body {
font: 12px;
}
/* ====== Title page ====== */
div.book > div.titlepage h1 {
text-align: center;
color: #f09100;
font-size: 200%;
}
div.book > div.titlepage h2.subtitle {
font-style: normal;
text-align: center;
}
/* ====== Titles ====== */
div.titlepage {
font-family: sans-serif;
}
div.titlepage h2, div.titlepage h3, div.titlepage h4,
div.titlepage h5, div.titlepage h6 {
font-style: italic;
}
div.chapter div.titlepage h2,
div.appendix div.titlepage h2,
div.preface div.titlepage h2 {
font-size: 180%;
color: #f09100;
}
#content div.section div.titlepage h2 {
font-size: 160%;
color: #656567;
}
div.section div.titlepage h3 {
font-size: 140%;
color: #656567;
}
div.section div.titlepage h4 {
font-size: 120%;
color: #656567;
}
div.section div.titlepage h5 {
font-size: 100%;
color: #656567;
}
div.section div.titlepage h6 {
font-size: 100%;
color: #656567;
}
#content h1, #content h2, #content h3, #content h4, #content h5, #content h6 {
margin-top: 16px;
}
#content h1, #content h2 {
color: #f09100;
font-family: sans-serif;
}
/* ====== Header, Footer ====== */
#header {
background: none;
}
#navheader {
position: static;
float: left;
padding-top: 13px;
}
#headerlogo {
float: right;
padding: 5px 5px 0px 0px;
}
#headerlogo img {
height: 50px;
}
#pagetitle {
padding-top: 6px;
font: bold 12px sans-serif;
color: #656567;
text-align: center;
}
.navfooter a, #navheader a {
color: #d07100;
}
/* ====== Tree ====== */
.treeview .hover {
color: #d07100;
}
/* ====== TOCs ====== */
.toc > p, .list-of-figures > p, .list-of-tables > p, .list-of-examples > p {
font-size: 120%;
color: #f09100;
font-family: sans-serif;
font-style: italic;
}
#content .toc > p, #content .list-of-figures > p, #content .list-of-tables > p,
#content .list-of-examples > p {
font-size: 120%;
color: #f09100;
font-family: sans-serif;
font-style: italic;
}
.toc a:visited, .list-of-figures a:visited, .list-of-tables a:visited,
.list-of-examples a:visited {
color: #555557;
font-family: sans-serif;
}
.toc a:link, .list-of-figures a:link, .list-of-tables a:link,
.list-of-examples a:link {
color: #252527;
font-family: sans-serif;
}
/* ====== Content ====== */
#content p, #content ul, #content ol, #content li {
font: 12px serif;
}
li p {
margin: 4px 0px 4px 0px;
}
div.revhistory table {
border-collapse: collapse;
}
div.revhistory th {
text-align: center;
}
.programlisting {
background-color: #eeeeee;
padding: 4px;
}
.screen {
background-color: #000000;
color: #ffffff;
padding: 4px;
}
.informaltable, .table {
margin-bottom: 12px;
}
.informaltable table, .table table {
border-collapse: collapse;
}
.informaltable th, .table th,
.informaltable td, .table td {
padding: 5px;
}
.informaltable th, .table th {
background-color: #eeeeee;
font-family: sans-serif;
}
.informaltable th p, .table th p,
.informaltable td p, .table td p {
margin: 2px 0px 2px 0px;
}
.note, .tip, .important, .warning, .caution {
border-top: 2px solid #CCCCCC;
border-bottom: 2px solid #CCCCCC;
padding-top: 6px;
padding-bottom: 6px;
margin: 12px 0px 12px 0px;
}
.admon-content p {
margin: 0px 0px 6px 0px;
}
#content dt {
font-family: sans-serif;
}
span.term {
font-weight: bold;
font-size: 90%;
}
div.mediaobject {
margin-bottom: 12px;
text-align: center;
}
#content img {
max-width: 95%;
}
/* == Formal Titles == */
#content p.title, #content p.legalnotice-title {
font-family: sans-serif;
font-size: 85%;
}
#content p.legalnotice-title {
color: #f09100;
}
div.figure {
text-align: center;
}
#content div.figure p.title {
font-style: italic;
}
d='n26' href='#n26'>26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
<?php
/**
*
* @package phpBB3
* @copyright (c) 2009, 2010 phpBB Group
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
*
* This script will check your database for potentially dangerous flash BBCode tags
*
*/
//
// Security message:
//
// This script is potentially dangerous.
// Remove or comment the next line (die(".... ) to enable this script.
// Do NOT FORGET to either remove this script or disable it after you have used it.
//
die("Please read the first lines of this script for instructions on how to enable it\n");
/**
*/
define('IN_PHPBB', true);
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);
if (php_sapi_name() != 'cli')
{
header('Content-Type: text/plain');
}
check_table_flash_bbcodes(POSTS_TABLE, 'post_id', 'post_text', 'bbcode_uid', 'bbcode_bitfield');
check_table_flash_bbcodes(PRIVMSGS_TABLE, 'msg_id', 'message_text', 'bbcode_uid', 'bbcode_bitfield');
check_table_flash_bbcodes(USERS_TABLE, 'user_id', 'user_sig', 'user_sig_bbcode_uid', 'user_sig_bbcode_bitfield');
check_table_flash_bbcodes(FORUMS_TABLE, 'forum_id', 'forum_desc', 'forum_desc_uid', 'forum_desc_bitfield');
check_table_flash_bbcodes(FORUMS_TABLE, 'forum_id', 'forum_rules', 'forum_rules_uid', 'forum_rules_bitfield');
check_table_flash_bbcodes(GROUPS_TABLE, 'group_id', 'group_desc', 'group_desc_uid', 'group_desc_bitfield');
echo "If potentially dangerous flash bbcodes were found, please reparse the posts using the Support Toolkit (http://www.phpbb.com/support/stk/) and/or file a ticket in the Incident Tracker (http://www.phpbb.com/incidents/).\n";
function check_table_flash_bbcodes($table_name, $id_field, $content_field, $uid_field, $bitfield_field)
{
echo "Checking $content_field on $table_name\n";
$ids = get_table_flash_bbcode_pkids($table_name, $id_field, $content_field, $uid_field, $bitfield_field);
$size = sizeof($ids);
if ($size)
{
echo "Found $size potentially dangerous flash bbcodes.\n";
echo "$id_field: " . implode(', ', $ids) . "\n";
}
else
{
echo "No potentially dangerous flash bbcodes found.\n";
}
echo "\n";
}
function get_table_flash_bbcode_pkids($table_name, $id_field, $content_field, $uid_field, $bitfield_field)
{
global $db;
$ids = array();
$sql = "SELECT $id_field, $content_field, $uid_field, $bitfield_field
FROM $table_name
WHERE $content_field LIKE '%[/flash:%'
AND $bitfield_field <> ''";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
$uid = $row[$uid_field];
// thanks support toolkit
$content = html_entity_decode_utf8($row[$content_field]);
set_var($content, $content, 'string', true);
$content = utf8_normalize_nfc($content);
$bitfield_data = $row[$bitfield_field];
if (!is_valid_flash_bbcode($content, $uid) && has_flash_enabled($bitfield_data))
{
$ids[] = (int) $row[$id_field];
}
}
$db->sql_freeresult($result);
return $ids;
}
function get_flash_regex($uid)
{
return "#\[flash=([0-9]+),([0-9]+):$uid\](.*?)\[/flash:$uid\]#";
}
// extract all valid flash bbcodes
// check if the bbcode content is a valid URL for each match
function is_valid_flash_bbcode($cleaned_content, $uid)
{
$regex = get_flash_regex($uid);
$url_regex = get_preg_expression('url');
$www_url_regex = get_preg_expression('www_url');
if (preg_match_all($regex, $cleaned_content, $matches))
{
foreach ($matches[3] as $flash_url)
{
if (!preg_match("#^($url_regex|$www_url_regex)$#i", $flash_url))
{
return false;
}
}
}
return true;
}
// check if a bitfield includes flash
// 11 = flash bit
function has_flash_enabled($bitfield_data)
{
$bitfield = new bitfield($bitfield_data);
return $bitfield->get(11);
}
// taken from support toolkit
function html_entity_decode_utf8($string)
{
static $trans_tbl;
// replace numeric entities
$string = preg_replace('~&#x([0-9a-f]+);~ei', 'code2utf8(hexdec("\\1"))', $string);
$string = preg_replace('~&#([0-9]+);~e', 'code2utf8(\\1)', $string);
// replace literal entities
if (!isset($trans_tbl))
{
$trans_tbl = array();
foreach (get_html_translation_table(HTML_ENTITIES) as $val=>$key)
$trans_tbl[$key] = utf8_encode($val);
}
return strtr($string, $trans_tbl);
}
// taken from support toolkit
// Returns the utf string corresponding to the unicode value (from php.net, courtesy - romans@void.lv)
function code2utf8($num)
{
if ($num < 128) return chr($num);
if ($num < 2048) return chr(($num >> 6) + 192) . chr(($num & 63) + 128);
if ($num < 65536) return chr(($num >> 12) + 224) . chr((($num >> 6) & 63) + 128) . chr(($num & 63) + 128);
if ($num < 2097152) return chr(($num >> 18) + 240) . chr((($num >> 12) & 63) + 128) . chr((($num >> 6) & 63) + 128) . chr(($num & 63) + 128);
return '';
}
|