diff options
Diffstat (limited to 'phpBB')
42 files changed, 506 insertions, 205 deletions
diff --git a/phpBB/adm/style/acp_icons.html b/phpBB/adm/style/acp_icons.html index 9117052d87..f18dad0ef6 100644 --- a/phpBB/adm/style/acp_icons.html +++ b/phpBB/adm/style/acp_icons.html @@ -7,7 +7,7 @@ <script type="text/javascript" defer="defer"> // <![CDATA[ <!-- IF S_ADD_CODE --> - + var smiley = Array(); <!-- BEGIN smile --> smiley['{smile.SMILEY_URL}'] = Array(); @@ -37,10 +37,10 @@ } } } - + <!-- ENDIF --> - + function toggle_select(icon, display, select) { var disp = document.getElementById('order_disp_' + select); @@ -101,7 +101,7 @@ <tbody> <!-- BEGIN items --> <tr> - + <td style="text-align: center;"><img src="{items.IMG_SRC}" alt="" title="" /><input type="hidden" name="image[{items.IMG}]" value="1" /></td> <td style="vertical-align: top;">[{items.IMG}]</td> <!-- IF S_SMILIES --> @@ -121,7 +121,7 @@ <optgroup id="order_disp_{items.S_ROW_COUNT}" label="{L_DISPLAY_POSTING}" <!-- IF not items.POSTING_CHECKED -->disabled="disabled" class="disabled-options" <!-- ENDIF -->>{S_ORDER_LIST_DISPLAY}</optgroup> <optgroup id="order_no_disp_{items.S_ROW_COUNT}" label="{L_DISPLAY_POSTING_NO}" <!-- IF items.POSTING_CHECKED -->disabled="disabled" class="disabled-options" <!-- ENDIF -->>{S_ORDER_LIST_UNDISPLAY}</optgroup> </select></td> - <!-- ENDIF --> + <!-- ENDIF --> <!-- IF S_ADD --> <td><input type="checkbox" class="radio" name="add_img[{items.IMG}]" value="1" /></td> <!-- ENDIF --> @@ -147,6 +147,8 @@ </tr> <!-- ENDIF --> <!-- ELSE --> + </thead> + <tbody> <tr class="row3"> <td colspan="{COLSPAN}">{L_NO_ICONS}</td> </tr> @@ -174,7 +176,7 @@ <fieldset> <legend>{L_IMPORT}</legend> - + <!-- IF not S_PAK_OPTIONS --> <p>{L_NO_PAK_OPTIONS}</p> @@ -259,7 +261,7 @@ </table> <div class="pagination"> <!-- IF .pagination --> - <!-- INCLUDE pagination.html --> + <!-- INCLUDE pagination.html --> <!-- ENDIF --> </div> <p class="quick"> diff --git a/phpBB/config/routing.yml b/phpBB/config/routing.yml index d8e890d063..94146e1ec2 100644 --- a/phpBB/config/routing.yml +++ b/phpBB/config/routing.yml @@ -1,7 +1,7 @@ # Structure: # # foo_controller: -# pattern: /foo +# path: /foo # defaults: { _controller: foo_sevice:method } # # The above will be accessed via app.php?controller=foo and it will diff --git a/phpBB/config/services.yml b/phpBB/config/services.yml index 975f2f7580..8667cbbf84 100644 --- a/phpBB/config/services.yml +++ b/phpBB/config/services.yml @@ -109,6 +109,9 @@ services: filesystem: class: phpbb\filesystem + file_downloader: + class: phpbb\file_downloader + http_kernel: class: Symfony\Component\HttpKernel\HttpKernel arguments: @@ -181,4 +184,5 @@ services: arguments: - @cache - @config + - @file_downloader - @user diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index 4d96aa4981..5cf98e20fc 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -46,6 +46,7 @@ <ol> <li><a href="#changelog">Changelog</a> <ol style="list-style-type: lower-roman;"> + <li><a href="#v311">Changes since 3.1.1</a></li> <li><a href="#v310">Changes since 3.1.0</a></li> <li><a href="#v310RC6">Changes since 3.1.0-RC6</a></li> <li><a href="#v310RC5">Changes since 3.1.0-RC5</a></li> @@ -101,7 +102,88 @@ <div class="content"> - <a name="v310"></a><h3>1.i. Changes since 3.1.0</h3> + <a name="v311"></a><h3>1.i. Changes since 3.1.1</h3> + + <h4>Security</h4> + <ul> + <li>[SECURITY-171] - Version helper does not properly escape version info</li> + <li>[SECURITY-169] - AJAX request with unexpected referrer causes infinite loop</li> + </ul> + + <h4>Bug</h4> + <ul> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10442">PHPBB3-10442</a>] - XHTML is invalid when a forum link without redirect counter is present</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10744">PHPBB3-10744</a>] - Prevent user from installing styles with reserved directory names</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11863">PHPBB3-11863</a>] - User registration settings show incorrectly as disabled when board-wide emails are disabled</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12703">PHPBB3-12703</a>] - Notification System sends exact same SQL query multiple times</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13083">PHPBB3-13083</a>] - Language correction in NO_ENTRIES in acp_logs</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13100">PHPBB3-13100</a>] - Don't display "delete reason" dialog for shadow-topics</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13193">PHPBB3-13193</a>] - Post counts in Private Messages should link to the user's posts</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13197">PHPBB3-13197</a>] - Group Avatar not deleted from users</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13204">PHPBB3-13204</a>] - Login flood control error supresses incorrect credential error</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13209">PHPBB3-13209</a>] - Boolean (Yes/No) custom profile field doesn't show given name</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13216">PHPBB3-13216</a>] - Datetime tests fail randomly</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13228">PHPBB3-13228</a>] - "Code: Select all" font-size too big in Private Messages</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13239">PHPBB3-13239</a>] - Can´t upload Attachments on iOS</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13241">PHPBB3-13241</a>] - Topics are being duplicated in multipage forums</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13242">PHPBB3-13242</a>] - Validation error in Contact a Board Administrator</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13243">PHPBB3-13243</a>] - Debug error when clicking Re-check all versions on ACP manage extensions page</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13251">PHPBB3-13251</a>] - Database password containing special characters no longer accepted after upgrade to 3.1.0</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13253">PHPBB3-13253</a>] - MCP queue link in active topics search is missing</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13265">PHPBB3-13265</a>] - "Edit profile" link on view-own-profile page should only show if user has permission to edit</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13270">PHPBB3-13270</a>] - Upgrading from 3.0.12 to 3.1.1 does not display moderator soft delete permissions</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13277">PHPBB3-13277</a>] - Move Up & Down does not take work in Internet Explorer</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13280">PHPBB3-13280</a>] - $user->page['page'] - is invalid resulting in confirm_box() not working correctly</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13284">PHPBB3-13284</a>] - Message body not included in email topic message </li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13298">PHPBB3-13298</a>] - Use mysql_free_result to free result sets which were requested using mysql_query()</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13300">PHPBB3-13300</a>] - Jabber field still shown in profile when feature is disabled</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13301">PHPBB3-13301</a>] - Apache Authentication is probably broken</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13303">PHPBB3-13303</a>] - Migrator caught in loop calculating dependencies</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13315">PHPBB3-13315</a>] - Upgrade from 3.0.12 to 3.1.1 resets CAPTCHA selection</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13316">PHPBB3-13316</a>] - reCAPTCHA does not work on secured connection</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13318">PHPBB3-13318</a>] - login_username doesn't have multibyte parameter set to true</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13323">PHPBB3-13323</a>] - posting.php can pass invalid auth option to acl_get()</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13332">PHPBB3-13332</a>] - Insufficient information passed to password drivers for converted boards</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13337">PHPBB3-13337</a>] - Mark subforums read triggers error if subforums contain no topics</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13338">PHPBB3-13338</a>] - Some tests fail when run on their own</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13342">PHPBB3-13342</a>] - 310/captcha_plugins migration changes recaptcha to nogd</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13349">PHPBB3-13349</a>] - Incorrect entities used for breadcrumb separator in CSS</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13354">PHPBB3-13354</a>] - Unknown column 'topic_logs' in 'where clause' when deleting topic log in MCP</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13376">PHPBB3-13376</a>] - deregister_globals() does not work correctly when $_COOKIE['GLOBALS'] is specified</li> + </ul> + + <h4>Improvement</h4> + <ul> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12681">PHPBB3-12681</a>] - Cache the compiled routes and dump the url_generator</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12885">PHPBB3-12885</a>] - Wrong index page title when using Board Index text</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13023">PHPBB3-13023</a>] - [event] - Add Event posting_editor_buttons_custom_tags_before</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13133">PHPBB3-13133</a>] - Allow @vendor_extname in INCLUDECSS</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13182">PHPBB3-13182</a>] - [event] - Add posting.php core event to allow modifying the message before parsing</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13220">PHPBB3-13220</a>] - [event] - Add template events to memberlist_search.html</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13290">PHPBB3-13290</a>] - [event] - Add template event index_body_forumlist_body_after</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13294">PHPBB3-13294</a>] - [event] - Add message_parser.php core event for additional message handling before parsing</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13297">PHPBB3-13297</a>] - Add unicode modifier to url/email regular expression patterns</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13309">PHPBB3-13309</a>] - [event] - Add ACP template event acp_email_options_after</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13310">PHPBB3-13310</a>] - [event] - Add core event core.acp_email_modify_sql</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13326">PHPBB3-13326</a>] - Add viewtopic_url variable to a viewtopic event</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13328">PHPBB3-13328</a>] - [event] - Add event core.mcp_view_forum_modify_sql</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13347">PHPBB3-13347</a>] - [event] - Add new template events to acp_forums.html</li> + </ul> + + <h4>New Feature</h4> + <ul> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12962">PHPBB3-12962</a>] - Use phantomjs and webdriver for UI testing</li> + </ul> + + <h4>Task</h4> + <ul> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13324">PHPBB3-13324</a>] - Composer no longer downloads sami/sami and fabpot/goutte</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13325">PHPBB3-13325</a>] - Make installing dependencies for tests more user friendly or optional</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13331">PHPBB3-13331</a>] - Sami run as part of phing MUST NOT switch branches</li> + </ul> + + + <a name="v310"></a><h3>1.ii. Changes since 3.1.0</h3> <h4>Security</h4> <ul> @@ -119,7 +201,7 @@ <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13262">PHPBB3-13262</a>] - Add note to docs about htaccess file when upgrading 3.0 to 3.1</li> </ul> - <a name="v310RC6"></a><h3>1.i. Changes since 3.1.0-RC6</h3> + <a name="v310RC6"></a><h3>1.iii. Changes since 3.1.0-RC6</h3> <h4>Bug</h4> <ul> @@ -147,7 +229,7 @@ <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13215">PHPBB3-13215</a>] - Update Symfony Components to 2.3.21</li> </ul> - <a name="v310RC5"></a><h3>1.ii. Changes since 3.1.0-RC5</h3> + <a name="v310RC5"></a><h3>1.iv. Changes since 3.1.0-RC5</h3> <h4>Bug</h4> <ul> @@ -188,7 +270,7 @@ </ul> - <a name="v310RC4"></a><h3>1.iii. Changes since 3.1.0-RC4</h3> + <a name="v310RC4"></a><h3>1.v. Changes since 3.1.0-RC4</h3> <h4>Bug</h4> <ul> @@ -255,7 +337,7 @@ <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13123">PHPBB3-13123</a>] - Add events to allow post blocking and post pre/past processing</li> </ul> - <a name="v310RC3"></a><h3>1.iv. Changes since 3.1.0-RC3</h3> + <a name="v310RC3"></a><h3>1.vi. Changes since 3.1.0-RC3</h3> <h4>Bug</h4> <ul> @@ -345,7 +427,7 @@ </ul> - <a name="v310RC2"></a><h3>1.v. Changes since 3.1.0-RC2</h3> + <a name="v310RC2"></a><h3>1.vii. Changes since 3.1.0-RC2</h3> <h4>Bug</h4> <ul> @@ -469,7 +551,7 @@ <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12948">PHPBB3-12948</a>] - Remove Travis CI "broken opcache on PHP 5.5.7 and 5.5.8" workaround.</li> </ul> - <a name="v310RC1"></a><h3>1.vi. Changes since 3.1.0-RC1</h3> + <a name="v310RC1"></a><h3>1.viii. Changes since 3.1.0-RC1</h3> <h4>Bug</h4> <ul> @@ -540,7 +622,7 @@ <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12829">PHPBB3-12829</a>] - Remove check for pgsql 8.3/8.2</li> </ul> - <a name="v310b4"></a><h3>1.vii. Changes since 3.1.0-b4</h3> + <a name="v310b4"></a><h3>1.ix. Changes since 3.1.0-b4</h3> <h4>Bug</h4> <ul> @@ -660,7 +742,7 @@ </ul> - <a name="v310b3"></a><h3>1.viii. Changes since 3.1.0-b3</h3> + <a name="v310b3"></a><h3>1.x. Changes since 3.1.0-b3</h3> <h4>Bug</h4> <ul> @@ -767,7 +849,7 @@ </ul> - <a name="v310b2"></a><h3>1.ix. Changes since 3.1.0-b2</h3> + <a name="v310b2"></a><h3>1.xi. Changes since 3.1.0-b2</h3> <h4>Bug</h4> <ul> @@ -932,7 +1014,7 @@ </ul> - <a name="v310b1"></a><h3>1.x. Changes since 3.1.0-b1</h3> + <a name="v310b1"></a><h3>1.xii. Changes since 3.1.0-b1</h3> <h4>Bug</h4> <ul> @@ -1000,7 +1082,7 @@ <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12302">PHPBB3-12302</a>] - Upgrade composer.phar to 1.0.0-alpha8</li> </ul> - <a name="v310a3"></a><h3>1.xi. Changes since 3.1.0-a3</h3> + <a name="v310a3"></a><h3>1.xiii. Changes since 3.1.0-a3</h3> <h4>Bug</h4> <ul> @@ -1147,7 +1229,7 @@ </ul> - <a name="v310a2"></a><h3>1.xii. Changes since 3.1.0-a2</h3> + <a name="v310a2"></a><h3>1.xiv. Changes since 3.1.0-a2</h3> <h4>Bug</h4> <ul> @@ -1255,7 +1337,7 @@ <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12147">PHPBB3-12147</a>] - Remove Travis CI notification configuration</li> </ul> - <a name="v310a1"></a><h3>1.xiii. Changes since 3.1.0-a1</h3> + <a name="v310a1"></a><h3>1.xv. Changes since 3.1.0-a1</h3> <h4>Bug</h4> <ul> @@ -1331,7 +1413,7 @@ <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11998">PHPBB3-11998</a>] - Add console / command line client environment </li> </ul> - <a name="v30x"></a><h3>1.xiv. Changes since 3.0.x</h3> + <a name="v30x"></a><h3>1.xvi. Changes since 3.0.x</h3> <h4>Bug</h4> <ul> @@ -2012,7 +2094,7 @@ <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11913">PHPBB3-11913</a>] - Apply reorganisation of download.phpbb.com to build_announcement.php</li> </ul> - <a name="v3011"></a><h3>1.xv. Changes since 3.0.11</h3> + <a name="v3011"></a><h3>1.xvii. Changes since 3.0.11</h3> <h4>Bug</h4> <ul> @@ -2167,7 +2249,7 @@ <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11753">PHPBB3-11753</a>] - Upgrade mysql_upgrader.php schema data.</li> </ul> - <a name="v3010"></a><h3>1.xvi. Changes since 3.0.10</h3> + <a name="v3010"></a><h3>1.xviii. Changes since 3.0.10</h3> <h4>Bug</h4> <ul> @@ -2292,7 +2374,7 @@ <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10909">PHPBB3-10909</a>] - Update Travis Test Configuration: Travis no longer supports PHP 5.3.2</li> </ul> - <a name="v309"></a><h3>1.xvii. Changes since 3.0.9</h3> + <a name="v309"></a><h3>1.xix. Changes since 3.0.9</h3> <h4>Bug</h4> <ul> @@ -2428,7 +2510,7 @@ <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10480">PHPBB3-10480</a>] - Automate changelog building</li> </ul> - <a name="v308"></a><h3>1.xviii. Changes since 3.0.8</h3> + <a name="v308"></a><h3>1.xx. Changes since 3.0.8</h3> <h4> Bug </h4> @@ -2796,7 +2878,7 @@ </ul> - <a name="v307-PL1"></a><h3>1.xix. Changes since 3.0.7-PL1</h3> + <a name="v307-PL1"></a><h3>1.xxi. Changes since 3.0.7-PL1</h3> <h4> Security </h4> <ul> @@ -3254,13 +3336,13 @@ </ul> - <a name="v307"></a><h3>1.xx. Changes since 3.0.7</h3> + <a name="v307"></a><h3>1.xxii. Changes since 3.0.7</h3> <ul> <li>[Sec] Do not expose forum content of forums with ACL entries but no actual permission in ATOM Feeds. (Bug #58595)</li> </ul> - <a name="v306"></a><h3>1.xxi. Changes since 3.0.6</h3> + <a name="v306"></a><h3>1.xxiii. Changes since 3.0.6</h3> <ul> <li>[Fix] Allow ban reason and length to be selected and copied in ACP and subsilver2 MCP. (Bug #51095)</li> @@ -3364,7 +3446,7 @@ </ul> - <a name="v305"></a><h3>1.xxii. Changes since 3.0.5</h3> + <a name="v305"></a><h3>1.xxiv. Changes since 3.0.5</h3> <ul> <li>[Fix] Allow whitespaces in avatar gallery names. (Bug #44955)</li> @@ -3586,7 +3668,7 @@ <li>[Feature] Send anonymous statistical information to phpBB on installation and update (optional).</li> </ul> - <a name="v304"></a><h3>1.xxiii. Changes since 3.0.4</h3> + <a name="v304"></a><h3>1.xxv. Changes since 3.0.4</h3> <ul> <li>[Fix] Delete user entry from ban list table upon user deletion (Bug #40015 - Patch by TerraFrost)</li> @@ -3675,7 +3757,7 @@ <li>[Sec] Only use forum id supplied for posting if global announcement detected. (Reported by nickvergessen)</li> </ul> - <a name="v303"></a><h3>1.xxiv. Changes since 3.0.3</h3> + <a name="v303"></a><h3>1.xxvi. Changes since 3.0.3</h3> <ul> <li>[Fix] Allow mixed-case template directories to be inherited (Bug #36725)</li> @@ -3707,7 +3789,7 @@ <li>[Sec] Ask for forum password if post within passworded forum quoted in private message. (Reported by nickvergessen)</li> </ul> - <a name="v302"></a><h3>1.xxv. Changes since 3.0.2</h3> + <a name="v302"></a><h3>1.xxvii. Changes since 3.0.2</h3> <ul> <li>[Fix] Correctly set topic starter if first post in topic removed (Bug #30575 - Patch by blueray2048)</li> @@ -3806,7 +3888,7 @@ <li>[Sec Precaution] Stricter validation of the HTTP_HOST header (Thanks to Techie-Micheal et al for pointing out possible issues in derived code)</li> </ul> - <a name="v301"></a><h3>1.xxvi. Changes since 3.0.1</h3> + <a name="v301"></a><h3>1.xxviii. Changes since 3.0.1</h3> <ul> <li>[Fix] Ability to set permissions on non-mysql dbms (Bug #24955)</li> @@ -3854,7 +3936,7 @@ <li>[Sec] Only allow urls gone through redirect() being used within login_box(). (thanks nookieman)</li> </ul> - <a name="v300"></a><h3>1.xxvii. Changes since 3.0.0</h3> + <a name="v300"></a><h3>1.xxix. Changes since 3.0.0</h3> <ul> <li>[Change] Validate birthdays (Bug #15004)</li> @@ -3925,7 +4007,7 @@ <li>[Fix] Find and display colliding usernames correctly when converting from one database to another (Bug #23925)</li> </ul> - <a name="v30rc8"></a><h3>1.xxviii. Changes since 3.0.RC8</h3> + <a name="v30rc8"></a><h3>1.xxx. Changes since 3.0.RC8</h3> <ul> <li>[Fix] Cleaned usernames contain only single spaces, so "a_name" and "a__name" are treated as the same name (Bug #15634)</li> @@ -3934,7 +4016,7 @@ <li>[Fix] Call garbage_collection() within database updater to correctly close connections (affects Oracle for example)</li> </ul> - <a name="v30rc7"></a><h3>1.xxix. Changes since 3.0.RC7</h3> + <a name="v30rc7"></a><h3>1.xxxi. Changes since 3.0.RC7</h3> <ul> <li>[Fix] Fixed MSSQL related bug in the update system</li> @@ -3969,7 +4051,7 @@ <li>[Fix] No duplication of active topics (Bug #15474)</li> </ul> - <a name="v30rc6"></a><h3>1.xxx. Changes since 3.0.RC6</h3> + <a name="v30rc6"></a><h3>1.xxxii. Changes since 3.0.RC6</h3> <ul> <li>[Fix] Submitting language changes using acp_language (Bug #14736)</li> @@ -3979,7 +4061,7 @@ <li>[Fix] Able to request new password (Bug #14743)</li> </ul> - <a name="v30rc5"></a><h3>1.xxxi. Changes since 3.0.RC5</h3> + <a name="v30rc5"></a><h3>1.xxxiii. Changes since 3.0.RC5</h3> <ul> <li>[Feature] Removing constant PHPBB_EMBEDDED in favor of using an exit_handler(); the constant was meant to achive this more or less.</li> @@ -4042,7 +4124,7 @@ <li>[Sec] New password hashing mechanism for storing passwords (#i42)</li> </ul> - <a name="v30rc4"></a><h3>1.xxxii. Changes since 3.0.RC4</h3> + <a name="v30rc4"></a><h3>1.xxxiv. Changes since 3.0.RC4</h3> <ul> <li>[Fix] MySQL, PostgreSQL and SQLite related database fixes (Bug #13862)</li> @@ -4093,7 +4175,7 @@ <li>[Fix] odbc_autocommit causing existing result sets to be dropped (Bug #14182)</li> </ul> - <a name="v30rc3"></a><h3>1.xxxiii. Changes since 3.0.RC3</h3> + <a name="v30rc3"></a><h3>1.xxxv. Changes since 3.0.RC3</h3> <ul> <li>[Fix] Fixing some subsilver2 and prosilver style issues</li> @@ -4202,7 +4284,7 @@ </ul> - <a name="v30rc2"></a><h3>1.xxxiv. Changes since 3.0.RC2</h3> + <a name="v30rc2"></a><h3>1.xxxvi. Changes since 3.0.RC2</h3> <ul> <li>[Fix] Re-allow searching within the memberlist</li> @@ -4248,7 +4330,7 @@ </ul> - <a name="v30rc1"></a><h3>1.xxxv. Changes since 3.0.RC1</h3> + <a name="v30rc1"></a><h3>1.xxxvii. Changes since 3.0.RC1</h3> <ul> <li>[Fix] (X)HTML issues within the templates (Bug #11255, #11255)</li> diff --git a/phpBB/includes/acp/acp_email.php b/phpBB/includes/acp/acp_email.php index fe55b36e67..4fefd6bec3 100644 --- a/phpBB/includes/acp/acp_email.php +++ b/phpBB/includes/acp/acp_email.php @@ -26,7 +26,7 @@ class acp_email function main($id, $mode) { global $config, $db, $user, $auth, $template, $cache; - global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix; + global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix, $phpbb_dispatcher; $user->add_lang('acp/email'); $this->tpl_name = 'acp_email'; @@ -72,11 +72,15 @@ class acp_email if ($usernames) { // If giving usernames the admin is able to email inactive users too... - $sql = 'SELECT username, user_email, user_jabber, user_notify_type, user_lang - FROM ' . USERS_TABLE . ' - WHERE ' . $db->sql_in_set('username_clean', array_map('utf8_clean_string', explode("\n", $usernames))) . ' - AND user_allow_massemail = 1 - ORDER BY user_lang, user_notify_type'; // , SUBSTRING(user_email FROM INSTR(user_email, '@')) + $sql_ary = array( + 'SELECT' => 'username, user_email, user_jabber, user_notify_type, user_lang', + 'FROM' => array( + USERS_TABLE => '', + ), + 'WHERE' => $db->sql_in_set('username_clean', array_map('utf8_clean_string', explode("\n", $usernames))) . ' + AND user_allow_massemail = 1', + 'ORDER_BY' => 'user_lang, user_notify_type', + ); } else { @@ -123,8 +127,18 @@ class acp_email ), ); } - $sql = $db->sql_build_query('SELECT', $sql_ary); } + /** + * Modify sql query to change the list of users the email is sent to + * + * @event core.acp_email_modify_sql + * @var array sql_ary Array which is used to build the sql query + * @since 3.1.2-RC1 + */ + $vars = array('sql_ary'); + extract($phpbb_dispatcher->trigger_event('core.acp_email_modify_sql', compact($vars))); + + $sql = $db->sql_build_query('SELECT', $sql_ary); $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); diff --git a/phpBB/includes/acp/acp_extensions.php b/phpBB/includes/acp/acp_extensions.php index 9bdd8eb458..89fdc8b863 100644 --- a/phpBB/includes/acp/acp_extensions.php +++ b/phpBB/includes/acp/acp_extensions.php @@ -537,7 +537,7 @@ class acp_extensions $version_check = $meta['extra']['version-check']; - $version_helper = new \phpbb\version_helper($this->cache, $this->config, $this->user); + $version_helper = new \phpbb\version_helper($this->cache, $this->config, new \phpbb\file_downloader(), $this->user); $version_helper->set_current_version($meta['version']); $version_helper->set_file_location($version_check['host'], $version_check['directory'], $version_check['filename']); $version_helper->force_stability($this->config['extension_force_unstable'] ? 'unstable' : null); diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php index af3fd7937c..6bd27a8bca 100644 --- a/phpBB/includes/acp/acp_styles.php +++ b/phpBB/includes/acp/acp_styles.php @@ -29,14 +29,31 @@ class acp_styles protected $styles_path; protected $styles_path_absolute = 'styles'; protected $default_style = 0; + protected $styles_list_cols = 0; + protected $reserved_style_names = array('adm', 'admin', 'all'); + /** @var \phpbb\db\driver\driver_interface */ protected $db; + + /** @var \phpbb\user */ protected $user; + + /** @var \phpbb\template\template */ protected $template; + + /** @var \phpbb\request\request_interface */ protected $request; + + /** @var \phpbb\cache\driver\driver_interface */ protected $cache; + + /** @var \phpbb\auth\auth */ protected $auth; + + /** @var string */ protected $phpbb_root_path; + + /** @var string */ protected $php_ext; public function main($id, $mode) @@ -164,6 +181,12 @@ class acp_styles $last_installed = false; foreach ($dirs as $dir) { + if (in_array($dir, $this->reserved_style_names)) + { + $messages[] = $this->user->lang('STYLE_NAME_RESERVED', htmlspecialchars($dir)); + continue; + } + $found = false; foreach ($styles as &$style) { @@ -809,7 +832,7 @@ class acp_styles * Update styles tree * * @param array $styles Styles list, passed as reference - * @param array $style Current style, false if root + * @param array|false $style Current style, false if root * @return bool True if something was updated, false if not */ protected function update_styles_tree(&$styles, $style = false) @@ -1091,7 +1114,7 @@ class acp_styles /** * Install style * - * @param $style style data + * @param array $style style data * @return int Style id */ protected function install_style($style) diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index 2d4cb727a7..0ac9208aa4 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -28,7 +28,7 @@ if (!defined('IN_PHPBB')) */ // phpBB Version -define('PHPBB_VERSION', '3.1.2-RC1-dev'); +define('PHPBB_VERSION', '3.1.3-RC1-dev'); // QA-related // define('PHPBB_QA', 1); diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php index 5ddaf31cf5..0b9ea23fe7 100644 --- a/phpBB/includes/functions_admin.php +++ b/phpBB/includes/functions_admin.php @@ -2982,68 +2982,21 @@ function get_database_size() /** * Retrieve contents from remotely stored file +* +* @deprecated 3.1.2 Use file_downloader instead */ function get_remote_file($host, $directory, $filename, &$errstr, &$errno, $port = 80, $timeout = 6) { - global $user; - - if ($fsock = @fsockopen($host, $port, $errno, $errstr, $timeout)) - { - @fputs($fsock, "GET $directory/$filename HTTP/1.0\r\n"); - @fputs($fsock, "HOST: $host\r\n"); - @fputs($fsock, "Connection: close\r\n\r\n"); + global $phpbb_container; - $timer_stop = time() + $timeout; - stream_set_timeout($fsock, $timeout); - - $file_info = ''; - $get_info = false; - - while (!@feof($fsock)) - { - if ($get_info) - { - $file_info .= @fread($fsock, 1024); - } - else - { - $line = @fgets($fsock, 1024); - if ($line == "\r\n") - { - $get_info = true; - } - else if (stripos($line, '404 not found') !== false) - { - $errstr = $user->lang('FILE_NOT_FOUND', $filename); - return false; - } - } + // Get file downloader and assign $errstr and $errno + $file_downloader = $phpbb_container->get('file_downloader'); - $stream_meta_data = stream_get_meta_data($fsock); - - if (!empty($stream_meta_data['timed_out']) || time() >= $timer_stop) - { - $errstr = $user->lang['FSOCK_TIMEOUT']; - return false; - } - } - @fclose($fsock); - } - else - { - if ($errstr) - { - $errstr = utf8_convert_message($errstr); - return false; - } - else - { - $errstr = $user->lang['FSOCK_DISABLED']; - return false; - } - } + $file_data = $file_downloader->get($host, $directory, $filename, $port, $timeout); + $errstr = $file_downloader->get_error_string(); + $errno = $file_downloader->get_error_number(); - return $file_info; + return $file_data; } /* diff --git a/phpBB/includes/functions_content.php b/phpBB/includes/functions_content.php index 25ca50e8f1..87cf34bd9d 100644 --- a/phpBB/includes/functions_content.php +++ b/phpBB/includes/functions_content.php @@ -712,7 +712,7 @@ function make_clickable_callback($type, $whitespace, $url, $relative_url, $class break; } - $short_url = (strlen($url) > 55) ? substr($url, 0, 39) . ' ... ' . substr($url, -10) : $url; + $short_url = (utf8_strlen($url) > 55) ? utf8_substr($url, 0, 39) . ' ... ' . utf8_substr($url, -10) : $url; switch ($type) { @@ -788,28 +788,28 @@ function make_clickable($text, $server_url = false, $class = 'postlink') // relative urls for this board $magic_url_match_args[$server_url][] = array( - '#(^|[\n\t (>.])(' . preg_quote($server_url, '#') . ')/(' . get_preg_expression('relative_url_inline') . ')#i', + '#(^|[\n\t (>.])(' . preg_quote($server_url, '#') . ')/(' . get_preg_expression('relative_url_inline') . ')#iu', MAGIC_URL_LOCAL, $local_class, ); // matches a xxxx://aaaaa.bbb.cccc. ... $magic_url_match_args[$server_url][] = array( - '#(^|[\n\t (>.])(' . get_preg_expression('url_inline') . ')#i', + '#(^|[\n\t (>.])(' . get_preg_expression('url_inline') . ')#iu', MAGIC_URL_FULL, $class, ); // matches a "www.xxxx.yyyy[/zzzz]" kinda lazy URL thing $magic_url_match_args[$server_url][] = array( - '#(^|[\n\t (>])(' . get_preg_expression('www_url_inline') . ')#i', + '#(^|[\n\t (>])(' . get_preg_expression('www_url_inline') . ')#iu', MAGIC_URL_WWW, $class, ); // matches an email@domain type address at the start of a line, or after a space or after what might be a BBCode. $magic_url_match_args[$server_url][] = array( - '/(^|[\n\t (>])(' . get_preg_expression('email') . ')/i', + '/(^|[\n\t (>])(' . get_preg_expression('email') . ')/iu', MAGIC_URL_EMAIL, '', ); diff --git a/phpBB/includes/mcp/mcp_logs.php b/phpBB/includes/mcp/mcp_logs.php index 92dcdb5499..9c76f0df90 100644 --- a/phpBB/includes/mcp/mcp_logs.php +++ b/phpBB/includes/mcp/mcp_logs.php @@ -137,7 +137,7 @@ class mcp_logs if ($mode == 'topic_logs') { - $conditions['topic_logs'] = $topic_id; + $conditions['topic_id'] = $topic_id; } $phpbb_log->delete('mod', $conditions); diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index bc996cf275..12ef94c07a 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -313,7 +313,7 @@ class bbcode_firstpass extends bbcode $in = str_replace(' ', '%20', $in); // Checking urls - if (!preg_match('#^' . get_preg_expression('url') . '$#i', $in) && !preg_match('#^' . get_preg_expression('www_url') . '$#i', $in)) + if (!preg_match('#^' . get_preg_expression('url') . '$#i', $in) && !preg_match('#^' . get_preg_expression('www_url') . '$#iu', $in)) { return '[img]' . $in . '[/img]'; } @@ -381,8 +381,8 @@ class bbcode_firstpass extends bbcode $in = str_replace(' ', '%20', $in); // Make sure $in is a URL. - if (!preg_match('#^' . get_preg_expression('url') . '$#i', $in) && - !preg_match('#^' . get_preg_expression('www_url') . '$#i', $in)) + if (!preg_match('#^' . get_preg_expression('url') . '$#iu', $in) && + !preg_match('#^' . get_preg_expression('www_url') . '$#iu', $in)) { return '[flash=' . $width . ',' . $height . ']' . $in . '[/flash]'; } @@ -973,9 +973,9 @@ class bbcode_firstpass extends bbcode $url = str_replace(' ', '%20', $url); // Checking urls - if (preg_match('#^' . get_preg_expression('url') . '$#i', $url) || - preg_match('#^' . get_preg_expression('www_url') . '$#i', $url) || - preg_match('#^' . preg_quote(generate_board_url(), '#') . get_preg_expression('relative_url') . '$#i', $url)) + if (preg_match('#^' . get_preg_expression('url') . '$#iu', $url) || + preg_match('#^' . get_preg_expression('www_url') . '$#iu', $url) || + preg_match('#^' . preg_quote(generate_board_url(), '#') . get_preg_expression('relative_url') . '$#iu', $url)) { $valid = true; } diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php index 50fcd11bee..2885c80541 100644 --- a/phpBB/includes/startup.php +++ b/phpBB/includes/startup.php @@ -69,31 +69,13 @@ function deregister_globals() { if (isset($not_unset[$varname])) { - // Hacking attempt. No point in continuing unless it's a COOKIE (so a cookie called GLOBALS doesn't lock users out completely) - if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS'])) + // Hacking attempt. No point in continuing. + if (isset($_COOKIE[$varname])) { - exit; - } - else - { - $cookie = &$_COOKIE; - while (isset($cookie['GLOBALS'])) - { - if (!is_array($cookie['GLOBALS'])) - { - break; - } - - foreach ($cookie['GLOBALS'] as $registered_var => $value) - { - if (!isset($not_unset[$registered_var])) - { - unset($GLOBALS[$registered_var]); - } - } - $cookie = &$cookie['GLOBALS']; - } + echo "Clear your cookies. "; } + echo "Malicious variable name detected. Contact the administrator and ask them to disable register_globals."; + exit; } unset($GLOBALS[$varname]); diff --git a/phpBB/index.php b/phpBB/index.php index a36d74e0e9..df6932f6c0 100644 --- a/phpBB/index.php +++ b/phpBB/index.php @@ -185,7 +185,7 @@ $template->assign_vars(array( 'U_MCP' => ($auth->acl_get('m_') || $auth->acl_getf_global('m_')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main&mode=front', true, $user->session_id) : '') ); -$page_title = $user->lang['INDEX']; +$page_title = ($config['board_index_text'] !== '') ? $config['board_index_text'] : $user->lang['INDEX']; /** * You can use this event to modify the page title and load data for the index diff --git a/phpBB/install/convertors/convert_phpbb20.php b/phpBB/install/convertors/convert_phpbb20.php index effd72aeff..da53d2c143 100644 --- a/phpBB/install/convertors/convert_phpbb20.php +++ b/phpBB/install/convertors/convert_phpbb20.php @@ -38,7 +38,7 @@ $dbms = $phpbb_config_php_file->convert_30_dbms_to_31($dbms); $convertor_data = array( 'forum_name' => 'phpBB 2.0.x', 'version' => '1.0.3', - 'phpbb_version' => '3.1.1', + 'phpbb_version' => '3.1.2', 'author' => '<a href="https://www.phpbb.com/">phpBB Limited</a>', 'dbms' => $dbms, 'dbhost' => $dbhost, diff --git a/phpBB/install/schemas/schema_data.sql b/phpBB/install/schemas/schema_data.sql index 8fd163a81f..ea51e5df76 100644 --- a/phpBB/install/schemas/schema_data.sql +++ b/phpBB/install/schemas/schema_data.sql @@ -273,7 +273,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('tpl_allow_php', '0 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_icons_path', 'images/upload_icons'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_path', 'files'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('use_system_cron', '0'); -INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.1.2-RC1-dev'); +INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.1.3-RC1-dev'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_expire_days', '90'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_gc', '14400'); diff --git a/phpBB/language/en/acp/styles.php b/phpBB/language/en/acp/styles.php index 506d569d56..e6b05c8282 100644 --- a/phpBB/language/en/acp/styles.php +++ b/phpBB/language/en/acp/styles.php @@ -74,6 +74,7 @@ $lang = array_merge($lang, array( 'STYLE_INSTALLED_RETURN_INSTALLED_STYLES' => 'Return to installed styles list', 'STYLE_INSTALLED_RETURN_UNINSTALLED_STYLES' => 'Install more styles', 'STYLE_NAME' => 'Style name', + 'STYLE_NAME_RESERVED' => 'Style "%s" can not be installed, because the name is reserved.', 'STYLE_NOT_INSTALLED' => 'Style "%s" was not installed.', 'STYLE_PATH' => 'Style path', 'STYLE_UNINSTALL' => 'Uninstall', diff --git a/phpBB/language/en/memberlist.php b/phpBB/language/en/memberlist.php index b8c626d331..5605f8f4b5 100644 --- a/phpBB/language/en/memberlist.php +++ b/phpBB/language/en/memberlist.php @@ -48,7 +48,7 @@ $lang = array_merge($lang, array( 'BEFORE' => 'Before', - 'CC_EMAIL' => 'Send a copy of this email to yourself.', + 'CC_SENDER' => 'Send a copy of this email to yourself.', 'CONTACT_ADMIN' => 'Contact a Board Administrator', 'DEST_LANG' => 'Language', diff --git a/phpBB/language/en/search.php b/phpBB/language/en/search.php index ec5dd99eb8..13e5bf7a97 100644 --- a/phpBB/language/en/search.php +++ b/phpBB/language/en/search.php @@ -71,6 +71,7 @@ $lang = array_merge($lang, array( 'NO_RECENT_SEARCHES' => 'No searches have been carried out recently.', 'NO_SEARCH' => 'Sorry but you are not permitted to use the search system.', 'NO_SEARCH_RESULTS' => 'No suitable matches were found.', + 'NO_SEARCH_LOAD' => 'Sorry but you cannot use search at this time. The server has high load. Please try again later.', 'NO_SEARCH_TIME' => array( 1 => 'Sorry but you cannot use search at this time. Please try again in %d second.', 2 => 'Sorry but you cannot use search at this time. Please try again in %d seconds.', diff --git a/phpBB/phpbb/auth/provider/db.php b/phpBB/phpbb/auth/provider/db.php index ba67c11e75..d8c5fb72de 100644 --- a/phpBB/phpbb/auth/provider/db.php +++ b/phpBB/phpbb/auth/provider/db.php @@ -232,7 +232,7 @@ class db extends \phpbb\auth\provider\base // Give status about wrong password... return array( 'status' => ($show_captcha) ? LOGIN_ERROR_ATTEMPTS : LOGIN_ERROR_PASSWORD, - 'error_msg' => ($show_captcha) ? 'LOGIN_ERROR_ATTEMPTS' : 'LOGIN_ERROR_PASSWORD', + 'error_msg' => 'LOGIN_ERROR_PASSWORD', 'user_row' => $row, ); } diff --git a/phpBB/phpbb/avatar/manager.php b/phpBB/phpbb/avatar/manager.php index 42ae61a9a2..8d83152ed6 100644 --- a/phpBB/phpbb/avatar/manager.php +++ b/phpBB/phpbb/avatar/manager.php @@ -326,17 +326,41 @@ class manager $driver->delete($avatar_data); } - $result = self::$default_row; + $result = $this->prefix_avatar_columns($prefix, self::$default_row); - foreach ($result as $key => $value) + $sql = 'UPDATE ' . $table . ' + SET ' . $db->sql_build_array('UPDATE', $result) . ' + WHERE ' . $prefix . 'id = ' . (int) $avatar_data['id']; + $db->sql_query($sql); + + // Make sure we also delete this avatar from the users + if ($prefix === 'group_') { - $result[$prefix . $key] = $value; - unset($result[$key]); + $result = $this->prefix_avatar_columns('user_', self::$default_row); + + $sql = 'UPDATE ' . USERS_TABLE . ' + SET ' . $db->sql_build_array('UPDATE', $result) . " + WHERE user_avatar = '" . $db->sql_escape($avatar_data['avatar']) . "'"; + $db->sql_query($sql); } + } - $sql = 'UPDATE ' . $table . ' - SET ' . $db->sql_build_array('UPDATE', $result) . ' - WHERE ' . $prefix . 'id = ' . (int) $avatar_data['id']; - $db->sql_query($sql); + /** + * Prefix avatar columns + * + * @param string $prefix Column prefix + * @param array $data Column data + * + * @return array Column data with prefixed column names + */ + public function prefix_avatar_columns($prefix, $data) + { + foreach ($data as $key => $value) + { + $data[$prefix . $key] = $value; + unset($data[$key]); + } + + return $data; } } diff --git a/phpBB/phpbb/db/migration/data/v310/style_update_p1.php b/phpBB/phpbb/db/migration/data/v310/style_update_p1.php index 5a3a1d5de7..e8d3a3af64 100644 --- a/phpBB/phpbb/db/migration/data/v310/style_update_p1.php +++ b/phpBB/phpbb/db/migration/data/v310/style_update_p1.php @@ -92,7 +92,7 @@ class style_update_p1 extends \phpbb\db\migration\migration else { $sql = 'SELECT s.style_id, t.template_path, t.template_id, t.bbcode_bitfield, t.template_inherits_id, t.template_inherit_path, c.theme_path, c.theme_id - FROM ' . STYLES_TABLE . ' s, ' . $this->table_prefix . 'styles_template t, ' . $this->table_prefix . "stles_theme c + FROM ' . STYLES_TABLE . ' s, ' . $this->table_prefix . 'styles_template t, ' . $this->table_prefix . "styles_theme c WHERE t.template_id = s.template_id AND c.theme_id = s.theme_id"; } diff --git a/phpBB/phpbb/db/migration/data/v31x/v312.php b/phpBB/phpbb/db/migration/data/v31x/v312.php new file mode 100644 index 0000000000..bf49935f4d --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v31x/v312.php @@ -0,0 +1,31 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v31x; + +class v312 extends \phpbb\db\migration\migration +{ + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v31x\v312rc1', + ); + } + + public function update_data() + { + return array( + array('config.update', array('version', '3.1.2')), + ); + } +} diff --git a/phpBB/phpbb/db/migration/data/v31x/v312rc1.php b/phpBB/phpbb/db/migration/data/v31x/v312rc1.php new file mode 100644 index 0000000000..d4b133fc01 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v31x/v312rc1.php @@ -0,0 +1,32 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v31x; + +class v312rc1 extends \phpbb\db\migration\migration +{ + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v31x\v311', + '\phpbb\db\migration\data\v31x\m_softdelete_global', + ); + } + + public function update_data() + { + return array( + array('config.update', array('version', '3.1.2-RC1')), + ); + } +} diff --git a/phpBB/phpbb/extension/metadata_manager.php b/phpBB/phpbb/extension/metadata_manager.php index edca8ee1af..a64d88fe39 100644 --- a/phpBB/phpbb/extension/metadata_manager.php +++ b/phpBB/phpbb/extension/metadata_manager.php @@ -177,6 +177,7 @@ class metadata_manager throw new \phpbb\extension\exception($this->user->lang('FILE_JSON_DECODE_ERR', $this->metadata_file)); } + array_walk_recursive($metadata, array($this, 'sanitize_json')); $this->metadata = $metadata; return true; @@ -184,6 +185,17 @@ class metadata_manager } /** + * Sanitize input from JSON array using htmlspecialchars() + * + * @param mixed $value Value of array row + * @param string $key Key of array row + */ + public function sanitize_json(&$value, $key) + { + $value = htmlspecialchars($value); + } + + /** * This array handles the cleaning of the array * * @return array Contains the cleaned metadata array @@ -337,30 +349,30 @@ class metadata_manager public function output_template_data() { $this->template->assign_vars(array( - 'META_NAME' => htmlspecialchars($this->metadata['name']), - 'META_TYPE' => htmlspecialchars($this->metadata['type']), - 'META_DESCRIPTION' => (isset($this->metadata['description'])) ? htmlspecialchars($this->metadata['description']) : '', + 'META_NAME' => $this->metadata['name'], + 'META_TYPE' => $this->metadata['type'], + 'META_DESCRIPTION' => (isset($this->metadata['description'])) ? $this->metadata['description'] : '', 'META_HOMEPAGE' => (isset($this->metadata['homepage'])) ? $this->metadata['homepage'] : '', - 'META_VERSION' => (isset($this->metadata['version'])) ? htmlspecialchars($this->metadata['version']) : '', - 'META_TIME' => (isset($this->metadata['time'])) ? htmlspecialchars($this->metadata['time']) : '', - 'META_LICENSE' => htmlspecialchars($this->metadata['license']), + 'META_VERSION' => (isset($this->metadata['version'])) ? $this->metadata['version'] : '', + 'META_TIME' => (isset($this->metadata['time'])) ? $this->metadata['time'] : '', + 'META_LICENSE' => $this->metadata['license'], - 'META_REQUIRE_PHP' => (isset($this->metadata['require']['php'])) ? htmlspecialchars($this->metadata['require']['php']) : '', + 'META_REQUIRE_PHP' => (isset($this->metadata['require']['php'])) ? $this->metadata['require']['php'] : '', 'META_REQUIRE_PHP_FAIL' => !$this->validate_require_php(), - 'META_REQUIRE_PHPBB' => (isset($this->metadata['extra']['soft-require']['phpbb/phpbb'])) ? htmlspecialchars($this->metadata['extra']['soft-require']['phpbb/phpbb']) : '', + 'META_REQUIRE_PHPBB' => (isset($this->metadata['extra']['soft-require']['phpbb/phpbb'])) ? $this->metadata['extra']['soft-require']['phpbb/phpbb'] : '', 'META_REQUIRE_PHPBB_FAIL' => !$this->validate_require_phpbb(), - 'META_DISPLAY_NAME' => (isset($this->metadata['extra']['display-name'])) ? htmlspecialchars($this->metadata['extra']['display-name']) : '', + 'META_DISPLAY_NAME' => (isset($this->metadata['extra']['display-name'])) ? $this->metadata['extra']['display-name'] : '', )); foreach ($this->metadata['authors'] as $author) { $this->template->assign_block_vars('meta_authors', array( - 'AUTHOR_NAME' => htmlspecialchars($author['name']), + 'AUTHOR_NAME' => $author['name'], 'AUTHOR_EMAIL' => (isset($author['email'])) ? $author['email'] : '', 'AUTHOR_HOMEPAGE' => (isset($author['homepage'])) ? $author['homepage'] : '', - 'AUTHOR_ROLE' => (isset($author['role'])) ? htmlspecialchars($author['role']) : '', + 'AUTHOR_ROLE' => (isset($author['role'])) ? $author['role'] : '', )); } } diff --git a/phpBB/phpbb/file_downloader.php b/phpBB/phpbb/file_downloader.php new file mode 100644 index 0000000000..d717b394d5 --- /dev/null +++ b/phpBB/phpbb/file_downloader.php @@ -0,0 +1,120 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb; + +class file_downloader +{ + /** @var string Error string */ + protected $error_string = ''; + + /** @var int Error number */ + protected $error_number = 0; + + /** + * Retrieve contents from remotely stored file + * + * @param string $host File host + * @param string $directory Directory file is in + * @param string $filename Filename of file to retrieve + * @param int $port Port to connect to; default: 80 + * @param int $timeout Connection timeout in seconds; default: 6 + * + * @return mixed File data as string if file can be read and there is no + * timeout, false if there were errors or the connection timed out + * + * @throws \RuntimeException If data can't be retrieved and no error + * message is returned + */ + public function get($host, $directory, $filename, $port = 80, $timeout = 6) + { + // Set default values for error variables + $this->error_number = 0; + $this->error_string = ''; + + if ($socket = @fsockopen($host, $port, $this->error_number, $this->error_string, $timeout)) + { + @fputs($socket, "GET $directory/$filename HTTP/1.0\r\n"); + @fputs($socket, "HOST: $host\r\n"); + @fputs($socket, "Connection: close\r\n\r\n"); + + $timer_stop = time() + $timeout; + stream_set_timeout($socket, $timeout); + + $file_info = ''; + $get_info = false; + + while (!@feof($socket)) + { + if ($get_info) + { + $file_info .= @fread($socket, 1024); + } + else + { + $line = @fgets($socket, 1024); + if ($line == "\r\n") + { + $get_info = true; + } + else if (stripos($line, '404 not found') !== false) + { + throw new \RuntimeException(array('FILE_NOT_FOUND', $filename)); + } + } + + $stream_meta_data = stream_get_meta_data($socket); + + if (!empty($stream_meta_data['timed_out']) || time() >= $timer_stop) + { + throw new \RuntimeException('FSOCK_TIMEOUT'); + } + } + @fclose($socket); + } + else + { + if ($this->error_string) + { + $this->error_string = utf8_convert_message($this->error_string); + return false; + } + else + { + throw new \RuntimeException('FSOCK_DISABLED'); + } + } + + return $file_info; + } + + /** + * Get error string + * + * @return string Error string + */ + public function get_error_string() + { + return $this->error_string; + } + + /** + * Get error number + * + * @return int Error number + */ + public function get_error_number() + { + return $this->error_number; + } +} diff --git a/phpBB/phpbb/message/topic_form.php b/phpBB/phpbb/message/topic_form.php index 1e0f2a1945..174643bb81 100644 --- a/phpBB/phpbb/message/topic_form.php +++ b/phpBB/phpbb/message/topic_form.php @@ -117,7 +117,7 @@ class topic_form extends form 'TOPIC_NAME' => htmlspecialchars_decode($this->topic_row['topic_title']), 'U_TOPIC' => generate_board_url() . '/viewtopic.' . $this->phpEx . '?f=' . $this->topic_row['forum_id'] . '&t=' . $this->topic_id, )); - + $this->message->set_body($this->body); $this->message->add_recipient( $this->recipient_name, $this->recipient_address, diff --git a/phpBB/phpbb/path_helper.php b/phpBB/phpbb/path_helper.php index 4a446a5d9d..b49d8d13c2 100644 --- a/phpBB/phpbb/path_helper.php +++ b/phpBB/phpbb/path_helper.php @@ -282,10 +282,16 @@ class path_helper $referer_dir = dirname($referer_dir); } - while (strpos($absolute_board_url, $referer_dir) !== 0) + while (($dir_position = strpos($absolute_board_url, $referer_dir)) !== 0) { $fixed_root_path .= '../'; $referer_dir = dirname($referer_dir); + + // Just return phpbb_root_path if we reach the top directory + if ($referer_dir === '.') + { + return $this->phpbb_root_path; + } } $fixed_root_path .= substr($absolute_board_url, strlen($referer_dir) + 1); diff --git a/phpBB/phpbb/request/request.php b/phpBB/phpbb/request/request.php index f0f2f7e2a2..56ce3999ed 100644 --- a/phpBB/phpbb/request/request.php +++ b/phpBB/phpbb/request/request.php @@ -275,7 +275,7 @@ class request implements \phpbb\request\request_interface */ public function file($form_name) { - return $this->variable($form_name, array('name' => 'none'), false, \phpbb\request\request_interface::FILES); + return $this->variable($form_name, array('name' => 'none'), true, \phpbb\request\request_interface::FILES); } /** diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php index dc90d942c3..691d0d5bef 100644 --- a/phpBB/phpbb/session.php +++ b/phpBB/phpbb/session.php @@ -1063,7 +1063,7 @@ class session $name_data = rawurlencode($config['cookie_name'] . '_' . $name) . '=' . rawurlencode($cookiedata); $expire = gmdate('D, d-M-Y H:i:s \\G\\M\\T', $cookietime); - $domain = (!$config['cookie_domain'] || $config['cookie_domain'] == 'localhost' || $config['cookie_domain'] == '127.0.0.1') ? '' : '; domain=' . $config['cookie_domain']; + $domain = (!$config['cookie_domain'] || $config['cookie_domain'] == '127.0.0.1' || strpos($config['cookie_domain'], '.') === false) ? '' : '; domain=' . $config['cookie_domain']; header('Set-Cookie: ' . $name_data . (($cookietime) ? '; expires=' . $expire : '') . '; path=' . $config['cookie_path'] . $domain . ((!$config['cookie_secure']) ? '' : '; secure') . ';' . (($httponly) ? ' HttpOnly' : ''), false); } diff --git a/phpBB/phpbb/version_helper.php b/phpBB/phpbb/version_helper.php index c3c3602944..dc62f06fb2 100644 --- a/phpBB/phpbb/version_helper.php +++ b/phpBB/phpbb/version_helper.php @@ -50,6 +50,9 @@ class version_helper /** @var \phpbb\config\config */ protected $config; + /** @var \phpbb\file_downloader */ + protected $file_downloader; + /** @var \phpbb\user */ protected $user; @@ -58,12 +61,14 @@ class version_helper * * @param \phpbb\cache\service $cache * @param \phpbb\config\config $config + * @param \phpbb\file_downloader $file_downloader * @param \phpbb\user $user */ - public function __construct(\phpbb\cache\service $cache, \phpbb\config\config $config, \phpbb\user $user) + public function __construct(\phpbb\cache\service $cache, \phpbb\config\config $config, \phpbb\file_downloader $file_downloader, \phpbb\user $user) { $this->cache = $cache; $this->config = $config; + $this->file_downloader = $file_downloader; $this->user = $user; if (defined('PHPBB_QA')) @@ -249,16 +254,32 @@ class version_helper } else if ($info === false || $force_update) { - $errstr = $errno = ''; - $info = get_remote_file($this->host, $this->path, $this->file, $errstr, $errno); + try { + $info = $this->file_downloader->get($this->host, $this->path, $this->file); + } + catch (\RuntimeException $exception) + { + throw new \RuntimeException($this->user->lang($exception->getMessage())); + } + $error_string = $this->file_downloader->get_error_string(); - if (!empty($errstr)) + if (!empty($error_string)) { - throw new \RuntimeException($errstr); + throw new \RuntimeException($error_string); } $info = json_decode($info, true); + // Sanitize any data we retrieve from a server + if (!empty($info)) + { + $json_sanitizer = function (&$value, $key) { + $type_cast_helper = new \phpbb\request\type_cast_helper(); + $type_cast_helper->set_var($value, $value, gettype($value), true); + }; + array_walk_recursive($info, $json_sanitizer); + } + if (empty($info['stable']) && empty($info['unstable'])) { $this->user->add_lang('acp/common'); @@ -266,15 +287,6 @@ class version_helper throw new \RuntimeException($this->user->lang('VERSIONCHECK_FAIL')); } - // Replace & with & on announcement links - foreach ($info as $stability => $branches) - { - foreach ($branches as $branch => $branch_data) - { - $info[$stability][$branch]['announcement'] = (!empty($branch_data['announcement'])) ? str_replace('&', '&', $branch_data['announcement']) : ''; - } - } - $info['stable'] = (empty($info['stable'])) ? array() : $info['stable']; $info['unstable'] = (empty($info['unstable'])) ? $info['stable'] : $info['unstable']; diff --git a/phpBB/posting.php b/phpBB/posting.php index 4c32276d17..dda7455845 100644 --- a/phpBB/posting.php +++ b/phpBB/posting.php @@ -1161,7 +1161,7 @@ if ($submit || $preview || $refresh) break; } - if (!$auth->acl_get($auth_option, $forum_id)) + if ($auth_option != '' && !$auth->acl_get($auth_option, $forum_id)) { // There is a special case where a user edits his post whereby the topic type got changed by an admin/mod. // Another case would be a mod not having sticky permissions for example but edit permissions. diff --git a/phpBB/search.php b/phpBB/search.php index e80a89b382..2598e407cc 100644 --- a/phpBB/search.php +++ b/phpBB/search.php @@ -101,7 +101,7 @@ if (!$auth->acl_get('u_search') || !$auth->acl_getf_global('f_search') || !$conf if ($user->load && $config['limit_search_load'] && ($user->load > doubleval($config['limit_search_load']))) { $template->assign_var('S_NO_SEARCH', true); - trigger_error('NO_SEARCH_TIME'); + trigger_error('NO_SEARCH_LOAD'); } // It is applicable if the configuration setting is non-zero, and the user cannot diff --git a/phpBB/styles/prosilver/style.cfg b/phpBB/styles/prosilver/style.cfg index 9684df73ba..41e0d68714 100644 --- a/phpBB/styles/prosilver/style.cfg +++ b/phpBB/styles/prosilver/style.cfg @@ -21,8 +21,8 @@ # General Information about this style name = prosilver copyright = © phpBB Limited, 2007 -style_version = 3.1.1 -phpbb_version = 3.1.1 +style_version = 3.1.2 +phpbb_version = 3.1.2 # Defining a different template bitfield # template_bitfield = lNg= diff --git a/phpBB/styles/prosilver/template/forumlist_body.html b/phpBB/styles/prosilver/template/forumlist_body.html index c90f5b0639..3e7a2cd102 100644 --- a/phpBB/styles/prosilver/template/forumlist_body.html +++ b/phpBB/styles/prosilver/template/forumlist_body.html @@ -80,6 +80,8 @@ {L_POST_BY_AUTHOR} {forumrow.LAST_POSTER_FULL} <!-- IF not S_IS_BOT --><a href="{forumrow.U_LAST_POST}">{LAST_POST_IMG}</a> <!-- ENDIF --><br />{forumrow.LAST_POST_TIME}<!-- ELSE -->{L_NO_POSTS}<br /> <!-- ENDIF --></span> </dd> + <!-- ELSE --> + <dd> </dd> <!-- ENDIF --> </dl> <!-- EVENT forumlist_body_forum_row_append --> diff --git a/phpBB/styles/prosilver/template/memberlist_email.html b/phpBB/styles/prosilver/template/memberlist_email.html index e848844093..1bfd83e3a1 100644 --- a/phpBB/styles/prosilver/template/memberlist_email.html +++ b/phpBB/styles/prosilver/template/memberlist_email.html @@ -80,7 +80,7 @@ <!-- IF S_REGISTERED_USER --> <dl> <dt> </dt> - <dd><label for="cc_email"><input type="checkbox" name="cc_email" id="cc_email" value="1" checked="checked" tabindex="5" /> {L_CC_EMAIL}</label></dd> + <dd><label for="cc_sender"><input type="checkbox" name="cc_sender" id="cc_sender" value="1" checked="checked" tabindex="5" /> {L_CC_SENDER}</label></dd> </dl> <!-- ENDIF --> </fieldset> diff --git a/phpBB/styles/prosilver/template/viewtopic_body.html b/phpBB/styles/prosilver/template/viewtopic_body.html index 621e2d6143..48bcc2e922 100644 --- a/phpBB/styles/prosilver/template/viewtopic_body.html +++ b/phpBB/styles/prosilver/template/viewtopic_body.html @@ -313,7 +313,7 @@ </div> - <div class="back2top"><a href="#wrap" class="top" title="{L_BACK_TO_TOP}">{L_BACK_TO_TOP}</a></div> + <div class="back2top"><a href="#top" class="top" title="{L_BACK_TO_TOP}">{L_BACK_TO_TOP}</a></div> </div> </div> diff --git a/phpBB/styles/prosilver/theme/content.css b/phpBB/styles/prosilver/theme/content.css index 9388496c53..4768309c29 100644 --- a/phpBB/styles/prosilver/theme/content.css +++ b/phpBB/styles/prosilver/theme/content.css @@ -497,7 +497,7 @@ blockquote.uncited { text-transform: uppercase; border-bottom: 1px solid transparent; margin-bottom: 3px; - font-size: 0.8em; + font-size: 0.8em !important; font-weight: bold; display: block; } diff --git a/phpBB/styles/prosilver/theme/cp.css b/phpBB/styles/prosilver/theme/cp.css index 014bb91e7a..81b6d9bf64 100644 --- a/phpBB/styles/prosilver/theme/cp.css +++ b/phpBB/styles/prosilver/theme/cp.css @@ -59,10 +59,6 @@ ul.cplist { border-bottom: none; } -#cp-main .postbody p { - font-size: 1.1em; -} - #cp-main .pm-message { border: 1px solid transparent; margin: 10px 0; @@ -78,6 +74,10 @@ ul.cplist { margin-top: 0; } +.panel-container .postbody p.author { + font-size: 1.1em; +} + #cp-main .buttons { margin-left: 0; } diff --git a/phpBB/styles/subsilver2/style.cfg b/phpBB/styles/subsilver2/style.cfg index 3b33c07002..6014b89e66 100644 --- a/phpBB/styles/subsilver2/style.cfg +++ b/phpBB/styles/subsilver2/style.cfg @@ -21,8 +21,8 @@ # General Information about this style name = subsilver2 copyright = © 2005 phpBB Limited -style_version = 3.1.1 -phpbb_version = 3.1.1 +style_version = 3.1.2 +phpbb_version = 3.1.2 # Defining a different template bitfield # template_bitfield = lNg= diff --git a/phpBB/styles/subsilver2/template/memberlist_email.html b/phpBB/styles/subsilver2/template/memberlist_email.html index b52513c241..1416aa0c10 100644 --- a/phpBB/styles/subsilver2/template/memberlist_email.html +++ b/phpBB/styles/subsilver2/template/memberlist_email.html @@ -72,8 +72,8 @@ <td class="row2"> <table cellspacing="0" cellpadding="1" border="0"> <tr> - <td><input type="checkbox" class="radio" name="cc_email" value="1" checked="checked" /></td> - <td class="gen">{L_CC_EMAIL}</td> + <td><input type="checkbox" class="radio" name="cc_sender" value="1" checked="checked" /></td> + <td class="gen">{L_CC_SENDER}</td> </tr> </table> </td> diff --git a/phpBB/styles/subsilver2/template/posting_poll_body.html b/phpBB/styles/subsilver2/template/posting_poll_body.html index 67996eaf33..8d98b36c86 100644 --- a/phpBB/styles/subsilver2/template/posting_poll_body.html +++ b/phpBB/styles/subsilver2/template/posting_poll_body.html @@ -15,7 +15,7 @@ </tr> <tr> <td class="row1"><b class="genmed">{L_POLL_MAX_OPTIONS}{L_COLON}</b><br /><span class="gensmall">{L_POLL_MAX_OPTIONS_EXPLAIN}</span></td> - <td class="row2"><input class="post" type="number" min="1" max="999" name="poll_max_options" size="3" maxlength="3" value="{POLL_MAX_OPTIONS}" /></td> + <td class="row2"><input class="post" type="number" min="0" max="999" name="poll_max_options" size="3" maxlength="3" value="{POLL_MAX_OPTIONS}" /></td> </tr> <tr> <td class="row1"><b class="genmed">{L_POLL_FOR}{L_COLON}</b></td> |