+ global $db, $user, $phpbb_root_path, $phpEx, $phpbb_container;

+ $provider_collection = $phpbb_container->get('auth.provider_collection');

+ $provider = $provider_collection->get_provider();

+ 'user_row' => $this->user_row($php_auth_user, $php_auth_pw),

+ user_add($this->user_row($php_auth_user, $php_auth_pw));

+ $sql = 'SELECT *

+ $this->db->sql_query($sql);

+ if ($this->passwords_manager->check($password, $row['user_password'], $row))

+ 'error_msg' => 'LOGIN_ERROR_PASSWORD',

+ * @param string $provider_name The name of the auth provider

+ public function get_provider($provider_name = '')

+ $provider_name = ($provider_name !== '') ? $provider_name : basename(trim($this->config['auth_method']));

+ if ($this->offsetExists('auth.provider.' . $provider_name))

+ return $this->offsetGet('auth.provider.' . $provider_name);

+ $result = $this->prefix_avatar_columns($prefix, self::$default_row);

+ $sql = 'UPDATE ' . $table . '

+ SET ' . $db->sql_build_array('UPDATE', $result) . '

+ WHERE ' . $prefix . 'id = ' . (int) $avatar_data['id'];

+ $db->sql_query($sql);

+

+ // Make sure we also delete this avatar from the users

+ if ($prefix === 'group_')

+ $result = $this->prefix_avatar_columns('user_', self::$default_row);

+

+ $sql = 'UPDATE ' . USERS_TABLE . '

+ SET ' . $db->sql_build_array('UPDATE', $result) . "

+ WHERE user_avatar = '" . $db->sql_escape($avatar_data['avatar']) . "'";

+ $db->sql_query($sql);

+ }

+ /**

+ * Prefix avatar columns

+ *

+ * @param string $prefix Column prefix

+ * @param array $data Column data

+ *

+ * @return array Column data with prefixed column names

+ */

+ public function prefix_avatar_columns($prefix, $data)

+ {

+ foreach ($data as $key => $value)

+ {

+ $data[$prefix . $key] = $value;

+ unset($data[$key]);

+ }

+

+ return $data;

+ /**

+ * Constructor

+ */

+ public function __construct()

+ /* @var \phpbb\request\request_interface */

+ protected $request;

+

+ * @param \phpbb\request\request_interface $request phpBB request object

+ public function __construct(\phpbb\template\template $template, \phpbb\user $user, \phpbb\config\config $config, \phpbb\controller\provider $provider, \phpbb\extension\manager $manager, \phpbb\symfony_request $symfony_request, \phpbb\request\request_interface $request, \phpbb\filesystem $filesystem, $phpbb_root_path, $php_ext)

+ $this->request = $request;

+ $base_url = $this->request->escape($this->filesystem->clean_path($base_url), true);

+ return generate_board_url(true) . $this->request->escape($this->symfony_request->getRequestUri(), true);

+ if (strpos($captcha_plugin, 'phpbb_captcha_') === 0)

+ $captcha_plugin = substr($captcha_plugin, strlen('phpbb_captcha_'));

+ }

+ else if (strpos($captcha_plugin, 'phpbb_') === 0)

+ {

+ $captcha_plugin = substr($captcha_plugin, strlen('phpbb_'));

+ (is_dir($this->phpbb_root_path . 'includes/captcha/plugins/') &&

+ !is_file($this->phpbb_root_path . "includes/captcha/plugins/{$this->config['captcha_plugin']}_plugin." . $this->php_ext)),

+ FROM ' . STYLES_TABLE . ' s, ' . $this->table_prefix . 'styles_template t, ' . $this->table_prefix . "styles_theme c

+<?php

+/**

+*

+* This file is part of the phpBB Forum Software package.

+*

+* @copyright (c) phpBB Limited <https://www.phpbb.com>

+* @license GNU General Public License, version 2 (GPL-2.0)

+*

+* For full copyright and license information, please see

+* the docs/CREDITS.txt file.

+*

+*/

+

+namespace phpbb\db\migration\data\v31x;

+

+class m_softdelete_global extends \phpbb\db\migration\migration

+{

+ static public function depends_on()

+ {

+ return array('\phpbb\db\migration\data\v31x\v311');

+ }

+

+ public function update_data()

+ {

+ return array(

+ // Make m_softdelete global. The add method will take care of updating

+ // it if it already exists.

+ array('permission.add', array('m_softdelete', true)),

+ );

+ }

+}

+<?php

+/**

+*

+* This file is part of the phpBB Forum Software package.

+*

+* @copyright (c) phpBB Limited <https://www.phpbb.com>

+* @license GNU General Public License, version 2 (GPL-2.0)

+*

+* For full copyright and license information, please see

+* the docs/CREDITS.txt file.

+*

+*/

+

+namespace phpbb\db\migration\data\v31x;

+

+class style_update extends \phpbb\db\migration\migration

+{

+ static public function depends_on()

+ {

+ return array('\phpbb\db\migration\data\v310\gold');

+ }

+

+ public function update_data()

+ {

+ return array(

+ array('custom', array(array($this, 'update_installed_styles'))),

+ );

+ }

+

+ public function update_installed_styles()

+ {

+ // Get all currently available styles

+ $styles = $this->find_style_dirs();

+ $style_paths = $style_ids = array();

+

+ $sql = 'SELECT style_path, style_id

+ FROM ' . $this->table_prefix . 'styles';

+ $result = $this->db->sql_query($sql);

+ while ($styles_row = $this->db->sql_fetchrow())

+ {

+ if (in_array($styles_row['style_path'], $styles))

+ {

+ $style_paths[] = $styles_row['style_path'];

+ $style_ids[] = $styles_row['style_id'];

+ }

+ }

+ $this->db->sql_freeresult($result);

+

+ // Install prosilver if no style is available and prosilver can be installed

+ if (empty($style_paths) && in_array('prosilver', $styles))

+ {

+ // Try to parse config file

+ $cfg = parse_cfg_file($this->phpbb_root_path . 'styles/prosilver/style.cfg');

+

+ // Stop running this if prosilver cfg file can't be read

+ if (empty($cfg))

+ {

+ throw new \RuntimeException('No styles available and could not fall back to prosilver.');

+ }

+

+ $style = array(

+ 'style_name' => 'prosilver',

+ 'style_copyright' => '&copy; phpBB Limited',

+ 'style_active' => 1,

+ 'style_path' => 'prosilver',

+ 'bbcode_bitfield' => 'kNg=',

+ 'style_parent_id' => 0,

+ 'style_parent_tree' => '',

+ );

+

+ // Add to database

+ $this->db->sql_transaction('begin');

+

+ $sql = 'INSERT INTO ' . $this->table_prefix . 'styles

+ ' . $this->db->sql_build_array('INSERT', $style);

+ $this->db->sql_query($sql);

+

+ $style_id = $this->db->sql_nextid();

+ $style_ids[] = $style_id;

+

+ $this->db->sql_transaction('commit');

+

+ // Set prosilver to default style

+ $this->config->set('default_style', $style_id);

+ }

+ else if (empty($styles) && empty($available_styles))

+ {

+ throw new \RuntimeException('No valid styles available');

+ }

+

+ // Make sure default style is available

+ if (!in_array($this->config['default_style'], $style_ids))

+ {

+ $this->config->set('default_style', array_pop($style_ids));

+ }

+

+ // Reset users to default style if their user_style is nonexistent

+ $sql = 'UPDATE ' . $this->table_prefix . "users

+ SET user_style = {$this->config['default_style']}

+ WHERE " . $this->db->sql_in_set('user_style', $style_ids, true, true);

+ $this->db->sql_query($sql);

+ }

+

+ /**

+ * Find all directories that have styles

+ * Copied from acp_styles

+ *

+ * @return array Directory names

+ */

+ protected function find_style_dirs()

+ {

+ $styles = array();

+ $styles_path = $this->phpbb_root_path . 'styles/';

+

+ $dp = @opendir($styles_path);

+ if ($dp)

+ {

+ while (($file = readdir($dp)) !== false)

+ {

+ $dir = $styles_path . $file;

+ if ($file[0] == '.' || !is_dir($dir))

+ {

+ continue;

+ }

+

+ if (file_exists("{$dir}/style.cfg"))

+ {

+ $styles[] = $file;

+ }

+ }

+ closedir($dp);

+ }

+

+ return $styles;

+ }

+}

+<?php

+/**

+*

+* This file is part of the phpBB Forum Software package.

+*

+* @copyright (c) phpBB Limited <https://www.phpbb.com>

+* @license GNU General Public License, version 2 (GPL-2.0)

+*

+* For full copyright and license information, please see

+* the docs/CREDITS.txt file.

+*

+*/

+

+namespace phpbb\db\migration\data\v31x;

+

+class v311 extends \phpbb\db\migration\migration

+{

+ static public function depends_on()

+ {

+ return array(

+ '\phpbb\db\migration\data\v310\gold',

+ '\phpbb\db\migration\data\v31x\style_update',

+ );

+ }

+

+ public function update_data()

+ {

+ return array(

+ array('config.update', array('version', '3.1.1')),

+ );

+ }

+}

+<?php

+/**

+*

+* This file is part of the phpBB Forum Software package.

+*

+* @copyright (c) phpBB Limited <https://www.phpbb.com>

+* @license GNU General Public License, version 2 (GPL-2.0)

+*

+* For full copyright and license information, please see

+* the docs/CREDITS.txt file.

+*

+*/

+

+namespace phpbb\db\migration\data\v31x;

+

+class v312 extends \phpbb\db\migration\migration

+{

+ static public function depends_on()

+ {

+ return array(

+ '\phpbb\db\migration\data\v31x\v312rc1',

+ );

+ }

+

+ public function update_data()

+ {

+ return array(

+ array('config.update', array('version', '3.1.2')),

+ );

+ }

+}

+<?php

+/**

+*

+* This file is part of the phpBB Forum Software package.

+*

+* @copyright (c) phpBB Limited <https://www.phpbb.com>

+* @license GNU General Public License, version 2 (GPL-2.0)

+*

+* For full copyright and license information, please see

+* the docs/CREDITS.txt file.

+*

+*/

+

+namespace phpbb\db\migration\data\v31x;

+

+class v312rc1 extends \phpbb\db\migration\migration

+{

+ static public function depends_on()

+ {

+ return array(

+ '\phpbb\db\migration\data\v31x\v311',

+ '\phpbb\db\migration\data\v31x\m_softdelete_global',

+ );

+ }

+

+ public function update_data()

+ {

+ return array(

+ array('config.update', array('version', '3.1.2-RC1')),

+ );

+ }

+}

+ * Array of migrations that have been determined to be fulfillable

+ *

+ * @var array

+ */

+ protected $fulfillable_migrations = array();

+

+ /**

+ if (isset($this->migration_state[$name]) || isset($this->fulfillable_migrations[$name]))

+ $this->fulfillable_migrations[$name] = true;

+ AND INDEXPROPERTY(ix.id, ix.name, 'IsUnique') = " . ($unique ? '1' : '0');

+ AND ix.is_unique = " . ($unique ? '1' : '0');

+ $parameters = array(

+ 'core.adm_relative_path' => $this->config_php->get('phpbb_adm_relative_path') ? $this->config_php->get('phpbb_adm_relative_path') : 'adm/',

+ 'core.table_prefix' => $this->config_php->get('table_prefix'),

+ 'cache.driver.class' => $this->convert_30_acm_type($this->config_php->get('acm_type')),

+ 'dbal.driver.class' => $this->config_php->convert_30_dbms_to_31($this->config_php->get('dbms')),

+ 'dbal.dbhost' => $this->config_php->get('dbhost'),

+ 'dbal.dbuser' => $this->config_php->get('dbuser'),

+ 'dbal.dbpasswd' => $this->config_php->get('dbpasswd'),

+ 'dbal.dbname' => $this->config_php->get('dbname'),

+ 'dbal.dbport' => $this->config_php->get('dbport'),

+ 'dbal.new_link' => defined('PHPBB_DB_NEW_LINK') && PHPBB_DB_NEW_LINK,

+ );

+ $parameter_bag = $container->getParameterBag();

+

+ foreach ($parameters as $parameter => $value)

+ {

+ $container->setParameter($parameter, $parameter_bag->escapeValue($value));

+ }

+ array_walk_recursive($metadata, array($this, 'sanitize_json'));

+ * Sanitize input from JSON array using htmlspecialchars()

+ *

+ * @param mixed $value Value of array row

+ * @param string $key Key of array row

+ */

+ public function sanitize_json(&$value, $key)

+ {

+ $value = htmlspecialchars($value);

+ }

+

+ /**

+ 'META_NAME' => $this->metadata['name'],

+ 'META_TYPE' => $this->metadata['type'],

+ 'META_DESCRIPTION' => (isset($this->metadata['description'])) ? $this->metadata['description'] : '',

+ 'META_VERSION' => (isset($this->metadata['version'])) ? $this->metadata['version'] : '',

+ 'META_TIME' => (isset($this->metadata['time'])) ? $this->metadata['time'] : '',

+ 'META_LICENSE' => $this->metadata['license'],

+ 'META_REQUIRE_PHP' => (isset($this->metadata['require']['php'])) ? $this->metadata['require']['php'] : '',

+ 'META_REQUIRE_PHPBB' => (isset($this->metadata['extra']['soft-require']['phpbb/phpbb'])) ? $this->metadata['extra']['soft-require']['phpbb/phpbb'] : '',

+ 'META_DISPLAY_NAME' => (isset($this->metadata['extra']['display-name'])) ? $this->metadata['extra']['display-name'] : '',

+ 'AUTHOR_NAME' => $author['name'],

+ 'AUTHOR_ROLE' => (isset($author['role'])) ? $author['role'] : '',

+<?php

+/**

+*

+* This file is part of the phpBB Forum Software package.

+*

+* @copyright (c) phpBB Limited <https://www.phpbb.com>

+* @license GNU General Public License, version 2 (GPL-2.0)

+*

+* For full copyright and license information, please see

+* the docs/CREDITS.txt file.

+*

+*/

+

+namespace phpbb;

+

+class file_downloader

+{

+ /** @var string Error string */

+ protected $error_string = '';

+

+ /** @var int Error number */

+ protected $error_number = 0;

+

+ /**

+ * Retrieve contents from remotely stored file

+ *

+ * @param string $host File host

+ * @param string $directory Directory file is in

+ * @param string $filename Filename of file to retrieve

+ * @param int $port Port to connect to; default: 80

+ * @param int $timeout Connection timeout in seconds; default: 6

+ *

+ * @return mixed File data as string if file can be read and there is no

+ * timeout, false if there were errors or the connection timed out

+ *

+ * @throws \RuntimeException If data can't be retrieved and no error

+ * message is returned

+ */

+ public function get($host, $directory, $filename, $port = 80, $timeout = 6)

+ {

+ // Set default values for error variables

+ $this->error_number = 0;

+ $this->error_string = '';

+

+ if ($socket = @fsockopen($host, $port, $this->error_number, $this->error_string, $timeout))

+ {

+ @fputs($socket, "GET $directory/$filename HTTP/1.0\r\n");

+ @fputs($socket, "HOST: $host\r\n");

+ @fputs($socket, "Connection: close\r\n\r\n");

+

+ $timer_stop = time() + $timeout;

+ stream_set_timeout($socket, $timeout);

+

+ $file_info = '';

+ $get_info = false;

+

+ while (!@feof($socket))

+ {

+ if ($get_info)

+ {

+ $file_info .= @fread($socket, 1024);

+ }

+ else

+ {

+ $line = @fgets($socket, 1024);

+ if ($line == "\r\n")

+ {

+ $get_info = true;

+ }

+ else if (stripos($line, '404 not found') !== false)

+ {

+ throw new \RuntimeException(array('FILE_NOT_FOUND', $filename));

+ }

+ }

+

+ $stream_meta_data = stream_get_meta_data($socket);

+

+ if (!empty($stream_meta_data['timed_out']) || time() >= $timer_stop)

+ {

+ throw new \RuntimeException('FSOCK_TIMEOUT');

+ }

+ }

+ @fclose($socket);

+ }

+ else

+ {

+ if ($this->error_string)

+ {

+ $this->error_string = utf8_convert_message($this->error_string);

+ return false;

+ }

+ else

+ {

+ throw new \RuntimeException('FSOCK_DISABLED');

+ }

+ }

+

+ return $file_info;

+ }

+

+ /**

+ * Get error string

+ *

+ * @return string Error string

+ */

+ public function get_error_string()

+ {

+ return $this->error_string;

+ }

+

+ /**

+ * Get error number

+ *

+ * @return int Error number

+ */

+ public function get_error_number()

+ {

+ return $this->error_number;

+ }

+}

+ 'S_POST_ACTION' => append_sid($this->phpbb_root_path . 'memberlist.' . $this->phpEx, 'mode=contactadmin'),

+ if ($this->cc_sender && $this->user->data['is_registered'])

+ $this->message->set_body($this->body);

+ (($item_parent_id !== false) ? ' AND ' . (is_array($item_parent_id) ? $this->db->sql_in_set('item_parent_id', $item_parent_id, false, true) : 'item_parent_id = ' . (int) $item_parent_id) : '') .

+ // We do not need to escape $path_info, $request_uri and $script_name because we can not find their content in the result.

+ // We need to escape $absolute_board_url because it can be partially concatenated to the result.

+ $absolute_board_url = $this->request->escape($this->symfony_request->getSchemeAndHttpHost() . $this->symfony_request->getBasePath(), true);

+

+ $absolute_board_url

+ while (($dir_position = strpos($absolute_board_url, $referer_dir)) !== 0)

+

+ // Just return phpbb_root_path if we reach the top directory

+ if ($referer_dir === '.')

+ {

+ return $this->phpbb_root_path;

+ }

+ $default_value = '';

+ $lang_fields = array(

+ 'l_lang_name',

+ 'l_lang_explain',

+ 'l_lang_default_value',

+ 'l_lang_options',

+ );

+

+ if (in_array($key, $lang_fields))

+ {

+ $default_value = array(0 => '');

+ }

+ return $this->request->variable($key, $default_value, true);

+ if ($key == 'l_lang_options' && $this->request->is_set($key))

+ return $this->variable($form_name, array('name' => 'none'), true, \phpbb\request\request_interface::FILES);

+

+ /**

+ * {@inheritdoc}

+ */

+ public function escape($var, $multibyte)

+ {

+ if (is_array($var))

+ {

+ $result = array();

+ foreach ($var as $key => $value)

+ {

+ $this->type_cast_helper->set_var($key, $key, gettype($key), $multibyte);

+ $result[$key] = $this->escape($value, $multibyte);

+ }

+ $var = $result;

+ }

+ else

+ {

+ $this->type_cast_helper->set_var($var, $var, 'string', $multibyte);

+ }

+

+ return $var;

+ }

+

+ /**

+ * Escape a string variable.

+ *

+ * @param mixed $value The contents to fill with

+ * @param bool $multibyte Indicates whether string values may contain UTF-8 characters.

+ * Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks.

+ * @return string|array

+ */

+ public function escape($value, $multibyte);

+ * Extract current session page

+ *

+ * @param string $root_path current root path (phpbb_root_path)

+ * @return array

+ */

+ $script_name = $request->escape($symfony_request->getScriptName(), true);

+ $args = $request->escape(explode('&', $symfony_request->getQueryString()), true);

+ $find = array('"', "'", '<', '>', '&quot;', '&lt;', '&gt;');

+ $replace = array('%22', '%27', '%3C', '%3E', '%22', '%3C', '%3E');

+ $page_name .= str_replace('%2F', '/', urlencode($symfony_request_path));

+ $domain = (!$config['cookie_domain'] || $config['cookie_domain'] == '127.0.0.1' || strpos($config['cookie_domain'], '.') === false) ? '' : '; domain=' . $config['cookie_domain'];

+/**

+ * WARNING: The Symfony request does not escape the input and should be used very carefully

+ * prefer the phpbb request as possible

+ */

+ if (defined('DEBUG'))

+ {

+ $this->twig->addExtension(new \Twig_Extension_Debug());

+ }

+

+ $theme_path = $path . 'theme/';

+ $is_valid_dir = false;

+ $is_valid_dir = true;

+ $paths[] = $template_path;

+ }

+ if (is_dir($theme_path))

+ {

+ $is_valid_dir = true;

+ $paths[] = $theme_path;

+ }

+

+ if ($is_valid_dir)

+ {

+ $ext_style_theme_path = $ext_style_path . 'theme/';

+ $ext_style_theme_path = $ext_style_path . 'theme/';

+ $ext_style_theme_path = $ext_style_path . 'theme/';

+ $ok = false;

+ $ok = true;

+ $paths[] = $ext_style_template_path;

+ }

+ if (is_dir($ext_style_theme_path))

+ {

+ $ok = true;

+ $paths[] = $ext_style_theme_path;

+ }

+

+ if ($ok)

+ {

+ /** @var \phpbb\file_downloader */

+ protected $file_downloader;

+

+ * @param \phpbb\file_downloader $file_downloader

+ public function __construct(\phpbb\cache\service $cache, \phpbb\config\config $config, \phpbb\file_downloader $file_downloader, \phpbb\user $user)

+ $this->file_downloader = $file_downloader;

+ try {

+ $info = $this->file_downloader->get($this->host, $this->path, $this->file);

+ }

+ catch (\RuntimeException $exception)

+ {

+ throw new \RuntimeException($this->user->lang($exception->getMessage()));

+ }

+ $error_string = $this->file_downloader->get_error_string();

+ if (!empty($error_string))

+ throw new \RuntimeException($error_string);

+ // Sanitize any data we retrieve from a server

+ if (!empty($info))

+ {

+ $json_sanitizer = function (&$value, $key) {

+ $type_cast_helper = new \phpbb\request\type_cast_helper();

+ $type_cast_helper->set_var($value, $value, gettype($value), true);

+ };

+ array_walk_recursive($info, $json_sanitizer);

+ }

+