From fe66d104a6d89ccfc2185ccd078d9b14842e0d32 Mon Sep 17 00:00:00 2001 From: Henry Sudhof Date: Tue, 16 Oct 2007 22:11:32 +0000 Subject: Lesson learned. git-svn-id: file:///svn/phpbb/trunk@8199 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/functions.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'phpBB/includes/functions.php') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index ab27b62656..f55a5b4d39 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2034,7 +2034,8 @@ function check_form_key($form_name, $timespan = false, $return_page = '', $trigg if ($timespan === false) { - $timespan = $config['form_token_lifetime']; + // we enforce a minimum value of half a minute here. + $timespan = max(30, $config['form_token_lifetime']); } if ($minimum_time === false) { -- cgit v1.2.1 From 7b1a8511ce1ae8e240720afe253618fb0866cac2 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Wed, 17 Oct 2007 15:47:18 +0000 Subject: fixing one severe bug showing since 5.2.4 git-svn-id: file:///svn/phpbb/trunk@8201 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/functions.php | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'phpBB/includes/functions.php') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index f55a5b4d39..80a6faceca 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -683,6 +683,12 @@ if (!function_exists('realpath')) // Put the slashes back to the native operating systems slashes $resolved = str_replace('/', DIRECTORY_SEPARATOR, $resolved); + // Check for DIRECTORY_SEPARATOR at the end (and remove it!) + if (substr($resolved, -1) == DIRECTORY_SEPARATOR) + { + return substr($resolved, 0, -1); + } + return $resolved; // We got here, in the end! } } @@ -694,7 +700,15 @@ else */ function phpbb_realpath($path) { - return realpath($path); + $path = realpath($path); + + // Check for DIRECTORY_SEPARATOR at the end (and remove it!) + if (substr($path, -1) == DIRECTORY_SEPARATOR) + { + return substr($path, 0, -1); + } + + return $path; } } -- cgit v1.2.1 From 61fc9605faa29d1bc5b1be8df2a4ab7f36c92264 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Sat, 3 Nov 2007 11:10:07 +0000 Subject: some changes git-svn-id: file:///svn/phpbb/trunk@8223 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/functions.php | 22 ++++++---------------- 1 file changed, 6 insertions(+), 16 deletions(-) (limited to 'phpBB/includes/functions.php') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 80a6faceca..5ef95761e0 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -89,7 +89,8 @@ function request_var($var_name, $default, $multibyte = false, $cookie = false) if ($type == 'array') { reset($default); - list($sub_key_type, $sub_type) = each(current($default)); + $default = current($default); + list($sub_key_type, $sub_type) = each($default); $sub_type = gettype($sub_type); $sub_type = ($sub_type == 'array') ? 'NULL' : $sub_type; $sub_key_type = gettype($sub_key_type); @@ -269,23 +270,12 @@ function phpbb_hash($password) $random = ''; $count = 6; - if (($fh = @fopen('/dev/urandom', 'rb'))) + for ($i = 0; $i < $count; $i += 16) { - $random = fread($fh, $count); - fclose($fh); - } - - if (strlen($random) < $count) - { - $random = ''; - - for ($i = 0; $i < $count; $i += 16) - { - $random_state = md5(unique_id() . $random_state); - $random .= pack('H*', md5($random_state)); - } - $random = substr($random, 0, $count); + $random_state = md5(unique_id() . $random_state); + $random .= pack('H*', md5($random_state)); } + $random = substr($random, 0, $count); $hash = _hash_crypt_private($password, _hash_gensalt_private($random, $itoa64), $itoa64); -- cgit v1.2.1 From e2e56acca918ceb3cfd1a64a8ec91a788ae4a5f9 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Sat, 17 Nov 2007 20:04:49 +0000 Subject: some further fixes - re-introduce grabbing random number from /dev/urandom git-svn-id: file:///svn/phpbb/trunk@8241 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/functions.php | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) (limited to 'phpBB/includes/functions.php') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 5ef95761e0..668fc9d0e0 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -270,13 +270,24 @@ function phpbb_hash($password) $random = ''; $count = 6; - for ($i = 0; $i < $count; $i += 16) + if (($fh = @fopen('/dev/urandom', 'rb'))) { - $random_state = md5(unique_id() . $random_state); - $random .= pack('H*', md5($random_state)); + $random = fread($fh, $count); + fclose($fh); } - $random = substr($random, 0, $count); + if (strlen($random) < $count) + { + $random = ''; + + for ($i = 0; $i < $count; $i += 16) + { + $random_state = md5(unique_id() . $random_state); + $random .= pack('H*', md5($random_state)); + } + $random = substr($random, 0, $count); + } + $hash = _hash_crypt_private($password, _hash_gensalt_private($random, $itoa64), $itoa64); if (strlen($hash) == 34) @@ -2867,6 +2878,12 @@ function msg_handler($errno, $msg_text, $errfile, $errline) global $cache, $db, $auth, $template, $config, $user; global $phpEx, $phpbb_root_path, $msg_title, $msg_long_text; + // Do not display notices if we suppress them via @ + if (error_reporting() == 0) + { + return; + } + // Message handler is stripping text. In case we need it, we are possible to define long text... if (isset($msg_long_text) && $msg_long_text && !$msg_text) { @@ -2879,9 +2896,8 @@ function msg_handler($errno, $msg_text, $errfile, $errline) case E_WARNING: // Check the error reporting level and return if the error level does not match - // Additionally do not display notices if we suppress them via @ // If DEBUG is defined the default level is E_ALL - if (($errno & ((defined('DEBUG') && error_reporting()) ? E_ALL : error_reporting())) == 0) + if (($errno & ((defined('DEBUG')) ? E_ALL : error_reporting())) == 0) { return; } -- cgit v1.2.1 From 271e819d003ee92bba70d3a4532afbba15acf895 Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Sun, 18 Nov 2007 15:37:17 +0000 Subject: - Constant PHPBB_DB_NEW_LINK introduced which can be used to force phpBB to create a new database connection instead of reusing an existing one if the dbms supports it [Bug #14927] - Automatic URL parsing no longer allows dots in the schema but can parse URLs starting after a dot [Bug #15110] - Dynamic width for birthday select boxes [Bug #15149] git-svn-id: file:///svn/phpbb/trunk@8246 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/functions.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'phpBB/includes/functions.php') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 668fc9d0e0..8620134311 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2765,8 +2765,9 @@ function get_preg_expression($mode) case 'url': case 'url_inline': $inline = ($mode == 'url') ? ')' : ''; + $scheme = ($mode == 'url') ? '[a-z\d+\-.]' : '[a-z\d+]'; // avoid automatic parsing of "word" in "last word.http://..." // generated with regex generation file in the develop folder - return "[a-z][a-z\d+\-.]*:/{2}(?:(?:[a-z0-9\-._~!$&'($inline*+,;=:@|]+|%[\dA-F]{2})+|[0-9.]+|\[[a-z0-9.]+:[a-z0-9.]+:[a-z0-9.:]+\])(?::\d*)?(?:/(?:[a-z0-9\-._~!$&'($inline*+,;=:@|]+|%[\dA-F]{2})*)*(?:\?(?:[a-z0-9\-._~!$&'($inline*+,;=:@/?|]+|%[\dA-F]{2})*)?(?:\#(?:[a-z0-9\-._~!$&'($inline*+,;=:@/?|]+|%[\dA-F]{2})*)?"; + return "[a-z]$scheme*:/{2}(?:(?:[a-z0-9\-._~!$&'($inline*+,;=:@|]+|%[\dA-F]{2})+|[0-9.]+|\[[a-z0-9.]+:[a-z0-9.]+:[a-z0-9.:]+\])(?::\d*)?(?:/(?:[a-z0-9\-._~!$&'($inline*+,;=:@|]+|%[\dA-F]{2})*)*(?:\?(?:[a-z0-9\-._~!$&'($inline*+,;=:@/?|]+|%[\dA-F]{2})*)?(?:\#(?:[a-z0-9\-._~!$&'($inline*+,;=:@/?|]+|%[\dA-F]{2})*)?"; break; case 'www_url': -- cgit v1.2.1