diff options
Diffstat (limited to 'phpBB/phpbb')
| -rw-r--r-- | phpBB/phpbb/db/migration/data/v31x/m_softdelete_global.php | 31 | ||||
| -rw-r--r-- | phpBB/phpbb/db/migrator.php | 10 | ||||
| -rw-r--r-- | phpBB/phpbb/session.php | 6 | ||||
| -rw-r--r-- | phpBB/phpbb/symfony_request.php | 10 |
4 files changed, 52 insertions, 5 deletions
diff --git a/phpBB/phpbb/db/migration/data/v31x/m_softdelete_global.php b/phpBB/phpbb/db/migration/data/v31x/m_softdelete_global.php new file mode 100644 index 0000000000..dd7e20e762 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v31x/m_softdelete_global.php @@ -0,0 +1,31 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v31x; + +class m_softdelete_global extends \phpbb\db\migration\migration +{ + static public function depends_on() + { + return array('\phpbb\db\migration\data\v31x\v311'); + } + + public function update_data() + { + return array( + // Make m_softdelete global. The add method will take care of updating + // it if it already exists. + array('permission.add', array('m_softdelete', true)), + ); + } +} diff --git a/phpBB/phpbb/db/migrator.php b/phpBB/phpbb/db/migrator.php index 621a808a03..d03496eae3 100644 --- a/phpBB/phpbb/db/migrator.php +++ b/phpBB/phpbb/db/migrator.php @@ -59,6 +59,13 @@ class migrator protected $migrations = array(); /** + * Array of migrations that have been determined to be fulfillable + * + * @var array + */ + protected $fulfillable_migrations = array(); + + /** * 'name,' 'class,' and 'state' of the last migration run * * 'effectively_installed' set and set to true if the migration was effectively_installed @@ -653,7 +660,7 @@ class migrator */ public function unfulfillable($name) { - if (isset($this->migration_state[$name])) + if (isset($this->migration_state[$name]) || isset($this->fulfillable_migrations[$name])) { return false; } @@ -674,6 +681,7 @@ class migrator return $unfulfillable; } } + $this->fulfillable_migrations[$name] = true; return false; } diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php index 14b4c63207..a06ff9c594 100644 --- a/phpBB/phpbb/session.php +++ b/phpBB/phpbb/session.php @@ -43,7 +43,7 @@ class session // First of all, get the request uri... $script_name = $symfony_request->getScriptName(); - $args = explode('&', $symfony_request->getQueryString()); + $args = explode('&', $symfony_request->getQueryString()); // If we are unable to get the script name we use REQUEST_URI as a failover and note it within the page array for easier support... if (!$script_name) @@ -61,8 +61,8 @@ class session // Since some browser do not encode correctly we need to do this with some "special" characters... // " -> %22, ' => %27, < -> %3C, > -> %3E - $find = array('"', "'", '<', '>'); - $replace = array('%22', '%27', '%3C', '%3E'); + $find = array('"', "'", '<', '>', '"', '<', '>'); + $replace = array('%22', '%27', '%3C', '%3E', '%22', '%3C', '%3E'); foreach ($args as $key => $argument) { diff --git a/phpBB/phpbb/symfony_request.php b/phpBB/phpbb/symfony_request.php index ad949a35f2..02d22c480f 100644 --- a/phpBB/phpbb/symfony_request.php +++ b/phpBB/phpbb/symfony_request.php @@ -30,6 +30,12 @@ class symfony_request extends Request $type_cast_helper->set_var($value, $value, gettype($value), true); }; + // This function is meant for additional handling of server variables + $server_sanitizer = function(&$value, $key) use ($sanitizer) { + $sanitizer($value, $key); + $value = str_replace('&', '&', $value); + }; + $get_parameters = $phpbb_request->get_super_global(\phpbb\request\request_interface::GET); $post_parameters = $phpbb_request->get_super_global(\phpbb\request\request_interface::POST); $server_parameters = $phpbb_request->get_super_global(\phpbb\request\request_interface::SERVER); @@ -38,10 +44,12 @@ class symfony_request extends Request array_walk_recursive($get_parameters, $sanitizer); array_walk_recursive($post_parameters, $sanitizer); - array_walk_recursive($server_parameters, $sanitizer); array_walk_recursive($files_parameters, $sanitizer); array_walk_recursive($cookie_parameters, $sanitizer); + // Run special sanitizer for server superglobal + array_walk_recursive($server_parameters, $server_sanitizer); + parent::__construct($get_parameters, $post_parameters, array(), $cookie_parameters, $files_parameters, $server_parameters); } } |