diff options
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/docs/CHANGELOG.html | 10 | ||||
| -rw-r--r-- | phpBB/includes/functions.php | 4 | ||||
| -rw-r--r-- | phpBB/includes/functions_compatibility.php | 7 | ||||
| -rw-r--r-- | phpBB/includes/functions_display.php | 4 | ||||
| -rw-r--r-- | phpBB/memberlist.php | 6 | ||||
| -rw-r--r-- | phpBB/phpbb/avatar/driver/local.php | 4 | ||||
| -rw-r--r-- | phpBB/phpbb/avatar/driver/remote.php | 18 | ||||
| -rw-r--r-- | phpBB/phpbb/cron/manager.php | 1 | ||||
| -rw-r--r-- | phpBB/phpbb/db/migration/data/v30x/release_3_0_5_rc1.php | 5 | ||||
| -rw-r--r-- | phpBB/phpbb/db/migration/data/v310/contact_admin_form.php | 5 | ||||
| -rw-r--r-- | phpBB/phpbb/session.php | 65 | ||||
| -rw-r--r-- | phpBB/phpbb/version_helper.php | 2 |
12 files changed, 89 insertions, 42 deletions
diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index 225de3ca33..212da25ade 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -108,6 +108,16 @@ <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13208">PHPBB3-13208</a>] - Security issues are not pulled into the changelog</li> <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13210">PHPBB3-13210</a>] - Queue Cron Job checks for wrong config variable queue_interval_config</li> <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13211">PHPBB3-13211</a>] - Add possibility to save migrations output to log</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13221">PHPBB3-13221</a>] - Can't upgrade to 3.1 from 3.0.11 and older</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13223">PHPBB3-13223</a>] - Using get_username_string() for email template variables causes HTML markup in emails</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13225">PHPBB3-13225</a>] - phpbb_hash() undefined in phpbb\db\migration\data\v30x\release_3_0_5_rc1.php</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13226">PHPBB3-13226</a>] - Stray $rank_img in memberlist.php</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13227">PHPBB3-13227</a>] - Remote avatars do not work with cURL wrapper</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13229">PHPBB3-13229</a>] - Memberlist is getting overloaded with redundant SQL queries</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13230">PHPBB3-13230</a>] - Deprecated phpbb_clean_path() does not work anymore</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13231">PHPBB3-13231</a>] - The migration contact_admin_form must depends on config_db_text</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13232">PHPBB3-13232</a>] - Email queue does not get run</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13234">PHPBB3-13234</a>] - Remember me cookie gets unset by admin reauthentication</li> </ul> <h4>Improvement</h4> <ul> diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 7700dcfd27..1a3560dbb1 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -5254,7 +5254,7 @@ function page_footer($run_cron = true, $display_template = true, $exit_handler = // Call cron-type script $call_cron = false; - if (!defined('IN_CRON') && !$config['use_system_cron'] && $run_cron && !$config['board_disable'] && !$user->data['is_bot'] && !$cache->get('cron.lock_check')) + if (!defined('IN_CRON') && !$config['use_system_cron'] && $run_cron && !$config['board_disable'] && !$user->data['is_bot'] && !$cache->get('_cron.lock_check')) { $call_cron = true; $time_now = (!empty($user->time_now) && is_int($user->time_now)) ? $user->time_now : time(); @@ -5286,7 +5286,7 @@ function page_footer($run_cron = true, $display_template = true, $exit_handler = } else { - $cache->put('cron.lock_check', true, 300); + $cache->put('_cron.lock_check', true, 60); } } diff --git a/phpBB/includes/functions_compatibility.php b/phpBB/includes/functions_compatibility.php index fbb1f0e03d..43952ae57a 100644 --- a/phpBB/includes/functions_compatibility.php +++ b/phpBB/includes/functions_compatibility.php @@ -101,18 +101,21 @@ function phpbb_clean_path($path) } else if (!$phpbb_path_helper) { + global $phpbb_root_path, $phpEx; + // The container is not yet loaded, use a new instance if (!class_exists('\phpbb\path_helper')) { - global $phpbb_root_path, $phpEx; require($phpbb_root_path . 'phpbb/path_helper.' . $phpEx); } + $request = new phpbb\request\request(); $phpbb_path_helper = new phpbb\path_helper( new phpbb\symfony_request( - new phpbb\request\request() + $request ), new phpbb\filesystem(), + $request, $phpbb_root_path, $phpEx ); diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php index 745eb20c77..48c34ecfe6 100644 --- a/phpBB/includes/functions_display.php +++ b/phpBB/includes/functions_display.php @@ -1491,7 +1491,7 @@ function phpbb_get_user_rank($user_data, $user_posts) /** * Prepare profile data */ -function phpbb_show_profile($data, $user_notes_enabled = false, $warn_user_enabled = false) +function phpbb_show_profile($data, $user_notes_enabled = false, $warn_user_enabled = false, $check_can_receive_pm = true) { global $config, $auth, $user, $phpEx, $phpbb_root_path, $phpbb_dispatcher; @@ -1559,7 +1559,7 @@ function phpbb_show_profile($data, $user_notes_enabled = false, $warn_user_enabl } // Can this user receive a Private Message? - $can_receive_pm = ( + $can_receive_pm = $check_can_receive_pm && ( // They must be a "normal" user $data['user_type'] != USER_IGNORE && diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index e3ac8dad51..4f31178ffb 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -1089,9 +1089,9 @@ switch ($mode) { $user_rank_data = phpbb_get_user_rank($group_row, false); - if ($rank_img) + if ($user_rank_data['img']) { - $rank_img .= '<br />'; + $user_rank_data['img'] .= '<br />'; } } @@ -1427,7 +1427,7 @@ switch ($mode) $cp_row = (isset($profile_fields_cache[$user_id])) ? $cp->generate_profile_fields_template_data($profile_fields_cache[$user_id], false) : array(); } - $memberrow = array_merge(phpbb_show_profile($row), array( + $memberrow = array_merge(phpbb_show_profile($row, false, false, false), array( 'ROW_NUMBER' => $i + ($start + 1), 'S_CUSTOM_PROFILE' => (isset($cp_row['row']) && sizeof($cp_row['row'])) ? true : false, diff --git a/phpBB/phpbb/avatar/driver/local.php b/phpBB/phpbb/avatar/driver/local.php index 07b3ed59de..8888686b2d 100644 --- a/phpBB/phpbb/avatar/driver/local.php +++ b/phpBB/phpbb/avatar/driver/local.php @@ -154,7 +154,7 @@ class local extends \phpbb\avatar\driver\driver */ protected function get_avatar_list($user) { - $avatar_list = ($this->cache == null) ? false : $this->cache->get('avatar_local_list'); + $avatar_list = ($this->cache == null) ? false : $this->cache->get('_avatar_local_list'); if ($avatar_list === false) { @@ -192,7 +192,7 @@ class local extends \phpbb\avatar\driver\driver if ($this->cache != null) { - $this->cache->put('avatar_local_list', $avatar_list, 86400); + $this->cache->put('_avatar_local_list', $avatar_list, 86400); } } diff --git a/phpBB/phpbb/avatar/driver/remote.php b/phpBB/phpbb/avatar/driver/remote.php index 1bd7f6c927..4b0ee3f06f 100644 --- a/phpBB/phpbb/avatar/driver/remote.php +++ b/phpBB/phpbb/avatar/driver/remote.php @@ -130,8 +130,24 @@ class remote extends \phpbb\avatar\driver\driver { // Timeout after 1 second stream_set_timeout($file_stream, 1); + // read some data to ensure headers are present + fread($file_stream, 1024); $meta = stream_get_meta_data($file_stream); - foreach ($meta['wrapper_data'] as $header) + + if (isset($meta['wrapper_data']['headers']) && is_array($meta['wrapper_data']['headers'])) + { + $headers = $meta['wrapper_data']['headers']; + } + else if (isset($meta['wrapper_data']) && is_array($meta['wrapper_data'])) + { + $headers = $meta['wrapper_data']; + } + else + { + $headers = array(); + } + + foreach ($headers as $header) { $header = preg_split('/ /', $header, 2); if (strtr(strtolower(trim($header[0], ':')), '_', '-') === 'content-type') diff --git a/phpBB/phpbb/cron/manager.php b/phpBB/phpbb/cron/manager.php index 5c8ac04b77..079ce8107e 100644 --- a/phpBB/phpbb/cron/manager.php +++ b/phpBB/phpbb/cron/manager.php @@ -73,6 +73,7 @@ class manager */ public function find_one_ready_task() { + shuffle($this->tasks); foreach ($this->tasks as $task) { if ($task->is_ready()) diff --git a/phpBB/phpbb/db/migration/data/v30x/release_3_0_5_rc1.php b/phpBB/phpbb/db/migration/data/v30x/release_3_0_5_rc1.php index f593c32181..2cc7786046 100644 --- a/phpBB/phpbb/db/migration/data/v30x/release_3_0_5_rc1.php +++ b/phpBB/phpbb/db/migration/data/v30x/release_3_0_5_rc1.php @@ -55,6 +55,9 @@ class release_3_0_5_rc1 extends \phpbb\db\migration\migration public function hash_old_passwords() { + global $phpbb_container; + + $passwords_manager = $phpbb_container->get('passwords.manager'); $sql = 'SELECT user_id, user_password FROM ' . $this->table_prefix . 'users WHERE user_pass_convert = 1'; @@ -65,7 +68,7 @@ class release_3_0_5_rc1 extends \phpbb\db\migration\migration if (strlen($row['user_password']) == 32) { $sql_ary = array( - 'user_password' => phpbb_hash($row['user_password']), + 'user_password' => '$CP$' . $passwords_manager->hash($row['user_password'], 'passwords.driver.salted_md5'), ); $this->sql_query('UPDATE ' . $this->table_prefix . 'users SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . ' WHERE user_id = ' . $row['user_id']); diff --git a/phpBB/phpbb/db/migration/data/v310/contact_admin_form.php b/phpBB/phpbb/db/migration/data/v310/contact_admin_form.php index c2dd09ddf6..5736369f1a 100644 --- a/phpBB/phpbb/db/migration/data/v310/contact_admin_form.php +++ b/phpBB/phpbb/db/migration/data/v310/contact_admin_form.php @@ -20,6 +20,11 @@ class contact_admin_form extends \phpbb\db\migration\migration return isset($this->config['contact_admin_form_enable']); } + static public function depends_on() + { + return array('\phpbb\db\migration\data\v310\config_db_text'); + } + public function update_data() { return array( diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php index cf8ea1877e..477e91efd6 100644 --- a/phpBB/phpbb/session.php +++ b/phpBB/phpbb/session.php @@ -577,6 +577,43 @@ class session } } + $provider_collection = $phpbb_container->get('auth.provider_collection'); + $provider = $provider_collection->get_provider(); + $this->data = $provider->autologin(); + + if ($user_id !== false && sizeof($this->data) && $this->data['user_id'] != $user_id) + { + $this->data = array(); + } + + if (sizeof($this->data)) + { + $this->cookie_data['k'] = ''; + $this->cookie_data['u'] = $this->data['user_id']; + } + + // If we're presented with an autologin key we'll join against it. + // Else if we've been passed a user_id we'll grab data based on that + if (isset($this->cookie_data['k']) && $this->cookie_data['k'] && $this->cookie_data['u'] && !sizeof($this->data)) + { + $sql = 'SELECT u.* + FROM ' . USERS_TABLE . ' u, ' . SESSIONS_KEYS_TABLE . ' k + WHERE u.user_id = ' . (int) $this->cookie_data['u'] . ' + AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ") + AND k.user_id = u.user_id + AND k.key_id = '" . $db->sql_escape(md5($this->cookie_data['k'])) . "'"; + $result = $db->sql_query($sql); + $user_data = $db->sql_fetchrow($result); + + if ($user_id === false || (isset($user_data['user_id']) && $user_id == $user_data['user_id'])) + { + $this->data = $user_data; + $bot = false; + } + + $db->sql_freeresult($result); + } + if ($user_id !== false && !sizeof($this->data)) { $this->cookie_data['k'] = ''; @@ -591,34 +628,6 @@ class session $db->sql_freeresult($result); $bot = false; } - else if (!$bot) - { - $provider_collection = $phpbb_container->get('auth.provider_collection'); - $provider = $provider_collection->get_provider(); - $this->data = $provider->autologin(); - - if (sizeof($this->data)) - { - $this->cookie_data['k'] = ''; - $this->cookie_data['u'] = $this->data['user_id']; - } - - // If we're presented with an autologin key we'll join against it. - // Else if we've been passed a user_id we'll grab data based on that - if (isset($this->cookie_data['k']) && $this->cookie_data['k'] && $this->cookie_data['u'] && !sizeof($this->data)) - { - $sql = 'SELECT u.* - FROM ' . USERS_TABLE . ' u, ' . SESSIONS_KEYS_TABLE . ' k - WHERE u.user_id = ' . (int) $this->cookie_data['u'] . ' - AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ") - AND k.user_id = u.user_id - AND k.key_id = '" . $db->sql_escape(md5($this->cookie_data['k'])) . "'"; - $result = $db->sql_query($sql); - $this->data = $db->sql_fetchrow($result); - $db->sql_freeresult($result); - $bot = false; - } - } // Bot user, if they have a SID in the Request URI we need to get rid of it // otherwise they'll index this page with the SID, duplicate content oh my! diff --git a/phpBB/phpbb/version_helper.php b/phpBB/phpbb/version_helper.php index 968a57428f..96386f6d04 100644 --- a/phpBB/phpbb/version_helper.php +++ b/phpBB/phpbb/version_helper.php @@ -239,7 +239,7 @@ class version_helper */ public function get_versions($force_update = false, $force_cache = false) { - $cache_file = 'versioncheck_' . $this->host . $this->path . $this->file; + $cache_file = '_versioncheck_' . $this->host . $this->path . $this->file; $info = $this->cache->get($cache_file); |