diff options
Diffstat (limited to 'phpBB/includes')
44 files changed, 848 insertions, 419 deletions
diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index 58b55eeddb..d537885ef1 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -88,6 +88,7 @@ class acp_board 'allow_nocensors' => array('lang' => 'ALLOW_NO_CENSORS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'allow_bookmarks' => array('lang' => 'ALLOW_BOOKMARKS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'allow_birthdays' => array('lang' => 'ALLOW_BIRTHDAYS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), + 'display_last_subject' => array('lang' => 'DISPLAY_LAST_SUBJECT', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'allow_quick_reply' => array('lang' => 'ALLOW_QUICK_REPLY', 'validate' => 'bool', 'type' => 'custom', 'method' => 'quick_reply', 'explain' => true), 'legend2' => 'ACP_LOAD_SETTINGS', @@ -98,7 +99,6 @@ class acp_board 'load_cpf_pm' => array('lang' => 'LOAD_CPF_PM', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), 'load_cpf_viewprofile' => array('lang' => 'LOAD_CPF_VIEWPROFILE', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), 'load_cpf_viewtopic' => array('lang' => 'LOAD_CPF_VIEWTOPIC', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), - 'load_jquery_cdn' => array('lang' => 'LOAD_JQUERY_CDN', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'legend3' => 'ACP_SUBMIT_CHANGES', ) @@ -324,7 +324,8 @@ class acp_board 'load_moderators' => array('lang' => 'YES_MODERATORS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), 'load_jumpbox' => array('lang' => 'YES_JUMPBOX', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), 'load_user_activity' => array('lang' => 'LOAD_USER_ACTIVITY', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), - 'load_tplcompile' => array('lang' => 'RECOMPILE_STYLES', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), + 'load_tplcompile' => array('lang' => 'RECOMPILE_STYLES', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), + 'load_jquery_cdn' => array('lang' => 'LOAD_JQUERY_CDN', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'legend3' => 'CUSTOM_PROFILE_FIELDS', 'load_cpf_memberlist' => array('lang' => 'LOAD_CPF_MEMBERLIST', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), diff --git a/phpBB/includes/acp/acp_database.php b/phpBB/includes/acp/acp_database.php index e66fd850c6..ebcbd28a87 100644 --- a/phpBB/includes/acp/acp_database.php +++ b/phpBB/includes/acp/acp_database.php @@ -20,6 +20,7 @@ if (!defined('IN_PHPBB')) */ class acp_database { + var $db_tools; var $u_action; function main($id, $mode) @@ -27,6 +28,12 @@ class acp_database global $cache, $db, $user, $auth, $template, $table_prefix; global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx; + if (!class_exists('phpbb_db_tools')) + { + require($phpbb_root_path . 'includes/db/db_tools.' . $phpEx); + } + $this->db_tools = new phpbb_db_tools($db); + $user->add_lang('acp/database'); $this->tpl_name = 'acp_database'; @@ -49,7 +56,7 @@ class acp_database { case 'download': $type = request_var('type', ''); - $table = request_var('table', array('')); + $table = array_intersect($this->db_tools->sql_list_tables(), request_var('table', array(''))); $format = request_var('method', ''); $where = request_var('where', ''); @@ -172,8 +179,7 @@ class acp_database break; default: - include($phpbb_root_path . 'includes/functions_install.' . $phpEx); - $tables = get_tables($db); + $tables = $this->db_tools->sql_list_tables(); asort($tables); foreach ($tables as $table_name) { diff --git a/phpBB/includes/acp/acp_main.php b/phpBB/includes/acp/acp_main.php index 144b225766..eb613535bf 100644 --- a/phpBB/includes/acp/acp_main.php +++ b/phpBB/includes/acp/acp_main.php @@ -210,7 +210,7 @@ class acp_main // No maximum post id? :o if (!$max_post_id) { - $sql = 'SELECT MAX(post_id) + $sql = 'SELECT MAX(post_id) as max_post_id FROM ' . POSTS_TABLE; $result = $db->sql_query($sql); $max_post_id = (int) $db->sql_fetchfield('max_post_id'); diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php index d33be274b4..943bfe6a6f 100644 --- a/phpBB/includes/acp/acp_styles.php +++ b/phpBB/includes/acp/acp_styles.php @@ -21,7 +21,7 @@ if (!defined('IN_PHPBB')) class acp_styles { public $u_action; - + protected $u_base_action; protected $s_hidden_fields; protected $mode; @@ -1056,7 +1056,7 @@ class acp_styles */ protected function read_style_cfg($dir) { - static $required = array('name', 'version', 'copyright'); + static $required = array('name', 'phpbb_version', 'copyright'); $cfg = parse_cfg_file($this->styles_path . $dir . '/style.cfg'); // Check if it is a valid file diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index 44717452e8..17687b05c7 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -1001,6 +1001,13 @@ class acp_users $user_row['posts_in_queue'] = (int) $db->sql_fetchfield('posts_in_queue'); $db->sql_freeresult($result); + $sql = 'SELECT post_id + FROM ' . POSTS_TABLE . ' + WHERE poster_id = '. $user_id; + $result = $db->sql_query_limit($sql, 1); + $user_row['user_has_posts'] = (bool) $db->sql_fetchfield('post_id'); + $db->sql_freeresult($result); + $template->assign_vars(array( 'L_NAME_CHARS_EXPLAIN' => $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_name_chars']), $user->lang('CHARACTERS', (int) $config['max_name_chars'])), 'L_CHANGE_PASSWORD_EXPLAIN' => $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars']), $user->lang('CHARACTERS', (int) $config['max_pass_chars'])), @@ -1028,6 +1035,7 @@ class acp_users 'USER_EMAIL' => $user_row['user_email'], 'USER_WARNINGS' => $user_row['user_warnings'], 'USER_POSTS' => $user_row['user_posts'], + 'USER_HAS_POSTS' => $user_row['user_has_posts'], 'USER_INACTIVE_REASON' => $inactive_reason, )); diff --git a/phpBB/includes/auth/auth_ldap.php b/phpBB/includes/auth/auth_ldap.php index b2f45f046c..26029efe1e 100644 --- a/phpBB/includes/auth/auth_ldap.php +++ b/phpBB/includes/auth/auth_ldap.php @@ -155,7 +155,11 @@ function login_ldap(&$username, &$password) { if (!@ldap_bind($ldap, htmlspecialchars_decode($config['ldap_user']), htmlspecialchars_decode($config['ldap_password']))) { - return $user->lang['LDAP_NO_SERVER_CONNECTION']; + return array( + 'status' => LOGIN_ERROR_EXTERNAL_AUTH, + 'error_msg' => 'LDAP_NO_SERVER_CONNECTION', + 'user_row' => array('user_id' => ANONYMOUS), + ); } } diff --git a/phpBB/includes/bbcode.php b/phpBB/includes/bbcode.php index 612ced8ad6..444446e9c3 100644 --- a/phpBB/includes/bbcode.php +++ b/phpBB/includes/bbcode.php @@ -130,11 +130,11 @@ class bbcode if (empty($this->template_filename)) { - $this->template_bitfield = new bitfield($user->theme['bbcode_bitfield']); + $this->template_bitfield = new bitfield($user->style['bbcode_bitfield']); $style_resource_locator = new phpbb_style_resource_locator(); $style_path_provider = new phpbb_style_extension_path_provider($phpbb_extension_manager, new phpbb_style_path_provider()); - $template = new phpbb_style_template($phpbb_root_path, $phpEx, $config, $user, $style_resource_locator, $style_path_provider); + $template = new phpbb_template($phpbb_root_path, $phpEx, $config, $user, $style_resource_locator); $style = new phpbb_style($phpbb_root_path, $phpEx, $config, $user, $style_resource_locator, $style_path_provider, $template); $style->set_style(); $template->set_filenames(array('bbcode.html' => 'bbcode.html')); diff --git a/phpBB/includes/cache/service.php b/phpBB/includes/cache/service.php index aa225ade69..37f32aa753 100644 --- a/phpBB/includes/cache/service.php +++ b/phpBB/includes/cache/service.php @@ -321,50 +321,39 @@ class phpbb_cache_service /** * Obtain cfg file data */ - function obtain_cfg_items($theme) + function obtain_cfg_items($style) { global $config, $phpbb_root_path; - $parsed_items = array( - 'theme' => array(), - 'template' => array(), - 'imageset' => array() - ); + $parsed_array = $this->driver->get('_cfg_' . $style['style_path']); - foreach ($parsed_items as $key => $parsed_array) + if ($parsed_array === false) { - $parsed_array = $this->driver->get('_cfg_' . $key . '_' . $theme[$key . '_path']); - - if ($parsed_array === false) - { - $parsed_array = array(); - } + $parsed_array = array(); + } - $reparse = false; - $filename = $phpbb_root_path . 'styles/' . $theme[$key . '_path'] . '/' . $key . '/' . $key . '.cfg'; + $reparse = false; + $filename = $phpbb_root_path . 'styles/' . $style['style_path'] . '/style.cfg'; - if (!file_exists($filename)) - { - continue; - } + if (!file_exists($filename)) + { + continue; + } - if (!isset($parsed_array['filetime']) || (($config['load_tplcompile'] && @filemtime($filename) > $parsed_array['filetime']))) - { - $reparse = true; - } + if (!isset($parsed_array['filetime']) || (($config['load_tplcompile'] && @filemtime($filename) > $parsed_array['filetime']))) + { + $reparse = true; + } - // Re-parse cfg file - if ($reparse) - { - $parsed_array = parse_cfg_file($filename); - $parsed_array['filetime'] = @filemtime($filename); + // Re-parse cfg file + if ($reparse) + { + $parsed_array = parse_cfg_file($filename); + $parsed_array['filetime'] = @filemtime($filename); - $this->driver->put('_cfg_' . $key . '_' . $theme[$key . '_path'], $parsed_array); - } - $parsed_items[$key] = $parsed_array; + $this->driver->put('_cfg_' . $style['style_path'], $parsed_array); } - - return $parsed_items; + return $parsed_array; } /** diff --git a/phpBB/includes/db/db_tools.php b/phpBB/includes/db/db_tools.php index efb8b3ebd7..73eae4e967 100644 --- a/phpBB/includes/db/db_tools.php +++ b/phpBB/includes/db/db_tools.php @@ -1503,7 +1503,7 @@ class phpbb_db_tools $column_type = $this->dbms_type_map[$this->sql_layer][$column_data[0]]; } - // Adjust default value if db-dependant specified + // Adjust default value if db-dependent specified if (is_array($column_data[1])) { $column_data[1] = (isset($column_data[1][$this->sql_layer])) ? $column_data[1][$this->sql_layer] : $column_data[1]['default']; diff --git a/phpBB/includes/db/dbal.php b/phpBB/includes/db/dbal.php index 6da854b6e2..cf54d455f7 100644 --- a/phpBB/includes/db/dbal.php +++ b/phpBB/includes/db/dbal.php @@ -194,6 +194,49 @@ class dbal } /** + * Seek to given row number + * rownum is zero-based + */ + function sql_rowseek($rownum, &$query_id) + { + global $cache; + + if ($query_id === false) + { + $query_id = $this->query_result; + } + + if (isset($cache->sql_rowset[$query_id])) + { + return $cache->sql_rowseek($rownum, $query_id); + } + + if ($query_id === false) + { + return false; + } + + $this->sql_freeresult($query_id); + $query_id = $this->sql_query($this->last_query_text); + + if ($query_id === false) + { + return false; + } + + // We do not fetch the row for rownum == 0 because then the next resultset would be the second row + for ($i = 0; $i < $rownum; $i++) + { + if (!$this->sql_fetchrow($query_id)) + { + return false; + } + } + + return true; + } + + /** * Fetch field * if rownum is false, the current row is used, else it is pointing to the row (zero-based) */ @@ -479,6 +522,18 @@ class dbal } /** + * Run LOWER() on DB column of type text (i.e. neither varchar nor char). + * + * @param string $column_name The column name to use + * + * @return string A SQL statement like "LOWER($column_name)" + */ + function sql_lower_text($column_name) + { + return "LOWER($column_name)"; + } + + /** * Run more than one insert statement. * * @param string $table table name to run the statements on diff --git a/phpBB/includes/db/firebird.php b/phpBB/includes/db/firebird.php index 2ce9e50f46..7709e8fdf5 100644 --- a/phpBB/includes/db/firebird.php +++ b/phpBB/includes/db/firebird.php @@ -359,49 +359,6 @@ class dbal_firebird extends dbal } /** - * Seek to given row number - * rownum is zero-based - */ - function sql_rowseek($rownum, &$query_id) - { - global $cache; - - if ($query_id === false) - { - $query_id = $this->query_result; - } - - if (isset($cache->sql_rowset[$query_id])) - { - return $cache->sql_rowseek($rownum, $query_id); - } - - if ($query_id === false) - { - return; - } - - $this->sql_freeresult($query_id); - $query_id = $this->sql_query($this->last_query_text); - - if ($query_id === false) - { - return false; - } - - // We do not fetch the row for rownum == 0 because then the next resultset would be the second row - for ($i = 0; $i < $rownum; $i++) - { - if (!$this->sql_fetchrow($query_id)) - { - return false; - } - } - - return true; - } - - /** * Get last inserted id after insert statement */ function sql_nextid() diff --git a/phpBB/includes/db/mssql.php b/phpBB/includes/db/mssql.php index fd11dbad3c..abeabc389f 100644 --- a/phpBB/includes/db/mssql.php +++ b/phpBB/includes/db/mssql.php @@ -325,6 +325,14 @@ class dbal_mssql extends dbal } /** + * {@inheritDoc} + */ + function sql_lower_text($column_name) + { + return "LOWER(SUBSTRING($column_name, 1, DATALENGTH($column_name)))"; + } + + /** * Build LIKE expression * @access private */ diff --git a/phpBB/includes/db/mssql_odbc.php b/phpBB/includes/db/mssql_odbc.php index 909e43808f..6e24f4e9e8 100644 --- a/phpBB/includes/db/mssql_odbc.php +++ b/phpBB/includes/db/mssql_odbc.php @@ -255,49 +255,6 @@ class dbal_mssql_odbc extends dbal } /** - * Seek to given row number - * rownum is zero-based - */ - function sql_rowseek($rownum, &$query_id) - { - global $cache; - - if ($query_id === false) - { - $query_id = $this->query_result; - } - - if (isset($cache->sql_rowset[$query_id])) - { - return $cache->sql_rowseek($rownum, $query_id); - } - - if ($query_id === false) - { - return false; - } - - $this->sql_freeresult($query_id); - $query_id = $this->sql_query($this->last_query_text); - - if ($query_id === false) - { - return false; - } - - // We do not fetch the row for rownum == 0 because then the next resultset would be the second row - for ($i = 0; $i < $rownum; $i++) - { - if (!$this->sql_fetchrow($query_id)) - { - return false; - } - } - - return true; - } - - /** * Get last inserted id after insert statement */ function sql_nextid() @@ -353,6 +310,14 @@ class dbal_mssql_odbc extends dbal } /** + * {@inheritDoc} + */ + function sql_lower_text($column_name) + { + return "LOWER(SUBSTRING($column_name, 1, DATALENGTH($column_name)))"; + } + + /** * Build LIKE expression * @access private */ diff --git a/phpBB/includes/db/mssqlnative.php b/phpBB/includes/db/mssqlnative.php index 4abef6fc3c..8a4503f111 100644 --- a/phpBB/includes/db/mssqlnative.php +++ b/phpBB/includes/db/mssqlnative.php @@ -439,24 +439,6 @@ class dbal_mssqlnative extends dbal } /** - * Seek to given row number - * rownum is zero-based - */ - function sql_rowseek($rownum, &$query_id) - { - global $cache; - - if (isset($cache->sql_rowset[$query_id])) - { - return $cache->sql_rowseek($rownum, $query_id); - } - - $seek = new result_mssqlnative($query_id); - $row = $seek->seek($rownum); - return ($row = $seek->fetch()) ? $row : false; - } - - /** * Get last inserted id after insert statement */ function sql_nextid() @@ -510,6 +492,14 @@ class dbal_mssqlnative extends dbal } /** + * {@inheritDoc} + */ + function sql_lower_text($column_name) + { + return "LOWER(SUBSTRING($column_name, 1, DATALENGTH($column_name)))"; + } + + /** * Build LIKE expression * @access private */ diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index a13605f688..e40df93194 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -343,7 +343,7 @@ function still_on_time($extra_time = 15) /** * -* @version Version 0.1 / slightly modified for phpBB 3.0.x (using $H$ as hash type identifier) +* @version Version 0.1 / slightly modified for phpBB 3.1.x (using $H$ as hash type identifier) * * Portable PHP password hashing framework. * @@ -1691,14 +1691,17 @@ function update_forum_tracking_info($forum_id, $forum_last_post_time, $f_mark_ti } else { - $sql = 'SELECT t.forum_id FROM ' . TOPICS_TABLE . ' t - LEFT JOIN ' . TOPICS_TRACK_TABLE . ' tt ON (tt.topic_id = t.topic_id AND tt.user_id = ' . $user->data['user_id'] . ') + $sql = 'SELECT t.forum_id + FROM ' . TOPICS_TABLE . ' t + LEFT JOIN ' . TOPICS_TRACK_TABLE . ' tt + ON (tt.topic_id = t.topic_id + AND tt.user_id = ' . $user->data['user_id'] . ') WHERE t.forum_id = ' . $forum_id . ' AND t.topic_last_post_time > ' . $mark_time_forum . ' AND t.topic_moved_id = 0 ' . $sql_update_unapproved . ' - AND (tt.topic_id IS NULL OR tt.mark_time < t.topic_last_post_time) - GROUP BY t.forum_id'; + AND (tt.topic_id IS NULL + OR tt.mark_time < t.topic_last_post_time)'; $result = $db->sql_query_limit($sql, 1); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); @@ -3247,7 +3250,7 @@ function get_preg_expression($mode) case 'email': // Regex written by James Watts and Francisco Jose Martin Moreno // http://fightingforalostcause.net/misc/2006/compare-email-regex.php - return '([\w\!\#$\%\&\'\*\+\-\/\=\?\^\`{\|\}\~]+\.)*(?:[\w\!\#$\%\'\*\+\-\/\=\?\^\`{\|\}\~]|&)+@((((([a-z0-9]{1}[a-z0-9\-]{0,62}[a-z0-9]{1})|[a-z])\.)+[a-z]{2,6})|(\d{1,3}\.){3}\d{1,3}(\:\d{1,5})?)'; + return '([\w\!\#$\%\&\'\*\+\-\/\=\?\^\`{\|\}\~]+\.)*(?:[\w\!\#$\%\'\*\+\-\/\=\?\^\`{\|\}\~]|&)+@((((([a-z0-9]{1}[a-z0-9\-]{0,62}[a-z0-9]{1})|[a-z])\.)+[a-z]{2,63})|(\d{1,3}\.){3}\d{1,3}(\:\d{1,5})?)'; break; case 'bbcode_htm': @@ -4769,9 +4772,9 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0 'T_ASSETS_VERSION' => $config['assets_version'], 'T_ASSETS_PATH' => "{$web_path}assets", - 'T_THEME_PATH' => "{$web_path}styles/" . rawurlencode($user->theme['style_path']) . '/theme', - 'T_TEMPLATE_PATH' => "{$web_path}styles/" . rawurlencode($user->theme['style_path']) . '/template', - 'T_SUPER_TEMPLATE_PATH' => "{$web_path}styles/" . rawurlencode($user->theme['style_path']) . '/template', + 'T_THEME_PATH' => "{$web_path}styles/" . rawurlencode($user->style['style_path']) . '/theme', + 'T_TEMPLATE_PATH' => "{$web_path}styles/" . rawurlencode($user->style['style_path']) . '/template', + 'T_SUPER_TEMPLATE_PATH' => "{$web_path}styles/" . rawurlencode($user->style['style_path']) . '/template', 'T_IMAGES_PATH' => "{$web_path}images/", 'T_SMILIES_PATH' => "{$web_path}{$config['smilies_path']}/", 'T_AVATAR_PATH' => "{$web_path}{$config['avatar_path']}/", @@ -4779,16 +4782,15 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0 'T_ICONS_PATH' => "{$web_path}{$config['icons_path']}/", 'T_RANKS_PATH' => "{$web_path}{$config['ranks_path']}/", 'T_UPLOAD_PATH' => "{$web_path}{$config['upload_path']}/", - 'T_STYLESHEET_LINK' => "{$web_path}styles/" . rawurlencode($user->theme['style_path']) . '/theme/stylesheet.css?assets_version=' . $config['assets_version'], - 'T_STYLESHEET_LANG_LINK' => "{$web_path}styles/" . rawurlencode($user->theme['style_path']) . '/theme/' . $user->lang_name . '/stylesheet.css?assets_version=' . $config['assets_version'], - 'T_STYLESHEET_NAME' => $user->theme['style_name'], + 'T_STYLESHEET_LINK' => "{$web_path}styles/" . rawurlencode($user->style['style_path']) . '/theme/stylesheet.css?assets_version=' . $config['assets_version'], + 'T_STYLESHEET_LANG_LINK' => "{$web_path}styles/" . rawurlencode($user->style['style_path']) . '/theme/' . $user->lang_name . '/stylesheet.css?assets_version=' . $config['assets_version'], 'T_JQUERY_LINK' => ($config['load_jquery_cdn'] && !empty($config['load_jquery_url'])) ? $config['load_jquery_url'] : "{$web_path}assets/javascript/jquery.js?assets_version=" . $config['assets_version'], 'S_JQUERY_FALLBACK' => ($config['load_jquery_cdn']) ? true : false, - 'T_THEME_NAME' => rawurlencode($user->theme['style_path']), + 'T_THEME_NAME' => rawurlencode($user->style['style_path']), 'T_THEME_LANG_NAME' => $user->data['user_lang'], - 'T_TEMPLATE_NAME' => $user->theme['style_path'], - 'T_SUPER_TEMPLATE_NAME' => rawurlencode((isset($user->theme['style_parent_tree']) && $user->theme['style_parent_tree']) ? $user->theme['style_parent_tree'] : $user->theme['style_path']), + 'T_TEMPLATE_NAME' => $user->style['style_path'], + 'T_SUPER_TEMPLATE_NAME' => rawurlencode((isset($user->style['style_parent_tree']) && $user->style['style_parent_tree']) ? $user->style['style_parent_tree'] : $user->style['style_path']), 'T_IMAGES' => 'images', 'T_SMILIES' => $config['smilies_path'], 'T_AVATAR' => $config['avatar_path'], @@ -4984,3 +4986,16 @@ function phpbb_pcre_utf8_support() } return $utf8_pcre_properties; } + +/** +* Casts a numeric string $input to an appropriate numeric type (i.e. integer or float) +* +* @param string $input A numeric string. +* +* @return int|float Integer $input if $input fits integer, +* float $input otherwise. +*/ +function phpbb_to_numeric($input) +{ + return ($input > PHP_INT_MAX) ? (float) $input : (int) $input; +} diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php index 9798e514c1..5d19cd7adb 100644 --- a/phpBB/includes/functions_admin.php +++ b/phpBB/includes/functions_admin.php @@ -2556,7 +2556,8 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id { $sql_keywords .= $db->sql_in_set('l.log_operation', $operations) . ' OR '; } - $sql_keywords .= 'LOWER(l.log_data) ' . implode(' OR LOWER(l.log_data) ', $keywords) . ')'; + $sql_lower = $db->sql_lower_text('l.log_data'); + $sql_keywords .= "$sql_lower " . implode(" OR $sql_lower ", $keywords) . ')'; } if ($log_count !== false) diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php index bbfd6fd6b6..545f75ad67 100644 --- a/phpBB/includes/functions_display.php +++ b/phpBB/includes/functions_display.php @@ -397,12 +397,13 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod if ($row['forum_last_post_id']) { $last_post_subject = $row['forum_last_post_subject']; + $last_post_subject_truncated = truncate_string(censor_text($last_post_subject), 30, 255, false, $user->lang['ELLIPSIS']); $last_post_time = $user->format_date($row['forum_last_post_time']); $last_post_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id_last_post'] . '&p=' . $row['forum_last_post_id']) . '#p' . $row['forum_last_post_id']; } else { - $last_post_subject = $last_post_time = $last_post_url = ''; + $last_post_subject = $last_post_time = $last_post_url = $last_post_subject_truncated = ''; } // Output moderator listing ... if applicable @@ -451,6 +452,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod 'S_LOCKED_FORUM' => ($row['forum_status'] == ITEM_LOCKED) ? true : false, 'S_LIST_SUBFORUMS' => ($row['display_subforum_list']) ? true : false, 'S_SUBFORUMS' => (sizeof($subforums_list)) ? true : false, + 'S_DISPLAY_SUBJECT' => ($last_post_subject && $config['display_last_subject'] && !$row['forum_password'] && $auth->acl_get('f_read', $row['forum_id'])) ? true : false, 'S_FEED_ENABLED' => ($config['feed_forum'] && !phpbb_optionget(FORUM_OPTION_FEED_EXCLUDE, $row['forum_options']) && $row['forum_type'] == FORUM_POST) ? true : false, 'FORUM_ID' => $row['forum_id'], @@ -463,7 +465,8 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod 'FORUM_FOLDER_IMG_ALT' => isset($user->lang[$folder_alt]) ? $user->lang[$folder_alt] : '', 'FORUM_IMAGE' => ($row['forum_image']) ? '<img src="' . $phpbb_root_path . $row['forum_image'] . '" alt="' . $user->lang[$folder_alt] . '" />' : '', 'FORUM_IMAGE_SRC' => ($row['forum_image']) ? $phpbb_root_path . $row['forum_image'] : '', - 'LAST_POST_SUBJECT' => censor_text($last_post_subject), + 'LAST_POST_SUBJECT' => (!$row['forum_password'] && $auth->acl_get('f_read', $row['forum_id'])) ? censor_text($last_post_subject) : "", + 'LAST_POST_SUBJECT_TRUNCATED' => (!$row['forum_password'] && $auth->acl_get('f_read', $row['forum_id'])) ? $last_post_subject_truncated : "", 'LAST_POST_TIME' => $last_post_time, 'LAST_POSTER' => get_username_string('username', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']), 'LAST_POSTER_COLOUR' => get_username_string('colour', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']), diff --git a/phpBB/includes/functions_install.php b/phpBB/includes/functions_install.php index a49e19f09a..50af8fe019 100644 --- a/phpBB/includes/functions_install.php +++ b/phpBB/includes/functions_install.php @@ -511,12 +511,22 @@ function adjust_language_keys_callback($matches) } } +/** +* Creates the output to be stored in a phpBB config.php file +* +* @param array $data Array containing the database connection information +* @param string $dbms The name of the DBAL class to use +* @param array $load_extensions Array of additional extensions that should be loaded +* @param bool $debug If the debug constants should be enabled by default or not +* +* @return string The output to write to the file +*/ function phpbb_create_config_file_data($data, $dbms, $load_extensions, $debug = false) { $load_extensions = implode(',', $load_extensions); $config_data = "<?php\n"; - $config_data .= "// phpBB 3.0.x auto-generated configuration file\n// Do not change anything in this file!\n"; + $config_data .= "// phpBB 3.1.x auto-generated configuration file\n// Do not change anything in this file!\n"; $config_data_array = array( 'dbms' => $dbms, @@ -548,7 +558,5 @@ function phpbb_create_config_file_data($data, $dbms, $load_extensions, $debug = $config_data .= "// @define('DEBUG_EXTRA', true);\n"; } - $config_data .= '?' . '>'; // Done this to prevent highlighting editors getting confused! - return $config_data; } diff --git a/phpBB/includes/functions_messenger.php b/phpBB/includes/functions_messenger.php index f608c95fe4..e9073553d0 100644 --- a/phpBB/includes/functions_messenger.php +++ b/phpBB/includes/functions_messenger.php @@ -210,8 +210,9 @@ class messenger { $style_resource_locator = new phpbb_style_resource_locator(); $style_path_provider = new phpbb_style_extension_path_provider($phpbb_extension_manager, new phpbb_style_path_provider()); - $tpl = new phpbb_style_template($phpbb_root_path, $phpEx, $config, $user, $style_resource_locator, $style_path_provider); + $tpl = new phpbb_template($phpbb_root_path, $phpEx, $config, $user, $style_resource_locator); $style = new phpbb_style($phpbb_root_path, $phpEx, $config, $user, $style_resource_locator, $style_path_provider, $tpl); + $this->tpl_msg[$template_lang . $template_file] = $tpl; $fallback_template_path = false; diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index f77f54679f..c549f99091 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -1657,8 +1657,8 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u // First of all make sure the subject and topic title are having the correct length. // To achieve this without cutting off between special chars we convert to an array and then count the elements. - $subject = truncate_string($subject); - $data['topic_title'] = truncate_string($data['topic_title']); + $subject = truncate_string($subject, 120); + $data['topic_title'] = truncate_string($data['topic_title'], 120); // Collect some basic information about which tables and which rows to update/insert $sql_data = $topic_row = array(); diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php index 434349714b..8542e3ab0a 100644 --- a/phpBB/includes/functions_privmsgs.php +++ b/phpBB/includes/functions_privmsgs.php @@ -1128,6 +1128,166 @@ function delete_pm($user_id, $msg_ids, $folder_id) } /** +* Delete all PM(s) for a given user and delete the ones without references +* +* @param int $user_id ID of the user whose private messages we want to delete +* +* @return boolean False if there were no pms found, true otherwise. +*/ +function phpbb_delete_user_pms($user_id) +{ + global $db, $user, $phpbb_root_path, $phpEx; + + $user_id = (int) $user_id; + + if (!$user_id) + { + return false; + } + + // Get PM Information for later deleting + // The two queries where split, so we can use our indexes + // Part 1: get PMs the user received + $sql = 'SELECT msg_id, author_id, folder_id, pm_unread, pm_new + FROM ' . PRIVMSGS_TO_TABLE . ' + WHERE user_id = ' . $user_id; + $result = $db->sql_query($sql); + + $undelivered_msg = $undelivered_user = $delete_ids = array(); + while ($row = $db->sql_fetchrow($result)) + { + if ($row['author_id'] == $user_id && $row['folder_id'] == PRIVMSGS_NO_BOX) + { + // Undelivered messages + $undelivered_msg[] = $row['msg_id']; + + if (isset($undelivered_user[$row['user_id']])) + { + ++$undelivered_user[$row['user_id']]; + } + else + { + $undelivered_user[$row['user_id']] = 1; + } + } + + $delete_ids[(int) $row['msg_id']] = (int) $row['msg_id']; + } + $db->sql_freeresult($result); + + // Part 2: get PMs the user sent + $sql = 'SELECT msg_id, author_id, folder_id, pm_unread, pm_new + FROM ' . PRIVMSGS_TO_TABLE . ' + WHERE author_id = ' . $user_id . ' + AND folder_id = ' . PRIVMSGS_NO_BOX; + $result = $db->sql_query($sql); + + while ($row = $db->sql_fetchrow($result)) + { + if ($row['author_id'] == $user_id && $row['folder_id'] == PRIVMSGS_NO_BOX) + { + // Undelivered messages + $undelivered_msg[] = $row['msg_id']; + + if (isset($undelivered_user[$row['user_id']])) + { + ++$undelivered_user[$row['user_id']]; + } + else + { + $undelivered_user[$row['user_id']] = 1; + } + } + + $delete_ids[(int) $row['msg_id']] = (int) $row['msg_id']; + } + $db->sql_freeresult($result); + + if (empty($delete_ids)) + { + return false; + } + + $db->sql_transaction('begin'); + + if (sizeof($undelivered_msg)) + { + $sql = 'DELETE FROM ' . PRIVMSGS_TABLE . ' + WHERE ' . $db->sql_in_set('msg_id', $undelivered_msg); + $db->sql_query($sql); + } + + // Reset the user´s pm count to 0 + if (isset($undelivered_user[$user_id])) + { + $sql = 'UPDATE ' . USERS_TABLE . ' + SET user_new_privmsg = 0, + user_unread_privmsg = 0 + WHERE user_id = ' . $user_id; + $db->sql_query($sql); + unset($undelivered_user[$user_id]); + } + + foreach ($undelivered_user as $_user_id => $count) + { + $sql = 'UPDATE ' . USERS_TABLE . ' + SET user_new_privmsg = user_new_privmsg - ' . $count . ', + user_unread_privmsg = user_unread_privmsg - ' . $count . ' + WHERE user_id = ' . $_user_id; + $db->sql_query($sql); + } + + // Delete private message data + $sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . " + WHERE user_id = $user_id + AND " . $db->sql_in_set('msg_id', $delete_ids); + $db->sql_query($sql); + + // Now we have to check which messages we can delete completely + $sql = 'SELECT msg_id + FROM ' . PRIVMSGS_TO_TABLE . ' + WHERE ' . $db->sql_in_set('msg_id', $delete_ids); + $result = $db->sql_query($sql); + + while ($row = $db->sql_fetchrow($result)) + { + unset($delete_ids[$row['msg_id']]); + } + $db->sql_freeresult($result); + + if (!empty($delete_ids)) + { + // Check if there are any attachments we need to remove + if (!function_exists('delete_attachments')) + { + include($phpbb_root_path . 'includes/functions_admin.' . $phpEx); + } + + delete_attachments('message', $delete_ids, false); + + $sql = 'DELETE FROM ' . PRIVMSGS_TABLE . ' + WHERE ' . $db->sql_in_set('msg_id', $delete_ids); + $db->sql_query($sql); + } + + // Set the remaining author id to anonymous + // This way users are still able to read messages from users being removed + $sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . ' + SET author_id = ' . ANONYMOUS . ' + WHERE author_id = ' . $user_id; + $db->sql_query($sql); + + $sql = 'UPDATE ' . PRIVMSGS_TABLE . ' + SET author_id = ' . ANONYMOUS . ' + WHERE author_id = ' . $user_id; + $db->sql_query($sql); + + $db->sql_transaction('commit'); + + return true; +} + +/** * Rebuild message header */ function rebuild_header($check_ary) @@ -1406,12 +1566,6 @@ function submit_pm($mode, $subject, &$data, $put_in_outbox = true) while ($row = $db->sql_fetchrow($result)) { - // Additionally, do not include the sender if he is in the group he wants to send to. ;) - if ($row['user_id'] === $user->data['user_id']) - { - continue; - } - $field = ($data['address_list']['g'][$row['group_id']] == 'to') ? 'to' : 'bcc'; $recipients[$row['user_id']] = $field; } diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index 71fe627ac8..33cb585b19 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -151,7 +151,8 @@ class filespec */ function is_image() { - return (strpos($this->mimetype, 'image/') !== false) ? true : false; + $mimetype = $this->get_mimetype($this->filename); + return (strpos($mimetype, 'image/') === 0); } /** @@ -200,17 +201,12 @@ class filespec } /** - * Get mimetype. Utilize mime_content_type if the function exist. - * Not used at the moment... + * Get mimetype. Utilises the finfo class. */ function get_mimetype($filename) { - $mimetype = ''; - - if (function_exists('mime_content_type')) - { - $mimetype = mime_content_type($filename); - } + $finfo = new finfo(FILEINFO_MIME_TYPE); + $mimetype = $finfo->file($filename); // Some browsers choke on a mimetype of application/octet-stream if (!$mimetype || $mimetype == 'application/octet-stream') @@ -342,6 +338,7 @@ class filespec // Remove temporary filename @unlink($this->filename); + $this->filename = $this->destination_file; if (sizeof($this->error)) { @@ -756,6 +753,31 @@ class fileupload $filename = $url['path']; $filesize = 0; + $remote_max_filesize = $this->max_filesize; + if (!$remote_max_filesize) + { + $max_filesize = @ini_get('upload_max_filesize'); + + if (!empty($max_filesize)) + { + $unit = strtolower(substr($max_filesize, -1, 1)); + $remote_max_filesize = (int) $max_filesize; + + switch ($unit) + { + case 'g': + $remote_max_filesize *= 1024; + // no break + case 'm': + $remote_max_filesize *= 1024; + // no break + case 'k': + $remote_max_filesize *= 1024; + // no break + } + } + } + $errno = 0; $errstr = ''; @@ -784,9 +806,9 @@ class fileupload $block = @fread($fsock, 1024); $filesize += strlen($block); - if ($this->max_filesize && $filesize > $this->max_filesize) + if ($remote_max_filesize && $filesize > $remote_max_filesize) { - $max_filesize = get_formatted_filesize($this->max_filesize, false); + $max_filesize = get_formatted_filesize($remote_max_filesize, false); $file = new fileerror(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit'])); return $file; @@ -812,9 +834,9 @@ class fileupload { $length = (int) str_replace('content-length: ', '', strtolower($line)); - if ($length && $length > $this->max_filesize) + if ($remote_max_filesize && $length && $length > $remote_max_filesize) { - $max_filesize = get_formatted_filesize($this->max_filesize, false); + $max_filesize = get_formatted_filesize($remote_max_filesize, false); $file = new fileerror(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit'])); return $file; diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 5b05c3a78d..9b102b7387 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -527,62 +527,12 @@ function user_delete($mode, $user_id, $post_username = false) WHERE session_user_id = ' . $user_id; $db->sql_query($sql); - // Remove any undelivered mails... - $sql = 'SELECT msg_id, user_id - FROM ' . PRIVMSGS_TO_TABLE . ' - WHERE author_id = ' . $user_id . ' - AND folder_id = ' . PRIVMSGS_NO_BOX; - $result = $db->sql_query($sql); - - $undelivered_msg = $undelivered_user = array(); - while ($row = $db->sql_fetchrow($result)) - { - $undelivered_msg[] = $row['msg_id']; - $undelivered_user[$row['user_id']][] = true; - } - $db->sql_freeresult($result); - - if (sizeof($undelivered_msg)) + // Clean the private messages tables from the user + if (!function_exists('phpbb_delete_user_pms')) { - $sql = 'DELETE FROM ' . PRIVMSGS_TABLE . ' - WHERE ' . $db->sql_in_set('msg_id', $undelivered_msg); - $db->sql_query($sql); - } - - $sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . ' - WHERE author_id = ' . $user_id . ' - AND folder_id = ' . PRIVMSGS_NO_BOX; - $db->sql_query($sql); - - // Delete all to-information - $sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . ' - WHERE user_id = ' . $user_id; - $db->sql_query($sql); - - // Set the remaining author id to anonymous - this way users are still able to read messages from users being removed - $sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . ' - SET author_id = ' . ANONYMOUS . ' - WHERE author_id = ' . $user_id; - $db->sql_query($sql); - - $sql = 'UPDATE ' . PRIVMSGS_TABLE . ' - SET author_id = ' . ANONYMOUS . ' - WHERE author_id = ' . $user_id; - $db->sql_query($sql); - - foreach ($undelivered_user as $_user_id => $ary) - { - if ($_user_id == $user_id) - { - continue; - } - - $sql = 'UPDATE ' . USERS_TABLE . ' - SET user_new_privmsg = user_new_privmsg - ' . sizeof($ary) . ', - user_unread_privmsg = user_unread_privmsg - ' . sizeof($ary) . ' - WHERE user_id = ' . $_user_id; - $db->sql_query($sql); + include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx); } + phpbb_delete_user_pms($user_id); $db->sql_transaction('commit'); diff --git a/phpBB/includes/mcp/mcp_queue.php b/phpBB/includes/mcp/mcp_queue.php index 59fa8b7263..4d720a435c 100644 --- a/phpBB/includes/mcp/mcp_queue.php +++ b/phpBB/includes/mcp/mcp_queue.php @@ -268,8 +268,6 @@ class mcp_queue trigger_error('NOT_MODERATOR'); } - $forum_list = implode(', ', $forum_list); - $sql = 'SELECT SUM(forum_topics) as sum_forum_topics FROM ' . FORUMS_TABLE . ' WHERE ' . $db->sql_in_set('forum_id', $forum_list); diff --git a/phpBB/includes/mcp/mcp_warn.php b/phpBB/includes/mcp/mcp_warn.php index 9d838790a0..c614beea3b 100644 --- a/phpBB/includes/mcp/mcp_warn.php +++ b/phpBB/includes/mcp/mcp_warn.php @@ -307,7 +307,7 @@ class mcp_warn include($phpbb_root_path . 'includes/functions_display.' . $phpEx); } - $rank_title = $rank_img = ''; + get_user_rank($user_row['user_rank'], $user_row['user_posts'], $rank_title, $rank_img, $rank_img_src); $avatar_img = get_user_avatar($user_row['user_avatar'], $user_row['user_avatar_type'], $user_row['user_avatar_width'], $user_row['user_avatar_height']); $template->assign_vars(array( @@ -412,7 +412,7 @@ class mcp_warn include($phpbb_root_path . 'includes/functions_display.' . $phpEx); } - $rank_title = $rank_img = ''; + get_user_rank($user_row['user_rank'], $user_row['user_posts'], $rank_title, $rank_img, $rank_img_src); $avatar_img = get_user_avatar($user_row['user_avatar'], $user_row['user_avatar_type'], $user_row['user_avatar_width'], $user_row['user_avatar_height']); // OK, they didn't submit a warning so lets build the page for them to do so diff --git a/phpBB/includes/php/ini.php b/phpBB/includes/php/ini.php new file mode 100644 index 0000000000..17e8c54a57 --- /dev/null +++ b/phpBB/includes/php/ini.php @@ -0,0 +1,175 @@ +<?php +/** +* +* @package phpBB +* @copyright (c) 2011 phpBB Group +* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 +* +*/ + +/** +* @ignore +*/ +if (!defined('IN_PHPBB')) +{ + exit; +} + +/** +* Wrapper class for ini_get function. +* +* Provides easier handling of the different interpretations of ini values. +* +* @package phpBB +*/ +class phpbb_php_ini +{ + /** + * Simple wrapper for ini_get() + * See http://php.net/manual/en/function.ini-get.php + * + * @param string $varname The configuration option name. + * @return bool|string False if configuration option does not exist, + * the configuration option value (string) otherwise. + */ + public function get($varname) + { + return ini_get($varname); + } + + /** + * Gets the configuration option value as a trimmed string. + * + * @param string $varname The configuration option name. + * @return bool|string False if configuration option does not exist, + * the configuration option value (string) otherwise. + */ + public function get_string($varname) + { + $value = $this->get($varname); + + if ($value === false) + { + return false; + } + + return trim($value); + } + + /** + * Gets configuration option value as a boolean. + * Interprets the string value 'off' as false. + * + * @param string $varname The configuration option name. + * @return bool False if configuration option does not exist. + * False if configuration option is disabled. + * True otherwise. + */ + public function get_bool($varname) + { + $value = $this->get_string($varname); + + if (empty($value) || strtolower($value) == 'off') + { + return false; + } + + return true; + } + + /** + * Gets configuration option value as an integer. + * + * @param string $varname The configuration option name. + * @return bool|int False if configuration option does not exist, + * false if configuration option value is not numeric, + * the configuration option value (integer) otherwise. + */ + public function get_int($varname) + { + $value = $this->get_string($varname); + + if (!is_numeric($value)) + { + return false; + } + + return (int) $value; + } + + /** + * Gets configuration option value as a float. + * + * @param string $varname The configuration option name. + * @return bool|float False if configuration option does not exist, + * false if configuration option value is not numeric, + * the configuration option value (float) otherwise. + */ + public function get_float($varname) + { + $value = $this->get_string($varname); + + if (!is_numeric($value)) + { + return false; + } + + return (float) $value; + } + + /** + * Gets configuration option value in bytes. + * Converts strings like '128M' to bytes (integer or float). + * + * @param string $varname The configuration option name. + * @return bool|int|float False if configuration option does not exist, + * false if configuration option value is not well-formed, + * the configuration option value otherwise. + */ + public function get_bytes($varname) + { + $value = $this->get_string($varname); + + if ($value === false) + { + return false; + } + + if (is_numeric($value)) + { + // Already in bytes. + return phpbb_to_numeric($value); + } + else if (strlen($value) < 2) + { + // Single character. + return false; + } + else if (strlen($value) < 3 && $value[0] === '-') + { + // Two characters but the first one is a minus. + return false; + } + + $value_lower = strtolower($value); + $value_numeric = phpbb_to_numeric($value); + + switch ($value_lower[strlen($value_lower) - 1]) + { + case 'g': + $value_numeric *= 1024; + case 'm': + $value_numeric *= 1024; + case 'k': + $value_numeric *= 1024; + break; + + default: + // It's not already in bytes (and thus numeric) + // and does not carry a unit. + return false; + } + + return $value_numeric; + } +} diff --git a/phpBB/includes/search/fulltext_mysql.php b/phpBB/includes/search/fulltext_mysql.php index 7c94038cc9..20dcb74c0d 100644 --- a/phpBB/includes/search/fulltext_mysql.php +++ b/phpBB/includes/search/fulltext_mysql.php @@ -27,8 +27,6 @@ class phpbb_search_fulltext_mysql extends phpbb_search_base var $split_words = array(); var $search_query; var $common_words = array(); - var $pcre_properties = false; - var $mbstring_regex = false; public function __construct(&$error) { @@ -36,18 +34,6 @@ class phpbb_search_fulltext_mysql extends phpbb_search_base $this->word_length = array('min' => $config['fulltext_mysql_min_word_len'], 'max' => $config['fulltext_mysql_max_word_len']); - // PHP may not be linked with the bundled PCRE lib and instead with an older version - if (phpbb_pcre_utf8_support()) - { - $this->pcre_properties = true; - } - - if (function_exists('mb_ereg')) - { - $this->mbstring_regex = true; - mb_regex_encoding('UTF-8'); - } - $error = false; } @@ -70,7 +56,7 @@ class phpbb_search_fulltext_mysql extends phpbb_search_base if ($db->sql_layer != 'mysql4' && $db->sql_layer != 'mysqli') { - return $user->lang['FULLTEXT_MYSQL_INCOMPATIBLE_VERSION']; + return $user->lang['FULLTEXT_MYSQL_INCOMPATIBLE_DATABASE']; } $result = $db->sql_query('SHOW TABLE STATUS LIKE \'' . POSTS_TABLE . '\''); @@ -133,40 +119,10 @@ class phpbb_search_fulltext_mysql extends phpbb_search_base $split_keywords = preg_replace("#[\n\r\t]+#", ' ', trim(htmlspecialchars_decode($keywords))); // Split words - if ($this->pcre_properties) - { - $split_keywords = preg_replace('#([^\p{L}\p{N}\'*"()])#u', '$1$1', str_replace('\'\'', '\' \'', trim($split_keywords))); - } - else if ($this->mbstring_regex) - { - $split_keywords = mb_ereg_replace('([^\w\'*"()])', '\\1\\1', str_replace('\'\'', '\' \'', trim($split_keywords))); - } - else - { - $split_keywords = preg_replace('#([^\w\'*"()])#u', '$1$1', str_replace('\'\'', '\' \'', trim($split_keywords))); - } - - if ($this->pcre_properties) - { - $matches = array(); - preg_match_all('#(?:[^\p{L}\p{N}*"()]|^)([+\-|]?(?:[\p{L}\p{N}*"()]+\'?)*[\p{L}\p{N}*"()])(?:[^\p{L}\p{N}*"()]|$)#u', $split_keywords, $matches); - $this->split_words = $matches[1]; - } - else if ($this->mbstring_regex) - { - mb_ereg_search_init($split_keywords, '(?:[^\w*"()]|^)([+\-|]?(?:[\w*"()]+\'?)*[\w*"()])(?:[^\w*"()]|$)'); - - while (($word = mb_ereg_search_regs())) - { - $this->split_words[] = $word[1]; - } - } - else - { - $matches = array(); - preg_match_all('#(?:[^\w*"()]|^)([+\-|]?(?:[\w*"()]+\'?)*[\w*"()])(?:[^\w*"()]|$)#u', $split_keywords, $matches); - $this->split_words = $matches[1]; - } + $split_keywords = preg_replace('#([^\p{L}\p{N}\'*"()])#u', '$1$1', str_replace('\'\'', '\' \'', trim($split_keywords))); + $matches = array(); + preg_match_all('#(?:[^\p{L}\p{N}*"()]|^)([+\-|]?(?:[\p{L}\p{N}*"()]+\'?)*[\p{L}\p{N}*"()])(?:[^\p{L}\p{N}*"()]|$)#u', $split_keywords, $matches); + $this->split_words = $matches[1]; // We limit the number of allowed keywords to minimize load on the database if ($config['max_num_search_keywords'] && sizeof($this->split_words) > $config['max_num_search_keywords']) @@ -271,41 +227,10 @@ class phpbb_search_fulltext_mysql extends phpbb_search_base global $config; // Split words - if ($this->pcre_properties) - { - $text = preg_replace('#([^\p{L}\p{N}\'*])#u', '$1$1', str_replace('\'\'', '\' \'', trim($text))); - } - else if ($this->mbstring_regex) - { - $text = mb_ereg_replace('([^\w\'*])', '\\1\\1', str_replace('\'\'', '\' \'', trim($text))); - } - else - { - $text = preg_replace('#([^\w\'*])#u', '$1$1', str_replace('\'\'', '\' \'', trim($text))); - } - - if ($this->pcre_properties) - { - $matches = array(); - preg_match_all('#(?:[^\p{L}\p{N}*]|^)([+\-|]?(?:[\p{L}\p{N}*]+\'?)*[\p{L}\p{N}*])(?:[^\p{L}\p{N}*]|$)#u', $text, $matches); - $text = $matches[1]; - } - else if ($this->mbstring_regex) - { - mb_ereg_search_init($text, '(?:[^\w*]|^)([+\-|]?(?:[\w*]+\'?)*[\w*])(?:[^\w*]|$)'); - - $text = array(); - while (($word = mb_ereg_search_regs())) - { - $text[] = $word[1]; - } - } - else - { - $matches = array(); - preg_match_all('#(?:[^\w*]|^)([+\-|]?(?:[\w*]+\'?)*[\w*])(?:[^\w*]|$)#u', $text, $matches); - $text = $matches[1]; - } + $text = preg_replace('#([^\p{L}\p{N}\'*])#u', '$1$1', str_replace('\'\'', '\' \'', trim($text))); + $matches = array(); + preg_match_all('#(?:[^\p{L}\p{N}*]|^)([+\-|]?(?:[\p{L}\p{N}*]+\'?)*[\p{L}\p{N}*])(?:[^\p{L}\p{N}*]|$)#u', $text, $matches); + $text = $matches[1]; // remove too short or too long words $text = array_values($text); @@ -748,7 +673,7 @@ class phpbb_search_fulltext_mysql extends phpbb_search_base { if ($db->sql_layer == 'mysqli' || version_compare($db->sql_server_info(true), '4.1.3', '>=')) { - //$alter[] = 'MODIFY post_subject varchar(100) COLLATE utf8_unicode_ci DEFAULT \'\' NOT NULL'; + $alter[] = 'MODIFY post_subject varchar(255) COLLATE utf8_unicode_ci DEFAULT \'\' NOT NULL'; } else { @@ -909,14 +834,6 @@ class phpbb_search_fulltext_mysql extends phpbb_search_base $tpl = ' <dl> - <dt><label>' . $user->lang['FULLTEXT_MYSQL_PCRE'] . '</label><br /><span>' . $user->lang['FULLTEXT_MYSQL_PCRE_EXPLAIN'] . '</span></dt> - <dd>' . (($this->pcre_properties) ? $user->lang['YES'] : $user->lang['NO']) . ' (PHP ' . PHP_VERSION . ')</dd> - </dl> - <dl> - <dt><label>' . $user->lang['FULLTEXT_MYSQL_MBSTRING'] . '</label><br /><span>' . $user->lang['FULLTEXT_MYSQL_MBSTRING_EXPLAIN'] . '</span></dt> - <dd>' . (($this->mbstring_regex) ? $user->lang['YES'] : $user->lang['NO']). '</dd> - </dl> - <dl> <dt><label>' . $user->lang['MIN_SEARCH_CHARS'] . ':</label><br /><span>' . $user->lang['FULLTEXT_MYSQL_MIN_SEARCH_CHARS_EXPLAIN'] . '</span></dt> <dd>' . $config['fulltext_mysql_min_word_len'] . '</dd> </dl> diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index bcdff54457..257ffb07f6 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -342,8 +342,16 @@ class phpbb_session } } - // Is session_id is set or session_id is set and matches the url param if required - if (!empty($this->session_id) && (!defined('NEED_SID') || (isset($_GET['sid']) && $this->session_id === request_var('sid', '')))) + // if no session id is set, redirect to index.php + $session_id = $request->variable('sid', ''); + if (defined('NEED_SID') && (empty($session_id) || $this->session_id !== $session_id)) + { + send_status_line(401, 'Not authorized'); + redirect(append_sid("{$phpbb_root_path}index.$phpEx")); + } + + // if session id is set + if (!empty($this->session_id)) { $sql = 'SELECT u.*, s.* FROM ' . SESSIONS_TABLE . ' s, ' . USERS_TABLE . " u diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php index f75d70e366..441eaec6b1 100644 --- a/phpBB/includes/startup.php +++ b/phpBB/includes/startup.php @@ -150,7 +150,7 @@ if (function_exists('date_default_timezone_set') && function_exists('date_defaul // Autoloading of dependencies. // Three options are supported: // 1. If dependencies are installed with Composer, Composer will create a -// vendor/.composer/autoload.php. If this file exists it will be +// vendor/autoload.php. If this file exists it will be // automatically used by phpBB. This is the default mode that phpBB // will use when shipped. // 2. To disable composer autoloading, PHPBB_NO_COMPOSER_AUTOLOAD can be specified. @@ -171,11 +171,11 @@ if (getenv('PHPBB_NO_COMPOSER_AUTOLOAD')) } else { - if (!file_exists($phpbb_root_path . 'vendor/.composer/autoload.php')) + if (!file_exists($phpbb_root_path . 'vendor/autoload.php')) { trigger_error('You have not set up composer dependencies. See http://getcomposer.org/.', E_USER_ERROR); } - require($phpbb_root_path . 'vendor/.composer/autoload.php'); + require($phpbb_root_path . 'vendor/autoload.php'); } $starttime = explode(' ', microtime()); diff --git a/phpBB/includes/style/resource_locator.php b/phpBB/includes/style/resource_locator.php index 3e6dd5d6aa..fafa11c352 100644 --- a/phpBB/includes/style/resource_locator.php +++ b/phpBB/includes/style/resource_locator.php @@ -30,7 +30,7 @@ if (!defined('IN_PHPBB')) * * @package phpBB3 */ -class phpbb_style_resource_locator +class phpbb_style_resource_locator implements phpbb_template_locator { /** * Paths to style directories. diff --git a/phpBB/includes/style/style.php b/phpBB/includes/style/style.php index 5ac61c9f10..22e0f1d67a 100644 --- a/phpBB/includes/style/style.php +++ b/phpBB/includes/style/style.php @@ -22,28 +22,33 @@ if (!defined('IN_PHPBB')) class phpbb_style { /** - * @var phpbb_style_template Template class. + * Template class. * Handles everything related to templates. + * @var phpbb_template */ private $template; /** - * @var string phpBB root path + * phpBB root path + * @var string */ private $phpbb_root_path; /** - * @var phpEx PHP file extension + * PHP file extension + * @var string */ private $phpEx; /** - * @var phpbb_config phpBB config instance + * phpBB config instance + * @var phpbb_config */ private $config; /** - * @var user current user + * Current user + * @var phpbb_user */ private $user; @@ -66,9 +71,9 @@ class phpbb_style * @param user $user current user * @param phpbb_style_resource_locator $locator style resource locator * @param phpbb_style_path_provider $provider style path provider - * @param phpbb_style_template $template template + * @param phpbb_template $template template */ - public function __construct($phpbb_root_path, $phpEx, $config, $user, phpbb_style_resource_locator $locator, phpbb_style_path_provider_interface $provider, phpbb_style_template $template) + public function __construct($phpbb_root_path, $phpEx, $config, $user, phpbb_style_resource_locator $locator, phpbb_style_path_provider_interface $provider, phpbb_template $template) { $this->phpbb_root_path = $phpbb_root_path; $this->phpEx = $phpEx; @@ -84,9 +89,9 @@ class phpbb_style */ public function set_style() { - $style_name = $this->user->theme['style_path']; - $style_dirs = ($this->user->theme['style_parent_id']) ? array_reverse(explode('/', $this->user->theme['style_parent_tree'])) : array(); - $paths = array($this->get_style_path($style_name)); + $style_path = $this->user->style['style_path']; + $style_dirs = ($this->user->style['style_parent_id']) ? array_reverse(explode('/', $this->user->style['style_parent_tree'])) : array(); + $paths = array($this->get_style_path($style_path)); foreach ($style_dirs as $dir) { $paths[] = $this->get_style_path($dir); @@ -95,7 +100,7 @@ class phpbb_style // Add 'all' path, used as last fallback path by hooks and extensions $paths[] = $this->get_style_path('all'); - return $this->set_custom_style($style_name, $paths); + return $this->set_custom_style($style_path, $paths); } /** @@ -119,7 +124,7 @@ class phpbb_style $this->template->cachepath = $this->phpbb_root_path . 'cache/tpl_' . str_replace('_', '-', $name) . '_'; - $this->template->context = new phpbb_style_template_context(); + $this->template->context = new phpbb_template_context(); if ($template_path !== false) { diff --git a/phpBB/includes/style/template_compile.php b/phpBB/includes/template/compile.php index fa0928f424..82b301c1a2 100644 --- a/phpBB/includes/style/template_compile.php +++ b/phpBB/includes/template/compile.php @@ -15,7 +15,7 @@ if (!defined('IN_PHPBB')) exit; } -stream_filter_register('phpbb_template', 'phpbb_style_template_filter'); +stream_filter_register('phpbb_template', 'phpbb_template_filter'); /** * Extension of template class - Functions needed for compiling templates only. @@ -23,7 +23,7 @@ stream_filter_register('phpbb_template', 'phpbb_style_template_filter'); * @package phpBB3 * @uses template_filter As a PHP stream filter to perform compilation of templates */ -class phpbb_style_template_compile +class phpbb_template_compile { /** * Array of parameters to forward to template filter diff --git a/phpBB/includes/style/template_context.php b/phpBB/includes/template/context.php index b22f77da2e..ec09da1cf3 100644 --- a/phpBB/includes/style/template_context.php +++ b/phpBB/includes/template/context.php @@ -20,7 +20,7 @@ if (!defined('IN_PHPBB')) * * @package phpBB3 */ -class phpbb_style_template_context +class phpbb_template_context { /** * variable that holds all the data we'll be substituting into @@ -86,7 +86,7 @@ class phpbb_style_template_context * Returns a reference to template data array. * * This function is public so that template renderer may invoke it. - * Users should alter template variables via functions in phpbb_style_template. + * Users should alter template variables via functions in phpbb_template. * * Note: modifying returned array will affect data stored in the context. * diff --git a/phpBB/includes/style/template_filter.php b/phpBB/includes/template/filter.php index 6ef9d80a3d..ad2e35de6a 100644 --- a/phpBB/includes/style/template_filter.php +++ b/phpBB/includes/template/filter.php @@ -35,7 +35,7 @@ if (!defined('IN_PHPBB')) * @see template_compile * @package phpBB3 */ -class phpbb_style_template_filter extends php_user_filter +class phpbb_template_filter extends php_user_filter { const REGEX_NS = '[a-z_][a-z_0-9]+'; @@ -905,12 +905,12 @@ class phpbb_style_template_filter extends php_user_filter if (substr($filename, 0, strlen($this->phpbb_root_path)) != $this->phpbb_root_path) { // Absolute path, include as is - return ' $_template->_js_include(\'' . addslashes($filename) . '\', false); '; + return ' $_template->_js_include(\'' . addslashes($filename) . '\', false, false); '; } // Relative path, remove root path from it $filename = substr($filename, strlen($this->phpbb_root_path)); - return ' global $phpbb_root_path; $_template->_js_include($phpbb_root_path . \'' . addslashes($filename) . '\', false); '; + return ' $_template->_js_include(\'' . addslashes($filename) . '\', false, true); '; } /** diff --git a/phpBB/includes/template/locator.php b/phpBB/includes/template/locator.php new file mode 100644 index 0000000000..01c79eec4e --- /dev/null +++ b/phpBB/includes/template/locator.php @@ -0,0 +1,121 @@ +<?php +/** +* +* @package phpBB3 +* @copyright (c) 2011 phpBB Group +* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 +* +*/ + +/** +* @ignore +*/ +if (!defined('IN_PHPBB')) +{ + exit; +} + + +/** +* Resource locator interface. +* +* Objects implementing this interface maintain mapping from template handles +* to source template file paths and locate templates. +* +* Locates style files. +* +* Resource locator is aware of styles tree, and can return actual +* filesystem paths (i.e., the "child" style or the "parent" styles) +* depending on what files exist. +* +* Root paths stored in locator are paths to style directories. Templates are +* stored in subdirectory that $template_path points to. +* +* @package phpBB3 +*/ +interface phpbb_template_locator +{ + /** + * Sets the template filenames for handles. $filename_array + * should be a hash of handle => filename pairs. + * + * @param array $filname_array Should be a hash of handle => filename pairs. + */ + public function set_filenames(array $filename_array); + + /** + * Determines the filename for a template handle. + * + * The filename comes from array used in a set_filenames call, + * which should have been performed prior to invoking this function. + * Return value is a file basename (without path). + * + * @param $handle string Template handle + * @return string Filename corresponding to the template handle + */ + public function get_filename_for_handle($handle); + + /** + * Determines the source file path for a template handle without + * regard for styles tree. + * + * This function returns the path in "primary" style directory + * corresponding to the given template handle. That path may or + * may not actually exist on the filesystem. Because this function + * does not perform stat calls to determine whether the path it + * returns actually exists, it is faster than get_source_file_for_handle. + * + * Use get_source_file_for_handle to obtain the actual path that is + * guaranteed to exist (which might come from the parent style + * directory if primary style has parent styles). + * + * This function will trigger an error if the handle was never + * associated with a template file via set_filenames. + * + * @param $handle string Template handle + * @return string Path to source file path in primary style directory + */ + public function get_virtual_source_file_for_handle($handle); + + /** + * Determines the source file path for a template handle, accounting + * for styles tree and verifying that the path exists. + * + * This function returns the actual path that may be compiled for + * the specified template handle. It will trigger an error if + * the template handle was never associated with a template path + * via set_filenames or if the template file does not exist on the + * filesystem. + * + * Use get_virtual_source_file_for_handle to just resolve a template + * handle to a path without any filesystem or styles tree checks. + * + * @param string $handle Template handle (i.e. "friendly" template name) + * @param bool $find_all If true, each root path will be checked and function + * will return array of files instead of string and will not + * trigger a error if template does not exist + * @return string Source file path + */ + public function get_source_file_for_handle($handle, $find_all = false); + + /** + * Locates source file path, accounting for styles tree and verifying that + * the path exists. + * + * Unlike previous functions, this function works without template handle + * and it can search for more than one file. If more than one file name is + * specified, it will return location of file that it finds first. + * + * @param array $files List of files to locate. + * @param bool $return_default Determines what to return if file does not + * exist. If true, function will return location where file is + * supposed to be. If false, function will return false. + * @param bool $return_full_path If true, function will return full path + * to file. If false, function will return file name. This + * parameter can be used to check which one of set of files + * is available. + * @return string or boolean Source file path if file exists or $return_default is + * true. False if file does not exist and $return_default is false + */ + public function get_first_file_location($files, $return_default = false, $return_full_path = true); +} diff --git a/phpBB/includes/style/template_renderer.php b/phpBB/includes/template/renderer.php index bd2a786e86..30e234a733 100644 --- a/phpBB/includes/style/template_renderer.php +++ b/phpBB/includes/template/renderer.php @@ -23,12 +23,12 @@ if (!defined('IN_PHPBB')) * * @package phpBB3 */ -interface phpbb_style_template_renderer +interface phpbb_template_renderer { /** * Displays the template managed by this renderer. * - * @param phpbb_style_template_context $context Template context to use + * @param phpbb_template_context $context Template context to use * @param array $lang Language entries to use */ public function render($context, $lang); diff --git a/phpBB/includes/style/template_renderer_eval.php b/phpBB/includes/template/renderer_eval.php index 3e08b06e69..f8e4cb7b10 100644 --- a/phpBB/includes/style/template_renderer_eval.php +++ b/phpBB/includes/template/renderer_eval.php @@ -21,7 +21,7 @@ if (!defined('IN_PHPBB')) * * @package phpBB3 */ -class phpbb_style_template_renderer_eval implements phpbb_style_template_renderer +class phpbb_template_renderer_eval implements phpbb_template_renderer { /** * Template code to be eval'ed. @@ -33,7 +33,7 @@ class phpbb_style_template_renderer_eval implements phpbb_style_template_rendere * Template includes are delegated to template object $template. * * @param string $code php code of the template - * @param phpbb_style_template $template template object + * @param phpbb_template $template template object */ public function __construct($code, $template) { @@ -45,7 +45,7 @@ class phpbb_style_template_renderer_eval implements phpbb_style_template_rendere * Displays the template managed by this renderer by eval'ing php code * of the template. * - * @param phpbb_style_template_context $context Template context to use + * @param phpbb_template_context $context Template context to use * @param array $lang Language entries to use */ public function render($context, $lang) diff --git a/phpBB/includes/style/template_renderer_include.php b/phpBB/includes/template/renderer_include.php index 91c1a1bb65..f5c9026abf 100644 --- a/phpBB/includes/style/template_renderer_include.php +++ b/phpBB/includes/template/renderer_include.php @@ -22,7 +22,7 @@ if (!defined('IN_PHPBB')) * * @package phpBB3 */ -class phpbb_style_template_renderer_include implements phpbb_style_template_renderer +class phpbb_template_renderer_include implements phpbb_template_renderer { /** * Template path to be included. @@ -45,7 +45,7 @@ class phpbb_style_template_renderer_include implements phpbb_style_template_rend * Displays the template managed by this renderer by including * the php file containing the template. * - * @param phpbb_style_template_context $context Template context to use + * @param phpbb_template_context $context Template context to use * @param array $lang Language entries to use */ public function render($context, $lang) diff --git a/phpBB/includes/style/template.php b/phpBB/includes/template/template.php index 9d476e74b9..8ab3c44be3 100644 --- a/phpBB/includes/style/template.php +++ b/phpBB/includes/template/template.php @@ -29,52 +29,52 @@ if (!defined('IN_PHPBB')) * Base Template class. * @package phpBB3 */ -class phpbb_style_template +class phpbb_template { /** - * @var phpbb_style_template_context Template context. + * Template context. * Stores template data used during template rendering. + * @var phpbb_template_context */ public $context; /** - * @var string Path of the cache directory for the template + * Path of the cache directory for the template + * @var string */ public $cachepath = ''; /** - * @var string phpBB root path + * phpBB root path + * @var string */ private $phpbb_root_path; /** - * @var phpEx PHP file extension + * PHP file extension + * @var string */ private $phpEx; /** - * @var phpbb_config phpBB config instance + * phpBB config instance + * @var phpbb_config */ private $config; /** - * @var user current user + * Current user + * @var phpbb_user */ private $user; /** - * Style resource locator - * @var phpbb_style_resource_locator + * Template locator + * @var phpbb_template_locator */ private $locator; /** - * Template path provider - * @var phpbb_style_path_provider - */ - private $provider; - - /** * Location of templates directory within style directories * @var string */ @@ -85,10 +85,9 @@ class phpbb_style_template * * @param string $phpbb_root_path phpBB root path * @param user $user current user - * @param phpbb_style_resource_locator $locator style resource locator - * @param phpbb_style_path_provider $provider style path provider + * @param phpbb_template_locator $locator template locator */ - public function __construct($phpbb_root_path, $phpEx, $config, $user, phpbb_style_resource_locator $locator, phpbb_style_path_provider_interface $provider) + public function __construct($phpbb_root_path, $phpEx, $config, $user, phpbb_template_locator $locator) { $this->phpbb_root_path = $phpbb_root_path; $this->phpEx = $phpEx; @@ -96,7 +95,6 @@ class phpbb_style_template $this->user = $user; $this->locator = $locator; $this->template_path = $this->locator->template_path; - $this->provider = $provider; } /** @@ -253,15 +251,15 @@ class phpbb_style_template * configuration setting may be used to force templates to be always * recompiled. * - * Returns an object implementing phpbb_style_template_renderer, or null + * Returns an object implementing phpbb_template_renderer, or null * if template loading or compilation failed. Call render() on the * renderer to display the template. This will result in template * contents sent to the output stream (unless, of course, output * buffering is in effect). * * @param string $handle Handle of the template to load - * @return phpbb_style_template_renderer Template renderer object, or null on failure - * @uses phpbb_style_template_compile is used to compile template source + * @return phpbb_template_renderer Template renderer object, or null on failure + * @uses phpbb_template_compile is used to compile template source */ private function _tpl_load($handle) { @@ -285,18 +283,18 @@ class phpbb_style_template // Recompile page if the original template is newer, otherwise load the compiled version if (!$recompile) { - return new phpbb_style_template_renderer_include($output_file, $this); + return new phpbb_template_renderer_include($output_file, $this); } - $compile = new phpbb_style_template_compile($this->config['tpl_allow_php'], $this->locator, $this->phpbb_root_path); + $compile = new phpbb_template_compile($this->config['tpl_allow_php'], $this->locator, $this->phpbb_root_path); if ($compile->compile_file_to_file($source_file, $output_file) !== false) { - $renderer = new phpbb_style_template_renderer_include($output_file, $this); + $renderer = new phpbb_template_renderer_include($output_file, $this); } else if (($code = $compile->compile_file($source_file)) !== false) { - $renderer = new phpbb_style_template_renderer_eval($code, $this); + $renderer = new phpbb_template_renderer_eval($code, $this); } else { @@ -358,7 +356,7 @@ class phpbb_style_template $this->context->append_var($varname, $varval); } - // Docstring is copied from phpbb_style_template_context method with the same name. + // Docstring is copied from phpbb_template_context method with the same name. /** * Assign key variable pairs from an array to a specified block * @param string $blockname Name of block to assign $vararray to @@ -369,7 +367,7 @@ class phpbb_style_template return $this->context->assign_block_vars($blockname, $vararray); } - // Docstring is copied from phpbb_style_template_context method with the same name. + // Docstring is copied from phpbb_template_context method with the same name. /** * Change already assigned key variable pair (one-dimensional - single loop entry) * @@ -498,14 +496,19 @@ class phpbb_style_template * * @param string $file file name * @param bool $locate True if file needs to be located + * @param bool $relative True if path is relative to phpBB root directory. Ignored if $locate == true */ - public function _js_include($file, $locate = false) + public function _js_include($file, $locate = false, $relative = false) { // Locate file if ($locate) { $file = $this->locator->get_first_file_location(array($file), true, true); } + else if ($relative) + { + $file = $this->phpbb_root_path . $file; + } $file .= (strpos($file, '?') === false) ? '?' : '&'; $file .= 'assets_version=' . $this->config['assets_version']; diff --git a/phpBB/includes/ucp/info/ucp_profile.php b/phpBB/includes/ucp/info/ucp_profile.php index 09c0318de9..968538a178 100644 --- a/phpBB/includes/ucp/info/ucp_profile.php +++ b/phpBB/includes/ucp/info/ucp_profile.php @@ -23,6 +23,7 @@ class ucp_profile_info 'signature' => array('title' => 'UCP_PROFILE_SIGNATURE', 'auth' => '', 'cat' => array('UCP_PROFILE')), 'avatar' => array('title' => 'UCP_PROFILE_AVATAR', 'auth' => 'cfg_allow_avatar && (cfg_allow_avatar_local || cfg_allow_avatar_remote || cfg_allow_avatar_upload || cfg_allow_avatar_remote_upload)', 'cat' => array('UCP_PROFILE')), 'reg_details' => array('title' => 'UCP_PROFILE_REG_DETAILS', 'auth' => '', 'cat' => array('UCP_PROFILE')), + 'autologin_keys'=> array('title' => 'UCP_PROFILE_AUTOLOGIN_KEYS', 'auth' => '', 'cat' => array('UCP_PROFILE')), ), ); } diff --git a/phpBB/includes/ucp/ucp_pm_options.php b/phpBB/includes/ucp/ucp_pm_options.php index bde5d1dfcf..bf7334b307 100644 --- a/phpBB/includes/ucp/ucp_pm_options.php +++ b/phpBB/includes/ucp/ucp_pm_options.php @@ -327,10 +327,23 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit trigger_error('RULE_ALREADY_DEFINED'); } + // Prevent users from flooding the rules table + $sql = 'SELECT COUNT(rule_id) AS num_rules + FROM ' . PRIVMSGS_RULES_TABLE . ' + WHERE user_id = ' . (int) $user->data['user_id']; + $result = $db->sql_query($sql); + $num_rules = (int) $db->sql_fetchfield('num_rules'); + $db->sql_freeresult($result); + + if ($num_rules >= 5000) + { + trigger_error('RULE_LIMIT_REACHED'); + } + $sql = 'INSERT INTO ' . PRIVMSGS_RULES_TABLE . ' ' . $db->sql_build_array('INSERT', $rule_ary); $db->sql_query($sql); - // Update users message rules + // Set the user_message_rules bit $sql = 'UPDATE ' . USERS_TABLE . ' SET user_message_rules = 1 WHERE user_id = ' . $user->data['user_id']; @@ -377,7 +390,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); - // Update users message rules + // Unset the user_message_rules bit if (!$row) { $sql = 'UPDATE ' . USERS_TABLE . ' diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php index 9d81503f0a..2ac82fb52f 100644 --- a/phpBB/includes/ucp/ucp_profile.php +++ b/phpBB/includes/ucp/ucp_profile.php @@ -618,6 +618,60 @@ class ucp_profile } break; + + case 'autologin_keys': + + add_form_key('ucp_autologin_keys'); + + if ($submit) + { + $keys = request_var('keys', array('')); + + if (!check_form_key('ucp_autologin_keys')) + { + $error[] = 'FORM_INVALID'; + } + + if (!sizeof($error)) + { + if (!empty($keys)) + { + $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' + WHERE user_id = ' . (int) $user->data['user_id'] . ' + AND ' . $db->sql_in_set('key_id', $keys) ; + + $db->sql_query($sql); + + meta_refresh(3, $this->u_action); + $message = $user->lang['AUTOLOGIN_SESSION_KEYS_DELETED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); + trigger_error($message); + } + } + + // Replace "error" strings with their real, localised form + $error = array_map(array($user, 'lang'), $error); + } + + $sql = 'SELECT key_id, last_ip, last_login + FROM ' . SESSIONS_KEYS_TABLE . ' + WHERE user_id = ' . (int) $user->data['user_id']; + + $result = $db->sql_query($sql); + + while ($row = $db->sql_fetchrow($result)) + { + $template->assign_block_vars('sessions', array( + 'errors' => $error, + + 'KEY' => $row['key_id'], + 'IP' => $row['last_ip'], + 'LOGIN_TIME' => $user->format_date($row['last_login']), + )); + } + + $db->sql_freeresult($result); + + break; } $template->assign_vars(array( diff --git a/phpBB/includes/user.php b/phpBB/includes/user.php index ce9c804f23..cf9e6b9994 100644 --- a/phpBB/includes/user.php +++ b/phpBB/includes/user.php @@ -27,7 +27,7 @@ class phpbb_user extends phpbb_session { var $lang = array(); var $help = array(); - var $theme = array(); + var $style = array(); var $date_format; var $timezone; var $dst; @@ -159,11 +159,11 @@ class phpbb_user extends phpbb_session FROM ' . STYLES_TABLE . " s WHERE s.style_id = $style_id"; $result = $db->sql_query($sql, 3600); - $this->theme = $db->sql_fetchrow($result); + $this->style = $db->sql_fetchrow($result); $db->sql_freeresult($result); // User has wrong style - if (!$this->theme && $style_id == $this->data['user_style']) + if (!$this->style && $style_id == $this->data['user_style']) { $style_id = $this->data['user_style'] = $config['default_style']; @@ -176,20 +176,17 @@ class phpbb_user extends phpbb_session FROM ' . STYLES_TABLE . " s WHERE s.style_id = $style_id"; $result = $db->sql_query($sql, 3600); - $this->theme = $db->sql_fetchrow($result); + $this->style = $db->sql_fetchrow($result); $db->sql_freeresult($result); } - if (!$this->theme) + if (!$this->style) { trigger_error('Could not get style data', E_USER_ERROR); } // Now parse the cfg file and cache it - $parsed_items = $cache->obtain_cfg_items($this->theme); - - // We are only interested in the theme configuration for now - $parsed_items = $parsed_items['theme']; + $parsed_items = $cache->obtain_cfg_items($this->style); $check_for = array( 'pagination_sep' => (string) ', ' @@ -197,12 +194,12 @@ class phpbb_user extends phpbb_session foreach ($check_for as $key => $default_value) { - $this->theme[$key] = (isset($parsed_items[$key])) ? $parsed_items[$key] : $default_value; - settype($this->theme[$key], gettype($default_value)); + $this->style[$key] = (isset($parsed_items[$key])) ? $parsed_items[$key] : $default_value; + settype($this->style[$key], gettype($default_value)); if (is_string($default_value)) { - $this->theme[$key] = htmlspecialchars($this->theme[$key]); + $this->style[$key] = htmlspecialchars($this->style[$key]); } } diff --git a/phpBB/includes/utf/utf_tools.php b/phpBB/includes/utf/utf_tools.php index 9dc0634e5b..c402e15032 100644 --- a/phpBB/includes/utf/utf_tools.php +++ b/phpBB/includes/utf/utf_tools.php @@ -1933,7 +1933,7 @@ function utf8_wordwrap($string, $width = 75, $break = "\n", $cut = false) * UTF8-safe basename() function * * basename() has some limitations and is dependent on the locale setting -* according to the PHP manual. Therefore we provide our own locale independant +* according to the PHP manual. Therefore we provide our own locale independent * basename function. * * @param string $filename The filename basename() should be applied to |