diff options
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/adm/style/acp_users_overview.html | 33 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_database.php | 12 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_styles.php | 6 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_users.php | 8 | ||||
| -rw-r--r-- | phpBB/includes/auth/auth_ldap.php | 6 | ||||
| -rw-r--r-- | phpBB/includes/db/dbal.php | 12 | ||||
| -rw-r--r-- | phpBB/includes/db/mssql.php | 8 | ||||
| -rw-r--r-- | phpBB/includes/db/mssql_odbc.php | 8 | ||||
| -rw-r--r-- | phpBB/includes/db/mssqlnative.php | 8 | ||||
| -rw-r--r-- | phpBB/includes/functions.php | 13 | ||||
| -rw-r--r-- | phpBB/includes/functions_admin.php | 3 | ||||
| -rw-r--r-- | phpBB/includes/functions_install.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/functions_upload.php | 33 | ||||
| -rw-r--r-- | phpBB/includes/session.php | 11 | ||||
| -rw-r--r-- | phpBB/install/install_install.php | 4 | ||||
| -rw-r--r-- | phpBB/language/en/acp/attachments.php | 2 | ||||
| -rw-r--r-- | phpBB/language/en/acp/board.php | 2 | ||||
| -rw-r--r-- | phpBB/language/en/acp/users.php | 1 |
18 files changed, 136 insertions, 36 deletions
diff --git a/phpBB/adm/style/acp_users_overview.html b/phpBB/adm/style/acp_users_overview.html index 9237e45daf..e2dcdb6307 100644 --- a/phpBB/adm/style/acp_users_overview.html +++ b/phpBB/adm/style/acp_users_overview.html @@ -135,19 +135,24 @@ </form> <!-- IF not S_OWN_ACCOUNT --> - <form id="user_delete" method="post" action="{U_ACTION}"> - <fieldset> - <legend>{L_DELETE_USER}</legend> - <dl> - <dt><label for="delete_type">{L_DELETE_USER}:</label><br /><span>{L_DELETE_USER_EXPLAIN}</span></dt> - <dd><select id="delete_type" name="delete_type"><option class="sep" value="">{L_SELECT_OPTION}</option><option value="retain">{L_RETAIN_POSTS}</option><option value="remove">{L_DELETE_POSTS}</option></select></dd> - </dl> - <p class="quick"> - <input class="button1" type="submit" name="update" value="{L_SUBMIT}" /> - <input type="hidden" name="delete" value="1" /> - {S_FORM_TOKEN} - </p> - </fieldset> - </form> + <form id="user_delete" method="post" action="{U_ACTION}"> + <fieldset> + <legend>{L_DELETE_USER}</legend> + <dl> + <dt><label for="delete_type">{L_DELETE_USER}:</label><br /><span>{L_DELETE_USER_EXPLAIN}</span></dt> + <dd> + <!-- IF USER_HAS_POSTS --> + <select id="delete_type" name="delete_type"><option class="sep" value="">{L_SELECT_OPTION}</option><option value="retain">{L_RETAIN_POSTS}</option><option value="remove">{L_DELETE_POSTS}</option></select></dd> + <!-- ELSE --> + {L_USER_NO_POSTS_TO_DELETE}<input type="hidden" id="delete_type" name="delete_type" value="retain" /> + <!-- ENDIF --> + </dl> + <p class="quick"> + <input class="button1" type="submit" name="update" value="{L_SUBMIT}" /> + <input type="hidden" name="delete" value="1" /> + {S_FORM_TOKEN} + </p> + </fieldset> + </form> <!-- ENDIF --> <!-- ENDIF --> diff --git a/phpBB/includes/acp/acp_database.php b/phpBB/includes/acp/acp_database.php index 62bcd43a47..758cd10434 100644 --- a/phpBB/includes/acp/acp_database.php +++ b/phpBB/includes/acp/acp_database.php @@ -21,6 +21,7 @@ if (!defined('IN_PHPBB')) */ class acp_database { + var $db_tools; var $u_action; function main($id, $mode) @@ -28,6 +29,12 @@ class acp_database global $cache, $db, $user, $auth, $template, $table_prefix; global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx; + if (!class_exists('phpbb_db_tools')) + { + require($phpbb_root_path . 'includes/db/db_tools.' . $phpEx); + } + $this->db_tools = new phpbb_db_tools($db); + $user->add_lang('acp/database'); $this->tpl_name = 'acp_database'; @@ -50,7 +57,7 @@ class acp_database { case 'download': $type = request_var('type', ''); - $table = request_var('table', array('')); + $table = array_intersect($this->db_tools->sql_list_tables(), request_var('table', array(''))); $format = request_var('method', ''); $where = request_var('where', ''); @@ -173,8 +180,7 @@ class acp_database break; default: - include($phpbb_root_path . 'includes/functions_install.' . $phpEx); - $tables = get_tables($db); + $tables = $this->db_tools->sql_list_tables(); asort($tables); foreach ($tables as $table_name) { diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php index d7b0484af8..47cd02bca7 100644 --- a/phpBB/includes/acp/acp_styles.php +++ b/phpBB/includes/acp/acp_styles.php @@ -667,7 +667,9 @@ inherit_from = {INHERIT_FROM} if ($name && !in_array($name, $installed)) { - $new_ary[] = array( + // The array key is used for sorting later on. + // $file is appended because $name doesn't have to be unique. + $new_ary[$name . $file] = array( 'path' => $file, 'name' => $name, 'copyright' => $items['copyright'], @@ -683,6 +685,8 @@ inherit_from = {INHERIT_FROM} if (sizeof($new_ary)) { + ksort($new_ary); + foreach ($new_ary as $cfg) { $template->assign_block_vars('uninstalled', array( diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index 363c900edc..70e08f79f2 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -1009,6 +1009,13 @@ class acp_users $user_row['posts_in_queue'] = (int) $db->sql_fetchfield('posts_in_queue'); $db->sql_freeresult($result); + $sql = 'SELECT post_id + FROM ' . POSTS_TABLE . ' + WHERE poster_id = '. $user_id; + $result = $db->sql_query_limit($sql, 1); + $user_row['user_has_posts'] = (bool) $db->sql_fetchfield('post_id'); + $db->sql_freeresult($result); + $template->assign_vars(array( 'L_NAME_CHARS_EXPLAIN' => sprintf($user->lang[$config['allow_name_chars'] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']), 'L_CHANGE_PASSWORD_EXPLAIN' => sprintf($user->lang[$config['pass_complex'] . '_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']), @@ -1036,6 +1043,7 @@ class acp_users 'USER_EMAIL' => $user_row['user_email'], 'USER_WARNINGS' => $user_row['user_warnings'], 'USER_POSTS' => $user_row['user_posts'], + 'USER_HAS_POSTS' => $user_row['user_has_posts'], 'USER_INACTIVE_REASON' => $inactive_reason, )); diff --git a/phpBB/includes/auth/auth_ldap.php b/phpBB/includes/auth/auth_ldap.php index 5dfa74ddab..eebf147d48 100644 --- a/phpBB/includes/auth/auth_ldap.php +++ b/phpBB/includes/auth/auth_ldap.php @@ -156,7 +156,11 @@ function login_ldap(&$username, &$password) { if (!@ldap_bind($ldap, htmlspecialchars_decode($config['ldap_user']), htmlspecialchars_decode($config['ldap_password']))) { - return $user->lang['LDAP_NO_SERVER_CONNECTION']; + return array( + 'status' => LOGIN_ERROR_EXTERNAL_AUTH, + 'error_msg' => 'LDAP_NO_SERVER_CONNECTION', + 'user_row' => array('user_id' => ANONYMOUS), + ); } } diff --git a/phpBB/includes/db/dbal.php b/phpBB/includes/db/dbal.php index 358df50402..9cc337955b 100644 --- a/phpBB/includes/db/dbal.php +++ b/phpBB/includes/db/dbal.php @@ -501,6 +501,18 @@ class dbal } /** + * Run LOWER() on DB column of type text (i.e. neither varchar nor char). + * + * @param string $column_name The column name to use + * + * @return string A SQL statement like "LOWER($column_name)" + */ + function sql_lower_text($column_name) + { + return "LOWER($column_name)"; + } + + /** * Run more than one insert statement. * * @param string $table table name to run the statements on diff --git a/phpBB/includes/db/mssql.php b/phpBB/includes/db/mssql.php index 6899a73902..b7178593dc 100644 --- a/phpBB/includes/db/mssql.php +++ b/phpBB/includes/db/mssql.php @@ -333,6 +333,14 @@ class dbal_mssql extends dbal } /** + * {@inheritDoc} + */ + function sql_lower_text($column_name) + { + return "LOWER(SUBSTRING($column_name, 1, DATALENGTH($column_name)))"; + } + + /** * Build LIKE expression * @access private */ diff --git a/phpBB/includes/db/mssql_odbc.php b/phpBB/includes/db/mssql_odbc.php index 34f7a87337..2ecc42cadf 100644 --- a/phpBB/includes/db/mssql_odbc.php +++ b/phpBB/includes/db/mssql_odbc.php @@ -311,6 +311,14 @@ class dbal_mssql_odbc extends dbal } /** + * {@inheritDoc} + */ + function sql_lower_text($column_name) + { + return "LOWER(SUBSTRING($column_name, 1, DATALENGTH($column_name)))"; + } + + /** * Build LIKE expression * @access private */ diff --git a/phpBB/includes/db/mssqlnative.php b/phpBB/includes/db/mssqlnative.php index 92ac9b1fb9..c91cc188b0 100644 --- a/phpBB/includes/db/mssqlnative.php +++ b/phpBB/includes/db/mssqlnative.php @@ -493,6 +493,14 @@ class dbal_mssqlnative extends dbal } /** + * {@inheritDoc} + */ + function sql_lower_text($column_name) + { + return "LOWER(SUBSTRING($column_name, 1, DATALENGTH($column_name)))"; + } + + /** * Build LIKE expression * @access private */ diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index ce80dc4a66..5914831539 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1918,14 +1918,17 @@ function update_forum_tracking_info($forum_id, $forum_last_post_time, $f_mark_ti } else { - $sql = 'SELECT t.forum_id FROM ' . TOPICS_TABLE . ' t - LEFT JOIN ' . TOPICS_TRACK_TABLE . ' tt ON (tt.topic_id = t.topic_id AND tt.user_id = ' . $user->data['user_id'] . ') + $sql = 'SELECT t.forum_id + FROM ' . TOPICS_TABLE . ' t + LEFT JOIN ' . TOPICS_TRACK_TABLE . ' tt + ON (tt.topic_id = t.topic_id + AND tt.user_id = ' . $user->data['user_id'] . ') WHERE t.forum_id = ' . $forum_id . ' AND t.topic_last_post_time > ' . $mark_time_forum . ' AND t.topic_moved_id = 0 ' . $sql_update_unapproved . ' - AND (tt.topic_id IS NULL OR tt.mark_time < t.topic_last_post_time) - GROUP BY t.forum_id'; + AND (tt.topic_id IS NULL + OR tt.mark_time < t.topic_last_post_time)'; $result = $db->sql_query_limit($sql, 1); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); @@ -3453,7 +3456,7 @@ function get_preg_expression($mode) case 'email': // Regex written by James Watts and Francisco Jose Martin Moreno // http://fightingforalostcause.net/misc/2006/compare-email-regex.php - return '([\w\!\#$\%\&\'\*\+\-\/\=\?\^\`{\|\}\~]+\.)*(?:[\w\!\#$\%\'\*\+\-\/\=\?\^\`{\|\}\~]|&)+@((((([a-z0-9]{1}[a-z0-9\-]{0,62}[a-z0-9]{1})|[a-z])\.)+[a-z]{2,6})|(\d{1,3}\.){3}\d{1,3}(\:\d{1,5})?)'; + return '([\w\!\#$\%\&\'\*\+\-\/\=\?\^\`{\|\}\~]+\.)*(?:[\w\!\#$\%\'\*\+\-\/\=\?\^\`{\|\}\~]|&)+@((((([a-z0-9]{1}[a-z0-9\-]{0,62}[a-z0-9]{1})|[a-z])\.)+[a-z]{2,63})|(\d{1,3}\.){3}\d{1,3}(\:\d{1,5})?)'; break; case 'bbcode_htm': diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php index 0e1a11b4aa..204fa9a43d 100644 --- a/phpBB/includes/functions_admin.php +++ b/phpBB/includes/functions_admin.php @@ -2557,7 +2557,8 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id { $sql_keywords .= $db->sql_in_set('l.log_operation', $operations) . ' OR '; } - $sql_keywords .= 'LOWER(l.log_data) ' . implode(' OR LOWER(l.log_data) ', $keywords) . ')'; + $sql_lower = $db->sql_lower_text('l.log_data'); + $sql_keywords .= "$sql_lower " . implode(" OR $sql_lower ", $keywords) . ')'; } if ($log_count !== false) diff --git a/phpBB/includes/functions_install.php b/phpBB/includes/functions_install.php index 633b2755f0..9e9c48ff58 100644 --- a/phpBB/includes/functions_install.php +++ b/phpBB/includes/functions_install.php @@ -559,8 +559,6 @@ function phpbb_create_config_file_data($data, $dbms, $load_extensions, $debug = $config_data .= "// @define('DEBUG_EXTRA', true);\n"; } - $config_data .= '?' . '>'; // Done this to prevent highlighting editors getting confused! - return $config_data; } diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index d5bbd80242..73ac1df2d2 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -751,6 +751,31 @@ class fileupload $filename = $url['path']; $filesize = 0; + $remote_max_filesize = $this->max_filesize; + if (!$remote_max_filesize) + { + $max_filesize = @ini_get('upload_max_filesize'); + + if (!empty($max_filesize)) + { + $unit = strtolower(substr($max_filesize, -1, 1)); + $remote_max_filesize = (int) $max_filesize; + + switch ($unit) + { + case 'g': + $remote_max_filesize *= 1024; + // no break + case 'm': + $remote_max_filesize *= 1024; + // no break + case 'k': + $remote_max_filesize *= 1024; + // no break + } + } + } + $errno = 0; $errstr = ''; @@ -779,9 +804,9 @@ class fileupload $block = @fread($fsock, 1024); $filesize += strlen($block); - if ($this->max_filesize && $filesize > $this->max_filesize) + if ($remote_max_filesize && $filesize > $remote_max_filesize) { - $max_filesize = get_formatted_filesize($this->max_filesize, false); + $max_filesize = get_formatted_filesize($remote_max_filesize, false); $file = new fileerror(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit'])); return $file; @@ -807,9 +832,9 @@ class fileupload { $length = (int) str_replace('content-length: ', '', strtolower($line)); - if ($length && $length > $this->max_filesize) + if ($remote_max_filesize && $length && $length > $remote_max_filesize) { - $max_filesize = get_formatted_filesize($this->max_filesize, false); + $max_filesize = get_formatted_filesize($remote_max_filesize, false); $file = new fileerror(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit'])); return $file; diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index a894242a39..496c12a0d1 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -322,8 +322,15 @@ class session } } - // Is session_id is set or session_id is set and matches the url param if required - if (!empty($this->session_id) && (!defined('NEED_SID') || (isset($_GET['sid']) && $this->session_id === $_GET['sid']))) + // if no session id is set, redirect to index.php + if (defined('NEED_SID') && (!isset($_GET['sid']) || $this->session_id !== $_GET['sid'])) + { + send_status_line(401, 'Not authorized'); + redirect(append_sid("{$phpbb_root_path}index.$phpEx")); + } + + // if session id is set + if (!empty($this->session_id)) { $sql = 'SELECT u.*, s.* FROM ' . SESSIONS_TABLE . ' s, ' . USERS_TABLE . " u diff --git a/phpBB/install/install_install.php b/phpBB/install/install_install.php index 35fc0bb58e..8e3fe0387c 100644 --- a/phpBB/install/install_install.php +++ b/phpBB/install/install_install.php @@ -53,11 +53,13 @@ class install_install extends module function main($mode, $sub) { - global $lang, $template, $language, $phpbb_root_path; + global $lang, $template, $language, $phpbb_root_path, $cache; switch ($sub) { case 'intro': + $cache->purge(); + $this->page_title = $lang['SUB_INTRO']; $template->assign_vars(array( diff --git a/phpBB/language/en/acp/attachments.php b/phpBB/language/en/acp/attachments.php index 1821b8c867..6aeb3c2188 100644 --- a/phpBB/language/en/acp/attachments.php +++ b/phpBB/language/en/acp/attachments.php @@ -57,7 +57,7 @@ $lang = array_merge($lang, array( 'ATTACH_EXT_GROUPS_URL' => 'Extension groups', 'ATTACH_ID' => 'ID', 'ATTACH_MAX_FILESIZE' => 'Maximum file size', - 'ATTACH_MAX_FILESIZE_EXPLAIN' => 'Maximum size of each file, with 0 being unlimited.', + 'ATTACH_MAX_FILESIZE_EXPLAIN' => 'Maximum size of each file. If this value is 0, the uploadable filesize is only limited by your PHP configuration.', 'ATTACH_MAX_PM_FILESIZE' => 'Maximum file size messaging', 'ATTACH_MAX_PM_FILESIZE_EXPLAIN' => 'Maximum size of each file, with 0 being unlimited, attached to a private message.', 'ATTACH_ORPHAN_URL' => 'Orphan attachments', diff --git a/phpBB/language/en/acp/board.php b/phpBB/language/en/acp/board.php index 6e6d4302cd..f24376f8aa 100644 --- a/phpBB/language/en/acp/board.php +++ b/phpBB/language/en/acp/board.php @@ -108,7 +108,7 @@ $lang = array_merge($lang, array( 'MAX_AVATAR_SIZE' => 'Maximum avatar dimensions', 'MAX_AVATAR_SIZE_EXPLAIN' => 'Width x Height in pixels.', 'MAX_FILESIZE' => 'Maximum avatar file size', - 'MAX_FILESIZE_EXPLAIN' => 'For uploaded avatar files.', + 'MAX_FILESIZE_EXPLAIN' => 'For uploaded avatar files. If this value is 0, the uploaded filesize is only limited by your PHP configuration.', 'MIN_AVATAR_SIZE' => 'Minimum avatar dimensions', 'MIN_AVATAR_SIZE_EXPLAIN' => 'Width x Height in pixels.', )); diff --git a/phpBB/language/en/acp/users.php b/phpBB/language/en/acp/users.php index eda9659795..785283faea 100644 --- a/phpBB/language/en/acp/users.php +++ b/phpBB/language/en/acp/users.php @@ -124,6 +124,7 @@ $lang = array_merge($lang, array( 'USER_GROUP_SPECIAL' => 'Pre-defined groups user is a member of', 'USER_LIFTED_NR' => 'Successfully removed the user’s newly registered status.', 'USER_NO_ATTACHMENTS' => 'There are no attached files to display.', + 'USER_NO_POSTS_TO_DELETE' => 'The user has no posts to retain or delete.', 'USER_OUTBOX_EMPTIED' => 'Successfully emptied user’s private message outbox.', 'USER_OUTBOX_EMPTY' => 'The user’s private message outbox was already empty.', 'USER_OVERVIEW_UPDATED' => 'User details updated.', |