diff options
Diffstat (limited to 'phpBB/includes')
| -rw-r--r-- | phpBB/includes/acp/acp_main.php | 10 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_users.php | 4 | ||||
| -rw-r--r-- | phpBB/includes/acp/auth.php | 53 | ||||
| -rw-r--r-- | phpBB/includes/auth.php | 37 | ||||
| -rw-r--r-- | phpBB/includes/functions.php | 25 | ||||
| -rw-r--r-- | phpBB/includes/functions_display.php | 189 | ||||
| -rw-r--r-- | phpBB/includes/functions_template.php | 51 | ||||
| -rw-r--r-- | phpBB/includes/functions_upload.php | 33 | ||||
| -rwxr-xr-x | phpBB/includes/mcp/mcp_warn.php | 7 | ||||
| -rw-r--r-- | phpBB/includes/message_parser.php | 101 | ||||
| -rw-r--r-- | phpBB/includes/template.php | 53 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_pm_compose.php | 74 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_pm_viewmessage.php | 7 |
13 files changed, 403 insertions, 241 deletions
diff --git a/phpBB/includes/acp/acp_main.php b/phpBB/includes/acp/acp_main.php index 8a7bf5ff75..acc1c50112 100644 --- a/phpBB/includes/acp/acp_main.php +++ b/phpBB/includes/acp/acp_main.php @@ -154,7 +154,7 @@ class acp_main switch ($action) { case 'online': - if (!$auth->acl_get('a_defaults')) + if (!$auth->acl_get('a_board')) { trigger_error($user->lang['NO_ADMIN']); } @@ -165,7 +165,7 @@ class acp_main break; case 'stats': - if (!$auth->acl_get('a_defaults')) + if (!$auth->acl_get('a_board')) { trigger_error($user->lang['NO_ADMIN']); } @@ -215,7 +215,7 @@ class acp_main break; case 'user': - if (!$auth->acl_get('a_defaults')) + if (!$auth->acl_get('a_board')) { trigger_error($user->lang['NO_ADMIN']); } @@ -256,7 +256,7 @@ class acp_main break; case 'date': - if (!$auth->acl_get('a_defaults')) + if (!$auth->acl_get('a_board')) { trigger_error($user->lang['NO_ADMIN']); } @@ -347,7 +347,7 @@ class acp_main 'U_ACTION' => "{$phpbb_admin_path}index.$phpEx$SID", - 'S_ACTION_OPTIONS' => $s_action_options, + 'S_ACTION_OPTIONS' => ($auth->acl_get('a_board')) ? $s_action_options : '', ) ); diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index 29572b7147..62a9a38d98 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -734,7 +734,9 @@ class acp_users 'U_SHOW_IP' => $this->u_action . "&u=$user_id&ip=" . (($ip == 'ip') ? 'hostname' : 'ip'), 'U_WHOIS' => $this->u_action . "&action=whois&user_ip={$user_row['user_ip']}", - + + 'U_SWITCH_PERMISSIONS' => ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_row['user_id']) ? "{$phpbb_root_path}ucp.$phpEx$SID&mode=switch_perm&u={$user_row['user_id']}" : '', + 'USER' => $user_row['username'], 'USER_REGISTERED' => $user->format_date($user_row['user_regdate']), 'REGISTERED_IP' => ($ip == 'hostname') ? gethostbyaddr($user_row['user_ip']) : $user_row['user_ip'], diff --git a/phpBB/includes/acp/auth.php b/phpBB/includes/acp/auth.php index 2307d413fa..e8c2c12079 100644 --- a/phpBB/includes/acp/auth.php +++ b/phpBB/includes/acp/auth.php @@ -1101,6 +1101,59 @@ class auth_admin extends auth } } } + + /** + * Use permissions from another user. This transferes a permission set from one user to another. + * The other user is always able to revert back to his permission set. + * This function does not check for lower/higher permissions, it is possible for the user to gain + * "more" permissions by this. + * + */ + function ghost_permissions($from_user_id, $to_user_id) + { + global $db; + + if ($to_user_id == ANONYMOUS) + { + return false; + } + + $hold_ary = $this->acl_raw_data($from_user_id, false, false); + + if (isset($hold_ary[$from_user_id])) + { + $hold_ary = $hold_ary[$from_user_id]; + } + + // Key 0 in $hold_ary are global options, all others are forum_ids + + // We disallow copying admin permissions + foreach ($this->acl_options['global'] as $opt => $id) + { + if (strpos($opt, 'a_') === 0) + { + $hold_ary[0][$opt] = ACL_NO; + } + } + + // Force a_switchperm to be allowed + $hold_ary[0]['a_switchperm'] = ACL_YES; + + $user_permissions = $this->build_bitstring($hold_ary); + + if (!$user_permissions) + { + return false; + } + + $sql = 'UPDATE ' . USERS_TABLE . " + SET user_permissions = '" . $db->sql_escape($user_permissions) . "', + user_perm_from = $from_user_id + WHERE user_id = " . $to_user_id; + $db->sql_query($sql); + + return true; + } } ?>
\ No newline at end of file diff --git a/phpBB/includes/auth.php b/phpBB/includes/auth.php index c4dc4cb84a..fb1d2126a7 100644 --- a/phpBB/includes/auth.php +++ b/phpBB/includes/auth.php @@ -325,12 +325,34 @@ class auth { if (strpos($opt, 'a_') === 0) { - $hold_ary[0][$opt] = 1; + $hold_ary[0][$opt] = ACL_YES; } } } + $hold_str = $this->build_bitstring($hold_ary); + + if ($hold_str) + { + $userdata['user_permissions'] = $hold_str; + + $sql = 'UPDATE ' . USERS_TABLE . " + SET user_permissions = '" . $db->sql_escape($userdata['user_permissions']) . "', + user_perm_from = 0 + WHERE user_id = " . $userdata['user_id']; + $db->sql_query($sql); + } + + return; + } + + /** + * Build bitstring from permission set + */ + function build_bitstring(&$hold_ary) + { $hold_str = ''; + if (sizeof($hold_ary)) { ksort($hold_ary); @@ -379,16 +401,10 @@ class auth } unset($bitstring); - $userdata['user_permissions'] = rtrim($hold_str); - - $sql = 'UPDATE ' . USERS_TABLE . " - SET user_permissions = '" . $db->sql_escape($userdata['user_permissions']) . "' - WHERE user_id = " . $userdata['user_id']; - $db->sql_query($sql); + $hold_str = rtrim($hold_str); } - unset($hold_ary); - return; + return $hold_str; } /** @@ -401,7 +417,8 @@ class auth $where_sql = ($user_id !== false) ? ' WHERE user_id ' . ((is_array($user_id)) ? ' IN (' . implode(', ', array_map('intval', $user_id)) . ')' : " = $user_id") : ''; $sql = 'UPDATE ' . USERS_TABLE . " - SET user_permissions = '' + SET user_permissions = '', + user_perm_from = 0 $where_sql"; $db->sql_query($sql); diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 38e9448ecb..5ca15e493d 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -148,23 +148,6 @@ function unique_id($extra = 0, $prefix = false) } /** -* Get userdata -* @param mixed $user user id or username -*/ -function get_userdata($user) -{ - global $db; - - $sql = 'SELECT * - FROM ' . USERS_TABLE . ' - WHERE '; - $sql .= ((is_integer($user)) ? "user_id = $user" : "username = '" . $db->sql_escape($user) . "'") . " AND user_id <> " . ANONYMOUS; - $result = $db->sql_query($sql); - - return ($row = $db->sql_fetchrow($result)) ? $row : false; -} - -/** * Generate sort selection fields */ function gen_sort_selects(&$limit_days, &$sort_by_text, &$sort_days, &$sort_key, &$sort_dir, &$s_limit_days, &$s_sort_key, &$s_sort_dir, &$u_sort_param) @@ -1654,10 +1637,11 @@ function decode_message(&$message, $bbcode_uid = '') '#<!\-\- w \-\-><a href="http:\/\/(.*?)" target="_blank">.*?</a><!\-\- w \-\->#', '#<!\-\- l \-\-><a href="(.*?)">.*?</a><!\-\- l \-\->#', '#<!\-\- s(.*?) \-\-><img src="\{SMILIES_PATH\}\/.*? \/><!\-\- s\1 \-\->#', + '#<!\-\- .*? \-\->#s', '#<.*?>#s' ); - $replace = array('\1', '\1', '\1', '\1', '\1', '<\1>'); + $replace = array('\1', '\1', '\1', '\1', '\1', '', '<\1>'); $message = preg_replace($match, $replace, $message); @@ -1863,7 +1847,7 @@ function parse_inline_attachments(&$text, &$attachments, &$update_count, $forum_ { global $config, $user; - $attachments = display_attachments($forum_id, NULL, $attachments, $update_count, $preview, true); + $attachments = display_attachments($forum_id, NULL, $attachments, $update_count, false, true); $tpl_size = sizeof($attachments); $unset_tpl = array(); @@ -2013,7 +1997,7 @@ function add_log() $forum_id = ($mode == 'mod') ? intval(array_shift($args)) : ''; $topic_id = ($mode == 'mod') ? intval(array_shift($args)) : ''; $action = array_shift($args); - $data = (!sizeof($args)) ? '' : $db->sql_escape(serialize($args)); + $data = (!sizeof($args)) ? '' : serialize($args); $sql_ary = array( 'user_id' => $user->data['user_id'], @@ -2533,6 +2517,7 @@ function page_header($page_title = '') 'U_SEARCH_ACTIVE_TOPICS'=> "{$phpbb_root_path}search.$phpEx$SID&search_id=active_topics", 'U_DELETE_COOKIES' => "{$phpbb_root_path}ucp.$phpEx$SID&mode=delete_cookies", 'U_TEAM' => "{$phpbb_root_path}memberlist.$phpEx$SID&mode=leaders", + 'U_RESTORE_PERMISSIONS' => ($user->data['user_perm_from'] && $auth->acl_get('a_switchperm')) ? "{$phpbb_root_path}ucp.$phpEx$SID&mode=restore_perm" : '', 'S_USER_LOGGED_IN' => ($user->data['user_id'] != ANONYMOUS) ? true : false, 'S_REGISTERED_USER' => $user->data['is_registered'], diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php index 7384217c31..b64e2b2ad0 100644 --- a/phpBB/includes/functions_display.php +++ b/phpBB/includes/functions_display.php @@ -578,13 +578,13 @@ function gen_forum_auth_level($mode, $forum_id, $forum_status) global $SID, $template, $auth, $user; $locked = ($forum_status == ITEM_LOCKED && !$auth->acl_get('m_edit', $forum_id)) ? true : false; - + $rules = array( ($auth->acl_get('f_post', $forum_id) && !$locked) ? $user->lang['RULES_POST_CAN'] : $user->lang['RULES_POST_CANNOT'], ($auth->acl_get('f_reply', $forum_id) && !$locked) ? $user->lang['RULES_REPLY_CAN'] : $user->lang['RULES_REPLY_CANNOT'], ($auth->acl_gets('f_edit', 'm_edit', $forum_id) && !$locked) ? $user->lang['RULES_EDIT_CAN'] : $user->lang['RULES_EDIT_CANNOT'], ($auth->acl_gets('f_delete', 'm_delete', $forum_id) && !$locked) ? $user->lang['RULES_DELETE_CAN'] : $user->lang['RULES_DELETE_CANNOT'], - ($auth->acl_get('f_attach', $forum_id) && $auth->acl_get('u_attach', $forum_id) && !$locked) ? $user->lang['RULES_ATTACH_CAN'] : $user->lang['RULES_ATTACH_CANNOT'] + ($auth->acl_get('f_attach', $forum_id) && $auth->acl_get('u_attach') && !$locked) ? $user->lang['RULES_ATTACH_CAN'] : $user->lang['RULES_ATTACH_CANNOT'] ); foreach ($rules as $rule) @@ -670,41 +670,13 @@ function topic_status(&$topic_row, $replies, $unread_topic, &$folder_img, &$fold function display_attachments($forum_id, $blockname, &$attachment_data, &$update_count, $force_physical = false, $return = false) { global $template, $cache, $user; - global $attachment_tpl, $extensions, $config, $phpbb_root_path, $phpEx, $SID; + global $extensions, $config, $phpbb_root_path, $phpEx, $SID; -// $starttime = explode(' ', microtime()); -// $starttime = $starttime[1] + $starttime[0]; $return_tpl = array(); - $blocks = array(ATTACHMENT_CATEGORY_WM => 'WM_STREAM', ATTACHMENT_CATEGORY_RM => 'RM_STREAM', ATTACHMENT_CATEGORY_THUMB => 'THUMBNAIL', ATTACHMENT_CATEGORY_IMAGE => 'IMAGE'); - - if (!isset($attachment_tpl)) - { - if (!($attachment_tpl = $cache->get('attachment_tpl'))) - { - $attachment_tpl = array(); - - $template_filename = $phpbb_root_path . 'styles/' . $user->theme['template_path'] . '/template/attachment.html'; - if (($attachment_template = file_get_contents($template_filename)) === false) - { - trigger_error('Could not load template file "' . $template_filename . '"'); - } - - // replace \ with \\ and then ' with \'. - $attachment_template = str_replace('\\', '\\\\', $attachment_template); - $attachment_template = str_replace("'", "\'", $attachment_template); - - preg_match_all('#<!-- BEGIN (.*?) -->(.*?)<!-- END (.*?) -->#s', $attachment_template, $tpl); - - foreach ($tpl[1] as $num => $block_name) - { - $attachment_tpl[$block_name] = $tpl[2][$num]; - } - unset($tpl); - - $cache->put('attachment_tpl', $attachment_tpl); - } - } + $template->set_filenames(array( + 'attachment_tpl' => 'attachment.html') + ); if (empty($extensions) || !is_array($extensions)) { @@ -714,62 +686,55 @@ function display_attachments($forum_id, $blockname, &$attachment_data, &$update_ foreach ($attachment_data as $attachment) { + // We need to reset/empty the _file block var, because this function might be called more than once + $template->reset_block_vars('_file'); + + $block_array = array(); + // Some basics... $attachment['extension'] = strtolower(trim($attachment['extension'])); $filename = $phpbb_root_path . $config['upload_path'] . '/' . basename($attachment['physical_filename']); $thumbnail_filename = $phpbb_root_path . $config['upload_path'] . '/thumb_' . basename($attachment['physical_filename']); - $upload_image = ''; - + $upload_icon = ''; if ($user->img('icon_attach', '') && !$extensions[$attachment['extension']]['upload_icon']) { - $upload_image = $user->img('icon_attach', ''); + $upload_icon = $user->img('icon_attach', ''); } else if ($extensions[$attachment['extension']]['upload_icon']) { - $upload_image = '<img src="' . $phpbb_root_path . $config['upload_icons_path'] . '/' . trim($extensions[$attachment['extension']]['upload_icon']) . '" alt="" border="0" />'; + $upload_icon = '<img src="' . $phpbb_root_path . $config['upload_icons_path'] . '/' . trim($extensions[$attachment['extension']]['upload_icon']) . '" alt="" />'; } $filesize = $attachment['filesize']; $size_lang = ($filesize >= 1048576) ? $user->lang['MB'] : ( ($filesize >= 1024) ? $user->lang['KB'] : $user->lang['BYTES'] ); - $filesize = ($filesize >= 1048576) ? round((round($filesize / 1048576 * 100) / 100), 2) : (($filesize >= 1024) ? round((round($filesize / 1024 * 100) / 100), 2) : $filesize); - $display_name = basename($attachment['real_filename']); $comment = str_replace("\n", '<br />', censor_text($attachment['comment'])); + $block_array += array( + 'UPLOAD_ICON' => $upload_icon, + 'FILESIZE' => $filesize, + 'SIZE_LANG' => $size_lang, + 'DOWNLOAD_NAME' => basename($attachment['real_filename']), + 'COMMENT' => $comment, + ); + $denied = false; if (!extension_allowed($forum_id, $attachment['extension'], $extensions)) { $denied = true; - $template_array['VAR'] = array('{L_DENIED}'); - $template_array['VAL'] = array(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension'])); - - $tpl = str_replace($template_array['VAR'], $template_array['VAL'], $attachment_tpl['DENIED']); - - // Replace {L_*} lang strings - $tpl = preg_replace('/{L_([A-Z_]+)}/e', "(!empty(\$user->lang['\$1'])) ? \$user->lang['\$1'] : ucwords(strtolower(str_replace('_', ' ', '\$1')))", $tpl); - - if (!$return) - { - $template->assign_block_vars($blockname, array( - 'DISPLAY_ATTACHMENT' => $tpl) - ); - } - else - { - $return_tpl[] = $tpl; - } + $block_array += array( + 'S_DENIED' => true, + 'DENIED_MESSAGE' => sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension']) + ); } if (!$denied) { - $l_downloaded_viewed = ''; - $download_link = ''; - $additional_array['VAR'] = $additional_array['VAL'] = array(); - + $l_downloaded_viewed = $download_link = ''; $display_cat = $extensions[$attachment['extension']]['display_cat']; if ($display_cat == ATTACHMENT_CATEGORY_IMAGE) @@ -800,102 +765,108 @@ function display_attachments($forum_id, $blockname, &$attachment_data, &$update_ { // Images case ATTACHMENT_CATEGORY_IMAGE: - $img_source = $filename; - $update_count[] = $attachment['attach_id']; - $l_downloaded_viewed = $user->lang['VIEWED']; - $download_link = $img_source; - break; + $download_link = $filename; + + $block_array += array( + 'S_IMAGE' => true, + ); + + $update_count[] = $attachment['attach_id']; + break; // Images, but display Thumbnail case ATTACHMENT_CATEGORY_THUMB: - $thumb_source = $thumbnail_filename; - $l_downloaded_viewed = $user->lang['VIEWED']; - $download_link = (!$force_physical) ? $phpbb_root_path . "download.$phpEx$SID&id=" . $attachment['attach_id'] : $filename; + $download_link = (!$force_physical && $attachment['attach_id']) ? $phpbb_root_path . "download.$phpEx$SID&id=" . $attachment['attach_id'] : $filename; - $additional_array['VAR'][] = '{THUMB_IMG}'; - $additional_array['VAL'][] = $thumb_source; - break; + $block_array += array( + 'S_THUMBNAIL' => true, + 'THUMB_IMAGE' => $thumbnail_filename, + ); + break; // Windows Media Streams case ATTACHMENT_CATEGORY_WM: $l_downloaded_viewed = $user->lang['VIEWED']; $download_link = $filename; + $block_array += array( + 'S_WM_FILE' => true, + ); + // Viewed/Heared File ... update the download count (download.php is not called here) $update_count[] = $attachment['attach_id']; - break; + break; // Real Media Streams case ATTACHMENT_CATEGORY_RM: $l_downloaded_viewed = $user->lang['VIEWED']; $download_link = $filename; - $additional_array['VAR'][] = '{U_FORUM}'; - $additional_array['VAL'][] = generate_board_url(); - $additional_array['VAR'][] = '{ATTACH_ID}'; - $additional_array['VAL'][] = $attachment['attach_id']; + $block_array += array( + 'S_RM_FILE' => true, + 'U_FORUM' => generate_board_url(), + 'ATTACH_ID' => $attachment['attach_id'], + ); // Viewed/Heared File ... update the download count (download.php is not called here) $update_count[] = $attachment['attach_id']; break; -/* - // Macromedia Flash Files + +/* // Macromedia Flash Files case SWF_CAT: list($width, $height) = swf_getdimension($filename); $l_downloaded_viewed = $user->lang['VIEWED']; $download_link = $filename; - $additional_array = array( - 'WIDTH' => $width, - 'HEIGHT' => $height + $block_array += array( + 'S_SWF_FILE' => true, + 'WIDTH' => $width, + 'HEIGHT' => $height, ); // Viewed/Heared File ... update the download count (download.php is not called here) $update_count[] = $attachment['attach_id']; - break; + break; */ default: $l_downloaded_viewed = $user->lang['DOWNLOADED']; - $download_link = (!$force_physical) ? $phpbb_root_path . "download.$phpEx$SID&id=" . $attachment['attach_id'] : $filename; - break; + $download_link = (!$force_physical && $attachment['attach_id']) ? $phpbb_root_path . "download.$phpEx$SID&id=" . $attachment['attach_id'] : $filename; + + $block_array += array( + 'S_FILE' => true, + ); + break; } $l_download_count = (!isset($attachment['download_count']) || $attachment['download_count'] == 0) ? $user->lang['DOWNLOAD_NONE'] : (($attachment['download_count'] == 1) ? sprintf($user->lang['DOWNLOAD_COUNT'], $attachment['download_count']) : sprintf($user->lang['DOWNLOAD_COUNTS'], $attachment['download_count'])); - $current_block = ($display_cat) ? $blocks[$display_cat] : 'FILE'; - - $template_array['VAR'] = array_merge($additional_array['VAR'], array( - '{DOWNLOAD_NAME}', '{FILESIZE}', '{SIZE_VAR}', '{COMMENT}', '{U_DOWNLOAD_LINK}', '{UPLOAD_IMG}', '{L_DOWNLOADED_VIEWED}', '{L_DOWNLOAD_COUNT}') - ); - - $template_array['VAL'] = array_merge($additional_array['VAL'], array( - $display_name, $filesize, $size_lang, $comment, $download_link, $upload_image, $l_downloaded_viewed, $l_download_count) + $block_array += array( + 'U_DOWNLOAD_LINK' => $download_link, + 'L_DOWNLOADED_VIEWED' => $l_downloaded_viewed, + 'L_DOWNLOAD_COUNT' => $l_download_count ); + } - $tpl = str_replace($template_array['VAR'], $template_array['VAL'], $attachment_tpl[$current_block]); + $template->assign_block_vars('_file', $block_array); - // Replace {L_*} lang strings - $tpl = preg_replace('/{L_([A-Z_]+)}/e', "(!empty(\$user->lang['\$1'])) ? \$user->lang['\$1'] : ucwords(strtolower(str_replace('_', ' ', '\$1')))", $tpl); + $tpl = $template->assign_display('attachment_tpl'); - if (!$return) - { - $template->assign_block_vars($blockname, array( - 'DISPLAY_ATTACHMENT' => $tpl) - ); - } - else - { - $return_tpl[] = $tpl; - } + if (!$return) + { + $template->assign_block_vars($blockname, array( + 'DISPLAY_ATTACHMENT' => $tpl) + ); + } + else + { + $return_tpl[] = $tpl; } } return $return_tpl; -// $mtime = explode(' ', microtime()); -// $totaltime = $mtime[0] + $mtime[1] - $starttime; } /** diff --git a/phpBB/includes/functions_template.php b/phpBB/includes/functions_template.php index bf70f174d3..ec573d229e 100644 --- a/phpBB/includes/functions_template.php +++ b/phpBB/includes/functions_template.php @@ -40,6 +40,10 @@ class template_compile { var $template; + // Various storage arrays + var $block_names = array(); + var $block_else_level = array(); + /** * constuctor */ @@ -120,57 +124,54 @@ class template_compile switch ($blocks[1][$curr_tb]) { case 'BEGIN': - $this->template->block_else_level[] = false; + $this->block_else_level[] = false; $compile_blocks[] = '<?php ' . $this->compile_tag_block($blocks[2][$curr_tb]) . ' ?>'; - break; + break; case 'BEGINELSE': - $this->template->block_else_level[sizeof($this->template->block_else_level) - 1] = true; + $this->block_else_level[sizeof($this->block_else_level) - 1] = true; $compile_blocks[] = '<?php }} else { ?>'; - break; + break; case 'END': - array_pop($this->template->block_names); - $compile_blocks[] = '<?php ' . ((array_pop($this->template->block_else_level)) ? '}' : '}}') . ' ?>'; - break; + array_pop($this->block_names); + $compile_blocks[] = '<?php ' . ((array_pop($this->block_else_level)) ? '}' : '}}') . ' ?>'; + break; case 'IF': $compile_blocks[] = '<?php ' . $this->compile_tag_if($blocks[2][$curr_tb], false) . ' ?>'; - break; + break; case 'ELSE': $compile_blocks[] = '<?php } else { ?>'; - break; + break; case 'ELSEIF': $compile_blocks[] = '<?php ' . $this->compile_tag_if($blocks[2][$curr_tb], true) . ' ?>'; - break; + break; case 'ENDIF': $compile_blocks[] = '<?php } ?>'; - break; + break; case 'DEFINE': $compile_blocks[] = '<?php ' . $this->compile_tag_define($blocks[2][$curr_tb], true) . ' ?>'; - break; + break; case 'UNDEFINE': $compile_blocks[] = '<?php ' . $this->compile_tag_define($blocks[2][$curr_tb], false) . ' ?>'; - break; + break; case 'INCLUDE': - $temp = ''; - list(, $temp) = each($include_blocks); + $temp = array_shift($include_blocks); $compile_blocks[] = '<?php ' . $this->compile_tag_include($temp) . ' ?>'; $this->template->_tpl_include($temp, false); - break; + break; case 'INCLUDEPHP': if ($config['tpl_php']) { - $temp = ''; - list(, $temp) = each($includephp_blocks); - $compile_blocks[] = '<?php ' . $this->compile_tag_include_php($temp) . ' ?>'; + $compile_blocks[] = '<?php ' . $this->compile_tag_include_php(array_shift($includephp_blocks)) . ' ?>'; } else { @@ -181,9 +182,7 @@ class template_compile case 'PHP': if ($config['tpl_php']) { - $temp = ''; - list(, $temp) = each($php_blocks); - $compile_blocks[] = '<?php ' . $temp . ' ?>'; + $compile_blocks[] = '<?php ' . array_shift($php_blocks) . ' ?>'; } else { @@ -306,9 +305,9 @@ class template_compile } $tag_template_php = ''; - array_push($this->template->block_names, $tag_args); + array_push($this->block_names, $tag_args); - if (sizeof($this->template->block_names) < 2) + if (sizeof($this->block_names) < 2) { // Block is not nested. $tag_template_php = '$_' . $tag_args . "_count = (isset(\$this->_tpldata['$tag_args'])) ? sizeof(\$this->_tpldata['$tag_args']) : 0;"; @@ -321,11 +320,11 @@ class template_compile if ($no_nesting !== false) { // We need to implode $no_nesting times from the end... - $namespace = implode('.', array_slice($this->template->block_names, -$no_nesting)); + $namespace = implode('.', array_slice($this->block_names, -$no_nesting)); } else { - $namespace = implode('.', $this->template->block_names); + $namespace = implode('.', $this->block_names); } // Get a reference to the data array for this block that depends on the diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index a9e08ec1e9..46449ff722 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -165,6 +165,39 @@ class filespec } /** + * Get mimetype + */ + function get_mimetype($filename) + { + if (function_exists('mime_content_type')) + { + $mimetype = mime_content_type($filename); + } + else + { + $mimetype = 'application/octetstream'; + } + + // Opera adds the name to the mime type + $mimetype = (strpos($mimetype, '; name') !== false) ? str_replace(strstr($mimetype, '; name'), '', $mimetype) : $mimetype; + + if (!$mimetype) + { + $mimetype = 'application/octetstream'; + } + + return $mimetype; + } + + /** + * Get filesize + */ + function get_filesize($filename) + { + return @filesize($filename); + } + + /** * Move file to destination folder * * The phpbb_root_path variable will be applied to the destination path diff --git a/phpBB/includes/mcp/mcp_warn.php b/phpBB/includes/mcp/mcp_warn.php index fd75a86d21..cc52baabf6 100755 --- a/phpBB/includes/mcp/mcp_warn.php +++ b/phpBB/includes/mcp/mcp_warn.php @@ -306,7 +306,12 @@ function mcp_warn_user_view($id, $mode, $action) $sql_where = ($user_id) ? "user_id = $user_id" : "username = '" . $db->sql_escape($username) . "'"; - $userrow = get_userdata($user_id); + $sql = 'SELECT * + FROM ' . USERS_TABLE . ' + WHERE ' . $sql_where; + $result = $db->sql_query($sql); + $userrow = $db->sql_fetchrow($result); + $db->sql_freeresult($result); $user_id = $userrow['user_id']; diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index 9e86678580..2c4f89bcec 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -977,9 +977,9 @@ class parse_message extends bbcode_firstpass $this->filename_data['filecomment'] = request_var('filecomment', '', true); $upload_file = (isset($_FILES[$form_name]) && $_FILES[$form_name]['name'] != 'none' && trim($_FILES[$form_name]['name'])) ? true : false; - $add_file = (isset($_POST['add_file'])); - $delete_file = (isset($_POST['delete_file'])); - $edit_comment = (isset($_POST['edit_comment'])); + $add_file = (isset($_POST['add_file'])) ? true : false; + $delete_file = (isset($_POST['delete_file'])) ? true : false; + $edit_comment = (isset($_POST['edit_comment'])) ? true : false; $cfg = array(); $cfg['max_attachments'] = ($is_message) ? $config['max_attachments_pm'] : $config['max_attachments']; @@ -1063,6 +1063,9 @@ class parse_message extends bbcode_firstpass if ($edit_comment) { $actual_comment_list = request_var('comment_list', array(''), true); + + $edit_comment = key(request_var('edit_comment', array(0 => ''))); + $this->attachment_data[$edit_comment]['comment'] = $actual_comment_list[$edit_comment]; } if (($add_file || $preview) && $upload_file) @@ -1105,26 +1108,102 @@ class parse_message extends bbcode_firstpass } } - // Get Attachment Data + /** + * Get Attachment Data + */ function get_submitted_attachment_data() { + global $user, $db, $phpbb_root_path, $phpEx, $config; + $this->filename_data['filecomment'] = request_var('filecomment', '', true); $this->attachment_data = (isset($_POST['attachment_data'])) ? $_POST['attachment_data'] : array(); - // - $data_prepare = array('physical_filename' => 's', 'real_filename' => 's', 'comment' => 's', 'extension' => 's', 'mimetype' => 's', - 'filesize' => 'i', 'filetime' => 'i', 'attach_id' => 'i', 'thumbnail' => 'i'); + // Regenerate data array... + $attach_ids = $filenames = array(); + foreach ($this->attachment_data as $pos => $var_ary) { - foreach ($data_prepare as $var => $type) + if ($var_ary['attach_id']) + { + $attach_ids[(int) $this->attachment_data[$pos]['attach_id']] = $pos; + } + else + { + $filenames[$pos] = ''; + set_var($filenames[$pos], $this->attachment_data[$pos]['physical_filename'], 'string'); + $filenames[$pos] = basename($filenames[$pos]); + } + } + + $this->attachment_data = array(); + + // Regenerate already posted attachments... + if (sizeof($attach_ids)) + { + // Get the data from the attachments + $sql = 'SELECT attach_id, physical_filename, real_filename, extension, mimetype, filesize, filetime, thumbnail + FROM ' . ATTACHMENTS_TABLE . ' + WHERE attach_id IN (' . implode(', ', array_keys($attach_ids)) . ') + AND poster_id = ' . $user->data['user_id']; + $result = $db->sql_query($sql); + + while ($row = $db->sql_fetchrow($result)) + { + if (isset($attach_ids[$row['attach_id']])) + { + $pos = $attach_ids[$row['attach_id']]; + $this->attachment_data[$pos] = $row; + set_var($this->attachment_data[$pos]['comment'], $_POST['attachment_data'][$pos]['comment'], 'string', true); + + unset($attach_ids[$row['attach_id']]); + } + } + $db->sql_freeresult($result); + + if (sizeof($attach_ids)) + { + trigger_error('NO_ACCESS_ATTACHMENT'); + } + } + + // Regenerate newly uploaded attachments + if (sizeof($filenames)) + { + include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx); + + $sql = 'SELECT attach_id + FROM ' . ATTACHMENTS_TABLE . " + WHERE LOWER(physical_filename) IN ('" . implode("', '", array_map('strtolower', $filenames)) . "')"; + $result = $db->sql_query_limit($sql, 1); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + if ($row) + { + trigger_error('NO_ACCESS_ATTACHMENT'); + } + + foreach ($filenames as $pos => $physical_filename) { - if ($type == 's') + $this->attachment_data[$pos] = array( + 'physical_filename' => $physical_filename, + 'extension' => strtolower(filespec::get_extension($phpbb_root_path . $config['upload_path'] . '/' . $physical_filename)), + 'filesize' => filespec::get_filesize($phpbb_root_path . $config['upload_path'] . '/' . $physical_filename), + 'attach_id' => 0, + 'thumbnail' => (file_exists($phpbb_root_path . $config['upload_path'] . '/thumb_' . $physical_filename)) ? 1 : 0, + ); + + set_var($this->attachment_data[$pos]['comment'], $_POST['attachment_data'][$pos]['comment'], 'string', true); + set_var($this->attachment_data[$pos]['real_filename'], $_POST['attachment_data'][$pos]['real_filename'], 'string', true); + set_var($this->attachment_data[$pos]['filetime'], $_POST['attachment_data'][$pos]['filetime'], 'int'); + + if (strpos($_POST['attachment_data'][$pos]['mimetype'], 'image/') !== false) { - $this->attachment_data[$pos][$var] = trim(htmlspecialchars(str_replace(array("\r\n", "\r", '\xFF'), array("\n", "\n", ' '), stripslashes($this->attachment_data[$pos][$var])))); + set_var($this->attachment_data[$pos]['mimetype'], $_POST['attachment_data'][$pos]['mimetype'], 'string'); } else { - $this->attachment_data[$pos][$var] = (int) $this->attachment_data[$pos][$var]; + $this->attachment_data[$pos]['mimetype'] = filespec::get_mimetype($phpbb_root_path . $config['upload_path'] . '/' . $physical_filename); } } } diff --git a/phpBB/includes/template.php b/phpBB/includes/template.php index 82cddda071..022ef4f68c 100644 --- a/phpBB/includes/template.php +++ b/phpBB/includes/template.php @@ -18,21 +18,7 @@ if (!defined('IN_PHPBB')) /** * @package phpBB3 * -* Template class. -* -* psoTFX - Completion of file caching, decompilation routines and implementation of -* conditionals/keywords and associated changes -* -* The interface was inspired by PHPLib templates, and the template file (formats are -* quite similar) -* -* The keyword/conditional implementation is currently based on sections of code from -* the Smarty templating engine (c) 2001 ispi of Lincoln, Inc. which is released -* (on its own and in whole) under the LGPL. Section 3 of the LGPL states that any code -* derived from an LGPL application may be relicenced under the GPL, this applies -* to this source -* -* DEFINE directive inspired by a request by Cyberalien +* Base Template class. */ class template { @@ -52,11 +38,6 @@ class template // this will hash handle names to the compiled/uncompiled code for that handle. var $compiled_code = array(); - // Various counters and storage arrays - var $block_names = array(); - var $block_else_level = array(); - var $block_nesting_level = 0; - var $static_lang; /** @@ -153,7 +134,7 @@ class template * Display the handle and assign the output to a template variable * @public */ - function assign_display($handle, $template_var, $return_content = false, $include_once = true) + function assign_display($handle, $template_var = '', $return_content = true, $include_once = false) { ob_start(); $this->display($handle, $include_once); @@ -358,6 +339,36 @@ class template } /** + * Reset/empty complete block + * @public + */ + function reset_block_vars($blockname) + { + if (strpos($blockname, '.') !== false) + { + // Nested block. + $blocks = explode('.', $blockname); + $blockcount = sizeof($blocks) - 1; + + $str = &$this->_tpldata; + for ($i = 0; $i < $blockcount; $i++) + { + $str = &$str[$blocks[$i]]; + $str = &$str[sizeof($str) - 1]; + } + + unset($str[$blocks[$blockcount]]); + } + else + { + // Top-level block. + unset($this->_tpldata[$blockname]); + } + + return true; + } + + /** * Change already assigned key variable pair (one-dimensional - single loop entry) * * Some Examples: diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index 30e4c06f77..ffe668d056 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -73,8 +73,8 @@ function compose_pm($id, $mode, $action) { trigger_error('NO_AUTH_SEND_MESSAGE'); } + break; - break; case 'reply': case 'quote': case 'forward': @@ -112,7 +112,7 @@ function compose_pm($id, $mode, $action) AND t.msg_id = p.msg_id AND p.msg_id = $msg_id"; } - break; + break; case 'edit': if (!$msg_id) @@ -127,7 +127,7 @@ function compose_pm($id, $mode, $action) AND t.folder_id = ' . PRIVMSGS_OUTBOX . " AND t.msg_id = $msg_id AND t.msg_id = p.msg_id"; - break; + break; case 'delete': if (!$auth->acl_get('u_pm_delete')) @@ -144,11 +144,11 @@ function compose_pm($id, $mode, $action) FROM ' . PRIVMSGS_TO_TABLE . ' WHERE user_id = ' . $user->data['user_id'] . " AND msg_id = $msg_id"; - break; + break; case 'smilies': generate_smilies('window', 0); - break; + break; default: trigger_error('NO_ACTION_MODE'); @@ -175,42 +175,46 @@ function compose_pm($id, $mode, $action) $db->sql_freeresult($result); - $msg_id = (int) $post['msg_id']; - $enable_urls = $post['enable_magic_url']; - $enable_sig = (isset($post['enable_sig'])) ? $post['enable_sig'] : 0; - - $message_attachment = (isset($post['message_attachement'])) ? $post['message_attachement'] : 0; - $message_text = $post['message_text']; - $message_subject = $post['message_subject']; - $quote_username = (isset($post['quote_username'])) ? $post['quote_username'] : ''; - - $message_time = $post['message_time']; - $icon_id = (isset($post['icon_id'])) ? $post['icon_id'] : 0; - $folder_id = (isset($post['folder_id'])) ? $post['folder_id'] : 0; - $bbcode_uid = $post['bbcode_uid']; + $msg_id = (int) $post['msg_id']; + $folder_id = (isset($post['folder_id'])) ? $post['folder_id'] : 0; + $message_text = (isset($post['message_text'])) ? $post['message_text'] : ''; if (!$post['author_id'] && $msg_id) { trigger_error('NO_AUTHOR'); } - if (($action == 'reply' || $action == 'quote' || $action == 'quotepost') && !sizeof($address_list) && !$refresh && !$submit && !$preview) + if ($action != 'delete') { - $address_list = array('u' => array($post['author_id'] => 'to')); - } - else if ($action == 'edit' && !sizeof($address_list) && !$refresh && !$submit && !$preview) - { - // Rebuild TO and BCC Header - $address_list = rebuild_header(array('to' => $post['to_address'], 'bcc' => $post['bcc_address'])); - } + $enable_urls = $post['enable_magic_url']; + $enable_sig = (isset($post['enable_sig'])) ? $post['enable_sig'] : 0; - if ($action == 'quotepost') - { - $check_value = 0; - } - else - { - $check_value = (($post['enable_bbcode']+1) << 8) + (($post['enable_smilies']+1) << 4) + (($enable_urls+1) << 2) + (($post['enable_sig']+1) << 1); + $message_attachment = (isset($post['message_attachement'])) ? $post['message_attachement'] : 0; + $message_subject = $post['message_subject']; + $message_time = $post['message_time']; + $bbcode_uid = $post['bbcode_uid']; + + $quote_username = (isset($post['quote_username'])) ? $post['quote_username'] : ''; + $icon_id = (isset($post['icon_id'])) ? $post['icon_id'] : 0; + + if (($action == 'reply' || $action == 'quote' || $action == 'quotepost') && !sizeof($address_list) && !$refresh && !$submit && !$preview) + { + $address_list = array('u' => array($post['author_id'] => 'to')); + } + else if ($action == 'edit' && !sizeof($address_list) && !$refresh && !$submit && !$preview) + { + // Rebuild TO and BCC Header + $address_list = rebuild_header(array('to' => $post['to_address'], 'bcc' => $post['bcc_address'])); + } + + if ($action == 'quotepost') + { + $check_value = 0; + } + else + { + $check_value = (($post['enable_bbcode']+1) << 8) + (($post['enable_smilies']+1) << 4) + (($enable_urls+1) << 2) + (($post['enable_sig']+1) << 1); + } } } else @@ -247,8 +251,6 @@ function compose_pm($id, $mode, $action) $icon_id = 0; } - - $message_parser = new parse_message(); $message_parser->message = ($action == 'reply') ? '' : $message_text; @@ -547,7 +549,7 @@ function compose_pm($id, $mode, $action) $extensions = $update_count = array(); $template->assign_var('S_HAS_ATTACHMENTS', true); - display_attachments(0, 'attachment', $message_parser->attachment_data, $update_count, true); + display_attachments(0, 'attachment', $message_parser->attachment_data, $update_count); } $preview_subject = censor_text($subject); diff --git a/phpBB/includes/ucp/ucp_pm_viewmessage.php b/phpBB/includes/ucp/ucp_pm_viewmessage.php index d8bfcc3ec7..f09bd2d39c 100644 --- a/phpBB/includes/ucp/ucp_pm_viewmessage.php +++ b/phpBB/includes/ucp/ucp_pm_viewmessage.php @@ -381,7 +381,12 @@ function get_user_informations($user_id, $user_row) if (empty($user_row)) { - $user_row = get_userdata((int) $user_id); + $sql = 'SELECT * + FROM ' . USERS_TABLE . ' + WHERE user_id = ' . (int) $user_id; + $result = $db->sql_query($sql); + $user_row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); } // Grab ranks |