diff options
Diffstat (limited to 'phpBB/includes')
| -rw-r--r-- | phpBB/includes/acp/acp_board.php | 11 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_users.php | 5 | ||||
| -rw-r--r-- | phpBB/includes/auth/auth_ldap.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/functions.php | 1 | ||||
| -rw-r--r-- | phpBB/includes/functions_user.php | 47 | ||||
| -rwxr-xr-x | phpBB/includes/search/fulltext_native.php | 15 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_register.php | 6 |
7 files changed, 65 insertions, 22 deletions
diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index 9638accc26..7cd50d004e 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -668,7 +668,8 @@ class acp_board { global $user; - $user_char_ary = array('USERNAME_CHARS_ANY' => '.*', 'USERNAME_ALPHA_ONLY' => '[\w]+', 'USERNAME_ALPHA_SPACERS' => '[\w_\+\. \-\[\]]+'); + $user_char_ary = array('USERNAME_CHARS_ANY' => '.*', 'USERNAME_ALPHA_ONLY' => '[a-z]+', 'USERNAME_ALPHA_SPACERS' => '[-\]_+ [a-z]+', 'USERNAME_LETTER_NUM' => '\w+', 'USERNAME_LETTER_NUM_SPACERS' => '[-\]_+ [\w]+', 'USERNAME_ASCII' => '[\x01-\x7F]+'); + $user_char_options = ''; foreach ($user_char_ary as $lang => $value) { @@ -696,12 +697,12 @@ class acp_board { global $user; - $pass_type_ary = array('PASS_TYPE_ANY' => '.*', 'PASS_TYPE_CASE' => '[a-zA-Z]', 'PASS_TYPE_ALPHA' => '[a-zA-Z0-9]', 'PASS_TYPE_SYMBOL' => '[a-zA-Z\W]'); + $pass_type_ary = array('PASS_TYPE_ANY', 'PASS_TYPE_CASE', 'PASS_TYPE_ALPHA', 'PASS_TYPE_SYMBOL'); $pass_char_options = ''; - foreach ($pass_type_ary as $lang => $value) + foreach ($pass_type_ary as $pass_type) { - $selected = ($selected_value == $value) ? ' selected="selected"' : ''; - $pass_char_options .= '<option value="' . $value . '"' . $selected . '>' . $user->lang[$lang] . '</option>'; + $selected = ($selected_value == $pass_type) ? ' selected="selected"' : ''; + $pass_char_options .= '<option value="' . $pass_type . '"' . $selected . '>' . $user->lang[$pass_type] . '</option>'; } return $pass_char_options; diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index 7c0834aa79..82017a5871 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -790,8 +790,7 @@ class acp_users $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error); } - $user_char_ary = array('.*' => 'USERNAME_CHARS_ANY', '[a-z]+' => 'USERNAME_ALPHA_ONLY', '[-\]_+ [a-z]+' => 'USERNAME_ALPHA_SPACERS', '\w+' => 'USERNAME_LETTER_NUM', '[-\]_+ [\w]+' => 'USERNAME_LETTER_NUM_SPACERS'); - $pass_char_ary = array('.*' => 'PASS_TYPE_ANY', '[a-zA-Z]' => 'PASS_TYPE_CASE', '[a-zA-Z0-9]' => 'PASS_TYPE_ALPHA', '[a-zA-Z\W]' => 'PASS_TYPE_SYMBOL'); + $user_char_ary = array('.*' => 'USERNAME_CHARS_ANY', '[a-z]+' => 'USERNAME_ALPHA_ONLY', '[-\]_+ [a-z]+' => 'USERNAME_ALPHA_SPACERS', '\w+' => 'USERNAME_LETTER_NUM', '[-\]_+ [\w]+' => 'USERNAME_LETTER_NUM_SPACERS', '[\x01-\x7F]+' => 'USERNAME_ASCII'); if ($user_id == $user->data['user_id']) { @@ -868,7 +867,7 @@ class acp_users $template->assign_vars(array( 'L_NAME_CHARS_EXPLAIN' => sprintf($user->lang[$user_char_ary[str_replace('\\\\', '\\', $config['allow_name_chars'])] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']), - 'L_CHANGE_PASSWORD_EXPLAIN' => sprintf($user->lang[$pass_char_ary[str_replace('\\\\', '\\', $config['pass_complex'])] . '_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']), + 'L_CHANGE_PASSWORD_EXPLAIN' => sprintf($user->lang[$config['pass_complex'] . '_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']), 'S_FOUNDER' => ($user->data['user_type'] == USER_FOUNDER) ? true : false, 'S_OVERVIEW' => true, diff --git a/phpBB/includes/auth/auth_ldap.php b/phpBB/includes/auth/auth_ldap.php index 365361a364..ff6ff3edd1 100644 --- a/phpBB/includes/auth/auth_ldap.php +++ b/phpBB/includes/auth/auth_ldap.php @@ -36,7 +36,7 @@ function init_ldap() if ($config['ldap_user'] || $config['ldap_password']) { - if (!@ldap_bind($ldap, ldap_escape(htmlspecialchars_decode($config['ldap_user'])), htmlspecialchars_decode($config['ldap_password']))) + if (!@ldap_bind($ldap, htmlspecialchars_decode($config['ldap_user']), htmlspecialchars_decode($config['ldap_password']))) { return $user->lang['LDAP_INCORRECT_USER_PASSWORD']; } diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index aa5c766764..a88e3be9bf 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2389,7 +2389,6 @@ function make_clickable($text, $server_url = false) $magic_url_replace[] = "'\$1<!-- l --><a href=\"\$2/' . preg_replace('/(&|\?)sid=[0-9a-f]{32}/', '\\\\1', '\$3') . '\">' . preg_replace('/(&|\?)sid=[0-9a-f]{32}/', '\\\\1', '\$3') . '</a><!-- l -->'"; // matches a xxxx://aaaaa.bbb.cccc. ... - //$magic_url_match[] = '#(^|[\n\t (])(' . get_preg_expression('url') . ')([[ \t\n\r<"\'\)]|&(?!lt;|quot;))*#ie'; $magic_url_match[] = '#(^|[\n\t (])(' . get_preg_expression('url') . ')#ie'; $magic_url_replace[] = "'\$1<!-- m --><a href=\"\$2\">' . ((strlen('\$2') > 55) ? substr(str_replace('&', '&', '\$2'), 0, 39) . ' ... ' . substr(str_replace('&', '&', '\$2'), -10) : '\$2') . '</a><!-- m -->'"; diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 0ac9b7b97b..5991243d64 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1219,10 +1219,51 @@ function validate_password($password) return false; } - // We only check for existance of characters - if (!preg_match('#' . str_replace('\\\\', '\\', $config['pass_complex']) . '#i', $password)) + // generic UTF-8 character types supported? + if (version_compare(PHP_VERSION, '5.1.0', '>=') || (version_compare(PHP_VERSION, '5.0.0-dev', '<=') && version_compare(PHP_VERSION, '4.4.0', '>='))) { - return 'INVALID_CHARS'; + $upp = '\p{Lu}'; + $low = '\p{Ll}'; + $num = '\p{N}'; + $sym = '[^\p{Lu}\p{Ll}\p{N}]'; + } + else + { + $upp = '[A-Z]'; + $low = '[a-z]'; + $num = '[0-9]'; + $sym = '[^A-Za-z0-9]'; + } + + $chars = array(); + + switch ($config['pass_complex']) + { + case 'PASS_TYPE_CASE': + $chars[] = $low; + $chars[] = $upp; + break; + + case 'PASS_TYPE_ALPHA': + $chars[] = $low; + $chars[] = $upp; + $chars[] = $num; + break; + + case 'PASS_TYPE_SYMBOL': + $chars[] = $low; + $chars[] = $upp; + $chars[] = $num; + $chars[] = $sym; + break; + } + + foreach ($chars as $char) + { + if (!preg_match('#' . $char . '#u', $password)) + { + return 'INVALID_CHARS'; + } } return false; diff --git a/phpBB/includes/search/fulltext_native.php b/phpBB/includes/search/fulltext_native.php index 4ad0f8ae41..cbdef03b88 100755 --- a/phpBB/includes/search/fulltext_native.php +++ b/phpBB/includes/search/fulltext_native.php @@ -1136,7 +1136,7 @@ class fulltext_native extends search_backend } // destroy cached search results containing any of the words removed or added - $this->destroy_cache(array_unique(array_merge($words['add']['post'], $words['add']['title'], $words['del']['post'], $words['del']['post'])), array($poster_id)); + $this->destroy_cache(array_unique(array_merge($words['add']['post'], $words['add']['title'], $words['del']['post'], $words['del']['title'])), array($poster_id)); unset($unique_add_words); unset($words); @@ -1179,14 +1179,15 @@ class fulltext_native extends search_backend $destroy_cache_words = array(); - // Remove common (> 20% of posts ) words - if ($config['num_posts'] >= 100) + // Remove common words + if ($config['num_posts'] >= 100 && $config['fulltext_native_common_thres']) { + $common_threshold = ((double) $config['fulltext_native_common_thres']) / 100.0; // First, get the IDs of common words $sql = 'SELECT word_id FROM ' . SEARCH_WORDMATCH_TABLE . ' GROUP BY word_id - HAVING COUNT(word_id) > ' . floor($config['num_posts'] * 0.2); + HAVING COUNT(word_id) > ' . floor($config['num_posts'] * $common_threshold); $result = $db->sql_query($sql); $sql_in = array(); @@ -1556,12 +1557,16 @@ class fulltext_native extends search_backend <dt><label for="fulltext_native_max_chars">' . $user->lang['MAX_SEARCH_CHARS'] . ':</label><br /><span>' . $user->lang['MAX_SEARCH_CHARS_EXPLAIN'] . '</span></dt> <dd><input id="fulltext_native_max_chars" type="text" size="3" maxlength="3" name="config[fulltext_native_max_chars]" value="' . (int) $config['fulltext_native_max_chars'] . '" /></dd> </dl> + <dl> + <dt><label for="fulltext_native_common_thres">' . $user->lang['COMMON_WORD_THRESHOLD'] . ':</label><br /><span>' . $user->lang['COMMON_WORD_THRESHOLD_EXPLAIN'] . '</span></dt> + <dd><input id="fulltext_native_common_thres" type="text" size="3" maxlength="3" name="config[fulltext_native_common_thres]" value="' . (int) $config['fulltext_native_common_thres'] . '" /> %</dd> + </dl> '; // These are fields required in the config table return array( 'tpl' => $tpl, - 'config' => array('fulltext_native_load_upd' => 'bool', 'fulltext_native_min_chars' => 'integer:0:255', 'fulltext_native_max_chars' => 'integer:0:255') + 'config' => array('fulltext_native_load_upd' => 'bool', 'fulltext_native_min_chars' => 'integer:0:255', 'fulltext_native_max_chars' => 'integer:0:255', 'fulltext_native_common_thres' => 'double:0:100') ); } } diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php index 37d44958bc..050eece86e 100644 --- a/phpBB/includes/ucp/ucp_register.php +++ b/phpBB/includes/ucp/ucp_register.php @@ -478,10 +478,8 @@ class ucp_register break; } - $user_char_ary = array('.*' => 'USERNAME_CHARS_ANY', '[a-z]+' => 'USERNAME_ALPHA_ONLY', '[-\]_+ [a-z]+' => 'USERNAME_ALPHA_SPACERS', '\w+' => 'USERNAME_LETTER_NUM', '[-\]_+ [\w]+' => 'USERNAME_LETTER_NUM_SPACERS'); - $pass_char_ary = array('.*' => 'PASS_TYPE_ANY', '[a-zA-Z]' => 'PASS_TYPE_CASE', '[a-zA-Z0-9]' => 'PASS_TYPE_ALPHA', '[a-zA-Z\W]' => 'PASS_TYPE_SYMBOL'); + $user_char_ary = array('.*' => 'USERNAME_CHARS_ANY', '[a-z]+' => 'USERNAME_ALPHA_ONLY', '[-\]_+ [a-z]+' => 'USERNAME_ALPHA_SPACERS', '\w+' => 'USERNAME_LETTER_NUM', '[-\]_+ [\w]+' => 'USERNAME_LETTER_NUM_SPACERS', '[\x01-\x7F]+' => 'USERNAME_ASCII'); - // $template->assign_vars(array( 'ERROR' => (sizeof($error)) ? implode('<br />', $error) : '', 'USERNAME' => $data['username'], @@ -494,7 +492,7 @@ class ucp_register 'L_CONFIRM_EXPLAIN' => sprintf($user->lang['CONFIRM_EXPLAIN'], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>'), 'L_REG_COND' => $l_reg_cond, 'L_USERNAME_EXPLAIN' => sprintf($user->lang[$user_char_ary[str_replace('\\\\', '\\', $config['allow_name_chars'])] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']), - 'L_PASSWORD_EXPLAIN' => sprintf($user->lang[$pass_char_ary[str_replace('\\\\', '\\', $config['pass_complex'])] . '_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']), + 'L_PASSWORD_EXPLAIN' => sprintf($user->lang[$config['pass_complex'] . '_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']), 'S_LANG_OPTIONS' => language_select($data['lang']), 'S_TZ_OPTIONS' => tz_select($data['tz']), |