diff options
Diffstat (limited to 'phpBB/phpbb')
| -rw-r--r-- | phpBB/phpbb/auth/provider/ldap.php | 2 | ||||
| -rw-r--r-- | phpBB/phpbb/cache/driver/file.php | 14 | ||||
| -rw-r--r-- | phpBB/phpbb/content_visibility.php | 45 | ||||
| -rw-r--r-- | phpBB/phpbb/db/driver/mysqli.php | 3 | ||||
| -rw-r--r-- | phpBB/phpbb/event/kernel_terminate_subscriber.php | 2 | ||||
| -rw-r--r-- | phpBB/phpbb/file_downloader.php | 2 | ||||
| -rw-r--r-- | phpBB/phpbb/notification/manager.php | 6 | ||||
| -rw-r--r-- | phpBB/phpbb/plupload/plupload.php | 2 | ||||
| -rw-r--r-- | phpBB/phpbb/search/fulltext_native.php | 19 | ||||
| -rw-r--r-- | phpBB/phpbb/session.php | 6 |
10 files changed, 73 insertions, 28 deletions
diff --git a/phpBB/phpbb/auth/provider/ldap.php b/phpBB/phpbb/auth/provider/ldap.php index d32e7504eb..c71950c698 100644 --- a/phpBB/phpbb/auth/provider/ldap.php +++ b/phpBB/phpbb/auth/provider/ldap.php @@ -306,7 +306,7 @@ class ldap extends \phpbb\auth\provider\base return array( 'TEMPLATE_FILE' => 'auth_provider_ldap.html', 'TEMPLATE_VARS' => array( - 'AUTH_LDAP_DN' => $new_config['ldap_base_dn'], + 'AUTH_LDAP_BASE_DN' => $new_config['ldap_base_dn'], 'AUTH_LDAP_EMAIL' => $new_config['ldap_email'], 'AUTH_LDAP_PASSORD' => $new_config['ldap_password'], 'AUTH_LDAP_PORT' => $new_config['ldap_port'], diff --git a/phpBB/phpbb/cache/driver/file.php b/phpBB/phpbb/cache/driver/file.php index fd5bce4515..9a7c4aec7f 100644 --- a/phpBB/phpbb/cache/driver/file.php +++ b/phpBB/phpbb/cache/driver/file.php @@ -279,6 +279,7 @@ class file extends \phpbb\cache\driver\base if ($var_name[0] == '_') { global $phpEx; + $var_name = $this->clean_varname($var_name); return file_exists($this->cache_dir . 'data' . $var_name . ".$phpEx"); } else @@ -334,6 +335,7 @@ class file extends \phpbb\cache\driver\base { global $phpEx; + $filename = $this->clean_varname($filename); $file = "{$this->cache_dir}$filename.$phpEx"; $type = substr($filename, 0, strpos($filename, '_')); @@ -516,6 +518,7 @@ class file extends \phpbb\cache\driver\base { global $phpEx; + $filename = $this->clean_varname($filename); $file = "{$this->cache_dir}$filename.$phpEx"; $lock = new \phpbb\lock\flock($file); @@ -584,4 +587,15 @@ class file extends \phpbb\cache\driver\base return $return_value; } + + /** + * Replace slashes in the file name + * + * @param string $varname name of a cache variable + * @return string $varname name that is safe to use as a filename + */ + protected function clean_varname($varname) + { + return str_replace('/', '-', $varname); + } } diff --git a/phpBB/phpbb/content_visibility.php b/phpBB/phpbb/content_visibility.php index c8516d6c85..700009da6a 100644 --- a/phpBB/phpbb/content_visibility.php +++ b/phpBB/phpbb/content_visibility.php @@ -45,7 +45,7 @@ class content_visibility /** * Event dispatcher object - * @var \phpbb\event\dispatcher + * @var \phpbb\event\dispatcher_interface */ protected $phpbb_dispatcher; @@ -66,7 +66,7 @@ class content_visibility * * @param \phpbb\auth\auth $auth Auth object * @param \phpbb\config\config $config Config object - * @param \phpbb\event\dispatcher $phpbb_dispatcher Event dispatcher object + * @param \phpbb\event\dispatcher_interface $phpbb_dispatcher Event dispatcher object * @param \phpbb\db\driver\driver_interface $db Database object * @param \phpbb\user $user User object * @param string $phpbb_root_path Root path @@ -76,7 +76,7 @@ class content_visibility * @param string $topics_table Topics table name * @param string $users_table Users table name */ - public function __construct(\phpbb\auth\auth $auth, \phpbb\config\config $config, \phpbb\event\dispatcher $phpbb_dispatcher, \phpbb\db\driver\driver_interface $db, \phpbb\user $user, $phpbb_root_path, $php_ext, $forums_table, $posts_table, $topics_table, $users_table) + public function __construct(\phpbb\auth\auth $auth, \phpbb\config\config $config, \phpbb\event\dispatcher_interface $phpbb_dispatcher, \phpbb\db\driver\driver_interface $db, \phpbb\user $user, $phpbb_root_path, $php_ext, $forums_table, $posts_table, $topics_table, $users_table) { $this->auth = $auth; $this->config = $config; @@ -143,12 +143,43 @@ class content_visibility */ public function get_visibility_sql($mode, $forum_id, $table_alias = '') { + $where_sql = ''; + + $get_visibility_sql_overwrite = false; + + /** + * Allow changing the result of calling get_visibility_sql + * + * @event core.phpbb_content_visibility_get_visibility_sql_before + * @var string where_sql Extra visibility conditions. It must end with either an SQL "AND" or an "OR" + * @var string mode Either "topic" or "post" depending on the query this is being used in + * @var array forum_id The forum id in which the search is made. + * @var string table_alias Table alias to prefix in SQL queries + * @var mixed get_visibility_sql_overwrite If a string, forces the function to return get_forums_visibility_sql_overwrite after executing the event + * If false, get_visibility_sql continues normally + * It must be either boolean or string + * @since 3.1.4-RC1 + */ + $vars = array( + 'where_sql', + 'mode', + 'forum_id', + 'table_alias', + 'get_visibility_sql_overwrite', + ); + extract($this->phpbb_dispatcher->trigger_event('core.phpbb_content_visibility_get_visibility_sql_before', compact($vars))); + + if ($get_visibility_sql_overwrite !== false) + { + return $get_visibility_sql_overwrite; + } + if ($this->auth->acl_get('m_approve', $forum_id)) { - return '1 = 1'; + return $where_sql . '1 = 1'; } - return $table_alias . $mode . '_visibility = ' . ITEM_APPROVED; + return $where_sql . $table_alias . $mode . '_visibility = ' . ITEM_APPROVED; } /** @@ -252,7 +283,7 @@ class content_visibility * @event core.phpbb_content_visibility_get_global_visibility_before * @var array where_sqls The action the user tried to execute * @var string mode Either "topic" or "post" depending on the query this is being used in - * @var array forum_ids Array of forum ids which the posts/topics are limited to + * @var array exclude_forum_ids Array of forum ids the current user doesn't have access to * @var string table_alias Table alias to prefix in SQL queries * @var array approve_forums Array of forums where the user has m_approve permissions * @var string visibility_sql_overwrite Forces the function to return an implosion of where_sqls (joined by "OR") @@ -261,7 +292,7 @@ class content_visibility $vars = array( 'where_sqls', 'mode', - 'forum_ids', + 'exclude_forum_ids', 'table_alias', 'approve_forums', 'visibility_sql_overwrite', diff --git a/phpBB/phpbb/db/driver/mysqli.php b/phpBB/phpbb/db/driver/mysqli.php index 2ed08211ad..c0ddfbf76c 100644 --- a/phpBB/phpbb/db/driver/mysqli.php +++ b/phpBB/phpbb/db/driver/mysqli.php @@ -34,8 +34,7 @@ class mysqli extends \phpbb\db\driver\mysql_base return $this->sql_error(''); } - // Mysqli extension supports persistent connection since PHP 5.3.0 - $this->persistency = (version_compare(PHP_VERSION, '5.3.0', '>=')) ? $persistency : false; + $this->persistency = $persistency; $this->user = $sqluser; // If persistent connection, set dbhost to localhost when empty and prepend it with 'p:' prefix diff --git a/phpBB/phpbb/event/kernel_terminate_subscriber.php b/phpBB/phpbb/event/kernel_terminate_subscriber.php index 57e4840380..3a709f73fd 100644 --- a/phpBB/phpbb/event/kernel_terminate_subscriber.php +++ b/phpBB/phpbb/event/kernel_terminate_subscriber.php @@ -35,7 +35,7 @@ class kernel_terminate_subscriber implements EventSubscriberInterface public static function getSubscribedEvents() { return array( - KernelEvents::TERMINATE => 'on_kernel_terminate', + KernelEvents::TERMINATE => array('on_kernel_terminate', ~PHP_INT_MAX), ); } } diff --git a/phpBB/phpbb/file_downloader.php b/phpBB/phpbb/file_downloader.php index ca8b1f4534..462b87ca51 100644 --- a/phpBB/phpbb/file_downloader.php +++ b/phpBB/phpbb/file_downloader.php @@ -91,7 +91,7 @@ class file_downloader } else { - throw new \RuntimeException('FSOCK_DISABLED'); + throw new \phpbb\exception\runtime_exception('FSOCK_DISABLED'); } } diff --git a/phpBB/phpbb/notification/manager.php b/phpBB/phpbb/notification/manager.php index aa52eb61d0..db92170dd8 100644 --- a/phpBB/phpbb/notification/manager.php +++ b/phpBB/phpbb/notification/manager.php @@ -38,7 +38,7 @@ class manager /** @var \phpbb\config\config */ protected $config; - /** @var \phpbb\event\dispatcher */ + /** @var \phpbb\event\dispatcher_interface */ protected $phpbb_dispatcher; /** @var \phpbb\db\driver\driver_interface */ @@ -73,7 +73,7 @@ class manager * @param ContainerInterface $phpbb_container * @param \phpbb\user_loader $user_loader * @param \phpbb\config\config $config - * @param \phpbb\event\dispatcher $phpbb_dispatcher + * @param \phpbb\event\dispatcher_interface $phpbb_dispatcher * @param \phpbb\db\driver\driver_interface $db * @param \phpbb\cache\service $cache * @param \phpbb\user $user @@ -85,7 +85,7 @@ class manager * * @return \phpbb\notification\manager */ - public function __construct($notification_types, $notification_methods, ContainerInterface $phpbb_container, \phpbb\user_loader $user_loader, \phpbb\config\config $config, \phpbb\event\dispatcher $phpbb_dispatcher, \phpbb\db\driver\driver_interface $db, \phpbb\cache\service $cache, $user, $phpbb_root_path, $php_ext, $notification_types_table, $notifications_table, $user_notifications_table) + public function __construct($notification_types, $notification_methods, ContainerInterface $phpbb_container, \phpbb\user_loader $user_loader, \phpbb\config\config $config, \phpbb\event\dispatcher_interface $phpbb_dispatcher, \phpbb\db\driver\driver_interface $db, \phpbb\cache\service $cache, $user, $phpbb_root_path, $php_ext, $notification_types_table, $notifications_table, $user_notifications_table) { $this->notification_types = $notification_types; $this->notification_methods = $notification_methods; diff --git a/phpBB/phpbb/plupload/plupload.php b/phpBB/phpbb/plupload/plupload.php index 3c686a552f..fcce5b3bd8 100644 --- a/phpBB/phpbb/plupload/plupload.php +++ b/phpBB/phpbb/plupload/plupload.php @@ -326,7 +326,7 @@ class plupload $tmp_file = $this->temporary_filepath($upload['tmp_name']); - if (!move_uploaded_file($upload['tmp_name'], $tmp_file)) + if (!phpbb_is_writable($this->temporary_directory) || !move_uploaded_file($upload['tmp_name'], $tmp_file)) { $this->emit_error(103, 'PLUPLOAD_ERR_MOVE_UPLOADED'); } diff --git a/phpBB/phpbb/search/fulltext_native.php b/phpBB/phpbb/search/fulltext_native.php index 93ea46ca60..4d02dd1cbf 100644 --- a/phpBB/phpbb/search/fulltext_native.php +++ b/phpBB/phpbb/search/fulltext_native.php @@ -823,6 +823,13 @@ class fulltext_native extends \phpbb\search\base ); } + // if using mysql and the total result count is not calculated yet, get it from the db + if (!$total_results && $is_mysql) + { + // Also count rows for the query as if there was not LIMIT. Add SQL_CALC_FOUND_ROWS to SQL + $sql_array['SELECT'] = 'SQL_CALC_FOUND_ROWS ' . $sql_array['SELECT']; + } + $sql_array['WHERE'] = implode(' AND ', $sql_where); $sql_array['GROUP_BY'] = ($group_by) ? (($type == 'posts') ? 'p.post_id' : 'p.topic_id') . ', ' . $sort_by_sql[$sort_key] : ''; $sql_array['ORDER_BY'] = $sql_sort; @@ -838,19 +845,9 @@ class fulltext_native extends \phpbb\search\base } $this->db->sql_freeresult($result); - // if we use mysql and the total result count is not cached yet, retrieve it from the db if (!$total_results && $is_mysql) { - // Count rows for the executed queries. Replace $select within $sql with SQL_CALC_FOUND_ROWS, and run it - $sql_array_copy = $sql_array; - $sql_array_copy['SELECT'] = 'SQL_CALC_FOUND_ROWS p.post_id '; - - $sql_calc = $this->db->sql_build_query('SELECT', $sql_array_copy); - unset($sql_array_copy); - - $this->db->sql_query($sql_calc); - $this->db->sql_freeresult($result); - + // Get the number of results as calculated by MySQL $sql_count = 'SELECT FOUND_ROWS() as total_results'; $result = $this->db->sql_query($sql_count); $total_results = (int) $this->db->sql_fetchfield('total_results'); diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php index 0a6a18ffbe..bedd581725 100644 --- a/phpBB/phpbb/session.php +++ b/phpBB/phpbb/session.php @@ -130,6 +130,10 @@ class session $script_path .= (substr($script_path, -1, 1) == '/') ? '' : '/'; $root_script_path .= (substr($root_script_path, -1, 1) == '/') ? '' : '/'; + $forum_id = $request->variable('f', 0); + // maximum forum id value is maximum value of mediumint unsigned column + $forum_id = ($forum_id > 0 && $forum_id < 16777215) ? $forum_id : 0; + $page_array += array( 'page_name' => $page_name, 'page_dir' => $page_dir, @@ -139,7 +143,7 @@ class session 'root_script_path' => str_replace(' ', '%20', htmlspecialchars($root_script_path)), 'page' => $page, - 'forum' => request_var('f', 0), + 'forum' => $forum_id, ); return $page_array; |