diff options
Diffstat (limited to 'phpBB/includes')
| -rw-r--r-- | phpBB/includes/acp/acp_bbcodes.php | 5 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_board.php | 1 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_forums.php | 46 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_users.php | 5 | ||||
| -rw-r--r-- | phpBB/includes/constants.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/functions.php | 347 | ||||
| -rw-r--r-- | phpBB/includes/functions_acp.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/functions_compatibility.php | 72 | ||||
| -rw-r--r-- | phpBB/includes/functions_convert.php | 10 | ||||
| -rw-r--r-- | phpBB/includes/functions_display.php | 7 | ||||
| -rw-r--r-- | phpBB/includes/functions_messenger.php | 25 | ||||
| -rw-r--r-- | phpBB/includes/functions_posting.php | 26 | ||||
| -rw-r--r-- | phpBB/includes/functions_transfer.php | 4 | ||||
| -rw-r--r-- | phpBB/includes/functions_user.php | 14 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_pm_compose.php | 5 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_profile.php | 1 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_register.php | 29 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_resend.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/utf/utf_tools.php | 43 |
19 files changed, 232 insertions, 414 deletions
diff --git a/phpBB/includes/acp/acp_bbcodes.php b/phpBB/includes/acp/acp_bbcodes.php index 5360ab0f7b..a67f3c54f9 100644 --- a/phpBB/includes/acp/acp_bbcodes.php +++ b/phpBB/includes/acp/acp_bbcodes.php @@ -211,11 +211,6 @@ class acp_bbcodes $test = $data['bbcode_tag']; } - if (!preg_match('%\\[' . $test . '[^]]*].*?\\[/' . $test . ']%s', $bbcode_match)) - { - trigger_error($user->lang['BBCODE_OPEN_ENDED_TAG'] . adm_back_link($this->u_action), E_USER_WARNING); - } - if (strlen($data['bbcode_tag']) > 16) { trigger_error($user->lang['BBCODE_TAG_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING); diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index 05871e4157..2441a37edc 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -101,6 +101,7 @@ class acp_board 'allow_bookmarks' => array('lang' => 'ALLOW_BOOKMARKS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'allow_birthdays' => array('lang' => 'ALLOW_BIRTHDAYS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'display_last_subject' => array('lang' => 'DISPLAY_LAST_SUBJECT', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), + 'display_unapproved_posts' => array('lang' => 'DISPLAY_UNAPPROVED_POSTS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'allow_quick_reply' => array('lang' => 'ALLOW_QUICK_REPLY', 'validate' => 'bool', 'type' => 'custom', 'method' => 'quick_reply', 'explain' => true), 'legend2' => 'ACP_SUBMIT_CHANGES', diff --git a/phpBB/includes/acp/acp_forums.php b/phpBB/includes/acp/acp_forums.php index 9044cd0e97..ba3901f67a 100644 --- a/phpBB/includes/acp/acp_forums.php +++ b/phpBB/includes/acp/acp_forums.php @@ -131,11 +131,12 @@ class acp_forums 'forum_rules_link' => $request->variable('forum_rules_link', ''), 'forum_image' => $request->variable('forum_image', ''), 'forum_style' => $request->variable('forum_style', 0), - 'display_subforum_list' => $request->variable('display_subforum_list', false), - 'display_on_index' => $request->variable('display_on_index', false), + 'display_subforum_list' => $request->variable('display_subforum_list', true), + 'display_subforum_limit'=> $request->variable('display_subforum_limit', false), + 'display_on_index' => $request->variable('display_on_index', true), 'forum_topics_per_page' => $request->variable('topics_per_page', 0), 'enable_indexing' => $request->variable('enable_indexing', true), - 'enable_icons' => $request->variable('enable_icons', false), + 'enable_icons' => $request->variable('enable_icons', true), 'enable_prune' => $request->variable('enable_prune', false), 'enable_post_review' => $request->variable('enable_post_review', true), 'enable_quick_reply' => $request->variable('enable_quick_reply', false), @@ -454,10 +455,11 @@ class acp_forums 'forum_image' => '', 'forum_style' => 0, 'display_subforum_list' => true, - 'display_on_index' => false, + 'display_subforum_limit' => false, + 'display_on_index' => true, 'forum_topics_per_page' => 0, 'enable_indexing' => true, - 'enable_icons' => false, + 'enable_icons' => true, 'enable_prune' => false, 'prune_days' => 7, 'prune_viewed' => 7, @@ -676,6 +678,7 @@ class acp_forums 'S_ENABLE_INDEXING' => ($forum_data['enable_indexing']) ? true : false, 'S_TOPIC_ICONS' => ($forum_data['enable_icons']) ? true : false, 'S_DISPLAY_SUBFORUM_LIST' => ($forum_data['display_subforum_list']) ? true : false, + 'S_DISPLAY_SUBFORUM_LIMIT' => ($forum_data['display_subforum_limit']) ? true : false, 'S_DISPLAY_ON_INDEX' => ($forum_data['display_on_index']) ? true : false, 'S_PRUNE_ENABLE' => ($forum_data['enable_prune']) ? true : false, 'S_PRUNE_SHADOW_ENABLE' => ($forum_data['enable_shadow_prune']) ? true : false, @@ -986,10 +989,20 @@ class acp_forums $errors[] = $user->lang['FORUM_NAME_EMPTY']; } - // No Emojis + /** + * Replace Emojis and other 4bit UTF-8 chars not allowed by MySql to UCR / NCR. + * Using their Numeric Character Reference's Hexadecimal notation. + */ + $forum_data_ary['forum_name'] = utf8_encode_ucr($forum_data_ary['forum_name']); + + /** + * This should never happen again. + * Leaving the fallback here just in case there will be the need of it. + */ if (preg_match_all('/[\x{10000}-\x{10FFFF}]/u', $forum_data_ary['forum_name'], $matches)) { $character_list = implode('<br>', $matches[0]); + $errors[] = $user->lang('FORUM_NAME_EMOJI', $character_list); } @@ -1423,8 +1436,8 @@ class acp_forums * This event may be triggered, when a forum is deleted * * @event core.acp_manage_forums_move_children - * @var int from_id If of the current parent forum - * @var int to_id If of the new parent forum + * @var int from_id Id of the current parent forum + * @var int to_id Id of the new parent forum * @var array errors Array of errors, should be strings and not * language key. * @since 3.1.0-a1 @@ -1529,8 +1542,8 @@ class acp_forums * Event when we move content from one forum to another * * @event core.acp_manage_forums_move_content - * @var int from_id If of the current parent forum - * @var int to_id If of the new parent forum + * @var int from_id Id of the current parent forum + * @var int to_id Id of the new parent forum * @var bool sync Shall we sync the "to"-forum's data * @var array errors Array of errors, should be strings and not * language key. If this array is not empty, @@ -1576,6 +1589,19 @@ class acp_forums $db->sql_query($sql); } + /** + * Event when content has been moved from one forum to another + * + * @event core.acp_manage_forums_move_content_after + * @var int from_id Id of the current parent forum + * @var int to_id Id of the new parent forum + * @var bool sync Shall we sync the "to"-forum's data + * + * @since 3.2.9-RC1 + */ + $vars = array('from_id', 'to_id', 'sync'); + extract($phpbb_dispatcher->trigger_event('core.acp_manage_forums_move_content_after', compact($vars))); + if ($sync) { // Delete ghost topics that link back to the same forum then resync counters diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index 1b66943490..6993c86279 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -966,10 +966,7 @@ class acp_users if ($update_email !== false) { - $sql_ary += array( - 'user_email' => $update_email, - 'user_email_hash' => phpbb_email_hash($update_email), - ); + $sql_ary += ['user_email' => $update_email]; $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_UPDATE_EMAIL', false, array( 'reportee_id' => $user_id, diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index 9f7a325a2b..493399bd71 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -28,7 +28,7 @@ if (!defined('IN_PHPBB')) */ // phpBB Version -@define('PHPBB_VERSION', '3.3.0-b1-dev'); +@define('PHPBB_VERSION', '3.3.0-RC1-dev'); // QA-related // define('PHPBB_QA', 1); diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index e1f6fa3d1b..9759eabb5a 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -264,18 +264,6 @@ function still_on_time($extra_time = 15) } /** -* Hashes an email address to a big integer -* -* @param string $email Email address -* -* @return string Unsigned Big Integer -*/ -function phpbb_email_hash($email) -{ - return sprintf('%u', crc32(strtolower($email))) . strlen($email); -} - -/** * Wrapper for version_compare() that allows using uppercase A and B * for alpha and beta releases. * @@ -2276,6 +2264,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa $err = ''; $form_name = 'login'; + $username = $autologin = false; // Make sure user->setup() has been called if (!$user->is_setup()) @@ -2851,10 +2840,13 @@ function get_preg_expression($mode) // Whoa these look impressive! // The code to generate the following two regular expressions which match valid IPv4/IPv6 addresses // can be found in the develop directory + + // @deprecated case 'ipv4': return '#^(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])$#'; break; + // @deprecated case 'ipv6': return '#^(?:(?:(?:[\dA-F]{1,4}:){6}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:::(?:[\dA-F]{1,4}:){0,5}(?:[\dA-F]{1,4}(?::[\dA-F]{1,4})?|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:):(?:[\dA-F]{1,4}:){4}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,2}:(?:[\dA-F]{1,4}:){3}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,3}:(?:[\dA-F]{1,4}:){2}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,4}:(?:[\dA-F]{1,4}:)(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,5}:(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,6}:[\dA-F]{1,4})|(?:(?:[\dA-F]{1,4}:){1,7}:)|(?:::))$#i'; break; @@ -2980,331 +2972,26 @@ function short_ipv6($ip, $length) * @return mixed false if specified address is not valid, * string otherwise */ -function phpbb_ip_normalise($address) -{ - $address = trim($address); - - if (empty($address) || !is_string($address)) - { - return false; - } - - if (preg_match(get_preg_expression('ipv4'), $address)) - { - return $address; - } - - return phpbb_inet_ntop(phpbb_inet_pton($address)); -} - -/** -* Wrapper for inet_ntop() -* -* Converts a packed internet address to a human readable representation -* inet_ntop() is supported by PHP since 5.1.0, since 5.3.0 also on Windows. -* -* @param string $in_addr A 32bit IPv4, or 128bit IPv6 address. -* -* @return mixed false on failure, -* string otherwise -*/ -function phpbb_inet_ntop($in_addr) -{ - $in_addr = bin2hex($in_addr); - - switch (strlen($in_addr)) - { - case 8: - return implode('.', array_map('hexdec', str_split($in_addr, 2))); - - case 32: - if (substr($in_addr, 0, 24) === '00000000000000000000ffff') - { - return phpbb_inet_ntop(pack('H*', substr($in_addr, 24))); - } - - $parts = str_split($in_addr, 4); - $parts = preg_replace('/^0+(?!$)/', '', $parts); - $ret = implode(':', $parts); - - $matches = array(); - preg_match_all('/(?<=:|^)(?::?0){2,}/', $ret, $matches, PREG_OFFSET_CAPTURE); - $matches = $matches[0]; - - if (empty($matches)) - { - return $ret; - } - - $longest_match = ''; - $longest_match_offset = 0; - foreach ($matches as $match) - { - if (strlen($match[0]) > strlen($longest_match)) - { - $longest_match = $match[0]; - $longest_match_offset = $match[1]; - } - } - - $ret = substr_replace($ret, '', $longest_match_offset, strlen($longest_match)); - - if ($longest_match_offset == strlen($ret)) - { - $ret .= ':'; - } - - if ($longest_match_offset == 0) - { - $ret = ':' . $ret; - } - - return $ret; - - default: - return false; - } -} - -/** -* Wrapper for inet_pton() -* -* Converts a human readable IP address to its packed in_addr representation -* inet_pton() is supported by PHP since 5.1.0, since 5.3.0 also on Windows. -* -* @param string $address A human readable IPv4 or IPv6 address. -* -* @return mixed false if address is invalid, -* in_addr representation of the given address otherwise (string) -*/ -function phpbb_inet_pton($address) -{ - $ret = ''; - if (preg_match(get_preg_expression('ipv4'), $address)) - { - foreach (explode('.', $address) as $part) - { - $ret .= ($part <= 0xF ? '0' : '') . dechex($part); - } - - return pack('H*', $ret); - } - - if (preg_match(get_preg_expression('ipv6'), $address)) - { - $parts = explode(':', $address); - $missing_parts = 8 - count($parts) + 1; - - if (substr($address, 0, 2) === '::') - { - ++$missing_parts; - } - - if (substr($address, -2) === '::') - { - ++$missing_parts; - } - - $embedded_ipv4 = false; - $last_part = end($parts); - - if (preg_match(get_preg_expression('ipv4'), $last_part)) - { - $parts[count($parts) - 1] = ''; - $last_part = phpbb_inet_pton($last_part); - $embedded_ipv4 = true; - --$missing_parts; - } - - foreach ($parts as $i => $part) - { - if (strlen($part)) - { - $ret .= str_pad($part, 4, '0', STR_PAD_LEFT); - } - else if ($i && $i < count($parts) - 1) - { - $ret .= str_repeat('0000', $missing_parts); - } - } - - $ret = pack('H*', $ret); - - if ($embedded_ipv4) - { - $ret .= $last_part; - } - - return $ret; - } - - return false; -} - -/** -* Wrapper for php's checkdnsrr function. -* -* @param string $host Fully-Qualified Domain Name -* @param string $type Resource record type to lookup -* Supported types are: MX (default), A, AAAA, NS, TXT, CNAME -* Other types may work or may not work -* -* @return mixed true if entry found, -* false if entry not found, -* null if this function is not supported by this environment -* -* Since null can also be returned, you probably want to compare the result -* with === true or === false, -*/ -function phpbb_checkdnsrr($host, $type = 'MX') +function phpbb_ip_normalise(string $address) { - // The dot indicates to search the DNS root (helps those having DNS prefixes on the same domain) - if (substr($host, -1) == '.') - { - $host_fqdn = $host; - $host = substr($host, 0, -1); - } - else - { - $host_fqdn = $host . '.'; - } - // $host has format some.host.example.com - // $host_fqdn has format some.host.example.com. - - // If we're looking for an A record we can use gethostbyname() - if ($type == 'A' && function_exists('gethostbyname')) - { - return (@gethostbyname($host_fqdn) == $host_fqdn) ? false : true; - } - - if (function_exists('checkdnsrr')) - { - return checkdnsrr($host_fqdn, $type); - } + $ip_normalised = false; - if (function_exists('dns_get_record')) + if (filter_var($address, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) { - // dns_get_record() expects an integer as second parameter - // We have to convert the string $type to the corresponding integer constant. - $type_constant = 'DNS_' . $type; - $type_param = (defined($type_constant)) ? constant($type_constant) : DNS_ANY; - - // dns_get_record() might throw E_WARNING and return false for records that do not exist - $resultset = @dns_get_record($host_fqdn, $type_param); - - if (empty($resultset) || !is_array($resultset)) - { - return false; - } - else if ($type_param == DNS_ANY) - { - // $resultset is a non-empty array - return true; - } - - foreach ($resultset as $result) - { - if ( - isset($result['host']) && $result['host'] == $host && - isset($result['type']) && $result['type'] == $type - ) - { - return true; - } - } - - return false; + $ip_normalised = $address; } - - // If we're on Windows we can still try to call nslookup via exec() as a last resort - if (DIRECTORY_SEPARATOR == '\\' && function_exists('exec')) + else if (filter_var($address, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) { - @exec('nslookup -type=' . escapeshellarg($type) . ' ' . escapeshellarg($host_fqdn), $output); + $ip_normalised = inet_ntop(inet_pton($address)); - // If output is empty, the nslookup failed - if (empty($output)) + // If is ipv4 + if (stripos($ip_normalised, '::ffff:') === 0) { - return NULL; + $ip_normalised = substr($ip_normalised, 7); } - - foreach ($output as $line) - { - $line = trim($line); - - if (empty($line)) - { - continue; - } - - // Squash tabs and multiple whitespaces to a single whitespace. - $line = preg_replace('/\s+/', ' ', $line); - - switch ($type) - { - case 'MX': - if (stripos($line, "$host MX") === 0) - { - return true; - } - break; - - case 'NS': - if (stripos($line, "$host nameserver") === 0) - { - return true; - } - break; - - case 'TXT': - if (stripos($line, "$host text") === 0) - { - return true; - } - break; - - case 'CNAME': - if (stripos($line, "$host canonical name") === 0) - { - return true; - } - break; - - default: - case 'AAAA': - // AAAA records returned by nslookup on Windows XP/2003 have this format. - // Later Windows versions use the A record format below for AAAA records. - if (stripos($line, "$host AAAA IPv6 address") === 0) - { - return true; - } - // No break - - case 'A': - if (!empty($host_matches)) - { - // Second line - if (stripos($line, "Address: ") === 0) - { - return true; - } - else - { - $host_matches = false; - } - } - else if (stripos($line, "Name: $host") === 0) - { - // First line - $host_matches = true; - } - break; - } - } - - return false; } - return NULL; + return $ip_normalised; } // Handler, header and footer @@ -3395,7 +3082,7 @@ function msg_handler($errno, $msg_text, $errfile, $errline) $log_text .= '<br /><br />BACKTRACE<br />' . $backtrace; } - if (defined('IN_INSTALL') || $phpbb_container->getParameter('debug.show_errors') || isset($auth) && $auth->acl_get('a_')) + if (defined('IN_INSTALL') || ($phpbb_container != null && $phpbb_container->getParameter('debug.show_errors')) || isset($auth) && $auth->acl_get('a_')) { $msg_text = $log_text; @@ -4432,7 +4119,7 @@ function page_header($page_title = '', $display_online_list = false, $item_id = /** * Workaround for missing template variable in pre phpBB 3.2.6 styles. - * @deprecated 3.2.7 (To be removed: 3.3.0-a1) + * @deprecated 3.2.7 (To be removed: 4.0.0-a1) */ $form_token_login = $template->retrieve_var('S_FORM_TOKEN_LOGIN'); if (!empty($form_token_login)) @@ -4559,7 +4246,7 @@ function page_header($page_title = '', $display_online_list = false, $item_id = 'T_STYLESHEET_LINK' => "{$web_path}styles/" . rawurlencode($user->style['style_path']) . '/theme/stylesheet.css?assets_version=' . $config['assets_version'], 'T_STYLESHEET_LANG_LINK'=> "{$web_path}styles/" . rawurlencode($user->style['style_path']) . '/theme/' . $user->lang_name . '/stylesheet.css?assets_version=' . $config['assets_version'], 'T_FONT_AWESOME_LINK' => !empty($config['allow_cdn']) && !empty($config['load_font_awesome_url']) ? $config['load_font_awesome_url'] : "{$web_path}assets/css/font-awesome.min.css?assets_version=" . $config['assets_version'], - 'T_JQUERY_LINK' => !empty($config['allow_cdn']) && !empty($config['load_jquery_url']) ? $config['load_jquery_url'] : "{$web_path}assets/javascript/jquery.min.js?assets_version=" . $config['assets_version'], + 'T_JQUERY_LINK' => !empty($config['allow_cdn']) && !empty($config['load_jquery_url']) ? $config['load_jquery_url'] : "{$web_path}assets/javascript/jquery-3.4.1.min.js?assets_version=" . $config['assets_version'], 'S_ALLOW_CDN' => !empty($config['allow_cdn']), 'S_COOKIE_NOTICE' => !empty($config['cookie_notice']), diff --git a/phpBB/includes/functions_acp.php b/phpBB/includes/functions_acp.php index a2014a7d5b..4926351461 100644 --- a/phpBB/includes/functions_acp.php +++ b/phpBB/includes/functions_acp.php @@ -177,7 +177,7 @@ function adm_page_footer($copyright_html = true) 'TRANSLATION_INFO' => (!empty($user->lang['TRANSLATION_INFO'])) ? $user->lang['TRANSLATION_INFO'] : '', 'S_COPYRIGHT_HTML' => $copyright_html, 'CREDIT_LINE' => $user->lang('POWERED_BY', '<a href="https://www.phpbb.com/">phpBB</a>® Forum Software © phpBB Limited'), - 'T_JQUERY_LINK' => !empty($config['allow_cdn']) && !empty($config['load_jquery_url']) ? $config['load_jquery_url'] : "{$phpbb_root_path}assets/javascript/jquery.min.js", + 'T_JQUERY_LINK' => !empty($config['allow_cdn']) && !empty($config['load_jquery_url']) ? $config['load_jquery_url'] : "{$phpbb_root_path}assets/javascript/jquery-3.4.1.min.js", 'S_ALLOW_CDN' => !empty($config['allow_cdn']), 'VERSION' => $config['version']) ); diff --git a/phpBB/includes/functions_compatibility.php b/phpBB/includes/functions_compatibility.php index b5b60e118e..92e24c055c 100644 --- a/phpBB/includes/functions_compatibility.php +++ b/phpBB/includes/functions_compatibility.php @@ -601,3 +601,75 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage return $file; } + +/** +* Wrapper for php's checkdnsrr function. +* +* @param string $host Fully-Qualified Domain Name +* @param string $type Resource record type to lookup +* Supported types are: MX (default), A, AAAA, NS, TXT, CNAME +* Other types may work or may not work +* +* @return mixed true if entry found, +* false if entry not found, +* null if this function is not supported by this environment +* +* Since null can also be returned, you probably want to compare the result +* with === true or === false, +* +* @deprecated 3.3.0-b2 (To be removed: 4.0.0) +*/ +function phpbb_checkdnsrr($host, $type = 'MX') +{ + return checkdnsrr($host, $type); +} + +/* + * Wrapper for inet_ntop() + * + * Converts a packed internet address to a human readable representation + * inet_ntop() is supported by PHP since 5.1.0, since 5.3.0 also on Windows. + * + * @param string $in_addr A 32bit IPv4, or 128bit IPv6 address. + * + * @return mixed false on failure, + * string otherwise + * + * @deprecated 3.3.0-b2 (To be removed: 4.0.0) + */ +function phpbb_inet_ntop($in_addr) +{ + return inet_ntop($in_addr); +} + +/** + * Wrapper for inet_pton() + * + * Converts a human readable IP address to its packed in_addr representation + * inet_pton() is supported by PHP since 5.1.0, since 5.3.0 also on Windows. + * + * @param string $address A human readable IPv4 or IPv6 address. + * + * @return mixed false if address is invalid, + * in_addr representation of the given address otherwise (string) + * + * @deprecated 3.3.0-b2 (To be removed: 4.0.0) + */ +function phpbb_inet_pton($address) +{ + return inet_pton($address); +} + +/** + * Hashes an email address to a big integer + * + * @param string $email Email address + * + * @return string Unsigned Big Integer + * + * @deprecated 3.3.0-b2 (To be removed: 4.0.0) + */ +function phpbb_email_hash($email) +{ + return sprintf('%u', crc32(strtolower($email))) . strlen($email); +} diff --git a/phpBB/includes/functions_convert.php b/phpBB/includes/functions_convert.php index 13e01afe51..df4c9b1875 100644 --- a/phpBB/includes/functions_convert.php +++ b/phpBB/includes/functions_convert.php @@ -207,16 +207,6 @@ function get_group_id($group_name) } /** -* Generate the email hash stored in the users table -* -* Note: Deprecated, calls should directly go to phpbb_email_hash() -*/ -function gen_email_hash($email) -{ - return phpbb_email_hash($email); -} - -/** * Convert a boolean into the appropriate phpBB constant indicating whether the topic is locked */ function is_topic_locked($bool) diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php index 1ac18fd3f8..44478dbe49 100644 --- a/phpBB/includes/functions_display.php +++ b/phpBB/includes/functions_display.php @@ -30,6 +30,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod $forum_rows = $subforums = $forum_ids = $forum_ids_moderator = $forum_moderators = $active_forum_ary = array(); $parent_id = $visible_forums = 0; + $parent_subforum_limit = false; // Mark forums read? $mark_read = $request->variable('mark', ''); @@ -266,6 +267,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod // Direct child of current branch $parent_id = $forum_id; + $parent_subforum_limit = $row['display_subforum_limit']; $forum_rows[$forum_id] = $row; if ($row['forum_type'] == FORUM_CAT && $row['parent_id'] == $root_data['forum_id']) @@ -278,7 +280,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod } else if ($row['forum_type'] != FORUM_CAT) { - $subforums[$parent_id][$forum_id]['display'] = ($row['display_on_index']) ? true : false; + $subforums[$parent_id][$forum_id]['display'] = ($row['display_on_index'] && (!$parent_subforum_limit || $parent_id == $row['parent_id'])); $subforums[$parent_id][$forum_id]['name'] = $row['forum_name']; $subforums[$parent_id][$forum_id]['orig_forum_last_post_time'] = $row['forum_last_post_time']; $subforums[$parent_id][$forum_id]['children'] = array(); @@ -539,7 +541,8 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod { if ($row['forum_password_last_post'] === '' && $auth->acl_gets('f_read', 'f_list_topics', $row['forum_id_last_post'])) { - $last_post_subject = censor_text($row['forum_last_post_subject']); + $last_post_subject = utf8_decode_ncr(censor_text($row['forum_last_post_subject'])); + $last_post_subject_truncated = truncate_string($last_post_subject, 30, 255, false, $user->lang['ELLIPSIS']); } else diff --git a/phpBB/includes/functions_messenger.php b/phpBB/includes/functions_messenger.php index 7f8238e1bf..ec297b536a 100644 --- a/phpBB/includes/functions_messenger.php +++ b/phpBB/includes/functions_messenger.php @@ -1893,14 +1893,21 @@ function mail_encode($str, $eol = "\r\n") } /** -* Wrapper for sending out emails with the PHP's mail function -*/ + * Wrapper for sending out emails with the PHP's mail function + */ function phpbb_mail($to, $subject, $msg, $headers, $eol, &$err_msg) { global $config, $phpbb_root_path, $phpEx; - // We use the EOL character for the OS here because the PHP mail function does not correctly transform line endings. On Windows SMTP is used (SMTP is \r\n), on UNIX a command is used... - // Reference: http://bugs.php.net/bug.php?id=15841 + // Convert Numeric Character References to UTF-8 chars (ie. Emojis) + $subject = utf8_decode_ncr($subject); + $msg = utf8_decode_ncr($msg); + + /** + * We use the EOL character for the OS here because the PHP mail function does not correctly transform line endings. + * On Windows SMTP is used (SMTP is \r\n), on UNIX a command is used... + * Reference: http://bugs.php.net/bug.php?id=15841 + */ $headers = implode($eol, $headers); if (!class_exists('\phpbb\error_collector')) @@ -1911,10 +1918,14 @@ function phpbb_mail($to, $subject, $msg, $headers, $eol, &$err_msg) $collector = new \phpbb\error_collector; $collector->install(); - // On some PHP Versions mail() *may* fail if there are newlines within the subject. - // Newlines are used as a delimiter for lines in mail_encode() according to RFC 2045 section 6.8. - // Because PHP can't decide what is wanted we revert back to the non-RFC-compliant way of separating by one space (Use '' as parameter to mail_encode() results in SPACE used) + /** + * On some PHP Versions mail() *may* fail if there are newlines within the subject. + * Newlines are used as a delimiter for lines in mail_encode() according to RFC 2045 section 6.8. + * Because PHP can't decide what is wanted we revert back to the non-RFC-compliant way of separating by one space + * (Use '' as parameter to mail_encode() results in SPACE used) + */ $additional_parameters = $config['email_force_sender'] ? '-f' . $config['board_email'] : ''; + $result = mail($to, mail_encode($subject, ''), wordwrap(utf8_wordwrap($msg), 997, "\n", true), $headers, $additional_parameters); $collector->uninstall(); diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index 53081f14fc..45eda4ba17 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -52,9 +52,29 @@ function generate_smilies($mode, $forum_id) page_header($user->lang['SMILIES']); - $sql = 'SELECT COUNT(smiley_id) AS item_count - FROM ' . SMILIES_TABLE . ' - GROUP BY smiley_url'; + $sql_ary = [ + 'SELECT' => 'COUNT(s.smiley_id) AS item_count', + 'FROM' => [ + SMILIES_TABLE => 's', + ], + 'GROUP_BY' => 's.smiley_url', + ]; + + /** + * Modify SQL query that fetches the total number of smilies in window mode + * + * @event core.generate_smilies_count_sql_before + * @var int forum_id Forum where smilies are generated + * @var array sql_ary Array with the SQL query + * @since 3.2.9-RC1 + */ + $vars = [ + 'forum_id', + 'sql_ary', + ]; + extract($phpbb_dispatcher->trigger_event('core.generate_smilies_count_sql_before', compact($vars))); + + $sql = $db->sql_build_query('SELECT', $sql_ary); $result = $db->sql_query($sql, 3600); $smiley_count = 0; diff --git a/phpBB/includes/functions_transfer.php b/phpBB/includes/functions_transfer.php index 7427b89917..f0070b4b1e 100644 --- a/phpBB/includes/functions_transfer.php +++ b/phpBB/includes/functions_transfer.php @@ -810,7 +810,7 @@ class ftp_fsock extends transfer $server_ip = substr($socket_name, 0, strrpos($socket_name, ':')); } - if (!isset($server_ip) || preg_match(get_preg_expression('ipv4'), $server_ip)) + if (isset($server_ip) && filter_var($server_ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) // ipv4 { // Passive mode $this->_send_command('PASV', '', false); @@ -831,7 +831,7 @@ class ftp_fsock extends transfer $server_ip = $temp[0] . '.' . $temp[1] . '.' . $temp[2] . '.' . $temp[3]; $server_port = $temp[4] * 256 + $temp[5]; } - else + else // ipv6 { // Extended Passive Mode - RFC2428 $this->_send_command('EPSV', '', false); diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index e0b6a9d0c6..dc6e09268a 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -204,7 +204,6 @@ function user_add($user_row, $cp_data = false, $notifications_data = null) 'username_clean' => $username_clean, 'user_password' => (isset($user_row['user_password'])) ? $user_row['user_password'] : '', 'user_email' => strtolower($user_row['user_email']), - 'user_email_hash' => phpbb_email_hash($user_row['user_email']), 'group_id' => $user_row['group_id'], 'user_type' => $user_row['user_type'], ); @@ -1455,12 +1454,7 @@ function user_unban($mode, $ban) */ function user_ipwhois($ip) { - if (empty($ip)) - { - return ''; - } - - if (!preg_match(get_preg_expression('ipv4'), $ip) && !preg_match(get_preg_expression('ipv6'), $ip)) + if (!filter_var($ip, FILTER_VALIDATE_IP)) { return ''; } @@ -1910,7 +1904,7 @@ function phpbb_validate_email($email, $config = null) { list(, $domain) = explode('@', $email); - if (phpbb_checkdnsrr($domain, 'A') === false && phpbb_checkdnsrr($domain, 'MX') === false) + if (checkdnsrr($domain, 'A') === false && checkdnsrr($domain, 'MX') === false) { return 'DOMAIN_NO_MX_RECORD'; } @@ -1953,9 +1947,9 @@ function validate_user_email($email, $allowed_email = false) if (!$config['allow_emailreuse']) { - $sql = 'SELECT user_email_hash + $sql = 'SELECT user_email FROM ' . USERS_TABLE . " - WHERE user_email_hash = " . $db->sql_escape(phpbb_email_hash($email)); + WHERE user_email = '" . $db->sql_escape($email) . "'"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index 06baa279a5..87a8c91fd2 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -999,7 +999,10 @@ function compose_pm($id, $mode, $action, $user_folders = array()) { $quote_attributes['post_id'] = $post['msg_id']; } - + if ($action === 'quote') + { + $quote_attributes['msg_id'] = $post['msg_id']; + } /** @var \phpbb\language\language $language */ $language = $phpbb_container->get('language'); /** @var \phpbb\textformatter\utils_interface $text_formatter_utils */ diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php index 6d98362e08..dca7e7eeb7 100644 --- a/phpBB/includes/ucp/ucp_profile.php +++ b/phpBB/includes/ucp/ucp_profile.php @@ -131,7 +131,6 @@ class ucp_profile 'username' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? $data['username'] : $user->data['username'], 'username_clean' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? utf8_clean_string($data['username']) : $user->data['username_clean'], 'user_email' => ($auth->acl_get('u_chgemail')) ? $data['email'] : $user->data['user_email'], - 'user_email_hash' => ($auth->acl_get('u_chgemail')) ? phpbb_email_hash($data['email']) : $user->data['user_email_hash'], 'user_password' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? $passwords_manager->hash($data['new_password']) : $user->data['user_password'], ); diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php index 97d2631224..00fa8034f9 100644 --- a/phpBB/includes/ucp/ucp_register.php +++ b/phpBB/includes/ucp/ucp_register.php @@ -39,12 +39,23 @@ class ucp_register trigger_error('UCP_REGISTER_DISABLE'); } - $coppa = $request->is_set('coppa') ? (int) $request->variable('coppa', false) : false; + $coppa = $request->is_set('coppa_yes') ? 1 : ($request->is_set('coppa_no') ? 0 : false); + $coppa = $request->is_set('coppa') ? $request->variable('coppa', 0) : $coppa; $agreed = $request->variable('agreed', false); $submit = $request->is_set_post('submit'); $change_lang = $request->variable('change_lang', ''); $user_lang = $request->variable('lang', $user->lang_name); + if ($agreed && !check_form_key('ucp_register')) + { + $agreed = false; + } + + if ($coppa !== false && !check_form_key('ucp_register')) + { + $coppa = false; + } + /** * Add UCP register data before they are assigned to the template or submitted * @@ -67,14 +78,7 @@ class ucp_register ); extract($phpbb_dispatcher->trigger_event('core.ucp_register_requests_after', compact($vars))); - if ($agreed) - { - add_form_key('ucp_register'); - } - else - { - add_form_key('ucp_register_terms'); - } + add_form_key('ucp_register'); if ($change_lang || $user_lang != $config['default_lang']) { @@ -168,11 +172,8 @@ class ucp_register $template_vars = array( 'S_LANG_OPTIONS' => (count($lang_row) > 1) ? language_select($user_lang) : '', - 'L_COPPA_NO' => sprintf($user->lang['UCP_COPPA_BEFORE'], $coppa_birthday), - 'L_COPPA_YES' => sprintf($user->lang['UCP_COPPA_ON_AFTER'], $coppa_birthday), - - 'U_COPPA_NO' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register&coppa=0'), - 'U_COPPA_YES' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register&coppa=1'), + 'L_COPPA_NO' => $user->lang('UCP_COPPA_BEFORE', $coppa_birthday), + 'L_COPPA_YES' => $user->lang('UCP_COPPA_ON_AFTER', $coppa_birthday), 'S_SHOW_COPPA' => true, 'S_HIDDEN_FIELDS' => build_hidden_fields($s_hidden_fields), diff --git a/phpBB/includes/ucp/ucp_resend.php b/phpBB/includes/ucp/ucp_resend.php index 44c54100cd..55923668d4 100644 --- a/phpBB/includes/ucp/ucp_resend.php +++ b/phpBB/includes/ucp/ucp_resend.php @@ -47,7 +47,7 @@ class ucp_resend $sql = 'SELECT user_id, group_id, username, user_email, user_type, user_lang, user_actkey, user_inactive_reason FROM ' . USERS_TABLE . " - WHERE user_email_hash = '" . $db->sql_escape(phpbb_email_hash($email)) . "' + WHERE user_email = '" . $db->sql_escape($email) . "' AND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; $result = $db->sql_query($sql); $user_row = $db->sql_fetchrow($result); diff --git a/phpBB/includes/utf/utf_tools.php b/phpBB/includes/utf/utf_tools.php index 89de454427..bb155aeae5 100644 --- a/phpBB/includes/utf/utf_tools.php +++ b/phpBB/includes/utf/utf_tools.php @@ -418,24 +418,43 @@ function utf8_recode($string, $encoding) } /** -* Replace all UTF-8 chars that are not in ASCII with their NCR -* -* @param string $text UTF-8 string in NFC -* @return string ASCII string using NCRs for non-ASCII chars -*/ + * Replace some special UTF-8 chars that are not in ASCII with their UCR. + * using their Numeric Character Reference's Hexadecimal notation. + * + * Doesn't interfere with Japanese or Cyrillic etc. + * Unicode character visualization will depend on the character support + * of your web browser and the fonts installed on your system. + * + * @see https://en.wikibooks.org/wiki/Unicode/Character_reference/1F000-1FFFF + * + * @param string $text UTF-8 string in NFC + * @return string ASCII string using NCR for non-ASCII chars + */ +function utf8_encode_ucr($text) +{ + return preg_replace_callback('/[\\xF0-\\xF4].../', 'utf8_encode_ncr_callback', $text); +} + +/** + * Replace all UTF-8 chars that are not in ASCII with their NCR + * using their Numeric Character Reference's Hexadecimal notation. + * + * @param string $text UTF-8 string in NFC + * @return string ASCII string using NCRs for non-ASCII chars + */ function utf8_encode_ncr($text) { return preg_replace_callback('#[\\xC2-\\xF4][\\x80-\\xBF]{1,3}#', 'utf8_encode_ncr_callback', $text); } /** -* Callback used in encode_ncr() -* -* Takes a UTF-8 char and replaces it with its NCR. Attention, $m is an array -* -* @param array $m 0-based numerically indexed array passed by preg_replace_callback() -* @return string A HTML NCR if the character is valid, or the original string otherwise -*/ + * Callback used in utf8_encode_ncr() and utf8_encode_ucr() + * + * Takes a UTF-8 char and replaces it with its NCR. Attention, $m is an array + * + * @param array $m 0-based numerically indexed array passed by preg_replace_callback() + * @return string A HTML NCR if the character is valid, or the original string otherwise + */ function utf8_encode_ncr_callback($m) { return '&#' . utf8_ord($m[0]) . ';'; |