diff options
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/composer.lock | 40 | ||||
| -rw-r--r-- | phpBB/docs/AUTHORS | 2 | ||||
| -rw-r--r-- | phpBB/includes/acm/acm_memory.php | 16 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_main.php | 4 | ||||
| -rw-r--r-- | phpBB/includes/auth/auth_ldap.php | 4 | ||||
| -rw-r--r-- | phpBB/includes/session.php | 22 | ||||
| -rw-r--r-- | phpBB/includes/startup.php | 28 | ||||
| -rw-r--r-- | phpBB/language/en/acp/email.php | 2 | ||||
| -rw-r--r-- | phpBB/styles/prosilver/template/forumlist_body.html | 2 |
9 files changed, 62 insertions, 58 deletions
diff --git a/phpBB/composer.lock b/phpBB/composer.lock index 4dd6da46ed..becb7b5f83 100644 --- a/phpBB/composer.lock +++ b/phpBB/composer.lock @@ -10,21 +10,21 @@ "packages-dev": [ { "name": "fabpot/goutte", - "version": "v1.0.3", + "version": "v1.0.7", "source": { "type": "git", - "url": "https://github.com/fabpot/Goutte.git", - "reference": "75c9f23c4122caf4ea3e87a42a00b471366e707f" + "url": "https://github.com/FriendsOfPHP/Goutte.git", + "reference": "794b196e76bdd37b5155cdecbad311f0a3b07625" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/fabpot/Goutte/zipball/75c9f23c4122caf4ea3e87a42a00b471366e707f", - "reference": "75c9f23c4122caf4ea3e87a42a00b471366e707f", + "url": "https://api.github.com/repos/FriendsOfPHP/Goutte/zipball/794b196e76bdd37b5155cdecbad311f0a3b07625", + "reference": "794b196e76bdd37b5155cdecbad311f0a3b07625", "shasum": "" }, "require": { "ext-curl": "*", - "guzzle/http": ">=3.0.5,<3.8-dev", + "guzzle/http": "~3.1", "php": ">=5.3.0", "symfony/browser-kit": "~2.1", "symfony/css-selector": "~2.1", @@ -33,8 +33,8 @@ "symfony/process": "~2.1" }, "require-dev": { - "guzzle/plugin-history": ">=3.0.5,<3.8-dev", - "guzzle/plugin-mock": ">=3.0.5,<3.8-dev" + "guzzle/plugin-history": "~3.1", + "guzzle/plugin-mock": "~3.1" }, "type": "application", "extra": { @@ -54,9 +54,7 @@ "authors": [ { "name": "Fabien Potencier", - "email": "fabien@symfony.com", - "homepage": "http://fabien.potencier.org", - "role": "Lead Developer" + "email": "fabien@symfony.com" } ], "description": "A simple PHP Web Scraper", @@ -64,7 +62,7 @@ "keywords": [ "scraper" ], - "time": "2013-08-16 06:03:22" + "time": "2014-10-09 15:52:51" }, { "name": "guzzle/common", @@ -899,16 +897,16 @@ }, { "name": "sami/sami", - "version": "v1.3", + "version": "v1.4", "source": { "type": "git", - "url": "https://github.com/fabpot/Sami.git", - "reference": "76f2ed80b3420f7e2f6dcd5b7218b5a5781f4110" + "url": "https://github.com/FriendsOfPHP/Sami.git", + "reference": "70f29c781f7bef30181c814b9471b2ceac694454" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/fabpot/Sami/zipball/76f2ed80b3420f7e2f6dcd5b7218b5a5781f4110", - "reference": "76f2ed80b3420f7e2f6dcd5b7218b5a5781f4110", + "url": "https://api.github.com/repos/FriendsOfPHP/Sami/zipball/70f29c781f7bef30181c814b9471b2ceac694454", + "reference": "70f29c781f7bef30181c814b9471b2ceac694454", "shasum": "" }, "require": { @@ -929,7 +927,7 @@ "type": "application", "extra": { "branch-alias": { - "dev-master": "1.3-dev" + "dev-master": "1.4-dev" } }, "autoload": { @@ -944,9 +942,7 @@ "authors": [ { "name": "Fabien Potencier", - "email": "fabien@symfony.com", - "homepage": "http://fabien.potencier.org", - "role": "Lead Developer" + "email": "fabien@symfony.com" } ], "description": "Sami, an API documentation generator", @@ -954,7 +950,7 @@ "keywords": [ "phpdoc" ], - "time": "2013-11-30 17:16:25" + "time": "2014-06-25 11:24:03" }, { "name": "sebastian/comparator", diff --git a/phpBB/docs/AUTHORS b/phpBB/docs/AUTHORS index 36dd847e96..a47fd5fa98 100644 --- a/phpBB/docs/AUTHORS +++ b/phpBB/docs/AUTHORS @@ -24,7 +24,6 @@ phpBB Lead Developer: naderman (Nils Adermann) phpBB Developers: bantu (Andreas Fischer) dhruv.goel92 (Dhruv Goel) - EXreaction (Nathan Guse) marc1706 (Marc Alexander) nickvergessen (Joas Schilling) nicofuma (Tristan Darricau) @@ -52,6 +51,7 @@ phpBB Developers: A_Jelly_Doughnut (Josh Woody) [01/2010 - 11/2010] ckwalsh (Cullen Walsh) [01/2010 - 07/2011] DavidMJ (David M.) [12/2005 - 08/2009] dhn (Dominik Dröscher) [05/2007 - 01/2011] + EXreaction (Nathan Guse) [07/2012 - 05/2014] GrahamJE (Graham Eames) [09/2005 - 11/2006] igorw (Igor Wiedler) [08/2010 - 02/2013] imkingdavid (David King) [11/2012 - 06/2014] diff --git a/phpBB/includes/acm/acm_memory.php b/phpBB/includes/acm/acm_memory.php index 2936ea0bae..9b68585d24 100644 --- a/phpBB/includes/acm/acm_memory.php +++ b/phpBB/includes/acm/acm_memory.php @@ -292,12 +292,24 @@ class acm_memory // determine which tables this query belongs to // Some queries use backticks, namely the get_database_size() query // don't check for conformity, the SQL would error and not reach here. - if (!preg_match('/FROM \\(?(`?\\w+`?(?: \\w+)?(?:, ?`?\\w+`?(?: \\w+)?)*)\\)?/', $query, $regs)) + if (!preg_match_all('/(?:FROM \\(?(`?\\w+`?(?: \\w+)?(?:, ?`?\\w+`?(?: \\w+)?)*)\\)?)|(?:JOIN (`?\\w+`?(?: \\w+)?))/', $query, $regs, PREG_SET_ORDER)) { // Bail out if the match fails. return; } - $tables = array_map('trim', explode(',', $regs[1])); + + $tables = array(); + foreach ($regs as $match) + { + if ($match[0][0] == 'F') + { + $tables = array_merge($tables, array_map('trim', explode(',', $match[1]))); + } + else + { + $tables[] = $match[2]; + } + } foreach ($tables as $table_name) { diff --git a/phpBB/includes/acp/acp_main.php b/phpBB/includes/acp/acp_main.php index d80b0d1532..79557bb5fd 100644 --- a/phpBB/includes/acp/acp_main.php +++ b/phpBB/includes/acp/acp_main.php @@ -606,8 +606,8 @@ class acp_main 'S_MBSTRING_LOADED' => true, 'S_MBSTRING_FUNC_OVERLOAD_FAIL' => (intval(@ini_get('mbstring.func_overload')) & (MB_OVERLOAD_MAIL | MB_OVERLOAD_STRING)), 'S_MBSTRING_ENCODING_TRANSLATION_FAIL' => (@ini_get('mbstring.encoding_translation') != 0), - 'S_MBSTRING_HTTP_INPUT_FAIL' => (@ini_get('mbstring.http_input') != 'pass'), - 'S_MBSTRING_HTTP_OUTPUT_FAIL' => (@ini_get('mbstring.http_output') != 'pass'), + 'S_MBSTRING_HTTP_INPUT_FAIL' => !in_array(@ini_get('mbstring.http_input'), array('pass', '')), + 'S_MBSTRING_HTTP_OUTPUT_FAIL' => !in_array(@ini_get('mbstring.http_output'), array('pass', '')), )); } diff --git a/phpBB/includes/auth/auth_ldap.php b/phpBB/includes/auth/auth_ldap.php index eebf147d48..63796a474b 100644 --- a/phpBB/includes/auth/auth_ldap.php +++ b/phpBB/includes/auth/auth_ldap.php @@ -282,7 +282,7 @@ function ldap_user_filter($username) { global $config; - $filter = '(' . $config['ldap_uid'] . '=' . ldap_escape(htmlspecialchars_decode($username)) . ')'; + $filter = '(' . $config['ldap_uid'] . '=' . phpbb_ldap_escape(htmlspecialchars_decode($username)) . ')'; if ($config['ldap_user_filter']) { $_filter = ($config['ldap_user_filter'][0] == '(' && substr($config['ldap_user_filter'], -1) == ')') ? $config['ldap_user_filter'] : "({$config['ldap_user_filter']})"; @@ -294,7 +294,7 @@ function ldap_user_filter($username) /** * Escapes an LDAP AttributeValue */ -function ldap_escape($string) +function phpbb_ldap_escape($string) { return str_replace(array('*', '\\', '(', ')'), array('\\*', '\\\\', '\\(', '\\)'), $string); } diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index fe5357f32e..8b93ab762d 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -556,7 +556,12 @@ class session $method = 'autologin_' . $method; if (function_exists($method)) { - $this->data = $method(); + $user_data = $method(); + + if ($user_id === false || (isset($user_data['user_id']) && $user_id == $user_data['user_id'])) + { + $this->data = $user_data; + } if (sizeof($this->data)) { @@ -576,11 +581,18 @@ class session AND k.user_id = u.user_id AND k.key_id = '" . $db->sql_escape(md5($this->cookie_data['k'])) . "'"; $result = $db->sql_query($sql); - $this->data = $db->sql_fetchrow($result); + $user_data = $db->sql_fetchrow($result); + + if ($user_id === false || (isset($user_data['user_id']) && $user_id == $user_data['user_id'])) + { + $this->data = $user_data; + $bot = false; + } + $db->sql_freeresult($result); - $bot = false; } - else if ($user_id !== false && !sizeof($this->data)) + + if ($user_id !== false && !sizeof($this->data)) { $this->cookie_data['k'] = ''; $this->cookie_data['u'] = $user_id; @@ -1037,7 +1049,7 @@ class session $name_data = rawurlencode($config['cookie_name'] . '_' . $name) . '=' . rawurlencode($cookiedata); $expire = gmdate('D, d-M-Y H:i:s \\G\\M\\T', $cookietime); - $domain = (!$config['cookie_domain'] || $config['cookie_domain'] == 'localhost' || $config['cookie_domain'] == '127.0.0.1') ? '' : '; domain=' . $config['cookie_domain']; + $domain = (!$config['cookie_domain'] || $config['cookie_domain'] == '127.0.0.1' || strpos($config['cookie_domain'], '.') === false) ? '' : '; domain=' . $config['cookie_domain']; header('Set-Cookie: ' . $name_data . (($cookietime) ? '; expires=' . $expire : '') . '; path=' . $config['cookie_path'] . $domain . ((!$config['cookie_secure']) ? '' : '; secure') . '; HttpOnly', false); } diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php index cf216a65db..2f3b1c5324 100644 --- a/phpBB/includes/startup.php +++ b/phpBB/includes/startup.php @@ -80,31 +80,13 @@ function deregister_globals() { if (isset($not_unset[$varname])) { - // Hacking attempt. No point in continuing unless it's a COOKIE (so a cookie called GLOBALS doesn't lock users out completely) - if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS'])) + // Hacking attempt. No point in continuing. + if (isset($_COOKIE[$varname])) { - exit; - } - else - { - $cookie = &$_COOKIE; - while (isset($cookie['GLOBALS'])) - { - if (!is_array($cookie['GLOBALS'])) - { - break; - } - - foreach ($cookie['GLOBALS'] as $registered_var => $value) - { - if (!isset($not_unset[$registered_var])) - { - unset($GLOBALS[$registered_var]); - } - } - $cookie = &$cookie['GLOBALS']; - } + echo "Clear your cookies. "; } + echo "Malicious variable name detected. Contact the administrator and ask them to disable register_globals."; + exit; } unset($GLOBALS[$varname]); diff --git a/phpBB/language/en/acp/email.php b/phpBB/language/en/acp/email.php index 38c9f19c27..6db09a77c9 100644 --- a/phpBB/language/en/acp/email.php +++ b/phpBB/language/en/acp/email.php @@ -37,7 +37,7 @@ if (empty($lang) || !is_array($lang)) // Email settings $lang = array_merge($lang, array( - 'ACP_MASS_EMAIL_EXPLAIN' => 'Here you can e-mail a message to either all of your users or all users of a specific group <strong>having the option to receive mass e-mails enabled</strong>. To achieve this an e-mail will be sent out to the administrative e-mail address supplied, with a blind carbon copy sent to all recipients. The default setting is to only include 50 recipients in such an e-mail, for more recipients more e-mails will be sent. If you are emailing a large group of people please be patient after submitting and do not stop the page halfway through. It is normal for a mass emailing to take a long time, you will be notified when the script has completed.', + 'ACP_MASS_EMAIL_EXPLAIN' => 'Here you can e-mail a message to either all of your users or all users of a specific group <strong>having the option to receive mass e-mails enabled</strong>. To achieve this an e-mail will be sent out to the administrative e-mail address supplied, with a blind carbon copy sent to all recipients. The default setting is to only include 20 recipients in such an e-mail, for more recipients more e-mails will be sent. If you are emailing a large group of people please be patient after submitting and do not stop the page halfway through. It is normal for a mass emailing to take a long time, you will be notified when the script has completed.', 'ALL_USERS' => 'All users', 'COMPOSE' => 'Compose', diff --git a/phpBB/styles/prosilver/template/forumlist_body.html b/phpBB/styles/prosilver/template/forumlist_body.html index e9ed5d9daf..536488243f 100644 --- a/phpBB/styles/prosilver/template/forumlist_body.html +++ b/phpBB/styles/prosilver/template/forumlist_body.html @@ -47,6 +47,8 @@ <!-- IF forumrow.LAST_POST_TIME --><dfn>{L_LAST_POST}</dfn> {L_POST_BY_AUTHOR} {forumrow.LAST_POSTER_FULL} <!-- IF not S_IS_BOT --><a href="{forumrow.U_LAST_POST}">{LAST_POST_IMG}</a> <!-- ENDIF --><br />{forumrow.LAST_POST_TIME}<!-- ELSE -->{L_NO_POSTS}<br /> <!-- ENDIF --></span> </dd> + <!-- ELSE --> + <dd> </dd> <!-- ENDIF --> </dl> </li> |