aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/phpbb
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/phpbb')
-rw-r--r--phpBB/phpbb/cache/driver/memcache.php4
-rw-r--r--phpBB/phpbb/cache/driver/memcached.php4
-rw-r--r--phpBB/phpbb/console/command/fixup/fix_left_right_ids.php134
-rw-r--r--phpBB/phpbb/db/migration/data/v30x/.htaccess33
-rw-r--r--phpBB/phpbb/db/migration/data/v310/.htaccess33
-rw-r--r--phpBB/phpbb/db/migration/data/v31x/.htaccess33
-rw-r--r--phpBB/phpbb/db/migration/data/v31x/v3111rc1.php43
-rw-r--r--phpBB/phpbb/search/fulltext_mysql.php21
-rw-r--r--phpBB/phpbb/session.php47
-rw-r--r--phpBB/phpbb/version_helper.php108
10 files changed, 439 insertions, 21 deletions
diff --git a/phpBB/phpbb/cache/driver/memcache.php b/phpBB/phpbb/cache/driver/memcache.php
index caa82fb0b1..57f138f574 100644
--- a/phpBB/phpbb/cache/driver/memcache.php
+++ b/phpBB/phpbb/cache/driver/memcache.php
@@ -52,8 +52,8 @@ class memcache extends \phpbb\cache\driver\memory
$this->memcache = new \Memcache;
foreach (explode(',', PHPBB_ACM_MEMCACHE) as $u)
{
- $parts = explode('/', $u);
- $this->memcache->addServer(trim($parts[0]), trim($parts[1]));
+ preg_match('#(.*)/(\d+)#', $u, $parts);
+ $this->memcache->addServer(trim($parts[1]), (int) trim($parts[2]));
}
$this->flags = (PHPBB_ACM_MEMCACHE_COMPRESS) ? MEMCACHE_COMPRESSED : 0;
}
diff --git a/phpBB/phpbb/cache/driver/memcached.php b/phpBB/phpbb/cache/driver/memcached.php
index 105e763af4..a7da22d7e8 100644
--- a/phpBB/phpbb/cache/driver/memcached.php
+++ b/phpBB/phpbb/cache/driver/memcached.php
@@ -67,8 +67,8 @@ class memcached extends \phpbb\cache\driver\memory
foreach (explode(',', PHPBB_ACM_MEMCACHE) as $u)
{
- $parts = explode('/', $u);
- $this->memcached->addServer(trim($parts[0]), trim($parts[1]));
+ preg_match('#(.*)/(\d+)#', $u, $parts);
+ $this->memcache->addServer(trim($parts[1]), (int) trim($parts[2]));
}
}
diff --git a/phpBB/phpbb/console/command/fixup/fix_left_right_ids.php b/phpBB/phpbb/console/command/fixup/fix_left_right_ids.php
new file mode 100644
index 0000000000..f55e1761bc
--- /dev/null
+++ b/phpBB/phpbb/console/command/fixup/fix_left_right_ids.php
@@ -0,0 +1,134 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\console\command\fixup;
+
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+
+class fix_left_right_ids extends \phpbb\console\command\command
+{
+ /** @var \phpbb\user */
+ protected $user;
+
+ /** @var \phpbb\db\driver\driver_interface */
+ protected $db;
+
+ /** @var \phpbb\cache\driver\driver_interface */
+ protected $cache;
+
+ /**
+ * Constructor
+ *
+ * @param \phpbb\user $user User instance
+ * @param \phpbb\db\driver\driver_interface $db Database connection
+ * @param \phpbb\cache\driver\driver_interface $cache Cache instance
+ */
+ public function __construct(\phpbb\user $user, \phpbb\db\driver\driver_interface $db, \phpbb\cache\driver\driver_interface $cache)
+ {
+ $this->user = $user;
+ $this->db = $db;
+ $this->cache = $cache;
+
+ parent::__construct($user);
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ protected function configure()
+ {
+ $this
+ ->setName('fixup:fix-left-right-ids')
+ ->setDescription($this->user->lang('CLI_DESCRIPTION_FIX_LEFT_RIGHT_IDS'))
+ ;
+ }
+
+ /**
+ * Executes the command fixup:fix-left-right-ids.
+ *
+ * Repairs the tree structure of the forums and modules.
+ * The code is mainly borrowed from Support toolkit for phpBB Olympus
+ *
+ * @param InputInterface $input An InputInterface instance
+ * @param OutputInterface $output An OutputInterface instance
+ *
+ * @return void
+ */
+ protected function execute(InputInterface $input, OutputInterface $output)
+ {
+ // Fix Left/Right IDs for the modules table
+ $result = $this->db->sql_query('SELECT DISTINCT(module_class) FROM ' . MODULES_TABLE);
+ while ($row = $this->db->sql_fetchrow($result))
+ {
+ $i = 1;
+ $where = array("module_class = '" . $this->db->sql_escape($row['module_class']) . "'");
+ $this->fix_ids_tree($i, 'module_id', MODULES_TABLE, 0, $where);
+ }
+ $this->db->sql_freeresult($result);
+
+ // Fix the Left/Right IDs for the forums table
+ $i = 1;
+ $this->fix_ids_tree($i, 'forum_id', FORUMS_TABLE);
+
+ $this->cache->purge();
+
+ $output->writeln('<info>' . $this->user->lang('CLI_FIXUP_FIX_LEFT_RIGHT_IDS_SUCCESS') . '</info>');
+ }
+
+ /**
+ * Item's tree structure rebuild helper
+ * The item is either forum or ACP/MCP/UCP module
+ *
+ * @param int $i Item id offset index
+ * @param string $field The key field to fix, forum_id|module_id
+ * @param string $table The table name to perform, FORUMS_TABLE|MODULES_TABLE
+ * @param int $parent_id Parent item id
+ * @param array $where Additional WHERE clause condition
+ *
+ * @return bool True on rebuild success, false otherwise
+ */
+ protected function fix_ids_tree(&$i, $field, $table, $parent_id = 0, $where = array())
+ {
+ $changes_made = false;
+ $sql = 'SELECT * FROM ' . $table . '
+ WHERE parent_id = ' . (int) $parent_id .
+ ((!empty($where)) ? ' AND ' . implode(' AND ', $where) : '') . '
+ ORDER BY left_id ASC';
+ $result = $this->db->sql_query($sql);
+ while ($row = $this->db->sql_fetchrow($result))
+ {
+ // Update the left_id for the item
+ if ($row['left_id'] != $i)
+ {
+ $this->db->sql_query('UPDATE ' . $table . ' SET ' . $this->db->sql_build_array('UPDATE', array('left_id' => $i)) . " WHERE $field = " . (int) $row[$field]);
+ $changes_made = true;
+ }
+ $i++;
+
+ // Go through children and update their left/right IDs
+ $changes_made = (($this->fix_ids_tree($i, $field, $table, $row[$field], $where)) || $changes_made) ? true : false;
+
+ // Update the right_id for the item
+ if ($row['right_id'] != $i)
+ {
+ $this->db->sql_query('UPDATE ' . $table . ' SET ' . $this->db->sql_build_array('UPDATE', array('right_id' => $i)) . " WHERE $field = " . (int) $row[$field]);
+ $changes_made = true;
+ }
+ $i++;
+ }
+ $this->db->sql_freeresult($result);
+
+ return $changes_made;
+ }
+}
diff --git a/phpBB/phpbb/db/migration/data/v30x/.htaccess b/phpBB/phpbb/db/migration/data/v30x/.htaccess
new file mode 100644
index 0000000000..44242b5418
--- /dev/null
+++ b/phpBB/phpbb/db/migration/data/v30x/.htaccess
@@ -0,0 +1,33 @@
+# With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from
+# module mod_authz_host to a new module called mod_access_compat (which may be
+# disabled) and a new "Require" syntax has been introduced to mod_authz_host.
+# We could just conditionally provide both versions, but unfortunately Apache
+# does not explicitly tell us its version if the module mod_version is not
+# available. In this case, we check for the availability of module
+# mod_authz_core (which should be on 2.4 or higher only) as a best guess.
+<IfModule mod_version.c>
+ <IfVersion < 2.4>
+ <Files "*">
+ Order Allow,Deny
+ Deny from All
+ </Files>
+ </IfVersion>
+ <IfVersion >= 2.4>
+ <Files "*">
+ Require all denied
+ </Files>
+ </IfVersion>
+</IfModule>
+<IfModule !mod_version.c>
+ <IfModule !mod_authz_core.c>
+ <Files "*">
+ Order Allow,Deny
+ Deny from All
+ </Files>
+ </IfModule>
+ <IfModule mod_authz_core.c>
+ <Files "*">
+ Require all denied
+ </Files>
+ </IfModule>
+</IfModule>
diff --git a/phpBB/phpbb/db/migration/data/v310/.htaccess b/phpBB/phpbb/db/migration/data/v310/.htaccess
new file mode 100644
index 0000000000..44242b5418
--- /dev/null
+++ b/phpBB/phpbb/db/migration/data/v310/.htaccess
@@ -0,0 +1,33 @@
+# With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from
+# module mod_authz_host to a new module called mod_access_compat (which may be
+# disabled) and a new "Require" syntax has been introduced to mod_authz_host.
+# We could just conditionally provide both versions, but unfortunately Apache
+# does not explicitly tell us its version if the module mod_version is not
+# available. In this case, we check for the availability of module
+# mod_authz_core (which should be on 2.4 or higher only) as a best guess.
+<IfModule mod_version.c>
+ <IfVersion < 2.4>
+ <Files "*">
+ Order Allow,Deny
+ Deny from All
+ </Files>
+ </IfVersion>
+ <IfVersion >= 2.4>
+ <Files "*">
+ Require all denied
+ </Files>
+ </IfVersion>
+</IfModule>
+<IfModule !mod_version.c>
+ <IfModule !mod_authz_core.c>
+ <Files "*">
+ Order Allow,Deny
+ Deny from All
+ </Files>
+ </IfModule>
+ <IfModule mod_authz_core.c>
+ <Files "*">
+ Require all denied
+ </Files>
+ </IfModule>
+</IfModule>
diff --git a/phpBB/phpbb/db/migration/data/v31x/.htaccess b/phpBB/phpbb/db/migration/data/v31x/.htaccess
new file mode 100644
index 0000000000..44242b5418
--- /dev/null
+++ b/phpBB/phpbb/db/migration/data/v31x/.htaccess
@@ -0,0 +1,33 @@
+# With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from
+# module mod_authz_host to a new module called mod_access_compat (which may be
+# disabled) and a new "Require" syntax has been introduced to mod_authz_host.
+# We could just conditionally provide both versions, but unfortunately Apache
+# does not explicitly tell us its version if the module mod_version is not
+# available. In this case, we check for the availability of module
+# mod_authz_core (which should be on 2.4 or higher only) as a best guess.
+<IfModule mod_version.c>
+ <IfVersion < 2.4>
+ <Files "*">
+ Order Allow,Deny
+ Deny from All
+ </Files>
+ </IfVersion>
+ <IfVersion >= 2.4>
+ <Files "*">
+ Require all denied
+ </Files>
+ </IfVersion>
+</IfModule>
+<IfModule !mod_version.c>
+ <IfModule !mod_authz_core.c>
+ <Files "*">
+ Order Allow,Deny
+ Deny from All
+ </Files>
+ </IfModule>
+ <IfModule mod_authz_core.c>
+ <Files "*">
+ Require all denied
+ </Files>
+ </IfModule>
+</IfModule>
diff --git a/phpBB/phpbb/db/migration/data/v31x/v3111rc1.php b/phpBB/phpbb/db/migration/data/v31x/v3111rc1.php
new file mode 100644
index 0000000000..259656283f
--- /dev/null
+++ b/phpBB/phpbb/db/migration/data/v31x/v3111rc1.php
@@ -0,0 +1,43 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\db\migration\data\v31x;
+
+class v3111rc1 extends \phpbb\db\migration\migration
+{
+ public function effectively_installed()
+ {
+ return phpbb_version_compare($this->config['version'], '3.1.11-RC1', '>=');
+ }
+
+ static public function depends_on()
+ {
+ return array(
+ '\phpbb\db\migration\data\v31x\v3110',
+ '\phpbb\db\migration\data\v31x\add_log_time_index',
+ '\phpbb\db\migration\data\v31x\increase_size_of_emotion',
+ '\phpbb\db\migration\data\v31x\add_jabber_ssl_context_config_options',
+ '\phpbb\db\migration\data\v31x\add_smtp_ssl_context_config_options',
+ '\phpbb\db\migration\data\v31x\update_hashes',
+ '\phpbb\db\migration\data\v31x\remove_duplicate_migrations',
+ '\phpbb\db\migration\data\v31x\add_latest_topics_index',
+ );
+ }
+
+ public function update_data()
+ {
+ return array(
+ array('config.update', array('version', '3.1.11-RC1')),
+ );
+ }
+}
diff --git a/phpBB/phpbb/search/fulltext_mysql.php b/phpBB/phpbb/search/fulltext_mysql.php
index f8bda9ae81..64a63e83e0 100644
--- a/phpBB/phpbb/search/fulltext_mysql.php
+++ b/phpBB/phpbb/search/fulltext_mysql.php
@@ -272,6 +272,27 @@ class fulltext_mysql extends \phpbb\search\base
foreach ($this->split_words as $i => $word)
{
+ // Check for not allowed search queries for InnoDB.
+ // We assume similar restrictions for MyISAM, which is usually even
+ // slower but not as restrictive as InnoDB.
+ // InnoDB full-text search does not support the use of a leading
+ // plus sign with wildcard ('+*'), a plus and minus sign
+ // combination ('+-'), or leading a plus and minus sign combination.
+ // InnoDB full-text search only supports leading plus or minus signs.
+ // For example, InnoDB supports '+apple' but does not support 'apple+'.
+ // Specifying a trailing plus or minus sign causes InnoDB to report
+ // a syntax error. InnoDB full-text search does not support the use
+ // of multiple operators on a single search word, as in this example:
+ // '++apple'. Use of multiple operators on a single search word
+ // returns a syntax error to standard out.
+ // Also, ensure that the wildcard character is only used at the
+ // end of the line as it's intended by MySQL.
+ if (preg_match('#^(\+[+-]|\+\*|.+[+-]$|.+\*(?!$))#', $word))
+ {
+ unset($this->split_words[$i]);
+ continue;
+ }
+
$clean_word = preg_replace('#^[+\-|"]#', '', $word);
// check word length
diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php
index eb5543b50b..45e82df591 100644
--- a/phpBB/phpbb/session.php
+++ b/phpBB/phpbb/session.php
@@ -460,6 +460,9 @@ class session
$this->data['is_bot'] = (!$this->data['is_registered'] && $this->data['user_id'] != ANONYMOUS) ? true : false;
$this->data['user_lang'] = basename($this->data['user_lang']);
+ // Is user banned? Are they excluded? Won't return on ban, exists within method
+ $this->check_ban_for_current_session($config);
+
return true;
}
}
@@ -666,19 +669,7 @@ class session
// session exists in which case session_id will also be set
// Is user banned? Are they excluded? Won't return on ban, exists within method
- if ($this->data['user_type'] != USER_FOUNDER)
- {
- if (!$config['forwarded_for_check'])
- {
- $this->check_ban($this->data['user_id'], $this->ip);
- }
- else
- {
- $ips = explode(' ', $this->forwarded_for);
- $ips[] = $this->ip;
- $this->check_ban($this->data['user_id'], $ips);
- }
- }
+ $this->check_ban_for_current_session($config);
$this->data['is_registered'] = (!$bot && $this->data['user_id'] != ANONYMOUS && ($this->data['user_type'] == USER_NORMAL || $this->data['user_type'] == USER_FOUNDER)) ? true : false;
$this->data['is_bot'] = ($bot) ? true : false;
@@ -1268,9 +1259,6 @@ class session
$message .= ($ban_row['ban_give_reason']) ? '<br /><br />' . sprintf($this->lang['BOARD_BAN_REASON'], $ban_row['ban_give_reason']) : '';
$message .= '<br /><br /><em>' . $this->lang['BAN_TRIGGERED_BY_' . strtoupper($ban_triggered_by)] . '</em>';
- // To circumvent session_begin returning a valid value and the check_ban() not called on second page view, we kill the session again
- $this->session_kill(false);
-
// A very special case... we are within the cron script which is not supposed to print out the ban message... show blank page
if (defined('IN_CRON'))
{
@@ -1279,6 +1267,9 @@ class session
exit;
}
+ // To circumvent session_begin returning a valid value and the check_ban() not called on second page view, we kill the session again
+ $this->session_kill(false);
+
trigger_error($message);
}
@@ -1286,6 +1277,28 @@ class session
}
/**
+ * Check the current session for bans
+ *
+ * @return true if session user is banned.
+ */
+ protected function check_ban_for_current_session($config)
+ {
+ if (!defined('SKIP_CHECK_BAN') && $this->data['user_type'] != USER_FOUNDER)
+ {
+ if (!$config['forwarded_for_check'])
+ {
+ $this->check_ban($this->data['user_id'], $this->ip);
+ }
+ else
+ {
+ $ips = explode(' ', $this->forwarded_for);
+ $ips[] = $this->ip;
+ $this->check_ban($this->data['user_id'], $ips);
+ }
+ }
+ }
+
+ /**
* Check if ip is blacklisted
* This should be called only where absolutely necessary
*
@@ -1576,7 +1589,7 @@ class session
}
// Only update session DB a minute or so after last update or if page changes
- if ($this->time_now - $this->data['session_time'] > 60 || ($this->update_session_page && $this->data['session_page'] != $this->page['page']))
+ if ($this->time_now - ((isset($this->data['session_time'])) ? $this->data['session_time'] : 0) > 60 || ($this->update_session_page && $this->data['session_page'] != $this->page['page']))
{
$sql_ary = array('session_time' => $this->time_now);
diff --git a/phpBB/phpbb/version_helper.php b/phpBB/phpbb/version_helper.php
index 9dc5a2e7c9..7e5edbf522 100644
--- a/phpBB/phpbb/version_helper.php
+++ b/phpBB/phpbb/version_helper.php
@@ -61,6 +61,23 @@ class version_helper
/** @var \phpbb\user */
protected $user;
+ protected $version_schema = array(
+ 'stable' => array(
+ 'current' => 'version',
+ 'download' => 'url',
+ 'announcement' => 'url',
+ 'eol' => 'url',
+ 'security' => 'bool',
+ ),
+ 'unstable' => array(
+ 'current' => 'version',
+ 'download' => 'url',
+ 'announcement' => 'url',
+ 'eol' => 'url',
+ 'security' => 'bool',
+ ),
+ );
+
/**
* Constructor
*
@@ -404,9 +421,100 @@ class version_helper
$info['stable'] = (empty($info['stable'])) ? array() : $info['stable'];
$info['unstable'] = (empty($info['unstable'])) ? $info['stable'] : $info['unstable'];
+ $info = $this->validate_versions($info);
+
$this->cache->put($cache_file, $info, 86400); // 24 hours
}
return $info;
}
+
+ /**
+ * Validate versions info input
+ *
+ * @param array $versions_info Decoded json data array. Will be modified
+ * and cleaned by this method
+ *
+ * @return array Versions info array
+ */
+ public function validate_versions($versions_info)
+ {
+ $array_diff = array_diff_key($versions_info, array($this->version_schema));
+
+ // Remove excessive data
+ if (count($array_diff) > 0)
+ {
+ $old_versions_info = $versions_info;
+ $versions_info = array(
+ 'stable' => !empty($old_versions_info['stable']) ? $old_versions_info['stable'] : array(),
+ 'unstable' => !empty($old_versions_info['unstable']) ? $old_versions_info['unstable'] : array(),
+ );
+ unset($old_versions_info);
+ }
+
+ foreach ($versions_info as $stability_type => &$versions_data)
+ {
+ foreach ($versions_data as $branch => &$version_data)
+ {
+ if (!preg_match('/^[0-9a-z\-\.]+$/i', $branch))
+ {
+ unset($versions_data[$branch]);
+ continue;
+ }
+
+ $stability_diff = array_diff_key($version_data, $this->version_schema[$stability_type]);
+
+ if (count($stability_diff) > 0)
+ {
+ $old_version_data = $version_data;
+ $version_data = array();
+ foreach ($this->version_schema[$stability_type] as $key => $value)
+ {
+ if (isset($old_version_data[$key]))
+ {
+ $version_data[$key] = $old_version_data[$key];
+ }
+ }
+ unset($old_version_data);
+ }
+
+ foreach ($version_data as $key => &$value)
+ {
+ if (!isset($this->version_schema[$stability_type][$key]))
+ {
+ unset($version_data[$key]);
+ throw new \RuntimeException($this->user->lang('VERSIONCHECK_INVALID_ENTRY'));
+ }
+
+ switch ($this->version_schema[$stability_type][$key])
+ {
+ case 'bool':
+ $value = (bool) $value;
+ break;
+
+ case 'url':
+ if (!empty($value) && !preg_match('#^' . get_preg_expression('url') . '$#iu', $value) &&
+ !preg_match('#^' . get_preg_expression('www_url') . '$#iu', $value))
+ {
+ throw new \RuntimeException($this->user->lang('VERSIONCHECK_INVALID_URL'));
+ }
+ break;
+
+ case 'version':
+ if (!empty($value) && !preg_match(get_preg_expression('semantic_version'), $value))
+ {
+ throw new \RuntimeException($this->user->lang('VERSIONCHECK_INVALID_VERSION'));
+ }
+ break;
+
+ default:
+ // Shouldn't be possible to trigger this
+ throw new \RuntimeException($this->user->lang('VERSIONCHECK_INVALID_ENTRY'));
+ }
+ }
+ }
+ }
+
+ return $versions_info;
+ }
}