diff options
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/config/default/container/services_console.yml | 1 | ||||
| -rw-r--r-- | phpBB/config/default/container/services_feed.yml | 9 | ||||
| -rw-r--r-- | phpBB/docs/nginx.sample.conf | 10 | ||||
| -rw-r--r-- | phpBB/includes/functions_display.php | 2 | ||||
| -rw-r--r-- | phpBB/install/schemas/schema_data.sql | 5 | ||||
| -rw-r--r-- | phpBB/language/en/acp/board.php | 4 | ||||
| -rw-r--r-- | phpBB/language/en/acp/permissions_phpbb.php | 1 | ||||
| -rw-r--r-- | phpBB/language/en/viewforum.php | 2 | ||||
| -rw-r--r-- | phpBB/phpbb/console/exception_subscriber.php | 13 | ||||
| -rw-r--r-- | phpBB/phpbb/db/migration/data/v32x/f_list_topics_permission_add.php | 31 | ||||
| -rw-r--r-- | phpBB/phpbb/event/dispatcher.php | 7 | ||||
| -rw-r--r-- | phpBB/phpbb/event/php_exporter.php | 36 | ||||
| -rw-r--r-- | phpBB/phpbb/feed/helper.php | 55 | ||||
| -rw-r--r-- | phpBB/phpbb/feed/quote_helper.php | 36 | ||||
| -rw-r--r-- | phpBB/phpbb/log/log.php | 14 | ||||
| -rw-r--r-- | phpBB/phpbb/pagination.php | 5 | ||||
| -rw-r--r-- | phpBB/phpbb/permissions.php | 1 | ||||
| -rw-r--r-- | phpBB/styles/prosilver/template/viewforum_body.html | 4 | ||||
| -rw-r--r-- | phpBB/viewforum.php | 29 | ||||
| -rw-r--r-- | phpBB/viewtopic.php | 4 |
20 files changed, 191 insertions, 78 deletions
diff --git a/phpBB/config/default/container/services_console.yml b/phpBB/config/default/container/services_console.yml index 697e147d85..a327b74ac4 100644 --- a/phpBB/config/default/container/services_console.yml +++ b/phpBB/config/default/container/services_console.yml @@ -3,7 +3,6 @@ services: class: phpbb\console\exception_subscriber arguments: - '@language' - - '%debug.exceptions%' tags: - { name: kernel.event_subscriber } diff --git a/phpBB/config/default/container/services_feed.yml b/phpBB/config/default/container/services_feed.yml index d3e7924f2f..e8bac4b5ce 100644 --- a/phpBB/config/default/container/services_feed.yml +++ b/phpBB/config/default/container/services_feed.yml @@ -18,9 +18,10 @@ services: class: phpbb\feed\helper arguments: - '@config' + - '@service_container' + - '@path_helper' + - '@text_formatter.renderer' - '@user' - - '%core.root_path%' - - '%core.php_ext%' feed.forum: class: phpbb\feed\forum @@ -78,6 +79,10 @@ services: - '@dispatcher' - '%core.php_ext%' + feed.quote_helper: + class: phpbb\feed\quote_helper + parent: text_formatter.s9e.quote_helper + feed.topic: class: phpbb\feed\topic shared: false diff --git a/phpBB/docs/nginx.sample.conf b/phpBB/docs/nginx.sample.conf index ce929b6e54..55c01a1fc9 100644 --- a/phpBB/docs/nginx.sample.conf +++ b/phpBB/docs/nginx.sample.conf @@ -18,11 +18,11 @@ http { gzip_vary on; gzip_http_version 1.1; gzip_min_length 700; - + # Compression levels over 6 do not give an appreciable improvement # in compression ratio, but take more resources. gzip_comp_level 6; - + # IE 6 and lower do not support gzip with Vary correctly. gzip_disable "msie6"; # Before nginx 0.7.63: @@ -49,9 +49,7 @@ http { server_name myforums.com; # A trick from http://wiki.nginx.org/Pitfalls#Taxing_Rewrites: - rewrite ^ http://www.myforums.com$request_uri permanent; - # Equivalent to: - #rewrite ^(.*)$ http://www.myforums.com$1 permanent; + return 301 http://www.myforums.com$request_uri; } # The actual board domain. @@ -72,7 +70,7 @@ http { } # Deny access to internal phpbb files. - location ~ /(config\.php|common\.php|cache|files|images/avatars/upload|includes|phpbb|store|vendor) { + location ~ /(config\.php|common\.php|cache|files|images/avatars/upload|includes|(?<!ext/)phpbb|store|vendor) { deny all; # deny was ignored before 0.8.40 for connections over IPv6. # Use internal directive to prohibit access on older versions. diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php index 32bee14eef..171a73a8de 100644 --- a/phpBB/includes/functions_display.php +++ b/phpBB/includes/functions_display.php @@ -537,7 +537,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod // Create last post link information, if appropriate if ($row['forum_last_post_id']) { - if ($row['forum_password_last_post'] === '' && $auth->acl_get('f_read', $row['forum_id_last_post'])) + if ($row['forum_password_last_post'] === '' && $auth->acl_gets('f_read', 'f_list_topics', $row['forum_id_last_post'])) { $last_post_subject = censor_text($row['forum_last_post_subject']); $last_post_subject_truncated = truncate_string($last_post_subject, 30, 255, false, $user->lang['ELLIPSIS']); diff --git a/phpBB/install/schemas/schema_data.sql b/phpBB/install/schemas/schema_data.sql index ca0e8bd614..fa61f45366 100644 --- a/phpBB/install/schemas/schema_data.sql +++ b/phpBB/install/schemas/schema_data.sql @@ -328,6 +328,7 @@ INSERT INTO phpbb_acl_options (auth_option, is_local) VALUES ('f_icons', 1); INSERT INTO phpbb_acl_options (auth_option, is_local) VALUES ('f_ignoreflood', 1); INSERT INTO phpbb_acl_options (auth_option, is_local) VALUES ('f_img', 1); INSERT INTO phpbb_acl_options (auth_option, is_local) VALUES ('f_list', 1); +INSERT INTO phpbb_acl_options (auth_option, is_local) VALUES ('f_list_topics', 1); INSERT INTO phpbb_acl_options (auth_option, is_local) VALUES ('f_noapprove', 1); INSERT INTO phpbb_acl_options (auth_option, is_local) VALUES ('f_poll', 1); INSERT INTO phpbb_acl_options (auth_option, is_local) VALUES ('f_post', 1); @@ -565,13 +566,13 @@ INSERT INTO phpbb_acl_roles_data (role_id, auth_option_id, auth_setting) SELECT INSERT INTO phpbb_acl_roles_data (role_id, auth_option_id, auth_setting) SELECT 16, auth_option_id, 0 FROM phpbb_acl_options WHERE auth_option = 'f_'; # Read Only Access (f_) -INSERT INTO phpbb_acl_roles_data (role_id, auth_option_id, auth_setting) SELECT 17, auth_option_id, 1 FROM phpbb_acl_options WHERE auth_option LIKE 'f_%' AND auth_option IN ('f_', 'f_download', 'f_list', 'f_read', 'f_search', 'f_subscribe', 'f_print'); +INSERT INTO phpbb_acl_roles_data (role_id, auth_option_id, auth_setting) SELECT 17, auth_option_id, 1 FROM phpbb_acl_options WHERE auth_option LIKE 'f_%' AND auth_option IN ('f_', 'f_download', 'f_list', 'f_list_topics', 'f_read', 'f_search', 'f_subscribe', 'f_print'); # Limited Access (f_) INSERT INTO phpbb_acl_roles_data (role_id, auth_option_id, auth_setting) SELECT 18, auth_option_id, 1 FROM phpbb_acl_options WHERE auth_option LIKE 'f_%' AND auth_option NOT IN ('f_announce', 'f_announce_global', 'f_attach', 'f_bump', 'f_delete', 'f_flash', 'f_icons', 'f_ignoreflood', 'f_poll', 'f_sticky', 'f_user_lock', 'f_votechg'); # Bot Access (f_) -INSERT INTO phpbb_acl_roles_data (role_id, auth_option_id, auth_setting) SELECT 19, auth_option_id, 1 FROM phpbb_acl_options WHERE auth_option LIKE 'f_%' AND auth_option IN ('f_', 'f_download', 'f_list', 'f_read', 'f_print'); +INSERT INTO phpbb_acl_roles_data (role_id, auth_option_id, auth_setting) SELECT 19, auth_option_id, 1 FROM phpbb_acl_options WHERE auth_option LIKE 'f_%' AND auth_option IN ('f_', 'f_download', 'f_list', 'f_list_topics', 'f_read', 'f_print'); # On Moderation Queue (f_) INSERT INTO phpbb_acl_roles_data (role_id, auth_option_id, auth_setting) SELECT 20, auth_option_id, 1 FROM phpbb_acl_options WHERE auth_option LIKE 'f_%' AND auth_option NOT IN ('f_announce', 'f_announce_global', 'f_bump', 'f_delete', 'f_flash', 'f_icons', 'f_ignoreflood', 'f_poll', 'f_sticky', 'f_user_lock', 'f_votechg', 'f_noapprove'); diff --git a/phpBB/language/en/acp/board.php b/phpBB/language/en/acp/board.php index e6c56a5bbb..0578651739 100644 --- a/phpBB/language/en/acp/board.php +++ b/phpBB/language/en/acp/board.php @@ -357,7 +357,7 @@ $lang = array_merge($lang, array( 'COOKIE_NOTICE' => 'Cookie notice', 'COOKIE_NOTICE_EXPLAIN' => 'If enabled a cookie notice will be displayed to users when visiting your board. This might be required by law depending on the content of your board and enabled extensions.', 'COOKIE_PATH' => 'Cookie path', - 'COOKIE_PATH_EXPLAIN' => 'Note that this is always a slash, it does not matter what your board URL is.', + 'COOKIE_PATH_EXPLAIN' => 'This will usually be the same as your script path or simply a slash to make the cookie accessible across the site domain.', 'COOKIE_SECURE' => 'Cookie secure', 'COOKIE_SECURE_EXPLAIN' => 'If your server is running via SSL set this to enabled else leave as disabled. Having this enabled and not running via SSL will result in server errors during redirects.', 'ONLINE_LENGTH' => 'View online time span', @@ -371,7 +371,7 @@ $lang = array_merge($lang, array( 'ACP_CONTACT_SETTINGS_EXPLAIN' => 'Here you can enable and disable the contact page and also add a text that is displayed on the page.', 'CONTACT_US_ENABLE' => 'Enable contact page', - 'CONTACT_US_ENABLE_EXPLAIN' => 'This page allows users to send emails to board administrators', + 'CONTACT_US_ENABLE_EXPLAIN' => 'This page allows users to send emails to board administrators. Please note that board-wide emails option must be enabled as well. You can find this option in General > Client Communication > Email settings.', 'CONTACT_US_INFO' => 'Contact information', 'CONTACT_US_INFO_EXPLAIN' => 'The message is displayed on the contact page', diff --git a/phpBB/language/en/acp/permissions_phpbb.php b/phpBB/language/en/acp/permissions_phpbb.php index f986eced38..64740b311b 100644 --- a/phpBB/language/en/acp/permissions_phpbb.php +++ b/phpBB/language/en/acp/permissions_phpbb.php @@ -107,6 +107,7 @@ $lang = array_merge($lang, array( // Forum Permissions $lang = array_merge($lang, array( 'ACL_F_LIST' => 'Can see forum', + 'ACL_F_LIST_TOPICS' => 'Can see topics', 'ACL_F_READ' => 'Can read forum', 'ACL_F_SEARCH' => 'Can search the forum', 'ACL_F_SUBSCRIBE' => 'Can subscribe forum', diff --git a/phpBB/language/en/viewforum.php b/phpBB/language/en/viewforum.php index 9946a3eda4..cab205ddf9 100644 --- a/phpBB/language/en/viewforum.php +++ b/phpBB/language/en/viewforum.php @@ -53,7 +53,7 @@ $lang = array_merge($lang, array( 'NEW_POSTS_LOCKED' => 'New posts [ Locked ]', // Not used anymore 'NO_NEW_POSTS_HOT' => 'No new posts [ Popular ]', // Not used anymore 'NO_NEW_POSTS_LOCKED' => 'No new posts [ Locked ]', // Not used anymore - 'NO_READ_ACCESS' => 'You do not have the required permissions to read topics within this forum.', + 'NO_READ_ACCESS' => 'You do not have the required permissions to view or read topics within this forum.', 'NO_UNREAD_POSTS_HOT' => 'No unread posts [ Popular ]', 'NO_UNREAD_POSTS_LOCKED' => 'No unread posts [ Locked ]', diff --git a/phpBB/phpbb/console/exception_subscriber.php b/phpBB/phpbb/console/exception_subscriber.php index b920d4abae..b240993203 100644 --- a/phpBB/phpbb/console/exception_subscriber.php +++ b/phpBB/phpbb/console/exception_subscriber.php @@ -29,12 +29,10 @@ class exception_subscriber implements EventSubscriberInterface * Construct method * * @param \phpbb\language\language $language Language object - * @param bool $debug Debug mode */ - public function __construct(\phpbb\language\language $language, $debug = false) + public function __construct(\phpbb\language\language $language) { $this->language = $language; - $this->debug = $debug; } /** @@ -52,14 +50,7 @@ class exception_subscriber implements EventSubscriberInterface $parameters = array_merge(array($original_exception->getMessage()), $original_exception->get_parameters()); $message = call_user_func_array(array($this->language, 'lang'), $parameters); - if ($this->debug) - { - $exception = new \RuntimeException($message , $original_exception->getCode(), $original_exception); - } - else - { - $exception = new \RuntimeException($message , $original_exception->getCode()); - } + $exception = new \RuntimeException($message , $original_exception->getCode(), $original_exception); $event->setException($exception); } diff --git a/phpBB/phpbb/db/migration/data/v32x/f_list_topics_permission_add.php b/phpBB/phpbb/db/migration/data/v32x/f_list_topics_permission_add.php new file mode 100644 index 0000000000..49727e5a62 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v32x/f_list_topics_permission_add.php @@ -0,0 +1,31 @@ +<?php +/** + * + * This file is part of the phpBB Forum Software package. + * + * @copyright (c) phpBB Limited <https://www.phpbb.com> + * @license GNU General Public License, version 2 (GPL-2.0) + * + * For full copyright and license information, please see + * the docs/CREDITS.txt file. + * + */ + +namespace phpbb\db\migration\data\v32x; + +class f_list_topics_permission_add extends \phpbb\db\migration\migration +{ + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v32x\v321', + ); + } + + public function update_data() + { + return array( + array('permission.add', array('f_list_topics', false, 'f_read')), + ); + } +} diff --git a/phpBB/phpbb/event/dispatcher.php b/phpBB/phpbb/event/dispatcher.php index 1c4abeb108..1ba2ab8987 100644 --- a/phpBB/phpbb/event/dispatcher.php +++ b/phpBB/phpbb/event/dispatcher.php @@ -57,7 +57,12 @@ class dispatcher extends ContainerAwareEventDispatcher implements dispatcher_int return $event; } - return parent::dispatch($eventName, $event); + foreach ((array) $eventName as $name) + { + $event = parent::dispatch($name, $event); + } + + return $event; } /** diff --git a/phpBB/phpbb/event/php_exporter.php b/phpBB/phpbb/event/php_exporter.php index 26d7e2b426..7b80863305 100644 --- a/phpBB/phpbb/event/php_exporter.php +++ b/phpBB/phpbb/event/php_exporter.php @@ -196,13 +196,13 @@ class php_exporter $content = file_get_contents($this->path . $this->current_file); $num_events_found = 0; - if (strpos($content, "dispatcher->trigger_event('") || strpos($content, "dispatcher->dispatch('")) + if (strpos($content, 'dispatcher->trigger_event(') || strpos($content, 'dispatcher->dispatch(')) { $this->set_content(explode("\n", $content)); for ($i = 0, $num_lines = sizeof($this->file_lines); $i < $num_lines; $i++) { $event_line = false; - $found_trigger_event = strpos($this->file_lines[$i], "dispatcher->trigger_event('"); + $found_trigger_event = strpos($this->file_lines[$i], 'dispatcher->trigger_event('); $arguments = array(); if ($found_trigger_event !== false) { @@ -216,7 +216,7 @@ class php_exporter } else { - $found_dispatch = strpos($this->file_lines[$i], "dispatcher->dispatch('"); + $found_dispatch = strpos($this->file_lines[$i], 'dispatcher->dispatch('); if ($found_dispatch !== false) { $event_line = $i; @@ -316,17 +316,17 @@ class php_exporter if ($is_dispatch) { - $regex = '#\$([a-z](?:[a-z0-9_]|->)*)'; - $regex .= '->dispatch\('; - $regex .= '\'' . $this->preg_match_event_name() . '\''; - $regex .= '\);#'; + $regex = '#\$[a-z](?:[a-z0-9_]|->)*'; + $regex .= '->dispatch\((\[)?'; + $regex .= '\'' . $this->preg_match_event_name() . '(?(1)\', \'(?2))+\''; + $regex .= '(?(1)\])\);#'; } else { - $regex = '#extract\(\$([a-z](?:[a-z0-9_]|->)*)'; - $regex .= '->trigger_event\('; - $regex .= '\'' . $this->preg_match_event_name() . '\''; - $regex .= ', compact\(\$vars\)\)\);#'; + $regex = '#extract\(\$[a-z](?:[a-z0-9_]|->)*'; + $regex .= '->trigger_event\((\[)?'; + $regex .= '\'' . $this->preg_match_event_name() . '(?(1)\', \'(?2))+\''; + $regex .= '(?(1)\]), compact\(\$vars\)\)\);#'; } $match = array(); @@ -359,7 +359,7 @@ class php_exporter public function get_vars_from_array() { $line = ltrim($this->file_lines[$this->current_event_line - 1], "\t"); - if ($line === ');') + if ($line === ');' || $line === '];') { $vars_array = $this->get_vars_from_multi_line_array(); } @@ -370,7 +370,7 @@ class php_exporter foreach ($vars_array as $var) { - if (!preg_match('#^([a-zA-Z_][a-zA-Z0-9_]*)$#', $var)) + if (!preg_match('#^[a-z_][a-z0-9_]*$#i', $var)) { throw new \LogicException("Found invalid var '{$var}' in array for event '{$this->current_event}' in file '{$this->current_file}:{$this->current_event_line}'", 3); } @@ -392,11 +392,11 @@ class php_exporter public function get_vars_from_single_line_array($line, $throw_multiline = true) { $match = array(); - preg_match('#^\$vars = (?:\[|array\()\'([a-zA-Z0-9_\' ,]+)\'[\)\]];$#', $line, $match); + preg_match('#^\$vars = (?:(\[)|array\()\'([a-z0-9_\' ,]+)\'(?(1)\]|\));$#i', $line, $match); - if (isset($match[1])) + if (isset($match[2])) { - $vars_array = explode("', '", $match[1]); + $vars_array = explode("', '", $match[2]); if ($throw_multiline && sizeof($vars_array) > 6) { throw new \LogicException('Should use multiple lines for $vars definition ' @@ -420,7 +420,7 @@ class php_exporter { $current_vars_line = 2; $var_lines = array(); - while (ltrim($this->file_lines[$this->current_event_line - $current_vars_line], "\t") !== '$vars = array(') + while (!in_array(ltrim($this->file_lines[$this->current_event_line - $current_vars_line], "\t"), ['$vars = array(', '$vars = ['])) { $var_lines[] = substr(trim($this->file_lines[$this->current_event_line - $current_vars_line]), 0, -1); @@ -485,7 +485,7 @@ class php_exporter foreach ($doc_vars as $var) { - if (!preg_match('#^([a-zA-Z_][a-zA-Z0-9_]*)$#', $var)) + if (!preg_match('#^[a-z_][a-z0-9_]*$#i', $var)) { throw new \LogicException("Found invalid @var '{$var}' in docblock for event " . "'{$this->current_event}' in file '{$this->current_file}:{$this->current_event_line}'", 4); diff --git a/phpBB/phpbb/feed/helper.php b/phpBB/phpbb/feed/helper.php index e15d1e131e..7d50b7ce7d 100644 --- a/phpBB/phpbb/feed/helper.php +++ b/phpBB/phpbb/feed/helper.php @@ -13,41 +13,52 @@ namespace phpbb\feed; +use phpbb\config\config; +use phpbb\path_helper; +use phpbb\textformatter\s9e\renderer; +use phpbb\user; +use Symfony\Component\DependencyInjection\ContainerInterface; + /** * Class with some helpful functions used in feeds */ class helper { - /** @var \phpbb\config\config */ + /** @var config */ protected $config; - /** @var \phpbb\user */ - protected $user; + /** @var ContainerInterface */ + protected $container; - /** @var string */ - protected $phpbb_root_path; + /** @var path_helper */ + protected $path_helper; - /** @var string */ - protected $phpEx; + /** @var renderer */ + protected $renderer; + + /** @var user */ + protected $user; /** * Constructor * - * @param \phpbb\config\config $config Config object - * @param \phpbb\user $user User object - * @param string $phpbb_root_path Root path - * @param string $phpEx PHP file extension + * @param config $config Config object + * @param ContainerInterface $container Service container object + * @param path_helper $path_helper Path helper object + * @param renderer $renderer TextFormatter renderer object + * @param user $user User object */ - public function __construct(\phpbb\config\config $config, \phpbb\user $user, $phpbb_root_path, $phpEx) + public function __construct(config $config, ContainerInterface $container, path_helper $path_helper, renderer $renderer, user $user) { $this->config = $config; + $this->container = $container; + $this->path_helper = $path_helper; + $this->renderer = $renderer; $this->user = $user; - $this->phpbb_root_path = $phpbb_root_path; - $this->phpEx = $phpEx; } /** - * Run links through append_sid(), prepend generate_board_url() and remove session id + * Returns the board url (and caches it in the function) */ public function get_board_url() { @@ -104,16 +115,12 @@ class helper return ''; } - // Prepare some bbcodes for better parsing - $content = preg_replace("#\[quote(=".*?")?:$uid\]\s*(.*?)\s*\[/quote:$uid\]#si", "[quote$1:$uid]<br />$2<br />[/quote:$uid]", $content); - - $content = generate_text_for_display($content, $uid, $bitfield, $options); + // Setup our own quote_helper to remove all attributes from quotes + $this->renderer->configure_quote_helper($this->container->get('feed.quote_helper')); - // Add newlines - $content = str_replace('<br />', '<br />' . "\n", $content); + $this->renderer->set_smilies_path($this->get_board_url() . '/' . $this->config['smilies_path']); - // Convert smiley Relative paths to Absolute path, Windows style - $content = str_replace($this->phpbb_root_path . $this->config['smilies_path'], $this->get_board_url() . '/' . $this->config['smilies_path'], $content); + $content = generate_text_for_display($content, $uid, $bitfield, $options); // Remove "Select all" link and mouse events $content = str_replace('<a href="#" onclick="selectCode(this); return false;">' . $this->user->lang['SELECT_ALL_CODE'] . '</a>', '', $content); @@ -152,7 +159,7 @@ class helper $content .= implode('<br />', $post_attachments); // Convert attachments' relative path to absolute path - $content = str_replace($this->phpbb_root_path . 'download/file.' . $this->phpEx, $this->get_board_url() . '/download/file.' . $this->phpEx, $content); + $content = str_replace($this->path_helper->get_web_root_path() . 'download/file.' . $this->path_helper->get_php_ext(), $this->get_board_url() . '/download/file.' . $this->path_helper->get_php_ext(), $content); } // Remove Comments from inline attachments [ia] diff --git a/phpBB/phpbb/feed/quote_helper.php b/phpBB/phpbb/feed/quote_helper.php new file mode 100644 index 0000000000..843d075028 --- /dev/null +++ b/phpBB/phpbb/feed/quote_helper.php @@ -0,0 +1,36 @@ +<?php +/** + * + * This file is part of the phpBB Forum Software package. + * + * @copyright (c) phpBB Limited <https://www.phpbb.com> + * @license GNU General Public License, version 2 (GPL-2.0) + * + * For full copyright and license information, please see + * the docs/CREDITS.txt file. + * + */ + +namespace phpbb\feed; + +/** + * Modified quote_helper for feeds (basically just removing all attributes) + */ +class quote_helper extends \phpbb\textformatter\s9e\quote_helper +{ + /** + * {@inheritdoc} + */ + public function inject_metadata($xml) + { + // In feeds we don't want any attributes, so delete all of them + return \s9e\TextFormatter\Utils::replaceAttributes( + $xml, + 'QUOTE', + function () + { + return []; + } + ); + } +} diff --git a/phpBB/phpbb/log/log.php b/phpBB/phpbb/log/log.php index 5aad7ee326..dcc4cdde51 100644 --- a/phpBB/phpbb/log/log.php +++ b/phpBB/phpbb/log/log.php @@ -933,6 +933,20 @@ class log implements \phpbb\log\log_interface $forum_auth['f_read'][$row['topic_id']] = $row['forum_id']; } + /** + * Allow modifying SQL query after topic data is retrieved (inside loop). + * + * @event core.phpbb_log_get_topic_auth_sql_after + * @var array forum_auth Forum permissions + * @var array row One row of data from SQL query + * @since 3.2.2-RC1 + */ + $vars = array( + 'forum_auth', + 'row', + ); + extract($this->dispatcher->trigger_event('core.phpbb_log_get_topic_auth_sql_after', compact($vars))); + if ($this->auth->acl_gets('a_', 'm_', $row['forum_id'])) { $forum_auth['m_'][$row['topic_id']] = $row['forum_id']; diff --git a/phpBB/phpbb/pagination.php b/phpBB/phpbb/pagination.php index a5a95b096d..40af5eda6b 100644 --- a/phpBB/phpbb/pagination.php +++ b/phpBB/phpbb/pagination.php @@ -136,6 +136,11 @@ class pagination */ public function generate_template_pagination($base_url, $block_var_name, $start_name, $num_items, $per_page, $start = 1, $reverse_count = false, $ignore_on_page = false) { + if (empty($base_url)) + { + return; + } + $total_pages = ceil($num_items / $per_page); $on_page = $this->get_on_page($per_page, $start); $u_previous_page = $u_next_page = ''; diff --git a/phpBB/phpbb/permissions.php b/phpBB/phpbb/permissions.php index c9181e6202..7697884b6a 100644 --- a/phpBB/phpbb/permissions.php +++ b/phpBB/phpbb/permissions.php @@ -260,6 +260,7 @@ class permissions // Forum Permissions 'f_list' => array('lang' => 'ACL_F_LIST', 'cat' => 'actions'), + 'f_list_topics' => array('lang' => 'ACL_F_LIST_TOPICS', 'cat' => 'actions'), 'f_read' => array('lang' => 'ACL_F_READ', 'cat' => 'actions'), 'f_search' => array('lang' => 'ACL_F_SEARCH', 'cat' => 'actions'), 'f_subscribe' => array('lang' => 'ACL_F_SUBSCRIBE', 'cat' => 'actions'), diff --git a/phpBB/styles/prosilver/template/viewforum_body.html b/phpBB/styles/prosilver/template/viewforum_body.html index 16d972056d..e03ef412e4 100644 --- a/phpBB/styles/prosilver/template/viewforum_body.html +++ b/phpBB/styles/prosilver/template/viewforum_body.html @@ -165,7 +165,7 @@ <i class="icon fa-file fa-fw icon-red icon-md" aria-hidden="true"></i><span class="sr-only">{NEW_POST}</span> </a> <!-- ENDIF --> - <a href="{topicrow.U_VIEW_TOPIC}" class="topictitle">{topicrow.TOPIC_TITLE}</a> + <!-- IF topicrow.U_VIEW_TOPIC --><a href="{topicrow.U_VIEW_TOPIC}" class="topictitle">{topicrow.TOPIC_TITLE}</a><!-- ELSE -->{topicrow.TOPIC_TITLE}<!-- ENDIF --> <!-- IF topicrow.S_TOPIC_UNAPPROVED or topicrow.S_POSTS_UNAPPROVED --> <a href="{topicrow.U_MCP_QUEUE}" title="{L_TOPIC_UNAPPROVED}"> <i class="icon fa-question fa-fw icon-blue" aria-hidden="true"></i><span class="sr-only">{L_TOPIC_UNAPPROVED}</span> @@ -224,7 +224,7 @@ <dd class="views">{topicrow.VIEWS} <dfn>{L_VIEWS}</dfn></dd> <dd class="lastpost"> <span><dfn>{L_LAST_POST} </dfn>{L_POST_BY_AUTHOR} {topicrow.LAST_POST_AUTHOR_FULL} - <!-- IF not S_IS_BOT --> + <!-- IF not S_IS_BOT and topicrow.U_LAST_POST --> <a href="{topicrow.U_LAST_POST}" title="{L_GOTO_LAST_POST}"> <i class="icon fa-external-link-square fa-fw icon-lightgray icon-md" aria-hidden="true"></i><span class="sr-only">{VIEW_LATEST_POST}</span> </a> diff --git a/phpBB/viewforum.php b/phpBB/viewforum.php index 9cc75988f7..79d75a18f8 100644 --- a/phpBB/viewforum.php +++ b/phpBB/viewforum.php @@ -87,7 +87,7 @@ if (isset($_GET['e']) && !$user->data['is_registered']) } // Permissions check -if (!$auth->acl_gets('f_list', 'f_read', $forum_id) || ($forum_data['forum_type'] == FORUM_LINK && $forum_data['forum_link'] && !$auth->acl_get('f_read', $forum_id))) +if (!$auth->acl_gets('f_list', 'f_list_topics', 'f_read', $forum_id) || ($forum_data['forum_type'] == FORUM_LINK && $forum_data['forum_link'] && !$auth->acl_get('f_read', $forum_id))) { if ($user->data['user_id'] != ANONYMOUS) { @@ -161,7 +161,22 @@ $phpbb_content_visibility = $phpbb_container->get('content.visibility'); $topics_count = $phpbb_content_visibility->get_count('forum_topics', $forum_data, $forum_id); $start = $pagination->validate_start($start, $config['topics_per_page'], $topics_count); -page_header($forum_data['forum_name'] . ($start ? ' - ' . $user->lang('PAGE_TITLE_NUMBER', $pagination->get_on_page($config['topics_per_page'], $start)) : ''), true, $forum_id); +$page_title = $forum_data['forum_name'] . ($start ? ' - ' . $user->lang('PAGE_TITLE_NUMBER', $pagination->get_on_page($config['topics_per_page'], $start)) : ''); + +/** +* You can use this event to modify the page title of the viewforum page +* +* @event core.viewforum_modify_page_title +* @var string page_title Title of the viewforum page +* @var array forum_data Array with forum data +* @var int forum_id The forum ID +* @var int start Start offset used to calculate the page +* @since 3.2.2-RC1 +*/ +$vars = array('page_title', 'forum_data', 'forum_id', 'start'); +extract($phpbb_dispatcher->trigger_event('core.viewforum_modify_page_title', compact($vars))); + +page_header($page_title, true, $forum_id); $template->set_filenames(array( 'body' => 'viewforum_body.html') @@ -181,7 +196,7 @@ if (!($forum_data['forum_type'] == FORUM_POST || (($forum_data['forum_flags'] & // Ok, if someone has only list-access, we only display the forum list. // We also make this circumstance available to the template in case we want to display a notice. ;) -if (!$auth->acl_get('f_read', $forum_id)) +if (!$auth->acl_gets('f_read', 'f_list_topics', $forum_id)) { $template->assign_vars(array( 'S_NO_READ_ACCESS' => true, @@ -732,7 +747,7 @@ if (sizeof($shadow_topic_list)) } // Do not include those topics the user has no permission to access - if (!$auth->acl_get('f_read', $row['forum_id'])) + if (!$auth->acl_gets('f_read', 'f_list_topics', $row['forum_id'])) { // We need to remove any trace regarding this topic. :) unset($rowset[$orig_topic_id]); @@ -875,7 +890,7 @@ if (sizeof($topic_list)) // Generate all the URIs ... $view_topic_url_params = 'f=' . $row['forum_id'] . '&t=' . $topic_id; - $view_topic_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", $view_topic_url_params); + $view_topic_url = $auth->acl_get('f_read', $forum_id) ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", $view_topic_url_params) : false; $topic_unapproved = (($row['topic_visibility'] == ITEM_UNAPPROVED || $row['topic_visibility'] == ITEM_REAPPROVE) && $auth->acl_get('m_approve', $row['forum_id'])); $posts_unapproved = ($row['topic_visibility'] == ITEM_APPROVED && $row['topic_posts_unapproved'] && $auth->acl_get('m_approve', $row['forum_id'])); @@ -929,8 +944,8 @@ if (sizeof($topic_list)) 'S_TOPIC_LOCKED' => ($row['topic_status'] == ITEM_LOCKED) ? true : false, 'S_TOPIC_MOVED' => ($row['topic_status'] == ITEM_MOVED) ? true : false, - 'U_NEWEST_POST' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", $view_topic_url_params . '&view=unread') . '#unread', - 'U_LAST_POST' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", $view_topic_url_params . '&p=' . $row['topic_last_post_id']) . '#p' . $row['topic_last_post_id'], + 'U_NEWEST_POST' => $auth->acl_get('f_read', $forum_id) ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", $view_topic_url_params . '&view=unread') . '#unread' : false, + 'U_LAST_POST' => $auth->acl_get('f_read', $forum_id) ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", $view_topic_url_params . '&p=' . $row['topic_last_post_id']) . '#p' . $row['topic_last_post_id'] : false, 'U_LAST_POST_AUTHOR' => get_username_string('profile', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), 'U_TOPIC_AUTHOR' => get_username_string('profile', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']), 'U_VIEW_TOPIC' => $view_topic_url, diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index c94675a741..3f117eef6b 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -263,6 +263,10 @@ if (!$topic_data) $forum_id = (int) $topic_data['forum_id']; +// If the request is missing the f parameter, the forum id in the user session data is 0 at the moment. +// Let's fix that now so that the user can't hide from the forum's Who Is Online list. +$user->page['forum'] = $forum_id; + // Now we know the forum_id and can check the permissions if ($topic_data['topic_visibility'] != ITEM_APPROVED && !$auth->acl_get('m_approve', $forum_id)) { |