aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes')
-rw-r--r--phpBB/includes/acp/acp_bots.php2
-rw-r--r--phpBB/includes/acp/acp_groups.php8
-rw-r--r--phpBB/includes/acp/acp_permissions.php30
-rw-r--r--phpBB/includes/acp/auth.php4
-rw-r--r--phpBB/includes/auth.php105
-rw-r--r--phpBB/includes/functions_admin.php26
-rw-r--r--phpBB/includes/functions_user.php68
-rw-r--r--phpBB/includes/template.php2
-rw-r--r--phpBB/includes/ucp/ucp_register.php21
9 files changed, 196 insertions, 70 deletions
diff --git a/phpBB/includes/acp/acp_bots.php b/phpBB/includes/acp/acp_bots.php
index 1cda4a3c78..5e633aaee2 100644
--- a/phpBB/includes/acp/acp_bots.php
+++ b/phpBB/includes/acp/acp_bots.php
@@ -143,7 +143,7 @@ class acp_bots
$bot_row['bot_ip'] = str_replace(' ', '', $bot_row['bot_ip']);
// Make sure the admin is not adding a bot with an user agent similar to his one
- if ($bot_row['bot_agent'] && substr($user->data['session_browser'], 0, 149) === substr($bot_row['bot_agent'])
+ if ($bot_row['bot_agent'] && substr($user->data['session_browser'], 0, 149) === substr($bot_row['bot_agent']))
{
$error[] = $user->lang['ERR_BOT_AGENT_MATCHES_UA'];
}
diff --git a/phpBB/includes/acp/acp_groups.php b/phpBB/includes/acp/acp_groups.php
index 13e1c11cdf..5fccc565da 100644
--- a/phpBB/includes/acp/acp_groups.php
+++ b/phpBB/includes/acp/acp_groups.php
@@ -68,7 +68,7 @@ class acp_groups
}
// Approve, demote or promote
- group_user_attributes($action, $group_id, $mark_ary, false, ($group_id) ? $group_row['group_name'] : false);
+ group_user_attributes($action, $group_id, $mark_ary, false, $group_row['group_name']);
switch ($action)
{
@@ -85,6 +85,8 @@ class acp_groups
break;
}
+ group_update_listing($group_id);
+
trigger_error($user->lang[$message] . adm_back_link($this->u_action . '&action=list&g=' . $group_id));
break;
@@ -134,6 +136,8 @@ class acp_groups
group_user_attributes('default', $group_id, $mark_ary, false, $group_row['group_name'], $group_row);
}
+ group_update_listing($group_id);
+
trigger_error($user->lang['GROUP_DEFS_UPDATED'] . adm_back_link($this->u_action . '&action=list&g=' . $group_id));
}
else
@@ -217,7 +221,7 @@ class acp_groups
trigger_error($user->lang[$error] . adm_back_link($this->u_action . '&action=list&g=' . $group_id), E_USER_WARNING);
}
- $message = ($action == 'addleaders') ? 'GROUP_MODS_ADDED' : 'GROUP_USERS_ADDED';
+ $message = ($leader) ? 'GROUP_MODS_ADDED' : 'GROUP_USERS_ADDED';
trigger_error($user->lang[$message] . adm_back_link($this->u_action . '&action=list&g=' . $group_id));
break;
diff --git a/phpBB/includes/acp/acp_permissions.php b/phpBB/includes/acp/acp_permissions.php
index de3948d551..fd99362f60 100644
--- a/phpBB/includes/acp/acp_permissions.php
+++ b/phpBB/includes/acp/acp_permissions.php
@@ -651,7 +651,7 @@ class acp_permissions
// Remove users who are now moderators or admins from everyones foes list
if ($permission_type == 'm_' || $permission_type == 'a_')
{
- $this->update_foes();
+ update_foes();
}
$this->log_action($mode, 'add', $permission_type, $ug_type, $ug_id, $forum_id);
@@ -718,7 +718,7 @@ class acp_permissions
// Remove users who are now moderators or admins from everyones foes list
if ($permission_type == 'm_' || $permission_type == 'a_')
{
- $this->update_foes();
+ update_foes();
}
$this->log_action($mode, 'add', $permission_type, $ug_type, $ug_ids, $forum_ids);
@@ -848,32 +848,6 @@ class acp_permissions
}
/**
- * Update foes - remove moderators and administrators from foe lists...
- */
- function update_foes()
- {
- global $db, $auth;
-
- $perms = array();
- foreach ($auth->acl_get_list(false, array('a_', 'm_'), false) as $forum_id => $forum_ary)
- {
- foreach ($forum_ary as $auth_option => $user_ary)
- {
- $perms = array_merge($perms, $user_ary);
- }
- }
-
- if (sizeof($perms))
- {
- $sql = 'DELETE FROM ' . ZEBRA_TABLE . '
- WHERE ' . $db->sql_in_set('zebra_id', array_unique($perms)) . '
- AND foe = 1';
- $db->sql_query($sql);
- }
- unset($perms);
- }
-
- /**
* Display a complete trace tree for the selected permission to determine where settings are set/unset
*/
function permission_trace($user_id, $forum_id, $permission)
diff --git a/phpBB/includes/acp/auth.php b/phpBB/includes/acp/auth.php
index 71d17bd40d..36fa5dbcea 100644
--- a/phpBB/includes/acp/auth.php
+++ b/phpBB/includes/acp/auth.php
@@ -1009,7 +1009,9 @@ class auth_admin extends auth
// Get permission type
$sql = 'SELECT auth_option, auth_option_id
FROM ' . ACL_OPTIONS_TABLE . "
- WHERE auth_option LIKE '" . $db->sql_escape($permission_type) . "%'";
+ WHERE auth_option LIKE '" . $db->sql_escape(str_replace('_', "\_", $permission_type)) . "%'";
+ $sql .= (SQL_LAYER == 'mssql' || SQL_LAYER == 'mssql_odbc') ? " ESCAPE '\\'" : '';
+
$result = $db->sql_query($sql);
$auth_id_ary = array();
diff --git a/phpBB/includes/auth.php b/phpBB/includes/auth.php
index 4e6a8af1d8..c578881c3f 100644
--- a/phpBB/includes/auth.php
+++ b/phpBB/includes/auth.php
@@ -478,18 +478,11 @@ class auth
$sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? "user_id = $user_id" : $db->sql_in_set('user_id', $user_id)) : '';
$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : '';
- $sql_opts = '';
+ $sql_opts = $sql_escape = '';
if ($opts !== false)
{
- if (!is_array($opts))
- {
- $sql_opts = (strpos($opts, '%') !== false) ? "AND ao.auth_option LIKE '" . $db->sql_escape($opts) . "'" : "AND ao.auth_option = '" . $db->sql_escape($opts) . "'";
- }
- else
- {
- $sql_opts = 'AND ' . $db->sql_in_set('ao.auth_option', $opts);
- }
+ $this->build_auth_option_statement('ao.auth_option', $opts, $sql_opts, $sql_escape);
}
$hold_ary = array();
@@ -519,7 +512,7 @@ class auth
'ORDER_BY' => 'a.forum_id, ao.auth_option'
));
- $result = $db->sql_query($sql);
+ $result = $db->sql_query($sql . $sql_escape);
while ($row = $db->sql_fetchrow($result))
{
@@ -595,18 +588,11 @@ class auth
$sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? "user_id = $user_id" : $db->sql_in_set('user_id', $user_id)) : '';
$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : '';
- $sql_opts = '';
+ $sql_opts = $sql_escape = '';
if ($opts !== false)
{
- if (!is_array($opts))
- {
- $sql_opts = (strpos($opts, '%') !== false) ? "AND ao.auth_option LIKE '" . $db->sql_escape($opts) . "'" : "AND ao.auth_option = '" . $db->sql_escape($opts) . "'";
- }
- else
- {
- $sql_opts = 'AND ' . $db->sql_in_set('ao.auth_option', $opts);
- }
+ $this->build_auth_option_statement('ao.auth_option', $opts, $sql_opts, $sql_escape);
}
$hold_ary = array();
@@ -634,7 +620,7 @@ class auth
'ORDER_BY' => 'a.forum_id, ao.auth_option'
));
- $result = $db->sql_query($sql);
+ $result = $db->sql_query($sql . $sql_escape);
while ($row = $db->sql_fetchrow($result))
{
@@ -656,16 +642,11 @@ class auth
$sql_group = ($group_id !== false) ? ((!is_array($group_id)) ? "group_id = $group_id" : $db->sql_in_set('group_id', $group_id)) : '';
$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : '';
+ $sql_opts = $sql_escape = '';
+
if ($opts !== false)
{
- if (!is_array($opts))
- {
- $sql_opts = (strpos($opts, '%') !== false) ? "AND ao.auth_option LIKE '" . $db->sql_escape($opts) . "'" : "AND ao.auth_option = '" . $db->sql_escape($opts) . "'";
- }
- else
- {
- $sql_opts = 'AND ' . $db->sql_in_set('ao.auth_option', $opts);
- }
+ $this->build_auth_option_statement('ao.auth_option', $opts, $sql_opts, $sql_escape);
}
$hold_ary = array();
@@ -693,7 +674,7 @@ class auth
'ORDER_BY' => 'a.forum_id, ao.auth_option'
));
- $result = $db->sql_query($sql);
+ $result = $db->sql_query($sql . $sql_escape);
while ($row = $db->sql_fetchrow($result))
{
@@ -781,6 +762,72 @@ class auth
trigger_error('Authentication method not found', E_USER_ERROR);
}
+
+ /**
+ * Fill auth_option statement for later querying based on the supplied options
+ */
+ function build_auth_option_statement($key, $auth_options, &$sql_opts, &$sql_escape)
+ {
+ global $db;
+
+ if (!is_array($auth_options))
+ {
+ if (strpos($auth_options, '%') !== false)
+ {
+ if (strpos($auth_options, '_') !== false)
+ {
+ $sql_opts = "AND $key LIKE '" . $db->sql_escape(str_replace('_', "\_", $auth_options)) . "'";
+ $sql_escape = (SQL_LAYER == 'mssql' || SQL_LAYER == 'mssql_odbc') ? " ESCAPE '\\'" : '';
+ }
+ else
+ {
+ $sql_opts = "AND $key LIKE '" . $db->sql_escape($auth_options) . "'";
+ }
+ }
+ else
+ {
+ $sql_opts = "AND $key = '" . $db->sql_escape($auth_options) . "'";
+ }
+ }
+ else
+ {
+ $is_like_expression = $is_underline = false;
+
+ foreach ($auth_options as $option)
+ {
+ if (strpos($option, '%') !== false)
+ {
+ $is_like_expression = true;
+ }
+
+ if (strpos($option, '_') !== false)
+ {
+ $is_underline = true;
+ }
+ }
+
+ if (!$is_like_expression)
+ {
+ $sql_opts = 'AND ' . $db->sql_in_set($key, $auth_options);
+ }
+ else
+ {
+ $sql = array();
+
+ foreach ($auth_options as $option)
+ {
+ $sql[] = $key . " LIKE '" . $db->sql_escape(str_replace('_', "\_", $option)) . "'";
+ }
+
+ $sql_opts = 'AND (' . implode(' OR ', $sql) . ')';
+
+ if ($is_underline)
+ {
+ $sql_escape = (SQL_LAYER == 'mssql' || SQL_LAYER == 'mssql_odbc') ? " ESCAPE '\\'" : '';
+ }
+ }
+ }
+ }
}
?> \ No newline at end of file
diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php
index 49bad121e1..2f2e333c78 100644
--- a/phpBB/includes/functions_admin.php
+++ b/phpBB/includes/functions_admin.php
@@ -2305,6 +2305,32 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id
}
/**
+* Update foes - remove moderators and administrators from foe lists...
+*/
+function update_foes()
+{
+ global $db, $auth;
+
+ $perms = array();
+ foreach ($auth->acl_get_list(false, array('a_', 'm_'), false) as $forum_id => $forum_ary)
+ {
+ foreach ($forum_ary as $auth_option => $user_ary)
+ {
+ $perms = array_merge($perms, $user_ary);
+ }
+ }
+
+ if (sizeof($perms))
+ {
+ $sql = 'DELETE FROM ' . ZEBRA_TABLE . '
+ WHERE ' . $db->sql_in_set('zebra_id', array_unique($perms)) . '
+ AND foe = 1';
+ $db->sql_query($sql);
+ }
+ unset($perms);
+}
+
+/**
* Lists warned users
*/
function view_warned_users(&$users, &$user_count, $limit = 0, $offset = 0, $limit_days = 0, $sort_by = 'user_warnings DESC')
diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php
index f25a521ed1..8970b7865e 100644
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@@ -1673,6 +1673,8 @@ function group_delete($group_id, $group_name = false)
/**
* Add user(s) to group
+*
+* @return false if no errors occurred, else the user lang string for the relevant error, for example 'NO_USER'
*/
function group_user_add($group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $default = false, $leader = 0, $pending = 0, $group_attributes = false)
{
@@ -1769,13 +1771,18 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false,
add_log('admin', $log, $group_name, implode(', ', $username_ary));
- return ($leader) ? 'GROUP_LEADERS_ADDED' : 'GROUP_USERS_ADDED';
+ group_update_listings($group_id);
+
+ // Return false - no error
+ return false;
}
/**
* Remove a user/s from a given group. When we remove users we update their
* default group_id. We do this by examining which "special" groups they belong
* to. The selection is made based on a reasonable priority system
+*
+* @return false if no errors occurred, else the user lang string for the relevant error, for example 'NO_USER'
*/
function group_user_del($group_id, $user_id_ary = false, $username_ary = false, $group_name = false)
{
@@ -1885,7 +1892,8 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false,
add_log('admin', $log, $group_name, implode(', ', $username_ary));
- return 'GROUP_USERS_REMOVE';
+ // Return false - no error
+ return false;
}
/**
@@ -2172,4 +2180,60 @@ function group_memberships($group_id_ary = false, $user_id_ary = false, $return_
return $return;
}
+/**
+* Re-cache moderators and foes if group has a_ or m_ permissions
+*/
+function group_update_listings($group_id)
+{
+ global $auth;
+
+ $hold_ary = $auth->acl_group_raw_data($group_id, array('a_', 'm_'));
+
+ if (!sizeof($hold_ary))
+ {
+ return;
+ }
+
+ $mod_permissions = $admin_permissions = false;
+
+ foreach ($hold_ary as $g_id => $forum_ary)
+ {
+ foreach ($forum_ary as $forum_id => $auth_ary)
+ {
+ foreach ($auth_ary as $auth_option => $setting)
+ {
+ if ($mod_permissions && $admin_permissions)
+ {
+ break 3;
+ }
+
+ if ($setting != ACL_YES)
+ {
+ continue;
+ }
+
+ if ($auth_option == 'm_')
+ {
+ $mod_permissions = true;
+ }
+
+ if ($auth_option == 'a_')
+ {
+ $admin_permissions = true;
+ }
+ }
+ }
+ }
+
+ if ($mod_permissions)
+ {
+ cache_moderators();
+ }
+
+ if ($mod_permissions || $admin_permissions)
+ {
+ update_foes();
+ }
+}
+
?> \ No newline at end of file
diff --git a/phpBB/includes/template.php b/phpBB/includes/template.php
index abacd2d118..e3fa1195cb 100644
--- a/phpBB/includes/template.php
+++ b/phpBB/includes/template.php
@@ -43,7 +43,7 @@ class template
*/
function set_template()
{
- global $phpbb_root_path, $config, $user;
+ global $phpbb_root_path, $user;
if (file_exists($phpbb_root_path . 'styles/' . $user->theme['template_path'] . '/template'))
{
diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php
index adfdb60ffe..2638ea2ffe 100644
--- a/phpBB/includes/ucp/ucp_register.php
+++ b/phpBB/includes/ucp/ucp_register.php
@@ -37,12 +37,21 @@ class ucp_register
if ($change_lang)
{
- $submit = false;
- $lang = $change_lang;
- $user->lang_name = $lang = $change_lang;
- $user->lang_path = $phpbb_root_path . 'language/' . $lang . '/';
- $user->lang = array();
- $user->add_lang(array('common', 'ucp'));
+ $change_lang = basename($change_lang);
+
+ if (file_exists($phpbb_root_path . 'language/' . $change_lang . '/'))
+ {
+ $submit = false;
+
+ $user->lang_name = $lang = $change_lang;
+ $user->lang_path = $phpbb_root_path . 'language/' . $lang . '/';
+ $user->lang = array();
+ $user->add_lang(array('common', 'ucp'));
+ }
+ else
+ {
+ $change_lang = '';
+ }
}
$cp = new custom_profile();
generated by cgit v1.2.1 (git 2.21.0) at 2025-07-31 12:40:08 +0000