diff options
Diffstat (limited to 'phpBB/phpbb')
-rw-r--r-- | phpBB/phpbb/avatar/driver/local.php | 4 | ||||
-rw-r--r-- | phpBB/phpbb/avatar/driver/upload.php | 4 | ||||
-rw-r--r-- | phpBB/phpbb/cache/driver/file.php | 14 | ||||
-rw-r--r-- | phpBB/phpbb/captcha/plugins/qa.php | 62 | ||||
-rw-r--r-- | phpBB/phpbb/content_visibility.php | 6 | ||||
-rw-r--r-- | phpBB/phpbb/db/migration/data/v310/avatars.php | 24 | ||||
-rw-r--r-- | phpBB/phpbb/plupload/plupload.php | 2 | ||||
-rw-r--r-- | phpBB/phpbb/search/fulltext_native.php | 19 |
8 files changed, 86 insertions, 49 deletions
diff --git a/phpBB/phpbb/avatar/driver/local.php b/phpBB/phpbb/avatar/driver/local.php index 8888686b2d..36087f8ba0 100644 --- a/phpBB/phpbb/avatar/driver/local.php +++ b/phpBB/phpbb/avatar/driver/local.php @@ -23,8 +23,10 @@ class local extends \phpbb\avatar\driver\driver */ public function get_data($row) { + $root_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? generate_board_url() . '/' : $this->path_helper->get_web_root_path(); + return array( - 'src' => $this->path_helper->get_web_root_path() . $this->config['avatar_gallery_path'] . '/' . $row['avatar'], + 'src' => $root_path . $this->config['avatar_gallery_path'] . '/' . $row['avatar'], 'width' => $row['avatar_width'], 'height' => $row['avatar_height'], ); diff --git a/phpBB/phpbb/avatar/driver/upload.php b/phpBB/phpbb/avatar/driver/upload.php index 003b23659f..ee36243844 100644 --- a/phpBB/phpbb/avatar/driver/upload.php +++ b/phpBB/phpbb/avatar/driver/upload.php @@ -48,8 +48,10 @@ class upload extends \phpbb\avatar\driver\driver */ public function get_data($row, $ignore_config = false) { + $root_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? generate_board_url() . '/' : $this->path_helper->get_web_root_path(); + return array( - 'src' => $this->path_helper->get_web_root_path() . 'download/file.' . $this->php_ext . '?avatar=' . $row['avatar'], + 'src' => $root_path . 'download/file.' . $this->php_ext . '?avatar=' . $row['avatar'], 'width' => $row['avatar_width'], 'height' => $row['avatar_height'], ); diff --git a/phpBB/phpbb/cache/driver/file.php b/phpBB/phpbb/cache/driver/file.php index fd5bce4515..9a7c4aec7f 100644 --- a/phpBB/phpbb/cache/driver/file.php +++ b/phpBB/phpbb/cache/driver/file.php @@ -279,6 +279,7 @@ class file extends \phpbb\cache\driver\base if ($var_name[0] == '_') { global $phpEx; + $var_name = $this->clean_varname($var_name); return file_exists($this->cache_dir . 'data' . $var_name . ".$phpEx"); } else @@ -334,6 +335,7 @@ class file extends \phpbb\cache\driver\base { global $phpEx; + $filename = $this->clean_varname($filename); $file = "{$this->cache_dir}$filename.$phpEx"; $type = substr($filename, 0, strpos($filename, '_')); @@ -516,6 +518,7 @@ class file extends \phpbb\cache\driver\base { global $phpEx; + $filename = $this->clean_varname($filename); $file = "{$this->cache_dir}$filename.$phpEx"; $lock = new \phpbb\lock\flock($file); @@ -584,4 +587,15 @@ class file extends \phpbb\cache\driver\base return $return_value; } + + /** + * Replace slashes in the file name + * + * @param string $varname name of a cache variable + * @return string $varname name that is safe to use as a filename + */ + protected function clean_varname($varname) + { + return str_replace('/', '-', $varname); + } } diff --git a/phpBB/phpbb/captcha/plugins/qa.php b/phpBB/phpbb/captcha/plugins/qa.php index a7ba994cc3..04052b3406 100644 --- a/phpBB/phpbb/captcha/plugins/qa.php +++ b/phpBB/phpbb/captcha/plugins/qa.php @@ -125,7 +125,7 @@ class qa */ public function is_available() { - global $config, $db, $phpbb_root_path, $phpEx, $user; + global $config, $db, $user; // load language file for pretty display in the ACP dropdown $user->add_lang('captcha_qa'); @@ -263,7 +263,7 @@ class qa */ function garbage_collect($type = 0) { - global $db, $config; + global $db; $sql = 'SELECT c.confirm_id FROM ' . $this->table_qa_confirm . ' c @@ -310,8 +310,6 @@ class qa $db_tool = new \phpbb\db\tools($db); - $tables = array($this->table_captcha_questions, $this->table_captcha_answers, $this->table_qa_confirm); - $schemas = array( $this->table_captcha_questions => array ( 'COLUMNS' => array( @@ -366,7 +364,7 @@ class qa */ function validate() { - global $config, $db, $user; + global $user; $error = ''; @@ -414,7 +412,7 @@ class qa if (!sizeof($this->question_ids)) { - return false; + return; } $this->confirm_id = md5(unique_id($user->ip)); $this->question = (int) array_rand($this->question_ids); @@ -440,7 +438,7 @@ class qa if (!sizeof($this->question_ids)) { - return false; + return; } $this->question = (int) array_rand($this->question_ids); @@ -611,8 +609,8 @@ class qa */ function acp_page($id, &$module) { - global $db, $user, $auth, $template; - global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx; + global $user, $template; + global $config; $user->add_lang('acp/board'); $user->add_lang('captcha_qa'); @@ -674,11 +672,7 @@ class qa else { // okay, show the editor - $error = false; - $input_question = request_var('question_text', '', true); - $input_answers = request_var('answers', '', true); - $input_lang = request_var('lang_iso', '', true); - $input_strict = request_var('strict', false); + $question_input = $this->acp_get_question_input(); $langs = $this->get_languages(); foreach ($langs as $lang => $entry) @@ -697,13 +691,11 @@ class qa { if ($question = $this->acp_get_question_data($question_id)) { - $answers = (isset($input_answers[$lang])) ? $input_answers[$lang] : implode("\n", $question['answers']); - $template->assign_vars(array( - 'QUESTION_TEXT' => ($input_question) ? $input_question : $question['question_text'], - 'LANG_ISO' => ($input_lang) ? $input_lang : $question['lang_iso'], - 'STRICT' => (isset($_REQUEST['strict'])) ? $input_strict : $question['strict'], - 'ANSWERS' => $answers, + 'QUESTION_TEXT' => ($question_input['question_text']) ? $question_input['question_text'] : $question['question_text'], + 'LANG_ISO' => ($question_input['lang_iso']) ? $question_input['lang_iso'] : $question['lang_iso'], + 'STRICT' => (isset($_REQUEST['strict'])) ? $question_input['strict'] : $question['strict'], + 'ANSWERS' => implode("\n", $question['answers']), )); } else @@ -714,18 +706,16 @@ class qa else { $template->assign_vars(array( - 'QUESTION_TEXT' => $input_question, - 'LANG_ISO' => $input_lang, - 'STRICT' => $input_strict, - 'ANSWERS' => $input_answers, + 'QUESTION_TEXT' => $question_input['question_text'], + 'LANG_ISO' => $question_input['lang_iso'], + 'STRICT' => $question_input['strict'], + 'ANSWERS' => (is_array($question_input['answers'])) ? implode("\n", $question_input['answers']) : '', )); } if ($submit && check_form_key($form_key)) { - $data = $this->acp_get_question_input(); - - if (!$this->validate_input($data)) + if (!$this->validate_input($question_input)) { $template->assign_vars(array( 'S_ERROR' => true, @@ -735,11 +725,11 @@ class qa { if ($question_id) { - $this->acp_update_question($data, $question_id); + $this->acp_update_question($question_input, $question_id); } else { - $this->acp_add_question($data); + $this->acp_add_question($question_input); } add_log('admin', 'LOG_CONFIG_VISUAL'); @@ -819,6 +809,8 @@ class qa return $question; } + + return false; } /** @@ -827,13 +819,21 @@ class qa function acp_get_question_input() { $answers = utf8_normalize_nfc(request_var('answers', '', true)); + + // Convert answers into array and filter if answers are set + if (strlen($answers)) + { + $answers = array_filter(array_map('trim', explode("\n", $answers)), function ($value) { + return $value !== ''; + }); + } + $question = array( 'question_text' => request_var('question_text', '', true), 'strict' => request_var('strict', false), 'lang_iso' => request_var('lang_iso', ''), - 'answers' => (strlen($answers)) ? explode("\n", $answers) : '', + 'answers' => $answers, ); - return $question; } diff --git a/phpBB/phpbb/content_visibility.php b/phpBB/phpbb/content_visibility.php index 700009da6a..0ba0489cb7 100644 --- a/phpBB/phpbb/content_visibility.php +++ b/phpBB/phpbb/content_visibility.php @@ -237,7 +237,7 @@ class content_visibility if (!sizeof($forum_ids)) { // The user can see all posts/topics in all specified forums - return $this->db->sql_in_set($table_alias . 'forum_id', $approve_forums); + return $where_sql . $this->db->sql_in_set($table_alias . 'forum_id', $approve_forums) . ')'; } else { @@ -248,8 +248,8 @@ class content_visibility else { // The user is just a normal user - return $table_alias . $mode . '_visibility = ' . ITEM_APPROVED . ' - AND ' . $this->db->sql_in_set($table_alias . 'forum_id', $forum_ids, false, true); + return $where_sql . $table_alias . $mode . '_visibility = ' . ITEM_APPROVED . ' + AND ' . $this->db->sql_in_set($table_alias . 'forum_id', $forum_ids, false, true) . ')'; } $where_sql .= '(' . $table_alias . $mode . '_visibility = ' . ITEM_APPROVED . ' diff --git a/phpBB/phpbb/db/migration/data/v310/avatars.php b/phpBB/phpbb/db/migration/data/v310/avatars.php index 2698adeed5..9b03a8fa94 100644 --- a/phpBB/phpbb/db/migration/data/v310/avatars.php +++ b/phpBB/phpbb/db/migration/data/v310/avatars.php @@ -17,7 +17,29 @@ class avatars extends \phpbb\db\migration\migration { public function effectively_installed() { - return isset($this->config['allow_avatar_gravatar']); + // Get current avatar type of guest user + $sql = 'SELECT user_avatar_type + FROM ' . $this->table_prefix . 'users + WHERE user_id = ' . ANONYMOUS; + $result = $this->db->sql_query($sql); + $backup_type = $this->db->sql_fetchfield('user_avatar_type'); + $this->db->sql_freeresult($result); + + // Try to set avatar type to string + $sql = 'UPDATE ' . $this->table_prefix . "users + SET user_avatar_type = 'avatar.driver.upload' + WHERE user_id = " . ANONYMOUS; + $this->db->sql_return_on_error(true); + $effectively_installed = $this->db->sql_query($sql); + $this->db->sql_return_on_error(); + + // Restore avatar type of guest user to previous state + $sql = 'UPDATE ' . $this->table_prefix . "users + SET user_avatar_type = '{$backup_type}' + WHERE user_id = " . ANONYMOUS; + $this->db->sql_query($sql); + + return $effectively_installed !== false; } static public function depends_on() diff --git a/phpBB/phpbb/plupload/plupload.php b/phpBB/phpbb/plupload/plupload.php index 3c686a552f..fcce5b3bd8 100644 --- a/phpBB/phpbb/plupload/plupload.php +++ b/phpBB/phpbb/plupload/plupload.php @@ -326,7 +326,7 @@ class plupload $tmp_file = $this->temporary_filepath($upload['tmp_name']); - if (!move_uploaded_file($upload['tmp_name'], $tmp_file)) + if (!phpbb_is_writable($this->temporary_directory) || !move_uploaded_file($upload['tmp_name'], $tmp_file)) { $this->emit_error(103, 'PLUPLOAD_ERR_MOVE_UPLOADED'); } diff --git a/phpBB/phpbb/search/fulltext_native.php b/phpBB/phpbb/search/fulltext_native.php index 93ea46ca60..4d02dd1cbf 100644 --- a/phpBB/phpbb/search/fulltext_native.php +++ b/phpBB/phpbb/search/fulltext_native.php @@ -823,6 +823,13 @@ class fulltext_native extends \phpbb\search\base ); } + // if using mysql and the total result count is not calculated yet, get it from the db + if (!$total_results && $is_mysql) + { + // Also count rows for the query as if there was not LIMIT. Add SQL_CALC_FOUND_ROWS to SQL + $sql_array['SELECT'] = 'SQL_CALC_FOUND_ROWS ' . $sql_array['SELECT']; + } + $sql_array['WHERE'] = implode(' AND ', $sql_where); $sql_array['GROUP_BY'] = ($group_by) ? (($type == 'posts') ? 'p.post_id' : 'p.topic_id') . ', ' . $sort_by_sql[$sort_key] : ''; $sql_array['ORDER_BY'] = $sql_sort; @@ -838,19 +845,9 @@ class fulltext_native extends \phpbb\search\base } $this->db->sql_freeresult($result); - // if we use mysql and the total result count is not cached yet, retrieve it from the db if (!$total_results && $is_mysql) { - // Count rows for the executed queries. Replace $select within $sql with SQL_CALC_FOUND_ROWS, and run it - $sql_array_copy = $sql_array; - $sql_array_copy['SELECT'] = 'SQL_CALC_FOUND_ROWS p.post_id '; - - $sql_calc = $this->db->sql_build_query('SELECT', $sql_array_copy); - unset($sql_array_copy); - - $this->db->sql_query($sql_calc); - $this->db->sql_freeresult($result); - + // Get the number of results as calculated by MySQL $sql_count = 'SELECT FOUND_ROWS() as total_results'; $result = $this->db->sql_query($sql_count); $total_results = (int) $this->db->sql_fetchfield('total_results'); |