diff options
Diffstat (limited to 'phpBB')
30 files changed, 364 insertions, 123 deletions
diff --git a/phpBB/adm/style/acp_users_signature.html b/phpBB/adm/style/acp_users_signature.html index fff75c993d..5b5c3ecf7f 100644 --- a/phpBB/adm/style/acp_users_signature.html +++ b/phpBB/adm/style/acp_users_signature.html @@ -87,7 +87,7 @@ </div> <!-- EVENT acp_users_signature_editor_buttons_after --> - <dl> + <dl class="responsive-columns"> <dt style="width: 90px;" id="color_palette_placeholder" data-orientation="v" data-height="12" data-width="15" data-bbcode="true"> </dt> <dd style="margin-{S_CONTENT_FLOW_BEGIN}: 90px;"><textarea name="signature" rows="10" cols="60" style="width: 95%;" onselect="storeCaret(this);" onclick="storeCaret(this);" onkeyup="storeCaret(this);" onfocus="initInsertions();" data-bbcode="true">{SIGNATURE}</textarea></dd> diff --git a/phpBB/adm/style/admin.css b/phpBB/adm/style/admin.css index 642d4e420e..3c7e378b2b 100644 --- a/phpBB/adm/style/admin.css +++ b/phpBB/adm/style/admin.css @@ -1045,6 +1045,14 @@ table.styles td.users, table td.mark { table.responsive.styles td:first-child > dfn, table.responsive td.actions > dfn { display: none !important; } + + .horizontal-palette td:nth-child(2n), .vertical-palette tr:nth-child(2n) { + display: none; + } + + .colour-palette a { + display: inline-block !important; + } } /* General form styles @@ -1353,6 +1361,10 @@ fieldset dt { border-left: 1px solid #CCCCCC; } +fieldset #color_palette_placeholder { + padding-top: 0; +} + fieldset dd { margin: 0 0 0 45%; padding: 0 0 0 5px; @@ -1419,6 +1431,10 @@ input:focus, textarea:focus { width: auto; } + fieldset .responsive-columns dt { + float: left; + } + .ltr fieldset dd { padding-left: 20px; } diff --git a/phpBB/adm/style/profilefields/bool.html b/phpBB/adm/style/profilefields/bool.html new file mode 100644 index 0000000000..f1d7ba75f4 --- /dev/null +++ b/phpBB/adm/style/profilefields/bool.html @@ -0,0 +1,7 @@ +<!-- BEGIN bool --> +<!-- IF bool.FIELD_LENGTH eq 1 --> + <!-- BEGIN options --><label for="{bool.FIELD_IDENT}_{bool.options.OPTION_ID}"><input type="radio" class="radio" name="{bool.FIELD_IDENT}" id="{bool.FIELD_IDENT}_{bool.options.OPTION_ID}" value="{bool.options.OPTION_ID}"{bool.options.CHECKED} /> {bool.options.VALUE}</label> <!-- END options --> +<!-- ELSE --> + <input type="checkbox" class="radio" name="{bool.FIELD_IDENT}" id="{bool.FIELD_IDENT}"<!-- IF bool.FIELD_VALUE --> checked="checked"<!-- ENDIF --> /> +<!-- ENDIF --> +<!-- END bool --> diff --git a/phpBB/adm/style/profilefields/date.html b/phpBB/adm/style/profilefields/date.html new file mode 100644 index 0000000000..5d5bc04ed6 --- /dev/null +++ b/phpBB/adm/style/profilefields/date.html @@ -0,0 +1,5 @@ +<!-- BEGIN date --> +<label for="{date.FIELD_IDENT}_day">{L_DAY}{L_COLON} <select name="{date.FIELD_IDENT}_day" id="{date.FIELD_IDENT}_day">{date.S_DAY_OPTIONS}</select></label> +<label for="{date.FIELD_IDENT}_month">{L_MONTH}{L_COLON} <select name="{date.FIELD_IDENT}_month" id="{date.FIELD_IDENT}_month">{date.S_MONTH_OPTIONS}</select></label> +<label for="{date.FIELD_IDENT}_year">{L_YEAR}{L_COLON} <select name="{date.FIELD_IDENT}_year" id="{date.FIELD_IDENT}_year">{date.S_YEAR_OPTIONS}</select></label> +<!-- END date --> diff --git a/phpBB/adm/style/profilefields/dropdown.html b/phpBB/adm/style/profilefields/dropdown.html new file mode 100644 index 0000000000..243b7039da --- /dev/null +++ b/phpBB/adm/style/profilefields/dropdown.html @@ -0,0 +1,5 @@ +<!-- BEGIN dropdown --> +<select name="{dropdown.FIELD_IDENT}" id="{dropdown.FIELD_IDENT}"> + <!-- BEGIN options --><option value="{dropdown.options.OPTION_ID}"{dropdown.options.SELECTED}>{dropdown.options.VALUE}</option><!-- END options --> +</select> +<!-- END dropdown --> diff --git a/phpBB/adm/style/profilefields/int.html b/phpBB/adm/style/profilefields/int.html new file mode 100644 index 0000000000..d047c254d8 --- /dev/null +++ b/phpBB/adm/style/profilefields/int.html @@ -0,0 +1,3 @@ +<!-- BEGIN int --> +<input type="number" min="{int.FIELD_MINLEN}" max="{int.FIELD_MAXLEN}" class="autowidth" name="{int.FIELD_IDENT}" id="{int.FIELD_IDENT}" size="{int.FIELD_LENGTH}" value="{int.FIELD_VALUE}" /> +<!-- END int --> diff --git a/phpBB/adm/style/profilefields/string.html b/phpBB/adm/style/profilefields/string.html new file mode 100644 index 0000000000..a8855f50d8 --- /dev/null +++ b/phpBB/adm/style/profilefields/string.html @@ -0,0 +1,3 @@ +<!-- BEGIN string --> +<input type="text" class="autowidth" name="{string.FIELD_IDENT}" id="{string.FIELD_IDENT}" size="{string.FIELD_LENGTH}" maxlength="{string.FIELD_MAXLEN}" value="{string.FIELD_VALUE}" /> +<!-- END string --> diff --git a/phpBB/adm/style/profilefields/text.html b/phpBB/adm/style/profilefields/text.html new file mode 100644 index 0000000000..6334b61926 --- /dev/null +++ b/phpBB/adm/style/profilefields/text.html @@ -0,0 +1,3 @@ +<!-- BEGIN text --> +<textarea name="{text.FIELD_IDENT}" id="{text.FIELD_IDENT}" rows="{text.FIELD_ROWS}" cols="{text.FIELD_COLS}">{text.FIELD_VALUE}</textarea> +<!-- END text --> diff --git a/phpBB/assets/javascript/core.js b/phpBB/assets/javascript/core.js index 5b8331bdce..4657af90ab 100644 --- a/phpBB/assets/javascript/core.js +++ b/phpBB/assets/javascript/core.js @@ -994,7 +994,8 @@ phpbb.colorPalette = function(dir, width, height) { numberList[3] = 'BF'; numberList[4] = 'FF'; - html += '<table style="width: auto;">'; + var table_class = (dir == 'h') ? 'horizontal-palette' : 'vertical-palette'; + html += '<table class="not-responsive colour-palette ' + table_class + '" style="width: auto;">'; for (r = 0; r < 5; r++) { if (dir == 'h') { diff --git a/phpBB/assets/javascript/plupload.js b/phpBB/assets/javascript/plupload.js index 91a9806955..3c2fc5c3cb 100644 --- a/phpBB/assets/javascript/plupload.js +++ b/phpBB/assets/javascript/plupload.js @@ -162,7 +162,7 @@ phpbb.plupload.insertRow = function(file) { var row = $(phpbb.plupload.rowTpl); row.attr('id', file.id); - row.find('.file-name').html(file.name); + row.find('.file-name').html(plupload.xmlEncode(file.name)); row.find('.file-size').html(plupload.formatSize(file.size)); if (phpbb.plupload.order == 'desc') { @@ -499,6 +499,8 @@ $('#file-list').on('click', '.file-error', function(e) { * Fires when an error occurs. */ uploader.bind('Error', function(up, error) { + error.file.name = plupload.xmlEncode(error.file.name); + // The error message that Plupload provides for these is vague, so we'll be more specific. if (error.code === plupload.FILE_EXTENSION_ERROR) { error.message = plupload.translate('Invalid file extension:') + ' ' + error.file.name; diff --git a/phpBB/docs/events.md b/phpBB/docs/events.md index c4e7bb031e..db7107b96d 100644 --- a/phpBB/docs/events.md +++ b/phpBB/docs/events.md @@ -484,6 +484,30 @@ viewtopic_body_postrow_custom_fields_before * Purpose: Add data before the custom fields on the user profile when viewing a post +viewtopic_body_postrow_post_after +=== +* Locations: + + styles/prosilver/template/viewtopic_body.html + + styles/subsilver2/template/viewtopic_body.html +* Since: 3.1.0-a4 +* Purpose: Add data after posts + +viewtopic_body_postrow_post_before +=== +* Locations: + + styles/prosilver/template/viewtopic_body.html + + styles/subsilver2/template/viewtopic_body.html +* Since: 3.1.0-a4 +* Purpose: Add data before posts + +viewtopic_body_topic_actions_before +=== +* Locations: + + styles/prosilver/template/viewtopic_body.html + + styles/subsilver2/template/viewtopic_body.html +* Since: 3.1.0-a4 +* Purpose: Add data before the topic actions buttons (after the posts sorting options) + viewtopic_topic_title_prepend === * Locations: diff --git a/phpBB/download/file.php b/phpBB/download/file.php index 7d39ee4821..163ab673b9 100644 --- a/phpBB/download/file.php +++ b/phpBB/download/file.php @@ -144,7 +144,8 @@ require($phpbb_root_path . 'includes/functions_download' . '.' . $phpEx); $download_id = request_var('id', 0); $topic_id = $request->variable('topic_id', 0); -$post_msg_id = $request->variable('post_msg_id', 0); +$post_id = $request->variable('post_id', 0); +$msg_id = $request->variable('msg_id', 0); $archive = $request->variable('archive', '.tar'); $mode = request_var('mode', ''); $thumbnail = request_var('t', false); @@ -163,17 +164,22 @@ if (!$config['allow_attachments'] && !$config['allow_pm_attach']) if ($download_id) { // Attachment id (only 1 attachment) - $sql_where = "attach_id = $download_id"; + $sql_where = 'attach_id = ' . $download_id; } -else if ($post_msg_id) +else if ($msg_id) { - // Post id or private message id (multiple attachments) - $sql_where = "post_msg_id = $post_msg_id AND is_orphan = 0"; + // Private message id (multiple attachments) + $sql_where = 'is_orphan = 0 AND in_message = 1 AND post_msg_id = ' . $msg_id; +} +else if ($post_id) +{ + // Post id (multiple attachments) + $sql_where = 'is_orphan = 0 AND in_message = 0 AND post_msg_id = ' . $post_id; } else if ($topic_id) { // Topic id (multiple attachments) - $sql_where = "topic_id = $topic_id AND is_orphan = 0"; + $sql_where = 'is_orphan = 0 AND topic_id = ' . $topic_id; } else { @@ -240,6 +246,20 @@ else if ($download_id) if (!$attachment['in_message']) { phpbb_download_handle_forum_auth($db, $auth, $attachment['topic_id']); + + $sql = 'SELECT forum_id, post_visibility + FROM ' . POSTS_TABLE . ' + WHERE post_id = ' . (int) $attachment['post_msg_id']; + $result = $db->sql_query($sql); + $post_row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + if (!$post_row || ($post_row['post_visibility'] != ITEM_APPROVED && !$auth->acl_get('m_approve', $post_row['forum_id']))) + { + // Attachment of a soft deleted post and the user is not allowed to see the post + send_status_line(404, 'Not Found'); + trigger_error('ERROR_NO_ATTACHMENT'); + } } else { @@ -251,7 +271,7 @@ else if ($download_id) $extensions = array(); if (!extension_allowed($row['forum_id'], $attachment['extension'], $extensions)) { - send_status_line(404, 'Forbidden'); + send_status_line(403, 'Forbidden'); trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension'])); } } @@ -328,23 +348,32 @@ else $archive = '.tar'; } - if ($post_msg_id) + $post_visibility = array(); + if ($msg_id) { - if ($attachment['in_message']) - { - $sql = 'SELECT message_subject AS attach_subject - FROM ' . PRIVMSGS_TABLE . " - WHERE msg_id = $post_msg_id"; - } - else - { - $sql = 'SELECT post_subject AS attach_subject, forum_id - FROM ' . POSTS_TABLE . " - WHERE post_id = $post_msg_id"; - } + $sql = 'SELECT message_subject AS attach_subject + FROM ' . PRIVMSGS_TABLE . " + WHERE msg_id = $msg_id"; + } + else if ($post_id) + { + $sql = 'SELECT post_subject AS attach_subject, forum_id, post_visibility + FROM ' . POSTS_TABLE . " + WHERE post_id = $post_id"; } else { + $sql = 'SELECT post_id, post_visibility + FROM ' . POSTS_TABLE . " + WHERE topic_id = $topic_id + AND post_attachment = 1"; + $result = $db->sql_query($sql); + while ($row = $db->sql_fetchrow($result)) + { + $post_visibility[(int) $row['post_id']] = (int) $row['post_visibility']; + } + $db->sql_freeresult($result); + $sql = 'SELECT topic_title AS attach_subject, forum_id FROM ' . TOPICS_TABLE . " WHERE topic_id = $topic_id"; @@ -361,7 +390,7 @@ else } $clean_name = phpbb_download_clean_filename($row['attach_subject']); - $suffix = '_' . (($post_msg_id) ? $post_msg_id : $topic_id) . '_' . $clean_name; + $suffix = '_' . (($msg_id) ? 'm' . $msg_id : (($post_id) ? 'p' . $post_id : 't' . $topic_id)) . '_' . $clean_name; $archive_name = 'attachments' . $suffix; $store_name = 'att_' . time() . '_' . unique_id(); @@ -379,13 +408,25 @@ else $extensions = array(); $files_added = 0; $forum_id = ($attachment['in_message']) ? false : (int) $row['forum_id']; - $disallowed = array(); + $disallowed_extension = array(); foreach ($attachments as $attach) { if (!extension_allowed($forum_id, $attach['extension'], $extensions)) { - $disallowed[$attach['extension']] = $attach['extension']; + $disallowed_extension[$attach['extension']] = $attach['extension']; + continue; + } + + if ($post_id && $row['post_visibility'] != ITEM_APPROVED && !$auth->acl_get('m_approve', $forum_id)) + { + // Attachment of a soft deleted post and the user is not allowed to see the post + continue; + } + + if ($topic_id && (!isset($post_visibility[$attach['post_msg_id']]) || $post_visibility[$attach['post_msg_id']] != ITEM_APPROVED) && !$auth->acl_get('m_approve', $forum_id)) + { + // Attachment of a soft deleted post and the user is not allowed to see the post continue; } @@ -409,12 +450,17 @@ else unlink($archive_path); - if (!$files_added) + if (!$files_added && !empty($disallowed_extension)) { // None of the attachments had a valid extension - $disallowed = implode($user->lang['COMMA_SEPARATOR'], $disallowed); - send_status_line(404, 'Forbidden'); - trigger_error($user->lang('EXTENSION_DISABLED_AFTER_POSTING', $disallowed)); + $disallowed_extension = implode($user->lang['COMMA_SEPARATOR'], $disallowed_extension); + send_status_line(403, 'Forbidden'); + trigger_error($user->lang('EXTENSION_DISABLED_AFTER_POSTING', $disallowed_extension)); + } + else if (!$files_added) + { + send_status_line(404, 'Not Found'); + trigger_error('ERROR_NO_ATTACHMENT'); } file_gc(); diff --git a/phpBB/includes/acp/acp_attachments.php b/phpBB/includes/acp/acp_attachments.php index b0b9fdbd15..958a6456c2 100644 --- a/phpBB/includes/acp/acp_attachments.php +++ b/phpBB/includes/acp/acp_attachments.php @@ -20,14 +20,37 @@ if (!defined('IN_PHPBB')) */ class acp_attachments { - var $u_action; - var $new_config; + /** @var \phpbb\db\driver\driver */ + protected $db; + + /** @var \phpbb\config\config */ + protected $config; + + /** @var ContainerBuilder */ + protected $phpbb_container; + + /** @var \phpbb\template\template */ + protected $template; + + /** @var \phpbb\user */ + protected $user; + + public $id; + public $u_action; + protected $new_config; function main($id, $mode) { global $db, $user, $auth, $template, $cache, $phpbb_container; global $config, $phpbb_admin_path, $phpbb_root_path, $phpEx; + $this->id = $id; + $this->db = $db; + $this->config = $config; + $this->template = $template; + $this->user = $user; + $this->phpbb_container = $phpbb_container; + $user->add_lang(array('posting', 'viewtopic', 'acp/attachments')); $error = $notify = array(); @@ -1082,9 +1105,26 @@ class acp_attachments } } + if ($action == 'stats') + { + $this->handle_stats_resync(); + } + + $stats_error = $this->check_stats_accuracy(); + + if ($stats_error) + { + $error[] = $stats_error; + + // Show option to resync stats + $this->template->assign_vars(array( + 'S_ACTION_OPTIONS' => $auth->acl_get('a_board'), + )); + } + $template->assign_vars(array( - 'S_MANAGE' => true) - ); + 'S_MANAGE' => true, + )); $start = request_var('start', 0); @@ -1107,66 +1147,11 @@ class acp_attachments $attachments_per_page = (int) $config['topics_per_page']; - // Handle files stats resync - $action = request_var('action', ''); - $resync_files_stats = false; - if ($action && $action = 'stats') - { - if (!confirm_box(true)) - { - confirm_box(false, $user->lang['RESYNC_FILES_STATS_CONFIRM'], build_hidden_fields(array( - 'i' => $id, - 'mode' => $mode, - 'action' => $action, - ))); - } - else - { - $resync_files_stats = true; - add_log('admin', 'LOG_RESYNC_FILES_STATS'); - } - } - - // Check if files stats are accurate - $sql = 'SELECT COUNT(attach_id) as num_files - FROM ' . ATTACHMENTS_TABLE . ' - WHERE is_orphan = 0'; - $result = $db->sql_query($sql, 600); - $num_files_real = (int) $db->sql_fetchfield('num_files'); - if ($resync_files_stats === true) - { - set_config('num_files', $num_files_real, true); - } - $db->sql_freeresult($result); - - $sql = 'SELECT SUM(filesize) as upload_dir_size - FROM ' . ATTACHMENTS_TABLE . ' - WHERE is_orphan = 0'; - $result = $db->sql_query($sql, 600); - $total_size_real = (float) $db->sql_fetchfield('upload_dir_size'); - if ($resync_files_stats === true) - { - set_config('upload_dir_size', $total_size_real, true); - } - $db->sql_freeresult($result); - - // Get current files stats - $num_files = (int) $config['num_files']; - $total_size = (float) $config['upload_dir_size']; - - // Issue warning message if files stats are inaccurate - if (($num_files != $num_files_real) || ($total_size != $total_size_real)) - { - $error[] = $user->lang('FILES_STATS_WRONG', (int) $num_files_real, get_formatted_filesize($total_size_real)); - - $template->assign_vars(array( - 'S_ACTION_OPTIONS' => ($auth->acl_get('a_board')) ? true : false, - 'U_ACTION' => $this->u_action,) - ); - } + $stats = $this->get_attachment_stats($limit_filetime); + $num_files = $stats['num_files']; + $total_size = $stats['upload_dir_size']; // Make sure $start is set to the last page if it exceeds the amount - $pagination = $phpbb_container->get('pagination'); $start = $pagination->validate_start($start, $attachments_per_page, $num_files); @@ -1283,6 +1268,89 @@ class acp_attachments } /** + * Get attachment file count and size of upload directory + * + * @param $limit string Additional limit for WHERE clause to filter stats by. + * @return array Returns array with stats: num_files and upload_dir_size + */ + public function get_attachment_stats($limit = '') + { + $sql = 'SELECT COUNT(a.attach_id) AS num_files, SUM(a.filesize) AS upload_dir_size + FROM ' . ATTACHMENTS_TABLE . " a + WHERE a.is_orphan = 0 + $limit"; + $result = $this->db->sql_query($sql); + $row = $this->db->sql_fetchrow($result); + $this->db->sql_freeresult($result); + + return array( + 'num_files' => (int) $row['num_files'], + 'upload_dir_size' => (float) $row['upload_dir_size'], + ); + } + + /** + * Set config attachment stat values + * + * @param $stats array Array of config key => value pairs to set. + * @return null + */ + public function set_attachment_stats($stats) + { + foreach ($stats as $key => $value) + { + $this->config->set($key, $value, true); + } + } + + /** + * Check accuracy of attachment statistics. + * + * @param $resync bool Resync stats if they're incorrect. + * @return bool|string Returns false if stats are correct or error message + * otherwise. + */ + public function check_stats_accuracy() + { + // Get fresh stats. + $stats = $this->get_attachment_stats(); + + // Get current files stats + $num_files = (int) $this->config['num_files']; + $total_size = (float) $this->config['upload_dir_size']; + + if (($num_files != $stats['num_files']) || ($total_size != $stats['upload_dir_size'])) + { + return $this->user->lang('FILES_STATS_WRONG', (int) $stats['num_files'], get_formatted_filesize($stats['upload_dir_size'])); + } + return false; + } + + /** + * Handle stats resync. + * + * @return null + */ + public function handle_stats_resync() + { + if (!confirm_box(true)) + { + confirm_box(false, $this->user->lang['RESYNC_FILES_STATS_CONFIRM'], build_hidden_fields(array( + 'i' => $this->id, + 'mode' => 'manage', + 'action' => 'stats', + ))); + } + else + { + $this->set_attachment_stats($this->get_attachment_stats()); + $log = $this->phpbb_container->get('log'); + $log->add('admin', $this->user->data['user_id'], $this->user->ip, 'LOG_RESYNC_FILES_STATS'); + } + + } + + /** * Build Select for category items */ function category_select($select_name, $group_id = false, $key = '') diff --git a/phpBB/includes/db/schema_data.php b/phpBB/includes/db/schema_data.php index 9d7153f6b6..0447895433 100644 --- a/phpBB/includes/db/schema_data.php +++ b/phpBB/includes/db/schema_data.php @@ -1119,6 +1119,8 @@ $schema_data['phpbb_users'] = array( 'user_password' => array('VCHAR_UNI', ''), 'user_passchg' => array('TIMESTAMP', 0), 'user_pass_convert' => array('BOOL', 0), + 'user_actkey' => array('VCHAR:32', ''), + 'user_newpasswd' => array('VCHAR_UNI', ''), 'user_email' => array('VCHAR_UNI:100', ''), 'user_email_hash' => array('BINT', 0), 'user_birthday' => array('VCHAR:10', ''), @@ -1173,8 +1175,6 @@ $schema_data['phpbb_users'] = array( 'user_msnm' => array('VCHAR_UNI', ''), 'user_jabber' => array('VCHAR_UNI', ''), 'user_website' => array('VCHAR_UNI:200', ''), - 'user_actkey' => array('VCHAR:32', ''), - 'user_newpasswd' => array('VCHAR_UNI:40', ''), 'user_form_salt' => array('VCHAR_UNI:32', ''), 'user_new' => array('BOOL', 1), 'user_reminded' => array('TINT:4', 0), diff --git a/phpBB/includes/functions_download.php b/phpBB/includes/functions_download.php index e7a1d2bff5..c895f7b54b 100644 --- a/phpBB/includes/functions_download.php +++ b/phpBB/includes/functions_download.php @@ -625,17 +625,29 @@ function phpbb_increment_downloads($db, $ids) */ function phpbb_download_handle_forum_auth($db, $auth, $topic_id) { - $sql = 'SELECT t.forum_id, f.forum_name, f.forum_password, f.parent_id - FROM ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . " f - WHERE t.topic_id = " . (int) $topic_id . " - AND t.forum_id = f.forum_id"; + $sql_array = array( + 'SELECT' => 't.topic_visibility, t.forum_id, f.forum_name, f.forum_password, f.parent_id', + 'FROM' => array( + TOPICS_TABLE => 't', + FORUMS_TABLE => 'f', + ), + 'WHERE' => 't.topic_id = ' . (int) $topic_id . ' + AND t.forum_id = f.forum_id', + ); + + $sql = $db->sql_build_query('SELECT', $sql_array); $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); - if ($auth->acl_get('u_download') && $auth->acl_get('f_download', $row['forum_id'])) + if ($row && $row['topic_visibility'] != ITEM_APPROVED && !$auth->acl_get('m_approve', $row['forum_id'])) { - if ($row && $row['forum_password']) + send_status_line(404, 'Not Found'); + trigger_error('ERROR_NO_ATTACHMENT'); + } + else if ($row && $auth->acl_get('u_download') && $auth->acl_get('f_download', $row['forum_id'])) + { + if ($row['forum_password']) { // Do something else ... ? login_forum_box($row); diff --git a/phpBB/includes/ucp/ucp_pm_viewmessage.php b/phpBB/includes/ucp/ucp_pm_viewmessage.php index f9e8e3155e..e513b8ade2 100644 --- a/phpBB/includes/ucp/ucp_pm_viewmessage.php +++ b/phpBB/includes/ucp/ucp_pm_viewmessage.php @@ -274,7 +274,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) // Display not already displayed Attachments for this post, we already parsed them. ;) if (isset($attachments) && sizeof($attachments)) { - $methods = phpbb_gen_download_links('post_msg_id', $msg_id, $phpbb_root_path, $phpEx); + $methods = phpbb_gen_download_links('msg_id', $msg_id, $phpbb_root_path, $phpEx); foreach ($methods as $method) { $template->assign_block_vars('dl_method', $method); diff --git a/phpBB/install/schemas/firebird_schema.sql b/phpBB/install/schemas/firebird_schema.sql index 937b06eaae..263ebb4490 100644 --- a/phpBB/install/schemas/firebird_schema.sql +++ b/phpBB/install/schemas/firebird_schema.sql @@ -1372,6 +1372,8 @@ CREATE TABLE phpbb_users ( user_password VARCHAR(255) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE, user_passchg INTEGER DEFAULT 0 NOT NULL, user_pass_convert INTEGER DEFAULT 0 NOT NULL, + user_actkey VARCHAR(32) CHARACTER SET NONE DEFAULT '' NOT NULL, + user_newpasswd VARCHAR(255) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE, user_email VARCHAR(100) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE, user_email_hash DOUBLE PRECISION DEFAULT 0 NOT NULL, user_birthday VARCHAR(10) CHARACTER SET NONE DEFAULT '' NOT NULL, @@ -1426,8 +1428,6 @@ CREATE TABLE phpbb_users ( user_msnm VARCHAR(255) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE, user_jabber VARCHAR(255) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE, user_website VARCHAR(200) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE, - user_actkey VARCHAR(32) CHARACTER SET NONE DEFAULT '' NOT NULL, - user_newpasswd VARCHAR(40) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE, user_form_salt VARCHAR(32) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE, user_new INTEGER DEFAULT 1 NOT NULL, user_reminded INTEGER DEFAULT 0 NOT NULL, diff --git a/phpBB/install/schemas/mssql_schema.sql b/phpBB/install/schemas/mssql_schema.sql index 5df33e8057..11309d67a5 100644 --- a/phpBB/install/schemas/mssql_schema.sql +++ b/phpBB/install/schemas/mssql_schema.sql @@ -1688,6 +1688,8 @@ CREATE TABLE [phpbb_users] ( [user_password] [varchar] (255) DEFAULT ('') NOT NULL , [user_passchg] [int] DEFAULT (0) NOT NULL , [user_pass_convert] [int] DEFAULT (0) NOT NULL , + [user_actkey] [varchar] (32) DEFAULT ('') NOT NULL , + [user_newpasswd] [varchar] (255) DEFAULT ('') NOT NULL , [user_email] [varchar] (100) DEFAULT ('') NOT NULL , [user_email_hash] [float] DEFAULT (0) NOT NULL , [user_birthday] [varchar] (10) DEFAULT ('') NOT NULL , @@ -1742,8 +1744,6 @@ CREATE TABLE [phpbb_users] ( [user_msnm] [varchar] (255) DEFAULT ('') NOT NULL , [user_jabber] [varchar] (255) DEFAULT ('') NOT NULL , [user_website] [varchar] (200) DEFAULT ('') NOT NULL , - [user_actkey] [varchar] (32) DEFAULT ('') NOT NULL , - [user_newpasswd] [varchar] (40) DEFAULT ('') NOT NULL , [user_form_salt] [varchar] (32) DEFAULT ('') NOT NULL , [user_new] [int] DEFAULT (1) NOT NULL , [user_reminded] [int] DEFAULT (0) NOT NULL , diff --git a/phpBB/install/schemas/mysql_40_schema.sql b/phpBB/install/schemas/mysql_40_schema.sql index e546c2e98f..16c26fac4a 100644 --- a/phpBB/install/schemas/mysql_40_schema.sql +++ b/phpBB/install/schemas/mysql_40_schema.sql @@ -981,6 +981,8 @@ CREATE TABLE phpbb_users ( user_password blob NOT NULL, user_passchg int(11) UNSIGNED DEFAULT '0' NOT NULL, user_pass_convert tinyint(1) UNSIGNED DEFAULT '0' NOT NULL, + user_actkey varbinary(32) DEFAULT '' NOT NULL, + user_newpasswd blob NOT NULL, user_email blob NOT NULL, user_email_hash bigint(20) DEFAULT '0' NOT NULL, user_birthday varbinary(10) DEFAULT '' NOT NULL, @@ -1035,8 +1037,6 @@ CREATE TABLE phpbb_users ( user_msnm blob NOT NULL, user_jabber blob NOT NULL, user_website blob NOT NULL, - user_actkey varbinary(32) DEFAULT '' NOT NULL, - user_newpasswd varbinary(120) DEFAULT '' NOT NULL, user_form_salt varbinary(96) DEFAULT '' NOT NULL, user_new tinyint(1) UNSIGNED DEFAULT '1' NOT NULL, user_reminded tinyint(4) DEFAULT '0' NOT NULL, diff --git a/phpBB/install/schemas/mysql_41_schema.sql b/phpBB/install/schemas/mysql_41_schema.sql index eec7b985b0..b345e1f474 100644 --- a/phpBB/install/schemas/mysql_41_schema.sql +++ b/phpBB/install/schemas/mysql_41_schema.sql @@ -981,6 +981,8 @@ CREATE TABLE phpbb_users ( user_password varchar(255) DEFAULT '' NOT NULL, user_passchg int(11) UNSIGNED DEFAULT '0' NOT NULL, user_pass_convert tinyint(1) UNSIGNED DEFAULT '0' NOT NULL, + user_actkey varchar(32) DEFAULT '' NOT NULL, + user_newpasswd varchar(255) DEFAULT '' NOT NULL, user_email varchar(100) DEFAULT '' NOT NULL, user_email_hash bigint(20) DEFAULT '0' NOT NULL, user_birthday varchar(10) DEFAULT '' NOT NULL, @@ -1035,8 +1037,6 @@ CREATE TABLE phpbb_users ( user_msnm varchar(255) DEFAULT '' NOT NULL, user_jabber varchar(255) DEFAULT '' NOT NULL, user_website varchar(200) DEFAULT '' NOT NULL, - user_actkey varchar(32) DEFAULT '' NOT NULL, - user_newpasswd varchar(40) DEFAULT '' NOT NULL, user_form_salt varchar(32) DEFAULT '' NOT NULL, user_new tinyint(1) UNSIGNED DEFAULT '1' NOT NULL, user_reminded tinyint(4) DEFAULT '0' NOT NULL, diff --git a/phpBB/install/schemas/oracle_schema.sql b/phpBB/install/schemas/oracle_schema.sql index ad8d354db9..b819ba2c59 100644 --- a/phpBB/install/schemas/oracle_schema.sql +++ b/phpBB/install/schemas/oracle_schema.sql @@ -1805,6 +1805,8 @@ CREATE TABLE phpbb_users ( user_password varchar2(765) DEFAULT '' , user_passchg number(11) DEFAULT '0' NOT NULL, user_pass_convert number(1) DEFAULT '0' NOT NULL, + user_actkey varchar2(32) DEFAULT '' , + user_newpasswd varchar2(765) DEFAULT '' , user_email varchar2(300) DEFAULT '' , user_email_hash number(20) DEFAULT '0' NOT NULL, user_birthday varchar2(10) DEFAULT '' , @@ -1859,8 +1861,6 @@ CREATE TABLE phpbb_users ( user_msnm varchar2(765) DEFAULT '' , user_jabber varchar2(765) DEFAULT '' , user_website varchar2(600) DEFAULT '' , - user_actkey varchar2(32) DEFAULT '' , - user_newpasswd varchar2(120) DEFAULT '' , user_form_salt varchar2(96) DEFAULT '' , user_new number(1) DEFAULT '1' NOT NULL, user_reminded number(4) DEFAULT '0' NOT NULL, diff --git a/phpBB/install/schemas/postgres_schema.sql b/phpBB/install/schemas/postgres_schema.sql index 4412e29d09..be8af3c873 100644 --- a/phpBB/install/schemas/postgres_schema.sql +++ b/phpBB/install/schemas/postgres_schema.sql @@ -1253,6 +1253,8 @@ CREATE TABLE phpbb_users ( user_password varchar(255) DEFAULT '' NOT NULL, user_passchg INT4 DEFAULT '0' NOT NULL CHECK (user_passchg >= 0), user_pass_convert INT2 DEFAULT '0' NOT NULL CHECK (user_pass_convert >= 0), + user_actkey varchar(32) DEFAULT '' NOT NULL, + user_newpasswd varchar(255) DEFAULT '' NOT NULL, user_email varchar(100) DEFAULT '' NOT NULL, user_email_hash INT8 DEFAULT '0' NOT NULL, user_birthday varchar(10) DEFAULT '' NOT NULL, @@ -1307,8 +1309,6 @@ CREATE TABLE phpbb_users ( user_msnm varchar(255) DEFAULT '' NOT NULL, user_jabber varchar(255) DEFAULT '' NOT NULL, user_website varchar(200) DEFAULT '' NOT NULL, - user_actkey varchar(32) DEFAULT '' NOT NULL, - user_newpasswd varchar(40) DEFAULT '' NOT NULL, user_form_salt varchar(32) DEFAULT '' NOT NULL, user_new INT2 DEFAULT '1' NOT NULL CHECK (user_new >= 0), user_reminded INT2 DEFAULT '0' NOT NULL, diff --git a/phpBB/install/schemas/sqlite_schema.sql b/phpBB/install/schemas/sqlite_schema.sql index 644cf775eb..717b242a57 100644 --- a/phpBB/install/schemas/sqlite_schema.sql +++ b/phpBB/install/schemas/sqlite_schema.sql @@ -952,6 +952,8 @@ CREATE TABLE phpbb_users ( user_password varchar(255) NOT NULL DEFAULT '', user_passchg INTEGER UNSIGNED NOT NULL DEFAULT '0', user_pass_convert INTEGER UNSIGNED NOT NULL DEFAULT '0', + user_actkey varchar(32) NOT NULL DEFAULT '', + user_newpasswd varchar(255) NOT NULL DEFAULT '', user_email varchar(100) NOT NULL DEFAULT '', user_email_hash bigint(20) NOT NULL DEFAULT '0', user_birthday varchar(10) NOT NULL DEFAULT '', @@ -1006,8 +1008,6 @@ CREATE TABLE phpbb_users ( user_msnm varchar(255) NOT NULL DEFAULT '', user_jabber varchar(255) NOT NULL DEFAULT '', user_website varchar(200) NOT NULL DEFAULT '', - user_actkey varchar(32) NOT NULL DEFAULT '', - user_newpasswd varchar(40) NOT NULL DEFAULT '', user_form_salt varchar(32) NOT NULL DEFAULT '', user_new INTEGER UNSIGNED NOT NULL DEFAULT '1', user_reminded tinyint(4) NOT NULL DEFAULT '0', diff --git a/phpBB/phpbb/db/migration/data/v310/passwords_p2.php b/phpBB/phpbb/db/migration/data/v310/passwords_p2.php new file mode 100644 index 0000000000..553e79403d --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v310/passwords_p2.php @@ -0,0 +1,40 @@ +<?php +/** +* +* @package migration +* @copyright (c) 2014 phpBB Group +* @license http://opensource.org/licenses/gpl-license.php GNU Public License v2 +* +*/ + +namespace phpbb\db\migration\data\v310; + +class passwords_p2 extends \phpbb\db\migration\migration +{ + static public function depends_on() + { + return array('\phpbb\db\migration\data\v310\passwords'); + } + + public function update_schema() + { + return array( + 'change_columns' => array( + $this->table_prefix . 'users' => array( + 'user_newpasswd' => array('VCHAR:255', ''), + ), + ), + ); + } + + public function revert_schema() + { + return array( + 'change_columns' => array( + $this->table_prefix . 'users' => array( + 'user_newpasswd' => array('VCHAR:40', ''), + ), + ), + ); + } +} diff --git a/phpBB/posting.php b/phpBB/posting.php index 902f1b2175..442e1d9782 100644 --- a/phpBB/posting.php +++ b/phpBB/posting.php @@ -42,7 +42,7 @@ $refresh = (isset($_POST['add_file']) || isset($_POST['delete_file']) || isset($ $mode = request_var('mode', ''); // If the user is not allowed to delete the post, we try to soft delete it, so we overwrite the mode here. -if ($mode == 'delete' && (($confirm && !$request->is_set_post('delete_permanent')) || !$auth->acl_get('m_delete', $forum_id))) +if ($mode == 'delete' && (($confirm && !$request->is_set_post('delete_permanent')) || !$auth->acl_gets('f_delete', 'm_delete', $forum_id))) { $mode = 'soft_delete'; } diff --git a/phpBB/styles/prosilver/template/viewtopic_body.html b/phpBB/styles/prosilver/template/viewtopic_body.html index 1818f9c3d8..d5c45e1dfe 100644 --- a/phpBB/styles/prosilver/template/viewtopic_body.html +++ b/phpBB/styles/prosilver/template/viewtopic_body.html @@ -107,12 +107,12 @@ {S_HIDDEN_FIELDS} </div> - </form> <hr /> <!-- ENDIF --> <!-- BEGIN postrow --> + <!-- EVENT viewtopic_body_postrow_post_before --> <!-- IF postrow.S_FIRST_UNREAD --><a id="unread"></a><!-- ENDIF --> <div id="p{postrow.POST_ID}" class="post <!-- IF postrow.S_ROW_COUNT is odd -->bg1<!-- ELSE -->bg2<!-- ENDIF --><!-- IF postrow.S_UNREAD_POST --> unreadpost<!-- ENDIF --><!-- IF postrow.S_POST_REPORTED --> reported<!-- ENDIF --><!-- IF postrow.S_POST_DELETED --> deleted<!-- ENDIF --><!-- IF postrow.S_ONLINE and not postrow.S_POST_HIDDEN --> online<!-- ENDIF -->"> <div class="inner"> @@ -271,6 +271,7 @@ </div> <hr class="divider" /> + <!-- EVENT viewtopic_body_postrow_post_after --> <!-- END postrow --> <!-- IF S_QUICK_REPLY --> <!-- INCLUDE quickreply_editor.html --> @@ -292,6 +293,7 @@ <hr /> <!-- ENDIF --> +<!-- EVENT viewtopic_body_topic_actions_before --> <div class="topic-actions"> <div class="buttons"> <!-- IF not S_IS_BOT and S_DISPLAY_REPLY_INFO --> diff --git a/phpBB/styles/prosilver/theme/responsive.css b/phpBB/styles/prosilver/theme/responsive.css index bfa2448296..a6bc52db52 100644 --- a/phpBB/styles/prosilver/theme/responsive.css +++ b/phpBB/styles/prosilver/theme/responsive.css @@ -303,20 +303,20 @@ dl.pmlist dd:first-of-type { display: none; } -#colour_palette table, #colour_palette tbody, #colour_palette tr { +.colour-palette, .colour-palette tbody, .colour-palette tr { display: block; } -#colour_palette td { +.colour-palette td { display: inline-block; margin-right: 2px; } -#colour_palette td:nth-child(2n) { +.horizontal-palette td:nth-child(2n), .vertical-palette tr:nth-child(2n) { display: none; } -#colour_palette a { +.colour-palette a { display: inline-block !important; } diff --git a/phpBB/styles/subsilver2/template/viewtopic_body.html b/phpBB/styles/subsilver2/template/viewtopic_body.html index 141a38a138..9ba71d78bc 100644 --- a/phpBB/styles/subsilver2/template/viewtopic_body.html +++ b/phpBB/styles/subsilver2/template/viewtopic_body.html @@ -127,6 +127,7 @@ </table> <!-- BEGIN postrow --> + <!-- EVENT viewtopic_body_postrow_post_before --> <table class="tablebg" width="100%" cellspacing="1"> <!-- IF postrow.S_FIRST_ROW --> <tr> @@ -338,6 +339,7 @@ <td class="spacer" colspan="2" height="1"><img src="images/spacer.gif" alt="" width="1" height="1" /></td> </tr> </table> + <!-- EVENT viewtopic_body_postrow_post_after --> <!-- END postrow --> <!-- IF not S_IS_BOT --> @@ -348,6 +350,8 @@ </table> <!-- ENDIF --> + <!-- EVENT viewtopic_body_topic_actions_before --> + <table width="100%" cellspacing="1"> <tr> <td align="{S_CONTENT_FLOW_BEGIN}" valign="middle" nowrap="nowrap"> diff --git a/phpBB/viewonline.php b/phpBB/viewonline.php index 68601b69b8..87813596fa 100644 --- a/phpBB/viewonline.php +++ b/phpBB/viewonline.php @@ -26,7 +26,7 @@ $session_id = request_var('s', ''); $start = request_var('start', 0); $sort_key = request_var('sk', 'b'); $sort_dir = request_var('sd', 'd'); -$show_guests= ($config['load_online_guests']) ? request_var('sg', 0) : 0; +$show_guests = ($config['load_online_guests']) ? request_var('sg', 0) : 0; // Can this user view profiles/memberlist? if (!$auth->acl_gets('u_viewprofile', 'a_user', 'a_useradd', 'a_userdel')) diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index 86ef331ac0..e02052a14d 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -1736,7 +1736,7 @@ for ($i = 0, $end = sizeof($post_list); $i < $end; ++$i) ); } - $methods = phpbb_gen_download_links('post_msg_id', $row['post_id'], $phpbb_root_path, $phpEx); + $methods = phpbb_gen_download_links('post_id', $row['post_id'], $phpbb_root_path, $phpEx); foreach ($methods as $method) { $template->assign_block_vars('postrow.dl_method', $method); |