diff options
Diffstat (limited to 'phpBB/phpbb')
20 files changed, 260 insertions, 32 deletions
diff --git a/phpBB/phpbb/auth/provider/ldap.php b/phpBB/phpbb/auth/provider/ldap.php index d32e7504eb..c71950c698 100644 --- a/phpBB/phpbb/auth/provider/ldap.php +++ b/phpBB/phpbb/auth/provider/ldap.php @@ -306,7 +306,7 @@ class ldap extends \phpbb\auth\provider\base return array( 'TEMPLATE_FILE' => 'auth_provider_ldap.html', 'TEMPLATE_VARS' => array( - 'AUTH_LDAP_DN' => $new_config['ldap_base_dn'], + 'AUTH_LDAP_BASE_DN' => $new_config['ldap_base_dn'], 'AUTH_LDAP_EMAIL' => $new_config['ldap_email'], 'AUTH_LDAP_PASSORD' => $new_config['ldap_password'], 'AUTH_LDAP_PORT' => $new_config['ldap_port'], diff --git a/phpBB/phpbb/config/db_text.php b/phpBB/phpbb/config/db_text.php index b1e3ef5da4..ddc7c9aef0 100644 --- a/phpBB/phpbb/config/db_text.php +++ b/phpBB/phpbb/config/db_text.php @@ -154,6 +154,6 @@ class db_text $sql = 'DELETE FROM ' . $this->table . ' WHERE ' . $this->db->sql_in_set('config_name', $keys, false, true); - $result = $this->db->sql_query($sql); + $this->db->sql_query($sql); } } diff --git a/phpBB/phpbb/content_visibility.php b/phpBB/phpbb/content_visibility.php index c8516d6c85..700009da6a 100644 --- a/phpBB/phpbb/content_visibility.php +++ b/phpBB/phpbb/content_visibility.php @@ -45,7 +45,7 @@ class content_visibility /** * Event dispatcher object - * @var \phpbb\event\dispatcher + * @var \phpbb\event\dispatcher_interface */ protected $phpbb_dispatcher; @@ -66,7 +66,7 @@ class content_visibility * * @param \phpbb\auth\auth $auth Auth object * @param \phpbb\config\config $config Config object - * @param \phpbb\event\dispatcher $phpbb_dispatcher Event dispatcher object + * @param \phpbb\event\dispatcher_interface $phpbb_dispatcher Event dispatcher object * @param \phpbb\db\driver\driver_interface $db Database object * @param \phpbb\user $user User object * @param string $phpbb_root_path Root path @@ -76,7 +76,7 @@ class content_visibility * @param string $topics_table Topics table name * @param string $users_table Users table name */ - public function __construct(\phpbb\auth\auth $auth, \phpbb\config\config $config, \phpbb\event\dispatcher $phpbb_dispatcher, \phpbb\db\driver\driver_interface $db, \phpbb\user $user, $phpbb_root_path, $php_ext, $forums_table, $posts_table, $topics_table, $users_table) + public function __construct(\phpbb\auth\auth $auth, \phpbb\config\config $config, \phpbb\event\dispatcher_interface $phpbb_dispatcher, \phpbb\db\driver\driver_interface $db, \phpbb\user $user, $phpbb_root_path, $php_ext, $forums_table, $posts_table, $topics_table, $users_table) { $this->auth = $auth; $this->config = $config; @@ -143,12 +143,43 @@ class content_visibility */ public function get_visibility_sql($mode, $forum_id, $table_alias = '') { + $where_sql = ''; + + $get_visibility_sql_overwrite = false; + + /** + * Allow changing the result of calling get_visibility_sql + * + * @event core.phpbb_content_visibility_get_visibility_sql_before + * @var string where_sql Extra visibility conditions. It must end with either an SQL "AND" or an "OR" + * @var string mode Either "topic" or "post" depending on the query this is being used in + * @var array forum_id The forum id in which the search is made. + * @var string table_alias Table alias to prefix in SQL queries + * @var mixed get_visibility_sql_overwrite If a string, forces the function to return get_forums_visibility_sql_overwrite after executing the event + * If false, get_visibility_sql continues normally + * It must be either boolean or string + * @since 3.1.4-RC1 + */ + $vars = array( + 'where_sql', + 'mode', + 'forum_id', + 'table_alias', + 'get_visibility_sql_overwrite', + ); + extract($this->phpbb_dispatcher->trigger_event('core.phpbb_content_visibility_get_visibility_sql_before', compact($vars))); + + if ($get_visibility_sql_overwrite !== false) + { + return $get_visibility_sql_overwrite; + } + if ($this->auth->acl_get('m_approve', $forum_id)) { - return '1 = 1'; + return $where_sql . '1 = 1'; } - return $table_alias . $mode . '_visibility = ' . ITEM_APPROVED; + return $where_sql . $table_alias . $mode . '_visibility = ' . ITEM_APPROVED; } /** @@ -252,7 +283,7 @@ class content_visibility * @event core.phpbb_content_visibility_get_global_visibility_before * @var array where_sqls The action the user tried to execute * @var string mode Either "topic" or "post" depending on the query this is being used in - * @var array forum_ids Array of forum ids which the posts/topics are limited to + * @var array exclude_forum_ids Array of forum ids the current user doesn't have access to * @var string table_alias Table alias to prefix in SQL queries * @var array approve_forums Array of forums where the user has m_approve permissions * @var string visibility_sql_overwrite Forces the function to return an implosion of where_sqls (joined by "OR") @@ -261,7 +292,7 @@ class content_visibility $vars = array( 'where_sqls', 'mode', - 'forum_ids', + 'exclude_forum_ids', 'table_alias', 'approve_forums', 'visibility_sql_overwrite', diff --git a/phpBB/phpbb/controller/helper.php b/phpBB/phpbb/controller/helper.php index 7ee90b10ba..c6c470e91b 100644 --- a/phpBB/phpbb/controller/helper.php +++ b/phpBB/phpbb/controller/helper.php @@ -189,12 +189,29 @@ class helper */ public function error($message, $code = 500) { + return $this->message($message, array(), 'INFORMATION', $code); + } + + /** + * Output a message + * + * In case of an error, please throw an exception instead + * + * @param string $message The message to display (must be a language variable) + * @param array $parameters The parameters to use with the language var + * @param string $title Title for the message (must be a language variable) + * @param int $code The HTTP status code (e.g. 404, 500, 503, etc.) + * @return Response A Response instance + */ + public function message($message, array $parameters = array(), $title = 'INFORMATION', $code = 200) + { + array_unshift($parameters, $message); $this->template->assign_vars(array( - 'MESSAGE_TEXT' => $message, - 'MESSAGE_TITLE' => $this->user->lang('INFORMATION'), + 'MESSAGE_TEXT' => call_user_func_array(array($this->user, 'lang'), $parameters), + 'MESSAGE_TITLE' => $this->user->lang($title), )); - return $this->render('message_body.html', $this->user->lang('INFORMATION'), $code); + return $this->render('message_body.html', $this->user->lang($title), $code); } /** diff --git a/phpBB/phpbb/db/driver/mysqli.php b/phpBB/phpbb/db/driver/mysqli.php index 2ed08211ad..c0ddfbf76c 100644 --- a/phpBB/phpbb/db/driver/mysqli.php +++ b/phpBB/phpbb/db/driver/mysqli.php @@ -34,8 +34,7 @@ class mysqli extends \phpbb\db\driver\mysql_base return $this->sql_error(''); } - // Mysqli extension supports persistent connection since PHP 5.3.0 - $this->persistency = (version_compare(PHP_VERSION, '5.3.0', '>=')) ? $persistency : false; + $this->persistency = $persistency; $this->user = $sqluser; // If persistent connection, set dbhost to localhost when empty and prepend it with 'p:' prefix diff --git a/phpBB/phpbb/db/migration/data/v30x/release_3_0_13.php b/phpBB/phpbb/db/migration/data/v30x/release_3_0_13.php new file mode 100644 index 0000000000..310fcc70fc --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v30x/release_3_0_13.php @@ -0,0 +1,37 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v30x; + +class release_3_0_13 extends \phpbb\db\migration\migration +{ + public function effectively_installed() + { + return phpbb_version_compare($this->config['version'], '3.0.13', '>=') && phpbb_version_compare($this->config['version'], '3.1.0-dev', '<'); + } + + static public function depends_on() + { + return array('\phpbb\db\migration\data\v30x\release_3_0_13_rc1'); + } + + public function update_data() + { + return array( + array('if', array( + phpbb_version_compare($this->config['version'], '3.0.13', '<'), + array('config.update', array('version', '3.0.13')), + )), + ); + } +} diff --git a/phpBB/phpbb/db/migration/data/v30x/release_3_0_13_pl1.php b/phpBB/phpbb/db/migration/data/v30x/release_3_0_13_pl1.php new file mode 100644 index 0000000000..b12a96a7fb --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v30x/release_3_0_13_pl1.php @@ -0,0 +1,37 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v30x; + +class release_3_0_13_pl1 extends \phpbb\db\migration\migration +{ + public function effectively_installed() + { + return phpbb_version_compare($this->config['version'], '3.0.13-PL1', '>=') && phpbb_version_compare($this->config['version'], '3.1.0-dev', '<'); + } + + static public function depends_on() + { + return array('\phpbb\db\migration\data\v30x\release_3_0_13'); + } + + public function update_data() + { + return array( + array('if', array( + phpbb_version_compare($this->config['version'], '3.0.13-PL1', '<'), + array('config.update', array('version', '3.0.13-PL1')), + )), + ); + } +} diff --git a/phpBB/phpbb/db/migration/data/v31x/v313.php b/phpBB/phpbb/db/migration/data/v31x/v313.php new file mode 100644 index 0000000000..5a4e21a9b7 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v31x/v313.php @@ -0,0 +1,31 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v31x; + +class v313 extends \phpbb\db\migration\migration +{ + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v31x\v313rc2', + ); + } + + public function update_data() + { + return array( + array('config.update', array('version', '3.1.3')), + ); + } +} diff --git a/phpBB/phpbb/db/migration/data/v31x/v313rc1.php b/phpBB/phpbb/db/migration/data/v31x/v313rc1.php new file mode 100644 index 0000000000..e50754f805 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v31x/v313rc1.php @@ -0,0 +1,35 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v31x; + +class v313rc1 extends \phpbb\db\migration\migration +{ + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v30x\release_3_0_13_rc1', + '\phpbb\db\migration\data\v31x\plupload_last_gc_dynamic', + '\phpbb\db\migration\data\v31x\profilefield_remove_underscore_from_alpha', + '\phpbb\db\migration\data\v31x\profilefield_yahoo_update_url', + '\phpbb\db\migration\data\v31x\update_custom_bbcodes_with_idn', + ); + } + + public function update_data() + { + return array( + array('config.update', array('version', '3.1.3-RC1')), + ); + } +} diff --git a/phpBB/phpbb/db/migration/data/v31x/v313rc2.php b/phpBB/phpbb/db/migration/data/v31x/v313rc2.php new file mode 100644 index 0000000000..d832d6f502 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v31x/v313rc2.php @@ -0,0 +1,32 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v31x; + +class v313rc2 extends \phpbb\db\migration\migration +{ + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v30x\release_3_0_13_pl1', + '\phpbb\db\migration\data\v31x\v313rc1', + ); + } + + public function update_data() + { + return array( + array('config.update', array('version', '3.1.3-RC2')), + ); + } +} diff --git a/phpBB/phpbb/db/migration/tool/permission.php b/phpBB/phpbb/db/migration/tool/permission.php index 5cfbc5ca00..1a91127d2d 100644 --- a/phpBB/phpbb/db/migration/tool/permission.php +++ b/phpBB/phpbb/db/migration/tool/permission.php @@ -537,7 +537,8 @@ class permission implements \phpbb\db\migration\tool\tool_interface } $sql = 'DELETE FROM ' . ACL_ROLES_DATA_TABLE . ' - WHERE ' . $this->db->sql_in_set('auth_option_id', $to_remove); + WHERE ' . $this->db->sql_in_set('auth_option_id', $to_remove) . ' + AND role_id = ' . (int) $role_id; $this->db->sql_query($sql); break; diff --git a/phpBB/phpbb/event/kernel_terminate_subscriber.php b/phpBB/phpbb/event/kernel_terminate_subscriber.php index 57e4840380..3a709f73fd 100644 --- a/phpBB/phpbb/event/kernel_terminate_subscriber.php +++ b/phpBB/phpbb/event/kernel_terminate_subscriber.php @@ -35,7 +35,7 @@ class kernel_terminate_subscriber implements EventSubscriberInterface public static function getSubscribedEvents() { return array( - KernelEvents::TERMINATE => 'on_kernel_terminate', + KernelEvents::TERMINATE => array('on_kernel_terminate', ~PHP_INT_MAX), ); } } diff --git a/phpBB/phpbb/feed/base.php b/phpBB/phpbb/feed/base.php index e31854160a..322e2ee9f1 100644 --- a/phpBB/phpbb/feed/base.php +++ b/phpBB/phpbb/feed/base.php @@ -67,6 +67,9 @@ abstract class base */ var $separator_stats = "\xE2\x80\x94"; // — + /** @var mixed Query result handle */ + protected $result; + /** * Constructor * @@ -229,9 +232,7 @@ abstract class base function get_item() { - static $result; - - if (!isset($result)) + if (!isset($this->result)) { if (!$this->get_sql()) { @@ -240,10 +241,10 @@ abstract class base // Query database $sql = $this->db->sql_build_query('SELECT', $this->sql); - $result = $this->db->sql_query_limit($sql, $this->num_items); + $this->result = $this->db->sql_query_limit($sql, $this->num_items); } - return $this->db->sql_fetchrow($result); + return $this->db->sql_fetchrow($this->result); } function user_viewprofile($row) diff --git a/phpBB/phpbb/file_downloader.php b/phpBB/phpbb/file_downloader.php index d717b394d5..462b87ca51 100644 --- a/phpBB/phpbb/file_downloader.php +++ b/phpBB/phpbb/file_downloader.php @@ -33,7 +33,7 @@ class file_downloader * @return mixed File data as string if file can be read and there is no * timeout, false if there were errors or the connection timed out * - * @throws \RuntimeException If data can't be retrieved and no error + * @throws \phpbb\exception\runtime_exception If data can't be retrieved and no error * message is returned */ public function get($host, $directory, $filename, $port = 80, $timeout = 6) @@ -69,7 +69,7 @@ class file_downloader } else if (stripos($line, '404 not found') !== false) { - throw new \RuntimeException(array('FILE_NOT_FOUND', $filename)); + throw new \phpbb\exception\runtime_exception('FILE_NOT_FOUND', array($filename)); } } @@ -77,7 +77,7 @@ class file_downloader if (!empty($stream_meta_data['timed_out']) || time() >= $timer_stop) { - throw new \RuntimeException('FSOCK_TIMEOUT'); + throw new \phpbb\exception\runtime_exception('FSOCK_TIMEOUT'); } } @fclose($socket); @@ -91,7 +91,7 @@ class file_downloader } else { - throw new \RuntimeException('FSOCK_DISABLED'); + throw new \phpbb\exception\runtime_exception('FSOCK_DISABLED'); } } diff --git a/phpBB/phpbb/notification/manager.php b/phpBB/phpbb/notification/manager.php index aa52eb61d0..db92170dd8 100644 --- a/phpBB/phpbb/notification/manager.php +++ b/phpBB/phpbb/notification/manager.php @@ -38,7 +38,7 @@ class manager /** @var \phpbb\config\config */ protected $config; - /** @var \phpbb\event\dispatcher */ + /** @var \phpbb\event\dispatcher_interface */ protected $phpbb_dispatcher; /** @var \phpbb\db\driver\driver_interface */ @@ -73,7 +73,7 @@ class manager * @param ContainerInterface $phpbb_container * @param \phpbb\user_loader $user_loader * @param \phpbb\config\config $config - * @param \phpbb\event\dispatcher $phpbb_dispatcher + * @param \phpbb\event\dispatcher_interface $phpbb_dispatcher * @param \phpbb\db\driver\driver_interface $db * @param \phpbb\cache\service $cache * @param \phpbb\user $user @@ -85,7 +85,7 @@ class manager * * @return \phpbb\notification\manager */ - public function __construct($notification_types, $notification_methods, ContainerInterface $phpbb_container, \phpbb\user_loader $user_loader, \phpbb\config\config $config, \phpbb\event\dispatcher $phpbb_dispatcher, \phpbb\db\driver\driver_interface $db, \phpbb\cache\service $cache, $user, $phpbb_root_path, $php_ext, $notification_types_table, $notifications_table, $user_notifications_table) + public function __construct($notification_types, $notification_methods, ContainerInterface $phpbb_container, \phpbb\user_loader $user_loader, \phpbb\config\config $config, \phpbb\event\dispatcher_interface $phpbb_dispatcher, \phpbb\db\driver\driver_interface $db, \phpbb\cache\service $cache, $user, $phpbb_root_path, $php_ext, $notification_types_table, $notifications_table, $user_notifications_table) { $this->notification_types = $notification_types; $this->notification_methods = $notification_methods; diff --git a/phpBB/phpbb/notification/type/post.php b/phpBB/phpbb/notification/type/post.php index d9e74f2e95..421eff6372 100644 --- a/phpBB/phpbb/notification/type/post.php +++ b/phpBB/phpbb/notification/type/post.php @@ -357,6 +357,7 @@ class post extends \phpbb\notification\type\base { $tracking_data[$row['user_id']] = $row['mark_time']; } + $this->db->sql_freeresult($result); return $tracking_data; } diff --git a/phpBB/phpbb/notification/type/topic.php b/phpBB/phpbb/notification/type/topic.php index cf0ec77099..5f57087b73 100644 --- a/phpBB/phpbb/notification/type/topic.php +++ b/phpBB/phpbb/notification/type/topic.php @@ -257,6 +257,7 @@ class topic extends \phpbb\notification\type\base { $tracking_data[$row['user_id']] = $row['mark_time']; } + $this->db->sql_freeresult($result); return $tracking_data; } diff --git a/phpBB/phpbb/search/fulltext_native.php b/phpBB/phpbb/search/fulltext_native.php index 8865d37712..93ea46ca60 100644 --- a/phpBB/phpbb/search/fulltext_native.php +++ b/phpBB/phpbb/search/fulltext_native.php @@ -300,7 +300,7 @@ class fulltext_native extends \phpbb\search\base $this->search_query = $keywords; $exact_words = array(); - preg_match_all('#([^\\s+\\-|*()]+)(?:$|[\\s+\\-|()])#u', $keywords, $exact_words); + preg_match_all('#([^\\s+\\-|()]+)(?:$|[\\s+\\-|()])#u', $keywords, $exact_words); $exact_words = $exact_words[1]; $common_ids = $words = array(); diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php index 0a6a18ffbe..bedd581725 100644 --- a/phpBB/phpbb/session.php +++ b/phpBB/phpbb/session.php @@ -130,6 +130,10 @@ class session $script_path .= (substr($script_path, -1, 1) == '/') ? '' : '/'; $root_script_path .= (substr($root_script_path, -1, 1) == '/') ? '' : '/'; + $forum_id = $request->variable('f', 0); + // maximum forum id value is maximum value of mediumint unsigned column + $forum_id = ($forum_id > 0 && $forum_id < 16777215) ? $forum_id : 0; + $page_array += array( 'page_name' => $page_name, 'page_dir' => $page_dir, @@ -139,7 +143,7 @@ class session 'root_script_path' => str_replace(' ', '%20', htmlspecialchars($root_script_path)), 'page' => $page, - 'forum' => request_var('f', 0), + 'forum' => $forum_id, ); return $page_array; diff --git a/phpBB/phpbb/version_helper.php b/phpBB/phpbb/version_helper.php index dc62f06fb2..e4f68f5aab 100644 --- a/phpBB/phpbb/version_helper.php +++ b/phpBB/phpbb/version_helper.php @@ -257,9 +257,10 @@ class version_helper try { $info = $this->file_downloader->get($this->host, $this->path, $this->file); } - catch (\RuntimeException $exception) + catch (\phpbb\exception\runtime_exception $exception) { - throw new \RuntimeException($this->user->lang($exception->getMessage())); + $prepare_parameters = array_merge(array($exception->getMessage()), $exception->get_parameters()); + throw new \RuntimeException(call_user_func_array(array($this->user, 'lang'), $prepare_parameters)); } $error_string = $this->file_downloader->get_error_string(); |