diff options
Diffstat (limited to 'phpBB/includes')
| -rw-r--r-- | phpBB/includes/acp/acp_attachments.php | 9 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_board.php | 4 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_database.php | 1 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_forums.php | 16 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_profile.php | 1 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_reasons.php | 1 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_users.php | 62 | ||||
| -rw-r--r-- | phpBB/includes/db/postgres.php | 9 | ||||
| -rw-r--r-- | phpBB/includes/functions.php | 25 | ||||
| -rw-r--r-- | phpBB/includes/functions_admin.php | 8 | ||||
| -rw-r--r-- | phpBB/includes/functions_posting.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/functions_profile_fields.php | 1 | ||||
| -rw-r--r-- | phpBB/includes/functions_upload.php | 25 | ||||
| -rw-r--r-- | phpBB/includes/message_parser.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_pm_compose.php | 2 |
15 files changed, 117 insertions, 51 deletions
diff --git a/phpBB/includes/acp/acp_attachments.php b/phpBB/includes/acp/acp_attachments.php index 25e51814c4..980558c830 100644 --- a/phpBB/includes/acp/acp_attachments.php +++ b/phpBB/includes/acp/acp_attachments.php @@ -90,6 +90,7 @@ class acp_attachments $s_assigned_groups = array(); while ($row = $db->sql_fetchrow($result)) { + $row['group_name'] = (isset($user->lang['EXT_GROUP_' . $row['group_name']])) ? $user->lang['EXT_GROUP_' . $row['group_name']] : $row['group_name']; $s_assigned_groups[$row['cat_id']][] = $row['group_name']; } $db->sql_freeresult($result); @@ -494,6 +495,10 @@ class acp_attachments $sql = 'SELECT group_id FROM ' . EXTENSION_GROUPS_TABLE . " WHERE LOWER(group_name) = '" . $db->sql_escape(utf8_strtolower($new_group_name)) . "'"; + if ($group_id) + { + $sql .= ' AND group_id <> ' . $group_id; + } $result = $db->sql_query($sql); if ($db->sql_fetchrow($result)) @@ -551,6 +556,7 @@ class acp_attachments $group_id = $db->sql_nextid(); } + $group_name = (isset($user->lang['EXT_GROUP_' . $group_name])) ? $user->lang['EXT_GROUP_' . $group_name] : $group_name; add_log('admin', 'LOG_ATTACH_EXTGROUP_' . strtoupper($action), $group_name); } @@ -858,7 +864,7 @@ class acp_attachments 'U_EDIT' => $this->u_action . "&action=edit&g={$row['group_id']}", 'U_DELETE' => $this->u_action . "&action=delete&g={$row['group_id']}", - 'GROUP_NAME' => $row['group_name'], + 'GROUP_NAME' => (isset($user->lang['EXT_GROUP_' . $row['group_name']])) ? $user->lang['EXT_GROUP_' . $row['group_name']] : $row['group_name'], 'CATEGORY' => $cat_lang[$row['cat_id']], ) ); @@ -1118,6 +1124,7 @@ class acp_attachments $group_name = array(); while ($row = $db->sql_fetchrow($result)) { + $row['group_name'] = (isset($user->lang['EXT_GROUP_' . $row['group_name']])) ? $user->lang['EXT_GROUP_' . $row['group_name']] : $row['group_name']; $group_name[] = $row; } $db->sql_freeresult($result); diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index a5feac1902..7680d8996c 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -888,8 +888,8 @@ class acp_board $old_tz = $user->timezone; $old_dst = $user->dst; - $user->timezone = $config['board_timezone']; - $user->dst = $config['board_dst']; + $user->timezone = $config['board_timezone'] * 3600; + $user->dst = $config['board_dst'] * 3600; $dateformat_options = ''; diff --git a/phpBB/includes/acp/acp_database.php b/phpBB/includes/acp/acp_database.php index abfad2b90b..0582d6204e 100644 --- a/phpBB/includes/acp/acp_database.php +++ b/phpBB/includes/acp/acp_database.php @@ -394,6 +394,7 @@ class acp_database case 'mssql': case 'mssql_odbc': + case 'mssqlnative': while (($sql = $fgetd($fp, "GO\n", $read, $seek, $eof)) !== false) { $db->sql_query($sql); diff --git a/phpBB/includes/acp/acp_forums.php b/phpBB/includes/acp/acp_forums.php index 5a5adc57ae..541a514bef 100644 --- a/phpBB/includes/acp/acp_forums.php +++ b/phpBB/includes/acp/acp_forums.php @@ -169,7 +169,7 @@ class acp_forums $forum_data['forum_status'] = ITEM_UNLOCKED; } - $forum_data['show_active'] = ($forum_data['forum_type'] == FORUM_POST) ? request_var('display_recent', true) : request_var('display_active', true); + $forum_data['show_active'] = ($forum_data['forum_type'] == FORUM_POST) ? request_var('display_recent', true) : request_var('display_active', false); // Get data for forum rules if specified... if ($forum_data['forum_rules']) @@ -407,7 +407,7 @@ class acp_forums $exclude_forums[] = $row['forum_id']; } - $parents_list = make_forum_select($forum_data['parent_id'], $exclude_forums, true, false, false); + $parents_list = make_forum_select($forum_data['parent_id'], $exclude_forums, false, false, false); $forum_data['forum_password_confirm'] = $forum_data['forum_password']; } @@ -416,7 +416,7 @@ class acp_forums $this->page_title = 'CREATE_FORUM'; $forum_id = $this->parent_id; - $parents_list = make_forum_select($this->parent_id, false, true, false, false); + $parents_list = make_forum_select($this->parent_id, false, false, false, false); // Fill forum data with default values if (!$update) @@ -639,7 +639,8 @@ class acp_forums 'S_PRUNE_OLD_POLLS' => ($forum_data['forum_flags'] & FORUM_FLAG_PRUNE_POLL) ? true : false, 'S_PRUNE_ANNOUNCE' => ($forum_data['forum_flags'] & FORUM_FLAG_PRUNE_ANNOUNCE) ? true : false, 'S_PRUNE_STICKY' => ($forum_data['forum_flags'] & FORUM_FLAG_PRUNE_STICKY) ? true : false, - 'S_DISPLAY_ACTIVE_TOPICS' => ($forum_data['forum_flags'] & FORUM_FLAG_ACTIVE_TOPICS) ? true : false, + 'S_DISPLAY_ACTIVE_TOPICS' => ($forum_data['forum_type'] == FORUM_POST) ? ($forum_data['forum_flags'] & FORUM_FLAG_ACTIVE_TOPICS) : true, + 'S_ENABLE_ACTIVE_TOPICS' => ($forum_data['forum_type'] == FORUM_CAT) ? ($forum_data['forum_flags'] & FORUM_FLAG_ACTIVE_TOPICS) : false, 'S_ENABLE_POST_REVIEW' => ($forum_data['forum_flags'] & FORUM_FLAG_POST_REVIEW) ? true : false, 'S_ENABLE_QUICK_REPLY' => ($forum_data['forum_flags'] & FORUM_FLAG_QUICK_REPLY) ? true : false, 'S_CAN_COPY_PERMISSIONS' => ($action != 'edit' || empty($forum_id) || ($auth->acl_get('a_fauth') && $auth->acl_get('a_authusers') && $auth->acl_get('a_authgroups') && $auth->acl_get('a_mauth'))) ? true : false, @@ -1705,6 +1706,9 @@ class acp_forums ) ); + // Amount of rows we select and delete in one iteration. + $batch_size = 500; + foreach ($tables_ary as $field => $tables) { $start = 0; @@ -1714,7 +1718,7 @@ class acp_forums $sql = "SELECT $field FROM " . POSTS_TABLE . ' WHERE forum_id = ' . $forum_id; - $result = $db->sql_query_limit($sql, 500, $start); + $result = $db->sql_query_limit($sql, $batch_size, $start); $ids = array(); while ($row = $db->sql_fetchrow($result)) @@ -1733,7 +1737,7 @@ class acp_forums } } } - while ($row); + while (sizeof($ids) == $batch_size); } unset($ids); diff --git a/phpBB/includes/acp/acp_profile.php b/phpBB/includes/acp/acp_profile.php index fc08c7e8e8..2288a0728b 100644 --- a/phpBB/includes/acp/acp_profile.php +++ b/phpBB/includes/acp/acp_profile.php @@ -1480,6 +1480,7 @@ class acp_profile case 'mssql': case 'mssql_odbc': + case 'mssqlnative': // We are defining the biggest common value, because of the possibility to edit the min/max values of each field. $sql = 'ALTER TABLE [' . PROFILE_FIELDS_DATA_TABLE . "] ADD [$field_ident] "; diff --git a/phpBB/includes/acp/acp_reasons.php b/phpBB/includes/acp/acp_reasons.php index 8d7bc88769..dbc9fcb6cc 100644 --- a/phpBB/includes/acp/acp_reasons.php +++ b/phpBB/includes/acp/acp_reasons.php @@ -233,6 +233,7 @@ class acp_reasons // Standard? What's that? case 'mssql': case 'mssql_odbc': + case 'mssqlnative': // Change the reports using this reason to 'other' $sql = "DECLARE @ptrval binary(16) diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index 4905840e02..7914edd056 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -105,7 +105,7 @@ class acp_users LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id) WHERE u.user_id = ' . $user_id . ' ORDER BY s.session_time DESC'; - $result = $db->sql_query($sql); + $result = $db->sql_query_limit($sql, 1); $user_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); @@ -191,24 +191,31 @@ class acp_users trigger_error($user->lang['CANNOT_REMOVE_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } - if (confirm_box(true)) + if ($delete_type) { - user_delete($delete_type, $user_id, $user_row['username']); + if (confirm_box(true)) + { + user_delete($delete_type, $user_id, $user_row['username']); - add_log('admin', 'LOG_USER_DELETED', $user_row['username']); - trigger_error($user->lang['USER_DELETED'] . adm_back_link($this->u_action)); + add_log('admin', 'LOG_USER_DELETED', $user_row['username']); + trigger_error($user->lang['USER_DELETED'] . adm_back_link($this->u_action)); + } + else + { + confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( + 'u' => $user_id, + 'i' => $id, + 'mode' => $mode, + 'action' => $action, + 'update' => true, + 'delete' => 1, + 'delete_type' => $delete_type)) + ); + } } else { - confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array( - 'u' => $user_id, - 'i' => $id, - 'mode' => $mode, - 'action' => $action, - 'update' => true, - 'delete' => 1, - 'delete_type' => $delete_type)) - ); + trigger_error($user->lang['NO_MODE'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } } @@ -1550,6 +1557,31 @@ class acp_users WHERE user_id = $user_id"; $db->sql_query($sql); + // Check if user has an active session + if ($user_row['session_id']) + { + // We'll update the session if user_allow_viewonline has changed and the user is a bot + // Or if it's a regular user and the admin set it to hide the session + if ($user_row['user_allow_viewonline'] != $sql_ary['user_allow_viewonline'] && $user_row['user_type'] == USER_IGNORE + || $user_row['user_allow_viewonline'] && !$sql_ary['user_allow_viewonline']) + { + // We also need to check if the user has the permission to cloak. + $user_auth = new auth(); + $user_auth->acl($user_row); + + $session_sql_ary = array( + 'session_viewonline' => ($user_auth->acl_get('u_hideonline')) ? $sql_ary['user_allow_viewonline'] : true, + ); + + $sql = 'UPDATE ' . SESSIONS_TABLE . ' + SET ' . $db->sql_build_array('UPDATE', $session_sql_ary) . " + WHERE session_user_id = $user_id"; + $db->sql_query($sql); + + unset($user_auth); + } + } + trigger_error($user->lang['USER_PREFS_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); } @@ -2084,7 +2116,7 @@ class acp_users LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id) WHERE u.user_id = ' . $user_id . ' ORDER BY s.session_time DESC'; - $result = $db->sql_query($sql); + $result = $db->sql_query_limit($sql, 1); $user_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); } diff --git a/phpBB/includes/db/postgres.php b/phpBB/includes/db/postgres.php index d117e8c948..b3139b3d79 100644 --- a/phpBB/includes/db/postgres.php +++ b/phpBB/includes/db/postgres.php @@ -76,7 +76,14 @@ class dbal_postgres extends dbal $this->persistency = $persistency; - $this->db_connect_id = ($this->persistency) ? @pg_pconnect($connect_string, $new_link) : @pg_connect($connect_string, $new_link); + if ($this->persistency) + { + $this->db_connect_id = (!$new_link) ? @pg_pconnect($connect_string) : @pg_pconnect($connect_string, PGSQL_CONNECT_FORCE_NEW); + } + else + { + $this->db_connect_id = (!$new_link) ? @pg_connect($connect_string) : @pg_connect($connect_string, PGSQL_CONNECT_FORCE_NEW); + } if ($this->db_connect_id) { diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 4f52c7c2ce..01f17fa521 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -175,11 +175,8 @@ function set_config_count($config_name, $increment, $is_dynamic = false) switch ($db->sql_layer) { case 'firebird': - $sql_update = 'CAST(CAST(config_value as integer) + ' . (int) $increment . ' as VARCHAR(255))'; - break; - case 'postgres': - $sql_update = 'int4(config_value) + ' . (int) $increment; + $sql_update = 'CAST(CAST(config_value as DECIMAL(255, 0)) + ' . (int) $increment . ' as VARCHAR(255))'; break; // MySQL, SQlite, mssql, mssql_odbc, oracle @@ -3338,7 +3335,7 @@ function get_preg_expression($mode) break; case 'ipv6': - return '#^(?:(?:(?:[\dA-F]{1,4}:){6}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:::(?:[\dA-F]{1,4}:){5}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:):(?:[\dA-F]{1,4}:){4}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,2}:(?:[\dA-F]{1,4}:){3}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,3}:(?:[\dA-F]{1,4}:){2}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,4}:(?:[\dA-F]{1,4}:)(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,5}:(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,6}:[\dA-F]{1,4})|(?:(?:[\dA-F]{1,4}:){1,7}:))$#i'; + return '#^(?:(?:(?:[\dA-F]{1,4}:){6}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:::(?:[\dA-F]{1,4}:){0,5}(?:[\dA-F]{1,4}(?::[\dA-F]{1,4})?|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:):(?:[\dA-F]{1,4}:){4}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,2}:(?:[\dA-F]{1,4}:){3}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,3}:(?:[\dA-F]{1,4}:){2}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,4}:(?:[\dA-F]{1,4}:)(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,5}:(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,6}:[\dA-F]{1,4})|(?:(?:[\dA-F]{1,4}:){1,7}:)|(?:::))$#i'; break; case 'url': @@ -3409,13 +3406,14 @@ function phpbb_checkdnsrr($host, $type = '') { $type = (!$type) ? 'MX' : $type; - if (DIRECTORY_SEPARATOR == '\\') + // Call checkdnsrr() if available. This is also the case on Windows with PHP 5.3 or later. + if (function_exists('checkdnsrr')) + { + // The dot indicates to search the DNS root (helps those having DNS prefixes on the same domain) + return checkdnsrr($host . '.', $type); + } + else if (DIRECTORY_SEPARATOR == '\\' && function_exists('exec')) { - if (!function_exists('exec')) - { - return NULL; - } - // @exec('nslookup -retry=1 -timout=1 -type=' . escapeshellarg($type) . ' ' . escapeshellarg($host), $output); @exec('nslookup -type=' . escapeshellarg($type) . ' ' . escapeshellarg($host) . '.', $output); @@ -3441,11 +3439,6 @@ function phpbb_checkdnsrr($host, $type = '') return false; } - else if (function_exists('checkdnsrr')) - { - // The dot indicates to search the DNS root (helps those having DNS prefixes on the same domain) - return (checkdnsrr($host . '.', $type)) ? true : false; - } return NULL; } diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php index 93244be55c..4cd2962e3b 100644 --- a/phpBB/includes/functions_admin.php +++ b/phpBB/includes/functions_admin.php @@ -96,16 +96,12 @@ function make_forum_select($select_id = false, $ignore_id = false, $ignore_acl = $right = $row['right_id']; $disabled = false; - if (!$ignore_acl && $auth->acl_get('f_list', $row['forum_id'])) + if (!$ignore_acl && $auth->acl_gets(array('f_list', 'a_forum', 'a_forumadd', 'a_forumdel'), $row['forum_id'])) { if ($only_acl_post && !$auth->acl_get('f_post', $row['forum_id']) || (!$auth->acl_get('m_approve', $row['forum_id']) && !$auth->acl_get('f_noapprove', $row['forum_id']))) { $disabled = true; } - else if (!$only_acl_post && !$auth->acl_gets(array('f_list', 'a_forum', 'a_forumadd', 'a_forumdel'), $row['forum_id'])) - { - $disabled = true; - } } else if (!$ignore_acl) { @@ -675,7 +671,7 @@ function delete_topics($where_type, $where_ids, $auto_sync = true, $post_count_s $db->sql_transaction('begin'); - $table_ary = array(TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, POLL_VOTES_TABLE, POLL_OPTIONS_TABLE, TOPICS_WATCH_TABLE, TOPICS_TABLE); + $table_ary = array(BOOKMARKS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, POLL_VOTES_TABLE, POLL_OPTIONS_TABLE, TOPICS_WATCH_TABLE, TOPICS_TABLE); foreach ($table_ary as $table) { diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index 21c5fe7aca..4cb3941ce0 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -1146,7 +1146,7 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id } } - unset($rowset[$i]); + unset($rowset[$post_list[$i]]); } if ($mode == 'topic_review') diff --git a/phpBB/includes/functions_profile_fields.php b/phpBB/includes/functions_profile_fields.php index 61e3587158..fa1cc98e10 100644 --- a/phpBB/includes/functions_profile_fields.php +++ b/phpBB/includes/functions_profile_fields.php @@ -366,6 +366,7 @@ class custom_profile case 'sqlite': case 'mssql': case 'mssql_odbc': + case 'mssqlnative': $right_delim = ']'; $left_delim = '['; break; diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index 054af29045..51fed45ebd 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -775,7 +775,18 @@ class fileupload { if ($get_info) { - $data .= @fread($fsock, 1024); + $block = @fread($fsock, 1024); + $filesize += strlen($block); + + if ($this->max_filesize && $filesize > $this->max_filesize) + { + $max_filesize = get_formatted_filesize($this->max_filesize, false); + + $file = new fileerror(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit'])); + return $file; + } + + $data .= $block; } else { @@ -791,6 +802,18 @@ class fileupload { $upload_ary['type'] = rtrim(str_replace('content-type: ', '', strtolower($line))); } + else if ($this->max_filesize && stripos($line, 'content-length: ') !== false) + { + $length = (int) str_replace('content-length: ', '', strtolower($line)); + + if ($length && $length > $this->max_filesize) + { + $max_filesize = get_formatted_filesize($this->max_filesize, false); + + $file = new fileerror(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit'])); + return $file; + } + } else if (stripos($line, '404 not found') !== false) { $file = new fileerror($user->lang[$this->error_prefix . 'URL_NOT_FOUND']); diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index 50aad8588a..952b55cc8c 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -300,7 +300,7 @@ class bbcode_firstpass extends bbcode if ($config['max_' . $this->mode . '_img_height'] || $config['max_' . $this->mode . '_img_width']) { - $stats = @getimagesize($in); + $stats = @getimagesize(htmlspecialchars_decode($in)); if ($stats === false) { diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index 4d72d45f81..b596e72c41 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -1054,7 +1054,7 @@ function compose_pm($id, $mode, $action) 'S_COMPOSE_PM' => true, 'S_EDIT_POST' => ($action == 'edit'), 'S_SHOW_PM_ICONS' => $s_pm_icons, - 'S_BBCODE_ALLOWED' => $bbcode_status, + 'S_BBCODE_ALLOWED' => ($bbcode_status) ? 1 : 0, 'S_BBCODE_CHECKED' => ($bbcode_checked) ? ' checked="checked"' : '', 'S_SMILIES_ALLOWED' => $smilies_status, 'S_SMILIES_CHECKED' => ($smilies_checked) ? ' checked="checked"' : '', |