diff options
Diffstat (limited to 'phpBB')
-rw-r--r-- | phpBB/docs/coding-guidelines.html | 192 | ||||
-rw-r--r-- | phpBB/download.php | 2 | ||||
-rw-r--r-- | phpBB/includes/acp/acp_board.php | 15 | ||||
-rw-r--r-- | phpBB/includes/acp/acp_permissions.php | 4 | ||||
-rw-r--r-- | phpBB/includes/functions.php | 61 | ||||
-rw-r--r-- | phpBB/includes/functions_transfer.php | 8 | ||||
-rw-r--r-- | phpBB/includes/mcp/mcp_front.php | 2 | ||||
-rw-r--r-- | phpBB/includes/mcp/mcp_queue.php | 6 | ||||
-rw-r--r-- | phpBB/includes/message_parser.php | 21 | ||||
-rw-r--r-- | phpBB/includes/session.php | 100 | ||||
-rw-r--r-- | phpBB/includes/ucp/ucp_pm_compose.php | 3 | ||||
-rw-r--r-- | phpBB/includes/ucp/ucp_pm_options.php | 2 | ||||
-rw-r--r-- | phpBB/install/schemas/schema_data.sql | 3 | ||||
-rw-r--r-- | phpBB/language/en/acp/board.php | 11 | ||||
-rw-r--r-- | phpBB/language/en/common.php | 32 | ||||
-rw-r--r-- | phpBB/memberlist.php | 30 | ||||
-rw-r--r-- | phpBB/styles/subSilver/template/message_body.html | 2 | ||||
-rwxr-xr-x | phpBB/ucp.php | 3 | ||||
-rw-r--r-- | phpBB/viewforum.php | 2 | ||||
-rw-r--r-- | phpBB/viewonline.php | 69 | ||||
-rw-r--r-- | phpBB/viewtopic.php | 4 |
21 files changed, 418 insertions, 154 deletions
diff --git a/phpBB/docs/coding-guidelines.html b/phpBB/docs/coding-guidelines.html index ee0b9f4e86..d45a39f4df 100644 --- a/phpBB/docs/coding-guidelines.html +++ b/phpBB/docs/coding-guidelines.html @@ -179,7 +179,7 @@ body { <a name="top"></a><div id="main"> -<p>This is the April, 2005 revision of the phpBB Coding Guidelines, all attempts should be made to follow it as closely as possible. This document is (c) 2005 phpBB Group, copying or redistribution is not allowed without permission.</p> +<p>These are the phpBB Coding Guidelines for Olympus, all attempts should be made to follow it as closely as possible. This document is (c) 2006 phpBB Group, copying or redistribution is not allowed without permission.</p> <h1>Coding Guidelines</h1> @@ -200,6 +200,7 @@ body { </ol> <li><a href="#styling">Styling</a></li> <li><a href="#templating">Templating</a></li> + <li><a href="#changes">Guidelines Changelog</a></li> </ol> <hr /> @@ -212,6 +213,14 @@ body { <h3>Tabs vs Spaces:</h3> <p>In order to make this as simple as possible, we will be using tabs, not spaces. Feel free to set how many spaces your editor uses when it <b>displays</b> tabs, but make sure that when you <b>save</b> the file, it's saving tabs and not spaces. This way, we can each have the code be displayed the way we like it, without breaking the layout of the actual files.</p> + <p>Additionally please check your editor for the indent size. If tabs are set to 4 spaces for example, the indent size needs to be 4 too:</p> + + <blockquote><pre> +$mode{TAB}{TAB}= request_var('mode', ''); +$search_id{TAB}= request_var('search_id', ''); + </blockquote></pre> + + <p>If entered with tabs (replace the {TAB}) both equal signs need to be on the same column.</p> <h3>Linefeeds:</h3> <p>Ensure that your editor is saving files in the UNIX format. This means lines are terminated with a newline, not with a CR/LF combo as they are on Win32, or whatever the Mac uses. Any decent editor should be able to do this, but it might not always be the default. Know your editor. If you want advice on Windows text editors, just ask one of the developers. Some of them do their editing on Win32.</p> @@ -233,7 +242,7 @@ body { * * @package {PACKAGENAME} * @version $Id: $ -* @copyright (c) 2005 phpBB Group +* @copyright (c) 2006 phpBB Group * @license http://opensource.org/licenses/gpl-license.php GNU Public License * */ @@ -247,9 +256,7 @@ body { <blockquote><pre> /** -* * {HEADER} -* */ /** @@ -303,28 +310,34 @@ class ... <li><b>phpBB3</b><br />Core files and all files not assigned to a seperate package</li> <li><b>acm</b><br /><code>/includes/acm</code><br />Cache System, seperated because of equal class names <ul> + <li><b>acm_main</b><br /><code>/includes/acm/acm_main.php</code><br />Base caching class. All functions obtaining cached data should be placed into this file</li> <li><b>acm_db</b><br /><code>/includes/acm/acm_db.php</code><br />Database based caching</li> <li><b>acm_file</b><br /><code>/includes/acm/acm_file.php</code><br />File based caching</li> </ul> </li> - <li><b>dbal</b><br /><code>/includes/db</code><br />Database Abstraction Layer, seperated because of equal class names.<br />Every database class is a seperate package preceeded by dbal_ + <li><b>acp</b><br /><code>/adm</code>, <code>/includes/acp</code>, <code>/includes/functions_admin.php</code><br />Administration Control Panel</li> + <li><b>dbal</b><br /><code>/includes/db</code><br />Database Abstraction Layer.<br />Base class is <code>dbal</code> <ul> - <li><b>dbal_db2</b><br /><code>/includes/db/db2.php</code><br />DB2 Database Abstraction Layer</li> <li><b>dbal_firebird</b><br /><code>/includes/db/firebird.php</code><br />Firebird/Interbase Database Abstraction Layer<br />Minimum Requirement is Firebird 1.5+/Interbase 7.1+</li> <li><b>dbal_mssql</b><br /><code>/includes/db/msssql.php</code><br />MSSQL Database Abstraction Layer<br />Minimum Requirement is MSSQL 2000+</li> - <li><b>dbal_odbc_mssql</b><br /><code>/includes/db/mssql-odbc.php</code><br />MSSQL ODBC Database Abstraction Layer for MSSQL<br />Minimum Requirement is Version 2000+</li> + <li><b>dbal_mssql_odbc</b><br /><code>/includes/db/mssql_odbc.php</code><br />MSSQL ODBC Database Abstraction Layer for MSSQL<br />Minimum Requirement is Version 2000+</li> <li><b>dbal_mysql</b><br /><code>/includes/db/mysql.php</code><br />MySQL Database Abstraction Layer<br />Minimum Requirement is 3.23+/4.0+/4.1+</li> - <li><b>dbal_mysqli</b><br /><code>/includes/db/mysqli.php</code><br />MySQL4 Database Abstraction Layer<br />Minimum Requirement is MySQL 4.1+</li> + <li><b>dbal_mysql4</b><br /><code>/includes/db/mysql4.php</code><br />MySQL4 Database Abstraction Layer<br />Minimum Requirement is 4.0+/4.1+/5.0+</li> + <li><b>dbal_mysqli</b><br /><code>/includes/db/mysqli.php</code><br />MySQLi Database Abstraction Layer<br />Minimum Requirement is MySQLi extension with MySQL 4.1+/5.0+</li> <li><b>dbal_oracle</b><br /><code>/includes/db/oracle.php</code><br />Oracle Database Abstraction Layer</li> <li><b>dbal_postgres</b><br /><code>/includes/db/postgres.php</code><br />PostgreSQL Database Abstraction Layer<br />Minimum Requirement is Version 7.3+</li> <li><b>dbal_sqlite</b><br /><code>/includes/db/sqlite.php</code><br />Sqlite Database Abstraction Layer</li> </ul> </li> + <li><b>docs</b><br /><code>/docs</code><br />phpBB Documentation</li> + <li><b>images</b><br /><code>/images</code><br />All global images not connected to styles</li> + <li><b>install</b><br /><code>/install</code><br />Installation System</li> + <li><b>language</b><br /><code>/language</code><br />All language files</li> <li><b>login</b><br /><code>/includes/auth</code><br />Login Authentication Plugins</li> - <li><b>mcp</b><br /><code>mcp.php</code>, <code>/includes/mcp</code><br />Moderator Control Panel</li> + <li><b>mcp</b><br /><code>mcp.php</code>, <code>/includes/mcp</code>, <code>report.php</code><br />Moderator Control Panel</li> <li><b>ucp</b><br /><code>ucp.php</code>, <code>/includes/ucp</code><br />User Control Panel</li> - <li><b>search</b><br /><code>/includes/search</code><br />Search System</li> - <li><b>acp</b><br /><code>/adm</code><br />Administration Control Panel</li> + <li><b>search</b><br /><code>/includes/search</code>, <code>search.php</code><br />Search System</li> + <li><b>styles</b><br /><code>/styles</code>, <code>style.php</code><br />phpBB Styles/Templates/Themes/Imagesets</li> </ul> </div> @@ -335,6 +348,8 @@ class ... <a name="code"></a><h1>2. Code Layout/Guidelines</h1> + <p>Please note that these Guidelines also applies to js code.</p> + <a name="namingvars"></a><b>2.i. Variable/Function Naming</b> <br /><br /> <div class="paragraph"> @@ -468,7 +483,7 @@ do_stuff( $i, "foo", $b ); do_stuff($i, "foo", $b); for($i=0; $i<$size; $i++) ... -for($i = 0; $i < $size; $i++) ... +for ($i = 0; $i < $size; $i++) ... $i=($j < $size)?0:1; $i = ($j < $size) ? 0 : 1; @@ -484,12 +499,12 @@ $bool = ($i < 7 && $j > 8 || $k == 4); <p class="bad">// now you can be certain what I'm doing here.</p> <blockquote><pre> -$bool = (($i < 7) && (($j < 8) || ($k == 4))) +$bool = (($i < 7) && (($j < 8) || ($k == 4))); </pre></blockquote> <p class="good">// But this one is even better, because it is easier on the eye but the intention is preserved</p> <blockquote><pre> -$bool = ($i < 7 && ($j < 8 || $k == 4)) +$bool = ($i < 7 && ($j < 8 || $k == 4)); </pre></blockquote> <h3>Quoting strings:</h3> @@ -590,6 +605,92 @@ if (isset($forum)) ... if (isset($forum) && $forum == 5) </pre></blockquote> + <h3>Switch statements:</h3> + <p>Switch/case code blocks can get a bit long sometimes. To have some level of notice and being in-line with the opening/closing brace requirement (where they are on the same line for better readability), this also applies to switch/case code blocks and the breaks. An example:</p> + + <p class="bad">// Wrong </p> + <blockquote><pre> +switch ($mode) +{ + case 'mode1': + // I am doing something here + break; + case 'mode2': + // I am doing something completely different here + break; +} + </pre></blockquote> + + <p class="good">// Good </p> + <blockquote><pre> +switch ($mode) +{ + case 'mode1': + // I am doing something here + break; + + case 'mode2': + // I am doing something completely different here + break; + + default: + // Always assume that the case got not catched + break; +} + </pre></blockquote> + + <p class="good">// Also good, if you have more code between the case and the break </p> + <blockquote><pre> +switch ($mode) +{ + case 'mode1': + + // I am doing something here + + break; + + case 'mode2': + + // I am doing something completely different here + + break; + + default: + + // Always assume that the case got not catched + + break; +} + </pre></blockquote> + + <p>Even if the break for the default case is not needed, it is sometimes better to include it just for readability and completeness.</p> + + <p>If no break is intended, please add a comment instead. An example:</p> + + <p class="good">// Example with no break </p> + <blockquote><pre> +switch ($mode) +{ + case 'mode1': + + // I am doing something here + + // no break here + + case 'mode2': + + // I am doing something completely different here + + break; + + default: + + // Always assume that the case got not catched + + break; +} + </pre></blockquote> + </div> <a href="#top">Top</a> <br /><br /> @@ -604,7 +705,7 @@ if (isset($forum) && $forum == 5) <p>All SQL commands should utilise the DataBase Abstraction Layer (DBAL)</p> <h3>SQL code layout:</h3> - <p>SQL Statements are often unreadable without some formatting, since they tend to be big at times. Though the formatting of sql statements adds a lot to the readability of code. SQL statements should be formatted in the following way, basically writing keywords :</p> + <p>SQL Statements are often unreadable without some formatting, since they tend to be big at times. Though the formatting of sql statements adds a lot to the readability of code. SQL statements should be formatted in the following way, basically writing keywords: </p> <blockquote><pre> $sql = 'SELECT * @@ -648,7 +749,7 @@ $sql = 'SELECT * <h3>Common DBAL methods: </h3> - <p>Always use <code>$db->sql_escape()</code> if you need to check for a string within an SQL statement, for example:</p> + <p>Always use <code>$db->sql_escape()</code> if you need to check for a string within an SQL statement (even if you are sure the variable can not contain single quotes - never trust your input), for example:</p> <blockquote><pre> $sql = 'SELECT * @@ -683,6 +784,8 @@ $sql = 'UPDATE ' . SOME_TABLE . ' $db->sql_query($sql); </pre></blockquote> + <p>The <code>$db->sql_build_array()</code> function supports the following modes: <code>INSERT</code> (example above), <code>INSERT_SELECT</code> (building query for <code>INSERT INTO table (...) SELECT value, column ...</code> statements), <code>MULTI_INSERT</code> (for returning extended inserts), <code>UPDATE</code> (example above) and <code>SELECT</code> (for building WHERE statement [AND logic]).</p> + </div> <a href="#top">Top</a> <br /><br /> @@ -729,7 +832,8 @@ for ($i = 0, $size = sizeof($post_data); $i < $size; $i++) <p>No attempt should be made to remove any copyright information (either contained within the source or displayed interactively when the source is run/compiled), neither should the copyright information be altered in any way (it may be added to)</p> <h3>Variables: </h3> - <p>Make use of the <code>request_var()</code> function for anything except for submit or single checking params. Example:</p> + <p>Make use of the <code>request_var()</code> function for anything except for submit or single checking params. </p> + <p>The request_var function determines the type to set from the second parameter (which determines the default value too). If you need to get a scalar variable type, you need to tell this the request_var function explicitly. Examples:</p> <p class="bad">// Old method, do not use it</p> <blockquote><pre> @@ -748,10 +852,20 @@ $submit = (isset($_POST['submit'])) ? true : false; $start = request_var('start', '0'); </pre></blockquote> + <p class="good">// Getting an array, keys are integers, value defaults to 0 + <blockquote><pre> +$mark_array = request_var('mark', array(0)); + </blockquote></pre> + + <p class="good">// Getting an array, keys are strings, value defaults to 0 + <blockquote><pre> +$action_ary = request_var('action', array('' => 0)); + </blockquote></pre> + <h3>Login checks/redirection: </h3> <p>To show a forum login box use <code>login_forum_box($forum_data)</code>, else use the <code>login_box()</code> function.</p> - <h3>Sensitive Operatiosn: </h3> + <h3>Sensitive Operations: </h3> <p>For sensitive operations always let the user confirm the action. For the confirmation screens, make use of the <code>confirm_box()</code> function.</p> <h3>Sessions: </h3> @@ -772,8 +886,12 @@ $user->setup(); trigger_error('NO_FORUM'); </pre></blockquote> + <h3>Url formatting</h3> + + <p>All urls pointing to internal files need to be prepended by the <code>$phpbb_root_path</code> variable. Within the administration control panel all urls pointing to internal files need to be prepended by the <code>$phpbb_admin_path</code> variable. This makes sure the path is always correct and users being able to just rename the admin folder and the acp still working as intended.</p> + <h3>General Functions: </h3> - <p>Use <code>sizeof</code> instead of <code>count</code>, this is just a general preference and guideline and has no other benefit.</p> + <p>Use <code>sizeof</code> instead of <code>count</code>, this is just a general preference and guideline and has no other benefit than to be consistent.</p> <p>Use <code>strpos</code> instead of <code>strstr</code>.</p> @@ -1031,8 +1149,44 @@ markup </div> <a href="#top">Top</a> +<br /><br /> <hr /> + +<a name="changes"></a><h1>5. Guidelines Changelog</h1> +<div class="paragraph"> + +<h2>Revision 1.7</h2> + +<ul class="menu"> + <li>Updated <a href="#locations">1.iii. File Locations</a> to reflect recent updates</li> + <li>Added paragraph about switch statements to <a href="#codelayout">2.ii. Code Layout</a></li> + <li>Updated <a href="#sql">2.iii. SQL/SQL Layout</a></li> + <li>Added paragraph about url formatting to <a href="#general">2.v. General Guidelines</a></li> +</ul> + +<h2>Revision 1.6</h2> + +<ul class="menu"> + <li>Added more information to Tabs vs. Spaces paragraph</li> +</ul> + +<h2>Revision 1.5</h2> + +<ul class="menu"> + <li>$user->start now $user->session_begin</li> +</ul> + +<h2>Revision 1.3</h2> + +<ul class="menu"> + <li>Updated Section 1.iii. - dbal layout</li> + <li>Extended Section 2.v. - usage of request_var()</li> +</ul> + +</div> +<a href="#top">Top</a> + </div> <div id="footer"> $Id$ diff --git a/phpBB/download.php b/phpBB/download.php index c681e5e3b6..abc970ea88 100644 --- a/phpBB/download.php +++ b/phpBB/download.php @@ -134,7 +134,7 @@ if ($download_mode == PHYSICAL_LINK) trigger_error($user->lang['PHYSICAL_DOWNLOAD_NOT_POSSIBLE']); } - redirect($phpbb_root_path . $config['upload_path'] . '/' . $attachment['physical_filename']); + redirect($config['upload_path'] . '/' . $attachment['physical_filename']); } else { diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index c65647bc48..1414bbdc82 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -192,21 +192,26 @@ class acp_board 'title' => 'ACP_SERVER_SETTINGS', 'vars' => array( 'legend1' => 'ACP_SERVER_SETTINGS', - 'server_name' => array('lang' => 'SERVER_NAME', 'type' => 'text:40:255', 'explain' => true), - 'server_port' => array('lang' => 'SERVER_PORT', 'type' => 'text:5:5', 'explain' => true), - 'script_path' => array('lang' => 'SCRIPT_PATH', 'type' => 'text::255', 'explain' => true), 'allow_autologin' => array('lang' => 'ALLOW_AUTOLOGIN', 'type' => 'radio:yes_no', 'explain' => true), 'max_autologin_time' => array('lang' => 'AUTOLOGIN_LENGTH', 'type' => 'text:5:5', 'explain' => true), 'ip_check' => array('lang' => 'IP_VALID', 'type' => 'custom', 'method' => 'select_ip_check', 'explain' => true), 'browser_check' => array('lang' => 'BROWSER_VALID', 'type' => 'radio:yes_no', 'explain' => true), - 'send_encoding' => array('lang' => 'SEND_ENCODING', 'type' => 'radio:yes_no', 'explain' => true), + 'send_encoding' => array('lang' => 'SEND_ENCODING', 'type' => 'radio:yes_no', 'explain' => true), 'gzip_compress' => array('lang' => 'ENABLE_GZIP', 'type' => 'radio:yes_no', 'explain' => false), 'legend2' => 'PATH_SETTINGS', 'smilies_path' => array('lang' => 'SMILIES_PATH', 'type' => 'text:20:255', 'explain' => true), 'icons_path' => array('lang' => 'ICONS_PATH', 'type' => 'text:20:255', 'explain' => true), 'upload_icons_path' => array('lang' => 'UPLOAD_ICONS_PATH', 'type' => 'text:20:255', 'explain' => true), - 'ranks_path' => array('lang' => 'RANKS_PATH', 'type' => 'text:20:255', 'explain' => true) + 'ranks_path' => array('lang' => 'RANKS_PATH', 'type' => 'text:20:255', 'explain' => true), + + 'legend3' => 'SERVER_URL_SETTINGS', + 'force_server_vars' => array('lang' => 'FORCE_SERVER_VARS', 'type' => 'radio:yes_no', 'explain' => true), + 'server_protocol' => array('lang' => 'SERVER_PROTOCOL', 'type' => 'text:10:10', 'explain' => true), + 'server_name' => array('lang' => 'SERVER_NAME', 'type' => 'text:40:255', 'explain' => true), + 'server_port' => array('lang' => 'SERVER_PORT', 'type' => 'text:5:5', 'explain' => true), +// 'script_path' => array('lang' => 'SCRIPT_PATH', 'type' => 'text::255', 'explain' => true), + ) ); break; diff --git a/phpBB/includes/acp/acp_permissions.php b/phpBB/includes/acp/acp_permissions.php index 5eae82779e..c45ed20b33 100644 --- a/phpBB/includes/acp/acp_permissions.php +++ b/phpBB/includes/acp/acp_permissions.php @@ -32,9 +32,7 @@ class acp_permissions $this->tpl_name = 'acp_permissions'; // Set some vars - $action = request_var('action', array('' => 0)); - list($action, ) = each($action); - + $action = key(request_var('action', array('' => 0))); $action = (isset($_POST['psubmit'])) ? 'apply_permissions' : $action; $all_forums = request_var('all_forums', 0); diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 43fd351b94..4a5838effe 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -629,7 +629,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0) { unset($tracking['t'][$topic_id36]); } - + if (isset($tracking['f'][$f_id])) { unset($tracking['f'][$f_id]); @@ -1041,19 +1041,41 @@ function on_page($num_items, $per_page, $start) } /** -* Generate board url +* Generate board url (example: http://www.foo.bar/phpBB) */ function generate_board_url() { - global $config; + global $config, $user; + + $server_name = (!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'); + $server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT'); + + $url = (($config['cookie_secure']) ? 'https://' : 'http://') . $server_name; - $path = preg_replace('#^/?(.*?)/?$#', '\1', trim($config['script_path'])); + // Forcing server vars is the only way to specify/override the protocol + if ($config['force_server_vars'] || !$server_name) + { + $server_protocol = ($config['server_protocol']) ? $config['server_protocol'] : (($config['cookie_secure']) ? 'https://' : 'http://'); + $server_name = $config['server_name']; + $server_port = (int) $config['server_port']; + + $url = $server_protocol . $server_name; + } - return (($config['cookie_secure']) ? 'https://' : 'http://') . preg_replace('#^/?(.*?)/?$#', '\1', trim($config['server_name'])) . (($config['server_port'] <> 80) ? ':' . trim($config['server_port']) : '') . (($path) ? '/' . $path : ''); + if ($server_port && (($config['cookie_secure'] && $server_port <> 443) || (!$config['cookie_secure'] && $server_port <> 80))) + { + $url .= ':' . $server_port; + } + + $url .= $user->page['root_script_path']; + + return $url; } /** * Redirects the user to another page then exits the script nicely +* Do not prepend url with $phpbb_root_path +* If not prefixed by / or full url given the board url will be prefixed */ function redirect($url) { @@ -1075,9 +1097,13 @@ function redirect($url) // If relative path, prepend board url if (strpos($url, '://') === false && $url{0} != '/') { - $url = generate_board_url() . preg_replace('#^/?(.*?)/?$#', '/\1', trim($url)); + $url = generate_board_url() . '/' . $url; } + /** + * Make sure no HTTP Response Splitting attacks are possible + */ + // Redirect via an HTML form for PITA webservers if (@preg_match('#Microsoft|WebSTAR|Xitami#', getenv('SERVER_SOFTWARE'))) { @@ -1187,10 +1213,10 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo return false; } - // re-add $SID / transform & to & for user->page (user->page is always using & - $use_page = ($u_action) ? $phpbb_root_path . $u_action : $phpbb_root_path . str_replace('&', '&', $user->page); - $u_action = (strpos($use_page, ".{$phpEx}?") !== false) ? str_replace(".{$phpEx}?", ".$phpEx$SID&", $use_page) : $use_page . '?'; - $u_action .= '&confirm_key=' . $confirm_key; + // re-add $SID / transform & to & for user->page (user->page is always using &) + $use_page = ($u_action) ? $phpbb_root_path . $u_action : $phpbb_root_path . str_replace('&', '&', $user->page['page']); + $u_action = (strpos($use_page, 'sid=') === false) ? ((strpos($use_page, '?') !== false) ? str_replace('?', $SID . '&', $use_page) : $use_page . '?' . str_replace('?', '', $SID)) : $use_page; + $u_action .= ((strpos($u_action, '?') === false) ? '?' : '&') . 'confirm_key=' . $confirm_key; $template->assign_vars(array( 'MESSAGE_TITLE' => (!isset($user->lang[$title])) ? $user->lang['CONFIRM'] : $user->lang[$title], @@ -1278,17 +1304,8 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa if (!$redirect) { - $split_page = array(); - preg_match_all('#^.*?([a-z_-]+?)\.' . $phpEx . '?(.*?)$#i', $user->page, $split_page, PREG_SET_ORDER); - - // No script name set? Assume index - if (empty($split_page[0][1])) - { - $split_page[0][1] = 'index'; - } - - // Current page correctly formatted for (login) redirects - $redirect = htmlspecialchars($split_page[0][1] . '.' . $phpEx . $SID . ((!empty($split_page[0][2])) ? '&' . $split_page[0][2] : '')); + // We just use what the session code determined... + $redirect = htmlspecialchars($user->page['page_name'] . $SID . '&' . $user->page['query_string']); } $s_hidden_fields = build_hidden_fields(array('redirect' => $redirect, 'sid' => $SID)); @@ -2015,7 +2032,7 @@ function page_header($page_title = '') 'SITENAME' => $config['sitename'], 'SITE_DESCRIPTION' => $config['site_desc'], 'PAGE_TITLE' => $page_title, - 'SCRIPT_NAME' => substr($user->page, 0, strpos($user->page, '.')), + 'SCRIPT_NAME' => str_replace($phpEx, '', $user->page['page_name']), 'LAST_VISIT_DATE' => sprintf($user->lang['YOU_LAST_VISIT'], $s_last_visit), 'CURRENT_TIME' => sprintf($user->lang['CURRENT_TIME'], $user->format_date(time(), false, true)), 'TOTAL_USERS_ONLINE' => $l_online_users, diff --git a/phpBB/includes/functions_transfer.php b/phpBB/includes/functions_transfer.php index dca6391e4e..2be9790e09 100644 --- a/phpBB/includes/functions_transfer.php +++ b/phpBB/includes/functions_transfer.php @@ -238,6 +238,9 @@ class ftp extends transfer $this->username = $username; $this->password = $password; $this->timeout = $timeout; + + // Make sure $this->root_path is layed out the same way as the $user->page['root_script_path'] value (prefixed with / and no / at the end) + $this->root_path = str_replace('\\', '/', $this->root_path); $this->root_path = (($root_path{0} != '/' ) ? '/' : '') . ((substr($root_path, -1, 1) == '/') ? substr($root_path, 0, -1) : $root_path); // Init some needed values @@ -251,8 +254,9 @@ class ftp extends transfer */ function data() { - global $config; - return array('host' => 'localhost' , 'username' => 'anonymous', 'password' => '', 'root_path' => $config['script_path'], 'port' => 21, 'timeout' => 10); + global $user; + + return array('host' => 'localhost' , 'username' => 'anonymous', 'password' => '', 'root_path' => $user->page['root_script_path'], 'port' => 21, 'timeout' => 10); } /** diff --git a/phpBB/includes/mcp/mcp_front.php b/phpBB/includes/mcp/mcp_front.php index 64982141a4..6c2c4df406 100644 --- a/phpBB/includes/mcp/mcp_front.php +++ b/phpBB/includes/mcp/mcp_front.php @@ -60,6 +60,7 @@ function mcp_front_view($id, $mode, $action) { $post_list[] = $row['post_id']; } + $db->sql_freeresult($result); $sql = 'SELECT p.post_id, p.post_subject, p.post_time, p.poster_id, p.post_username, u.username, t.topic_id, t.topic_title, t.topic_first_post_id, p.forum_id FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . USERS_TABLE . ' u @@ -86,6 +87,7 @@ function mcp_front_view($id, $mode, $action) 'POST_TIME' => $user->format_date($row['post_time'])) ); } + $db->sql_freeresult($result); } if ($total == 0) diff --git a/phpBB/includes/mcp/mcp_queue.php b/phpBB/includes/mcp/mcp_queue.php index 80d3672427..7884298380 100644 --- a/phpBB/includes/mcp/mcp_queue.php +++ b/phpBB/includes/mcp/mcp_queue.php @@ -495,7 +495,7 @@ function approve_post($post_id_list, $mode) confirm_box(false, 'APPROVE_POST' . ((sizeof($post_id_list) == 1) ? '' : 'S'), $s_hidden_fields, 'mcp_approve.html'); } - $redirect = request_var('redirect', "{$phpbb_root_path}index.$phpEx$SID"); + $redirect = request_var('redirect', "index.$phpEx$SID"); if (strpos($redirect, '?') === false) { @@ -509,7 +509,7 @@ function approve_post($post_id_list, $mode) else { meta_refresh(3, $redirect); - trigger_error($user->lang[$success_msg] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>') . '<br /><br />' . sprintf($user->lang['RETURN_FORUM'], "<a href=\"{$phpbb_root_path}viewforum.$phpEx$SID&f=" . $forum_id . '">', '</a>')); + trigger_error($user->lang[$success_msg] . '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $phpbb_root_path . $redirect . '">', '</a>') . '<br /><br />' . sprintf($user->lang['RETURN_FORUM'], "<a href=\"{$phpbb_root_path}viewforum.$phpEx$SID&f=" . $forum_id . '">', '</a>')); } } @@ -715,7 +715,7 @@ function disapprove_post($post_id_list, $mode) confirm_box(false, 'DISAPPROVE_POST' . ((sizeof($post_id_list) == 1) ? '' : 'S'), $s_hidden_fields, 'mcp_approve.html'); } - $redirect = request_var('redirect', "{$phpbb_root_path}index.$phpEx$SID"); + $redirect = request_var('redirect', "index.$phpEx$SID"); if (strpos($redirect, '?') === false) { diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index eb37168fdd..dc206d1ba1 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -667,11 +667,8 @@ class bbcode_firstpass extends bbcode return ''; } - $server_protocol = ( $config['cookie_secure'] ) ? 'https://' : 'http://'; - $server_port = ( $config['server_port'] <> 80 ) ? ':' . trim($config['server_port']) . '/' : '/'; - // relative urls for this board - if (preg_match('#' . $server_protocol . trim($config['server_name']) . $server_port . preg_replace('/^\/?(.*?)(\/)?$/', '$1', trim($config['script_path'])) . '/([^ \t\n\r<"\']+)#i', $url) || + if (preg_match('#' . preg_quote(generate_board_url(), '#') . '/([^ \t\n\r<"\']+)#i', $url) || preg_match('#([\w]+?://.*?[^ \t\n\r<"\']*)#i', $url) || preg_match('#(www\.[\w\-]+\.[\w\-.\~]+(?:/[^ \t\n\r<"\']*)?)#i', $url)) { @@ -803,7 +800,7 @@ class parse_message extends bbcode_firstpass // Parse URL's if ($allow_magic_url) { - $this->magic_url((($config['cookie_secure']) ? 'https://' : 'http://'), $config['server_name'], $config['server_port'], $config['script_path']); + $this->magic_url(generate_board_url()); if ($config['max_' . $mode . '_urls']) { @@ -908,20 +905,18 @@ class parse_message extends bbcode_firstpass // Replace magic urls of form http://xxx.xxx., www.xxx. and xxx@xxx.xxx. // Cuts down displayed size of link if over 50 chars, turns absolute links // into relative versions when the server/script path matches the link - function magic_url($server_protocol, $server_name, $server_port, $script_path) + function magic_url($server_url) { static $match; static $replace; - $server_port = ($server_port <> 80 ) ? ':' . trim($server_port) . '/' : '/'; - if (!is_array($match)) { $match = $replace = array(); // Be sure to not let the matches cross over. ;) // relative urls for this board - $match[] = '#(^|[\n ]|\()(' . preg_quote($server_protocol . trim($server_name) . $server_port . preg_replace('/^\/?(.*?)(\/)?$/', '$1', trim($script_path)), '#') . ')/([^ \t\n\r<"\'\)&]+|&(?!lt;))*)#i'; + $match[] = '#(^|[\n ]|\()(' . preg_quote($server_url, '#') . ')/([^ \t\n\r<"\'\)&]+|&(?!lt;))*)#i'; $replace[] = '$1<!-- l --><a href="$2/$3">$3</a><!-- l -->'; // matches a xxxx://aaaaa.bbb.cccc. ... @@ -1011,7 +1006,7 @@ class parse_message extends bbcode_firstpass // Parse Attachments function parse_attachments($form_name, $mode, $forum_id, $submit, $preview, $refresh, $is_message = false) { - global $config, $auth, $user, $phpbb_root_path; + global $config, $auth, $user, $phpbb_root_path, $phpEx; $error = array(); @@ -1075,6 +1070,8 @@ class parse_message extends bbcode_firstpass // Perform actions on temporary attachments if ($delete_file) { + include_once($phpbb_root_path . 'includes/functions_admin.' . $phpEx); + $index = (int) key($_POST['delete_file']); // delete selected attachment @@ -1089,10 +1086,6 @@ class parse_message extends bbcode_firstpass } else { - if (!function_exists('delete_attachments')) - { - include_once($phpbb_root_path . 'includes/functions_admin.' . $phpEx); - } delete_attachments('attach', array(intval($this->attachment_data[$index]['attach_id']))); } diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index e80a5a3ce1..9bf6068e46 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -18,12 +18,81 @@ class session var $cookie_data = array(); var $browser = ''; var $ip = ''; - var $page = ''; + var $page = array(); var $current_page_filename = ''; var $load; var $time_now = 0; /** + * Extract current session page + */ + function extract_current_page($root_path) + { + $page_array = array(); + + // First of all, get the request uri... + $script_name = (!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : getenv('PHP_SELF'); + $args = (!empty($_SERVER['QUERY_STRING'])) ? explode('&', $_SERVER['QUERY_STRING']) : explode('&', getenv('QUERY_STRING')); + + // If we are unable to get the script name we use REQUEST_URI as a failover and note it within the page array for easier support... + if (!$script_name) + { + $script_name = (!empty($_SERVER['REQUEST_URI'])) ? $_SERVER['REQUEST_URI'] : getenv('REQUEST_URI'); + $page['failover'] = 1; + } + + // Replace backslashes and doubled slashes (could happen on some proxy setups) + $script_name = str_replace(array('\\', '//'), '/', $script_name); + + // Now, remove the sid and let us get a clean query string... + foreach ($args as $key => $argument) + { + if (strpos($argument, 'sid=') === 0) + { + unset($args[$key]); + break; + } + } + + // The current query string + $query_string = trim(implode('&', $args)); + + // basenamed page name (for example: index.php) + $page_name = htmlspecialchars(basename($script_name)); + + // current directory within the phpBB root (for example: adm) + $page_dir = substr(str_replace(str_replace('\\', '/', realpath($root_path)), '', str_replace('\\', '/', realpath('./'))), 1); + + // Current page from phpBB root (for example: adm/index.php?i=10) + $page = (($page_dir) ? $page_dir . '/' : '') . $page_name . (($query_string) ? "?$query_string" : ''); + + // The script path from the webroot to the current directory (for example: /phpBB2/adm) : always prefixed with / + $script_path = trim(str_replace('\\', '/', dirname($script_name))); + + // The script path from the webroot to the phpBB root (for example: /phpBB2) + $root_script_path = ($page_dir) ? str_replace('/' . $page_dir, '', $script_path) : $script_path; + + // We are on the base level (phpBB root == webroot), lets adjust the variables a bit... + if (!$root_script_path) + { + $root_script_path = ($page_dir) ? str_replace($page_dir, '', $script_path) : $script_path;; + } + + $page_array += array( + 'page_name' => $page_name, + 'page_dir' => $page_dir, + + 'query_string' => $query_string, + 'script_path' => htmlspecialchars($script_path), + 'root_script_path' => htmlspecialchars($root_script_path), + + 'page' => $page + ); + + return $page_array; + } + + /** * Start session management * * This is where all session activity begins. We gather various pieces of @@ -38,29 +107,14 @@ class session */ function session_begin() { - global $phpEx, $SID, $db, $config; + global $phpEx, $SID, $db, $config, $phpbb_root_path; $this->time_now = time(); $this->browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? $_SERVER['HTTP_USER_AGENT'] : ''; - $this->page = (!empty($_SERVER['REQUEST_URI'])) ? $_SERVER['REQUEST_URI'] . ((isset($_POST['f'])) ? 'f=' . intval($_POST['f']) : '') : ''; - $sid = substr($this->page, strpos($this->page, 'sid='), 36); - - /** - * @todo: getting away with script_path or being more strict in it's format - */ - $script_path = $config['script_path']; - if ($script_path{0} != '/') - { - $script_path = '/' . $script_path; - } - - if ($script_path{(strlen($script_path)-1)} != '/') - { - $script_path .= '/'; - } - $this->page = str_replace(array($script_path, (strlen($sid) == 36 && strpos($sid, '&') === false) ? $sid : 'sid='), '', $this->page); + $this->page = $this->extract_current_page($phpbb_root_path); + $this->page['page'] .= (isset($_POST['f'])) ? ((strpos($this->page['page'], '?') !== false) ? '&' : '?') . 'f=' . intval($_POST['f']) : ''; $this->cookie_data = array(); if (isset($_COOKIE[$config['cookie_name'] . '_sid']) || isset($_COOKIE[$config['cookie_name'] . '_u'])) @@ -126,10 +180,10 @@ class session if ($u_ip == $s_ip && $s_browser == $u_browser) { // Only update session DB a minute or so after last update or if page changes - if ($this->time_now - $this->data['session_time'] > 60 || $this->data['session_page'] != $this->page) + if ($this->time_now - $this->data['session_time'] > 60 || $this->data['session_page'] != $this->page['page']) { $sql = 'UPDATE ' . SESSIONS_TABLE . " - SET session_time = $this->time_now, session_page = '" . $db->sql_escape($this->page) . "' + SET session_time = $this->time_now, session_page = '" . $db->sql_escape($this->page['page']) . "' WHERE session_id = '" . $db->sql_escape($this->session_id) . "'"; $db->sql_query($sql); } @@ -317,7 +371,7 @@ class session 'session_last_visit' => (int) $this->data['session_last_visit'], 'session_time' => (int) $this->time_now, 'session_browser' => (string) $this->browser, - 'session_page' => (string) $this->page, + 'session_page' => (string) $this->page['page'], 'session_ip' => (string) $this->ip, 'session_admin' => ($set_admin) ? 1 : 0, 'session_viewonline' => ($viewonline) ? 1 : 0, @@ -888,7 +942,7 @@ class user extends session { global $SID; - if (strpos($this->page, 'mode=reg_details') !== false && strpos($this->page, "ucp.$phpEx") !== false) + if (strpos($this->page['page_query'], 'mode=reg_details') !== false && $this->page['page_name'] == "ucp.$phpEx") { redirect("ucp.$phpEx$SID&i=profile&mode=reg_details"); } diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index fa17b008b6..2ab9bcdca3 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -59,8 +59,7 @@ function compose_pm($id, $mode, $action) // Was cancel pressed? If so then redirect to the appropriate page if ($cancel || ($current_time - $lastclick < 2 && $submit)) { - $redirect = "{$phpbb_root_path}ucp.$phpEx$SID&i=pm&mode=view&action=view_message" . (($msg_id) ? "&p=$msg_id" : ''); - redirect($redirect); + redirect("ucp.$phpEx$SID&i=pm&mode=view&action=view_message" . (($msg_id) ? "&p=$msg_id" : '')); } $sql = ''; diff --git a/phpBB/includes/ucp/ucp_pm_options.php b/phpBB/includes/ucp/ucp_pm_options.php index bb0a22102b..41475b2f8b 100644 --- a/phpBB/includes/ucp/ucp_pm_options.php +++ b/phpBB/includes/ucp/ucp_pm_options.php @@ -294,7 +294,7 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit if (!$delete_id) { - redirect("{$phpbb_root_path}ucp.$phpEx$SID&i=pm&mode=$mode"); + redirect("ucp.$phpEx$SID&i=pm&mode=$mode"); } // Do we need to confirm? diff --git a/phpBB/install/schemas/schema_data.sql b/phpBB/install/schemas/schema_data.sql index d70ee22bb8..a676b934e3 100644 --- a/phpBB/install/schemas/schema_data.sql +++ b/phpBB/install/schemas/schema_data.sql @@ -85,6 +85,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('email_pm', '1'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('enable_confirm', '0'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('enable_pm_icons', '1'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('flood_interval', '15'); +INSERT INTO phpbb_config (config_name, config_value) VALUES ('force_server_vars', '0'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('forward_pm', '1'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('full_folder_action', '2'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('gzip_compress', '0'); @@ -165,7 +166,6 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('queue_interval', ' INSERT INTO phpbb_config (config_name, config_value) VALUES ('ranks_path', 'images/ranks'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('require_activation', '0'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('save_passwd', '3'); -INSERT INTO phpbb_config (config_name, config_value) VALUES ('script_path', ''); INSERT INTO phpbb_config (config_name, config_value) VALUES ('search_block_size', '250'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('search_gc', '7200'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('search_interval', '0'); @@ -177,6 +177,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('secure_downloads', INSERT INTO phpbb_config (config_name, config_value) VALUES ('send_encoding', '0'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_name', ''); INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_port', ''); +INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_protocol', ''); INSERT INTO phpbb_config (config_name, config_value) VALUES ('session_gc', '3600'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('session_length', '3600'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('site_desc', 'A _little_ text to describe your forum'); diff --git a/phpBB/language/en/acp/board.php b/phpBB/language/en/acp/board.php index f995670122..b28827a0c9 100644 --- a/phpBB/language/en/acp/board.php +++ b/phpBB/language/en/acp/board.php @@ -119,13 +119,18 @@ $lang = array_merge($lang, array( // Server settings $lang = array_merge($lang, array( 'ACP_SERVER_SETTINGS_EXPLAIN' => 'Here you define server and domain dependant settings. Please ensure the data you enter is accurate, errors will result in emails containing incorrect information. When entering the domain name remember it does include http:// or other protocol term. Only alter the port number if you know your server uses a different value, port 80 is correct in most cases.', + 'FORCE_SERVER_VARS' => 'Force server url settings', + 'FORCE_SERVER_VARS_EXPLAIN' => 'If set to yes the server settings defined here will be used in favor of the automatically determined values', 'PATH_SETTINGS' => 'Path Settings', 'SERVER_NAME' => 'Domain Name', - 'SERVER_NAME_EXPLAIN' => 'The domain name this board runs from', - 'SCRIPT_PATH' => 'Script path', - 'SCRIPT_PATH_EXPLAIN' => 'The path where phpBB2 is located relative to the domain name', + 'SERVER_NAME_EXPLAIN' => 'The domain name this board runs from (for example: www.foo.bar)', +// 'SCRIPT_PATH' => 'Script path', +// 'SCRIPT_PATH_EXPLAIN' => 'The path where phpBB2 is located relative to the domain name', 'SERVER_PORT' => 'Server Port', 'SERVER_PORT_EXPLAIN' => 'The port your server is running on, usually 80, only change if different', + 'SERVER_PROTOCOL' => 'Server Protocol', + 'SERVER_PROTOCOL_EXPLAIN' => 'This is used as the server protocol if these settings are forced. If empty or not forced the protocol is determined by the cookie secure settings (http:// or https://)', + 'SERVER_URL_SETTINGS' => 'Server URL Settings', 'IP_VALID' => 'Session IP validation', 'IP_VALID_EXPLAIN' => 'Determines how much of the users IP is used to validate a session; All compares the complete address, A.B.C the first x.x.x, A.B the first x.x, None disables checking.', 'ALL' => 'All', diff --git a/phpBB/language/en/common.php b/phpBB/language/en/common.php index ac6c36d08c..efd2ff57e1 100644 --- a/phpBB/language/en/common.php +++ b/phpBB/language/en/common.php @@ -113,6 +113,7 @@ $lang = array_merge($lang, array( 'DISPLAY_POSTS' => 'Display posts from previous', 'DISPLAY_TOPICS' => 'Display topics from previous', 'DOWNLOADED' => 'Downloaded', + 'DOWNLOADING_FILE' => 'Downloading file', 'DOWNLOAD_COUNT' => '%d Time', 'DOWNLOAD_COUNTS' => '%d Times', 'DOWNLOAD_NONE' => '0 Times', @@ -346,6 +347,7 @@ $lang = array_merge($lang, array( 'REPLYING_MESSAGE' => 'Replying to message in %s', 'REPORT_BY' => 'Report by', 'REPORT_POST' => 'Report this post', + 'REPORTING_POST' => 'Reporting post', 'RESEND_ACTIVATION' => 'Resend activation email', 'RESET' => 'Reset', 'RETURN_INDEX' => 'Click %sHere%s to return to the index', @@ -442,25 +444,27 @@ $lang = array_merge($lang, array( 'TOTAL_USERS_OTHER' => 'Total members <b>%d</b>', 'TOTAL_USERS_ZERO' => 'Total members <b>0</b>', - 'UNKNOWN_BROWSER' => 'Unknown Browser', - 'UNMARK_ALL' => 'Unmark all', - 'UNREAD_MESSAGES' => 'Unread Messages', - 'UNREAD_PM' => '<b>%d</b> unread message', - 'UNREAD_PMS' => '<b>%d</b> unread messages', - 'UNWATCHED_FORUMS' => 'You are no longer watching the selected forums.', - 'UNWATCHED_TOPICS' => 'You are no longer watching the selected topics.', - 'URL_REDIRECT' => 'If your browser does not support meta redirection please click %sHERE%s to be redirected.', - 'USERGROUPS' => 'Groups', - 'USERNAME' => 'Username', - 'USERNAMES' => 'Usernames', - 'USER_POST' => '%d Post', - 'USER_POSTS' => '%d Posts', - 'USERS' => 'Users', + 'UNKNOWN_BROWSER' => 'Unknown Browser', + 'UNMARK_ALL' => 'Unmark all', + 'UNREAD_MESSAGES' => 'Unread Messages', + 'UNREAD_PM' => '<b>%d</b> unread message', + 'UNREAD_PMS' => '<b>%d</b> unread messages', + 'UNWATCHED_FORUMS' => 'You are no longer watching the selected forums.', + 'UNWATCHED_TOPICS' => 'You are no longer watching the selected topics.', + 'UPLOAD_IN_PROGRESS' => 'The upload is currently in progress', + 'URL_REDIRECT' => 'If your browser does not support meta redirection please click %sHERE%s to be redirected.', + 'USERGROUPS' => 'Groups', + 'USERNAME' => 'Username', + 'USERNAMES' => 'Usernames', + 'USER_POST' => '%d Post', + 'USER_POSTS' => '%d Posts', + 'USERS' => 'Users', 'VIEWED' => 'Viewed', 'VIEWING_FAQ' => 'Viewing FAQ', 'VIEWING_MEMBERS' => 'Viewing member details', 'VIEWING_ONLINE' => 'Viewing who is online', + 'VIEWING_PROFILE' => 'Viewing member profile', 'VIEWING_UCP' => 'Viewing user control panel', 'VIEWS' => 'Views', 'VIEW_BOOKMARKS' => 'View bookmarks', diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index 8c02d8f72f..f11f0c134f 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -282,33 +282,33 @@ switch ($mode) trigger_error('NO_USER'); } + // Get user... + $sql = 'SELECT username, user_id, user_type, user_colour, group_id, user_permissions, user_sig, user_sig_bbcode_uid, user_sig_bbcode_bitfield, user_allow_viewemail, user_allow_viewonline, user_posts, user_warnings, user_regdate, user_rank, user_from, user_occ, user_interests, user_website, user_email, user_icq, user_aim, user_yim, user_msnm, user_jabber, user_avatar, user_avatar_width, user_avatar_height, user_avatar_type, user_lastvisit + FROM ' . USERS_TABLE . " + WHERE user_id = $user_id + AND user_type IN (" . USER_NORMAL . ', ' . USER_FOUNDER . ')'; + $result = $db->sql_query($sql); + + if (!($member = $db->sql_fetchrow($result))) + { + trigger_error('NO_USER'); + } + $db->sql_freeresult($result); + // Do the SQL thang $sql = 'SELECT g.group_id, g.group_name, g.group_type FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . " ug WHERE ug.user_id = $user_id - AND g.group_id = ug.group_id" . ((!$auth->acl_gets('a_group')) ? ' AND group_type <> ' . GROUP_HIDDEN : '') . ' + AND g.group_id = ug.group_id" . ((!$auth->acl_get('a_group')) ? ' AND group_type <> ' . GROUP_HIDDEN : '') . ' ORDER BY group_type, group_name'; $result = $db->sql_query($sql); $group_options = ''; while ($row = $db->sql_fetchrow($result)) { - $group_options .= '<option value="' . $row['group_id'] . '">' . (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</option>'; + $group_options .= '<option value="' . $row['group_id'] . '"' . (($row['group_id'] == $member['group_id']) ? ' selected="selected"' : '') . '>' . (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</option>'; } - // - $sql = 'SELECT username, user_id, user_type, user_colour, user_permissions, user_sig, user_sig_bbcode_uid, user_sig_bbcode_bitfield, user_allow_viewemail, user_allow_viewonline, user_posts, user_warnings, user_regdate, user_rank, user_from, user_occ, user_interests, user_website, user_email, user_icq, user_aim, user_yim, user_msnm, user_jabber, user_avatar, user_avatar_width, user_avatar_height, user_avatar_type, user_lastvisit - FROM ' . USERS_TABLE . " - WHERE user_id = $user_id - AND user_type IN (" . USER_NORMAL . ', ' . USER_FOUNDER . ')'; - $result = $db->sql_query($sql); - - if (!($member = $db->sql_fetchrow($result))) - { - trigger_error('NO_USER'); - } - $db->sql_freeresult($result); - $sql = 'SELECT MAX(session_time) AS session_time, MIN(session_viewonline) AS session_viewonline FROM ' . SESSIONS_TABLE . " WHERE session_user_id = $user_id"; diff --git a/phpBB/styles/subSilver/template/message_body.html b/phpBB/styles/subSilver/template/message_body.html index e111f8677d..65e017fd09 100644 --- a/phpBB/styles/subSilver/template/message_body.html +++ b/phpBB/styles/subSilver/template/message_body.html @@ -22,6 +22,4 @@ </tr> </table> - <div style="float: right;"><!-- INCLUDE jumpbox.html --></div> - <!-- INCLUDE overall_footer.html -->
\ No newline at end of file diff --git a/phpBB/ucp.php b/phpBB/ucp.php index 19ffa0bba5..b5e124c5ed 100755 --- a/phpBB/ucp.php +++ b/phpBB/ucp.php @@ -96,6 +96,7 @@ switch ($mode) break; case 'delete_cookies': + // Delete Cookies with dynamic names (do NOT delete poll cookies) if (confirm_box(true)) { @@ -126,7 +127,9 @@ switch ($mode) { confirm_box(false, 'DELETE_COOKIES', ''); } + redirect("index.$phpEx$SID"); + break; } diff --git a/phpBB/viewforum.php b/phpBB/viewforum.php index c576c2c1af..90cac12b19 100644 --- a/phpBB/viewforum.php +++ b/phpBB/viewforum.php @@ -101,7 +101,7 @@ if ($forum_data['forum_link']) $db->sql_query($sql); } - redirect(str_replace('&', '&', $forum_data['forum_link'])); + redirect($forum_data['forum_link']); } // Forum is passworded ... check whether access has been granted to this diff --git a/phpBB/viewonline.php b/phpBB/viewonline.php index 5960b715c6..a031c425c6 100644 --- a/phpBB/viewonline.php +++ b/phpBB/viewonline.php @@ -160,7 +160,7 @@ while ($row = $db->sql_fetchrow($result)) continue; } - preg_match('#^([a-z]+)#i', $row['session_page'], $on_page); + preg_match('#^([a-z/]+)#i', $row['session_page'], $on_page); if (!sizeof($on_page)) { $on_page[1] = ''; @@ -171,15 +171,20 @@ while ($row = $db->sql_fetchrow($result)) case 'index': $location = $user->lang['INDEX']; $location_url = "index.$phpEx$SID"; - break; + break; + + case 'adm/index': + $location = $user->lang['ACP']; + $location_url = "index.$phpEx$SID"; + break; case 'posting': case 'viewforum': case 'viewtopic': preg_match('#f=([0-9]+)#', $row['session_page'], $forum_id); - $forum_id = (sizeof($forum_id)) ? $forum_id[1] : 0; + $forum_id = (sizeof($forum_id)) ? (int) $forum_id[1] : 0; - if ($auth->acl_get('f_list', $forum_id)) + if ($forum_id && $auth->acl_get('f_list', $forum_id)) { $location = ''; switch ($on_page[1]) @@ -191,20 +196,21 @@ while ($row = $db->sql_fetchrow($result)) { case 'reply': $location = sprintf($user->lang['REPLYING_MESSAGE'], $forum_data[$forum_id]); - break; + break; + default: $location = sprintf($user->lang['POSTING_MESSAGE'], $forum_data[$forum_id]); - break; + break; } - break; + break; case 'viewtopic': $location = sprintf($user->lang['READING_TOPIC'], $forum_data[$forum_id]); - break; + break; case 'viewforum': $location = sprintf($user->lang['READING_FORUM'], $forum_data[$forum_id]); - break; + break; } $location_url = "viewforum.$phpEx$SID&f=$forum_id"; @@ -214,43 +220,64 @@ while ($row = $db->sql_fetchrow($result)) $location = $user->lang['INDEX']; $location_url = "index.$phpEx$SID"; } - break; + break; case 'search': $location = $user->lang['SEARCHING_FORUMS']; $location_url = "search.$phpEx$SID"; - break; + break; case 'faq': $location = $user->lang['VIEWING_FAQ']; $location_url = "faq.$phpEx$SID"; - break; + break; case 'viewonline': $location = $user->lang['VIEWING_ONLINE']; $location_url = "viewonline.$phpEx$SID"; - break; + break; case 'memberlist': - $location = $user->lang['VIEWING_MEMBERS']; + $location = (strpos($row['session_page'], 'mode=viewprofile') !== false) ? $user->lang['VIEWING_PROFILE'] : $user->lang['VIEWING_MEMBERS']; $location_url = "memberlist.$phpEx$SID"; - break; + break; + case 'mcp': case 'ucp': $location = $user->lang['VIEWING_UCP']; - $location_url = ''; + + /** + * @todo getting module/mode for ucp and mcp + */ +/* if (strpos($row['session_page'], 'i=pm&mode=compose') !== false) + { + $location = 'Composing PM'; + }*/ + + $location_url = "index.$phpEx$SID"; + break; + + case 'download': + $location = $user->lang['DOWNLOADING_FILE']; + $location_url = "index.$phpEx$SID"; + break; + + case 'report': + $location = $user->lang['REPORTING_POST']; + $location_url = "index.$phpEx$SID"; + break; default: $location = $user->lang['INDEX']; $location_url = "index.$phpEx$SID"; - break; + break; } $template->assign_block_vars('user_row', array( - 'USERNAME' => $row['username'], - 'LASTUPDATE' => $user->format_date($row['session_time']), - 'FORUM_LOCATION'=> $location, - 'USER_IP' => ($auth->acl_get('a_')) ? (($mode == 'lookup' && $session_id == $row['session_id']) ? gethostbyaddr($row['session_ip']) : $row['session_ip']) : '', + 'USERNAME' => $row['username'], + 'LASTUPDATE' => $user->format_date($row['session_time']), + 'FORUM_LOCATION' => $location, + 'USER_IP' => ($auth->acl_get('a_')) ? (($mode == 'lookup' && $session_id == $row['session_id']) ? gethostbyaddr($row['session_ip']) : $row['session_ip']) : '', 'U_USER_PROFILE' => (($row['user_type'] == USER_NORMAL || $row['user_type'] == USER_FOUNDER) && $row['user_id'] != ANONYMOUS) ? "{$phpbb_root_path}memberlist.$phpEx$SID&mode=viewprofile&u=" . $row['user_id'] : '', 'U_USER_IP' => "{$phpbb_root_path}viewonline.$phpEx$SID" . (($mode != 'lookup' || $row['session_id'] != $session_id) ? '&s=' . $row['session_id'] : '') . "&mode=lookup&sg=$show_guests&start=$start&sk=$sort_key&sd=$sort_dir", diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index f3de69429b..079b4ae0fc 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -259,11 +259,11 @@ if (isset($_GET['e'])) { $jump_to = request_var('e', 0); - $redirect_url = "{$phpbb_root_path}viewtopic.$phpEx$SID&f=$forum_id&t=$topic_id"; + $redirect_url = "viewtopic.$phpEx$SID&f=$forum_id&t=$topic_id"; if ($user->data['user_id'] == ANONYMOUS) { - login_box($redirect_url . "&p=$post_id&e=$jump_to", $user->lang['LOGIN_NOTIFY_TOPIC']); + login_box("{$phpbb_root_path}$redirect_url&p=$post_id&e=$jump_to", $user->lang['LOGIN_NOTIFY_TOPIC']); } if ($jump_to > 0) |