILIES', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), - 'allow_sig' => array('lang' => 'ALLOW_SIG', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), + 'legend1' => 'ACP_BOARD_FEATURES', + 'allow_privmsg' => array('lang' => 'BOARD_PM', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), + 'allow_topic_notify' => array('lang' => 'ALLOW_TOPIC_NOTIFY', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), + 'allow_forum_notify' => array('lang' => 'ALLOW_FORUM_NOTIFY', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), + 'allow_namechange' => array('lang' => 'ALLOW_NAME_CHANGE', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), + 'allow_attachments' => array('lang' => 'ALLOW_ATTACHMENTS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), + 'allow_pm_attach' => array('lang' => 'ALLOW_PM_ATTACHMENTS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), + 'allow_pm_report' => array('lang' => 'ALLOW_PM_REPORT', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), + 'allow_bbcode' => array('lang' => 'ALLOW_BBCODE', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), + 'allow_smilies' => array('lang' => 'ALLOW_SMILIES', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), + 'allow_sig' => array('lang' => 'ALLOW_SIG', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), 'allow_board_notifications' => array('lang' => 'ALLOW_BOARD_NOTIFICATIONS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), - 'allow_nocensors' => array('lang' => 'ALLOW_NO_CENSORS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), - 'allow_bookmarks' => array('lang' => 'ALLOW_BOOKMARKS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), - 'allow_birthdays' => array('lang' => 'ALLOW_BIRTHDAYS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), - 'display_last_subject' => array('lang' => 'DISPLAY_LAST_SUBJECT', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), - 'allow_quick_reply' => array('lang' => 'ALLOW_QUICK_REPLY', 'validate' => 'bool', 'type' => 'custom', 'method' => 'quick_reply', 'explain' => true), - - 'legend2' => 'ACP_LOAD_SETTINGS', - 'load_birthdays' => array('lang' => 'YES_BIRTHDAYS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), - 'load_moderators' => array('lang' => 'YES_MODERATORS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), - 'load_jumpbox' => array('lang' => 'YES_JUMPBOX', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), - 'load_cpf_memberlist' => array('lang' => 'LOAD_CPF_MEMBERLIST', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), - 'load_cpf_pm' => array('lang' => 'LOAD_CPF_PM', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), - 'load_cpf_viewprofile' => array('lang' => 'LOAD_CPF_VIEWPROFILE', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), - 'load_cpf_viewtopic' => array('lang' => 'LOAD_CPF_VIEWTOPIC', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), - - 'legend3' => 'ACP_SUBMIT_CHANGES', + 'allow_nocensors' => array('lang' => 'ALLOW_NO_CENSORS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), + 'allow_bookmarks' => array('lang' => 'ALLOW_BOOKMARKS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), + 'allow_birthdays' => array('lang' => 'ALLOW_BIRTHDAYS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), + 'display_last_subject' => array('lang' => 'DISPLAY_LAST_SUBJECT', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), + 'display_unapproved_posts' => array('lang' => 'DISPLAY_UNAPPROVED_POSTS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), + 'allow_quick_reply' => array('lang' => 'ALLOW_QUICK_REPLY', 'validate' => 'bool', 'type' => 'custom', 'method' => 'quick_reply', 'explain' => true), + + 'legend2' => 'ACP_SUBMIT_CHANGES', ) ); break; @@ -263,7 +255,6 @@ class acp_board 'vars' => array( 'legend1' => 'GENERAL_SETTINGS', 'max_name_chars' => array('lang' => 'USERNAME_LENGTH', 'validate' => 'int:8:180', 'type' => false, 'method' => false, 'explain' => false,), - 'max_pass_chars' => array('lang' => 'PASSWORD_LENGTH', 'validate' => 'int:8:255', 'type' => false, 'method' => false, 'explain' => false,), 'require_activation' => array('lang' => 'ACC_ACTIVATION', 'validate' => 'int', 'type' => 'select', 'method' => 'select_acc_activation', 'explain' => true), 'new_member_post_limit' => array('lang' => 'NEW_MEMBER_POST_LIMIT', 'validate' => 'int:0:255', 'type' => 'number:0:255', 'explain' => true, 'append' => ' ' . $user->lang['POSTS']), @@ -426,7 +417,6 @@ class acp_board 'remote_upload_verify' => array('lang' => 'UPLOAD_CERT_VALID', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'check_dnsbl' => array('lang' => 'CHECK_DNSBL', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'email_check_mx' => array('lang' => 'EMAIL_CHECK_MX', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), - 'max_pass_chars' => array('lang' => 'PASSWORD_LENGTH', 'validate' => 'int:8:255', 'type' => false, 'method' => false, 'explain' => false,), 'min_pass_chars' => array('lang' => 'PASSWORD_LENGTH', 'validate' => 'int:1', 'type' => 'custom', 'method' => 'password_length', 'explain' => true), 'pass_complex' => array('lang' => 'PASSWORD_TYPE', 'validate' => 'string', 'type' => 'select', 'method' => 'select_password_chars', 'explain' => true), 'chg_passforce' => array('lang' => 'FORCE_PASS_CHANGE', 'validate' => 'int:0:999', 'type' => 'number:0:999', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']), @@ -540,13 +530,16 @@ class acp_board if ($submit) { - if (strpos($data['type'], 'password') === 0 && $config_value === '********') + if (isset($data['type']) && strpos($data['type'], 'password') === 0 && $config_value === '********') { - // Do not update password fields if the content is ********, - // because that is the password replacement we use to not - // send the password to the output + /** + * Do not update password fields if the content is ********, + * because that is the password replacement we use to not + * send the password to the output + */ continue; } + $config->set($config_name, $config_value); if ($config_name == 'allow_quick_reply' && isset($_POST['allow_quick_reply_enable'])) @@ -904,13 +897,13 @@ class acp_board } /** - * Maximum/Minimum password length + * Minimum password length */ function password_length($value, $key) { global $user; - return '<input id="' . $key . '" type="number" min="1" max="999" name="config[min_pass_chars]" value="' . $value . '" /> ' . $user->lang['MIN_CHARS'] . ' <input type="number" min="8" max="255" name="config[max_pass_chars]" value="' . $this->new_config['max_pass_chars'] . '" /> ' . $user->lang['MAX_CHARS']; + return '<input id="' . $key . '" type="number" min="1" max="999" name="config[min_pass_chars]" value="' . $value . '" /> ' . $user->lang['MIN_CHARS']; } /** diff --git a/phpBB/includes/acp/acp_database.php b/phpBB/includes/acp/acp_database.php index 677fce7217..c1c748832b 100644 --- a/phpBB/includes/acp/acp_database.php +++ b/phpBB/includes/acp/acp_database.php @@ -248,8 +248,6 @@ class acp_database switch ($db->get_sql_layer()) { - case 'mysql': - case 'mysql4': case 'mysqli': case 'sqlite3': while (($sql = $fgetd($fp, ";\n", $read, $seek, $eof)) !== false) diff --git a/phpBB/includes/acp/acp_extensions.php b/phpBB/includes/acp/acp_extensions.php index a1cb2108e7..6ac70ce3a8 100644 --- a/phpBB/includes/acp/acp_extensions.php +++ b/phpBB/includes/acp/acp_extensions.php @@ -38,7 +38,7 @@ class acp_extensions private $phpbb_container; private $php_ini; - function main() + function main($id, $mode) { // Start the page global $config, $user, $template, $request, $phpbb_extension_manager, $phpbb_root_path, $phpbb_log, $phpbb_dispatcher, $phpbb_container; @@ -172,23 +172,27 @@ class acp_extensions } $extension = $this->ext_manager->get_extension($ext_name); - if (!$extension->is_enableable()) - { - trigger_error($this->user->lang['EXTENSION_NOT_ENABLEABLE'] . adm_back_link($this->u_action), E_USER_WARNING); - } + + $this->check_is_enableable($extension); if ($this->ext_manager->is_enabled($ext_name)) { redirect($this->u_action); } - $this->tpl_name = 'acp_ext_enable'; - - $this->template->assign_vars(array( - 'PRE' => true, - 'L_CONFIRM_MESSAGE' => $this->user->lang('EXTENSION_ENABLE_CONFIRM', $md_manager->get_metadata('display-name')), - 'U_ENABLE' => $this->u_action . '&action=enable&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('enable.' . $ext_name), - )); + if (confirm_box(true)) + { + redirect($this->u_action . '&action=enable&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('enable.' . $ext_name)); + } + else + { + confirm_box(false, $this->user->lang('EXTENSION_ENABLE_CONFIRM', $md_manager->get_metadata('display-name')), build_hidden_fields(array( + 'i' => $id, + 'mode' => $mode, + 'action' => 'enable_pre', + 'ext_name' => $ext_name, + ))); + } break; case 'enable': @@ -203,10 +207,8 @@ class acp_extensions } $extension = $this->ext_manager->get_extension($ext_name); - if (!$extension->is_enableable()) - { - trigger_error($this->user->lang['EXTENSION_NOT_ENABLEABLE'] . adm_back_link($this->u_action), E_USER_WARNING); - } + + $this->check_is_enableable($extension); try { @@ -215,9 +217,8 @@ class acp_extensions // Are we approaching the time limit? If so we want to pause the update and continue after refreshing if ((time() - $start_time) >= $safe_time_limit) { - $this->template->assign_var('S_NEXT_STEP', true); - meta_refresh(0, $this->u_action . '&action=enable&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('enable.' . $ext_name)); + trigger_error('EXTENSION_ENABLE_IN_PROGRESS', E_USER_NOTICE); } } @@ -233,14 +234,22 @@ class acp_extensions } catch (\phpbb\db\migration\exception $e) { - $this->template->assign_var('MIGRATOR_ERROR', $e->getLocalisedMessage($this->user)); + trigger_error($this->user->lang('MIGRATION_EXCEPTION_ERROR', $e->getLocalisedMessage($this->user)), E_USER_WARNING); } - $this->tpl_name = 'acp_ext_enable'; - - $this->template->assign_vars(array( - 'U_RETURN' => $this->u_action . '&action=list', - )); + if ($this->request->is_ajax()) + { + $actions = $this->output_actions('enabled', [ + 'DISABLE' => $this->u_action . '&action=disable_pre&ext_name=' . urlencode($ext_name), + ]); + + $json_response = new \phpbb\json_response; + $json_response->send(array( + 'EXT_ENABLE_SUCCESS' => true, + 'ACTIONS' => $actions, + )); + } + trigger_error($this->user->lang('EXTENSION_ENABLE_SUCCESS') . adm_back_link($this->u_action), E_USER_NOTICE); break; case 'disable_pre': @@ -249,13 +258,19 @@ class acp_extensions redirect($this->u_action); } - $this->tpl_name = 'acp_ext_disable'; - - $this->template->assign_vars(array( - 'PRE' => true, - 'L_CONFIRM_MESSAGE' => $this->user->lang('EXTENSION_DISABLE_CONFIRM', $md_manager->get_metadata('display-name')), - 'U_DISABLE' => $this->u_action . '&action=disable&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('disable.' . $ext_name), - )); + if (confirm_box(true)) + { + redirect($this->u_action . '&action=disable&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('disable.' . $ext_name)); + } + else + { + confirm_box(false, $this->user->lang('EXTENSION_DISABLE_CONFIRM', $md_manager->get_metadata('display-name')), build_hidden_fields(array( + 'i' => $id, + 'mode' => $mode, + 'action' => 'disable_pre', + 'ext_name' => $ext_name, + ))); + } break; case 'disable': @@ -272,15 +287,25 @@ class acp_extensions $this->template->assign_var('S_NEXT_STEP', true); meta_refresh(0, $this->u_action . '&action=disable&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('disable.' . $ext_name)); + trigger_error('EXTENSION_DISABLE_IN_PROGRESS', E_USER_NOTICE); } } $this->log->add('admin', $this->user->data['user_id'], $this->user->ip, 'LOG_EXT_DISABLE', time(), array($ext_name)); - $this->tpl_name = 'acp_ext_disable'; - - $this->template->assign_vars(array( - 'U_RETURN' => $this->u_action . '&action=list', - )); + if ($this->request->is_ajax()) + { + $actions = $this->output_actions('disabled', [ + 'ENABLE' => $this->u_action . '&action=enable_pre&ext_name=' . urlencode($ext_name), + 'DELETE_DATA' => $this->u_action . '&action=delete_data_pre&ext_name=' . urlencode($ext_name), + ]); + + $json_response = new \phpbb\json_response; + $json_response->send(array( + 'EXT_DISABLE_SUCCESS' => true, + 'ACTIONS' => $actions, + )); + } + trigger_error($this->user->lang('EXTENSION_DISABLE_SUCCESS') . adm_back_link($this->u_action), E_USER_NOTICE); break; case 'delete_data_pre': @@ -288,13 +313,20 @@ class acp_extensions { redirect($this->u_action); } - $this->tpl_name = 'acp_ext_delete_data'; - $this->template->assign_vars(array( - 'PRE' => true, - 'L_CONFIRM_MESSAGE' => $this->user->lang('EXTENSION_DELETE_DATA_CONFIRM', $md_manager->get_metadata('display-name')), - 'U_PURGE' => $this->u_action . '&action=delete_data&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('delete_data.' . $ext_name), - )); + if (confirm_box(true)) + { + redirect($this->u_action . '&action=delete_data&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('delete_data.' . $ext_name)); + } + else + { + confirm_box(false, $this->user->lang('EXTENSION_DELETE_DATA_CONFIRM', $md_manager->get_metadata('display-name')), build_hidden_fields(array( + 'i' => $id, + 'mode' => $mode, + 'action' => 'delete_data_pre', + 'ext_name' => $ext_name, + ))); + } break; case 'delete_data': @@ -313,20 +345,29 @@ class acp_extensions $this->template->assign_var('S_NEXT_STEP', true); meta_refresh(0, $this->u_action . '&action=delete_data&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('delete_data.' . $ext_name)); + trigger_error('EXTENSION_DELETE_DATA_IN_PROGRESS', E_USER_NOTICE); } } $this->log->add('admin', $this->user->data['user_id'], $this->user->ip, 'LOG_EXT_PURGE', time(), array($ext_name)); } catch (\phpbb\db\migration\exception $e) { - $this->template->assign_var('MIGRATOR_ERROR', $e->getLocalisedMessage($this->user)); + trigger_error($this->user->lang('MIGRATION_EXCEPTION_ERROR', $e->getLocalisedMessage($this->user)), E_USER_WARNING); } - $this->tpl_name = 'acp_ext_delete_data'; - - $this->template->assign_vars(array( - 'U_RETURN' => $this->u_action . '&action=list', - )); + if ($this->request->is_ajax()) + { + $actions = $this->output_actions('disabled', [ + 'ENABLE' => $this->u_action . '&action=enable_pre&ext_name=' . urlencode($ext_name), + ]); + + $json_response = new \phpbb\json_response; + $json_response->send(array( + 'EXT_DELETE_DATA_SUCCESS' => true, + 'ACTIONS' => $actions, + )); + } + trigger_error($this->user->lang('EXTENSION_DELETE_DATA_SUCCESS') . adm_back_link($this->u_action), E_USER_NOTICE); break; case 'details': @@ -605,17 +646,37 @@ class acp_extensions * * @param string $block * @param array $actions + * @return array List of actions to be performed on the extension */ private function output_actions($block, $actions) { - foreach ($actions as $lang => $url) + $vars_ary = array(); + foreach ($actions as $lang => $options) { - $this->template->assign_block_vars($block . '.actions', array( + $url = $options; + if (is_array($options)) + { + $url = $options['url']; + } + + $vars = array( 'L_ACTION' => $this->user->lang('EXTENSION_' . $lang), 'L_ACTION_EXPLAIN' => (isset($this->user->lang['EXTENSION_' . $lang . '_EXPLAIN'])) ? $this->user->lang('EXTENSION_' . $lang . '_EXPLAIN') : '', 'U_ACTION' => $url, - )); + 'ACTION_AJAX' => 'ext_' . strtolower($lang), + ); + + if (isset($options['color'])) + { + $vars['COLOR'] = $options['color']; + } + + $this->template->assign_block_vars($block . '.actions', $vars); + + $vars_ary[] = $vars; } + + return $vars_ary; } /** @@ -662,4 +723,28 @@ class acp_extensions )); } } + + /** + * Checks whether the extension can be enabled. Triggers error if not. + * Error message can be set by the extension. + * + * @param \phpbb\extension\extension_interface $extension Extension to check + */ + protected function check_is_enableable(\phpbb\extension\extension_interface $extension) + { + $message = $extension->is_enableable(); + if ($message !== true) + { + if (empty($message)) + { + $message = $this->user->lang('EXTENSION_NOT_ENABLEABLE'); + } + else if (is_array($message)) + { + $message = implode('<br>', $message); + } + + trigger_error($message . adm_back_link($this->u_action), E_USER_WARNING); + } + } } diff --git a/phpBB/includes/acp/acp_forums.php b/phpBB/includes/acp/acp_forums.php index 22c775b7c3..ba3901f67a 100644 --- a/phpBB/includes/acp/acp_forums.php +++ b/phpBB/includes/acp/acp_forums.php @@ -131,11 +131,12 @@ class acp_forums 'forum_rules_link' => $request->variable('forum_rules_link', ''), 'forum_image' => $request->variable('forum_image', ''), 'forum_style' => $request->variable('forum_style', 0), - 'display_subforum_list' => $request->variable('display_subforum_list', false), - 'display_on_index' => $request->variable('display_on_index', false), + 'display_subforum_list' => $request->variable('display_subforum_list', true), + 'display_subforum_limit'=> $request->variable('display_subforum_limit', false), + 'display_on_index' => $request->variable('display_on_index', true), 'forum_topics_per_page' => $request->variable('topics_per_page', 0), 'enable_indexing' => $request->variable('enable_indexing', true), - 'enable_icons' => $request->variable('enable_icons', false), + 'enable_icons' => $request->variable('enable_icons', true), 'enable_prune' => $request->variable('enable_prune', false), 'enable_post_review' => $request->variable('enable_post_review', true), 'enable_quick_reply' => $request->variable('enable_quick_reply', false), @@ -454,10 +455,11 @@ class acp_forums 'forum_image' => '', 'forum_style' => 0, 'display_subforum_list' => true, - 'display_on_index' => false, + 'display_subforum_limit' => false, + 'display_on_index' => true, 'forum_topics_per_page' => 0, 'enable_indexing' => true, - 'enable_icons' => false, + 'enable_icons' => true, 'enable_prune' => false, 'prune_days' => 7, 'prune_viewed' => 7, @@ -676,6 +678,7 @@ class acp_forums 'S_ENABLE_INDEXING' => ($forum_data['enable_indexing']) ? true : false, 'S_TOPIC_ICONS' => ($forum_data['enable_icons']) ? true : false, 'S_DISPLAY_SUBFORUM_LIST' => ($forum_data['display_subforum_list']) ? true : false, + 'S_DISPLAY_SUBFORUM_LIMIT' => ($forum_data['display_subforum_limit']) ? true : false, 'S_DISPLAY_ON_INDEX' => ($forum_data['display_on_index']) ? true : false, 'S_PRUNE_ENABLE' => ($forum_data['enable_prune']) ? true : false, 'S_PRUNE_SHADOW_ENABLE' => ($forum_data['enable_shadow_prune']) ? true : false, @@ -1901,7 +1904,6 @@ class acp_forums switch ($db->get_sql_layer()) { - case 'mysql4': case 'mysqli': // Delete everything else and thank MySQL for offering multi-table deletion diff --git a/phpBB/includes/acp/acp_main.php b/phpBB/includes/acp/acp_main.php index 8f169d15a7..27fac54777 100644 --- a/phpBB/includes/acp/acp_main.php +++ b/phpBB/includes/acp/acp_main.php @@ -657,7 +657,7 @@ class acp_main } // Warn if install is still present - if (file_exists($phpbb_root_path . 'install') && !is_file($phpbb_root_path . 'install')) + if (!defined('IN_INSTALL') && !$phpbb_container->getParameter('allow_install_dir') && file_exists($phpbb_root_path . 'install') && !is_file($phpbb_root_path . 'install')) { $template->assign_var('S_REMOVE_INSTALL', true); } diff --git a/phpBB/includes/acp/acp_reasons.php b/phpBB/includes/acp/acp_reasons.php index dfb2ccbfd3..f3f82bdfca 100644 --- a/phpBB/includes/acp/acp_reasons.php +++ b/phpBB/includes/acp/acp_reasons.php @@ -222,8 +222,6 @@ class acp_reasons { // The ugly one! case 'mysqli': - case 'mysql4': - case 'mysql': // Change the reports using this reason to 'other' $sql = 'UPDATE ' . REPORTS_TABLE . ' SET reason_id = ' . $other_reason_id . ", report_text = CONCAT('" . $db->sql_escape($reason_row['reason_description']) . "\n\n', report_text) diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index fd4b5e8c24..6993c86279 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -844,9 +844,9 @@ class acp_users // Validation data - we do not check the password complexity setting here $check_ary = array( 'new_password' => array( - array('string', true, $config['min_pass_chars'], $config['max_pass_chars']), + array('string', true, $config['min_pass_chars'], 0), array('password')), - 'password_confirm' => array('string', true, $config['min_pass_chars'], $config['max_pass_chars']), + 'password_confirm' => array('string', true, $config['min_pass_chars'], 0), ); // Check username if altered @@ -966,10 +966,7 @@ class acp_users if ($update_email !== false) { - $sql_ary += array( - 'user_email' => $update_email, - 'user_email_hash' => phpbb_email_hash($update_email), - ); + $sql_ary += ['user_email' => $update_email]; $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_UPDATE_EMAIL', false, array( 'reportee_id' => $user_id, @@ -1130,7 +1127,7 @@ class acp_users $template->assign_vars(array( 'L_NAME_CHARS_EXPLAIN' => $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_name_chars']), $user->lang('CHARACTERS', (int) $config['max_name_chars'])), - 'L_CHANGE_PASSWORD_EXPLAIN' => $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars']), $user->lang('CHARACTERS', (int) $config['max_pass_chars'])), + 'L_CHANGE_PASSWORD_EXPLAIN' => $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars'])), 'L_POSTS_IN_QUEUE' => $user->lang('NUM_POSTS_IN_QUEUE', $user_row['posts_in_queue']), 'S_FOUNDER' => ($user->data['user_type'] == USER_FOUNDER) ? true : false, diff --git a/phpBB/includes/compatibility_globals.php b/phpBB/includes/compatibility_globals.php index ad394e3782..15880d4bc8 100644 --- a/phpBB/includes/compatibility_globals.php +++ b/phpBB/includes/compatibility_globals.php @@ -18,6 +18,14 @@ if (!defined('IN_PHPBB')) exit; } +// +// Deprecated globals +// +define('ATTACHMENT_CATEGORY_WM', 2); // Windows Media Files - Streaming - @deprecated 3.2 +define('ATTACHMENT_CATEGORY_RM', 3); // Real Media Files - Streaming - @deprecated 3.2 +define('ATTACHMENT_CATEGORY_QUICKTIME', 6); // Quicktime/Mov files - @deprecated 3.2 +define('ATTACHMENT_CATEGORY_FLASH', 5); // Flash/SWF files - @deprecated 3.3 + /** * Sets compatibility globals in the global scope * diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index a2e7d92f7d..e3dbdc4adb 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -28,7 +28,7 @@ if (!defined('IN_PHPBB')) */ // phpBB Version -@define('PHPBB_VERSION', '3.2.9-dev'); +@define('PHPBB_VERSION', '3.3.0-RC2-dev'); // QA-related // define('PHPBB_QA', 1); @@ -171,11 +171,7 @@ define('CONFIRM_REPORT', 4); // Categories - Attachments define('ATTACHMENT_CATEGORY_NONE', 0); define('ATTACHMENT_CATEGORY_IMAGE', 1); // Inline Images -define('ATTACHMENT_CATEGORY_WM', 2); // Windows Media Files - Streaming - @deprecated 3.2 -define('ATTACHMENT_CATEGORY_RM', 3); // Real Media Files - Streaming - @deprecated 3.2 define('ATTACHMENT_CATEGORY_THUMB', 4); // Not used within the database, only while displaying posts -define('ATTACHMENT_CATEGORY_FLASH', 5); // Flash/SWF files -define('ATTACHMENT_CATEGORY_QUICKTIME', 6); // Quicktime/Mov files - @deprecated 3.2 // BBCode UID length define('BBCODE_UID_LEN', 8); diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index c9f589c174..9759eabb5a 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -52,18 +52,6 @@ function phpbb_load_extensions_autoloaders($phpbb_root_path) } /** -* Casts a variable to the given type. -* -* @deprecated -*/ -function set_var(&$result, $var, $type, $multibyte = false) -{ - // no need for dependency injection here, if you have the object, call the method yourself! - $type_cast_helper = new \phpbb\request\type_cast_helper(); - $type_cast_helper->set_var($result, $var, $type, $multibyte); -} - -/** * Generates an alphanumeric random string of given length * * @param int $num_chars Length of random string, defaults to 8. @@ -276,18 +264,6 @@ function still_on_time($extra_time = 15) } /** -* Hashes an email address to a big integer -* -* @param string $email Email address -* -* @return string Unsigned Big Integer -*/ -function phpbb_email_hash($email) -{ - return sprintf('%u', crc32(strtolower($email))) . strlen($email); -} - -/** * Wrapper for version_compare() that allows using uppercase A and B * for alpha and beta releases. * @@ -2288,6 +2264,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa $err = ''; $form_name = 'login'; + $username = $autologin = false; // Make sure user->setup() has been called if (!$user->is_setup()) @@ -2528,11 +2505,14 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa $s_hidden_fields = build_hidden_fields($s_hidden_fields); + /** @var \phpbb\controller\helper $controller_helper */ + $controller_helper = $phpbb_container->get('controller.helper'); + $login_box_template_data = array( 'LOGIN_ERROR' => $err, 'LOGIN_EXPLAIN' => $l_explain, - 'U_SEND_PASSWORD' => ($config['email_enable']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=sendpassword') : '', + 'U_SEND_PASSWORD' => ($config['email_enable']) ? $controller_helper->route('phpbb_ucp_forgot_password_controller') : '', 'U_RESEND_ACTIVATION' => ($config['require_activation'] == USER_ACTIVATION_SELF && $config['email_enable']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=resend_act') : '', 'U_TERMS_USE' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=terms'), 'U_PRIVACY' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=privacy'), @@ -2860,10 +2840,13 @@ function get_preg_expression($mode) // Whoa these look impressive! // The code to generate the following two regular expressions which match valid IPv4/IPv6 addresses // can be found in the develop directory + + // @deprecated case 'ipv4': return '#^(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])$#'; break; + // @deprecated case 'ipv6': return '#^(?:(?:(?:[\dA-F]{1,4}:){6}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:::(?:[\dA-F]{1,4}:){0,5}(?:[\dA-F]{1,4}(?::[\dA-F]{1,4})?|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:):(?:[\dA-F]{1,4}:){4}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,2}:(?:[\dA-F]{1,4}:){3}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,3}:(?:[\dA-F]{1,4}:){2}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,4}:(?:[\dA-F]{1,4}:)(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,5}:(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,6}:[\dA-F]{1,4})|(?:(?:[\dA-F]{1,4}:){1,7}:)|(?:::))$#i'; break; @@ -2989,331 +2972,26 @@ function short_ipv6($ip, $length) * @return mixed false if specified address is not valid, * string otherwise */ -function phpbb_ip_normalise($address) +function phpbb_ip_normalise(string $address) { - $address = trim($address); + $ip_normalised = false; - if (empty($address) || !is_string($address)) + if (filter_var($address, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) { - return false; + $ip_normalised = $address; } - - if (preg_match(get_preg_expression('ipv4'), $address)) + else if (filter_var($address, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) { - return $address; - } - - return phpbb_inet_ntop(phpbb_inet_pton($address)); -} + $ip_normalised = inet_ntop(inet_pton($address)); -/** -* Wrapper for inet_ntop() -* -* Converts a packed internet address to a human readable representation -* inet_ntop() is supported by PHP since 5.1.0, since 5.3.0 also on Windows. -* -* @param string $in_addr A 32bit IPv4, or 128bit IPv6 address. -* -* @return mixed false on failure, -* string otherwise -*/ -function phpbb_inet_ntop($in_addr) -{ - $in_addr = bin2hex($in_addr); - - switch (strlen($in_addr)) - { - case 8: - return implode('.', array_map('hexdec', str_split($in_addr, 2))); - - case 32: - if (substr($in_addr, 0, 24) === '00000000000000000000ffff') - { - return phpbb_inet_ntop(pack('H*', substr($in_addr, 24))); - } - - $parts = str_split($in_addr, 4); - $parts = preg_replace('/^0+(?!$)/', '', $parts); - $ret = implode(':', $parts); - - $matches = array(); - preg_match_all('/(?<=:|^)(?::?0){2,}/', $ret, $matches, PREG_OFFSET_CAPTURE); - $matches = $matches[0]; - - if (empty($matches)) - { - return $ret; - } - - $longest_match = ''; - $longest_match_offset = 0; - foreach ($matches as $match) - { - if (strlen($match[0]) > strlen($longest_match)) - { - $longest_match = $match[0]; - $longest_match_offset = $match[1]; - } - } - - $ret = substr_replace($ret, '', $longest_match_offset, strlen($longest_match)); - - if ($longest_match_offset == strlen($ret)) - { - $ret .= ':'; - } - - if ($longest_match_offset == 0) - { - $ret = ':' . $ret; - } - - return $ret; - - default: - return false; - } -} - -/** -* Wrapper for inet_pton() -* -* Converts a human readable IP address to its packed in_addr representation -* inet_pton() is supported by PHP since 5.1.0, since 5.3.0 also on Windows. -* -* @param string $address A human readable IPv4 or IPv6 address. -* -* @return mixed false if address is invalid, -* in_addr representation of the given address otherwise (string) -*/ -function phpbb_inet_pton($address) -{ - $ret = ''; - if (preg_match(get_preg_expression('ipv4'), $address)) - { - foreach (explode('.', $address) as $part) - { - $ret .= ($part <= 0xF ? '0' : '') . dechex($part); - } - - return pack('H*', $ret); - } - - if (preg_match(get_preg_expression('ipv6'), $address)) - { - $parts = explode(':', $address); - $missing_parts = 8 - count($parts) + 1; - - if (substr($address, 0, 2) === '::') - { - ++$missing_parts; - } - - if (substr($address, -2) === '::') - { - ++$missing_parts; - } - - $embedded_ipv4 = false; - $last_part = end($parts); - - if (preg_match(get_preg_expression('ipv4'), $last_part)) + // If is ipv4 + if (stripos($ip_normalised, '::ffff:') === 0) { - $parts[count($parts) - 1] = ''; - $last_part = phpbb_inet_pton($last_part); - $embedded_ipv4 = true; - --$missing_parts; + $ip_normalised = substr($ip_normalised, 7); } - - foreach ($parts as $i => $part) - { - if (strlen($part)) - { - $ret .= str_pad($part, 4, '0', STR_PAD_LEFT); - } - else if ($i && $i < count($parts) - 1) - { - $ret .= str_repeat('0000', $missing_parts); - } - } - - $ret = pack('H*', $ret); - - if ($embedded_ipv4) - { - $ret .= $last_part; - } - - return $ret; } - return false; -} - -/** -* Wrapper for php's checkdnsrr function. -* -* @param string $host Fully-Qualified Domain Name -* @param string $type Resource record type to lookup -* Supported types are: MX (default), A, AAAA, NS, TXT, CNAME -* Other types may work or may not work -* -* @return mixed true if entry found, -* false if entry not found, -* null if this function is not supported by this environment -* -* Since null can also be returned, you probably want to compare the result -* with === true or === false, -*/ -function phpbb_checkdnsrr($host, $type = 'MX') -{ - // The dot indicates to search the DNS root (helps those having DNS prefixes on the same domain) - if (substr($host, -1) == '.') - { - $host_fqdn = $host; - $host = substr($host, 0, -1); - } - else - { - $host_fqdn = $host . '.'; - } - // $host has format some.host.example.com - // $host_fqdn has format some.host.example.com. - - // If we're looking for an A record we can use gethostbyname() - if ($type == 'A' && function_exists('gethostbyname')) - { - return (@gethostbyname($host_fqdn) == $host_fqdn) ? false : true; - } - - if (function_exists('checkdnsrr')) - { - return checkdnsrr($host_fqdn, $type); - } - - if (function_exists('dns_get_record')) - { - // dns_get_record() expects an integer as second parameter - // We have to convert the string $type to the corresponding integer constant. - $type_constant = 'DNS_' . $type; - $type_param = (defined($type_constant)) ? constant($type_constant) : DNS_ANY; - - // dns_get_record() might throw E_WARNING and return false for records that do not exist - $resultset = @dns_get_record($host_fqdn, $type_param); - - if (empty($resultset) || !is_array($resultset)) - { - return false; - } - else if ($type_param == DNS_ANY) - { - // $resultset is a non-empty array - return true; - } - - foreach ($resultset as $result) - { - if ( - isset($result['host']) && $result['host'] == $host && - isset($result['type']) && $result['type'] == $type - ) - { - return true; - } - } - - return false; - } - - // If we're on Windows we can still try to call nslookup via exec() as a last resort - if (DIRECTORY_SEPARATOR == '\\' && function_exists('exec')) - { - @exec('nslookup -type=' . escapeshellarg($type) . ' ' . escapeshellarg($host_fqdn), $output); - - // If output is empty, the nslookup failed - if (empty($output)) - { - return NULL; - } - - foreach ($output as $line) - { - $line = trim($line); - - if (empty($line)) - { - continue; - } - - // Squash tabs and multiple whitespaces to a single whitespace. - $line = preg_replace('/\s+/', ' ', $line); - - switch ($type) - { - case 'MX': - if (stripos($line, "$host MX") === 0) - { - return true; - } - break; - - case 'NS': - if (stripos($line, "$host nameserver") === 0) - { - return true; - } - break; - - case 'TXT': - if (stripos($line, "$host text") === 0) - { - return true; - } - break; - - case 'CNAME': - if (stripos($line, "$host canonical name") === 0) - { - return true; - } - break; - - default: - case 'AAAA': - // AAAA records returned by nslookup on Windows XP/2003 have this format. - // Later Windows versions use the A record format below for AAAA records. - if (stripos($line, "$host AAAA IPv6 address") === 0) - { - return true; - } - // No break - - case 'A': - if (!empty($host_matches)) - { - // Second line - if (stripos($line, "Address: ") === 0) - { - return true; - } - else - { - $host_matches = false; - } - } - else if (stripos($line, "Name: $host") === 0) - { - // First line - $host_matches = true; - } - break; - } - } - - return false; - } - - return NULL; + return $ip_normalised; } // Handler, header and footer @@ -3325,6 +3003,7 @@ function msg_handler($errno, $msg_text, $errfile, $errline) { global $cache, $db, $auth, $template, $config, $user, $request; global $phpbb_root_path, $msg_title, $msg_long_text, $phpbb_log; + global $phpbb_container; // Do not display notices if we suppress them via @ if (error_reporting() == 0 && $errno != E_USER_ERROR && $errno != E_USER_WARNING && $errno != E_USER_NOTICE) @@ -3345,7 +3024,7 @@ function msg_handler($errno, $msg_text, $errfile, $errline) // Check the error reporting level and return if the error level does not match // If DEBUG is defined the default level is E_ALL - if (($errno & ((defined('DEBUG')) ? E_ALL : error_reporting())) == 0) + if (($errno & ($phpbb_container->getParameter('debug.show_errors') ? E_ALL : error_reporting())) == 0) { return; } @@ -3403,7 +3082,7 @@ function msg_handler($errno, $msg_text, $errfile, $errline) $log_text .= '<br /><br />BACKTRACE<br />' . $backtrace; } - if (defined('IN_INSTALL') || defined('DEBUG') || isset($auth) && $auth->acl_get('a_')) + if (defined('IN_INSTALL') || ($phpbb_container != null && $phpbb_container->getParameter('debug.show_errors')) || isset($auth) && $auth->acl_get('a_')) { $msg_text = $log_text; @@ -4291,7 +3970,8 @@ function page_header($page_title = '', $display_online_list = false, $item_id = } else { - $u_login_logout = append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=login'); + $redirect = $request->variable('redirect', rawurlencode($user->page['page'])); + $u_login_logout = append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=login&redirect=' . $redirect); $l_login_logout = $user->lang['LOGIN']; } @@ -4439,7 +4119,7 @@ function page_header($page_title = '', $display_online_list = false, $item_id = /** * Workaround for missing template variable in pre phpBB 3.2.6 styles. - * @deprecated 3.2.7 (To be removed: 3.3.0-a1) + * @deprecated 3.2.7 (To be removed: 4.0.0-a1) */ $form_token_login = $template->retrieve_var('S_FORM_TOKEN_LOGIN'); if (!empty($form_token_login)) @@ -4566,7 +4246,7 @@ function page_header($page_title = '', $display_online_list = false, $item_id = 'T_STYLESHEET_LINK' => "{$web_path}styles/" . rawurlencode($user->style['style_path']) . '/theme/stylesheet.css?assets_version=' . $config['assets_version'], 'T_STYLESHEET_LANG_LINK'=> "{$web_path}styles/" . rawurlencode($user->style['style_path']) . '/theme/' . $user->lang_name . '/stylesheet.css?assets_version=' . $config['assets_version'], 'T_FONT_AWESOME_LINK' => !empty($config['allow_cdn']) && !empty($config['load_font_awesome_url']) ? $config['load_font_awesome_url'] : "{$web_path}assets/css/font-awesome.min.css?assets_version=" . $config['assets_version'], - 'T_JQUERY_LINK' => !empty($config['allow_cdn']) && !empty($config['load_jquery_url']) ? $config['load_jquery_url'] : "{$web_path}assets/javascript/jquery.min.js?assets_version=" . $config['assets_version'], + 'T_JQUERY_LINK' => !empty($config['allow_cdn']) && !empty($config['load_jquery_url']) ? $config['load_jquery_url'] : "{$web_path}assets/javascript/jquery-3.4.1.min.js?assets_version=" . $config['assets_version'], 'S_ALLOW_CDN' => !empty($config['allow_cdn']), 'S_COOKIE_NOTICE' => !empty($config['cookie_notice']), @@ -4638,7 +4318,9 @@ function page_header($page_title = '', $display_online_list = false, $item_id = */ function phpbb_check_and_display_sql_report(\phpbb\request\request_interface $request, \phpbb\auth\auth $auth, \phpbb\db\driver\driver_interface $db) { - if ($request->variable('explain', false) && $auth->acl_get('a_') && defined('DEBUG')) + global $phpbb_container; + + if ($phpbb_container->getParameter('debug.sql_explain') && $request->variable('explain', false) && $auth->acl_get('a_')) { $db->sql_report('display'); } @@ -4656,19 +4338,22 @@ function phpbb_check_and_display_sql_report(\phpbb\request\request_interface $re */ function phpbb_generate_debug_output(\phpbb\db\driver\driver_interface $db, \phpbb\config\config $config, \phpbb\auth\auth $auth, \phpbb\user $user, \phpbb\event\dispatcher_interface $phpbb_dispatcher) { + global $phpbb_container; + $debug_info = array(); // Output page creation time - if (defined('PHPBB_DISPLAY_LOAD_TIME')) + if ($phpbb_container->getParameter('debug.load_time')) { if (isset($GLOBALS['starttime'])) { $totaltime = microtime(true) - $GLOBALS['starttime']; $debug_info[] = sprintf('<span title="SQL time: %.3fs / PHP time: %.3fs">Time: %.3fs</span>', $db->get_sql_time(), ($totaltime - $db->get_sql_time()), $totaltime); } + } - $debug_info[] = sprintf('<span title="Cached: %d">Queries: %d</span>', $db->sql_num_queries(true), $db->sql_num_queries()); - + if ($phpbb_container->getParameter('debug.memory')) + { $memory_usage = memory_get_peak_usage(); if ($memory_usage) { @@ -4676,16 +4361,18 @@ function phpbb_generate_debug_output(\phpbb\db\driver\driver_interface $db, \php $debug_info[] = 'Peak Memory Usage: ' . $memory_usage; } - } - if (defined('DEBUG')) - { $debug_info[] = 'GZIP: ' . (($config['gzip_compress'] && @extension_loaded('zlib')) ? 'On' : 'Off'); if ($user->load) { $debug_info[] = 'Load: ' . $user->load; } + } + + if ($phpbb_container->getParameter('debug.sql_explain')) + { + $debug_info[] = sprintf('<span title="Cached: %d">Queries: %d</span>', $db->sql_num_queries(true), $db->sql_num_queries()); if ($auth->acl_get('a_')) { diff --git a/phpBB/includes/functions_acp.php b/phpBB/includes/functions_acp.php index a2014a7d5b..4926351461 100644 --- a/phpBB/includes/functions_acp.php +++ b/phpBB/includes/functions_acp.php @@ -177,7 +177,7 @@ function adm_page_footer($copyright_html = true) 'TRANSLATION_INFO' => (!empty($user->lang['TRANSLATION_INFO'])) ? $user->lang['TRANSLATION_INFO'] : '', 'S_COPYRIGHT_HTML' => $copyright_html, 'CREDIT_LINE' => $user->lang('POWERED_BY', '<a href="https://www.phpbb.com/">phpBB</a>® Forum Software © phpBB Limited'), - 'T_JQUERY_LINK' => !empty($config['allow_cdn']) && !empty($config['load_jquery_url']) ? $config['load_jquery_url'] : "{$phpbb_root_path}assets/javascript/jquery.min.js", + 'T_JQUERY_LINK' => !empty($config['allow_cdn']) && !empty($config['load_jquery_url']) ? $config['load_jquery_url'] : "{$phpbb_root_path}assets/javascript/jquery-3.4.1.min.js", 'S_ALLOW_CDN' => !empty($config['allow_cdn']), 'VERSION' => $config['version']) ); diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php index cc82fdbda3..4629706048 100644 --- a/phpBB/includes/functions_admin.php +++ b/phpBB/includes/functions_admin.php @@ -1191,28 +1191,6 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync = } /** -* Delete Attachments -* -* @deprecated 3.2.0-a1 (To be removed: 3.4.0) -* -* @param string $mode can be: post|message|topic|attach|user -* @param mixed $ids can be: post_ids, message_ids, topic_ids, attach_ids, user_ids -* @param bool $resync set this to false if you are deleting posts or topics -*/ -function delete_attachments($mode, $ids, $resync = true) -{ - global $phpbb_container; - - /** @var \phpbb\attachment\manager $attachment_manager */ - $attachment_manager = $phpbb_container->get('attachment.manager'); - $num_deleted = $attachment_manager->delete($mode, $ids, $resync); - - unset($attachment_manager); - - return $num_deleted; -} - -/** * Deletes shadow topics pointing to a specified forum. * * @param int $forum_id The forum id @@ -1324,23 +1302,6 @@ function update_posted_info(&$topic_ids) } /** -* Delete attached file -* -* @deprecated 3.2.0-a1 (To be removed: 3.4.0) -*/ -function phpbb_unlink($filename, $mode = 'file', $entry_removed = false) -{ - global $phpbb_container; - - /** @var \phpbb\attachment\manager $attachment_manager */ - $attachment_manager = $phpbb_container->get('attachment.manager'); - $unlink = $attachment_manager->unlink($filename, $mode, $entry_removed); - unset($attachment_manager); - - return $unlink; -} - -/** * All-encompasing sync function * * Exaples: @@ -1423,7 +1384,6 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, $db->sql_transaction('begin'); switch ($db->get_sql_layer()) { - case 'mysql4': case 'mysqli': $sql = 'DELETE FROM ' . TOPICS_TABLE . ' USING ' . TOPICS_TABLE . ' t1, ' . TOPICS_TABLE . " t2 @@ -2722,8 +2682,7 @@ function phpbb_update_foes($db, $auth, $group_id = false, $user_id = false) switch ($db->get_sql_layer()) { case 'mysqli': - case 'mysql4': - $sql = 'DELETE ' . (($db->get_sql_layer() === 'mysqli' || version_compare($db->sql_server_info(true), '4.1', '>=')) ? 'z.*' : ZEBRA_TABLE) . ' + $sql = 'DELETE z.* FROM ' . ZEBRA_TABLE . ' z, ' . USER_GROUP_TABLE . ' ug WHERE z.zebra_id = ug.user_id AND z.foe = 1 @@ -2879,8 +2838,6 @@ function get_database_size() // This code is heavily influenced by a similar routine in phpMyAdmin 2.2.0 switch ($db->get_sql_layer()) { - case 'mysql': - case 'mysql4': case 'mysqli': $sql = 'SELECT VERSION() AS mysql_version'; $result = $db->sql_query($sql); diff --git a/phpBB/includes/functions_compatibility.php b/phpBB/includes/functions_compatibility.php index e95fa40a58..92e24c055c 100644 --- a/phpBB/includes/functions_compatibility.php +++ b/phpBB/includes/functions_compatibility.php @@ -22,7 +22,7 @@ if (!defined('IN_PHPBB')) /** * Get user avatar * -* @deprecated 3.1.0-a1 (To be removed: 3.3.0) +* @deprecated 3.1.0-a1 (To be removed: 4.0.0) * * @param string $avatar Users assigned avatar name * @param int $avatar_type Type of avatar @@ -50,7 +50,7 @@ function get_user_avatar($avatar, $avatar_type, $avatar_width, $avatar_height, $ /** * Hash the password * -* @deprecated 3.1.0-a2 (To be removed: 3.3.0) +* @deprecated 3.1.0-a2 (To be removed: 4.0.0) * * @param string $password Password to be hashed * @@ -68,7 +68,7 @@ function phpbb_hash($password) /** * Check for correct password * -* @deprecated 3.1.0-a2 (To be removed: 3.3.0) +* @deprecated 3.1.0-a2 (To be removed: 4.0.0) * * @param string $password The password in plain text * @param string $hash The stored password hash @@ -92,7 +92,7 @@ function phpbb_check_hash($password, $hash) * @param string $path Path to clean * @return string Cleaned path * -* @deprecated 3.1.0 (To be removed: 3.3.0) +* @deprecated 3.1.0 (To be removed: 4.0.0) */ function phpbb_clean_path($path) { @@ -136,7 +136,7 @@ function phpbb_clean_path($path) * * @return string Returns the options for timezone selector only * -* @deprecated 3.1.0 (To be removed: 3.3.0) +* @deprecated 3.1.0 (To be removed: 4.0.0) */ function tz_select($default = '', $truncate = false) { @@ -150,7 +150,7 @@ function tz_select($default = '', $truncate = false) * via admin_permissions. Changes of usernames and group names * must be carried through for the moderators table. * -* @deprecated 3.1.0 (To be removed: 3.3.0) +* @deprecated 3.1.0 (To be removed: 4.0.0) * @return null */ function cache_moderators() @@ -162,7 +162,7 @@ function cache_moderators() /** * Removes moderators and administrators from foe lists. * -* @deprecated 3.1.0 (To be removed: 3.3.0) +* @deprecated 3.1.0 (To be removed: 4.0.0) * @param array|bool $group_id If an array, remove all members of this group from foe lists, or false to ignore * @param array|bool $user_id If an array, remove this user from foe lists, or false to ignore * @return null @@ -182,7 +182,7 @@ function update_foes($group_id = false, $user_id = false) * @param string &$rank_img the rank image as full img tag is stored here after execution * @param string &$rank_img_src the rank image source is stored here after execution * -* @deprecated 3.1.0-RC5 (To be removed: 3.3.0) +* @deprecated 3.1.0-RC5 (To be removed: 4.0.0) * * Note: since we do not want to break backwards-compatibility, this function will only properly assign ranks to guests if you call it for them with user_posts == false */ @@ -232,7 +232,7 @@ function get_remote_file($host, $directory, $filename, &$errstr, &$errno, $port * * @return int|bool Returns the log_id, if the entry was added to the database, false otherwise. * - * @deprecated 3.1.0 (To be removed: 3.3.0) + * @deprecated 3.1.0 (To be removed: 4.0.0) */ function add_log() { @@ -280,7 +280,7 @@ function add_log() * * @return null * - * @deprecated 3.1.0 (To be removed: 3.3.0) + * @deprecated 3.1.0 (To be removed: 4.0.0) */ function set_config($config_name, $config_value, $is_dynamic = false, \phpbb\config\config $set_config = null) { @@ -310,7 +310,7 @@ function set_config($config_name, $config_value, $is_dynamic = false, \phpbb\con * * @return null * - * @deprecated 3.1.0 (To be removed: 3.3.0) + * @deprecated 3.1.0 (To be removed: 4.0.0) */ function set_config_count($config_name, $increment, $is_dynamic = false, \phpbb\config\config $set_config = null) { @@ -331,7 +331,7 @@ function set_config_count($config_name, $increment, $is_dynamic = false, \phpbb\ * See {@link \phpbb\request\request_interface::variable \phpbb\request\request_interface::variable} for * documentation of this function's use. * - * @deprecated 3.1.0 (To be removed: 3.3.0) + * @deprecated 3.1.0 (To be removed: 4.0.0) * @param mixed $var_name The form variable's name from which data shall be retrieved. * If the value is an array this may be an array of indizes which will give * direct access to a value at any depth. E.g. if the value of "var" is array(1 => "a") @@ -389,7 +389,7 @@ function request_var($var_name, $default, $multibyte = false, $cookie = false, $ /** * Get tables of a database * - * @deprecated 3.1.0 (To be removed: 3.3.0) + * @deprecated 3.1.0 (To be removed: 4.0.0) */ function get_tables($db) { @@ -492,7 +492,7 @@ function phpbb_realpath($path) * @param $number int|float The number we want to get the plural case for. Float numbers are floored. * @return int The plural-case we need to use for the number plural-rule combination * - * @deprecated 3.2.0-dev (To be removed: 3.3.0) + * @deprecated 3.2.0-dev (To be removed: 4.0.0) */ function phpbb_get_plural_form($rule, $number) { @@ -511,3 +511,165 @@ function phpbb_pcre_utf8_support() { return true; } + +/** + * Casts a variable to the given type. + * + * @deprecated 3.1 (To be removed 4.0.0) + */ +function set_var(&$result, $var, $type, $multibyte = false) +{ + // no need for dependency injection here, if you have the object, call the method yourself! + $type_cast_helper = new \phpbb\request\type_cast_helper(); + $type_cast_helper->set_var($result, $var, $type, $multibyte); +} + +/** + * Delete Attachments + * + * @deprecated 3.2.0-a1 (To be removed: 4.0.0) + * + * @param string $mode can be: post|message|topic|attach|user + * @param mixed $ids can be: post_ids, message_ids, topic_ids, attach_ids, user_ids + * @param bool $resync set this to false if you are deleting posts or topics + */ +function delete_attachments($mode, $ids, $resync = true) +{ + global $phpbb_container; + + /** @var \phpbb\attachment\manager $attachment_manager */ + $attachment_manager = $phpbb_container->get('attachment.manager'); + $num_deleted = $attachment_manager->delete($mode, $ids, $resync); + + unset($attachment_manager); + + return $num_deleted; +} + +/** + * Delete attached file + * + * @deprecated 3.2.0-a1 (To be removed: 4.0.0) + */ +function phpbb_unlink($filename, $mode = 'file', $entry_removed = false) +{ + global $phpbb_container; + + /** @var \phpbb\attachment\manager $attachment_manager */ + $attachment_manager = $phpbb_container->get('attachment.manager'); + $unlink = $attachment_manager->unlink($filename, $mode, $entry_removed); + unset($attachment_manager); + + return $unlink; +} + +/** + * Display reasons + * + * @deprecated 3.2.0-dev (To be removed: 4.0.0) + */ +function display_reasons($reason_id = 0) +{ + global $phpbb_container; + + $phpbb_container->get('phpbb.report.report_reason_list_provider')->display_reasons($reason_id); +} + +/** + * Upload Attachment - filedata is generated here + * Uses upload class + * + * @deprecated 3.2.0-a1 (To be removed: 4.0.0) + * + * @param string $form_name The form name of the file upload input + * @param int $forum_id The id of the forum + * @param bool $local Whether the file is local or not + * @param string $local_storage The path to the local file + * @param bool $is_message Whether it is a PM or not + * @param array $local_filedata A filespec object created for the local file + * + * @return array File data array + */ +function upload_attachment($form_name, $forum_id, $local = false, $local_storage = '', $is_message = false, $local_filedata = false) +{ + global $phpbb_container; + + /** @var \phpbb\attachment\manager $attachment_manager */ + $attachment_manager = $phpbb_container->get('attachment.manager'); + $file = $attachment_manager->upload($form_name, $forum_id, $local, $local_storage, $is_message, $local_filedata); + unset($attachment_manager); + + return $file; +} + +/** +* Wrapper for php's checkdnsrr function. +* +* @param string $host Fully-Qualified Domain Name +* @param string $type Resource record type to lookup +* Supported types are: MX (default), A, AAAA, NS, TXT, CNAME +* Other types may work or may not work +* +* @return mixed true if entry found, +* false if entry not found, +* null if this function is not supported by this environment +* +* Since null can also be returned, you probably want to compare the result +* with === true or === false, +* +* @deprecated 3.3.0-b2 (To be removed: 4.0.0) +*/ +function phpbb_checkdnsrr($host, $type = 'MX') +{ + return checkdnsrr($host, $type); +} + +/* + * Wrapper for inet_ntop() + * + * Converts a packed internet address to a human readable representation + * inet_ntop() is supported by PHP since 5.1.0, since 5.3.0 also on Windows. + * + * @param string $in_addr A 32bit IPv4, or 128bit IPv6 address. + * + * @return mixed false on failure, + * string otherwise + * + * @deprecated 3.3.0-b2 (To be removed: 4.0.0) + */ +function phpbb_inet_ntop($in_addr) +{ + return inet_ntop($in_addr); +} + +/** + * Wrapper for inet_pton() + * + * Converts a human readable IP address to its packed in_addr representation + * inet_pton() is supported by PHP since 5.1.0, since 5.3.0 also on Windows. + * + * @param string $address A human readable IPv4 or IPv6 address. + * + * @return mixed false if address is invalid, + * in_addr representation of the given address otherwise (string) + * + * @deprecated 3.3.0-b2 (To be removed: 4.0.0) + */ +function phpbb_inet_pton($address) +{ + return inet_pton($address); +} + +/** + * Hashes an email address to a big integer + * + * @param string $email Email address + * + * @return string Unsigned Big Integer + * + * @deprecated 3.3.0-b2 (To be removed: 4.0.0) + */ +function phpbb_email_hash($email) +{ + return sprintf('%u', crc32(strtolower($email))) . strlen($email); +} diff --git a/phpBB/includes/functions_compress.php b/phpBB/includes/functions_compress.php index e86da77b38..56d64d37fb 100644 --- a/phpBB/includes/functions_compress.php +++ b/phpBB/includes/functions_compress.php @@ -305,8 +305,8 @@ class compress_zip extends compress } } } - // This is a directory, we are not writting files - continue; + // This is a directory, we are not writing files + continue 2; } else { diff --git a/phpBB/includes/functions_content.php b/phpBB/includes/functions_content.php index 2542be5e02..fd014c741e 100644 --- a/phpBB/includes/functions_content.php +++ b/phpBB/includes/functions_content.php @@ -1245,11 +1245,6 @@ function parse_attachments($forum_id, &$message, &$attachments, &$update_count_a $display_cat = ATTACHMENT_CATEGORY_NONE; } - if ($display_cat == ATTACHMENT_CATEGORY_FLASH && !$user->optionget('viewflash')) - { - $display_cat = ATTACHMENT_CATEGORY_NONE; - } - $download_link = append_sid("{$phpbb_root_path}download/file.$phpEx", 'id=' . $attachment['attach_id']); $l_downloaded_viewed = 'VIEWED_COUNTS'; @@ -1281,21 +1276,6 @@ function parse_attachments($forum_id, &$message, &$attachments, &$update_count_a $update_count_ary[] = $attachment['attach_id']; break; - // Macromedia Flash Files - case ATTACHMENT_CATEGORY_FLASH: - list($width, $height) = @getimagesize($filename); - - $block_array += array( - 'S_FLASH_FILE' => true, - 'WIDTH' => $width, - 'HEIGHT' => $height, - 'U_VIEW_LINK' => $download_link . '&view=1', - ); - - // Viewed/Heared File ... update the download count - $update_count_ary[] = $attachment['attach_id']; - break; - default: $l_downloaded_viewed = 'DOWNLOAD_COUNTS'; diff --git a/phpBB/includes/functions_convert.php b/phpBB/includes/functions_convert.php index 2cfbe9541d..df4c9b1875 100644 --- a/phpBB/includes/functions_convert.php +++ b/phpBB/includes/functions_convert.php @@ -207,16 +207,6 @@ function get_group_id($group_name) } /** -* Generate the email hash stored in the users table -* -* Note: Deprecated, calls should directly go to phpbb_email_hash() -*/ -function gen_email_hash($email) -{ - return phpbb_email_hash($email); -} - -/** * Convert a boolean into the appropriate phpBB constant indicating whether the topic is locked */ function is_topic_locked($bool) @@ -1647,11 +1637,6 @@ function mass_auth($ug_type, $forum_id, $ug_id, $acl_list, $setting = ACL_NO) case 'insert': switch ($db->get_sql_layer()) { - case 'mysql': - case 'mysql4': - $sql = 'VALUES ' . implode(', ', preg_replace('#^(.*?)$#', '(\1)', $sql_subary)); - break; - case 'sqlite3': case 'mssqlnative': $sql = implode(' UNION ALL ', preg_replace('#^(.*?)$#', 'SELECT \1', $sql_subary)); diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php index e4adce14fc..44478dbe49 100644 --- a/phpBB/includes/functions_display.php +++ b/phpBB/includes/functions_display.php @@ -30,6 +30,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod $forum_rows = $subforums = $forum_ids = $forum_ids_moderator = $forum_moderators = $active_forum_ary = array(); $parent_id = $visible_forums = 0; + $parent_subforum_limit = false; // Mark forums read? $mark_read = $request->variable('mark', ''); @@ -266,6 +267,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod // Direct child of current branch $parent_id = $forum_id; + $parent_subforum_limit = $row['display_subforum_limit']; $forum_rows[$forum_id] = $row; if ($row['forum_type'] == FORUM_CAT && $row['parent_id'] == $root_data['forum_id']) @@ -278,7 +280,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod } else if ($row['forum_type'] != FORUM_CAT) { - $subforums[$parent_id][$forum_id]['display'] = ($row['display_on_index']) ? true : false; + $subforums[$parent_id][$forum_id]['display'] = ($row['display_on_index'] && (!$parent_subforum_limit || $parent_id == $row['parent_id'])); $subforums[$parent_id][$forum_id]['name'] = $row['forum_name']; $subforums[$parent_id][$forum_id]['orig_forum_last_post_time'] = $row['forum_last_post_time']; $subforums[$parent_id][$forum_id]['children'] = array(); @@ -786,25 +788,25 @@ function generate_forum_nav(&$forum_data_ary) } $navlinks_parents[] = array( - 'S_IS_CAT' => ($parent_type == FORUM_CAT) ? true : false, - 'S_IS_LINK' => ($parent_type == FORUM_LINK) ? true : false, - 'S_IS_POST' => ($parent_type == FORUM_POST) ? true : false, - 'FORUM_NAME' => $parent_name, - 'FORUM_ID' => $parent_forum_id, - 'MICRODATA' => $microdata_attr . '="' . $parent_forum_id . '"', - 'U_VIEW_FORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $parent_forum_id), + 'S_IS_CAT' => ($parent_type == FORUM_CAT) ? true : false, + 'S_IS_LINK' => ($parent_type == FORUM_LINK) ? true : false, + 'S_IS_POST' => ($parent_type == FORUM_POST) ? true : false, + 'BREADCRUMB_NAME' => $parent_name, + 'FORUM_ID' => $parent_forum_id, + 'MICRODATA' => $microdata_attr . '="' . $parent_forum_id . '"', + 'U_BREADCRUMB' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $parent_forum_id), ); } } $navlinks = array( - 'S_IS_CAT' => ($forum_data_ary['forum_type'] == FORUM_CAT) ? true : false, - 'S_IS_LINK' => ($forum_data_ary['forum_type'] == FORUM_LINK) ? true : false, - 'S_IS_POST' => ($forum_data_ary['forum_type'] == FORUM_POST) ? true : false, - 'FORUM_NAME' => $forum_data_ary['forum_name'], - 'FORUM_ID' => $forum_data_ary['forum_id'], - 'MICRODATA' => $microdata_attr . '="' . $forum_data_ary['forum_id'] . '"', - 'U_VIEW_FORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_data_ary['forum_id']), + 'S_IS_CAT' => ($forum_data_ary['forum_type'] == FORUM_CAT) ? true : false, + 'S_IS_LINK' => ($forum_data_ary['forum_type'] == FORUM_LINK) ? true : false, + 'S_IS_POST' => ($forum_data_ary['forum_type'] == FORUM_POST) ? true : false, + 'BREADCRUMB_NAME' => $forum_data_ary['forum_name'], + 'FORUM_ID' => $forum_data_ary['forum_id'], + 'MICRODATA' => $microdata_attr . '="' . $forum_data_ary['forum_id'] . '"', + 'U_BREADCRUMB' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_data_ary['forum_id']), ); $forum_template_data = array( @@ -1151,18 +1153,6 @@ function display_custom_bbcodes() } /** -* Display reasons -* -* @deprecated 3.2.0-dev -*/ -function display_reasons($reason_id = 0) -{ - global $phpbb_container; - - $phpbb_container->get('phpbb.report.report_reason_list_provider')->display_reasons($reason_id); -} - -/** * Display user activity (action forum/topic) */ function display_user_activity(&$userdata_ary) diff --git a/phpBB/includes/functions_download.php b/phpBB/includes/functions_download.php index 1f409be58c..d2d3924dd8 100644 --- a/phpBB/includes/functions_download.php +++ b/phpBB/includes/functions_download.php @@ -206,28 +206,20 @@ function send_file_to_browser($attachment, $upload_dir, $category) header('X-Content-Type-Options: nosniff'); } - if ($category == ATTACHMENT_CATEGORY_FLASH && $request->variable('view', 0) === 1) + if (empty($user->browser) || ((strpos(strtolower($user->browser), 'msie') !== false) && !phpbb_is_greater_ie_version($user->browser, 7))) { - // We use content-disposition: inline for flash files and view=1 to let it correctly play with flash player 10 - any other disposition will fail to play inline - header('Content-Disposition: inline'); + header('Content-Disposition: attachment; ' . header_filename(htmlspecialchars_decode($attachment['real_filename']))); + if (empty($user->browser) || (strpos(strtolower($user->browser), 'msie 6.0') !== false)) + { + header('Expires: ' . gmdate('D, d M Y H:i:s', time()) . ' GMT'); + } } else { - if (empty($user->browser) || ((strpos(strtolower($user->browser), 'msie') !== false) && !phpbb_is_greater_ie_version($user->browser, 7))) - { - header('Content-Disposition: attachment; ' . header_filename(htmlspecialchars_decode($attachment['real_filename']))); - if (empty($user->browser) || (strpos(strtolower($user->browser), 'msie 6.0') !== false)) - { - header('Expires: ' . gmdate('D, d M Y H:i:s', time()) . ' GMT'); - } - } - else + header('Content-Disposition: ' . ((strpos($attachment['mimetype'], 'image') === 0) ? 'inline' : 'attachment') . '; ' . header_filename(htmlspecialchars_decode($attachment['real_filename']))); + if (phpbb_is_greater_ie_version($user->browser, 7) && (strpos($attachment['mimetype'], 'image') !== 0)) { - header('Content-Disposition: ' . ((strpos($attachment['mimetype'], 'image') === 0) ? 'inline' : 'attachment') . '; ' . header_filename(htmlspecialchars_decode($attachment['real_filename']))); - if (phpbb_is_greater_ie_version($user->browser, 7) && (strpos($attachment['mimetype'], 'image') !== 0)) - { - header('X-Download-Options: noopen'); - } + header('X-Download-Options: noopen'); } } diff --git a/phpBB/includes/functions_module.php b/phpBB/includes/functions_module.php index 88dafc4300..510d98ec11 100644 --- a/phpBB/includes/functions_module.php +++ b/phpBB/includes/functions_module.php @@ -123,7 +123,7 @@ class p_master // We "could" build a true tree with this function - maybe mod authors want to use this... // Functions for traversing and manipulating the tree are not available though - // We might re-structure the module system to use true trees in 3.2.x... + // We might re-structure the module system to use true trees in 4.0 // $tree = $this->build_tree($this->module_cache['modules'], $this->module_cache['parents']); // Clean up module cache array to only let survive modules the user can access @@ -933,6 +933,14 @@ class p_master 'U_TITLE' => $u_title ); + if (isset($this->module_cache['parents'][$item_ary['id']]) || $item_ary['id'] == $this->p_id) + { + $template->assign_block_vars('navlinks', array( + 'BREADCRUMB_NAME' => $item_ary['lang'], + 'U_BREADCRUMB' => $u_title, + )); + } + $template->assign_block_vars($use_tabular_offset, array_merge($tpl_ary, array_change_key_case($item_ary, CASE_UPPER))); } diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index 1956f65666..45eda4ba17 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -433,34 +433,6 @@ function posting_gen_topic_types($forum_id, $cur_topic_type = POST_NORMAL) // // Attachment related functions // - -/** -* Upload Attachment - filedata is generated here -* Uses upload class -* -* @deprecated 3.2.0-a1 (To be removed: 3.4.0) -* -* @param string $form_name The form name of the file upload input -* @param int $forum_id The id of the forum -* @param bool $local Whether the file is local or not -* @param string $local_storage The path to the local file -* @param bool $is_message Whether it is a PM or not -* @param array $local_filedata A filespec object created for the local file -* -* @return array File data array -*/ -function upload_attachment($form_name, $forum_id, $local = false, $local_storage = '', $is_message = false, $local_filedata = false) -{ - global $phpbb_container; - - /** @var \phpbb\attachment\manager $attachment_manager */ - $attachment_manager = $phpbb_container->get('attachment.manager'); - $file = $attachment_manager->upload($form_name, $forum_id, $local, $local_storage, $is_message, $local_filedata); - unset($attachment_manager); - - return $file; -} - /** * Calculate the needed size for Thumbnail */ @@ -677,12 +649,6 @@ function create_thumbnail($source, $destination, $mimetype) imagecopyresampled($new_image, $image, 0, 0, 0, 0, $new_width, $new_height, $width, $height); } - // If we are in safe mode create the destination file prior to using the gd functions to circumvent a PHP bug - if (@ini_get('safe_mode') || @strtolower(ini_get('safe_mode')) == 'on') - { - @touch($destination); - } - switch ($type['format']) { case IMG_GIF: diff --git a/phpBB/includes/functions_transfer.php b/phpBB/includes/functions_transfer.php index 7427b89917..f0070b4b1e 100644 --- a/phpBB/includes/functions_transfer.php +++ b/phpBB/includes/functions_transfer.php @@ -810,7 +810,7 @@ class ftp_fsock extends transfer $server_ip = substr($socket_name, 0, strrpos($socket_name, ':')); } - if (!isset($server_ip) || preg_match(get_preg_expression('ipv4'), $server_ip)) + if (isset($server_ip) && filter_var($server_ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) // ipv4 { // Passive mode $this->_send_command('PASV', '', false); @@ -831,7 +831,7 @@ class ftp_fsock extends transfer $server_ip = $temp[0] . '.' . $temp[1] . '.' . $temp[2] . '.' . $temp[3]; $server_port = $temp[4] * 256 + $temp[5]; } - else + else // ipv6 { // Extended Passive Mode - RFC2428 $this->_send_command('EPSV', '', false); diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index e0b6a9d0c6..dc6e09268a 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -204,7 +204,6 @@ function user_add($user_row, $cp_data = false, $notifications_data = null) 'username_clean' => $username_clean, 'user_password' => (isset($user_row['user_password'])) ? $user_row['user_password'] : '', 'user_email' => strtolower($user_row['user_email']), - 'user_email_hash' => phpbb_email_hash($user_row['user_email']), 'group_id' => $user_row['group_id'], 'user_type' => $user_row['user_type'], ); @@ -1455,12 +1454,7 @@ function user_unban($mode, $ban) */ function user_ipwhois($ip) { - if (empty($ip)) - { - return ''; - } - - if (!preg_match(get_preg_expression('ipv4'), $ip) && !preg_match(get_preg_expression('ipv6'), $ip)) + if (!filter_var($ip, FILTER_VALIDATE_IP)) { return ''; } @@ -1910,7 +1904,7 @@ function phpbb_validate_email($email, $config = null) { list(, $domain) = explode('@', $email); - if (phpbb_checkdnsrr($domain, 'A') === false && phpbb_checkdnsrr($domain, 'MX') === false) + if (checkdnsrr($domain, 'A') === false && checkdnsrr($domain, 'MX') === false) { return 'DOMAIN_NO_MX_RECORD'; } @@ -1953,9 +1947,9 @@ function validate_user_email($email, $allowed_email = false) if (!$config['allow_emailreuse']) { - $sql = 'SELECT user_email_hash + $sql = 'SELECT user_email FROM ' . USERS_TABLE . " - WHERE user_email_hash = " . $db->sql_escape(phpbb_email_hash($email)); + WHERE user_email = '" . $db->sql_escape($email) . "'"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); diff --git a/phpBB/includes/questionnaire/questionnaire.php b/phpBB/includes/questionnaire/questionnaire.php index 2f80582918..95036a95bc 100644 --- a/phpBB/includes/questionnaire/questionnaire.php +++ b/phpBB/includes/questionnaire/questionnaire.php @@ -110,7 +110,6 @@ class phpbb_questionnaire_php_data_provider 'version' => PHP_VERSION, 'sapi' => PHP_SAPI, 'int_size' => defined('PHP_INT_SIZE') ? PHP_INT_SIZE : '', - 'safe_mode' => (int) @ini_get('safe_mode'), 'open_basedir' => (int) @ini_get('open_basedir'), 'memory_limit' => @ini_get('memory_limit'), 'allow_url_fopen' => (int) @ini_get('allow_url_fopen'), @@ -121,8 +120,6 @@ class phpbb_questionnaire_php_data_provider 'disable_functions' => @ini_get('disable_functions'), 'disable_classes' => @ini_get('disable_classes'), 'enable_dl' => (int) @ini_get('enable_dl'), - 'magic_quotes_gpc' => (int) @ini_get('magic_quotes_gpc'), - 'register_globals' => (int) @ini_get('register_globals'), 'filter.default' => @ini_get('filter.default'), 'zend.ze1_compatibility_mode' => (int) @ini_get('zend.ze1_compatibility_mode'), 'unicode.semantics' => (int) @ini_get('unicode.semantics'), @@ -405,7 +402,6 @@ class phpbb_questionnaire_phpbb_data_provider 'max_login_attempts' => true, 'max_name_chars' => true, 'max_num_search_keywords' => true, - 'max_pass_chars' => true, 'max_poll_options' => true, 'max_post_chars' => true, 'max_post_font_size' => true, diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php index 66f85657a5..d42ae58c42 100644 --- a/phpBB/includes/startup.php +++ b/phpBB/includes/startup.php @@ -23,11 +23,11 @@ $level = E_ALL & ~E_NOTICE & ~E_DEPRECATED; error_reporting($level); /** -* Minimum Requirement: PHP 5.4.0 +* Minimum Requirement: PHP 7.1.0 */ -if (version_compare(PHP_VERSION, '5.4') < 0) +if (version_compare(PHP_VERSION, '7.1') < 0) { - die('You are running an unsupported PHP version. Please upgrade to PHP 5.4.0 or higher before trying to install or update to phpBB 3.2'); + die('You are running an unsupported PHP version. Please upgrade to PHP 7.1.0 or higher before trying to install or update to phpBB 3.3'); } // Register globals and magic quotes have been dropped in PHP 5.4 so no need for extra checks diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php index 36ab3d0463..dca7e7eeb7 100644 --- a/phpBB/includes/ucp/ucp_profile.php +++ b/phpBB/includes/ucp/ucp_profile.php @@ -70,9 +70,9 @@ class ucp_profile // Do not check cur_password, it is the old one. $check_ary = array( 'new_password' => array( - array('string', true, $config['min_pass_chars'], $config['max_pass_chars']), + array('string', true, $config['min_pass_chars'], 0), array('password')), - 'password_confirm' => array('string', true, $config['min_pass_chars'], $config['max_pass_chars']), + 'password_confirm' => array('string', true, $config['min_pass_chars'], 0), 'email' => array( array('string', false, 6, 60), array('user_email')), @@ -131,7 +131,6 @@ class ucp_profile 'username' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? $data['username'] : $user->data['username'], 'username_clean' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? utf8_clean_string($data['username']) : $user->data['username_clean'], 'user_email' => ($auth->acl_get('u_chgemail')) ? $data['email'] : $user->data['user_email'], - 'user_email_hash' => ($auth->acl_get('u_chgemail')) ? phpbb_email_hash($data['email']) : $user->data['user_email_hash'], 'user_password' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? $passwords_manager->hash($data['new_password']) : $user->data['user_password'], ); @@ -267,7 +266,7 @@ class ucp_profile 'CUR_PASSWORD' => '', 'L_USERNAME_EXPLAIN' => $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_name_chars']), $user->lang('CHARACTERS', (int) $config['max_name_chars'])), - 'L_CHANGE_PASSWORD_EXPLAIN' => $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars']), $user->lang('CHARACTERS', (int) $config['max_pass_chars'])), + 'L_CHANGE_PASSWORD_EXPLAIN' => $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars'])), 'S_FORCE_PASSWORD' => ($auth->acl_get('u_chgpasswd') && $config['chg_passforce'] && $user->data['user_passchg'] < time() - ($config['chg_passforce'] * 86400)) ? true : false, 'S_CHANGE_USERNAME' => ($config['allow_namechange'] && $auth->acl_get('u_chgname')) ? true : false, diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php index 03ac63b12b..00fa8034f9 100644 --- a/phpBB/includes/ucp/ucp_register.php +++ b/phpBB/includes/ucp/ucp_register.php @@ -276,9 +276,9 @@ class ucp_register array('string', false, $config['min_name_chars'], $config['max_name_chars']), array('username', '')), 'new_password' => array( - array('string', false, $config['min_pass_chars'], $config['max_pass_chars']), + array('string', false, $config['min_pass_chars'], 0), array('password')), - 'password_confirm' => array('string', false, $config['min_pass_chars'], $config['max_pass_chars']), + 'password_confirm' => array('string', false, $config['min_pass_chars'], 0), 'email' => array( array('string', false, 6, 60), array('user_email')), @@ -452,6 +452,9 @@ class ucp_register { $message = $user->lang['ACCOUNT_ADDED']; $email_template = 'user_welcome'; + + // Autologin after registration + $user->session_create($user_id, 0, false, 1); } if ($config['email_enable']) @@ -600,6 +603,31 @@ class ucp_register break; } + /* @var $provider_collection \phpbb\auth\provider_collection */ + $provider_collection = $phpbb_container->get('auth.provider_collection'); + $auth_provider = $provider_collection->get_provider(); + + $auth_provider_data = $auth_provider->get_login_data(); + if ($auth_provider_data) + { + if (isset($auth_provider_data['VARS'])) + { + $template->assign_vars($auth_provider_data['VARS']); + } + + if (isset($auth_provider_data['BLOCK_VAR_NAME'])) + { + foreach ($auth_provider_data['BLOCK_VARS'] as $block_vars) + { + $template->assign_block_vars($auth_provider_data['BLOCK_VAR_NAME'], $block_vars); + } + } + + $template->assign_vars(array( + 'PROVIDER_TEMPLATE_FILE' => $auth_provider_data['TEMPLATE_FILE'], + )); + } + // Assign template vars for timezone select phpbb_timezone_select($template, $user, $data['tz'], true); @@ -611,7 +639,7 @@ class ucp_register 'L_REG_COND' => $l_reg_cond, 'L_USERNAME_EXPLAIN' => $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_name_chars']), $user->lang('CHARACTERS', (int) $config['max_name_chars'])), - 'L_PASSWORD_EXPLAIN' => $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars']), $user->lang('CHARACTERS', (int) $config['max_pass_chars'])), + 'L_PASSWORD_EXPLAIN' => $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars'])), 'S_LANG_OPTIONS' => language_select($data['lang']), 'S_TZ_PRESELECT' => !$submit, diff --git a/phpBB/includes/ucp/ucp_remind.php b/phpBB/includes/ucp/ucp_remind.php deleted file mode 100644 index e50428bfea..0000000000 --- a/phpBB/includes/ucp/ucp_remind.php +++ /dev/null @@ -1,174 +0,0 @@ -<?php -/** -* -* This file is part of the phpBB Forum Software package. -* -* @copyright (c) phpBB Limited <https://www.phpbb.com> -* @license GNU General Public License, version 2 (GPL-2.0) -* -* For full copyright and license information, please see -* the docs/CREDITS.txt file. -* -*/ - -/** -* @ignore -*/ -if (!defined('IN_PHPBB')) -{ - exit; -} - -/** -* ucp_remind -* Sending password reminders -*/ -class ucp_remind -{ - var $u_action; - - function main($id, $mode) - { - global $config, $phpbb_root_path, $phpEx, $request; - global $db, $user, $template, $phpbb_container, $phpbb_dispatcher; - - if (!$config['allow_password_reset']) - { - trigger_error($user->lang('UCP_PASSWORD_RESET_DISABLED', '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>')); - } - - $username = $request->variable('username', '', true); - $email = strtolower($request->variable('email', '')); - $submit = (isset($_POST['submit'])) ? true : false; - - add_form_key('ucp_remind'); - - if ($submit) - { - if (!check_form_key('ucp_remind')) - { - trigger_error('FORM_INVALID'); - } - - if (empty($email)) - { - trigger_error('NO_EMAIL_USER'); - } - - $sql_array = array( - 'SELECT' => 'user_id, username, user_permissions, user_email, user_jabber, user_notify_type, user_type, user_lang, user_inactive_reason', - 'FROM' => array(USERS_TABLE => 'u'), - 'WHERE' => "user_email_hash = '" . $db->sql_escape(phpbb_email_hash($email)) . "'" . - (!empty($username) ? " AND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'" : ''), - ); - - /** - * Change SQL query for fetching user data - * - * @event core.ucp_remind_modify_select_sql - * @var string email User's email from the form - * @var string username User's username from the form - * @var array sql_array Fully assembled SQL query with keys SELECT, FROM, WHERE - * @since 3.1.11-RC1 - */ - $vars = array( - 'email', - 'username', - 'sql_array', - ); - extract($phpbb_dispatcher->trigger_event('core.ucp_remind_modify_select_sql', compact($vars))); - - $sql = $db->sql_build_query('SELECT', $sql_array); - $result = $db->sql_query_limit($sql, 2); // don't waste resources on more rows than we need - $rowset = $db->sql_fetchrowset($result); - - if (count($rowset) > 1) - { - $db->sql_freeresult($result); - - $template->assign_vars(array( - 'USERNAME_REQUIRED' => true, - 'EMAIL' => $email, - )); - } - else - { - $message = $user->lang['PASSWORD_UPDATED_IF_EXISTED'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>'); - - if (empty($rowset)) - { - trigger_error($message); - } - - $user_row = $rowset[0]; - $db->sql_freeresult($result); - - if (!$user_row) - { - trigger_error($message); - } - - if ($user_row['user_type'] == USER_IGNORE || $user_row['user_type'] == USER_INACTIVE) - { - trigger_error($message); - } - - // Check users permissions - $auth2 = new \phpbb\auth\auth(); - $auth2->acl($user_row); - - if (!$auth2->acl_get('u_chgpasswd')) - { - trigger_error($message); - } - - $server_url = generate_board_url(); - - // Make password at least 8 characters long, make it longer if admin wants to. - // gen_rand_string() however has a limit of 12 or 13. - $user_password = gen_rand_string_friendly(max(8, mt_rand((int) $config['min_pass_chars'], (int) $config['max_pass_chars']))); - - // For the activation key a random length between 6 and 10 will do. - $user_actkey = gen_rand_string(mt_rand(6, 10)); - - // Instantiate passwords manager - /* @var $manager \phpbb\passwords\manager */ - $passwords_manager = $phpbb_container->get('passwords.manager'); - - $sql = 'UPDATE ' . USERS_TABLE . " - SET user_newpasswd = '" . $db->sql_escape($passwords_manager->hash($user_password)) . "', user_actkey = '" . $db->sql_escape($user_actkey) . "' - WHERE user_id = " . $user_row['user_id']; - $db->sql_query($sql); - - include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); - - $messenger = new messenger(false); - - $messenger->template('user_activate_passwd', $user_row['user_lang']); - - $messenger->set_addresses($user_row); - - $messenger->anti_abuse_headers($config, $user); - - $messenger->assign_vars(array( - 'USERNAME' => htmlspecialchars_decode($user_row['username']), - 'PASSWORD' => htmlspecialchars_decode($user_password), - 'U_ACTIVATE' => "$server_url/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k=$user_actkey") - ); - - $messenger->send($user_row['user_notify_type']); - - trigger_error($message); - } - } - - $template->assign_vars(array( - 'USERNAME' => $username, - 'EMAIL' => $email, - 'S_PROFILE_ACTION' => append_sid($phpbb_root_path . 'ucp.' . $phpEx, 'mode=sendpassword')) - ); - - $this->tpl_name = 'ucp_remind'; - $this->page_title = 'UCP_REMIND'; - } -} diff --git a/phpBB/includes/ucp/ucp_resend.php b/phpBB/includes/ucp/ucp_resend.php index 44c54100cd..55923668d4 100644 --- a/phpBB/includes/ucp/ucp_resend.php +++ b/phpBB/includes/ucp/ucp_resend.php @@ -47,7 +47,7 @@ class ucp_resend $sql = 'SELECT user_id, group_id, username, user_email, user_type, user_lang, user_actkey, user_inactive_reason FROM ' . USERS_TABLE . " - WHERE user_email_hash = '" . $db->sql_escape(phpbb_email_hash($email)) . "' + WHERE user_email = '" . $db->sql_escape($email) . "' AND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; $result = $db->sql_query($sql); $user_row = $db->sql_fetchrow($result); |