diff options
Diffstat (limited to 'phpBB')
25 files changed, 410 insertions, 40 deletions
diff --git a/phpBB/adm/style/acp_forums.html b/phpBB/adm/style/acp_forums.html index 9f9216a068..d27cea28f7 100644 --- a/phpBB/adm/style/acp_forums.html +++ b/phpBB/adm/style/acp_forums.html @@ -58,7 +58,7 @@ /** * Init the wanted display functionality if javascript is enabled. - * If javascript is not available, the user is still able to properly administrate. + * If javascript is not available, the user is still able to properly administer. */ onload = function() { diff --git a/phpBB/adm/style/acp_styles.html b/phpBB/adm/style/acp_styles.html index 5bde4008ad..cb4361dd6f 100644 --- a/phpBB/adm/style/acp_styles.html +++ b/phpBB/adm/style/acp_styles.html @@ -77,7 +77,7 @@ /** * Init the wanted display functionality if javascript is enabled. - * If javascript is not available, the user is still able to properly administrate. + * If javascript is not available, the user is still able to properly administer. */ onload = function() { diff --git a/phpBB/adm/style/captcha_recaptcha.html b/phpBB/adm/style/captcha_recaptcha.html index 702a4a1099..d3038fd714 100644 --- a/phpBB/adm/style/captcha_recaptcha.html +++ b/phpBB/adm/style/captcha_recaptcha.html @@ -4,7 +4,8 @@ <script type="text/javascript"> // <![CDATA[ var RecaptchaOptions = { - lang : '{LA_RECAPTCHA_LANG}' + lang : '{LA_RECAPTCHA_LANG}', + theme : 'clean' }; // ]]> </script> diff --git a/phpBB/develop/check_flash_bbcodes.php b/phpBB/develop/check_flash_bbcodes.php new file mode 100644 index 0000000000..b0fa399209 --- /dev/null +++ b/phpBB/develop/check_flash_bbcodes.php @@ -0,0 +1,163 @@ +<?php +/** +* +* @package phpBB3 +* @version $Id$ +* @copyright (c) 2009, 2010 phpBB Group +* @license http://opensource.org/licenses/gpl-license.php GNU Public License +* +*/ + +/** +* This script will check your database for potentially dangerous flash BBCode tags +*/ + +// +// Security message: +// +// This script is potentially dangerous. +// Remove or comment the next line (die(".... ) to enable this script. +// Do NOT FORGET to either remove this script or disable it after you have used it. +// +die("Please read the first lines of this script for instructions on how to enable it\n"); + +/** +*/ +define('IN_PHPBB', true); +$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './'; +$phpEx = substr(strrchr(__FILE__, '.'), 1); +include($phpbb_root_path . 'common.' . $phpEx); + +if (php_sapi_name() != 'cli') +{ + header('Content-Type: text/plain'); +} + +check_table_flash_bbcodes(POSTS_TABLE, 'post_id', 'post_text', 'bbcode_uid', 'bbcode_bitfield'); +check_table_flash_bbcodes(PRIVMSGS_TABLE, 'msg_id', 'message_text', 'bbcode_uid', 'bbcode_bitfield'); +check_table_flash_bbcodes(USERS_TABLE, 'user_id', 'user_sig', 'user_sig_bbcode_uid', 'user_sig_bbcode_bitfield'); +check_table_flash_bbcodes(FORUMS_TABLE, 'forum_id', 'forum_desc', 'forum_desc_uid', 'forum_desc_bitfield'); +check_table_flash_bbcodes(FORUMS_TABLE, 'forum_id', 'forum_rules', 'forum_rules_uid', 'forum_rules_bitfield'); +check_table_flash_bbcodes(GROUPS_TABLE, 'group_id', 'group_desc', 'group_desc_uid', 'group_desc_bitfield'); + +echo "If potentially dangerous flash bbcodes were found, please reparse the posts using the Support Toolkit (http://www.phpbb.com/support/stk/) and/or file a ticket in the Incident Tracker (http://www.phpbb.com/incidents/).\n"; + +function check_table_flash_bbcodes($table_name, $id_field, $content_field, $uid_field, $bitfield_field) +{ + echo "Checking $content_field on $table_name\n"; + + $ids = get_table_flash_bbcode_pkids($table_name, $id_field, $content_field, $uid_field, $bitfield_field); + + $size = sizeof($ids); + if ($size) + { + echo "Found $size potentially dangerous flash bbcodes.\n"; + echo "$id_field: " . implode(', ', $ids) . "\n"; + } + else + { + echo "No potentially dangerous flash bbcodes found.\n"; + } + + echo "\n"; +} + +function get_table_flash_bbcode_pkids($table_name, $id_field, $content_field, $uid_field, $bitfield_field) +{ + global $db; + + $ids = array(); + + $sql = "SELECT $id_field, $content_field, $uid_field, $bitfield_field + FROM $table_name + WHERE $content_field LIKE '%[/flash:%' + AND $bitfield_field <> ''"; + + $result = $db->sql_query($sql); + while ($row = $db->sql_fetchrow($result)) + { + $uid = $row[$uid_field]; + + // thanks support toolkit + $content = html_entity_decode_utf8($row[$content_field]); + set_var($content, $content, 'string', true); + $content = utf8_normalize_nfc($content); + + $bitfield_data = $row[$bitfield_field]; + + if (!is_valid_flash_bbcode($content, $uid) && has_flash_enabled($bitfield_data)) + { + $ids[] = (int) $row[$id_field]; + } + } + $db->sql_freeresult($result); + + return $ids; +} + +function get_flash_regex($uid) +{ + return "#\[flash=([0-9]+),([0-9]+):$uid\](.*?)\[/flash:$uid\]#"; +} + +// extract all valid flash bbcodes +// check if the bbcode content is a valid URL for each match +function is_valid_flash_bbcode($cleaned_content, $uid) +{ + $regex = get_flash_regex($uid); + + $url_regex = get_preg_expression('url'); + $www_url_regex = get_preg_expression('www_url'); + + if (preg_match_all($regex, $cleaned_content, $matches)) + { + foreach ($matches[3] as $flash_url) + { + if (!preg_match("#^($url_regex|$www_url_regex)$#i", $flash_url)) + { + return false; + } + } + } + + return true; +} + +// check if a bitfield includes flash +// 11 = flash bit +function has_flash_enabled($bitfield_data) +{ + $bitfield = new bitfield($bitfield_data); + return $bitfield->get(11); +} + +// taken from support toolkit +function html_entity_decode_utf8($string) +{ + static $trans_tbl; + + // replace numeric entities + $string = preg_replace('~&#x([0-9a-f]+);~ei', 'code2utf8(hexdec("\\1"))', $string); + $string = preg_replace('~&#([0-9]+);~e', 'code2utf8(\\1)', $string); + + // replace literal entities + if (!isset($trans_tbl)) + { + $trans_tbl = array(); + + foreach (get_html_translation_table(HTML_ENTITIES) as $val=>$key) + $trans_tbl[$key] = utf8_encode($val); + } + return strtr($string, $trans_tbl); +} + +// taken from support toolkit +// Returns the utf string corresponding to the unicode value (from php.net, courtesy - romans@void.lv) +function code2utf8($num) +{ + if ($num < 128) return chr($num); + if ($num < 2048) return chr(($num >> 6) + 192) . chr(($num & 63) + 128); + if ($num < 65536) return chr(($num >> 12) + 224) . chr((($num >> 6) & 63) + 128) . chr(($num & 63) + 128); + if ($num < 2097152) return chr(($num >> 18) + 240) . chr((($num >> 12) & 63) + 128) . chr((($num >> 6) & 63) + 128) . chr(($num & 63) + 128); + return ''; +} diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index f5d6da94b9..66915b18fa 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -90,6 +90,12 @@ <div class="content"> <a name="v307-PL1"></a><h3>1.i. Changes since 3.0.7-PL1</h3> +<h4> Security +</h4> +<ul> +<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9903'>PHPBB3-9903</a>] - Execute javascript in [flash=] BBCode +</li> +</ul> <h4> Bug </h4> @@ -404,6 +410,8 @@ </li> <li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9891'>PHPBB3-9891</a>] - Updater drops language-selection after database-update </li> +<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9509'>PHPBB3-9509</a>] - phpBB Coding Guidelines state subversion as the version control system for phpBB +</li> </ul> <h4> Improvement @@ -467,6 +475,8 @@ </li> <li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9880'>PHPBB3-9880</a>] - Rename all mentions of CAPTCHA or visual confirmation to anti-bot </li> +<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9899'>PHPBB3-9899</a>] - Change the style in the ACP for the recaptcha to match that displayed on prosilver +</li> </ul> <h4> New Feature @@ -509,6 +519,8 @@ </li> <li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9868'>PHPBB3-9868</a>] - Make the test suite run and pass using the mssqlnative driver </li> +<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9904'>PHPBB3-9904</a>] - Update WebPI Parameters.xml +</li> </ul> <h4> Sub-task diff --git a/phpBB/docs/coding-guidelines.html b/phpBB/docs/coding-guidelines.html index 76afc79f99..5a73554741 100644 --- a/phpBB/docs/coding-guidelines.html +++ b/phpBB/docs/coding-guidelines.html @@ -2349,9 +2349,9 @@ if (utf8_case_fold_nfc($string1) == utf8_case_fold_nfc($string2)) </li> </ul> - <a name="commitmessage"></a><h3>7.ii. Commit Messages and Reposiory Rules</h3> + <a name="commitmessage"></a><h3>7.ii. Commit Messages and Repository Rules</h3> - <p>Information on repository rules, such as commit messages can be found at <a href="http://wiki.phpbb.com/display/DEV/Git" title="phpBB Git Information">http://wiki.phpbb.com/display/DEV/Git</a></p>. + <p>Information on repository rules, such as commit messages can be found at <a href="http://wiki.phpbb.com/display/DEV/Git" title="phpBB Git Information">http://wiki.phpbb.com/display/DEV/Git</a>.</p> </div> diff --git a/phpBB/docs/hook_system.html b/phpBB/docs/hook_system.html index 1bf4630a9f..34055c4661 100644 --- a/phpBB/docs/hook_system.html +++ b/phpBB/docs/hook_system.html @@ -380,6 +380,8 @@ a:active { color: #368AD2; } <code>$template->display($handle, $include_once = true);</code> which is called directly before outputting the (not-yet-compiled) template.<br /> <code>exit_handler();</code> which is called at the very end of phpBB3's execution.</p> +<p>Please note: The <code>$template->display</code> hook takes a third <code>$template</code> argument, which is the template instance being used, which should be used instead of the global.</p> + <p>There are also valid external constants you may want to use if you embed phpBB3 into your application:</p> <div class="codebox"><pre> diff --git a/phpBB/docs/lighttpd.sample.conf b/phpBB/docs/lighttpd.sample.conf new file mode 100644 index 0000000000..5873d1c945 --- /dev/null +++ b/phpBB/docs/lighttpd.sample.conf @@ -0,0 +1,60 @@ +# Sample lighttpd configuration file for phpBB. +# Global settings have been removed, copy them +# from your system's lighttpd.conf. +# Tested with lighttpd 1.4.26 + +# Load moules +server.modules += ( + "mod_access", + "mod_fastcgi", + "mod_accesslog" +) + +# If you have domains with and without www prefix, +# redirect one to the other. +$HTTP["host"] =~ "^(myforums\.com)$" { + url.redirect = ( + ".*" => "http://www.%1$0" + ) +} + +$HTTP["host"] == "www.myforums.com" { + server.name = "www.myforums.com" + server.document-root = "/path/to/phpbb" + server.dir-listing = "disable" + + index-file.names = ( "index.php", "index.htm", "index.html" ) + accesslog.filename = "/var/log/lighttpd/access-www.myforums.com.log" + + # Deny access to internal phpbb files. + $HTTP["url"] =~ "^/(config\.php|common\.php|includes|cache|files|store|images/avatars/upload)" { + url.access-deny = ( "" ) + } + + # Deny access to version control system directories. + $HTTP["url"] =~ "/\.svn|/\.git" { + url.access-deny = ( "" ) + } + + # Deny access to apache configuration files. + $HTTP["url"] =~ "/\.htaccess|/\.htpasswd|/\.htgroups" { + url.access-deny = ( "" ) + } + + fastcgi.server = ( ".php" => + (( + "bin-path" => "/usr/bin/php-cgi", + "socket" => "/tmp/php.socket", + "max-procs" => 4, + "idle-timeout" => 30, + "bin-environment" => ( + "PHP_FCGI_CHILDREN" => "10", + "PHP_FCGI_MAX_REQUESTS" => "10000" + ), + "bin-copy-environment" => ( + "PATH", "SHELL", "USER" + ), + "broken-scriptfilename" => "enable" + )) + ) +} diff --git a/phpBB/includes/acm/acm_wincache.php b/phpBB/includes/acm/acm_wincache.php new file mode 100644 index 0000000000..0501ab74c5 --- /dev/null +++ b/phpBB/includes/acm/acm_wincache.php @@ -0,0 +1,84 @@ +<?php +/** +* +* @package acm +* @copyright (c) 2010 phpBB Group +* @license http://opensource.org/licenses/gpl-license.php GNU Public License +* +*/ + +/** +* @ignore +*/ +if (!defined('IN_PHPBB')) +{ + exit; +} + +// Include the abstract base +if (!class_exists('acm_memory')) +{ + require("{$phpbb_root_path}includes/acm/acm_memory.$phpEx"); +} + +/** +* ACM for WinCache +* @package acm +*/ +class acm extends acm_memory +{ + var $extension = 'wincache'; + + /** + * Purge cache data + * + * @return void + */ + function purge() + { + wincache_ucache_clear(); + + parent::purge(); + } + + /** + * Fetch an item from the cache + * + * @access protected + * @param string $var Cache key + * @return mixed Cached data + */ + function _read($var) + { + $success = false; + $result = wincache_ucache_get($this->key_prefix . $var, $success); + + return ($success) ? $result : false; + } + + /** + * Store data in the cache + * + * @access protected + * @param string $var Cache key + * @param mixed $data Data to store + * @param int $ttl Time-to-live of cached data + * @return bool True if the operation succeeded + */ + function _write($var, $data, $ttl = 2592000) + { + return wincache_ucache_set($this->key_prefix . $var, $data, $ttl); + } + + /** + * Remove an item from the cache + * + * @access protected + * @param string $var Cache key + * @return bool True if the operation succeeded + */ + function _delete($var) + { + return wincache_ucache_delete($this->key_prefix . $var); + } +} diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index 2b19aa185d..90440f74b8 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -275,4 +275,4 @@ define('ZEBRA_TABLE', $table_prefix . 'zebra'); // Additional tables -?>
\ No newline at end of file +?> diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 561a9906c4..c7f19b709d 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2353,12 +2353,12 @@ function redirect($url, $return = false, $disable_cd_check = false) // Relative uri $pathinfo = pathinfo($url); - if (!$disable_cd_check && !file_exists($pathinfo['dirname'])) + if (!$disable_cd_check && !file_exists($pathinfo['dirname'] . '/')) { $url = str_replace('../', '', $url); $pathinfo = pathinfo($url); - if (!file_exists($pathinfo['dirname'])) + if (!file_exists($pathinfo['dirname'] . '/')) { // fallback to "last known user page" // at least this way we know the user does not leave the phpBB root diff --git a/phpBB/includes/functions_convert.php b/phpBB/includes/functions_convert.php index 9e26043b39..4a359dcade 100644 --- a/phpBB/includes/functions_convert.php +++ b/phpBB/includes/functions_convert.php @@ -1816,6 +1816,7 @@ function add_bots() 'Alta Vista [Bot]' => array('Scooter/', ''), 'Ask Jeeves [Bot]' => array('Ask Jeeves', ''), 'Baidu [Spider]' => array('Baiduspider+(', ''), + 'Bing [Bot]' => array('bingbot/', ''), 'Exabot [Bot]' => array('Exabot/', ''), 'FAST Enterprise [Crawler]' => array('FAST Enterprise Crawler', ''), 'FAST WebCrawler [Crawler]' => array('FAST-WebCrawler/', ''), diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index 952b55cc8c..b2d0b6c566 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -352,6 +352,15 @@ class bbcode_firstpass extends bbcode return '[flash=' . $width . ',' . $height . ']' . $in . '[/flash]'; } + $in = str_replace(' ', '%20', $in); + + // Make sure $in is a URL. + if (!preg_match('#^' . get_preg_expression('url') . '$#i', $in) && + !preg_match('#^' . get_preg_expression('www_url') . '$#i', $in)) + { + return '[flash=' . $width . ',' . $height . ']' . $in . '[/flash]'; + } + // Apply the same size checks on flash files as on images if ($config['max_' . $this->mode . '_img_height'] || $config['max_' . $this->mode . '_img_width']) { diff --git a/phpBB/includes/template.php b/phpBB/includes/template.php index f1c8094a9b..6347633b14 100644 --- a/phpBB/includes/template.php +++ b/phpBB/includes/template.php @@ -205,7 +205,7 @@ class template { global $user, $phpbb_hook; - if (!empty($phpbb_hook) && $phpbb_hook->call_hook(array(__CLASS__, __FUNCTION__), $handle, $include_once)) + if (!empty($phpbb_hook) && $phpbb_hook->call_hook(array(__CLASS__, __FUNCTION__), $handle, $include_once, $this)) { if ($phpbb_hook->hook_return(array(__CLASS__, __FUNCTION__))) { diff --git a/phpBB/includes/ucp/ucp_pm_viewmessage.php b/phpBB/includes/ucp/ucp_pm_viewmessage.php index 16700c490c..b91636a9c8 100644 --- a/phpBB/includes/ucp/ucp_pm_viewmessage.php +++ b/phpBB/includes/ucp/ucp_pm_viewmessage.php @@ -172,6 +172,8 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) // Number of "to" recipients $num_recipients = (int) preg_match_all('/:?(u|g)_([0-9]+):?/', $message_row['to_address'], $match); + $bbcode_status = ($config['allow_bbcode'] && $config['auth_bbcode_pm'] && $auth->acl_get('u_pm_bbcode')) ? true : false; + $template->assign_vars(array( 'MESSAGE_AUTHOR_FULL' => get_username_string('full', $author_id, $user_info['username'], $user_info['user_colour'], $user_info['username']), 'MESSAGE_AUTHOR_COLOUR' => get_username_string('colour', $author_id, $user_info['username'], $user_info['user_colour'], $user_info['username']), @@ -229,6 +231,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) 'S_AUTHOR_DELETED' => ($author_id == ANONYMOUS) ? true : false, 'S_SPECIAL_FOLDER' => in_array($folder_id, array(PRIVMSGS_NO_BOX, PRIVMSGS_OUTBOX)), 'S_PM_RECIPIENTS' => $num_recipients, + 'S_BBCODE_ALLOWED' => ($bbcode_status) ? 1 : 0, 'U_PRINT_PM' => ($config['print_pm'] && $auth->acl_get('u_pm_printpm')) ? "$url&f=$folder_id&p=" . $message_row['msg_id'] . "&view=print" : '', 'U_FORWARD_PM' => ($config['forward_pm'] && $auth->acl_get('u_sendpm') && $auth->acl_get('u_pm_forward')) ? "$url&mode=compose&action=forward&f=$folder_id&p=" . $message_row['msg_id'] : '') diff --git a/phpBB/install/database_update.php b/phpBB/install/database_update.php index 8d1755f8a6..10308826e0 100644 --- a/phpBB/install/database_update.php +++ b/phpBB/install/database_update.php @@ -914,6 +914,8 @@ function database_update_info() '3.0.7' => array(), // No changes from 3.0.7-PL1 to 3.0.8-RC1 '3.0.7-PL1' => array(), + // No changes from 3.0.8-RC1 to 3.0.8 + '3.0.8-RC1' => array(), ); } @@ -1852,6 +1854,10 @@ function change_database_data(&$no_updates, $version) $no_updates = false; break; + + // No changes from 3.0.8-RC1 to 3.0.8 + case '3.0.8-RC1': + break; } } @@ -3797,4 +3803,4 @@ class updater_db_tools } } -?>
\ No newline at end of file +?> diff --git a/phpBB/language/en/acp/board.php b/phpBB/language/en/acp/board.php index 753decd517..5293b835d6 100644 --- a/phpBB/language/en/acp/board.php +++ b/phpBB/language/en/acp/board.php @@ -51,7 +51,7 @@ $lang = array_merge($lang, array( 'SITE_NAME' => 'Site name', 'SYSTEM_DST' => 'Enable Summer Time/<abbr title="Daylight Saving Time">DST</abbr>', 'SYSTEM_TIMEZONE' => 'Guest timezone', - 'SYSTEM_TIMEZONE_EXPLAIN' => 'Timezone to use for displaying times to users who are not logged in (guests, bots). Logged in users set their timezone during registration and can change it in user control panel.', + 'SYSTEM_TIMEZONE_EXPLAIN' => 'Timezone to use for displaying times to users who are not logged in (guests, bots). Logged in users set their timezone during registration and can change it in their user control panel.', 'WARNINGS_EXPIRE' => 'Warning duration', 'WARNINGS_EXPIRE_EXPLAIN' => 'Number of days that will elapse before the warning will automatically expire from a user’s record.', )); @@ -325,7 +325,7 @@ $lang = array_merge($lang, array( 'VISUAL_CONFIRM_REG' => 'Enable spambot countermeasures for registrations', 'VISUAL_CONFIRM_REG_EXPLAIN' => 'Requires new users to pass the anti-spambot task to help prevent automated registrations.', 'VISUAL_CONFIRM_REFRESH' => 'Allow users to refresh the anti-spambot task', - 'VISUAL_CONFIRM_REFRESH_EXPLAIN' => 'Allows users to request a new anti-spambot task if they are unable to solve the currunt task during registration. Some plugins might not support this option.', + 'VISUAL_CONFIRM_REFRESH_EXPLAIN' => 'Allows users to request a new anti-spambot task if they are unable to solve the current task during registration. Some plugins might not support this option.', )); // Cookie Settings @@ -394,7 +394,7 @@ $lang = array_merge($lang, array( 'LDAP_NO_EMAIL' => 'The specified e-mail attribute does not exist.', 'LDAP_NO_IDENTITY' => 'Could not find a login identity for %s.', 'LDAP_PASSWORD' => 'LDAP password', - 'LDAP_PASSWORD_EXPLAIN' => 'Leave blank to use anonymous binding. Else fill in the password for the above user. Required for Active Directory Servers.<br /><em><strong>Warning:</strong> This password will be stored as plain text in the database, visible to everybody who can access your database or who can view this configuration page.</em>', + 'LDAP_PASSWORD_EXPLAIN' => 'Leave blank to use anonymous binding, otherwise fill in the password for the above user. Required for Active Directory Servers.<br /><em><strong>Warning:</strong> This password will be stored as plain text in the database, visible to everybody who can access your database or who can view this configuration page.</em>', 'LDAP_PORT' => 'LDAP server port', 'LDAP_PORT_EXPLAIN' => 'Optionally you can specify a port which should be used to connect to the LDAP server instead of the default port 389.', 'LDAP_SERVER' => 'LDAP server name', diff --git a/phpBB/language/en/acp/common.php b/phpBB/language/en/acp/common.php index 2c549f8130..8c71e936b3 100644 --- a/phpBB/language/en/acp/common.php +++ b/phpBB/language/en/acp/common.php @@ -255,7 +255,7 @@ $lang = array_merge($lang, array( 'MOVE_UP' => 'Move up', 'NOTIFY' => 'Notification', - 'NO_ADMIN' => 'You are not authorised to administrate this board.', + 'NO_ADMIN' => 'You are not authorised to administer this board.', 'NO_EMAILS_DEFINED' => 'No valid e-mail addresses found.', 'NO_PASSWORD_SUPPLIED' => 'You need to enter your password to access the Administration Control Panel.', diff --git a/phpBB/language/en/acp/groups.php b/phpBB/language/en/acp/groups.php index e8c1a3c494..3444b98303 100644 --- a/phpBB/language/en/acp/groups.php +++ b/phpBB/language/en/acp/groups.php @@ -36,7 +36,7 @@ if (empty($lang) || !is_array($lang)) // in a url you again do not need to specify an order e.g., 'Click %sHERE%s' is fine $lang = array_merge($lang, array( - 'ACP_GROUPS_MANAGE_EXPLAIN' => 'From this panel you can administrate all your usergroups. You can delete, create and edit existing groups. Furthermore, you may choose group leaders, toggle open/hidden/closed group status and set the group name and description.', + 'ACP_GROUPS_MANAGE_EXPLAIN' => 'From this panel you can administer all your usergroups. You can delete, create and edit existing groups. Furthermore, you may choose group leaders, toggle open/hidden/closed group status and set the group name and description.', 'ADD_USERS' => 'Add users', 'ADD_USERS_EXPLAIN' => 'Here you can add new users to the group. You may select whether this group becomes the new default for the selected users. Additionally you can define them as group leaders. Please enter each username on a separate line.', diff --git a/phpBB/language/en/install.php b/phpBB/language/en/install.php index 14923e836e..91ecb10848 100644 --- a/phpBB/language/en/install.php +++ b/phpBB/language/en/install.php @@ -370,7 +370,7 @@ $lang = array_merge($lang, array( // Updater $lang = array_merge($lang, array( - 'ALL_FILES_UP_TO_DATE' => 'All files are up to date with the latest phpBB version. You should now <a href="../ucp.php?mode=login&redirect=adm/index.php%3Fi=send_statistics%26mode=send_statistics">login to your board</a> and check if everything is working fine. Do not forget to delete, rename or move your install directory! Please send us updated information about your server and board configurations from the <a href="../ucp.php?mode=login&redirect=adm/index.php%3Fi=send_statistics%26mode=send_statistics">Send statistics</a> module in your ACP.', + 'ALL_FILES_UP_TO_DATE' => 'All files are up to date with the latest phpBB version. You should now <a href="../ucp.php?mode=login">login to your board</a> and check if everything is working fine. Do not forget to delete, rename or move your install directory! Please send us updated information about your server and board configurations from the <a href="../ucp.php?mode=login&redirect=adm/index.php%3Fi=send_statistics%26mode=send_statistics">Send statistics</a> module in your ACP.', 'ARCHIVE_FILE' => 'Source file within archive', 'BACK' => 'Back', diff --git a/phpBB/language/en/memberlist.php b/phpBB/language/en/memberlist.php index e7a9c6b88d..213f766610 100644 --- a/phpBB/language/en/memberlist.php +++ b/phpBB/language/en/memberlist.php @@ -131,7 +131,7 @@ $lang = array_merge($lang, array( 'SORT_POST_COUNT' => 'Post count', 'USERNAME_BEGINS_WITH' => 'Username begins with', - 'USER_ADMIN' => 'Administrate user', + 'USER_ADMIN' => 'Administer user', 'USER_BAN' => 'Banning', 'USER_FORUM' => 'User statistics', 'USER_LAST_REMINDED' => array( diff --git a/phpBB/language/en/search.php b/phpBB/language/en/search.php index d93fe6b56a..cd38cd615f 100644 --- a/phpBB/language/en/search.php +++ b/phpBB/language/en/search.php @@ -54,6 +54,7 @@ $lang = array_merge($lang, array( 'LOGIN_EXPLAIN_EGOSEARCH' => 'The board requires you to be registered and logged in to view your own posts.', 'LOGIN_EXPLAIN_UNREADSEARCH'=> 'The board requires you to be registered and logged in to view your unread posts.', + 'LOGIN_EXPLAIN_NEWPOSTS' => 'The board requires you to be registered and logged in to view new posts since your last visit.', 'MAX_NUM_SEARCH_KEYWORDS_REFINE' => 'You specified too many words to search for. Please do not enter more than %1$d words.', diff --git a/phpBB/posting.php b/phpBB/posting.php index f775699cee..7368026136 100644 --- a/phpBB/posting.php +++ b/phpBB/posting.php @@ -861,11 +861,18 @@ if ($submit || $preview || $refresh) { include($phpbb_root_path . 'includes/functions_user.' . $phpEx); + $user->add_lang('ucp'); + if (($result = validate_username($post_data['username'], (!empty($post_data['post_username'])) ? $post_data['post_username'] : '')) !== false) { - $user->add_lang('ucp'); $error[] = $user->lang[$result . '_USERNAME']; } + + if (($result = validate_string($post_data['username'], false, $config['min_name_chars'], $config['max_name_chars'])) !== false) + { + $min_max_amount = ($result == 'TOO_SHORT') ? $config['min_name_chars'] : $config['max_name_chars']; + $error[] = sprintf($user->lang['FIELD_' . $result], $user->lang['USERNAME'], $min_max_amount); + } } if ($config['enable_post_confirm'] && !$user->data['is_registered'] && in_array($mode, array('quote', 'post', 'reply'))) diff --git a/phpBB/search.php b/phpBB/search.php index 2a13e20477..2aa61401cf 100644 --- a/phpBB/search.php +++ b/phpBB/search.php @@ -47,32 +47,44 @@ $sort_dir = request_var('sd', 'd'); $return_chars = request_var('ch', ($topic_id) ? -1 : 300); $search_forum = request_var('fid', array(0)); -// We put login boxes for the case if search_id is egosearch or unreadposts +// We put login boxes for the case if search_id is newposts, egosearch or unreadposts // because a guest should be able to log in even if guests search is not permitted -// Egosearch is an author search -if ($search_id == 'egosearch') +switch ($search_id) { - $author_id = $user->data['user_id']; - - if ($user->data['user_id'] == ANONYMOUS) - { - login_box('', $user->lang['LOGIN_EXPLAIN_EGOSEARCH']); - } -} + // Egosearch is an author search + case 'egosearch': + $author_id = $user->data['user_id']; + if ($user->data['user_id'] == ANONYMOUS) + { + login_box('', $user->lang['LOGIN_EXPLAIN_EGOSEARCH']); + } + break; -// Search for unread posts needs to be allowed and user to be logged in if topics tracking for guests is disabled -if ($search_id == 'unreadposts') -{ - if (!$config['load_unreads_search']) - { - $template->assign_var('S_NO_SEARCH', true); - trigger_error('NO_SEARCH_UNREADS'); - } - else if (!$config['load_anon_lastread'] && !$user->data['is_registered']) - { - login_box('', $user->lang['LOGIN_EXPLAIN_UNREADSEARCH']); - } + // Search for unread posts needs to be allowed and user to be logged in if topics tracking for guests is disabled + case 'unreadposts': + if (!$config['load_unreads_search']) + { + $template->assign_var('S_NO_SEARCH', true); + trigger_error('NO_SEARCH_UNREADS'); + } + else if (!$config['load_anon_lastread'] && !$user->data['is_registered']) + { + login_box('', $user->lang['LOGIN_EXPLAIN_UNREADSEARCH']); + } + break; + + // The "new posts" search uses user_lastvisit which is user based, so it should require user to log in. + case 'newposts': + if ($user->data['user_id'] == ANONYMOUS) + { + login_box('', $user->lang['LOGIN_EXPLAIN_NEWPOSTS']); + } + break; + + default: + // There's nothing to do here for now ;) + break; } // Is user able to search? Has search been disabled? diff --git a/phpBB/styles/prosilver/theme/tweaks.css b/phpBB/styles/prosilver/theme/tweaks.css index 782e682b9d..30fe5fb986 100644 --- a/phpBB/styles/prosilver/theme/tweaks.css +++ b/phpBB/styles/prosilver/theme/tweaks.css @@ -90,3 +90,12 @@ dl.icon { * html .forumbg table.table1 { margin: 0 -2px 0px -1px; } + +/* Headerbar height fix for IE7 and below */ +* html #site-description p { + margin-bottom: 1.0em; +} + +*:first-child+html #site-description p { + margin-bottom: 1.0em; +}
\ No newline at end of file |