aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/phpbb
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/phpbb')
-rw-r--r--phpBB/phpbb/auth/provider/ldap.php2
-rw-r--r--phpBB/phpbb/avatar/driver/local.php4
-rw-r--r--phpBB/phpbb/avatar/driver/upload.php4
-rw-r--r--phpBB/phpbb/cache/driver/file.php14
-rw-r--r--phpBB/phpbb/captcha/plugins/qa.php62
-rw-r--r--phpBB/phpbb/content_visibility.php45
-rw-r--r--phpBB/phpbb/db/driver/mysqli.php3
-rw-r--r--phpBB/phpbb/event/kernel_terminate_subscriber.php2
-rw-r--r--phpBB/phpbb/notification/manager.php6
-rw-r--r--phpBB/phpbb/plupload/plupload.php2
-rw-r--r--phpBB/phpbb/search/fulltext_native.php19
-rw-r--r--phpBB/phpbb/session.php6
12 files changed, 109 insertions, 60 deletions
diff --git a/phpBB/phpbb/auth/provider/ldap.php b/phpBB/phpbb/auth/provider/ldap.php
index d32e7504eb..c71950c698 100644
--- a/phpBB/phpbb/auth/provider/ldap.php
+++ b/phpBB/phpbb/auth/provider/ldap.php
@@ -306,7 +306,7 @@ class ldap extends \phpbb\auth\provider\base
return array(
'TEMPLATE_FILE' => 'auth_provider_ldap.html',
'TEMPLATE_VARS' => array(
- 'AUTH_LDAP_DN' => $new_config['ldap_base_dn'],
+ 'AUTH_LDAP_BASE_DN' => $new_config['ldap_base_dn'],
'AUTH_LDAP_EMAIL' => $new_config['ldap_email'],
'AUTH_LDAP_PASSORD' => $new_config['ldap_password'],
'AUTH_LDAP_PORT' => $new_config['ldap_port'],
diff --git a/phpBB/phpbb/avatar/driver/local.php b/phpBB/phpbb/avatar/driver/local.php
index 8888686b2d..36087f8ba0 100644
--- a/phpBB/phpbb/avatar/driver/local.php
+++ b/phpBB/phpbb/avatar/driver/local.php
@@ -23,8 +23,10 @@ class local extends \phpbb\avatar\driver\driver
*/
public function get_data($row)
{
+ $root_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? generate_board_url() . '/' : $this->path_helper->get_web_root_path();
+
return array(
- 'src' => $this->path_helper->get_web_root_path() . $this->config['avatar_gallery_path'] . '/' . $row['avatar'],
+ 'src' => $root_path . $this->config['avatar_gallery_path'] . '/' . $row['avatar'],
'width' => $row['avatar_width'],
'height' => $row['avatar_height'],
);
diff --git a/phpBB/phpbb/avatar/driver/upload.php b/phpBB/phpbb/avatar/driver/upload.php
index 003b23659f..ee36243844 100644
--- a/phpBB/phpbb/avatar/driver/upload.php
+++ b/phpBB/phpbb/avatar/driver/upload.php
@@ -48,8 +48,10 @@ class upload extends \phpbb\avatar\driver\driver
*/
public function get_data($row, $ignore_config = false)
{
+ $root_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? generate_board_url() . '/' : $this->path_helper->get_web_root_path();
+
return array(
- 'src' => $this->path_helper->get_web_root_path() . 'download/file.' . $this->php_ext . '?avatar=' . $row['avatar'],
+ 'src' => $root_path . 'download/file.' . $this->php_ext . '?avatar=' . $row['avatar'],
'width' => $row['avatar_width'],
'height' => $row['avatar_height'],
);
diff --git a/phpBB/phpbb/cache/driver/file.php b/phpBB/phpbb/cache/driver/file.php
index fd5bce4515..9a7c4aec7f 100644
--- a/phpBB/phpbb/cache/driver/file.php
+++ b/phpBB/phpbb/cache/driver/file.php
@@ -279,6 +279,7 @@ class file extends \phpbb\cache\driver\base
if ($var_name[0] == '_')
{
global $phpEx;
+ $var_name = $this->clean_varname($var_name);
return file_exists($this->cache_dir . 'data' . $var_name . ".$phpEx");
}
else
@@ -334,6 +335,7 @@ class file extends \phpbb\cache\driver\base
{
global $phpEx;
+ $filename = $this->clean_varname($filename);
$file = "{$this->cache_dir}$filename.$phpEx";
$type = substr($filename, 0, strpos($filename, '_'));
@@ -516,6 +518,7 @@ class file extends \phpbb\cache\driver\base
{
global $phpEx;
+ $filename = $this->clean_varname($filename);
$file = "{$this->cache_dir}$filename.$phpEx";
$lock = new \phpbb\lock\flock($file);
@@ -584,4 +587,15 @@ class file extends \phpbb\cache\driver\base
return $return_value;
}
+
+ /**
+ * Replace slashes in the file name
+ *
+ * @param string $varname name of a cache variable
+ * @return string $varname name that is safe to use as a filename
+ */
+ protected function clean_varname($varname)
+ {
+ return str_replace('/', '-', $varname);
+ }
}
diff --git a/phpBB/phpbb/captcha/plugins/qa.php b/phpBB/phpbb/captcha/plugins/qa.php
index a7ba994cc3..04052b3406 100644
--- a/phpBB/phpbb/captcha/plugins/qa.php
+++ b/phpBB/phpbb/captcha/plugins/qa.php
@@ -125,7 +125,7 @@ class qa
*/
public function is_available()
{
- global $config, $db, $phpbb_root_path, $phpEx, $user;
+ global $config, $db, $user;
// load language file for pretty display in the ACP dropdown
$user->add_lang('captcha_qa');
@@ -263,7 +263,7 @@ class qa
*/
function garbage_collect($type = 0)
{
- global $db, $config;
+ global $db;
$sql = 'SELECT c.confirm_id
FROM ' . $this->table_qa_confirm . ' c
@@ -310,8 +310,6 @@ class qa
$db_tool = new \phpbb\db\tools($db);
- $tables = array($this->table_captcha_questions, $this->table_captcha_answers, $this->table_qa_confirm);
-
$schemas = array(
$this->table_captcha_questions => array (
'COLUMNS' => array(
@@ -366,7 +364,7 @@ class qa
*/
function validate()
{
- global $config, $db, $user;
+ global $user;
$error = '';
@@ -414,7 +412,7 @@ class qa
if (!sizeof($this->question_ids))
{
- return false;
+ return;
}
$this->confirm_id = md5(unique_id($user->ip));
$this->question = (int) array_rand($this->question_ids);
@@ -440,7 +438,7 @@ class qa
if (!sizeof($this->question_ids))
{
- return false;
+ return;
}
$this->question = (int) array_rand($this->question_ids);
@@ -611,8 +609,8 @@ class qa
*/
function acp_page($id, &$module)
{
- global $db, $user, $auth, $template;
- global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
+ global $user, $template;
+ global $config;
$user->add_lang('acp/board');
$user->add_lang('captcha_qa');
@@ -674,11 +672,7 @@ class qa
else
{
// okay, show the editor
- $error = false;
- $input_question = request_var('question_text', '', true);
- $input_answers = request_var('answers', '', true);
- $input_lang = request_var('lang_iso', '', true);
- $input_strict = request_var('strict', false);
+ $question_input = $this->acp_get_question_input();
$langs = $this->get_languages();
foreach ($langs as $lang => $entry)
@@ -697,13 +691,11 @@ class qa
{
if ($question = $this->acp_get_question_data($question_id))
{
- $answers = (isset($input_answers[$lang])) ? $input_answers[$lang] : implode("\n", $question['answers']);
-
$template->assign_vars(array(
- 'QUESTION_TEXT' => ($input_question) ? $input_question : $question['question_text'],
- 'LANG_ISO' => ($input_lang) ? $input_lang : $question['lang_iso'],
- 'STRICT' => (isset($_REQUEST['strict'])) ? $input_strict : $question['strict'],
- 'ANSWERS' => $answers,
+ 'QUESTION_TEXT' => ($question_input['question_text']) ? $question_input['question_text'] : $question['question_text'],
+ 'LANG_ISO' => ($question_input['lang_iso']) ? $question_input['lang_iso'] : $question['lang_iso'],
+ 'STRICT' => (isset($_REQUEST['strict'])) ? $question_input['strict'] : $question['strict'],
+ 'ANSWERS' => implode("\n", $question['answers']),
));
}
else
@@ -714,18 +706,16 @@ class qa
else
{
$template->assign_vars(array(
- 'QUESTION_TEXT' => $input_question,
- 'LANG_ISO' => $input_lang,
- 'STRICT' => $input_strict,
- 'ANSWERS' => $input_answers,
+ 'QUESTION_TEXT' => $question_input['question_text'],
+ 'LANG_ISO' => $question_input['lang_iso'],
+ 'STRICT' => $question_input['strict'],
+ 'ANSWERS' => (is_array($question_input['answers'])) ? implode("\n", $question_input['answers']) : '',
));
}
if ($submit && check_form_key($form_key))
{
- $data = $this->acp_get_question_input();
-
- if (!$this->validate_input($data))
+ if (!$this->validate_input($question_input))
{
$template->assign_vars(array(
'S_ERROR' => true,
@@ -735,11 +725,11 @@ class qa
{
if ($question_id)
{
- $this->acp_update_question($data, $question_id);
+ $this->acp_update_question($question_input, $question_id);
}
else
{
- $this->acp_add_question($data);
+ $this->acp_add_question($question_input);
}
add_log('admin', 'LOG_CONFIG_VISUAL');
@@ -819,6 +809,8 @@ class qa
return $question;
}
+
+ return false;
}
/**
@@ -827,13 +819,21 @@ class qa
function acp_get_question_input()
{
$answers = utf8_normalize_nfc(request_var('answers', '', true));
+
+ // Convert answers into array and filter if answers are set
+ if (strlen($answers))
+ {
+ $answers = array_filter(array_map('trim', explode("\n", $answers)), function ($value) {
+ return $value !== '';
+ });
+ }
+
$question = array(
'question_text' => request_var('question_text', '', true),
'strict' => request_var('strict', false),
'lang_iso' => request_var('lang_iso', ''),
- 'answers' => (strlen($answers)) ? explode("\n", $answers) : '',
+ 'answers' => $answers,
);
-
return $question;
}
diff --git a/phpBB/phpbb/content_visibility.php b/phpBB/phpbb/content_visibility.php
index ec73abc721..0ba0489cb7 100644
--- a/phpBB/phpbb/content_visibility.php
+++ b/phpBB/phpbb/content_visibility.php
@@ -45,7 +45,7 @@ class content_visibility
/**
* Event dispatcher object
- * @var \phpbb\event\dispatcher
+ * @var \phpbb\event\dispatcher_interface
*/
protected $phpbb_dispatcher;
@@ -66,7 +66,7 @@ class content_visibility
*
* @param \phpbb\auth\auth $auth Auth object
* @param \phpbb\config\config $config Config object
- * @param \phpbb\event\dispatcher $phpbb_dispatcher Event dispatcher object
+ * @param \phpbb\event\dispatcher_interface $phpbb_dispatcher Event dispatcher object
* @param \phpbb\db\driver\driver_interface $db Database object
* @param \phpbb\user $user User object
* @param string $phpbb_root_path Root path
@@ -76,7 +76,7 @@ class content_visibility
* @param string $topics_table Topics table name
* @param string $users_table Users table name
*/
- public function __construct(\phpbb\auth\auth $auth, \phpbb\config\config $config, \phpbb\event\dispatcher $phpbb_dispatcher, \phpbb\db\driver\driver_interface $db, \phpbb\user $user, $phpbb_root_path, $php_ext, $forums_table, $posts_table, $topics_table, $users_table)
+ public function __construct(\phpbb\auth\auth $auth, \phpbb\config\config $config, \phpbb\event\dispatcher_interface $phpbb_dispatcher, \phpbb\db\driver\driver_interface $db, \phpbb\user $user, $phpbb_root_path, $php_ext, $forums_table, $posts_table, $topics_table, $users_table)
{
$this->auth = $auth;
$this->config = $config;
@@ -143,12 +143,43 @@ class content_visibility
*/
public function get_visibility_sql($mode, $forum_id, $table_alias = '')
{
+ $where_sql = '';
+
+ $get_visibility_sql_overwrite = false;
+
+ /**
+ * Allow changing the result of calling get_visibility_sql
+ *
+ * @event core.phpbb_content_visibility_get_visibility_sql_before
+ * @var string where_sql Extra visibility conditions. It must end with either an SQL "AND" or an "OR"
+ * @var string mode Either "topic" or "post" depending on the query this is being used in
+ * @var array forum_id The forum id in which the search is made.
+ * @var string table_alias Table alias to prefix in SQL queries
+ * @var mixed get_visibility_sql_overwrite If a string, forces the function to return get_forums_visibility_sql_overwrite after executing the event
+ * If false, get_visibility_sql continues normally
+ * It must be either boolean or string
+ * @since 3.1.4-RC1
+ */
+ $vars = array(
+ 'where_sql',
+ 'mode',
+ 'forum_id',
+ 'table_alias',
+ 'get_visibility_sql_overwrite',
+ );
+ extract($this->phpbb_dispatcher->trigger_event('core.phpbb_content_visibility_get_visibility_sql_before', compact($vars)));
+
+ if ($get_visibility_sql_overwrite !== false)
+ {
+ return $get_visibility_sql_overwrite;
+ }
+
if ($this->auth->acl_get('m_approve', $forum_id))
{
- return '1 = 1';
+ return $where_sql . '1 = 1';
}
- return $table_alias . $mode . '_visibility = ' . ITEM_APPROVED;
+ return $where_sql . $table_alias . $mode . '_visibility = ' . ITEM_APPROVED;
}
/**
@@ -252,7 +283,7 @@ class content_visibility
* @event core.phpbb_content_visibility_get_global_visibility_before
* @var array where_sqls The action the user tried to execute
* @var string mode Either "topic" or "post" depending on the query this is being used in
- * @var array forum_ids Array of forum ids which the posts/topics are limited to
+ * @var array exclude_forum_ids Array of forum ids the current user doesn't have access to
* @var string table_alias Table alias to prefix in SQL queries
* @var array approve_forums Array of forums where the user has m_approve permissions
* @var string visibility_sql_overwrite Forces the function to return an implosion of where_sqls (joined by "OR")
@@ -261,7 +292,7 @@ class content_visibility
$vars = array(
'where_sqls',
'mode',
- 'forum_ids',
+ 'exclude_forum_ids',
'table_alias',
'approve_forums',
'visibility_sql_overwrite',
diff --git a/phpBB/phpbb/db/driver/mysqli.php b/phpBB/phpbb/db/driver/mysqli.php
index 2ed08211ad..c0ddfbf76c 100644
--- a/phpBB/phpbb/db/driver/mysqli.php
+++ b/phpBB/phpbb/db/driver/mysqli.php
@@ -34,8 +34,7 @@ class mysqli extends \phpbb\db\driver\mysql_base
return $this->sql_error('');
}
- // Mysqli extension supports persistent connection since PHP 5.3.0
- $this->persistency = (version_compare(PHP_VERSION, '5.3.0', '>=')) ? $persistency : false;
+ $this->persistency = $persistency;
$this->user = $sqluser;
// If persistent connection, set dbhost to localhost when empty and prepend it with 'p:' prefix
diff --git a/phpBB/phpbb/event/kernel_terminate_subscriber.php b/phpBB/phpbb/event/kernel_terminate_subscriber.php
index 57e4840380..3a709f73fd 100644
--- a/phpBB/phpbb/event/kernel_terminate_subscriber.php
+++ b/phpBB/phpbb/event/kernel_terminate_subscriber.php
@@ -35,7 +35,7 @@ class kernel_terminate_subscriber implements EventSubscriberInterface
public static function getSubscribedEvents()
{
return array(
- KernelEvents::TERMINATE => 'on_kernel_terminate',
+ KernelEvents::TERMINATE => array('on_kernel_terminate', ~PHP_INT_MAX),
);
}
}
diff --git a/phpBB/phpbb/notification/manager.php b/phpBB/phpbb/notification/manager.php
index aa52eb61d0..db92170dd8 100644
--- a/phpBB/phpbb/notification/manager.php
+++ b/phpBB/phpbb/notification/manager.php
@@ -38,7 +38,7 @@ class manager
/** @var \phpbb\config\config */
protected $config;
- /** @var \phpbb\event\dispatcher */
+ /** @var \phpbb\event\dispatcher_interface */
protected $phpbb_dispatcher;
/** @var \phpbb\db\driver\driver_interface */
@@ -73,7 +73,7 @@ class manager
* @param ContainerInterface $phpbb_container
* @param \phpbb\user_loader $user_loader
* @param \phpbb\config\config $config
- * @param \phpbb\event\dispatcher $phpbb_dispatcher
+ * @param \phpbb\event\dispatcher_interface $phpbb_dispatcher
* @param \phpbb\db\driver\driver_interface $db
* @param \phpbb\cache\service $cache
* @param \phpbb\user $user
@@ -85,7 +85,7 @@ class manager
*
* @return \phpbb\notification\manager
*/
- public function __construct($notification_types, $notification_methods, ContainerInterface $phpbb_container, \phpbb\user_loader $user_loader, \phpbb\config\config $config, \phpbb\event\dispatcher $phpbb_dispatcher, \phpbb\db\driver\driver_interface $db, \phpbb\cache\service $cache, $user, $phpbb_root_path, $php_ext, $notification_types_table, $notifications_table, $user_notifications_table)
+ public function __construct($notification_types, $notification_methods, ContainerInterface $phpbb_container, \phpbb\user_loader $user_loader, \phpbb\config\config $config, \phpbb\event\dispatcher_interface $phpbb_dispatcher, \phpbb\db\driver\driver_interface $db, \phpbb\cache\service $cache, $user, $phpbb_root_path, $php_ext, $notification_types_table, $notifications_table, $user_notifications_table)
{
$this->notification_types = $notification_types;
$this->notification_methods = $notification_methods;
diff --git a/phpBB/phpbb/plupload/plupload.php b/phpBB/phpbb/plupload/plupload.php
index 3c686a552f..fcce5b3bd8 100644
--- a/phpBB/phpbb/plupload/plupload.php
+++ b/phpBB/phpbb/plupload/plupload.php
@@ -326,7 +326,7 @@ class plupload
$tmp_file = $this->temporary_filepath($upload['tmp_name']);
- if (!move_uploaded_file($upload['tmp_name'], $tmp_file))
+ if (!phpbb_is_writable($this->temporary_directory) || !move_uploaded_file($upload['tmp_name'], $tmp_file))
{
$this->emit_error(103, 'PLUPLOAD_ERR_MOVE_UPLOADED');
}
diff --git a/phpBB/phpbb/search/fulltext_native.php b/phpBB/phpbb/search/fulltext_native.php
index 93ea46ca60..4d02dd1cbf 100644
--- a/phpBB/phpbb/search/fulltext_native.php
+++ b/phpBB/phpbb/search/fulltext_native.php
@@ -823,6 +823,13 @@ class fulltext_native extends \phpbb\search\base
);
}
+ // if using mysql and the total result count is not calculated yet, get it from the db
+ if (!$total_results && $is_mysql)
+ {
+ // Also count rows for the query as if there was not LIMIT. Add SQL_CALC_FOUND_ROWS to SQL
+ $sql_array['SELECT'] = 'SQL_CALC_FOUND_ROWS ' . $sql_array['SELECT'];
+ }
+
$sql_array['WHERE'] = implode(' AND ', $sql_where);
$sql_array['GROUP_BY'] = ($group_by) ? (($type == 'posts') ? 'p.post_id' : 'p.topic_id') . ', ' . $sort_by_sql[$sort_key] : '';
$sql_array['ORDER_BY'] = $sql_sort;
@@ -838,19 +845,9 @@ class fulltext_native extends \phpbb\search\base
}
$this->db->sql_freeresult($result);
- // if we use mysql and the total result count is not cached yet, retrieve it from the db
if (!$total_results && $is_mysql)
{
- // Count rows for the executed queries. Replace $select within $sql with SQL_CALC_FOUND_ROWS, and run it
- $sql_array_copy = $sql_array;
- $sql_array_copy['SELECT'] = 'SQL_CALC_FOUND_ROWS p.post_id ';
-
- $sql_calc = $this->db->sql_build_query('SELECT', $sql_array_copy);
- unset($sql_array_copy);
-
- $this->db->sql_query($sql_calc);
- $this->db->sql_freeresult($result);
-
+ // Get the number of results as calculated by MySQL
$sql_count = 'SELECT FOUND_ROWS() as total_results';
$result = $this->db->sql_query($sql_count);
$total_results = (int) $this->db->sql_fetchfield('total_results');
diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php
index 0a6a18ffbe..bedd581725 100644
--- a/phpBB/phpbb/session.php
+++ b/phpBB/phpbb/session.php
@@ -130,6 +130,10 @@ class session
$script_path .= (substr($script_path, -1, 1) == '/') ? '' : '/';
$root_script_path .= (substr($root_script_path, -1, 1) == '/') ? '' : '/';
+ $forum_id = $request->variable('f', 0);
+ // maximum forum id value is maximum value of mediumint unsigned column
+ $forum_id = ($forum_id > 0 && $forum_id < 16777215) ? $forum_id : 0;
+
$page_array += array(
'page_name' => $page_name,
'page_dir' => $page_dir,
@@ -139,7 +143,7 @@ class session
'root_script_path' => str_replace(' ', '%20', htmlspecialchars($root_script_path)),
'page' => $page,
- 'forum' => request_var('f', 0),
+ 'forum' => $forum_id,
);
return $page_array;
generated by cgit v1.2.1 (git 2.21.0) at 2025-07-20 02:23:48 +0000