From b93636d42d63bd396a31ff7cf699f8add006d765 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Fri, 12 Jul 2013 20:56:55 +0200 Subject: [develop-olympus] Increment version number to 3.0.13-dev. --- phpBB/includes/constants.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index 0a853adb9b..8d09fe4d9b 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -25,7 +25,7 @@ if (!defined('IN_PHPBB')) */ // phpBB Version -define('PHPBB_VERSION', '3.0.12-RC1'); +define('PHPBB_VERSION', '3.0.13-dev'); // QA-related // define('PHPBB_QA', 1); -- cgit v1.2.1 From 866e475f9644dd3575ed62bfb0e7dde0338fd5cc Mon Sep 17 00:00:00 2001 From: Oliver Schramm Date: Thu, 25 Jul 2013 15:47:55 +0200 Subject: [ticket/10037] Apply attached patch with a few changes PHPBB3-10037 --- phpBB/includes/ucp/ucp_profile.php | 3 +++ 1 file changed, 3 insertions(+) (limited to 'phpBB/includes') diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php index d35d13b6c1..847311058b 100644 --- a/phpBB/includes/ucp/ucp_profile.php +++ b/phpBB/includes/ucp/ucp_profile.php @@ -548,6 +548,9 @@ class ucp_profile // Build custom bbcodes array display_custom_bbcodes(); + // Generate smiley listing + generate_smilies('inline', 0); + break; case 'avatar': -- cgit v1.2.1 From 8a02db317ef3c2d3c4e3dcfc5f8b85397f7ebb4a Mon Sep 17 00:00:00 2001 From: s9e Date: Sat, 3 Aug 2013 12:20:52 +0200 Subject: [ticket/11762] Use the === operator to distinguish "0" from "" PHPBB3-11762 --- phpBB/includes/functions_content.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions_content.php b/phpBB/includes/functions_content.php index b7650ecd6a..6213d2fd24 100644 --- a/phpBB/includes/functions_content.php +++ b/phpBB/includes/functions_content.php @@ -413,7 +413,7 @@ function generate_text_for_display($text, $uid, $bitfield, $flags) { static $bbcode; - if (!$text) + if ($text === '') { return ''; } @@ -459,7 +459,7 @@ function generate_text_for_storage(&$text, &$uid, &$bitfield, &$flags, $allow_bb $uid = $bitfield = ''; $flags = (($allow_bbcode) ? OPTION_FLAG_BBCODE : 0) + (($allow_smilies) ? OPTION_FLAG_SMILIES : 0) + (($allow_urls) ? OPTION_FLAG_LINKS : 0); - if (!$text) + if ($text === '') { return; } -- cgit v1.2.1 From 5f81d66c2f666c1825950228e87e7ac6c6b4ca2c Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Fri, 23 Aug 2013 03:55:26 +0200 Subject: [ticket/11799] Send anti abuse headers in "new password" emails. PHPBB3-11799 --- phpBB/includes/ucp/ucp_remind.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'phpBB/includes') diff --git a/phpBB/includes/ucp/ucp_remind.php b/phpBB/includes/ucp/ucp_remind.php index cb89ad99be..bcb21cbedc 100644 --- a/phpBB/includes/ucp/ucp_remind.php +++ b/phpBB/includes/ucp/ucp_remind.php @@ -98,6 +98,8 @@ class ucp_remind $messenger->to($user_row['user_email'], $user_row['username']); $messenger->im($user_row['user_jabber'], $user_row['username']); + $messenger->anti_abuse_headers($config, $user); + $messenger->assign_vars(array( 'USERNAME' => htmlspecialchars_decode($user_row['username']), 'PASSWORD' => htmlspecialchars_decode($user_password), -- cgit v1.2.1 From 77845e366e8a5578ad740186cf71d75be32694bc Mon Sep 17 00:00:00 2001 From: rechosen Date: Wed, 4 Sep 2013 13:37:39 +0200 Subject: [ticket/11829] Use report_closed to determine status in MCP report_details Instead of using post_reported of the post or message_reported of the pm, use report_closed of the report itself to reliably determine whether this particular report is closed or not in the report_details view of the MCP. This fixes a bug where the report_details view would not show that the report shown was closed and display a "Close report" button that had no effect. PHPBB3-11829 --- phpBB/includes/mcp/mcp_pm_reports.php | 1 + phpBB/includes/mcp/mcp_reports.php | 1 + 2 files changed, 2 insertions(+) (limited to 'phpBB/includes') diff --git a/phpBB/includes/mcp/mcp_pm_reports.php b/phpBB/includes/mcp/mcp_pm_reports.php index 77bc7680e6..0a33c80a90 100644 --- a/phpBB/includes/mcp/mcp_pm_reports.php +++ b/phpBB/includes/mcp/mcp_pm_reports.php @@ -166,6 +166,7 @@ class mcp_pm_reports 'S_CLOSE_ACTION' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=pm_reports&mode=pm_report_details&r=' . $report_id), 'S_CAN_VIEWIP' => $auth->acl_getf_global('m_info'), 'S_POST_REPORTED' => $pm_info['message_reported'], + 'S_REPORT_CLOSED' => $report['report_closed'], 'S_USER_NOTES' => true, 'U_MCP_REPORT' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=pm_reports&mode=pm_report_details&r=' . $report_id), diff --git a/phpBB/includes/mcp/mcp_reports.php b/phpBB/includes/mcp/mcp_reports.php index def5422be2..b13c8b20c6 100644 --- a/phpBB/includes/mcp/mcp_reports.php +++ b/phpBB/includes/mcp/mcp_reports.php @@ -192,6 +192,7 @@ class mcp_reports 'S_POST_REPORTED' => $post_info['post_reported'], 'S_POST_UNAPPROVED' => !$post_info['post_approved'], 'S_POST_LOCKED' => $post_info['post_edit_locked'], + 'S_REPORT_CLOSED' => $report['report_closed'], 'S_USER_NOTES' => true, 'U_EDIT' => ($auth->acl_get('m_edit', $post_info['forum_id'])) ? append_sid("{$phpbb_root_path}posting.$phpEx", "mode=edit&f={$post_info['forum_id']}&p={$post_info['post_id']}") : '', -- cgit v1.2.1 From c654e9d24751f803e779ed3ce62b45734ca6b091 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Wed, 25 Sep 2013 13:35:08 +0200 Subject: [ticket/11864] Do not call exit after display_progress_bar in acp_forums The progress bar is called with the method display_progress_bar() in the acp_forums files. This method then call adm_page_footer() which also calls exit_handler(). Therefore, the exit; in acp_forums after $this->display_progress_bar() is obsolete and shouldn't exist in the first place. PHPBB3-11864 --- phpBB/includes/acp/acp_forums.php | 1 - 1 file changed, 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_forums.php b/phpBB/includes/acp/acp_forums.php index 50e12a0f15..dc2e6b75fb 100644 --- a/phpBB/includes/acp/acp_forums.php +++ b/phpBB/includes/acp/acp_forums.php @@ -56,7 +56,6 @@ class acp_forums $total = request_var('total', 0); $this->display_progress_bar($start, $total); - exit; break; case 'delete': -- cgit v1.2.1 From 2b959e3331f9bb585c115911e027844afe54d1e6 Mon Sep 17 00:00:00 2001 From: Dhruv Date: Sat, 5 Oct 2013 21:09:52 +0530 Subject: [ticket/11288] Handle +,- without preceeding whitespace characters PHPBB3-11288 --- phpBB/includes/search/fulltext_native.php | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'phpBB/includes') diff --git a/phpBB/includes/search/fulltext_native.php b/phpBB/includes/search/fulltext_native.php index dc961f3c8a..7fff83db58 100644 --- a/phpBB/includes/search/fulltext_native.php +++ b/phpBB/includes/search/fulltext_native.php @@ -233,6 +233,12 @@ class fulltext_native extends search_backend } unset($exact_words); + // Handle +, - without preceeding whitespace character + $match = array('#(\S)\+#', '#(\S)-#'); + $replace = array('$1 +', '$1 +'); + + $keywords = preg_replace($match, $replace, $keywords); + // now analyse the search query, first split it using the spaces $query = explode(' ', $keywords); -- cgit v1.2.1 From eef1b586d5b89acda9e18b2d7b2c051e10d18ef8 Mon Sep 17 00:00:00 2001 From: Cesar G Date: Mon, 2 Dec 2013 00:53:42 -0800 Subject: [ticket/12048] Fix the regexp for language keys in custom bbcodes. PHPBB3-12048 --- phpBB/includes/bbcode.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/bbcode.php b/phpBB/includes/bbcode.php index 9356e3e9b4..f587e111f3 100644 --- a/phpBB/includes/bbcode.php +++ b/phpBB/includes/bbcode.php @@ -376,7 +376,7 @@ class bbcode } // Replace {L_*} lang strings - $bbcode_tpl = preg_replace('/{L_([A-Z_]+)}/e', "(!empty(\$user->lang['\$1'])) ? \$user->lang['\$1'] : ucwords(strtolower(str_replace('_', ' ', '\$1')))", $bbcode_tpl); + $bbcode_tpl = preg_replace('/{L_([A-Z0-9_]+)}/e', "(!empty(\$user->lang['\$1'])) ? \$user->lang['\$1'] : ucwords(strtolower(str_replace('_', ' ', '\$1')))", $bbcode_tpl); if (!empty($rowset[$bbcode_id]['second_pass_replace'])) { @@ -480,7 +480,7 @@ class bbcode 'email' => array('{EMAIL}' => '$1', '{DESCRIPTION}' => '$2') ); - $tpl = preg_replace('/{L_([A-Z_]+)}/e', "(!empty(\$user->lang['\$1'])) ? \$user->lang['\$1'] : ucwords(strtolower(str_replace('_', ' ', '\$1')))", $tpl); + $tpl = preg_replace('/{L_([A-Z0-9_]+)}/e', "(!empty(\$user->lang['\$1'])) ? \$user->lang['\$1'] : ucwords(strtolower(str_replace('_', ' ', '\$1')))", $tpl); if (!empty($replacements[$tpl_name])) { -- cgit v1.2.1 From 8960e6d77741b12025229b8e5ad7972fd571722e Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Sat, 15 Feb 2014 01:19:28 +0100 Subject: [ticket/12176] Display correct message when trying to delete founder. PHPBB3-12176 --- phpBB/includes/acp/acp_users.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index 70e08f79f2..61d08a49cf 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -172,8 +172,7 @@ class acp_users if ($submit) { - // You can't delete the founder - if ($delete && $user_row['user_type'] != USER_FOUNDER) + if ($delete) { if (!$auth->acl_get('a_userdel')) { @@ -186,6 +185,12 @@ class acp_users trigger_error($user->lang['CANNOT_REMOVE_ANONYMOUS'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } + // Founders can not be deleted. + if ($user_row['user_type'] == USER_FOUNDER) + { + trigger_error($user->lang['CANNOT_REMOVE_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); + } + if ($user_id == $user->data['user_id']) { trigger_error($user->lang['CANNOT_REMOVE_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); -- cgit v1.2.1 From 602f4a2b54105cde6dbdda29862ccf2bfa32ca26 Mon Sep 17 00:00:00 2001 From: Nathaniel Guse Date: Mon, 17 Feb 2014 23:46:39 -0600 Subject: [ticket/12210] dbtools::sql_create_table incorrectly throws error related to auto-increment length on non auto-increment fields PHPBB3-12210 --- phpBB/includes/db/db_tools.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/db/db_tools.php b/phpBB/includes/db/db_tools.php index f63ff18cbe..e394b1ffa0 100644 --- a/phpBB/includes/db/db_tools.php +++ b/phpBB/includes/db/db_tools.php @@ -477,7 +477,7 @@ class phpbb_db_tools // here lies an array, filled with information compiled on the column's data $prepared_column = $this->sql_prepare_column_data($table_name, $column_name, $column_data); - if (isset($prepared_column['auto_increment']) && strlen($column_name) > 26) // "${column_name}_gen" + if (isset($prepared_column['auto_increment']) && $prepared_column['auto_increment'] && strlen($column_name) > 26) // "${column_name}_gen" { trigger_error("Index name '${column_name}_gen' on table '$table_name' is too long. The maximum auto increment column length is 26 characters.", E_USER_ERROR); } -- cgit v1.2.1 From ffbc7ccb64f28c0932f4ec09a94379e968224945 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Tue, 25 Feb 2014 18:24:45 +0100 Subject: [ticket/12205] Do not display 0 for empty integers when show_novalue is off PHPBB3-12205 --- phpBB/includes/functions_profile_fields.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions_profile_fields.php b/phpBB/includes/functions_profile_fields.php index 8573533c2c..a2c0656ca4 100644 --- a/phpBB/includes/functions_profile_fields.php +++ b/phpBB/includes/functions_profile_fields.php @@ -532,7 +532,7 @@ class custom_profile switch ($this->profile_types[$field_type]) { case 'int': - if ($value === '' && !$ident_ary['data']['field_show_novalue']) + if (($value === '' || $value === null) && !$ident_ary['data']['field_show_novalue']) { return NULL; } -- cgit v1.2.1 From b6eec5c142da665248a914ef2d47aad3f2367f4b Mon Sep 17 00:00:00 2001 From: Dhruv Date: Mon, 4 Nov 2013 15:34:52 +0530 Subject: [ticket/10945] Display search query when search fails in native search If search fails and common words are present, split_keywords returns false and search.php file prints appropriate message of common words. If search fails and there are no common words, split_keywords returns true and keyword_search returns false so that the search query is displayed in search box. PHPBB3-10945 --- phpBB/includes/search/fulltext_native.php | 29 +++++++++++------------------ 1 file changed, 11 insertions(+), 18 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/search/fulltext_native.php b/phpBB/includes/search/fulltext_native.php index dc961f3c8a..5e116efebc 100644 --- a/phpBB/includes/search/fulltext_native.php +++ b/phpBB/includes/search/fulltext_native.php @@ -357,22 +357,6 @@ class fulltext_native extends search_backend $this->{$mode . '_ids'}[] = $words[$word]; } } - // throw an error if we shall not ignore unexistant words - else if (!$ignore_no_id) - { - if (!isset($common_ids[$word])) - { - $len = utf8_strlen($word); - if ($len >= $this->word_length['min'] && $len <= $this->word_length['max']) - { - trigger_error(sprintf($user->lang['WORD_IN_NO_POST'], $word)); - } - else - { - $this->common_words[] = $word; - } - } - } else { $len = utf8_strlen($word); @@ -383,8 +367,11 @@ class fulltext_native extends search_backend } } - // we can't search for negatives only - if (!sizeof($this->must_contain_ids)) + // If common words are present and no other search results then return false + // search.php will print out appropriate error message. + // If both common words and search results are empty return true and keyword_search() + // later will return false for that condition + if (empty($this->must_contain_ids) && sizeof($this->common_words)) { return false; } @@ -428,6 +415,12 @@ class fulltext_native extends search_backend return false; } + // we can't search for negatives only + if (empty($this->must_contain_ids)) + { + return false; + } + $must_contain_ids = $this->must_contain_ids; $must_not_contain_ids = $this->must_not_contain_ids; $must_exclude_one_ids = $this->must_exclude_one_ids; -- cgit v1.2.1 From c51dcbe6a0cd6e15456ac80b2bdfe13d94f27f07 Mon Sep 17 00:00:00 2001 From: Dhruv Date: Thu, 19 Dec 2013 04:22:23 +0530 Subject: [ticket/10945] Fix return values for split_keywords function The function now returns false if all the words are common words and true otherwise. PHPBB3-10945 --- phpBB/includes/search/fulltext_native.php | 22 ++++++++-------------- 1 file changed, 8 insertions(+), 14 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/search/fulltext_native.php b/phpBB/includes/search/fulltext_native.php index 5e116efebc..2ee119ccfe 100644 --- a/phpBB/includes/search/fulltext_native.php +++ b/phpBB/includes/search/fulltext_native.php @@ -231,7 +231,6 @@ class fulltext_native extends search_backend } $db->sql_freeresult($result); } - unset($exact_words); // now analyse the search query, first split it using the spaces $query = explode(' ', $keywords); @@ -359,24 +358,19 @@ class fulltext_native extends search_backend } else { - $len = utf8_strlen($word); - if ($len < $this->word_length['min'] || $len > $this->word_length['max']) + if (!isset($common_ids[$word])) { - $this->common_words[] = $word; + $len = utf8_strlen($word); + if ($len < $this->word_length['min'] || $len > $this->word_length['max']) + { + $this->common_words[] = $word; + } } } } - // If common words are present and no other search results then return false - // search.php will print out appropriate error message. - // If both common words and search results are empty return true and keyword_search() - // later will return false for that condition - if (empty($this->must_contain_ids) && sizeof($this->common_words)) - { - return false; - } - - if (!empty($this->search_query)) + // Return true if all words are not common words + if (sizeof($exact_words) - sizeof($this->common_words) > 0) { return true; } -- cgit v1.2.1 From f2d3879da419624a817b247efac73bad27887498 Mon Sep 17 00:00:00 2001 From: Nathan Guse Date: Sun, 9 Mar 2014 11:26:06 -0500 Subject: [ticket/12202] Apply htmlspecialchars to style.cfg data PHPBB3-12202 --- phpBB/includes/functions.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index eef4ade4e7..81a7dc5cbd 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -3367,8 +3367,8 @@ function parse_cfg_file($filename, $lines = false) } // Determine first occurrence, since in values the equal sign is allowed - $key = strtolower(trim(substr($line, 0, $delim_pos))); - $value = trim(substr($line, $delim_pos + 1)); + $key = htmlspecialchars(strtolower(trim(substr($line, 0, $delim_pos)))); + $value = htmlspecialchars(trim(substr($line, $delim_pos + 1))); if (in_array($value, array('off', 'false', '0'))) { @@ -3384,7 +3384,7 @@ function parse_cfg_file($filename, $lines = false) } else if (($value[0] == "'" && $value[sizeof($value) - 1] == "'") || ($value[0] == '"' && $value[sizeof($value) - 1] == '"')) { - $value = substr($value, 1, sizeof($value)-2); + $value = htmlspecialchars(substr($value, 1, sizeof($value)-2)); } $parsed_items[$key] = $value; -- cgit v1.2.1 From f3d8dfd1e32fd0c58b601d8a7131fa959bff7b53 Mon Sep 17 00:00:00 2001 From: Nathaniel Guse Date: Sun, 9 Mar 2014 17:17:33 -0500 Subject: [ticket/12202] Can't call htmlspecialchars before checking for quotes PHPBB3-12202 --- phpBB/includes/functions.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 81a7dc5cbd..f0657b9016 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -3368,7 +3368,7 @@ function parse_cfg_file($filename, $lines = false) // Determine first occurrence, since in values the equal sign is allowed $key = htmlspecialchars(strtolower(trim(substr($line, 0, $delim_pos)))); - $value = htmlspecialchars(trim(substr($line, $delim_pos + 1))); + $value = trim(substr($line, $delim_pos + 1)); if (in_array($value, array('off', 'false', '0'))) { @@ -3386,6 +3386,10 @@ function parse_cfg_file($filename, $lines = false) { $value = htmlspecialchars(substr($value, 1, sizeof($value)-2)); } + else + { + $value = htmlspecialchars($value); + } $parsed_items[$key] = $value; } -- cgit v1.2.1 From ec4c9833ca7ada13262183d5ea25c48bebc8773b Mon Sep 17 00:00:00 2001 From: Crizzo Date: Sun, 9 Mar 2014 18:58:48 +0100 Subject: [ticket/10549] Adds language variables PHPBB3-10549 --- phpBB/includes/functions_module.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions_module.php b/phpBB/includes/functions_module.php index d0e7c8cfc8..bb6913a572 100644 --- a/phpBB/includes/functions_module.php +++ b/phpBB/includes/functions_module.php @@ -436,21 +436,21 @@ class p_master if ($this->active_module === false) { - trigger_error('Module not accessible', E_USER_ERROR); + trigger_error('MODULE_NOT_ACCESS', E_USER_ERROR); } if (!class_exists("{$this->p_class}_$this->p_name")) { if (!file_exists("$module_path/{$this->p_class}_$this->p_name.$phpEx")) { - trigger_error("Cannot find module $module_path/{$this->p_class}_$this->p_name.$phpEx", E_USER_ERROR); + trigger_error($user->lang('MODULE_NOT_FIND', "$module_path/{$this->p_class}_$this->p_name.$phpEx"), E_USER_ERROR); } include("$module_path/{$this->p_class}_$this->p_name.$phpEx"); if (!class_exists("{$this->p_class}_$this->p_name")) { - trigger_error("Module file $module_path/{$this->p_class}_$this->p_name.$phpEx does not contain correct class [{$this->p_class}_$this->p_name]", E_USER_ERROR); + trigger_error($user->lang('MODULE_FILE_RIGHT_CLASS', "$module_path/{$this->p_class}_$this->p_name.$phpEx", "{$this->p_class}_$this->p_name"), E_USER_ERROR); } if (!empty($mode)) -- cgit v1.2.1 From d95d062a4276504e1855d44aaddba2ff9bb974d6 Mon Sep 17 00:00:00 2001 From: Crizzo Date: Tue, 11 Mar 2014 18:45:46 +0100 Subject: [ticket/10549] using correct variable in includes/functions_module.php too PHPBB3-10549 --- phpBB/includes/functions_module.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions_module.php b/phpBB/includes/functions_module.php index bb6913a572..0cc2425b28 100644 --- a/phpBB/includes/functions_module.php +++ b/phpBB/includes/functions_module.php @@ -450,7 +450,7 @@ class p_master if (!class_exists("{$this->p_class}_$this->p_name")) { - trigger_error($user->lang('MODULE_FILE_RIGHT_CLASS', "$module_path/{$this->p_class}_$this->p_name.$phpEx", "{$this->p_class}_$this->p_name"), E_USER_ERROR); + trigger_error($user->lang('MODULE_FILE_INCORRECT_CLASS', "$module_path/{$this->p_class}_$this->p_name.$phpEx", "{$this->p_class}_$this->p_name"), E_USER_ERROR); } if (!empty($mode)) -- cgit v1.2.1 From b322cb4c11d2771e430f7288825578d25f7d463f Mon Sep 17 00:00:00 2001 From: Marcos Bjorkelund Date: Thu, 13 Mar 2014 23:54:06 +0100 Subject: [ticket/12247] Add ['username'] to mcp_queue.php's user_notification() It includes the poster's username in the email notifications of posts that get approved by moderators. This is done by adding the username to every user_notification() function located in /phpBB/includes/mcp/mcp_queue.php. PHPBB3-12247 --- phpBB/includes/mcp/mcp_queue.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/mcp/mcp_queue.php b/phpBB/includes/mcp/mcp_queue.php index 764461fa53..ad6282f637 100644 --- a/phpBB/includes/mcp/mcp_queue.php +++ b/phpBB/includes/mcp/mcp_queue.php @@ -663,12 +663,12 @@ function approve_post($post_id_list, $id, $mode) if ($post_id == $post_data['topic_first_post_id'] && $post_id == $post_data['topic_last_post_id']) { // Forum Notifications - user_notification('post', $post_data['topic_title'], $post_data['topic_title'], $post_data['forum_name'], $post_data['forum_id'], $post_data['topic_id'], $post_id); + user_notification('post', $post_data['topic_title'], $post_data['topic_title'], $post_data['forum_name'], $post_data['forum_id'], $post_data['topic_id'], $post_id, $post_data['username']); } else { // Topic Notifications - user_notification('reply', $post_data['post_subject'], $post_data['topic_title'], $post_data['forum_name'], $post_data['forum_id'], $post_data['topic_id'], $post_id); + user_notification('reply', $post_data['post_subject'], $post_data['topic_title'], $post_data['forum_name'], $post_data['forum_id'], $post_data['topic_id'], $post_id, $post_data['username']); } } -- cgit v1.2.1 From 4333401a279ec3eeee67276f3ea4562674e6a57d Mon Sep 17 00:00:00 2001 From: Marcos Bjorkelund Date: Fri, 14 Mar 2014 00:28:24 +0100 Subject: [ticket/12247] Makes static usernames work Relative to the last ticket, this allows static usernames to work correctly (those inserted in the post-column post_username) when sending the e-mail, instead of showing just "Anonymous". PHPBB3-12247 --- phpBB/includes/mcp/mcp_queue.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/mcp/mcp_queue.php b/phpBB/includes/mcp/mcp_queue.php index ad6282f637..acf344fd3c 100644 --- a/phpBB/includes/mcp/mcp_queue.php +++ b/phpBB/includes/mcp/mcp_queue.php @@ -660,15 +660,17 @@ function approve_post($post_id_list, $id, $mode) foreach ($post_info as $post_id => $post_data) { + $username = ($post_data['post_username']) ? $post_data['post_username'] : $post_data['username']; + if ($post_id == $post_data['topic_first_post_id'] && $post_id == $post_data['topic_last_post_id']) { // Forum Notifications - user_notification('post', $post_data['topic_title'], $post_data['topic_title'], $post_data['forum_name'], $post_data['forum_id'], $post_data['topic_id'], $post_id, $post_data['username']); + user_notification('post', $post_data['topic_title'], $post_data['topic_title'], $post_data['forum_name'], $post_data['forum_id'], $post_data['topic_id'], $post_id, $username); } else { // Topic Notifications - user_notification('reply', $post_data['post_subject'], $post_data['topic_title'], $post_data['forum_name'], $post_data['forum_id'], $post_data['topic_id'], $post_id, $post_data['username']); + user_notification('reply', $post_data['post_subject'], $post_data['topic_title'], $post_data['forum_name'], $post_data['forum_id'], $post_data['topic_id'], $post_id, $username); } } -- cgit v1.2.1 From 418034af0eb305a52fac990ce83e27f09524cfce Mon Sep 17 00:00:00 2001 From: geetakshi Date: Mon, 17 Mar 2014 00:52:11 +0530 Subject: [ticket/12035] Adding link to user posts to ACP page Adding link of posts behind displayed number of posts of the user PHPBB3-12035 --- phpBB/includes/acp/acp_users.php | 1 + 1 file changed, 1 insertion(+) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index 61d08a49cf..97bf850f6e 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -1037,6 +1037,7 @@ class acp_users 'U_SHOW_IP' => $this->u_action . "&u=$user_id&ip=" . (($ip == 'ip') ? 'hostname' : 'ip'), 'U_WHOIS' => $this->u_action . "&action=whois&user_ip={$user_row['user_ip']}", 'U_MCP_QUEUE' => ($auth->acl_getf_global('m_approve')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue', true, $user->session_id) : '', + 'U_SEARCH_USER' => ($auth->acl_get('u_search')) ? append_sid("{$phpbb_root_path}search.$phpEx", "author_id={$user_row['user_id']}&sr=posts") : '', 'U_SWITCH_PERMISSIONS' => ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_row['user_id']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", "mode=switch_perm&u={$user_row['user_id']}&hash=" . generate_link_hash('switchperm')) : '', -- cgit v1.2.1 From 5316c32b10114f853863eaa85a7afb9add903b23 Mon Sep 17 00:00:00 2001 From: geetakshi Date: Thu, 20 Mar 2014 03:36:53 +0530 Subject: [ticket/12035] Adding necessary conditions PHPBB3-12035 --- phpBB/includes/acp/acp_users.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index 97bf850f6e..4747b04324 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -1037,7 +1037,7 @@ class acp_users 'U_SHOW_IP' => $this->u_action . "&u=$user_id&ip=" . (($ip == 'ip') ? 'hostname' : 'ip'), 'U_WHOIS' => $this->u_action . "&action=whois&user_ip={$user_row['user_ip']}", 'U_MCP_QUEUE' => ($auth->acl_getf_global('m_approve')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue', true, $user->session_id) : '', - 'U_SEARCH_USER' => ($auth->acl_get('u_search')) ? append_sid("{$phpbb_root_path}search.$phpEx", "author_id={$user_row['user_id']}&sr=posts") : '', + 'U_SEARCH_USER' => ($auth->acl_get('u_search') && $config['load_search']) ? append_sid("{$phpbb_root_path}search.$phpEx", "author_id={$user_row['user_id']}&sr=posts") : '', 'U_SWITCH_PERMISSIONS' => ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_row['user_id']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", "mode=switch_perm&u={$user_row['user_id']}&hash=" . generate_link_hash('switchperm')) : '', -- cgit v1.2.1 From 663eb74cf3bb789c0916be2d3bc2c00eb5f4f8b5 Mon Sep 17 00:00:00 2001 From: geetakshi Date: Thu, 20 Mar 2014 14:17:03 +0530 Subject: [ticket/12035] Correcting the condition PHPBB3-12035 --- phpBB/includes/acp/acp_users.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index 4747b04324..8aaefb02c5 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -1037,7 +1037,7 @@ class acp_users 'U_SHOW_IP' => $this->u_action . "&u=$user_id&ip=" . (($ip == 'ip') ? 'hostname' : 'ip'), 'U_WHOIS' => $this->u_action . "&action=whois&user_ip={$user_row['user_ip']}", 'U_MCP_QUEUE' => ($auth->acl_getf_global('m_approve')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue', true, $user->session_id) : '', - 'U_SEARCH_USER' => ($auth->acl_get('u_search') && $config['load_search']) ? append_sid("{$phpbb_root_path}search.$phpEx", "author_id={$user_row['user_id']}&sr=posts") : '', + 'U_SEARCH_USER' => ($config['load_search'] && $auth->acl_get('u_search')) ? append_sid("{$phpbb_root_path}search.$phpEx", "author_id={$user_row['user_id']}&sr=posts") : '', 'U_SWITCH_PERMISSIONS' => ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_row['user_id']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", "mode=switch_perm&u={$user_row['user_id']}&hash=" . generate_link_hash('switchperm')) : '', -- cgit v1.2.1 From 80a844d38ce17378bb12b2e84cc7db99932913f5 Mon Sep 17 00:00:00 2001 From: Patrick Webster Date: Sat, 1 Mar 2014 22:14:18 -0600 Subject: [ticket/9725] Fetch Azure db stats from proper table PHPBB3-9725 --- phpBB/includes/functions_admin.php | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php index 2f73858ea2..3e69a997a2 100644 --- a/phpBB/includes/functions_admin.php +++ b/phpBB/includes/functions_admin.php @@ -3057,8 +3057,24 @@ function get_database_size() case 'mssql': case 'mssql_odbc': case 'mssqlnative': + $sql = 'SELECT @@VERSION AS mssql_version'; + $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + $sql = 'SELECT ((SUM(size) * 8.0) * 1024.0) as dbsize FROM sysfiles'; + + if ($row) + { + // Azure stats are stored elsewhere + if (strpos($row['mssql_version'], 'SQL Azure') !== false) + { + $sql = 'SELECT ((SUM(reserved_page_count) * 8.0) * 1024.0) as dbsize + FROM sys.dm_db_partition_stats'; + } + } + $result = $db->sql_query($sql, 7200); $database_size = ($row = $db->sql_fetchrow($result)) ? $row['dbsize'] : false; $db->sql_freeresult($result); -- cgit v1.2.1 From 68ae8dfa97f81cd7febff92b38a5f6296d50c43f Mon Sep 17 00:00:00 2001 From: Patrick Webster Date: Sat, 1 Mar 2014 22:29:08 -0600 Subject: [ticket/9725] Remove explicit filegroup designations PHPBB3-9725 --- phpBB/includes/db/db_tools.php | 21 ++++----------------- 1 file changed, 4 insertions(+), 17 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/db/db_tools.php b/phpBB/includes/db/db_tools.php index e394b1ffa0..0518b7eb29 100644 --- a/phpBB/includes/db/db_tools.php +++ b/phpBB/includes/db/db_tools.php @@ -452,9 +452,6 @@ class phpbb_db_tools // Determine if we have created a PRIMARY KEY in the earliest $primary_key_gen = false; - // Determine if the table must be created with TEXTIMAGE - $create_textimage = false; - // Determine if the table requires a sequence $create_sequence = false; @@ -501,12 +498,6 @@ class phpbb_db_tools $primary_key_gen = isset($prepared_column['primary_key_set']) && $prepared_column['primary_key_set']; } - // create textimage DDL based off of the existance of certain column types - if (!$create_textimage) - { - $create_textimage = isset($prepared_column['textimage']) && $prepared_column['textimage']; - } - // create sequence DDL based off of the existance of auto incrementing columns if (!$create_sequence && isset($prepared_column['auto_increment']) && $prepared_column['auto_increment']) { @@ -521,13 +512,9 @@ class phpbb_db_tools switch ($this->sql_layer) { case 'firebird': - $table_sql .= "\n);"; - $statements[] = $table_sql; - break; - case 'mssql': case 'mssqlnative': - $table_sql .= "\n) ON [PRIMARY]" . (($create_textimage) ? ' TEXTIMAGE_ON [PRIMARY]' : ''); + $table_sql .= "\n);"; $statements[] = $table_sql; break; } @@ -2038,7 +2025,7 @@ class phpbb_db_tools $sql = "ALTER TABLE [{$table_name}] WITH NOCHECK ADD "; $sql .= "CONSTRAINT [PK_{$table_name}] PRIMARY KEY CLUSTERED ("; $sql .= '[' . implode("],\n\t\t[", $column) . ']'; - $sql .= ') ON [PRIMARY]'; + $sql .= ')'; $statements[] = $sql; break; @@ -2136,7 +2123,7 @@ class phpbb_db_tools case 'mssql': case 'mssqlnative': - $statements[] = 'CREATE UNIQUE INDEX ' . $index_name . ' ON ' . $table_name . '(' . implode(', ', $column) . ') ON [PRIMARY]'; + $statements[] = 'CREATE UNIQUE INDEX ' . $index_name . ' ON ' . $table_name . '(' . implode(', ', $column) . ')'; break; } @@ -2189,7 +2176,7 @@ class phpbb_db_tools case 'mssql': case 'mssqlnative': - $statements[] = 'CREATE INDEX ' . $index_name . ' ON ' . $table_name . '(' . implode(', ', $column) . ') ON [PRIMARY]'; + $statements[] = 'CREATE INDEX ' . $index_name . ' ON ' . $table_name . '(' . implode(', ', $column) . ')'; break; } -- cgit v1.2.1 From 83be9907013b9463f737f9761d85e3e6b907ad16 Mon Sep 17 00:00:00 2001 From: Patrick Webster Date: Sat, 1 Mar 2014 23:11:19 -0600 Subject: [ticket/9725] Create MSSQL primary keys if none exist PHPBB3-9725 --- phpBB/includes/db/db_tools.php | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'phpBB/includes') diff --git a/phpBB/includes/db/db_tools.php b/phpBB/includes/db/db_tools.php index 0518b7eb29..3a7ea2f945 100644 --- a/phpBB/includes/db/db_tools.php +++ b/phpBB/includes/db/db_tools.php @@ -523,6 +523,15 @@ class phpbb_db_tools // this means that we can add the one we really wanted instead if (!$primary_key_gen) { + if ($this->sql_layer == 'mssql' || $this->sql_layer == 'mssqlnative') + { + if (!isset($table_data['PRIMARY_KEY'])) + { + $table_data['COLUMNS']['mssqlindex'] = array('UINT', NULL, 'auto_increment'); + $table_data['PRIMARY_KEY'] = 'mssqlindex'; + } + } + // Write primary key if (isset($table_data['PRIMARY_KEY'])) { -- cgit v1.2.1 From 31e610f0b1a9f22701660e72d63fe2290298d812 Mon Sep 17 00:00:00 2001 From: Patrick Webster Date: Sun, 2 Mar 2014 21:36:50 -0600 Subject: [ticket/9725] Move primary key creation to the correct location PHPBB3-9725 --- phpBB/includes/db/db_tools.php | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/db/db_tools.php b/phpBB/includes/db/db_tools.php index 3a7ea2f945..8372f90369 100644 --- a/phpBB/includes/db/db_tools.php +++ b/phpBB/includes/db/db_tools.php @@ -468,6 +468,15 @@ class phpbb_db_tools break; } + if ($this->sql_layer == 'mssql' || $this->sql_layer == 'mssqlnative') + { + if (!isset($table_data['PRIMARY_KEY'])) + { + $table_data['COLUMNS']['mssqlindex'] = array('UINT', NULL, 'auto_increment'); + $table_data['PRIMARY_KEY'] = 'mssqlindex'; + } + } + // Iterate through the columns to create a table foreach ($table_data['COLUMNS'] as $column_name => $column_data) { @@ -523,15 +532,6 @@ class phpbb_db_tools // this means that we can add the one we really wanted instead if (!$primary_key_gen) { - if ($this->sql_layer == 'mssql' || $this->sql_layer == 'mssqlnative') - { - if (!isset($table_data['PRIMARY_KEY'])) - { - $table_data['COLUMNS']['mssqlindex'] = array('UINT', NULL, 'auto_increment'); - $table_data['PRIMARY_KEY'] = 'mssqlindex'; - } - } - // Write primary key if (isset($table_data['PRIMARY_KEY'])) { -- cgit v1.2.1 From aaa846cb3a008a76ad2e2d6f457de5995cd3a9db Mon Sep 17 00:00:00 2001 From: Patrick Webster Date: Mon, 3 Mar 2014 00:37:22 -0600 Subject: [ticket/9725] Do not use deprecated views to remove default constraints PHPBB3-9725 --- phpBB/includes/db/db_tools.php | 116 +++++++++++++++++++++++++++++------------ 1 file changed, 84 insertions(+), 32 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/db/db_tools.php b/phpBB/includes/db/db_tools.php index 8372f90369..5645d04867 100644 --- a/phpBB/includes/db/db_tools.php +++ b/phpBB/includes/db/db_tools.php @@ -1815,22 +1815,49 @@ class phpbb_db_tools case 'mssql': case 'mssqlnative': - // remove default cosntraints first - // http://msdn.microsoft.com/en-us/library/aa175912%28v=sql.80%29.aspx - $statements[] = "DECLARE @drop_default_name VARCHAR(100), @cmd VARCHAR(1000) - SET @drop_default_name = - (SELECT so.name FROM sysobjects so - JOIN sysconstraints sc ON so.id = sc.constid - WHERE object_name(so.parent_obj) = '{$table_name}' - AND so.xtype = 'D' - AND sc.colid = (SELECT colid FROM syscolumns - WHERE id = object_id('{$table_name}') - AND name = '{$column_name}')) - IF @drop_default_name <> '' - BEGIN - SET @cmd = 'ALTER TABLE [{$table_name}] DROP CONSTRAINT [' + @drop_default_name + ']' - EXEC(@cmd) - END"; + $sql = "SELECT CAST(SERVERPROPERTY('productversion') AS VARCHAR(25)) AS mssql_version"; + $result = $this->db->sql_query($sql); + $row = $this->db->sql_fetchrow($result); + $this->db->sql_freeresult($result); + + // Remove default constraints + if ($row['mssql_version'][0] == '8') // SQL Server 2000 + { + // http://msdn.microsoft.com/en-us/library/aa175912%28v=sql.80%29.aspx + // Deprecated in SQL Server 2005 + $statements[] = "DECLARE @drop_default_name VARCHAR(100), @cmd VARCHAR(1000) + SET @drop_default_name = + (SELECT so.name FROM sysobjects so + JOIN sysconstraints sc ON so.id = sc.constid + WHERE object_name(so.parent_obj) = '{$table_name}' + AND so.xtype = 'D' + AND sc.colid = (SELECT colid FROM syscolumns + WHERE id = object_id('{$table_name}') + AND name = '{$column_name}')) + IF @drop_default_name <> '' + BEGIN + SET @cmd = 'ALTER TABLE [{$table_name}] DROP CONSTRAINT [' + @drop_default_name + ']' + EXEC(@cmd) + END"; + } + else + { + $sql = "SELECT dobj.name AS def_name + FROM sys.columns col + LEFT OUTER JOIN sys.objects dobj ON (dobj.object_id = col.default_object_id AND dobj.type = 'D') + WHERE col.object_id = object_id('{$table_name}') + AND col.name = '{$column_name}' + AND dobj.name IS NOT NULL"; + $result = $this->db->sql_query($sql); + $row = $this->db->sql_fetchrow($result); + $this->db->sql_freeresult($result); + + if ($row) + { + $statements[] = 'ALTER TABLE [' . $table_name . '] DROP CONSTRAINT [' . $row['def_name'] . ']'; + } + } + $statements[] = 'ALTER TABLE [' . $table_name . '] DROP COLUMN [' . $column_name . ']'; break; @@ -2317,23 +2344,48 @@ class phpbb_db_tools if (!empty($column_data['default'])) { + $sql = "SELECT CAST(SERVERPROPERTY('productversion') AS VARCHAR(25)) AS mssql_version"; + $result = $this->db->sql_query($sql); + $row = $this->db->sql_fetchrow($result); + $this->db->sql_freeresult($result); + // Using TRANSACT-SQL for this statement because we do not want to have colliding data if statements are executed at a later stage - $statements[] = "DECLARE @drop_default_name VARCHAR(100), @cmd VARCHAR(1000) - SET @drop_default_name = - (SELECT so.name FROM sysobjects so - JOIN sysconstraints sc ON so.id = sc.constid - WHERE object_name(so.parent_obj) = '{$table_name}' - AND so.xtype = 'D' - AND sc.colid = (SELECT colid FROM syscolumns - WHERE id = object_id('{$table_name}') - AND name = '{$column_name}')) - IF @drop_default_name <> '' - BEGIN - SET @cmd = 'ALTER TABLE [{$table_name}] DROP CONSTRAINT [' + @drop_default_name + ']' - EXEC(@cmd) - END - SET @cmd = 'ALTER TABLE [{$table_name}] ADD CONSTRAINT [DF_{$table_name}_{$column_name}_1] {$column_data['default']} FOR [{$column_name}]' - EXEC(@cmd)"; + if ($row['mssql_version'][0] == '8') // SQL Server 2000 + { + $statements[] = "DECLARE @drop_default_name VARCHAR(100), @cmd VARCHAR(1000) + SET @drop_default_name = + (SELECT so.name FROM sysobjects so + JOIN sysconstraints sc ON so.id = sc.constid + WHERE object_name(so.parent_obj) = '{$table_name}' + AND so.xtype = 'D' + AND sc.colid = (SELECT colid FROM syscolumns + WHERE id = object_id('{$table_name}') + AND name = '{$column_name}')) + IF @drop_default_name <> '' + BEGIN + SET @cmd = 'ALTER TABLE [{$table_name}] DROP CONSTRAINT [' + @drop_default_name + ']' + EXEC(@cmd) + END + SET @cmd = 'ALTER TABLE [{$table_name}] ADD CONSTRAINT [DF_{$table_name}_{$column_name}_1] {$column_data['default']} FOR [{$column_name}]' + EXEC(@cmd)"; + } + else + { + $statements[] = "DECLARE @drop_default_name VARCHAR(100), @cmd VARCHAR(1000) + SET @drop_default_name = + (SELECT dobj.name FROM sys.columns col + LEFT OUTER JOIN sys.objects dobj ON (dobj.object_id = col.default_object_id AND dobj.type = 'D') + WHERE col.object_id = object_id('{$table_name}') + AND col.name = '{$column_name}' + AND dobj.name IS NOT NULL) + IF @drop_default_name <> '' + BEGIN + SET @cmd = 'ALTER TABLE [{$table_name}] DROP CONSTRAINT [' + @drop_default_name + ']' + EXEC(@cmd) + END + SET @cmd = 'ALTER TABLE [{$table_name}] ADD CONSTRAINT [DF_{$table_name}_{$column_name}_1] {$column_data['default']} FOR [{$column_name}]' + EXEC(@cmd)"; + } } break; -- cgit v1.2.1 From 79492d41109eba2932c020bb5c9a90f19aac2321 Mon Sep 17 00:00:00 2001 From: Patrick Webster Date: Sun, 23 Mar 2014 22:17:52 -0500 Subject: [ticket/9725] Code sniffer fixes PHPBB3-9725 --- phpBB/includes/db/db_tools.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/db/db_tools.php b/phpBB/includes/db/db_tools.php index 5645d04867..8dce769395 100644 --- a/phpBB/includes/db/db_tools.php +++ b/phpBB/includes/db/db_tools.php @@ -472,7 +472,7 @@ class phpbb_db_tools { if (!isset($table_data['PRIMARY_KEY'])) { - $table_data['COLUMNS']['mssqlindex'] = array('UINT', NULL, 'auto_increment'); + $table_data['COLUMNS']['mssqlindex'] = array('UINT', null, 'auto_increment'); $table_data['PRIMARY_KEY'] = 'mssqlindex'; } } @@ -1819,7 +1819,7 @@ class phpbb_db_tools $result = $this->db->sql_query($sql); $row = $this->db->sql_fetchrow($result); $this->db->sql_freeresult($result); - + // Remove default constraints if ($row['mssql_version'][0] == '8') // SQL Server 2000 { @@ -1851,7 +1851,7 @@ class phpbb_db_tools $result = $this->db->sql_query($sql); $row = $this->db->sql_fetchrow($result); $this->db->sql_freeresult($result); - + if ($row) { $statements[] = 'ALTER TABLE [' . $table_name . '] DROP CONSTRAINT [' . $row['def_name'] . ']'; @@ -2348,7 +2348,7 @@ class phpbb_db_tools $result = $this->db->sql_query($sql); $row = $this->db->sql_fetchrow($result); $this->db->sql_freeresult($result); - + // Using TRANSACT-SQL for this statement because we do not want to have colliding data if statements are executed at a later stage if ($row['mssql_version'][0] == '8') // SQL Server 2000 { -- cgit v1.2.1 From 519adb506073f4c3e2afd57e6ba1b6da4569e606 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Thu, 3 Apr 2014 15:55:18 +0200 Subject: [ticket/10851] Set disallowed content to empty array if checking is disabled The disallowed content defaults to a standard set of mimetype triggers by default. If one doesn't want to check the attachments mimetype triggers then we need to set the disallowed content to an empty array. PHPBB3-10851 --- phpBB/includes/functions_posting.php | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index 11a5067ef9..3f0a78a7cb 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -394,6 +394,10 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage { $upload->set_disallowed_content(explode('|', $config['mime_triggers'])); } + else if (!$config['check_attachment_content']) + { + $upload->set_disallowed_content(array()); + } if (!$local) { -- cgit v1.2.1 From 744b39e6c406f2999d7f28f6e62d71182eecade7 Mon Sep 17 00:00:00 2001 From: Oliver Schramm Date: Fri, 4 Apr 2014 17:07:54 +0200 Subject: [ticket/12353] Fix displayed attachments in ACP PHPBB3-12353 --- phpBB/includes/acp/acp_users.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index 8aaefb02c5..b82be8887c 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -2015,7 +2015,7 @@ class acp_users WHERE a.poster_id = ' . $user_id . " AND a.is_orphan = 0 ORDER BY $order_by"; - $result = $db->sql_query_limit($sql, $config['posts_per_page'], $start); + $result = $db->sql_query_limit($sql, $config['topics_per_page'], $start); while ($row = $db->sql_fetchrow($result)) { -- cgit v1.2.1 From face175471b5064117ca57ece53a3403e51e20ba Mon Sep 17 00:00:00 2001 From: Oliver Schramm Date: Sun, 13 Apr 2014 21:15:14 +0200 Subject: [ticket/10423] Move code into a function and add tests for it PHPBB3-10423 --- phpBB/includes/functions_content.php | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions_content.php b/phpBB/includes/functions_content.php index 6213d2fd24..69a29dc31b 100644 --- a/phpBB/includes/functions_content.php +++ b/phpBB/includes/functions_content.php @@ -21,6 +21,7 @@ if (!defined('IN_PHPBB')) * make_jumpbox() * bump_topic_allowed() * get_context() +* phpbb_clean_search_string() * decode_message() * strip_bbcode() * generate_text_for_display() @@ -360,6 +361,23 @@ function get_context($text, $words, $length = 400) } } +/** +* Cleans a search string by removing single wildcards from it and replacing multiple spaces with a single one. +* +* @param string $search_string The full search string which should be cleaned. +* +* @return string The cleaned search string without any wildcards and multiple spaces. +*/ +function phpbb_clean_search_string($search_string) +{ + // This regular expressions matches every single wildcard. + // That means one after a whitespace or the beginning of the string or one before a whitespace or the end of the string. + $search_string = preg_replace('#(?<=^|\s)\*(?=\s|$)#', '', $search_string); + $search_string = trim($search_string); + $search_string = preg_replace('#\s+#u', ' ', $search_string); + return $search_string; +} + /** * Decode text whereby text is coming from the db and expected to be pre-parsed content * We are placing this outside of the message parser because we are often in need of it... -- cgit v1.2.1 From dde7ac3b2bcee9832a12255a8df496a67743e2e0 Mon Sep 17 00:00:00 2001 From: Oliver Schramm Date: Sun, 13 Apr 2014 21:31:44 +0200 Subject: [ticket/10423] Match multiple wildcards Multiple wildcards are removed from the string if there is no word before or after them. If there is a word before or after them, they are just replaced with a single one. PHPBB3-10423 --- phpBB/includes/functions_content.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions_content.php b/phpBB/includes/functions_content.php index 69a29dc31b..19459239d5 100644 --- a/phpBB/includes/functions_content.php +++ b/phpBB/includes/functions_content.php @@ -372,9 +372,9 @@ function phpbb_clean_search_string($search_string) { // This regular expressions matches every single wildcard. // That means one after a whitespace or the beginning of the string or one before a whitespace or the end of the string. - $search_string = preg_replace('#(?<=^|\s)\*(?=\s|$)#', '', $search_string); + $search_string = preg_replace('#(?<=^|\s)\*+(?=\s|$)#', '', $search_string); $search_string = trim($search_string); - $search_string = preg_replace('#\s+#u', ' ', $search_string); + $search_string = preg_replace(array('#\s+#u', '#\*+#u'), array(' ', '*'), $search_string); return $search_string; } -- cgit v1.2.1 From c6fd2f01eb334a8a78bebc1cffd0f071fbe056ea Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Mon, 14 Apr 2014 22:44:37 +0200 Subject: [ticket/8960] Allow changing avatar path if it's not writable This change will allow users to change the avatar path even if it's not writable. However, this will get rid of the error message that the path is not writable. Due to this, a minor addition to the explain message in the ACP settings has been made. PHPBB3-8960 --- phpBB/includes/acp/acp_board.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index ebbf66657e..526d8e05da 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -123,7 +123,7 @@ class acp_board 'avatar_filesize' => array('lang' => 'MAX_FILESIZE', 'validate' => 'int:0', 'type' => 'text:4:10', 'explain' => true, 'append' => ' ' . $user->lang['BYTES']), 'avatar_min' => array('lang' => 'MIN_AVATAR_SIZE', 'validate' => 'int:0', 'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']), 'avatar_max' => array('lang' => 'MAX_AVATAR_SIZE', 'validate' => 'int:0', 'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']), - 'avatar_path' => array('lang' => 'AVATAR_STORAGE_PATH', 'validate' => 'rwpath', 'type' => 'text:20:255', 'explain' => true), + 'avatar_path' => array('lang' => 'AVATAR_STORAGE_PATH', 'validate' => 'rpath', 'type' => 'text:20:255', 'explain' => true), 'avatar_gallery_path' => array('lang' => 'AVATAR_GALLERY_PATH', 'validate' => 'rpath', 'type' => 'text:20:255', 'explain' => true) ) ); -- cgit v1.2.1 From bff63be512a0289d8d3278fe7510617be8b65cf4 Mon Sep 17 00:00:00 2001 From: n-aleha Date: Mon, 14 Apr 2014 17:36:13 +0300 Subject: [ticket/12397] Fix sql_unique_index_exists doc block db_tools::sql_unique_index_exists() searches for unique indexes but not primary key indexes. PHPBB3-12397 --- phpBB/includes/db/db_tools.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/db/db_tools.php b/phpBB/includes/db/db_tools.php index 8dce769395..6913960185 100644 --- a/phpBB/includes/db/db_tools.php +++ b/phpBB/includes/db/db_tools.php @@ -875,7 +875,7 @@ class phpbb_db_tools } } - // Add unqiue indexes? + // Add unique indexes? if (!empty($schema_changes['add_unique_index'])) { foreach ($schema_changes['add_unique_index'] as $table => $index_array) @@ -1286,7 +1286,7 @@ class phpbb_db_tools } /** - * Check if a specified index exists in table. Does not return PRIMARY KEY and UNIQUE indexes. + * Check if a specified index exists in table. Does not return PRIMARY KEY indexes. * * @param string $table_name Table to check the index at * @param string $index_name The index name to check -- cgit v1.2.1 From 5a91399dac9eed844c79c10324034db531432589 Mon Sep 17 00:00:00 2001 From: n-aleha Date: Wed, 16 Apr 2014 13:14:36 +0300 Subject: [ticket/12186] Move PM reports below post reports while installing In mcp, move PM reports below post reports while installing. PHPBB3-12186 --- phpBB/includes/mcp/info/mcp_pm_reports.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/mcp/info/mcp_pm_reports.php b/phpBB/includes/mcp/info/mcp_pm_reports.php index 103f560597..84f15b7107 100644 --- a/phpBB/includes/mcp/info/mcp_pm_reports.php +++ b/phpBB/includes/mcp/info/mcp_pm_reports.php @@ -20,7 +20,7 @@ class mcp_pm_reports_info 'title' => 'MCP_PM_REPORTS', 'version' => '1.0.0', 'modes' => array( - 'pm_reports' => array('title' => 'MCP_PM_REPORTS_OPEN', 'auth' => 'aclf_m_report', 'cat' => array('MCP_REPORTS')), + 'pm_reports' => array('title' => 'MCP_PM_REPORTS_OPEN', 'auth' => 'aclf_m_report', 'cat' => array('MCP_REPORTS')), 'pm_reports_closed' => array('title' => 'MCP_PM_REPORTS_CLOSED', 'auth' => 'aclf_m_report', 'cat' => array('MCP_REPORTS')), 'pm_report_details' => array('title' => 'MCP_PM_REPORT_DETAILS', 'auth' => 'aclf_m_report', 'cat' => array('MCP_REPORTS')), ), -- cgit v1.2.1 From 4f6441b4117e8b7801f67f1104b9435bfa19295a Mon Sep 17 00:00:00 2001 From: Nicofuma Date: Fri, 25 Apr 2014 01:04:00 +0200 Subject: [ticket/11480] PM : "Unknown folder" returned when inbox folder is full https://tracker.phpbb.com/browse/PHPBB3-11480 PHPBB3-11480 --- phpBB/includes/ucp/ucp_pm.php | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'phpBB/includes') diff --git a/phpBB/includes/ucp/ucp_pm.php b/phpBB/includes/ucp/ucp_pm.php index 447b6ebe87..2a718c0701 100644 --- a/phpBB/includes/ucp/ucp_pm.php +++ b/phpBB/includes/ucp/ucp_pm.php @@ -272,6 +272,12 @@ class ucp_pm $folder_id = (int) $row['folder_id']; } + // Do not allow hold messages to be seen + if ($folder_id == PRIVMSGS_HOLD_BOX) + { + trigger_error('NO_AUTH_READ_HOLD_MESSAGE'); + } + $message_row = array(); if ($action == 'view_message' && $msg_id) { -- cgit v1.2.1 From 0c109c9d377e10757c208c1d87aa6d4bf8d9af44 Mon Sep 17 00:00:00 2001 From: Tristan Darricau Date: Wed, 14 May 2014 19:56:19 +0200 Subject: [ticket/11224] SQL cache destroy does not destroy queries to tables joined https://tracker.phpbb.com/browse/PHPBB3-11224 PHPBB3-11224 --- phpBB/includes/acm/acm_memory.php | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acm/acm_memory.php b/phpBB/includes/acm/acm_memory.php index 2936ea0bae..d975e4b348 100644 --- a/phpBB/includes/acm/acm_memory.php +++ b/phpBB/includes/acm/acm_memory.php @@ -292,12 +292,24 @@ class acm_memory // determine which tables this query belongs to // Some queries use backticks, namely the get_database_size() query // don't check for conformity, the SQL would error and not reach here. - if (!preg_match('/FROM \\(?(`?\\w+`?(?: \\w+)?(?:, ?`?\\w+`?(?: \\w+)?)*)\\)?/', $query, $regs)) + if (!preg_match_all('/(?:FROM \\(?(`?\\w+`?(?: \\w+)?(?:, ?`?\\w+`?(?: \\w+)?)*)\\)?)|(?:JOIN (`?\\w+`?(?: \\w+)?))/', $query, $regs, PREG_SET_ORDER)) { // Bail out if the match fails. - return; + return $query_result; + } + + $tables = array(); + foreach($regs as $match) + { + if ($match[0][0] == 'F') + { + $tables = array_merge($tables, array_map('trim', explode(',', $match[1]))); + } + else + { + $tables[] = $match[2]; + } } - $tables = array_map('trim', explode(',', $regs[1])); foreach ($tables as $table_name) { -- cgit v1.2.1 From 0c4b53e2f1ea14dcdc82d2e2abac1ba96e4669ee Mon Sep 17 00:00:00 2001 From: Tristan Darricau Date: Wed, 14 May 2014 20:22:36 +0200 Subject: [ticket/11224] Fix returned data PHPBB3-11224 --- phpBB/includes/acm/acm_memory.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acm/acm_memory.php b/phpBB/includes/acm/acm_memory.php index d975e4b348..83b0e61182 100644 --- a/phpBB/includes/acm/acm_memory.php +++ b/phpBB/includes/acm/acm_memory.php @@ -295,7 +295,7 @@ class acm_memory if (!preg_match_all('/(?:FROM \\(?(`?\\w+`?(?: \\w+)?(?:, ?`?\\w+`?(?: \\w+)?)*)\\)?)|(?:JOIN (`?\\w+`?(?: \\w+)?))/', $query, $regs, PREG_SET_ORDER)) { // Bail out if the match fails. - return $query_result; + return; } $tables = array(); @@ -448,4 +448,4 @@ class acm_memory } } -?> \ No newline at end of file +?> -- cgit v1.2.1 From 9dd71fa32e13120c324a4cfb40a9c5c5534207e8 Mon Sep 17 00:00:00 2001 From: Tristan Darricau Date: Wed, 14 May 2014 20:23:27 +0200 Subject: [ticket/11224] Fix the blank line after ?> PHPBB3-11224 --- phpBB/includes/acm/acm_memory.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acm/acm_memory.php b/phpBB/includes/acm/acm_memory.php index 83b0e61182..3182c5a942 100644 --- a/phpBB/includes/acm/acm_memory.php +++ b/phpBB/includes/acm/acm_memory.php @@ -448,4 +448,4 @@ class acm_memory } } -?> +?> \ No newline at end of file -- cgit v1.2.1 From 7c99e309204d5647ae2eb246d5dc939e9e90c307 Mon Sep 17 00:00:00 2001 From: Tristan Darricau Date: Thu, 15 May 2014 01:17:02 +0200 Subject: [ticket/11224] Fix coding style PHPBB3-11224 --- phpBB/includes/acm/acm_memory.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acm/acm_memory.php b/phpBB/includes/acm/acm_memory.php index 3182c5a942..2ed5e9902d 100644 --- a/phpBB/includes/acm/acm_memory.php +++ b/phpBB/includes/acm/acm_memory.php @@ -299,7 +299,7 @@ class acm_memory } $tables = array(); - foreach($regs as $match) + foreach ($regs as $match) { if ($match[0][0] == 'F') { @@ -448,4 +448,4 @@ class acm_memory } } -?> \ No newline at end of file +?> -- cgit v1.2.1 From d53336af061e4c7b892c3acf4ce8fe0fa0205a72 Mon Sep 17 00:00:00 2001 From: Tristan Darricau Date: Thu, 15 May 2014 12:36:22 +0200 Subject: [ticket/11224] Remove new line in acm_memory.php PHPBB3-11224 --- phpBB/includes/acm/acm_memory.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acm/acm_memory.php b/phpBB/includes/acm/acm_memory.php index 2ed5e9902d..9b68585d24 100644 --- a/phpBB/includes/acm/acm_memory.php +++ b/phpBB/includes/acm/acm_memory.php @@ -448,4 +448,4 @@ class acm_memory } } -?> +?> \ No newline at end of file -- cgit v1.2.1 From a0a5c852d5a7d19504bed1ed2d4f5a9cd403227d Mon Sep 17 00:00:00 2001 From: Skouat Date: Wed, 7 May 2014 23:37:06 +0200 Subject: [ticket/12492] Add support of special chars Add support of special chars during db test in the installation PHPBB3-12492 --- phpBB/includes/functions_install.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions_install.php b/phpBB/includes/functions_install.php index 47f4eac627..21dd8bfebe 100644 --- a/phpBB/includes/functions_install.php +++ b/phpBB/includes/functions_install.php @@ -309,7 +309,7 @@ function connect_check_db($error_connect, &$error, $dbms_details, $table_prefix, if (is_array($db->sql_connect($dbhost, $dbuser, $dbpasswd, $dbname, $dbport, false, true))) { $db_error = $db->sql_error(); - $error[] = $lang['INST_ERR_DB_CONNECT'] . '
' . (($db_error['message']) ? $db_error['message'] : $lang['INST_ERR_DB_NO_ERROR']); + $error[] = $lang['INST_ERR_DB_CONNECT'] . '
' . (($db_error['message']) ? utf8_convert_message($db_error['message']) : $lang['INST_ERR_DB_NO_ERROR']); } else { -- cgit v1.2.1 From a0c442d16ea7686854a42e557406111e5ceb2801 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Wed, 4 Jun 2014 22:28:30 +0200 Subject: [ticket/12660] Improve check for when phpinfo() is disabled. PHPBB3-12660 --- phpBB/includes/acp/acp_php_info.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_php_info.php b/phpBB/includes/acp/acp_php_info.php index 7dd345971a..88e2ac3f8d 100644 --- a/phpBB/includes/acp/acp_php_info.php +++ b/phpBB/includes/acp/acp_php_info.php @@ -47,7 +47,7 @@ class acp_php_info // for this was nabbed from the PHP annotated manual preg_match_all('#]*>(.*)#si', $phpinfo, $output); - if (empty($phpinfo) || empty($output)) + if (empty($phpinfo) || empty($output[1][0])) { trigger_error('NO_PHPINFO_AVAILABLE', E_USER_WARNING); } -- cgit v1.2.1 From 0499655ba4448fd2ae232d82bd78b47809e56591 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sat, 21 Jun 2014 11:55:54 +0200 Subject: [ticket/12755] Add timeout to remote upload to prevent infinite loop PHPBB3-12755 --- phpBB/includes/functions_upload.php | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index 73ac1df2d2..afffff1351 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -466,6 +466,9 @@ class fileupload var $max_height = 0; var $error_prefix = ''; + /** @var int Timeout for remote upload */ + var $upload_timeout = 5; + /** * Init file upload class. * @@ -785,6 +788,9 @@ class fileupload return $file; } + // Set a proper timeout for the socket + socket_set_timeout($fsock, $this->upload_timeout); + // Make sure $path not beginning with / if (strpos($path, '/') === 0) { @@ -797,6 +803,8 @@ class fileupload $get_info = false; $data = ''; + $upload_start = time(); + while (!@feof($fsock)) { if ($get_info) @@ -813,6 +821,13 @@ class fileupload } $data .= $block; + + // Cancel upload if we exceed timeout + if ((time() - $upload_start) >= $this->upload_timeout) + { + $file = new fileerror($user->lang[$this->error_prefix . 'EMPTY_REMOTE_DATA']); + return $file; + } } else { -- cgit v1.2.1 From 8817b5937747f0b82e180bd3ce7d38b8aa68577e Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Mon, 23 Jun 2014 20:35:36 +0200 Subject: [ticket/12755] Add language string for timed out remote upload PHPBB3-12755 --- phpBB/includes/functions_upload.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index afffff1351..f4b9262d19 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -825,7 +825,7 @@ class fileupload // Cancel upload if we exceed timeout if ((time() - $upload_start) >= $this->upload_timeout) { - $file = new fileerror($user->lang[$this->error_prefix . 'EMPTY_REMOTE_DATA']); + $file = new fileerror($user->lang[$this->error_prefix . 'REMOTE_UPLOAD_TIMEOUT']); return $file; } } -- cgit v1.2.1 From 5ee1e07e1731cfa58e815c4a805fb188b0986640 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Tue, 24 Jun 2014 11:53:32 +0200 Subject: [ticket/12755] Change upload in remote_upload() method to fit get_remote_file PHPBB3-12755 --- phpBB/includes/functions_upload.php | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index f4b9262d19..c6e2dddf3d 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -467,7 +467,7 @@ class fileupload var $error_prefix = ''; /** @var int Timeout for remote upload */ - var $upload_timeout = 5; + var $upload_timeout = 6; /** * Init file upload class. @@ -788,9 +788,6 @@ class fileupload return $file; } - // Set a proper timeout for the socket - socket_set_timeout($fsock, $this->upload_timeout); - // Make sure $path not beginning with / if (strpos($path, '/') === 0) { @@ -801,9 +798,12 @@ class fileupload fputs($fsock, "HOST: " . $host . "\r\n"); fputs($fsock, "Connection: close\r\n\r\n"); + // Set a proper timeout for the socket + socket_set_timeout($fsock, $this->upload_timeout); + $get_info = false; $data = ''; - $upload_start = time(); + $timer_stop = time() + $this->upload_timeout; while (!@feof($fsock)) { @@ -821,13 +821,6 @@ class fileupload } $data .= $block; - - // Cancel upload if we exceed timeout - if ((time() - $upload_start) >= $this->upload_timeout) - { - $file = new fileerror($user->lang[$this->error_prefix . 'REMOTE_UPLOAD_TIMEOUT']); - return $file; - } } else { @@ -862,6 +855,15 @@ class fileupload } } } + + $stream_meta_data = stream_get_meta_data($fsock); + + // Cancel upload if we exceed timeout + if (!empty($stream_meta_data['timed_out']) || time() >= $timer_stop) + { + $file = new fileerror($user->lang[$this->error_prefix . 'REMOTE_UPLOAD_TIMEOUT']); + return $file; + } } @fclose($fsock); -- cgit v1.2.1 From 309dbb4ef9d6b2c29aa6294002ce1a7d4da2b099 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Tue, 24 Jun 2014 19:07:49 +0200 Subject: [ticket/12755] Terminate upload loop if upload reaches filesize Terminate the upload loop if the expected filesize has been reached instead of trying to read more bytes until the timeout has been reached. PHPBB3-12755 --- phpBB/includes/functions_upload.php | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index c6e2dddf3d..daa3550205 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -803,13 +803,23 @@ class fileupload $get_info = false; $data = ''; + $length = false; $timer_stop = time() + $this->upload_timeout; - while (!@feof($fsock)) + while (!($length && $filesize >= $length) && !@feof($fsock)) { if ($get_info) { - $block = @fread($fsock, 1024); + if ($length) + { + // Don't attempt to read past end of file if server indicated length + $block = @fread($fsock, min($length - $filesize, 1024)); + } + else + { + $block = @fread($fsock, 1024); + } + $filesize += strlen($block); if ($remote_max_filesize && $filesize > $remote_max_filesize) -- cgit v1.2.1 From 8b3cc9a6c494ecf7ec3262925b9e0c1381c0154e Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Tue, 24 Jun 2014 19:53:32 +0200 Subject: [ticket/12755] Apply de morgan to conditional PHPBB3-12755 --- phpBB/includes/functions_upload.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index daa3550205..69f10911ec 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -806,7 +806,7 @@ class fileupload $length = false; $timer_stop = time() + $this->upload_timeout; - while (!($length && $filesize >= $length) && !@feof($fsock)) + while ((!$length || $filesize < $length) && !@feof($fsock)) { if ($get_info) { -- cgit v1.2.1 From 9bc1f7924d5ef00fb988b81347d4c5c730b25eb2 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Wed, 25 Jun 2014 22:34:32 +0200 Subject: [ticket/12196] Fix typo "referer" in acp/attachments PHPBB3-12196 --- phpBB/includes/acp/acp_attachments.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_attachments.php b/phpBB/includes/acp/acp_attachments.php index fc5f44e14f..b32e401e14 100644 --- a/phpBB/includes/acp/acp_attachments.php +++ b/phpBB/includes/acp/acp_attachments.php @@ -118,7 +118,7 @@ class acp_attachments 'max_attachments_pm' => array('lang' => 'MAX_ATTACHMENTS_PM', 'validate' => 'int', 'type' => 'text:3:3', 'explain' => false), 'secure_downloads' => array('lang' => 'SECURE_DOWNLOADS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'secure_allow_deny' => array('lang' => 'SECURE_ALLOW_DENY', 'validate' => 'int', 'type' => 'custom', 'method' => 'select_allow_deny', 'explain' => true), - 'secure_allow_empty_referer' => array('lang' => 'SECURE_EMPTY_REFERRER', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), + 'secure_allow_empty_referer' => array('lang' => 'SECURE_EMPTY_REFERER', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'check_attachment_content' => array('lang' => 'CHECK_CONTENT', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), -- cgit v1.2.1 From a730c0291f1abe6a9737fe108cba825341f4acdb Mon Sep 17 00:00:00 2001 From: Dhruv Date: Fri, 27 Jun 2014 00:07:15 +0530 Subject: [ticket/12196] Revert Fix typo "referer" in acp/attachments This reverts commit 9bc1f7924d5ef00fb988b81347d4c5c730b25eb2. https://tracker.phpbb.com/browse/PHPBB3-12196 PHPBB3-12196 --- phpBB/includes/acp/acp_attachments.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_attachments.php b/phpBB/includes/acp/acp_attachments.php index b32e401e14..fc5f44e14f 100644 --- a/phpBB/includes/acp/acp_attachments.php +++ b/phpBB/includes/acp/acp_attachments.php @@ -118,7 +118,7 @@ class acp_attachments 'max_attachments_pm' => array('lang' => 'MAX_ATTACHMENTS_PM', 'validate' => 'int', 'type' => 'text:3:3', 'explain' => false), 'secure_downloads' => array('lang' => 'SECURE_DOWNLOADS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'secure_allow_deny' => array('lang' => 'SECURE_ALLOW_DENY', 'validate' => 'int', 'type' => 'custom', 'method' => 'select_allow_deny', 'explain' => true), - 'secure_allow_empty_referer' => array('lang' => 'SECURE_EMPTY_REFERER', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), + 'secure_allow_empty_referer' => array('lang' => 'SECURE_EMPTY_REFERRER', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'check_attachment_content' => array('lang' => 'CHECK_CONTENT', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), -- cgit v1.2.1 From 83f4bd9ee700483d68c5cd9bd93e9f226c124201 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Thu, 10 Jul 2014 14:39:53 +0200 Subject: [ticket/12695] Add viewtopic language file for parse_attachments in mcp_post PHPBB3-12695 --- phpBB/includes/mcp/mcp_post.php | 1 + 1 file changed, 1 insertion(+) (limited to 'phpBB/includes') diff --git a/phpBB/includes/mcp/mcp_post.php b/phpBB/includes/mcp/mcp_post.php index ba45037a18..df5dc27996 100644 --- a/phpBB/includes/mcp/mcp_post.php +++ b/phpBB/includes/mcp/mcp_post.php @@ -157,6 +157,7 @@ function mcp_post_details($id, $mode, $action) if (sizeof($attachments)) { + $user->add_lang('viewtopic'); $update_count = array(); parse_attachments($post_info['forum_id'], $message, $attachments, $update_count); } -- cgit v1.2.1 From 53f597b6d0867ab15ae3a4dc5dbc56f633ff9633 Mon Sep 17 00:00:00 2001 From: Oliver Schramm Date: Thu, 17 Jul 2014 15:45:17 +0200 Subject: [ticket/10729] Update post_edit_user when user being deleted PHPBB3-10729 --- phpBB/includes/functions_user.php | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index ea8b0a4640..db98b8e7ca 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -439,11 +439,6 @@ function user_delete($mode, $user_id, $post_username = false) WHERE poster_id = $user_id"; $db->sql_query($sql); - $sql = 'UPDATE ' . POSTS_TABLE . ' - SET post_edit_user = ' . ANONYMOUS . " - WHERE post_edit_user = $user_id"; - $db->sql_query($sql); - $sql = 'UPDATE ' . TOPICS_TABLE . ' SET topic_poster = ' . ANONYMOUS . ", topic_first_poster_name = '" . $db->sql_escape($post_username) . "', topic_first_poster_colour = '' WHERE topic_poster = $user_id"; @@ -501,6 +496,12 @@ function user_delete($mode, $user_id, $post_username = false) $cache->destroy('sql', MODERATOR_CACHE_TABLE); + // Change user_id to anonymous for posts edited by this user + $sql = 'UPDATE ' . POSTS_TABLE . ' + SET post_edit_user = ' . ANONYMOUS . ' + WHERE post_edit_user = ' . $user_id; + $db->sql_query($sql); + // Delete user log entries about this user $sql = 'DELETE FROM ' . LOG_TABLE . ' WHERE reportee_id = ' . $user_id; -- cgit v1.2.1 From da6b378e64d2457ddbcd299d769ecf0167ffb9c8 Mon Sep 17 00:00:00 2001 From: Oliver Schramm Date: Thu, 17 Jul 2014 16:30:22 +0200 Subject: [ticket/10729] Update message_edit_user when user being deleted PHPBB3-10729 --- phpBB/includes/functions_user.php | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index db98b8e7ca..20c371f8e5 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -502,6 +502,12 @@ function user_delete($mode, $user_id, $post_username = false) WHERE post_edit_user = ' . $user_id; $db->sql_query($sql); + // Change user_id to anonymous for pms edited by this user + $sql = 'UPDATE ' . PRIVMSGS_TABLE . ' + SET message_edit_user = ' . ANONYMOUS . ' + WHERE message_edit_user = ' . $user_id; + $db->sql_query($sql); + // Delete user log entries about this user $sql = 'DELETE FROM ' . LOG_TABLE . ' WHERE reportee_id = ' . $user_id; -- cgit v1.2.1 From 8bdfda723cd29cc191a252ee00da7da2fa8c6147 Mon Sep 17 00:00:00 2001 From: Tristan Darricau Date: Wed, 30 Jul 2014 15:08:04 +0200 Subject: [ticket/11480] Move the test into get_folder() PHPBB3-11480 --- phpBB/includes/functions_privmsgs.php | 2 +- phpBB/includes/ucp/ucp_pm.php | 6 ------ 2 files changed, 1 insertion(+), 7 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php index b08d6e7f5c..c99f40d453 100644 --- a/phpBB/includes/functions_privmsgs.php +++ b/phpBB/includes/functions_privmsgs.php @@ -208,7 +208,7 @@ function get_folder($user_id, $folder_id = false) ); } - if ($folder_id !== false && !isset($folder[$folder_id])) + if ($folder_id !== false && $folder_id !== PRIVMSGS_HOLD_BOX && !isset($folder[$folder_id])) { trigger_error('UNKNOWN_FOLDER'); } diff --git a/phpBB/includes/ucp/ucp_pm.php b/phpBB/includes/ucp/ucp_pm.php index 2a718c0701..447b6ebe87 100644 --- a/phpBB/includes/ucp/ucp_pm.php +++ b/phpBB/includes/ucp/ucp_pm.php @@ -272,12 +272,6 @@ class ucp_pm $folder_id = (int) $row['folder_id']; } - // Do not allow hold messages to be seen - if ($folder_id == PRIVMSGS_HOLD_BOX) - { - trigger_error('NO_AUTH_READ_HOLD_MESSAGE'); - } - $message_row = array(); if ($action == 'view_message' && $msg_id) { -- cgit v1.2.1 From d48e4b680e55ef9b4eb6ea0bd9748ad501f80b30 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Mon, 22 Sep 2014 00:55:08 +0200 Subject: [ticket/10729] Fix doc block for user_delete PHPBB3-10729 --- phpBB/includes/functions_user.php | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 20c371f8e5..abb057df5b 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -329,11 +329,16 @@ function user_add($user_row, $cp_data = false) } /** -* Remove User -*/ + * Remove User + * + * @param string $mode 'retain' or 'remove' + * @param int $user_id + * @param mixed $post_username + * @return bool + */ function user_delete($mode, $user_id, $post_username = false) { - global $cache, $config, $db, $user, $auth; + global $cache, $config, $db, $user; global $phpbb_root_path, $phpEx; $sql = 'SELECT * -- cgit v1.2.1 From ba464ec93a2707b602d212e364905a920b3b9460 Mon Sep 17 00:00:00 2001 From: Jakub Senko Date: Tue, 23 Sep 2014 22:43:52 +0200 Subject: [ticket/13096] Add phpbb_ prefix to ldap_escape() PHPBB3-13096 --- phpBB/includes/auth/auth_ldap.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/auth/auth_ldap.php b/phpBB/includes/auth/auth_ldap.php index eebf147d48..63796a474b 100644 --- a/phpBB/includes/auth/auth_ldap.php +++ b/phpBB/includes/auth/auth_ldap.php @@ -282,7 +282,7 @@ function ldap_user_filter($username) { global $config; - $filter = '(' . $config['ldap_uid'] . '=' . ldap_escape(htmlspecialchars_decode($username)) . ')'; + $filter = '(' . $config['ldap_uid'] . '=' . phpbb_ldap_escape(htmlspecialchars_decode($username)) . ')'; if ($config['ldap_user_filter']) { $_filter = ($config['ldap_user_filter'][0] == '(' && substr($config['ldap_user_filter'], -1) == ')') ? $config['ldap_user_filter'] : "({$config['ldap_user_filter']})"; @@ -294,7 +294,7 @@ function ldap_user_filter($username) /** * Escapes an LDAP AttributeValue */ -function ldap_escape($string) +function phpbb_ldap_escape($string) { return str_replace(array('*', '\\', '(', ')'), array('\\*', '\\\\', '\\(', '\\)'), $string); } -- cgit v1.2.1 From ca7f4fb5311849794957ac989e0c3090efebb66d Mon Sep 17 00:00:00 2001 From: Jakub Senko Date: Tue, 23 Sep 2014 23:03:07 +0200 Subject: [ticket/10985] Add fix to properly inherit style during update process PHPBB3-10985 --- phpBB/includes/bbcode.php | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'phpBB/includes') diff --git a/phpBB/includes/bbcode.php b/phpBB/includes/bbcode.php index f587e111f3..3c25fd6587 100644 --- a/phpBB/includes/bbcode.php +++ b/phpBB/includes/bbcode.php @@ -135,6 +135,11 @@ class bbcode $this->template_bitfield = new bitfield($user->theme['bbcode_bitfield']); $this->template_filename = $phpbb_root_path . 'styles/' . $user->theme['template_path'] . '/template/bbcode.html'; + if (empty($user->theme['template_inherits_id']) && !empty($template->orig_tpl_inherits_id)) + { + $user->theme['template_inherits_id'] = $template->orig_tpl_inherits_id; + } + if (!@file_exists($this->template_filename)) { if (isset($user->theme['template_inherits_id']) && $user->theme['template_inherits_id']) -- cgit v1.2.1 From e7e016637b8c136dfc31d422a263e808b61271a8 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Thu, 16 Oct 2014 12:32:48 +0200 Subject: [ticket/13138] Do not use cookie data and autologin while forcing a user_id PHPBB3-13138 --- phpBB/includes/session.php | 59 ++++++++++++++++++++++++---------------------- 1 file changed, 31 insertions(+), 28 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index fe5357f32e..4c13a4f558 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -553,34 +553,7 @@ class session $method = basename(trim($config['auth_method'])); include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx); - $method = 'autologin_' . $method; - if (function_exists($method)) - { - $this->data = $method(); - - if (sizeof($this->data)) - { - $this->cookie_data['k'] = ''; - $this->cookie_data['u'] = $this->data['user_id']; - } - } - - // If we're presented with an autologin key we'll join against it. - // Else if we've been passed a user_id we'll grab data based on that - if (isset($this->cookie_data['k']) && $this->cookie_data['k'] && $this->cookie_data['u'] && !sizeof($this->data)) - { - $sql = 'SELECT u.* - FROM ' . USERS_TABLE . ' u, ' . SESSIONS_KEYS_TABLE . ' k - WHERE u.user_id = ' . (int) $this->cookie_data['u'] . ' - AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ") - AND k.user_id = u.user_id - AND k.key_id = '" . $db->sql_escape(md5($this->cookie_data['k'])) . "'"; - $result = $db->sql_query($sql); - $this->data = $db->sql_fetchrow($result); - $db->sql_freeresult($result); - $bot = false; - } - else if ($user_id !== false && !sizeof($this->data)) + if ($user_id !== false && !sizeof($this->data)) { $this->cookie_data['k'] = ''; $this->cookie_data['u'] = $user_id; @@ -594,6 +567,36 @@ class session $db->sql_freeresult($result); $bot = false; } + else if (!$bot) + { + $method = 'autologin_' . $method; + if (function_exists($method)) + { + $this->data = $method(); + + if (sizeof($this->data)) + { + $this->cookie_data['k'] = ''; + $this->cookie_data['u'] = $this->data['user_id']; + } + } + + // If we're presented with an autologin key we'll join against it. + // Else if we've been passed a user_id we'll grab data based on that + if (isset($this->cookie_data['k']) && $this->cookie_data['k'] && $this->cookie_data['u'] && !sizeof($this->data)) + { + $sql = 'SELECT u.* + FROM ' . USERS_TABLE . ' u, ' . SESSIONS_KEYS_TABLE . ' k + WHERE u.user_id = ' . (int) $this->cookie_data['u'] . ' + AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ") + AND k.user_id = u.user_id + AND k.key_id = '" . $db->sql_escape(md5($this->cookie_data['k'])) . "'"; + $result = $db->sql_query($sql); + $this->data = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + $bot = false; + } + } // Bot user, if they have a SID in the Request URI we need to get rid of it // otherwise they'll index this page with the SID, duplicate content oh my! -- cgit v1.2.1 From 53f166274aaa55b98a1c671dbb5cbd403d879157 Mon Sep 17 00:00:00 2001 From: Oliver Schramm Date: Mon, 20 Oct 2014 16:45:02 +0200 Subject: [ticket/13168] Fix mbstring warnings in ACP for PHP 5.6 compatibility PHPBB3-13168 --- phpBB/includes/acp/acp_main.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_main.php b/phpBB/includes/acp/acp_main.php index d80b0d1532..79557bb5fd 100644 --- a/phpBB/includes/acp/acp_main.php +++ b/phpBB/includes/acp/acp_main.php @@ -606,8 +606,8 @@ class acp_main 'S_MBSTRING_LOADED' => true, 'S_MBSTRING_FUNC_OVERLOAD_FAIL' => (intval(@ini_get('mbstring.func_overload')) & (MB_OVERLOAD_MAIL | MB_OVERLOAD_STRING)), 'S_MBSTRING_ENCODING_TRANSLATION_FAIL' => (@ini_get('mbstring.encoding_translation') != 0), - 'S_MBSTRING_HTTP_INPUT_FAIL' => (@ini_get('mbstring.http_input') != 'pass'), - 'S_MBSTRING_HTTP_OUTPUT_FAIL' => (@ini_get('mbstring.http_output') != 'pass'), + 'S_MBSTRING_HTTP_INPUT_FAIL' => !in_array(@ini_get('mbstring.http_input'), array('pass', '')), + 'S_MBSTRING_HTTP_OUTPUT_FAIL' => !in_array(@ini_get('mbstring.http_output'), array('pass', '')), )); } -- cgit v1.2.1 From 64d97d0787a63b3c646f89237574ac566ed89c50 Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Mon, 27 Oct 2014 19:55:56 -0700 Subject: [ticket/13234] Never allow autologin/remember me to modify the userid This prevents admin relogin with forced user id from overwriting remember me cookies PHPBB3-13234 --- phpBB/includes/session.php | 71 ++++++++++++++++++++++++++-------------------- 1 file changed, 40 insertions(+), 31 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 4c13a4f558..fcc6745021 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -553,6 +553,45 @@ class session $method = basename(trim($config['auth_method'])); include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx); + $method = 'autologin_' . $method; + if (function_exists($method)) + { + $user_data = $method(); + + if ($user_id === false || (isset($user_data['user_id']) && $user_id = $user_data['user_id'])) + { + $this->data = $user_data; + } + + if (sizeof($this->data)) + { + $this->cookie_data['k'] = ''; + $this->cookie_data['u'] = $this->data['user_id']; + } + } + + // If we're presented with an autologin key we'll join against it. + // Else if we've been passed a user_id we'll grab data based on that + if (isset($this->cookie_data['k']) && $this->cookie_data['k'] && $this->cookie_data['u'] && !sizeof($this->data)) + { + $sql = 'SELECT u.* + FROM ' . USERS_TABLE . ' u, ' . SESSIONS_KEYS_TABLE . ' k + WHERE u.user_id = ' . (int) $this->cookie_data['u'] . ' + AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ") + AND k.user_id = u.user_id + AND k.key_id = '" . $db->sql_escape(md5($this->cookie_data['k'])) . "'"; + $result = $db->sql_query($sql); + $user_data = $db->sql_fetchrow($result); + + if ($user_id === false || (isset($user_data['user_id']) && $user_id = $user_data['user_id'])) + { + $this->data = $user_data; + $bot = false; + } + + $db->sql_freeresult($result); + } + if ($user_id !== false && !sizeof($this->data)) { $this->cookie_data['k'] = ''; @@ -567,36 +606,6 @@ class session $db->sql_freeresult($result); $bot = false; } - else if (!$bot) - { - $method = 'autologin_' . $method; - if (function_exists($method)) - { - $this->data = $method(); - - if (sizeof($this->data)) - { - $this->cookie_data['k'] = ''; - $this->cookie_data['u'] = $this->data['user_id']; - } - } - - // If we're presented with an autologin key we'll join against it. - // Else if we've been passed a user_id we'll grab data based on that - if (isset($this->cookie_data['k']) && $this->cookie_data['k'] && $this->cookie_data['u'] && !sizeof($this->data)) - { - $sql = 'SELECT u.* - FROM ' . USERS_TABLE . ' u, ' . SESSIONS_KEYS_TABLE . ' k - WHERE u.user_id = ' . (int) $this->cookie_data['u'] . ' - AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ") - AND k.user_id = u.user_id - AND k.key_id = '" . $db->sql_escape(md5($this->cookie_data['k'])) . "'"; - $result = $db->sql_query($sql); - $this->data = $db->sql_fetchrow($result); - $db->sql_freeresult($result); - $bot = false; - } - } // Bot user, if they have a SID in the Request URI we need to get rid of it // otherwise they'll index this page with the SID, duplicate content oh my! @@ -2459,4 +2468,4 @@ class user extends session } } -?> \ No newline at end of file +?> -- cgit v1.2.1 From fcc320e3852215a11b863d0108e16e2be998d5cc Mon Sep 17 00:00:00 2001 From: Tristan Darricau Date: Tue, 28 Oct 2014 10:14:47 +0100 Subject: [ticket/13234] Fix conditions and CS PHPBB3-13234 --- phpBB/includes/session.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index fcc6745021..5b2c4f0b0d 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -558,7 +558,7 @@ class session { $user_data = $method(); - if ($user_id === false || (isset($user_data['user_id']) && $user_id = $user_data['user_id'])) + if ($user_id === false || (isset($user_data['user_id']) && $user_id == $user_data['user_id'])) { $this->data = $user_data; } @@ -583,7 +583,7 @@ class session $result = $db->sql_query($sql); $user_data = $db->sql_fetchrow($result); - if ($user_id === false || (isset($user_data['user_id']) && $user_id = $user_data['user_id'])) + if ($user_id === false || (isset($user_data['user_id']) && $user_id == $user_data['user_id'])) { $this->data = $user_data; $bot = false; -- cgit v1.2.1 From 965042d015a0351303999b0196998be67d42dbae Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Tue, 25 Nov 2014 15:43:24 +0100 Subject: [ticket/13376] Revert unnecessary change for cookies called GLOBALS 92f554e3 Also introduce a clear cookie message hardcoded just in case. PHPBB3-13376 --- phpBB/includes/startup.php | 28 +++++----------------------- 1 file changed, 5 insertions(+), 23 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php index cf216a65db..2f3b1c5324 100644 --- a/phpBB/includes/startup.php +++ b/phpBB/includes/startup.php @@ -80,31 +80,13 @@ function deregister_globals() { if (isset($not_unset[$varname])) { - // Hacking attempt. No point in continuing unless it's a COOKIE (so a cookie called GLOBALS doesn't lock users out completely) - if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS'])) + // Hacking attempt. No point in continuing. + if (isset($_COOKIE[$varname])) { - exit; - } - else - { - $cookie = &$_COOKIE; - while (isset($cookie['GLOBALS'])) - { - if (!is_array($cookie['GLOBALS'])) - { - break; - } - - foreach ($cookie['GLOBALS'] as $registered_var => $value) - { - if (!isset($not_unset[$registered_var])) - { - unset($GLOBALS[$registered_var]); - } - } - $cookie = &$cookie['GLOBALS']; - } + echo "Clear your cookies. "; } + echo "Malicious variable name detected. Contact the administrator and ask them to disable register_globals."; + exit; } unset($GLOBALS[$varname]); -- cgit v1.2.1 From b67b67f2dfc018031bbd96916b38f39b96ecc0c3 Mon Sep 17 00:00:00 2001 From: Jakub Senko Date: Sun, 26 Oct 2014 21:17:37 +0100 Subject: [ticket/11613] Allow cookies to work on netbios domains PHPBB3-11613 --- phpBB/includes/session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index a7bd3244ae..8b93ab762d 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -1049,7 +1049,7 @@ class session $name_data = rawurlencode($config['cookie_name'] . '_' . $name) . '=' . rawurlencode($cookiedata); $expire = gmdate('D, d-M-Y H:i:s \\G\\M\\T', $cookietime); - $domain = (!$config['cookie_domain'] || $config['cookie_domain'] == 'localhost' || $config['cookie_domain'] == '127.0.0.1') ? '' : '; domain=' . $config['cookie_domain']; + $domain = (!$config['cookie_domain'] || $config['cookie_domain'] == '127.0.0.1' || strpos($config['cookie_domain'], '.') === false) ? '' : '; domain=' . $config['cookie_domain']; header('Set-Cookie: ' . $name_data . (($cookietime) ? '; expires=' . $expire : '') . '; path=' . $config['cookie_path'] . $domain . ((!$config['cookie_secure']) ? '' : '; secure') . '; HttpOnly', false); } -- cgit v1.2.1 From 6564446b0f14b88e540e2b1b5fe72fe4082d5573 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Mon, 19 Jan 2015 20:47:47 +0100 Subject: [ticket/13519] Correctly validate imagick path as path and not string PHPBB3-13519 --- phpBB/includes/acp/acp_attachments.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_attachments.php b/phpBB/includes/acp/acp_attachments.php index fc5f44e14f..147783feae 100644 --- a/phpBB/includes/acp/acp_attachments.php +++ b/phpBB/includes/acp/acp_attachments.php @@ -127,7 +127,7 @@ class acp_attachments 'img_create_thumbnail' => array('lang' => 'CREATE_THUMBNAIL', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'img_max_thumb_width' => array('lang' => 'MAX_THUMB_WIDTH', 'validate' => 'int', 'type' => 'text:7:15', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']), 'img_min_thumb_filesize' => array('lang' => 'MIN_THUMB_FILESIZE', 'validate' => 'int', 'type' => 'text:7:15', 'explain' => true, 'append' => ' ' . $user->lang['BYTES']), - 'img_imagick' => array('lang' => 'IMAGICK_PATH', 'validate' => 'string', 'type' => 'text:20:200', 'explain' => true, 'append' => '  [ ' . $user->lang['SEARCH_IMAGICK'] . ' ]'), + 'img_imagick' => array('lang' => 'IMAGICK_PATH', 'validate' => 'path', 'type' => 'text:20:200', 'explain' => true, 'append' => '  [ ' . $user->lang['SEARCH_IMAGICK'] . ' ]'), 'img_max' => array('lang' => 'MAX_IMAGE_SIZE', 'validate' => 'int', 'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']), 'img_link' => array('lang' => 'IMAGE_LINK_SIZE', 'validate' => 'int', 'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']), ) -- cgit v1.2.1 From 23069a13e203985ab124d1139e8de74b12778449 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Tue, 9 Sep 2014 19:18:36 +0200 Subject: [ticket/13526] Correctly validate the ucp_pm_options form key. PHPBB3-13526 --- phpBB/includes/ucp/ucp_pm_options.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/ucp/ucp_pm_options.php b/phpBB/includes/ucp/ucp_pm_options.php index efa390ed87..1d5c0ecce3 100644 --- a/phpBB/includes/ucp/ucp_pm_options.php +++ b/phpBB/includes/ucp/ucp_pm_options.php @@ -29,7 +29,11 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit // Change "full folder" setting - what to do if folder is full if (isset($_POST['fullfolder'])) { - check_form_key('ucp_pm_options', $config['form_token_lifetime'], $redirect_url); + if (!check_form_key('ucp_pm_options')) + { + trigger_error('FORM_INVALID'); + } + $full_action = request_var('full_action', 0); $set_folder_id = 0; -- cgit v1.2.1 From 251868dd7e22c510a44ecd01150dff308e0fceae Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Tue, 20 Jan 2015 22:34:14 +0100 Subject: [ticket/13527] Remove two unused variables. PHPBB3-13527 --- phpBB/includes/acp/acp_update.php | 3 --- 1 file changed, 3 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_update.php b/phpBB/includes/acp/acp_update.php index 5d3e9abcea..7d16a46916 100644 --- a/phpBB/includes/acp/acp_update.php +++ b/phpBB/includes/acp/acp_update.php @@ -34,9 +34,6 @@ class acp_update $this->page_title = 'ACP_VERSION_CHECK'; // Get current and latest version - $errstr = ''; - $errno = 0; - $info = obtain_latest_version_info(request_var('versioncheck_force', false)); if (empty($info)) -- cgit v1.2.1 From 92b5222295d6d1a8f49fe688a822922f8372b7d2 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Tue, 20 Jan 2015 22:40:39 +0100 Subject: [ticket/13527] Apply htmlspecialchars() to data from version server. PHPBB3-13527 --- phpBB/includes/acp/acp_update.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_update.php b/phpBB/includes/acp/acp_update.php index 7d16a46916..87d5c51b56 100644 --- a/phpBB/includes/acp/acp_update.php +++ b/phpBB/includes/acp/acp_update.php @@ -34,7 +34,7 @@ class acp_update $this->page_title = 'ACP_VERSION_CHECK'; // Get current and latest version - $info = obtain_latest_version_info(request_var('versioncheck_force', false)); + $info = htmlspecialchars(obtain_latest_version_info(request_var('versioncheck_force', false))); if (empty($info)) { -- cgit v1.2.1 From 4b9434bf1ba4c015da11309602cfccf1a9c2493c Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Wed, 21 Jan 2015 00:16:42 +0100 Subject: [ticket/13531] Explicitly disallow trailing paths (e.g. PATH_INFO). PHPBB3-13531 --- phpBB/includes/startup.php | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) (limited to 'phpBB/includes') diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php index 2f3b1c5324..d9dab2a356 100644 --- a/phpBB/includes/startup.php +++ b/phpBB/includes/startup.php @@ -95,6 +95,40 @@ function deregister_globals() unset($input); } +/** + * Check if requested page uses a trailing path + * + * @param string $phpEx PHP extension + * + * @return bool True if trailing path is used, false if not + */ +function phpbb_has_trailing_path($phpEx) +{ + // Check if path_info is being used + if (!empty($_SERVER['PATH_INFO']) || !empty($_SERVER['ORIG_PATH_INFO'])) + { + return true; + } + + // Match any trailing path appended to a php script in the REQUEST_URI. + // It is assumed that only actual PHP scripts use names like foo.php. Due + // to this, any phpBB board inside a directory that has the php extension + // appended to its name will stop working, i.e. if the board is at + // example.com/phpBB/test.php/ or example.com/test.php/ + if (preg_match('#^[^?]+\.' . preg_quote($phpEx, '#') . '/#', $_SERVER['REQUEST_URI'])) + { + return true; + } + + return false; +} + +// Check if trailing path is used +if (phpbb_has_trailing_path($phpEx)) +{ + exit('Trailing paths and path_info is not supported by phpBB 3.0'); +} + // Register globals and magic quotes have been dropped in PHP 5.4 if (version_compare(PHP_VERSION, '5.4.0-dev', '>=')) { -- cgit v1.2.1 From e34b92882a51dc89da88464b8c751a9d93a03124 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Wed, 21 Jan 2015 00:51:36 +0100 Subject: [ticket/13531] Send 404 Not Found. PHPBB3-13531 --- phpBB/includes/startup.php | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php index d9dab2a356..92639fc5bd 100644 --- a/phpBB/includes/startup.php +++ b/phpBB/includes/startup.php @@ -126,7 +126,21 @@ function phpbb_has_trailing_path($phpEx) // Check if trailing path is used if (phpbb_has_trailing_path($phpEx)) { - exit('Trailing paths and path_info is not supported by phpBB 3.0'); + if (substr(strtolower(@php_sapi_name()), 0, 3) === 'cgi') + { + $prefix = 'Status:'; + } + else if (!empty($_SERVER['SERVER_PROTOCOL'])) + { + $prefix = $_SERVER['SERVER_PROTOCOL']; + } + else + { + $prefix = 'HTTP/1.0'; + } + header("$prefix 404 Not Found", true, 404); + echo 'Trailing paths and PATH_INFO is not supported by phpBB 3.0'; + exit; } // Register globals and magic quotes have been dropped in PHP 5.4 -- cgit v1.2.1 From 9f7f366573bc117d429e0c044836455662c344ed Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Wed, 21 Jan 2015 01:32:18 +0100 Subject: [develop-olympus] Bump version numbers for 3.0.13-RC1 release. --- phpBB/includes/constants.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index 8d09fe4d9b..4b1a8f154b 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -25,7 +25,7 @@ if (!defined('IN_PHPBB')) */ // phpBB Version -define('PHPBB_VERSION', '3.0.13-dev'); +define('PHPBB_VERSION', '3.0.13-RC1'); // QA-related // define('PHPBB_QA', 1); -- cgit v1.2.1 From 14585fcb4f1d6238a188089891a11895a557f99e Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Wed, 21 Jan 2015 15:15:30 +0100 Subject: [develop-olympus] Increment version number to 3.0.14-dev. --- phpBB/includes/constants.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index 4b1a8f154b..b0e814cc6a 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -25,7 +25,7 @@ if (!defined('IN_PHPBB')) */ // phpBB Version -define('PHPBB_VERSION', '3.0.13-RC1'); +define('PHPBB_VERSION', '3.0.14-dev'); // QA-related // define('PHPBB_QA', 1); -- cgit v1.2.1 From 5ce89ae82f7be38ef539872dc1fd360fb45c906a Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Mon, 26 Jan 2015 18:08:31 +0100 Subject: [prep-release-3.0.13] Bump version numbers for 3.0.13 release --- phpBB/includes/constants.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index 4b1a8f154b..a0a849aa21 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -25,7 +25,7 @@ if (!defined('IN_PHPBB')) */ // phpBB Version -define('PHPBB_VERSION', '3.0.13-RC1'); +define('PHPBB_VERSION', '3.0.13'); // QA-related // define('PHPBB_QA', 1); -- cgit v1.2.1 From 5eb0d422c8b3db8c4384b4b8a8b27c64441ec08e Mon Sep 17 00:00:00 2001 From: Dhruv Date: Wed, 28 Jan 2015 21:37:03 +0530 Subject: [ticket/12933] Handle case when * is last character of word PHPBB3-12933 --- phpBB/includes/search/fulltext_native.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/search/fulltext_native.php b/phpBB/includes/search/fulltext_native.php index 29c5a72874..948911bbfe 100644 --- a/phpBB/includes/search/fulltext_native.php +++ b/phpBB/includes/search/fulltext_native.php @@ -204,7 +204,7 @@ class fulltext_native extends search_backend $this->search_query = $keywords; $exact_words = array(); - preg_match_all('#([^\\s+\\-|*()]+)(?:$|[\\s+\\-|()])#u', $keywords, $exact_words); + preg_match_all('#([^\\s+\\-|()]+)(?:$|[\\s+\\-|()])#u', $keywords, $exact_words); $exact_words = $exact_words[1]; $common_ids = $words = array(); -- cgit v1.2.1 From 74950559074d738733ac1258b07912f9ca14203a Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Tue, 27 Jan 2015 22:12:32 +0100 Subject: [ticket/13549] Do not exit when ORIG_PATH_INFO just contains SCRIPT_NAME. The ORIG_PATH_INFO on IIS also contains the script name. Only use that for killing the script after removing the script name from ORIG_PATH_INFO. PHPBB3-13549 --- phpBB/includes/startup.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php index 92639fc5bd..9bbbf4fd4c 100644 --- a/phpBB/includes/startup.php +++ b/phpBB/includes/startup.php @@ -105,7 +105,7 @@ function deregister_globals() function phpbb_has_trailing_path($phpEx) { // Check if path_info is being used - if (!empty($_SERVER['PATH_INFO']) || !empty($_SERVER['ORIG_PATH_INFO'])) + if (!empty($_SERVER['PATH_INFO']) || (!empty($_SERVER['ORIG_PATH_INFO']) && $_SERVER['SCRIPT_NAME'] != $_SERVER['ORIG_PATH_INFO'])) { return true; } -- cgit v1.2.1 From 19421fcdef62e50ea335967cc7e4487e7548db87 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Mon, 2 Feb 2015 15:02:41 +0100 Subject: [ticket/13568] Validate imagick path as readable absolute path PHPBB3-13568 --- phpBB/includes/acp/acp_attachments.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_attachments.php b/phpBB/includes/acp/acp_attachments.php index 147783feae..325c6b63cb 100644 --- a/phpBB/includes/acp/acp_attachments.php +++ b/phpBB/includes/acp/acp_attachments.php @@ -127,7 +127,7 @@ class acp_attachments 'img_create_thumbnail' => array('lang' => 'CREATE_THUMBNAIL', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'img_max_thumb_width' => array('lang' => 'MAX_THUMB_WIDTH', 'validate' => 'int', 'type' => 'text:7:15', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']), 'img_min_thumb_filesize' => array('lang' => 'MIN_THUMB_FILESIZE', 'validate' => 'int', 'type' => 'text:7:15', 'explain' => true, 'append' => ' ' . $user->lang['BYTES']), - 'img_imagick' => array('lang' => 'IMAGICK_PATH', 'validate' => 'path', 'type' => 'text:20:200', 'explain' => true, 'append' => '  [ ' . $user->lang['SEARCH_IMAGICK'] . ' ]'), + 'img_imagick' => array('lang' => 'IMAGICK_PATH', 'validate' => 'apath', 'type' => 'text:20:200', 'explain' => true, 'append' => '  [ ' . $user->lang['SEARCH_IMAGICK'] . ' ]'), 'img_max' => array('lang' => 'MAX_IMAGE_SIZE', 'validate' => 'int', 'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']), 'img_link' => array('lang' => 'IMAGE_LINK_SIZE', 'validate' => 'int', 'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']), ) -- cgit v1.2.1 From a93df0e5112962503abc88469c1cc77cef862745 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Mon, 2 Feb 2015 18:30:05 +0100 Subject: [ticket/13568] Use more descriptive validation names and merge with path block PHPBB3-13568 --- phpBB/includes/acp/acp_attachments.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_attachments.php b/phpBB/includes/acp/acp_attachments.php index 325c6b63cb..bffe6f7db3 100644 --- a/phpBB/includes/acp/acp_attachments.php +++ b/phpBB/includes/acp/acp_attachments.php @@ -127,7 +127,7 @@ class acp_attachments 'img_create_thumbnail' => array('lang' => 'CREATE_THUMBNAIL', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'img_max_thumb_width' => array('lang' => 'MAX_THUMB_WIDTH', 'validate' => 'int', 'type' => 'text:7:15', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']), 'img_min_thumb_filesize' => array('lang' => 'MIN_THUMB_FILESIZE', 'validate' => 'int', 'type' => 'text:7:15', 'explain' => true, 'append' => ' ' . $user->lang['BYTES']), - 'img_imagick' => array('lang' => 'IMAGICK_PATH', 'validate' => 'apath', 'type' => 'text:20:200', 'explain' => true, 'append' => '  [ ' . $user->lang['SEARCH_IMAGICK'] . ' ]'), + 'img_imagick' => array('lang' => 'IMAGICK_PATH', 'validate' => 'absolute_path', 'type' => 'text:20:200', 'explain' => true, 'append' => '  [ ' . $user->lang['SEARCH_IMAGICK'] . ' ]'), 'img_max' => array('lang' => 'MAX_IMAGE_SIZE', 'validate' => 'int', 'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']), 'img_link' => array('lang' => 'IMAGE_LINK_SIZE', 'validate' => 'int', 'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']), ) -- cgit v1.2.1 From 6f3f6282d192704854ae00a1aa1c0daaa68a307d Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Wed, 25 Feb 2015 16:20:50 +0100 Subject: [ticket/13617] Enforce column size limit for session_forum_id PHPBB3-13617 --- phpBB/includes/session.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 8b93ab762d..04b15b17d3 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -121,6 +121,8 @@ class session $script_path .= (substr($script_path, -1, 1) == '/') ? '' : '/'; $root_script_path .= (substr($root_script_path, -1, 1) == '/') ? '' : '/'; + $forum_id = (isset($_REQUEST['f']) && $_REQUEST['f'] > 0 && $_REQUEST['f'] < 16777215) ? (int) $_REQUEST['f'] : 0; + $page_array += array( 'page_name' => $page_name, 'page_dir' => $page_dir, @@ -130,7 +132,7 @@ class session 'root_script_path' => str_replace(' ', '%20', htmlspecialchars($root_script_path)), 'page' => $page, - 'forum' => (isset($_REQUEST['f']) && $_REQUEST['f'] > 0) ? (int) $_REQUEST['f'] : 0, + 'forum' => $forum_id, ); return $page_array; -- cgit v1.2.1 From eed355b798ec77ed8b67555087fc5866b522c5fc Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Fri, 10 Apr 2015 18:02:58 +0200 Subject: [ticket/security-180] Check if redirect URL contains board URL SECURITY-180 --- phpBB/includes/functions.php | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index f0657b9016..f79a0a9e52 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2579,6 +2579,12 @@ function redirect($url, $return = false, $disable_cd_check = false) } } + // Make sure we don't redirect to external URLs + if (!$disable_cd_check && strpos($url, generate_board_url(true)) !== 0) + { + trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR); + } + // Make sure no linebreaks are there... to prevent http response splitting for PHP < 4.4.2 if (strpos(urldecode($url), "\n") !== false || strpos(urldecode($url), "\r") !== false || strpos($url, ';') !== false) { -- cgit v1.2.1 From bca1b96b2e9235bbb4a3e7a104dd79e7f3761679 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sat, 11 Apr 2015 16:41:20 +0200 Subject: [ticket/security-180] Make sure that redirect goes to full URL plus slash SECURITY-180 --- phpBB/includes/functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index f79a0a9e52..a6a98954de 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2580,7 +2580,7 @@ function redirect($url, $return = false, $disable_cd_check = false) } // Make sure we don't redirect to external URLs - if (!$disable_cd_check && strpos($url, generate_board_url(true)) !== 0) + if (!$disable_cd_check && strpos($url, generate_board_url(true) . '/') !== 0) { trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR); } -- cgit v1.2.1 From ee658bfe7bd284573d199c3c2a76007c5509695d Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Sat, 11 Apr 2015 17:08:28 +0200 Subject: [ticket/security-180] Always fail when redirecting to an insecure URL SECURITY-180 --- phpBB/includes/functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index a6a98954de..f2bc63cf23 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2492,7 +2492,7 @@ function redirect($url, $return = false, $disable_cd_check = false) // Attention: only able to redirect within the same domain if $disable_cd_check is false (yourdomain.com -> www.yourdomain.com will not work) if (!$disable_cd_check && $url_parts['host'] !== $user->host) { - $url = generate_board_url(); + trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR); } } else if ($url[0] == '/') -- cgit v1.2.1 From 463c62df1847a3791fb7ec23b72c2f72bed12938 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Sat, 11 Apr 2015 17:43:06 +0200 Subject: [ticket/13765] Verify SERVER_PROTOCOL has the expected format before using it. PHPBB3-13765 --- phpBB/includes/functions.php | 2 +- phpBB/includes/startup.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index f0657b9016..4ae6e7a018 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2782,7 +2782,7 @@ function send_status_line($code, $message) } else { - if (!empty($_SERVER['SERVER_PROTOCOL'])) + if (!empty($_SERVER['SERVER_PROTOCOL']) && is_string($_SERVER['SERVER_PROTOCOL']) && preg_match('#^HTTP/[0-9]\.[0-9]$#', $_SERVER['SERVER_PROTOCOL'])) { $version = $_SERVER['SERVER_PROTOCOL']; } diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php index 9bbbf4fd4c..008651c236 100644 --- a/phpBB/includes/startup.php +++ b/phpBB/includes/startup.php @@ -130,7 +130,7 @@ if (phpbb_has_trailing_path($phpEx)) { $prefix = 'Status:'; } - else if (!empty($_SERVER['SERVER_PROTOCOL'])) + else if (!empty($_SERVER['SERVER_PROTOCOL']) && is_string($_SERVER['SERVER_PROTOCOL']) && preg_match('#^HTTP/[0-9]\.[0-9]$#', $_SERVER['SERVER_PROTOCOL'])) { $prefix = $_SERVER['SERVER_PROTOCOL']; } -- cgit v1.2.1 From ce74a0bd6ce6cd0bcb7cfe1c05bfadac7cc5151c Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Mon, 27 Apr 2015 23:22:44 +0200 Subject: [3.0.x] Bump version numbers for 3.0.14-RC1 release. --- phpBB/includes/constants.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index b0e814cc6a..97943574cb 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -25,7 +25,7 @@ if (!defined('IN_PHPBB')) */ // phpBB Version -define('PHPBB_VERSION', '3.0.14-dev'); +define('PHPBB_VERSION', '3.0.14-RC1'); // QA-related // define('PHPBB_QA', 1); -- cgit v1.2.1 From 5382552fc8ce84cb82153363b95bd2362275d628 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Sun, 3 May 2015 14:40:50 +0200 Subject: [prep-release-3.0.14] Bump version numbers for 3.0.14 release. --- phpBB/includes/constants.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index 97943574cb..e8a3191280 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -25,7 +25,7 @@ if (!defined('IN_PHPBB')) */ // phpBB Version -define('PHPBB_VERSION', '3.0.14-RC1'); +define('PHPBB_VERSION', '3.0.14'); // QA-related // define('PHPBB_QA', 1); -- cgit v1.2.1