diff options
Diffstat (limited to 'phpBB')
83 files changed, 1059 insertions, 337 deletions
diff --git a/phpBB/adm/style/acp_email.html b/phpBB/adm/style/acp_email.html index 950ecb40b0..63acd7fcc1 100644 --- a/phpBB/adm/style/acp_email.html +++ b/phpBB/adm/style/acp_email.html @@ -47,6 +47,8 @@ <dd><input id="send" type="checkbox" class="radio" name="send_immediately" checked="checked" /></dd> </dl> +<!-- EVENT acp_email_options_after --> + <p class="submit-buttons"> <input class="button1" type="submit" id="submit" name="submit" value="{L_SEND_EMAIL}" /> <input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" /> diff --git a/phpBB/adm/style/acp_forums.html b/phpBB/adm/style/acp_forums.html index af79791ff8..756092a1f0 100644 --- a/phpBB/adm/style/acp_forums.html +++ b/phpBB/adm/style/acp_forums.html @@ -111,6 +111,7 @@ <fieldset> <legend>{L_FORUM_SETTINGS}</legend> + <!-- EVENT acp_forums_main_settings_prepend --> <dl> <dt><label for="forum_type">{L_FORUM_TYPE}{L_COLON}</label></dt> <dd><select id="forum_type" name="forum_type" onchange="display_options(this.options[this.selectedIndex].value);">{S_FORUM_TYPE_OPTIONS}</select></dd> @@ -182,6 +183,7 @@ <dt><label for="forum_style">{L_FORUM_STYLE}{L_COLON}</label></dt> <dd><select id="forum_style" name="forum_style"><option value="0">{L_DEFAULT_STYLE}</option>{S_STYLES_OPTIONS}</select></dd> </dl> + <!-- EVENT acp_forums_main_settings_append --> </fieldset> <div id="forum_cat_options"> @@ -198,6 +200,7 @@ <div id="forum_post_options"> <fieldset> <legend>{L_GENERAL_FORUM_SETTINGS}</legend> + <!-- EVENT acp_forums_normal_settings_prepend --> <dl> <dt><label for="forum_status">{L_FORUM_STATUS}{L_COLON}</label></dt> <dd><select id="forum_status" name="forum_status">{S_STATUS_OPTIONS}</select></dd> @@ -246,6 +249,7 @@ <fieldset> <legend>{L_FORUM_PRUNE_SETTINGS}</legend> + <!-- EVENT acp_forums_prune_settings_prepend --> <dl> <dt><label for="enable_prune">{L_FORUM_AUTO_PRUNE}{L_COLON}</label><br /><span>{L_FORUM_AUTO_PRUNE_EXPLAIN}</span></dt> <dd><label><input type="radio" class="radio" name="enable_prune" value="1"<!-- IF S_PRUNE_ENABLE --> id="enable_prune" checked="checked"<!-- ENDIF --> /> {L_YES}</label> @@ -291,6 +295,7 @@ <dt><label for="prune_shadow_days">{L_AUTO_PRUNE_SHADOW_DAYS}{L_COLON}</label><br /><span>{L_AUTO_PRUNE_SHADOW_DAYS_EXPLAIN}</span></dt> <dd><input type="number" id="prune_shadow_days" name="prune_shadow_days" value="{PRUNE_SHADOW_DAYS}" maxlength="4" size="4" min="0" max="9999" /> {L_DAYS}</dd> </dl> + <!-- EVENT acp_forums_prune_settings_append --> </fieldset> </div> @@ -317,6 +322,7 @@ <div id="forum_rules_options"> <fieldset> <legend>{L_FORUM_RULES}</legend> + <!-- EVENT acp_forums_rules_settings_prepend --> <dl> <dt><label for="forum_rules_link">{L_FORUM_RULES_LINK}{L_COLON}</label><br /><span>{L_FORUM_RULES_LINK_EXPLAIN}</span></dt> <dd><input class="text medium" type="text" id="forum_rules_link" name="forum_rules_link" value="{FORUM_RULES_LINK}" maxlength="255" /></dd> @@ -334,6 +340,7 @@ <label><input type="checkbox" class="radio" name="rules_parse_smilies"<!-- IF S_SMILIES_CHECKED --> checked="checked"<!-- ENDIF --> /> {L_PARSE_SMILIES}</label> <label><input type="checkbox" class="radio" name="rules_parse_urls"<!-- IF S_URLS_CHECKED --> checked="checked"<!-- ENDIF --> /> {L_PARSE_URLS}</label></dd> </dl> + <!-- EVENT acp_forums_rules_settings_append --> </fieldset> </div> diff --git a/phpBB/assets/javascript/core.js b/phpBB/assets/javascript/core.js index 6ddbba7515..6481a2e113 100644 --- a/phpBB/assets/javascript/core.js +++ b/phpBB/assets/javascript/core.js @@ -386,7 +386,8 @@ phpbb.ajaxify = function(options) { type: method, data: data, success: returnHandler, - error: errorHandler + error: errorHandler, + cache: false }); request.always(function() { $loadingIndicator.fadeOut(phpbb.alertTime); diff --git a/phpBB/assets/javascript/plupload.js b/phpBB/assets/javascript/plupload.js index 5445e83e15..a58c71e64d 100644 --- a/phpBB/assets/javascript/plupload.js +++ b/phpBB/assets/javascript/plupload.js @@ -34,6 +34,14 @@ phpbb.plupload.initialize = function() { if (uploader.features.dragdrop) { $('#drag-n-drop-message').show(); } + + // Ensure "Add files" button position is correctly calculated. + if ($('#attach-panel-multi').is(':visible')) { + uploader.refresh(); + } + $('[data-subpanel="attach-panel"]').one('click', function() { + uploader.refresh(); + }); }); }; diff --git a/phpBB/composer.lock b/phpBB/composer.lock index a7bb0addce..07ae59f863 100644 --- a/phpBB/composer.lock +++ b/phpBB/composer.lock @@ -703,21 +703,21 @@ "packages-dev": [ { "name": "fabpot/goutte", - "version": "v1.0.3", + "version": "v1.0.7", "source": { "type": "git", - "url": "https://github.com/fabpot/Goutte.git", - "reference": "75c9f23c4122caf4ea3e87a42a00b471366e707f" + "url": "https://github.com/FriendsOfPHP/Goutte.git", + "reference": "794b196e76bdd37b5155cdecbad311f0a3b07625" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/fabpot/Goutte/zipball/75c9f23c4122caf4ea3e87a42a00b471366e707f", - "reference": "75c9f23c4122caf4ea3e87a42a00b471366e707f", + "url": "https://api.github.com/repos/FriendsOfPHP/Goutte/zipball/794b196e76bdd37b5155cdecbad311f0a3b07625", + "reference": "794b196e76bdd37b5155cdecbad311f0a3b07625", "shasum": "" }, "require": { "ext-curl": "*", - "guzzle/http": ">=3.0.5,<3.8-dev", + "guzzle/http": "~3.1", "php": ">=5.3.0", "symfony/browser-kit": "~2.1", "symfony/css-selector": "~2.1", @@ -726,8 +726,8 @@ "symfony/process": "~2.1" }, "require-dev": { - "guzzle/plugin-history": ">=3.0.5,<3.8-dev", - "guzzle/plugin-mock": ">=3.0.5,<3.8-dev" + "guzzle/plugin-history": "~3.1", + "guzzle/plugin-mock": "~3.1" }, "type": "application", "extra": { @@ -747,9 +747,7 @@ "authors": [ { "name": "Fabien Potencier", - "email": "fabien@symfony.com", - "homepage": "http://fabien.potencier.org", - "role": "Lead Developer" + "email": "fabien@symfony.com" } ], "description": "A simple PHP Web Scraper", @@ -757,7 +755,7 @@ "keywords": [ "scraper" ], - "time": "2013-08-16 06:03:22" + "time": "2014-10-09 15:52:51" }, { "name": "guzzle/common", @@ -1592,16 +1590,16 @@ }, { "name": "sami/sami", - "version": "v1.3", + "version": "v1.4", "source": { "type": "git", - "url": "https://github.com/fabpot/Sami.git", - "reference": "76f2ed80b3420f7e2f6dcd5b7218b5a5781f4110" + "url": "https://github.com/FriendsOfPHP/Sami.git", + "reference": "70f29c781f7bef30181c814b9471b2ceac694454" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/fabpot/Sami/zipball/76f2ed80b3420f7e2f6dcd5b7218b5a5781f4110", - "reference": "76f2ed80b3420f7e2f6dcd5b7218b5a5781f4110", + "url": "https://api.github.com/repos/FriendsOfPHP/Sami/zipball/70f29c781f7bef30181c814b9471b2ceac694454", + "reference": "70f29c781f7bef30181c814b9471b2ceac694454", "shasum": "" }, "require": { @@ -1622,7 +1620,7 @@ "type": "application", "extra": { "branch-alias": { - "dev-master": "1.3-dev" + "dev-master": "1.4-dev" } }, "autoload": { @@ -1637,9 +1635,7 @@ "authors": [ { "name": "Fabien Potencier", - "email": "fabien@symfony.com", - "homepage": "http://fabien.potencier.org", - "role": "Lead Developer" + "email": "fabien@symfony.com" } ], "description": "Sami, an API documentation generator", @@ -1647,7 +1643,7 @@ "keywords": [ "phpdoc" ], - "time": "2013-11-30 17:16:25" + "time": "2014-06-25 11:24:03" }, { "name": "sebastian/comparator", diff --git a/phpBB/config/services.yml b/phpBB/config/services.yml index 5003697564..975f2f7580 100644 --- a/phpBB/config/services.yml +++ b/phpBB/config/services.yml @@ -75,6 +75,7 @@ services: - @controller.provider - @ext.manager - @symfony_request + - @request - @filesystem - %core.root_path% - %core.php_ext% @@ -155,6 +156,8 @@ services: - null - %core.disable_super_globals% + # WARNING: The Symfony request does not escape the input and should be used very carefully + # prefer the phpbb request (service @request) as possible symfony_request: class: phpbb\symfony_request arguments: diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index bff54b091a..4d96aa4981 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -46,6 +46,7 @@ <ol> <li><a href="#changelog">Changelog</a> <ol style="list-style-type: lower-roman;"> + <li><a href="#v310">Changes since 3.1.0</a></li> <li><a href="#v310RC6">Changes since 3.1.0-RC6</a></li> <li><a href="#v310RC5">Changes since 3.1.0-RC5</a></li> <li><a href="#v310RC4">Changes since 3.1.0-RC4</a></li> @@ -100,8 +101,52 @@ <div class="content"> + <a name="v310"></a><h3>1.i. Changes since 3.1.0</h3> + + <h4>Security</h4> + <ul> + <li>[SECURITY-164] - Cross Site Scripting via PATH_INFO in page_name variable</li> + </ul> + <h4>Bug</h4> + <ul> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13248">PHPBB3-13248</a>] - Login functions need to use provider collection for retrieving provider</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13267">PHPBB3-13267</a>] - Automatic Update instructions indicate that only the install folder is necessary</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13268">PHPBB3-13268</a>] - MSSQL's get_existing_indexes() function improperly appends ternary result</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13271">PHPBB3-13271</a>] - Anonymous users can CC themselves on emails sent to admin via contact form</li> + </ul> + <h4>Task</h4> + <ul> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13262">PHPBB3-13262</a>] - Add note to docs about htaccess file when upgrading 3.0 to 3.1</li> + </ul> + <a name="v310RC6"></a><h3>1.i. Changes since 3.1.0-RC6</h3> + <h4>Bug</h4> + <ul> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13126">PHPBB3-13126</a>] - More detailed output for migrations needed</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13208">PHPBB3-13208</a>] - Security issues are not pulled into the changelog</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13210">PHPBB3-13210</a>] - Queue Cron Job checks for wrong config variable queue_interval_config</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13211">PHPBB3-13211</a>] - Add possibility to save migrations output to log</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13221">PHPBB3-13221</a>] - Can't upgrade to 3.1 from 3.0.11 and older</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13223">PHPBB3-13223</a>] - Using get_username_string() for email template variables causes HTML markup in emails</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13225">PHPBB3-13225</a>] - phpbb_hash() undefined in phpbb\db\migration\data\v30x\release_3_0_5_rc1.php</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13226">PHPBB3-13226</a>] - Stray $rank_img in memberlist.php</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13227">PHPBB3-13227</a>] - Remote avatars do not work with cURL wrapper</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13229">PHPBB3-13229</a>] - Memberlist is getting overloaded with redundant SQL queries</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13230">PHPBB3-13230</a>] - Deprecated phpbb_clean_path() does not work anymore</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13231">PHPBB3-13231</a>] - The migration contact_admin_form must depends on config_db_text</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13232">PHPBB3-13232</a>] - Email queue does not get run</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13234">PHPBB3-13234</a>] - Remember me cookie gets unset by admin reauthentication</li> + </ul> + <h4>Improvement</h4> + <ul> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13207">PHPBB3-13207</a>] - Default subscription notification setting for new users does not include email</li> + </ul> + <h4>Task</h4> + <ul> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13215">PHPBB3-13215</a>] - Update Symfony Components to 2.3.21</li> + </ul> + <a name="v310RC5"></a><h3>1.ii. Changes since 3.1.0-RC5</h3> <h4>Bug</h4> @@ -126,6 +171,10 @@ <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13190">PHPBB3-13190</a>] - phpbb_session_login_keys_test::test_reset_keys fails on develop-ascraeus</li> <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13194">PHPBB3-13194</a>] - BBCode isn't parsed when issuing a warning for a post</li> <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13203">PHPBB3-13203</a>] - Use constant time comparison method for comparing password hashes</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13217">PHPBB3-13217</a>] - Remember me cookie leak</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13218">PHPBB3-13218</a>] - Missing token check in acp_styles</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13221">PHPBB3-13221</a>] - Can't upgrade to 3.1 from 3.0.11 and older</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13223">PHPBB3-13223</a>] - Using get_username_string() for email template variables causes HTML markup in emails</li> </ul> <h4>Improvement</h4> <ul> diff --git a/phpBB/docs/INSTALL.html b/phpBB/docs/INSTALL.html index 4bde6c01ea..80e09f1bf9 100644 --- a/phpBB/docs/INSTALL.html +++ b/phpBB/docs/INSTALL.html @@ -303,7 +303,7 @@ <ul> <li>Go to the <a href="https://www.phpbb.com/downloads/">downloads page</a> and download the latest update package listed there, matching your current version.</li> - <li>Upload the uncompressed archive contents to your phpBB installation - only the install folder is required. Upload the whole install folder, retaining the file structure.</li> + <li>Upload the uncompressed archive contents to your phpBB installation - only the <code>install/</code> and <code>vendor/</code> folders are required. Upload these folders in their entirety, retaining the file structure.</li> <li>After the install folder is present, phpBB will go offline automatically.</li> <li>Point your browser to the install directory, for example <code>http://www.example.com/phpBB3/install/</code></li> <li>Choose the "Update" Tab and follow the instructions</li> @@ -347,7 +347,7 @@ <li>The <code>store/</code> directory</li> </ul></li> - <li>Upload the contents of the 3.1.x Full Package into your forum's directory.</li> + <li>Upload the contents of the 3.1.x Full Package into your forum's directory. Make sure the root level .htaccess file is included in the upload.</li> <li>Browse to install/database_update.php</li> <li>Delete the <code>install/</code> directory</li> </ol> @@ -462,7 +462,7 @@ <hr /> <a name="anti_spam"></a><h2>8. Anti-Spam Measures</h2> - + <div class="paragraph"> <div class="inner"><span class="corners-top"><span></span></span> diff --git a/phpBB/docs/events.md b/phpBB/docs/events.md index c51bc72160..7863814daa 100644 --- a/phpBB/docs/events.md +++ b/phpBB/docs/events.md @@ -16,11 +16,59 @@ acp_bbcodes_edit_fieldsets_after * Since: 3.1.0-a3 * Purpose: Add settings to BBCode add/edit form +acp_email_options_after +=== +* Location: adm/style/acp_email.html +* Since: 3.1.2-RC1 +* Purpose: Add settings to mass email form + +acp_forums_main_settings_append +=== +* Location: adm/style/acp_forums.html +* Since: 3.1.2-RC1 +* Purpose: Add settings to forums at end of main settings section + +acp_forums_main_settings_prepend +=== +* Location: adm/style/acp_forums.html +* Since: 3.1.2-RC1 +* Purpose: Add settings to forums before main settings section + acp_forums_normal_settings_append === * Location: adm/style/acp_forums.html * Since: 3.1.0-a1 -* Purpose: Add settings to forums +* Purpose: Add settings to forums at end of normal settings section + +acp_forums_normal_settings_prepend +=== +* Location: adm/style/acp_forums.html +* Since: 3.1.2-RC1 +* Purpose: Add settings to forums before normal settings section + +acp_forums_prune_settings_append +=== +* Location: adm/style/acp_forums.html +* Since: 3.1.2-RC1 +* Purpose: Add settings to forums at end of prune settings section + +acp_forums_prune_settings_prepend +=== +* Location: adm/style/acp_forums.html +* Since: 3.1.2-RC1 +* Purpose: Add settings to forums before prune settings section + +acp_forums_rules_settings_append +=== +* Location: adm/style/acp_forums.html +* Since: 3.1.2-RC1 +* Purpose: Add settings to forums at end of rules settings section + +acp_forums_rules_settings_prepend +=== +* Location: adm/style/acp_forums.html +* Since: 3.1.2-RC1 +* Purpose: Add settings to forums before rules settings section acp_group_options_before === @@ -111,7 +159,7 @@ acp_ranks_list_column_before * Locations: + adm/style/acp_ranks.html * Since: 3.1.0-RC3 -* Purpose: Add content after the last column (but before the action column) +* Purpose: Add content after the last column (but before the action column) in the ranks list in the ACP acp_ranks_list_header_after @@ -126,7 +174,7 @@ acp_ranks_list_header_before * Locations: + adm/style/acp_ranks.html * Since: 3.1.0-RC3 -* Purpose: Add content after the last header-column (but before the action column) +* Purpose: Add content after the last header-column (but before the action column) in the ranks list in the ACP acp_simple_footer_after @@ -336,6 +384,14 @@ index_body_block_stats_prepend * Since: 3.1.0-b3 * Purpose: Prepend content to the statistics list on the Board index +index_body_forumlist_body_after +=== +* Locations: + + styles/prosilver/template/index_body.html + + styles/subsilver2/template/index_body.html +* Since: 3.1.1 +* Purpose: Add content after the forum list body on the index page + index_body_markforums_after === * Locations: @@ -418,6 +474,30 @@ memberlist_body_username_prepend * Purpose: Add information before every username in the memberlist. Works in all display modes (leader, group and normal memberlist). +memberlist_search_fields_after +=== +* Locations: + + styles/prosilver/template/memberlist_search.html + + styles/subsilver2/template/memberlist_search.html +* Since: 3.1.2-RC1 +* Purpose: Add information after the search fields column. + +memberlist_search_fields_before +=== +* Locations: + + styles/prosilver/template/memberlist_search.html + + styles/subsilver2/template/memberlist_search.html +* Since: 3.1.2-RC1 +* Purpose: Add information before the search fields column. + +memberlist_search_sorting_options_before +=== +* Locations: + + styles/prosilver/template/memberlist_search.html + + styles/subsilver2/template/memberlist_search.html +* Since: 3.1.2-RC1 +* Purpose: Add information before the search sorting options field. + memberlist_view_contact_after === * Locations: @@ -756,6 +836,14 @@ posting_editor_buttons_before * Since: 3.1.0-a3 * Purpose: Add content before the BBCode posting buttons +posting_editor_buttons_custom_tags_before +=== +* Locations: + + styles/prosilver/template/posting_buttons.html + + styles/subsilver2/template/posting_buttons.html +* Since: 3.1.2-RC1 +* Purpose: Add content inside the BBCode posting buttons and before the customs BBCode + posting_editor_message_after === * Locations: @@ -1011,7 +1099,7 @@ ucp_pm_viewmessage_post_buttons_after + styles/prosilver/template/ucp_pm_viewmessage.html + styles/subsilver2/template/ucp_pm_viewmessage.html * Since: 3.1.0-RC3 -* Purpose: Add post button to private messages (next to edit, quote etc), at +* Purpose: Add post button to private messages (next to edit, quote etc), at the end of the list. ucp_pm_viewmessage_post_buttons_before @@ -1020,7 +1108,7 @@ ucp_pm_viewmessage_post_buttons_before + styles/prosilver/template/ucp_pm_viewmessage.html + styles/subsilver2/template/ucp_pm_viewmessage.html * Since: 3.1.0-RC3 -* Purpose: Add post button to private messages (next to edit, quote etc), at +* Purpose: Add post button to private messages (next to edit, quote etc), at the start of the list. ucp_pm_viewmessage_print_head_append diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index f4f7512f0c..63e2647f02 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -615,7 +615,15 @@ class acp_board { add_log('admin', 'LOG_CONFIG_' . strtoupper($mode)); - trigger_error($user->lang['CONFIG_UPDATED'] . adm_back_link($this->u_action)); + $message = $user->lang('CONFIG_UPDATED'); + $message_type = E_USER_NOTICE; + if (!$config['email_enable'] && in_array($mode, array('email', 'registration')) && + in_array($config['require_activation'], array(USER_ACTIVATION_SELF, USER_ACTIVATION_ADMIN))) + { + $message .= '<br /><br />' . $user->lang('ACC_ACTIVATION_WARNING'); + $message_type = E_USER_WARNING; + } + trigger_error($message . adm_back_link($this->u_action), $message_type); } $this->tpl_name = 'acp_board'; @@ -792,20 +800,19 @@ class acp_board global $user, $config; $act_ary = array( - 'ACC_DISABLE' => USER_ACTIVATION_DISABLE, - 'ACC_NONE' => USER_ACTIVATION_NONE, + 'ACC_DISABLE' => array(true, USER_ACTIVATION_DISABLE), + 'ACC_NONE' => array(true, USER_ACTIVATION_NONE), + 'ACC_USER' => array($config['email_enable'], USER_ACTIVATION_SELF), + 'ACC_ADMIN' => array($config['email_enable'], USER_ACTIVATION_ADMIN), ); - if ($config['email_enable']) - { - $act_ary['ACC_USER'] = USER_ACTIVATION_SELF; - $act_ary['ACC_ADMIN'] = USER_ACTIVATION_ADMIN; - } - $act_options = ''; - foreach ($act_ary as $key => $value) + $act_options = ''; + foreach ($act_ary as $key => $data) { + list($available, $value) = $data; $selected = ($selected_value == $value) ? ' selected="selected"' : ''; - $act_options .= '<option value="' . $value . '"' . $selected . '>' . $user->lang[$key] . '</option>'; + $class = (!$available) ? ' class="disabled-option"' : ''; + $act_options .= '<option value="' . $value . '"' . $selected . $class . '>' . $user->lang($key) . '</option>'; } return $act_options; diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index 76c3834c91..2d4cb727a7 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -28,7 +28,7 @@ if (!defined('IN_PHPBB')) */ // phpBB Version -define('PHPBB_VERSION', '3.1.0'); +define('PHPBB_VERSION', '3.1.2-RC1-dev'); // QA-related // define('PHPBB_QA', 1); diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 7700dcfd27..1a3560dbb1 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -5254,7 +5254,7 @@ function page_footer($run_cron = true, $display_template = true, $exit_handler = // Call cron-type script $call_cron = false; - if (!defined('IN_CRON') && !$config['use_system_cron'] && $run_cron && !$config['board_disable'] && !$user->data['is_bot'] && !$cache->get('cron.lock_check')) + if (!defined('IN_CRON') && !$config['use_system_cron'] && $run_cron && !$config['board_disable'] && !$user->data['is_bot'] && !$cache->get('_cron.lock_check')) { $call_cron = true; $time_now = (!empty($user->time_now) && is_int($user->time_now)) ? $user->time_now : time(); @@ -5286,7 +5286,7 @@ function page_footer($run_cron = true, $display_template = true, $exit_handler = } else { - $cache->put('cron.lock_check', true, 300); + $cache->put('_cron.lock_check', true, 60); } } diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php index e3e8657afb..5ddaf31cf5 100644 --- a/phpBB/includes/functions_admin.php +++ b/phpBB/includes/functions_admin.php @@ -2512,6 +2512,7 @@ function phpbb_cache_moderators($db, $cache, $auth) { $usernames_ary[$row['user_id']] = $row['username']; } + $db->sql_freeresult($result); foreach ($hold_ary as $user_id => $forum_id_ary) { @@ -2806,6 +2807,7 @@ function view_inactive_users(&$users, &$user_count, $limit = 0, $offset = 0, $li $users[] = $row; } + $db->sql_freeresult($result); return $offset; } diff --git a/phpBB/includes/functions_compatibility.php b/phpBB/includes/functions_compatibility.php index fbb1f0e03d..43952ae57a 100644 --- a/phpBB/includes/functions_compatibility.php +++ b/phpBB/includes/functions_compatibility.php @@ -101,18 +101,21 @@ function phpbb_clean_path($path) } else if (!$phpbb_path_helper) { + global $phpbb_root_path, $phpEx; + // The container is not yet loaded, use a new instance if (!class_exists('\phpbb\path_helper')) { - global $phpbb_root_path, $phpEx; require($phpbb_root_path . 'phpbb/path_helper.' . $phpEx); } + $request = new phpbb\request\request(); $phpbb_path_helper = new phpbb\path_helper( new phpbb\symfony_request( - new phpbb\request\request() + $request ), new phpbb\filesystem(), + $request, $phpbb_root_path, $phpEx ); diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php index 745eb20c77..31cf43e599 100644 --- a/phpBB/includes/functions_display.php +++ b/phpBB/includes/functions_display.php @@ -1491,7 +1491,7 @@ function phpbb_get_user_rank($user_data, $user_posts) /** * Prepare profile data */ -function phpbb_show_profile($data, $user_notes_enabled = false, $warn_user_enabled = false) +function phpbb_show_profile($data, $user_notes_enabled = false, $warn_user_enabled = false, $check_can_receive_pm = true) { global $config, $auth, $user, $phpEx, $phpbb_root_path, $phpbb_dispatcher; @@ -1559,7 +1559,7 @@ function phpbb_show_profile($data, $user_notes_enabled = false, $warn_user_enabl } // Can this user receive a Private Message? - $can_receive_pm = ( + $can_receive_pm = $check_can_receive_pm && ( // They must be a "normal" user $data['user_type'] != USER_IGNORE && @@ -1608,8 +1608,8 @@ function phpbb_show_profile($data, $user_notes_enabled = false, $warn_user_enabl 'U_EMAIL' => $email, 'U_JABBER' => ($data['user_jabber'] && $auth->acl_get('u_sendim')) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=contact&action=jabber&u=' . $user_id) : '', - 'USER_JABBER' => $data['user_jabber'], - 'USER_JABBER_IMG' => ($data['user_jabber']) ? $user->img('icon_contact_jabber', $data['user_jabber']) : '', + 'USER_JABBER' => ($config['jab_enable']) ? $data['user_jabber'] : '', + 'USER_JABBER_IMG' => ($config['jab_enable'] && $data['user_jabber']) ? $user->img('icon_contact_jabber', $data['user_jabber']) : '', 'L_SEND_EMAIL_USER' => $user->lang('SEND_EMAIL_USER', $username), 'L_CONTACT_USER' => $user->lang('CONTACT_USER', $username), diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index e4479f07b0..f79a8998c4 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -161,9 +161,10 @@ function user_update_name($old_name, $new_name) * * @param mixed $user_row An array containing the following keys (and the appropriate values): username, group_id (the group to place the user in), user_email and the user_type(usually 0). Additional entries not overridden by defaults will be forwarded. * @param string $cp_data custom profile fields, see custom_profile::build_insert_sql_array +* @param array $notifications_data The notifications settings for the new user * @return the new user's ID. */ -function user_add($user_row, $cp_data = false) +function user_add($user_row, $cp_data = false, $notifications_data = null) { global $db, $user, $auth, $config, $phpbb_root_path, $phpEx; global $phpbb_dispatcher, $phpbb_container; @@ -347,6 +348,31 @@ function user_add($user_row, $cp_data = false) set_config('newest_user_colour', $row['group_colour'], true); } + // Use default notifications settings if notifications_data is not set + if ($notifications_data === null) + { + $notifications_data = array( + array( + 'item_type' => 'notification.type.post', + 'method' => 'notification.method.email', + ), + array( + 'item_type' => 'notification.type.topic', + 'method' => 'notification.method.email', + ), + ); + } + + // Subscribe user to notifications if necessary + if (!empty($notifications_data)) + { + $phpbb_notifications = $phpbb_container->get('notification_manager'); + foreach ($notifications_data as $subscription) + { + $phpbb_notifications->add_subscription($subscription['item_type'], 0, $subscription['method'], $user_id); + } + } + /** * Event that returns user id, user detals and user CPF of newly registared user * diff --git a/phpBB/includes/mcp/mcp_forum.php b/phpBB/includes/mcp/mcp_forum.php index 0c6acaa908..c18ca1aa1d 100644 --- a/phpBB/includes/mcp/mcp_forum.php +++ b/phpBB/includes/mcp/mcp_forum.php @@ -165,6 +165,22 @@ function mcp_forum_view($id, $mode, $action, $forum_info) AND ' . $phpbb_content_visibility->get_visibility_sql('topic', $forum_id, 't.') . " $limit_time_sql ORDER BY t.topic_type DESC, $sort_order_sql"; + + /** + * Modify SQL query before MCP forum view topic list is queried + * + * @event core.mcp_view_forum_modify_sql + * @var string sql SQL query for forum view topic list + * @var int forum_id ID of the forum + * @var string limit_time_sql SQL query part for limit time + * @var string sort_order_sql SQL query part for sort order + * @var int topics_per_page Number of topics per page + * @var int start Start value + * @since 3.1.2-RC1 + */ + $vars = array('sql', 'forum_id', 'limit_time_sql', 'sort_order_sql', 'topics_per_page', 'start'); + extract($phpbb_dispatcher->trigger_event('core.mcp_view_forum_modify_sql', compact($vars))); + $result = $db->sql_query_limit($sql, $topics_per_page, $start); $topic_list = $topic_tracking_info = array(); diff --git a/phpBB/includes/mcp/mcp_main.php b/phpBB/includes/mcp/mcp_main.php index 19a0ee3051..227ae84bd6 100644 --- a/phpBB/includes/mcp/mcp_main.php +++ b/phpBB/includes/mcp/mcp_main.php @@ -813,8 +813,17 @@ function mcp_delete_topic($topic_ids, $is_soft = false, $soft_delete_reason = '' $user->add_lang('posting'); + // If there are only shadow topics, we neither need a reason nor softdelete + $sql = 'SELECT topic_id + FROM ' . TOPICS_TABLE . ' + WHERE ' . $db->sql_in_set('topic_id', $topic_ids) . ' + AND topic_moved_id = 0'; + $result = $db->sql_query_limit($sql, 1); + $only_shadow = !$db->sql_fetchfield('topic_id'); + $db->sql_freeresult($result); + $only_softdeleted = false; - if ($auth->acl_get('m_delete', $forum_id) && $auth->acl_get('m_softdelete', $forum_id)) + if (!$only_shadow && $auth->acl_get('m_delete', $forum_id) && $auth->acl_get('m_softdelete', $forum_id)) { // If there are only soft deleted topics, we display a message why the option is not available $sql = 'SELECT topic_id @@ -827,6 +836,7 @@ function mcp_delete_topic($topic_ids, $is_soft = false, $soft_delete_reason = '' } $template->assign_vars(array( + 'S_SHADOW_TOPICS' => $only_shadow, 'S_SOFTDELETED' => $only_softdeleted, 'S_TOPIC_MODE' => true, 'S_ALLOWED_DELETE' => $auth->acl_get('m_delete', $forum_id), @@ -839,7 +849,7 @@ function mcp_delete_topic($topic_ids, $is_soft = false, $soft_delete_reason = '' $l_confirm .= '_PERMANENTLY'; $s_hidden_fields['delete_permanent'] = '1'; } - else if (!$auth->acl_get('m_softdelete', $forum_id)) + else if ($only_shadow || !$auth->acl_get('m_softdelete', $forum_id)) { $s_hidden_fields['delete_permanent'] = '1'; } diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index 92ace7b585..bc996cf275 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -1103,7 +1103,7 @@ class parse_message extends bbcode_firstpass */ function parse($allow_bbcode, $allow_magic_url, $allow_smilies, $allow_img_bbcode = true, $allow_flash_bbcode = true, $allow_quote_bbcode = true, $allow_url_bbcode = true, $update_this_message = true, $mode = 'post') { - global $config, $db, $user; + global $config, $db, $user, $phpbb_dispatcher; $this->mode = $mode; @@ -1158,6 +1158,49 @@ class parse_message extends bbcode_firstpass } } + /** + * This event can be used for additional message checks/cleanup before parsing + * + * @event core.message_parser_check_message + * @var bool allow_bbcode Do we allow BBCodes + * @var bool allow_magic_url Do we allow magic urls + * @var bool allow_smilies Do we allow smilies + * @var bool allow_img_bbcode Do we allow image BBCode + * @var bool allow_flash_bbcode Do we allow flash BBCode + * @var bool allow_quote_bbcode Do we allow quote BBCode + * @var bool allow_url_bbcode Do we allow url BBCode + * @var bool update_this_message Do we alter the parsed message + * @var string mode Posting mode + * @var string message The message text to parse + * @var bool return Do we return after the event is triggered if $warn_msg is not empty + * @var array warn_msg Array of the warning messages + * @since 3.1.2-RC1 + */ + $message = $this->message; + $warn_msg = $this->warn_msg; + $return = false; + $vars = array( + 'allow_bbcode', + 'allow_magic_url', + 'allow_smilies', + 'allow_img_bbcode', + 'allow_flash_bbcode', + 'allow_quote_bbcode', + 'allow_url_bbcode', + 'update_this_message', + 'mode', + 'message', + 'return', + 'warn_msg', + ); + extract($phpbb_dispatcher->trigger_event('core.message_parser_check_message', compact($vars))); + $this->message = $message; + $this->warn_msg = $warn_msg; + if ($return && !empty($this->warn_msg)) + { + return (!$update_this_message) ? $return_message : $this->warn_msg; + } + // Prepare BBcode (just prepares some tags for better parsing) if ($allow_bbcode && strpos($this->message, '[') !== false) { diff --git a/phpBB/includes/ucp/ucp_auth_link.php b/phpBB/includes/ucp/ucp_auth_link.php index a595ce46c3..748f0fdec2 100644 --- a/phpBB/includes/ucp/ucp_auth_link.php +++ b/phpBB/includes/ucp/ucp_auth_link.php @@ -34,11 +34,12 @@ class ucp_auth_link */ public function main($id, $mode) { - global $config, $request, $template, $phpbb_container, $user; + global $request, $template, $phpbb_container, $user; $error = array(); - $auth_provider = $phpbb_container->get('auth.provider.' . $config['auth_method']); + $provider_collection = $phpbb_container->get('auth.provider_collection'); + $auth_provider = $provider_collection->get_provider(); // confirm that the auth provider supports this page $provider_data = $auth_provider->get_auth_link_data(); diff --git a/phpBB/includes/ucp/ucp_login_link.php b/phpBB/includes/ucp/ucp_login_link.php index 5ca5df00f7..bfe4804286 100644 --- a/phpBB/includes/ucp/ucp_login_link.php +++ b/phpBB/includes/ucp/ucp_login_link.php @@ -39,7 +39,7 @@ class ucp_login_link */ function main($id, $mode) { - global $config, $phpbb_container, $request, $template, $user; + global $phpbb_container, $request, $template, $user; global $phpbb_root_path, $phpEx; // Initialize necessary variables @@ -57,8 +57,8 @@ class ucp_login_link } // Use the auth_provider requested even if different from configured - $auth_provider = 'auth.provider.' . $request->variable('auth_provider', $config['auth_method']); - $auth_provider = $phpbb_container->get($auth_provider); + $provider_collection = $phpbb_container->get('auth.provider_collection'); + $auth_provider = $provider_collection->get_provider($request->variable('auth_provider', '')); // Set the link_method to login_link $data['link_method'] = 'login_link'; @@ -75,7 +75,7 @@ class ucp_login_link { if ($request->is_set_post('login')) { - $login_username = $request->variable('login_username', '', false, \phpbb\request\request_interface::POST); + $login_username = $request->variable('login_username', '', true, \phpbb\request\request_interface::POST); $login_password = $request->untrimmed_variable('login_password', '', true, \phpbb\request\request_interface::POST); $login_result = $auth_provider->login($login_username, $login_password); diff --git a/phpBB/includes/ucp/ucp_pm_viewmessage.php b/phpBB/includes/ucp/ucp_pm_viewmessage.php index 2f34fd64a5..888c2e6825 100644 --- a/phpBB/includes/ucp/ucp_pm_viewmessage.php +++ b/phpBB/includes/ucp/ucp_pm_viewmessage.php @@ -197,7 +197,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) $u_pm = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&mode=compose&u=' . $author_id); } - if ($user_info['user_jabber'] && $auth->acl_get('u_sendim')) + if ($config['jab_enable'] && $user_info['user_jabber'] && $auth->acl_get('u_sendim')) { $u_jabber = append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=contact&action=jabber&u=' . $author_id); } @@ -213,6 +213,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) 'AUTHOR_AVATAR' => (isset($user_info['avatar'])) ? $user_info['avatar'] : '', 'AUTHOR_JOINED' => $user->format_date($user_info['user_regdate']), 'AUTHOR_POSTS' => (int) $user_info['user_posts'], + 'U_AUTHOR_POSTS' => ($config['load_search'] && $auth->acl_get('u_search')) ? append_sid("{$phpbb_root_path}search.$phpEx", "author_id=$author_id&sr=posts") : '', 'CONTACT_USER' => $user->lang('CONTACT_USER', get_username_string('username', $author_id, $user_info['username'], $user_info['user_colour'], $user_info['username'])), 'ONLINE_IMG' => (!$config['load_onlinetrack']) ? '' : ((isset($user_info['online']) && $user_info['online']) ? $user->img('icon_user_online', $user->lang['ONLINE']) : $user->img('icon_user_offline', $user->lang['OFFLINE'])), diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php index 9a15967bae..14f6a8bc02 100644 --- a/phpBB/includes/ucp/ucp_register.php +++ b/phpBB/includes/ucp/ucp_register.php @@ -33,7 +33,8 @@ class ucp_register global $request, $phpbb_container; // - if ($config['require_activation'] == USER_ACTIVATION_DISABLE) + if ($config['require_activation'] == USER_ACTIVATION_DISABLE || + (in_array($config['require_activation'], array(USER_ACTIVATION_SELF, USER_ACTIVATION_ADMIN)) && !$config['email_enable'])) { trigger_error('UCP_REGISTER_DISABLE'); } @@ -87,8 +88,8 @@ class ucp_register if (!empty($login_link_data)) { // Confirm that we have all necessary data - $auth_provider = 'auth.provider.' . $request->variable('auth_provider', $config['auth_method']); - $auth_provider = $phpbb_container->get($auth_provider); + $provider_collection = $phpbb_container->get('auth.provider_collection'); + $auth_provider = $provider_collection->get_provider($request->variable('auth_provider', '')); $result = $auth_provider->login_link_has_necessary_data($login_link_data); if ($result !== null) diff --git a/phpBB/install/convertors/convert_phpbb20.php b/phpBB/install/convertors/convert_phpbb20.php index 8f6af30426..effd72aeff 100644 --- a/phpBB/install/convertors/convert_phpbb20.php +++ b/phpBB/install/convertors/convert_phpbb20.php @@ -38,7 +38,7 @@ $dbms = $phpbb_config_php_file->convert_30_dbms_to_31($dbms); $convertor_data = array( 'forum_name' => 'phpBB 2.0.x', 'version' => '1.0.3', - 'phpbb_version' => '3.1.0', + 'phpbb_version' => '3.1.1', 'author' => '<a href="https://www.phpbb.com/">phpBB Limited</a>', 'dbms' => $dbms, 'dbhost' => $dbhost, diff --git a/phpBB/install/schemas/schema_data.sql b/phpBB/install/schemas/schema_data.sql index bc4a9f7fe1..8fd163a81f 100644 --- a/phpBB/install/schemas/schema_data.sql +++ b/phpBB/install/schemas/schema_data.sql @@ -273,7 +273,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('tpl_allow_php', '0 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_icons_path', 'images/upload_icons'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_path', 'files'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('use_system_cron', '0'); -INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.1.0'); +INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.1.2-RC1-dev'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_expire_days', '90'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_gc', '14400'); diff --git a/phpBB/language/en/acp/board.php b/phpBB/language/en/acp/board.php index ae7565d608..8d6c1c141d 100644 --- a/phpBB/language/en/acp/board.php +++ b/phpBB/language/en/acp/board.php @@ -221,7 +221,8 @@ $lang = array_merge($lang, array( 'ACP_REGISTER_SETTINGS_EXPLAIN' => 'Here you are able to define registration and profile related settings.', 'ACC_ACTIVATION' => 'Account activation', - 'ACC_ACTIVATION_EXPLAIN' => 'This determines whether users have immediate access to the board or if confirmation is required. You can also completely disable new registrations. “Board-wide email” must be enabled in order to use user or admin activation.', + 'ACC_ACTIVATION_EXPLAIN' => 'This determines whether users have immediate access to the board or if confirmation is required. You can also completely disable new registrations. <em>“Board-wide email” must be enabled in order to use user or admin activation.</em>', + 'ACC_ACTIVATION_WARNING' => 'Please note that the currently selected activation method requires emails to be enabled, otherwise registration will be disabled. We recommend to either select a different activation method or reenable emails.', 'NEW_MEMBER_POST_LIMIT' => 'New member post limit', 'NEW_MEMBER_POST_LIMIT_EXPLAIN' => 'New members are within the <em>Newly Registered Users</em> group until they reach this number of posts. You can use this group to keep them from using the PM system or to review their posts. <strong>A value of 0 disables this feature.</strong>', 'NEW_MEMBER_GROUP_DEFAULT' => 'Set Newly Registered Users group to default', @@ -556,7 +557,7 @@ $lang = array_merge($lang, array( 'EMAIL_SIG' => 'Email signature', 'EMAIL_SIG_EXPLAIN' => 'This text will be attached to all emails the board sends.', 'ENABLE_EMAIL' => 'Enable board-wide emails', - 'ENABLE_EMAIL_EXPLAIN' => 'If this is set to disabled no emails will be sent by the board at all. <em>Note the user and admin account activation settings require this setting to be enabled. If currently using “user” or “admin” activation in the activation settings, disabling this setting will require no activation of new accounts.</em>', + 'ENABLE_EMAIL_EXPLAIN' => 'If this is set to disabled no emails will be sent by the board at all. <em>Note the user and admin account activation settings require this setting to be enabled. If currently using “user” or “admin” activation in the activation settings, disabling this setting will disable registration.</em>', 'SMTP_AUTH_METHOD' => 'Authentication method for SMTP', 'SMTP_AUTH_METHOD_EXPLAIN' => 'Only used if a username/password is set, ask your provider if you are unsure which method to use.', 'SMTP_CRAM_MD5' => 'CRAM-MD5', diff --git a/phpBB/language/en/install.php b/phpBB/language/en/install.php index a2b27f0a60..107de9c64f 100644 --- a/phpBB/language/en/install.php +++ b/phpBB/language/en/install.php @@ -547,7 +547,7 @@ $lang = array_merge($lang, array( <ul style="margin-left: 20px; font-size: 1.1em;"> <li>Go to the <a href="https://www.phpbb.com/downloads/" title="https://www.phpbb.com/downloads/">phpBB.com downloads page</a> and download the "Automatic Update Package" archive.<br /><br /></li> <li>Unpack the archive.<br /><br /></li> - <li>Upload the complete uncompressed install folder to your phpBB root directory (where your config.php file is).<br /><br /></li> + <li>Upload the complete uncompressed "install" and "vendor" folders to your phpBB root directory (where your config.php file is).<br /><br /></li> </ul> <p>Once uploaded your board will be offline for normal users due to the install directory you uploaded now present.<br /><br /> diff --git a/phpBB/language/en/mcp.php b/phpBB/language/en/mcp.php index bc0fd03520..a961068657 100644 --- a/phpBB/language/en/mcp.php +++ b/phpBB/language/en/mcp.php @@ -237,7 +237,7 @@ $lang = array_merge($lang, array( 'NOT_MODERATOR' => 'You are not a moderator of this forum.', 'NO_DESTINATION_FORUM' => 'Please select a forum for destination.', 'NO_DESTINATION_FORUM_FOUND' => 'There is no destination forum available.', - 'NO_ENTRIES' => 'No log entries for this period.', + 'NO_ENTRIES' => 'No log entries.', 'NO_FEEDBACK' => 'No feedback exists for this user.', 'NO_FINAL_TOPIC_SELECTED' => 'You have to select a destination topic for merging posts.', 'NO_MATCHES_FOUND' => 'No matches found.', diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index e3ac8dad51..5a5be6f761 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -681,7 +681,7 @@ switch ($mode) 'U_MCP_QUEUE' => ($auth->acl_getf_global('m_approve')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue', true, $user->session_id) : '', 'U_SWITCH_PERMISSIONS' => ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_id) ? append_sid("{$phpbb_root_path}ucp.$phpEx", "mode=switch_perm&u={$user_id}&hash=" . generate_link_hash('switchperm')) : '', - 'U_EDIT_SELF' => ($user_id == $user->data['user_id']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=ucp_profile&mode=profile_info') : '', + 'U_EDIT_SELF' => ($user_id == $user->data['user_id'] && $auth->acl_get('u_chgprofileinfo')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=ucp_profile&mode=profile_info') : '', 'S_USER_NOTES' => ($user_notes_enabled) ? true : false, 'S_WARN_USER' => ($warn_user_enabled) ? true : false, @@ -1089,9 +1089,9 @@ switch ($mode) { $user_rank_data = phpbb_get_user_rank($group_row, false); - if ($rank_img) + if ($user_rank_data['img']) { - $rank_img .= '<br />'; + $user_rank_data['img'] .= '<br />'; } } @@ -1427,7 +1427,7 @@ switch ($mode) $cp_row = (isset($profile_fields_cache[$user_id])) ? $cp->generate_profile_fields_template_data($profile_fields_cache[$user_id], false) : array(); } - $memberrow = array_merge(phpbb_show_profile($row), array( + $memberrow = array_merge(phpbb_show_profile($row, false, false, false), array( 'ROW_NUMBER' => $i + ($start + 1), 'S_CUSTOM_PROFILE' => (isset($cp_row['row']) && sizeof($cp_row['row'])) ? true : false, diff --git a/phpBB/phpbb/auth/auth.php b/phpBB/phpbb/auth/auth.php index 38755ccf99..b59f0e60ec 100644 --- a/phpBB/phpbb/auth/auth.php +++ b/phpBB/phpbb/auth/auth.php @@ -927,11 +927,11 @@ class auth */ function login($username, $password, $autologin = false, $viewonline = 1, $admin = 0) { - global $config, $db, $user, $phpbb_root_path, $phpEx, $phpbb_container; + global $db, $user, $phpbb_root_path, $phpEx, $phpbb_container; - $method = trim(basename($config['auth_method'])); + $provider_collection = $phpbb_container->get('auth.provider_collection'); - $provider = $phpbb_container->get('auth.provider.' . $method); + $provider = $provider_collection->get_provider(); if ($provider) { $login = $provider->login($username, $password); diff --git a/phpBB/phpbb/auth/provider/apache.php b/phpBB/phpbb/auth/provider/apache.php index 9137a77210..aa5bf64335 100644 --- a/phpBB/phpbb/auth/provider/apache.php +++ b/phpBB/phpbb/auth/provider/apache.php @@ -137,7 +137,7 @@ class apache extends \phpbb\auth\provider\base return array( 'status' => LOGIN_SUCCESS_CREATE_PROFILE, 'error_msg' => false, - 'user_row' => user_row_apache($php_auth_user, $php_auth_pw), + 'user_row' => $this->user_row($php_auth_user, $php_auth_pw), ); } @@ -185,7 +185,7 @@ class apache extends \phpbb\auth\provider\base } // create the user if he does not exist yet - user_add(user_row_apache($php_auth_user, $php_auth_pw)); + user_add($this->user_row($php_auth_user, $php_auth_pw)); $sql = 'SELECT * FROM ' . USERS_TABLE . " diff --git a/phpBB/phpbb/auth/provider/db.php b/phpBB/phpbb/auth/provider/db.php index 722eeffa9a..ba67c11e75 100644 --- a/phpBB/phpbb/auth/provider/db.php +++ b/phpBB/phpbb/auth/provider/db.php @@ -87,7 +87,7 @@ class db extends \phpbb\auth\provider\base $username_clean = utf8_clean_string($username); - $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type, user_login_attempts + $sql = 'SELECT * FROM ' . USERS_TABLE . " WHERE username_clean = '" . $this->db->sql_escape($username_clean) . "'"; $result = $this->db->sql_query($sql); @@ -123,7 +123,7 @@ class db extends \phpbb\auth\provider\base 'username_clean' => $username_clean, ); $sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $this->db->sql_build_array('INSERT', $attempt_data); - $result = $this->db->sql_query($sql); + $this->db->sql_query($sql); } else { @@ -175,7 +175,7 @@ class db extends \phpbb\auth\provider\base } // Check password ... - if ($this->passwords_manager->check($password, $row['user_password'])) + if ($this->passwords_manager->check($password, $row['user_password'], $row)) { // Check for old password hash... if ($this->passwords_manager->convert_flag || strlen($row['user_password']) == 32) diff --git a/phpBB/phpbb/auth/provider_collection.php b/phpBB/phpbb/auth/provider_collection.php index a74a2135dc..8e7e9e2cc1 100644 --- a/phpBB/phpbb/auth/provider_collection.php +++ b/phpBB/phpbb/auth/provider_collection.php @@ -38,6 +38,7 @@ class provider_collection extends \phpbb\di\service_collection /** * Get an auth provider. * + * @param string $provider_name The name of the auth provider * @return object Default auth provider selected in config if it * does exist. Otherwise the standard db auth * provider. @@ -46,11 +47,12 @@ class provider_collection extends \phpbb\di\service_collection * auth provider exist. The db auth provider * should always exist in a phpBB installation. */ - public function get_provider() + public function get_provider($provider_name = '') { - if ($this->offsetExists('auth.provider.' . basename(trim($this->config['auth_method'])))) + $provider_name = ($provider_name !== '') ? $provider_name : basename(trim($this->config['auth_method'])); + if ($this->offsetExists('auth.provider.' . $provider_name)) { - return $this->offsetGet('auth.provider.' . basename(trim($this->config['auth_method']))); + return $this->offsetGet('auth.provider.' . $provider_name); } // Revert to db auth provider if selected method does not exist else if ($this->offsetExists('auth.provider.db')) diff --git a/phpBB/phpbb/avatar/driver/local.php b/phpBB/phpbb/avatar/driver/local.php index 07b3ed59de..8888686b2d 100644 --- a/phpBB/phpbb/avatar/driver/local.php +++ b/phpBB/phpbb/avatar/driver/local.php @@ -154,7 +154,7 @@ class local extends \phpbb\avatar\driver\driver */ protected function get_avatar_list($user) { - $avatar_list = ($this->cache == null) ? false : $this->cache->get('avatar_local_list'); + $avatar_list = ($this->cache == null) ? false : $this->cache->get('_avatar_local_list'); if ($avatar_list === false) { @@ -192,7 +192,7 @@ class local extends \phpbb\avatar\driver\driver if ($this->cache != null) { - $this->cache->put('avatar_local_list', $avatar_list, 86400); + $this->cache->put('_avatar_local_list', $avatar_list, 86400); } } diff --git a/phpBB/phpbb/avatar/driver/remote.php b/phpBB/phpbb/avatar/driver/remote.php index 1bd7f6c927..4b0ee3f06f 100644 --- a/phpBB/phpbb/avatar/driver/remote.php +++ b/phpBB/phpbb/avatar/driver/remote.php @@ -130,8 +130,24 @@ class remote extends \phpbb\avatar\driver\driver { // Timeout after 1 second stream_set_timeout($file_stream, 1); + // read some data to ensure headers are present + fread($file_stream, 1024); $meta = stream_get_meta_data($file_stream); - foreach ($meta['wrapper_data'] as $header) + + if (isset($meta['wrapper_data']['headers']) && is_array($meta['wrapper_data']['headers'])) + { + $headers = $meta['wrapper_data']['headers']; + } + else if (isset($meta['wrapper_data']) && is_array($meta['wrapper_data'])) + { + $headers = $meta['wrapper_data']; + } + else + { + $headers = array(); + } + + foreach ($headers as $header) { $header = preg_split('/ /', $header, 2); if (strtr(strtolower(trim($header[0], ':')), '_', '-') === 'content-type') diff --git a/phpBB/phpbb/captcha/plugins/recaptcha.php b/phpBB/phpbb/captcha/plugins/recaptcha.php index ea446d7bc3..584f3afec1 100644 --- a/phpBB/phpbb/captcha/plugins/recaptcha.php +++ b/phpBB/phpbb/captcha/plugins/recaptcha.php @@ -26,8 +26,10 @@ class recaptcha extends captcha_abstract var $challenge; var $response; - // PHP4 Constructor - function phpbb_recaptcha() + /** + * Constructor + */ + public function __construct() { global $request; $this->recaptcha_server = $request->is_secure() ? $this->recaptcha_server_secure : $this->recaptcha_server; diff --git a/phpBB/phpbb/controller/helper.php b/phpBB/phpbb/controller/helper.php index 187e455d48..52e6947c2c 100644 --- a/phpBB/phpbb/controller/helper.php +++ b/phpBB/phpbb/controller/helper.php @@ -44,6 +44,9 @@ class helper /* @var \phpbb\symfony_request */ protected $symfony_request; + /* @var \phpbb\request\request_interface */ + protected $request; + /** * @var \phpbb\filesystem The filesystem object */ @@ -70,16 +73,18 @@ class helper * @param \phpbb\controller\provider $provider Path provider * @param \phpbb\extension\manager $manager Extension manager object * @param \phpbb\symfony_request $symfony_request Symfony Request object + * @param \phpbb\request\request_interface $request phpBB request object * @param \phpbb\filesystem $filesystem The filesystem object * @param string $phpbb_root_path phpBB root path * @param string $php_ext PHP file extension */ - public function __construct(\phpbb\template\template $template, \phpbb\user $user, \phpbb\config\config $config, \phpbb\controller\provider $provider, \phpbb\extension\manager $manager, \phpbb\symfony_request $symfony_request, \phpbb\filesystem $filesystem, $phpbb_root_path, $php_ext) + public function __construct(\phpbb\template\template $template, \phpbb\user $user, \phpbb\config\config $config, \phpbb\controller\provider $provider, \phpbb\extension\manager $manager, \phpbb\symfony_request $symfony_request, \phpbb\request\request_interface $request, \phpbb\filesystem $filesystem, $phpbb_root_path, $php_ext) { $this->template = $template; $this->user = $user; $this->config = $config; $this->symfony_request = $symfony_request; + $this->request = $request; $this->filesystem = $filesystem; $this->phpbb_root_path = $phpbb_root_path; $this->php_ext = $php_ext; @@ -153,7 +158,7 @@ class helper } } - $base_url = $this->filesystem->clean_path($base_url); + $base_url = $this->request->escape($this->filesystem->clean_path($base_url), true); $context->setBaseUrl($base_url); @@ -197,6 +202,6 @@ class helper */ public function get_current_url() { - return generate_board_url(true) . $this->symfony_request->getRequestUri(); + return generate_board_url(true) . $this->request->escape($this->symfony_request->getRequestUri(), true); } } diff --git a/phpBB/phpbb/cron/manager.php b/phpBB/phpbb/cron/manager.php index 5c8ac04b77..079ce8107e 100644 --- a/phpBB/phpbb/cron/manager.php +++ b/phpBB/phpbb/cron/manager.php @@ -73,6 +73,7 @@ class manager */ public function find_one_ready_task() { + shuffle($this->tasks); foreach ($this->tasks as $task) { if ($task->is_ready()) diff --git a/phpBB/phpbb/db/migration/data/v30x/release_3_0_12_rc1.php b/phpBB/phpbb/db/migration/data/v30x/release_3_0_12_rc1.php index 8600472cca..f9f6d9f7f7 100644 --- a/phpBB/phpbb/db/migration/data/v30x/release_3_0_12_rc1.php +++ b/phpBB/phpbb/db/migration/data/v30x/release_3_0_12_rc1.php @@ -31,7 +31,6 @@ class release_3_0_12_rc1 extends \phpbb\db\migration\migration { return array( array('custom', array(array(&$this, 'update_module_auth'))), - array('custom', array(array(&$this, 'update_bots'))), array('custom', array(array(&$this, 'disable_bots_from_receiving_pms'))), array('config.update', array('version', '3.0.12-RC1')), @@ -70,60 +69,4 @@ class release_3_0_12_rc1 extends \phpbb\db\migration\migration AND module_mode = \'signature\''; $this->sql_query($sql); } - - public function update_bots() - { - // Update bots - if (!function_exists('user_delete')) - { - include($this->phpbb_root_path . 'includes/functions_user.' . $this->php_ext); - } - - $bots_updates = array( - // Bot Deletions - 'NG-Search [Bot]' => false, - 'Nutch/CVS [Bot]' => false, - 'OmniExplorer [Bot]' => false, - 'Seekport [Bot]' => false, - 'Synoo [Bot]' => false, - 'WiseNut [Bot]' => false, - - // Bot Updates - // Bot name to bot user agent map - 'Baidu [Spider]' => 'Baiduspider', - 'Exabot [Bot]' => 'Exabot', - 'Voyager [Bot]' => 'voyager/', - 'W3C [Validator]' => 'W3C_Validator', - ); - - foreach ($bots_updates as $bot_name => $bot_agent) - { - $sql = 'SELECT user_id - FROM ' . USERS_TABLE . ' - WHERE user_type = ' . USER_IGNORE . " - AND username_clean = '" . $this->db->sql_escape(utf8_clean_string($bot_name)) . "'"; - $result = $this->db->sql_query($sql); - $bot_user_id = (int) $this->db->sql_fetchfield('user_id'); - $this->db->sql_freeresult($result); - - if ($bot_user_id) - { - if ($bot_agent === false) - { - $sql = 'DELETE FROM ' . BOTS_TABLE . " - WHERE user_id = $bot_user_id"; - $this->sql_query($sql); - - user_delete('retain', $bot_user_id); - } - else - { - $sql = 'UPDATE ' . BOTS_TABLE . " - SET bot_agent = '" . $this->db->sql_escape($bot_agent) . "' - WHERE user_id = $bot_user_id"; - $this->sql_query($sql); - } - } - } - } } diff --git a/phpBB/phpbb/db/migration/data/v30x/release_3_0_5_rc1.php b/phpBB/phpbb/db/migration/data/v30x/release_3_0_5_rc1.php index f593c32181..2cc7786046 100644 --- a/phpBB/phpbb/db/migration/data/v30x/release_3_0_5_rc1.php +++ b/phpBB/phpbb/db/migration/data/v30x/release_3_0_5_rc1.php @@ -55,6 +55,9 @@ class release_3_0_5_rc1 extends \phpbb\db\migration\migration public function hash_old_passwords() { + global $phpbb_container; + + $passwords_manager = $phpbb_container->get('passwords.manager'); $sql = 'SELECT user_id, user_password FROM ' . $this->table_prefix . 'users WHERE user_pass_convert = 1'; @@ -65,7 +68,7 @@ class release_3_0_5_rc1 extends \phpbb\db\migration\migration if (strlen($row['user_password']) == 32) { $sql_ary = array( - 'user_password' => phpbb_hash($row['user_password']), + 'user_password' => '$CP$' . $passwords_manager->hash($row['user_password'], 'passwords.driver.salted_md5'), ); $this->sql_query('UPDATE ' . $this->table_prefix . 'users SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . ' WHERE user_id = ' . $row['user_id']); diff --git a/phpBB/phpbb/db/migration/data/v30x/release_3_0_8_rc1.php b/phpBB/phpbb/db/migration/data/v30x/release_3_0_8_rc1.php index 4e863fa143..22fd51543b 100644 --- a/phpBB/phpbb/db/migration/data/v30x/release_3_0_8_rc1.php +++ b/phpBB/phpbb/db/migration/data/v30x/release_3_0_8_rc1.php @@ -30,7 +30,6 @@ class release_3_0_8_rc1 extends \phpbb\db\migration\migration return array( array('custom', array(array(&$this, 'update_file_extension_group_names'))), array('custom', array(array(&$this, 'update_module_auth'))), - array('custom', array(array(&$this, 'update_bots'))), array('custom', array(array(&$this, 'delete_orphan_shadow_topics'))), array('module.add', array( 'acp', @@ -114,70 +113,6 @@ class release_3_0_8_rc1 extends \phpbb\db\migration\migration $this->sql_query($sql); } - public function update_bots() - { - $bot_name = 'Bing [Bot]'; - $bot_name_clean = utf8_clean_string($bot_name); - - $sql = 'SELECT user_id - FROM ' . USERS_TABLE . " - WHERE username_clean = '" . $this->db->sql_escape($bot_name_clean) . "'"; - $result = $this->db->sql_query($sql); - $bing_already_added = (bool) $this->db->sql_fetchfield('user_id'); - $this->db->sql_freeresult($result); - - if (!$bing_already_added) - { - $bot_agent = 'bingbot/'; - $bot_ip = ''; - $sql = 'SELECT group_id, group_colour - FROM ' . GROUPS_TABLE . " - WHERE group_name = 'BOTS'"; - $result = $this->db->sql_query($sql); - $group_row = $this->db->sql_fetchrow($result); - $this->db->sql_freeresult($result); - - if (!$group_row) - { - // default fallback, should never get here - $group_row['group_id'] = 6; - $group_row['group_colour'] = '9E8DA7'; - } - - if (!function_exists('user_add')) - { - include($this->phpbb_root_path . 'includes/functions_user.' . $this->php_ext); - } - - $user_row = array( - 'user_type' => USER_IGNORE, - 'group_id' => $group_row['group_id'], - 'username' => $bot_name, - 'user_regdate' => time(), - 'user_password' => '', - 'user_colour' => $group_row['group_colour'], - 'user_email' => '', - 'user_lang' => $this->config['default_lang'], - 'user_style' => $this->config['default_style'], - 'user_timezone' => 0, - 'user_dateformat' => $this->config['default_dateformat'], - 'user_allow_massemail' => 0, - ); - - $user_id = user_add($user_row); - - $sql = 'INSERT INTO ' . BOTS_TABLE . ' ' . $this->db->sql_build_array('INSERT', array( - 'bot_active' => 1, - 'bot_name' => (string) $bot_name, - 'user_id' => (int) $user_id, - 'bot_agent' => (string) $bot_agent, - 'bot_ip' => (string) $bot_ip, - )); - - $this->sql_query($sql); - } - } - public function delete_orphan_shadow_topics() { // Delete shadow topics pointing to not existing topics diff --git a/phpBB/phpbb/db/migration/data/v310/bot_update.php b/phpBB/phpbb/db/migration/data/v310/bot_update.php new file mode 100644 index 0000000000..39b16c68f8 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v310/bot_update.php @@ -0,0 +1,150 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v310; + +class bot_update extends \phpbb\db\migration\migration +{ + static public function depends_on() + { + return array('\phpbb\db\migration\data\v310\rc6'); + } + + public function update_data() + { + return array( + array('custom', array(array(&$this, 'update_bing_bot'))), + array('custom', array(array(&$this, 'update_bots'))), + ); + } + + public function update_bing_bot() + { + $bot_name = 'Bing [Bot]'; + $bot_name_clean = utf8_clean_string($bot_name); + + $sql = 'SELECT user_id + FROM ' . USERS_TABLE . " + WHERE username_clean = '" . $this->db->sql_escape($bot_name_clean) . "'"; + $result = $this->db->sql_query($sql); + $bing_already_added = (bool) $this->db->sql_fetchfield('user_id'); + $this->db->sql_freeresult($result); + + if (!$bing_already_added) + { + $bot_agent = 'bingbot/'; + $bot_ip = ''; + $sql = 'SELECT group_id, group_colour + FROM ' . GROUPS_TABLE . " + WHERE group_name = 'BOTS'"; + $result = $this->db->sql_query($sql); + $group_row = $this->db->sql_fetchrow($result); + $this->db->sql_freeresult($result); + + if (!$group_row) + { + // default fallback, should never get here + $group_row['group_id'] = 6; + $group_row['group_colour'] = '9E8DA7'; + } + + if (!function_exists('user_add')) + { + include($this->phpbb_root_path . 'includes/functions_user.' . $this->php_ext); + } + + $user_row = array( + 'user_type' => USER_IGNORE, + 'group_id' => $group_row['group_id'], + 'username' => $bot_name, + 'user_regdate' => time(), + 'user_password' => '', + 'user_colour' => $group_row['group_colour'], + 'user_email' => '', + 'user_lang' => $this->config['default_lang'], + 'user_style' => $this->config['default_style'], + 'user_timezone' => 0, + 'user_dateformat' => $this->config['default_dateformat'], + 'user_allow_massemail' => 0, + ); + + $user_id = user_add($user_row); + + $sql = 'INSERT INTO ' . BOTS_TABLE . ' ' . $this->db->sql_build_array('INSERT', array( + 'bot_active' => 1, + 'bot_name' => (string) $bot_name, + 'user_id' => (int) $user_id, + 'bot_agent' => (string) $bot_agent, + 'bot_ip' => (string) $bot_ip, + )); + + $this->sql_query($sql); + } + } + + public function update_bots() + { + // Update bots + if (!function_exists('user_delete')) + { + include($this->phpbb_root_path . 'includes/functions_user.' . $this->php_ext); + } + + $bots_updates = array( + // Bot Deletions + 'NG-Search [Bot]' => false, + 'Nutch/CVS [Bot]' => false, + 'OmniExplorer [Bot]' => false, + 'Seekport [Bot]' => false, + 'Synoo [Bot]' => false, + 'WiseNut [Bot]' => false, + + // Bot Updates + // Bot name to bot user agent map + 'Baidu [Spider]' => 'Baiduspider', + 'Exabot [Bot]' => 'Exabot', + 'Voyager [Bot]' => 'voyager/', + 'W3C [Validator]' => 'W3C_Validator', + ); + + foreach ($bots_updates as $bot_name => $bot_agent) + { + $sql = 'SELECT user_id + FROM ' . USERS_TABLE . ' + WHERE user_type = ' . USER_IGNORE . " + AND username_clean = '" . $this->db->sql_escape(utf8_clean_string($bot_name)) . "'"; + $result = $this->db->sql_query($sql); + $bot_user_id = (int) $this->db->sql_fetchfield('user_id'); + $this->db->sql_freeresult($result); + + if ($bot_user_id) + { + if ($bot_agent === false) + { + $sql = 'DELETE FROM ' . BOTS_TABLE . " + WHERE user_id = $bot_user_id"; + $this->sql_query($sql); + + user_delete('retain', $bot_user_id); + } + else + { + $sql = 'UPDATE ' . BOTS_TABLE . " + SET bot_agent = '" . $this->db->sql_escape($bot_agent) . "' + WHERE user_id = $bot_user_id"; + $this->sql_query($sql); + } + } + } + } +} diff --git a/phpBB/phpbb/db/migration/data/v310/captcha_plugins.php b/phpBB/phpbb/db/migration/data/v310/captcha_plugins.php index 13071e9891..328c08f1ec 100644 --- a/phpBB/phpbb/db/migration/data/v310/captcha_plugins.php +++ b/phpBB/phpbb/db/migration/data/v310/captcha_plugins.php @@ -25,9 +25,13 @@ class captcha_plugins extends \phpbb\db\migration\migration public function update_data() { $captcha_plugin = $this->config['captcha_plugin']; - if (strpos($this->config['captcha_plugin'], 'phpbb_captcha_') === 0) + if (strpos($captcha_plugin, 'phpbb_captcha_') === 0) { - $captcha_plugin = substr($this->config['captcha_plugin'], strlen('phpbb_captcha_')); + $captcha_plugin = substr($captcha_plugin, strlen('phpbb_captcha_')); + } + else if (strpos($captcha_plugin, 'phpbb_') === 0) + { + $captcha_plugin = substr($captcha_plugin, strlen('phpbb_')); } return array( diff --git a/phpBB/phpbb/db/migration/data/v310/contact_admin_form.php b/phpBB/phpbb/db/migration/data/v310/contact_admin_form.php index c2dd09ddf6..5736369f1a 100644 --- a/phpBB/phpbb/db/migration/data/v310/contact_admin_form.php +++ b/phpBB/phpbb/db/migration/data/v310/contact_admin_form.php @@ -20,6 +20,11 @@ class contact_admin_form extends \phpbb\db\migration\migration return isset($this->config['contact_admin_form_enable']); } + static public function depends_on() + { + return array('\phpbb\db\migration\data\v310\config_db_text'); + } + public function update_data() { return array( diff --git a/phpBB/phpbb/db/migration/data/v310/gold.php b/phpBB/phpbb/db/migration/data/v310/gold.php new file mode 100644 index 0000000000..e84c7ee951 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v310/gold.php @@ -0,0 +1,32 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v310; + +class gold extends \phpbb\db\migration\migration +{ + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v310\rc6', + '\phpbb\db\migration\data\v310\bot_update', + ); + } + + public function update_data() + { + return array( + array('config.update', array('version', '3.1.0')), + ); + } +} diff --git a/phpBB/phpbb/db/migration/data/v310/reset_missing_captcha_plugin.php b/phpBB/phpbb/db/migration/data/v310/reset_missing_captcha_plugin.php index d5f9076196..8211457dc6 100644 --- a/phpBB/phpbb/db/migration/data/v310/reset_missing_captcha_plugin.php +++ b/phpBB/phpbb/db/migration/data/v310/reset_missing_captcha_plugin.php @@ -29,7 +29,8 @@ class reset_missing_captcha_plugin extends \phpbb\db\migration\migration { return array( array('if', array( - (!is_file($this->phpbb_root_path . "includes/captcha/plugins/{$this->config['captcha_plugin']}_plugin." . $this->php_ext)), + (is_dir($this->phpbb_root_path . 'includes/captcha/plugins/') && + !is_file($this->phpbb_root_path . "includes/captcha/plugins/{$this->config['captcha_plugin']}_plugin." . $this->php_ext)), array('config.update', array('captcha_plugin', 'phpbb_captcha_nogd')), )), ); diff --git a/phpBB/phpbb/db/migration/data/v31x/m_softdelete_global.php b/phpBB/phpbb/db/migration/data/v31x/m_softdelete_global.php new file mode 100644 index 0000000000..dd7e20e762 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v31x/m_softdelete_global.php @@ -0,0 +1,31 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v31x; + +class m_softdelete_global extends \phpbb\db\migration\migration +{ + static public function depends_on() + { + return array('\phpbb\db\migration\data\v31x\v311'); + } + + public function update_data() + { + return array( + // Make m_softdelete global. The add method will take care of updating + // it if it already exists. + array('permission.add', array('m_softdelete', true)), + ); + } +} diff --git a/phpBB/phpbb/db/migration/data/v31x/style_update.php b/phpBB/phpbb/db/migration/data/v31x/style_update.php new file mode 100644 index 0000000000..bb030bbe6d --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v31x/style_update.php @@ -0,0 +1,136 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v31x; + +class style_update extends \phpbb\db\migration\migration +{ + static public function depends_on() + { + return array('\phpbb\db\migration\data\v310\gold'); + } + + public function update_data() + { + return array( + array('custom', array(array($this, 'update_installed_styles'))), + ); + } + + public function update_installed_styles() + { + // Get all currently available styles + $styles = $this->find_style_dirs(); + $style_paths = $style_ids = array(); + + $sql = 'SELECT style_path, style_id + FROM ' . $this->table_prefix . 'styles'; + $result = $this->db->sql_query($sql); + while ($styles_row = $this->db->sql_fetchrow()) + { + if (in_array($styles_row['style_path'], $styles)) + { + $style_paths[] = $styles_row['style_path']; + $style_ids[] = $styles_row['style_id']; + } + } + $this->db->sql_freeresult($result); + + // Install prosilver if no style is available and prosilver can be installed + if (empty($style_paths) && in_array('prosilver', $styles)) + { + // Try to parse config file + $cfg = parse_cfg_file($this->phpbb_root_path . 'styles/prosilver/style.cfg'); + + // Stop running this if prosilver cfg file can't be read + if (empty($cfg)) + { + throw new \RuntimeException('No styles available and could not fall back to prosilver.'); + } + + $style = array( + 'style_name' => 'prosilver', + 'style_copyright' => '© phpBB Limited', + 'style_active' => 1, + 'style_path' => 'prosilver', + 'bbcode_bitfield' => 'kNg=', + 'style_parent_id' => 0, + 'style_parent_tree' => '', + ); + + // Add to database + $this->db->sql_transaction('begin'); + + $sql = 'INSERT INTO ' . $this->table_prefix . 'styles + ' . $this->db->sql_build_array('INSERT', $style); + $this->db->sql_query($sql); + + $style_id = $this->db->sql_nextid(); + $style_ids[] = $style_id; + + $this->db->sql_transaction('commit'); + + // Set prosilver to default style + $this->config->set('default_style', $style_id); + } + else if (empty($styles) && empty($available_styles)) + { + throw new \RuntimeException('No valid styles available'); + } + + // Make sure default style is available + if (!in_array($this->config['default_style'], $style_ids)) + { + $this->config->set('default_style', array_pop($style_ids)); + } + + // Reset users to default style if their user_style is nonexistent + $sql = 'UPDATE ' . $this->table_prefix . "users + SET user_style = {$this->config['default_style']} + WHERE " . $this->db->sql_in_set('user_style', $style_ids, true, true); + $this->db->sql_query($sql); + } + + /** + * Find all directories that have styles + * Copied from acp_styles + * + * @return array Directory names + */ + protected function find_style_dirs() + { + $styles = array(); + $styles_path = $this->phpbb_root_path . 'styles/'; + + $dp = @opendir($styles_path); + if ($dp) + { + while (($file = readdir($dp)) !== false) + { + $dir = $styles_path . $file; + if ($file[0] == '.' || !is_dir($dir)) + { + continue; + } + + if (file_exists("{$dir}/style.cfg")) + { + $styles[] = $file; + } + } + closedir($dp); + } + + return $styles; + } +} diff --git a/phpBB/phpbb/db/migration/data/v31x/v311.php b/phpBB/phpbb/db/migration/data/v31x/v311.php new file mode 100644 index 0000000000..00844dd4c0 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v31x/v311.php @@ -0,0 +1,32 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v31x; + +class v311 extends \phpbb\db\migration\migration +{ + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v310\gold', + '\phpbb\db\migration\data\v31x\style_update', + ); + } + + public function update_data() + { + return array( + array('config.update', array('version', '3.1.1')), + ); + } +} diff --git a/phpBB/phpbb/db/migrator.php b/phpBB/phpbb/db/migrator.php index 621a808a03..d03496eae3 100644 --- a/phpBB/phpbb/db/migrator.php +++ b/phpBB/phpbb/db/migrator.php @@ -59,6 +59,13 @@ class migrator protected $migrations = array(); /** + * Array of migrations that have been determined to be fulfillable + * + * @var array + */ + protected $fulfillable_migrations = array(); + + /** * 'name,' 'class,' and 'state' of the last migration run * * 'effectively_installed' set and set to true if the migration was effectively_installed @@ -653,7 +660,7 @@ class migrator */ public function unfulfillable($name) { - if (isset($this->migration_state[$name])) + if (isset($this->migration_state[$name]) || isset($this->fulfillable_migrations[$name])) { return false; } @@ -674,6 +681,7 @@ class migrator return $unfulfillable; } } + $this->fulfillable_migrations[$name] = true; return false; } diff --git a/phpBB/phpbb/db/tools.php b/phpBB/phpbb/db/tools.php index 0781d7425e..c8d25f23a2 100644 --- a/phpBB/phpbb/db/tools.php +++ b/phpBB/phpbb/db/tools.php @@ -2643,7 +2643,7 @@ class tools AND cols.id = ix.id WHERE ix.id = object_id('{$table_name}') AND cols.name = '{$column_name}' - AND INDEXPROPERTY(ix.id, ix.name, 'IsUnique') = " . ($unique) ? '1' : '0'; + AND INDEXPROPERTY(ix.id, ix.name, 'IsUnique') = " . ($unique ? '1' : '0'); } else { @@ -2657,7 +2657,7 @@ class tools AND cols.object_id = ix.object_id WHERE ix.object_id = object_id('{$table_name}') AND cols.name = '{$column_name}' - AND ix.is_unique = " . ($unique) ? '1' : '0'; + AND ix.is_unique = " . ($unique ? '1' : '0'); } break; diff --git a/phpBB/phpbb/di/extension/config.php b/phpBB/phpbb/di/extension/config.php index 27ebc94bae..7984a783df 100644 --- a/phpBB/phpbb/di/extension/config.php +++ b/phpBB/phpbb/di/extension/config.php @@ -39,16 +39,24 @@ class config extends Extension */ public function load(array $config, ContainerBuilder $container) { - $container->setParameter('core.adm_relative_path', ($this->config_php->get('phpbb_adm_relative_path') ? $this->config_php->get('phpbb_adm_relative_path') : 'adm/')); - $container->setParameter('core.table_prefix', $this->config_php->get('table_prefix')); - $container->setParameter('cache.driver.class', $this->convert_30_acm_type($this->config_php->get('acm_type'))); - $container->setParameter('dbal.driver.class', $this->config_php->convert_30_dbms_to_31($this->config_php->get('dbms'))); - $container->setParameter('dbal.dbhost', $this->config_php->get('dbhost')); - $container->setParameter('dbal.dbuser', $this->config_php->get('dbuser')); - $container->setParameter('dbal.dbpasswd', $this->config_php->get('dbpasswd')); - $container->setParameter('dbal.dbname', $this->config_php->get('dbname')); - $container->setParameter('dbal.dbport', $this->config_php->get('dbport')); - $container->setParameter('dbal.new_link', defined('PHPBB_DB_NEW_LINK') && PHPBB_DB_NEW_LINK); + $parameters = array( + 'core.adm_relative_path' => $this->config_php->get('phpbb_adm_relative_path') ? $this->config_php->get('phpbb_adm_relative_path') : 'adm/', + 'core.table_prefix' => $this->config_php->get('table_prefix'), + 'cache.driver.class' => $this->convert_30_acm_type($this->config_php->get('acm_type')), + 'dbal.driver.class' => $this->config_php->convert_30_dbms_to_31($this->config_php->get('dbms')), + 'dbal.dbhost' => $this->config_php->get('dbhost'), + 'dbal.dbuser' => $this->config_php->get('dbuser'), + 'dbal.dbpasswd' => $this->config_php->get('dbpasswd'), + 'dbal.dbname' => $this->config_php->get('dbname'), + 'dbal.dbport' => $this->config_php->get('dbport'), + 'dbal.new_link' => defined('PHPBB_DB_NEW_LINK') && PHPBB_DB_NEW_LINK, + ); + $parameter_bag = $container->getParameterBag(); + + foreach ($parameters as $parameter => $value) + { + $container->setParameter($parameter, $parameter_bag->escapeValue($value)); + } } /** diff --git a/phpBB/phpbb/message/admin_form.php b/phpBB/phpbb/message/admin_form.php index 93db59880c..96b8d3499e 100644 --- a/phpBB/phpbb/message/admin_form.php +++ b/phpBB/phpbb/message/admin_form.php @@ -178,6 +178,7 @@ class admin_form extends form 'S_CONTACT_ADMIN' => true, 'S_CONTACT_FORM' => $this->config['contact_admin_form_enable'], 'S_IS_REGISTERED' => $this->user->data['is_registered'], + 'S_POST_ACTION' => append_sid($this->phpbb_root_path . 'memberlist.' . $this->phpEx, 'mode=contactadmin'), 'CONTACT_INFO' => $l_admin_info, 'MESSAGE' => $this->body, diff --git a/phpBB/phpbb/message/form.php b/phpBB/phpbb/message/form.php index 076b41dc07..21d4de0b4d 100644 --- a/phpBB/phpbb/message/form.php +++ b/phpBB/phpbb/message/form.php @@ -146,7 +146,7 @@ abstract class form WHERE user_id = ' . $this->user->data['user_id']; $this->db->sql_query($sql); - if ($this->cc_sender) + if ($this->cc_sender && $this->user->data['is_registered']) { $this->message->cc_sender(); } diff --git a/phpBB/phpbb/notification/manager.php b/phpBB/phpbb/notification/manager.php index 81b450ebbd..dd611e1dd1 100644 --- a/phpBB/phpbb/notification/manager.php +++ b/phpBB/phpbb/notification/manager.php @@ -24,6 +24,9 @@ class manager protected $notification_types; /** @var array */ + protected $subscription_types; + + /** @var array */ protected $notification_methods; /** @var ContainerInterface */ @@ -289,7 +292,7 @@ class manager WHERE notification_time <= " . (int) $time . (($notification_type_name !== false) ? ' AND ' . (is_array($notification_type_name) ? $this->db->sql_in_set('notification_type_id', $this->get_notification_type_ids($notification_type_name)) : 'notification_type_id = ' . $this->get_notification_type_id($notification_type_name)) : '') . - (($item_parent_id !== false) ? ' AND ' . (is_array($item_parent_id) ? $this->db->sql_in_set('item_parent_id', $item_parent_id) : 'item_parent_id = ' . (int) $item_parent_id) : '') . + (($item_parent_id !== false) ? ' AND ' . (is_array($item_parent_id) ? $this->db->sql_in_set('item_parent_id', $item_parent_id, false, true) : 'item_parent_id = ' . (int) $item_parent_id) : '') . (($user_id !== false) ? ' AND ' . (is_array($user_id) ? $this->db->sql_in_set('user_id', $user_id) : 'user_id = ' . (int) $user_id) : ''); $this->db->sql_query($sql); } @@ -524,33 +527,36 @@ class manager */ public function get_subscription_types() { - $subscription_types = array(); - - foreach ($this->notification_types as $type_name => $data) + if ($this->subscription_types === null) { - $type = $this->get_item_type_class($type_name); + $this->subscription_types = array(); - if ($type instanceof \phpbb\notification\type\type_interface && $type->is_available()) + foreach ($this->notification_types as $type_name => $data) { - $options = array_merge(array( - 'id' => $type->get_type(), - 'lang' => 'NOTIFICATION_TYPE_' . strtoupper($type->get_type()), - 'group' => 'NOTIFICATION_GROUP_MISCELLANEOUS', - ), (($type::$notification_option !== false) ? $type::$notification_option : array())); + $type = $this->get_item_type_class($type_name); + + if ($type instanceof \phpbb\notification\type\type_interface && $type->is_available()) + { + $options = array_merge(array( + 'id' => $type->get_type(), + 'lang' => 'NOTIFICATION_TYPE_' . strtoupper($type->get_type()), + 'group' => 'NOTIFICATION_GROUP_MISCELLANEOUS', + ), (($type::$notification_option !== false) ? $type::$notification_option : array())); - $subscription_types[$options['group']][$options['id']] = $options; + $this->subscription_types[$options['group']][$options['id']] = $options; + } } - } - // Move Miscellaneous to the very last section - if (isset($subscription_types['NOTIFICATION_GROUP_MISCELLANEOUS'])) - { - $miscellaneous = $subscription_types['NOTIFICATION_GROUP_MISCELLANEOUS']; - unset($subscription_types['NOTIFICATION_GROUP_MISCELLANEOUS']); - $subscription_types['NOTIFICATION_GROUP_MISCELLANEOUS'] = $miscellaneous; + // Move Miscellaneous to the very last section + if (isset($this->subscription_types['NOTIFICATION_GROUP_MISCELLANEOUS'])) + { + $miscellaneous = $this->subscription_types['NOTIFICATION_GROUP_MISCELLANEOUS']; + unset($this->subscription_types['NOTIFICATION_GROUP_MISCELLANEOUS']); + $this->subscription_types['NOTIFICATION_GROUP_MISCELLANEOUS'] = $miscellaneous; + } } - return $subscription_types; + return $this->subscription_types; } /** diff --git a/phpBB/phpbb/notification/type/admin_activate_user.php b/phpBB/phpbb/notification/type/admin_activate_user.php index 038ca3726e..dfc0157558 100644 --- a/phpBB/phpbb/notification/type/admin_activate_user.php +++ b/phpBB/phpbb/notification/type/admin_activate_user.php @@ -131,7 +131,7 @@ class admin_activate_user extends \phpbb\notification\type\base public function get_email_template_variables() { $board_url = generate_board_url(); - $username = $this->user_loader->get_username($this->item_id, 'no_profile'); + $username = $this->user_loader->get_username($this->item_id, 'username'); return array( 'USERNAME' => htmlspecialchars_decode($username), diff --git a/phpBB/phpbb/path_helper.php b/phpBB/phpbb/path_helper.php index 936564d8b6..4a446a5d9d 100644 --- a/phpBB/phpbb/path_helper.php +++ b/phpBB/phpbb/path_helper.php @@ -154,6 +154,7 @@ class path_helper return $this->web_root_path; } + // We do not need to escape $path_info, $request_uri and $script_name because we can not find their content in the result. // Path info (e.g. /foo/bar) $path_info = $this->filesystem->clean_path($this->symfony_request->getPathInfo()); @@ -203,9 +204,12 @@ class path_helper */ if ($this->request->is_ajax() && $this->symfony_request->get('_referer')) { + // We need to escape $absolute_board_url because it can be partially concatenated to the result. + $absolute_board_url = $this->request->escape($this->symfony_request->getSchemeAndHttpHost() . $this->symfony_request->getBasePath(), true); + $referer_web_root_path = $this->get_web_root_path_from_ajax_referer( $this->symfony_request->get('_referer'), - $this->symfony_request->getSchemeAndHttpHost() . $this->symfony_request->getBasePath() + $absolute_board_url ); return $this->web_root_path = $this->phpbb_root_path . $referer_web_root_path; } diff --git a/phpBB/phpbb/profilefields/type/type_base.php b/phpBB/phpbb/profilefields/type/type_base.php index 52f5d15511..9b4bada26d 100644 --- a/phpBB/phpbb/profilefields/type/type_base.php +++ b/phpBB/phpbb/profilefields/type/type_base.php @@ -158,7 +158,19 @@ abstract class type_base implements type_interface } else { - return $this->request->variable($key, '', true); + $default_value = ''; + $lang_fields = array( + 'l_lang_name', + 'l_lang_explain', + 'l_lang_default_value', + 'l_lang_options', + ); + + if (in_array($key, $lang_fields)) + { + $default_value = array(0 => ''); + } + return $this->request->variable($key, $default_value, true); } } diff --git a/phpBB/phpbb/profilefields/type/type_bool.php b/phpBB/phpbb/profilefields/type/type_bool.php index 0582722833..75934e3be7 100644 --- a/phpBB/phpbb/profilefields/type/type_bool.php +++ b/phpBB/phpbb/profilefields/type/type_bool.php @@ -352,7 +352,7 @@ class type_bool extends type_base } } - if ($step == 3 && ($field_data[$key] || $action != 'edit') && $key == 'l_lang_options') + if ($key == 'l_lang_options' && $this->request->is_set($key)) { $field_data[$key] = $this->request->variable($key, array(0 => array('')), true); diff --git a/phpBB/phpbb/request/request.php b/phpBB/phpbb/request/request.php index ea9854894c..f0f2f7e2a2 100644 --- a/phpBB/phpbb/request/request.php +++ b/phpBB/phpbb/request/request.php @@ -416,4 +416,27 @@ class request implements \phpbb\request\request_interface { return $this->input[$super_global]; } + + /** + * {@inheritdoc} + */ + public function escape($var, $multibyte) + { + if (is_array($var)) + { + $result = array(); + foreach ($var as $key => $value) + { + $this->type_cast_helper->set_var($key, $key, gettype($key), $multibyte); + $result[$key] = $this->escape($value, $multibyte); + } + $var = $result; + } + else + { + $this->type_cast_helper->set_var($var, $var, 'string', $multibyte); + } + + return $var; + } } diff --git a/phpBB/phpbb/request/request_interface.php b/phpBB/phpbb/request/request_interface.php index 3236f73990..47b3b3a4ed 100644 --- a/phpBB/phpbb/request/request_interface.php +++ b/phpBB/phpbb/request/request_interface.php @@ -142,4 +142,14 @@ interface request_interface * @return array The original array of the requested super global. */ public function get_super_global($super_global = \phpbb\request\request_interface::REQUEST); + + /** + * Escape a string variable. + * + * @param mixed $value The contents to fill with + * @param bool $multibyte Indicates whether string values may contain UTF-8 characters. + * Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks. + * @return string|array + */ + public function escape($value, $multibyte); } diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php index cf8ea1877e..dc90d942c3 100644 --- a/phpBB/phpbb/session.php +++ b/phpBB/phpbb/session.php @@ -31,10 +31,11 @@ class session var $update_session_page = true; /** - * Extract current session page - * - * @param string $root_path current root path (phpbb_root_path) - */ + * Extract current session page + * + * @param string $root_path current root path (phpbb_root_path) + * @return array + */ static function extract_current_page($root_path) { global $request, $symfony_request, $phpbb_filesystem; @@ -42,8 +43,8 @@ class session $page_array = array(); // First of all, get the request uri... - $script_name = $symfony_request->getScriptName(); - $args = explode('&', $symfony_request->getQueryString()); + $script_name = $request->escape($symfony_request->getScriptName(), true); + $args = $request->escape(explode('&', $symfony_request->getQueryString()), true); // If we are unable to get the script name we use REQUEST_URI as a failover and note it within the page array for easier support... if (!$script_name) @@ -61,8 +62,8 @@ class session // Since some browser do not encode correctly we need to do this with some "special" characters... // " -> %22, ' => %27, < -> %3C, > -> %3E - $find = array('"', "'", '<', '>'); - $replace = array('%22', '%27', '%3C', '%3E'); + $find = array('"', "'", '<', '>', '"', '<', '>'); + $replace = array('%22', '%27', '%3C', '%3E', '%22', '%3C', '%3E'); foreach ($args as $key => $argument) { @@ -87,7 +88,7 @@ class session $symfony_request_path = $phpbb_filesystem->clean_path($symfony_request->getPathInfo()); if ($symfony_request_path !== '/') { - $page_name .= $symfony_request_path; + $page_name .= str_replace('%2F', '/', urlencode($symfony_request_path)); } // current directory within the phpBB root (for example: adm) @@ -577,6 +578,43 @@ class session } } + $provider_collection = $phpbb_container->get('auth.provider_collection'); + $provider = $provider_collection->get_provider(); + $this->data = $provider->autologin(); + + if ($user_id !== false && sizeof($this->data) && $this->data['user_id'] != $user_id) + { + $this->data = array(); + } + + if (sizeof($this->data)) + { + $this->cookie_data['k'] = ''; + $this->cookie_data['u'] = $this->data['user_id']; + } + + // If we're presented with an autologin key we'll join against it. + // Else if we've been passed a user_id we'll grab data based on that + if (isset($this->cookie_data['k']) && $this->cookie_data['k'] && $this->cookie_data['u'] && !sizeof($this->data)) + { + $sql = 'SELECT u.* + FROM ' . USERS_TABLE . ' u, ' . SESSIONS_KEYS_TABLE . ' k + WHERE u.user_id = ' . (int) $this->cookie_data['u'] . ' + AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ") + AND k.user_id = u.user_id + AND k.key_id = '" . $db->sql_escape(md5($this->cookie_data['k'])) . "'"; + $result = $db->sql_query($sql); + $user_data = $db->sql_fetchrow($result); + + if ($user_id === false || (isset($user_data['user_id']) && $user_id == $user_data['user_id'])) + { + $this->data = $user_data; + $bot = false; + } + + $db->sql_freeresult($result); + } + if ($user_id !== false && !sizeof($this->data)) { $this->cookie_data['k'] = ''; @@ -591,34 +629,6 @@ class session $db->sql_freeresult($result); $bot = false; } - else if (!$bot) - { - $provider_collection = $phpbb_container->get('auth.provider_collection'); - $provider = $provider_collection->get_provider(); - $this->data = $provider->autologin(); - - if (sizeof($this->data)) - { - $this->cookie_data['k'] = ''; - $this->cookie_data['u'] = $this->data['user_id']; - } - - // If we're presented with an autologin key we'll join against it. - // Else if we've been passed a user_id we'll grab data based on that - if (isset($this->cookie_data['k']) && $this->cookie_data['k'] && $this->cookie_data['u'] && !sizeof($this->data)) - { - $sql = 'SELECT u.* - FROM ' . USERS_TABLE . ' u, ' . SESSIONS_KEYS_TABLE . ' k - WHERE u.user_id = ' . (int) $this->cookie_data['u'] . ' - AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ") - AND k.user_id = u.user_id - AND k.key_id = '" . $db->sql_escape(md5($this->cookie_data['k'])) . "'"; - $result = $db->sql_query($sql); - $this->data = $db->sql_fetchrow($result); - $db->sql_freeresult($result); - $bot = false; - } - } // Bot user, if they have a SID in the Request URI we need to get rid of it // otherwise they'll index this page with the SID, duplicate content oh my! diff --git a/phpBB/phpbb/symfony_request.php b/phpBB/phpbb/symfony_request.php index bf9ddec493..2931cae3cc 100644 --- a/phpBB/phpbb/symfony_request.php +++ b/phpBB/phpbb/symfony_request.php @@ -15,6 +15,10 @@ namespace phpbb; use Symfony\Component\HttpFoundation\Request; +/** + * WARNING: The Symfony request does not escape the input and should be used very carefully + * prefer the phpbb request as possible + */ class symfony_request extends Request { /** @@ -24,21 +28,12 @@ class symfony_request extends Request */ public function __construct(\phpbb\request\request_interface $phpbb_request) { - // This function is meant to sanitize the global input arrays - $sanitizer = function(&$value, $key) { - $type_cast_helper = new \phpbb\request\type_cast_helper(); - $type_cast_helper->set_var($value, $value, gettype($value), true); - }; - $get_parameters = $phpbb_request->get_super_global(\phpbb\request\request_interface::GET); $post_parameters = $phpbb_request->get_super_global(\phpbb\request\request_interface::POST); $server_parameters = $phpbb_request->get_super_global(\phpbb\request\request_interface::SERVER); $files_parameters = $phpbb_request->get_super_global(\phpbb\request\request_interface::FILES); $cookie_parameters = $phpbb_request->get_super_global(\phpbb\request\request_interface::COOKIE); - array_walk_recursive($get_parameters, $sanitizer); - array_walk_recursive($post_parameters, $sanitizer); - parent::__construct($get_parameters, $post_parameters, array(), $cookie_parameters, $files_parameters, $server_parameters); } } diff --git a/phpBB/phpbb/template/twig/twig.php b/phpBB/phpbb/template/twig/twig.php index a3b002f350..5b71bb5e8a 100644 --- a/phpBB/phpbb/template/twig/twig.php +++ b/phpBB/phpbb/template/twig/twig.php @@ -189,13 +189,24 @@ class twig extends \phpbb\template\base { $path = $this->phpbb_root_path . trim($directory, '/') . "/{$name}/"; $template_path = $path . 'template/'; + $theme_path = $path . 'theme/'; + $is_valid_dir = false; if (is_dir($template_path)) { + $is_valid_dir = true; + $paths[] = $template_path; + } + if (is_dir($theme_path)) + { + $is_valid_dir = true; + $paths[] = $theme_path; + } + + if ($is_valid_dir) + { // Add the base style directory as a safe directory $this->twig->getLoader()->addSafeDirectory($path); - - $paths[] = $template_path; } } } @@ -253,25 +264,38 @@ class twig extends \phpbb\template\base { $ext_style_template_path = $ext_path . $template_dir['ext_path']; $ext_style_path = dirname($ext_style_template_path); + $ext_style_theme_path = $ext_style_path . 'theme/'; } else { $ext_style_path = $ext_path . 'styles/' . $template_dir['name'] . '/'; $ext_style_template_path = $ext_style_path . 'template/'; + $ext_style_theme_path = $ext_style_path . 'theme/'; } } else { $ext_style_path = $ext_path . 'styles/' . $template_dir . '/'; $ext_style_template_path = $ext_style_path . 'template/'; + $ext_style_theme_path = $ext_style_path . 'theme/'; } + $ok = false; if (is_dir($ext_style_template_path)) { + $ok = true; + $paths[] = $ext_style_template_path; + } + if (is_dir($ext_style_theme_path)) + { + $ok = true; + $paths[] = $ext_style_theme_path; + } + + if ($ok) + { // Add the base style directory as a safe directory $this->twig->getLoader()->addSafeDirectory($ext_style_path); - - $paths[] = $ext_style_template_path; } } diff --git a/phpBB/phpbb/version_helper.php b/phpBB/phpbb/version_helper.php index 968a57428f..c3c3602944 100644 --- a/phpBB/phpbb/version_helper.php +++ b/phpBB/phpbb/version_helper.php @@ -239,7 +239,7 @@ class version_helper */ public function get_versions($force_update = false, $force_cache = false) { - $cache_file = 'versioncheck_' . $this->host . $this->path . $this->file; + $cache_file = '_versioncheck_' . $this->host . $this->path . $this->file; $info = $this->cache->get($cache_file); @@ -271,7 +271,7 @@ class version_helper { foreach ($branches as $branch => $branch_data) { - $info[$stability][$branch]['announcement'] = str_replace('&', '&', $branch_data['announcement']); + $info[$stability][$branch]['announcement'] = (!empty($branch_data['announcement'])) ? str_replace('&', '&', $branch_data['announcement']) : ''; } } diff --git a/phpBB/posting.php b/phpBB/posting.php index 764a16d386..4c32276d17 100644 --- a/phpBB/posting.php +++ b/phpBB/posting.php @@ -73,7 +73,6 @@ $current_time = time(); * @var bool preview Whether or not the post is being previewed * @var bool save Whether or not a draft is being saved * @var bool load Whether or not a draft is being loaded -* @var bool delete Whether or not the post is being deleted * @var bool cancel Whether or not to cancel the form (returns to * viewtopic or viewforum depending on if the user * is posting a new topic or editing a post) @@ -85,6 +84,7 @@ $current_time = time(); * NOTE: Should be actual language strings, NOT * language keys. * @since 3.1.0-a1 +* @change 3.1.2-RC1 Removed 'delete' var as it does not exist */ $vars = array( 'post_id', @@ -96,7 +96,6 @@ $vars = array( 'preview', 'save', 'load', - 'delete', 'cancel', 'refresh', 'mode', @@ -870,6 +869,43 @@ if ($submit || $preview || $refresh) // Parse Attachments - before checksum is calculated $message_parser->parse_attachments('fileupload', $mode, $forum_id, $submit, $preview, $refresh); + /** + * This event allows you to modify message text before parsing + * + * @event core.posting_modify_message_text + * @var array post_data Array with post data + * @var string mode What action to take if the form is submitted + * post|reply|quote|edit|delete|bump|smilies|popup + * @var int post_id ID of the post + * @var int topic_id ID of the topic + * @var int forum_id ID of the forum + * @var bool submit Whether or not the form has been submitted + * @var bool preview Whether or not the post is being previewed + * @var bool save Whether or not a draft is being saved + * @var bool load Whether or not a draft is being loaded + * @var bool cancel Whether or not to cancel the form (returns to + * viewtopic or viewforum depending on if the user + * is posting a new topic or editing a post) + * @var bool refresh Whether or not to retain previously submitted data + * @var object message_parser The message parser object + * @since 3.1.2-RC1 + */ + $vars = array( + 'post_data', + 'mode', + 'post_id', + 'topic_id', + 'forum_id', + 'submit', + 'preview', + 'save', + 'load', + 'cancel', + 'refresh', + 'message_parser', + ); + extract($phpbb_dispatcher->trigger_event('core.posting_modify_message_text', compact($vars))); + // Grab md5 'checksum' of new message $message_md5 = md5($message_parser->message); @@ -1727,7 +1763,6 @@ $page_data = array( * @var bool preview Whether or not the post is being previewed * @var bool save Whether or not a draft is being saved * @var bool load Whether or not a draft is being loaded -* @var bool delete Whether or not the post is being deleted * @var bool cancel Whether or not to cancel the form (returns to * viewtopic or viewforum depending on if the user * is posting a new topic or editing a post) @@ -1744,6 +1779,7 @@ $page_data = array( * s_topic_icons, form_enctype, s_action, s_hidden_fields, * post_id, topic_id, forum_id, submit, preview, save, load, * delete, cancel, refresh, error, page_data, message_parser +* @change 3.1.2-RC1 Removed 'delete' var as it does not exist */ $vars = array( 'post_data', @@ -1761,7 +1797,6 @@ $vars = array( 'preview', 'save', 'load', - 'delete', 'cancel', 'refresh', 'error', diff --git a/phpBB/search.php b/phpBB/search.php index 0d269c5606..e80a89b382 100644 --- a/phpBB/search.php +++ b/phpBB/search.php @@ -922,7 +922,7 @@ if ($keywords || $author || $author_id || $search_id || $submit) $posts_unapproved = ($row['topic_visibility'] == ITEM_APPROVED && $row['topic_posts_unapproved'] && $auth->acl_get('m_approve', $forum_id)) ? true : false; $topic_deleted = $row['topic_visibility'] == ITEM_DELETED; $u_mcp_queue = ($topic_unapproved || $posts_unapproved) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&mode=' . (($topic_unapproved) ? 'approve_details' : 'unapproved_posts') . "&t=$result_topic_id", true, $user->session_id) : ''; - $u_mcp_queue = (!$u_mcp_queue && $topic_deleted) ? append_sid("{$phpbb_root_path}mcp.$phpEx", "i=queue&mode=deleted_topics&t=$result_topic_id", true, $user->session_id) : ''; + $u_mcp_queue = (!$u_mcp_queue && $topic_deleted) ? append_sid("{$phpbb_root_path}mcp.$phpEx", "i=queue&mode=deleted_topics&t=$result_topic_id", true, $user->session_id) : $u_mcp_queue; $row['topic_title'] = preg_replace('#(?!<.*)(?<!\w)(' . $hilit . ')(?!\w|[^<>]*(?:</s(?:cript|tyle))?>)#is', '<span class="posthilit">$1</span>', $row['topic_title']); diff --git a/phpBB/styles/prosilver/style.cfg b/phpBB/styles/prosilver/style.cfg index de7b38c90b..9684df73ba 100644 --- a/phpBB/styles/prosilver/style.cfg +++ b/phpBB/styles/prosilver/style.cfg @@ -21,8 +21,8 @@ # General Information about this style name = prosilver copyright = © phpBB Limited, 2007 -style_version = 3.1.0 -phpbb_version = 3.1.0 +style_version = 3.1.1 +phpbb_version = 3.1.1 # Defining a different template bitfield # template_bitfield = lNg= diff --git a/phpBB/styles/prosilver/template/confirm_delete_body.html b/phpBB/styles/prosilver/template/confirm_delete_body.html index f164b5f357..f0a7ab2bdb 100644 --- a/phpBB/styles/prosilver/template/confirm_delete_body.html +++ b/phpBB/styles/prosilver/template/confirm_delete_body.html @@ -2,6 +2,7 @@ <form action="{S_CONFIRM_ACTION}" method="post"> <p>{MESSAGE_TEXT}</p> + <!-- IF not S_SHADOW_TOPICS --> <!-- IF not S_SOFTDELETED and S_ALLOWED_DELETE and S_ALLOWED_SOFTDELETE --> <label> <strong>{L_DELETE_PERMANENTLY}{L_COLON}</strong> @@ -14,6 +15,7 @@ <strong>{L_DELETE_REASON}{L_COLON}</strong><br /><span>{L_DELETE_REASON_EXPLAIN}</span><br /> <input type="text" name="delete_reason" value="" class="inputbox autowidth" maxlength="120" size="45" /> </label> + <!-- ENDIF --> <fieldset class="submit-buttons"> <input type="button" name="confirm" value="{L_YES}" class="button1" /> @@ -33,6 +35,7 @@ <p>{MESSAGE_TEXT}</p> + <!-- IF not S_SHADOW_TOPICS --> <fieldset class="fields1"> <!-- IF not S_SOFTDELETED and S_ALLOWED_DELETE and S_ALLOWED_SOFTDELETE --> <dl> @@ -51,6 +54,7 @@ <dd><input type="text" name="delete_reason" id="delete_reason" value="" class="inputbox autowidth" maxlength="120" size="45" /></dd> </dl> </fieldset> + <!-- ENDIF --> <fieldset class="submit-buttons"> {S_HIDDEN_FIELDS} diff --git a/phpBB/styles/prosilver/template/index_body.html b/phpBB/styles/prosilver/template/index_body.html index 1e1eb22c6f..f620b6e966 100644 --- a/phpBB/styles/prosilver/template/index_body.html +++ b/phpBB/styles/prosilver/template/index_body.html @@ -13,6 +13,8 @@ <!-- INCLUDE forumlist_body.html --> +<!-- EVENT index_body_forumlist_body_after --> + <!-- IF not S_USER_LOGGED_IN and not S_IS_BOT --> <form method="post" action="{S_LOGIN_ACTION}" class="headerspace"> <h3><a href="{U_LOGIN_LOGOUT}">{L_LOGIN_LOGOUT}</a><!-- IF S_REGISTER_ENABLED --> • <a href="{U_REGISTER}">{L_REGISTER}</a><!-- ENDIF --></h3> diff --git a/phpBB/styles/prosilver/template/memberlist_email.html b/phpBB/styles/prosilver/template/memberlist_email.html index 865f0b883c..e848844093 100644 --- a/phpBB/styles/prosilver/template/memberlist_email.html +++ b/phpBB/styles/prosilver/template/memberlist_email.html @@ -77,10 +77,12 @@ <span>{L_EMAIL_BODY_EXPLAIN}</span></dt> <dd><textarea class="inputbox" name="message" id="message" rows="15" cols="76" tabindex="4">{MESSAGE}</textarea></dd> </dl> + <!-- IF S_REGISTERED_USER --> <dl> <dt> </dt> <dd><label for="cc_email"><input type="checkbox" name="cc_email" id="cc_email" value="1" checked="checked" tabindex="5" /> {L_CC_EMAIL}</label></dd> </dl> + <!-- ENDIF --> </fieldset> </div> diff --git a/phpBB/styles/prosilver/template/memberlist_search.html b/phpBB/styles/prosilver/template/memberlist_search.html index 4fba966151..ef5d29a8fa 100644 --- a/phpBB/styles/prosilver/template/memberlist_search.html +++ b/phpBB/styles/prosilver/template/memberlist_search.html @@ -6,6 +6,7 @@ <p>{L_FIND_USERNAME_EXPLAIN}</p> + <!-- EVENT memberlist_search_fields_before --> <fieldset class="fields1 column1"> <dl style="overflow: visible;"> <dt><label for="username">{L_USERNAME}{L_COLON}</label></dt> @@ -39,6 +40,7 @@ <dt><label for="search_group_id">{L_GROUP}{L_COLON}</label></dt> <dd><select name="search_group_id" id="search_group_id">{S_GROUP_SELECT}</select></dd> </dl> + <!-- EVENT memberlist_search_sorting_options_before --> <dl> <dt><label for="sk" class="label3">{L_SORT_BY}{L_COLON}</label></dt> <dd><select name="sk" id="sk">{S_SORT_OPTIONS}</select> <select name="sd">{S_ORDER_SELECT}</select></dd> @@ -66,6 +68,7 @@ <dd><input class="inputbox medium" type="text" name="ip" id="ip" value="{IP}" /></dd> </dl> <!-- ENDIF --> + <!-- EVENT memberlist_search_fields_after --> </fieldset> <div class="clear"></div> diff --git a/phpBB/styles/prosilver/template/posting_buttons.html b/phpBB/styles/prosilver/template/posting_buttons.html index 3dad6606bb..1555b12369 100644 --- a/phpBB/styles/prosilver/template/posting_buttons.html +++ b/phpBB/styles/prosilver/template/posting_buttons.html @@ -92,6 +92,9 @@ <!-- ENDIF --> </select> <input type="button" class="button2 bbcode-color" name="bbpalette" id="bbpalette" value="{L_FONT_COLOR}" onclick="change_palette();" title="{L_BBCODE_S_HELP}" /> + + <!-- EVENT posting_editor_buttons_custom_tags_before --> + <!-- BEGIN custom_tags --> <input type="button" class="button2 bbcode-{custom_tags.BBCODE_TAG_CLEAN}" name="addbbcode{custom_tags.BBCODE_ID}" value="{custom_tags.BBCODE_TAG}" onclick="bbstyle({custom_tags.BBCODE_ID})" title="{custom_tags.BBCODE_HELPLINE}" /> <!-- END custom_tags --> diff --git a/phpBB/styles/prosilver/template/ucp_pm_viewmessage.html b/phpBB/styles/prosilver/template/ucp_pm_viewmessage.html index 8a6ea1a0bb..02c5f5b1a5 100644 --- a/phpBB/styles/prosilver/template/ucp_pm_viewmessage.html +++ b/phpBB/styles/prosilver/template/ucp_pm_viewmessage.html @@ -29,7 +29,7 @@ <!-- IF RANK_TITLE or RANK_IMG --><dd class="profile-rank">{RANK_TITLE}<!-- IF RANK_TITLE and RANK_IMG --><br /><!-- ENDIF -->{RANK_IMG}</dd><!-- ENDIF --> - <dd class="profile-posts"><strong>{L_POSTS}{L_COLON}</strong> {AUTHOR_POSTS}</dd> + <dd class="profile-posts"><strong>{L_POSTS}{L_COLON}</strong> <!-- IF U_AUTHOR_POSTS != '' --><a href="{U_AUTHOR_POSTS}">{AUTHOR_POSTS}</a><!-- ELSE -->{AUTHOR_POSTS}<!-- ENDIF --></dd> <!-- IF AUTHOR_JOINED --><dd class="profile-joined"><strong>{L_JOINED}{L_COLON}</strong> {AUTHOR_JOINED}</dd><!-- ENDIF --> <!-- EVENT ucp_pm_viewmessage_custom_fields_before --> diff --git a/phpBB/styles/prosilver/theme/common.css b/phpBB/styles/prosilver/theme/common.css index adcd04b15e..9da24b6ef9 100644 --- a/phpBB/styles/prosilver/theme/common.css +++ b/phpBB/styles/prosilver/theme/common.css @@ -601,7 +601,7 @@ ul.linklist.bulletin > li.no-bulletin:before { } .breadcrumbs .crumb:before { - content: '‹'; + content: '\2039'; font-weight: bold; padding: 0 0.5em; } diff --git a/phpBB/styles/subsilver2/style.cfg b/phpBB/styles/subsilver2/style.cfg index 685e876cc7..3b33c07002 100644 --- a/phpBB/styles/subsilver2/style.cfg +++ b/phpBB/styles/subsilver2/style.cfg @@ -21,8 +21,8 @@ # General Information about this style name = subsilver2 copyright = © 2005 phpBB Limited -style_version = 3.1.0 -phpbb_version = 3.1.0 +style_version = 3.1.1 +phpbb_version = 3.1.1 # Defining a different template bitfield # template_bitfield = lNg= diff --git a/phpBB/styles/subsilver2/template/confirm_delete_body.html b/phpBB/styles/subsilver2/template/confirm_delete_body.html index 18df397fc3..44aec9b60a 100644 --- a/phpBB/styles/subsilver2/template/confirm_delete_body.html +++ b/phpBB/styles/subsilver2/template/confirm_delete_body.html @@ -14,6 +14,7 @@ <p class="gen">{MESSAGE_TEXT}</p> <br /> + <!-- IF not S_SHADOW_TOPICS --> <table border="0" width="90%" cellspacing="2" cellpadding="1"> <!-- IF not S_SOFTDELETED and S_ALLOWED_DELETE and S_ALLOWED_SOFTDELETE --> <tr> @@ -30,6 +31,7 @@ </tr> </table> <br /> + <!-- ENDIF --> {S_HIDDEN_FIELDS} <input type="submit" name="confirm" value="{L_YES}" class="btnmain" /> diff --git a/phpBB/styles/subsilver2/template/index_body.html b/phpBB/styles/subsilver2/template/index_body.html index 1a2786015f..bfc2229221 100644 --- a/phpBB/styles/subsilver2/template/index_body.html +++ b/phpBB/styles/subsilver2/template/index_body.html @@ -14,6 +14,8 @@ <!-- INCLUDE forumlist_body.html --> +<!-- EVENT index_body_forumlist_body_after --> + <!-- IF not S_IS_BOT or U_TEAM --> <span class="gensmall"> <!-- IF not S_IS_BOT --><a href="{U_DELETE_COOKIES}">{L_DELETE_COOKIES}</a><!-- ENDIF --> diff --git a/phpBB/styles/subsilver2/template/memberlist_email.html b/phpBB/styles/subsilver2/template/memberlist_email.html index 13ff4baace..b52513c241 100644 --- a/phpBB/styles/subsilver2/template/memberlist_email.html +++ b/phpBB/styles/subsilver2/template/memberlist_email.html @@ -66,6 +66,7 @@ <td class="row1" valign="top"><b class="genmed">{L_MESSAGE_BODY}</b><br /><span class="gensmall">{L_EMAIL_BODY_EXPLAIN}</span></td> <td class="row2"><textarea class="post" name="message" rows="15" cols="76" tabindex="3">{MESSAGE}</textarea></td> </tr> + <!-- IF S_REGISTERED_USER --> <tr> <td class="row1" valign="top"><span class="gen"><b>{L_OPTIONS}</b></span></td> <td class="row2"> @@ -77,6 +78,7 @@ </table> </td> </tr> + <!-- ENDIF --> <tr> <td class="cat" colspan="2" align="center"><input type="submit" tabindex="6" name="submit" class="btnmain" value="{L_SEND_EMAIL}" /></td> </tr> diff --git a/phpBB/styles/subsilver2/template/memberlist_search.html b/phpBB/styles/subsilver2/template/memberlist_search.html index 12dd10be2e..2096062607 100644 --- a/phpBB/styles/subsilver2/template/memberlist_search.html +++ b/phpBB/styles/subsilver2/template/memberlist_search.html @@ -66,6 +66,7 @@ <form method="post" action="{S_MODE_ACTION}" name="search"> +<!-- EVENT memberlist_search_fields_before --> <table class="tablebg" width="100%" cellspacing="1"> <tr> <th colspan="4">{L_FIND_USERNAME}</th> @@ -111,6 +112,7 @@ <td colspan="2" class="row1"> </td> <!-- ENDIF --> </tr> +<!-- EVENT memberlist_search_sorting_options_before --> <tr> <td class="row1"><b class="genmed">{L_SORT_BY}{L_COLON}</b></td> <td class="row2" nowrap="nowrap"><select name="sk">{S_SORT_OPTIONS}</select> <select name="sd">{S_ORDER_SELECT}</select> </td> @@ -120,6 +122,7 @@ <td class="cat" colspan="4" align="center"><input class="btnmain" type="submit" name="submit" value="{L_SEARCH}" /> <input class="btnlite" type="reset" value="{L_RESET}" /></td> </tr> </table> +<!-- EVENT memberlist_search_fields_after --> {S_FORM_TOKEN} </form> diff --git a/phpBB/styles/subsilver2/template/posting_buttons.html b/phpBB/styles/subsilver2/template/posting_buttons.html index d1c0f79a16..516cd0922b 100644 --- a/phpBB/styles/subsilver2/template/posting_buttons.html +++ b/phpBB/styles/subsilver2/template/posting_buttons.html @@ -69,21 +69,18 @@ <!-- ENDIF --> </select></span> </div> - <!-- EVENT posting_editor_buttons_after --> -<!-- ENDIF --> - </td> -</tr> -<!-- IF S_BBCODE_ALLOWED and .custom_tags --> - <tr valign="middle" align="{S_CONTENT_FLOW_BEGIN}"> - <td colspan="2"> + <!-- EVENT posting_editor_buttons_custom_tags_before --> + <!-- IF .custom_tags --> <div id="custom-bbcode-buttons"> - <!-- BEGIN custom_tags --> + <!-- BEGIN custom_tags --> <input type="button" class="btnbbcode bbcode-{custom_tags.BBCODE_TAG_CLEAN}" name="addbbcode{custom_tags.BBCODE_ID}" value="{custom_tags.BBCODE_TAG}" onclick="bbstyle({custom_tags.BBCODE_ID})"<!-- IF custom_tags.BBCODE_HELPLINE !== '' --> onmouseover="helpline('cb_{custom_tags.BBCODE_ID}')" onmouseout="helpline('tip')"<!-- ENDIF --> /> - <!-- END custom_tags --> + <!-- END custom_tags --> </div> - </td> - </tr> + <!-- ENDIF --> + <!-- EVENT posting_editor_buttons_after --> <!-- ENDIF --> + </td> +</tr> <!-- IF S_BBCODE_ALLOWED --> <tr> <td<!-- IF $S_SIGNATURE or S_EDIT_DRAFT --> colspan="2"<!-- ENDIF -->><input type="text" readonly="readonly" name="helpbox" style="width:100%" class="helpline" value="{L_STYLES_TIP}" /></td> diff --git a/phpBB/viewforum.php b/phpBB/viewforum.php index 6379da6802..1f455494f7 100644 --- a/phpBB/viewforum.php +++ b/phpBB/viewforum.php @@ -504,8 +504,8 @@ if ($start > $topics_count / 2) // Select the sort order $direction = (($sort_dir == 'd') ? 'ASC' : 'DESC'); - $sql_limit = $pagination->reverse_limit($start, $sql_limit, $topics_count); - $sql_start = $pagination->reverse_start($start, $sql_limit, $topics_count); + $sql_limit = $pagination->reverse_limit($start, $sql_limit, $topics_count - sizeof($announcement_list)); + $sql_start = $pagination->reverse_start($start, $sql_limit, $topics_count - sizeof($announcement_list)); } else { @@ -694,10 +694,10 @@ if ($s_display_active) // We need to remove the global announcements from the forums total topic count, // otherwise the number is different from the one on the forum list -$total_topic_count = $topics_count - sizeof($global_announce_forums); +$total_topic_count = $topics_count - sizeof($announcement_list); $base_url = append_sid("{$phpbb_root_path}viewforum.$phpEx", "f=$forum_id" . ((strlen($u_sort_param)) ? "&$u_sort_param" : '')); -$pagination->generate_template_pagination($base_url, 'pagination', 'start', $topics_count, $config['topics_per_page'], $start); +$pagination->generate_template_pagination($base_url, 'pagination', 'start', $total_topic_count, $config['topics_per_page'], $start); $template->assign_vars(array( 'TOTAL_TOPICS' => ($s_display_active) ? false : $user->lang('VIEW_FORUM_TOPICS', (int) $total_topic_count), diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index 7bedcdfb49..a44169d3f1 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -616,7 +616,9 @@ $base_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&t= * @var int topic_id Topic ID * @var array topic_tracking_info Array with topic tracking data * @var int total_posts Topic total posts count +* @var string viewtopic_url URL to the topic page * @since 3.1.0-RC4 +* @change 3.1.2-RC1 Added viewtopic_url */ $vars = array( 'base_url', @@ -628,6 +630,7 @@ $vars = array( 'topic_id', 'topic_tracking_info', 'total_posts', + 'viewtopic_url', ); extract($phpbb_dispatcher->trigger_event('core.viewtopic_assign_template_vars_before', compact($vars))); @@ -1247,7 +1250,7 @@ while ($row = $db->sql_fetchrow($result)) 'contact_user' => $user->lang('CONTACT_USER', get_username_string('username', $poster_id, $row['username'], $row['user_colour'], $row['username'])), 'online' => false, - 'jabber' => ($row['user_jabber'] && $auth->acl_get('u_sendim')) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=contact&action=jabber&u=$poster_id") : '', + 'jabber' => ($config['jab_enable'] && $row['user_jabber'] && $auth->acl_get('u_sendim')) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=contact&action=jabber&u=$poster_id") : '', 'search' => ($config['load_search'] && $auth->acl_get('u_search')) ? append_sid("{$phpbb_root_path}search.$phpEx", "author_id=$poster_id&sr=posts") : '', 'author_full' => get_username_string('full', $poster_id, $row['username'], $row['user_colour']), |