From 2f4a618900e2c3b6ea14c68cbeb5897cd2ac1a04 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Thu, 29 May 2008 12:25:56 +0000 Subject: ok... i hope i haven't messed too much with the code and everything is still working. Changes: - Ascraeus now uses constants for the phpbb root path and the php extension. This ensures more security for external applications and modifications (no more overwriting of root path and extension possible through insecure mods and register globals enabled) as well as no more globalizing needed. - A second change implemented here is an additional short-hand-notation for append_sid(). It is allowed to omit the root path and extension now (for example calling append_sid('memberlist')) - in this case the root path and extension get added automatically. The hook is called after these are added. git-svn-id: file:///svn/phpbb/trunk@8572 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/functions_admin.php | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) (limited to 'phpBB/includes/functions_admin.php') diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php index 52e266befb..05312d826f 100644 --- a/phpBB/includes/functions_admin.php +++ b/phpBB/includes/functions_admin.php @@ -630,7 +630,7 @@ function delete_topics($where_type, $where_ids, $auto_sync = true, $post_count_s */ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync = true, $post_count_sync = true, $call_delete_topics = true) { - global $db, $config, $phpbb_root_path, $phpEx; + global $db, $config; if ($where_type === 'range') { @@ -739,12 +739,12 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync = // Remove the message from the search index $search_type = basename($config['search_type']); - if (!file_exists($phpbb_root_path . 'includes/search/' . $search_type . '.' . $phpEx)) + if (!file_exists(PHPBB_ROOT_PATH . 'includes/search/' . $search_type . '.' . PHP_EXT)) { trigger_error('NO_SUCH_SEARCH_MODULE'); } - include_once("{$phpbb_root_path}includes/search/$search_type.$phpEx"); + include_once(PHPBB_ROOT_PATH . "includes/search/$search_type." . PHP_EXT); $error = false; $search = new $search_type($error); @@ -1101,7 +1101,7 @@ function update_posted_info(&$topic_ids) */ function phpbb_unlink($filename, $mode = 'file', $entry_removed = false) { - global $db, $phpbb_root_path, $config; + global $db, $config; // Because of copying topics or modifications a physical filename could be assigned more than once. If so, do not remove the file itself. $sql = 'SELECT COUNT(attach_id) AS num_entries @@ -1118,7 +1118,7 @@ function phpbb_unlink($filename, $mode = 'file', $entry_removed = false) } $filename = ($mode == 'thumbnail') ? 'thumb_' . basename($filename) : basename($filename); - return @unlink($phpbb_root_path . $config['upload_path'] . '/' . $filename); + return @unlink(PHPBB_ROOT_PATH . $config['upload_path'] . '/' . $filename); } /** @@ -2154,7 +2154,7 @@ function remove_comments(&$output) */ function cache_moderators() { - global $db, $cache, $auth, $phpbb_root_path, $phpEx; + global $db, $cache, $auth; // Remove cached sql results $cache->destroy('sql', MODERATOR_CACHE_TABLE); @@ -2323,11 +2323,11 @@ function cache_moderators() */ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id = 0, $topic_id = 0, $user_id = 0, $limit_days = 0, $sort_by = 'l.log_time DESC') { - global $db, $user, $auth, $phpEx, $phpbb_root_path, $phpbb_admin_path; + global $db, $user, $auth; $topic_id_list = $reportee_id_list = $is_auth = $is_mod = array(); - $profile_url = (defined('IN_ADMIN')) ? append_sid("{$phpbb_admin_path}index.$phpEx", 'i=users&mode=overview') : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile'); + $profile_url = (defined('IN_ADMIN')) ? append_sid(PHPBB_ADMIN_PATH . 'index.' . PHP_EXT, 'i=users&mode=overview') : append_sid('memberlist', 'mode=viewprofile'); switch ($mode) { @@ -2411,7 +2411,7 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id 'forum_id' => $row['forum_id'], 'topic_id' => $row['topic_id'], - 'viewforum' => ($row['forum_id'] && $auth->acl_get('f_read', $row['forum_id'])) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']) : false, + 'viewforum' => ($row['forum_id'] && $auth->acl_get('f_read', $row['forum_id'])) ? append_sid('viewforum', 'f=' . $row['forum_id']) : false, 'action' => (isset($user->lang[$row['log_operation']])) ? $user->lang[$row['log_operation']] : '{' . ucfirst(str_replace('_', ' ', $row['log_operation'])) . '}', ); @@ -2498,8 +2498,8 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id foreach ($log as $key => $row) { - $log[$key]['viewtopic'] = (isset($is_auth[$row['topic_id']])) ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $is_auth[$row['topic_id']] . '&t=' . $row['topic_id']) : false; - $log[$key]['viewlogs'] = (isset($is_mod[$row['topic_id']])) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=logs&mode=topic_logs&t=' . $row['topic_id'], true, $user->session_id) : false; + $log[$key]['viewtopic'] = (isset($is_auth[$row['topic_id']])) ? append_sid('viewtopic', 'f=' . $is_auth[$row['topic_id']] . '&t=' . $row['topic_id']) : false; + $log[$key]['viewlogs'] = (isset($is_mod[$row['topic_id']])) ? append_sid('mcp', 'i=logs&mode=topic_logs&t=' . $row['topic_id'], true, $user->session_id) : false; } } @@ -3005,7 +3005,7 @@ function tidy_database() */ function add_permission_language() { - global $user, $phpEx; + global $user; // First of all, our own file. We need to include it as the first file because it presets all relevant variables. $user->add_lang('acp/permissions_phpbb'); @@ -3021,9 +3021,9 @@ function add_permission_language() { while (($file = readdir($dh)) !== false) { - if ($file !== 'permissions_phpbb.' . $phpEx && strpos($file, 'permissions_') === 0 && substr($file, -(strlen($phpEx) + 1)) === '.' . $phpEx) + if ($file !== 'permissions_phpbb.' . PHP_EXT && strpos($file, 'permissions_') === 0 && substr($file, -(strlen(PHP_EXT) + 1)) === '.' . PHP_EXT) { - $files_to_add[] = $path . substr($file, 0, -(strlen($phpEx) + 1)); + $files_to_add[] = $path . substr($file, 0, -(strlen(PHP_EXT) + 1)); } } closedir($dh); -- cgit v1.2.1