From 4091f873eaa108cebd3192ede979ce61ead09238 Mon Sep 17 00:00:00 2001 From: rxu Date: Mon, 18 Oct 2010 21:25:52 +0800 Subject: [ticket/6712] Bump does not create new topic icon on index. Handle the topic bumping process more properly. PHPBB3-6712 --- phpBB/includes/functions_posting.php | 91 ++++++++++++++++++++++++++++++++++++ 1 file changed, 91 insertions(+) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index 6fd87db663..041b549cd6 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -2611,4 +2611,95 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u return $url; } +/* +* Handle topic bumping +*/ +function bump_topic($forum_id, $topic_id, &$post_data, $current_time = false) +{ + global $config, $db, $user, $phpEx, $phpbb_root_path; + + if ($current_time === false) + { + $current_time = time(); + } + + // Begin bumping + $db->sql_transaction('begin'); + + // Update the topic's last post post_time + $sql = 'UPDATE ' . POSTS_TABLE . " + SET post_time = $current_time + WHERE post_id = {$post_data['topic_last_post_id']} + AND topic_id = $topic_id"; + $db->sql_query($sql); + + // Sync the topic's last post time, the rest of the topic's last post data isn't changed + $sql = 'UPDATE ' . TOPICS_TABLE . " + SET topic_last_post_time = $current_time, + topic_bumped = 1, + topic_bumper = " . $user->data['user_id'] . " + WHERE topic_id = $topic_id"; + $db->sql_query($sql); + + // Update the forum's last post info + $sql = 'UPDATE ' . FORUMS_TABLE . " + SET forum_last_post_id = " . $post_data['topic_last_post_id'] . ", + forum_last_poster_id = " . $post_data['topic_last_poster_id'] . ", + forum_last_post_subject = '" . $db->sql_escape($post_data['topic_last_post_subject']) . "', + forum_last_post_time = $current_time, + forum_last_poster_name = '" . $db->sql_escape($post_data['topic_last_poster_name']) . "', + forum_last_poster_colour = '" . $db->sql_escape($post_data['topic_last_poster_colour']) . "' + WHERE forum_id = $forum_id"; + $db->sql_query($sql); + + // Update bumper's time of the last posting to prevent flood + $sql = 'UPDATE ' . USERS_TABLE . " + SET user_lastpost_time = $current_time + WHERE user_id = " . $user->data['user_id']; + $db->sql_query($sql); + + $db->sql_transaction('commit'); + + // Mark this topic as posted to + markread('post', $forum_id, $topic_id, $current_time); + + // Mark this topic as read + markread('topic', $forum_id, $topic_id, $current_time); + + // Update forum tracking info + if ($config['load_db_lastread'] && $user->data['is_registered']) + { + $sql = 'SELECT mark_time + FROM ' . FORUMS_TRACK_TABLE . ' + WHERE user_id = ' . $user->data['user_id'] . ' + AND forum_id = ' . $forum_id; + $result = $db->sql_query($sql); + $f_mark_time = (int) $db->sql_fetchfield('mark_time'); + $db->sql_freeresult($result); + } + else if ($config['load_anon_lastread'] || $user->data['is_registered']) + { + $f_mark_time = false; + } + + if (($config['load_db_lastread'] && $user->data['is_registered']) || $config['load_anon_lastread'] || $user->data['is_registered']) + { + // Update forum info + $sql = 'SELECT forum_last_post_time + FROM ' . FORUMS_TABLE . ' + WHERE forum_id = ' . $forum_id; + $result = $db->sql_query($sql); + $forum_last_post_time = (int) $db->sql_fetchfield('forum_last_post_time'); + $db->sql_freeresult($result); + + update_forum_tracking_info($forum_id, $forum_last_post_time, $f_mark_time, false); + } + + add_log('mod', $forum_id, $topic_id, 'LOG_BUMP_TOPIC', $post_data['topic_title']); + + $url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&t=$topic_id&p={$post_data['topic_last_post_id']}") . "#p{$post_data['topic_last_post_id']}"; + + return $url; +} + ?> \ No newline at end of file -- cgit v1.2.1 From ac26bb458f2a2ea60848921826c69bfe03e676db Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Thu, 28 Oct 2010 21:41:14 +0200 Subject: [ticket/9764] Allow $config['mime_triggers'] to be an empty string. explode('|', '') and explode('|', NULL) both return array(0 => '') which can cause filespec::check_content() to reject everything starting with a '<' character in case $config['mime_triggers'] is an empty string or not set. fileupload::set_disallowed_content() now filters out empty strings by calling array_diff() on the passed array, so setting $config['mime_triggers'] to an empty string will turn off mime checking completely. On the other side we want to fail safe if $config['mime_triggers'] is not set at all. To do this, the array fileupload::$disallowed_content now contains some default strings to be filtered out. PHPBB3-9764 --- phpBB/includes/functions_posting.php | 2 +- phpBB/includes/functions_upload.php | 4 ++-- phpBB/includes/functions_user.php | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index 6fd87db663..72331a73c6 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -388,7 +388,7 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx); $upload = new fileupload(); - if ($config['check_attachment_content']) + if ($config['check_attachment_content'] && isset($config['mime_triggers'])) { $upload->set_disallowed_content(explode('|', $config['mime_triggers'])); } diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index 7f09cc1640..d5bbd80242 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -458,7 +458,7 @@ class fileerror extends filespec class fileupload { var $allowed_extensions = array(); - var $disallowed_content = array(); + var $disallowed_content = array('body', 'head', 'html', 'img', 'plaintext', 'a href', 'pre', 'script', 'table', 'title'); var $max_filesize = 0; var $min_width = 0; var $min_height = 0; @@ -539,7 +539,7 @@ class fileupload { if ($disallowed_content !== false && is_array($disallowed_content)) { - $this->disallowed_content = $disallowed_content; + $this->disallowed_content = array_diff($disallowed_content, array('')); } } diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index f2c80705ba..90341cd926 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -2080,7 +2080,7 @@ function avatar_upload($data, &$error) // Init upload class include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx); - $upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], explode('|', $config['mime_triggers'])); + $upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], (isset($config['mime_triggers']) ? explode('|', $config['mime_triggers']) : false)); if (!empty($_FILES['uploadfile']['name'])) { -- cgit v1.2.1 From 87aa611a8e4b944ad3ba2cde1d3256570c5f45af Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Thu, 11 Nov 2010 11:49:17 +0100 Subject: [develop-olympus] Incrementing the version number to 3.0.9-dev. --- phpBB/includes/constants.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index a4635895b0..90440f74b8 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -25,7 +25,7 @@ if (!defined('IN_PHPBB')) */ // phpBB Version -define('PHPBB_VERSION', '3.0.8-RC1'); +define('PHPBB_VERSION', '3.0.9-dev'); // QA-related // define('PHPBB_QA', 1); @@ -275,4 +275,4 @@ define('ZEBRA_TABLE', $table_prefix . 'zebra'); // Additional tables -?> \ No newline at end of file +?> -- cgit v1.2.1 From 396af3853fc2d86b255db0f71e56a9f880ee2509 Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Thu, 11 Nov 2010 12:07:45 +0100 Subject: [develop-olympus] Remove accidentally added trailing newlines. --- phpBB/includes/constants.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index 90440f74b8..2b19aa185d 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -275,4 +275,4 @@ define('ZEBRA_TABLE', $table_prefix . 'zebra'); // Additional tables -?> +?> \ No newline at end of file -- cgit v1.2.1 From 217e77d16be62baf6d9a43c311d5b52d700cfa52 Mon Sep 17 00:00:00 2001 From: Igor Wiedler Date: Sun, 21 Nov 2010 23:18:09 +0100 Subject: [ticket/9910] Make sure S_BBCODE_ALLOWED exists when viewing PMs PHPBB3-9910 --- phpBB/includes/ucp/ucp_pm_viewmessage.php | 3 +++ 1 file changed, 3 insertions(+) (limited to 'phpBB/includes') diff --git a/phpBB/includes/ucp/ucp_pm_viewmessage.php b/phpBB/includes/ucp/ucp_pm_viewmessage.php index 16700c490c..b91636a9c8 100644 --- a/phpBB/includes/ucp/ucp_pm_viewmessage.php +++ b/phpBB/includes/ucp/ucp_pm_viewmessage.php @@ -172,6 +172,8 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) // Number of "to" recipients $num_recipients = (int) preg_match_all('/:?(u|g)_([0-9]+):?/', $message_row['to_address'], $match); + $bbcode_status = ($config['allow_bbcode'] && $config['auth_bbcode_pm'] && $auth->acl_get('u_pm_bbcode')) ? true : false; + $template->assign_vars(array( 'MESSAGE_AUTHOR_FULL' => get_username_string('full', $author_id, $user_info['username'], $user_info['user_colour'], $user_info['username']), 'MESSAGE_AUTHOR_COLOUR' => get_username_string('colour', $author_id, $user_info['username'], $user_info['user_colour'], $user_info['username']), @@ -229,6 +231,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) 'S_AUTHOR_DELETED' => ($author_id == ANONYMOUS) ? true : false, 'S_SPECIAL_FOLDER' => in_array($folder_id, array(PRIVMSGS_NO_BOX, PRIVMSGS_OUTBOX)), 'S_PM_RECIPIENTS' => $num_recipients, + 'S_BBCODE_ALLOWED' => ($bbcode_status) ? 1 : 0, 'U_PRINT_PM' => ($config['print_pm'] && $auth->acl_get('u_pm_printpm')) ? "$url&f=$folder_id&p=" . $message_row['msg_id'] . "&view=print" : '', 'U_FORWARD_PM' => ($config['forward_pm'] && $auth->acl_get('u_sendpm') && $auth->acl_get('u_pm_forward')) ? "$url&mode=compose&action=forward&f=$folder_id&p=" . $message_row['msg_id'] : '') -- cgit v1.2.1 From 053cf790a93e9cfb521f484901d79c72783f868f Mon Sep 17 00:00:00 2001 From: Igor Wiedler Date: Tue, 23 Nov 2010 16:09:09 +0100 Subject: [ticket/9924] Pass template instance into $template->display hook PHPBB3-9924 --- phpBB/includes/template.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/template.php b/phpBB/includes/template.php index f1c8094a9b..6347633b14 100644 --- a/phpBB/includes/template.php +++ b/phpBB/includes/template.php @@ -205,7 +205,7 @@ class template { global $user, $phpbb_hook; - if (!empty($phpbb_hook) && $phpbb_hook->call_hook(array(__CLASS__, __FUNCTION__), $handle, $include_once)) + if (!empty($phpbb_hook) && $phpbb_hook->call_hook(array(__CLASS__, __FUNCTION__), $handle, $include_once, $this)) { if ($phpbb_hook->hook_return(array(__CLASS__, __FUNCTION__))) { -- cgit v1.2.1 From 5ec1c887959be5629c8a4c712b152d58058929a8 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Thu, 25 Nov 2010 23:29:12 +0100 Subject: [ticket/9930] Redirect failes with open_basedir enabled. Open_basedir does not allow file_exists() for "." and directories without a trayling-slash. Therefor we must append it on the check. PHPBB3-9930 --- phpBB/includes/functions.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 561a9906c4..c7f19b709d 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2353,12 +2353,12 @@ function redirect($url, $return = false, $disable_cd_check = false) // Relative uri $pathinfo = pathinfo($url); - if (!$disable_cd_check && !file_exists($pathinfo['dirname'])) + if (!$disable_cd_check && !file_exists($pathinfo['dirname'] . '/')) { $url = str_replace('../', '', $url); $pathinfo = pathinfo($url); - if (!file_exists($pathinfo['dirname'])) + if (!file_exists($pathinfo['dirname'] . '/')) { // fallback to "last known user page" // at least this way we know the user does not leave the phpBB root -- cgit v1.2.1 From 23765fa6684ab8a4764ce944ac0469d2973eb12f Mon Sep 17 00:00:00 2001 From: Richard Foote Date: Sun, 28 Nov 2010 13:32:35 +0100 Subject: [ticket/9932] Add the Bing bot when converting PHPBB3-9932 --- phpBB/includes/functions_convert.php | 1 + 1 file changed, 1 insertion(+) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions_convert.php b/phpBB/includes/functions_convert.php index 9e26043b39..4a359dcade 100644 --- a/phpBB/includes/functions_convert.php +++ b/phpBB/includes/functions_convert.php @@ -1816,6 +1816,7 @@ function add_bots() 'Alta Vista [Bot]' => array('Scooter/', ''), 'Ask Jeeves [Bot]' => array('Ask Jeeves', ''), 'Baidu [Spider]' => array('Baiduspider+(', ''), + 'Bing [Bot]' => array('bingbot/', ''), 'Exabot [Bot]' => array('Exabot/', ''), 'FAST Enterprise [Crawler]' => array('FAST Enterprise Crawler', ''), 'FAST WebCrawler [Crawler]' => array('FAST-WebCrawler/', ''), -- cgit v1.2.1 From d7287ec633577886e5f92543c2a610d4aaa93d53 Mon Sep 17 00:00:00 2001 From: ChrisTX Date: Sun, 21 Nov 2010 23:02:56 +0100 Subject: [feature/acm-wincache] Adding caching module for WinCache's User Cache. PHPBB3-9942 --- phpBB/includes/acm/acm_wincache.php | 84 +++++++++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100644 phpBB/includes/acm/acm_wincache.php (limited to 'phpBB/includes') diff --git a/phpBB/includes/acm/acm_wincache.php b/phpBB/includes/acm/acm_wincache.php new file mode 100644 index 0000000000..0501ab74c5 --- /dev/null +++ b/phpBB/includes/acm/acm_wincache.php @@ -0,0 +1,84 @@ +key_prefix . $var, $success); + + return ($success) ? $result : false; + } + + /** + * Store data in the cache + * + * @access protected + * @param string $var Cache key + * @param mixed $data Data to store + * @param int $ttl Time-to-live of cached data + * @return bool True if the operation succeeded + */ + function _write($var, $data, $ttl = 2592000) + { + return wincache_ucache_set($this->key_prefix . $var, $data, $ttl); + } + + /** + * Remove an item from the cache + * + * @access protected + * @param string $var Cache key + * @return bool True if the operation succeeded + */ + function _delete($var) + { + return wincache_ucache_delete($this->key_prefix . $var); + } +} -- cgit v1.2.1 From 3f27cb2ea78dd571591db6d0886395f313c9fe5e Mon Sep 17 00:00:00 2001 From: RMcGirr83 Date: Mon, 20 Dec 2010 07:58:37 -0500 Subject: [ticket/9937] The feed icon displays on External links...which we don't want PHPBB3-9937 --- phpBB/includes/functions_display.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php index 2de7e1b169..7989b74c55 100644 --- a/phpBB/includes/functions_display.php +++ b/phpBB/includes/functions_display.php @@ -456,7 +456,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod 'S_LOCKED_FORUM' => ($row['forum_status'] == ITEM_LOCKED) ? true : false, 'S_LIST_SUBFORUMS' => ($row['display_subforum_list']) ? true : false, 'S_SUBFORUMS' => (sizeof($subforums_list)) ? true : false, - 'S_FEED_ENABLED' => ($config['feed_forum'] && !phpbb_optionget(FORUM_OPTION_FEED_EXCLUDE, $row['forum_options'])) ? true : false, + 'S_FEED_ENABLED' => ($config['feed_forum'] && !phpbb_optionget(FORUM_OPTION_FEED_EXCLUDE, $row['forum_options']) && $row['forum_type'] != FORUM_LINK) ? true : false, 'FORUM_ID' => $row['forum_id'], 'FORUM_NAME' => $row['forum_name'], -- cgit v1.2.1 From cdbb609c2002cc5db5953bc89d46696aa9bdd069 Mon Sep 17 00:00:00 2001 From: Igor Wiedler Date: Tue, 21 Dec 2010 22:44:10 +0100 Subject: [ticket/9937] Make sure feed icon only shows for FORUM_POST This is cleaner, since feed.php only supports FORUM_POST. PHPBB3-9937 --- phpBB/includes/functions_display.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php index 7989b74c55..acaef49fe8 100644 --- a/phpBB/includes/functions_display.php +++ b/phpBB/includes/functions_display.php @@ -456,7 +456,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod 'S_LOCKED_FORUM' => ($row['forum_status'] == ITEM_LOCKED) ? true : false, 'S_LIST_SUBFORUMS' => ($row['display_subforum_list']) ? true : false, 'S_SUBFORUMS' => (sizeof($subforums_list)) ? true : false, - 'S_FEED_ENABLED' => ($config['feed_forum'] && !phpbb_optionget(FORUM_OPTION_FEED_EXCLUDE, $row['forum_options']) && $row['forum_type'] != FORUM_LINK) ? true : false, + 'S_FEED_ENABLED' => ($config['feed_forum'] && !phpbb_optionget(FORUM_OPTION_FEED_EXCLUDE, $row['forum_options']) && $row['forum_type'] == FORUM_POST) ? true : false, 'FORUM_ID' => $row['forum_id'], 'FORUM_NAME' => $row['forum_name'], -- cgit v1.2.1 From 9a25e4ad8956f46fa41a6057a8af53f2955fb532 Mon Sep 17 00:00:00 2001 From: rxu Date: Tue, 4 Jan 2011 11:54:10 +0700 Subject: [ticket/9933] Wrong handling consecutive multiple asterisks in word censor Fix consecutive asterisks issue in word censor. PHPBB3-9933 --- phpBB/includes/acp/acp_words.php | 3 +++ phpBB/includes/cache.php | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_words.php b/phpBB/includes/acp/acp_words.php index 1cb9545967..88c5bbe592 100644 --- a/phpBB/includes/acp/acp_words.php +++ b/phpBB/includes/acp/acp_words.php @@ -95,6 +95,9 @@ class acp_words trigger_error($user->lang['ENTER_WORD'] . adm_back_link($this->u_action), E_USER_WARNING); } + // Replace multiple consecutive asterisks with single one as those are not needed + $word = preg_replace('#\*{2,}#', '*', $word); + $sql_ary = array( 'word' => $word, 'replacement' => $replacement diff --git a/phpBB/includes/cache.php b/phpBB/includes/cache.php index b50fab4ca2..9b90483b50 100644 --- a/phpBB/includes/cache.php +++ b/phpBB/includes/cache.php @@ -90,9 +90,9 @@ class cache extends acm { // Unescape the asterisk to simplify further conversions $row['word'] = str_replace('\*', '*', preg_quote($row['word'], '#')); - + // Replace the asterisk inside the pattern, at the start and at the end of it with regexes - $row['word'] = preg_replace(array('#(?<=[\p{Nd}\p{L}_])\*(?=[\p{Nd}\p{L}_])#iu', '#^\*#', '#\*$#'), array('([\x20]*?|[\p{Nd}\p{L}_-]*?)', '[\p{Nd}\p{L}_-]*?', '[\p{Nd}\p{L}_-]*?'), $row['word']); + $row['word'] = preg_replace(array('#(?<=[\p{Nd}\p{L}_])\*+(?=[\p{Nd}\p{L}_])#iu', '#^\*+#', '#\*+$#'), array('([\x20]*?|[\p{Nd}\p{L}_-]*?)', '[\p{Nd}\p{L}_-]*?', '[\p{Nd}\p{L}_-]*?'), $row['word']); // Generate the final substitution $censors['match'][] = '#(? Date: Wed, 5 Jan 2011 21:13:33 +0700 Subject: [ticket/9933] Move word censor regex into separate function in functions.php PHPBB3-9933 --- phpBB/includes/cache.php | 19 +------------------ phpBB/includes/functions.php | 42 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 43 insertions(+), 18 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/cache.php b/phpBB/includes/cache.php index 9b90483b50..612adcca4f 100644 --- a/phpBB/includes/cache.php +++ b/phpBB/includes/cache.php @@ -82,26 +82,9 @@ class cache extends acm $result = $db->sql_query($sql); $censors = array(); - $unicode = ((version_compare(PHP_VERSION, '5.1.0', '>=') || (version_compare(PHP_VERSION, '5.0.0-dev', '<=') && version_compare(PHP_VERSION, '4.4.0', '>='))) && @preg_match('/\p{L}/u', 'a') !== false) ? true : false; - while ($row = $db->sql_fetchrow($result)) { - if ($unicode) - { - // Unescape the asterisk to simplify further conversions - $row['word'] = str_replace('\*', '*', preg_quote($row['word'], '#')); - - // Replace the asterisk inside the pattern, at the start and at the end of it with regexes - $row['word'] = preg_replace(array('#(?<=[\p{Nd}\p{L}_])\*+(?=[\p{Nd}\p{L}_])#iu', '#^\*+#', '#\*+$#'), array('([\x20]*?|[\p{Nd}\p{L}_-]*?)', '[\p{Nd}\p{L}_-]*?', '[\p{Nd}\p{L}_-]*?'), $row['word']); - - // Generate the final substitution - $censors['match'][] = '#(?sql_freeresult($result); diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index c7f19b709d..69be1627cf 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -3428,6 +3428,48 @@ function get_preg_expression($mode) return ''; } +/** +* Generate regexp for naughty words censoring +* Depends on whether installed PHP version supports unicode properties +* +* @param string $word word template to be replaced +* +* @return string $preg_expr regex to use with word censor +*/ +function get_censor_preg_expression($word) +{ + static $unicode = null; + + if (empty($word)) + { + return ''; + } + + // Check whether PHP version supports unicode properties + if (is_null($unicode)) + { + $unicode = ((version_compare(PHP_VERSION, '5.1.0', '>=') || (version_compare(PHP_VERSION, '5.0.0-dev', '<=') && version_compare(PHP_VERSION, '4.4.0', '>='))) && @preg_match('/\p{L}/u', 'a') !== false) ? true : false; + } + + if ($unicode) + { + // Unescape the asterisk to simplify further conversions + $word = str_replace('\*', '*', preg_quote($word, '#')); + + // Replace asterisk(s) inside the pattern, at the start and at the end of it with regexes + $word = preg_replace(array('#(?<=[\p{Nd}\p{L}_])\*+(?=[\p{Nd}\p{L}_])#iu', '#^\*+#', '#\*+$#'), array('([\x20]*?|[\p{Nd}\p{L}_-]*?)', '[\p{Nd}\p{L}_-]*?', '[\p{Nd}\p{L}_-]*?'), $word); + + // Generate the final substitution + $preg_expr = '#(? Date: Sun, 16 Jan 2011 17:27:08 +0100 Subject: [ticket/9859] Remove years in credit line from some more files. Standard HTML output now includes: Powered by phpBB © phpBB Group Print output now includes: Powered by phpBB © phpBB Group
http://www.phpbb.com/ This also fixes an inconsistency where "phpBB Group" was linked instead of "phpBB". PHPBB3-9859 --- phpBB/includes/db/dbal.php | 2 +- phpBB/includes/functions.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/db/dbal.php b/phpBB/includes/db/dbal.php index eeddf1f41b..5d8d5fbd47 100644 --- a/phpBB/includes/db/dbal.php +++ b/phpBB/includes/db/dbal.php @@ -767,7 +767,7 @@ class dbal
- Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group + Powered by phpBB © phpBB Group
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 69be1627cf..5def593bd6 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -3834,7 +3834,7 @@ function msg_handler($errno, $msg_text, $errfile, $errline) echo ' '; echo ' '; echo '
'; - echo ' Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group'; + echo ' Powered by phpBB © phpBB Group'; echo '
'; echo ''; echo ''; -- cgit v1.2.1 From 8c1866bc0c1ac4a3b58edfaf3f3914361deb1fab Mon Sep 17 00:00:00 2001 From: rxu Date: Sat, 8 Jan 2011 12:11:02 +0700 Subject: [ticket/9933] Adjust word censor regex for non-unicode mode. PHPBB3-9933 --- phpBB/includes/functions.php | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 69be1627cf..20d9d4e0f5 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -3451,11 +3451,11 @@ function get_censor_preg_expression($word) $unicode = ((version_compare(PHP_VERSION, '5.1.0', '>=') || (version_compare(PHP_VERSION, '5.0.0-dev', '<=') && version_compare(PHP_VERSION, '4.4.0', '>='))) && @preg_match('/\p{L}/u', 'a') !== false) ? true : false; } + // Unescape the asterisk to simplify further conversions + $word = str_replace('\*', '*', preg_quote($word, '#')); + if ($unicode) { - // Unescape the asterisk to simplify further conversions - $word = str_replace('\*', '*', preg_quote($word, '#')); - // Replace asterisk(s) inside the pattern, at the start and at the end of it with regexes $word = preg_replace(array('#(?<=[\p{Nd}\p{L}_])\*+(?=[\p{Nd}\p{L}_])#iu', '#^\*+#', '#\*+$#'), array('([\x20]*?|[\p{Nd}\p{L}_-]*?)', '[\p{Nd}\p{L}_-]*?', '[\p{Nd}\p{L}_-]*?'), $word); @@ -3464,7 +3464,11 @@ function get_censor_preg_expression($word) } else { - $preg_expr = '#(? Date: Sun, 16 Jan 2011 20:03:08 +0100 Subject: [ticket/9933] Add $use_unicode parameter to get_censor_preg_expression(). Rename $unicode to $unicode_support, pass in $use_unicode defaulting to true. In unit tests we can now pass in $use_unicode as false and also test the code path that is taken when PCRE does not support unicode. PHPBB3-9933 --- phpBB/includes/functions.php | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 20d9d4e0f5..1bcbfd2a83 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -3432,13 +3432,14 @@ function get_preg_expression($mode) * Generate regexp for naughty words censoring * Depends on whether installed PHP version supports unicode properties * -* @param string $word word template to be replaced +* @param string $word word template to be replaced +* @param bool $use_unicode whether or not to take advantage of PCRE supporting unicode * * @return string $preg_expr regex to use with word censor */ -function get_censor_preg_expression($word) +function get_censor_preg_expression($word, $use_unicode = true) { - static $unicode = null; + static $unicode_support = null; if (empty($word)) { @@ -3446,15 +3447,15 @@ function get_censor_preg_expression($word) } // Check whether PHP version supports unicode properties - if (is_null($unicode)) + if (is_null($unicode_support)) { - $unicode = ((version_compare(PHP_VERSION, '5.1.0', '>=') || (version_compare(PHP_VERSION, '5.0.0-dev', '<=') && version_compare(PHP_VERSION, '4.4.0', '>='))) && @preg_match('/\p{L}/u', 'a') !== false) ? true : false; + $unicode_support = ((version_compare(PHP_VERSION, '5.1.0', '>=') || (version_compare(PHP_VERSION, '5.0.0-dev', '<=') && version_compare(PHP_VERSION, '4.4.0', '>='))) && @preg_match('/\p{L}/u', 'a') !== false) ? true : false; } // Unescape the asterisk to simplify further conversions $word = str_replace('\*', '*', preg_quote($word, '#')); - if ($unicode) + if ($use_unicode && $unicode_support) { // Replace asterisk(s) inside the pattern, at the start and at the end of it with regexes $word = preg_replace(array('#(?<=[\p{Nd}\p{L}_])\*+(?=[\p{Nd}\p{L}_])#iu', '#^\*+#', '#\*+$#'), array('([\x20]*?|[\p{Nd}\p{L}_-]*?)', '[\p{Nd}\p{L}_-]*?', '[\p{Nd}\p{L}_-]*?'), $word); -- cgit v1.2.1 From 2b37a4fe56f86430733fd5757f6c8a4907f51a3f Mon Sep 17 00:00:00 2001 From: rxu Date: Sun, 16 Jan 2011 20:14:35 +0100 Subject: [ticket/9933] Remove empty word check. PHPBB3-9933 --- phpBB/includes/functions.php | 5 ----- 1 file changed, 5 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 1bcbfd2a83..8697a0a472 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -3441,11 +3441,6 @@ function get_censor_preg_expression($word, $use_unicode = true) { static $unicode_support = null; - if (empty($word)) - { - return ''; - } - // Check whether PHP version supports unicode properties if (is_null($unicode_support)) { -- cgit v1.2.1 From ab9d4b3b638ca02d026dc23574a88d510e5d2291 Mon Sep 17 00:00:00 2001 From: rxu Date: Mon, 24 Jan 2011 00:01:18 +0700 Subject: [ticket/8779] Slow search for 'View unread posts' Adjust SQL query to speedup search for unread posts (thanks naderman). PHPBB3-8779 --- phpBB/includes/functions.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 65b9f22d12..9a8cc5d6b3 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1698,7 +1698,7 @@ function get_unread_topics($user_id = false, $sql_extra = '', $sql_sort = '', $s if ($config['load_db_lastread'] && $user->data['is_registered']) { // Get list of the unread topics - $last_mark = $user->data['user_lastmark']; + $last_mark = (int) $user->data['user_lastmark']; $sql_array = array( 'SELECT' => 't.topic_id, t.topic_last_post_time, tt.mark_time as topic_mark_time, ft.mark_time as forum_mark_time', @@ -1717,10 +1717,11 @@ function get_unread_topics($user_id = false, $sql_extra = '', $sql_sort = '', $s ), 'WHERE' => " + t.topic_last_post_time > $last_mark AND ( (tt.mark_time IS NOT NULL AND t.topic_last_post_time > tt.mark_time) OR (tt.mark_time IS NULL AND ft.mark_time IS NOT NULL AND t.topic_last_post_time > ft.mark_time) OR - (tt.mark_time IS NULL AND ft.mark_time IS NULL AND t.topic_last_post_time > $last_mark) + (tt.mark_time IS NULL AND ft.mark_time IS NULL) ) $sql_extra $sql_sort", -- cgit v1.2.1 From 5e97dd74c7a84869ac6f3b1bcd91122be8fddb50 Mon Sep 17 00:00:00 2001 From: Oleg Pudeyev Date: Thu, 27 Jan 2011 23:19:09 -0500 Subject: [ticket/10014] Clearly indicate fatal errors in file acm. If acm_file cannot open the cache file for writing, it prints a message to that effect and calls die(). The message itself does not indicate that it is a fatal error, and someone seeing the message might expect that inability to write to cache is not fatal. Make it clear that the error is fatal by printing the word "Fatal" before the message. PHPBB3-10014 --- phpBB/includes/acm/acm_file.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acm/acm_file.php b/phpBB/includes/acm/acm_file.php index 5c1876d006..524a28561e 100644 --- a/phpBB/includes/acm/acm_file.php +++ b/phpBB/includes/acm/acm_file.php @@ -88,11 +88,11 @@ class acm if (!phpbb_is_writable($this->cache_dir)) { // We need to use die() here, because else we may encounter an infinite loop (the message handler calls $cache->unload()) - die($this->cache_dir . ' is NOT writable.'); + die('Fatal: ' . $this->cache_dir . ' is NOT writable.'); exit; } - die('Not able to open ' . $this->cache_dir . 'data_global.' . $phpEx); + die('Fatal: Not able to open ' . $this->cache_dir . 'data_global.' . $phpEx); exit; } -- cgit v1.2.1 From 56c202127c1eb66029c461c946a36ba1a0158474 Mon Sep 17 00:00:00 2001 From: Oleg Pudeyev Date: Fri, 28 Jan 2011 21:06:49 -0500 Subject: [ticket/10016] Fixed varchar to decimal cast on postgresql 7.x. PHPBB3-10016 --- phpBB/includes/functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 9a8cc5d6b3..7632d8790d 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -176,7 +176,7 @@ function set_config_count($config_name, $increment, $is_dynamic = false) { case 'firebird': case 'postgres': - $sql_update = 'CAST(CAST(config_value as DECIMAL(255, 0)) + ' . (int) $increment . ' as VARCHAR(255))'; + $sql_update = 'CAST(CAST(config_value::text as DECIMAL(255, 0)) + ' . (int) $increment . ' as VARCHAR(255))'; break; // MySQL, SQlite, mssql, mssql_odbc, oracle -- cgit v1.2.1 From 72fbd4dffaf35df9740aad558bd8075581492c8b Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Sat, 29 Jan 2011 17:08:20 +0100 Subject: [ticket/9966] Language download in ACP creates index.html and misses captcha_* The language pack download page includes index.html files instead of index.htm. It also does not include the new captcha_*.php files which are included since 3.0.6. PHPBB3-9966 --- phpBB/includes/acp/acp_language.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_language.php b/phpBB/includes/acp/acp_language.php index c2cb2f9c11..598b390302 100644 --- a/phpBB/includes/acp/acp_language.php +++ b/phpBB/includes/acp/acp_language.php @@ -1055,14 +1055,14 @@ class acp_language $iso_src .= htmlspecialchars_decode($row['lang_author']); $compress->add_data($iso_src, 'language/' . $row['lang_iso'] . '/iso.txt'); - // index.html files - $compress->add_data('', 'language/' . $row['lang_iso'] . '/index.html'); - $compress->add_data('', 'language/' . $row['lang_iso'] . '/email/index.html'); - $compress->add_data('', 'language/' . $row['lang_iso'] . '/acp/index.html'); + // index.htm files + $compress->add_data('', 'language/' . $row['lang_iso'] . '/index.htm'); + $compress->add_data('', 'language/' . $row['lang_iso'] . '/email/index.htm'); + $compress->add_data('', 'language/' . $row['lang_iso'] . '/acp/index.htm'); if (sizeof($mod_files)) { - $compress->add_data('', 'language/' . $row['lang_iso'] . '/mods/index.html'); + $compress->add_data('', 'language/' . $row['lang_iso'] . '/mods/index.htm'); } $compress->close(); @@ -1217,7 +1217,7 @@ $lang = array_merge($lang, array( '; // Language files in language root directory - $this->main_files = array("common.$phpEx", "groups.$phpEx", "install.$phpEx", "mcp.$phpEx", "memberlist.$phpEx", "posting.$phpEx", "search.$phpEx", "ucp.$phpEx", "viewforum.$phpEx", "viewtopic.$phpEx", "help_bbcode.$phpEx", "help_faq.$phpEx"); + $this->main_files = array("captcha_qa.$phpEx", "captcha_recaptcha.$phpEx", "common.$phpEx", "groups.$phpEx", "install.$phpEx", "mcp.$phpEx", "memberlist.$phpEx", "posting.$phpEx", "search.$phpEx", "ucp.$phpEx", "viewforum.$phpEx", "viewtopic.$phpEx", "help_bbcode.$phpEx", "help_faq.$phpEx"); } /** -- cgit v1.2.1 From 92f99c97f41cd090743b4ba4e6048bf6b948115b Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Sat, 29 Jan 2011 17:22:55 +0100 Subject: [ticket/9949] $user->lang() uses last int-value to get the key not first The comment in the code says: "We now get the first number passed and will select the key based upon this number". But the loop over the arguments is not left and therefore it uses the last int-value not the first one. PHPBB3-9949 --- phpBB/includes/session.php | 1 + 1 file changed, 1 insertion(+) (limited to 'phpBB/includes') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 5f5b39fe27..1dc854caf2 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -1966,6 +1966,7 @@ class user extends session $key_found = $num; } + break; } } -- cgit v1.2.1 From b32bf5aa35be3d5d77fc3ee7be418a988bc10d44 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Sat, 29 Jan 2011 16:24:32 +0100 Subject: [ticket/9985] 3D Wave CAPTCHA: Pass min/max in the correct order to mt_rand(). PHPBB3-9985 --- phpBB/includes/captcha/captcha_gd_wave.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/captcha/captcha_gd_wave.php b/phpBB/includes/captcha/captcha_gd_wave.php index f706c98d43..27422513d9 100644 --- a/phpBB/includes/captcha/captcha_gd_wave.php +++ b/phpBB/includes/captcha/captcha_gd_wave.php @@ -62,8 +62,8 @@ class captcha 'y' => mt_rand(10, 17) ), 'lower_left' => array( - 'x' => mt_rand($img_x - 5, $img_x - 45), - 'y' => mt_rand($img_y - 0, $img_y - 15) + 'x' => mt_rand($img_x - 45, $img_x - 5), + 'y' => mt_rand($img_y - 15, $img_y - 0), ), ); -- cgit v1.2.1 From ffcd307746af6a578fe771c31c306feb9d393e9c Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Tue, 14 Sep 2010 17:25:46 +0200 Subject: [ticket/9675] Add option to delete template/theme/imageset when deleting style. PHPBB3-9675 --- phpBB/includes/acp/acp_styles.php | 104 +++++++++++++++++++++++++++++++++++++- 1 file changed, 103 insertions(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php index 2ccc728031..d9565214db 100644 --- a/phpBB/includes/acp/acp_styles.php +++ b/phpBB/includes/acp/acp_styles.php @@ -1587,7 +1587,7 @@ parse_css_file = {PARSE_CSS_FILE} { case 'style': $sql_from = STYLES_TABLE; - $sql_select = 'style_name'; + $sql_select = 'style_name, template_id, theme_id, imageset_id'; $sql_where = 'AND style_active = 1'; break; @@ -1678,6 +1678,51 @@ parse_css_file = {PARSE_CSS_FILE} { set_config('default_style', $new_id); } + + // Remove the components + $components = array('template', 'theme', 'imageset'); + foreach ($components as $component) + { + $new_id = request_var('new_' . $component . '_id', 0); + $style_id = $style_row[$component . '_id']; + + if (($new_id == 0) || ($component === 'template' && ($conflicts = $this->check_inheritance($component, $style_id)))) + { + // We can not delete the template, as the selected one is inheriting from this one. + continue; + } + + if ($component == 'imageset') + { + $sql = 'DELETE FROM ' . STYLES_IMAGESET_DATA_TABLE . " + WHERE imageset_id = $style_id"; + $db->sql_query($sql); + } + + switch ($component) + { + case 'template': + $sql_from = STYLES_TEMPLATE_TABLE; + break; + + case 'theme': + $sql_from = STYLES_THEME_TABLE; + break; + + case 'imageset': + $sql_from = STYLES_IMAGESET_TABLE;; + break; + } + + $sql = "DELETE FROM $sql_from + WHERE {$component}_id = $style_id"; + $db->sql_query($sql); + + $sql = 'UPDATE ' . STYLES_TABLE . " + SET {$component}_id = $new_id + WHERE {$component}_id = $style_id"; + $db->sql_query($sql); + } } else { @@ -1718,6 +1763,63 @@ parse_css_file = {PARSE_CSS_FILE} 'NAME' => $style_row[$mode . '_name'], ) ); + + if ($mode == 'style') + { + $template->assign_vars(array( + 'S_DELETE_STYLE' => true, + )); + + $components = array('template', 'theme', 'imageset'); + foreach ($components as $mode) + { + $sql_where = ''; + switch ($mode) + { + case 'template': + $sql_from = STYLES_TEMPLATE_TABLE; + $sql_select = 'template_name, template_path, template_storedb'; + $sql_where = ' AND template_inherits_id <> ' . $style_row[$mode . '_id']; + break; + + case 'theme': + $sql_from = STYLES_THEME_TABLE; + $sql_select = 'theme_name, theme_path, theme_storedb'; + break; + + case 'imageset': + $sql_from = STYLES_IMAGESET_TABLE; + $sql_select = 'imageset_name, imageset_path'; + break; + } + + $sql = "SELECT {$mode}_id, {$mode}_name + FROM $sql_from + WHERE {$mode}_id <> {$style_row[$mode . '_id']} + $sql_where + ORDER BY {$mode}_name ASC"; + $result = $db->sql_query($sql); + + $s_options = ''; + + $set_default = true; + while ($row = $db->sql_fetchrow($result)) + { + if ($set_default) + { + $s_options .= ''; + $set_default = false; + } + else + { + $s_options .= ''; + } + } + $db->sql_freeresult($result); + + $template->assign_var('S_REPLACE_' . strtoupper($mode) . '_OPTIONS', $s_options); + } + } } /** -- cgit v1.2.1 From 0e02f5cb0b7f615f1eadd6606a89bfd1b28f0d0d Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Thu, 27 Jan 2011 13:30:59 +0100 Subject: [ticket/9675] Put the code into methods to avoid code duplication. PHPBB3-9675 --- phpBB/includes/acp/acp_styles.php | 272 +++++++++++++++++++++----------------- 1 file changed, 154 insertions(+), 118 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php index d9565214db..2e2807c8cb 100644 --- a/phpBB/includes/acp/acp_styles.php +++ b/phpBB/includes/acp/acp_styles.php @@ -1587,23 +1587,23 @@ parse_css_file = {PARSE_CSS_FILE} { case 'style': $sql_from = STYLES_TABLE; - $sql_select = 'style_name, template_id, theme_id, imageset_id'; + $sql_select = 'style_id, style_name, template_id, theme_id, imageset_id'; $sql_where = 'AND style_active = 1'; break; case 'template': $sql_from = STYLES_TEMPLATE_TABLE; - $sql_select = 'template_name, template_path, template_storedb'; + $sql_select = 'template_id, template_name, template_path, template_storedb'; break; case 'theme': $sql_from = STYLES_THEME_TABLE; - $sql_select = 'theme_name, theme_path, theme_storedb'; + $sql_select = 'theme_id, theme_name, theme_path, theme_storedb'; break; case 'imageset': $sql_from = STYLES_IMAGESET_TABLE; - $sql_select = 'imageset_name, imageset_path'; + $sql_select = 'imageset_id, imageset_name, imageset_path'; break; } @@ -1633,37 +1633,14 @@ parse_css_file = {PARSE_CSS_FILE} trigger_error($user->lang['NO_' . $l_prefix] . adm_back_link($this->u_action), E_USER_WARNING); } - $sql = "SELECT {$mode}_id, {$mode}_name - FROM $sql_from - WHERE {$mode}_id <> $style_id - $sql_where - ORDER BY {$mode}_name ASC"; - $result = $db->sql_query($sql); - - $s_options = ''; - - if ($row = $db->sql_fetchrow($result)) - { - do - { - $s_options .= ''; - } - while ($row = $db->sql_fetchrow($result)); - } - else - { - trigger_error($user->lang['ONLY_' . $l_prefix] . adm_back_link($this->u_action), E_USER_WARNING); - } - $db->sql_freeresult($result); - if ($update) { - $sql = "DELETE FROM $sql_from - WHERE {$mode}_id = $style_id"; - $db->sql_query($sql); - if ($mode == 'style') { + $sql = "DELETE FROM $sql_from + WHERE {$mode}_id = $style_id"; + $db->sql_query($sql); + $sql = 'UPDATE ' . USERS_TABLE . " SET user_style = $new_id WHERE user_style = $style_id"; @@ -1684,58 +1661,13 @@ parse_css_file = {PARSE_CSS_FILE} foreach ($components as $component) { $new_id = request_var('new_' . $component . '_id', 0); - $style_id = $style_row[$component . '_id']; - - if (($new_id == 0) || ($component === 'template' && ($conflicts = $this->check_inheritance($component, $style_id)))) - { - // We can not delete the template, as the selected one is inheriting from this one. - continue; - } - - if ($component == 'imageset') - { - $sql = 'DELETE FROM ' . STYLES_IMAGESET_DATA_TABLE . " - WHERE imageset_id = $style_id"; - $db->sql_query($sql); - } - - switch ($component) - { - case 'template': - $sql_from = STYLES_TEMPLATE_TABLE; - break; - - case 'theme': - $sql_from = STYLES_THEME_TABLE; - break; - - case 'imageset': - $sql_from = STYLES_IMAGESET_TABLE;; - break; - } - - $sql = "DELETE FROM $sql_from - WHERE {$component}_id = $style_id"; - $db->sql_query($sql); - - $sql = 'UPDATE ' . STYLES_TABLE . " - SET {$component}_id = $new_id - WHERE {$component}_id = $style_id"; - $db->sql_query($sql); + $component_id = $style_row[$component . '_id']; + $this->remove_component($component, $component_id, $new_id); } } else { - if ($mode == 'imageset') - { - $sql = 'DELETE FROM ' . STYLES_IMAGESET_DATA_TABLE . " - WHERE imageset_id = $style_id"; - $db->sql_query($sql); - } - $sql = 'UPDATE ' . STYLES_TABLE . " - SET {$mode}_id = $new_id - WHERE {$mode}_id = $style_id"; - $db->sql_query($sql); + $this->remove_component($mode, $style_id, $new_id); } $cache->destroy('sql', STYLES_TABLE); @@ -1745,11 +1677,12 @@ parse_css_file = {PARSE_CSS_FILE} trigger_error($user->lang[$message] . adm_back_link($this->u_action)); } + $this->display_component_options($mode, $style_row[$mode . '_id'], $style_row); + $this->page_title = 'DELETE_' . $l_prefix; $template->assign_vars(array( 'S_DELETE' => true, - 'S_REPLACE_OPTIONS' => $s_options, 'L_TITLE' => $user->lang[$this->page_title], 'L_EXPLAIN' => $user->lang[$this->page_title . '_EXPLAIN'], @@ -1769,55 +1702,158 @@ parse_css_file = {PARSE_CSS_FILE} $template->assign_vars(array( 'S_DELETE_STYLE' => true, )); + } + } + + /** + * Remove template/theme/imageset entry from the database + */ + function remove_component($component, $style_id, $new_id) + { + global $db; + + if (($new_id == 0) || ($component === 'template' && ($conflicts = $this->check_inheritance($component, $style_id)))) + { + // We can not delete the template, as the selected one is inheriting from this one. + return; + } + + if ($component == 'imageset') + { + $sql = 'DELETE FROM ' . STYLES_IMAGESET_DATA_TABLE . " + WHERE imageset_id = $style_id"; + $db->sql_query($sql); + } + + switch ($component) + { + case 'template': + $sql_from = STYLES_TEMPLATE_TABLE; + break; + + case 'theme': + $sql_from = STYLES_THEME_TABLE; + break; + + case 'imageset': + $sql_from = STYLES_IMAGESET_TABLE;; + break; + } + + $sql = "DELETE FROM $sql_from + WHERE {$component}_id = $style_id"; + $db->sql_query($sql); + + $sql = 'UPDATE ' . STYLES_TABLE . " + SET {$component}_id = $new_id + WHERE {$component}_id = $style_id"; + $db->sql_query($sql); + } + + /** + * Display the options which can be used to replace a style/template/theme/imageset + */ + function display_component_options($component, $component_id, $style_row = false, $style_id = false) + { + global $db, $template, $user; - $components = array('template', 'theme', 'imageset'); - foreach ($components as $mode) + $component_in_use = array(); + if (($component != 'style') && $style_id) + { + $sql = 'SELECT style_id, style_name + FROM ' . STYLES_TABLE . " + WHERE {$component}_id = {$component_id} + AND style_id <> {$style_id} + ORDER BY style_name ASC"; + $result = $db->sql_query($sql); + while ($row = $db->sql_fetchrow($result)) { - $sql_where = ''; - switch ($mode) + $component_in_use[] = $row['style_name']; + } + $db->sql_freeresult($result); + + if ($component === 'template' && ($conflicts = $this->check_inheritance($component, $component_id))) + { + foreach ($conflicts as $temp_id => $conflict_data) { - case 'template': - $sql_from = STYLES_TEMPLATE_TABLE; - $sql_select = 'template_name, template_path, template_storedb'; - $sql_where = ' AND template_inherits_id <> ' . $style_row[$mode . '_id']; - break; + $component_in_use[] = $conflict_data['template_name']; + } + } + } - case 'theme': - $sql_from = STYLES_THEME_TABLE; - $sql_select = 'theme_name, theme_path, theme_storedb'; - break; + $sql_where = ''; + switch ($component) + { + case 'style': + $sql_from = STYLES_TABLE; + $sql_where = 'WHERE style_active = 1'; + break; - case 'imageset': - $sql_from = STYLES_IMAGESET_TABLE; - $sql_select = 'imageset_name, imageset_path'; - break; - } + case 'template': + $sql_from = STYLES_TEMPLATE_TABLE; + $sql_where = 'WHERE template_inherits_id <> ' . $component_id; + break; - $sql = "SELECT {$mode}_id, {$mode}_name - FROM $sql_from - WHERE {$mode}_id <> {$style_row[$mode . '_id']} - $sql_where - ORDER BY {$mode}_name ASC"; - $result = $db->sql_query($sql); + case 'theme': + $sql_from = STYLES_THEME_TABLE; + break; - $s_options = ''; + case 'imageset': + $sql_from = STYLES_IMAGESET_TABLE; + break; + } - $set_default = true; - while ($row = $db->sql_fetchrow($result)) + $s_options = ''; + if (($component != 'style') && empty($component_in_use)) + { + $sql = "SELECT {$component}_id, {$component}_name + FROM $sql_from + WHERE {$component}_id = {$component_id}"; + $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + $s_options .= ''; + $s_options .= ''; + } + else + { + $sql = "SELECT {$component}_id, {$component}_name + FROM $sql_from + $sql_where + ORDER BY {$component}_name ASC"; + $result = $db->sql_query($sql); + + $s_keep_option = $s_options = ''; + while ($row = $db->sql_fetchrow($result)) + { + if ($row[$component . '_id'] != $component_id) { - if ($set_default) - { - $s_options .= ''; - $set_default = false; - } - else - { - $s_options .= ''; - } + $s_options .= ''; } - $db->sql_freeresult($result); + else if ($component != 'style') + { + $s_keep_option = ''; + } + } + $db->sql_freeresult($result); + $s_options = $s_keep_option . $s_options; + } - $template->assign_var('S_REPLACE_' . strtoupper($mode) . '_OPTIONS', $s_options); + if (!$style_row) + { + $template->assign_var('S_REPLACE_' . strtoupper($component) . '_OPTIONS', $s_options); + } + else + { + $template->assign_var('S_REPLACE_OPTIONS', $s_options); + if ($component == 'style') + { + $components = array('template', 'theme', 'imageset'); + foreach ($components as $component) + { + $this->display_component_options($component, $style_row[$component . '_id'], false, $component_id); + } } } } -- cgit v1.2.1 From 65020fd5c1d71f44ef74824a27eaf4929b19635c Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Thu, 27 Jan 2011 14:23:33 +0100 Subject: [ticket/9675] Correctly check whether the style/component is still in use. And don't allow to delete it in that case. PHPBB3-9675 --- phpBB/includes/acp/acp_styles.php | 92 +++++++++++++++++++++++++++------------ 1 file changed, 64 insertions(+), 28 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php index 2e2807c8cb..0f157ceff3 100644 --- a/phpBB/includes/acp/acp_styles.php +++ b/phpBB/includes/acp/acp_styles.php @@ -1662,7 +1662,7 @@ parse_css_file = {PARSE_CSS_FILE} { $new_id = request_var('new_' . $component . '_id', 0); $component_id = $style_row[$component . '_id']; - $this->remove_component($component, $component_id, $new_id); + $this->remove_component($component, $component_id, $new_id, $style_id); } } else @@ -1708,20 +1708,32 @@ parse_css_file = {PARSE_CSS_FILE} /** * Remove template/theme/imageset entry from the database */ - function remove_component($component, $style_id, $new_id) + function remove_component($component, $component_id, $new_id, $style_id = false) { global $db; - if (($new_id == 0) || ($component === 'template' && ($conflicts = $this->check_inheritance($component, $style_id)))) + if (($new_id == 0) || ($component === 'template' && ($conflicts = $this->check_inheritance($component, $component_id)))) { - // We can not delete the template, as the selected one is inheriting from this one. + // We can not delete the template, as the user wants to keep the component or an other template is inheriting from this one. + return; + } + + $component_in_use = array(); + if ($component != 'style') + { + $component_in_use = $this->component_in_use($component, $component_id, $style_id); + } + + if (($new_id == -1) && !empty($component_in_use)) + { + // We can not delete the component, as it is still in use return; } if ($component == 'imageset') { $sql = 'DELETE FROM ' . STYLES_IMAGESET_DATA_TABLE . " - WHERE imageset_id = $style_id"; + WHERE imageset_id = $component_id"; $db->sql_query($sql); } @@ -1741,12 +1753,12 @@ parse_css_file = {PARSE_CSS_FILE} } $sql = "DELETE FROM $sql_from - WHERE {$component}_id = $style_id"; + WHERE {$component}_id = $component_id"; $db->sql_query($sql); $sql = 'UPDATE ' . STYLES_TABLE . " SET {$component}_id = $new_id - WHERE {$component}_id = $style_id"; + WHERE {$component}_id = $component_id"; $db->sql_query($sql); } @@ -1758,27 +1770,9 @@ parse_css_file = {PARSE_CSS_FILE} global $db, $template, $user; $component_in_use = array(); - if (($component != 'style') && $style_id) + if ($component != 'style') { - $sql = 'SELECT style_id, style_name - FROM ' . STYLES_TABLE . " - WHERE {$component}_id = {$component_id} - AND style_id <> {$style_id} - ORDER BY style_name ASC"; - $result = $db->sql_query($sql); - while ($row = $db->sql_fetchrow($result)) - { - $component_in_use[] = $row['style_name']; - } - $db->sql_freeresult($result); - - if ($component === 'template' && ($conflicts = $this->check_inheritance($component, $component_id))) - { - foreach ($conflicts as $temp_id => $conflict_data) - { - $component_in_use[] = $conflict_data['template_name']; - } - } + $component_in_use = $this->component_in_use($component, $component_id, $style_id); } $sql_where = ''; @@ -1852,12 +1846,54 @@ parse_css_file = {PARSE_CSS_FILE} $components = array('template', 'theme', 'imageset'); foreach ($components as $component) { - $this->display_component_options($component, $style_row[$component . '_id'], false, $component_id); + $this->display_component_options($component, $style_row[$component . '_id'], false, $component_id, true); } } } } + /** + * Check whether the component is still used by another style or component + */ + function component_in_use($component, $component_id, $style_id = false) + { + global $db; + + $component_in_use = array(); + + if ($style_id) + { + $sql = 'SELECT style_id, style_name + FROM ' . STYLES_TABLE . " + WHERE {$component}_id = {$component_id} + AND style_id <> {$style_id} + ORDER BY style_name ASC"; + } + else + { + $sql = 'SELECT style_id, style_name + FROM ' . STYLES_TABLE . " + WHERE {$component}_id = {$component_id} + ORDER BY style_name ASC"; + } + $result = $db->sql_query($sql); + while ($row = $db->sql_fetchrow($result)) + { + $component_in_use[] = $row['style_name']; + } + $db->sql_freeresult($result); + + if ($component === 'template' && ($conflicts = $this->check_inheritance($component, $component_id))) + { + foreach ($conflicts as $temp_id => $conflict_data) + { + $component_in_use[] = $conflict_data['template_name']; + } + } + + return $component_in_use; + } + /** * Export style or style elements */ -- cgit v1.2.1 From 0e861ac3ab0513ec1c00354bfc8fc8492aa6573c Mon Sep 17 00:00:00 2001 From: Oleg Pudeyev Date: Wed, 9 Feb 2011 02:14:46 -0500 Subject: [ticket/10029] Use $_SERVER['SERVER_PROTOCOL'] for determining HTTP version. PHPBB3-10029 --- phpBB/includes/functions.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 9a8cc5d6b3..398a02380b 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2631,8 +2631,14 @@ function send_status_line($code, $message) } else { - if (isset($_SERVER['HTTP_VERSION'])) + if (!empty($_SERVER['SERVER_PROTOCOL'])) { + $version = $_SERVER['SERVER_PROTOCOL']; + } + else if (!empty($_SERVER['HTTP_VERSION'])) + { + // I cannot remember where I got this from. + // This code path may never be reachable in reality. $version = $_SERVER['HTTP_VERSION']; } else -- cgit v1.2.1 From c717e44094ce6d3b3ad4f56519b8f421ec06146e Mon Sep 17 00:00:00 2001 From: Niklas Schmidtmer Date: Sun, 13 Feb 2011 18:29:30 +0100 Subject: [ticket/8904] Show default value for numeric custom profile fields when editing When displaying the default value for a numeric custom profile field, only use request_var to obtain the value on creation. When editing, it will always override the actual value with an empty string, as this is request_var's default return value. PHPBB3-8904 --- phpBB/includes/acp/acp_profile.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_profile.php b/phpBB/includes/acp/acp_profile.php index 2288a0728b..2e43b0545a 100644 --- a/phpBB/includes/acp/acp_profile.php +++ b/phpBB/includes/acp/acp_profile.php @@ -512,7 +512,7 @@ class acp_profile else if ($field_type == FIELD_INT && $key == 'field_default_value') { // Permit an empty string - if (request_var('field_default_value', '') === '') + if ($action == 'create' && request_var('field_default_value', '') === '') { $var = ''; } -- cgit v1.2.1 From a7bc76d24622ce89f35023738e459ce38aa169a5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Fr=C3=A8rejean?= Date: Tue, 11 Jan 2011 13:48:13 +0100 Subject: [ticket/7778] BBCode single limit There are currently two hard limits for the number of BBCodes allowed. One is enforced by the type of the `bbcode_id` column, the other by an hard limit in `acp/acp_bbcode.php`. However this limit can never be reached due to the size of the database column. Suggested fix involves adding a new constant to define the max. number of BBCodes (as with smilies) and chaning the database column from a tinyint to a smallint to actually allow 1511 BBCodes PHPBB3-7778 --- phpBB/includes/acp/acp_bbcodes.php | 2 +- phpBB/includes/constants.php | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_bbcodes.php b/phpBB/includes/acp/acp_bbcodes.php index 2b706394c4..0644b38eb1 100644 --- a/phpBB/includes/acp/acp_bbcodes.php +++ b/phpBB/includes/acp/acp_bbcodes.php @@ -213,7 +213,7 @@ class acp_bbcodes $bbcode_id = NUM_CORE_BBCODES + 1; } - if ($bbcode_id > 1511) + if ($bbcode_id > BBCODE_LIMIT) { trigger_error($user->lang['TOO_MANY_BBCODES'] . adm_back_link($this->u_action), E_USER_WARNING); } diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index 90440f74b8..ea34eb8e81 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -173,6 +173,9 @@ define('BBCODE_UID_LEN', 8); // Number of core BBCodes define('NUM_CORE_BBCODES', 12); +// BBCode hard limit +define('BBCODE_LIMIT', 1511); + // Smiley hard limit define('SMILEY_LIMIT', 1000); -- cgit v1.2.1 From e6219c83c7302424f670d4160798db4952a48f0c Mon Sep 17 00:00:00 2001 From: Callum Macrae Date: Thu, 24 Feb 2011 14:13:45 +0000 Subject: [ticket/9872] Removed some useless code that broke delete_posts When in the ACP, there is the option to delete a user and all their posts. This would then call the user_delete function and define $mode as 'remove'. On lines 485-521 was some code that would delete their topics, then after that there would be a call to delete_posts - which would also delete their topics. It would not update the board statistics, and the thread count would remain the same, even though several had been deleted. It stopped delete_topics functioning correctly, so delete_topics would not update the board statistics either. My solution to this is to delete lines 485-521 and allow delete_posts to call delete_topics, thus updating the thread count in the statistics. PHPBB3-9872 --- phpBB/includes/functions_user.php | 38 -------------------------------------- 1 file changed, 38 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 90341cd926..0420aa70ab 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -482,44 +482,6 @@ function user_delete($mode, $user_id, $post_username = false) include($phpbb_root_path . 'includes/functions_admin.' . $phpEx); } - $sql = 'SELECT topic_id, COUNT(post_id) AS total_posts - FROM ' . POSTS_TABLE . " - WHERE poster_id = $user_id - GROUP BY topic_id"; - $result = $db->sql_query($sql); - - $topic_id_ary = array(); - while ($row = $db->sql_fetchrow($result)) - { - $topic_id_ary[$row['topic_id']] = $row['total_posts']; - } - $db->sql_freeresult($result); - - if (sizeof($topic_id_ary)) - { - $sql = 'SELECT topic_id, topic_replies, topic_replies_real - FROM ' . TOPICS_TABLE . ' - WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary)); - $result = $db->sql_query($sql); - - $del_topic_ary = array(); - while ($row = $db->sql_fetchrow($result)) - { - if (max($row['topic_replies'], $row['topic_replies_real']) + 1 == $topic_id_ary[$row['topic_id']]) - { - $del_topic_ary[] = $row['topic_id']; - } - } - $db->sql_freeresult($result); - - if (sizeof($del_topic_ary)) - { - $sql = 'DELETE FROM ' . TOPICS_TABLE . ' - WHERE ' . $db->sql_in_set('topic_id', $del_topic_ary); - $db->sql_query($sql); - } - } - // Delete posts, attachments, etc. delete_posts('poster_id', $user_id); -- cgit v1.2.1 From 9399c7c46bd4e895a06127c19b27155008946726 Mon Sep 17 00:00:00 2001 From: Callum Macrae Date: Thu, 24 Feb 2011 22:12:36 +0000 Subject: [ticket/7834] Topic time didn't update when first post was deleted When the first post of a topic was deleted, the topic time didn't update - it should have changed to the time of the next post. This commit simply applies lefty74's patch posted in the ticket. It gets the post time of the next post from the database, and updates the thread accordingly. This patch is not my work at all and all credits go to lefty74, I just transferred it onto GitHub PHPBB3-7834 --- phpBB/includes/functions_posting.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index 72331a73c6..271039f415 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -1479,7 +1479,7 @@ function delete_post($forum_id, $topic_id, $post_id, &$data) break; case 'delete_first_post': - $sql = 'SELECT p.post_id, p.poster_id, p.post_username, u.username, u.user_colour + $sql = 'SELECT p.post_id, p.poster_id, p.post_time, p.post_username, u.username, u.user_colour FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . " u WHERE p.topic_id = $topic_id AND p.poster_id = u.user_id @@ -1493,7 +1493,7 @@ function delete_post($forum_id, $topic_id, $post_id, &$data) $sql_data[FORUMS_TABLE] = ($data['post_approved']) ? 'forum_posts = forum_posts - 1' : ''; } - $sql_data[TOPICS_TABLE] = 'topic_poster = ' . intval($row['poster_id']) . ', topic_first_post_id = ' . intval($row['post_id']) . ", topic_first_poster_colour = '" . $db->sql_escape($row['user_colour']) . "', topic_first_poster_name = '" . (($row['poster_id'] == ANONYMOUS) ? $db->sql_escape($row['post_username']) : $db->sql_escape($row['username'])) . "'"; + $sql_data[TOPICS_TABLE] = 'topic_poster = ' . intval($row['poster_id']) . ', topic_first_post_id = ' . intval($row['post_id']) . ", topic_first_poster_colour = '" . $db->sql_escape($row['user_colour']) . "', topic_first_poster_name = '" . (($row['poster_id'] == ANONYMOUS) ? $db->sql_escape($row['post_username']) : $db->sql_escape($row['username'])) . "', topic_time = " . (int) $row['post_time']; // Decrementing topic_replies here is fine because this case only happens if there is more than one post within the topic - basically removing one "reply" $sql_data[TOPICS_TABLE] .= ', topic_replies_real = topic_replies_real - 1' . (($data['post_approved']) ? ', topic_replies = topic_replies - 1' : ''); -- cgit v1.2.1 From a25238e0c16ba238136475bb1dcc17472fedfffa Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Thu, 24 Feb 2011 23:51:42 +0100 Subject: [ticket/9874] view_log() performs unneeded count query over all log entries. PHPBB3-9874 --- phpBB/includes/acp/acp_main.php | 2 +- phpBB/includes/functions_admin.php | 24 ++++++++++++++---------- phpBB/includes/mcp/mcp_front.php | 2 +- phpBB/includes/mcp/mcp_post.php | 4 ++-- 4 files changed, 18 insertions(+), 14 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_main.php b/phpBB/includes/acp/acp_main.php index b8712b2a3d..60cebe3c08 100644 --- a/phpBB/includes/acp/acp_main.php +++ b/phpBB/includes/acp/acp_main.php @@ -529,7 +529,7 @@ class acp_main ); $log_data = array(); - $log_count = 0; + $log_count = false; if ($auth->acl_get('a_viewlogs')) { diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php index 2aa12adb2e..cb0cf34e69 100644 --- a/phpBB/includes/functions_admin.php +++ b/phpBB/includes/functions_admin.php @@ -2506,6 +2506,7 @@ function cache_moderators() /** * View log +* If $log_count is set to false, we will skip counting all entries in the database. */ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id = 0, $topic_id = 0, $user_id = 0, $limit_days = 0, $sort_by = 'l.log_time DESC', $keywords = '') { @@ -2761,16 +2762,19 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id } } - $sql = 'SELECT COUNT(l.log_id) AS total_entries - FROM ' . LOG_TABLE . ' l, ' . USERS_TABLE . " u - WHERE l.log_type = $log_type - AND l.user_id = u.user_id - AND l.log_time >= $limit_days - $sql_keywords - $sql_forum"; - $result = $db->sql_query($sql); - $log_count = (int) $db->sql_fetchfield('total_entries'); - $db->sql_freeresult($result); + if ($log_count !== false) + { + $sql = 'SELECT COUNT(l.log_id) AS total_entries + FROM ' . LOG_TABLE . ' l, ' . USERS_TABLE . " u + WHERE l.log_type = $log_type + AND l.user_id = u.user_id + AND l.log_time >= $limit_days + $sql_keywords + $sql_forum"; + $result = $db->sql_query($sql); + $log_count = (int) $db->sql_fetchfield('total_entries'); + $db->sql_freeresult($result); + } return; } diff --git a/phpBB/includes/mcp/mcp_front.php b/phpBB/includes/mcp/mcp_front.php index 50e14b9336..af262baa29 100644 --- a/phpBB/includes/mcp/mcp_front.php +++ b/phpBB/includes/mcp/mcp_front.php @@ -350,7 +350,7 @@ function mcp_front_view($id, $mode, $action) // Add forum_id 0 for global announcements $forum_list[] = 0; - $log_count = 0; + $log_count = false; $log = array(); view_log('mod', $log, $log_count, 5, 0, $forum_list); diff --git a/phpBB/includes/mcp/mcp_post.php b/phpBB/includes/mcp/mcp_post.php index 7098b4bbce..de7f3e63ee 100644 --- a/phpBB/includes/mcp/mcp_post.php +++ b/phpBB/includes/mcp/mcp_post.php @@ -227,10 +227,10 @@ function mcp_post_details($id, $mode, $action) // Get User Notes $log_data = array(); - $log_count = 0; + $log_count = false; view_log('user', $log_data, $log_count, $config['posts_per_page'], 0, 0, 0, $post_info['user_id']); - if ($log_count) + if (!empty($log_data)) { $template->assign_var('S_USER_NOTES', true); -- cgit v1.2.1 From 3b15fe0a5bc2c5bf5fcd5a08921ad3026791d4da Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Wed, 19 Jan 2011 03:08:27 +0100 Subject: [ticket/9912] Fix error in logic. Do not strip SID when user is not a bot. This also moves the code up to the point where we know that the user is a bot. Regression from d07e152ea7e820c5a0e47aeb8004fa0b5621a314 PHPBB3-9912 --- phpBB/includes/session.php | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 1dc854caf2..d803f8d799 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -583,6 +583,13 @@ class session $bot = false; } + // Bot user, if they have a SID in the Request URI we need to get rid of it + // otherwise they'll index this page with the SID, duplicate content oh my! + if ($bot && isset($_GET['sid'])) + { + redirect(build_url(array('sid'))); + } + // If no data was returned one or more of the following occurred: // Key didn't match one in the DB // User does not exist @@ -619,12 +626,6 @@ class session } else { - // Bot user, if they have a SID in the Request URI we need to get rid of it - // otherwise they'll index this page with the SID, duplicate content oh my! - if (isset($_GET['sid'])) - { - redirect(build_url(array('sid'))); - } $this->data['session_last_visit'] = $this->time_now; } -- cgit v1.2.1 From ffe691db1098c9bf9cd6c84d07bcdbc9a6cfb789 Mon Sep 17 00:00:00 2001 From: Philippe Chevrier Date: Sun, 27 Feb 2011 23:58:02 +0100 Subject: [ticket/10024] Populate unread information to template for styling issues. PHPBB3-10024 --- phpBB/includes/ucp/ucp_pm_viewfolder.php | 1 + 1 file changed, 1 insertion(+) (limited to 'phpBB/includes') diff --git a/phpBB/includes/ucp/ucp_pm_viewfolder.php b/phpBB/includes/ucp/ucp_pm_viewfolder.php index 6b7172ca2b..bd7bf89854 100644 --- a/phpBB/includes/ucp/ucp_pm_viewfolder.php +++ b/phpBB/includes/ucp/ucp_pm_viewfolder.php @@ -169,6 +169,7 @@ function view_folder($id, $mode, $folder_id, $folder) 'PM_IMG' => ($row_indicator) ? $user->img('pm_' . $row_indicator, '') : '', 'ATTACH_ICON_IMG' => ($auth->acl_get('u_pm_download') && $row['message_attachment'] && $config['allow_pm_attach']) ? $user->img('icon_topic_attach', $user->lang['TOTAL_ATTACHMENTS']) : '', + 'S_PM_UNREAD' => ($row['pm_unread']) ? true : false, 'S_PM_DELETED' => ($row['pm_deleted']) ? true : false, 'S_PM_REPORTED' => (isset($row['report_id'])) ? true : false, 'S_AUTHOR_DELETED' => ($row['author_id'] == ANONYMOUS) ? true : false, -- cgit v1.2.1 From 1b606133198eb1c37402bafea2e3c2c36b25d197 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Fr=C3=A8rejean?= Date: Thu, 3 Feb 2011 14:36:37 +0100 Subject: [ticket/9581] Mass e-mail to banned users Implement the suggestion made by Adam in the ticket, this will add an additional checkbox to the mass e-mail page. By checking this the mass e-mail shall also be send to banned users. By default banned users however are excluded from the mass e-mail. PHPBB3-9581 --- phpBB/includes/acp/acp_email.php | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_email.php b/phpBB/includes/acp/acp_email.php index 350693a630..d65cce7899 100644 --- a/phpBB/includes/acp/acp_email.php +++ b/phpBB/includes/acp/acp_email.php @@ -69,6 +69,8 @@ class acp_email if (!sizeof($error)) { + $sql_ban_where = (!isset($_REQUEST['mail_banned_flag'])) ? 'AND b.ban_userid != u.user_id' : ''; + if ($usernames) { // If giving usernames the admin is able to email inactive users too... @@ -83,21 +85,23 @@ class acp_email if ($group_id) { $sql = 'SELECT u.user_email, u.username, u.username_clean, u.user_lang, u.user_jabber, u.user_notify_type - FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . ' ug + FROM ' . BANLIST_TABLE . ' b, ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . ' ug WHERE ug.group_id = ' . $group_id . ' AND ug.user_pending = 0 AND u.user_id = ug.user_id AND u.user_allow_massemail = 1 - AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ') - ORDER BY u.user_lang, u.user_notify_type'; + AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ") + {$sql_ban_where} + ORDER BY u.user_lang, u.user_notify_type"; } else { - $sql = 'SELECT username, username_clean, user_email, user_jabber, user_notify_type, user_lang - FROM ' . USERS_TABLE . ' - WHERE user_allow_massemail = 1 - AND user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ') - ORDER BY user_lang, user_notify_type'; + $sql = 'SELECT u.username, u.username_clean, u.user_email, u.user_jabber, u.user_notify_type, u.user_lang + FROM (' . BANLIST_TABLE . ' b, ' . USERS_TABLE . ' u) + WHERE u.user_allow_massemail = 1 + AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ") + {$sql_ban_where} + ORDER BY u.user_lang, u.user_notify_type"; } } $result = $db->sql_query($sql); -- cgit v1.2.1 From 1dd25ce62df7650a295cdf017148a89962a538c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Fr=C3=A8rejean?= Date: Thu, 3 Feb 2011 14:56:31 +0100 Subject: [ticket/9581] Make banlist table select optional Per Nick, only set the `BANLIST_TABLE` in the select statement if the `$sql_ban_where` variable is set. PHPBB3-9581 --- phpBB/includes/acp/acp_email.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_email.php b/phpBB/includes/acp/acp_email.php index d65cce7899..c81a64d2a0 100644 --- a/phpBB/includes/acp/acp_email.php +++ b/phpBB/includes/acp/acp_email.php @@ -85,7 +85,7 @@ class acp_email if ($group_id) { $sql = 'SELECT u.user_email, u.username, u.username_clean, u.user_lang, u.user_jabber, u.user_notify_type - FROM ' . BANLIST_TABLE . ' b, ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . ' ug + FROM ' . ((!empty($sql_ban_where)) ? BANLIST_TABLE . ' b, ' : '') . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . ' ug WHERE ug.group_id = ' . $group_id . ' AND ug.user_pending = 0 AND u.user_id = ug.user_id @@ -97,7 +97,7 @@ class acp_email else { $sql = 'SELECT u.username, u.username_clean, u.user_email, u.user_jabber, u.user_notify_type, u.user_lang - FROM (' . BANLIST_TABLE . ' b, ' . USERS_TABLE . ' u) + FROM (' . ((!empty($sql_ban_where)) ? BANLIST_TABLE . ' b, ' : '') . USERS_TABLE . ' u) WHERE u.user_allow_massemail = 1 AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ") {$sql_ban_where} -- cgit v1.2.1 From df76799d4b3b4a7e400ee1d026311ddea9305aff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Fr=C3=A8rejean?= Date: Fri, 4 Mar 2011 12:05:33 +0100 Subject: [ticket/9581] Slightly tweaked queries Changed the queries based upon comments by Oleg and Nick, this should return the expected result in every case. PHPBB3-9581 --- phpBB/includes/acp/acp_email.php | 49 ++++++++++++++++++++++++++++------------ 1 file changed, 35 insertions(+), 14 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_email.php b/phpBB/includes/acp/acp_email.php index c81a64d2a0..a8cc93c2e7 100644 --- a/phpBB/includes/acp/acp_email.php +++ b/phpBB/includes/acp/acp_email.php @@ -69,8 +69,6 @@ class acp_email if (!sizeof($error)) { - $sql_ban_where = (!isset($_REQUEST['mail_banned_flag'])) ? 'AND b.ban_userid != u.user_id' : ''; - if ($usernames) { // If giving usernames the admin is able to email inactive users too... @@ -84,25 +82,48 @@ class acp_email { if ($group_id) { - $sql = 'SELECT u.user_email, u.username, u.username_clean, u.user_lang, u.user_jabber, u.user_notify_type - FROM ' . ((!empty($sql_ban_where)) ? BANLIST_TABLE . ' b, ' : '') . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . ' ug - WHERE ug.group_id = ' . $group_id . ' + $sql_ary = array( + 'SELECT' => 'u.user_email, u.username, u.username_clean, u.user_lang, u.user_jabber, u.user_notify_type', + 'FROM' => array( + USERS_TABLE => 'u', + USER_GROUP_TABLE => 'ug', + ), + 'WHERE' => 'ug.group_id = ' . $group_id . ' AND ug.user_pending = 0 AND u.user_id = ug.user_id AND u.user_allow_massemail = 1 - AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ") - {$sql_ban_where} - ORDER BY u.user_lang, u.user_notify_type"; + AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')', + 'ORDER_BY' => 'u.user_lang, u.user_notify_type', + ); } else { - $sql = 'SELECT u.username, u.username_clean, u.user_email, u.user_jabber, u.user_notify_type, u.user_lang - FROM (' . ((!empty($sql_ban_where)) ? BANLIST_TABLE . ' b, ' : '') . USERS_TABLE . ' u) - WHERE u.user_allow_massemail = 1 - AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ") - {$sql_ban_where} - ORDER BY u.user_lang, u.user_notify_type"; + $sql_ary = array( + 'SELECT' => 'u.username, u.username_clean, u.user_email, u.user_jabber, u.user_notify_type', + 'FROM' => array( + USERS_TABLE => 'u', + ), + 'WHERE' => 'u.user_allow_massemail = 1 + AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')', + 'ORDER_BY' => 'u.user_lang, u.user_notify_type', + ); + } + + // Mail banned or not + if (!isset($_REQUEST['mail_banned_flag'])) + { + $sql_ary['WHERE'] .= ' AND (b.ban_id IS NULL + OR b.ban_exclude = 1)'; + $sql_ary['LEFT_JOIN'] = array( + array( + 'FROM' => array( + BANLIST_TABLE => 'b', + ), + 'ON' => 'u.user_id = b.ban_userid', + ), + ); } + $sql = $db->sql_build_query('SELECT', $sql_ary); } $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); -- cgit v1.2.1 From 5ab4dc298327d3a8d51387959d6905c6bb24fd99 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Sat, 5 Mar 2011 22:16:50 +0100 Subject: [ticket/10042] Add mt_rand() wrapper which allows swapping $min and $max. PHPBB3-10042 --- phpBB/includes/functions.php | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 398a02380b..259b3b0481 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -244,6 +244,22 @@ function unique_id($extra = 'c') return substr($val, 4, 16); } +/** +* Wrapper for mt_rand() which allows swapping $min and $max parameters. +* +* PHP does not allow us to swap the order of the arguments for mt_rand() anymore. +* (since PHP 5.3.4, see http://bugs.php.net/46587) +* +* @param int $min Lowest value to be returned +* @param int $max Highest value to be returned +* +* @return int Random integer between $min and $max (or $max and $min) +*/ +function phpbb_mt_rand($min, $max) +{ + return ($min > $max) ? mt_rand($max, $min) : mt_rand($min, $max); +} + /** * Return formatted string for filesizes * -- cgit v1.2.1 From 841061426ded7100624496a915e8669d81d197c9 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Sat, 5 Mar 2011 22:48:24 +0100 Subject: [ticket/10016] Leave Firebird unchanged. PHPBB3-10016 --- phpBB/includes/functions.php | 3 +++ 1 file changed, 3 insertions(+) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 7632d8790d..ef71a4e7fd 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -175,6 +175,9 @@ function set_config_count($config_name, $increment, $is_dynamic = false) switch ($db->sql_layer) { case 'firebird': + $sql_update = 'CAST(CAST(config_value as DECIMAL(255, 0)) + ' . (int) $increment . ' as VARCHAR(255))'; + break; + case 'postgres': $sql_update = 'CAST(CAST(config_value::text as DECIMAL(255, 0)) + ' . (int) $increment . ' as VARCHAR(255))'; break; -- cgit v1.2.1 From 9cdeb51a5287844be1cd8671284d625d41e9b2fa Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Sat, 5 Mar 2011 22:55:58 +0100 Subject: [ticket/10016] Add comment for text casting (for PostgreSQL 7.x) PHPBB3-10016 --- phpBB/includes/functions.php | 1 + 1 file changed, 1 insertion(+) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index ef71a4e7fd..fb90ee5f50 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -179,6 +179,7 @@ function set_config_count($config_name, $increment, $is_dynamic = false) break; case 'postgres': + // Need to cast to text first for PostgreSQL 7.x $sql_update = 'CAST(CAST(config_value::text as DECIMAL(255, 0)) + ' . (int) $increment . ' as VARCHAR(255))'; break; -- cgit v1.2.1 From c6c2a23ecb10b4b54e7e9b703d14e8c7cda6ad55 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Sat, 5 Mar 2011 22:20:23 +0100 Subject: [ticket/10042] GD CAPTCHA: Round offset to the next pixel. PHPBB3-10042 --- phpBB/includes/captcha/captcha_gd.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/captcha/captcha_gd.php b/phpBB/includes/captcha/captcha_gd.php index 96e39af85b..7a3f4f46ab 100644 --- a/phpBB/includes/captcha/captcha_gd.php +++ b/phpBB/includes/captcha/captcha_gd.php @@ -77,7 +77,7 @@ class captcha { $denom = ($code_len - $i); $denom = max(1.3, $denom); - $offset[$i] = mt_rand(0, (1.5 * $width_avail) / $denom); + $offset[$i] = mt_rand(0, (int) round((1.5 * $width_avail) / $denom)); $width_avail -= $offset[$i]; } -- cgit v1.2.1 From 18daf6345f64e59f651c43a3150d9e139ac2a4cc Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Sat, 5 Mar 2011 22:21:45 +0100 Subject: [ticket/10042] GD CAPTCHA: Call phpbb_mt_rand() where required. PHPBB3-10042 --- phpBB/includes/captcha/captcha_gd.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/captcha/captcha_gd.php b/phpBB/includes/captcha/captcha_gd.php index 7a3f4f46ab..6d859a4ecc 100644 --- a/phpBB/includes/captcha/captcha_gd.php +++ b/phpBB/includes/captcha/captcha_gd.php @@ -77,7 +77,7 @@ class captcha { $denom = ($code_len - $i); $denom = max(1.3, $denom); - $offset[$i] = mt_rand(0, (int) round((1.5 * $width_avail) / $denom)); + $offset[$i] = phpbb_mt_rand(0, (int) round((1.5 * $width_avail) / $denom)); $width_avail -= $offset[$i]; } -- cgit v1.2.1 From f7723b3e959b0cfd5ae738f9745f367aef1f0d47 Mon Sep 17 00:00:00 2001 From: Josh Woody Date: Wed, 5 Jan 2011 18:48:57 -0600 Subject: [ticket/9970] User language input is checked for existance Users could select a language which did not exist in the database by altering form fields because there was no back-end verification. PHPBB3-9970 --- phpBB/includes/functions_user.php | 30 ++++++++++++++++++++++++++++++ phpBB/includes/ucp/ucp_prefs.php | 2 +- phpBB/includes/ucp/ucp_register.php | 2 +- 3 files changed, 32 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 0420aa70ab..7bab51323b 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1421,6 +1421,36 @@ function validate_match($string, $optional = false, $match = '') return false; } +/** +* Validate Language string +* +* Tests whether a language string is valid and exists on the disk +* This is the same criteria used to determine whether to include it or not. +* +* @param $lang - The language string to test +* +* @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended) +*/ +function validate_language($lang) +{ + global $phpbb_root_path; + + // Note: Two language strings are identical here because the English + // version "Language you specified is not valid" is correct for both + // cases + if (!preg_match('#^[a-z_\-]{2,}$#i', $lang)) + { + return 'WRONG_DATA'; + } + + if (!file_exists($phpbb_root_path . 'language/' . $lang . '/')) + { + return 'WRONG_DATA'; + } + + return false; +} + /** * Check to see if the username has been taken, or if it is disallowed. * Also checks if it includes the " character, which we don't allow in usernames. diff --git a/phpBB/includes/ucp/ucp_prefs.php b/phpBB/includes/ucp/ucp_prefs.php index cc8565e69d..76393530b2 100644 --- a/phpBB/includes/ucp/ucp_prefs.php +++ b/phpBB/includes/ucp/ucp_prefs.php @@ -65,7 +65,7 @@ class ucp_prefs $error = validate_data($data, array( 'dateformat' => array('string', false, 1, 30), - 'lang' => array('match', false, '#^[a-z0-9_\-]{2,}$#i'), + 'lang' => array('language'), 'tz' => array('num', false, -14, 14), )); diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php index 7fd99da55a..88f3343f6f 100644 --- a/phpBB/includes/ucp/ucp_register.php +++ b/phpBB/includes/ucp/ucp_register.php @@ -210,7 +210,7 @@ class ucp_register array('email')), 'email_confirm' => array('string', false, 6, 60), 'tz' => array('num', false, -14, 14), - 'lang' => array('match', false, '#^[a-z_\-]{2,}$#i'), + 'lang' => array('language'), )); if (!check_form_key('ucp_register')) -- cgit v1.2.1 From 405ef3982891712b0d88a04502ee2ad0141d571f Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Sun, 6 Mar 2011 23:47:47 +0100 Subject: [ticket/9970] Check whether language pack is installed. PHPBB3-9970 --- phpBB/includes/functions_user.php | 33 ++++++++++++++------------------- 1 file changed, 14 insertions(+), 19 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 7bab51323b..9b0175694d 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1422,33 +1422,28 @@ function validate_match($string, $optional = false, $match = '') } /** -* Validate Language string +* Validate Language Pack ISO Name * -* Tests whether a language string is valid and exists on the disk -* This is the same criteria used to determine whether to include it or not. +* Tests whether a language name is valid and installed * -* @param $lang - The language string to test +* @param string $lang The language string to test * -* @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended) +* @return bool|string Either false if validation succeeded or +* a string which will be used as the error message +* (with the variable name appended) */ function validate_language($lang) { - global $phpbb_root_path; - - // Note: Two language strings are identical here because the English - // version "Language you specified is not valid" is correct for both - // cases - if (!preg_match('#^[a-z_\-]{2,}$#i', $lang)) - { - return 'WRONG_DATA'; - } + global $db; - if (!file_exists($phpbb_root_path . 'language/' . $lang . '/')) - { - return 'WRONG_DATA'; - } + $sql = 'SELECT lang_id + FROM ' . LANG_TABLE . " + WHERE lang_iso = '" . $db->sql_escape($lang) . "'"; + $result = $db->sql_query($sql); + $lang_id = (int) $db->sql_fetchfield('lang_id'); + $db->sql_freeresult($result); - return false; + return ($lang_id) ? false : 'WRONG_DATA'; } /** -- cgit v1.2.1 From 0f16fd3519151cbd309cfa5f7aec0d45bd7346e9 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Mon, 7 Mar 2011 00:20:02 +0100 Subject: [ticket/9970] Do not allow switching to languages not installed on reg. page. PHPBB3-9970 --- phpBB/includes/ucp/ucp_register.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php index 88f3343f6f..76e02fd45b 100644 --- a/phpBB/includes/ucp/ucp_register.php +++ b/phpBB/includes/ucp/ucp_register.php @@ -56,7 +56,7 @@ class ucp_register { $use_lang = ($change_lang) ? basename($change_lang) : basename($user_lang); - if (file_exists($user->lang_path . $use_lang . '/')) + if (!validate_language($use_lang)) { if ($change_lang) { -- cgit v1.2.1 From ac9019068202efde7c532462ca5fce8523956db7 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Mon, 7 Mar 2011 00:23:49 +0100 Subject: [ticket/9970] Rename validate_language() to validate_language_iso_name(). PHPBB3-9970 --- phpBB/includes/functions_user.php | 12 ++++++------ phpBB/includes/ucp/ucp_prefs.php | 2 +- phpBB/includes/ucp/ucp_register.php | 4 ++-- 3 files changed, 9 insertions(+), 9 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 9b0175694d..8a204995aa 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1426,19 +1426,19 @@ function validate_match($string, $optional = false, $match = '') * * Tests whether a language name is valid and installed * -* @param string $lang The language string to test +* @param string $lang_iso The language string to test * -* @return bool|string Either false if validation succeeded or -* a string which will be used as the error message -* (with the variable name appended) +* @return bool|string Either false if validation succeeded or +* a string which will be used as the error message +* (with the variable name appended) */ -function validate_language($lang) +function validate_language_iso_name($lang_iso) { global $db; $sql = 'SELECT lang_id FROM ' . LANG_TABLE . " - WHERE lang_iso = '" . $db->sql_escape($lang) . "'"; + WHERE lang_iso = '" . $db->sql_escape($lang_iso) . "'"; $result = $db->sql_query($sql); $lang_id = (int) $db->sql_fetchfield('lang_id'); $db->sql_freeresult($result); diff --git a/phpBB/includes/ucp/ucp_prefs.php b/phpBB/includes/ucp/ucp_prefs.php index 76393530b2..13167b2b3d 100644 --- a/phpBB/includes/ucp/ucp_prefs.php +++ b/phpBB/includes/ucp/ucp_prefs.php @@ -65,7 +65,7 @@ class ucp_prefs $error = validate_data($data, array( 'dateformat' => array('string', false, 1, 30), - 'lang' => array('language'), + 'lang' => array('language_iso_name'), 'tz' => array('num', false, -14, 14), )); diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php index 76e02fd45b..13b9945851 100644 --- a/phpBB/includes/ucp/ucp_register.php +++ b/phpBB/includes/ucp/ucp_register.php @@ -56,7 +56,7 @@ class ucp_register { $use_lang = ($change_lang) ? basename($change_lang) : basename($user_lang); - if (!validate_language($use_lang)) + if (!validate_language_iso_name($use_lang)) { if ($change_lang) { @@ -210,7 +210,7 @@ class ucp_register array('email')), 'email_confirm' => array('string', false, 6, 60), 'tz' => array('num', false, -14, 14), - 'lang' => array('language'), + 'lang' => array('language_iso_name'), )); if (!check_form_key('ucp_register')) -- cgit v1.2.1 From d69a7c620a08d1866a24033ef43646a4bbfc9925 Mon Sep 17 00:00:00 2001 From: Oleg Pudeyev Date: Wed, 23 Feb 2011 20:12:12 -0500 Subject: [ticket/10057] Report postgres db connection errors. Addresses two issues: 1. When pgsql extension is missing, @pg_connect would silently abort execution. Check for pg_connect existence before calling it, same with pg_pconnect. 2. When connection fails, the error reported by php is discarded. User is shown the failure message without the reason for failure, making debugging difficult. Collect the error (if any) via a temporarily installed error handler, and display it if connection failed. PHPBB3-10057 --- phpBB/includes/db/postgres.php | 15 +++++++++++++- phpBB/includes/functions.php | 44 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 58 insertions(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/db/postgres.php b/phpBB/includes/db/postgres.php index 4360c790a1..29e15143bc 100644 --- a/phpBB/includes/db/postgres.php +++ b/phpBB/includes/db/postgres.php @@ -81,13 +81,25 @@ class dbal_postgres extends dbal if ($this->persistency) { + if (!function_exists('pg_pconnect')) + { + return $this->sql_error('pg_pconnect does not exist'); + } + phpbb_start_error_collection(); $this->db_connect_id = (!$new_link) ? @pg_pconnect($connect_string) : @pg_pconnect($connect_string, PGSQL_CONNECT_FORCE_NEW); } else { + if (!function_exists('pg_pconnect')) + { + return $this->sql_error('pg_connect does not exist'); + } + phpbb_start_error_collection(); $this->db_connect_id = (!$new_link) ? @pg_connect($connect_string) : @pg_connect($connect_string, PGSQL_CONNECT_FORCE_NEW); } + $errors = phpbb_stop_error_collection(); + if ($this->db_connect_id) { if (version_compare($this->sql_server_info(true), '8.2', '>=')) @@ -102,7 +114,8 @@ class dbal_postgres extends dbal return $this->db_connect_id; } - return $this->sql_error(''); + $errors = phpbb_format_collected_errors($errors); + return $this->sql_error($errors); } /** diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 398a02380b..471d3476a0 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -3928,6 +3928,50 @@ function msg_handler($errno, $msg_text, $errfile, $errline) return false; } +function phpbb_error_collection_handler($errno, $msg_text, $errfile, $errline) +{ + global $phpbb_collected_errors; + $phpbb_collected_errors[-1][] = array($errno, $msg_text, $errfile, $errline); +} + +function phpbb_start_error_collection() +{ + global $phpbb_collected_errors; + if (!isset($phpbb_collected_errors)) + { + $phpbb_collected_errors = array(); + } + $phpbb_collected_errors[] = array(); + set_error_handler('phpbb_error_collection_handler'); +} + +function phpbb_stop_error_collection() +{ + global $phpbb_collected_errors; + restore_error_handler(); + $errors = array_pop($phpbb_collected_errors); + return $errors; +} + +function phpbb_format_collected_errors($errors) +{ + $text = ''; + foreach ($errors as $error) + { + if (!empty($text)) + { + $text .= "
\n"; + } + list($errno, $msg_text, $errfile, $errline) = $error; + $text .= "Errno $errno: $msg_text"; + if (defined('DEBUG')) + { + $text .= " at $errfile line $errline"; + } + } + return $text; +} + /** * Queries the session table to get information about online guests * @param int $item_id Limits the search to the item with this id -- cgit v1.2.1 From fc5be6928fc2af13333569e766a289e5e3334233 Mon Sep 17 00:00:00 2001 From: Oleg Pudeyev Date: Wed, 23 Feb 2011 22:52:41 -0500 Subject: [ticket/10057] No negative array indexing. PHP manual does not say that negative array indices are allowed, so it's best to assume they are not guaranteed to work the way one would expect. PHPBB3-10057 --- phpBB/includes/functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 471d3476a0..e0623c0869 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -3931,7 +3931,7 @@ function msg_handler($errno, $msg_text, $errfile, $errline) function phpbb_error_collection_handler($errno, $msg_text, $errfile, $errline) { global $phpbb_collected_errors; - $phpbb_collected_errors[-1][] = array($errno, $msg_text, $errfile, $errline); + $phpbb_collected_errors[count($phpbb_collected_errors)-1][] = array($errno, $msg_text, $errfile, $errline); } function phpbb_start_error_collection() -- cgit v1.2.1 From a4100fe7094aaa5377065d2f25ca8d0fa2ff6bf8 Mon Sep 17 00:00:00 2001 From: Oleg Pudeyev Date: Wed, 23 Feb 2011 22:54:25 -0500 Subject: [ticket/10057] More informative error messages in postgres dbal. When pg_connect/pg_pconnect do not exist, mention that they come with pgsql extension. PHPBB3-10057 --- phpBB/includes/db/postgres.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/db/postgres.php b/phpBB/includes/db/postgres.php index 29e15143bc..c1dc7f7e2b 100644 --- a/phpBB/includes/db/postgres.php +++ b/phpBB/includes/db/postgres.php @@ -83,7 +83,7 @@ class dbal_postgres extends dbal { if (!function_exists('pg_pconnect')) { - return $this->sql_error('pg_pconnect does not exist'); + return $this->sql_error('pg_pconnect function does not exist, is pgsql extension installed?'); } phpbb_start_error_collection(); $this->db_connect_id = (!$new_link) ? @pg_pconnect($connect_string) : @pg_pconnect($connect_string, PGSQL_CONNECT_FORCE_NEW); @@ -92,7 +92,7 @@ class dbal_postgres extends dbal { if (!function_exists('pg_pconnect')) { - return $this->sql_error('pg_connect does not exist'); + return $this->sql_error('pg_connect function does not exist, is pgsql extension installed?'); } phpbb_start_error_collection(); $this->db_connect_id = (!$new_link) ? @pg_connect($connect_string) : @pg_connect($connect_string, PGSQL_CONNECT_FORCE_NEW); -- cgit v1.2.1 From 17693c2802c92297251f5cd94cc5452f5e54eb0b Mon Sep 17 00:00:00 2001 From: Oleg Pudeyev Date: Wed, 2 Mar 2011 06:35:25 -0500 Subject: [ticket/10057] Use a class for error collection. Replaced error collection functions with a class for a cleaner implementation. PHPBB3-10057 --- phpBB/includes/db/postgres.php | 10 ++++--- phpBB/includes/functions.php | 64 +++++++++++++++++++++--------------------- 2 files changed, 38 insertions(+), 36 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/db/postgres.php b/phpBB/includes/db/postgres.php index c1dc7f7e2b..a8dc3dd8ee 100644 --- a/phpBB/includes/db/postgres.php +++ b/phpBB/includes/db/postgres.php @@ -85,7 +85,8 @@ class dbal_postgres extends dbal { return $this->sql_error('pg_pconnect function does not exist, is pgsql extension installed?'); } - phpbb_start_error_collection(); + $collector = new phpbb_error_collector; + $collector->install(); $this->db_connect_id = (!$new_link) ? @pg_pconnect($connect_string) : @pg_pconnect($connect_string, PGSQL_CONNECT_FORCE_NEW); } else @@ -94,11 +95,12 @@ class dbal_postgres extends dbal { return $this->sql_error('pg_connect function does not exist, is pgsql extension installed?'); } - phpbb_start_error_collection(); + $collector = new phpbb_error_collector; + $collector->install(); $this->db_connect_id = (!$new_link) ? @pg_connect($connect_string) : @pg_connect($connect_string, PGSQL_CONNECT_FORCE_NEW); } - $errors = phpbb_stop_error_collection(); + $collector->uninstall(); if ($this->db_connect_id) { @@ -114,7 +116,7 @@ class dbal_postgres extends dbal return $this->db_connect_id; } - $errors = phpbb_format_collected_errors($errors); + $errors = $collector->format_errors(); return $this->sql_error($errors); } diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index e0623c0869..39a02034c4 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -3928,48 +3928,48 @@ function msg_handler($errno, $msg_text, $errfile, $errline) return false; } -function phpbb_error_collection_handler($errno, $msg_text, $errfile, $errline) +class phpbb_error_collector { - global $phpbb_collected_errors; - $phpbb_collected_errors[count($phpbb_collected_errors)-1][] = array($errno, $msg_text, $errfile, $errline); -} + var $errors; -function phpbb_start_error_collection() -{ - global $phpbb_collected_errors; - if (!isset($phpbb_collected_errors)) + function phpbb_error_collector() { - $phpbb_collected_errors = array(); + $this->errors = array(); } - $phpbb_collected_errors[] = array(); - set_error_handler('phpbb_error_collection_handler'); -} -function phpbb_stop_error_collection() -{ - global $phpbb_collected_errors; - restore_error_handler(); - $errors = array_pop($phpbb_collected_errors); - return $errors; -} + function install() + { + set_error_handler(array(&$this, 'error_handler')); + } -function phpbb_format_collected_errors($errors) -{ - $text = ''; - foreach ($errors as $error) + function uninstall() { - if (!empty($text)) - { - $text .= "
\n"; - } - list($errno, $msg_text, $errfile, $errline) = $error; - $text .= "Errno $errno: $msg_text"; - if (defined('DEBUG')) + restore_error_handler(); + } + + function error_handler($errno, $msg_text, $errfile, $errline) + { + $this->errors[] = array($errno, $msg_text, $errfile, $errline); + } + + function format_errors() + { + $text = ''; + foreach ($this->errors as $error) { - $text .= " at $errfile line $errline"; + if (!empty($text)) + { + $text .= "
\n"; + } + list($errno, $msg_text, $errfile, $errline) = $error; + $text .= "Errno $errno: $msg_text"; + if (defined('DEBUG')) + { + $text .= " at $errfile line $errline"; + } } + return $text; } - return $text; } /** -- cgit v1.2.1 From 24834543eef54650d198e1eb2b3a851e1ce08227 Mon Sep 17 00:00:00 2001 From: Oleg Pudeyev Date: Sun, 6 Mar 2011 20:14:06 -0500 Subject: [ticket/10057] Moved error collector class into its own file. This will make it autoloadable in 3.1. This commit breaks 3.0 since no code includes the error collector. Such include code will be in its own commit since it will need to be reverted in 3.1. PHPBB3-10057 --- phpBB/includes/error_collector.php | 45 ++++++++++++++++++++++++++++++++++++++ phpBB/includes/functions.php | 44 ------------------------------------- 2 files changed, 45 insertions(+), 44 deletions(-) create mode 100644 phpBB/includes/error_collector.php (limited to 'phpBB/includes') diff --git a/phpBB/includes/error_collector.php b/phpBB/includes/error_collector.php new file mode 100644 index 0000000000..8b4a7660e9 --- /dev/null +++ b/phpBB/includes/error_collector.php @@ -0,0 +1,45 @@ +errors = array(); + } + + function install() + { + set_error_handler(array(&$this, 'error_handler')); + } + + function uninstall() + { + restore_error_handler(); + } + + function error_handler($errno, $msg_text, $errfile, $errline) + { + $this->errors[] = array($errno, $msg_text, $errfile, $errline); + } + + function format_errors() + { + $text = ''; + foreach ($this->errors as $error) + { + if (!empty($text)) + { + $text .= "
\n"; + } + list($errno, $msg_text, $errfile, $errline) = $error; + $text .= "Errno $errno: $msg_text"; + if (defined('DEBUG')) + { + $text .= " at $errfile line $errline"; + } + } + return $text; + } +} diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 39a02034c4..398a02380b 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -3928,50 +3928,6 @@ function msg_handler($errno, $msg_text, $errfile, $errline) return false; } -class phpbb_error_collector -{ - var $errors; - - function phpbb_error_collector() - { - $this->errors = array(); - } - - function install() - { - set_error_handler(array(&$this, 'error_handler')); - } - - function uninstall() - { - restore_error_handler(); - } - - function error_handler($errno, $msg_text, $errfile, $errline) - { - $this->errors[] = array($errno, $msg_text, $errfile, $errline); - } - - function format_errors() - { - $text = ''; - foreach ($this->errors as $error) - { - if (!empty($text)) - { - $text .= "
\n"; - } - list($errno, $msg_text, $errfile, $errline) = $error; - $text .= "Errno $errno: $msg_text"; - if (defined('DEBUG')) - { - $text .= " at $errfile line $errline"; - } - } - return $text; - } -} - /** * Queries the session table to get information about online guests * @param int $item_id Limits the search to the item with this id -- cgit v1.2.1 From 22004fa7d65b19e8bfe96a97042a614be1adf444 Mon Sep 17 00:00:00 2001 From: Oleg Pudeyev Date: Sun, 6 Mar 2011 20:51:09 -0500 Subject: [ticket/10057] Include error collector class file in postgres dbal. This change is in its own commit because it will be reverted for 3.1. PHPBB3-10057 --- phpBB/includes/db/postgres.php | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'phpBB/includes') diff --git a/phpBB/includes/db/postgres.php b/phpBB/includes/db/postgres.php index a8dc3dd8ee..d703f5b567 100644 --- a/phpBB/includes/db/postgres.php +++ b/phpBB/includes/db/postgres.php @@ -18,6 +18,11 @@ if (!defined('IN_PHPBB')) include_once($phpbb_root_path . 'includes/db/dbal.' . $phpEx); +if (!class_exists('phpbb_error_collector')) +{ + include($phpbb_root_path . 'includes/error_collector.' . $phpEx); +} + /** * PostgreSQL Database Abstraction Layer * Minimum Requirement is Version 7.3+ -- cgit v1.2.1 From af43ed655bf31ae4b9ef999e0a95eeae67724597 Mon Sep 17 00:00:00 2001 From: Oleg Pudeyev Date: Sun, 6 Mar 2011 20:55:41 -0500 Subject: [ticket/10057] Split statements in firebird dbal for readability. PHPBB3-10057 --- phpBB/includes/db/firebird.php | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/db/firebird.php b/phpBB/includes/db/firebird.php index 6f60dd5dad..2f17b00b3f 100644 --- a/phpBB/includes/db/firebird.php +++ b/phpBB/includes/db/firebird.php @@ -53,9 +53,23 @@ class dbal_firebird extends dbal $use_database = $this->server . ':' . $this->dbname; } - $this->db_connect_id = ($this->persistency) ? @ibase_pconnect($use_database, $this->user, $sqlpassword, false, false, 3) : @ibase_connect($use_database, $this->user, $sqlpassword, false, false, 3); + if ($this->persistency) + { + $this->db_connect_id = @ibase_pconnect($use_database, $this->user, $sqlpassword, false, false, 3); + } + else + { + $this->db_connect_id = @ibase_connect($use_database, $this->user, $sqlpassword, false, false, 3); + } - $this->service_handle = (function_exists('ibase_service_attach') && $this->server) ? @ibase_service_attach($this->server, $this->user, $sqlpassword) : false; + if (function_exists('ibase_service_attach') && $this->server) + { + $this->service_handle = @ibase_service_attach($this->server, $this->user, $sqlpassword); + } + else + { + $thih->service_handle = false; + } return ($this->db_connect_id) ? $this->db_connect_id : $this->sql_error(''); } -- cgit v1.2.1 From 4d92f9bb2eea82a9af36401649c318623d39307f Mon Sep 17 00:00:00 2001 From: Oleg Pudeyev Date: Sun, 6 Mar 2011 21:03:24 -0500 Subject: [ticket/10057] Check for interbase function existence. Calling nonexistent functions with @ destroys the script with no feedback as to the cause of the error. Check whether interbase functions exist before calling them. PHPBB3-10057 --- phpBB/includes/db/firebird.php | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'phpBB/includes') diff --git a/phpBB/includes/db/firebird.php b/phpBB/includes/db/firebird.php index 2f17b00b3f..d1d88ffe42 100644 --- a/phpBB/includes/db/firebird.php +++ b/phpBB/includes/db/firebird.php @@ -55,10 +55,18 @@ class dbal_firebird extends dbal if ($this->persistency) { + if (!function_exists('ibase_pconnect')) + { + return $this->sql_error('ibase_pconnect function does not exist, is interbase extension installed?'); + } $this->db_connect_id = @ibase_pconnect($use_database, $this->user, $sqlpassword, false, false, 3); } else { + if (!function_exists('ibase_connect')) + { + return $this->sql_error('ibase_connect function does not exist, is interbase extension installed?'); + } $this->db_connect_id = @ibase_connect($use_database, $this->user, $sqlpassword, false, false, 3); } -- cgit v1.2.1 From edc1deaa3afcadab82d404e705e162a9f3fa26c5 Mon Sep 17 00:00:00 2001 From: Oleg Pudeyev Date: Sun, 6 Mar 2011 23:07:48 -0500 Subject: [ticket/10057] Skip ibase_service_attach if firebird connection failed. ibase_errmsg works for the most recent call. If the connection fails, any error message is clobbered by ibase_service_attach call. PHPBB3-10057 --- phpBB/includes/db/firebird.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/db/firebird.php b/phpBB/includes/db/firebird.php index d1d88ffe42..660acb35db 100644 --- a/phpBB/includes/db/firebird.php +++ b/phpBB/includes/db/firebird.php @@ -70,7 +70,9 @@ class dbal_firebird extends dbal $this->db_connect_id = @ibase_connect($use_database, $this->user, $sqlpassword, false, false, 3); } - if (function_exists('ibase_service_attach') && $this->server) + // Do not call ibase_service_attach if connection failed, + // otherwise error message from ibase_(p)connect call will be clobbered. + if ($this->db_connect_id && function_exists('ibase_service_attach') && $this->server) { $this->service_handle = @ibase_service_attach($this->server, $this->user, $sqlpassword); } -- cgit v1.2.1 From 98388b29212cf94c443e0b4f626508efc937715f Mon Sep 17 00:00:00 2001 From: Oleg Pudeyev Date: Sun, 6 Mar 2011 23:17:01 -0500 Subject: [ticket/10057] Fixed wrong usage of sql_error in postgres dbal. pg_last_error does not work if no connection was ever established. Therefore we must keep track of connection errors in postgres dbal ourselves. PHPBB3-10057 --- phpBB/includes/db/postgres.php | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/db/postgres.php b/phpBB/includes/db/postgres.php index d703f5b567..78b6a75750 100644 --- a/phpBB/includes/db/postgres.php +++ b/phpBB/includes/db/postgres.php @@ -31,6 +31,7 @@ if (!class_exists('phpbb_error_collector')) class dbal_postgres extends dbal { var $last_query_text = ''; + var $connect_error = ''; /** * Connect to server @@ -121,8 +122,8 @@ class dbal_postgres extends dbal return $this->db_connect_id; } - $errors = $collector->format_errors(); - return $this->sql_error($errors); + $this->connect_error = $collector->format_errors(); + return $this->sql_error(''); } /** @@ -391,8 +392,19 @@ class dbal_postgres extends dbal */ function _sql_error() { + // pg_last_error only works when there is an established connection. + // Connection errors have to be tracked by us manually. + if ($this->db_connect_id) + { + $message = @pg_last_error($this->db_connect_id); + } + else + { + $message = $this->connect_error; + } + return array( - 'message' => (!$this->db_connect_id) ? @pg_last_error() : @pg_last_error($this->db_connect_id), + 'message' => $message, 'code' => '' ); } -- cgit v1.2.1 From 40468a5adcd11628c123b54911919e533d2dbd28 Mon Sep 17 00:00:00 2001 From: Oleg Pudeyev Date: Mon, 7 Mar 2011 08:46:49 -0500 Subject: [ticket/10057] Condition file/line display on DEBUG_EXTRA or IN_INSTALL. PHPBB3-10057 --- phpBB/includes/error_collector.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/error_collector.php b/phpBB/includes/error_collector.php index 8b4a7660e9..6327a38649 100644 --- a/phpBB/includes/error_collector.php +++ b/phpBB/includes/error_collector.php @@ -35,7 +35,7 @@ class phpbb_error_collector } list($errno, $msg_text, $errfile, $errline) = $error; $text .= "Errno $errno: $msg_text"; - if (defined('DEBUG')) + if (defined('DEBUG_EXTRA') || defined('IN_INSTALL')) { $text .= " at $errfile line $errline"; } -- cgit v1.2.1 From e5aa2c9ac112156b56db9c4b1d8fc2b6f6f79265 Mon Sep 17 00:00:00 2001 From: Oleg Pudeyev Date: Mon, 7 Mar 2011 08:52:59 -0500 Subject: [ticket/10057] Fixed usage of sql_error again. PHPBB3-10057 --- phpBB/includes/db/postgres.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/db/postgres.php b/phpBB/includes/db/postgres.php index 78b6a75750..69f605fc47 100644 --- a/phpBB/includes/db/postgres.php +++ b/phpBB/includes/db/postgres.php @@ -89,7 +89,8 @@ class dbal_postgres extends dbal { if (!function_exists('pg_pconnect')) { - return $this->sql_error('pg_pconnect function does not exist, is pgsql extension installed?'); + $this->connect_error = 'pg_pconnect function does not exist, is pgsql extension installed?'; + return $this->sql_error(''); } $collector = new phpbb_error_collector; $collector->install(); @@ -99,7 +100,8 @@ class dbal_postgres extends dbal { if (!function_exists('pg_pconnect')) { - return $this->sql_error('pg_connect function does not exist, is pgsql extension installed?'); + $this->connect_error = 'pg_connect function does not exist, is pgsql extension installed?'; + return $this->sql_error(''); } $collector = new phpbb_error_collector; $collector->install(); -- cgit v1.2.1 From 7acbf98692dfe4b3bf1ca103a1fa90d7f51d3c1b Mon Sep 17 00:00:00 2001 From: Oleg Pudeyev Date: Mon, 7 Mar 2011 09:04:01 -0500 Subject: [ticket/10057] Fixed wrong usage of sql_error again, in firebird. This necessitates adding connect_error property to firebird. PHPBB3-10057 --- phpBB/includes/db/firebird.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/db/firebird.php b/phpBB/includes/db/firebird.php index 660acb35db..fb820b4894 100644 --- a/phpBB/includes/db/firebird.php +++ b/phpBB/includes/db/firebird.php @@ -28,6 +28,7 @@ class dbal_firebird extends dbal var $last_query_text = ''; var $service_handle = false; var $affected_rows = 0; + var $connect_error = ''; /** * Connect to server @@ -57,7 +58,8 @@ class dbal_firebird extends dbal { if (!function_exists('ibase_pconnect')) { - return $this->sql_error('ibase_pconnect function does not exist, is interbase extension installed?'); + $this->connect_error = 'ibase_pconnect function does not exist, is interbase extension installed?'; + return $this->sql_error(''); } $this->db_connect_id = @ibase_pconnect($use_database, $this->user, $sqlpassword, false, false, 3); } @@ -65,7 +67,8 @@ class dbal_firebird extends dbal { if (!function_exists('ibase_connect')) { - return $this->sql_error('ibase_connect function does not exist, is interbase extension installed?'); + $this->connect_error = 'ibase_connect function does not exist, is interbase extension installed?'; + return $this->sql_error(''); } $this->db_connect_id = @ibase_connect($use_database, $this->user, $sqlpassword, false, false, 3); } -- cgit v1.2.1 From 020d06cdaac13372feef615b8689ad2526733243 Mon Sep 17 00:00:00 2001 From: Oleg Pudeyev Date: Mon, 7 Mar 2011 09:09:40 -0500 Subject: [ticket/10057] Handle the case of missing interbase extension better. PHPBB3-10057 --- phpBB/includes/db/firebird.php | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/db/firebird.php b/phpBB/includes/db/firebird.php index fb820b4894..6786edb964 100644 --- a/phpBB/includes/db/firebird.php +++ b/phpBB/includes/db/firebird.php @@ -498,8 +498,24 @@ class dbal_firebird extends dbal */ function _sql_error() { + // Need special handling here because ibase_errmsg returns + // connection errors, however if the interbase extension + // is not installed then ibase_errmsg does not exist and + // we cannot call it. + if (function_exists('ibase_errmsg')) + { + $msg = @ibase_errmsg(); + if (!$msg) + { + $msg = $this->connect_error; + } + } + else + { + $msg = $this->connect_error; + } return array( - 'message' => @ibase_errmsg(), + 'message' => $msg, 'code' => (@function_exists('ibase_errcode') ? @ibase_errcode() : '') ); } -- cgit v1.2.1 From 9a9b156a8ed5a8c0ad71d51c10ae7a32b24359f4 Mon Sep 17 00:00:00 2001 From: rxu Date: Mon, 7 Mar 2011 21:22:33 +0700 Subject: [ticket/10035] ACP template edit feature allows to read any files on webserver. ... and to upload/execute any script on it. Use preg_replace to filter filename PHPBB3-10035 --- phpBB/includes/acp/acp_styles.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php index 0f157ceff3..37cf8d1f72 100644 --- a/phpBB/includes/acp/acp_styles.php +++ b/phpBB/includes/acp/acp_styles.php @@ -716,7 +716,7 @@ parse_css_file = {PARSE_CSS_FILE} $save_changes = (isset($_POST['save'])) ? true : false; // make sure template_file path doesn't go upwards - $template_file = str_replace('..', '.', $template_file); + $template_file = preg_replace('#\.{2,}#', '.', $template_file); // Retrieve some information about the template $sql = 'SELECT template_storedb, template_path, template_name -- cgit v1.2.1 From f6c6de45395e18a8e3c6091e4b3fcd02f8355a28 Mon Sep 17 00:00:00 2001 From: Josh Woody Date: Mon, 7 Mar 2011 08:48:02 -0600 Subject: [ticket/9946] Allow storage of data >4kB on Oracle again This fixes the fix to PHPBB3-9132, which introduced a fatal error on Oracle. PHPBB3-9946 --- phpBB/includes/db/oracle.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/db/oracle.php b/phpBB/includes/db/oracle.php index c8a9a5f604..62b36aa8bf 100644 --- a/phpBB/includes/db/oracle.php +++ b/phpBB/includes/db/oracle.php @@ -269,11 +269,12 @@ class dbal_oracle extends dbal { $cols = explode(', ', $regs[2]); + preg_match_all('/\'(?:[^\']++|\'\')*+\'|[\d-.]+/', $regs[3], $vals, PREG_PATTERN_ORDER); + /* The code inside this comment block breaks clob handling, but does allow the database restore script to work. If you want to allow no posts longer than 4KB and/or need the db restore script, uncomment this. - preg_match_all('/\'(?:[^\']++|\'\')*+\'|[\d-.]+/', $regs[3], $vals, PREG_PATTERN_ORDER); if (sizeof($cols) !== sizeof($vals)) { -- cgit v1.2.1 From 87e3560c30365d757280f6ef6f067c29c1f9c5f0 Mon Sep 17 00:00:00 2001 From: Oleg Pudeyev Date: Tue, 8 Mar 2011 19:48:56 -0500 Subject: [ticket/10057] Fixes for a bunch of small problems. PHPBB3-10057 --- phpBB/includes/db/firebird.php | 2 +- phpBB/includes/db/postgres.php | 2 +- phpBB/includes/error_collector.php | 16 ++++++++++++++++ 3 files changed, 18 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/db/firebird.php b/phpBB/includes/db/firebird.php index 6786edb964..7e3f15ed1d 100644 --- a/phpBB/includes/db/firebird.php +++ b/phpBB/includes/db/firebird.php @@ -81,7 +81,7 @@ class dbal_firebird extends dbal } else { - $thih->service_handle = false; + $this->service_handle = false; } return ($this->db_connect_id) ? $this->db_connect_id : $this->sql_error(''); diff --git a/phpBB/includes/db/postgres.php b/phpBB/includes/db/postgres.php index 69f605fc47..bb116e0763 100644 --- a/phpBB/includes/db/postgres.php +++ b/phpBB/includes/db/postgres.php @@ -98,7 +98,7 @@ class dbal_postgres extends dbal } else { - if (!function_exists('pg_pconnect')) + if (!function_exists('pg_connect')) { $this->connect_error = 'pg_connect function does not exist, is pgsql extension installed?'; return $this->sql_error(''); diff --git a/phpBB/includes/error_collector.php b/phpBB/includes/error_collector.php index 6327a38649..55834f354c 100644 --- a/phpBB/includes/error_collector.php +++ b/phpBB/includes/error_collector.php @@ -1,4 +1,20 @@ Date: Wed, 2 Mar 2011 06:43:10 -0500 Subject: [ticket/10046] Do not link bots to cron.php. Bots, generally speaking, will not request cron.php immediately, thus telling them to request it is pointless. PHPBB3-10046 --- phpBB/includes/functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 6a2d132175..80b51f80ae 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -4611,7 +4611,7 @@ function page_footer($run_cron = true) // Call cron-type script $call_cron = false; - if (!defined('IN_CRON') && $run_cron && !$config['board_disable']) + if (!defined('IN_CRON') && $run_cron && !$config['board_disable'] && !$user->data['is_bot']) { $call_cron = true; $time_now = (!empty($user->time_now) && is_int($user->time_now)) ? $user->time_now : time(); -- cgit v1.2.1 From 64657ee366f3d7f7e78129cda0e6cfc1ae36d4c3 Mon Sep 17 00:00:00 2001 From: Oleg Pudeyev Date: Sun, 13 Mar 2011 23:11:33 -0400 Subject: [ticket/10096] Fixed whitespace in functions.php. PHPBB3-10096 --- phpBB/includes/functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 80b51f80ae..2fc7ca6903 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -4261,7 +4261,7 @@ function phpbb_http_login($param) if (!is_null($username) && is_null($password) && strpos($username, 'Basic ') === 0) { list($username, $password) = explode(':', base64_decode(substr($username, 6)), 2); - } + } if (!is_null($username) && !is_null($password)) { -- cgit v1.2.1 From 91b319525546ea696653dbb7f2c494058a85b00b Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Sat, 12 Mar 2011 16:49:25 +0100 Subject: [ticket/9685] Buffer posts for search indexing when using mssqlnative. To have a generic solution there is now a sql_buffer_nested_transaction() which indicates that the given SQL driver requires buffering to run a transaction while iterating over another result set. PHPBB3-9685 --- phpBB/includes/acp/acp_search.php | 18 ++++++++++++++++-- phpBB/includes/db/dbal.php | 10 ++++++++++ phpBB/includes/db/mssqlnative.php | 10 +++++++++- 3 files changed, 35 insertions(+), 3 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_search.php b/phpBB/includes/acp/acp_search.php index 930c8d2a26..0cd67b1c34 100644 --- a/phpBB/includes/acp/acp_search.php +++ b/phpBB/includes/acp/acp_search.php @@ -392,7 +392,18 @@ class acp_search AND post_id <= ' . (int) ($post_counter + $this->batch_size); $result = $db->sql_query($sql); - while ($row = $db->sql_fetchrow($result)) + $buffer = $db->sql_buffer_nested_transactions(); + + if ($buffer) + { + $rows = $db->sql_fetchrowset($result); + $rows[] = false; // indicate end of array for while loop below + + $db->sql_freeresult($result); + } + + $i = 0; + while ($row = ($buffer ? $rows[$i++] : $db->sql_fetchrow($result))) { // Indexing enabled for this forum or global announcement? // Global announcements get indexed by default. @@ -402,7 +413,10 @@ class acp_search } $row_count++; } - $db->sql_freeresult($result); + if (!$buffer) + { + $db->sql_freeresult($result); + } $post_counter += $this->batch_size; } diff --git a/phpBB/includes/db/dbal.php b/phpBB/includes/db/dbal.php index 5d8d5fbd47..d7860fc8bc 100644 --- a/phpBB/includes/db/dbal.php +++ b/phpBB/includes/db/dbal.php @@ -241,6 +241,16 @@ class dbal return $this->_sql_like_expression('LIKE \'' . $this->sql_escape($expression) . '\''); } + /** + * Returns whether results of a query need to be buffered to run a transaction while iterating over them. + * + * @return bool Whether buffering is required. + */ + function sql_buffer_nested_transaction() + { + return false; + } + /** * SQL Transaction * @access private diff --git a/phpBB/includes/db/mssqlnative.php b/phpBB/includes/db/mssqlnative.php index 7ed4146f27..8912cda178 100644 --- a/phpBB/includes/db/mssqlnative.php +++ b/phpBB/includes/db/mssqlnative.php @@ -258,6 +258,14 @@ class dbal_mssqlnative extends dbal return ($this->sql_server_version) ? 'MSSQL
' . $this->sql_server_version : 'MSSQL'; } + /** + * {@inheritDoc} + */ + function sql_buffer_nested_transaction() + { + return true; + } + /** * SQL Transaction * @access private @@ -628,7 +636,7 @@ class dbal_mssqlnative extends dbal return false; } } - + /** * Allows setting mssqlnative specific query options passed to sqlsrv_query as 4th parameter. */ -- cgit v1.2.1 From 48ba841be0abf6b44211826101334d1dafb93dd2 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Thu, 17 Mar 2011 23:01:07 +0100 Subject: [ticket/10100] Update rand_seed_last_update before rand_seed in unique_id(). Update $config['rand_seed_last_update'] before updating $config['rand_seed'] in unique_id() to mitigate a race condition and unnecessary updates on heavily busy boards. PHPBB3-10100 --- phpBB/includes/functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 2fc7ca6903..198e429afc 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -240,8 +240,8 @@ function unique_id($extra = 'c') if ($dss_seeded !== true && ($config['rand_seed_last_update'] < time() - rand(1,10))) { - set_config('rand_seed', $config['rand_seed'], true); set_config('rand_seed_last_update', time(), true); + set_config('rand_seed', $config['rand_seed'], true); $dss_seeded = true; } -- cgit v1.2.1 From f8384b7302ca27aec0064f7d927a732e4e4552da Mon Sep 17 00:00:00 2001 From: Igor Wiedler Date: Thu, 17 Mar 2011 23:59:38 +0100 Subject: [ticket/10101] Add support for native phpass hashes phpass (the hashing library we use) adds a hash identifier to every hash. By default this identifier is '$P$'. For some reason we have changed it to '$H$'. This patch allows both of them to be used for authentication, so that a third party system could create users with '$P$' hashes. PHPBB3-10101 --- phpBB/includes/functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 2fc7ca6903..d6330f6d85 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -516,7 +516,7 @@ function _hash_crypt_private($password, $setting, &$itoa64) $output = '*'; // Check for correct hash - if (substr($setting, 0, 3) != '$H$') + if (substr($setting, 0, 3) != '$H$' && substr($setting, 0, 3) != '$P$') { return $output; } -- cgit v1.2.1 From 1564c01c38742037bf44f87c03c96384344fd17b Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Wed, 23 Mar 2011 22:48:22 +0100 Subject: [ticket/10033] "Disallow usernames" does not check already disallowed names. PHPBB3-10033 --- phpBB/includes/acp/acp_disallow.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_disallow.php b/phpBB/includes/acp/acp_disallow.php index 9549955cc8..e2176b7bcd 100644 --- a/phpBB/includes/acp/acp_disallow.php +++ b/phpBB/includes/acp/acp_disallow.php @@ -56,6 +56,18 @@ class acp_disallow trigger_error($user->lang['NO_USERNAME_SPECIFIED'] . adm_back_link($this->u_action), E_USER_WARNING); } + $sql = 'SELECT disallow_id + FROM ' . DISALLOW_TABLE . " + WHERE disallow_username = '" . $db->sql_escape($disallowed_user) . "'"; + $result = $db->sql_query($sql); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + if ($row) + { + trigger_error($user->lang['DISALLOWED_ALREADY'] . adm_back_link($this->u_action), E_USER_WARNING); + } + $sql = 'INSERT INTO ' . DISALLOW_TABLE . ' ' . $db->sql_build_array('INSERT', array('disallow_username' => $disallowed_user)); $db->sql_query($sql); -- cgit v1.2.1 From 83ca7305444e09180f0cee0352c4426bb72b793f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Fr=C3=A8rejean?= Date: Thu, 24 Mar 2011 10:44:36 +0100 Subject: [ticket/9581] Fix missing index Add `u.user_lang` to the select statement to prevent "undefined index" errors. PHPBB3-9581 --- phpBB/includes/acp/acp_email.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_email.php b/phpBB/includes/acp/acp_email.php index a8cc93c2e7..133fe47e09 100644 --- a/phpBB/includes/acp/acp_email.php +++ b/phpBB/includes/acp/acp_email.php @@ -99,7 +99,7 @@ class acp_email else { $sql_ary = array( - 'SELECT' => 'u.username, u.username_clean, u.user_email, u.user_jabber, u.user_notify_type', + 'SELECT' => 'u.username, u.username_clean, u.user_email, u.user_jabber, u.user_lang, u.user_notify_type', 'FROM' => array( USERS_TABLE => 'u', ), -- cgit v1.2.1 From 657971754bd72debb3086ac084af07a7c3d7831c Mon Sep 17 00:00:00 2001 From: Callum Macrae Date: Tue, 29 Mar 2011 21:12:04 +0100 Subject: [ticket/10112] Replaced a couple occurrences of count() with sizeof() As per the coding guidlines, sizeof() should be used instead of count(). PHPBB3-10112 --- phpBB/includes/captcha/captcha_gd.php | 54 +++++++++++++++++------------------ phpBB/includes/db/mssqlnative.php | 2 +- 2 files changed, 28 insertions(+), 28 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/captcha/captcha_gd.php b/phpBB/includes/captcha/captcha_gd.php index 96e39af85b..5f24618aab 100644 --- a/phpBB/includes/captcha/captcha_gd.php +++ b/phpBB/includes/captcha/captcha_gd.php @@ -112,7 +112,7 @@ class captcha $noise_bitmaps = $this->captcha_noise_bg_bitmaps(); for ($i = 0; $i < $code_len; ++$i) { - $noise[$i] = new char_cube3d($noise_bitmaps, mt_rand(1, count($noise_bitmaps['data']))); + $noise[$i] = new char_cube3d($noise_bitmaps, mt_rand(1, sizeof($noise_bitmaps['data']))); list($min, $max) = $noise[$i]->range(); //$box = $noise[$i]->dimensions($sizes[$i]); @@ -1669,32 +1669,32 @@ class captcha 'height' => 15, 'data' => array( - 'A' => $chars['A'][mt_rand(0, min(count($chars['A']), $config['captcha_gd_fonts']) -1)], - 'B' => $chars['B'][mt_rand(0, min(count($chars['B']), $config['captcha_gd_fonts']) -1)], - 'C' => $chars['C'][mt_rand(0, min(count($chars['C']), $config['captcha_gd_fonts']) -1)], - 'D' => $chars['D'][mt_rand(0, min(count($chars['D']), $config['captcha_gd_fonts']) -1)], - 'E' => $chars['E'][mt_rand(0, min(count($chars['E']), $config['captcha_gd_fonts']) -1)], - 'F' => $chars['F'][mt_rand(0, min(count($chars['F']), $config['captcha_gd_fonts']) -1)], - 'G' => $chars['G'][mt_rand(0, min(count($chars['G']), $config['captcha_gd_fonts']) -1)], - 'H' => $chars['H'][mt_rand(0, min(count($chars['H']), $config['captcha_gd_fonts']) -1)], - 'I' => $chars['I'][mt_rand(0, min(count($chars['I']), $config['captcha_gd_fonts']) -1)], - 'J' => $chars['J'][mt_rand(0, min(count($chars['J']), $config['captcha_gd_fonts']) -1)], - 'K' => $chars['K'][mt_rand(0, min(count($chars['K']), $config['captcha_gd_fonts']) -1)], - 'L' => $chars['L'][mt_rand(0, min(count($chars['L']), $config['captcha_gd_fonts']) -1)], - 'M' => $chars['M'][mt_rand(0, min(count($chars['M']), $config['captcha_gd_fonts']) -1)], - 'N' => $chars['N'][mt_rand(0, min(count($chars['N']), $config['captcha_gd_fonts']) -1)], - 'O' => $chars['O'][mt_rand(0, min(count($chars['O']), $config['captcha_gd_fonts']) -1)], - 'P' => $chars['P'][mt_rand(0, min(count($chars['P']), $config['captcha_gd_fonts']) -1)], - 'Q' => $chars['Q'][mt_rand(0, min(count($chars['Q']), $config['captcha_gd_fonts']) -1)], - 'R' => $chars['R'][mt_rand(0, min(count($chars['R']), $config['captcha_gd_fonts']) -1)], - 'S' => $chars['S'][mt_rand(0, min(count($chars['S']), $config['captcha_gd_fonts']) -1)], - 'T' => $chars['T'][mt_rand(0, min(count($chars['T']), $config['captcha_gd_fonts']) -1)], - 'U' => $chars['U'][mt_rand(0, min(count($chars['U']), $config['captcha_gd_fonts']) -1)], - 'V' => $chars['V'][mt_rand(0, min(count($chars['V']), $config['captcha_gd_fonts']) -1)], - 'W' => $chars['W'][mt_rand(0, min(count($chars['W']), $config['captcha_gd_fonts']) -1)], - 'X' => $chars['X'][mt_rand(0, min(count($chars['X']), $config['captcha_gd_fonts']) -1)], - 'Y' => $chars['Y'][mt_rand(0, min(count($chars['Y']), $config['captcha_gd_fonts']) -1)], - 'Z' => $chars['Z'][mt_rand(0, min(count($chars['Z']), $config['captcha_gd_fonts']) -1)], + 'A' => $chars['A'][mt_rand(0, min(sizeof($chars['A']), $config['captcha_gd_fonts']) -1)], + 'B' => $chars['B'][mt_rand(0, min(sizeof($chars['B']), $config['captcha_gd_fonts']) -1)], + 'C' => $chars['C'][mt_rand(0, min(sizeof($chars['C']), $config['captcha_gd_fonts']) -1)], + 'D' => $chars['D'][mt_rand(0, min(sizeof($chars['D']), $config['captcha_gd_fonts']) -1)], + 'E' => $chars['E'][mt_rand(0, min(sizeof($chars['E']), $config['captcha_gd_fonts']) -1)], + 'F' => $chars['F'][mt_rand(0, min(sizeof($chars['F']), $config['captcha_gd_fonts']) -1)], + 'G' => $chars['G'][mt_rand(0, min(sizeof($chars['G']), $config['captcha_gd_fonts']) -1)], + 'H' => $chars['H'][mt_rand(0, min(sizeof($chars['H']), $config['captcha_gd_fonts']) -1)], + 'I' => $chars['I'][mt_rand(0, min(sizeof($chars['I']), $config['captcha_gd_fonts']) -1)], + 'J' => $chars['J'][mt_rand(0, min(sizeof($chars['J']), $config['captcha_gd_fonts']) -1)], + 'K' => $chars['K'][mt_rand(0, min(sizeof($chars['K']), $config['captcha_gd_fonts']) -1)], + 'L' => $chars['L'][mt_rand(0, min(sizeof($chars['L']), $config['captcha_gd_fonts']) -1)], + 'M' => $chars['M'][mt_rand(0, min(sizeof($chars['M']), $config['captcha_gd_fonts']) -1)], + 'N' => $chars['N'][mt_rand(0, min(sizeof($chars['N']), $config['captcha_gd_fonts']) -1)], + 'O' => $chars['O'][mt_rand(0, min(sizeof($chars['O']), $config['captcha_gd_fonts']) -1)], + 'P' => $chars['P'][mt_rand(0, min(sizeof($chars['P']), $config['captcha_gd_fonts']) -1)], + 'Q' => $chars['Q'][mt_rand(0, min(sizeof($chars['Q']), $config['captcha_gd_fonts']) -1)], + 'R' => $chars['R'][mt_rand(0, min(sizeof($chars['R']), $config['captcha_gd_fonts']) -1)], + 'S' => $chars['S'][mt_rand(0, min(sizeof($chars['S']), $config['captcha_gd_fonts']) -1)], + 'T' => $chars['T'][mt_rand(0, min(sizeof($chars['T']), $config['captcha_gd_fonts']) -1)], + 'U' => $chars['U'][mt_rand(0, min(sizeof($chars['U']), $config['captcha_gd_fonts']) -1)], + 'V' => $chars['V'][mt_rand(0, min(sizeof($chars['V']), $config['captcha_gd_fonts']) -1)], + 'W' => $chars['W'][mt_rand(0, min(sizeof($chars['W']), $config['captcha_gd_fonts']) -1)], + 'X' => $chars['X'][mt_rand(0, min(sizeof($chars['X']), $config['captcha_gd_fonts']) -1)], + 'Y' => $chars['Y'][mt_rand(0, min(sizeof($chars['Y']), $config['captcha_gd_fonts']) -1)], + 'Z' => $chars['Z'][mt_rand(0, min(sizeof($chars['Z']), $config['captcha_gd_fonts']) -1)], '1' => array( array(0,0,0,1,1,0,0,0,0), diff --git a/phpBB/includes/db/mssqlnative.php b/phpBB/includes/db/mssqlnative.php index 7ed4146f27..783c331872 100644 --- a/phpBB/includes/db/mssqlnative.php +++ b/phpBB/includes/db/mssqlnative.php @@ -50,7 +50,7 @@ class result_mssqlnative } } - $this->m_row_count = count($this->m_rows); + $this->m_row_count = sizeof($this->m_rows); } private function array_to_obj($array, &$obj) -- cgit v1.2.1 From fad7333e7266fe402e4a63f816b401c2f54b0c66 Mon Sep 17 00:00:00 2001 From: Eric Date: Mon, 28 Mar 2011 21:08:53 +0800 Subject: [ticket/10110] Add Redis ACM backend PHPBB3-10110 --- phpBB/includes/acm/acm_redis.php | 142 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 142 insertions(+) create mode 100644 phpBB/includes/acm/acm_redis.php (limited to 'phpBB/includes') diff --git a/phpBB/includes/acm/acm_redis.php b/phpBB/includes/acm/acm_redis.php new file mode 100644 index 0000000000..3f0e590d0a --- /dev/null +++ b/phpBB/includes/acm/acm_redis.php @@ -0,0 +1,142 @@ +extension}] for the ACM module $acm_type.", E_USER_ERROR); + } + + $this->redis = new Redis(); + foreach (explode(',', PHPBB_ACM_REDIS) as $u) + { + $parts = explode('/', $u); + $this->redis->connect(trim($parts[0]), trim($parts[1])); + } + + if (defined('PHPBB_ACM_REDIS_PASSWORD')) + { + if (!$this->redis->auth(PHPBB_ACM_REDIS_PASSWORD)) + { + trigger_error("Incorrect password for the ACM module $acm_type.", E_USER_ERROR); + } + } + } + + /** + * Unload the cache resources + * + * @return void + */ + function unload() + { + parent::unload(); + + $this->redis->close(); + } + + /** + * Purge cache data + * + * @return void + */ + function purge() + { + $this->redis->flushDB(); + + parent::purge(); + } + + /** + * Fetch an item from the cache + * + * @access protected + * @param string $var Cache key + * @return mixed Cached data + */ + function _read($var) + { + return $this->redis->get($this->key_prefix . $var); + } + + /** + * Store data in the cache + * + * @access protected + * @param string $var Cache key + * @param mixed $data Data to store + * @param int $ttl Time-to-live of cached data + * @return bool True if the operation succeeded + */ + function _write($var, $data, $ttl = 2592000) + { + return $this->redis->setex($this->key_prefix . $var, $ttl, $data); + } + + /** + * Remove an item from the cache + * + * @access protected + * @param string $var Cache key + * @return bool True if the operation succeeded + */ + function _delete($var) + { + if ($this->redis->delete($this->key_prefix . $var) > 0) + { + return true; + } + return false; + } +} -- cgit v1.2.1 From f18d93756cad336db8299a2ab88ec3382efe171a Mon Sep 17 00:00:00 2001 From: Eric Date: Mon, 28 Mar 2011 23:09:32 +0800 Subject: [ticket/10110] Update comments with a link to the phpredis extension PHPBB3-10110 --- phpBB/includes/acm/acm_redis.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acm/acm_redis.php b/phpBB/includes/acm/acm_redis.php index 3f0e590d0a..b1739c0479 100644 --- a/phpBB/includes/acm/acm_redis.php +++ b/phpBB/includes/acm/acm_redis.php @@ -2,8 +2,7 @@ /** * * @package acm -* @version $Id$ -* @copyright (c) 2005, 2011 phpBB Group +* @copyright (c) 2011 phpBB Group * @license http://opensource.org/licenses/gpl-license.php GNU Public License * */ @@ -40,6 +39,10 @@ if (!defined('PHPBB_ACM_REDIS')) /** * ACM for Redis +* +* Compatible with the php extension phpredis available +* at https://github.com/nicolasff/phpredis +* * @package acm */ class acm extends acm_memory -- cgit v1.2.1 From 9891f5a8d2025aeec19c6b33de0d1a48dd92d211 Mon Sep 17 00:00:00 2001 From: Eric Date: Tue, 29 Mar 2011 15:54:28 +0800 Subject: [ticket/10110] Enable the serialization and add a constant for defined the database PHPBB3-10110 --- phpBB/includes/acm/acm_redis.php | 32 +++++++++++++++++++++----------- 1 file changed, 21 insertions(+), 11 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acm/acm_redis.php b/phpBB/includes/acm/acm_redis.php index b1739c0479..1c2b9c0c2f 100644 --- a/phpBB/includes/acm/acm_redis.php +++ b/phpBB/includes/acm/acm_redis.php @@ -48,7 +48,7 @@ if (!defined('PHPBB_ACM_REDIS')) class acm extends acm_memory { var $extension = 'redis'; - + var $redis; function acm() @@ -56,15 +56,10 @@ class acm extends acm_memory // Call the parent constructor parent::acm_memory(); - if (!extension_loaded('redis')) - { - trigger_error("Could not find required extension [{$this->extension}] for the ACM module $acm_type.", E_USER_ERROR); - } - $this->redis = new Redis(); - foreach (explode(',', PHPBB_ACM_REDIS) as $u) + foreach (explode(',', PHPBB_ACM_REDIS) as $server) { - $parts = explode('/', $u); + $parts = explode('/', $server); $this->redis->connect(trim($parts[0]), trim($parts[1])); } @@ -72,9 +67,24 @@ class acm extends acm_memory { if (!$this->redis->auth(PHPBB_ACM_REDIS_PASSWORD)) { + global $acm_type; + trigger_error("Incorrect password for the ACM module $acm_type.", E_USER_ERROR); } } + + $this->redis->setOption(Redis::OPT_SERIALIZER, Redis::SERIALIZER_PHP); + $this->redis->setOption(Redis::OPT_PREFIX, $this->key_prefix); + + if (defined('PHPBB_ACM_REDIS_DB')) + { + if (!$this->redis->select(PHPBB_ACM_REDIS_DB)) + { + global $acm_type; + + trigger_error("Incorrect database for the ACM module $acm_type.", E_USER_ERROR); + } + } } /** @@ -110,7 +120,7 @@ class acm extends acm_memory */ function _read($var) { - return $this->redis->get($this->key_prefix . $var); + return $this->redis->get($var); } /** @@ -124,7 +134,7 @@ class acm extends acm_memory */ function _write($var, $data, $ttl = 2592000) { - return $this->redis->setex($this->key_prefix . $var, $ttl, $data); + return $this->redis->setex($var, $ttl, $data); } /** @@ -136,7 +146,7 @@ class acm extends acm_memory */ function _delete($var) { - if ($this->redis->delete($this->key_prefix . $var) > 0) + if ($this->redis->delete($var) > 0) { return true; } -- cgit v1.2.1 From ddda094d3abd2e5971c77cc38993eefa3d0bdf3a Mon Sep 17 00:00:00 2001 From: Eric Date: Wed, 30 Mar 2011 17:55:53 +0800 Subject: [ticket/10110] Remove tab from empty lines PHPBB3-10110 --- phpBB/includes/acm/acm_redis.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acm/acm_redis.php b/phpBB/includes/acm/acm_redis.php index 1c2b9c0c2f..8954b9d0e7 100644 --- a/phpBB/includes/acm/acm_redis.php +++ b/phpBB/includes/acm/acm_redis.php @@ -48,7 +48,7 @@ if (!defined('PHPBB_ACM_REDIS')) class acm extends acm_memory { var $extension = 'redis'; - + var $redis; function acm() @@ -62,26 +62,26 @@ class acm extends acm_memory $parts = explode('/', $server); $this->redis->connect(trim($parts[0]), trim($parts[1])); } - + if (defined('PHPBB_ACM_REDIS_PASSWORD')) { if (!$this->redis->auth(PHPBB_ACM_REDIS_PASSWORD)) { global $acm_type; - + trigger_error("Incorrect password for the ACM module $acm_type.", E_USER_ERROR); } } - + $this->redis->setOption(Redis::OPT_SERIALIZER, Redis::SERIALIZER_PHP); $this->redis->setOption(Redis::OPT_PREFIX, $this->key_prefix); - + if (defined('PHPBB_ACM_REDIS_DB')) { if (!$this->redis->select(PHPBB_ACM_REDIS_DB)) { global $acm_type; - + trigger_error("Incorrect database for the ACM module $acm_type.", E_USER_ERROR); } } -- cgit v1.2.1 From a83518982394f93e843e68f663fd39b2d6fd5150 Mon Sep 17 00:00:00 2001 From: rxu Date: Tue, 15 Mar 2011 22:21:43 +0700 Subject: [ticket/9751] Password requirement "Must contain letters and numbers" fails PHPBB3-9751 --- phpBB/includes/functions_user.php | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 8a204995aa..88e07f729c 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1617,7 +1617,6 @@ function validate_password($password) { $upp = '\p{Lu}'; $low = '\p{Ll}'; - $let = '\p{L}'; $num = '\p{N}'; $sym = '[^\p{Lu}\p{Ll}\p{N}]'; $pcre = true; @@ -1627,7 +1626,6 @@ function validate_password($password) mb_regex_encoding('UTF-8'); $upp = '[[:upper:]]'; $low = '[[:lower:]]'; - $let = '[[:lower:][:upper:]]'; $num = '[[:digit:]]'; $sym = '[^[:upper:][:lower:][:digit:]]'; $mbstring = true; @@ -1636,7 +1634,6 @@ function validate_password($password) { $upp = '[A-Z]'; $low = '[a-z]'; - $let = '[a-zA-Z]'; $num = '[0-9]'; $sym = '[^A-Za-z0-9]'; $pcre = true; @@ -1652,7 +1649,8 @@ function validate_password($password) break; case 'PASS_TYPE_ALPHA': - $chars[] = $let; + $chars[] = $low; + $chars[] = $upp; $chars[] = $num; break; -- cgit v1.2.1 From dba8cf12fd2573edc9722076770140c7b4024f6b Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Fri, 25 Mar 2011 22:48:44 +0100 Subject: [ticket/9751] Use a switch/case block without break for password complexity. PHPBB3-9751 --- phpBB/includes/functions_user.php | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 88e07f729c..c51e571e31 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1643,23 +1643,25 @@ function validate_password($password) switch ($config['pass_complex']) { - case 'PASS_TYPE_CASE': - $chars[] = $low; - $chars[] = $upp; - break; + // No break statements below ... + // We require strong passwords in case pass_complex is not set or is invalid + default: + // Require mixed case letters, numbers and symbols + case 'PASS_TYPE_SYMBOL': + $chars[] = $sym; + + // Require mixed case letters and numbers case 'PASS_TYPE_ALPHA': - $chars[] = $low; - $chars[] = $upp; $chars[] = $num; - break; - case 'PASS_TYPE_SYMBOL': + // Require mixed case letters + case 'PASS_TYPE_CASE': $chars[] = $low; $chars[] = $upp; - $chars[] = $num; - $chars[] = $sym; - break; + + // No requirements + case 'PASS_TYPE_ANY': } if ($pcre) -- cgit v1.2.1 From 7cc32d3843afbb754b3de101bda2267012647c2f Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Fri, 25 Mar 2011 23:11:15 +0100 Subject: [ticket/9751] Compare $password with empty string instead of casting it to bool PHPBB3-9751 --- phpBB/includes/functions_user.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index c51e571e31..6ac6317dd2 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1605,7 +1605,7 @@ function validate_password($password) { global $config, $db, $user; - if (!$password) + if ($password === '') { return false; } -- cgit v1.2.1 From 4dce53628c97062b1085eb714892f6d81ae07699 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Fri, 25 Mar 2011 23:15:40 +0100 Subject: [ticket/9751] Add shortcut logic for pass_complex == PASS_TYPE_ANY. Add shortcut logic for pass_complex because this is the default value phpBB ships with and there is nothing to do in that function in that case. PHPBB3-9751 --- phpBB/includes/functions_user.php | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 6ac6317dd2..89ce52dc39 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1605,8 +1605,9 @@ function validate_password($password) { global $config, $db, $user; - if ($password === '') + if ($password === '' || $config['pass_complex'] === 'PASS_TYPE_ANY') { + // Password empty or no password complexity required. return false; } @@ -1659,9 +1660,6 @@ function validate_password($password) case 'PASS_TYPE_CASE': $chars[] = $low; $chars[] = $upp; - - // No requirements - case 'PASS_TYPE_ANY': } if ($pcre) -- cgit v1.2.1 From 646d3e10d2fad2521d7239ed2a2a8fe90e6e7234 Mon Sep 17 00:00:00 2001 From: rxu Date: Sat, 2 Apr 2011 19:07:13 +0800 Subject: [ticket/10115] Make some text oriented BBCodes to properly handle unicode. [quote], [b], [i], [size], [color], [u], [list] are affected. PHPBB3-10115 --- phpBB/includes/message_parser.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index b2d0b6c566..cc687b6fec 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -111,16 +111,16 @@ class bbcode_firstpass extends bbcode // [quote] in second position. $this->bbcodes = array( 'code' => array('bbcode_id' => 8, 'regexp' => array('#\[code(?:=([a-z]+))?\](.+\[/code\])#ise' => "\$this->bbcode_code('\$1', '\$2')")), - 'quote' => array('bbcode_id' => 0, 'regexp' => array('#\[quote(?:="(.*?)")?\](.+)\[/quote\]#ise' => "\$this->bbcode_quote('\$0')")), + 'quote' => array('bbcode_id' => 0, 'regexp' => array('#\[quote(?:="(.*?)")?\](.+)\[/quote\]#uise' => "\$this->bbcode_quote('\$0')")), 'attachment' => array('bbcode_id' => 12, 'regexp' => array('#\[attachment=([0-9]+)\](.*?)\[/attachment\]#ise' => "\$this->bbcode_attachment('\$1', '\$2')")), - 'b' => array('bbcode_id' => 1, 'regexp' => array('#\[b\](.*?)\[/b\]#ise' => "\$this->bbcode_strong('\$1')")), - 'i' => array('bbcode_id' => 2, 'regexp' => array('#\[i\](.*?)\[/i\]#ise' => "\$this->bbcode_italic('\$1')")), + 'b' => array('bbcode_id' => 1, 'regexp' => array('#\[b\](.*?)\[/b\]#uise' => "\$this->bbcode_strong('\$1')")), + 'i' => array('bbcode_id' => 2, 'regexp' => array('#\[i\](.*?)\[/i\]#uise' => "\$this->bbcode_italic('\$1')")), 'url' => array('bbcode_id' => 3, 'regexp' => array('#\[url(=(.*))?\](.*)\[/url\]#iUe' => "\$this->validate_url('\$2', '\$3')")), 'img' => array('bbcode_id' => 4, 'regexp' => array('#\[img\](.*)\[/img\]#iUe' => "\$this->bbcode_img('\$1')")), - 'size' => array('bbcode_id' => 5, 'regexp' => array('#\[size=([\-\+]?\d+)\](.*?)\[/size\]#ise' => "\$this->bbcode_size('\$1', '\$2')")), - 'color' => array('bbcode_id' => 6, 'regexp' => array('!\[color=(#[0-9a-f]{3}|#[0-9a-f]{6}|[a-z\-]+)\](.*?)\[/color\]!ise' => "\$this->bbcode_color('\$1', '\$2')")), - 'u' => array('bbcode_id' => 7, 'regexp' => array('#\[u\](.*?)\[/u\]#ise' => "\$this->bbcode_underline('\$1')")), - 'list' => array('bbcode_id' => 9, 'regexp' => array('#\[list(?:=(?:[a-z0-9]|disc|circle|square))?].*\[/list]#ise' => "\$this->bbcode_parse_list('\$0')")), + 'size' => array('bbcode_id' => 5, 'regexp' => array('#\[size=([\-\+]?\d+)\](.*?)\[/size\]#uise' => "\$this->bbcode_size('\$1', '\$2')")), + 'color' => array('bbcode_id' => 6, 'regexp' => array('!\[color=(#[0-9a-f]{3}|#[0-9a-f]{6}|[a-z\-]+)\](.*?)\[/color\]!uise' => "\$this->bbcode_color('\$1', '\$2')")), + 'u' => array('bbcode_id' => 7, 'regexp' => array('#\[u\](.*?)\[/u\]#uise' => "\$this->bbcode_underline('\$1')")), + 'list' => array('bbcode_id' => 9, 'regexp' => array('#\[list(?:=(?:[a-z0-9]|disc|circle|square))?].*\[/list]#uise' => "\$this->bbcode_parse_list('\$0')")), 'email' => array('bbcode_id' => 10, 'regexp' => array('#\[email=?(.*?)?\](.*?)\[/email\]#ise' => "\$this->validate_email('\$1', '\$2')")), 'flash' => array('bbcode_id' => 11, 'regexp' => array('#\[flash=([0-9]+),([0-9]+)\](.*?)\[/flash\]#ie' => "\$this->bbcode_flash('\$1', '\$2', '\$3')")) ); -- cgit v1.2.1 From 25ae46b8df36f040f7f3adc1e4aebb4041d79964 Mon Sep 17 00:00:00 2001 From: rxu Date: Sun, 3 Apr 2011 00:53:00 +0800 Subject: [ticket/10117] Make smilies to be correctly parsed within unicode text. PHPBB3-10117 --- phpBB/includes/message_parser.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index b2d0b6c566..7c12321d51 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -1332,7 +1332,7 @@ class parse_message extends bbcode_firstpass { if ($max_smilies) { - $num_matches = preg_match_all('#(?<=^|[\n .])(?:' . implode('|', $match) . ')(?![^<>]*>)#', $this->message, $matches); + $num_matches = preg_match_all('#(?<=^|[\n .])(?:' . implode('|', $match) . ')(?![^<>]*>)#u', $this->message, $matches); unset($matches); if ($num_matches !== false && $num_matches > $max_smilies) @@ -1343,7 +1343,7 @@ class parse_message extends bbcode_firstpass } // Make sure the delimiter # is added in front and at the end of every element within $match - $this->message = trim(preg_replace(explode(chr(0), '#(?<=^|[\n .])' . implode('(?![^<>]*>)#' . chr(0) . '#(?<=^|[\n .])', $match) . '(?![^<>]*>)#'), $replace, $this->message)); + $this->message = trim(preg_replace(explode(chr(0), '#(?<=^|[\n .])' . implode('(?![^<>]*>)#u' . chr(0) . '#(?<=^|[\n .])', $match) . '(?![^<>]*>)#'), $replace, $this->message)); } } -- cgit v1.2.1 From d1bd5962c75fc87469694ae93829a5800c30c6cc Mon Sep 17 00:00:00 2001 From: rxu Date: Sun, 3 Apr 2011 01:00:21 +0800 Subject: [ticket/6712] Pass $post_data by the value instead of by the reference. PHPBB3-6712 --- phpBB/includes/functions_posting.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index 041b549cd6..ab346afb38 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -2614,7 +2614,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u /* * Handle topic bumping */ -function bump_topic($forum_id, $topic_id, &$post_data, $current_time = false) +function bump_topic($forum_id, $topic_id, $post_data, $current_time = false) { global $config, $db, $user, $phpEx, $phpbb_root_path; -- cgit v1.2.1 From 6ddb92c41e63e21612efaa0d420f19374786dfc0 Mon Sep 17 00:00:00 2001 From: rxu Date: Sun, 3 Apr 2011 08:33:33 +0800 Subject: [ticket/10115] Switch UTF-8 mode on for the rest of BBCodes PHPBB3-10115 --- phpBB/includes/message_parser.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index cc687b6fec..26532e84c0 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -110,19 +110,19 @@ class bbcode_firstpass extends bbcode // order, so it is important to keep [code] in first position and // [quote] in second position. $this->bbcodes = array( - 'code' => array('bbcode_id' => 8, 'regexp' => array('#\[code(?:=([a-z]+))?\](.+\[/code\])#ise' => "\$this->bbcode_code('\$1', '\$2')")), + 'code' => array('bbcode_id' => 8, 'regexp' => array('#\[code(?:=([a-z]+))?\](.+\[/code\])#uise' => "\$this->bbcode_code('\$1', '\$2')")), 'quote' => array('bbcode_id' => 0, 'regexp' => array('#\[quote(?:="(.*?)")?\](.+)\[/quote\]#uise' => "\$this->bbcode_quote('\$0')")), - 'attachment' => array('bbcode_id' => 12, 'regexp' => array('#\[attachment=([0-9]+)\](.*?)\[/attachment\]#ise' => "\$this->bbcode_attachment('\$1', '\$2')")), + 'attachment' => array('bbcode_id' => 12, 'regexp' => array('#\[attachment=([0-9]+)\](.*?)\[/attachment\]#uise' => "\$this->bbcode_attachment('\$1', '\$2')")), 'b' => array('bbcode_id' => 1, 'regexp' => array('#\[b\](.*?)\[/b\]#uise' => "\$this->bbcode_strong('\$1')")), 'i' => array('bbcode_id' => 2, 'regexp' => array('#\[i\](.*?)\[/i\]#uise' => "\$this->bbcode_italic('\$1')")), - 'url' => array('bbcode_id' => 3, 'regexp' => array('#\[url(=(.*))?\](.*)\[/url\]#iUe' => "\$this->validate_url('\$2', '\$3')")), - 'img' => array('bbcode_id' => 4, 'regexp' => array('#\[img\](.*)\[/img\]#iUe' => "\$this->bbcode_img('\$1')")), + 'url' => array('bbcode_id' => 3, 'regexp' => array('#\[url(=(.*))?\](.*)\[/url\]#uiUe' => "\$this->validate_url('\$2', '\$3')")), + 'img' => array('bbcode_id' => 4, 'regexp' => array('#\[img\](.*)\[/img\]#uiUe' => "\$this->bbcode_img('\$1')")), 'size' => array('bbcode_id' => 5, 'regexp' => array('#\[size=([\-\+]?\d+)\](.*?)\[/size\]#uise' => "\$this->bbcode_size('\$1', '\$2')")), 'color' => array('bbcode_id' => 6, 'regexp' => array('!\[color=(#[0-9a-f]{3}|#[0-9a-f]{6}|[a-z\-]+)\](.*?)\[/color\]!uise' => "\$this->bbcode_color('\$1', '\$2')")), 'u' => array('bbcode_id' => 7, 'regexp' => array('#\[u\](.*?)\[/u\]#uise' => "\$this->bbcode_underline('\$1')")), 'list' => array('bbcode_id' => 9, 'regexp' => array('#\[list(?:=(?:[a-z0-9]|disc|circle|square))?].*\[/list]#uise' => "\$this->bbcode_parse_list('\$0')")), - 'email' => array('bbcode_id' => 10, 'regexp' => array('#\[email=?(.*?)?\](.*?)\[/email\]#ise' => "\$this->validate_email('\$1', '\$2')")), - 'flash' => array('bbcode_id' => 11, 'regexp' => array('#\[flash=([0-9]+),([0-9]+)\](.*?)\[/flash\]#ie' => "\$this->bbcode_flash('\$1', '\$2', '\$3')")) + 'email' => array('bbcode_id' => 10, 'regexp' => array('#\[email=?(.*?)?\](.*?)\[/email\]#uise' => "\$this->validate_email('\$1', '\$2')")), + 'flash' => array('bbcode_id' => 11, 'regexp' => array('#\[flash=([0-9]+),([0-9]+)\](.*?)\[/flash\]#uie' => "\$this->bbcode_flash('\$1', '\$2', '\$3')")) ); // Zero the parsed items array -- cgit v1.2.1 From b8adad0d48845540083519651bf9befb6cffaceb Mon Sep 17 00:00:00 2001 From: rxu Date: Sun, 3 Apr 2011 15:28:00 +0800 Subject: [ticket/10117] Add one more missed 'u' modifier, add code comment PHPBB3-10117 --- phpBB/includes/message_parser.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index 7c12321d51..5a7dd9d11e 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -1332,6 +1332,8 @@ class parse_message extends bbcode_firstpass { if ($max_smilies) { + // 'u' modifier has been added to correctly parse smilies within unicode strings + // For details: http://tracker.phpbb.com/browse/PHPBB3-10117 $num_matches = preg_match_all('#(?<=^|[\n .])(?:' . implode('|', $match) . ')(?![^<>]*>)#u', $this->message, $matches); unset($matches); @@ -1343,7 +1345,10 @@ class parse_message extends bbcode_firstpass } // Make sure the delimiter # is added in front and at the end of every element within $match - $this->message = trim(preg_replace(explode(chr(0), '#(?<=^|[\n .])' . implode('(?![^<>]*>)#u' . chr(0) . '#(?<=^|[\n .])', $match) . '(?![^<>]*>)#'), $replace, $this->message)); + // 'u' modifier has been added to correctly parse smilies within unicode strings + // For details: http://tracker.phpbb.com/browse/PHPBB3-10117 + + $this->message = trim(preg_replace(explode(chr(0), '#(?<=^|[\n .])' . implode('(?![^<>]*>)#u' . chr(0) . '#(?<=^|[\n .])', $match) . '(?![^<>]*>)#u'), $replace, $this->message)); } } -- cgit v1.2.1 From 59d75c1ae6df1546da998a3748a82f14cde604b1 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Sun, 3 Apr 2011 21:12:01 +0200 Subject: [ticket/10121] Fix ICQ profile link, leading to a dead web-messenger. PHPBB3-10121 --- phpBB/includes/ucp/ucp_pm_viewmessage.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/ucp/ucp_pm_viewmessage.php b/phpBB/includes/ucp/ucp_pm_viewmessage.php index b91636a9c8..d0cfa1ffd2 100644 --- a/phpBB/includes/ucp/ucp_pm_viewmessage.php +++ b/phpBB/includes/ucp/ucp_pm_viewmessage.php @@ -208,7 +208,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) 'U_PM' => ($config['allow_privmsg'] && $auth->acl_get('u_sendpm') && ($user_info['user_allow_pm'] || $auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_'))) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&mode=compose&u=' . $author_id) : '', 'U_WWW' => (!empty($user_info['user_website'])) ? $user_info['user_website'] : '', - 'U_ICQ' => ($user_info['user_icq']) ? 'http://www.icq.com/people/webmsg.php?to=' . urlencode($user_info['user_icq']) : '', + 'U_ICQ' => ($user_info['user_icq']) ? 'http://www.icq.com/people' . urlencode($user_info['user_icq']) . '/' : '', 'U_AIM' => ($user_info['user_aim'] && $auth->acl_get('u_sendim')) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=contact&action=aim&u=' . $author_id) : '', 'U_YIM' => ($user_info['user_yim']) ? 'http://edit.yahoo.com/config/send_webmesg?.target=' . urlencode($user_info['user_yim']) . '&.src=pg' : '', 'U_MSN' => ($user_info['user_msnm'] && $auth->acl_get('u_sendim')) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=contact&action=msnm&u=' . $author_id) : '', -- cgit v1.2.1 From a72fe8acafa85b5a65a40c7661487d8cee7776f5 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Thu, 7 Apr 2011 14:53:47 +0200 Subject: [ticket/10109] Fix "Undefined Index" errors when copying a topic. PHPBB3-10109 --- phpBB/includes/mcp/mcp_main.php | 51 +++++++++++++++++++++-------------------- 1 file changed, 26 insertions(+), 25 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/mcp/mcp_main.php b/phpBB/includes/mcp/mcp_main.php index d5551f5114..ad10a52705 100644 --- a/phpBB/includes/mcp/mcp_main.php +++ b/phpBB/includes/mcp/mcp_main.php @@ -1048,37 +1048,38 @@ function mcp_fork_topic($topic_ids) $total_posts = 0; $new_topic_id_list = array(); - if ($topic_data['enable_indexing']) - { - // Select the search method and do some additional checks to ensure it can actually be utilised - $search_type = basename($config['search_type']); - if (!file_exists($phpbb_root_path . 'includes/search/' . $search_type . '.' . $phpEx)) + foreach ($topic_data as $topic_id => $topic_row) + { + if (!isset($search_type) && $topic_row['enable_indexing']) { - trigger_error('NO_SUCH_SEARCH_MODULE'); - } + // Select the search method and do some additional checks to ensure it can actually be utilised + $search_type = basename($config['search_type']); - if (!class_exists($search_type)) - { - include("{$phpbb_root_path}includes/search/$search_type.$phpEx"); - } + if (!file_exists($phpbb_root_path . 'includes/search/' . $search_type . '.' . $phpEx)) + { + trigger_error('NO_SUCH_SEARCH_MODULE'); + } + + if (!class_exists($search_type)) + { + include("{$phpbb_root_path}includes/search/$search_type.$phpEx"); + } - $error = false; - $search = new $search_type($error); - $search_mode = 'post'; + $error = false; + $search = new $search_type($error); + $search_mode = 'post'; - if ($error) + if ($error) + { + trigger_error($error); + } + } + else if (!isset($search_type) && !$topic_row['enable_indexing']) { - trigger_error($error); + $search_type = false; } - } - else - { - $search_type = false; - } - foreach ($topic_data as $topic_id => $topic_row) - { $sql_ary = array( 'forum_id' => (int) $to_forum_id, 'icon_id' => (int) $topic_row['icon_id'], @@ -1187,9 +1188,9 @@ function mcp_fork_topic($topic_ids) // Copy whether the topic is dotted markread('post', $to_forum_id, $new_topic_id, 0, $row['poster_id']); - if ($search_type) + if (!empty($search_type)) { - $search->index($search_mode, $sql_ary['post_id'], $sql_ary['post_text'], $sql_ary['post_subject'], $sql_ary['poster_id'], ($topic_row['topic_type'] == POST_GLOBAL) ? 0 : $to_forum_id); + $search->index($search_mode, $new_post_id, $sql_ary['post_text'], $sql_ary['post_subject'], $sql_ary['poster_id'], ($topic_row['topic_type'] == POST_GLOBAL) ? 0 : $to_forum_id); $search_mode = 'reply'; // After one we index replies } -- cgit v1.2.1 From 851bb9fcd869b71140f75ed3a454ade2447c1328 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Thu, 7 Apr 2011 20:36:11 +0200 Subject: [ticket/10084] Add smilie/icon errors out when file is missing PHPBB3-10084 --- phpBB/includes/acp/acp_icons.php | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_icons.php b/phpBB/includes/acp/acp_icons.php index 3d64a2acda..24f6cbbcbf 100644 --- a/phpBB/includes/acp/acp_icons.php +++ b/phpBB/includes/acp/acp_icons.php @@ -394,6 +394,10 @@ class acp_icons { // skip images where add wasn't checked } + else if (!file_exists($phpbb_root_path . $img_path . '/' . $image)) + { + $errors[$image] = 'SMILIE_NO_FILE'; + } else { if ($image_width[$image] == 0 || $image_height[$image] == 0) -- cgit v1.2.1 From 259929ad4e7e0c527f652e3bff1db48e7533fd08 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Mon, 11 Apr 2011 00:29:48 +0200 Subject: [ticket/10128] Pass E_USER_WARNING to trigger_error() calls from user_ban(). The user_ban() function is shared by the MCP and the ACP. Mark trigger_error() calls as errors by passing E_USER_WARNING to make the error message appear on red background (instead of green background) in the ACP. PHPBB3-10128 --- phpBB/includes/functions_user.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 89ce52dc39..6b5cca8abb 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -733,7 +733,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas } else { - trigger_error('LENGTH_BAN_INVALID'); + trigger_error('LENGTH_BAN_INVALID', E_USER_WARNING); } } } @@ -793,7 +793,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas // Make sure we have been given someone to ban if (!sizeof($sql_usernames)) { - trigger_error('NO_USER_SPECIFIED'); + trigger_error('NO_USER_SPECIFIED', E_USER_WARNING); } $sql = 'SELECT user_id @@ -824,7 +824,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas else { $db->sql_freeresult($result); - trigger_error('NO_USERS'); + trigger_error('NO_USERS', E_USER_WARNING); } $db->sql_freeresult($result); break; @@ -926,7 +926,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas if (empty($banlist_ary)) { - trigger_error('NO_IPS_DEFINED'); + trigger_error('NO_IPS_DEFINED', E_USER_WARNING); } } break; @@ -954,12 +954,12 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas if (sizeof($ban_list) == 0) { - trigger_error('NO_EMAILS_DEFINED'); + trigger_error('NO_EMAILS_DEFINED', E_USER_WARNING); } break; default: - trigger_error('NO_MODE'); + trigger_error('NO_MODE', E_USER_WARNING); break; } -- cgit v1.2.1 From 682814180c647c363c83ef09c66b2b97bda1eac4 Mon Sep 17 00:00:00 2001 From: Oleg Pudeyev Date: Sun, 17 Apr 2011 18:46:03 -0400 Subject: [ticket/7941] Added @return to generate_board_url docstring. PHPBB3-7941 --- phpBB/includes/functions.php | 3 +++ 1 file changed, 3 insertions(+) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 585e23b2ee..b8ea80ad4a 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2253,7 +2253,10 @@ function append_sid($url, $params = false, $is_amp = true, $session_id = false) /** * Generate board url (example: http://www.example.com/phpBB) +* * @param bool $without_script_path if set to true the script path gets not appended (example: http://www.example.com) +* +* @return string the generated board url */ function generate_board_url($without_script_path = false) { -- cgit v1.2.1 From 1d2201902f0f3789daf02ca054f33f4b4bfa3eb2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Fr=C3=A8rejean?= Date: Thu, 30 Dec 2010 16:03:11 +0100 Subject: [ticket/9961] Create log entries when users are activated. * Create log entries when a user activates own account without also changing their password. * Additionally create admin log entries when an administrator activates user accounts. PHPBB3-9961 --- phpBB/includes/ucp/ucp_activate.php | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'phpBB/includes') diff --git a/phpBB/includes/ucp/ucp_activate.php b/phpBB/includes/ucp/ucp_activate.php index 8debaabf31..b00c1b9f52 100644 --- a/phpBB/includes/ucp/ucp_activate.php +++ b/phpBB/includes/ucp/ucp_activate.php @@ -98,6 +98,13 @@ class ucp_activate SET user_actkey = '' WHERE user_id = {$user_row['user_id']}"; $db->sql_query($sql); + + // Create the correct logs + add_log('user', $user_row['user_id'], 'LOG_USER_ACTIVE_USER'); + if ($auth->acl_get('a_user')) + { + add_log('admin', 'LOG_USER_ACTIVE', $user_row['username']); + } } if ($config['require_activation'] == USER_ACTIVATION_ADMIN && !$update_password) -- cgit v1.2.1 From ee6167879ecba11dea945f129c026ce0f3cf7514 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Thu, 17 Mar 2011 01:20:44 +0100 Subject: [ticket/9802] Fix redundant str_replace call. No need to replace ' ' with ' '. PHPBB3-9802 --- phpBB/includes/session.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index d803f8d799..9ab53d38ab 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -221,7 +221,7 @@ class session // if the forwarded for header shall be checked we have to validate its contents if ($config['forwarded_for_check']) { - $this->forwarded_for = preg_replace('#[ ]{2,}#', ' ', str_replace(array(',', ' '), ' ', $this->forwarded_for)); + $this->forwarded_for = preg_replace('#[ ]{2,}#', ' ', str_replace(',', ' ', $this->forwarded_for)); // split the list of IPs $ips = explode(' ', $this->forwarded_for); @@ -268,7 +268,7 @@ class session // Why no forwarded_for et al? Well, too easily spoofed. With the results of my recent requests // it's pretty clear that in the majority of cases you'll at least be left with a proxy/cache ip. $this->ip = (!empty($_SERVER['REMOTE_ADDR'])) ? htmlspecialchars((string) $_SERVER['REMOTE_ADDR']) : ''; - $this->ip = preg_replace('#[ ]{2,}#', ' ', str_replace(array(',', ' '), ' ', $this->ip)); + $this->ip = preg_replace('#[ ]{2,}#', ' ', str_replace(',', ' ', $this->ip)); // split the list of IPs $ips = explode(' ', $this->ip); -- cgit v1.2.1 From fd805358592162cf05c8808caca0bdf788fb7088 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Thu, 17 Mar 2011 01:29:10 +0100 Subject: [ticket/9802] Remove redundant character class definition from preg_replace. PHPBB3-9802 --- phpBB/includes/session.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 9ab53d38ab..e1e315035b 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -221,7 +221,7 @@ class session // if the forwarded for header shall be checked we have to validate its contents if ($config['forwarded_for_check']) { - $this->forwarded_for = preg_replace('#[ ]{2,}#', ' ', str_replace(',', ' ', $this->forwarded_for)); + $this->forwarded_for = preg_replace('# {2,}#', ' ', str_replace(',', ' ', $this->forwarded_for)); // split the list of IPs $ips = explode(' ', $this->forwarded_for); @@ -268,7 +268,7 @@ class session // Why no forwarded_for et al? Well, too easily spoofed. With the results of my recent requests // it's pretty clear that in the majority of cases you'll at least be left with a proxy/cache ip. $this->ip = (!empty($_SERVER['REMOTE_ADDR'])) ? htmlspecialchars((string) $_SERVER['REMOTE_ADDR']) : ''; - $this->ip = preg_replace('#[ ]{2,}#', ' ', str_replace(',', ' ', $this->ip)); + $this->ip = preg_replace('# {2,}#', ' ', str_replace(',', ' ', $this->ip)); // split the list of IPs $ips = explode(' ', $this->ip); -- cgit v1.2.1 From bef2540d9ce3b429837c7e67c5f3f7f254aa1920 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Tue, 19 Apr 2011 13:46:00 +0200 Subject: [ticket/9802] Fix tiny logic bug in loop determining REMOTE_ADDR. When $ip is empty() it was assigned to $this->ip. PHPBB3-9802 --- phpBB/includes/session.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index e1e315035b..f2aa47d84e 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -271,7 +271,7 @@ class session $this->ip = preg_replace('# {2,}#', ' ', str_replace(',', ' ', $this->ip)); // split the list of IPs - $ips = explode(' ', $this->ip); + $ips = explode(' ', trim($this->ip)); // Default IP if REMOTE_ADDR is invalid $this->ip = '127.0.0.1'; @@ -279,7 +279,7 @@ class session foreach ($ips as $ip) { // check IPv4 first, the IPv6 is hopefully only going to be used very seldomly - if (!empty($ip) && !preg_match(get_preg_expression('ipv4'), $ip) && !preg_match(get_preg_expression('ipv6'), $ip)) + if (!preg_match(get_preg_expression('ipv4'), $ip) && !preg_match(get_preg_expression('ipv6'), $ip)) { // Just break break; -- cgit v1.2.1 From 5ca7121ed2f698963387f5f9fb7ffe16d3781447 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Tue, 19 Apr 2011 13:53:09 +0200 Subject: [ticket/9802] Only check for IPv4-mapped address when address is IPv6. PHPBB3-9802 --- phpBB/includes/session.php | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index f2aa47d84e..b2772696f1 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -278,26 +278,31 @@ class session foreach ($ips as $ip) { - // check IPv4 first, the IPv6 is hopefully only going to be used very seldomly - if (!preg_match(get_preg_expression('ipv4'), $ip) && !preg_match(get_preg_expression('ipv6'), $ip)) + if (preg_match(get_preg_expression('ipv4'), $ip)) { - // Just break - break; + $this->ip = $ip; } - - // Quick check for IPv4-mapped address in IPv6 - if (stripos($ip, '::ffff:') === 0) + else if (preg_match(get_preg_expression('ipv6'), $ip)) { - $ipv4 = substr($ip, 7); - - if (preg_match(get_preg_expression('ipv4'), $ipv4)) + // Quick check for IPv4-mapped address in IPv6 + if (stripos($ip, '::ffff:') === 0) { - $ip = $ipv4; + $ipv4 = substr($ip, 7); + + if (preg_match(get_preg_expression('ipv4'), $ipv4)) + { + $ip = $ipv4; + } } - } - // Use the last in chain - $this->ip = $ip; + $this->ip = $ip; + } + else + { + // We want to use the last valid address in the chain + // Leave foreach loop when address is invalid + break; + } } $this->load = false; -- cgit v1.2.1 From d1f1d8ade7ab98bde70451874c94bb35584f9192 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Tue, 19 Apr 2011 14:10:23 +0200 Subject: [ticket/9802] Remove unnecessary htmlspecialchars() call on REMOTE_ADDR. The value in $_SERVER['REMOTE_ADDR'] is either validated to be a valid IP address or is replaced by our default value. Valid IP addresses do not contain HTML special characters, thus the htmlspecialchars() call is unnecessary. PHPBB3-9802 --- phpBB/includes/session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index b2772696f1..79d94e7780 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -267,7 +267,7 @@ class session // Why no forwarded_for et al? Well, too easily spoofed. With the results of my recent requests // it's pretty clear that in the majority of cases you'll at least be left with a proxy/cache ip. - $this->ip = (!empty($_SERVER['REMOTE_ADDR'])) ? htmlspecialchars((string) $_SERVER['REMOTE_ADDR']) : ''; + $this->ip = (!empty($_SERVER['REMOTE_ADDR'])) ? (string) $_SERVER['REMOTE_ADDR'] : ''; $this->ip = preg_replace('# {2,}#', ' ', str_replace(',', ' ', $this->ip)); // split the list of IPs -- cgit v1.2.1 From 11dd4b54fa1f3a15448271061e51907e3ba5c79d Mon Sep 17 00:00:00 2001 From: Bart van Bragt Date: Thu, 21 Apr 2011 04:21:09 -0400 Subject: [ticket/10141] Use a cache in $auth->_fill_acl() for better performance. Many sequences being converted are the same. Use a local cache to convert each sequence once, speeding up the function. PHPBB3-10141 --- phpBB/includes/auth.php | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/auth.php b/phpBB/includes/auth.php index 02819f9e78..22fafd7b7f 100644 --- a/phpBB/includes/auth.php +++ b/phpBB/includes/auth.php @@ -109,6 +109,7 @@ class auth */ function _fill_acl($user_permissions) { + $seq_cache = array(); $this->acl = array(); $user_permissions = explode("\n", $user_permissions); @@ -125,8 +126,15 @@ class auth while ($subseq = substr($seq, $i, 6)) { - // We put the original bitstring into the acl array - $this->acl[$f] .= str_pad(base_convert($subseq, 36, 2), 31, 0, STR_PAD_LEFT); + if (isset($seq_cache[$subseq])) + { + $this->acl[$f] .= $seq_cache[$subseq]; + } + else + { + // We put the original bitstring into the acl array + $this->acl[$f] .= ($seq_cache[$subseq] = str_pad(base_convert($subseq, 36, 2), 31, 0, STR_PAD_LEFT)); + } $i += 6; } } -- cgit v1.2.1 From b1367bce488d0acea00a5ebf8725d0cde5515655 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Fri, 22 Apr 2011 00:15:05 +0200 Subject: [ticket/10141] Split double-assignment into conditional and unconditional part. PHPBB3-10141 --- phpBB/includes/auth.php | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/auth.php b/phpBB/includes/auth.php index 22fafd7b7f..4b13c6be7f 100644 --- a/phpBB/includes/auth.php +++ b/phpBB/includes/auth.php @@ -126,15 +126,13 @@ class auth while ($subseq = substr($seq, $i, 6)) { - if (isset($seq_cache[$subseq])) + if (!isset($seq_cache[$subseq])) { - $this->acl[$f] .= $seq_cache[$subseq]; - } - else - { - // We put the original bitstring into the acl array - $this->acl[$f] .= ($seq_cache[$subseq] = str_pad(base_convert($subseq, 36, 2), 31, 0, STR_PAD_LEFT)); + $seq_cache[$subseq] = str_pad(base_convert($subseq, 36, 2), 31, 0, STR_PAD_LEFT); } + + // We put the original bitstring into the acl array + $this->acl[$f] .= $seq_cache[$subseq]; $i += 6; } } -- cgit v1.2.1 From f49656986cc1898e85d6d7e4cd859ec8e980dc4a Mon Sep 17 00:00:00 2001 From: Oleg Pudeyev Date: Thu, 21 Apr 2011 23:15:51 -0400 Subject: [ticket/10141] Save a hash lookup when value is not in cache. PHPBB3-10141 --- phpBB/includes/auth.php | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/auth.php b/phpBB/includes/auth.php index 4b13c6be7f..8324cb4977 100644 --- a/phpBB/includes/auth.php +++ b/phpBB/includes/auth.php @@ -126,13 +126,17 @@ class auth while ($subseq = substr($seq, $i, 6)) { - if (!isset($seq_cache[$subseq])) + if (isset($seq_cache[$subseq])) { - $seq_cache[$subseq] = str_pad(base_convert($subseq, 36, 2), 31, 0, STR_PAD_LEFT); + $converted = $seq_cache[$subseq]; + } + else + { + $converted = $seq_cache[$subseq] = str_pad(base_convert($subseq, 36, 2), 31, 0, STR_PAD_LEFT); } // We put the original bitstring into the acl array - $this->acl[$f] .= $seq_cache[$subseq]; + $this->acl[$f] .= $converted; $i += 6; } } -- cgit v1.2.1 From 9cb6a69861b2ef1ca9a23ffe773ca3be4f9e4461 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Fri, 22 Apr 2011 11:01:07 +0200 Subject: [ticket/10146] Firebird: 1 <= precision <= 18 ==> Cast to DECIMAL(18, 0). PHPBB3-10146 --- phpBB/includes/functions.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 585e23b2ee..ca5a483536 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -175,7 +175,8 @@ function set_config_count($config_name, $increment, $is_dynamic = false) switch ($db->sql_layer) { case 'firebird': - $sql_update = 'CAST(CAST(config_value as DECIMAL(255, 0)) + ' . (int) $increment . ' as VARCHAR(255))'; + // Precision must be from 1 to 18 + $sql_update = 'CAST(CAST(config_value as DECIMAL(18, 0)) + ' . (int) $increment . ' as VARCHAR(255))'; break; case 'postgres': -- cgit v1.2.1 From a8ecd30fe1fbee46a7605c60c95b813fdf26719b Mon Sep 17 00:00:00 2001 From: Oleg Pudeyev Date: Thu, 21 Apr 2011 12:00:04 -0400 Subject: [ticket/10147] Corrected a typo in includes/functions_template.php. PHPBB3-10147 --- phpBB/includes/functions_template.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions_template.php b/phpBB/includes/functions_template.php index 1d3a4d74f8..8636dfe010 100644 --- a/phpBB/includes/functions_template.php +++ b/phpBB/includes/functions_template.php @@ -322,7 +322,7 @@ class template_compile // Is the designer wanting to call another loop in a loop? if (strpos($tag_args, '!') === 0) { - // Count the number if ! occurrences (not allowed in vars) + // Count the number of ! occurrences (not allowed in vars) $no_nesting = substr_count($tag_args, '!'); $tag_args = substr($tag_args, $no_nesting); } -- cgit v1.2.1 From a3a70e13b5a9e8eaef2bbf7dabe64398b5d10455 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Tue, 26 Apr 2011 12:33:15 +0200 Subject: [ticket/10145] Always recompile all templates when DEBUG_EXTRA is defined. PHPBB3-10145 --- phpBB/includes/template.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/template.php b/phpBB/includes/template.php index 6347633b14..9ac395344f 100644 --- a/phpBB/includes/template.php +++ b/phpBB/includes/template.php @@ -276,7 +276,7 @@ class template $this->files_template[$handle] = (isset($user->theme['template_id'])) ? $user->theme['template_id'] : 0; $recompile = false; - if (!file_exists($filename) || @filesize($filename) === 0) + if (!file_exists($filename) || @filesize($filename) === 0 || defined('DEBUG_EXTRA')) { $recompile = true; } -- cgit v1.2.1 From e6eb11bb1168236cbaba0263d322170dc2c7bdcd Mon Sep 17 00:00:00 2001 From: Oleg Pudeyev Date: Fri, 29 Apr 2011 00:03:49 -0400 Subject: [ticket/10003] Ported d7d96223e7bae7cd60b13c6e7896d95838c3633c to db_tools. PHPBB3-10003 --- phpBB/includes/db/db_tools.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/db/db_tools.php b/phpBB/includes/db/db_tools.php index f4b181c6ad..f22ddc2ee8 100644 --- a/phpBB/includes/db/db_tools.php +++ b/phpBB/includes/db/db_tools.php @@ -1371,24 +1371,29 @@ class phpbb_db_tools switch ($this->sql_layer) { case 'firebird': + // Does not support AFTER statement, only POSITION (and there you need the column position) $statements[] = 'ALTER TABLE ' . $table_name . ' ADD "' . strtoupper($column_name) . '" ' . $column_data['column_type_sql']; break; case 'mssql': case 'mssqlnative': + // Does not support AFTER, only through temporary table $statements[] = 'ALTER TABLE [' . $table_name . '] ADD [' . $column_name . '] ' . $column_data['column_type_sql_default']; break; case 'mysql_40': case 'mysql_41': - $statements[] = 'ALTER TABLE `' . $table_name . '` ADD COLUMN `' . $column_name . '` ' . $column_data['column_type_sql']; + $after = (!empty($column_data['after'])) ? ' AFTER ' . $column_data['after'] : ''; + $statements[] = 'ALTER TABLE `' . $table_name . '` ADD COLUMN `' . $column_name . '` ' . $column_data['column_type_sql'] . $after; break; case 'oracle': + // Does not support AFTER, only through temporary table $statements[] = 'ALTER TABLE ' . $table_name . ' ADD ' . $column_name . ' ' . $column_data['column_type_sql']; break; case 'postgres': + // Does not support AFTER, only through temporary table if (version_compare($this->db->sql_server_info(true), '8.0', '>=')) { $statements[] = 'ALTER TABLE ' . $table_name . ' ADD COLUMN "' . $column_name . '" ' . $column_data['column_type_sql']; @@ -2120,4 +2125,4 @@ class phpbb_db_tools } } -?> \ No newline at end of file +?> -- cgit v1.2.1 From 3cb1b90ca6afcf0533f8f398f2a3f4066b697ed3 Mon Sep 17 00:00:00 2001 From: Oleg Pudeyev Date: Fri, 29 Apr 2011 00:34:24 -0400 Subject: [ticket/10003] Ported 96a30afcca3ebd832c9b3083bb5c9a9f2a2dc54b to db_tools. This change is somewhat questionable, maybe it should be reviewed. PHPBB3-10003 --- phpBB/includes/db/db_tools.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/db/db_tools.php b/phpBB/includes/db/db_tools.php index f22ddc2ee8..d9ff811e34 100644 --- a/phpBB/includes/db/db_tools.php +++ b/phpBB/includes/db/db_tools.php @@ -681,10 +681,12 @@ class phpbb_db_tools { foreach ($columns as $column_name => $column_data) { - // Only add the column if it does not exist yet, else change it (to be consistent) + // Only add the column if it does not exist yet if ($column_exists = $this->sql_column_exists($table, $column_name)) { - $result = $this->sql_column_change($table, $column_name, $column_data, true); + continue; + // This is commented out here because it can take tremendous time on updates +// $result = $this->sql_column_change($table, $column_name, $column_data, true); } else { -- cgit v1.2.1 From 9f34aa0b79456f5d2d60f62361f483c76a3f89dd Mon Sep 17 00:00:00 2001 From: Oleg Pudeyev Date: Fri, 29 Apr 2011 00:39:36 -0400 Subject: [ticket/10003] Ported 54c22ae52a0e18232cac8fed342ea52f2e2a793d to db_tools. This diff applied cleanly. PHPBB3-10003 --- phpBB/includes/db/db_tools.php | 110 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 109 insertions(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/db/db_tools.php b/phpBB/includes/db/db_tools.php index d9ff811e34..a793a2f313 100644 --- a/phpBB/includes/db/db_tools.php +++ b/phpBB/includes/db/db_tools.php @@ -697,7 +697,8 @@ class phpbb_db_tools { if ($column_exists) { - $sqlite_data[$table]['change_columns'][] = $result; + continue; +// $sqlite_data[$table]['change_columns'][] = $result; } else { @@ -719,6 +720,11 @@ class phpbb_db_tools { foreach ($indexes as $index_name) { + if (!$this->sql_index_exists($table, $index_name)) + { + continue; + } + $result = $this->sql_index_drop($table, $index_name); if ($this->return_statements) @@ -779,6 +785,11 @@ class phpbb_db_tools { foreach ($index_array as $index_name => $column) { + if ($this->sql_index_exists($table, $index_name)) + { + continue; + } + $result = $this->sql_create_unique_index($table, $index_name, $column); if ($this->return_statements) @@ -796,6 +807,11 @@ class phpbb_db_tools { foreach ($index_array as $index_name => $column) { + if ($this->sql_index_exists($table, $index_name)) + { + continue; + } + $result = $this->sql_create_index($table, $index_name, $column); if ($this->return_statements) @@ -1104,6 +1120,98 @@ class phpbb_db_tools } } + /** + * Check if a specified index exists in table + * + * @param string $table_name Table to check the index at + * @param string $index_name The index name to check + * + * @return bool True if index exists, else false + */ + function sql_index_exists($table_name, $index_name) + { + if ($this->sql_layer == 'mssql') + { + $sql = "EXEC sp_statistics '$table_name'"; + $result = $this->db->sql_query($sql); + + while ($row = $this->db->sql_fetchrow($result)) + { + if ($row['TYPE'] == 3) + { + if (strtolower($row['INDEX_NAME']) == strtolower($index_name)) + { + $this->db->sql_freeresult($result); + return true; + } + } + } + $this->db->sql_freeresult($result); + + return false; + } + + switch ($this->sql_layer) + { + case 'firebird': + $sql = "SELECT LOWER(RDB\$INDEX_NAME) as index_name + FROM RDB\$INDICES + WHERE RDB\$RELATION_NAME = " . strtoupper($table_name) . " + AND RDB\$UNIQUE_FLAG IS NULL + AND RDB\$FOREIGN_KEY IS NULL"; + $col = 'index_name'; + break; + + case 'postgres': + $sql = "SELECT ic.relname as index_name + FROM pg_class bc, pg_class ic, pg_index i + WHERE (bc.oid = i.indrelid) + AND (ic.oid = i.indexrelid) + AND (bc.relname = '" . $table_name . "') + AND (i.indisunique != 't') + AND (i.indisprimary != 't')"; + $col = 'index_name'; + break; + + case 'mysql_40': + case 'mysql_41': + $sql = 'SHOW KEYS + FROM ' . $table_name; + $col = 'Key_name'; + break; + + case 'oracle': + $sql = "SELECT index_name + FROM user_indexes + WHERE table_name = '" . $table_name . "' + AND generated = 'N'"; + break; + + case 'sqlite': + $sql = "PRAGMA index_info('" . $table_name . "');"; + $col = 'name'; + break; + } + + $result = $this->db->sql_query($sql); + while ($row = $this->db->sql_fetchrow($result)) + { + if (($this->sql_layer == 'mysql_40' || $this->sql_layer == 'mysql_41') && !$row['Non_unique']) + { + continue; + } + + if (strtolower($row[$col]) == strtolower($index_name)) + { + $this->db->sql_freeresult($result); + return true; + } + } + $this->db->sql_freeresult($result); + + return false; + } + /** * Private method for performing sql statements (either execute them or return them) * @access private -- cgit v1.2.1 From 761e3dd36f3b42fdaac99ba76f8d214b47983c05 Mon Sep 17 00:00:00 2001 From: Oleg Pudeyev Date: Fri, 29 Apr 2011 01:07:46 -0400 Subject: [ticket/10003] Ported 023760c8b2402418310a3717db8349cac0342e42 to db_tools. This was painful. Git wanted to patch hunks in wrong places. Hopefully I got it right. PHPBB3-10003 --- phpBB/includes/db/db_tools.php | 143 +++++++++++++++++++++++++++++++++++++++-- 1 file changed, 137 insertions(+), 6 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/db/db_tools.php b/phpBB/includes/db/db_tools.php index a793a2f313..f72498af9b 100644 --- a/phpBB/includes/db/db_tools.php +++ b/phpBB/includes/db/db_tools.php @@ -785,7 +785,7 @@ class phpbb_db_tools { foreach ($index_array as $index_name => $column) { - if ($this->sql_index_exists($table, $index_name)) + if ($this->sql_unique_index_exists($table, $index_name)) { continue; } @@ -1121,7 +1121,7 @@ class phpbb_db_tools } /** - * Check if a specified index exists in table + * Check if a specified index exists in table. Does not return PRIMARY KEY and UNIQUE indexes. * * @param string $table_name Table to check the index at * @param string $index_name The index name to check @@ -1156,7 +1156,7 @@ class phpbb_db_tools case 'firebird': $sql = "SELECT LOWER(RDB\$INDEX_NAME) as index_name FROM RDB\$INDICES - WHERE RDB\$RELATION_NAME = " . strtoupper($table_name) . " + WHERE RDB\$RELATION_NAME = '" . strtoupper($table_name) . "' AND RDB\$UNIQUE_FLAG IS NULL AND RDB\$FOREIGN_KEY IS NULL"; $col = 'index_name'; @@ -1183,12 +1183,14 @@ class phpbb_db_tools case 'oracle': $sql = "SELECT index_name FROM user_indexes - WHERE table_name = '" . $table_name . "' - AND generated = 'N'"; + WHERE table_name = '" . strtoupper($table_name) . "' + AND generated = 'N' + AND uniqueness = 'NONUNIQUE'"; + $col = 'index_name'; break; case 'sqlite': - $sql = "PRAGMA index_info('" . $table_name . "');"; + $sql = "PRAGMA index_list('" . $table_name . "');"; $col = 'name'; break; } @@ -1201,6 +1203,135 @@ class phpbb_db_tools continue; } + // These DBMS prefix index name with the table name + switch ($this->sql_layer) + { + case 'firebird': + case 'oracle': + case 'postgres': + case 'sqlite': + $row[$col] = substr($row[$col], strlen($table_name) + 1); + break; + } + + if (strtolower($row[$col]) == strtolower($index_name)) + { + $this->db->sql_freeresult($result); + return true; + } + } + $this->db->sql_freeresult($result); + + return false; + } + + /** + * Check if a specified index exists in table. Does not return PRIMARY KEY and UNIQUE indexes. + * + * @param string $table_name Table to check the index at + * @param string $index_name The index name to check + * + * @return bool True if index exists, else false + */ + function sql_unique_index_exists($table_name, $index_name) + { + if ($this->sql_layer == 'mssql') + { + $sql = "EXEC sp_statistics '$table_name'"; + $result = $this->db->sql_query($sql); + + while ($row = $this->db->sql_fetchrow($result)) + { + // Usually NON_UNIQUE is the column we want to check, but we allow for both + if ($row['TYPE'] == 3) + { + if (strtolower($row['INDEX_NAME']) == strtolower($index_name)) + { + $this->db->sql_freeresult($result); + return true; + } + } + } + $this->db->sql_freeresult($result); + return false; + } + + switch ($this->sql_layer) + { + case 'firebird': + $sql = "SELECT LOWER(RDB\$INDEX_NAME) as index_name + FROM RDB\$INDICES + WHERE RDB\$RELATION_NAME = '" . strtoupper($table_name) . "' + AND RDB\$UNIQUE_FLAG IS NOT NULL + AND RDB\$FOREIGN_KEY IS NULL"; + $col = 'index_name'; + break; + + case 'postgres': + $sql = "SELECT ic.relname as index_name, i.indisunique + FROM pg_class bc, pg_class ic, pg_index i + WHERE (bc.oid = i.indrelid) + AND (ic.oid = i.indexrelid) + AND (bc.relname = '" . $table_name . "') + AND (i.indisprimary != 't')"; + $col = 'index_name'; + break; + + case 'mysql_40': + case 'mysql_41': + $sql = 'SHOW KEYS + FROM ' . $table_name; + $col = 'Key_name'; + break; + + case 'oracle': + $sql = "SELECT index_name, table_owner + FROM user_indexes + WHERE table_name = '" . strtoupper($table_name) . "' + AND generated = 'N' + AND uniqueness = 'UNIQUE' + AND index_name LIKE 'U_%'"; + $col = 'index_name'; + break; + + case 'sqlite': + $sql = "PRAGMA index_list('" . $table_name . "') WHERE unique = 1;"; + $col = 'name'; + break; + } + + $result = $this->db->sql_query($sql); + while ($row = $this->db->sql_fetchrow($result)) + { + if (($this->sql_layer == 'mysql_40' || $this->sql_layer == 'mysql_41') && ($row['Non_unique'] || $row[$col] == 'PRIMARY')) + { + continue; + } + + if ($this->sql_layer == 'sqlite' && !$row['unique']) + { + continue; + } + + if ($this->sql_layer == 'postgres' && $row['indisunique'] != 't') + { + continue; + } + + // These DBMS prefix index name with the table name + switch ($this->sql_layer) + { + case 'oracle': + $row[$col] = substr($row[$col], strlen('U_' . $row['table_owner']) + 1); + break; + + case 'firebird': + case 'postgres': + case 'sqlite': + $row[$col] = substr($row[$col], strlen($table_name) + 1); + break; + } + if (strtolower($row[$col]) == strtolower($index_name)) { $this->db->sql_freeresult($result); -- cgit v1.2.1 From 55ff5da70b6598218b032725f73de7c4f94a7c89 Mon Sep 17 00:00:00 2001 From: Oleg Pudeyev Date: Fri, 29 Apr 2011 01:25:46 -0400 Subject: [ticket/10003] Ported 5553cfc2ed81ba9eb571804c431def962720b39e to db_tools. The diff in database_update was only partially relevant. PHPBB3-10003 --- phpBB/includes/db/db_tools.php | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/db/db_tools.php b/phpBB/includes/db/db_tools.php index f72498af9b..01061c77b1 100644 --- a/phpBB/includes/db/db_tools.php +++ b/phpBB/includes/db/db_tools.php @@ -1289,13 +1289,12 @@ class phpbb_db_tools FROM user_indexes WHERE table_name = '" . strtoupper($table_name) . "' AND generated = 'N' - AND uniqueness = 'UNIQUE' - AND index_name LIKE 'U_%'"; + AND uniqueness = 'UNIQUE'"; $col = 'index_name'; break; case 'sqlite': - $sql = "PRAGMA index_list('" . $table_name . "') WHERE unique = 1;"; + $sql = "PRAGMA index_list('" . $table_name . "');"; $col = 'name'; break; } @@ -1322,7 +1321,15 @@ class phpbb_db_tools switch ($this->sql_layer) { case 'oracle': - $row[$col] = substr($row[$col], strlen('U_' . $row['table_owner']) + 1); + // Two cases here... prefixed with U_[table_owner] and not prefixed with table_name + if (strpos($row[$col], 'U_') === 0) + { + $row[$col] = substr($row[$col], strlen('U_' . $row['table_owner']) + 1); + } + else if (strpos($row[$col], strtoupper($table_name)) === 0) + { + $row[$col] = substr($row[$col], strlen($table_name) + 1); + } break; case 'firebird': @@ -2203,6 +2210,7 @@ class phpbb_db_tools } else { + // TODO: try to change pkey without removing trigger, generator or constraints. ATM this query may fail. $statements[] = 'ALTER TABLE ' . $table_name . ' ALTER COLUMN "' . strtoupper($column_name) . '" TYPE ' . ' ' . $column_data['column_type_sql_type']; } break; -- cgit v1.2.1 From 85549fad8324afc6e9358e98d75b8fdcc5faa416 Mon Sep 17 00:00:00 2001 From: Oleg Pudeyev Date: Fri, 29 Apr 2011 01:46:01 -0400 Subject: [ticket/10003] Ported 1802b9ff9286a7fc24493e71b3432816cbdbfcd8 to db_tools. Most of it was already in db_tools, these changes could have applied to code that did not exist in db_tools at the time of the commit. PHPBB3-10003 --- phpBB/includes/db/db_tools.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/db/db_tools.php b/phpBB/includes/db/db_tools.php index 01061c77b1..fd09ccde3f 100644 --- a/phpBB/includes/db/db_tools.php +++ b/phpBB/includes/db/db_tools.php @@ -1130,7 +1130,7 @@ class phpbb_db_tools */ function sql_index_exists($table_name, $index_name) { - if ($this->sql_layer == 'mssql') + if ($this->sql_layer == 'mssql' || $this->sql_layer == 'mssqlnative') { $sql = "EXEC sp_statistics '$table_name'"; $result = $this->db->sql_query($sql); @@ -1235,7 +1235,7 @@ class phpbb_db_tools */ function sql_unique_index_exists($table_name, $index_name) { - if ($this->sql_layer == 'mssql') + if ($this->sql_layer == 'mssql' || $this->sql_layer == 'mssqlnative') { $sql = "EXEC sp_statistics '$table_name'"; $result = $this->db->sql_query($sql); -- cgit v1.2.1 From 1e2c19f4b443692b18a3a167dc464f63b19da47f Mon Sep 17 00:00:00 2001 From: Oleg Pudeyev Date: Fri, 29 Apr 2011 02:16:02 -0400 Subject: [ticket/10003] Delete EOL at EOF for the benefit of 3.0 modifications. PHPBB3-10003 --- phpBB/includes/db/db_tools.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/db/db_tools.php b/phpBB/includes/db/db_tools.php index fd09ccde3f..483ceee043 100644 --- a/phpBB/includes/db/db_tools.php +++ b/phpBB/includes/db/db_tools.php @@ -2374,4 +2374,4 @@ class phpbb_db_tools } } -?> +?> \ No newline at end of file -- cgit v1.2.1 From 8155bc5a9dbbe5ad6a9ceb722baf4587db8f3689 Mon Sep 17 00:00:00 2001 From: Oleg Pudeyev Date: Sat, 30 Apr 2011 15:39:19 -0400 Subject: [ticket/10067] Clarify language for user activation options in ACP. PHPBB3-10067 --- phpBB/includes/acp/acp_board.php | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index a5e80e1f6d..8f7d08cc8f 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -770,12 +770,18 @@ class acp_board global $user, $config; $radio_ary = array(USER_ACTIVATION_DISABLE => 'ACC_DISABLE', USER_ACTIVATION_NONE => 'ACC_NONE'); + $radio_text = h_radio('config[require_activation]', $radio_ary, $value, $key); if ($config['email_enable']) { - $radio_ary += array(USER_ACTIVATION_SELF => 'ACC_USER', USER_ACTIVATION_ADMIN => 'ACC_ADMIN'); + $radio_ary = array(USER_ACTIVATION_SELF => 'ACC_USER', USER_ACTIVATION_ADMIN => 'ACC_ADMIN'); + // With longer labels the four options no longer fit + // onto a single line. Separate them onto two lines. + // This also requires two h_radio calls to generate HTML. + $radio_text .= '

'; + $radio_text .= h_radio('config[require_activation]', $radio_ary, $value, $key); } - return h_radio('config[require_activation]', $radio_ary, $value, $key); + return $radio_text; } /** -- cgit v1.2.1 From 5254ec27959d8a4b2e6af61d0d28080a81ff86b5 Mon Sep 17 00:00:00 2001 From: rxu Date: Sun, 1 May 2011 13:38:39 +0800 Subject: [ticket/6712] Add phpbb_ function name prefix, more docs, rename current_time PHPBB3-6712 --- phpBB/includes/functions_posting.php | 31 +++++++++++++++++++++---------- 1 file changed, 21 insertions(+), 10 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index ab346afb38..7713c07bc0 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -2611,16 +2611,27 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u return $url; } -/* +/** * Handle topic bumping +* @param int $forum_id The ID of the forum the topic is being bumped belongs to +* @param int $topic_id The ID of the topic is being bumping +* @param array $post_data Passes some topic parameters: +* - 'topic_title' +* - 'topic_last_post_id' +* - 'topic_last_poster_id' +* - 'topic_last_post_subject' +* - 'topic_last_poster_name' +* - 'topic_last_poster_colour' +* @param int $bump_time The time at which topic was bumped, usually it is a current time as obtained via time(). +* @return string An URL to the bumped topic, example: ./viewtopic.php?forum_id=1&topic_id=2&p=3#p3 */ -function bump_topic($forum_id, $topic_id, $post_data, $current_time = false) +function phpbb_bump_topic($forum_id, $topic_id, $post_data, $bump_time = false) { global $config, $db, $user, $phpEx, $phpbb_root_path; - if ($current_time === false) + if ($bump_time === false) { - $current_time = time(); + $bump_time = time(); } // Begin bumping @@ -2628,14 +2639,14 @@ function bump_topic($forum_id, $topic_id, $post_data, $current_time = false) // Update the topic's last post post_time $sql = 'UPDATE ' . POSTS_TABLE . " - SET post_time = $current_time + SET post_time = $bump_time WHERE post_id = {$post_data['topic_last_post_id']} AND topic_id = $topic_id"; $db->sql_query($sql); // Sync the topic's last post time, the rest of the topic's last post data isn't changed $sql = 'UPDATE ' . TOPICS_TABLE . " - SET topic_last_post_time = $current_time, + SET topic_last_post_time = $bump_time, topic_bumped = 1, topic_bumper = " . $user->data['user_id'] . " WHERE topic_id = $topic_id"; @@ -2646,7 +2657,7 @@ function bump_topic($forum_id, $topic_id, $post_data, $current_time = false) SET forum_last_post_id = " . $post_data['topic_last_post_id'] . ", forum_last_poster_id = " . $post_data['topic_last_poster_id'] . ", forum_last_post_subject = '" . $db->sql_escape($post_data['topic_last_post_subject']) . "', - forum_last_post_time = $current_time, + forum_last_post_time = $bump_time, forum_last_poster_name = '" . $db->sql_escape($post_data['topic_last_poster_name']) . "', forum_last_poster_colour = '" . $db->sql_escape($post_data['topic_last_poster_colour']) . "' WHERE forum_id = $forum_id"; @@ -2654,17 +2665,17 @@ function bump_topic($forum_id, $topic_id, $post_data, $current_time = false) // Update bumper's time of the last posting to prevent flood $sql = 'UPDATE ' . USERS_TABLE . " - SET user_lastpost_time = $current_time + SET user_lastpost_time = $bump_time WHERE user_id = " . $user->data['user_id']; $db->sql_query($sql); $db->sql_transaction('commit'); // Mark this topic as posted to - markread('post', $forum_id, $topic_id, $current_time); + markread('post', $forum_id, $topic_id, $bump_time); // Mark this topic as read - markread('topic', $forum_id, $topic_id, $current_time); + markread('topic', $forum_id, $topic_id, $bump_time); // Update forum tracking info if ($config['load_db_lastread'] && $user->data['is_registered']) -- cgit v1.2.1 From 65d956bd81fad62d7bc2f489ea8d3d930e666049 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Thu, 5 May 2011 10:49:54 +0200 Subject: [ticket/10158] Add "Return to Inbox"-link to "PM send"-message. PHPBB3-10158 --- phpBB/includes/ucp/ucp_pm_compose.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index b596e72c41..d7fe0af361 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -741,10 +741,13 @@ function compose_pm($id, $mode, $action) $msg_id = submit_pm($action, $subject, $pm_data); $return_message_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&mode=view&p=' . $msg_id); - $return_folder_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&folder=outbox'); + $return_folder_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&folder=inbox'); + $outbox_folder_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&folder=outbox'); meta_refresh(3, $return_message_url); - $message = $user->lang['MESSAGE_STORED'] . '

' . sprintf($user->lang['VIEW_PRIVATE_MESSAGE'], '', '') . '

' . sprintf($user->lang['CLICK_RETURN_FOLDER'], '', '', $user->lang['PM_OUTBOX']); + $message = $user->lang['MESSAGE_STORED'] . '

' . sprintf($user->lang['VIEW_PRIVATE_MESSAGE'], '', ''); + $message .= '

' . sprintf($user->lang['CLICK_RETURN_FOLDER'], '', '', $user->lang['PM_INBOX']); + $message .= '

' . sprintf($user->lang['CLICK_RETURN_FOLDER'], '', '', $user->lang['PM_OUTBOX']); trigger_error($message); } -- cgit v1.2.1 From 437013194a516932b6f85ba4ee355dcf5836ef19 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Mon, 9 May 2011 12:46:34 +0200 Subject: [ticket/10158] Add return-link to folder, when the user replied from a folder. PHPBB3-10158 --- phpBB/includes/ucp/ucp_pm.php | 4 ++-- phpBB/includes/ucp/ucp_pm_compose.php | 20 +++++++++++++++----- 2 files changed, 17 insertions(+), 7 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/ucp/ucp_pm.php b/phpBB/includes/ucp/ucp_pm.php index e1c51170db..c675928a5b 100644 --- a/phpBB/includes/ucp/ucp_pm.php +++ b/phpBB/includes/ucp/ucp_pm.php @@ -115,7 +115,7 @@ class ucp_pm case 'compose': $action = request_var('action', 'post'); - get_folder($user->data['user_id']); + $user_folders = get_folder($user->data['user_id']); if (!$auth->acl_get('u_sendpm')) { @@ -130,7 +130,7 @@ class ucp_pm } include($phpbb_root_path . 'includes/ucp/ucp_pm_compose.' . $phpEx); - compose_pm($id, $mode, $action); + compose_pm($id, $mode, $action, $user_folders); $tpl_file = 'posting_body'; break; diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index d7fe0af361..6ea702570e 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -20,7 +20,7 @@ if (!defined('IN_PHPBB')) * Compose private message * Called from ucp_pm with mode == 'compose' */ -function compose_pm($id, $mode, $action) +function compose_pm($id, $mode, $action, $user_folders = array()) { global $template, $db, $auth, $user; global $phpbb_root_path, $phpEx, $config; @@ -398,7 +398,7 @@ function compose_pm($id, $mode, $action) unset($message_text); $s_action = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=$id&mode=$mode&action=$action", true, $user->session_id); - $s_action .= ($msg_id) ? "&p=$msg_id" : ''; + $s_action .= (($folder_id) ? "&f=$folder_id" : '') . (($msg_id) ? "&p=$msg_id" : ''); // Delete triggered ? if ($action == 'delete') @@ -741,13 +741,23 @@ function compose_pm($id, $mode, $action) $msg_id = submit_pm($action, $subject, $pm_data); $return_message_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&mode=view&p=' . $msg_id); - $return_folder_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&folder=inbox'); + $inbox_folder_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&folder=inbox'); $outbox_folder_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&folder=outbox'); - meta_refresh(3, $return_message_url); + + $folder_return_message = ''; + $return_message_url = $inbox_folder_url; + if ($folder_id && isset($user_folders[$folder_id])) + { + $return_message_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&folder=' . $folder_id); + $folder_return_message = '

' . sprintf($user->lang['CLICK_RETURN_FOLDER'], '', '', $user_folders[$folder_id]['folder_name']); + } $message = $user->lang['MESSAGE_STORED'] . '

' . sprintf($user->lang['VIEW_PRIVATE_MESSAGE'], '', ''); - $message .= '

' . sprintf($user->lang['CLICK_RETURN_FOLDER'], '', '', $user->lang['PM_INBOX']); + $message .= $folder_return_message; + $message .= '

' . sprintf($user->lang['CLICK_RETURN_FOLDER'], '', '', $user->lang['PM_INBOX']); $message .= '

' . sprintf($user->lang['CLICK_RETURN_FOLDER'], '', '', $user->lang['PM_OUTBOX']); + + meta_refresh(3, $return_message_url); trigger_error($message); } -- cgit v1.2.1 From 4038091382fb9d5e429c1eaee79413f077a54d2d Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Mon, 9 May 2011 23:11:56 +0200 Subject: [ticket/9999] Remove broken and unused L_FORUM_FOLDER_ALT variable. L_FORUM_FOLDER_ALT was supposed to be a language variable but the language variable is never looked up but directly passed as L_FORUM_FOLDER_ALT instead. Also, the expected functionality is correctly implemented by FORUM_FOLDER_IMG_ALT. PHPBB3-9999 --- phpBB/includes/functions_display.php | 1 - 1 file changed, 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php index acaef49fe8..d7422aa2c9 100644 --- a/phpBB/includes/functions_display.php +++ b/phpBB/includes/functions_display.php @@ -477,7 +477,6 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod 'SUBFORUMS' => $s_subforums_list, 'L_SUBFORUM_STR' => $l_subforums, - 'L_FORUM_FOLDER_ALT' => $folder_alt, 'L_MODERATOR_STR' => $l_moderator, 'U_UNAPPROVED_TOPICS' => ($row['forum_id_unapproved_topics']) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&mode=unapproved_topics&f=' . $row['forum_id_unapproved_topics']) : '', -- cgit v1.2.1 From ca981b6d1819560f7722773796ac33407f18cde8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Fr=C3=A8rejean?= Date: Tue, 10 May 2011 23:31:41 +0200 Subject: [ticket/10170] reCaptcha API has been moved. The reCaptcha API has been moved from recaptcha.net to google.com/recaptcha. PHPBB3-10170 --- phpBB/includes/captcha/plugins/phpbb_recaptcha_plugin.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/captcha/plugins/phpbb_recaptcha_plugin.php b/phpBB/includes/captcha/plugins/phpbb_recaptcha_plugin.php index ea171dbe2c..f3bc1a859f 100644 --- a/phpBB/includes/captcha/plugins/phpbb_recaptcha_plugin.php +++ b/phpBB/includes/captcha/plugins/phpbb_recaptcha_plugin.php @@ -27,9 +27,9 @@ if (!class_exists('phpbb_default_captcha')) */ class phpbb_recaptcha extends phpbb_default_captcha { - var $recaptcha_server = 'http://api.recaptcha.net'; - var $recaptcha_server_secure = 'https://api-secure.recaptcha.net'; // class constants :( - var $recaptcha_verify_server = 'api-verify.recaptcha.net'; + var $recaptcha_server = 'http://www.google.com/recaptcha/api'; + var $recaptcha_server_secure = 'https://www.google.com/recaptcha/api'; // class constants :( + var $recaptcha_verify_server = 'http://www.google.com/recaptcha/api/verify'; var $challenge; var $response; -- cgit v1.2.1 From eded608a53b3882a7a42bddf6b1c9f479c2b0304 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Wed, 11 May 2011 03:23:31 +0200 Subject: [ticket/10170] Fix broken recaptcha verification host. PHPBB3-10170 --- phpBB/includes/captcha/plugins/phpbb_recaptcha_plugin.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/captcha/plugins/phpbb_recaptcha_plugin.php b/phpBB/includes/captcha/plugins/phpbb_recaptcha_plugin.php index f3bc1a859f..0b0270f568 100644 --- a/phpBB/includes/captcha/plugins/phpbb_recaptcha_plugin.php +++ b/phpBB/includes/captcha/plugins/phpbb_recaptcha_plugin.php @@ -29,7 +29,12 @@ class phpbb_recaptcha extends phpbb_default_captcha { var $recaptcha_server = 'http://www.google.com/recaptcha/api'; var $recaptcha_server_secure = 'https://www.google.com/recaptcha/api'; // class constants :( - var $recaptcha_verify_server = 'http://www.google.com/recaptcha/api/verify'; + + // We are opening a socket to port 80 of this host and send + // the POST request asking for verification to the path specified here. + var $recaptcha_verify_server = 'www.google.com'; + var $recaptcha_verify_path = '/recaptcha/api/verify'; + var $challenge; var $response; @@ -296,7 +301,7 @@ class phpbb_recaptcha extends phpbb_default_captcha return $user->lang['RECAPTCHA_INCORRECT']; } - $response = $this->_recaptcha_http_post($this->recaptcha_verify_server, '/verify', + $response = $this->_recaptcha_http_post($this->recaptcha_verify_server, $this->recaptcha_verify_path, array( 'privatekey' => $config['recaptcha_privkey'], 'remoteip' => $user->ip, -- cgit v1.2.1 From 9b62500a1068fd9c17409e435b53a33bb1cf6838 Mon Sep 17 00:00:00 2001 From: Oleg Pudeyev Date: Sun, 22 May 2011 06:48:59 -0400 Subject: [ticket/10188] Use ob_get_level in msg_handler for output buffering check. Output buffering may be enabled via various approaches, among them: * output_buffering in php.ini; * output_handler in php.ini enables output_buffering; * ob_start call. ob_get_level allows us to query php runtime for the actual output buffering status. PHPBB3-10188 --- phpBB/includes/functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index ceaf426850..9f1d39118a 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -3743,7 +3743,7 @@ function msg_handler($errno, $msg_text, $errfile, $errline) if (strpos($errfile, 'cache') === false && strpos($errfile, 'template.') === false) { // flush the content, else we get a white page if output buffering is on - if ((int) @ini_get('output_buffering') === 1 || strtolower(@ini_get('output_buffering')) === 'on') + if (ob_get_level() > 0) { @ob_flush(); } -- cgit v1.2.1 From 44cc8153cdfedda1d0733655bc13e5e9beac3431 Mon Sep 17 00:00:00 2001 From: Oleg Pudeyev Date: Sun, 22 May 2011 07:16:40 -0400 Subject: [ticket/10191] Use ob_get_level in exit_handler for output buffering check. Calling flush() when output buffering is enabled causes output to be duplicated. Besides phpBB enabling output buffering for gzip compression, output buffering may be enabled externally to phpBB via output_handler or output_buffering directives in php.ini. Use ob_get_level to determine whether output buffering is active and call ob_flush in that case. PHPBB3-10191 --- phpBB/includes/functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index ceaf426850..22373f6d63 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -4719,7 +4719,7 @@ function exit_handler() } // As a pre-caution... some setups display a blank page if the flush() is not there. - (empty($config['gzip_compress'])) ? @flush() : @ob_flush(); + (ob_get_level() > 0) ? @ob_flush() : @flush(); exit; } -- cgit v1.2.1 From 67449f8f1b1b9eff8430a77d16d6ee2dac1210d9 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Mon, 23 May 2011 12:01:11 +0200 Subject: [ticket/10158] Only view "Return to" links if they are useful. PHPBB3-10158 --- phpBB/includes/ucp/ucp_pm_compose.php | 42 ++++++++++++++++++++++++++++------- 1 file changed, 34 insertions(+), 8 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index 6ea702570e..78b2e7a348 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -135,6 +135,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) } $sql = ''; + $folder_id = 0; // What is all this following SQL for? Well, we need to know // some basic information in all cases before we do anything. @@ -744,18 +745,43 @@ function compose_pm($id, $mode, $action, $user_folders = array()) $inbox_folder_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&folder=inbox'); $outbox_folder_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&folder=outbox'); - $folder_return_message = ''; - $return_message_url = $inbox_folder_url; - if ($folder_id && isset($user_folders[$folder_id])) + $folder_url = ''; + if (($folder_id > 0) && isset($user_folders[$folder_id])) { - $return_message_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&folder=' . $folder_id); - $folder_return_message = '

' . sprintf($user->lang['CLICK_RETURN_FOLDER'], '', '', $user_folders[$folder_id]['folder_name']); + $folder_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&folder=' . $folder_id); } $message = $user->lang['MESSAGE_STORED'] . '

' . sprintf($user->lang['VIEW_PRIVATE_MESSAGE'], '', ''); - $message .= $folder_return_message; - $message .= '

' . sprintf($user->lang['CLICK_RETURN_FOLDER'], '', '', $user->lang['PM_INBOX']); - $message .= '

' . sprintf($user->lang['CLICK_RETURN_FOLDER'], '', '', $user->lang['PM_OUTBOX']); + switch ($action) + { + case 'post': + case 'edit': + if ($folder_url) + { + $message .= '

' . sprintf($user->lang['CLICK_RETURN_FOLDER'], '', '', $user_folders[$folder_id]['folder_name']); + $message .= '

' . sprintf($user->lang['CLICK_GOTO_FOLDER'], '', '', $user->lang['PM_OUTBOX']); + } + else + { + $message .= '

' . sprintf($user->lang['CLICK_RETURN_FOLDER'], '', '', $user->lang['PM_OUTBOX']); + } + break; + + case 'quote': + case 'quotepost': + case 'reply': + case 'forward': + if ($folder_url) + { + $message .= '

' . sprintf($user->lang['CLICK_RETURN_FOLDER'], '', '', $user_folders[$folder_id]['folder_name']); + $message .= '

' . sprintf($user->lang['CLICK_GOTO_FOLDER'], '', '', $user->lang['PM_INBOX']); + } + else + { + $message .= '

' . sprintf($user->lang['CLICK_RETURN_FOLDER'], '', '', $user->lang['PM_INBOX']); + } + break; + } meta_refresh(3, $return_message_url); trigger_error($message); -- cgit v1.2.1 From 83dfe0d22c71df8e5701c812d304ef8918c3190f Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Thu, 26 May 2011 10:43:14 +0200 Subject: [ticket/10195] Return false in session::check_dnsbl() when IPv6 is passed. There is no support for IPv6 addresses in the blacklists we check right now. PHPBB3-10195 --- phpBB/includes/session.php | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'phpBB/includes') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index d803f8d799..2181375dc1 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -1238,6 +1238,12 @@ class session $ip = $this->ip; } + // Neither Spamhaus nor Spamcop supports IPv6 addresses. + if (strpos($ip, ':') !== false) + { + return false; + } + $dnsbl_check = array( 'sbl.spamhaus.org' => 'http://www.spamhaus.org/query/bl?ip=', ); -- cgit v1.2.1 From ebe83769e6efff249f94e5337dcd8fd16593a290 Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Thu, 2 Jun 2011 01:45:12 +0200 Subject: [ticket/9685] Consistently name the new sql_buffer_nested_transactions function PHPBB3-9685 --- phpBB/includes/db/dbal.php | 2 +- phpBB/includes/db/mssqlnative.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/db/dbal.php b/phpBB/includes/db/dbal.php index d7860fc8bc..2f9619c8ea 100644 --- a/phpBB/includes/db/dbal.php +++ b/phpBB/includes/db/dbal.php @@ -246,7 +246,7 @@ class dbal * * @return bool Whether buffering is required. */ - function sql_buffer_nested_transaction() + function sql_buffer_nested_transactions() { return false; } diff --git a/phpBB/includes/db/mssqlnative.php b/phpBB/includes/db/mssqlnative.php index e057e7fe74..6810562d17 100644 --- a/phpBB/includes/db/mssqlnative.php +++ b/phpBB/includes/db/mssqlnative.php @@ -261,7 +261,7 @@ class dbal_mssqlnative extends dbal /** * {@inheritDoc} */ - function sql_buffer_nested_transaction() + function sql_buffer_nested_transactions() { return true; } -- cgit v1.2.1 From 324c913ac9eb3ce158d1c735ee49b62a06d8327b Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Thu, 2 Jun 2011 06:24:28 +0200 Subject: [ticket/9950] Use actual language instead of user's language in overall header PHPBB3-9950 --- phpBB/includes/functions.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 791aa09010..2d9d2c225f 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -4529,7 +4529,7 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0 'T_TEMPLATE_PATH' => "{$web_path}styles/" . $user->theme['template_path'] . '/template', 'T_SUPER_TEMPLATE_PATH' => (isset($user->theme['template_inherit_path']) && $user->theme['template_inherit_path']) ? "{$web_path}styles/" . $user->theme['template_inherit_path'] . '/template' : "{$web_path}styles/" . $user->theme['template_path'] . '/template', 'T_IMAGESET_PATH' => "{$web_path}styles/" . $user->theme['imageset_path'] . '/imageset', - 'T_IMAGESET_LANG_PATH' => "{$web_path}styles/" . $user->theme['imageset_path'] . '/imageset/' . $user->data['user_lang'], + 'T_IMAGESET_LANG_PATH' => "{$web_path}styles/" . $user->theme['imageset_path'] . '/imageset/' . $user->lang_name, 'T_IMAGES_PATH' => "{$web_path}images/", 'T_SMILIES_PATH' => "{$web_path}{$config['smilies_path']}/", 'T_AVATAR_PATH' => "{$web_path}{$config['avatar_path']}/", @@ -4537,7 +4537,7 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0 'T_ICONS_PATH' => "{$web_path}{$config['icons_path']}/", 'T_RANKS_PATH' => "{$web_path}{$config['ranks_path']}/", 'T_UPLOAD_PATH' => "{$web_path}{$config['upload_path']}/", - 'T_STYLESHEET_LINK' => (!$user->theme['theme_storedb']) ? "{$web_path}styles/" . $user->theme['theme_path'] . '/theme/stylesheet.css' : append_sid("{$phpbb_root_path}style.$phpEx", 'id=' . $user->theme['style_id'] . '&lang=' . $user->data['user_lang']), + 'T_STYLESHEET_LINK' => (!$user->theme['theme_storedb']) ? "{$web_path}styles/" . $user->theme['theme_path'] . '/theme/stylesheet.css' : append_sid("{$phpbb_root_path}style.$phpEx", 'id=' . $user->theme['style_id'] . '&lang=' . $user->lang_name), 'T_STYLESHEET_NAME' => $user->theme['theme_name'], 'T_THEME_NAME' => $user->theme['theme_path'], -- cgit v1.2.1 From 7b10f859decdb5d97ffe97e647db52f29f4661f8 Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Thu, 2 Jun 2011 08:45:48 +0200 Subject: [ticket/10005] Add validation of dropdown custom profile field values PHPBB3-10005 --- phpBB/includes/functions_profile_fields.php | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions_profile_fields.php b/phpBB/includes/functions_profile_fields.php index 78fe049f40..1eae2a9ad6 100644 --- a/phpBB/includes/functions_profile_fields.php +++ b/phpBB/includes/functions_profile_fields.php @@ -149,7 +149,18 @@ class custom_profile case FIELD_DROPDOWN: $field_value = (int) $field_value; - + + // retrieve option lang data if necessary + if (!isset($this->options_lang[$field_data['field_id']]) || !isset($this->options_lang[$field_data['field_id']][$field_data['lang_id']]) || !sizeof($this->options_lang[$file_data['field_id']][$field_data['lang_id']])) + { + $this->get_option_lang($field_data['field_id'], $field_data['lang_id'], FIELD_DROPDOWN, false); + } + + if (!isset($this->options_lang[$field_data['field_id']][$field_data['lang_id']][$field_value])) + { + return 'FIELD_INVALID_VALUE'; + } + if ($field_value == $field_data['field_novalue'] && $field_data['field_required']) { return 'FIELD_REQUIRED'; @@ -302,6 +313,7 @@ class custom_profile switch ($cp_result) { case 'FIELD_INVALID_DATE': + case 'FIELD_INVALID_VALUE': case 'FIELD_REQUIRED': $error = sprintf($user->lang[$cp_result], $row['lang_name']); break; -- cgit v1.2.1 From d270f736e3a553042879b9a7918d2e9bd513c659 Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Thu, 2 Jun 2011 09:48:49 +0200 Subject: [ticket/7057] Remove trailing whitespace in functions.php PHPBB3-7057 --- phpBB/includes/functions.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 9a8cc5d6b3..7cbf314309 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -3434,7 +3434,7 @@ function get_preg_expression($mode) * Depends on whether installed PHP version supports unicode properties * * @param string $word word template to be replaced -* @param bool $use_unicode whether or not to take advantage of PCRE supporting unicode +* @param bool $use_unicode whether or not to take advantage of PCRE supporting unicode * * @return string $preg_expr regex to use with word censor */ @@ -3544,7 +3544,7 @@ function phpbb_checkdnsrr($host, $type = 'MX') // but until 5.3.3 it only works for MX records // See: http://bugs.php.net/bug.php?id=51844 - // Call checkdnsrr() if + // Call checkdnsrr() if // we're looking for an MX record or // we're not on Windows or // we're running a PHP version where #51844 has been fixed @@ -3564,7 +3564,7 @@ function phpbb_checkdnsrr($host, $type = 'MX') // dns_get_record() is available since PHP 5; since PHP 5.3 also on Windows, // but on Windows it does not work reliable for AAAA records before PHP 5.3.1 - // Call dns_get_record() if + // Call dns_get_record() if // we're not looking for an AAAA record or // we're not on Windows or // we're running a PHP version where AAAA lookups work reliable @@ -3594,7 +3594,7 @@ function phpbb_checkdnsrr($host, $type = 'MX') foreach ($resultset as $result) { if ( - isset($result['host']) && $result['host'] == $host && + isset($result['host']) && $result['host'] == $host && isset($result['type']) && $result['type'] == $type ) { -- cgit v1.2.1 From 6e8b59dce32032cafeb39c3dc1dfe16e20194683 Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Thu, 2 Jun 2011 09:44:02 +0200 Subject: [ticket/7057] Use GET for quicksearch and add session id to hidden fields Without sid a GET form logs a user out if they have cookies disabled. PHPBB3-7057 --- phpBB/includes/functions.php | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 7cbf314309..ded69d7150 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -4422,6 +4422,12 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0 $user_lang = substr($user_lang, 0, strpos($user_lang, '-x-')); } + $s_search_hidden_fields = array(); + if ($_SID) + { + $s_search_hidden_fields['sid'] = $_SID; + } + // The following assigns all _common_ variables that may be used at any point in a template. $template->assign_vars(array( 'SITENAME' => $config['sitename'], @@ -4511,6 +4517,8 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0 'S_LOAD_UNREADS' => ($config['load_unreads_search'] && ($config['load_anon_lastread'] || $user->data['is_registered'])) ? true : false, + 'S_SEARCH_HIDDEN_FIELDS' => build_hidden_fields($s_search_hidden_fields), + 'T_THEME_PATH' => "{$web_path}styles/" . $user->theme['theme_path'] . '/theme', 'T_TEMPLATE_PATH' => "{$web_path}styles/" . $user->theme['template_path'] . '/template', 'T_SUPER_TEMPLATE_PATH' => (isset($user->theme['template_inherit_path']) && $user->theme['template_inherit_path']) ? "{$web_path}styles/" . $user->theme['template_inherit_path'] . '/template' : "{$web_path}styles/" . $user->theme['template_path'] . '/template', -- cgit v1.2.1 From f11ef89c657b0386ea5686dd8cc35dff79690adb Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Fri, 3 Jun 2011 19:06:12 +0200 Subject: [ticket/8138] Add autocomplete="off" to acp_board and ldap settings PHPBB3-8138 --- phpBB/includes/auth/auth_ldap.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/auth/auth_ldap.php b/phpBB/includes/auth/auth_ldap.php index e8c957aaa3..5dfa74ddab 100644 --- a/phpBB/includes/auth/auth_ldap.php +++ b/phpBB/includes/auth/auth_ldap.php @@ -335,7 +335,7 @@ function acp_ldap(&$new)

' . $user->lang['LDAP_PASSWORD_EXPLAIN'] . '
-
+
'; -- cgit v1.2.1 From 6b6705b852bcd2a86735fa99d00a77426bf12813 Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Sun, 5 Jun 2011 01:57:43 +0200 Subject: [ticket/10158] Remove some code duplication from generating the message. PHPBB3-10158 --- phpBB/includes/ucp/ucp_pm_compose.php | 38 +++++++++-------------------------- 1 file changed, 10 insertions(+), 28 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index 78b2e7a348..05243e3d7a 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -751,37 +751,19 @@ function compose_pm($id, $mode, $action, $user_folders = array()) $folder_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&folder=' . $folder_id); } + $return_box_url = ($action === 'post' || $action === 'edit') ? $outbox_folder_url : $inbox_folder_url; + $return_box_lang = ($action === 'post' || $action === 'edit') ? 'PM_OUTBOX' : 'PM_INBOX'; + + $message = $user->lang['MESSAGE_STORED'] . '

' . sprintf($user->lang['VIEW_PRIVATE_MESSAGE'], '', ''); - switch ($action) - { - case 'post': - case 'edit': - if ($folder_url) - { - $message .= '

' . sprintf($user->lang['CLICK_RETURN_FOLDER'], '', '', $user_folders[$folder_id]['folder_name']); - $message .= '

' . sprintf($user->lang['CLICK_GOTO_FOLDER'], '', '', $user->lang['PM_OUTBOX']); - } - else - { - $message .= '

' . sprintf($user->lang['CLICK_RETURN_FOLDER'], '', '', $user->lang['PM_OUTBOX']); - } - break; - case 'quote': - case 'quotepost': - case 'reply': - case 'forward': - if ($folder_url) - { - $message .= '

' . sprintf($user->lang['CLICK_RETURN_FOLDER'], '', '', $user_folders[$folder_id]['folder_name']); - $message .= '

' . sprintf($user->lang['CLICK_GOTO_FOLDER'], '', '', $user->lang['PM_INBOX']); - } - else - { - $message .= '

' . sprintf($user->lang['CLICK_RETURN_FOLDER'], '', '', $user->lang['PM_INBOX']); - } - break; + $last_click_type = 'CLICK_RETURN_FOLDER'; + if ($folder_url) + { + $message .= '

' . sprintf($user->lang['CLICK_RETURN_FOLDER'], '', '', $user_folders[$folder_id]['folder_name']); + $last_click_type = 'CLICK_GOTO_FOLDER'; } + $message .= '

' . sprintf($user->lang[$last_click_type], '', '', $user->lang[$return_box_lang]); meta_refresh(3, $return_message_url); trigger_error($message); -- cgit v1.2.1 From 26e052bb26a683bff17d86ae2beecc66ffcd93cf Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Sun, 5 Jun 2011 09:52:17 +0200 Subject: [ticket/10067] Add separator to h_radio to place options on individual lines The previous mechanism for account activation resulted in two h_radio calls with identical id attributes for two elements. PHPBB3/10067 --- phpBB/includes/acp/acp_board.php | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index 8f7d08cc8f..d38c4d58ba 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -769,18 +769,19 @@ class acp_board { global $user, $config; - $radio_ary = array(USER_ACTIVATION_DISABLE => 'ACC_DISABLE', USER_ACTIVATION_NONE => 'ACC_NONE'); - $radio_text = h_radio('config[require_activation]', $radio_ary, $value, $key); + $radio_ary = array( + USER_ACTIVATION_DISABLE => 'ACC_DISABLE', + USER_ACTIVATION_NONE => 'ACC_NONE', + ); + if ($config['email_enable']) { - $radio_ary = array(USER_ACTIVATION_SELF => 'ACC_USER', USER_ACTIVATION_ADMIN => 'ACC_ADMIN'); - // With longer labels the four options no longer fit - // onto a single line. Separate them onto two lines. - // This also requires two h_radio calls to generate HTML. - $radio_text .= '

'; - $radio_text .= h_radio('config[require_activation]', $radio_ary, $value, $key); + $radio_ary[USER_ACTIVATION_SELF] = 'ACC_USER'; + $radio_ary[USER_ACTIVATION_ADMIN] = 'ACC_ADMIN'; } + $radio_text = h_radio('config[require_activation]', $radio_ary, $value, 'require_activation', $key, '
'); + return $radio_text; } -- cgit v1.2.1 From 16ab0d8c264d88db5e3e961e66e6820b365f45ac Mon Sep 17 00:00:00 2001 From: rxu Date: Sun, 17 Apr 2011 17:58:11 +0800 Subject: [ticket/217] Multiline [url] not converted This is the second attempt parse multiline URL text, see the ticket comments. PHPBB3-217 --- phpBB/includes/message_parser.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index 6951dcf820..8f5e72cbf7 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -109,13 +109,15 @@ class bbcode_firstpass extends bbcode // This array holds all bbcode data. BBCodes will be processed in this // order, so it is important to keep [code] in first position and // [quote] in second position. + // To parse multiline URL we enable dotall option setting only for URL text + // but not for link itself, thus [url][/url] is not affected. $this->bbcodes = array( 'code' => array('bbcode_id' => 8, 'regexp' => array('#\[code(?:=([a-z]+))?\](.+\[/code\])#uise' => "\$this->bbcode_code('\$1', '\$2')")), 'quote' => array('bbcode_id' => 0, 'regexp' => array('#\[quote(?:="(.*?)")?\](.+)\[/quote\]#uise' => "\$this->bbcode_quote('\$0')")), 'attachment' => array('bbcode_id' => 12, 'regexp' => array('#\[attachment=([0-9]+)\](.*?)\[/attachment\]#uise' => "\$this->bbcode_attachment('\$1', '\$2')")), 'b' => array('bbcode_id' => 1, 'regexp' => array('#\[b\](.*?)\[/b\]#uise' => "\$this->bbcode_strong('\$1')")), 'i' => array('bbcode_id' => 2, 'regexp' => array('#\[i\](.*?)\[/i\]#uise' => "\$this->bbcode_italic('\$1')")), - 'url' => array('bbcode_id' => 3, 'regexp' => array('#\[url(=(.*))?\](.*)\[/url\]#uiUe' => "\$this->validate_url('\$2', '\$3')")), + 'url' => array('bbcode_id' => 3, 'regexp' => array('#\[url(=(.*))?\](?(1)((?s).*(?-s))|(.*))\[/url\]#uiUe' => "\$this->validate_url('\$2', '\$3')")), 'img' => array('bbcode_id' => 4, 'regexp' => array('#\[img\](.*)\[/img\]#uiUe' => "\$this->bbcode_img('\$1')")), 'size' => array('bbcode_id' => 5, 'regexp' => array('#\[size=([\-\+]?\d+)\](.*?)\[/size\]#uise' => "\$this->bbcode_size('\$1', '\$2')")), 'color' => array('bbcode_id' => 6, 'regexp' => array('!\[color=(#[0-9a-f]{3}|#[0-9a-f]{6}|[a-z\-]+)\](.*?)\[/color\]!uise' => "\$this->bbcode_color('\$1', '\$2')")), -- cgit v1.2.1 From 6585d938d2c441900d8af6d25da2433d3beec856 Mon Sep 17 00:00:00 2001 From: rxu Date: Sun, 5 Jun 2011 21:55:28 +0800 Subject: [ticket/217] Adjust patch, add tests PHPBB3-217 --- phpBB/includes/message_parser.php | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index 8f5e72cbf7..a6a4e530f0 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -102,7 +102,7 @@ class bbcode_firstpass extends bbcode /** * Init bbcode data for later parsing */ - function bbcode_init() + function bbcode_init($no_custom_bbcode = false) { static $rowset; @@ -117,7 +117,7 @@ class bbcode_firstpass extends bbcode 'attachment' => array('bbcode_id' => 12, 'regexp' => array('#\[attachment=([0-9]+)\](.*?)\[/attachment\]#uise' => "\$this->bbcode_attachment('\$1', '\$2')")), 'b' => array('bbcode_id' => 1, 'regexp' => array('#\[b\](.*?)\[/b\]#uise' => "\$this->bbcode_strong('\$1')")), 'i' => array('bbcode_id' => 2, 'regexp' => array('#\[i\](.*?)\[/i\]#uise' => "\$this->bbcode_italic('\$1')")), - 'url' => array('bbcode_id' => 3, 'regexp' => array('#\[url(=(.*))?\](?(1)((?s).*(?-s))|(.*))\[/url\]#uiUe' => "\$this->validate_url('\$2', '\$3')")), + 'url' => array('bbcode_id' => 3, 'regexp' => array('#\[url(=(.*))?\](?(1)((?s).*(?-s))|(.*))\[/url\]#uiUe' => "\$this->validate_url('\$2', ('\$3') ? '\$3' : '\$4')")), 'img' => array('bbcode_id' => 4, 'regexp' => array('#\[img\](.*)\[/img\]#uiUe' => "\$this->bbcode_img('\$1')")), 'size' => array('bbcode_id' => 5, 'regexp' => array('#\[size=([\-\+]?\d+)\](.*?)\[/size\]#uise' => "\$this->bbcode_size('\$1', '\$2')")), 'color' => array('bbcode_id' => 6, 'regexp' => array('!\[color=(#[0-9a-f]{3}|#[0-9a-f]{6}|[a-z\-]+)\](.*?)\[/color\]!uise' => "\$this->bbcode_color('\$1', '\$2')")), @@ -135,6 +135,11 @@ class bbcode_firstpass extends bbcode $this->parsed_items[$tag] = 0; } + if ($no_custom_bbcode) + { + return; + } + if (!is_array($rowset)) { global $db; @@ -970,7 +975,7 @@ class bbcode_firstpass extends bbcode } // Is this a link to somewhere inside this board? If so then remove the session id from the url - if (strpos($url, generate_board_url()) !== false && strpos($url, 'sid=') !== false) + if (strpos($url, @generate_board_url()) !== false && strpos($url, 'sid=') !== false) { $url = preg_replace('/(&|\?)sid=[0-9a-f]{32}&/', '\1', $url); $url = preg_replace('/(&|\?)sid=[0-9a-f]{32}$/', '', $url); -- cgit v1.2.1 From d44b6ba5caeafe220b4959a6de99d035fe10b4f1 Mon Sep 17 00:00:00 2001 From: rxu Date: Mon, 6 Jun 2011 00:50:53 +0800 Subject: [ticket/217] Use positive parameter statement for bbcode_init() PHPBB3-217 --- phpBB/includes/message_parser.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index a6a4e530f0..9e0e61d0ba 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -102,7 +102,7 @@ class bbcode_firstpass extends bbcode /** * Init bbcode data for later parsing */ - function bbcode_init($no_custom_bbcode = false) + function bbcode_init($allow_custom_bbcode = true) { static $rowset; @@ -135,7 +135,7 @@ class bbcode_firstpass extends bbcode $this->parsed_items[$tag] = 0; } - if ($no_custom_bbcode) + if (!$allow_custom_bbcode) { return; } -- cgit v1.2.1 From 2d1e426ba745fa5b0b7666e5fe4a5fee97caccd7 Mon Sep 17 00:00:00 2001 From: Oleg Pudeyev Date: Sun, 5 Jun 2011 13:23:55 -0400 Subject: [ticket/217] Silence errors in tests, not code. Use a mock user object for testing bbcode. PHPBB3-217 --- phpBB/includes/message_parser.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index 9e0e61d0ba..a134fab5d3 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -975,7 +975,7 @@ class bbcode_firstpass extends bbcode } // Is this a link to somewhere inside this board? If so then remove the session id from the url - if (strpos($url, @generate_board_url()) !== false && strpos($url, 'sid=') !== false) + if (strpos($url, generate_board_url()) !== false && strpos($url, 'sid=') !== false) { $url = preg_replace('/(&|\?)sid=[0-9a-f]{32}&/', '\1', $url); $url = preg_replace('/(&|\?)sid=[0-9a-f]{32}$/', '', $url); -- cgit v1.2.1 From 2dee57fd43ebe1cf1f43fb0161cdd5f072eeaa63 Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Fri, 10 Jun 2011 12:02:59 +0200 Subject: [ticket/9992] Adding a limit on login attempts per IP. A new table was created to save all failed login attempts with corresponding information on username, ip and useragent. By default the limit is 50 login attempts within 6 hours per IP. The limit is relatively high to avoid big problems on sites behind a reverse proxy that don't receive the forwarded-for value as REMOTE_ADDR but see all users as coming from the same IP address. But if these users run into problems a special forwarded-for option is available to limit logins by forwarded-for value instead of ip. PHPBB3-9992 --- phpBB/includes/acp/acp_board.php | 3 ++ phpBB/includes/auth.php | 2 +- phpBB/includes/auth/auth_db.php | 66 +++++++++++++++++++++++++++++++++++++--- phpBB/includes/constants.php | 1 + phpBB/includes/db/db_tools.php | 13 ++++++++ phpBB/includes/session.php | 4 +++ 6 files changed, 84 insertions(+), 5 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index d38c4d58ba..9f00145f3b 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -386,6 +386,9 @@ class acp_board 'pass_complex' => array('lang' => 'PASSWORD_TYPE', 'validate' => 'string', 'type' => 'select', 'method' => 'select_password_chars', 'explain' => true), 'chg_passforce' => array('lang' => 'FORCE_PASS_CHANGE', 'validate' => 'int:0', 'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']), 'max_login_attempts' => array('lang' => 'MAX_LOGIN_ATTEMPTS', 'validate' => 'int:0', 'type' => 'text:3:3', 'explain' => true), + 'ip_login_limit_max' => array('lang' => 'IP_LOGIN_LIMIT_MAX', 'validate' => 'int:0', 'type' => 'text:3:3', 'explain' => true), + 'ip_login_limit_time' => array('lang' => 'IP_LOGIN_LIMIT_TIME', 'validate' => 'int:0', 'type' => 'text:5:5', 'explain' => true), + 'ip_login_limit_use_forwarded' => array('lang' => 'IP_LOGIN_LIMIT_USE_FORWARDED', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'tpl_allow_php' => array('lang' => 'TPL_ALLOW_PHP', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'form_token_lifetime' => array('lang' => 'FORM_TIME_MAX', 'validate' => 'int:-1', 'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']), 'form_token_sid_guests' => array('lang' => 'FORM_SID_GUESTS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), diff --git a/phpBB/includes/auth.php b/phpBB/includes/auth.php index 8324cb4977..5564de2943 100644 --- a/phpBB/includes/auth.php +++ b/phpBB/includes/auth.php @@ -908,7 +908,7 @@ class auth $method = 'login_' . $method; if (function_exists($method)) { - $login = $method($username, $password); + $login = $method($username, $password, $user->ip, $user->browser, $user->forwarded_for); // If the auth module wants us to create an empty profile do so and then treat the status as LOGIN_SUCCESS if ($login['status'] == LOGIN_SUCCESS_CREATE_PROFILE) diff --git a/phpBB/includes/auth/auth_db.php b/phpBB/includes/auth/auth_db.php index e04a6307e9..e155130e04 100644 --- a/phpBB/includes/auth/auth_db.php +++ b/phpBB/includes/auth/auth_db.php @@ -23,8 +23,21 @@ if (!defined('IN_PHPBB')) /** * Login function +* +* @param string $username +* @param string $password +* @param string $ip IP address the login is taking place from. Used to +* limit the number of login attempts per IP address. +* @param string $browser The user agent used to login +* @param string $forwarded_for X_FORWARDED_FOR header sent with login request +* @return array A associative array of the format +* array( +* 'status' => status constant +* 'error_msg' => string +* 'user_row' => array +* ) */ -function login_db(&$username, &$password) +function login_db($username, $password, $ip = '', $browser = '', $forwarded_for = '') { global $db, $config; @@ -47,13 +60,52 @@ function login_db(&$username, &$password) ); } + $username_clean = utf8_clean_string($username); + $sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts FROM ' . USERS_TABLE . " - WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; + WHERE username_clean = '" . $db->sql_escape($username_clean) . "'"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); + if (($ip && !$config['ip_login_limit_use_forwarded']) || + ($forwarded_for && $config['ip_login_limit_use_forwarded'])) + { + $sql = 'SELECT COUNT(attempt_id) AS count + FROM ' . LOGIN_ATTEMPT_TABLE . ' + WHERE attempt_time > ' . (time() - (int) $config['ip_login_limit_time']); + if ($config['ip_login_limit_use_forwarded']) + { + $sql .= " AND attempt_forwarded_for = '" . $db->sql_escape($forwarded_for) . "'"; + } + else + { + $sql .= " AND attempt_ip = '" . $db->sql_escape($ip) . "' "; + } + + $result = $db->sql_query($sql); + $attempts_row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + $attempts = $attempts_row['count']; + + $attempt_data = array( + 'attempt_ip' => $ip, + 'attempt_browser' => $browser, + 'attempt_forwarded_for' => $forwarded_for, + 'attempt_time' => time(), + 'user_id' => ($row) ? (int) $row['user_id'] : 0, + 'username' => $username, + 'username_clean' => $username_clean, + ); + $sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $db->sql_build_array('INSERT', $attempt_data); + $result = $db->sql_query($sql); + } + else + { + $attempts = 0; + } + if (!$row) { return array( @@ -62,7 +114,9 @@ function login_db(&$username, &$password) 'user_row' => array('user_id' => ANONYMOUS), ); } - $show_captcha = $config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts']; + + $show_captcha = ($config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts']) || + ($config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max']); // If there are too much login attempts, we need to check for an confirm image // Every auth module is able to define what to do by itself... @@ -90,7 +144,7 @@ function login_db(&$username, &$password) { $captcha->reset(); } - + } // If the password convert flag is set we need to convert it @@ -165,6 +219,10 @@ function login_db(&$username, &$password) $row['user_password'] = $hash; } + $sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . ' + WHERE user_id = ' . $row['user_id']; + $db->sql_query($sql); + if ($row['user_login_attempts'] != 0) { // Successful, reset login attempts (the user passed all stages) diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index ea34eb8e81..b5a0aa893a 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -236,6 +236,7 @@ define('GROUPS_TABLE', $table_prefix . 'groups'); define('ICONS_TABLE', $table_prefix . 'icons'); define('LANG_TABLE', $table_prefix . 'lang'); define('LOG_TABLE', $table_prefix . 'log'); +define('LOGIN_ATTEMPT_TABLE', $table_prefix . 'login_attempts'); define('MODERATOR_CACHE_TABLE', $table_prefix . 'moderator_cache'); define('MODULES_TABLE', $table_prefix . 'modules'); define('POLL_OPTIONS_TABLE', $table_prefix . 'poll_options'); diff --git a/phpBB/includes/db/db_tools.php b/phpBB/includes/db/db_tools.php index 483ceee043..fdefda9e26 100644 --- a/phpBB/includes/db/db_tools.php +++ b/phpBB/includes/db/db_tools.php @@ -638,6 +638,19 @@ class phpbb_db_tools $sqlite = true; } + // Add tables? + if (!empty($schema_changes['add_tables'])) + { + foreach ($schema_changes['add_tables'] as $table => $table_data) + { + $result = $this->sql_create_table($table, $table_data); + if ($this->return_statements) + { + $statements = array_merge($statements, $result); + } + } + } + // Change columns? if (!empty($schema_changes['change_columns'])) { diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index ceb22c197c..69369ff72d 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -1005,6 +1005,10 @@ class session include($phpbb_root_path . "includes/captcha/captcha_factory." . $phpEx); } phpbb_captcha_factory::garbage_collect($config['captcha_plugin']); + + $sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . ' + WHERE attempt_time < ' . (time() - (int) $config['ip_login_limit_time']); + $db->sql_query($sql); } return; -- cgit v1.2.1 From c8828473a85a061889f58e900036ddb90f38652c Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Fri, 10 Jun 2011 18:37:29 +0200 Subject: [ticket/9992] Use sql_fetchfield for single row and single column result PHPBB3-9992 --- phpBB/includes/auth/auth_db.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/auth/auth_db.php b/phpBB/includes/auth/auth_db.php index e155130e04..02c9386f33 100644 --- a/phpBB/includes/auth/auth_db.php +++ b/phpBB/includes/auth/auth_db.php @@ -85,9 +85,8 @@ function login_db($username, $password, $ip = '', $browser = '', $forwarded_for } $result = $db->sql_query($sql); - $attempts_row = $db->sql_fetchrow($result); + $attempts = (int) $db->sql_fetchfield('count'); $db->sql_freeresult($result); - $attempts = $attempts_row['count']; $attempt_data = array( 'attempt_ip' => $ip, -- cgit v1.2.1 From b5cefc400e6a8c3500b8ed5126548e3cbb727858 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Wed, 19 Jan 2011 03:47:51 +0100 Subject: [ticket/9908] Send 301 before stripping SID so bots do (hopefully) not revisit. PHPBB3-9908 --- phpBB/includes/session.php | 1 + 1 file changed, 1 insertion(+) (limited to 'phpBB/includes') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index ceb22c197c..7db319493b 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -592,6 +592,7 @@ class session // otherwise they'll index this page with the SID, duplicate content oh my! if ($bot && isset($_GET['sid'])) { + send_status_line(301, 'Moved Permanently'); redirect(build_url(array('sid'))); } -- cgit v1.2.1 From b9f4240c103734b33aeab809312fcef8e32c396e Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Sat, 11 Jun 2011 01:47:50 +0200 Subject: [ticket/10110] Remove multi-server syntax from Redis ACM. PHPBB3-10110 --- phpBB/includes/acm/acm_redis.php | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acm/acm_redis.php b/phpBB/includes/acm/acm_redis.php index 8954b9d0e7..41533eaacb 100644 --- a/phpBB/includes/acm/acm_redis.php +++ b/phpBB/includes/acm/acm_redis.php @@ -31,12 +31,6 @@ if (!defined('PHPBB_ACM_REDIS_HOST')) define('PHPBB_ACM_REDIS_HOST', 'localhost'); } -if (!defined('PHPBB_ACM_REDIS')) -{ - //can define multiple servers with host1/port1,host2/port2 format - define('PHPBB_ACM_REDIS', PHPBB_ACM_REDIS_HOST . '/' . PHPBB_ACM_REDIS_PORT); -} - /** * ACM for Redis * @@ -57,11 +51,7 @@ class acm extends acm_memory parent::acm_memory(); $this->redis = new Redis(); - foreach (explode(',', PHPBB_ACM_REDIS) as $server) - { - $parts = explode('/', $server); - $this->redis->connect(trim($parts[0]), trim($parts[1])); - } + $this->redis->connect(PHPBB_ACM_REDIS_HOST, PHPBB_ACM_REDIS_PORT); if (defined('PHPBB_ACM_REDIS_PASSWORD')) { -- cgit v1.2.1 From 418c3d546a5ea29b5ce338e4710e0d3636009733 Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Sun, 12 Jun 2011 01:21:55 +0200 Subject: [ticket/9892] column & index name limits, firebird auto increment in db_tools - Column names are limited to 30 characters - Index names are limited to 31 characters. On some dbms the index name contains both table name and actual index name so the limit applies to the sum of the lenghts of table name and index name. - Auto incremented column names are limited to 26 characters to provide an additional 4 characters for sequence names The code for firebird auto increment support using generators/sequences with triggers was copied from create_schema_files.php PHPBB3-9892 --- phpBB/includes/db/db_tools.php | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/db/db_tools.php b/phpBB/includes/db/db_tools.php index fdefda9e26..0e3173c23e 100644 --- a/phpBB/includes/db/db_tools.php +++ b/phpBB/includes/db/db_tools.php @@ -417,6 +417,11 @@ class phpbb_db_tools // here lies an array, filled with information compiled on the column's data $prepared_column = $this->sql_prepare_column_data($table_name, $column_name, $column_data); + if (isset($prepared_column['auto_increment']) && strlen($column_name) > 26) // "${column_name}_gen" + { + trigger_error("Index name '${column_name}_gen' on table '$table_name' is too long. The maximum is 30 characters.", E_USER_ERROR); + } + // here we add the definition of the new column to the list of columns switch ($this->sql_layer) { @@ -566,7 +571,13 @@ class phpbb_db_tools case 'firebird': if ($create_sequence) { - $statements[] = "CREATE SEQUENCE {$table_name}_seq;"; + $statements[] = "CREATE GENERATOR {$table_name}_gen;"; + $statements[] = "SET GENERATOR {$table_name}_gen TO 0;"; + + $trigger = "CREATE TRIGGER t_$table_name FOR $table_name\n"; + $trigger .= "BEFORE INSERT\nAS\nBEGIN\n"; + $trigger .= "\tNEW.{$create_sequence} = GEN_ID({$table_name}_gen, 1);\nEND;"; + $statements[] = $trigger; } break; } @@ -1400,6 +1411,11 @@ class phpbb_db_tools */ function sql_prepare_column_data($table_name, $column_name, $column_data) { + if (strlen($column_name) > 30) + { + trigger_error("Column name '$column_name' on table '$table_name' is too long. The maximum is 30 characters.", E_USER_ERROR); + } + // Get type if (strpos($column_data[0], ':') !== false) { @@ -2040,6 +2056,11 @@ class phpbb_db_tools { $statements = array(); + if (strlen($table_name . $index_name) > 30) + { + trigger_error("Index name '{$table_name}_$index_name' on table '$table_name' is too long. The maximum is 30 characters.", E_USER_ERROR); + } + switch ($this->sql_layer) { case 'firebird': @@ -2070,6 +2091,11 @@ class phpbb_db_tools { $statements = array(); + if (strlen($table_name . $index_name) > 30) + { + trigger_error("Index name '${table_name}_$index_name' on table '$table_name' is too long. The maximum is 30 characters.", E_USER_ERROR); + } + // remove index length unless MySQL4 if ('mysql_40' != $this->sql_layer) { -- cgit v1.2.1 From 8a5e3781d53e3df379c55166136abd6e71990af4 Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Sun, 12 Jun 2011 01:25:15 +0200 Subject: [ticket/9892] Shorten the index names on the q&a captcha PHPBB3-9892 --- phpBB/includes/captcha/plugins/phpbb_captcha_qa_plugin.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/captcha/plugins/phpbb_captcha_qa_plugin.php b/phpBB/includes/captcha/plugins/phpbb_captcha_qa_plugin.php index 49a64b9339..45f76bd676 100644 --- a/phpBB/includes/captcha/plugins/phpbb_captcha_qa_plugin.php +++ b/phpBB/includes/captcha/plugins/phpbb_captcha_qa_plugin.php @@ -319,7 +319,7 @@ class phpbb_captcha_qa ), 'PRIMARY_KEY' => 'question_id', 'KEYS' => array( - 'lang_iso' => array('INDEX', 'lang_iso'), + 'lang' => array('INDEX', 'lang_iso'), ), ), CAPTCHA_ANSWERS_TABLE => array ( @@ -328,7 +328,7 @@ class phpbb_captcha_qa 'answer_text' => array('STEXT_UNI', ''), ), 'KEYS' => array( - 'question_id' => array('INDEX', 'question_id'), + 'qid' => array('INDEX', 'question_id'), ), ), CAPTCHA_QA_CONFIRM_TABLE => array ( -- cgit v1.2.1 From ef544ee095f2decde39cc537d3d675642b7c80f2 Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Sun, 12 Jun 2011 04:10:51 +0200 Subject: [ticket/9892] Table prefix lengths influence index lengths in db_tools PHPBB3-9892 --- phpBB/includes/db/db_tools.php | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/db/db_tools.php b/phpBB/includes/db/db_tools.php index 0e3173c23e..c1af2782f8 100644 --- a/phpBB/includes/db/db_tools.php +++ b/phpBB/includes/db/db_tools.php @@ -419,7 +419,7 @@ class phpbb_db_tools if (isset($prepared_column['auto_increment']) && strlen($column_name) > 26) // "${column_name}_gen" { - trigger_error("Index name '${column_name}_gen' on table '$table_name' is too long. The maximum is 30 characters.", E_USER_ERROR); + trigger_error("Index name '${column_name}_gen' on table '$table_name' is too long. The maximum auto increment column length is 26 characters.", E_USER_ERROR); } // here we add the definition of the new column to the list of columns @@ -2056,9 +2056,11 @@ class phpbb_db_tools { $statements = array(); - if (strlen($table_name . $index_name) > 30) + $table_prefix = substr(CONFIG_TABLE, 0, -6); // strlen(config) + if (strlen($table_name . $index_name) - strlen($table_prefix) > 24) { - trigger_error("Index name '{$table_name}_$index_name' on table '$table_name' is too long. The maximum is 30 characters.", E_USER_ERROR); + $max_length = $table_prefix + 24; + trigger_error("Index name '{$table_name}_$index_name' on table '$table_name' is too long. The maximum is $max_length characters.", E_USER_ERROR); } switch ($this->sql_layer) @@ -2091,9 +2093,11 @@ class phpbb_db_tools { $statements = array(); - if (strlen($table_name . $index_name) > 30) + $table_prefix = substr(CONFIG_TABLE, 0, -6); // strlen(config) + if (strlen($table_name . $index_name) - strlen($table_prefix) > 24) { - trigger_error("Index name '${table_name}_$index_name' on table '$table_name' is too long. The maximum is 30 characters.", E_USER_ERROR); + $max_length = $table_prefix + 24; + trigger_error("Index name '{$table_name}_$index_name' on table '$table_name' is too long. The maximum is $max_length characters.", E_USER_ERROR); } // remove index length unless MySQL4 -- cgit v1.2.1 From ef977abe596fdc926e84e10fd994278665d38417 Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Sun, 12 Jun 2011 11:33:55 +0200 Subject: [ticket/9892] count is a keyword in firebird, so renaming this alias PHPBB3-9892 --- phpBB/includes/auth/auth_db.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/auth/auth_db.php b/phpBB/includes/auth/auth_db.php index 02c9386f33..fe3ea30b2a 100644 --- a/phpBB/includes/auth/auth_db.php +++ b/phpBB/includes/auth/auth_db.php @@ -72,7 +72,7 @@ function login_db($username, $password, $ip = '', $browser = '', $forwarded_for if (($ip && !$config['ip_login_limit_use_forwarded']) || ($forwarded_for && $config['ip_login_limit_use_forwarded'])) { - $sql = 'SELECT COUNT(attempt_id) AS count + $sql = 'SELECT COUNT(attempt_id) AS attempts FROM ' . LOGIN_ATTEMPT_TABLE . ' WHERE attempt_time > ' . (time() - (int) $config['ip_login_limit_time']); if ($config['ip_login_limit_use_forwarded']) @@ -85,7 +85,7 @@ function login_db($username, $password, $ip = '', $browser = '', $forwarded_for } $result = $db->sql_query($sql); - $attempts = (int) $db->sql_fetchfield('count'); + $attempts = (int) $db->sql_fetchfield('attempts'); $db->sql_freeresult($result); $attempt_data = array( -- cgit v1.2.1 From 7232ca4102f7af992abe80037c3414f4d6b7768d Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Sat, 11 Jun 2011 02:29:11 +0200 Subject: [develop-olympus] Bumping version number for 3.0.9-RC1. --- phpBB/includes/constants.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index b5a0aa893a..9cde068773 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -25,7 +25,7 @@ if (!defined('IN_PHPBB')) */ // phpBB Version -define('PHPBB_VERSION', '3.0.9-dev'); +define('PHPBB_VERSION', '3.0.9-RC1'); // QA-related // define('PHPBB_QA', 1); -- cgit v1.2.1 From c090e1c9e9fc2e435a4ae2f63923955d66dccd6d Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Mon, 13 Jun 2011 06:14:59 +0200 Subject: [ticket/10214] Correct Oracle create table query syntax in db_tools Removes the semicolon at end of oracle CREATE TABLE queries and adds a semicolon to the end of a SELECT query inside of the trigger for a new table's auto increment column before the end keyword PHPBB3-10214 --- phpBB/includes/db/db_tools.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/db/db_tools.php b/phpBB/includes/db/db_tools.php index c1af2782f8..50e308dea2 100644 --- a/phpBB/includes/db/db_tools.php +++ b/phpBB/includes/db/db_tools.php @@ -543,7 +543,7 @@ class phpbb_db_tools break; case 'oracle': - $table_sql .= "\n);"; + $table_sql .= "\n)"; $statements[] = $table_sql; // do we need to add a sequence and a tigger for auto incrementing columns? @@ -561,7 +561,7 @@ class phpbb_db_tools $trigger .= "BEGIN\n"; $trigger .= "\tSELECT {$table_name}_seq.nextval\n"; $trigger .= "\tINTO :new.{$create_sequence}\n"; - $trigger .= "\tFROM dual\n"; + $trigger .= "\tFROM dual;\n"; $trigger .= "END;"; $statements[] = $trigger; -- cgit v1.2.1 From f8eb15471488fe5f84669a9abbc2fc3a705903de Mon Sep 17 00:00:00 2001 From: Yuriy Rusko Date: Tue, 14 Jun 2011 06:11:35 -0400 Subject: [ticket/10218] Moving global deregistration, etc. to startup.php Because startup.php deletes all variables, the constants in database_update are used to preserve settings at the top. PHPBB3-10218 --- phpBB/includes/startup.php | 121 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 121 insertions(+) create mode 100644 phpBB/includes/startup.php (limited to 'phpBB/includes') diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php new file mode 100644 index 0000000000..2958277174 --- /dev/null +++ b/phpBB/includes/startup.php @@ -0,0 +1,121 @@ + true, + '_GET' => true, + '_POST' => true, + '_COOKIE' => true, + '_REQUEST' => true, + '_SERVER' => true, + '_SESSION' => true, + '_ENV' => true, + '_FILES' => true, + 'phpEx' => true, + 'phpbb_root_path' => true + ); + + // Not only will array_merge and array_keys give a warning if + // a parameter is not an array, array_merge will actually fail. + // So we check if _SESSION has been initialised. + if (!isset($_SESSION) || !is_array($_SESSION)) + { + $_SESSION = array(); + } + + // Merge all into one extremely huge array; unset this later + $input = array_merge( + array_keys($_GET), + array_keys($_POST), + array_keys($_COOKIE), + array_keys($_SERVER), + array_keys($_SESSION), + array_keys($_ENV), + array_keys($_FILES) + ); + + foreach ($input as $varname) + { + if (isset($not_unset[$varname])) + { + // Hacking attempt. No point in continuing unless it's a COOKIE (so a cookie called GLOBALS doesn't lock users out completely) + if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS'])) + { + exit; + } + else + { + $cookie = &$_COOKIE; + while (isset($cookie['GLOBALS'])) + { + if (!is_array($cookie['GLOBALS'])) + { + break; + } + + foreach ($cookie['GLOBALS'] as $registered_var => $value) + { + if (!isset($not_unset[$registered_var])) + { + unset($GLOBALS[$registered_var]); + } + } + $cookie = &$cookie['GLOBALS']; + } + } + } + + unset($GLOBALS[$varname]); + } + + unset($input); +} + +// If we are on PHP >= 6.0.0 we do not need some code +if (version_compare(PHP_VERSION, '6.0.0-dev', '>=')) +{ + /** + * @ignore + */ + define('STRIP', false); +} +else +{ + @set_magic_quotes_runtime(0); + + // Be paranoid with passed vars + if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on' || !function_exists('ini_get')) + { + deregister_globals(); + } + + define('STRIP', (get_magic_quotes_gpc()) ? true : false); +} -- cgit v1.2.1 From 4bb98fb0463d543f60201c3f8435ada3e0b070da Mon Sep 17 00:00:00 2001 From: Yuriy Rusko Date: Wed, 15 Jun 2011 00:50:12 -0400 Subject: [ticket/10218] Prevent startime from being overwritten by deregister_globals() PHPBB3-10218 --- phpBB/includes/startup.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php index 2958277174..be46c17ba6 100644 --- a/phpBB/includes/startup.php +++ b/phpBB/includes/startup.php @@ -13,8 +13,6 @@ if (!defined('IN_PHPBB')) { exit; } -$starttime = explode(' ', microtime()); -$starttime = $starttime[1] + $starttime[0]; // Report all errors, except notices and deprecation messages if (!defined('E_DEPRECATED')) @@ -119,3 +117,6 @@ else define('STRIP', (get_magic_quotes_gpc()) ? true : false); } + +$starttime = explode(' ', microtime()); +$starttime = $starttime[1] + $starttime[0]; -- cgit v1.2.1 From 74785a8bdaab17cd698028ac0c8ccfb3c570cd5d Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Wed, 15 Jun 2011 18:10:15 +0200 Subject: [ticket/10220] Limit user agent value length for storage in login attempt table PHPBB3-10220 --- phpBB/includes/auth/auth_db.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/auth/auth_db.php b/phpBB/includes/auth/auth_db.php index fe3ea30b2a..018d5cce70 100644 --- a/phpBB/includes/auth/auth_db.php +++ b/phpBB/includes/auth/auth_db.php @@ -90,7 +90,7 @@ function login_db($username, $password, $ip = '', $browser = '', $forwarded_for $attempt_data = array( 'attempt_ip' => $ip, - 'attempt_browser' => $browser, + 'attempt_browser' => trim(substr($browser, 0, 149)), 'attempt_forwarded_for' => $forwarded_for, 'attempt_time' => time(), 'user_id' => ($row) ? (int) $row['user_id'] : 0, -- cgit v1.2.1 From 48e5e56146bdf1b2b30556e8fb353e7aa20f7fb6 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Wed, 15 Jun 2011 19:41:14 +0200 Subject: [prep-release-3.0.9] Bumping version number for 3.0.9-RC2. --- phpBB/includes/constants.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index 9cde068773..a372b96017 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -25,7 +25,7 @@ if (!defined('IN_PHPBB')) */ // phpBB Version -define('PHPBB_VERSION', '3.0.9-RC1'); +define('PHPBB_VERSION', '3.0.9-RC2'); // QA-related // define('PHPBB_QA', 1); -- cgit v1.2.1 From 63b9b91dee9da85b68f4c4316a01be54d24fde9f Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Thu, 16 Jun 2011 16:02:34 +0200 Subject: [ticket/10221] Append unit (seconds) after input field, remove from explanation PHPBB3-10221 --- phpBB/includes/acp/acp_board.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index 9f00145f3b..d8ab42ed2d 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -387,7 +387,7 @@ class acp_board 'chg_passforce' => array('lang' => 'FORCE_PASS_CHANGE', 'validate' => 'int:0', 'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']), 'max_login_attempts' => array('lang' => 'MAX_LOGIN_ATTEMPTS', 'validate' => 'int:0', 'type' => 'text:3:3', 'explain' => true), 'ip_login_limit_max' => array('lang' => 'IP_LOGIN_LIMIT_MAX', 'validate' => 'int:0', 'type' => 'text:3:3', 'explain' => true), - 'ip_login_limit_time' => array('lang' => 'IP_LOGIN_LIMIT_TIME', 'validate' => 'int:0', 'type' => 'text:5:5', 'explain' => true), + 'ip_login_limit_time' => array('lang' => 'IP_LOGIN_LIMIT_TIME', 'validate' => 'int:0', 'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']), 'ip_login_limit_use_forwarded' => array('lang' => 'IP_LOGIN_LIMIT_USE_FORWARDED', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'tpl_allow_php' => array('lang' => 'TPL_ALLOW_PHP', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'form_token_lifetime' => array('lang' => 'FORM_TIME_MAX', 'validate' => 'int:-1', 'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']), -- cgit v1.2.1 From 8c01ed578da2a501b9ad1fc8541e3eb237d1b765 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Mon, 20 Jun 2011 00:03:20 +0200 Subject: [ticket/10234] Report E_WARNING errors as "PHP Warning" instead of "PHP Notice" PHPBB3-10234 --- phpBB/includes/functions.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index b8d9e0b92e..a89b47b170 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -3776,7 +3776,8 @@ function msg_handler($errno, $msg_text, $errfile, $errline) // remove complete path to installation, with the risk of changing backslashes meant to be there $errfile = str_replace(array(phpbb_realpath($phpbb_root_path), '\\'), array('', '/'), $errfile); $msg_text = str_replace(array(phpbb_realpath($phpbb_root_path), '\\'), array('', '/'), $msg_text); - echo '[phpBB Debug] PHP Notice: in file ' . $errfile . ' on line ' . $errline . ': ' . $msg_text . '
' . "\n"; + $error_name = ($errno === E_WARNING) ? 'PHP Warning' : 'PHP Notice'; + echo '[phpBB Debug] ' . $error_name . ': in file ' . $errfile . ' on line ' . $errline . ': ' . $msg_text . '
' . "\n"; // we are writing an image - the user won't see the debug, so let's place it in the log if (defined('IMAGE_OUTPUT') || defined('IN_CRON')) -- cgit v1.2.1 From 9f3b159998a2ffeb5476cd77e08c372a196360a4 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Mon, 20 Jun 2011 01:23:43 +0200 Subject: [ticket/7729] Prevent date/time functions from throwing E_WARNING on PHP 5.3. PHPBB3-7729 --- phpBB/includes/startup.php | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) (limited to 'phpBB/includes') diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php index be46c17ba6..ca9665da29 100644 --- a/phpBB/includes/startup.php +++ b/phpBB/includes/startup.php @@ -118,5 +118,33 @@ else define('STRIP', (get_magic_quotes_gpc()) ? true : false); } +// Prevent date/time functions from throwing E_WARNING on PHP 5.3 by setting a default timezone +if (function_exists('date_default_timezone_set') && function_exists('date_default_timezone_get')) +{ + // For PHP 5.1.0 the date/time functions have been rewritten + // and setting a timezone is required prior to calling any date/time function. + + // Since PHP 5.2.0 calls to date/time functions without having a timezone set + // result in E_STRICT errors being thrown. + // Note: We already exclude E_STRICT errors + // (to be exact: they are not included in E_ALL in PHP 5.2) + + // In PHP 5.3.0 the error level has been raised to E_WARNING which causes problems + // because we show E_WARNING errors and do not set a default timezone. + // This is because we have our own timezone handling and work in UTC only anyway. + + // So what we basically want to do is set our timezone to UTC, + // but we don't know what other scripts (such as bridges) are involved, + // so we check whether a timezone is already set by calling date_default_timezone_get(). + + // Unfortunately, date_default_timezone_get() itself might throw E_WARNING + // if no timezone has been set, so we have to keep it quiet with @. + + // date_default_timezone_get() tries to guess the correct timezone first + // and then falls back to UTC when everything fails. + // We just set the timezone to whatever date_default_timezone_get() returns. + date_default_timezone_set(@date_default_timezone_get()); +} + $starttime = explode(' ', microtime()); $starttime = $starttime[1] + $starttime[0]; -- cgit v1.2.1 From a5ef6c3b2070f45f88b9d5942cd974c9c26376c5 Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Sun, 26 Jun 2011 11:01:46 +0200 Subject: [ticket/10188] Prevent semi-compressed output When a non-fatal error occurs at the beginning of the script before any custom error handler is set one of two situations can be encountered: 1) if the ini option output buffer is disabled: - headers are sent to the http client - the error message is output 2) if the ini option output_buffer is enabled or the script is run within an ob_start()/ob_end() wrapper: - the error message is written to the output buffer Once the script reaches page_header() phpbb starts gzip compression if enabled. This is done through ob_start with a ob_gzhandler as a callback. The compression is skipped if headers have already been sent. In situation 1) the error message sent in plain text comes with headers and this gzip compression is skipped. The client receives a plaintext version of the page. However in situation 2) headers have not been sent yet and the rest of the page will be compressed. The result is a plaintext error message followed by compressed output. The client does not understand this output resulting in either an error message or simply a blank page in the browser. In addition to the above situation this problem occurs with errors that are triggered after the custom error handler is loaded. The problem has been noticed before, and a workaround was found. The error handler would call ob_flush() for particular configuration settings before outputting the error message. This resulted in headers being sent when output buffering was enabled thus disabling gzip compression for the rest of the page. The constraints under which ob_flush() was called were lessened over time whenever a new case was found that would trigger this problem. Eventually ob_flush() would be called even when code causing an E_NOTICE was simply run within an ob_start/ob_end. This makes it impossible to use output buffering to retrieve the content of an error message without prohibiting the page from setting headers afterwards. This commit removes all flushing in msg_handler completely and instead fixes the problem for both errors before and after the error handler is registered. GZIP compression is only enabled if there is at most one level of output buffering (e.g. the output_buffer php.ini option is enabled) and if there has not yet been any output in this buffer. This should avoid any partial output compression. PHPBB3-10188 --- phpBB/includes/functions.php | 31 +++++++++++++++---------------- 1 file changed, 15 insertions(+), 16 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index a89b47b170..d05cccc440 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -3758,21 +3758,6 @@ function msg_handler($errno, $msg_text, $errfile, $errline) if (strpos($errfile, 'cache') === false && strpos($errfile, 'template.') === false) { - // flush the content, else we get a white page if output buffering is on - if (ob_get_level() > 0) - { - @ob_flush(); - } - - // Another quick fix for those having gzip compression enabled, but do not flush if the coder wants to catch "something". ;) - if (!empty($config['gzip_compress'])) - { - if (@extension_loaded('zlib') && !headers_sent() && !ob_get_level()) - { - @ob_flush(); - } - } - // remove complete path to installation, with the risk of changing backslashes meant to be there $errfile = str_replace(array(phpbb_realpath($phpbb_root_path), '\\'), array('', '/'), $errfile); $msg_text = str_replace(array(phpbb_realpath($phpbb_root_path), '\\'), array('', '/'), $msg_text); @@ -4332,7 +4317,21 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0 // gzip_compression if ($config['gzip_compress']) { - if (@extension_loaded('zlib') && !headers_sent()) + // to avoid partially compressed output resulting in blank pages in + // the browser or error messages, compression is disabled in a few cases: + // + // 1) if headers have already been sent, this indicates plaintext output + // has been started so further content must not be compressed + // 2) the length of the current output buffer is non-zero. This means + // there is already some uncompressed content in this output buffer + // so further output must not be compressed + // 3) if more than one level of output buffering is used because we + // cannot test all output buffer level content lengths. One level + // could be caused by php.ini output_buffering. Anything + // beyond that is manual, so the code wrapping phpBB in output buffering + // can easily compress the output itself. + // + if (@extension_loaded('zlib') && !headers_sent() && ob_get_level() <= 1 && ob_get_length() == 0) { ob_start('ob_gzhandler'); } -- cgit v1.2.1 From fe0932fdf02a45be914414eca586add1c083cbee Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Sun, 26 Jun 2011 20:47:33 +0200 Subject: [prep-release-3.0.9] Bumping version number for 3.0.9-RC3. --- phpBB/includes/constants.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index a372b96017..2f485fb4d7 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -25,7 +25,7 @@ if (!defined('IN_PHPBB')) */ // phpBB Version -define('PHPBB_VERSION', '3.0.9-RC2'); +define('PHPBB_VERSION', '3.0.9-RC3'); // QA-related // define('PHPBB_QA', 1); -- cgit v1.2.1 From d8ac2cc5f0c253842185506b174a8355dfd5f3fb Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Tue, 5 Jul 2011 00:40:45 +0200 Subject: [prep-release-3.0.9] Bumping version number for the final 3.0.9 release. --- phpBB/includes/constants.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index 2f485fb4d7..3940888216 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -25,7 +25,7 @@ if (!defined('IN_PHPBB')) */ // phpBB Version -define('PHPBB_VERSION', '3.0.9-RC3'); +define('PHPBB_VERSION', '3.0.9'); // QA-related // define('PHPBB_QA', 1); -- cgit v1.2.1 From 0d602e1722a0a75f2f4a9ab90eeeb2a47042417f Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Mon, 4 Jul 2011 19:57:54 -0400 Subject: [ticket/10247] Use COUNT(*) instead of COUNT(attempt_id) attempt_id column was deleted PHPBB3-10247 --- phpBB/includes/auth/auth_db.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/auth/auth_db.php b/phpBB/includes/auth/auth_db.php index 018d5cce70..6ca69d9174 100644 --- a/phpBB/includes/auth/auth_db.php +++ b/phpBB/includes/auth/auth_db.php @@ -72,7 +72,7 @@ function login_db($username, $password, $ip = '', $browser = '', $forwarded_for if (($ip && !$config['ip_login_limit_use_forwarded']) || ($forwarded_for && $config['ip_login_limit_use_forwarded'])) { - $sql = 'SELECT COUNT(attempt_id) AS attempts + $sql = 'SELECT COUNT(*) AS attempts FROM ' . LOGIN_ATTEMPT_TABLE . ' WHERE attempt_time > ' . (time() - (int) $config['ip_login_limit_time']); if ($config['ip_login_limit_use_forwarded']) -- cgit v1.2.1 From f610f44a4e23eef8ed7698a32b10bc28789bdf00 Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Tue, 5 Jul 2011 19:09:09 -0400 Subject: [ticket/10250] Overwrite the site_logo width&height when the phpbb logo is used The new logo is slightly wider than the old logo. If we changed the size in the imageset.cfg we would cause a conflict for everyone who replaced the logo with their own and modified the size. Instead we overwrite the width and height in the img() function in session.php only if its contents are that of the stock phpbb logo. PHPBB3-10250 --- phpBB/includes/session.php | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 7ef6e02a8d..f509957f96 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -2272,9 +2272,36 @@ class user extends session // Use URL if told so $root_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? generate_board_url() . '/' : $phpbb_root_path; - $img_data['src'] = $root_path . 'styles/' . rawurlencode($this->theme['imageset_path']) . '/imageset/' . ($this->img_array[$img]['image_lang'] ? $this->img_array[$img]['image_lang'] .'/' : '') . $this->img_array[$img]['image_filename']; + $path = 'styles/' . rawurlencode($this->theme['imageset_path']) . '/imageset/' . ($this->img_array[$img]['image_lang'] ? $this->img_array[$img]['image_lang'] .'/' : '') . $this->img_array[$img]['image_filename']; + + $img_data['src'] = $root_path . $path; $img_data['width'] = $this->img_array[$img]['image_width']; $img_data['height'] = $this->img_array[$img]['image_height']; + + // We overwrite the width and height to the phpbb logo's width + // and height here if the contents of the site_logo file are + // really equal to the phpbb_logo + // This allows us to change the dimensions of the phpbb_logo without + // modifying the imageset.cfg and causing a conflict for everyone + // who modified it for their custom logo on updating + if ($img == 'site_logo' && file_exists($phpbb_root_path . $path)) + { + global $cache; + + if (($img_file_hash = $cache->get('imageset_site_logo_md5')) === false) + { + $img_file_hash = md5(file_get_contents($phpbb_root_path . $path)); + $cache->put('imageset_site_logo_md5', $img_file_hash); + } + + $phpbb_logo_hash = '0c461a32cd3621643105f0d02a772c10'; + + if ($phpbb_logo_hash == $img_file_hash) + { + $img_data['width'] = '149'; + $img_data['height'] = '52'; + } + } } $alt = (!empty($this->lang[$alt])) ? $this->lang[$alt] : $alt; -- cgit v1.2.1 From 8ec737e9c4d36711b09250df72492a8f89e7bfb1 Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Tue, 5 Jul 2011 19:38:15 -0400 Subject: [ticket/10250] Destroy cached md5 hash of site_logo on refreshing an imageset PHPBB3-10250 --- phpBB/includes/acp/acp_styles.php | 1 + 1 file changed, 1 insertion(+) (limited to 'phpBB/includes') diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php index 37cf8d1f72..3bc8c86500 100644 --- a/phpBB/includes/acp/acp_styles.php +++ b/phpBB/includes/acp/acp_styles.php @@ -510,6 +510,7 @@ parse_css_file = {PARSE_CSS_FILE} $db->sql_transaction('commit'); $cache->destroy('sql', STYLES_IMAGESET_DATA_TABLE); + $cache->destroy('imageset_site_logo_md5'); add_log('admin', 'LOG_IMAGESET_REFRESHED', $imageset_row['imageset_name']); trigger_error($user->lang['IMAGESET_REFRESHED'] . adm_back_link($this->u_action)); -- cgit v1.2.1 From b261a1a31ae8500cc090d412ed569123ae3cb9ca Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Wed, 6 Jul 2011 17:53:57 -0400 Subject: [ticket/10250] The site_logo hash is different depending on imageset & language PHPBB3-10250 --- phpBB/includes/session.php | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index f509957f96..e9e706e2b8 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -2288,15 +2288,23 @@ class user extends session { global $cache; - if (($img_file_hash = $cache->get('imageset_site_logo_md5')) === false) + $img_file_hashes = $cache->get('imageset_site_logo_md5'); + + if ($img_file_hashes === false) + { + $img_file_hashes = array(); + } + + $key = $this->theme['imageset_path'] . '::' . $this->img_array[$img]['image_lang']; + if (!isset($img_file_hashes[$key])) { - $img_file_hash = md5(file_get_contents($phpbb_root_path . $path)); - $cache->put('imageset_site_logo_md5', $img_file_hash); + $img_file_hashes[$key] = md5(file_get_contents($phpbb_root_path . $path)); + $cache->put('imageset_site_logo_md5', $img_file_hashes); } $phpbb_logo_hash = '0c461a32cd3621643105f0d02a772c10'; - if ($phpbb_logo_hash == $img_file_hash) + if ($phpbb_logo_hash == $img_file_hashes[$key]) { $img_data['width'] = '149'; $img_data['height'] = '52'; -- cgit v1.2.1 From a275d17625325e0353b67fabf5a9b0c4fb35877e Mon Sep 17 00:00:00 2001 From: Yuriy Rusko Date: Wed, 6 Jul 2011 20:38:02 -0400 Subject: [ticket/9859] Changing all phpBB footers to match the new credit line PHPBB3-9859 --- phpBB/includes/db/dbal.php | 2 +- phpBB/includes/functions.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/db/dbal.php b/phpBB/includes/db/dbal.php index 2f9619c8ea..9b45c085a2 100644 --- a/phpBB/includes/db/dbal.php +++ b/phpBB/includes/db/dbal.php @@ -777,7 +777,7 @@ class dbal
- Powered by phpBB © phpBB Group + Powered by phpBB® Forum Software © phpBB Group
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index d05cccc440..b1c1c14d0c 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -3851,7 +3851,7 @@ function msg_handler($errno, $msg_text, $errfile, $errline) echo ' '; echo ' '; echo '
'; - echo ' Powered by phpBB © phpBB Group'; + echo ' Powered by phpBB® Forum Software © phpBB Group'; echo '
'; echo ''; echo ''; -- cgit v1.2.1 From 787245a113bc8a4d99050414fd06662c60cc2e57 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Thu, 7 Jul 2011 20:19:11 +0200 Subject: [prep-release-3.0.9] Decreasing version for an RC4 release. --- phpBB/includes/constants.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index 3940888216..a139ecc554 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -25,7 +25,7 @@ if (!defined('IN_PHPBB')) */ // phpBB Version -define('PHPBB_VERSION', '3.0.9'); +define('PHPBB_VERSION', '3.0.9-RC4'); // QA-related // define('PHPBB_QA', 1); -- cgit v1.2.1 From e6572b766f7fd5f8547b28fd52d25e4a96cfc2cd Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Sun, 10 Jul 2011 22:36:17 +0200 Subject: [prep-release-3.0.9] Bumping version number for 3.0.9 final. --- phpBB/includes/constants.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes') diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index a139ecc554..3940888216 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -25,7 +25,7 @@ if (!defined('IN_PHPBB')) */ // phpBB Version -define('PHPBB_VERSION', '3.0.9-RC4'); +define('PHPBB_VERSION', '3.0.9'); // QA-related // define('PHPBB_QA', 1); -- cgit v1.2.1