aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes')
-rw-r--r--phpBB/includes/acp/acp_attachments.php14
-rw-r--r--phpBB/includes/acp/acp_profile.php10
-rw-r--r--phpBB/includes/acp/acp_search.php23
-rw-r--r--phpBB/includes/acp/acp_users.php17
-rw-r--r--phpBB/includes/functions.php34
-rw-r--r--phpBB/includes/functions_posting.php33
-rw-r--r--phpBB/includes/mcp/mcp_forum.php30
7 files changed, 110 insertions, 51 deletions
diff --git a/phpBB/includes/acp/acp_attachments.php b/phpBB/includes/acp/acp_attachments.php
index 816387967a..e4650455c4 100644
--- a/phpBB/includes/acp/acp_attachments.php
+++ b/phpBB/includes/acp/acp_attachments.php
@@ -42,7 +42,7 @@ class acp_attachments
function main($id, $mode)
{
- global $db, $user, $auth, $template, $cache, $phpbb_container;
+ global $db, $user, $auth, $template, $cache, $phpbb_container, $phpbb_dispatcher;
global $config, $phpbb_admin_path, $phpbb_root_path, $phpEx;
$this->id = $id;
@@ -162,6 +162,18 @@ class acp_attachments
)
);
+ /**
+ * Event to add and/or modify acp_attachement configurations
+ *
+ * @event core.acp_attachments_config_edit_add
+ * @var array display_vars Array of config values to display and process
+ * @var string mode Mode of the config page we are displaying
+ * @var boolean submit Do we display the form or process the submission
+ * @since 3.1.11-RC1
+ */
+ $vars = array('display_vars', 'mode', 'submit');
+ extract($phpbb_dispatcher->trigger_event('core.acp_attachments_config_edit_add', compact($vars)));
+
$this->new_config = $config;
$cfg_array = (isset($_REQUEST['config'])) ? request_var('config', array('' => '')) : $this->new_config;
$error = array();
diff --git a/phpBB/includes/acp/acp_profile.php b/phpBB/includes/acp/acp_profile.php
index 485f849f51..2012d3c513 100644
--- a/phpBB/includes/acp/acp_profile.php
+++ b/phpBB/includes/acp/acp_profile.php
@@ -597,13 +597,13 @@ class acp_profile
if (!sizeof($error))
{
- if (!check_form_key($form_key))
- {
- trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
- }
-
if (($step == 3 && (sizeof($this->lang_defs['iso']) == 1 || $save)) || ($action == 'edit' && $save))
{
+ if (!check_form_key($form_key))
+ {
+ trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+ }
+
$this->save_profile_field($cp, $field_type, $action);
}
}
diff --git a/phpBB/includes/acp/acp_search.php b/phpBB/includes/acp/acp_search.php
index f15a75e9a1..cc1e5df084 100644
--- a/phpBB/includes/acp/acp_search.php
+++ b/phpBB/includes/acp/acp_search.php
@@ -50,14 +50,12 @@ class acp_search
function settings($id, $mode)
{
- global $db, $user, $auth, $template, $cache;
+ global $db, $user, $auth, $template, $cache, $request;
global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
$submit = (isset($_POST['submit'])) ? true : false;
- $form_key = 'acp_search';
- add_form_key($form_key);
- if ($submit && !check_form_key($form_key))
+ if ($submit && !check_link_hash($request->variable('hash', ''), 'acp_search'))
{
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
}
@@ -233,7 +231,7 @@ class acp_search
'S_YES_SEARCH' => (bool) $config['load_search'],
'S_SETTINGS' => true,
- 'U_ACTION' => $this->u_action)
+ 'U_ACTION' => $this->u_action . '&hash=' . generate_link_hash('acp_search'))
);
}
@@ -253,10 +251,7 @@ class acp_search
}
$submit = $request->is_set_post('submit', false);
- $form_key = 'acp_search';
- add_form_key($form_key);
-
- if (!check_form_key($form_key) && in_array($action, array('delete', 'create')))
+ if (!check_link_hash($request->variable('hash', ''), 'acp_search') && in_array($action, array('create', 'delete')))
{
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
}
@@ -310,7 +305,7 @@ class acp_search
if (method_exists($this->search, 'delete_index'))
{
// pass a reference to myself so the $search object can make use of save_state() and attributes
- if ($error = $this->search->delete_index($this, append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&mode=$mode&action=delete", false)))
+ if ($error = $this->search->delete_index($this, append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&mode=$mode&action=delete&hash=" . generate_link_hash('acp_search'), false)))
{
$this->state = array('');
$this->save_state();
@@ -355,7 +350,7 @@ class acp_search
$mtime = explode(' ', microtime());
$totaltime = $mtime[0] + $mtime[1] - $starttime;
$rows_per_second = $row_count / $totaltime;
- meta_refresh(1, append_sid($this->u_action . '&action=delete&skip_rows=' . $post_counter));
+ meta_refresh(1, append_sid($this->u_action . '&action=delete&skip_rows=' . $post_counter . '&hash=' . generate_link_hash('acp_search')));
trigger_error($user->lang('SEARCH_INDEX_DELETE_REDIRECT', (int) $row_count, $post_counter, $rows_per_second));
}
}
@@ -445,7 +440,7 @@ class acp_search
$mtime = explode(' ', microtime());
$totaltime = $mtime[0] + $mtime[1] - $starttime;
$rows_per_second = $row_count / $totaltime;
- meta_refresh(1, append_sid($this->u_action . '&action=create&skip_rows=' . $post_counter));
+ meta_refresh(1, append_sid($this->u_action . '&action=create&skip_rows=' . $post_counter . '&hash=' . generate_link_hash('acp_search')));
trigger_error($user->lang('SEARCH_INDEX_CREATE_REDIRECT', (int) $row_count, $post_counter) . $user->lang('SEARCH_INDEX_CREATE_REDIRECT_RATE', $rows_per_second));
}
}
@@ -524,7 +519,7 @@ class acp_search
$template->assign_vars(array(
'S_INDEX' => true,
- 'U_ACTION' => $this->u_action,
+ 'U_ACTION' => $this->u_action . '&hash=' . generate_link_hash('acp_search'),
'U_PROGRESS_BAR' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&mode=$mode&action=progress_bar"),
'UA_PROGRESS_BAR' => addslashes(append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&mode=$mode&action=progress_bar")),
));
@@ -533,7 +528,7 @@ class acp_search
{
$template->assign_vars(array(
'S_CONTINUE_INDEXING' => $this->state[1],
- 'U_CONTINUE_INDEXING' => $this->u_action . '&action=' . $this->state[1],
+ 'U_CONTINUE_INDEXING' => $this->u_action . '&action=' . $this->state[1] . '&hash=' . generate_link_hash('acp_search'),
'L_CONTINUE' => ($this->state[1] == 'create') ? $user->lang['CONTINUE_INDEXING'] : $user->lang['CONTINUE_DELETING_INDEX'],
'L_CONTINUE_EXPLAIN' => ($this->state[1] == 'create') ? $user->lang['CONTINUE_INDEXING_EXPLAIN'] : $user->lang['CONTINUE_DELETING_INDEX_EXPLAIN'])
);
diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php
index 1e453e88ad..008cc02471 100644
--- a/phpBB/includes/acp/acp_users.php
+++ b/phpBB/includes/acp/acp_users.php
@@ -373,11 +373,6 @@ class acp_users
if ($user_row['user_type'] == USER_NORMAL)
{
user_active_flip('deactivate', $user_id, INACTIVE_REMIND);
-
- $sql = 'UPDATE ' . USERS_TABLE . "
- SET user_actkey = '" . $db->sql_escape($user_actkey) . "'
- WHERE user_id = $user_id";
- $db->sql_query($sql);
}
else
{
@@ -386,8 +381,18 @@ class acp_users
FROM ' . USERS_TABLE . '
WHERE user_id = ' . $user_id;
$result = $db->sql_query($sql);
- $user_actkey = (string) $db->sql_fetchfield('user_actkey');
+ $user_activation_key = (string) $db->sql_fetchfield('user_actkey');
$db->sql_freeresult($result);
+
+ $user_actkey = empty($user_activation_key) ? $user_actkey : $user_activation_key;
+ }
+
+ if ($user_row['user_type'] == USER_NORMAL || empty($user_activation_key))
+ {
+ $sql = 'UPDATE ' . USERS_TABLE . "
+ SET user_actkey = '" . $db->sql_escape($user_actkey) . "'
+ WHERE user_id = $user_id";
+ $db->sql_query($sql);
}
$messenger = new messenger(false);
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 12ca5540ca..a152d9b620 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -2233,13 +2233,6 @@ function generate_board_url($without_script_path = false)
global $config, $user, $request;
$server_name = $user->host;
- $server_port = $request->server('SERVER_PORT', 0);
- $forwarded_proto = $request->server('HTTP_X_FORWARDED_PROTO');
-
- if (!empty($forwarded_proto) && $forwarded_proto === 'https')
- {
- $server_port = 443;
- }
// Forcing server vars is the only way to specify/override the protocol
if ($config['force_server_vars'] || !$server_name)
@@ -2254,6 +2247,13 @@ function generate_board_url($without_script_path = false)
}
else
{
+ $server_port = $request->server('SERVER_PORT', 0);
+ $forwarded_proto = $request->server('HTTP_X_FORWARDED_PROTO');
+
+ if (!empty($forwarded_proto) && $forwarded_proto === 'https')
+ {
+ $server_port = 443;
+ }
// Do not rely on cookie_secure, users seem to think that it means a secured cookie instead of an encrypted connection
$cookie_secure = $request->is_secure() ? 1 : 0;
$url = (($cookie_secure) ? 'https://' : 'http://') . $server_name;
@@ -2609,8 +2609,9 @@ function check_link_hash($token, $link_name)
/**
* Add a secret token to the form (requires the S_FORM_TOKEN template variable)
* @param string $form_name The name of the form; has to match the name used in check_form_key, otherwise no restrictions apply
+* @param string $template_variable_suffix A string that is appended to the name of the template variable to which the form elements are assigned
*/
-function add_form_key($form_name)
+function add_form_key($form_name, $template_variable_suffix = '')
{
global $config, $template, $user, $phpbb_dispatcher;
@@ -2627,13 +2628,15 @@ function add_form_key($form_name)
* Perform additional actions on creation of the form token
*
* @event core.add_form_key
- * @var string form_name The form name
- * @var int now Current time timestamp
- * @var string s_fields Generated hidden fields
- * @var string token Form token
- * @var string token_sid User session ID
+ * @var string form_name The form name
+ * @var int now Current time timestamp
+ * @var string s_fields Generated hidden fields
+ * @var string token Form token
+ * @var string token_sid User session ID
+ * @var string template_variable_suffix The string that is appended to template variable name
*
* @since 3.1.0-RC3
+ * @changed 3.1.11-RC1 Added template_variable_suffix
*/
$vars = array(
'form_name',
@@ -2641,12 +2644,11 @@ function add_form_key($form_name)
's_fields',
'token',
'token_sid',
+ 'template_variable_suffix',
);
extract($phpbb_dispatcher->trigger_event('core.add_form_key', compact($vars)));
- $template->assign_vars(array(
- 'S_FORM_TOKEN' => $s_fields,
- ));
+ $template->assign_var('S_FORM_TOKEN' . $template_variable_suffix, $s_fields);
}
/**
diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php
index 57c68d4935..4a4d2de0fe 100644
--- a/phpBB/includes/functions_posting.php
+++ b/phpBB/includes/functions_posting.php
@@ -1074,7 +1074,7 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id
}
$sql_ary = array(
- 'SELECT' => 'u.username, u.user_id, u.user_colour, p.*, z.friend, z.foe',
+ 'SELECT' => 'u.username, u.user_id, u.user_colour, p.*, z.friend, z.foe, uu.username as post_delete_username, uu.user_colour as post_delete_user_colour',
'FROM' => array(
USERS_TABLE => 'u',
@@ -1086,6 +1086,10 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id
'FROM' => array(ZEBRA_TABLE => 'z'),
'ON' => 'z.user_id = ' . $user->data['user_id'] . ' AND z.zebra_id = p.poster_id',
),
+ array(
+ 'FROM' => array(USERS_TABLE => 'uu'),
+ 'ON' => 'uu.user_id = p.post_delete_user',
+ ),
),
'WHERE' => $db->sql_in_set('p.post_id', $post_list) . '
@@ -1194,6 +1198,31 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id
$post_anchor = ($mode == 'post_review') ? 'ppr' . $row['post_id'] : 'pr' . $row['post_id'];
$u_show_post = append_sid($phpbb_root_path . 'viewtopic.' . $phpEx, "f=$forum_id&t=$topic_id&p={$row['post_id']}&view=show#p{$row['post_id']}");
+ $l_deleted_message = '';
+ if ($row['post_visibility'] == ITEM_DELETED)
+ {
+ $display_postername = get_username_string('full', $poster_id, $row['username'], $row['user_colour'], $row['post_username']);
+
+ // User having deleted the post also being the post author?
+ if (!$row['post_delete_user'] || $row['post_delete_user'] == $poster_id)
+ {
+ $display_username = $display_postername;
+ }
+ else
+ {
+ $display_username = get_username_string('full', $row['post_delete_user'], $row['post_delete_username'], $row['post_delete_user_colour']);
+ }
+
+ if ($row['post_delete_reason'])
+ {
+ $l_deleted_message = $user->lang('POST_DELETED_BY_REASON', $display_postername, $display_username, $user->format_date($row['post_delete_time'], false, true), $row['post_delete_reason']);
+ }
+ else
+ {
+ $l_deleted_message = $user->lang('POST_DELETED_BY', $display_postername, $display_username, $user->format_date($row['post_delete_time'], false, true));
+ }
+ }
+
$post_row = array(
'POST_AUTHOR_FULL' => get_username_string('full', $poster_id, $row['username'], $row['user_colour'], $row['post_username']),
'POST_AUTHOR_COLOUR' => get_username_string('colour', $poster_id, $row['username'], $row['user_colour'], $row['post_username']),
@@ -1204,6 +1233,8 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id
'S_FRIEND' => ($row['friend']) ? true : false,
'S_IGNORE_POST' => ($row['foe']) ? true : false,
'L_IGNORE_POST' => ($row['foe']) ? sprintf($user->lang['POST_BY_FOE'], get_username_string('full', $poster_id, $row['username'], $row['user_colour'], $row['post_username']), "<a href=\"{$u_show_post}\" onclick=\"phpbb.toggleDisplay('{$post_anchor}', 1); return false;\">", '</a>') : '',
+ 'S_POST_DELETED' => ($row['post_visibility'] == ITEM_DELETED) ? true : false,
+ 'L_DELETE_POST' => $l_deleted_message,
'POST_SUBJECT' => $post_subject,
'MINI_POST_IMG' => $user->img('icon_post_target', $user->lang['POST']),
diff --git a/phpBB/includes/mcp/mcp_forum.php b/phpBB/includes/mcp/mcp_forum.php
index 7df712f65f..e4c0640ec7 100644
--- a/phpBB/includes/mcp/mcp_forum.php
+++ b/phpBB/includes/mcp/mcp_forum.php
@@ -396,7 +396,7 @@ function mcp_resync_topics($topic_ids)
*/
function merge_topics($forum_id, $topic_ids, $to_topic_id)
{
- global $db, $template, $user, $phpEx, $phpbb_root_path, $auth;
+ global $db, $template, $user, $phpEx, $phpbb_root_path, $auth, $phpbb_dispatcher;
if (!sizeof($topic_ids))
{
@@ -411,9 +411,9 @@ function merge_topics($forum_id, $topic_ids, $to_topic_id)
$sync_topics = array_merge($topic_ids, array($to_topic_id));
- $topic_data = phpbb_get_topic_data($sync_topics, 'm_merge');
+ $all_topic_data = phpbb_get_topic_data($sync_topics, 'm_merge');
- if (!sizeof($topic_data) || empty($topic_data[$to_topic_id]))
+ if (!sizeof($all_topic_data) || empty($all_topic_data[$to_topic_id]))
{
$template->assign_var('MESSAGE', $user->lang['NO_FINAL_TOPIC_SELECTED']);
return;
@@ -421,13 +421,13 @@ function merge_topics($forum_id, $topic_ids, $to_topic_id)
$sync_forums = array();
$topic_views = 0;
- foreach ($topic_data as $data)
+ foreach ($all_topic_data as $data)
{
$sync_forums[$data['forum_id']] = $data['forum_id'];
- $topic_views += $data['topic_views'];
+ $topic_views = max($topic_views, $data['topic_views']);
}
- $topic_data = $topic_data[$to_topic_id];
+ $to_topic_data = $all_topic_data[$to_topic_id];
$post_id_list = request_var('post_id_list', array(0));
$start = request_var('start', 0);
@@ -475,10 +475,10 @@ function merge_topics($forum_id, $topic_ids, $to_topic_id)
if (confirm_box(true))
{
- $to_forum_id = $topic_data['forum_id'];
+ $to_forum_id = $to_topic_data['forum_id'];
move_posts($post_id_list, $to_topic_id, false);
- add_log('mod', $to_forum_id, $to_topic_id, 'LOG_MERGE', $topic_data['topic_title']);
+ add_log('mod', $to_forum_id, $to_topic_id, 'LOG_MERGE', $to_topic_data['topic_title']);
// Update topic views count
$sql = 'UPDATE ' . TOPICS_TABLE . '
@@ -511,6 +511,20 @@ function merge_topics($forum_id, $topic_ids, $to_topic_id)
$redirect = request_var('redirect', "{$phpbb_root_path}viewtopic.$phpEx?f=$to_forum_id&amp;t=$to_topic_id");
$redirect = reapply_sid($redirect);
+ /**
+ * Perform additional actions after merging topics.
+ *
+ * @event core.mcp_forum_merge_topics_after
+ * @var array all_topic_data The data from all topics involved in the merge
+ * @var int to_topic_id The ID of the topic into which the rest are merged
+ * @since 3.1.11-RC1
+ */
+ $vars = array(
+ 'all_topic_data',
+ 'to_topic_id',
+ );
+ extract($phpbb_dispatcher->trigger_event('core.mcp_forum_merge_topics_after', compact($vars)));
+
meta_refresh(3, $redirect);
trigger_error($user->lang[$success_msg] . '<br /><br />' . $return_link);
}
generated by cgit v1.2.1 (git 2.21.0) at 2025-08-11 14:31:56 +0000