From 4349bec316e93ed6feac3ad7e56e54b6320aa960 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Sat, 13 Mar 2010 11:37:06 +0100 Subject: [bug/59135] Fix open_basedir issues when accessing styles- and language-management. (Bug #59135) introduced in r10496 and r10360/r10361 --- phpBB/docs/CHANGELOG.html | 1 + phpBB/includes/acp/acp_language.php | 4 ++-- phpBB/includes/acp/acp_styles.php | 4 ++-- 3 files changed, 5 insertions(+), 4 deletions(-) (limited to 'phpBB') diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index 7b8d8f63f2..e6cefc15c4 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -103,6 +103,7 @@
  • [Fix] Allow multibyte keys in request_var(). (Bug #51555)
  • [Fix] Prevent wrong tar archive type detection. (Bug #12531)
  • [Fix] Correct redirection after login to forum not in web root (Bug #58755)
    • +
  • [Fix] Fix open_basedir issues when accessing styles- and language-management. (Bug #59135)
  • [Feature] Support for Microsoft's Native SQL Server Driver for PHP (Bug #57055 - Patch by Chris Pucci at Microsoft)
    • diff --git a/phpBB/includes/acp/acp_language.php b/phpBB/includes/acp/acp_language.php index fedae6fe67..c2cb2f9c11 100644 --- a/phpBB/includes/acp/acp_language.php +++ b/phpBB/includes/acp/acp_language.php @@ -1120,12 +1120,12 @@ class acp_language { while (($file = readdir($dp)) !== false) { - if (!is_dir($phpbb_root_path . 'language/' . $file)) + if ($file[0] == '.' || !is_dir($phpbb_root_path . 'language/' . $file)) { continue; } - if ($file[0] != '.' && file_exists("{$phpbb_root_path}language/$file/iso.txt")) + if (file_exists("{$phpbb_root_path}language/$file/iso.txt")) { if (!in_array($file, $installed)) { diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php index d2a0f9210f..3310560c73 100644 --- a/phpBB/includes/acp/acp_styles.php +++ b/phpBB/includes/acp/acp_styles.php @@ -643,13 +643,13 @@ parse_css_file = {PARSE_CSS_FILE} { while (($file = readdir($dp)) !== false) { - if (!is_dir($phpbb_root_path . 'styles/' . $file)) + if ($file[0] == '.' || !is_dir($phpbb_root_path . 'styles/' . $file)) { continue; } $subpath = ($mode != 'style') ? "$mode/" : ''; - if ($file[0] != '.' && file_exists("{$phpbb_root_path}styles/$file/$subpath$mode.cfg")) + if (file_exists("{$phpbb_root_path}styles/$file/$subpath$mode.cfg")) { if ($cfg = file("{$phpbb_root_path}styles/$file/$subpath$mode.cfg")) { -- cgit v1.2.1 From 6cfb4c82dd4f81cade9b75fb730ebe8c2343b709 Mon Sep 17 00:00:00 2001 From: "U-H-PC\\H" Date: Sun, 28 Mar 2010 14:17:42 +0200 Subject: [bug/58465] The redirect hidden field is now XHTML conform The result of build_url was falsely un-entitized. --- phpBB/docs/CHANGELOG.html | 1 + phpBB/includes/functions.php | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'phpBB') diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index 08f8be32fd..fabf2dad4f 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -105,6 +105,7 @@
  • [Fix] Correct redirection after login to forum not in web root (Bug #58755)
  • [Fix] Allow setting parent forums regardless of permission settings. (Bug #57415)
  • [Fix] Redirect search engines that access pages with SIDs in the URL. (Bug #58025)
    • +
  • [Fix] Fix incorrect ampersand encoding in redirect parameter. (Bug #58465)
  • [Feature] Support for Microsoft's Native SQL Server Driver for PHP (Bug #57055 - Patch by Chris Pucci at Microsoft)
  • [Feature] The memcache acm plugin now supports multiple memcache servers.
    • diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 5878c1977d..4f52c7c2ce 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -4257,7 +4257,7 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0 'S_TOPIC_ID' => $topic_id, 'S_LOGIN_ACTION' => ((!defined('ADMIN_START')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=login') : append_sid("index.$phpEx", false, true, $user->session_id)), - 'S_LOGIN_REDIRECT' => build_hidden_fields(array('redirect' => str_replace('&', '&', build_url()))), + 'S_LOGIN_REDIRECT' => build_hidden_fields(array('redirect' => build_url())), 'S_ENABLE_FEEDS' => ($config['feed_enable']) ? true : false, 'S_ENABLE_FEEDS_OVERALL' => ($config['feed_overall']) ? true : false, -- cgit v1.2.1 From 9be61f9e53fef972e8f3b37186050814a9488790 Mon Sep 17 00:00:00 2001 From: "U-H-PC\\H" Date: Sun, 28 Mar 2010 14:37:31 +0200 Subject: [bug/59425] Correctly check for double inclusion in captcha garbage collection The check to avoid the double inclusion of the captcha factory class in the garbage collection code was faulty, checking for "captcha_factory" instead of "phpbb_captcha_factory". TerryE pointed the problem out, thanks! --- phpBB/docs/CHANGELOG.html | 1 + phpBB/includes/session.php | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'phpBB') diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index 08f8be32fd..1cdbe310e8 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -101,6 +101,7 @@
  • [Fix] Minor language fixes. (Bug #54855)
  • [Fix] Parsing urls in signatures properly uses config settings. (Bug #57105)
  • [Fix] Allow multibyte keys in request_var(). (Bug #51555)
    • +
  • [Fix] Fix inclusion check for captcha garbage collection (Bug #59425)
  • [Fix] Prevent wrong tar archive type detection. (Bug #12531)
  • [Fix] Correct redirection after login to forum not in web root (Bug #58755)
  • [Fix] Allow setting parent forums regardless of permission settings. (Bug #57415)
    • diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 8beb0161f9..0a01b4e73b 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -983,7 +983,7 @@ class session } // only called from CRON; should be a safe workaround until the infrastructure gets going - if (!class_exists('captcha_factory')) + if (!class_exists('phpbb_captcha_factory')) { include($phpbb_root_path . "includes/captcha/captcha_factory." . $phpEx); } -- cgit v1.2.1 From 2b696cc632b917c4d49330966ddb1dee639a22fe Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Thu, 1 Apr 2010 13:11:18 +0200 Subject: [bug/9108] Fix table binding issues with PostgreSQL in board-wide feed. (Old Bug #58425) The order in the FROM clause is important. The posts table has to be the last one in the chain, so it can be correctly bound with the forums table in the LEFT JOIN. This only affects the overall feed (board-wide feed). All the other feeds are unaffected. --- phpBB/docs/CHANGELOG.html | 1 + phpBB/feed.php | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'phpBB') diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index 5e6a0dbd86..e9b0f3804f 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -107,6 +107,7 @@
  • [Fix] Allow setting parent forums regardless of permission settings. (Bug #57415)
  • [Fix] Redirect search engines that access pages with SIDs in the URL. (Bug #58025)
  • [Fix] Fix incorrect ampersand encoding in redirect parameter. (Bug #58465)
    • +
  • [Fix] Fix table binding issues with PostgreSQL in board-wide feed. (Bug #58425)
  • [Feature] Support for Microsoft's Native SQL Server Driver for PHP (Bug #57055 - Patch by Chris Pucci at Microsoft)
  • [Feature] The memcache acm plugin now supports multiple memcache servers.
    • diff --git a/phpBB/feed.php b/phpBB/feed.php index a42aa42a7f..4ce983a967 100644 --- a/phpBB/feed.php +++ b/phpBB/feed.php @@ -783,8 +783,8 @@ class phpbb_feed_overall extends phpbb_feed_post_base 'p.post_id, p.topic_id, p.post_time, p.post_subject, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url, ' . 'u.username, u.user_id', 'FROM' => array( - POSTS_TABLE => 'p', USERS_TABLE => 'u', + POSTS_TABLE => 'p', ), 'LEFT_JOIN' => array( array( -- cgit v1.2.1