diff options
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/common.php | 5 | ||||
| -rw-r--r-- | phpBB/config/services.yml | 6 | ||||
| -rw-r--r-- | phpBB/includes/bbcode.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/captcha/plugins/phpbb_recaptcha_plugin.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/db/migration/data/310/style_update_p1.php | 28 | ||||
| -rw-r--r-- | phpBB/includes/extension/finder.php | 7 | ||||
| -rw-r--r-- | phpBB/includes/extension/manager.php | 6 | ||||
| -rw-r--r-- | phpBB/includes/filesystem.php | 52 | ||||
| -rw-r--r-- | phpBB/includes/functions.php | 40 | ||||
| -rw-r--r-- | phpBB/includes/functions_messenger.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/style/extension_path_provider.php | 20 | ||||
| -rw-r--r-- | phpBB/includes/user.php | 2 | ||||
| -rw-r--r-- | phpBB/language/en/captcha_recaptcha.php | 1 | ||||
| -rw-r--r-- | phpBB/language/en/common.php | 2 | ||||
| -rw-r--r-- | phpBB/language/en/mcp.php | 2 | ||||
| -rw-r--r-- | phpBB/mcp.php | 2 |
16 files changed, 149 insertions, 30 deletions
diff --git a/phpBB/common.php b/phpBB/common.php index c33e2cbb1f..6dd65739fc 100644 --- a/phpBB/common.php +++ b/phpBB/common.php @@ -44,8 +44,11 @@ if (!defined('PHPBB_INSTALLED')) // Replace any number of consecutive backslashes and/or slashes with a single slash // (could happen on some proxy setups and/or Windows servers) $script_path = preg_replace('#[\\\\/]{2,}#', '/', $script_path); + // Eliminate . and .. from the path - $script_path = phpbb_clean_path($script_path); + require($phpbb_root_path . 'includes/filesystem.' . $phpEx); + $phpbb_filesystem = new phpbb_filesystem(); + $script_path = $phpbb_filesystem->clean_path($script_path); $url = (($secure) ? 'https://' : 'http://') . $server_name; diff --git a/phpBB/config/services.yml b/phpBB/config/services.yml index b9c71844dc..3b60f0e83e 100644 --- a/phpBB/config/services.yml +++ b/phpBB/config/services.yml @@ -131,6 +131,7 @@ services: - @dbal.conn - @config - @migrator + - @filesystem - %tables.ext% - %core.root_path% - .%core.php_ext% @@ -140,11 +141,15 @@ services: class: phpbb_extension_finder arguments: - @ext.manager + - @filesystem - %core.root_path% - @cache.driver - .%core.php_ext% - _ext_finder + filesystem: + class: phpbb_filesystem + groupposition.legend: class: phpbb_groupposition_legend arguments: @@ -242,6 +247,7 @@ services: arguments: - @ext.manager - @style.path_provider + - %core.root_path% style.path_provider: class: phpbb_style_path_provider diff --git a/phpBB/includes/bbcode.php b/phpBB/includes/bbcode.php index e8681420d4..c198abeb54 100644 --- a/phpBB/includes/bbcode.php +++ b/phpBB/includes/bbcode.php @@ -133,7 +133,7 @@ class bbcode $this->template_bitfield = new bitfield($user->style['bbcode_bitfield']); $style_resource_locator = new phpbb_style_resource_locator(); - $style_path_provider = new phpbb_style_extension_path_provider($phpbb_extension_manager, new phpbb_style_path_provider()); + $style_path_provider = new phpbb_style_extension_path_provider($phpbb_extension_manager, new phpbb_style_path_provider(), $phpbb_root_path); $template = new phpbb_template($phpbb_root_path, $phpEx, $config, $user, $style_resource_locator, new phpbb_template_context(), $phpbb_extension_manager); $style = new phpbb_style($phpbb_root_path, $phpEx, $config, $user, $style_resource_locator, $style_path_provider, $template); $style->set_style(); diff --git a/phpBB/includes/captcha/plugins/phpbb_recaptcha_plugin.php b/phpBB/includes/captcha/plugins/phpbb_recaptcha_plugin.php index 83d40bbba7..cb21b04ec5 100644 --- a/phpBB/includes/captcha/plugins/phpbb_recaptcha_plugin.php +++ b/phpBB/includes/captcha/plugins/phpbb_recaptcha_plugin.php @@ -270,7 +270,7 @@ class phpbb_recaptcha extends phpbb_default_captcha $response = ''; if (false == ($fs = @fsockopen($host, $port, $errno, $errstr, 10))) { - trigger_error('Could not open socket', E_USER_ERROR); + trigger_error('RECAPTCHA_SOCKET_ERROR', E_USER_ERROR); } fwrite($fs, $http_request); diff --git a/phpBB/includes/db/migration/data/310/style_update_p1.php b/phpBB/includes/db/migration/data/310/style_update_p1.php index e324ce7f24..d43537559d 100644 --- a/phpBB/includes/db/migration/data/310/style_update_p1.php +++ b/phpBB/includes/db/migration/data/310/style_update_p1.php @@ -19,6 +19,34 @@ class phpbb_db_migration_data_310_style_update_p1 extends phpbb_db_migration return array('phpbb_db_migration_data_30x_3_0_11'); } + public function update_schema() + { + return array( + 'add_columns' => array( + $this->table_prefix . 'styles' => array( + 'style_path' => array('VCHAR:100', ''), + 'bbcode_bitfield' => array('VCHAR:255', 'kNg='), + 'style_parent_id' => array('UINT', 0), + 'style_parent_tree' => array('TEXT', ''), + ), + ), + ); + } + + public function revert_schema() + { + return array( + 'drop_columns' => array( + $this->table_prefix . 'styles' => array( + 'style_path', + 'bbcode_bitfield', + 'style_parent_id', + 'style_parent_tree', + ), + ), + ); + } + public function update_data() { return array( diff --git a/phpBB/includes/extension/finder.php b/phpBB/includes/extension/finder.php index f71e32bc8d..02a9ebb8c3 100644 --- a/phpBB/includes/extension/finder.php +++ b/phpBB/includes/extension/finder.php @@ -23,6 +23,7 @@ if (!defined('IN_PHPBB')) class phpbb_extension_finder { protected $extension_manager; + protected $filesystem; protected $phpbb_root_path; protected $cache; protected $php_ext; @@ -54,15 +55,17 @@ class phpbb_extension_finder * @param phpbb_extension_manager $extension_manager An extension manager * instance that provides the finder with a list of active * extensions and their locations + * @param phpbb_filesystem $filesystem Filesystem instance * @param string $phpbb_root_path Path to the phpbb root directory * @param phpbb_cache_driver_interface $cache A cache instance or null * @param string $php_ext php file extension * @param string $cache_name The name of the cache variable, defaults to * _ext_finder */ - public function __construct(phpbb_extension_manager $extension_manager, $phpbb_root_path = '', phpbb_cache_driver_interface $cache = null, $php_ext = '.php', $cache_name = '_ext_finder') + public function __construct(phpbb_extension_manager $extension_manager, phpbb_filesystem $filesystem, $phpbb_root_path = '', phpbb_cache_driver_interface $cache = null, $php_ext = '.php', $cache_name = '_ext_finder') { $this->extension_manager = $extension_manager; + $this->filesystem = $filesystem; $this->phpbb_root_path = $phpbb_root_path; $this->cache = $cache; $this->php_ext = $php_ext; @@ -227,7 +230,7 @@ class phpbb_extension_finder */ protected function sanitise_directory($directory) { - $directory = preg_replace('#(?:^|/)\./#', '/', $directory); + $directory = $this->filesystem->clean_path($directory); $dir_len = strlen($directory); if ($dir_len > 1 && $directory[$dir_len - 1] === '/') diff --git a/phpBB/includes/extension/manager.php b/phpBB/includes/extension/manager.php index 44a30c6280..de9a3937c3 100644 --- a/phpBB/includes/extension/manager.php +++ b/phpBB/includes/extension/manager.php @@ -44,13 +44,14 @@ class phpbb_extension_manager * @param phpbb_db_driver $db A database connection * @param phpbb_config $config phpbb_config * @param phpbb_db_migrator $migrator + * @param phpbb_filesystem $filesystem * @param string $extension_table The name of the table holding extensions * @param string $phpbb_root_path Path to the phpbb includes directory. * @param string $php_ext php file extension * @param phpbb_cache_driver_interface $cache A cache instance or null * @param string $cache_name The name of the cache variable, defaults to _ext */ - public function __construct(ContainerInterface $container, phpbb_db_driver $db, phpbb_config $config, phpbb_db_migrator $migrator, $extension_table, $phpbb_root_path, $php_ext = '.php', phpbb_cache_driver_interface $cache = null, $cache_name = '_ext') + public function __construct(ContainerInterface $container, phpbb_db_driver $db, phpbb_config $config, phpbb_db_migrator $migrator, phpbb_filesystem $filesystem, $extension_table, $phpbb_root_path, $php_ext = '.php', phpbb_cache_driver_interface $cache = null, $cache_name = '_ext') { $this->container = $container; $this->phpbb_root_path = $phpbb_root_path; @@ -58,6 +59,7 @@ class phpbb_extension_manager $this->config = $config; $this->migrator = $migrator; $this->cache = $cache; + $this->filesystem = $filesystem; $this->php_ext = $php_ext; $this->extension_table = $extension_table; $this->cache_name = $cache_name; @@ -510,7 +512,7 @@ class phpbb_extension_manager */ public function get_finder() { - return new phpbb_extension_finder($this, $this->phpbb_root_path, $this->cache, $this->php_ext, $this->cache_name . '_finder'); + return new phpbb_extension_finder($this, $this->filesystem, $this->phpbb_root_path, $this->cache, $this->php_ext, $this->cache_name . '_finder'); } /** diff --git a/phpBB/includes/filesystem.php b/phpBB/includes/filesystem.php new file mode 100644 index 0000000000..27cab48fb0 --- /dev/null +++ b/phpBB/includes/filesystem.php @@ -0,0 +1,52 @@ +<?php +/** +* +* @package phpBB3 +* @copyright (c) 2013 phpBB Group +* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 +* +*/ +/** +* @ignore +*/ +if (!defined('IN_PHPBB')) +{ + exit; +} + +/** +* A class with various functions that are related to paths, files and the filesystem +* @package phpBB3 +*/ +class phpbb_filesystem +{ + /** + * Eliminates useless . and .. components from specified path. + * + * @param string $path Path to clean + * @return string Cleaned path + */ + public function clean_path($path) + { + $exploded = explode('/', $path); + $filtered = array(); + foreach ($exploded as $part) + { + if ($part === '.' && !empty($filtered)) + { + continue; + } + + if ($part === '..' && !empty($filtered) && $filtered[sizeof($filtered) - 1] !== '..') + { + array_pop($filtered); + } + else + { + $filtered[] = $part; + } + } + $path = implode('/', $filtered); + return $path; + } +} diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 58d2ad4760..3a650b37fc 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1049,31 +1049,33 @@ else /** * Eliminates useless . and .. components from specified path. * +* Deprecated, use filesystem class instead +* * @param string $path Path to clean * @return string Cleaned path +* +* @deprecated */ function phpbb_clean_path($path) { - $exploded = explode('/', $path); - $filtered = array(); - foreach ($exploded as $part) - { - if ($part === '.' && !empty($filtered)) - { - continue; - } + global $phpbb_container; - if ($part === '..' && !empty($filtered) && $filtered[sizeof($filtered) - 1] !== '..') - { - array_pop($filtered); - } - else + if ($phpbb_container) + { + $phpbb_filesystem = $phpbb_container->get('filesystem'); + } + else + { + // The container is not yet loaded, use a new instance + if (!class_exists('phpbb_filesystem')) { - $filtered[] = $part; + global $phpbb_root_path, $phpEx; + require($phpbb_root_path . 'includes/filesystem.' . $phpEx); } + $phpbb_filesystem = new phpbb_filesystem(); } - $path = implode('/', $filtered); - return $path; + + return $phpbb_filesystem->clean_path($path); } // functions used for building option fields @@ -2731,7 +2733,7 @@ function redirect($url, $return = false, $disable_cd_check = false) // Make sure no linebreaks are there... to prevent http response splitting for PHP < 4.4.2 if (strpos(urldecode($url), "\n") !== false || strpos(urldecode($url), "\r") !== false || strpos($url, ';') !== false) { - trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR); + trigger_error('INSECURE_REDIRECT', E_USER_ERROR); } // Now, also check the protocol and for a valid url the last time... @@ -2740,7 +2742,7 @@ function redirect($url, $return = false, $disable_cd_check = false) if ($url_parts === false || empty($url_parts['scheme']) || !in_array($url_parts['scheme'], $allowed_protocols)) { - trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR); + trigger_error('INSECURE_REDIRECT', E_USER_ERROR); } if ($return) @@ -4182,7 +4184,7 @@ function phpbb_checkdnsrr($host, $type = 'MX') // Handler, header and footer /** -* Error and message handler, call with trigger_error if reqd +* Error and message handler, call with trigger_error if read */ function msg_handler($errno, $msg_text, $errfile, $errline) { diff --git a/phpBB/includes/functions_messenger.php b/phpBB/includes/functions_messenger.php index 821f0d970d..e580f6b675 100644 --- a/phpBB/includes/functions_messenger.php +++ b/phpBB/includes/functions_messenger.php @@ -209,7 +209,7 @@ class messenger if (!isset($this->tpl_msg[$template_lang . $template_file])) { $style_resource_locator = new phpbb_style_resource_locator(); - $style_path_provider = new phpbb_style_extension_path_provider($phpbb_extension_manager, new phpbb_style_path_provider()); + $style_path_provider = new phpbb_style_extension_path_provider($phpbb_extension_manager, new phpbb_style_path_provider(), $phpbb_root_path); $tpl = new phpbb_template($phpbb_root_path, $phpEx, $config, $user, $style_resource_locator, new phpbb_template_context(), $phpbb_extension_manager); $style = new phpbb_style($phpbb_root_path, $phpEx, $config, $user, $style_resource_locator, $style_path_provider, $tpl); diff --git a/phpBB/includes/style/extension_path_provider.php b/phpBB/includes/style/extension_path_provider.php index 6976a45ed0..ec1d85f821 100644 --- a/phpBB/includes/style/extension_path_provider.php +++ b/phpBB/includes/style/extension_path_provider.php @@ -40,17 +40,22 @@ class phpbb_style_extension_path_provider extends phpbb_extension_provider imple */ protected $base_path_provider; + /** @var string */ + protected $phpbb_root_path; + /** * Constructor stores extension manager * * @param phpbb_extension_manager $extension_manager phpBB extension manager * @param phpbb_style_path_provider $base_path_provider A simple path provider * to provide paths to be located in extensions + * @param string $phpbb_root_path phpBB root path */ - public function __construct(phpbb_extension_manager $extension_manager, phpbb_style_path_provider $base_path_provider) + public function __construct(phpbb_extension_manager $extension_manager, phpbb_style_path_provider $base_path_provider, $phpbb_root_path) { parent::__construct($extension_manager); $this->base_path_provider = $base_path_provider; + $this->phpbb_root_path = $phpbb_root_path; } /** @@ -91,10 +96,23 @@ class phpbb_style_extension_path_provider extends phpbb_extension_provider imple $directories['style'][] = $path; if ($path && !phpbb_is_absolute($path)) { + // Remove phpBB root path from the style path, + // so the finder is able to find extension styles, + // when the root path is not ./ + if (strpos($path, $this->phpbb_root_path) === 0) + { + $path = substr($path, strlen($this->phpbb_root_path)); + } + $result = $finder->directory('/' . $this->ext_dir_prefix . $path) ->get_directories(true, false, true); foreach ($result as $ext => $ext_path) { + // Make sure $ext_path has no ending slash + if (substr($ext_path, -1) === '/') + { + $ext_path = substr($ext_path, 0, -1); + } $directories[$ext][] = $ext_path; } } diff --git a/phpBB/includes/user.php b/phpBB/includes/user.php index 9ddd806b27..5530fe3f03 100644 --- a/phpBB/includes/user.php +++ b/phpBB/includes/user.php @@ -215,7 +215,7 @@ class phpbb_user extends phpbb_session if (!$this->style) { - trigger_error('Could not get style data', E_USER_ERROR); + trigger_error('NO_STYLE_DATA', E_USER_ERROR); } // Now parse the cfg file and cache it diff --git a/phpBB/language/en/captcha_recaptcha.php b/phpBB/language/en/captcha_recaptcha.php index c72957ca16..3d91a9d110 100644 --- a/phpBB/language/en/captcha_recaptcha.php +++ b/phpBB/language/en/captcha_recaptcha.php @@ -46,4 +46,5 @@ $lang = array_merge($lang, array( 'RECAPTCHA_PRIVATE_EXPLAIN' => 'Your private reCaptcha key. Keys can be obtained on <a href="http://www.google.com/recaptcha">www.google.com/recaptcha</a>.', 'RECAPTCHA_EXPLAIN' => 'In an effort to prevent automatic submissions, we require that you enter both of the words displayed into the text field underneath.', + 'RECAPTCHA_SOCKET_ERROR' => 'There was a problem connecting to the RECAPTCHA service: could not open socket. Try again later.', )); diff --git a/phpBB/language/en/common.php b/phpBB/language/en/common.php index 5d6fe03b5f..c1d6ef4af3 100644 --- a/phpBB/language/en/common.php +++ b/phpBB/language/en/common.php @@ -313,6 +313,7 @@ $lang = array_merge($lang, array( 'IN' => 'in', 'INDEX' => 'Index page', 'INFORMATION' => 'Information', + 'INSECURE_REDIRECT' => 'Tried to redirect to potentially insecure url.', 'INTERESTS' => 'Interests', 'INVALID_DIGEST_CHALLENGE' => 'Invalid digest challenge.', 'INVALID_EMAIL_LOG' => '<strong>%s</strong> possibly an invalid email address?', @@ -454,6 +455,7 @@ $lang = array_merge($lang, array( 'NO_POSTS_TIME_FRAME' => 'No posts exist inside this topic for the selected time frame.', 'NO_FEED_ENABLED' => 'Feeds are not available on this board.', 'NO_FEED' => 'The requested feed is not available.', + 'NO_STYLE_DATA' => 'Could not get style data', 'NO_SUBJECT' => 'No subject specified', // Used for posts having no subject defined but displayed within management pages. 'NO_SUCH_SEARCH_MODULE' => 'The specified search backend doesn’t exist.', 'NO_SUPPORTED_AUTH_METHODS' => 'No supported authentication methods.', diff --git a/phpBB/language/en/mcp.php b/phpBB/language/en/mcp.php index eaa2d7e3a5..29f418183f 100644 --- a/phpBB/language/en/mcp.php +++ b/phpBB/language/en/mcp.php @@ -250,6 +250,8 @@ $lang = array_merge($lang, array( 'ONLY_TOPIC' => 'Only topic “%s”', 'OTHER_USERS' => 'Other users posting from this IP', + 'QUICKMOD_ACTION_NOT_ALLOWED' => "%s not allowed as quickmod", + 'PM_REPORT_CLOSED_SUCCESS' => 'The selected PM report has been closed successfully.', 'PM_REPORT_DELETED_SUCCESS' => 'The selected PM report has been deleted successfully.', 'PM_REPORTED_SUCCESS' => 'This private message has been successfully reported.', diff --git a/phpBB/mcp.php b/phpBB/mcp.php index d04a297cf9..c36faad74b 100644 --- a/phpBB/mcp.php +++ b/phpBB/mcp.php @@ -182,7 +182,7 @@ if ($quickmod) break; default: - trigger_error("$action not allowed as quickmod", E_USER_ERROR); + trigger_error($user->lang('QUICKMOD_ACTION_NOT_ALLOWED', $action), E_USER_ERROR); break; } } |