aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes')
-rw-r--r--phpBB/includes/acp/acp_groups.php1
-rw-r--r--phpBB/includes/acp/acp_permissions.php2
-rw-r--r--phpBB/includes/acp/auth.php9
-rw-r--r--phpBB/includes/functions.php15
-rw-r--r--phpBB/includes/functions_posting.php24
-rw-r--r--phpBB/includes/functions_upload.php6
-rw-r--r--phpBB/includes/functions_user.php32
-rw-r--r--phpBB/includes/session.php13
-rw-r--r--phpBB/includes/ucp/ucp_pm_compose.php22
9 files changed, 106 insertions, 18 deletions
diff --git a/phpBB/includes/acp/acp_groups.php b/phpBB/includes/acp/acp_groups.php
index 7af21bb30c..93ab4eedaa 100644
--- a/phpBB/includes/acp/acp_groups.php
+++ b/phpBB/includes/acp/acp_groups.php
@@ -104,6 +104,7 @@ class acp_groups
if (confirm_box(true))
{
$group_name = ($group_row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $group_row['group_name']] : $group_row['group_name'];
+
if (!sizeof($mark_ary))
{
$start = 0;
diff --git a/phpBB/includes/acp/acp_permissions.php b/phpBB/includes/acp/acp_permissions.php
index 225daf01c6..6102088c8f 100644
--- a/phpBB/includes/acp/acp_permissions.php
+++ b/phpBB/includes/acp/acp_permissions.php
@@ -422,7 +422,7 @@ class acp_permissions
$sql = 'SELECT forum_name
FROM ' . FORUMS_TABLE . '
WHERE ' . $db->sql_in_set('forum_id', $forum_id) . '
- ORDER BY forum_name ASC';
+ ORDER BY left_id ASC';
$result = $db->sql_query($sql);
$forum_names = array();
diff --git a/phpBB/includes/acp/auth.php b/phpBB/includes/acp/auth.php
index 58e8e47159..c78a2e2025 100644
--- a/phpBB/includes/acp/auth.php
+++ b/phpBB/includes/acp/auth.php
@@ -437,9 +437,12 @@ class auth_admin extends auth
$hold_ary = array();
foreach ($hold_ary_temp as $ug_id => $row)
{
- foreach ($row as $forum_id => $auth_row)
+ foreach ($forum_names_ary as $forum_id => $forum_row)
{
- $hold_ary[$forum_id][$ug_id] = $auth_row;
+ if (isset($row[$forum_id]))
+ {
+ $hold_ary[$forum_id][$ug_id] = $row[$forum_id];
+ }
}
}
unset($hold_ary_temp);
@@ -451,6 +454,8 @@ class auth_admin extends auth
$template->assign_block_vars($tpl_pmask, array(
'NAME' => ($forum_id == 0) ? $forum_names_ary[0] : $forum_names_ary[$forum_id]['forum_name'],
+ 'PADDING' => ($forum_id == 0) ? '' : $forum_names_ary[$forum_id]['padding'],
+
'CATEGORIES' => implode('</th><th>', $categories),
'L_ACL_TYPE' => $l_acl_type,
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index dbe8330c90..dbf2612d20 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -2013,7 +2013,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
$username = request_var('username', '', true);
$password = request_var('password', '', true);
$autologin = (!empty($_POST['autologin'])) ? true : false;
- $viewonline = (!empty($_POST['viewonline'])) ? 0 : 1;
+ $viewonline = (!empty($_POST['viewonline']) && $auth->acl_get('u_hideonline')) ? 0 : 1;
$admin = ($admin) ? 1 : 0;
$viewonline = ($admin) ? $user->data['session_viewonline'] : $viewonline;
@@ -2169,6 +2169,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
'S_DISPLAY_FULL_LOGIN' => ($s_display) ? true : false,
'S_AUTOLOGIN_ENABLED' => ($config['allow_autologin']) ? true : false,
+ 'S_ALLOW_HIDE_ONLINE' => ($auth->acl_get('u_hideonline')) ? true : false,
'S_LOGIN_ACTION' => (!$admin) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=login') : append_sid("index.$phpEx", false, true, $user->session_id), // Needs to stay index.$phpEx because we are within the admin directory
'S_HIDDEN_FIELDS' => $s_hidden_fields,
@@ -2794,9 +2795,17 @@ function parse_attachments($forum_id, &$message, &$attachments, &$update_count,
{
if ($config['img_link_width'] || $config['img_link_height'])
{
- list($width, $height) = getimagesize($filename);
+ $dimension = getimagesize($filename);
- $display_cat = (!$width && !$height) ? ATTACHMENT_CATEGORY_IMAGE : (($width <= $config['img_link_width'] && $height <= $config['img_link_height']) ? ATTACHMENT_CATEGORY_IMAGE : ATTACHMENT_CATEGORY_NONE);
+ // If the dimensions could not be determined or the image being too small we display it as a link for safety purposes
+ if ($dimension === false || $dimension[0] < 2 || $dimension[1] < 2)
+ {
+ $display_cat = ATTACHMENT_CATEGORY_NONE;
+ }
+ else
+ {
+ $display_cat = ($dimension[0] <= $config['img_link_width'] && $dimension[1] <= $config['img_link_height']) ? ATTACHMENT_CATEGORY_IMAGE : ATTACHMENT_CATEGORY_NONE;
+ }
}
}
else
diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php
index 74403f779e..7519c93d15 100644
--- a/phpBB/includes/functions_posting.php
+++ b/phpBB/includes/functions_posting.php
@@ -552,9 +552,16 @@ function create_thumbnail($source, $destination, $mimetype)
return false;
}
- list($width, $height, $type, ) = getimagesize($source);
+ $dimension = getimagesize($source);
- if (!$width || !$height)
+ if ($dimension === false)
+ {
+ return false;
+ }
+
+ list($width, $height, $type, ) = $dimension;
+
+ if ($width < 2 || $height < 2)
{
return false;
}
@@ -1578,6 +1585,19 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
'topic_attachment' => (!empty($data['attachment_data'])) ? 1 : (isset($data['topic_attachment']) ? $data['topic_attachment'] : 0),
);
+
+ // no break;
+
+ case 'edit':
+ case 'edit_last_post':
+
+ // Correctly set back the topic replies and forum posts...
+ if (!$auth->acl_get('f_noapprove', $data['forum_id']) && !$auth->acl_get('m_approve', $data['forum_id']))
+ {
+ $sql_data[TOPICS_TABLE]['stat'][] = 'topic_replies = topic_replies - 1';
+ $sql_data[FORUMS_TABLE]['stat'][] = 'forum_posts = forum_posts - 1';
+ }
+
break;
}
diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php
index 1dd40f3f1c..e07c91e8d0 100644
--- a/phpBB/includes/functions_upload.php
+++ b/phpBB/includes/functions_upload.php
@@ -337,6 +337,12 @@ class filespec
$this->error[] = sprintf($user->lang['IMAGE_FILETYPE_MISMATCH'], $types[$this->image_info[2]][0], $this->extension);
}
}
+
+ // Make sure the dimensions match a valid image
+ if ($this->width < 2 || $this->height < 2)
+ {
+ $this->error[] = $user->lang['ATTACHED_IMAGE_NOT_IMAGE'];
+ }
}
else
{
diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php
index fae22f7ad2..e3e376e287 100644
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@@ -11,8 +11,12 @@
/**
* Obtain user_ids from usernames or vice versa. Returns false on
* success else the error string
+*
+* @param array &$user_id_ary The user ids to check or empty if usernames used
+* @param array &$username_ary The usernames to check or empty if user ids used
+* @param mixed $user_type Array of user types to check, false if not restricting by user type
*/
-function user_get_id_name(&$user_id_ary, &$username_ary, $only_active = false)
+function user_get_id_name(&$user_id_ary, &$username_ary, $user_type = false)
{
global $db;
@@ -45,9 +49,9 @@ function user_get_id_name(&$user_id_ary, &$username_ary, $only_active = false)
FROM ' . USERS_TABLE . '
WHERE ' . $db->sql_in_set($sql_where, $sql_in);
- if ($only_active)
+ if ($user_type !== false && !empty($user_type))
{
- $sql .= ' AND user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')';
+ $sql .= ' AND ' . $db->sql_in_set('user_type', $user_type);
}
$result = $db->sql_query($sql);
@@ -1410,10 +1414,16 @@ function avatar_remote($data, &$error)
return false;
}
+ if ($image_data[0] < 2 || $image_data[1] < 2)
+ {
+ $error[] = $user->lang['AVATAR_NO_SIZE'];
+ return false;
+ }
+
$width = ($data['width'] && $data['height']) ? $data['width'] : $image_data[0];
$height = ($data['width'] && $data['height']) ? $data['height'] : $image_data[1];
- if (!$width || !$height)
+ if ($width < 2 || $height < 2)
{
$error[] = $user->lang['AVATAR_NO_SIZE'];
return false;
@@ -1630,7 +1640,17 @@ function avatar_process_user(&$error, $custom_userdata = false)
}
$sql_ary = array();
- $data['user_id'] = ($custom_userdata === false) ? $user->data['user_id'] : $custom_userdata['user_id'];
+
+ if ($custom_userdata === false)
+ {
+ $userdata = &$user->data;
+ }
+ else
+ {
+ $userdata = &$custom_userdata;
+ }
+
+ $data['user_id'] = $userdata['user_id'];
$change_avatar = ($custom_userdata === false) ? $auth->acl_get('u_chgavatar') : true;
$avatar_select = basename(request_var('avatar_select', ''));
@@ -1669,7 +1689,7 @@ function avatar_process_user(&$error, $custom_userdata = false)
$sql_ary['user_avatar'] = '';
$sql_ary['user_avatar_type'] = $sql_ary['user_avatar_width'] = $sql_ary['user_avatar_height'] = 0;
}
- else if ($data['width'] && $data['height'])
+ else if ($data['width'] && $data['height'] && ($userdata['user_avatar_type'] != AVATAR_GALLERY))
{
// Only update the dimensions?
if ($config['avatar_max_width'] || $config['avatar_max_height'])
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php
index 80fd7e0687..454c4fd648 100644
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@@ -915,6 +915,12 @@ class session
if ($banned && !$return)
{
+ // If the session is empty we need to create a valid one...
+ if (empty($this->session_id))
+ {
+ $this->session_create(ANONYMOUS);
+ }
+
// Initiate environment ... since it won't be set at this stage
$this->setup();
@@ -941,6 +947,13 @@ class session
$this->session_kill(false);
}
+ // Ok, we catch the case of an empty session id for the anonymous user...
+ // This can happen if the user is logging in, banned by username and the login_box() being called "again".
+ if (empty($this->session_id))
+ {
+ $this->session_create(ANONYMOUS);
+ }
+
// Determine which message to output
$till_date = ($ban_row['ban_end']) ? $this->format_date($ban_row['ban_end']) : '';
$message = ($ban_row['ban_end']) ? 'BOARD_BAN_TIME' : 'BOARD_BAN_PERM';
diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php
index b5cba63c97..e9c67bcccf 100644
--- a/phpBB/includes/ucp/ucp_pm_compose.php
+++ b/phpBB/includes/ucp/ucp_pm_compose.php
@@ -326,7 +326,7 @@ function compose_pm($id, $mode, $action)
}
// Handle User/Group adding/removing
- handle_message_list_actions($address_list, $remove_u, $remove_g, $add_to, $add_bcc);
+ handle_message_list_actions($address_list, $error, $remove_u, $remove_g, $add_to, $add_bcc);
// Check for too many recipients
if ((!$config['allow_mass_pm'] || !$auth->acl_get('u_masspm')) && num_recipients($address_list) > 1)
@@ -907,9 +907,9 @@ function compose_pm($id, $mode, $action)
/**
* For composing messages, handle list actions
*/
-function handle_message_list_actions(&$address_list, $remove_u, $remove_g, $add_to, $add_bcc)
+function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove_g, $add_to, $add_bcc)
{
- global $auth, $db;
+ global $auth, $db, $user;
// Delete User [TO/BCC]
if ($remove_u)
@@ -956,7 +956,13 @@ function handle_message_list_actions(&$address_list, $remove_u, $remove_g, $add_
if (sizeof($usernames))
{
$user_id_ary = array();
- user_get_id_name($user_id_ary, $usernames);
+ user_get_id_name($user_id_ary, $usernames, array(USER_NORMAL, USER_FOUNDER, USER_INACTIVE));
+
+ // If there are users not existing, we will at least print a notice...
+ if (!sizeof($user_id_ary))
+ {
+ $error[] = $user->lang['PM_NO_USERS'];
+ }
}
// Add Friends if specified
@@ -987,11 +993,19 @@ function handle_message_list_actions(&$address_list, $remove_u, $remove_g, $add_
AND user_allow_pm = 0';
$result = $db->sql_query($sql);
+ $removed = false;
while ($row = $db->sql_fetchrow($result))
{
+ $removed = true;
unset($address_list['u'][$row['user_id']]);
}
$db->sql_freeresult($result);
+
+ // print a notice about users not being added who do not want to receive pms
+ if ($removed)
+ {
+ $error[] = $user->lang['PM_USERS_REMOVED_NO_PM'];
+ }
}
}
}
generated by cgit v1.2.1 (git 2.21.0) at 2025-07-30 19:22:23 +0000