diff options
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/adm/style/permission_mask.html | 2 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_groups.php | 1 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_permissions.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/acp/auth.php | 9 | ||||
| -rw-r--r-- | phpBB/includes/functions.php | 15 | ||||
| -rw-r--r-- | phpBB/includes/functions_posting.php | 24 | ||||
| -rw-r--r-- | phpBB/includes/functions_upload.php | 6 | ||||
| -rw-r--r-- | phpBB/includes/functions_user.php | 32 | ||||
| -rw-r--r-- | phpBB/includes/session.php | 13 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_pm_compose.php | 22 | ||||
| -rw-r--r-- | phpBB/install/convertors/convert_phpbb20.php | 1 | ||||
| -rw-r--r-- | phpBB/language/en/acp/common.php | 38 | ||||
| -rw-r--r-- | phpBB/language/en/ucp.php | 2 | ||||
| -rw-r--r-- | phpBB/memberlist.php | 22 | ||||
| -rw-r--r-- | phpBB/posting.php | 8 | ||||
| -rw-r--r-- | phpBB/styles/subSilver/template/login_body.html | 2 | ||||
| -rw-r--r-- | phpBB/styles/subSilver/template/viewforum_body.html | 2 | ||||
| -rw-r--r-- | phpBB/viewforum.php | 1 |
18 files changed, 154 insertions, 48 deletions
diff --git a/phpBB/adm/style/permission_mask.html b/phpBB/adm/style/permission_mask.html index e934324976..471c465807 100644 --- a/phpBB/adm/style/permission_mask.html +++ b/phpBB/adm/style/permission_mask.html @@ -18,7 +18,7 @@ <!-- BEGIN p_mask --> <div class="clearfix"></div> -<h3>{p_mask.NAME}<!-- IF p_mask.S_LOCAL --> <span class="small"> [{p_mask.L_ACL_TYPE}]</span><!-- ENDIF --></h3> +<h3>{p_mask.PADDING}{p_mask.NAME}<!-- IF p_mask.S_LOCAL --> <span class="small"> [{p_mask.L_ACL_TYPE}]</span><!-- ENDIF --></h3> <!-- BEGIN f_mask --> <div class="clearfix"></div> diff --git a/phpBB/includes/acp/acp_groups.php b/phpBB/includes/acp/acp_groups.php index 7af21bb30c..93ab4eedaa 100644 --- a/phpBB/includes/acp/acp_groups.php +++ b/phpBB/includes/acp/acp_groups.php @@ -104,6 +104,7 @@ class acp_groups if (confirm_box(true)) { $group_name = ($group_row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $group_row['group_name']] : $group_row['group_name']; + if (!sizeof($mark_ary)) { $start = 0; diff --git a/phpBB/includes/acp/acp_permissions.php b/phpBB/includes/acp/acp_permissions.php index 225daf01c6..6102088c8f 100644 --- a/phpBB/includes/acp/acp_permissions.php +++ b/phpBB/includes/acp/acp_permissions.php @@ -422,7 +422,7 @@ class acp_permissions $sql = 'SELECT forum_name FROM ' . FORUMS_TABLE . ' WHERE ' . $db->sql_in_set('forum_id', $forum_id) . ' - ORDER BY forum_name ASC'; + ORDER BY left_id ASC'; $result = $db->sql_query($sql); $forum_names = array(); diff --git a/phpBB/includes/acp/auth.php b/phpBB/includes/acp/auth.php index 58e8e47159..c78a2e2025 100644 --- a/phpBB/includes/acp/auth.php +++ b/phpBB/includes/acp/auth.php @@ -437,9 +437,12 @@ class auth_admin extends auth $hold_ary = array(); foreach ($hold_ary_temp as $ug_id => $row) { - foreach ($row as $forum_id => $auth_row) + foreach ($forum_names_ary as $forum_id => $forum_row) { - $hold_ary[$forum_id][$ug_id] = $auth_row; + if (isset($row[$forum_id])) + { + $hold_ary[$forum_id][$ug_id] = $row[$forum_id]; + } } } unset($hold_ary_temp); @@ -451,6 +454,8 @@ class auth_admin extends auth $template->assign_block_vars($tpl_pmask, array( 'NAME' => ($forum_id == 0) ? $forum_names_ary[0] : $forum_names_ary[$forum_id]['forum_name'], + 'PADDING' => ($forum_id == 0) ? '' : $forum_names_ary[$forum_id]['padding'], + 'CATEGORIES' => implode('</th><th>', $categories), 'L_ACL_TYPE' => $l_acl_type, diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index dbe8330c90..dbf2612d20 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2013,7 +2013,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa $username = request_var('username', '', true); $password = request_var('password', '', true); $autologin = (!empty($_POST['autologin'])) ? true : false; - $viewonline = (!empty($_POST['viewonline'])) ? 0 : 1; + $viewonline = (!empty($_POST['viewonline']) && $auth->acl_get('u_hideonline')) ? 0 : 1; $admin = ($admin) ? 1 : 0; $viewonline = ($admin) ? $user->data['session_viewonline'] : $viewonline; @@ -2169,6 +2169,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa 'S_DISPLAY_FULL_LOGIN' => ($s_display) ? true : false, 'S_AUTOLOGIN_ENABLED' => ($config['allow_autologin']) ? true : false, + 'S_ALLOW_HIDE_ONLINE' => ($auth->acl_get('u_hideonline')) ? true : false, 'S_LOGIN_ACTION' => (!$admin) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=login') : append_sid("index.$phpEx", false, true, $user->session_id), // Needs to stay index.$phpEx because we are within the admin directory 'S_HIDDEN_FIELDS' => $s_hidden_fields, @@ -2794,9 +2795,17 @@ function parse_attachments($forum_id, &$message, &$attachments, &$update_count, { if ($config['img_link_width'] || $config['img_link_height']) { - list($width, $height) = getimagesize($filename); + $dimension = getimagesize($filename); - $display_cat = (!$width && !$height) ? ATTACHMENT_CATEGORY_IMAGE : (($width <= $config['img_link_width'] && $height <= $config['img_link_height']) ? ATTACHMENT_CATEGORY_IMAGE : ATTACHMENT_CATEGORY_NONE); + // If the dimensions could not be determined or the image being too small we display it as a link for safety purposes + if ($dimension === false || $dimension[0] < 2 || $dimension[1] < 2) + { + $display_cat = ATTACHMENT_CATEGORY_NONE; + } + else + { + $display_cat = ($dimension[0] <= $config['img_link_width'] && $dimension[1] <= $config['img_link_height']) ? ATTACHMENT_CATEGORY_IMAGE : ATTACHMENT_CATEGORY_NONE; + } } } else diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index 74403f779e..7519c93d15 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -552,9 +552,16 @@ function create_thumbnail($source, $destination, $mimetype) return false; } - list($width, $height, $type, ) = getimagesize($source); + $dimension = getimagesize($source); - if (!$width || !$height) + if ($dimension === false) + { + return false; + } + + list($width, $height, $type, ) = $dimension; + + if ($width < 2 || $height < 2) { return false; } @@ -1578,6 +1585,19 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u 'topic_attachment' => (!empty($data['attachment_data'])) ? 1 : (isset($data['topic_attachment']) ? $data['topic_attachment'] : 0), ); + + // no break; + + case 'edit': + case 'edit_last_post': + + // Correctly set back the topic replies and forum posts... + if (!$auth->acl_get('f_noapprove', $data['forum_id']) && !$auth->acl_get('m_approve', $data['forum_id'])) + { + $sql_data[TOPICS_TABLE]['stat'][] = 'topic_replies = topic_replies - 1'; + $sql_data[FORUMS_TABLE]['stat'][] = 'forum_posts = forum_posts - 1'; + } + break; } diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index 1dd40f3f1c..e07c91e8d0 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -337,6 +337,12 @@ class filespec $this->error[] = sprintf($user->lang['IMAGE_FILETYPE_MISMATCH'], $types[$this->image_info[2]][0], $this->extension); } } + + // Make sure the dimensions match a valid image + if ($this->width < 2 || $this->height < 2) + { + $this->error[] = $user->lang['ATTACHED_IMAGE_NOT_IMAGE']; + } } else { diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index fae22f7ad2..e3e376e287 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -11,8 +11,12 @@ /** * Obtain user_ids from usernames or vice versa. Returns false on * success else the error string +* +* @param array &$user_id_ary The user ids to check or empty if usernames used +* @param array &$username_ary The usernames to check or empty if user ids used +* @param mixed $user_type Array of user types to check, false if not restricting by user type */ -function user_get_id_name(&$user_id_ary, &$username_ary, $only_active = false) +function user_get_id_name(&$user_id_ary, &$username_ary, $user_type = false) { global $db; @@ -45,9 +49,9 @@ function user_get_id_name(&$user_id_ary, &$username_ary, $only_active = false) FROM ' . USERS_TABLE . ' WHERE ' . $db->sql_in_set($sql_where, $sql_in); - if ($only_active) + if ($user_type !== false && !empty($user_type)) { - $sql .= ' AND user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')'; + $sql .= ' AND ' . $db->sql_in_set('user_type', $user_type); } $result = $db->sql_query($sql); @@ -1410,10 +1414,16 @@ function avatar_remote($data, &$error) return false; } + if ($image_data[0] < 2 || $image_data[1] < 2) + { + $error[] = $user->lang['AVATAR_NO_SIZE']; + return false; + } + $width = ($data['width'] && $data['height']) ? $data['width'] : $image_data[0]; $height = ($data['width'] && $data['height']) ? $data['height'] : $image_data[1]; - if (!$width || !$height) + if ($width < 2 || $height < 2) { $error[] = $user->lang['AVATAR_NO_SIZE']; return false; @@ -1630,7 +1640,17 @@ function avatar_process_user(&$error, $custom_userdata = false) } $sql_ary = array(); - $data['user_id'] = ($custom_userdata === false) ? $user->data['user_id'] : $custom_userdata['user_id']; + + if ($custom_userdata === false) + { + $userdata = &$user->data; + } + else + { + $userdata = &$custom_userdata; + } + + $data['user_id'] = $userdata['user_id']; $change_avatar = ($custom_userdata === false) ? $auth->acl_get('u_chgavatar') : true; $avatar_select = basename(request_var('avatar_select', '')); @@ -1669,7 +1689,7 @@ function avatar_process_user(&$error, $custom_userdata = false) $sql_ary['user_avatar'] = ''; $sql_ary['user_avatar_type'] = $sql_ary['user_avatar_width'] = $sql_ary['user_avatar_height'] = 0; } - else if ($data['width'] && $data['height']) + else if ($data['width'] && $data['height'] && ($userdata['user_avatar_type'] != AVATAR_GALLERY)) { // Only update the dimensions? if ($config['avatar_max_width'] || $config['avatar_max_height']) diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 80fd7e0687..454c4fd648 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -915,6 +915,12 @@ class session if ($banned && !$return) { + // If the session is empty we need to create a valid one... + if (empty($this->session_id)) + { + $this->session_create(ANONYMOUS); + } + // Initiate environment ... since it won't be set at this stage $this->setup(); @@ -941,6 +947,13 @@ class session $this->session_kill(false); } + // Ok, we catch the case of an empty session id for the anonymous user... + // This can happen if the user is logging in, banned by username and the login_box() being called "again". + if (empty($this->session_id)) + { + $this->session_create(ANONYMOUS); + } + // Determine which message to output $till_date = ($ban_row['ban_end']) ? $this->format_date($ban_row['ban_end']) : ''; $message = ($ban_row['ban_end']) ? 'BOARD_BAN_TIME' : 'BOARD_BAN_PERM'; diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index b5cba63c97..e9c67bcccf 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -326,7 +326,7 @@ function compose_pm($id, $mode, $action) } // Handle User/Group adding/removing - handle_message_list_actions($address_list, $remove_u, $remove_g, $add_to, $add_bcc); + handle_message_list_actions($address_list, $error, $remove_u, $remove_g, $add_to, $add_bcc); // Check for too many recipients if ((!$config['allow_mass_pm'] || !$auth->acl_get('u_masspm')) && num_recipients($address_list) > 1) @@ -907,9 +907,9 @@ function compose_pm($id, $mode, $action) /** * For composing messages, handle list actions */ -function handle_message_list_actions(&$address_list, $remove_u, $remove_g, $add_to, $add_bcc) +function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove_g, $add_to, $add_bcc) { - global $auth, $db; + global $auth, $db, $user; // Delete User [TO/BCC] if ($remove_u) @@ -956,7 +956,13 @@ function handle_message_list_actions(&$address_list, $remove_u, $remove_g, $add_ if (sizeof($usernames)) { $user_id_ary = array(); - user_get_id_name($user_id_ary, $usernames); + user_get_id_name($user_id_ary, $usernames, array(USER_NORMAL, USER_FOUNDER, USER_INACTIVE)); + + // If there are users not existing, we will at least print a notice... + if (!sizeof($user_id_ary)) + { + $error[] = $user->lang['PM_NO_USERS']; + } } // Add Friends if specified @@ -987,11 +993,19 @@ function handle_message_list_actions(&$address_list, $remove_u, $remove_g, $add_ AND user_allow_pm = 0'; $result = $db->sql_query($sql); + $removed = false; while ($row = $db->sql_fetchrow($result)) { + $removed = true; unset($address_list['u'][$row['user_id']]); } $db->sql_freeresult($result); + + // print a notice about users not being added who do not want to receive pms + if ($removed) + { + $error[] = $user->lang['PM_USERS_REMOVED_NO_PM']; + } } } } diff --git a/phpBB/install/convertors/convert_phpbb20.php b/phpBB/install/convertors/convert_phpbb20.php index 0091f68709..eb7c106d73 100644 --- a/phpBB/install/convertors/convert_phpbb20.php +++ b/phpBB/install/convertors/convert_phpbb20.php @@ -780,6 +780,7 @@ if (!$get_info) array('group_id', 'groups.group_id', ''), array('group_type', 'groups.group_type', 'phpbb_convert_group_type'), array('group_display', 0, ''), + array('group_legend', 0, ''), array('group_name', 'groups.group_name', 'phpbb_convert_group_name'), // phpbb_set_encoding called in phpbb_convert_group_name array('group_desc', 'groups.group_description', 'phpbb_set_encoding'), diff --git a/phpBB/language/en/acp/common.php b/phpBB/language/en/acp/common.php index d1b5af4df3..a75a965dcb 100644 --- a/phpBB/language/en/acp/common.php +++ b/phpBB/language/en/acp/common.php @@ -205,9 +205,9 @@ $lang = array_merge($lang, array( 'DEACTIVATE' => 'Deactivate', 'DIMENSIONS' => 'Dimensions', - 'DIRECTORY_DOES_NOT_EXIST' => 'The entered path "%s" does not exist.', - 'DIRECTORY_NOT_DIR' => 'The entered path "%s" is not a directory.', - 'DIRECTORY_NOT_WRITEABLE' => 'The entered path "%s" is not writeable.', + 'DIRECTORY_DOES_NOT_EXIST' => 'The entered path “%s” does not exist.', + 'DIRECTORY_NOT_DIR' => 'The entered path “%s” is not a directory.', + 'DIRECTORY_NOT_WRITEABLE' => 'The entered path “%s” is not writeable.', 'DISABLE' => 'Disable', 'DOWNLOAD' => 'Download', 'DOWNLOAD_AS' => 'Download as', @@ -411,12 +411,12 @@ $lang = array_merge($lang, array( 'LOG_ATTACH_FILEUPLOAD' => '<strong>Orphan File uploaded to Post</strong><br />» ID %1$d - %2$s', 'LOG_ATTACH_ORPHAN_DEL' => '<strong>Orphan Files deleted</strong><br />» %s', - 'LOG_BAN_EXCLUDE_USER' => '<strong>Excluded user from ban</strong> for reason "<em>%1$s</em>"<br />» %2$s ', - 'LOG_BAN_EXCLUDE_IP' => '<strong>Excluded IP from ban</strong> for reason "<em>%1$s</em>"<br />» %2$s ', - 'LOG_BAN_EXCLUDE_EMAIL' => '<strong>Excluded email from ban</strong> for reason "<em>%1$s</em>"<br />» %2$s ', - 'LOG_BAN_USER' => '<strong>Banned user</strong> for reason "<em>%1$s</em>"<br />» %2$s ', - 'LOG_BAN_IP' => '<strong>Banned IP</strong> for reason "<em>%1$s</em>"<br />» %2$s', - 'LOG_BAN_EMAIL' => '<strong>Banned email</strong> for reason "<em>%1$s</em>"<br />» %2$s', + 'LOG_BAN_EXCLUDE_USER' => '<strong>Excluded user from ban</strong> for reason “<em>%1$s</em>”<br />» %2$s ', + 'LOG_BAN_EXCLUDE_IP' => '<strong>Excluded IP from ban</strong> for reason “<em>%1$s</em>”<br />» %2$s ', + 'LOG_BAN_EXCLUDE_EMAIL' => '<strong>Excluded email from ban</strong> for reason “<em>%1$s</em>”<br />» %2$s ', + 'LOG_BAN_USER' => '<strong>Banned user</strong> for reason “<em>%1$s</em>”<br />» %2$s ', + 'LOG_BAN_IP' => '<strong>Banned IP</strong> for reason “<em>%1$s</em>”<br />» %2$s', + 'LOG_BAN_EMAIL' => '<strong>Banned email</strong> for reason “<em>%1$s</em>”<br />» %2$s', 'LOG_UNBAN_USER' => '<strong>Unbanned user</strong><br />» %s', 'LOG_UNBAN_IP' => '<strong>Unbanned IP</strong><br />» %s', 'LOG_UNBAN_EMAIL' => '<strong>Unbanned email</strong><br />» %s', @@ -499,7 +499,7 @@ $lang = array_merge($lang, array( 'LOG_FORUM_SYNC' => '<strong>Re-synchronised forum</strong><br />» %s', 'LOG_GROUP_CREATED' => '<strong>New usergroup created</strong><br />» %s', - 'LOG_GROUP_DEFAULTS' => '<strong>Group made default for members</strong><br />» %s', + 'LOG_GROUP_DEFAULTS' => '<strong>Group “%1$s” made default for members</strong><br />» %2$s', 'LOG_GROUP_DELETE' => '<strong>Usergroup deleted</strong><br />» %s', 'LOG_GROUP_DEMOTED' => '<strong>Leaders demoted in usergroup</strong> %1$s<br />» %2$s', 'LOG_GROUP_PROMOTED' => '<strong>Members promoted to leader in usergroup</strong> %1$s<br />» %2$s', @@ -523,7 +523,7 @@ $lang = array_merge($lang, array( 'LOG_INSTALL_CONVERTED' => '<strong>Converted from %1$s to phpBB %2$s</strong>', 'LOG_INSTALL_INSTALLED' => '<strong>Installed phpBB %s</strong>', - 'LOG_IP_BROWSER_FORWARDED_CHECK' => '<strong>Session IP/browser/X_FORWARDED_FOR check failed</strong><br />»User IP "<em>%1$s</em>" checked against session IP "<em>%2$s</em>", user browser string "<em>%3$s</em>" checked against session browser string "<em>%4$s</em>" and user X_FORWARDED_FOR string "<em>%5$s</em>" checked against session X_FORWARDED_FOR string "<em>%6$s</em>".', + 'LOG_IP_BROWSER_FORWARDED_CHECK' => '<strong>Session IP/browser/X_FORWARDED_FOR check failed</strong><br />»User IP “<em>%1$s</em>” checked against session IP “<em>%2$s</em>”, user browser string “<em>%3$s</em>” checked against session browser string “<em>%4$s</em>” and user X_FORWARDED_FOR string “<em>%5$s</em>” checked against session X_FORWARDED_FOR string “<em>%6$s</em>”.', 'LOG_JAB_CHANGED' => '<strong>Jabber account changed</strong>', 'LOG_JAB_PASSCHG' => '<strong>Jabber password changed</strong>', @@ -538,7 +538,7 @@ $lang = array_merge($lang, array( 'LOG_MASS_EMAIL' => '<strong>Sent mass email</strong><br />» %s', - 'LOG_MCP_CHANGE_POSTER' => '<strong>Changed poster in topic "%1$s"</strong><br />» from %2$s to %3$s', + 'LOG_MCP_CHANGE_POSTER' => '<strong>Changed poster in topic “%1$s”</strong><br />» from %2$s to %3$s', 'LOG_MODULE_DISABLE' => '<strong>Module disabled</strong>', 'LOG_MODULE_ENABLE' => '<strong>Module enabled</strong>', @@ -616,20 +616,20 @@ $lang = array_merge($lang, array( 'LOG_UPDATE_PHPBB' => '<strong>Updated phpBB from version %1$s to version %2$s</strong>', 'LOG_USER_ACTIVE' => '<strong>User activated</strong><br />» %s', - 'LOG_USER_BAN_USER' => '<strong>Banned User via user management</strong> for reason "<em>%1$s</em>"<br />» %2$s', - 'LOG_USER_BAN_IP' => '<strong>Banned IP via user management</strong> for reason "<em>%1$s</em>"<br />» %2$s', - 'LOG_USER_BAN_EMAIL' => '<strong>Banned email via user management</strong> for reason "<em>%1$s</em>"<br />» %2$s', + 'LOG_USER_BAN_USER' => '<strong>Banned User via user management</strong> for reason “<em>%1$s</em>”<br />» %2$s', + 'LOG_USER_BAN_IP' => '<strong>Banned IP via user management</strong> for reason “<em>%1$s</em>”<br />» %2$s', + 'LOG_USER_BAN_EMAIL' => '<strong>Banned email via user management</strong> for reason “<em>%1$s</em>”<br />» %2$s', 'LOG_USER_DELETED' => '<strong>Deleted user</strong><br />» %s', 'LOG_USER_DEL_ATTACH' => '<strong>Removed all attachments made by the user</strong><br />» %s', 'LOG_USER_DEL_AVATAR' => '<strong>Removed user avatar</strong><br />» %s', 'LOG_USER_DEL_POSTS' => '<strong>Removed all posts made by the user</strong><br />» %s', 'LOG_USER_DEL_SIG' => '<strong>Removed user signature</strong><br />» %s', 'LOG_USER_INACTIVE' => '<strong>User deactivated</strong><br />» %s', - 'LOG_USER_MOVE_POSTS' => '<strong>Moved user posts</strong><br />» posts by "%1$s" to forum "%2$s"', + 'LOG_USER_MOVE_POSTS' => '<strong>Moved user posts</strong><br />» posts by “%1$s” to forum “%2$s”', 'LOG_USER_NEW_PASSWORD' => '<strong>Changed user password</strong><br />» %s', 'LOG_USER_REACTIVATE' => '<strong>Forced user account re-activation</strong><br />» %s', - 'LOG_USER_UPDATE_EMAIL' => '<strong>User "%1$s" changed email</strong><br />» from "%2$s" to "%3$s"', - 'LOG_USER_UPDATE_NAME' => '<strong>Changed username</strong><br />» from "%1$s" to "%2$s"', + 'LOG_USER_UPDATE_EMAIL' => '<strong>User “%1$s” changed email</strong><br />» from “%2$s” to “%3$s”', + 'LOG_USER_UPDATE_NAME' => '<strong>Changed username</strong><br />» from “%1$s” to “%2$s”', 'LOG_USER_USER_UPDATE' => '<strong>Updated user details</strong><br />» %s', 'LOG_USER_ACTIVE_USER' => '<strong>User account activated</strong>', @@ -639,7 +639,7 @@ $lang = array_merge($lang, array( 'LOG_USER_GENERAL' => '%s', 'LOG_USER_INACTIVE_USER' => '<strong>User account de-activated</strong>', 'LOG_USER_LOCK' => '<strong>User locked own topic</strong><br />» %s', - 'LOG_USER_MOVE_POSTS_USER' => '<strong>Moved all posts to forum "%s"</strong>', + 'LOG_USER_MOVE_POSTS_USER' => '<strong>Moved all posts to forum</strong>» %s', 'LOG_USER_REACTIVATE_USER' => '<strong>Forced user account re-activation</strong>', 'LOG_USER_UNLOCK' => '<strong>User unlocked own topic</strong><br />» %s', 'LOG_USER_WARNING' => '<strong>Added user warning</strong><br />» %s', diff --git a/phpBB/language/en/ucp.php b/phpBB/language/en/ucp.php index 459565c7a5..0ed68da8fe 100644 --- a/phpBB/language/en/ucp.php +++ b/phpBB/language/en/ucp.php @@ -315,10 +315,12 @@ $lang = array_merge($lang, array( 'PM_FROM_REMOVED_AUTHOR' => 'This message was sent by a user no longer registered.', 'PM_ICON' => 'PM icon', 'PM_INBOX' => 'Inbox', + 'PM_NO_USERS' => 'The requested users to be added do not exist.', 'PM_OUTBOX' => 'Outbox', 'PM_SENTBOX' => 'Sent messages', 'PM_SUBJECT' => 'Message subject', 'PM_TO' => 'Send to', + 'PM_USERS_REMOVED_NO_PM' => 'Some users couldn’t be added as they have disabled private message receipt.', 'POPUP_ON_PM' => 'Pop up window on new private message', 'POST_EDIT_PM' => 'Edit message', 'POST_FORWARD_PM' => 'Forward message', diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index e1601e9a0d..d29743d8ff 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -359,14 +359,6 @@ switch ($mode) $sql = 'SELECT * FROM ' . USERS_TABLE . ' WHERE ' . (($username) ? "username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'" : "user_id = $user_id"); - - // a_user admins and founder are able to view inactive users and bots to be able to - // manage them more easily - if (!$auth->acl_get('a_user') && $user->data['user_type'] != USER_FOUNDER) - { - $sql .= ' AND user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')'; - } - $result = $db->sql_query($sql); $member = $db->sql_fetchrow($result); $db->sql_freeresult($result); @@ -376,6 +368,20 @@ switch ($mode) trigger_error('NO_USER'); } + // a_user admins and founder are able to view inactive users and bots to be able to manage them more easily + // Normal users are able to see at least users having only changed their profile settings but not yet re-activated. + if (!$auth->acl_get('a_user') && $user->data['user_type'] != USER_FOUNDER) + { + if ($row['user_type'] == USER_IGNORE) + { + trigger_error('NO_USER'); + } + else if ($row['user_type'] == USER_INACTIVE && $row['user_inactive_reason'] != INACTIVE_PROFILE) + { + trigger_error('NO_USER'); + } + } + $user_id = (int) $member['user_id']; // Do the SQL thang diff --git a/phpBB/posting.php b/phpBB/posting.php index e585b73e7d..cf27952e12 100644 --- a/phpBB/posting.php +++ b/phpBB/posting.php @@ -850,7 +850,7 @@ if ($submit || $preview || $refresh) include_once($phpbb_root_path . 'includes/functions_admin.' . $phpEx); $template->assign_vars(array( - 'S_FORUM_SELECT' => make_forum_select(false, false, false, true, true), + 'S_FORUM_SELECT' => make_forum_select(false, false, false, true, true, true), 'S_UNGLOBALISE' => true) ); @@ -859,6 +859,12 @@ if ($submit || $preview || $refresh) } else { + if (!$auth->acl_get('f_post', $to_forum_id)) + { + // This will only be triggered if the user tried to trick the forum. + trigger_error('NOT_AUTHORIZED'); + } + $forum_id = $to_forum_id; } } diff --git a/phpBB/styles/subSilver/template/login_body.html b/phpBB/styles/subSilver/template/login_body.html index 7243c983fe..8afdcf13cc 100644 --- a/phpBB/styles/subSilver/template/login_body.html +++ b/phpBB/styles/subSilver/template/login_body.html @@ -56,10 +56,12 @@ <td><input type="checkbox" class="radio" name="autologin" tabindex="3" /> <span class="gensmall">{L_LOG_ME_IN}</span></td> </tr> <!-- ENDIF --> + <!-- IF S_ALLOW_HIDE_ONLINE --> <tr> <td> </td> <td><input type="checkbox" class="radio" name="viewonline" tabindex="4" /> <span class="gensmall">{L_HIDE_ME}</span></td> </tr> + <!-- ENDIF --> <!-- ENDIF --> </table> </td> diff --git a/phpBB/styles/subSilver/template/viewforum_body.html b/phpBB/styles/subSilver/template/viewforum_body.html index f436b74b65..0b724db8d2 100644 --- a/phpBB/styles/subSilver/template/viewforum_body.html +++ b/phpBB/styles/subSilver/template/viewforum_body.html @@ -122,7 +122,7 @@ <td class="cat"><h4><a href="{U_LOGIN_LOGOUT}">{L_LOGIN_LOGOUT}</a></h4></td> </tr> <tr> - <td class="row1" align="center"><span class="genmed">{L_USERNAME}:</span> <input class="post" type="text" name="username" size="10" /> <span class="genmed">{L_PASSWORD}:</span> <input class="post" type="password" name="password" size="10" /> <span class="gensmall">{L_LOG_ME_IN}</span> <input type="checkbox" class="radio" name="autologin" /> <input type="submit" class="btnmain" name="login" value="{L_LOGIN}" /></td> + <td class="row1" align="center"><span class="genmed">{L_USERNAME}:</span> <input class="post" type="text" name="username" size="10" /> <span class="genmed">{L_PASSWORD}:</span> <input class="post" type="password" name="password" size="10" /><!-- IF S_AUTOLOGIN_ENABLED --> <span class="gensmall">{L_LOG_ME_IN}</span> <input type="checkbox" class="radio" name="autologin" /><!-- ENDIF --> <input type="submit" class="btnmain" name="login" value="{L_LOGIN}" /></td> </tr> </table> diff --git a/phpBB/viewforum.php b/phpBB/viewforum.php index ea71ea2b1f..9b18995ca4 100644 --- a/phpBB/viewforum.php +++ b/phpBB/viewforum.php @@ -156,6 +156,7 @@ if (!$auth->acl_get('f_read', $forum_id)) 'S_NO_READ_ACCESS' => true, 'S_AUTOLOGIN_ENABLED' => ($config['allow_autologin']) ? true : false, + 'S_ALLOW_HIDE_ONLINE' => ($auth->acl_get('u_hideonline')) ? true : false, 'S_LOGIN_ACTION' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=login') . '&redirect=' . urlencode(str_replace('&', '&', build_url(array('_f_')))), )); |