diff options
Diffstat (limited to 'phpBB/includes')
29 files changed, 635 insertions, 324 deletions
diff --git a/phpBB/includes/acp/acp_attachments.php b/phpBB/includes/acp/acp_attachments.php index 0b3e9dda0a..acb1319c16 100644 --- a/phpBB/includes/acp/acp_attachments.php +++ b/phpBB/includes/acp/acp_attachments.php @@ -825,24 +825,45 @@ class acp_attachments $add_files = (isset($_POST['add'])) ? array_keys(request_var('add', array('' => 0))) : array(); $post_ids = request_var('post_id', array('' => 0)); - foreach ($delete_files as $delete) + if (sizeof($delete_files)) { - phpbb_unlink($delete); - phpbb_unlink($delete, 'thumbnail'); + $sql = 'SELECT * + FROM ' . ATTACHMENTS_TABLE . ' + WHERE ' . $db->sql_in_set('attach_id', $delete_files) . ' + AND is_orphan = 1'; + $result = $db->sql_query($sql); + + $delete_files = array(); + while ($row = $db->sql_fetchrow($result)) + { + phpbb_unlink($row['physical_filename']); + + if ($row['thumbnail']) + { + phpbb_unlink($row['physical_filename'], 'thumbnail'); + } + + $delete_files[$row['attach_id']] = $row['real_filename']; + } + $db->sql_freeresult($result); } if (sizeof($delete_files)) { + $sql = 'DELETE FROM ' . ATTACHMENTS_TABLE . ' + WHERE ' . $db->sql_in_set('attach_id', array_keys($delete_files)); + $db->sql_query($sql); + add_log('admin', 'LOG_ATTACH_ORPHAN_DEL', implode(', ', $delete_files)); $notify[] = sprintf($user->lang['LOG_ATTACH_ORPHAN_DEL'], implode(', ', $delete_files)); } $upload_list = array(); - foreach ($add_files as $file) + foreach ($add_files as $attach_id) { - if (!in_array($file, $delete_files) && $post_ids[$file]) + if (!in_array($attach_id, array_keys($delete_files)) && !empty($post_ids[$attach_id])) { - $upload_list[$post_ids[$file]] = $file; + $upload_list[$attach_id] = $post_ids[$attach_id]; } } unset($add_files); @@ -851,13 +872,10 @@ class acp_attachments { $template->assign_var('S_UPLOADING_FILES', true); - include_once($phpbb_root_path . 'includes/message_parser.' . $phpEx); - $message_parser = new parse_message(); - $sql = 'SELECT forum_id, forum_name FROM ' . FORUMS_TABLE; $result = $db->sql_query($sql); - + $forum_names = array(); while ($row = $db->sql_fetchrow($result)) { @@ -865,30 +883,67 @@ class acp_attachments } $db->sql_freeresult($result); - $sql = 'SELECT forum_id, topic_id, post_id + $sql = 'SELECT forum_id, topic_id, post_id, poster_id FROM ' . POSTS_TABLE . ' - WHERE ' . $db->sql_in_set('post_id', array_keys($upload_list)); + WHERE ' . $db->sql_in_set('post_id', $upload_list); $result = $db->sql_query($sql); + $post_info = array(); while ($row = $db->sql_fetchrow($result)) { - $return = true; + $post_info[$row['post_id']] = $row; + } + $db->sql_freeresult($result); - if ($auth->acl_get('f_attach', $row['forum_id'])) + // Select those attachments we want to change... + $sql = 'SELECT * + FROM ' . ATTACHMENTS_TABLE . ' + WHERE ' . $db->sql_in_set('attach_id', array_keys($upload_list)) . ' + AND is_orphan = 1'; + $result = $db->sql_query($sql); + + while ($row = $db->sql_fetchrow($result)) + { + $post_row = $post_info[$upload_list[$row['attach_id']]]; + + $template->assign_block_vars('upload', array( + 'FILE_INFO' => sprintf($user->lang['UPLOADING_FILE_TO'], $row['real_filename'], $post_row['post_id']), + 'S_DENIED' => (!$auth->acl_get('f_attach', $post_row['forum_id'])) ? true : false, + 'L_DENIED' => (!$auth->acl_get('f_attach', $post_row['forum_id'])) ? sprintf($user->lang['UPLOAD_DENIED_FORUM'], $forum_names[$row['forum_id']]) : '') + ); + + if (!$auth->acl_get('f_attach', $post_row['forum_id'])) { - $return = $this->upload_file($row['post_id'], $row['topic_id'], $row['forum_id'], $config['upload_path'], $upload_list[$row['post_id']]); + continue; } - $template->assign_block_vars('upload', array( - 'FILE_INFO' => sprintf($user->lang['UPLOADING_FILE_TO'], $upload_list[$row['post_id']], $row['post_id']), - 'S_DENIED' => (!$auth->acl_get('f_attach', $row['forum_id'])) ? true : false, - 'L_DENIED' => (!$auth->acl_get('f_attach', $row['forum_id'])) ? sprintf($user->lang['UPLOAD_DENIED_FORUM'], $forum_names[$row['forum_id']]) : '', - 'ERROR_MSG' => ($return === true) ? false : $return) + // Adjust attachment entry + $sql_ary = array( + 'in_message' => 0, + 'is_orphan' => 0, + 'poster_id' => $post_row['poster_id'], + 'post_msg_id' => $post_row['post_id'], + 'topic_id' => $post_row['topic_id'], ); + + $sql = 'UPDATE ' . ATTACHMENTS_TABLE . ' + SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' + WHERE attach_id = ' . $row['attach_id']; + $db->sql_query($sql); + + $sql = 'UPDATE ' . POSTS_TABLE . ' + SET post_attachment = 1 + WHERE post_id = ' . $post_row['post_id']; + $db->sql_query($sql); + + $sql = 'UPDATE ' . TOPICS_TABLE . ' + SET topic_attachment = 1 + WHERE topic_id = ' . $post_row['topic_id']; + $db->sql_query($sql); + + add_log('admin', 'LOG_ATTACH_FILEUPLOAD', $post_row['post_id'], $row['real_filename']); } $db->sql_freeresult($result); - - unset($message_parser); } } @@ -896,43 +951,31 @@ class acp_attachments 'S_ORPHAN' => true) ); - $attach_filelist = array(); - - $dir = @opendir($phpbb_root_path . $config['upload_path']); - while (($file = @readdir($dir)) !== false) - { - if (is_file($phpbb_root_path . $config['upload_path'] . '/' . $file) && filesize($phpbb_root_path . $config['upload_path'] . '/' . $file) && $file{0} != '.' && $file != 'index.htm' && !preg_match('#^thumb\_#', $file)) - { - $attach_filelist[$file] = $file; - } - } - @closedir($dir); - - $sql = 'SELECT physical_filename - FROM ' . ATTACHMENTS_TABLE; + // Just get the files with is_orphan set and older than 3 hours + $sql = 'SELECT * + FROM ' . ATTACHMENTS_TABLE . ' + WHERE is_orphan = 1 + AND filetime < ' . (time() - 3*60*60) . ' + ORDER BY filetime DESC'; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { - unset($attach_filelist[$row['physical_filename']]); - } - $db->sql_freeresult($result); - - $i = 0; - foreach ($attach_filelist as $file) - { - $filesize = @filesize($phpbb_root_path . $config['upload_path'] . '/' . $file); - $size_lang = ($filesize >= 1048576) ? $user->lang['MB'] : ( ($filesize >= 1024) ? $user->lang['KB'] : $user->lang['BYTES'] ); - $filesize = ($filesize >= 1048576) ? round((round($filesize / 1048576 * 100) / 100), 2) : (($filesize >= 1024) ? round((round($filesize / 1024 * 100) / 100), 2) : $filesize); + $size_lang = ($row['filesize'] >= 1048576) ? $user->lang['MB'] : (($row['filesize'] >= 1024) ? $user->lang['KB'] : $user->lang['BYTES']); + $row['filesize'] = ($row['filesize'] >= 1048576) ? round((round($row['filesize'] / 1048576 * 100) / 100), 2) : (($row['filesize'] >= 1024) ? round((round($row['filesize'] / 1024 * 100) / 100), 2) : $row['filesize']); $template->assign_block_vars('orphan', array( - 'FILESIZE' => $filesize . ' ' . $size_lang, - 'U_FILE' => $phpbb_root_path . $config['upload_path'] . '/' . $file, - 'FILE' => $file, - 'POST_IDS' => (!empty($post_ids[$file])) ? $post_ids[$file] : '') + 'FILESIZE' => $row['filesize'] . ' ' . $size_lang, + 'FILETIME' => $user->format_date($row['filetime']), + 'REAL_FILENAME' => basename($row['real_filename']), + 'PHYSICAL_FILENAME' => basename($row['physical_filename']), + 'ATTACH_ID' => $row['attach_id'], + 'POST_IDS' => (!empty($post_ids[$row['attach_id']])) ? $post_ids[$row['attach_id']] : '', + 'U_FILE' => append_sid($phpbb_root_path . 'download.' . $phpEx, 'id=' . $row['attach_id'])) ); } - + $db->sql_freeresult($result); + break; } @@ -1083,15 +1126,12 @@ class acp_attachments /** * Upload already uploaded file... huh? are you kidding? - */ function upload_file($post_id, $topic_id, $forum_id, $upload_dir, $filename) { global $message_parser, $db, $user, $phpbb_root_path; $message_parser->attachment_data = array(); - $message_parser->filename_data['filecomment'] = ''; - $message_parser->filename_data['filename'] = $phpbb_root_path . $upload_dir . '/' . basename($filename); $filedata = upload_attachment('local', $forum_id, true, $phpbb_root_path . $upload_dir . '/' . basename($filename)); @@ -1144,6 +1184,7 @@ class acp_attachments return sprintf($user->lang['ADMIN_UPLOAD_ERROR'], implode('<br />', $filedata['error'])); } } + */ /** * Search Imagick diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index 5f5cf6cd99..5e181b6dd6 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -65,10 +65,6 @@ class acp_board 'allow_bbcode' => array('lang' => 'ALLOW_BBCODE', 'type' => 'radio:yes_no', 'explain' => false), 'allow_smilies' => array('lang' => 'ALLOW_SMILIES', 'type' => 'radio:yes_no', 'explain' => false), 'allow_sig' => array('lang' => 'ALLOW_SIG', 'type' => 'radio:yes_no', 'explain' => false), - 'allow_sig_bbcode' => array('lang' => 'ALLOW_SIG_BBCODE', 'type' => 'radio:yes_no', 'explain' => false), - 'allow_sig_img' => array('lang' => 'ALLOW_SIG_IMG', 'type' => 'radio:yes_no', 'explain' => false), - 'allow_sig_flash' => array('lang' => 'ALLOW_SIG_FLASH', 'type' => 'radio:yes_no', 'explain' => false), - 'allow_sig_smilies' => array('lang' => 'ALLOW_SIG_SMILIES', 'type' => 'radio:yes_no', 'explain' => false), 'allow_nocensors' => array('lang' => 'ALLOW_NO_CENSORS', 'type' => 'radio:yes_no', 'explain' => true), 'allow_bookmarks' => array('lang' => 'ALLOW_BOOKMARKS', 'type' => 'radio:yes_no', 'explain' => true), @@ -138,6 +134,7 @@ class acp_board 'allow_forum_notify' => array('lang' => 'ALLOW_FORUM_NOTIFY', 'type' => 'radio:yes_no', 'explain' => false), 'allow_bbcode' => array('lang' => 'ALLOW_BBCODE', 'type' => 'radio:yes_no', 'explain' => false), 'allow_smilies' => array('lang' => 'ALLOW_SMILIES', 'type' => 'radio:yes_no', 'explain' => false), + 'allow_post_links' => array('lang' => 'ALLOW_POST_LINKS', 'type' => 'radio:yes_no', 'explain' => true), 'allow_nocensors' => array('lang' => 'ALLOW_NO_CENSORS', 'type' => 'radio:yes_no', 'explain' => true), 'allow_bookmarks' => array('lang' => 'ALLOW_BOOKMARKS', 'type' => 'radio:yes_no', 'explain' => true), 'enable_post_confirm' => array('lang' => 'VISUAL_CONFIRM_POST', 'type' => 'radio:yes_no', 'explain' => true), @@ -173,6 +170,7 @@ class acp_board 'allow_sig_img' => array('lang' => 'ALLOW_SIG_IMG', 'type' => 'radio:yes_no', 'explain' => false), 'allow_sig_flash' => array('lang' => 'ALLOW_SIG_FLASH', 'type' => 'radio:yes_no', 'explain' => false), 'allow_sig_smilies' => array('lang' => 'ALLOW_SIG_SMILIES', 'type' => 'radio:yes_no', 'explain' => false), + 'allow_sig_links' => array('lang' => 'ALLOW_SIG_LINKS', 'type' => 'radio:yes_no', 'explain' => true), 'legend2' => 'GENERAL_SETTINGS', 'max_sig_chars' => array('lang' => 'MAX_SIG_LENGTH', 'type' => 'text:5:4', 'explain' => true), diff --git a/phpBB/includes/acp/acp_bots.php b/phpBB/includes/acp/acp_bots.php index fcee10fde5..1cda4a3c78 100644 --- a/phpBB/includes/acp/acp_bots.php +++ b/phpBB/includes/acp/acp_bots.php @@ -142,6 +142,12 @@ class acp_bots } $bot_row['bot_ip'] = str_replace(' ', '', $bot_row['bot_ip']); + // Make sure the admin is not adding a bot with an user agent similar to his one + if ($bot_row['bot_agent'] && substr($user->data['session_browser'], 0, 149) === substr($bot_row['bot_agent']) + { + $error[] = $user->lang['ERR_BOT_AGENT_MATCHES_UA']; + } + if (!sizeof($error)) { $db->sql_transaction('begin'); diff --git a/phpBB/includes/acp/acp_captcha.php b/phpBB/includes/acp/acp_captcha.php index 2ae65b7687..b3d13c42f9 100644 --- a/phpBB/includes/acp/acp_captcha.php +++ b/phpBB/includes/acp/acp_captcha.php @@ -71,7 +71,7 @@ class acp_captcha $template->assign_var('GD', true); foreach ($policy_modules as $module_name) { - $template->assign_var('U_' . strtoupper($module_name), sprintf($user->lang['CAPTCHA_EXPLAIN'], '<a href="' . append_sid("{$phpbb_root_path}adm/index.$phpEx", 'i=captcha&mode=img&policy=' . $module_name) . '" target="_blank">', '</a>')); + $template->assign_var('U_' . strtoupper($module_name), sprintf($user->lang['CAPTCHA_EXPLAIN'], '<a href="' . append_sid("{$phpbb_root_path}adm/index.$phpEx", 'i=captcha&mode=img&policy=' . $module_name) . '">', '</a>')); } if (function_exists('imagettfbbox') && function_exists('imagettftext')) { diff --git a/phpBB/includes/acp/acp_email.php b/phpBB/includes/acp/acp_email.php index c977d405cc..b727829dc4 100644 --- a/phpBB/includes/acp/acp_email.php +++ b/phpBB/includes/acp/acp_email.php @@ -217,6 +217,7 @@ class acp_email 'S_GROUP_OPTIONS' => $select_list, 'USERNAMES' => $usernames, 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=acp_email&field=usernames'), + 'UA_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=acp_email&field=usernames', false), 'SUBJECT' => $subject, 'MESSAGE' => $message, 'S_PRIORITY_OPTIONS' => $s_priority_options) diff --git a/phpBB/includes/acp/acp_forums.php b/phpBB/includes/acp/acp_forums.php index aad3306f3e..5f70a15fc7 100644 --- a/phpBB/includes/acp/acp_forums.php +++ b/phpBB/includes/acp/acp_forums.php @@ -543,12 +543,12 @@ class acp_forums 'S_TOPIC_ICONS' => ($forum_data['enable_icons']) ? true : false, 'S_DISPLAY_ON_INDEX' => ($forum_data['display_on_index']) ? true : false, 'S_PRUNE_ENABLE' => ($forum_data['enable_prune']) ? true : false, - 'S_FORUM_LINK_TRACK' => ($forum_data['forum_flags'] & 1) ? true : false, - 'S_PRUNE_OLD_POLLS' => ($forum_data['forum_flags'] & 2) ? true : false, - 'S_PRUNE_ANNOUNCE' => ($forum_data['forum_flags'] & 4) ? true : false, - 'S_PRUNE_STICKY' => ($forum_data['forum_flags'] & 8) ? true : false, - 'S_DISPLAY_ACTIVE_TOPICS' => ($forum_data['forum_flags'] & 16) ? true : false, - 'S_ENABLE_POST_REVIEW' => ($forum_data['forum_flags'] & 32) ? true : false, + 'S_FORUM_LINK_TRACK' => ($forum_data['forum_flags'] & FORUM_FLAG_LINK_TRACK) ? true : false, + 'S_PRUNE_OLD_POLLS' => ($forum_data['forum_flags'] & FORUM_FLAG_PRUNE_POLL) ? true : false, + 'S_PRUNE_ANNOUNCE' => ($forum_data['forum_flags'] & FORUM_FLAG_PRUNE_ANNOUNCE) ? true : false, + 'S_PRUNE_STICKY' => ($forum_data['forum_flags'] & FORUM_FLAG_PRUNE_STICKY) ? true : false, + 'S_DISPLAY_ACTIVE_TOPICS' => ($forum_data['forum_flags'] & FORUM_FLAG_ACTIVE_TOPICS) ? true : false, + 'S_ENABLE_POST_REVIEW' => ($forum_data['forum_flags'] & FORUM_FLAG_POST_REVIEW) ? true : false, ) ); diff --git a/phpBB/includes/acp/acp_groups.php b/phpBB/includes/acp/acp_groups.php index 1443cf476a..13e1c11cdf 100644 --- a/phpBB/includes/acp/acp_groups.php +++ b/phpBB/includes/acp/acp_groups.php @@ -614,6 +614,7 @@ class acp_groups 'U_ACTION' => $this->u_action . "&g=$group_id", 'U_BACK' => $this->u_action, 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=list&field=usernames'), + 'UA_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=list&field=usernames', false), 'U_DEFAULT_ALL' => "{$this->u_action}&action=default&g=$group_id") ); diff --git a/phpBB/includes/acp/acp_main.php b/phpBB/includes/acp/acp_main.php index 7246395ecc..8b165160fd 100644 --- a/phpBB/includes/acp/acp_main.php +++ b/phpBB/includes/acp/acp_main.php @@ -215,14 +215,16 @@ class acp_main set_config('num_users', (int) $row['stat'], true); $sql = 'SELECT COUNT(attach_id) as stat - FROM ' . ATTACHMENTS_TABLE; + FROM ' . ATTACHMENTS_TABLE . ' + WHERE is_orphan = 0'; $result = $db->sql_query($sql); set_config('num_files', (int) $db->sql_fetchfield('stat'), true); $db->sql_freeresult($result); $sql = 'SELECT SUM(filesize) as stat - FROM ' . ATTACHMENTS_TABLE; + FROM ' . ATTACHMENTS_TABLE . ' + WHERE is_orphan = 0'; $result = $db->sql_query($sql); set_config('upload_dir_size', (int) $db->sql_fetchfield('stat'), true); @@ -404,6 +406,13 @@ class acp_main $files_per_day = $total_files; } + $sql = 'SELECT COUNT(attach_id) total_orphan + FROM ' . ATTACHMENTS_TABLE . ' + WHERE is_orphan = 1'; + $result = $db->sql_query($sql); + $total_orphan = (int) $db->sql_fetchfield('total_orphan'); + $db->sql_freeresult($result); + $dbsize = get_database_size(); $s_action_options = build_select(array('online' => 'RESET_ONLINE', 'date' => 'RESET_DATE', 'stats' => 'RESYNC_STATS', 'user' => 'RESYNC_POSTCOUNTS', 'db_track' => 'RESYNC_POST_MARKING')); @@ -420,6 +429,7 @@ class acp_main 'AVATAR_DIR_SIZE' => $avatar_dir_size, 'DBSIZE' => $dbsize, 'UPLOAD_DIR_SIZE' => $upload_dir_size, + 'TOTAL_ORPHAN' => $total_orphan, 'GZIP_COMPRESSION' => ($config['gzip_compress']) ? $user->lang['ON'] : $user->lang['OFF'], 'DATABASE_INFO' => $db->sql_server_info(), diff --git a/phpBB/includes/acp/acp_permissions.php b/phpBB/includes/acp/acp_permissions.php index fe244b7175..de3948d551 100644 --- a/phpBB/includes/acp/acp_permissions.php +++ b/phpBB/includes/acp/acp_permissions.php @@ -331,7 +331,8 @@ class acp_permissions $template->assign_vars(array( 'S_SELECT_USER' => true, - 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=select_victim&field=username')) + 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=select_victim&field=username'), + 'UA_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=select_victim&field=username', false)) ); break; @@ -393,17 +394,23 @@ class acp_permissions 'S_DEFINED_USER_OPTIONS' => $items['user_ids_options'], 'S_DEFINED_GROUP_OPTIONS' => $items['group_ids_options'], 'S_ADD_GROUP_OPTIONS' => group_select_options(false, $items['group_ids']), - 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=add_user&field=username')) + 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=add_user&field=username'), + 'UA_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=add_user&field=username', false)) ); break; } + // The S_ALLOW_SELECT parameter below is a measure to lower memory usage. + // If there are more than 5 forums selected the admin is not able to select all users/groups too. + // We need to see if the number of forums can be increased or need to be decreased. + $template->assign_vars(array( 'U_ACTION' => $this->u_action, 'ANONYMOUS_USER_ID' => ANONYMOUS, 'S_SELECT_VICTIM' => true, + 'S_ALLOW_ALL_SELECT' => (sizeof($forum_id) > 5) ? false : true, 'S_CAN_SELECT_USER' => ($auth->acl_get('a_authusers')) ? true : false, 'S_CAN_SELECT_GROUP' => ($auth->acl_get('a_authgroups')) ? true : false, 'S_HIDDEN_FIELDS' => $s_hidden_fields) diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index 12fb528830..cc5c1ffa78 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -53,7 +53,7 @@ class acp_users if ($ipwhois = user_ipwhois($user_ip)) { $ipwhois = preg_replace('#(\s)([\w\-\._\+]+@[\w\-\.]+)(\s)#', '\1<a href="mailto:\2">\2</a>\3', $ipwhois); - $ipwhois = preg_replace('#(\s)(http:/{2}[^\s]*)(\s)#', '\1<a href="\2" target="_blank">\2</a>\3', $ipwhois); + $ipwhois = preg_replace('#(\s)(http:/{2}[^\s]*)(\s)#', '\1<a href="\2">\2</a>\3', $ipwhois); } $template->assign_vars(array( @@ -75,6 +75,7 @@ class acp_users 'S_SELECT_USER' => true, 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=select_user&field=username'), + 'UA_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=select_user&field=username', false), ) ); @@ -241,8 +242,8 @@ class acp_users user_ban(substr($action, 3), $ban, 0, 0, 0, $user->lang[$reason]); - add_log('admin', $log, $user->lang[$reason]); - add_log('user', $user_id, $log, $user->lang[$reason]); + add_log('admin', $log, $user->lang[$reason], implode(', ', $ban)); + add_log('user', $user_id, $log, $user->lang[$reason], implode(', ', $ban)); trigger_error($user->lang['BAN_SUCCESSFUL'] . adm_back_link($this->u_action . '&u=' . $user_id)); @@ -1558,7 +1559,7 @@ class acp_users $message_parser = new parse_message($signature); // Allowing Quote BBCode - $message_parser->parse($enable_bbcode, $enable_urls, $enable_smilies, $config['allow_sig_img'], $config['allow_sig_flash'], true, true, 'sig'); + $message_parser->parse($enable_bbcode, ($config['allow_sig_links']) ? $enable_urls : false, $enable_smilies, $config['allow_sig_img'], $config['allow_sig_flash'], true, $config['allow_sig_links'], true, 'sig'); if (sizeof($message_parser->warn_msg)) { @@ -1606,17 +1607,19 @@ class acp_users 'S_SMILIES_CHECKED' => (!$enable_smilies) ? 'checked="checked"' : '', 'S_MAGIC_URL_CHECKED' => (!$enable_urls) ? 'checked="checked"' : '', - 'BBCODE_STATUS' => ($config['allow_sig_bbcode']) ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '" onclick="target=\'_phpbbcode\';">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '" onclick="target=\'_phpbbcode\';">', '</a>'), + 'BBCODE_STATUS' => ($config['allow_sig_bbcode']) ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '">', '</a>'), 'SMILIES_STATUS' => ($config['allow_sig_smilies']) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'], 'IMG_STATUS' => ($config['allow_sig_img']) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'], 'FLASH_STATUS' => ($config['allow_sig_flash']) ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'], + 'URL_STATUS' => ($config['allow_sig_links']) ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'], 'L_SIGNATURE_EXPLAIN' => sprintf($user->lang['SIGNATURE_EXPLAIN'], $config['max_sig_chars']), 'S_BBCODE_ALLOWED' => $config['allow_sig_bbcode'], 'S_SMILIES_ALLOWED' => $config['allow_sig_smilies'], 'S_BBCODE_IMG' => ($config['allow_sig_img']) ? true : false, - 'S_BBCODE_FLASH' => ($config['allow_sig_flash']) ? true : false) + 'S_BBCODE_FLASH' => ($config['allow_sig_flash']) ? true : false, + 'S_LINKS_ALLOWED' => ($config['allow_sig_links']) ? true : false) ); // Assigning custom bbcodes diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index 55c7ec7428..f20729e6c6 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -61,6 +61,19 @@ define('ITEM_UNLOCKED', 0); define('ITEM_LOCKED', 1); define('ITEM_MOVED', 2); +// Forum Flags +define('FORUM_FLAG_LINK_TRACK', 1); +define('FORUM_FLAG_PRUNE_POLL', 2); +define('FORUM_FLAG_PRUNE_ANNOUNCE', 4); +define('FORUM_FLAG_PRUNE_STICKY', 8); +define('FORUM_FLAG_ACTIVE_TOPICS', 16); +define('FORUM_FLAG_POST_REVIEW', 32); + +// Optional text flags +define('OPTION_FLAG_BBCODE', 1); +define('OPTION_FLAG_SMILIES', 2); +define('OPTION_FLAG_LINKS', 4); + // Topic types define('POST_NORMAL', 0); define('POST_STICKY', 1); diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 88cdab17d2..620b64a54a 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2146,21 +2146,10 @@ function decode_message(&$message, $bbcode_uid = '') $message = str_replace($match, $replace, $message); - $match = array( - '#<!\-\- e \-\-><a href="mailto:(.*?)">.*?</a><!\-\- e \-\->#', - '#<!\-\- m \-\-><a href="(.*?)" target="_blank">.*?</a><!\-\- m \-\->#', - '#<!\-\- w \-\-><a href="http:\/\/(.*?)" target="_blank">.*?</a><!\-\- w \-\->#', - '#<!\-\- l \-\-><a href="(.*?)">.*?</a><!\-\- l \-\->#', - '#<!\-\- s(.*?) \-\-><img src="\{SMILIES_PATH\}\/.*? \/><!\-\- s\1 \-\->#', - '#<!\-\- .*? \-\->#s', - '#<.*?>#s' - ); - - $replace = array('\1', '\1', '\1', '\1', '\1', '', ''); - - $message = preg_replace($match, $replace, $message); + $match = get_preg_expression('bbcode_htm'); + $replace = array('\1', '\2', '\1', '', ''); - return; + $message = preg_replace($match, $replace, $message); } /** @@ -2175,17 +2164,8 @@ function strip_bbcode(&$text, $uid = '') $text = preg_replace("#\[\/?[a-z0-9\*\+\-]+(?:=.*?)?(?::[a-z])?(\:?$uid)\]#", ' ', $text); - $match = array( - '#<!\-\- e \-\-><a href="mailto:(.*?)">.*?</a><!\-\- e \-\->#', - '#<!\-\- m \-\-><a href="(.*?)" target="_blank">.*?</a><!\-\- m \-\->#', - '#<!\-\- w \-\-><a href="http:\/\/(.*?)" target="_blank">.*?</a><!\-\- w \-\->#', - '#<!\-\- l \-\-><a href="(.*?)">.*?</a><!\-\- l \-\->#', - '#<!\-\- s(.*?) \-\-><img src="\{SMILIES_PATH\}\/.*? \/><!\-\- s\1 \-\->#', - '#<!\-\- .*? \-\->#s', - '#<.*?>#s' - ); - - $replace = array('\1', '\1', '\1', '\1', '\1', '', ''); + $match = get_preg_expression('bbcode_htm'); + $replace = array('\1', '\2', '\1', '', ''); $text = preg_replace($match, $replace, $text); } @@ -2206,7 +2186,7 @@ function generate_text_for_display($text, $uid, $bitfield, $flags) $text = str_replace("\n", '<br />', censor_text($text)); // Parse bbcode if bbcode uid stored and bbcode enabled - if ($uid && ($flags & 1)) + if ($uid && ($flags & OPTION_FLAG_BBCODE)) { if (!class_exists('bbcode')) { @@ -2226,7 +2206,7 @@ function generate_text_for_display($text, $uid, $bitfield, $flags) $bbcode->bbcode_second_pass($text, $uid); } - $text = smiley_text($text, !($flags & 2)); + $text = smiley_text($text, !($flags & OPTION_FLAG_SMILIES)); return $text; } @@ -2282,9 +2262,9 @@ function generate_text_for_edit($text, $uid, $flags) decode_message($text, $uid); return array( - 'allow_bbcode' => ($flags & 1) ? 1 : 0, - 'allow_smilies' => ($flags & 2) ? 1 : 0, - 'allow_urls' => ($flags & 4) ? 1 : 0, + 'allow_bbcode' => ($flags & OPTION_FLAG_BBCODE) ? 1 : 0, + 'allow_smilies' => ($flags & OPTION_FLAG_SMILIES) ? 1 : 0, + 'allow_urls' => ($flags & OPTION_FLAG_LINKS) ? 1 : 0, 'text' => $text ); } @@ -2317,11 +2297,11 @@ function make_clickable($text, $server_url = false) // matches a xxxx://aaaaa.bbb.cccc. ... $magic_url_match[] = '#(^|[\n ]|\()([\w]+:/{2}.*?([^[ \t\n\r<"\'\)&]+|&(?!lt;|quot;))*)#ie'; - $magic_url_replace[] = "'\$1<!-- m --><a href=\"\$2\" target=\"_blank\">' . ((strlen('\$2') > 55) ? substr(str_replace('&', '&', '\$2'), 0, 39) . ' ... ' . substr(str_replace('&', '&', '\$2'), -10) : '\$2') . '</a><!-- m -->'"; + $magic_url_replace[] = "'\$1<!-- m --><a href=\"\$2\">' . ((strlen('\$2') > 55) ? substr(str_replace('&', '&', '\$2'), 0, 39) . ' ... ' . substr(str_replace('&', '&', '\$2'), -10) : '\$2') . '</a><!-- m -->'"; // matches a "www.xxxx.yyyy[/zzzz]" kinda lazy URL thing $magic_url_match[] = '#(^|[\n ]|\()(w{3}\.[\w\-]+\.[\w\-.\~]+(?:[^[ \t\n\r<"\'\)&]+|&(?!lt;|quot;))*)#ie'; - $magic_url_replace[] = "'\$1<!-- w --><a href=\"http://\$2\" target=\"_blank\">' . ((strlen('\$2') > 55) ? substr(str_replace('&', '&', '\$2'), 0, 39) . ' ... ' . substr(str_replace('&', '&', '\$2'), -10) : '\$2') . '</a><!-- w -->'"; + $magic_url_replace[] = "'\$1<!-- w --><a href=\"http://\$2\">' . ((strlen('\$2') > 55) ? substr(str_replace('&', '&', '\$2'), 0, 39) . ' ... ' . substr(str_replace('&', '&', '\$2'), -10) : '\$2') . '</a><!-- w -->'"; // matches an email@domain type address at the start of a line, or after a space or after what might be a BBCode. $magic_url_match[] = '/(^|[\n ]|\()(' . get_preg_expression('email') . ')/ie'; @@ -2336,19 +2316,18 @@ function make_clickable($text, $server_url = false) */ function censor_text($text) { - global $censors, $user, $cache; + static $censors; + global $cache; - if (!isset($censors)) + if (!isset($censors) || !is_array($censors)) { $censors = array(); - if ($user->optionget('viewcensors')) - { - $cache->obtain_word_list($censors); - } + // obtain_word_list is taking care of the users censor option and the board-wide option + $cache->obtain_word_list($censors); } - if (sizeof($censors) && $user->optionget('viewcensors')) + if (sizeof($censors)) { return preg_replace($censors['match'], $censors['replace'], $text); } @@ -2645,8 +2624,8 @@ function get_backtrace() /** * This function returns a regular expression pattern for commonly used expressions -* Use with / as delimiter -* mode can be: email| +* Use with / as delimiter for email mode +* mode can be: email|bbcode_htm */ function get_preg_expression($mode) { @@ -2655,6 +2634,16 @@ function get_preg_expression($mode) case 'email': return '[a-z0-9&\'\.\-_\+]+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*[a-z]+'; break; + + case 'bbcode_htm': + return array( + '#<!\-\- e \-\-><a href="mailto:(.*?)">.*?</a><!\-\- e \-\->#', + '#<!\-\- (l|m|w) \-\-><a href="(.*?)">.*?</a><!\-\- \1 \-\->#', + '#<!\-\- s(.*?) \-\-><img src="\{SMILIES_PATH\}\/.*? \/><!\-\- s\1 \-\->#', + '#<!\-\- .*? \-\->#s', + '#<.*?>#s', + ); + break; } return ''; @@ -3154,7 +3143,7 @@ function page_header($page_title = '', $display_online_list = true) 'S_CONTENT_DIR_LEFT' => $user->lang['LEFT'], 'S_CONTENT_DIR_RIGHT' => $user->lang['RIGHT'], 'S_TIMEZONE' => ($user->data['user_dst'] || ($user->data['user_id'] == ANONYMOUS && $config['board_dst'])) ? sprintf($user->lang['ALL_TIMES'], $user->lang['tz'][$tz], $user->lang['tz']['dst']) : sprintf($user->lang['ALL_TIMES'], $user->lang['tz'][$tz], ''), - 'S_DISPLAY_ONLINE_LIST' => ($config['load_online']) ? 1 : 0, + 'S_DISPLAY_ONLINE_LIST' => ($l_online_time) ? 1 : 0, 'S_DISPLAY_SEARCH' => (!$config['load_search']) ? 0 : (isset($auth) ? ($auth->acl_get('u_search') && $auth->acl_getf_global('f_search')) : 1), 'S_DISPLAY_PM' => ($config['allow_privmsg'] && $user->data['is_registered']) ? 1 : 0, 'S_DISPLAY_MEMBERLIST' => (isset($auth)) ? $auth->acl_get('u_viewprofile') : 0, diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php index 26133786b3..49bad121e1 100644 --- a/phpBB/includes/functions_admin.php +++ b/phpBB/includes/functions_admin.php @@ -1782,12 +1782,12 @@ function prune($forum_id, $prune_mode, $prune_date, $prune_flags = 0, $auto_sync $sql_and = ''; - if (!($prune_flags & 4)) + if (!($prune_flags & FORUM_FLAG_PRUNE_ANNOUNCE)) { $sql_and .= ' AND topic_type <> ' . POST_ANNOUNCE; } - if (!($prune_flags & 8)) + if (!($prune_flags & FORUM_FLAG_PRUNE_STICKY)) { $sql_and .= ' AND topic_type <> ' . POST_STICKY; } @@ -1816,7 +1816,7 @@ function prune($forum_id, $prune_mode, $prune_date, $prune_flags = 0, $auto_sync } $db->sql_freeresult($result); - if ($prune_flags & 2) + if ($prune_flags & FORUM_FLAG_PRUNE_POLL) { $sql = 'SELECT topic_id FROM ' . TOPICS_TABLE . ' diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php index f46298002c..8e7edea1e2 100644 --- a/phpBB/includes/functions_display.php +++ b/phpBB/includes/functions_display.php @@ -44,7 +44,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod } // Display list of active topics for this category? - $show_active = (isset($root_data['forum_flags']) && $root_data['forum_flags'] & 16) ? true : false; + $show_active = (isset($root_data['forum_flags']) && ($root_data['forum_flags'] & FORUM_FLAG_ACTIVE_TOPICS)) ? true : false; $sql_from = FORUMS_TABLE . ' f '; $lastread_select = $sql_lastread = ''; @@ -126,7 +126,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod } // Display active topics from this forum? - if ($show_active && $row['forum_type'] == FORUM_POST && $auth->acl_get('f_read', $forum_id) && ($row['forum_flags'] & 16)) + if ($show_active && $row['forum_type'] == FORUM_POST && $auth->acl_get('f_read', $forum_id) && ($row['forum_flags'] & FORUM_FLAG_ACTIVE_TOPICS)) { if (!isset($active_forum_ary['forum_topics'])) { @@ -328,7 +328,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod } $l_post_click_count = ($row['forum_type'] == FORUM_LINK) ? 'CLICKS' : 'POSTS'; - $post_click_count = ($row['forum_type'] != FORUM_LINK || $row['forum_flags'] & 1) ? $row['forum_posts'] : ''; + $post_click_count = ($row['forum_type'] != FORUM_LINK || $row['forum_flags'] & FORUM_FLAG_LINK_TRACK) ? $row['forum_posts'] : ''; $template->assign_block_vars('forumrow', array( 'S_IS_CAT' => false, @@ -354,7 +354,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod 'L_FORUM_FOLDER_ALT' => $folder_alt, 'L_MODERATOR_STR' => $l_moderator, - 'U_VIEWFORUM' => ($row['forum_type'] != FORUM_LINK || $row['forum_flags'] & 1) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']) : $row['forum_link'], + 'U_VIEWFORUM' => ($row['forum_type'] != FORUM_LINK || ($row['forum_flags'] & FORUM_FLAG_LINK_TRACK)) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']) : $row['forum_link'], 'U_LAST_POSTER' => $last_poster_url, 'U_LAST_POST' => $last_post_url) ); @@ -698,14 +698,60 @@ function display_attachments($forum_id, $blockname, &$attachment_data, &$update_ 'attachment_tpl' => 'attachment.html') ); + if (!sizeof($attachment_data)) + { + return array(); + } + if (empty($extensions) || !is_array($extensions)) { $extensions = array(); $cache->obtain_attach_extensions($extensions); } + // Look for missing attachment informations... + $attach_ids = array(); + foreach ($attachment_data as $pos => $attachment) + { + // If is_orphan is set, we need to retrieve the attachments again... + if (!isset($attachment['extension']) && !isset($attachment['physical_filename'])) + { + $attach_ids[(int) $attachment['attach_id']] = $pos; + } + } + + if (sizeof($attach_ids)) + { + global $db; + + $attachment_data = array(); + + $sql = 'SELECT * + FROM ' . ATTACHMENTS_TABLE . ' + WHERE ' . $db->sql_in_set('attach_id', array_keys($attach_ids)); + $result = $db->sql_query($sql); + + while ($row = $db->sql_fetchrow($result)) + { + if (!isset($attach_ids[$row['attach_id']])) + { + continue; + } + + $attachment_data[$attach_ids[$row['attach_id']]] = $row; + } + $db->sql_freeresult($result); + + ksort($attachment_data); + } + foreach ($attachment_data as $attachment) { + if (!sizeof($attachment)) + { + continue; + } + // We need to reset/empty the _file block var, because this function might be called more than once $template->destroy_block_vars('_file'); diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index 1bc07debe1..4a46dc1062 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -113,16 +113,31 @@ function update_post_information($type, $ids, $return_update_sql = false) $update_sql = $empty_forums = array(); - $sql = 'SELECT ' . $type . '_id, MAX(post_id) as last_post_id - FROM ' . POSTS_TABLE . ' - WHERE post_approved = 1 - AND ' . $db->sql_in_set($type . '_id', $ids) . " - GROUP BY {$type}_id"; + if (sizeof($ids) == 1) + { + $sql = 'SELECT MAX(post_id) as last_post_id + FROM ' . POSTS_TABLE . ' + WHERE post_approved = 1 + AND ' . $db->sql_in_set($type . '_id', $ids); + } + else + { + $sql = 'SELECT ' . $type . '_id, MAX(post_id) as last_post_id + FROM ' . POSTS_TABLE . ' + WHERE post_approved = 1 + AND ' . $db->sql_in_set($type . '_id', $ids) . " + GROUP BY {$type}_id"; + } $result = $db->sql_query($sql); $last_post_ids = array(); while ($row = $db->sql_fetchrow($result)) { + if (sizeof($ids) == 1) + { + $row[$type . '_id'] = $ids[0]; + } + if ($type == 'forum') { $empty_forums[] = $row['forum_id']; @@ -315,7 +330,7 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage if (!$filedata['post_attach']) { - $filedata['error'][] = 'No filedata found'; + $filedata['error'][] = $user->lang['NO_UPLOAD_FORM_FOUND']; return $filedata; } @@ -334,6 +349,16 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage $cat_id = (isset($extensions[$file->get('extension')]['display_cat'])) ? $extensions[$file->get('extension')]['display_cat'] : ATTACHMENT_CATEGORY_NONE; + // Make sure the image category only holds valid images... + if ($cat_id == ATTACHMENT_CATEGORY_IMAGE && !$file->is_image()) + { + $file->remove(); + + // If this error occurs a user tried to exploit an IE Bug by renaming extensions + // Since the image category is displaying content inline we need to catch this. + trigger_error($user->lang['UNABLE_GET_IMAGE_SIZE']); + } + // Do we have to create a thumbnail? $filedata['thumbnail'] = ($cat_id == ATTACHMENT_CATEGORY_IMAGE && $config['img_create_thumbnail']) ? 1 : 0; @@ -645,7 +670,7 @@ function posting_gen_inline_attachments(&$attachment_data) foreach ($attachment_data as $i => $attachment) { - $s_inline_attachment_options .= '<option value="' . $i . '">' . $attachment['real_filename'] . '</option>'; + $s_inline_attachment_options .= '<option value="' . $i . '">' . basename($attachment['real_filename']) . '</option>'; } $template->assign_var('S_INLINE_ATTACHMENT_OPTIONS', $s_inline_attachment_options); @@ -661,7 +686,7 @@ function posting_gen_inline_attachments(&$attachment_data) */ function posting_gen_attachment_entry(&$attachment_data, &$filename_data) { - global $template, $config, $phpbb_root_path, $phpEx; + global $template, $config, $phpbb_root_path, $phpEx, $user; $template->assign_vars(array( 'S_SHOW_ATTACH_BOX' => true) @@ -684,13 +709,13 @@ function posting_gen_attachment_entry(&$attachment_data, &$filename_data) $hidden .= '<input type="hidden" name="attachment_data[' . $count . '][' . $key . ']" value="' . $value . '" />'; } - $download_link = (!$attach_row['attach_id']) ? $phpbb_root_path . $config['upload_path'] . '/' . basename($attach_row['physical_filename']) : append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . (int) $attach_row['attach_id']); + $download_link = append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . (int) $attach_row['attach_id'], false, ($attach_row['is_orphan']) ? $user->session_id : false); $template->assign_block_vars('attach_row', array( 'FILENAME' => basename($attach_row['real_filename']), - 'ATTACH_FILENAME' => basename($attach_row['physical_filename']), 'FILE_COMMENT' => $attach_row['attach_comment'], 'ATTACH_ID' => $attach_row['attach_id'], + 'S_IS_ORPHAN' => $attach_row['is_orphan'], 'ASSOC_INDEX' => $count, 'U_VIEW_ATTACHMENT' => $download_link, @@ -928,8 +953,8 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id { global $db, $user, $config, $phpbb_root_path, $phpEx, $auth; - $topic_notification = ($mode == 'reply' || $mode == 'quote'); - $forum_notification = ($mode == 'post'); + $topic_notification = ($mode == 'reply' || $mode == 'quote') ? true : false; + $forum_notification = ($mode == 'post') ? true : false; if (!$topic_notification && !$forum_notification) { @@ -1390,7 +1415,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u 'post_text' => $data['message'], 'post_checksum' => $data['message_md5'], 'post_encoding' => $user->lang['ENCODING'], - 'post_attachment' => (isset($data['filename_data']['physical_filename']) && sizeof($data['filename_data'])) ? 1 : 0, + 'post_attachment' => (sizeof($data['attachment_data'])) ? 1 : 0, 'bbcode_bitfield' => $data['bbcode_bitfield'], 'bbcode_uid' => $data['bbcode_uid'], 'post_postcount' => ($auth->acl_get('f_postcount', $data['forum_id'])) ? 1 : 0, @@ -1444,7 +1469,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u 'post_edit_user' => (int) $data['post_edit_user'], 'post_checksum' => $data['message_md5'], 'post_encoding' => $user->lang['ENCODING'], - 'post_attachment' => (isset($data['filename_data']['physical_filename']) && sizeof($data['filename_data'])) ? 1 : 0, + 'post_attachment' => (sizeof($data['attachment_data'])) ? 1 : 0, 'bbcode_bitfield' => $data['bbcode_bitfield'], 'bbcode_uid' => $data['bbcode_uid'], 'post_edit_locked' => $data['post_edit_locked']) @@ -1473,7 +1498,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u 'topic_first_poster_colour' => (($user->data['user_id'] != ANONYMOUS) ? $user->data['user_colour'] : ''), 'topic_type' => $topic_type, 'topic_time_limit' => ($topic_type == POST_STICKY || $topic_type == POST_ANNOUNCE) ? ($data['topic_time_limit'] * 86400) : 0, - 'topic_attachment' => (isset($data['filename_data']['physical_filename']) && sizeof($data['filename_data'])) ? 1 : 0 + 'topic_attachment' => (sizeof($data['attachment_data'])) ? 1 : 0, ); if (isset($poll['poll_options']) && !empty($poll['poll_options'])) @@ -1526,7 +1551,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u 'poll_length' => (isset($poll['poll_options'])) ? ($poll['poll_length'] * 86400) : 0, 'poll_vote_change' => (isset($poll['poll_vote_change'])) ? $poll['poll_vote_change'] : 0, - 'topic_attachment' => ($post_mode == 'edit_topic') ? ((isset($data['filename_data']['physical_filename']) && sizeof($data['filename_data'])) ? 1 : 0) : (isset($data['topic_attachment']) ? $data['topic_attachment'] : 0) + 'topic_attachment' => (sizeof($data['attachment_data'])) ? 1 : (isset($data['topic_attachment']) ? $data['topic_attachment'] : 0), ); break; } @@ -1717,64 +1742,78 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u if (sizeof($data['attachment_data']) && $data['post_id'] && in_array($mode, array('post', 'reply', 'quote', 'edit'))) { $space_taken = $files_added = 0; + $orphan_rows = array(); foreach ($data['attachment_data'] as $pos => $attach_row) { - if ($attach_row['attach_id']) + $orphan_rows[(int) $attach_row['attach_id']] = array(); + } + + if (sizeof($orphan_rows)) + { + $sql = 'SELECT attach_id, filesize, physical_filename + FROM ' . ATTACHMENTS_TABLE . ' + WHERE ' . $db->sql_in_set('attach_id', array_keys($orphan_rows)) . ' + AND is_orphan = 1 + AND poster_id = ' . $user->data['user_id']; + $result = $db->sql_query($sql); + + $orphan_rows = array(); + while ($row = $db->sql_fetchrow($result)) + { + $orphan_rows[$row['attach_id']] = $row; + } + $db->sql_freeresult($result); + } + + foreach ($data['attachment_data'] as $pos => $attach_row) + { + if ($attach_row['is_orphan'] && !in_array($attach_row['attach_id'], array_keys($orphan_rows))) + { + continue; + } + + if (!$attach_row['is_orphan']) { // update entry in db if attachment already stored in db and filespace $sql = 'UPDATE ' . ATTACHMENTS_TABLE . " SET attach_comment = '" . $db->sql_escape($attach_row['attach_comment']) . "' - WHERE attach_id = " . (int) $attach_row['attach_id']; + WHERE attach_id = " . (int) $attach_row['attach_id'] . ' + AND is_orphan = 0'; $db->sql_query($sql); } else { // insert attachment into db - if (!@file_exists($phpbb_root_path . $config['upload_path'] . '/' . basename($attach_row['physical_filename']))) + if (!@file_exists($phpbb_root_path . $config['upload_path'] . '/' . basename($orphan_rows[$attach_row['attach_id']]['physical_filename']))) { continue; } + $space_taken += $orphan_rows[$attach_row['attach_id']]['filesize']; + $files_added++; + $attach_sql = array( 'post_msg_id' => $data['post_id'], 'topic_id' => $data['topic_id'], - 'in_message' => 0, + 'is_orphan' => 0, 'poster_id' => $poster_id, - 'physical_filename' => basename($attach_row['physical_filename']), - 'real_filename' => basename($attach_row['real_filename']), 'attach_comment' => $attach_row['attach_comment'], - 'extension' => $attach_row['extension'], - 'mimetype' => $attach_row['mimetype'], - 'filesize' => $attach_row['filesize'], - 'filetime' => $attach_row['filetime'], - 'thumbnail' => $attach_row['thumbnail'] ); - $sql = 'INSERT INTO ' . ATTACHMENTS_TABLE . ' ' . - $db->sql_build_array('INSERT', $attach_sql); + $sql = 'UPDATE ' . ATTACHMENTS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $attach_sql) . ' + WHERE attach_id = ' . $attach_row['attach_id'] . ' + AND is_orphan = 1 + AND poster_id = ' . $user->data['user_id']; $db->sql_query($sql); - - $space_taken += $attach_row['filesize']; - $files_added++; } } - if (sizeof($data['attachment_data'])) + if ($space_taken && $files_added) { - $sql = 'UPDATE ' . POSTS_TABLE . ' - SET post_attachment = 1 - WHERE post_id = ' . $data['post_id']; - $db->sql_query($sql); - - $sql = 'UPDATE ' . TOPICS_TABLE . ' - SET topic_attachment = 1 - WHERE topic_id = ' . $data['topic_id']; - $db->sql_query($sql); + set_config('upload_dir_size', $config['upload_dir_size'] + $space_taken, true); + set_config('num_files', $config['num_files'] + $files_added, true); } - - set_config('upload_dir_size', $config['upload_dir_size'] + $space_taken, true); - set_config('num_files', $config['num_files'] + $files_added, true); } $db->sql_transaction('commit'); diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php index ad6ed9907a..94b6368493 100644 --- a/phpBB/includes/functions_privmsgs.php +++ b/phpBB/includes/functions_privmsgs.php @@ -1324,7 +1324,7 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr 'message_subject' => $subject, 'message_text' => $data['message'], 'message_encoding' => $user->lang['ENCODING'], - 'message_attachment'=> (isset($data['filename_data']['physical_filename']) && sizeof($data['filename_data'])) ? 1 : 0, + 'message_attachment'=> (sizeof($data['attachment_data'])) ? 1 : 0, 'bbcode_bitfield' => $data['bbcode_bitfield'], 'bbcode_uid' => $data['bbcode_uid'], 'to_address' => implode(':', $to), @@ -1343,7 +1343,7 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr 'message_subject' => $subject, 'message_text' => $data['message'], 'message_encoding' => $user->lang['ENCODING'], - 'message_attachment'=> (isset($data['filename_data']['physical_filename']) && sizeof($data['filename_data'])) ? 1 : 0, + 'message_attachment'=> (sizeof($data['attachment_data'])) ? 1 : 0, 'bbcode_bitfield' => $data['bbcode_bitfield'], 'bbcode_uid' => $data['bbcode_uid'] ); @@ -1448,52 +1448,74 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr if (!empty($data['attachment_data']) && $data['msg_id'] && in_array($mode, array('post', 'reply', 'quote', 'quotepost', 'edit', 'forward'))) { $space_taken = $files_added = 0; + $orphan_rows = array(); foreach ($data['attachment_data'] as $pos => $attach_row) { - if ($attach_row['attach_id']) + $orphan_rows[(int) $attach_row['attach_id']] = array(); + } + + if (sizeof($orphan_rows)) + { + $sql = 'SELECT attach_id, filesize, physical_filename + FROM ' . ATTACHMENTS_TABLE . ' + WHERE ' . $db->sql_in_set('attach_id', array_keys($orphan_rows)) . ' + AND in_message = 1 + AND is_orphan = 1 + AND poster_id = ' . $user->data['user_id']; + $result = $db->sql_query($sql); + + $orphan_rows = array(); + while ($row = $db->sql_fetchrow($result)) + { + $orphan_rows[$row['attach_id']] = $row; + } + $db->sql_freeresult($result); + } + + foreach ($data['attachment_data'] as $pos => $attach_row) + { + if ($attach_row['is_orphan'] && !in_array($attach_row['attach_id'], array_keys($orphan_rows))) + { + continue; + } + + if (!$attach_row['is_orphan']) { // update entry in db if attachment already stored in db and filespace - $sql = 'UPDATE ' . ATTACHMENTS_TABLE . " - SET attach_comment = '" . $db->sql_escape($attach_row['attach_comment']) . "' - WHERE attach_id = " . (int) $attach_row['attach_id']; + $sql = 'UPDATE ' . ATTACHMENTS_TABLE . " + SET attach_comment = '" . $db->sql_escape($attach_row['attach_comment']) . "' + WHERE attach_id = " . (int) $attach_row['attach_id'] . ' + AND is_orphan = 0'; $db->sql_query($sql); } else { - // insert attachment into db + // insert attachment into db + if (!@file_exists($phpbb_root_path . $config['upload_path'] . '/' . basename($orphan_rows[$attach_row['attach_id']]['physical_filename']))) + { + continue; + } + + $space_taken += $orphan_rows[$attach_row['attach_id']]['filesize']; + $files_added++; + $attach_sql = array( 'post_msg_id' => $data['msg_id'], 'topic_id' => 0, - 'in_message' => 1, + 'is_orphan' => 0, 'poster_id' => $data['from_user_id'], - 'physical_filename' => basename($attach_row['physical_filename']), - 'real_filename' => basename($attach_row['real_filename']), 'attach_comment' => $attach_row['attach_comment'], - 'extension' => $attach_row['extension'], - 'mimetype' => $attach_row['mimetype'], - 'filesize' => $attach_row['filesize'], - 'filetime' => $attach_row['filetime'], - 'thumbnail' => $attach_row['thumbnail'] ); - $sql = 'INSERT INTO ' . ATTACHMENTS_TABLE . ' ' . - $db->sql_build_array('INSERT', $attach_sql); + $sql = 'UPDATE ' . ATTACHMENTS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $attach_sql) . ' + WHERE attach_id = ' . $attach_row['attach_id'] . ' + AND is_orphan = 1 + AND poster_id = ' . $user->data['user_id']; $db->sql_query($sql); - - $space_taken += $attach_row['filesize']; - $files_added++; } } - if (sizeof($data['attachment_data'])) - { - $sql = 'UPDATE ' . PRIVMSGS_TABLE . ' - SET message_attachment = 1 - WHERE msg_id = ' . $data['msg_id']; - $db->sql_query($sql); - } - if ($space_taken && $files_added) { set_config('upload_dir_size', $config['upload_dir_size'] + $space_taken, true); diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index 9f02c5f74e..cd35254b28 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -221,6 +221,8 @@ class filespec return false; } + +/* // Adjust destination path (no trailing slash) if ($destination{(sizeof($destination)-1)} == '/' || $destination{(sizeof($destination)-1)} == '\\') { @@ -232,13 +234,29 @@ class filespec { $destination = ''; } +*/ + // We need to trust the admin in specifying valid upload directories and an attacker not being able to overwrite it... $this->destination_path = $phpbb_root_path . $destination; + // Check if the destination path exist... + if (!file_exists($this->destination_path)) + { + @unlink($this->filename); + return false; + } + $upload_mode = (@ini_get('open_basedir') || @ini_get('safe_mode')) ? 'move' : 'copy'; $upload_mode = ($this->local) ? 'local' : $upload_mode; $this->destination_file = $this->destination_path . '/' . basename($this->realname); + // Check if the file already exist, else there is something wrong... + if (file_exists($this->destination_file)) + { + @unlink($this->filename); + return false; + } + switch ($upload_mode) { case 'copy': diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 1d41aeb9ba..f25a521ed1 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -469,11 +469,6 @@ function user_active_flip($user_id, $user_type, $user_actkey = false, $username 'user_type' => ($user_type == USER_NORMAL) ? USER_INACTIVE : USER_NORMAL ); - if ($new_group_id == $group_id_ary[$group_name]) - { - $sql_ary['group_id'] = $new_group_id; - } - if ($user_actkey !== false) { $sql_ary['user_actkey'] = $user_actkey; @@ -483,6 +478,10 @@ function user_active_flip($user_id, $user_type, $user_actkey = false, $username WHERE user_id = $user_id"; $db->sql_query($sql); + // Set the users default group from inactive to registered or registered to inactive + // only if the group id changed... + group_set_user_default($new_group_id, array($user_id)); + $auth->acl_clear_prefetch($user_id); if (!$no_log) @@ -1344,7 +1343,21 @@ function avatar_upload($data, &$error) } $file->clean_filename('real', $data['user_id'] . '_'); - $file->move_file($config['avatar_path']); + + $destination = $config['avatar_path']; + + if ($destination{(sizeof($destination)-1)} == '/' || $destination{(sizeof($destination)-1)} == '\\') + { + $destination = substr($destination, 0, sizeof($destination)-2); + } + + $destination = str_replace(array('../', '..\\', './', '.\\'), '', $destination); + if ($destination && ($destination{0} == '/' || $destination{0} == "\\")) + { + $destination = ''; + } + + $file->move_file($destination); if (sizeof($file->error)) { diff --git a/phpBB/includes/mcp/mcp_post.php b/phpBB/includes/mcp/mcp_post.php index 9cb3ec278b..fc8220828c 100644 --- a/phpBB/includes/mcp/mcp_post.php +++ b/phpBB/includes/mcp/mcp_post.php @@ -42,7 +42,7 @@ function mcp_post_details($id, $mode, $action) $whois = user_ipwhois($ip); $whois = preg_replace('#(\s)([\w\-\._\+]+@[\w\-\.]+)(\s)#', '\1<a href="mailto:\2">\2</a>\3', $whois); - $whois = preg_replace('#(\s)(http:/{2}[^\s]*)(\s)#', '\1<a href="\2" target="_blank">\2</a>\3', $whois); + $whois = preg_replace('#(\s)(http:/{2}[^\s]*)(\s)#', '\1<a href="\2">\2</a>\3', $whois); $template->assign_vars(array( 'RETURN_POST' => sprintf($user->lang['RETURN_POST'], '<a href="' . append_sid("{$phpbb_root_path}mcp.$phpEx", "i=$id&mode=$mode&p=$post_id") . '">', '</a>'), diff --git a/phpBB/includes/mcp/mcp_topic.php b/phpBB/includes/mcp/mcp_topic.php index 466459415d..b0d883e7e5 100644 --- a/phpBB/includes/mcp/mcp_topic.php +++ b/phpBB/includes/mcp/mcp_topic.php @@ -180,7 +180,7 @@ function mcp_topic_view($id, $mode, $action) 'U_VIEWTOPIC' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $topic_info['forum_id'] . '&t=' . $topic_info['topic_id']), 'TO_TOPIC_ID' => $to_topic_id, - 'TO_TOPIC_INFO' => ($to_topic_id) ? sprintf($user->lang['YOU_SELECTED_TOPIC'], $to_topic_id, '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $to_topic_info['forum_id'] . '&t=' . $to_topic_id) . '" target="_new">' . $to_topic_info['topic_title'] . '</a>') : '', + 'TO_TOPIC_INFO' => ($to_topic_id) ? sprintf($user->lang['YOU_SELECTED_TOPIC'], $to_topic_id, '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $to_topic_info['forum_id'] . '&t=' . $to_topic_id) . '">' . $to_topic_info['topic_title'] . '</a>') : '', 'SPLIT_SUBJECT' => $subject, 'POSTS_PER_PAGE' => $posts_per_page, diff --git a/phpBB/includes/mcp/mcp_warn.php b/phpBB/includes/mcp/mcp_warn.php index 9a6ae1ab8f..02eb316ed8 100755 --- a/phpBB/includes/mcp/mcp_warn.php +++ b/phpBB/includes/mcp/mcp_warn.php @@ -403,7 +403,7 @@ function add_warning($userrow, $warning, $send_pm = true, $post_id = 0) $message_parser = new parse_message(); $message_parser->message = sprintf($lang['WARNING_PM_BODY'], $warning); - $message_parser->parse(true, true, true, false, false, true); + $message_parser->parse(true, true, true, false, false, true, true); $pm_data = array( 'from_user_id' => $user->data['user_id'], diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index 84dbd7370f..70d6e13f4d 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -364,15 +364,11 @@ class bbcode_firstpass extends bbcode // We remove the hardcoded elements from the code block here because it is not used in code blocks // Having it here saves us one preg_replace per message containing [code] blocks // Additionally, magic url parsing should go after parsing bbcodes, but for safety those are stripped out too... - $htm_match = array( - '#<!\-\- e \-\-><a href="mailto:(.*?)">.*?</a><!\-\- e \-\->#', - '#<!\-\- m \-\-><a href="(.*?)" target="_blank">.*?</a><!\-\- m \-\->#', - '#<!\-\- w \-\-><a href="http:\/\/(.*?)" target="_blank">.*?</a><!\-\- w \-\->#', - '#<!\-\- l \-\-><a href="(.*?)">.*?</a><!\-\- l \-\->#', - '#<!\-\- s(.*?) \-\-><img src="\{SMILIES_PATH\}\/.*? \/><!\-\- s\1 \-\->#', - '#&\#([0-9]+);#', - ); - $htm_replace = array('\1', '\1', '\1', '\1', '\1', '&#\1;'); + $htm_match = get_preg_expression('bbcode_htm'); + $htm_match[3] = '#&\#([0-9]+);#'; + unset($htm_match[4]); + + $htm_replace = array('\1', '\2', '\1', '&#\1;'); $out = ''; @@ -853,6 +849,7 @@ class parse_message extends bbcode_firstpass var $allow_img_bbcode = true; var $allow_flash_bbcode = true; var $allow_quote_bbcode = true; + var $allow_url_bbcode = true; var $mode; @@ -873,7 +870,7 @@ class parse_message extends bbcode_firstpass /** * Parse Message */ - function parse($allow_bbcode, $allow_magic_url, $allow_smilies, $allow_img_bbcode = true, $allow_flash_bbcode = true, $allow_quote_bbcode = true, $update_this_message = true, $mode = 'post') + function parse($allow_bbcode, $allow_magic_url, $allow_smilies, $allow_img_bbcode = true, $allow_flash_bbcode = true, $allow_quote_bbcode = true, $allow_url_bbcode = true, $update_this_message = true, $mode = 'post') { global $config, $db, $user; @@ -884,6 +881,7 @@ class parse_message extends bbcode_firstpass $this->allow_img_bbcode = $allow_img_bbcode; $this->allow_flash_bbcode = $allow_flash_bbcode; $this->allow_quote_bbcode = $allow_quote_bbcode; + $this->allow_url_bbcode = $allow_url_bbcode; // If false, then $this->message won't be altered, the text will be returned instead. if (!$update_this_message) @@ -920,7 +918,7 @@ class parse_message extends bbcode_firstpass if ($allow_bbcode && strpos($this->message, '[') !== false) { $this->bbcode_init(); - $disallow = array('img', 'flash', 'quote'); + $disallow = array('img', 'flash', 'quote', 'url'); foreach ($disallow as $bool) { if (!${'allow_' . $bool . '_bbcode'}) @@ -991,7 +989,7 @@ class parse_message extends bbcode_firstpass if ($this->message_status == 'plain') { // Force updating message - of course. - $this->parse($allow_bbcode, $allow_magic_url, $allow_smilies, $this->allow_img_bbcode, $this->allow_flash_bbcode, $this->allow_quote_bbcode, true); + $this->parse($allow_bbcode, $allow_magic_url, $allow_smilies, $this->allow_img_bbcode, $this->allow_flash_bbcode, $this->allow_quote_bbcode, $this->allow_url_bbcode, true); } // Parse BBcode @@ -1100,7 +1098,7 @@ class parse_message extends bbcode_firstpass { // (assertion) $match[] = '#(?<=^|[\n ]|\.)' . preg_quote($row['code'], '#') . '#'; - $replace[] = '<!-- s' . $row['code'] . ' --><img src="{SMILIES_PATH}/' . $row['smiley_url'] . '" border="0" alt="' . $row['emotion'] . '" title="' . $row['emotion'] . '" /><!-- s' . $row['code'] . ' -->'; + $replace[] = '<!-- s' . $row['code'] . ' --><img src="{SMILIES_PATH}/' . $row['smiley_url'] . '" alt="' . $row['emotion'] . '" title="' . $row['emotion'] . '" /><!-- s' . $row['code'] . ' -->'; } $db->sql_freeresult($result); } @@ -1127,7 +1125,7 @@ class parse_message extends bbcode_firstpass */ function parse_attachments($form_name, $mode, $forum_id, $submit, $preview, $refresh, $is_message = false) { - global $config, $auth, $user, $phpbb_root_path, $phpEx; + global $config, $auth, $user, $phpbb_root_path, $phpEx, $db; $error = array(); @@ -1152,7 +1150,7 @@ class parse_message extends bbcode_firstpass if ($filedata['post_attach'] && !sizeof($error)) { - $new_entry = array( + $sql_ary = array( 'physical_filename' => $filedata['physical_filename'], 'attach_comment' => $this->filename_data['filecomment'], 'real_filename' => $filedata['real_filename'], @@ -1160,8 +1158,19 @@ class parse_message extends bbcode_firstpass 'mimetype' => $filedata['mimetype'], 'filesize' => $filedata['filesize'], 'filetime' => $filedata['filetime'], - 'attach_id' => 0, - 'thumbnail' => $filedata['thumbnail'] + 'thumbnail' => $filedata['thumbnail'], + 'is_orphan' => 1, + 'in_message' => ($is_message) ? 1 : 0, + 'poster_id' => $user->data['user_id'], + ); + + $db->sql_query('INSERT INTO ' . ATTACHMENTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary)); + + $new_entry = array( + 'attach_id' => $db->sql_nextid(), + 'is_orphan' => 1, + 'real_filename' => $filedata['real_filename'], + 'attach_comment'=> $this->filename_data['filecomment'], ); $this->attachment_data = array_merge(array(0 => $new_entry), $this->attachment_data); @@ -1195,26 +1204,44 @@ class parse_message extends bbcode_firstpass $index = (int) key($_POST['delete_file']); - // delete selected attachment - if (!$this->attachment_data[$index]['attach_id']) + if (!empty($this->attachment_data[$index])) { - phpbb_unlink($this->attachment_data[$index]['physical_filename'], 'file'); - if ($this->attachment_data[$index]['thumbnail']) + // delete selected attachment + if ($this->attachment_data[$index]['is_orphan']) { - phpbb_unlink($this->attachment_data[$index]['physical_filename'], 'thumbnail'); + $sql = 'SELECT attach_id, physical_filename, thumbnail + FROM ' . ATTACHMENTS_TABLE . ' + WHERE attach_id = ' . (int) $this->attachment_data[$index]['attach_id'] . ' + AND is_orphan = 1 + AND poster_id = ' . $user->data['user_id']; + $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + if ($row) + { + phpbb_unlink($row['physical_filename'], 'file'); + + if ($row['thumbnail']) + { + phpbb_unlink($row['physical_filename'], 'thumbnail'); + } + + $db->sql_query('DELETE FROM ' . ATTACHMENTS_TABLE . ' WHERE attach_id = ' . (int) $this->attachment_data[$index]['attach_id']); + } + } + else + { + delete_attachments('attach', array(intval($this->attachment_data[$index]['attach_id']))); } - } - else - { - delete_attachments('attach', array(intval($this->attachment_data[$index]['attach_id']))); - } - unset($this->attachment_data[$index]); - $this->message = preg_replace('#\[attachment=([0-9]+)\](.*?)\[\/attachment\]#e', "(\\1 == \$index) ? '' : ((\\1 > \$index) ? '[attachment=' . (\\1 - 1) . ']\\2[/attachment]' : '\\0')", $this->message); + unset($this->attachment_data[$index]); + $this->message = preg_replace('#\[attachment=([0-9]+)\](.*?)\[\/attachment\]#e', "(\\1 == \$index) ? '' : ((\\1 > \$index) ? '[attachment=' . (\\1 - 1) . ']\\2[/attachment]' : '\\0')", $this->message); - // Reindex Array - $this->attachment_data = array_values($this->attachment_data); + // Reindex Array + $this->attachment_data = array_values($this->attachment_data); + } } else if ($edit_comment || $add_file || $preview) { @@ -1236,7 +1263,7 @@ class parse_message extends bbcode_firstpass if (!sizeof($error)) { - $new_entry = array( + $sql_ary = array( 'physical_filename' => $filedata['physical_filename'], 'attach_comment' => $this->filename_data['filecomment'], 'real_filename' => $filedata['real_filename'], @@ -1244,8 +1271,19 @@ class parse_message extends bbcode_firstpass 'mimetype' => $filedata['mimetype'], 'filesize' => $filedata['filesize'], 'filetime' => $filedata['filetime'], - 'attach_id' => 0, - 'thumbnail' => $filedata['thumbnail'] + 'thumbnail' => $filedata['thumbnail'], + 'is_orphan' => 1, + 'in_message' => ($is_message) ? 1 : 0, + 'poster_id' => $user->data['user_id'], + ); + + $db->sql_query('INSERT INTO ' . ATTACHMENTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary)); + + $new_entry = array( + 'attach_id' => $db->sql_nextid(), + 'is_orphan' => 1, + 'real_filename' => $filedata['real_filename'], + 'attach_comment'=> $this->filename_data['filecomment'], ); $this->attachment_data = array_merge(array(0 => $new_entry), $this->attachment_data); @@ -1275,99 +1313,83 @@ class parse_message extends bbcode_firstpass global $user, $db, $phpbb_root_path, $phpEx, $config; $this->filename_data['filecomment'] = request_var('filecomment', '', true); - $this->attachment_data = (isset($_POST['attachment_data'])) ? $_POST['attachment_data'] : array(); + $attachment_data = (isset($_POST['attachment_data'])) ? $_POST['attachment_data'] : array(); + $this->attachment_data = array(); $check_user_id = ($check_user_id === false) ? $user->data['user_id'] : $check_user_id; - // Regenerate data array... - $attach_ids = $filenames = array(); + if (!sizeof($attachment_data)) + { + return; + } + + $not_orphan = $orphan = array(); - foreach ($this->attachment_data as $pos => $var_ary) + foreach ($attachment_data as $pos => $var_ary) { - if ($var_ary['attach_id']) + if ($var_ary['is_orphan']) { - $attach_ids[(int) $this->attachment_data[$pos]['attach_id']] = $pos; + $orphan[(int) $var_ary['attach_id']] = $pos; } else { - $filenames[$pos] = ''; - set_var($filenames[$pos], $this->attachment_data[$pos]['physical_filename'], 'string'); - $filenames[$pos] = basename($filenames[$pos]); + $not_orphan[(int) $var_ary['attach_id']] = $pos; } } - $this->attachment_data = array(); - - // Regenerate already posted attachments... - if (sizeof($attach_ids)) + // Regenerate already posted attachments + if (sizeof($not_orphan)) { - // Get the data from the attachments - $sql = 'SELECT attach_id, physical_filename, real_filename, extension, mimetype, filesize, filetime, thumbnail + // Get the attachment data, based on the poster id... + $sql = 'SELECT attach_id, is_orphan, real_filename, attach_comment FROM ' . ATTACHMENTS_TABLE . ' - WHERE ' . $db->sql_in_set('attach_id', array_keys($attach_ids)) . ' + WHERE ' . $db->sql_in_set('attach_id', array_keys($not_orphan)) . ' AND poster_id = ' . $check_user_id; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { - if (isset($attach_ids[$row['attach_id']])) - { - $pos = $attach_ids[$row['attach_id']]; - $this->attachment_data[$pos] = $row; - set_var($this->attachment_data[$pos]['attach_comment'], $_POST['attachment_data'][$pos]['attach_comment'], 'string', true); + $pos = $not_orphan[$row['attach_id']]; + $this->attachment_data[$pos] = $row; + set_var($this->attachment_data[$pos]['attach_comment'], $_POST['attachment_data'][$pos]['attach_comment'], 'string', true); - unset($attach_ids[$row['attach_id']]); - } + unset($not_orphan[$row['attach_id']]); } $db->sql_freeresult($result); + } - if (sizeof($attach_ids)) - { - trigger_error($user->lang['NO_ACCESS_ATTACHMENT'], E_USER_ERROR); - } + if (sizeof($not_orphan)) + { + trigger_error($user->lang['NO_ACCESS_ATTACHMENT'], E_USER_ERROR); } // Regenerate newly uploaded attachments - if (sizeof($filenames)) + if (sizeof($orphan)) { - include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx); - - $sql = 'SELECT attach_id + $sql = 'SELECT attach_id, is_orphan, real_filename, attach_comment FROM ' . ATTACHMENTS_TABLE . ' - WHERE ' . $db->sql_in_set('LOWER(physical_filename)', array_map('strtolower', $filenames)); - $result = $db->sql_query_limit($sql, 1); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); - - if ($row) - { - trigger_error($user->lang['NO_ACCESS_ATTACHMENT'], E_USER_ERROR); - } + WHERE ' . $db->sql_in_set('attach_id', array_keys($orphan)) . ' + AND poster_id = ' . $user->data['user_id'] . ' + AND is_orphan = 1'; + $result = $db->sql_query($sql); - foreach ($filenames as $pos => $physical_filename) + while ($row = $db->sql_fetchrow($result)) { - $this->attachment_data[$pos] = array( - 'physical_filename' => $physical_filename, - 'extension' => strtolower(filespec::get_extension($phpbb_root_path . $config['upload_path'] . '/' . $physical_filename)), - 'filesize' => filespec::get_filesize($phpbb_root_path . $config['upload_path'] . '/' . $physical_filename), - 'attach_id' => 0, - 'thumbnail' => (file_exists($phpbb_root_path . $config['upload_path'] . '/thumb_' . $physical_filename)) ? 1 : 0, - ); - + $pos = $orphan[$row['attach_id']]; + $this->attachment_data[$pos] = $row; set_var($this->attachment_data[$pos]['attach_comment'], $_POST['attachment_data'][$pos]['attach_comment'], 'string', true); - set_var($this->attachment_data[$pos]['real_filename'], $_POST['attachment_data'][$pos]['real_filename'], 'string', true); - set_var($this->attachment_data[$pos]['filetime'], $_POST['attachment_data'][$pos]['filetime'], 'int'); - if (strpos($_POST['attachment_data'][$pos]['mimetype'], 'image/') !== false) - { - set_var($this->attachment_data[$pos]['mimetype'], $_POST['attachment_data'][$pos]['mimetype'], 'string'); - } - else - { - $this->attachment_data[$pos]['mimetype'] = filespec::get_mimetype($phpbb_root_path . $config['upload_path'] . '/' . $physical_filename); - } + unset($orphan[$row['attach_id']]); } + $db->sql_freeresult($result); + } + + if (sizeof($orphan)) + { + trigger_error($user->lang['NO_ACCESS_ATTACHMENT'], E_USER_ERROR); } + + ksort($this->attachment_data); } /** @@ -1384,8 +1406,7 @@ class parse_message extends bbcode_firstpass $this->message = $poll['poll_option_text']; - $poll['poll_option_text'] = $this->parse($poll['enable_bbcode'], $poll['enable_urls'], $poll['enable_smilies'], $poll['img_status'], false, false, false); - + $poll['poll_option_text'] = $this->parse($poll['enable_bbcode'], ($config['allow_post_links']) ? $poll['enable_urls'] : false, $poll['enable_smilies'], $poll['img_status'], false, false, $config['allow_post_links'], false); $this->message = $tmp_message; @@ -1394,8 +1415,7 @@ class parse_message extends bbcode_firstpass $this->message = $poll['poll_title']; - $poll['poll_title'] = $this->parse($poll['enable_bbcode'], $poll['enable_urls'], $poll['enable_smilies'], $poll['img_status'], false, false, false); - + $poll['poll_title'] = $this->parse($poll['enable_bbcode'], ($config['allow_post_links']) ? $poll['enable_urls'] : false, $poll['enable_smilies'], $poll['img_status'], false, false, $config['allow_post_links'], false); $this->message = $tmp_message; diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 5549606bcc..458eb44b40 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -405,9 +405,21 @@ class session $this->cookie_data['k'] = ''; $this->cookie_data['u'] = ($bot) ? $bot : ANONYMOUS; - $sql = 'SELECT * - FROM ' . USERS_TABLE . ' - WHERE user_id = ' . (int) $this->cookie_data['u']; + if (!$bot) + { + $sql = 'SELECT * + FROM ' . USERS_TABLE . ' + WHERE user_id = ' . (int) $this->cookie_data['u']; + } + else + { + // We give bots always the same session if it is not yet expired. + $sql = 'SELECT u.*, s.* + FROM ' . USERS_TABLE . ' u + LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id) + WHERE u.user_id = ' . (int) $bot; + } + $result = $db->sql_query($sql); $this->data = $db->sql_fetchrow($result); $db->sql_freeresult($result); @@ -440,6 +452,47 @@ class session // // + // If our friend is a bot, we re-assign a previously assigned session + if ($this->data['is_bot'] && $bot === $this->data['user_id'] && $this->data['session_id']) + { + // Only assign the current session if the ip and browser match... + $s_ip = implode('.', array_slice(explode('.', $this->data['session_ip']), 0, $config['ip_check'])); + $u_ip = implode('.', array_slice(explode('.', $this->ip), 0, $config['ip_check'])); + + $s_browser = ($config['browser_check']) ? strtolower(substr($this->data['session_browser'], 0, 149)) : ''; + $u_browser = ($config['browser_check']) ? strtolower(substr($this->browser, 0, 149)) : ''; + + if ($u_ip === $s_ip && $s_browser === $u_browser) + { + $this->session_id = $this->data['session_id']; + + // Only update session DB a minute or so after last update or if page changes + if ($this->time_now - $this->data['session_time'] > 60 || ($this->update_session_page && $this->data['session_page'] != $this->page['page'])) + { + $sql_ary = array('session_time' => $this->time_now, 'session_last_visit' => $this->time_now, 'session_admin' => 0); + + if ($this->update_session_page) + { + $sql_ary['session_page'] = substr($this->page['page'], 0, 199); + } + + $sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " + WHERE session_id = '" . $db->sql_escape($this->session_id) . "'"; + $db->sql_query($sql); + } + + $SID = '?sid='; + $_SID = ''; + + return true; + } + else + { + // If the ip and browser does not match make sure we only have one bot assigned to one session + $db->sql_query('DELETE FROM ' . SESSIONS_TABLE . ' WHERE session_user_id = ' . $this->data['user_id']); + } + } + // @todo Change this ... check for "... && user_type & USER_NORMAL" ? $session_autologin = (($this->cookie_data['k'] || $persist_login) && $this->data['is_registered']) ? true : false; @@ -516,6 +569,11 @@ class session unset($cookie_expire); } + else + { + $SID = '?sid='; + $_SID = ''; + } return true; } diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php index 47403c83da..2d867177d5 100644 --- a/phpBB/includes/ucp/ucp_groups.php +++ b/phpBB/includes/ucp/ucp_groups.php @@ -723,7 +723,8 @@ class ucp_groups 'PAGINATION' => generate_pagination($this->u_action . "&action=$action&g=$group_id", $total_members, $config['topics_per_page'], $start, true), 'U_ACTION' => $this->u_action . "&g=$group_id", - 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=ucp&field=usernames')) + 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=ucp&field=usernames'), + 'UA_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=ucp&field=usernames', false)) ); break; diff --git a/phpBB/includes/ucp/ucp_pm.php b/phpBB/includes/ucp/ucp_pm.php index ace879c3d9..18b8bbfff2 100644 --- a/phpBB/includes/ucp/ucp_pm.php +++ b/phpBB/includes/ucp/ucp_pm.php @@ -96,7 +96,7 @@ class ucp_pm $template->assign_vars(array( 'MESSAGE' => $l_new_message, 'S_NOT_LOGGED_IN' => ($user->data['user_id'] == ANONYMOUS) ? true : false, - 'CLICK_TO_VIEW' => sprintf($user->lang['CLICK_VIEW_PRIVMSG'], '<a href="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&folder=inbox') . '" onclick="jump_to_inbox();return false;" target="_new">', '</a>'), + 'CLICK_TO_VIEW' => sprintf($user->lang['CLICK_VIEW_PRIVMSG'], '<a href="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&folder=inbox') . '" onclick="jump_to_inbox(); return false;">', '</a>'), 'U_INBOX' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&folder=inbox'), 'UA_INBOX' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&folder=inbox', false)) ); diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index cd495535ec..e8a7a4a538 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -307,19 +307,21 @@ function compose_pm($id, $mode, $action) $error[] = $user->lang['TOO_MANY_RECIPIENTS']; } + // Always check if the submitted attachment data is valid and belongs to the user. + // Further down (especially in submit_post()) we do not check this again. $message_parser->get_submitted_attachment_data(); if ($message_attachment && !$submit && !$refresh && !$preview && $action == 'edit') { - $sql = 'SELECT attach_id, physical_filename, attach_comment, real_filename, extension, mimetype, filesize, filetime, thumbnail + // Do not change to SELECT * + $sql = 'SELECT attach_id, is_orphan, attach_comment, real_filename FROM ' . ATTACHMENTS_TABLE . " WHERE post_msg_id = $msg_id AND in_message = 1 - ORDER BY filetime " . ((!$config['display_order']) ? 'DESC' : 'ASC'); + AND is_orphan = 0 + ORDER BY filetime " . ((!$config['display_order']) ? 'DESC' : 'ASC'); $result = $db->sql_query($sql); - $message_parser->attachment_data = array_merge($message_parser->attachment_data, $db->sql_fetchrowset($result)); - $db->sql_freeresult($result); } @@ -361,6 +363,7 @@ function compose_pm($id, $mode, $action) $smilies_status = ($config['allow_smilies'] && $config['auth_smilies_pm'] && $auth->acl_get('u_pm_smilies')) ? true : false; $img_status = ($config['auth_img_pm'] && $auth->acl_get('u_pm_img')) ? true : false; $flash_status = ($config['auth_flash_pm'] && $auth->acl_get('u_pm_flash')) ? true : false; + $url_status = ($config['allow_post_links']) ? true : false; // Save Draft if ($save && $auth->acl_get('u_savedrafts')) @@ -473,7 +476,7 @@ function compose_pm($id, $mode, $action) $message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true); // Parse message - $message_parser->parse($enable_bbcode, $enable_urls, $enable_smilies, $img_status, $flash_status, true); + $message_parser->parse($enable_bbcode, ($config['allow_post_links']) ? $enable_urls : false, $enable_smilies, $img_status, $flash_status, true, $config['allow_sig_links']); if ($action != 'edit' && !$preview && !$refresh && $config['flood_interval'] && !$auth->acl_get('u_ignoreflood')) { @@ -604,7 +607,14 @@ function compose_pm($id, $mode, $action) if ($action == 'quotepost') { $post_id = request_var('p', 0); - $message_link = "[url=" . generate_board_url() . "/viewtopic.$phpEx?p={$post_id}#p{$post_id}]{$message_subject}[/url]\n"; + if ($config['allow_post_links']) + { + $message_link = "[url=" . generate_board_url() . "/viewtopic.$phpEx?p={$post_id}#p{$post_id}]{$message_subject}[/url]\n\n"; + } + else + { + $message_link = $user->lang['SUBJECT'] . ': ' . $message_subject . " (" . generate_board_url() . "/viewtopic.$phpEx?p={$post_id}#p{$post_id})\n\n"; + } } else { @@ -622,14 +632,23 @@ function compose_pm($id, $mode, $action) { $fwd_to_field = write_pm_addresses(array('to' => $post['to_address']), 0, true); + if ($config['allow_post_links']) + { + $quote_username_text = '[url=' . generate_board_url() . "/memberlist.$phpEx?mode=viewprofile&u={$post['author_id']}]{$quote_username}[/url]"; + } + else + { + $quote_username_text = $quote_username . ' (' . generate_board_url() . "/memberlist.$phpEx?mode=viewprofile&u={$post['author_id']})"; + } + $forward_text = array(); $forward_text[] = $user->lang['FWD_ORIGINAL_MESSAGE']; $forward_text[] = sprintf($user->lang['FWD_SUBJECT'], censor_text($message_subject)); $forward_text[] = sprintf($user->lang['FWD_DATE'], $user->format_date($message_time)); - $forward_text[] = sprintf($user->lang['FWD_FROM'], $quote_username); + $forward_text[] = sprintf($user->lang['FWD_FROM'], $quote_username_text); $forward_text[] = sprintf($user->lang['FWD_TO'], implode(', ', $fwd_to_field['to'])); - $message_parser->message = implode("\n", $forward_text) . "\n\n[quote=\"[url=" . generate_board_url() . "/memberlist.$phpEx?mode=viewprofile&u={$post['author_id']}]{$quote_username}[/url]\"]\n" . censor_text(trim($message_parser->message)) . "\n[/quote]"; + $message_parser->message = implode("\n", $forward_text) . "\n\n[quote=\"{$quote_username}\"]\n" . censor_text(trim($message_parser->message)) . "\n[/quote]"; $message_subject = ((!preg_match('/^Fwd:/', $message_subject)) ? 'Fwd: ' : '') . censor_text($message_subject); } @@ -783,10 +802,11 @@ function compose_pm($id, $mode, $action) 'SUBJECT' => (isset($message_subject)) ? $message_subject : '', 'MESSAGE' => $message_text, - 'BBCODE_STATUS' => ($bbcode_status) ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '" onclick="target=\'_phpbbcode\';">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '" onclick="target=\'_phpbbcode\';">', '</a>'), + 'BBCODE_STATUS' => ($bbcode_status) ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '">', '</a>'), 'IMG_STATUS' => ($img_status) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'], 'FLASH_STATUS' => ($flash_status) ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'], 'SMILIES_STATUS' => ($smilies_status) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'], + 'URL_STATUS' => ($url_status) ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'], 'MINI_POST_IMG' => $user->img('icon_post_target', $user->lang['PM']), 'ERROR' => (sizeof($error)) ? implode('<br />', $error) : '', @@ -798,6 +818,7 @@ function compose_pm($id, $mode, $action) 'S_SMILIES_CHECKED' => ($smilies_checked) ? ' checked="checked"' : '', 'S_SIG_ALLOWED' => ($config['allow_sig'] && $auth->acl_get('u_sig')), 'S_SIGNATURE_CHECKED' => ($sig_checked) ? ' checked="checked"' : '', + 'S_LINKS_ALLOWED' => $url_status, 'S_MAGIC_URL_CHECKED' => ($urls_checked) ? ' checked="checked"' : '', 'S_SAVE_ALLOWED' => $auth->acl_get('u_savedrafts'), 'S_HAS_DRAFTS' => ($auth->acl_get('u_savedrafts') && $drafts), @@ -806,6 +827,7 @@ function compose_pm($id, $mode, $action) 'S_BBCODE_IMG' => $img_status, 'S_BBCODE_FLASH' => $flash_status, 'S_BBCODE_QUOTE' => true, + 'S_BBCODE_URL' => $url_status, 'S_POST_ACTION' => $s_action, 'S_HIDDEN_ADDRESS_FIELD' => $s_hidden_address_field, diff --git a/phpBB/includes/ucp/ucp_pm_options.php b/phpBB/includes/ucp/ucp_pm_options.php index c9e911b5f4..72af30fa21 100644 --- a/phpBB/includes/ucp/ucp_pm_options.php +++ b/phpBB/includes/ucp/ucp_pm_options.php @@ -433,7 +433,8 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit 'DEFAULT_ACTION' => ($config['full_folder_action'] == 1) ? $user->lang['DELETE_OLDEST_MESSAGES'] : $user->lang['HOLD_NEW_MESSAGES'], - 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=ucp&field=rule_string')) + 'U_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=ucp&field=rule_string'), + 'UA_FIND_USERNAME' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=ucp&field=rule_string', true)) ); $rule_lang = $action_lang = $check_lang = array(); diff --git a/phpBB/includes/ucp/ucp_pm_viewmessage.php b/phpBB/includes/ucp/ucp_pm_viewmessage.php index 5e6917073f..ad386ea4b5 100644 --- a/phpBB/includes/ucp/ucp_pm_viewmessage.php +++ b/phpBB/includes/ucp/ucp_pm_viewmessage.php @@ -435,7 +435,7 @@ function get_user_informations($user_id, $user_row) } $avatar_img .= $user_row['user_avatar']; - $user_row['avatar'] = '<img src="' . $avatar_img . '" width="' . $user_row['user_avatar_width'] . '" height="' . $user_row['user_avatar_height'] . '" border="0" alt="" />'; + $user_row['avatar'] = '<img src="' . $avatar_img . '" width="' . $user_row['user_avatar_width'] . '" height="' . $user_row['user_avatar_height'] . '" alt="' . $user->lang['USER_AVATAR'] . '" />'; } $user_row['rank_title'] = $user_row['rank_image'] = ''; @@ -443,7 +443,7 @@ function get_user_informations($user_id, $user_row) if (!empty($user_row['user_rank'])) { $user_row['rank_title'] = (isset($ranks['special'][$user_row['user_rank']])) ? $ranks['special'][$user_row['user_rank']]['rank_title'] : ''; - $user_row['rank_image'] = (!empty($ranks['special'][$user_row['user_rank']]['rank_image'])) ? '<img src="' . $config['ranks_path'] . '/' . $ranks['special'][$user_row['user_rank']]['rank_image'] . '" border="0" alt="' . $ranks['special'][$user_row['user_rank']]['rank_title'] . '" title="' . $ranks['special'][$user_row['user_rank']]['rank_title'] . '" /><br />' : ''; + $user_row['rank_image'] = (!empty($ranks['special'][$user_row['user_rank']]['rank_image'])) ? '<img src="' . $config['ranks_path'] . '/' . $ranks['special'][$user_row['user_rank']]['rank_image'] . '" alt="' . $ranks['special'][$user_row['user_rank']]['rank_title'] . '" title="' . $ranks['special'][$user_row['user_rank']]['rank_title'] . '" /><br />' : ''; } else { @@ -454,7 +454,7 @@ function get_user_informations($user_id, $user_row) if ($user_row['user_posts'] >= $rank['rank_min']) { $user_row['rank_title'] = $rank['rank_title']; - $user_row['rank_image'] = (!empty($rank['rank_image'])) ? '<img src="' . $config['ranks_path'] . '/' . $rank['rank_image'] . '" border="0" alt="' . $rank['rank_title'] . '" title="' . $rank['rank_title'] . '" /><br />' : ''; + $user_row['rank_image'] = (!empty($rank['rank_image'])) ? '<img src="' . $config['ranks_path'] . '/' . $rank['rank_image'] . '" alt="' . $rank['rank_title'] . '" title="' . $rank['rank_title'] . '" /><br />' : ''; break; } } diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php index eec8d4c3da..e070ba8453 100644 --- a/phpBB/includes/ucp/ucp_profile.php +++ b/phpBB/includes/ucp/ucp_profile.php @@ -428,7 +428,7 @@ class ucp_profile $message_parser = new parse_message($signature); // Allowing Quote BBCode - $message_parser->parse($enable_bbcode, $enable_urls, $enable_smilies, $config['allow_sig_img'], $config['allow_sig_flash'], true, true, 'sig'); + $message_parser->parse($enable_bbcode, ($config['allow_sig_links']) ? $enable_urls : false, $enable_smilies, $config['allow_sig_img'], $config['allow_sig_flash'], true, $config['allow_sig_links'], true, 'sig'); if (sizeof($message_parser->warn_msg)) { @@ -476,17 +476,19 @@ class ucp_profile 'S_SMILIES_CHECKED' => (!$enable_smilies) ? 'checked="checked"' : '', 'S_MAGIC_URL_CHECKED' => (!$enable_urls) ? 'checked="checked"' : '', - 'BBCODE_STATUS' => ($config['allow_sig_bbcode']) ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '" onclick="target=\'_phpbbcode\';">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '" onclick="target=\'_phpbbcode\';">', '</a>'), + 'BBCODE_STATUS' => ($config['allow_sig_bbcode']) ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '">', '</a>'), 'SMILIES_STATUS' => ($config['allow_sig_smilies']) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'], 'IMG_STATUS' => ($config['allow_sig_img']) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'], 'FLASH_STATUS' => ($config['allow_sig_flash']) ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'], + 'URL_STATUS' => ($config['allow_sig_links']) ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'], 'L_SIGNATURE_EXPLAIN' => sprintf($user->lang['SIGNATURE_EXPLAIN'], $config['max_sig_chars']), 'S_BBCODE_ALLOWED' => $config['allow_sig_bbcode'], 'S_SMILIES_ALLOWED' => $config['allow_sig_smilies'], 'S_BBCODE_IMG' => ($config['allow_sig_img']) ? true : false, - 'S_BBCODE_FLASH' => ($config['allow_sig_flash']) ? true : false) + 'S_BBCODE_FLASH' => ($config['allow_sig_flash']) ? true : false, + 'S_LINKS_ALLOWED' => ($config['allow_sig_links']) ? true : false) ); // Build custom bbcodes array |