diff options
Diffstat (limited to 'phpBB/phpbb')
29 files changed, 708 insertions, 67 deletions
diff --git a/phpBB/phpbb/auth/provider/oauth/oauth.php b/phpBB/phpbb/auth/provider/oauth/oauth.php index 8809a0c6b4..1a3083d42e 100644 --- a/phpBB/phpbb/auth/provider/oauth/oauth.php +++ b/phpBB/phpbb/auth/provider/oauth/oauth.php @@ -191,7 +191,7 @@ class oauth extends \phpbb\auth\provider\base return $provider->login($username, $password); } - // Requst the name of the OAuth service + // Request the name of the OAuth service $service_name_original = $this->request->variable('oauth_service', '', false); $service_name = 'auth.provider.oauth.service.' . strtolower($service_name_original); if ($service_name_original === '' || !array_key_exists($service_name, $this->service_providers)) @@ -221,24 +221,33 @@ class oauth extends \phpbb\auth\provider\base 'provider' => $service_name_original, 'oauth_provider_id' => $unique_id ); + $sql = 'SELECT user_id FROM ' . $this->auth_provider_oauth_token_account_assoc . ' WHERE ' . $this->db->sql_build_array('SELECT', $data); $result = $this->db->sql_query($sql); $row = $this->db->sql_fetchrow($result); $this->db->sql_freeresult($result); + $redirect_data = array( + 'auth_provider' => 'oauth', + 'login_link_oauth_service' => $service_name_original, + ); + /** * Event is triggered before check if provider is already associated with an account * * @event core.oauth_login_after_check_if_provider_id_has_match - * @var array row User row - * @var array data Provider data - * @var \OAuth\Common\Service\ServiceInterface service OAuth service + * @var array row User row + * @var array data Provider data + * @var array redirect_data Data to be appended to the redirect url + * @var \OAuth\Common\Service\ServiceInterface service OAuth service * @since 3.2.3-RC1 + * @changed 3.2.6-RC1 Added redirect_data */ $vars = array( 'row', 'data', + 'redirect_data', 'service', ); extract($this->dispatcher->trigger_event('core.oauth_login_after_check_if_provider_id_has_match', compact($vars))); @@ -250,15 +259,12 @@ class oauth extends \phpbb\auth\provider\base 'status' => LOGIN_SUCCESS_LINK_PROFILE, 'error_msg' => 'LOGIN_OAUTH_ACCOUNT_NOT_LINKED', 'user_row' => array(), - 'redirect_data' => array( - 'auth_provider' => 'oauth', - 'login_link_oauth_service' => $service_name_original, - ), + 'redirect_data' => $redirect_data, ); } // Retrieve the user's account - $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type, user_login_attempts + $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_ip, user_type, user_login_attempts FROM ' . $this->users_table . ' WHERE user_id = ' . (int) $row['user_id']; $result = $this->db->sql_query($sql); @@ -270,11 +276,36 @@ class oauth extends \phpbb\auth\provider\base throw new \Exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_ENTRY'); } + /** + * Check if the user is banned. + * The fourth parameter, return, has to be true, + * otherwise the OAuth login is still called and + * an uncaught exception is thrown as there is no + * token stored in the database. + */ + $ban = $this->user->check_ban($row['user_id'], $row['user_ip'], $row['user_email'], true); + if (!empty($ban)) + { + $till_date = !empty($ban['ban_end']) ? $this->user->format_date($ban['ban_end']) : ''; + $message = !empty($ban['ban_end']) ? 'BOARD_BAN_TIME' : 'BOARD_BAN_PERM'; + + $contact_link = phpbb_get_board_contact_link($this->config, $this->phpbb_root_path, $this->php_ext); + $message = $this->user->lang($message, $till_date, '<a href="' . $contact_link . '">', '</a>'); + $message .= !empty($ban['ban_give_reason']) ? '<br /><br />' . $this->user->lang('BOARD_BAN_REASON', $ban['ban_give_reason']) : ''; + $message .= !empty($ban['ban_triggered_by']) ? '<br /><br /><em>' . $this->user->lang('BAN_TRIGGERED_BY_' . strtoupper($ban['ban_triggered_by'])) . '</em>' : ''; + + return array( + 'status' => LOGIN_BREAK, + 'error_msg' => $message, + 'user_row' => $row, + ); + } + // Update token storage to store the user_id $storage->set_user_id($row['user_id']); /** - * Event is triggered after user is successfuly logged in via OAuth. + * Event is triggered after user is successfully logged in via OAuth. * * @event core.auth_oauth_login_after * @var array row User row @@ -392,7 +423,7 @@ class oauth extends \phpbb\auth\provider\base if ($credentials['key'] && $credentials['secret']) { $actual_name = str_replace('auth.provider.oauth.service.', '', $service_name); - $redirect_url = build_url(false) . '&login=external&oauth_service=' . $actual_name; + $redirect_url = generate_board_url() . '/ucp.' . $this->php_ext . '?mode=login&login=external&oauth_service=' . $actual_name; $login_data['BLOCK_VARS'][$service_name] = array( 'REDIRECT_URL' => redirect($redirect_url, true), 'SERVICE_NAME' => $this->user->lang['AUTH_PROVIDER_OAUTH_SERVICE_' . strtoupper($actual_name)], @@ -674,6 +705,7 @@ class oauth extends \phpbb\auth\provider\base 'oauth_service' => $actual_name, ), + 'SERVICE_ID' => $actual_name, 'SERVICE_NAME' => $this->user->lang['AUTH_PROVIDER_OAUTH_SERVICE_' . strtoupper($actual_name)], 'UNIQUE_ID' => (isset($oauth_user_ids[$actual_name])) ? $oauth_user_ids[$actual_name] : null, ); @@ -707,7 +739,7 @@ class oauth extends \phpbb\auth\provider\base AND user_id = " . (int) $user_id; $this->db->sql_query($sql); - // Clear all tokens belonging to the user on this servce + // Clear all tokens belonging to the user on this service $service_name = 'auth.provider.oauth.service.' . strtolower($link_data['oauth_service']); $storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table, $this->auth_provider_oauth_state_table); $storage->clearToken($service_name); diff --git a/phpBB/phpbb/auth/provider/provider_interface.php b/phpBB/phpbb/auth/provider/provider_interface.php index 35e0f559a1..463324ff46 100644 --- a/phpBB/phpbb/auth/provider/provider_interface.php +++ b/phpBB/phpbb/auth/provider/provider_interface.php @@ -71,9 +71,10 @@ interface provider_interface * options with whatever configuraton values are passed to it as an array. * It then returns the name of the acp file related to this authentication * provider. - * @param array $new_config Contains the new configuration values that - * have been set in acp_board. - * @return array|null Returns null if not implemented or an array with + * + * @param \phpbb\config\config $new_config Contains the new configuration values + * that have been set in acp_board. + * @return array|null Returns null if not implemented or an array with * the template file name and an array of the vars * that the template needs that must conform to the * following example: diff --git a/phpBB/phpbb/avatar/driver/upload.php b/phpBB/phpbb/avatar/driver/upload.php index 77b44754ac..a012bb15b6 100644 --- a/phpBB/phpbb/avatar/driver/upload.php +++ b/phpBB/phpbb/avatar/driver/upload.php @@ -148,7 +148,8 @@ class upload extends \phpbb\avatar\driver\driver // Do not allow specifying the port (see RFC 3986) or IP addresses // remote_upload() will do its own check for allowed filetypes - if (preg_match('@^(http|https|ftp)://[^/:?#]+:[0-9]+[/:?#]@i', $url) || + if (!preg_match('#^(http|https|ftp)://(?:(.*?\.)*?[a-z0-9\-]+?\.[a-z]{2,4}|(?:\d{1,3}\.){3,5}\d{1,3}):?([0-9]*?).*?\.('. implode('|', $this->allowed_extensions) . ')$#i', $url) || + preg_match('@^(http|https|ftp)://[^/:?#]+:[0-9]+[/:?#]@i', $url) || preg_match('#^(http|https|ftp)://(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])#i', $url) || preg_match('#^(http|https|ftp)://(?:(?:(?:[\dA-F]{1,4}:){6}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:::(?:[\dA-F]{1,4}:){0,5}(?:[\dA-F]{1,4}(?::[\dA-F]{1,4})?|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:):(?:[\dA-F]{1,4}:){4}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,2}:(?:[\dA-F]{1,4}:){3}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,3}:(?:[\dA-F]{1,4}:){2}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,4}:(?:[\dA-F]{1,4}:)(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,5}:(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,6}:[\dA-F]{1,4})|(?:(?:[\dA-F]{1,4}:){1,7}:)|(?:::))#i', $url)) { diff --git a/phpBB/phpbb/avatar/manager.php b/phpBB/phpbb/avatar/manager.php index 6d9604db04..a909a91042 100644 --- a/phpBB/phpbb/avatar/manager.php +++ b/phpBB/phpbb/avatar/manager.php @@ -271,7 +271,7 @@ class manager $config_name = $driver->get_config_name(); return array( - 'allow_avatar_' . $config_name => array('lang' => 'ALLOW_' . strtoupper(str_replace('\\', '_', $config_name)), 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), + 'allow_avatar_' . $config_name => array('lang' => 'ALLOW_' . strtoupper(str_replace('\\', '_', $config_name)), 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), ); } diff --git a/phpBB/phpbb/captcha/plugins/qa.php b/phpBB/phpbb/captcha/plugins/qa.php index 70b3f72cc3..966b8d32f2 100644 --- a/phpBB/phpbb/captcha/plugins/qa.php +++ b/phpBB/phpbb/captcha/plugins/qa.php @@ -21,7 +21,7 @@ class qa { var $confirm_id; var $answer; - var $question_ids; + var $question_ids = []; var $question_text; var $question_lang; var $question_strict; diff --git a/phpBB/phpbb/console/command/thumbnail/delete.php b/phpBB/phpbb/console/command/thumbnail/delete.php index 9f2ee822be..7b95c20cf2 100644 --- a/phpBB/phpbb/console/command/thumbnail/delete.php +++ b/phpBB/phpbb/console/command/thumbnail/delete.php @@ -19,6 +19,11 @@ use Symfony\Component\Console\Style\SymfonyStyle; class delete extends \phpbb\console\command\command { /** + * @var \phpbb\config\config + */ + protected $config; + + /** * @var \phpbb\db\driver\driver_interface */ protected $db; @@ -32,12 +37,14 @@ class delete extends \phpbb\console\command\command /** * Constructor * + * @param \config\config $config The config * @param \phpbb\user $user The user object (used to get language information) * @param \phpbb\db\driver\driver_interface $db Database connection * @param string $phpbb_root_path Root path */ - public function __construct(\phpbb\user $user, \phpbb\db\driver\driver_interface $db, $phpbb_root_path) + public function __construct(\phpbb\config\config $config, \phpbb\user $user, \phpbb\db\driver\driver_interface $db, $phpbb_root_path) { + $this->config = $config; $this->db = $db; $this->phpbb_root_path = $phpbb_root_path; @@ -101,7 +108,7 @@ class delete extends \phpbb\console\command\command $return = 0; while ($row = $this->db->sql_fetchrow($result)) { - $thumbnail_path = $this->phpbb_root_path . 'files/thumb_' . $row['physical_filename']; + $thumbnail_path = $this->phpbb_root_path . $this->config['upload_path'] . '/thumb_' . $row['physical_filename']; if (@unlink($thumbnail_path)) { diff --git a/phpBB/phpbb/console/command/thumbnail/generate.php b/phpBB/phpbb/console/command/thumbnail/generate.php index 64f7555336..1f6582b17b 100644 --- a/phpBB/phpbb/console/command/thumbnail/generate.php +++ b/phpBB/phpbb/console/command/thumbnail/generate.php @@ -20,6 +20,11 @@ use Symfony\Component\Console\Style\SymfonyStyle; class generate extends \phpbb\console\command\command { /** + * @var \phpbb\config\config + */ + protected $config; + + /** * @var \phpbb\db\driver\driver_interface */ protected $db; @@ -45,14 +50,16 @@ class generate extends \phpbb\console\command\command /** * Constructor * + * @param \config\config $config The config * @param \phpbb\user $user The user object (used to get language information) * @param \phpbb\db\driver\driver_interface $db Database connection * @param \phpbb\cache\service $cache The cache service * @param string $phpbb_root_path Root path * @param string $php_ext PHP extension */ - public function __construct(\phpbb\user $user, \phpbb\db\driver\driver_interface $db, \phpbb\cache\service $cache, $phpbb_root_path, $php_ext) + public function __construct(\phpbb\config\config $config, \phpbb\user $user, \phpbb\db\driver\driver_interface $db, \phpbb\cache\service $cache, $phpbb_root_path, $php_ext) { + $this->config = $config; $this->db = $db; $this->cache = $cache; $this->phpbb_root_path = $phpbb_root_path; @@ -126,8 +133,8 @@ class generate extends \phpbb\console\command\command { if (isset($extensions[$row['extension']]['display_cat']) && $extensions[$row['extension']]['display_cat'] == ATTACHMENT_CATEGORY_IMAGE) { - $source = $this->phpbb_root_path . 'files/' . $row['physical_filename']; - $destination = $this->phpbb_root_path . 'files/thumb_' . $row['physical_filename']; + $source = $this->phpbb_root_path . $this->config['upload_path'] . '/' . $row['physical_filename']; + $destination = $this->phpbb_root_path . $this->config['upload_path'] . '/thumb_' . $row['physical_filename']; if (create_thumbnail($source, $destination, $row['mimetype'])) { diff --git a/phpBB/phpbb/db/migration/data/v32x/disable_remote_avatar.php b/phpBB/phpbb/db/migration/data/v32x/disable_remote_avatar.php new file mode 100644 index 0000000000..b08833fad4 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v32x/disable_remote_avatar.php @@ -0,0 +1,34 @@ +<?php +/** + * + * This file is part of the phpBB Forum Software package. + * + * @copyright (c) phpBB Limited <https://www.phpbb.com> + * @license GNU General Public License, version 2 (GPL-2.0) + * + * For full copyright and license information, please see + * the docs/CREDITS.txt file. + * + */ + +namespace phpbb\db\migration\data\v32x; + +use phpbb\db\migration\migration; + +class disable_remote_avatar extends migration +{ + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v32x\v325', + ); + } + + public function update_data() + { + return array( + array('config.update', array('allow_avatar_remote', '0')), + array('config.update', array('allow_avatar_remote_upload', '0')), + ); + } +} diff --git a/phpBB/phpbb/db/migration/data/v32x/smtp_dynamic_data.php b/phpBB/phpbb/db/migration/data/v32x/smtp_dynamic_data.php new file mode 100644 index 0000000000..aeaa3e8979 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v32x/smtp_dynamic_data.php @@ -0,0 +1,42 @@ +<?php +/** + * + * This file is part of the phpBB Forum Software package. + * + * @copyright (c) phpBB Limited <https://www.phpbb.com> + * @license GNU General Public License, version 2 (GPL-2.0) + * + * For full copyright and license information, please see + * the docs/CREDITS.txt file. + * + */ + +namespace phpbb\db\migration\data\v32x; + +class smtp_dynamic_data extends \phpbb\db\migration\migration +{ + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v32x\v326rc1', + ); + } + + public function update_data() + { + return array( + array('custom', array(array($this, 'set_smtp_dynamic'))), + ); + } + + public function set_smtp_dynamic() + { + $smtp_auth_entries = [ + 'smtp_password', + 'smtp_username', + ]; + $this->sql_query('UPDATE ' . CONFIG_TABLE . ' + SET is_dynamic = 1 + WHERE ' . $this->db->sql_in_set('config_name', $smtp_auth_entries)); + } +} diff --git a/phpBB/phpbb/db/migration/data/v32x/timezone_p3.php b/phpBB/phpbb/db/migration/data/v32x/timezone_p3.php new file mode 100644 index 0000000000..433f62ace9 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v32x/timezone_p3.php @@ -0,0 +1,29 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v32x; + +class timezone_p3 extends \phpbb\db\migration\migration +{ + static public function depends_on() + { + return array('\phpbb\db\migration\data\v310\timezone'); + } + + public function update_data() + { + return array( + array('config.remove', array('board_dst')), + ); + } +} diff --git a/phpBB/phpbb/db/migration/data/v32x/v326.php b/phpBB/phpbb/db/migration/data/v32x/v326.php new file mode 100644 index 0000000000..2d511b9ed8 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v32x/v326.php @@ -0,0 +1,39 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v32x; + +class v326 extends \phpbb\db\migration\migration +{ + public function effectively_installed() + { + return phpbb_version_compare($this->config['version'], '3.2.6', '>='); + } + + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v32x\v326rc1', + '\phpbb\db\migration\data\v32x\disable_remote_avatar', + '\phpbb\db\migration\data\v32x\smtp_dynamic_data', + ); + + } + + public function update_data() + { + return array( + array('config.update', array('version', '3.2.6')), + ); + } +} diff --git a/phpBB/phpbb/db/migration/data/v32x/v326rc1.php b/phpBB/phpbb/db/migration/data/v32x/v326rc1.php new file mode 100644 index 0000000000..092700d3db --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v32x/v326rc1.php @@ -0,0 +1,37 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v32x; + +class v326rc1 extends \phpbb\db\migration\migration +{ + public function effectively_installed() + { + return phpbb_version_compare($this->config['version'], '3.2.6-RC1', '>='); + } + + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v32x\v325', + ); + + } + + public function update_data() + { + return array( + array('config.update', array('version', '3.2.6-RC1')), + ); + } +} diff --git a/phpBB/phpbb/db/migration/data/v32x/v327.php b/phpBB/phpbb/db/migration/data/v32x/v327.php new file mode 100644 index 0000000000..f9ea11f4b9 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v32x/v327.php @@ -0,0 +1,37 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v32x; + +class v327 extends \phpbb\db\migration\migration +{ + public function effectively_installed() + { + return phpbb_version_compare($this->config['version'], '3.2.7', '>='); + } + + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v32x\v327rc1', + ); + + } + + public function update_data() + { + return array( + array('config.update', array('version', '3.2.7')), + ); + } +} diff --git a/phpBB/phpbb/db/migration/data/v32x/v327rc1.php b/phpBB/phpbb/db/migration/data/v32x/v327rc1.php new file mode 100644 index 0000000000..c8169105af --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v32x/v327rc1.php @@ -0,0 +1,36 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v32x; + +class v327rc1 extends \phpbb\db\migration\migration +{ + public function effectively_installed() + { + return phpbb_version_compare($this->config['version'], '3.2.7-RC1', '>='); + } + + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v32x\v326', + ); + } + + public function update_data() + { + return array( + array('config.update', array('version', '3.2.7-RC1')), + ); + } +} diff --git a/phpBB/phpbb/db/tools/tools.php b/phpBB/phpbb/db/tools/tools.php index d21d34b8a9..c3352a1f66 100644 --- a/phpBB/phpbb/db/tools/tools.php +++ b/phpBB/phpbb/db/tools/tools.php @@ -576,7 +576,7 @@ class tools implements tools_interface { foreach ($indexes as $index_name) { - if (!$this->sql_index_exists($table, $index_name)) + if (!$this->sql_index_exists($table, $index_name) && !$this->sql_unique_index_exists($table, $index_name)) { continue; } diff --git a/phpBB/phpbb/event/md_exporter.php b/phpBB/phpbb/event/md_exporter.php index 085b20c234..1a2d7c989e 100644 --- a/phpBB/phpbb/event/md_exporter.php +++ b/phpBB/phpbb/event/md_exporter.php @@ -143,6 +143,8 @@ class md_exporter list($event_name, $details) = explode("\n===\n", $event, 2); $this->validate_event_name($event_name); + $sorted_events = [$this->current_event, $event_name]; + natsort($sorted_events); $this->current_event = $event_name; if (isset($this->events[$this->current_event])) @@ -150,6 +152,12 @@ class md_exporter throw new \LogicException("The event '{$this->current_event}' is defined multiple times"); } + // Use array_values() to get actual first element and check against natural order + if (array_values($sorted_events)[0] === $event_name) + { + throw new \LogicException("The event '{$sorted_events[1]}' should be defined before '{$sorted_events[0]}'"); + } + if (($this->filter == 'adm' && strpos($this->current_event, 'acp_') !== 0) || ($this->filter == 'styles' && strpos($this->current_event, 'acp_') === 0)) { @@ -381,9 +389,16 @@ class md_exporter $files = explode("\n + ", $file_details); foreach ($files as $file) { + if (!preg_match('#^([^ ]+)( \([0-9]+\))?$#', $file)) + { + throw new \LogicException("Invalid event instances for file '{$file}' found for event '{$this->current_event}'", 1); + } + + list($file) = explode(" ", $file); + if (!file_exists($this->path . $file) || substr($file, -5) !== '.html') { - throw new \LogicException("Invalid file '{$file}' not found for event '{$this->current_event}'", 1); + throw new \LogicException("Invalid file '{$file}' not found for event '{$this->current_event}'", 2); } if (($this->filter !== 'adm') && strpos($file, 'styles/prosilver/template/') === 0) @@ -396,7 +411,7 @@ class md_exporter } else { - throw new \LogicException("Invalid file '{$file}' not found for event '{$this->current_event}'", 2); + throw new \LogicException("Invalid file '{$file}' not found for event '{$this->current_event}'", 3); } $this->events_by_file[$file][] = $this->current_event; @@ -416,7 +431,7 @@ class md_exporter } else { - throw new \LogicException("Invalid file list found for event '{$this->current_event}'", 2); + throw new \LogicException("Invalid file list found for event '{$this->current_event}'", 1); } return $files_list; diff --git a/phpBB/phpbb/group/helper.php b/phpBB/phpbb/group/helper.php index 5befddfc53..aa3876b325 100644 --- a/phpBB/phpbb/group/helper.php +++ b/phpBB/phpbb/group/helper.php @@ -13,19 +13,74 @@ namespace phpbb\group; +use phpbb\auth\auth; +use phpbb\cache\service as cache; +use phpbb\config\config; +use phpbb\language\language; +use phpbb\event\dispatcher_interface; +use phpbb\path_helper; +use phpbb\user; + class helper { - /** @var \phpbb\language\language */ + /** @var auth */ + protected $auth; + + /** @var cache */ + protected $cache; + + /** @var config */ + protected $config; + + /** @var language */ protected $language; + /** @var dispatcher_interface */ + protected $dispatcher; + + /** @var path_helper */ + protected $path_helper; + + /** @var user */ + protected $user; + + /** @var string phpBB root path */ + protected $phpbb_root_path; + + /** @var array Return templates for a group name string */ + protected $name_strings; + /** * Constructor * - * @param \phpbb\language\language $language Language object + * @param auth $auth Authentication object + * @param cache $cache Cache service object + * @param config $config Configuration object + * @param language $language Language object + * @param dispatcher_interface $dispatcher Event dispatcher object + * @param path_helper $path_helper Path helper object + * @param user $user User object */ - public function __construct(\phpbb\language\language $language) + public function __construct(auth $auth, cache $cache, config $config, language $language, dispatcher_interface $dispatcher, path_helper $path_helper, user $user) { + $this->auth = $auth; + $this->cache = $cache; + $this->config = $config; $this->language = $language; + $this->dispatcher = $dispatcher; + $this->path_helper = $path_helper; + $this->user = $user; + + $this->phpbb_root_path = $path_helper->get_phpbb_root_path(); + + /** @html Group name spans and links for usage in the template */ + $this->name_strings = array( + 'base_url' => "{$path_helper->get_phpbb_root_path()}memberlist.{$path_helper->get_php_ext()}?mode=group&g={GROUP_ID}", + 'tpl_noprofile' => '<span class="username">{GROUP_NAME}</span>', + 'tpl_noprofile_colour' => '<span class="username-coloured" style="color: {GROUP_COLOUR};">{GROUP_NAME}</span>', + 'tpl_profile' => '<a class="username" href="{PROFILE_URL}">{GROUP_NAME}</a>', + 'tpl_profile_colour' => '<a class="username-coloured" href="{PROFILE_URL}" style="color: {GROUP_COLOUR};">{GROUP_NAME}</a>', + ); } /** @@ -37,4 +92,203 @@ class helper { return $this->language->is_set('G_' . utf8_strtoupper($group_name)) ? $this->language->lang('G_' . utf8_strtoupper($group_name)) : $group_name; } + + /** + * Get group name details for placing into templates. + * + * @html Group name spans and links + * + * @param string $mode Profile (for getting an url to the profile), + * group_name (for obtaining the group name), + * colour (for obtaining the group colour), + * full (for obtaining a coloured group name link to the group's profile), + * no_profile (the same as full but forcing no profile link) + * @param int $group_id The group id + * @param string $group_name The group name + * @param string $group_colour The group colour + * @param mixed $custom_profile_url optional parameter to specify a profile url. The group id gets appended to this url as &g={group_id} + * + * @return string A string consisting of what is wanted based on $mode. + */ + public function get_name_string($mode, $group_id, $group_name, $group_colour = '', $custom_profile_url = false) + { + $s_is_bots = ($group_name === 'BOTS'); + + // This switch makes sure we only run code required for the mode + switch ($mode) + { + case 'full': + case 'no_profile': + case 'colour': + + // Build correct group colour + $group_colour = $group_colour ? '#' . $group_colour : ''; + + // Return colour + if ($mode === 'colour') + { + $group_name_string = $group_colour; + break; + } + + // no break; + + case 'group_name': + + // Build correct group name + $group_name = $this->get_name($group_name); + + // Return group name + if ($mode === 'group_name') + { + $group_name_string = $group_name; + break; + } + + // no break; + + case 'profile': + + // Build correct profile url - only show if not anonymous and permission to view profile if registered user + // For anonymous the link leads to a login page. + if ($group_id && !$s_is_bots && ($this->user->data['user_id'] == ANONYMOUS || $this->auth->acl_get('u_viewprofile'))) + { + $profile_url = ($custom_profile_url !== false) ? $custom_profile_url . '&g=' . (int) $group_id : str_replace(array('={GROUP_ID}', '=%7BGROUP_ID%7D'), '=' . (int) $group_id, append_sid($this->name_strings['base_url'])); + } + else + { + $profile_url = ''; + } + + // Return profile + if ($mode === 'profile') + { + $group_name_string = $profile_url; + break; + } + + // no break; + } + + if (!isset($group_name_string)) + { + if (($mode === 'full' && empty($profile_url)) || $mode === 'no_profile' || $s_is_bots) + { + $group_name_string = str_replace(array('{GROUP_COLOUR}', '{GROUP_NAME}'), array($group_colour, $group_name), (!$group_colour) ? $this->name_strings['tpl_noprofile'] : $this->name_strings['tpl_noprofile_colour']); + } + else + { + $group_name_string = str_replace(array('{PROFILE_URL}', '{GROUP_COLOUR}', '{GROUP_NAME}'), array($profile_url, $group_colour, $group_name), (!$group_colour) ? $this->name_strings['tpl_profile'] : $this->name_strings['tpl_profile_colour']); + } + } + + $name_strings = $this->name_strings; + + /** + * Use this event to change the output of the group name + * + * @event core.modify_group_name_string + * @var string mode profile|group_name|colour|full|no_profile + * @var int group_id The group identifier + * @var string group_name The group name + * @var string group_colour The group colour + * @var string custom_profile_url Optional parameter to specify a profile url. + * @var string group_name_string The string that has been generated + * @var array name_strings Array of original return templates + * @since 3.2.8-RC1 + */ + $vars = array( + 'mode', + 'group_id', + 'group_name', + 'group_colour', + 'custom_profile_url', + 'group_name_string', + 'name_strings', + ); + extract($this->dispatcher->trigger_event('core.modify_group_name_string', compact($vars))); + + return $group_name_string; + } + + /** + * Get group rank title and image + * + * @html Group rank image element + * + * @param array $group_data The current stored group data + * + * @return array An associative array containing the rank title (title), + * the rank image as full img tag (img) and the rank image source (img_src) + */ + public function get_rank($group_data) + { + $group_rank_data = array( + 'title' => null, + 'img' => null, + 'img_src' => null, + ); + + /** + * Preparing a group's rank before displaying + * + * @event core.get_group_rank_before + * @var array group_data Array with group's data + * @since 3.2.8-RC1 + */ + + $vars = array('group_data'); + extract($this->dispatcher->trigger_event('core.get_group_rank_before', compact($vars))); + + if (!empty($group_data['group_rank'])) + { + // Only obtain ranks if group rank is set + $ranks = $this->cache->obtain_ranks(); + + if (isset($ranks['special'][$group_data['group_rank']])) + { + $rank = $ranks['special'][$group_data['group_rank']]; + + $group_rank_data['title'] = $rank['rank_title']; + + $group_rank_data['img_src'] = (!empty($rank['rank_image'])) ? $this->path_helper->update_web_root_path($this->phpbb_root_path . $this->config['ranks_path'] . '/' . $rank['rank_image']) : ''; + + /** @html Group rank image element for usage in the template */ + $group_rank_data['img'] = (!empty($rank['rank_image'])) ? '<img src="' . $group_rank_data['img_src'] . '" alt="' . $rank['rank_title'] . '" title="' . $rank['rank_title'] . '" />' : ''; + } + } + + /** + * Modify a group's rank before displaying + * + * @event core.get_group_rank_after + * @var array group_data Array with group's data + * @var array group_rank_data Group rank data + * @since 3.2.8-RC1 + */ + + $vars = array( + 'group_data', + 'group_rank_data', + ); + extract($this->dispatcher->trigger_event('core.get_group_rank_after', compact($vars))); + + return $group_rank_data; + } + + /** + * Get group avatar. + * Wrapper function for phpbb_get_group_avatar() + * + * @param array $group_row Row from the groups table + * @param string $alt Optional language string for alt tag within image, can be a language key or text + * @param bool $ignore_config Ignores the config-setting, to be still able to view the avatar in the UCP + * @param bool $lazy If true, will be lazy loaded (requires JS) + * + * @return string Avatar html + */ + function get_avatar($group_row, $alt = 'GROUP_AVATAR', $ignore_config = false, $lazy = false) + { + return phpbb_get_group_avatar($group_row, $alt, $ignore_config, $lazy); + } } diff --git a/phpBB/phpbb/install/helper/config.php b/phpBB/phpbb/install/helper/config.php index fad6749019..7eb0ae3b05 100644 --- a/phpBB/phpbb/install/helper/config.php +++ b/phpBB/phpbb/install/helper/config.php @@ -330,6 +330,8 @@ class config fwrite($fp, $file_content); fclose($fp); + // Enforce 0600 permission for install config + $this->filesystem->chmod([$this->install_config_file], 0600); } /** diff --git a/phpBB/phpbb/install/module/obtain_data/task/obtain_database_data.php b/phpBB/phpbb/install/module/obtain_data/task/obtain_database_data.php index dc7b060746..6ec1e612b9 100644 --- a/phpBB/phpbb/install/module/obtain_data/task/obtain_database_data.php +++ b/phpBB/phpbb/install/module/obtain_data/task/obtain_database_data.php @@ -78,10 +78,10 @@ class obtain_database_data extends \phpbb\install\task_base implements \phpbb\in $dbms = $this->io_handler->get_input('dbms', ''); $dbhost = $this->io_handler->get_input('dbhost', '', true); $dbport = $this->io_handler->get_input('dbport', ''); - $dbuser = $this->io_handler->get_input('dbuser', ''); - $dbpasswd = $this->io_handler->get_raw_input('dbpasswd', ''); - $dbname = $this->io_handler->get_input('dbname', ''); - $table_prefix = $this->io_handler->get_input('table_prefix', ''); + $dbuser = $this->io_handler->get_input('dbuser', '', true); + $dbpasswd = $this->io_handler->get_raw_input('dbpasswd', '', true); + $dbname = $this->io_handler->get_input('dbname', '', true); + $table_prefix = $this->io_handler->get_input('table_prefix', '', true); // Check database data $user_data_vaild = $this->check_database_data($dbms, $dbhost, $dbport, $dbuser, $dbpasswd, $dbname, $table_prefix); diff --git a/phpBB/phpbb/install/module/obtain_data/task/obtain_email_data.php b/phpBB/phpbb/install/module/obtain_data/task/obtain_email_data.php index e8a9c971b7..7cd0d7bf23 100644 --- a/phpBB/phpbb/install/module/obtain_data/task/obtain_email_data.php +++ b/phpBB/phpbb/install/module/obtain_data/task/obtain_email_data.php @@ -50,11 +50,11 @@ class obtain_email_data extends \phpbb\install\task_base implements \phpbb\insta // E-mail data $email_enable = $this->io_handler->get_input('email_enable', true); $smtp_delivery = $this->io_handler->get_input('smtp_delivery', ''); - $smtp_host = $this->io_handler->get_input('smtp_host', ''); + $smtp_host = $this->io_handler->get_input('smtp_host', '', true); $smtp_port = $this->io_handler->get_input('smtp_port', ''); $smtp_auth = $this->io_handler->get_input('smtp_auth', ''); - $smtp_user = $this->io_handler->get_input('smtp_user', ''); - $smtp_passwd = $this->io_handler->get_input('smtp_pass', ''); + $smtp_user = $this->io_handler->get_input('smtp_user', '', true); + $smtp_passwd = $this->io_handler->get_input('smtp_pass', '', true); $auth_methods = array('PLAIN', 'LOGIN', 'CRAM-MD5', 'DIGEST-MD5', 'POP-BEFORE-SMTP'); diff --git a/phpBB/phpbb/install/module/obtain_data/task/obtain_server_data.php b/phpBB/phpbb/install/module/obtain_data/task/obtain_server_data.php index 1ef70eae08..5096ce284e 100644 --- a/phpBB/phpbb/install/module/obtain_data/task/obtain_server_data.php +++ b/phpBB/phpbb/install/module/obtain_data/task/obtain_server_data.php @@ -79,9 +79,9 @@ class obtain_server_data extends \phpbb\install\task_base implements \phpbb\inst $cookie_secure = $this->io_handler->get_input('cookie_secure', $cookie_secure); $server_protocol = $this->io_handler->get_input('server_protocol', $server_protocol); $force_server_vars = $this->io_handler->get_input('force_server_vars', 0); - $server_name = $this->io_handler->get_input('server_name', $server_name); + $server_name = $this->io_handler->get_input('server_name', $server_name, true); $server_port = $this->io_handler->get_input('server_port', $server_port); - $script_path = $this->io_handler->get_input('script_path', $script_path); + $script_path = $this->io_handler->get_input('script_path', $script_path, true); // Clean up script path if ($script_path !== '/') diff --git a/phpBB/phpbb/install/module/obtain_data/task/obtain_update_ftp_data.php b/phpBB/phpbb/install/module/obtain_data/task/obtain_update_ftp_data.php index f31472fc58..3c17576c13 100644 --- a/phpBB/phpbb/install/module/obtain_data/task/obtain_update_ftp_data.php +++ b/phpBB/phpbb/install/module/obtain_data/task/obtain_update_ftp_data.php @@ -85,10 +85,10 @@ class obtain_update_ftp_data extends task_base $method = $methods[0]; } - $ftp_host = $this->iohandler->get_input('ftp_host', ''); - $ftp_user = $this->iohandler->get_input('ftp_user', ''); - $ftp_pass = htmlspecialchars_decode($this->iohandler->get_input('ftp_pass', '')); - $ftp_path = $this->iohandler->get_input('ftp_path', ''); + $ftp_host = $this->iohandler->get_input('ftp_host', '', true); + $ftp_user = $this->iohandler->get_input('ftp_user', '', true); + $ftp_pass = htmlspecialchars_decode($this->iohandler->get_input('ftp_pass', '', true)); + $ftp_path = $this->iohandler->get_input('ftp_path', '', true); $ftp_port = $this->iohandler->get_input('ftp_port', 21); $ftp_time = $this->iohandler->get_input('ftp_timeout', 10); diff --git a/phpBB/phpbb/message/admin_form.php b/phpBB/phpbb/message/admin_form.php index 96b8d3499e..ae1c1d8614 100644 --- a/phpBB/phpbb/message/admin_form.php +++ b/phpBB/phpbb/message/admin_form.php @@ -22,6 +22,9 @@ class admin_form extends form /** @var \phpbb\config\db_text */ protected $config_text; + /** @var \phpbb\event\dispatcher_interface */ + protected $dispatcher; + /** @var string */ protected $subject; /** @var string */ @@ -37,13 +40,15 @@ class admin_form extends form * @param \phpbb\config\db_text $config_text * @param \phpbb\db\driver\driver_interface $db * @param \phpbb\user $user + * @param \phpbb\event\dispatcher_interface $dispatcher * @param string $phpbb_root_path * @param string $phpEx */ - public function __construct(\phpbb\auth\auth $auth, \phpbb\config\config $config, \phpbb\config\db_text $config_text, \phpbb\db\driver\driver_interface $db, \phpbb\user $user, $phpbb_root_path, $phpEx) + public function __construct(\phpbb\auth\auth $auth, \phpbb\config\config $config, \phpbb\config\db_text $config_text, \phpbb\db\driver\driver_interface $db, \phpbb\user $user, \phpbb\event\dispatcher_interface $dispatcher, $phpbb_root_path, $phpEx) { parent::__construct($auth, $config, $db, $user, $phpbb_root_path, $phpEx); $this->config_text = $config_text; + $this->dispatcher = $dispatcher; } /** @@ -91,6 +96,29 @@ class admin_form extends form $this->errors[] = $this->user->lang['EMPTY_MESSAGE_EMAIL']; } + $subject = $this->subject; + $body = $this->body; + $errors = $this->errors; + + /** + * You can use this event to modify subject and/or body and add new errors. + * + * @event core.message_admin_form_submit_before + * @var string subject Message subject + * @var string body Message body + * @var array errors Form errors + * @since 3.2.6-RC1 + */ + $vars = [ + 'subject', + 'body', + 'errors', + ]; + extract($this->dispatcher->trigger_event('core.message_admin_form_submit_before', compact($vars))); + $this->subject = $subject; + $this->body = $body; + $this->errors = $errors; + if ($this->user->data['is_registered']) { $this->message->set_sender_from_user($this->user); diff --git a/phpBB/phpbb/notification/type/report_pm.php b/phpBB/phpbb/notification/type/report_pm.php index 7e53ffb3ca..444f98270d 100644 --- a/phpBB/phpbb/notification/type/report_pm.php +++ b/phpBB/phpbb/notification/type/report_pm.php @@ -142,13 +142,16 @@ class report_pm extends \phpbb\notification\type\pm */ public function get_email_template_variables() { - $user_data = $this->user_loader->get_user($this->get_data('reporter_id')); + $user_data = $this->user_loader->get_user($this->get_data('from_user_id')); return array( 'AUTHOR_NAME' => htmlspecialchars_decode($user_data['username']), 'SUBJECT' => htmlspecialchars_decode(censor_text($this->get_data('message_subject'))), - 'U_VIEW_REPORT' => generate_board_url() . "mcp.{$this->php_ext}?r={$this->item_parent_id}&i=pm_reports&mode=pm_report_details", + /** @deprecated 3.2.6-RC1 (to be removed in 4.0.0) use {SUBJECT} instead in report_pm.txt */ + 'TOPIC_TITLE' => htmlspecialchars_decode(censor_text($this->get_data('message_subject'))), + + 'U_VIEW_REPORT' => generate_board_url() . "/mcp.{$this->php_ext}?r={$this->item_parent_id}&i=pm_reports&mode=pm_report_details", ); } @@ -236,8 +239,10 @@ class report_pm extends \phpbb\notification\type\pm */ public function users_to_query() { - return array($this->get_data('reporter_id')); - } + return array( + $this->get_data('from_user_id'), + $this->get_data('reporter_id'), + ); } /** * {@inheritdoc} diff --git a/phpBB/phpbb/pagination.php b/phpBB/phpbb/pagination.php index 40af5eda6b..a7086f6691 100644 --- a/phpBB/phpbb/pagination.php +++ b/phpBB/phpbb/pagination.php @@ -46,7 +46,7 @@ class pagination /** * Generate a pagination link based on the url and the page information * - * @param string $base_url is url prepended to all links generated within the function + * @param string|array $base_url is url prepended to all links generated within the function * If you use page numbers inside your controller route, base_url should contains a placeholder (%d) * for the page. Also be sure to specify the pagination path information into the start_name argument * @param string $on_page is the page for which we want to generate the link @@ -69,7 +69,7 @@ class pagination * set $generate_page_link_override to the new URL value * * @event core.pagination_generate_page_link - * @var string base_url is url prepended to all links generated within the function + * @var string|array base_url is url prepended to all links generated within the function * If you use page numbers inside your controller route, base_url should contains a placeholder (%d) * for the page. Also be sure to specify the pagination path information into the start_name argument * @var string on_page is the page for which we want to generate the link @@ -120,7 +120,7 @@ class pagination * Generate template rendered pagination * Allows full control of rendering of pagination with the template * - * @param string $base_url is url prepended to all links generated within the function + * @param string|array $base_url is url prepended to all links generated within the function * If you use page numbers inside your controller route, base_url should contains a placeholder (%d) * for the page. Also be sure to specify the pagination path information into the start_name argument * @param string $block_var_name is the name assigned to the pagination data block within the template (example: <!-- BEGIN pagination -->) @@ -132,7 +132,7 @@ class pagination * @param int $start the item which should be considered currently active, used to determine the page we're on * @param bool $reverse_count determines whether we weight display of the list towards the start (false) or end (true) of the list * @param bool $ignore_on_page decides whether we enable an active (unlinked) item, used primarily for embedded lists - * @return null + * @return void */ public function generate_template_pagination($base_url, $block_var_name, $start_name, $num_items, $per_page, $start = 1, $reverse_count = false, $ignore_on_page = false) { diff --git a/phpBB/phpbb/search/fulltext_mysql.php b/phpBB/phpbb/search/fulltext_mysql.php index 137ed7433d..1105d0892f 100644 --- a/phpBB/phpbb/search/fulltext_mysql.php +++ b/phpBB/phpbb/search/fulltext_mysql.php @@ -188,7 +188,7 @@ class fulltext_mysql extends \phpbb\search\base } $sql = 'SHOW VARIABLES - LIKE \'ft\_%\''; + LIKE \'%ft\_%\''; $result = $this->db->sql_query($sql); $mysql_info = array(); @@ -198,8 +198,16 @@ class fulltext_mysql extends \phpbb\search\base } $this->db->sql_freeresult($result); - $this->config->set('fulltext_mysql_max_word_len', $mysql_info['ft_max_word_len']); - $this->config->set('fulltext_mysql_min_word_len', $mysql_info['ft_min_word_len']); + if ($engine === 'MyISAM') + { + $this->config->set('fulltext_mysql_max_word_len', $mysql_info['ft_max_word_len']); + $this->config->set('fulltext_mysql_min_word_len', $mysql_info['ft_min_word_len']); + } + else if ($engine === 'InnoDB') + { + $this->config->set('fulltext_mysql_max_word_len', $mysql_info['innodb_ft_max_token_size']); + $this->config->set('fulltext_mysql_min_word_len', $mysql_info['innodb_ft_min_token_size']); + } return false; } diff --git a/phpBB/phpbb/search/fulltext_native.php b/phpBB/phpbb/search/fulltext_native.php index 4172e2cc4f..c83de75eed 100644 --- a/phpBB/phpbb/search/fulltext_native.php +++ b/phpBB/phpbb/search/fulltext_native.php @@ -190,7 +190,7 @@ class fulltext_native extends \phpbb\search\base */ public function split_keywords($keywords, $terms) { - $tokens = '+-|()*'; + $tokens = '+-|()* '; $keywords = trim($this->cleanup($keywords, $tokens)); @@ -224,12 +224,10 @@ class fulltext_native extends \phpbb\search\base $keywords[$i] = '|'; break; case '*': - if ($i === 0 || ($keywords[$i - 1] !== '*' && strcspn($keywords[$i - 1], $tokens) === 0)) + // $i can never be 0 here since $open_bracket is initialised to false + if (strpos($tokens, $keywords[$i - 1]) !== false && ($i + 1 === $n || strpos($tokens, $keywords[$i + 1]) !== false)) { - if ($i === $n - 1 || ($keywords[$i + 1] !== '*' && strcspn($keywords[$i + 1], $tokens) === 0)) - { - $keywords = substr($keywords, 0, $i) . substr($keywords, $i + 1); - } + $keywords[$i] = '|'; } break; } @@ -264,7 +262,7 @@ class fulltext_native extends \phpbb\search\base } } - if ($open_bracket) + if ($open_bracket !== false) { $keywords .= ')'; } @@ -307,6 +305,20 @@ class fulltext_native extends \phpbb\search\base } } + // Remove non trailing wildcards from each word to prevent a full table scan (it's now using the database index) + $match = '#\*(?!$|\s)#'; + $replace = '$1'; + $keywords = preg_replace($match, $replace, $keywords); + + // Only allow one wildcard in the search query to limit the database load + $match = '#\*#'; + $replace = '$1'; + $count_wildcards = substr_count($keywords, '*'); + + // Reverse the string to remove all wildcards except the first one + $keywords = strrev(preg_replace($match, $replace, strrev($keywords), $count_wildcards - 1)); + unset($count_wildcards); + // set the search_query which is shown to the user $this->search_query = $keywords; @@ -409,8 +421,16 @@ class fulltext_native extends \phpbb\search\base { if (strpos($word_part, '*') !== false) { - $id_words[] = '\'' . $this->db->sql_escape(str_replace('*', '%', $word_part)) . '\''; - $non_common_words[] = $word_part; + $len = utf8_strlen(str_replace('*', '', $word_part)); + if ($len >= $this->word_length['min'] && $len <= $this->word_length['max']) + { + $id_words[] = '\'' . $this->db->sql_escape(str_replace('*', '%', $word_part)) . '\''; + $non_common_words[] = $word_part; + } + else + { + $this->common_words[] = $word_part; + } } else if (isset($words[$word_part])) { diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php index 80934dc411..31f32af7c4 100644 --- a/phpBB/phpbb/session.php +++ b/phpBB/phpbb/session.php @@ -1299,7 +1299,12 @@ class session trigger_error($message); } - return ($banned && $ban_row['ban_give_reason']) ? $ban_row['ban_give_reason'] : $banned; + if (!empty($ban_row)) + { + $ban_row['ban_triggered_by'] = $ban_triggered_by; + } + + return ($banned && $ban_row) ? $ban_row : $banned; } /** diff --git a/phpBB/phpbb/textformatter/s9e/link_helper.php b/phpBB/phpbb/textformatter/s9e/link_helper.php index 1e113b6449..483794a83e 100644 --- a/phpBB/phpbb/textformatter/s9e/link_helper.php +++ b/phpBB/phpbb/textformatter/s9e/link_helper.php @@ -60,8 +60,10 @@ class link_helper $length = $end - $start; $text = substr($parser->getText(), $start, $length); - // Create a tag that consumes the link's text - $parser->addSelfClosingTag('LINK_TEXT', $start, $length)->setAttribute('text', $text); + // Create a tag that consumes the link's text and make it depends on this tag + $link_text_tag = $parser->addSelfClosingTag('LINK_TEXT', $start, $length); + $link_text_tag->setAttribute('text', $text); + $tag->cascadeInvalidationTo($link_text_tag); } /** |